diff --git a/examples/go.mod b/examples/go.mod index 2bdc9e794c..edc5ecdcfb 100644 --- a/examples/go.mod +++ b/examples/go.mod @@ -6,7 +6,7 @@ require ( github.com/pulumi/pulumi-gcp/sdk/v6 v6.67.0 github.com/pulumi/pulumi-gcp/sdk/v8 v8.0.0-00010101000000-000000000000 github.com/pulumi/pulumi/pkg/v3 v3.140.0 - github.com/pulumi/pulumi/sdk/v3 v3.140.0 + github.com/pulumi/pulumi/sdk/v3 v3.141.0 github.com/stretchr/testify v1.9.0 ) @@ -184,3 +184,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect lukechampine.com/frand v1.4.2 // indirect ) + +replace github.com/pulumi/pulumi/pkg/v3 => github.com/pulumi/pulumi/pkg/v3 v3.141.1-0.20241125062751-f12cea2e6d34 + +replace github.com/pulumi/pulumi/sdk/v3 => github.com/pulumi/pulumi/sdk/v3 v3.141.1-0.20241125062751-f12cea2e6d34 diff --git a/examples/go.sum b/examples/go.sum index e5000aee43..664ca941bc 100644 --- a/examples/go.sum +++ b/examples/go.sum @@ -346,10 +346,10 @@ github.com/pulumi/esc v0.10.0 h1:jzBKzkLVW0mePeanDRfqSQoCJ5yrkux0jIwAkUxpRKE= github.com/pulumi/esc v0.10.0/go.mod h1:2Bfa+FWj/xl8CKqRTWbWgDX0SOD4opdQgvYSURTGK2c= github.com/pulumi/pulumi-gcp/sdk/v6 v6.67.0 h1:toKDTQrGp11iU3FQsxqFN+1fgxx4GQFvsmLbUe9++B8= github.com/pulumi/pulumi-gcp/sdk/v6 v6.67.0/go.mod h1:0H6CtMuOB754n2Yzu6XqHqeU99fmH/fsBUKLsMic2OY= -github.com/pulumi/pulumi/pkg/v3 v3.140.0 h1:/bvHa19HY/6qHWvuAOVII8qr72MDGGczBWlPYlPo3j0= -github.com/pulumi/pulumi/pkg/v3 v3.140.0/go.mod h1:rcTtSyisd7BzZTugNk/s9zlYgX9S0S10+pha3Tko6yM= -github.com/pulumi/pulumi/sdk/v3 v3.140.0 h1:+Z/RBvdYg7tBNkBwk4p/FzlV7niBT3TbLAICq/Y0LDU= -github.com/pulumi/pulumi/sdk/v3 v3.140.0/go.mod h1:PvKsX88co8XuwuPdzolMvew5lZV+4JmZfkeSjj7A6dI= +github.com/pulumi/pulumi/pkg/v3 v3.141.1-0.20241125062751-f12cea2e6d34 h1:h08d64wfnf7yzbg8Nt5k0yKpSRn25Ce0RfhBEXPN07w= +github.com/pulumi/pulumi/pkg/v3 v3.141.1-0.20241125062751-f12cea2e6d34/go.mod h1:JZeSWa/JxveTIabsVqwPLlsD+WqX7Zv2XmHs3McBOGw= +github.com/pulumi/pulumi/sdk/v3 v3.141.1-0.20241125062751-f12cea2e6d34 h1:NxL0QhDBJrhAuLRZzqGnJj0mzv/slJLrlnNGftUxV9g= +github.com/pulumi/pulumi/sdk/v3 v3.141.1-0.20241125062751-f12cea2e6d34/go.mod h1:PvKsX88co8XuwuPdzolMvew5lZV+4JmZfkeSjj7A6dI= github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis= diff --git a/provider/cmd/pulumi-resource-gcp/schema.json b/provider/cmd/pulumi-resource-gcp/schema.json index 7a53c2c54f..abe2f0c15e 100644 --- a/provider/cmd/pulumi-resource-gcp/schema.json +++ b/provider/cmd/pulumi-resource-gcp/schema.json @@ -127056,7 +127056,7 @@ } }, "gcp:accesscontextmanager/accessPolicyIamBinding:AccessPolicyIamBinding": { - "description": "Three different resources help you manage your IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy. Each of these resources serves a different use case:\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Authoritative. Sets the IAM policy for the accesspolicy and replaces any existing policy already attached.\n* `gcp.accesscontextmanager.AccessPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the accesspolicy are preserved.\n* `gcp.accesscontextmanager.AccessPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the accesspolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Retrieves the IAM policy for the accesspolicy\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamPolicy` **cannot** be used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamBinding` and `gcp.accesscontextmanager.AccessPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamBinding` resources **can be** used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.accesscontextmanager.AccessPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\", {\n name: access_policy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/accesscontextmanager.policyAdmin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\",\n name=access_policy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.AccessContextManager.AccessPolicyIamPolicy(\"policy\", new()\n {\n Name = access_policy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/accesscontextmanager.policyAdmin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewAccessPolicyIamPolicy(ctx, \"policy\", \u0026accesscontextmanager.AccessPolicyIamPolicyArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicy;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AccessPolicyIamPolicy(\"policy\", AccessPolicyIamPolicyArgs.builder()\n .name(access_policy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:accesscontextmanager:AccessPolicyIamPolicy\n properties:\n name: ${[\"access-policy\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.accesscontextmanager.AccessPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.AccessContextManager.AccessPolicyIamBinding(\"binding\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamBinding(ctx, \"binding\", \u0026accesscontextmanager.AccessPolicyIamBindingArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBinding;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AccessPolicyIamBinding(\"binding\", AccessPolicyIamBindingArgs.builder()\n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:accesscontextmanager:AccessPolicyIamBinding\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.accesscontextmanager.AccessPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.accesscontextmanager.AccessPolicyIamMember(\"member\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.accesscontextmanager.AccessPolicyIamMember(\"member\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.AccessContextManager.AccessPolicyIamMember(\"member\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamMember(ctx, \"member\", \u0026accesscontextmanager.AccessPolicyIamMemberArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMember;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AccessPolicyIamMember(\"member\", AccessPolicyIamMemberArgs.builder()\n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:accesscontextmanager:AccessPolicyIamMember\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy\nThree different resources help you manage your IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy. Each of these resources serves a different use case:\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Authoritative. Sets the IAM policy for the accesspolicy and replaces any existing policy already attached.\n* `gcp.accesscontextmanager.AccessPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the accesspolicy are preserved.\n* `gcp.accesscontextmanager.AccessPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the accesspolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Retrieves the IAM policy for the accesspolicy\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamPolicy` **cannot** be used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamBinding` and `gcp.accesscontextmanager.AccessPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamBinding` resources **can be** used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.accesscontextmanager.AccessPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\", {\n name: access_policy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/accesscontextmanager.policyAdmin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\",\n name=access_policy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.AccessContextManager.AccessPolicyIamPolicy(\"policy\", new()\n {\n Name = access_policy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/accesscontextmanager.policyAdmin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewAccessPolicyIamPolicy(ctx, \"policy\", \u0026accesscontextmanager.AccessPolicyIamPolicyArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicy;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AccessPolicyIamPolicy(\"policy\", AccessPolicyIamPolicyArgs.builder()\n .name(access_policy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:accesscontextmanager:AccessPolicyIamPolicy\n properties:\n name: ${[\"access-policy\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.accesscontextmanager.AccessPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.AccessContextManager.AccessPolicyIamBinding(\"binding\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamBinding(ctx, \"binding\", \u0026accesscontextmanager.AccessPolicyIamBindingArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBinding;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AccessPolicyIamBinding(\"binding\", AccessPolicyIamBindingArgs.builder()\n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:accesscontextmanager:AccessPolicyIamBinding\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.accesscontextmanager.AccessPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.accesscontextmanager.AccessPolicyIamMember(\"member\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.accesscontextmanager.AccessPolicyIamMember(\"member\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.AccessContextManager.AccessPolicyIamMember(\"member\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamMember(ctx, \"member\", \u0026accesscontextmanager.AccessPolicyIamMemberArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMember;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AccessPolicyIamMember(\"member\", AccessPolicyIamMemberArgs.builder()\n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:accesscontextmanager:AccessPolicyIamMember\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* accessPolicies/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAccess Context Manager (VPC Service Controls) accesspolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamBinding:AccessPolicyIamBinding editor \"accessPolicies/{{access_policy}} roles/accesscontextmanager.policyAdmin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamBinding:AccessPolicyIamBinding editor \"accessPolicies/{{access_policy}} roles/accesscontextmanager.policyAdmin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamBinding:AccessPolicyIamBinding editor accessPolicies/{{access_policy}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy. Each of these resources serves a different use case:\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Authoritative. Sets the IAM policy for the accesspolicy and replaces any existing policy already attached.\n* `gcp.accesscontextmanager.AccessPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the accesspolicy are preserved.\n* `gcp.accesscontextmanager.AccessPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the accesspolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Retrieves the IAM policy for the accesspolicy\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamPolicy` **cannot** be used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamBinding` and `gcp.accesscontextmanager.AccessPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamBinding` resources **can be** used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.accesscontextmanager.AccessPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\", {\n name: access_policy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/accesscontextmanager.policyAdmin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\",\n name=access_policy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.AccessContextManager.AccessPolicyIamPolicy(\"policy\", new()\n {\n Name = access_policy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/accesscontextmanager.policyAdmin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewAccessPolicyIamPolicy(ctx, \"policy\", \u0026accesscontextmanager.AccessPolicyIamPolicyArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicy;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AccessPolicyIamPolicy(\"policy\", AccessPolicyIamPolicyArgs.builder()\n .name(access_policy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:accesscontextmanager:AccessPolicyIamPolicy\n properties:\n name: ${[\"access-policy\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.accesscontextmanager.AccessPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.AccessContextManager.AccessPolicyIamBinding(\"binding\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamBinding(ctx, \"binding\", \u0026accesscontextmanager.AccessPolicyIamBindingArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBinding;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AccessPolicyIamBinding(\"binding\", AccessPolicyIamBindingArgs.builder()\n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:accesscontextmanager:AccessPolicyIamBinding\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.accesscontextmanager.AccessPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.accesscontextmanager.AccessPolicyIamMember(\"member\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.accesscontextmanager.AccessPolicyIamMember(\"member\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.AccessContextManager.AccessPolicyIamMember(\"member\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamMember(ctx, \"member\", \u0026accesscontextmanager.AccessPolicyIamMemberArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMember;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AccessPolicyIamMember(\"member\", AccessPolicyIamMemberArgs.builder()\n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:accesscontextmanager:AccessPolicyIamMember\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy\nThree different resources help you manage your IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy. Each of these resources serves a different use case:\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Authoritative. Sets the IAM policy for the accesspolicy and replaces any existing policy already attached.\n* `gcp.accesscontextmanager.AccessPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the accesspolicy are preserved.\n* `gcp.accesscontextmanager.AccessPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the accesspolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Retrieves the IAM policy for the accesspolicy\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamPolicy` **cannot** be used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamBinding` and `gcp.accesscontextmanager.AccessPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamBinding` resources **can be** used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.accesscontextmanager.AccessPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\", {\n name: access_policy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/accesscontextmanager.policyAdmin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\",\n name=access_policy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.AccessContextManager.AccessPolicyIamPolicy(\"policy\", new()\n {\n Name = access_policy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/accesscontextmanager.policyAdmin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewAccessPolicyIamPolicy(ctx, \"policy\", \u0026accesscontextmanager.AccessPolicyIamPolicyArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicy;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AccessPolicyIamPolicy(\"policy\", AccessPolicyIamPolicyArgs.builder()\n .name(access_policy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:accesscontextmanager:AccessPolicyIamPolicy\n properties:\n name: ${[\"access-policy\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.accesscontextmanager.AccessPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.AccessContextManager.AccessPolicyIamBinding(\"binding\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamBinding(ctx, \"binding\", \u0026accesscontextmanager.AccessPolicyIamBindingArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBinding;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AccessPolicyIamBinding(\"binding\", AccessPolicyIamBindingArgs.builder()\n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:accesscontextmanager:AccessPolicyIamBinding\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.accesscontextmanager.AccessPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.accesscontextmanager.AccessPolicyIamMember(\"member\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.accesscontextmanager.AccessPolicyIamMember(\"member\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.AccessContextManager.AccessPolicyIamMember(\"member\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamMember(ctx, \"member\", \u0026accesscontextmanager.AccessPolicyIamMemberArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMember;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AccessPolicyIamMember(\"member\", AccessPolicyIamMemberArgs.builder()\n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:accesscontextmanager:AccessPolicyIamMember\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* accessPolicies/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAccess Context Manager (VPC Service Controls) accesspolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamBinding:AccessPolicyIamBinding editor \"accessPolicies/{{access_policy}} roles/accesscontextmanager.policyAdmin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamBinding:AccessPolicyIamBinding editor \"accessPolicies/{{access_policy}} roles/accesscontextmanager.policyAdmin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamBinding:AccessPolicyIamBinding editor accessPolicies/{{access_policy}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:accesscontextmanager/AccessPolicyIamBindingCondition:AccessPolicyIamBindingCondition" @@ -127147,7 +127147,7 @@ } }, "gcp:accesscontextmanager/accessPolicyIamMember:AccessPolicyIamMember": { - "description": "Three different resources help you manage your IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy. Each of these resources serves a different use case:\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Authoritative. Sets the IAM policy for the accesspolicy and replaces any existing policy already attached.\n* `gcp.accesscontextmanager.AccessPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the accesspolicy are preserved.\n* `gcp.accesscontextmanager.AccessPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the accesspolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Retrieves the IAM policy for the accesspolicy\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamPolicy` **cannot** be used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamBinding` and `gcp.accesscontextmanager.AccessPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamBinding` resources **can be** used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.accesscontextmanager.AccessPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\", {\n name: access_policy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/accesscontextmanager.policyAdmin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\",\n name=access_policy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.AccessContextManager.AccessPolicyIamPolicy(\"policy\", new()\n {\n Name = access_policy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/accesscontextmanager.policyAdmin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewAccessPolicyIamPolicy(ctx, \"policy\", \u0026accesscontextmanager.AccessPolicyIamPolicyArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicy;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AccessPolicyIamPolicy(\"policy\", AccessPolicyIamPolicyArgs.builder()\n .name(access_policy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:accesscontextmanager:AccessPolicyIamPolicy\n properties:\n name: ${[\"access-policy\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.accesscontextmanager.AccessPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.AccessContextManager.AccessPolicyIamBinding(\"binding\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamBinding(ctx, \"binding\", \u0026accesscontextmanager.AccessPolicyIamBindingArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBinding;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AccessPolicyIamBinding(\"binding\", AccessPolicyIamBindingArgs.builder()\n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:accesscontextmanager:AccessPolicyIamBinding\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.accesscontextmanager.AccessPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.accesscontextmanager.AccessPolicyIamMember(\"member\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.accesscontextmanager.AccessPolicyIamMember(\"member\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.AccessContextManager.AccessPolicyIamMember(\"member\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamMember(ctx, \"member\", \u0026accesscontextmanager.AccessPolicyIamMemberArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMember;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AccessPolicyIamMember(\"member\", AccessPolicyIamMemberArgs.builder()\n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:accesscontextmanager:AccessPolicyIamMember\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy\nThree different resources help you manage your IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy. Each of these resources serves a different use case:\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Authoritative. Sets the IAM policy for the accesspolicy and replaces any existing policy already attached.\n* `gcp.accesscontextmanager.AccessPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the accesspolicy are preserved.\n* `gcp.accesscontextmanager.AccessPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the accesspolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Retrieves the IAM policy for the accesspolicy\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamPolicy` **cannot** be used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamBinding` and `gcp.accesscontextmanager.AccessPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamBinding` resources **can be** used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.accesscontextmanager.AccessPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\", {\n name: access_policy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/accesscontextmanager.policyAdmin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\",\n name=access_policy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.AccessContextManager.AccessPolicyIamPolicy(\"policy\", new()\n {\n Name = access_policy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/accesscontextmanager.policyAdmin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewAccessPolicyIamPolicy(ctx, \"policy\", \u0026accesscontextmanager.AccessPolicyIamPolicyArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicy;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AccessPolicyIamPolicy(\"policy\", AccessPolicyIamPolicyArgs.builder()\n .name(access_policy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:accesscontextmanager:AccessPolicyIamPolicy\n properties:\n name: ${[\"access-policy\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.accesscontextmanager.AccessPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.AccessContextManager.AccessPolicyIamBinding(\"binding\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamBinding(ctx, \"binding\", \u0026accesscontextmanager.AccessPolicyIamBindingArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBinding;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AccessPolicyIamBinding(\"binding\", AccessPolicyIamBindingArgs.builder()\n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:accesscontextmanager:AccessPolicyIamBinding\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.accesscontextmanager.AccessPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.accesscontextmanager.AccessPolicyIamMember(\"member\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.accesscontextmanager.AccessPolicyIamMember(\"member\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.AccessContextManager.AccessPolicyIamMember(\"member\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamMember(ctx, \"member\", \u0026accesscontextmanager.AccessPolicyIamMemberArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMember;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AccessPolicyIamMember(\"member\", AccessPolicyIamMemberArgs.builder()\n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:accesscontextmanager:AccessPolicyIamMember\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* accessPolicies/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAccess Context Manager (VPC Service Controls) accesspolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamMember:AccessPolicyIamMember editor \"accessPolicies/{{access_policy}} roles/accesscontextmanager.policyAdmin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamMember:AccessPolicyIamMember editor \"accessPolicies/{{access_policy}} roles/accesscontextmanager.policyAdmin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamMember:AccessPolicyIamMember editor accessPolicies/{{access_policy}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy. Each of these resources serves a different use case:\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Authoritative. Sets the IAM policy for the accesspolicy and replaces any existing policy already attached.\n* `gcp.accesscontextmanager.AccessPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the accesspolicy are preserved.\n* `gcp.accesscontextmanager.AccessPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the accesspolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Retrieves the IAM policy for the accesspolicy\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamPolicy` **cannot** be used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamBinding` and `gcp.accesscontextmanager.AccessPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamBinding` resources **can be** used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.accesscontextmanager.AccessPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\", {\n name: access_policy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/accesscontextmanager.policyAdmin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\",\n name=access_policy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.AccessContextManager.AccessPolicyIamPolicy(\"policy\", new()\n {\n Name = access_policy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/accesscontextmanager.policyAdmin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewAccessPolicyIamPolicy(ctx, \"policy\", \u0026accesscontextmanager.AccessPolicyIamPolicyArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicy;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AccessPolicyIamPolicy(\"policy\", AccessPolicyIamPolicyArgs.builder()\n .name(access_policy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:accesscontextmanager:AccessPolicyIamPolicy\n properties:\n name: ${[\"access-policy\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.accesscontextmanager.AccessPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.AccessContextManager.AccessPolicyIamBinding(\"binding\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamBinding(ctx, \"binding\", \u0026accesscontextmanager.AccessPolicyIamBindingArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBinding;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AccessPolicyIamBinding(\"binding\", AccessPolicyIamBindingArgs.builder()\n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:accesscontextmanager:AccessPolicyIamBinding\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.accesscontextmanager.AccessPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.accesscontextmanager.AccessPolicyIamMember(\"member\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.accesscontextmanager.AccessPolicyIamMember(\"member\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.AccessContextManager.AccessPolicyIamMember(\"member\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamMember(ctx, \"member\", \u0026accesscontextmanager.AccessPolicyIamMemberArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMember;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AccessPolicyIamMember(\"member\", AccessPolicyIamMemberArgs.builder()\n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:accesscontextmanager:AccessPolicyIamMember\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy\nThree different resources help you manage your IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy. Each of these resources serves a different use case:\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Authoritative. Sets the IAM policy for the accesspolicy and replaces any existing policy already attached.\n* `gcp.accesscontextmanager.AccessPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the accesspolicy are preserved.\n* `gcp.accesscontextmanager.AccessPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the accesspolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Retrieves the IAM policy for the accesspolicy\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamPolicy` **cannot** be used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamBinding` and `gcp.accesscontextmanager.AccessPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamBinding` resources **can be** used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.accesscontextmanager.AccessPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\", {\n name: access_policy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/accesscontextmanager.policyAdmin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\",\n name=access_policy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.AccessContextManager.AccessPolicyIamPolicy(\"policy\", new()\n {\n Name = access_policy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/accesscontextmanager.policyAdmin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewAccessPolicyIamPolicy(ctx, \"policy\", \u0026accesscontextmanager.AccessPolicyIamPolicyArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicy;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AccessPolicyIamPolicy(\"policy\", AccessPolicyIamPolicyArgs.builder()\n .name(access_policy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:accesscontextmanager:AccessPolicyIamPolicy\n properties:\n name: ${[\"access-policy\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.accesscontextmanager.AccessPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.AccessContextManager.AccessPolicyIamBinding(\"binding\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamBinding(ctx, \"binding\", \u0026accesscontextmanager.AccessPolicyIamBindingArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBinding;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AccessPolicyIamBinding(\"binding\", AccessPolicyIamBindingArgs.builder()\n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:accesscontextmanager:AccessPolicyIamBinding\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.accesscontextmanager.AccessPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.accesscontextmanager.AccessPolicyIamMember(\"member\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.accesscontextmanager.AccessPolicyIamMember(\"member\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.AccessContextManager.AccessPolicyIamMember(\"member\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamMember(ctx, \"member\", \u0026accesscontextmanager.AccessPolicyIamMemberArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMember;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AccessPolicyIamMember(\"member\", AccessPolicyIamMemberArgs.builder()\n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:accesscontextmanager:AccessPolicyIamMember\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* accessPolicies/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAccess Context Manager (VPC Service Controls) accesspolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamMember:AccessPolicyIamMember editor \"accessPolicies/{{access_policy}} roles/accesscontextmanager.policyAdmin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamMember:AccessPolicyIamMember editor \"accessPolicies/{{access_policy}} roles/accesscontextmanager.policyAdmin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamMember:AccessPolicyIamMember editor accessPolicies/{{access_policy}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:accesscontextmanager/AccessPolicyIamMemberCondition:AccessPolicyIamMemberCondition" @@ -127231,7 +127231,7 @@ } }, "gcp:accesscontextmanager/accessPolicyIamPolicy:AccessPolicyIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy. Each of these resources serves a different use case:\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Authoritative. Sets the IAM policy for the accesspolicy and replaces any existing policy already attached.\n* `gcp.accesscontextmanager.AccessPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the accesspolicy are preserved.\n* `gcp.accesscontextmanager.AccessPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the accesspolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Retrieves the IAM policy for the accesspolicy\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamPolicy` **cannot** be used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamBinding` and `gcp.accesscontextmanager.AccessPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamBinding` resources **can be** used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.accesscontextmanager.AccessPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\", {\n name: access_policy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/accesscontextmanager.policyAdmin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\",\n name=access_policy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.AccessContextManager.AccessPolicyIamPolicy(\"policy\", new()\n {\n Name = access_policy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/accesscontextmanager.policyAdmin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewAccessPolicyIamPolicy(ctx, \"policy\", \u0026accesscontextmanager.AccessPolicyIamPolicyArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicy;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AccessPolicyIamPolicy(\"policy\", AccessPolicyIamPolicyArgs.builder()\n .name(access_policy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:accesscontextmanager:AccessPolicyIamPolicy\n properties:\n name: ${[\"access-policy\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.accesscontextmanager.AccessPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.AccessContextManager.AccessPolicyIamBinding(\"binding\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamBinding(ctx, \"binding\", \u0026accesscontextmanager.AccessPolicyIamBindingArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBinding;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AccessPolicyIamBinding(\"binding\", AccessPolicyIamBindingArgs.builder()\n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:accesscontextmanager:AccessPolicyIamBinding\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.accesscontextmanager.AccessPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.accesscontextmanager.AccessPolicyIamMember(\"member\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.accesscontextmanager.AccessPolicyIamMember(\"member\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.AccessContextManager.AccessPolicyIamMember(\"member\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamMember(ctx, \"member\", \u0026accesscontextmanager.AccessPolicyIamMemberArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMember;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AccessPolicyIamMember(\"member\", AccessPolicyIamMemberArgs.builder()\n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:accesscontextmanager:AccessPolicyIamMember\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy\nThree different resources help you manage your IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy. Each of these resources serves a different use case:\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Authoritative. Sets the IAM policy for the accesspolicy and replaces any existing policy already attached.\n* `gcp.accesscontextmanager.AccessPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the accesspolicy are preserved.\n* `gcp.accesscontextmanager.AccessPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the accesspolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Retrieves the IAM policy for the accesspolicy\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamPolicy` **cannot** be used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamBinding` and `gcp.accesscontextmanager.AccessPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamBinding` resources **can be** used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.accesscontextmanager.AccessPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\", {\n name: access_policy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/accesscontextmanager.policyAdmin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\",\n name=access_policy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.AccessContextManager.AccessPolicyIamPolicy(\"policy\", new()\n {\n Name = access_policy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/accesscontextmanager.policyAdmin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewAccessPolicyIamPolicy(ctx, \"policy\", \u0026accesscontextmanager.AccessPolicyIamPolicyArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicy;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AccessPolicyIamPolicy(\"policy\", AccessPolicyIamPolicyArgs.builder()\n .name(access_policy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:accesscontextmanager:AccessPolicyIamPolicy\n properties:\n name: ${[\"access-policy\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.accesscontextmanager.AccessPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.AccessContextManager.AccessPolicyIamBinding(\"binding\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamBinding(ctx, \"binding\", \u0026accesscontextmanager.AccessPolicyIamBindingArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBinding;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AccessPolicyIamBinding(\"binding\", AccessPolicyIamBindingArgs.builder()\n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:accesscontextmanager:AccessPolicyIamBinding\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.accesscontextmanager.AccessPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.accesscontextmanager.AccessPolicyIamMember(\"member\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.accesscontextmanager.AccessPolicyIamMember(\"member\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.AccessContextManager.AccessPolicyIamMember(\"member\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamMember(ctx, \"member\", \u0026accesscontextmanager.AccessPolicyIamMemberArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMember;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AccessPolicyIamMember(\"member\", AccessPolicyIamMemberArgs.builder()\n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:accesscontextmanager:AccessPolicyIamMember\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* accessPolicies/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAccess Context Manager (VPC Service Controls) accesspolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamPolicy:AccessPolicyIamPolicy editor \"accessPolicies/{{access_policy}} roles/accesscontextmanager.policyAdmin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamPolicy:AccessPolicyIamPolicy editor \"accessPolicies/{{access_policy}} roles/accesscontextmanager.policyAdmin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamPolicy:AccessPolicyIamPolicy editor accessPolicies/{{access_policy}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy. Each of these resources serves a different use case:\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Authoritative. Sets the IAM policy for the accesspolicy and replaces any existing policy already attached.\n* `gcp.accesscontextmanager.AccessPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the accesspolicy are preserved.\n* `gcp.accesscontextmanager.AccessPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the accesspolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Retrieves the IAM policy for the accesspolicy\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamPolicy` **cannot** be used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamBinding` and `gcp.accesscontextmanager.AccessPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamBinding` resources **can be** used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.accesscontextmanager.AccessPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\", {\n name: access_policy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/accesscontextmanager.policyAdmin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\",\n name=access_policy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.AccessContextManager.AccessPolicyIamPolicy(\"policy\", new()\n {\n Name = access_policy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/accesscontextmanager.policyAdmin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewAccessPolicyIamPolicy(ctx, \"policy\", \u0026accesscontextmanager.AccessPolicyIamPolicyArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicy;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AccessPolicyIamPolicy(\"policy\", AccessPolicyIamPolicyArgs.builder()\n .name(access_policy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:accesscontextmanager:AccessPolicyIamPolicy\n properties:\n name: ${[\"access-policy\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.accesscontextmanager.AccessPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.AccessContextManager.AccessPolicyIamBinding(\"binding\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamBinding(ctx, \"binding\", \u0026accesscontextmanager.AccessPolicyIamBindingArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBinding;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AccessPolicyIamBinding(\"binding\", AccessPolicyIamBindingArgs.builder()\n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:accesscontextmanager:AccessPolicyIamBinding\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.accesscontextmanager.AccessPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.accesscontextmanager.AccessPolicyIamMember(\"member\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.accesscontextmanager.AccessPolicyIamMember(\"member\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.AccessContextManager.AccessPolicyIamMember(\"member\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamMember(ctx, \"member\", \u0026accesscontextmanager.AccessPolicyIamMemberArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMember;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AccessPolicyIamMember(\"member\", AccessPolicyIamMemberArgs.builder()\n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:accesscontextmanager:AccessPolicyIamMember\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy\nThree different resources help you manage your IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy. Each of these resources serves a different use case:\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Authoritative. Sets the IAM policy for the accesspolicy and replaces any existing policy already attached.\n* `gcp.accesscontextmanager.AccessPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the accesspolicy are preserved.\n* `gcp.accesscontextmanager.AccessPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the accesspolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Retrieves the IAM policy for the accesspolicy\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamPolicy` **cannot** be used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamBinding` and `gcp.accesscontextmanager.AccessPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamBinding` resources **can be** used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.accesscontextmanager.AccessPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\", {\n name: access_policy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/accesscontextmanager.policyAdmin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\",\n name=access_policy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.AccessContextManager.AccessPolicyIamPolicy(\"policy\", new()\n {\n Name = access_policy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/accesscontextmanager.policyAdmin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewAccessPolicyIamPolicy(ctx, \"policy\", \u0026accesscontextmanager.AccessPolicyIamPolicyArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicy;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AccessPolicyIamPolicy(\"policy\", AccessPolicyIamPolicyArgs.builder()\n .name(access_policy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:accesscontextmanager:AccessPolicyIamPolicy\n properties:\n name: ${[\"access-policy\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.accesscontextmanager.AccessPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.AccessContextManager.AccessPolicyIamBinding(\"binding\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamBinding(ctx, \"binding\", \u0026accesscontextmanager.AccessPolicyIamBindingArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBinding;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AccessPolicyIamBinding(\"binding\", AccessPolicyIamBindingArgs.builder()\n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:accesscontextmanager:AccessPolicyIamBinding\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.accesscontextmanager.AccessPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.accesscontextmanager.AccessPolicyIamMember(\"member\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.accesscontextmanager.AccessPolicyIamMember(\"member\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.AccessContextManager.AccessPolicyIamMember(\"member\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamMember(ctx, \"member\", \u0026accesscontextmanager.AccessPolicyIamMemberArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMember;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AccessPolicyIamMember(\"member\", AccessPolicyIamMemberArgs.builder()\n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:accesscontextmanager:AccessPolicyIamMember\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* accessPolicies/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAccess Context Manager (VPC Service Controls) accesspolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamPolicy:AccessPolicyIamPolicy editor \"accessPolicies/{{access_policy}} roles/accesscontextmanager.policyAdmin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamPolicy:AccessPolicyIamPolicy editor \"accessPolicies/{{access_policy}} roles/accesscontextmanager.policyAdmin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamPolicy:AccessPolicyIamPolicy editor accessPolicies/{{access_policy}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -127464,7 +127464,7 @@ } }, "gcp:accesscontextmanager/gcpUserAccessBinding:GcpUserAccessBinding": { - "description": "Restricts access to Cloud Console and Google Cloud APIs for a set of users using Context-Aware Access.\n\n\nTo get more information about GcpUserAccessBinding, see:\n\n* [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/organizations.gcpUserAccessBindings)\n\n## Example Usage\n\n### Access Context Manager Gcp User Access Binding Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst group = new gcp.cloudidentity.Group(\"group\", {\n displayName: \"my-identity-group\",\n parent: \"customers/A01b123xz\",\n groupKey: {\n id: \"my-identity-group@example.com\",\n },\n labels: {\n \"cloudidentity.googleapis.com/groups.discussion_forum\": \"\",\n },\n});\nconst access_policy = new gcp.accesscontextmanager.AccessPolicy(\"access-policy\", {\n parent: \"organizations/123456789\",\n title: \"my policy\",\n});\nconst accessLevelIdForUserAccessBinding = new gcp.accesscontextmanager.AccessLevel(\"access_level_id_for_user_access_binding\", {\n parent: pulumi.interpolate`accessPolicies/${access_policy.name}`,\n name: pulumi.interpolate`accessPolicies/${access_policy.name}/accessLevels/chromeos_no_lock`,\n title: \"chromeos_no_lock\",\n basic: {\n conditions: [{\n devicePolicy: {\n requireScreenLock: true,\n osConstraints: [{\n osType: \"DESKTOP_CHROME_OS\",\n }],\n },\n regions: [\"US\"],\n }],\n },\n});\nconst gcpUserAccessBinding = new gcp.accesscontextmanager.GcpUserAccessBinding(\"gcp_user_access_binding\", {\n organizationId: \"123456789\",\n groupKey: std.trimprefixOutput({\n input: group.id,\n prefix: \"groups/\",\n }).apply(invoke =\u003e invoke.result),\n accessLevels: accessLevelIdForUserAccessBinding.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ngroup = gcp.cloudidentity.Group(\"group\",\n display_name=\"my-identity-group\",\n parent=\"customers/A01b123xz\",\n group_key={\n \"id\": \"my-identity-group@example.com\",\n },\n labels={\n \"cloudidentity.googleapis.com/groups.discussion_forum\": \"\",\n })\naccess_policy = gcp.accesscontextmanager.AccessPolicy(\"access-policy\",\n parent=\"organizations/123456789\",\n title=\"my policy\")\naccess_level_id_for_user_access_binding = gcp.accesscontextmanager.AccessLevel(\"access_level_id_for_user_access_binding\",\n parent=access_policy.name.apply(lambda name: f\"accessPolicies/{name}\"),\n name=access_policy.name.apply(lambda name: f\"accessPolicies/{name}/accessLevels/chromeos_no_lock\"),\n title=\"chromeos_no_lock\",\n basic={\n \"conditions\": [{\n \"device_policy\": {\n \"require_screen_lock\": True,\n \"os_constraints\": [{\n \"os_type\": \"DESKTOP_CHROME_OS\",\n }],\n },\n \"regions\": [\"US\"],\n }],\n })\ngcp_user_access_binding = gcp.accesscontextmanager.GcpUserAccessBinding(\"gcp_user_access_binding\",\n organization_id=\"123456789\",\n group_key=std.trimprefix_output(input=group.id,\n prefix=\"groups/\").apply(lambda invoke: invoke.result),\n access_levels=access_level_id_for_user_access_binding.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @group = new Gcp.CloudIdentity.Group(\"group\", new()\n {\n DisplayName = \"my-identity-group\",\n Parent = \"customers/A01b123xz\",\n GroupKey = new Gcp.CloudIdentity.Inputs.GroupGroupKeyArgs\n {\n Id = \"my-identity-group@example.com\",\n },\n Labels = \n {\n { \"cloudidentity.googleapis.com/groups.discussion_forum\", \"\" },\n },\n });\n\n var access_policy = new Gcp.AccessContextManager.AccessPolicy(\"access-policy\", new()\n {\n Parent = \"organizations/123456789\",\n Title = \"my policy\",\n });\n\n var accessLevelIdForUserAccessBinding = new Gcp.AccessContextManager.AccessLevel(\"access_level_id_for_user_access_binding\", new()\n {\n Parent = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}\"),\n Name = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}/accessLevels/chromeos_no_lock\"),\n Title = \"chromeos_no_lock\",\n Basic = new Gcp.AccessContextManager.Inputs.AccessLevelBasicArgs\n {\n Conditions = new[]\n {\n new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionArgs\n {\n DevicePolicy = new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionDevicePolicyArgs\n {\n RequireScreenLock = true,\n OsConstraints = new[]\n {\n new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionDevicePolicyOsConstraintArgs\n {\n OsType = \"DESKTOP_CHROME_OS\",\n },\n },\n },\n Regions = new[]\n {\n \"US\",\n },\n },\n },\n },\n });\n\n var gcpUserAccessBinding = new Gcp.AccessContextManager.GcpUserAccessBinding(\"gcp_user_access_binding\", new()\n {\n OrganizationId = \"123456789\",\n GroupKey = Std.Trimprefix.Invoke(new()\n {\n Input = @group.Id,\n Prefix = \"groups/\",\n }).Apply(invoke =\u003e invoke.Result),\n AccessLevels = accessLevelIdForUserAccessBinding.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudidentity\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tgroup, err := cloudidentity.NewGroup(ctx, \"group\", \u0026cloudidentity.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"my-identity-group\"),\n\t\t\tParent: pulumi.String(\"customers/A01b123xz\"),\n\t\t\tGroupKey: \u0026cloudidentity.GroupGroupKeyArgs{\n\t\t\t\tId: pulumi.String(\"my-identity-group@example.com\"),\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"cloudidentity.googleapis.com/groups.discussion_forum\": pulumi.String(\"\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewAccessPolicy(ctx, \"access-policy\", \u0026accesscontextmanager.AccessPolicyArgs{\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tTitle: pulumi.String(\"my policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\taccessLevelIdForUserAccessBinding, err := accesscontextmanager.NewAccessLevel(ctx, \"access_level_id_for_user_access_binding\", \u0026accesscontextmanager.AccessLevelArgs{\n\t\t\tParent: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tName: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v/accessLevels/chromeos_no_lock\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tTitle: pulumi.String(\"chromeos_no_lock\"),\n\t\t\tBasic: \u0026accesscontextmanager.AccessLevelBasicArgs{\n\t\t\t\tConditions: accesscontextmanager.AccessLevelBasicConditionArray{\n\t\t\t\t\t\u0026accesscontextmanager.AccessLevelBasicConditionArgs{\n\t\t\t\t\t\tDevicePolicy: \u0026accesscontextmanager.AccessLevelBasicConditionDevicePolicyArgs{\n\t\t\t\t\t\t\tRequireScreenLock: pulumi.Bool(true),\n\t\t\t\t\t\t\tOsConstraints: accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArray{\n\t\t\t\t\t\t\t\t\u0026accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArgs{\n\t\t\t\t\t\t\t\t\tOsType: pulumi.String(\"DESKTOP_CHROME_OS\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tRegions: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewGcpUserAccessBinding(ctx, \"gcp_user_access_binding\", \u0026accesscontextmanager.GcpUserAccessBindingArgs{\n\t\t\tOrganizationId: pulumi.String(\"123456789\"),\n\t\t\tGroupKey: pulumi.String(std.TrimprefixOutput(ctx, std.TrimprefixOutputArgs{\n\t\t\t\tInput: group.ID(),\n\t\t\t\tPrefix: pulumi.String(\"groups/\"),\n\t\t\t}, nil).ApplyT(func(invoke std.TrimprefixResult) (*string, error) {\n\t\t\t\treturn invoke.Result, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\tAccessLevels: accessLevelIdForUserAccessBinding.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudidentity.Group;\nimport com.pulumi.gcp.cloudidentity.GroupArgs;\nimport com.pulumi.gcp.cloudidentity.inputs.GroupGroupKeyArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicy;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessLevel;\nimport com.pulumi.gcp.accesscontextmanager.AccessLevelArgs;\nimport com.pulumi.gcp.accesscontextmanager.inputs.AccessLevelBasicArgs;\nimport com.pulumi.gcp.accesscontextmanager.GcpUserAccessBinding;\nimport com.pulumi.gcp.accesscontextmanager.GcpUserAccessBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var group = new Group(\"group\", GroupArgs.builder()\n .displayName(\"my-identity-group\")\n .parent(\"customers/A01b123xz\")\n .groupKey(GroupGroupKeyArgs.builder()\n .id(\"my-identity-group@example.com\")\n .build())\n .labels(Map.of(\"cloudidentity.googleapis.com/groups.discussion_forum\", \"\"))\n .build());\n\n var access_policy = new AccessPolicy(\"access-policy\", AccessPolicyArgs.builder()\n .parent(\"organizations/123456789\")\n .title(\"my policy\")\n .build());\n\n var accessLevelIdForUserAccessBinding = new AccessLevel(\"accessLevelIdForUserAccessBinding\", AccessLevelArgs.builder()\n .parent(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s\", name)))\n .name(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s/accessLevels/chromeos_no_lock\", name)))\n .title(\"chromeos_no_lock\")\n .basic(AccessLevelBasicArgs.builder()\n .conditions(AccessLevelBasicConditionArgs.builder()\n .devicePolicy(AccessLevelBasicConditionDevicePolicyArgs.builder()\n .requireScreenLock(true)\n .osConstraints(AccessLevelBasicConditionDevicePolicyOsConstraintArgs.builder()\n .osType(\"DESKTOP_CHROME_OS\")\n .build())\n .build())\n .regions(\"US\")\n .build())\n .build())\n .build());\n\n var gcpUserAccessBinding = new GcpUserAccessBinding(\"gcpUserAccessBinding\", GcpUserAccessBindingArgs.builder()\n .organizationId(\"123456789\")\n .groupKey(StdFunctions.trimprefix().applyValue(invoke -\u003e invoke.result()))\n .accessLevels(accessLevelIdForUserAccessBinding.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n group:\n type: gcp:cloudidentity:Group\n properties:\n displayName: my-identity-group\n parent: customers/A01b123xz\n groupKey:\n id: my-identity-group@example.com\n labels:\n cloudidentity.googleapis.com/groups.discussion_forum:\n accessLevelIdForUserAccessBinding:\n type: gcp:accesscontextmanager:AccessLevel\n name: access_level_id_for_user_access_binding\n properties:\n parent: accessPolicies/${[\"access-policy\"].name}\n name: accessPolicies/${[\"access-policy\"].name}/accessLevels/chromeos_no_lock\n title: chromeos_no_lock\n basic:\n conditions:\n - devicePolicy:\n requireScreenLock: true\n osConstraints:\n - osType: DESKTOP_CHROME_OS\n regions:\n - US\n access-policy:\n type: gcp:accesscontextmanager:AccessPolicy\n properties:\n parent: organizations/123456789\n title: my policy\n gcpUserAccessBinding:\n type: gcp:accesscontextmanager:GcpUserAccessBinding\n name: gcp_user_access_binding\n properties:\n organizationId: '123456789'\n groupKey:\n fn::invoke:\n Function: std:trimprefix\n Arguments:\n input: ${group.id}\n prefix: groups/\n Return: result\n accessLevels: ${accessLevelIdForUserAccessBinding.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGcpUserAccessBinding can be imported using any of these accepted formats:\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, GcpUserAccessBinding can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:accesscontextmanager/gcpUserAccessBinding:GcpUserAccessBinding default {{name}}\n```\n\n", + "description": "Restricts access to Cloud Console and Google Cloud APIs for a set of users using Context-Aware Access.\n\n\nTo get more information about GcpUserAccessBinding, see:\n\n* [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/organizations.gcpUserAccessBindings)\n\n## Example Usage\n\n### Access Context Manager Gcp User Access Binding Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst group = new gcp.cloudidentity.Group(\"group\", {\n displayName: \"my-identity-group\",\n parent: \"customers/A01b123xz\",\n groupKey: {\n id: \"my-identity-group@example.com\",\n },\n labels: {\n \"cloudidentity.googleapis.com/groups.discussion_forum\": \"\",\n },\n});\nconst access_policy = new gcp.accesscontextmanager.AccessPolicy(\"access-policy\", {\n parent: \"organizations/123456789\",\n title: \"my policy\",\n});\nconst accessLevelIdForUserAccessBinding = new gcp.accesscontextmanager.AccessLevel(\"access_level_id_for_user_access_binding\", {\n parent: pulumi.interpolate`accessPolicies/${access_policy.name}`,\n name: pulumi.interpolate`accessPolicies/${access_policy.name}/accessLevels/chromeos_no_lock`,\n title: \"chromeos_no_lock\",\n basic: {\n conditions: [{\n devicePolicy: {\n requireScreenLock: true,\n osConstraints: [{\n osType: \"DESKTOP_CHROME_OS\",\n }],\n },\n regions: [\"US\"],\n }],\n },\n});\nconst gcpUserAccessBinding = new gcp.accesscontextmanager.GcpUserAccessBinding(\"gcp_user_access_binding\", {\n organizationId: \"123456789\",\n groupKey: std.trimprefixOutput({\n input: group.id,\n prefix: \"groups/\",\n }).apply(invoke =\u003e invoke.result),\n accessLevels: accessLevelIdForUserAccessBinding.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ngroup = gcp.cloudidentity.Group(\"group\",\n display_name=\"my-identity-group\",\n parent=\"customers/A01b123xz\",\n group_key={\n \"id\": \"my-identity-group@example.com\",\n },\n labels={\n \"cloudidentity.googleapis.com/groups.discussion_forum\": \"\",\n })\naccess_policy = gcp.accesscontextmanager.AccessPolicy(\"access-policy\",\n parent=\"organizations/123456789\",\n title=\"my policy\")\naccess_level_id_for_user_access_binding = gcp.accesscontextmanager.AccessLevel(\"access_level_id_for_user_access_binding\",\n parent=access_policy.name.apply(lambda name: f\"accessPolicies/{name}\"),\n name=access_policy.name.apply(lambda name: f\"accessPolicies/{name}/accessLevels/chromeos_no_lock\"),\n title=\"chromeos_no_lock\",\n basic={\n \"conditions\": [{\n \"device_policy\": {\n \"require_screen_lock\": True,\n \"os_constraints\": [{\n \"os_type\": \"DESKTOP_CHROME_OS\",\n }],\n },\n \"regions\": [\"US\"],\n }],\n })\ngcp_user_access_binding = gcp.accesscontextmanager.GcpUserAccessBinding(\"gcp_user_access_binding\",\n organization_id=\"123456789\",\n group_key=std.trimprefix_output(input=group.id,\n prefix=\"groups/\").apply(lambda invoke: invoke.result),\n access_levels=access_level_id_for_user_access_binding.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @group = new Gcp.CloudIdentity.Group(\"group\", new()\n {\n DisplayName = \"my-identity-group\",\n Parent = \"customers/A01b123xz\",\n GroupKey = new Gcp.CloudIdentity.Inputs.GroupGroupKeyArgs\n {\n Id = \"my-identity-group@example.com\",\n },\n Labels = \n {\n { \"cloudidentity.googleapis.com/groups.discussion_forum\", \"\" },\n },\n });\n\n var access_policy = new Gcp.AccessContextManager.AccessPolicy(\"access-policy\", new()\n {\n Parent = \"organizations/123456789\",\n Title = \"my policy\",\n });\n\n var accessLevelIdForUserAccessBinding = new Gcp.AccessContextManager.AccessLevel(\"access_level_id_for_user_access_binding\", new()\n {\n Parent = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}\"),\n Name = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}/accessLevels/chromeos_no_lock\"),\n Title = \"chromeos_no_lock\",\n Basic = new Gcp.AccessContextManager.Inputs.AccessLevelBasicArgs\n {\n Conditions = new[]\n {\n new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionArgs\n {\n DevicePolicy = new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionDevicePolicyArgs\n {\n RequireScreenLock = true,\n OsConstraints = new[]\n {\n new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionDevicePolicyOsConstraintArgs\n {\n OsType = \"DESKTOP_CHROME_OS\",\n },\n },\n },\n Regions = new[]\n {\n \"US\",\n },\n },\n },\n },\n });\n\n var gcpUserAccessBinding = new Gcp.AccessContextManager.GcpUserAccessBinding(\"gcp_user_access_binding\", new()\n {\n OrganizationId = \"123456789\",\n GroupKey = Std.Trimprefix.Invoke(new()\n {\n Input = @group.Id,\n Prefix = \"groups/\",\n }).Apply(invoke =\u003e invoke.Result),\n AccessLevels = accessLevelIdForUserAccessBinding.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudidentity\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tgroup, err := cloudidentity.NewGroup(ctx, \"group\", \u0026cloudidentity.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"my-identity-group\"),\n\t\t\tParent: pulumi.String(\"customers/A01b123xz\"),\n\t\t\tGroupKey: \u0026cloudidentity.GroupGroupKeyArgs{\n\t\t\t\tId: pulumi.String(\"my-identity-group@example.com\"),\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"cloudidentity.googleapis.com/groups.discussion_forum\": pulumi.String(\"\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewAccessPolicy(ctx, \"access-policy\", \u0026accesscontextmanager.AccessPolicyArgs{\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tTitle: pulumi.String(\"my policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\taccessLevelIdForUserAccessBinding, err := accesscontextmanager.NewAccessLevel(ctx, \"access_level_id_for_user_access_binding\", \u0026accesscontextmanager.AccessLevelArgs{\n\t\t\tParent: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tName: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v/accessLevels/chromeos_no_lock\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tTitle: pulumi.String(\"chromeos_no_lock\"),\n\t\t\tBasic: \u0026accesscontextmanager.AccessLevelBasicArgs{\n\t\t\t\tConditions: accesscontextmanager.AccessLevelBasicConditionArray{\n\t\t\t\t\t\u0026accesscontextmanager.AccessLevelBasicConditionArgs{\n\t\t\t\t\t\tDevicePolicy: \u0026accesscontextmanager.AccessLevelBasicConditionDevicePolicyArgs{\n\t\t\t\t\t\t\tRequireScreenLock: pulumi.Bool(true),\n\t\t\t\t\t\t\tOsConstraints: accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArray{\n\t\t\t\t\t\t\t\t\u0026accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArgs{\n\t\t\t\t\t\t\t\t\tOsType: pulumi.String(\"DESKTOP_CHROME_OS\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tRegions: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewGcpUserAccessBinding(ctx, \"gcp_user_access_binding\", \u0026accesscontextmanager.GcpUserAccessBindingArgs{\n\t\t\tOrganizationId: pulumi.String(\"123456789\"),\n\t\t\tGroupKey: pulumi.String(std.TrimprefixOutput(ctx, std.TrimprefixOutputArgs{\n\t\t\t\tInput: group.ID(),\n\t\t\t\tPrefix: pulumi.String(\"groups/\"),\n\t\t\t}, nil).ApplyT(func(invoke std.TrimprefixResult) (*string, error) {\n\t\t\t\treturn invoke.Result, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\tAccessLevels: accessLevelIdForUserAccessBinding.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudidentity.Group;\nimport com.pulumi.gcp.cloudidentity.GroupArgs;\nimport com.pulumi.gcp.cloudidentity.inputs.GroupGroupKeyArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicy;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessLevel;\nimport com.pulumi.gcp.accesscontextmanager.AccessLevelArgs;\nimport com.pulumi.gcp.accesscontextmanager.inputs.AccessLevelBasicArgs;\nimport com.pulumi.gcp.accesscontextmanager.GcpUserAccessBinding;\nimport com.pulumi.gcp.accesscontextmanager.GcpUserAccessBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var group = new Group(\"group\", GroupArgs.builder()\n .displayName(\"my-identity-group\")\n .parent(\"customers/A01b123xz\")\n .groupKey(GroupGroupKeyArgs.builder()\n .id(\"my-identity-group@example.com\")\n .build())\n .labels(Map.of(\"cloudidentity.googleapis.com/groups.discussion_forum\", \"\"))\n .build());\n\n var access_policy = new AccessPolicy(\"access-policy\", AccessPolicyArgs.builder()\n .parent(\"organizations/123456789\")\n .title(\"my policy\")\n .build());\n\n var accessLevelIdForUserAccessBinding = new AccessLevel(\"accessLevelIdForUserAccessBinding\", AccessLevelArgs.builder()\n .parent(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s\", name)))\n .name(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s/accessLevels/chromeos_no_lock\", name)))\n .title(\"chromeos_no_lock\")\n .basic(AccessLevelBasicArgs.builder()\n .conditions(AccessLevelBasicConditionArgs.builder()\n .devicePolicy(AccessLevelBasicConditionDevicePolicyArgs.builder()\n .requireScreenLock(true)\n .osConstraints(AccessLevelBasicConditionDevicePolicyOsConstraintArgs.builder()\n .osType(\"DESKTOP_CHROME_OS\")\n .build())\n .build())\n .regions(\"US\")\n .build())\n .build())\n .build());\n\n var gcpUserAccessBinding = new GcpUserAccessBinding(\"gcpUserAccessBinding\", GcpUserAccessBindingArgs.builder()\n .organizationId(\"123456789\")\n .groupKey(StdFunctions.trimprefix().applyValue(invoke -\u003e invoke.result()))\n .accessLevels(accessLevelIdForUserAccessBinding.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n group:\n type: gcp:cloudidentity:Group\n properties:\n displayName: my-identity-group\n parent: customers/A01b123xz\n groupKey:\n id: my-identity-group@example.com\n labels:\n cloudidentity.googleapis.com/groups.discussion_forum: \"\"\n accessLevelIdForUserAccessBinding:\n type: gcp:accesscontextmanager:AccessLevel\n name: access_level_id_for_user_access_binding\n properties:\n parent: accessPolicies/${[\"access-policy\"].name}\n name: accessPolicies/${[\"access-policy\"].name}/accessLevels/chromeos_no_lock\n title: chromeos_no_lock\n basic:\n conditions:\n - devicePolicy:\n requireScreenLock: true\n osConstraints:\n - osType: DESKTOP_CHROME_OS\n regions:\n - US\n access-policy:\n type: gcp:accesscontextmanager:AccessPolicy\n properties:\n parent: organizations/123456789\n title: my policy\n gcpUserAccessBinding:\n type: gcp:accesscontextmanager:GcpUserAccessBinding\n name: gcp_user_access_binding\n properties:\n organizationId: '123456789'\n groupKey:\n fn::invoke:\n function: std:trimprefix\n arguments:\n input: ${group.id}\n prefix: groups/\n return: result\n accessLevels: ${accessLevelIdForUserAccessBinding.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGcpUserAccessBinding can be imported using any of these accepted formats:\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, GcpUserAccessBinding can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:accesscontextmanager/gcpUserAccessBinding:GcpUserAccessBinding default {{name}}\n```\n\n", "properties": { "accessLevels": { "type": "string", @@ -127585,7 +127585,7 @@ } }, "gcp:accesscontextmanager/servicePerimeter:ServicePerimeter": { - "description": "ServicePerimeter describes a set of GCP resources which can freely import\nand export data amongst themselves, but not export outside of the\nServicePerimeter. If a request with a source within this ServicePerimeter\nhas a target outside of the ServicePerimeter, the request will be blocked.\nOtherwise the request is allowed. There are two types of Service Perimeter\n- Regular and Bridge. Regular Service Perimeters cannot overlap, a single\nGCP project can only belong to a single regular Service Perimeter. Service\nPerimeter Bridges can contain only GCP projects as members, a single GCP\nproject may belong to multiple Service Perimeter Bridges.\n\n\nTo get more information about ServicePerimeter, see:\n\n* [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters)\n* How-to Guides\n * [Guide to Ingress and Egress Rules](https://cloud.google.com/vpc-service-controls/docs/ingress-egress-rules)\n * [Service Perimeter Quickstart](https://cloud.google.com/vpc-service-controls/docs/quickstart)\n\n\u003e **Warning:** If you are using User ADCs (Application Default Credentials) with this resource,\nyou must specify a `billing_project` and set `user_project_override` to true\nin the provider configuration. Otherwise the ACM API will return a 403 error.\nYour account must have the `serviceusage.services.use` permission on the\n`billing_project` you defined.\n\n## Example Usage\n\n### Access Context Manager Service Perimeter Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst access_policy = new gcp.accesscontextmanager.AccessPolicy(\"access-policy\", {\n parent: \"organizations/123456789\",\n title: \"my policy\",\n});\nconst service_perimeter = new gcp.accesscontextmanager.ServicePerimeter(\"service-perimeter\", {\n parent: pulumi.interpolate`accessPolicies/${access_policy.name}`,\n name: pulumi.interpolate`accessPolicies/${access_policy.name}/servicePerimeters/restrict_storage`,\n title: \"restrict_storage\",\n status: {\n restrictedServices: [\"storage.googleapis.com\"],\n },\n});\nconst access_level = new gcp.accesscontextmanager.AccessLevel(\"access-level\", {\n parent: pulumi.interpolate`accessPolicies/${access_policy.name}`,\n name: pulumi.interpolate`accessPolicies/${access_policy.name}/accessLevels/chromeos_no_lock`,\n title: \"chromeos_no_lock\",\n basic: {\n conditions: [{\n devicePolicy: {\n requireScreenLock: false,\n osConstraints: [{\n osType: \"DESKTOP_CHROME_OS\",\n }],\n },\n regions: [\n \"CH\",\n \"IT\",\n \"US\",\n ],\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\naccess_policy = gcp.accesscontextmanager.AccessPolicy(\"access-policy\",\n parent=\"organizations/123456789\",\n title=\"my policy\")\nservice_perimeter = gcp.accesscontextmanager.ServicePerimeter(\"service-perimeter\",\n parent=access_policy.name.apply(lambda name: f\"accessPolicies/{name}\"),\n name=access_policy.name.apply(lambda name: f\"accessPolicies/{name}/servicePerimeters/restrict_storage\"),\n title=\"restrict_storage\",\n status={\n \"restricted_services\": [\"storage.googleapis.com\"],\n })\naccess_level = gcp.accesscontextmanager.AccessLevel(\"access-level\",\n parent=access_policy.name.apply(lambda name: f\"accessPolicies/{name}\"),\n name=access_policy.name.apply(lambda name: f\"accessPolicies/{name}/accessLevels/chromeos_no_lock\"),\n title=\"chromeos_no_lock\",\n basic={\n \"conditions\": [{\n \"device_policy\": {\n \"require_screen_lock\": False,\n \"os_constraints\": [{\n \"os_type\": \"DESKTOP_CHROME_OS\",\n }],\n },\n \"regions\": [\n \"CH\",\n \"IT\",\n \"US\",\n ],\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var access_policy = new Gcp.AccessContextManager.AccessPolicy(\"access-policy\", new()\n {\n Parent = \"organizations/123456789\",\n Title = \"my policy\",\n });\n\n var service_perimeter = new Gcp.AccessContextManager.ServicePerimeter(\"service-perimeter\", new()\n {\n Parent = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}\"),\n Name = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}/servicePerimeters/restrict_storage\"),\n Title = \"restrict_storage\",\n Status = new Gcp.AccessContextManager.Inputs.ServicePerimeterStatusArgs\n {\n RestrictedServices = new[]\n {\n \"storage.googleapis.com\",\n },\n },\n });\n\n var access_level = new Gcp.AccessContextManager.AccessLevel(\"access-level\", new()\n {\n Parent = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}\"),\n Name = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}/accessLevels/chromeos_no_lock\"),\n Title = \"chromeos_no_lock\",\n Basic = new Gcp.AccessContextManager.Inputs.AccessLevelBasicArgs\n {\n Conditions = new[]\n {\n new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionArgs\n {\n DevicePolicy = new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionDevicePolicyArgs\n {\n RequireScreenLock = false,\n OsConstraints = new[]\n {\n new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionDevicePolicyOsConstraintArgs\n {\n OsType = \"DESKTOP_CHROME_OS\",\n },\n },\n },\n Regions = new[]\n {\n \"CH\",\n \"IT\",\n \"US\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicy(ctx, \"access-policy\", \u0026accesscontextmanager.AccessPolicyArgs{\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tTitle: pulumi.String(\"my policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewServicePerimeter(ctx, \"service-perimeter\", \u0026accesscontextmanager.ServicePerimeterArgs{\n\t\t\tParent: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tName: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v/servicePerimeters/restrict_storage\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tTitle: pulumi.String(\"restrict_storage\"),\n\t\t\tStatus: \u0026accesscontextmanager.ServicePerimeterStatusArgs{\n\t\t\t\tRestrictedServices: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"storage.googleapis.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewAccessLevel(ctx, \"access-level\", \u0026accesscontextmanager.AccessLevelArgs{\n\t\t\tParent: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tName: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v/accessLevels/chromeos_no_lock\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tTitle: pulumi.String(\"chromeos_no_lock\"),\n\t\t\tBasic: \u0026accesscontextmanager.AccessLevelBasicArgs{\n\t\t\t\tConditions: accesscontextmanager.AccessLevelBasicConditionArray{\n\t\t\t\t\t\u0026accesscontextmanager.AccessLevelBasicConditionArgs{\n\t\t\t\t\t\tDevicePolicy: \u0026accesscontextmanager.AccessLevelBasicConditionDevicePolicyArgs{\n\t\t\t\t\t\t\tRequireScreenLock: pulumi.Bool(false),\n\t\t\t\t\t\t\tOsConstraints: accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArray{\n\t\t\t\t\t\t\t\t\u0026accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArgs{\n\t\t\t\t\t\t\t\t\tOsType: pulumi.String(\"DESKTOP_CHROME_OS\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tRegions: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"CH\"),\n\t\t\t\t\t\t\tpulumi.String(\"IT\"),\n\t\t\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicy;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyArgs;\nimport com.pulumi.gcp.accesscontextmanager.ServicePerimeter;\nimport com.pulumi.gcp.accesscontextmanager.ServicePerimeterArgs;\nimport com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimeterStatusArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessLevel;\nimport com.pulumi.gcp.accesscontextmanager.AccessLevelArgs;\nimport com.pulumi.gcp.accesscontextmanager.inputs.AccessLevelBasicArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var access_policy = new AccessPolicy(\"access-policy\", AccessPolicyArgs.builder()\n .parent(\"organizations/123456789\")\n .title(\"my policy\")\n .build());\n\n var service_perimeter = new ServicePerimeter(\"service-perimeter\", ServicePerimeterArgs.builder()\n .parent(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s\", name)))\n .name(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s/servicePerimeters/restrict_storage\", name)))\n .title(\"restrict_storage\")\n .status(ServicePerimeterStatusArgs.builder()\n .restrictedServices(\"storage.googleapis.com\")\n .build())\n .build());\n\n var access_level = new AccessLevel(\"access-level\", AccessLevelArgs.builder()\n .parent(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s\", name)))\n .name(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s/accessLevels/chromeos_no_lock\", name)))\n .title(\"chromeos_no_lock\")\n .basic(AccessLevelBasicArgs.builder()\n .conditions(AccessLevelBasicConditionArgs.builder()\n .devicePolicy(AccessLevelBasicConditionDevicePolicyArgs.builder()\n .requireScreenLock(false)\n .osConstraints(AccessLevelBasicConditionDevicePolicyOsConstraintArgs.builder()\n .osType(\"DESKTOP_CHROME_OS\")\n .build())\n .build())\n .regions( \n \"CH\",\n \"IT\",\n \"US\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n service-perimeter:\n type: gcp:accesscontextmanager:ServicePerimeter\n properties:\n parent: accessPolicies/${[\"access-policy\"].name}\n name: accessPolicies/${[\"access-policy\"].name}/servicePerimeters/restrict_storage\n title: restrict_storage\n status:\n restrictedServices:\n - storage.googleapis.com\n access-level:\n type: gcp:accesscontextmanager:AccessLevel\n properties:\n parent: accessPolicies/${[\"access-policy\"].name}\n name: accessPolicies/${[\"access-policy\"].name}/accessLevels/chromeos_no_lock\n title: chromeos_no_lock\n basic:\n conditions:\n - devicePolicy:\n requireScreenLock: false\n osConstraints:\n - osType: DESKTOP_CHROME_OS\n regions:\n - CH\n - IT\n - US\n access-policy:\n type: gcp:accesscontextmanager:AccessPolicy\n properties:\n parent: organizations/123456789\n title: my policy\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Access Context Manager Service Perimeter Secure Data Exchange\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst access_policy = new gcp.accesscontextmanager.AccessPolicy(\"access-policy\", {\n parent: \"organizations/123456789\",\n title: \"my policy\",\n});\nconst secure_data_exchange = new gcp.accesscontextmanager.ServicePerimeters(\"secure-data-exchange\", {\n parent: pulumi.interpolate`accessPolicies/${access_policy.name}`,\n servicePerimeters: [\n {\n name: pulumi.interpolate`accessPolicies/${access_policy.name}/servicePerimeters/`,\n title: \"\",\n status: {\n restrictedServices: [\"storage.googleapis.com\"],\n },\n },\n {\n name: pulumi.interpolate`accessPolicies/${access_policy.name}/servicePerimeters/`,\n title: \"\",\n status: {\n restrictedServices: [\"bigtable.googleapis.com\"],\n vpcAccessibleServices: {\n enableRestriction: true,\n allowedServices: [\"bigquery.googleapis.com\"],\n },\n },\n },\n ],\n});\nconst access_level = new gcp.accesscontextmanager.AccessLevel(\"access-level\", {\n parent: pulumi.interpolate`accessPolicies/${access_policy.name}`,\n name: pulumi.interpolate`accessPolicies/${access_policy.name}/accessLevels/secure_data_exchange`,\n title: \"secure_data_exchange\",\n basic: {\n conditions: [{\n devicePolicy: {\n requireScreenLock: false,\n osConstraints: [{\n osType: \"DESKTOP_CHROME_OS\",\n }],\n },\n regions: [\n \"CH\",\n \"IT\",\n \"US\",\n ],\n }],\n },\n});\nconst test_access = new gcp.accesscontextmanager.ServicePerimeter(\"test-access\", {\n parent: `accessPolicies/${test_accessGoogleAccessContextManagerAccessPolicy.name}`,\n name: `accessPolicies/${test_accessGoogleAccessContextManagerAccessPolicy.name}/servicePerimeters/%s`,\n title: \"%s\",\n perimeterType: \"PERIMETER_TYPE_REGULAR\",\n status: {\n restrictedServices: [\n \"bigquery.googleapis.com\",\n \"storage.googleapis.com\",\n ],\n accessLevels: [access_level.name],\n vpcAccessibleServices: {\n enableRestriction: true,\n allowedServices: [\n \"bigquery.googleapis.com\",\n \"storage.googleapis.com\",\n ],\n },\n ingressPolicies: [{\n ingressFrom: {\n sources: [{\n accessLevel: test_accessGoogleAccessContextManagerAccessLevel.name,\n }],\n identityType: \"ANY_IDENTITY\",\n },\n ingressTo: {\n resources: [\"*\"],\n operations: [\n {\n serviceName: \"bigquery.googleapis.com\",\n methodSelectors: [\n {\n method: \"BigQueryStorage.ReadRows\",\n },\n {\n method: \"TableService.ListTables\",\n },\n {\n permission: \"bigquery.jobs.get\",\n },\n ],\n },\n {\n serviceName: \"storage.googleapis.com\",\n methodSelectors: [{\n method: \"google.storage.objects.create\",\n }],\n },\n ],\n },\n }],\n egressPolicies: [{\n egressFrom: {\n identityType: \"ANY_USER_ACCOUNT\",\n },\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\naccess_policy = gcp.accesscontextmanager.AccessPolicy(\"access-policy\",\n parent=\"organizations/123456789\",\n title=\"my policy\")\nsecure_data_exchange = gcp.accesscontextmanager.ServicePerimeters(\"secure-data-exchange\",\n parent=access_policy.name.apply(lambda name: f\"accessPolicies/{name}\"),\n service_perimeters=[\n {\n \"name\": access_policy.name.apply(lambda name: f\"accessPolicies/{name}/servicePerimeters/\"),\n \"title\": \"\",\n \"status\": {\n \"restricted_services\": [\"storage.googleapis.com\"],\n },\n },\n {\n \"name\": access_policy.name.apply(lambda name: f\"accessPolicies/{name}/servicePerimeters/\"),\n \"title\": \"\",\n \"status\": {\n \"restricted_services\": [\"bigtable.googleapis.com\"],\n \"vpc_accessible_services\": {\n \"enable_restriction\": True,\n \"allowed_services\": [\"bigquery.googleapis.com\"],\n },\n },\n },\n ])\naccess_level = gcp.accesscontextmanager.AccessLevel(\"access-level\",\n parent=access_policy.name.apply(lambda name: f\"accessPolicies/{name}\"),\n name=access_policy.name.apply(lambda name: f\"accessPolicies/{name}/accessLevels/secure_data_exchange\"),\n title=\"secure_data_exchange\",\n basic={\n \"conditions\": [{\n \"device_policy\": {\n \"require_screen_lock\": False,\n \"os_constraints\": [{\n \"os_type\": \"DESKTOP_CHROME_OS\",\n }],\n },\n \"regions\": [\n \"CH\",\n \"IT\",\n \"US\",\n ],\n }],\n })\ntest_access = gcp.accesscontextmanager.ServicePerimeter(\"test-access\",\n parent=f\"accessPolicies/{test_access_google_access_context_manager_access_policy['name']}\",\n name=f\"accessPolicies/{test_access_google_access_context_manager_access_policy['name']}/servicePerimeters/%s\",\n title=\"%s\",\n perimeter_type=\"PERIMETER_TYPE_REGULAR\",\n status={\n \"restricted_services\": [\n \"bigquery.googleapis.com\",\n \"storage.googleapis.com\",\n ],\n \"access_levels\": [access_level.name],\n \"vpc_accessible_services\": {\n \"enable_restriction\": True,\n \"allowed_services\": [\n \"bigquery.googleapis.com\",\n \"storage.googleapis.com\",\n ],\n },\n \"ingress_policies\": [{\n \"ingress_from\": {\n \"sources\": [{\n \"access_level\": test_access_google_access_context_manager_access_level[\"name\"],\n }],\n \"identity_type\": \"ANY_IDENTITY\",\n },\n \"ingress_to\": {\n \"resources\": [\"*\"],\n \"operations\": [\n {\n \"service_name\": \"bigquery.googleapis.com\",\n \"method_selectors\": [\n {\n \"method\": \"BigQueryStorage.ReadRows\",\n },\n {\n \"method\": \"TableService.ListTables\",\n },\n {\n \"permission\": \"bigquery.jobs.get\",\n },\n ],\n },\n {\n \"service_name\": \"storage.googleapis.com\",\n \"method_selectors\": [{\n \"method\": \"google.storage.objects.create\",\n }],\n },\n ],\n },\n }],\n \"egress_policies\": [{\n \"egress_from\": {\n \"identity_type\": \"ANY_USER_ACCOUNT\",\n },\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var access_policy = new Gcp.AccessContextManager.AccessPolicy(\"access-policy\", new()\n {\n Parent = \"organizations/123456789\",\n Title = \"my policy\",\n });\n\n var secure_data_exchange = new Gcp.AccessContextManager.ServicePerimeters(\"secure-data-exchange\", new()\n {\n Parent = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}\"),\n ServicePerimeterDetails = new[]\n {\n new Gcp.AccessContextManager.Inputs.ServicePerimetersServicePerimeterArgs\n {\n Name = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}/servicePerimeters/\"),\n Title = \"\",\n Status = new Gcp.AccessContextManager.Inputs.ServicePerimetersServicePerimeterStatusArgs\n {\n RestrictedServices = new[]\n {\n \"storage.googleapis.com\",\n },\n },\n },\n new Gcp.AccessContextManager.Inputs.ServicePerimetersServicePerimeterArgs\n {\n Name = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}/servicePerimeters/\"),\n Title = \"\",\n Status = new Gcp.AccessContextManager.Inputs.ServicePerimetersServicePerimeterStatusArgs\n {\n RestrictedServices = new[]\n {\n \"bigtable.googleapis.com\",\n },\n VpcAccessibleServices = new Gcp.AccessContextManager.Inputs.ServicePerimetersServicePerimeterStatusVpcAccessibleServicesArgs\n {\n EnableRestriction = true,\n AllowedServices = new[]\n {\n \"bigquery.googleapis.com\",\n },\n },\n },\n },\n },\n });\n\n var access_level = new Gcp.AccessContextManager.AccessLevel(\"access-level\", new()\n {\n Parent = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}\"),\n Name = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}/accessLevels/secure_data_exchange\"),\n Title = \"secure_data_exchange\",\n Basic = new Gcp.AccessContextManager.Inputs.AccessLevelBasicArgs\n {\n Conditions = new[]\n {\n new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionArgs\n {\n DevicePolicy = new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionDevicePolicyArgs\n {\n RequireScreenLock = false,\n OsConstraints = new[]\n {\n new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionDevicePolicyOsConstraintArgs\n {\n OsType = \"DESKTOP_CHROME_OS\",\n },\n },\n },\n Regions = new[]\n {\n \"CH\",\n \"IT\",\n \"US\",\n },\n },\n },\n },\n });\n\n var test_access = new Gcp.AccessContextManager.ServicePerimeter(\"test-access\", new()\n {\n Parent = $\"accessPolicies/{test_accessGoogleAccessContextManagerAccessPolicy.Name}\",\n Name = $\"accessPolicies/{test_accessGoogleAccessContextManagerAccessPolicy.Name}/servicePerimeters/%s\",\n Title = \"%s\",\n PerimeterType = \"PERIMETER_TYPE_REGULAR\",\n Status = new Gcp.AccessContextManager.Inputs.ServicePerimeterStatusArgs\n {\n RestrictedServices = new[]\n {\n \"bigquery.googleapis.com\",\n \"storage.googleapis.com\",\n },\n AccessLevels = new[]\n {\n access_level.Name,\n },\n VpcAccessibleServices = new Gcp.AccessContextManager.Inputs.ServicePerimeterStatusVpcAccessibleServicesArgs\n {\n EnableRestriction = true,\n AllowedServices = new[]\n {\n \"bigquery.googleapis.com\",\n \"storage.googleapis.com\",\n },\n },\n IngressPolicies = new[]\n {\n new Gcp.AccessContextManager.Inputs.ServicePerimeterStatusIngressPolicyArgs\n {\n IngressFrom = new Gcp.AccessContextManager.Inputs.ServicePerimeterStatusIngressPolicyIngressFromArgs\n {\n Sources = new[]\n {\n new Gcp.AccessContextManager.Inputs.ServicePerimeterStatusIngressPolicyIngressFromSourceArgs\n {\n AccessLevel = test_accessGoogleAccessContextManagerAccessLevel.Name,\n },\n },\n IdentityType = \"ANY_IDENTITY\",\n },\n IngressTo = new Gcp.AccessContextManager.Inputs.ServicePerimeterStatusIngressPolicyIngressToArgs\n {\n Resources = new[]\n {\n \"*\",\n },\n Operations = new[]\n {\n new Gcp.AccessContextManager.Inputs.ServicePerimeterStatusIngressPolicyIngressToOperationArgs\n {\n ServiceName = \"bigquery.googleapis.com\",\n MethodSelectors = new[]\n {\n new Gcp.AccessContextManager.Inputs.ServicePerimeterStatusIngressPolicyIngressToOperationMethodSelectorArgs\n {\n Method = \"BigQueryStorage.ReadRows\",\n },\n new Gcp.AccessContextManager.Inputs.ServicePerimeterStatusIngressPolicyIngressToOperationMethodSelectorArgs\n {\n Method = \"TableService.ListTables\",\n },\n new Gcp.AccessContextManager.Inputs.ServicePerimeterStatusIngressPolicyIngressToOperationMethodSelectorArgs\n {\n Permission = \"bigquery.jobs.get\",\n },\n },\n },\n new Gcp.AccessContextManager.Inputs.ServicePerimeterStatusIngressPolicyIngressToOperationArgs\n {\n ServiceName = \"storage.googleapis.com\",\n MethodSelectors = new[]\n {\n new Gcp.AccessContextManager.Inputs.ServicePerimeterStatusIngressPolicyIngressToOperationMethodSelectorArgs\n {\n Method = \"google.storage.objects.create\",\n },\n },\n },\n },\n },\n },\n },\n EgressPolicies = new[]\n {\n new Gcp.AccessContextManager.Inputs.ServicePerimeterStatusEgressPolicyArgs\n {\n EgressFrom = new Gcp.AccessContextManager.Inputs.ServicePerimeterStatusEgressPolicyEgressFromArgs\n {\n IdentityType = \"ANY_USER_ACCOUNT\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicy(ctx, \"access-policy\", \u0026accesscontextmanager.AccessPolicyArgs{\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tTitle: pulumi.String(\"my policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewServicePerimeters(ctx, \"secure-data-exchange\", \u0026accesscontextmanager.ServicePerimetersArgs{\n\t\t\tParent: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tServicePerimeters: accesscontextmanager.ServicePerimetersServicePerimeterArray{\n\t\t\t\t\u0026accesscontextmanager.ServicePerimetersServicePerimeterArgs{\n\t\t\t\t\tName: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v/servicePerimeters/\", name), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\tTitle: pulumi.String(\"\"),\n\t\t\t\t\tStatus: \u0026accesscontextmanager.ServicePerimetersServicePerimeterStatusArgs{\n\t\t\t\t\t\tRestrictedServices: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"storage.googleapis.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026accesscontextmanager.ServicePerimetersServicePerimeterArgs{\n\t\t\t\t\tName: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v/servicePerimeters/\", name), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\tTitle: pulumi.String(\"\"),\n\t\t\t\t\tStatus: \u0026accesscontextmanager.ServicePerimetersServicePerimeterStatusArgs{\n\t\t\t\t\t\tRestrictedServices: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"bigtable.googleapis.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tVpcAccessibleServices: \u0026accesscontextmanager.ServicePerimetersServicePerimeterStatusVpcAccessibleServicesArgs{\n\t\t\t\t\t\t\tEnableRestriction: pulumi.Bool(true),\n\t\t\t\t\t\t\tAllowedServices: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"bigquery.googleapis.com\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewAccessLevel(ctx, \"access-level\", \u0026accesscontextmanager.AccessLevelArgs{\n\t\t\tParent: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tName: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v/accessLevels/secure_data_exchange\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tTitle: pulumi.String(\"secure_data_exchange\"),\n\t\t\tBasic: \u0026accesscontextmanager.AccessLevelBasicArgs{\n\t\t\t\tConditions: accesscontextmanager.AccessLevelBasicConditionArray{\n\t\t\t\t\t\u0026accesscontextmanager.AccessLevelBasicConditionArgs{\n\t\t\t\t\t\tDevicePolicy: \u0026accesscontextmanager.AccessLevelBasicConditionDevicePolicyArgs{\n\t\t\t\t\t\t\tRequireScreenLock: pulumi.Bool(false),\n\t\t\t\t\t\t\tOsConstraints: accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArray{\n\t\t\t\t\t\t\t\t\u0026accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArgs{\n\t\t\t\t\t\t\t\t\tOsType: pulumi.String(\"DESKTOP_CHROME_OS\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tRegions: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"CH\"),\n\t\t\t\t\t\t\tpulumi.String(\"IT\"),\n\t\t\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewServicePerimeter(ctx, \"test-access\", \u0026accesscontextmanager.ServicePerimeterArgs{\n\t\t\tParent: pulumi.Sprintf(\"accessPolicies/%v\", test_accessGoogleAccessContextManagerAccessPolicy.Name),\n\t\t\tName: pulumi.Sprintf(\"accessPolicies/%v%v\", test_accessGoogleAccessContextManagerAccessPolicy.Name, \"/servicePerimeters/%s\"),\n\t\t\tTitle: pulumi.String(\"%s\"),\n\t\t\tPerimeterType: pulumi.String(\"PERIMETER_TYPE_REGULAR\"),\n\t\t\tStatus: \u0026accesscontextmanager.ServicePerimeterStatusArgs{\n\t\t\t\tRestrictedServices: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"bigquery.googleapis.com\"),\n\t\t\t\t\tpulumi.String(\"storage.googleapis.com\"),\n\t\t\t\t},\n\t\t\t\tAccessLevels: pulumi.StringArray{\n\t\t\t\t\taccess_level.Name,\n\t\t\t\t},\n\t\t\t\tVpcAccessibleServices: \u0026accesscontextmanager.ServicePerimeterStatusVpcAccessibleServicesArgs{\n\t\t\t\t\tEnableRestriction: pulumi.Bool(true),\n\t\t\t\t\tAllowedServices: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"bigquery.googleapis.com\"),\n\t\t\t\t\t\tpulumi.String(\"storage.googleapis.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tIngressPolicies: accesscontextmanager.ServicePerimeterStatusIngressPolicyArray{\n\t\t\t\t\t\u0026accesscontextmanager.ServicePerimeterStatusIngressPolicyArgs{\n\t\t\t\t\t\tIngressFrom: \u0026accesscontextmanager.ServicePerimeterStatusIngressPolicyIngressFromArgs{\n\t\t\t\t\t\t\tSources: accesscontextmanager.ServicePerimeterStatusIngressPolicyIngressFromSourceArray{\n\t\t\t\t\t\t\t\t\u0026accesscontextmanager.ServicePerimeterStatusIngressPolicyIngressFromSourceArgs{\n\t\t\t\t\t\t\t\t\tAccessLevel: pulumi.Any(test_accessGoogleAccessContextManagerAccessLevel.Name),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tIdentityType: pulumi.String(\"ANY_IDENTITY\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tIngressTo: \u0026accesscontextmanager.ServicePerimeterStatusIngressPolicyIngressToArgs{\n\t\t\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tOperations: accesscontextmanager.ServicePerimeterStatusIngressPolicyIngressToOperationArray{\n\t\t\t\t\t\t\t\t\u0026accesscontextmanager.ServicePerimeterStatusIngressPolicyIngressToOperationArgs{\n\t\t\t\t\t\t\t\t\tServiceName: pulumi.String(\"bigquery.googleapis.com\"),\n\t\t\t\t\t\t\t\t\tMethodSelectors: accesscontextmanager.ServicePerimeterStatusIngressPolicyIngressToOperationMethodSelectorArray{\n\t\t\t\t\t\t\t\t\t\t\u0026accesscontextmanager.ServicePerimeterStatusIngressPolicyIngressToOperationMethodSelectorArgs{\n\t\t\t\t\t\t\t\t\t\t\tMethod: pulumi.String(\"BigQueryStorage.ReadRows\"),\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\u0026accesscontextmanager.ServicePerimeterStatusIngressPolicyIngressToOperationMethodSelectorArgs{\n\t\t\t\t\t\t\t\t\t\t\tMethod: pulumi.String(\"TableService.ListTables\"),\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\u0026accesscontextmanager.ServicePerimeterStatusIngressPolicyIngressToOperationMethodSelectorArgs{\n\t\t\t\t\t\t\t\t\t\t\tPermission: pulumi.String(\"bigquery.jobs.get\"),\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\u0026accesscontextmanager.ServicePerimeterStatusIngressPolicyIngressToOperationArgs{\n\t\t\t\t\t\t\t\t\tServiceName: pulumi.String(\"storage.googleapis.com\"),\n\t\t\t\t\t\t\t\t\tMethodSelectors: accesscontextmanager.ServicePerimeterStatusIngressPolicyIngressToOperationMethodSelectorArray{\n\t\t\t\t\t\t\t\t\t\t\u0026accesscontextmanager.ServicePerimeterStatusIngressPolicyIngressToOperationMethodSelectorArgs{\n\t\t\t\t\t\t\t\t\t\t\tMethod: pulumi.String(\"google.storage.objects.create\"),\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tEgressPolicies: accesscontextmanager.ServicePerimeterStatusEgressPolicyArray{\n\t\t\t\t\t\u0026accesscontextmanager.ServicePerimeterStatusEgressPolicyArgs{\n\t\t\t\t\t\tEgressFrom: \u0026accesscontextmanager.ServicePerimeterStatusEgressPolicyEgressFromArgs{\n\t\t\t\t\t\t\tIdentityType: pulumi.String(\"ANY_USER_ACCOUNT\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicy;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyArgs;\nimport com.pulumi.gcp.accesscontextmanager.ServicePerimeters;\nimport com.pulumi.gcp.accesscontextmanager.ServicePerimetersArgs;\nimport com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimetersServicePerimeterArgs;\nimport com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimetersServicePerimeterStatusArgs;\nimport com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimetersServicePerimeterStatusVpcAccessibleServicesArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessLevel;\nimport com.pulumi.gcp.accesscontextmanager.AccessLevelArgs;\nimport com.pulumi.gcp.accesscontextmanager.inputs.AccessLevelBasicArgs;\nimport com.pulumi.gcp.accesscontextmanager.ServicePerimeter;\nimport com.pulumi.gcp.accesscontextmanager.ServicePerimeterArgs;\nimport com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimeterStatusArgs;\nimport com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimeterStatusVpcAccessibleServicesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var access_policy = new AccessPolicy(\"access-policy\", AccessPolicyArgs.builder()\n .parent(\"organizations/123456789\")\n .title(\"my policy\")\n .build());\n\n var secure_data_exchange = new ServicePerimeters(\"secure-data-exchange\", ServicePerimetersArgs.builder()\n .parent(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s\", name)))\n .servicePerimeters( \n ServicePerimetersServicePerimeterArgs.builder()\n .name(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s/servicePerimeters/\", name)))\n .title(\"\")\n .status(ServicePerimetersServicePerimeterStatusArgs.builder()\n .restrictedServices(\"storage.googleapis.com\")\n .build())\n .build(),\n ServicePerimetersServicePerimeterArgs.builder()\n .name(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s/servicePerimeters/\", name)))\n .title(\"\")\n .status(ServicePerimetersServicePerimeterStatusArgs.builder()\n .restrictedServices(\"bigtable.googleapis.com\")\n .vpcAccessibleServices(ServicePerimetersServicePerimeterStatusVpcAccessibleServicesArgs.builder()\n .enableRestriction(true)\n .allowedServices(\"bigquery.googleapis.com\")\n .build())\n .build())\n .build())\n .build());\n\n var access_level = new AccessLevel(\"access-level\", AccessLevelArgs.builder()\n .parent(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s\", name)))\n .name(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s/accessLevels/secure_data_exchange\", name)))\n .title(\"secure_data_exchange\")\n .basic(AccessLevelBasicArgs.builder()\n .conditions(AccessLevelBasicConditionArgs.builder()\n .devicePolicy(AccessLevelBasicConditionDevicePolicyArgs.builder()\n .requireScreenLock(false)\n .osConstraints(AccessLevelBasicConditionDevicePolicyOsConstraintArgs.builder()\n .osType(\"DESKTOP_CHROME_OS\")\n .build())\n .build())\n .regions( \n \"CH\",\n \"IT\",\n \"US\")\n .build())\n .build())\n .build());\n\n var test_access = new ServicePerimeter(\"test-access\", ServicePerimeterArgs.builder()\n .parent(String.format(\"accessPolicies/%s\", test_accessGoogleAccessContextManagerAccessPolicy.name()))\n .name(String.format(\"accessPolicies/%s/servicePerimeters/%s\", test_accessGoogleAccessContextManagerAccessPolicy.name()))\n .title(\"%s\")\n .perimeterType(\"PERIMETER_TYPE_REGULAR\")\n .status(ServicePerimeterStatusArgs.builder()\n .restrictedServices( \n \"bigquery.googleapis.com\",\n \"storage.googleapis.com\")\n .accessLevels(access_level.name())\n .vpcAccessibleServices(ServicePerimeterStatusVpcAccessibleServicesArgs.builder()\n .enableRestriction(true)\n .allowedServices( \n \"bigquery.googleapis.com\",\n \"storage.googleapis.com\")\n .build())\n .ingressPolicies(ServicePerimeterStatusIngressPolicyArgs.builder()\n .ingressFrom(ServicePerimeterStatusIngressPolicyIngressFromArgs.builder()\n .sources(ServicePerimeterStatusIngressPolicyIngressFromSourceArgs.builder()\n .accessLevel(test_accessGoogleAccessContextManagerAccessLevel.name())\n .build())\n .identityType(\"ANY_IDENTITY\")\n .build())\n .ingressTo(ServicePerimeterStatusIngressPolicyIngressToArgs.builder()\n .resources(\"*\")\n .operations( \n ServicePerimeterStatusIngressPolicyIngressToOperationArgs.builder()\n .serviceName(\"bigquery.googleapis.com\")\n .methodSelectors( \n ServicePerimeterStatusIngressPolicyIngressToOperationMethodSelectorArgs.builder()\n .method(\"BigQueryStorage.ReadRows\")\n .build(),\n ServicePerimeterStatusIngressPolicyIngressToOperationMethodSelectorArgs.builder()\n .method(\"TableService.ListTables\")\n .build(),\n ServicePerimeterStatusIngressPolicyIngressToOperationMethodSelectorArgs.builder()\n .permission(\"bigquery.jobs.get\")\n .build())\n .build(),\n ServicePerimeterStatusIngressPolicyIngressToOperationArgs.builder()\n .serviceName(\"storage.googleapis.com\")\n .methodSelectors(ServicePerimeterStatusIngressPolicyIngressToOperationMethodSelectorArgs.builder()\n .method(\"google.storage.objects.create\")\n .build())\n .build())\n .build())\n .build())\n .egressPolicies(ServicePerimeterStatusEgressPolicyArgs.builder()\n .egressFrom(ServicePerimeterStatusEgressPolicyEgressFromArgs.builder()\n .identityType(\"ANY_USER_ACCOUNT\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n secure-data-exchange:\n type: gcp:accesscontextmanager:ServicePerimeters\n properties:\n parent: accessPolicies/${[\"access-policy\"].name}\n servicePerimeters:\n - name: accessPolicies/${[\"access-policy\"].name}/servicePerimeters/\n title:\n status:\n restrictedServices:\n - storage.googleapis.com\n - name: accessPolicies/${[\"access-policy\"].name}/servicePerimeters/\n title:\n status:\n restrictedServices:\n - bigtable.googleapis.com\n vpcAccessibleServices:\n enableRestriction: true\n allowedServices:\n - bigquery.googleapis.com\n access-level:\n type: gcp:accesscontextmanager:AccessLevel\n properties:\n parent: accessPolicies/${[\"access-policy\"].name}\n name: accessPolicies/${[\"access-policy\"].name}/accessLevels/secure_data_exchange\n title: secure_data_exchange\n basic:\n conditions:\n - devicePolicy:\n requireScreenLock: false\n osConstraints:\n - osType: DESKTOP_CHROME_OS\n regions:\n - CH\n - IT\n - US\n access-policy:\n type: gcp:accesscontextmanager:AccessPolicy\n properties:\n parent: organizations/123456789\n title: my policy\n test-access:\n type: gcp:accesscontextmanager:ServicePerimeter\n properties:\n parent: accessPolicies/${[\"test-accessGoogleAccessContextManagerAccessPolicy\"].name}\n name: accessPolicies/${[\"test-accessGoogleAccessContextManagerAccessPolicy\"].name}/servicePerimeters/%s\n title: '%s'\n perimeterType: PERIMETER_TYPE_REGULAR\n status:\n restrictedServices:\n - bigquery.googleapis.com\n - storage.googleapis.com\n accessLevels:\n - ${[\"access-level\"].name}\n vpcAccessibleServices:\n enableRestriction: true\n allowedServices:\n - bigquery.googleapis.com\n - storage.googleapis.com\n ingressPolicies:\n - ingressFrom:\n sources:\n - accessLevel: ${[\"test-accessGoogleAccessContextManagerAccessLevel\"].name}\n identityType: ANY_IDENTITY\n ingressTo:\n resources:\n - '*'\n operations:\n - serviceName: bigquery.googleapis.com\n methodSelectors:\n - method: BigQueryStorage.ReadRows\n - method: TableService.ListTables\n - permission: bigquery.jobs.get\n - serviceName: storage.googleapis.com\n methodSelectors:\n - method: google.storage.objects.create\n egressPolicies:\n - egressFrom:\n identityType: ANY_USER_ACCOUNT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Access Context Manager Service Perimeter Dry-Run\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst access_policy = new gcp.accesscontextmanager.AccessPolicy(\"access-policy\", {\n parent: \"organizations/123456789\",\n title: \"my policy\",\n});\nconst service_perimeter = new gcp.accesscontextmanager.ServicePerimeter(\"service-perimeter\", {\n parent: pulumi.interpolate`accessPolicies/${access_policy.name}`,\n name: pulumi.interpolate`accessPolicies/${access_policy.name}/servicePerimeters/restrict_bigquery_dryrun_storage`,\n title: \"restrict_bigquery_dryrun_storage\",\n status: {\n restrictedServices: [\"bigquery.googleapis.com\"],\n },\n spec: {\n restrictedServices: [\"storage.googleapis.com\"],\n },\n useExplicitDryRunSpec: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\naccess_policy = gcp.accesscontextmanager.AccessPolicy(\"access-policy\",\n parent=\"organizations/123456789\",\n title=\"my policy\")\nservice_perimeter = gcp.accesscontextmanager.ServicePerimeter(\"service-perimeter\",\n parent=access_policy.name.apply(lambda name: f\"accessPolicies/{name}\"),\n name=access_policy.name.apply(lambda name: f\"accessPolicies/{name}/servicePerimeters/restrict_bigquery_dryrun_storage\"),\n title=\"restrict_bigquery_dryrun_storage\",\n status={\n \"restricted_services\": [\"bigquery.googleapis.com\"],\n },\n spec={\n \"restricted_services\": [\"storage.googleapis.com\"],\n },\n use_explicit_dry_run_spec=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var access_policy = new Gcp.AccessContextManager.AccessPolicy(\"access-policy\", new()\n {\n Parent = \"organizations/123456789\",\n Title = \"my policy\",\n });\n\n var service_perimeter = new Gcp.AccessContextManager.ServicePerimeter(\"service-perimeter\", new()\n {\n Parent = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}\"),\n Name = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}/servicePerimeters/restrict_bigquery_dryrun_storage\"),\n Title = \"restrict_bigquery_dryrun_storage\",\n Status = new Gcp.AccessContextManager.Inputs.ServicePerimeterStatusArgs\n {\n RestrictedServices = new[]\n {\n \"bigquery.googleapis.com\",\n },\n },\n Spec = new Gcp.AccessContextManager.Inputs.ServicePerimeterSpecArgs\n {\n RestrictedServices = new[]\n {\n \"storage.googleapis.com\",\n },\n },\n UseExplicitDryRunSpec = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicy(ctx, \"access-policy\", \u0026accesscontextmanager.AccessPolicyArgs{\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tTitle: pulumi.String(\"my policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewServicePerimeter(ctx, \"service-perimeter\", \u0026accesscontextmanager.ServicePerimeterArgs{\n\t\t\tParent: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tName: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v/servicePerimeters/restrict_bigquery_dryrun_storage\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tTitle: pulumi.String(\"restrict_bigquery_dryrun_storage\"),\n\t\t\tStatus: \u0026accesscontextmanager.ServicePerimeterStatusArgs{\n\t\t\t\tRestrictedServices: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"bigquery.googleapis.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tSpec: \u0026accesscontextmanager.ServicePerimeterSpecArgs{\n\t\t\t\tRestrictedServices: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"storage.googleapis.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tUseExplicitDryRunSpec: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicy;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyArgs;\nimport com.pulumi.gcp.accesscontextmanager.ServicePerimeter;\nimport com.pulumi.gcp.accesscontextmanager.ServicePerimeterArgs;\nimport com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimeterStatusArgs;\nimport com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimeterSpecArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var access_policy = new AccessPolicy(\"access-policy\", AccessPolicyArgs.builder()\n .parent(\"organizations/123456789\")\n .title(\"my policy\")\n .build());\n\n var service_perimeter = new ServicePerimeter(\"service-perimeter\", ServicePerimeterArgs.builder()\n .parent(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s\", name)))\n .name(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s/servicePerimeters/restrict_bigquery_dryrun_storage\", name)))\n .title(\"restrict_bigquery_dryrun_storage\")\n .status(ServicePerimeterStatusArgs.builder()\n .restrictedServices(\"bigquery.googleapis.com\")\n .build())\n .spec(ServicePerimeterSpecArgs.builder()\n .restrictedServices(\"storage.googleapis.com\")\n .build())\n .useExplicitDryRunSpec(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n service-perimeter:\n type: gcp:accesscontextmanager:ServicePerimeter\n properties:\n parent: accessPolicies/${[\"access-policy\"].name}\n name: accessPolicies/${[\"access-policy\"].name}/servicePerimeters/restrict_bigquery_dryrun_storage\n title: restrict_bigquery_dryrun_storage\n status:\n restrictedServices:\n - bigquery.googleapis.com\n spec:\n restrictedServices:\n - storage.googleapis.com\n useExplicitDryRunSpec: true\n access-policy:\n type: gcp:accesscontextmanager:AccessPolicy\n properties:\n parent: organizations/123456789\n title: my policy\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nServicePerimeter can be imported using any of these accepted formats:\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, ServicePerimeter can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:accesscontextmanager/servicePerimeter:ServicePerimeter default {{name}}\n```\n\n", + "description": "ServicePerimeter describes a set of GCP resources which can freely import\nand export data amongst themselves, but not export outside of the\nServicePerimeter. If a request with a source within this ServicePerimeter\nhas a target outside of the ServicePerimeter, the request will be blocked.\nOtherwise the request is allowed. There are two types of Service Perimeter\n- Regular and Bridge. Regular Service Perimeters cannot overlap, a single\nGCP project can only belong to a single regular Service Perimeter. Service\nPerimeter Bridges can contain only GCP projects as members, a single GCP\nproject may belong to multiple Service Perimeter Bridges.\n\n\nTo get more information about ServicePerimeter, see:\n\n* [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters)\n* How-to Guides\n * [Guide to Ingress and Egress Rules](https://cloud.google.com/vpc-service-controls/docs/ingress-egress-rules)\n * [Service Perimeter Quickstart](https://cloud.google.com/vpc-service-controls/docs/quickstart)\n\n\u003e **Warning:** If you are using User ADCs (Application Default Credentials) with this resource,\nyou must specify a `billing_project` and set `user_project_override` to true\nin the provider configuration. Otherwise the ACM API will return a 403 error.\nYour account must have the `serviceusage.services.use` permission on the\n`billing_project` you defined.\n\n## Example Usage\n\n### Access Context Manager Service Perimeter Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst access_policy = new gcp.accesscontextmanager.AccessPolicy(\"access-policy\", {\n parent: \"organizations/123456789\",\n title: \"my policy\",\n});\nconst service_perimeter = new gcp.accesscontextmanager.ServicePerimeter(\"service-perimeter\", {\n parent: pulumi.interpolate`accessPolicies/${access_policy.name}`,\n name: pulumi.interpolate`accessPolicies/${access_policy.name}/servicePerimeters/restrict_storage`,\n title: \"restrict_storage\",\n status: {\n restrictedServices: [\"storage.googleapis.com\"],\n },\n});\nconst access_level = new gcp.accesscontextmanager.AccessLevel(\"access-level\", {\n parent: pulumi.interpolate`accessPolicies/${access_policy.name}`,\n name: pulumi.interpolate`accessPolicies/${access_policy.name}/accessLevels/chromeos_no_lock`,\n title: \"chromeos_no_lock\",\n basic: {\n conditions: [{\n devicePolicy: {\n requireScreenLock: false,\n osConstraints: [{\n osType: \"DESKTOP_CHROME_OS\",\n }],\n },\n regions: [\n \"CH\",\n \"IT\",\n \"US\",\n ],\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\naccess_policy = gcp.accesscontextmanager.AccessPolicy(\"access-policy\",\n parent=\"organizations/123456789\",\n title=\"my policy\")\nservice_perimeter = gcp.accesscontextmanager.ServicePerimeter(\"service-perimeter\",\n parent=access_policy.name.apply(lambda name: f\"accessPolicies/{name}\"),\n name=access_policy.name.apply(lambda name: f\"accessPolicies/{name}/servicePerimeters/restrict_storage\"),\n title=\"restrict_storage\",\n status={\n \"restricted_services\": [\"storage.googleapis.com\"],\n })\naccess_level = gcp.accesscontextmanager.AccessLevel(\"access-level\",\n parent=access_policy.name.apply(lambda name: f\"accessPolicies/{name}\"),\n name=access_policy.name.apply(lambda name: f\"accessPolicies/{name}/accessLevels/chromeos_no_lock\"),\n title=\"chromeos_no_lock\",\n basic={\n \"conditions\": [{\n \"device_policy\": {\n \"require_screen_lock\": False,\n \"os_constraints\": [{\n \"os_type\": \"DESKTOP_CHROME_OS\",\n }],\n },\n \"regions\": [\n \"CH\",\n \"IT\",\n \"US\",\n ],\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var access_policy = new Gcp.AccessContextManager.AccessPolicy(\"access-policy\", new()\n {\n Parent = \"organizations/123456789\",\n Title = \"my policy\",\n });\n\n var service_perimeter = new Gcp.AccessContextManager.ServicePerimeter(\"service-perimeter\", new()\n {\n Parent = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}\"),\n Name = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}/servicePerimeters/restrict_storage\"),\n Title = \"restrict_storage\",\n Status = new Gcp.AccessContextManager.Inputs.ServicePerimeterStatusArgs\n {\n RestrictedServices = new[]\n {\n \"storage.googleapis.com\",\n },\n },\n });\n\n var access_level = new Gcp.AccessContextManager.AccessLevel(\"access-level\", new()\n {\n Parent = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}\"),\n Name = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}/accessLevels/chromeos_no_lock\"),\n Title = \"chromeos_no_lock\",\n Basic = new Gcp.AccessContextManager.Inputs.AccessLevelBasicArgs\n {\n Conditions = new[]\n {\n new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionArgs\n {\n DevicePolicy = new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionDevicePolicyArgs\n {\n RequireScreenLock = false,\n OsConstraints = new[]\n {\n new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionDevicePolicyOsConstraintArgs\n {\n OsType = \"DESKTOP_CHROME_OS\",\n },\n },\n },\n Regions = new[]\n {\n \"CH\",\n \"IT\",\n \"US\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicy(ctx, \"access-policy\", \u0026accesscontextmanager.AccessPolicyArgs{\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tTitle: pulumi.String(\"my policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewServicePerimeter(ctx, \"service-perimeter\", \u0026accesscontextmanager.ServicePerimeterArgs{\n\t\t\tParent: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tName: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v/servicePerimeters/restrict_storage\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tTitle: pulumi.String(\"restrict_storage\"),\n\t\t\tStatus: \u0026accesscontextmanager.ServicePerimeterStatusArgs{\n\t\t\t\tRestrictedServices: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"storage.googleapis.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewAccessLevel(ctx, \"access-level\", \u0026accesscontextmanager.AccessLevelArgs{\n\t\t\tParent: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tName: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v/accessLevels/chromeos_no_lock\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tTitle: pulumi.String(\"chromeos_no_lock\"),\n\t\t\tBasic: \u0026accesscontextmanager.AccessLevelBasicArgs{\n\t\t\t\tConditions: accesscontextmanager.AccessLevelBasicConditionArray{\n\t\t\t\t\t\u0026accesscontextmanager.AccessLevelBasicConditionArgs{\n\t\t\t\t\t\tDevicePolicy: \u0026accesscontextmanager.AccessLevelBasicConditionDevicePolicyArgs{\n\t\t\t\t\t\t\tRequireScreenLock: pulumi.Bool(false),\n\t\t\t\t\t\t\tOsConstraints: accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArray{\n\t\t\t\t\t\t\t\t\u0026accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArgs{\n\t\t\t\t\t\t\t\t\tOsType: pulumi.String(\"DESKTOP_CHROME_OS\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tRegions: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"CH\"),\n\t\t\t\t\t\t\tpulumi.String(\"IT\"),\n\t\t\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicy;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyArgs;\nimport com.pulumi.gcp.accesscontextmanager.ServicePerimeter;\nimport com.pulumi.gcp.accesscontextmanager.ServicePerimeterArgs;\nimport com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimeterStatusArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessLevel;\nimport com.pulumi.gcp.accesscontextmanager.AccessLevelArgs;\nimport com.pulumi.gcp.accesscontextmanager.inputs.AccessLevelBasicArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var access_policy = new AccessPolicy(\"access-policy\", AccessPolicyArgs.builder()\n .parent(\"organizations/123456789\")\n .title(\"my policy\")\n .build());\n\n var service_perimeter = new ServicePerimeter(\"service-perimeter\", ServicePerimeterArgs.builder()\n .parent(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s\", name)))\n .name(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s/servicePerimeters/restrict_storage\", name)))\n .title(\"restrict_storage\")\n .status(ServicePerimeterStatusArgs.builder()\n .restrictedServices(\"storage.googleapis.com\")\n .build())\n .build());\n\n var access_level = new AccessLevel(\"access-level\", AccessLevelArgs.builder()\n .parent(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s\", name)))\n .name(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s/accessLevels/chromeos_no_lock\", name)))\n .title(\"chromeos_no_lock\")\n .basic(AccessLevelBasicArgs.builder()\n .conditions(AccessLevelBasicConditionArgs.builder()\n .devicePolicy(AccessLevelBasicConditionDevicePolicyArgs.builder()\n .requireScreenLock(false)\n .osConstraints(AccessLevelBasicConditionDevicePolicyOsConstraintArgs.builder()\n .osType(\"DESKTOP_CHROME_OS\")\n .build())\n .build())\n .regions( \n \"CH\",\n \"IT\",\n \"US\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n service-perimeter:\n type: gcp:accesscontextmanager:ServicePerimeter\n properties:\n parent: accessPolicies/${[\"access-policy\"].name}\n name: accessPolicies/${[\"access-policy\"].name}/servicePerimeters/restrict_storage\n title: restrict_storage\n status:\n restrictedServices:\n - storage.googleapis.com\n access-level:\n type: gcp:accesscontextmanager:AccessLevel\n properties:\n parent: accessPolicies/${[\"access-policy\"].name}\n name: accessPolicies/${[\"access-policy\"].name}/accessLevels/chromeos_no_lock\n title: chromeos_no_lock\n basic:\n conditions:\n - devicePolicy:\n requireScreenLock: false\n osConstraints:\n - osType: DESKTOP_CHROME_OS\n regions:\n - CH\n - IT\n - US\n access-policy:\n type: gcp:accesscontextmanager:AccessPolicy\n properties:\n parent: organizations/123456789\n title: my policy\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Access Context Manager Service Perimeter Secure Data Exchange\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst access_policy = new gcp.accesscontextmanager.AccessPolicy(\"access-policy\", {\n parent: \"organizations/123456789\",\n title: \"my policy\",\n});\nconst secure_data_exchange = new gcp.accesscontextmanager.ServicePerimeters(\"secure-data-exchange\", {\n parent: pulumi.interpolate`accessPolicies/${access_policy.name}`,\n servicePerimeters: [\n {\n name: pulumi.interpolate`accessPolicies/${access_policy.name}/servicePerimeters/`,\n title: \"\",\n status: {\n restrictedServices: [\"storage.googleapis.com\"],\n },\n },\n {\n name: pulumi.interpolate`accessPolicies/${access_policy.name}/servicePerimeters/`,\n title: \"\",\n status: {\n restrictedServices: [\"bigtable.googleapis.com\"],\n vpcAccessibleServices: {\n enableRestriction: true,\n allowedServices: [\"bigquery.googleapis.com\"],\n },\n },\n },\n ],\n});\nconst access_level = new gcp.accesscontextmanager.AccessLevel(\"access-level\", {\n parent: pulumi.interpolate`accessPolicies/${access_policy.name}`,\n name: pulumi.interpolate`accessPolicies/${access_policy.name}/accessLevels/secure_data_exchange`,\n title: \"secure_data_exchange\",\n basic: {\n conditions: [{\n devicePolicy: {\n requireScreenLock: false,\n osConstraints: [{\n osType: \"DESKTOP_CHROME_OS\",\n }],\n },\n regions: [\n \"CH\",\n \"IT\",\n \"US\",\n ],\n }],\n },\n});\nconst test_access = new gcp.accesscontextmanager.ServicePerimeter(\"test-access\", {\n parent: `accessPolicies/${test_accessGoogleAccessContextManagerAccessPolicy.name}`,\n name: `accessPolicies/${test_accessGoogleAccessContextManagerAccessPolicy.name}/servicePerimeters/%s`,\n title: \"%s\",\n perimeterType: \"PERIMETER_TYPE_REGULAR\",\n status: {\n restrictedServices: [\n \"bigquery.googleapis.com\",\n \"storage.googleapis.com\",\n ],\n accessLevels: [access_level.name],\n vpcAccessibleServices: {\n enableRestriction: true,\n allowedServices: [\n \"bigquery.googleapis.com\",\n \"storage.googleapis.com\",\n ],\n },\n ingressPolicies: [{\n ingressFrom: {\n sources: [{\n accessLevel: test_accessGoogleAccessContextManagerAccessLevel.name,\n }],\n identityType: \"ANY_IDENTITY\",\n },\n ingressTo: {\n resources: [\"*\"],\n operations: [\n {\n serviceName: \"bigquery.googleapis.com\",\n methodSelectors: [\n {\n method: \"BigQueryStorage.ReadRows\",\n },\n {\n method: \"TableService.ListTables\",\n },\n {\n permission: \"bigquery.jobs.get\",\n },\n ],\n },\n {\n serviceName: \"storage.googleapis.com\",\n methodSelectors: [{\n method: \"google.storage.objects.create\",\n }],\n },\n ],\n },\n }],\n egressPolicies: [{\n egressFrom: {\n identityType: \"ANY_USER_ACCOUNT\",\n },\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\naccess_policy = gcp.accesscontextmanager.AccessPolicy(\"access-policy\",\n parent=\"organizations/123456789\",\n title=\"my policy\")\nsecure_data_exchange = gcp.accesscontextmanager.ServicePerimeters(\"secure-data-exchange\",\n parent=access_policy.name.apply(lambda name: f\"accessPolicies/{name}\"),\n service_perimeters=[\n {\n \"name\": access_policy.name.apply(lambda name: f\"accessPolicies/{name}/servicePerimeters/\"),\n \"title\": \"\",\n \"status\": {\n \"restricted_services\": [\"storage.googleapis.com\"],\n },\n },\n {\n \"name\": access_policy.name.apply(lambda name: f\"accessPolicies/{name}/servicePerimeters/\"),\n \"title\": \"\",\n \"status\": {\n \"restricted_services\": [\"bigtable.googleapis.com\"],\n \"vpc_accessible_services\": {\n \"enable_restriction\": True,\n \"allowed_services\": [\"bigquery.googleapis.com\"],\n },\n },\n },\n ])\naccess_level = gcp.accesscontextmanager.AccessLevel(\"access-level\",\n parent=access_policy.name.apply(lambda name: f\"accessPolicies/{name}\"),\n name=access_policy.name.apply(lambda name: f\"accessPolicies/{name}/accessLevels/secure_data_exchange\"),\n title=\"secure_data_exchange\",\n basic={\n \"conditions\": [{\n \"device_policy\": {\n \"require_screen_lock\": False,\n \"os_constraints\": [{\n \"os_type\": \"DESKTOP_CHROME_OS\",\n }],\n },\n \"regions\": [\n \"CH\",\n \"IT\",\n \"US\",\n ],\n }],\n })\ntest_access = gcp.accesscontextmanager.ServicePerimeter(\"test-access\",\n parent=f\"accessPolicies/{test_access_google_access_context_manager_access_policy['name']}\",\n name=f\"accessPolicies/{test_access_google_access_context_manager_access_policy['name']}/servicePerimeters/%s\",\n title=\"%s\",\n perimeter_type=\"PERIMETER_TYPE_REGULAR\",\n status={\n \"restricted_services\": [\n \"bigquery.googleapis.com\",\n \"storage.googleapis.com\",\n ],\n \"access_levels\": [access_level.name],\n \"vpc_accessible_services\": {\n \"enable_restriction\": True,\n \"allowed_services\": [\n \"bigquery.googleapis.com\",\n \"storage.googleapis.com\",\n ],\n },\n \"ingress_policies\": [{\n \"ingress_from\": {\n \"sources\": [{\n \"access_level\": test_access_google_access_context_manager_access_level[\"name\"],\n }],\n \"identity_type\": \"ANY_IDENTITY\",\n },\n \"ingress_to\": {\n \"resources\": [\"*\"],\n \"operations\": [\n {\n \"service_name\": \"bigquery.googleapis.com\",\n \"method_selectors\": [\n {\n \"method\": \"BigQueryStorage.ReadRows\",\n },\n {\n \"method\": \"TableService.ListTables\",\n },\n {\n \"permission\": \"bigquery.jobs.get\",\n },\n ],\n },\n {\n \"service_name\": \"storage.googleapis.com\",\n \"method_selectors\": [{\n \"method\": \"google.storage.objects.create\",\n }],\n },\n ],\n },\n }],\n \"egress_policies\": [{\n \"egress_from\": {\n \"identity_type\": \"ANY_USER_ACCOUNT\",\n },\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var access_policy = new Gcp.AccessContextManager.AccessPolicy(\"access-policy\", new()\n {\n Parent = \"organizations/123456789\",\n Title = \"my policy\",\n });\n\n var secure_data_exchange = new Gcp.AccessContextManager.ServicePerimeters(\"secure-data-exchange\", new()\n {\n Parent = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}\"),\n ServicePerimeterDetails = new[]\n {\n new Gcp.AccessContextManager.Inputs.ServicePerimetersServicePerimeterArgs\n {\n Name = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}/servicePerimeters/\"),\n Title = \"\",\n Status = new Gcp.AccessContextManager.Inputs.ServicePerimetersServicePerimeterStatusArgs\n {\n RestrictedServices = new[]\n {\n \"storage.googleapis.com\",\n },\n },\n },\n new Gcp.AccessContextManager.Inputs.ServicePerimetersServicePerimeterArgs\n {\n Name = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}/servicePerimeters/\"),\n Title = \"\",\n Status = new Gcp.AccessContextManager.Inputs.ServicePerimetersServicePerimeterStatusArgs\n {\n RestrictedServices = new[]\n {\n \"bigtable.googleapis.com\",\n },\n VpcAccessibleServices = new Gcp.AccessContextManager.Inputs.ServicePerimetersServicePerimeterStatusVpcAccessibleServicesArgs\n {\n EnableRestriction = true,\n AllowedServices = new[]\n {\n \"bigquery.googleapis.com\",\n },\n },\n },\n },\n },\n });\n\n var access_level = new Gcp.AccessContextManager.AccessLevel(\"access-level\", new()\n {\n Parent = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}\"),\n Name = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}/accessLevels/secure_data_exchange\"),\n Title = \"secure_data_exchange\",\n Basic = new Gcp.AccessContextManager.Inputs.AccessLevelBasicArgs\n {\n Conditions = new[]\n {\n new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionArgs\n {\n DevicePolicy = new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionDevicePolicyArgs\n {\n RequireScreenLock = false,\n OsConstraints = new[]\n {\n new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionDevicePolicyOsConstraintArgs\n {\n OsType = \"DESKTOP_CHROME_OS\",\n },\n },\n },\n Regions = new[]\n {\n \"CH\",\n \"IT\",\n \"US\",\n },\n },\n },\n },\n });\n\n var test_access = new Gcp.AccessContextManager.ServicePerimeter(\"test-access\", new()\n {\n Parent = $\"accessPolicies/{test_accessGoogleAccessContextManagerAccessPolicy.Name}\",\n Name = $\"accessPolicies/{test_accessGoogleAccessContextManagerAccessPolicy.Name}/servicePerimeters/%s\",\n Title = \"%s\",\n PerimeterType = \"PERIMETER_TYPE_REGULAR\",\n Status = new Gcp.AccessContextManager.Inputs.ServicePerimeterStatusArgs\n {\n RestrictedServices = new[]\n {\n \"bigquery.googleapis.com\",\n \"storage.googleapis.com\",\n },\n AccessLevels = new[]\n {\n access_level.Name,\n },\n VpcAccessibleServices = new Gcp.AccessContextManager.Inputs.ServicePerimeterStatusVpcAccessibleServicesArgs\n {\n EnableRestriction = true,\n AllowedServices = new[]\n {\n \"bigquery.googleapis.com\",\n \"storage.googleapis.com\",\n },\n },\n IngressPolicies = new[]\n {\n new Gcp.AccessContextManager.Inputs.ServicePerimeterStatusIngressPolicyArgs\n {\n IngressFrom = new Gcp.AccessContextManager.Inputs.ServicePerimeterStatusIngressPolicyIngressFromArgs\n {\n Sources = new[]\n {\n new Gcp.AccessContextManager.Inputs.ServicePerimeterStatusIngressPolicyIngressFromSourceArgs\n {\n AccessLevel = test_accessGoogleAccessContextManagerAccessLevel.Name,\n },\n },\n IdentityType = \"ANY_IDENTITY\",\n },\n IngressTo = new Gcp.AccessContextManager.Inputs.ServicePerimeterStatusIngressPolicyIngressToArgs\n {\n Resources = new[]\n {\n \"*\",\n },\n Operations = new[]\n {\n new Gcp.AccessContextManager.Inputs.ServicePerimeterStatusIngressPolicyIngressToOperationArgs\n {\n ServiceName = \"bigquery.googleapis.com\",\n MethodSelectors = new[]\n {\n new Gcp.AccessContextManager.Inputs.ServicePerimeterStatusIngressPolicyIngressToOperationMethodSelectorArgs\n {\n Method = \"BigQueryStorage.ReadRows\",\n },\n new Gcp.AccessContextManager.Inputs.ServicePerimeterStatusIngressPolicyIngressToOperationMethodSelectorArgs\n {\n Method = \"TableService.ListTables\",\n },\n new Gcp.AccessContextManager.Inputs.ServicePerimeterStatusIngressPolicyIngressToOperationMethodSelectorArgs\n {\n Permission = \"bigquery.jobs.get\",\n },\n },\n },\n new Gcp.AccessContextManager.Inputs.ServicePerimeterStatusIngressPolicyIngressToOperationArgs\n {\n ServiceName = \"storage.googleapis.com\",\n MethodSelectors = new[]\n {\n new Gcp.AccessContextManager.Inputs.ServicePerimeterStatusIngressPolicyIngressToOperationMethodSelectorArgs\n {\n Method = \"google.storage.objects.create\",\n },\n },\n },\n },\n },\n },\n },\n EgressPolicies = new[]\n {\n new Gcp.AccessContextManager.Inputs.ServicePerimeterStatusEgressPolicyArgs\n {\n EgressFrom = new Gcp.AccessContextManager.Inputs.ServicePerimeterStatusEgressPolicyEgressFromArgs\n {\n IdentityType = \"ANY_USER_ACCOUNT\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicy(ctx, \"access-policy\", \u0026accesscontextmanager.AccessPolicyArgs{\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tTitle: pulumi.String(\"my policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewServicePerimeters(ctx, \"secure-data-exchange\", \u0026accesscontextmanager.ServicePerimetersArgs{\n\t\t\tParent: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tServicePerimeters: accesscontextmanager.ServicePerimetersServicePerimeterArray{\n\t\t\t\t\u0026accesscontextmanager.ServicePerimetersServicePerimeterArgs{\n\t\t\t\t\tName: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v/servicePerimeters/\", name), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\tTitle: pulumi.String(\"\"),\n\t\t\t\t\tStatus: \u0026accesscontextmanager.ServicePerimetersServicePerimeterStatusArgs{\n\t\t\t\t\t\tRestrictedServices: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"storage.googleapis.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026accesscontextmanager.ServicePerimetersServicePerimeterArgs{\n\t\t\t\t\tName: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v/servicePerimeters/\", name), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\tTitle: pulumi.String(\"\"),\n\t\t\t\t\tStatus: \u0026accesscontextmanager.ServicePerimetersServicePerimeterStatusArgs{\n\t\t\t\t\t\tRestrictedServices: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"bigtable.googleapis.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tVpcAccessibleServices: \u0026accesscontextmanager.ServicePerimetersServicePerimeterStatusVpcAccessibleServicesArgs{\n\t\t\t\t\t\t\tEnableRestriction: pulumi.Bool(true),\n\t\t\t\t\t\t\tAllowedServices: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"bigquery.googleapis.com\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewAccessLevel(ctx, \"access-level\", \u0026accesscontextmanager.AccessLevelArgs{\n\t\t\tParent: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tName: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v/accessLevels/secure_data_exchange\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tTitle: pulumi.String(\"secure_data_exchange\"),\n\t\t\tBasic: \u0026accesscontextmanager.AccessLevelBasicArgs{\n\t\t\t\tConditions: accesscontextmanager.AccessLevelBasicConditionArray{\n\t\t\t\t\t\u0026accesscontextmanager.AccessLevelBasicConditionArgs{\n\t\t\t\t\t\tDevicePolicy: \u0026accesscontextmanager.AccessLevelBasicConditionDevicePolicyArgs{\n\t\t\t\t\t\t\tRequireScreenLock: pulumi.Bool(false),\n\t\t\t\t\t\t\tOsConstraints: accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArray{\n\t\t\t\t\t\t\t\t\u0026accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArgs{\n\t\t\t\t\t\t\t\t\tOsType: pulumi.String(\"DESKTOP_CHROME_OS\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tRegions: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"CH\"),\n\t\t\t\t\t\t\tpulumi.String(\"IT\"),\n\t\t\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewServicePerimeter(ctx, \"test-access\", \u0026accesscontextmanager.ServicePerimeterArgs{\n\t\t\tParent: pulumi.Sprintf(\"accessPolicies/%v\", test_accessGoogleAccessContextManagerAccessPolicy.Name),\n\t\t\tName: pulumi.Sprintf(\"accessPolicies/%v%v\", test_accessGoogleAccessContextManagerAccessPolicy.Name, \"/servicePerimeters/%s\"),\n\t\t\tTitle: pulumi.String(\"%s\"),\n\t\t\tPerimeterType: pulumi.String(\"PERIMETER_TYPE_REGULAR\"),\n\t\t\tStatus: \u0026accesscontextmanager.ServicePerimeterStatusArgs{\n\t\t\t\tRestrictedServices: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"bigquery.googleapis.com\"),\n\t\t\t\t\tpulumi.String(\"storage.googleapis.com\"),\n\t\t\t\t},\n\t\t\t\tAccessLevels: pulumi.StringArray{\n\t\t\t\t\taccess_level.Name,\n\t\t\t\t},\n\t\t\t\tVpcAccessibleServices: \u0026accesscontextmanager.ServicePerimeterStatusVpcAccessibleServicesArgs{\n\t\t\t\t\tEnableRestriction: pulumi.Bool(true),\n\t\t\t\t\tAllowedServices: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"bigquery.googleapis.com\"),\n\t\t\t\t\t\tpulumi.String(\"storage.googleapis.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tIngressPolicies: accesscontextmanager.ServicePerimeterStatusIngressPolicyArray{\n\t\t\t\t\t\u0026accesscontextmanager.ServicePerimeterStatusIngressPolicyArgs{\n\t\t\t\t\t\tIngressFrom: \u0026accesscontextmanager.ServicePerimeterStatusIngressPolicyIngressFromArgs{\n\t\t\t\t\t\t\tSources: accesscontextmanager.ServicePerimeterStatusIngressPolicyIngressFromSourceArray{\n\t\t\t\t\t\t\t\t\u0026accesscontextmanager.ServicePerimeterStatusIngressPolicyIngressFromSourceArgs{\n\t\t\t\t\t\t\t\t\tAccessLevel: pulumi.Any(test_accessGoogleAccessContextManagerAccessLevel.Name),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tIdentityType: pulumi.String(\"ANY_IDENTITY\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tIngressTo: \u0026accesscontextmanager.ServicePerimeterStatusIngressPolicyIngressToArgs{\n\t\t\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tOperations: accesscontextmanager.ServicePerimeterStatusIngressPolicyIngressToOperationArray{\n\t\t\t\t\t\t\t\t\u0026accesscontextmanager.ServicePerimeterStatusIngressPolicyIngressToOperationArgs{\n\t\t\t\t\t\t\t\t\tServiceName: pulumi.String(\"bigquery.googleapis.com\"),\n\t\t\t\t\t\t\t\t\tMethodSelectors: accesscontextmanager.ServicePerimeterStatusIngressPolicyIngressToOperationMethodSelectorArray{\n\t\t\t\t\t\t\t\t\t\t\u0026accesscontextmanager.ServicePerimeterStatusIngressPolicyIngressToOperationMethodSelectorArgs{\n\t\t\t\t\t\t\t\t\t\t\tMethod: pulumi.String(\"BigQueryStorage.ReadRows\"),\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\u0026accesscontextmanager.ServicePerimeterStatusIngressPolicyIngressToOperationMethodSelectorArgs{\n\t\t\t\t\t\t\t\t\t\t\tMethod: pulumi.String(\"TableService.ListTables\"),\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\u0026accesscontextmanager.ServicePerimeterStatusIngressPolicyIngressToOperationMethodSelectorArgs{\n\t\t\t\t\t\t\t\t\t\t\tPermission: pulumi.String(\"bigquery.jobs.get\"),\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\u0026accesscontextmanager.ServicePerimeterStatusIngressPolicyIngressToOperationArgs{\n\t\t\t\t\t\t\t\t\tServiceName: pulumi.String(\"storage.googleapis.com\"),\n\t\t\t\t\t\t\t\t\tMethodSelectors: accesscontextmanager.ServicePerimeterStatusIngressPolicyIngressToOperationMethodSelectorArray{\n\t\t\t\t\t\t\t\t\t\t\u0026accesscontextmanager.ServicePerimeterStatusIngressPolicyIngressToOperationMethodSelectorArgs{\n\t\t\t\t\t\t\t\t\t\t\tMethod: pulumi.String(\"google.storage.objects.create\"),\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tEgressPolicies: accesscontextmanager.ServicePerimeterStatusEgressPolicyArray{\n\t\t\t\t\t\u0026accesscontextmanager.ServicePerimeterStatusEgressPolicyArgs{\n\t\t\t\t\t\tEgressFrom: \u0026accesscontextmanager.ServicePerimeterStatusEgressPolicyEgressFromArgs{\n\t\t\t\t\t\t\tIdentityType: pulumi.String(\"ANY_USER_ACCOUNT\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicy;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyArgs;\nimport com.pulumi.gcp.accesscontextmanager.ServicePerimeters;\nimport com.pulumi.gcp.accesscontextmanager.ServicePerimetersArgs;\nimport com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimetersServicePerimeterArgs;\nimport com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimetersServicePerimeterStatusArgs;\nimport com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimetersServicePerimeterStatusVpcAccessibleServicesArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessLevel;\nimport com.pulumi.gcp.accesscontextmanager.AccessLevelArgs;\nimport com.pulumi.gcp.accesscontextmanager.inputs.AccessLevelBasicArgs;\nimport com.pulumi.gcp.accesscontextmanager.ServicePerimeter;\nimport com.pulumi.gcp.accesscontextmanager.ServicePerimeterArgs;\nimport com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimeterStatusArgs;\nimport com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimeterStatusVpcAccessibleServicesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var access_policy = new AccessPolicy(\"access-policy\", AccessPolicyArgs.builder()\n .parent(\"organizations/123456789\")\n .title(\"my policy\")\n .build());\n\n var secure_data_exchange = new ServicePerimeters(\"secure-data-exchange\", ServicePerimetersArgs.builder()\n .parent(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s\", name)))\n .servicePerimeters( \n ServicePerimetersServicePerimeterArgs.builder()\n .name(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s/servicePerimeters/\", name)))\n .title(\"\")\n .status(ServicePerimetersServicePerimeterStatusArgs.builder()\n .restrictedServices(\"storage.googleapis.com\")\n .build())\n .build(),\n ServicePerimetersServicePerimeterArgs.builder()\n .name(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s/servicePerimeters/\", name)))\n .title(\"\")\n .status(ServicePerimetersServicePerimeterStatusArgs.builder()\n .restrictedServices(\"bigtable.googleapis.com\")\n .vpcAccessibleServices(ServicePerimetersServicePerimeterStatusVpcAccessibleServicesArgs.builder()\n .enableRestriction(true)\n .allowedServices(\"bigquery.googleapis.com\")\n .build())\n .build())\n .build())\n .build());\n\n var access_level = new AccessLevel(\"access-level\", AccessLevelArgs.builder()\n .parent(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s\", name)))\n .name(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s/accessLevels/secure_data_exchange\", name)))\n .title(\"secure_data_exchange\")\n .basic(AccessLevelBasicArgs.builder()\n .conditions(AccessLevelBasicConditionArgs.builder()\n .devicePolicy(AccessLevelBasicConditionDevicePolicyArgs.builder()\n .requireScreenLock(false)\n .osConstraints(AccessLevelBasicConditionDevicePolicyOsConstraintArgs.builder()\n .osType(\"DESKTOP_CHROME_OS\")\n .build())\n .build())\n .regions( \n \"CH\",\n \"IT\",\n \"US\")\n .build())\n .build())\n .build());\n\n var test_access = new ServicePerimeter(\"test-access\", ServicePerimeterArgs.builder()\n .parent(String.format(\"accessPolicies/%s\", test_accessGoogleAccessContextManagerAccessPolicy.name()))\n .name(String.format(\"accessPolicies/%s/servicePerimeters/%s\", test_accessGoogleAccessContextManagerAccessPolicy.name()))\n .title(\"%s\")\n .perimeterType(\"PERIMETER_TYPE_REGULAR\")\n .status(ServicePerimeterStatusArgs.builder()\n .restrictedServices( \n \"bigquery.googleapis.com\",\n \"storage.googleapis.com\")\n .accessLevels(access_level.name())\n .vpcAccessibleServices(ServicePerimeterStatusVpcAccessibleServicesArgs.builder()\n .enableRestriction(true)\n .allowedServices( \n \"bigquery.googleapis.com\",\n \"storage.googleapis.com\")\n .build())\n .ingressPolicies(ServicePerimeterStatusIngressPolicyArgs.builder()\n .ingressFrom(ServicePerimeterStatusIngressPolicyIngressFromArgs.builder()\n .sources(ServicePerimeterStatusIngressPolicyIngressFromSourceArgs.builder()\n .accessLevel(test_accessGoogleAccessContextManagerAccessLevel.name())\n .build())\n .identityType(\"ANY_IDENTITY\")\n .build())\n .ingressTo(ServicePerimeterStatusIngressPolicyIngressToArgs.builder()\n .resources(\"*\")\n .operations( \n ServicePerimeterStatusIngressPolicyIngressToOperationArgs.builder()\n .serviceName(\"bigquery.googleapis.com\")\n .methodSelectors( \n ServicePerimeterStatusIngressPolicyIngressToOperationMethodSelectorArgs.builder()\n .method(\"BigQueryStorage.ReadRows\")\n .build(),\n ServicePerimeterStatusIngressPolicyIngressToOperationMethodSelectorArgs.builder()\n .method(\"TableService.ListTables\")\n .build(),\n ServicePerimeterStatusIngressPolicyIngressToOperationMethodSelectorArgs.builder()\n .permission(\"bigquery.jobs.get\")\n .build())\n .build(),\n ServicePerimeterStatusIngressPolicyIngressToOperationArgs.builder()\n .serviceName(\"storage.googleapis.com\")\n .methodSelectors(ServicePerimeterStatusIngressPolicyIngressToOperationMethodSelectorArgs.builder()\n .method(\"google.storage.objects.create\")\n .build())\n .build())\n .build())\n .build())\n .egressPolicies(ServicePerimeterStatusEgressPolicyArgs.builder()\n .egressFrom(ServicePerimeterStatusEgressPolicyEgressFromArgs.builder()\n .identityType(\"ANY_USER_ACCOUNT\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n secure-data-exchange:\n type: gcp:accesscontextmanager:ServicePerimeters\n properties:\n parent: accessPolicies/${[\"access-policy\"].name}\n servicePerimeters:\n - name: accessPolicies/${[\"access-policy\"].name}/servicePerimeters/\n title: \"\"\n status:\n restrictedServices:\n - storage.googleapis.com\n - name: accessPolicies/${[\"access-policy\"].name}/servicePerimeters/\n title: \"\"\n status:\n restrictedServices:\n - bigtable.googleapis.com\n vpcAccessibleServices:\n enableRestriction: true\n allowedServices:\n - bigquery.googleapis.com\n access-level:\n type: gcp:accesscontextmanager:AccessLevel\n properties:\n parent: accessPolicies/${[\"access-policy\"].name}\n name: accessPolicies/${[\"access-policy\"].name}/accessLevels/secure_data_exchange\n title: secure_data_exchange\n basic:\n conditions:\n - devicePolicy:\n requireScreenLock: false\n osConstraints:\n - osType: DESKTOP_CHROME_OS\n regions:\n - CH\n - IT\n - US\n access-policy:\n type: gcp:accesscontextmanager:AccessPolicy\n properties:\n parent: organizations/123456789\n title: my policy\n test-access:\n type: gcp:accesscontextmanager:ServicePerimeter\n properties:\n parent: accessPolicies/${[\"test-accessGoogleAccessContextManagerAccessPolicy\"].name}\n name: accessPolicies/${[\"test-accessGoogleAccessContextManagerAccessPolicy\"].name}/servicePerimeters/%s\n title: '%s'\n perimeterType: PERIMETER_TYPE_REGULAR\n status:\n restrictedServices:\n - bigquery.googleapis.com\n - storage.googleapis.com\n accessLevels:\n - ${[\"access-level\"].name}\n vpcAccessibleServices:\n enableRestriction: true\n allowedServices:\n - bigquery.googleapis.com\n - storage.googleapis.com\n ingressPolicies:\n - ingressFrom:\n sources:\n - accessLevel: ${[\"test-accessGoogleAccessContextManagerAccessLevel\"].name}\n identityType: ANY_IDENTITY\n ingressTo:\n resources:\n - '*'\n operations:\n - serviceName: bigquery.googleapis.com\n methodSelectors:\n - method: BigQueryStorage.ReadRows\n - method: TableService.ListTables\n - permission: bigquery.jobs.get\n - serviceName: storage.googleapis.com\n methodSelectors:\n - method: google.storage.objects.create\n egressPolicies:\n - egressFrom:\n identityType: ANY_USER_ACCOUNT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Access Context Manager Service Perimeter Dry-Run\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst access_policy = new gcp.accesscontextmanager.AccessPolicy(\"access-policy\", {\n parent: \"organizations/123456789\",\n title: \"my policy\",\n});\nconst service_perimeter = new gcp.accesscontextmanager.ServicePerimeter(\"service-perimeter\", {\n parent: pulumi.interpolate`accessPolicies/${access_policy.name}`,\n name: pulumi.interpolate`accessPolicies/${access_policy.name}/servicePerimeters/restrict_bigquery_dryrun_storage`,\n title: \"restrict_bigquery_dryrun_storage\",\n status: {\n restrictedServices: [\"bigquery.googleapis.com\"],\n },\n spec: {\n restrictedServices: [\"storage.googleapis.com\"],\n },\n useExplicitDryRunSpec: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\naccess_policy = gcp.accesscontextmanager.AccessPolicy(\"access-policy\",\n parent=\"organizations/123456789\",\n title=\"my policy\")\nservice_perimeter = gcp.accesscontextmanager.ServicePerimeter(\"service-perimeter\",\n parent=access_policy.name.apply(lambda name: f\"accessPolicies/{name}\"),\n name=access_policy.name.apply(lambda name: f\"accessPolicies/{name}/servicePerimeters/restrict_bigquery_dryrun_storage\"),\n title=\"restrict_bigquery_dryrun_storage\",\n status={\n \"restricted_services\": [\"bigquery.googleapis.com\"],\n },\n spec={\n \"restricted_services\": [\"storage.googleapis.com\"],\n },\n use_explicit_dry_run_spec=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var access_policy = new Gcp.AccessContextManager.AccessPolicy(\"access-policy\", new()\n {\n Parent = \"organizations/123456789\",\n Title = \"my policy\",\n });\n\n var service_perimeter = new Gcp.AccessContextManager.ServicePerimeter(\"service-perimeter\", new()\n {\n Parent = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}\"),\n Name = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}/servicePerimeters/restrict_bigquery_dryrun_storage\"),\n Title = \"restrict_bigquery_dryrun_storage\",\n Status = new Gcp.AccessContextManager.Inputs.ServicePerimeterStatusArgs\n {\n RestrictedServices = new[]\n {\n \"bigquery.googleapis.com\",\n },\n },\n Spec = new Gcp.AccessContextManager.Inputs.ServicePerimeterSpecArgs\n {\n RestrictedServices = new[]\n {\n \"storage.googleapis.com\",\n },\n },\n UseExplicitDryRunSpec = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicy(ctx, \"access-policy\", \u0026accesscontextmanager.AccessPolicyArgs{\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tTitle: pulumi.String(\"my policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewServicePerimeter(ctx, \"service-perimeter\", \u0026accesscontextmanager.ServicePerimeterArgs{\n\t\t\tParent: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tName: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v/servicePerimeters/restrict_bigquery_dryrun_storage\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tTitle: pulumi.String(\"restrict_bigquery_dryrun_storage\"),\n\t\t\tStatus: \u0026accesscontextmanager.ServicePerimeterStatusArgs{\n\t\t\t\tRestrictedServices: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"bigquery.googleapis.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tSpec: \u0026accesscontextmanager.ServicePerimeterSpecArgs{\n\t\t\t\tRestrictedServices: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"storage.googleapis.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tUseExplicitDryRunSpec: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicy;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyArgs;\nimport com.pulumi.gcp.accesscontextmanager.ServicePerimeter;\nimport com.pulumi.gcp.accesscontextmanager.ServicePerimeterArgs;\nimport com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimeterStatusArgs;\nimport com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimeterSpecArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var access_policy = new AccessPolicy(\"access-policy\", AccessPolicyArgs.builder()\n .parent(\"organizations/123456789\")\n .title(\"my policy\")\n .build());\n\n var service_perimeter = new ServicePerimeter(\"service-perimeter\", ServicePerimeterArgs.builder()\n .parent(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s\", name)))\n .name(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s/servicePerimeters/restrict_bigquery_dryrun_storage\", name)))\n .title(\"restrict_bigquery_dryrun_storage\")\n .status(ServicePerimeterStatusArgs.builder()\n .restrictedServices(\"bigquery.googleapis.com\")\n .build())\n .spec(ServicePerimeterSpecArgs.builder()\n .restrictedServices(\"storage.googleapis.com\")\n .build())\n .useExplicitDryRunSpec(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n service-perimeter:\n type: gcp:accesscontextmanager:ServicePerimeter\n properties:\n parent: accessPolicies/${[\"access-policy\"].name}\n name: accessPolicies/${[\"access-policy\"].name}/servicePerimeters/restrict_bigquery_dryrun_storage\n title: restrict_bigquery_dryrun_storage\n status:\n restrictedServices:\n - bigquery.googleapis.com\n spec:\n restrictedServices:\n - storage.googleapis.com\n useExplicitDryRunSpec: true\n access-policy:\n type: gcp:accesscontextmanager:AccessPolicy\n properties:\n parent: organizations/123456789\n title: my policy\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nServicePerimeter can be imported using any of these accepted formats:\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, ServicePerimeter can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:accesscontextmanager/servicePerimeter:ServicePerimeter default {{name}}\n```\n\n", "properties": { "createTime": { "type": "string", @@ -128069,7 +128069,7 @@ } }, "gcp:accesscontextmanager/servicePerimeters:ServicePerimeters": { - "description": "Replace all existing Service Perimeters in an Access Policy with the Service Perimeters provided. This is done atomically.\nThis is a bulk edit of all Service Perimeters and may override existing Service Perimeters created by `gcp.accesscontextmanager.ServicePerimeter`,\nthus causing a permadiff if used alongside `gcp.accesscontextmanager.ServicePerimeter` on the same parent.\n\n\nTo get more information about ServicePerimeters, see:\n\n* [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters)\n* How-to Guides\n * [Guide to Ingress and Egress Rules](https://cloud.google.com/vpc-service-controls/docs/ingress-egress-rules)\n * [Service Perimeter Quickstart](https://cloud.google.com/vpc-service-controls/docs/quickstart)\n\n## Example Usage\n\n### Access Context Manager Service Perimeters Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst access_policy = new gcp.accesscontextmanager.AccessPolicy(\"access-policy\", {\n parent: \"organizations/123456789\",\n title: \"my policy\",\n});\nconst service_perimeter = new gcp.accesscontextmanager.ServicePerimeters(\"service-perimeter\", {\n parent: pulumi.interpolate`accessPolicies/${access_policy.name}`,\n servicePerimeters: [\n {\n name: pulumi.interpolate`accessPolicies/${access_policy.name}/servicePerimeters/`,\n title: \"\",\n status: {\n restrictedServices: [\"storage.googleapis.com\"],\n },\n },\n {\n name: pulumi.interpolate`accessPolicies/${access_policy.name}/servicePerimeters/`,\n title: \"\",\n status: {\n restrictedServices: [\"bigtable.googleapis.com\"],\n },\n },\n ],\n});\nconst access_level = new gcp.accesscontextmanager.AccessLevel(\"access-level\", {\n parent: pulumi.interpolate`accessPolicies/${access_policy.name}`,\n name: pulumi.interpolate`accessPolicies/${access_policy.name}/accessLevels/chromeos_no_lock`,\n title: \"chromeos_no_lock\",\n basic: {\n conditions: [{\n devicePolicy: {\n requireScreenLock: false,\n osConstraints: [{\n osType: \"DESKTOP_CHROME_OS\",\n }],\n },\n regions: [\n \"CH\",\n \"IT\",\n \"US\",\n ],\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\naccess_policy = gcp.accesscontextmanager.AccessPolicy(\"access-policy\",\n parent=\"organizations/123456789\",\n title=\"my policy\")\nservice_perimeter = gcp.accesscontextmanager.ServicePerimeters(\"service-perimeter\",\n parent=access_policy.name.apply(lambda name: f\"accessPolicies/{name}\"),\n service_perimeters=[\n {\n \"name\": access_policy.name.apply(lambda name: f\"accessPolicies/{name}/servicePerimeters/\"),\n \"title\": \"\",\n \"status\": {\n \"restricted_services\": [\"storage.googleapis.com\"],\n },\n },\n {\n \"name\": access_policy.name.apply(lambda name: f\"accessPolicies/{name}/servicePerimeters/\"),\n \"title\": \"\",\n \"status\": {\n \"restricted_services\": [\"bigtable.googleapis.com\"],\n },\n },\n ])\naccess_level = gcp.accesscontextmanager.AccessLevel(\"access-level\",\n parent=access_policy.name.apply(lambda name: f\"accessPolicies/{name}\"),\n name=access_policy.name.apply(lambda name: f\"accessPolicies/{name}/accessLevels/chromeos_no_lock\"),\n title=\"chromeos_no_lock\",\n basic={\n \"conditions\": [{\n \"device_policy\": {\n \"require_screen_lock\": False,\n \"os_constraints\": [{\n \"os_type\": \"DESKTOP_CHROME_OS\",\n }],\n },\n \"regions\": [\n \"CH\",\n \"IT\",\n \"US\",\n ],\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var access_policy = new Gcp.AccessContextManager.AccessPolicy(\"access-policy\", new()\n {\n Parent = \"organizations/123456789\",\n Title = \"my policy\",\n });\n\n var service_perimeter = new Gcp.AccessContextManager.ServicePerimeters(\"service-perimeter\", new()\n {\n Parent = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}\"),\n ServicePerimeterDetails = new[]\n {\n new Gcp.AccessContextManager.Inputs.ServicePerimetersServicePerimeterArgs\n {\n Name = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}/servicePerimeters/\"),\n Title = \"\",\n Status = new Gcp.AccessContextManager.Inputs.ServicePerimetersServicePerimeterStatusArgs\n {\n RestrictedServices = new[]\n {\n \"storage.googleapis.com\",\n },\n },\n },\n new Gcp.AccessContextManager.Inputs.ServicePerimetersServicePerimeterArgs\n {\n Name = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}/servicePerimeters/\"),\n Title = \"\",\n Status = new Gcp.AccessContextManager.Inputs.ServicePerimetersServicePerimeterStatusArgs\n {\n RestrictedServices = new[]\n {\n \"bigtable.googleapis.com\",\n },\n },\n },\n },\n });\n\n var access_level = new Gcp.AccessContextManager.AccessLevel(\"access-level\", new()\n {\n Parent = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}\"),\n Name = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}/accessLevels/chromeos_no_lock\"),\n Title = \"chromeos_no_lock\",\n Basic = new Gcp.AccessContextManager.Inputs.AccessLevelBasicArgs\n {\n Conditions = new[]\n {\n new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionArgs\n {\n DevicePolicy = new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionDevicePolicyArgs\n {\n RequireScreenLock = false,\n OsConstraints = new[]\n {\n new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionDevicePolicyOsConstraintArgs\n {\n OsType = \"DESKTOP_CHROME_OS\",\n },\n },\n },\n Regions = new[]\n {\n \"CH\",\n \"IT\",\n \"US\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicy(ctx, \"access-policy\", \u0026accesscontextmanager.AccessPolicyArgs{\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tTitle: pulumi.String(\"my policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewServicePerimeters(ctx, \"service-perimeter\", \u0026accesscontextmanager.ServicePerimetersArgs{\n\t\t\tParent: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tServicePerimeters: accesscontextmanager.ServicePerimetersServicePerimeterArray{\n\t\t\t\t\u0026accesscontextmanager.ServicePerimetersServicePerimeterArgs{\n\t\t\t\t\tName: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v/servicePerimeters/\", name), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\tTitle: pulumi.String(\"\"),\n\t\t\t\t\tStatus: \u0026accesscontextmanager.ServicePerimetersServicePerimeterStatusArgs{\n\t\t\t\t\t\tRestrictedServices: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"storage.googleapis.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026accesscontextmanager.ServicePerimetersServicePerimeterArgs{\n\t\t\t\t\tName: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v/servicePerimeters/\", name), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\tTitle: pulumi.String(\"\"),\n\t\t\t\t\tStatus: \u0026accesscontextmanager.ServicePerimetersServicePerimeterStatusArgs{\n\t\t\t\t\t\tRestrictedServices: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"bigtable.googleapis.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewAccessLevel(ctx, \"access-level\", \u0026accesscontextmanager.AccessLevelArgs{\n\t\t\tParent: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tName: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v/accessLevels/chromeos_no_lock\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tTitle: pulumi.String(\"chromeos_no_lock\"),\n\t\t\tBasic: \u0026accesscontextmanager.AccessLevelBasicArgs{\n\t\t\t\tConditions: accesscontextmanager.AccessLevelBasicConditionArray{\n\t\t\t\t\t\u0026accesscontextmanager.AccessLevelBasicConditionArgs{\n\t\t\t\t\t\tDevicePolicy: \u0026accesscontextmanager.AccessLevelBasicConditionDevicePolicyArgs{\n\t\t\t\t\t\t\tRequireScreenLock: pulumi.Bool(false),\n\t\t\t\t\t\t\tOsConstraints: accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArray{\n\t\t\t\t\t\t\t\t\u0026accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArgs{\n\t\t\t\t\t\t\t\t\tOsType: pulumi.String(\"DESKTOP_CHROME_OS\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tRegions: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"CH\"),\n\t\t\t\t\t\t\tpulumi.String(\"IT\"),\n\t\t\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicy;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyArgs;\nimport com.pulumi.gcp.accesscontextmanager.ServicePerimeters;\nimport com.pulumi.gcp.accesscontextmanager.ServicePerimetersArgs;\nimport com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimetersServicePerimeterArgs;\nimport com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimetersServicePerimeterStatusArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessLevel;\nimport com.pulumi.gcp.accesscontextmanager.AccessLevelArgs;\nimport com.pulumi.gcp.accesscontextmanager.inputs.AccessLevelBasicArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var access_policy = new AccessPolicy(\"access-policy\", AccessPolicyArgs.builder()\n .parent(\"organizations/123456789\")\n .title(\"my policy\")\n .build());\n\n var service_perimeter = new ServicePerimeters(\"service-perimeter\", ServicePerimetersArgs.builder()\n .parent(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s\", name)))\n .servicePerimeters( \n ServicePerimetersServicePerimeterArgs.builder()\n .name(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s/servicePerimeters/\", name)))\n .title(\"\")\n .status(ServicePerimetersServicePerimeterStatusArgs.builder()\n .restrictedServices(\"storage.googleapis.com\")\n .build())\n .build(),\n ServicePerimetersServicePerimeterArgs.builder()\n .name(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s/servicePerimeters/\", name)))\n .title(\"\")\n .status(ServicePerimetersServicePerimeterStatusArgs.builder()\n .restrictedServices(\"bigtable.googleapis.com\")\n .build())\n .build())\n .build());\n\n var access_level = new AccessLevel(\"access-level\", AccessLevelArgs.builder()\n .parent(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s\", name)))\n .name(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s/accessLevels/chromeos_no_lock\", name)))\n .title(\"chromeos_no_lock\")\n .basic(AccessLevelBasicArgs.builder()\n .conditions(AccessLevelBasicConditionArgs.builder()\n .devicePolicy(AccessLevelBasicConditionDevicePolicyArgs.builder()\n .requireScreenLock(false)\n .osConstraints(AccessLevelBasicConditionDevicePolicyOsConstraintArgs.builder()\n .osType(\"DESKTOP_CHROME_OS\")\n .build())\n .build())\n .regions( \n \"CH\",\n \"IT\",\n \"US\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n service-perimeter:\n type: gcp:accesscontextmanager:ServicePerimeters\n properties:\n parent: accessPolicies/${[\"access-policy\"].name}\n servicePerimeters:\n - name: accessPolicies/${[\"access-policy\"].name}/servicePerimeters/\n title:\n status:\n restrictedServices:\n - storage.googleapis.com\n - name: accessPolicies/${[\"access-policy\"].name}/servicePerimeters/\n title:\n status:\n restrictedServices:\n - bigtable.googleapis.com\n access-level:\n type: gcp:accesscontextmanager:AccessLevel\n properties:\n parent: accessPolicies/${[\"access-policy\"].name}\n name: accessPolicies/${[\"access-policy\"].name}/accessLevels/chromeos_no_lock\n title: chromeos_no_lock\n basic:\n conditions:\n - devicePolicy:\n requireScreenLock: false\n osConstraints:\n - osType: DESKTOP_CHROME_OS\n regions:\n - CH\n - IT\n - US\n access-policy:\n type: gcp:accesscontextmanager:AccessPolicy\n properties:\n parent: organizations/123456789\n title: my policy\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nServicePerimeters can be imported using any of these accepted formats:\n\n* `{{parent}}/servicePerimeters`\n\n* `{{parent}}`\n\nWhen using the `pulumi import` command, ServicePerimeters can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:accesscontextmanager/servicePerimeters:ServicePerimeters default {{parent}}/servicePerimeters\n```\n\n```sh\n$ pulumi import gcp:accesscontextmanager/servicePerimeters:ServicePerimeters default {{parent}}\n```\n\n", + "description": "Replace all existing Service Perimeters in an Access Policy with the Service Perimeters provided. This is done atomically.\nThis is a bulk edit of all Service Perimeters and may override existing Service Perimeters created by `gcp.accesscontextmanager.ServicePerimeter`,\nthus causing a permadiff if used alongside `gcp.accesscontextmanager.ServicePerimeter` on the same parent.\n\n\nTo get more information about ServicePerimeters, see:\n\n* [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters)\n* How-to Guides\n * [Guide to Ingress and Egress Rules](https://cloud.google.com/vpc-service-controls/docs/ingress-egress-rules)\n * [Service Perimeter Quickstart](https://cloud.google.com/vpc-service-controls/docs/quickstart)\n\n## Example Usage\n\n### Access Context Manager Service Perimeters Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst access_policy = new gcp.accesscontextmanager.AccessPolicy(\"access-policy\", {\n parent: \"organizations/123456789\",\n title: \"my policy\",\n});\nconst service_perimeter = new gcp.accesscontextmanager.ServicePerimeters(\"service-perimeter\", {\n parent: pulumi.interpolate`accessPolicies/${access_policy.name}`,\n servicePerimeters: [\n {\n name: pulumi.interpolate`accessPolicies/${access_policy.name}/servicePerimeters/`,\n title: \"\",\n status: {\n restrictedServices: [\"storage.googleapis.com\"],\n },\n },\n {\n name: pulumi.interpolate`accessPolicies/${access_policy.name}/servicePerimeters/`,\n title: \"\",\n status: {\n restrictedServices: [\"bigtable.googleapis.com\"],\n },\n },\n ],\n});\nconst access_level = new gcp.accesscontextmanager.AccessLevel(\"access-level\", {\n parent: pulumi.interpolate`accessPolicies/${access_policy.name}`,\n name: pulumi.interpolate`accessPolicies/${access_policy.name}/accessLevels/chromeos_no_lock`,\n title: \"chromeos_no_lock\",\n basic: {\n conditions: [{\n devicePolicy: {\n requireScreenLock: false,\n osConstraints: [{\n osType: \"DESKTOP_CHROME_OS\",\n }],\n },\n regions: [\n \"CH\",\n \"IT\",\n \"US\",\n ],\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\naccess_policy = gcp.accesscontextmanager.AccessPolicy(\"access-policy\",\n parent=\"organizations/123456789\",\n title=\"my policy\")\nservice_perimeter = gcp.accesscontextmanager.ServicePerimeters(\"service-perimeter\",\n parent=access_policy.name.apply(lambda name: f\"accessPolicies/{name}\"),\n service_perimeters=[\n {\n \"name\": access_policy.name.apply(lambda name: f\"accessPolicies/{name}/servicePerimeters/\"),\n \"title\": \"\",\n \"status\": {\n \"restricted_services\": [\"storage.googleapis.com\"],\n },\n },\n {\n \"name\": access_policy.name.apply(lambda name: f\"accessPolicies/{name}/servicePerimeters/\"),\n \"title\": \"\",\n \"status\": {\n \"restricted_services\": [\"bigtable.googleapis.com\"],\n },\n },\n ])\naccess_level = gcp.accesscontextmanager.AccessLevel(\"access-level\",\n parent=access_policy.name.apply(lambda name: f\"accessPolicies/{name}\"),\n name=access_policy.name.apply(lambda name: f\"accessPolicies/{name}/accessLevels/chromeos_no_lock\"),\n title=\"chromeos_no_lock\",\n basic={\n \"conditions\": [{\n \"device_policy\": {\n \"require_screen_lock\": False,\n \"os_constraints\": [{\n \"os_type\": \"DESKTOP_CHROME_OS\",\n }],\n },\n \"regions\": [\n \"CH\",\n \"IT\",\n \"US\",\n ],\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var access_policy = new Gcp.AccessContextManager.AccessPolicy(\"access-policy\", new()\n {\n Parent = \"organizations/123456789\",\n Title = \"my policy\",\n });\n\n var service_perimeter = new Gcp.AccessContextManager.ServicePerimeters(\"service-perimeter\", new()\n {\n Parent = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}\"),\n ServicePerimeterDetails = new[]\n {\n new Gcp.AccessContextManager.Inputs.ServicePerimetersServicePerimeterArgs\n {\n Name = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}/servicePerimeters/\"),\n Title = \"\",\n Status = new Gcp.AccessContextManager.Inputs.ServicePerimetersServicePerimeterStatusArgs\n {\n RestrictedServices = new[]\n {\n \"storage.googleapis.com\",\n },\n },\n },\n new Gcp.AccessContextManager.Inputs.ServicePerimetersServicePerimeterArgs\n {\n Name = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}/servicePerimeters/\"),\n Title = \"\",\n Status = new Gcp.AccessContextManager.Inputs.ServicePerimetersServicePerimeterStatusArgs\n {\n RestrictedServices = new[]\n {\n \"bigtable.googleapis.com\",\n },\n },\n },\n },\n });\n\n var access_level = new Gcp.AccessContextManager.AccessLevel(\"access-level\", new()\n {\n Parent = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}\"),\n Name = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}/accessLevels/chromeos_no_lock\"),\n Title = \"chromeos_no_lock\",\n Basic = new Gcp.AccessContextManager.Inputs.AccessLevelBasicArgs\n {\n Conditions = new[]\n {\n new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionArgs\n {\n DevicePolicy = new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionDevicePolicyArgs\n {\n RequireScreenLock = false,\n OsConstraints = new[]\n {\n new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionDevicePolicyOsConstraintArgs\n {\n OsType = \"DESKTOP_CHROME_OS\",\n },\n },\n },\n Regions = new[]\n {\n \"CH\",\n \"IT\",\n \"US\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicy(ctx, \"access-policy\", \u0026accesscontextmanager.AccessPolicyArgs{\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tTitle: pulumi.String(\"my policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewServicePerimeters(ctx, \"service-perimeter\", \u0026accesscontextmanager.ServicePerimetersArgs{\n\t\t\tParent: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tServicePerimeters: accesscontextmanager.ServicePerimetersServicePerimeterArray{\n\t\t\t\t\u0026accesscontextmanager.ServicePerimetersServicePerimeterArgs{\n\t\t\t\t\tName: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v/servicePerimeters/\", name), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\tTitle: pulumi.String(\"\"),\n\t\t\t\t\tStatus: \u0026accesscontextmanager.ServicePerimetersServicePerimeterStatusArgs{\n\t\t\t\t\t\tRestrictedServices: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"storage.googleapis.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026accesscontextmanager.ServicePerimetersServicePerimeterArgs{\n\t\t\t\t\tName: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v/servicePerimeters/\", name), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\tTitle: pulumi.String(\"\"),\n\t\t\t\t\tStatus: \u0026accesscontextmanager.ServicePerimetersServicePerimeterStatusArgs{\n\t\t\t\t\t\tRestrictedServices: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"bigtable.googleapis.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewAccessLevel(ctx, \"access-level\", \u0026accesscontextmanager.AccessLevelArgs{\n\t\t\tParent: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tName: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v/accessLevels/chromeos_no_lock\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tTitle: pulumi.String(\"chromeos_no_lock\"),\n\t\t\tBasic: \u0026accesscontextmanager.AccessLevelBasicArgs{\n\t\t\t\tConditions: accesscontextmanager.AccessLevelBasicConditionArray{\n\t\t\t\t\t\u0026accesscontextmanager.AccessLevelBasicConditionArgs{\n\t\t\t\t\t\tDevicePolicy: \u0026accesscontextmanager.AccessLevelBasicConditionDevicePolicyArgs{\n\t\t\t\t\t\t\tRequireScreenLock: pulumi.Bool(false),\n\t\t\t\t\t\t\tOsConstraints: accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArray{\n\t\t\t\t\t\t\t\t\u0026accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArgs{\n\t\t\t\t\t\t\t\t\tOsType: pulumi.String(\"DESKTOP_CHROME_OS\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tRegions: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"CH\"),\n\t\t\t\t\t\t\tpulumi.String(\"IT\"),\n\t\t\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicy;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyArgs;\nimport com.pulumi.gcp.accesscontextmanager.ServicePerimeters;\nimport com.pulumi.gcp.accesscontextmanager.ServicePerimetersArgs;\nimport com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimetersServicePerimeterArgs;\nimport com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimetersServicePerimeterStatusArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessLevel;\nimport com.pulumi.gcp.accesscontextmanager.AccessLevelArgs;\nimport com.pulumi.gcp.accesscontextmanager.inputs.AccessLevelBasicArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var access_policy = new AccessPolicy(\"access-policy\", AccessPolicyArgs.builder()\n .parent(\"organizations/123456789\")\n .title(\"my policy\")\n .build());\n\n var service_perimeter = new ServicePerimeters(\"service-perimeter\", ServicePerimetersArgs.builder()\n .parent(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s\", name)))\n .servicePerimeters( \n ServicePerimetersServicePerimeterArgs.builder()\n .name(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s/servicePerimeters/\", name)))\n .title(\"\")\n .status(ServicePerimetersServicePerimeterStatusArgs.builder()\n .restrictedServices(\"storage.googleapis.com\")\n .build())\n .build(),\n ServicePerimetersServicePerimeterArgs.builder()\n .name(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s/servicePerimeters/\", name)))\n .title(\"\")\n .status(ServicePerimetersServicePerimeterStatusArgs.builder()\n .restrictedServices(\"bigtable.googleapis.com\")\n .build())\n .build())\n .build());\n\n var access_level = new AccessLevel(\"access-level\", AccessLevelArgs.builder()\n .parent(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s\", name)))\n .name(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s/accessLevels/chromeos_no_lock\", name)))\n .title(\"chromeos_no_lock\")\n .basic(AccessLevelBasicArgs.builder()\n .conditions(AccessLevelBasicConditionArgs.builder()\n .devicePolicy(AccessLevelBasicConditionDevicePolicyArgs.builder()\n .requireScreenLock(false)\n .osConstraints(AccessLevelBasicConditionDevicePolicyOsConstraintArgs.builder()\n .osType(\"DESKTOP_CHROME_OS\")\n .build())\n .build())\n .regions( \n \"CH\",\n \"IT\",\n \"US\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n service-perimeter:\n type: gcp:accesscontextmanager:ServicePerimeters\n properties:\n parent: accessPolicies/${[\"access-policy\"].name}\n servicePerimeters:\n - name: accessPolicies/${[\"access-policy\"].name}/servicePerimeters/\n title: \"\"\n status:\n restrictedServices:\n - storage.googleapis.com\n - name: accessPolicies/${[\"access-policy\"].name}/servicePerimeters/\n title: \"\"\n status:\n restrictedServices:\n - bigtable.googleapis.com\n access-level:\n type: gcp:accesscontextmanager:AccessLevel\n properties:\n parent: accessPolicies/${[\"access-policy\"].name}\n name: accessPolicies/${[\"access-policy\"].name}/accessLevels/chromeos_no_lock\n title: chromeos_no_lock\n basic:\n conditions:\n - devicePolicy:\n requireScreenLock: false\n osConstraints:\n - osType: DESKTOP_CHROME_OS\n regions:\n - CH\n - IT\n - US\n access-policy:\n type: gcp:accesscontextmanager:AccessPolicy\n properties:\n parent: organizations/123456789\n title: my policy\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nServicePerimeters can be imported using any of these accepted formats:\n\n* `{{parent}}/servicePerimeters`\n\n* `{{parent}}`\n\nWhen using the `pulumi import` command, ServicePerimeters can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:accesscontextmanager/servicePerimeters:ServicePerimeters default {{parent}}/servicePerimeters\n```\n\n```sh\n$ pulumi import gcp:accesscontextmanager/servicePerimeters:ServicePerimeters default {{parent}}\n```\n\n", "properties": { "parent": { "type": "string", @@ -128660,7 +128660,7 @@ } }, "gcp:alloydb/backup:Backup": { - "description": "An AlloyDB Backup.\n\n\nTo get more information about Backup, see:\n\n* [API documentation](https://cloud.google.com/alloydb/docs/reference/rest/v1/projects.locations.backups/create)\n* How-to Guides\n * [AlloyDB](https://cloud.google.com/alloydb/docs/)\n\n## Example Usage\n\n### Alloydb Backup Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultNetwork = new gcp.compute.Network(\"default\", {name: \"alloydb-network\"});\nconst defaultCluster = new gcp.alloydb.Cluster(\"default\", {\n clusterId: \"alloydb-cluster\",\n location: \"us-central1\",\n networkConfig: {\n network: defaultNetwork.id,\n },\n});\nconst privateIpAlloc = new gcp.compute.GlobalAddress(\"private_ip_alloc\", {\n name: \"alloydb-cluster\",\n addressType: \"INTERNAL\",\n purpose: \"VPC_PEERING\",\n prefixLength: 16,\n network: defaultNetwork.id,\n});\nconst vpcConnection = new gcp.servicenetworking.Connection(\"vpc_connection\", {\n network: defaultNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [privateIpAlloc.name],\n});\nconst defaultInstance = new gcp.alloydb.Instance(\"default\", {\n cluster: defaultCluster.name,\n instanceId: \"alloydb-instance\",\n instanceType: \"PRIMARY\",\n}, {\n dependsOn: [vpcConnection],\n});\nconst _default = new gcp.alloydb.Backup(\"default\", {\n location: \"us-central1\",\n backupId: \"alloydb-backup\",\n clusterName: defaultCluster.name,\n}, {\n dependsOn: [defaultInstance],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_network = gcp.compute.Network(\"default\", name=\"alloydb-network\")\ndefault_cluster = gcp.alloydb.Cluster(\"default\",\n cluster_id=\"alloydb-cluster\",\n location=\"us-central1\",\n network_config={\n \"network\": default_network.id,\n })\nprivate_ip_alloc = gcp.compute.GlobalAddress(\"private_ip_alloc\",\n name=\"alloydb-cluster\",\n address_type=\"INTERNAL\",\n purpose=\"VPC_PEERING\",\n prefix_length=16,\n network=default_network.id)\nvpc_connection = gcp.servicenetworking.Connection(\"vpc_connection\",\n network=default_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[private_ip_alloc.name])\ndefault_instance = gcp.alloydb.Instance(\"default\",\n cluster=default_cluster.name,\n instance_id=\"alloydb-instance\",\n instance_type=\"PRIMARY\",\n opts = pulumi.ResourceOptions(depends_on=[vpc_connection]))\ndefault = gcp.alloydb.Backup(\"default\",\n location=\"us-central1\",\n backup_id=\"alloydb-backup\",\n cluster_name=default_cluster.name,\n opts = pulumi.ResourceOptions(depends_on=[default_instance]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"alloydb-network\",\n });\n\n var defaultCluster = new Gcp.Alloydb.Cluster(\"default\", new()\n {\n ClusterId = \"alloydb-cluster\",\n Location = \"us-central1\",\n NetworkConfig = new Gcp.Alloydb.Inputs.ClusterNetworkConfigArgs\n {\n Network = defaultNetwork.Id,\n },\n });\n\n var privateIpAlloc = new Gcp.Compute.GlobalAddress(\"private_ip_alloc\", new()\n {\n Name = \"alloydb-cluster\",\n AddressType = \"INTERNAL\",\n Purpose = \"VPC_PEERING\",\n PrefixLength = 16,\n Network = defaultNetwork.Id,\n });\n\n var vpcConnection = new Gcp.ServiceNetworking.Connection(\"vpc_connection\", new()\n {\n Network = defaultNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n privateIpAlloc.Name,\n },\n });\n\n var defaultInstance = new Gcp.Alloydb.Instance(\"default\", new()\n {\n Cluster = defaultCluster.Name,\n InstanceId = \"alloydb-instance\",\n InstanceType = \"PRIMARY\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n vpcConnection,\n },\n });\n\n var @default = new Gcp.Alloydb.Backup(\"default\", new()\n {\n Location = \"us-central1\",\n BackupId = \"alloydb-backup\",\n ClusterName = defaultCluster.Name,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n defaultInstance,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/alloydb\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"alloydb-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultCluster, err := alloydb.NewCluster(ctx, \"default\", \u0026alloydb.ClusterArgs{\n\t\t\tClusterId: pulumi.String(\"alloydb-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tNetworkConfig: \u0026alloydb.ClusterNetworkConfigArgs{\n\t\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateIpAlloc, err := compute.NewGlobalAddress(ctx, \"private_ip_alloc\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"alloydb-cluster\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpcConnection, err := servicenetworking.NewConnection(ctx, \"vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tprivateIpAlloc.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultInstance, err := alloydb.NewInstance(ctx, \"default\", \u0026alloydb.InstanceArgs{\n\t\t\tCluster: defaultCluster.Name,\n\t\t\tInstanceId: pulumi.String(\"alloydb-instance\"),\n\t\t\tInstanceType: pulumi.String(\"PRIMARY\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = alloydb.NewBackup(ctx, \"default\", \u0026alloydb.BackupArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupId: pulumi.String(\"alloydb-backup\"),\n\t\t\tClusterName: defaultCluster.Name,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdefaultInstance,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.alloydb.Cluster;\nimport com.pulumi.gcp.alloydb.ClusterArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterNetworkConfigArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.alloydb.Instance;\nimport com.pulumi.gcp.alloydb.InstanceArgs;\nimport com.pulumi.gcp.alloydb.Backup;\nimport com.pulumi.gcp.alloydb.BackupArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"alloydb-network\")\n .build());\n\n var defaultCluster = new Cluster(\"defaultCluster\", ClusterArgs.builder()\n .clusterId(\"alloydb-cluster\")\n .location(\"us-central1\")\n .networkConfig(ClusterNetworkConfigArgs.builder()\n .network(defaultNetwork.id())\n .build())\n .build());\n\n var privateIpAlloc = new GlobalAddress(\"privateIpAlloc\", GlobalAddressArgs.builder()\n .name(\"alloydb-cluster\")\n .addressType(\"INTERNAL\")\n .purpose(\"VPC_PEERING\")\n .prefixLength(16)\n .network(defaultNetwork.id())\n .build());\n\n var vpcConnection = new Connection(\"vpcConnection\", ConnectionArgs.builder()\n .network(defaultNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(privateIpAlloc.name())\n .build());\n\n var defaultInstance = new Instance(\"defaultInstance\", InstanceArgs.builder()\n .cluster(defaultCluster.name())\n .instanceId(\"alloydb-instance\")\n .instanceType(\"PRIMARY\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(vpcConnection)\n .build());\n\n var default_ = new Backup(\"default\", BackupArgs.builder()\n .location(\"us-central1\")\n .backupId(\"alloydb-backup\")\n .clusterName(defaultCluster.name())\n .build(), CustomResourceOptions.builder()\n .dependsOn(defaultInstance)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:alloydb:Backup\n properties:\n location: us-central1\n backupId: alloydb-backup\n clusterName: ${defaultCluster.name}\n options:\n dependson:\n - ${defaultInstance}\n defaultCluster:\n type: gcp:alloydb:Cluster\n name: default\n properties:\n clusterId: alloydb-cluster\n location: us-central1\n networkConfig:\n network: ${defaultNetwork.id}\n defaultInstance:\n type: gcp:alloydb:Instance\n name: default\n properties:\n cluster: ${defaultCluster.name}\n instanceId: alloydb-instance\n instanceType: PRIMARY\n options:\n dependson:\n - ${vpcConnection}\n privateIpAlloc:\n type: gcp:compute:GlobalAddress\n name: private_ip_alloc\n properties:\n name: alloydb-cluster\n addressType: INTERNAL\n purpose: VPC_PEERING\n prefixLength: 16\n network: ${defaultNetwork.id}\n vpcConnection:\n type: gcp:servicenetworking:Connection\n name: vpc_connection\n properties:\n network: ${defaultNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${privateIpAlloc.name}\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: alloydb-network\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Alloydb Backup Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultNetwork = new gcp.compute.Network(\"default\", {name: \"alloydb-network\"});\nconst defaultCluster = new gcp.alloydb.Cluster(\"default\", {\n clusterId: \"alloydb-cluster\",\n location: \"us-central1\",\n networkConfig: {\n network: defaultNetwork.id,\n },\n});\nconst privateIpAlloc = new gcp.compute.GlobalAddress(\"private_ip_alloc\", {\n name: \"alloydb-cluster\",\n addressType: \"INTERNAL\",\n purpose: \"VPC_PEERING\",\n prefixLength: 16,\n network: defaultNetwork.id,\n});\nconst vpcConnection = new gcp.servicenetworking.Connection(\"vpc_connection\", {\n network: defaultNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [privateIpAlloc.name],\n});\nconst defaultInstance = new gcp.alloydb.Instance(\"default\", {\n cluster: defaultCluster.name,\n instanceId: \"alloydb-instance\",\n instanceType: \"PRIMARY\",\n}, {\n dependsOn: [vpcConnection],\n});\nconst _default = new gcp.alloydb.Backup(\"default\", {\n location: \"us-central1\",\n backupId: \"alloydb-backup\",\n clusterName: defaultCluster.name,\n description: \"example description\",\n type: \"ON_DEMAND\",\n labels: {\n label: \"key\",\n },\n}, {\n dependsOn: [defaultInstance],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_network = gcp.compute.Network(\"default\", name=\"alloydb-network\")\ndefault_cluster = gcp.alloydb.Cluster(\"default\",\n cluster_id=\"alloydb-cluster\",\n location=\"us-central1\",\n network_config={\n \"network\": default_network.id,\n })\nprivate_ip_alloc = gcp.compute.GlobalAddress(\"private_ip_alloc\",\n name=\"alloydb-cluster\",\n address_type=\"INTERNAL\",\n purpose=\"VPC_PEERING\",\n prefix_length=16,\n network=default_network.id)\nvpc_connection = gcp.servicenetworking.Connection(\"vpc_connection\",\n network=default_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[private_ip_alloc.name])\ndefault_instance = gcp.alloydb.Instance(\"default\",\n cluster=default_cluster.name,\n instance_id=\"alloydb-instance\",\n instance_type=\"PRIMARY\",\n opts = pulumi.ResourceOptions(depends_on=[vpc_connection]))\ndefault = gcp.alloydb.Backup(\"default\",\n location=\"us-central1\",\n backup_id=\"alloydb-backup\",\n cluster_name=default_cluster.name,\n description=\"example description\",\n type=\"ON_DEMAND\",\n labels={\n \"label\": \"key\",\n },\n opts = pulumi.ResourceOptions(depends_on=[default_instance]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"alloydb-network\",\n });\n\n var defaultCluster = new Gcp.Alloydb.Cluster(\"default\", new()\n {\n ClusterId = \"alloydb-cluster\",\n Location = \"us-central1\",\n NetworkConfig = new Gcp.Alloydb.Inputs.ClusterNetworkConfigArgs\n {\n Network = defaultNetwork.Id,\n },\n });\n\n var privateIpAlloc = new Gcp.Compute.GlobalAddress(\"private_ip_alloc\", new()\n {\n Name = \"alloydb-cluster\",\n AddressType = \"INTERNAL\",\n Purpose = \"VPC_PEERING\",\n PrefixLength = 16,\n Network = defaultNetwork.Id,\n });\n\n var vpcConnection = new Gcp.ServiceNetworking.Connection(\"vpc_connection\", new()\n {\n Network = defaultNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n privateIpAlloc.Name,\n },\n });\n\n var defaultInstance = new Gcp.Alloydb.Instance(\"default\", new()\n {\n Cluster = defaultCluster.Name,\n InstanceId = \"alloydb-instance\",\n InstanceType = \"PRIMARY\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n vpcConnection,\n },\n });\n\n var @default = new Gcp.Alloydb.Backup(\"default\", new()\n {\n Location = \"us-central1\",\n BackupId = \"alloydb-backup\",\n ClusterName = defaultCluster.Name,\n Description = \"example description\",\n Type = \"ON_DEMAND\",\n Labels = \n {\n { \"label\", \"key\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n defaultInstance,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/alloydb\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"alloydb-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultCluster, err := alloydb.NewCluster(ctx, \"default\", \u0026alloydb.ClusterArgs{\n\t\t\tClusterId: pulumi.String(\"alloydb-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tNetworkConfig: \u0026alloydb.ClusterNetworkConfigArgs{\n\t\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateIpAlloc, err := compute.NewGlobalAddress(ctx, \"private_ip_alloc\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"alloydb-cluster\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpcConnection, err := servicenetworking.NewConnection(ctx, \"vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tprivateIpAlloc.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultInstance, err := alloydb.NewInstance(ctx, \"default\", \u0026alloydb.InstanceArgs{\n\t\t\tCluster: defaultCluster.Name,\n\t\t\tInstanceId: pulumi.String(\"alloydb-instance\"),\n\t\t\tInstanceType: pulumi.String(\"PRIMARY\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = alloydb.NewBackup(ctx, \"default\", \u0026alloydb.BackupArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupId: pulumi.String(\"alloydb-backup\"),\n\t\t\tClusterName: defaultCluster.Name,\n\t\t\tDescription: pulumi.String(\"example description\"),\n\t\t\tType: pulumi.String(\"ON_DEMAND\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label\": pulumi.String(\"key\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdefaultInstance,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.alloydb.Cluster;\nimport com.pulumi.gcp.alloydb.ClusterArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterNetworkConfigArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.alloydb.Instance;\nimport com.pulumi.gcp.alloydb.InstanceArgs;\nimport com.pulumi.gcp.alloydb.Backup;\nimport com.pulumi.gcp.alloydb.BackupArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"alloydb-network\")\n .build());\n\n var defaultCluster = new Cluster(\"defaultCluster\", ClusterArgs.builder()\n .clusterId(\"alloydb-cluster\")\n .location(\"us-central1\")\n .networkConfig(ClusterNetworkConfigArgs.builder()\n .network(defaultNetwork.id())\n .build())\n .build());\n\n var privateIpAlloc = new GlobalAddress(\"privateIpAlloc\", GlobalAddressArgs.builder()\n .name(\"alloydb-cluster\")\n .addressType(\"INTERNAL\")\n .purpose(\"VPC_PEERING\")\n .prefixLength(16)\n .network(defaultNetwork.id())\n .build());\n\n var vpcConnection = new Connection(\"vpcConnection\", ConnectionArgs.builder()\n .network(defaultNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(privateIpAlloc.name())\n .build());\n\n var defaultInstance = new Instance(\"defaultInstance\", InstanceArgs.builder()\n .cluster(defaultCluster.name())\n .instanceId(\"alloydb-instance\")\n .instanceType(\"PRIMARY\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(vpcConnection)\n .build());\n\n var default_ = new Backup(\"default\", BackupArgs.builder()\n .location(\"us-central1\")\n .backupId(\"alloydb-backup\")\n .clusterName(defaultCluster.name())\n .description(\"example description\")\n .type(\"ON_DEMAND\")\n .labels(Map.of(\"label\", \"key\"))\n .build(), CustomResourceOptions.builder()\n .dependsOn(defaultInstance)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:alloydb:Backup\n properties:\n location: us-central1\n backupId: alloydb-backup\n clusterName: ${defaultCluster.name}\n description: example description\n type: ON_DEMAND\n labels:\n label: key\n options:\n dependson:\n - ${defaultInstance}\n defaultCluster:\n type: gcp:alloydb:Cluster\n name: default\n properties:\n clusterId: alloydb-cluster\n location: us-central1\n networkConfig:\n network: ${defaultNetwork.id}\n defaultInstance:\n type: gcp:alloydb:Instance\n name: default\n properties:\n cluster: ${defaultCluster.name}\n instanceId: alloydb-instance\n instanceType: PRIMARY\n options:\n dependson:\n - ${vpcConnection}\n privateIpAlloc:\n type: gcp:compute:GlobalAddress\n name: private_ip_alloc\n properties:\n name: alloydb-cluster\n addressType: INTERNAL\n purpose: VPC_PEERING\n prefixLength: 16\n network: ${defaultNetwork.id}\n vpcConnection:\n type: gcp:servicenetworking:Connection\n name: vpc_connection\n properties:\n network: ${defaultNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${privateIpAlloc.name}\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: alloydb-network\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nBackup can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/backups/{{backup_id}}`\n\n* `{{project}}/{{location}}/{{backup_id}}`\n\n* `{{location}}/{{backup_id}}`\n\nWhen using the `pulumi import` command, Backup can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:alloydb/backup:Backup default projects/{{project}}/locations/{{location}}/backups/{{backup_id}}\n```\n\n```sh\n$ pulumi import gcp:alloydb/backup:Backup default {{project}}/{{location}}/{{backup_id}}\n```\n\n```sh\n$ pulumi import gcp:alloydb/backup:Backup default {{location}}/{{backup_id}}\n```\n\n", + "description": "An AlloyDB Backup.\n\n\nTo get more information about Backup, see:\n\n* [API documentation](https://cloud.google.com/alloydb/docs/reference/rest/v1/projects.locations.backups/create)\n* How-to Guides\n * [AlloyDB](https://cloud.google.com/alloydb/docs/)\n\n## Example Usage\n\n### Alloydb Backup Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultNetwork = new gcp.compute.Network(\"default\", {name: \"alloydb-network\"});\nconst defaultCluster = new gcp.alloydb.Cluster(\"default\", {\n clusterId: \"alloydb-cluster\",\n location: \"us-central1\",\n networkConfig: {\n network: defaultNetwork.id,\n },\n});\nconst privateIpAlloc = new gcp.compute.GlobalAddress(\"private_ip_alloc\", {\n name: \"alloydb-cluster\",\n addressType: \"INTERNAL\",\n purpose: \"VPC_PEERING\",\n prefixLength: 16,\n network: defaultNetwork.id,\n});\nconst vpcConnection = new gcp.servicenetworking.Connection(\"vpc_connection\", {\n network: defaultNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [privateIpAlloc.name],\n});\nconst defaultInstance = new gcp.alloydb.Instance(\"default\", {\n cluster: defaultCluster.name,\n instanceId: \"alloydb-instance\",\n instanceType: \"PRIMARY\",\n}, {\n dependsOn: [vpcConnection],\n});\nconst _default = new gcp.alloydb.Backup(\"default\", {\n location: \"us-central1\",\n backupId: \"alloydb-backup\",\n clusterName: defaultCluster.name,\n}, {\n dependsOn: [defaultInstance],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_network = gcp.compute.Network(\"default\", name=\"alloydb-network\")\ndefault_cluster = gcp.alloydb.Cluster(\"default\",\n cluster_id=\"alloydb-cluster\",\n location=\"us-central1\",\n network_config={\n \"network\": default_network.id,\n })\nprivate_ip_alloc = gcp.compute.GlobalAddress(\"private_ip_alloc\",\n name=\"alloydb-cluster\",\n address_type=\"INTERNAL\",\n purpose=\"VPC_PEERING\",\n prefix_length=16,\n network=default_network.id)\nvpc_connection = gcp.servicenetworking.Connection(\"vpc_connection\",\n network=default_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[private_ip_alloc.name])\ndefault_instance = gcp.alloydb.Instance(\"default\",\n cluster=default_cluster.name,\n instance_id=\"alloydb-instance\",\n instance_type=\"PRIMARY\",\n opts = pulumi.ResourceOptions(depends_on=[vpc_connection]))\ndefault = gcp.alloydb.Backup(\"default\",\n location=\"us-central1\",\n backup_id=\"alloydb-backup\",\n cluster_name=default_cluster.name,\n opts = pulumi.ResourceOptions(depends_on=[default_instance]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"alloydb-network\",\n });\n\n var defaultCluster = new Gcp.Alloydb.Cluster(\"default\", new()\n {\n ClusterId = \"alloydb-cluster\",\n Location = \"us-central1\",\n NetworkConfig = new Gcp.Alloydb.Inputs.ClusterNetworkConfigArgs\n {\n Network = defaultNetwork.Id,\n },\n });\n\n var privateIpAlloc = new Gcp.Compute.GlobalAddress(\"private_ip_alloc\", new()\n {\n Name = \"alloydb-cluster\",\n AddressType = \"INTERNAL\",\n Purpose = \"VPC_PEERING\",\n PrefixLength = 16,\n Network = defaultNetwork.Id,\n });\n\n var vpcConnection = new Gcp.ServiceNetworking.Connection(\"vpc_connection\", new()\n {\n Network = defaultNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n privateIpAlloc.Name,\n },\n });\n\n var defaultInstance = new Gcp.Alloydb.Instance(\"default\", new()\n {\n Cluster = defaultCluster.Name,\n InstanceId = \"alloydb-instance\",\n InstanceType = \"PRIMARY\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n vpcConnection,\n },\n });\n\n var @default = new Gcp.Alloydb.Backup(\"default\", new()\n {\n Location = \"us-central1\",\n BackupId = \"alloydb-backup\",\n ClusterName = defaultCluster.Name,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n defaultInstance,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/alloydb\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"alloydb-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultCluster, err := alloydb.NewCluster(ctx, \"default\", \u0026alloydb.ClusterArgs{\n\t\t\tClusterId: pulumi.String(\"alloydb-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tNetworkConfig: \u0026alloydb.ClusterNetworkConfigArgs{\n\t\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateIpAlloc, err := compute.NewGlobalAddress(ctx, \"private_ip_alloc\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"alloydb-cluster\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpcConnection, err := servicenetworking.NewConnection(ctx, \"vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tprivateIpAlloc.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultInstance, err := alloydb.NewInstance(ctx, \"default\", \u0026alloydb.InstanceArgs{\n\t\t\tCluster: defaultCluster.Name,\n\t\t\tInstanceId: pulumi.String(\"alloydb-instance\"),\n\t\t\tInstanceType: pulumi.String(\"PRIMARY\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = alloydb.NewBackup(ctx, \"default\", \u0026alloydb.BackupArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupId: pulumi.String(\"alloydb-backup\"),\n\t\t\tClusterName: defaultCluster.Name,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdefaultInstance,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.alloydb.Cluster;\nimport com.pulumi.gcp.alloydb.ClusterArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterNetworkConfigArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.alloydb.Instance;\nimport com.pulumi.gcp.alloydb.InstanceArgs;\nimport com.pulumi.gcp.alloydb.Backup;\nimport com.pulumi.gcp.alloydb.BackupArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"alloydb-network\")\n .build());\n\n var defaultCluster = new Cluster(\"defaultCluster\", ClusterArgs.builder()\n .clusterId(\"alloydb-cluster\")\n .location(\"us-central1\")\n .networkConfig(ClusterNetworkConfigArgs.builder()\n .network(defaultNetwork.id())\n .build())\n .build());\n\n var privateIpAlloc = new GlobalAddress(\"privateIpAlloc\", GlobalAddressArgs.builder()\n .name(\"alloydb-cluster\")\n .addressType(\"INTERNAL\")\n .purpose(\"VPC_PEERING\")\n .prefixLength(16)\n .network(defaultNetwork.id())\n .build());\n\n var vpcConnection = new Connection(\"vpcConnection\", ConnectionArgs.builder()\n .network(defaultNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(privateIpAlloc.name())\n .build());\n\n var defaultInstance = new Instance(\"defaultInstance\", InstanceArgs.builder()\n .cluster(defaultCluster.name())\n .instanceId(\"alloydb-instance\")\n .instanceType(\"PRIMARY\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(vpcConnection)\n .build());\n\n var default_ = new Backup(\"default\", BackupArgs.builder()\n .location(\"us-central1\")\n .backupId(\"alloydb-backup\")\n .clusterName(defaultCluster.name())\n .build(), CustomResourceOptions.builder()\n .dependsOn(defaultInstance)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:alloydb:Backup\n properties:\n location: us-central1\n backupId: alloydb-backup\n clusterName: ${defaultCluster.name}\n options:\n dependsOn:\n - ${defaultInstance}\n defaultCluster:\n type: gcp:alloydb:Cluster\n name: default\n properties:\n clusterId: alloydb-cluster\n location: us-central1\n networkConfig:\n network: ${defaultNetwork.id}\n defaultInstance:\n type: gcp:alloydb:Instance\n name: default\n properties:\n cluster: ${defaultCluster.name}\n instanceId: alloydb-instance\n instanceType: PRIMARY\n options:\n dependsOn:\n - ${vpcConnection}\n privateIpAlloc:\n type: gcp:compute:GlobalAddress\n name: private_ip_alloc\n properties:\n name: alloydb-cluster\n addressType: INTERNAL\n purpose: VPC_PEERING\n prefixLength: 16\n network: ${defaultNetwork.id}\n vpcConnection:\n type: gcp:servicenetworking:Connection\n name: vpc_connection\n properties:\n network: ${defaultNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${privateIpAlloc.name}\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: alloydb-network\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Alloydb Backup Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultNetwork = new gcp.compute.Network(\"default\", {name: \"alloydb-network\"});\nconst defaultCluster = new gcp.alloydb.Cluster(\"default\", {\n clusterId: \"alloydb-cluster\",\n location: \"us-central1\",\n networkConfig: {\n network: defaultNetwork.id,\n },\n});\nconst privateIpAlloc = new gcp.compute.GlobalAddress(\"private_ip_alloc\", {\n name: \"alloydb-cluster\",\n addressType: \"INTERNAL\",\n purpose: \"VPC_PEERING\",\n prefixLength: 16,\n network: defaultNetwork.id,\n});\nconst vpcConnection = new gcp.servicenetworking.Connection(\"vpc_connection\", {\n network: defaultNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [privateIpAlloc.name],\n});\nconst defaultInstance = new gcp.alloydb.Instance(\"default\", {\n cluster: defaultCluster.name,\n instanceId: \"alloydb-instance\",\n instanceType: \"PRIMARY\",\n}, {\n dependsOn: [vpcConnection],\n});\nconst _default = new gcp.alloydb.Backup(\"default\", {\n location: \"us-central1\",\n backupId: \"alloydb-backup\",\n clusterName: defaultCluster.name,\n description: \"example description\",\n type: \"ON_DEMAND\",\n labels: {\n label: \"key\",\n },\n}, {\n dependsOn: [defaultInstance],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_network = gcp.compute.Network(\"default\", name=\"alloydb-network\")\ndefault_cluster = gcp.alloydb.Cluster(\"default\",\n cluster_id=\"alloydb-cluster\",\n location=\"us-central1\",\n network_config={\n \"network\": default_network.id,\n })\nprivate_ip_alloc = gcp.compute.GlobalAddress(\"private_ip_alloc\",\n name=\"alloydb-cluster\",\n address_type=\"INTERNAL\",\n purpose=\"VPC_PEERING\",\n prefix_length=16,\n network=default_network.id)\nvpc_connection = gcp.servicenetworking.Connection(\"vpc_connection\",\n network=default_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[private_ip_alloc.name])\ndefault_instance = gcp.alloydb.Instance(\"default\",\n cluster=default_cluster.name,\n instance_id=\"alloydb-instance\",\n instance_type=\"PRIMARY\",\n opts = pulumi.ResourceOptions(depends_on=[vpc_connection]))\ndefault = gcp.alloydb.Backup(\"default\",\n location=\"us-central1\",\n backup_id=\"alloydb-backup\",\n cluster_name=default_cluster.name,\n description=\"example description\",\n type=\"ON_DEMAND\",\n labels={\n \"label\": \"key\",\n },\n opts = pulumi.ResourceOptions(depends_on=[default_instance]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"alloydb-network\",\n });\n\n var defaultCluster = new Gcp.Alloydb.Cluster(\"default\", new()\n {\n ClusterId = \"alloydb-cluster\",\n Location = \"us-central1\",\n NetworkConfig = new Gcp.Alloydb.Inputs.ClusterNetworkConfigArgs\n {\n Network = defaultNetwork.Id,\n },\n });\n\n var privateIpAlloc = new Gcp.Compute.GlobalAddress(\"private_ip_alloc\", new()\n {\n Name = \"alloydb-cluster\",\n AddressType = \"INTERNAL\",\n Purpose = \"VPC_PEERING\",\n PrefixLength = 16,\n Network = defaultNetwork.Id,\n });\n\n var vpcConnection = new Gcp.ServiceNetworking.Connection(\"vpc_connection\", new()\n {\n Network = defaultNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n privateIpAlloc.Name,\n },\n });\n\n var defaultInstance = new Gcp.Alloydb.Instance(\"default\", new()\n {\n Cluster = defaultCluster.Name,\n InstanceId = \"alloydb-instance\",\n InstanceType = \"PRIMARY\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n vpcConnection,\n },\n });\n\n var @default = new Gcp.Alloydb.Backup(\"default\", new()\n {\n Location = \"us-central1\",\n BackupId = \"alloydb-backup\",\n ClusterName = defaultCluster.Name,\n Description = \"example description\",\n Type = \"ON_DEMAND\",\n Labels = \n {\n { \"label\", \"key\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n defaultInstance,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/alloydb\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"alloydb-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultCluster, err := alloydb.NewCluster(ctx, \"default\", \u0026alloydb.ClusterArgs{\n\t\t\tClusterId: pulumi.String(\"alloydb-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tNetworkConfig: \u0026alloydb.ClusterNetworkConfigArgs{\n\t\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateIpAlloc, err := compute.NewGlobalAddress(ctx, \"private_ip_alloc\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"alloydb-cluster\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpcConnection, err := servicenetworking.NewConnection(ctx, \"vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tprivateIpAlloc.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultInstance, err := alloydb.NewInstance(ctx, \"default\", \u0026alloydb.InstanceArgs{\n\t\t\tCluster: defaultCluster.Name,\n\t\t\tInstanceId: pulumi.String(\"alloydb-instance\"),\n\t\t\tInstanceType: pulumi.String(\"PRIMARY\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = alloydb.NewBackup(ctx, \"default\", \u0026alloydb.BackupArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupId: pulumi.String(\"alloydb-backup\"),\n\t\t\tClusterName: defaultCluster.Name,\n\t\t\tDescription: pulumi.String(\"example description\"),\n\t\t\tType: pulumi.String(\"ON_DEMAND\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label\": pulumi.String(\"key\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdefaultInstance,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.alloydb.Cluster;\nimport com.pulumi.gcp.alloydb.ClusterArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterNetworkConfigArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.alloydb.Instance;\nimport com.pulumi.gcp.alloydb.InstanceArgs;\nimport com.pulumi.gcp.alloydb.Backup;\nimport com.pulumi.gcp.alloydb.BackupArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"alloydb-network\")\n .build());\n\n var defaultCluster = new Cluster(\"defaultCluster\", ClusterArgs.builder()\n .clusterId(\"alloydb-cluster\")\n .location(\"us-central1\")\n .networkConfig(ClusterNetworkConfigArgs.builder()\n .network(defaultNetwork.id())\n .build())\n .build());\n\n var privateIpAlloc = new GlobalAddress(\"privateIpAlloc\", GlobalAddressArgs.builder()\n .name(\"alloydb-cluster\")\n .addressType(\"INTERNAL\")\n .purpose(\"VPC_PEERING\")\n .prefixLength(16)\n .network(defaultNetwork.id())\n .build());\n\n var vpcConnection = new Connection(\"vpcConnection\", ConnectionArgs.builder()\n .network(defaultNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(privateIpAlloc.name())\n .build());\n\n var defaultInstance = new Instance(\"defaultInstance\", InstanceArgs.builder()\n .cluster(defaultCluster.name())\n .instanceId(\"alloydb-instance\")\n .instanceType(\"PRIMARY\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(vpcConnection)\n .build());\n\n var default_ = new Backup(\"default\", BackupArgs.builder()\n .location(\"us-central1\")\n .backupId(\"alloydb-backup\")\n .clusterName(defaultCluster.name())\n .description(\"example description\")\n .type(\"ON_DEMAND\")\n .labels(Map.of(\"label\", \"key\"))\n .build(), CustomResourceOptions.builder()\n .dependsOn(defaultInstance)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:alloydb:Backup\n properties:\n location: us-central1\n backupId: alloydb-backup\n clusterName: ${defaultCluster.name}\n description: example description\n type: ON_DEMAND\n labels:\n label: key\n options:\n dependsOn:\n - ${defaultInstance}\n defaultCluster:\n type: gcp:alloydb:Cluster\n name: default\n properties:\n clusterId: alloydb-cluster\n location: us-central1\n networkConfig:\n network: ${defaultNetwork.id}\n defaultInstance:\n type: gcp:alloydb:Instance\n name: default\n properties:\n cluster: ${defaultCluster.name}\n instanceId: alloydb-instance\n instanceType: PRIMARY\n options:\n dependsOn:\n - ${vpcConnection}\n privateIpAlloc:\n type: gcp:compute:GlobalAddress\n name: private_ip_alloc\n properties:\n name: alloydb-cluster\n addressType: INTERNAL\n purpose: VPC_PEERING\n prefixLength: 16\n network: ${defaultNetwork.id}\n vpcConnection:\n type: gcp:servicenetworking:Connection\n name: vpc_connection\n properties:\n network: ${defaultNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${privateIpAlloc.name}\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: alloydb-network\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nBackup can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/backups/{{backup_id}}`\n\n* `{{project}}/{{location}}/{{backup_id}}`\n\n* `{{location}}/{{backup_id}}`\n\nWhen using the `pulumi import` command, Backup can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:alloydb/backup:Backup default projects/{{project}}/locations/{{location}}/backups/{{backup_id}}\n```\n\n```sh\n$ pulumi import gcp:alloydb/backup:Backup default {{project}}/{{location}}/{{backup_id}}\n```\n\n```sh\n$ pulumi import gcp:alloydb/backup:Backup default {{location}}/{{backup_id}}\n```\n\n", "properties": { "annotations": { "type": "object", @@ -129007,7 +129007,7 @@ } }, "gcp:alloydb/cluster:Cluster": { - "description": "## Example Usage\n\n### Alloydb Cluster Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultNetwork = new gcp.compute.Network(\"default\", {name: \"alloydb-cluster\"});\nconst _default = new gcp.alloydb.Cluster(\"default\", {\n clusterId: \"alloydb-cluster\",\n location: \"us-central1\",\n networkConfig: {\n network: defaultNetwork.id,\n },\n});\nconst project = gcp.organizations.getProject({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_network = gcp.compute.Network(\"default\", name=\"alloydb-cluster\")\ndefault = gcp.alloydb.Cluster(\"default\",\n cluster_id=\"alloydb-cluster\",\n location=\"us-central1\",\n network_config={\n \"network\": default_network.id,\n })\nproject = gcp.organizations.get_project()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"alloydb-cluster\",\n });\n\n var @default = new Gcp.Alloydb.Cluster(\"default\", new()\n {\n ClusterId = \"alloydb-cluster\",\n Location = \"us-central1\",\n NetworkConfig = new Gcp.Alloydb.Inputs.ClusterNetworkConfigArgs\n {\n Network = defaultNetwork.Id,\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/alloydb\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"alloydb-cluster\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = alloydb.NewCluster(ctx, \"default\", \u0026alloydb.ClusterArgs{\n\t\t\tClusterId: pulumi.String(\"alloydb-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tNetworkConfig: \u0026alloydb.ClusterNetworkConfigArgs{\n\t\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.alloydb.Cluster;\nimport com.pulumi.gcp.alloydb.ClusterArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterNetworkConfigArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"alloydb-cluster\")\n .build());\n\n var default_ = new Cluster(\"default\", ClusterArgs.builder()\n .clusterId(\"alloydb-cluster\")\n .location(\"us-central1\")\n .networkConfig(ClusterNetworkConfigArgs.builder()\n .network(defaultNetwork.id())\n .build())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:alloydb:Cluster\n properties:\n clusterId: alloydb-cluster\n location: us-central1\n networkConfig:\n network: ${defaultNetwork.id}\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: alloydb-cluster\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Alloydb Cluster Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.Network(\"default\", {name: \"alloydb-cluster-full\"});\nconst full = new gcp.alloydb.Cluster(\"full\", {\n clusterId: \"alloydb-cluster-full\",\n location: \"us-central1\",\n networkConfig: {\n network: _default.id,\n },\n databaseVersion: \"POSTGRES_15\",\n initialUser: {\n user: \"alloydb-cluster-full\",\n password: \"alloydb-cluster-full\",\n },\n continuousBackupConfig: {\n enabled: true,\n recoveryWindowDays: 14,\n },\n automatedBackupPolicy: {\n location: \"us-central1\",\n backupWindow: \"1800s\",\n enabled: true,\n weeklySchedule: {\n daysOfWeeks: [\"MONDAY\"],\n startTimes: [{\n hours: 23,\n minutes: 0,\n seconds: 0,\n nanos: 0,\n }],\n },\n quantityBasedRetention: {\n count: 1,\n },\n labels: {\n test: \"alloydb-cluster-full\",\n },\n },\n labels: {\n test: \"alloydb-cluster-full\",\n },\n});\nconst project = gcp.organizations.getProject({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.Network(\"default\", name=\"alloydb-cluster-full\")\nfull = gcp.alloydb.Cluster(\"full\",\n cluster_id=\"alloydb-cluster-full\",\n location=\"us-central1\",\n network_config={\n \"network\": default.id,\n },\n database_version=\"POSTGRES_15\",\n initial_user={\n \"user\": \"alloydb-cluster-full\",\n \"password\": \"alloydb-cluster-full\",\n },\n continuous_backup_config={\n \"enabled\": True,\n \"recovery_window_days\": 14,\n },\n automated_backup_policy={\n \"location\": \"us-central1\",\n \"backup_window\": \"1800s\",\n \"enabled\": True,\n \"weekly_schedule\": {\n \"days_of_weeks\": [\"MONDAY\"],\n \"start_times\": [{\n \"hours\": 23,\n \"minutes\": 0,\n \"seconds\": 0,\n \"nanos\": 0,\n }],\n },\n \"quantity_based_retention\": {\n \"count\": 1,\n },\n \"labels\": {\n \"test\": \"alloydb-cluster-full\",\n },\n },\n labels={\n \"test\": \"alloydb-cluster-full\",\n })\nproject = gcp.organizations.get_project()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"alloydb-cluster-full\",\n });\n\n var full = new Gcp.Alloydb.Cluster(\"full\", new()\n {\n ClusterId = \"alloydb-cluster-full\",\n Location = \"us-central1\",\n NetworkConfig = new Gcp.Alloydb.Inputs.ClusterNetworkConfigArgs\n {\n Network = @default.Id,\n },\n DatabaseVersion = \"POSTGRES_15\",\n InitialUser = new Gcp.Alloydb.Inputs.ClusterInitialUserArgs\n {\n User = \"alloydb-cluster-full\",\n Password = \"alloydb-cluster-full\",\n },\n ContinuousBackupConfig = new Gcp.Alloydb.Inputs.ClusterContinuousBackupConfigArgs\n {\n Enabled = true,\n RecoveryWindowDays = 14,\n },\n AutomatedBackupPolicy = new Gcp.Alloydb.Inputs.ClusterAutomatedBackupPolicyArgs\n {\n Location = \"us-central1\",\n BackupWindow = \"1800s\",\n Enabled = true,\n WeeklySchedule = new Gcp.Alloydb.Inputs.ClusterAutomatedBackupPolicyWeeklyScheduleArgs\n {\n DaysOfWeeks = new[]\n {\n \"MONDAY\",\n },\n StartTimes = new[]\n {\n new Gcp.Alloydb.Inputs.ClusterAutomatedBackupPolicyWeeklyScheduleStartTimeArgs\n {\n Hours = 23,\n Minutes = 0,\n Seconds = 0,\n Nanos = 0,\n },\n },\n },\n QuantityBasedRetention = new Gcp.Alloydb.Inputs.ClusterAutomatedBackupPolicyQuantityBasedRetentionArgs\n {\n Count = 1,\n },\n Labels = \n {\n { \"test\", \"alloydb-cluster-full\" },\n },\n },\n Labels = \n {\n { \"test\", \"alloydb-cluster-full\" },\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/alloydb\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"alloydb-cluster-full\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = alloydb.NewCluster(ctx, \"full\", \u0026alloydb.ClusterArgs{\n\t\t\tClusterId: pulumi.String(\"alloydb-cluster-full\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tNetworkConfig: \u0026alloydb.ClusterNetworkConfigArgs{\n\t\t\t\tNetwork: _default.ID(),\n\t\t\t},\n\t\t\tDatabaseVersion: pulumi.String(\"POSTGRES_15\"),\n\t\t\tInitialUser: \u0026alloydb.ClusterInitialUserArgs{\n\t\t\t\tUser: pulumi.String(\"alloydb-cluster-full\"),\n\t\t\t\tPassword: pulumi.String(\"alloydb-cluster-full\"),\n\t\t\t},\n\t\t\tContinuousBackupConfig: \u0026alloydb.ClusterContinuousBackupConfigArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tRecoveryWindowDays: pulumi.Int(14),\n\t\t\t},\n\t\t\tAutomatedBackupPolicy: \u0026alloydb.ClusterAutomatedBackupPolicyArgs{\n\t\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\t\tBackupWindow: pulumi.String(\"1800s\"),\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tWeeklySchedule: \u0026alloydb.ClusterAutomatedBackupPolicyWeeklyScheduleArgs{\n\t\t\t\t\tDaysOfWeeks: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"MONDAY\"),\n\t\t\t\t\t},\n\t\t\t\t\tStartTimes: alloydb.ClusterAutomatedBackupPolicyWeeklyScheduleStartTimeArray{\n\t\t\t\t\t\t\u0026alloydb.ClusterAutomatedBackupPolicyWeeklyScheduleStartTimeArgs{\n\t\t\t\t\t\t\tHours: pulumi.Int(23),\n\t\t\t\t\t\t\tMinutes: pulumi.Int(0),\n\t\t\t\t\t\t\tSeconds: pulumi.Int(0),\n\t\t\t\t\t\t\tNanos: pulumi.Int(0),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tQuantityBasedRetention: \u0026alloydb.ClusterAutomatedBackupPolicyQuantityBasedRetentionArgs{\n\t\t\t\t\tCount: pulumi.Int(1),\n\t\t\t\t},\n\t\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\t\"test\": pulumi.String(\"alloydb-cluster-full\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"test\": pulumi.String(\"alloydb-cluster-full\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.alloydb.Cluster;\nimport com.pulumi.gcp.alloydb.ClusterArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterNetworkConfigArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterInitialUserArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterContinuousBackupConfigArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterAutomatedBackupPolicyArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterAutomatedBackupPolicyWeeklyScheduleArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterAutomatedBackupPolicyQuantityBasedRetentionArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"alloydb-cluster-full\")\n .build());\n\n var full = new Cluster(\"full\", ClusterArgs.builder()\n .clusterId(\"alloydb-cluster-full\")\n .location(\"us-central1\")\n .networkConfig(ClusterNetworkConfigArgs.builder()\n .network(default_.id())\n .build())\n .databaseVersion(\"POSTGRES_15\")\n .initialUser(ClusterInitialUserArgs.builder()\n .user(\"alloydb-cluster-full\")\n .password(\"alloydb-cluster-full\")\n .build())\n .continuousBackupConfig(ClusterContinuousBackupConfigArgs.builder()\n .enabled(true)\n .recoveryWindowDays(14)\n .build())\n .automatedBackupPolicy(ClusterAutomatedBackupPolicyArgs.builder()\n .location(\"us-central1\")\n .backupWindow(\"1800s\")\n .enabled(true)\n .weeklySchedule(ClusterAutomatedBackupPolicyWeeklyScheduleArgs.builder()\n .daysOfWeeks(\"MONDAY\")\n .startTimes(ClusterAutomatedBackupPolicyWeeklyScheduleStartTimeArgs.builder()\n .hours(23)\n .minutes(0)\n .seconds(0)\n .nanos(0)\n .build())\n .build())\n .quantityBasedRetention(ClusterAutomatedBackupPolicyQuantityBasedRetentionArgs.builder()\n .count(1)\n .build())\n .labels(Map.of(\"test\", \"alloydb-cluster-full\"))\n .build())\n .labels(Map.of(\"test\", \"alloydb-cluster-full\"))\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n }\n}\n```\n```yaml\nresources:\n full:\n type: gcp:alloydb:Cluster\n properties:\n clusterId: alloydb-cluster-full\n location: us-central1\n networkConfig:\n network: ${default.id}\n databaseVersion: POSTGRES_15\n initialUser:\n user: alloydb-cluster-full\n password: alloydb-cluster-full\n continuousBackupConfig:\n enabled: true\n recoveryWindowDays: 14\n automatedBackupPolicy:\n location: us-central1\n backupWindow: 1800s\n enabled: true\n weeklySchedule:\n daysOfWeeks:\n - MONDAY\n startTimes:\n - hours: 23\n minutes: 0\n seconds: 0\n nanos: 0\n quantityBasedRetention:\n count: 1\n labels:\n test: alloydb-cluster-full\n labels:\n test: alloydb-cluster-full\n default:\n type: gcp:compute:Network\n properties:\n name: alloydb-cluster-full\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Alloydb Cluster Restore\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```yaml\nresources:\n source:\n type: gcp:alloydb:Cluster\n properties:\n clusterId: alloydb-source-cluster\n location: us-central1\n network: ${default.id}\n initialUser:\n password: alloydb-source-cluster\n sourceInstance:\n type: gcp:alloydb:Instance\n name: source\n properties:\n cluster: ${source.name}\n instanceId: alloydb-instance\n instanceType: PRIMARY\n machineConfig:\n cpuCount: 2\n options:\n dependson:\n - ${vpcConnection}\n sourceBackup:\n type: gcp:alloydb:Backup\n name: source\n properties:\n backupId: alloydb-backup\n location: us-central1\n clusterName: ${source.name}\n options:\n dependson:\n - ${sourceInstance}\n restoredFromBackup:\n type: gcp:alloydb:Cluster\n name: restored_from_backup\n properties:\n clusterId: alloydb-backup-restored\n location: us-central1\n networkConfig:\n network: ${default.id}\n restoreBackupSource:\n backupName: ${sourceBackup.name}\n restoredViaPitr:\n type: gcp:alloydb:Cluster\n name: restored_via_pitr\n properties:\n clusterId: alloydb-pitr-restored\n location: us-central1\n networkConfig:\n network: ${default.id}\n restoreContinuousBackupSource:\n cluster: ${source.name}\n pointInTime: 2023-08-03T19:19:00.094Z\n privateIpAlloc:\n type: gcp:compute:GlobalAddress\n name: private_ip_alloc\n properties:\n name: alloydb-source-cluster\n addressType: INTERNAL\n purpose: VPC_PEERING\n prefixLength: 16\n network: ${default.id}\n vpcConnection:\n type: gcp:servicenetworking:Connection\n name: vpc_connection\n properties:\n network: ${default.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${privateIpAlloc.name}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n default:\n fn::invoke:\n Function: gcp:compute:getNetwork\n Arguments:\n name: alloydb-network\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Alloydb Secondary Cluster Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.Network(\"default\", {name: \"alloydb-secondary-cluster\"});\nconst primary = new gcp.alloydb.Cluster(\"primary\", {\n clusterId: \"alloydb-primary-cluster\",\n location: \"us-central1\",\n networkConfig: {\n network: _default.id,\n },\n});\nconst privateIpAlloc = new gcp.compute.GlobalAddress(\"private_ip_alloc\", {\n name: \"alloydb-secondary-cluster\",\n addressType: \"INTERNAL\",\n purpose: \"VPC_PEERING\",\n prefixLength: 16,\n network: _default.id,\n});\nconst vpcConnection = new gcp.servicenetworking.Connection(\"vpc_connection\", {\n network: _default.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [privateIpAlloc.name],\n});\nconst primaryInstance = new gcp.alloydb.Instance(\"primary\", {\n cluster: primary.name,\n instanceId: \"alloydb-primary-instance\",\n instanceType: \"PRIMARY\",\n machineConfig: {\n cpuCount: 2,\n },\n}, {\n dependsOn: [vpcConnection],\n});\nconst secondary = new gcp.alloydb.Cluster(\"secondary\", {\n clusterId: \"alloydb-secondary-cluster\",\n location: \"us-east1\",\n networkConfig: {\n network: _default.id,\n },\n clusterType: \"SECONDARY\",\n continuousBackupConfig: {\n enabled: false,\n },\n secondaryConfig: {\n primaryClusterName: primary.name,\n },\n}, {\n dependsOn: [primaryInstance],\n});\nconst project = gcp.organizations.getProject({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.Network(\"default\", name=\"alloydb-secondary-cluster\")\nprimary = gcp.alloydb.Cluster(\"primary\",\n cluster_id=\"alloydb-primary-cluster\",\n location=\"us-central1\",\n network_config={\n \"network\": default.id,\n })\nprivate_ip_alloc = gcp.compute.GlobalAddress(\"private_ip_alloc\",\n name=\"alloydb-secondary-cluster\",\n address_type=\"INTERNAL\",\n purpose=\"VPC_PEERING\",\n prefix_length=16,\n network=default.id)\nvpc_connection = gcp.servicenetworking.Connection(\"vpc_connection\",\n network=default.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[private_ip_alloc.name])\nprimary_instance = gcp.alloydb.Instance(\"primary\",\n cluster=primary.name,\n instance_id=\"alloydb-primary-instance\",\n instance_type=\"PRIMARY\",\n machine_config={\n \"cpu_count\": 2,\n },\n opts = pulumi.ResourceOptions(depends_on=[vpc_connection]))\nsecondary = gcp.alloydb.Cluster(\"secondary\",\n cluster_id=\"alloydb-secondary-cluster\",\n location=\"us-east1\",\n network_config={\n \"network\": default.id,\n },\n cluster_type=\"SECONDARY\",\n continuous_backup_config={\n \"enabled\": False,\n },\n secondary_config={\n \"primary_cluster_name\": primary.name,\n },\n opts = pulumi.ResourceOptions(depends_on=[primary_instance]))\nproject = gcp.organizations.get_project()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"alloydb-secondary-cluster\",\n });\n\n var primary = new Gcp.Alloydb.Cluster(\"primary\", new()\n {\n ClusterId = \"alloydb-primary-cluster\",\n Location = \"us-central1\",\n NetworkConfig = new Gcp.Alloydb.Inputs.ClusterNetworkConfigArgs\n {\n Network = @default.Id,\n },\n });\n\n var privateIpAlloc = new Gcp.Compute.GlobalAddress(\"private_ip_alloc\", new()\n {\n Name = \"alloydb-secondary-cluster\",\n AddressType = \"INTERNAL\",\n Purpose = \"VPC_PEERING\",\n PrefixLength = 16,\n Network = @default.Id,\n });\n\n var vpcConnection = new Gcp.ServiceNetworking.Connection(\"vpc_connection\", new()\n {\n Network = @default.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n privateIpAlloc.Name,\n },\n });\n\n var primaryInstance = new Gcp.Alloydb.Instance(\"primary\", new()\n {\n Cluster = primary.Name,\n InstanceId = \"alloydb-primary-instance\",\n InstanceType = \"PRIMARY\",\n MachineConfig = new Gcp.Alloydb.Inputs.InstanceMachineConfigArgs\n {\n CpuCount = 2,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n vpcConnection,\n },\n });\n\n var secondary = new Gcp.Alloydb.Cluster(\"secondary\", new()\n {\n ClusterId = \"alloydb-secondary-cluster\",\n Location = \"us-east1\",\n NetworkConfig = new Gcp.Alloydb.Inputs.ClusterNetworkConfigArgs\n {\n Network = @default.Id,\n },\n ClusterType = \"SECONDARY\",\n ContinuousBackupConfig = new Gcp.Alloydb.Inputs.ClusterContinuousBackupConfigArgs\n {\n Enabled = false,\n },\n SecondaryConfig = new Gcp.Alloydb.Inputs.ClusterSecondaryConfigArgs\n {\n PrimaryClusterName = primary.Name,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n primaryInstance,\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/alloydb\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"alloydb-secondary-cluster\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimary, err := alloydb.NewCluster(ctx, \"primary\", \u0026alloydb.ClusterArgs{\n\t\t\tClusterId: pulumi.String(\"alloydb-primary-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tNetworkConfig: \u0026alloydb.ClusterNetworkConfigArgs{\n\t\t\t\tNetwork: _default.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateIpAlloc, err := compute.NewGlobalAddress(ctx, \"private_ip_alloc\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"alloydb-secondary-cluster\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpcConnection, err := servicenetworking.NewConnection(ctx, \"vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: _default.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tprivateIpAlloc.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimaryInstance, err := alloydb.NewInstance(ctx, \"primary\", \u0026alloydb.InstanceArgs{\n\t\t\tCluster: primary.Name,\n\t\t\tInstanceId: pulumi.String(\"alloydb-primary-instance\"),\n\t\t\tInstanceType: pulumi.String(\"PRIMARY\"),\n\t\t\tMachineConfig: \u0026alloydb.InstanceMachineConfigArgs{\n\t\t\t\tCpuCount: pulumi.Int(2),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = alloydb.NewCluster(ctx, \"secondary\", \u0026alloydb.ClusterArgs{\n\t\t\tClusterId: pulumi.String(\"alloydb-secondary-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-east1\"),\n\t\t\tNetworkConfig: \u0026alloydb.ClusterNetworkConfigArgs{\n\t\t\t\tNetwork: _default.ID(),\n\t\t\t},\n\t\t\tClusterType: pulumi.String(\"SECONDARY\"),\n\t\t\tContinuousBackupConfig: \u0026alloydb.ClusterContinuousBackupConfigArgs{\n\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t\tSecondaryConfig: \u0026alloydb.ClusterSecondaryConfigArgs{\n\t\t\t\tPrimaryClusterName: primary.Name,\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tprimaryInstance,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.alloydb.Cluster;\nimport com.pulumi.gcp.alloydb.ClusterArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterNetworkConfigArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.alloydb.Instance;\nimport com.pulumi.gcp.alloydb.InstanceArgs;\nimport com.pulumi.gcp.alloydb.inputs.InstanceMachineConfigArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterContinuousBackupConfigArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterSecondaryConfigArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"alloydb-secondary-cluster\")\n .build());\n\n var primary = new Cluster(\"primary\", ClusterArgs.builder()\n .clusterId(\"alloydb-primary-cluster\")\n .location(\"us-central1\")\n .networkConfig(ClusterNetworkConfigArgs.builder()\n .network(default_.id())\n .build())\n .build());\n\n var privateIpAlloc = new GlobalAddress(\"privateIpAlloc\", GlobalAddressArgs.builder()\n .name(\"alloydb-secondary-cluster\")\n .addressType(\"INTERNAL\")\n .purpose(\"VPC_PEERING\")\n .prefixLength(16)\n .network(default_.id())\n .build());\n\n var vpcConnection = new Connection(\"vpcConnection\", ConnectionArgs.builder()\n .network(default_.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(privateIpAlloc.name())\n .build());\n\n var primaryInstance = new Instance(\"primaryInstance\", InstanceArgs.builder()\n .cluster(primary.name())\n .instanceId(\"alloydb-primary-instance\")\n .instanceType(\"PRIMARY\")\n .machineConfig(InstanceMachineConfigArgs.builder()\n .cpuCount(2)\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(vpcConnection)\n .build());\n\n var secondary = new Cluster(\"secondary\", ClusterArgs.builder()\n .clusterId(\"alloydb-secondary-cluster\")\n .location(\"us-east1\")\n .networkConfig(ClusterNetworkConfigArgs.builder()\n .network(default_.id())\n .build())\n .clusterType(\"SECONDARY\")\n .continuousBackupConfig(ClusterContinuousBackupConfigArgs.builder()\n .enabled(false)\n .build())\n .secondaryConfig(ClusterSecondaryConfigArgs.builder()\n .primaryClusterName(primary.name())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(primaryInstance)\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:alloydb:Cluster\n properties:\n clusterId: alloydb-primary-cluster\n location: us-central1\n networkConfig:\n network: ${default.id}\n primaryInstance:\n type: gcp:alloydb:Instance\n name: primary\n properties:\n cluster: ${primary.name}\n instanceId: alloydb-primary-instance\n instanceType: PRIMARY\n machineConfig:\n cpuCount: 2\n options:\n dependson:\n - ${vpcConnection}\n secondary:\n type: gcp:alloydb:Cluster\n properties:\n clusterId: alloydb-secondary-cluster\n location: us-east1\n networkConfig:\n network: ${default.id}\n clusterType: SECONDARY\n continuousBackupConfig:\n enabled: false\n secondaryConfig:\n primaryClusterName: ${primary.name}\n options:\n dependson:\n - ${primaryInstance}\n default:\n type: gcp:compute:Network\n properties:\n name: alloydb-secondary-cluster\n privateIpAlloc:\n type: gcp:compute:GlobalAddress\n name: private_ip_alloc\n properties:\n name: alloydb-secondary-cluster\n addressType: INTERNAL\n purpose: VPC_PEERING\n prefixLength: 16\n network: ${default.id}\n vpcConnection:\n type: gcp:servicenetworking:Connection\n name: vpc_connection\n properties:\n network: ${default.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${privateIpAlloc.name}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nCluster can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/clusters/{{cluster_id}}`\n\n* `{{project}}/{{location}}/{{cluster_id}}`\n\n* `{{location}}/{{cluster_id}}`\n\n* `{{cluster_id}}`\n\nWhen using the `pulumi import` command, Cluster can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:alloydb/cluster:Cluster default projects/{{project}}/locations/{{location}}/clusters/{{cluster_id}}\n```\n\n```sh\n$ pulumi import gcp:alloydb/cluster:Cluster default {{project}}/{{location}}/{{cluster_id}}\n```\n\n```sh\n$ pulumi import gcp:alloydb/cluster:Cluster default {{location}}/{{cluster_id}}\n```\n\n```sh\n$ pulumi import gcp:alloydb/cluster:Cluster default {{cluster_id}}\n```\n\n", + "description": "## Example Usage\n\n### Alloydb Cluster Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultNetwork = new gcp.compute.Network(\"default\", {name: \"alloydb-cluster\"});\nconst _default = new gcp.alloydb.Cluster(\"default\", {\n clusterId: \"alloydb-cluster\",\n location: \"us-central1\",\n networkConfig: {\n network: defaultNetwork.id,\n },\n});\nconst project = gcp.organizations.getProject({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_network = gcp.compute.Network(\"default\", name=\"alloydb-cluster\")\ndefault = gcp.alloydb.Cluster(\"default\",\n cluster_id=\"alloydb-cluster\",\n location=\"us-central1\",\n network_config={\n \"network\": default_network.id,\n })\nproject = gcp.organizations.get_project()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"alloydb-cluster\",\n });\n\n var @default = new Gcp.Alloydb.Cluster(\"default\", new()\n {\n ClusterId = \"alloydb-cluster\",\n Location = \"us-central1\",\n NetworkConfig = new Gcp.Alloydb.Inputs.ClusterNetworkConfigArgs\n {\n Network = defaultNetwork.Id,\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/alloydb\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"alloydb-cluster\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = alloydb.NewCluster(ctx, \"default\", \u0026alloydb.ClusterArgs{\n\t\t\tClusterId: pulumi.String(\"alloydb-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tNetworkConfig: \u0026alloydb.ClusterNetworkConfigArgs{\n\t\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.alloydb.Cluster;\nimport com.pulumi.gcp.alloydb.ClusterArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterNetworkConfigArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"alloydb-cluster\")\n .build());\n\n var default_ = new Cluster(\"default\", ClusterArgs.builder()\n .clusterId(\"alloydb-cluster\")\n .location(\"us-central1\")\n .networkConfig(ClusterNetworkConfigArgs.builder()\n .network(defaultNetwork.id())\n .build())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:alloydb:Cluster\n properties:\n clusterId: alloydb-cluster\n location: us-central1\n networkConfig:\n network: ${defaultNetwork.id}\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: alloydb-cluster\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Alloydb Cluster Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.Network(\"default\", {name: \"alloydb-cluster-full\"});\nconst full = new gcp.alloydb.Cluster(\"full\", {\n clusterId: \"alloydb-cluster-full\",\n location: \"us-central1\",\n networkConfig: {\n network: _default.id,\n },\n databaseVersion: \"POSTGRES_15\",\n initialUser: {\n user: \"alloydb-cluster-full\",\n password: \"alloydb-cluster-full\",\n },\n continuousBackupConfig: {\n enabled: true,\n recoveryWindowDays: 14,\n },\n automatedBackupPolicy: {\n location: \"us-central1\",\n backupWindow: \"1800s\",\n enabled: true,\n weeklySchedule: {\n daysOfWeeks: [\"MONDAY\"],\n startTimes: [{\n hours: 23,\n minutes: 0,\n seconds: 0,\n nanos: 0,\n }],\n },\n quantityBasedRetention: {\n count: 1,\n },\n labels: {\n test: \"alloydb-cluster-full\",\n },\n },\n labels: {\n test: \"alloydb-cluster-full\",\n },\n});\nconst project = gcp.organizations.getProject({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.Network(\"default\", name=\"alloydb-cluster-full\")\nfull = gcp.alloydb.Cluster(\"full\",\n cluster_id=\"alloydb-cluster-full\",\n location=\"us-central1\",\n network_config={\n \"network\": default.id,\n },\n database_version=\"POSTGRES_15\",\n initial_user={\n \"user\": \"alloydb-cluster-full\",\n \"password\": \"alloydb-cluster-full\",\n },\n continuous_backup_config={\n \"enabled\": True,\n \"recovery_window_days\": 14,\n },\n automated_backup_policy={\n \"location\": \"us-central1\",\n \"backup_window\": \"1800s\",\n \"enabled\": True,\n \"weekly_schedule\": {\n \"days_of_weeks\": [\"MONDAY\"],\n \"start_times\": [{\n \"hours\": 23,\n \"minutes\": 0,\n \"seconds\": 0,\n \"nanos\": 0,\n }],\n },\n \"quantity_based_retention\": {\n \"count\": 1,\n },\n \"labels\": {\n \"test\": \"alloydb-cluster-full\",\n },\n },\n labels={\n \"test\": \"alloydb-cluster-full\",\n })\nproject = gcp.organizations.get_project()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"alloydb-cluster-full\",\n });\n\n var full = new Gcp.Alloydb.Cluster(\"full\", new()\n {\n ClusterId = \"alloydb-cluster-full\",\n Location = \"us-central1\",\n NetworkConfig = new Gcp.Alloydb.Inputs.ClusterNetworkConfigArgs\n {\n Network = @default.Id,\n },\n DatabaseVersion = \"POSTGRES_15\",\n InitialUser = new Gcp.Alloydb.Inputs.ClusterInitialUserArgs\n {\n User = \"alloydb-cluster-full\",\n Password = \"alloydb-cluster-full\",\n },\n ContinuousBackupConfig = new Gcp.Alloydb.Inputs.ClusterContinuousBackupConfigArgs\n {\n Enabled = true,\n RecoveryWindowDays = 14,\n },\n AutomatedBackupPolicy = new Gcp.Alloydb.Inputs.ClusterAutomatedBackupPolicyArgs\n {\n Location = \"us-central1\",\n BackupWindow = \"1800s\",\n Enabled = true,\n WeeklySchedule = new Gcp.Alloydb.Inputs.ClusterAutomatedBackupPolicyWeeklyScheduleArgs\n {\n DaysOfWeeks = new[]\n {\n \"MONDAY\",\n },\n StartTimes = new[]\n {\n new Gcp.Alloydb.Inputs.ClusterAutomatedBackupPolicyWeeklyScheduleStartTimeArgs\n {\n Hours = 23,\n Minutes = 0,\n Seconds = 0,\n Nanos = 0,\n },\n },\n },\n QuantityBasedRetention = new Gcp.Alloydb.Inputs.ClusterAutomatedBackupPolicyQuantityBasedRetentionArgs\n {\n Count = 1,\n },\n Labels = \n {\n { \"test\", \"alloydb-cluster-full\" },\n },\n },\n Labels = \n {\n { \"test\", \"alloydb-cluster-full\" },\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/alloydb\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"alloydb-cluster-full\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = alloydb.NewCluster(ctx, \"full\", \u0026alloydb.ClusterArgs{\n\t\t\tClusterId: pulumi.String(\"alloydb-cluster-full\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tNetworkConfig: \u0026alloydb.ClusterNetworkConfigArgs{\n\t\t\t\tNetwork: _default.ID(),\n\t\t\t},\n\t\t\tDatabaseVersion: pulumi.String(\"POSTGRES_15\"),\n\t\t\tInitialUser: \u0026alloydb.ClusterInitialUserArgs{\n\t\t\t\tUser: pulumi.String(\"alloydb-cluster-full\"),\n\t\t\t\tPassword: pulumi.String(\"alloydb-cluster-full\"),\n\t\t\t},\n\t\t\tContinuousBackupConfig: \u0026alloydb.ClusterContinuousBackupConfigArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tRecoveryWindowDays: pulumi.Int(14),\n\t\t\t},\n\t\t\tAutomatedBackupPolicy: \u0026alloydb.ClusterAutomatedBackupPolicyArgs{\n\t\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\t\tBackupWindow: pulumi.String(\"1800s\"),\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tWeeklySchedule: \u0026alloydb.ClusterAutomatedBackupPolicyWeeklyScheduleArgs{\n\t\t\t\t\tDaysOfWeeks: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"MONDAY\"),\n\t\t\t\t\t},\n\t\t\t\t\tStartTimes: alloydb.ClusterAutomatedBackupPolicyWeeklyScheduleStartTimeArray{\n\t\t\t\t\t\t\u0026alloydb.ClusterAutomatedBackupPolicyWeeklyScheduleStartTimeArgs{\n\t\t\t\t\t\t\tHours: pulumi.Int(23),\n\t\t\t\t\t\t\tMinutes: pulumi.Int(0),\n\t\t\t\t\t\t\tSeconds: pulumi.Int(0),\n\t\t\t\t\t\t\tNanos: pulumi.Int(0),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tQuantityBasedRetention: \u0026alloydb.ClusterAutomatedBackupPolicyQuantityBasedRetentionArgs{\n\t\t\t\t\tCount: pulumi.Int(1),\n\t\t\t\t},\n\t\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\t\"test\": pulumi.String(\"alloydb-cluster-full\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"test\": pulumi.String(\"alloydb-cluster-full\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.alloydb.Cluster;\nimport com.pulumi.gcp.alloydb.ClusterArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterNetworkConfigArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterInitialUserArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterContinuousBackupConfigArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterAutomatedBackupPolicyArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterAutomatedBackupPolicyWeeklyScheduleArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterAutomatedBackupPolicyQuantityBasedRetentionArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"alloydb-cluster-full\")\n .build());\n\n var full = new Cluster(\"full\", ClusterArgs.builder()\n .clusterId(\"alloydb-cluster-full\")\n .location(\"us-central1\")\n .networkConfig(ClusterNetworkConfigArgs.builder()\n .network(default_.id())\n .build())\n .databaseVersion(\"POSTGRES_15\")\n .initialUser(ClusterInitialUserArgs.builder()\n .user(\"alloydb-cluster-full\")\n .password(\"alloydb-cluster-full\")\n .build())\n .continuousBackupConfig(ClusterContinuousBackupConfigArgs.builder()\n .enabled(true)\n .recoveryWindowDays(14)\n .build())\n .automatedBackupPolicy(ClusterAutomatedBackupPolicyArgs.builder()\n .location(\"us-central1\")\n .backupWindow(\"1800s\")\n .enabled(true)\n .weeklySchedule(ClusterAutomatedBackupPolicyWeeklyScheduleArgs.builder()\n .daysOfWeeks(\"MONDAY\")\n .startTimes(ClusterAutomatedBackupPolicyWeeklyScheduleStartTimeArgs.builder()\n .hours(23)\n .minutes(0)\n .seconds(0)\n .nanos(0)\n .build())\n .build())\n .quantityBasedRetention(ClusterAutomatedBackupPolicyQuantityBasedRetentionArgs.builder()\n .count(1)\n .build())\n .labels(Map.of(\"test\", \"alloydb-cluster-full\"))\n .build())\n .labels(Map.of(\"test\", \"alloydb-cluster-full\"))\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n }\n}\n```\n```yaml\nresources:\n full:\n type: gcp:alloydb:Cluster\n properties:\n clusterId: alloydb-cluster-full\n location: us-central1\n networkConfig:\n network: ${default.id}\n databaseVersion: POSTGRES_15\n initialUser:\n user: alloydb-cluster-full\n password: alloydb-cluster-full\n continuousBackupConfig:\n enabled: true\n recoveryWindowDays: 14\n automatedBackupPolicy:\n location: us-central1\n backupWindow: 1800s\n enabled: true\n weeklySchedule:\n daysOfWeeks:\n - MONDAY\n startTimes:\n - hours: 23\n minutes: 0\n seconds: 0\n nanos: 0\n quantityBasedRetention:\n count: 1\n labels:\n test: alloydb-cluster-full\n labels:\n test: alloydb-cluster-full\n default:\n type: gcp:compute:Network\n properties:\n name: alloydb-cluster-full\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Alloydb Cluster Restore\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```yaml\nresources:\n source:\n type: gcp:alloydb:Cluster\n properties:\n clusterId: alloydb-source-cluster\n location: us-central1\n network: ${default.id}\n initialUser:\n password: alloydb-source-cluster\n sourceInstance:\n type: gcp:alloydb:Instance\n name: source\n properties:\n cluster: ${source.name}\n instanceId: alloydb-instance\n instanceType: PRIMARY\n machineConfig:\n cpuCount: 2\n options:\n dependsOn:\n - ${vpcConnection}\n sourceBackup:\n type: gcp:alloydb:Backup\n name: source\n properties:\n backupId: alloydb-backup\n location: us-central1\n clusterName: ${source.name}\n options:\n dependsOn:\n - ${sourceInstance}\n restoredFromBackup:\n type: gcp:alloydb:Cluster\n name: restored_from_backup\n properties:\n clusterId: alloydb-backup-restored\n location: us-central1\n networkConfig:\n network: ${default.id}\n restoreBackupSource:\n backupName: ${sourceBackup.name}\n restoredViaPitr:\n type: gcp:alloydb:Cluster\n name: restored_via_pitr\n properties:\n clusterId: alloydb-pitr-restored\n location: us-central1\n networkConfig:\n network: ${default.id}\n restoreContinuousBackupSource:\n cluster: ${source.name}\n pointInTime: 2023-08-03T19:19:00.094Z\n privateIpAlloc:\n type: gcp:compute:GlobalAddress\n name: private_ip_alloc\n properties:\n name: alloydb-source-cluster\n addressType: INTERNAL\n purpose: VPC_PEERING\n prefixLength: 16\n network: ${default.id}\n vpcConnection:\n type: gcp:servicenetworking:Connection\n name: vpc_connection\n properties:\n network: ${default.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${privateIpAlloc.name}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n default:\n fn::invoke:\n function: gcp:compute:getNetwork\n arguments:\n name: alloydb-network\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Alloydb Secondary Cluster Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.Network(\"default\", {name: \"alloydb-secondary-cluster\"});\nconst primary = new gcp.alloydb.Cluster(\"primary\", {\n clusterId: \"alloydb-primary-cluster\",\n location: \"us-central1\",\n networkConfig: {\n network: _default.id,\n },\n});\nconst privateIpAlloc = new gcp.compute.GlobalAddress(\"private_ip_alloc\", {\n name: \"alloydb-secondary-cluster\",\n addressType: \"INTERNAL\",\n purpose: \"VPC_PEERING\",\n prefixLength: 16,\n network: _default.id,\n});\nconst vpcConnection = new gcp.servicenetworking.Connection(\"vpc_connection\", {\n network: _default.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [privateIpAlloc.name],\n});\nconst primaryInstance = new gcp.alloydb.Instance(\"primary\", {\n cluster: primary.name,\n instanceId: \"alloydb-primary-instance\",\n instanceType: \"PRIMARY\",\n machineConfig: {\n cpuCount: 2,\n },\n}, {\n dependsOn: [vpcConnection],\n});\nconst secondary = new gcp.alloydb.Cluster(\"secondary\", {\n clusterId: \"alloydb-secondary-cluster\",\n location: \"us-east1\",\n networkConfig: {\n network: _default.id,\n },\n clusterType: \"SECONDARY\",\n continuousBackupConfig: {\n enabled: false,\n },\n secondaryConfig: {\n primaryClusterName: primary.name,\n },\n}, {\n dependsOn: [primaryInstance],\n});\nconst project = gcp.organizations.getProject({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.Network(\"default\", name=\"alloydb-secondary-cluster\")\nprimary = gcp.alloydb.Cluster(\"primary\",\n cluster_id=\"alloydb-primary-cluster\",\n location=\"us-central1\",\n network_config={\n \"network\": default.id,\n })\nprivate_ip_alloc = gcp.compute.GlobalAddress(\"private_ip_alloc\",\n name=\"alloydb-secondary-cluster\",\n address_type=\"INTERNAL\",\n purpose=\"VPC_PEERING\",\n prefix_length=16,\n network=default.id)\nvpc_connection = gcp.servicenetworking.Connection(\"vpc_connection\",\n network=default.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[private_ip_alloc.name])\nprimary_instance = gcp.alloydb.Instance(\"primary\",\n cluster=primary.name,\n instance_id=\"alloydb-primary-instance\",\n instance_type=\"PRIMARY\",\n machine_config={\n \"cpu_count\": 2,\n },\n opts = pulumi.ResourceOptions(depends_on=[vpc_connection]))\nsecondary = gcp.alloydb.Cluster(\"secondary\",\n cluster_id=\"alloydb-secondary-cluster\",\n location=\"us-east1\",\n network_config={\n \"network\": default.id,\n },\n cluster_type=\"SECONDARY\",\n continuous_backup_config={\n \"enabled\": False,\n },\n secondary_config={\n \"primary_cluster_name\": primary.name,\n },\n opts = pulumi.ResourceOptions(depends_on=[primary_instance]))\nproject = gcp.organizations.get_project()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"alloydb-secondary-cluster\",\n });\n\n var primary = new Gcp.Alloydb.Cluster(\"primary\", new()\n {\n ClusterId = \"alloydb-primary-cluster\",\n Location = \"us-central1\",\n NetworkConfig = new Gcp.Alloydb.Inputs.ClusterNetworkConfigArgs\n {\n Network = @default.Id,\n },\n });\n\n var privateIpAlloc = new Gcp.Compute.GlobalAddress(\"private_ip_alloc\", new()\n {\n Name = \"alloydb-secondary-cluster\",\n AddressType = \"INTERNAL\",\n Purpose = \"VPC_PEERING\",\n PrefixLength = 16,\n Network = @default.Id,\n });\n\n var vpcConnection = new Gcp.ServiceNetworking.Connection(\"vpc_connection\", new()\n {\n Network = @default.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n privateIpAlloc.Name,\n },\n });\n\n var primaryInstance = new Gcp.Alloydb.Instance(\"primary\", new()\n {\n Cluster = primary.Name,\n InstanceId = \"alloydb-primary-instance\",\n InstanceType = \"PRIMARY\",\n MachineConfig = new Gcp.Alloydb.Inputs.InstanceMachineConfigArgs\n {\n CpuCount = 2,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n vpcConnection,\n },\n });\n\n var secondary = new Gcp.Alloydb.Cluster(\"secondary\", new()\n {\n ClusterId = \"alloydb-secondary-cluster\",\n Location = \"us-east1\",\n NetworkConfig = new Gcp.Alloydb.Inputs.ClusterNetworkConfigArgs\n {\n Network = @default.Id,\n },\n ClusterType = \"SECONDARY\",\n ContinuousBackupConfig = new Gcp.Alloydb.Inputs.ClusterContinuousBackupConfigArgs\n {\n Enabled = false,\n },\n SecondaryConfig = new Gcp.Alloydb.Inputs.ClusterSecondaryConfigArgs\n {\n PrimaryClusterName = primary.Name,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n primaryInstance,\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/alloydb\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"alloydb-secondary-cluster\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimary, err := alloydb.NewCluster(ctx, \"primary\", \u0026alloydb.ClusterArgs{\n\t\t\tClusterId: pulumi.String(\"alloydb-primary-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tNetworkConfig: \u0026alloydb.ClusterNetworkConfigArgs{\n\t\t\t\tNetwork: _default.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateIpAlloc, err := compute.NewGlobalAddress(ctx, \"private_ip_alloc\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"alloydb-secondary-cluster\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpcConnection, err := servicenetworking.NewConnection(ctx, \"vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: _default.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tprivateIpAlloc.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimaryInstance, err := alloydb.NewInstance(ctx, \"primary\", \u0026alloydb.InstanceArgs{\n\t\t\tCluster: primary.Name,\n\t\t\tInstanceId: pulumi.String(\"alloydb-primary-instance\"),\n\t\t\tInstanceType: pulumi.String(\"PRIMARY\"),\n\t\t\tMachineConfig: \u0026alloydb.InstanceMachineConfigArgs{\n\t\t\t\tCpuCount: pulumi.Int(2),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = alloydb.NewCluster(ctx, \"secondary\", \u0026alloydb.ClusterArgs{\n\t\t\tClusterId: pulumi.String(\"alloydb-secondary-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-east1\"),\n\t\t\tNetworkConfig: \u0026alloydb.ClusterNetworkConfigArgs{\n\t\t\t\tNetwork: _default.ID(),\n\t\t\t},\n\t\t\tClusterType: pulumi.String(\"SECONDARY\"),\n\t\t\tContinuousBackupConfig: \u0026alloydb.ClusterContinuousBackupConfigArgs{\n\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t\tSecondaryConfig: \u0026alloydb.ClusterSecondaryConfigArgs{\n\t\t\t\tPrimaryClusterName: primary.Name,\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tprimaryInstance,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.alloydb.Cluster;\nimport com.pulumi.gcp.alloydb.ClusterArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterNetworkConfigArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.alloydb.Instance;\nimport com.pulumi.gcp.alloydb.InstanceArgs;\nimport com.pulumi.gcp.alloydb.inputs.InstanceMachineConfigArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterContinuousBackupConfigArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterSecondaryConfigArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"alloydb-secondary-cluster\")\n .build());\n\n var primary = new Cluster(\"primary\", ClusterArgs.builder()\n .clusterId(\"alloydb-primary-cluster\")\n .location(\"us-central1\")\n .networkConfig(ClusterNetworkConfigArgs.builder()\n .network(default_.id())\n .build())\n .build());\n\n var privateIpAlloc = new GlobalAddress(\"privateIpAlloc\", GlobalAddressArgs.builder()\n .name(\"alloydb-secondary-cluster\")\n .addressType(\"INTERNAL\")\n .purpose(\"VPC_PEERING\")\n .prefixLength(16)\n .network(default_.id())\n .build());\n\n var vpcConnection = new Connection(\"vpcConnection\", ConnectionArgs.builder()\n .network(default_.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(privateIpAlloc.name())\n .build());\n\n var primaryInstance = new Instance(\"primaryInstance\", InstanceArgs.builder()\n .cluster(primary.name())\n .instanceId(\"alloydb-primary-instance\")\n .instanceType(\"PRIMARY\")\n .machineConfig(InstanceMachineConfigArgs.builder()\n .cpuCount(2)\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(vpcConnection)\n .build());\n\n var secondary = new Cluster(\"secondary\", ClusterArgs.builder()\n .clusterId(\"alloydb-secondary-cluster\")\n .location(\"us-east1\")\n .networkConfig(ClusterNetworkConfigArgs.builder()\n .network(default_.id())\n .build())\n .clusterType(\"SECONDARY\")\n .continuousBackupConfig(ClusterContinuousBackupConfigArgs.builder()\n .enabled(false)\n .build())\n .secondaryConfig(ClusterSecondaryConfigArgs.builder()\n .primaryClusterName(primary.name())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(primaryInstance)\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:alloydb:Cluster\n properties:\n clusterId: alloydb-primary-cluster\n location: us-central1\n networkConfig:\n network: ${default.id}\n primaryInstance:\n type: gcp:alloydb:Instance\n name: primary\n properties:\n cluster: ${primary.name}\n instanceId: alloydb-primary-instance\n instanceType: PRIMARY\n machineConfig:\n cpuCount: 2\n options:\n dependsOn:\n - ${vpcConnection}\n secondary:\n type: gcp:alloydb:Cluster\n properties:\n clusterId: alloydb-secondary-cluster\n location: us-east1\n networkConfig:\n network: ${default.id}\n clusterType: SECONDARY\n continuousBackupConfig:\n enabled: false\n secondaryConfig:\n primaryClusterName: ${primary.name}\n options:\n dependsOn:\n - ${primaryInstance}\n default:\n type: gcp:compute:Network\n properties:\n name: alloydb-secondary-cluster\n privateIpAlloc:\n type: gcp:compute:GlobalAddress\n name: private_ip_alloc\n properties:\n name: alloydb-secondary-cluster\n addressType: INTERNAL\n purpose: VPC_PEERING\n prefixLength: 16\n network: ${default.id}\n vpcConnection:\n type: gcp:servicenetworking:Connection\n name: vpc_connection\n properties:\n network: ${default.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${privateIpAlloc.name}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nCluster can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/clusters/{{cluster_id}}`\n\n* `{{project}}/{{location}}/{{cluster_id}}`\n\n* `{{location}}/{{cluster_id}}`\n\n* `{{cluster_id}}`\n\nWhen using the `pulumi import` command, Cluster can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:alloydb/cluster:Cluster default projects/{{project}}/locations/{{location}}/clusters/{{cluster_id}}\n```\n\n```sh\n$ pulumi import gcp:alloydb/cluster:Cluster default {{project}}/{{location}}/{{cluster_id}}\n```\n\n```sh\n$ pulumi import gcp:alloydb/cluster:Cluster default {{location}}/{{cluster_id}}\n```\n\n```sh\n$ pulumi import gcp:alloydb/cluster:Cluster default {{cluster_id}}\n```\n\n", "properties": { "annotations": { "type": "object", @@ -129472,7 +129472,7 @@ } }, "gcp:alloydb/instance:Instance": { - "description": "## Example Usage\n\n### Alloydb Instance Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultNetwork = new gcp.compute.Network(\"default\", {name: \"alloydb-network\"});\nconst defaultCluster = new gcp.alloydb.Cluster(\"default\", {\n clusterId: \"alloydb-cluster\",\n location: \"us-central1\",\n networkConfig: {\n network: defaultNetwork.id,\n },\n initialUser: {\n password: \"alloydb-cluster\",\n },\n});\nconst privateIpAlloc = new gcp.compute.GlobalAddress(\"private_ip_alloc\", {\n name: \"alloydb-cluster\",\n addressType: \"INTERNAL\",\n purpose: \"VPC_PEERING\",\n prefixLength: 16,\n network: defaultNetwork.id,\n});\nconst vpcConnection = new gcp.servicenetworking.Connection(\"vpc_connection\", {\n network: defaultNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [privateIpAlloc.name],\n});\nconst _default = new gcp.alloydb.Instance(\"default\", {\n cluster: defaultCluster.name,\n instanceId: \"alloydb-instance\",\n instanceType: \"PRIMARY\",\n machineConfig: {\n cpuCount: 2,\n },\n}, {\n dependsOn: [vpcConnection],\n});\nconst project = gcp.organizations.getProject({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_network = gcp.compute.Network(\"default\", name=\"alloydb-network\")\ndefault_cluster = gcp.alloydb.Cluster(\"default\",\n cluster_id=\"alloydb-cluster\",\n location=\"us-central1\",\n network_config={\n \"network\": default_network.id,\n },\n initial_user={\n \"password\": \"alloydb-cluster\",\n })\nprivate_ip_alloc = gcp.compute.GlobalAddress(\"private_ip_alloc\",\n name=\"alloydb-cluster\",\n address_type=\"INTERNAL\",\n purpose=\"VPC_PEERING\",\n prefix_length=16,\n network=default_network.id)\nvpc_connection = gcp.servicenetworking.Connection(\"vpc_connection\",\n network=default_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[private_ip_alloc.name])\ndefault = gcp.alloydb.Instance(\"default\",\n cluster=default_cluster.name,\n instance_id=\"alloydb-instance\",\n instance_type=\"PRIMARY\",\n machine_config={\n \"cpu_count\": 2,\n },\n opts = pulumi.ResourceOptions(depends_on=[vpc_connection]))\nproject = gcp.organizations.get_project()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"alloydb-network\",\n });\n\n var defaultCluster = new Gcp.Alloydb.Cluster(\"default\", new()\n {\n ClusterId = \"alloydb-cluster\",\n Location = \"us-central1\",\n NetworkConfig = new Gcp.Alloydb.Inputs.ClusterNetworkConfigArgs\n {\n Network = defaultNetwork.Id,\n },\n InitialUser = new Gcp.Alloydb.Inputs.ClusterInitialUserArgs\n {\n Password = \"alloydb-cluster\",\n },\n });\n\n var privateIpAlloc = new Gcp.Compute.GlobalAddress(\"private_ip_alloc\", new()\n {\n Name = \"alloydb-cluster\",\n AddressType = \"INTERNAL\",\n Purpose = \"VPC_PEERING\",\n PrefixLength = 16,\n Network = defaultNetwork.Id,\n });\n\n var vpcConnection = new Gcp.ServiceNetworking.Connection(\"vpc_connection\", new()\n {\n Network = defaultNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n privateIpAlloc.Name,\n },\n });\n\n var @default = new Gcp.Alloydb.Instance(\"default\", new()\n {\n Cluster = defaultCluster.Name,\n InstanceId = \"alloydb-instance\",\n InstanceType = \"PRIMARY\",\n MachineConfig = new Gcp.Alloydb.Inputs.InstanceMachineConfigArgs\n {\n CpuCount = 2,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n vpcConnection,\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/alloydb\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"alloydb-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultCluster, err := alloydb.NewCluster(ctx, \"default\", \u0026alloydb.ClusterArgs{\n\t\t\tClusterId: pulumi.String(\"alloydb-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tNetworkConfig: \u0026alloydb.ClusterNetworkConfigArgs{\n\t\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\t},\n\t\t\tInitialUser: \u0026alloydb.ClusterInitialUserArgs{\n\t\t\t\tPassword: pulumi.String(\"alloydb-cluster\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateIpAlloc, err := compute.NewGlobalAddress(ctx, \"private_ip_alloc\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"alloydb-cluster\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpcConnection, err := servicenetworking.NewConnection(ctx, \"vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tprivateIpAlloc.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = alloydb.NewInstance(ctx, \"default\", \u0026alloydb.InstanceArgs{\n\t\t\tCluster: defaultCluster.Name,\n\t\t\tInstanceId: pulumi.String(\"alloydb-instance\"),\n\t\t\tInstanceType: pulumi.String(\"PRIMARY\"),\n\t\t\tMachineConfig: \u0026alloydb.InstanceMachineConfigArgs{\n\t\t\t\tCpuCount: pulumi.Int(2),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.alloydb.Cluster;\nimport com.pulumi.gcp.alloydb.ClusterArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterNetworkConfigArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterInitialUserArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.alloydb.Instance;\nimport com.pulumi.gcp.alloydb.InstanceArgs;\nimport com.pulumi.gcp.alloydb.inputs.InstanceMachineConfigArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"alloydb-network\")\n .build());\n\n var defaultCluster = new Cluster(\"defaultCluster\", ClusterArgs.builder()\n .clusterId(\"alloydb-cluster\")\n .location(\"us-central1\")\n .networkConfig(ClusterNetworkConfigArgs.builder()\n .network(defaultNetwork.id())\n .build())\n .initialUser(ClusterInitialUserArgs.builder()\n .password(\"alloydb-cluster\")\n .build())\n .build());\n\n var privateIpAlloc = new GlobalAddress(\"privateIpAlloc\", GlobalAddressArgs.builder()\n .name(\"alloydb-cluster\")\n .addressType(\"INTERNAL\")\n .purpose(\"VPC_PEERING\")\n .prefixLength(16)\n .network(defaultNetwork.id())\n .build());\n\n var vpcConnection = new Connection(\"vpcConnection\", ConnectionArgs.builder()\n .network(defaultNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(privateIpAlloc.name())\n .build());\n\n var default_ = new Instance(\"default\", InstanceArgs.builder()\n .cluster(defaultCluster.name())\n .instanceId(\"alloydb-instance\")\n .instanceType(\"PRIMARY\")\n .machineConfig(InstanceMachineConfigArgs.builder()\n .cpuCount(2)\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(vpcConnection)\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:alloydb:Instance\n properties:\n cluster: ${defaultCluster.name}\n instanceId: alloydb-instance\n instanceType: PRIMARY\n machineConfig:\n cpuCount: 2\n options:\n dependson:\n - ${vpcConnection}\n defaultCluster:\n type: gcp:alloydb:Cluster\n name: default\n properties:\n clusterId: alloydb-cluster\n location: us-central1\n networkConfig:\n network: ${defaultNetwork.id}\n initialUser:\n password: alloydb-cluster\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: alloydb-network\n privateIpAlloc:\n type: gcp:compute:GlobalAddress\n name: private_ip_alloc\n properties:\n name: alloydb-cluster\n addressType: INTERNAL\n purpose: VPC_PEERING\n prefixLength: 16\n network: ${defaultNetwork.id}\n vpcConnection:\n type: gcp:servicenetworking:Connection\n name: vpc_connection\n properties:\n network: ${defaultNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${privateIpAlloc.name}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Alloydb Secondary Instance Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.Network(\"default\", {name: \"alloydb-secondary-network\"});\nconst primary = new gcp.alloydb.Cluster(\"primary\", {\n clusterId: \"alloydb-primary-cluster\",\n location: \"us-central1\",\n networkConfig: {\n network: _default.id,\n },\n});\nconst privateIpAlloc = new gcp.compute.GlobalAddress(\"private_ip_alloc\", {\n name: \"alloydb-secondary-instance\",\n addressType: \"INTERNAL\",\n purpose: \"VPC_PEERING\",\n prefixLength: 16,\n network: _default.id,\n});\nconst vpcConnection = new gcp.servicenetworking.Connection(\"vpc_connection\", {\n network: _default.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [privateIpAlloc.name],\n});\nconst primaryInstance = new gcp.alloydb.Instance(\"primary\", {\n cluster: primary.name,\n instanceId: \"alloydb-primary-instance\",\n instanceType: \"PRIMARY\",\n machineConfig: {\n cpuCount: 2,\n },\n}, {\n dependsOn: [vpcConnection],\n});\nconst secondary = new gcp.alloydb.Cluster(\"secondary\", {\n clusterId: \"alloydb-secondary-cluster\",\n location: \"us-east1\",\n networkConfig: {\n network: defaultGoogleComputeNetwork.id,\n },\n clusterType: \"SECONDARY\",\n continuousBackupConfig: {\n enabled: false,\n },\n secondaryConfig: {\n primaryClusterName: primary.name,\n },\n deletionPolicy: \"FORCE\",\n}, {\n dependsOn: [primaryInstance],\n});\nconst secondaryInstance = new gcp.alloydb.Instance(\"secondary\", {\n cluster: secondary.name,\n instanceId: \"alloydb-secondary-instance\",\n instanceType: secondary.clusterType,\n machineConfig: {\n cpuCount: 2,\n },\n}, {\n dependsOn: [vpcConnection],\n});\nconst project = gcp.organizations.getProject({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.Network(\"default\", name=\"alloydb-secondary-network\")\nprimary = gcp.alloydb.Cluster(\"primary\",\n cluster_id=\"alloydb-primary-cluster\",\n location=\"us-central1\",\n network_config={\n \"network\": default.id,\n })\nprivate_ip_alloc = gcp.compute.GlobalAddress(\"private_ip_alloc\",\n name=\"alloydb-secondary-instance\",\n address_type=\"INTERNAL\",\n purpose=\"VPC_PEERING\",\n prefix_length=16,\n network=default.id)\nvpc_connection = gcp.servicenetworking.Connection(\"vpc_connection\",\n network=default.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[private_ip_alloc.name])\nprimary_instance = gcp.alloydb.Instance(\"primary\",\n cluster=primary.name,\n instance_id=\"alloydb-primary-instance\",\n instance_type=\"PRIMARY\",\n machine_config={\n \"cpu_count\": 2,\n },\n opts = pulumi.ResourceOptions(depends_on=[vpc_connection]))\nsecondary = gcp.alloydb.Cluster(\"secondary\",\n cluster_id=\"alloydb-secondary-cluster\",\n location=\"us-east1\",\n network_config={\n \"network\": default_google_compute_network[\"id\"],\n },\n cluster_type=\"SECONDARY\",\n continuous_backup_config={\n \"enabled\": False,\n },\n secondary_config={\n \"primary_cluster_name\": primary.name,\n },\n deletion_policy=\"FORCE\",\n opts = pulumi.ResourceOptions(depends_on=[primary_instance]))\nsecondary_instance = gcp.alloydb.Instance(\"secondary\",\n cluster=secondary.name,\n instance_id=\"alloydb-secondary-instance\",\n instance_type=secondary.cluster_type,\n machine_config={\n \"cpu_count\": 2,\n },\n opts = pulumi.ResourceOptions(depends_on=[vpc_connection]))\nproject = gcp.organizations.get_project()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"alloydb-secondary-network\",\n });\n\n var primary = new Gcp.Alloydb.Cluster(\"primary\", new()\n {\n ClusterId = \"alloydb-primary-cluster\",\n Location = \"us-central1\",\n NetworkConfig = new Gcp.Alloydb.Inputs.ClusterNetworkConfigArgs\n {\n Network = @default.Id,\n },\n });\n\n var privateIpAlloc = new Gcp.Compute.GlobalAddress(\"private_ip_alloc\", new()\n {\n Name = \"alloydb-secondary-instance\",\n AddressType = \"INTERNAL\",\n Purpose = \"VPC_PEERING\",\n PrefixLength = 16,\n Network = @default.Id,\n });\n\n var vpcConnection = new Gcp.ServiceNetworking.Connection(\"vpc_connection\", new()\n {\n Network = @default.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n privateIpAlloc.Name,\n },\n });\n\n var primaryInstance = new Gcp.Alloydb.Instance(\"primary\", new()\n {\n Cluster = primary.Name,\n InstanceId = \"alloydb-primary-instance\",\n InstanceType = \"PRIMARY\",\n MachineConfig = new Gcp.Alloydb.Inputs.InstanceMachineConfigArgs\n {\n CpuCount = 2,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n vpcConnection,\n },\n });\n\n var secondary = new Gcp.Alloydb.Cluster(\"secondary\", new()\n {\n ClusterId = \"alloydb-secondary-cluster\",\n Location = \"us-east1\",\n NetworkConfig = new Gcp.Alloydb.Inputs.ClusterNetworkConfigArgs\n {\n Network = defaultGoogleComputeNetwork.Id,\n },\n ClusterType = \"SECONDARY\",\n ContinuousBackupConfig = new Gcp.Alloydb.Inputs.ClusterContinuousBackupConfigArgs\n {\n Enabled = false,\n },\n SecondaryConfig = new Gcp.Alloydb.Inputs.ClusterSecondaryConfigArgs\n {\n PrimaryClusterName = primary.Name,\n },\n DeletionPolicy = \"FORCE\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n primaryInstance,\n },\n });\n\n var secondaryInstance = new Gcp.Alloydb.Instance(\"secondary\", new()\n {\n Cluster = secondary.Name,\n InstanceId = \"alloydb-secondary-instance\",\n InstanceType = secondary.ClusterType,\n MachineConfig = new Gcp.Alloydb.Inputs.InstanceMachineConfigArgs\n {\n CpuCount = 2,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n vpcConnection,\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/alloydb\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"alloydb-secondary-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimary, err := alloydb.NewCluster(ctx, \"primary\", \u0026alloydb.ClusterArgs{\n\t\t\tClusterId: pulumi.String(\"alloydb-primary-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tNetworkConfig: \u0026alloydb.ClusterNetworkConfigArgs{\n\t\t\t\tNetwork: _default.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateIpAlloc, err := compute.NewGlobalAddress(ctx, \"private_ip_alloc\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"alloydb-secondary-instance\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpcConnection, err := servicenetworking.NewConnection(ctx, \"vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: _default.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tprivateIpAlloc.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimaryInstance, err := alloydb.NewInstance(ctx, \"primary\", \u0026alloydb.InstanceArgs{\n\t\t\tCluster: primary.Name,\n\t\t\tInstanceId: pulumi.String(\"alloydb-primary-instance\"),\n\t\t\tInstanceType: pulumi.String(\"PRIMARY\"),\n\t\t\tMachineConfig: \u0026alloydb.InstanceMachineConfigArgs{\n\t\t\t\tCpuCount: pulumi.Int(2),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecondary, err := alloydb.NewCluster(ctx, \"secondary\", \u0026alloydb.ClusterArgs{\n\t\t\tClusterId: pulumi.String(\"alloydb-secondary-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-east1\"),\n\t\t\tNetworkConfig: \u0026alloydb.ClusterNetworkConfigArgs{\n\t\t\t\tNetwork: pulumi.Any(defaultGoogleComputeNetwork.Id),\n\t\t\t},\n\t\t\tClusterType: pulumi.String(\"SECONDARY\"),\n\t\t\tContinuousBackupConfig: \u0026alloydb.ClusterContinuousBackupConfigArgs{\n\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t\tSecondaryConfig: \u0026alloydb.ClusterSecondaryConfigArgs{\n\t\t\t\tPrimaryClusterName: primary.Name,\n\t\t\t},\n\t\t\tDeletionPolicy: pulumi.String(\"FORCE\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tprimaryInstance,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = alloydb.NewInstance(ctx, \"secondary\", \u0026alloydb.InstanceArgs{\n\t\t\tCluster: secondary.Name,\n\t\t\tInstanceId: pulumi.String(\"alloydb-secondary-instance\"),\n\t\t\tInstanceType: secondary.ClusterType,\n\t\t\tMachineConfig: \u0026alloydb.InstanceMachineConfigArgs{\n\t\t\t\tCpuCount: pulumi.Int(2),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.alloydb.Cluster;\nimport com.pulumi.gcp.alloydb.ClusterArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterNetworkConfigArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.alloydb.Instance;\nimport com.pulumi.gcp.alloydb.InstanceArgs;\nimport com.pulumi.gcp.alloydb.inputs.InstanceMachineConfigArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterContinuousBackupConfigArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterSecondaryConfigArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"alloydb-secondary-network\")\n .build());\n\n var primary = new Cluster(\"primary\", ClusterArgs.builder()\n .clusterId(\"alloydb-primary-cluster\")\n .location(\"us-central1\")\n .networkConfig(ClusterNetworkConfigArgs.builder()\n .network(default_.id())\n .build())\n .build());\n\n var privateIpAlloc = new GlobalAddress(\"privateIpAlloc\", GlobalAddressArgs.builder()\n .name(\"alloydb-secondary-instance\")\n .addressType(\"INTERNAL\")\n .purpose(\"VPC_PEERING\")\n .prefixLength(16)\n .network(default_.id())\n .build());\n\n var vpcConnection = new Connection(\"vpcConnection\", ConnectionArgs.builder()\n .network(default_.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(privateIpAlloc.name())\n .build());\n\n var primaryInstance = new Instance(\"primaryInstance\", InstanceArgs.builder()\n .cluster(primary.name())\n .instanceId(\"alloydb-primary-instance\")\n .instanceType(\"PRIMARY\")\n .machineConfig(InstanceMachineConfigArgs.builder()\n .cpuCount(2)\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(vpcConnection)\n .build());\n\n var secondary = new Cluster(\"secondary\", ClusterArgs.builder()\n .clusterId(\"alloydb-secondary-cluster\")\n .location(\"us-east1\")\n .networkConfig(ClusterNetworkConfigArgs.builder()\n .network(defaultGoogleComputeNetwork.id())\n .build())\n .clusterType(\"SECONDARY\")\n .continuousBackupConfig(ClusterContinuousBackupConfigArgs.builder()\n .enabled(false)\n .build())\n .secondaryConfig(ClusterSecondaryConfigArgs.builder()\n .primaryClusterName(primary.name())\n .build())\n .deletionPolicy(\"FORCE\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(primaryInstance)\n .build());\n\n var secondaryInstance = new Instance(\"secondaryInstance\", InstanceArgs.builder()\n .cluster(secondary.name())\n .instanceId(\"alloydb-secondary-instance\")\n .instanceType(secondary.clusterType())\n .machineConfig(InstanceMachineConfigArgs.builder()\n .cpuCount(2)\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(vpcConnection)\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:alloydb:Cluster\n properties:\n clusterId: alloydb-primary-cluster\n location: us-central1\n networkConfig:\n network: ${default.id}\n primaryInstance:\n type: gcp:alloydb:Instance\n name: primary\n properties:\n cluster: ${primary.name}\n instanceId: alloydb-primary-instance\n instanceType: PRIMARY\n machineConfig:\n cpuCount: 2\n options:\n dependson:\n - ${vpcConnection}\n secondary:\n type: gcp:alloydb:Cluster\n properties:\n clusterId: alloydb-secondary-cluster\n location: us-east1\n networkConfig:\n network: ${defaultGoogleComputeNetwork.id}\n clusterType: SECONDARY\n continuousBackupConfig:\n enabled: false\n secondaryConfig:\n primaryClusterName: ${primary.name}\n deletionPolicy: FORCE\n options:\n dependson:\n - ${primaryInstance}\n secondaryInstance:\n type: gcp:alloydb:Instance\n name: secondary\n properties:\n cluster: ${secondary.name}\n instanceId: alloydb-secondary-instance\n instanceType: ${secondary.clusterType}\n machineConfig:\n cpuCount: 2\n options:\n dependson:\n - ${vpcConnection}\n default:\n type: gcp:compute:Network\n properties:\n name: alloydb-secondary-network\n privateIpAlloc:\n type: gcp:compute:GlobalAddress\n name: private_ip_alloc\n properties:\n name: alloydb-secondary-instance\n addressType: INTERNAL\n purpose: VPC_PEERING\n prefixLength: 16\n network: ${default.id}\n vpcConnection:\n type: gcp:servicenetworking:Connection\n name: vpc_connection\n properties:\n network: ${default.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${privateIpAlloc.name}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInstance can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/clusters/{{cluster}}/instances/{{instance_id}}`\n\n* `{{project}}/{{location}}/{{cluster}}/{{instance_id}}`\n\n* `{{location}}/{{cluster}}/{{instance_id}}`\n\nWhen using the `pulumi import` command, Instance can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:alloydb/instance:Instance default projects/{{project}}/locations/{{location}}/clusters/{{cluster}}/instances/{{instance_id}}\n```\n\n```sh\n$ pulumi import gcp:alloydb/instance:Instance default {{project}}/{{location}}/{{cluster}}/{{instance_id}}\n```\n\n```sh\n$ pulumi import gcp:alloydb/instance:Instance default {{location}}/{{cluster}}/{{instance_id}}\n```\n\n", + "description": "## Example Usage\n\n### Alloydb Instance Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultNetwork = new gcp.compute.Network(\"default\", {name: \"alloydb-network\"});\nconst defaultCluster = new gcp.alloydb.Cluster(\"default\", {\n clusterId: \"alloydb-cluster\",\n location: \"us-central1\",\n networkConfig: {\n network: defaultNetwork.id,\n },\n initialUser: {\n password: \"alloydb-cluster\",\n },\n});\nconst privateIpAlloc = new gcp.compute.GlobalAddress(\"private_ip_alloc\", {\n name: \"alloydb-cluster\",\n addressType: \"INTERNAL\",\n purpose: \"VPC_PEERING\",\n prefixLength: 16,\n network: defaultNetwork.id,\n});\nconst vpcConnection = new gcp.servicenetworking.Connection(\"vpc_connection\", {\n network: defaultNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [privateIpAlloc.name],\n});\nconst _default = new gcp.alloydb.Instance(\"default\", {\n cluster: defaultCluster.name,\n instanceId: \"alloydb-instance\",\n instanceType: \"PRIMARY\",\n machineConfig: {\n cpuCount: 2,\n },\n}, {\n dependsOn: [vpcConnection],\n});\nconst project = gcp.organizations.getProject({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_network = gcp.compute.Network(\"default\", name=\"alloydb-network\")\ndefault_cluster = gcp.alloydb.Cluster(\"default\",\n cluster_id=\"alloydb-cluster\",\n location=\"us-central1\",\n network_config={\n \"network\": default_network.id,\n },\n initial_user={\n \"password\": \"alloydb-cluster\",\n })\nprivate_ip_alloc = gcp.compute.GlobalAddress(\"private_ip_alloc\",\n name=\"alloydb-cluster\",\n address_type=\"INTERNAL\",\n purpose=\"VPC_PEERING\",\n prefix_length=16,\n network=default_network.id)\nvpc_connection = gcp.servicenetworking.Connection(\"vpc_connection\",\n network=default_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[private_ip_alloc.name])\ndefault = gcp.alloydb.Instance(\"default\",\n cluster=default_cluster.name,\n instance_id=\"alloydb-instance\",\n instance_type=\"PRIMARY\",\n machine_config={\n \"cpu_count\": 2,\n },\n opts = pulumi.ResourceOptions(depends_on=[vpc_connection]))\nproject = gcp.organizations.get_project()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"alloydb-network\",\n });\n\n var defaultCluster = new Gcp.Alloydb.Cluster(\"default\", new()\n {\n ClusterId = \"alloydb-cluster\",\n Location = \"us-central1\",\n NetworkConfig = new Gcp.Alloydb.Inputs.ClusterNetworkConfigArgs\n {\n Network = defaultNetwork.Id,\n },\n InitialUser = new Gcp.Alloydb.Inputs.ClusterInitialUserArgs\n {\n Password = \"alloydb-cluster\",\n },\n });\n\n var privateIpAlloc = new Gcp.Compute.GlobalAddress(\"private_ip_alloc\", new()\n {\n Name = \"alloydb-cluster\",\n AddressType = \"INTERNAL\",\n Purpose = \"VPC_PEERING\",\n PrefixLength = 16,\n Network = defaultNetwork.Id,\n });\n\n var vpcConnection = new Gcp.ServiceNetworking.Connection(\"vpc_connection\", new()\n {\n Network = defaultNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n privateIpAlloc.Name,\n },\n });\n\n var @default = new Gcp.Alloydb.Instance(\"default\", new()\n {\n Cluster = defaultCluster.Name,\n InstanceId = \"alloydb-instance\",\n InstanceType = \"PRIMARY\",\n MachineConfig = new Gcp.Alloydb.Inputs.InstanceMachineConfigArgs\n {\n CpuCount = 2,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n vpcConnection,\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/alloydb\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"alloydb-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultCluster, err := alloydb.NewCluster(ctx, \"default\", \u0026alloydb.ClusterArgs{\n\t\t\tClusterId: pulumi.String(\"alloydb-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tNetworkConfig: \u0026alloydb.ClusterNetworkConfigArgs{\n\t\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\t},\n\t\t\tInitialUser: \u0026alloydb.ClusterInitialUserArgs{\n\t\t\t\tPassword: pulumi.String(\"alloydb-cluster\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateIpAlloc, err := compute.NewGlobalAddress(ctx, \"private_ip_alloc\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"alloydb-cluster\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpcConnection, err := servicenetworking.NewConnection(ctx, \"vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tprivateIpAlloc.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = alloydb.NewInstance(ctx, \"default\", \u0026alloydb.InstanceArgs{\n\t\t\tCluster: defaultCluster.Name,\n\t\t\tInstanceId: pulumi.String(\"alloydb-instance\"),\n\t\t\tInstanceType: pulumi.String(\"PRIMARY\"),\n\t\t\tMachineConfig: \u0026alloydb.InstanceMachineConfigArgs{\n\t\t\t\tCpuCount: pulumi.Int(2),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.alloydb.Cluster;\nimport com.pulumi.gcp.alloydb.ClusterArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterNetworkConfigArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterInitialUserArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.alloydb.Instance;\nimport com.pulumi.gcp.alloydb.InstanceArgs;\nimport com.pulumi.gcp.alloydb.inputs.InstanceMachineConfigArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"alloydb-network\")\n .build());\n\n var defaultCluster = new Cluster(\"defaultCluster\", ClusterArgs.builder()\n .clusterId(\"alloydb-cluster\")\n .location(\"us-central1\")\n .networkConfig(ClusterNetworkConfigArgs.builder()\n .network(defaultNetwork.id())\n .build())\n .initialUser(ClusterInitialUserArgs.builder()\n .password(\"alloydb-cluster\")\n .build())\n .build());\n\n var privateIpAlloc = new GlobalAddress(\"privateIpAlloc\", GlobalAddressArgs.builder()\n .name(\"alloydb-cluster\")\n .addressType(\"INTERNAL\")\n .purpose(\"VPC_PEERING\")\n .prefixLength(16)\n .network(defaultNetwork.id())\n .build());\n\n var vpcConnection = new Connection(\"vpcConnection\", ConnectionArgs.builder()\n .network(defaultNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(privateIpAlloc.name())\n .build());\n\n var default_ = new Instance(\"default\", InstanceArgs.builder()\n .cluster(defaultCluster.name())\n .instanceId(\"alloydb-instance\")\n .instanceType(\"PRIMARY\")\n .machineConfig(InstanceMachineConfigArgs.builder()\n .cpuCount(2)\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(vpcConnection)\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:alloydb:Instance\n properties:\n cluster: ${defaultCluster.name}\n instanceId: alloydb-instance\n instanceType: PRIMARY\n machineConfig:\n cpuCount: 2\n options:\n dependsOn:\n - ${vpcConnection}\n defaultCluster:\n type: gcp:alloydb:Cluster\n name: default\n properties:\n clusterId: alloydb-cluster\n location: us-central1\n networkConfig:\n network: ${defaultNetwork.id}\n initialUser:\n password: alloydb-cluster\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: alloydb-network\n privateIpAlloc:\n type: gcp:compute:GlobalAddress\n name: private_ip_alloc\n properties:\n name: alloydb-cluster\n addressType: INTERNAL\n purpose: VPC_PEERING\n prefixLength: 16\n network: ${defaultNetwork.id}\n vpcConnection:\n type: gcp:servicenetworking:Connection\n name: vpc_connection\n properties:\n network: ${defaultNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${privateIpAlloc.name}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Alloydb Secondary Instance Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.Network(\"default\", {name: \"alloydb-secondary-network\"});\nconst primary = new gcp.alloydb.Cluster(\"primary\", {\n clusterId: \"alloydb-primary-cluster\",\n location: \"us-central1\",\n networkConfig: {\n network: _default.id,\n },\n});\nconst privateIpAlloc = new gcp.compute.GlobalAddress(\"private_ip_alloc\", {\n name: \"alloydb-secondary-instance\",\n addressType: \"INTERNAL\",\n purpose: \"VPC_PEERING\",\n prefixLength: 16,\n network: _default.id,\n});\nconst vpcConnection = new gcp.servicenetworking.Connection(\"vpc_connection\", {\n network: _default.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [privateIpAlloc.name],\n});\nconst primaryInstance = new gcp.alloydb.Instance(\"primary\", {\n cluster: primary.name,\n instanceId: \"alloydb-primary-instance\",\n instanceType: \"PRIMARY\",\n machineConfig: {\n cpuCount: 2,\n },\n}, {\n dependsOn: [vpcConnection],\n});\nconst secondary = new gcp.alloydb.Cluster(\"secondary\", {\n clusterId: \"alloydb-secondary-cluster\",\n location: \"us-east1\",\n networkConfig: {\n network: defaultGoogleComputeNetwork.id,\n },\n clusterType: \"SECONDARY\",\n continuousBackupConfig: {\n enabled: false,\n },\n secondaryConfig: {\n primaryClusterName: primary.name,\n },\n deletionPolicy: \"FORCE\",\n}, {\n dependsOn: [primaryInstance],\n});\nconst secondaryInstance = new gcp.alloydb.Instance(\"secondary\", {\n cluster: secondary.name,\n instanceId: \"alloydb-secondary-instance\",\n instanceType: secondary.clusterType,\n machineConfig: {\n cpuCount: 2,\n },\n}, {\n dependsOn: [vpcConnection],\n});\nconst project = gcp.organizations.getProject({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.Network(\"default\", name=\"alloydb-secondary-network\")\nprimary = gcp.alloydb.Cluster(\"primary\",\n cluster_id=\"alloydb-primary-cluster\",\n location=\"us-central1\",\n network_config={\n \"network\": default.id,\n })\nprivate_ip_alloc = gcp.compute.GlobalAddress(\"private_ip_alloc\",\n name=\"alloydb-secondary-instance\",\n address_type=\"INTERNAL\",\n purpose=\"VPC_PEERING\",\n prefix_length=16,\n network=default.id)\nvpc_connection = gcp.servicenetworking.Connection(\"vpc_connection\",\n network=default.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[private_ip_alloc.name])\nprimary_instance = gcp.alloydb.Instance(\"primary\",\n cluster=primary.name,\n instance_id=\"alloydb-primary-instance\",\n instance_type=\"PRIMARY\",\n machine_config={\n \"cpu_count\": 2,\n },\n opts = pulumi.ResourceOptions(depends_on=[vpc_connection]))\nsecondary = gcp.alloydb.Cluster(\"secondary\",\n cluster_id=\"alloydb-secondary-cluster\",\n location=\"us-east1\",\n network_config={\n \"network\": default_google_compute_network[\"id\"],\n },\n cluster_type=\"SECONDARY\",\n continuous_backup_config={\n \"enabled\": False,\n },\n secondary_config={\n \"primary_cluster_name\": primary.name,\n },\n deletion_policy=\"FORCE\",\n opts = pulumi.ResourceOptions(depends_on=[primary_instance]))\nsecondary_instance = gcp.alloydb.Instance(\"secondary\",\n cluster=secondary.name,\n instance_id=\"alloydb-secondary-instance\",\n instance_type=secondary.cluster_type,\n machine_config={\n \"cpu_count\": 2,\n },\n opts = pulumi.ResourceOptions(depends_on=[vpc_connection]))\nproject = gcp.organizations.get_project()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"alloydb-secondary-network\",\n });\n\n var primary = new Gcp.Alloydb.Cluster(\"primary\", new()\n {\n ClusterId = \"alloydb-primary-cluster\",\n Location = \"us-central1\",\n NetworkConfig = new Gcp.Alloydb.Inputs.ClusterNetworkConfigArgs\n {\n Network = @default.Id,\n },\n });\n\n var privateIpAlloc = new Gcp.Compute.GlobalAddress(\"private_ip_alloc\", new()\n {\n Name = \"alloydb-secondary-instance\",\n AddressType = \"INTERNAL\",\n Purpose = \"VPC_PEERING\",\n PrefixLength = 16,\n Network = @default.Id,\n });\n\n var vpcConnection = new Gcp.ServiceNetworking.Connection(\"vpc_connection\", new()\n {\n Network = @default.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n privateIpAlloc.Name,\n },\n });\n\n var primaryInstance = new Gcp.Alloydb.Instance(\"primary\", new()\n {\n Cluster = primary.Name,\n InstanceId = \"alloydb-primary-instance\",\n InstanceType = \"PRIMARY\",\n MachineConfig = new Gcp.Alloydb.Inputs.InstanceMachineConfigArgs\n {\n CpuCount = 2,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n vpcConnection,\n },\n });\n\n var secondary = new Gcp.Alloydb.Cluster(\"secondary\", new()\n {\n ClusterId = \"alloydb-secondary-cluster\",\n Location = \"us-east1\",\n NetworkConfig = new Gcp.Alloydb.Inputs.ClusterNetworkConfigArgs\n {\n Network = defaultGoogleComputeNetwork.Id,\n },\n ClusterType = \"SECONDARY\",\n ContinuousBackupConfig = new Gcp.Alloydb.Inputs.ClusterContinuousBackupConfigArgs\n {\n Enabled = false,\n },\n SecondaryConfig = new Gcp.Alloydb.Inputs.ClusterSecondaryConfigArgs\n {\n PrimaryClusterName = primary.Name,\n },\n DeletionPolicy = \"FORCE\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n primaryInstance,\n },\n });\n\n var secondaryInstance = new Gcp.Alloydb.Instance(\"secondary\", new()\n {\n Cluster = secondary.Name,\n InstanceId = \"alloydb-secondary-instance\",\n InstanceType = secondary.ClusterType,\n MachineConfig = new Gcp.Alloydb.Inputs.InstanceMachineConfigArgs\n {\n CpuCount = 2,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n vpcConnection,\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/alloydb\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"alloydb-secondary-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimary, err := alloydb.NewCluster(ctx, \"primary\", \u0026alloydb.ClusterArgs{\n\t\t\tClusterId: pulumi.String(\"alloydb-primary-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tNetworkConfig: \u0026alloydb.ClusterNetworkConfigArgs{\n\t\t\t\tNetwork: _default.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateIpAlloc, err := compute.NewGlobalAddress(ctx, \"private_ip_alloc\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"alloydb-secondary-instance\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpcConnection, err := servicenetworking.NewConnection(ctx, \"vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: _default.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tprivateIpAlloc.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimaryInstance, err := alloydb.NewInstance(ctx, \"primary\", \u0026alloydb.InstanceArgs{\n\t\t\tCluster: primary.Name,\n\t\t\tInstanceId: pulumi.String(\"alloydb-primary-instance\"),\n\t\t\tInstanceType: pulumi.String(\"PRIMARY\"),\n\t\t\tMachineConfig: \u0026alloydb.InstanceMachineConfigArgs{\n\t\t\t\tCpuCount: pulumi.Int(2),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecondary, err := alloydb.NewCluster(ctx, \"secondary\", \u0026alloydb.ClusterArgs{\n\t\t\tClusterId: pulumi.String(\"alloydb-secondary-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-east1\"),\n\t\t\tNetworkConfig: \u0026alloydb.ClusterNetworkConfigArgs{\n\t\t\t\tNetwork: pulumi.Any(defaultGoogleComputeNetwork.Id),\n\t\t\t},\n\t\t\tClusterType: pulumi.String(\"SECONDARY\"),\n\t\t\tContinuousBackupConfig: \u0026alloydb.ClusterContinuousBackupConfigArgs{\n\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t\tSecondaryConfig: \u0026alloydb.ClusterSecondaryConfigArgs{\n\t\t\t\tPrimaryClusterName: primary.Name,\n\t\t\t},\n\t\t\tDeletionPolicy: pulumi.String(\"FORCE\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tprimaryInstance,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = alloydb.NewInstance(ctx, \"secondary\", \u0026alloydb.InstanceArgs{\n\t\t\tCluster: secondary.Name,\n\t\t\tInstanceId: pulumi.String(\"alloydb-secondary-instance\"),\n\t\t\tInstanceType: secondary.ClusterType,\n\t\t\tMachineConfig: \u0026alloydb.InstanceMachineConfigArgs{\n\t\t\t\tCpuCount: pulumi.Int(2),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.alloydb.Cluster;\nimport com.pulumi.gcp.alloydb.ClusterArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterNetworkConfigArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.alloydb.Instance;\nimport com.pulumi.gcp.alloydb.InstanceArgs;\nimport com.pulumi.gcp.alloydb.inputs.InstanceMachineConfigArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterContinuousBackupConfigArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterSecondaryConfigArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"alloydb-secondary-network\")\n .build());\n\n var primary = new Cluster(\"primary\", ClusterArgs.builder()\n .clusterId(\"alloydb-primary-cluster\")\n .location(\"us-central1\")\n .networkConfig(ClusterNetworkConfigArgs.builder()\n .network(default_.id())\n .build())\n .build());\n\n var privateIpAlloc = new GlobalAddress(\"privateIpAlloc\", GlobalAddressArgs.builder()\n .name(\"alloydb-secondary-instance\")\n .addressType(\"INTERNAL\")\n .purpose(\"VPC_PEERING\")\n .prefixLength(16)\n .network(default_.id())\n .build());\n\n var vpcConnection = new Connection(\"vpcConnection\", ConnectionArgs.builder()\n .network(default_.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(privateIpAlloc.name())\n .build());\n\n var primaryInstance = new Instance(\"primaryInstance\", InstanceArgs.builder()\n .cluster(primary.name())\n .instanceId(\"alloydb-primary-instance\")\n .instanceType(\"PRIMARY\")\n .machineConfig(InstanceMachineConfigArgs.builder()\n .cpuCount(2)\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(vpcConnection)\n .build());\n\n var secondary = new Cluster(\"secondary\", ClusterArgs.builder()\n .clusterId(\"alloydb-secondary-cluster\")\n .location(\"us-east1\")\n .networkConfig(ClusterNetworkConfigArgs.builder()\n .network(defaultGoogleComputeNetwork.id())\n .build())\n .clusterType(\"SECONDARY\")\n .continuousBackupConfig(ClusterContinuousBackupConfigArgs.builder()\n .enabled(false)\n .build())\n .secondaryConfig(ClusterSecondaryConfigArgs.builder()\n .primaryClusterName(primary.name())\n .build())\n .deletionPolicy(\"FORCE\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(primaryInstance)\n .build());\n\n var secondaryInstance = new Instance(\"secondaryInstance\", InstanceArgs.builder()\n .cluster(secondary.name())\n .instanceId(\"alloydb-secondary-instance\")\n .instanceType(secondary.clusterType())\n .machineConfig(InstanceMachineConfigArgs.builder()\n .cpuCount(2)\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(vpcConnection)\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:alloydb:Cluster\n properties:\n clusterId: alloydb-primary-cluster\n location: us-central1\n networkConfig:\n network: ${default.id}\n primaryInstance:\n type: gcp:alloydb:Instance\n name: primary\n properties:\n cluster: ${primary.name}\n instanceId: alloydb-primary-instance\n instanceType: PRIMARY\n machineConfig:\n cpuCount: 2\n options:\n dependsOn:\n - ${vpcConnection}\n secondary:\n type: gcp:alloydb:Cluster\n properties:\n clusterId: alloydb-secondary-cluster\n location: us-east1\n networkConfig:\n network: ${defaultGoogleComputeNetwork.id}\n clusterType: SECONDARY\n continuousBackupConfig:\n enabled: false\n secondaryConfig:\n primaryClusterName: ${primary.name}\n deletionPolicy: FORCE\n options:\n dependsOn:\n - ${primaryInstance}\n secondaryInstance:\n type: gcp:alloydb:Instance\n name: secondary\n properties:\n cluster: ${secondary.name}\n instanceId: alloydb-secondary-instance\n instanceType: ${secondary.clusterType}\n machineConfig:\n cpuCount: 2\n options:\n dependsOn:\n - ${vpcConnection}\n default:\n type: gcp:compute:Network\n properties:\n name: alloydb-secondary-network\n privateIpAlloc:\n type: gcp:compute:GlobalAddress\n name: private_ip_alloc\n properties:\n name: alloydb-secondary-instance\n addressType: INTERNAL\n purpose: VPC_PEERING\n prefixLength: 16\n network: ${default.id}\n vpcConnection:\n type: gcp:servicenetworking:Connection\n name: vpc_connection\n properties:\n network: ${default.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${privateIpAlloc.name}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInstance can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/clusters/{{cluster}}/instances/{{instance_id}}`\n\n* `{{project}}/{{location}}/{{cluster}}/{{instance_id}}`\n\n* `{{location}}/{{cluster}}/{{instance_id}}`\n\nWhen using the `pulumi import` command, Instance can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:alloydb/instance:Instance default projects/{{project}}/locations/{{location}}/clusters/{{cluster}}/instances/{{instance_id}}\n```\n\n```sh\n$ pulumi import gcp:alloydb/instance:Instance default {{project}}/{{location}}/{{cluster}}/{{instance_id}}\n```\n\n```sh\n$ pulumi import gcp:alloydb/instance:Instance default {{location}}/{{cluster}}/{{instance_id}}\n```\n\n", "properties": { "annotations": { "type": "object", @@ -129858,7 +129858,7 @@ } }, "gcp:alloydb/user:User": { - "description": "A database user in an AlloyDB cluster.\n\n\nTo get more information about User, see:\n\n* [API documentation](https://cloud.google.com/alloydb/docs/reference/rest/v1/projects.locations.clusters.users/create)\n* How-to Guides\n * [AlloyDB](https://cloud.google.com/alloydb/docs/)\n\n## Example Usage\n\n### Alloydb User Builtin\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultCluster = new gcp.alloydb.Cluster(\"default\", {\n clusterId: \"alloydb-cluster\",\n location: \"us-central1\",\n networkConfig: {\n network: defaultGoogleComputeNetwork.id,\n },\n initialUser: {\n password: \"cluster_secret\",\n },\n});\nconst defaultNetwork = new gcp.compute.Network(\"default\", {name: \"alloydb-network\"});\nconst privateIpAlloc = new gcp.compute.GlobalAddress(\"private_ip_alloc\", {\n name: \"alloydb-cluster\",\n addressType: \"INTERNAL\",\n purpose: \"VPC_PEERING\",\n prefixLength: 16,\n network: defaultNetwork.id,\n});\nconst vpcConnection = new gcp.servicenetworking.Connection(\"vpc_connection\", {\n network: defaultNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [privateIpAlloc.name],\n});\nconst _default = new gcp.alloydb.Instance(\"default\", {\n cluster: defaultCluster.name,\n instanceId: \"alloydb-instance\",\n instanceType: \"PRIMARY\",\n}, {\n dependsOn: [vpcConnection],\n});\nconst project = gcp.organizations.getProject({});\nconst user1 = new gcp.alloydb.User(\"user1\", {\n cluster: defaultCluster.name,\n userId: \"user1\",\n userType: \"ALLOYDB_BUILT_IN\",\n password: \"user_secret\",\n databaseRoles: [\"alloydbsuperuser\"],\n}, {\n dependsOn: [_default],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_cluster = gcp.alloydb.Cluster(\"default\",\n cluster_id=\"alloydb-cluster\",\n location=\"us-central1\",\n network_config={\n \"network\": default_google_compute_network[\"id\"],\n },\n initial_user={\n \"password\": \"cluster_secret\",\n })\ndefault_network = gcp.compute.Network(\"default\", name=\"alloydb-network\")\nprivate_ip_alloc = gcp.compute.GlobalAddress(\"private_ip_alloc\",\n name=\"alloydb-cluster\",\n address_type=\"INTERNAL\",\n purpose=\"VPC_PEERING\",\n prefix_length=16,\n network=default_network.id)\nvpc_connection = gcp.servicenetworking.Connection(\"vpc_connection\",\n network=default_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[private_ip_alloc.name])\ndefault = gcp.alloydb.Instance(\"default\",\n cluster=default_cluster.name,\n instance_id=\"alloydb-instance\",\n instance_type=\"PRIMARY\",\n opts = pulumi.ResourceOptions(depends_on=[vpc_connection]))\nproject = gcp.organizations.get_project()\nuser1 = gcp.alloydb.User(\"user1\",\n cluster=default_cluster.name,\n user_id=\"user1\",\n user_type=\"ALLOYDB_BUILT_IN\",\n password=\"user_secret\",\n database_roles=[\"alloydbsuperuser\"],\n opts = pulumi.ResourceOptions(depends_on=[default]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultCluster = new Gcp.Alloydb.Cluster(\"default\", new()\n {\n ClusterId = \"alloydb-cluster\",\n Location = \"us-central1\",\n NetworkConfig = new Gcp.Alloydb.Inputs.ClusterNetworkConfigArgs\n {\n Network = defaultGoogleComputeNetwork.Id,\n },\n InitialUser = new Gcp.Alloydb.Inputs.ClusterInitialUserArgs\n {\n Password = \"cluster_secret\",\n },\n });\n\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"alloydb-network\",\n });\n\n var privateIpAlloc = new Gcp.Compute.GlobalAddress(\"private_ip_alloc\", new()\n {\n Name = \"alloydb-cluster\",\n AddressType = \"INTERNAL\",\n Purpose = \"VPC_PEERING\",\n PrefixLength = 16,\n Network = defaultNetwork.Id,\n });\n\n var vpcConnection = new Gcp.ServiceNetworking.Connection(\"vpc_connection\", new()\n {\n Network = defaultNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n privateIpAlloc.Name,\n },\n });\n\n var @default = new Gcp.Alloydb.Instance(\"default\", new()\n {\n Cluster = defaultCluster.Name,\n InstanceId = \"alloydb-instance\",\n InstanceType = \"PRIMARY\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n vpcConnection,\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var user1 = new Gcp.Alloydb.User(\"user1\", new()\n {\n Cluster = defaultCluster.Name,\n UserId = \"user1\",\n UserType = \"ALLOYDB_BUILT_IN\",\n Password = \"user_secret\",\n DatabaseRoles = new[]\n {\n \"alloydbsuperuser\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/alloydb\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultCluster, err := alloydb.NewCluster(ctx, \"default\", \u0026alloydb.ClusterArgs{\n\t\t\tClusterId: pulumi.String(\"alloydb-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tNetworkConfig: \u0026alloydb.ClusterNetworkConfigArgs{\n\t\t\t\tNetwork: pulumi.Any(defaultGoogleComputeNetwork.Id),\n\t\t\t},\n\t\t\tInitialUser: \u0026alloydb.ClusterInitialUserArgs{\n\t\t\t\tPassword: pulumi.String(\"cluster_secret\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"alloydb-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateIpAlloc, err := compute.NewGlobalAddress(ctx, \"private_ip_alloc\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"alloydb-cluster\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpcConnection, err := servicenetworking.NewConnection(ctx, \"vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tprivateIpAlloc.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = alloydb.NewInstance(ctx, \"default\", \u0026alloydb.InstanceArgs{\n\t\t\tCluster: defaultCluster.Name,\n\t\t\tInstanceId: pulumi.String(\"alloydb-instance\"),\n\t\t\tInstanceType: pulumi.String(\"PRIMARY\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = alloydb.NewUser(ctx, \"user1\", \u0026alloydb.UserArgs{\n\t\t\tCluster: defaultCluster.Name,\n\t\t\tUserId: pulumi.String(\"user1\"),\n\t\t\tUserType: pulumi.String(\"ALLOYDB_BUILT_IN\"),\n\t\t\tPassword: pulumi.String(\"user_secret\"),\n\t\t\tDatabaseRoles: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"alloydbsuperuser\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.alloydb.Cluster;\nimport com.pulumi.gcp.alloydb.ClusterArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterNetworkConfigArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterInitialUserArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.alloydb.Instance;\nimport com.pulumi.gcp.alloydb.InstanceArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.alloydb.User;\nimport com.pulumi.gcp.alloydb.UserArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultCluster = new Cluster(\"defaultCluster\", ClusterArgs.builder()\n .clusterId(\"alloydb-cluster\")\n .location(\"us-central1\")\n .networkConfig(ClusterNetworkConfigArgs.builder()\n .network(defaultGoogleComputeNetwork.id())\n .build())\n .initialUser(ClusterInitialUserArgs.builder()\n .password(\"cluster_secret\")\n .build())\n .build());\n\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"alloydb-network\")\n .build());\n\n var privateIpAlloc = new GlobalAddress(\"privateIpAlloc\", GlobalAddressArgs.builder()\n .name(\"alloydb-cluster\")\n .addressType(\"INTERNAL\")\n .purpose(\"VPC_PEERING\")\n .prefixLength(16)\n .network(defaultNetwork.id())\n .build());\n\n var vpcConnection = new Connection(\"vpcConnection\", ConnectionArgs.builder()\n .network(defaultNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(privateIpAlloc.name())\n .build());\n\n var default_ = new Instance(\"default\", InstanceArgs.builder()\n .cluster(defaultCluster.name())\n .instanceId(\"alloydb-instance\")\n .instanceType(\"PRIMARY\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(vpcConnection)\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var user1 = new User(\"user1\", UserArgs.builder()\n .cluster(defaultCluster.name())\n .userId(\"user1\")\n .userType(\"ALLOYDB_BUILT_IN\")\n .password(\"user_secret\")\n .databaseRoles(\"alloydbsuperuser\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:alloydb:Instance\n properties:\n cluster: ${defaultCluster.name}\n instanceId: alloydb-instance\n instanceType: PRIMARY\n options:\n dependson:\n - ${vpcConnection}\n defaultCluster:\n type: gcp:alloydb:Cluster\n name: default\n properties:\n clusterId: alloydb-cluster\n location: us-central1\n networkConfig:\n network: ${defaultGoogleComputeNetwork.id}\n initialUser:\n password: cluster_secret\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: alloydb-network\n privateIpAlloc:\n type: gcp:compute:GlobalAddress\n name: private_ip_alloc\n properties:\n name: alloydb-cluster\n addressType: INTERNAL\n purpose: VPC_PEERING\n prefixLength: 16\n network: ${defaultNetwork.id}\n vpcConnection:\n type: gcp:servicenetworking:Connection\n name: vpc_connection\n properties:\n network: ${defaultNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${privateIpAlloc.name}\n user1:\n type: gcp:alloydb:User\n properties:\n cluster: ${defaultCluster.name}\n userId: user1\n userType: ALLOYDB_BUILT_IN\n password: user_secret\n databaseRoles:\n - alloydbsuperuser\n options:\n dependson:\n - ${default}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Alloydb User Iam\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultNetwork = new gcp.compute.Network(\"default\", {name: \"alloydb-network\"});\nconst defaultCluster = new gcp.alloydb.Cluster(\"default\", {\n clusterId: \"alloydb-cluster\",\n location: \"us-central1\",\n networkConfig: {\n network: defaultNetwork.id,\n },\n initialUser: {\n password: \"cluster_secret\",\n },\n});\nconst privateIpAlloc = new gcp.compute.GlobalAddress(\"private_ip_alloc\", {\n name: \"alloydb-cluster\",\n addressType: \"INTERNAL\",\n purpose: \"VPC_PEERING\",\n prefixLength: 16,\n network: defaultNetwork.id,\n});\nconst vpcConnection = new gcp.servicenetworking.Connection(\"vpc_connection\", {\n network: defaultNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [privateIpAlloc.name],\n});\nconst _default = new gcp.alloydb.Instance(\"default\", {\n cluster: defaultCluster.name,\n instanceId: \"alloydb-instance\",\n instanceType: \"PRIMARY\",\n}, {\n dependsOn: [vpcConnection],\n});\nconst project = gcp.organizations.getProject({});\nconst user2 = new gcp.alloydb.User(\"user2\", {\n cluster: defaultCluster.name,\n userId: \"user2@foo.com\",\n userType: \"ALLOYDB_IAM_USER\",\n databaseRoles: [\"alloydbiamuser\"],\n}, {\n dependsOn: [_default],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_network = gcp.compute.Network(\"default\", name=\"alloydb-network\")\ndefault_cluster = gcp.alloydb.Cluster(\"default\",\n cluster_id=\"alloydb-cluster\",\n location=\"us-central1\",\n network_config={\n \"network\": default_network.id,\n },\n initial_user={\n \"password\": \"cluster_secret\",\n })\nprivate_ip_alloc = gcp.compute.GlobalAddress(\"private_ip_alloc\",\n name=\"alloydb-cluster\",\n address_type=\"INTERNAL\",\n purpose=\"VPC_PEERING\",\n prefix_length=16,\n network=default_network.id)\nvpc_connection = gcp.servicenetworking.Connection(\"vpc_connection\",\n network=default_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[private_ip_alloc.name])\ndefault = gcp.alloydb.Instance(\"default\",\n cluster=default_cluster.name,\n instance_id=\"alloydb-instance\",\n instance_type=\"PRIMARY\",\n opts = pulumi.ResourceOptions(depends_on=[vpc_connection]))\nproject = gcp.organizations.get_project()\nuser2 = gcp.alloydb.User(\"user2\",\n cluster=default_cluster.name,\n user_id=\"user2@foo.com\",\n user_type=\"ALLOYDB_IAM_USER\",\n database_roles=[\"alloydbiamuser\"],\n opts = pulumi.ResourceOptions(depends_on=[default]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"alloydb-network\",\n });\n\n var defaultCluster = new Gcp.Alloydb.Cluster(\"default\", new()\n {\n ClusterId = \"alloydb-cluster\",\n Location = \"us-central1\",\n NetworkConfig = new Gcp.Alloydb.Inputs.ClusterNetworkConfigArgs\n {\n Network = defaultNetwork.Id,\n },\n InitialUser = new Gcp.Alloydb.Inputs.ClusterInitialUserArgs\n {\n Password = \"cluster_secret\",\n },\n });\n\n var privateIpAlloc = new Gcp.Compute.GlobalAddress(\"private_ip_alloc\", new()\n {\n Name = \"alloydb-cluster\",\n AddressType = \"INTERNAL\",\n Purpose = \"VPC_PEERING\",\n PrefixLength = 16,\n Network = defaultNetwork.Id,\n });\n\n var vpcConnection = new Gcp.ServiceNetworking.Connection(\"vpc_connection\", new()\n {\n Network = defaultNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n privateIpAlloc.Name,\n },\n });\n\n var @default = new Gcp.Alloydb.Instance(\"default\", new()\n {\n Cluster = defaultCluster.Name,\n InstanceId = \"alloydb-instance\",\n InstanceType = \"PRIMARY\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n vpcConnection,\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var user2 = new Gcp.Alloydb.User(\"user2\", new()\n {\n Cluster = defaultCluster.Name,\n UserId = \"user2@foo.com\",\n UserType = \"ALLOYDB_IAM_USER\",\n DatabaseRoles = new[]\n {\n \"alloydbiamuser\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/alloydb\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"alloydb-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultCluster, err := alloydb.NewCluster(ctx, \"default\", \u0026alloydb.ClusterArgs{\n\t\t\tClusterId: pulumi.String(\"alloydb-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tNetworkConfig: \u0026alloydb.ClusterNetworkConfigArgs{\n\t\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\t},\n\t\t\tInitialUser: \u0026alloydb.ClusterInitialUserArgs{\n\t\t\t\tPassword: pulumi.String(\"cluster_secret\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateIpAlloc, err := compute.NewGlobalAddress(ctx, \"private_ip_alloc\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"alloydb-cluster\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpcConnection, err := servicenetworking.NewConnection(ctx, \"vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tprivateIpAlloc.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = alloydb.NewInstance(ctx, \"default\", \u0026alloydb.InstanceArgs{\n\t\t\tCluster: defaultCluster.Name,\n\t\t\tInstanceId: pulumi.String(\"alloydb-instance\"),\n\t\t\tInstanceType: pulumi.String(\"PRIMARY\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = alloydb.NewUser(ctx, \"user2\", \u0026alloydb.UserArgs{\n\t\t\tCluster: defaultCluster.Name,\n\t\t\tUserId: pulumi.String(\"user2@foo.com\"),\n\t\t\tUserType: pulumi.String(\"ALLOYDB_IAM_USER\"),\n\t\t\tDatabaseRoles: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"alloydbiamuser\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.alloydb.Cluster;\nimport com.pulumi.gcp.alloydb.ClusterArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterNetworkConfigArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterInitialUserArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.alloydb.Instance;\nimport com.pulumi.gcp.alloydb.InstanceArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.alloydb.User;\nimport com.pulumi.gcp.alloydb.UserArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"alloydb-network\")\n .build());\n\n var defaultCluster = new Cluster(\"defaultCluster\", ClusterArgs.builder()\n .clusterId(\"alloydb-cluster\")\n .location(\"us-central1\")\n .networkConfig(ClusterNetworkConfigArgs.builder()\n .network(defaultNetwork.id())\n .build())\n .initialUser(ClusterInitialUserArgs.builder()\n .password(\"cluster_secret\")\n .build())\n .build());\n\n var privateIpAlloc = new GlobalAddress(\"privateIpAlloc\", GlobalAddressArgs.builder()\n .name(\"alloydb-cluster\")\n .addressType(\"INTERNAL\")\n .purpose(\"VPC_PEERING\")\n .prefixLength(16)\n .network(defaultNetwork.id())\n .build());\n\n var vpcConnection = new Connection(\"vpcConnection\", ConnectionArgs.builder()\n .network(defaultNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(privateIpAlloc.name())\n .build());\n\n var default_ = new Instance(\"default\", InstanceArgs.builder()\n .cluster(defaultCluster.name())\n .instanceId(\"alloydb-instance\")\n .instanceType(\"PRIMARY\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(vpcConnection)\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var user2 = new User(\"user2\", UserArgs.builder()\n .cluster(defaultCluster.name())\n .userId(\"user2@foo.com\")\n .userType(\"ALLOYDB_IAM_USER\")\n .databaseRoles(\"alloydbiamuser\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:alloydb:Instance\n properties:\n cluster: ${defaultCluster.name}\n instanceId: alloydb-instance\n instanceType: PRIMARY\n options:\n dependson:\n - ${vpcConnection}\n defaultCluster:\n type: gcp:alloydb:Cluster\n name: default\n properties:\n clusterId: alloydb-cluster\n location: us-central1\n networkConfig:\n network: ${defaultNetwork.id}\n initialUser:\n password: cluster_secret\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: alloydb-network\n privateIpAlloc:\n type: gcp:compute:GlobalAddress\n name: private_ip_alloc\n properties:\n name: alloydb-cluster\n addressType: INTERNAL\n purpose: VPC_PEERING\n prefixLength: 16\n network: ${defaultNetwork.id}\n vpcConnection:\n type: gcp:servicenetworking:Connection\n name: vpc_connection\n properties:\n network: ${defaultNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${privateIpAlloc.name}\n user2:\n type: gcp:alloydb:User\n properties:\n cluster: ${defaultCluster.name}\n userId: user2@foo.com\n userType: ALLOYDB_IAM_USER\n databaseRoles:\n - alloydbiamuser\n options:\n dependson:\n - ${default}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUser can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/clusters/{{cluster}}/users/{{user_id}}`\n\n* `{{project}}/{{location}}/{{cluster}}/{{user_id}}`\n\n* `{{location}}/{{cluster}}/{{user_id}}`\n\nWhen using the `pulumi import` command, User can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:alloydb/user:User default projects/{{project}}/locations/{{location}}/clusters/{{cluster}}/users/{{user_id}}\n```\n\n```sh\n$ pulumi import gcp:alloydb/user:User default {{project}}/{{location}}/{{cluster}}/{{user_id}}\n```\n\n```sh\n$ pulumi import gcp:alloydb/user:User default {{location}}/{{cluster}}/{{user_id}}\n```\n\n", + "description": "A database user in an AlloyDB cluster.\n\n\nTo get more information about User, see:\n\n* [API documentation](https://cloud.google.com/alloydb/docs/reference/rest/v1/projects.locations.clusters.users/create)\n* How-to Guides\n * [AlloyDB](https://cloud.google.com/alloydb/docs/)\n\n## Example Usage\n\n### Alloydb User Builtin\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultCluster = new gcp.alloydb.Cluster(\"default\", {\n clusterId: \"alloydb-cluster\",\n location: \"us-central1\",\n networkConfig: {\n network: defaultGoogleComputeNetwork.id,\n },\n initialUser: {\n password: \"cluster_secret\",\n },\n});\nconst defaultNetwork = new gcp.compute.Network(\"default\", {name: \"alloydb-network\"});\nconst privateIpAlloc = new gcp.compute.GlobalAddress(\"private_ip_alloc\", {\n name: \"alloydb-cluster\",\n addressType: \"INTERNAL\",\n purpose: \"VPC_PEERING\",\n prefixLength: 16,\n network: defaultNetwork.id,\n});\nconst vpcConnection = new gcp.servicenetworking.Connection(\"vpc_connection\", {\n network: defaultNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [privateIpAlloc.name],\n});\nconst _default = new gcp.alloydb.Instance(\"default\", {\n cluster: defaultCluster.name,\n instanceId: \"alloydb-instance\",\n instanceType: \"PRIMARY\",\n}, {\n dependsOn: [vpcConnection],\n});\nconst project = gcp.organizations.getProject({});\nconst user1 = new gcp.alloydb.User(\"user1\", {\n cluster: defaultCluster.name,\n userId: \"user1\",\n userType: \"ALLOYDB_BUILT_IN\",\n password: \"user_secret\",\n databaseRoles: [\"alloydbsuperuser\"],\n}, {\n dependsOn: [_default],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_cluster = gcp.alloydb.Cluster(\"default\",\n cluster_id=\"alloydb-cluster\",\n location=\"us-central1\",\n network_config={\n \"network\": default_google_compute_network[\"id\"],\n },\n initial_user={\n \"password\": \"cluster_secret\",\n })\ndefault_network = gcp.compute.Network(\"default\", name=\"alloydb-network\")\nprivate_ip_alloc = gcp.compute.GlobalAddress(\"private_ip_alloc\",\n name=\"alloydb-cluster\",\n address_type=\"INTERNAL\",\n purpose=\"VPC_PEERING\",\n prefix_length=16,\n network=default_network.id)\nvpc_connection = gcp.servicenetworking.Connection(\"vpc_connection\",\n network=default_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[private_ip_alloc.name])\ndefault = gcp.alloydb.Instance(\"default\",\n cluster=default_cluster.name,\n instance_id=\"alloydb-instance\",\n instance_type=\"PRIMARY\",\n opts = pulumi.ResourceOptions(depends_on=[vpc_connection]))\nproject = gcp.organizations.get_project()\nuser1 = gcp.alloydb.User(\"user1\",\n cluster=default_cluster.name,\n user_id=\"user1\",\n user_type=\"ALLOYDB_BUILT_IN\",\n password=\"user_secret\",\n database_roles=[\"alloydbsuperuser\"],\n opts = pulumi.ResourceOptions(depends_on=[default]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultCluster = new Gcp.Alloydb.Cluster(\"default\", new()\n {\n ClusterId = \"alloydb-cluster\",\n Location = \"us-central1\",\n NetworkConfig = new Gcp.Alloydb.Inputs.ClusterNetworkConfigArgs\n {\n Network = defaultGoogleComputeNetwork.Id,\n },\n InitialUser = new Gcp.Alloydb.Inputs.ClusterInitialUserArgs\n {\n Password = \"cluster_secret\",\n },\n });\n\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"alloydb-network\",\n });\n\n var privateIpAlloc = new Gcp.Compute.GlobalAddress(\"private_ip_alloc\", new()\n {\n Name = \"alloydb-cluster\",\n AddressType = \"INTERNAL\",\n Purpose = \"VPC_PEERING\",\n PrefixLength = 16,\n Network = defaultNetwork.Id,\n });\n\n var vpcConnection = new Gcp.ServiceNetworking.Connection(\"vpc_connection\", new()\n {\n Network = defaultNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n privateIpAlloc.Name,\n },\n });\n\n var @default = new Gcp.Alloydb.Instance(\"default\", new()\n {\n Cluster = defaultCluster.Name,\n InstanceId = \"alloydb-instance\",\n InstanceType = \"PRIMARY\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n vpcConnection,\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var user1 = new Gcp.Alloydb.User(\"user1\", new()\n {\n Cluster = defaultCluster.Name,\n UserId = \"user1\",\n UserType = \"ALLOYDB_BUILT_IN\",\n Password = \"user_secret\",\n DatabaseRoles = new[]\n {\n \"alloydbsuperuser\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/alloydb\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultCluster, err := alloydb.NewCluster(ctx, \"default\", \u0026alloydb.ClusterArgs{\n\t\t\tClusterId: pulumi.String(\"alloydb-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tNetworkConfig: \u0026alloydb.ClusterNetworkConfigArgs{\n\t\t\t\tNetwork: pulumi.Any(defaultGoogleComputeNetwork.Id),\n\t\t\t},\n\t\t\tInitialUser: \u0026alloydb.ClusterInitialUserArgs{\n\t\t\t\tPassword: pulumi.String(\"cluster_secret\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"alloydb-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateIpAlloc, err := compute.NewGlobalAddress(ctx, \"private_ip_alloc\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"alloydb-cluster\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpcConnection, err := servicenetworking.NewConnection(ctx, \"vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tprivateIpAlloc.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = alloydb.NewInstance(ctx, \"default\", \u0026alloydb.InstanceArgs{\n\t\t\tCluster: defaultCluster.Name,\n\t\t\tInstanceId: pulumi.String(\"alloydb-instance\"),\n\t\t\tInstanceType: pulumi.String(\"PRIMARY\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = alloydb.NewUser(ctx, \"user1\", \u0026alloydb.UserArgs{\n\t\t\tCluster: defaultCluster.Name,\n\t\t\tUserId: pulumi.String(\"user1\"),\n\t\t\tUserType: pulumi.String(\"ALLOYDB_BUILT_IN\"),\n\t\t\tPassword: pulumi.String(\"user_secret\"),\n\t\t\tDatabaseRoles: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"alloydbsuperuser\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.alloydb.Cluster;\nimport com.pulumi.gcp.alloydb.ClusterArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterNetworkConfigArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterInitialUserArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.alloydb.Instance;\nimport com.pulumi.gcp.alloydb.InstanceArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.alloydb.User;\nimport com.pulumi.gcp.alloydb.UserArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultCluster = new Cluster(\"defaultCluster\", ClusterArgs.builder()\n .clusterId(\"alloydb-cluster\")\n .location(\"us-central1\")\n .networkConfig(ClusterNetworkConfigArgs.builder()\n .network(defaultGoogleComputeNetwork.id())\n .build())\n .initialUser(ClusterInitialUserArgs.builder()\n .password(\"cluster_secret\")\n .build())\n .build());\n\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"alloydb-network\")\n .build());\n\n var privateIpAlloc = new GlobalAddress(\"privateIpAlloc\", GlobalAddressArgs.builder()\n .name(\"alloydb-cluster\")\n .addressType(\"INTERNAL\")\n .purpose(\"VPC_PEERING\")\n .prefixLength(16)\n .network(defaultNetwork.id())\n .build());\n\n var vpcConnection = new Connection(\"vpcConnection\", ConnectionArgs.builder()\n .network(defaultNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(privateIpAlloc.name())\n .build());\n\n var default_ = new Instance(\"default\", InstanceArgs.builder()\n .cluster(defaultCluster.name())\n .instanceId(\"alloydb-instance\")\n .instanceType(\"PRIMARY\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(vpcConnection)\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var user1 = new User(\"user1\", UserArgs.builder()\n .cluster(defaultCluster.name())\n .userId(\"user1\")\n .userType(\"ALLOYDB_BUILT_IN\")\n .password(\"user_secret\")\n .databaseRoles(\"alloydbsuperuser\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:alloydb:Instance\n properties:\n cluster: ${defaultCluster.name}\n instanceId: alloydb-instance\n instanceType: PRIMARY\n options:\n dependsOn:\n - ${vpcConnection}\n defaultCluster:\n type: gcp:alloydb:Cluster\n name: default\n properties:\n clusterId: alloydb-cluster\n location: us-central1\n networkConfig:\n network: ${defaultGoogleComputeNetwork.id}\n initialUser:\n password: cluster_secret\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: alloydb-network\n privateIpAlloc:\n type: gcp:compute:GlobalAddress\n name: private_ip_alloc\n properties:\n name: alloydb-cluster\n addressType: INTERNAL\n purpose: VPC_PEERING\n prefixLength: 16\n network: ${defaultNetwork.id}\n vpcConnection:\n type: gcp:servicenetworking:Connection\n name: vpc_connection\n properties:\n network: ${defaultNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${privateIpAlloc.name}\n user1:\n type: gcp:alloydb:User\n properties:\n cluster: ${defaultCluster.name}\n userId: user1\n userType: ALLOYDB_BUILT_IN\n password: user_secret\n databaseRoles:\n - alloydbsuperuser\n options:\n dependsOn:\n - ${default}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Alloydb User Iam\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultNetwork = new gcp.compute.Network(\"default\", {name: \"alloydb-network\"});\nconst defaultCluster = new gcp.alloydb.Cluster(\"default\", {\n clusterId: \"alloydb-cluster\",\n location: \"us-central1\",\n networkConfig: {\n network: defaultNetwork.id,\n },\n initialUser: {\n password: \"cluster_secret\",\n },\n});\nconst privateIpAlloc = new gcp.compute.GlobalAddress(\"private_ip_alloc\", {\n name: \"alloydb-cluster\",\n addressType: \"INTERNAL\",\n purpose: \"VPC_PEERING\",\n prefixLength: 16,\n network: defaultNetwork.id,\n});\nconst vpcConnection = new gcp.servicenetworking.Connection(\"vpc_connection\", {\n network: defaultNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [privateIpAlloc.name],\n});\nconst _default = new gcp.alloydb.Instance(\"default\", {\n cluster: defaultCluster.name,\n instanceId: \"alloydb-instance\",\n instanceType: \"PRIMARY\",\n}, {\n dependsOn: [vpcConnection],\n});\nconst project = gcp.organizations.getProject({});\nconst user2 = new gcp.alloydb.User(\"user2\", {\n cluster: defaultCluster.name,\n userId: \"user2@foo.com\",\n userType: \"ALLOYDB_IAM_USER\",\n databaseRoles: [\"alloydbiamuser\"],\n}, {\n dependsOn: [_default],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_network = gcp.compute.Network(\"default\", name=\"alloydb-network\")\ndefault_cluster = gcp.alloydb.Cluster(\"default\",\n cluster_id=\"alloydb-cluster\",\n location=\"us-central1\",\n network_config={\n \"network\": default_network.id,\n },\n initial_user={\n \"password\": \"cluster_secret\",\n })\nprivate_ip_alloc = gcp.compute.GlobalAddress(\"private_ip_alloc\",\n name=\"alloydb-cluster\",\n address_type=\"INTERNAL\",\n purpose=\"VPC_PEERING\",\n prefix_length=16,\n network=default_network.id)\nvpc_connection = gcp.servicenetworking.Connection(\"vpc_connection\",\n network=default_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[private_ip_alloc.name])\ndefault = gcp.alloydb.Instance(\"default\",\n cluster=default_cluster.name,\n instance_id=\"alloydb-instance\",\n instance_type=\"PRIMARY\",\n opts = pulumi.ResourceOptions(depends_on=[vpc_connection]))\nproject = gcp.organizations.get_project()\nuser2 = gcp.alloydb.User(\"user2\",\n cluster=default_cluster.name,\n user_id=\"user2@foo.com\",\n user_type=\"ALLOYDB_IAM_USER\",\n database_roles=[\"alloydbiamuser\"],\n opts = pulumi.ResourceOptions(depends_on=[default]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"alloydb-network\",\n });\n\n var defaultCluster = new Gcp.Alloydb.Cluster(\"default\", new()\n {\n ClusterId = \"alloydb-cluster\",\n Location = \"us-central1\",\n NetworkConfig = new Gcp.Alloydb.Inputs.ClusterNetworkConfigArgs\n {\n Network = defaultNetwork.Id,\n },\n InitialUser = new Gcp.Alloydb.Inputs.ClusterInitialUserArgs\n {\n Password = \"cluster_secret\",\n },\n });\n\n var privateIpAlloc = new Gcp.Compute.GlobalAddress(\"private_ip_alloc\", new()\n {\n Name = \"alloydb-cluster\",\n AddressType = \"INTERNAL\",\n Purpose = \"VPC_PEERING\",\n PrefixLength = 16,\n Network = defaultNetwork.Id,\n });\n\n var vpcConnection = new Gcp.ServiceNetworking.Connection(\"vpc_connection\", new()\n {\n Network = defaultNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n privateIpAlloc.Name,\n },\n });\n\n var @default = new Gcp.Alloydb.Instance(\"default\", new()\n {\n Cluster = defaultCluster.Name,\n InstanceId = \"alloydb-instance\",\n InstanceType = \"PRIMARY\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n vpcConnection,\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var user2 = new Gcp.Alloydb.User(\"user2\", new()\n {\n Cluster = defaultCluster.Name,\n UserId = \"user2@foo.com\",\n UserType = \"ALLOYDB_IAM_USER\",\n DatabaseRoles = new[]\n {\n \"alloydbiamuser\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/alloydb\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"alloydb-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultCluster, err := alloydb.NewCluster(ctx, \"default\", \u0026alloydb.ClusterArgs{\n\t\t\tClusterId: pulumi.String(\"alloydb-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tNetworkConfig: \u0026alloydb.ClusterNetworkConfigArgs{\n\t\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\t},\n\t\t\tInitialUser: \u0026alloydb.ClusterInitialUserArgs{\n\t\t\t\tPassword: pulumi.String(\"cluster_secret\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateIpAlloc, err := compute.NewGlobalAddress(ctx, \"private_ip_alloc\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"alloydb-cluster\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpcConnection, err := servicenetworking.NewConnection(ctx, \"vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tprivateIpAlloc.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = alloydb.NewInstance(ctx, \"default\", \u0026alloydb.InstanceArgs{\n\t\t\tCluster: defaultCluster.Name,\n\t\t\tInstanceId: pulumi.String(\"alloydb-instance\"),\n\t\t\tInstanceType: pulumi.String(\"PRIMARY\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = alloydb.NewUser(ctx, \"user2\", \u0026alloydb.UserArgs{\n\t\t\tCluster: defaultCluster.Name,\n\t\t\tUserId: pulumi.String(\"user2@foo.com\"),\n\t\t\tUserType: pulumi.String(\"ALLOYDB_IAM_USER\"),\n\t\t\tDatabaseRoles: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"alloydbiamuser\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.alloydb.Cluster;\nimport com.pulumi.gcp.alloydb.ClusterArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterNetworkConfigArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterInitialUserArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.alloydb.Instance;\nimport com.pulumi.gcp.alloydb.InstanceArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.alloydb.User;\nimport com.pulumi.gcp.alloydb.UserArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"alloydb-network\")\n .build());\n\n var defaultCluster = new Cluster(\"defaultCluster\", ClusterArgs.builder()\n .clusterId(\"alloydb-cluster\")\n .location(\"us-central1\")\n .networkConfig(ClusterNetworkConfigArgs.builder()\n .network(defaultNetwork.id())\n .build())\n .initialUser(ClusterInitialUserArgs.builder()\n .password(\"cluster_secret\")\n .build())\n .build());\n\n var privateIpAlloc = new GlobalAddress(\"privateIpAlloc\", GlobalAddressArgs.builder()\n .name(\"alloydb-cluster\")\n .addressType(\"INTERNAL\")\n .purpose(\"VPC_PEERING\")\n .prefixLength(16)\n .network(defaultNetwork.id())\n .build());\n\n var vpcConnection = new Connection(\"vpcConnection\", ConnectionArgs.builder()\n .network(defaultNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(privateIpAlloc.name())\n .build());\n\n var default_ = new Instance(\"default\", InstanceArgs.builder()\n .cluster(defaultCluster.name())\n .instanceId(\"alloydb-instance\")\n .instanceType(\"PRIMARY\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(vpcConnection)\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var user2 = new User(\"user2\", UserArgs.builder()\n .cluster(defaultCluster.name())\n .userId(\"user2@foo.com\")\n .userType(\"ALLOYDB_IAM_USER\")\n .databaseRoles(\"alloydbiamuser\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:alloydb:Instance\n properties:\n cluster: ${defaultCluster.name}\n instanceId: alloydb-instance\n instanceType: PRIMARY\n options:\n dependsOn:\n - ${vpcConnection}\n defaultCluster:\n type: gcp:alloydb:Cluster\n name: default\n properties:\n clusterId: alloydb-cluster\n location: us-central1\n networkConfig:\n network: ${defaultNetwork.id}\n initialUser:\n password: cluster_secret\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: alloydb-network\n privateIpAlloc:\n type: gcp:compute:GlobalAddress\n name: private_ip_alloc\n properties:\n name: alloydb-cluster\n addressType: INTERNAL\n purpose: VPC_PEERING\n prefixLength: 16\n network: ${defaultNetwork.id}\n vpcConnection:\n type: gcp:servicenetworking:Connection\n name: vpc_connection\n properties:\n network: ${defaultNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${privateIpAlloc.name}\n user2:\n type: gcp:alloydb:User\n properties:\n cluster: ${defaultCluster.name}\n userId: user2@foo.com\n userType: ALLOYDB_IAM_USER\n databaseRoles:\n - alloydbiamuser\n options:\n dependsOn:\n - ${default}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUser can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/clusters/{{cluster}}/users/{{user_id}}`\n\n* `{{project}}/{{location}}/{{cluster}}/{{user_id}}`\n\n* `{{location}}/{{cluster}}/{{user_id}}`\n\nWhen using the `pulumi import` command, User can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:alloydb/user:User default projects/{{project}}/locations/{{location}}/clusters/{{cluster}}/users/{{user_id}}\n```\n\n```sh\n$ pulumi import gcp:alloydb/user:User default {{project}}/{{location}}/{{cluster}}/{{user_id}}\n```\n\n```sh\n$ pulumi import gcp:alloydb/user:User default {{location}}/{{cluster}}/{{user_id}}\n```\n\n", "properties": { "cluster": { "type": "string", @@ -130355,7 +130355,7 @@ } }, "gcp:apigateway/apiConfigIamBinding:ApiConfigIamBinding": { - "description": "Three different resources help you manage your IAM policy for API Gateway ApiConfig. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Authoritative. Sets the IAM policy for the apiconfig and replaces any existing policy already attached.\n* `gcp.apigateway.ApiConfigIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the apiconfig are preserved.\n* `gcp.apigateway.ApiConfigIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the apiconfig are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Retrieves the IAM policy for the apiconfig\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiConfigIamBinding` and `gcp.apigateway.ApiConfigIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiConfigIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiConfigIamPolicy(\"policy\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.ApiConfigIamPolicy(\"policy\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiConfigIamPolicy(\"policy\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiConfigIamPolicy(ctx, \"policy\", \u0026apigateway.ApiConfigIamPolicyArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiConfigIamPolicy(\"policy\", ApiConfigIamPolicyArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiConfigIamPolicy\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiConfigIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiConfigIamBinding(\"binding\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiConfigIamBinding(\"binding\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiConfigIamBinding(\"binding\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamBinding(ctx, \"binding\", \u0026apigateway.ApiConfigIamBindingArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBinding;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiConfigIamBinding(\"binding\", ApiConfigIamBindingArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiConfigIamBinding\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiConfigIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiConfigIamMember(\"member\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiConfigIamMember(\"member\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiConfigIamMember(\"member\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamMember(ctx, \"member\", \u0026apigateway.ApiConfigIamMemberArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMember;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiConfigIamMember(\"member\", ApiConfigIamMemberArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiConfigIamMember\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for API Gateway ApiConfig\nThree different resources help you manage your IAM policy for API Gateway ApiConfig. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Authoritative. Sets the IAM policy for the apiconfig and replaces any existing policy already attached.\n* `gcp.apigateway.ApiConfigIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the apiconfig are preserved.\n* `gcp.apigateway.ApiConfigIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the apiconfig are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Retrieves the IAM policy for the apiconfig\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiConfigIamBinding` and `gcp.apigateway.ApiConfigIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiConfigIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiConfigIamPolicy(\"policy\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.ApiConfigIamPolicy(\"policy\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiConfigIamPolicy(\"policy\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiConfigIamPolicy(ctx, \"policy\", \u0026apigateway.ApiConfigIamPolicyArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiConfigIamPolicy(\"policy\", ApiConfigIamPolicyArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiConfigIamPolicy\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiConfigIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiConfigIamBinding(\"binding\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiConfigIamBinding(\"binding\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiConfigIamBinding(\"binding\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamBinding(ctx, \"binding\", \u0026apigateway.ApiConfigIamBindingArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBinding;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiConfigIamBinding(\"binding\", ApiConfigIamBindingArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiConfigIamBinding\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiConfigIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiConfigIamMember(\"member\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiConfigIamMember(\"member\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiConfigIamMember(\"member\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamMember(ctx, \"member\", \u0026apigateway.ApiConfigIamMemberArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMember;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiConfigIamMember(\"member\", ApiConfigIamMemberArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiConfigIamMember\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}}\n\n* {{project}}/{{api}}/{{api_config}}\n\n* {{api}}/{{api_config}}\n\n* {{api_config}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway apiconfig IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamBinding:ApiConfigIamBinding editor \"projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamBinding:ApiConfigIamBinding editor \"projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamBinding:ApiConfigIamBinding editor projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for API Gateway ApiConfig. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Authoritative. Sets the IAM policy for the apiconfig and replaces any existing policy already attached.\n* `gcp.apigateway.ApiConfigIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the apiconfig are preserved.\n* `gcp.apigateway.ApiConfigIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the apiconfig are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Retrieves the IAM policy for the apiconfig\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiConfigIamBinding` and `gcp.apigateway.ApiConfigIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiConfigIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiConfigIamPolicy(\"policy\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.ApiConfigIamPolicy(\"policy\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiConfigIamPolicy(\"policy\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiConfigIamPolicy(ctx, \"policy\", \u0026apigateway.ApiConfigIamPolicyArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiConfigIamPolicy(\"policy\", ApiConfigIamPolicyArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiConfigIamPolicy\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiConfigIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiConfigIamBinding(\"binding\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiConfigIamBinding(\"binding\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiConfigIamBinding(\"binding\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamBinding(ctx, \"binding\", \u0026apigateway.ApiConfigIamBindingArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBinding;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiConfigIamBinding(\"binding\", ApiConfigIamBindingArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiConfigIamBinding\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiConfigIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiConfigIamMember(\"member\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiConfigIamMember(\"member\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiConfigIamMember(\"member\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamMember(ctx, \"member\", \u0026apigateway.ApiConfigIamMemberArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMember;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiConfigIamMember(\"member\", ApiConfigIamMemberArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiConfigIamMember\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for API Gateway ApiConfig\nThree different resources help you manage your IAM policy for API Gateway ApiConfig. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Authoritative. Sets the IAM policy for the apiconfig and replaces any existing policy already attached.\n* `gcp.apigateway.ApiConfigIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the apiconfig are preserved.\n* `gcp.apigateway.ApiConfigIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the apiconfig are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Retrieves the IAM policy for the apiconfig\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiConfigIamBinding` and `gcp.apigateway.ApiConfigIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiConfigIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiConfigIamPolicy(\"policy\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.ApiConfigIamPolicy(\"policy\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiConfigIamPolicy(\"policy\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiConfigIamPolicy(ctx, \"policy\", \u0026apigateway.ApiConfigIamPolicyArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiConfigIamPolicy(\"policy\", ApiConfigIamPolicyArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiConfigIamPolicy\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiConfigIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiConfigIamBinding(\"binding\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiConfigIamBinding(\"binding\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiConfigIamBinding(\"binding\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamBinding(ctx, \"binding\", \u0026apigateway.ApiConfigIamBindingArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBinding;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiConfigIamBinding(\"binding\", ApiConfigIamBindingArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiConfigIamBinding\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiConfigIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiConfigIamMember(\"member\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiConfigIamMember(\"member\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiConfigIamMember(\"member\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamMember(ctx, \"member\", \u0026apigateway.ApiConfigIamMemberArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMember;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiConfigIamMember(\"member\", ApiConfigIamMemberArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiConfigIamMember\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}}\n\n* {{project}}/{{api}}/{{api_config}}\n\n* {{api}}/{{api_config}}\n\n* {{api_config}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway apiconfig IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamBinding:ApiConfigIamBinding editor \"projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamBinding:ApiConfigIamBinding editor \"projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamBinding:ApiConfigIamBinding editor projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "api": { "type": "string", @@ -130475,7 +130475,7 @@ } }, "gcp:apigateway/apiConfigIamMember:ApiConfigIamMember": { - "description": "Three different resources help you manage your IAM policy for API Gateway ApiConfig. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Authoritative. Sets the IAM policy for the apiconfig and replaces any existing policy already attached.\n* `gcp.apigateway.ApiConfigIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the apiconfig are preserved.\n* `gcp.apigateway.ApiConfigIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the apiconfig are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Retrieves the IAM policy for the apiconfig\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiConfigIamBinding` and `gcp.apigateway.ApiConfigIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiConfigIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiConfigIamPolicy(\"policy\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.ApiConfigIamPolicy(\"policy\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiConfigIamPolicy(\"policy\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiConfigIamPolicy(ctx, \"policy\", \u0026apigateway.ApiConfigIamPolicyArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiConfigIamPolicy(\"policy\", ApiConfigIamPolicyArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiConfigIamPolicy\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiConfigIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiConfigIamBinding(\"binding\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiConfigIamBinding(\"binding\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiConfigIamBinding(\"binding\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamBinding(ctx, \"binding\", \u0026apigateway.ApiConfigIamBindingArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBinding;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiConfigIamBinding(\"binding\", ApiConfigIamBindingArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiConfigIamBinding\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiConfigIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiConfigIamMember(\"member\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiConfigIamMember(\"member\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiConfigIamMember(\"member\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamMember(ctx, \"member\", \u0026apigateway.ApiConfigIamMemberArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMember;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiConfigIamMember(\"member\", ApiConfigIamMemberArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiConfigIamMember\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for API Gateway ApiConfig\nThree different resources help you manage your IAM policy for API Gateway ApiConfig. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Authoritative. Sets the IAM policy for the apiconfig and replaces any existing policy already attached.\n* `gcp.apigateway.ApiConfigIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the apiconfig are preserved.\n* `gcp.apigateway.ApiConfigIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the apiconfig are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Retrieves the IAM policy for the apiconfig\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiConfigIamBinding` and `gcp.apigateway.ApiConfigIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiConfigIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiConfigIamPolicy(\"policy\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.ApiConfigIamPolicy(\"policy\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiConfigIamPolicy(\"policy\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiConfigIamPolicy(ctx, \"policy\", \u0026apigateway.ApiConfigIamPolicyArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiConfigIamPolicy(\"policy\", ApiConfigIamPolicyArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiConfigIamPolicy\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiConfigIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiConfigIamBinding(\"binding\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiConfigIamBinding(\"binding\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiConfigIamBinding(\"binding\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamBinding(ctx, \"binding\", \u0026apigateway.ApiConfigIamBindingArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBinding;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiConfigIamBinding(\"binding\", ApiConfigIamBindingArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiConfigIamBinding\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiConfigIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiConfigIamMember(\"member\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiConfigIamMember(\"member\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiConfigIamMember(\"member\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamMember(ctx, \"member\", \u0026apigateway.ApiConfigIamMemberArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMember;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiConfigIamMember(\"member\", ApiConfigIamMemberArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiConfigIamMember\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}}\n\n* {{project}}/{{api}}/{{api_config}}\n\n* {{api}}/{{api_config}}\n\n* {{api_config}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway apiconfig IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamMember:ApiConfigIamMember editor \"projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamMember:ApiConfigIamMember editor \"projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamMember:ApiConfigIamMember editor projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for API Gateway ApiConfig. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Authoritative. Sets the IAM policy for the apiconfig and replaces any existing policy already attached.\n* `gcp.apigateway.ApiConfigIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the apiconfig are preserved.\n* `gcp.apigateway.ApiConfigIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the apiconfig are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Retrieves the IAM policy for the apiconfig\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiConfigIamBinding` and `gcp.apigateway.ApiConfigIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiConfigIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiConfigIamPolicy(\"policy\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.ApiConfigIamPolicy(\"policy\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiConfigIamPolicy(\"policy\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiConfigIamPolicy(ctx, \"policy\", \u0026apigateway.ApiConfigIamPolicyArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiConfigIamPolicy(\"policy\", ApiConfigIamPolicyArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiConfigIamPolicy\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiConfigIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiConfigIamBinding(\"binding\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiConfigIamBinding(\"binding\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiConfigIamBinding(\"binding\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamBinding(ctx, \"binding\", \u0026apigateway.ApiConfigIamBindingArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBinding;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiConfigIamBinding(\"binding\", ApiConfigIamBindingArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiConfigIamBinding\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiConfigIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiConfigIamMember(\"member\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiConfigIamMember(\"member\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiConfigIamMember(\"member\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamMember(ctx, \"member\", \u0026apigateway.ApiConfigIamMemberArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMember;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiConfigIamMember(\"member\", ApiConfigIamMemberArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiConfigIamMember\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for API Gateway ApiConfig\nThree different resources help you manage your IAM policy for API Gateway ApiConfig. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Authoritative. Sets the IAM policy for the apiconfig and replaces any existing policy already attached.\n* `gcp.apigateway.ApiConfigIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the apiconfig are preserved.\n* `gcp.apigateway.ApiConfigIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the apiconfig are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Retrieves the IAM policy for the apiconfig\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiConfigIamBinding` and `gcp.apigateway.ApiConfigIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiConfigIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiConfigIamPolicy(\"policy\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.ApiConfigIamPolicy(\"policy\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiConfigIamPolicy(\"policy\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiConfigIamPolicy(ctx, \"policy\", \u0026apigateway.ApiConfigIamPolicyArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiConfigIamPolicy(\"policy\", ApiConfigIamPolicyArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiConfigIamPolicy\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiConfigIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiConfigIamBinding(\"binding\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiConfigIamBinding(\"binding\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiConfigIamBinding(\"binding\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamBinding(ctx, \"binding\", \u0026apigateway.ApiConfigIamBindingArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBinding;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiConfigIamBinding(\"binding\", ApiConfigIamBindingArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiConfigIamBinding\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiConfigIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiConfigIamMember(\"member\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiConfigIamMember(\"member\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiConfigIamMember(\"member\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamMember(ctx, \"member\", \u0026apigateway.ApiConfigIamMemberArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMember;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiConfigIamMember(\"member\", ApiConfigIamMemberArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiConfigIamMember\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}}\n\n* {{project}}/{{api}}/{{api_config}}\n\n* {{api}}/{{api_config}}\n\n* {{api_config}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway apiconfig IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamMember:ApiConfigIamMember editor \"projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamMember:ApiConfigIamMember editor \"projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamMember:ApiConfigIamMember editor projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "api": { "type": "string", @@ -130588,7 +130588,7 @@ } }, "gcp:apigateway/apiConfigIamPolicy:ApiConfigIamPolicy": { - "description": "Three different resources help you manage your IAM policy for API Gateway ApiConfig. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Authoritative. Sets the IAM policy for the apiconfig and replaces any existing policy already attached.\n* `gcp.apigateway.ApiConfigIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the apiconfig are preserved.\n* `gcp.apigateway.ApiConfigIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the apiconfig are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Retrieves the IAM policy for the apiconfig\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiConfigIamBinding` and `gcp.apigateway.ApiConfigIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiConfigIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiConfigIamPolicy(\"policy\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.ApiConfigIamPolicy(\"policy\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiConfigIamPolicy(\"policy\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiConfigIamPolicy(ctx, \"policy\", \u0026apigateway.ApiConfigIamPolicyArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiConfigIamPolicy(\"policy\", ApiConfigIamPolicyArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiConfigIamPolicy\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiConfigIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiConfigIamBinding(\"binding\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiConfigIamBinding(\"binding\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiConfigIamBinding(\"binding\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamBinding(ctx, \"binding\", \u0026apigateway.ApiConfigIamBindingArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBinding;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiConfigIamBinding(\"binding\", ApiConfigIamBindingArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiConfigIamBinding\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiConfigIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiConfigIamMember(\"member\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiConfigIamMember(\"member\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiConfigIamMember(\"member\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamMember(ctx, \"member\", \u0026apigateway.ApiConfigIamMemberArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMember;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiConfigIamMember(\"member\", ApiConfigIamMemberArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiConfigIamMember\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for API Gateway ApiConfig\nThree different resources help you manage your IAM policy for API Gateway ApiConfig. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Authoritative. Sets the IAM policy for the apiconfig and replaces any existing policy already attached.\n* `gcp.apigateway.ApiConfigIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the apiconfig are preserved.\n* `gcp.apigateway.ApiConfigIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the apiconfig are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Retrieves the IAM policy for the apiconfig\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiConfigIamBinding` and `gcp.apigateway.ApiConfigIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiConfigIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiConfigIamPolicy(\"policy\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.ApiConfigIamPolicy(\"policy\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiConfigIamPolicy(\"policy\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiConfigIamPolicy(ctx, \"policy\", \u0026apigateway.ApiConfigIamPolicyArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiConfigIamPolicy(\"policy\", ApiConfigIamPolicyArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiConfigIamPolicy\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiConfigIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiConfigIamBinding(\"binding\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiConfigIamBinding(\"binding\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiConfigIamBinding(\"binding\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamBinding(ctx, \"binding\", \u0026apigateway.ApiConfigIamBindingArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBinding;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiConfigIamBinding(\"binding\", ApiConfigIamBindingArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiConfigIamBinding\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiConfigIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiConfigIamMember(\"member\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiConfigIamMember(\"member\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiConfigIamMember(\"member\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamMember(ctx, \"member\", \u0026apigateway.ApiConfigIamMemberArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMember;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiConfigIamMember(\"member\", ApiConfigIamMemberArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiConfigIamMember\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}}\n\n* {{project}}/{{api}}/{{api_config}}\n\n* {{api}}/{{api_config}}\n\n* {{api_config}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway apiconfig IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamPolicy:ApiConfigIamPolicy editor \"projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamPolicy:ApiConfigIamPolicy editor \"projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamPolicy:ApiConfigIamPolicy editor projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for API Gateway ApiConfig. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Authoritative. Sets the IAM policy for the apiconfig and replaces any existing policy already attached.\n* `gcp.apigateway.ApiConfigIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the apiconfig are preserved.\n* `gcp.apigateway.ApiConfigIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the apiconfig are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Retrieves the IAM policy for the apiconfig\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiConfigIamBinding` and `gcp.apigateway.ApiConfigIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiConfigIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiConfigIamPolicy(\"policy\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.ApiConfigIamPolicy(\"policy\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiConfigIamPolicy(\"policy\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiConfigIamPolicy(ctx, \"policy\", \u0026apigateway.ApiConfigIamPolicyArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiConfigIamPolicy(\"policy\", ApiConfigIamPolicyArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiConfigIamPolicy\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiConfigIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiConfigIamBinding(\"binding\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiConfigIamBinding(\"binding\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiConfigIamBinding(\"binding\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamBinding(ctx, \"binding\", \u0026apigateway.ApiConfigIamBindingArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBinding;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiConfigIamBinding(\"binding\", ApiConfigIamBindingArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiConfigIamBinding\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiConfigIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiConfigIamMember(\"member\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiConfigIamMember(\"member\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiConfigIamMember(\"member\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamMember(ctx, \"member\", \u0026apigateway.ApiConfigIamMemberArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMember;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiConfigIamMember(\"member\", ApiConfigIamMemberArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiConfigIamMember\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for API Gateway ApiConfig\nThree different resources help you manage your IAM policy for API Gateway ApiConfig. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Authoritative. Sets the IAM policy for the apiconfig and replaces any existing policy already attached.\n* `gcp.apigateway.ApiConfigIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the apiconfig are preserved.\n* `gcp.apigateway.ApiConfigIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the apiconfig are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Retrieves the IAM policy for the apiconfig\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiConfigIamBinding` and `gcp.apigateway.ApiConfigIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiConfigIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiConfigIamPolicy(\"policy\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.ApiConfigIamPolicy(\"policy\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiConfigIamPolicy(\"policy\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiConfigIamPolicy(ctx, \"policy\", \u0026apigateway.ApiConfigIamPolicyArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiConfigIamPolicy(\"policy\", ApiConfigIamPolicyArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiConfigIamPolicy\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiConfigIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiConfigIamBinding(\"binding\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiConfigIamBinding(\"binding\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiConfigIamBinding(\"binding\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamBinding(ctx, \"binding\", \u0026apigateway.ApiConfigIamBindingArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBinding;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiConfigIamBinding(\"binding\", ApiConfigIamBindingArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiConfigIamBinding\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiConfigIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiConfigIamMember(\"member\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiConfigIamMember(\"member\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiConfigIamMember(\"member\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamMember(ctx, \"member\", \u0026apigateway.ApiConfigIamMemberArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMember;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiConfigIamMember(\"member\", ApiConfigIamMemberArgs.builder()\n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiConfigIamMember\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}}\n\n* {{project}}/{{api}}/{{api_config}}\n\n* {{api}}/{{api_config}}\n\n* {{api_config}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway apiconfig IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamPolicy:ApiConfigIamPolicy editor \"projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamPolicy:ApiConfigIamPolicy editor \"projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamPolicy:ApiConfigIamPolicy editor projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "api": { "type": "string", @@ -130672,7 +130672,7 @@ } }, "gcp:apigateway/apiIamBinding:ApiIamBinding": { - "description": "Three different resources help you manage your IAM policy for API Gateway Api. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiIamPolicy`: Authoritative. Sets the IAM policy for the api and replaces any existing policy already attached.\n* `gcp.apigateway.ApiIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the api are preserved.\n* `gcp.apigateway.ApiIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the api are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiIamPolicy`: Retrieves the IAM policy for the api\n\n\u003e **Note:** `gcp.apigateway.ApiIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiIamBinding` and `gcp.apigateway.ApiIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiIamPolicy(\"policy\", {\n project: api.project,\n api: api.apiId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.ApiIamPolicy(\"policy\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiIamPolicy(\"policy\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiIamPolicy(ctx, \"policy\", \u0026apigateway.ApiIamPolicyArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiIamPolicy(\"policy\", ApiIamPolicyArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiIamPolicy\n properties:\n project: ${api.project}\n api: ${api.apiId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiIamBinding(\"binding\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiIamBinding(\"binding\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiIamBinding(\"binding\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamBinding(ctx, \"binding\", \u0026apigateway.ApiIamBindingArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamBinding;\nimport com.pulumi.gcp.apigateway.ApiIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiIamBinding(\"binding\", ApiIamBindingArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiIamBinding\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiIamMember(\"member\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiIamMember(\"member\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiIamMember(\"member\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamMember(ctx, \"member\", \u0026apigateway.ApiIamMemberArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamMember;\nimport com.pulumi.gcp.apigateway.ApiIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiIamMember(\"member\", ApiIamMemberArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiIamMember\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for API Gateway Api\nThree different resources help you manage your IAM policy for API Gateway Api. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiIamPolicy`: Authoritative. Sets the IAM policy for the api and replaces any existing policy already attached.\n* `gcp.apigateway.ApiIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the api are preserved.\n* `gcp.apigateway.ApiIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the api are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiIamPolicy`: Retrieves the IAM policy for the api\n\n\u003e **Note:** `gcp.apigateway.ApiIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiIamBinding` and `gcp.apigateway.ApiIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiIamPolicy(\"policy\", {\n project: api.project,\n api: api.apiId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.ApiIamPolicy(\"policy\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiIamPolicy(\"policy\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiIamPolicy(ctx, \"policy\", \u0026apigateway.ApiIamPolicyArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiIamPolicy(\"policy\", ApiIamPolicyArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiIamPolicy\n properties:\n project: ${api.project}\n api: ${api.apiId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiIamBinding(\"binding\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiIamBinding(\"binding\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiIamBinding(\"binding\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamBinding(ctx, \"binding\", \u0026apigateway.ApiIamBindingArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamBinding;\nimport com.pulumi.gcp.apigateway.ApiIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiIamBinding(\"binding\", ApiIamBindingArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiIamBinding\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiIamMember(\"member\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiIamMember(\"member\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiIamMember(\"member\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamMember(ctx, \"member\", \u0026apigateway.ApiIamMemberArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamMember;\nimport com.pulumi.gcp.apigateway.ApiIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiIamMember(\"member\", ApiIamMemberArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiIamMember\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/apis/{{api}}\n\n* {{project}}/{{api}}\n\n* {{api}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway api IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamBinding:ApiIamBinding editor \"projects/{{project}}/locations/global/apis/{{api}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamBinding:ApiIamBinding editor \"projects/{{project}}/locations/global/apis/{{api}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamBinding:ApiIamBinding editor projects/{{project}}/locations/global/apis/{{api}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for API Gateway Api. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiIamPolicy`: Authoritative. Sets the IAM policy for the api and replaces any existing policy already attached.\n* `gcp.apigateway.ApiIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the api are preserved.\n* `gcp.apigateway.ApiIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the api are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiIamPolicy`: Retrieves the IAM policy for the api\n\n\u003e **Note:** `gcp.apigateway.ApiIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiIamBinding` and `gcp.apigateway.ApiIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiIamPolicy(\"policy\", {\n project: api.project,\n api: api.apiId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.ApiIamPolicy(\"policy\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiIamPolicy(\"policy\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiIamPolicy(ctx, \"policy\", \u0026apigateway.ApiIamPolicyArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiIamPolicy(\"policy\", ApiIamPolicyArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiIamPolicy\n properties:\n project: ${api.project}\n api: ${api.apiId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiIamBinding(\"binding\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiIamBinding(\"binding\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiIamBinding(\"binding\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamBinding(ctx, \"binding\", \u0026apigateway.ApiIamBindingArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamBinding;\nimport com.pulumi.gcp.apigateway.ApiIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiIamBinding(\"binding\", ApiIamBindingArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiIamBinding\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiIamMember(\"member\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiIamMember(\"member\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiIamMember(\"member\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamMember(ctx, \"member\", \u0026apigateway.ApiIamMemberArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamMember;\nimport com.pulumi.gcp.apigateway.ApiIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiIamMember(\"member\", ApiIamMemberArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiIamMember\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for API Gateway Api\nThree different resources help you manage your IAM policy for API Gateway Api. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiIamPolicy`: Authoritative. Sets the IAM policy for the api and replaces any existing policy already attached.\n* `gcp.apigateway.ApiIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the api are preserved.\n* `gcp.apigateway.ApiIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the api are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiIamPolicy`: Retrieves the IAM policy for the api\n\n\u003e **Note:** `gcp.apigateway.ApiIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiIamBinding` and `gcp.apigateway.ApiIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiIamPolicy(\"policy\", {\n project: api.project,\n api: api.apiId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.ApiIamPolicy(\"policy\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiIamPolicy(\"policy\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiIamPolicy(ctx, \"policy\", \u0026apigateway.ApiIamPolicyArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiIamPolicy(\"policy\", ApiIamPolicyArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiIamPolicy\n properties:\n project: ${api.project}\n api: ${api.apiId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiIamBinding(\"binding\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiIamBinding(\"binding\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiIamBinding(\"binding\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamBinding(ctx, \"binding\", \u0026apigateway.ApiIamBindingArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamBinding;\nimport com.pulumi.gcp.apigateway.ApiIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiIamBinding(\"binding\", ApiIamBindingArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiIamBinding\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiIamMember(\"member\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiIamMember(\"member\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiIamMember(\"member\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamMember(ctx, \"member\", \u0026apigateway.ApiIamMemberArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamMember;\nimport com.pulumi.gcp.apigateway.ApiIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiIamMember(\"member\", ApiIamMemberArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiIamMember\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/apis/{{api}}\n\n* {{project}}/{{api}}\n\n* {{api}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway api IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamBinding:ApiIamBinding editor \"projects/{{project}}/locations/global/apis/{{api}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamBinding:ApiIamBinding editor \"projects/{{project}}/locations/global/apis/{{api}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamBinding:ApiIamBinding editor projects/{{project}}/locations/global/apis/{{api}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "api": { "type": "string" @@ -130776,7 +130776,7 @@ } }, "gcp:apigateway/apiIamMember:ApiIamMember": { - "description": "Three different resources help you manage your IAM policy for API Gateway Api. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiIamPolicy`: Authoritative. Sets the IAM policy for the api and replaces any existing policy already attached.\n* `gcp.apigateway.ApiIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the api are preserved.\n* `gcp.apigateway.ApiIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the api are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiIamPolicy`: Retrieves the IAM policy for the api\n\n\u003e **Note:** `gcp.apigateway.ApiIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiIamBinding` and `gcp.apigateway.ApiIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiIamPolicy(\"policy\", {\n project: api.project,\n api: api.apiId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.ApiIamPolicy(\"policy\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiIamPolicy(\"policy\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiIamPolicy(ctx, \"policy\", \u0026apigateway.ApiIamPolicyArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiIamPolicy(\"policy\", ApiIamPolicyArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiIamPolicy\n properties:\n project: ${api.project}\n api: ${api.apiId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiIamBinding(\"binding\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiIamBinding(\"binding\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiIamBinding(\"binding\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamBinding(ctx, \"binding\", \u0026apigateway.ApiIamBindingArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamBinding;\nimport com.pulumi.gcp.apigateway.ApiIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiIamBinding(\"binding\", ApiIamBindingArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiIamBinding\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiIamMember(\"member\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiIamMember(\"member\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiIamMember(\"member\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamMember(ctx, \"member\", \u0026apigateway.ApiIamMemberArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamMember;\nimport com.pulumi.gcp.apigateway.ApiIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiIamMember(\"member\", ApiIamMemberArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiIamMember\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for API Gateway Api\nThree different resources help you manage your IAM policy for API Gateway Api. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiIamPolicy`: Authoritative. Sets the IAM policy for the api and replaces any existing policy already attached.\n* `gcp.apigateway.ApiIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the api are preserved.\n* `gcp.apigateway.ApiIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the api are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiIamPolicy`: Retrieves the IAM policy for the api\n\n\u003e **Note:** `gcp.apigateway.ApiIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiIamBinding` and `gcp.apigateway.ApiIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiIamPolicy(\"policy\", {\n project: api.project,\n api: api.apiId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.ApiIamPolicy(\"policy\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiIamPolicy(\"policy\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiIamPolicy(ctx, \"policy\", \u0026apigateway.ApiIamPolicyArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiIamPolicy(\"policy\", ApiIamPolicyArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiIamPolicy\n properties:\n project: ${api.project}\n api: ${api.apiId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiIamBinding(\"binding\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiIamBinding(\"binding\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiIamBinding(\"binding\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamBinding(ctx, \"binding\", \u0026apigateway.ApiIamBindingArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamBinding;\nimport com.pulumi.gcp.apigateway.ApiIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiIamBinding(\"binding\", ApiIamBindingArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiIamBinding\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiIamMember(\"member\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiIamMember(\"member\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiIamMember(\"member\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamMember(ctx, \"member\", \u0026apigateway.ApiIamMemberArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamMember;\nimport com.pulumi.gcp.apigateway.ApiIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiIamMember(\"member\", ApiIamMemberArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiIamMember\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/apis/{{api}}\n\n* {{project}}/{{api}}\n\n* {{api}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway api IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamMember:ApiIamMember editor \"projects/{{project}}/locations/global/apis/{{api}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamMember:ApiIamMember editor \"projects/{{project}}/locations/global/apis/{{api}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamMember:ApiIamMember editor projects/{{project}}/locations/global/apis/{{api}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for API Gateway Api. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiIamPolicy`: Authoritative. Sets the IAM policy for the api and replaces any existing policy already attached.\n* `gcp.apigateway.ApiIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the api are preserved.\n* `gcp.apigateway.ApiIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the api are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiIamPolicy`: Retrieves the IAM policy for the api\n\n\u003e **Note:** `gcp.apigateway.ApiIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiIamBinding` and `gcp.apigateway.ApiIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiIamPolicy(\"policy\", {\n project: api.project,\n api: api.apiId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.ApiIamPolicy(\"policy\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiIamPolicy(\"policy\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiIamPolicy(ctx, \"policy\", \u0026apigateway.ApiIamPolicyArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiIamPolicy(\"policy\", ApiIamPolicyArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiIamPolicy\n properties:\n project: ${api.project}\n api: ${api.apiId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiIamBinding(\"binding\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiIamBinding(\"binding\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiIamBinding(\"binding\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamBinding(ctx, \"binding\", \u0026apigateway.ApiIamBindingArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamBinding;\nimport com.pulumi.gcp.apigateway.ApiIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiIamBinding(\"binding\", ApiIamBindingArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiIamBinding\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiIamMember(\"member\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiIamMember(\"member\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiIamMember(\"member\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamMember(ctx, \"member\", \u0026apigateway.ApiIamMemberArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamMember;\nimport com.pulumi.gcp.apigateway.ApiIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiIamMember(\"member\", ApiIamMemberArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiIamMember\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for API Gateway Api\nThree different resources help you manage your IAM policy for API Gateway Api. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiIamPolicy`: Authoritative. Sets the IAM policy for the api and replaces any existing policy already attached.\n* `gcp.apigateway.ApiIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the api are preserved.\n* `gcp.apigateway.ApiIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the api are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiIamPolicy`: Retrieves the IAM policy for the api\n\n\u003e **Note:** `gcp.apigateway.ApiIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiIamBinding` and `gcp.apigateway.ApiIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiIamPolicy(\"policy\", {\n project: api.project,\n api: api.apiId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.ApiIamPolicy(\"policy\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiIamPolicy(\"policy\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiIamPolicy(ctx, \"policy\", \u0026apigateway.ApiIamPolicyArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiIamPolicy(\"policy\", ApiIamPolicyArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiIamPolicy\n properties:\n project: ${api.project}\n api: ${api.apiId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiIamBinding(\"binding\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiIamBinding(\"binding\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiIamBinding(\"binding\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamBinding(ctx, \"binding\", \u0026apigateway.ApiIamBindingArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamBinding;\nimport com.pulumi.gcp.apigateway.ApiIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiIamBinding(\"binding\", ApiIamBindingArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiIamBinding\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiIamMember(\"member\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiIamMember(\"member\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiIamMember(\"member\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamMember(ctx, \"member\", \u0026apigateway.ApiIamMemberArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamMember;\nimport com.pulumi.gcp.apigateway.ApiIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiIamMember(\"member\", ApiIamMemberArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiIamMember\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/apis/{{api}}\n\n* {{project}}/{{api}}\n\n* {{api}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway api IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamMember:ApiIamMember editor \"projects/{{project}}/locations/global/apis/{{api}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamMember:ApiIamMember editor \"projects/{{project}}/locations/global/apis/{{api}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamMember:ApiIamMember editor projects/{{project}}/locations/global/apis/{{api}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "api": { "type": "string" @@ -130873,7 +130873,7 @@ } }, "gcp:apigateway/apiIamPolicy:ApiIamPolicy": { - "description": "Three different resources help you manage your IAM policy for API Gateway Api. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiIamPolicy`: Authoritative. Sets the IAM policy for the api and replaces any existing policy already attached.\n* `gcp.apigateway.ApiIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the api are preserved.\n* `gcp.apigateway.ApiIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the api are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiIamPolicy`: Retrieves the IAM policy for the api\n\n\u003e **Note:** `gcp.apigateway.ApiIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiIamBinding` and `gcp.apigateway.ApiIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiIamPolicy(\"policy\", {\n project: api.project,\n api: api.apiId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.ApiIamPolicy(\"policy\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiIamPolicy(\"policy\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiIamPolicy(ctx, \"policy\", \u0026apigateway.ApiIamPolicyArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiIamPolicy(\"policy\", ApiIamPolicyArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiIamPolicy\n properties:\n project: ${api.project}\n api: ${api.apiId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiIamBinding(\"binding\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiIamBinding(\"binding\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiIamBinding(\"binding\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamBinding(ctx, \"binding\", \u0026apigateway.ApiIamBindingArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamBinding;\nimport com.pulumi.gcp.apigateway.ApiIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiIamBinding(\"binding\", ApiIamBindingArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiIamBinding\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiIamMember(\"member\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiIamMember(\"member\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiIamMember(\"member\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamMember(ctx, \"member\", \u0026apigateway.ApiIamMemberArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamMember;\nimport com.pulumi.gcp.apigateway.ApiIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiIamMember(\"member\", ApiIamMemberArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiIamMember\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for API Gateway Api\nThree different resources help you manage your IAM policy for API Gateway Api. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiIamPolicy`: Authoritative. Sets the IAM policy for the api and replaces any existing policy already attached.\n* `gcp.apigateway.ApiIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the api are preserved.\n* `gcp.apigateway.ApiIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the api are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiIamPolicy`: Retrieves the IAM policy for the api\n\n\u003e **Note:** `gcp.apigateway.ApiIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiIamBinding` and `gcp.apigateway.ApiIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiIamPolicy(\"policy\", {\n project: api.project,\n api: api.apiId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.ApiIamPolicy(\"policy\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiIamPolicy(\"policy\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiIamPolicy(ctx, \"policy\", \u0026apigateway.ApiIamPolicyArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiIamPolicy(\"policy\", ApiIamPolicyArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiIamPolicy\n properties:\n project: ${api.project}\n api: ${api.apiId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiIamBinding(\"binding\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiIamBinding(\"binding\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiIamBinding(\"binding\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamBinding(ctx, \"binding\", \u0026apigateway.ApiIamBindingArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamBinding;\nimport com.pulumi.gcp.apigateway.ApiIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiIamBinding(\"binding\", ApiIamBindingArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiIamBinding\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiIamMember(\"member\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiIamMember(\"member\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiIamMember(\"member\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamMember(ctx, \"member\", \u0026apigateway.ApiIamMemberArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamMember;\nimport com.pulumi.gcp.apigateway.ApiIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiIamMember(\"member\", ApiIamMemberArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiIamMember\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/apis/{{api}}\n\n* {{project}}/{{api}}\n\n* {{api}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway api IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamPolicy:ApiIamPolicy editor \"projects/{{project}}/locations/global/apis/{{api}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamPolicy:ApiIamPolicy editor \"projects/{{project}}/locations/global/apis/{{api}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamPolicy:ApiIamPolicy editor projects/{{project}}/locations/global/apis/{{api}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for API Gateway Api. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiIamPolicy`: Authoritative. Sets the IAM policy for the api and replaces any existing policy already attached.\n* `gcp.apigateway.ApiIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the api are preserved.\n* `gcp.apigateway.ApiIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the api are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiIamPolicy`: Retrieves the IAM policy for the api\n\n\u003e **Note:** `gcp.apigateway.ApiIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiIamBinding` and `gcp.apigateway.ApiIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiIamPolicy(\"policy\", {\n project: api.project,\n api: api.apiId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.ApiIamPolicy(\"policy\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiIamPolicy(\"policy\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiIamPolicy(ctx, \"policy\", \u0026apigateway.ApiIamPolicyArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiIamPolicy(\"policy\", ApiIamPolicyArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiIamPolicy\n properties:\n project: ${api.project}\n api: ${api.apiId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiIamBinding(\"binding\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiIamBinding(\"binding\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiIamBinding(\"binding\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamBinding(ctx, \"binding\", \u0026apigateway.ApiIamBindingArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamBinding;\nimport com.pulumi.gcp.apigateway.ApiIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiIamBinding(\"binding\", ApiIamBindingArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiIamBinding\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiIamMember(\"member\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiIamMember(\"member\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiIamMember(\"member\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamMember(ctx, \"member\", \u0026apigateway.ApiIamMemberArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamMember;\nimport com.pulumi.gcp.apigateway.ApiIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiIamMember(\"member\", ApiIamMemberArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiIamMember\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for API Gateway Api\nThree different resources help you manage your IAM policy for API Gateway Api. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiIamPolicy`: Authoritative. Sets the IAM policy for the api and replaces any existing policy already attached.\n* `gcp.apigateway.ApiIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the api are preserved.\n* `gcp.apigateway.ApiIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the api are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiIamPolicy`: Retrieves the IAM policy for the api\n\n\u003e **Note:** `gcp.apigateway.ApiIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiIamBinding` and `gcp.apigateway.ApiIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiIamPolicy(\"policy\", {\n project: api.project,\n api: api.apiId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.ApiIamPolicy(\"policy\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiIamPolicy(\"policy\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiIamPolicy(ctx, \"policy\", \u0026apigateway.ApiIamPolicyArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiIamPolicy(\"policy\", ApiIamPolicyArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiIamPolicy\n properties:\n project: ${api.project}\n api: ${api.apiId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiIamBinding(\"binding\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiIamBinding(\"binding\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiIamBinding(\"binding\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamBinding(ctx, \"binding\", \u0026apigateway.ApiIamBindingArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamBinding;\nimport com.pulumi.gcp.apigateway.ApiIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiIamBinding(\"binding\", ApiIamBindingArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiIamBinding\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.ApiIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiIamMember(\"member\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiIamMember(\"member\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiIamMember(\"member\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamMember(ctx, \"member\", \u0026apigateway.ApiIamMemberArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamMember;\nimport com.pulumi.gcp.apigateway.ApiIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiIamMember(\"member\", ApiIamMemberArgs.builder()\n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiIamMember\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/apis/{{api}}\n\n* {{project}}/{{api}}\n\n* {{api}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway api IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamPolicy:ApiIamPolicy editor \"projects/{{project}}/locations/global/apis/{{api}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamPolicy:ApiIamPolicy editor \"projects/{{project}}/locations/global/apis/{{api}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamPolicy:ApiIamPolicy editor projects/{{project}}/locations/global/apis/{{api}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "api": { "type": "string" @@ -131104,7 +131104,7 @@ } }, "gcp:apigateway/gatewayIamBinding:GatewayIamBinding": { - "description": "Three different resources help you manage your IAM policy for API Gateway Gateway. Each of these resources serves a different use case:\n\n* `gcp.apigateway.GatewayIamPolicy`: Authoritative. Sets the IAM policy for the gateway and replaces any existing policy already attached.\n* `gcp.apigateway.GatewayIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the gateway are preserved.\n* `gcp.apigateway.GatewayIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the gateway are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.GatewayIamPolicy`: Retrieves the IAM policy for the gateway\n\n\u003e **Note:** `gcp.apigateway.GatewayIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.GatewayIamBinding` and `gcp.apigateway.GatewayIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.GatewayIamBinding` resources **can be** used in conjunction with `gcp.apigateway.GatewayIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.GatewayIamPolicy(\"policy\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.GatewayIamPolicy(\"policy\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.GatewayIamPolicy(\"policy\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewGatewayIamPolicy(ctx, \"policy\", \u0026apigateway.GatewayIamPolicyArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicy;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new GatewayIamPolicy(\"policy\", GatewayIamPolicyArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:GatewayIamPolicy\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.GatewayIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.GatewayIamBinding(\"binding\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.GatewayIamBinding(\"binding\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.GatewayIamBinding(\"binding\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamBinding(ctx, \"binding\", \u0026apigateway.GatewayIamBindingArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamBinding;\nimport com.pulumi.gcp.apigateway.GatewayIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new GatewayIamBinding(\"binding\", GatewayIamBindingArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:GatewayIamBinding\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.GatewayIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.GatewayIamMember(\"member\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.GatewayIamMember(\"member\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.GatewayIamMember(\"member\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamMember(ctx, \"member\", \u0026apigateway.GatewayIamMemberArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamMember;\nimport com.pulumi.gcp.apigateway.GatewayIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new GatewayIamMember(\"member\", GatewayIamMemberArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:GatewayIamMember\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for API Gateway Gateway\nThree different resources help you manage your IAM policy for API Gateway Gateway. Each of these resources serves a different use case:\n\n* `gcp.apigateway.GatewayIamPolicy`: Authoritative. Sets the IAM policy for the gateway and replaces any existing policy already attached.\n* `gcp.apigateway.GatewayIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the gateway are preserved.\n* `gcp.apigateway.GatewayIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the gateway are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.GatewayIamPolicy`: Retrieves the IAM policy for the gateway\n\n\u003e **Note:** `gcp.apigateway.GatewayIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.GatewayIamBinding` and `gcp.apigateway.GatewayIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.GatewayIamBinding` resources **can be** used in conjunction with `gcp.apigateway.GatewayIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.GatewayIamPolicy(\"policy\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.GatewayIamPolicy(\"policy\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.GatewayIamPolicy(\"policy\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewGatewayIamPolicy(ctx, \"policy\", \u0026apigateway.GatewayIamPolicyArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicy;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new GatewayIamPolicy(\"policy\", GatewayIamPolicyArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:GatewayIamPolicy\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.GatewayIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.GatewayIamBinding(\"binding\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.GatewayIamBinding(\"binding\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.GatewayIamBinding(\"binding\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamBinding(ctx, \"binding\", \u0026apigateway.GatewayIamBindingArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamBinding;\nimport com.pulumi.gcp.apigateway.GatewayIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new GatewayIamBinding(\"binding\", GatewayIamBindingArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:GatewayIamBinding\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.GatewayIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.GatewayIamMember(\"member\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.GatewayIamMember(\"member\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.GatewayIamMember(\"member\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamMember(ctx, \"member\", \u0026apigateway.GatewayIamMemberArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamMember;\nimport com.pulumi.gcp.apigateway.GatewayIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new GatewayIamMember(\"member\", GatewayIamMemberArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:GatewayIamMember\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/gateways/{{gateway}}\n\n* {{project}}/{{region}}/{{gateway}}\n\n* {{region}}/{{gateway}}\n\n* {{gateway}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway gateway IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamBinding:GatewayIamBinding editor \"projects/{{project}}/locations/{{region}}/gateways/{{gateway}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamBinding:GatewayIamBinding editor \"projects/{{project}}/locations/{{region}}/gateways/{{gateway}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamBinding:GatewayIamBinding editor projects/{{project}}/locations/{{region}}/gateways/{{gateway}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for API Gateway Gateway. Each of these resources serves a different use case:\n\n* `gcp.apigateway.GatewayIamPolicy`: Authoritative. Sets the IAM policy for the gateway and replaces any existing policy already attached.\n* `gcp.apigateway.GatewayIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the gateway are preserved.\n* `gcp.apigateway.GatewayIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the gateway are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.GatewayIamPolicy`: Retrieves the IAM policy for the gateway\n\n\u003e **Note:** `gcp.apigateway.GatewayIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.GatewayIamBinding` and `gcp.apigateway.GatewayIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.GatewayIamBinding` resources **can be** used in conjunction with `gcp.apigateway.GatewayIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.GatewayIamPolicy(\"policy\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.GatewayIamPolicy(\"policy\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.GatewayIamPolicy(\"policy\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewGatewayIamPolicy(ctx, \"policy\", \u0026apigateway.GatewayIamPolicyArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicy;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new GatewayIamPolicy(\"policy\", GatewayIamPolicyArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:GatewayIamPolicy\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.GatewayIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.GatewayIamBinding(\"binding\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.GatewayIamBinding(\"binding\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.GatewayIamBinding(\"binding\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamBinding(ctx, \"binding\", \u0026apigateway.GatewayIamBindingArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamBinding;\nimport com.pulumi.gcp.apigateway.GatewayIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new GatewayIamBinding(\"binding\", GatewayIamBindingArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:GatewayIamBinding\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.GatewayIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.GatewayIamMember(\"member\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.GatewayIamMember(\"member\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.GatewayIamMember(\"member\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamMember(ctx, \"member\", \u0026apigateway.GatewayIamMemberArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamMember;\nimport com.pulumi.gcp.apigateway.GatewayIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new GatewayIamMember(\"member\", GatewayIamMemberArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:GatewayIamMember\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for API Gateway Gateway\nThree different resources help you manage your IAM policy for API Gateway Gateway. Each of these resources serves a different use case:\n\n* `gcp.apigateway.GatewayIamPolicy`: Authoritative. Sets the IAM policy for the gateway and replaces any existing policy already attached.\n* `gcp.apigateway.GatewayIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the gateway are preserved.\n* `gcp.apigateway.GatewayIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the gateway are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.GatewayIamPolicy`: Retrieves the IAM policy for the gateway\n\n\u003e **Note:** `gcp.apigateway.GatewayIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.GatewayIamBinding` and `gcp.apigateway.GatewayIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.GatewayIamBinding` resources **can be** used in conjunction with `gcp.apigateway.GatewayIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.GatewayIamPolicy(\"policy\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.GatewayIamPolicy(\"policy\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.GatewayIamPolicy(\"policy\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewGatewayIamPolicy(ctx, \"policy\", \u0026apigateway.GatewayIamPolicyArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicy;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new GatewayIamPolicy(\"policy\", GatewayIamPolicyArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:GatewayIamPolicy\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.GatewayIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.GatewayIamBinding(\"binding\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.GatewayIamBinding(\"binding\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.GatewayIamBinding(\"binding\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamBinding(ctx, \"binding\", \u0026apigateway.GatewayIamBindingArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamBinding;\nimport com.pulumi.gcp.apigateway.GatewayIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new GatewayIamBinding(\"binding\", GatewayIamBindingArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:GatewayIamBinding\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.GatewayIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.GatewayIamMember(\"member\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.GatewayIamMember(\"member\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.GatewayIamMember(\"member\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamMember(ctx, \"member\", \u0026apigateway.GatewayIamMemberArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamMember;\nimport com.pulumi.gcp.apigateway.GatewayIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new GatewayIamMember(\"member\", GatewayIamMemberArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:GatewayIamMember\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/gateways/{{gateway}}\n\n* {{project}}/{{region}}/{{gateway}}\n\n* {{region}}/{{gateway}}\n\n* {{gateway}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway gateway IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamBinding:GatewayIamBinding editor \"projects/{{project}}/locations/{{region}}/gateways/{{gateway}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamBinding:GatewayIamBinding editor \"projects/{{project}}/locations/{{region}}/gateways/{{gateway}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamBinding:GatewayIamBinding editor projects/{{project}}/locations/{{region}}/gateways/{{gateway}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:apigateway/GatewayIamBindingCondition:GatewayIamBindingCondition" @@ -131223,7 +131223,7 @@ } }, "gcp:apigateway/gatewayIamMember:GatewayIamMember": { - "description": "Three different resources help you manage your IAM policy for API Gateway Gateway. Each of these resources serves a different use case:\n\n* `gcp.apigateway.GatewayIamPolicy`: Authoritative. Sets the IAM policy for the gateway and replaces any existing policy already attached.\n* `gcp.apigateway.GatewayIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the gateway are preserved.\n* `gcp.apigateway.GatewayIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the gateway are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.GatewayIamPolicy`: Retrieves the IAM policy for the gateway\n\n\u003e **Note:** `gcp.apigateway.GatewayIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.GatewayIamBinding` and `gcp.apigateway.GatewayIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.GatewayIamBinding` resources **can be** used in conjunction with `gcp.apigateway.GatewayIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.GatewayIamPolicy(\"policy\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.GatewayIamPolicy(\"policy\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.GatewayIamPolicy(\"policy\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewGatewayIamPolicy(ctx, \"policy\", \u0026apigateway.GatewayIamPolicyArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicy;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new GatewayIamPolicy(\"policy\", GatewayIamPolicyArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:GatewayIamPolicy\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.GatewayIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.GatewayIamBinding(\"binding\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.GatewayIamBinding(\"binding\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.GatewayIamBinding(\"binding\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamBinding(ctx, \"binding\", \u0026apigateway.GatewayIamBindingArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamBinding;\nimport com.pulumi.gcp.apigateway.GatewayIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new GatewayIamBinding(\"binding\", GatewayIamBindingArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:GatewayIamBinding\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.GatewayIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.GatewayIamMember(\"member\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.GatewayIamMember(\"member\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.GatewayIamMember(\"member\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamMember(ctx, \"member\", \u0026apigateway.GatewayIamMemberArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamMember;\nimport com.pulumi.gcp.apigateway.GatewayIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new GatewayIamMember(\"member\", GatewayIamMemberArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:GatewayIamMember\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for API Gateway Gateway\nThree different resources help you manage your IAM policy for API Gateway Gateway. Each of these resources serves a different use case:\n\n* `gcp.apigateway.GatewayIamPolicy`: Authoritative. Sets the IAM policy for the gateway and replaces any existing policy already attached.\n* `gcp.apigateway.GatewayIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the gateway are preserved.\n* `gcp.apigateway.GatewayIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the gateway are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.GatewayIamPolicy`: Retrieves the IAM policy for the gateway\n\n\u003e **Note:** `gcp.apigateway.GatewayIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.GatewayIamBinding` and `gcp.apigateway.GatewayIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.GatewayIamBinding` resources **can be** used in conjunction with `gcp.apigateway.GatewayIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.GatewayIamPolicy(\"policy\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.GatewayIamPolicy(\"policy\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.GatewayIamPolicy(\"policy\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewGatewayIamPolicy(ctx, \"policy\", \u0026apigateway.GatewayIamPolicyArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicy;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new GatewayIamPolicy(\"policy\", GatewayIamPolicyArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:GatewayIamPolicy\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.GatewayIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.GatewayIamBinding(\"binding\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.GatewayIamBinding(\"binding\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.GatewayIamBinding(\"binding\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamBinding(ctx, \"binding\", \u0026apigateway.GatewayIamBindingArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamBinding;\nimport com.pulumi.gcp.apigateway.GatewayIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new GatewayIamBinding(\"binding\", GatewayIamBindingArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:GatewayIamBinding\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.GatewayIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.GatewayIamMember(\"member\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.GatewayIamMember(\"member\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.GatewayIamMember(\"member\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamMember(ctx, \"member\", \u0026apigateway.GatewayIamMemberArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamMember;\nimport com.pulumi.gcp.apigateway.GatewayIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new GatewayIamMember(\"member\", GatewayIamMemberArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:GatewayIamMember\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/gateways/{{gateway}}\n\n* {{project}}/{{region}}/{{gateway}}\n\n* {{region}}/{{gateway}}\n\n* {{gateway}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway gateway IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamMember:GatewayIamMember editor \"projects/{{project}}/locations/{{region}}/gateways/{{gateway}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamMember:GatewayIamMember editor \"projects/{{project}}/locations/{{region}}/gateways/{{gateway}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamMember:GatewayIamMember editor projects/{{project}}/locations/{{region}}/gateways/{{gateway}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for API Gateway Gateway. Each of these resources serves a different use case:\n\n* `gcp.apigateway.GatewayIamPolicy`: Authoritative. Sets the IAM policy for the gateway and replaces any existing policy already attached.\n* `gcp.apigateway.GatewayIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the gateway are preserved.\n* `gcp.apigateway.GatewayIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the gateway are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.GatewayIamPolicy`: Retrieves the IAM policy for the gateway\n\n\u003e **Note:** `gcp.apigateway.GatewayIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.GatewayIamBinding` and `gcp.apigateway.GatewayIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.GatewayIamBinding` resources **can be** used in conjunction with `gcp.apigateway.GatewayIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.GatewayIamPolicy(\"policy\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.GatewayIamPolicy(\"policy\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.GatewayIamPolicy(\"policy\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewGatewayIamPolicy(ctx, \"policy\", \u0026apigateway.GatewayIamPolicyArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicy;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new GatewayIamPolicy(\"policy\", GatewayIamPolicyArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:GatewayIamPolicy\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.GatewayIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.GatewayIamBinding(\"binding\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.GatewayIamBinding(\"binding\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.GatewayIamBinding(\"binding\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamBinding(ctx, \"binding\", \u0026apigateway.GatewayIamBindingArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamBinding;\nimport com.pulumi.gcp.apigateway.GatewayIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new GatewayIamBinding(\"binding\", GatewayIamBindingArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:GatewayIamBinding\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.GatewayIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.GatewayIamMember(\"member\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.GatewayIamMember(\"member\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.GatewayIamMember(\"member\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamMember(ctx, \"member\", \u0026apigateway.GatewayIamMemberArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamMember;\nimport com.pulumi.gcp.apigateway.GatewayIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new GatewayIamMember(\"member\", GatewayIamMemberArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:GatewayIamMember\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for API Gateway Gateway\nThree different resources help you manage your IAM policy for API Gateway Gateway. Each of these resources serves a different use case:\n\n* `gcp.apigateway.GatewayIamPolicy`: Authoritative. Sets the IAM policy for the gateway and replaces any existing policy already attached.\n* `gcp.apigateway.GatewayIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the gateway are preserved.\n* `gcp.apigateway.GatewayIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the gateway are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.GatewayIamPolicy`: Retrieves the IAM policy for the gateway\n\n\u003e **Note:** `gcp.apigateway.GatewayIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.GatewayIamBinding` and `gcp.apigateway.GatewayIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.GatewayIamBinding` resources **can be** used in conjunction with `gcp.apigateway.GatewayIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.GatewayIamPolicy(\"policy\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.GatewayIamPolicy(\"policy\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.GatewayIamPolicy(\"policy\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewGatewayIamPolicy(ctx, \"policy\", \u0026apigateway.GatewayIamPolicyArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicy;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new GatewayIamPolicy(\"policy\", GatewayIamPolicyArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:GatewayIamPolicy\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.GatewayIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.GatewayIamBinding(\"binding\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.GatewayIamBinding(\"binding\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.GatewayIamBinding(\"binding\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamBinding(ctx, \"binding\", \u0026apigateway.GatewayIamBindingArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamBinding;\nimport com.pulumi.gcp.apigateway.GatewayIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new GatewayIamBinding(\"binding\", GatewayIamBindingArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:GatewayIamBinding\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.GatewayIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.GatewayIamMember(\"member\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.GatewayIamMember(\"member\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.GatewayIamMember(\"member\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamMember(ctx, \"member\", \u0026apigateway.GatewayIamMemberArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamMember;\nimport com.pulumi.gcp.apigateway.GatewayIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new GatewayIamMember(\"member\", GatewayIamMemberArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:GatewayIamMember\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/gateways/{{gateway}}\n\n* {{project}}/{{region}}/{{gateway}}\n\n* {{region}}/{{gateway}}\n\n* {{gateway}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway gateway IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamMember:GatewayIamMember editor \"projects/{{project}}/locations/{{region}}/gateways/{{gateway}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamMember:GatewayIamMember editor \"projects/{{project}}/locations/{{region}}/gateways/{{gateway}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamMember:GatewayIamMember editor projects/{{project}}/locations/{{region}}/gateways/{{gateway}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:apigateway/GatewayIamMemberCondition:GatewayIamMemberCondition" @@ -131335,7 +131335,7 @@ } }, "gcp:apigateway/gatewayIamPolicy:GatewayIamPolicy": { - "description": "Three different resources help you manage your IAM policy for API Gateway Gateway. Each of these resources serves a different use case:\n\n* `gcp.apigateway.GatewayIamPolicy`: Authoritative. Sets the IAM policy for the gateway and replaces any existing policy already attached.\n* `gcp.apigateway.GatewayIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the gateway are preserved.\n* `gcp.apigateway.GatewayIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the gateway are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.GatewayIamPolicy`: Retrieves the IAM policy for the gateway\n\n\u003e **Note:** `gcp.apigateway.GatewayIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.GatewayIamBinding` and `gcp.apigateway.GatewayIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.GatewayIamBinding` resources **can be** used in conjunction with `gcp.apigateway.GatewayIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.GatewayIamPolicy(\"policy\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.GatewayIamPolicy(\"policy\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.GatewayIamPolicy(\"policy\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewGatewayIamPolicy(ctx, \"policy\", \u0026apigateway.GatewayIamPolicyArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicy;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new GatewayIamPolicy(\"policy\", GatewayIamPolicyArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:GatewayIamPolicy\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.GatewayIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.GatewayIamBinding(\"binding\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.GatewayIamBinding(\"binding\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.GatewayIamBinding(\"binding\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamBinding(ctx, \"binding\", \u0026apigateway.GatewayIamBindingArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamBinding;\nimport com.pulumi.gcp.apigateway.GatewayIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new GatewayIamBinding(\"binding\", GatewayIamBindingArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:GatewayIamBinding\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.GatewayIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.GatewayIamMember(\"member\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.GatewayIamMember(\"member\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.GatewayIamMember(\"member\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamMember(ctx, \"member\", \u0026apigateway.GatewayIamMemberArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamMember;\nimport com.pulumi.gcp.apigateway.GatewayIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new GatewayIamMember(\"member\", GatewayIamMemberArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:GatewayIamMember\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for API Gateway Gateway\nThree different resources help you manage your IAM policy for API Gateway Gateway. Each of these resources serves a different use case:\n\n* `gcp.apigateway.GatewayIamPolicy`: Authoritative. Sets the IAM policy for the gateway and replaces any existing policy already attached.\n* `gcp.apigateway.GatewayIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the gateway are preserved.\n* `gcp.apigateway.GatewayIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the gateway are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.GatewayIamPolicy`: Retrieves the IAM policy for the gateway\n\n\u003e **Note:** `gcp.apigateway.GatewayIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.GatewayIamBinding` and `gcp.apigateway.GatewayIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.GatewayIamBinding` resources **can be** used in conjunction with `gcp.apigateway.GatewayIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.GatewayIamPolicy(\"policy\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.GatewayIamPolicy(\"policy\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.GatewayIamPolicy(\"policy\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewGatewayIamPolicy(ctx, \"policy\", \u0026apigateway.GatewayIamPolicyArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicy;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new GatewayIamPolicy(\"policy\", GatewayIamPolicyArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:GatewayIamPolicy\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.GatewayIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.GatewayIamBinding(\"binding\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.GatewayIamBinding(\"binding\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.GatewayIamBinding(\"binding\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamBinding(ctx, \"binding\", \u0026apigateway.GatewayIamBindingArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamBinding;\nimport com.pulumi.gcp.apigateway.GatewayIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new GatewayIamBinding(\"binding\", GatewayIamBindingArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:GatewayIamBinding\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.GatewayIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.GatewayIamMember(\"member\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.GatewayIamMember(\"member\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.GatewayIamMember(\"member\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamMember(ctx, \"member\", \u0026apigateway.GatewayIamMemberArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamMember;\nimport com.pulumi.gcp.apigateway.GatewayIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new GatewayIamMember(\"member\", GatewayIamMemberArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:GatewayIamMember\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/gateways/{{gateway}}\n\n* {{project}}/{{region}}/{{gateway}}\n\n* {{region}}/{{gateway}}\n\n* {{gateway}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway gateway IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamPolicy:GatewayIamPolicy editor \"projects/{{project}}/locations/{{region}}/gateways/{{gateway}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamPolicy:GatewayIamPolicy editor \"projects/{{project}}/locations/{{region}}/gateways/{{gateway}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamPolicy:GatewayIamPolicy editor projects/{{project}}/locations/{{region}}/gateways/{{gateway}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for API Gateway Gateway. Each of these resources serves a different use case:\n\n* `gcp.apigateway.GatewayIamPolicy`: Authoritative. Sets the IAM policy for the gateway and replaces any existing policy already attached.\n* `gcp.apigateway.GatewayIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the gateway are preserved.\n* `gcp.apigateway.GatewayIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the gateway are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.GatewayIamPolicy`: Retrieves the IAM policy for the gateway\n\n\u003e **Note:** `gcp.apigateway.GatewayIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.GatewayIamBinding` and `gcp.apigateway.GatewayIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.GatewayIamBinding` resources **can be** used in conjunction with `gcp.apigateway.GatewayIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.GatewayIamPolicy(\"policy\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.GatewayIamPolicy(\"policy\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.GatewayIamPolicy(\"policy\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewGatewayIamPolicy(ctx, \"policy\", \u0026apigateway.GatewayIamPolicyArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicy;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new GatewayIamPolicy(\"policy\", GatewayIamPolicyArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:GatewayIamPolicy\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.GatewayIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.GatewayIamBinding(\"binding\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.GatewayIamBinding(\"binding\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.GatewayIamBinding(\"binding\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamBinding(ctx, \"binding\", \u0026apigateway.GatewayIamBindingArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamBinding;\nimport com.pulumi.gcp.apigateway.GatewayIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new GatewayIamBinding(\"binding\", GatewayIamBindingArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:GatewayIamBinding\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.GatewayIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.GatewayIamMember(\"member\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.GatewayIamMember(\"member\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.GatewayIamMember(\"member\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamMember(ctx, \"member\", \u0026apigateway.GatewayIamMemberArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamMember;\nimport com.pulumi.gcp.apigateway.GatewayIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new GatewayIamMember(\"member\", GatewayIamMemberArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:GatewayIamMember\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for API Gateway Gateway\nThree different resources help you manage your IAM policy for API Gateway Gateway. Each of these resources serves a different use case:\n\n* `gcp.apigateway.GatewayIamPolicy`: Authoritative. Sets the IAM policy for the gateway and replaces any existing policy already attached.\n* `gcp.apigateway.GatewayIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the gateway are preserved.\n* `gcp.apigateway.GatewayIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the gateway are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.GatewayIamPolicy`: Retrieves the IAM policy for the gateway\n\n\u003e **Note:** `gcp.apigateway.GatewayIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.GatewayIamBinding` and `gcp.apigateway.GatewayIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.GatewayIamBinding` resources **can be** used in conjunction with `gcp.apigateway.GatewayIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.GatewayIamPolicy(\"policy\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/apigateway.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigateway.GatewayIamPolicy(\"policy\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.GatewayIamPolicy(\"policy\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewGatewayIamPolicy(ctx, \"policy\", \u0026apigateway.GatewayIamPolicyArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicy;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new GatewayIamPolicy(\"policy\", GatewayIamPolicyArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:GatewayIamPolicy\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.GatewayIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.GatewayIamBinding(\"binding\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.GatewayIamBinding(\"binding\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.GatewayIamBinding(\"binding\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamBinding(ctx, \"binding\", \u0026apigateway.GatewayIamBindingArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamBinding;\nimport com.pulumi.gcp.apigateway.GatewayIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new GatewayIamBinding(\"binding\", GatewayIamBindingArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:GatewayIamBinding\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigateway.GatewayIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.GatewayIamMember(\"member\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.GatewayIamMember(\"member\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.GatewayIamMember(\"member\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamMember(ctx, \"member\", \u0026apigateway.GatewayIamMemberArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamMember;\nimport com.pulumi.gcp.apigateway.GatewayIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new GatewayIamMember(\"member\", GatewayIamMemberArgs.builder()\n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:GatewayIamMember\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/gateways/{{gateway}}\n\n* {{project}}/{{region}}/{{gateway}}\n\n* {{region}}/{{gateway}}\n\n* {{gateway}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway gateway IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamPolicy:GatewayIamPolicy editor \"projects/{{project}}/locations/{{region}}/gateways/{{gateway}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamPolicy:GatewayIamPolicy editor \"projects/{{project}}/locations/{{region}}/gateways/{{gateway}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamPolicy:GatewayIamPolicy editor projects/{{project}}/locations/{{region}}/gateways/{{gateway}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -131418,7 +131418,7 @@ } }, "gcp:apigee/addonsConfig:AddonsConfig": { - "description": "Configures the add-ons for the Apigee organization. The existing add-on configuration will be fully replaced.\n\n\nTo get more information about AddonsConfig, see:\n\n* [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations#setaddons)\n* How-to Guides\n * [Creating an API organization](https://cloud.google.com/apigee/docs/api-platform/get-started/create-org)\n\n## Example Usage\n\n### Apigee Addons Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst testOrganization = new gcp.apigee.AddonsConfig(\"test_organization\", {\n org: \"test_organization\",\n addonsConfig: {\n apiSecurityConfig: {\n enabled: true,\n },\n monetizationConfig: {\n enabled: true,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest_organization = gcp.apigee.AddonsConfig(\"test_organization\",\n org=\"test_organization\",\n addons_config={\n \"api_security_config\": {\n \"enabled\": True,\n },\n \"monetization_config\": {\n \"enabled\": True,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testOrganization = new Gcp.Apigee.AddonsConfig(\"test_organization\", new()\n {\n Org = \"test_organization\",\n AddonsConfigDetails = new Gcp.Apigee.Inputs.AddonsConfigAddonsConfigArgs\n {\n ApiSecurityConfig = new Gcp.Apigee.Inputs.AddonsConfigAddonsConfigApiSecurityConfigArgs\n {\n Enabled = true,\n },\n MonetizationConfig = new Gcp.Apigee.Inputs.AddonsConfigAddonsConfigMonetizationConfigArgs\n {\n Enabled = true,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewAddonsConfig(ctx, \"test_organization\", \u0026apigee.AddonsConfigArgs{\n\t\t\tOrg: pulumi.String(\"test_organization\"),\n\t\t\tAddonsConfig: \u0026apigee.AddonsConfigAddonsConfigArgs{\n\t\t\t\tApiSecurityConfig: \u0026apigee.AddonsConfigAddonsConfigApiSecurityConfigArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tMonetizationConfig: \u0026apigee.AddonsConfigAddonsConfigMonetizationConfigArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.AddonsConfig;\nimport com.pulumi.gcp.apigee.AddonsConfigArgs;\nimport com.pulumi.gcp.apigee.inputs.AddonsConfigAddonsConfigArgs;\nimport com.pulumi.gcp.apigee.inputs.AddonsConfigAddonsConfigApiSecurityConfigArgs;\nimport com.pulumi.gcp.apigee.inputs.AddonsConfigAddonsConfigMonetizationConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testOrganization = new AddonsConfig(\"testOrganization\", AddonsConfigArgs.builder()\n .org(\"test_organization\")\n .addonsConfig(AddonsConfigAddonsConfigArgs.builder()\n .apiSecurityConfig(AddonsConfigAddonsConfigApiSecurityConfigArgs.builder()\n .enabled(true)\n .build())\n .monetizationConfig(AddonsConfigAddonsConfigMonetizationConfigArgs.builder()\n .enabled(true)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testOrganization:\n type: gcp:apigee:AddonsConfig\n name: test_organization\n properties:\n org: test_organization\n addonsConfig:\n apiSecurityConfig:\n enabled: true\n monetizationConfig:\n enabled: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Apigee Addons Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigee = new gcp.projects.Service(\"apigee\", {\n project: current.then(current =\u003e current.project),\n service: \"apigee.googleapis.com\",\n});\nconst compute = new gcp.projects.Service(\"compute\", {\n project: current.then(current =\u003e current.project),\n service: \"compute.googleapis.com\",\n});\nconst servicenetworking = new gcp.projects.Service(\"servicenetworking\", {\n project: current.then(current =\u003e current.project),\n service: \"servicenetworking.googleapis.com\",\n});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {\n name: \"apigee-network\",\n project: current.then(current =\u003e current.project),\n}, {\n dependsOn: [compute],\n});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: apigeeNetwork.id,\n project: current.then(current =\u003e current.project),\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst org = new gcp.apigee.Organization(\"org\", {\n analyticsRegion: \"us-central1\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n billingType: \"EVALUATION\",\n}, {\n dependsOn: [\n apigeeVpcConnection,\n apigee,\n ],\n});\nconst testOrganization = new gcp.apigee.AddonsConfig(\"test_organization\", {\n org: org.name,\n addonsConfig: {\n integrationConfig: {\n enabled: true,\n },\n apiSecurityConfig: {\n enabled: true,\n },\n connectorsPlatformConfig: {\n enabled: true,\n },\n monetizationConfig: {\n enabled: true,\n },\n advancedApiOpsConfig: {\n enabled: true,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee = gcp.projects.Service(\"apigee\",\n project=current.project,\n service=\"apigee.googleapis.com\")\ncompute = gcp.projects.Service(\"compute\",\n project=current.project,\n service=\"compute.googleapis.com\")\nservicenetworking = gcp.projects.Service(\"servicenetworking\",\n project=current.project,\n service=\"servicenetworking.googleapis.com\")\napigee_network = gcp.compute.Network(\"apigee_network\",\n name=\"apigee-network\",\n project=current.project,\n opts = pulumi.ResourceOptions(depends_on=[compute]))\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=apigee_network.id,\n project=current.project)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\norg = gcp.apigee.Organization(\"org\",\n analytics_region=\"us-central1\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n billing_type=\"EVALUATION\",\n opts = pulumi.ResourceOptions(depends_on=[\n apigee_vpc_connection,\n apigee,\n ]))\ntest_organization = gcp.apigee.AddonsConfig(\"test_organization\",\n org=org.name,\n addons_config={\n \"integration_config\": {\n \"enabled\": True,\n },\n \"api_security_config\": {\n \"enabled\": True,\n },\n \"connectors_platform_config\": {\n \"enabled\": True,\n },\n \"monetization_config\": {\n \"enabled\": True,\n },\n \"advanced_api_ops_config\": {\n \"enabled\": True,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigee = new Gcp.Projects.Service(\"apigee\", new()\n {\n Project = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n ServiceName = \"apigee.googleapis.com\",\n });\n\n var compute = new Gcp.Projects.Service(\"compute\", new()\n {\n Project = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n ServiceName = \"compute.googleapis.com\",\n });\n\n var servicenetworking = new Gcp.Projects.Service(\"servicenetworking\", new()\n {\n Project = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n ServiceName = \"servicenetworking.googleapis.com\",\n });\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n Project = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n compute,\n },\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = apigeeNetwork.Id,\n Project = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var org = new Gcp.Apigee.Organization(\"org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n BillingType = \"EVALUATION\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n apigee,\n },\n });\n\n var testOrganization = new Gcp.Apigee.AddonsConfig(\"test_organization\", new()\n {\n Org = org.Name,\n AddonsConfigDetails = new Gcp.Apigee.Inputs.AddonsConfigAddonsConfigArgs\n {\n IntegrationConfig = new Gcp.Apigee.Inputs.AddonsConfigAddonsConfigIntegrationConfigArgs\n {\n Enabled = true,\n },\n ApiSecurityConfig = new Gcp.Apigee.Inputs.AddonsConfigAddonsConfigApiSecurityConfigArgs\n {\n Enabled = true,\n },\n ConnectorsPlatformConfig = new Gcp.Apigee.Inputs.AddonsConfigAddonsConfigConnectorsPlatformConfigArgs\n {\n Enabled = true,\n },\n MonetizationConfig = new Gcp.Apigee.Inputs.AddonsConfigAddonsConfigMonetizationConfigArgs\n {\n Enabled = true,\n },\n AdvancedApiOpsConfig = new Gcp.Apigee.Inputs.AddonsConfigAddonsConfigAdvancedApiOpsConfigArgs\n {\n Enabled = true,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigee, err := projects.NewService(ctx, \"apigee\", \u0026projects.ServiceArgs{\n\t\t\tProject: pulumi.String(current.Project),\n\t\t\tService: pulumi.String(\"apigee.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcompute, err := projects.NewService(ctx, \"compute\", \u0026projects.ServiceArgs{\n\t\t\tProject: pulumi.String(current.Project),\n\t\t\tService: pulumi.String(\"compute.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewService(ctx, \"servicenetworking\", \u0026projects.ServiceArgs{\n\t\t\tProject: pulumi.String(current.Project),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t\tProject: pulumi.String(current.Project),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcompute,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tProject: pulumi.String(current.Project),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\torg, err := apigee.NewOrganization(ctx, \"org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t\tBillingType: pulumi.String(\"EVALUATION\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t\tapigee,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewAddonsConfig(ctx, \"test_organization\", \u0026apigee.AddonsConfigArgs{\n\t\t\tOrg: org.Name,\n\t\t\tAddonsConfig: \u0026apigee.AddonsConfigAddonsConfigArgs{\n\t\t\t\tIntegrationConfig: \u0026apigee.AddonsConfigAddonsConfigIntegrationConfigArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tApiSecurityConfig: \u0026apigee.AddonsConfigAddonsConfigApiSecurityConfigArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tConnectorsPlatformConfig: \u0026apigee.AddonsConfigAddonsConfigConnectorsPlatformConfigArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tMonetizationConfig: \u0026apigee.AddonsConfigAddonsConfigMonetizationConfigArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tAdvancedApiOpsConfig: \u0026apigee.AddonsConfigAddonsConfigAdvancedApiOpsConfigArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.AddonsConfig;\nimport com.pulumi.gcp.apigee.AddonsConfigArgs;\nimport com.pulumi.gcp.apigee.inputs.AddonsConfigAddonsConfigArgs;\nimport com.pulumi.gcp.apigee.inputs.AddonsConfigAddonsConfigIntegrationConfigArgs;\nimport com.pulumi.gcp.apigee.inputs.AddonsConfigAddonsConfigApiSecurityConfigArgs;\nimport com.pulumi.gcp.apigee.inputs.AddonsConfigAddonsConfigConnectorsPlatformConfigArgs;\nimport com.pulumi.gcp.apigee.inputs.AddonsConfigAddonsConfigMonetizationConfigArgs;\nimport com.pulumi.gcp.apigee.inputs.AddonsConfigAddonsConfigAdvancedApiOpsConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigee = new Service(\"apigee\", ServiceArgs.builder()\n .project(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .service(\"apigee.googleapis.com\")\n .build());\n\n var compute = new Service(\"compute\", ServiceArgs.builder()\n .project(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .service(\"compute.googleapis.com\")\n .build());\n\n var servicenetworking = new Service(\"servicenetworking\", ServiceArgs.builder()\n .project(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .service(\"servicenetworking.googleapis.com\")\n .build());\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .project(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .build(), CustomResourceOptions.builder()\n .dependsOn(compute)\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(apigeeNetwork.id())\n .project(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var org = new Organization(\"org\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .billingType(\"EVALUATION\")\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n apigeeVpcConnection,\n apigee)\n .build());\n\n var testOrganization = new AddonsConfig(\"testOrganization\", AddonsConfigArgs.builder()\n .org(org.name())\n .addonsConfig(AddonsConfigAddonsConfigArgs.builder()\n .integrationConfig(AddonsConfigAddonsConfigIntegrationConfigArgs.builder()\n .enabled(true)\n .build())\n .apiSecurityConfig(AddonsConfigAddonsConfigApiSecurityConfigArgs.builder()\n .enabled(true)\n .build())\n .connectorsPlatformConfig(AddonsConfigAddonsConfigConnectorsPlatformConfigArgs.builder()\n .enabled(true)\n .build())\n .monetizationConfig(AddonsConfigAddonsConfigMonetizationConfigArgs.builder()\n .enabled(true)\n .build())\n .advancedApiOpsConfig(AddonsConfigAddonsConfigAdvancedApiOpsConfigArgs.builder()\n .enabled(true)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigee:\n type: gcp:projects:Service\n properties:\n project: ${current.project}\n service: apigee.googleapis.com\n compute:\n type: gcp:projects:Service\n properties:\n project: ${current.project}\n service: compute.googleapis.com\n servicenetworking:\n type: gcp:projects:Service\n properties:\n project: ${current.project}\n service: servicenetworking.googleapis.com\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n project: ${current.project}\n options:\n dependson:\n - ${compute}\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${apigeeNetwork.id}\n project: ${current.project}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n org:\n type: gcp:apigee:Organization\n properties:\n analyticsRegion: us-central1\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n billingType: EVALUATION\n options:\n dependson:\n - ${apigeeVpcConnection}\n - ${apigee}\n testOrganization:\n type: gcp:apigee:AddonsConfig\n name: test_organization\n properties:\n org: ${org.name}\n addonsConfig:\n integrationConfig:\n enabled: true\n apiSecurityConfig:\n enabled: true\n connectorsPlatformConfig:\n enabled: true\n monetizationConfig:\n enabled: true\n advancedApiOpsConfig:\n enabled: true\nvariables:\n current:\n fn::invoke:\n Function: gcp:organizations:getClientConfig\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAddonsConfig can be imported using any of these accepted formats:\n\n* `organizations/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, AddonsConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:apigee/addonsConfig:AddonsConfig default organizations/{{name}}\n```\n\n```sh\n$ pulumi import gcp:apigee/addonsConfig:AddonsConfig default {{name}}\n```\n\n", + "description": "Configures the add-ons for the Apigee organization. The existing add-on configuration will be fully replaced.\n\n\nTo get more information about AddonsConfig, see:\n\n* [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations#setaddons)\n* How-to Guides\n * [Creating an API organization](https://cloud.google.com/apigee/docs/api-platform/get-started/create-org)\n\n## Example Usage\n\n### Apigee Addons Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst testOrganization = new gcp.apigee.AddonsConfig(\"test_organization\", {\n org: \"test_organization\",\n addonsConfig: {\n apiSecurityConfig: {\n enabled: true,\n },\n monetizationConfig: {\n enabled: true,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest_organization = gcp.apigee.AddonsConfig(\"test_organization\",\n org=\"test_organization\",\n addons_config={\n \"api_security_config\": {\n \"enabled\": True,\n },\n \"monetization_config\": {\n \"enabled\": True,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testOrganization = new Gcp.Apigee.AddonsConfig(\"test_organization\", new()\n {\n Org = \"test_organization\",\n AddonsConfigDetails = new Gcp.Apigee.Inputs.AddonsConfigAddonsConfigArgs\n {\n ApiSecurityConfig = new Gcp.Apigee.Inputs.AddonsConfigAddonsConfigApiSecurityConfigArgs\n {\n Enabled = true,\n },\n MonetizationConfig = new Gcp.Apigee.Inputs.AddonsConfigAddonsConfigMonetizationConfigArgs\n {\n Enabled = true,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewAddonsConfig(ctx, \"test_organization\", \u0026apigee.AddonsConfigArgs{\n\t\t\tOrg: pulumi.String(\"test_organization\"),\n\t\t\tAddonsConfig: \u0026apigee.AddonsConfigAddonsConfigArgs{\n\t\t\t\tApiSecurityConfig: \u0026apigee.AddonsConfigAddonsConfigApiSecurityConfigArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tMonetizationConfig: \u0026apigee.AddonsConfigAddonsConfigMonetizationConfigArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.AddonsConfig;\nimport com.pulumi.gcp.apigee.AddonsConfigArgs;\nimport com.pulumi.gcp.apigee.inputs.AddonsConfigAddonsConfigArgs;\nimport com.pulumi.gcp.apigee.inputs.AddonsConfigAddonsConfigApiSecurityConfigArgs;\nimport com.pulumi.gcp.apigee.inputs.AddonsConfigAddonsConfigMonetizationConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testOrganization = new AddonsConfig(\"testOrganization\", AddonsConfigArgs.builder()\n .org(\"test_organization\")\n .addonsConfig(AddonsConfigAddonsConfigArgs.builder()\n .apiSecurityConfig(AddonsConfigAddonsConfigApiSecurityConfigArgs.builder()\n .enabled(true)\n .build())\n .monetizationConfig(AddonsConfigAddonsConfigMonetizationConfigArgs.builder()\n .enabled(true)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testOrganization:\n type: gcp:apigee:AddonsConfig\n name: test_organization\n properties:\n org: test_organization\n addonsConfig:\n apiSecurityConfig:\n enabled: true\n monetizationConfig:\n enabled: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Apigee Addons Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigee = new gcp.projects.Service(\"apigee\", {\n project: current.then(current =\u003e current.project),\n service: \"apigee.googleapis.com\",\n});\nconst compute = new gcp.projects.Service(\"compute\", {\n project: current.then(current =\u003e current.project),\n service: \"compute.googleapis.com\",\n});\nconst servicenetworking = new gcp.projects.Service(\"servicenetworking\", {\n project: current.then(current =\u003e current.project),\n service: \"servicenetworking.googleapis.com\",\n});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {\n name: \"apigee-network\",\n project: current.then(current =\u003e current.project),\n}, {\n dependsOn: [compute],\n});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: apigeeNetwork.id,\n project: current.then(current =\u003e current.project),\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst org = new gcp.apigee.Organization(\"org\", {\n analyticsRegion: \"us-central1\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n billingType: \"EVALUATION\",\n}, {\n dependsOn: [\n apigeeVpcConnection,\n apigee,\n ],\n});\nconst testOrganization = new gcp.apigee.AddonsConfig(\"test_organization\", {\n org: org.name,\n addonsConfig: {\n integrationConfig: {\n enabled: true,\n },\n apiSecurityConfig: {\n enabled: true,\n },\n connectorsPlatformConfig: {\n enabled: true,\n },\n monetizationConfig: {\n enabled: true,\n },\n advancedApiOpsConfig: {\n enabled: true,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee = gcp.projects.Service(\"apigee\",\n project=current.project,\n service=\"apigee.googleapis.com\")\ncompute = gcp.projects.Service(\"compute\",\n project=current.project,\n service=\"compute.googleapis.com\")\nservicenetworking = gcp.projects.Service(\"servicenetworking\",\n project=current.project,\n service=\"servicenetworking.googleapis.com\")\napigee_network = gcp.compute.Network(\"apigee_network\",\n name=\"apigee-network\",\n project=current.project,\n opts = pulumi.ResourceOptions(depends_on=[compute]))\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=apigee_network.id,\n project=current.project)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\norg = gcp.apigee.Organization(\"org\",\n analytics_region=\"us-central1\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n billing_type=\"EVALUATION\",\n opts = pulumi.ResourceOptions(depends_on=[\n apigee_vpc_connection,\n apigee,\n ]))\ntest_organization = gcp.apigee.AddonsConfig(\"test_organization\",\n org=org.name,\n addons_config={\n \"integration_config\": {\n \"enabled\": True,\n },\n \"api_security_config\": {\n \"enabled\": True,\n },\n \"connectors_platform_config\": {\n \"enabled\": True,\n },\n \"monetization_config\": {\n \"enabled\": True,\n },\n \"advanced_api_ops_config\": {\n \"enabled\": True,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigee = new Gcp.Projects.Service(\"apigee\", new()\n {\n Project = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n ServiceName = \"apigee.googleapis.com\",\n });\n\n var compute = new Gcp.Projects.Service(\"compute\", new()\n {\n Project = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n ServiceName = \"compute.googleapis.com\",\n });\n\n var servicenetworking = new Gcp.Projects.Service(\"servicenetworking\", new()\n {\n Project = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n ServiceName = \"servicenetworking.googleapis.com\",\n });\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n Project = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n compute,\n },\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = apigeeNetwork.Id,\n Project = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var org = new Gcp.Apigee.Organization(\"org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n BillingType = \"EVALUATION\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n apigee,\n },\n });\n\n var testOrganization = new Gcp.Apigee.AddonsConfig(\"test_organization\", new()\n {\n Org = org.Name,\n AddonsConfigDetails = new Gcp.Apigee.Inputs.AddonsConfigAddonsConfigArgs\n {\n IntegrationConfig = new Gcp.Apigee.Inputs.AddonsConfigAddonsConfigIntegrationConfigArgs\n {\n Enabled = true,\n },\n ApiSecurityConfig = new Gcp.Apigee.Inputs.AddonsConfigAddonsConfigApiSecurityConfigArgs\n {\n Enabled = true,\n },\n ConnectorsPlatformConfig = new Gcp.Apigee.Inputs.AddonsConfigAddonsConfigConnectorsPlatformConfigArgs\n {\n Enabled = true,\n },\n MonetizationConfig = new Gcp.Apigee.Inputs.AddonsConfigAddonsConfigMonetizationConfigArgs\n {\n Enabled = true,\n },\n AdvancedApiOpsConfig = new Gcp.Apigee.Inputs.AddonsConfigAddonsConfigAdvancedApiOpsConfigArgs\n {\n Enabled = true,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigee, err := projects.NewService(ctx, \"apigee\", \u0026projects.ServiceArgs{\n\t\t\tProject: pulumi.String(current.Project),\n\t\t\tService: pulumi.String(\"apigee.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcompute, err := projects.NewService(ctx, \"compute\", \u0026projects.ServiceArgs{\n\t\t\tProject: pulumi.String(current.Project),\n\t\t\tService: pulumi.String(\"compute.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewService(ctx, \"servicenetworking\", \u0026projects.ServiceArgs{\n\t\t\tProject: pulumi.String(current.Project),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t\tProject: pulumi.String(current.Project),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcompute,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tProject: pulumi.String(current.Project),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\torg, err := apigee.NewOrganization(ctx, \"org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t\tBillingType: pulumi.String(\"EVALUATION\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t\tapigee,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewAddonsConfig(ctx, \"test_organization\", \u0026apigee.AddonsConfigArgs{\n\t\t\tOrg: org.Name,\n\t\t\tAddonsConfig: \u0026apigee.AddonsConfigAddonsConfigArgs{\n\t\t\t\tIntegrationConfig: \u0026apigee.AddonsConfigAddonsConfigIntegrationConfigArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tApiSecurityConfig: \u0026apigee.AddonsConfigAddonsConfigApiSecurityConfigArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tConnectorsPlatformConfig: \u0026apigee.AddonsConfigAddonsConfigConnectorsPlatformConfigArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tMonetizationConfig: \u0026apigee.AddonsConfigAddonsConfigMonetizationConfigArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tAdvancedApiOpsConfig: \u0026apigee.AddonsConfigAddonsConfigAdvancedApiOpsConfigArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.AddonsConfig;\nimport com.pulumi.gcp.apigee.AddonsConfigArgs;\nimport com.pulumi.gcp.apigee.inputs.AddonsConfigAddonsConfigArgs;\nimport com.pulumi.gcp.apigee.inputs.AddonsConfigAddonsConfigIntegrationConfigArgs;\nimport com.pulumi.gcp.apigee.inputs.AddonsConfigAddonsConfigApiSecurityConfigArgs;\nimport com.pulumi.gcp.apigee.inputs.AddonsConfigAddonsConfigConnectorsPlatformConfigArgs;\nimport com.pulumi.gcp.apigee.inputs.AddonsConfigAddonsConfigMonetizationConfigArgs;\nimport com.pulumi.gcp.apigee.inputs.AddonsConfigAddonsConfigAdvancedApiOpsConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigee = new Service(\"apigee\", ServiceArgs.builder()\n .project(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .service(\"apigee.googleapis.com\")\n .build());\n\n var compute = new Service(\"compute\", ServiceArgs.builder()\n .project(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .service(\"compute.googleapis.com\")\n .build());\n\n var servicenetworking = new Service(\"servicenetworking\", ServiceArgs.builder()\n .project(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .service(\"servicenetworking.googleapis.com\")\n .build());\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .project(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .build(), CustomResourceOptions.builder()\n .dependsOn(compute)\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(apigeeNetwork.id())\n .project(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var org = new Organization(\"org\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .billingType(\"EVALUATION\")\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n apigeeVpcConnection,\n apigee)\n .build());\n\n var testOrganization = new AddonsConfig(\"testOrganization\", AddonsConfigArgs.builder()\n .org(org.name())\n .addonsConfig(AddonsConfigAddonsConfigArgs.builder()\n .integrationConfig(AddonsConfigAddonsConfigIntegrationConfigArgs.builder()\n .enabled(true)\n .build())\n .apiSecurityConfig(AddonsConfigAddonsConfigApiSecurityConfigArgs.builder()\n .enabled(true)\n .build())\n .connectorsPlatformConfig(AddonsConfigAddonsConfigConnectorsPlatformConfigArgs.builder()\n .enabled(true)\n .build())\n .monetizationConfig(AddonsConfigAddonsConfigMonetizationConfigArgs.builder()\n .enabled(true)\n .build())\n .advancedApiOpsConfig(AddonsConfigAddonsConfigAdvancedApiOpsConfigArgs.builder()\n .enabled(true)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigee:\n type: gcp:projects:Service\n properties:\n project: ${current.project}\n service: apigee.googleapis.com\n compute:\n type: gcp:projects:Service\n properties:\n project: ${current.project}\n service: compute.googleapis.com\n servicenetworking:\n type: gcp:projects:Service\n properties:\n project: ${current.project}\n service: servicenetworking.googleapis.com\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n project: ${current.project}\n options:\n dependsOn:\n - ${compute}\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${apigeeNetwork.id}\n project: ${current.project}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n org:\n type: gcp:apigee:Organization\n properties:\n analyticsRegion: us-central1\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n billingType: EVALUATION\n options:\n dependsOn:\n - ${apigeeVpcConnection}\n - ${apigee}\n testOrganization:\n type: gcp:apigee:AddonsConfig\n name: test_organization\n properties:\n org: ${org.name}\n addonsConfig:\n integrationConfig:\n enabled: true\n apiSecurityConfig:\n enabled: true\n connectorsPlatformConfig:\n enabled: true\n monetizationConfig:\n enabled: true\n advancedApiOpsConfig:\n enabled: true\nvariables:\n current:\n fn::invoke:\n function: gcp:organizations:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAddonsConfig can be imported using any of these accepted formats:\n\n* `organizations/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, AddonsConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:apigee/addonsConfig:AddonsConfig default organizations/{{name}}\n```\n\n```sh\n$ pulumi import gcp:apigee/addonsConfig:AddonsConfig default {{name}}\n```\n\n", "properties": { "addonsConfig": { "$ref": "#/types/gcp:apigee/AddonsConfigAddonsConfig:AddonsConfigAddonsConfig", @@ -131597,7 +131597,7 @@ } }, "gcp:apigee/appGroup:AppGroup": { - "description": "An `AppGroup` in Apigee.\n\n\nTo get more information about AppGroup, see:\n\n* [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.appgroups)\n* How-to Guides\n * [Organizing client app ownership](https://cloud.google.com/apigee/docs/api-platform/publish/organizing-client-app-ownership)\n\n## Example Usage\n\n### Apigee App Group Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {name: \"apigee-network\"});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: apigeeNetwork.id,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n}, {\n dependsOn: [apigeeVpcConnection],\n});\nconst apigeeInstance = new gcp.apigee.Instance(\"apigee_instance\", {\n name: \"instance\",\n location: \"us-central1\",\n orgId: apigeeOrg.id,\n peeringCidrRange: \"SLASH_22\",\n});\nconst apigeeAppGroup = new gcp.apigee.AppGroup(\"apigee_app_group\", {\n name: \"my-app-group\",\n displayName: \"Test app group\",\n channelId: \"storefront\",\n channelUri: \"https://my-dev-portal.org/groups/my-group\",\n status: \"active\",\n orgId: apigeeOrg.id,\n}, {\n dependsOn: [apigeeInstance],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_network = gcp.compute.Network(\"apigee_network\", name=\"apigee-network\")\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=apigee_network.id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n opts = pulumi.ResourceOptions(depends_on=[apigee_vpc_connection]))\napigee_instance = gcp.apigee.Instance(\"apigee_instance\",\n name=\"instance\",\n location=\"us-central1\",\n org_id=apigee_org.id,\n peering_cidr_range=\"SLASH_22\")\napigee_app_group = gcp.apigee.AppGroup(\"apigee_app_group\",\n name=\"my-app-group\",\n display_name=\"Test app group\",\n channel_id=\"storefront\",\n channel_uri=\"https://my-dev-portal.org/groups/my-group\",\n status=\"active\",\n org_id=apigee_org.id,\n opts = pulumi.ResourceOptions(depends_on=[apigee_instance]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = apigeeNetwork.Id,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n },\n });\n\n var apigeeInstance = new Gcp.Apigee.Instance(\"apigee_instance\", new()\n {\n Name = \"instance\",\n Location = \"us-central1\",\n OrgId = apigeeOrg.Id,\n PeeringCidrRange = \"SLASH_22\",\n });\n\n var apigeeAppGroup = new Gcp.Apigee.AppGroup(\"apigee_app_group\", new()\n {\n Name = \"my-app-group\",\n DisplayName = \"Test app group\",\n ChannelId = \"storefront\",\n ChannelUri = \"https://my-dev-portal.org/groups/my-group\",\n Status = \"active\",\n OrgId = apigeeOrg.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeInstance,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeInstance, err := apigee.NewInstance(ctx, \"apigee_instance\", \u0026apigee.InstanceArgs{\n\t\t\tName: pulumi.String(\"instance\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t\tPeeringCidrRange: pulumi.String(\"SLASH_22\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewAppGroup(ctx, \"apigee_app_group\", \u0026apigee.AppGroupArgs{\n\t\t\tName: pulumi.String(\"my-app-group\"),\n\t\t\tDisplayName: pulumi.String(\"Test app group\"),\n\t\t\tChannelId: pulumi.String(\"storefront\"),\n\t\t\tChannelUri: pulumi.String(\"https://my-dev-portal.org/groups/my-group\"),\n\t\t\tStatus: pulumi.String(\"active\"),\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeInstance,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.Instance;\nimport com.pulumi.gcp.apigee.InstanceArgs;\nimport com.pulumi.gcp.apigee.AppGroup;\nimport com.pulumi.gcp.apigee.AppGroupArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(apigeeNetwork.id())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeVpcConnection)\n .build());\n\n var apigeeInstance = new Instance(\"apigeeInstance\", InstanceArgs.builder()\n .name(\"instance\")\n .location(\"us-central1\")\n .orgId(apigeeOrg.id())\n .peeringCidrRange(\"SLASH_22\")\n .build());\n\n var apigeeAppGroup = new AppGroup(\"apigeeAppGroup\", AppGroupArgs.builder()\n .name(\"my-app-group\")\n .displayName(\"Test app group\")\n .channelId(\"storefront\")\n .channelUri(\"https://my-dev-portal.org/groups/my-group\")\n .status(\"active\")\n .orgId(apigeeOrg.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeInstance)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${apigeeNetwork.id}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n options:\n dependson:\n - ${apigeeVpcConnection}\n apigeeInstance:\n type: gcp:apigee:Instance\n name: apigee_instance\n properties:\n name: instance\n location: us-central1\n orgId: ${apigeeOrg.id}\n peeringCidrRange: SLASH_22\n apigeeAppGroup:\n type: gcp:apigee:AppGroup\n name: apigee_app_group\n properties:\n name: my-app-group\n displayName: Test app group\n channelId: storefront\n channelUri: https://my-dev-portal.org/groups/my-group\n status: active\n orgId: ${apigeeOrg.id}\n options:\n dependson:\n - ${apigeeInstance}\nvariables:\n current:\n fn::invoke:\n Function: gcp:organizations:getClientConfig\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Apigee App Group With Attributes\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {name: \"apigee-network\"});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: apigeeNetwork.id,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n}, {\n dependsOn: [apigeeVpcConnection],\n});\nconst apigeeInstance = new gcp.apigee.Instance(\"apigee_instance\", {\n name: \"instance\",\n location: \"us-central1\",\n orgId: apigeeOrg.id,\n peeringCidrRange: \"SLASH_22\",\n});\nconst apigeeAppGroup = new gcp.apigee.AppGroup(\"apigee_app_group\", {\n name: \"my-app-group\",\n displayName: \"Test app group\",\n channelId: \"storefront\",\n channelUri: \"https://my-dev-portal.org/groups/my-group\",\n status: \"active\",\n orgId: apigeeOrg.id,\n attributes: [\n {\n name: \"business_unit\",\n value: \"HR\",\n },\n {\n name: \"department\",\n value: \"payroll\",\n },\n ],\n}, {\n dependsOn: [apigeeInstance],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_network = gcp.compute.Network(\"apigee_network\", name=\"apigee-network\")\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=apigee_network.id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n opts = pulumi.ResourceOptions(depends_on=[apigee_vpc_connection]))\napigee_instance = gcp.apigee.Instance(\"apigee_instance\",\n name=\"instance\",\n location=\"us-central1\",\n org_id=apigee_org.id,\n peering_cidr_range=\"SLASH_22\")\napigee_app_group = gcp.apigee.AppGroup(\"apigee_app_group\",\n name=\"my-app-group\",\n display_name=\"Test app group\",\n channel_id=\"storefront\",\n channel_uri=\"https://my-dev-portal.org/groups/my-group\",\n status=\"active\",\n org_id=apigee_org.id,\n attributes=[\n {\n \"name\": \"business_unit\",\n \"value\": \"HR\",\n },\n {\n \"name\": \"department\",\n \"value\": \"payroll\",\n },\n ],\n opts = pulumi.ResourceOptions(depends_on=[apigee_instance]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = apigeeNetwork.Id,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n },\n });\n\n var apigeeInstance = new Gcp.Apigee.Instance(\"apigee_instance\", new()\n {\n Name = \"instance\",\n Location = \"us-central1\",\n OrgId = apigeeOrg.Id,\n PeeringCidrRange = \"SLASH_22\",\n });\n\n var apigeeAppGroup = new Gcp.Apigee.AppGroup(\"apigee_app_group\", new()\n {\n Name = \"my-app-group\",\n DisplayName = \"Test app group\",\n ChannelId = \"storefront\",\n ChannelUri = \"https://my-dev-portal.org/groups/my-group\",\n Status = \"active\",\n OrgId = apigeeOrg.Id,\n Attributes = new[]\n {\n new Gcp.Apigee.Inputs.AppGroupAttributeArgs\n {\n Name = \"business_unit\",\n Value = \"HR\",\n },\n new Gcp.Apigee.Inputs.AppGroupAttributeArgs\n {\n Name = \"department\",\n Value = \"payroll\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeInstance,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeInstance, err := apigee.NewInstance(ctx, \"apigee_instance\", \u0026apigee.InstanceArgs{\n\t\t\tName: pulumi.String(\"instance\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t\tPeeringCidrRange: pulumi.String(\"SLASH_22\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewAppGroup(ctx, \"apigee_app_group\", \u0026apigee.AppGroupArgs{\n\t\t\tName: pulumi.String(\"my-app-group\"),\n\t\t\tDisplayName: pulumi.String(\"Test app group\"),\n\t\t\tChannelId: pulumi.String(\"storefront\"),\n\t\t\tChannelUri: pulumi.String(\"https://my-dev-portal.org/groups/my-group\"),\n\t\t\tStatus: pulumi.String(\"active\"),\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t\tAttributes: apigee.AppGroupAttributeArray{\n\t\t\t\t\u0026apigee.AppGroupAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"business_unit\"),\n\t\t\t\t\tValue: pulumi.String(\"HR\"),\n\t\t\t\t},\n\t\t\t\t\u0026apigee.AppGroupAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"department\"),\n\t\t\t\t\tValue: pulumi.String(\"payroll\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeInstance,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.Instance;\nimport com.pulumi.gcp.apigee.InstanceArgs;\nimport com.pulumi.gcp.apigee.AppGroup;\nimport com.pulumi.gcp.apigee.AppGroupArgs;\nimport com.pulumi.gcp.apigee.inputs.AppGroupAttributeArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(apigeeNetwork.id())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeVpcConnection)\n .build());\n\n var apigeeInstance = new Instance(\"apigeeInstance\", InstanceArgs.builder()\n .name(\"instance\")\n .location(\"us-central1\")\n .orgId(apigeeOrg.id())\n .peeringCidrRange(\"SLASH_22\")\n .build());\n\n var apigeeAppGroup = new AppGroup(\"apigeeAppGroup\", AppGroupArgs.builder()\n .name(\"my-app-group\")\n .displayName(\"Test app group\")\n .channelId(\"storefront\")\n .channelUri(\"https://my-dev-portal.org/groups/my-group\")\n .status(\"active\")\n .orgId(apigeeOrg.id())\n .attributes( \n AppGroupAttributeArgs.builder()\n .name(\"business_unit\")\n .value(\"HR\")\n .build(),\n AppGroupAttributeArgs.builder()\n .name(\"department\")\n .value(\"payroll\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeInstance)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${apigeeNetwork.id}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n options:\n dependson:\n - ${apigeeVpcConnection}\n apigeeInstance:\n type: gcp:apigee:Instance\n name: apigee_instance\n properties:\n name: instance\n location: us-central1\n orgId: ${apigeeOrg.id}\n peeringCidrRange: SLASH_22\n apigeeAppGroup:\n type: gcp:apigee:AppGroup\n name: apigee_app_group\n properties:\n name: my-app-group\n displayName: Test app group\n channelId: storefront\n channelUri: https://my-dev-portal.org/groups/my-group\n status: active\n orgId: ${apigeeOrg.id}\n attributes:\n - name: business_unit\n value: HR\n - name: department\n value: payroll\n options:\n dependson:\n - ${apigeeInstance}\nvariables:\n current:\n fn::invoke:\n Function: gcp:organizations:getClientConfig\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAppGroup can be imported using any of these accepted formats:\n\n* `{{org_id}}/appgroups/{{name}}`\n\n* `{{org_id}}/{{name}}`\n\nWhen using the `pulumi import` command, AppGroup can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:apigee/appGroup:AppGroup default {{org_id}}/appgroups/{{name}}\n```\n\n```sh\n$ pulumi import gcp:apigee/appGroup:AppGroup default {{org_id}}/{{name}}\n```\n\n", + "description": "An `AppGroup` in Apigee.\n\n\nTo get more information about AppGroup, see:\n\n* [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.appgroups)\n* How-to Guides\n * [Organizing client app ownership](https://cloud.google.com/apigee/docs/api-platform/publish/organizing-client-app-ownership)\n\n## Example Usage\n\n### Apigee App Group Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {name: \"apigee-network\"});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: apigeeNetwork.id,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n}, {\n dependsOn: [apigeeVpcConnection],\n});\nconst apigeeInstance = new gcp.apigee.Instance(\"apigee_instance\", {\n name: \"instance\",\n location: \"us-central1\",\n orgId: apigeeOrg.id,\n peeringCidrRange: \"SLASH_22\",\n});\nconst apigeeAppGroup = new gcp.apigee.AppGroup(\"apigee_app_group\", {\n name: \"my-app-group\",\n displayName: \"Test app group\",\n channelId: \"storefront\",\n channelUri: \"https://my-dev-portal.org/groups/my-group\",\n status: \"active\",\n orgId: apigeeOrg.id,\n}, {\n dependsOn: [apigeeInstance],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_network = gcp.compute.Network(\"apigee_network\", name=\"apigee-network\")\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=apigee_network.id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n opts = pulumi.ResourceOptions(depends_on=[apigee_vpc_connection]))\napigee_instance = gcp.apigee.Instance(\"apigee_instance\",\n name=\"instance\",\n location=\"us-central1\",\n org_id=apigee_org.id,\n peering_cidr_range=\"SLASH_22\")\napigee_app_group = gcp.apigee.AppGroup(\"apigee_app_group\",\n name=\"my-app-group\",\n display_name=\"Test app group\",\n channel_id=\"storefront\",\n channel_uri=\"https://my-dev-portal.org/groups/my-group\",\n status=\"active\",\n org_id=apigee_org.id,\n opts = pulumi.ResourceOptions(depends_on=[apigee_instance]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = apigeeNetwork.Id,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n },\n });\n\n var apigeeInstance = new Gcp.Apigee.Instance(\"apigee_instance\", new()\n {\n Name = \"instance\",\n Location = \"us-central1\",\n OrgId = apigeeOrg.Id,\n PeeringCidrRange = \"SLASH_22\",\n });\n\n var apigeeAppGroup = new Gcp.Apigee.AppGroup(\"apigee_app_group\", new()\n {\n Name = \"my-app-group\",\n DisplayName = \"Test app group\",\n ChannelId = \"storefront\",\n ChannelUri = \"https://my-dev-portal.org/groups/my-group\",\n Status = \"active\",\n OrgId = apigeeOrg.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeInstance,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeInstance, err := apigee.NewInstance(ctx, \"apigee_instance\", \u0026apigee.InstanceArgs{\n\t\t\tName: pulumi.String(\"instance\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t\tPeeringCidrRange: pulumi.String(\"SLASH_22\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewAppGroup(ctx, \"apigee_app_group\", \u0026apigee.AppGroupArgs{\n\t\t\tName: pulumi.String(\"my-app-group\"),\n\t\t\tDisplayName: pulumi.String(\"Test app group\"),\n\t\t\tChannelId: pulumi.String(\"storefront\"),\n\t\t\tChannelUri: pulumi.String(\"https://my-dev-portal.org/groups/my-group\"),\n\t\t\tStatus: pulumi.String(\"active\"),\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeInstance,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.Instance;\nimport com.pulumi.gcp.apigee.InstanceArgs;\nimport com.pulumi.gcp.apigee.AppGroup;\nimport com.pulumi.gcp.apigee.AppGroupArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(apigeeNetwork.id())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeVpcConnection)\n .build());\n\n var apigeeInstance = new Instance(\"apigeeInstance\", InstanceArgs.builder()\n .name(\"instance\")\n .location(\"us-central1\")\n .orgId(apigeeOrg.id())\n .peeringCidrRange(\"SLASH_22\")\n .build());\n\n var apigeeAppGroup = new AppGroup(\"apigeeAppGroup\", AppGroupArgs.builder()\n .name(\"my-app-group\")\n .displayName(\"Test app group\")\n .channelId(\"storefront\")\n .channelUri(\"https://my-dev-portal.org/groups/my-group\")\n .status(\"active\")\n .orgId(apigeeOrg.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeInstance)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${apigeeNetwork.id}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n options:\n dependsOn:\n - ${apigeeVpcConnection}\n apigeeInstance:\n type: gcp:apigee:Instance\n name: apigee_instance\n properties:\n name: instance\n location: us-central1\n orgId: ${apigeeOrg.id}\n peeringCidrRange: SLASH_22\n apigeeAppGroup:\n type: gcp:apigee:AppGroup\n name: apigee_app_group\n properties:\n name: my-app-group\n displayName: Test app group\n channelId: storefront\n channelUri: https://my-dev-portal.org/groups/my-group\n status: active\n orgId: ${apigeeOrg.id}\n options:\n dependsOn:\n - ${apigeeInstance}\nvariables:\n current:\n fn::invoke:\n function: gcp:organizations:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Apigee App Group With Attributes\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {name: \"apigee-network\"});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: apigeeNetwork.id,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n}, {\n dependsOn: [apigeeVpcConnection],\n});\nconst apigeeInstance = new gcp.apigee.Instance(\"apigee_instance\", {\n name: \"instance\",\n location: \"us-central1\",\n orgId: apigeeOrg.id,\n peeringCidrRange: \"SLASH_22\",\n});\nconst apigeeAppGroup = new gcp.apigee.AppGroup(\"apigee_app_group\", {\n name: \"my-app-group\",\n displayName: \"Test app group\",\n channelId: \"storefront\",\n channelUri: \"https://my-dev-portal.org/groups/my-group\",\n status: \"active\",\n orgId: apigeeOrg.id,\n attributes: [\n {\n name: \"business_unit\",\n value: \"HR\",\n },\n {\n name: \"department\",\n value: \"payroll\",\n },\n ],\n}, {\n dependsOn: [apigeeInstance],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_network = gcp.compute.Network(\"apigee_network\", name=\"apigee-network\")\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=apigee_network.id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n opts = pulumi.ResourceOptions(depends_on=[apigee_vpc_connection]))\napigee_instance = gcp.apigee.Instance(\"apigee_instance\",\n name=\"instance\",\n location=\"us-central1\",\n org_id=apigee_org.id,\n peering_cidr_range=\"SLASH_22\")\napigee_app_group = gcp.apigee.AppGroup(\"apigee_app_group\",\n name=\"my-app-group\",\n display_name=\"Test app group\",\n channel_id=\"storefront\",\n channel_uri=\"https://my-dev-portal.org/groups/my-group\",\n status=\"active\",\n org_id=apigee_org.id,\n attributes=[\n {\n \"name\": \"business_unit\",\n \"value\": \"HR\",\n },\n {\n \"name\": \"department\",\n \"value\": \"payroll\",\n },\n ],\n opts = pulumi.ResourceOptions(depends_on=[apigee_instance]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = apigeeNetwork.Id,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n },\n });\n\n var apigeeInstance = new Gcp.Apigee.Instance(\"apigee_instance\", new()\n {\n Name = \"instance\",\n Location = \"us-central1\",\n OrgId = apigeeOrg.Id,\n PeeringCidrRange = \"SLASH_22\",\n });\n\n var apigeeAppGroup = new Gcp.Apigee.AppGroup(\"apigee_app_group\", new()\n {\n Name = \"my-app-group\",\n DisplayName = \"Test app group\",\n ChannelId = \"storefront\",\n ChannelUri = \"https://my-dev-portal.org/groups/my-group\",\n Status = \"active\",\n OrgId = apigeeOrg.Id,\n Attributes = new[]\n {\n new Gcp.Apigee.Inputs.AppGroupAttributeArgs\n {\n Name = \"business_unit\",\n Value = \"HR\",\n },\n new Gcp.Apigee.Inputs.AppGroupAttributeArgs\n {\n Name = \"department\",\n Value = \"payroll\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeInstance,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeInstance, err := apigee.NewInstance(ctx, \"apigee_instance\", \u0026apigee.InstanceArgs{\n\t\t\tName: pulumi.String(\"instance\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t\tPeeringCidrRange: pulumi.String(\"SLASH_22\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewAppGroup(ctx, \"apigee_app_group\", \u0026apigee.AppGroupArgs{\n\t\t\tName: pulumi.String(\"my-app-group\"),\n\t\t\tDisplayName: pulumi.String(\"Test app group\"),\n\t\t\tChannelId: pulumi.String(\"storefront\"),\n\t\t\tChannelUri: pulumi.String(\"https://my-dev-portal.org/groups/my-group\"),\n\t\t\tStatus: pulumi.String(\"active\"),\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t\tAttributes: apigee.AppGroupAttributeArray{\n\t\t\t\t\u0026apigee.AppGroupAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"business_unit\"),\n\t\t\t\t\tValue: pulumi.String(\"HR\"),\n\t\t\t\t},\n\t\t\t\t\u0026apigee.AppGroupAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"department\"),\n\t\t\t\t\tValue: pulumi.String(\"payroll\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeInstance,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.Instance;\nimport com.pulumi.gcp.apigee.InstanceArgs;\nimport com.pulumi.gcp.apigee.AppGroup;\nimport com.pulumi.gcp.apigee.AppGroupArgs;\nimport com.pulumi.gcp.apigee.inputs.AppGroupAttributeArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(apigeeNetwork.id())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeVpcConnection)\n .build());\n\n var apigeeInstance = new Instance(\"apigeeInstance\", InstanceArgs.builder()\n .name(\"instance\")\n .location(\"us-central1\")\n .orgId(apigeeOrg.id())\n .peeringCidrRange(\"SLASH_22\")\n .build());\n\n var apigeeAppGroup = new AppGroup(\"apigeeAppGroup\", AppGroupArgs.builder()\n .name(\"my-app-group\")\n .displayName(\"Test app group\")\n .channelId(\"storefront\")\n .channelUri(\"https://my-dev-portal.org/groups/my-group\")\n .status(\"active\")\n .orgId(apigeeOrg.id())\n .attributes( \n AppGroupAttributeArgs.builder()\n .name(\"business_unit\")\n .value(\"HR\")\n .build(),\n AppGroupAttributeArgs.builder()\n .name(\"department\")\n .value(\"payroll\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeInstance)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${apigeeNetwork.id}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n options:\n dependsOn:\n - ${apigeeVpcConnection}\n apigeeInstance:\n type: gcp:apigee:Instance\n name: apigee_instance\n properties:\n name: instance\n location: us-central1\n orgId: ${apigeeOrg.id}\n peeringCidrRange: SLASH_22\n apigeeAppGroup:\n type: gcp:apigee:AppGroup\n name: apigee_app_group\n properties:\n name: my-app-group\n displayName: Test app group\n channelId: storefront\n channelUri: https://my-dev-portal.org/groups/my-group\n status: active\n orgId: ${apigeeOrg.id}\n attributes:\n - name: business_unit\n value: HR\n - name: department\n value: payroll\n options:\n dependsOn:\n - ${apigeeInstance}\nvariables:\n current:\n fn::invoke:\n function: gcp:organizations:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAppGroup can be imported using any of these accepted formats:\n\n* `{{org_id}}/appgroups/{{name}}`\n\n* `{{org_id}}/{{name}}`\n\nWhen using the `pulumi import` command, AppGroup can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:apigee/appGroup:AppGroup default {{org_id}}/appgroups/{{name}}\n```\n\n```sh\n$ pulumi import gcp:apigee/appGroup:AppGroup default {{org_id}}/{{name}}\n```\n\n", "properties": { "appGroupId": { "type": "string", @@ -131750,7 +131750,7 @@ } }, "gcp:apigee/developer:Developer": { - "description": "A `Developer` is an API consumer that can have apps registered in Apigee.\n\n\nTo get more information about Developer, see:\n\n* [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.developers)\n* How-to Guides\n * [Creating a developer](https://cloud.google.com/apigee/docs/api-platform/publish/adding-developers-your-api-product)\n\n## Example Usage\n\n### Apigee Developer Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {name: \"apigee-network\"});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: apigeeNetwork.id,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n}, {\n dependsOn: [apigeeVpcConnection],\n});\nconst apigeeInstance = new gcp.apigee.Instance(\"apigee_instance\", {\n name: \"my-instance\",\n location: \"us-central1\",\n orgId: apigeeOrg.id,\n peeringCidrRange: \"SLASH_22\",\n});\nconst apigeeDeveloper = new gcp.apigee.Developer(\"apigee_developer\", {\n email: \"john.doe@acme.com\",\n firstName: \"John\",\n lastName: \"Doe\",\n userName: \"john.doe\",\n orgId: apigeeOrg.id,\n}, {\n dependsOn: [apigeeInstance],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_network = gcp.compute.Network(\"apigee_network\", name=\"apigee-network\")\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=apigee_network.id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n opts = pulumi.ResourceOptions(depends_on=[apigee_vpc_connection]))\napigee_instance = gcp.apigee.Instance(\"apigee_instance\",\n name=\"my-instance\",\n location=\"us-central1\",\n org_id=apigee_org.id,\n peering_cidr_range=\"SLASH_22\")\napigee_developer = gcp.apigee.Developer(\"apigee_developer\",\n email=\"john.doe@acme.com\",\n first_name=\"John\",\n last_name=\"Doe\",\n user_name=\"john.doe\",\n org_id=apigee_org.id,\n opts = pulumi.ResourceOptions(depends_on=[apigee_instance]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = apigeeNetwork.Id,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n },\n });\n\n var apigeeInstance = new Gcp.Apigee.Instance(\"apigee_instance\", new()\n {\n Name = \"my-instance\",\n Location = \"us-central1\",\n OrgId = apigeeOrg.Id,\n PeeringCidrRange = \"SLASH_22\",\n });\n\n var apigeeDeveloper = new Gcp.Apigee.Developer(\"apigee_developer\", new()\n {\n Email = \"john.doe@acme.com\",\n FirstName = \"John\",\n LastName = \"Doe\",\n UserName = \"john.doe\",\n OrgId = apigeeOrg.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeInstance,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeInstance, err := apigee.NewInstance(ctx, \"apigee_instance\", \u0026apigee.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t\tPeeringCidrRange: pulumi.String(\"SLASH_22\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewDeveloper(ctx, \"apigee_developer\", \u0026apigee.DeveloperArgs{\n\t\t\tEmail: pulumi.String(\"john.doe@acme.com\"),\n\t\t\tFirstName: pulumi.String(\"John\"),\n\t\t\tLastName: pulumi.String(\"Doe\"),\n\t\t\tUserName: pulumi.String(\"john.doe\"),\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeInstance,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.Instance;\nimport com.pulumi.gcp.apigee.InstanceArgs;\nimport com.pulumi.gcp.apigee.Developer;\nimport com.pulumi.gcp.apigee.DeveloperArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(apigeeNetwork.id())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeVpcConnection)\n .build());\n\n var apigeeInstance = new Instance(\"apigeeInstance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .location(\"us-central1\")\n .orgId(apigeeOrg.id())\n .peeringCidrRange(\"SLASH_22\")\n .build());\n\n var apigeeDeveloper = new Developer(\"apigeeDeveloper\", DeveloperArgs.builder()\n .email(\"john.doe@acme.com\")\n .firstName(\"John\")\n .lastName(\"Doe\")\n .userName(\"john.doe\")\n .orgId(apigeeOrg.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeInstance)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${apigeeNetwork.id}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n options:\n dependson:\n - ${apigeeVpcConnection}\n apigeeInstance:\n type: gcp:apigee:Instance\n name: apigee_instance\n properties:\n name: my-instance\n location: us-central1\n orgId: ${apigeeOrg.id}\n peeringCidrRange: SLASH_22\n apigeeDeveloper:\n type: gcp:apigee:Developer\n name: apigee_developer\n properties:\n email: john.doe@acme.com\n firstName: John\n lastName: Doe\n userName: john.doe\n orgId: ${apigeeOrg.id}\n options:\n dependson:\n - ${apigeeInstance}\nvariables:\n current:\n fn::invoke:\n Function: gcp:organizations:getClientConfig\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Apigee Developer With Attributes\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {name: \"apigee-network\"});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: apigeeNetwork.id,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n}, {\n dependsOn: [apigeeVpcConnection],\n});\nconst apigeeInstance = new gcp.apigee.Instance(\"apigee_instance\", {\n name: \"my-instance\",\n location: \"us-central1\",\n orgId: apigeeOrg.id,\n peeringCidrRange: \"SLASH_22\",\n});\nconst apigeeDeveloper = new gcp.apigee.Developer(\"apigee_developer\", {\n email: \"john.doe@acme.com\",\n firstName: \"John\",\n lastName: \"Doe\",\n userName: \"john.doe\",\n attributes: [\n {\n name: \"business_unit\",\n value: \"HR\",\n },\n {\n name: \"department\",\n value: \"payroll\",\n },\n ],\n orgId: apigeeOrg.id,\n}, {\n dependsOn: [apigeeInstance],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_network = gcp.compute.Network(\"apigee_network\", name=\"apigee-network\")\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=apigee_network.id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n opts = pulumi.ResourceOptions(depends_on=[apigee_vpc_connection]))\napigee_instance = gcp.apigee.Instance(\"apigee_instance\",\n name=\"my-instance\",\n location=\"us-central1\",\n org_id=apigee_org.id,\n peering_cidr_range=\"SLASH_22\")\napigee_developer = gcp.apigee.Developer(\"apigee_developer\",\n email=\"john.doe@acme.com\",\n first_name=\"John\",\n last_name=\"Doe\",\n user_name=\"john.doe\",\n attributes=[\n {\n \"name\": \"business_unit\",\n \"value\": \"HR\",\n },\n {\n \"name\": \"department\",\n \"value\": \"payroll\",\n },\n ],\n org_id=apigee_org.id,\n opts = pulumi.ResourceOptions(depends_on=[apigee_instance]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = apigeeNetwork.Id,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n },\n });\n\n var apigeeInstance = new Gcp.Apigee.Instance(\"apigee_instance\", new()\n {\n Name = \"my-instance\",\n Location = \"us-central1\",\n OrgId = apigeeOrg.Id,\n PeeringCidrRange = \"SLASH_22\",\n });\n\n var apigeeDeveloper = new Gcp.Apigee.Developer(\"apigee_developer\", new()\n {\n Email = \"john.doe@acme.com\",\n FirstName = \"John\",\n LastName = \"Doe\",\n UserName = \"john.doe\",\n Attributes = new[]\n {\n new Gcp.Apigee.Inputs.DeveloperAttributeArgs\n {\n Name = \"business_unit\",\n Value = \"HR\",\n },\n new Gcp.Apigee.Inputs.DeveloperAttributeArgs\n {\n Name = \"department\",\n Value = \"payroll\",\n },\n },\n OrgId = apigeeOrg.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeInstance,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeInstance, err := apigee.NewInstance(ctx, \"apigee_instance\", \u0026apigee.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t\tPeeringCidrRange: pulumi.String(\"SLASH_22\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewDeveloper(ctx, \"apigee_developer\", \u0026apigee.DeveloperArgs{\n\t\t\tEmail: pulumi.String(\"john.doe@acme.com\"),\n\t\t\tFirstName: pulumi.String(\"John\"),\n\t\t\tLastName: pulumi.String(\"Doe\"),\n\t\t\tUserName: pulumi.String(\"john.doe\"),\n\t\t\tAttributes: apigee.DeveloperAttributeArray{\n\t\t\t\t\u0026apigee.DeveloperAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"business_unit\"),\n\t\t\t\t\tValue: pulumi.String(\"HR\"),\n\t\t\t\t},\n\t\t\t\t\u0026apigee.DeveloperAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"department\"),\n\t\t\t\t\tValue: pulumi.String(\"payroll\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeInstance,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.Instance;\nimport com.pulumi.gcp.apigee.InstanceArgs;\nimport com.pulumi.gcp.apigee.Developer;\nimport com.pulumi.gcp.apigee.DeveloperArgs;\nimport com.pulumi.gcp.apigee.inputs.DeveloperAttributeArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(apigeeNetwork.id())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeVpcConnection)\n .build());\n\n var apigeeInstance = new Instance(\"apigeeInstance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .location(\"us-central1\")\n .orgId(apigeeOrg.id())\n .peeringCidrRange(\"SLASH_22\")\n .build());\n\n var apigeeDeveloper = new Developer(\"apigeeDeveloper\", DeveloperArgs.builder()\n .email(\"john.doe@acme.com\")\n .firstName(\"John\")\n .lastName(\"Doe\")\n .userName(\"john.doe\")\n .attributes( \n DeveloperAttributeArgs.builder()\n .name(\"business_unit\")\n .value(\"HR\")\n .build(),\n DeveloperAttributeArgs.builder()\n .name(\"department\")\n .value(\"payroll\")\n .build())\n .orgId(apigeeOrg.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeInstance)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${apigeeNetwork.id}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n options:\n dependson:\n - ${apigeeVpcConnection}\n apigeeInstance:\n type: gcp:apigee:Instance\n name: apigee_instance\n properties:\n name: my-instance\n location: us-central1\n orgId: ${apigeeOrg.id}\n peeringCidrRange: SLASH_22\n apigeeDeveloper:\n type: gcp:apigee:Developer\n name: apigee_developer\n properties:\n email: john.doe@acme.com\n firstName: John\n lastName: Doe\n userName: john.doe\n attributes:\n - name: business_unit\n value: HR\n - name: department\n value: payroll\n orgId: ${apigeeOrg.id}\n options:\n dependson:\n - ${apigeeInstance}\nvariables:\n current:\n fn::invoke:\n Function: gcp:organizations:getClientConfig\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nDeveloper can be imported using any of these accepted formats:\n\n* `{{org_id}}/developers/{{email}}`\n\n* `{{org_id}}/{{email}}`\n\nWhen using the `pulumi import` command, Developer can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:apigee/developer:Developer default {{org_id}}/developers/{{email}}\n```\n\n```sh\n$ pulumi import gcp:apigee/developer:Developer default {{org_id}}/{{email}}\n```\n\n", + "description": "A `Developer` is an API consumer that can have apps registered in Apigee.\n\n\nTo get more information about Developer, see:\n\n* [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.developers)\n* How-to Guides\n * [Creating a developer](https://cloud.google.com/apigee/docs/api-platform/publish/adding-developers-your-api-product)\n\n## Example Usage\n\n### Apigee Developer Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {name: \"apigee-network\"});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: apigeeNetwork.id,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n}, {\n dependsOn: [apigeeVpcConnection],\n});\nconst apigeeInstance = new gcp.apigee.Instance(\"apigee_instance\", {\n name: \"my-instance\",\n location: \"us-central1\",\n orgId: apigeeOrg.id,\n peeringCidrRange: \"SLASH_22\",\n});\nconst apigeeDeveloper = new gcp.apigee.Developer(\"apigee_developer\", {\n email: \"john.doe@acme.com\",\n firstName: \"John\",\n lastName: \"Doe\",\n userName: \"john.doe\",\n orgId: apigeeOrg.id,\n}, {\n dependsOn: [apigeeInstance],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_network = gcp.compute.Network(\"apigee_network\", name=\"apigee-network\")\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=apigee_network.id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n opts = pulumi.ResourceOptions(depends_on=[apigee_vpc_connection]))\napigee_instance = gcp.apigee.Instance(\"apigee_instance\",\n name=\"my-instance\",\n location=\"us-central1\",\n org_id=apigee_org.id,\n peering_cidr_range=\"SLASH_22\")\napigee_developer = gcp.apigee.Developer(\"apigee_developer\",\n email=\"john.doe@acme.com\",\n first_name=\"John\",\n last_name=\"Doe\",\n user_name=\"john.doe\",\n org_id=apigee_org.id,\n opts = pulumi.ResourceOptions(depends_on=[apigee_instance]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = apigeeNetwork.Id,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n },\n });\n\n var apigeeInstance = new Gcp.Apigee.Instance(\"apigee_instance\", new()\n {\n Name = \"my-instance\",\n Location = \"us-central1\",\n OrgId = apigeeOrg.Id,\n PeeringCidrRange = \"SLASH_22\",\n });\n\n var apigeeDeveloper = new Gcp.Apigee.Developer(\"apigee_developer\", new()\n {\n Email = \"john.doe@acme.com\",\n FirstName = \"John\",\n LastName = \"Doe\",\n UserName = \"john.doe\",\n OrgId = apigeeOrg.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeInstance,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeInstance, err := apigee.NewInstance(ctx, \"apigee_instance\", \u0026apigee.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t\tPeeringCidrRange: pulumi.String(\"SLASH_22\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewDeveloper(ctx, \"apigee_developer\", \u0026apigee.DeveloperArgs{\n\t\t\tEmail: pulumi.String(\"john.doe@acme.com\"),\n\t\t\tFirstName: pulumi.String(\"John\"),\n\t\t\tLastName: pulumi.String(\"Doe\"),\n\t\t\tUserName: pulumi.String(\"john.doe\"),\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeInstance,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.Instance;\nimport com.pulumi.gcp.apigee.InstanceArgs;\nimport com.pulumi.gcp.apigee.Developer;\nimport com.pulumi.gcp.apigee.DeveloperArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(apigeeNetwork.id())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeVpcConnection)\n .build());\n\n var apigeeInstance = new Instance(\"apigeeInstance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .location(\"us-central1\")\n .orgId(apigeeOrg.id())\n .peeringCidrRange(\"SLASH_22\")\n .build());\n\n var apigeeDeveloper = new Developer(\"apigeeDeveloper\", DeveloperArgs.builder()\n .email(\"john.doe@acme.com\")\n .firstName(\"John\")\n .lastName(\"Doe\")\n .userName(\"john.doe\")\n .orgId(apigeeOrg.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeInstance)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${apigeeNetwork.id}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n options:\n dependsOn:\n - ${apigeeVpcConnection}\n apigeeInstance:\n type: gcp:apigee:Instance\n name: apigee_instance\n properties:\n name: my-instance\n location: us-central1\n orgId: ${apigeeOrg.id}\n peeringCidrRange: SLASH_22\n apigeeDeveloper:\n type: gcp:apigee:Developer\n name: apigee_developer\n properties:\n email: john.doe@acme.com\n firstName: John\n lastName: Doe\n userName: john.doe\n orgId: ${apigeeOrg.id}\n options:\n dependsOn:\n - ${apigeeInstance}\nvariables:\n current:\n fn::invoke:\n function: gcp:organizations:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Apigee Developer With Attributes\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {name: \"apigee-network\"});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: apigeeNetwork.id,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n}, {\n dependsOn: [apigeeVpcConnection],\n});\nconst apigeeInstance = new gcp.apigee.Instance(\"apigee_instance\", {\n name: \"my-instance\",\n location: \"us-central1\",\n orgId: apigeeOrg.id,\n peeringCidrRange: \"SLASH_22\",\n});\nconst apigeeDeveloper = new gcp.apigee.Developer(\"apigee_developer\", {\n email: \"john.doe@acme.com\",\n firstName: \"John\",\n lastName: \"Doe\",\n userName: \"john.doe\",\n attributes: [\n {\n name: \"business_unit\",\n value: \"HR\",\n },\n {\n name: \"department\",\n value: \"payroll\",\n },\n ],\n orgId: apigeeOrg.id,\n}, {\n dependsOn: [apigeeInstance],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_network = gcp.compute.Network(\"apigee_network\", name=\"apigee-network\")\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=apigee_network.id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n opts = pulumi.ResourceOptions(depends_on=[apigee_vpc_connection]))\napigee_instance = gcp.apigee.Instance(\"apigee_instance\",\n name=\"my-instance\",\n location=\"us-central1\",\n org_id=apigee_org.id,\n peering_cidr_range=\"SLASH_22\")\napigee_developer = gcp.apigee.Developer(\"apigee_developer\",\n email=\"john.doe@acme.com\",\n first_name=\"John\",\n last_name=\"Doe\",\n user_name=\"john.doe\",\n attributes=[\n {\n \"name\": \"business_unit\",\n \"value\": \"HR\",\n },\n {\n \"name\": \"department\",\n \"value\": \"payroll\",\n },\n ],\n org_id=apigee_org.id,\n opts = pulumi.ResourceOptions(depends_on=[apigee_instance]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = apigeeNetwork.Id,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n },\n });\n\n var apigeeInstance = new Gcp.Apigee.Instance(\"apigee_instance\", new()\n {\n Name = \"my-instance\",\n Location = \"us-central1\",\n OrgId = apigeeOrg.Id,\n PeeringCidrRange = \"SLASH_22\",\n });\n\n var apigeeDeveloper = new Gcp.Apigee.Developer(\"apigee_developer\", new()\n {\n Email = \"john.doe@acme.com\",\n FirstName = \"John\",\n LastName = \"Doe\",\n UserName = \"john.doe\",\n Attributes = new[]\n {\n new Gcp.Apigee.Inputs.DeveloperAttributeArgs\n {\n Name = \"business_unit\",\n Value = \"HR\",\n },\n new Gcp.Apigee.Inputs.DeveloperAttributeArgs\n {\n Name = \"department\",\n Value = \"payroll\",\n },\n },\n OrgId = apigeeOrg.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeInstance,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeInstance, err := apigee.NewInstance(ctx, \"apigee_instance\", \u0026apigee.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t\tPeeringCidrRange: pulumi.String(\"SLASH_22\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewDeveloper(ctx, \"apigee_developer\", \u0026apigee.DeveloperArgs{\n\t\t\tEmail: pulumi.String(\"john.doe@acme.com\"),\n\t\t\tFirstName: pulumi.String(\"John\"),\n\t\t\tLastName: pulumi.String(\"Doe\"),\n\t\t\tUserName: pulumi.String(\"john.doe\"),\n\t\t\tAttributes: apigee.DeveloperAttributeArray{\n\t\t\t\t\u0026apigee.DeveloperAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"business_unit\"),\n\t\t\t\t\tValue: pulumi.String(\"HR\"),\n\t\t\t\t},\n\t\t\t\t\u0026apigee.DeveloperAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"department\"),\n\t\t\t\t\tValue: pulumi.String(\"payroll\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeInstance,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.Instance;\nimport com.pulumi.gcp.apigee.InstanceArgs;\nimport com.pulumi.gcp.apigee.Developer;\nimport com.pulumi.gcp.apigee.DeveloperArgs;\nimport com.pulumi.gcp.apigee.inputs.DeveloperAttributeArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(apigeeNetwork.id())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeVpcConnection)\n .build());\n\n var apigeeInstance = new Instance(\"apigeeInstance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .location(\"us-central1\")\n .orgId(apigeeOrg.id())\n .peeringCidrRange(\"SLASH_22\")\n .build());\n\n var apigeeDeveloper = new Developer(\"apigeeDeveloper\", DeveloperArgs.builder()\n .email(\"john.doe@acme.com\")\n .firstName(\"John\")\n .lastName(\"Doe\")\n .userName(\"john.doe\")\n .attributes( \n DeveloperAttributeArgs.builder()\n .name(\"business_unit\")\n .value(\"HR\")\n .build(),\n DeveloperAttributeArgs.builder()\n .name(\"department\")\n .value(\"payroll\")\n .build())\n .orgId(apigeeOrg.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeInstance)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${apigeeNetwork.id}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n options:\n dependsOn:\n - ${apigeeVpcConnection}\n apigeeInstance:\n type: gcp:apigee:Instance\n name: apigee_instance\n properties:\n name: my-instance\n location: us-central1\n orgId: ${apigeeOrg.id}\n peeringCidrRange: SLASH_22\n apigeeDeveloper:\n type: gcp:apigee:Developer\n name: apigee_developer\n properties:\n email: john.doe@acme.com\n firstName: John\n lastName: Doe\n userName: john.doe\n attributes:\n - name: business_unit\n value: HR\n - name: department\n value: payroll\n orgId: ${apigeeOrg.id}\n options:\n dependsOn:\n - ${apigeeInstance}\nvariables:\n current:\n fn::invoke:\n function: gcp:organizations:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nDeveloper can be imported using any of these accepted formats:\n\n* `{{org_id}}/developers/{{email}}`\n\n* `{{org_id}}/{{email}}`\n\nWhen using the `pulumi import` command, Developer can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:apigee/developer:Developer default {{org_id}}/developers/{{email}}\n```\n\n```sh\n$ pulumi import gcp:apigee/developer:Developer default {{org_id}}/{{email}}\n```\n\n", "properties": { "attributes": { "type": "array", @@ -131898,7 +131898,7 @@ } }, "gcp:apigee/endpointAttachment:EndpointAttachment": { - "description": "Apigee Endpoint Attachment.\n\n\nTo get more information about EndpointAttachment, see:\n\n* [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.endpointAttachments/create)\n* How-to Guides\n * [Creating an environment](https://cloud.google.com/apigee/docs/api-platform/get-started/create-environment)\n\n## Example Usage\n\n### Apigee Endpoint Attachment Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {name: \"apigee-network\"});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: apigeeNetwork.id,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n}, {\n dependsOn: [apigeeVpcConnection],\n});\nconst apigeeEndpointAttachment = new gcp.apigee.EndpointAttachment(\"apigee_endpoint_attachment\", {\n orgId: apigeeOrg.id,\n endpointAttachmentId: \"test1\",\n location: \"{google_compute_service_attachment location}\",\n serviceAttachment: \"{google_compute_service_attachment id}\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_network = gcp.compute.Network(\"apigee_network\", name=\"apigee-network\")\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=apigee_network.id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n opts = pulumi.ResourceOptions(depends_on=[apigee_vpc_connection]))\napigee_endpoint_attachment = gcp.apigee.EndpointAttachment(\"apigee_endpoint_attachment\",\n org_id=apigee_org.id,\n endpoint_attachment_id=\"test1\",\n location=\"{google_compute_service_attachment location}\",\n service_attachment=\"{google_compute_service_attachment id}\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = apigeeNetwork.Id,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n },\n });\n\n var apigeeEndpointAttachment = new Gcp.Apigee.EndpointAttachment(\"apigee_endpoint_attachment\", new()\n {\n OrgId = apigeeOrg.Id,\n EndpointAttachmentId = \"test1\",\n Location = \"{google_compute_service_attachment location}\",\n ServiceAttachment = \"{google_compute_service_attachment id}\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewEndpointAttachment(ctx, \"apigee_endpoint_attachment\", \u0026apigee.EndpointAttachmentArgs{\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t\tEndpointAttachmentId: pulumi.String(\"test1\"),\n\t\t\tLocation: pulumi.String(\"{google_compute_service_attachment location}\"),\n\t\t\tServiceAttachment: pulumi.String(\"{google_compute_service_attachment id}\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.EndpointAttachment;\nimport com.pulumi.gcp.apigee.EndpointAttachmentArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(apigeeNetwork.id())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeVpcConnection)\n .build());\n\n var apigeeEndpointAttachment = new EndpointAttachment(\"apigeeEndpointAttachment\", EndpointAttachmentArgs.builder()\n .orgId(apigeeOrg.id())\n .endpointAttachmentId(\"test1\")\n .location(\"{google_compute_service_attachment location}\")\n .serviceAttachment(\"{google_compute_service_attachment id}\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${apigeeNetwork.id}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n options:\n dependson:\n - ${apigeeVpcConnection}\n apigeeEndpointAttachment:\n type: gcp:apigee:EndpointAttachment\n name: apigee_endpoint_attachment\n properties:\n orgId: ${apigeeOrg.id}\n endpointAttachmentId: test1\n location: '{google_compute_service_attachment location}'\n serviceAttachment: '{google_compute_service_attachment id}'\nvariables:\n current:\n fn::invoke:\n Function: gcp:organizations:getClientConfig\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nEndpointAttachment can be imported using any of these accepted formats:\n\n* `{{org_id}}/endpointAttachments/{{endpoint_attachment_id}}`\n\n* `{{org_id}}/{{endpoint_attachment_id}}`\n\nWhen using the `pulumi import` command, EndpointAttachment can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:apigee/endpointAttachment:EndpointAttachment default {{org_id}}/endpointAttachments/{{endpoint_attachment_id}}\n```\n\n```sh\n$ pulumi import gcp:apigee/endpointAttachment:EndpointAttachment default {{org_id}}/{{endpoint_attachment_id}}\n```\n\n", + "description": "Apigee Endpoint Attachment.\n\n\nTo get more information about EndpointAttachment, see:\n\n* [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.endpointAttachments/create)\n* How-to Guides\n * [Creating an environment](https://cloud.google.com/apigee/docs/api-platform/get-started/create-environment)\n\n## Example Usage\n\n### Apigee Endpoint Attachment Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {name: \"apigee-network\"});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: apigeeNetwork.id,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n}, {\n dependsOn: [apigeeVpcConnection],\n});\nconst apigeeEndpointAttachment = new gcp.apigee.EndpointAttachment(\"apigee_endpoint_attachment\", {\n orgId: apigeeOrg.id,\n endpointAttachmentId: \"test1\",\n location: \"{google_compute_service_attachment location}\",\n serviceAttachment: \"{google_compute_service_attachment id}\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_network = gcp.compute.Network(\"apigee_network\", name=\"apigee-network\")\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=apigee_network.id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n opts = pulumi.ResourceOptions(depends_on=[apigee_vpc_connection]))\napigee_endpoint_attachment = gcp.apigee.EndpointAttachment(\"apigee_endpoint_attachment\",\n org_id=apigee_org.id,\n endpoint_attachment_id=\"test1\",\n location=\"{google_compute_service_attachment location}\",\n service_attachment=\"{google_compute_service_attachment id}\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = apigeeNetwork.Id,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n },\n });\n\n var apigeeEndpointAttachment = new Gcp.Apigee.EndpointAttachment(\"apigee_endpoint_attachment\", new()\n {\n OrgId = apigeeOrg.Id,\n EndpointAttachmentId = \"test1\",\n Location = \"{google_compute_service_attachment location}\",\n ServiceAttachment = \"{google_compute_service_attachment id}\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewEndpointAttachment(ctx, \"apigee_endpoint_attachment\", \u0026apigee.EndpointAttachmentArgs{\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t\tEndpointAttachmentId: pulumi.String(\"test1\"),\n\t\t\tLocation: pulumi.String(\"{google_compute_service_attachment location}\"),\n\t\t\tServiceAttachment: pulumi.String(\"{google_compute_service_attachment id}\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.EndpointAttachment;\nimport com.pulumi.gcp.apigee.EndpointAttachmentArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(apigeeNetwork.id())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeVpcConnection)\n .build());\n\n var apigeeEndpointAttachment = new EndpointAttachment(\"apigeeEndpointAttachment\", EndpointAttachmentArgs.builder()\n .orgId(apigeeOrg.id())\n .endpointAttachmentId(\"test1\")\n .location(\"{google_compute_service_attachment location}\")\n .serviceAttachment(\"{google_compute_service_attachment id}\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${apigeeNetwork.id}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n options:\n dependsOn:\n - ${apigeeVpcConnection}\n apigeeEndpointAttachment:\n type: gcp:apigee:EndpointAttachment\n name: apigee_endpoint_attachment\n properties:\n orgId: ${apigeeOrg.id}\n endpointAttachmentId: test1\n location: '{google_compute_service_attachment location}'\n serviceAttachment: '{google_compute_service_attachment id}'\nvariables:\n current:\n fn::invoke:\n function: gcp:organizations:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nEndpointAttachment can be imported using any of these accepted formats:\n\n* `{{org_id}}/endpointAttachments/{{endpoint_attachment_id}}`\n\n* `{{org_id}}/{{endpoint_attachment_id}}`\n\nWhen using the `pulumi import` command, EndpointAttachment can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:apigee/endpointAttachment:EndpointAttachment default {{org_id}}/endpointAttachments/{{endpoint_attachment_id}}\n```\n\n```sh\n$ pulumi import gcp:apigee/endpointAttachment:EndpointAttachment default {{org_id}}/{{endpoint_attachment_id}}\n```\n\n", "properties": { "connectionState": { "type": "string", @@ -132006,7 +132006,7 @@ } }, "gcp:apigee/envGroup:EnvGroup": { - "description": "An `Environment group` in Apigee.\n\n\nTo get more information about Envgroup, see:\n\n* [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.envgroups/create)\n* How-to Guides\n * [Creating an environment](https://cloud.google.com/apigee/docs/api-platform/get-started/create-environment)\n\n## Example Usage\n\n### Apigee Environment Group Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {name: \"apigee-network\"});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: apigeeNetwork.id,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n}, {\n dependsOn: [apigeeVpcConnection],\n});\nconst envGrp = new gcp.apigee.EnvGroup(\"env_grp\", {\n name: \"my-envgroup\",\n hostnames: [\"abc.foo.com\"],\n orgId: apigeeOrg.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_network = gcp.compute.Network(\"apigee_network\", name=\"apigee-network\")\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=apigee_network.id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n opts = pulumi.ResourceOptions(depends_on=[apigee_vpc_connection]))\nenv_grp = gcp.apigee.EnvGroup(\"env_grp\",\n name=\"my-envgroup\",\n hostnames=[\"abc.foo.com\"],\n org_id=apigee_org.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = apigeeNetwork.Id,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n },\n });\n\n var envGrp = new Gcp.Apigee.EnvGroup(\"env_grp\", new()\n {\n Name = \"my-envgroup\",\n Hostnames = new[]\n {\n \"abc.foo.com\",\n },\n OrgId = apigeeOrg.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewEnvGroup(ctx, \"env_grp\", \u0026apigee.EnvGroupArgs{\n\t\t\tName: pulumi.String(\"my-envgroup\"),\n\t\t\tHostnames: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"abc.foo.com\"),\n\t\t\t},\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.EnvGroup;\nimport com.pulumi.gcp.apigee.EnvGroupArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(apigeeNetwork.id())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeVpcConnection)\n .build());\n\n var envGrp = new EnvGroup(\"envGrp\", EnvGroupArgs.builder()\n .name(\"my-envgroup\")\n .hostnames(\"abc.foo.com\")\n .orgId(apigeeOrg.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${apigeeNetwork.id}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n options:\n dependson:\n - ${apigeeVpcConnection}\n envGrp:\n type: gcp:apigee:EnvGroup\n name: env_grp\n properties:\n name: my-envgroup\n hostnames:\n - abc.foo.com\n orgId: ${apigeeOrg.id}\nvariables:\n current:\n fn::invoke:\n Function: gcp:organizations:getClientConfig\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nEnvgroup can be imported using any of these accepted formats:\n\n* `{{org_id}}/envgroups/{{name}}`\n\n* `{{org_id}}/{{name}}`\n\nWhen using the `pulumi import` command, Envgroup can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:apigee/envGroup:EnvGroup default {{org_id}}/envgroups/{{name}}\n```\n\n```sh\n$ pulumi import gcp:apigee/envGroup:EnvGroup default {{org_id}}/{{name}}\n```\n\n", + "description": "An `Environment group` in Apigee.\n\n\nTo get more information about Envgroup, see:\n\n* [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.envgroups/create)\n* How-to Guides\n * [Creating an environment](https://cloud.google.com/apigee/docs/api-platform/get-started/create-environment)\n\n## Example Usage\n\n### Apigee Environment Group Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {name: \"apigee-network\"});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: apigeeNetwork.id,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n}, {\n dependsOn: [apigeeVpcConnection],\n});\nconst envGrp = new gcp.apigee.EnvGroup(\"env_grp\", {\n name: \"my-envgroup\",\n hostnames: [\"abc.foo.com\"],\n orgId: apigeeOrg.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_network = gcp.compute.Network(\"apigee_network\", name=\"apigee-network\")\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=apigee_network.id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n opts = pulumi.ResourceOptions(depends_on=[apigee_vpc_connection]))\nenv_grp = gcp.apigee.EnvGroup(\"env_grp\",\n name=\"my-envgroup\",\n hostnames=[\"abc.foo.com\"],\n org_id=apigee_org.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = apigeeNetwork.Id,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n },\n });\n\n var envGrp = new Gcp.Apigee.EnvGroup(\"env_grp\", new()\n {\n Name = \"my-envgroup\",\n Hostnames = new[]\n {\n \"abc.foo.com\",\n },\n OrgId = apigeeOrg.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewEnvGroup(ctx, \"env_grp\", \u0026apigee.EnvGroupArgs{\n\t\t\tName: pulumi.String(\"my-envgroup\"),\n\t\t\tHostnames: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"abc.foo.com\"),\n\t\t\t},\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.EnvGroup;\nimport com.pulumi.gcp.apigee.EnvGroupArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(apigeeNetwork.id())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeVpcConnection)\n .build());\n\n var envGrp = new EnvGroup(\"envGrp\", EnvGroupArgs.builder()\n .name(\"my-envgroup\")\n .hostnames(\"abc.foo.com\")\n .orgId(apigeeOrg.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${apigeeNetwork.id}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n options:\n dependsOn:\n - ${apigeeVpcConnection}\n envGrp:\n type: gcp:apigee:EnvGroup\n name: env_grp\n properties:\n name: my-envgroup\n hostnames:\n - abc.foo.com\n orgId: ${apigeeOrg.id}\nvariables:\n current:\n fn::invoke:\n function: gcp:organizations:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nEnvgroup can be imported using any of these accepted formats:\n\n* `{{org_id}}/envgroups/{{name}}`\n\n* `{{org_id}}/{{name}}`\n\nWhen using the `pulumi import` command, Envgroup can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:apigee/envGroup:EnvGroup default {{org_id}}/envgroups/{{name}}\n```\n\n```sh\n$ pulumi import gcp:apigee/envGroup:EnvGroup default {{org_id}}/{{name}}\n```\n\n", "properties": { "hostnames": { "type": "array", @@ -132288,7 +132288,7 @@ } }, "gcp:apigee/environment:Environment": { - "description": "An `Environment` in Apigee.\n\n\nTo get more information about Environment, see:\n\n* [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.environments/create)\n* How-to Guides\n * [Creating an environment](https://cloud.google.com/apigee/docs/api-platform/get-started/create-environment)\n\n## Example Usage\n\n### Apigee Environment Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {name: \"apigee-network\"});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: apigeeNetwork.id,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n}, {\n dependsOn: [apigeeVpcConnection],\n});\nconst env = new gcp.apigee.Environment(\"env\", {\n name: \"my-environment\",\n description: \"Apigee Environment\",\n displayName: \"environment-1\",\n orgId: apigeeOrg.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_network = gcp.compute.Network(\"apigee_network\", name=\"apigee-network\")\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=apigee_network.id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n opts = pulumi.ResourceOptions(depends_on=[apigee_vpc_connection]))\nenv = gcp.apigee.Environment(\"env\",\n name=\"my-environment\",\n description=\"Apigee Environment\",\n display_name=\"environment-1\",\n org_id=apigee_org.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = apigeeNetwork.Id,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n },\n });\n\n var env = new Gcp.Apigee.Environment(\"env\", new()\n {\n Name = \"my-environment\",\n Description = \"Apigee Environment\",\n DisplayName = \"environment-1\",\n OrgId = apigeeOrg.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewEnvironment(ctx, \"env\", \u0026apigee.EnvironmentArgs{\n\t\t\tName: pulumi.String(\"my-environment\"),\n\t\t\tDescription: pulumi.String(\"Apigee Environment\"),\n\t\t\tDisplayName: pulumi.String(\"environment-1\"),\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.Environment;\nimport com.pulumi.gcp.apigee.EnvironmentArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(apigeeNetwork.id())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeVpcConnection)\n .build());\n\n var env = new Environment(\"env\", EnvironmentArgs.builder()\n .name(\"my-environment\")\n .description(\"Apigee Environment\")\n .displayName(\"environment-1\")\n .orgId(apigeeOrg.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${apigeeNetwork.id}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n options:\n dependson:\n - ${apigeeVpcConnection}\n env:\n type: gcp:apigee:Environment\n properties:\n name: my-environment\n description: Apigee Environment\n displayName: environment-1\n orgId: ${apigeeOrg.id}\nvariables:\n current:\n fn::invoke:\n Function: gcp:organizations:getClientConfig\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nEnvironment can be imported using any of these accepted formats:\n\n* `{{org_id}}/environments/{{name}}`\n\n* `{{org_id}}/{{name}}`\n\nWhen using the `pulumi import` command, Environment can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:apigee/environment:Environment default {{org_id}}/environments/{{name}}\n```\n\n```sh\n$ pulumi import gcp:apigee/environment:Environment default {{org_id}}/{{name}}\n```\n\n", + "description": "An `Environment` in Apigee.\n\n\nTo get more information about Environment, see:\n\n* [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.environments/create)\n* How-to Guides\n * [Creating an environment](https://cloud.google.com/apigee/docs/api-platform/get-started/create-environment)\n\n## Example Usage\n\n### Apigee Environment Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {name: \"apigee-network\"});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: apigeeNetwork.id,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n}, {\n dependsOn: [apigeeVpcConnection],\n});\nconst env = new gcp.apigee.Environment(\"env\", {\n name: \"my-environment\",\n description: \"Apigee Environment\",\n displayName: \"environment-1\",\n orgId: apigeeOrg.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_network = gcp.compute.Network(\"apigee_network\", name=\"apigee-network\")\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=apigee_network.id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n opts = pulumi.ResourceOptions(depends_on=[apigee_vpc_connection]))\nenv = gcp.apigee.Environment(\"env\",\n name=\"my-environment\",\n description=\"Apigee Environment\",\n display_name=\"environment-1\",\n org_id=apigee_org.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = apigeeNetwork.Id,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n },\n });\n\n var env = new Gcp.Apigee.Environment(\"env\", new()\n {\n Name = \"my-environment\",\n Description = \"Apigee Environment\",\n DisplayName = \"environment-1\",\n OrgId = apigeeOrg.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewEnvironment(ctx, \"env\", \u0026apigee.EnvironmentArgs{\n\t\t\tName: pulumi.String(\"my-environment\"),\n\t\t\tDescription: pulumi.String(\"Apigee Environment\"),\n\t\t\tDisplayName: pulumi.String(\"environment-1\"),\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.Environment;\nimport com.pulumi.gcp.apigee.EnvironmentArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(apigeeNetwork.id())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeVpcConnection)\n .build());\n\n var env = new Environment(\"env\", EnvironmentArgs.builder()\n .name(\"my-environment\")\n .description(\"Apigee Environment\")\n .displayName(\"environment-1\")\n .orgId(apigeeOrg.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${apigeeNetwork.id}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n options:\n dependsOn:\n - ${apigeeVpcConnection}\n env:\n type: gcp:apigee:Environment\n properties:\n name: my-environment\n description: Apigee Environment\n displayName: environment-1\n orgId: ${apigeeOrg.id}\nvariables:\n current:\n fn::invoke:\n function: gcp:organizations:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nEnvironment can be imported using any of these accepted formats:\n\n* `{{org_id}}/environments/{{name}}`\n\n* `{{org_id}}/{{name}}`\n\nWhen using the `pulumi import` command, Environment can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:apigee/environment:Environment default {{org_id}}/environments/{{name}}\n```\n\n```sh\n$ pulumi import gcp:apigee/environment:Environment default {{org_id}}/{{name}}\n```\n\n", "properties": { "apiProxyType": { "type": "string", @@ -132428,7 +132428,7 @@ } }, "gcp:apigee/environmentIamBinding:EnvironmentIamBinding": { - "description": "Three different resources help you manage your IAM policy for Apigee Environment. Each of these resources serves a different use case:\n\n* `gcp.apigee.EnvironmentIamPolicy`: Authoritative. Sets the IAM policy for the environment and replaces any existing policy already attached.\n* `gcp.apigee.EnvironmentIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the environment are preserved.\n* `gcp.apigee.EnvironmentIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the environment are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigee.EnvironmentIamPolicy`: Retrieves the IAM policy for the environment\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamPolicy` **cannot** be used in conjunction with `gcp.apigee.EnvironmentIamBinding` and `gcp.apigee.EnvironmentIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamBinding` resources **can be** used in conjunction with `gcp.apigee.EnvironmentIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.apigee.EnvironmentIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigee.EnvironmentIamPolicy(\"policy\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigee.EnvironmentIamPolicy(\"policy\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Apigee.EnvironmentIamPolicy(\"policy\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewEnvironmentIamPolicy(ctx, \"policy\", \u0026apigee.EnvironmentIamPolicyArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicy;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EnvironmentIamPolicy(\"policy\", EnvironmentIamPolicyArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigee:EnvironmentIamPolicy\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigee.EnvironmentIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigee.EnvironmentIamBinding(\"binding\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigee.EnvironmentIamBinding(\"binding\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Apigee.EnvironmentIamBinding(\"binding\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamBinding(ctx, \"binding\", \u0026apigee.EnvironmentIamBindingArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamBinding;\nimport com.pulumi.gcp.apigee.EnvironmentIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EnvironmentIamBinding(\"binding\", EnvironmentIamBindingArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigee:EnvironmentIamBinding\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigee.EnvironmentIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigee.EnvironmentIamMember(\"member\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigee.EnvironmentIamMember(\"member\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Apigee.EnvironmentIamMember(\"member\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamMember(ctx, \"member\", \u0026apigee.EnvironmentIamMemberArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamMember;\nimport com.pulumi.gcp.apigee.EnvironmentIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EnvironmentIamMember(\"member\", EnvironmentIamMemberArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigee:EnvironmentIamMember\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Apigee Environment\nThree different resources help you manage your IAM policy for Apigee Environment. Each of these resources serves a different use case:\n\n* `gcp.apigee.EnvironmentIamPolicy`: Authoritative. Sets the IAM policy for the environment and replaces any existing policy already attached.\n* `gcp.apigee.EnvironmentIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the environment are preserved.\n* `gcp.apigee.EnvironmentIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the environment are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigee.EnvironmentIamPolicy`: Retrieves the IAM policy for the environment\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamPolicy` **cannot** be used in conjunction with `gcp.apigee.EnvironmentIamBinding` and `gcp.apigee.EnvironmentIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamBinding` resources **can be** used in conjunction with `gcp.apigee.EnvironmentIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.apigee.EnvironmentIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigee.EnvironmentIamPolicy(\"policy\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigee.EnvironmentIamPolicy(\"policy\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Apigee.EnvironmentIamPolicy(\"policy\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewEnvironmentIamPolicy(ctx, \"policy\", \u0026apigee.EnvironmentIamPolicyArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicy;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EnvironmentIamPolicy(\"policy\", EnvironmentIamPolicyArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigee:EnvironmentIamPolicy\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigee.EnvironmentIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigee.EnvironmentIamBinding(\"binding\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigee.EnvironmentIamBinding(\"binding\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Apigee.EnvironmentIamBinding(\"binding\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamBinding(ctx, \"binding\", \u0026apigee.EnvironmentIamBindingArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamBinding;\nimport com.pulumi.gcp.apigee.EnvironmentIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EnvironmentIamBinding(\"binding\", EnvironmentIamBindingArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigee:EnvironmentIamBinding\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigee.EnvironmentIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigee.EnvironmentIamMember(\"member\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigee.EnvironmentIamMember(\"member\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Apigee.EnvironmentIamMember(\"member\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamMember(ctx, \"member\", \u0026apigee.EnvironmentIamMemberArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamMember;\nimport com.pulumi.gcp.apigee.EnvironmentIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EnvironmentIamMember(\"member\", EnvironmentIamMemberArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigee:EnvironmentIamMember\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{org_id}}/environments/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nApigee environment IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamBinding:EnvironmentIamBinding editor \"{{org_id}}/environments/{{environment}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamBinding:EnvironmentIamBinding editor \"{{org_id}}/environments/{{environment}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamBinding:EnvironmentIamBinding editor {{org_id}}/environments/{{environment}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Apigee Environment. Each of these resources serves a different use case:\n\n* `gcp.apigee.EnvironmentIamPolicy`: Authoritative. Sets the IAM policy for the environment and replaces any existing policy already attached.\n* `gcp.apigee.EnvironmentIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the environment are preserved.\n* `gcp.apigee.EnvironmentIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the environment are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigee.EnvironmentIamPolicy`: Retrieves the IAM policy for the environment\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamPolicy` **cannot** be used in conjunction with `gcp.apigee.EnvironmentIamBinding` and `gcp.apigee.EnvironmentIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamBinding` resources **can be** used in conjunction with `gcp.apigee.EnvironmentIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.apigee.EnvironmentIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigee.EnvironmentIamPolicy(\"policy\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigee.EnvironmentIamPolicy(\"policy\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Apigee.EnvironmentIamPolicy(\"policy\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewEnvironmentIamPolicy(ctx, \"policy\", \u0026apigee.EnvironmentIamPolicyArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicy;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EnvironmentIamPolicy(\"policy\", EnvironmentIamPolicyArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigee:EnvironmentIamPolicy\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigee.EnvironmentIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigee.EnvironmentIamBinding(\"binding\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigee.EnvironmentIamBinding(\"binding\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Apigee.EnvironmentIamBinding(\"binding\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamBinding(ctx, \"binding\", \u0026apigee.EnvironmentIamBindingArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamBinding;\nimport com.pulumi.gcp.apigee.EnvironmentIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EnvironmentIamBinding(\"binding\", EnvironmentIamBindingArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigee:EnvironmentIamBinding\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigee.EnvironmentIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigee.EnvironmentIamMember(\"member\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigee.EnvironmentIamMember(\"member\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Apigee.EnvironmentIamMember(\"member\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamMember(ctx, \"member\", \u0026apigee.EnvironmentIamMemberArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamMember;\nimport com.pulumi.gcp.apigee.EnvironmentIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EnvironmentIamMember(\"member\", EnvironmentIamMemberArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigee:EnvironmentIamMember\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Apigee Environment\nThree different resources help you manage your IAM policy for Apigee Environment. Each of these resources serves a different use case:\n\n* `gcp.apigee.EnvironmentIamPolicy`: Authoritative. Sets the IAM policy for the environment and replaces any existing policy already attached.\n* `gcp.apigee.EnvironmentIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the environment are preserved.\n* `gcp.apigee.EnvironmentIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the environment are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigee.EnvironmentIamPolicy`: Retrieves the IAM policy for the environment\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamPolicy` **cannot** be used in conjunction with `gcp.apigee.EnvironmentIamBinding` and `gcp.apigee.EnvironmentIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamBinding` resources **can be** used in conjunction with `gcp.apigee.EnvironmentIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.apigee.EnvironmentIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigee.EnvironmentIamPolicy(\"policy\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigee.EnvironmentIamPolicy(\"policy\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Apigee.EnvironmentIamPolicy(\"policy\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewEnvironmentIamPolicy(ctx, \"policy\", \u0026apigee.EnvironmentIamPolicyArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicy;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EnvironmentIamPolicy(\"policy\", EnvironmentIamPolicyArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigee:EnvironmentIamPolicy\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigee.EnvironmentIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigee.EnvironmentIamBinding(\"binding\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigee.EnvironmentIamBinding(\"binding\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Apigee.EnvironmentIamBinding(\"binding\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamBinding(ctx, \"binding\", \u0026apigee.EnvironmentIamBindingArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamBinding;\nimport com.pulumi.gcp.apigee.EnvironmentIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EnvironmentIamBinding(\"binding\", EnvironmentIamBindingArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigee:EnvironmentIamBinding\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigee.EnvironmentIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigee.EnvironmentIamMember(\"member\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigee.EnvironmentIamMember(\"member\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Apigee.EnvironmentIamMember(\"member\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamMember(ctx, \"member\", \u0026apigee.EnvironmentIamMemberArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamMember;\nimport com.pulumi.gcp.apigee.EnvironmentIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EnvironmentIamMember(\"member\", EnvironmentIamMemberArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigee:EnvironmentIamMember\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{org_id}}/environments/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nApigee environment IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamBinding:EnvironmentIamBinding editor \"{{org_id}}/environments/{{environment}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamBinding:EnvironmentIamBinding editor \"{{org_id}}/environments/{{environment}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamBinding:EnvironmentIamBinding editor {{org_id}}/environments/{{environment}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:apigee/EnvironmentIamBindingCondition:EnvironmentIamBindingCondition" @@ -132533,7 +132533,7 @@ } }, "gcp:apigee/environmentIamMember:EnvironmentIamMember": { - "description": "Three different resources help you manage your IAM policy for Apigee Environment. Each of these resources serves a different use case:\n\n* `gcp.apigee.EnvironmentIamPolicy`: Authoritative. Sets the IAM policy for the environment and replaces any existing policy already attached.\n* `gcp.apigee.EnvironmentIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the environment are preserved.\n* `gcp.apigee.EnvironmentIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the environment are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigee.EnvironmentIamPolicy`: Retrieves the IAM policy for the environment\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamPolicy` **cannot** be used in conjunction with `gcp.apigee.EnvironmentIamBinding` and `gcp.apigee.EnvironmentIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamBinding` resources **can be** used in conjunction with `gcp.apigee.EnvironmentIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.apigee.EnvironmentIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigee.EnvironmentIamPolicy(\"policy\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigee.EnvironmentIamPolicy(\"policy\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Apigee.EnvironmentIamPolicy(\"policy\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewEnvironmentIamPolicy(ctx, \"policy\", \u0026apigee.EnvironmentIamPolicyArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicy;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EnvironmentIamPolicy(\"policy\", EnvironmentIamPolicyArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigee:EnvironmentIamPolicy\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigee.EnvironmentIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigee.EnvironmentIamBinding(\"binding\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigee.EnvironmentIamBinding(\"binding\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Apigee.EnvironmentIamBinding(\"binding\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamBinding(ctx, \"binding\", \u0026apigee.EnvironmentIamBindingArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamBinding;\nimport com.pulumi.gcp.apigee.EnvironmentIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EnvironmentIamBinding(\"binding\", EnvironmentIamBindingArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigee:EnvironmentIamBinding\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigee.EnvironmentIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigee.EnvironmentIamMember(\"member\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigee.EnvironmentIamMember(\"member\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Apigee.EnvironmentIamMember(\"member\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamMember(ctx, \"member\", \u0026apigee.EnvironmentIamMemberArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamMember;\nimport com.pulumi.gcp.apigee.EnvironmentIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EnvironmentIamMember(\"member\", EnvironmentIamMemberArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigee:EnvironmentIamMember\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Apigee Environment\nThree different resources help you manage your IAM policy for Apigee Environment. Each of these resources serves a different use case:\n\n* `gcp.apigee.EnvironmentIamPolicy`: Authoritative. Sets the IAM policy for the environment and replaces any existing policy already attached.\n* `gcp.apigee.EnvironmentIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the environment are preserved.\n* `gcp.apigee.EnvironmentIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the environment are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigee.EnvironmentIamPolicy`: Retrieves the IAM policy for the environment\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamPolicy` **cannot** be used in conjunction with `gcp.apigee.EnvironmentIamBinding` and `gcp.apigee.EnvironmentIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamBinding` resources **can be** used in conjunction with `gcp.apigee.EnvironmentIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.apigee.EnvironmentIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigee.EnvironmentIamPolicy(\"policy\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigee.EnvironmentIamPolicy(\"policy\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Apigee.EnvironmentIamPolicy(\"policy\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewEnvironmentIamPolicy(ctx, \"policy\", \u0026apigee.EnvironmentIamPolicyArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicy;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EnvironmentIamPolicy(\"policy\", EnvironmentIamPolicyArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigee:EnvironmentIamPolicy\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigee.EnvironmentIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigee.EnvironmentIamBinding(\"binding\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigee.EnvironmentIamBinding(\"binding\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Apigee.EnvironmentIamBinding(\"binding\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamBinding(ctx, \"binding\", \u0026apigee.EnvironmentIamBindingArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamBinding;\nimport com.pulumi.gcp.apigee.EnvironmentIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EnvironmentIamBinding(\"binding\", EnvironmentIamBindingArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigee:EnvironmentIamBinding\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigee.EnvironmentIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigee.EnvironmentIamMember(\"member\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigee.EnvironmentIamMember(\"member\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Apigee.EnvironmentIamMember(\"member\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamMember(ctx, \"member\", \u0026apigee.EnvironmentIamMemberArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamMember;\nimport com.pulumi.gcp.apigee.EnvironmentIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EnvironmentIamMember(\"member\", EnvironmentIamMemberArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigee:EnvironmentIamMember\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{org_id}}/environments/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nApigee environment IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamMember:EnvironmentIamMember editor \"{{org_id}}/environments/{{environment}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamMember:EnvironmentIamMember editor \"{{org_id}}/environments/{{environment}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamMember:EnvironmentIamMember editor {{org_id}}/environments/{{environment}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Apigee Environment. Each of these resources serves a different use case:\n\n* `gcp.apigee.EnvironmentIamPolicy`: Authoritative. Sets the IAM policy for the environment and replaces any existing policy already attached.\n* `gcp.apigee.EnvironmentIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the environment are preserved.\n* `gcp.apigee.EnvironmentIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the environment are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigee.EnvironmentIamPolicy`: Retrieves the IAM policy for the environment\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamPolicy` **cannot** be used in conjunction with `gcp.apigee.EnvironmentIamBinding` and `gcp.apigee.EnvironmentIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamBinding` resources **can be** used in conjunction with `gcp.apigee.EnvironmentIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.apigee.EnvironmentIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigee.EnvironmentIamPolicy(\"policy\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigee.EnvironmentIamPolicy(\"policy\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Apigee.EnvironmentIamPolicy(\"policy\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewEnvironmentIamPolicy(ctx, \"policy\", \u0026apigee.EnvironmentIamPolicyArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicy;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EnvironmentIamPolicy(\"policy\", EnvironmentIamPolicyArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigee:EnvironmentIamPolicy\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigee.EnvironmentIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigee.EnvironmentIamBinding(\"binding\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigee.EnvironmentIamBinding(\"binding\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Apigee.EnvironmentIamBinding(\"binding\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamBinding(ctx, \"binding\", \u0026apigee.EnvironmentIamBindingArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamBinding;\nimport com.pulumi.gcp.apigee.EnvironmentIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EnvironmentIamBinding(\"binding\", EnvironmentIamBindingArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigee:EnvironmentIamBinding\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigee.EnvironmentIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigee.EnvironmentIamMember(\"member\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigee.EnvironmentIamMember(\"member\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Apigee.EnvironmentIamMember(\"member\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamMember(ctx, \"member\", \u0026apigee.EnvironmentIamMemberArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamMember;\nimport com.pulumi.gcp.apigee.EnvironmentIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EnvironmentIamMember(\"member\", EnvironmentIamMemberArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigee:EnvironmentIamMember\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Apigee Environment\nThree different resources help you manage your IAM policy for Apigee Environment. Each of these resources serves a different use case:\n\n* `gcp.apigee.EnvironmentIamPolicy`: Authoritative. Sets the IAM policy for the environment and replaces any existing policy already attached.\n* `gcp.apigee.EnvironmentIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the environment are preserved.\n* `gcp.apigee.EnvironmentIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the environment are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigee.EnvironmentIamPolicy`: Retrieves the IAM policy for the environment\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamPolicy` **cannot** be used in conjunction with `gcp.apigee.EnvironmentIamBinding` and `gcp.apigee.EnvironmentIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamBinding` resources **can be** used in conjunction with `gcp.apigee.EnvironmentIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.apigee.EnvironmentIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigee.EnvironmentIamPolicy(\"policy\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigee.EnvironmentIamPolicy(\"policy\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Apigee.EnvironmentIamPolicy(\"policy\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewEnvironmentIamPolicy(ctx, \"policy\", \u0026apigee.EnvironmentIamPolicyArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicy;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EnvironmentIamPolicy(\"policy\", EnvironmentIamPolicyArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigee:EnvironmentIamPolicy\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigee.EnvironmentIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigee.EnvironmentIamBinding(\"binding\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigee.EnvironmentIamBinding(\"binding\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Apigee.EnvironmentIamBinding(\"binding\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamBinding(ctx, \"binding\", \u0026apigee.EnvironmentIamBindingArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamBinding;\nimport com.pulumi.gcp.apigee.EnvironmentIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EnvironmentIamBinding(\"binding\", EnvironmentIamBindingArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigee:EnvironmentIamBinding\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigee.EnvironmentIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigee.EnvironmentIamMember(\"member\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigee.EnvironmentIamMember(\"member\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Apigee.EnvironmentIamMember(\"member\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamMember(ctx, \"member\", \u0026apigee.EnvironmentIamMemberArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamMember;\nimport com.pulumi.gcp.apigee.EnvironmentIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EnvironmentIamMember(\"member\", EnvironmentIamMemberArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigee:EnvironmentIamMember\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{org_id}}/environments/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nApigee environment IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamMember:EnvironmentIamMember editor \"{{org_id}}/environments/{{environment}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamMember:EnvironmentIamMember editor \"{{org_id}}/environments/{{environment}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamMember:EnvironmentIamMember editor {{org_id}}/environments/{{environment}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:apigee/EnvironmentIamMemberCondition:EnvironmentIamMemberCondition" @@ -132631,7 +132631,7 @@ } }, "gcp:apigee/environmentIamPolicy:EnvironmentIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Apigee Environment. Each of these resources serves a different use case:\n\n* `gcp.apigee.EnvironmentIamPolicy`: Authoritative. Sets the IAM policy for the environment and replaces any existing policy already attached.\n* `gcp.apigee.EnvironmentIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the environment are preserved.\n* `gcp.apigee.EnvironmentIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the environment are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigee.EnvironmentIamPolicy`: Retrieves the IAM policy for the environment\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamPolicy` **cannot** be used in conjunction with `gcp.apigee.EnvironmentIamBinding` and `gcp.apigee.EnvironmentIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamBinding` resources **can be** used in conjunction with `gcp.apigee.EnvironmentIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.apigee.EnvironmentIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigee.EnvironmentIamPolicy(\"policy\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigee.EnvironmentIamPolicy(\"policy\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Apigee.EnvironmentIamPolicy(\"policy\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewEnvironmentIamPolicy(ctx, \"policy\", \u0026apigee.EnvironmentIamPolicyArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicy;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EnvironmentIamPolicy(\"policy\", EnvironmentIamPolicyArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigee:EnvironmentIamPolicy\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigee.EnvironmentIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigee.EnvironmentIamBinding(\"binding\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigee.EnvironmentIamBinding(\"binding\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Apigee.EnvironmentIamBinding(\"binding\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamBinding(ctx, \"binding\", \u0026apigee.EnvironmentIamBindingArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamBinding;\nimport com.pulumi.gcp.apigee.EnvironmentIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EnvironmentIamBinding(\"binding\", EnvironmentIamBindingArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigee:EnvironmentIamBinding\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigee.EnvironmentIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigee.EnvironmentIamMember(\"member\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigee.EnvironmentIamMember(\"member\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Apigee.EnvironmentIamMember(\"member\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamMember(ctx, \"member\", \u0026apigee.EnvironmentIamMemberArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamMember;\nimport com.pulumi.gcp.apigee.EnvironmentIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EnvironmentIamMember(\"member\", EnvironmentIamMemberArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigee:EnvironmentIamMember\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Apigee Environment\nThree different resources help you manage your IAM policy for Apigee Environment. Each of these resources serves a different use case:\n\n* `gcp.apigee.EnvironmentIamPolicy`: Authoritative. Sets the IAM policy for the environment and replaces any existing policy already attached.\n* `gcp.apigee.EnvironmentIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the environment are preserved.\n* `gcp.apigee.EnvironmentIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the environment are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigee.EnvironmentIamPolicy`: Retrieves the IAM policy for the environment\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamPolicy` **cannot** be used in conjunction with `gcp.apigee.EnvironmentIamBinding` and `gcp.apigee.EnvironmentIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamBinding` resources **can be** used in conjunction with `gcp.apigee.EnvironmentIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.apigee.EnvironmentIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigee.EnvironmentIamPolicy(\"policy\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigee.EnvironmentIamPolicy(\"policy\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Apigee.EnvironmentIamPolicy(\"policy\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewEnvironmentIamPolicy(ctx, \"policy\", \u0026apigee.EnvironmentIamPolicyArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicy;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EnvironmentIamPolicy(\"policy\", EnvironmentIamPolicyArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigee:EnvironmentIamPolicy\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigee.EnvironmentIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigee.EnvironmentIamBinding(\"binding\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigee.EnvironmentIamBinding(\"binding\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Apigee.EnvironmentIamBinding(\"binding\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamBinding(ctx, \"binding\", \u0026apigee.EnvironmentIamBindingArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamBinding;\nimport com.pulumi.gcp.apigee.EnvironmentIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EnvironmentIamBinding(\"binding\", EnvironmentIamBindingArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigee:EnvironmentIamBinding\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigee.EnvironmentIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigee.EnvironmentIamMember(\"member\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigee.EnvironmentIamMember(\"member\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Apigee.EnvironmentIamMember(\"member\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamMember(ctx, \"member\", \u0026apigee.EnvironmentIamMemberArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamMember;\nimport com.pulumi.gcp.apigee.EnvironmentIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EnvironmentIamMember(\"member\", EnvironmentIamMemberArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigee:EnvironmentIamMember\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{org_id}}/environments/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nApigee environment IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamPolicy:EnvironmentIamPolicy editor \"{{org_id}}/environments/{{environment}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamPolicy:EnvironmentIamPolicy editor \"{{org_id}}/environments/{{environment}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamPolicy:EnvironmentIamPolicy editor {{org_id}}/environments/{{environment}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Apigee Environment. Each of these resources serves a different use case:\n\n* `gcp.apigee.EnvironmentIamPolicy`: Authoritative. Sets the IAM policy for the environment and replaces any existing policy already attached.\n* `gcp.apigee.EnvironmentIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the environment are preserved.\n* `gcp.apigee.EnvironmentIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the environment are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigee.EnvironmentIamPolicy`: Retrieves the IAM policy for the environment\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamPolicy` **cannot** be used in conjunction with `gcp.apigee.EnvironmentIamBinding` and `gcp.apigee.EnvironmentIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamBinding` resources **can be** used in conjunction with `gcp.apigee.EnvironmentIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.apigee.EnvironmentIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigee.EnvironmentIamPolicy(\"policy\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigee.EnvironmentIamPolicy(\"policy\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Apigee.EnvironmentIamPolicy(\"policy\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewEnvironmentIamPolicy(ctx, \"policy\", \u0026apigee.EnvironmentIamPolicyArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicy;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EnvironmentIamPolicy(\"policy\", EnvironmentIamPolicyArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigee:EnvironmentIamPolicy\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigee.EnvironmentIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigee.EnvironmentIamBinding(\"binding\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigee.EnvironmentIamBinding(\"binding\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Apigee.EnvironmentIamBinding(\"binding\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamBinding(ctx, \"binding\", \u0026apigee.EnvironmentIamBindingArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamBinding;\nimport com.pulumi.gcp.apigee.EnvironmentIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EnvironmentIamBinding(\"binding\", EnvironmentIamBindingArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigee:EnvironmentIamBinding\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigee.EnvironmentIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigee.EnvironmentIamMember(\"member\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigee.EnvironmentIamMember(\"member\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Apigee.EnvironmentIamMember(\"member\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamMember(ctx, \"member\", \u0026apigee.EnvironmentIamMemberArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamMember;\nimport com.pulumi.gcp.apigee.EnvironmentIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EnvironmentIamMember(\"member\", EnvironmentIamMemberArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigee:EnvironmentIamMember\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Apigee Environment\nThree different resources help you manage your IAM policy for Apigee Environment. Each of these resources serves a different use case:\n\n* `gcp.apigee.EnvironmentIamPolicy`: Authoritative. Sets the IAM policy for the environment and replaces any existing policy already attached.\n* `gcp.apigee.EnvironmentIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the environment are preserved.\n* `gcp.apigee.EnvironmentIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the environment are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigee.EnvironmentIamPolicy`: Retrieves the IAM policy for the environment\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamPolicy` **cannot** be used in conjunction with `gcp.apigee.EnvironmentIamBinding` and `gcp.apigee.EnvironmentIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamBinding` resources **can be** used in conjunction with `gcp.apigee.EnvironmentIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.apigee.EnvironmentIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigee.EnvironmentIamPolicy(\"policy\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.apigee.EnvironmentIamPolicy(\"policy\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Apigee.EnvironmentIamPolicy(\"policy\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewEnvironmentIamPolicy(ctx, \"policy\", \u0026apigee.EnvironmentIamPolicyArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicy;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EnvironmentIamPolicy(\"policy\", EnvironmentIamPolicyArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigee:EnvironmentIamPolicy\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigee.EnvironmentIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigee.EnvironmentIamBinding(\"binding\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigee.EnvironmentIamBinding(\"binding\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Apigee.EnvironmentIamBinding(\"binding\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamBinding(ctx, \"binding\", \u0026apigee.EnvironmentIamBindingArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamBinding;\nimport com.pulumi.gcp.apigee.EnvironmentIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EnvironmentIamBinding(\"binding\", EnvironmentIamBindingArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigee:EnvironmentIamBinding\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.apigee.EnvironmentIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigee.EnvironmentIamMember(\"member\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigee.EnvironmentIamMember(\"member\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Apigee.EnvironmentIamMember(\"member\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamMember(ctx, \"member\", \u0026apigee.EnvironmentIamMemberArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamMember;\nimport com.pulumi.gcp.apigee.EnvironmentIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EnvironmentIamMember(\"member\", EnvironmentIamMemberArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigee:EnvironmentIamMember\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{org_id}}/environments/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nApigee environment IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamPolicy:EnvironmentIamPolicy editor \"{{org_id}}/environments/{{environment}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamPolicy:EnvironmentIamPolicy editor \"{{org_id}}/environments/{{environment}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamPolicy:EnvironmentIamPolicy editor {{org_id}}/environments/{{environment}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "envId": { "type": "string", @@ -132700,7 +132700,7 @@ } }, "gcp:apigee/environmentKeyvaluemaps:EnvironmentKeyvaluemaps": { - "description": "Collection of key/value string pairs.\n\n\nTo get more information about EnvironmentKeyvaluemaps, see:\n\n* [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.environments.keyvaluemaps/create)\n* How-to Guides\n * [Using key value maps](https://cloud.google.com/apigee/docs/api-platform/cache/key-value-maps)\n\n## Example Usage\n\n### Apigee Environment Keyvaluemaps Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {name: \"apigee-network\"});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: apigeeNetwork.id,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n}, {\n dependsOn: [apigeeVpcConnection],\n});\nconst apigeeEnvironment = new gcp.apigee.Environment(\"apigee_environment\", {\n orgId: apigeeOrg.id,\n name: \"tf-test-env\",\n description: \"Apigee Environment\",\n displayName: \"Apigee Environment\",\n});\nconst apigeeInstance = new gcp.apigee.Instance(\"apigee_instance\", {\n name: \"tf-test-instance\",\n location: \"us-central1\",\n orgId: apigeeOrg.id,\n});\nconst apigeeInstanceAttachment = new gcp.apigee.InstanceAttachment(\"apigee_instance_attachment\", {\n instanceId: apigeeInstance.id,\n environment: apigeeEnvironment.name,\n});\nconst apigeeEnvironmentKeyvaluemaps = new gcp.apigee.EnvironmentKeyvaluemaps(\"apigee_environment_keyvaluemaps\", {\n envId: apigeeEnvironment.id,\n name: \"tf-test-env-kvms\",\n}, {\n dependsOn: [\n apigeeOrg,\n apigeeEnvironment,\n apigeeInstance,\n apigeeInstanceAttachment,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_network = gcp.compute.Network(\"apigee_network\", name=\"apigee-network\")\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=apigee_network.id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n opts = pulumi.ResourceOptions(depends_on=[apigee_vpc_connection]))\napigee_environment = gcp.apigee.Environment(\"apigee_environment\",\n org_id=apigee_org.id,\n name=\"tf-test-env\",\n description=\"Apigee Environment\",\n display_name=\"Apigee Environment\")\napigee_instance = gcp.apigee.Instance(\"apigee_instance\",\n name=\"tf-test-instance\",\n location=\"us-central1\",\n org_id=apigee_org.id)\napigee_instance_attachment = gcp.apigee.InstanceAttachment(\"apigee_instance_attachment\",\n instance_id=apigee_instance.id,\n environment=apigee_environment.name)\napigee_environment_keyvaluemaps = gcp.apigee.EnvironmentKeyvaluemaps(\"apigee_environment_keyvaluemaps\",\n env_id=apigee_environment.id,\n name=\"tf-test-env-kvms\",\n opts = pulumi.ResourceOptions(depends_on=[\n apigee_org,\n apigee_environment,\n apigee_instance,\n apigee_instance_attachment,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = apigeeNetwork.Id,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n },\n });\n\n var apigeeEnvironment = new Gcp.Apigee.Environment(\"apigee_environment\", new()\n {\n OrgId = apigeeOrg.Id,\n Name = \"tf-test-env\",\n Description = \"Apigee Environment\",\n DisplayName = \"Apigee Environment\",\n });\n\n var apigeeInstance = new Gcp.Apigee.Instance(\"apigee_instance\", new()\n {\n Name = \"tf-test-instance\",\n Location = \"us-central1\",\n OrgId = apigeeOrg.Id,\n });\n\n var apigeeInstanceAttachment = new Gcp.Apigee.InstanceAttachment(\"apigee_instance_attachment\", new()\n {\n InstanceId = apigeeInstance.Id,\n Environment = apigeeEnvironment.Name,\n });\n\n var apigeeEnvironmentKeyvaluemaps = new Gcp.Apigee.EnvironmentKeyvaluemaps(\"apigee_environment_keyvaluemaps\", new()\n {\n EnvId = apigeeEnvironment.Id,\n Name = \"tf-test-env-kvms\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeOrg,\n apigeeEnvironment,\n apigeeInstance,\n apigeeInstanceAttachment,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeEnvironment, err := apigee.NewEnvironment(ctx, \"apigee_environment\", \u0026apigee.EnvironmentArgs{\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t\tName: pulumi.String(\"tf-test-env\"),\n\t\t\tDescription: pulumi.String(\"Apigee Environment\"),\n\t\t\tDisplayName: pulumi.String(\"Apigee Environment\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeInstance, err := apigee.NewInstance(ctx, \"apigee_instance\", \u0026apigee.InstanceArgs{\n\t\t\tName: pulumi.String(\"tf-test-instance\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeInstanceAttachment, err := apigee.NewInstanceAttachment(ctx, \"apigee_instance_attachment\", \u0026apigee.InstanceAttachmentArgs{\n\t\t\tInstanceId: apigeeInstance.ID(),\n\t\t\tEnvironment: apigeeEnvironment.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewEnvironmentKeyvaluemaps(ctx, \"apigee_environment_keyvaluemaps\", \u0026apigee.EnvironmentKeyvaluemapsArgs{\n\t\t\tEnvId: apigeeEnvironment.ID(),\n\t\t\tName: pulumi.String(\"tf-test-env-kvms\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeOrg,\n\t\t\tapigeeEnvironment,\n\t\t\tapigeeInstance,\n\t\t\tapigeeInstanceAttachment,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.Environment;\nimport com.pulumi.gcp.apigee.EnvironmentArgs;\nimport com.pulumi.gcp.apigee.Instance;\nimport com.pulumi.gcp.apigee.InstanceArgs;\nimport com.pulumi.gcp.apigee.InstanceAttachment;\nimport com.pulumi.gcp.apigee.InstanceAttachmentArgs;\nimport com.pulumi.gcp.apigee.EnvironmentKeyvaluemaps;\nimport com.pulumi.gcp.apigee.EnvironmentKeyvaluemapsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(apigeeNetwork.id())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeVpcConnection)\n .build());\n\n var apigeeEnvironment = new Environment(\"apigeeEnvironment\", EnvironmentArgs.builder()\n .orgId(apigeeOrg.id())\n .name(\"tf-test-env\")\n .description(\"Apigee Environment\")\n .displayName(\"Apigee Environment\")\n .build());\n\n var apigeeInstance = new Instance(\"apigeeInstance\", InstanceArgs.builder()\n .name(\"tf-test-instance\")\n .location(\"us-central1\")\n .orgId(apigeeOrg.id())\n .build());\n\n var apigeeInstanceAttachment = new InstanceAttachment(\"apigeeInstanceAttachment\", InstanceAttachmentArgs.builder()\n .instanceId(apigeeInstance.id())\n .environment(apigeeEnvironment.name())\n .build());\n\n var apigeeEnvironmentKeyvaluemaps = new EnvironmentKeyvaluemaps(\"apigeeEnvironmentKeyvaluemaps\", EnvironmentKeyvaluemapsArgs.builder()\n .envId(apigeeEnvironment.id())\n .name(\"tf-test-env-kvms\")\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n apigeeOrg,\n apigeeEnvironment,\n apigeeInstance,\n apigeeInstanceAttachment)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${apigeeNetwork.id}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n options:\n dependson:\n - ${apigeeVpcConnection}\n apigeeEnvironment:\n type: gcp:apigee:Environment\n name: apigee_environment\n properties:\n orgId: ${apigeeOrg.id}\n name: tf-test-env\n description: Apigee Environment\n displayName: Apigee Environment\n apigeeInstance:\n type: gcp:apigee:Instance\n name: apigee_instance\n properties:\n name: tf-test-instance\n location: us-central1\n orgId: ${apigeeOrg.id}\n apigeeInstanceAttachment:\n type: gcp:apigee:InstanceAttachment\n name: apigee_instance_attachment\n properties:\n instanceId: ${apigeeInstance.id}\n environment: ${apigeeEnvironment.name}\n apigeeEnvironmentKeyvaluemaps:\n type: gcp:apigee:EnvironmentKeyvaluemaps\n name: apigee_environment_keyvaluemaps\n properties:\n envId: ${apigeeEnvironment.id}\n name: tf-test-env-kvms\n options:\n dependson:\n - ${apigeeOrg}\n - ${apigeeEnvironment}\n - ${apigeeInstance}\n - ${apigeeInstanceAttachment}\nvariables:\n current:\n fn::invoke:\n Function: gcp:organizations:getClientConfig\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nEnvironmentKeyvaluemaps can be imported using any of these accepted formats:\n\n* `{{env_id}}/keyvaluemaps/{{name}}`\n\n* `{{env_id}}/{{name}}`\n\nWhen using the `pulumi import` command, EnvironmentKeyvaluemaps can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:apigee/environmentKeyvaluemaps:EnvironmentKeyvaluemaps default {{env_id}}/keyvaluemaps/{{name}}\n```\n\n```sh\n$ pulumi import gcp:apigee/environmentKeyvaluemaps:EnvironmentKeyvaluemaps default {{env_id}}/{{name}}\n```\n\n", + "description": "Collection of key/value string pairs.\n\n\nTo get more information about EnvironmentKeyvaluemaps, see:\n\n* [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.environments.keyvaluemaps/create)\n* How-to Guides\n * [Using key value maps](https://cloud.google.com/apigee/docs/api-platform/cache/key-value-maps)\n\n## Example Usage\n\n### Apigee Environment Keyvaluemaps Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {name: \"apigee-network\"});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: apigeeNetwork.id,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n}, {\n dependsOn: [apigeeVpcConnection],\n});\nconst apigeeEnvironment = new gcp.apigee.Environment(\"apigee_environment\", {\n orgId: apigeeOrg.id,\n name: \"tf-test-env\",\n description: \"Apigee Environment\",\n displayName: \"Apigee Environment\",\n});\nconst apigeeInstance = new gcp.apigee.Instance(\"apigee_instance\", {\n name: \"tf-test-instance\",\n location: \"us-central1\",\n orgId: apigeeOrg.id,\n});\nconst apigeeInstanceAttachment = new gcp.apigee.InstanceAttachment(\"apigee_instance_attachment\", {\n instanceId: apigeeInstance.id,\n environment: apigeeEnvironment.name,\n});\nconst apigeeEnvironmentKeyvaluemaps = new gcp.apigee.EnvironmentKeyvaluemaps(\"apigee_environment_keyvaluemaps\", {\n envId: apigeeEnvironment.id,\n name: \"tf-test-env-kvms\",\n}, {\n dependsOn: [\n apigeeOrg,\n apigeeEnvironment,\n apigeeInstance,\n apigeeInstanceAttachment,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_network = gcp.compute.Network(\"apigee_network\", name=\"apigee-network\")\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=apigee_network.id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n opts = pulumi.ResourceOptions(depends_on=[apigee_vpc_connection]))\napigee_environment = gcp.apigee.Environment(\"apigee_environment\",\n org_id=apigee_org.id,\n name=\"tf-test-env\",\n description=\"Apigee Environment\",\n display_name=\"Apigee Environment\")\napigee_instance = gcp.apigee.Instance(\"apigee_instance\",\n name=\"tf-test-instance\",\n location=\"us-central1\",\n org_id=apigee_org.id)\napigee_instance_attachment = gcp.apigee.InstanceAttachment(\"apigee_instance_attachment\",\n instance_id=apigee_instance.id,\n environment=apigee_environment.name)\napigee_environment_keyvaluemaps = gcp.apigee.EnvironmentKeyvaluemaps(\"apigee_environment_keyvaluemaps\",\n env_id=apigee_environment.id,\n name=\"tf-test-env-kvms\",\n opts = pulumi.ResourceOptions(depends_on=[\n apigee_org,\n apigee_environment,\n apigee_instance,\n apigee_instance_attachment,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = apigeeNetwork.Id,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n },\n });\n\n var apigeeEnvironment = new Gcp.Apigee.Environment(\"apigee_environment\", new()\n {\n OrgId = apigeeOrg.Id,\n Name = \"tf-test-env\",\n Description = \"Apigee Environment\",\n DisplayName = \"Apigee Environment\",\n });\n\n var apigeeInstance = new Gcp.Apigee.Instance(\"apigee_instance\", new()\n {\n Name = \"tf-test-instance\",\n Location = \"us-central1\",\n OrgId = apigeeOrg.Id,\n });\n\n var apigeeInstanceAttachment = new Gcp.Apigee.InstanceAttachment(\"apigee_instance_attachment\", new()\n {\n InstanceId = apigeeInstance.Id,\n Environment = apigeeEnvironment.Name,\n });\n\n var apigeeEnvironmentKeyvaluemaps = new Gcp.Apigee.EnvironmentKeyvaluemaps(\"apigee_environment_keyvaluemaps\", new()\n {\n EnvId = apigeeEnvironment.Id,\n Name = \"tf-test-env-kvms\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeOrg,\n apigeeEnvironment,\n apigeeInstance,\n apigeeInstanceAttachment,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeEnvironment, err := apigee.NewEnvironment(ctx, \"apigee_environment\", \u0026apigee.EnvironmentArgs{\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t\tName: pulumi.String(\"tf-test-env\"),\n\t\t\tDescription: pulumi.String(\"Apigee Environment\"),\n\t\t\tDisplayName: pulumi.String(\"Apigee Environment\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeInstance, err := apigee.NewInstance(ctx, \"apigee_instance\", \u0026apigee.InstanceArgs{\n\t\t\tName: pulumi.String(\"tf-test-instance\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeInstanceAttachment, err := apigee.NewInstanceAttachment(ctx, \"apigee_instance_attachment\", \u0026apigee.InstanceAttachmentArgs{\n\t\t\tInstanceId: apigeeInstance.ID(),\n\t\t\tEnvironment: apigeeEnvironment.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewEnvironmentKeyvaluemaps(ctx, \"apigee_environment_keyvaluemaps\", \u0026apigee.EnvironmentKeyvaluemapsArgs{\n\t\t\tEnvId: apigeeEnvironment.ID(),\n\t\t\tName: pulumi.String(\"tf-test-env-kvms\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeOrg,\n\t\t\tapigeeEnvironment,\n\t\t\tapigeeInstance,\n\t\t\tapigeeInstanceAttachment,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.Environment;\nimport com.pulumi.gcp.apigee.EnvironmentArgs;\nimport com.pulumi.gcp.apigee.Instance;\nimport com.pulumi.gcp.apigee.InstanceArgs;\nimport com.pulumi.gcp.apigee.InstanceAttachment;\nimport com.pulumi.gcp.apigee.InstanceAttachmentArgs;\nimport com.pulumi.gcp.apigee.EnvironmentKeyvaluemaps;\nimport com.pulumi.gcp.apigee.EnvironmentKeyvaluemapsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(apigeeNetwork.id())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeVpcConnection)\n .build());\n\n var apigeeEnvironment = new Environment(\"apigeeEnvironment\", EnvironmentArgs.builder()\n .orgId(apigeeOrg.id())\n .name(\"tf-test-env\")\n .description(\"Apigee Environment\")\n .displayName(\"Apigee Environment\")\n .build());\n\n var apigeeInstance = new Instance(\"apigeeInstance\", InstanceArgs.builder()\n .name(\"tf-test-instance\")\n .location(\"us-central1\")\n .orgId(apigeeOrg.id())\n .build());\n\n var apigeeInstanceAttachment = new InstanceAttachment(\"apigeeInstanceAttachment\", InstanceAttachmentArgs.builder()\n .instanceId(apigeeInstance.id())\n .environment(apigeeEnvironment.name())\n .build());\n\n var apigeeEnvironmentKeyvaluemaps = new EnvironmentKeyvaluemaps(\"apigeeEnvironmentKeyvaluemaps\", EnvironmentKeyvaluemapsArgs.builder()\n .envId(apigeeEnvironment.id())\n .name(\"tf-test-env-kvms\")\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n apigeeOrg,\n apigeeEnvironment,\n apigeeInstance,\n apigeeInstanceAttachment)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${apigeeNetwork.id}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n options:\n dependsOn:\n - ${apigeeVpcConnection}\n apigeeEnvironment:\n type: gcp:apigee:Environment\n name: apigee_environment\n properties:\n orgId: ${apigeeOrg.id}\n name: tf-test-env\n description: Apigee Environment\n displayName: Apigee Environment\n apigeeInstance:\n type: gcp:apigee:Instance\n name: apigee_instance\n properties:\n name: tf-test-instance\n location: us-central1\n orgId: ${apigeeOrg.id}\n apigeeInstanceAttachment:\n type: gcp:apigee:InstanceAttachment\n name: apigee_instance_attachment\n properties:\n instanceId: ${apigeeInstance.id}\n environment: ${apigeeEnvironment.name}\n apigeeEnvironmentKeyvaluemaps:\n type: gcp:apigee:EnvironmentKeyvaluemaps\n name: apigee_environment_keyvaluemaps\n properties:\n envId: ${apigeeEnvironment.id}\n name: tf-test-env-kvms\n options:\n dependsOn:\n - ${apigeeOrg}\n - ${apigeeEnvironment}\n - ${apigeeInstance}\n - ${apigeeInstanceAttachment}\nvariables:\n current:\n fn::invoke:\n function: gcp:organizations:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nEnvironmentKeyvaluemaps can be imported using any of these accepted formats:\n\n* `{{env_id}}/keyvaluemaps/{{name}}`\n\n* `{{env_id}}/{{name}}`\n\nWhen using the `pulumi import` command, EnvironmentKeyvaluemaps can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:apigee/environmentKeyvaluemaps:EnvironmentKeyvaluemaps default {{env_id}}/keyvaluemaps/{{name}}\n```\n\n```sh\n$ pulumi import gcp:apigee/environmentKeyvaluemaps:EnvironmentKeyvaluemaps default {{env_id}}/{{name}}\n```\n\n", "properties": { "envId": { "type": "string", @@ -132748,7 +132748,7 @@ } }, "gcp:apigee/environmentKeyvaluemapsEntries:EnvironmentKeyvaluemapsEntries": { - "description": "Creates key value entries in a key value map scoped to an environment.\n\n\nTo get more information about EnvironmentKeyvaluemapsEntries, see:\n\n* [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.keyvaluemaps.entries/create)\n* How-to Guides\n * [Using key value maps](https://cloud.google.com/apigee/docs/api-platform/cache/key-value-maps)\n\n## Example Usage\n\n### Apigee Environment Keyvaluemaps Entries Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {name: \"apigee-network\"});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: apigeeNetwork.id,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n}, {\n dependsOn: [apigeeVpcConnection],\n});\nconst apigeeEnvironment = new gcp.apigee.Environment(\"apigee_environment\", {\n orgId: apigeeOrg.id,\n name: \"tf-test-env\",\n description: \"Apigee Environment\",\n displayName: \"Apigee Environment\",\n});\nconst apigeeInstance = new gcp.apigee.Instance(\"apigee_instance\", {\n name: \"tf-test-instance\",\n location: \"us-central1\",\n orgId: apigeeOrg.id,\n});\nconst apigeeInstanceAttachment = new gcp.apigee.InstanceAttachment(\"apigee_instance_attachment\", {\n instanceId: apigeeInstance.id,\n environment: apigeeEnvironment.name,\n});\nconst apigeeEnvironmentKeyvaluemaps = new gcp.apigee.EnvironmentKeyvaluemaps(\"apigee_environment_keyvaluemaps\", {\n envId: createApigeeEnvironment.id,\n name: \"tf-test-env-kvms\",\n}, {\n dependsOn: [\n apigeeOrg,\n apigeeEnvironment,\n apigeeInstance,\n apigeeInstanceAttachment,\n ],\n});\nconst apigeeEnvironmentKeyvaluemapsEntries = new gcp.apigee.EnvironmentKeyvaluemapsEntries(\"apigee_environment_keyvaluemaps_entries\", {\n envKeyvaluemapId: apigeeEnvironmentKeyvaluemaps.id,\n name: \"testName\",\n value: \"testValue\",\n}, {\n dependsOn: [\n apigeeOrg,\n apigeeEnvironment,\n apigeeInstance,\n apigeeInstanceAttachment,\n apigeeEnvironmentKeyvaluemaps,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_network = gcp.compute.Network(\"apigee_network\", name=\"apigee-network\")\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=apigee_network.id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n opts = pulumi.ResourceOptions(depends_on=[apigee_vpc_connection]))\napigee_environment = gcp.apigee.Environment(\"apigee_environment\",\n org_id=apigee_org.id,\n name=\"tf-test-env\",\n description=\"Apigee Environment\",\n display_name=\"Apigee Environment\")\napigee_instance = gcp.apigee.Instance(\"apigee_instance\",\n name=\"tf-test-instance\",\n location=\"us-central1\",\n org_id=apigee_org.id)\napigee_instance_attachment = gcp.apigee.InstanceAttachment(\"apigee_instance_attachment\",\n instance_id=apigee_instance.id,\n environment=apigee_environment.name)\napigee_environment_keyvaluemaps = gcp.apigee.EnvironmentKeyvaluemaps(\"apigee_environment_keyvaluemaps\",\n env_id=create_apigee_environment[\"id\"],\n name=\"tf-test-env-kvms\",\n opts = pulumi.ResourceOptions(depends_on=[\n apigee_org,\n apigee_environment,\n apigee_instance,\n apigee_instance_attachment,\n ]))\napigee_environment_keyvaluemaps_entries = gcp.apigee.EnvironmentKeyvaluemapsEntries(\"apigee_environment_keyvaluemaps_entries\",\n env_keyvaluemap_id=apigee_environment_keyvaluemaps.id,\n name=\"testName\",\n value=\"testValue\",\n opts = pulumi.ResourceOptions(depends_on=[\n apigee_org,\n apigee_environment,\n apigee_instance,\n apigee_instance_attachment,\n apigee_environment_keyvaluemaps,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = apigeeNetwork.Id,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n },\n });\n\n var apigeeEnvironment = new Gcp.Apigee.Environment(\"apigee_environment\", new()\n {\n OrgId = apigeeOrg.Id,\n Name = \"tf-test-env\",\n Description = \"Apigee Environment\",\n DisplayName = \"Apigee Environment\",\n });\n\n var apigeeInstance = new Gcp.Apigee.Instance(\"apigee_instance\", new()\n {\n Name = \"tf-test-instance\",\n Location = \"us-central1\",\n OrgId = apigeeOrg.Id,\n });\n\n var apigeeInstanceAttachment = new Gcp.Apigee.InstanceAttachment(\"apigee_instance_attachment\", new()\n {\n InstanceId = apigeeInstance.Id,\n Environment = apigeeEnvironment.Name,\n });\n\n var apigeeEnvironmentKeyvaluemaps = new Gcp.Apigee.EnvironmentKeyvaluemaps(\"apigee_environment_keyvaluemaps\", new()\n {\n EnvId = createApigeeEnvironment.Id,\n Name = \"tf-test-env-kvms\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeOrg,\n apigeeEnvironment,\n apigeeInstance,\n apigeeInstanceAttachment,\n },\n });\n\n var apigeeEnvironmentKeyvaluemapsEntries = new Gcp.Apigee.EnvironmentKeyvaluemapsEntries(\"apigee_environment_keyvaluemaps_entries\", new()\n {\n EnvKeyvaluemapId = apigeeEnvironmentKeyvaluemaps.Id,\n Name = \"testName\",\n Value = \"testValue\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeOrg,\n apigeeEnvironment,\n apigeeInstance,\n apigeeInstanceAttachment,\n apigeeEnvironmentKeyvaluemaps,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeEnvironment, err := apigee.NewEnvironment(ctx, \"apigee_environment\", \u0026apigee.EnvironmentArgs{\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t\tName: pulumi.String(\"tf-test-env\"),\n\t\t\tDescription: pulumi.String(\"Apigee Environment\"),\n\t\t\tDisplayName: pulumi.String(\"Apigee Environment\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeInstance, err := apigee.NewInstance(ctx, \"apigee_instance\", \u0026apigee.InstanceArgs{\n\t\t\tName: pulumi.String(\"tf-test-instance\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeInstanceAttachment, err := apigee.NewInstanceAttachment(ctx, \"apigee_instance_attachment\", \u0026apigee.InstanceAttachmentArgs{\n\t\t\tInstanceId: apigeeInstance.ID(),\n\t\t\tEnvironment: apigeeEnvironment.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeEnvironmentKeyvaluemaps, err := apigee.NewEnvironmentKeyvaluemaps(ctx, \"apigee_environment_keyvaluemaps\", \u0026apigee.EnvironmentKeyvaluemapsArgs{\n\t\t\tEnvId: pulumi.Any(createApigeeEnvironment.Id),\n\t\t\tName: pulumi.String(\"tf-test-env-kvms\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeOrg,\n\t\t\tapigeeEnvironment,\n\t\t\tapigeeInstance,\n\t\t\tapigeeInstanceAttachment,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewEnvironmentKeyvaluemapsEntries(ctx, \"apigee_environment_keyvaluemaps_entries\", \u0026apigee.EnvironmentKeyvaluemapsEntriesArgs{\n\t\t\tEnvKeyvaluemapId: apigeeEnvironmentKeyvaluemaps.ID(),\n\t\t\tName: pulumi.String(\"testName\"),\n\t\t\tValue: pulumi.String(\"testValue\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeOrg,\n\t\t\tapigeeEnvironment,\n\t\t\tapigeeInstance,\n\t\t\tapigeeInstanceAttachment,\n\t\t\tapigeeEnvironmentKeyvaluemaps,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.Environment;\nimport com.pulumi.gcp.apigee.EnvironmentArgs;\nimport com.pulumi.gcp.apigee.Instance;\nimport com.pulumi.gcp.apigee.InstanceArgs;\nimport com.pulumi.gcp.apigee.InstanceAttachment;\nimport com.pulumi.gcp.apigee.InstanceAttachmentArgs;\nimport com.pulumi.gcp.apigee.EnvironmentKeyvaluemaps;\nimport com.pulumi.gcp.apigee.EnvironmentKeyvaluemapsArgs;\nimport com.pulumi.gcp.apigee.EnvironmentKeyvaluemapsEntries;\nimport com.pulumi.gcp.apigee.EnvironmentKeyvaluemapsEntriesArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(apigeeNetwork.id())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeVpcConnection)\n .build());\n\n var apigeeEnvironment = new Environment(\"apigeeEnvironment\", EnvironmentArgs.builder()\n .orgId(apigeeOrg.id())\n .name(\"tf-test-env\")\n .description(\"Apigee Environment\")\n .displayName(\"Apigee Environment\")\n .build());\n\n var apigeeInstance = new Instance(\"apigeeInstance\", InstanceArgs.builder()\n .name(\"tf-test-instance\")\n .location(\"us-central1\")\n .orgId(apigeeOrg.id())\n .build());\n\n var apigeeInstanceAttachment = new InstanceAttachment(\"apigeeInstanceAttachment\", InstanceAttachmentArgs.builder()\n .instanceId(apigeeInstance.id())\n .environment(apigeeEnvironment.name())\n .build());\n\n var apigeeEnvironmentKeyvaluemaps = new EnvironmentKeyvaluemaps(\"apigeeEnvironmentKeyvaluemaps\", EnvironmentKeyvaluemapsArgs.builder()\n .envId(createApigeeEnvironment.id())\n .name(\"tf-test-env-kvms\")\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n apigeeOrg,\n apigeeEnvironment,\n apigeeInstance,\n apigeeInstanceAttachment)\n .build());\n\n var apigeeEnvironmentKeyvaluemapsEntries = new EnvironmentKeyvaluemapsEntries(\"apigeeEnvironmentKeyvaluemapsEntries\", EnvironmentKeyvaluemapsEntriesArgs.builder()\n .envKeyvaluemapId(apigeeEnvironmentKeyvaluemaps.id())\n .name(\"testName\")\n .value(\"testValue\")\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n apigeeOrg,\n apigeeEnvironment,\n apigeeInstance,\n apigeeInstanceAttachment,\n apigeeEnvironmentKeyvaluemaps)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${apigeeNetwork.id}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n options:\n dependson:\n - ${apigeeVpcConnection}\n apigeeEnvironment:\n type: gcp:apigee:Environment\n name: apigee_environment\n properties:\n orgId: ${apigeeOrg.id}\n name: tf-test-env\n description: Apigee Environment\n displayName: Apigee Environment\n apigeeInstance:\n type: gcp:apigee:Instance\n name: apigee_instance\n properties:\n name: tf-test-instance\n location: us-central1\n orgId: ${apigeeOrg.id}\n apigeeInstanceAttachment:\n type: gcp:apigee:InstanceAttachment\n name: apigee_instance_attachment\n properties:\n instanceId: ${apigeeInstance.id}\n environment: ${apigeeEnvironment.name}\n apigeeEnvironmentKeyvaluemaps:\n type: gcp:apigee:EnvironmentKeyvaluemaps\n name: apigee_environment_keyvaluemaps\n properties:\n envId: ${createApigeeEnvironment.id}\n name: tf-test-env-kvms\n options:\n dependson:\n - ${apigeeOrg}\n - ${apigeeEnvironment}\n - ${apigeeInstance}\n - ${apigeeInstanceAttachment}\n apigeeEnvironmentKeyvaluemapsEntries:\n type: gcp:apigee:EnvironmentKeyvaluemapsEntries\n name: apigee_environment_keyvaluemaps_entries\n properties:\n envKeyvaluemapId: ${apigeeEnvironmentKeyvaluemaps.id}\n name: testName\n value: testValue\n options:\n dependson:\n - ${apigeeOrg}\n - ${apigeeEnvironment}\n - ${apigeeInstance}\n - ${apigeeInstanceAttachment}\n - ${apigeeEnvironmentKeyvaluemaps}\nvariables:\n current:\n fn::invoke:\n Function: gcp:organizations:getClientConfig\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nEnvironmentKeyvaluemapsEntries can be imported using any of these accepted formats:\n\n* `{{env_keyvaluemap_id}}/entries/{{name}}`\n\n* `{{env_keyvaluemap_id}}/{{name}}`\n\nWhen using the `pulumi import` command, EnvironmentKeyvaluemapsEntries can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:apigee/environmentKeyvaluemapsEntries:EnvironmentKeyvaluemapsEntries default {{env_keyvaluemap_id}}/entries/{{name}}\n```\n\n```sh\n$ pulumi import gcp:apigee/environmentKeyvaluemapsEntries:EnvironmentKeyvaluemapsEntries default {{env_keyvaluemap_id}}/{{name}}\n```\n\n", + "description": "Creates key value entries in a key value map scoped to an environment.\n\n\nTo get more information about EnvironmentKeyvaluemapsEntries, see:\n\n* [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.keyvaluemaps.entries/create)\n* How-to Guides\n * [Using key value maps](https://cloud.google.com/apigee/docs/api-platform/cache/key-value-maps)\n\n## Example Usage\n\n### Apigee Environment Keyvaluemaps Entries Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {name: \"apigee-network\"});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: apigeeNetwork.id,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n}, {\n dependsOn: [apigeeVpcConnection],\n});\nconst apigeeEnvironment = new gcp.apigee.Environment(\"apigee_environment\", {\n orgId: apigeeOrg.id,\n name: \"tf-test-env\",\n description: \"Apigee Environment\",\n displayName: \"Apigee Environment\",\n});\nconst apigeeInstance = new gcp.apigee.Instance(\"apigee_instance\", {\n name: \"tf-test-instance\",\n location: \"us-central1\",\n orgId: apigeeOrg.id,\n});\nconst apigeeInstanceAttachment = new gcp.apigee.InstanceAttachment(\"apigee_instance_attachment\", {\n instanceId: apigeeInstance.id,\n environment: apigeeEnvironment.name,\n});\nconst apigeeEnvironmentKeyvaluemaps = new gcp.apigee.EnvironmentKeyvaluemaps(\"apigee_environment_keyvaluemaps\", {\n envId: createApigeeEnvironment.id,\n name: \"tf-test-env-kvms\",\n}, {\n dependsOn: [\n apigeeOrg,\n apigeeEnvironment,\n apigeeInstance,\n apigeeInstanceAttachment,\n ],\n});\nconst apigeeEnvironmentKeyvaluemapsEntries = new gcp.apigee.EnvironmentKeyvaluemapsEntries(\"apigee_environment_keyvaluemaps_entries\", {\n envKeyvaluemapId: apigeeEnvironmentKeyvaluemaps.id,\n name: \"testName\",\n value: \"testValue\",\n}, {\n dependsOn: [\n apigeeOrg,\n apigeeEnvironment,\n apigeeInstance,\n apigeeInstanceAttachment,\n apigeeEnvironmentKeyvaluemaps,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_network = gcp.compute.Network(\"apigee_network\", name=\"apigee-network\")\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=apigee_network.id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n opts = pulumi.ResourceOptions(depends_on=[apigee_vpc_connection]))\napigee_environment = gcp.apigee.Environment(\"apigee_environment\",\n org_id=apigee_org.id,\n name=\"tf-test-env\",\n description=\"Apigee Environment\",\n display_name=\"Apigee Environment\")\napigee_instance = gcp.apigee.Instance(\"apigee_instance\",\n name=\"tf-test-instance\",\n location=\"us-central1\",\n org_id=apigee_org.id)\napigee_instance_attachment = gcp.apigee.InstanceAttachment(\"apigee_instance_attachment\",\n instance_id=apigee_instance.id,\n environment=apigee_environment.name)\napigee_environment_keyvaluemaps = gcp.apigee.EnvironmentKeyvaluemaps(\"apigee_environment_keyvaluemaps\",\n env_id=create_apigee_environment[\"id\"],\n name=\"tf-test-env-kvms\",\n opts = pulumi.ResourceOptions(depends_on=[\n apigee_org,\n apigee_environment,\n apigee_instance,\n apigee_instance_attachment,\n ]))\napigee_environment_keyvaluemaps_entries = gcp.apigee.EnvironmentKeyvaluemapsEntries(\"apigee_environment_keyvaluemaps_entries\",\n env_keyvaluemap_id=apigee_environment_keyvaluemaps.id,\n name=\"testName\",\n value=\"testValue\",\n opts = pulumi.ResourceOptions(depends_on=[\n apigee_org,\n apigee_environment,\n apigee_instance,\n apigee_instance_attachment,\n apigee_environment_keyvaluemaps,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = apigeeNetwork.Id,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n },\n });\n\n var apigeeEnvironment = new Gcp.Apigee.Environment(\"apigee_environment\", new()\n {\n OrgId = apigeeOrg.Id,\n Name = \"tf-test-env\",\n Description = \"Apigee Environment\",\n DisplayName = \"Apigee Environment\",\n });\n\n var apigeeInstance = new Gcp.Apigee.Instance(\"apigee_instance\", new()\n {\n Name = \"tf-test-instance\",\n Location = \"us-central1\",\n OrgId = apigeeOrg.Id,\n });\n\n var apigeeInstanceAttachment = new Gcp.Apigee.InstanceAttachment(\"apigee_instance_attachment\", new()\n {\n InstanceId = apigeeInstance.Id,\n Environment = apigeeEnvironment.Name,\n });\n\n var apigeeEnvironmentKeyvaluemaps = new Gcp.Apigee.EnvironmentKeyvaluemaps(\"apigee_environment_keyvaluemaps\", new()\n {\n EnvId = createApigeeEnvironment.Id,\n Name = \"tf-test-env-kvms\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeOrg,\n apigeeEnvironment,\n apigeeInstance,\n apigeeInstanceAttachment,\n },\n });\n\n var apigeeEnvironmentKeyvaluemapsEntries = new Gcp.Apigee.EnvironmentKeyvaluemapsEntries(\"apigee_environment_keyvaluemaps_entries\", new()\n {\n EnvKeyvaluemapId = apigeeEnvironmentKeyvaluemaps.Id,\n Name = \"testName\",\n Value = \"testValue\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeOrg,\n apigeeEnvironment,\n apigeeInstance,\n apigeeInstanceAttachment,\n apigeeEnvironmentKeyvaluemaps,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeEnvironment, err := apigee.NewEnvironment(ctx, \"apigee_environment\", \u0026apigee.EnvironmentArgs{\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t\tName: pulumi.String(\"tf-test-env\"),\n\t\t\tDescription: pulumi.String(\"Apigee Environment\"),\n\t\t\tDisplayName: pulumi.String(\"Apigee Environment\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeInstance, err := apigee.NewInstance(ctx, \"apigee_instance\", \u0026apigee.InstanceArgs{\n\t\t\tName: pulumi.String(\"tf-test-instance\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeInstanceAttachment, err := apigee.NewInstanceAttachment(ctx, \"apigee_instance_attachment\", \u0026apigee.InstanceAttachmentArgs{\n\t\t\tInstanceId: apigeeInstance.ID(),\n\t\t\tEnvironment: apigeeEnvironment.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeEnvironmentKeyvaluemaps, err := apigee.NewEnvironmentKeyvaluemaps(ctx, \"apigee_environment_keyvaluemaps\", \u0026apigee.EnvironmentKeyvaluemapsArgs{\n\t\t\tEnvId: pulumi.Any(createApigeeEnvironment.Id),\n\t\t\tName: pulumi.String(\"tf-test-env-kvms\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeOrg,\n\t\t\tapigeeEnvironment,\n\t\t\tapigeeInstance,\n\t\t\tapigeeInstanceAttachment,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewEnvironmentKeyvaluemapsEntries(ctx, \"apigee_environment_keyvaluemaps_entries\", \u0026apigee.EnvironmentKeyvaluemapsEntriesArgs{\n\t\t\tEnvKeyvaluemapId: apigeeEnvironmentKeyvaluemaps.ID(),\n\t\t\tName: pulumi.String(\"testName\"),\n\t\t\tValue: pulumi.String(\"testValue\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeOrg,\n\t\t\tapigeeEnvironment,\n\t\t\tapigeeInstance,\n\t\t\tapigeeInstanceAttachment,\n\t\t\tapigeeEnvironmentKeyvaluemaps,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.Environment;\nimport com.pulumi.gcp.apigee.EnvironmentArgs;\nimport com.pulumi.gcp.apigee.Instance;\nimport com.pulumi.gcp.apigee.InstanceArgs;\nimport com.pulumi.gcp.apigee.InstanceAttachment;\nimport com.pulumi.gcp.apigee.InstanceAttachmentArgs;\nimport com.pulumi.gcp.apigee.EnvironmentKeyvaluemaps;\nimport com.pulumi.gcp.apigee.EnvironmentKeyvaluemapsArgs;\nimport com.pulumi.gcp.apigee.EnvironmentKeyvaluemapsEntries;\nimport com.pulumi.gcp.apigee.EnvironmentKeyvaluemapsEntriesArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(apigeeNetwork.id())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeVpcConnection)\n .build());\n\n var apigeeEnvironment = new Environment(\"apigeeEnvironment\", EnvironmentArgs.builder()\n .orgId(apigeeOrg.id())\n .name(\"tf-test-env\")\n .description(\"Apigee Environment\")\n .displayName(\"Apigee Environment\")\n .build());\n\n var apigeeInstance = new Instance(\"apigeeInstance\", InstanceArgs.builder()\n .name(\"tf-test-instance\")\n .location(\"us-central1\")\n .orgId(apigeeOrg.id())\n .build());\n\n var apigeeInstanceAttachment = new InstanceAttachment(\"apigeeInstanceAttachment\", InstanceAttachmentArgs.builder()\n .instanceId(apigeeInstance.id())\n .environment(apigeeEnvironment.name())\n .build());\n\n var apigeeEnvironmentKeyvaluemaps = new EnvironmentKeyvaluemaps(\"apigeeEnvironmentKeyvaluemaps\", EnvironmentKeyvaluemapsArgs.builder()\n .envId(createApigeeEnvironment.id())\n .name(\"tf-test-env-kvms\")\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n apigeeOrg,\n apigeeEnvironment,\n apigeeInstance,\n apigeeInstanceAttachment)\n .build());\n\n var apigeeEnvironmentKeyvaluemapsEntries = new EnvironmentKeyvaluemapsEntries(\"apigeeEnvironmentKeyvaluemapsEntries\", EnvironmentKeyvaluemapsEntriesArgs.builder()\n .envKeyvaluemapId(apigeeEnvironmentKeyvaluemaps.id())\n .name(\"testName\")\n .value(\"testValue\")\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n apigeeOrg,\n apigeeEnvironment,\n apigeeInstance,\n apigeeInstanceAttachment,\n apigeeEnvironmentKeyvaluemaps)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${apigeeNetwork.id}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n options:\n dependsOn:\n - ${apigeeVpcConnection}\n apigeeEnvironment:\n type: gcp:apigee:Environment\n name: apigee_environment\n properties:\n orgId: ${apigeeOrg.id}\n name: tf-test-env\n description: Apigee Environment\n displayName: Apigee Environment\n apigeeInstance:\n type: gcp:apigee:Instance\n name: apigee_instance\n properties:\n name: tf-test-instance\n location: us-central1\n orgId: ${apigeeOrg.id}\n apigeeInstanceAttachment:\n type: gcp:apigee:InstanceAttachment\n name: apigee_instance_attachment\n properties:\n instanceId: ${apigeeInstance.id}\n environment: ${apigeeEnvironment.name}\n apigeeEnvironmentKeyvaluemaps:\n type: gcp:apigee:EnvironmentKeyvaluemaps\n name: apigee_environment_keyvaluemaps\n properties:\n envId: ${createApigeeEnvironment.id}\n name: tf-test-env-kvms\n options:\n dependsOn:\n - ${apigeeOrg}\n - ${apigeeEnvironment}\n - ${apigeeInstance}\n - ${apigeeInstanceAttachment}\n apigeeEnvironmentKeyvaluemapsEntries:\n type: gcp:apigee:EnvironmentKeyvaluemapsEntries\n name: apigee_environment_keyvaluemaps_entries\n properties:\n envKeyvaluemapId: ${apigeeEnvironmentKeyvaluemaps.id}\n name: testName\n value: testValue\n options:\n dependsOn:\n - ${apigeeOrg}\n - ${apigeeEnvironment}\n - ${apigeeInstance}\n - ${apigeeInstanceAttachment}\n - ${apigeeEnvironmentKeyvaluemaps}\nvariables:\n current:\n fn::invoke:\n function: gcp:organizations:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nEnvironmentKeyvaluemapsEntries can be imported using any of these accepted formats:\n\n* `{{env_keyvaluemap_id}}/entries/{{name}}`\n\n* `{{env_keyvaluemap_id}}/{{name}}`\n\nWhen using the `pulumi import` command, EnvironmentKeyvaluemapsEntries can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:apigee/environmentKeyvaluemapsEntries:EnvironmentKeyvaluemapsEntries default {{env_keyvaluemap_id}}/entries/{{name}}\n```\n\n```sh\n$ pulumi import gcp:apigee/environmentKeyvaluemapsEntries:EnvironmentKeyvaluemapsEntries default {{env_keyvaluemap_id}}/{{name}}\n```\n\n", "properties": { "envKeyvaluemapId": { "type": "string", @@ -132921,7 +132921,7 @@ } }, "gcp:apigee/instance:Instance": { - "description": "An `Instance` is the runtime dataplane in Apigee.\n\n\nTo get more information about Instance, see:\n\n* [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.instances/create)\n* How-to Guides\n * [Creating a runtime instance](https://cloud.google.com/apigee/docs/api-platform/get-started/create-instance)\n\n## Example Usage\n\n### Apigee Instance Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {name: \"apigee-network\"});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: apigeeNetwork.id,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n}, {\n dependsOn: [apigeeVpcConnection],\n});\nconst apigeeInstance = new gcp.apigee.Instance(\"apigee_instance\", {\n name: \"my-instance-name\",\n location: \"us-central1\",\n orgId: apigeeOrg.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_network = gcp.compute.Network(\"apigee_network\", name=\"apigee-network\")\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=apigee_network.id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n opts = pulumi.ResourceOptions(depends_on=[apigee_vpc_connection]))\napigee_instance = gcp.apigee.Instance(\"apigee_instance\",\n name=\"my-instance-name\",\n location=\"us-central1\",\n org_id=apigee_org.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = apigeeNetwork.Id,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n },\n });\n\n var apigeeInstance = new Gcp.Apigee.Instance(\"apigee_instance\", new()\n {\n Name = \"my-instance-name\",\n Location = \"us-central1\",\n OrgId = apigeeOrg.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewInstance(ctx, \"apigee_instance\", \u0026apigee.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance-name\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.Instance;\nimport com.pulumi.gcp.apigee.InstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(apigeeNetwork.id())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeVpcConnection)\n .build());\n\n var apigeeInstance = new Instance(\"apigeeInstance\", InstanceArgs.builder()\n .name(\"my-instance-name\")\n .location(\"us-central1\")\n .orgId(apigeeOrg.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${apigeeNetwork.id}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n options:\n dependson:\n - ${apigeeVpcConnection}\n apigeeInstance:\n type: gcp:apigee:Instance\n name: apigee_instance\n properties:\n name: my-instance-name\n location: us-central1\n orgId: ${apigeeOrg.id}\nvariables:\n current:\n fn::invoke:\n Function: gcp:organizations:getClientConfig\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Apigee Instance Cidr Range\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {name: \"apigee-network\"});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 22,\n network: apigeeNetwork.id,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n}, {\n dependsOn: [apigeeVpcConnection],\n});\nconst apigeeInstance = new gcp.apigee.Instance(\"apigee_instance\", {\n name: \"my-instance-name\",\n location: \"us-central1\",\n orgId: apigeeOrg.id,\n peeringCidrRange: \"SLASH_22\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_network = gcp.compute.Network(\"apigee_network\", name=\"apigee-network\")\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=22,\n network=apigee_network.id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n opts = pulumi.ResourceOptions(depends_on=[apigee_vpc_connection]))\napigee_instance = gcp.apigee.Instance(\"apigee_instance\",\n name=\"my-instance-name\",\n location=\"us-central1\",\n org_id=apigee_org.id,\n peering_cidr_range=\"SLASH_22\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 22,\n Network = apigeeNetwork.Id,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n },\n });\n\n var apigeeInstance = new Gcp.Apigee.Instance(\"apigee_instance\", new()\n {\n Name = \"my-instance-name\",\n Location = \"us-central1\",\n OrgId = apigeeOrg.Id,\n PeeringCidrRange = \"SLASH_22\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(22),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewInstance(ctx, \"apigee_instance\", \u0026apigee.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance-name\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t\tPeeringCidrRange: pulumi.String(\"SLASH_22\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.Instance;\nimport com.pulumi.gcp.apigee.InstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(22)\n .network(apigeeNetwork.id())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeVpcConnection)\n .build());\n\n var apigeeInstance = new Instance(\"apigeeInstance\", InstanceArgs.builder()\n .name(\"my-instance-name\")\n .location(\"us-central1\")\n .orgId(apigeeOrg.id())\n .peeringCidrRange(\"SLASH_22\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 22\n network: ${apigeeNetwork.id}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n options:\n dependson:\n - ${apigeeVpcConnection}\n apigeeInstance:\n type: gcp:apigee:Instance\n name: apigee_instance\n properties:\n name: my-instance-name\n location: us-central1\n orgId: ${apigeeOrg.id}\n peeringCidrRange: SLASH_22\nvariables:\n current:\n fn::invoke:\n Function: gcp:organizations:getClientConfig\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Apigee Instance Ip Range\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {name: \"apigee-network\"});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 22,\n network: apigeeNetwork.id,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n}, {\n dependsOn: [apigeeVpcConnection],\n});\nconst apigeeInstance = new gcp.apigee.Instance(\"apigee_instance\", {\n name: \"my-instance-name\",\n location: \"us-central1\",\n orgId: apigeeOrg.id,\n ipRange: \"10.87.8.0/22\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_network = gcp.compute.Network(\"apigee_network\", name=\"apigee-network\")\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=22,\n network=apigee_network.id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n opts = pulumi.ResourceOptions(depends_on=[apigee_vpc_connection]))\napigee_instance = gcp.apigee.Instance(\"apigee_instance\",\n name=\"my-instance-name\",\n location=\"us-central1\",\n org_id=apigee_org.id,\n ip_range=\"10.87.8.0/22\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 22,\n Network = apigeeNetwork.Id,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n },\n });\n\n var apigeeInstance = new Gcp.Apigee.Instance(\"apigee_instance\", new()\n {\n Name = \"my-instance-name\",\n Location = \"us-central1\",\n OrgId = apigeeOrg.Id,\n IpRange = \"10.87.8.0/22\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(22),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewInstance(ctx, \"apigee_instance\", \u0026apigee.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance-name\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t\tIpRange: pulumi.String(\"10.87.8.0/22\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.Instance;\nimport com.pulumi.gcp.apigee.InstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(22)\n .network(apigeeNetwork.id())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeVpcConnection)\n .build());\n\n var apigeeInstance = new Instance(\"apigeeInstance\", InstanceArgs.builder()\n .name(\"my-instance-name\")\n .location(\"us-central1\")\n .orgId(apigeeOrg.id())\n .ipRange(\"10.87.8.0/22\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 22\n network: ${apigeeNetwork.id}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n options:\n dependson:\n - ${apigeeVpcConnection}\n apigeeInstance:\n type: gcp:apigee:Instance\n name: apigee_instance\n properties:\n name: my-instance-name\n location: us-central1\n orgId: ${apigeeOrg.id}\n ipRange: 10.87.8.0/22\nvariables:\n current:\n fn::invoke:\n Function: gcp:organizations:getClientConfig\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Apigee Instance Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {name: \"apigee-network\"});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: apigeeNetwork.id,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst apigeeKeyring = new gcp.kms.KeyRing(\"apigee_keyring\", {\n name: \"apigee-keyring\",\n location: \"us-central1\",\n});\nconst apigeeKey = new gcp.kms.CryptoKey(\"apigee_key\", {\n name: \"apigee-key\",\n keyRing: apigeeKeyring.id,\n});\nconst apigeeSa = new gcp.projects.ServiceIdentity(\"apigee_sa\", {\n project: project.projectId,\n service: apigee.service,\n});\nconst apigeeSaKeyuser = new gcp.kms.CryptoKeyIAMMember(\"apigee_sa_keyuser\", {\n cryptoKeyId: apigeeKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: apigeeSa.member,\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n displayName: \"apigee-org\",\n description: \"Auto-provisioned Apigee Org.\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n runtimeDatabaseEncryptionKeyName: apigeeKey.id,\n}, {\n dependsOn: [\n apigeeVpcConnection,\n apigeeSaKeyuser,\n ],\n});\nconst apigeeInstance = new gcp.apigee.Instance(\"apigee_instance\", {\n name: \"my-instance-name\",\n location: \"us-central1\",\n description: \"Auto-managed Apigee Runtime Instance\",\n displayName: \"my-instance-name\",\n orgId: apigeeOrg.id,\n diskEncryptionKeyName: apigeeKey.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_network = gcp.compute.Network(\"apigee_network\", name=\"apigee-network\")\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=apigee_network.id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\napigee_keyring = gcp.kms.KeyRing(\"apigee_keyring\",\n name=\"apigee-keyring\",\n location=\"us-central1\")\napigee_key = gcp.kms.CryptoKey(\"apigee_key\",\n name=\"apigee-key\",\n key_ring=apigee_keyring.id)\napigee_sa = gcp.projects.ServiceIdentity(\"apigee_sa\",\n project=project[\"projectId\"],\n service=apigee[\"service\"])\napigee_sa_keyuser = gcp.kms.CryptoKeyIAMMember(\"apigee_sa_keyuser\",\n crypto_key_id=apigee_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=apigee_sa.member)\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n display_name=\"apigee-org\",\n description=\"Auto-provisioned Apigee Org.\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n runtime_database_encryption_key_name=apigee_key.id,\n opts = pulumi.ResourceOptions(depends_on=[\n apigee_vpc_connection,\n apigee_sa_keyuser,\n ]))\napigee_instance = gcp.apigee.Instance(\"apigee_instance\",\n name=\"my-instance-name\",\n location=\"us-central1\",\n description=\"Auto-managed Apigee Runtime Instance\",\n display_name=\"my-instance-name\",\n org_id=apigee_org.id,\n disk_encryption_key_name=apigee_key.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = apigeeNetwork.Id,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var apigeeKeyring = new Gcp.Kms.KeyRing(\"apigee_keyring\", new()\n {\n Name = \"apigee-keyring\",\n Location = \"us-central1\",\n });\n\n var apigeeKey = new Gcp.Kms.CryptoKey(\"apigee_key\", new()\n {\n Name = \"apigee-key\",\n KeyRing = apigeeKeyring.Id,\n });\n\n var apigeeSa = new Gcp.Projects.ServiceIdentity(\"apigee_sa\", new()\n {\n Project = project.ProjectId,\n Service = apigee.Service,\n });\n\n var apigeeSaKeyuser = new Gcp.Kms.CryptoKeyIAMMember(\"apigee_sa_keyuser\", new()\n {\n CryptoKeyId = apigeeKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = apigeeSa.Member,\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n DisplayName = \"apigee-org\",\n Description = \"Auto-provisioned Apigee Org.\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n RuntimeDatabaseEncryptionKeyName = apigeeKey.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n apigeeSaKeyuser,\n },\n });\n\n var apigeeInstance = new Gcp.Apigee.Instance(\"apigee_instance\", new()\n {\n Name = \"my-instance-name\",\n Location = \"us-central1\",\n Description = \"Auto-managed Apigee Runtime Instance\",\n DisplayName = \"my-instance-name\",\n OrgId = apigeeOrg.Id,\n DiskEncryptionKeyName = apigeeKey.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeKeyring, err := kms.NewKeyRing(ctx, \"apigee_keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"apigee-keyring\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeKey, err := kms.NewCryptoKey(ctx, \"apigee_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"apigee-key\"),\n\t\t\tKeyRing: apigeeKeyring.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeSa, err := projects.NewServiceIdentity(ctx, \"apigee_sa\", \u0026projects.ServiceIdentityArgs{\n\t\t\tProject: pulumi.Any(project.ProjectId),\n\t\t\tService: pulumi.Any(apigee.Service),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeSaKeyuser, err := kms.NewCryptoKeyIAMMember(ctx, \"apigee_sa_keyuser\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: apigeeKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: apigeeSa.Member,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tDisplayName: pulumi.String(\"apigee-org\"),\n\t\t\tDescription: pulumi.String(\"Auto-provisioned Apigee Org.\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t\tRuntimeDatabaseEncryptionKeyName: apigeeKey.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t\tapigeeSaKeyuser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewInstance(ctx, \"apigee_instance\", \u0026apigee.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance-name\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"Auto-managed Apigee Runtime Instance\"),\n\t\t\tDisplayName: pulumi.String(\"my-instance-name\"),\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t\tDiskEncryptionKeyName: apigeeKey.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.projects.ServiceIdentity;\nimport com.pulumi.gcp.projects.ServiceIdentityArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.Instance;\nimport com.pulumi.gcp.apigee.InstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(apigeeNetwork.id())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var apigeeKeyring = new KeyRing(\"apigeeKeyring\", KeyRingArgs.builder()\n .name(\"apigee-keyring\")\n .location(\"us-central1\")\n .build());\n\n var apigeeKey = new CryptoKey(\"apigeeKey\", CryptoKeyArgs.builder()\n .name(\"apigee-key\")\n .keyRing(apigeeKeyring.id())\n .build());\n\n var apigeeSa = new ServiceIdentity(\"apigeeSa\", ServiceIdentityArgs.builder()\n .project(project.projectId())\n .service(apigee.service())\n .build());\n\n var apigeeSaKeyuser = new CryptoKeyIAMMember(\"apigeeSaKeyuser\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(apigeeKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(apigeeSa.member())\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .displayName(\"apigee-org\")\n .description(\"Auto-provisioned Apigee Org.\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .runtimeDatabaseEncryptionKeyName(apigeeKey.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n apigeeVpcConnection,\n apigeeSaKeyuser)\n .build());\n\n var apigeeInstance = new Instance(\"apigeeInstance\", InstanceArgs.builder()\n .name(\"my-instance-name\")\n .location(\"us-central1\")\n .description(\"Auto-managed Apigee Runtime Instance\")\n .displayName(\"my-instance-name\")\n .orgId(apigeeOrg.id())\n .diskEncryptionKeyName(apigeeKey.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${apigeeNetwork.id}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n apigeeKeyring:\n type: gcp:kms:KeyRing\n name: apigee_keyring\n properties:\n name: apigee-keyring\n location: us-central1\n apigeeKey:\n type: gcp:kms:CryptoKey\n name: apigee_key\n properties:\n name: apigee-key\n keyRing: ${apigeeKeyring.id}\n apigeeSa:\n type: gcp:projects:ServiceIdentity\n name: apigee_sa\n properties:\n project: ${project.projectId}\n service: ${apigee.service}\n apigeeSaKeyuser:\n type: gcp:kms:CryptoKeyIAMMember\n name: apigee_sa_keyuser\n properties:\n cryptoKeyId: ${apigeeKey.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: ${apigeeSa.member}\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n displayName: apigee-org\n description: Auto-provisioned Apigee Org.\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n runtimeDatabaseEncryptionKeyName: ${apigeeKey.id}\n options:\n dependson:\n - ${apigeeVpcConnection}\n - ${apigeeSaKeyuser}\n apigeeInstance:\n type: gcp:apigee:Instance\n name: apigee_instance\n properties:\n name: my-instance-name\n location: us-central1\n description: Auto-managed Apigee Runtime Instance\n displayName: my-instance-name\n orgId: ${apigeeOrg.id}\n diskEncryptionKeyName: ${apigeeKey.id}\nvariables:\n current:\n fn::invoke:\n Function: gcp:organizations:getClientConfig\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInstance can be imported using any of these accepted formats:\n\n* `{{org_id}}/instances/{{name}}`\n\n* `{{org_id}}/{{name}}`\n\nWhen using the `pulumi import` command, Instance can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:apigee/instance:Instance default {{org_id}}/instances/{{name}}\n```\n\n```sh\n$ pulumi import gcp:apigee/instance:Instance default {{org_id}}/{{name}}\n```\n\n", + "description": "An `Instance` is the runtime dataplane in Apigee.\n\n\nTo get more information about Instance, see:\n\n* [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.instances/create)\n* How-to Guides\n * [Creating a runtime instance](https://cloud.google.com/apigee/docs/api-platform/get-started/create-instance)\n\n## Example Usage\n\n### Apigee Instance Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {name: \"apigee-network\"});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: apigeeNetwork.id,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n}, {\n dependsOn: [apigeeVpcConnection],\n});\nconst apigeeInstance = new gcp.apigee.Instance(\"apigee_instance\", {\n name: \"my-instance-name\",\n location: \"us-central1\",\n orgId: apigeeOrg.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_network = gcp.compute.Network(\"apigee_network\", name=\"apigee-network\")\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=apigee_network.id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n opts = pulumi.ResourceOptions(depends_on=[apigee_vpc_connection]))\napigee_instance = gcp.apigee.Instance(\"apigee_instance\",\n name=\"my-instance-name\",\n location=\"us-central1\",\n org_id=apigee_org.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = apigeeNetwork.Id,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n },\n });\n\n var apigeeInstance = new Gcp.Apigee.Instance(\"apigee_instance\", new()\n {\n Name = \"my-instance-name\",\n Location = \"us-central1\",\n OrgId = apigeeOrg.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewInstance(ctx, \"apigee_instance\", \u0026apigee.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance-name\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.Instance;\nimport com.pulumi.gcp.apigee.InstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(apigeeNetwork.id())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeVpcConnection)\n .build());\n\n var apigeeInstance = new Instance(\"apigeeInstance\", InstanceArgs.builder()\n .name(\"my-instance-name\")\n .location(\"us-central1\")\n .orgId(apigeeOrg.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${apigeeNetwork.id}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n options:\n dependsOn:\n - ${apigeeVpcConnection}\n apigeeInstance:\n type: gcp:apigee:Instance\n name: apigee_instance\n properties:\n name: my-instance-name\n location: us-central1\n orgId: ${apigeeOrg.id}\nvariables:\n current:\n fn::invoke:\n function: gcp:organizations:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Apigee Instance Cidr Range\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {name: \"apigee-network\"});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 22,\n network: apigeeNetwork.id,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n}, {\n dependsOn: [apigeeVpcConnection],\n});\nconst apigeeInstance = new gcp.apigee.Instance(\"apigee_instance\", {\n name: \"my-instance-name\",\n location: \"us-central1\",\n orgId: apigeeOrg.id,\n peeringCidrRange: \"SLASH_22\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_network = gcp.compute.Network(\"apigee_network\", name=\"apigee-network\")\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=22,\n network=apigee_network.id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n opts = pulumi.ResourceOptions(depends_on=[apigee_vpc_connection]))\napigee_instance = gcp.apigee.Instance(\"apigee_instance\",\n name=\"my-instance-name\",\n location=\"us-central1\",\n org_id=apigee_org.id,\n peering_cidr_range=\"SLASH_22\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 22,\n Network = apigeeNetwork.Id,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n },\n });\n\n var apigeeInstance = new Gcp.Apigee.Instance(\"apigee_instance\", new()\n {\n Name = \"my-instance-name\",\n Location = \"us-central1\",\n OrgId = apigeeOrg.Id,\n PeeringCidrRange = \"SLASH_22\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(22),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewInstance(ctx, \"apigee_instance\", \u0026apigee.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance-name\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t\tPeeringCidrRange: pulumi.String(\"SLASH_22\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.Instance;\nimport com.pulumi.gcp.apigee.InstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(22)\n .network(apigeeNetwork.id())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeVpcConnection)\n .build());\n\n var apigeeInstance = new Instance(\"apigeeInstance\", InstanceArgs.builder()\n .name(\"my-instance-name\")\n .location(\"us-central1\")\n .orgId(apigeeOrg.id())\n .peeringCidrRange(\"SLASH_22\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 22\n network: ${apigeeNetwork.id}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n options:\n dependsOn:\n - ${apigeeVpcConnection}\n apigeeInstance:\n type: gcp:apigee:Instance\n name: apigee_instance\n properties:\n name: my-instance-name\n location: us-central1\n orgId: ${apigeeOrg.id}\n peeringCidrRange: SLASH_22\nvariables:\n current:\n fn::invoke:\n function: gcp:organizations:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Apigee Instance Ip Range\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {name: \"apigee-network\"});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 22,\n network: apigeeNetwork.id,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n}, {\n dependsOn: [apigeeVpcConnection],\n});\nconst apigeeInstance = new gcp.apigee.Instance(\"apigee_instance\", {\n name: \"my-instance-name\",\n location: \"us-central1\",\n orgId: apigeeOrg.id,\n ipRange: \"10.87.8.0/22\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_network = gcp.compute.Network(\"apigee_network\", name=\"apigee-network\")\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=22,\n network=apigee_network.id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n opts = pulumi.ResourceOptions(depends_on=[apigee_vpc_connection]))\napigee_instance = gcp.apigee.Instance(\"apigee_instance\",\n name=\"my-instance-name\",\n location=\"us-central1\",\n org_id=apigee_org.id,\n ip_range=\"10.87.8.0/22\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 22,\n Network = apigeeNetwork.Id,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n },\n });\n\n var apigeeInstance = new Gcp.Apigee.Instance(\"apigee_instance\", new()\n {\n Name = \"my-instance-name\",\n Location = \"us-central1\",\n OrgId = apigeeOrg.Id,\n IpRange = \"10.87.8.0/22\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(22),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewInstance(ctx, \"apigee_instance\", \u0026apigee.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance-name\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t\tIpRange: pulumi.String(\"10.87.8.0/22\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.Instance;\nimport com.pulumi.gcp.apigee.InstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(22)\n .network(apigeeNetwork.id())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeVpcConnection)\n .build());\n\n var apigeeInstance = new Instance(\"apigeeInstance\", InstanceArgs.builder()\n .name(\"my-instance-name\")\n .location(\"us-central1\")\n .orgId(apigeeOrg.id())\n .ipRange(\"10.87.8.0/22\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 22\n network: ${apigeeNetwork.id}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n options:\n dependsOn:\n - ${apigeeVpcConnection}\n apigeeInstance:\n type: gcp:apigee:Instance\n name: apigee_instance\n properties:\n name: my-instance-name\n location: us-central1\n orgId: ${apigeeOrg.id}\n ipRange: 10.87.8.0/22\nvariables:\n current:\n fn::invoke:\n function: gcp:organizations:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Apigee Instance Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {name: \"apigee-network\"});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: apigeeNetwork.id,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst apigeeKeyring = new gcp.kms.KeyRing(\"apigee_keyring\", {\n name: \"apigee-keyring\",\n location: \"us-central1\",\n});\nconst apigeeKey = new gcp.kms.CryptoKey(\"apigee_key\", {\n name: \"apigee-key\",\n keyRing: apigeeKeyring.id,\n});\nconst apigeeSa = new gcp.projects.ServiceIdentity(\"apigee_sa\", {\n project: project.projectId,\n service: apigee.service,\n});\nconst apigeeSaKeyuser = new gcp.kms.CryptoKeyIAMMember(\"apigee_sa_keyuser\", {\n cryptoKeyId: apigeeKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: apigeeSa.member,\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n displayName: \"apigee-org\",\n description: \"Auto-provisioned Apigee Org.\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n runtimeDatabaseEncryptionKeyName: apigeeKey.id,\n}, {\n dependsOn: [\n apigeeVpcConnection,\n apigeeSaKeyuser,\n ],\n});\nconst apigeeInstance = new gcp.apigee.Instance(\"apigee_instance\", {\n name: \"my-instance-name\",\n location: \"us-central1\",\n description: \"Auto-managed Apigee Runtime Instance\",\n displayName: \"my-instance-name\",\n orgId: apigeeOrg.id,\n diskEncryptionKeyName: apigeeKey.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_network = gcp.compute.Network(\"apigee_network\", name=\"apigee-network\")\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=apigee_network.id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\napigee_keyring = gcp.kms.KeyRing(\"apigee_keyring\",\n name=\"apigee-keyring\",\n location=\"us-central1\")\napigee_key = gcp.kms.CryptoKey(\"apigee_key\",\n name=\"apigee-key\",\n key_ring=apigee_keyring.id)\napigee_sa = gcp.projects.ServiceIdentity(\"apigee_sa\",\n project=project[\"projectId\"],\n service=apigee[\"service\"])\napigee_sa_keyuser = gcp.kms.CryptoKeyIAMMember(\"apigee_sa_keyuser\",\n crypto_key_id=apigee_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=apigee_sa.member)\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n display_name=\"apigee-org\",\n description=\"Auto-provisioned Apigee Org.\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n runtime_database_encryption_key_name=apigee_key.id,\n opts = pulumi.ResourceOptions(depends_on=[\n apigee_vpc_connection,\n apigee_sa_keyuser,\n ]))\napigee_instance = gcp.apigee.Instance(\"apigee_instance\",\n name=\"my-instance-name\",\n location=\"us-central1\",\n description=\"Auto-managed Apigee Runtime Instance\",\n display_name=\"my-instance-name\",\n org_id=apigee_org.id,\n disk_encryption_key_name=apigee_key.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = apigeeNetwork.Id,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var apigeeKeyring = new Gcp.Kms.KeyRing(\"apigee_keyring\", new()\n {\n Name = \"apigee-keyring\",\n Location = \"us-central1\",\n });\n\n var apigeeKey = new Gcp.Kms.CryptoKey(\"apigee_key\", new()\n {\n Name = \"apigee-key\",\n KeyRing = apigeeKeyring.Id,\n });\n\n var apigeeSa = new Gcp.Projects.ServiceIdentity(\"apigee_sa\", new()\n {\n Project = project.ProjectId,\n Service = apigee.Service,\n });\n\n var apigeeSaKeyuser = new Gcp.Kms.CryptoKeyIAMMember(\"apigee_sa_keyuser\", new()\n {\n CryptoKeyId = apigeeKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = apigeeSa.Member,\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n DisplayName = \"apigee-org\",\n Description = \"Auto-provisioned Apigee Org.\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n RuntimeDatabaseEncryptionKeyName = apigeeKey.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n apigeeSaKeyuser,\n },\n });\n\n var apigeeInstance = new Gcp.Apigee.Instance(\"apigee_instance\", new()\n {\n Name = \"my-instance-name\",\n Location = \"us-central1\",\n Description = \"Auto-managed Apigee Runtime Instance\",\n DisplayName = \"my-instance-name\",\n OrgId = apigeeOrg.Id,\n DiskEncryptionKeyName = apigeeKey.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeKeyring, err := kms.NewKeyRing(ctx, \"apigee_keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"apigee-keyring\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeKey, err := kms.NewCryptoKey(ctx, \"apigee_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"apigee-key\"),\n\t\t\tKeyRing: apigeeKeyring.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeSa, err := projects.NewServiceIdentity(ctx, \"apigee_sa\", \u0026projects.ServiceIdentityArgs{\n\t\t\tProject: pulumi.Any(project.ProjectId),\n\t\t\tService: pulumi.Any(apigee.Service),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeSaKeyuser, err := kms.NewCryptoKeyIAMMember(ctx, \"apigee_sa_keyuser\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: apigeeKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: apigeeSa.Member,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tDisplayName: pulumi.String(\"apigee-org\"),\n\t\t\tDescription: pulumi.String(\"Auto-provisioned Apigee Org.\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t\tRuntimeDatabaseEncryptionKeyName: apigeeKey.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t\tapigeeSaKeyuser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewInstance(ctx, \"apigee_instance\", \u0026apigee.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance-name\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"Auto-managed Apigee Runtime Instance\"),\n\t\t\tDisplayName: pulumi.String(\"my-instance-name\"),\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t\tDiskEncryptionKeyName: apigeeKey.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.projects.ServiceIdentity;\nimport com.pulumi.gcp.projects.ServiceIdentityArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.Instance;\nimport com.pulumi.gcp.apigee.InstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(apigeeNetwork.id())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var apigeeKeyring = new KeyRing(\"apigeeKeyring\", KeyRingArgs.builder()\n .name(\"apigee-keyring\")\n .location(\"us-central1\")\n .build());\n\n var apigeeKey = new CryptoKey(\"apigeeKey\", CryptoKeyArgs.builder()\n .name(\"apigee-key\")\n .keyRing(apigeeKeyring.id())\n .build());\n\n var apigeeSa = new ServiceIdentity(\"apigeeSa\", ServiceIdentityArgs.builder()\n .project(project.projectId())\n .service(apigee.service())\n .build());\n\n var apigeeSaKeyuser = new CryptoKeyIAMMember(\"apigeeSaKeyuser\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(apigeeKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(apigeeSa.member())\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .displayName(\"apigee-org\")\n .description(\"Auto-provisioned Apigee Org.\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .runtimeDatabaseEncryptionKeyName(apigeeKey.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n apigeeVpcConnection,\n apigeeSaKeyuser)\n .build());\n\n var apigeeInstance = new Instance(\"apigeeInstance\", InstanceArgs.builder()\n .name(\"my-instance-name\")\n .location(\"us-central1\")\n .description(\"Auto-managed Apigee Runtime Instance\")\n .displayName(\"my-instance-name\")\n .orgId(apigeeOrg.id())\n .diskEncryptionKeyName(apigeeKey.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${apigeeNetwork.id}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n apigeeKeyring:\n type: gcp:kms:KeyRing\n name: apigee_keyring\n properties:\n name: apigee-keyring\n location: us-central1\n apigeeKey:\n type: gcp:kms:CryptoKey\n name: apigee_key\n properties:\n name: apigee-key\n keyRing: ${apigeeKeyring.id}\n apigeeSa:\n type: gcp:projects:ServiceIdentity\n name: apigee_sa\n properties:\n project: ${project.projectId}\n service: ${apigee.service}\n apigeeSaKeyuser:\n type: gcp:kms:CryptoKeyIAMMember\n name: apigee_sa_keyuser\n properties:\n cryptoKeyId: ${apigeeKey.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: ${apigeeSa.member}\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n displayName: apigee-org\n description: Auto-provisioned Apigee Org.\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n runtimeDatabaseEncryptionKeyName: ${apigeeKey.id}\n options:\n dependsOn:\n - ${apigeeVpcConnection}\n - ${apigeeSaKeyuser}\n apigeeInstance:\n type: gcp:apigee:Instance\n name: apigee_instance\n properties:\n name: my-instance-name\n location: us-central1\n description: Auto-managed Apigee Runtime Instance\n displayName: my-instance-name\n orgId: ${apigeeOrg.id}\n diskEncryptionKeyName: ${apigeeKey.id}\nvariables:\n current:\n fn::invoke:\n function: gcp:organizations:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInstance can be imported using any of these accepted formats:\n\n* `{{org_id}}/instances/{{name}}`\n\n* `{{org_id}}/{{name}}`\n\nWhen using the `pulumi import` command, Instance can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:apigee/instance:Instance default {{org_id}}/instances/{{name}}\n```\n\n```sh\n$ pulumi import gcp:apigee/instance:Instance default {{org_id}}/{{name}}\n```\n\n", "properties": { "consumerAcceptLists": { "type": "array", @@ -133462,7 +133462,7 @@ } }, "gcp:apigee/keystoresAliasesSelfSignedCert:KeystoresAliasesSelfSignedCert": { - "description": "An Environment Keystore Alias for Self Signed Certificate Format in Apigee\n\n\nTo get more information about KeystoresAliasesSelfSignedCert, see:\n\n* [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.environments.keystores.aliases/create)\n* How-to Guides\n * [Creating an environment](https://cloud.google.com/apigee/docs/api-platform/get-started/create-environment)\n\n## Example Usage\n\n### Apigee Env Keystore Alias Self Signed Cert\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.organizations.Project(\"project\", {\n projectId: \"my-project\",\n name: \"my-project\",\n orgId: \"123456789\",\n billingAccount: \"000000-0000000-0000000-000000\",\n deletionPolicy: \"DELETE\",\n});\nconst apigee = new gcp.projects.Service(\"apigee\", {\n project: project.projectId,\n service: \"apigee.googleapis.com\",\n});\nconst servicenetworking = new gcp.projects.Service(\"servicenetworking\", {\n project: project.projectId,\n service: \"servicenetworking.googleapis.com\",\n}, {\n dependsOn: [apigee],\n});\nconst compute = new gcp.projects.Service(\"compute\", {\n project: project.projectId,\n service: \"compute.googleapis.com\",\n}, {\n dependsOn: [servicenetworking],\n});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {\n name: \"apigee-network\",\n project: project.projectId,\n}, {\n dependsOn: [compute],\n});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: apigeeNetwork.id,\n project: project.projectId,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n}, {\n dependsOn: [servicenetworking],\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n projectId: project.projectId,\n authorizedNetwork: apigeeNetwork.id,\n}, {\n dependsOn: [\n apigeeVpcConnection,\n apigee,\n ],\n});\nconst apigeeEnvironmentKeystoreSsAlias = new gcp.apigee.Environment(\"apigee_environment_keystore_ss_alias\", {\n orgId: apigeeOrg.id,\n name: \"env-name\",\n description: \"Apigee Environment\",\n displayName: \"environment-1\",\n});\nconst apigeeEnvironmentKeystoreAlias = new gcp.apigee.EnvKeystore(\"apigee_environment_keystore_alias\", {\n name: \"env-keystore\",\n envId: apigeeEnvironmentKeystoreSsAlias.id,\n});\nconst apigeeEnvironmentKeystoreSsAliasKeystoresAliasesSelfSignedCert = new gcp.apigee.KeystoresAliasesSelfSignedCert(\"apigee_environment_keystore_ss_alias\", {\n environment: apigeeEnvironmentKeystoreSsAlias.name,\n orgId: apigeeOrg.name,\n keystore: apigeeEnvironmentKeystoreAlias.name,\n alias: \"alias\",\n keySize: \"1024\",\n sigAlg: \"SHA512withRSA\",\n certValidityInDays: 4,\n subject: {\n commonName: \"selfsigned_example\",\n countryCode: \"US\",\n locality: \"TX\",\n org: \"CCE\",\n orgUnit: \"PSO\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.Project(\"project\",\n project_id=\"my-project\",\n name=\"my-project\",\n org_id=\"123456789\",\n billing_account=\"000000-0000000-0000000-000000\",\n deletion_policy=\"DELETE\")\napigee = gcp.projects.Service(\"apigee\",\n project=project.project_id,\n service=\"apigee.googleapis.com\")\nservicenetworking = gcp.projects.Service(\"servicenetworking\",\n project=project.project_id,\n service=\"servicenetworking.googleapis.com\",\n opts = pulumi.ResourceOptions(depends_on=[apigee]))\ncompute = gcp.projects.Service(\"compute\",\n project=project.project_id,\n service=\"compute.googleapis.com\",\n opts = pulumi.ResourceOptions(depends_on=[servicenetworking]))\napigee_network = gcp.compute.Network(\"apigee_network\",\n name=\"apigee-network\",\n project=project.project_id,\n opts = pulumi.ResourceOptions(depends_on=[compute]))\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=apigee_network.id,\n project=project.project_id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name],\n opts = pulumi.ResourceOptions(depends_on=[servicenetworking]))\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n project_id=project.project_id,\n authorized_network=apigee_network.id,\n opts = pulumi.ResourceOptions(depends_on=[\n apigee_vpc_connection,\n apigee,\n ]))\napigee_environment_keystore_ss_alias = gcp.apigee.Environment(\"apigee_environment_keystore_ss_alias\",\n org_id=apigee_org.id,\n name=\"env-name\",\n description=\"Apigee Environment\",\n display_name=\"environment-1\")\napigee_environment_keystore_alias = gcp.apigee.EnvKeystore(\"apigee_environment_keystore_alias\",\n name=\"env-keystore\",\n env_id=apigee_environment_keystore_ss_alias.id)\napigee_environment_keystore_ss_alias_keystores_aliases_self_signed_cert = gcp.apigee.KeystoresAliasesSelfSignedCert(\"apigee_environment_keystore_ss_alias\",\n environment=apigee_environment_keystore_ss_alias.name,\n org_id=apigee_org.name,\n keystore=apigee_environment_keystore_alias.name,\n alias=\"alias\",\n key_size=\"1024\",\n sig_alg=\"SHA512withRSA\",\n cert_validity_in_days=4,\n subject={\n \"common_name\": \"selfsigned_example\",\n \"country_code\": \"US\",\n \"locality\": \"TX\",\n \"org\": \"CCE\",\n \"org_unit\": \"PSO\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Organizations.Project(\"project\", new()\n {\n ProjectId = \"my-project\",\n Name = \"my-project\",\n OrgId = \"123456789\",\n BillingAccount = \"000000-0000000-0000000-000000\",\n DeletionPolicy = \"DELETE\",\n });\n\n var apigee = new Gcp.Projects.Service(\"apigee\", new()\n {\n Project = project.ProjectId,\n ServiceName = \"apigee.googleapis.com\",\n });\n\n var servicenetworking = new Gcp.Projects.Service(\"servicenetworking\", new()\n {\n Project = project.ProjectId,\n ServiceName = \"servicenetworking.googleapis.com\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigee,\n },\n });\n\n var compute = new Gcp.Projects.Service(\"compute\", new()\n {\n Project = project.ProjectId,\n ServiceName = \"compute.googleapis.com\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n servicenetworking,\n },\n });\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n Project = project.ProjectId,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n compute,\n },\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = apigeeNetwork.Id,\n Project = project.ProjectId,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n servicenetworking,\n },\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n ProjectId = project.ProjectId,\n AuthorizedNetwork = apigeeNetwork.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n apigee,\n },\n });\n\n var apigeeEnvironmentKeystoreSsAlias = new Gcp.Apigee.Environment(\"apigee_environment_keystore_ss_alias\", new()\n {\n OrgId = apigeeOrg.Id,\n Name = \"env-name\",\n Description = \"Apigee Environment\",\n DisplayName = \"environment-1\",\n });\n\n var apigeeEnvironmentKeystoreAlias = new Gcp.Apigee.EnvKeystore(\"apigee_environment_keystore_alias\", new()\n {\n Name = \"env-keystore\",\n EnvId = apigeeEnvironmentKeystoreSsAlias.Id,\n });\n\n var apigeeEnvironmentKeystoreSsAliasKeystoresAliasesSelfSignedCert = new Gcp.Apigee.KeystoresAliasesSelfSignedCert(\"apigee_environment_keystore_ss_alias\", new()\n {\n Environment = apigeeEnvironmentKeystoreSsAlias.Name,\n OrgId = apigeeOrg.Name,\n Keystore = apigeeEnvironmentKeystoreAlias.Name,\n Alias = \"alias\",\n KeySize = \"1024\",\n SigAlg = \"SHA512withRSA\",\n CertValidityInDays = 4,\n Subject = new Gcp.Apigee.Inputs.KeystoresAliasesSelfSignedCertSubjectArgs\n {\n CommonName = \"selfsigned_example\",\n CountryCode = \"US\",\n Locality = \"TX\",\n Org = \"CCE\",\n OrgUnit = \"PSO\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.NewProject(ctx, \"project\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"my-project\"),\n\t\t\tName: pulumi.String(\"my-project\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tBillingAccount: pulumi.String(\"000000-0000000-0000000-000000\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigee, err := projects.NewService(ctx, \"apigee\", \u0026projects.ServiceArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tService: pulumi.String(\"apigee.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tservicenetworking, err := projects.NewService(ctx, \"servicenetworking\", \u0026projects.ServiceArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigee,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcompute, err := projects.NewService(ctx, \"compute\", \u0026projects.ServiceArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tService: pulumi.String(\"compute.googleapis.com\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tservicenetworking,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t\tProject: project.ProjectId,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcompute,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tProject: project.ProjectId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tservicenetworking,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: project.ProjectId,\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t\tapigee,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeEnvironmentKeystoreSsAlias, err := apigee.NewEnvironment(ctx, \"apigee_environment_keystore_ss_alias\", \u0026apigee.EnvironmentArgs{\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t\tName: pulumi.String(\"env-name\"),\n\t\t\tDescription: pulumi.String(\"Apigee Environment\"),\n\t\t\tDisplayName: pulumi.String(\"environment-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeEnvironmentKeystoreAlias, err := apigee.NewEnvKeystore(ctx, \"apigee_environment_keystore_alias\", \u0026apigee.EnvKeystoreArgs{\n\t\t\tName: pulumi.String(\"env-keystore\"),\n\t\t\tEnvId: apigeeEnvironmentKeystoreSsAlias.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewKeystoresAliasesSelfSignedCert(ctx, \"apigee_environment_keystore_ss_alias\", \u0026apigee.KeystoresAliasesSelfSignedCertArgs{\n\t\t\tEnvironment: apigeeEnvironmentKeystoreSsAlias.Name,\n\t\t\tOrgId: apigeeOrg.Name,\n\t\t\tKeystore: apigeeEnvironmentKeystoreAlias.Name,\n\t\t\tAlias: pulumi.String(\"alias\"),\n\t\t\tKeySize: pulumi.String(\"1024\"),\n\t\t\tSigAlg: pulumi.String(\"SHA512withRSA\"),\n\t\t\tCertValidityInDays: pulumi.Int(4),\n\t\t\tSubject: \u0026apigee.KeystoresAliasesSelfSignedCertSubjectArgs{\n\t\t\t\tCommonName: pulumi.String(\"selfsigned_example\"),\n\t\t\t\tCountryCode: pulumi.String(\"US\"),\n\t\t\t\tLocality: pulumi.String(\"TX\"),\n\t\t\t\tOrg: pulumi.String(\"CCE\"),\n\t\t\t\tOrgUnit: pulumi.String(\"PSO\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.Environment;\nimport com.pulumi.gcp.apigee.EnvironmentArgs;\nimport com.pulumi.gcp.apigee.EnvKeystore;\nimport com.pulumi.gcp.apigee.EnvKeystoreArgs;\nimport com.pulumi.gcp.apigee.KeystoresAliasesSelfSignedCert;\nimport com.pulumi.gcp.apigee.KeystoresAliasesSelfSignedCertArgs;\nimport com.pulumi.gcp.apigee.inputs.KeystoresAliasesSelfSignedCertSubjectArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new Project(\"project\", ProjectArgs.builder()\n .projectId(\"my-project\")\n .name(\"my-project\")\n .orgId(\"123456789\")\n .billingAccount(\"000000-0000000-0000000-000000\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var apigee = new Service(\"apigee\", ServiceArgs.builder()\n .project(project.projectId())\n .service(\"apigee.googleapis.com\")\n .build());\n\n var servicenetworking = new Service(\"servicenetworking\", ServiceArgs.builder()\n .project(project.projectId())\n .service(\"servicenetworking.googleapis.com\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigee)\n .build());\n\n var compute = new Service(\"compute\", ServiceArgs.builder()\n .project(project.projectId())\n .service(\"compute.googleapis.com\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(servicenetworking)\n .build());\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .project(project.projectId())\n .build(), CustomResourceOptions.builder()\n .dependsOn(compute)\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(apigeeNetwork.id())\n .project(project.projectId())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build(), CustomResourceOptions.builder()\n .dependsOn(servicenetworking)\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .projectId(project.projectId())\n .authorizedNetwork(apigeeNetwork.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n apigeeVpcConnection,\n apigee)\n .build());\n\n var apigeeEnvironmentKeystoreSsAlias = new Environment(\"apigeeEnvironmentKeystoreSsAlias\", EnvironmentArgs.builder()\n .orgId(apigeeOrg.id())\n .name(\"env-name\")\n .description(\"Apigee Environment\")\n .displayName(\"environment-1\")\n .build());\n\n var apigeeEnvironmentKeystoreAlias = new EnvKeystore(\"apigeeEnvironmentKeystoreAlias\", EnvKeystoreArgs.builder()\n .name(\"env-keystore\")\n .envId(apigeeEnvironmentKeystoreSsAlias.id())\n .build());\n\n var apigeeEnvironmentKeystoreSsAliasKeystoresAliasesSelfSignedCert = new KeystoresAliasesSelfSignedCert(\"apigeeEnvironmentKeystoreSsAliasKeystoresAliasesSelfSignedCert\", KeystoresAliasesSelfSignedCertArgs.builder()\n .environment(apigeeEnvironmentKeystoreSsAlias.name())\n .orgId(apigeeOrg.name())\n .keystore(apigeeEnvironmentKeystoreAlias.name())\n .alias(\"alias\")\n .keySize(1024)\n .sigAlg(\"SHA512withRSA\")\n .certValidityInDays(4)\n .subject(KeystoresAliasesSelfSignedCertSubjectArgs.builder()\n .commonName(\"selfsigned_example\")\n .countryCode(\"US\")\n .locality(\"TX\")\n .org(\"CCE\")\n .orgUnit(\"PSO\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:organizations:Project\n properties:\n projectId: my-project\n name: my-project\n orgId: '123456789'\n billingAccount: 000000-0000000-0000000-000000\n deletionPolicy: DELETE\n apigee:\n type: gcp:projects:Service\n properties:\n project: ${project.projectId}\n service: apigee.googleapis.com\n servicenetworking:\n type: gcp:projects:Service\n properties:\n project: ${project.projectId}\n service: servicenetworking.googleapis.com\n options:\n dependson:\n - ${apigee}\n compute:\n type: gcp:projects:Service\n properties:\n project: ${project.projectId}\n service: compute.googleapis.com\n options:\n dependson:\n - ${servicenetworking}\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n project: ${project.projectId}\n options:\n dependson:\n - ${compute}\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${apigeeNetwork.id}\n project: ${project.projectId}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n options:\n dependson:\n - ${servicenetworking}\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n projectId: ${project.projectId}\n authorizedNetwork: ${apigeeNetwork.id}\n options:\n dependson:\n - ${apigeeVpcConnection}\n - ${apigee}\n apigeeEnvironmentKeystoreSsAlias:\n type: gcp:apigee:Environment\n name: apigee_environment_keystore_ss_alias\n properties:\n orgId: ${apigeeOrg.id}\n name: env-name\n description: Apigee Environment\n displayName: environment-1\n apigeeEnvironmentKeystoreAlias:\n type: gcp:apigee:EnvKeystore\n name: apigee_environment_keystore_alias\n properties:\n name: env-keystore\n envId: ${apigeeEnvironmentKeystoreSsAlias.id}\n apigeeEnvironmentKeystoreSsAliasKeystoresAliasesSelfSignedCert:\n type: gcp:apigee:KeystoresAliasesSelfSignedCert\n name: apigee_environment_keystore_ss_alias\n properties:\n environment: ${apigeeEnvironmentKeystoreSsAlias.name}\n orgId: ${apigeeOrg.name}\n keystore: ${apigeeEnvironmentKeystoreAlias.name}\n alias: alias\n keySize: 1024\n sigAlg: SHA512withRSA\n certValidityInDays: 4\n subject:\n commonName: selfsigned_example\n countryCode: US\n locality: TX\n org: CCE\n orgUnit: PSO\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nKeystoresAliasesSelfSignedCert can be imported using any of these accepted formats:\n\n* `organizations/{{org_id}}/environments/{{environment}}/keystores/{{keystore}}/aliases/{{alias}}`\n\n* `{{org_id}}/{{environment}}/{{keystore}}/{{alias}}`\n\nWhen using the `pulumi import` command, KeystoresAliasesSelfSignedCert can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:apigee/keystoresAliasesSelfSignedCert:KeystoresAliasesSelfSignedCert default organizations/{{org_id}}/environments/{{environment}}/keystores/{{keystore}}/aliases/{{alias}}\n```\n\n```sh\n$ pulumi import gcp:apigee/keystoresAliasesSelfSignedCert:KeystoresAliasesSelfSignedCert default {{org_id}}/{{environment}}/{{keystore}}/{{alias}}\n```\n\n", + "description": "An Environment Keystore Alias for Self Signed Certificate Format in Apigee\n\n\nTo get more information about KeystoresAliasesSelfSignedCert, see:\n\n* [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.environments.keystores.aliases/create)\n* How-to Guides\n * [Creating an environment](https://cloud.google.com/apigee/docs/api-platform/get-started/create-environment)\n\n## Example Usage\n\n### Apigee Env Keystore Alias Self Signed Cert\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.organizations.Project(\"project\", {\n projectId: \"my-project\",\n name: \"my-project\",\n orgId: \"123456789\",\n billingAccount: \"000000-0000000-0000000-000000\",\n deletionPolicy: \"DELETE\",\n});\nconst apigee = new gcp.projects.Service(\"apigee\", {\n project: project.projectId,\n service: \"apigee.googleapis.com\",\n});\nconst servicenetworking = new gcp.projects.Service(\"servicenetworking\", {\n project: project.projectId,\n service: \"servicenetworking.googleapis.com\",\n}, {\n dependsOn: [apigee],\n});\nconst compute = new gcp.projects.Service(\"compute\", {\n project: project.projectId,\n service: \"compute.googleapis.com\",\n}, {\n dependsOn: [servicenetworking],\n});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {\n name: \"apigee-network\",\n project: project.projectId,\n}, {\n dependsOn: [compute],\n});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: apigeeNetwork.id,\n project: project.projectId,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n}, {\n dependsOn: [servicenetworking],\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n projectId: project.projectId,\n authorizedNetwork: apigeeNetwork.id,\n}, {\n dependsOn: [\n apigeeVpcConnection,\n apigee,\n ],\n});\nconst apigeeEnvironmentKeystoreSsAlias = new gcp.apigee.Environment(\"apigee_environment_keystore_ss_alias\", {\n orgId: apigeeOrg.id,\n name: \"env-name\",\n description: \"Apigee Environment\",\n displayName: \"environment-1\",\n});\nconst apigeeEnvironmentKeystoreAlias = new gcp.apigee.EnvKeystore(\"apigee_environment_keystore_alias\", {\n name: \"env-keystore\",\n envId: apigeeEnvironmentKeystoreSsAlias.id,\n});\nconst apigeeEnvironmentKeystoreSsAliasKeystoresAliasesSelfSignedCert = new gcp.apigee.KeystoresAliasesSelfSignedCert(\"apigee_environment_keystore_ss_alias\", {\n environment: apigeeEnvironmentKeystoreSsAlias.name,\n orgId: apigeeOrg.name,\n keystore: apigeeEnvironmentKeystoreAlias.name,\n alias: \"alias\",\n keySize: \"1024\",\n sigAlg: \"SHA512withRSA\",\n certValidityInDays: 4,\n subject: {\n commonName: \"selfsigned_example\",\n countryCode: \"US\",\n locality: \"TX\",\n org: \"CCE\",\n orgUnit: \"PSO\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.Project(\"project\",\n project_id=\"my-project\",\n name=\"my-project\",\n org_id=\"123456789\",\n billing_account=\"000000-0000000-0000000-000000\",\n deletion_policy=\"DELETE\")\napigee = gcp.projects.Service(\"apigee\",\n project=project.project_id,\n service=\"apigee.googleapis.com\")\nservicenetworking = gcp.projects.Service(\"servicenetworking\",\n project=project.project_id,\n service=\"servicenetworking.googleapis.com\",\n opts = pulumi.ResourceOptions(depends_on=[apigee]))\ncompute = gcp.projects.Service(\"compute\",\n project=project.project_id,\n service=\"compute.googleapis.com\",\n opts = pulumi.ResourceOptions(depends_on=[servicenetworking]))\napigee_network = gcp.compute.Network(\"apigee_network\",\n name=\"apigee-network\",\n project=project.project_id,\n opts = pulumi.ResourceOptions(depends_on=[compute]))\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=apigee_network.id,\n project=project.project_id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name],\n opts = pulumi.ResourceOptions(depends_on=[servicenetworking]))\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n project_id=project.project_id,\n authorized_network=apigee_network.id,\n opts = pulumi.ResourceOptions(depends_on=[\n apigee_vpc_connection,\n apigee,\n ]))\napigee_environment_keystore_ss_alias = gcp.apigee.Environment(\"apigee_environment_keystore_ss_alias\",\n org_id=apigee_org.id,\n name=\"env-name\",\n description=\"Apigee Environment\",\n display_name=\"environment-1\")\napigee_environment_keystore_alias = gcp.apigee.EnvKeystore(\"apigee_environment_keystore_alias\",\n name=\"env-keystore\",\n env_id=apigee_environment_keystore_ss_alias.id)\napigee_environment_keystore_ss_alias_keystores_aliases_self_signed_cert = gcp.apigee.KeystoresAliasesSelfSignedCert(\"apigee_environment_keystore_ss_alias\",\n environment=apigee_environment_keystore_ss_alias.name,\n org_id=apigee_org.name,\n keystore=apigee_environment_keystore_alias.name,\n alias=\"alias\",\n key_size=\"1024\",\n sig_alg=\"SHA512withRSA\",\n cert_validity_in_days=4,\n subject={\n \"common_name\": \"selfsigned_example\",\n \"country_code\": \"US\",\n \"locality\": \"TX\",\n \"org\": \"CCE\",\n \"org_unit\": \"PSO\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Organizations.Project(\"project\", new()\n {\n ProjectId = \"my-project\",\n Name = \"my-project\",\n OrgId = \"123456789\",\n BillingAccount = \"000000-0000000-0000000-000000\",\n DeletionPolicy = \"DELETE\",\n });\n\n var apigee = new Gcp.Projects.Service(\"apigee\", new()\n {\n Project = project.ProjectId,\n ServiceName = \"apigee.googleapis.com\",\n });\n\n var servicenetworking = new Gcp.Projects.Service(\"servicenetworking\", new()\n {\n Project = project.ProjectId,\n ServiceName = \"servicenetworking.googleapis.com\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigee,\n },\n });\n\n var compute = new Gcp.Projects.Service(\"compute\", new()\n {\n Project = project.ProjectId,\n ServiceName = \"compute.googleapis.com\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n servicenetworking,\n },\n });\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n Project = project.ProjectId,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n compute,\n },\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = apigeeNetwork.Id,\n Project = project.ProjectId,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n servicenetworking,\n },\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n ProjectId = project.ProjectId,\n AuthorizedNetwork = apigeeNetwork.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n apigee,\n },\n });\n\n var apigeeEnvironmentKeystoreSsAlias = new Gcp.Apigee.Environment(\"apigee_environment_keystore_ss_alias\", new()\n {\n OrgId = apigeeOrg.Id,\n Name = \"env-name\",\n Description = \"Apigee Environment\",\n DisplayName = \"environment-1\",\n });\n\n var apigeeEnvironmentKeystoreAlias = new Gcp.Apigee.EnvKeystore(\"apigee_environment_keystore_alias\", new()\n {\n Name = \"env-keystore\",\n EnvId = apigeeEnvironmentKeystoreSsAlias.Id,\n });\n\n var apigeeEnvironmentKeystoreSsAliasKeystoresAliasesSelfSignedCert = new Gcp.Apigee.KeystoresAliasesSelfSignedCert(\"apigee_environment_keystore_ss_alias\", new()\n {\n Environment = apigeeEnvironmentKeystoreSsAlias.Name,\n OrgId = apigeeOrg.Name,\n Keystore = apigeeEnvironmentKeystoreAlias.Name,\n Alias = \"alias\",\n KeySize = \"1024\",\n SigAlg = \"SHA512withRSA\",\n CertValidityInDays = 4,\n Subject = new Gcp.Apigee.Inputs.KeystoresAliasesSelfSignedCertSubjectArgs\n {\n CommonName = \"selfsigned_example\",\n CountryCode = \"US\",\n Locality = \"TX\",\n Org = \"CCE\",\n OrgUnit = \"PSO\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.NewProject(ctx, \"project\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"my-project\"),\n\t\t\tName: pulumi.String(\"my-project\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tBillingAccount: pulumi.String(\"000000-0000000-0000000-000000\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigee, err := projects.NewService(ctx, \"apigee\", \u0026projects.ServiceArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tService: pulumi.String(\"apigee.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tservicenetworking, err := projects.NewService(ctx, \"servicenetworking\", \u0026projects.ServiceArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigee,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcompute, err := projects.NewService(ctx, \"compute\", \u0026projects.ServiceArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tService: pulumi.String(\"compute.googleapis.com\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tservicenetworking,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t\tProject: project.ProjectId,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcompute,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tProject: project.ProjectId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tservicenetworking,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: project.ProjectId,\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t\tapigee,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeEnvironmentKeystoreSsAlias, err := apigee.NewEnvironment(ctx, \"apigee_environment_keystore_ss_alias\", \u0026apigee.EnvironmentArgs{\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t\tName: pulumi.String(\"env-name\"),\n\t\t\tDescription: pulumi.String(\"Apigee Environment\"),\n\t\t\tDisplayName: pulumi.String(\"environment-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeEnvironmentKeystoreAlias, err := apigee.NewEnvKeystore(ctx, \"apigee_environment_keystore_alias\", \u0026apigee.EnvKeystoreArgs{\n\t\t\tName: pulumi.String(\"env-keystore\"),\n\t\t\tEnvId: apigeeEnvironmentKeystoreSsAlias.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewKeystoresAliasesSelfSignedCert(ctx, \"apigee_environment_keystore_ss_alias\", \u0026apigee.KeystoresAliasesSelfSignedCertArgs{\n\t\t\tEnvironment: apigeeEnvironmentKeystoreSsAlias.Name,\n\t\t\tOrgId: apigeeOrg.Name,\n\t\t\tKeystore: apigeeEnvironmentKeystoreAlias.Name,\n\t\t\tAlias: pulumi.String(\"alias\"),\n\t\t\tKeySize: pulumi.String(\"1024\"),\n\t\t\tSigAlg: pulumi.String(\"SHA512withRSA\"),\n\t\t\tCertValidityInDays: pulumi.Int(4),\n\t\t\tSubject: \u0026apigee.KeystoresAliasesSelfSignedCertSubjectArgs{\n\t\t\t\tCommonName: pulumi.String(\"selfsigned_example\"),\n\t\t\t\tCountryCode: pulumi.String(\"US\"),\n\t\t\t\tLocality: pulumi.String(\"TX\"),\n\t\t\t\tOrg: pulumi.String(\"CCE\"),\n\t\t\t\tOrgUnit: pulumi.String(\"PSO\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.Environment;\nimport com.pulumi.gcp.apigee.EnvironmentArgs;\nimport com.pulumi.gcp.apigee.EnvKeystore;\nimport com.pulumi.gcp.apigee.EnvKeystoreArgs;\nimport com.pulumi.gcp.apigee.KeystoresAliasesSelfSignedCert;\nimport com.pulumi.gcp.apigee.KeystoresAliasesSelfSignedCertArgs;\nimport com.pulumi.gcp.apigee.inputs.KeystoresAliasesSelfSignedCertSubjectArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new Project(\"project\", ProjectArgs.builder()\n .projectId(\"my-project\")\n .name(\"my-project\")\n .orgId(\"123456789\")\n .billingAccount(\"000000-0000000-0000000-000000\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var apigee = new Service(\"apigee\", ServiceArgs.builder()\n .project(project.projectId())\n .service(\"apigee.googleapis.com\")\n .build());\n\n var servicenetworking = new Service(\"servicenetworking\", ServiceArgs.builder()\n .project(project.projectId())\n .service(\"servicenetworking.googleapis.com\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigee)\n .build());\n\n var compute = new Service(\"compute\", ServiceArgs.builder()\n .project(project.projectId())\n .service(\"compute.googleapis.com\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(servicenetworking)\n .build());\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .project(project.projectId())\n .build(), CustomResourceOptions.builder()\n .dependsOn(compute)\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(apigeeNetwork.id())\n .project(project.projectId())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build(), CustomResourceOptions.builder()\n .dependsOn(servicenetworking)\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .projectId(project.projectId())\n .authorizedNetwork(apigeeNetwork.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n apigeeVpcConnection,\n apigee)\n .build());\n\n var apigeeEnvironmentKeystoreSsAlias = new Environment(\"apigeeEnvironmentKeystoreSsAlias\", EnvironmentArgs.builder()\n .orgId(apigeeOrg.id())\n .name(\"env-name\")\n .description(\"Apigee Environment\")\n .displayName(\"environment-1\")\n .build());\n\n var apigeeEnvironmentKeystoreAlias = new EnvKeystore(\"apigeeEnvironmentKeystoreAlias\", EnvKeystoreArgs.builder()\n .name(\"env-keystore\")\n .envId(apigeeEnvironmentKeystoreSsAlias.id())\n .build());\n\n var apigeeEnvironmentKeystoreSsAliasKeystoresAliasesSelfSignedCert = new KeystoresAliasesSelfSignedCert(\"apigeeEnvironmentKeystoreSsAliasKeystoresAliasesSelfSignedCert\", KeystoresAliasesSelfSignedCertArgs.builder()\n .environment(apigeeEnvironmentKeystoreSsAlias.name())\n .orgId(apigeeOrg.name())\n .keystore(apigeeEnvironmentKeystoreAlias.name())\n .alias(\"alias\")\n .keySize(1024)\n .sigAlg(\"SHA512withRSA\")\n .certValidityInDays(4)\n .subject(KeystoresAliasesSelfSignedCertSubjectArgs.builder()\n .commonName(\"selfsigned_example\")\n .countryCode(\"US\")\n .locality(\"TX\")\n .org(\"CCE\")\n .orgUnit(\"PSO\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:organizations:Project\n properties:\n projectId: my-project\n name: my-project\n orgId: '123456789'\n billingAccount: 000000-0000000-0000000-000000\n deletionPolicy: DELETE\n apigee:\n type: gcp:projects:Service\n properties:\n project: ${project.projectId}\n service: apigee.googleapis.com\n servicenetworking:\n type: gcp:projects:Service\n properties:\n project: ${project.projectId}\n service: servicenetworking.googleapis.com\n options:\n dependsOn:\n - ${apigee}\n compute:\n type: gcp:projects:Service\n properties:\n project: ${project.projectId}\n service: compute.googleapis.com\n options:\n dependsOn:\n - ${servicenetworking}\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n project: ${project.projectId}\n options:\n dependsOn:\n - ${compute}\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${apigeeNetwork.id}\n project: ${project.projectId}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n options:\n dependsOn:\n - ${servicenetworking}\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n projectId: ${project.projectId}\n authorizedNetwork: ${apigeeNetwork.id}\n options:\n dependsOn:\n - ${apigeeVpcConnection}\n - ${apigee}\n apigeeEnvironmentKeystoreSsAlias:\n type: gcp:apigee:Environment\n name: apigee_environment_keystore_ss_alias\n properties:\n orgId: ${apigeeOrg.id}\n name: env-name\n description: Apigee Environment\n displayName: environment-1\n apigeeEnvironmentKeystoreAlias:\n type: gcp:apigee:EnvKeystore\n name: apigee_environment_keystore_alias\n properties:\n name: env-keystore\n envId: ${apigeeEnvironmentKeystoreSsAlias.id}\n apigeeEnvironmentKeystoreSsAliasKeystoresAliasesSelfSignedCert:\n type: gcp:apigee:KeystoresAliasesSelfSignedCert\n name: apigee_environment_keystore_ss_alias\n properties:\n environment: ${apigeeEnvironmentKeystoreSsAlias.name}\n orgId: ${apigeeOrg.name}\n keystore: ${apigeeEnvironmentKeystoreAlias.name}\n alias: alias\n keySize: 1024\n sigAlg: SHA512withRSA\n certValidityInDays: 4\n subject:\n commonName: selfsigned_example\n countryCode: US\n locality: TX\n org: CCE\n orgUnit: PSO\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nKeystoresAliasesSelfSignedCert can be imported using any of these accepted formats:\n\n* `organizations/{{org_id}}/environments/{{environment}}/keystores/{{keystore}}/aliases/{{alias}}`\n\n* `{{org_id}}/{{environment}}/{{keystore}}/{{alias}}`\n\nWhen using the `pulumi import` command, KeystoresAliasesSelfSignedCert can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:apigee/keystoresAliasesSelfSignedCert:KeystoresAliasesSelfSignedCert default organizations/{{org_id}}/environments/{{environment}}/keystores/{{keystore}}/aliases/{{alias}}\n```\n\n```sh\n$ pulumi import gcp:apigee/keystoresAliasesSelfSignedCert:KeystoresAliasesSelfSignedCert default {{org_id}}/{{environment}}/{{keystore}}/{{alias}}\n```\n\n", "properties": { "alias": { "type": "string", @@ -133641,7 +133641,7 @@ } }, "gcp:apigee/natAddress:NatAddress": { - "description": "Apigee NAT (network address translation) address. A NAT address is a static external IP address used for Internet egress traffic. This is not avaible for Apigee hybrid.\n\n\nTo get more information about NatAddress, see:\n\n* [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.instances.natAddresses)\n* How-to Guides\n * [Provisioning NAT IPs](https://cloud.google.com/apigee/docs/api-platform/security/nat-provisioning)\n\n## Example Usage\n\n### Apigee Nat Address Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {name: \"apigee-network\"});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 21,\n network: apigeeNetwork.id,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst apigeeKeyring = new gcp.kms.KeyRing(\"apigee_keyring\", {\n name: \"apigee-keyring\",\n location: \"us-central1\",\n});\nconst apigeeKey = new gcp.kms.CryptoKey(\"apigee_key\", {\n name: \"apigee-key\",\n keyRing: apigeeKeyring.id,\n});\nconst apigeeSa = new gcp.projects.ServiceIdentity(\"apigee_sa\", {\n project: project.projectId,\n service: apigee.service,\n});\nconst apigeeSaKeyuser = new gcp.kms.CryptoKeyIAMMember(\"apigee_sa_keyuser\", {\n cryptoKeyId: apigeeKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: apigeeSa.member,\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n displayName: \"apigee-org\",\n description: \"Terraform-provisioned Apigee Org.\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n runtimeDatabaseEncryptionKeyName: apigeeKey.id,\n}, {\n dependsOn: [\n apigeeVpcConnection,\n apigeeSaKeyuser,\n ],\n});\nconst apigeeInstance = new gcp.apigee.Instance(\"apigee_instance\", {\n name: \"apigee-instance\",\n location: \"us-central1\",\n description: \"Terraform-managed Apigee Runtime Instance\",\n displayName: \"apigee-instance\",\n orgId: apigeeOrg.id,\n diskEncryptionKeyName: apigeeKey.id,\n});\nconst apigee_nat = new gcp.apigee.NatAddress(\"apigee-nat\", {\n name: \"my-nat-address\",\n instanceId: apigeeInstance.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_network = gcp.compute.Network(\"apigee_network\", name=\"apigee-network\")\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=21,\n network=apigee_network.id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\napigee_keyring = gcp.kms.KeyRing(\"apigee_keyring\",\n name=\"apigee-keyring\",\n location=\"us-central1\")\napigee_key = gcp.kms.CryptoKey(\"apigee_key\",\n name=\"apigee-key\",\n key_ring=apigee_keyring.id)\napigee_sa = gcp.projects.ServiceIdentity(\"apigee_sa\",\n project=project[\"projectId\"],\n service=apigee[\"service\"])\napigee_sa_keyuser = gcp.kms.CryptoKeyIAMMember(\"apigee_sa_keyuser\",\n crypto_key_id=apigee_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=apigee_sa.member)\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n display_name=\"apigee-org\",\n description=\"Terraform-provisioned Apigee Org.\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n runtime_database_encryption_key_name=apigee_key.id,\n opts = pulumi.ResourceOptions(depends_on=[\n apigee_vpc_connection,\n apigee_sa_keyuser,\n ]))\napigee_instance = gcp.apigee.Instance(\"apigee_instance\",\n name=\"apigee-instance\",\n location=\"us-central1\",\n description=\"Terraform-managed Apigee Runtime Instance\",\n display_name=\"apigee-instance\",\n org_id=apigee_org.id,\n disk_encryption_key_name=apigee_key.id)\napigee_nat = gcp.apigee.NatAddress(\"apigee-nat\",\n name=\"my-nat-address\",\n instance_id=apigee_instance.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 21,\n Network = apigeeNetwork.Id,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var apigeeKeyring = new Gcp.Kms.KeyRing(\"apigee_keyring\", new()\n {\n Name = \"apigee-keyring\",\n Location = \"us-central1\",\n });\n\n var apigeeKey = new Gcp.Kms.CryptoKey(\"apigee_key\", new()\n {\n Name = \"apigee-key\",\n KeyRing = apigeeKeyring.Id,\n });\n\n var apigeeSa = new Gcp.Projects.ServiceIdentity(\"apigee_sa\", new()\n {\n Project = project.ProjectId,\n Service = apigee.Service,\n });\n\n var apigeeSaKeyuser = new Gcp.Kms.CryptoKeyIAMMember(\"apigee_sa_keyuser\", new()\n {\n CryptoKeyId = apigeeKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = apigeeSa.Member,\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n DisplayName = \"apigee-org\",\n Description = \"Terraform-provisioned Apigee Org.\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n RuntimeDatabaseEncryptionKeyName = apigeeKey.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n apigeeSaKeyuser,\n },\n });\n\n var apigeeInstance = new Gcp.Apigee.Instance(\"apigee_instance\", new()\n {\n Name = \"apigee-instance\",\n Location = \"us-central1\",\n Description = \"Terraform-managed Apigee Runtime Instance\",\n DisplayName = \"apigee-instance\",\n OrgId = apigeeOrg.Id,\n DiskEncryptionKeyName = apigeeKey.Id,\n });\n\n var apigee_nat = new Gcp.Apigee.NatAddress(\"apigee-nat\", new()\n {\n Name = \"my-nat-address\",\n InstanceId = apigeeInstance.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(21),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeKeyring, err := kms.NewKeyRing(ctx, \"apigee_keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"apigee-keyring\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeKey, err := kms.NewCryptoKey(ctx, \"apigee_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"apigee-key\"),\n\t\t\tKeyRing: apigeeKeyring.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeSa, err := projects.NewServiceIdentity(ctx, \"apigee_sa\", \u0026projects.ServiceIdentityArgs{\n\t\t\tProject: pulumi.Any(project.ProjectId),\n\t\t\tService: pulumi.Any(apigee.Service),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeSaKeyuser, err := kms.NewCryptoKeyIAMMember(ctx, \"apigee_sa_keyuser\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: apigeeKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: apigeeSa.Member,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tDisplayName: pulumi.String(\"apigee-org\"),\n\t\t\tDescription: pulumi.String(\"Terraform-provisioned Apigee Org.\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t\tRuntimeDatabaseEncryptionKeyName: apigeeKey.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t\tapigeeSaKeyuser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeInstance, err := apigee.NewInstance(ctx, \"apigee_instance\", \u0026apigee.InstanceArgs{\n\t\t\tName: pulumi.String(\"apigee-instance\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"Terraform-managed Apigee Runtime Instance\"),\n\t\t\tDisplayName: pulumi.String(\"apigee-instance\"),\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t\tDiskEncryptionKeyName: apigeeKey.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewNatAddress(ctx, \"apigee-nat\", \u0026apigee.NatAddressArgs{\n\t\t\tName: pulumi.String(\"my-nat-address\"),\n\t\t\tInstanceId: apigeeInstance.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.projects.ServiceIdentity;\nimport com.pulumi.gcp.projects.ServiceIdentityArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.Instance;\nimport com.pulumi.gcp.apigee.InstanceArgs;\nimport com.pulumi.gcp.apigee.NatAddress;\nimport com.pulumi.gcp.apigee.NatAddressArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(21)\n .network(apigeeNetwork.id())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var apigeeKeyring = new KeyRing(\"apigeeKeyring\", KeyRingArgs.builder()\n .name(\"apigee-keyring\")\n .location(\"us-central1\")\n .build());\n\n var apigeeKey = new CryptoKey(\"apigeeKey\", CryptoKeyArgs.builder()\n .name(\"apigee-key\")\n .keyRing(apigeeKeyring.id())\n .build());\n\n var apigeeSa = new ServiceIdentity(\"apigeeSa\", ServiceIdentityArgs.builder()\n .project(project.projectId())\n .service(apigee.service())\n .build());\n\n var apigeeSaKeyuser = new CryptoKeyIAMMember(\"apigeeSaKeyuser\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(apigeeKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(apigeeSa.member())\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .displayName(\"apigee-org\")\n .description(\"Terraform-provisioned Apigee Org.\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .runtimeDatabaseEncryptionKeyName(apigeeKey.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n apigeeVpcConnection,\n apigeeSaKeyuser)\n .build());\n\n var apigeeInstance = new Instance(\"apigeeInstance\", InstanceArgs.builder()\n .name(\"apigee-instance\")\n .location(\"us-central1\")\n .description(\"Terraform-managed Apigee Runtime Instance\")\n .displayName(\"apigee-instance\")\n .orgId(apigeeOrg.id())\n .diskEncryptionKeyName(apigeeKey.id())\n .build());\n\n var apigee_nat = new NatAddress(\"apigee-nat\", NatAddressArgs.builder()\n .name(\"my-nat-address\")\n .instanceId(apigeeInstance.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 21\n network: ${apigeeNetwork.id}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n apigeeKeyring:\n type: gcp:kms:KeyRing\n name: apigee_keyring\n properties:\n name: apigee-keyring\n location: us-central1\n apigeeKey:\n type: gcp:kms:CryptoKey\n name: apigee_key\n properties:\n name: apigee-key\n keyRing: ${apigeeKeyring.id}\n apigeeSa:\n type: gcp:projects:ServiceIdentity\n name: apigee_sa\n properties:\n project: ${project.projectId}\n service: ${apigee.service}\n apigeeSaKeyuser:\n type: gcp:kms:CryptoKeyIAMMember\n name: apigee_sa_keyuser\n properties:\n cryptoKeyId: ${apigeeKey.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: ${apigeeSa.member}\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n displayName: apigee-org\n description: Terraform-provisioned Apigee Org.\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n runtimeDatabaseEncryptionKeyName: ${apigeeKey.id}\n options:\n dependson:\n - ${apigeeVpcConnection}\n - ${apigeeSaKeyuser}\n apigeeInstance:\n type: gcp:apigee:Instance\n name: apigee_instance\n properties:\n name: apigee-instance\n location: us-central1\n description: Terraform-managed Apigee Runtime Instance\n displayName: apigee-instance\n orgId: ${apigeeOrg.id}\n diskEncryptionKeyName: ${apigeeKey.id}\n apigee-nat:\n type: gcp:apigee:NatAddress\n properties:\n name: my-nat-address\n instanceId: ${apigeeInstance.id}\nvariables:\n current:\n fn::invoke:\n Function: gcp:organizations:getClientConfig\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Apigee Nat Address With Activate\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {name: \"apigee-network\"});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 21,\n network: apigeeNetwork.id,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst apigeeKeyring = new gcp.kms.KeyRing(\"apigee_keyring\", {\n name: \"apigee-keyring\",\n location: \"us-central1\",\n});\nconst apigeeKey = new gcp.kms.CryptoKey(\"apigee_key\", {\n name: \"apigee-key\",\n keyRing: apigeeKeyring.id,\n});\nconst apigeeSa = new gcp.projects.ServiceIdentity(\"apigee_sa\", {\n project: project.projectId,\n service: apigee.service,\n});\nconst apigeeSaKeyuser = new gcp.kms.CryptoKeyIAMMember(\"apigee_sa_keyuser\", {\n cryptoKeyId: apigeeKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: apigeeSa.member,\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n displayName: \"apigee-org\",\n description: \"Terraform-provisioned Apigee Org.\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n runtimeDatabaseEncryptionKeyName: apigeeKey.id,\n}, {\n dependsOn: [\n apigeeVpcConnection,\n apigeeSaKeyuser,\n ],\n});\nconst apigeeInstance = new gcp.apigee.Instance(\"apigee_instance\", {\n name: \"apigee-instance\",\n location: \"us-central1\",\n description: \"Terraform-managed Apigee Runtime Instance\",\n displayName: \"apigee-instance\",\n orgId: apigeeOrg.id,\n diskEncryptionKeyName: apigeeKey.id,\n});\nconst apigee_nat = new gcp.apigee.NatAddress(\"apigee-nat\", {\n name: \"my-nat-address\",\n activate: true,\n instanceId: apigeeInstance.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_network = gcp.compute.Network(\"apigee_network\", name=\"apigee-network\")\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=21,\n network=apigee_network.id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\napigee_keyring = gcp.kms.KeyRing(\"apigee_keyring\",\n name=\"apigee-keyring\",\n location=\"us-central1\")\napigee_key = gcp.kms.CryptoKey(\"apigee_key\",\n name=\"apigee-key\",\n key_ring=apigee_keyring.id)\napigee_sa = gcp.projects.ServiceIdentity(\"apigee_sa\",\n project=project[\"projectId\"],\n service=apigee[\"service\"])\napigee_sa_keyuser = gcp.kms.CryptoKeyIAMMember(\"apigee_sa_keyuser\",\n crypto_key_id=apigee_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=apigee_sa.member)\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n display_name=\"apigee-org\",\n description=\"Terraform-provisioned Apigee Org.\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n runtime_database_encryption_key_name=apigee_key.id,\n opts = pulumi.ResourceOptions(depends_on=[\n apigee_vpc_connection,\n apigee_sa_keyuser,\n ]))\napigee_instance = gcp.apigee.Instance(\"apigee_instance\",\n name=\"apigee-instance\",\n location=\"us-central1\",\n description=\"Terraform-managed Apigee Runtime Instance\",\n display_name=\"apigee-instance\",\n org_id=apigee_org.id,\n disk_encryption_key_name=apigee_key.id)\napigee_nat = gcp.apigee.NatAddress(\"apigee-nat\",\n name=\"my-nat-address\",\n activate=True,\n instance_id=apigee_instance.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 21,\n Network = apigeeNetwork.Id,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var apigeeKeyring = new Gcp.Kms.KeyRing(\"apigee_keyring\", new()\n {\n Name = \"apigee-keyring\",\n Location = \"us-central1\",\n });\n\n var apigeeKey = new Gcp.Kms.CryptoKey(\"apigee_key\", new()\n {\n Name = \"apigee-key\",\n KeyRing = apigeeKeyring.Id,\n });\n\n var apigeeSa = new Gcp.Projects.ServiceIdentity(\"apigee_sa\", new()\n {\n Project = project.ProjectId,\n Service = apigee.Service,\n });\n\n var apigeeSaKeyuser = new Gcp.Kms.CryptoKeyIAMMember(\"apigee_sa_keyuser\", new()\n {\n CryptoKeyId = apigeeKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = apigeeSa.Member,\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n DisplayName = \"apigee-org\",\n Description = \"Terraform-provisioned Apigee Org.\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n RuntimeDatabaseEncryptionKeyName = apigeeKey.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n apigeeSaKeyuser,\n },\n });\n\n var apigeeInstance = new Gcp.Apigee.Instance(\"apigee_instance\", new()\n {\n Name = \"apigee-instance\",\n Location = \"us-central1\",\n Description = \"Terraform-managed Apigee Runtime Instance\",\n DisplayName = \"apigee-instance\",\n OrgId = apigeeOrg.Id,\n DiskEncryptionKeyName = apigeeKey.Id,\n });\n\n var apigee_nat = new Gcp.Apigee.NatAddress(\"apigee-nat\", new()\n {\n Name = \"my-nat-address\",\n Activate = true,\n InstanceId = apigeeInstance.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(21),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeKeyring, err := kms.NewKeyRing(ctx, \"apigee_keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"apigee-keyring\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeKey, err := kms.NewCryptoKey(ctx, \"apigee_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"apigee-key\"),\n\t\t\tKeyRing: apigeeKeyring.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeSa, err := projects.NewServiceIdentity(ctx, \"apigee_sa\", \u0026projects.ServiceIdentityArgs{\n\t\t\tProject: pulumi.Any(project.ProjectId),\n\t\t\tService: pulumi.Any(apigee.Service),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeSaKeyuser, err := kms.NewCryptoKeyIAMMember(ctx, \"apigee_sa_keyuser\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: apigeeKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: apigeeSa.Member,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tDisplayName: pulumi.String(\"apigee-org\"),\n\t\t\tDescription: pulumi.String(\"Terraform-provisioned Apigee Org.\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t\tRuntimeDatabaseEncryptionKeyName: apigeeKey.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t\tapigeeSaKeyuser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeInstance, err := apigee.NewInstance(ctx, \"apigee_instance\", \u0026apigee.InstanceArgs{\n\t\t\tName: pulumi.String(\"apigee-instance\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"Terraform-managed Apigee Runtime Instance\"),\n\t\t\tDisplayName: pulumi.String(\"apigee-instance\"),\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t\tDiskEncryptionKeyName: apigeeKey.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewNatAddress(ctx, \"apigee-nat\", \u0026apigee.NatAddressArgs{\n\t\t\tName: pulumi.String(\"my-nat-address\"),\n\t\t\tActivate: pulumi.Bool(true),\n\t\t\tInstanceId: apigeeInstance.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.projects.ServiceIdentity;\nimport com.pulumi.gcp.projects.ServiceIdentityArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.Instance;\nimport com.pulumi.gcp.apigee.InstanceArgs;\nimport com.pulumi.gcp.apigee.NatAddress;\nimport com.pulumi.gcp.apigee.NatAddressArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(21)\n .network(apigeeNetwork.id())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var apigeeKeyring = new KeyRing(\"apigeeKeyring\", KeyRingArgs.builder()\n .name(\"apigee-keyring\")\n .location(\"us-central1\")\n .build());\n\n var apigeeKey = new CryptoKey(\"apigeeKey\", CryptoKeyArgs.builder()\n .name(\"apigee-key\")\n .keyRing(apigeeKeyring.id())\n .build());\n\n var apigeeSa = new ServiceIdentity(\"apigeeSa\", ServiceIdentityArgs.builder()\n .project(project.projectId())\n .service(apigee.service())\n .build());\n\n var apigeeSaKeyuser = new CryptoKeyIAMMember(\"apigeeSaKeyuser\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(apigeeKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(apigeeSa.member())\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .displayName(\"apigee-org\")\n .description(\"Terraform-provisioned Apigee Org.\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .runtimeDatabaseEncryptionKeyName(apigeeKey.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n apigeeVpcConnection,\n apigeeSaKeyuser)\n .build());\n\n var apigeeInstance = new Instance(\"apigeeInstance\", InstanceArgs.builder()\n .name(\"apigee-instance\")\n .location(\"us-central1\")\n .description(\"Terraform-managed Apigee Runtime Instance\")\n .displayName(\"apigee-instance\")\n .orgId(apigeeOrg.id())\n .diskEncryptionKeyName(apigeeKey.id())\n .build());\n\n var apigee_nat = new NatAddress(\"apigee-nat\", NatAddressArgs.builder()\n .name(\"my-nat-address\")\n .activate(\"true\")\n .instanceId(apigeeInstance.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 21\n network: ${apigeeNetwork.id}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n apigeeKeyring:\n type: gcp:kms:KeyRing\n name: apigee_keyring\n properties:\n name: apigee-keyring\n location: us-central1\n apigeeKey:\n type: gcp:kms:CryptoKey\n name: apigee_key\n properties:\n name: apigee-key\n keyRing: ${apigeeKeyring.id}\n apigeeSa:\n type: gcp:projects:ServiceIdentity\n name: apigee_sa\n properties:\n project: ${project.projectId}\n service: ${apigee.service}\n apigeeSaKeyuser:\n type: gcp:kms:CryptoKeyIAMMember\n name: apigee_sa_keyuser\n properties:\n cryptoKeyId: ${apigeeKey.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: ${apigeeSa.member}\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n displayName: apigee-org\n description: Terraform-provisioned Apigee Org.\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n runtimeDatabaseEncryptionKeyName: ${apigeeKey.id}\n options:\n dependson:\n - ${apigeeVpcConnection}\n - ${apigeeSaKeyuser}\n apigeeInstance:\n type: gcp:apigee:Instance\n name: apigee_instance\n properties:\n name: apigee-instance\n location: us-central1\n description: Terraform-managed Apigee Runtime Instance\n displayName: apigee-instance\n orgId: ${apigeeOrg.id}\n diskEncryptionKeyName: ${apigeeKey.id}\n apigee-nat:\n type: gcp:apigee:NatAddress\n properties:\n name: my-nat-address\n activate: 'true'\n instanceId: ${apigeeInstance.id}\nvariables:\n current:\n fn::invoke:\n Function: gcp:organizations:getClientConfig\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nNatAddress can be imported using any of these accepted formats:\n\n* `{{instance_id}}/natAddresses/{{name}}`\n\n* `{{instance_id}}/{{name}}`\n\nWhen using the `pulumi import` command, NatAddress can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:apigee/natAddress:NatAddress default {{instance_id}}/natAddresses/{{name}}\n```\n\n```sh\n$ pulumi import gcp:apigee/natAddress:NatAddress default {{instance_id}}/{{name}}\n```\n\n", + "description": "Apigee NAT (network address translation) address. A NAT address is a static external IP address used for Internet egress traffic. This is not avaible for Apigee hybrid.\n\n\nTo get more information about NatAddress, see:\n\n* [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.instances.natAddresses)\n* How-to Guides\n * [Provisioning NAT IPs](https://cloud.google.com/apigee/docs/api-platform/security/nat-provisioning)\n\n## Example Usage\n\n### Apigee Nat Address Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {name: \"apigee-network\"});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 21,\n network: apigeeNetwork.id,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst apigeeKeyring = new gcp.kms.KeyRing(\"apigee_keyring\", {\n name: \"apigee-keyring\",\n location: \"us-central1\",\n});\nconst apigeeKey = new gcp.kms.CryptoKey(\"apigee_key\", {\n name: \"apigee-key\",\n keyRing: apigeeKeyring.id,\n});\nconst apigeeSa = new gcp.projects.ServiceIdentity(\"apigee_sa\", {\n project: project.projectId,\n service: apigee.service,\n});\nconst apigeeSaKeyuser = new gcp.kms.CryptoKeyIAMMember(\"apigee_sa_keyuser\", {\n cryptoKeyId: apigeeKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: apigeeSa.member,\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n displayName: \"apigee-org\",\n description: \"Terraform-provisioned Apigee Org.\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n runtimeDatabaseEncryptionKeyName: apigeeKey.id,\n}, {\n dependsOn: [\n apigeeVpcConnection,\n apigeeSaKeyuser,\n ],\n});\nconst apigeeInstance = new gcp.apigee.Instance(\"apigee_instance\", {\n name: \"apigee-instance\",\n location: \"us-central1\",\n description: \"Terraform-managed Apigee Runtime Instance\",\n displayName: \"apigee-instance\",\n orgId: apigeeOrg.id,\n diskEncryptionKeyName: apigeeKey.id,\n});\nconst apigee_nat = new gcp.apigee.NatAddress(\"apigee-nat\", {\n name: \"my-nat-address\",\n instanceId: apigeeInstance.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_network = gcp.compute.Network(\"apigee_network\", name=\"apigee-network\")\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=21,\n network=apigee_network.id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\napigee_keyring = gcp.kms.KeyRing(\"apigee_keyring\",\n name=\"apigee-keyring\",\n location=\"us-central1\")\napigee_key = gcp.kms.CryptoKey(\"apigee_key\",\n name=\"apigee-key\",\n key_ring=apigee_keyring.id)\napigee_sa = gcp.projects.ServiceIdentity(\"apigee_sa\",\n project=project[\"projectId\"],\n service=apigee[\"service\"])\napigee_sa_keyuser = gcp.kms.CryptoKeyIAMMember(\"apigee_sa_keyuser\",\n crypto_key_id=apigee_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=apigee_sa.member)\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n display_name=\"apigee-org\",\n description=\"Terraform-provisioned Apigee Org.\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n runtime_database_encryption_key_name=apigee_key.id,\n opts = pulumi.ResourceOptions(depends_on=[\n apigee_vpc_connection,\n apigee_sa_keyuser,\n ]))\napigee_instance = gcp.apigee.Instance(\"apigee_instance\",\n name=\"apigee-instance\",\n location=\"us-central1\",\n description=\"Terraform-managed Apigee Runtime Instance\",\n display_name=\"apigee-instance\",\n org_id=apigee_org.id,\n disk_encryption_key_name=apigee_key.id)\napigee_nat = gcp.apigee.NatAddress(\"apigee-nat\",\n name=\"my-nat-address\",\n instance_id=apigee_instance.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 21,\n Network = apigeeNetwork.Id,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var apigeeKeyring = new Gcp.Kms.KeyRing(\"apigee_keyring\", new()\n {\n Name = \"apigee-keyring\",\n Location = \"us-central1\",\n });\n\n var apigeeKey = new Gcp.Kms.CryptoKey(\"apigee_key\", new()\n {\n Name = \"apigee-key\",\n KeyRing = apigeeKeyring.Id,\n });\n\n var apigeeSa = new Gcp.Projects.ServiceIdentity(\"apigee_sa\", new()\n {\n Project = project.ProjectId,\n Service = apigee.Service,\n });\n\n var apigeeSaKeyuser = new Gcp.Kms.CryptoKeyIAMMember(\"apigee_sa_keyuser\", new()\n {\n CryptoKeyId = apigeeKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = apigeeSa.Member,\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n DisplayName = \"apigee-org\",\n Description = \"Terraform-provisioned Apigee Org.\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n RuntimeDatabaseEncryptionKeyName = apigeeKey.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n apigeeSaKeyuser,\n },\n });\n\n var apigeeInstance = new Gcp.Apigee.Instance(\"apigee_instance\", new()\n {\n Name = \"apigee-instance\",\n Location = \"us-central1\",\n Description = \"Terraform-managed Apigee Runtime Instance\",\n DisplayName = \"apigee-instance\",\n OrgId = apigeeOrg.Id,\n DiskEncryptionKeyName = apigeeKey.Id,\n });\n\n var apigee_nat = new Gcp.Apigee.NatAddress(\"apigee-nat\", new()\n {\n Name = \"my-nat-address\",\n InstanceId = apigeeInstance.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(21),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeKeyring, err := kms.NewKeyRing(ctx, \"apigee_keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"apigee-keyring\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeKey, err := kms.NewCryptoKey(ctx, \"apigee_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"apigee-key\"),\n\t\t\tKeyRing: apigeeKeyring.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeSa, err := projects.NewServiceIdentity(ctx, \"apigee_sa\", \u0026projects.ServiceIdentityArgs{\n\t\t\tProject: pulumi.Any(project.ProjectId),\n\t\t\tService: pulumi.Any(apigee.Service),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeSaKeyuser, err := kms.NewCryptoKeyIAMMember(ctx, \"apigee_sa_keyuser\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: apigeeKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: apigeeSa.Member,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tDisplayName: pulumi.String(\"apigee-org\"),\n\t\t\tDescription: pulumi.String(\"Terraform-provisioned Apigee Org.\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t\tRuntimeDatabaseEncryptionKeyName: apigeeKey.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t\tapigeeSaKeyuser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeInstance, err := apigee.NewInstance(ctx, \"apigee_instance\", \u0026apigee.InstanceArgs{\n\t\t\tName: pulumi.String(\"apigee-instance\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"Terraform-managed Apigee Runtime Instance\"),\n\t\t\tDisplayName: pulumi.String(\"apigee-instance\"),\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t\tDiskEncryptionKeyName: apigeeKey.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewNatAddress(ctx, \"apigee-nat\", \u0026apigee.NatAddressArgs{\n\t\t\tName: pulumi.String(\"my-nat-address\"),\n\t\t\tInstanceId: apigeeInstance.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.projects.ServiceIdentity;\nimport com.pulumi.gcp.projects.ServiceIdentityArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.Instance;\nimport com.pulumi.gcp.apigee.InstanceArgs;\nimport com.pulumi.gcp.apigee.NatAddress;\nimport com.pulumi.gcp.apigee.NatAddressArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(21)\n .network(apigeeNetwork.id())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var apigeeKeyring = new KeyRing(\"apigeeKeyring\", KeyRingArgs.builder()\n .name(\"apigee-keyring\")\n .location(\"us-central1\")\n .build());\n\n var apigeeKey = new CryptoKey(\"apigeeKey\", CryptoKeyArgs.builder()\n .name(\"apigee-key\")\n .keyRing(apigeeKeyring.id())\n .build());\n\n var apigeeSa = new ServiceIdentity(\"apigeeSa\", ServiceIdentityArgs.builder()\n .project(project.projectId())\n .service(apigee.service())\n .build());\n\n var apigeeSaKeyuser = new CryptoKeyIAMMember(\"apigeeSaKeyuser\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(apigeeKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(apigeeSa.member())\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .displayName(\"apigee-org\")\n .description(\"Terraform-provisioned Apigee Org.\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .runtimeDatabaseEncryptionKeyName(apigeeKey.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n apigeeVpcConnection,\n apigeeSaKeyuser)\n .build());\n\n var apigeeInstance = new Instance(\"apigeeInstance\", InstanceArgs.builder()\n .name(\"apigee-instance\")\n .location(\"us-central1\")\n .description(\"Terraform-managed Apigee Runtime Instance\")\n .displayName(\"apigee-instance\")\n .orgId(apigeeOrg.id())\n .diskEncryptionKeyName(apigeeKey.id())\n .build());\n\n var apigee_nat = new NatAddress(\"apigee-nat\", NatAddressArgs.builder()\n .name(\"my-nat-address\")\n .instanceId(apigeeInstance.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 21\n network: ${apigeeNetwork.id}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n apigeeKeyring:\n type: gcp:kms:KeyRing\n name: apigee_keyring\n properties:\n name: apigee-keyring\n location: us-central1\n apigeeKey:\n type: gcp:kms:CryptoKey\n name: apigee_key\n properties:\n name: apigee-key\n keyRing: ${apigeeKeyring.id}\n apigeeSa:\n type: gcp:projects:ServiceIdentity\n name: apigee_sa\n properties:\n project: ${project.projectId}\n service: ${apigee.service}\n apigeeSaKeyuser:\n type: gcp:kms:CryptoKeyIAMMember\n name: apigee_sa_keyuser\n properties:\n cryptoKeyId: ${apigeeKey.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: ${apigeeSa.member}\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n displayName: apigee-org\n description: Terraform-provisioned Apigee Org.\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n runtimeDatabaseEncryptionKeyName: ${apigeeKey.id}\n options:\n dependsOn:\n - ${apigeeVpcConnection}\n - ${apigeeSaKeyuser}\n apigeeInstance:\n type: gcp:apigee:Instance\n name: apigee_instance\n properties:\n name: apigee-instance\n location: us-central1\n description: Terraform-managed Apigee Runtime Instance\n displayName: apigee-instance\n orgId: ${apigeeOrg.id}\n diskEncryptionKeyName: ${apigeeKey.id}\n apigee-nat:\n type: gcp:apigee:NatAddress\n properties:\n name: my-nat-address\n instanceId: ${apigeeInstance.id}\nvariables:\n current:\n fn::invoke:\n function: gcp:organizations:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Apigee Nat Address With Activate\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {name: \"apigee-network\"});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 21,\n network: apigeeNetwork.id,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst apigeeKeyring = new gcp.kms.KeyRing(\"apigee_keyring\", {\n name: \"apigee-keyring\",\n location: \"us-central1\",\n});\nconst apigeeKey = new gcp.kms.CryptoKey(\"apigee_key\", {\n name: \"apigee-key\",\n keyRing: apigeeKeyring.id,\n});\nconst apigeeSa = new gcp.projects.ServiceIdentity(\"apigee_sa\", {\n project: project.projectId,\n service: apigee.service,\n});\nconst apigeeSaKeyuser = new gcp.kms.CryptoKeyIAMMember(\"apigee_sa_keyuser\", {\n cryptoKeyId: apigeeKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: apigeeSa.member,\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n displayName: \"apigee-org\",\n description: \"Terraform-provisioned Apigee Org.\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n runtimeDatabaseEncryptionKeyName: apigeeKey.id,\n}, {\n dependsOn: [\n apigeeVpcConnection,\n apigeeSaKeyuser,\n ],\n});\nconst apigeeInstance = new gcp.apigee.Instance(\"apigee_instance\", {\n name: \"apigee-instance\",\n location: \"us-central1\",\n description: \"Terraform-managed Apigee Runtime Instance\",\n displayName: \"apigee-instance\",\n orgId: apigeeOrg.id,\n diskEncryptionKeyName: apigeeKey.id,\n});\nconst apigee_nat = new gcp.apigee.NatAddress(\"apigee-nat\", {\n name: \"my-nat-address\",\n activate: true,\n instanceId: apigeeInstance.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_network = gcp.compute.Network(\"apigee_network\", name=\"apigee-network\")\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=21,\n network=apigee_network.id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\napigee_keyring = gcp.kms.KeyRing(\"apigee_keyring\",\n name=\"apigee-keyring\",\n location=\"us-central1\")\napigee_key = gcp.kms.CryptoKey(\"apigee_key\",\n name=\"apigee-key\",\n key_ring=apigee_keyring.id)\napigee_sa = gcp.projects.ServiceIdentity(\"apigee_sa\",\n project=project[\"projectId\"],\n service=apigee[\"service\"])\napigee_sa_keyuser = gcp.kms.CryptoKeyIAMMember(\"apigee_sa_keyuser\",\n crypto_key_id=apigee_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=apigee_sa.member)\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n display_name=\"apigee-org\",\n description=\"Terraform-provisioned Apigee Org.\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n runtime_database_encryption_key_name=apigee_key.id,\n opts = pulumi.ResourceOptions(depends_on=[\n apigee_vpc_connection,\n apigee_sa_keyuser,\n ]))\napigee_instance = gcp.apigee.Instance(\"apigee_instance\",\n name=\"apigee-instance\",\n location=\"us-central1\",\n description=\"Terraform-managed Apigee Runtime Instance\",\n display_name=\"apigee-instance\",\n org_id=apigee_org.id,\n disk_encryption_key_name=apigee_key.id)\napigee_nat = gcp.apigee.NatAddress(\"apigee-nat\",\n name=\"my-nat-address\",\n activate=True,\n instance_id=apigee_instance.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 21,\n Network = apigeeNetwork.Id,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var apigeeKeyring = new Gcp.Kms.KeyRing(\"apigee_keyring\", new()\n {\n Name = \"apigee-keyring\",\n Location = \"us-central1\",\n });\n\n var apigeeKey = new Gcp.Kms.CryptoKey(\"apigee_key\", new()\n {\n Name = \"apigee-key\",\n KeyRing = apigeeKeyring.Id,\n });\n\n var apigeeSa = new Gcp.Projects.ServiceIdentity(\"apigee_sa\", new()\n {\n Project = project.ProjectId,\n Service = apigee.Service,\n });\n\n var apigeeSaKeyuser = new Gcp.Kms.CryptoKeyIAMMember(\"apigee_sa_keyuser\", new()\n {\n CryptoKeyId = apigeeKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = apigeeSa.Member,\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n DisplayName = \"apigee-org\",\n Description = \"Terraform-provisioned Apigee Org.\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n RuntimeDatabaseEncryptionKeyName = apigeeKey.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n apigeeSaKeyuser,\n },\n });\n\n var apigeeInstance = new Gcp.Apigee.Instance(\"apigee_instance\", new()\n {\n Name = \"apigee-instance\",\n Location = \"us-central1\",\n Description = \"Terraform-managed Apigee Runtime Instance\",\n DisplayName = \"apigee-instance\",\n OrgId = apigeeOrg.Id,\n DiskEncryptionKeyName = apigeeKey.Id,\n });\n\n var apigee_nat = new Gcp.Apigee.NatAddress(\"apigee-nat\", new()\n {\n Name = \"my-nat-address\",\n Activate = true,\n InstanceId = apigeeInstance.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(21),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeKeyring, err := kms.NewKeyRing(ctx, \"apigee_keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"apigee-keyring\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeKey, err := kms.NewCryptoKey(ctx, \"apigee_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"apigee-key\"),\n\t\t\tKeyRing: apigeeKeyring.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeSa, err := projects.NewServiceIdentity(ctx, \"apigee_sa\", \u0026projects.ServiceIdentityArgs{\n\t\t\tProject: pulumi.Any(project.ProjectId),\n\t\t\tService: pulumi.Any(apigee.Service),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeSaKeyuser, err := kms.NewCryptoKeyIAMMember(ctx, \"apigee_sa_keyuser\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: apigeeKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: apigeeSa.Member,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tDisplayName: pulumi.String(\"apigee-org\"),\n\t\t\tDescription: pulumi.String(\"Terraform-provisioned Apigee Org.\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t\tRuntimeDatabaseEncryptionKeyName: apigeeKey.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t\tapigeeSaKeyuser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeInstance, err := apigee.NewInstance(ctx, \"apigee_instance\", \u0026apigee.InstanceArgs{\n\t\t\tName: pulumi.String(\"apigee-instance\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"Terraform-managed Apigee Runtime Instance\"),\n\t\t\tDisplayName: pulumi.String(\"apigee-instance\"),\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t\tDiskEncryptionKeyName: apigeeKey.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewNatAddress(ctx, \"apigee-nat\", \u0026apigee.NatAddressArgs{\n\t\t\tName: pulumi.String(\"my-nat-address\"),\n\t\t\tActivate: pulumi.Bool(true),\n\t\t\tInstanceId: apigeeInstance.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.projects.ServiceIdentity;\nimport com.pulumi.gcp.projects.ServiceIdentityArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.Instance;\nimport com.pulumi.gcp.apigee.InstanceArgs;\nimport com.pulumi.gcp.apigee.NatAddress;\nimport com.pulumi.gcp.apigee.NatAddressArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(21)\n .network(apigeeNetwork.id())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var apigeeKeyring = new KeyRing(\"apigeeKeyring\", KeyRingArgs.builder()\n .name(\"apigee-keyring\")\n .location(\"us-central1\")\n .build());\n\n var apigeeKey = new CryptoKey(\"apigeeKey\", CryptoKeyArgs.builder()\n .name(\"apigee-key\")\n .keyRing(apigeeKeyring.id())\n .build());\n\n var apigeeSa = new ServiceIdentity(\"apigeeSa\", ServiceIdentityArgs.builder()\n .project(project.projectId())\n .service(apigee.service())\n .build());\n\n var apigeeSaKeyuser = new CryptoKeyIAMMember(\"apigeeSaKeyuser\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(apigeeKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(apigeeSa.member())\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .displayName(\"apigee-org\")\n .description(\"Terraform-provisioned Apigee Org.\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .runtimeDatabaseEncryptionKeyName(apigeeKey.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n apigeeVpcConnection,\n apigeeSaKeyuser)\n .build());\n\n var apigeeInstance = new Instance(\"apigeeInstance\", InstanceArgs.builder()\n .name(\"apigee-instance\")\n .location(\"us-central1\")\n .description(\"Terraform-managed Apigee Runtime Instance\")\n .displayName(\"apigee-instance\")\n .orgId(apigeeOrg.id())\n .diskEncryptionKeyName(apigeeKey.id())\n .build());\n\n var apigee_nat = new NatAddress(\"apigee-nat\", NatAddressArgs.builder()\n .name(\"my-nat-address\")\n .activate(\"true\")\n .instanceId(apigeeInstance.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 21\n network: ${apigeeNetwork.id}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n apigeeKeyring:\n type: gcp:kms:KeyRing\n name: apigee_keyring\n properties:\n name: apigee-keyring\n location: us-central1\n apigeeKey:\n type: gcp:kms:CryptoKey\n name: apigee_key\n properties:\n name: apigee-key\n keyRing: ${apigeeKeyring.id}\n apigeeSa:\n type: gcp:projects:ServiceIdentity\n name: apigee_sa\n properties:\n project: ${project.projectId}\n service: ${apigee.service}\n apigeeSaKeyuser:\n type: gcp:kms:CryptoKeyIAMMember\n name: apigee_sa_keyuser\n properties:\n cryptoKeyId: ${apigeeKey.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: ${apigeeSa.member}\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n displayName: apigee-org\n description: Terraform-provisioned Apigee Org.\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n runtimeDatabaseEncryptionKeyName: ${apigeeKey.id}\n options:\n dependsOn:\n - ${apigeeVpcConnection}\n - ${apigeeSaKeyuser}\n apigeeInstance:\n type: gcp:apigee:Instance\n name: apigee_instance\n properties:\n name: apigee-instance\n location: us-central1\n description: Terraform-managed Apigee Runtime Instance\n displayName: apigee-instance\n orgId: ${apigeeOrg.id}\n diskEncryptionKeyName: ${apigeeKey.id}\n apigee-nat:\n type: gcp:apigee:NatAddress\n properties:\n name: my-nat-address\n activate: 'true'\n instanceId: ${apigeeInstance.id}\nvariables:\n current:\n fn::invoke:\n function: gcp:organizations:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nNatAddress can be imported using any of these accepted formats:\n\n* `{{instance_id}}/natAddresses/{{name}}`\n\n* `{{instance_id}}/{{name}}`\n\nWhen using the `pulumi import` command, NatAddress can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:apigee/natAddress:NatAddress default {{instance_id}}/natAddresses/{{name}}\n```\n\n```sh\n$ pulumi import gcp:apigee/natAddress:NatAddress default {{instance_id}}/{{name}}\n```\n\n", "properties": { "activate": { "type": "boolean", @@ -133719,7 +133719,7 @@ } }, "gcp:apigee/organization:Organization": { - "description": "An `Organization` is the top-level container in Apigee.\n\n\nTo get more information about Organization, see:\n\n* [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations)\n* How-to Guides\n * [Creating an API organization](https://cloud.google.com/apigee/docs/api-platform/get-started/create-org)\n\n## Example Usage\n\n### Apigee Organization Cloud Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {name: \"apigee-network\"});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: apigeeNetwork.id,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst org = new gcp.apigee.Organization(\"org\", {\n analyticsRegion: \"us-central1\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n}, {\n dependsOn: [apigeeVpcConnection],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_network = gcp.compute.Network(\"apigee_network\", name=\"apigee-network\")\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=apigee_network.id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\norg = gcp.apigee.Organization(\"org\",\n analytics_region=\"us-central1\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n opts = pulumi.ResourceOptions(depends_on=[apigee_vpc_connection]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = apigeeNetwork.Id,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var org = new Gcp.Apigee.Organization(\"org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewOrganization(ctx, \"org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(apigeeNetwork.id())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var org = new Organization(\"org\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeVpcConnection)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${apigeeNetwork.id}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n org:\n type: gcp:apigee:Organization\n properties:\n analyticsRegion: us-central1\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n options:\n dependson:\n - ${apigeeVpcConnection}\nvariables:\n current:\n fn::invoke:\n Function: gcp:organizations:getClientConfig\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Apigee Organization Cloud Basic Disable Vpc Peering\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst org = new gcp.apigee.Organization(\"org\", {\n description: \"Terraform-provisioned basic Apigee Org without VPC Peering.\",\n analyticsRegion: \"us-central1\",\n projectId: current.then(current =\u003e current.project),\n disableVpcPeering: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\norg = gcp.apigee.Organization(\"org\",\n description=\"Terraform-provisioned basic Apigee Org without VPC Peering.\",\n analytics_region=\"us-central1\",\n project_id=current.project,\n disable_vpc_peering=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var org = new Gcp.Apigee.Organization(\"org\", new()\n {\n Description = \"Terraform-provisioned basic Apigee Org without VPC Peering.\",\n AnalyticsRegion = \"us-central1\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n DisableVpcPeering = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewOrganization(ctx, \"org\", \u0026apigee.OrganizationArgs{\n\t\t\tDescription: pulumi.String(\"Terraform-provisioned basic Apigee Org without VPC Peering.\"),\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tDisableVpcPeering: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var org = new Organization(\"org\", OrganizationArgs.builder()\n .description(\"Terraform-provisioned basic Apigee Org without VPC Peering.\")\n .analyticsRegion(\"us-central1\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .disableVpcPeering(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n org:\n type: gcp:apigee:Organization\n properties:\n description: Terraform-provisioned basic Apigee Org without VPC Peering.\n analyticsRegion: us-central1\n projectId: ${current.project}\n disableVpcPeering: true\nvariables:\n current:\n fn::invoke:\n Function: gcp:organizations:getClientConfig\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Apigee Organization Cloud Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {name: \"apigee-network\"});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: apigeeNetwork.id,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst apigeeKeyring = new gcp.kms.KeyRing(\"apigee_keyring\", {\n name: \"apigee-keyring\",\n location: \"us-central1\",\n});\nconst apigeeKey = new gcp.kms.CryptoKey(\"apigee_key\", {\n name: \"apigee-key\",\n keyRing: apigeeKeyring.id,\n});\nconst apigeeSa = new gcp.projects.ServiceIdentity(\"apigee_sa\", {\n project: project.projectId,\n service: apigee.service,\n});\nconst apigeeSaKeyuser = new gcp.kms.CryptoKeyIAMMember(\"apigee_sa_keyuser\", {\n cryptoKeyId: apigeeKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: apigeeSa.member,\n});\nconst org = new gcp.apigee.Organization(\"org\", {\n analyticsRegion: \"us-central1\",\n displayName: \"apigee-org\",\n description: \"Auto-provisioned Apigee Org.\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n runtimeDatabaseEncryptionKeyName: apigeeKey.id,\n}, {\n dependsOn: [\n apigeeVpcConnection,\n apigeeSaKeyuser,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_network = gcp.compute.Network(\"apigee_network\", name=\"apigee-network\")\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=apigee_network.id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\napigee_keyring = gcp.kms.KeyRing(\"apigee_keyring\",\n name=\"apigee-keyring\",\n location=\"us-central1\")\napigee_key = gcp.kms.CryptoKey(\"apigee_key\",\n name=\"apigee-key\",\n key_ring=apigee_keyring.id)\napigee_sa = gcp.projects.ServiceIdentity(\"apigee_sa\",\n project=project[\"projectId\"],\n service=apigee[\"service\"])\napigee_sa_keyuser = gcp.kms.CryptoKeyIAMMember(\"apigee_sa_keyuser\",\n crypto_key_id=apigee_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=apigee_sa.member)\norg = gcp.apigee.Organization(\"org\",\n analytics_region=\"us-central1\",\n display_name=\"apigee-org\",\n description=\"Auto-provisioned Apigee Org.\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n runtime_database_encryption_key_name=apigee_key.id,\n opts = pulumi.ResourceOptions(depends_on=[\n apigee_vpc_connection,\n apigee_sa_keyuser,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = apigeeNetwork.Id,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var apigeeKeyring = new Gcp.Kms.KeyRing(\"apigee_keyring\", new()\n {\n Name = \"apigee-keyring\",\n Location = \"us-central1\",\n });\n\n var apigeeKey = new Gcp.Kms.CryptoKey(\"apigee_key\", new()\n {\n Name = \"apigee-key\",\n KeyRing = apigeeKeyring.Id,\n });\n\n var apigeeSa = new Gcp.Projects.ServiceIdentity(\"apigee_sa\", new()\n {\n Project = project.ProjectId,\n Service = apigee.Service,\n });\n\n var apigeeSaKeyuser = new Gcp.Kms.CryptoKeyIAMMember(\"apigee_sa_keyuser\", new()\n {\n CryptoKeyId = apigeeKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = apigeeSa.Member,\n });\n\n var org = new Gcp.Apigee.Organization(\"org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n DisplayName = \"apigee-org\",\n Description = \"Auto-provisioned Apigee Org.\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n RuntimeDatabaseEncryptionKeyName = apigeeKey.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n apigeeSaKeyuser,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeKeyring, err := kms.NewKeyRing(ctx, \"apigee_keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"apigee-keyring\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeKey, err := kms.NewCryptoKey(ctx, \"apigee_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"apigee-key\"),\n\t\t\tKeyRing: apigeeKeyring.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeSa, err := projects.NewServiceIdentity(ctx, \"apigee_sa\", \u0026projects.ServiceIdentityArgs{\n\t\t\tProject: pulumi.Any(project.ProjectId),\n\t\t\tService: pulumi.Any(apigee.Service),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeSaKeyuser, err := kms.NewCryptoKeyIAMMember(ctx, \"apigee_sa_keyuser\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: apigeeKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: apigeeSa.Member,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewOrganization(ctx, \"org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tDisplayName: pulumi.String(\"apigee-org\"),\n\t\t\tDescription: pulumi.String(\"Auto-provisioned Apigee Org.\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t\tRuntimeDatabaseEncryptionKeyName: apigeeKey.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t\tapigeeSaKeyuser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.projects.ServiceIdentity;\nimport com.pulumi.gcp.projects.ServiceIdentityArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(apigeeNetwork.id())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var apigeeKeyring = new KeyRing(\"apigeeKeyring\", KeyRingArgs.builder()\n .name(\"apigee-keyring\")\n .location(\"us-central1\")\n .build());\n\n var apigeeKey = new CryptoKey(\"apigeeKey\", CryptoKeyArgs.builder()\n .name(\"apigee-key\")\n .keyRing(apigeeKeyring.id())\n .build());\n\n var apigeeSa = new ServiceIdentity(\"apigeeSa\", ServiceIdentityArgs.builder()\n .project(project.projectId())\n .service(apigee.service())\n .build());\n\n var apigeeSaKeyuser = new CryptoKeyIAMMember(\"apigeeSaKeyuser\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(apigeeKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(apigeeSa.member())\n .build());\n\n var org = new Organization(\"org\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .displayName(\"apigee-org\")\n .description(\"Auto-provisioned Apigee Org.\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .runtimeDatabaseEncryptionKeyName(apigeeKey.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n apigeeVpcConnection,\n apigeeSaKeyuser)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${apigeeNetwork.id}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n apigeeKeyring:\n type: gcp:kms:KeyRing\n name: apigee_keyring\n properties:\n name: apigee-keyring\n location: us-central1\n apigeeKey:\n type: gcp:kms:CryptoKey\n name: apigee_key\n properties:\n name: apigee-key\n keyRing: ${apigeeKeyring.id}\n apigeeSa:\n type: gcp:projects:ServiceIdentity\n name: apigee_sa\n properties:\n project: ${project.projectId}\n service: ${apigee.service}\n apigeeSaKeyuser:\n type: gcp:kms:CryptoKeyIAMMember\n name: apigee_sa_keyuser\n properties:\n cryptoKeyId: ${apigeeKey.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: ${apigeeSa.member}\n org:\n type: gcp:apigee:Organization\n properties:\n analyticsRegion: us-central1\n displayName: apigee-org\n description: Auto-provisioned Apigee Org.\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n runtimeDatabaseEncryptionKeyName: ${apigeeKey.id}\n options:\n dependson:\n - ${apigeeVpcConnection}\n - ${apigeeSaKeyuser}\nvariables:\n current:\n fn::invoke:\n Function: gcp:organizations:getClientConfig\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Apigee Organization Cloud Full Disable Vpc Peering\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeKeyring = new gcp.kms.KeyRing(\"apigee_keyring\", {\n name: \"apigee-keyring\",\n location: \"us-central1\",\n});\nconst apigeeKey = new gcp.kms.CryptoKey(\"apigee_key\", {\n name: \"apigee-key\",\n keyRing: apigeeKeyring.id,\n});\nconst apigeeSa = new gcp.projects.ServiceIdentity(\"apigee_sa\", {\n project: project.projectId,\n service: apigee.service,\n});\nconst apigeeSaKeyuser = new gcp.kms.CryptoKeyIAMMember(\"apigee_sa_keyuser\", {\n cryptoKeyId: apigeeKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: apigeeSa.member,\n});\nconst org = new gcp.apigee.Organization(\"org\", {\n analyticsRegion: \"us-central1\",\n displayName: \"apigee-org\",\n description: \"Terraform-provisioned Apigee Org without VPC Peering.\",\n projectId: current.then(current =\u003e current.project),\n disableVpcPeering: true,\n runtimeDatabaseEncryptionKeyName: apigeeKey.id,\n}, {\n dependsOn: [apigeeSaKeyuser],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_keyring = gcp.kms.KeyRing(\"apigee_keyring\",\n name=\"apigee-keyring\",\n location=\"us-central1\")\napigee_key = gcp.kms.CryptoKey(\"apigee_key\",\n name=\"apigee-key\",\n key_ring=apigee_keyring.id)\napigee_sa = gcp.projects.ServiceIdentity(\"apigee_sa\",\n project=project[\"projectId\"],\n service=apigee[\"service\"])\napigee_sa_keyuser = gcp.kms.CryptoKeyIAMMember(\"apigee_sa_keyuser\",\n crypto_key_id=apigee_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=apigee_sa.member)\norg = gcp.apigee.Organization(\"org\",\n analytics_region=\"us-central1\",\n display_name=\"apigee-org\",\n description=\"Terraform-provisioned Apigee Org without VPC Peering.\",\n project_id=current.project,\n disable_vpc_peering=True,\n runtime_database_encryption_key_name=apigee_key.id,\n opts = pulumi.ResourceOptions(depends_on=[apigee_sa_keyuser]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeKeyring = new Gcp.Kms.KeyRing(\"apigee_keyring\", new()\n {\n Name = \"apigee-keyring\",\n Location = \"us-central1\",\n });\n\n var apigeeKey = new Gcp.Kms.CryptoKey(\"apigee_key\", new()\n {\n Name = \"apigee-key\",\n KeyRing = apigeeKeyring.Id,\n });\n\n var apigeeSa = new Gcp.Projects.ServiceIdentity(\"apigee_sa\", new()\n {\n Project = project.ProjectId,\n Service = apigee.Service,\n });\n\n var apigeeSaKeyuser = new Gcp.Kms.CryptoKeyIAMMember(\"apigee_sa_keyuser\", new()\n {\n CryptoKeyId = apigeeKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = apigeeSa.Member,\n });\n\n var org = new Gcp.Apigee.Organization(\"org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n DisplayName = \"apigee-org\",\n Description = \"Terraform-provisioned Apigee Org without VPC Peering.\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n DisableVpcPeering = true,\n RuntimeDatabaseEncryptionKeyName = apigeeKey.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeSaKeyuser,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeKeyring, err := kms.NewKeyRing(ctx, \"apigee_keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"apigee-keyring\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeKey, err := kms.NewCryptoKey(ctx, \"apigee_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"apigee-key\"),\n\t\t\tKeyRing: apigeeKeyring.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeSa, err := projects.NewServiceIdentity(ctx, \"apigee_sa\", \u0026projects.ServiceIdentityArgs{\n\t\t\tProject: pulumi.Any(project.ProjectId),\n\t\t\tService: pulumi.Any(apigee.Service),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeSaKeyuser, err := kms.NewCryptoKeyIAMMember(ctx, \"apigee_sa_keyuser\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: apigeeKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: apigeeSa.Member,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewOrganization(ctx, \"org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tDisplayName: pulumi.String(\"apigee-org\"),\n\t\t\tDescription: pulumi.String(\"Terraform-provisioned Apigee Org without VPC Peering.\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tDisableVpcPeering: pulumi.Bool(true),\n\t\t\tRuntimeDatabaseEncryptionKeyName: apigeeKey.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeSaKeyuser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.projects.ServiceIdentity;\nimport com.pulumi.gcp.projects.ServiceIdentityArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeKeyring = new KeyRing(\"apigeeKeyring\", KeyRingArgs.builder()\n .name(\"apigee-keyring\")\n .location(\"us-central1\")\n .build());\n\n var apigeeKey = new CryptoKey(\"apigeeKey\", CryptoKeyArgs.builder()\n .name(\"apigee-key\")\n .keyRing(apigeeKeyring.id())\n .build());\n\n var apigeeSa = new ServiceIdentity(\"apigeeSa\", ServiceIdentityArgs.builder()\n .project(project.projectId())\n .service(apigee.service())\n .build());\n\n var apigeeSaKeyuser = new CryptoKeyIAMMember(\"apigeeSaKeyuser\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(apigeeKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(apigeeSa.member())\n .build());\n\n var org = new Organization(\"org\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .displayName(\"apigee-org\")\n .description(\"Terraform-provisioned Apigee Org without VPC Peering.\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .disableVpcPeering(true)\n .runtimeDatabaseEncryptionKeyName(apigeeKey.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeSaKeyuser)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeKeyring:\n type: gcp:kms:KeyRing\n name: apigee_keyring\n properties:\n name: apigee-keyring\n location: us-central1\n apigeeKey:\n type: gcp:kms:CryptoKey\n name: apigee_key\n properties:\n name: apigee-key\n keyRing: ${apigeeKeyring.id}\n apigeeSa:\n type: gcp:projects:ServiceIdentity\n name: apigee_sa\n properties:\n project: ${project.projectId}\n service: ${apigee.service}\n apigeeSaKeyuser:\n type: gcp:kms:CryptoKeyIAMMember\n name: apigee_sa_keyuser\n properties:\n cryptoKeyId: ${apigeeKey.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: ${apigeeSa.member}\n org:\n type: gcp:apigee:Organization\n properties:\n analyticsRegion: us-central1\n displayName: apigee-org\n description: Terraform-provisioned Apigee Org without VPC Peering.\n projectId: ${current.project}\n disableVpcPeering: true\n runtimeDatabaseEncryptionKeyName: ${apigeeKey.id}\n options:\n dependson:\n - ${apigeeSaKeyuser}\nvariables:\n current:\n fn::invoke:\n Function: gcp:organizations:getClientConfig\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nOrganization can be imported using any of these accepted formats:\n\n* `organizations/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Organization can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:apigee/organization:Organization default organizations/{{name}}\n```\n\n```sh\n$ pulumi import gcp:apigee/organization:Organization default {{name}}\n```\n\n", + "description": "An `Organization` is the top-level container in Apigee.\n\n\nTo get more information about Organization, see:\n\n* [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations)\n* How-to Guides\n * [Creating an API organization](https://cloud.google.com/apigee/docs/api-platform/get-started/create-org)\n\n## Example Usage\n\n### Apigee Organization Cloud Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {name: \"apigee-network\"});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: apigeeNetwork.id,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst org = new gcp.apigee.Organization(\"org\", {\n analyticsRegion: \"us-central1\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n}, {\n dependsOn: [apigeeVpcConnection],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_network = gcp.compute.Network(\"apigee_network\", name=\"apigee-network\")\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=apigee_network.id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\norg = gcp.apigee.Organization(\"org\",\n analytics_region=\"us-central1\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n opts = pulumi.ResourceOptions(depends_on=[apigee_vpc_connection]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = apigeeNetwork.Id,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var org = new Gcp.Apigee.Organization(\"org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewOrganization(ctx, \"org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(apigeeNetwork.id())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var org = new Organization(\"org\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeVpcConnection)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${apigeeNetwork.id}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n org:\n type: gcp:apigee:Organization\n properties:\n analyticsRegion: us-central1\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n options:\n dependsOn:\n - ${apigeeVpcConnection}\nvariables:\n current:\n fn::invoke:\n function: gcp:organizations:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Apigee Organization Cloud Basic Disable Vpc Peering\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst org = new gcp.apigee.Organization(\"org\", {\n description: \"Terraform-provisioned basic Apigee Org without VPC Peering.\",\n analyticsRegion: \"us-central1\",\n projectId: current.then(current =\u003e current.project),\n disableVpcPeering: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\norg = gcp.apigee.Organization(\"org\",\n description=\"Terraform-provisioned basic Apigee Org without VPC Peering.\",\n analytics_region=\"us-central1\",\n project_id=current.project,\n disable_vpc_peering=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var org = new Gcp.Apigee.Organization(\"org\", new()\n {\n Description = \"Terraform-provisioned basic Apigee Org without VPC Peering.\",\n AnalyticsRegion = \"us-central1\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n DisableVpcPeering = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewOrganization(ctx, \"org\", \u0026apigee.OrganizationArgs{\n\t\t\tDescription: pulumi.String(\"Terraform-provisioned basic Apigee Org without VPC Peering.\"),\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tDisableVpcPeering: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var org = new Organization(\"org\", OrganizationArgs.builder()\n .description(\"Terraform-provisioned basic Apigee Org without VPC Peering.\")\n .analyticsRegion(\"us-central1\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .disableVpcPeering(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n org:\n type: gcp:apigee:Organization\n properties:\n description: Terraform-provisioned basic Apigee Org without VPC Peering.\n analyticsRegion: us-central1\n projectId: ${current.project}\n disableVpcPeering: true\nvariables:\n current:\n fn::invoke:\n function: gcp:organizations:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Apigee Organization Cloud Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {name: \"apigee-network\"});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: apigeeNetwork.id,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n});\nconst apigeeKeyring = new gcp.kms.KeyRing(\"apigee_keyring\", {\n name: \"apigee-keyring\",\n location: \"us-central1\",\n});\nconst apigeeKey = new gcp.kms.CryptoKey(\"apigee_key\", {\n name: \"apigee-key\",\n keyRing: apigeeKeyring.id,\n});\nconst apigeeSa = new gcp.projects.ServiceIdentity(\"apigee_sa\", {\n project: project.projectId,\n service: apigee.service,\n});\nconst apigeeSaKeyuser = new gcp.kms.CryptoKeyIAMMember(\"apigee_sa_keyuser\", {\n cryptoKeyId: apigeeKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: apigeeSa.member,\n});\nconst org = new gcp.apigee.Organization(\"org\", {\n analyticsRegion: \"us-central1\",\n displayName: \"apigee-org\",\n description: \"Auto-provisioned Apigee Org.\",\n projectId: current.then(current =\u003e current.project),\n authorizedNetwork: apigeeNetwork.id,\n runtimeDatabaseEncryptionKeyName: apigeeKey.id,\n}, {\n dependsOn: [\n apigeeVpcConnection,\n apigeeSaKeyuser,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_network = gcp.compute.Network(\"apigee_network\", name=\"apigee-network\")\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=apigee_network.id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name])\napigee_keyring = gcp.kms.KeyRing(\"apigee_keyring\",\n name=\"apigee-keyring\",\n location=\"us-central1\")\napigee_key = gcp.kms.CryptoKey(\"apigee_key\",\n name=\"apigee-key\",\n key_ring=apigee_keyring.id)\napigee_sa = gcp.projects.ServiceIdentity(\"apigee_sa\",\n project=project[\"projectId\"],\n service=apigee[\"service\"])\napigee_sa_keyuser = gcp.kms.CryptoKeyIAMMember(\"apigee_sa_keyuser\",\n crypto_key_id=apigee_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=apigee_sa.member)\norg = gcp.apigee.Organization(\"org\",\n analytics_region=\"us-central1\",\n display_name=\"apigee-org\",\n description=\"Auto-provisioned Apigee Org.\",\n project_id=current.project,\n authorized_network=apigee_network.id,\n runtime_database_encryption_key_name=apigee_key.id,\n opts = pulumi.ResourceOptions(depends_on=[\n apigee_vpc_connection,\n apigee_sa_keyuser,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = apigeeNetwork.Id,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n });\n\n var apigeeKeyring = new Gcp.Kms.KeyRing(\"apigee_keyring\", new()\n {\n Name = \"apigee-keyring\",\n Location = \"us-central1\",\n });\n\n var apigeeKey = new Gcp.Kms.CryptoKey(\"apigee_key\", new()\n {\n Name = \"apigee-key\",\n KeyRing = apigeeKeyring.Id,\n });\n\n var apigeeSa = new Gcp.Projects.ServiceIdentity(\"apigee_sa\", new()\n {\n Project = project.ProjectId,\n Service = apigee.Service,\n });\n\n var apigeeSaKeyuser = new Gcp.Kms.CryptoKeyIAMMember(\"apigee_sa_keyuser\", new()\n {\n CryptoKeyId = apigeeKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = apigeeSa.Member,\n });\n\n var org = new Gcp.Apigee.Organization(\"org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n DisplayName = \"apigee-org\",\n Description = \"Auto-provisioned Apigee Org.\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n AuthorizedNetwork = apigeeNetwork.Id,\n RuntimeDatabaseEncryptionKeyName = apigeeKey.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n apigeeSaKeyuser,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeKeyring, err := kms.NewKeyRing(ctx, \"apigee_keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"apigee-keyring\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeKey, err := kms.NewCryptoKey(ctx, \"apigee_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"apigee-key\"),\n\t\t\tKeyRing: apigeeKeyring.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeSa, err := projects.NewServiceIdentity(ctx, \"apigee_sa\", \u0026projects.ServiceIdentityArgs{\n\t\t\tProject: pulumi.Any(project.ProjectId),\n\t\t\tService: pulumi.Any(apigee.Service),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeSaKeyuser, err := kms.NewCryptoKeyIAMMember(ctx, \"apigee_sa_keyuser\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: apigeeKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: apigeeSa.Member,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewOrganization(ctx, \"org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tDisplayName: pulumi.String(\"apigee-org\"),\n\t\t\tDescription: pulumi.String(\"Auto-provisioned Apigee Org.\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t\tRuntimeDatabaseEncryptionKeyName: apigeeKey.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t\tapigeeSaKeyuser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.projects.ServiceIdentity;\nimport com.pulumi.gcp.projects.ServiceIdentityArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(apigeeNetwork.id())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build());\n\n var apigeeKeyring = new KeyRing(\"apigeeKeyring\", KeyRingArgs.builder()\n .name(\"apigee-keyring\")\n .location(\"us-central1\")\n .build());\n\n var apigeeKey = new CryptoKey(\"apigeeKey\", CryptoKeyArgs.builder()\n .name(\"apigee-key\")\n .keyRing(apigeeKeyring.id())\n .build());\n\n var apigeeSa = new ServiceIdentity(\"apigeeSa\", ServiceIdentityArgs.builder()\n .project(project.projectId())\n .service(apigee.service())\n .build());\n\n var apigeeSaKeyuser = new CryptoKeyIAMMember(\"apigeeSaKeyuser\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(apigeeKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(apigeeSa.member())\n .build());\n\n var org = new Organization(\"org\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .displayName(\"apigee-org\")\n .description(\"Auto-provisioned Apigee Org.\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .authorizedNetwork(apigeeNetwork.id())\n .runtimeDatabaseEncryptionKeyName(apigeeKey.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n apigeeVpcConnection,\n apigeeSaKeyuser)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${apigeeNetwork.id}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n apigeeKeyring:\n type: gcp:kms:KeyRing\n name: apigee_keyring\n properties:\n name: apigee-keyring\n location: us-central1\n apigeeKey:\n type: gcp:kms:CryptoKey\n name: apigee_key\n properties:\n name: apigee-key\n keyRing: ${apigeeKeyring.id}\n apigeeSa:\n type: gcp:projects:ServiceIdentity\n name: apigee_sa\n properties:\n project: ${project.projectId}\n service: ${apigee.service}\n apigeeSaKeyuser:\n type: gcp:kms:CryptoKeyIAMMember\n name: apigee_sa_keyuser\n properties:\n cryptoKeyId: ${apigeeKey.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: ${apigeeSa.member}\n org:\n type: gcp:apigee:Organization\n properties:\n analyticsRegion: us-central1\n displayName: apigee-org\n description: Auto-provisioned Apigee Org.\n projectId: ${current.project}\n authorizedNetwork: ${apigeeNetwork.id}\n runtimeDatabaseEncryptionKeyName: ${apigeeKey.id}\n options:\n dependsOn:\n - ${apigeeVpcConnection}\n - ${apigeeSaKeyuser}\nvariables:\n current:\n fn::invoke:\n function: gcp:organizations:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Apigee Organization Cloud Full Disable Vpc Peering\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nconst apigeeKeyring = new gcp.kms.KeyRing(\"apigee_keyring\", {\n name: \"apigee-keyring\",\n location: \"us-central1\",\n});\nconst apigeeKey = new gcp.kms.CryptoKey(\"apigee_key\", {\n name: \"apigee-key\",\n keyRing: apigeeKeyring.id,\n});\nconst apigeeSa = new gcp.projects.ServiceIdentity(\"apigee_sa\", {\n project: project.projectId,\n service: apigee.service,\n});\nconst apigeeSaKeyuser = new gcp.kms.CryptoKeyIAMMember(\"apigee_sa_keyuser\", {\n cryptoKeyId: apigeeKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: apigeeSa.member,\n});\nconst org = new gcp.apigee.Organization(\"org\", {\n analyticsRegion: \"us-central1\",\n displayName: \"apigee-org\",\n description: \"Terraform-provisioned Apigee Org without VPC Peering.\",\n projectId: current.then(current =\u003e current.project),\n disableVpcPeering: true,\n runtimeDatabaseEncryptionKeyName: apigeeKey.id,\n}, {\n dependsOn: [apigeeSaKeyuser],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\napigee_keyring = gcp.kms.KeyRing(\"apigee_keyring\",\n name=\"apigee-keyring\",\n location=\"us-central1\")\napigee_key = gcp.kms.CryptoKey(\"apigee_key\",\n name=\"apigee-key\",\n key_ring=apigee_keyring.id)\napigee_sa = gcp.projects.ServiceIdentity(\"apigee_sa\",\n project=project[\"projectId\"],\n service=apigee[\"service\"])\napigee_sa_keyuser = gcp.kms.CryptoKeyIAMMember(\"apigee_sa_keyuser\",\n crypto_key_id=apigee_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=apigee_sa.member)\norg = gcp.apigee.Organization(\"org\",\n analytics_region=\"us-central1\",\n display_name=\"apigee-org\",\n description=\"Terraform-provisioned Apigee Org without VPC Peering.\",\n project_id=current.project,\n disable_vpc_peering=True,\n runtime_database_encryption_key_name=apigee_key.id,\n opts = pulumi.ResourceOptions(depends_on=[apigee_sa_keyuser]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n var apigeeKeyring = new Gcp.Kms.KeyRing(\"apigee_keyring\", new()\n {\n Name = \"apigee-keyring\",\n Location = \"us-central1\",\n });\n\n var apigeeKey = new Gcp.Kms.CryptoKey(\"apigee_key\", new()\n {\n Name = \"apigee-key\",\n KeyRing = apigeeKeyring.Id,\n });\n\n var apigeeSa = new Gcp.Projects.ServiceIdentity(\"apigee_sa\", new()\n {\n Project = project.ProjectId,\n Service = apigee.Service,\n });\n\n var apigeeSaKeyuser = new Gcp.Kms.CryptoKeyIAMMember(\"apigee_sa_keyuser\", new()\n {\n CryptoKeyId = apigeeKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = apigeeSa.Member,\n });\n\n var org = new Gcp.Apigee.Organization(\"org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n DisplayName = \"apigee-org\",\n Description = \"Terraform-provisioned Apigee Org without VPC Peering.\",\n ProjectId = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n DisableVpcPeering = true,\n RuntimeDatabaseEncryptionKeyName = apigeeKey.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeSaKeyuser,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeKeyring, err := kms.NewKeyRing(ctx, \"apigee_keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"apigee-keyring\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeKey, err := kms.NewCryptoKey(ctx, \"apigee_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"apigee-key\"),\n\t\t\tKeyRing: apigeeKeyring.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeSa, err := projects.NewServiceIdentity(ctx, \"apigee_sa\", \u0026projects.ServiceIdentityArgs{\n\t\t\tProject: pulumi.Any(project.ProjectId),\n\t\t\tService: pulumi.Any(apigee.Service),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeSaKeyuser, err := kms.NewCryptoKeyIAMMember(ctx, \"apigee_sa_keyuser\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: apigeeKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: apigeeSa.Member,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewOrganization(ctx, \"org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tDisplayName: pulumi.String(\"apigee-org\"),\n\t\t\tDescription: pulumi.String(\"Terraform-provisioned Apigee Org without VPC Peering.\"),\n\t\t\tProjectId: pulumi.String(current.Project),\n\t\t\tDisableVpcPeering: pulumi.Bool(true),\n\t\t\tRuntimeDatabaseEncryptionKeyName: apigeeKey.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeSaKeyuser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.projects.ServiceIdentity;\nimport com.pulumi.gcp.projects.ServiceIdentityArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n var apigeeKeyring = new KeyRing(\"apigeeKeyring\", KeyRingArgs.builder()\n .name(\"apigee-keyring\")\n .location(\"us-central1\")\n .build());\n\n var apigeeKey = new CryptoKey(\"apigeeKey\", CryptoKeyArgs.builder()\n .name(\"apigee-key\")\n .keyRing(apigeeKeyring.id())\n .build());\n\n var apigeeSa = new ServiceIdentity(\"apigeeSa\", ServiceIdentityArgs.builder()\n .project(project.projectId())\n .service(apigee.service())\n .build());\n\n var apigeeSaKeyuser = new CryptoKeyIAMMember(\"apigeeSaKeyuser\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(apigeeKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(apigeeSa.member())\n .build());\n\n var org = new Organization(\"org\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .displayName(\"apigee-org\")\n .description(\"Terraform-provisioned Apigee Org without VPC Peering.\")\n .projectId(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()))\n .disableVpcPeering(true)\n .runtimeDatabaseEncryptionKeyName(apigeeKey.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigeeSaKeyuser)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apigeeKeyring:\n type: gcp:kms:KeyRing\n name: apigee_keyring\n properties:\n name: apigee-keyring\n location: us-central1\n apigeeKey:\n type: gcp:kms:CryptoKey\n name: apigee_key\n properties:\n name: apigee-key\n keyRing: ${apigeeKeyring.id}\n apigeeSa:\n type: gcp:projects:ServiceIdentity\n name: apigee_sa\n properties:\n project: ${project.projectId}\n service: ${apigee.service}\n apigeeSaKeyuser:\n type: gcp:kms:CryptoKeyIAMMember\n name: apigee_sa_keyuser\n properties:\n cryptoKeyId: ${apigeeKey.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: ${apigeeSa.member}\n org:\n type: gcp:apigee:Organization\n properties:\n analyticsRegion: us-central1\n displayName: apigee-org\n description: Terraform-provisioned Apigee Org without VPC Peering.\n projectId: ${current.project}\n disableVpcPeering: true\n runtimeDatabaseEncryptionKeyName: ${apigeeKey.id}\n options:\n dependsOn:\n - ${apigeeSaKeyuser}\nvariables:\n current:\n fn::invoke:\n function: gcp:organizations:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nOrganization can be imported using any of these accepted formats:\n\n* `organizations/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Organization can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:apigee/organization:Organization default organizations/{{name}}\n```\n\n```sh\n$ pulumi import gcp:apigee/organization:Organization default {{name}}\n```\n\n", "properties": { "analyticsRegion": { "type": "string", @@ -134172,7 +134172,7 @@ } }, "gcp:apigee/syncAuthorization:SyncAuthorization": { - "description": "Authorize the Synchronizer to download environment data from the control plane.\n\n\nTo get more information about SyncAuthorization, see:\n\n* [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations#getsyncauthorization)\n* How-to Guides\n * [Enable Synchronizer access](https://cloud.google.com/apigee/docs/hybrid/v1.8/synchronizer-access#enable-synchronizer-access)\n\n## Example Usage\n\n### Apigee Sync Authorization Basic Test\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.organizations.Project(\"project\", {\n projectId: \"my-project\",\n name: \"my-project\",\n orgId: \"123456789\",\n billingAccount: \"000000-0000000-0000000-000000\",\n deletionPolicy: \"DELETE\",\n});\nconst apigee = new gcp.projects.Service(\"apigee\", {\n project: project.projectId,\n service: \"apigee.googleapis.com\",\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n projectId: project.projectId,\n runtimeType: \"HYBRID\",\n}, {\n dependsOn: [apigee],\n});\nconst serviceAccount = new gcp.serviceaccount.Account(\"service_account\", {\n accountId: \"my-account\",\n displayName: \"Service Account\",\n});\nconst synchronizer_iam = new gcp.projects.IAMMember(\"synchronizer-iam\", {\n project: project.projectId,\n role: \"roles/apigee.synchronizerManager\",\n member: pulumi.interpolate`serviceAccount:${serviceAccount.email}`,\n});\nconst apigeeSyncAuthorization = new gcp.apigee.SyncAuthorization(\"apigee_sync_authorization\", {\n name: apigeeOrg.name,\n identities: [pulumi.interpolate`serviceAccount:${serviceAccount.email}`],\n}, {\n dependsOn: [synchronizer_iam],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.Project(\"project\",\n project_id=\"my-project\",\n name=\"my-project\",\n org_id=\"123456789\",\n billing_account=\"000000-0000000-0000000-000000\",\n deletion_policy=\"DELETE\")\napigee = gcp.projects.Service(\"apigee\",\n project=project.project_id,\n service=\"apigee.googleapis.com\")\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n project_id=project.project_id,\n runtime_type=\"HYBRID\",\n opts = pulumi.ResourceOptions(depends_on=[apigee]))\nservice_account = gcp.serviceaccount.Account(\"service_account\",\n account_id=\"my-account\",\n display_name=\"Service Account\")\nsynchronizer_iam = gcp.projects.IAMMember(\"synchronizer-iam\",\n project=project.project_id,\n role=\"roles/apigee.synchronizerManager\",\n member=service_account.email.apply(lambda email: f\"serviceAccount:{email}\"))\napigee_sync_authorization = gcp.apigee.SyncAuthorization(\"apigee_sync_authorization\",\n name=apigee_org.name,\n identities=[service_account.email.apply(lambda email: f\"serviceAccount:{email}\")],\n opts = pulumi.ResourceOptions(depends_on=[synchronizer_iam]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Organizations.Project(\"project\", new()\n {\n ProjectId = \"my-project\",\n Name = \"my-project\",\n OrgId = \"123456789\",\n BillingAccount = \"000000-0000000-0000000-000000\",\n DeletionPolicy = \"DELETE\",\n });\n\n var apigee = new Gcp.Projects.Service(\"apigee\", new()\n {\n Project = project.ProjectId,\n ServiceName = \"apigee.googleapis.com\",\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n ProjectId = project.ProjectId,\n RuntimeType = \"HYBRID\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigee,\n },\n });\n\n var serviceAccount = new Gcp.ServiceAccount.Account(\"service_account\", new()\n {\n AccountId = \"my-account\",\n DisplayName = \"Service Account\",\n });\n\n var synchronizer_iam = new Gcp.Projects.IAMMember(\"synchronizer-iam\", new()\n {\n Project = project.ProjectId,\n Role = \"roles/apigee.synchronizerManager\",\n Member = serviceAccount.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n var apigeeSyncAuthorization = new Gcp.Apigee.SyncAuthorization(\"apigee_sync_authorization\", new()\n {\n Name = apigeeOrg.Name,\n Identities = new[]\n {\n serviceAccount.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n synchronizer_iam,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.NewProject(ctx, \"project\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"my-project\"),\n\t\t\tName: pulumi.String(\"my-project\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tBillingAccount: pulumi.String(\"000000-0000000-0000000-000000\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigee, err := projects.NewService(ctx, \"apigee\", \u0026projects.ServiceArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tService: pulumi.String(\"apigee.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: project.ProjectId,\n\t\t\tRuntimeType: pulumi.String(\"HYBRID\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigee,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tserviceAccount, err := serviceaccount.NewAccount(ctx, \"service_account\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-account\"),\n\t\t\tDisplayName: pulumi.String(\"Service Account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMMember(ctx, \"synchronizer-iam\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tRole: pulumi.String(\"roles/apigee.synchronizerManager\"),\n\t\t\tMember: serviceAccount.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewSyncAuthorization(ctx, \"apigee_sync_authorization\", \u0026apigee.SyncAuthorizationArgs{\n\t\t\tName: apigeeOrg.Name,\n\t\t\tIdentities: pulumi.StringArray{\n\t\t\t\tserviceAccount.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsynchronizer_iam,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.apigee.SyncAuthorization;\nimport com.pulumi.gcp.apigee.SyncAuthorizationArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new Project(\"project\", ProjectArgs.builder()\n .projectId(\"my-project\")\n .name(\"my-project\")\n .orgId(\"123456789\")\n .billingAccount(\"000000-0000000-0000000-000000\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var apigee = new Service(\"apigee\", ServiceArgs.builder()\n .project(project.projectId())\n .service(\"apigee.googleapis.com\")\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .projectId(project.projectId())\n .runtimeType(\"HYBRID\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigee)\n .build());\n\n var serviceAccount = new Account(\"serviceAccount\", AccountArgs.builder()\n .accountId(\"my-account\")\n .displayName(\"Service Account\")\n .build());\n\n var synchronizer_iam = new IAMMember(\"synchronizer-iam\", IAMMemberArgs.builder()\n .project(project.projectId())\n .role(\"roles/apigee.synchronizerManager\")\n .member(serviceAccount.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n var apigeeSyncAuthorization = new SyncAuthorization(\"apigeeSyncAuthorization\", SyncAuthorizationArgs.builder()\n .name(apigeeOrg.name())\n .identities(serviceAccount.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build(), CustomResourceOptions.builder()\n .dependsOn(synchronizer_iam)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:organizations:Project\n properties:\n projectId: my-project\n name: my-project\n orgId: '123456789'\n billingAccount: 000000-0000000-0000000-000000\n deletionPolicy: DELETE\n apigee:\n type: gcp:projects:Service\n properties:\n project: ${project.projectId}\n service: apigee.googleapis.com\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n projectId: ${project.projectId}\n runtimeType: HYBRID\n options:\n dependson:\n - ${apigee}\n serviceAccount:\n type: gcp:serviceaccount:Account\n name: service_account\n properties:\n accountId: my-account\n displayName: Service Account\n synchronizer-iam:\n type: gcp:projects:IAMMember\n properties:\n project: ${project.projectId}\n role: roles/apigee.synchronizerManager\n member: serviceAccount:${serviceAccount.email}\n apigeeSyncAuthorization:\n type: gcp:apigee:SyncAuthorization\n name: apigee_sync_authorization\n properties:\n name: ${apigeeOrg.name}\n identities:\n - serviceAccount:${serviceAccount.email}\n options:\n dependson:\n - ${[\"synchronizer-iam\"]}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nSyncAuthorization can be imported using any of these accepted formats:\n\n* `organizations/{{name}}/syncAuthorization`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, SyncAuthorization can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:apigee/syncAuthorization:SyncAuthorization default organizations/{{name}}/syncAuthorization\n```\n\n```sh\n$ pulumi import gcp:apigee/syncAuthorization:SyncAuthorization default {{name}}\n```\n\n", + "description": "Authorize the Synchronizer to download environment data from the control plane.\n\n\nTo get more information about SyncAuthorization, see:\n\n* [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations#getsyncauthorization)\n* How-to Guides\n * [Enable Synchronizer access](https://cloud.google.com/apigee/docs/hybrid/v1.8/synchronizer-access#enable-synchronizer-access)\n\n## Example Usage\n\n### Apigee Sync Authorization Basic Test\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.organizations.Project(\"project\", {\n projectId: \"my-project\",\n name: \"my-project\",\n orgId: \"123456789\",\n billingAccount: \"000000-0000000-0000000-000000\",\n deletionPolicy: \"DELETE\",\n});\nconst apigee = new gcp.projects.Service(\"apigee\", {\n project: project.projectId,\n service: \"apigee.googleapis.com\",\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n projectId: project.projectId,\n runtimeType: \"HYBRID\",\n}, {\n dependsOn: [apigee],\n});\nconst serviceAccount = new gcp.serviceaccount.Account(\"service_account\", {\n accountId: \"my-account\",\n displayName: \"Service Account\",\n});\nconst synchronizer_iam = new gcp.projects.IAMMember(\"synchronizer-iam\", {\n project: project.projectId,\n role: \"roles/apigee.synchronizerManager\",\n member: pulumi.interpolate`serviceAccount:${serviceAccount.email}`,\n});\nconst apigeeSyncAuthorization = new gcp.apigee.SyncAuthorization(\"apigee_sync_authorization\", {\n name: apigeeOrg.name,\n identities: [pulumi.interpolate`serviceAccount:${serviceAccount.email}`],\n}, {\n dependsOn: [synchronizer_iam],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.Project(\"project\",\n project_id=\"my-project\",\n name=\"my-project\",\n org_id=\"123456789\",\n billing_account=\"000000-0000000-0000000-000000\",\n deletion_policy=\"DELETE\")\napigee = gcp.projects.Service(\"apigee\",\n project=project.project_id,\n service=\"apigee.googleapis.com\")\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n project_id=project.project_id,\n runtime_type=\"HYBRID\",\n opts = pulumi.ResourceOptions(depends_on=[apigee]))\nservice_account = gcp.serviceaccount.Account(\"service_account\",\n account_id=\"my-account\",\n display_name=\"Service Account\")\nsynchronizer_iam = gcp.projects.IAMMember(\"synchronizer-iam\",\n project=project.project_id,\n role=\"roles/apigee.synchronizerManager\",\n member=service_account.email.apply(lambda email: f\"serviceAccount:{email}\"))\napigee_sync_authorization = gcp.apigee.SyncAuthorization(\"apigee_sync_authorization\",\n name=apigee_org.name,\n identities=[service_account.email.apply(lambda email: f\"serviceAccount:{email}\")],\n opts = pulumi.ResourceOptions(depends_on=[synchronizer_iam]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Organizations.Project(\"project\", new()\n {\n ProjectId = \"my-project\",\n Name = \"my-project\",\n OrgId = \"123456789\",\n BillingAccount = \"000000-0000000-0000000-000000\",\n DeletionPolicy = \"DELETE\",\n });\n\n var apigee = new Gcp.Projects.Service(\"apigee\", new()\n {\n Project = project.ProjectId,\n ServiceName = \"apigee.googleapis.com\",\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n ProjectId = project.ProjectId,\n RuntimeType = \"HYBRID\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigee,\n },\n });\n\n var serviceAccount = new Gcp.ServiceAccount.Account(\"service_account\", new()\n {\n AccountId = \"my-account\",\n DisplayName = \"Service Account\",\n });\n\n var synchronizer_iam = new Gcp.Projects.IAMMember(\"synchronizer-iam\", new()\n {\n Project = project.ProjectId,\n Role = \"roles/apigee.synchronizerManager\",\n Member = serviceAccount.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n var apigeeSyncAuthorization = new Gcp.Apigee.SyncAuthorization(\"apigee_sync_authorization\", new()\n {\n Name = apigeeOrg.Name,\n Identities = new[]\n {\n serviceAccount.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n synchronizer_iam,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.NewProject(ctx, \"project\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"my-project\"),\n\t\t\tName: pulumi.String(\"my-project\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tBillingAccount: pulumi.String(\"000000-0000000-0000000-000000\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigee, err := projects.NewService(ctx, \"apigee\", \u0026projects.ServiceArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tService: pulumi.String(\"apigee.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: project.ProjectId,\n\t\t\tRuntimeType: pulumi.String(\"HYBRID\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigee,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tserviceAccount, err := serviceaccount.NewAccount(ctx, \"service_account\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-account\"),\n\t\t\tDisplayName: pulumi.String(\"Service Account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMMember(ctx, \"synchronizer-iam\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tRole: pulumi.String(\"roles/apigee.synchronizerManager\"),\n\t\t\tMember: serviceAccount.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewSyncAuthorization(ctx, \"apigee_sync_authorization\", \u0026apigee.SyncAuthorizationArgs{\n\t\t\tName: apigeeOrg.Name,\n\t\t\tIdentities: pulumi.StringArray{\n\t\t\t\tserviceAccount.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsynchronizer_iam,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.apigee.SyncAuthorization;\nimport com.pulumi.gcp.apigee.SyncAuthorizationArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new Project(\"project\", ProjectArgs.builder()\n .projectId(\"my-project\")\n .name(\"my-project\")\n .orgId(\"123456789\")\n .billingAccount(\"000000-0000000-0000000-000000\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var apigee = new Service(\"apigee\", ServiceArgs.builder()\n .project(project.projectId())\n .service(\"apigee.googleapis.com\")\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .projectId(project.projectId())\n .runtimeType(\"HYBRID\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigee)\n .build());\n\n var serviceAccount = new Account(\"serviceAccount\", AccountArgs.builder()\n .accountId(\"my-account\")\n .displayName(\"Service Account\")\n .build());\n\n var synchronizer_iam = new IAMMember(\"synchronizer-iam\", IAMMemberArgs.builder()\n .project(project.projectId())\n .role(\"roles/apigee.synchronizerManager\")\n .member(serviceAccount.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n var apigeeSyncAuthorization = new SyncAuthorization(\"apigeeSyncAuthorization\", SyncAuthorizationArgs.builder()\n .name(apigeeOrg.name())\n .identities(serviceAccount.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build(), CustomResourceOptions.builder()\n .dependsOn(synchronizer_iam)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:organizations:Project\n properties:\n projectId: my-project\n name: my-project\n orgId: '123456789'\n billingAccount: 000000-0000000-0000000-000000\n deletionPolicy: DELETE\n apigee:\n type: gcp:projects:Service\n properties:\n project: ${project.projectId}\n service: apigee.googleapis.com\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n projectId: ${project.projectId}\n runtimeType: HYBRID\n options:\n dependsOn:\n - ${apigee}\n serviceAccount:\n type: gcp:serviceaccount:Account\n name: service_account\n properties:\n accountId: my-account\n displayName: Service Account\n synchronizer-iam:\n type: gcp:projects:IAMMember\n properties:\n project: ${project.projectId}\n role: roles/apigee.synchronizerManager\n member: serviceAccount:${serviceAccount.email}\n apigeeSyncAuthorization:\n type: gcp:apigee:SyncAuthorization\n name: apigee_sync_authorization\n properties:\n name: ${apigeeOrg.name}\n identities:\n - serviceAccount:${serviceAccount.email}\n options:\n dependsOn:\n - ${[\"synchronizer-iam\"]}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nSyncAuthorization can be imported using any of these accepted formats:\n\n* `organizations/{{name}}/syncAuthorization`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, SyncAuthorization can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:apigee/syncAuthorization:SyncAuthorization default organizations/{{name}}/syncAuthorization\n```\n\n```sh\n$ pulumi import gcp:apigee/syncAuthorization:SyncAuthorization default {{name}}\n```\n\n", "properties": { "etag": { "type": "string", @@ -134236,7 +134236,7 @@ } }, "gcp:apigee/targetServer:TargetServer": { - "description": "TargetServer configuration. TargetServers are used to decouple a proxy TargetEndpoint HTTPTargetConnections from concrete URLs for backend services.\n\n\nTo get more information about TargetServer, see:\n\n* [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.environments.targetservers/create)\n* How-to Guides\n * [Load balancing across backend servers](https://cloud.google.com/apigee/docs/api-platform/deploy/load-balancing-across-backend-servers)\n\n## Example Usage\n\n### Apigee Target Server Test Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.organizations.Project(\"project\", {\n projectId: \"my-project\",\n name: \"my-project\",\n orgId: \"123456789\",\n billingAccount: \"000000-0000000-0000000-000000\",\n deletionPolicy: \"DELETE\",\n});\nconst apigee = new gcp.projects.Service(\"apigee\", {\n project: project.projectId,\n service: \"apigee.googleapis.com\",\n});\nconst servicenetworking = new gcp.projects.Service(\"servicenetworking\", {\n project: project.projectId,\n service: \"servicenetworking.googleapis.com\",\n}, {\n dependsOn: [apigee],\n});\nconst compute = new gcp.projects.Service(\"compute\", {\n project: project.projectId,\n service: \"compute.googleapis.com\",\n}, {\n dependsOn: [servicenetworking],\n});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {\n name: \"apigee-network\",\n project: project.projectId,\n}, {\n dependsOn: [compute],\n});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: apigeeNetwork.id,\n project: project.projectId,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n}, {\n dependsOn: [servicenetworking],\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n projectId: project.projectId,\n authorizedNetwork: apigeeNetwork.id,\n}, {\n dependsOn: [\n apigeeVpcConnection,\n apigee,\n ],\n});\nconst apigeeEnvironment = new gcp.apigee.Environment(\"apigee_environment\", {\n orgId: apigeeOrg.id,\n name: \"my-environment-name\",\n description: \"Apigee Environment\",\n displayName: \"environment-1\",\n});\nconst apigeeTargetServer = new gcp.apigee.TargetServer(\"apigee_target_server\", {\n name: \"my-target-server\",\n description: \"Apigee Target Server\",\n protocol: \"HTTP\",\n host: \"abc.foo.com\",\n port: 8080,\n envId: apigeeEnvironment.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.Project(\"project\",\n project_id=\"my-project\",\n name=\"my-project\",\n org_id=\"123456789\",\n billing_account=\"000000-0000000-0000000-000000\",\n deletion_policy=\"DELETE\")\napigee = gcp.projects.Service(\"apigee\",\n project=project.project_id,\n service=\"apigee.googleapis.com\")\nservicenetworking = gcp.projects.Service(\"servicenetworking\",\n project=project.project_id,\n service=\"servicenetworking.googleapis.com\",\n opts = pulumi.ResourceOptions(depends_on=[apigee]))\ncompute = gcp.projects.Service(\"compute\",\n project=project.project_id,\n service=\"compute.googleapis.com\",\n opts = pulumi.ResourceOptions(depends_on=[servicenetworking]))\napigee_network = gcp.compute.Network(\"apigee_network\",\n name=\"apigee-network\",\n project=project.project_id,\n opts = pulumi.ResourceOptions(depends_on=[compute]))\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=apigee_network.id,\n project=project.project_id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name],\n opts = pulumi.ResourceOptions(depends_on=[servicenetworking]))\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n project_id=project.project_id,\n authorized_network=apigee_network.id,\n opts = pulumi.ResourceOptions(depends_on=[\n apigee_vpc_connection,\n apigee,\n ]))\napigee_environment = gcp.apigee.Environment(\"apigee_environment\",\n org_id=apigee_org.id,\n name=\"my-environment-name\",\n description=\"Apigee Environment\",\n display_name=\"environment-1\")\napigee_target_server = gcp.apigee.TargetServer(\"apigee_target_server\",\n name=\"my-target-server\",\n description=\"Apigee Target Server\",\n protocol=\"HTTP\",\n host=\"abc.foo.com\",\n port=8080,\n env_id=apigee_environment.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Organizations.Project(\"project\", new()\n {\n ProjectId = \"my-project\",\n Name = \"my-project\",\n OrgId = \"123456789\",\n BillingAccount = \"000000-0000000-0000000-000000\",\n DeletionPolicy = \"DELETE\",\n });\n\n var apigee = new Gcp.Projects.Service(\"apigee\", new()\n {\n Project = project.ProjectId,\n ServiceName = \"apigee.googleapis.com\",\n });\n\n var servicenetworking = new Gcp.Projects.Service(\"servicenetworking\", new()\n {\n Project = project.ProjectId,\n ServiceName = \"servicenetworking.googleapis.com\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigee,\n },\n });\n\n var compute = new Gcp.Projects.Service(\"compute\", new()\n {\n Project = project.ProjectId,\n ServiceName = \"compute.googleapis.com\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n servicenetworking,\n },\n });\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n Project = project.ProjectId,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n compute,\n },\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = apigeeNetwork.Id,\n Project = project.ProjectId,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n servicenetworking,\n },\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n ProjectId = project.ProjectId,\n AuthorizedNetwork = apigeeNetwork.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n apigee,\n },\n });\n\n var apigeeEnvironment = new Gcp.Apigee.Environment(\"apigee_environment\", new()\n {\n OrgId = apigeeOrg.Id,\n Name = \"my-environment-name\",\n Description = \"Apigee Environment\",\n DisplayName = \"environment-1\",\n });\n\n var apigeeTargetServer = new Gcp.Apigee.TargetServer(\"apigee_target_server\", new()\n {\n Name = \"my-target-server\",\n Description = \"Apigee Target Server\",\n Protocol = \"HTTP\",\n Host = \"abc.foo.com\",\n Port = 8080,\n EnvId = apigeeEnvironment.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.NewProject(ctx, \"project\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"my-project\"),\n\t\t\tName: pulumi.String(\"my-project\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tBillingAccount: pulumi.String(\"000000-0000000-0000000-000000\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigee, err := projects.NewService(ctx, \"apigee\", \u0026projects.ServiceArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tService: pulumi.String(\"apigee.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tservicenetworking, err := projects.NewService(ctx, \"servicenetworking\", \u0026projects.ServiceArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigee,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcompute, err := projects.NewService(ctx, \"compute\", \u0026projects.ServiceArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tService: pulumi.String(\"compute.googleapis.com\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tservicenetworking,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t\tProject: project.ProjectId,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcompute,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tProject: project.ProjectId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tservicenetworking,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: project.ProjectId,\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t\tapigee,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeEnvironment, err := apigee.NewEnvironment(ctx, \"apigee_environment\", \u0026apigee.EnvironmentArgs{\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t\tName: pulumi.String(\"my-environment-name\"),\n\t\t\tDescription: pulumi.String(\"Apigee Environment\"),\n\t\t\tDisplayName: pulumi.String(\"environment-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewTargetServer(ctx, \"apigee_target_server\", \u0026apigee.TargetServerArgs{\n\t\t\tName: pulumi.String(\"my-target-server\"),\n\t\t\tDescription: pulumi.String(\"Apigee Target Server\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tHost: pulumi.String(\"abc.foo.com\"),\n\t\t\tPort: pulumi.Int(8080),\n\t\t\tEnvId: apigeeEnvironment.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.Environment;\nimport com.pulumi.gcp.apigee.EnvironmentArgs;\nimport com.pulumi.gcp.apigee.TargetServer;\nimport com.pulumi.gcp.apigee.TargetServerArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new Project(\"project\", ProjectArgs.builder()\n .projectId(\"my-project\")\n .name(\"my-project\")\n .orgId(\"123456789\")\n .billingAccount(\"000000-0000000-0000000-000000\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var apigee = new Service(\"apigee\", ServiceArgs.builder()\n .project(project.projectId())\n .service(\"apigee.googleapis.com\")\n .build());\n\n var servicenetworking = new Service(\"servicenetworking\", ServiceArgs.builder()\n .project(project.projectId())\n .service(\"servicenetworking.googleapis.com\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigee)\n .build());\n\n var compute = new Service(\"compute\", ServiceArgs.builder()\n .project(project.projectId())\n .service(\"compute.googleapis.com\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(servicenetworking)\n .build());\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .project(project.projectId())\n .build(), CustomResourceOptions.builder()\n .dependsOn(compute)\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(apigeeNetwork.id())\n .project(project.projectId())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build(), CustomResourceOptions.builder()\n .dependsOn(servicenetworking)\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .projectId(project.projectId())\n .authorizedNetwork(apigeeNetwork.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n apigeeVpcConnection,\n apigee)\n .build());\n\n var apigeeEnvironment = new Environment(\"apigeeEnvironment\", EnvironmentArgs.builder()\n .orgId(apigeeOrg.id())\n .name(\"my-environment-name\")\n .description(\"Apigee Environment\")\n .displayName(\"environment-1\")\n .build());\n\n var apigeeTargetServer = new TargetServer(\"apigeeTargetServer\", TargetServerArgs.builder()\n .name(\"my-target-server\")\n .description(\"Apigee Target Server\")\n .protocol(\"HTTP\")\n .host(\"abc.foo.com\")\n .port(8080)\n .envId(apigeeEnvironment.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:organizations:Project\n properties:\n projectId: my-project\n name: my-project\n orgId: '123456789'\n billingAccount: 000000-0000000-0000000-000000\n deletionPolicy: DELETE\n apigee:\n type: gcp:projects:Service\n properties:\n project: ${project.projectId}\n service: apigee.googleapis.com\n servicenetworking:\n type: gcp:projects:Service\n properties:\n project: ${project.projectId}\n service: servicenetworking.googleapis.com\n options:\n dependson:\n - ${apigee}\n compute:\n type: gcp:projects:Service\n properties:\n project: ${project.projectId}\n service: compute.googleapis.com\n options:\n dependson:\n - ${servicenetworking}\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n project: ${project.projectId}\n options:\n dependson:\n - ${compute}\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${apigeeNetwork.id}\n project: ${project.projectId}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n options:\n dependson:\n - ${servicenetworking}\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n projectId: ${project.projectId}\n authorizedNetwork: ${apigeeNetwork.id}\n options:\n dependson:\n - ${apigeeVpcConnection}\n - ${apigee}\n apigeeEnvironment:\n type: gcp:apigee:Environment\n name: apigee_environment\n properties:\n orgId: ${apigeeOrg.id}\n name: my-environment-name\n description: Apigee Environment\n displayName: environment-1\n apigeeTargetServer:\n type: gcp:apigee:TargetServer\n name: apigee_target_server\n properties:\n name: my-target-server\n description: Apigee Target Server\n protocol: HTTP\n host: abc.foo.com\n port: 8080\n envId: ${apigeeEnvironment.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nTargetServer can be imported using any of these accepted formats:\n\n* `{{env_id}}/targetservers/{{name}}`\n\n* `{{env_id}}/{{name}}`\n\nWhen using the `pulumi import` command, TargetServer can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:apigee/targetServer:TargetServer default {{env_id}}/targetservers/{{name}}\n```\n\n```sh\n$ pulumi import gcp:apigee/targetServer:TargetServer default {{env_id}}/{{name}}\n```\n\n", + "description": "TargetServer configuration. TargetServers are used to decouple a proxy TargetEndpoint HTTPTargetConnections from concrete URLs for backend services.\n\n\nTo get more information about TargetServer, see:\n\n* [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.environments.targetservers/create)\n* How-to Guides\n * [Load balancing across backend servers](https://cloud.google.com/apigee/docs/api-platform/deploy/load-balancing-across-backend-servers)\n\n## Example Usage\n\n### Apigee Target Server Test Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.organizations.Project(\"project\", {\n projectId: \"my-project\",\n name: \"my-project\",\n orgId: \"123456789\",\n billingAccount: \"000000-0000000-0000000-000000\",\n deletionPolicy: \"DELETE\",\n});\nconst apigee = new gcp.projects.Service(\"apigee\", {\n project: project.projectId,\n service: \"apigee.googleapis.com\",\n});\nconst servicenetworking = new gcp.projects.Service(\"servicenetworking\", {\n project: project.projectId,\n service: \"servicenetworking.googleapis.com\",\n}, {\n dependsOn: [apigee],\n});\nconst compute = new gcp.projects.Service(\"compute\", {\n project: project.projectId,\n service: \"compute.googleapis.com\",\n}, {\n dependsOn: [servicenetworking],\n});\nconst apigeeNetwork = new gcp.compute.Network(\"apigee_network\", {\n name: \"apigee-network\",\n project: project.projectId,\n}, {\n dependsOn: [compute],\n});\nconst apigeeRange = new gcp.compute.GlobalAddress(\"apigee_range\", {\n name: \"apigee-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: apigeeNetwork.id,\n project: project.projectId,\n});\nconst apigeeVpcConnection = new gcp.servicenetworking.Connection(\"apigee_vpc_connection\", {\n network: apigeeNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [apigeeRange.name],\n}, {\n dependsOn: [servicenetworking],\n});\nconst apigeeOrg = new gcp.apigee.Organization(\"apigee_org\", {\n analyticsRegion: \"us-central1\",\n projectId: project.projectId,\n authorizedNetwork: apigeeNetwork.id,\n}, {\n dependsOn: [\n apigeeVpcConnection,\n apigee,\n ],\n});\nconst apigeeEnvironment = new gcp.apigee.Environment(\"apigee_environment\", {\n orgId: apigeeOrg.id,\n name: \"my-environment-name\",\n description: \"Apigee Environment\",\n displayName: \"environment-1\",\n});\nconst apigeeTargetServer = new gcp.apigee.TargetServer(\"apigee_target_server\", {\n name: \"my-target-server\",\n description: \"Apigee Target Server\",\n protocol: \"HTTP\",\n host: \"abc.foo.com\",\n port: 8080,\n envId: apigeeEnvironment.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.Project(\"project\",\n project_id=\"my-project\",\n name=\"my-project\",\n org_id=\"123456789\",\n billing_account=\"000000-0000000-0000000-000000\",\n deletion_policy=\"DELETE\")\napigee = gcp.projects.Service(\"apigee\",\n project=project.project_id,\n service=\"apigee.googleapis.com\")\nservicenetworking = gcp.projects.Service(\"servicenetworking\",\n project=project.project_id,\n service=\"servicenetworking.googleapis.com\",\n opts = pulumi.ResourceOptions(depends_on=[apigee]))\ncompute = gcp.projects.Service(\"compute\",\n project=project.project_id,\n service=\"compute.googleapis.com\",\n opts = pulumi.ResourceOptions(depends_on=[servicenetworking]))\napigee_network = gcp.compute.Network(\"apigee_network\",\n name=\"apigee-network\",\n project=project.project_id,\n opts = pulumi.ResourceOptions(depends_on=[compute]))\napigee_range = gcp.compute.GlobalAddress(\"apigee_range\",\n name=\"apigee-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=apigee_network.id,\n project=project.project_id)\napigee_vpc_connection = gcp.servicenetworking.Connection(\"apigee_vpc_connection\",\n network=apigee_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[apigee_range.name],\n opts = pulumi.ResourceOptions(depends_on=[servicenetworking]))\napigee_org = gcp.apigee.Organization(\"apigee_org\",\n analytics_region=\"us-central1\",\n project_id=project.project_id,\n authorized_network=apigee_network.id,\n opts = pulumi.ResourceOptions(depends_on=[\n apigee_vpc_connection,\n apigee,\n ]))\napigee_environment = gcp.apigee.Environment(\"apigee_environment\",\n org_id=apigee_org.id,\n name=\"my-environment-name\",\n description=\"Apigee Environment\",\n display_name=\"environment-1\")\napigee_target_server = gcp.apigee.TargetServer(\"apigee_target_server\",\n name=\"my-target-server\",\n description=\"Apigee Target Server\",\n protocol=\"HTTP\",\n host=\"abc.foo.com\",\n port=8080,\n env_id=apigee_environment.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Organizations.Project(\"project\", new()\n {\n ProjectId = \"my-project\",\n Name = \"my-project\",\n OrgId = \"123456789\",\n BillingAccount = \"000000-0000000-0000000-000000\",\n DeletionPolicy = \"DELETE\",\n });\n\n var apigee = new Gcp.Projects.Service(\"apigee\", new()\n {\n Project = project.ProjectId,\n ServiceName = \"apigee.googleapis.com\",\n });\n\n var servicenetworking = new Gcp.Projects.Service(\"servicenetworking\", new()\n {\n Project = project.ProjectId,\n ServiceName = \"servicenetworking.googleapis.com\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigee,\n },\n });\n\n var compute = new Gcp.Projects.Service(\"compute\", new()\n {\n Project = project.ProjectId,\n ServiceName = \"compute.googleapis.com\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n servicenetworking,\n },\n });\n\n var apigeeNetwork = new Gcp.Compute.Network(\"apigee_network\", new()\n {\n Name = \"apigee-network\",\n Project = project.ProjectId,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n compute,\n },\n });\n\n var apigeeRange = new Gcp.Compute.GlobalAddress(\"apigee_range\", new()\n {\n Name = \"apigee-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = apigeeNetwork.Id,\n Project = project.ProjectId,\n });\n\n var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection(\"apigee_vpc_connection\", new()\n {\n Network = apigeeNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n apigeeRange.Name,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n servicenetworking,\n },\n });\n\n var apigeeOrg = new Gcp.Apigee.Organization(\"apigee_org\", new()\n {\n AnalyticsRegion = \"us-central1\",\n ProjectId = project.ProjectId,\n AuthorizedNetwork = apigeeNetwork.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n apigeeVpcConnection,\n apigee,\n },\n });\n\n var apigeeEnvironment = new Gcp.Apigee.Environment(\"apigee_environment\", new()\n {\n OrgId = apigeeOrg.Id,\n Name = \"my-environment-name\",\n Description = \"Apigee Environment\",\n DisplayName = \"environment-1\",\n });\n\n var apigeeTargetServer = new Gcp.Apigee.TargetServer(\"apigee_target_server\", new()\n {\n Name = \"my-target-server\",\n Description = \"Apigee Target Server\",\n Protocol = \"HTTP\",\n Host = \"abc.foo.com\",\n Port = 8080,\n EnvId = apigeeEnvironment.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.NewProject(ctx, \"project\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"my-project\"),\n\t\t\tName: pulumi.String(\"my-project\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tBillingAccount: pulumi.String(\"000000-0000000-0000000-000000\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigee, err := projects.NewService(ctx, \"apigee\", \u0026projects.ServiceArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tService: pulumi.String(\"apigee.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tservicenetworking, err := projects.NewService(ctx, \"servicenetworking\", \u0026projects.ServiceArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigee,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcompute, err := projects.NewService(ctx, \"compute\", \u0026projects.ServiceArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tService: pulumi.String(\"compute.googleapis.com\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tservicenetworking,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeNetwork, err := compute.NewNetwork(ctx, \"apigee_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"apigee-network\"),\n\t\t\tProject: project.ProjectId,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcompute,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeRange, err := compute.NewGlobalAddress(ctx, \"apigee_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"apigee-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tProject: project.ProjectId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeVpcConnection, err := servicenetworking.NewConnection(ctx, \"apigee_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: apigeeNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tapigeeRange.Name,\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tservicenetworking,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeOrg, err := apigee.NewOrganization(ctx, \"apigee_org\", \u0026apigee.OrganizationArgs{\n\t\t\tAnalyticsRegion: pulumi.String(\"us-central1\"),\n\t\t\tProjectId: project.ProjectId,\n\t\t\tAuthorizedNetwork: apigeeNetwork.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tapigeeVpcConnection,\n\t\t\tapigee,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tapigeeEnvironment, err := apigee.NewEnvironment(ctx, \"apigee_environment\", \u0026apigee.EnvironmentArgs{\n\t\t\tOrgId: apigeeOrg.ID(),\n\t\t\tName: pulumi.String(\"my-environment-name\"),\n\t\t\tDescription: pulumi.String(\"Apigee Environment\"),\n\t\t\tDisplayName: pulumi.String(\"environment-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewTargetServer(ctx, \"apigee_target_server\", \u0026apigee.TargetServerArgs{\n\t\t\tName: pulumi.String(\"my-target-server\"),\n\t\t\tDescription: pulumi.String(\"Apigee Target Server\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tHost: pulumi.String(\"abc.foo.com\"),\n\t\t\tPort: pulumi.Int(8080),\n\t\t\tEnvId: apigeeEnvironment.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.apigee.Organization;\nimport com.pulumi.gcp.apigee.OrganizationArgs;\nimport com.pulumi.gcp.apigee.Environment;\nimport com.pulumi.gcp.apigee.EnvironmentArgs;\nimport com.pulumi.gcp.apigee.TargetServer;\nimport com.pulumi.gcp.apigee.TargetServerArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new Project(\"project\", ProjectArgs.builder()\n .projectId(\"my-project\")\n .name(\"my-project\")\n .orgId(\"123456789\")\n .billingAccount(\"000000-0000000-0000000-000000\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var apigee = new Service(\"apigee\", ServiceArgs.builder()\n .project(project.projectId())\n .service(\"apigee.googleapis.com\")\n .build());\n\n var servicenetworking = new Service(\"servicenetworking\", ServiceArgs.builder()\n .project(project.projectId())\n .service(\"servicenetworking.googleapis.com\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(apigee)\n .build());\n\n var compute = new Service(\"compute\", ServiceArgs.builder()\n .project(project.projectId())\n .service(\"compute.googleapis.com\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(servicenetworking)\n .build());\n\n var apigeeNetwork = new Network(\"apigeeNetwork\", NetworkArgs.builder()\n .name(\"apigee-network\")\n .project(project.projectId())\n .build(), CustomResourceOptions.builder()\n .dependsOn(compute)\n .build());\n\n var apigeeRange = new GlobalAddress(\"apigeeRange\", GlobalAddressArgs.builder()\n .name(\"apigee-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(apigeeNetwork.id())\n .project(project.projectId())\n .build());\n\n var apigeeVpcConnection = new Connection(\"apigeeVpcConnection\", ConnectionArgs.builder()\n .network(apigeeNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(apigeeRange.name())\n .build(), CustomResourceOptions.builder()\n .dependsOn(servicenetworking)\n .build());\n\n var apigeeOrg = new Organization(\"apigeeOrg\", OrganizationArgs.builder()\n .analyticsRegion(\"us-central1\")\n .projectId(project.projectId())\n .authorizedNetwork(apigeeNetwork.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n apigeeVpcConnection,\n apigee)\n .build());\n\n var apigeeEnvironment = new Environment(\"apigeeEnvironment\", EnvironmentArgs.builder()\n .orgId(apigeeOrg.id())\n .name(\"my-environment-name\")\n .description(\"Apigee Environment\")\n .displayName(\"environment-1\")\n .build());\n\n var apigeeTargetServer = new TargetServer(\"apigeeTargetServer\", TargetServerArgs.builder()\n .name(\"my-target-server\")\n .description(\"Apigee Target Server\")\n .protocol(\"HTTP\")\n .host(\"abc.foo.com\")\n .port(8080)\n .envId(apigeeEnvironment.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:organizations:Project\n properties:\n projectId: my-project\n name: my-project\n orgId: '123456789'\n billingAccount: 000000-0000000-0000000-000000\n deletionPolicy: DELETE\n apigee:\n type: gcp:projects:Service\n properties:\n project: ${project.projectId}\n service: apigee.googleapis.com\n servicenetworking:\n type: gcp:projects:Service\n properties:\n project: ${project.projectId}\n service: servicenetworking.googleapis.com\n options:\n dependsOn:\n - ${apigee}\n compute:\n type: gcp:projects:Service\n properties:\n project: ${project.projectId}\n service: compute.googleapis.com\n options:\n dependsOn:\n - ${servicenetworking}\n apigeeNetwork:\n type: gcp:compute:Network\n name: apigee_network\n properties:\n name: apigee-network\n project: ${project.projectId}\n options:\n dependsOn:\n - ${compute}\n apigeeRange:\n type: gcp:compute:GlobalAddress\n name: apigee_range\n properties:\n name: apigee-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${apigeeNetwork.id}\n project: ${project.projectId}\n apigeeVpcConnection:\n type: gcp:servicenetworking:Connection\n name: apigee_vpc_connection\n properties:\n network: ${apigeeNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${apigeeRange.name}\n options:\n dependsOn:\n - ${servicenetworking}\n apigeeOrg:\n type: gcp:apigee:Organization\n name: apigee_org\n properties:\n analyticsRegion: us-central1\n projectId: ${project.projectId}\n authorizedNetwork: ${apigeeNetwork.id}\n options:\n dependsOn:\n - ${apigeeVpcConnection}\n - ${apigee}\n apigeeEnvironment:\n type: gcp:apigee:Environment\n name: apigee_environment\n properties:\n orgId: ${apigeeOrg.id}\n name: my-environment-name\n description: Apigee Environment\n displayName: environment-1\n apigeeTargetServer:\n type: gcp:apigee:TargetServer\n name: apigee_target_server\n properties:\n name: my-target-server\n description: Apigee Target Server\n protocol: HTTP\n host: abc.foo.com\n port: 8080\n envId: ${apigeeEnvironment.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nTargetServer can be imported using any of these accepted formats:\n\n* `{{env_id}}/targetservers/{{name}}`\n\n* `{{env_id}}/{{name}}`\n\nWhen using the `pulumi import` command, TargetServer can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:apigee/targetServer:TargetServer default {{env_id}}/targetservers/{{name}}\n```\n\n```sh\n$ pulumi import gcp:apigee/targetServer:TargetServer default {{env_id}}/{{name}}\n```\n\n", "properties": { "description": { "type": "string", @@ -135817,7 +135817,7 @@ } }, "gcp:apphub/service:Service": { - "description": "Service is a network/api interface that exposes some functionality to clients for consumption over the network. Service typically has one or more Workloads behind it. It registers identified service to the Application.\n\n\n\n## Example Usage\n\n### Apphub Service Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst application = new gcp.apphub.Application(\"application\", {\n location: \"us-central1\",\n applicationId: \"example-application-1\",\n scope: {\n type: \"REGIONAL\",\n },\n});\nconst serviceProject = new gcp.organizations.Project(\"service_project\", {\n projectId: \"project-1\",\n name: \"Service Project\",\n orgId: \"123456789\",\n billingAccount: \"000000-0000000-0000000-000000\",\n deletionPolicy: \"DELETE\",\n});\n// Enable Compute API\nconst computeServiceProject = new gcp.projects.Service(\"compute_service_project\", {\n project: serviceProject.projectId,\n service: \"compute.googleapis.com\",\n});\nconst wait120s = new time.index.Sleep(\"wait_120s\", {createDuration: \"120s\"}, {\n dependsOn: [computeServiceProject],\n});\nconst serviceProjectAttachment = new gcp.apphub.ServiceProjectAttachment(\"service_project_attachment\", {serviceProjectAttachmentId: serviceProject.projectId}, {\n dependsOn: [wait120s],\n});\n// VPC network\nconst ilbNetwork = new gcp.compute.Network(\"ilb_network\", {\n name: \"l7-ilb-network\",\n project: serviceProject.projectId,\n autoCreateSubnetworks: false,\n}, {\n dependsOn: [wait120s],\n});\n// backend subnet\nconst ilbSubnet = new gcp.compute.Subnetwork(\"ilb_subnet\", {\n name: \"l7-ilb-subnet\",\n project: serviceProject.projectId,\n ipCidrRange: \"10.0.1.0/24\",\n region: \"us-central1\",\n network: ilbNetwork.id,\n});\n// health check\nconst _default = new gcp.compute.HealthCheck(\"default\", {\n name: \"l7-ilb-hc\",\n project: serviceProject.projectId,\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n}, {\n dependsOn: [wait120s],\n});\n// backend service\nconst backend = new gcp.compute.RegionBackendService(\"backend\", {\n name: \"l7-ilb-backend-subnet\",\n project: serviceProject.projectId,\n region: \"us-central1\",\n healthChecks: _default.id,\n});\n// forwarding rule\nconst forwardingRule = new gcp.compute.ForwardingRule(\"forwarding_rule\", {\n name: \"l7-ilb-forwarding-rule\",\n project: serviceProject.projectId,\n region: \"us-central1\",\n ipVersion: \"IPV4\",\n loadBalancingScheme: \"INTERNAL\",\n allPorts: true,\n backendService: backend.id,\n network: ilbNetwork.id,\n subnetwork: ilbSubnet.id,\n});\n// discovered service block\nconst catalog-service = gcp.apphub.getDiscoveredServiceOutput({\n location: \"us-central1\",\n serviceUri: pulumi.interpolate`//compute.googleapis.com/${forwardingRule.id}`,\n});\nconst wait120sForResourceIngestion = new time.index.Sleep(\"wait_120s_for_resource_ingestion\", {createDuration: \"120s\"}, {\n dependsOn: [forwardingRule],\n});\nconst example = new gcp.apphub.Service(\"example\", {\n location: \"us-central1\",\n applicationId: application.applicationId,\n serviceId: forwardingRule.name,\n discoveredService: catalog_service.apply(catalog_service =\u003e catalog_service.name),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\napplication = gcp.apphub.Application(\"application\",\n location=\"us-central1\",\n application_id=\"example-application-1\",\n scope={\n \"type\": \"REGIONAL\",\n })\nservice_project = gcp.organizations.Project(\"service_project\",\n project_id=\"project-1\",\n name=\"Service Project\",\n org_id=\"123456789\",\n billing_account=\"000000-0000000-0000000-000000\",\n deletion_policy=\"DELETE\")\n# Enable Compute API\ncompute_service_project = gcp.projects.Service(\"compute_service_project\",\n project=service_project.project_id,\n service=\"compute.googleapis.com\")\nwait120s = time.index.Sleep(\"wait_120s\", create_duration=120s,\nopts = pulumi.ResourceOptions(depends_on=[compute_service_project]))\nservice_project_attachment = gcp.apphub.ServiceProjectAttachment(\"service_project_attachment\", service_project_attachment_id=service_project.project_id,\nopts = pulumi.ResourceOptions(depends_on=[wait120s]))\n# VPC network\nilb_network = gcp.compute.Network(\"ilb_network\",\n name=\"l7-ilb-network\",\n project=service_project.project_id,\n auto_create_subnetworks=False,\n opts = pulumi.ResourceOptions(depends_on=[wait120s]))\n# backend subnet\nilb_subnet = gcp.compute.Subnetwork(\"ilb_subnet\",\n name=\"l7-ilb-subnet\",\n project=service_project.project_id,\n ip_cidr_range=\"10.0.1.0/24\",\n region=\"us-central1\",\n network=ilb_network.id)\n# health check\ndefault = gcp.compute.HealthCheck(\"default\",\n name=\"l7-ilb-hc\",\n project=service_project.project_id,\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n },\n opts = pulumi.ResourceOptions(depends_on=[wait120s]))\n# backend service\nbackend = gcp.compute.RegionBackendService(\"backend\",\n name=\"l7-ilb-backend-subnet\",\n project=service_project.project_id,\n region=\"us-central1\",\n health_checks=default.id)\n# forwarding rule\nforwarding_rule = gcp.compute.ForwardingRule(\"forwarding_rule\",\n name=\"l7-ilb-forwarding-rule\",\n project=service_project.project_id,\n region=\"us-central1\",\n ip_version=\"IPV4\",\n load_balancing_scheme=\"INTERNAL\",\n all_ports=True,\n backend_service=backend.id,\n network=ilb_network.id,\n subnetwork=ilb_subnet.id)\n# discovered service block\ncatalog_service = gcp.apphub.get_discovered_service_output(location=\"us-central1\",\n service_uri=forwarding_rule.id.apply(lambda id: f\"//compute.googleapis.com/{id}\"))\nwait120s_for_resource_ingestion = time.index.Sleep(\"wait_120s_for_resource_ingestion\", create_duration=120s,\nopts = pulumi.ResourceOptions(depends_on=[forwarding_rule]))\nexample = gcp.apphub.Service(\"example\",\n location=\"us-central1\",\n application_id=application.application_id,\n service_id=forwarding_rule.name,\n discovered_service=catalog_service.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var application = new Gcp.Apphub.Application(\"application\", new()\n {\n Location = \"us-central1\",\n ApplicationId = \"example-application-1\",\n Scope = new Gcp.Apphub.Inputs.ApplicationScopeArgs\n {\n Type = \"REGIONAL\",\n },\n });\n\n var serviceProject = new Gcp.Organizations.Project(\"service_project\", new()\n {\n ProjectId = \"project-1\",\n Name = \"Service Project\",\n OrgId = \"123456789\",\n BillingAccount = \"000000-0000000-0000000-000000\",\n DeletionPolicy = \"DELETE\",\n });\n\n // Enable Compute API\n var computeServiceProject = new Gcp.Projects.Service(\"compute_service_project\", new()\n {\n Project = serviceProject.ProjectId,\n ServiceName = \"compute.googleapis.com\",\n });\n\n var wait120s = new Time.Index.Sleep(\"wait_120s\", new()\n {\n CreateDuration = \"120s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n computeServiceProject,\n },\n });\n\n var serviceProjectAttachment = new Gcp.Apphub.ServiceProjectAttachment(\"service_project_attachment\", new()\n {\n ServiceProjectAttachmentId = serviceProject.ProjectId,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait120s,\n },\n });\n\n // VPC network\n var ilbNetwork = new Gcp.Compute.Network(\"ilb_network\", new()\n {\n Name = \"l7-ilb-network\",\n Project = serviceProject.ProjectId,\n AutoCreateSubnetworks = false,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait120s,\n },\n });\n\n // backend subnet\n var ilbSubnet = new Gcp.Compute.Subnetwork(\"ilb_subnet\", new()\n {\n Name = \"l7-ilb-subnet\",\n Project = serviceProject.ProjectId,\n IpCidrRange = \"10.0.1.0/24\",\n Region = \"us-central1\",\n Network = ilbNetwork.Id,\n });\n\n // health check\n var @default = new Gcp.Compute.HealthCheck(\"default\", new()\n {\n Name = \"l7-ilb-hc\",\n Project = serviceProject.ProjectId,\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait120s,\n },\n });\n\n // backend service\n var backend = new Gcp.Compute.RegionBackendService(\"backend\", new()\n {\n Name = \"l7-ilb-backend-subnet\",\n Project = serviceProject.ProjectId,\n Region = \"us-central1\",\n HealthChecks = @default.Id,\n });\n\n // forwarding rule\n var forwardingRule = new Gcp.Compute.ForwardingRule(\"forwarding_rule\", new()\n {\n Name = \"l7-ilb-forwarding-rule\",\n Project = serviceProject.ProjectId,\n Region = \"us-central1\",\n IpVersion = \"IPV4\",\n LoadBalancingScheme = \"INTERNAL\",\n AllPorts = true,\n BackendService = backend.Id,\n Network = ilbNetwork.Id,\n Subnetwork = ilbSubnet.Id,\n });\n\n // discovered service block\n var catalog_service = Gcp.Apphub.GetDiscoveredService.Invoke(new()\n {\n Location = \"us-central1\",\n ServiceUri = $\"//compute.googleapis.com/{forwardingRule.Id}\",\n });\n\n var wait120sForResourceIngestion = new Time.Index.Sleep(\"wait_120s_for_resource_ingestion\", new()\n {\n CreateDuration = \"120s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n forwardingRule,\n },\n });\n\n var example = new Gcp.Apphub.Service(\"example\", new()\n {\n Location = \"us-central1\",\n ApplicationId = application.ApplicationId,\n ServiceId = forwardingRule.Name,\n DiscoveredService = catalog_service.Apply(catalog_service =\u003e catalog_service.Apply(getDiscoveredServiceResult =\u003e getDiscoveredServiceResult.Name)),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apphub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tapplication, err := apphub.NewApplication(ctx, \"application\", \u0026apphub.ApplicationArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tApplicationId: pulumi.String(\"example-application-1\"),\n\t\t\tScope: \u0026apphub.ApplicationScopeArgs{\n\t\t\t\tType: pulumi.String(\"REGIONAL\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tserviceProject, err := organizations.NewProject(ctx, \"service_project\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"project-1\"),\n\t\t\tName: pulumi.String(\"Service Project\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tBillingAccount: pulumi.String(\"000000-0000000-0000000-000000\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Enable Compute API\n\t\tcomputeServiceProject, err := projects.NewService(ctx, \"compute_service_project\", \u0026projects.ServiceArgs{\n\t\t\tProject: serviceProject.ProjectId,\n\t\t\tService: pulumi.String(\"compute.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twait120s, err := time.NewSleep(ctx, \"wait_120s\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"120s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcomputeServiceProject,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apphub.NewServiceProjectAttachment(ctx, \"service_project_attachment\", \u0026apphub.ServiceProjectAttachmentArgs{\n\t\t\tServiceProjectAttachmentId: serviceProject.ProjectId,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait120s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// VPC network\n\t\tilbNetwork, err := compute.NewNetwork(ctx, \"ilb_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"l7-ilb-network\"),\n\t\t\tProject: serviceProject.ProjectId,\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait120s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// backend subnet\n\t\tilbSubnet, err := compute.NewSubnetwork(ctx, \"ilb_subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"l7-ilb-subnet\"),\n\t\t\tProject: serviceProject.ProjectId,\n\t\t\tIpCidrRange: pulumi.String(\"10.0.1.0/24\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: ilbNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// health check\n\t\t_, err = compute.NewHealthCheck(ctx, \"default\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"l7-ilb-hc\"),\n\t\t\tProject: serviceProject.ProjectId,\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait120s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// backend service\n\t\tbackend, err := compute.NewRegionBackendService(ctx, \"backend\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"l7-ilb-backend-subnet\"),\n\t\t\tProject: serviceProject.ProjectId,\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHealthChecks: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// forwarding rule\n\t\tforwardingRule, err := compute.NewForwardingRule(ctx, \"forwarding_rule\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"l7-ilb-forwarding-rule\"),\n\t\t\tProject: serviceProject.ProjectId,\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tIpVersion: pulumi.String(\"IPV4\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL\"),\n\t\t\tAllPorts: pulumi.Bool(true),\n\t\t\tBackendService: backend.ID(),\n\t\t\tNetwork: ilbNetwork.ID(),\n\t\t\tSubnetwork: ilbSubnet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// discovered service block\n\t\tcatalog_service := apphub.GetDiscoveredServiceOutput(ctx, apphub.GetDiscoveredServiceOutputArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tServiceUri: forwardingRule.ID().ApplyT(func(id string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"//compute.googleapis.com/%v\", id), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t}, nil)\n\t\t_, err = time.NewSleep(ctx, \"wait_120s_for_resource_ingestion\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"120s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tforwardingRule,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apphub.NewService(ctx, \"example\", \u0026apphub.ServiceArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tApplicationId: application.ApplicationId,\n\t\t\tServiceId: forwardingRule.Name,\n\t\t\tDiscoveredService: pulumi.String(catalog_service.ApplyT(func(catalog_service apphub.GetDiscoveredServiceResult) (*string, error) {\n\t\t\t\treturn \u0026catalog_service.Name, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apphub.Application;\nimport com.pulumi.gcp.apphub.ApplicationArgs;\nimport com.pulumi.gcp.apphub.inputs.ApplicationScopeArgs;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.apphub.ServiceProjectAttachment;\nimport com.pulumi.gcp.apphub.ServiceProjectAttachmentArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.apphub.ApphubFunctions;\nimport com.pulumi.gcp.apphub.inputs.GetDiscoveredServiceArgs;\nimport com.pulumi.gcp.apphub.Service;\nimport com.pulumi.gcp.apphub.ServiceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var application = new Application(\"application\", ApplicationArgs.builder()\n .location(\"us-central1\")\n .applicationId(\"example-application-1\")\n .scope(ApplicationScopeArgs.builder()\n .type(\"REGIONAL\")\n .build())\n .build());\n\n var serviceProject = new Project(\"serviceProject\", ProjectArgs.builder()\n .projectId(\"project-1\")\n .name(\"Service Project\")\n .orgId(\"123456789\")\n .billingAccount(\"000000-0000000-0000000-000000\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n // Enable Compute API\n var computeServiceProject = new Service(\"computeServiceProject\", ServiceArgs.builder()\n .project(serviceProject.projectId())\n .service(\"compute.googleapis.com\")\n .build());\n\n var wait120s = new Sleep(\"wait120s\", SleepArgs.builder()\n .createDuration(\"120s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(computeServiceProject)\n .build());\n\n var serviceProjectAttachment = new ServiceProjectAttachment(\"serviceProjectAttachment\", ServiceProjectAttachmentArgs.builder()\n .serviceProjectAttachmentId(serviceProject.projectId())\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait120s)\n .build());\n\n // VPC network\n var ilbNetwork = new Network(\"ilbNetwork\", NetworkArgs.builder()\n .name(\"l7-ilb-network\")\n .project(serviceProject.projectId())\n .autoCreateSubnetworks(false)\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait120s)\n .build());\n\n // backend subnet\n var ilbSubnet = new Subnetwork(\"ilbSubnet\", SubnetworkArgs.builder()\n .name(\"l7-ilb-subnet\")\n .project(serviceProject.projectId())\n .ipCidrRange(\"10.0.1.0/24\")\n .region(\"us-central1\")\n .network(ilbNetwork.id())\n .build());\n\n // health check\n var default_ = new HealthCheck(\"default\", HealthCheckArgs.builder()\n .name(\"l7-ilb-hc\")\n .project(serviceProject.projectId())\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait120s)\n .build());\n\n // backend service\n var backend = new RegionBackendService(\"backend\", RegionBackendServiceArgs.builder()\n .name(\"l7-ilb-backend-subnet\")\n .project(serviceProject.projectId())\n .region(\"us-central1\")\n .healthChecks(default_.id())\n .build());\n\n // forwarding rule\n var forwardingRule = new ForwardingRule(\"forwardingRule\", ForwardingRuleArgs.builder()\n .name(\"l7-ilb-forwarding-rule\")\n .project(serviceProject.projectId())\n .region(\"us-central1\")\n .ipVersion(\"IPV4\")\n .loadBalancingScheme(\"INTERNAL\")\n .allPorts(true)\n .backendService(backend.id())\n .network(ilbNetwork.id())\n .subnetwork(ilbSubnet.id())\n .build());\n\n // discovered service block\n final var catalog-service = ApphubFunctions.getDiscoveredService(GetDiscoveredServiceArgs.builder()\n .location(\"us-central1\")\n .serviceUri(forwardingRule.id().applyValue(id -\u003e String.format(\"//compute.googleapis.com/%s\", id)))\n .build());\n\n var wait120sForResourceIngestion = new Sleep(\"wait120sForResourceIngestion\", SleepArgs.builder()\n .createDuration(\"120s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(forwardingRule)\n .build());\n\n var example = new Service(\"example\", ServiceArgs.builder()\n .location(\"us-central1\")\n .applicationId(application.applicationId())\n .serviceId(forwardingRule.name())\n .discoveredService(catalog_service.applyValue(catalog_service -\u003e catalog_service.name()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n application:\n type: gcp:apphub:Application\n properties:\n location: us-central1\n applicationId: example-application-1\n scope:\n type: REGIONAL\n serviceProject:\n type: gcp:organizations:Project\n name: service_project\n properties:\n projectId: project-1\n name: Service Project\n orgId: '123456789'\n billingAccount: 000000-0000000-0000000-000000\n deletionPolicy: DELETE\n # Enable Compute API\n computeServiceProject:\n type: gcp:projects:Service\n name: compute_service_project\n properties:\n project: ${serviceProject.projectId}\n service: compute.googleapis.com\n wait120s:\n type: time:sleep\n name: wait_120s\n properties:\n createDuration: 120s\n options:\n dependson:\n - ${computeServiceProject}\n serviceProjectAttachment:\n type: gcp:apphub:ServiceProjectAttachment\n name: service_project_attachment\n properties:\n serviceProjectAttachmentId: ${serviceProject.projectId}\n options:\n dependson:\n - ${wait120s}\n wait120sForResourceIngestion:\n type: time:sleep\n name: wait_120s_for_resource_ingestion\n properties:\n createDuration: 120s\n options:\n dependson:\n - ${forwardingRule}\n example:\n type: gcp:apphub:Service\n properties:\n location: us-central1\n applicationId: ${application.applicationId}\n serviceId: ${forwardingRule.name}\n discoveredService: ${[\"catalog-service\"].name}\n # VPC network\n ilbNetwork:\n type: gcp:compute:Network\n name: ilb_network\n properties:\n name: l7-ilb-network\n project: ${serviceProject.projectId}\n autoCreateSubnetworks: false\n options:\n dependson:\n - ${wait120s}\n # backend subnet\n ilbSubnet:\n type: gcp:compute:Subnetwork\n name: ilb_subnet\n properties:\n name: l7-ilb-subnet\n project: ${serviceProject.projectId}\n ipCidrRange: 10.0.1.0/24\n region: us-central1\n network: ${ilbNetwork.id}\n # forwarding rule\n forwardingRule:\n type: gcp:compute:ForwardingRule\n name: forwarding_rule\n properties:\n name: l7-ilb-forwarding-rule\n project: ${serviceProject.projectId}\n region: us-central1\n ipVersion: IPV4\n loadBalancingScheme: INTERNAL\n allPorts: true\n backendService: ${backend.id}\n network: ${ilbNetwork.id}\n subnetwork: ${ilbSubnet.id}\n # backend service\n backend:\n type: gcp:compute:RegionBackendService\n properties:\n name: l7-ilb-backend-subnet\n project: ${serviceProject.projectId}\n region: us-central1\n healthChecks: ${default.id}\n # health check\n default:\n type: gcp:compute:HealthCheck\n properties:\n name: l7-ilb-hc\n project: ${serviceProject.projectId}\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\n options:\n dependson:\n - ${wait120s}\nvariables:\n # discovered service block\n catalog-service:\n fn::invoke:\n Function: gcp:apphub:getDiscoveredService\n Arguments:\n location: us-central1\n serviceUri: //compute.googleapis.com/${forwardingRule.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Apphub Service Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst application = new gcp.apphub.Application(\"application\", {\n location: \"us-central1\",\n applicationId: \"example-application-1\",\n scope: {\n type: \"REGIONAL\",\n },\n});\nconst serviceProject = new gcp.organizations.Project(\"service_project\", {\n projectId: \"project-1\",\n name: \"Service Project\",\n orgId: \"123456789\",\n billingAccount: \"000000-0000000-0000000-000000\",\n deletionPolicy: \"DELETE\",\n});\n// Enable Compute API\nconst computeServiceProject = new gcp.projects.Service(\"compute_service_project\", {\n project: serviceProject.projectId,\n service: \"compute.googleapis.com\",\n});\nconst wait120s = new time.index.Sleep(\"wait_120s\", {createDuration: \"120s\"}, {\n dependsOn: [computeServiceProject],\n});\nconst serviceProjectAttachment = new gcp.apphub.ServiceProjectAttachment(\"service_project_attachment\", {serviceProjectAttachmentId: serviceProject.projectId}, {\n dependsOn: [wait120s],\n});\n// VPC network\nconst ilbNetwork = new gcp.compute.Network(\"ilb_network\", {\n name: \"l7-ilb-network\",\n project: serviceProject.projectId,\n autoCreateSubnetworks: false,\n}, {\n dependsOn: [wait120s],\n});\n// backend subnet\nconst ilbSubnet = new gcp.compute.Subnetwork(\"ilb_subnet\", {\n name: \"l7-ilb-subnet\",\n project: serviceProject.projectId,\n ipCidrRange: \"10.0.1.0/24\",\n region: \"us-central1\",\n network: ilbNetwork.id,\n});\n// health check\nconst _default = new gcp.compute.HealthCheck(\"default\", {\n name: \"l7-ilb-hc\",\n project: serviceProject.projectId,\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n}, {\n dependsOn: [wait120s],\n});\n// backend service\nconst backend = new gcp.compute.RegionBackendService(\"backend\", {\n name: \"l7-ilb-backend-subnet\",\n project: serviceProject.projectId,\n region: \"us-central1\",\n healthChecks: _default.id,\n});\n// forwarding rule\nconst forwardingRule = new gcp.compute.ForwardingRule(\"forwarding_rule\", {\n name: \"l7-ilb-forwarding-rule\",\n project: serviceProject.projectId,\n region: \"us-central1\",\n ipVersion: \"IPV4\",\n loadBalancingScheme: \"INTERNAL\",\n allPorts: true,\n backendService: backend.id,\n network: ilbNetwork.id,\n subnetwork: ilbSubnet.id,\n});\n// discovered service block\nconst catalog-service = gcp.apphub.getDiscoveredServiceOutput({\n location: \"us-central1\",\n serviceUri: pulumi.interpolate`//compute.googleapis.com/${forwardingRule.id}`,\n});\nconst wait120sForResourceIngestion = new time.index.Sleep(\"wait_120s_for_resource_ingestion\", {createDuration: \"120s\"}, {\n dependsOn: [forwardingRule],\n});\nconst example = new gcp.apphub.Service(\"example\", {\n location: \"us-central1\",\n applicationId: application.applicationId,\n serviceId: forwardingRule.name,\n discoveredService: catalog_service.apply(catalog_service =\u003e catalog_service.name),\n displayName: \"Example Service Full\",\n description: \"Register service for testing\",\n attributes: {\n environment: {\n type: \"STAGING\",\n },\n criticality: {\n type: \"MISSION_CRITICAL\",\n },\n businessOwners: [{\n displayName: \"Alice\",\n email: \"alice@google.com\",\n }],\n developerOwners: [{\n displayName: \"Bob\",\n email: \"bob@google.com\",\n }],\n operatorOwners: [{\n displayName: \"Charlie\",\n email: \"charlie@google.com\",\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\napplication = gcp.apphub.Application(\"application\",\n location=\"us-central1\",\n application_id=\"example-application-1\",\n scope={\n \"type\": \"REGIONAL\",\n })\nservice_project = gcp.organizations.Project(\"service_project\",\n project_id=\"project-1\",\n name=\"Service Project\",\n org_id=\"123456789\",\n billing_account=\"000000-0000000-0000000-000000\",\n deletion_policy=\"DELETE\")\n# Enable Compute API\ncompute_service_project = gcp.projects.Service(\"compute_service_project\",\n project=service_project.project_id,\n service=\"compute.googleapis.com\")\nwait120s = time.index.Sleep(\"wait_120s\", create_duration=120s,\nopts = pulumi.ResourceOptions(depends_on=[compute_service_project]))\nservice_project_attachment = gcp.apphub.ServiceProjectAttachment(\"service_project_attachment\", service_project_attachment_id=service_project.project_id,\nopts = pulumi.ResourceOptions(depends_on=[wait120s]))\n# VPC network\nilb_network = gcp.compute.Network(\"ilb_network\",\n name=\"l7-ilb-network\",\n project=service_project.project_id,\n auto_create_subnetworks=False,\n opts = pulumi.ResourceOptions(depends_on=[wait120s]))\n# backend subnet\nilb_subnet = gcp.compute.Subnetwork(\"ilb_subnet\",\n name=\"l7-ilb-subnet\",\n project=service_project.project_id,\n ip_cidr_range=\"10.0.1.0/24\",\n region=\"us-central1\",\n network=ilb_network.id)\n# health check\ndefault = gcp.compute.HealthCheck(\"default\",\n name=\"l7-ilb-hc\",\n project=service_project.project_id,\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n },\n opts = pulumi.ResourceOptions(depends_on=[wait120s]))\n# backend service\nbackend = gcp.compute.RegionBackendService(\"backend\",\n name=\"l7-ilb-backend-subnet\",\n project=service_project.project_id,\n region=\"us-central1\",\n health_checks=default.id)\n# forwarding rule\nforwarding_rule = gcp.compute.ForwardingRule(\"forwarding_rule\",\n name=\"l7-ilb-forwarding-rule\",\n project=service_project.project_id,\n region=\"us-central1\",\n ip_version=\"IPV4\",\n load_balancing_scheme=\"INTERNAL\",\n all_ports=True,\n backend_service=backend.id,\n network=ilb_network.id,\n subnetwork=ilb_subnet.id)\n# discovered service block\ncatalog_service = gcp.apphub.get_discovered_service_output(location=\"us-central1\",\n service_uri=forwarding_rule.id.apply(lambda id: f\"//compute.googleapis.com/{id}\"))\nwait120s_for_resource_ingestion = time.index.Sleep(\"wait_120s_for_resource_ingestion\", create_duration=120s,\nopts = pulumi.ResourceOptions(depends_on=[forwarding_rule]))\nexample = gcp.apphub.Service(\"example\",\n location=\"us-central1\",\n application_id=application.application_id,\n service_id=forwarding_rule.name,\n discovered_service=catalog_service.name,\n display_name=\"Example Service Full\",\n description=\"Register service for testing\",\n attributes={\n \"environment\": {\n \"type\": \"STAGING\",\n },\n \"criticality\": {\n \"type\": \"MISSION_CRITICAL\",\n },\n \"business_owners\": [{\n \"display_name\": \"Alice\",\n \"email\": \"alice@google.com\",\n }],\n \"developer_owners\": [{\n \"display_name\": \"Bob\",\n \"email\": \"bob@google.com\",\n }],\n \"operator_owners\": [{\n \"display_name\": \"Charlie\",\n \"email\": \"charlie@google.com\",\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var application = new Gcp.Apphub.Application(\"application\", new()\n {\n Location = \"us-central1\",\n ApplicationId = \"example-application-1\",\n Scope = new Gcp.Apphub.Inputs.ApplicationScopeArgs\n {\n Type = \"REGIONAL\",\n },\n });\n\n var serviceProject = new Gcp.Organizations.Project(\"service_project\", new()\n {\n ProjectId = \"project-1\",\n Name = \"Service Project\",\n OrgId = \"123456789\",\n BillingAccount = \"000000-0000000-0000000-000000\",\n DeletionPolicy = \"DELETE\",\n });\n\n // Enable Compute API\n var computeServiceProject = new Gcp.Projects.Service(\"compute_service_project\", new()\n {\n Project = serviceProject.ProjectId,\n ServiceName = \"compute.googleapis.com\",\n });\n\n var wait120s = new Time.Index.Sleep(\"wait_120s\", new()\n {\n CreateDuration = \"120s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n computeServiceProject,\n },\n });\n\n var serviceProjectAttachment = new Gcp.Apphub.ServiceProjectAttachment(\"service_project_attachment\", new()\n {\n ServiceProjectAttachmentId = serviceProject.ProjectId,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait120s,\n },\n });\n\n // VPC network\n var ilbNetwork = new Gcp.Compute.Network(\"ilb_network\", new()\n {\n Name = \"l7-ilb-network\",\n Project = serviceProject.ProjectId,\n AutoCreateSubnetworks = false,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait120s,\n },\n });\n\n // backend subnet\n var ilbSubnet = new Gcp.Compute.Subnetwork(\"ilb_subnet\", new()\n {\n Name = \"l7-ilb-subnet\",\n Project = serviceProject.ProjectId,\n IpCidrRange = \"10.0.1.0/24\",\n Region = \"us-central1\",\n Network = ilbNetwork.Id,\n });\n\n // health check\n var @default = new Gcp.Compute.HealthCheck(\"default\", new()\n {\n Name = \"l7-ilb-hc\",\n Project = serviceProject.ProjectId,\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait120s,\n },\n });\n\n // backend service\n var backend = new Gcp.Compute.RegionBackendService(\"backend\", new()\n {\n Name = \"l7-ilb-backend-subnet\",\n Project = serviceProject.ProjectId,\n Region = \"us-central1\",\n HealthChecks = @default.Id,\n });\n\n // forwarding rule\n var forwardingRule = new Gcp.Compute.ForwardingRule(\"forwarding_rule\", new()\n {\n Name = \"l7-ilb-forwarding-rule\",\n Project = serviceProject.ProjectId,\n Region = \"us-central1\",\n IpVersion = \"IPV4\",\n LoadBalancingScheme = \"INTERNAL\",\n AllPorts = true,\n BackendService = backend.Id,\n Network = ilbNetwork.Id,\n Subnetwork = ilbSubnet.Id,\n });\n\n // discovered service block\n var catalog_service = Gcp.Apphub.GetDiscoveredService.Invoke(new()\n {\n Location = \"us-central1\",\n ServiceUri = $\"//compute.googleapis.com/{forwardingRule.Id}\",\n });\n\n var wait120sForResourceIngestion = new Time.Index.Sleep(\"wait_120s_for_resource_ingestion\", new()\n {\n CreateDuration = \"120s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n forwardingRule,\n },\n });\n\n var example = new Gcp.Apphub.Service(\"example\", new()\n {\n Location = \"us-central1\",\n ApplicationId = application.ApplicationId,\n ServiceId = forwardingRule.Name,\n DiscoveredService = catalog_service.Apply(catalog_service =\u003e catalog_service.Apply(getDiscoveredServiceResult =\u003e getDiscoveredServiceResult.Name)),\n DisplayName = \"Example Service Full\",\n Description = \"Register service for testing\",\n Attributes = new Gcp.Apphub.Inputs.ServiceAttributesArgs\n {\n Environment = new Gcp.Apphub.Inputs.ServiceAttributesEnvironmentArgs\n {\n Type = \"STAGING\",\n },\n Criticality = new Gcp.Apphub.Inputs.ServiceAttributesCriticalityArgs\n {\n Type = \"MISSION_CRITICAL\",\n },\n BusinessOwners = new[]\n {\n new Gcp.Apphub.Inputs.ServiceAttributesBusinessOwnerArgs\n {\n DisplayName = \"Alice\",\n Email = \"alice@google.com\",\n },\n },\n DeveloperOwners = new[]\n {\n new Gcp.Apphub.Inputs.ServiceAttributesDeveloperOwnerArgs\n {\n DisplayName = \"Bob\",\n Email = \"bob@google.com\",\n },\n },\n OperatorOwners = new[]\n {\n new Gcp.Apphub.Inputs.ServiceAttributesOperatorOwnerArgs\n {\n DisplayName = \"Charlie\",\n Email = \"charlie@google.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apphub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tapplication, err := apphub.NewApplication(ctx, \"application\", \u0026apphub.ApplicationArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tApplicationId: pulumi.String(\"example-application-1\"),\n\t\t\tScope: \u0026apphub.ApplicationScopeArgs{\n\t\t\t\tType: pulumi.String(\"REGIONAL\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tserviceProject, err := organizations.NewProject(ctx, \"service_project\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"project-1\"),\n\t\t\tName: pulumi.String(\"Service Project\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tBillingAccount: pulumi.String(\"000000-0000000-0000000-000000\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Enable Compute API\n\t\tcomputeServiceProject, err := projects.NewService(ctx, \"compute_service_project\", \u0026projects.ServiceArgs{\n\t\t\tProject: serviceProject.ProjectId,\n\t\t\tService: pulumi.String(\"compute.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twait120s, err := time.NewSleep(ctx, \"wait_120s\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"120s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcomputeServiceProject,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apphub.NewServiceProjectAttachment(ctx, \"service_project_attachment\", \u0026apphub.ServiceProjectAttachmentArgs{\n\t\t\tServiceProjectAttachmentId: serviceProject.ProjectId,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait120s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// VPC network\n\t\tilbNetwork, err := compute.NewNetwork(ctx, \"ilb_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"l7-ilb-network\"),\n\t\t\tProject: serviceProject.ProjectId,\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait120s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// backend subnet\n\t\tilbSubnet, err := compute.NewSubnetwork(ctx, \"ilb_subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"l7-ilb-subnet\"),\n\t\t\tProject: serviceProject.ProjectId,\n\t\t\tIpCidrRange: pulumi.String(\"10.0.1.0/24\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: ilbNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// health check\n\t\t_, err = compute.NewHealthCheck(ctx, \"default\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"l7-ilb-hc\"),\n\t\t\tProject: serviceProject.ProjectId,\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait120s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// backend service\n\t\tbackend, err := compute.NewRegionBackendService(ctx, \"backend\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"l7-ilb-backend-subnet\"),\n\t\t\tProject: serviceProject.ProjectId,\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHealthChecks: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// forwarding rule\n\t\tforwardingRule, err := compute.NewForwardingRule(ctx, \"forwarding_rule\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"l7-ilb-forwarding-rule\"),\n\t\t\tProject: serviceProject.ProjectId,\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tIpVersion: pulumi.String(\"IPV4\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL\"),\n\t\t\tAllPorts: pulumi.Bool(true),\n\t\t\tBackendService: backend.ID(),\n\t\t\tNetwork: ilbNetwork.ID(),\n\t\t\tSubnetwork: ilbSubnet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// discovered service block\n\t\tcatalog_service := apphub.GetDiscoveredServiceOutput(ctx, apphub.GetDiscoveredServiceOutputArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tServiceUri: forwardingRule.ID().ApplyT(func(id string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"//compute.googleapis.com/%v\", id), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t}, nil)\n\t\t_, err = time.NewSleep(ctx, \"wait_120s_for_resource_ingestion\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"120s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tforwardingRule,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apphub.NewService(ctx, \"example\", \u0026apphub.ServiceArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tApplicationId: application.ApplicationId,\n\t\t\tServiceId: forwardingRule.Name,\n\t\t\tDiscoveredService: pulumi.String(catalog_service.ApplyT(func(catalog_service apphub.GetDiscoveredServiceResult) (*string, error) {\n\t\t\t\treturn \u0026catalog_service.Name, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\tDisplayName: pulumi.String(\"Example Service Full\"),\n\t\t\tDescription: pulumi.String(\"Register service for testing\"),\n\t\t\tAttributes: \u0026apphub.ServiceAttributesArgs{\n\t\t\t\tEnvironment: \u0026apphub.ServiceAttributesEnvironmentArgs{\n\t\t\t\t\tType: pulumi.String(\"STAGING\"),\n\t\t\t\t},\n\t\t\t\tCriticality: \u0026apphub.ServiceAttributesCriticalityArgs{\n\t\t\t\t\tType: pulumi.String(\"MISSION_CRITICAL\"),\n\t\t\t\t},\n\t\t\t\tBusinessOwners: apphub.ServiceAttributesBusinessOwnerArray{\n\t\t\t\t\t\u0026apphub.ServiceAttributesBusinessOwnerArgs{\n\t\t\t\t\t\tDisplayName: pulumi.String(\"Alice\"),\n\t\t\t\t\t\tEmail: pulumi.String(\"alice@google.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tDeveloperOwners: apphub.ServiceAttributesDeveloperOwnerArray{\n\t\t\t\t\t\u0026apphub.ServiceAttributesDeveloperOwnerArgs{\n\t\t\t\t\t\tDisplayName: pulumi.String(\"Bob\"),\n\t\t\t\t\t\tEmail: pulumi.String(\"bob@google.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tOperatorOwners: apphub.ServiceAttributesOperatorOwnerArray{\n\t\t\t\t\t\u0026apphub.ServiceAttributesOperatorOwnerArgs{\n\t\t\t\t\t\tDisplayName: pulumi.String(\"Charlie\"),\n\t\t\t\t\t\tEmail: pulumi.String(\"charlie@google.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apphub.Application;\nimport com.pulumi.gcp.apphub.ApplicationArgs;\nimport com.pulumi.gcp.apphub.inputs.ApplicationScopeArgs;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.apphub.ServiceProjectAttachment;\nimport com.pulumi.gcp.apphub.ServiceProjectAttachmentArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.apphub.ApphubFunctions;\nimport com.pulumi.gcp.apphub.inputs.GetDiscoveredServiceArgs;\nimport com.pulumi.gcp.apphub.Service;\nimport com.pulumi.gcp.apphub.ServiceArgs;\nimport com.pulumi.gcp.apphub.inputs.ServiceAttributesArgs;\nimport com.pulumi.gcp.apphub.inputs.ServiceAttributesEnvironmentArgs;\nimport com.pulumi.gcp.apphub.inputs.ServiceAttributesCriticalityArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var application = new Application(\"application\", ApplicationArgs.builder()\n .location(\"us-central1\")\n .applicationId(\"example-application-1\")\n .scope(ApplicationScopeArgs.builder()\n .type(\"REGIONAL\")\n .build())\n .build());\n\n var serviceProject = new Project(\"serviceProject\", ProjectArgs.builder()\n .projectId(\"project-1\")\n .name(\"Service Project\")\n .orgId(\"123456789\")\n .billingAccount(\"000000-0000000-0000000-000000\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n // Enable Compute API\n var computeServiceProject = new Service(\"computeServiceProject\", ServiceArgs.builder()\n .project(serviceProject.projectId())\n .service(\"compute.googleapis.com\")\n .build());\n\n var wait120s = new Sleep(\"wait120s\", SleepArgs.builder()\n .createDuration(\"120s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(computeServiceProject)\n .build());\n\n var serviceProjectAttachment = new ServiceProjectAttachment(\"serviceProjectAttachment\", ServiceProjectAttachmentArgs.builder()\n .serviceProjectAttachmentId(serviceProject.projectId())\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait120s)\n .build());\n\n // VPC network\n var ilbNetwork = new Network(\"ilbNetwork\", NetworkArgs.builder()\n .name(\"l7-ilb-network\")\n .project(serviceProject.projectId())\n .autoCreateSubnetworks(false)\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait120s)\n .build());\n\n // backend subnet\n var ilbSubnet = new Subnetwork(\"ilbSubnet\", SubnetworkArgs.builder()\n .name(\"l7-ilb-subnet\")\n .project(serviceProject.projectId())\n .ipCidrRange(\"10.0.1.0/24\")\n .region(\"us-central1\")\n .network(ilbNetwork.id())\n .build());\n\n // health check\n var default_ = new HealthCheck(\"default\", HealthCheckArgs.builder()\n .name(\"l7-ilb-hc\")\n .project(serviceProject.projectId())\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait120s)\n .build());\n\n // backend service\n var backend = new RegionBackendService(\"backend\", RegionBackendServiceArgs.builder()\n .name(\"l7-ilb-backend-subnet\")\n .project(serviceProject.projectId())\n .region(\"us-central1\")\n .healthChecks(default_.id())\n .build());\n\n // forwarding rule\n var forwardingRule = new ForwardingRule(\"forwardingRule\", ForwardingRuleArgs.builder()\n .name(\"l7-ilb-forwarding-rule\")\n .project(serviceProject.projectId())\n .region(\"us-central1\")\n .ipVersion(\"IPV4\")\n .loadBalancingScheme(\"INTERNAL\")\n .allPorts(true)\n .backendService(backend.id())\n .network(ilbNetwork.id())\n .subnetwork(ilbSubnet.id())\n .build());\n\n // discovered service block\n final var catalog-service = ApphubFunctions.getDiscoveredService(GetDiscoveredServiceArgs.builder()\n .location(\"us-central1\")\n .serviceUri(forwardingRule.id().applyValue(id -\u003e String.format(\"//compute.googleapis.com/%s\", id)))\n .build());\n\n var wait120sForResourceIngestion = new Sleep(\"wait120sForResourceIngestion\", SleepArgs.builder()\n .createDuration(\"120s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(forwardingRule)\n .build());\n\n var example = new Service(\"example\", ServiceArgs.builder()\n .location(\"us-central1\")\n .applicationId(application.applicationId())\n .serviceId(forwardingRule.name())\n .discoveredService(catalog_service.applyValue(catalog_service -\u003e catalog_service.name()))\n .displayName(\"Example Service Full\")\n .description(\"Register service for testing\")\n .attributes(ServiceAttributesArgs.builder()\n .environment(ServiceAttributesEnvironmentArgs.builder()\n .type(\"STAGING\")\n .build())\n .criticality(ServiceAttributesCriticalityArgs.builder()\n .type(\"MISSION_CRITICAL\")\n .build())\n .businessOwners(ServiceAttributesBusinessOwnerArgs.builder()\n .displayName(\"Alice\")\n .email(\"alice@google.com\")\n .build())\n .developerOwners(ServiceAttributesDeveloperOwnerArgs.builder()\n .displayName(\"Bob\")\n .email(\"bob@google.com\")\n .build())\n .operatorOwners(ServiceAttributesOperatorOwnerArgs.builder()\n .displayName(\"Charlie\")\n .email(\"charlie@google.com\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n application:\n type: gcp:apphub:Application\n properties:\n location: us-central1\n applicationId: example-application-1\n scope:\n type: REGIONAL\n serviceProject:\n type: gcp:organizations:Project\n name: service_project\n properties:\n projectId: project-1\n name: Service Project\n orgId: '123456789'\n billingAccount: 000000-0000000-0000000-000000\n deletionPolicy: DELETE\n # Enable Compute API\n computeServiceProject:\n type: gcp:projects:Service\n name: compute_service_project\n properties:\n project: ${serviceProject.projectId}\n service: compute.googleapis.com\n wait120s:\n type: time:sleep\n name: wait_120s\n properties:\n createDuration: 120s\n options:\n dependson:\n - ${computeServiceProject}\n serviceProjectAttachment:\n type: gcp:apphub:ServiceProjectAttachment\n name: service_project_attachment\n properties:\n serviceProjectAttachmentId: ${serviceProject.projectId}\n options:\n dependson:\n - ${wait120s}\n wait120sForResourceIngestion:\n type: time:sleep\n name: wait_120s_for_resource_ingestion\n properties:\n createDuration: 120s\n options:\n dependson:\n - ${forwardingRule}\n example:\n type: gcp:apphub:Service\n properties:\n location: us-central1\n applicationId: ${application.applicationId}\n serviceId: ${forwardingRule.name}\n discoveredService: ${[\"catalog-service\"].name}\n displayName: Example Service Full\n description: Register service for testing\n attributes:\n environment:\n type: STAGING\n criticality:\n type: MISSION_CRITICAL\n businessOwners:\n - displayName: Alice\n email: alice@google.com\n developerOwners:\n - displayName: Bob\n email: bob@google.com\n operatorOwners:\n - displayName: Charlie\n email: charlie@google.com\n # VPC network\n ilbNetwork:\n type: gcp:compute:Network\n name: ilb_network\n properties:\n name: l7-ilb-network\n project: ${serviceProject.projectId}\n autoCreateSubnetworks: false\n options:\n dependson:\n - ${wait120s}\n # backend subnet\n ilbSubnet:\n type: gcp:compute:Subnetwork\n name: ilb_subnet\n properties:\n name: l7-ilb-subnet\n project: ${serviceProject.projectId}\n ipCidrRange: 10.0.1.0/24\n region: us-central1\n network: ${ilbNetwork.id}\n # forwarding rule\n forwardingRule:\n type: gcp:compute:ForwardingRule\n name: forwarding_rule\n properties:\n name: l7-ilb-forwarding-rule\n project: ${serviceProject.projectId}\n region: us-central1\n ipVersion: IPV4\n loadBalancingScheme: INTERNAL\n allPorts: true\n backendService: ${backend.id}\n network: ${ilbNetwork.id}\n subnetwork: ${ilbSubnet.id}\n # backend service\n backend:\n type: gcp:compute:RegionBackendService\n properties:\n name: l7-ilb-backend-subnet\n project: ${serviceProject.projectId}\n region: us-central1\n healthChecks: ${default.id}\n # health check\n default:\n type: gcp:compute:HealthCheck\n properties:\n name: l7-ilb-hc\n project: ${serviceProject.projectId}\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\n options:\n dependson:\n - ${wait120s}\nvariables:\n # discovered service block\n catalog-service:\n fn::invoke:\n Function: gcp:apphub:getDiscoveredService\n Arguments:\n location: us-central1\n serviceUri: //compute.googleapis.com/${forwardingRule.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nService can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/applications/{{application_id}}/services/{{service_id}}`\n\n* `{{project}}/{{location}}/{{application_id}}/{{service_id}}`\n\n* `{{location}}/{{application_id}}/{{service_id}}`\n\nWhen using the `pulumi import` command, Service can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:apphub/service:Service default projects/{{project}}/locations/{{location}}/applications/{{application_id}}/services/{{service_id}}\n```\n\n```sh\n$ pulumi import gcp:apphub/service:Service default {{project}}/{{location}}/{{application_id}}/{{service_id}}\n```\n\n```sh\n$ pulumi import gcp:apphub/service:Service default {{location}}/{{application_id}}/{{service_id}}\n```\n\n", + "description": "Service is a network/api interface that exposes some functionality to clients for consumption over the network. Service typically has one or more Workloads behind it. It registers identified service to the Application.\n\n\n\n## Example Usage\n\n### Apphub Service Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst application = new gcp.apphub.Application(\"application\", {\n location: \"us-central1\",\n applicationId: \"example-application-1\",\n scope: {\n type: \"REGIONAL\",\n },\n});\nconst serviceProject = new gcp.organizations.Project(\"service_project\", {\n projectId: \"project-1\",\n name: \"Service Project\",\n orgId: \"123456789\",\n billingAccount: \"000000-0000000-0000000-000000\",\n deletionPolicy: \"DELETE\",\n});\n// Enable Compute API\nconst computeServiceProject = new gcp.projects.Service(\"compute_service_project\", {\n project: serviceProject.projectId,\n service: \"compute.googleapis.com\",\n});\nconst wait120s = new time.index.Sleep(\"wait_120s\", {createDuration: \"120s\"}, {\n dependsOn: [computeServiceProject],\n});\nconst serviceProjectAttachment = new gcp.apphub.ServiceProjectAttachment(\"service_project_attachment\", {serviceProjectAttachmentId: serviceProject.projectId}, {\n dependsOn: [wait120s],\n});\n// VPC network\nconst ilbNetwork = new gcp.compute.Network(\"ilb_network\", {\n name: \"l7-ilb-network\",\n project: serviceProject.projectId,\n autoCreateSubnetworks: false,\n}, {\n dependsOn: [wait120s],\n});\n// backend subnet\nconst ilbSubnet = new gcp.compute.Subnetwork(\"ilb_subnet\", {\n name: \"l7-ilb-subnet\",\n project: serviceProject.projectId,\n ipCidrRange: \"10.0.1.0/24\",\n region: \"us-central1\",\n network: ilbNetwork.id,\n});\n// health check\nconst _default = new gcp.compute.HealthCheck(\"default\", {\n name: \"l7-ilb-hc\",\n project: serviceProject.projectId,\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n}, {\n dependsOn: [wait120s],\n});\n// backend service\nconst backend = new gcp.compute.RegionBackendService(\"backend\", {\n name: \"l7-ilb-backend-subnet\",\n project: serviceProject.projectId,\n region: \"us-central1\",\n healthChecks: _default.id,\n});\n// forwarding rule\nconst forwardingRule = new gcp.compute.ForwardingRule(\"forwarding_rule\", {\n name: \"l7-ilb-forwarding-rule\",\n project: serviceProject.projectId,\n region: \"us-central1\",\n ipVersion: \"IPV4\",\n loadBalancingScheme: \"INTERNAL\",\n allPorts: true,\n backendService: backend.id,\n network: ilbNetwork.id,\n subnetwork: ilbSubnet.id,\n});\n// discovered service block\nconst catalog-service = gcp.apphub.getDiscoveredServiceOutput({\n location: \"us-central1\",\n serviceUri: pulumi.interpolate`//compute.googleapis.com/${forwardingRule.id}`,\n});\nconst wait120sForResourceIngestion = new time.index.Sleep(\"wait_120s_for_resource_ingestion\", {createDuration: \"120s\"}, {\n dependsOn: [forwardingRule],\n});\nconst example = new gcp.apphub.Service(\"example\", {\n location: \"us-central1\",\n applicationId: application.applicationId,\n serviceId: forwardingRule.name,\n discoveredService: catalog_service.apply(catalog_service =\u003e catalog_service.name),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\napplication = gcp.apphub.Application(\"application\",\n location=\"us-central1\",\n application_id=\"example-application-1\",\n scope={\n \"type\": \"REGIONAL\",\n })\nservice_project = gcp.organizations.Project(\"service_project\",\n project_id=\"project-1\",\n name=\"Service Project\",\n org_id=\"123456789\",\n billing_account=\"000000-0000000-0000000-000000\",\n deletion_policy=\"DELETE\")\n# Enable Compute API\ncompute_service_project = gcp.projects.Service(\"compute_service_project\",\n project=service_project.project_id,\n service=\"compute.googleapis.com\")\nwait120s = time.index.Sleep(\"wait_120s\", create_duration=120s,\nopts = pulumi.ResourceOptions(depends_on=[compute_service_project]))\nservice_project_attachment = gcp.apphub.ServiceProjectAttachment(\"service_project_attachment\", service_project_attachment_id=service_project.project_id,\nopts = pulumi.ResourceOptions(depends_on=[wait120s]))\n# VPC network\nilb_network = gcp.compute.Network(\"ilb_network\",\n name=\"l7-ilb-network\",\n project=service_project.project_id,\n auto_create_subnetworks=False,\n opts = pulumi.ResourceOptions(depends_on=[wait120s]))\n# backend subnet\nilb_subnet = gcp.compute.Subnetwork(\"ilb_subnet\",\n name=\"l7-ilb-subnet\",\n project=service_project.project_id,\n ip_cidr_range=\"10.0.1.0/24\",\n region=\"us-central1\",\n network=ilb_network.id)\n# health check\ndefault = gcp.compute.HealthCheck(\"default\",\n name=\"l7-ilb-hc\",\n project=service_project.project_id,\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n },\n opts = pulumi.ResourceOptions(depends_on=[wait120s]))\n# backend service\nbackend = gcp.compute.RegionBackendService(\"backend\",\n name=\"l7-ilb-backend-subnet\",\n project=service_project.project_id,\n region=\"us-central1\",\n health_checks=default.id)\n# forwarding rule\nforwarding_rule = gcp.compute.ForwardingRule(\"forwarding_rule\",\n name=\"l7-ilb-forwarding-rule\",\n project=service_project.project_id,\n region=\"us-central1\",\n ip_version=\"IPV4\",\n load_balancing_scheme=\"INTERNAL\",\n all_ports=True,\n backend_service=backend.id,\n network=ilb_network.id,\n subnetwork=ilb_subnet.id)\n# discovered service block\ncatalog_service = gcp.apphub.get_discovered_service_output(location=\"us-central1\",\n service_uri=forwarding_rule.id.apply(lambda id: f\"//compute.googleapis.com/{id}\"))\nwait120s_for_resource_ingestion = time.index.Sleep(\"wait_120s_for_resource_ingestion\", create_duration=120s,\nopts = pulumi.ResourceOptions(depends_on=[forwarding_rule]))\nexample = gcp.apphub.Service(\"example\",\n location=\"us-central1\",\n application_id=application.application_id,\n service_id=forwarding_rule.name,\n discovered_service=catalog_service.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var application = new Gcp.Apphub.Application(\"application\", new()\n {\n Location = \"us-central1\",\n ApplicationId = \"example-application-1\",\n Scope = new Gcp.Apphub.Inputs.ApplicationScopeArgs\n {\n Type = \"REGIONAL\",\n },\n });\n\n var serviceProject = new Gcp.Organizations.Project(\"service_project\", new()\n {\n ProjectId = \"project-1\",\n Name = \"Service Project\",\n OrgId = \"123456789\",\n BillingAccount = \"000000-0000000-0000000-000000\",\n DeletionPolicy = \"DELETE\",\n });\n\n // Enable Compute API\n var computeServiceProject = new Gcp.Projects.Service(\"compute_service_project\", new()\n {\n Project = serviceProject.ProjectId,\n ServiceName = \"compute.googleapis.com\",\n });\n\n var wait120s = new Time.Index.Sleep(\"wait_120s\", new()\n {\n CreateDuration = \"120s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n computeServiceProject,\n },\n });\n\n var serviceProjectAttachment = new Gcp.Apphub.ServiceProjectAttachment(\"service_project_attachment\", new()\n {\n ServiceProjectAttachmentId = serviceProject.ProjectId,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait120s,\n },\n });\n\n // VPC network\n var ilbNetwork = new Gcp.Compute.Network(\"ilb_network\", new()\n {\n Name = \"l7-ilb-network\",\n Project = serviceProject.ProjectId,\n AutoCreateSubnetworks = false,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait120s,\n },\n });\n\n // backend subnet\n var ilbSubnet = new Gcp.Compute.Subnetwork(\"ilb_subnet\", new()\n {\n Name = \"l7-ilb-subnet\",\n Project = serviceProject.ProjectId,\n IpCidrRange = \"10.0.1.0/24\",\n Region = \"us-central1\",\n Network = ilbNetwork.Id,\n });\n\n // health check\n var @default = new Gcp.Compute.HealthCheck(\"default\", new()\n {\n Name = \"l7-ilb-hc\",\n Project = serviceProject.ProjectId,\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait120s,\n },\n });\n\n // backend service\n var backend = new Gcp.Compute.RegionBackendService(\"backend\", new()\n {\n Name = \"l7-ilb-backend-subnet\",\n Project = serviceProject.ProjectId,\n Region = \"us-central1\",\n HealthChecks = @default.Id,\n });\n\n // forwarding rule\n var forwardingRule = new Gcp.Compute.ForwardingRule(\"forwarding_rule\", new()\n {\n Name = \"l7-ilb-forwarding-rule\",\n Project = serviceProject.ProjectId,\n Region = \"us-central1\",\n IpVersion = \"IPV4\",\n LoadBalancingScheme = \"INTERNAL\",\n AllPorts = true,\n BackendService = backend.Id,\n Network = ilbNetwork.Id,\n Subnetwork = ilbSubnet.Id,\n });\n\n // discovered service block\n var catalog_service = Gcp.Apphub.GetDiscoveredService.Invoke(new()\n {\n Location = \"us-central1\",\n ServiceUri = $\"//compute.googleapis.com/{forwardingRule.Id}\",\n });\n\n var wait120sForResourceIngestion = new Time.Index.Sleep(\"wait_120s_for_resource_ingestion\", new()\n {\n CreateDuration = \"120s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n forwardingRule,\n },\n });\n\n var example = new Gcp.Apphub.Service(\"example\", new()\n {\n Location = \"us-central1\",\n ApplicationId = application.ApplicationId,\n ServiceId = forwardingRule.Name,\n DiscoveredService = catalog_service.Apply(catalog_service =\u003e catalog_service.Apply(getDiscoveredServiceResult =\u003e getDiscoveredServiceResult.Name)),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apphub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tapplication, err := apphub.NewApplication(ctx, \"application\", \u0026apphub.ApplicationArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tApplicationId: pulumi.String(\"example-application-1\"),\n\t\t\tScope: \u0026apphub.ApplicationScopeArgs{\n\t\t\t\tType: pulumi.String(\"REGIONAL\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tserviceProject, err := organizations.NewProject(ctx, \"service_project\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"project-1\"),\n\t\t\tName: pulumi.String(\"Service Project\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tBillingAccount: pulumi.String(\"000000-0000000-0000000-000000\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Enable Compute API\n\t\tcomputeServiceProject, err := projects.NewService(ctx, \"compute_service_project\", \u0026projects.ServiceArgs{\n\t\t\tProject: serviceProject.ProjectId,\n\t\t\tService: pulumi.String(\"compute.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twait120s, err := time.NewSleep(ctx, \"wait_120s\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"120s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcomputeServiceProject,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apphub.NewServiceProjectAttachment(ctx, \"service_project_attachment\", \u0026apphub.ServiceProjectAttachmentArgs{\n\t\t\tServiceProjectAttachmentId: serviceProject.ProjectId,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait120s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// VPC network\n\t\tilbNetwork, err := compute.NewNetwork(ctx, \"ilb_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"l7-ilb-network\"),\n\t\t\tProject: serviceProject.ProjectId,\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait120s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// backend subnet\n\t\tilbSubnet, err := compute.NewSubnetwork(ctx, \"ilb_subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"l7-ilb-subnet\"),\n\t\t\tProject: serviceProject.ProjectId,\n\t\t\tIpCidrRange: pulumi.String(\"10.0.1.0/24\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: ilbNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// health check\n\t\t_, err = compute.NewHealthCheck(ctx, \"default\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"l7-ilb-hc\"),\n\t\t\tProject: serviceProject.ProjectId,\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait120s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// backend service\n\t\tbackend, err := compute.NewRegionBackendService(ctx, \"backend\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"l7-ilb-backend-subnet\"),\n\t\t\tProject: serviceProject.ProjectId,\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHealthChecks: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// forwarding rule\n\t\tforwardingRule, err := compute.NewForwardingRule(ctx, \"forwarding_rule\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"l7-ilb-forwarding-rule\"),\n\t\t\tProject: serviceProject.ProjectId,\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tIpVersion: pulumi.String(\"IPV4\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL\"),\n\t\t\tAllPorts: pulumi.Bool(true),\n\t\t\tBackendService: backend.ID(),\n\t\t\tNetwork: ilbNetwork.ID(),\n\t\t\tSubnetwork: ilbSubnet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// discovered service block\n\t\tcatalog_service := apphub.GetDiscoveredServiceOutput(ctx, apphub.GetDiscoveredServiceOutputArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tServiceUri: forwardingRule.ID().ApplyT(func(id string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"//compute.googleapis.com/%v\", id), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t}, nil)\n\t\t_, err = time.NewSleep(ctx, \"wait_120s_for_resource_ingestion\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"120s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tforwardingRule,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apphub.NewService(ctx, \"example\", \u0026apphub.ServiceArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tApplicationId: application.ApplicationId,\n\t\t\tServiceId: forwardingRule.Name,\n\t\t\tDiscoveredService: pulumi.String(catalog_service.ApplyT(func(catalog_service apphub.GetDiscoveredServiceResult) (*string, error) {\n\t\t\t\treturn \u0026catalog_service.Name, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apphub.Application;\nimport com.pulumi.gcp.apphub.ApplicationArgs;\nimport com.pulumi.gcp.apphub.inputs.ApplicationScopeArgs;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.apphub.ServiceProjectAttachment;\nimport com.pulumi.gcp.apphub.ServiceProjectAttachmentArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.apphub.ApphubFunctions;\nimport com.pulumi.gcp.apphub.inputs.GetDiscoveredServiceArgs;\nimport com.pulumi.gcp.apphub.Service;\nimport com.pulumi.gcp.apphub.ServiceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var application = new Application(\"application\", ApplicationArgs.builder()\n .location(\"us-central1\")\n .applicationId(\"example-application-1\")\n .scope(ApplicationScopeArgs.builder()\n .type(\"REGIONAL\")\n .build())\n .build());\n\n var serviceProject = new Project(\"serviceProject\", ProjectArgs.builder()\n .projectId(\"project-1\")\n .name(\"Service Project\")\n .orgId(\"123456789\")\n .billingAccount(\"000000-0000000-0000000-000000\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n // Enable Compute API\n var computeServiceProject = new Service(\"computeServiceProject\", ServiceArgs.builder()\n .project(serviceProject.projectId())\n .service(\"compute.googleapis.com\")\n .build());\n\n var wait120s = new Sleep(\"wait120s\", SleepArgs.builder()\n .createDuration(\"120s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(computeServiceProject)\n .build());\n\n var serviceProjectAttachment = new ServiceProjectAttachment(\"serviceProjectAttachment\", ServiceProjectAttachmentArgs.builder()\n .serviceProjectAttachmentId(serviceProject.projectId())\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait120s)\n .build());\n\n // VPC network\n var ilbNetwork = new Network(\"ilbNetwork\", NetworkArgs.builder()\n .name(\"l7-ilb-network\")\n .project(serviceProject.projectId())\n .autoCreateSubnetworks(false)\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait120s)\n .build());\n\n // backend subnet\n var ilbSubnet = new Subnetwork(\"ilbSubnet\", SubnetworkArgs.builder()\n .name(\"l7-ilb-subnet\")\n .project(serviceProject.projectId())\n .ipCidrRange(\"10.0.1.0/24\")\n .region(\"us-central1\")\n .network(ilbNetwork.id())\n .build());\n\n // health check\n var default_ = new HealthCheck(\"default\", HealthCheckArgs.builder()\n .name(\"l7-ilb-hc\")\n .project(serviceProject.projectId())\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait120s)\n .build());\n\n // backend service\n var backend = new RegionBackendService(\"backend\", RegionBackendServiceArgs.builder()\n .name(\"l7-ilb-backend-subnet\")\n .project(serviceProject.projectId())\n .region(\"us-central1\")\n .healthChecks(default_.id())\n .build());\n\n // forwarding rule\n var forwardingRule = new ForwardingRule(\"forwardingRule\", ForwardingRuleArgs.builder()\n .name(\"l7-ilb-forwarding-rule\")\n .project(serviceProject.projectId())\n .region(\"us-central1\")\n .ipVersion(\"IPV4\")\n .loadBalancingScheme(\"INTERNAL\")\n .allPorts(true)\n .backendService(backend.id())\n .network(ilbNetwork.id())\n .subnetwork(ilbSubnet.id())\n .build());\n\n // discovered service block\n final var catalog-service = ApphubFunctions.getDiscoveredService(GetDiscoveredServiceArgs.builder()\n .location(\"us-central1\")\n .serviceUri(forwardingRule.id().applyValue(id -\u003e String.format(\"//compute.googleapis.com/%s\", id)))\n .build());\n\n var wait120sForResourceIngestion = new Sleep(\"wait120sForResourceIngestion\", SleepArgs.builder()\n .createDuration(\"120s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(forwardingRule)\n .build());\n\n var example = new Service(\"example\", ServiceArgs.builder()\n .location(\"us-central1\")\n .applicationId(application.applicationId())\n .serviceId(forwardingRule.name())\n .discoveredService(catalog_service.applyValue(catalog_service -\u003e catalog_service.name()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n application:\n type: gcp:apphub:Application\n properties:\n location: us-central1\n applicationId: example-application-1\n scope:\n type: REGIONAL\n serviceProject:\n type: gcp:organizations:Project\n name: service_project\n properties:\n projectId: project-1\n name: Service Project\n orgId: '123456789'\n billingAccount: 000000-0000000-0000000-000000\n deletionPolicy: DELETE\n # Enable Compute API\n computeServiceProject:\n type: gcp:projects:Service\n name: compute_service_project\n properties:\n project: ${serviceProject.projectId}\n service: compute.googleapis.com\n wait120s:\n type: time:sleep\n name: wait_120s\n properties:\n createDuration: 120s\n options:\n dependsOn:\n - ${computeServiceProject}\n serviceProjectAttachment:\n type: gcp:apphub:ServiceProjectAttachment\n name: service_project_attachment\n properties:\n serviceProjectAttachmentId: ${serviceProject.projectId}\n options:\n dependsOn:\n - ${wait120s}\n wait120sForResourceIngestion:\n type: time:sleep\n name: wait_120s_for_resource_ingestion\n properties:\n createDuration: 120s\n options:\n dependsOn:\n - ${forwardingRule}\n example:\n type: gcp:apphub:Service\n properties:\n location: us-central1\n applicationId: ${application.applicationId}\n serviceId: ${forwardingRule.name}\n discoveredService: ${[\"catalog-service\"].name}\n # VPC network\n ilbNetwork:\n type: gcp:compute:Network\n name: ilb_network\n properties:\n name: l7-ilb-network\n project: ${serviceProject.projectId}\n autoCreateSubnetworks: false\n options:\n dependsOn:\n - ${wait120s}\n # backend subnet\n ilbSubnet:\n type: gcp:compute:Subnetwork\n name: ilb_subnet\n properties:\n name: l7-ilb-subnet\n project: ${serviceProject.projectId}\n ipCidrRange: 10.0.1.0/24\n region: us-central1\n network: ${ilbNetwork.id}\n # forwarding rule\n forwardingRule:\n type: gcp:compute:ForwardingRule\n name: forwarding_rule\n properties:\n name: l7-ilb-forwarding-rule\n project: ${serviceProject.projectId}\n region: us-central1\n ipVersion: IPV4\n loadBalancingScheme: INTERNAL\n allPorts: true\n backendService: ${backend.id}\n network: ${ilbNetwork.id}\n subnetwork: ${ilbSubnet.id}\n # backend service\n backend:\n type: gcp:compute:RegionBackendService\n properties:\n name: l7-ilb-backend-subnet\n project: ${serviceProject.projectId}\n region: us-central1\n healthChecks: ${default.id}\n # health check\n default:\n type: gcp:compute:HealthCheck\n properties:\n name: l7-ilb-hc\n project: ${serviceProject.projectId}\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\n options:\n dependsOn:\n - ${wait120s}\nvariables:\n # discovered service block\n catalog-service:\n fn::invoke:\n function: gcp:apphub:getDiscoveredService\n arguments:\n location: us-central1\n serviceUri: //compute.googleapis.com/${forwardingRule.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Apphub Service Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst application = new gcp.apphub.Application(\"application\", {\n location: \"us-central1\",\n applicationId: \"example-application-1\",\n scope: {\n type: \"REGIONAL\",\n },\n});\nconst serviceProject = new gcp.organizations.Project(\"service_project\", {\n projectId: \"project-1\",\n name: \"Service Project\",\n orgId: \"123456789\",\n billingAccount: \"000000-0000000-0000000-000000\",\n deletionPolicy: \"DELETE\",\n});\n// Enable Compute API\nconst computeServiceProject = new gcp.projects.Service(\"compute_service_project\", {\n project: serviceProject.projectId,\n service: \"compute.googleapis.com\",\n});\nconst wait120s = new time.index.Sleep(\"wait_120s\", {createDuration: \"120s\"}, {\n dependsOn: [computeServiceProject],\n});\nconst serviceProjectAttachment = new gcp.apphub.ServiceProjectAttachment(\"service_project_attachment\", {serviceProjectAttachmentId: serviceProject.projectId}, {\n dependsOn: [wait120s],\n});\n// VPC network\nconst ilbNetwork = new gcp.compute.Network(\"ilb_network\", {\n name: \"l7-ilb-network\",\n project: serviceProject.projectId,\n autoCreateSubnetworks: false,\n}, {\n dependsOn: [wait120s],\n});\n// backend subnet\nconst ilbSubnet = new gcp.compute.Subnetwork(\"ilb_subnet\", {\n name: \"l7-ilb-subnet\",\n project: serviceProject.projectId,\n ipCidrRange: \"10.0.1.0/24\",\n region: \"us-central1\",\n network: ilbNetwork.id,\n});\n// health check\nconst _default = new gcp.compute.HealthCheck(\"default\", {\n name: \"l7-ilb-hc\",\n project: serviceProject.projectId,\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n}, {\n dependsOn: [wait120s],\n});\n// backend service\nconst backend = new gcp.compute.RegionBackendService(\"backend\", {\n name: \"l7-ilb-backend-subnet\",\n project: serviceProject.projectId,\n region: \"us-central1\",\n healthChecks: _default.id,\n});\n// forwarding rule\nconst forwardingRule = new gcp.compute.ForwardingRule(\"forwarding_rule\", {\n name: \"l7-ilb-forwarding-rule\",\n project: serviceProject.projectId,\n region: \"us-central1\",\n ipVersion: \"IPV4\",\n loadBalancingScheme: \"INTERNAL\",\n allPorts: true,\n backendService: backend.id,\n network: ilbNetwork.id,\n subnetwork: ilbSubnet.id,\n});\n// discovered service block\nconst catalog-service = gcp.apphub.getDiscoveredServiceOutput({\n location: \"us-central1\",\n serviceUri: pulumi.interpolate`//compute.googleapis.com/${forwardingRule.id}`,\n});\nconst wait120sForResourceIngestion = new time.index.Sleep(\"wait_120s_for_resource_ingestion\", {createDuration: \"120s\"}, {\n dependsOn: [forwardingRule],\n});\nconst example = new gcp.apphub.Service(\"example\", {\n location: \"us-central1\",\n applicationId: application.applicationId,\n serviceId: forwardingRule.name,\n discoveredService: catalog_service.apply(catalog_service =\u003e catalog_service.name),\n displayName: \"Example Service Full\",\n description: \"Register service for testing\",\n attributes: {\n environment: {\n type: \"STAGING\",\n },\n criticality: {\n type: \"MISSION_CRITICAL\",\n },\n businessOwners: [{\n displayName: \"Alice\",\n email: \"alice@google.com\",\n }],\n developerOwners: [{\n displayName: \"Bob\",\n email: \"bob@google.com\",\n }],\n operatorOwners: [{\n displayName: \"Charlie\",\n email: \"charlie@google.com\",\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\napplication = gcp.apphub.Application(\"application\",\n location=\"us-central1\",\n application_id=\"example-application-1\",\n scope={\n \"type\": \"REGIONAL\",\n })\nservice_project = gcp.organizations.Project(\"service_project\",\n project_id=\"project-1\",\n name=\"Service Project\",\n org_id=\"123456789\",\n billing_account=\"000000-0000000-0000000-000000\",\n deletion_policy=\"DELETE\")\n# Enable Compute API\ncompute_service_project = gcp.projects.Service(\"compute_service_project\",\n project=service_project.project_id,\n service=\"compute.googleapis.com\")\nwait120s = time.index.Sleep(\"wait_120s\", create_duration=120s,\nopts = pulumi.ResourceOptions(depends_on=[compute_service_project]))\nservice_project_attachment = gcp.apphub.ServiceProjectAttachment(\"service_project_attachment\", service_project_attachment_id=service_project.project_id,\nopts = pulumi.ResourceOptions(depends_on=[wait120s]))\n# VPC network\nilb_network = gcp.compute.Network(\"ilb_network\",\n name=\"l7-ilb-network\",\n project=service_project.project_id,\n auto_create_subnetworks=False,\n opts = pulumi.ResourceOptions(depends_on=[wait120s]))\n# backend subnet\nilb_subnet = gcp.compute.Subnetwork(\"ilb_subnet\",\n name=\"l7-ilb-subnet\",\n project=service_project.project_id,\n ip_cidr_range=\"10.0.1.0/24\",\n region=\"us-central1\",\n network=ilb_network.id)\n# health check\ndefault = gcp.compute.HealthCheck(\"default\",\n name=\"l7-ilb-hc\",\n project=service_project.project_id,\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n },\n opts = pulumi.ResourceOptions(depends_on=[wait120s]))\n# backend service\nbackend = gcp.compute.RegionBackendService(\"backend\",\n name=\"l7-ilb-backend-subnet\",\n project=service_project.project_id,\n region=\"us-central1\",\n health_checks=default.id)\n# forwarding rule\nforwarding_rule = gcp.compute.ForwardingRule(\"forwarding_rule\",\n name=\"l7-ilb-forwarding-rule\",\n project=service_project.project_id,\n region=\"us-central1\",\n ip_version=\"IPV4\",\n load_balancing_scheme=\"INTERNAL\",\n all_ports=True,\n backend_service=backend.id,\n network=ilb_network.id,\n subnetwork=ilb_subnet.id)\n# discovered service block\ncatalog_service = gcp.apphub.get_discovered_service_output(location=\"us-central1\",\n service_uri=forwarding_rule.id.apply(lambda id: f\"//compute.googleapis.com/{id}\"))\nwait120s_for_resource_ingestion = time.index.Sleep(\"wait_120s_for_resource_ingestion\", create_duration=120s,\nopts = pulumi.ResourceOptions(depends_on=[forwarding_rule]))\nexample = gcp.apphub.Service(\"example\",\n location=\"us-central1\",\n application_id=application.application_id,\n service_id=forwarding_rule.name,\n discovered_service=catalog_service.name,\n display_name=\"Example Service Full\",\n description=\"Register service for testing\",\n attributes={\n \"environment\": {\n \"type\": \"STAGING\",\n },\n \"criticality\": {\n \"type\": \"MISSION_CRITICAL\",\n },\n \"business_owners\": [{\n \"display_name\": \"Alice\",\n \"email\": \"alice@google.com\",\n }],\n \"developer_owners\": [{\n \"display_name\": \"Bob\",\n \"email\": \"bob@google.com\",\n }],\n \"operator_owners\": [{\n \"display_name\": \"Charlie\",\n \"email\": \"charlie@google.com\",\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var application = new Gcp.Apphub.Application(\"application\", new()\n {\n Location = \"us-central1\",\n ApplicationId = \"example-application-1\",\n Scope = new Gcp.Apphub.Inputs.ApplicationScopeArgs\n {\n Type = \"REGIONAL\",\n },\n });\n\n var serviceProject = new Gcp.Organizations.Project(\"service_project\", new()\n {\n ProjectId = \"project-1\",\n Name = \"Service Project\",\n OrgId = \"123456789\",\n BillingAccount = \"000000-0000000-0000000-000000\",\n DeletionPolicy = \"DELETE\",\n });\n\n // Enable Compute API\n var computeServiceProject = new Gcp.Projects.Service(\"compute_service_project\", new()\n {\n Project = serviceProject.ProjectId,\n ServiceName = \"compute.googleapis.com\",\n });\n\n var wait120s = new Time.Index.Sleep(\"wait_120s\", new()\n {\n CreateDuration = \"120s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n computeServiceProject,\n },\n });\n\n var serviceProjectAttachment = new Gcp.Apphub.ServiceProjectAttachment(\"service_project_attachment\", new()\n {\n ServiceProjectAttachmentId = serviceProject.ProjectId,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait120s,\n },\n });\n\n // VPC network\n var ilbNetwork = new Gcp.Compute.Network(\"ilb_network\", new()\n {\n Name = \"l7-ilb-network\",\n Project = serviceProject.ProjectId,\n AutoCreateSubnetworks = false,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait120s,\n },\n });\n\n // backend subnet\n var ilbSubnet = new Gcp.Compute.Subnetwork(\"ilb_subnet\", new()\n {\n Name = \"l7-ilb-subnet\",\n Project = serviceProject.ProjectId,\n IpCidrRange = \"10.0.1.0/24\",\n Region = \"us-central1\",\n Network = ilbNetwork.Id,\n });\n\n // health check\n var @default = new Gcp.Compute.HealthCheck(\"default\", new()\n {\n Name = \"l7-ilb-hc\",\n Project = serviceProject.ProjectId,\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait120s,\n },\n });\n\n // backend service\n var backend = new Gcp.Compute.RegionBackendService(\"backend\", new()\n {\n Name = \"l7-ilb-backend-subnet\",\n Project = serviceProject.ProjectId,\n Region = \"us-central1\",\n HealthChecks = @default.Id,\n });\n\n // forwarding rule\n var forwardingRule = new Gcp.Compute.ForwardingRule(\"forwarding_rule\", new()\n {\n Name = \"l7-ilb-forwarding-rule\",\n Project = serviceProject.ProjectId,\n Region = \"us-central1\",\n IpVersion = \"IPV4\",\n LoadBalancingScheme = \"INTERNAL\",\n AllPorts = true,\n BackendService = backend.Id,\n Network = ilbNetwork.Id,\n Subnetwork = ilbSubnet.Id,\n });\n\n // discovered service block\n var catalog_service = Gcp.Apphub.GetDiscoveredService.Invoke(new()\n {\n Location = \"us-central1\",\n ServiceUri = $\"//compute.googleapis.com/{forwardingRule.Id}\",\n });\n\n var wait120sForResourceIngestion = new Time.Index.Sleep(\"wait_120s_for_resource_ingestion\", new()\n {\n CreateDuration = \"120s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n forwardingRule,\n },\n });\n\n var example = new Gcp.Apphub.Service(\"example\", new()\n {\n Location = \"us-central1\",\n ApplicationId = application.ApplicationId,\n ServiceId = forwardingRule.Name,\n DiscoveredService = catalog_service.Apply(catalog_service =\u003e catalog_service.Apply(getDiscoveredServiceResult =\u003e getDiscoveredServiceResult.Name)),\n DisplayName = \"Example Service Full\",\n Description = \"Register service for testing\",\n Attributes = new Gcp.Apphub.Inputs.ServiceAttributesArgs\n {\n Environment = new Gcp.Apphub.Inputs.ServiceAttributesEnvironmentArgs\n {\n Type = \"STAGING\",\n },\n Criticality = new Gcp.Apphub.Inputs.ServiceAttributesCriticalityArgs\n {\n Type = \"MISSION_CRITICAL\",\n },\n BusinessOwners = new[]\n {\n new Gcp.Apphub.Inputs.ServiceAttributesBusinessOwnerArgs\n {\n DisplayName = \"Alice\",\n Email = \"alice@google.com\",\n },\n },\n DeveloperOwners = new[]\n {\n new Gcp.Apphub.Inputs.ServiceAttributesDeveloperOwnerArgs\n {\n DisplayName = \"Bob\",\n Email = \"bob@google.com\",\n },\n },\n OperatorOwners = new[]\n {\n new Gcp.Apphub.Inputs.ServiceAttributesOperatorOwnerArgs\n {\n DisplayName = \"Charlie\",\n Email = \"charlie@google.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apphub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tapplication, err := apphub.NewApplication(ctx, \"application\", \u0026apphub.ApplicationArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tApplicationId: pulumi.String(\"example-application-1\"),\n\t\t\tScope: \u0026apphub.ApplicationScopeArgs{\n\t\t\t\tType: pulumi.String(\"REGIONAL\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tserviceProject, err := organizations.NewProject(ctx, \"service_project\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"project-1\"),\n\t\t\tName: pulumi.String(\"Service Project\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tBillingAccount: pulumi.String(\"000000-0000000-0000000-000000\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Enable Compute API\n\t\tcomputeServiceProject, err := projects.NewService(ctx, \"compute_service_project\", \u0026projects.ServiceArgs{\n\t\t\tProject: serviceProject.ProjectId,\n\t\t\tService: pulumi.String(\"compute.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twait120s, err := time.NewSleep(ctx, \"wait_120s\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"120s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcomputeServiceProject,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apphub.NewServiceProjectAttachment(ctx, \"service_project_attachment\", \u0026apphub.ServiceProjectAttachmentArgs{\n\t\t\tServiceProjectAttachmentId: serviceProject.ProjectId,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait120s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// VPC network\n\t\tilbNetwork, err := compute.NewNetwork(ctx, \"ilb_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"l7-ilb-network\"),\n\t\t\tProject: serviceProject.ProjectId,\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait120s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// backend subnet\n\t\tilbSubnet, err := compute.NewSubnetwork(ctx, \"ilb_subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"l7-ilb-subnet\"),\n\t\t\tProject: serviceProject.ProjectId,\n\t\t\tIpCidrRange: pulumi.String(\"10.0.1.0/24\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: ilbNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// health check\n\t\t_, err = compute.NewHealthCheck(ctx, \"default\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"l7-ilb-hc\"),\n\t\t\tProject: serviceProject.ProjectId,\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait120s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// backend service\n\t\tbackend, err := compute.NewRegionBackendService(ctx, \"backend\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"l7-ilb-backend-subnet\"),\n\t\t\tProject: serviceProject.ProjectId,\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHealthChecks: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// forwarding rule\n\t\tforwardingRule, err := compute.NewForwardingRule(ctx, \"forwarding_rule\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"l7-ilb-forwarding-rule\"),\n\t\t\tProject: serviceProject.ProjectId,\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tIpVersion: pulumi.String(\"IPV4\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL\"),\n\t\t\tAllPorts: pulumi.Bool(true),\n\t\t\tBackendService: backend.ID(),\n\t\t\tNetwork: ilbNetwork.ID(),\n\t\t\tSubnetwork: ilbSubnet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// discovered service block\n\t\tcatalog_service := apphub.GetDiscoveredServiceOutput(ctx, apphub.GetDiscoveredServiceOutputArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tServiceUri: forwardingRule.ID().ApplyT(func(id string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"//compute.googleapis.com/%v\", id), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t}, nil)\n\t\t_, err = time.NewSleep(ctx, \"wait_120s_for_resource_ingestion\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"120s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tforwardingRule,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apphub.NewService(ctx, \"example\", \u0026apphub.ServiceArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tApplicationId: application.ApplicationId,\n\t\t\tServiceId: forwardingRule.Name,\n\t\t\tDiscoveredService: pulumi.String(catalog_service.ApplyT(func(catalog_service apphub.GetDiscoveredServiceResult) (*string, error) {\n\t\t\t\treturn \u0026catalog_service.Name, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\tDisplayName: pulumi.String(\"Example Service Full\"),\n\t\t\tDescription: pulumi.String(\"Register service for testing\"),\n\t\t\tAttributes: \u0026apphub.ServiceAttributesArgs{\n\t\t\t\tEnvironment: \u0026apphub.ServiceAttributesEnvironmentArgs{\n\t\t\t\t\tType: pulumi.String(\"STAGING\"),\n\t\t\t\t},\n\t\t\t\tCriticality: \u0026apphub.ServiceAttributesCriticalityArgs{\n\t\t\t\t\tType: pulumi.String(\"MISSION_CRITICAL\"),\n\t\t\t\t},\n\t\t\t\tBusinessOwners: apphub.ServiceAttributesBusinessOwnerArray{\n\t\t\t\t\t\u0026apphub.ServiceAttributesBusinessOwnerArgs{\n\t\t\t\t\t\tDisplayName: pulumi.String(\"Alice\"),\n\t\t\t\t\t\tEmail: pulumi.String(\"alice@google.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tDeveloperOwners: apphub.ServiceAttributesDeveloperOwnerArray{\n\t\t\t\t\t\u0026apphub.ServiceAttributesDeveloperOwnerArgs{\n\t\t\t\t\t\tDisplayName: pulumi.String(\"Bob\"),\n\t\t\t\t\t\tEmail: pulumi.String(\"bob@google.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tOperatorOwners: apphub.ServiceAttributesOperatorOwnerArray{\n\t\t\t\t\t\u0026apphub.ServiceAttributesOperatorOwnerArgs{\n\t\t\t\t\t\tDisplayName: pulumi.String(\"Charlie\"),\n\t\t\t\t\t\tEmail: pulumi.String(\"charlie@google.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apphub.Application;\nimport com.pulumi.gcp.apphub.ApplicationArgs;\nimport com.pulumi.gcp.apphub.inputs.ApplicationScopeArgs;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.apphub.ServiceProjectAttachment;\nimport com.pulumi.gcp.apphub.ServiceProjectAttachmentArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.apphub.ApphubFunctions;\nimport com.pulumi.gcp.apphub.inputs.GetDiscoveredServiceArgs;\nimport com.pulumi.gcp.apphub.Service;\nimport com.pulumi.gcp.apphub.ServiceArgs;\nimport com.pulumi.gcp.apphub.inputs.ServiceAttributesArgs;\nimport com.pulumi.gcp.apphub.inputs.ServiceAttributesEnvironmentArgs;\nimport com.pulumi.gcp.apphub.inputs.ServiceAttributesCriticalityArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var application = new Application(\"application\", ApplicationArgs.builder()\n .location(\"us-central1\")\n .applicationId(\"example-application-1\")\n .scope(ApplicationScopeArgs.builder()\n .type(\"REGIONAL\")\n .build())\n .build());\n\n var serviceProject = new Project(\"serviceProject\", ProjectArgs.builder()\n .projectId(\"project-1\")\n .name(\"Service Project\")\n .orgId(\"123456789\")\n .billingAccount(\"000000-0000000-0000000-000000\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n // Enable Compute API\n var computeServiceProject = new Service(\"computeServiceProject\", ServiceArgs.builder()\n .project(serviceProject.projectId())\n .service(\"compute.googleapis.com\")\n .build());\n\n var wait120s = new Sleep(\"wait120s\", SleepArgs.builder()\n .createDuration(\"120s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(computeServiceProject)\n .build());\n\n var serviceProjectAttachment = new ServiceProjectAttachment(\"serviceProjectAttachment\", ServiceProjectAttachmentArgs.builder()\n .serviceProjectAttachmentId(serviceProject.projectId())\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait120s)\n .build());\n\n // VPC network\n var ilbNetwork = new Network(\"ilbNetwork\", NetworkArgs.builder()\n .name(\"l7-ilb-network\")\n .project(serviceProject.projectId())\n .autoCreateSubnetworks(false)\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait120s)\n .build());\n\n // backend subnet\n var ilbSubnet = new Subnetwork(\"ilbSubnet\", SubnetworkArgs.builder()\n .name(\"l7-ilb-subnet\")\n .project(serviceProject.projectId())\n .ipCidrRange(\"10.0.1.0/24\")\n .region(\"us-central1\")\n .network(ilbNetwork.id())\n .build());\n\n // health check\n var default_ = new HealthCheck(\"default\", HealthCheckArgs.builder()\n .name(\"l7-ilb-hc\")\n .project(serviceProject.projectId())\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait120s)\n .build());\n\n // backend service\n var backend = new RegionBackendService(\"backend\", RegionBackendServiceArgs.builder()\n .name(\"l7-ilb-backend-subnet\")\n .project(serviceProject.projectId())\n .region(\"us-central1\")\n .healthChecks(default_.id())\n .build());\n\n // forwarding rule\n var forwardingRule = new ForwardingRule(\"forwardingRule\", ForwardingRuleArgs.builder()\n .name(\"l7-ilb-forwarding-rule\")\n .project(serviceProject.projectId())\n .region(\"us-central1\")\n .ipVersion(\"IPV4\")\n .loadBalancingScheme(\"INTERNAL\")\n .allPorts(true)\n .backendService(backend.id())\n .network(ilbNetwork.id())\n .subnetwork(ilbSubnet.id())\n .build());\n\n // discovered service block\n final var catalog-service = ApphubFunctions.getDiscoveredService(GetDiscoveredServiceArgs.builder()\n .location(\"us-central1\")\n .serviceUri(forwardingRule.id().applyValue(id -\u003e String.format(\"//compute.googleapis.com/%s\", id)))\n .build());\n\n var wait120sForResourceIngestion = new Sleep(\"wait120sForResourceIngestion\", SleepArgs.builder()\n .createDuration(\"120s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(forwardingRule)\n .build());\n\n var example = new Service(\"example\", ServiceArgs.builder()\n .location(\"us-central1\")\n .applicationId(application.applicationId())\n .serviceId(forwardingRule.name())\n .discoveredService(catalog_service.applyValue(catalog_service -\u003e catalog_service.name()))\n .displayName(\"Example Service Full\")\n .description(\"Register service for testing\")\n .attributes(ServiceAttributesArgs.builder()\n .environment(ServiceAttributesEnvironmentArgs.builder()\n .type(\"STAGING\")\n .build())\n .criticality(ServiceAttributesCriticalityArgs.builder()\n .type(\"MISSION_CRITICAL\")\n .build())\n .businessOwners(ServiceAttributesBusinessOwnerArgs.builder()\n .displayName(\"Alice\")\n .email(\"alice@google.com\")\n .build())\n .developerOwners(ServiceAttributesDeveloperOwnerArgs.builder()\n .displayName(\"Bob\")\n .email(\"bob@google.com\")\n .build())\n .operatorOwners(ServiceAttributesOperatorOwnerArgs.builder()\n .displayName(\"Charlie\")\n .email(\"charlie@google.com\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n application:\n type: gcp:apphub:Application\n properties:\n location: us-central1\n applicationId: example-application-1\n scope:\n type: REGIONAL\n serviceProject:\n type: gcp:organizations:Project\n name: service_project\n properties:\n projectId: project-1\n name: Service Project\n orgId: '123456789'\n billingAccount: 000000-0000000-0000000-000000\n deletionPolicy: DELETE\n # Enable Compute API\n computeServiceProject:\n type: gcp:projects:Service\n name: compute_service_project\n properties:\n project: ${serviceProject.projectId}\n service: compute.googleapis.com\n wait120s:\n type: time:sleep\n name: wait_120s\n properties:\n createDuration: 120s\n options:\n dependsOn:\n - ${computeServiceProject}\n serviceProjectAttachment:\n type: gcp:apphub:ServiceProjectAttachment\n name: service_project_attachment\n properties:\n serviceProjectAttachmentId: ${serviceProject.projectId}\n options:\n dependsOn:\n - ${wait120s}\n wait120sForResourceIngestion:\n type: time:sleep\n name: wait_120s_for_resource_ingestion\n properties:\n createDuration: 120s\n options:\n dependsOn:\n - ${forwardingRule}\n example:\n type: gcp:apphub:Service\n properties:\n location: us-central1\n applicationId: ${application.applicationId}\n serviceId: ${forwardingRule.name}\n discoveredService: ${[\"catalog-service\"].name}\n displayName: Example Service Full\n description: Register service for testing\n attributes:\n environment:\n type: STAGING\n criticality:\n type: MISSION_CRITICAL\n businessOwners:\n - displayName: Alice\n email: alice@google.com\n developerOwners:\n - displayName: Bob\n email: bob@google.com\n operatorOwners:\n - displayName: Charlie\n email: charlie@google.com\n # VPC network\n ilbNetwork:\n type: gcp:compute:Network\n name: ilb_network\n properties:\n name: l7-ilb-network\n project: ${serviceProject.projectId}\n autoCreateSubnetworks: false\n options:\n dependsOn:\n - ${wait120s}\n # backend subnet\n ilbSubnet:\n type: gcp:compute:Subnetwork\n name: ilb_subnet\n properties:\n name: l7-ilb-subnet\n project: ${serviceProject.projectId}\n ipCidrRange: 10.0.1.0/24\n region: us-central1\n network: ${ilbNetwork.id}\n # forwarding rule\n forwardingRule:\n type: gcp:compute:ForwardingRule\n name: forwarding_rule\n properties:\n name: l7-ilb-forwarding-rule\n project: ${serviceProject.projectId}\n region: us-central1\n ipVersion: IPV4\n loadBalancingScheme: INTERNAL\n allPorts: true\n backendService: ${backend.id}\n network: ${ilbNetwork.id}\n subnetwork: ${ilbSubnet.id}\n # backend service\n backend:\n type: gcp:compute:RegionBackendService\n properties:\n name: l7-ilb-backend-subnet\n project: ${serviceProject.projectId}\n region: us-central1\n healthChecks: ${default.id}\n # health check\n default:\n type: gcp:compute:HealthCheck\n properties:\n name: l7-ilb-hc\n project: ${serviceProject.projectId}\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\n options:\n dependsOn:\n - ${wait120s}\nvariables:\n # discovered service block\n catalog-service:\n fn::invoke:\n function: gcp:apphub:getDiscoveredService\n arguments:\n location: us-central1\n serviceUri: //compute.googleapis.com/${forwardingRule.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nService can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/applications/{{application_id}}/services/{{service_id}}`\n\n* `{{project}}/{{location}}/{{application_id}}/{{service_id}}`\n\n* `{{location}}/{{application_id}}/{{service_id}}`\n\nWhen using the `pulumi import` command, Service can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:apphub/service:Service default projects/{{project}}/locations/{{location}}/applications/{{application_id}}/services/{{service_id}}\n```\n\n```sh\n$ pulumi import gcp:apphub/service:Service default {{project}}/{{location}}/{{application_id}}/{{service_id}}\n```\n\n```sh\n$ pulumi import gcp:apphub/service:Service default {{location}}/{{application_id}}/{{service_id}}\n```\n\n", "properties": { "applicationId": { "type": "string", @@ -136024,7 +136024,7 @@ } }, "gcp:apphub/serviceProjectAttachment:ServiceProjectAttachment": { - "description": "Represents a Service project attachment to the Host Project.\n\n\n\n## Example Usage\n\n### Service Project Attachment Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst serviceProject = new gcp.organizations.Project(\"service_project\", {\n projectId: \"project-1\",\n name: \"Service Project\",\n orgId: \"123456789\",\n deletionPolicy: \"DELETE\",\n});\nconst wait120s = new time.index.Sleep(\"wait_120s\", {createDuration: \"120s\"}, {\n dependsOn: [serviceProject],\n});\nconst example = new gcp.apphub.ServiceProjectAttachment(\"example\", {serviceProjectAttachmentId: serviceProject.projectId}, {\n dependsOn: [wait120s],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\nservice_project = gcp.organizations.Project(\"service_project\",\n project_id=\"project-1\",\n name=\"Service Project\",\n org_id=\"123456789\",\n deletion_policy=\"DELETE\")\nwait120s = time.index.Sleep(\"wait_120s\", create_duration=120s,\nopts = pulumi.ResourceOptions(depends_on=[service_project]))\nexample = gcp.apphub.ServiceProjectAttachment(\"example\", service_project_attachment_id=service_project.project_id,\nopts = pulumi.ResourceOptions(depends_on=[wait120s]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var serviceProject = new Gcp.Organizations.Project(\"service_project\", new()\n {\n ProjectId = \"project-1\",\n Name = \"Service Project\",\n OrgId = \"123456789\",\n DeletionPolicy = \"DELETE\",\n });\n\n var wait120s = new Time.Index.Sleep(\"wait_120s\", new()\n {\n CreateDuration = \"120s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n serviceProject,\n },\n });\n\n var example = new Gcp.Apphub.ServiceProjectAttachment(\"example\", new()\n {\n ServiceProjectAttachmentId = serviceProject.ProjectId,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait120s,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apphub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tserviceProject, err := organizations.NewProject(ctx, \"service_project\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"project-1\"),\n\t\t\tName: pulumi.String(\"Service Project\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twait120s, err := time.NewSleep(ctx, \"wait_120s\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"120s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tserviceProject,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apphub.NewServiceProjectAttachment(ctx, \"example\", \u0026apphub.ServiceProjectAttachmentArgs{\n\t\t\tServiceProjectAttachmentId: serviceProject.ProjectId,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait120s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.apphub.ServiceProjectAttachment;\nimport com.pulumi.gcp.apphub.ServiceProjectAttachmentArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var serviceProject = new Project(\"serviceProject\", ProjectArgs.builder()\n .projectId(\"project-1\")\n .name(\"Service Project\")\n .orgId(\"123456789\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var wait120s = new Sleep(\"wait120s\", SleepArgs.builder()\n .createDuration(\"120s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(serviceProject)\n .build());\n\n var example = new ServiceProjectAttachment(\"example\", ServiceProjectAttachmentArgs.builder()\n .serviceProjectAttachmentId(serviceProject.projectId())\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait120s)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:apphub:ServiceProjectAttachment\n properties:\n serviceProjectAttachmentId: ${serviceProject.projectId}\n options:\n dependson:\n - ${wait120s}\n serviceProject:\n type: gcp:organizations:Project\n name: service_project\n properties:\n projectId: project-1\n name: Service Project\n orgId: '123456789'\n deletionPolicy: DELETE\n wait120s:\n type: time:sleep\n name: wait_120s\n properties:\n createDuration: 120s\n options:\n dependson:\n - ${serviceProject}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Service Project Attachment Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst serviceProjectFull = new gcp.organizations.Project(\"service_project_full\", {\n projectId: \"project-1\",\n name: \"Service Project Full\",\n orgId: \"123456789\",\n deletionPolicy: \"DELETE\",\n});\nconst wait120s = new time.index.Sleep(\"wait_120s\", {createDuration: \"120s\"}, {\n dependsOn: [serviceProjectFull],\n});\nconst example2 = new gcp.apphub.ServiceProjectAttachment(\"example2\", {\n serviceProjectAttachmentId: serviceProjectFull.projectId,\n serviceProject: serviceProjectFull.projectId,\n}, {\n dependsOn: [wait120s],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\nservice_project_full = gcp.organizations.Project(\"service_project_full\",\n project_id=\"project-1\",\n name=\"Service Project Full\",\n org_id=\"123456789\",\n deletion_policy=\"DELETE\")\nwait120s = time.index.Sleep(\"wait_120s\", create_duration=120s,\nopts = pulumi.ResourceOptions(depends_on=[service_project_full]))\nexample2 = gcp.apphub.ServiceProjectAttachment(\"example2\",\n service_project_attachment_id=service_project_full.project_id,\n service_project=service_project_full.project_id,\n opts = pulumi.ResourceOptions(depends_on=[wait120s]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var serviceProjectFull = new Gcp.Organizations.Project(\"service_project_full\", new()\n {\n ProjectId = \"project-1\",\n Name = \"Service Project Full\",\n OrgId = \"123456789\",\n DeletionPolicy = \"DELETE\",\n });\n\n var wait120s = new Time.Index.Sleep(\"wait_120s\", new()\n {\n CreateDuration = \"120s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n serviceProjectFull,\n },\n });\n\n var example2 = new Gcp.Apphub.ServiceProjectAttachment(\"example2\", new()\n {\n ServiceProjectAttachmentId = serviceProjectFull.ProjectId,\n ServiceProject = serviceProjectFull.ProjectId,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait120s,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apphub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tserviceProjectFull, err := organizations.NewProject(ctx, \"service_project_full\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"project-1\"),\n\t\t\tName: pulumi.String(\"Service Project Full\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twait120s, err := time.NewSleep(ctx, \"wait_120s\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"120s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tserviceProjectFull,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apphub.NewServiceProjectAttachment(ctx, \"example2\", \u0026apphub.ServiceProjectAttachmentArgs{\n\t\t\tServiceProjectAttachmentId: serviceProjectFull.ProjectId,\n\t\t\tServiceProject: serviceProjectFull.ProjectId,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait120s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.apphub.ServiceProjectAttachment;\nimport com.pulumi.gcp.apphub.ServiceProjectAttachmentArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var serviceProjectFull = new Project(\"serviceProjectFull\", ProjectArgs.builder()\n .projectId(\"project-1\")\n .name(\"Service Project Full\")\n .orgId(\"123456789\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var wait120s = new Sleep(\"wait120s\", SleepArgs.builder()\n .createDuration(\"120s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(serviceProjectFull)\n .build());\n\n var example2 = new ServiceProjectAttachment(\"example2\", ServiceProjectAttachmentArgs.builder()\n .serviceProjectAttachmentId(serviceProjectFull.projectId())\n .serviceProject(serviceProjectFull.projectId())\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait120s)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example2:\n type: gcp:apphub:ServiceProjectAttachment\n properties:\n serviceProjectAttachmentId: ${serviceProjectFull.projectId}\n serviceProject: ${serviceProjectFull.projectId}\n options:\n dependson:\n - ${wait120s}\n serviceProjectFull:\n type: gcp:organizations:Project\n name: service_project_full\n properties:\n projectId: project-1\n name: Service Project Full\n orgId: '123456789'\n deletionPolicy: DELETE\n wait120s:\n type: time:sleep\n name: wait_120s\n properties:\n createDuration: 120s\n options:\n dependson:\n - ${serviceProjectFull}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nServiceProjectAttachment can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/global/serviceProjectAttachments/{{service_project_attachment_id}}`\n\n* `{{project}}/{{service_project_attachment_id}}`\n\n* `{{service_project_attachment_id}}`\n\nWhen using the `pulumi import` command, ServiceProjectAttachment can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:apphub/serviceProjectAttachment:ServiceProjectAttachment default projects/{{project}}/locations/global/serviceProjectAttachments/{{service_project_attachment_id}}\n```\n\n```sh\n$ pulumi import gcp:apphub/serviceProjectAttachment:ServiceProjectAttachment default {{project}}/{{service_project_attachment_id}}\n```\n\n```sh\n$ pulumi import gcp:apphub/serviceProjectAttachment:ServiceProjectAttachment default {{service_project_attachment_id}}\n```\n\n", + "description": "Represents a Service project attachment to the Host Project.\n\n\n\n## Example Usage\n\n### Service Project Attachment Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst serviceProject = new gcp.organizations.Project(\"service_project\", {\n projectId: \"project-1\",\n name: \"Service Project\",\n orgId: \"123456789\",\n deletionPolicy: \"DELETE\",\n});\nconst wait120s = new time.index.Sleep(\"wait_120s\", {createDuration: \"120s\"}, {\n dependsOn: [serviceProject],\n});\nconst example = new gcp.apphub.ServiceProjectAttachment(\"example\", {serviceProjectAttachmentId: serviceProject.projectId}, {\n dependsOn: [wait120s],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\nservice_project = gcp.organizations.Project(\"service_project\",\n project_id=\"project-1\",\n name=\"Service Project\",\n org_id=\"123456789\",\n deletion_policy=\"DELETE\")\nwait120s = time.index.Sleep(\"wait_120s\", create_duration=120s,\nopts = pulumi.ResourceOptions(depends_on=[service_project]))\nexample = gcp.apphub.ServiceProjectAttachment(\"example\", service_project_attachment_id=service_project.project_id,\nopts = pulumi.ResourceOptions(depends_on=[wait120s]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var serviceProject = new Gcp.Organizations.Project(\"service_project\", new()\n {\n ProjectId = \"project-1\",\n Name = \"Service Project\",\n OrgId = \"123456789\",\n DeletionPolicy = \"DELETE\",\n });\n\n var wait120s = new Time.Index.Sleep(\"wait_120s\", new()\n {\n CreateDuration = \"120s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n serviceProject,\n },\n });\n\n var example = new Gcp.Apphub.ServiceProjectAttachment(\"example\", new()\n {\n ServiceProjectAttachmentId = serviceProject.ProjectId,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait120s,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apphub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tserviceProject, err := organizations.NewProject(ctx, \"service_project\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"project-1\"),\n\t\t\tName: pulumi.String(\"Service Project\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twait120s, err := time.NewSleep(ctx, \"wait_120s\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"120s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tserviceProject,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apphub.NewServiceProjectAttachment(ctx, \"example\", \u0026apphub.ServiceProjectAttachmentArgs{\n\t\t\tServiceProjectAttachmentId: serviceProject.ProjectId,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait120s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.apphub.ServiceProjectAttachment;\nimport com.pulumi.gcp.apphub.ServiceProjectAttachmentArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var serviceProject = new Project(\"serviceProject\", ProjectArgs.builder()\n .projectId(\"project-1\")\n .name(\"Service Project\")\n .orgId(\"123456789\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var wait120s = new Sleep(\"wait120s\", SleepArgs.builder()\n .createDuration(\"120s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(serviceProject)\n .build());\n\n var example = new ServiceProjectAttachment(\"example\", ServiceProjectAttachmentArgs.builder()\n .serviceProjectAttachmentId(serviceProject.projectId())\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait120s)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:apphub:ServiceProjectAttachment\n properties:\n serviceProjectAttachmentId: ${serviceProject.projectId}\n options:\n dependsOn:\n - ${wait120s}\n serviceProject:\n type: gcp:organizations:Project\n name: service_project\n properties:\n projectId: project-1\n name: Service Project\n orgId: '123456789'\n deletionPolicy: DELETE\n wait120s:\n type: time:sleep\n name: wait_120s\n properties:\n createDuration: 120s\n options:\n dependsOn:\n - ${serviceProject}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Service Project Attachment Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst serviceProjectFull = new gcp.organizations.Project(\"service_project_full\", {\n projectId: \"project-1\",\n name: \"Service Project Full\",\n orgId: \"123456789\",\n deletionPolicy: \"DELETE\",\n});\nconst wait120s = new time.index.Sleep(\"wait_120s\", {createDuration: \"120s\"}, {\n dependsOn: [serviceProjectFull],\n});\nconst example2 = new gcp.apphub.ServiceProjectAttachment(\"example2\", {\n serviceProjectAttachmentId: serviceProjectFull.projectId,\n serviceProject: serviceProjectFull.projectId,\n}, {\n dependsOn: [wait120s],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\nservice_project_full = gcp.organizations.Project(\"service_project_full\",\n project_id=\"project-1\",\n name=\"Service Project Full\",\n org_id=\"123456789\",\n deletion_policy=\"DELETE\")\nwait120s = time.index.Sleep(\"wait_120s\", create_duration=120s,\nopts = pulumi.ResourceOptions(depends_on=[service_project_full]))\nexample2 = gcp.apphub.ServiceProjectAttachment(\"example2\",\n service_project_attachment_id=service_project_full.project_id,\n service_project=service_project_full.project_id,\n opts = pulumi.ResourceOptions(depends_on=[wait120s]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var serviceProjectFull = new Gcp.Organizations.Project(\"service_project_full\", new()\n {\n ProjectId = \"project-1\",\n Name = \"Service Project Full\",\n OrgId = \"123456789\",\n DeletionPolicy = \"DELETE\",\n });\n\n var wait120s = new Time.Index.Sleep(\"wait_120s\", new()\n {\n CreateDuration = \"120s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n serviceProjectFull,\n },\n });\n\n var example2 = new Gcp.Apphub.ServiceProjectAttachment(\"example2\", new()\n {\n ServiceProjectAttachmentId = serviceProjectFull.ProjectId,\n ServiceProject = serviceProjectFull.ProjectId,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait120s,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apphub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tserviceProjectFull, err := organizations.NewProject(ctx, \"service_project_full\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"project-1\"),\n\t\t\tName: pulumi.String(\"Service Project Full\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twait120s, err := time.NewSleep(ctx, \"wait_120s\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"120s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tserviceProjectFull,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apphub.NewServiceProjectAttachment(ctx, \"example2\", \u0026apphub.ServiceProjectAttachmentArgs{\n\t\t\tServiceProjectAttachmentId: serviceProjectFull.ProjectId,\n\t\t\tServiceProject: serviceProjectFull.ProjectId,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait120s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.apphub.ServiceProjectAttachment;\nimport com.pulumi.gcp.apphub.ServiceProjectAttachmentArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var serviceProjectFull = new Project(\"serviceProjectFull\", ProjectArgs.builder()\n .projectId(\"project-1\")\n .name(\"Service Project Full\")\n .orgId(\"123456789\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var wait120s = new Sleep(\"wait120s\", SleepArgs.builder()\n .createDuration(\"120s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(serviceProjectFull)\n .build());\n\n var example2 = new ServiceProjectAttachment(\"example2\", ServiceProjectAttachmentArgs.builder()\n .serviceProjectAttachmentId(serviceProjectFull.projectId())\n .serviceProject(serviceProjectFull.projectId())\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait120s)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example2:\n type: gcp:apphub:ServiceProjectAttachment\n properties:\n serviceProjectAttachmentId: ${serviceProjectFull.projectId}\n serviceProject: ${serviceProjectFull.projectId}\n options:\n dependsOn:\n - ${wait120s}\n serviceProjectFull:\n type: gcp:organizations:Project\n name: service_project_full\n properties:\n projectId: project-1\n name: Service Project Full\n orgId: '123456789'\n deletionPolicy: DELETE\n wait120s:\n type: time:sleep\n name: wait_120s\n properties:\n createDuration: 120s\n options:\n dependsOn:\n - ${serviceProjectFull}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nServiceProjectAttachment can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/global/serviceProjectAttachments/{{service_project_attachment_id}}`\n\n* `{{project}}/{{service_project_attachment_id}}`\n\n* `{{service_project_attachment_id}}`\n\nWhen using the `pulumi import` command, ServiceProjectAttachment can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:apphub/serviceProjectAttachment:ServiceProjectAttachment default projects/{{project}}/locations/global/serviceProjectAttachments/{{service_project_attachment_id}}\n```\n\n```sh\n$ pulumi import gcp:apphub/serviceProjectAttachment:ServiceProjectAttachment default {{project}}/{{service_project_attachment_id}}\n```\n\n```sh\n$ pulumi import gcp:apphub/serviceProjectAttachment:ServiceProjectAttachment default {{service_project_attachment_id}}\n```\n\n", "properties": { "createTime": { "type": "string", @@ -136329,7 +136329,7 @@ } }, "gcp:applicationintegration/authConfig:AuthConfig": { - "description": "The AuthConfig resource use to hold channels and connection config data.\n\n\nTo get more information about AuthConfig, see:\n\n* [API documentation](https://cloud.google.com/application-integration/docs/reference/rest/v1/projects.locations.authConfigs)\n* How-to Guides\n * [Manage authentication profiles](https://cloud.google.com/application-integration/docs/configure-authentication-profiles)\n * [Official Documentation](https://cloud.google.com/application-integration/docs/overview)\n\n## Example Usage\n\n### Integrations Auth Config Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst client = new gcp.applicationintegration.Client(\"client\", {location: \"us-west1\"});\nconst basicExample = new gcp.applicationintegration.AuthConfig(\"basic_example\", {\n location: \"us-west1\",\n displayName: \"test-authconfig\",\n description: \"Test auth config created via terraform\",\n decryptedCredential: {\n credentialType: \"USERNAME_AND_PASSWORD\",\n usernameAndPassword: {\n username: \"test-username\",\n password: \"test-password\",\n },\n },\n}, {\n dependsOn: [client],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nclient = gcp.applicationintegration.Client(\"client\", location=\"us-west1\")\nbasic_example = gcp.applicationintegration.AuthConfig(\"basic_example\",\n location=\"us-west1\",\n display_name=\"test-authconfig\",\n description=\"Test auth config created via terraform\",\n decrypted_credential={\n \"credential_type\": \"USERNAME_AND_PASSWORD\",\n \"username_and_password\": {\n \"username\": \"test-username\",\n \"password\": \"test-password\",\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[client]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var client = new Gcp.ApplicationIntegration.Client(\"client\", new()\n {\n Location = \"us-west1\",\n });\n\n var basicExample = new Gcp.ApplicationIntegration.AuthConfig(\"basic_example\", new()\n {\n Location = \"us-west1\",\n DisplayName = \"test-authconfig\",\n Description = \"Test auth config created via terraform\",\n DecryptedCredential = new Gcp.ApplicationIntegration.Inputs.AuthConfigDecryptedCredentialArgs\n {\n CredentialType = \"USERNAME_AND_PASSWORD\",\n UsernameAndPassword = new Gcp.ApplicationIntegration.Inputs.AuthConfigDecryptedCredentialUsernameAndPasswordArgs\n {\n Username = \"test-username\",\n Password = \"test-password\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n client,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/applicationintegration\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tclient, err := applicationintegration.NewClient(ctx, \"client\", \u0026applicationintegration.ClientArgs{\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = applicationintegration.NewAuthConfig(ctx, \"basic_example\", \u0026applicationintegration.AuthConfigArgs{\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tDisplayName: pulumi.String(\"test-authconfig\"),\n\t\t\tDescription: pulumi.String(\"Test auth config created via terraform\"),\n\t\t\tDecryptedCredential: \u0026applicationintegration.AuthConfigDecryptedCredentialArgs{\n\t\t\t\tCredentialType: pulumi.String(\"USERNAME_AND_PASSWORD\"),\n\t\t\t\tUsernameAndPassword: \u0026applicationintegration.AuthConfigDecryptedCredentialUsernameAndPasswordArgs{\n\t\t\t\t\tUsername: pulumi.String(\"test-username\"),\n\t\t\t\t\tPassword: pulumi.String(\"test-password\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tclient,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.applicationintegration.Client;\nimport com.pulumi.gcp.applicationintegration.ClientArgs;\nimport com.pulumi.gcp.applicationintegration.AuthConfig;\nimport com.pulumi.gcp.applicationintegration.AuthConfigArgs;\nimport com.pulumi.gcp.applicationintegration.inputs.AuthConfigDecryptedCredentialArgs;\nimport com.pulumi.gcp.applicationintegration.inputs.AuthConfigDecryptedCredentialUsernameAndPasswordArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var client = new Client(\"client\", ClientArgs.builder()\n .location(\"us-west1\")\n .build());\n\n var basicExample = new AuthConfig(\"basicExample\", AuthConfigArgs.builder()\n .location(\"us-west1\")\n .displayName(\"test-authconfig\")\n .description(\"Test auth config created via terraform\")\n .decryptedCredential(AuthConfigDecryptedCredentialArgs.builder()\n .credentialType(\"USERNAME_AND_PASSWORD\")\n .usernameAndPassword(AuthConfigDecryptedCredentialUsernameAndPasswordArgs.builder()\n .username(\"test-username\")\n .password(\"test-password\")\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(client)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n client:\n type: gcp:applicationintegration:Client\n properties:\n location: us-west1\n basicExample:\n type: gcp:applicationintegration:AuthConfig\n name: basic_example\n properties:\n location: us-west1\n displayName: test-authconfig\n description: Test auth config created via terraform\n decryptedCredential:\n credentialType: USERNAME_AND_PASSWORD\n usernameAndPassword:\n username: test-username\n password: test-password\n options:\n dependson:\n - ${client}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAuthConfig can be imported using any of these accepted formats:\n\n* `{{project}}/{{name}}`\n\n* `{{project}} {{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, AuthConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:applicationintegration/authConfig:AuthConfig default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:applicationintegration/authConfig:AuthConfig default \"{{project}} {{name}}\"\n```\n\n```sh\n$ pulumi import gcp:applicationintegration/authConfig:AuthConfig default {{name}}\n```\n\n", + "description": "The AuthConfig resource use to hold channels and connection config data.\n\n\nTo get more information about AuthConfig, see:\n\n* [API documentation](https://cloud.google.com/application-integration/docs/reference/rest/v1/projects.locations.authConfigs)\n* How-to Guides\n * [Manage authentication profiles](https://cloud.google.com/application-integration/docs/configure-authentication-profiles)\n * [Official Documentation](https://cloud.google.com/application-integration/docs/overview)\n\n## Example Usage\n\n### Integrations Auth Config Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst client = new gcp.applicationintegration.Client(\"client\", {location: \"us-west1\"});\nconst basicExample = new gcp.applicationintegration.AuthConfig(\"basic_example\", {\n location: \"us-west1\",\n displayName: \"test-authconfig\",\n description: \"Test auth config created via terraform\",\n decryptedCredential: {\n credentialType: \"USERNAME_AND_PASSWORD\",\n usernameAndPassword: {\n username: \"test-username\",\n password: \"test-password\",\n },\n },\n}, {\n dependsOn: [client],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nclient = gcp.applicationintegration.Client(\"client\", location=\"us-west1\")\nbasic_example = gcp.applicationintegration.AuthConfig(\"basic_example\",\n location=\"us-west1\",\n display_name=\"test-authconfig\",\n description=\"Test auth config created via terraform\",\n decrypted_credential={\n \"credential_type\": \"USERNAME_AND_PASSWORD\",\n \"username_and_password\": {\n \"username\": \"test-username\",\n \"password\": \"test-password\",\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[client]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var client = new Gcp.ApplicationIntegration.Client(\"client\", new()\n {\n Location = \"us-west1\",\n });\n\n var basicExample = new Gcp.ApplicationIntegration.AuthConfig(\"basic_example\", new()\n {\n Location = \"us-west1\",\n DisplayName = \"test-authconfig\",\n Description = \"Test auth config created via terraform\",\n DecryptedCredential = new Gcp.ApplicationIntegration.Inputs.AuthConfigDecryptedCredentialArgs\n {\n CredentialType = \"USERNAME_AND_PASSWORD\",\n UsernameAndPassword = new Gcp.ApplicationIntegration.Inputs.AuthConfigDecryptedCredentialUsernameAndPasswordArgs\n {\n Username = \"test-username\",\n Password = \"test-password\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n client,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/applicationintegration\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tclient, err := applicationintegration.NewClient(ctx, \"client\", \u0026applicationintegration.ClientArgs{\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = applicationintegration.NewAuthConfig(ctx, \"basic_example\", \u0026applicationintegration.AuthConfigArgs{\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tDisplayName: pulumi.String(\"test-authconfig\"),\n\t\t\tDescription: pulumi.String(\"Test auth config created via terraform\"),\n\t\t\tDecryptedCredential: \u0026applicationintegration.AuthConfigDecryptedCredentialArgs{\n\t\t\t\tCredentialType: pulumi.String(\"USERNAME_AND_PASSWORD\"),\n\t\t\t\tUsernameAndPassword: \u0026applicationintegration.AuthConfigDecryptedCredentialUsernameAndPasswordArgs{\n\t\t\t\t\tUsername: pulumi.String(\"test-username\"),\n\t\t\t\t\tPassword: pulumi.String(\"test-password\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tclient,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.applicationintegration.Client;\nimport com.pulumi.gcp.applicationintegration.ClientArgs;\nimport com.pulumi.gcp.applicationintegration.AuthConfig;\nimport com.pulumi.gcp.applicationintegration.AuthConfigArgs;\nimport com.pulumi.gcp.applicationintegration.inputs.AuthConfigDecryptedCredentialArgs;\nimport com.pulumi.gcp.applicationintegration.inputs.AuthConfigDecryptedCredentialUsernameAndPasswordArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var client = new Client(\"client\", ClientArgs.builder()\n .location(\"us-west1\")\n .build());\n\n var basicExample = new AuthConfig(\"basicExample\", AuthConfigArgs.builder()\n .location(\"us-west1\")\n .displayName(\"test-authconfig\")\n .description(\"Test auth config created via terraform\")\n .decryptedCredential(AuthConfigDecryptedCredentialArgs.builder()\n .credentialType(\"USERNAME_AND_PASSWORD\")\n .usernameAndPassword(AuthConfigDecryptedCredentialUsernameAndPasswordArgs.builder()\n .username(\"test-username\")\n .password(\"test-password\")\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(client)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n client:\n type: gcp:applicationintegration:Client\n properties:\n location: us-west1\n basicExample:\n type: gcp:applicationintegration:AuthConfig\n name: basic_example\n properties:\n location: us-west1\n displayName: test-authconfig\n description: Test auth config created via terraform\n decryptedCredential:\n credentialType: USERNAME_AND_PASSWORD\n usernameAndPassword:\n username: test-username\n password: test-password\n options:\n dependsOn:\n - ${client}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAuthConfig can be imported using any of these accepted formats:\n\n* `{{project}}/{{name}}`\n\n* `{{project}} {{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, AuthConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:applicationintegration/authConfig:AuthConfig default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:applicationintegration/authConfig:AuthConfig default \"{{project}} {{name}}\"\n```\n\n```sh\n$ pulumi import gcp:applicationintegration/authConfig:AuthConfig default {{name}}\n```\n\n", "properties": { "certificateId": { "type": "string", @@ -136571,7 +136571,7 @@ } }, "gcp:applicationintegration/client:Client": { - "description": "Application Integration Client.\n\n\nTo get more information about Client, see:\n\n* [API documentation](https://cloud.google.com/application-integration/docs/reference/rest/v1/projects.locations.clients)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/application-integration/docs/overview)\n * [Set up Application Integration](https://cloud.google.com/application-integration/docs/setup-application-integration)\n\n## Example Usage\n\n### Integrations Client Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.applicationintegration.Client(\"example\", {location: \"us-central1\"});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.applicationintegration.Client(\"example\", location=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.ApplicationIntegration.Client(\"example\", new()\n {\n Location = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/applicationintegration\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := applicationintegration.NewClient(ctx, \"example\", \u0026applicationintegration.ClientArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.applicationintegration.Client;\nimport com.pulumi.gcp.applicationintegration.ClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Client(\"example\", ClientArgs.builder()\n .location(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:applicationintegration:Client\n properties:\n location: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Integrations Client Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst testProject = gcp.organizations.getProject({});\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"my-keyring\",\n location: \"us-east1\",\n});\nconst cryptokey = new gcp.kms.CryptoKey(\"cryptokey\", {\n name: \"crypto-key-example\",\n keyRing: keyring.id,\n rotationPeriod: \"7776000s\",\n});\nconst testKey = new gcp.kms.CryptoKeyVersion(\"test_key\", {cryptoKey: cryptokey.id});\nconst serviceAccount = new gcp.serviceaccount.Account(\"service_account\", {\n accountId: \"service-acc\",\n displayName: \"Service Account\",\n});\nconst example = new gcp.applicationintegration.Client(\"example\", {\n location: \"us-east1\",\n createSampleIntegrations: true,\n runAsServiceAccount: serviceAccount.email,\n cloudKmsConfig: {\n kmsLocation: \"us-east1\",\n kmsRing: keyring.id,\n key: cryptokey.id,\n keyVersion: testKey.id,\n kmsProjectId: testProject.then(testProject =\u003e testProject.projectId),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest_project = gcp.organizations.get_project()\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"my-keyring\",\n location=\"us-east1\")\ncryptokey = gcp.kms.CryptoKey(\"cryptokey\",\n name=\"crypto-key-example\",\n key_ring=keyring.id,\n rotation_period=\"7776000s\")\ntest_key = gcp.kms.CryptoKeyVersion(\"test_key\", crypto_key=cryptokey.id)\nservice_account = gcp.serviceaccount.Account(\"service_account\",\n account_id=\"service-acc\",\n display_name=\"Service Account\")\nexample = gcp.applicationintegration.Client(\"example\",\n location=\"us-east1\",\n create_sample_integrations=True,\n run_as_service_account=service_account.email,\n cloud_kms_config={\n \"kms_location\": \"us-east1\",\n \"kms_ring\": keyring.id,\n \"key\": cryptokey.id,\n \"key_version\": test_key.id,\n \"kms_project_id\": test_project.project_id,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testProject = Gcp.Organizations.GetProject.Invoke();\n\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"my-keyring\",\n Location = \"us-east1\",\n });\n\n var cryptokey = new Gcp.Kms.CryptoKey(\"cryptokey\", new()\n {\n Name = \"crypto-key-example\",\n KeyRing = keyring.Id,\n RotationPeriod = \"7776000s\",\n });\n\n var testKey = new Gcp.Kms.CryptoKeyVersion(\"test_key\", new()\n {\n CryptoKey = cryptokey.Id,\n });\n\n var serviceAccount = new Gcp.ServiceAccount.Account(\"service_account\", new()\n {\n AccountId = \"service-acc\",\n DisplayName = \"Service Account\",\n });\n\n var example = new Gcp.ApplicationIntegration.Client(\"example\", new()\n {\n Location = \"us-east1\",\n CreateSampleIntegrations = true,\n RunAsServiceAccount = serviceAccount.Email,\n CloudKmsConfig = new Gcp.ApplicationIntegration.Inputs.ClientCloudKmsConfigArgs\n {\n KmsLocation = \"us-east1\",\n KmsRing = keyring.Id,\n Key = cryptokey.Id,\n KeyVersion = testKey.Id,\n KmsProjectId = testProject.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/applicationintegration\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestProject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"my-keyring\"),\n\t\t\tLocation: pulumi.String(\"us-east1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptokey, err := kms.NewCryptoKey(ctx, \"cryptokey\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"crypto-key-example\"),\n\t\t\tKeyRing: keyring.ID(),\n\t\t\tRotationPeriod: pulumi.String(\"7776000s\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestKey, err := kms.NewCryptoKeyVersion(ctx, \"test_key\", \u0026kms.CryptoKeyVersionArgs{\n\t\t\tCryptoKey: cryptokey.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tserviceAccount, err := serviceaccount.NewAccount(ctx, \"service_account\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"service-acc\"),\n\t\t\tDisplayName: pulumi.String(\"Service Account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = applicationintegration.NewClient(ctx, \"example\", \u0026applicationintegration.ClientArgs{\n\t\t\tLocation: pulumi.String(\"us-east1\"),\n\t\t\tCreateSampleIntegrations: pulumi.Bool(true),\n\t\t\tRunAsServiceAccount: serviceAccount.Email,\n\t\t\tCloudKmsConfig: \u0026applicationintegration.ClientCloudKmsConfigArgs{\n\t\t\t\tKmsLocation: pulumi.String(\"us-east1\"),\n\t\t\t\tKmsRing: keyring.ID(),\n\t\t\t\tKey: cryptokey.ID(),\n\t\t\t\tKeyVersion: testKey.ID(),\n\t\t\t\tKmsProjectId: pulumi.String(testProject.ProjectId),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.kms.CryptoKeyVersion;\nimport com.pulumi.gcp.kms.CryptoKeyVersionArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.applicationintegration.Client;\nimport com.pulumi.gcp.applicationintegration.ClientArgs;\nimport com.pulumi.gcp.applicationintegration.inputs.ClientCloudKmsConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var testProject = OrganizationsFunctions.getProject();\n\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder()\n .name(\"my-keyring\")\n .location(\"us-east1\")\n .build());\n\n var cryptokey = new CryptoKey(\"cryptokey\", CryptoKeyArgs.builder()\n .name(\"crypto-key-example\")\n .keyRing(keyring.id())\n .rotationPeriod(\"7776000s\")\n .build());\n\n var testKey = new CryptoKeyVersion(\"testKey\", CryptoKeyVersionArgs.builder()\n .cryptoKey(cryptokey.id())\n .build());\n\n var serviceAccount = new Account(\"serviceAccount\", AccountArgs.builder()\n .accountId(\"service-acc\")\n .displayName(\"Service Account\")\n .build());\n\n var example = new Client(\"example\", ClientArgs.builder()\n .location(\"us-east1\")\n .createSampleIntegrations(true)\n .runAsServiceAccount(serviceAccount.email())\n .cloudKmsConfig(ClientCloudKmsConfigArgs.builder()\n .kmsLocation(\"us-east1\")\n .kmsRing(keyring.id())\n .key(cryptokey.id())\n .keyVersion(testKey.id())\n .kmsProjectId(testProject.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: my-keyring\n location: us-east1\n cryptokey:\n type: gcp:kms:CryptoKey\n properties:\n name: crypto-key-example\n keyRing: ${keyring.id}\n rotationPeriod: 7776000s\n testKey:\n type: gcp:kms:CryptoKeyVersion\n name: test_key\n properties:\n cryptoKey: ${cryptokey.id}\n serviceAccount:\n type: gcp:serviceaccount:Account\n name: service_account\n properties:\n accountId: service-acc\n displayName: Service Account\n example:\n type: gcp:applicationintegration:Client\n properties:\n location: us-east1\n createSampleIntegrations: true\n runAsServiceAccount: ${serviceAccount.email}\n cloudKmsConfig:\n kmsLocation: us-east1\n kmsRing: ${keyring.id}\n key: ${cryptokey.id}\n keyVersion: ${testKey.id}\n kmsProjectId: ${testProject.projectId}\nvariables:\n testProject:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nClient can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/clients`\n\n* `{{project}}/{{location}}`\n\n* `{{location}}`\n\nWhen using the `pulumi import` command, Client can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:applicationintegration/client:Client default projects/{{project}}/locations/{{location}}/clients\n```\n\n```sh\n$ pulumi import gcp:applicationintegration/client:Client default {{project}}/{{location}}\n```\n\n```sh\n$ pulumi import gcp:applicationintegration/client:Client default {{location}}\n```\n\n", + "description": "Application Integration Client.\n\n\nTo get more information about Client, see:\n\n* [API documentation](https://cloud.google.com/application-integration/docs/reference/rest/v1/projects.locations.clients)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/application-integration/docs/overview)\n * [Set up Application Integration](https://cloud.google.com/application-integration/docs/setup-application-integration)\n\n## Example Usage\n\n### Integrations Client Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.applicationintegration.Client(\"example\", {location: \"us-central1\"});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.applicationintegration.Client(\"example\", location=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.ApplicationIntegration.Client(\"example\", new()\n {\n Location = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/applicationintegration\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := applicationintegration.NewClient(ctx, \"example\", \u0026applicationintegration.ClientArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.applicationintegration.Client;\nimport com.pulumi.gcp.applicationintegration.ClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Client(\"example\", ClientArgs.builder()\n .location(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:applicationintegration:Client\n properties:\n location: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Integrations Client Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst testProject = gcp.organizations.getProject({});\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"my-keyring\",\n location: \"us-east1\",\n});\nconst cryptokey = new gcp.kms.CryptoKey(\"cryptokey\", {\n name: \"crypto-key-example\",\n keyRing: keyring.id,\n rotationPeriod: \"7776000s\",\n});\nconst testKey = new gcp.kms.CryptoKeyVersion(\"test_key\", {cryptoKey: cryptokey.id});\nconst serviceAccount = new gcp.serviceaccount.Account(\"service_account\", {\n accountId: \"service-acc\",\n displayName: \"Service Account\",\n});\nconst example = new gcp.applicationintegration.Client(\"example\", {\n location: \"us-east1\",\n createSampleIntegrations: true,\n runAsServiceAccount: serviceAccount.email,\n cloudKmsConfig: {\n kmsLocation: \"us-east1\",\n kmsRing: keyring.id,\n key: cryptokey.id,\n keyVersion: testKey.id,\n kmsProjectId: testProject.then(testProject =\u003e testProject.projectId),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest_project = gcp.organizations.get_project()\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"my-keyring\",\n location=\"us-east1\")\ncryptokey = gcp.kms.CryptoKey(\"cryptokey\",\n name=\"crypto-key-example\",\n key_ring=keyring.id,\n rotation_period=\"7776000s\")\ntest_key = gcp.kms.CryptoKeyVersion(\"test_key\", crypto_key=cryptokey.id)\nservice_account = gcp.serviceaccount.Account(\"service_account\",\n account_id=\"service-acc\",\n display_name=\"Service Account\")\nexample = gcp.applicationintegration.Client(\"example\",\n location=\"us-east1\",\n create_sample_integrations=True,\n run_as_service_account=service_account.email,\n cloud_kms_config={\n \"kms_location\": \"us-east1\",\n \"kms_ring\": keyring.id,\n \"key\": cryptokey.id,\n \"key_version\": test_key.id,\n \"kms_project_id\": test_project.project_id,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testProject = Gcp.Organizations.GetProject.Invoke();\n\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"my-keyring\",\n Location = \"us-east1\",\n });\n\n var cryptokey = new Gcp.Kms.CryptoKey(\"cryptokey\", new()\n {\n Name = \"crypto-key-example\",\n KeyRing = keyring.Id,\n RotationPeriod = \"7776000s\",\n });\n\n var testKey = new Gcp.Kms.CryptoKeyVersion(\"test_key\", new()\n {\n CryptoKey = cryptokey.Id,\n });\n\n var serviceAccount = new Gcp.ServiceAccount.Account(\"service_account\", new()\n {\n AccountId = \"service-acc\",\n DisplayName = \"Service Account\",\n });\n\n var example = new Gcp.ApplicationIntegration.Client(\"example\", new()\n {\n Location = \"us-east1\",\n CreateSampleIntegrations = true,\n RunAsServiceAccount = serviceAccount.Email,\n CloudKmsConfig = new Gcp.ApplicationIntegration.Inputs.ClientCloudKmsConfigArgs\n {\n KmsLocation = \"us-east1\",\n KmsRing = keyring.Id,\n Key = cryptokey.Id,\n KeyVersion = testKey.Id,\n KmsProjectId = testProject.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/applicationintegration\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestProject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"my-keyring\"),\n\t\t\tLocation: pulumi.String(\"us-east1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptokey, err := kms.NewCryptoKey(ctx, \"cryptokey\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"crypto-key-example\"),\n\t\t\tKeyRing: keyring.ID(),\n\t\t\tRotationPeriod: pulumi.String(\"7776000s\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestKey, err := kms.NewCryptoKeyVersion(ctx, \"test_key\", \u0026kms.CryptoKeyVersionArgs{\n\t\t\tCryptoKey: cryptokey.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tserviceAccount, err := serviceaccount.NewAccount(ctx, \"service_account\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"service-acc\"),\n\t\t\tDisplayName: pulumi.String(\"Service Account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = applicationintegration.NewClient(ctx, \"example\", \u0026applicationintegration.ClientArgs{\n\t\t\tLocation: pulumi.String(\"us-east1\"),\n\t\t\tCreateSampleIntegrations: pulumi.Bool(true),\n\t\t\tRunAsServiceAccount: serviceAccount.Email,\n\t\t\tCloudKmsConfig: \u0026applicationintegration.ClientCloudKmsConfigArgs{\n\t\t\t\tKmsLocation: pulumi.String(\"us-east1\"),\n\t\t\t\tKmsRing: keyring.ID(),\n\t\t\t\tKey: cryptokey.ID(),\n\t\t\t\tKeyVersion: testKey.ID(),\n\t\t\t\tKmsProjectId: pulumi.String(testProject.ProjectId),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.kms.CryptoKeyVersion;\nimport com.pulumi.gcp.kms.CryptoKeyVersionArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.applicationintegration.Client;\nimport com.pulumi.gcp.applicationintegration.ClientArgs;\nimport com.pulumi.gcp.applicationintegration.inputs.ClientCloudKmsConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var testProject = OrganizationsFunctions.getProject();\n\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder()\n .name(\"my-keyring\")\n .location(\"us-east1\")\n .build());\n\n var cryptokey = new CryptoKey(\"cryptokey\", CryptoKeyArgs.builder()\n .name(\"crypto-key-example\")\n .keyRing(keyring.id())\n .rotationPeriod(\"7776000s\")\n .build());\n\n var testKey = new CryptoKeyVersion(\"testKey\", CryptoKeyVersionArgs.builder()\n .cryptoKey(cryptokey.id())\n .build());\n\n var serviceAccount = new Account(\"serviceAccount\", AccountArgs.builder()\n .accountId(\"service-acc\")\n .displayName(\"Service Account\")\n .build());\n\n var example = new Client(\"example\", ClientArgs.builder()\n .location(\"us-east1\")\n .createSampleIntegrations(true)\n .runAsServiceAccount(serviceAccount.email())\n .cloudKmsConfig(ClientCloudKmsConfigArgs.builder()\n .kmsLocation(\"us-east1\")\n .kmsRing(keyring.id())\n .key(cryptokey.id())\n .keyVersion(testKey.id())\n .kmsProjectId(testProject.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: my-keyring\n location: us-east1\n cryptokey:\n type: gcp:kms:CryptoKey\n properties:\n name: crypto-key-example\n keyRing: ${keyring.id}\n rotationPeriod: 7776000s\n testKey:\n type: gcp:kms:CryptoKeyVersion\n name: test_key\n properties:\n cryptoKey: ${cryptokey.id}\n serviceAccount:\n type: gcp:serviceaccount:Account\n name: service_account\n properties:\n accountId: service-acc\n displayName: Service Account\n example:\n type: gcp:applicationintegration:Client\n properties:\n location: us-east1\n createSampleIntegrations: true\n runAsServiceAccount: ${serviceAccount.email}\n cloudKmsConfig:\n kmsLocation: us-east1\n kmsRing: ${keyring.id}\n key: ${cryptokey.id}\n keyVersion: ${testKey.id}\n kmsProjectId: ${testProject.projectId}\nvariables:\n testProject:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nClient can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/clients`\n\n* `{{project}}/{{location}}`\n\n* `{{location}}`\n\nWhen using the `pulumi import` command, Client can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:applicationintegration/client:Client default projects/{{project}}/locations/{{location}}/clients\n```\n\n```sh\n$ pulumi import gcp:applicationintegration/client:Client default {{project}}/{{location}}\n```\n\n```sh\n$ pulumi import gcp:applicationintegration/client:Client default {{location}}\n```\n\n", "properties": { "cloudKmsConfig": { "$ref": "#/types/gcp:applicationintegration/ClientCloudKmsConfig:ClientCloudKmsConfig", @@ -136661,7 +136661,7 @@ } }, "gcp:artifactregistry/repository:Repository": { - "description": "A repository for storing artifacts\n\n\nTo get more information about Repository, see:\n\n* [API documentation](https://cloud.google.com/artifact-registry/docs/reference/rest/v1/projects.locations.repositories)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/artifact-registry/docs/overview)\n\n## Example Usage\n\n### Artifact Registry Repository Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"my-repository\",\n description: \"example docker repository\",\n format: \"DOCKER\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"my-repository\",\n description=\"example docker repository\",\n format=\"DOCKER\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"my-repository\",\n Description = \"example docker repository\",\n Format = \"DOCKER\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"my-repository\"),\n\t\t\tDescription: pulumi.String(\"example docker repository\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"my-repository\")\n .description(\"example docker repository\")\n .format(\"DOCKER\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: my-repository\n description: example docker repository\n format: DOCKER\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Docker\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"my-repository\",\n description: \"example docker repository\",\n format: \"DOCKER\",\n dockerConfig: {\n immutableTags: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"my-repository\",\n description=\"example docker repository\",\n format=\"DOCKER\",\n docker_config={\n \"immutable_tags\": True,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"my-repository\",\n Description = \"example docker repository\",\n Format = \"DOCKER\",\n DockerConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryDockerConfigArgs\n {\n ImmutableTags = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"my-repository\"),\n\t\t\tDescription: pulumi.String(\"example docker repository\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tDockerConfig: \u0026artifactregistry.RepositoryDockerConfigArgs{\n\t\t\t\tImmutableTags: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryDockerConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"my-repository\")\n .description(\"example docker repository\")\n .format(\"DOCKER\")\n .dockerConfig(RepositoryDockerConfigArgs.builder()\n .immutableTags(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: my-repository\n description: example docker repository\n format: DOCKER\n dockerConfig:\n immutableTags: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Cmek\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst cryptoKey = new gcp.kms.CryptoKeyIAMMember(\"crypto_key\", {\n cryptoKeyId: \"kms-key\",\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com`),\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"my-repository\",\n description: \"example docker repository with cmek\",\n format: \"DOCKER\",\n kmsKeyName: \"kms-key\",\n}, {\n dependsOn: [cryptoKey],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ncrypto_key = gcp.kms.CryptoKeyIAMMember(\"crypto_key\",\n crypto_key_id=\"kms-key\",\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"my-repository\",\n description=\"example docker repository with cmek\",\n format=\"DOCKER\",\n kms_key_name=\"kms-key\",\n opts = pulumi.ResourceOptions(depends_on=[crypto_key]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key\", new()\n {\n CryptoKeyId = \"kms-key\",\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-artifactregistry.iam.gserviceaccount.com\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"my-repository\",\n Description = \"example docker repository with cmek\",\n Format = \"DOCKER\",\n KmsKeyName = \"kms-key\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n cryptoKey,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKeyIAMMember(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.String(\"kms-key\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"my-repository\"),\n\t\t\tDescription: pulumi.String(\"example docker repository with cmek\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tKmsKeyName: pulumi.String(\"kms-key\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcryptoKey,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var cryptoKey = new CryptoKeyIAMMember(\"cryptoKey\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(\"kms-key\")\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"my-repository\")\n .description(\"example docker repository with cmek\")\n .format(\"DOCKER\")\n .kmsKeyName(\"kms-key\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(cryptoKey)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: my-repository\n description: example docker repository with cmek\n format: DOCKER\n kmsKeyName: kms-key\n options:\n dependson:\n - ${cryptoKey}\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key\n properties:\n cryptoKeyId: kms-key\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Virtual\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_repo_upstream_1 = new gcp.artifactregistry.Repository(\"my-repo-upstream-1\", {\n location: \"us-central1\",\n repositoryId: \"my-repository-upstream-1\",\n description: \"example docker repository (upstream source) 1\",\n format: \"DOCKER\",\n});\nconst my_repo_upstream_2 = new gcp.artifactregistry.Repository(\"my-repo-upstream-2\", {\n location: \"us-central1\",\n repositoryId: \"my-repository-upstream-2\",\n description: \"example docker repository (upstream source) 2\",\n format: \"DOCKER\",\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"my-repository\",\n description: \"example virtual docker repository\",\n format: \"DOCKER\",\n mode: \"VIRTUAL_REPOSITORY\",\n virtualRepositoryConfig: {\n upstreamPolicies: [\n {\n id: \"my-repository-upstream-1\",\n repository: my_repo_upstream_1.id,\n priority: 20,\n },\n {\n id: \"my-repository-upstream-2\",\n repository: my_repo_upstream_2.id,\n priority: 10,\n },\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo_upstream_1 = gcp.artifactregistry.Repository(\"my-repo-upstream-1\",\n location=\"us-central1\",\n repository_id=\"my-repository-upstream-1\",\n description=\"example docker repository (upstream source) 1\",\n format=\"DOCKER\")\nmy_repo_upstream_2 = gcp.artifactregistry.Repository(\"my-repo-upstream-2\",\n location=\"us-central1\",\n repository_id=\"my-repository-upstream-2\",\n description=\"example docker repository (upstream source) 2\",\n format=\"DOCKER\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"my-repository\",\n description=\"example virtual docker repository\",\n format=\"DOCKER\",\n mode=\"VIRTUAL_REPOSITORY\",\n virtual_repository_config={\n \"upstream_policies\": [\n {\n \"id\": \"my-repository-upstream-1\",\n \"repository\": my_repo_upstream_1.id,\n \"priority\": 20,\n },\n {\n \"id\": \"my-repository-upstream-2\",\n \"repository\": my_repo_upstream_2.id,\n \"priority\": 10,\n },\n ],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_repo_upstream_1 = new Gcp.ArtifactRegistry.Repository(\"my-repo-upstream-1\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"my-repository-upstream-1\",\n Description = \"example docker repository (upstream source) 1\",\n Format = \"DOCKER\",\n });\n\n var my_repo_upstream_2 = new Gcp.ArtifactRegistry.Repository(\"my-repo-upstream-2\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"my-repository-upstream-2\",\n Description = \"example docker repository (upstream source) 2\",\n Format = \"DOCKER\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"my-repository\",\n Description = \"example virtual docker repository\",\n Format = \"DOCKER\",\n Mode = \"VIRTUAL_REPOSITORY\",\n VirtualRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryVirtualRepositoryConfigArgs\n {\n UpstreamPolicies = new[]\n {\n new Gcp.ArtifactRegistry.Inputs.RepositoryVirtualRepositoryConfigUpstreamPolicyArgs\n {\n Id = \"my-repository-upstream-1\",\n Repository = my_repo_upstream_1.Id,\n Priority = 20,\n },\n new Gcp.ArtifactRegistry.Inputs.RepositoryVirtualRepositoryConfigUpstreamPolicyArgs\n {\n Id = \"my-repository-upstream-2\",\n Repository = my_repo_upstream_2.Id,\n Priority = 10,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepository(ctx, \"my-repo-upstream-1\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"my-repository-upstream-1\"),\n\t\t\tDescription: pulumi.String(\"example docker repository (upstream source) 1\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo-upstream-2\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"my-repository-upstream-2\"),\n\t\t\tDescription: pulumi.String(\"example docker repository (upstream source) 2\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"my-repository\"),\n\t\t\tDescription: pulumi.String(\"example virtual docker repository\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tMode: pulumi.String(\"VIRTUAL_REPOSITORY\"),\n\t\t\tVirtualRepositoryConfig: \u0026artifactregistry.RepositoryVirtualRepositoryConfigArgs{\n\t\t\t\tUpstreamPolicies: artifactregistry.RepositoryVirtualRepositoryConfigUpstreamPolicyArray{\n\t\t\t\t\t\u0026artifactregistry.RepositoryVirtualRepositoryConfigUpstreamPolicyArgs{\n\t\t\t\t\t\tId: pulumi.String(\"my-repository-upstream-1\"),\n\t\t\t\t\t\tRepository: my_repo_upstream_1.ID(),\n\t\t\t\t\t\tPriority: pulumi.Int(20),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026artifactregistry.RepositoryVirtualRepositoryConfigUpstreamPolicyArgs{\n\t\t\t\t\t\tId: pulumi.String(\"my-repository-upstream-2\"),\n\t\t\t\t\t\tRepository: my_repo_upstream_2.ID(),\n\t\t\t\t\t\tPriority: pulumi.Int(10),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryVirtualRepositoryConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_repo_upstream_1 = new Repository(\"my-repo-upstream-1\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"my-repository-upstream-1\")\n .description(\"example docker repository (upstream source) 1\")\n .format(\"DOCKER\")\n .build());\n\n var my_repo_upstream_2 = new Repository(\"my-repo-upstream-2\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"my-repository-upstream-2\")\n .description(\"example docker repository (upstream source) 2\")\n .format(\"DOCKER\")\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"my-repository\")\n .description(\"example virtual docker repository\")\n .format(\"DOCKER\")\n .mode(\"VIRTUAL_REPOSITORY\")\n .virtualRepositoryConfig(RepositoryVirtualRepositoryConfigArgs.builder()\n .upstreamPolicies( \n RepositoryVirtualRepositoryConfigUpstreamPolicyArgs.builder()\n .id(\"my-repository-upstream-1\")\n .repository(my_repo_upstream_1.id())\n .priority(20)\n .build(),\n RepositoryVirtualRepositoryConfigUpstreamPolicyArgs.builder()\n .id(\"my-repository-upstream-2\")\n .repository(my_repo_upstream_2.id())\n .priority(10)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-repo-upstream-1:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: my-repository-upstream-1\n description: example docker repository (upstream source) 1\n format: DOCKER\n my-repo-upstream-2:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: my-repository-upstream-2\n description: example docker repository (upstream source) 2\n format: DOCKER\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: my-repository\n description: example virtual docker repository\n format: DOCKER\n mode: VIRTUAL_REPOSITORY\n virtualRepositoryConfig:\n upstreamPolicies:\n - id: my-repository-upstream-1\n repository: ${[\"my-repo-upstream-1\"].id}\n priority: 20\n - id: my-repository-upstream-2\n repository: ${[\"my-repo-upstream-2\"].id}\n priority: 10\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"my-repository\",\n description: \"example remote docker repository\",\n format: \"DOCKER\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"docker hub\",\n dockerRepository: {\n publicRepository: \"DOCKER_HUB\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"my-repository\",\n description=\"example remote docker repository\",\n format=\"DOCKER\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"docker hub\",\n \"docker_repository\": {\n \"public_repository\": \"DOCKER_HUB\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"my-repository\",\n Description = \"example remote docker repository\",\n Format = \"DOCKER\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"docker hub\",\n DockerRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigDockerRepositoryArgs\n {\n PublicRepository = \"DOCKER_HUB\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"my-repository\"),\n\t\t\tDescription: pulumi.String(\"example remote docker repository\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"docker hub\"),\n\t\t\t\tDockerRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigDockerRepositoryArgs{\n\t\t\t\t\tPublicRepository: pulumi.String(\"DOCKER_HUB\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigDockerRepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"my-repository\")\n .description(\"example remote docker repository\")\n .format(\"DOCKER\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"docker hub\")\n .dockerRepository(RepositoryRemoteRepositoryConfigDockerRepositoryArgs.builder()\n .publicRepository(\"DOCKER_HUB\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: my-repository\n description: example remote docker repository\n format: DOCKER\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: docker hub\n dockerRepository:\n publicRepository: DOCKER_HUB\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Apt\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"debian-buster\",\n description: \"example remote apt repository\",\n format: \"APT\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"Debian buster remote repository\",\n aptRepository: {\n publicRepository: {\n repositoryBase: \"DEBIAN\",\n repositoryPath: \"debian/dists/buster\",\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"debian-buster\",\n description=\"example remote apt repository\",\n format=\"APT\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"Debian buster remote repository\",\n \"apt_repository\": {\n \"public_repository\": {\n \"repository_base\": \"DEBIAN\",\n \"repository_path\": \"debian/dists/buster\",\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"debian-buster\",\n Description = \"example remote apt repository\",\n Format = \"APT\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"Debian buster remote repository\",\n AptRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigAptRepositoryArgs\n {\n PublicRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigAptRepositoryPublicRepositoryArgs\n {\n RepositoryBase = \"DEBIAN\",\n RepositoryPath = \"debian/dists/buster\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"debian-buster\"),\n\t\t\tDescription: pulumi.String(\"example remote apt repository\"),\n\t\t\tFormat: pulumi.String(\"APT\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"Debian buster remote repository\"),\n\t\t\t\tAptRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigAptRepositoryArgs{\n\t\t\t\t\tPublicRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigAptRepositoryPublicRepositoryArgs{\n\t\t\t\t\t\tRepositoryBase: pulumi.String(\"DEBIAN\"),\n\t\t\t\t\t\tRepositoryPath: pulumi.String(\"debian/dists/buster\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigAptRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigAptRepositoryPublicRepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"debian-buster\")\n .description(\"example remote apt repository\")\n .format(\"APT\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"Debian buster remote repository\")\n .aptRepository(RepositoryRemoteRepositoryConfigAptRepositoryArgs.builder()\n .publicRepository(RepositoryRemoteRepositoryConfigAptRepositoryPublicRepositoryArgs.builder()\n .repositoryBase(\"DEBIAN\")\n .repositoryPath(\"debian/dists/buster\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: debian-buster\n description: example remote apt repository\n format: APT\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: Debian buster remote repository\n aptRepository:\n publicRepository:\n repositoryBase: DEBIAN\n repositoryPath: debian/dists/buster\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Yum\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"rocky-9\",\n description: \"example remote yum repository\",\n format: \"YUM\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"Rocky 9 remote repository\",\n yumRepository: {\n publicRepository: {\n repositoryBase: \"ROCKY\",\n repositoryPath: \"pub/rocky/9/BaseOS/x86_64/os\",\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"rocky-9\",\n description=\"example remote yum repository\",\n format=\"YUM\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"Rocky 9 remote repository\",\n \"yum_repository\": {\n \"public_repository\": {\n \"repository_base\": \"ROCKY\",\n \"repository_path\": \"pub/rocky/9/BaseOS/x86_64/os\",\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"rocky-9\",\n Description = \"example remote yum repository\",\n Format = \"YUM\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"Rocky 9 remote repository\",\n YumRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigYumRepositoryArgs\n {\n PublicRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigYumRepositoryPublicRepositoryArgs\n {\n RepositoryBase = \"ROCKY\",\n RepositoryPath = \"pub/rocky/9/BaseOS/x86_64/os\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"rocky-9\"),\n\t\t\tDescription: pulumi.String(\"example remote yum repository\"),\n\t\t\tFormat: pulumi.String(\"YUM\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"Rocky 9 remote repository\"),\n\t\t\t\tYumRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigYumRepositoryArgs{\n\t\t\t\t\tPublicRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigYumRepositoryPublicRepositoryArgs{\n\t\t\t\t\t\tRepositoryBase: pulumi.String(\"ROCKY\"),\n\t\t\t\t\t\tRepositoryPath: pulumi.String(\"pub/rocky/9/BaseOS/x86_64/os\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigYumRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigYumRepositoryPublicRepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"rocky-9\")\n .description(\"example remote yum repository\")\n .format(\"YUM\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"Rocky 9 remote repository\")\n .yumRepository(RepositoryRemoteRepositoryConfigYumRepositoryArgs.builder()\n .publicRepository(RepositoryRemoteRepositoryConfigYumRepositoryPublicRepositoryArgs.builder()\n .repositoryBase(\"ROCKY\")\n .repositoryPath(\"pub/rocky/9/BaseOS/x86_64/os\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: rocky-9\n description: example remote yum repository\n format: YUM\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: Rocky 9 remote repository\n yumRepository:\n publicRepository:\n repositoryBase: ROCKY\n repositoryPath: pub/rocky/9/BaseOS/x86_64/os\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Cleanup\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"my-repository\",\n description: \"example docker repository with cleanup policies\",\n format: \"DOCKER\",\n cleanupPolicyDryRun: false,\n cleanupPolicies: [\n {\n id: \"delete-prerelease\",\n action: \"DELETE\",\n condition: {\n tagState: \"TAGGED\",\n tagPrefixes: [\n \"alpha\",\n \"v0\",\n ],\n olderThan: \"2592000s\",\n },\n },\n {\n id: \"keep-tagged-release\",\n action: \"KEEP\",\n condition: {\n tagState: \"TAGGED\",\n tagPrefixes: [\"release\"],\n packageNamePrefixes: [\n \"webapp\",\n \"mobile\",\n ],\n },\n },\n {\n id: \"keep-minimum-versions\",\n action: \"KEEP\",\n mostRecentVersions: {\n packageNamePrefixes: [\n \"webapp\",\n \"mobile\",\n \"sandbox\",\n ],\n keepCount: 5,\n },\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"my-repository\",\n description=\"example docker repository with cleanup policies\",\n format=\"DOCKER\",\n cleanup_policy_dry_run=False,\n cleanup_policies=[\n {\n \"id\": \"delete-prerelease\",\n \"action\": \"DELETE\",\n \"condition\": {\n \"tag_state\": \"TAGGED\",\n \"tag_prefixes\": [\n \"alpha\",\n \"v0\",\n ],\n \"older_than\": \"2592000s\",\n },\n },\n {\n \"id\": \"keep-tagged-release\",\n \"action\": \"KEEP\",\n \"condition\": {\n \"tag_state\": \"TAGGED\",\n \"tag_prefixes\": [\"release\"],\n \"package_name_prefixes\": [\n \"webapp\",\n \"mobile\",\n ],\n },\n },\n {\n \"id\": \"keep-minimum-versions\",\n \"action\": \"KEEP\",\n \"most_recent_versions\": {\n \"package_name_prefixes\": [\n \"webapp\",\n \"mobile\",\n \"sandbox\",\n ],\n \"keep_count\": 5,\n },\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"my-repository\",\n Description = \"example docker repository with cleanup policies\",\n Format = \"DOCKER\",\n CleanupPolicyDryRun = false,\n CleanupPolicies = new[]\n {\n new Gcp.ArtifactRegistry.Inputs.RepositoryCleanupPolicyArgs\n {\n Id = \"delete-prerelease\",\n Action = \"DELETE\",\n Condition = new Gcp.ArtifactRegistry.Inputs.RepositoryCleanupPolicyConditionArgs\n {\n TagState = \"TAGGED\",\n TagPrefixes = new[]\n {\n \"alpha\",\n \"v0\",\n },\n OlderThan = \"2592000s\",\n },\n },\n new Gcp.ArtifactRegistry.Inputs.RepositoryCleanupPolicyArgs\n {\n Id = \"keep-tagged-release\",\n Action = \"KEEP\",\n Condition = new Gcp.ArtifactRegistry.Inputs.RepositoryCleanupPolicyConditionArgs\n {\n TagState = \"TAGGED\",\n TagPrefixes = new[]\n {\n \"release\",\n },\n PackageNamePrefixes = new[]\n {\n \"webapp\",\n \"mobile\",\n },\n },\n },\n new Gcp.ArtifactRegistry.Inputs.RepositoryCleanupPolicyArgs\n {\n Id = \"keep-minimum-versions\",\n Action = \"KEEP\",\n MostRecentVersions = new Gcp.ArtifactRegistry.Inputs.RepositoryCleanupPolicyMostRecentVersionsArgs\n {\n PackageNamePrefixes = new[]\n {\n \"webapp\",\n \"mobile\",\n \"sandbox\",\n },\n KeepCount = 5,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"my-repository\"),\n\t\t\tDescription: pulumi.String(\"example docker repository with cleanup policies\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tCleanupPolicyDryRun: pulumi.Bool(false),\n\t\t\tCleanupPolicies: artifactregistry.RepositoryCleanupPolicyArray{\n\t\t\t\t\u0026artifactregistry.RepositoryCleanupPolicyArgs{\n\t\t\t\t\tId: pulumi.String(\"delete-prerelease\"),\n\t\t\t\t\tAction: pulumi.String(\"DELETE\"),\n\t\t\t\t\tCondition: \u0026artifactregistry.RepositoryCleanupPolicyConditionArgs{\n\t\t\t\t\t\tTagState: pulumi.String(\"TAGGED\"),\n\t\t\t\t\t\tTagPrefixes: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"alpha\"),\n\t\t\t\t\t\t\tpulumi.String(\"v0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tOlderThan: pulumi.String(\"2592000s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026artifactregistry.RepositoryCleanupPolicyArgs{\n\t\t\t\t\tId: pulumi.String(\"keep-tagged-release\"),\n\t\t\t\t\tAction: pulumi.String(\"KEEP\"),\n\t\t\t\t\tCondition: \u0026artifactregistry.RepositoryCleanupPolicyConditionArgs{\n\t\t\t\t\t\tTagState: pulumi.String(\"TAGGED\"),\n\t\t\t\t\t\tTagPrefixes: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"release\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tPackageNamePrefixes: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"webapp\"),\n\t\t\t\t\t\t\tpulumi.String(\"mobile\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026artifactregistry.RepositoryCleanupPolicyArgs{\n\t\t\t\t\tId: pulumi.String(\"keep-minimum-versions\"),\n\t\t\t\t\tAction: pulumi.String(\"KEEP\"),\n\t\t\t\t\tMostRecentVersions: \u0026artifactregistry.RepositoryCleanupPolicyMostRecentVersionsArgs{\n\t\t\t\t\t\tPackageNamePrefixes: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"webapp\"),\n\t\t\t\t\t\t\tpulumi.String(\"mobile\"),\n\t\t\t\t\t\t\tpulumi.String(\"sandbox\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tKeepCount: pulumi.Int(5),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryCleanupPolicyArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryCleanupPolicyConditionArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryCleanupPolicyMostRecentVersionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"my-repository\")\n .description(\"example docker repository with cleanup policies\")\n .format(\"DOCKER\")\n .cleanupPolicyDryRun(false)\n .cleanupPolicies( \n RepositoryCleanupPolicyArgs.builder()\n .id(\"delete-prerelease\")\n .action(\"DELETE\")\n .condition(RepositoryCleanupPolicyConditionArgs.builder()\n .tagState(\"TAGGED\")\n .tagPrefixes( \n \"alpha\",\n \"v0\")\n .olderThan(\"2592000s\")\n .build())\n .build(),\n RepositoryCleanupPolicyArgs.builder()\n .id(\"keep-tagged-release\")\n .action(\"KEEP\")\n .condition(RepositoryCleanupPolicyConditionArgs.builder()\n .tagState(\"TAGGED\")\n .tagPrefixes(\"release\")\n .packageNamePrefixes( \n \"webapp\",\n \"mobile\")\n .build())\n .build(),\n RepositoryCleanupPolicyArgs.builder()\n .id(\"keep-minimum-versions\")\n .action(\"KEEP\")\n .mostRecentVersions(RepositoryCleanupPolicyMostRecentVersionsArgs.builder()\n .packageNamePrefixes( \n \"webapp\",\n \"mobile\",\n \"sandbox\")\n .keepCount(5)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: my-repository\n description: example docker repository with cleanup policies\n format: DOCKER\n cleanupPolicyDryRun: false\n cleanupPolicies:\n - id: delete-prerelease\n action: DELETE\n condition:\n tagState: TAGGED\n tagPrefixes:\n - alpha\n - v0\n olderThan: 2592000s\n - id: keep-tagged-release\n action: KEEP\n condition:\n tagState: TAGGED\n tagPrefixes:\n - release\n packageNamePrefixes:\n - webapp\n - mobile\n - id: keep-minimum-versions\n action: KEEP\n mostRecentVersions:\n packageNamePrefixes:\n - webapp\n - mobile\n - sandbox\n keepCount: 5\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Dockerhub Auth\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example_remote_secret = new gcp.secretmanager.Secret(\"example-remote-secret\", {\n secretId: \"example-secret\",\n replication: {\n auto: {},\n },\n});\nconst example_remote_secretVersion = new gcp.secretmanager.SecretVersion(\"example-remote-secret_version\", {\n secret: example_remote_secret.id,\n secretData: \"remote-password\",\n});\nconst secret_access = new gcp.secretmanager.SecretIamMember(\"secret-access\", {\n secretId: example_remote_secret.id,\n role: \"roles/secretmanager.secretAccessor\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com`),\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"example-dockerhub-remote\",\n description: \"example remote dockerhub repository with credentials\",\n format: \"DOCKER\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"docker hub with custom credentials\",\n disableUpstreamValidation: true,\n dockerRepository: {\n publicRepository: \"DOCKER_HUB\",\n },\n upstreamCredentials: {\n usernamePasswordCredentials: {\n username: \"remote-username\",\n passwordSecretVersion: example_remote_secretVersion.name,\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample_remote_secret = gcp.secretmanager.Secret(\"example-remote-secret\",\n secret_id=\"example-secret\",\n replication={\n \"auto\": {},\n })\nexample_remote_secret_version = gcp.secretmanager.SecretVersion(\"example-remote-secret_version\",\n secret=example_remote_secret.id,\n secret_data=\"remote-password\")\nsecret_access = gcp.secretmanager.SecretIamMember(\"secret-access\",\n secret_id=example_remote_secret.id,\n role=\"roles/secretmanager.secretAccessor\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"example-dockerhub-remote\",\n description=\"example remote dockerhub repository with credentials\",\n format=\"DOCKER\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"docker hub with custom credentials\",\n \"disable_upstream_validation\": True,\n \"docker_repository\": {\n \"public_repository\": \"DOCKER_HUB\",\n },\n \"upstream_credentials\": {\n \"username_password_credentials\": {\n \"username\": \"remote-username\",\n \"password_secret_version\": example_remote_secret_version.name,\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example_remote_secret = new Gcp.SecretManager.Secret(\"example-remote-secret\", new()\n {\n SecretId = \"example-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var example_remote_secretVersion = new Gcp.SecretManager.SecretVersion(\"example-remote-secret_version\", new()\n {\n Secret = example_remote_secret.Id,\n SecretData = \"remote-password\",\n });\n\n var secret_access = new Gcp.SecretManager.SecretIamMember(\"secret-access\", new()\n {\n SecretId = example_remote_secret.Id,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-artifactregistry.iam.gserviceaccount.com\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"example-dockerhub-remote\",\n Description = \"example remote dockerhub repository with credentials\",\n Format = \"DOCKER\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"docker hub with custom credentials\",\n DisableUpstreamValidation = true,\n DockerRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigDockerRepositoryArgs\n {\n PublicRepository = \"DOCKER_HUB\",\n },\n UpstreamCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs\n {\n UsernamePasswordCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs\n {\n Username = \"remote-username\",\n PasswordSecretVersion = example_remote_secretVersion.Name,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecret(ctx, \"example-remote-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"example-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"example-remote-secret_version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: example_remote_secret.ID(),\n\t\t\tSecretData: pulumi.String(\"remote-password\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamMember(ctx, \"secret-access\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tSecretId: example_remote_secret.ID(),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"example-dockerhub-remote\"),\n\t\t\tDescription: pulumi.String(\"example remote dockerhub repository with credentials\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"docker hub with custom credentials\"),\n\t\t\t\tDisableUpstreamValidation: pulumi.Bool(true),\n\t\t\t\tDockerRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigDockerRepositoryArgs{\n\t\t\t\t\tPublicRepository: pulumi.String(\"DOCKER_HUB\"),\n\t\t\t\t},\n\t\t\t\tUpstreamCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs{\n\t\t\t\t\tUsernamePasswordCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"remote-username\"),\n\t\t\t\t\t\tPasswordSecretVersion: example_remote_secretVersion.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigDockerRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example_remote_secret = new Secret(\"example-remote-secret\", SecretArgs.builder()\n .secretId(\"example-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var example_remote_secretVersion = new SecretVersion(\"example-remote-secretVersion\", SecretVersionArgs.builder()\n .secret(example_remote_secret.id())\n .secretData(\"remote-password\")\n .build());\n\n var secret_access = new SecretIamMember(\"secret-access\", SecretIamMemberArgs.builder()\n .secretId(example_remote_secret.id())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"example-dockerhub-remote\")\n .description(\"example remote dockerhub repository with credentials\")\n .format(\"DOCKER\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"docker hub with custom credentials\")\n .disableUpstreamValidation(true)\n .dockerRepository(RepositoryRemoteRepositoryConfigDockerRepositoryArgs.builder()\n .publicRepository(\"DOCKER_HUB\")\n .build())\n .upstreamCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs.builder()\n .usernamePasswordCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs.builder()\n .username(\"remote-username\")\n .passwordSecretVersion(example_remote_secretVersion.name())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-remote-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: example-secret\n replication:\n auto: {}\n example-remote-secretVersion:\n type: gcp:secretmanager:SecretVersion\n name: example-remote-secret_version\n properties:\n secret: ${[\"example-remote-secret\"].id}\n secretData: remote-password\n secret-access:\n type: gcp:secretmanager:SecretIamMember\n properties:\n secretId: ${[\"example-remote-secret\"].id}\n role: roles/secretmanager.secretAccessor\n member: serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: example-dockerhub-remote\n description: example remote dockerhub repository with credentials\n format: DOCKER\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: docker hub with custom credentials\n disableUpstreamValidation: true\n dockerRepository:\n publicRepository: DOCKER_HUB\n upstreamCredentials:\n usernamePasswordCredentials:\n username: remote-username\n passwordSecretVersion: ${[\"example-remote-secretVersion\"].name}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Docker Custom With Auth\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example_remote_secret = new gcp.secretmanager.Secret(\"example-remote-secret\", {\n secretId: \"example-secret\",\n replication: {\n auto: {},\n },\n});\nconst example_remote_secretVersion = new gcp.secretmanager.SecretVersion(\"example-remote-secret_version\", {\n secret: example_remote_secret.id,\n secretData: \"remote-password\",\n});\nconst secret_access = new gcp.secretmanager.SecretIamMember(\"secret-access\", {\n secretId: example_remote_secret.id,\n role: \"roles/secretmanager.secretAccessor\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com`),\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"example-docker-custom-remote\",\n description: \"example remote custom docker repository with credentials\",\n format: \"DOCKER\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"custom docker remote with credentials\",\n disableUpstreamValidation: true,\n dockerRepository: {\n customRepository: {\n uri: \"https://registry-1.docker.io\",\n },\n },\n upstreamCredentials: {\n usernamePasswordCredentials: {\n username: \"remote-username\",\n passwordSecretVersion: example_remote_secretVersion.name,\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample_remote_secret = gcp.secretmanager.Secret(\"example-remote-secret\",\n secret_id=\"example-secret\",\n replication={\n \"auto\": {},\n })\nexample_remote_secret_version = gcp.secretmanager.SecretVersion(\"example-remote-secret_version\",\n secret=example_remote_secret.id,\n secret_data=\"remote-password\")\nsecret_access = gcp.secretmanager.SecretIamMember(\"secret-access\",\n secret_id=example_remote_secret.id,\n role=\"roles/secretmanager.secretAccessor\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"example-docker-custom-remote\",\n description=\"example remote custom docker repository with credentials\",\n format=\"DOCKER\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"custom docker remote with credentials\",\n \"disable_upstream_validation\": True,\n \"docker_repository\": {\n \"custom_repository\": {\n \"uri\": \"https://registry-1.docker.io\",\n },\n },\n \"upstream_credentials\": {\n \"username_password_credentials\": {\n \"username\": \"remote-username\",\n \"password_secret_version\": example_remote_secret_version.name,\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example_remote_secret = new Gcp.SecretManager.Secret(\"example-remote-secret\", new()\n {\n SecretId = \"example-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var example_remote_secretVersion = new Gcp.SecretManager.SecretVersion(\"example-remote-secret_version\", new()\n {\n Secret = example_remote_secret.Id,\n SecretData = \"remote-password\",\n });\n\n var secret_access = new Gcp.SecretManager.SecretIamMember(\"secret-access\", new()\n {\n SecretId = example_remote_secret.Id,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-artifactregistry.iam.gserviceaccount.com\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"example-docker-custom-remote\",\n Description = \"example remote custom docker repository with credentials\",\n Format = \"DOCKER\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"custom docker remote with credentials\",\n DisableUpstreamValidation = true,\n DockerRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigDockerRepositoryArgs\n {\n CustomRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigDockerRepositoryCustomRepositoryArgs\n {\n Uri = \"https://registry-1.docker.io\",\n },\n },\n UpstreamCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs\n {\n UsernamePasswordCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs\n {\n Username = \"remote-username\",\n PasswordSecretVersion = example_remote_secretVersion.Name,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecret(ctx, \"example-remote-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"example-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"example-remote-secret_version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: example_remote_secret.ID(),\n\t\t\tSecretData: pulumi.String(\"remote-password\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamMember(ctx, \"secret-access\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tSecretId: example_remote_secret.ID(),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"example-docker-custom-remote\"),\n\t\t\tDescription: pulumi.String(\"example remote custom docker repository with credentials\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"custom docker remote with credentials\"),\n\t\t\t\tDisableUpstreamValidation: pulumi.Bool(true),\n\t\t\t\tDockerRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigDockerRepositoryArgs{\n\t\t\t\t\tCustomRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigDockerRepositoryCustomRepositoryArgs{\n\t\t\t\t\t\tUri: pulumi.String(\"https://registry-1.docker.io\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tUpstreamCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs{\n\t\t\t\t\tUsernamePasswordCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"remote-username\"),\n\t\t\t\t\t\tPasswordSecretVersion: example_remote_secretVersion.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigDockerRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigDockerRepositoryCustomRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example_remote_secret = new Secret(\"example-remote-secret\", SecretArgs.builder()\n .secretId(\"example-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var example_remote_secretVersion = new SecretVersion(\"example-remote-secretVersion\", SecretVersionArgs.builder()\n .secret(example_remote_secret.id())\n .secretData(\"remote-password\")\n .build());\n\n var secret_access = new SecretIamMember(\"secret-access\", SecretIamMemberArgs.builder()\n .secretId(example_remote_secret.id())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"example-docker-custom-remote\")\n .description(\"example remote custom docker repository with credentials\")\n .format(\"DOCKER\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"custom docker remote with credentials\")\n .disableUpstreamValidation(true)\n .dockerRepository(RepositoryRemoteRepositoryConfigDockerRepositoryArgs.builder()\n .customRepository(RepositoryRemoteRepositoryConfigDockerRepositoryCustomRepositoryArgs.builder()\n .uri(\"https://registry-1.docker.io\")\n .build())\n .build())\n .upstreamCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs.builder()\n .usernamePasswordCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs.builder()\n .username(\"remote-username\")\n .passwordSecretVersion(example_remote_secretVersion.name())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-remote-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: example-secret\n replication:\n auto: {}\n example-remote-secretVersion:\n type: gcp:secretmanager:SecretVersion\n name: example-remote-secret_version\n properties:\n secret: ${[\"example-remote-secret\"].id}\n secretData: remote-password\n secret-access:\n type: gcp:secretmanager:SecretIamMember\n properties:\n secretId: ${[\"example-remote-secret\"].id}\n role: roles/secretmanager.secretAccessor\n member: serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: example-docker-custom-remote\n description: example remote custom docker repository with credentials\n format: DOCKER\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: custom docker remote with credentials\n disableUpstreamValidation: true\n dockerRepository:\n customRepository:\n uri: https://registry-1.docker.io\n upstreamCredentials:\n usernamePasswordCredentials:\n username: remote-username\n passwordSecretVersion: ${[\"example-remote-secretVersion\"].name}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Maven Custom With Auth\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example_remote_secret = new gcp.secretmanager.Secret(\"example-remote-secret\", {\n secretId: \"example-secret\",\n replication: {\n auto: {},\n },\n});\nconst example_remote_secretVersion = new gcp.secretmanager.SecretVersion(\"example-remote-secret_version\", {\n secret: example_remote_secret.id,\n secretData: \"remote-password\",\n});\nconst secret_access = new gcp.secretmanager.SecretIamMember(\"secret-access\", {\n secretId: example_remote_secret.id,\n role: \"roles/secretmanager.secretAccessor\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com`),\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"example-maven-custom-remote\",\n description: \"example remote custom maven repository with credentials\",\n format: \"MAVEN\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"custom maven remote with credentials\",\n disableUpstreamValidation: true,\n mavenRepository: {\n customRepository: {\n uri: \"https://my.maven.registry\",\n },\n },\n upstreamCredentials: {\n usernamePasswordCredentials: {\n username: \"remote-username\",\n passwordSecretVersion: example_remote_secretVersion.name,\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample_remote_secret = gcp.secretmanager.Secret(\"example-remote-secret\",\n secret_id=\"example-secret\",\n replication={\n \"auto\": {},\n })\nexample_remote_secret_version = gcp.secretmanager.SecretVersion(\"example-remote-secret_version\",\n secret=example_remote_secret.id,\n secret_data=\"remote-password\")\nsecret_access = gcp.secretmanager.SecretIamMember(\"secret-access\",\n secret_id=example_remote_secret.id,\n role=\"roles/secretmanager.secretAccessor\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"example-maven-custom-remote\",\n description=\"example remote custom maven repository with credentials\",\n format=\"MAVEN\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"custom maven remote with credentials\",\n \"disable_upstream_validation\": True,\n \"maven_repository\": {\n \"custom_repository\": {\n \"uri\": \"https://my.maven.registry\",\n },\n },\n \"upstream_credentials\": {\n \"username_password_credentials\": {\n \"username\": \"remote-username\",\n \"password_secret_version\": example_remote_secret_version.name,\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example_remote_secret = new Gcp.SecretManager.Secret(\"example-remote-secret\", new()\n {\n SecretId = \"example-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var example_remote_secretVersion = new Gcp.SecretManager.SecretVersion(\"example-remote-secret_version\", new()\n {\n Secret = example_remote_secret.Id,\n SecretData = \"remote-password\",\n });\n\n var secret_access = new Gcp.SecretManager.SecretIamMember(\"secret-access\", new()\n {\n SecretId = example_remote_secret.Id,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-artifactregistry.iam.gserviceaccount.com\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"example-maven-custom-remote\",\n Description = \"example remote custom maven repository with credentials\",\n Format = \"MAVEN\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"custom maven remote with credentials\",\n DisableUpstreamValidation = true,\n MavenRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigMavenRepositoryArgs\n {\n CustomRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigMavenRepositoryCustomRepositoryArgs\n {\n Uri = \"https://my.maven.registry\",\n },\n },\n UpstreamCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs\n {\n UsernamePasswordCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs\n {\n Username = \"remote-username\",\n PasswordSecretVersion = example_remote_secretVersion.Name,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecret(ctx, \"example-remote-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"example-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"example-remote-secret_version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: example_remote_secret.ID(),\n\t\t\tSecretData: pulumi.String(\"remote-password\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamMember(ctx, \"secret-access\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tSecretId: example_remote_secret.ID(),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"example-maven-custom-remote\"),\n\t\t\tDescription: pulumi.String(\"example remote custom maven repository with credentials\"),\n\t\t\tFormat: pulumi.String(\"MAVEN\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"custom maven remote with credentials\"),\n\t\t\t\tDisableUpstreamValidation: pulumi.Bool(true),\n\t\t\t\tMavenRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigMavenRepositoryArgs{\n\t\t\t\t\tCustomRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigMavenRepositoryCustomRepositoryArgs{\n\t\t\t\t\t\tUri: pulumi.String(\"https://my.maven.registry\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tUpstreamCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs{\n\t\t\t\t\tUsernamePasswordCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"remote-username\"),\n\t\t\t\t\t\tPasswordSecretVersion: example_remote_secretVersion.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigMavenRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigMavenRepositoryCustomRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example_remote_secret = new Secret(\"example-remote-secret\", SecretArgs.builder()\n .secretId(\"example-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var example_remote_secretVersion = new SecretVersion(\"example-remote-secretVersion\", SecretVersionArgs.builder()\n .secret(example_remote_secret.id())\n .secretData(\"remote-password\")\n .build());\n\n var secret_access = new SecretIamMember(\"secret-access\", SecretIamMemberArgs.builder()\n .secretId(example_remote_secret.id())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"example-maven-custom-remote\")\n .description(\"example remote custom maven repository with credentials\")\n .format(\"MAVEN\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"custom maven remote with credentials\")\n .disableUpstreamValidation(true)\n .mavenRepository(RepositoryRemoteRepositoryConfigMavenRepositoryArgs.builder()\n .customRepository(RepositoryRemoteRepositoryConfigMavenRepositoryCustomRepositoryArgs.builder()\n .uri(\"https://my.maven.registry\")\n .build())\n .build())\n .upstreamCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs.builder()\n .usernamePasswordCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs.builder()\n .username(\"remote-username\")\n .passwordSecretVersion(example_remote_secretVersion.name())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-remote-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: example-secret\n replication:\n auto: {}\n example-remote-secretVersion:\n type: gcp:secretmanager:SecretVersion\n name: example-remote-secret_version\n properties:\n secret: ${[\"example-remote-secret\"].id}\n secretData: remote-password\n secret-access:\n type: gcp:secretmanager:SecretIamMember\n properties:\n secretId: ${[\"example-remote-secret\"].id}\n role: roles/secretmanager.secretAccessor\n member: serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: example-maven-custom-remote\n description: example remote custom maven repository with credentials\n format: MAVEN\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: custom maven remote with credentials\n disableUpstreamValidation: true\n mavenRepository:\n customRepository:\n uri: https://my.maven.registry\n upstreamCredentials:\n usernamePasswordCredentials:\n username: remote-username\n passwordSecretVersion: ${[\"example-remote-secretVersion\"].name}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Npm Custom With Auth\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example_remote_secret = new gcp.secretmanager.Secret(\"example-remote-secret\", {\n secretId: \"example-secret\",\n replication: {\n auto: {},\n },\n});\nconst example_remote_secretVersion = new gcp.secretmanager.SecretVersion(\"example-remote-secret_version\", {\n secret: example_remote_secret.id,\n secretData: \"remote-password\",\n});\nconst secret_access = new gcp.secretmanager.SecretIamMember(\"secret-access\", {\n secretId: example_remote_secret.id,\n role: \"roles/secretmanager.secretAccessor\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com`),\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"example-npm-custom-remote\",\n description: \"example remote custom npm repository with credentials\",\n format: \"NPM\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"custom npm with credentials\",\n disableUpstreamValidation: true,\n npmRepository: {\n customRepository: {\n uri: \"https://my.npm.registry\",\n },\n },\n upstreamCredentials: {\n usernamePasswordCredentials: {\n username: \"remote-username\",\n passwordSecretVersion: example_remote_secretVersion.name,\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample_remote_secret = gcp.secretmanager.Secret(\"example-remote-secret\",\n secret_id=\"example-secret\",\n replication={\n \"auto\": {},\n })\nexample_remote_secret_version = gcp.secretmanager.SecretVersion(\"example-remote-secret_version\",\n secret=example_remote_secret.id,\n secret_data=\"remote-password\")\nsecret_access = gcp.secretmanager.SecretIamMember(\"secret-access\",\n secret_id=example_remote_secret.id,\n role=\"roles/secretmanager.secretAccessor\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"example-npm-custom-remote\",\n description=\"example remote custom npm repository with credentials\",\n format=\"NPM\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"custom npm with credentials\",\n \"disable_upstream_validation\": True,\n \"npm_repository\": {\n \"custom_repository\": {\n \"uri\": \"https://my.npm.registry\",\n },\n },\n \"upstream_credentials\": {\n \"username_password_credentials\": {\n \"username\": \"remote-username\",\n \"password_secret_version\": example_remote_secret_version.name,\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example_remote_secret = new Gcp.SecretManager.Secret(\"example-remote-secret\", new()\n {\n SecretId = \"example-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var example_remote_secretVersion = new Gcp.SecretManager.SecretVersion(\"example-remote-secret_version\", new()\n {\n Secret = example_remote_secret.Id,\n SecretData = \"remote-password\",\n });\n\n var secret_access = new Gcp.SecretManager.SecretIamMember(\"secret-access\", new()\n {\n SecretId = example_remote_secret.Id,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-artifactregistry.iam.gserviceaccount.com\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"example-npm-custom-remote\",\n Description = \"example remote custom npm repository with credentials\",\n Format = \"NPM\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"custom npm with credentials\",\n DisableUpstreamValidation = true,\n NpmRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigNpmRepositoryArgs\n {\n CustomRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigNpmRepositoryCustomRepositoryArgs\n {\n Uri = \"https://my.npm.registry\",\n },\n },\n UpstreamCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs\n {\n UsernamePasswordCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs\n {\n Username = \"remote-username\",\n PasswordSecretVersion = example_remote_secretVersion.Name,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecret(ctx, \"example-remote-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"example-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"example-remote-secret_version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: example_remote_secret.ID(),\n\t\t\tSecretData: pulumi.String(\"remote-password\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamMember(ctx, \"secret-access\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tSecretId: example_remote_secret.ID(),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"example-npm-custom-remote\"),\n\t\t\tDescription: pulumi.String(\"example remote custom npm repository with credentials\"),\n\t\t\tFormat: pulumi.String(\"NPM\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"custom npm with credentials\"),\n\t\t\t\tDisableUpstreamValidation: pulumi.Bool(true),\n\t\t\t\tNpmRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigNpmRepositoryArgs{\n\t\t\t\t\tCustomRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigNpmRepositoryCustomRepositoryArgs{\n\t\t\t\t\t\tUri: pulumi.String(\"https://my.npm.registry\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tUpstreamCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs{\n\t\t\t\t\tUsernamePasswordCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"remote-username\"),\n\t\t\t\t\t\tPasswordSecretVersion: example_remote_secretVersion.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigNpmRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigNpmRepositoryCustomRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example_remote_secret = new Secret(\"example-remote-secret\", SecretArgs.builder()\n .secretId(\"example-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var example_remote_secretVersion = new SecretVersion(\"example-remote-secretVersion\", SecretVersionArgs.builder()\n .secret(example_remote_secret.id())\n .secretData(\"remote-password\")\n .build());\n\n var secret_access = new SecretIamMember(\"secret-access\", SecretIamMemberArgs.builder()\n .secretId(example_remote_secret.id())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"example-npm-custom-remote\")\n .description(\"example remote custom npm repository with credentials\")\n .format(\"NPM\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"custom npm with credentials\")\n .disableUpstreamValidation(true)\n .npmRepository(RepositoryRemoteRepositoryConfigNpmRepositoryArgs.builder()\n .customRepository(RepositoryRemoteRepositoryConfigNpmRepositoryCustomRepositoryArgs.builder()\n .uri(\"https://my.npm.registry\")\n .build())\n .build())\n .upstreamCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs.builder()\n .usernamePasswordCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs.builder()\n .username(\"remote-username\")\n .passwordSecretVersion(example_remote_secretVersion.name())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-remote-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: example-secret\n replication:\n auto: {}\n example-remote-secretVersion:\n type: gcp:secretmanager:SecretVersion\n name: example-remote-secret_version\n properties:\n secret: ${[\"example-remote-secret\"].id}\n secretData: remote-password\n secret-access:\n type: gcp:secretmanager:SecretIamMember\n properties:\n secretId: ${[\"example-remote-secret\"].id}\n role: roles/secretmanager.secretAccessor\n member: serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: example-npm-custom-remote\n description: example remote custom npm repository with credentials\n format: NPM\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: custom npm with credentials\n disableUpstreamValidation: true\n npmRepository:\n customRepository:\n uri: https://my.npm.registry\n upstreamCredentials:\n usernamePasswordCredentials:\n username: remote-username\n passwordSecretVersion: ${[\"example-remote-secretVersion\"].name}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Python Custom With Auth\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example_remote_secret = new gcp.secretmanager.Secret(\"example-remote-secret\", {\n secretId: \"example-secret\",\n replication: {\n auto: {},\n },\n});\nconst example_remote_secretVersion = new gcp.secretmanager.SecretVersion(\"example-remote-secret_version\", {\n secret: example_remote_secret.id,\n secretData: \"remote-password\",\n});\nconst secret_access = new gcp.secretmanager.SecretIamMember(\"secret-access\", {\n secretId: example_remote_secret.id,\n role: \"roles/secretmanager.secretAccessor\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com`),\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"example-python-custom-remote\",\n description: \"example remote custom python repository with credentials\",\n format: \"PYTHON\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"custom npm with credentials\",\n disableUpstreamValidation: true,\n pythonRepository: {\n customRepository: {\n uri: \"https://my.python.registry\",\n },\n },\n upstreamCredentials: {\n usernamePasswordCredentials: {\n username: \"remote-username\",\n passwordSecretVersion: example_remote_secretVersion.name,\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample_remote_secret = gcp.secretmanager.Secret(\"example-remote-secret\",\n secret_id=\"example-secret\",\n replication={\n \"auto\": {},\n })\nexample_remote_secret_version = gcp.secretmanager.SecretVersion(\"example-remote-secret_version\",\n secret=example_remote_secret.id,\n secret_data=\"remote-password\")\nsecret_access = gcp.secretmanager.SecretIamMember(\"secret-access\",\n secret_id=example_remote_secret.id,\n role=\"roles/secretmanager.secretAccessor\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"example-python-custom-remote\",\n description=\"example remote custom python repository with credentials\",\n format=\"PYTHON\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"custom npm with credentials\",\n \"disable_upstream_validation\": True,\n \"python_repository\": {\n \"custom_repository\": {\n \"uri\": \"https://my.python.registry\",\n },\n },\n \"upstream_credentials\": {\n \"username_password_credentials\": {\n \"username\": \"remote-username\",\n \"password_secret_version\": example_remote_secret_version.name,\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example_remote_secret = new Gcp.SecretManager.Secret(\"example-remote-secret\", new()\n {\n SecretId = \"example-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var example_remote_secretVersion = new Gcp.SecretManager.SecretVersion(\"example-remote-secret_version\", new()\n {\n Secret = example_remote_secret.Id,\n SecretData = \"remote-password\",\n });\n\n var secret_access = new Gcp.SecretManager.SecretIamMember(\"secret-access\", new()\n {\n SecretId = example_remote_secret.Id,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-artifactregistry.iam.gserviceaccount.com\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"example-python-custom-remote\",\n Description = \"example remote custom python repository with credentials\",\n Format = \"PYTHON\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"custom npm with credentials\",\n DisableUpstreamValidation = true,\n PythonRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigPythonRepositoryArgs\n {\n CustomRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigPythonRepositoryCustomRepositoryArgs\n {\n Uri = \"https://my.python.registry\",\n },\n },\n UpstreamCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs\n {\n UsernamePasswordCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs\n {\n Username = \"remote-username\",\n PasswordSecretVersion = example_remote_secretVersion.Name,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecret(ctx, \"example-remote-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"example-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"example-remote-secret_version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: example_remote_secret.ID(),\n\t\t\tSecretData: pulumi.String(\"remote-password\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamMember(ctx, \"secret-access\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tSecretId: example_remote_secret.ID(),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"example-python-custom-remote\"),\n\t\t\tDescription: pulumi.String(\"example remote custom python repository with credentials\"),\n\t\t\tFormat: pulumi.String(\"PYTHON\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"custom npm with credentials\"),\n\t\t\t\tDisableUpstreamValidation: pulumi.Bool(true),\n\t\t\t\tPythonRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigPythonRepositoryArgs{\n\t\t\t\t\tCustomRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigPythonRepositoryCustomRepositoryArgs{\n\t\t\t\t\t\tUri: pulumi.String(\"https://my.python.registry\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tUpstreamCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs{\n\t\t\t\t\tUsernamePasswordCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"remote-username\"),\n\t\t\t\t\t\tPasswordSecretVersion: example_remote_secretVersion.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigPythonRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigPythonRepositoryCustomRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example_remote_secret = new Secret(\"example-remote-secret\", SecretArgs.builder()\n .secretId(\"example-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var example_remote_secretVersion = new SecretVersion(\"example-remote-secretVersion\", SecretVersionArgs.builder()\n .secret(example_remote_secret.id())\n .secretData(\"remote-password\")\n .build());\n\n var secret_access = new SecretIamMember(\"secret-access\", SecretIamMemberArgs.builder()\n .secretId(example_remote_secret.id())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"example-python-custom-remote\")\n .description(\"example remote custom python repository with credentials\")\n .format(\"PYTHON\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"custom npm with credentials\")\n .disableUpstreamValidation(true)\n .pythonRepository(RepositoryRemoteRepositoryConfigPythonRepositoryArgs.builder()\n .customRepository(RepositoryRemoteRepositoryConfigPythonRepositoryCustomRepositoryArgs.builder()\n .uri(\"https://my.python.registry\")\n .build())\n .build())\n .upstreamCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs.builder()\n .usernamePasswordCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs.builder()\n .username(\"remote-username\")\n .passwordSecretVersion(example_remote_secretVersion.name())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-remote-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: example-secret\n replication:\n auto: {}\n example-remote-secretVersion:\n type: gcp:secretmanager:SecretVersion\n name: example-remote-secret_version\n properties:\n secret: ${[\"example-remote-secret\"].id}\n secretData: remote-password\n secret-access:\n type: gcp:secretmanager:SecretIamMember\n properties:\n secretId: ${[\"example-remote-secret\"].id}\n role: roles/secretmanager.secretAccessor\n member: serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: example-python-custom-remote\n description: example remote custom python repository with credentials\n format: PYTHON\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: custom npm with credentials\n disableUpstreamValidation: true\n pythonRepository:\n customRepository:\n uri: https://my.python.registry\n upstreamCredentials:\n usernamePasswordCredentials:\n username: remote-username\n passwordSecretVersion: ${[\"example-remote-secretVersion\"].name}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Common Repository With Docker\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst upstreamRepo = new gcp.artifactregistry.Repository(\"upstream_repo\", {\n location: \"us-central1\",\n repositoryId: \"example-upstream-repo\",\n description: \"example upstream repository\",\n format: \"DOCKER\",\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"example-common-remote\",\n description: \"example remote common repository with docker upstream\",\n format: \"DOCKER\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"pull-through cache of another Artifact Registry repository\",\n commonRepository: {\n uri: upstreamRepo.id,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nupstream_repo = gcp.artifactregistry.Repository(\"upstream_repo\",\n location=\"us-central1\",\n repository_id=\"example-upstream-repo\",\n description=\"example upstream repository\",\n format=\"DOCKER\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"example-common-remote\",\n description=\"example remote common repository with docker upstream\",\n format=\"DOCKER\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"pull-through cache of another Artifact Registry repository\",\n \"common_repository\": {\n \"uri\": upstream_repo.id,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var upstreamRepo = new Gcp.ArtifactRegistry.Repository(\"upstream_repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"example-upstream-repo\",\n Description = \"example upstream repository\",\n Format = \"DOCKER\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"example-common-remote\",\n Description = \"example remote common repository with docker upstream\",\n Format = \"DOCKER\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"pull-through cache of another Artifact Registry repository\",\n CommonRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigCommonRepositoryArgs\n {\n Uri = upstreamRepo.Id,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tupstreamRepo, err := artifactregistry.NewRepository(ctx, \"upstream_repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"example-upstream-repo\"),\n\t\t\tDescription: pulumi.String(\"example upstream repository\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"example-common-remote\"),\n\t\t\tDescription: pulumi.String(\"example remote common repository with docker upstream\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"pull-through cache of another Artifact Registry repository\"),\n\t\t\t\tCommonRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigCommonRepositoryArgs{\n\t\t\t\t\tUri: upstreamRepo.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigCommonRepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var upstreamRepo = new Repository(\"upstreamRepo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"example-upstream-repo\")\n .description(\"example upstream repository\")\n .format(\"DOCKER\")\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"example-common-remote\")\n .description(\"example remote common repository with docker upstream\")\n .format(\"DOCKER\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"pull-through cache of another Artifact Registry repository\")\n .commonRepository(RepositoryRemoteRepositoryConfigCommonRepositoryArgs.builder()\n .uri(upstreamRepo.id())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n upstreamRepo:\n type: gcp:artifactregistry:Repository\n name: upstream_repo\n properties:\n location: us-central1\n repositoryId: example-upstream-repo\n description: example upstream repository\n format: DOCKER\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: example-common-remote\n description: example remote common repository with docker upstream\n format: DOCKER\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: pull-through cache of another Artifact Registry repository\n commonRepository:\n uri: ${upstreamRepo.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRepository can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}`\n\n* `{{project}}/{{location}}/{{repository_id}}`\n\n* `{{location}}/{{repository_id}}`\n\n* `{{repository_id}}`\n\nWhen using the `pulumi import` command, Repository can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:artifactregistry/repository:Repository default projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}\n```\n\n```sh\n$ pulumi import gcp:artifactregistry/repository:Repository default {{project}}/{{location}}/{{repository_id}}\n```\n\n```sh\n$ pulumi import gcp:artifactregistry/repository:Repository default {{location}}/{{repository_id}}\n```\n\n```sh\n$ pulumi import gcp:artifactregistry/repository:Repository default {{repository_id}}\n```\n\n", + "description": "A repository for storing artifacts\n\n\nTo get more information about Repository, see:\n\n* [API documentation](https://cloud.google.com/artifact-registry/docs/reference/rest/v1/projects.locations.repositories)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/artifact-registry/docs/overview)\n\n## Example Usage\n\n### Artifact Registry Repository Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"my-repository\",\n description: \"example docker repository\",\n format: \"DOCKER\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"my-repository\",\n description=\"example docker repository\",\n format=\"DOCKER\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"my-repository\",\n Description = \"example docker repository\",\n Format = \"DOCKER\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"my-repository\"),\n\t\t\tDescription: pulumi.String(\"example docker repository\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"my-repository\")\n .description(\"example docker repository\")\n .format(\"DOCKER\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: my-repository\n description: example docker repository\n format: DOCKER\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Docker\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"my-repository\",\n description: \"example docker repository\",\n format: \"DOCKER\",\n dockerConfig: {\n immutableTags: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"my-repository\",\n description=\"example docker repository\",\n format=\"DOCKER\",\n docker_config={\n \"immutable_tags\": True,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"my-repository\",\n Description = \"example docker repository\",\n Format = \"DOCKER\",\n DockerConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryDockerConfigArgs\n {\n ImmutableTags = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"my-repository\"),\n\t\t\tDescription: pulumi.String(\"example docker repository\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tDockerConfig: \u0026artifactregistry.RepositoryDockerConfigArgs{\n\t\t\t\tImmutableTags: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryDockerConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"my-repository\")\n .description(\"example docker repository\")\n .format(\"DOCKER\")\n .dockerConfig(RepositoryDockerConfigArgs.builder()\n .immutableTags(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: my-repository\n description: example docker repository\n format: DOCKER\n dockerConfig:\n immutableTags: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Cmek\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst cryptoKey = new gcp.kms.CryptoKeyIAMMember(\"crypto_key\", {\n cryptoKeyId: \"kms-key\",\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com`),\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"my-repository\",\n description: \"example docker repository with cmek\",\n format: \"DOCKER\",\n kmsKeyName: \"kms-key\",\n}, {\n dependsOn: [cryptoKey],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ncrypto_key = gcp.kms.CryptoKeyIAMMember(\"crypto_key\",\n crypto_key_id=\"kms-key\",\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"my-repository\",\n description=\"example docker repository with cmek\",\n format=\"DOCKER\",\n kms_key_name=\"kms-key\",\n opts = pulumi.ResourceOptions(depends_on=[crypto_key]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key\", new()\n {\n CryptoKeyId = \"kms-key\",\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-artifactregistry.iam.gserviceaccount.com\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"my-repository\",\n Description = \"example docker repository with cmek\",\n Format = \"DOCKER\",\n KmsKeyName = \"kms-key\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n cryptoKey,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKeyIAMMember(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.String(\"kms-key\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"my-repository\"),\n\t\t\tDescription: pulumi.String(\"example docker repository with cmek\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tKmsKeyName: pulumi.String(\"kms-key\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcryptoKey,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var cryptoKey = new CryptoKeyIAMMember(\"cryptoKey\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(\"kms-key\")\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"my-repository\")\n .description(\"example docker repository with cmek\")\n .format(\"DOCKER\")\n .kmsKeyName(\"kms-key\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(cryptoKey)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: my-repository\n description: example docker repository with cmek\n format: DOCKER\n kmsKeyName: kms-key\n options:\n dependsOn:\n - ${cryptoKey}\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key\n properties:\n cryptoKeyId: kms-key\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Virtual\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_repo_upstream_1 = new gcp.artifactregistry.Repository(\"my-repo-upstream-1\", {\n location: \"us-central1\",\n repositoryId: \"my-repository-upstream-1\",\n description: \"example docker repository (upstream source) 1\",\n format: \"DOCKER\",\n});\nconst my_repo_upstream_2 = new gcp.artifactregistry.Repository(\"my-repo-upstream-2\", {\n location: \"us-central1\",\n repositoryId: \"my-repository-upstream-2\",\n description: \"example docker repository (upstream source) 2\",\n format: \"DOCKER\",\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"my-repository\",\n description: \"example virtual docker repository\",\n format: \"DOCKER\",\n mode: \"VIRTUAL_REPOSITORY\",\n virtualRepositoryConfig: {\n upstreamPolicies: [\n {\n id: \"my-repository-upstream-1\",\n repository: my_repo_upstream_1.id,\n priority: 20,\n },\n {\n id: \"my-repository-upstream-2\",\n repository: my_repo_upstream_2.id,\n priority: 10,\n },\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo_upstream_1 = gcp.artifactregistry.Repository(\"my-repo-upstream-1\",\n location=\"us-central1\",\n repository_id=\"my-repository-upstream-1\",\n description=\"example docker repository (upstream source) 1\",\n format=\"DOCKER\")\nmy_repo_upstream_2 = gcp.artifactregistry.Repository(\"my-repo-upstream-2\",\n location=\"us-central1\",\n repository_id=\"my-repository-upstream-2\",\n description=\"example docker repository (upstream source) 2\",\n format=\"DOCKER\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"my-repository\",\n description=\"example virtual docker repository\",\n format=\"DOCKER\",\n mode=\"VIRTUAL_REPOSITORY\",\n virtual_repository_config={\n \"upstream_policies\": [\n {\n \"id\": \"my-repository-upstream-1\",\n \"repository\": my_repo_upstream_1.id,\n \"priority\": 20,\n },\n {\n \"id\": \"my-repository-upstream-2\",\n \"repository\": my_repo_upstream_2.id,\n \"priority\": 10,\n },\n ],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_repo_upstream_1 = new Gcp.ArtifactRegistry.Repository(\"my-repo-upstream-1\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"my-repository-upstream-1\",\n Description = \"example docker repository (upstream source) 1\",\n Format = \"DOCKER\",\n });\n\n var my_repo_upstream_2 = new Gcp.ArtifactRegistry.Repository(\"my-repo-upstream-2\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"my-repository-upstream-2\",\n Description = \"example docker repository (upstream source) 2\",\n Format = \"DOCKER\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"my-repository\",\n Description = \"example virtual docker repository\",\n Format = \"DOCKER\",\n Mode = \"VIRTUAL_REPOSITORY\",\n VirtualRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryVirtualRepositoryConfigArgs\n {\n UpstreamPolicies = new[]\n {\n new Gcp.ArtifactRegistry.Inputs.RepositoryVirtualRepositoryConfigUpstreamPolicyArgs\n {\n Id = \"my-repository-upstream-1\",\n Repository = my_repo_upstream_1.Id,\n Priority = 20,\n },\n new Gcp.ArtifactRegistry.Inputs.RepositoryVirtualRepositoryConfigUpstreamPolicyArgs\n {\n Id = \"my-repository-upstream-2\",\n Repository = my_repo_upstream_2.Id,\n Priority = 10,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepository(ctx, \"my-repo-upstream-1\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"my-repository-upstream-1\"),\n\t\t\tDescription: pulumi.String(\"example docker repository (upstream source) 1\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo-upstream-2\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"my-repository-upstream-2\"),\n\t\t\tDescription: pulumi.String(\"example docker repository (upstream source) 2\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"my-repository\"),\n\t\t\tDescription: pulumi.String(\"example virtual docker repository\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tMode: pulumi.String(\"VIRTUAL_REPOSITORY\"),\n\t\t\tVirtualRepositoryConfig: \u0026artifactregistry.RepositoryVirtualRepositoryConfigArgs{\n\t\t\t\tUpstreamPolicies: artifactregistry.RepositoryVirtualRepositoryConfigUpstreamPolicyArray{\n\t\t\t\t\t\u0026artifactregistry.RepositoryVirtualRepositoryConfigUpstreamPolicyArgs{\n\t\t\t\t\t\tId: pulumi.String(\"my-repository-upstream-1\"),\n\t\t\t\t\t\tRepository: my_repo_upstream_1.ID(),\n\t\t\t\t\t\tPriority: pulumi.Int(20),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026artifactregistry.RepositoryVirtualRepositoryConfigUpstreamPolicyArgs{\n\t\t\t\t\t\tId: pulumi.String(\"my-repository-upstream-2\"),\n\t\t\t\t\t\tRepository: my_repo_upstream_2.ID(),\n\t\t\t\t\t\tPriority: pulumi.Int(10),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryVirtualRepositoryConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_repo_upstream_1 = new Repository(\"my-repo-upstream-1\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"my-repository-upstream-1\")\n .description(\"example docker repository (upstream source) 1\")\n .format(\"DOCKER\")\n .build());\n\n var my_repo_upstream_2 = new Repository(\"my-repo-upstream-2\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"my-repository-upstream-2\")\n .description(\"example docker repository (upstream source) 2\")\n .format(\"DOCKER\")\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"my-repository\")\n .description(\"example virtual docker repository\")\n .format(\"DOCKER\")\n .mode(\"VIRTUAL_REPOSITORY\")\n .virtualRepositoryConfig(RepositoryVirtualRepositoryConfigArgs.builder()\n .upstreamPolicies( \n RepositoryVirtualRepositoryConfigUpstreamPolicyArgs.builder()\n .id(\"my-repository-upstream-1\")\n .repository(my_repo_upstream_1.id())\n .priority(20)\n .build(),\n RepositoryVirtualRepositoryConfigUpstreamPolicyArgs.builder()\n .id(\"my-repository-upstream-2\")\n .repository(my_repo_upstream_2.id())\n .priority(10)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-repo-upstream-1:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: my-repository-upstream-1\n description: example docker repository (upstream source) 1\n format: DOCKER\n my-repo-upstream-2:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: my-repository-upstream-2\n description: example docker repository (upstream source) 2\n format: DOCKER\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: my-repository\n description: example virtual docker repository\n format: DOCKER\n mode: VIRTUAL_REPOSITORY\n virtualRepositoryConfig:\n upstreamPolicies:\n - id: my-repository-upstream-1\n repository: ${[\"my-repo-upstream-1\"].id}\n priority: 20\n - id: my-repository-upstream-2\n repository: ${[\"my-repo-upstream-2\"].id}\n priority: 10\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"my-repository\",\n description: \"example remote docker repository\",\n format: \"DOCKER\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"docker hub\",\n dockerRepository: {\n publicRepository: \"DOCKER_HUB\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"my-repository\",\n description=\"example remote docker repository\",\n format=\"DOCKER\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"docker hub\",\n \"docker_repository\": {\n \"public_repository\": \"DOCKER_HUB\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"my-repository\",\n Description = \"example remote docker repository\",\n Format = \"DOCKER\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"docker hub\",\n DockerRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigDockerRepositoryArgs\n {\n PublicRepository = \"DOCKER_HUB\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"my-repository\"),\n\t\t\tDescription: pulumi.String(\"example remote docker repository\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"docker hub\"),\n\t\t\t\tDockerRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigDockerRepositoryArgs{\n\t\t\t\t\tPublicRepository: pulumi.String(\"DOCKER_HUB\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigDockerRepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"my-repository\")\n .description(\"example remote docker repository\")\n .format(\"DOCKER\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"docker hub\")\n .dockerRepository(RepositoryRemoteRepositoryConfigDockerRepositoryArgs.builder()\n .publicRepository(\"DOCKER_HUB\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: my-repository\n description: example remote docker repository\n format: DOCKER\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: docker hub\n dockerRepository:\n publicRepository: DOCKER_HUB\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Apt\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"debian-buster\",\n description: \"example remote apt repository\",\n format: \"APT\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"Debian buster remote repository\",\n aptRepository: {\n publicRepository: {\n repositoryBase: \"DEBIAN\",\n repositoryPath: \"debian/dists/buster\",\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"debian-buster\",\n description=\"example remote apt repository\",\n format=\"APT\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"Debian buster remote repository\",\n \"apt_repository\": {\n \"public_repository\": {\n \"repository_base\": \"DEBIAN\",\n \"repository_path\": \"debian/dists/buster\",\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"debian-buster\",\n Description = \"example remote apt repository\",\n Format = \"APT\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"Debian buster remote repository\",\n AptRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigAptRepositoryArgs\n {\n PublicRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigAptRepositoryPublicRepositoryArgs\n {\n RepositoryBase = \"DEBIAN\",\n RepositoryPath = \"debian/dists/buster\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"debian-buster\"),\n\t\t\tDescription: pulumi.String(\"example remote apt repository\"),\n\t\t\tFormat: pulumi.String(\"APT\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"Debian buster remote repository\"),\n\t\t\t\tAptRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigAptRepositoryArgs{\n\t\t\t\t\tPublicRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigAptRepositoryPublicRepositoryArgs{\n\t\t\t\t\t\tRepositoryBase: pulumi.String(\"DEBIAN\"),\n\t\t\t\t\t\tRepositoryPath: pulumi.String(\"debian/dists/buster\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigAptRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigAptRepositoryPublicRepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"debian-buster\")\n .description(\"example remote apt repository\")\n .format(\"APT\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"Debian buster remote repository\")\n .aptRepository(RepositoryRemoteRepositoryConfigAptRepositoryArgs.builder()\n .publicRepository(RepositoryRemoteRepositoryConfigAptRepositoryPublicRepositoryArgs.builder()\n .repositoryBase(\"DEBIAN\")\n .repositoryPath(\"debian/dists/buster\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: debian-buster\n description: example remote apt repository\n format: APT\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: Debian buster remote repository\n aptRepository:\n publicRepository:\n repositoryBase: DEBIAN\n repositoryPath: debian/dists/buster\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Yum\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"rocky-9\",\n description: \"example remote yum repository\",\n format: \"YUM\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"Rocky 9 remote repository\",\n yumRepository: {\n publicRepository: {\n repositoryBase: \"ROCKY\",\n repositoryPath: \"pub/rocky/9/BaseOS/x86_64/os\",\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"rocky-9\",\n description=\"example remote yum repository\",\n format=\"YUM\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"Rocky 9 remote repository\",\n \"yum_repository\": {\n \"public_repository\": {\n \"repository_base\": \"ROCKY\",\n \"repository_path\": \"pub/rocky/9/BaseOS/x86_64/os\",\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"rocky-9\",\n Description = \"example remote yum repository\",\n Format = \"YUM\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"Rocky 9 remote repository\",\n YumRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigYumRepositoryArgs\n {\n PublicRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigYumRepositoryPublicRepositoryArgs\n {\n RepositoryBase = \"ROCKY\",\n RepositoryPath = \"pub/rocky/9/BaseOS/x86_64/os\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"rocky-9\"),\n\t\t\tDescription: pulumi.String(\"example remote yum repository\"),\n\t\t\tFormat: pulumi.String(\"YUM\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"Rocky 9 remote repository\"),\n\t\t\t\tYumRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigYumRepositoryArgs{\n\t\t\t\t\tPublicRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigYumRepositoryPublicRepositoryArgs{\n\t\t\t\t\t\tRepositoryBase: pulumi.String(\"ROCKY\"),\n\t\t\t\t\t\tRepositoryPath: pulumi.String(\"pub/rocky/9/BaseOS/x86_64/os\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigYumRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigYumRepositoryPublicRepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"rocky-9\")\n .description(\"example remote yum repository\")\n .format(\"YUM\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"Rocky 9 remote repository\")\n .yumRepository(RepositoryRemoteRepositoryConfigYumRepositoryArgs.builder()\n .publicRepository(RepositoryRemoteRepositoryConfigYumRepositoryPublicRepositoryArgs.builder()\n .repositoryBase(\"ROCKY\")\n .repositoryPath(\"pub/rocky/9/BaseOS/x86_64/os\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: rocky-9\n description: example remote yum repository\n format: YUM\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: Rocky 9 remote repository\n yumRepository:\n publicRepository:\n repositoryBase: ROCKY\n repositoryPath: pub/rocky/9/BaseOS/x86_64/os\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Cleanup\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"my-repository\",\n description: \"example docker repository with cleanup policies\",\n format: \"DOCKER\",\n cleanupPolicyDryRun: false,\n cleanupPolicies: [\n {\n id: \"delete-prerelease\",\n action: \"DELETE\",\n condition: {\n tagState: \"TAGGED\",\n tagPrefixes: [\n \"alpha\",\n \"v0\",\n ],\n olderThan: \"2592000s\",\n },\n },\n {\n id: \"keep-tagged-release\",\n action: \"KEEP\",\n condition: {\n tagState: \"TAGGED\",\n tagPrefixes: [\"release\"],\n packageNamePrefixes: [\n \"webapp\",\n \"mobile\",\n ],\n },\n },\n {\n id: \"keep-minimum-versions\",\n action: \"KEEP\",\n mostRecentVersions: {\n packageNamePrefixes: [\n \"webapp\",\n \"mobile\",\n \"sandbox\",\n ],\n keepCount: 5,\n },\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"my-repository\",\n description=\"example docker repository with cleanup policies\",\n format=\"DOCKER\",\n cleanup_policy_dry_run=False,\n cleanup_policies=[\n {\n \"id\": \"delete-prerelease\",\n \"action\": \"DELETE\",\n \"condition\": {\n \"tag_state\": \"TAGGED\",\n \"tag_prefixes\": [\n \"alpha\",\n \"v0\",\n ],\n \"older_than\": \"2592000s\",\n },\n },\n {\n \"id\": \"keep-tagged-release\",\n \"action\": \"KEEP\",\n \"condition\": {\n \"tag_state\": \"TAGGED\",\n \"tag_prefixes\": [\"release\"],\n \"package_name_prefixes\": [\n \"webapp\",\n \"mobile\",\n ],\n },\n },\n {\n \"id\": \"keep-minimum-versions\",\n \"action\": \"KEEP\",\n \"most_recent_versions\": {\n \"package_name_prefixes\": [\n \"webapp\",\n \"mobile\",\n \"sandbox\",\n ],\n \"keep_count\": 5,\n },\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"my-repository\",\n Description = \"example docker repository with cleanup policies\",\n Format = \"DOCKER\",\n CleanupPolicyDryRun = false,\n CleanupPolicies = new[]\n {\n new Gcp.ArtifactRegistry.Inputs.RepositoryCleanupPolicyArgs\n {\n Id = \"delete-prerelease\",\n Action = \"DELETE\",\n Condition = new Gcp.ArtifactRegistry.Inputs.RepositoryCleanupPolicyConditionArgs\n {\n TagState = \"TAGGED\",\n TagPrefixes = new[]\n {\n \"alpha\",\n \"v0\",\n },\n OlderThan = \"2592000s\",\n },\n },\n new Gcp.ArtifactRegistry.Inputs.RepositoryCleanupPolicyArgs\n {\n Id = \"keep-tagged-release\",\n Action = \"KEEP\",\n Condition = new Gcp.ArtifactRegistry.Inputs.RepositoryCleanupPolicyConditionArgs\n {\n TagState = \"TAGGED\",\n TagPrefixes = new[]\n {\n \"release\",\n },\n PackageNamePrefixes = new[]\n {\n \"webapp\",\n \"mobile\",\n },\n },\n },\n new Gcp.ArtifactRegistry.Inputs.RepositoryCleanupPolicyArgs\n {\n Id = \"keep-minimum-versions\",\n Action = \"KEEP\",\n MostRecentVersions = new Gcp.ArtifactRegistry.Inputs.RepositoryCleanupPolicyMostRecentVersionsArgs\n {\n PackageNamePrefixes = new[]\n {\n \"webapp\",\n \"mobile\",\n \"sandbox\",\n },\n KeepCount = 5,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"my-repository\"),\n\t\t\tDescription: pulumi.String(\"example docker repository with cleanup policies\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tCleanupPolicyDryRun: pulumi.Bool(false),\n\t\t\tCleanupPolicies: artifactregistry.RepositoryCleanupPolicyArray{\n\t\t\t\t\u0026artifactregistry.RepositoryCleanupPolicyArgs{\n\t\t\t\t\tId: pulumi.String(\"delete-prerelease\"),\n\t\t\t\t\tAction: pulumi.String(\"DELETE\"),\n\t\t\t\t\tCondition: \u0026artifactregistry.RepositoryCleanupPolicyConditionArgs{\n\t\t\t\t\t\tTagState: pulumi.String(\"TAGGED\"),\n\t\t\t\t\t\tTagPrefixes: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"alpha\"),\n\t\t\t\t\t\t\tpulumi.String(\"v0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tOlderThan: pulumi.String(\"2592000s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026artifactregistry.RepositoryCleanupPolicyArgs{\n\t\t\t\t\tId: pulumi.String(\"keep-tagged-release\"),\n\t\t\t\t\tAction: pulumi.String(\"KEEP\"),\n\t\t\t\t\tCondition: \u0026artifactregistry.RepositoryCleanupPolicyConditionArgs{\n\t\t\t\t\t\tTagState: pulumi.String(\"TAGGED\"),\n\t\t\t\t\t\tTagPrefixes: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"release\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tPackageNamePrefixes: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"webapp\"),\n\t\t\t\t\t\t\tpulumi.String(\"mobile\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026artifactregistry.RepositoryCleanupPolicyArgs{\n\t\t\t\t\tId: pulumi.String(\"keep-minimum-versions\"),\n\t\t\t\t\tAction: pulumi.String(\"KEEP\"),\n\t\t\t\t\tMostRecentVersions: \u0026artifactregistry.RepositoryCleanupPolicyMostRecentVersionsArgs{\n\t\t\t\t\t\tPackageNamePrefixes: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"webapp\"),\n\t\t\t\t\t\t\tpulumi.String(\"mobile\"),\n\t\t\t\t\t\t\tpulumi.String(\"sandbox\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tKeepCount: pulumi.Int(5),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryCleanupPolicyArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryCleanupPolicyConditionArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryCleanupPolicyMostRecentVersionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"my-repository\")\n .description(\"example docker repository with cleanup policies\")\n .format(\"DOCKER\")\n .cleanupPolicyDryRun(false)\n .cleanupPolicies( \n RepositoryCleanupPolicyArgs.builder()\n .id(\"delete-prerelease\")\n .action(\"DELETE\")\n .condition(RepositoryCleanupPolicyConditionArgs.builder()\n .tagState(\"TAGGED\")\n .tagPrefixes( \n \"alpha\",\n \"v0\")\n .olderThan(\"2592000s\")\n .build())\n .build(),\n RepositoryCleanupPolicyArgs.builder()\n .id(\"keep-tagged-release\")\n .action(\"KEEP\")\n .condition(RepositoryCleanupPolicyConditionArgs.builder()\n .tagState(\"TAGGED\")\n .tagPrefixes(\"release\")\n .packageNamePrefixes( \n \"webapp\",\n \"mobile\")\n .build())\n .build(),\n RepositoryCleanupPolicyArgs.builder()\n .id(\"keep-minimum-versions\")\n .action(\"KEEP\")\n .mostRecentVersions(RepositoryCleanupPolicyMostRecentVersionsArgs.builder()\n .packageNamePrefixes( \n \"webapp\",\n \"mobile\",\n \"sandbox\")\n .keepCount(5)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: my-repository\n description: example docker repository with cleanup policies\n format: DOCKER\n cleanupPolicyDryRun: false\n cleanupPolicies:\n - id: delete-prerelease\n action: DELETE\n condition:\n tagState: TAGGED\n tagPrefixes:\n - alpha\n - v0\n olderThan: 2592000s\n - id: keep-tagged-release\n action: KEEP\n condition:\n tagState: TAGGED\n tagPrefixes:\n - release\n packageNamePrefixes:\n - webapp\n - mobile\n - id: keep-minimum-versions\n action: KEEP\n mostRecentVersions:\n packageNamePrefixes:\n - webapp\n - mobile\n - sandbox\n keepCount: 5\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Dockerhub Auth\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example_remote_secret = new gcp.secretmanager.Secret(\"example-remote-secret\", {\n secretId: \"example-secret\",\n replication: {\n auto: {},\n },\n});\nconst example_remote_secretVersion = new gcp.secretmanager.SecretVersion(\"example-remote-secret_version\", {\n secret: example_remote_secret.id,\n secretData: \"remote-password\",\n});\nconst secret_access = new gcp.secretmanager.SecretIamMember(\"secret-access\", {\n secretId: example_remote_secret.id,\n role: \"roles/secretmanager.secretAccessor\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com`),\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"example-dockerhub-remote\",\n description: \"example remote dockerhub repository with credentials\",\n format: \"DOCKER\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"docker hub with custom credentials\",\n disableUpstreamValidation: true,\n dockerRepository: {\n publicRepository: \"DOCKER_HUB\",\n },\n upstreamCredentials: {\n usernamePasswordCredentials: {\n username: \"remote-username\",\n passwordSecretVersion: example_remote_secretVersion.name,\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample_remote_secret = gcp.secretmanager.Secret(\"example-remote-secret\",\n secret_id=\"example-secret\",\n replication={\n \"auto\": {},\n })\nexample_remote_secret_version = gcp.secretmanager.SecretVersion(\"example-remote-secret_version\",\n secret=example_remote_secret.id,\n secret_data=\"remote-password\")\nsecret_access = gcp.secretmanager.SecretIamMember(\"secret-access\",\n secret_id=example_remote_secret.id,\n role=\"roles/secretmanager.secretAccessor\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"example-dockerhub-remote\",\n description=\"example remote dockerhub repository with credentials\",\n format=\"DOCKER\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"docker hub with custom credentials\",\n \"disable_upstream_validation\": True,\n \"docker_repository\": {\n \"public_repository\": \"DOCKER_HUB\",\n },\n \"upstream_credentials\": {\n \"username_password_credentials\": {\n \"username\": \"remote-username\",\n \"password_secret_version\": example_remote_secret_version.name,\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example_remote_secret = new Gcp.SecretManager.Secret(\"example-remote-secret\", new()\n {\n SecretId = \"example-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var example_remote_secretVersion = new Gcp.SecretManager.SecretVersion(\"example-remote-secret_version\", new()\n {\n Secret = example_remote_secret.Id,\n SecretData = \"remote-password\",\n });\n\n var secret_access = new Gcp.SecretManager.SecretIamMember(\"secret-access\", new()\n {\n SecretId = example_remote_secret.Id,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-artifactregistry.iam.gserviceaccount.com\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"example-dockerhub-remote\",\n Description = \"example remote dockerhub repository with credentials\",\n Format = \"DOCKER\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"docker hub with custom credentials\",\n DisableUpstreamValidation = true,\n DockerRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigDockerRepositoryArgs\n {\n PublicRepository = \"DOCKER_HUB\",\n },\n UpstreamCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs\n {\n UsernamePasswordCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs\n {\n Username = \"remote-username\",\n PasswordSecretVersion = example_remote_secretVersion.Name,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecret(ctx, \"example-remote-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"example-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"example-remote-secret_version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: example_remote_secret.ID(),\n\t\t\tSecretData: pulumi.String(\"remote-password\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamMember(ctx, \"secret-access\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tSecretId: example_remote_secret.ID(),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"example-dockerhub-remote\"),\n\t\t\tDescription: pulumi.String(\"example remote dockerhub repository with credentials\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"docker hub with custom credentials\"),\n\t\t\t\tDisableUpstreamValidation: pulumi.Bool(true),\n\t\t\t\tDockerRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigDockerRepositoryArgs{\n\t\t\t\t\tPublicRepository: pulumi.String(\"DOCKER_HUB\"),\n\t\t\t\t},\n\t\t\t\tUpstreamCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs{\n\t\t\t\t\tUsernamePasswordCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"remote-username\"),\n\t\t\t\t\t\tPasswordSecretVersion: example_remote_secretVersion.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigDockerRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example_remote_secret = new Secret(\"example-remote-secret\", SecretArgs.builder()\n .secretId(\"example-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var example_remote_secretVersion = new SecretVersion(\"example-remote-secretVersion\", SecretVersionArgs.builder()\n .secret(example_remote_secret.id())\n .secretData(\"remote-password\")\n .build());\n\n var secret_access = new SecretIamMember(\"secret-access\", SecretIamMemberArgs.builder()\n .secretId(example_remote_secret.id())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"example-dockerhub-remote\")\n .description(\"example remote dockerhub repository with credentials\")\n .format(\"DOCKER\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"docker hub with custom credentials\")\n .disableUpstreamValidation(true)\n .dockerRepository(RepositoryRemoteRepositoryConfigDockerRepositoryArgs.builder()\n .publicRepository(\"DOCKER_HUB\")\n .build())\n .upstreamCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs.builder()\n .usernamePasswordCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs.builder()\n .username(\"remote-username\")\n .passwordSecretVersion(example_remote_secretVersion.name())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-remote-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: example-secret\n replication:\n auto: {}\n example-remote-secretVersion:\n type: gcp:secretmanager:SecretVersion\n name: example-remote-secret_version\n properties:\n secret: ${[\"example-remote-secret\"].id}\n secretData: remote-password\n secret-access:\n type: gcp:secretmanager:SecretIamMember\n properties:\n secretId: ${[\"example-remote-secret\"].id}\n role: roles/secretmanager.secretAccessor\n member: serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: example-dockerhub-remote\n description: example remote dockerhub repository with credentials\n format: DOCKER\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: docker hub with custom credentials\n disableUpstreamValidation: true\n dockerRepository:\n publicRepository: DOCKER_HUB\n upstreamCredentials:\n usernamePasswordCredentials:\n username: remote-username\n passwordSecretVersion: ${[\"example-remote-secretVersion\"].name}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Docker Custom With Auth\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example_remote_secret = new gcp.secretmanager.Secret(\"example-remote-secret\", {\n secretId: \"example-secret\",\n replication: {\n auto: {},\n },\n});\nconst example_remote_secretVersion = new gcp.secretmanager.SecretVersion(\"example-remote-secret_version\", {\n secret: example_remote_secret.id,\n secretData: \"remote-password\",\n});\nconst secret_access = new gcp.secretmanager.SecretIamMember(\"secret-access\", {\n secretId: example_remote_secret.id,\n role: \"roles/secretmanager.secretAccessor\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com`),\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"example-docker-custom-remote\",\n description: \"example remote custom docker repository with credentials\",\n format: \"DOCKER\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"custom docker remote with credentials\",\n disableUpstreamValidation: true,\n dockerRepository: {\n customRepository: {\n uri: \"https://registry-1.docker.io\",\n },\n },\n upstreamCredentials: {\n usernamePasswordCredentials: {\n username: \"remote-username\",\n passwordSecretVersion: example_remote_secretVersion.name,\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample_remote_secret = gcp.secretmanager.Secret(\"example-remote-secret\",\n secret_id=\"example-secret\",\n replication={\n \"auto\": {},\n })\nexample_remote_secret_version = gcp.secretmanager.SecretVersion(\"example-remote-secret_version\",\n secret=example_remote_secret.id,\n secret_data=\"remote-password\")\nsecret_access = gcp.secretmanager.SecretIamMember(\"secret-access\",\n secret_id=example_remote_secret.id,\n role=\"roles/secretmanager.secretAccessor\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"example-docker-custom-remote\",\n description=\"example remote custom docker repository with credentials\",\n format=\"DOCKER\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"custom docker remote with credentials\",\n \"disable_upstream_validation\": True,\n \"docker_repository\": {\n \"custom_repository\": {\n \"uri\": \"https://registry-1.docker.io\",\n },\n },\n \"upstream_credentials\": {\n \"username_password_credentials\": {\n \"username\": \"remote-username\",\n \"password_secret_version\": example_remote_secret_version.name,\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example_remote_secret = new Gcp.SecretManager.Secret(\"example-remote-secret\", new()\n {\n SecretId = \"example-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var example_remote_secretVersion = new Gcp.SecretManager.SecretVersion(\"example-remote-secret_version\", new()\n {\n Secret = example_remote_secret.Id,\n SecretData = \"remote-password\",\n });\n\n var secret_access = new Gcp.SecretManager.SecretIamMember(\"secret-access\", new()\n {\n SecretId = example_remote_secret.Id,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-artifactregistry.iam.gserviceaccount.com\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"example-docker-custom-remote\",\n Description = \"example remote custom docker repository with credentials\",\n Format = \"DOCKER\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"custom docker remote with credentials\",\n DisableUpstreamValidation = true,\n DockerRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigDockerRepositoryArgs\n {\n CustomRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigDockerRepositoryCustomRepositoryArgs\n {\n Uri = \"https://registry-1.docker.io\",\n },\n },\n UpstreamCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs\n {\n UsernamePasswordCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs\n {\n Username = \"remote-username\",\n PasswordSecretVersion = example_remote_secretVersion.Name,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecret(ctx, \"example-remote-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"example-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"example-remote-secret_version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: example_remote_secret.ID(),\n\t\t\tSecretData: pulumi.String(\"remote-password\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamMember(ctx, \"secret-access\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tSecretId: example_remote_secret.ID(),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"example-docker-custom-remote\"),\n\t\t\tDescription: pulumi.String(\"example remote custom docker repository with credentials\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"custom docker remote with credentials\"),\n\t\t\t\tDisableUpstreamValidation: pulumi.Bool(true),\n\t\t\t\tDockerRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigDockerRepositoryArgs{\n\t\t\t\t\tCustomRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigDockerRepositoryCustomRepositoryArgs{\n\t\t\t\t\t\tUri: pulumi.String(\"https://registry-1.docker.io\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tUpstreamCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs{\n\t\t\t\t\tUsernamePasswordCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"remote-username\"),\n\t\t\t\t\t\tPasswordSecretVersion: example_remote_secretVersion.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigDockerRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigDockerRepositoryCustomRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example_remote_secret = new Secret(\"example-remote-secret\", SecretArgs.builder()\n .secretId(\"example-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var example_remote_secretVersion = new SecretVersion(\"example-remote-secretVersion\", SecretVersionArgs.builder()\n .secret(example_remote_secret.id())\n .secretData(\"remote-password\")\n .build());\n\n var secret_access = new SecretIamMember(\"secret-access\", SecretIamMemberArgs.builder()\n .secretId(example_remote_secret.id())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"example-docker-custom-remote\")\n .description(\"example remote custom docker repository with credentials\")\n .format(\"DOCKER\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"custom docker remote with credentials\")\n .disableUpstreamValidation(true)\n .dockerRepository(RepositoryRemoteRepositoryConfigDockerRepositoryArgs.builder()\n .customRepository(RepositoryRemoteRepositoryConfigDockerRepositoryCustomRepositoryArgs.builder()\n .uri(\"https://registry-1.docker.io\")\n .build())\n .build())\n .upstreamCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs.builder()\n .usernamePasswordCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs.builder()\n .username(\"remote-username\")\n .passwordSecretVersion(example_remote_secretVersion.name())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-remote-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: example-secret\n replication:\n auto: {}\n example-remote-secretVersion:\n type: gcp:secretmanager:SecretVersion\n name: example-remote-secret_version\n properties:\n secret: ${[\"example-remote-secret\"].id}\n secretData: remote-password\n secret-access:\n type: gcp:secretmanager:SecretIamMember\n properties:\n secretId: ${[\"example-remote-secret\"].id}\n role: roles/secretmanager.secretAccessor\n member: serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: example-docker-custom-remote\n description: example remote custom docker repository with credentials\n format: DOCKER\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: custom docker remote with credentials\n disableUpstreamValidation: true\n dockerRepository:\n customRepository:\n uri: https://registry-1.docker.io\n upstreamCredentials:\n usernamePasswordCredentials:\n username: remote-username\n passwordSecretVersion: ${[\"example-remote-secretVersion\"].name}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Maven Custom With Auth\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example_remote_secret = new gcp.secretmanager.Secret(\"example-remote-secret\", {\n secretId: \"example-secret\",\n replication: {\n auto: {},\n },\n});\nconst example_remote_secretVersion = new gcp.secretmanager.SecretVersion(\"example-remote-secret_version\", {\n secret: example_remote_secret.id,\n secretData: \"remote-password\",\n});\nconst secret_access = new gcp.secretmanager.SecretIamMember(\"secret-access\", {\n secretId: example_remote_secret.id,\n role: \"roles/secretmanager.secretAccessor\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com`),\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"example-maven-custom-remote\",\n description: \"example remote custom maven repository with credentials\",\n format: \"MAVEN\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"custom maven remote with credentials\",\n disableUpstreamValidation: true,\n mavenRepository: {\n customRepository: {\n uri: \"https://my.maven.registry\",\n },\n },\n upstreamCredentials: {\n usernamePasswordCredentials: {\n username: \"remote-username\",\n passwordSecretVersion: example_remote_secretVersion.name,\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample_remote_secret = gcp.secretmanager.Secret(\"example-remote-secret\",\n secret_id=\"example-secret\",\n replication={\n \"auto\": {},\n })\nexample_remote_secret_version = gcp.secretmanager.SecretVersion(\"example-remote-secret_version\",\n secret=example_remote_secret.id,\n secret_data=\"remote-password\")\nsecret_access = gcp.secretmanager.SecretIamMember(\"secret-access\",\n secret_id=example_remote_secret.id,\n role=\"roles/secretmanager.secretAccessor\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"example-maven-custom-remote\",\n description=\"example remote custom maven repository with credentials\",\n format=\"MAVEN\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"custom maven remote with credentials\",\n \"disable_upstream_validation\": True,\n \"maven_repository\": {\n \"custom_repository\": {\n \"uri\": \"https://my.maven.registry\",\n },\n },\n \"upstream_credentials\": {\n \"username_password_credentials\": {\n \"username\": \"remote-username\",\n \"password_secret_version\": example_remote_secret_version.name,\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example_remote_secret = new Gcp.SecretManager.Secret(\"example-remote-secret\", new()\n {\n SecretId = \"example-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var example_remote_secretVersion = new Gcp.SecretManager.SecretVersion(\"example-remote-secret_version\", new()\n {\n Secret = example_remote_secret.Id,\n SecretData = \"remote-password\",\n });\n\n var secret_access = new Gcp.SecretManager.SecretIamMember(\"secret-access\", new()\n {\n SecretId = example_remote_secret.Id,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-artifactregistry.iam.gserviceaccount.com\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"example-maven-custom-remote\",\n Description = \"example remote custom maven repository with credentials\",\n Format = \"MAVEN\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"custom maven remote with credentials\",\n DisableUpstreamValidation = true,\n MavenRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigMavenRepositoryArgs\n {\n CustomRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigMavenRepositoryCustomRepositoryArgs\n {\n Uri = \"https://my.maven.registry\",\n },\n },\n UpstreamCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs\n {\n UsernamePasswordCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs\n {\n Username = \"remote-username\",\n PasswordSecretVersion = example_remote_secretVersion.Name,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecret(ctx, \"example-remote-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"example-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"example-remote-secret_version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: example_remote_secret.ID(),\n\t\t\tSecretData: pulumi.String(\"remote-password\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamMember(ctx, \"secret-access\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tSecretId: example_remote_secret.ID(),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"example-maven-custom-remote\"),\n\t\t\tDescription: pulumi.String(\"example remote custom maven repository with credentials\"),\n\t\t\tFormat: pulumi.String(\"MAVEN\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"custom maven remote with credentials\"),\n\t\t\t\tDisableUpstreamValidation: pulumi.Bool(true),\n\t\t\t\tMavenRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigMavenRepositoryArgs{\n\t\t\t\t\tCustomRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigMavenRepositoryCustomRepositoryArgs{\n\t\t\t\t\t\tUri: pulumi.String(\"https://my.maven.registry\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tUpstreamCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs{\n\t\t\t\t\tUsernamePasswordCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"remote-username\"),\n\t\t\t\t\t\tPasswordSecretVersion: example_remote_secretVersion.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigMavenRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigMavenRepositoryCustomRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example_remote_secret = new Secret(\"example-remote-secret\", SecretArgs.builder()\n .secretId(\"example-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var example_remote_secretVersion = new SecretVersion(\"example-remote-secretVersion\", SecretVersionArgs.builder()\n .secret(example_remote_secret.id())\n .secretData(\"remote-password\")\n .build());\n\n var secret_access = new SecretIamMember(\"secret-access\", SecretIamMemberArgs.builder()\n .secretId(example_remote_secret.id())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"example-maven-custom-remote\")\n .description(\"example remote custom maven repository with credentials\")\n .format(\"MAVEN\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"custom maven remote with credentials\")\n .disableUpstreamValidation(true)\n .mavenRepository(RepositoryRemoteRepositoryConfigMavenRepositoryArgs.builder()\n .customRepository(RepositoryRemoteRepositoryConfigMavenRepositoryCustomRepositoryArgs.builder()\n .uri(\"https://my.maven.registry\")\n .build())\n .build())\n .upstreamCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs.builder()\n .usernamePasswordCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs.builder()\n .username(\"remote-username\")\n .passwordSecretVersion(example_remote_secretVersion.name())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-remote-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: example-secret\n replication:\n auto: {}\n example-remote-secretVersion:\n type: gcp:secretmanager:SecretVersion\n name: example-remote-secret_version\n properties:\n secret: ${[\"example-remote-secret\"].id}\n secretData: remote-password\n secret-access:\n type: gcp:secretmanager:SecretIamMember\n properties:\n secretId: ${[\"example-remote-secret\"].id}\n role: roles/secretmanager.secretAccessor\n member: serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: example-maven-custom-remote\n description: example remote custom maven repository with credentials\n format: MAVEN\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: custom maven remote with credentials\n disableUpstreamValidation: true\n mavenRepository:\n customRepository:\n uri: https://my.maven.registry\n upstreamCredentials:\n usernamePasswordCredentials:\n username: remote-username\n passwordSecretVersion: ${[\"example-remote-secretVersion\"].name}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Npm Custom With Auth\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example_remote_secret = new gcp.secretmanager.Secret(\"example-remote-secret\", {\n secretId: \"example-secret\",\n replication: {\n auto: {},\n },\n});\nconst example_remote_secretVersion = new gcp.secretmanager.SecretVersion(\"example-remote-secret_version\", {\n secret: example_remote_secret.id,\n secretData: \"remote-password\",\n});\nconst secret_access = new gcp.secretmanager.SecretIamMember(\"secret-access\", {\n secretId: example_remote_secret.id,\n role: \"roles/secretmanager.secretAccessor\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com`),\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"example-npm-custom-remote\",\n description: \"example remote custom npm repository with credentials\",\n format: \"NPM\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"custom npm with credentials\",\n disableUpstreamValidation: true,\n npmRepository: {\n customRepository: {\n uri: \"https://my.npm.registry\",\n },\n },\n upstreamCredentials: {\n usernamePasswordCredentials: {\n username: \"remote-username\",\n passwordSecretVersion: example_remote_secretVersion.name,\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample_remote_secret = gcp.secretmanager.Secret(\"example-remote-secret\",\n secret_id=\"example-secret\",\n replication={\n \"auto\": {},\n })\nexample_remote_secret_version = gcp.secretmanager.SecretVersion(\"example-remote-secret_version\",\n secret=example_remote_secret.id,\n secret_data=\"remote-password\")\nsecret_access = gcp.secretmanager.SecretIamMember(\"secret-access\",\n secret_id=example_remote_secret.id,\n role=\"roles/secretmanager.secretAccessor\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"example-npm-custom-remote\",\n description=\"example remote custom npm repository with credentials\",\n format=\"NPM\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"custom npm with credentials\",\n \"disable_upstream_validation\": True,\n \"npm_repository\": {\n \"custom_repository\": {\n \"uri\": \"https://my.npm.registry\",\n },\n },\n \"upstream_credentials\": {\n \"username_password_credentials\": {\n \"username\": \"remote-username\",\n \"password_secret_version\": example_remote_secret_version.name,\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example_remote_secret = new Gcp.SecretManager.Secret(\"example-remote-secret\", new()\n {\n SecretId = \"example-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var example_remote_secretVersion = new Gcp.SecretManager.SecretVersion(\"example-remote-secret_version\", new()\n {\n Secret = example_remote_secret.Id,\n SecretData = \"remote-password\",\n });\n\n var secret_access = new Gcp.SecretManager.SecretIamMember(\"secret-access\", new()\n {\n SecretId = example_remote_secret.Id,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-artifactregistry.iam.gserviceaccount.com\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"example-npm-custom-remote\",\n Description = \"example remote custom npm repository with credentials\",\n Format = \"NPM\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"custom npm with credentials\",\n DisableUpstreamValidation = true,\n NpmRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigNpmRepositoryArgs\n {\n CustomRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigNpmRepositoryCustomRepositoryArgs\n {\n Uri = \"https://my.npm.registry\",\n },\n },\n UpstreamCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs\n {\n UsernamePasswordCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs\n {\n Username = \"remote-username\",\n PasswordSecretVersion = example_remote_secretVersion.Name,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecret(ctx, \"example-remote-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"example-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"example-remote-secret_version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: example_remote_secret.ID(),\n\t\t\tSecretData: pulumi.String(\"remote-password\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamMember(ctx, \"secret-access\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tSecretId: example_remote_secret.ID(),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"example-npm-custom-remote\"),\n\t\t\tDescription: pulumi.String(\"example remote custom npm repository with credentials\"),\n\t\t\tFormat: pulumi.String(\"NPM\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"custom npm with credentials\"),\n\t\t\t\tDisableUpstreamValidation: pulumi.Bool(true),\n\t\t\t\tNpmRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigNpmRepositoryArgs{\n\t\t\t\t\tCustomRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigNpmRepositoryCustomRepositoryArgs{\n\t\t\t\t\t\tUri: pulumi.String(\"https://my.npm.registry\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tUpstreamCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs{\n\t\t\t\t\tUsernamePasswordCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"remote-username\"),\n\t\t\t\t\t\tPasswordSecretVersion: example_remote_secretVersion.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigNpmRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigNpmRepositoryCustomRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example_remote_secret = new Secret(\"example-remote-secret\", SecretArgs.builder()\n .secretId(\"example-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var example_remote_secretVersion = new SecretVersion(\"example-remote-secretVersion\", SecretVersionArgs.builder()\n .secret(example_remote_secret.id())\n .secretData(\"remote-password\")\n .build());\n\n var secret_access = new SecretIamMember(\"secret-access\", SecretIamMemberArgs.builder()\n .secretId(example_remote_secret.id())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"example-npm-custom-remote\")\n .description(\"example remote custom npm repository with credentials\")\n .format(\"NPM\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"custom npm with credentials\")\n .disableUpstreamValidation(true)\n .npmRepository(RepositoryRemoteRepositoryConfigNpmRepositoryArgs.builder()\n .customRepository(RepositoryRemoteRepositoryConfigNpmRepositoryCustomRepositoryArgs.builder()\n .uri(\"https://my.npm.registry\")\n .build())\n .build())\n .upstreamCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs.builder()\n .usernamePasswordCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs.builder()\n .username(\"remote-username\")\n .passwordSecretVersion(example_remote_secretVersion.name())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-remote-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: example-secret\n replication:\n auto: {}\n example-remote-secretVersion:\n type: gcp:secretmanager:SecretVersion\n name: example-remote-secret_version\n properties:\n secret: ${[\"example-remote-secret\"].id}\n secretData: remote-password\n secret-access:\n type: gcp:secretmanager:SecretIamMember\n properties:\n secretId: ${[\"example-remote-secret\"].id}\n role: roles/secretmanager.secretAccessor\n member: serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: example-npm-custom-remote\n description: example remote custom npm repository with credentials\n format: NPM\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: custom npm with credentials\n disableUpstreamValidation: true\n npmRepository:\n customRepository:\n uri: https://my.npm.registry\n upstreamCredentials:\n usernamePasswordCredentials:\n username: remote-username\n passwordSecretVersion: ${[\"example-remote-secretVersion\"].name}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Python Custom With Auth\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example_remote_secret = new gcp.secretmanager.Secret(\"example-remote-secret\", {\n secretId: \"example-secret\",\n replication: {\n auto: {},\n },\n});\nconst example_remote_secretVersion = new gcp.secretmanager.SecretVersion(\"example-remote-secret_version\", {\n secret: example_remote_secret.id,\n secretData: \"remote-password\",\n});\nconst secret_access = new gcp.secretmanager.SecretIamMember(\"secret-access\", {\n secretId: example_remote_secret.id,\n role: \"roles/secretmanager.secretAccessor\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com`),\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"example-python-custom-remote\",\n description: \"example remote custom python repository with credentials\",\n format: \"PYTHON\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"custom npm with credentials\",\n disableUpstreamValidation: true,\n pythonRepository: {\n customRepository: {\n uri: \"https://my.python.registry\",\n },\n },\n upstreamCredentials: {\n usernamePasswordCredentials: {\n username: \"remote-username\",\n passwordSecretVersion: example_remote_secretVersion.name,\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample_remote_secret = gcp.secretmanager.Secret(\"example-remote-secret\",\n secret_id=\"example-secret\",\n replication={\n \"auto\": {},\n })\nexample_remote_secret_version = gcp.secretmanager.SecretVersion(\"example-remote-secret_version\",\n secret=example_remote_secret.id,\n secret_data=\"remote-password\")\nsecret_access = gcp.secretmanager.SecretIamMember(\"secret-access\",\n secret_id=example_remote_secret.id,\n role=\"roles/secretmanager.secretAccessor\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"example-python-custom-remote\",\n description=\"example remote custom python repository with credentials\",\n format=\"PYTHON\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"custom npm with credentials\",\n \"disable_upstream_validation\": True,\n \"python_repository\": {\n \"custom_repository\": {\n \"uri\": \"https://my.python.registry\",\n },\n },\n \"upstream_credentials\": {\n \"username_password_credentials\": {\n \"username\": \"remote-username\",\n \"password_secret_version\": example_remote_secret_version.name,\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example_remote_secret = new Gcp.SecretManager.Secret(\"example-remote-secret\", new()\n {\n SecretId = \"example-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var example_remote_secretVersion = new Gcp.SecretManager.SecretVersion(\"example-remote-secret_version\", new()\n {\n Secret = example_remote_secret.Id,\n SecretData = \"remote-password\",\n });\n\n var secret_access = new Gcp.SecretManager.SecretIamMember(\"secret-access\", new()\n {\n SecretId = example_remote_secret.Id,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-artifactregistry.iam.gserviceaccount.com\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"example-python-custom-remote\",\n Description = \"example remote custom python repository with credentials\",\n Format = \"PYTHON\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"custom npm with credentials\",\n DisableUpstreamValidation = true,\n PythonRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigPythonRepositoryArgs\n {\n CustomRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigPythonRepositoryCustomRepositoryArgs\n {\n Uri = \"https://my.python.registry\",\n },\n },\n UpstreamCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs\n {\n UsernamePasswordCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs\n {\n Username = \"remote-username\",\n PasswordSecretVersion = example_remote_secretVersion.Name,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecret(ctx, \"example-remote-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"example-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"example-remote-secret_version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: example_remote_secret.ID(),\n\t\t\tSecretData: pulumi.String(\"remote-password\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamMember(ctx, \"secret-access\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tSecretId: example_remote_secret.ID(),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"example-python-custom-remote\"),\n\t\t\tDescription: pulumi.String(\"example remote custom python repository with credentials\"),\n\t\t\tFormat: pulumi.String(\"PYTHON\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"custom npm with credentials\"),\n\t\t\t\tDisableUpstreamValidation: pulumi.Bool(true),\n\t\t\t\tPythonRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigPythonRepositoryArgs{\n\t\t\t\t\tCustomRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigPythonRepositoryCustomRepositoryArgs{\n\t\t\t\t\t\tUri: pulumi.String(\"https://my.python.registry\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tUpstreamCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs{\n\t\t\t\t\tUsernamePasswordCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"remote-username\"),\n\t\t\t\t\t\tPasswordSecretVersion: example_remote_secretVersion.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigPythonRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigPythonRepositoryCustomRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example_remote_secret = new Secret(\"example-remote-secret\", SecretArgs.builder()\n .secretId(\"example-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var example_remote_secretVersion = new SecretVersion(\"example-remote-secretVersion\", SecretVersionArgs.builder()\n .secret(example_remote_secret.id())\n .secretData(\"remote-password\")\n .build());\n\n var secret_access = new SecretIamMember(\"secret-access\", SecretIamMemberArgs.builder()\n .secretId(example_remote_secret.id())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"example-python-custom-remote\")\n .description(\"example remote custom python repository with credentials\")\n .format(\"PYTHON\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"custom npm with credentials\")\n .disableUpstreamValidation(true)\n .pythonRepository(RepositoryRemoteRepositoryConfigPythonRepositoryArgs.builder()\n .customRepository(RepositoryRemoteRepositoryConfigPythonRepositoryCustomRepositoryArgs.builder()\n .uri(\"https://my.python.registry\")\n .build())\n .build())\n .upstreamCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs.builder()\n .usernamePasswordCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs.builder()\n .username(\"remote-username\")\n .passwordSecretVersion(example_remote_secretVersion.name())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-remote-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: example-secret\n replication:\n auto: {}\n example-remote-secretVersion:\n type: gcp:secretmanager:SecretVersion\n name: example-remote-secret_version\n properties:\n secret: ${[\"example-remote-secret\"].id}\n secretData: remote-password\n secret-access:\n type: gcp:secretmanager:SecretIamMember\n properties:\n secretId: ${[\"example-remote-secret\"].id}\n role: roles/secretmanager.secretAccessor\n member: serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: example-python-custom-remote\n description: example remote custom python repository with credentials\n format: PYTHON\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: custom npm with credentials\n disableUpstreamValidation: true\n pythonRepository:\n customRepository:\n uri: https://my.python.registry\n upstreamCredentials:\n usernamePasswordCredentials:\n username: remote-username\n passwordSecretVersion: ${[\"example-remote-secretVersion\"].name}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Common Repository With Docker\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst upstreamRepo = new gcp.artifactregistry.Repository(\"upstream_repo\", {\n location: \"us-central1\",\n repositoryId: \"example-upstream-repo\",\n description: \"example upstream repository\",\n format: \"DOCKER\",\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"example-common-remote\",\n description: \"example remote common repository with docker upstream\",\n format: \"DOCKER\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"pull-through cache of another Artifact Registry repository\",\n commonRepository: {\n uri: upstreamRepo.id,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nupstream_repo = gcp.artifactregistry.Repository(\"upstream_repo\",\n location=\"us-central1\",\n repository_id=\"example-upstream-repo\",\n description=\"example upstream repository\",\n format=\"DOCKER\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"example-common-remote\",\n description=\"example remote common repository with docker upstream\",\n format=\"DOCKER\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"pull-through cache of another Artifact Registry repository\",\n \"common_repository\": {\n \"uri\": upstream_repo.id,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var upstreamRepo = new Gcp.ArtifactRegistry.Repository(\"upstream_repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"example-upstream-repo\",\n Description = \"example upstream repository\",\n Format = \"DOCKER\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"example-common-remote\",\n Description = \"example remote common repository with docker upstream\",\n Format = \"DOCKER\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"pull-through cache of another Artifact Registry repository\",\n CommonRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigCommonRepositoryArgs\n {\n Uri = upstreamRepo.Id,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tupstreamRepo, err := artifactregistry.NewRepository(ctx, \"upstream_repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"example-upstream-repo\"),\n\t\t\tDescription: pulumi.String(\"example upstream repository\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"example-common-remote\"),\n\t\t\tDescription: pulumi.String(\"example remote common repository with docker upstream\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"pull-through cache of another Artifact Registry repository\"),\n\t\t\t\tCommonRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigCommonRepositoryArgs{\n\t\t\t\t\tUri: upstreamRepo.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigCommonRepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var upstreamRepo = new Repository(\"upstreamRepo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"example-upstream-repo\")\n .description(\"example upstream repository\")\n .format(\"DOCKER\")\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"example-common-remote\")\n .description(\"example remote common repository with docker upstream\")\n .format(\"DOCKER\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"pull-through cache of another Artifact Registry repository\")\n .commonRepository(RepositoryRemoteRepositoryConfigCommonRepositoryArgs.builder()\n .uri(upstreamRepo.id())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n upstreamRepo:\n type: gcp:artifactregistry:Repository\n name: upstream_repo\n properties:\n location: us-central1\n repositoryId: example-upstream-repo\n description: example upstream repository\n format: DOCKER\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: example-common-remote\n description: example remote common repository with docker upstream\n format: DOCKER\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: pull-through cache of another Artifact Registry repository\n commonRepository:\n uri: ${upstreamRepo.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRepository can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}`\n\n* `{{project}}/{{location}}/{{repository_id}}`\n\n* `{{location}}/{{repository_id}}`\n\n* `{{repository_id}}`\n\nWhen using the `pulumi import` command, Repository can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:artifactregistry/repository:Repository default projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}\n```\n\n```sh\n$ pulumi import gcp:artifactregistry/repository:Repository default {{project}}/{{location}}/{{repository_id}}\n```\n\n```sh\n$ pulumi import gcp:artifactregistry/repository:Repository default {{location}}/{{repository_id}}\n```\n\n```sh\n$ pulumi import gcp:artifactregistry/repository:Repository default {{repository_id}}\n```\n\n", "properties": { "cleanupPolicies": { "type": "array", @@ -136945,7 +136945,7 @@ } }, "gcp:artifactregistry/repositoryIamBinding:RepositoryIamBinding": { - "description": "Three different resources help you manage your IAM policy for Artifact Registry Repository. Each of these resources serves a different use case:\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.artifactregistry.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.artifactregistry.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.artifactregistry.RepositoryIamBinding` and `gcp.artifactregistry.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.artifactregistry.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.artifactregistry.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.artifactregistry.RepositoryIamPolicy(\"policy\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/artifactregistry.reader\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.artifactregistry.RepositoryIamPolicy(\"policy\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ArtifactRegistry.RepositoryIamPolicy(\"policy\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/artifactregistry.reader\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepositoryIamPolicy(ctx, \"policy\", \u0026artifactregistry.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicy;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:artifactregistry:RepositoryIamPolicy\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.artifactregistry.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.artifactregistry.RepositoryIamBinding(\"binding\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.artifactregistry.RepositoryIamBinding(\"binding\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ArtifactRegistry.RepositoryIamBinding(\"binding\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamBinding(ctx, \"binding\", \u0026artifactregistry.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBinding;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:artifactregistry:RepositoryIamBinding\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.artifactregistry.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.artifactregistry.RepositoryIamMember(\"member\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.artifactregistry.RepositoryIamMember(\"member\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ArtifactRegistry.RepositoryIamMember(\"member\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamMember(ctx, \"member\", \u0026artifactregistry.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMember;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:artifactregistry:RepositoryIamMember\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Artifact Registry Repository\nThree different resources help you manage your IAM policy for Artifact Registry Repository. Each of these resources serves a different use case:\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.artifactregistry.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.artifactregistry.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.artifactregistry.RepositoryIamBinding` and `gcp.artifactregistry.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.artifactregistry.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.artifactregistry.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.artifactregistry.RepositoryIamPolicy(\"policy\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/artifactregistry.reader\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.artifactregistry.RepositoryIamPolicy(\"policy\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ArtifactRegistry.RepositoryIamPolicy(\"policy\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/artifactregistry.reader\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepositoryIamPolicy(ctx, \"policy\", \u0026artifactregistry.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicy;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:artifactregistry:RepositoryIamPolicy\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.artifactregistry.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.artifactregistry.RepositoryIamBinding(\"binding\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.artifactregistry.RepositoryIamBinding(\"binding\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ArtifactRegistry.RepositoryIamBinding(\"binding\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamBinding(ctx, \"binding\", \u0026artifactregistry.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBinding;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:artifactregistry:RepositoryIamBinding\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.artifactregistry.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.artifactregistry.RepositoryIamMember(\"member\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.artifactregistry.RepositoryIamMember(\"member\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ArtifactRegistry.RepositoryIamMember(\"member\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamMember(ctx, \"member\", \u0026artifactregistry.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMember;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:artifactregistry:RepositoryIamMember\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/repositories/{{repository}}\n\n* {{project}}/{{location}}/{{repository}}\n\n* {{location}}/{{repository}}\n\n* {{repository}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nArtifact Registry repository IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamBinding:RepositoryIamBinding editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository}} roles/artifactregistry.reader user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamBinding:RepositoryIamBinding editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository}} roles/artifactregistry.reader\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamBinding:RepositoryIamBinding editor projects/{{project}}/locations/{{location}}/repositories/{{repository}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Artifact Registry Repository. Each of these resources serves a different use case:\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.artifactregistry.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.artifactregistry.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.artifactregistry.RepositoryIamBinding` and `gcp.artifactregistry.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.artifactregistry.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.artifactregistry.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.artifactregistry.RepositoryIamPolicy(\"policy\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/artifactregistry.reader\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.artifactregistry.RepositoryIamPolicy(\"policy\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ArtifactRegistry.RepositoryIamPolicy(\"policy\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/artifactregistry.reader\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepositoryIamPolicy(ctx, \"policy\", \u0026artifactregistry.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicy;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:artifactregistry:RepositoryIamPolicy\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.artifactregistry.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.artifactregistry.RepositoryIamBinding(\"binding\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.artifactregistry.RepositoryIamBinding(\"binding\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ArtifactRegistry.RepositoryIamBinding(\"binding\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamBinding(ctx, \"binding\", \u0026artifactregistry.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBinding;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:artifactregistry:RepositoryIamBinding\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.artifactregistry.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.artifactregistry.RepositoryIamMember(\"member\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.artifactregistry.RepositoryIamMember(\"member\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ArtifactRegistry.RepositoryIamMember(\"member\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamMember(ctx, \"member\", \u0026artifactregistry.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMember;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:artifactregistry:RepositoryIamMember\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Artifact Registry Repository\nThree different resources help you manage your IAM policy for Artifact Registry Repository. Each of these resources serves a different use case:\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.artifactregistry.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.artifactregistry.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.artifactregistry.RepositoryIamBinding` and `gcp.artifactregistry.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.artifactregistry.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.artifactregistry.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.artifactregistry.RepositoryIamPolicy(\"policy\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/artifactregistry.reader\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.artifactregistry.RepositoryIamPolicy(\"policy\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ArtifactRegistry.RepositoryIamPolicy(\"policy\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/artifactregistry.reader\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepositoryIamPolicy(ctx, \"policy\", \u0026artifactregistry.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicy;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:artifactregistry:RepositoryIamPolicy\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.artifactregistry.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.artifactregistry.RepositoryIamBinding(\"binding\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.artifactregistry.RepositoryIamBinding(\"binding\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ArtifactRegistry.RepositoryIamBinding(\"binding\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamBinding(ctx, \"binding\", \u0026artifactregistry.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBinding;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:artifactregistry:RepositoryIamBinding\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.artifactregistry.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.artifactregistry.RepositoryIamMember(\"member\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.artifactregistry.RepositoryIamMember(\"member\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ArtifactRegistry.RepositoryIamMember(\"member\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamMember(ctx, \"member\", \u0026artifactregistry.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMember;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:artifactregistry:RepositoryIamMember\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/repositories/{{repository}}\n\n* {{project}}/{{location}}/{{repository}}\n\n* {{location}}/{{repository}}\n\n* {{repository}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nArtifact Registry repository IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamBinding:RepositoryIamBinding editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository}} roles/artifactregistry.reader user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamBinding:RepositoryIamBinding editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository}} roles/artifactregistry.reader\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamBinding:RepositoryIamBinding editor projects/{{project}}/locations/{{location}}/repositories/{{repository}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:artifactregistry/RepositoryIamBindingCondition:RepositoryIamBindingCondition" @@ -137067,7 +137067,7 @@ } }, "gcp:artifactregistry/repositoryIamMember:RepositoryIamMember": { - "description": "Three different resources help you manage your IAM policy for Artifact Registry Repository. Each of these resources serves a different use case:\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.artifactregistry.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.artifactregistry.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.artifactregistry.RepositoryIamBinding` and `gcp.artifactregistry.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.artifactregistry.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.artifactregistry.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.artifactregistry.RepositoryIamPolicy(\"policy\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/artifactregistry.reader\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.artifactregistry.RepositoryIamPolicy(\"policy\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ArtifactRegistry.RepositoryIamPolicy(\"policy\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/artifactregistry.reader\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepositoryIamPolicy(ctx, \"policy\", \u0026artifactregistry.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicy;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:artifactregistry:RepositoryIamPolicy\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.artifactregistry.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.artifactregistry.RepositoryIamBinding(\"binding\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.artifactregistry.RepositoryIamBinding(\"binding\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ArtifactRegistry.RepositoryIamBinding(\"binding\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamBinding(ctx, \"binding\", \u0026artifactregistry.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBinding;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:artifactregistry:RepositoryIamBinding\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.artifactregistry.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.artifactregistry.RepositoryIamMember(\"member\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.artifactregistry.RepositoryIamMember(\"member\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ArtifactRegistry.RepositoryIamMember(\"member\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamMember(ctx, \"member\", \u0026artifactregistry.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMember;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:artifactregistry:RepositoryIamMember\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Artifact Registry Repository\nThree different resources help you manage your IAM policy for Artifact Registry Repository. Each of these resources serves a different use case:\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.artifactregistry.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.artifactregistry.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.artifactregistry.RepositoryIamBinding` and `gcp.artifactregistry.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.artifactregistry.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.artifactregistry.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.artifactregistry.RepositoryIamPolicy(\"policy\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/artifactregistry.reader\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.artifactregistry.RepositoryIamPolicy(\"policy\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ArtifactRegistry.RepositoryIamPolicy(\"policy\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/artifactregistry.reader\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepositoryIamPolicy(ctx, \"policy\", \u0026artifactregistry.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicy;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:artifactregistry:RepositoryIamPolicy\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.artifactregistry.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.artifactregistry.RepositoryIamBinding(\"binding\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.artifactregistry.RepositoryIamBinding(\"binding\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ArtifactRegistry.RepositoryIamBinding(\"binding\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamBinding(ctx, \"binding\", \u0026artifactregistry.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBinding;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:artifactregistry:RepositoryIamBinding\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.artifactregistry.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.artifactregistry.RepositoryIamMember(\"member\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.artifactregistry.RepositoryIamMember(\"member\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ArtifactRegistry.RepositoryIamMember(\"member\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamMember(ctx, \"member\", \u0026artifactregistry.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMember;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:artifactregistry:RepositoryIamMember\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/repositories/{{repository}}\n\n* {{project}}/{{location}}/{{repository}}\n\n* {{location}}/{{repository}}\n\n* {{repository}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nArtifact Registry repository IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamMember:RepositoryIamMember editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository}} roles/artifactregistry.reader user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamMember:RepositoryIamMember editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository}} roles/artifactregistry.reader\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamMember:RepositoryIamMember editor projects/{{project}}/locations/{{location}}/repositories/{{repository}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Artifact Registry Repository. Each of these resources serves a different use case:\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.artifactregistry.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.artifactregistry.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.artifactregistry.RepositoryIamBinding` and `gcp.artifactregistry.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.artifactregistry.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.artifactregistry.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.artifactregistry.RepositoryIamPolicy(\"policy\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/artifactregistry.reader\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.artifactregistry.RepositoryIamPolicy(\"policy\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ArtifactRegistry.RepositoryIamPolicy(\"policy\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/artifactregistry.reader\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepositoryIamPolicy(ctx, \"policy\", \u0026artifactregistry.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicy;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:artifactregistry:RepositoryIamPolicy\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.artifactregistry.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.artifactregistry.RepositoryIamBinding(\"binding\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.artifactregistry.RepositoryIamBinding(\"binding\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ArtifactRegistry.RepositoryIamBinding(\"binding\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamBinding(ctx, \"binding\", \u0026artifactregistry.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBinding;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:artifactregistry:RepositoryIamBinding\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.artifactregistry.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.artifactregistry.RepositoryIamMember(\"member\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.artifactregistry.RepositoryIamMember(\"member\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ArtifactRegistry.RepositoryIamMember(\"member\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamMember(ctx, \"member\", \u0026artifactregistry.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMember;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:artifactregistry:RepositoryIamMember\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Artifact Registry Repository\nThree different resources help you manage your IAM policy for Artifact Registry Repository. Each of these resources serves a different use case:\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.artifactregistry.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.artifactregistry.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.artifactregistry.RepositoryIamBinding` and `gcp.artifactregistry.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.artifactregistry.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.artifactregistry.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.artifactregistry.RepositoryIamPolicy(\"policy\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/artifactregistry.reader\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.artifactregistry.RepositoryIamPolicy(\"policy\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ArtifactRegistry.RepositoryIamPolicy(\"policy\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/artifactregistry.reader\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepositoryIamPolicy(ctx, \"policy\", \u0026artifactregistry.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicy;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:artifactregistry:RepositoryIamPolicy\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.artifactregistry.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.artifactregistry.RepositoryIamBinding(\"binding\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.artifactregistry.RepositoryIamBinding(\"binding\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ArtifactRegistry.RepositoryIamBinding(\"binding\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamBinding(ctx, \"binding\", \u0026artifactregistry.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBinding;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:artifactregistry:RepositoryIamBinding\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.artifactregistry.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.artifactregistry.RepositoryIamMember(\"member\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.artifactregistry.RepositoryIamMember(\"member\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ArtifactRegistry.RepositoryIamMember(\"member\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamMember(ctx, \"member\", \u0026artifactregistry.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMember;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:artifactregistry:RepositoryIamMember\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/repositories/{{repository}}\n\n* {{project}}/{{location}}/{{repository}}\n\n* {{location}}/{{repository}}\n\n* {{repository}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nArtifact Registry repository IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamMember:RepositoryIamMember editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository}} roles/artifactregistry.reader user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamMember:RepositoryIamMember editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository}} roles/artifactregistry.reader\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamMember:RepositoryIamMember editor projects/{{project}}/locations/{{location}}/repositories/{{repository}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:artifactregistry/RepositoryIamMemberCondition:RepositoryIamMemberCondition" @@ -137182,7 +137182,7 @@ } }, "gcp:artifactregistry/repositoryIamPolicy:RepositoryIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Artifact Registry Repository. Each of these resources serves a different use case:\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.artifactregistry.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.artifactregistry.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.artifactregistry.RepositoryIamBinding` and `gcp.artifactregistry.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.artifactregistry.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.artifactregistry.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.artifactregistry.RepositoryIamPolicy(\"policy\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/artifactregistry.reader\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.artifactregistry.RepositoryIamPolicy(\"policy\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ArtifactRegistry.RepositoryIamPolicy(\"policy\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/artifactregistry.reader\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepositoryIamPolicy(ctx, \"policy\", \u0026artifactregistry.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicy;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:artifactregistry:RepositoryIamPolicy\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.artifactregistry.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.artifactregistry.RepositoryIamBinding(\"binding\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.artifactregistry.RepositoryIamBinding(\"binding\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ArtifactRegistry.RepositoryIamBinding(\"binding\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamBinding(ctx, \"binding\", \u0026artifactregistry.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBinding;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:artifactregistry:RepositoryIamBinding\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.artifactregistry.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.artifactregistry.RepositoryIamMember(\"member\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.artifactregistry.RepositoryIamMember(\"member\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ArtifactRegistry.RepositoryIamMember(\"member\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamMember(ctx, \"member\", \u0026artifactregistry.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMember;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:artifactregistry:RepositoryIamMember\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Artifact Registry Repository\nThree different resources help you manage your IAM policy for Artifact Registry Repository. Each of these resources serves a different use case:\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.artifactregistry.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.artifactregistry.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.artifactregistry.RepositoryIamBinding` and `gcp.artifactregistry.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.artifactregistry.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.artifactregistry.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.artifactregistry.RepositoryIamPolicy(\"policy\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/artifactregistry.reader\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.artifactregistry.RepositoryIamPolicy(\"policy\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ArtifactRegistry.RepositoryIamPolicy(\"policy\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/artifactregistry.reader\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepositoryIamPolicy(ctx, \"policy\", \u0026artifactregistry.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicy;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:artifactregistry:RepositoryIamPolicy\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.artifactregistry.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.artifactregistry.RepositoryIamBinding(\"binding\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.artifactregistry.RepositoryIamBinding(\"binding\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ArtifactRegistry.RepositoryIamBinding(\"binding\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamBinding(ctx, \"binding\", \u0026artifactregistry.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBinding;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:artifactregistry:RepositoryIamBinding\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.artifactregistry.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.artifactregistry.RepositoryIamMember(\"member\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.artifactregistry.RepositoryIamMember(\"member\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ArtifactRegistry.RepositoryIamMember(\"member\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamMember(ctx, \"member\", \u0026artifactregistry.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMember;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:artifactregistry:RepositoryIamMember\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/repositories/{{repository}}\n\n* {{project}}/{{location}}/{{repository}}\n\n* {{location}}/{{repository}}\n\n* {{repository}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nArtifact Registry repository IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamPolicy:RepositoryIamPolicy editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository}} roles/artifactregistry.reader user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamPolicy:RepositoryIamPolicy editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository}} roles/artifactregistry.reader\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamPolicy:RepositoryIamPolicy editor projects/{{project}}/locations/{{location}}/repositories/{{repository}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Artifact Registry Repository. Each of these resources serves a different use case:\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.artifactregistry.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.artifactregistry.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.artifactregistry.RepositoryIamBinding` and `gcp.artifactregistry.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.artifactregistry.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.artifactregistry.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.artifactregistry.RepositoryIamPolicy(\"policy\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/artifactregistry.reader\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.artifactregistry.RepositoryIamPolicy(\"policy\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ArtifactRegistry.RepositoryIamPolicy(\"policy\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/artifactregistry.reader\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepositoryIamPolicy(ctx, \"policy\", \u0026artifactregistry.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicy;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:artifactregistry:RepositoryIamPolicy\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.artifactregistry.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.artifactregistry.RepositoryIamBinding(\"binding\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.artifactregistry.RepositoryIamBinding(\"binding\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ArtifactRegistry.RepositoryIamBinding(\"binding\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamBinding(ctx, \"binding\", \u0026artifactregistry.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBinding;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:artifactregistry:RepositoryIamBinding\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.artifactregistry.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.artifactregistry.RepositoryIamMember(\"member\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.artifactregistry.RepositoryIamMember(\"member\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ArtifactRegistry.RepositoryIamMember(\"member\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamMember(ctx, \"member\", \u0026artifactregistry.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMember;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:artifactregistry:RepositoryIamMember\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Artifact Registry Repository\nThree different resources help you manage your IAM policy for Artifact Registry Repository. Each of these resources serves a different use case:\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.artifactregistry.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.artifactregistry.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.artifactregistry.RepositoryIamBinding` and `gcp.artifactregistry.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.artifactregistry.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.artifactregistry.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.artifactregistry.RepositoryIamPolicy(\"policy\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/artifactregistry.reader\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.artifactregistry.RepositoryIamPolicy(\"policy\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ArtifactRegistry.RepositoryIamPolicy(\"policy\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/artifactregistry.reader\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepositoryIamPolicy(ctx, \"policy\", \u0026artifactregistry.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicy;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:artifactregistry:RepositoryIamPolicy\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.artifactregistry.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.artifactregistry.RepositoryIamBinding(\"binding\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.artifactregistry.RepositoryIamBinding(\"binding\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ArtifactRegistry.RepositoryIamBinding(\"binding\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamBinding(ctx, \"binding\", \u0026artifactregistry.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBinding;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:artifactregistry:RepositoryIamBinding\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.artifactregistry.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.artifactregistry.RepositoryIamMember(\"member\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.artifactregistry.RepositoryIamMember(\"member\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ArtifactRegistry.RepositoryIamMember(\"member\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamMember(ctx, \"member\", \u0026artifactregistry.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMember;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:artifactregistry:RepositoryIamMember\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/repositories/{{repository}}\n\n* {{project}}/{{location}}/{{repository}}\n\n* {{location}}/{{repository}}\n\n* {{repository}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nArtifact Registry repository IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamPolicy:RepositoryIamPolicy editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository}} roles/artifactregistry.reader user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamPolicy:RepositoryIamPolicy editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository}} roles/artifactregistry.reader\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamPolicy:RepositoryIamPolicy editor projects/{{project}}/locations/{{location}}/repositories/{{repository}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -138419,7 +138419,7 @@ } }, "gcp:backupdisasterrecovery/managementServer:ManagementServer": { - "description": "## Example Usage\n\n### Backup Dr Management Server\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.Network(\"default\", {name: \"vpc-network\"});\nconst privateIpAddress = new gcp.compute.GlobalAddress(\"private_ip_address\", {\n name: \"vpc-network\",\n addressType: \"INTERNAL\",\n purpose: \"VPC_PEERING\",\n prefixLength: 20,\n network: _default.id,\n});\nconst defaultConnection = new gcp.servicenetworking.Connection(\"default\", {\n network: _default.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [privateIpAddress.name],\n});\nconst ms_console = new gcp.backupdisasterrecovery.ManagementServer(\"ms-console\", {\n location: \"us-central1\",\n name: \"ms-console\",\n type: \"BACKUP_RESTORE\",\n}, {\n dependsOn: [defaultConnection],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.Network(\"default\", name=\"vpc-network\")\nprivate_ip_address = gcp.compute.GlobalAddress(\"private_ip_address\",\n name=\"vpc-network\",\n address_type=\"INTERNAL\",\n purpose=\"VPC_PEERING\",\n prefix_length=20,\n network=default.id)\ndefault_connection = gcp.servicenetworking.Connection(\"default\",\n network=default.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[private_ip_address.name])\nms_console = gcp.backupdisasterrecovery.ManagementServer(\"ms-console\",\n location=\"us-central1\",\n name=\"ms-console\",\n type=\"BACKUP_RESTORE\",\n opts = pulumi.ResourceOptions(depends_on=[default_connection]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"vpc-network\",\n });\n\n var privateIpAddress = new Gcp.Compute.GlobalAddress(\"private_ip_address\", new()\n {\n Name = \"vpc-network\",\n AddressType = \"INTERNAL\",\n Purpose = \"VPC_PEERING\",\n PrefixLength = 20,\n Network = @default.Id,\n });\n\n var defaultConnection = new Gcp.ServiceNetworking.Connection(\"default\", new()\n {\n Network = @default.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n privateIpAddress.Name,\n },\n });\n\n var ms_console = new Gcp.BackupDisasterRecovery.ManagementServer(\"ms-console\", new()\n {\n Location = \"us-central1\",\n Name = \"ms-console\",\n Type = \"BACKUP_RESTORE\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n defaultConnection,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/backupdisasterrecovery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"vpc-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateIpAddress, err := compute.NewGlobalAddress(ctx, \"private_ip_address\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"vpc-network\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tPrefixLength: pulumi.Int(20),\n\t\t\tNetwork: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultConnection, err := servicenetworking.NewConnection(ctx, \"default\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: _default.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tprivateIpAddress.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = backupdisasterrecovery.NewManagementServer(ctx, \"ms-console\", \u0026backupdisasterrecovery.ManagementServerArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"ms-console\"),\n\t\t\tType: pulumi.String(\"BACKUP_RESTORE\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdefaultConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.backupdisasterrecovery.ManagementServer;\nimport com.pulumi.gcp.backupdisasterrecovery.ManagementServerArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"vpc-network\")\n .build());\n\n var privateIpAddress = new GlobalAddress(\"privateIpAddress\", GlobalAddressArgs.builder()\n .name(\"vpc-network\")\n .addressType(\"INTERNAL\")\n .purpose(\"VPC_PEERING\")\n .prefixLength(20)\n .network(default_.id())\n .build());\n\n var defaultConnection = new Connection(\"defaultConnection\", ConnectionArgs.builder()\n .network(default_.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(privateIpAddress.name())\n .build());\n\n var ms_console = new ManagementServer(\"ms-console\", ManagementServerArgs.builder()\n .location(\"us-central1\")\n .name(\"ms-console\")\n .type(\"BACKUP_RESTORE\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(defaultConnection)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:Network\n properties:\n name: vpc-network\n privateIpAddress:\n type: gcp:compute:GlobalAddress\n name: private_ip_address\n properties:\n name: vpc-network\n addressType: INTERNAL\n purpose: VPC_PEERING\n prefixLength: 20\n network: ${default.id}\n defaultConnection:\n type: gcp:servicenetworking:Connection\n name: default\n properties:\n network: ${default.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${privateIpAddress.name}\n ms-console:\n type: gcp:backupdisasterrecovery:ManagementServer\n properties:\n location: us-central1\n name: ms-console\n type: BACKUP_RESTORE\n options:\n dependson:\n - ${defaultConnection}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nManagementServer can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/managementServers/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, ManagementServer can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:backupdisasterrecovery/managementServer:ManagementServer default projects/{{project}}/locations/{{location}}/managementServers/{{name}}\n```\n\n```sh\n$ pulumi import gcp:backupdisasterrecovery/managementServer:ManagementServer default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:backupdisasterrecovery/managementServer:ManagementServer default {{location}}/{{name}}\n```\n\n", + "description": "## Example Usage\n\n### Backup Dr Management Server\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.Network(\"default\", {name: \"vpc-network\"});\nconst privateIpAddress = new gcp.compute.GlobalAddress(\"private_ip_address\", {\n name: \"vpc-network\",\n addressType: \"INTERNAL\",\n purpose: \"VPC_PEERING\",\n prefixLength: 20,\n network: _default.id,\n});\nconst defaultConnection = new gcp.servicenetworking.Connection(\"default\", {\n network: _default.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [privateIpAddress.name],\n});\nconst ms_console = new gcp.backupdisasterrecovery.ManagementServer(\"ms-console\", {\n location: \"us-central1\",\n name: \"ms-console\",\n type: \"BACKUP_RESTORE\",\n}, {\n dependsOn: [defaultConnection],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.Network(\"default\", name=\"vpc-network\")\nprivate_ip_address = gcp.compute.GlobalAddress(\"private_ip_address\",\n name=\"vpc-network\",\n address_type=\"INTERNAL\",\n purpose=\"VPC_PEERING\",\n prefix_length=20,\n network=default.id)\ndefault_connection = gcp.servicenetworking.Connection(\"default\",\n network=default.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[private_ip_address.name])\nms_console = gcp.backupdisasterrecovery.ManagementServer(\"ms-console\",\n location=\"us-central1\",\n name=\"ms-console\",\n type=\"BACKUP_RESTORE\",\n opts = pulumi.ResourceOptions(depends_on=[default_connection]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"vpc-network\",\n });\n\n var privateIpAddress = new Gcp.Compute.GlobalAddress(\"private_ip_address\", new()\n {\n Name = \"vpc-network\",\n AddressType = \"INTERNAL\",\n Purpose = \"VPC_PEERING\",\n PrefixLength = 20,\n Network = @default.Id,\n });\n\n var defaultConnection = new Gcp.ServiceNetworking.Connection(\"default\", new()\n {\n Network = @default.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n privateIpAddress.Name,\n },\n });\n\n var ms_console = new Gcp.BackupDisasterRecovery.ManagementServer(\"ms-console\", new()\n {\n Location = \"us-central1\",\n Name = \"ms-console\",\n Type = \"BACKUP_RESTORE\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n defaultConnection,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/backupdisasterrecovery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"vpc-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateIpAddress, err := compute.NewGlobalAddress(ctx, \"private_ip_address\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"vpc-network\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tPrefixLength: pulumi.Int(20),\n\t\t\tNetwork: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultConnection, err := servicenetworking.NewConnection(ctx, \"default\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: _default.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tprivateIpAddress.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = backupdisasterrecovery.NewManagementServer(ctx, \"ms-console\", \u0026backupdisasterrecovery.ManagementServerArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"ms-console\"),\n\t\t\tType: pulumi.String(\"BACKUP_RESTORE\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdefaultConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.backupdisasterrecovery.ManagementServer;\nimport com.pulumi.gcp.backupdisasterrecovery.ManagementServerArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"vpc-network\")\n .build());\n\n var privateIpAddress = new GlobalAddress(\"privateIpAddress\", GlobalAddressArgs.builder()\n .name(\"vpc-network\")\n .addressType(\"INTERNAL\")\n .purpose(\"VPC_PEERING\")\n .prefixLength(20)\n .network(default_.id())\n .build());\n\n var defaultConnection = new Connection(\"defaultConnection\", ConnectionArgs.builder()\n .network(default_.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(privateIpAddress.name())\n .build());\n\n var ms_console = new ManagementServer(\"ms-console\", ManagementServerArgs.builder()\n .location(\"us-central1\")\n .name(\"ms-console\")\n .type(\"BACKUP_RESTORE\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(defaultConnection)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:Network\n properties:\n name: vpc-network\n privateIpAddress:\n type: gcp:compute:GlobalAddress\n name: private_ip_address\n properties:\n name: vpc-network\n addressType: INTERNAL\n purpose: VPC_PEERING\n prefixLength: 20\n network: ${default.id}\n defaultConnection:\n type: gcp:servicenetworking:Connection\n name: default\n properties:\n network: ${default.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${privateIpAddress.name}\n ms-console:\n type: gcp:backupdisasterrecovery:ManagementServer\n properties:\n location: us-central1\n name: ms-console\n type: BACKUP_RESTORE\n options:\n dependsOn:\n - ${defaultConnection}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nManagementServer can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/managementServers/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, ManagementServer can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:backupdisasterrecovery/managementServer:ManagementServer default projects/{{project}}/locations/{{location}}/managementServers/{{name}}\n```\n\n```sh\n$ pulumi import gcp:backupdisasterrecovery/managementServer:ManagementServer default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:backupdisasterrecovery/managementServer:ManagementServer default {{location}}/{{name}}\n```\n\n", "properties": { "location": { "type": "string", @@ -139822,7 +139822,7 @@ } }, "gcp:bigquery/connection:Connection": { - "description": "A connection allows BigQuery connections to external data sources..\n\n\nTo get more information about Connection, see:\n\n* [API documentation](https://cloud.google.com/bigquery/docs/reference/bigqueryconnection/rest/v1/projects.locations.connections/create)\n* How-to Guides\n * [Cloud SQL federated queries](https://cloud.google.com/bigquery/docs/cloud-sql-federated-queries)\n\n\n\n## Example Usage\n\n### Bigquery Connection Cloud Resource\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst connection = new gcp.bigquery.Connection(\"connection\", {\n connectionId: \"my-connection\",\n location: \"US\",\n friendlyName: \"👋\",\n description: \"a riveting description\",\n cloudResource: {},\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nconnection = gcp.bigquery.Connection(\"connection\",\n connection_id=\"my-connection\",\n location=\"US\",\n friendly_name=\"👋\",\n description=\"a riveting description\",\n cloud_resource={})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var connection = new Gcp.BigQuery.Connection(\"connection\", new()\n {\n ConnectionId = \"my-connection\",\n Location = \"US\",\n FriendlyName = \"👋\",\n Description = \"a riveting description\",\n CloudResource = null,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnection(ctx, \"connection\", \u0026bigquery.ConnectionArgs{\n\t\t\tConnectionId: pulumi.String(\"my-connection\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tFriendlyName: pulumi.String(\"👋\"),\n\t\t\tDescription: pulumi.String(\"a riveting description\"),\n\t\t\tCloudResource: \u0026bigquery.ConnectionCloudResourceArgs{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Connection;\nimport com.pulumi.gcp.bigquery.ConnectionArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionCloudResourceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var connection = new Connection(\"connection\", ConnectionArgs.builder()\n .connectionId(\"my-connection\")\n .location(\"US\")\n .friendlyName(\"👋\")\n .description(\"a riveting description\")\n .cloudResource()\n .build());\n\n }\n}\n```\n```yaml\nresources:\n connection:\n type: gcp:bigquery:Connection\n properties:\n connectionId: my-connection\n location: US\n friendlyName: \"\\U0001F44B\"\n description: a riveting description\n cloudResource: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Connection Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as random from \"@pulumi/random\";\n\nconst instance = new gcp.sql.DatabaseInstance(\"instance\", {\n name: \"my-database-instance\",\n databaseVersion: \"POSTGRES_11\",\n region: \"us-central1\",\n settings: {\n tier: \"db-f1-micro\",\n },\n deletionProtection: true,\n});\nconst db = new gcp.sql.Database(\"db\", {\n instance: instance.name,\n name: \"db\",\n});\nconst pwd = new random.RandomPassword(\"pwd\", {\n length: 16,\n special: false,\n});\nconst user = new gcp.sql.User(\"user\", {\n name: \"user\",\n instance: instance.name,\n password: pwd.result,\n});\nconst connection = new gcp.bigquery.Connection(\"connection\", {\n friendlyName: \"👋\",\n description: \"a riveting description\",\n location: \"US\",\n cloudSql: {\n instanceId: instance.connectionName,\n database: db.name,\n type: \"POSTGRES\",\n credential: {\n username: user.name,\n password: user.password,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_random as random\n\ninstance = gcp.sql.DatabaseInstance(\"instance\",\n name=\"my-database-instance\",\n database_version=\"POSTGRES_11\",\n region=\"us-central1\",\n settings={\n \"tier\": \"db-f1-micro\",\n },\n deletion_protection=True)\ndb = gcp.sql.Database(\"db\",\n instance=instance.name,\n name=\"db\")\npwd = random.RandomPassword(\"pwd\",\n length=16,\n special=False)\nuser = gcp.sql.User(\"user\",\n name=\"user\",\n instance=instance.name,\n password=pwd.result)\nconnection = gcp.bigquery.Connection(\"connection\",\n friendly_name=\"👋\",\n description=\"a riveting description\",\n location=\"US\",\n cloud_sql={\n \"instance_id\": instance.connection_name,\n \"database\": db.name,\n \"type\": \"POSTGRES\",\n \"credential\": {\n \"username\": user.name,\n \"password\": user.password,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Random = Pulumi.Random;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Sql.DatabaseInstance(\"instance\", new()\n {\n Name = \"my-database-instance\",\n DatabaseVersion = \"POSTGRES_11\",\n Region = \"us-central1\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n },\n DeletionProtection = true,\n });\n\n var db = new Gcp.Sql.Database(\"db\", new()\n {\n Instance = instance.Name,\n Name = \"db\",\n });\n\n var pwd = new Random.RandomPassword(\"pwd\", new()\n {\n Length = 16,\n Special = false,\n });\n\n var user = new Gcp.Sql.User(\"user\", new()\n {\n Name = \"user\",\n Instance = instance.Name,\n Password = pwd.Result,\n });\n\n var connection = new Gcp.BigQuery.Connection(\"connection\", new()\n {\n FriendlyName = \"👋\",\n Description = \"a riveting description\",\n Location = \"US\",\n CloudSql = new Gcp.BigQuery.Inputs.ConnectionCloudSqlArgs\n {\n InstanceId = instance.ConnectionName,\n Database = db.Name,\n Type = \"POSTGRES\",\n Credential = new Gcp.BigQuery.Inputs.ConnectionCloudSqlCredentialArgs\n {\n Username = user.Name,\n Password = user.Password,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi-random/sdk/v4/go/random\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinstance, err := sql.NewDatabaseInstance(ctx, \"instance\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"my-database-instance\"),\n\t\t\tDatabaseVersion: pulumi.String(\"POSTGRES_11\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdb, err := sql.NewDatabase(ctx, \"db\", \u0026sql.DatabaseArgs{\n\t\t\tInstance: instance.Name,\n\t\t\tName: pulumi.String(\"db\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpwd, err := random.NewRandomPassword(ctx, \"pwd\", \u0026random.RandomPasswordArgs{\n\t\t\tLength: pulumi.Int(16),\n\t\t\tSpecial: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := sql.NewUser(ctx, \"user\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"user\"),\n\t\t\tInstance: instance.Name,\n\t\t\tPassword: pwd.Result,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewConnection(ctx, \"connection\", \u0026bigquery.ConnectionArgs{\n\t\t\tFriendlyName: pulumi.String(\"👋\"),\n\t\t\tDescription: pulumi.String(\"a riveting description\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tCloudSql: \u0026bigquery.ConnectionCloudSqlArgs{\n\t\t\t\tInstanceId: instance.ConnectionName,\n\t\t\t\tDatabase: db.Name,\n\t\t\t\tType: pulumi.String(\"POSTGRES\"),\n\t\t\t\tCredential: \u0026bigquery.ConnectionCloudSqlCredentialArgs{\n\t\t\t\t\tUsername: user.Name,\n\t\t\t\t\tPassword: user.Password,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.Database;\nimport com.pulumi.gcp.sql.DatabaseArgs;\nimport com.pulumi.random.RandomPassword;\nimport com.pulumi.random.RandomPasswordArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport com.pulumi.gcp.bigquery.Connection;\nimport com.pulumi.gcp.bigquery.ConnectionArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionCloudSqlArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionCloudSqlCredentialArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new DatabaseInstance(\"instance\", DatabaseInstanceArgs.builder()\n .name(\"my-database-instance\")\n .databaseVersion(\"POSTGRES_11\")\n .region(\"us-central1\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .build())\n .deletionProtection(true)\n .build());\n\n var db = new Database(\"db\", DatabaseArgs.builder()\n .instance(instance.name())\n .name(\"db\")\n .build());\n\n var pwd = new RandomPassword(\"pwd\", RandomPasswordArgs.builder()\n .length(16)\n .special(false)\n .build());\n\n var user = new User(\"user\", UserArgs.builder()\n .name(\"user\")\n .instance(instance.name())\n .password(pwd.result())\n .build());\n\n var connection = new Connection(\"connection\", ConnectionArgs.builder()\n .friendlyName(\"👋\")\n .description(\"a riveting description\")\n .location(\"US\")\n .cloudSql(ConnectionCloudSqlArgs.builder()\n .instanceId(instance.connectionName())\n .database(db.name())\n .type(\"POSTGRES\")\n .credential(ConnectionCloudSqlCredentialArgs.builder()\n .username(user.name())\n .password(user.password())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:sql:DatabaseInstance\n properties:\n name: my-database-instance\n databaseVersion: POSTGRES_11\n region: us-central1\n settings:\n tier: db-f1-micro\n deletionProtection: true\n db:\n type: gcp:sql:Database\n properties:\n instance: ${instance.name}\n name: db\n pwd:\n type: random:RandomPassword\n properties:\n length: 16\n special: false\n user:\n type: gcp:sql:User\n properties:\n name: user\n instance: ${instance.name}\n password: ${pwd.result}\n connection:\n type: gcp:bigquery:Connection\n properties:\n friendlyName: \"\\U0001F44B\"\n description: a riveting description\n location: US\n cloudSql:\n instanceId: ${instance.connectionName}\n database: ${db.name}\n type: POSTGRES\n credential:\n username: ${user.name}\n password: ${user.password}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Connection Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as random from \"@pulumi/random\";\n\nconst instance = new gcp.sql.DatabaseInstance(\"instance\", {\n name: \"my-database-instance\",\n databaseVersion: \"POSTGRES_11\",\n region: \"us-central1\",\n settings: {\n tier: \"db-f1-micro\",\n },\n deletionProtection: true,\n});\nconst db = new gcp.sql.Database(\"db\", {\n instance: instance.name,\n name: \"db\",\n});\nconst pwd = new random.RandomPassword(\"pwd\", {\n length: 16,\n special: false,\n});\nconst user = new gcp.sql.User(\"user\", {\n name: \"user\",\n instance: instance.name,\n password: pwd.result,\n});\nconst connection = new gcp.bigquery.Connection(\"connection\", {\n connectionId: \"my-connection\",\n location: \"US\",\n friendlyName: \"👋\",\n description: \"a riveting description\",\n cloudSql: {\n instanceId: instance.connectionName,\n database: db.name,\n type: \"POSTGRES\",\n credential: {\n username: user.name,\n password: user.password,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_random as random\n\ninstance = gcp.sql.DatabaseInstance(\"instance\",\n name=\"my-database-instance\",\n database_version=\"POSTGRES_11\",\n region=\"us-central1\",\n settings={\n \"tier\": \"db-f1-micro\",\n },\n deletion_protection=True)\ndb = gcp.sql.Database(\"db\",\n instance=instance.name,\n name=\"db\")\npwd = random.RandomPassword(\"pwd\",\n length=16,\n special=False)\nuser = gcp.sql.User(\"user\",\n name=\"user\",\n instance=instance.name,\n password=pwd.result)\nconnection = gcp.bigquery.Connection(\"connection\",\n connection_id=\"my-connection\",\n location=\"US\",\n friendly_name=\"👋\",\n description=\"a riveting description\",\n cloud_sql={\n \"instance_id\": instance.connection_name,\n \"database\": db.name,\n \"type\": \"POSTGRES\",\n \"credential\": {\n \"username\": user.name,\n \"password\": user.password,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Random = Pulumi.Random;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Sql.DatabaseInstance(\"instance\", new()\n {\n Name = \"my-database-instance\",\n DatabaseVersion = \"POSTGRES_11\",\n Region = \"us-central1\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n },\n DeletionProtection = true,\n });\n\n var db = new Gcp.Sql.Database(\"db\", new()\n {\n Instance = instance.Name,\n Name = \"db\",\n });\n\n var pwd = new Random.RandomPassword(\"pwd\", new()\n {\n Length = 16,\n Special = false,\n });\n\n var user = new Gcp.Sql.User(\"user\", new()\n {\n Name = \"user\",\n Instance = instance.Name,\n Password = pwd.Result,\n });\n\n var connection = new Gcp.BigQuery.Connection(\"connection\", new()\n {\n ConnectionId = \"my-connection\",\n Location = \"US\",\n FriendlyName = \"👋\",\n Description = \"a riveting description\",\n CloudSql = new Gcp.BigQuery.Inputs.ConnectionCloudSqlArgs\n {\n InstanceId = instance.ConnectionName,\n Database = db.Name,\n Type = \"POSTGRES\",\n Credential = new Gcp.BigQuery.Inputs.ConnectionCloudSqlCredentialArgs\n {\n Username = user.Name,\n Password = user.Password,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi-random/sdk/v4/go/random\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinstance, err := sql.NewDatabaseInstance(ctx, \"instance\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"my-database-instance\"),\n\t\t\tDatabaseVersion: pulumi.String(\"POSTGRES_11\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdb, err := sql.NewDatabase(ctx, \"db\", \u0026sql.DatabaseArgs{\n\t\t\tInstance: instance.Name,\n\t\t\tName: pulumi.String(\"db\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpwd, err := random.NewRandomPassword(ctx, \"pwd\", \u0026random.RandomPasswordArgs{\n\t\t\tLength: pulumi.Int(16),\n\t\t\tSpecial: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := sql.NewUser(ctx, \"user\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"user\"),\n\t\t\tInstance: instance.Name,\n\t\t\tPassword: pwd.Result,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewConnection(ctx, \"connection\", \u0026bigquery.ConnectionArgs{\n\t\t\tConnectionId: pulumi.String(\"my-connection\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tFriendlyName: pulumi.String(\"👋\"),\n\t\t\tDescription: pulumi.String(\"a riveting description\"),\n\t\t\tCloudSql: \u0026bigquery.ConnectionCloudSqlArgs{\n\t\t\t\tInstanceId: instance.ConnectionName,\n\t\t\t\tDatabase: db.Name,\n\t\t\t\tType: pulumi.String(\"POSTGRES\"),\n\t\t\t\tCredential: \u0026bigquery.ConnectionCloudSqlCredentialArgs{\n\t\t\t\t\tUsername: user.Name,\n\t\t\t\t\tPassword: user.Password,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.Database;\nimport com.pulumi.gcp.sql.DatabaseArgs;\nimport com.pulumi.random.RandomPassword;\nimport com.pulumi.random.RandomPasswordArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport com.pulumi.gcp.bigquery.Connection;\nimport com.pulumi.gcp.bigquery.ConnectionArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionCloudSqlArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionCloudSqlCredentialArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new DatabaseInstance(\"instance\", DatabaseInstanceArgs.builder()\n .name(\"my-database-instance\")\n .databaseVersion(\"POSTGRES_11\")\n .region(\"us-central1\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .build())\n .deletionProtection(true)\n .build());\n\n var db = new Database(\"db\", DatabaseArgs.builder()\n .instance(instance.name())\n .name(\"db\")\n .build());\n\n var pwd = new RandomPassword(\"pwd\", RandomPasswordArgs.builder()\n .length(16)\n .special(false)\n .build());\n\n var user = new User(\"user\", UserArgs.builder()\n .name(\"user\")\n .instance(instance.name())\n .password(pwd.result())\n .build());\n\n var connection = new Connection(\"connection\", ConnectionArgs.builder()\n .connectionId(\"my-connection\")\n .location(\"US\")\n .friendlyName(\"👋\")\n .description(\"a riveting description\")\n .cloudSql(ConnectionCloudSqlArgs.builder()\n .instanceId(instance.connectionName())\n .database(db.name())\n .type(\"POSTGRES\")\n .credential(ConnectionCloudSqlCredentialArgs.builder()\n .username(user.name())\n .password(user.password())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:sql:DatabaseInstance\n properties:\n name: my-database-instance\n databaseVersion: POSTGRES_11\n region: us-central1\n settings:\n tier: db-f1-micro\n deletionProtection: true\n db:\n type: gcp:sql:Database\n properties:\n instance: ${instance.name}\n name: db\n pwd:\n type: random:RandomPassword\n properties:\n length: 16\n special: false\n user:\n type: gcp:sql:User\n properties:\n name: user\n instance: ${instance.name}\n password: ${pwd.result}\n connection:\n type: gcp:bigquery:Connection\n properties:\n connectionId: my-connection\n location: US\n friendlyName: \"\\U0001F44B\"\n description: a riveting description\n cloudSql:\n instanceId: ${instance.connectionName}\n database: ${db.name}\n type: POSTGRES\n credential:\n username: ${user.name}\n password: ${user.password}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Connection Aws\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst connection = new gcp.bigquery.Connection(\"connection\", {\n connectionId: \"my-connection\",\n location: \"aws-us-east-1\",\n friendlyName: \"👋\",\n description: \"a riveting description\",\n aws: {\n accessRole: {\n iamRoleId: \"arn:aws:iam::999999999999:role/omnirole\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nconnection = gcp.bigquery.Connection(\"connection\",\n connection_id=\"my-connection\",\n location=\"aws-us-east-1\",\n friendly_name=\"👋\",\n description=\"a riveting description\",\n aws={\n \"access_role\": {\n \"iam_role_id\": \"arn:aws:iam::999999999999:role/omnirole\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var connection = new Gcp.BigQuery.Connection(\"connection\", new()\n {\n ConnectionId = \"my-connection\",\n Location = \"aws-us-east-1\",\n FriendlyName = \"👋\",\n Description = \"a riveting description\",\n Aws = new Gcp.BigQuery.Inputs.ConnectionAwsArgs\n {\n AccessRole = new Gcp.BigQuery.Inputs.ConnectionAwsAccessRoleArgs\n {\n IamRoleId = \"arn:aws:iam::999999999999:role/omnirole\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnection(ctx, \"connection\", \u0026bigquery.ConnectionArgs{\n\t\t\tConnectionId: pulumi.String(\"my-connection\"),\n\t\t\tLocation: pulumi.String(\"aws-us-east-1\"),\n\t\t\tFriendlyName: pulumi.String(\"👋\"),\n\t\t\tDescription: pulumi.String(\"a riveting description\"),\n\t\t\tAws: \u0026bigquery.ConnectionAwsArgs{\n\t\t\t\tAccessRole: \u0026bigquery.ConnectionAwsAccessRoleArgs{\n\t\t\t\t\tIamRoleId: pulumi.String(\"arn:aws:iam::999999999999:role/omnirole\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Connection;\nimport com.pulumi.gcp.bigquery.ConnectionArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionAwsArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionAwsAccessRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var connection = new Connection(\"connection\", ConnectionArgs.builder()\n .connectionId(\"my-connection\")\n .location(\"aws-us-east-1\")\n .friendlyName(\"👋\")\n .description(\"a riveting description\")\n .aws(ConnectionAwsArgs.builder()\n .accessRole(ConnectionAwsAccessRoleArgs.builder()\n .iamRoleId(\"arn:aws:iam::999999999999:role/omnirole\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n connection:\n type: gcp:bigquery:Connection\n properties:\n connectionId: my-connection\n location: aws-us-east-1\n friendlyName: \"\\U0001F44B\"\n description: a riveting description\n aws:\n accessRole:\n iamRoleId: arn:aws:iam::999999999999:role/omnirole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Connection Azure\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst connection = new gcp.bigquery.Connection(\"connection\", {\n connectionId: \"my-connection\",\n location: \"azure-eastus2\",\n friendlyName: \"👋\",\n description: \"a riveting description\",\n azure: {\n customerTenantId: \"customer-tenant-id\",\n federatedApplicationClientId: \"b43eeeee-eeee-eeee-eeee-a480155501ce\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nconnection = gcp.bigquery.Connection(\"connection\",\n connection_id=\"my-connection\",\n location=\"azure-eastus2\",\n friendly_name=\"👋\",\n description=\"a riveting description\",\n azure={\n \"customer_tenant_id\": \"customer-tenant-id\",\n \"federated_application_client_id\": \"b43eeeee-eeee-eeee-eeee-a480155501ce\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var connection = new Gcp.BigQuery.Connection(\"connection\", new()\n {\n ConnectionId = \"my-connection\",\n Location = \"azure-eastus2\",\n FriendlyName = \"👋\",\n Description = \"a riveting description\",\n Azure = new Gcp.BigQuery.Inputs.ConnectionAzureArgs\n {\n CustomerTenantId = \"customer-tenant-id\",\n FederatedApplicationClientId = \"b43eeeee-eeee-eeee-eeee-a480155501ce\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnection(ctx, \"connection\", \u0026bigquery.ConnectionArgs{\n\t\t\tConnectionId: pulumi.String(\"my-connection\"),\n\t\t\tLocation: pulumi.String(\"azure-eastus2\"),\n\t\t\tFriendlyName: pulumi.String(\"👋\"),\n\t\t\tDescription: pulumi.String(\"a riveting description\"),\n\t\t\tAzure: \u0026bigquery.ConnectionAzureArgs{\n\t\t\t\tCustomerTenantId: pulumi.String(\"customer-tenant-id\"),\n\t\t\t\tFederatedApplicationClientId: pulumi.String(\"b43eeeee-eeee-eeee-eeee-a480155501ce\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Connection;\nimport com.pulumi.gcp.bigquery.ConnectionArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionAzureArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var connection = new Connection(\"connection\", ConnectionArgs.builder()\n .connectionId(\"my-connection\")\n .location(\"azure-eastus2\")\n .friendlyName(\"👋\")\n .description(\"a riveting description\")\n .azure(ConnectionAzureArgs.builder()\n .customerTenantId(\"customer-tenant-id\")\n .federatedApplicationClientId(\"b43eeeee-eeee-eeee-eeee-a480155501ce\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n connection:\n type: gcp:bigquery:Connection\n properties:\n connectionId: my-connection\n location: azure-eastus2\n friendlyName: \"\\U0001F44B\"\n description: a riveting description\n azure:\n customerTenantId: customer-tenant-id\n federatedApplicationClientId: b43eeeee-eeee-eeee-eeee-a480155501ce\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Connection Cloudspanner\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst connection = new gcp.bigquery.Connection(\"connection\", {\n connectionId: \"my-connection\",\n location: \"US\",\n friendlyName: \"👋\",\n description: \"a riveting description\",\n cloudSpanner: {\n database: \"projects/project/instances/instance/databases/database\",\n databaseRole: \"database_role\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nconnection = gcp.bigquery.Connection(\"connection\",\n connection_id=\"my-connection\",\n location=\"US\",\n friendly_name=\"👋\",\n description=\"a riveting description\",\n cloud_spanner={\n \"database\": \"projects/project/instances/instance/databases/database\",\n \"database_role\": \"database_role\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var connection = new Gcp.BigQuery.Connection(\"connection\", new()\n {\n ConnectionId = \"my-connection\",\n Location = \"US\",\n FriendlyName = \"👋\",\n Description = \"a riveting description\",\n CloudSpanner = new Gcp.BigQuery.Inputs.ConnectionCloudSpannerArgs\n {\n Database = \"projects/project/instances/instance/databases/database\",\n DatabaseRole = \"database_role\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnection(ctx, \"connection\", \u0026bigquery.ConnectionArgs{\n\t\t\tConnectionId: pulumi.String(\"my-connection\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tFriendlyName: pulumi.String(\"👋\"),\n\t\t\tDescription: pulumi.String(\"a riveting description\"),\n\t\t\tCloudSpanner: \u0026bigquery.ConnectionCloudSpannerArgs{\n\t\t\t\tDatabase: pulumi.String(\"projects/project/instances/instance/databases/database\"),\n\t\t\t\tDatabaseRole: pulumi.String(\"database_role\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Connection;\nimport com.pulumi.gcp.bigquery.ConnectionArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionCloudSpannerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var connection = new Connection(\"connection\", ConnectionArgs.builder()\n .connectionId(\"my-connection\")\n .location(\"US\")\n .friendlyName(\"👋\")\n .description(\"a riveting description\")\n .cloudSpanner(ConnectionCloudSpannerArgs.builder()\n .database(\"projects/project/instances/instance/databases/database\")\n .databaseRole(\"database_role\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n connection:\n type: gcp:bigquery:Connection\n properties:\n connectionId: my-connection\n location: US\n friendlyName: \"\\U0001F44B\"\n description: a riveting description\n cloudSpanner:\n database: projects/project/instances/instance/databases/database\n databaseRole: database_role\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Connection Cloudspanner Databoost\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst connection = new gcp.bigquery.Connection(\"connection\", {\n connectionId: \"my-connection\",\n location: \"US\",\n friendlyName: \"👋\",\n description: \"a riveting description\",\n cloudSpanner: {\n database: \"projects/project/instances/instance/databases/database\",\n useParallelism: true,\n useDataBoost: true,\n maxParallelism: 100,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nconnection = gcp.bigquery.Connection(\"connection\",\n connection_id=\"my-connection\",\n location=\"US\",\n friendly_name=\"👋\",\n description=\"a riveting description\",\n cloud_spanner={\n \"database\": \"projects/project/instances/instance/databases/database\",\n \"use_parallelism\": True,\n \"use_data_boost\": True,\n \"max_parallelism\": 100,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var connection = new Gcp.BigQuery.Connection(\"connection\", new()\n {\n ConnectionId = \"my-connection\",\n Location = \"US\",\n FriendlyName = \"👋\",\n Description = \"a riveting description\",\n CloudSpanner = new Gcp.BigQuery.Inputs.ConnectionCloudSpannerArgs\n {\n Database = \"projects/project/instances/instance/databases/database\",\n UseParallelism = true,\n UseDataBoost = true,\n MaxParallelism = 100,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnection(ctx, \"connection\", \u0026bigquery.ConnectionArgs{\n\t\t\tConnectionId: pulumi.String(\"my-connection\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tFriendlyName: pulumi.String(\"👋\"),\n\t\t\tDescription: pulumi.String(\"a riveting description\"),\n\t\t\tCloudSpanner: \u0026bigquery.ConnectionCloudSpannerArgs{\n\t\t\t\tDatabase: pulumi.String(\"projects/project/instances/instance/databases/database\"),\n\t\t\t\tUseParallelism: pulumi.Bool(true),\n\t\t\t\tUseDataBoost: pulumi.Bool(true),\n\t\t\t\tMaxParallelism: pulumi.Int(100),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Connection;\nimport com.pulumi.gcp.bigquery.ConnectionArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionCloudSpannerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var connection = new Connection(\"connection\", ConnectionArgs.builder()\n .connectionId(\"my-connection\")\n .location(\"US\")\n .friendlyName(\"👋\")\n .description(\"a riveting description\")\n .cloudSpanner(ConnectionCloudSpannerArgs.builder()\n .database(\"projects/project/instances/instance/databases/database\")\n .useParallelism(true)\n .useDataBoost(true)\n .maxParallelism(100)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n connection:\n type: gcp:bigquery:Connection\n properties:\n connectionId: my-connection\n location: US\n friendlyName: \"\\U0001F44B\"\n description: a riveting description\n cloudSpanner:\n database: projects/project/instances/instance/databases/database\n useParallelism: true\n useDataBoost: true\n maxParallelism: 100\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Connection Spark\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = new gcp.dataproc.Cluster(\"basic\", {\n name: \"my-connection\",\n region: \"us-central1\",\n clusterConfig: {\n softwareConfig: {\n overrideProperties: {\n \"dataproc:dataproc.allow.zero.workers\": \"true\",\n },\n },\n masterConfig: {\n numInstances: 1,\n machineType: \"e2-standard-2\",\n diskConfig: {\n bootDiskSizeGb: 35,\n },\n },\n },\n});\nconst connection = new gcp.bigquery.Connection(\"connection\", {\n connectionId: \"my-connection\",\n location: \"US\",\n friendlyName: \"👋\",\n description: \"a riveting description\",\n spark: {\n sparkHistoryServerConfig: {\n dataprocCluster: basic.id,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic = gcp.dataproc.Cluster(\"basic\",\n name=\"my-connection\",\n region=\"us-central1\",\n cluster_config={\n \"software_config\": {\n \"override_properties\": {\n \"dataproc:dataproc.allow.zero.workers\": \"true\",\n },\n },\n \"master_config\": {\n \"num_instances\": 1,\n \"machine_type\": \"e2-standard-2\",\n \"disk_config\": {\n \"boot_disk_size_gb\": 35,\n },\n },\n })\nconnection = gcp.bigquery.Connection(\"connection\",\n connection_id=\"my-connection\",\n location=\"US\",\n friendly_name=\"👋\",\n description=\"a riveting description\",\n spark={\n \"spark_history_server_config\": {\n \"dataproc_cluster\": basic.id,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = new Gcp.Dataproc.Cluster(\"basic\", new()\n {\n Name = \"my-connection\",\n Region = \"us-central1\",\n ClusterConfig = new Gcp.Dataproc.Inputs.ClusterClusterConfigArgs\n {\n SoftwareConfig = new Gcp.Dataproc.Inputs.ClusterClusterConfigSoftwareConfigArgs\n {\n OverrideProperties = \n {\n { \"dataproc:dataproc.allow.zero.workers\", \"true\" },\n },\n },\n MasterConfig = new Gcp.Dataproc.Inputs.ClusterClusterConfigMasterConfigArgs\n {\n NumInstances = 1,\n MachineType = \"e2-standard-2\",\n DiskConfig = new Gcp.Dataproc.Inputs.ClusterClusterConfigMasterConfigDiskConfigArgs\n {\n BootDiskSizeGb = 35,\n },\n },\n },\n });\n\n var connection = new Gcp.BigQuery.Connection(\"connection\", new()\n {\n ConnectionId = \"my-connection\",\n Location = \"US\",\n FriendlyName = \"👋\",\n Description = \"a riveting description\",\n Spark = new Gcp.BigQuery.Inputs.ConnectionSparkArgs\n {\n SparkHistoryServerConfig = new Gcp.BigQuery.Inputs.ConnectionSparkSparkHistoryServerConfigArgs\n {\n DataprocCluster = basic.Id,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbasic, err := dataproc.NewCluster(ctx, \"basic\", \u0026dataproc.ClusterArgs{\n\t\t\tName: pulumi.String(\"my-connection\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tClusterConfig: \u0026dataproc.ClusterClusterConfigArgs{\n\t\t\t\tSoftwareConfig: \u0026dataproc.ClusterClusterConfigSoftwareConfigArgs{\n\t\t\t\t\tOverrideProperties: pulumi.StringMap{\n\t\t\t\t\t\t\"dataproc:dataproc.allow.zero.workers\": pulumi.String(\"true\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tMasterConfig: \u0026dataproc.ClusterClusterConfigMasterConfigArgs{\n\t\t\t\t\tNumInstances: pulumi.Int(1),\n\t\t\t\t\tMachineType: pulumi.String(\"e2-standard-2\"),\n\t\t\t\t\tDiskConfig: \u0026dataproc.ClusterClusterConfigMasterConfigDiskConfigArgs{\n\t\t\t\t\t\tBootDiskSizeGb: pulumi.Int(35),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewConnection(ctx, \"connection\", \u0026bigquery.ConnectionArgs{\n\t\t\tConnectionId: pulumi.String(\"my-connection\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tFriendlyName: pulumi.String(\"👋\"),\n\t\t\tDescription: pulumi.String(\"a riveting description\"),\n\t\t\tSpark: \u0026bigquery.ConnectionSparkArgs{\n\t\t\t\tSparkHistoryServerConfig: \u0026bigquery.ConnectionSparkSparkHistoryServerConfigArgs{\n\t\t\t\t\tDataprocCluster: basic.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.Cluster;\nimport com.pulumi.gcp.dataproc.ClusterArgs;\nimport com.pulumi.gcp.dataproc.inputs.ClusterClusterConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.ClusterClusterConfigSoftwareConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.ClusterClusterConfigMasterConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.ClusterClusterConfigMasterConfigDiskConfigArgs;\nimport com.pulumi.gcp.bigquery.Connection;\nimport com.pulumi.gcp.bigquery.ConnectionArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionSparkArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionSparkSparkHistoryServerConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basic = new Cluster(\"basic\", ClusterArgs.builder()\n .name(\"my-connection\")\n .region(\"us-central1\")\n .clusterConfig(ClusterClusterConfigArgs.builder()\n .softwareConfig(ClusterClusterConfigSoftwareConfigArgs.builder()\n .overrideProperties(Map.of(\"dataproc:dataproc.allow.zero.workers\", \"true\"))\n .build())\n .masterConfig(ClusterClusterConfigMasterConfigArgs.builder()\n .numInstances(1)\n .machineType(\"e2-standard-2\")\n .diskConfig(ClusterClusterConfigMasterConfigDiskConfigArgs.builder()\n .bootDiskSizeGb(35)\n .build())\n .build())\n .build())\n .build());\n\n var connection = new Connection(\"connection\", ConnectionArgs.builder()\n .connectionId(\"my-connection\")\n .location(\"US\")\n .friendlyName(\"👋\")\n .description(\"a riveting description\")\n .spark(ConnectionSparkArgs.builder()\n .sparkHistoryServerConfig(ConnectionSparkSparkHistoryServerConfigArgs.builder()\n .dataprocCluster(basic.id())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n connection:\n type: gcp:bigquery:Connection\n properties:\n connectionId: my-connection\n location: US\n friendlyName: \"\\U0001F44B\"\n description: a riveting description\n spark:\n sparkHistoryServerConfig:\n dataprocCluster: ${basic.id}\n basic:\n type: gcp:dataproc:Cluster\n properties:\n name: my-connection\n region: us-central1\n clusterConfig:\n softwareConfig:\n overrideProperties:\n dataproc:dataproc.allow.zero.workers: 'true'\n masterConfig:\n numInstances: 1\n machineType: e2-standard-2\n diskConfig:\n bootDiskSizeGb: 35\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Connection Sql With Cmek\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.sql.DatabaseInstance(\"instance\", {\n name: \"my-database-instance\",\n region: \"us-central1\",\n databaseVersion: \"POSTGRES_11\",\n settings: {\n tier: \"db-f1-micro\",\n },\n deletionProtection: true,\n});\nconst db = new gcp.sql.Database(\"db\", {\n instance: instance.name,\n name: \"db\",\n});\nconst user = new gcp.sql.User(\"user\", {\n name: \"user\",\n instance: instance.name,\n password: \"tf-test-my-password_77884\",\n});\nconst bqSa = gcp.bigquery.getDefaultServiceAccount({});\nconst keySaUser = new gcp.kms.CryptoKeyIAMMember(\"key_sa_user\", {\n cryptoKeyId: \"projects/project/locations/us-central1/keyRings/us-central1/cryptoKeys/bq-key\",\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: bqSa.then(bqSa =\u003e `serviceAccount:${bqSa.email}`),\n});\nconst bq_connection_cmek = new gcp.bigquery.Connection(\"bq-connection-cmek\", {\n friendlyName: \"👋\",\n description: \"a riveting description\",\n location: \"US\",\n kmsKeyName: \"projects/project/locations/us-central1/keyRings/us-central1/cryptoKeys/bq-key\",\n cloudSql: {\n instanceId: instance.connectionName,\n database: db.name,\n type: \"POSTGRES\",\n credential: {\n username: user.name,\n password: user.password,\n },\n },\n}, {\n dependsOn: [keySaUser],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.sql.DatabaseInstance(\"instance\",\n name=\"my-database-instance\",\n region=\"us-central1\",\n database_version=\"POSTGRES_11\",\n settings={\n \"tier\": \"db-f1-micro\",\n },\n deletion_protection=True)\ndb = gcp.sql.Database(\"db\",\n instance=instance.name,\n name=\"db\")\nuser = gcp.sql.User(\"user\",\n name=\"user\",\n instance=instance.name,\n password=\"tf-test-my-password_77884\")\nbq_sa = gcp.bigquery.get_default_service_account()\nkey_sa_user = gcp.kms.CryptoKeyIAMMember(\"key_sa_user\",\n crypto_key_id=\"projects/project/locations/us-central1/keyRings/us-central1/cryptoKeys/bq-key\",\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:{bq_sa.email}\")\nbq_connection_cmek = gcp.bigquery.Connection(\"bq-connection-cmek\",\n friendly_name=\"👋\",\n description=\"a riveting description\",\n location=\"US\",\n kms_key_name=\"projects/project/locations/us-central1/keyRings/us-central1/cryptoKeys/bq-key\",\n cloud_sql={\n \"instance_id\": instance.connection_name,\n \"database\": db.name,\n \"type\": \"POSTGRES\",\n \"credential\": {\n \"username\": user.name,\n \"password\": user.password,\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[key_sa_user]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Sql.DatabaseInstance(\"instance\", new()\n {\n Name = \"my-database-instance\",\n Region = \"us-central1\",\n DatabaseVersion = \"POSTGRES_11\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n },\n DeletionProtection = true,\n });\n\n var db = new Gcp.Sql.Database(\"db\", new()\n {\n Instance = instance.Name,\n Name = \"db\",\n });\n\n var user = new Gcp.Sql.User(\"user\", new()\n {\n Name = \"user\",\n Instance = instance.Name,\n Password = \"tf-test-my-password_77884\",\n });\n\n var bqSa = Gcp.BigQuery.GetDefaultServiceAccount.Invoke();\n\n var keySaUser = new Gcp.Kms.CryptoKeyIAMMember(\"key_sa_user\", new()\n {\n CryptoKeyId = \"projects/project/locations/us-central1/keyRings/us-central1/cryptoKeys/bq-key\",\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:{bqSa.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Email)}\",\n });\n\n var bq_connection_cmek = new Gcp.BigQuery.Connection(\"bq-connection-cmek\", new()\n {\n FriendlyName = \"👋\",\n Description = \"a riveting description\",\n Location = \"US\",\n KmsKeyName = \"projects/project/locations/us-central1/keyRings/us-central1/cryptoKeys/bq-key\",\n CloudSql = new Gcp.BigQuery.Inputs.ConnectionCloudSqlArgs\n {\n InstanceId = instance.ConnectionName,\n Database = db.Name,\n Type = \"POSTGRES\",\n Credential = new Gcp.BigQuery.Inputs.ConnectionCloudSqlCredentialArgs\n {\n Username = user.Name,\n Password = user.Password,\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n keySaUser,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinstance, err := sql.NewDatabaseInstance(ctx, \"instance\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"my-database-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tDatabaseVersion: pulumi.String(\"POSTGRES_11\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdb, err := sql.NewDatabase(ctx, \"db\", \u0026sql.DatabaseArgs{\n\t\t\tInstance: instance.Name,\n\t\t\tName: pulumi.String(\"db\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := sql.NewUser(ctx, \"user\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"user\"),\n\t\t\tInstance: instance.Name,\n\t\t\tPassword: pulumi.String(\"tf-test-my-password_77884\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbqSa, err := bigquery.GetDefaultServiceAccount(ctx, \u0026bigquery.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkeySaUser, err := kms.NewCryptoKeyIAMMember(ctx, \"key_sa_user\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.String(\"projects/project/locations/us-central1/keyRings/us-central1/cryptoKeys/bq-key\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v\", bqSa.Email),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewConnection(ctx, \"bq-connection-cmek\", \u0026bigquery.ConnectionArgs{\n\t\t\tFriendlyName: pulumi.String(\"👋\"),\n\t\t\tDescription: pulumi.String(\"a riveting description\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tKmsKeyName: pulumi.String(\"projects/project/locations/us-central1/keyRings/us-central1/cryptoKeys/bq-key\"),\n\t\t\tCloudSql: \u0026bigquery.ConnectionCloudSqlArgs{\n\t\t\t\tInstanceId: instance.ConnectionName,\n\t\t\t\tDatabase: db.Name,\n\t\t\t\tType: pulumi.String(\"POSTGRES\"),\n\t\t\t\tCredential: \u0026bigquery.ConnectionCloudSqlCredentialArgs{\n\t\t\t\t\tUsername: user.Name,\n\t\t\t\t\tPassword: user.Password,\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tkeySaUser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.Database;\nimport com.pulumi.gcp.sql.DatabaseArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport com.pulumi.gcp.bigquery.BigqueryFunctions;\nimport com.pulumi.gcp.bigquery.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.bigquery.Connection;\nimport com.pulumi.gcp.bigquery.ConnectionArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionCloudSqlArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionCloudSqlCredentialArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new DatabaseInstance(\"instance\", DatabaseInstanceArgs.builder()\n .name(\"my-database-instance\")\n .region(\"us-central1\")\n .databaseVersion(\"POSTGRES_11\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .build())\n .deletionProtection(true)\n .build());\n\n var db = new Database(\"db\", DatabaseArgs.builder()\n .instance(instance.name())\n .name(\"db\")\n .build());\n\n var user = new User(\"user\", UserArgs.builder()\n .name(\"user\")\n .instance(instance.name())\n .password(\"tf-test-my-password_77884\")\n .build());\n\n final var bqSa = BigqueryFunctions.getDefaultServiceAccount();\n\n var keySaUser = new CryptoKeyIAMMember(\"keySaUser\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(\"projects/project/locations/us-central1/keyRings/us-central1/cryptoKeys/bq-key\")\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:%s\", bqSa.applyValue(getDefaultServiceAccountResult -\u003e getDefaultServiceAccountResult.email())))\n .build());\n\n var bq_connection_cmek = new Connection(\"bq-connection-cmek\", ConnectionArgs.builder()\n .friendlyName(\"👋\")\n .description(\"a riveting description\")\n .location(\"US\")\n .kmsKeyName(\"projects/project/locations/us-central1/keyRings/us-central1/cryptoKeys/bq-key\")\n .cloudSql(ConnectionCloudSqlArgs.builder()\n .instanceId(instance.connectionName())\n .database(db.name())\n .type(\"POSTGRES\")\n .credential(ConnectionCloudSqlCredentialArgs.builder()\n .username(user.name())\n .password(user.password())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(keySaUser)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:sql:DatabaseInstance\n properties:\n name: my-database-instance\n region: us-central1\n databaseVersion: POSTGRES_11\n settings:\n tier: db-f1-micro\n deletionProtection: true\n db:\n type: gcp:sql:Database\n properties:\n instance: ${instance.name}\n name: db\n user:\n type: gcp:sql:User\n properties:\n name: user\n instance: ${instance.name}\n password: tf-test-my-password_77884\n keySaUser:\n type: gcp:kms:CryptoKeyIAMMember\n name: key_sa_user\n properties:\n cryptoKeyId: projects/project/locations/us-central1/keyRings/us-central1/cryptoKeys/bq-key\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:${bqSa.email}\n bq-connection-cmek:\n type: gcp:bigquery:Connection\n properties:\n friendlyName: \"\\U0001F44B\"\n description: a riveting description\n location: US\n kmsKeyName: projects/project/locations/us-central1/keyRings/us-central1/cryptoKeys/bq-key\n cloudSql:\n instanceId: ${instance.connectionName}\n database: ${db.name}\n type: POSTGRES\n credential:\n username: ${user.name}\n password: ${user.password}\n options:\n dependson:\n - ${keySaUser}\nvariables:\n bqSa:\n fn::invoke:\n Function: gcp:bigquery:getDefaultServiceAccount\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nConnection can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/connections/{{connection_id}}`\n\n* `{{project}}/{{location}}/{{connection_id}}`\n\n* `{{location}}/{{connection_id}}`\n\nWhen using the `pulumi import` command, Connection can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:bigquery/connection:Connection default projects/{{project}}/locations/{{location}}/connections/{{connection_id}}\n```\n\n```sh\n$ pulumi import gcp:bigquery/connection:Connection default {{project}}/{{location}}/{{connection_id}}\n```\n\n```sh\n$ pulumi import gcp:bigquery/connection:Connection default {{location}}/{{connection_id}}\n```\n\n", + "description": "A connection allows BigQuery connections to external data sources..\n\n\nTo get more information about Connection, see:\n\n* [API documentation](https://cloud.google.com/bigquery/docs/reference/bigqueryconnection/rest/v1/projects.locations.connections/create)\n* How-to Guides\n * [Cloud SQL federated queries](https://cloud.google.com/bigquery/docs/cloud-sql-federated-queries)\n\n\n\n## Example Usage\n\n### Bigquery Connection Cloud Resource\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst connection = new gcp.bigquery.Connection(\"connection\", {\n connectionId: \"my-connection\",\n location: \"US\",\n friendlyName: \"👋\",\n description: \"a riveting description\",\n cloudResource: {},\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nconnection = gcp.bigquery.Connection(\"connection\",\n connection_id=\"my-connection\",\n location=\"US\",\n friendly_name=\"👋\",\n description=\"a riveting description\",\n cloud_resource={})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var connection = new Gcp.BigQuery.Connection(\"connection\", new()\n {\n ConnectionId = \"my-connection\",\n Location = \"US\",\n FriendlyName = \"👋\",\n Description = \"a riveting description\",\n CloudResource = null,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnection(ctx, \"connection\", \u0026bigquery.ConnectionArgs{\n\t\t\tConnectionId: pulumi.String(\"my-connection\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tFriendlyName: pulumi.String(\"👋\"),\n\t\t\tDescription: pulumi.String(\"a riveting description\"),\n\t\t\tCloudResource: \u0026bigquery.ConnectionCloudResourceArgs{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Connection;\nimport com.pulumi.gcp.bigquery.ConnectionArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionCloudResourceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var connection = new Connection(\"connection\", ConnectionArgs.builder()\n .connectionId(\"my-connection\")\n .location(\"US\")\n .friendlyName(\"👋\")\n .description(\"a riveting description\")\n .cloudResource()\n .build());\n\n }\n}\n```\n```yaml\nresources:\n connection:\n type: gcp:bigquery:Connection\n properties:\n connectionId: my-connection\n location: US\n friendlyName: \"\\U0001F44B\"\n description: a riveting description\n cloudResource: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Connection Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as random from \"@pulumi/random\";\n\nconst instance = new gcp.sql.DatabaseInstance(\"instance\", {\n name: \"my-database-instance\",\n databaseVersion: \"POSTGRES_11\",\n region: \"us-central1\",\n settings: {\n tier: \"db-f1-micro\",\n },\n deletionProtection: true,\n});\nconst db = new gcp.sql.Database(\"db\", {\n instance: instance.name,\n name: \"db\",\n});\nconst pwd = new random.RandomPassword(\"pwd\", {\n length: 16,\n special: false,\n});\nconst user = new gcp.sql.User(\"user\", {\n name: \"user\",\n instance: instance.name,\n password: pwd.result,\n});\nconst connection = new gcp.bigquery.Connection(\"connection\", {\n friendlyName: \"👋\",\n description: \"a riveting description\",\n location: \"US\",\n cloudSql: {\n instanceId: instance.connectionName,\n database: db.name,\n type: \"POSTGRES\",\n credential: {\n username: user.name,\n password: user.password,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_random as random\n\ninstance = gcp.sql.DatabaseInstance(\"instance\",\n name=\"my-database-instance\",\n database_version=\"POSTGRES_11\",\n region=\"us-central1\",\n settings={\n \"tier\": \"db-f1-micro\",\n },\n deletion_protection=True)\ndb = gcp.sql.Database(\"db\",\n instance=instance.name,\n name=\"db\")\npwd = random.RandomPassword(\"pwd\",\n length=16,\n special=False)\nuser = gcp.sql.User(\"user\",\n name=\"user\",\n instance=instance.name,\n password=pwd.result)\nconnection = gcp.bigquery.Connection(\"connection\",\n friendly_name=\"👋\",\n description=\"a riveting description\",\n location=\"US\",\n cloud_sql={\n \"instance_id\": instance.connection_name,\n \"database\": db.name,\n \"type\": \"POSTGRES\",\n \"credential\": {\n \"username\": user.name,\n \"password\": user.password,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Random = Pulumi.Random;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Sql.DatabaseInstance(\"instance\", new()\n {\n Name = \"my-database-instance\",\n DatabaseVersion = \"POSTGRES_11\",\n Region = \"us-central1\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n },\n DeletionProtection = true,\n });\n\n var db = new Gcp.Sql.Database(\"db\", new()\n {\n Instance = instance.Name,\n Name = \"db\",\n });\n\n var pwd = new Random.RandomPassword(\"pwd\", new()\n {\n Length = 16,\n Special = false,\n });\n\n var user = new Gcp.Sql.User(\"user\", new()\n {\n Name = \"user\",\n Instance = instance.Name,\n Password = pwd.Result,\n });\n\n var connection = new Gcp.BigQuery.Connection(\"connection\", new()\n {\n FriendlyName = \"👋\",\n Description = \"a riveting description\",\n Location = \"US\",\n CloudSql = new Gcp.BigQuery.Inputs.ConnectionCloudSqlArgs\n {\n InstanceId = instance.ConnectionName,\n Database = db.Name,\n Type = \"POSTGRES\",\n Credential = new Gcp.BigQuery.Inputs.ConnectionCloudSqlCredentialArgs\n {\n Username = user.Name,\n Password = user.Password,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi-random/sdk/v4/go/random\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinstance, err := sql.NewDatabaseInstance(ctx, \"instance\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"my-database-instance\"),\n\t\t\tDatabaseVersion: pulumi.String(\"POSTGRES_11\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdb, err := sql.NewDatabase(ctx, \"db\", \u0026sql.DatabaseArgs{\n\t\t\tInstance: instance.Name,\n\t\t\tName: pulumi.String(\"db\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpwd, err := random.NewRandomPassword(ctx, \"pwd\", \u0026random.RandomPasswordArgs{\n\t\t\tLength: pulumi.Int(16),\n\t\t\tSpecial: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := sql.NewUser(ctx, \"user\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"user\"),\n\t\t\tInstance: instance.Name,\n\t\t\tPassword: pwd.Result,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewConnection(ctx, \"connection\", \u0026bigquery.ConnectionArgs{\n\t\t\tFriendlyName: pulumi.String(\"👋\"),\n\t\t\tDescription: pulumi.String(\"a riveting description\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tCloudSql: \u0026bigquery.ConnectionCloudSqlArgs{\n\t\t\t\tInstanceId: instance.ConnectionName,\n\t\t\t\tDatabase: db.Name,\n\t\t\t\tType: pulumi.String(\"POSTGRES\"),\n\t\t\t\tCredential: \u0026bigquery.ConnectionCloudSqlCredentialArgs{\n\t\t\t\t\tUsername: user.Name,\n\t\t\t\t\tPassword: user.Password,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.Database;\nimport com.pulumi.gcp.sql.DatabaseArgs;\nimport com.pulumi.random.RandomPassword;\nimport com.pulumi.random.RandomPasswordArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport com.pulumi.gcp.bigquery.Connection;\nimport com.pulumi.gcp.bigquery.ConnectionArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionCloudSqlArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionCloudSqlCredentialArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new DatabaseInstance(\"instance\", DatabaseInstanceArgs.builder()\n .name(\"my-database-instance\")\n .databaseVersion(\"POSTGRES_11\")\n .region(\"us-central1\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .build())\n .deletionProtection(true)\n .build());\n\n var db = new Database(\"db\", DatabaseArgs.builder()\n .instance(instance.name())\n .name(\"db\")\n .build());\n\n var pwd = new RandomPassword(\"pwd\", RandomPasswordArgs.builder()\n .length(16)\n .special(false)\n .build());\n\n var user = new User(\"user\", UserArgs.builder()\n .name(\"user\")\n .instance(instance.name())\n .password(pwd.result())\n .build());\n\n var connection = new Connection(\"connection\", ConnectionArgs.builder()\n .friendlyName(\"👋\")\n .description(\"a riveting description\")\n .location(\"US\")\n .cloudSql(ConnectionCloudSqlArgs.builder()\n .instanceId(instance.connectionName())\n .database(db.name())\n .type(\"POSTGRES\")\n .credential(ConnectionCloudSqlCredentialArgs.builder()\n .username(user.name())\n .password(user.password())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:sql:DatabaseInstance\n properties:\n name: my-database-instance\n databaseVersion: POSTGRES_11\n region: us-central1\n settings:\n tier: db-f1-micro\n deletionProtection: true\n db:\n type: gcp:sql:Database\n properties:\n instance: ${instance.name}\n name: db\n pwd:\n type: random:RandomPassword\n properties:\n length: 16\n special: false\n user:\n type: gcp:sql:User\n properties:\n name: user\n instance: ${instance.name}\n password: ${pwd.result}\n connection:\n type: gcp:bigquery:Connection\n properties:\n friendlyName: \"\\U0001F44B\"\n description: a riveting description\n location: US\n cloudSql:\n instanceId: ${instance.connectionName}\n database: ${db.name}\n type: POSTGRES\n credential:\n username: ${user.name}\n password: ${user.password}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Connection Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as random from \"@pulumi/random\";\n\nconst instance = new gcp.sql.DatabaseInstance(\"instance\", {\n name: \"my-database-instance\",\n databaseVersion: \"POSTGRES_11\",\n region: \"us-central1\",\n settings: {\n tier: \"db-f1-micro\",\n },\n deletionProtection: true,\n});\nconst db = new gcp.sql.Database(\"db\", {\n instance: instance.name,\n name: \"db\",\n});\nconst pwd = new random.RandomPassword(\"pwd\", {\n length: 16,\n special: false,\n});\nconst user = new gcp.sql.User(\"user\", {\n name: \"user\",\n instance: instance.name,\n password: pwd.result,\n});\nconst connection = new gcp.bigquery.Connection(\"connection\", {\n connectionId: \"my-connection\",\n location: \"US\",\n friendlyName: \"👋\",\n description: \"a riveting description\",\n cloudSql: {\n instanceId: instance.connectionName,\n database: db.name,\n type: \"POSTGRES\",\n credential: {\n username: user.name,\n password: user.password,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_random as random\n\ninstance = gcp.sql.DatabaseInstance(\"instance\",\n name=\"my-database-instance\",\n database_version=\"POSTGRES_11\",\n region=\"us-central1\",\n settings={\n \"tier\": \"db-f1-micro\",\n },\n deletion_protection=True)\ndb = gcp.sql.Database(\"db\",\n instance=instance.name,\n name=\"db\")\npwd = random.RandomPassword(\"pwd\",\n length=16,\n special=False)\nuser = gcp.sql.User(\"user\",\n name=\"user\",\n instance=instance.name,\n password=pwd.result)\nconnection = gcp.bigquery.Connection(\"connection\",\n connection_id=\"my-connection\",\n location=\"US\",\n friendly_name=\"👋\",\n description=\"a riveting description\",\n cloud_sql={\n \"instance_id\": instance.connection_name,\n \"database\": db.name,\n \"type\": \"POSTGRES\",\n \"credential\": {\n \"username\": user.name,\n \"password\": user.password,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Random = Pulumi.Random;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Sql.DatabaseInstance(\"instance\", new()\n {\n Name = \"my-database-instance\",\n DatabaseVersion = \"POSTGRES_11\",\n Region = \"us-central1\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n },\n DeletionProtection = true,\n });\n\n var db = new Gcp.Sql.Database(\"db\", new()\n {\n Instance = instance.Name,\n Name = \"db\",\n });\n\n var pwd = new Random.RandomPassword(\"pwd\", new()\n {\n Length = 16,\n Special = false,\n });\n\n var user = new Gcp.Sql.User(\"user\", new()\n {\n Name = \"user\",\n Instance = instance.Name,\n Password = pwd.Result,\n });\n\n var connection = new Gcp.BigQuery.Connection(\"connection\", new()\n {\n ConnectionId = \"my-connection\",\n Location = \"US\",\n FriendlyName = \"👋\",\n Description = \"a riveting description\",\n CloudSql = new Gcp.BigQuery.Inputs.ConnectionCloudSqlArgs\n {\n InstanceId = instance.ConnectionName,\n Database = db.Name,\n Type = \"POSTGRES\",\n Credential = new Gcp.BigQuery.Inputs.ConnectionCloudSqlCredentialArgs\n {\n Username = user.Name,\n Password = user.Password,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi-random/sdk/v4/go/random\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinstance, err := sql.NewDatabaseInstance(ctx, \"instance\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"my-database-instance\"),\n\t\t\tDatabaseVersion: pulumi.String(\"POSTGRES_11\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdb, err := sql.NewDatabase(ctx, \"db\", \u0026sql.DatabaseArgs{\n\t\t\tInstance: instance.Name,\n\t\t\tName: pulumi.String(\"db\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpwd, err := random.NewRandomPassword(ctx, \"pwd\", \u0026random.RandomPasswordArgs{\n\t\t\tLength: pulumi.Int(16),\n\t\t\tSpecial: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := sql.NewUser(ctx, \"user\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"user\"),\n\t\t\tInstance: instance.Name,\n\t\t\tPassword: pwd.Result,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewConnection(ctx, \"connection\", \u0026bigquery.ConnectionArgs{\n\t\t\tConnectionId: pulumi.String(\"my-connection\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tFriendlyName: pulumi.String(\"👋\"),\n\t\t\tDescription: pulumi.String(\"a riveting description\"),\n\t\t\tCloudSql: \u0026bigquery.ConnectionCloudSqlArgs{\n\t\t\t\tInstanceId: instance.ConnectionName,\n\t\t\t\tDatabase: db.Name,\n\t\t\t\tType: pulumi.String(\"POSTGRES\"),\n\t\t\t\tCredential: \u0026bigquery.ConnectionCloudSqlCredentialArgs{\n\t\t\t\t\tUsername: user.Name,\n\t\t\t\t\tPassword: user.Password,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.Database;\nimport com.pulumi.gcp.sql.DatabaseArgs;\nimport com.pulumi.random.RandomPassword;\nimport com.pulumi.random.RandomPasswordArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport com.pulumi.gcp.bigquery.Connection;\nimport com.pulumi.gcp.bigquery.ConnectionArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionCloudSqlArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionCloudSqlCredentialArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new DatabaseInstance(\"instance\", DatabaseInstanceArgs.builder()\n .name(\"my-database-instance\")\n .databaseVersion(\"POSTGRES_11\")\n .region(\"us-central1\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .build())\n .deletionProtection(true)\n .build());\n\n var db = new Database(\"db\", DatabaseArgs.builder()\n .instance(instance.name())\n .name(\"db\")\n .build());\n\n var pwd = new RandomPassword(\"pwd\", RandomPasswordArgs.builder()\n .length(16)\n .special(false)\n .build());\n\n var user = new User(\"user\", UserArgs.builder()\n .name(\"user\")\n .instance(instance.name())\n .password(pwd.result())\n .build());\n\n var connection = new Connection(\"connection\", ConnectionArgs.builder()\n .connectionId(\"my-connection\")\n .location(\"US\")\n .friendlyName(\"👋\")\n .description(\"a riveting description\")\n .cloudSql(ConnectionCloudSqlArgs.builder()\n .instanceId(instance.connectionName())\n .database(db.name())\n .type(\"POSTGRES\")\n .credential(ConnectionCloudSqlCredentialArgs.builder()\n .username(user.name())\n .password(user.password())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:sql:DatabaseInstance\n properties:\n name: my-database-instance\n databaseVersion: POSTGRES_11\n region: us-central1\n settings:\n tier: db-f1-micro\n deletionProtection: true\n db:\n type: gcp:sql:Database\n properties:\n instance: ${instance.name}\n name: db\n pwd:\n type: random:RandomPassword\n properties:\n length: 16\n special: false\n user:\n type: gcp:sql:User\n properties:\n name: user\n instance: ${instance.name}\n password: ${pwd.result}\n connection:\n type: gcp:bigquery:Connection\n properties:\n connectionId: my-connection\n location: US\n friendlyName: \"\\U0001F44B\"\n description: a riveting description\n cloudSql:\n instanceId: ${instance.connectionName}\n database: ${db.name}\n type: POSTGRES\n credential:\n username: ${user.name}\n password: ${user.password}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Connection Aws\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst connection = new gcp.bigquery.Connection(\"connection\", {\n connectionId: \"my-connection\",\n location: \"aws-us-east-1\",\n friendlyName: \"👋\",\n description: \"a riveting description\",\n aws: {\n accessRole: {\n iamRoleId: \"arn:aws:iam::999999999999:role/omnirole\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nconnection = gcp.bigquery.Connection(\"connection\",\n connection_id=\"my-connection\",\n location=\"aws-us-east-1\",\n friendly_name=\"👋\",\n description=\"a riveting description\",\n aws={\n \"access_role\": {\n \"iam_role_id\": \"arn:aws:iam::999999999999:role/omnirole\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var connection = new Gcp.BigQuery.Connection(\"connection\", new()\n {\n ConnectionId = \"my-connection\",\n Location = \"aws-us-east-1\",\n FriendlyName = \"👋\",\n Description = \"a riveting description\",\n Aws = new Gcp.BigQuery.Inputs.ConnectionAwsArgs\n {\n AccessRole = new Gcp.BigQuery.Inputs.ConnectionAwsAccessRoleArgs\n {\n IamRoleId = \"arn:aws:iam::999999999999:role/omnirole\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnection(ctx, \"connection\", \u0026bigquery.ConnectionArgs{\n\t\t\tConnectionId: pulumi.String(\"my-connection\"),\n\t\t\tLocation: pulumi.String(\"aws-us-east-1\"),\n\t\t\tFriendlyName: pulumi.String(\"👋\"),\n\t\t\tDescription: pulumi.String(\"a riveting description\"),\n\t\t\tAws: \u0026bigquery.ConnectionAwsArgs{\n\t\t\t\tAccessRole: \u0026bigquery.ConnectionAwsAccessRoleArgs{\n\t\t\t\t\tIamRoleId: pulumi.String(\"arn:aws:iam::999999999999:role/omnirole\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Connection;\nimport com.pulumi.gcp.bigquery.ConnectionArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionAwsArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionAwsAccessRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var connection = new Connection(\"connection\", ConnectionArgs.builder()\n .connectionId(\"my-connection\")\n .location(\"aws-us-east-1\")\n .friendlyName(\"👋\")\n .description(\"a riveting description\")\n .aws(ConnectionAwsArgs.builder()\n .accessRole(ConnectionAwsAccessRoleArgs.builder()\n .iamRoleId(\"arn:aws:iam::999999999999:role/omnirole\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n connection:\n type: gcp:bigquery:Connection\n properties:\n connectionId: my-connection\n location: aws-us-east-1\n friendlyName: \"\\U0001F44B\"\n description: a riveting description\n aws:\n accessRole:\n iamRoleId: arn:aws:iam::999999999999:role/omnirole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Connection Azure\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst connection = new gcp.bigquery.Connection(\"connection\", {\n connectionId: \"my-connection\",\n location: \"azure-eastus2\",\n friendlyName: \"👋\",\n description: \"a riveting description\",\n azure: {\n customerTenantId: \"customer-tenant-id\",\n federatedApplicationClientId: \"b43eeeee-eeee-eeee-eeee-a480155501ce\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nconnection = gcp.bigquery.Connection(\"connection\",\n connection_id=\"my-connection\",\n location=\"azure-eastus2\",\n friendly_name=\"👋\",\n description=\"a riveting description\",\n azure={\n \"customer_tenant_id\": \"customer-tenant-id\",\n \"federated_application_client_id\": \"b43eeeee-eeee-eeee-eeee-a480155501ce\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var connection = new Gcp.BigQuery.Connection(\"connection\", new()\n {\n ConnectionId = \"my-connection\",\n Location = \"azure-eastus2\",\n FriendlyName = \"👋\",\n Description = \"a riveting description\",\n Azure = new Gcp.BigQuery.Inputs.ConnectionAzureArgs\n {\n CustomerTenantId = \"customer-tenant-id\",\n FederatedApplicationClientId = \"b43eeeee-eeee-eeee-eeee-a480155501ce\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnection(ctx, \"connection\", \u0026bigquery.ConnectionArgs{\n\t\t\tConnectionId: pulumi.String(\"my-connection\"),\n\t\t\tLocation: pulumi.String(\"azure-eastus2\"),\n\t\t\tFriendlyName: pulumi.String(\"👋\"),\n\t\t\tDescription: pulumi.String(\"a riveting description\"),\n\t\t\tAzure: \u0026bigquery.ConnectionAzureArgs{\n\t\t\t\tCustomerTenantId: pulumi.String(\"customer-tenant-id\"),\n\t\t\t\tFederatedApplicationClientId: pulumi.String(\"b43eeeee-eeee-eeee-eeee-a480155501ce\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Connection;\nimport com.pulumi.gcp.bigquery.ConnectionArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionAzureArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var connection = new Connection(\"connection\", ConnectionArgs.builder()\n .connectionId(\"my-connection\")\n .location(\"azure-eastus2\")\n .friendlyName(\"👋\")\n .description(\"a riveting description\")\n .azure(ConnectionAzureArgs.builder()\n .customerTenantId(\"customer-tenant-id\")\n .federatedApplicationClientId(\"b43eeeee-eeee-eeee-eeee-a480155501ce\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n connection:\n type: gcp:bigquery:Connection\n properties:\n connectionId: my-connection\n location: azure-eastus2\n friendlyName: \"\\U0001F44B\"\n description: a riveting description\n azure:\n customerTenantId: customer-tenant-id\n federatedApplicationClientId: b43eeeee-eeee-eeee-eeee-a480155501ce\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Connection Cloudspanner\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst connection = new gcp.bigquery.Connection(\"connection\", {\n connectionId: \"my-connection\",\n location: \"US\",\n friendlyName: \"👋\",\n description: \"a riveting description\",\n cloudSpanner: {\n database: \"projects/project/instances/instance/databases/database\",\n databaseRole: \"database_role\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nconnection = gcp.bigquery.Connection(\"connection\",\n connection_id=\"my-connection\",\n location=\"US\",\n friendly_name=\"👋\",\n description=\"a riveting description\",\n cloud_spanner={\n \"database\": \"projects/project/instances/instance/databases/database\",\n \"database_role\": \"database_role\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var connection = new Gcp.BigQuery.Connection(\"connection\", new()\n {\n ConnectionId = \"my-connection\",\n Location = \"US\",\n FriendlyName = \"👋\",\n Description = \"a riveting description\",\n CloudSpanner = new Gcp.BigQuery.Inputs.ConnectionCloudSpannerArgs\n {\n Database = \"projects/project/instances/instance/databases/database\",\n DatabaseRole = \"database_role\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnection(ctx, \"connection\", \u0026bigquery.ConnectionArgs{\n\t\t\tConnectionId: pulumi.String(\"my-connection\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tFriendlyName: pulumi.String(\"👋\"),\n\t\t\tDescription: pulumi.String(\"a riveting description\"),\n\t\t\tCloudSpanner: \u0026bigquery.ConnectionCloudSpannerArgs{\n\t\t\t\tDatabase: pulumi.String(\"projects/project/instances/instance/databases/database\"),\n\t\t\t\tDatabaseRole: pulumi.String(\"database_role\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Connection;\nimport com.pulumi.gcp.bigquery.ConnectionArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionCloudSpannerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var connection = new Connection(\"connection\", ConnectionArgs.builder()\n .connectionId(\"my-connection\")\n .location(\"US\")\n .friendlyName(\"👋\")\n .description(\"a riveting description\")\n .cloudSpanner(ConnectionCloudSpannerArgs.builder()\n .database(\"projects/project/instances/instance/databases/database\")\n .databaseRole(\"database_role\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n connection:\n type: gcp:bigquery:Connection\n properties:\n connectionId: my-connection\n location: US\n friendlyName: \"\\U0001F44B\"\n description: a riveting description\n cloudSpanner:\n database: projects/project/instances/instance/databases/database\n databaseRole: database_role\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Connection Cloudspanner Databoost\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst connection = new gcp.bigquery.Connection(\"connection\", {\n connectionId: \"my-connection\",\n location: \"US\",\n friendlyName: \"👋\",\n description: \"a riveting description\",\n cloudSpanner: {\n database: \"projects/project/instances/instance/databases/database\",\n useParallelism: true,\n useDataBoost: true,\n maxParallelism: 100,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nconnection = gcp.bigquery.Connection(\"connection\",\n connection_id=\"my-connection\",\n location=\"US\",\n friendly_name=\"👋\",\n description=\"a riveting description\",\n cloud_spanner={\n \"database\": \"projects/project/instances/instance/databases/database\",\n \"use_parallelism\": True,\n \"use_data_boost\": True,\n \"max_parallelism\": 100,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var connection = new Gcp.BigQuery.Connection(\"connection\", new()\n {\n ConnectionId = \"my-connection\",\n Location = \"US\",\n FriendlyName = \"👋\",\n Description = \"a riveting description\",\n CloudSpanner = new Gcp.BigQuery.Inputs.ConnectionCloudSpannerArgs\n {\n Database = \"projects/project/instances/instance/databases/database\",\n UseParallelism = true,\n UseDataBoost = true,\n MaxParallelism = 100,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnection(ctx, \"connection\", \u0026bigquery.ConnectionArgs{\n\t\t\tConnectionId: pulumi.String(\"my-connection\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tFriendlyName: pulumi.String(\"👋\"),\n\t\t\tDescription: pulumi.String(\"a riveting description\"),\n\t\t\tCloudSpanner: \u0026bigquery.ConnectionCloudSpannerArgs{\n\t\t\t\tDatabase: pulumi.String(\"projects/project/instances/instance/databases/database\"),\n\t\t\t\tUseParallelism: pulumi.Bool(true),\n\t\t\t\tUseDataBoost: pulumi.Bool(true),\n\t\t\t\tMaxParallelism: pulumi.Int(100),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Connection;\nimport com.pulumi.gcp.bigquery.ConnectionArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionCloudSpannerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var connection = new Connection(\"connection\", ConnectionArgs.builder()\n .connectionId(\"my-connection\")\n .location(\"US\")\n .friendlyName(\"👋\")\n .description(\"a riveting description\")\n .cloudSpanner(ConnectionCloudSpannerArgs.builder()\n .database(\"projects/project/instances/instance/databases/database\")\n .useParallelism(true)\n .useDataBoost(true)\n .maxParallelism(100)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n connection:\n type: gcp:bigquery:Connection\n properties:\n connectionId: my-connection\n location: US\n friendlyName: \"\\U0001F44B\"\n description: a riveting description\n cloudSpanner:\n database: projects/project/instances/instance/databases/database\n useParallelism: true\n useDataBoost: true\n maxParallelism: 100\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Connection Spark\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = new gcp.dataproc.Cluster(\"basic\", {\n name: \"my-connection\",\n region: \"us-central1\",\n clusterConfig: {\n softwareConfig: {\n overrideProperties: {\n \"dataproc:dataproc.allow.zero.workers\": \"true\",\n },\n },\n masterConfig: {\n numInstances: 1,\n machineType: \"e2-standard-2\",\n diskConfig: {\n bootDiskSizeGb: 35,\n },\n },\n },\n});\nconst connection = new gcp.bigquery.Connection(\"connection\", {\n connectionId: \"my-connection\",\n location: \"US\",\n friendlyName: \"👋\",\n description: \"a riveting description\",\n spark: {\n sparkHistoryServerConfig: {\n dataprocCluster: basic.id,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic = gcp.dataproc.Cluster(\"basic\",\n name=\"my-connection\",\n region=\"us-central1\",\n cluster_config={\n \"software_config\": {\n \"override_properties\": {\n \"dataproc:dataproc.allow.zero.workers\": \"true\",\n },\n },\n \"master_config\": {\n \"num_instances\": 1,\n \"machine_type\": \"e2-standard-2\",\n \"disk_config\": {\n \"boot_disk_size_gb\": 35,\n },\n },\n })\nconnection = gcp.bigquery.Connection(\"connection\",\n connection_id=\"my-connection\",\n location=\"US\",\n friendly_name=\"👋\",\n description=\"a riveting description\",\n spark={\n \"spark_history_server_config\": {\n \"dataproc_cluster\": basic.id,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = new Gcp.Dataproc.Cluster(\"basic\", new()\n {\n Name = \"my-connection\",\n Region = \"us-central1\",\n ClusterConfig = new Gcp.Dataproc.Inputs.ClusterClusterConfigArgs\n {\n SoftwareConfig = new Gcp.Dataproc.Inputs.ClusterClusterConfigSoftwareConfigArgs\n {\n OverrideProperties = \n {\n { \"dataproc:dataproc.allow.zero.workers\", \"true\" },\n },\n },\n MasterConfig = new Gcp.Dataproc.Inputs.ClusterClusterConfigMasterConfigArgs\n {\n NumInstances = 1,\n MachineType = \"e2-standard-2\",\n DiskConfig = new Gcp.Dataproc.Inputs.ClusterClusterConfigMasterConfigDiskConfigArgs\n {\n BootDiskSizeGb = 35,\n },\n },\n },\n });\n\n var connection = new Gcp.BigQuery.Connection(\"connection\", new()\n {\n ConnectionId = \"my-connection\",\n Location = \"US\",\n FriendlyName = \"👋\",\n Description = \"a riveting description\",\n Spark = new Gcp.BigQuery.Inputs.ConnectionSparkArgs\n {\n SparkHistoryServerConfig = new Gcp.BigQuery.Inputs.ConnectionSparkSparkHistoryServerConfigArgs\n {\n DataprocCluster = basic.Id,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbasic, err := dataproc.NewCluster(ctx, \"basic\", \u0026dataproc.ClusterArgs{\n\t\t\tName: pulumi.String(\"my-connection\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tClusterConfig: \u0026dataproc.ClusterClusterConfigArgs{\n\t\t\t\tSoftwareConfig: \u0026dataproc.ClusterClusterConfigSoftwareConfigArgs{\n\t\t\t\t\tOverrideProperties: pulumi.StringMap{\n\t\t\t\t\t\t\"dataproc:dataproc.allow.zero.workers\": pulumi.String(\"true\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tMasterConfig: \u0026dataproc.ClusterClusterConfigMasterConfigArgs{\n\t\t\t\t\tNumInstances: pulumi.Int(1),\n\t\t\t\t\tMachineType: pulumi.String(\"e2-standard-2\"),\n\t\t\t\t\tDiskConfig: \u0026dataproc.ClusterClusterConfigMasterConfigDiskConfigArgs{\n\t\t\t\t\t\tBootDiskSizeGb: pulumi.Int(35),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewConnection(ctx, \"connection\", \u0026bigquery.ConnectionArgs{\n\t\t\tConnectionId: pulumi.String(\"my-connection\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tFriendlyName: pulumi.String(\"👋\"),\n\t\t\tDescription: pulumi.String(\"a riveting description\"),\n\t\t\tSpark: \u0026bigquery.ConnectionSparkArgs{\n\t\t\t\tSparkHistoryServerConfig: \u0026bigquery.ConnectionSparkSparkHistoryServerConfigArgs{\n\t\t\t\t\tDataprocCluster: basic.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.Cluster;\nimport com.pulumi.gcp.dataproc.ClusterArgs;\nimport com.pulumi.gcp.dataproc.inputs.ClusterClusterConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.ClusterClusterConfigSoftwareConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.ClusterClusterConfigMasterConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.ClusterClusterConfigMasterConfigDiskConfigArgs;\nimport com.pulumi.gcp.bigquery.Connection;\nimport com.pulumi.gcp.bigquery.ConnectionArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionSparkArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionSparkSparkHistoryServerConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basic = new Cluster(\"basic\", ClusterArgs.builder()\n .name(\"my-connection\")\n .region(\"us-central1\")\n .clusterConfig(ClusterClusterConfigArgs.builder()\n .softwareConfig(ClusterClusterConfigSoftwareConfigArgs.builder()\n .overrideProperties(Map.of(\"dataproc:dataproc.allow.zero.workers\", \"true\"))\n .build())\n .masterConfig(ClusterClusterConfigMasterConfigArgs.builder()\n .numInstances(1)\n .machineType(\"e2-standard-2\")\n .diskConfig(ClusterClusterConfigMasterConfigDiskConfigArgs.builder()\n .bootDiskSizeGb(35)\n .build())\n .build())\n .build())\n .build());\n\n var connection = new Connection(\"connection\", ConnectionArgs.builder()\n .connectionId(\"my-connection\")\n .location(\"US\")\n .friendlyName(\"👋\")\n .description(\"a riveting description\")\n .spark(ConnectionSparkArgs.builder()\n .sparkHistoryServerConfig(ConnectionSparkSparkHistoryServerConfigArgs.builder()\n .dataprocCluster(basic.id())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n connection:\n type: gcp:bigquery:Connection\n properties:\n connectionId: my-connection\n location: US\n friendlyName: \"\\U0001F44B\"\n description: a riveting description\n spark:\n sparkHistoryServerConfig:\n dataprocCluster: ${basic.id}\n basic:\n type: gcp:dataproc:Cluster\n properties:\n name: my-connection\n region: us-central1\n clusterConfig:\n softwareConfig:\n overrideProperties:\n dataproc:dataproc.allow.zero.workers: 'true'\n masterConfig:\n numInstances: 1\n machineType: e2-standard-2\n diskConfig:\n bootDiskSizeGb: 35\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Connection Sql With Cmek\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.sql.DatabaseInstance(\"instance\", {\n name: \"my-database-instance\",\n region: \"us-central1\",\n databaseVersion: \"POSTGRES_11\",\n settings: {\n tier: \"db-f1-micro\",\n },\n deletionProtection: true,\n});\nconst db = new gcp.sql.Database(\"db\", {\n instance: instance.name,\n name: \"db\",\n});\nconst user = new gcp.sql.User(\"user\", {\n name: \"user\",\n instance: instance.name,\n password: \"tf-test-my-password_77884\",\n});\nconst bqSa = gcp.bigquery.getDefaultServiceAccount({});\nconst keySaUser = new gcp.kms.CryptoKeyIAMMember(\"key_sa_user\", {\n cryptoKeyId: \"projects/project/locations/us-central1/keyRings/us-central1/cryptoKeys/bq-key\",\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: bqSa.then(bqSa =\u003e `serviceAccount:${bqSa.email}`),\n});\nconst bq_connection_cmek = new gcp.bigquery.Connection(\"bq-connection-cmek\", {\n friendlyName: \"👋\",\n description: \"a riveting description\",\n location: \"US\",\n kmsKeyName: \"projects/project/locations/us-central1/keyRings/us-central1/cryptoKeys/bq-key\",\n cloudSql: {\n instanceId: instance.connectionName,\n database: db.name,\n type: \"POSTGRES\",\n credential: {\n username: user.name,\n password: user.password,\n },\n },\n}, {\n dependsOn: [keySaUser],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.sql.DatabaseInstance(\"instance\",\n name=\"my-database-instance\",\n region=\"us-central1\",\n database_version=\"POSTGRES_11\",\n settings={\n \"tier\": \"db-f1-micro\",\n },\n deletion_protection=True)\ndb = gcp.sql.Database(\"db\",\n instance=instance.name,\n name=\"db\")\nuser = gcp.sql.User(\"user\",\n name=\"user\",\n instance=instance.name,\n password=\"tf-test-my-password_77884\")\nbq_sa = gcp.bigquery.get_default_service_account()\nkey_sa_user = gcp.kms.CryptoKeyIAMMember(\"key_sa_user\",\n crypto_key_id=\"projects/project/locations/us-central1/keyRings/us-central1/cryptoKeys/bq-key\",\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:{bq_sa.email}\")\nbq_connection_cmek = gcp.bigquery.Connection(\"bq-connection-cmek\",\n friendly_name=\"👋\",\n description=\"a riveting description\",\n location=\"US\",\n kms_key_name=\"projects/project/locations/us-central1/keyRings/us-central1/cryptoKeys/bq-key\",\n cloud_sql={\n \"instance_id\": instance.connection_name,\n \"database\": db.name,\n \"type\": \"POSTGRES\",\n \"credential\": {\n \"username\": user.name,\n \"password\": user.password,\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[key_sa_user]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Sql.DatabaseInstance(\"instance\", new()\n {\n Name = \"my-database-instance\",\n Region = \"us-central1\",\n DatabaseVersion = \"POSTGRES_11\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n },\n DeletionProtection = true,\n });\n\n var db = new Gcp.Sql.Database(\"db\", new()\n {\n Instance = instance.Name,\n Name = \"db\",\n });\n\n var user = new Gcp.Sql.User(\"user\", new()\n {\n Name = \"user\",\n Instance = instance.Name,\n Password = \"tf-test-my-password_77884\",\n });\n\n var bqSa = Gcp.BigQuery.GetDefaultServiceAccount.Invoke();\n\n var keySaUser = new Gcp.Kms.CryptoKeyIAMMember(\"key_sa_user\", new()\n {\n CryptoKeyId = \"projects/project/locations/us-central1/keyRings/us-central1/cryptoKeys/bq-key\",\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:{bqSa.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Email)}\",\n });\n\n var bq_connection_cmek = new Gcp.BigQuery.Connection(\"bq-connection-cmek\", new()\n {\n FriendlyName = \"👋\",\n Description = \"a riveting description\",\n Location = \"US\",\n KmsKeyName = \"projects/project/locations/us-central1/keyRings/us-central1/cryptoKeys/bq-key\",\n CloudSql = new Gcp.BigQuery.Inputs.ConnectionCloudSqlArgs\n {\n InstanceId = instance.ConnectionName,\n Database = db.Name,\n Type = \"POSTGRES\",\n Credential = new Gcp.BigQuery.Inputs.ConnectionCloudSqlCredentialArgs\n {\n Username = user.Name,\n Password = user.Password,\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n keySaUser,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinstance, err := sql.NewDatabaseInstance(ctx, \"instance\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"my-database-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tDatabaseVersion: pulumi.String(\"POSTGRES_11\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdb, err := sql.NewDatabase(ctx, \"db\", \u0026sql.DatabaseArgs{\n\t\t\tInstance: instance.Name,\n\t\t\tName: pulumi.String(\"db\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := sql.NewUser(ctx, \"user\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"user\"),\n\t\t\tInstance: instance.Name,\n\t\t\tPassword: pulumi.String(\"tf-test-my-password_77884\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbqSa, err := bigquery.GetDefaultServiceAccount(ctx, \u0026bigquery.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkeySaUser, err := kms.NewCryptoKeyIAMMember(ctx, \"key_sa_user\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.String(\"projects/project/locations/us-central1/keyRings/us-central1/cryptoKeys/bq-key\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v\", bqSa.Email),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewConnection(ctx, \"bq-connection-cmek\", \u0026bigquery.ConnectionArgs{\n\t\t\tFriendlyName: pulumi.String(\"👋\"),\n\t\t\tDescription: pulumi.String(\"a riveting description\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tKmsKeyName: pulumi.String(\"projects/project/locations/us-central1/keyRings/us-central1/cryptoKeys/bq-key\"),\n\t\t\tCloudSql: \u0026bigquery.ConnectionCloudSqlArgs{\n\t\t\t\tInstanceId: instance.ConnectionName,\n\t\t\t\tDatabase: db.Name,\n\t\t\t\tType: pulumi.String(\"POSTGRES\"),\n\t\t\t\tCredential: \u0026bigquery.ConnectionCloudSqlCredentialArgs{\n\t\t\t\t\tUsername: user.Name,\n\t\t\t\t\tPassword: user.Password,\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tkeySaUser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.Database;\nimport com.pulumi.gcp.sql.DatabaseArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport com.pulumi.gcp.bigquery.BigqueryFunctions;\nimport com.pulumi.gcp.bigquery.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.bigquery.Connection;\nimport com.pulumi.gcp.bigquery.ConnectionArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionCloudSqlArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionCloudSqlCredentialArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new DatabaseInstance(\"instance\", DatabaseInstanceArgs.builder()\n .name(\"my-database-instance\")\n .region(\"us-central1\")\n .databaseVersion(\"POSTGRES_11\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .build())\n .deletionProtection(true)\n .build());\n\n var db = new Database(\"db\", DatabaseArgs.builder()\n .instance(instance.name())\n .name(\"db\")\n .build());\n\n var user = new User(\"user\", UserArgs.builder()\n .name(\"user\")\n .instance(instance.name())\n .password(\"tf-test-my-password_77884\")\n .build());\n\n final var bqSa = BigqueryFunctions.getDefaultServiceAccount();\n\n var keySaUser = new CryptoKeyIAMMember(\"keySaUser\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(\"projects/project/locations/us-central1/keyRings/us-central1/cryptoKeys/bq-key\")\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:%s\", bqSa.applyValue(getDefaultServiceAccountResult -\u003e getDefaultServiceAccountResult.email())))\n .build());\n\n var bq_connection_cmek = new Connection(\"bq-connection-cmek\", ConnectionArgs.builder()\n .friendlyName(\"👋\")\n .description(\"a riveting description\")\n .location(\"US\")\n .kmsKeyName(\"projects/project/locations/us-central1/keyRings/us-central1/cryptoKeys/bq-key\")\n .cloudSql(ConnectionCloudSqlArgs.builder()\n .instanceId(instance.connectionName())\n .database(db.name())\n .type(\"POSTGRES\")\n .credential(ConnectionCloudSqlCredentialArgs.builder()\n .username(user.name())\n .password(user.password())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(keySaUser)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:sql:DatabaseInstance\n properties:\n name: my-database-instance\n region: us-central1\n databaseVersion: POSTGRES_11\n settings:\n tier: db-f1-micro\n deletionProtection: true\n db:\n type: gcp:sql:Database\n properties:\n instance: ${instance.name}\n name: db\n user:\n type: gcp:sql:User\n properties:\n name: user\n instance: ${instance.name}\n password: tf-test-my-password_77884\n keySaUser:\n type: gcp:kms:CryptoKeyIAMMember\n name: key_sa_user\n properties:\n cryptoKeyId: projects/project/locations/us-central1/keyRings/us-central1/cryptoKeys/bq-key\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:${bqSa.email}\n bq-connection-cmek:\n type: gcp:bigquery:Connection\n properties:\n friendlyName: \"\\U0001F44B\"\n description: a riveting description\n location: US\n kmsKeyName: projects/project/locations/us-central1/keyRings/us-central1/cryptoKeys/bq-key\n cloudSql:\n instanceId: ${instance.connectionName}\n database: ${db.name}\n type: POSTGRES\n credential:\n username: ${user.name}\n password: ${user.password}\n options:\n dependsOn:\n - ${keySaUser}\nvariables:\n bqSa:\n fn::invoke:\n function: gcp:bigquery:getDefaultServiceAccount\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nConnection can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/connections/{{connection_id}}`\n\n* `{{project}}/{{location}}/{{connection_id}}`\n\n* `{{location}}/{{connection_id}}`\n\nWhen using the `pulumi import` command, Connection can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:bigquery/connection:Connection default projects/{{project}}/locations/{{location}}/connections/{{connection_id}}\n```\n\n```sh\n$ pulumi import gcp:bigquery/connection:Connection default {{project}}/{{location}}/{{connection_id}}\n```\n\n```sh\n$ pulumi import gcp:bigquery/connection:Connection default {{location}}/{{connection_id}}\n```\n\n", "properties": { "aws": { "$ref": "#/types/gcp:bigquery/ConnectionAws:ConnectionAws", @@ -140007,7 +140007,7 @@ } }, "gcp:bigquery/connectionIamBinding:ConnectionIamBinding": { - "description": "Three different resources help you manage your IAM policy for BigQuery Connection Connection. Each of these resources serves a different use case:\n\n* `gcp.bigquery.ConnectionIamPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.bigquery.ConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.bigquery.ConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.ConnectionIamPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamPolicy` **cannot** be used in conjunction with `gcp.bigquery.ConnectionIamBinding` and `gcp.bigquery.ConnectionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamBinding` resources **can be** used in conjunction with `gcp.bigquery.ConnectionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquery.ConnectionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.ConnectionIamPolicy(\"policy\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquery.ConnectionIamPolicy(\"policy\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.ConnectionIamPolicy(\"policy\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewConnectionIamPolicy(ctx, \"policy\", \u0026bigquery.ConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicy;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIamPolicy(\"policy\", ConnectionIamPolicyArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:ConnectionIamPolicy\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.ConnectionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.ConnectionIamBinding(\"binding\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.ConnectionIamBinding(\"binding\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.ConnectionIamBinding(\"binding\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamBinding(ctx, \"binding\", \u0026bigquery.ConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamBinding;\nimport com.pulumi.gcp.bigquery.ConnectionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIamBinding(\"binding\", ConnectionIamBindingArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:ConnectionIamBinding\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.ConnectionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.ConnectionIamMember(\"member\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.ConnectionIamMember(\"member\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.ConnectionIamMember(\"member\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamMember(ctx, \"member\", \u0026bigquery.ConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamMember;\nimport com.pulumi.gcp.bigquery.ConnectionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIamMember(\"member\", ConnectionIamMemberArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:ConnectionIamMember\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for BigQuery Connection Connection\nThree different resources help you manage your IAM policy for BigQuery Connection Connection. Each of these resources serves a different use case:\n\n* `gcp.bigquery.ConnectionIamPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.bigquery.ConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.bigquery.ConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.ConnectionIamPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamPolicy` **cannot** be used in conjunction with `gcp.bigquery.ConnectionIamBinding` and `gcp.bigquery.ConnectionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamBinding` resources **can be** used in conjunction with `gcp.bigquery.ConnectionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquery.ConnectionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.ConnectionIamPolicy(\"policy\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquery.ConnectionIamPolicy(\"policy\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.ConnectionIamPolicy(\"policy\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewConnectionIamPolicy(ctx, \"policy\", \u0026bigquery.ConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicy;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIamPolicy(\"policy\", ConnectionIamPolicyArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:ConnectionIamPolicy\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.ConnectionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.ConnectionIamBinding(\"binding\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.ConnectionIamBinding(\"binding\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.ConnectionIamBinding(\"binding\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamBinding(ctx, \"binding\", \u0026bigquery.ConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamBinding;\nimport com.pulumi.gcp.bigquery.ConnectionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIamBinding(\"binding\", ConnectionIamBindingArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:ConnectionIamBinding\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.ConnectionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.ConnectionIamMember(\"member\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.ConnectionIamMember(\"member\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.ConnectionIamMember(\"member\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamMember(ctx, \"member\", \u0026bigquery.ConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamMember;\nimport com.pulumi.gcp.bigquery.ConnectionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIamMember(\"member\", ConnectionIamMemberArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:ConnectionIamMember\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/connections/{{connection_id}}\n\n* {{project}}/{{location}}/{{connection_id}}\n\n* {{location}}/{{connection_id}}\n\n* {{connection_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery Connection connection IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamBinding:ConnectionIamBinding editor \"projects/{{project}}/locations/{{location}}/connections/{{connection_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamBinding:ConnectionIamBinding editor \"projects/{{project}}/locations/{{location}}/connections/{{connection_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamBinding:ConnectionIamBinding editor projects/{{project}}/locations/{{location}}/connections/{{connection_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for BigQuery Connection Connection. Each of these resources serves a different use case:\n\n* `gcp.bigquery.ConnectionIamPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.bigquery.ConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.bigquery.ConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.ConnectionIamPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamPolicy` **cannot** be used in conjunction with `gcp.bigquery.ConnectionIamBinding` and `gcp.bigquery.ConnectionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamBinding` resources **can be** used in conjunction with `gcp.bigquery.ConnectionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquery.ConnectionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.ConnectionIamPolicy(\"policy\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquery.ConnectionIamPolicy(\"policy\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.ConnectionIamPolicy(\"policy\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewConnectionIamPolicy(ctx, \"policy\", \u0026bigquery.ConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicy;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIamPolicy(\"policy\", ConnectionIamPolicyArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:ConnectionIamPolicy\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.ConnectionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.ConnectionIamBinding(\"binding\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.ConnectionIamBinding(\"binding\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.ConnectionIamBinding(\"binding\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamBinding(ctx, \"binding\", \u0026bigquery.ConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamBinding;\nimport com.pulumi.gcp.bigquery.ConnectionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIamBinding(\"binding\", ConnectionIamBindingArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:ConnectionIamBinding\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.ConnectionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.ConnectionIamMember(\"member\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.ConnectionIamMember(\"member\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.ConnectionIamMember(\"member\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamMember(ctx, \"member\", \u0026bigquery.ConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamMember;\nimport com.pulumi.gcp.bigquery.ConnectionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIamMember(\"member\", ConnectionIamMemberArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:ConnectionIamMember\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for BigQuery Connection Connection\nThree different resources help you manage your IAM policy for BigQuery Connection Connection. Each of these resources serves a different use case:\n\n* `gcp.bigquery.ConnectionIamPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.bigquery.ConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.bigquery.ConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.ConnectionIamPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamPolicy` **cannot** be used in conjunction with `gcp.bigquery.ConnectionIamBinding` and `gcp.bigquery.ConnectionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamBinding` resources **can be** used in conjunction with `gcp.bigquery.ConnectionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquery.ConnectionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.ConnectionIamPolicy(\"policy\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquery.ConnectionIamPolicy(\"policy\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.ConnectionIamPolicy(\"policy\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewConnectionIamPolicy(ctx, \"policy\", \u0026bigquery.ConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicy;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIamPolicy(\"policy\", ConnectionIamPolicyArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:ConnectionIamPolicy\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.ConnectionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.ConnectionIamBinding(\"binding\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.ConnectionIamBinding(\"binding\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.ConnectionIamBinding(\"binding\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamBinding(ctx, \"binding\", \u0026bigquery.ConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamBinding;\nimport com.pulumi.gcp.bigquery.ConnectionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIamBinding(\"binding\", ConnectionIamBindingArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:ConnectionIamBinding\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.ConnectionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.ConnectionIamMember(\"member\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.ConnectionIamMember(\"member\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.ConnectionIamMember(\"member\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamMember(ctx, \"member\", \u0026bigquery.ConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamMember;\nimport com.pulumi.gcp.bigquery.ConnectionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIamMember(\"member\", ConnectionIamMemberArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:ConnectionIamMember\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/connections/{{connection_id}}\n\n* {{project}}/{{location}}/{{connection_id}}\n\n* {{location}}/{{connection_id}}\n\n* {{connection_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery Connection connection IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamBinding:ConnectionIamBinding editor \"projects/{{project}}/locations/{{location}}/connections/{{connection_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamBinding:ConnectionIamBinding editor \"projects/{{project}}/locations/{{location}}/connections/{{connection_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamBinding:ConnectionIamBinding editor projects/{{project}}/locations/{{location}}/connections/{{connection_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:bigquery/ConnectionIamBindingCondition:ConnectionIamBindingCondition" @@ -140129,7 +140129,7 @@ } }, "gcp:bigquery/connectionIamMember:ConnectionIamMember": { - "description": "Three different resources help you manage your IAM policy for BigQuery Connection Connection. Each of these resources serves a different use case:\n\n* `gcp.bigquery.ConnectionIamPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.bigquery.ConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.bigquery.ConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.ConnectionIamPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamPolicy` **cannot** be used in conjunction with `gcp.bigquery.ConnectionIamBinding` and `gcp.bigquery.ConnectionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamBinding` resources **can be** used in conjunction with `gcp.bigquery.ConnectionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquery.ConnectionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.ConnectionIamPolicy(\"policy\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquery.ConnectionIamPolicy(\"policy\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.ConnectionIamPolicy(\"policy\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewConnectionIamPolicy(ctx, \"policy\", \u0026bigquery.ConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicy;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIamPolicy(\"policy\", ConnectionIamPolicyArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:ConnectionIamPolicy\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.ConnectionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.ConnectionIamBinding(\"binding\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.ConnectionIamBinding(\"binding\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.ConnectionIamBinding(\"binding\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamBinding(ctx, \"binding\", \u0026bigquery.ConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamBinding;\nimport com.pulumi.gcp.bigquery.ConnectionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIamBinding(\"binding\", ConnectionIamBindingArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:ConnectionIamBinding\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.ConnectionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.ConnectionIamMember(\"member\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.ConnectionIamMember(\"member\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.ConnectionIamMember(\"member\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamMember(ctx, \"member\", \u0026bigquery.ConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamMember;\nimport com.pulumi.gcp.bigquery.ConnectionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIamMember(\"member\", ConnectionIamMemberArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:ConnectionIamMember\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for BigQuery Connection Connection\nThree different resources help you manage your IAM policy for BigQuery Connection Connection. Each of these resources serves a different use case:\n\n* `gcp.bigquery.ConnectionIamPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.bigquery.ConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.bigquery.ConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.ConnectionIamPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamPolicy` **cannot** be used in conjunction with `gcp.bigquery.ConnectionIamBinding` and `gcp.bigquery.ConnectionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamBinding` resources **can be** used in conjunction with `gcp.bigquery.ConnectionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquery.ConnectionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.ConnectionIamPolicy(\"policy\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquery.ConnectionIamPolicy(\"policy\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.ConnectionIamPolicy(\"policy\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewConnectionIamPolicy(ctx, \"policy\", \u0026bigquery.ConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicy;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIamPolicy(\"policy\", ConnectionIamPolicyArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:ConnectionIamPolicy\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.ConnectionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.ConnectionIamBinding(\"binding\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.ConnectionIamBinding(\"binding\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.ConnectionIamBinding(\"binding\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamBinding(ctx, \"binding\", \u0026bigquery.ConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamBinding;\nimport com.pulumi.gcp.bigquery.ConnectionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIamBinding(\"binding\", ConnectionIamBindingArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:ConnectionIamBinding\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.ConnectionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.ConnectionIamMember(\"member\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.ConnectionIamMember(\"member\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.ConnectionIamMember(\"member\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamMember(ctx, \"member\", \u0026bigquery.ConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamMember;\nimport com.pulumi.gcp.bigquery.ConnectionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIamMember(\"member\", ConnectionIamMemberArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:ConnectionIamMember\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/connections/{{connection_id}}\n\n* {{project}}/{{location}}/{{connection_id}}\n\n* {{location}}/{{connection_id}}\n\n* {{connection_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery Connection connection IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamMember:ConnectionIamMember editor \"projects/{{project}}/locations/{{location}}/connections/{{connection_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamMember:ConnectionIamMember editor \"projects/{{project}}/locations/{{location}}/connections/{{connection_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamMember:ConnectionIamMember editor projects/{{project}}/locations/{{location}}/connections/{{connection_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for BigQuery Connection Connection. Each of these resources serves a different use case:\n\n* `gcp.bigquery.ConnectionIamPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.bigquery.ConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.bigquery.ConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.ConnectionIamPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamPolicy` **cannot** be used in conjunction with `gcp.bigquery.ConnectionIamBinding` and `gcp.bigquery.ConnectionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamBinding` resources **can be** used in conjunction with `gcp.bigquery.ConnectionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquery.ConnectionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.ConnectionIamPolicy(\"policy\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquery.ConnectionIamPolicy(\"policy\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.ConnectionIamPolicy(\"policy\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewConnectionIamPolicy(ctx, \"policy\", \u0026bigquery.ConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicy;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIamPolicy(\"policy\", ConnectionIamPolicyArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:ConnectionIamPolicy\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.ConnectionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.ConnectionIamBinding(\"binding\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.ConnectionIamBinding(\"binding\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.ConnectionIamBinding(\"binding\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamBinding(ctx, \"binding\", \u0026bigquery.ConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamBinding;\nimport com.pulumi.gcp.bigquery.ConnectionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIamBinding(\"binding\", ConnectionIamBindingArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:ConnectionIamBinding\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.ConnectionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.ConnectionIamMember(\"member\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.ConnectionIamMember(\"member\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.ConnectionIamMember(\"member\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamMember(ctx, \"member\", \u0026bigquery.ConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamMember;\nimport com.pulumi.gcp.bigquery.ConnectionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIamMember(\"member\", ConnectionIamMemberArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:ConnectionIamMember\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for BigQuery Connection Connection\nThree different resources help you manage your IAM policy for BigQuery Connection Connection. Each of these resources serves a different use case:\n\n* `gcp.bigquery.ConnectionIamPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.bigquery.ConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.bigquery.ConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.ConnectionIamPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamPolicy` **cannot** be used in conjunction with `gcp.bigquery.ConnectionIamBinding` and `gcp.bigquery.ConnectionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamBinding` resources **can be** used in conjunction with `gcp.bigquery.ConnectionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquery.ConnectionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.ConnectionIamPolicy(\"policy\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquery.ConnectionIamPolicy(\"policy\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.ConnectionIamPolicy(\"policy\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewConnectionIamPolicy(ctx, \"policy\", \u0026bigquery.ConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicy;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIamPolicy(\"policy\", ConnectionIamPolicyArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:ConnectionIamPolicy\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.ConnectionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.ConnectionIamBinding(\"binding\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.ConnectionIamBinding(\"binding\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.ConnectionIamBinding(\"binding\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamBinding(ctx, \"binding\", \u0026bigquery.ConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamBinding;\nimport com.pulumi.gcp.bigquery.ConnectionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIamBinding(\"binding\", ConnectionIamBindingArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:ConnectionIamBinding\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.ConnectionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.ConnectionIamMember(\"member\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.ConnectionIamMember(\"member\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.ConnectionIamMember(\"member\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamMember(ctx, \"member\", \u0026bigquery.ConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamMember;\nimport com.pulumi.gcp.bigquery.ConnectionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIamMember(\"member\", ConnectionIamMemberArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:ConnectionIamMember\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/connections/{{connection_id}}\n\n* {{project}}/{{location}}/{{connection_id}}\n\n* {{location}}/{{connection_id}}\n\n* {{connection_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery Connection connection IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamMember:ConnectionIamMember editor \"projects/{{project}}/locations/{{location}}/connections/{{connection_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamMember:ConnectionIamMember editor \"projects/{{project}}/locations/{{location}}/connections/{{connection_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamMember:ConnectionIamMember editor projects/{{project}}/locations/{{location}}/connections/{{connection_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:bigquery/ConnectionIamMemberCondition:ConnectionIamMemberCondition" @@ -140244,7 +140244,7 @@ } }, "gcp:bigquery/connectionIamPolicy:ConnectionIamPolicy": { - "description": "Three different resources help you manage your IAM policy for BigQuery Connection Connection. Each of these resources serves a different use case:\n\n* `gcp.bigquery.ConnectionIamPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.bigquery.ConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.bigquery.ConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.ConnectionIamPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamPolicy` **cannot** be used in conjunction with `gcp.bigquery.ConnectionIamBinding` and `gcp.bigquery.ConnectionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamBinding` resources **can be** used in conjunction with `gcp.bigquery.ConnectionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquery.ConnectionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.ConnectionIamPolicy(\"policy\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquery.ConnectionIamPolicy(\"policy\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.ConnectionIamPolicy(\"policy\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewConnectionIamPolicy(ctx, \"policy\", \u0026bigquery.ConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicy;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIamPolicy(\"policy\", ConnectionIamPolicyArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:ConnectionIamPolicy\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.ConnectionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.ConnectionIamBinding(\"binding\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.ConnectionIamBinding(\"binding\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.ConnectionIamBinding(\"binding\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamBinding(ctx, \"binding\", \u0026bigquery.ConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamBinding;\nimport com.pulumi.gcp.bigquery.ConnectionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIamBinding(\"binding\", ConnectionIamBindingArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:ConnectionIamBinding\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.ConnectionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.ConnectionIamMember(\"member\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.ConnectionIamMember(\"member\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.ConnectionIamMember(\"member\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamMember(ctx, \"member\", \u0026bigquery.ConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamMember;\nimport com.pulumi.gcp.bigquery.ConnectionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIamMember(\"member\", ConnectionIamMemberArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:ConnectionIamMember\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for BigQuery Connection Connection\nThree different resources help you manage your IAM policy for BigQuery Connection Connection. Each of these resources serves a different use case:\n\n* `gcp.bigquery.ConnectionIamPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.bigquery.ConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.bigquery.ConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.ConnectionIamPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamPolicy` **cannot** be used in conjunction with `gcp.bigquery.ConnectionIamBinding` and `gcp.bigquery.ConnectionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamBinding` resources **can be** used in conjunction with `gcp.bigquery.ConnectionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquery.ConnectionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.ConnectionIamPolicy(\"policy\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquery.ConnectionIamPolicy(\"policy\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.ConnectionIamPolicy(\"policy\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewConnectionIamPolicy(ctx, \"policy\", \u0026bigquery.ConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicy;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIamPolicy(\"policy\", ConnectionIamPolicyArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:ConnectionIamPolicy\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.ConnectionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.ConnectionIamBinding(\"binding\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.ConnectionIamBinding(\"binding\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.ConnectionIamBinding(\"binding\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamBinding(ctx, \"binding\", \u0026bigquery.ConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamBinding;\nimport com.pulumi.gcp.bigquery.ConnectionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIamBinding(\"binding\", ConnectionIamBindingArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:ConnectionIamBinding\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.ConnectionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.ConnectionIamMember(\"member\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.ConnectionIamMember(\"member\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.ConnectionIamMember(\"member\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamMember(ctx, \"member\", \u0026bigquery.ConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamMember;\nimport com.pulumi.gcp.bigquery.ConnectionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIamMember(\"member\", ConnectionIamMemberArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:ConnectionIamMember\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/connections/{{connection_id}}\n\n* {{project}}/{{location}}/{{connection_id}}\n\n* {{location}}/{{connection_id}}\n\n* {{connection_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery Connection connection IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamPolicy:ConnectionIamPolicy editor \"projects/{{project}}/locations/{{location}}/connections/{{connection_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamPolicy:ConnectionIamPolicy editor \"projects/{{project}}/locations/{{location}}/connections/{{connection_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamPolicy:ConnectionIamPolicy editor projects/{{project}}/locations/{{location}}/connections/{{connection_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for BigQuery Connection Connection. Each of these resources serves a different use case:\n\n* `gcp.bigquery.ConnectionIamPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.bigquery.ConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.bigquery.ConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.ConnectionIamPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamPolicy` **cannot** be used in conjunction with `gcp.bigquery.ConnectionIamBinding` and `gcp.bigquery.ConnectionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamBinding` resources **can be** used in conjunction with `gcp.bigquery.ConnectionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquery.ConnectionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.ConnectionIamPolicy(\"policy\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquery.ConnectionIamPolicy(\"policy\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.ConnectionIamPolicy(\"policy\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewConnectionIamPolicy(ctx, \"policy\", \u0026bigquery.ConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicy;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIamPolicy(\"policy\", ConnectionIamPolicyArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:ConnectionIamPolicy\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.ConnectionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.ConnectionIamBinding(\"binding\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.ConnectionIamBinding(\"binding\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.ConnectionIamBinding(\"binding\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamBinding(ctx, \"binding\", \u0026bigquery.ConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamBinding;\nimport com.pulumi.gcp.bigquery.ConnectionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIamBinding(\"binding\", ConnectionIamBindingArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:ConnectionIamBinding\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.ConnectionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.ConnectionIamMember(\"member\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.ConnectionIamMember(\"member\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.ConnectionIamMember(\"member\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamMember(ctx, \"member\", \u0026bigquery.ConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamMember;\nimport com.pulumi.gcp.bigquery.ConnectionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIamMember(\"member\", ConnectionIamMemberArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:ConnectionIamMember\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for BigQuery Connection Connection\nThree different resources help you manage your IAM policy for BigQuery Connection Connection. Each of these resources serves a different use case:\n\n* `gcp.bigquery.ConnectionIamPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.bigquery.ConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.bigquery.ConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.ConnectionIamPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamPolicy` **cannot** be used in conjunction with `gcp.bigquery.ConnectionIamBinding` and `gcp.bigquery.ConnectionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamBinding` resources **can be** used in conjunction with `gcp.bigquery.ConnectionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquery.ConnectionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.ConnectionIamPolicy(\"policy\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquery.ConnectionIamPolicy(\"policy\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.ConnectionIamPolicy(\"policy\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewConnectionIamPolicy(ctx, \"policy\", \u0026bigquery.ConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicy;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIamPolicy(\"policy\", ConnectionIamPolicyArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:ConnectionIamPolicy\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.ConnectionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.ConnectionIamBinding(\"binding\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.ConnectionIamBinding(\"binding\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.ConnectionIamBinding(\"binding\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamBinding(ctx, \"binding\", \u0026bigquery.ConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamBinding;\nimport com.pulumi.gcp.bigquery.ConnectionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIamBinding(\"binding\", ConnectionIamBindingArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:ConnectionIamBinding\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.ConnectionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.ConnectionIamMember(\"member\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.ConnectionIamMember(\"member\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.ConnectionIamMember(\"member\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamMember(ctx, \"member\", \u0026bigquery.ConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamMember;\nimport com.pulumi.gcp.bigquery.ConnectionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIamMember(\"member\", ConnectionIamMemberArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:ConnectionIamMember\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/connections/{{connection_id}}\n\n* {{project}}/{{location}}/{{connection_id}}\n\n* {{location}}/{{connection_id}}\n\n* {{connection_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery Connection connection IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamPolicy:ConnectionIamPolicy editor \"projects/{{project}}/locations/{{location}}/connections/{{connection_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamPolicy:ConnectionIamPolicy editor \"projects/{{project}}/locations/{{location}}/connections/{{connection_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamPolicy:ConnectionIamPolicy editor projects/{{project}}/locations/{{location}}/connections/{{connection_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "connectionId": { "type": "string", @@ -140330,7 +140330,7 @@ } }, "gcp:bigquery/dataTransferConfig:DataTransferConfig": { - "description": "Represents a data transfer configuration. A transfer configuration\ncontains all metadata needed to perform a data transfer.\n\n\nTo get more information about Config, see:\n\n* [API documentation](https://cloud.google.com/bigquery/docs/reference/datatransfer/rest/v1/projects.locations.transferConfigs/create)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/bigquery/docs/reference/datatransfer/rest/)\n\n\n\n## Example Usage\n\n### Bigquerydatatransfer Config Scheduled Query\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst permissions = new gcp.projects.IAMMember(\"permissions\", {\n project: project.then(project =\u003e project.projectId),\n role: \"roles/iam.serviceAccountTokenCreator\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com`),\n});\nconst myDataset = new gcp.bigquery.Dataset(\"my_dataset\", {\n datasetId: \"my_dataset\",\n friendlyName: \"foo\",\n description: \"bar\",\n location: \"asia-northeast1\",\n}, {\n dependsOn: [permissions],\n});\nconst queryConfig = new gcp.bigquery.DataTransferConfig(\"query_config\", {\n displayName: \"my-query\",\n location: \"asia-northeast1\",\n dataSourceId: \"scheduled_query\",\n schedule: \"first sunday of quarter 00:00\",\n destinationDatasetId: myDataset.datasetId,\n params: {\n destination_table_name_template: \"my_table\",\n write_disposition: \"WRITE_APPEND\",\n query: \"SELECT name FROM tabl WHERE x = 'y'\",\n },\n}, {\n dependsOn: [permissions],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\npermissions = gcp.projects.IAMMember(\"permissions\",\n project=project.project_id,\n role=\"roles/iam.serviceAccountTokenCreator\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com\")\nmy_dataset = gcp.bigquery.Dataset(\"my_dataset\",\n dataset_id=\"my_dataset\",\n friendly_name=\"foo\",\n description=\"bar\",\n location=\"asia-northeast1\",\n opts = pulumi.ResourceOptions(depends_on=[permissions]))\nquery_config = gcp.bigquery.DataTransferConfig(\"query_config\",\n display_name=\"my-query\",\n location=\"asia-northeast1\",\n data_source_id=\"scheduled_query\",\n schedule=\"first sunday of quarter 00:00\",\n destination_dataset_id=my_dataset.dataset_id,\n params={\n \"destination_table_name_template\": \"my_table\",\n \"write_disposition\": \"WRITE_APPEND\",\n \"query\": \"SELECT name FROM tabl WHERE x = 'y'\",\n },\n opts = pulumi.ResourceOptions(depends_on=[permissions]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var permissions = new Gcp.Projects.IAMMember(\"permissions\", new()\n {\n Project = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n Role = \"roles/iam.serviceAccountTokenCreator\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com\",\n });\n\n var myDataset = new Gcp.BigQuery.Dataset(\"my_dataset\", new()\n {\n DatasetId = \"my_dataset\",\n FriendlyName = \"foo\",\n Description = \"bar\",\n Location = \"asia-northeast1\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n permissions,\n },\n });\n\n var queryConfig = new Gcp.BigQuery.DataTransferConfig(\"query_config\", new()\n {\n DisplayName = \"my-query\",\n Location = \"asia-northeast1\",\n DataSourceId = \"scheduled_query\",\n Schedule = \"first sunday of quarter 00:00\",\n DestinationDatasetId = myDataset.DatasetId,\n Params = \n {\n { \"destination_table_name_template\", \"my_table\" },\n { \"write_disposition\", \"WRITE_APPEND\" },\n { \"query\", \"SELECT name FROM tabl WHERE x = 'y'\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n permissions,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpermissions, err := projects.NewIAMMember(ctx, \"permissions\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(project.ProjectId),\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountTokenCreator\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyDataset, err := bigquery.NewDataset(ctx, \"my_dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"my_dataset\"),\n\t\t\tFriendlyName: pulumi.String(\"foo\"),\n\t\t\tDescription: pulumi.String(\"bar\"),\n\t\t\tLocation: pulumi.String(\"asia-northeast1\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tpermissions,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDataTransferConfig(ctx, \"query_config\", \u0026bigquery.DataTransferConfigArgs{\n\t\t\tDisplayName: pulumi.String(\"my-query\"),\n\t\t\tLocation: pulumi.String(\"asia-northeast1\"),\n\t\t\tDataSourceId: pulumi.String(\"scheduled_query\"),\n\t\t\tSchedule: pulumi.String(\"first sunday of quarter 00:00\"),\n\t\t\tDestinationDatasetId: myDataset.DatasetId,\n\t\t\tParams: pulumi.StringMap{\n\t\t\t\t\"destination_table_name_template\": pulumi.String(\"my_table\"),\n\t\t\t\t\"write_disposition\": pulumi.String(\"WRITE_APPEND\"),\n\t\t\t\t\"query\": pulumi.String(\"SELECT name FROM tabl WHERE x = 'y'\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tpermissions,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DataTransferConfig;\nimport com.pulumi.gcp.bigquery.DataTransferConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var permissions = new IAMMember(\"permissions\", IAMMemberArgs.builder()\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .role(\"roles/iam.serviceAccountTokenCreator\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var myDataset = new Dataset(\"myDataset\", DatasetArgs.builder()\n .datasetId(\"my_dataset\")\n .friendlyName(\"foo\")\n .description(\"bar\")\n .location(\"asia-northeast1\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(permissions)\n .build());\n\n var queryConfig = new DataTransferConfig(\"queryConfig\", DataTransferConfigArgs.builder()\n .displayName(\"my-query\")\n .location(\"asia-northeast1\")\n .dataSourceId(\"scheduled_query\")\n .schedule(\"first sunday of quarter 00:00\")\n .destinationDatasetId(myDataset.datasetId())\n .params(Map.ofEntries(\n Map.entry(\"destination_table_name_template\", \"my_table\"),\n Map.entry(\"write_disposition\", \"WRITE_APPEND\"),\n Map.entry(\"query\", \"SELECT name FROM tabl WHERE x = 'y'\")\n ))\n .build(), CustomResourceOptions.builder()\n .dependsOn(permissions)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n permissions:\n type: gcp:projects:IAMMember\n properties:\n project: ${project.projectId}\n role: roles/iam.serviceAccountTokenCreator\n member: serviceAccount:service-${project.number}@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com\n queryConfig:\n type: gcp:bigquery:DataTransferConfig\n name: query_config\n properties:\n displayName: my-query\n location: asia-northeast1\n dataSourceId: scheduled_query\n schedule: first sunday of quarter 00:00\n destinationDatasetId: ${myDataset.datasetId}\n params:\n destination_table_name_template: my_table\n write_disposition: WRITE_APPEND\n query: SELECT name FROM tabl WHERE x = 'y'\n options:\n dependson:\n - ${permissions}\n myDataset:\n type: gcp:bigquery:Dataset\n name: my_dataset\n properties:\n datasetId: my_dataset\n friendlyName: foo\n description: bar\n location: asia-northeast1\n options:\n dependson:\n - ${permissions}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquerydatatransfer Config Cmek\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst permissions = new gcp.projects.IAMMember(\"permissions\", {\n project: project.then(project =\u003e project.projectId),\n role: \"roles/iam.serviceAccountTokenCreator\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com`),\n});\nconst myDataset = new gcp.bigquery.Dataset(\"my_dataset\", {\n datasetId: \"example_dataset\",\n friendlyName: \"foo\",\n description: \"bar\",\n location: \"asia-northeast1\",\n}, {\n dependsOn: [permissions],\n});\nconst keyRing = new gcp.kms.KeyRing(\"key_ring\", {\n name: \"example-keyring\",\n location: \"us\",\n});\nconst cryptoKey = new gcp.kms.CryptoKey(\"crypto_key\", {\n name: \"example-key\",\n keyRing: keyRing.id,\n});\nconst queryConfigCmek = new gcp.bigquery.DataTransferConfig(\"query_config_cmek\", {\n displayName: \"\",\n location: \"asia-northeast1\",\n dataSourceId: \"scheduled_query\",\n schedule: \"first sunday of quarter 00:00\",\n destinationDatasetId: myDataset.datasetId,\n params: {\n destination_table_name_template: \"my_table\",\n write_disposition: \"WRITE_APPEND\",\n query: \"SELECT name FROM tabl WHERE x = 'y'\",\n },\n encryptionConfiguration: {\n kmsKeyName: cryptoKey.id,\n },\n}, {\n dependsOn: [permissions],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\npermissions = gcp.projects.IAMMember(\"permissions\",\n project=project.project_id,\n role=\"roles/iam.serviceAccountTokenCreator\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com\")\nmy_dataset = gcp.bigquery.Dataset(\"my_dataset\",\n dataset_id=\"example_dataset\",\n friendly_name=\"foo\",\n description=\"bar\",\n location=\"asia-northeast1\",\n opts = pulumi.ResourceOptions(depends_on=[permissions]))\nkey_ring = gcp.kms.KeyRing(\"key_ring\",\n name=\"example-keyring\",\n location=\"us\")\ncrypto_key = gcp.kms.CryptoKey(\"crypto_key\",\n name=\"example-key\",\n key_ring=key_ring.id)\nquery_config_cmek = gcp.bigquery.DataTransferConfig(\"query_config_cmek\",\n display_name=\"\",\n location=\"asia-northeast1\",\n data_source_id=\"scheduled_query\",\n schedule=\"first sunday of quarter 00:00\",\n destination_dataset_id=my_dataset.dataset_id,\n params={\n \"destination_table_name_template\": \"my_table\",\n \"write_disposition\": \"WRITE_APPEND\",\n \"query\": \"SELECT name FROM tabl WHERE x = 'y'\",\n },\n encryption_configuration={\n \"kms_key_name\": crypto_key.id,\n },\n opts = pulumi.ResourceOptions(depends_on=[permissions]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var permissions = new Gcp.Projects.IAMMember(\"permissions\", new()\n {\n Project = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n Role = \"roles/iam.serviceAccountTokenCreator\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com\",\n });\n\n var myDataset = new Gcp.BigQuery.Dataset(\"my_dataset\", new()\n {\n DatasetId = \"example_dataset\",\n FriendlyName = \"foo\",\n Description = \"bar\",\n Location = \"asia-northeast1\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n permissions,\n },\n });\n\n var keyRing = new Gcp.Kms.KeyRing(\"key_ring\", new()\n {\n Name = \"example-keyring\",\n Location = \"us\",\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKey(\"crypto_key\", new()\n {\n Name = \"example-key\",\n KeyRing = keyRing.Id,\n });\n\n var queryConfigCmek = new Gcp.BigQuery.DataTransferConfig(\"query_config_cmek\", new()\n {\n DisplayName = \"\",\n Location = \"asia-northeast1\",\n DataSourceId = \"scheduled_query\",\n Schedule = \"first sunday of quarter 00:00\",\n DestinationDatasetId = myDataset.DatasetId,\n Params = \n {\n { \"destination_table_name_template\", \"my_table\" },\n { \"write_disposition\", \"WRITE_APPEND\" },\n { \"query\", \"SELECT name FROM tabl WHERE x = 'y'\" },\n },\n EncryptionConfiguration = new Gcp.BigQuery.Inputs.DataTransferConfigEncryptionConfigurationArgs\n {\n KmsKeyName = cryptoKey.Id,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n permissions,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpermissions, err := projects.NewIAMMember(ctx, \"permissions\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(project.ProjectId),\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountTokenCreator\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyDataset, err := bigquery.NewDataset(ctx, \"my_dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t\tFriendlyName: pulumi.String(\"foo\"),\n\t\t\tDescription: pulumi.String(\"bar\"),\n\t\t\tLocation: pulumi.String(\"asia-northeast1\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tpermissions,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkeyRing, err := kms.NewKeyRing(ctx, \"key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"example-keyring\"),\n\t\t\tLocation: pulumi.String(\"us\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKey(ctx, \"crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"example-key\"),\n\t\t\tKeyRing: keyRing.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDataTransferConfig(ctx, \"query_config_cmek\", \u0026bigquery.DataTransferConfigArgs{\n\t\t\tDisplayName: pulumi.String(\"\"),\n\t\t\tLocation: pulumi.String(\"asia-northeast1\"),\n\t\t\tDataSourceId: pulumi.String(\"scheduled_query\"),\n\t\t\tSchedule: pulumi.String(\"first sunday of quarter 00:00\"),\n\t\t\tDestinationDatasetId: myDataset.DatasetId,\n\t\t\tParams: pulumi.StringMap{\n\t\t\t\t\"destination_table_name_template\": pulumi.String(\"my_table\"),\n\t\t\t\t\"write_disposition\": pulumi.String(\"WRITE_APPEND\"),\n\t\t\t\t\"query\": pulumi.String(\"SELECT name FROM tabl WHERE x = 'y'\"),\n\t\t\t},\n\t\t\tEncryptionConfiguration: \u0026bigquery.DataTransferConfigEncryptionConfigurationArgs{\n\t\t\t\tKmsKeyName: cryptoKey.ID(),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tpermissions,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.bigquery.DataTransferConfig;\nimport com.pulumi.gcp.bigquery.DataTransferConfigArgs;\nimport com.pulumi.gcp.bigquery.inputs.DataTransferConfigEncryptionConfigurationArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var permissions = new IAMMember(\"permissions\", IAMMemberArgs.builder()\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .role(\"roles/iam.serviceAccountTokenCreator\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var myDataset = new Dataset(\"myDataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .friendlyName(\"foo\")\n .description(\"bar\")\n .location(\"asia-northeast1\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(permissions)\n .build());\n\n var keyRing = new KeyRing(\"keyRing\", KeyRingArgs.builder()\n .name(\"example-keyring\")\n .location(\"us\")\n .build());\n\n var cryptoKey = new CryptoKey(\"cryptoKey\", CryptoKeyArgs.builder()\n .name(\"example-key\")\n .keyRing(keyRing.id())\n .build());\n\n var queryConfigCmek = new DataTransferConfig(\"queryConfigCmek\", DataTransferConfigArgs.builder()\n .displayName(\"\")\n .location(\"asia-northeast1\")\n .dataSourceId(\"scheduled_query\")\n .schedule(\"first sunday of quarter 00:00\")\n .destinationDatasetId(myDataset.datasetId())\n .params(Map.ofEntries(\n Map.entry(\"destination_table_name_template\", \"my_table\"),\n Map.entry(\"write_disposition\", \"WRITE_APPEND\"),\n Map.entry(\"query\", \"SELECT name FROM tabl WHERE x = 'y'\")\n ))\n .encryptionConfiguration(DataTransferConfigEncryptionConfigurationArgs.builder()\n .kmsKeyName(cryptoKey.id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(permissions)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n permissions:\n type: gcp:projects:IAMMember\n properties:\n project: ${project.projectId}\n role: roles/iam.serviceAccountTokenCreator\n member: serviceAccount:service-${project.number}@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com\n queryConfigCmek:\n type: gcp:bigquery:DataTransferConfig\n name: query_config_cmek\n properties:\n displayName:\n location: asia-northeast1\n dataSourceId: scheduled_query\n schedule: first sunday of quarter 00:00\n destinationDatasetId: ${myDataset.datasetId}\n params:\n destination_table_name_template: my_table\n write_disposition: WRITE_APPEND\n query: SELECT name FROM tabl WHERE x = 'y'\n encryptionConfiguration:\n kmsKeyName: ${cryptoKey.id}\n options:\n dependson:\n - ${permissions}\n myDataset:\n type: gcp:bigquery:Dataset\n name: my_dataset\n properties:\n datasetId: example_dataset\n friendlyName: foo\n description: bar\n location: asia-northeast1\n options:\n dependson:\n - ${permissions}\n cryptoKey:\n type: gcp:kms:CryptoKey\n name: crypto_key\n properties:\n name: example-key\n keyRing: ${keyRing.id}\n keyRing:\n type: gcp:kms:KeyRing\n name: key_ring\n properties:\n name: example-keyring\n location: us\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquerydatatransfer Config Salesforce\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst myDataset = new gcp.bigquery.Dataset(\"my_dataset\", {\n datasetId: \"my_dataset\",\n description: \"My dataset\",\n location: \"asia-northeast1\",\n});\nconst salesforceConfig = new gcp.bigquery.DataTransferConfig(\"salesforce_config\", {\n displayName: \"my-salesforce-config\",\n location: \"asia-northeast1\",\n dataSourceId: \"salesforce\",\n schedule: \"first sunday of quarter 00:00\",\n destinationDatasetId: myDataset.datasetId,\n params: {\n \"connector.authentication.oauth.clientId\": \"client-id\",\n \"connector.authentication.oauth.clientSecret\": \"client-secret\",\n \"connector.authentication.oauth.myDomain\": \"MyDomainName\",\n assets: \"[\\\"asset-a\\\",\\\"asset-b\\\"]\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nmy_dataset = gcp.bigquery.Dataset(\"my_dataset\",\n dataset_id=\"my_dataset\",\n description=\"My dataset\",\n location=\"asia-northeast1\")\nsalesforce_config = gcp.bigquery.DataTransferConfig(\"salesforce_config\",\n display_name=\"my-salesforce-config\",\n location=\"asia-northeast1\",\n data_source_id=\"salesforce\",\n schedule=\"first sunday of quarter 00:00\",\n destination_dataset_id=my_dataset.dataset_id,\n params={\n \"connector.authentication.oauth.clientId\": \"client-id\",\n \"connector.authentication.oauth.clientSecret\": \"client-secret\",\n \"connector.authentication.oauth.myDomain\": \"MyDomainName\",\n \"assets\": \"[\\\"asset-a\\\",\\\"asset-b\\\"]\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var myDataset = new Gcp.BigQuery.Dataset(\"my_dataset\", new()\n {\n DatasetId = \"my_dataset\",\n Description = \"My dataset\",\n Location = \"asia-northeast1\",\n });\n\n var salesforceConfig = new Gcp.BigQuery.DataTransferConfig(\"salesforce_config\", new()\n {\n DisplayName = \"my-salesforce-config\",\n Location = \"asia-northeast1\",\n DataSourceId = \"salesforce\",\n Schedule = \"first sunday of quarter 00:00\",\n DestinationDatasetId = myDataset.DatasetId,\n Params = \n {\n { \"connector.authentication.oauth.clientId\", \"client-id\" },\n { \"connector.authentication.oauth.clientSecret\", \"client-secret\" },\n { \"connector.authentication.oauth.myDomain\", \"MyDomainName\" },\n { \"assets\", \"[\\\"asset-a\\\",\\\"asset-b\\\"]\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyDataset, err := bigquery.NewDataset(ctx, \"my_dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"my_dataset\"),\n\t\t\tDescription: pulumi.String(\"My dataset\"),\n\t\t\tLocation: pulumi.String(\"asia-northeast1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDataTransferConfig(ctx, \"salesforce_config\", \u0026bigquery.DataTransferConfigArgs{\n\t\t\tDisplayName: pulumi.String(\"my-salesforce-config\"),\n\t\t\tLocation: pulumi.String(\"asia-northeast1\"),\n\t\t\tDataSourceId: pulumi.String(\"salesforce\"),\n\t\t\tSchedule: pulumi.String(\"first sunday of quarter 00:00\"),\n\t\t\tDestinationDatasetId: myDataset.DatasetId,\n\t\t\tParams: pulumi.StringMap{\n\t\t\t\t\"connector.authentication.oauth.clientId\": pulumi.String(\"client-id\"),\n\t\t\t\t\"connector.authentication.oauth.clientSecret\": pulumi.String(\"client-secret\"),\n\t\t\t\t\"connector.authentication.oauth.myDomain\": pulumi.String(\"MyDomainName\"),\n\t\t\t\t\"assets\": pulumi.String(\"[\\\"asset-a\\\",\\\"asset-b\\\"]\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DataTransferConfig;\nimport com.pulumi.gcp.bigquery.DataTransferConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var myDataset = new Dataset(\"myDataset\", DatasetArgs.builder()\n .datasetId(\"my_dataset\")\n .description(\"My dataset\")\n .location(\"asia-northeast1\")\n .build());\n\n var salesforceConfig = new DataTransferConfig(\"salesforceConfig\", DataTransferConfigArgs.builder()\n .displayName(\"my-salesforce-config\")\n .location(\"asia-northeast1\")\n .dataSourceId(\"salesforce\")\n .schedule(\"first sunday of quarter 00:00\")\n .destinationDatasetId(myDataset.datasetId())\n .params(Map.ofEntries(\n Map.entry(\"connector.authentication.oauth.clientId\", \"client-id\"),\n Map.entry(\"connector.authentication.oauth.clientSecret\", \"client-secret\"),\n Map.entry(\"connector.authentication.oauth.myDomain\", \"MyDomainName\"),\n Map.entry(\"assets\", \"[\\\"asset-a\\\",\\\"asset-b\\\"]\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myDataset:\n type: gcp:bigquery:Dataset\n name: my_dataset\n properties:\n datasetId: my_dataset\n description: My dataset\n location: asia-northeast1\n salesforceConfig:\n type: gcp:bigquery:DataTransferConfig\n name: salesforce_config\n properties:\n displayName: my-salesforce-config\n location: asia-northeast1\n dataSourceId: salesforce\n schedule: first sunday of quarter 00:00\n destinationDatasetId: ${myDataset.datasetId}\n params:\n connector.authentication.oauth.clientId: client-id\n connector.authentication.oauth.clientSecret: client-secret\n connector.authentication.oauth.myDomain: MyDomainName\n assets: '[\"asset-a\",\"asset-b\"]'\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nConfig can be imported using any of these accepted formats:\n\n* `{{project}}/{{name}}`\n\n* `{{project}} {{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Config can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:bigquery/dataTransferConfig:DataTransferConfig default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:bigquery/dataTransferConfig:DataTransferConfig default \"{{project}} {{name}}\"\n```\n\n```sh\n$ pulumi import gcp:bigquery/dataTransferConfig:DataTransferConfig default {{name}}\n```\n\n", + "description": "Represents a data transfer configuration. A transfer configuration\ncontains all metadata needed to perform a data transfer.\n\n\nTo get more information about Config, see:\n\n* [API documentation](https://cloud.google.com/bigquery/docs/reference/datatransfer/rest/v1/projects.locations.transferConfigs/create)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/bigquery/docs/reference/datatransfer/rest/)\n\n\n\n## Example Usage\n\n### Bigquerydatatransfer Config Scheduled Query\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst permissions = new gcp.projects.IAMMember(\"permissions\", {\n project: project.then(project =\u003e project.projectId),\n role: \"roles/iam.serviceAccountTokenCreator\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com`),\n});\nconst myDataset = new gcp.bigquery.Dataset(\"my_dataset\", {\n datasetId: \"my_dataset\",\n friendlyName: \"foo\",\n description: \"bar\",\n location: \"asia-northeast1\",\n}, {\n dependsOn: [permissions],\n});\nconst queryConfig = new gcp.bigquery.DataTransferConfig(\"query_config\", {\n displayName: \"my-query\",\n location: \"asia-northeast1\",\n dataSourceId: \"scheduled_query\",\n schedule: \"first sunday of quarter 00:00\",\n destinationDatasetId: myDataset.datasetId,\n params: {\n destination_table_name_template: \"my_table\",\n write_disposition: \"WRITE_APPEND\",\n query: \"SELECT name FROM tabl WHERE x = 'y'\",\n },\n}, {\n dependsOn: [permissions],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\npermissions = gcp.projects.IAMMember(\"permissions\",\n project=project.project_id,\n role=\"roles/iam.serviceAccountTokenCreator\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com\")\nmy_dataset = gcp.bigquery.Dataset(\"my_dataset\",\n dataset_id=\"my_dataset\",\n friendly_name=\"foo\",\n description=\"bar\",\n location=\"asia-northeast1\",\n opts = pulumi.ResourceOptions(depends_on=[permissions]))\nquery_config = gcp.bigquery.DataTransferConfig(\"query_config\",\n display_name=\"my-query\",\n location=\"asia-northeast1\",\n data_source_id=\"scheduled_query\",\n schedule=\"first sunday of quarter 00:00\",\n destination_dataset_id=my_dataset.dataset_id,\n params={\n \"destination_table_name_template\": \"my_table\",\n \"write_disposition\": \"WRITE_APPEND\",\n \"query\": \"SELECT name FROM tabl WHERE x = 'y'\",\n },\n opts = pulumi.ResourceOptions(depends_on=[permissions]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var permissions = new Gcp.Projects.IAMMember(\"permissions\", new()\n {\n Project = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n Role = \"roles/iam.serviceAccountTokenCreator\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com\",\n });\n\n var myDataset = new Gcp.BigQuery.Dataset(\"my_dataset\", new()\n {\n DatasetId = \"my_dataset\",\n FriendlyName = \"foo\",\n Description = \"bar\",\n Location = \"asia-northeast1\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n permissions,\n },\n });\n\n var queryConfig = new Gcp.BigQuery.DataTransferConfig(\"query_config\", new()\n {\n DisplayName = \"my-query\",\n Location = \"asia-northeast1\",\n DataSourceId = \"scheduled_query\",\n Schedule = \"first sunday of quarter 00:00\",\n DestinationDatasetId = myDataset.DatasetId,\n Params = \n {\n { \"destination_table_name_template\", \"my_table\" },\n { \"write_disposition\", \"WRITE_APPEND\" },\n { \"query\", \"SELECT name FROM tabl WHERE x = 'y'\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n permissions,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpermissions, err := projects.NewIAMMember(ctx, \"permissions\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(project.ProjectId),\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountTokenCreator\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyDataset, err := bigquery.NewDataset(ctx, \"my_dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"my_dataset\"),\n\t\t\tFriendlyName: pulumi.String(\"foo\"),\n\t\t\tDescription: pulumi.String(\"bar\"),\n\t\t\tLocation: pulumi.String(\"asia-northeast1\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tpermissions,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDataTransferConfig(ctx, \"query_config\", \u0026bigquery.DataTransferConfigArgs{\n\t\t\tDisplayName: pulumi.String(\"my-query\"),\n\t\t\tLocation: pulumi.String(\"asia-northeast1\"),\n\t\t\tDataSourceId: pulumi.String(\"scheduled_query\"),\n\t\t\tSchedule: pulumi.String(\"first sunday of quarter 00:00\"),\n\t\t\tDestinationDatasetId: myDataset.DatasetId,\n\t\t\tParams: pulumi.StringMap{\n\t\t\t\t\"destination_table_name_template\": pulumi.String(\"my_table\"),\n\t\t\t\t\"write_disposition\": pulumi.String(\"WRITE_APPEND\"),\n\t\t\t\t\"query\": pulumi.String(\"SELECT name FROM tabl WHERE x = 'y'\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tpermissions,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DataTransferConfig;\nimport com.pulumi.gcp.bigquery.DataTransferConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var permissions = new IAMMember(\"permissions\", IAMMemberArgs.builder()\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .role(\"roles/iam.serviceAccountTokenCreator\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var myDataset = new Dataset(\"myDataset\", DatasetArgs.builder()\n .datasetId(\"my_dataset\")\n .friendlyName(\"foo\")\n .description(\"bar\")\n .location(\"asia-northeast1\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(permissions)\n .build());\n\n var queryConfig = new DataTransferConfig(\"queryConfig\", DataTransferConfigArgs.builder()\n .displayName(\"my-query\")\n .location(\"asia-northeast1\")\n .dataSourceId(\"scheduled_query\")\n .schedule(\"first sunday of quarter 00:00\")\n .destinationDatasetId(myDataset.datasetId())\n .params(Map.ofEntries(\n Map.entry(\"destination_table_name_template\", \"my_table\"),\n Map.entry(\"write_disposition\", \"WRITE_APPEND\"),\n Map.entry(\"query\", \"SELECT name FROM tabl WHERE x = 'y'\")\n ))\n .build(), CustomResourceOptions.builder()\n .dependsOn(permissions)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n permissions:\n type: gcp:projects:IAMMember\n properties:\n project: ${project.projectId}\n role: roles/iam.serviceAccountTokenCreator\n member: serviceAccount:service-${project.number}@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com\n queryConfig:\n type: gcp:bigquery:DataTransferConfig\n name: query_config\n properties:\n displayName: my-query\n location: asia-northeast1\n dataSourceId: scheduled_query\n schedule: first sunday of quarter 00:00\n destinationDatasetId: ${myDataset.datasetId}\n params:\n destination_table_name_template: my_table\n write_disposition: WRITE_APPEND\n query: SELECT name FROM tabl WHERE x = 'y'\n options:\n dependsOn:\n - ${permissions}\n myDataset:\n type: gcp:bigquery:Dataset\n name: my_dataset\n properties:\n datasetId: my_dataset\n friendlyName: foo\n description: bar\n location: asia-northeast1\n options:\n dependsOn:\n - ${permissions}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquerydatatransfer Config Cmek\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst permissions = new gcp.projects.IAMMember(\"permissions\", {\n project: project.then(project =\u003e project.projectId),\n role: \"roles/iam.serviceAccountTokenCreator\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com`),\n});\nconst myDataset = new gcp.bigquery.Dataset(\"my_dataset\", {\n datasetId: \"example_dataset\",\n friendlyName: \"foo\",\n description: \"bar\",\n location: \"asia-northeast1\",\n}, {\n dependsOn: [permissions],\n});\nconst keyRing = new gcp.kms.KeyRing(\"key_ring\", {\n name: \"example-keyring\",\n location: \"us\",\n});\nconst cryptoKey = new gcp.kms.CryptoKey(\"crypto_key\", {\n name: \"example-key\",\n keyRing: keyRing.id,\n});\nconst queryConfigCmek = new gcp.bigquery.DataTransferConfig(\"query_config_cmek\", {\n displayName: \"\",\n location: \"asia-northeast1\",\n dataSourceId: \"scheduled_query\",\n schedule: \"first sunday of quarter 00:00\",\n destinationDatasetId: myDataset.datasetId,\n params: {\n destination_table_name_template: \"my_table\",\n write_disposition: \"WRITE_APPEND\",\n query: \"SELECT name FROM tabl WHERE x = 'y'\",\n },\n encryptionConfiguration: {\n kmsKeyName: cryptoKey.id,\n },\n}, {\n dependsOn: [permissions],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\npermissions = gcp.projects.IAMMember(\"permissions\",\n project=project.project_id,\n role=\"roles/iam.serviceAccountTokenCreator\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com\")\nmy_dataset = gcp.bigquery.Dataset(\"my_dataset\",\n dataset_id=\"example_dataset\",\n friendly_name=\"foo\",\n description=\"bar\",\n location=\"asia-northeast1\",\n opts = pulumi.ResourceOptions(depends_on=[permissions]))\nkey_ring = gcp.kms.KeyRing(\"key_ring\",\n name=\"example-keyring\",\n location=\"us\")\ncrypto_key = gcp.kms.CryptoKey(\"crypto_key\",\n name=\"example-key\",\n key_ring=key_ring.id)\nquery_config_cmek = gcp.bigquery.DataTransferConfig(\"query_config_cmek\",\n display_name=\"\",\n location=\"asia-northeast1\",\n data_source_id=\"scheduled_query\",\n schedule=\"first sunday of quarter 00:00\",\n destination_dataset_id=my_dataset.dataset_id,\n params={\n \"destination_table_name_template\": \"my_table\",\n \"write_disposition\": \"WRITE_APPEND\",\n \"query\": \"SELECT name FROM tabl WHERE x = 'y'\",\n },\n encryption_configuration={\n \"kms_key_name\": crypto_key.id,\n },\n opts = pulumi.ResourceOptions(depends_on=[permissions]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var permissions = new Gcp.Projects.IAMMember(\"permissions\", new()\n {\n Project = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n Role = \"roles/iam.serviceAccountTokenCreator\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com\",\n });\n\n var myDataset = new Gcp.BigQuery.Dataset(\"my_dataset\", new()\n {\n DatasetId = \"example_dataset\",\n FriendlyName = \"foo\",\n Description = \"bar\",\n Location = \"asia-northeast1\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n permissions,\n },\n });\n\n var keyRing = new Gcp.Kms.KeyRing(\"key_ring\", new()\n {\n Name = \"example-keyring\",\n Location = \"us\",\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKey(\"crypto_key\", new()\n {\n Name = \"example-key\",\n KeyRing = keyRing.Id,\n });\n\n var queryConfigCmek = new Gcp.BigQuery.DataTransferConfig(\"query_config_cmek\", new()\n {\n DisplayName = \"\",\n Location = \"asia-northeast1\",\n DataSourceId = \"scheduled_query\",\n Schedule = \"first sunday of quarter 00:00\",\n DestinationDatasetId = myDataset.DatasetId,\n Params = \n {\n { \"destination_table_name_template\", \"my_table\" },\n { \"write_disposition\", \"WRITE_APPEND\" },\n { \"query\", \"SELECT name FROM tabl WHERE x = 'y'\" },\n },\n EncryptionConfiguration = new Gcp.BigQuery.Inputs.DataTransferConfigEncryptionConfigurationArgs\n {\n KmsKeyName = cryptoKey.Id,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n permissions,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpermissions, err := projects.NewIAMMember(ctx, \"permissions\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(project.ProjectId),\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountTokenCreator\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyDataset, err := bigquery.NewDataset(ctx, \"my_dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t\tFriendlyName: pulumi.String(\"foo\"),\n\t\t\tDescription: pulumi.String(\"bar\"),\n\t\t\tLocation: pulumi.String(\"asia-northeast1\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tpermissions,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkeyRing, err := kms.NewKeyRing(ctx, \"key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"example-keyring\"),\n\t\t\tLocation: pulumi.String(\"us\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKey(ctx, \"crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"example-key\"),\n\t\t\tKeyRing: keyRing.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDataTransferConfig(ctx, \"query_config_cmek\", \u0026bigquery.DataTransferConfigArgs{\n\t\t\tDisplayName: pulumi.String(\"\"),\n\t\t\tLocation: pulumi.String(\"asia-northeast1\"),\n\t\t\tDataSourceId: pulumi.String(\"scheduled_query\"),\n\t\t\tSchedule: pulumi.String(\"first sunday of quarter 00:00\"),\n\t\t\tDestinationDatasetId: myDataset.DatasetId,\n\t\t\tParams: pulumi.StringMap{\n\t\t\t\t\"destination_table_name_template\": pulumi.String(\"my_table\"),\n\t\t\t\t\"write_disposition\": pulumi.String(\"WRITE_APPEND\"),\n\t\t\t\t\"query\": pulumi.String(\"SELECT name FROM tabl WHERE x = 'y'\"),\n\t\t\t},\n\t\t\tEncryptionConfiguration: \u0026bigquery.DataTransferConfigEncryptionConfigurationArgs{\n\t\t\t\tKmsKeyName: cryptoKey.ID(),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tpermissions,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.bigquery.DataTransferConfig;\nimport com.pulumi.gcp.bigquery.DataTransferConfigArgs;\nimport com.pulumi.gcp.bigquery.inputs.DataTransferConfigEncryptionConfigurationArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var permissions = new IAMMember(\"permissions\", IAMMemberArgs.builder()\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .role(\"roles/iam.serviceAccountTokenCreator\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var myDataset = new Dataset(\"myDataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .friendlyName(\"foo\")\n .description(\"bar\")\n .location(\"asia-northeast1\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(permissions)\n .build());\n\n var keyRing = new KeyRing(\"keyRing\", KeyRingArgs.builder()\n .name(\"example-keyring\")\n .location(\"us\")\n .build());\n\n var cryptoKey = new CryptoKey(\"cryptoKey\", CryptoKeyArgs.builder()\n .name(\"example-key\")\n .keyRing(keyRing.id())\n .build());\n\n var queryConfigCmek = new DataTransferConfig(\"queryConfigCmek\", DataTransferConfigArgs.builder()\n .displayName(\"\")\n .location(\"asia-northeast1\")\n .dataSourceId(\"scheduled_query\")\n .schedule(\"first sunday of quarter 00:00\")\n .destinationDatasetId(myDataset.datasetId())\n .params(Map.ofEntries(\n Map.entry(\"destination_table_name_template\", \"my_table\"),\n Map.entry(\"write_disposition\", \"WRITE_APPEND\"),\n Map.entry(\"query\", \"SELECT name FROM tabl WHERE x = 'y'\")\n ))\n .encryptionConfiguration(DataTransferConfigEncryptionConfigurationArgs.builder()\n .kmsKeyName(cryptoKey.id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(permissions)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n permissions:\n type: gcp:projects:IAMMember\n properties:\n project: ${project.projectId}\n role: roles/iam.serviceAccountTokenCreator\n member: serviceAccount:service-${project.number}@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com\n queryConfigCmek:\n type: gcp:bigquery:DataTransferConfig\n name: query_config_cmek\n properties:\n displayName: \"\"\n location: asia-northeast1\n dataSourceId: scheduled_query\n schedule: first sunday of quarter 00:00\n destinationDatasetId: ${myDataset.datasetId}\n params:\n destination_table_name_template: my_table\n write_disposition: WRITE_APPEND\n query: SELECT name FROM tabl WHERE x = 'y'\n encryptionConfiguration:\n kmsKeyName: ${cryptoKey.id}\n options:\n dependsOn:\n - ${permissions}\n myDataset:\n type: gcp:bigquery:Dataset\n name: my_dataset\n properties:\n datasetId: example_dataset\n friendlyName: foo\n description: bar\n location: asia-northeast1\n options:\n dependsOn:\n - ${permissions}\n cryptoKey:\n type: gcp:kms:CryptoKey\n name: crypto_key\n properties:\n name: example-key\n keyRing: ${keyRing.id}\n keyRing:\n type: gcp:kms:KeyRing\n name: key_ring\n properties:\n name: example-keyring\n location: us\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquerydatatransfer Config Salesforce\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst myDataset = new gcp.bigquery.Dataset(\"my_dataset\", {\n datasetId: \"my_dataset\",\n description: \"My dataset\",\n location: \"asia-northeast1\",\n});\nconst salesforceConfig = new gcp.bigquery.DataTransferConfig(\"salesforce_config\", {\n displayName: \"my-salesforce-config\",\n location: \"asia-northeast1\",\n dataSourceId: \"salesforce\",\n schedule: \"first sunday of quarter 00:00\",\n destinationDatasetId: myDataset.datasetId,\n params: {\n \"connector.authentication.oauth.clientId\": \"client-id\",\n \"connector.authentication.oauth.clientSecret\": \"client-secret\",\n \"connector.authentication.oauth.myDomain\": \"MyDomainName\",\n assets: \"[\\\"asset-a\\\",\\\"asset-b\\\"]\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nmy_dataset = gcp.bigquery.Dataset(\"my_dataset\",\n dataset_id=\"my_dataset\",\n description=\"My dataset\",\n location=\"asia-northeast1\")\nsalesforce_config = gcp.bigquery.DataTransferConfig(\"salesforce_config\",\n display_name=\"my-salesforce-config\",\n location=\"asia-northeast1\",\n data_source_id=\"salesforce\",\n schedule=\"first sunday of quarter 00:00\",\n destination_dataset_id=my_dataset.dataset_id,\n params={\n \"connector.authentication.oauth.clientId\": \"client-id\",\n \"connector.authentication.oauth.clientSecret\": \"client-secret\",\n \"connector.authentication.oauth.myDomain\": \"MyDomainName\",\n \"assets\": \"[\\\"asset-a\\\",\\\"asset-b\\\"]\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var myDataset = new Gcp.BigQuery.Dataset(\"my_dataset\", new()\n {\n DatasetId = \"my_dataset\",\n Description = \"My dataset\",\n Location = \"asia-northeast1\",\n });\n\n var salesforceConfig = new Gcp.BigQuery.DataTransferConfig(\"salesforce_config\", new()\n {\n DisplayName = \"my-salesforce-config\",\n Location = \"asia-northeast1\",\n DataSourceId = \"salesforce\",\n Schedule = \"first sunday of quarter 00:00\",\n DestinationDatasetId = myDataset.DatasetId,\n Params = \n {\n { \"connector.authentication.oauth.clientId\", \"client-id\" },\n { \"connector.authentication.oauth.clientSecret\", \"client-secret\" },\n { \"connector.authentication.oauth.myDomain\", \"MyDomainName\" },\n { \"assets\", \"[\\\"asset-a\\\",\\\"asset-b\\\"]\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyDataset, err := bigquery.NewDataset(ctx, \"my_dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"my_dataset\"),\n\t\t\tDescription: pulumi.String(\"My dataset\"),\n\t\t\tLocation: pulumi.String(\"asia-northeast1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDataTransferConfig(ctx, \"salesforce_config\", \u0026bigquery.DataTransferConfigArgs{\n\t\t\tDisplayName: pulumi.String(\"my-salesforce-config\"),\n\t\t\tLocation: pulumi.String(\"asia-northeast1\"),\n\t\t\tDataSourceId: pulumi.String(\"salesforce\"),\n\t\t\tSchedule: pulumi.String(\"first sunday of quarter 00:00\"),\n\t\t\tDestinationDatasetId: myDataset.DatasetId,\n\t\t\tParams: pulumi.StringMap{\n\t\t\t\t\"connector.authentication.oauth.clientId\": pulumi.String(\"client-id\"),\n\t\t\t\t\"connector.authentication.oauth.clientSecret\": pulumi.String(\"client-secret\"),\n\t\t\t\t\"connector.authentication.oauth.myDomain\": pulumi.String(\"MyDomainName\"),\n\t\t\t\t\"assets\": pulumi.String(\"[\\\"asset-a\\\",\\\"asset-b\\\"]\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DataTransferConfig;\nimport com.pulumi.gcp.bigquery.DataTransferConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var myDataset = new Dataset(\"myDataset\", DatasetArgs.builder()\n .datasetId(\"my_dataset\")\n .description(\"My dataset\")\n .location(\"asia-northeast1\")\n .build());\n\n var salesforceConfig = new DataTransferConfig(\"salesforceConfig\", DataTransferConfigArgs.builder()\n .displayName(\"my-salesforce-config\")\n .location(\"asia-northeast1\")\n .dataSourceId(\"salesforce\")\n .schedule(\"first sunday of quarter 00:00\")\n .destinationDatasetId(myDataset.datasetId())\n .params(Map.ofEntries(\n Map.entry(\"connector.authentication.oauth.clientId\", \"client-id\"),\n Map.entry(\"connector.authentication.oauth.clientSecret\", \"client-secret\"),\n Map.entry(\"connector.authentication.oauth.myDomain\", \"MyDomainName\"),\n Map.entry(\"assets\", \"[\\\"asset-a\\\",\\\"asset-b\\\"]\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myDataset:\n type: gcp:bigquery:Dataset\n name: my_dataset\n properties:\n datasetId: my_dataset\n description: My dataset\n location: asia-northeast1\n salesforceConfig:\n type: gcp:bigquery:DataTransferConfig\n name: salesforce_config\n properties:\n displayName: my-salesforce-config\n location: asia-northeast1\n dataSourceId: salesforce\n schedule: first sunday of quarter 00:00\n destinationDatasetId: ${myDataset.datasetId}\n params:\n connector.authentication.oauth.clientId: client-id\n connector.authentication.oauth.clientSecret: client-secret\n connector.authentication.oauth.myDomain: MyDomainName\n assets: '[\"asset-a\",\"asset-b\"]'\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nConfig can be imported using any of these accepted formats:\n\n* `{{project}}/{{name}}`\n\n* `{{project}} {{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Config can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:bigquery/dataTransferConfig:DataTransferConfig default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:bigquery/dataTransferConfig:DataTransferConfig default \"{{project}} {{name}}\"\n```\n\n```sh\n$ pulumi import gcp:bigquery/dataTransferConfig:DataTransferConfig default {{name}}\n```\n\n", "properties": { "dataRefreshWindowDays": { "type": "integer", @@ -141087,7 +141087,7 @@ } }, "gcp:bigquery/datasetIamBinding:DatasetIamBinding": { - "description": "Three different resources help you manage your IAM policy for BigQuery dataset. Each of these resources serves a different use case:\n\n* `gcp.bigquery.DatasetIamPolicy`: Authoritative. Sets the IAM policy for the dataset and replaces any existing policy already attached.\n* `gcp.bigquery.DatasetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataset are preserved.\n* `gcp.bigquery.DatasetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataset are preserved.\n\nThese resources are intended to convert the permissions system for BigQuery datasets to the standard IAM interface. For advanced usages, including [creating authorized views](https://cloud.google.com/bigquery/docs/share-access-views), please use either `gcp.bigquery.DatasetAccess` or the `access` field on `gcp.bigquery.Dataset`.\n\n\u003e **Note:** These resources **cannot** be used with `gcp.bigquery.DatasetAccess` resources or the `access` field on `gcp.bigquery.Dataset` or they will fight over what the policy should be.\n\n\u003e **Note:** Using any of these resources will remove any authorized view permissions from the dataset. To assign and preserve authorized view permissions use the `gcp.bigquery.DatasetAccess` instead.\n\n\u003e **Note:** Legacy BigQuery roles `OWNER` `WRITER` and `READER` **cannot** be used with any of these IAM resources. Instead use the full role form of: `roles/bigquery.dataOwner` `roles/bigquery.dataEditor` and `roles/bigquery.dataViewer`.\n\n\u003e **Note:** `gcp.bigquery.DatasetIamPolicy` **cannot** be used in conjunction with `gcp.bigquery.DatasetIamBinding` and `gcp.bigquery.DatasetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.DatasetIamBinding` resources **can be** used in conjunction with `gcp.bigquery.DatasetIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.bigquery.DatasetIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst owner = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst datasetDataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst dataset = new gcp.bigquery.DatasetIamPolicy(\"dataset\", {\n datasetId: datasetDataset.datasetId,\n policyData: owner.then(owner =\u003e owner.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nowner = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigquery.dataOwner\",\n \"members\": [\"user:jane@example.com\"],\n}])\ndataset_dataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\ndataset = gcp.bigquery.DatasetIamPolicy(\"dataset\",\n dataset_id=dataset_dataset.dataset_id,\n policy_data=owner.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var owner = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var datasetDataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var dataset = new Gcp.BigQuery.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = datasetDataset.DatasetId,\n PolicyData = owner.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\towner, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdatasetDataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamPolicy(ctx, \"dataset\", \u0026bigquery.DatasetIamPolicyArgs{\n\t\t\tDatasetId: datasetDataset.DatasetId,\n\t\t\tPolicyData: pulumi.String(owner.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicy;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var owner = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var datasetDataset = new Dataset(\"datasetDataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder()\n .datasetId(datasetDataset.datasetId())\n .policyData(owner.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:bigquery:DatasetIamPolicy\n properties:\n datasetId: ${datasetDataset.datasetId}\n policyData: ${owner.policyData}\n datasetDataset:\n type: gcp:bigquery:Dataset\n name: dataset\n properties:\n datasetId: example_dataset\nvariables:\n owner:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.DatasetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst reader = new gcp.bigquery.DatasetIamBinding(\"reader\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\nreader = gcp.bigquery.DatasetIamBinding(\"reader\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var reader = new Gcp.BigQuery.DatasetIamBinding(\"reader\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamBinding(ctx, \"reader\", \u0026bigquery.DatasetIamBindingArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamBinding;\nimport com.pulumi.gcp.bigquery.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var reader = new DatasetIamBinding(\"reader\", DatasetIamBindingArgs.builder()\n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n reader:\n type: gcp:bigquery:DatasetIamBinding\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataViewer\n members:\n - user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.DatasetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst editor = new gcp.bigquery.DatasetIamMember(\"editor\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataEditor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\neditor = gcp.bigquery.DatasetIamMember(\"editor\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataEditor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var editor = new Gcp.BigQuery.DatasetIamMember(\"editor\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataEditor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamMember(ctx, \"editor\", \u0026bigquery.DatasetIamMemberArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataEditor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamMember;\nimport com.pulumi.gcp.bigquery.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var editor = new DatasetIamMember(\"editor\", DatasetIamMemberArgs.builder()\n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataEditor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigquery:DatasetIamMember\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataEditor\n member: user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.DatasetIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst owner = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst datasetDataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst dataset = new gcp.bigquery.DatasetIamPolicy(\"dataset\", {\n datasetId: datasetDataset.datasetId,\n policyData: owner.then(owner =\u003e owner.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nowner = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigquery.dataOwner\",\n \"members\": [\"user:jane@example.com\"],\n}])\ndataset_dataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\ndataset = gcp.bigquery.DatasetIamPolicy(\"dataset\",\n dataset_id=dataset_dataset.dataset_id,\n policy_data=owner.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var owner = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var datasetDataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var dataset = new Gcp.BigQuery.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = datasetDataset.DatasetId,\n PolicyData = owner.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\towner, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdatasetDataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamPolicy(ctx, \"dataset\", \u0026bigquery.DatasetIamPolicyArgs{\n\t\t\tDatasetId: datasetDataset.DatasetId,\n\t\t\tPolicyData: pulumi.String(owner.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicy;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var owner = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var datasetDataset = new Dataset(\"datasetDataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder()\n .datasetId(datasetDataset.datasetId())\n .policyData(owner.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:bigquery:DatasetIamPolicy\n properties:\n datasetId: ${datasetDataset.datasetId}\n policyData: ${owner.policyData}\n datasetDataset:\n type: gcp:bigquery:Dataset\n name: dataset\n properties:\n datasetId: example_dataset\nvariables:\n owner:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.DatasetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst reader = new gcp.bigquery.DatasetIamBinding(\"reader\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\nreader = gcp.bigquery.DatasetIamBinding(\"reader\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var reader = new Gcp.BigQuery.DatasetIamBinding(\"reader\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamBinding(ctx, \"reader\", \u0026bigquery.DatasetIamBindingArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamBinding;\nimport com.pulumi.gcp.bigquery.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var reader = new DatasetIamBinding(\"reader\", DatasetIamBindingArgs.builder()\n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n reader:\n type: gcp:bigquery:DatasetIamBinding\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataViewer\n members:\n - user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.DatasetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst editor = new gcp.bigquery.DatasetIamMember(\"editor\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataEditor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\neditor = gcp.bigquery.DatasetIamMember(\"editor\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataEditor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var editor = new Gcp.BigQuery.DatasetIamMember(\"editor\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataEditor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamMember(ctx, \"editor\", \u0026bigquery.DatasetIamMemberArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataEditor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamMember;\nimport com.pulumi.gcp.bigquery.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var editor = new DatasetIamMember(\"editor\", DatasetIamMemberArgs.builder()\n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataEditor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigquery:DatasetIamMember\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataEditor\n member: user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the BigQuery Dataset resource. For example:\n\n* `projects/{{project_id}}/datasets/{{dataset_id}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = projects/{{project_id}}/datasets/{{dataset_id}}\n\n to = google_bigquery_dataset_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigquery/datasetIamBinding:DatasetIamBinding default projects/{{project_id}}/datasets/{{dataset_id}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for BigQuery dataset. Each of these resources serves a different use case:\n\n* `gcp.bigquery.DatasetIamPolicy`: Authoritative. Sets the IAM policy for the dataset and replaces any existing policy already attached.\n* `gcp.bigquery.DatasetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataset are preserved.\n* `gcp.bigquery.DatasetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataset are preserved.\n\nThese resources are intended to convert the permissions system for BigQuery datasets to the standard IAM interface. For advanced usages, including [creating authorized views](https://cloud.google.com/bigquery/docs/share-access-views), please use either `gcp.bigquery.DatasetAccess` or the `access` field on `gcp.bigquery.Dataset`.\n\n\u003e **Note:** These resources **cannot** be used with `gcp.bigquery.DatasetAccess` resources or the `access` field on `gcp.bigquery.Dataset` or they will fight over what the policy should be.\n\n\u003e **Note:** Using any of these resources will remove any authorized view permissions from the dataset. To assign and preserve authorized view permissions use the `gcp.bigquery.DatasetAccess` instead.\n\n\u003e **Note:** Legacy BigQuery roles `OWNER` `WRITER` and `READER` **cannot** be used with any of these IAM resources. Instead use the full role form of: `roles/bigquery.dataOwner` `roles/bigquery.dataEditor` and `roles/bigquery.dataViewer`.\n\n\u003e **Note:** `gcp.bigquery.DatasetIamPolicy` **cannot** be used in conjunction with `gcp.bigquery.DatasetIamBinding` and `gcp.bigquery.DatasetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.DatasetIamBinding` resources **can be** used in conjunction with `gcp.bigquery.DatasetIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.bigquery.DatasetIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst owner = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst datasetDataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst dataset = new gcp.bigquery.DatasetIamPolicy(\"dataset\", {\n datasetId: datasetDataset.datasetId,\n policyData: owner.then(owner =\u003e owner.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nowner = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigquery.dataOwner\",\n \"members\": [\"user:jane@example.com\"],\n}])\ndataset_dataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\ndataset = gcp.bigquery.DatasetIamPolicy(\"dataset\",\n dataset_id=dataset_dataset.dataset_id,\n policy_data=owner.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var owner = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var datasetDataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var dataset = new Gcp.BigQuery.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = datasetDataset.DatasetId,\n PolicyData = owner.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\towner, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdatasetDataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamPolicy(ctx, \"dataset\", \u0026bigquery.DatasetIamPolicyArgs{\n\t\t\tDatasetId: datasetDataset.DatasetId,\n\t\t\tPolicyData: pulumi.String(owner.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicy;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var owner = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var datasetDataset = new Dataset(\"datasetDataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder()\n .datasetId(datasetDataset.datasetId())\n .policyData(owner.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:bigquery:DatasetIamPolicy\n properties:\n datasetId: ${datasetDataset.datasetId}\n policyData: ${owner.policyData}\n datasetDataset:\n type: gcp:bigquery:Dataset\n name: dataset\n properties:\n datasetId: example_dataset\nvariables:\n owner:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.DatasetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst reader = new gcp.bigquery.DatasetIamBinding(\"reader\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\nreader = gcp.bigquery.DatasetIamBinding(\"reader\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var reader = new Gcp.BigQuery.DatasetIamBinding(\"reader\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamBinding(ctx, \"reader\", \u0026bigquery.DatasetIamBindingArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamBinding;\nimport com.pulumi.gcp.bigquery.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var reader = new DatasetIamBinding(\"reader\", DatasetIamBindingArgs.builder()\n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n reader:\n type: gcp:bigquery:DatasetIamBinding\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataViewer\n members:\n - user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.DatasetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst editor = new gcp.bigquery.DatasetIamMember(\"editor\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataEditor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\neditor = gcp.bigquery.DatasetIamMember(\"editor\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataEditor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var editor = new Gcp.BigQuery.DatasetIamMember(\"editor\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataEditor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamMember(ctx, \"editor\", \u0026bigquery.DatasetIamMemberArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataEditor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamMember;\nimport com.pulumi.gcp.bigquery.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var editor = new DatasetIamMember(\"editor\", DatasetIamMemberArgs.builder()\n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataEditor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigquery:DatasetIamMember\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataEditor\n member: user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.DatasetIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst owner = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst datasetDataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst dataset = new gcp.bigquery.DatasetIamPolicy(\"dataset\", {\n datasetId: datasetDataset.datasetId,\n policyData: owner.then(owner =\u003e owner.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nowner = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigquery.dataOwner\",\n \"members\": [\"user:jane@example.com\"],\n}])\ndataset_dataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\ndataset = gcp.bigquery.DatasetIamPolicy(\"dataset\",\n dataset_id=dataset_dataset.dataset_id,\n policy_data=owner.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var owner = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var datasetDataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var dataset = new Gcp.BigQuery.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = datasetDataset.DatasetId,\n PolicyData = owner.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\towner, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdatasetDataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamPolicy(ctx, \"dataset\", \u0026bigquery.DatasetIamPolicyArgs{\n\t\t\tDatasetId: datasetDataset.DatasetId,\n\t\t\tPolicyData: pulumi.String(owner.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicy;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var owner = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var datasetDataset = new Dataset(\"datasetDataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder()\n .datasetId(datasetDataset.datasetId())\n .policyData(owner.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:bigquery:DatasetIamPolicy\n properties:\n datasetId: ${datasetDataset.datasetId}\n policyData: ${owner.policyData}\n datasetDataset:\n type: gcp:bigquery:Dataset\n name: dataset\n properties:\n datasetId: example_dataset\nvariables:\n owner:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.DatasetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst reader = new gcp.bigquery.DatasetIamBinding(\"reader\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\nreader = gcp.bigquery.DatasetIamBinding(\"reader\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var reader = new Gcp.BigQuery.DatasetIamBinding(\"reader\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamBinding(ctx, \"reader\", \u0026bigquery.DatasetIamBindingArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamBinding;\nimport com.pulumi.gcp.bigquery.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var reader = new DatasetIamBinding(\"reader\", DatasetIamBindingArgs.builder()\n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n reader:\n type: gcp:bigquery:DatasetIamBinding\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataViewer\n members:\n - user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.DatasetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst editor = new gcp.bigquery.DatasetIamMember(\"editor\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataEditor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\neditor = gcp.bigquery.DatasetIamMember(\"editor\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataEditor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var editor = new Gcp.BigQuery.DatasetIamMember(\"editor\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataEditor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamMember(ctx, \"editor\", \u0026bigquery.DatasetIamMemberArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataEditor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamMember;\nimport com.pulumi.gcp.bigquery.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var editor = new DatasetIamMember(\"editor\", DatasetIamMemberArgs.builder()\n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataEditor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigquery:DatasetIamMember\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataEditor\n member: user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the BigQuery Dataset resource. For example:\n\n* `projects/{{project_id}}/datasets/{{dataset_id}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = projects/{{project_id}}/datasets/{{dataset_id}}\n\n to = google_bigquery_dataset_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigquery/datasetIamBinding:DatasetIamBinding default projects/{{project_id}}/datasets/{{dataset_id}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:bigquery/DatasetIamBindingCondition:DatasetIamBindingCondition" @@ -141194,7 +141194,7 @@ } }, "gcp:bigquery/datasetIamMember:DatasetIamMember": { - "description": "Three different resources help you manage your IAM policy for BigQuery dataset. Each of these resources serves a different use case:\n\n* `gcp.bigquery.DatasetIamPolicy`: Authoritative. Sets the IAM policy for the dataset and replaces any existing policy already attached.\n* `gcp.bigquery.DatasetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataset are preserved.\n* `gcp.bigquery.DatasetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataset are preserved.\n\nThese resources are intended to convert the permissions system for BigQuery datasets to the standard IAM interface. For advanced usages, including [creating authorized views](https://cloud.google.com/bigquery/docs/share-access-views), please use either `gcp.bigquery.DatasetAccess` or the `access` field on `gcp.bigquery.Dataset`.\n\n\u003e **Note:** These resources **cannot** be used with `gcp.bigquery.DatasetAccess` resources or the `access` field on `gcp.bigquery.Dataset` or they will fight over what the policy should be.\n\n\u003e **Note:** Using any of these resources will remove any authorized view permissions from the dataset. To assign and preserve authorized view permissions use the `gcp.bigquery.DatasetAccess` instead.\n\n\u003e **Note:** Legacy BigQuery roles `OWNER` `WRITER` and `READER` **cannot** be used with any of these IAM resources. Instead use the full role form of: `roles/bigquery.dataOwner` `roles/bigquery.dataEditor` and `roles/bigquery.dataViewer`.\n\n\u003e **Note:** `gcp.bigquery.DatasetIamPolicy` **cannot** be used in conjunction with `gcp.bigquery.DatasetIamBinding` and `gcp.bigquery.DatasetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.DatasetIamBinding` resources **can be** used in conjunction with `gcp.bigquery.DatasetIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.bigquery.DatasetIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst owner = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst datasetDataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst dataset = new gcp.bigquery.DatasetIamPolicy(\"dataset\", {\n datasetId: datasetDataset.datasetId,\n policyData: owner.then(owner =\u003e owner.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nowner = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigquery.dataOwner\",\n \"members\": [\"user:jane@example.com\"],\n}])\ndataset_dataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\ndataset = gcp.bigquery.DatasetIamPolicy(\"dataset\",\n dataset_id=dataset_dataset.dataset_id,\n policy_data=owner.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var owner = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var datasetDataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var dataset = new Gcp.BigQuery.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = datasetDataset.DatasetId,\n PolicyData = owner.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\towner, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdatasetDataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamPolicy(ctx, \"dataset\", \u0026bigquery.DatasetIamPolicyArgs{\n\t\t\tDatasetId: datasetDataset.DatasetId,\n\t\t\tPolicyData: pulumi.String(owner.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicy;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var owner = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var datasetDataset = new Dataset(\"datasetDataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder()\n .datasetId(datasetDataset.datasetId())\n .policyData(owner.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:bigquery:DatasetIamPolicy\n properties:\n datasetId: ${datasetDataset.datasetId}\n policyData: ${owner.policyData}\n datasetDataset:\n type: gcp:bigquery:Dataset\n name: dataset\n properties:\n datasetId: example_dataset\nvariables:\n owner:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.DatasetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst reader = new gcp.bigquery.DatasetIamBinding(\"reader\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\nreader = gcp.bigquery.DatasetIamBinding(\"reader\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var reader = new Gcp.BigQuery.DatasetIamBinding(\"reader\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamBinding(ctx, \"reader\", \u0026bigquery.DatasetIamBindingArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamBinding;\nimport com.pulumi.gcp.bigquery.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var reader = new DatasetIamBinding(\"reader\", DatasetIamBindingArgs.builder()\n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n reader:\n type: gcp:bigquery:DatasetIamBinding\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataViewer\n members:\n - user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.DatasetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst editor = new gcp.bigquery.DatasetIamMember(\"editor\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataEditor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\neditor = gcp.bigquery.DatasetIamMember(\"editor\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataEditor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var editor = new Gcp.BigQuery.DatasetIamMember(\"editor\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataEditor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamMember(ctx, \"editor\", \u0026bigquery.DatasetIamMemberArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataEditor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamMember;\nimport com.pulumi.gcp.bigquery.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var editor = new DatasetIamMember(\"editor\", DatasetIamMemberArgs.builder()\n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataEditor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigquery:DatasetIamMember\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataEditor\n member: user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.DatasetIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst owner = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst datasetDataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst dataset = new gcp.bigquery.DatasetIamPolicy(\"dataset\", {\n datasetId: datasetDataset.datasetId,\n policyData: owner.then(owner =\u003e owner.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nowner = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigquery.dataOwner\",\n \"members\": [\"user:jane@example.com\"],\n}])\ndataset_dataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\ndataset = gcp.bigquery.DatasetIamPolicy(\"dataset\",\n dataset_id=dataset_dataset.dataset_id,\n policy_data=owner.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var owner = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var datasetDataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var dataset = new Gcp.BigQuery.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = datasetDataset.DatasetId,\n PolicyData = owner.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\towner, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdatasetDataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamPolicy(ctx, \"dataset\", \u0026bigquery.DatasetIamPolicyArgs{\n\t\t\tDatasetId: datasetDataset.DatasetId,\n\t\t\tPolicyData: pulumi.String(owner.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicy;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var owner = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var datasetDataset = new Dataset(\"datasetDataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder()\n .datasetId(datasetDataset.datasetId())\n .policyData(owner.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:bigquery:DatasetIamPolicy\n properties:\n datasetId: ${datasetDataset.datasetId}\n policyData: ${owner.policyData}\n datasetDataset:\n type: gcp:bigquery:Dataset\n name: dataset\n properties:\n datasetId: example_dataset\nvariables:\n owner:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.DatasetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst reader = new gcp.bigquery.DatasetIamBinding(\"reader\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\nreader = gcp.bigquery.DatasetIamBinding(\"reader\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var reader = new Gcp.BigQuery.DatasetIamBinding(\"reader\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamBinding(ctx, \"reader\", \u0026bigquery.DatasetIamBindingArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamBinding;\nimport com.pulumi.gcp.bigquery.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var reader = new DatasetIamBinding(\"reader\", DatasetIamBindingArgs.builder()\n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n reader:\n type: gcp:bigquery:DatasetIamBinding\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataViewer\n members:\n - user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.DatasetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst editor = new gcp.bigquery.DatasetIamMember(\"editor\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataEditor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\neditor = gcp.bigquery.DatasetIamMember(\"editor\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataEditor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var editor = new Gcp.BigQuery.DatasetIamMember(\"editor\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataEditor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamMember(ctx, \"editor\", \u0026bigquery.DatasetIamMemberArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataEditor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamMember;\nimport com.pulumi.gcp.bigquery.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var editor = new DatasetIamMember(\"editor\", DatasetIamMemberArgs.builder()\n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataEditor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigquery:DatasetIamMember\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataEditor\n member: user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the BigQuery Dataset resource. For example:\n\n* `projects/{{project_id}}/datasets/{{dataset_id}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = projects/{{project_id}}/datasets/{{dataset_id}}\n\n to = google_bigquery_dataset_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigquery/datasetIamMember:DatasetIamMember default projects/{{project_id}}/datasets/{{dataset_id}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for BigQuery dataset. Each of these resources serves a different use case:\n\n* `gcp.bigquery.DatasetIamPolicy`: Authoritative. Sets the IAM policy for the dataset and replaces any existing policy already attached.\n* `gcp.bigquery.DatasetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataset are preserved.\n* `gcp.bigquery.DatasetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataset are preserved.\n\nThese resources are intended to convert the permissions system for BigQuery datasets to the standard IAM interface. For advanced usages, including [creating authorized views](https://cloud.google.com/bigquery/docs/share-access-views), please use either `gcp.bigquery.DatasetAccess` or the `access` field on `gcp.bigquery.Dataset`.\n\n\u003e **Note:** These resources **cannot** be used with `gcp.bigquery.DatasetAccess` resources or the `access` field on `gcp.bigquery.Dataset` or they will fight over what the policy should be.\n\n\u003e **Note:** Using any of these resources will remove any authorized view permissions from the dataset. To assign and preserve authorized view permissions use the `gcp.bigquery.DatasetAccess` instead.\n\n\u003e **Note:** Legacy BigQuery roles `OWNER` `WRITER` and `READER` **cannot** be used with any of these IAM resources. Instead use the full role form of: `roles/bigquery.dataOwner` `roles/bigquery.dataEditor` and `roles/bigquery.dataViewer`.\n\n\u003e **Note:** `gcp.bigquery.DatasetIamPolicy` **cannot** be used in conjunction with `gcp.bigquery.DatasetIamBinding` and `gcp.bigquery.DatasetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.DatasetIamBinding` resources **can be** used in conjunction with `gcp.bigquery.DatasetIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.bigquery.DatasetIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst owner = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst datasetDataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst dataset = new gcp.bigquery.DatasetIamPolicy(\"dataset\", {\n datasetId: datasetDataset.datasetId,\n policyData: owner.then(owner =\u003e owner.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nowner = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigquery.dataOwner\",\n \"members\": [\"user:jane@example.com\"],\n}])\ndataset_dataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\ndataset = gcp.bigquery.DatasetIamPolicy(\"dataset\",\n dataset_id=dataset_dataset.dataset_id,\n policy_data=owner.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var owner = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var datasetDataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var dataset = new Gcp.BigQuery.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = datasetDataset.DatasetId,\n PolicyData = owner.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\towner, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdatasetDataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamPolicy(ctx, \"dataset\", \u0026bigquery.DatasetIamPolicyArgs{\n\t\t\tDatasetId: datasetDataset.DatasetId,\n\t\t\tPolicyData: pulumi.String(owner.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicy;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var owner = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var datasetDataset = new Dataset(\"datasetDataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder()\n .datasetId(datasetDataset.datasetId())\n .policyData(owner.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:bigquery:DatasetIamPolicy\n properties:\n datasetId: ${datasetDataset.datasetId}\n policyData: ${owner.policyData}\n datasetDataset:\n type: gcp:bigquery:Dataset\n name: dataset\n properties:\n datasetId: example_dataset\nvariables:\n owner:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.DatasetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst reader = new gcp.bigquery.DatasetIamBinding(\"reader\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\nreader = gcp.bigquery.DatasetIamBinding(\"reader\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var reader = new Gcp.BigQuery.DatasetIamBinding(\"reader\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamBinding(ctx, \"reader\", \u0026bigquery.DatasetIamBindingArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamBinding;\nimport com.pulumi.gcp.bigquery.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var reader = new DatasetIamBinding(\"reader\", DatasetIamBindingArgs.builder()\n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n reader:\n type: gcp:bigquery:DatasetIamBinding\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataViewer\n members:\n - user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.DatasetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst editor = new gcp.bigquery.DatasetIamMember(\"editor\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataEditor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\neditor = gcp.bigquery.DatasetIamMember(\"editor\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataEditor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var editor = new Gcp.BigQuery.DatasetIamMember(\"editor\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataEditor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamMember(ctx, \"editor\", \u0026bigquery.DatasetIamMemberArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataEditor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamMember;\nimport com.pulumi.gcp.bigquery.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var editor = new DatasetIamMember(\"editor\", DatasetIamMemberArgs.builder()\n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataEditor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigquery:DatasetIamMember\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataEditor\n member: user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.DatasetIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst owner = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst datasetDataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst dataset = new gcp.bigquery.DatasetIamPolicy(\"dataset\", {\n datasetId: datasetDataset.datasetId,\n policyData: owner.then(owner =\u003e owner.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nowner = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigquery.dataOwner\",\n \"members\": [\"user:jane@example.com\"],\n}])\ndataset_dataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\ndataset = gcp.bigquery.DatasetIamPolicy(\"dataset\",\n dataset_id=dataset_dataset.dataset_id,\n policy_data=owner.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var owner = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var datasetDataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var dataset = new Gcp.BigQuery.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = datasetDataset.DatasetId,\n PolicyData = owner.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\towner, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdatasetDataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamPolicy(ctx, \"dataset\", \u0026bigquery.DatasetIamPolicyArgs{\n\t\t\tDatasetId: datasetDataset.DatasetId,\n\t\t\tPolicyData: pulumi.String(owner.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicy;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var owner = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var datasetDataset = new Dataset(\"datasetDataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder()\n .datasetId(datasetDataset.datasetId())\n .policyData(owner.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:bigquery:DatasetIamPolicy\n properties:\n datasetId: ${datasetDataset.datasetId}\n policyData: ${owner.policyData}\n datasetDataset:\n type: gcp:bigquery:Dataset\n name: dataset\n properties:\n datasetId: example_dataset\nvariables:\n owner:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.DatasetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst reader = new gcp.bigquery.DatasetIamBinding(\"reader\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\nreader = gcp.bigquery.DatasetIamBinding(\"reader\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var reader = new Gcp.BigQuery.DatasetIamBinding(\"reader\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamBinding(ctx, \"reader\", \u0026bigquery.DatasetIamBindingArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamBinding;\nimport com.pulumi.gcp.bigquery.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var reader = new DatasetIamBinding(\"reader\", DatasetIamBindingArgs.builder()\n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n reader:\n type: gcp:bigquery:DatasetIamBinding\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataViewer\n members:\n - user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.DatasetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst editor = new gcp.bigquery.DatasetIamMember(\"editor\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataEditor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\neditor = gcp.bigquery.DatasetIamMember(\"editor\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataEditor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var editor = new Gcp.BigQuery.DatasetIamMember(\"editor\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataEditor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamMember(ctx, \"editor\", \u0026bigquery.DatasetIamMemberArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataEditor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamMember;\nimport com.pulumi.gcp.bigquery.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var editor = new DatasetIamMember(\"editor\", DatasetIamMemberArgs.builder()\n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataEditor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigquery:DatasetIamMember\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataEditor\n member: user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the BigQuery Dataset resource. For example:\n\n* `projects/{{project_id}}/datasets/{{dataset_id}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = projects/{{project_id}}/datasets/{{dataset_id}}\n\n to = google_bigquery_dataset_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigquery/datasetIamMember:DatasetIamMember default projects/{{project_id}}/datasets/{{dataset_id}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:bigquery/DatasetIamMemberCondition:DatasetIamMemberCondition" @@ -141294,7 +141294,7 @@ } }, "gcp:bigquery/datasetIamPolicy:DatasetIamPolicy": { - "description": "Three different resources help you manage your IAM policy for BigQuery dataset. Each of these resources serves a different use case:\n\n* `gcp.bigquery.DatasetIamPolicy`: Authoritative. Sets the IAM policy for the dataset and replaces any existing policy already attached.\n* `gcp.bigquery.DatasetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataset are preserved.\n* `gcp.bigquery.DatasetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataset are preserved.\n\nThese resources are intended to convert the permissions system for BigQuery datasets to the standard IAM interface. For advanced usages, including [creating authorized views](https://cloud.google.com/bigquery/docs/share-access-views), please use either `gcp.bigquery.DatasetAccess` or the `access` field on `gcp.bigquery.Dataset`.\n\n\u003e **Note:** These resources **cannot** be used with `gcp.bigquery.DatasetAccess` resources or the `access` field on `gcp.bigquery.Dataset` or they will fight over what the policy should be.\n\n\u003e **Note:** Using any of these resources will remove any authorized view permissions from the dataset. To assign and preserve authorized view permissions use the `gcp.bigquery.DatasetAccess` instead.\n\n\u003e **Note:** Legacy BigQuery roles `OWNER` `WRITER` and `READER` **cannot** be used with any of these IAM resources. Instead use the full role form of: `roles/bigquery.dataOwner` `roles/bigquery.dataEditor` and `roles/bigquery.dataViewer`.\n\n\u003e **Note:** `gcp.bigquery.DatasetIamPolicy` **cannot** be used in conjunction with `gcp.bigquery.DatasetIamBinding` and `gcp.bigquery.DatasetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.DatasetIamBinding` resources **can be** used in conjunction with `gcp.bigquery.DatasetIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.bigquery.DatasetIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst owner = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst datasetDataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst dataset = new gcp.bigquery.DatasetIamPolicy(\"dataset\", {\n datasetId: datasetDataset.datasetId,\n policyData: owner.then(owner =\u003e owner.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nowner = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigquery.dataOwner\",\n \"members\": [\"user:jane@example.com\"],\n}])\ndataset_dataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\ndataset = gcp.bigquery.DatasetIamPolicy(\"dataset\",\n dataset_id=dataset_dataset.dataset_id,\n policy_data=owner.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var owner = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var datasetDataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var dataset = new Gcp.BigQuery.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = datasetDataset.DatasetId,\n PolicyData = owner.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\towner, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdatasetDataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamPolicy(ctx, \"dataset\", \u0026bigquery.DatasetIamPolicyArgs{\n\t\t\tDatasetId: datasetDataset.DatasetId,\n\t\t\tPolicyData: pulumi.String(owner.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicy;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var owner = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var datasetDataset = new Dataset(\"datasetDataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder()\n .datasetId(datasetDataset.datasetId())\n .policyData(owner.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:bigquery:DatasetIamPolicy\n properties:\n datasetId: ${datasetDataset.datasetId}\n policyData: ${owner.policyData}\n datasetDataset:\n type: gcp:bigquery:Dataset\n name: dataset\n properties:\n datasetId: example_dataset\nvariables:\n owner:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.DatasetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst reader = new gcp.bigquery.DatasetIamBinding(\"reader\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\nreader = gcp.bigquery.DatasetIamBinding(\"reader\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var reader = new Gcp.BigQuery.DatasetIamBinding(\"reader\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamBinding(ctx, \"reader\", \u0026bigquery.DatasetIamBindingArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamBinding;\nimport com.pulumi.gcp.bigquery.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var reader = new DatasetIamBinding(\"reader\", DatasetIamBindingArgs.builder()\n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n reader:\n type: gcp:bigquery:DatasetIamBinding\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataViewer\n members:\n - user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.DatasetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst editor = new gcp.bigquery.DatasetIamMember(\"editor\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataEditor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\neditor = gcp.bigquery.DatasetIamMember(\"editor\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataEditor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var editor = new Gcp.BigQuery.DatasetIamMember(\"editor\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataEditor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamMember(ctx, \"editor\", \u0026bigquery.DatasetIamMemberArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataEditor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamMember;\nimport com.pulumi.gcp.bigquery.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var editor = new DatasetIamMember(\"editor\", DatasetIamMemberArgs.builder()\n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataEditor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigquery:DatasetIamMember\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataEditor\n member: user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.DatasetIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst owner = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst datasetDataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst dataset = new gcp.bigquery.DatasetIamPolicy(\"dataset\", {\n datasetId: datasetDataset.datasetId,\n policyData: owner.then(owner =\u003e owner.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nowner = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigquery.dataOwner\",\n \"members\": [\"user:jane@example.com\"],\n}])\ndataset_dataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\ndataset = gcp.bigquery.DatasetIamPolicy(\"dataset\",\n dataset_id=dataset_dataset.dataset_id,\n policy_data=owner.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var owner = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var datasetDataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var dataset = new Gcp.BigQuery.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = datasetDataset.DatasetId,\n PolicyData = owner.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\towner, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdatasetDataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamPolicy(ctx, \"dataset\", \u0026bigquery.DatasetIamPolicyArgs{\n\t\t\tDatasetId: datasetDataset.DatasetId,\n\t\t\tPolicyData: pulumi.String(owner.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicy;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var owner = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var datasetDataset = new Dataset(\"datasetDataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder()\n .datasetId(datasetDataset.datasetId())\n .policyData(owner.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:bigquery:DatasetIamPolicy\n properties:\n datasetId: ${datasetDataset.datasetId}\n policyData: ${owner.policyData}\n datasetDataset:\n type: gcp:bigquery:Dataset\n name: dataset\n properties:\n datasetId: example_dataset\nvariables:\n owner:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.DatasetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst reader = new gcp.bigquery.DatasetIamBinding(\"reader\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\nreader = gcp.bigquery.DatasetIamBinding(\"reader\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var reader = new Gcp.BigQuery.DatasetIamBinding(\"reader\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamBinding(ctx, \"reader\", \u0026bigquery.DatasetIamBindingArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamBinding;\nimport com.pulumi.gcp.bigquery.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var reader = new DatasetIamBinding(\"reader\", DatasetIamBindingArgs.builder()\n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n reader:\n type: gcp:bigquery:DatasetIamBinding\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataViewer\n members:\n - user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.DatasetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst editor = new gcp.bigquery.DatasetIamMember(\"editor\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataEditor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\neditor = gcp.bigquery.DatasetIamMember(\"editor\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataEditor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var editor = new Gcp.BigQuery.DatasetIamMember(\"editor\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataEditor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamMember(ctx, \"editor\", \u0026bigquery.DatasetIamMemberArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataEditor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamMember;\nimport com.pulumi.gcp.bigquery.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var editor = new DatasetIamMember(\"editor\", DatasetIamMemberArgs.builder()\n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataEditor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigquery:DatasetIamMember\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataEditor\n member: user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the BigQuery Dataset resource. For example:\n\n* `projects/{{project_id}}/datasets/{{dataset_id}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = projects/{{project_id}}/datasets/{{dataset_id}}\n\n to = google_bigquery_dataset_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigquery/datasetIamPolicy:DatasetIamPolicy default projects/{{project_id}}/datasets/{{dataset_id}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for BigQuery dataset. Each of these resources serves a different use case:\n\n* `gcp.bigquery.DatasetIamPolicy`: Authoritative. Sets the IAM policy for the dataset and replaces any existing policy already attached.\n* `gcp.bigquery.DatasetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataset are preserved.\n* `gcp.bigquery.DatasetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataset are preserved.\n\nThese resources are intended to convert the permissions system for BigQuery datasets to the standard IAM interface. For advanced usages, including [creating authorized views](https://cloud.google.com/bigquery/docs/share-access-views), please use either `gcp.bigquery.DatasetAccess` or the `access` field on `gcp.bigquery.Dataset`.\n\n\u003e **Note:** These resources **cannot** be used with `gcp.bigquery.DatasetAccess` resources or the `access` field on `gcp.bigquery.Dataset` or they will fight over what the policy should be.\n\n\u003e **Note:** Using any of these resources will remove any authorized view permissions from the dataset. To assign and preserve authorized view permissions use the `gcp.bigquery.DatasetAccess` instead.\n\n\u003e **Note:** Legacy BigQuery roles `OWNER` `WRITER` and `READER` **cannot** be used with any of these IAM resources. Instead use the full role form of: `roles/bigquery.dataOwner` `roles/bigquery.dataEditor` and `roles/bigquery.dataViewer`.\n\n\u003e **Note:** `gcp.bigquery.DatasetIamPolicy` **cannot** be used in conjunction with `gcp.bigquery.DatasetIamBinding` and `gcp.bigquery.DatasetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.DatasetIamBinding` resources **can be** used in conjunction with `gcp.bigquery.DatasetIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.bigquery.DatasetIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst owner = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst datasetDataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst dataset = new gcp.bigquery.DatasetIamPolicy(\"dataset\", {\n datasetId: datasetDataset.datasetId,\n policyData: owner.then(owner =\u003e owner.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nowner = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigquery.dataOwner\",\n \"members\": [\"user:jane@example.com\"],\n}])\ndataset_dataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\ndataset = gcp.bigquery.DatasetIamPolicy(\"dataset\",\n dataset_id=dataset_dataset.dataset_id,\n policy_data=owner.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var owner = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var datasetDataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var dataset = new Gcp.BigQuery.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = datasetDataset.DatasetId,\n PolicyData = owner.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\towner, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdatasetDataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamPolicy(ctx, \"dataset\", \u0026bigquery.DatasetIamPolicyArgs{\n\t\t\tDatasetId: datasetDataset.DatasetId,\n\t\t\tPolicyData: pulumi.String(owner.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicy;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var owner = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var datasetDataset = new Dataset(\"datasetDataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder()\n .datasetId(datasetDataset.datasetId())\n .policyData(owner.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:bigquery:DatasetIamPolicy\n properties:\n datasetId: ${datasetDataset.datasetId}\n policyData: ${owner.policyData}\n datasetDataset:\n type: gcp:bigquery:Dataset\n name: dataset\n properties:\n datasetId: example_dataset\nvariables:\n owner:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.DatasetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst reader = new gcp.bigquery.DatasetIamBinding(\"reader\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\nreader = gcp.bigquery.DatasetIamBinding(\"reader\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var reader = new Gcp.BigQuery.DatasetIamBinding(\"reader\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamBinding(ctx, \"reader\", \u0026bigquery.DatasetIamBindingArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamBinding;\nimport com.pulumi.gcp.bigquery.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var reader = new DatasetIamBinding(\"reader\", DatasetIamBindingArgs.builder()\n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n reader:\n type: gcp:bigquery:DatasetIamBinding\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataViewer\n members:\n - user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.DatasetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst editor = new gcp.bigquery.DatasetIamMember(\"editor\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataEditor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\neditor = gcp.bigquery.DatasetIamMember(\"editor\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataEditor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var editor = new Gcp.BigQuery.DatasetIamMember(\"editor\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataEditor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamMember(ctx, \"editor\", \u0026bigquery.DatasetIamMemberArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataEditor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamMember;\nimport com.pulumi.gcp.bigquery.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var editor = new DatasetIamMember(\"editor\", DatasetIamMemberArgs.builder()\n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataEditor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigquery:DatasetIamMember\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataEditor\n member: user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.DatasetIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst owner = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst datasetDataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst dataset = new gcp.bigquery.DatasetIamPolicy(\"dataset\", {\n datasetId: datasetDataset.datasetId,\n policyData: owner.then(owner =\u003e owner.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nowner = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigquery.dataOwner\",\n \"members\": [\"user:jane@example.com\"],\n}])\ndataset_dataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\ndataset = gcp.bigquery.DatasetIamPolicy(\"dataset\",\n dataset_id=dataset_dataset.dataset_id,\n policy_data=owner.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var owner = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var datasetDataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var dataset = new Gcp.BigQuery.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = datasetDataset.DatasetId,\n PolicyData = owner.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\towner, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdatasetDataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamPolicy(ctx, \"dataset\", \u0026bigquery.DatasetIamPolicyArgs{\n\t\t\tDatasetId: datasetDataset.DatasetId,\n\t\t\tPolicyData: pulumi.String(owner.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicy;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var owner = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var datasetDataset = new Dataset(\"datasetDataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder()\n .datasetId(datasetDataset.datasetId())\n .policyData(owner.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:bigquery:DatasetIamPolicy\n properties:\n datasetId: ${datasetDataset.datasetId}\n policyData: ${owner.policyData}\n datasetDataset:\n type: gcp:bigquery:Dataset\n name: dataset\n properties:\n datasetId: example_dataset\nvariables:\n owner:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.DatasetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst reader = new gcp.bigquery.DatasetIamBinding(\"reader\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\nreader = gcp.bigquery.DatasetIamBinding(\"reader\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var reader = new Gcp.BigQuery.DatasetIamBinding(\"reader\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamBinding(ctx, \"reader\", \u0026bigquery.DatasetIamBindingArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamBinding;\nimport com.pulumi.gcp.bigquery.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var reader = new DatasetIamBinding(\"reader\", DatasetIamBindingArgs.builder()\n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n reader:\n type: gcp:bigquery:DatasetIamBinding\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataViewer\n members:\n - user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.DatasetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst editor = new gcp.bigquery.DatasetIamMember(\"editor\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataEditor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\neditor = gcp.bigquery.DatasetIamMember(\"editor\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataEditor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var editor = new Gcp.BigQuery.DatasetIamMember(\"editor\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataEditor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamMember(ctx, \"editor\", \u0026bigquery.DatasetIamMemberArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataEditor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamMember;\nimport com.pulumi.gcp.bigquery.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var editor = new DatasetIamMember(\"editor\", DatasetIamMemberArgs.builder()\n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataEditor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigquery:DatasetIamMember\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataEditor\n member: user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the BigQuery Dataset resource. For example:\n\n* `projects/{{project_id}}/datasets/{{dataset_id}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = projects/{{project_id}}/datasets/{{dataset_id}}\n\n to = google_bigquery_dataset_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigquery/datasetIamPolicy:DatasetIamPolicy default projects/{{project_id}}/datasets/{{dataset_id}}\n```\n\n", "properties": { "datasetId": { "type": "string", @@ -141365,7 +141365,7 @@ } }, "gcp:bigquery/iamBinding:IamBinding": { - "description": "Three different resources help you manage your IAM policy for BigQuery Table. Each of these resources serves a different use case:\n\n* `gcp.bigquery.IamPolicy`: Authoritative. Sets the IAM policy for the table and replaces any existing policy already attached.\n* `gcp.bigquery.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.bigquery.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the table are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.IamPolicy`: Retrieves the IAM policy for the table\n\n\u003e **Note:** `gcp.bigquery.IamPolicy` **cannot** be used in conjunction with `gcp.bigquery.IamBinding` and `gcp.bigquery.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.IamBinding` resources **can be** used in conjunction with `gcp.bigquery.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquery.IamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.IamPolicy(\"policy\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigquery.dataOwner\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquery.IamPolicy(\"policy\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.IamPolicy(\"policy\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewIamPolicy(ctx, \"policy\", \u0026bigquery.IamPolicyArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.IamPolicy;\nimport com.pulumi.gcp.bigquery.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:IamPolicy\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.IamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.IamBinding(\"binding\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.IamBinding(\"binding\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.IamBinding(\"binding\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamBinding(ctx, \"binding\", \u0026bigquery.IamBindingArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamBinding;\nimport com.pulumi.gcp.bigquery.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:IamBinding\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.IamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.IamMember(\"member\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.IamMember(\"member\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.IamMember(\"member\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamMember(ctx, \"member\", \u0026bigquery.IamMemberArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamMember;\nimport com.pulumi.gcp.bigquery.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:IamMember\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for BigQuery Table\nThree different resources help you manage your IAM policy for BigQuery Table. Each of these resources serves a different use case:\n\n* `gcp.bigquery.IamPolicy`: Authoritative. Sets the IAM policy for the table and replaces any existing policy already attached.\n* `gcp.bigquery.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.bigquery.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the table are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.IamPolicy`: Retrieves the IAM policy for the table\n\n\u003e **Note:** `gcp.bigquery.IamPolicy` **cannot** be used in conjunction with `gcp.bigquery.IamBinding` and `gcp.bigquery.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.IamBinding` resources **can be** used in conjunction with `gcp.bigquery.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquery.IamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.IamPolicy(\"policy\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigquery.dataOwner\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquery.IamPolicy(\"policy\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.IamPolicy(\"policy\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewIamPolicy(ctx, \"policy\", \u0026bigquery.IamPolicyArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.IamPolicy;\nimport com.pulumi.gcp.bigquery.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:IamPolicy\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.IamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.IamBinding(\"binding\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.IamBinding(\"binding\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.IamBinding(\"binding\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamBinding(ctx, \"binding\", \u0026bigquery.IamBindingArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamBinding;\nimport com.pulumi.gcp.bigquery.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:IamBinding\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.IamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.IamMember(\"member\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.IamMember(\"member\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.IamMember(\"member\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamMember(ctx, \"member\", \u0026bigquery.IamMemberArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamMember;\nimport com.pulumi.gcp.bigquery.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:IamMember\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}\n\n* {{project}}/{{dataset_id}}/{{table_id}}\n\n* {{dataset_id}}/{{table_id}}\n\n* {{table_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery table IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamBinding:IamBinding editor \"projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}} roles/bigquery.dataOwner user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamBinding:IamBinding editor \"projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}} roles/bigquery.dataOwner\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamBinding:IamBinding editor projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for BigQuery Table. Each of these resources serves a different use case:\n\n* `gcp.bigquery.IamPolicy`: Authoritative. Sets the IAM policy for the table and replaces any existing policy already attached.\n* `gcp.bigquery.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.bigquery.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the table are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.IamPolicy`: Retrieves the IAM policy for the table\n\n\u003e **Note:** `gcp.bigquery.IamPolicy` **cannot** be used in conjunction with `gcp.bigquery.IamBinding` and `gcp.bigquery.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.IamBinding` resources **can be** used in conjunction with `gcp.bigquery.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquery.IamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.IamPolicy(\"policy\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigquery.dataOwner\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquery.IamPolicy(\"policy\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.IamPolicy(\"policy\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewIamPolicy(ctx, \"policy\", \u0026bigquery.IamPolicyArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.IamPolicy;\nimport com.pulumi.gcp.bigquery.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:IamPolicy\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.IamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.IamBinding(\"binding\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.IamBinding(\"binding\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.IamBinding(\"binding\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamBinding(ctx, \"binding\", \u0026bigquery.IamBindingArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamBinding;\nimport com.pulumi.gcp.bigquery.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:IamBinding\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.IamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.IamMember(\"member\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.IamMember(\"member\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.IamMember(\"member\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamMember(ctx, \"member\", \u0026bigquery.IamMemberArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamMember;\nimport com.pulumi.gcp.bigquery.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:IamMember\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for BigQuery Table\nThree different resources help you manage your IAM policy for BigQuery Table. Each of these resources serves a different use case:\n\n* `gcp.bigquery.IamPolicy`: Authoritative. Sets the IAM policy for the table and replaces any existing policy already attached.\n* `gcp.bigquery.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.bigquery.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the table are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.IamPolicy`: Retrieves the IAM policy for the table\n\n\u003e **Note:** `gcp.bigquery.IamPolicy` **cannot** be used in conjunction with `gcp.bigquery.IamBinding` and `gcp.bigquery.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.IamBinding` resources **can be** used in conjunction with `gcp.bigquery.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquery.IamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.IamPolicy(\"policy\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigquery.dataOwner\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquery.IamPolicy(\"policy\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.IamPolicy(\"policy\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewIamPolicy(ctx, \"policy\", \u0026bigquery.IamPolicyArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.IamPolicy;\nimport com.pulumi.gcp.bigquery.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:IamPolicy\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.IamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.IamBinding(\"binding\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.IamBinding(\"binding\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.IamBinding(\"binding\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamBinding(ctx, \"binding\", \u0026bigquery.IamBindingArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamBinding;\nimport com.pulumi.gcp.bigquery.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:IamBinding\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.IamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.IamMember(\"member\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.IamMember(\"member\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.IamMember(\"member\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamMember(ctx, \"member\", \u0026bigquery.IamMemberArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamMember;\nimport com.pulumi.gcp.bigquery.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:IamMember\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}\n\n* {{project}}/{{dataset_id}}/{{table_id}}\n\n* {{dataset_id}}/{{table_id}}\n\n* {{table_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery table IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamBinding:IamBinding editor \"projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}} roles/bigquery.dataOwner user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamBinding:IamBinding editor \"projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}} roles/bigquery.dataOwner\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamBinding:IamBinding editor projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:bigquery/IamBindingCondition:IamBindingCondition" @@ -141482,7 +141482,7 @@ } }, "gcp:bigquery/iamMember:IamMember": { - "description": "Three different resources help you manage your IAM policy for BigQuery Table. Each of these resources serves a different use case:\n\n* `gcp.bigquery.IamPolicy`: Authoritative. Sets the IAM policy for the table and replaces any existing policy already attached.\n* `gcp.bigquery.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.bigquery.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the table are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.IamPolicy`: Retrieves the IAM policy for the table\n\n\u003e **Note:** `gcp.bigquery.IamPolicy` **cannot** be used in conjunction with `gcp.bigquery.IamBinding` and `gcp.bigquery.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.IamBinding` resources **can be** used in conjunction with `gcp.bigquery.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquery.IamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.IamPolicy(\"policy\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigquery.dataOwner\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquery.IamPolicy(\"policy\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.IamPolicy(\"policy\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewIamPolicy(ctx, \"policy\", \u0026bigquery.IamPolicyArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.IamPolicy;\nimport com.pulumi.gcp.bigquery.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:IamPolicy\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.IamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.IamBinding(\"binding\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.IamBinding(\"binding\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.IamBinding(\"binding\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamBinding(ctx, \"binding\", \u0026bigquery.IamBindingArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamBinding;\nimport com.pulumi.gcp.bigquery.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:IamBinding\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.IamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.IamMember(\"member\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.IamMember(\"member\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.IamMember(\"member\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamMember(ctx, \"member\", \u0026bigquery.IamMemberArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamMember;\nimport com.pulumi.gcp.bigquery.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:IamMember\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for BigQuery Table\nThree different resources help you manage your IAM policy for BigQuery Table. Each of these resources serves a different use case:\n\n* `gcp.bigquery.IamPolicy`: Authoritative. Sets the IAM policy for the table and replaces any existing policy already attached.\n* `gcp.bigquery.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.bigquery.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the table are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.IamPolicy`: Retrieves the IAM policy for the table\n\n\u003e **Note:** `gcp.bigquery.IamPolicy` **cannot** be used in conjunction with `gcp.bigquery.IamBinding` and `gcp.bigquery.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.IamBinding` resources **can be** used in conjunction with `gcp.bigquery.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquery.IamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.IamPolicy(\"policy\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigquery.dataOwner\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquery.IamPolicy(\"policy\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.IamPolicy(\"policy\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewIamPolicy(ctx, \"policy\", \u0026bigquery.IamPolicyArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.IamPolicy;\nimport com.pulumi.gcp.bigquery.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:IamPolicy\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.IamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.IamBinding(\"binding\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.IamBinding(\"binding\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.IamBinding(\"binding\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamBinding(ctx, \"binding\", \u0026bigquery.IamBindingArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamBinding;\nimport com.pulumi.gcp.bigquery.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:IamBinding\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.IamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.IamMember(\"member\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.IamMember(\"member\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.IamMember(\"member\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamMember(ctx, \"member\", \u0026bigquery.IamMemberArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamMember;\nimport com.pulumi.gcp.bigquery.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:IamMember\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}\n\n* {{project}}/{{dataset_id}}/{{table_id}}\n\n* {{dataset_id}}/{{table_id}}\n\n* {{table_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery table IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamMember:IamMember editor \"projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}} roles/bigquery.dataOwner user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamMember:IamMember editor \"projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}} roles/bigquery.dataOwner\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamMember:IamMember editor projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for BigQuery Table. Each of these resources serves a different use case:\n\n* `gcp.bigquery.IamPolicy`: Authoritative. Sets the IAM policy for the table and replaces any existing policy already attached.\n* `gcp.bigquery.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.bigquery.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the table are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.IamPolicy`: Retrieves the IAM policy for the table\n\n\u003e **Note:** `gcp.bigquery.IamPolicy` **cannot** be used in conjunction with `gcp.bigquery.IamBinding` and `gcp.bigquery.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.IamBinding` resources **can be** used in conjunction with `gcp.bigquery.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquery.IamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.IamPolicy(\"policy\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigquery.dataOwner\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquery.IamPolicy(\"policy\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.IamPolicy(\"policy\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewIamPolicy(ctx, \"policy\", \u0026bigquery.IamPolicyArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.IamPolicy;\nimport com.pulumi.gcp.bigquery.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:IamPolicy\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.IamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.IamBinding(\"binding\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.IamBinding(\"binding\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.IamBinding(\"binding\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamBinding(ctx, \"binding\", \u0026bigquery.IamBindingArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamBinding;\nimport com.pulumi.gcp.bigquery.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:IamBinding\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.IamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.IamMember(\"member\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.IamMember(\"member\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.IamMember(\"member\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamMember(ctx, \"member\", \u0026bigquery.IamMemberArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamMember;\nimport com.pulumi.gcp.bigquery.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:IamMember\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for BigQuery Table\nThree different resources help you manage your IAM policy for BigQuery Table. Each of these resources serves a different use case:\n\n* `gcp.bigquery.IamPolicy`: Authoritative. Sets the IAM policy for the table and replaces any existing policy already attached.\n* `gcp.bigquery.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.bigquery.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the table are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.IamPolicy`: Retrieves the IAM policy for the table\n\n\u003e **Note:** `gcp.bigquery.IamPolicy` **cannot** be used in conjunction with `gcp.bigquery.IamBinding` and `gcp.bigquery.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.IamBinding` resources **can be** used in conjunction with `gcp.bigquery.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquery.IamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.IamPolicy(\"policy\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigquery.dataOwner\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquery.IamPolicy(\"policy\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.IamPolicy(\"policy\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewIamPolicy(ctx, \"policy\", \u0026bigquery.IamPolicyArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.IamPolicy;\nimport com.pulumi.gcp.bigquery.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:IamPolicy\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.IamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.IamBinding(\"binding\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.IamBinding(\"binding\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.IamBinding(\"binding\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamBinding(ctx, \"binding\", \u0026bigquery.IamBindingArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamBinding;\nimport com.pulumi.gcp.bigquery.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:IamBinding\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.IamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.IamMember(\"member\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.IamMember(\"member\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.IamMember(\"member\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamMember(ctx, \"member\", \u0026bigquery.IamMemberArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamMember;\nimport com.pulumi.gcp.bigquery.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:IamMember\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}\n\n* {{project}}/{{dataset_id}}/{{table_id}}\n\n* {{dataset_id}}/{{table_id}}\n\n* {{table_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery table IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamMember:IamMember editor \"projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}} roles/bigquery.dataOwner user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamMember:IamMember editor \"projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}} roles/bigquery.dataOwner\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamMember:IamMember editor projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:bigquery/IamMemberCondition:IamMemberCondition" @@ -141592,7 +141592,7 @@ } }, "gcp:bigquery/iamPolicy:IamPolicy": { - "description": "Three different resources help you manage your IAM policy for BigQuery Table. Each of these resources serves a different use case:\n\n* `gcp.bigquery.IamPolicy`: Authoritative. Sets the IAM policy for the table and replaces any existing policy already attached.\n* `gcp.bigquery.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.bigquery.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the table are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.IamPolicy`: Retrieves the IAM policy for the table\n\n\u003e **Note:** `gcp.bigquery.IamPolicy` **cannot** be used in conjunction with `gcp.bigquery.IamBinding` and `gcp.bigquery.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.IamBinding` resources **can be** used in conjunction with `gcp.bigquery.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquery.IamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.IamPolicy(\"policy\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigquery.dataOwner\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquery.IamPolicy(\"policy\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.IamPolicy(\"policy\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewIamPolicy(ctx, \"policy\", \u0026bigquery.IamPolicyArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.IamPolicy;\nimport com.pulumi.gcp.bigquery.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:IamPolicy\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.IamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.IamBinding(\"binding\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.IamBinding(\"binding\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.IamBinding(\"binding\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamBinding(ctx, \"binding\", \u0026bigquery.IamBindingArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamBinding;\nimport com.pulumi.gcp.bigquery.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:IamBinding\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.IamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.IamMember(\"member\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.IamMember(\"member\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.IamMember(\"member\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamMember(ctx, \"member\", \u0026bigquery.IamMemberArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamMember;\nimport com.pulumi.gcp.bigquery.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:IamMember\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for BigQuery Table\nThree different resources help you manage your IAM policy for BigQuery Table. Each of these resources serves a different use case:\n\n* `gcp.bigquery.IamPolicy`: Authoritative. Sets the IAM policy for the table and replaces any existing policy already attached.\n* `gcp.bigquery.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.bigquery.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the table are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.IamPolicy`: Retrieves the IAM policy for the table\n\n\u003e **Note:** `gcp.bigquery.IamPolicy` **cannot** be used in conjunction with `gcp.bigquery.IamBinding` and `gcp.bigquery.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.IamBinding` resources **can be** used in conjunction with `gcp.bigquery.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquery.IamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.IamPolicy(\"policy\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigquery.dataOwner\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquery.IamPolicy(\"policy\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.IamPolicy(\"policy\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewIamPolicy(ctx, \"policy\", \u0026bigquery.IamPolicyArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.IamPolicy;\nimport com.pulumi.gcp.bigquery.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:IamPolicy\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.IamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.IamBinding(\"binding\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.IamBinding(\"binding\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.IamBinding(\"binding\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamBinding(ctx, \"binding\", \u0026bigquery.IamBindingArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamBinding;\nimport com.pulumi.gcp.bigquery.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:IamBinding\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.IamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.IamMember(\"member\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.IamMember(\"member\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.IamMember(\"member\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamMember(ctx, \"member\", \u0026bigquery.IamMemberArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamMember;\nimport com.pulumi.gcp.bigquery.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:IamMember\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}\n\n* {{project}}/{{dataset_id}}/{{table_id}}\n\n* {{dataset_id}}/{{table_id}}\n\n* {{table_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery table IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamPolicy:IamPolicy editor \"projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}} roles/bigquery.dataOwner user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamPolicy:IamPolicy editor \"projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}} roles/bigquery.dataOwner\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamPolicy:IamPolicy editor projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for BigQuery Table. Each of these resources serves a different use case:\n\n* `gcp.bigquery.IamPolicy`: Authoritative. Sets the IAM policy for the table and replaces any existing policy already attached.\n* `gcp.bigquery.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.bigquery.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the table are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.IamPolicy`: Retrieves the IAM policy for the table\n\n\u003e **Note:** `gcp.bigquery.IamPolicy` **cannot** be used in conjunction with `gcp.bigquery.IamBinding` and `gcp.bigquery.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.IamBinding` resources **can be** used in conjunction with `gcp.bigquery.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquery.IamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.IamPolicy(\"policy\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigquery.dataOwner\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquery.IamPolicy(\"policy\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.IamPolicy(\"policy\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewIamPolicy(ctx, \"policy\", \u0026bigquery.IamPolicyArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.IamPolicy;\nimport com.pulumi.gcp.bigquery.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:IamPolicy\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.IamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.IamBinding(\"binding\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.IamBinding(\"binding\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.IamBinding(\"binding\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamBinding(ctx, \"binding\", \u0026bigquery.IamBindingArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamBinding;\nimport com.pulumi.gcp.bigquery.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:IamBinding\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.IamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.IamMember(\"member\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.IamMember(\"member\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.IamMember(\"member\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamMember(ctx, \"member\", \u0026bigquery.IamMemberArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamMember;\nimport com.pulumi.gcp.bigquery.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:IamMember\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for BigQuery Table\nThree different resources help you manage your IAM policy for BigQuery Table. Each of these resources serves a different use case:\n\n* `gcp.bigquery.IamPolicy`: Authoritative. Sets the IAM policy for the table and replaces any existing policy already attached.\n* `gcp.bigquery.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.bigquery.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the table are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.IamPolicy`: Retrieves the IAM policy for the table\n\n\u003e **Note:** `gcp.bigquery.IamPolicy` **cannot** be used in conjunction with `gcp.bigquery.IamBinding` and `gcp.bigquery.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.IamBinding` resources **can be** used in conjunction with `gcp.bigquery.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquery.IamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.IamPolicy(\"policy\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigquery.dataOwner\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquery.IamPolicy(\"policy\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.IamPolicy(\"policy\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewIamPolicy(ctx, \"policy\", \u0026bigquery.IamPolicyArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.IamPolicy;\nimport com.pulumi.gcp.bigquery.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:IamPolicy\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.IamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.IamBinding(\"binding\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.IamBinding(\"binding\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.IamBinding(\"binding\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamBinding(ctx, \"binding\", \u0026bigquery.IamBindingArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamBinding;\nimport com.pulumi.gcp.bigquery.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:IamBinding\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquery.IamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.IamMember(\"member\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.IamMember(\"member\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.IamMember(\"member\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamMember(ctx, \"member\", \u0026bigquery.IamMemberArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamMember;\nimport com.pulumi.gcp.bigquery.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:IamMember\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}\n\n* {{project}}/{{dataset_id}}/{{table_id}}\n\n* {{dataset_id}}/{{table_id}}\n\n* {{table_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery table IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamPolicy:IamPolicy editor \"projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}} roles/bigquery.dataOwner user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamPolicy:IamPolicy editor \"projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}} roles/bigquery.dataOwner\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamPolicy:IamPolicy editor projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "datasetId": { "type": "string" @@ -141673,7 +141673,7 @@ } }, "gcp:bigquery/job:Job": { - "description": "Jobs are actions that BigQuery runs on your behalf to load data, export data, query data, or copy data.\nOnce a BigQuery job is created, it cannot be changed or deleted.\n\n\nTo get more information about Job, see:\n\n* [API documentation](https://cloud.google.com/bigquery/docs/reference/rest/v2/jobs)\n* How-to Guides\n * [BigQuery Jobs Intro](https://cloud.google.com/bigquery/docs/jobs-overview)\n\n## Example Usage\n\n### Bigquery Job Query\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst bar = new gcp.bigquery.Dataset(\"bar\", {\n datasetId: \"job_query_dataset\",\n friendlyName: \"test\",\n description: \"This is a test description\",\n location: \"US\",\n});\nconst foo = new gcp.bigquery.Table(\"foo\", {\n deletionProtection: false,\n datasetId: bar.datasetId,\n tableId: \"job_query_table\",\n});\nconst job = new gcp.bigquery.Job(\"job\", {\n jobId: \"job_query\",\n labels: {\n \"example-label\": \"example-value\",\n },\n query: {\n query: \"SELECT state FROM [lookerdata:cdc.project_tycho_reports]\",\n destinationTable: {\n projectId: foo.project,\n datasetId: foo.datasetId,\n tableId: foo.tableId,\n },\n allowLargeResults: true,\n flattenResults: true,\n scriptOptions: {\n keyResultStatement: \"LAST\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbar = gcp.bigquery.Dataset(\"bar\",\n dataset_id=\"job_query_dataset\",\n friendly_name=\"test\",\n description=\"This is a test description\",\n location=\"US\")\nfoo = gcp.bigquery.Table(\"foo\",\n deletion_protection=False,\n dataset_id=bar.dataset_id,\n table_id=\"job_query_table\")\njob = gcp.bigquery.Job(\"job\",\n job_id=\"job_query\",\n labels={\n \"example-label\": \"example-value\",\n },\n query={\n \"query\": \"SELECT state FROM [lookerdata:cdc.project_tycho_reports]\",\n \"destination_table\": {\n \"project_id\": foo.project,\n \"dataset_id\": foo.dataset_id,\n \"table_id\": foo.table_id,\n },\n \"allow_large_results\": True,\n \"flatten_results\": True,\n \"script_options\": {\n \"key_result_statement\": \"LAST\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bar = new Gcp.BigQuery.Dataset(\"bar\", new()\n {\n DatasetId = \"job_query_dataset\",\n FriendlyName = \"test\",\n Description = \"This is a test description\",\n Location = \"US\",\n });\n\n var foo = new Gcp.BigQuery.Table(\"foo\", new()\n {\n DeletionProtection = false,\n DatasetId = bar.DatasetId,\n TableId = \"job_query_table\",\n });\n\n var job = new Gcp.BigQuery.Job(\"job\", new()\n {\n JobId = \"job_query\",\n Labels = \n {\n { \"example-label\", \"example-value\" },\n },\n Query = new Gcp.BigQuery.Inputs.JobQueryArgs\n {\n Query = \"SELECT state FROM [lookerdata:cdc.project_tycho_reports]\",\n DestinationTable = new Gcp.BigQuery.Inputs.JobQueryDestinationTableArgs\n {\n ProjectId = foo.Project,\n DatasetId = foo.DatasetId,\n TableId = foo.TableId,\n },\n AllowLargeResults = true,\n FlattenResults = true,\n ScriptOptions = new Gcp.BigQuery.Inputs.JobQueryScriptOptionsArgs\n {\n KeyResultStatement = \"LAST\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbar, err := bigquery.NewDataset(ctx, \"bar\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"job_query_dataset\"),\n\t\t\tFriendlyName: pulumi.String(\"test\"),\n\t\t\tDescription: pulumi.String(\"This is a test description\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoo, err := bigquery.NewTable(ctx, \"foo\", \u0026bigquery.TableArgs{\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tDatasetId: bar.DatasetId,\n\t\t\tTableId: pulumi.String(\"job_query_table\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewJob(ctx, \"job\", \u0026bigquery.JobArgs{\n\t\t\tJobId: pulumi.String(\"job_query\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"example-label\": pulumi.String(\"example-value\"),\n\t\t\t},\n\t\t\tQuery: \u0026bigquery.JobQueryArgs{\n\t\t\t\tQuery: pulumi.String(\"SELECT state FROM [lookerdata:cdc.project_tycho_reports]\"),\n\t\t\t\tDestinationTable: \u0026bigquery.JobQueryDestinationTableArgs{\n\t\t\t\t\tProjectId: foo.Project,\n\t\t\t\t\tDatasetId: foo.DatasetId,\n\t\t\t\t\tTableId: foo.TableId,\n\t\t\t\t},\n\t\t\t\tAllowLargeResults: pulumi.Bool(true),\n\t\t\t\tFlattenResults: pulumi.Bool(true),\n\t\t\t\tScriptOptions: \u0026bigquery.JobQueryScriptOptionsArgs{\n\t\t\t\t\tKeyResultStatement: pulumi.String(\"LAST\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Table;\nimport com.pulumi.gcp.bigquery.TableArgs;\nimport com.pulumi.gcp.bigquery.Job;\nimport com.pulumi.gcp.bigquery.JobArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobQueryArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobQueryDestinationTableArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobQueryScriptOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bar = new Dataset(\"bar\", DatasetArgs.builder()\n .datasetId(\"job_query_dataset\")\n .friendlyName(\"test\")\n .description(\"This is a test description\")\n .location(\"US\")\n .build());\n\n var foo = new Table(\"foo\", TableArgs.builder()\n .deletionProtection(false)\n .datasetId(bar.datasetId())\n .tableId(\"job_query_table\")\n .build());\n\n var job = new Job(\"job\", JobArgs.builder()\n .jobId(\"job_query\")\n .labels(Map.of(\"example-label\", \"example-value\"))\n .query(JobQueryArgs.builder()\n .query(\"SELECT state FROM [lookerdata:cdc.project_tycho_reports]\")\n .destinationTable(JobQueryDestinationTableArgs.builder()\n .projectId(foo.project())\n .datasetId(foo.datasetId())\n .tableId(foo.tableId())\n .build())\n .allowLargeResults(true)\n .flattenResults(true)\n .scriptOptions(JobQueryScriptOptionsArgs.builder()\n .keyResultStatement(\"LAST\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: gcp:bigquery:Table\n properties:\n deletionProtection: false\n datasetId: ${bar.datasetId}\n tableId: job_query_table\n bar:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: job_query_dataset\n friendlyName: test\n description: This is a test description\n location: US\n job:\n type: gcp:bigquery:Job\n properties:\n jobId: job_query\n labels:\n example-label: example-value\n query:\n query: SELECT state FROM [lookerdata:cdc.project_tycho_reports]\n destinationTable:\n projectId: ${foo.project}\n datasetId: ${foo.datasetId}\n tableId: ${foo.tableId}\n allowLargeResults: true\n flattenResults: true\n scriptOptions:\n keyResultStatement: LAST\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Job Query Table Reference\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst bar = new gcp.bigquery.Dataset(\"bar\", {\n datasetId: \"job_query_dataset\",\n friendlyName: \"test\",\n description: \"This is a test description\",\n location: \"US\",\n});\nconst foo = new gcp.bigquery.Table(\"foo\", {\n deletionProtection: false,\n datasetId: bar.datasetId,\n tableId: \"job_query_table\",\n});\nconst job = new gcp.bigquery.Job(\"job\", {\n jobId: \"job_query\",\n labels: {\n \"example-label\": \"example-value\",\n },\n query: {\n query: \"SELECT state FROM [lookerdata:cdc.project_tycho_reports]\",\n destinationTable: {\n tableId: foo.id,\n },\n defaultDataset: {\n datasetId: bar.id,\n },\n allowLargeResults: true,\n flattenResults: true,\n scriptOptions: {\n keyResultStatement: \"LAST\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbar = gcp.bigquery.Dataset(\"bar\",\n dataset_id=\"job_query_dataset\",\n friendly_name=\"test\",\n description=\"This is a test description\",\n location=\"US\")\nfoo = gcp.bigquery.Table(\"foo\",\n deletion_protection=False,\n dataset_id=bar.dataset_id,\n table_id=\"job_query_table\")\njob = gcp.bigquery.Job(\"job\",\n job_id=\"job_query\",\n labels={\n \"example-label\": \"example-value\",\n },\n query={\n \"query\": \"SELECT state FROM [lookerdata:cdc.project_tycho_reports]\",\n \"destination_table\": {\n \"table_id\": foo.id,\n },\n \"default_dataset\": {\n \"dataset_id\": bar.id,\n },\n \"allow_large_results\": True,\n \"flatten_results\": True,\n \"script_options\": {\n \"key_result_statement\": \"LAST\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bar = new Gcp.BigQuery.Dataset(\"bar\", new()\n {\n DatasetId = \"job_query_dataset\",\n FriendlyName = \"test\",\n Description = \"This is a test description\",\n Location = \"US\",\n });\n\n var foo = new Gcp.BigQuery.Table(\"foo\", new()\n {\n DeletionProtection = false,\n DatasetId = bar.DatasetId,\n TableId = \"job_query_table\",\n });\n\n var job = new Gcp.BigQuery.Job(\"job\", new()\n {\n JobId = \"job_query\",\n Labels = \n {\n { \"example-label\", \"example-value\" },\n },\n Query = new Gcp.BigQuery.Inputs.JobQueryArgs\n {\n Query = \"SELECT state FROM [lookerdata:cdc.project_tycho_reports]\",\n DestinationTable = new Gcp.BigQuery.Inputs.JobQueryDestinationTableArgs\n {\n TableId = foo.Id,\n },\n DefaultDataset = new Gcp.BigQuery.Inputs.JobQueryDefaultDatasetArgs\n {\n DatasetId = bar.Id,\n },\n AllowLargeResults = true,\n FlattenResults = true,\n ScriptOptions = new Gcp.BigQuery.Inputs.JobQueryScriptOptionsArgs\n {\n KeyResultStatement = \"LAST\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbar, err := bigquery.NewDataset(ctx, \"bar\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"job_query_dataset\"),\n\t\t\tFriendlyName: pulumi.String(\"test\"),\n\t\t\tDescription: pulumi.String(\"This is a test description\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoo, err := bigquery.NewTable(ctx, \"foo\", \u0026bigquery.TableArgs{\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tDatasetId: bar.DatasetId,\n\t\t\tTableId: pulumi.String(\"job_query_table\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewJob(ctx, \"job\", \u0026bigquery.JobArgs{\n\t\t\tJobId: pulumi.String(\"job_query\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"example-label\": pulumi.String(\"example-value\"),\n\t\t\t},\n\t\t\tQuery: \u0026bigquery.JobQueryArgs{\n\t\t\t\tQuery: pulumi.String(\"SELECT state FROM [lookerdata:cdc.project_tycho_reports]\"),\n\t\t\t\tDestinationTable: \u0026bigquery.JobQueryDestinationTableArgs{\n\t\t\t\t\tTableId: foo.ID(),\n\t\t\t\t},\n\t\t\t\tDefaultDataset: \u0026bigquery.JobQueryDefaultDatasetArgs{\n\t\t\t\t\tDatasetId: bar.ID(),\n\t\t\t\t},\n\t\t\t\tAllowLargeResults: pulumi.Bool(true),\n\t\t\t\tFlattenResults: pulumi.Bool(true),\n\t\t\t\tScriptOptions: \u0026bigquery.JobQueryScriptOptionsArgs{\n\t\t\t\t\tKeyResultStatement: pulumi.String(\"LAST\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Table;\nimport com.pulumi.gcp.bigquery.TableArgs;\nimport com.pulumi.gcp.bigquery.Job;\nimport com.pulumi.gcp.bigquery.JobArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobQueryArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobQueryDestinationTableArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobQueryDefaultDatasetArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobQueryScriptOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bar = new Dataset(\"bar\", DatasetArgs.builder()\n .datasetId(\"job_query_dataset\")\n .friendlyName(\"test\")\n .description(\"This is a test description\")\n .location(\"US\")\n .build());\n\n var foo = new Table(\"foo\", TableArgs.builder()\n .deletionProtection(false)\n .datasetId(bar.datasetId())\n .tableId(\"job_query_table\")\n .build());\n\n var job = new Job(\"job\", JobArgs.builder()\n .jobId(\"job_query\")\n .labels(Map.of(\"example-label\", \"example-value\"))\n .query(JobQueryArgs.builder()\n .query(\"SELECT state FROM [lookerdata:cdc.project_tycho_reports]\")\n .destinationTable(JobQueryDestinationTableArgs.builder()\n .tableId(foo.id())\n .build())\n .defaultDataset(JobQueryDefaultDatasetArgs.builder()\n .datasetId(bar.id())\n .build())\n .allowLargeResults(true)\n .flattenResults(true)\n .scriptOptions(JobQueryScriptOptionsArgs.builder()\n .keyResultStatement(\"LAST\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: gcp:bigquery:Table\n properties:\n deletionProtection: false\n datasetId: ${bar.datasetId}\n tableId: job_query_table\n bar:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: job_query_dataset\n friendlyName: test\n description: This is a test description\n location: US\n job:\n type: gcp:bigquery:Job\n properties:\n jobId: job_query\n labels:\n example-label: example-value\n query:\n query: SELECT state FROM [lookerdata:cdc.project_tycho_reports]\n destinationTable:\n tableId: ${foo.id}\n defaultDataset:\n datasetId: ${bar.id}\n allowLargeResults: true\n flattenResults: true\n scriptOptions:\n keyResultStatement: LAST\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Job Load\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst bar = new gcp.bigquery.Dataset(\"bar\", {\n datasetId: \"job_load_dataset\",\n friendlyName: \"test\",\n description: \"This is a test description\",\n location: \"US\",\n});\nconst foo = new gcp.bigquery.Table(\"foo\", {\n deletionProtection: false,\n datasetId: bar.datasetId,\n tableId: \"job_load_table\",\n});\nconst job = new gcp.bigquery.Job(\"job\", {\n jobId: \"job_load\",\n labels: {\n my_job: \"load\",\n },\n load: {\n sourceUris: [\"gs://cloud-samples-data/bigquery/us-states/us-states-by-date.csv\"],\n destinationTable: {\n projectId: foo.project,\n datasetId: foo.datasetId,\n tableId: foo.tableId,\n },\n skipLeadingRows: 1,\n schemaUpdateOptions: [\n \"ALLOW_FIELD_RELAXATION\",\n \"ALLOW_FIELD_ADDITION\",\n ],\n writeDisposition: \"WRITE_APPEND\",\n autodetect: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbar = gcp.bigquery.Dataset(\"bar\",\n dataset_id=\"job_load_dataset\",\n friendly_name=\"test\",\n description=\"This is a test description\",\n location=\"US\")\nfoo = gcp.bigquery.Table(\"foo\",\n deletion_protection=False,\n dataset_id=bar.dataset_id,\n table_id=\"job_load_table\")\njob = gcp.bigquery.Job(\"job\",\n job_id=\"job_load\",\n labels={\n \"my_job\": \"load\",\n },\n load={\n \"source_uris\": [\"gs://cloud-samples-data/bigquery/us-states/us-states-by-date.csv\"],\n \"destination_table\": {\n \"project_id\": foo.project,\n \"dataset_id\": foo.dataset_id,\n \"table_id\": foo.table_id,\n },\n \"skip_leading_rows\": 1,\n \"schema_update_options\": [\n \"ALLOW_FIELD_RELAXATION\",\n \"ALLOW_FIELD_ADDITION\",\n ],\n \"write_disposition\": \"WRITE_APPEND\",\n \"autodetect\": True,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bar = new Gcp.BigQuery.Dataset(\"bar\", new()\n {\n DatasetId = \"job_load_dataset\",\n FriendlyName = \"test\",\n Description = \"This is a test description\",\n Location = \"US\",\n });\n\n var foo = new Gcp.BigQuery.Table(\"foo\", new()\n {\n DeletionProtection = false,\n DatasetId = bar.DatasetId,\n TableId = \"job_load_table\",\n });\n\n var job = new Gcp.BigQuery.Job(\"job\", new()\n {\n JobId = \"job_load\",\n Labels = \n {\n { \"my_job\", \"load\" },\n },\n Load = new Gcp.BigQuery.Inputs.JobLoadArgs\n {\n SourceUris = new[]\n {\n \"gs://cloud-samples-data/bigquery/us-states/us-states-by-date.csv\",\n },\n DestinationTable = new Gcp.BigQuery.Inputs.JobLoadDestinationTableArgs\n {\n ProjectId = foo.Project,\n DatasetId = foo.DatasetId,\n TableId = foo.TableId,\n },\n SkipLeadingRows = 1,\n SchemaUpdateOptions = new[]\n {\n \"ALLOW_FIELD_RELAXATION\",\n \"ALLOW_FIELD_ADDITION\",\n },\n WriteDisposition = \"WRITE_APPEND\",\n Autodetect = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbar, err := bigquery.NewDataset(ctx, \"bar\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"job_load_dataset\"),\n\t\t\tFriendlyName: pulumi.String(\"test\"),\n\t\t\tDescription: pulumi.String(\"This is a test description\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoo, err := bigquery.NewTable(ctx, \"foo\", \u0026bigquery.TableArgs{\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tDatasetId: bar.DatasetId,\n\t\t\tTableId: pulumi.String(\"job_load_table\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewJob(ctx, \"job\", \u0026bigquery.JobArgs{\n\t\t\tJobId: pulumi.String(\"job_load\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"my_job\": pulumi.String(\"load\"),\n\t\t\t},\n\t\t\tLoad: \u0026bigquery.JobLoadArgs{\n\t\t\t\tSourceUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"gs://cloud-samples-data/bigquery/us-states/us-states-by-date.csv\"),\n\t\t\t\t},\n\t\t\t\tDestinationTable: \u0026bigquery.JobLoadDestinationTableArgs{\n\t\t\t\t\tProjectId: foo.Project,\n\t\t\t\t\tDatasetId: foo.DatasetId,\n\t\t\t\t\tTableId: foo.TableId,\n\t\t\t\t},\n\t\t\t\tSkipLeadingRows: pulumi.Int(1),\n\t\t\t\tSchemaUpdateOptions: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"ALLOW_FIELD_RELAXATION\"),\n\t\t\t\t\tpulumi.String(\"ALLOW_FIELD_ADDITION\"),\n\t\t\t\t},\n\t\t\t\tWriteDisposition: pulumi.String(\"WRITE_APPEND\"),\n\t\t\t\tAutodetect: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Table;\nimport com.pulumi.gcp.bigquery.TableArgs;\nimport com.pulumi.gcp.bigquery.Job;\nimport com.pulumi.gcp.bigquery.JobArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobLoadArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobLoadDestinationTableArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bar = new Dataset(\"bar\", DatasetArgs.builder()\n .datasetId(\"job_load_dataset\")\n .friendlyName(\"test\")\n .description(\"This is a test description\")\n .location(\"US\")\n .build());\n\n var foo = new Table(\"foo\", TableArgs.builder()\n .deletionProtection(false)\n .datasetId(bar.datasetId())\n .tableId(\"job_load_table\")\n .build());\n\n var job = new Job(\"job\", JobArgs.builder()\n .jobId(\"job_load\")\n .labels(Map.of(\"my_job\", \"load\"))\n .load(JobLoadArgs.builder()\n .sourceUris(\"gs://cloud-samples-data/bigquery/us-states/us-states-by-date.csv\")\n .destinationTable(JobLoadDestinationTableArgs.builder()\n .projectId(foo.project())\n .datasetId(foo.datasetId())\n .tableId(foo.tableId())\n .build())\n .skipLeadingRows(1)\n .schemaUpdateOptions( \n \"ALLOW_FIELD_RELAXATION\",\n \"ALLOW_FIELD_ADDITION\")\n .writeDisposition(\"WRITE_APPEND\")\n .autodetect(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: gcp:bigquery:Table\n properties:\n deletionProtection: false\n datasetId: ${bar.datasetId}\n tableId: job_load_table\n bar:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: job_load_dataset\n friendlyName: test\n description: This is a test description\n location: US\n job:\n type: gcp:bigquery:Job\n properties:\n jobId: job_load\n labels:\n my_job: load\n load:\n sourceUris:\n - gs://cloud-samples-data/bigquery/us-states/us-states-by-date.csv\n destinationTable:\n projectId: ${foo.project}\n datasetId: ${foo.datasetId}\n tableId: ${foo.tableId}\n skipLeadingRows: 1\n schemaUpdateOptions:\n - ALLOW_FIELD_RELAXATION\n - ALLOW_FIELD_ADDITION\n writeDisposition: WRITE_APPEND\n autodetect: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Job Load Geojson\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = \"my-project-name\";\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: `${project}-bq-geojson`,\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst object = new gcp.storage.BucketObject(\"object\", {\n name: \"geojson-data.jsonl\",\n bucket: bucket.name,\n content: `{\"type\":\"Feature\",\"properties\":{\"continent\":\"Europe\",\"region\":\"Scandinavia\"},\"geometry\":{\"type\":\"Polygon\",\"coordinates\":[[[-30.94,53.33],[33.05,53.33],[33.05,71.86],[-30.94,71.86],[-30.94,53.33]]]}}\n{\"type\":\"Feature\",\"properties\":{\"continent\":\"Africa\",\"region\":\"West Africa\"},\"geometry\":{\"type\":\"Polygon\",\"coordinates\":[[[-23.91,0],[11.95,0],[11.95,18.98],[-23.91,18.98],[-23.91,0]]]}}\n`,\n});\nconst bar = new gcp.bigquery.Dataset(\"bar\", {\n datasetId: \"job_load_dataset\",\n friendlyName: \"test\",\n description: \"This is a test description\",\n location: \"US\",\n});\nconst foo = new gcp.bigquery.Table(\"foo\", {\n deletionProtection: false,\n datasetId: bar.datasetId,\n tableId: \"job_load_table\",\n});\nconst job = new gcp.bigquery.Job(\"job\", {\n jobId: \"job_load\",\n labels: {\n my_job: \"load\",\n },\n load: {\n sourceUris: [pulumi.interpolate`gs://${object.bucket}/${object.name}`],\n destinationTable: {\n projectId: foo.project,\n datasetId: foo.datasetId,\n tableId: foo.tableId,\n },\n writeDisposition: \"WRITE_TRUNCATE\",\n autodetect: true,\n sourceFormat: \"NEWLINE_DELIMITED_JSON\",\n jsonExtension: \"GEOJSON\",\n },\n}, {\n dependsOn: [object],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = \"my-project-name\"\nbucket = gcp.storage.Bucket(\"bucket\",\n name=f\"{project}-bq-geojson\",\n location=\"US\",\n uniform_bucket_level_access=True)\nobject = gcp.storage.BucketObject(\"object\",\n name=\"geojson-data.jsonl\",\n bucket=bucket.name,\n content=\"\"\"{\"type\":\"Feature\",\"properties\":{\"continent\":\"Europe\",\"region\":\"Scandinavia\"},\"geometry\":{\"type\":\"Polygon\",\"coordinates\":[[[-30.94,53.33],[33.05,53.33],[33.05,71.86],[-30.94,71.86],[-30.94,53.33]]]}}\n{\"type\":\"Feature\",\"properties\":{\"continent\":\"Africa\",\"region\":\"West Africa\"},\"geometry\":{\"type\":\"Polygon\",\"coordinates\":[[[-23.91,0],[11.95,0],[11.95,18.98],[-23.91,18.98],[-23.91,0]]]}}\n\"\"\")\nbar = gcp.bigquery.Dataset(\"bar\",\n dataset_id=\"job_load_dataset\",\n friendly_name=\"test\",\n description=\"This is a test description\",\n location=\"US\")\nfoo = gcp.bigquery.Table(\"foo\",\n deletion_protection=False,\n dataset_id=bar.dataset_id,\n table_id=\"job_load_table\")\njob = gcp.bigquery.Job(\"job\",\n job_id=\"job_load\",\n labels={\n \"my_job\": \"load\",\n },\n load={\n \"source_uris\": [pulumi.Output.all(\n bucket=object.bucket,\n name=object.name\n).apply(lambda resolved_outputs: f\"gs://{resolved_outputs['bucket']}/{resolved_outputs['name']}\")\n],\n \"destination_table\": {\n \"project_id\": foo.project,\n \"dataset_id\": foo.dataset_id,\n \"table_id\": foo.table_id,\n },\n \"write_disposition\": \"WRITE_TRUNCATE\",\n \"autodetect\": True,\n \"source_format\": \"NEWLINE_DELIMITED_JSON\",\n \"json_extension\": \"GEOJSON\",\n },\n opts = pulumi.ResourceOptions(depends_on=[object]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = \"my-project-name\";\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = $\"{project}-bq-geojson\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var @object = new Gcp.Storage.BucketObject(\"object\", new()\n {\n Name = \"geojson-data.jsonl\",\n Bucket = bucket.Name,\n Content = @\"{\"\"type\"\":\"\"Feature\"\",\"\"properties\"\":{\"\"continent\"\":\"\"Europe\"\",\"\"region\"\":\"\"Scandinavia\"\"},\"\"geometry\"\":{\"\"type\"\":\"\"Polygon\"\",\"\"coordinates\"\":[[[-30.94,53.33],[33.05,53.33],[33.05,71.86],[-30.94,71.86],[-30.94,53.33]]]}}\n{\"\"type\"\":\"\"Feature\"\",\"\"properties\"\":{\"\"continent\"\":\"\"Africa\"\",\"\"region\"\":\"\"West Africa\"\"},\"\"geometry\"\":{\"\"type\"\":\"\"Polygon\"\",\"\"coordinates\"\":[[[-23.91,0],[11.95,0],[11.95,18.98],[-23.91,18.98],[-23.91,0]]]}}\n\",\n });\n\n var bar = new Gcp.BigQuery.Dataset(\"bar\", new()\n {\n DatasetId = \"job_load_dataset\",\n FriendlyName = \"test\",\n Description = \"This is a test description\",\n Location = \"US\",\n });\n\n var foo = new Gcp.BigQuery.Table(\"foo\", new()\n {\n DeletionProtection = false,\n DatasetId = bar.DatasetId,\n TableId = \"job_load_table\",\n });\n\n var job = new Gcp.BigQuery.Job(\"job\", new()\n {\n JobId = \"job_load\",\n Labels = \n {\n { \"my_job\", \"load\" },\n },\n Load = new Gcp.BigQuery.Inputs.JobLoadArgs\n {\n SourceUris = new[]\n {\n Output.Tuple(@object.Bucket, @object.Name).Apply(values =\u003e\n {\n var bucket = values.Item1;\n var name = values.Item2;\n return $\"gs://{bucket}/{name}\";\n }),\n },\n DestinationTable = new Gcp.BigQuery.Inputs.JobLoadDestinationTableArgs\n {\n ProjectId = foo.Project,\n DatasetId = foo.DatasetId,\n TableId = foo.TableId,\n },\n WriteDisposition = \"WRITE_TRUNCATE\",\n Autodetect = true,\n SourceFormat = \"NEWLINE_DELIMITED_JSON\",\n JsonExtension = \"GEOJSON\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @object,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject := \"my-project-name\"\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.Sprintf(\"%v-bq-geojson\", project),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tobject, err := storage.NewBucketObject(ctx, \"object\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"geojson-data.jsonl\"),\n\t\t\tBucket: bucket.Name,\n\t\t\tContent: pulumi.String(\"{\\\"type\\\":\\\"Feature\\\",\\\"properties\\\":{\\\"continent\\\":\\\"Europe\\\",\\\"region\\\":\\\"Scandinavia\\\"},\\\"geometry\\\":{\\\"type\\\":\\\"Polygon\\\",\\\"coordinates\\\":[[[-30.94,53.33],[33.05,53.33],[33.05,71.86],[-30.94,71.86],[-30.94,53.33]]]}}\\n{\\\"type\\\":\\\"Feature\\\",\\\"properties\\\":{\\\"continent\\\":\\\"Africa\\\",\\\"region\\\":\\\"West Africa\\\"},\\\"geometry\\\":{\\\"type\\\":\\\"Polygon\\\",\\\"coordinates\\\":[[[-23.91,0],[11.95,0],[11.95,18.98],[-23.91,18.98],[-23.91,0]]]}}\\n\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbar, err := bigquery.NewDataset(ctx, \"bar\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"job_load_dataset\"),\n\t\t\tFriendlyName: pulumi.String(\"test\"),\n\t\t\tDescription: pulumi.String(\"This is a test description\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoo, err := bigquery.NewTable(ctx, \"foo\", \u0026bigquery.TableArgs{\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tDatasetId: bar.DatasetId,\n\t\t\tTableId: pulumi.String(\"job_load_table\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewJob(ctx, \"job\", \u0026bigquery.JobArgs{\n\t\t\tJobId: pulumi.String(\"job_load\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"my_job\": pulumi.String(\"load\"),\n\t\t\t},\n\t\t\tLoad: \u0026bigquery.JobLoadArgs{\n\t\t\t\tSourceUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.All(object.Bucket, object.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\tbucket := _args[0].(string)\n\t\t\t\t\t\tname := _args[1].(string)\n\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/%v\", bucket, name), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t},\n\t\t\t\tDestinationTable: \u0026bigquery.JobLoadDestinationTableArgs{\n\t\t\t\t\tProjectId: foo.Project,\n\t\t\t\t\tDatasetId: foo.DatasetId,\n\t\t\t\t\tTableId: foo.TableId,\n\t\t\t\t},\n\t\t\t\tWriteDisposition: pulumi.String(\"WRITE_TRUNCATE\"),\n\t\t\t\tAutodetect: pulumi.Bool(true),\n\t\t\t\tSourceFormat: pulumi.String(\"NEWLINE_DELIMITED_JSON\"),\n\t\t\t\tJsonExtension: pulumi.String(\"GEOJSON\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tobject,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Table;\nimport com.pulumi.gcp.bigquery.TableArgs;\nimport com.pulumi.gcp.bigquery.Job;\nimport com.pulumi.gcp.bigquery.JobArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobLoadArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobLoadDestinationTableArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = \"my-project-name\";\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(String.format(\"%s-bq-geojson\", project))\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var object = new BucketObject(\"object\", BucketObjectArgs.builder()\n .name(\"geojson-data.jsonl\")\n .bucket(bucket.name())\n .content(\"\"\"\n{\"type\":\"Feature\",\"properties\":{\"continent\":\"Europe\",\"region\":\"Scandinavia\"},\"geometry\":{\"type\":\"Polygon\",\"coordinates\":[[[-30.94,53.33],[33.05,53.33],[33.05,71.86],[-30.94,71.86],[-30.94,53.33]]]}}\n{\"type\":\"Feature\",\"properties\":{\"continent\":\"Africa\",\"region\":\"West Africa\"},\"geometry\":{\"type\":\"Polygon\",\"coordinates\":[[[-23.91,0],[11.95,0],[11.95,18.98],[-23.91,18.98],[-23.91,0]]]}}\n \"\"\")\n .build());\n\n var bar = new Dataset(\"bar\", DatasetArgs.builder()\n .datasetId(\"job_load_dataset\")\n .friendlyName(\"test\")\n .description(\"This is a test description\")\n .location(\"US\")\n .build());\n\n var foo = new Table(\"foo\", TableArgs.builder()\n .deletionProtection(false)\n .datasetId(bar.datasetId())\n .tableId(\"job_load_table\")\n .build());\n\n var job = new Job(\"job\", JobArgs.builder()\n .jobId(\"job_load\")\n .labels(Map.of(\"my_job\", \"load\"))\n .load(JobLoadArgs.builder()\n .sourceUris(Output.tuple(object.bucket(), object.name()).applyValue(values -\u003e {\n var bucket = values.t1;\n var name = values.t2;\n return String.format(\"gs://%s/%s\", bucket,name);\n }))\n .destinationTable(JobLoadDestinationTableArgs.builder()\n .projectId(foo.project())\n .datasetId(foo.datasetId())\n .tableId(foo.tableId())\n .build())\n .writeDisposition(\"WRITE_TRUNCATE\")\n .autodetect(true)\n .sourceFormat(\"NEWLINE_DELIMITED_JSON\")\n .jsonExtension(\"GEOJSON\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(object)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: ${project}-bq-geojson\n location: US\n uniformBucketLevelAccess: true\n object:\n type: gcp:storage:BucketObject\n properties:\n name: geojson-data.jsonl\n bucket: ${bucket.name}\n content: |\n {\"type\":\"Feature\",\"properties\":{\"continent\":\"Europe\",\"region\":\"Scandinavia\"},\"geometry\":{\"type\":\"Polygon\",\"coordinates\":[[[-30.94,53.33],[33.05,53.33],[33.05,71.86],[-30.94,71.86],[-30.94,53.33]]]}}\n {\"type\":\"Feature\",\"properties\":{\"continent\":\"Africa\",\"region\":\"West Africa\"},\"geometry\":{\"type\":\"Polygon\",\"coordinates\":[[[-23.91,0],[11.95,0],[11.95,18.98],[-23.91,18.98],[-23.91,0]]]}}\n foo:\n type: gcp:bigquery:Table\n properties:\n deletionProtection: false\n datasetId: ${bar.datasetId}\n tableId: job_load_table\n bar:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: job_load_dataset\n friendlyName: test\n description: This is a test description\n location: US\n job:\n type: gcp:bigquery:Job\n properties:\n jobId: job_load\n labels:\n my_job: load\n load:\n sourceUris:\n - gs://${object.bucket}/${object.name}\n destinationTable:\n projectId: ${foo.project}\n datasetId: ${foo.datasetId}\n tableId: ${foo.tableId}\n writeDisposition: WRITE_TRUNCATE\n autodetect: true\n sourceFormat: NEWLINE_DELIMITED_JSON\n jsonExtension: GEOJSON\n options:\n dependson:\n - ${object}\nvariables:\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Job Load Parquet\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst test = new gcp.storage.Bucket(\"test\", {\n name: \"job_load_bucket\",\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst testBucketObject = new gcp.storage.BucketObject(\"test\", {\n name: \"job_load_bucket_object\",\n source: new pulumi.asset.FileAsset(\"./test-fixtures/test.parquet.gzip\"),\n bucket: test.name,\n});\nconst testDataset = new gcp.bigquery.Dataset(\"test\", {\n datasetId: \"job_load_dataset\",\n friendlyName: \"test\",\n description: \"This is a test description\",\n location: \"US\",\n});\nconst testTable = new gcp.bigquery.Table(\"test\", {\n deletionProtection: false,\n tableId: \"job_load_table\",\n datasetId: testDataset.datasetId,\n});\nconst job = new gcp.bigquery.Job(\"job\", {\n jobId: \"job_load\",\n labels: {\n my_job: \"load\",\n },\n load: {\n sourceUris: [pulumi.interpolate`gs://${testBucketObject.bucket}/${testBucketObject.name}`],\n destinationTable: {\n projectId: testTable.project,\n datasetId: testTable.datasetId,\n tableId: testTable.tableId,\n },\n schemaUpdateOptions: [\n \"ALLOW_FIELD_RELAXATION\",\n \"ALLOW_FIELD_ADDITION\",\n ],\n writeDisposition: \"WRITE_APPEND\",\n sourceFormat: \"PARQUET\",\n autodetect: true,\n parquetOptions: {\n enumAsString: true,\n enableListInference: true,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest = gcp.storage.Bucket(\"test\",\n name=\"job_load_bucket\",\n location=\"US\",\n uniform_bucket_level_access=True)\ntest_bucket_object = gcp.storage.BucketObject(\"test\",\n name=\"job_load_bucket_object\",\n source=pulumi.FileAsset(\"./test-fixtures/test.parquet.gzip\"),\n bucket=test.name)\ntest_dataset = gcp.bigquery.Dataset(\"test\",\n dataset_id=\"job_load_dataset\",\n friendly_name=\"test\",\n description=\"This is a test description\",\n location=\"US\")\ntest_table = gcp.bigquery.Table(\"test\",\n deletion_protection=False,\n table_id=\"job_load_table\",\n dataset_id=test_dataset.dataset_id)\njob = gcp.bigquery.Job(\"job\",\n job_id=\"job_load\",\n labels={\n \"my_job\": \"load\",\n },\n load={\n \"source_uris\": [pulumi.Output.all(\n bucket=test_bucket_object.bucket,\n name=test_bucket_object.name\n).apply(lambda resolved_outputs: f\"gs://{resolved_outputs['bucket']}/{resolved_outputs['name']}\")\n],\n \"destination_table\": {\n \"project_id\": test_table.project,\n \"dataset_id\": test_table.dataset_id,\n \"table_id\": test_table.table_id,\n },\n \"schema_update_options\": [\n \"ALLOW_FIELD_RELAXATION\",\n \"ALLOW_FIELD_ADDITION\",\n ],\n \"write_disposition\": \"WRITE_APPEND\",\n \"source_format\": \"PARQUET\",\n \"autodetect\": True,\n \"parquet_options\": {\n \"enum_as_string\": True,\n \"enable_list_inference\": True,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Gcp.Storage.Bucket(\"test\", new()\n {\n Name = \"job_load_bucket\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var testBucketObject = new Gcp.Storage.BucketObject(\"test\", new()\n {\n Name = \"job_load_bucket_object\",\n Source = new FileAsset(\"./test-fixtures/test.parquet.gzip\"),\n Bucket = test.Name,\n });\n\n var testDataset = new Gcp.BigQuery.Dataset(\"test\", new()\n {\n DatasetId = \"job_load_dataset\",\n FriendlyName = \"test\",\n Description = \"This is a test description\",\n Location = \"US\",\n });\n\n var testTable = new Gcp.BigQuery.Table(\"test\", new()\n {\n DeletionProtection = false,\n TableId = \"job_load_table\",\n DatasetId = testDataset.DatasetId,\n });\n\n var job = new Gcp.BigQuery.Job(\"job\", new()\n {\n JobId = \"job_load\",\n Labels = \n {\n { \"my_job\", \"load\" },\n },\n Load = new Gcp.BigQuery.Inputs.JobLoadArgs\n {\n SourceUris = new[]\n {\n Output.Tuple(testBucketObject.Bucket, testBucketObject.Name).Apply(values =\u003e\n {\n var bucket = values.Item1;\n var name = values.Item2;\n return $\"gs://{bucket}/{name}\";\n }),\n },\n DestinationTable = new Gcp.BigQuery.Inputs.JobLoadDestinationTableArgs\n {\n ProjectId = testTable.Project,\n DatasetId = testTable.DatasetId,\n TableId = testTable.TableId,\n },\n SchemaUpdateOptions = new[]\n {\n \"ALLOW_FIELD_RELAXATION\",\n \"ALLOW_FIELD_ADDITION\",\n },\n WriteDisposition = \"WRITE_APPEND\",\n SourceFormat = \"PARQUET\",\n Autodetect = true,\n ParquetOptions = new Gcp.BigQuery.Inputs.JobLoadParquetOptionsArgs\n {\n EnumAsString = true,\n EnableListInference = true,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := storage.NewBucket(ctx, \"test\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"job_load_bucket\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestBucketObject, err := storage.NewBucketObject(ctx, \"test\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"job_load_bucket_object\"),\n\t\t\tSource: pulumi.NewFileAsset(\"./test-fixtures/test.parquet.gzip\"),\n\t\t\tBucket: test.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestDataset, err := bigquery.NewDataset(ctx, \"test\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"job_load_dataset\"),\n\t\t\tFriendlyName: pulumi.String(\"test\"),\n\t\t\tDescription: pulumi.String(\"This is a test description\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestTable, err := bigquery.NewTable(ctx, \"test\", \u0026bigquery.TableArgs{\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tTableId: pulumi.String(\"job_load_table\"),\n\t\t\tDatasetId: testDataset.DatasetId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewJob(ctx, \"job\", \u0026bigquery.JobArgs{\n\t\t\tJobId: pulumi.String(\"job_load\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"my_job\": pulumi.String(\"load\"),\n\t\t\t},\n\t\t\tLoad: \u0026bigquery.JobLoadArgs{\n\t\t\t\tSourceUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.All(testBucketObject.Bucket, testBucketObject.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\tbucket := _args[0].(string)\n\t\t\t\t\t\tname := _args[1].(string)\n\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/%v\", bucket, name), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t},\n\t\t\t\tDestinationTable: \u0026bigquery.JobLoadDestinationTableArgs{\n\t\t\t\t\tProjectId: testTable.Project,\n\t\t\t\t\tDatasetId: testTable.DatasetId,\n\t\t\t\t\tTableId: testTable.TableId,\n\t\t\t\t},\n\t\t\t\tSchemaUpdateOptions: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"ALLOW_FIELD_RELAXATION\"),\n\t\t\t\t\tpulumi.String(\"ALLOW_FIELD_ADDITION\"),\n\t\t\t\t},\n\t\t\t\tWriteDisposition: pulumi.String(\"WRITE_APPEND\"),\n\t\t\t\tSourceFormat: pulumi.String(\"PARQUET\"),\n\t\t\t\tAutodetect: pulumi.Bool(true),\n\t\t\t\tParquetOptions: \u0026bigquery.JobLoadParquetOptionsArgs{\n\t\t\t\t\tEnumAsString: pulumi.Bool(true),\n\t\t\t\t\tEnableListInference: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Table;\nimport com.pulumi.gcp.bigquery.TableArgs;\nimport com.pulumi.gcp.bigquery.Job;\nimport com.pulumi.gcp.bigquery.JobArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobLoadArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobLoadDestinationTableArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobLoadParquetOptionsArgs;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Bucket(\"test\", BucketArgs.builder()\n .name(\"job_load_bucket\")\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var testBucketObject = new BucketObject(\"testBucketObject\", BucketObjectArgs.builder()\n .name(\"job_load_bucket_object\")\n .source(new FileAsset(\"./test-fixtures/test.parquet.gzip\"))\n .bucket(test.name())\n .build());\n\n var testDataset = new Dataset(\"testDataset\", DatasetArgs.builder()\n .datasetId(\"job_load_dataset\")\n .friendlyName(\"test\")\n .description(\"This is a test description\")\n .location(\"US\")\n .build());\n\n var testTable = new Table(\"testTable\", TableArgs.builder()\n .deletionProtection(false)\n .tableId(\"job_load_table\")\n .datasetId(testDataset.datasetId())\n .build());\n\n var job = new Job(\"job\", JobArgs.builder()\n .jobId(\"job_load\")\n .labels(Map.of(\"my_job\", \"load\"))\n .load(JobLoadArgs.builder()\n .sourceUris(Output.tuple(testBucketObject.bucket(), testBucketObject.name()).applyValue(values -\u003e {\n var bucket = values.t1;\n var name = values.t2;\n return String.format(\"gs://%s/%s\", bucket,name);\n }))\n .destinationTable(JobLoadDestinationTableArgs.builder()\n .projectId(testTable.project())\n .datasetId(testTable.datasetId())\n .tableId(testTable.tableId())\n .build())\n .schemaUpdateOptions( \n \"ALLOW_FIELD_RELAXATION\",\n \"ALLOW_FIELD_ADDITION\")\n .writeDisposition(\"WRITE_APPEND\")\n .sourceFormat(\"PARQUET\")\n .autodetect(true)\n .parquetOptions(JobLoadParquetOptionsArgs.builder()\n .enumAsString(true)\n .enableListInference(true)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: gcp:storage:Bucket\n properties:\n name: job_load_bucket\n location: US\n uniformBucketLevelAccess: true\n testBucketObject:\n type: gcp:storage:BucketObject\n name: test\n properties:\n name: job_load_bucket_object\n source:\n fn::FileAsset: ./test-fixtures/test.parquet.gzip\n bucket: ${test.name}\n testDataset:\n type: gcp:bigquery:Dataset\n name: test\n properties:\n datasetId: job_load_dataset\n friendlyName: test\n description: This is a test description\n location: US\n testTable:\n type: gcp:bigquery:Table\n name: test\n properties:\n deletionProtection: false\n tableId: job_load_table\n datasetId: ${testDataset.datasetId}\n job:\n type: gcp:bigquery:Job\n properties:\n jobId: job_load\n labels:\n my_job: load\n load:\n sourceUris:\n - gs://${testBucketObject.bucket}/${testBucketObject.name}\n destinationTable:\n projectId: ${testTable.project}\n datasetId: ${testTable.datasetId}\n tableId: ${testTable.tableId}\n schemaUpdateOptions:\n - ALLOW_FIELD_RELAXATION\n - ALLOW_FIELD_ADDITION\n writeDisposition: WRITE_APPEND\n sourceFormat: PARQUET\n autodetect: true\n parquetOptions:\n enumAsString: true\n enableListInference: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Job Copy\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst count = 2;\nconst sourceDataset: gcp.bigquery.Dataset[] = [];\nfor (const range = {value: 0}; range.value \u003c count; range.value++) {\n sourceDataset.push(new gcp.bigquery.Dataset(`source-${range.value}`, {\n datasetId: `job_copy_${range.value}_dataset`,\n friendlyName: \"test\",\n description: \"This is a test description\",\n location: \"US\",\n }));\n}\nconst source: gcp.bigquery.Table[] = [];\nfor (const range = {value: 0}; range.value \u003c count; range.value++) {\n source.push(new gcp.bigquery.Table(`source-${range.value}`, {\n datasetId: sourceDataset[range.value].datasetId,\n tableId: `job_copy_${range.value}_table`,\n deletionProtection: false,\n schema: `[\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n]\n`,\n }));\n}\nconst destDataset = new gcp.bigquery.Dataset(\"dest\", {\n datasetId: \"job_copy_dest_dataset\",\n friendlyName: \"test\",\n description: \"This is a test description\",\n location: \"US\",\n});\nconst keyRing = new gcp.kms.KeyRing(\"key_ring\", {\n name: \"example-keyring\",\n location: \"global\",\n});\nconst cryptoKey = new gcp.kms.CryptoKey(\"crypto_key\", {\n name: \"example-key\",\n keyRing: keyRing.id,\n});\nconst project = gcp.organizations.getProject({\n projectId: \"my-project-name\",\n});\nconst encryptRole = new gcp.kms.CryptoKeyIAMMember(\"encrypt_role\", {\n cryptoKeyId: cryptoKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: project.then(project =\u003e `serviceAccount:bq-${project.number}@bigquery-encryption.iam.gserviceaccount.com`),\n});\nconst dest = new gcp.bigquery.Table(\"dest\", {\n deletionProtection: false,\n datasetId: destDataset.datasetId,\n tableId: \"job_copy_dest_table\",\n schema: `[\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n]\n`,\n encryptionConfiguration: {\n kmsKeyName: cryptoKey.id,\n },\n}, {\n dependsOn: [encryptRole],\n});\nconst job = new gcp.bigquery.Job(\"job\", {\n jobId: \"job_copy\",\n copy: {\n sourceTables: [\n {\n projectId: source[0].project,\n datasetId: source[0].datasetId,\n tableId: source[0].tableId,\n },\n {\n projectId: source[1].project,\n datasetId: source[1].datasetId,\n tableId: source[1].tableId,\n },\n ],\n destinationTable: {\n projectId: dest.project,\n datasetId: dest.datasetId,\n tableId: dest.tableId,\n },\n destinationEncryptionConfiguration: {\n kmsKeyName: cryptoKey.id,\n },\n },\n}, {\n dependsOn: [encryptRole],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncount = 2\nsource_dataset = []\nfor range in [{\"value\": i} for i in range(0, count)]:\n source_dataset.append(gcp.bigquery.Dataset(f\"source-{range['value']}\",\n dataset_id=f\"job_copy_{range['value']}_dataset\",\n friendly_name=\"test\",\n description=\"This is a test description\",\n location=\"US\"))\nsource = []\nfor range in [{\"value\": i} for i in range(0, count)]:\n source.append(gcp.bigquery.Table(f\"source-{range['value']}\",\n dataset_id=source_dataset[range[\"value\"]].dataset_id,\n table_id=f\"job_copy_{range['value']}_table\",\n deletion_protection=False,\n schema=\"\"\"[\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n]\n\"\"\"))\ndest_dataset = gcp.bigquery.Dataset(\"dest\",\n dataset_id=\"job_copy_dest_dataset\",\n friendly_name=\"test\",\n description=\"This is a test description\",\n location=\"US\")\nkey_ring = gcp.kms.KeyRing(\"key_ring\",\n name=\"example-keyring\",\n location=\"global\")\ncrypto_key = gcp.kms.CryptoKey(\"crypto_key\",\n name=\"example-key\",\n key_ring=key_ring.id)\nproject = gcp.organizations.get_project(project_id=\"my-project-name\")\nencrypt_role = gcp.kms.CryptoKeyIAMMember(\"encrypt_role\",\n crypto_key_id=crypto_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:bq-{project.number}@bigquery-encryption.iam.gserviceaccount.com\")\ndest = gcp.bigquery.Table(\"dest\",\n deletion_protection=False,\n dataset_id=dest_dataset.dataset_id,\n table_id=\"job_copy_dest_table\",\n schema=\"\"\"[\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n]\n\"\"\",\n encryption_configuration={\n \"kms_key_name\": crypto_key.id,\n },\n opts = pulumi.ResourceOptions(depends_on=[encrypt_role]))\njob = gcp.bigquery.Job(\"job\",\n job_id=\"job_copy\",\n copy={\n \"source_tables\": [\n {\n \"project_id\": source[0].project,\n \"dataset_id\": source[0].dataset_id,\n \"table_id\": source[0].table_id,\n },\n {\n \"project_id\": source[1].project,\n \"dataset_id\": source[1].dataset_id,\n \"table_id\": source[1].table_id,\n },\n ],\n \"destination_table\": {\n \"project_id\": dest.project,\n \"dataset_id\": dest.dataset_id,\n \"table_id\": dest.table_id,\n },\n \"destination_encryption_configuration\": {\n \"kms_key_name\": crypto_key.id,\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[encrypt_role]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var count = 2;\n\n var sourceDataset = new List\u003cGcp.BigQuery.Dataset\u003e();\n for (var rangeIndex = 0; rangeIndex \u003c count; rangeIndex++)\n {\n var range = new { Value = rangeIndex };\n sourceDataset.Add(new Gcp.BigQuery.Dataset($\"source-{range.Value}\", new()\n {\n DatasetId = $\"job_copy_{range.Value}_dataset\",\n FriendlyName = \"test\",\n Description = \"This is a test description\",\n Location = \"US\",\n }));\n }\n var source = new List\u003cGcp.BigQuery.Table\u003e();\n for (var rangeIndex = 0; rangeIndex \u003c count; rangeIndex++)\n {\n var range = new { Value = rangeIndex };\n source.Add(new Gcp.BigQuery.Table($\"source-{range.Value}\", new()\n {\n DatasetId = sourceDataset[range.Value].DatasetId,\n TableId = $\"job_copy_{range.Value}_table\",\n DeletionProtection = false,\n Schema = @\"[\n {\n \"\"name\"\": \"\"name\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"mode\"\": \"\"NULLABLE\"\"\n },\n {\n \"\"name\"\": \"\"post_abbr\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"mode\"\": \"\"NULLABLE\"\"\n },\n {\n \"\"name\"\": \"\"date\"\",\n \"\"type\"\": \"\"DATE\"\",\n \"\"mode\"\": \"\"NULLABLE\"\"\n }\n]\n\",\n }));\n }\n var destDataset = new Gcp.BigQuery.Dataset(\"dest\", new()\n {\n DatasetId = \"job_copy_dest_dataset\",\n FriendlyName = \"test\",\n Description = \"This is a test description\",\n Location = \"US\",\n });\n\n var keyRing = new Gcp.Kms.KeyRing(\"key_ring\", new()\n {\n Name = \"example-keyring\",\n Location = \"global\",\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKey(\"crypto_key\", new()\n {\n Name = \"example-key\",\n KeyRing = keyRing.Id,\n });\n\n var project = Gcp.Organizations.GetProject.Invoke(new()\n {\n ProjectId = \"my-project-name\",\n });\n\n var encryptRole = new Gcp.Kms.CryptoKeyIAMMember(\"encrypt_role\", new()\n {\n CryptoKeyId = cryptoKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:bq-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@bigquery-encryption.iam.gserviceaccount.com\",\n });\n\n var dest = new Gcp.BigQuery.Table(\"dest\", new()\n {\n DeletionProtection = false,\n DatasetId = destDataset.DatasetId,\n TableId = \"job_copy_dest_table\",\n Schema = @\"[\n {\n \"\"name\"\": \"\"name\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"mode\"\": \"\"NULLABLE\"\"\n },\n {\n \"\"name\"\": \"\"post_abbr\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"mode\"\": \"\"NULLABLE\"\"\n },\n {\n \"\"name\"\": \"\"date\"\",\n \"\"type\"\": \"\"DATE\"\",\n \"\"mode\"\": \"\"NULLABLE\"\"\n }\n]\n\",\n EncryptionConfiguration = new Gcp.BigQuery.Inputs.TableEncryptionConfigurationArgs\n {\n KmsKeyName = cryptoKey.Id,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n encryptRole,\n },\n });\n\n var job = new Gcp.BigQuery.Job(\"job\", new()\n {\n JobId = \"job_copy\",\n Copy = new Gcp.BigQuery.Inputs.JobCopyArgs\n {\n SourceTables = new[]\n {\n new Gcp.BigQuery.Inputs.JobCopySourceTableArgs\n {\n ProjectId = source[0].Project,\n DatasetId = source[0].DatasetId,\n TableId = source[0].TableId,\n },\n new Gcp.BigQuery.Inputs.JobCopySourceTableArgs\n {\n ProjectId = source[1].Project,\n DatasetId = source[1].DatasetId,\n TableId = source[1].TableId,\n },\n },\n DestinationTable = new Gcp.BigQuery.Inputs.JobCopyDestinationTableArgs\n {\n ProjectId = dest.Project,\n DatasetId = dest.DatasetId,\n TableId = dest.TableId,\n },\n DestinationEncryptionConfiguration = new Gcp.BigQuery.Inputs.JobCopyDestinationEncryptionConfigurationArgs\n {\n KmsKeyName = cryptoKey.Id,\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n encryptRole,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcount := 2\n\t\tvar sourceDataset []*bigquery.Dataset\n\t\tfor index := 0; index \u003c count; index++ {\n\t\t\tkey0 := index\n\t\t\tval0 := index\n\t\t\t__res, err := bigquery.NewDataset(ctx, fmt.Sprintf(\"source-%v\", key0), \u0026bigquery.DatasetArgs{\n\t\t\t\tDatasetId: pulumi.Sprintf(\"job_copy_%v_dataset\", val0),\n\t\t\t\tFriendlyName: pulumi.String(\"test\"),\n\t\t\t\tDescription: pulumi.String(\"This is a test description\"),\n\t\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\t})\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\tsourceDataset = append(sourceDataset, __res)\n\t\t}\n\t\tvar source []*bigquery.Table\n\t\tfor index := 0; index \u003c count; index++ {\n\t\t\tkey0 := index\n\t\t\tval0 := index\n\t\t\t__res, err := bigquery.NewTable(ctx, fmt.Sprintf(\"source-%v\", key0), \u0026bigquery.TableArgs{\n\t\t\t\tDatasetId: sourceDataset[val0].DatasetId,\n\t\t\t\tTableId: pulumi.Sprintf(\"job_copy_%v_table\", val0),\n\t\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\t\tSchema: pulumi.String(`[\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n]\n`),\n\t\t\t})\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\tsource = append(source, __res)\n\t\t}\n\t\tdestDataset, err := bigquery.NewDataset(ctx, \"dest\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"job_copy_dest_dataset\"),\n\t\t\tFriendlyName: pulumi.String(\"test\"),\n\t\t\tDescription: pulumi.String(\"This is a test description\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkeyRing, err := kms.NewKeyRing(ctx, \"key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"example-keyring\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKey(ctx, \"crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"example-key\"),\n\t\t\tKeyRing: keyRing.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{\n\t\t\tProjectId: pulumi.StringRef(\"my-project-name\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tencryptRole, err := kms.NewCryptoKeyIAMMember(ctx, \"encrypt_role\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: cryptoKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:bq-%v@bigquery-encryption.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdest, err := bigquery.NewTable(ctx, \"dest\", \u0026bigquery.TableArgs{\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tDatasetId: destDataset.DatasetId,\n\t\t\tTableId: pulumi.String(\"job_copy_dest_table\"),\n\t\t\tSchema: pulumi.String(`[\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n]\n`),\n\t\t\tEncryptionConfiguration: \u0026bigquery.TableEncryptionConfigurationArgs{\n\t\t\t\tKmsKeyName: cryptoKey.ID(),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tencryptRole,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewJob(ctx, \"job\", \u0026bigquery.JobArgs{\n\t\t\tJobId: pulumi.String(\"job_copy\"),\n\t\t\tCopy: \u0026bigquery.JobCopyArgs{\n\t\t\t\tSourceTables: bigquery.JobCopySourceTableArray{\n\t\t\t\t\t\u0026bigquery.JobCopySourceTableArgs{\n\t\t\t\t\t\tProjectId: source[0].Project,\n\t\t\t\t\t\tDatasetId: source[0].DatasetId,\n\t\t\t\t\t\tTableId: source[0].TableId,\n\t\t\t\t\t},\n\t\t\t\t\t\u0026bigquery.JobCopySourceTableArgs{\n\t\t\t\t\t\tProjectId: source[1].Project,\n\t\t\t\t\t\tDatasetId: source[1].DatasetId,\n\t\t\t\t\t\tTableId: source[1].TableId,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tDestinationTable: \u0026bigquery.JobCopyDestinationTableArgs{\n\t\t\t\t\tProjectId: dest.Project,\n\t\t\t\t\tDatasetId: dest.DatasetId,\n\t\t\t\t\tTableId: dest.TableId,\n\t\t\t\t},\n\t\t\t\tDestinationEncryptionConfiguration: \u0026bigquery.JobCopyDestinationEncryptionConfigurationArgs{\n\t\t\t\t\tKmsKeyName: cryptoKey.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tencryptRole,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Table;\nimport com.pulumi.gcp.bigquery.TableArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.bigquery.inputs.TableEncryptionConfigurationArgs;\nimport com.pulumi.gcp.bigquery.Job;\nimport com.pulumi.gcp.bigquery.JobArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobCopyArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobCopyDestinationTableArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobCopyDestinationEncryptionConfigurationArgs;\nimport com.pulumi.codegen.internal.KeyedValue;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var count = 2;\n\n for (var i = 0; i \u003c count; i++) {\n new Dataset(\"sourceDataset-\" + i, DatasetArgs.builder()\n .datasetId(String.format(\"job_copy_%s_dataset\", range.value()))\n .friendlyName(\"test\")\n .description(\"This is a test description\")\n .location(\"US\")\n .build());\n\n \n}\n for (var i = 0; i \u003c count; i++) {\n new Table(\"source-\" + i, TableArgs.builder()\n .datasetId(sourceDataset[range.value()].datasetId())\n .tableId(String.format(\"job_copy_%s_table\", range.value()))\n .deletionProtection(false)\n .schema(\"\"\"\n[\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n]\n \"\"\")\n .build());\n\n \n}\n var destDataset = new Dataset(\"destDataset\", DatasetArgs.builder()\n .datasetId(\"job_copy_dest_dataset\")\n .friendlyName(\"test\")\n .description(\"This is a test description\")\n .location(\"US\")\n .build());\n\n var keyRing = new KeyRing(\"keyRing\", KeyRingArgs.builder()\n .name(\"example-keyring\")\n .location(\"global\")\n .build());\n\n var cryptoKey = new CryptoKey(\"cryptoKey\", CryptoKeyArgs.builder()\n .name(\"example-key\")\n .keyRing(keyRing.id())\n .build());\n\n final var project = OrganizationsFunctions.getProject(GetProjectArgs.builder()\n .projectId(\"my-project-name\")\n .build());\n\n var encryptRole = new CryptoKeyIAMMember(\"encryptRole\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(cryptoKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:bq-%s@bigquery-encryption.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var dest = new Table(\"dest\", TableArgs.builder()\n .deletionProtection(false)\n .datasetId(destDataset.datasetId())\n .tableId(\"job_copy_dest_table\")\n .schema(\"\"\"\n[\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n]\n \"\"\")\n .encryptionConfiguration(TableEncryptionConfigurationArgs.builder()\n .kmsKeyName(cryptoKey.id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(encryptRole)\n .build());\n\n var job = new Job(\"job\", JobArgs.builder()\n .jobId(\"job_copy\")\n .copy(JobCopyArgs.builder()\n .sourceTables( \n JobCopySourceTableArgs.builder()\n .projectId(source[0].project())\n .datasetId(source[0].datasetId())\n .tableId(source[0].tableId())\n .build(),\n JobCopySourceTableArgs.builder()\n .projectId(source[1].project())\n .datasetId(source[1].datasetId())\n .tableId(source[1].tableId())\n .build())\n .destinationTable(JobCopyDestinationTableArgs.builder()\n .projectId(dest.project())\n .datasetId(dest.datasetId())\n .tableId(dest.tableId())\n .build())\n .destinationEncryptionConfiguration(JobCopyDestinationEncryptionConfigurationArgs.builder()\n .kmsKeyName(cryptoKey.id())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(encryptRole)\n .build());\n\n }\n}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Job Extract\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst source_oneDataset = new gcp.bigquery.Dataset(\"source-one\", {\n datasetId: \"job_extract_dataset\",\n friendlyName: \"test\",\n description: \"This is a test description\",\n location: \"US\",\n});\nconst source_one = new gcp.bigquery.Table(\"source-one\", {\n deletionProtection: false,\n datasetId: source_oneDataset.datasetId,\n tableId: \"job_extract_table\",\n schema: `[\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n]\n`,\n});\nconst dest = new gcp.storage.Bucket(\"dest\", {\n name: \"job_extract_bucket\",\n location: \"US\",\n forceDestroy: true,\n});\nconst job = new gcp.bigquery.Job(\"job\", {\n jobId: \"job_extract\",\n extract: {\n destinationUris: [pulumi.interpolate`${dest.url}/extract`],\n sourceTable: {\n projectId: source_one.project,\n datasetId: source_one.datasetId,\n tableId: source_one.tableId,\n },\n destinationFormat: \"NEWLINE_DELIMITED_JSON\",\n compression: \"GZIP\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsource_one_dataset = gcp.bigquery.Dataset(\"source-one\",\n dataset_id=\"job_extract_dataset\",\n friendly_name=\"test\",\n description=\"This is a test description\",\n location=\"US\")\nsource_one = gcp.bigquery.Table(\"source-one\",\n deletion_protection=False,\n dataset_id=source_one_dataset.dataset_id,\n table_id=\"job_extract_table\",\n schema=\"\"\"[\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n]\n\"\"\")\ndest = gcp.storage.Bucket(\"dest\",\n name=\"job_extract_bucket\",\n location=\"US\",\n force_destroy=True)\njob = gcp.bigquery.Job(\"job\",\n job_id=\"job_extract\",\n extract={\n \"destination_uris\": [dest.url.apply(lambda url: f\"{url}/extract\")],\n \"source_table\": {\n \"project_id\": source_one.project,\n \"dataset_id\": source_one.dataset_id,\n \"table_id\": source_one.table_id,\n },\n \"destination_format\": \"NEWLINE_DELIMITED_JSON\",\n \"compression\": \"GZIP\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var source_oneDataset = new Gcp.BigQuery.Dataset(\"source-one\", new()\n {\n DatasetId = \"job_extract_dataset\",\n FriendlyName = \"test\",\n Description = \"This is a test description\",\n Location = \"US\",\n });\n\n var source_one = new Gcp.BigQuery.Table(\"source-one\", new()\n {\n DeletionProtection = false,\n DatasetId = source_oneDataset.DatasetId,\n TableId = \"job_extract_table\",\n Schema = @\"[\n {\n \"\"name\"\": \"\"name\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"mode\"\": \"\"NULLABLE\"\"\n },\n {\n \"\"name\"\": \"\"post_abbr\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"mode\"\": \"\"NULLABLE\"\"\n },\n {\n \"\"name\"\": \"\"date\"\",\n \"\"type\"\": \"\"DATE\"\",\n \"\"mode\"\": \"\"NULLABLE\"\"\n }\n]\n\",\n });\n\n var dest = new Gcp.Storage.Bucket(\"dest\", new()\n {\n Name = \"job_extract_bucket\",\n Location = \"US\",\n ForceDestroy = true,\n });\n\n var job = new Gcp.BigQuery.Job(\"job\", new()\n {\n JobId = \"job_extract\",\n Extract = new Gcp.BigQuery.Inputs.JobExtractArgs\n {\n DestinationUris = new[]\n {\n dest.Url.Apply(url =\u003e $\"{url}/extract\"),\n },\n SourceTable = new Gcp.BigQuery.Inputs.JobExtractSourceTableArgs\n {\n ProjectId = source_one.Project,\n DatasetId = source_one.DatasetId,\n TableId = source_one.TableId,\n },\n DestinationFormat = \"NEWLINE_DELIMITED_JSON\",\n Compression = \"GZIP\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewDataset(ctx, \"source-one\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"job_extract_dataset\"),\n\t\t\tFriendlyName: pulumi.String(\"test\"),\n\t\t\tDescription: pulumi.String(\"This is a test description\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewTable(ctx, \"source-one\", \u0026bigquery.TableArgs{\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tDatasetId: source_oneDataset.DatasetId,\n\t\t\tTableId: pulumi.String(\"job_extract_table\"),\n\t\t\tSchema: pulumi.String(`[\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n]\n`),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdest, err := storage.NewBucket(ctx, \"dest\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"job_extract_bucket\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewJob(ctx, \"job\", \u0026bigquery.JobArgs{\n\t\t\tJobId: pulumi.String(\"job_extract\"),\n\t\t\tExtract: \u0026bigquery.JobExtractArgs{\n\t\t\t\tDestinationUris: pulumi.StringArray{\n\t\t\t\t\tdest.Url.ApplyT(func(url string) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"%v/extract\", url), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t},\n\t\t\t\tSourceTable: \u0026bigquery.JobExtractSourceTableArgs{\n\t\t\t\t\tProjectId: source_one.Project,\n\t\t\t\t\tDatasetId: source_one.DatasetId,\n\t\t\t\t\tTableId: source_one.TableId,\n\t\t\t\t},\n\t\t\t\tDestinationFormat: pulumi.String(\"NEWLINE_DELIMITED_JSON\"),\n\t\t\t\tCompression: pulumi.String(\"GZIP\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Table;\nimport com.pulumi.gcp.bigquery.TableArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.bigquery.Job;\nimport com.pulumi.gcp.bigquery.JobArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobExtractArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobExtractSourceTableArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var source_oneDataset = new Dataset(\"source-oneDataset\", DatasetArgs.builder()\n .datasetId(\"job_extract_dataset\")\n .friendlyName(\"test\")\n .description(\"This is a test description\")\n .location(\"US\")\n .build());\n\n var source_one = new Table(\"source-one\", TableArgs.builder()\n .deletionProtection(false)\n .datasetId(source_oneDataset.datasetId())\n .tableId(\"job_extract_table\")\n .schema(\"\"\"\n[\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n]\n \"\"\")\n .build());\n\n var dest = new Bucket(\"dest\", BucketArgs.builder()\n .name(\"job_extract_bucket\")\n .location(\"US\")\n .forceDestroy(true)\n .build());\n\n var job = new Job(\"job\", JobArgs.builder()\n .jobId(\"job_extract\")\n .extract(JobExtractArgs.builder()\n .destinationUris(dest.url().applyValue(url -\u003e String.format(\"%s/extract\", url)))\n .sourceTable(JobExtractSourceTableArgs.builder()\n .projectId(source_one.project())\n .datasetId(source_one.datasetId())\n .tableId(source_one.tableId())\n .build())\n .destinationFormat(\"NEWLINE_DELIMITED_JSON\")\n .compression(\"GZIP\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n source-one:\n type: gcp:bigquery:Table\n properties:\n deletionProtection: false\n datasetId: ${[\"source-oneDataset\"].datasetId}\n tableId: job_extract_table\n schema: |\n [\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n ]\n source-oneDataset:\n type: gcp:bigquery:Dataset\n name: source-one\n properties:\n datasetId: job_extract_dataset\n friendlyName: test\n description: This is a test description\n location: US\n dest:\n type: gcp:storage:Bucket\n properties:\n name: job_extract_bucket\n location: US\n forceDestroy: true\n job:\n type: gcp:bigquery:Job\n properties:\n jobId: job_extract\n extract:\n destinationUris:\n - ${dest.url}/extract\n sourceTable:\n projectId: ${[\"source-one\"].project}\n datasetId: ${[\"source-one\"].datasetId}\n tableId: ${[\"source-one\"].tableId}\n destinationFormat: NEWLINE_DELIMITED_JSON\n compression: GZIP\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nJob can be imported using any of these accepted formats:\n\n* `projects/{{project}}/jobs/{{job_id}}/location/{{location}}`\n\n* `projects/{{project}}/jobs/{{job_id}}`\n\n* `{{project}}/{{job_id}}/{{location}}`\n\n* `{{job_id}}/{{location}}`\n\n* `{{project}}/{{job_id}}`\n\n* `{{job_id}}`\n\nWhen using the `pulumi import` command, Job can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:bigquery/job:Job default projects/{{project}}/jobs/{{job_id}}/location/{{location}}\n```\n\n```sh\n$ pulumi import gcp:bigquery/job:Job default projects/{{project}}/jobs/{{job_id}}\n```\n\n```sh\n$ pulumi import gcp:bigquery/job:Job default {{project}}/{{job_id}}/{{location}}\n```\n\n```sh\n$ pulumi import gcp:bigquery/job:Job default {{job_id}}/{{location}}\n```\n\n```sh\n$ pulumi import gcp:bigquery/job:Job default {{project}}/{{job_id}}\n```\n\n```sh\n$ pulumi import gcp:bigquery/job:Job default {{job_id}}\n```\n\n", + "description": "Jobs are actions that BigQuery runs on your behalf to load data, export data, query data, or copy data.\nOnce a BigQuery job is created, it cannot be changed or deleted.\n\n\nTo get more information about Job, see:\n\n* [API documentation](https://cloud.google.com/bigquery/docs/reference/rest/v2/jobs)\n* How-to Guides\n * [BigQuery Jobs Intro](https://cloud.google.com/bigquery/docs/jobs-overview)\n\n## Example Usage\n\n### Bigquery Job Query\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst bar = new gcp.bigquery.Dataset(\"bar\", {\n datasetId: \"job_query_dataset\",\n friendlyName: \"test\",\n description: \"This is a test description\",\n location: \"US\",\n});\nconst foo = new gcp.bigquery.Table(\"foo\", {\n deletionProtection: false,\n datasetId: bar.datasetId,\n tableId: \"job_query_table\",\n});\nconst job = new gcp.bigquery.Job(\"job\", {\n jobId: \"job_query\",\n labels: {\n \"example-label\": \"example-value\",\n },\n query: {\n query: \"SELECT state FROM [lookerdata:cdc.project_tycho_reports]\",\n destinationTable: {\n projectId: foo.project,\n datasetId: foo.datasetId,\n tableId: foo.tableId,\n },\n allowLargeResults: true,\n flattenResults: true,\n scriptOptions: {\n keyResultStatement: \"LAST\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbar = gcp.bigquery.Dataset(\"bar\",\n dataset_id=\"job_query_dataset\",\n friendly_name=\"test\",\n description=\"This is a test description\",\n location=\"US\")\nfoo = gcp.bigquery.Table(\"foo\",\n deletion_protection=False,\n dataset_id=bar.dataset_id,\n table_id=\"job_query_table\")\njob = gcp.bigquery.Job(\"job\",\n job_id=\"job_query\",\n labels={\n \"example-label\": \"example-value\",\n },\n query={\n \"query\": \"SELECT state FROM [lookerdata:cdc.project_tycho_reports]\",\n \"destination_table\": {\n \"project_id\": foo.project,\n \"dataset_id\": foo.dataset_id,\n \"table_id\": foo.table_id,\n },\n \"allow_large_results\": True,\n \"flatten_results\": True,\n \"script_options\": {\n \"key_result_statement\": \"LAST\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bar = new Gcp.BigQuery.Dataset(\"bar\", new()\n {\n DatasetId = \"job_query_dataset\",\n FriendlyName = \"test\",\n Description = \"This is a test description\",\n Location = \"US\",\n });\n\n var foo = new Gcp.BigQuery.Table(\"foo\", new()\n {\n DeletionProtection = false,\n DatasetId = bar.DatasetId,\n TableId = \"job_query_table\",\n });\n\n var job = new Gcp.BigQuery.Job(\"job\", new()\n {\n JobId = \"job_query\",\n Labels = \n {\n { \"example-label\", \"example-value\" },\n },\n Query = new Gcp.BigQuery.Inputs.JobQueryArgs\n {\n Query = \"SELECT state FROM [lookerdata:cdc.project_tycho_reports]\",\n DestinationTable = new Gcp.BigQuery.Inputs.JobQueryDestinationTableArgs\n {\n ProjectId = foo.Project,\n DatasetId = foo.DatasetId,\n TableId = foo.TableId,\n },\n AllowLargeResults = true,\n FlattenResults = true,\n ScriptOptions = new Gcp.BigQuery.Inputs.JobQueryScriptOptionsArgs\n {\n KeyResultStatement = \"LAST\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbar, err := bigquery.NewDataset(ctx, \"bar\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"job_query_dataset\"),\n\t\t\tFriendlyName: pulumi.String(\"test\"),\n\t\t\tDescription: pulumi.String(\"This is a test description\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoo, err := bigquery.NewTable(ctx, \"foo\", \u0026bigquery.TableArgs{\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tDatasetId: bar.DatasetId,\n\t\t\tTableId: pulumi.String(\"job_query_table\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewJob(ctx, \"job\", \u0026bigquery.JobArgs{\n\t\t\tJobId: pulumi.String(\"job_query\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"example-label\": pulumi.String(\"example-value\"),\n\t\t\t},\n\t\t\tQuery: \u0026bigquery.JobQueryArgs{\n\t\t\t\tQuery: pulumi.String(\"SELECT state FROM [lookerdata:cdc.project_tycho_reports]\"),\n\t\t\t\tDestinationTable: \u0026bigquery.JobQueryDestinationTableArgs{\n\t\t\t\t\tProjectId: foo.Project,\n\t\t\t\t\tDatasetId: foo.DatasetId,\n\t\t\t\t\tTableId: foo.TableId,\n\t\t\t\t},\n\t\t\t\tAllowLargeResults: pulumi.Bool(true),\n\t\t\t\tFlattenResults: pulumi.Bool(true),\n\t\t\t\tScriptOptions: \u0026bigquery.JobQueryScriptOptionsArgs{\n\t\t\t\t\tKeyResultStatement: pulumi.String(\"LAST\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Table;\nimport com.pulumi.gcp.bigquery.TableArgs;\nimport com.pulumi.gcp.bigquery.Job;\nimport com.pulumi.gcp.bigquery.JobArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobQueryArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobQueryDestinationTableArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobQueryScriptOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bar = new Dataset(\"bar\", DatasetArgs.builder()\n .datasetId(\"job_query_dataset\")\n .friendlyName(\"test\")\n .description(\"This is a test description\")\n .location(\"US\")\n .build());\n\n var foo = new Table(\"foo\", TableArgs.builder()\n .deletionProtection(false)\n .datasetId(bar.datasetId())\n .tableId(\"job_query_table\")\n .build());\n\n var job = new Job(\"job\", JobArgs.builder()\n .jobId(\"job_query\")\n .labels(Map.of(\"example-label\", \"example-value\"))\n .query(JobQueryArgs.builder()\n .query(\"SELECT state FROM [lookerdata:cdc.project_tycho_reports]\")\n .destinationTable(JobQueryDestinationTableArgs.builder()\n .projectId(foo.project())\n .datasetId(foo.datasetId())\n .tableId(foo.tableId())\n .build())\n .allowLargeResults(true)\n .flattenResults(true)\n .scriptOptions(JobQueryScriptOptionsArgs.builder()\n .keyResultStatement(\"LAST\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: gcp:bigquery:Table\n properties:\n deletionProtection: false\n datasetId: ${bar.datasetId}\n tableId: job_query_table\n bar:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: job_query_dataset\n friendlyName: test\n description: This is a test description\n location: US\n job:\n type: gcp:bigquery:Job\n properties:\n jobId: job_query\n labels:\n example-label: example-value\n query:\n query: SELECT state FROM [lookerdata:cdc.project_tycho_reports]\n destinationTable:\n projectId: ${foo.project}\n datasetId: ${foo.datasetId}\n tableId: ${foo.tableId}\n allowLargeResults: true\n flattenResults: true\n scriptOptions:\n keyResultStatement: LAST\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Job Query Table Reference\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst bar = new gcp.bigquery.Dataset(\"bar\", {\n datasetId: \"job_query_dataset\",\n friendlyName: \"test\",\n description: \"This is a test description\",\n location: \"US\",\n});\nconst foo = new gcp.bigquery.Table(\"foo\", {\n deletionProtection: false,\n datasetId: bar.datasetId,\n tableId: \"job_query_table\",\n});\nconst job = new gcp.bigquery.Job(\"job\", {\n jobId: \"job_query\",\n labels: {\n \"example-label\": \"example-value\",\n },\n query: {\n query: \"SELECT state FROM [lookerdata:cdc.project_tycho_reports]\",\n destinationTable: {\n tableId: foo.id,\n },\n defaultDataset: {\n datasetId: bar.id,\n },\n allowLargeResults: true,\n flattenResults: true,\n scriptOptions: {\n keyResultStatement: \"LAST\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbar = gcp.bigquery.Dataset(\"bar\",\n dataset_id=\"job_query_dataset\",\n friendly_name=\"test\",\n description=\"This is a test description\",\n location=\"US\")\nfoo = gcp.bigquery.Table(\"foo\",\n deletion_protection=False,\n dataset_id=bar.dataset_id,\n table_id=\"job_query_table\")\njob = gcp.bigquery.Job(\"job\",\n job_id=\"job_query\",\n labels={\n \"example-label\": \"example-value\",\n },\n query={\n \"query\": \"SELECT state FROM [lookerdata:cdc.project_tycho_reports]\",\n \"destination_table\": {\n \"table_id\": foo.id,\n },\n \"default_dataset\": {\n \"dataset_id\": bar.id,\n },\n \"allow_large_results\": True,\n \"flatten_results\": True,\n \"script_options\": {\n \"key_result_statement\": \"LAST\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bar = new Gcp.BigQuery.Dataset(\"bar\", new()\n {\n DatasetId = \"job_query_dataset\",\n FriendlyName = \"test\",\n Description = \"This is a test description\",\n Location = \"US\",\n });\n\n var foo = new Gcp.BigQuery.Table(\"foo\", new()\n {\n DeletionProtection = false,\n DatasetId = bar.DatasetId,\n TableId = \"job_query_table\",\n });\n\n var job = new Gcp.BigQuery.Job(\"job\", new()\n {\n JobId = \"job_query\",\n Labels = \n {\n { \"example-label\", \"example-value\" },\n },\n Query = new Gcp.BigQuery.Inputs.JobQueryArgs\n {\n Query = \"SELECT state FROM [lookerdata:cdc.project_tycho_reports]\",\n DestinationTable = new Gcp.BigQuery.Inputs.JobQueryDestinationTableArgs\n {\n TableId = foo.Id,\n },\n DefaultDataset = new Gcp.BigQuery.Inputs.JobQueryDefaultDatasetArgs\n {\n DatasetId = bar.Id,\n },\n AllowLargeResults = true,\n FlattenResults = true,\n ScriptOptions = new Gcp.BigQuery.Inputs.JobQueryScriptOptionsArgs\n {\n KeyResultStatement = \"LAST\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbar, err := bigquery.NewDataset(ctx, \"bar\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"job_query_dataset\"),\n\t\t\tFriendlyName: pulumi.String(\"test\"),\n\t\t\tDescription: pulumi.String(\"This is a test description\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoo, err := bigquery.NewTable(ctx, \"foo\", \u0026bigquery.TableArgs{\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tDatasetId: bar.DatasetId,\n\t\t\tTableId: pulumi.String(\"job_query_table\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewJob(ctx, \"job\", \u0026bigquery.JobArgs{\n\t\t\tJobId: pulumi.String(\"job_query\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"example-label\": pulumi.String(\"example-value\"),\n\t\t\t},\n\t\t\tQuery: \u0026bigquery.JobQueryArgs{\n\t\t\t\tQuery: pulumi.String(\"SELECT state FROM [lookerdata:cdc.project_tycho_reports]\"),\n\t\t\t\tDestinationTable: \u0026bigquery.JobQueryDestinationTableArgs{\n\t\t\t\t\tTableId: foo.ID(),\n\t\t\t\t},\n\t\t\t\tDefaultDataset: \u0026bigquery.JobQueryDefaultDatasetArgs{\n\t\t\t\t\tDatasetId: bar.ID(),\n\t\t\t\t},\n\t\t\t\tAllowLargeResults: pulumi.Bool(true),\n\t\t\t\tFlattenResults: pulumi.Bool(true),\n\t\t\t\tScriptOptions: \u0026bigquery.JobQueryScriptOptionsArgs{\n\t\t\t\t\tKeyResultStatement: pulumi.String(\"LAST\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Table;\nimport com.pulumi.gcp.bigquery.TableArgs;\nimport com.pulumi.gcp.bigquery.Job;\nimport com.pulumi.gcp.bigquery.JobArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobQueryArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobQueryDestinationTableArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobQueryDefaultDatasetArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobQueryScriptOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bar = new Dataset(\"bar\", DatasetArgs.builder()\n .datasetId(\"job_query_dataset\")\n .friendlyName(\"test\")\n .description(\"This is a test description\")\n .location(\"US\")\n .build());\n\n var foo = new Table(\"foo\", TableArgs.builder()\n .deletionProtection(false)\n .datasetId(bar.datasetId())\n .tableId(\"job_query_table\")\n .build());\n\n var job = new Job(\"job\", JobArgs.builder()\n .jobId(\"job_query\")\n .labels(Map.of(\"example-label\", \"example-value\"))\n .query(JobQueryArgs.builder()\n .query(\"SELECT state FROM [lookerdata:cdc.project_tycho_reports]\")\n .destinationTable(JobQueryDestinationTableArgs.builder()\n .tableId(foo.id())\n .build())\n .defaultDataset(JobQueryDefaultDatasetArgs.builder()\n .datasetId(bar.id())\n .build())\n .allowLargeResults(true)\n .flattenResults(true)\n .scriptOptions(JobQueryScriptOptionsArgs.builder()\n .keyResultStatement(\"LAST\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: gcp:bigquery:Table\n properties:\n deletionProtection: false\n datasetId: ${bar.datasetId}\n tableId: job_query_table\n bar:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: job_query_dataset\n friendlyName: test\n description: This is a test description\n location: US\n job:\n type: gcp:bigquery:Job\n properties:\n jobId: job_query\n labels:\n example-label: example-value\n query:\n query: SELECT state FROM [lookerdata:cdc.project_tycho_reports]\n destinationTable:\n tableId: ${foo.id}\n defaultDataset:\n datasetId: ${bar.id}\n allowLargeResults: true\n flattenResults: true\n scriptOptions:\n keyResultStatement: LAST\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Job Load\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst bar = new gcp.bigquery.Dataset(\"bar\", {\n datasetId: \"job_load_dataset\",\n friendlyName: \"test\",\n description: \"This is a test description\",\n location: \"US\",\n});\nconst foo = new gcp.bigquery.Table(\"foo\", {\n deletionProtection: false,\n datasetId: bar.datasetId,\n tableId: \"job_load_table\",\n});\nconst job = new gcp.bigquery.Job(\"job\", {\n jobId: \"job_load\",\n labels: {\n my_job: \"load\",\n },\n load: {\n sourceUris: [\"gs://cloud-samples-data/bigquery/us-states/us-states-by-date.csv\"],\n destinationTable: {\n projectId: foo.project,\n datasetId: foo.datasetId,\n tableId: foo.tableId,\n },\n skipLeadingRows: 1,\n schemaUpdateOptions: [\n \"ALLOW_FIELD_RELAXATION\",\n \"ALLOW_FIELD_ADDITION\",\n ],\n writeDisposition: \"WRITE_APPEND\",\n autodetect: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbar = gcp.bigquery.Dataset(\"bar\",\n dataset_id=\"job_load_dataset\",\n friendly_name=\"test\",\n description=\"This is a test description\",\n location=\"US\")\nfoo = gcp.bigquery.Table(\"foo\",\n deletion_protection=False,\n dataset_id=bar.dataset_id,\n table_id=\"job_load_table\")\njob = gcp.bigquery.Job(\"job\",\n job_id=\"job_load\",\n labels={\n \"my_job\": \"load\",\n },\n load={\n \"source_uris\": [\"gs://cloud-samples-data/bigquery/us-states/us-states-by-date.csv\"],\n \"destination_table\": {\n \"project_id\": foo.project,\n \"dataset_id\": foo.dataset_id,\n \"table_id\": foo.table_id,\n },\n \"skip_leading_rows\": 1,\n \"schema_update_options\": [\n \"ALLOW_FIELD_RELAXATION\",\n \"ALLOW_FIELD_ADDITION\",\n ],\n \"write_disposition\": \"WRITE_APPEND\",\n \"autodetect\": True,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bar = new Gcp.BigQuery.Dataset(\"bar\", new()\n {\n DatasetId = \"job_load_dataset\",\n FriendlyName = \"test\",\n Description = \"This is a test description\",\n Location = \"US\",\n });\n\n var foo = new Gcp.BigQuery.Table(\"foo\", new()\n {\n DeletionProtection = false,\n DatasetId = bar.DatasetId,\n TableId = \"job_load_table\",\n });\n\n var job = new Gcp.BigQuery.Job(\"job\", new()\n {\n JobId = \"job_load\",\n Labels = \n {\n { \"my_job\", \"load\" },\n },\n Load = new Gcp.BigQuery.Inputs.JobLoadArgs\n {\n SourceUris = new[]\n {\n \"gs://cloud-samples-data/bigquery/us-states/us-states-by-date.csv\",\n },\n DestinationTable = new Gcp.BigQuery.Inputs.JobLoadDestinationTableArgs\n {\n ProjectId = foo.Project,\n DatasetId = foo.DatasetId,\n TableId = foo.TableId,\n },\n SkipLeadingRows = 1,\n SchemaUpdateOptions = new[]\n {\n \"ALLOW_FIELD_RELAXATION\",\n \"ALLOW_FIELD_ADDITION\",\n },\n WriteDisposition = \"WRITE_APPEND\",\n Autodetect = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbar, err := bigquery.NewDataset(ctx, \"bar\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"job_load_dataset\"),\n\t\t\tFriendlyName: pulumi.String(\"test\"),\n\t\t\tDescription: pulumi.String(\"This is a test description\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoo, err := bigquery.NewTable(ctx, \"foo\", \u0026bigquery.TableArgs{\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tDatasetId: bar.DatasetId,\n\t\t\tTableId: pulumi.String(\"job_load_table\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewJob(ctx, \"job\", \u0026bigquery.JobArgs{\n\t\t\tJobId: pulumi.String(\"job_load\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"my_job\": pulumi.String(\"load\"),\n\t\t\t},\n\t\t\tLoad: \u0026bigquery.JobLoadArgs{\n\t\t\t\tSourceUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"gs://cloud-samples-data/bigquery/us-states/us-states-by-date.csv\"),\n\t\t\t\t},\n\t\t\t\tDestinationTable: \u0026bigquery.JobLoadDestinationTableArgs{\n\t\t\t\t\tProjectId: foo.Project,\n\t\t\t\t\tDatasetId: foo.DatasetId,\n\t\t\t\t\tTableId: foo.TableId,\n\t\t\t\t},\n\t\t\t\tSkipLeadingRows: pulumi.Int(1),\n\t\t\t\tSchemaUpdateOptions: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"ALLOW_FIELD_RELAXATION\"),\n\t\t\t\t\tpulumi.String(\"ALLOW_FIELD_ADDITION\"),\n\t\t\t\t},\n\t\t\t\tWriteDisposition: pulumi.String(\"WRITE_APPEND\"),\n\t\t\t\tAutodetect: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Table;\nimport com.pulumi.gcp.bigquery.TableArgs;\nimport com.pulumi.gcp.bigquery.Job;\nimport com.pulumi.gcp.bigquery.JobArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobLoadArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobLoadDestinationTableArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bar = new Dataset(\"bar\", DatasetArgs.builder()\n .datasetId(\"job_load_dataset\")\n .friendlyName(\"test\")\n .description(\"This is a test description\")\n .location(\"US\")\n .build());\n\n var foo = new Table(\"foo\", TableArgs.builder()\n .deletionProtection(false)\n .datasetId(bar.datasetId())\n .tableId(\"job_load_table\")\n .build());\n\n var job = new Job(\"job\", JobArgs.builder()\n .jobId(\"job_load\")\n .labels(Map.of(\"my_job\", \"load\"))\n .load(JobLoadArgs.builder()\n .sourceUris(\"gs://cloud-samples-data/bigquery/us-states/us-states-by-date.csv\")\n .destinationTable(JobLoadDestinationTableArgs.builder()\n .projectId(foo.project())\n .datasetId(foo.datasetId())\n .tableId(foo.tableId())\n .build())\n .skipLeadingRows(1)\n .schemaUpdateOptions( \n \"ALLOW_FIELD_RELAXATION\",\n \"ALLOW_FIELD_ADDITION\")\n .writeDisposition(\"WRITE_APPEND\")\n .autodetect(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: gcp:bigquery:Table\n properties:\n deletionProtection: false\n datasetId: ${bar.datasetId}\n tableId: job_load_table\n bar:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: job_load_dataset\n friendlyName: test\n description: This is a test description\n location: US\n job:\n type: gcp:bigquery:Job\n properties:\n jobId: job_load\n labels:\n my_job: load\n load:\n sourceUris:\n - gs://cloud-samples-data/bigquery/us-states/us-states-by-date.csv\n destinationTable:\n projectId: ${foo.project}\n datasetId: ${foo.datasetId}\n tableId: ${foo.tableId}\n skipLeadingRows: 1\n schemaUpdateOptions:\n - ALLOW_FIELD_RELAXATION\n - ALLOW_FIELD_ADDITION\n writeDisposition: WRITE_APPEND\n autodetect: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Job Load Geojson\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = \"my-project-name\";\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: `${project}-bq-geojson`,\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst object = new gcp.storage.BucketObject(\"object\", {\n name: \"geojson-data.jsonl\",\n bucket: bucket.name,\n content: `{\"type\":\"Feature\",\"properties\":{\"continent\":\"Europe\",\"region\":\"Scandinavia\"},\"geometry\":{\"type\":\"Polygon\",\"coordinates\":[[[-30.94,53.33],[33.05,53.33],[33.05,71.86],[-30.94,71.86],[-30.94,53.33]]]}}\n{\"type\":\"Feature\",\"properties\":{\"continent\":\"Africa\",\"region\":\"West Africa\"},\"geometry\":{\"type\":\"Polygon\",\"coordinates\":[[[-23.91,0],[11.95,0],[11.95,18.98],[-23.91,18.98],[-23.91,0]]]}}\n`,\n});\nconst bar = new gcp.bigquery.Dataset(\"bar\", {\n datasetId: \"job_load_dataset\",\n friendlyName: \"test\",\n description: \"This is a test description\",\n location: \"US\",\n});\nconst foo = new gcp.bigquery.Table(\"foo\", {\n deletionProtection: false,\n datasetId: bar.datasetId,\n tableId: \"job_load_table\",\n});\nconst job = new gcp.bigquery.Job(\"job\", {\n jobId: \"job_load\",\n labels: {\n my_job: \"load\",\n },\n load: {\n sourceUris: [pulumi.interpolate`gs://${object.bucket}/${object.name}`],\n destinationTable: {\n projectId: foo.project,\n datasetId: foo.datasetId,\n tableId: foo.tableId,\n },\n writeDisposition: \"WRITE_TRUNCATE\",\n autodetect: true,\n sourceFormat: \"NEWLINE_DELIMITED_JSON\",\n jsonExtension: \"GEOJSON\",\n },\n}, {\n dependsOn: [object],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = \"my-project-name\"\nbucket = gcp.storage.Bucket(\"bucket\",\n name=f\"{project}-bq-geojson\",\n location=\"US\",\n uniform_bucket_level_access=True)\nobject = gcp.storage.BucketObject(\"object\",\n name=\"geojson-data.jsonl\",\n bucket=bucket.name,\n content=\"\"\"{\"type\":\"Feature\",\"properties\":{\"continent\":\"Europe\",\"region\":\"Scandinavia\"},\"geometry\":{\"type\":\"Polygon\",\"coordinates\":[[[-30.94,53.33],[33.05,53.33],[33.05,71.86],[-30.94,71.86],[-30.94,53.33]]]}}\n{\"type\":\"Feature\",\"properties\":{\"continent\":\"Africa\",\"region\":\"West Africa\"},\"geometry\":{\"type\":\"Polygon\",\"coordinates\":[[[-23.91,0],[11.95,0],[11.95,18.98],[-23.91,18.98],[-23.91,0]]]}}\n\"\"\")\nbar = gcp.bigquery.Dataset(\"bar\",\n dataset_id=\"job_load_dataset\",\n friendly_name=\"test\",\n description=\"This is a test description\",\n location=\"US\")\nfoo = gcp.bigquery.Table(\"foo\",\n deletion_protection=False,\n dataset_id=bar.dataset_id,\n table_id=\"job_load_table\")\njob = gcp.bigquery.Job(\"job\",\n job_id=\"job_load\",\n labels={\n \"my_job\": \"load\",\n },\n load={\n \"source_uris\": [pulumi.Output.all(\n bucket=object.bucket,\n name=object.name\n).apply(lambda resolved_outputs: f\"gs://{resolved_outputs['bucket']}/{resolved_outputs['name']}\")\n],\n \"destination_table\": {\n \"project_id\": foo.project,\n \"dataset_id\": foo.dataset_id,\n \"table_id\": foo.table_id,\n },\n \"write_disposition\": \"WRITE_TRUNCATE\",\n \"autodetect\": True,\n \"source_format\": \"NEWLINE_DELIMITED_JSON\",\n \"json_extension\": \"GEOJSON\",\n },\n opts = pulumi.ResourceOptions(depends_on=[object]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = \"my-project-name\";\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = $\"{project}-bq-geojson\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var @object = new Gcp.Storage.BucketObject(\"object\", new()\n {\n Name = \"geojson-data.jsonl\",\n Bucket = bucket.Name,\n Content = @\"{\"\"type\"\":\"\"Feature\"\",\"\"properties\"\":{\"\"continent\"\":\"\"Europe\"\",\"\"region\"\":\"\"Scandinavia\"\"},\"\"geometry\"\":{\"\"type\"\":\"\"Polygon\"\",\"\"coordinates\"\":[[[-30.94,53.33],[33.05,53.33],[33.05,71.86],[-30.94,71.86],[-30.94,53.33]]]}}\n{\"\"type\"\":\"\"Feature\"\",\"\"properties\"\":{\"\"continent\"\":\"\"Africa\"\",\"\"region\"\":\"\"West Africa\"\"},\"\"geometry\"\":{\"\"type\"\":\"\"Polygon\"\",\"\"coordinates\"\":[[[-23.91,0],[11.95,0],[11.95,18.98],[-23.91,18.98],[-23.91,0]]]}}\n\",\n });\n\n var bar = new Gcp.BigQuery.Dataset(\"bar\", new()\n {\n DatasetId = \"job_load_dataset\",\n FriendlyName = \"test\",\n Description = \"This is a test description\",\n Location = \"US\",\n });\n\n var foo = new Gcp.BigQuery.Table(\"foo\", new()\n {\n DeletionProtection = false,\n DatasetId = bar.DatasetId,\n TableId = \"job_load_table\",\n });\n\n var job = new Gcp.BigQuery.Job(\"job\", new()\n {\n JobId = \"job_load\",\n Labels = \n {\n { \"my_job\", \"load\" },\n },\n Load = new Gcp.BigQuery.Inputs.JobLoadArgs\n {\n SourceUris = new[]\n {\n Output.Tuple(@object.Bucket, @object.Name).Apply(values =\u003e\n {\n var bucket = values.Item1;\n var name = values.Item2;\n return $\"gs://{bucket}/{name}\";\n }),\n },\n DestinationTable = new Gcp.BigQuery.Inputs.JobLoadDestinationTableArgs\n {\n ProjectId = foo.Project,\n DatasetId = foo.DatasetId,\n TableId = foo.TableId,\n },\n WriteDisposition = \"WRITE_TRUNCATE\",\n Autodetect = true,\n SourceFormat = \"NEWLINE_DELIMITED_JSON\",\n JsonExtension = \"GEOJSON\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @object,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject := \"my-project-name\"\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.Sprintf(\"%v-bq-geojson\", project),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tobject, err := storage.NewBucketObject(ctx, \"object\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"geojson-data.jsonl\"),\n\t\t\tBucket: bucket.Name,\n\t\t\tContent: pulumi.String(\"{\\\"type\\\":\\\"Feature\\\",\\\"properties\\\":{\\\"continent\\\":\\\"Europe\\\",\\\"region\\\":\\\"Scandinavia\\\"},\\\"geometry\\\":{\\\"type\\\":\\\"Polygon\\\",\\\"coordinates\\\":[[[-30.94,53.33],[33.05,53.33],[33.05,71.86],[-30.94,71.86],[-30.94,53.33]]]}}\\n{\\\"type\\\":\\\"Feature\\\",\\\"properties\\\":{\\\"continent\\\":\\\"Africa\\\",\\\"region\\\":\\\"West Africa\\\"},\\\"geometry\\\":{\\\"type\\\":\\\"Polygon\\\",\\\"coordinates\\\":[[[-23.91,0],[11.95,0],[11.95,18.98],[-23.91,18.98],[-23.91,0]]]}}\\n\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbar, err := bigquery.NewDataset(ctx, \"bar\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"job_load_dataset\"),\n\t\t\tFriendlyName: pulumi.String(\"test\"),\n\t\t\tDescription: pulumi.String(\"This is a test description\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoo, err := bigquery.NewTable(ctx, \"foo\", \u0026bigquery.TableArgs{\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tDatasetId: bar.DatasetId,\n\t\t\tTableId: pulumi.String(\"job_load_table\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewJob(ctx, \"job\", \u0026bigquery.JobArgs{\n\t\t\tJobId: pulumi.String(\"job_load\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"my_job\": pulumi.String(\"load\"),\n\t\t\t},\n\t\t\tLoad: \u0026bigquery.JobLoadArgs{\n\t\t\t\tSourceUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.All(object.Bucket, object.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\tbucket := _args[0].(string)\n\t\t\t\t\t\tname := _args[1].(string)\n\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/%v\", bucket, name), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t},\n\t\t\t\tDestinationTable: \u0026bigquery.JobLoadDestinationTableArgs{\n\t\t\t\t\tProjectId: foo.Project,\n\t\t\t\t\tDatasetId: foo.DatasetId,\n\t\t\t\t\tTableId: foo.TableId,\n\t\t\t\t},\n\t\t\t\tWriteDisposition: pulumi.String(\"WRITE_TRUNCATE\"),\n\t\t\t\tAutodetect: pulumi.Bool(true),\n\t\t\t\tSourceFormat: pulumi.String(\"NEWLINE_DELIMITED_JSON\"),\n\t\t\t\tJsonExtension: pulumi.String(\"GEOJSON\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tobject,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Table;\nimport com.pulumi.gcp.bigquery.TableArgs;\nimport com.pulumi.gcp.bigquery.Job;\nimport com.pulumi.gcp.bigquery.JobArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobLoadArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobLoadDestinationTableArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = \"my-project-name\";\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(String.format(\"%s-bq-geojson\", project))\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var object = new BucketObject(\"object\", BucketObjectArgs.builder()\n .name(\"geojson-data.jsonl\")\n .bucket(bucket.name())\n .content(\"\"\"\n{\"type\":\"Feature\",\"properties\":{\"continent\":\"Europe\",\"region\":\"Scandinavia\"},\"geometry\":{\"type\":\"Polygon\",\"coordinates\":[[[-30.94,53.33],[33.05,53.33],[33.05,71.86],[-30.94,71.86],[-30.94,53.33]]]}}\n{\"type\":\"Feature\",\"properties\":{\"continent\":\"Africa\",\"region\":\"West Africa\"},\"geometry\":{\"type\":\"Polygon\",\"coordinates\":[[[-23.91,0],[11.95,0],[11.95,18.98],[-23.91,18.98],[-23.91,0]]]}}\n \"\"\")\n .build());\n\n var bar = new Dataset(\"bar\", DatasetArgs.builder()\n .datasetId(\"job_load_dataset\")\n .friendlyName(\"test\")\n .description(\"This is a test description\")\n .location(\"US\")\n .build());\n\n var foo = new Table(\"foo\", TableArgs.builder()\n .deletionProtection(false)\n .datasetId(bar.datasetId())\n .tableId(\"job_load_table\")\n .build());\n\n var job = new Job(\"job\", JobArgs.builder()\n .jobId(\"job_load\")\n .labels(Map.of(\"my_job\", \"load\"))\n .load(JobLoadArgs.builder()\n .sourceUris(Output.tuple(object.bucket(), object.name()).applyValue(values -\u003e {\n var bucket = values.t1;\n var name = values.t2;\n return String.format(\"gs://%s/%s\", bucket,name);\n }))\n .destinationTable(JobLoadDestinationTableArgs.builder()\n .projectId(foo.project())\n .datasetId(foo.datasetId())\n .tableId(foo.tableId())\n .build())\n .writeDisposition(\"WRITE_TRUNCATE\")\n .autodetect(true)\n .sourceFormat(\"NEWLINE_DELIMITED_JSON\")\n .jsonExtension(\"GEOJSON\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(object)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: ${project}-bq-geojson\n location: US\n uniformBucketLevelAccess: true\n object:\n type: gcp:storage:BucketObject\n properties:\n name: geojson-data.jsonl\n bucket: ${bucket.name}\n content: |\n {\"type\":\"Feature\",\"properties\":{\"continent\":\"Europe\",\"region\":\"Scandinavia\"},\"geometry\":{\"type\":\"Polygon\",\"coordinates\":[[[-30.94,53.33],[33.05,53.33],[33.05,71.86],[-30.94,71.86],[-30.94,53.33]]]}}\n {\"type\":\"Feature\",\"properties\":{\"continent\":\"Africa\",\"region\":\"West Africa\"},\"geometry\":{\"type\":\"Polygon\",\"coordinates\":[[[-23.91,0],[11.95,0],[11.95,18.98],[-23.91,18.98],[-23.91,0]]]}}\n foo:\n type: gcp:bigquery:Table\n properties:\n deletionProtection: false\n datasetId: ${bar.datasetId}\n tableId: job_load_table\n bar:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: job_load_dataset\n friendlyName: test\n description: This is a test description\n location: US\n job:\n type: gcp:bigquery:Job\n properties:\n jobId: job_load\n labels:\n my_job: load\n load:\n sourceUris:\n - gs://${object.bucket}/${object.name}\n destinationTable:\n projectId: ${foo.project}\n datasetId: ${foo.datasetId}\n tableId: ${foo.tableId}\n writeDisposition: WRITE_TRUNCATE\n autodetect: true\n sourceFormat: NEWLINE_DELIMITED_JSON\n jsonExtension: GEOJSON\n options:\n dependsOn:\n - ${object}\nvariables:\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Job Load Parquet\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst test = new gcp.storage.Bucket(\"test\", {\n name: \"job_load_bucket\",\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst testBucketObject = new gcp.storage.BucketObject(\"test\", {\n name: \"job_load_bucket_object\",\n source: new pulumi.asset.FileAsset(\"./test-fixtures/test.parquet.gzip\"),\n bucket: test.name,\n});\nconst testDataset = new gcp.bigquery.Dataset(\"test\", {\n datasetId: \"job_load_dataset\",\n friendlyName: \"test\",\n description: \"This is a test description\",\n location: \"US\",\n});\nconst testTable = new gcp.bigquery.Table(\"test\", {\n deletionProtection: false,\n tableId: \"job_load_table\",\n datasetId: testDataset.datasetId,\n});\nconst job = new gcp.bigquery.Job(\"job\", {\n jobId: \"job_load\",\n labels: {\n my_job: \"load\",\n },\n load: {\n sourceUris: [pulumi.interpolate`gs://${testBucketObject.bucket}/${testBucketObject.name}`],\n destinationTable: {\n projectId: testTable.project,\n datasetId: testTable.datasetId,\n tableId: testTable.tableId,\n },\n schemaUpdateOptions: [\n \"ALLOW_FIELD_RELAXATION\",\n \"ALLOW_FIELD_ADDITION\",\n ],\n writeDisposition: \"WRITE_APPEND\",\n sourceFormat: \"PARQUET\",\n autodetect: true,\n parquetOptions: {\n enumAsString: true,\n enableListInference: true,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest = gcp.storage.Bucket(\"test\",\n name=\"job_load_bucket\",\n location=\"US\",\n uniform_bucket_level_access=True)\ntest_bucket_object = gcp.storage.BucketObject(\"test\",\n name=\"job_load_bucket_object\",\n source=pulumi.FileAsset(\"./test-fixtures/test.parquet.gzip\"),\n bucket=test.name)\ntest_dataset = gcp.bigquery.Dataset(\"test\",\n dataset_id=\"job_load_dataset\",\n friendly_name=\"test\",\n description=\"This is a test description\",\n location=\"US\")\ntest_table = gcp.bigquery.Table(\"test\",\n deletion_protection=False,\n table_id=\"job_load_table\",\n dataset_id=test_dataset.dataset_id)\njob = gcp.bigquery.Job(\"job\",\n job_id=\"job_load\",\n labels={\n \"my_job\": \"load\",\n },\n load={\n \"source_uris\": [pulumi.Output.all(\n bucket=test_bucket_object.bucket,\n name=test_bucket_object.name\n).apply(lambda resolved_outputs: f\"gs://{resolved_outputs['bucket']}/{resolved_outputs['name']}\")\n],\n \"destination_table\": {\n \"project_id\": test_table.project,\n \"dataset_id\": test_table.dataset_id,\n \"table_id\": test_table.table_id,\n },\n \"schema_update_options\": [\n \"ALLOW_FIELD_RELAXATION\",\n \"ALLOW_FIELD_ADDITION\",\n ],\n \"write_disposition\": \"WRITE_APPEND\",\n \"source_format\": \"PARQUET\",\n \"autodetect\": True,\n \"parquet_options\": {\n \"enum_as_string\": True,\n \"enable_list_inference\": True,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Gcp.Storage.Bucket(\"test\", new()\n {\n Name = \"job_load_bucket\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var testBucketObject = new Gcp.Storage.BucketObject(\"test\", new()\n {\n Name = \"job_load_bucket_object\",\n Source = new FileAsset(\"./test-fixtures/test.parquet.gzip\"),\n Bucket = test.Name,\n });\n\n var testDataset = new Gcp.BigQuery.Dataset(\"test\", new()\n {\n DatasetId = \"job_load_dataset\",\n FriendlyName = \"test\",\n Description = \"This is a test description\",\n Location = \"US\",\n });\n\n var testTable = new Gcp.BigQuery.Table(\"test\", new()\n {\n DeletionProtection = false,\n TableId = \"job_load_table\",\n DatasetId = testDataset.DatasetId,\n });\n\n var job = new Gcp.BigQuery.Job(\"job\", new()\n {\n JobId = \"job_load\",\n Labels = \n {\n { \"my_job\", \"load\" },\n },\n Load = new Gcp.BigQuery.Inputs.JobLoadArgs\n {\n SourceUris = new[]\n {\n Output.Tuple(testBucketObject.Bucket, testBucketObject.Name).Apply(values =\u003e\n {\n var bucket = values.Item1;\n var name = values.Item2;\n return $\"gs://{bucket}/{name}\";\n }),\n },\n DestinationTable = new Gcp.BigQuery.Inputs.JobLoadDestinationTableArgs\n {\n ProjectId = testTable.Project,\n DatasetId = testTable.DatasetId,\n TableId = testTable.TableId,\n },\n SchemaUpdateOptions = new[]\n {\n \"ALLOW_FIELD_RELAXATION\",\n \"ALLOW_FIELD_ADDITION\",\n },\n WriteDisposition = \"WRITE_APPEND\",\n SourceFormat = \"PARQUET\",\n Autodetect = true,\n ParquetOptions = new Gcp.BigQuery.Inputs.JobLoadParquetOptionsArgs\n {\n EnumAsString = true,\n EnableListInference = true,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := storage.NewBucket(ctx, \"test\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"job_load_bucket\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestBucketObject, err := storage.NewBucketObject(ctx, \"test\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"job_load_bucket_object\"),\n\t\t\tSource: pulumi.NewFileAsset(\"./test-fixtures/test.parquet.gzip\"),\n\t\t\tBucket: test.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestDataset, err := bigquery.NewDataset(ctx, \"test\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"job_load_dataset\"),\n\t\t\tFriendlyName: pulumi.String(\"test\"),\n\t\t\tDescription: pulumi.String(\"This is a test description\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestTable, err := bigquery.NewTable(ctx, \"test\", \u0026bigquery.TableArgs{\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tTableId: pulumi.String(\"job_load_table\"),\n\t\t\tDatasetId: testDataset.DatasetId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewJob(ctx, \"job\", \u0026bigquery.JobArgs{\n\t\t\tJobId: pulumi.String(\"job_load\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"my_job\": pulumi.String(\"load\"),\n\t\t\t},\n\t\t\tLoad: \u0026bigquery.JobLoadArgs{\n\t\t\t\tSourceUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.All(testBucketObject.Bucket, testBucketObject.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\tbucket := _args[0].(string)\n\t\t\t\t\t\tname := _args[1].(string)\n\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/%v\", bucket, name), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t},\n\t\t\t\tDestinationTable: \u0026bigquery.JobLoadDestinationTableArgs{\n\t\t\t\t\tProjectId: testTable.Project,\n\t\t\t\t\tDatasetId: testTable.DatasetId,\n\t\t\t\t\tTableId: testTable.TableId,\n\t\t\t\t},\n\t\t\t\tSchemaUpdateOptions: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"ALLOW_FIELD_RELAXATION\"),\n\t\t\t\t\tpulumi.String(\"ALLOW_FIELD_ADDITION\"),\n\t\t\t\t},\n\t\t\t\tWriteDisposition: pulumi.String(\"WRITE_APPEND\"),\n\t\t\t\tSourceFormat: pulumi.String(\"PARQUET\"),\n\t\t\t\tAutodetect: pulumi.Bool(true),\n\t\t\t\tParquetOptions: \u0026bigquery.JobLoadParquetOptionsArgs{\n\t\t\t\t\tEnumAsString: pulumi.Bool(true),\n\t\t\t\t\tEnableListInference: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Table;\nimport com.pulumi.gcp.bigquery.TableArgs;\nimport com.pulumi.gcp.bigquery.Job;\nimport com.pulumi.gcp.bigquery.JobArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobLoadArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobLoadDestinationTableArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobLoadParquetOptionsArgs;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Bucket(\"test\", BucketArgs.builder()\n .name(\"job_load_bucket\")\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var testBucketObject = new BucketObject(\"testBucketObject\", BucketObjectArgs.builder()\n .name(\"job_load_bucket_object\")\n .source(new FileAsset(\"./test-fixtures/test.parquet.gzip\"))\n .bucket(test.name())\n .build());\n\n var testDataset = new Dataset(\"testDataset\", DatasetArgs.builder()\n .datasetId(\"job_load_dataset\")\n .friendlyName(\"test\")\n .description(\"This is a test description\")\n .location(\"US\")\n .build());\n\n var testTable = new Table(\"testTable\", TableArgs.builder()\n .deletionProtection(false)\n .tableId(\"job_load_table\")\n .datasetId(testDataset.datasetId())\n .build());\n\n var job = new Job(\"job\", JobArgs.builder()\n .jobId(\"job_load\")\n .labels(Map.of(\"my_job\", \"load\"))\n .load(JobLoadArgs.builder()\n .sourceUris(Output.tuple(testBucketObject.bucket(), testBucketObject.name()).applyValue(values -\u003e {\n var bucket = values.t1;\n var name = values.t2;\n return String.format(\"gs://%s/%s\", bucket,name);\n }))\n .destinationTable(JobLoadDestinationTableArgs.builder()\n .projectId(testTable.project())\n .datasetId(testTable.datasetId())\n .tableId(testTable.tableId())\n .build())\n .schemaUpdateOptions( \n \"ALLOW_FIELD_RELAXATION\",\n \"ALLOW_FIELD_ADDITION\")\n .writeDisposition(\"WRITE_APPEND\")\n .sourceFormat(\"PARQUET\")\n .autodetect(true)\n .parquetOptions(JobLoadParquetOptionsArgs.builder()\n .enumAsString(true)\n .enableListInference(true)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: gcp:storage:Bucket\n properties:\n name: job_load_bucket\n location: US\n uniformBucketLevelAccess: true\n testBucketObject:\n type: gcp:storage:BucketObject\n name: test\n properties:\n name: job_load_bucket_object\n source:\n fn::FileAsset: ./test-fixtures/test.parquet.gzip\n bucket: ${test.name}\n testDataset:\n type: gcp:bigquery:Dataset\n name: test\n properties:\n datasetId: job_load_dataset\n friendlyName: test\n description: This is a test description\n location: US\n testTable:\n type: gcp:bigquery:Table\n name: test\n properties:\n deletionProtection: false\n tableId: job_load_table\n datasetId: ${testDataset.datasetId}\n job:\n type: gcp:bigquery:Job\n properties:\n jobId: job_load\n labels:\n my_job: load\n load:\n sourceUris:\n - gs://${testBucketObject.bucket}/${testBucketObject.name}\n destinationTable:\n projectId: ${testTable.project}\n datasetId: ${testTable.datasetId}\n tableId: ${testTable.tableId}\n schemaUpdateOptions:\n - ALLOW_FIELD_RELAXATION\n - ALLOW_FIELD_ADDITION\n writeDisposition: WRITE_APPEND\n sourceFormat: PARQUET\n autodetect: true\n parquetOptions:\n enumAsString: true\n enableListInference: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Job Copy\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst count = 2;\nconst sourceDataset: gcp.bigquery.Dataset[] = [];\nfor (const range = {value: 0}; range.value \u003c count; range.value++) {\n sourceDataset.push(new gcp.bigquery.Dataset(`source-${range.value}`, {\n datasetId: `job_copy_${range.value}_dataset`,\n friendlyName: \"test\",\n description: \"This is a test description\",\n location: \"US\",\n }));\n}\nconst source: gcp.bigquery.Table[] = [];\nfor (const range = {value: 0}; range.value \u003c count; range.value++) {\n source.push(new gcp.bigquery.Table(`source-${range.value}`, {\n datasetId: sourceDataset[range.value].datasetId,\n tableId: `job_copy_${range.value}_table`,\n deletionProtection: false,\n schema: `[\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n]\n`,\n }));\n}\nconst destDataset = new gcp.bigquery.Dataset(\"dest\", {\n datasetId: \"job_copy_dest_dataset\",\n friendlyName: \"test\",\n description: \"This is a test description\",\n location: \"US\",\n});\nconst keyRing = new gcp.kms.KeyRing(\"key_ring\", {\n name: \"example-keyring\",\n location: \"global\",\n});\nconst cryptoKey = new gcp.kms.CryptoKey(\"crypto_key\", {\n name: \"example-key\",\n keyRing: keyRing.id,\n});\nconst project = gcp.organizations.getProject({\n projectId: \"my-project-name\",\n});\nconst encryptRole = new gcp.kms.CryptoKeyIAMMember(\"encrypt_role\", {\n cryptoKeyId: cryptoKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: project.then(project =\u003e `serviceAccount:bq-${project.number}@bigquery-encryption.iam.gserviceaccount.com`),\n});\nconst dest = new gcp.bigquery.Table(\"dest\", {\n deletionProtection: false,\n datasetId: destDataset.datasetId,\n tableId: \"job_copy_dest_table\",\n schema: `[\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n]\n`,\n encryptionConfiguration: {\n kmsKeyName: cryptoKey.id,\n },\n}, {\n dependsOn: [encryptRole],\n});\nconst job = new gcp.bigquery.Job(\"job\", {\n jobId: \"job_copy\",\n copy: {\n sourceTables: [\n {\n projectId: source[0].project,\n datasetId: source[0].datasetId,\n tableId: source[0].tableId,\n },\n {\n projectId: source[1].project,\n datasetId: source[1].datasetId,\n tableId: source[1].tableId,\n },\n ],\n destinationTable: {\n projectId: dest.project,\n datasetId: dest.datasetId,\n tableId: dest.tableId,\n },\n destinationEncryptionConfiguration: {\n kmsKeyName: cryptoKey.id,\n },\n },\n}, {\n dependsOn: [encryptRole],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncount = 2\nsource_dataset = []\nfor range in [{\"value\": i} for i in range(0, count)]:\n source_dataset.append(gcp.bigquery.Dataset(f\"source-{range['value']}\",\n dataset_id=f\"job_copy_{range['value']}_dataset\",\n friendly_name=\"test\",\n description=\"This is a test description\",\n location=\"US\"))\nsource = []\nfor range in [{\"value\": i} for i in range(0, count)]:\n source.append(gcp.bigquery.Table(f\"source-{range['value']}\",\n dataset_id=source_dataset[range[\"value\"]].dataset_id,\n table_id=f\"job_copy_{range['value']}_table\",\n deletion_protection=False,\n schema=\"\"\"[\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n]\n\"\"\"))\ndest_dataset = gcp.bigquery.Dataset(\"dest\",\n dataset_id=\"job_copy_dest_dataset\",\n friendly_name=\"test\",\n description=\"This is a test description\",\n location=\"US\")\nkey_ring = gcp.kms.KeyRing(\"key_ring\",\n name=\"example-keyring\",\n location=\"global\")\ncrypto_key = gcp.kms.CryptoKey(\"crypto_key\",\n name=\"example-key\",\n key_ring=key_ring.id)\nproject = gcp.organizations.get_project(project_id=\"my-project-name\")\nencrypt_role = gcp.kms.CryptoKeyIAMMember(\"encrypt_role\",\n crypto_key_id=crypto_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:bq-{project.number}@bigquery-encryption.iam.gserviceaccount.com\")\ndest = gcp.bigquery.Table(\"dest\",\n deletion_protection=False,\n dataset_id=dest_dataset.dataset_id,\n table_id=\"job_copy_dest_table\",\n schema=\"\"\"[\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n]\n\"\"\",\n encryption_configuration={\n \"kms_key_name\": crypto_key.id,\n },\n opts = pulumi.ResourceOptions(depends_on=[encrypt_role]))\njob = gcp.bigquery.Job(\"job\",\n job_id=\"job_copy\",\n copy={\n \"source_tables\": [\n {\n \"project_id\": source[0].project,\n \"dataset_id\": source[0].dataset_id,\n \"table_id\": source[0].table_id,\n },\n {\n \"project_id\": source[1].project,\n \"dataset_id\": source[1].dataset_id,\n \"table_id\": source[1].table_id,\n },\n ],\n \"destination_table\": {\n \"project_id\": dest.project,\n \"dataset_id\": dest.dataset_id,\n \"table_id\": dest.table_id,\n },\n \"destination_encryption_configuration\": {\n \"kms_key_name\": crypto_key.id,\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[encrypt_role]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var count = 2;\n\n var sourceDataset = new List\u003cGcp.BigQuery.Dataset\u003e();\n for (var rangeIndex = 0; rangeIndex \u003c count; rangeIndex++)\n {\n var range = new { Value = rangeIndex };\n sourceDataset.Add(new Gcp.BigQuery.Dataset($\"source-{range.Value}\", new()\n {\n DatasetId = $\"job_copy_{range.Value}_dataset\",\n FriendlyName = \"test\",\n Description = \"This is a test description\",\n Location = \"US\",\n }));\n }\n var source = new List\u003cGcp.BigQuery.Table\u003e();\n for (var rangeIndex = 0; rangeIndex \u003c count; rangeIndex++)\n {\n var range = new { Value = rangeIndex };\n source.Add(new Gcp.BigQuery.Table($\"source-{range.Value}\", new()\n {\n DatasetId = sourceDataset[range.Value].DatasetId,\n TableId = $\"job_copy_{range.Value}_table\",\n DeletionProtection = false,\n Schema = @\"[\n {\n \"\"name\"\": \"\"name\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"mode\"\": \"\"NULLABLE\"\"\n },\n {\n \"\"name\"\": \"\"post_abbr\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"mode\"\": \"\"NULLABLE\"\"\n },\n {\n \"\"name\"\": \"\"date\"\",\n \"\"type\"\": \"\"DATE\"\",\n \"\"mode\"\": \"\"NULLABLE\"\"\n }\n]\n\",\n }));\n }\n var destDataset = new Gcp.BigQuery.Dataset(\"dest\", new()\n {\n DatasetId = \"job_copy_dest_dataset\",\n FriendlyName = \"test\",\n Description = \"This is a test description\",\n Location = \"US\",\n });\n\n var keyRing = new Gcp.Kms.KeyRing(\"key_ring\", new()\n {\n Name = \"example-keyring\",\n Location = \"global\",\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKey(\"crypto_key\", new()\n {\n Name = \"example-key\",\n KeyRing = keyRing.Id,\n });\n\n var project = Gcp.Organizations.GetProject.Invoke(new()\n {\n ProjectId = \"my-project-name\",\n });\n\n var encryptRole = new Gcp.Kms.CryptoKeyIAMMember(\"encrypt_role\", new()\n {\n CryptoKeyId = cryptoKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:bq-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@bigquery-encryption.iam.gserviceaccount.com\",\n });\n\n var dest = new Gcp.BigQuery.Table(\"dest\", new()\n {\n DeletionProtection = false,\n DatasetId = destDataset.DatasetId,\n TableId = \"job_copy_dest_table\",\n Schema = @\"[\n {\n \"\"name\"\": \"\"name\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"mode\"\": \"\"NULLABLE\"\"\n },\n {\n \"\"name\"\": \"\"post_abbr\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"mode\"\": \"\"NULLABLE\"\"\n },\n {\n \"\"name\"\": \"\"date\"\",\n \"\"type\"\": \"\"DATE\"\",\n \"\"mode\"\": \"\"NULLABLE\"\"\n }\n]\n\",\n EncryptionConfiguration = new Gcp.BigQuery.Inputs.TableEncryptionConfigurationArgs\n {\n KmsKeyName = cryptoKey.Id,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n encryptRole,\n },\n });\n\n var job = new Gcp.BigQuery.Job(\"job\", new()\n {\n JobId = \"job_copy\",\n Copy = new Gcp.BigQuery.Inputs.JobCopyArgs\n {\n SourceTables = new[]\n {\n new Gcp.BigQuery.Inputs.JobCopySourceTableArgs\n {\n ProjectId = source[0].Project,\n DatasetId = source[0].DatasetId,\n TableId = source[0].TableId,\n },\n new Gcp.BigQuery.Inputs.JobCopySourceTableArgs\n {\n ProjectId = source[1].Project,\n DatasetId = source[1].DatasetId,\n TableId = source[1].TableId,\n },\n },\n DestinationTable = new Gcp.BigQuery.Inputs.JobCopyDestinationTableArgs\n {\n ProjectId = dest.Project,\n DatasetId = dest.DatasetId,\n TableId = dest.TableId,\n },\n DestinationEncryptionConfiguration = new Gcp.BigQuery.Inputs.JobCopyDestinationEncryptionConfigurationArgs\n {\n KmsKeyName = cryptoKey.Id,\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n encryptRole,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcount := 2\n\t\tvar sourceDataset []*bigquery.Dataset\n\t\tfor index := 0; index \u003c count; index++ {\n\t\t\tkey0 := index\n\t\t\tval0 := index\n\t\t\t__res, err := bigquery.NewDataset(ctx, fmt.Sprintf(\"source-%v\", key0), \u0026bigquery.DatasetArgs{\n\t\t\t\tDatasetId: pulumi.Sprintf(\"job_copy_%v_dataset\", val0),\n\t\t\t\tFriendlyName: pulumi.String(\"test\"),\n\t\t\t\tDescription: pulumi.String(\"This is a test description\"),\n\t\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\t})\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\tsourceDataset = append(sourceDataset, __res)\n\t\t}\n\t\tvar source []*bigquery.Table\n\t\tfor index := 0; index \u003c count; index++ {\n\t\t\tkey0 := index\n\t\t\tval0 := index\n\t\t\t__res, err := bigquery.NewTable(ctx, fmt.Sprintf(\"source-%v\", key0), \u0026bigquery.TableArgs{\n\t\t\t\tDatasetId: sourceDataset[val0].DatasetId,\n\t\t\t\tTableId: pulumi.Sprintf(\"job_copy_%v_table\", val0),\n\t\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\t\tSchema: pulumi.String(`[\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n]\n`),\n\t\t\t})\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\tsource = append(source, __res)\n\t\t}\n\t\tdestDataset, err := bigquery.NewDataset(ctx, \"dest\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"job_copy_dest_dataset\"),\n\t\t\tFriendlyName: pulumi.String(\"test\"),\n\t\t\tDescription: pulumi.String(\"This is a test description\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkeyRing, err := kms.NewKeyRing(ctx, \"key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"example-keyring\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKey(ctx, \"crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"example-key\"),\n\t\t\tKeyRing: keyRing.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{\n\t\t\tProjectId: pulumi.StringRef(\"my-project-name\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tencryptRole, err := kms.NewCryptoKeyIAMMember(ctx, \"encrypt_role\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: cryptoKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:bq-%v@bigquery-encryption.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdest, err := bigquery.NewTable(ctx, \"dest\", \u0026bigquery.TableArgs{\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tDatasetId: destDataset.DatasetId,\n\t\t\tTableId: pulumi.String(\"job_copy_dest_table\"),\n\t\t\tSchema: pulumi.String(`[\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n]\n`),\n\t\t\tEncryptionConfiguration: \u0026bigquery.TableEncryptionConfigurationArgs{\n\t\t\t\tKmsKeyName: cryptoKey.ID(),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tencryptRole,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewJob(ctx, \"job\", \u0026bigquery.JobArgs{\n\t\t\tJobId: pulumi.String(\"job_copy\"),\n\t\t\tCopy: \u0026bigquery.JobCopyArgs{\n\t\t\t\tSourceTables: bigquery.JobCopySourceTableArray{\n\t\t\t\t\t\u0026bigquery.JobCopySourceTableArgs{\n\t\t\t\t\t\tProjectId: source[0].Project,\n\t\t\t\t\t\tDatasetId: source[0].DatasetId,\n\t\t\t\t\t\tTableId: source[0].TableId,\n\t\t\t\t\t},\n\t\t\t\t\t\u0026bigquery.JobCopySourceTableArgs{\n\t\t\t\t\t\tProjectId: source[1].Project,\n\t\t\t\t\t\tDatasetId: source[1].DatasetId,\n\t\t\t\t\t\tTableId: source[1].TableId,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tDestinationTable: \u0026bigquery.JobCopyDestinationTableArgs{\n\t\t\t\t\tProjectId: dest.Project,\n\t\t\t\t\tDatasetId: dest.DatasetId,\n\t\t\t\t\tTableId: dest.TableId,\n\t\t\t\t},\n\t\t\t\tDestinationEncryptionConfiguration: \u0026bigquery.JobCopyDestinationEncryptionConfigurationArgs{\n\t\t\t\t\tKmsKeyName: cryptoKey.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tencryptRole,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Table;\nimport com.pulumi.gcp.bigquery.TableArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.bigquery.inputs.TableEncryptionConfigurationArgs;\nimport com.pulumi.gcp.bigquery.Job;\nimport com.pulumi.gcp.bigquery.JobArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobCopyArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobCopyDestinationTableArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobCopyDestinationEncryptionConfigurationArgs;\nimport com.pulumi.codegen.internal.KeyedValue;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var count = 2;\n\n for (var i = 0; i \u003c count; i++) {\n new Dataset(\"sourceDataset-\" + i, DatasetArgs.builder()\n .datasetId(String.format(\"job_copy_%s_dataset\", range.value()))\n .friendlyName(\"test\")\n .description(\"This is a test description\")\n .location(\"US\")\n .build());\n\n \n}\n for (var i = 0; i \u003c count; i++) {\n new Table(\"source-\" + i, TableArgs.builder()\n .datasetId(sourceDataset[range.value()].datasetId())\n .tableId(String.format(\"job_copy_%s_table\", range.value()))\n .deletionProtection(false)\n .schema(\"\"\"\n[\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n]\n \"\"\")\n .build());\n\n \n}\n var destDataset = new Dataset(\"destDataset\", DatasetArgs.builder()\n .datasetId(\"job_copy_dest_dataset\")\n .friendlyName(\"test\")\n .description(\"This is a test description\")\n .location(\"US\")\n .build());\n\n var keyRing = new KeyRing(\"keyRing\", KeyRingArgs.builder()\n .name(\"example-keyring\")\n .location(\"global\")\n .build());\n\n var cryptoKey = new CryptoKey(\"cryptoKey\", CryptoKeyArgs.builder()\n .name(\"example-key\")\n .keyRing(keyRing.id())\n .build());\n\n final var project = OrganizationsFunctions.getProject(GetProjectArgs.builder()\n .projectId(\"my-project-name\")\n .build());\n\n var encryptRole = new CryptoKeyIAMMember(\"encryptRole\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(cryptoKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:bq-%s@bigquery-encryption.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var dest = new Table(\"dest\", TableArgs.builder()\n .deletionProtection(false)\n .datasetId(destDataset.datasetId())\n .tableId(\"job_copy_dest_table\")\n .schema(\"\"\"\n[\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n]\n \"\"\")\n .encryptionConfiguration(TableEncryptionConfigurationArgs.builder()\n .kmsKeyName(cryptoKey.id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(encryptRole)\n .build());\n\n var job = new Job(\"job\", JobArgs.builder()\n .jobId(\"job_copy\")\n .copy(JobCopyArgs.builder()\n .sourceTables( \n JobCopySourceTableArgs.builder()\n .projectId(source[0].project())\n .datasetId(source[0].datasetId())\n .tableId(source[0].tableId())\n .build(),\n JobCopySourceTableArgs.builder()\n .projectId(source[1].project())\n .datasetId(source[1].datasetId())\n .tableId(source[1].tableId())\n .build())\n .destinationTable(JobCopyDestinationTableArgs.builder()\n .projectId(dest.project())\n .datasetId(dest.datasetId())\n .tableId(dest.tableId())\n .build())\n .destinationEncryptionConfiguration(JobCopyDestinationEncryptionConfigurationArgs.builder()\n .kmsKeyName(cryptoKey.id())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(encryptRole)\n .build());\n\n }\n}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Job Extract\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst source_oneDataset = new gcp.bigquery.Dataset(\"source-one\", {\n datasetId: \"job_extract_dataset\",\n friendlyName: \"test\",\n description: \"This is a test description\",\n location: \"US\",\n});\nconst source_one = new gcp.bigquery.Table(\"source-one\", {\n deletionProtection: false,\n datasetId: source_oneDataset.datasetId,\n tableId: \"job_extract_table\",\n schema: `[\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n]\n`,\n});\nconst dest = new gcp.storage.Bucket(\"dest\", {\n name: \"job_extract_bucket\",\n location: \"US\",\n forceDestroy: true,\n});\nconst job = new gcp.bigquery.Job(\"job\", {\n jobId: \"job_extract\",\n extract: {\n destinationUris: [pulumi.interpolate`${dest.url}/extract`],\n sourceTable: {\n projectId: source_one.project,\n datasetId: source_one.datasetId,\n tableId: source_one.tableId,\n },\n destinationFormat: \"NEWLINE_DELIMITED_JSON\",\n compression: \"GZIP\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsource_one_dataset = gcp.bigquery.Dataset(\"source-one\",\n dataset_id=\"job_extract_dataset\",\n friendly_name=\"test\",\n description=\"This is a test description\",\n location=\"US\")\nsource_one = gcp.bigquery.Table(\"source-one\",\n deletion_protection=False,\n dataset_id=source_one_dataset.dataset_id,\n table_id=\"job_extract_table\",\n schema=\"\"\"[\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n]\n\"\"\")\ndest = gcp.storage.Bucket(\"dest\",\n name=\"job_extract_bucket\",\n location=\"US\",\n force_destroy=True)\njob = gcp.bigquery.Job(\"job\",\n job_id=\"job_extract\",\n extract={\n \"destination_uris\": [dest.url.apply(lambda url: f\"{url}/extract\")],\n \"source_table\": {\n \"project_id\": source_one.project,\n \"dataset_id\": source_one.dataset_id,\n \"table_id\": source_one.table_id,\n },\n \"destination_format\": \"NEWLINE_DELIMITED_JSON\",\n \"compression\": \"GZIP\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var source_oneDataset = new Gcp.BigQuery.Dataset(\"source-one\", new()\n {\n DatasetId = \"job_extract_dataset\",\n FriendlyName = \"test\",\n Description = \"This is a test description\",\n Location = \"US\",\n });\n\n var source_one = new Gcp.BigQuery.Table(\"source-one\", new()\n {\n DeletionProtection = false,\n DatasetId = source_oneDataset.DatasetId,\n TableId = \"job_extract_table\",\n Schema = @\"[\n {\n \"\"name\"\": \"\"name\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"mode\"\": \"\"NULLABLE\"\"\n },\n {\n \"\"name\"\": \"\"post_abbr\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"mode\"\": \"\"NULLABLE\"\"\n },\n {\n \"\"name\"\": \"\"date\"\",\n \"\"type\"\": \"\"DATE\"\",\n \"\"mode\"\": \"\"NULLABLE\"\"\n }\n]\n\",\n });\n\n var dest = new Gcp.Storage.Bucket(\"dest\", new()\n {\n Name = \"job_extract_bucket\",\n Location = \"US\",\n ForceDestroy = true,\n });\n\n var job = new Gcp.BigQuery.Job(\"job\", new()\n {\n JobId = \"job_extract\",\n Extract = new Gcp.BigQuery.Inputs.JobExtractArgs\n {\n DestinationUris = new[]\n {\n dest.Url.Apply(url =\u003e $\"{url}/extract\"),\n },\n SourceTable = new Gcp.BigQuery.Inputs.JobExtractSourceTableArgs\n {\n ProjectId = source_one.Project,\n DatasetId = source_one.DatasetId,\n TableId = source_one.TableId,\n },\n DestinationFormat = \"NEWLINE_DELIMITED_JSON\",\n Compression = \"GZIP\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewDataset(ctx, \"source-one\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"job_extract_dataset\"),\n\t\t\tFriendlyName: pulumi.String(\"test\"),\n\t\t\tDescription: pulumi.String(\"This is a test description\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewTable(ctx, \"source-one\", \u0026bigquery.TableArgs{\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tDatasetId: source_oneDataset.DatasetId,\n\t\t\tTableId: pulumi.String(\"job_extract_table\"),\n\t\t\tSchema: pulumi.String(`[\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n]\n`),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdest, err := storage.NewBucket(ctx, \"dest\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"job_extract_bucket\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewJob(ctx, \"job\", \u0026bigquery.JobArgs{\n\t\t\tJobId: pulumi.String(\"job_extract\"),\n\t\t\tExtract: \u0026bigquery.JobExtractArgs{\n\t\t\t\tDestinationUris: pulumi.StringArray{\n\t\t\t\t\tdest.Url.ApplyT(func(url string) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"%v/extract\", url), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t},\n\t\t\t\tSourceTable: \u0026bigquery.JobExtractSourceTableArgs{\n\t\t\t\t\tProjectId: source_one.Project,\n\t\t\t\t\tDatasetId: source_one.DatasetId,\n\t\t\t\t\tTableId: source_one.TableId,\n\t\t\t\t},\n\t\t\t\tDestinationFormat: pulumi.String(\"NEWLINE_DELIMITED_JSON\"),\n\t\t\t\tCompression: pulumi.String(\"GZIP\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Table;\nimport com.pulumi.gcp.bigquery.TableArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.bigquery.Job;\nimport com.pulumi.gcp.bigquery.JobArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobExtractArgs;\nimport com.pulumi.gcp.bigquery.inputs.JobExtractSourceTableArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var source_oneDataset = new Dataset(\"source-oneDataset\", DatasetArgs.builder()\n .datasetId(\"job_extract_dataset\")\n .friendlyName(\"test\")\n .description(\"This is a test description\")\n .location(\"US\")\n .build());\n\n var source_one = new Table(\"source-one\", TableArgs.builder()\n .deletionProtection(false)\n .datasetId(source_oneDataset.datasetId())\n .tableId(\"job_extract_table\")\n .schema(\"\"\"\n[\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n]\n \"\"\")\n .build());\n\n var dest = new Bucket(\"dest\", BucketArgs.builder()\n .name(\"job_extract_bucket\")\n .location(\"US\")\n .forceDestroy(true)\n .build());\n\n var job = new Job(\"job\", JobArgs.builder()\n .jobId(\"job_extract\")\n .extract(JobExtractArgs.builder()\n .destinationUris(dest.url().applyValue(url -\u003e String.format(\"%s/extract\", url)))\n .sourceTable(JobExtractSourceTableArgs.builder()\n .projectId(source_one.project())\n .datasetId(source_one.datasetId())\n .tableId(source_one.tableId())\n .build())\n .destinationFormat(\"NEWLINE_DELIMITED_JSON\")\n .compression(\"GZIP\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n source-one:\n type: gcp:bigquery:Table\n properties:\n deletionProtection: false\n datasetId: ${[\"source-oneDataset\"].datasetId}\n tableId: job_extract_table\n schema: |\n [\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n ]\n source-oneDataset:\n type: gcp:bigquery:Dataset\n name: source-one\n properties:\n datasetId: job_extract_dataset\n friendlyName: test\n description: This is a test description\n location: US\n dest:\n type: gcp:storage:Bucket\n properties:\n name: job_extract_bucket\n location: US\n forceDestroy: true\n job:\n type: gcp:bigquery:Job\n properties:\n jobId: job_extract\n extract:\n destinationUris:\n - ${dest.url}/extract\n sourceTable:\n projectId: ${[\"source-one\"].project}\n datasetId: ${[\"source-one\"].datasetId}\n tableId: ${[\"source-one\"].tableId}\n destinationFormat: NEWLINE_DELIMITED_JSON\n compression: GZIP\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nJob can be imported using any of these accepted formats:\n\n* `projects/{{project}}/jobs/{{job_id}}/location/{{location}}`\n\n* `projects/{{project}}/jobs/{{job_id}}`\n\n* `{{project}}/{{job_id}}/{{location}}`\n\n* `{{job_id}}/{{location}}`\n\n* `{{project}}/{{job_id}}`\n\n* `{{job_id}}`\n\nWhen using the `pulumi import` command, Job can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:bigquery/job:Job default projects/{{project}}/jobs/{{job_id}}/location/{{location}}\n```\n\n```sh\n$ pulumi import gcp:bigquery/job:Job default projects/{{project}}/jobs/{{job_id}}\n```\n\n```sh\n$ pulumi import gcp:bigquery/job:Job default {{project}}/{{job_id}}/{{location}}\n```\n\n```sh\n$ pulumi import gcp:bigquery/job:Job default {{job_id}}/{{location}}\n```\n\n```sh\n$ pulumi import gcp:bigquery/job:Job default {{project}}/{{job_id}}\n```\n\n```sh\n$ pulumi import gcp:bigquery/job:Job default {{job_id}}\n```\n\n", "properties": { "copy": { "$ref": "#/types/gcp:bigquery/JobCopy:JobCopy", @@ -142130,7 +142130,7 @@ } }, "gcp:bigquery/routine:Routine": { - "description": "A user-defined function or a stored procedure that belongs to a Dataset\n\n\nTo get more information about Routine, see:\n\n* [API documentation](https://cloud.google.com/bigquery/docs/reference/rest/v2/routines)\n* How-to Guides\n * [Routines Intro](https://cloud.google.com/bigquery/docs/reference/rest/v2/routines)\n\n## Example Usage\n\n### Bigquery Routine Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst test = new gcp.bigquery.Dataset(\"test\", {datasetId: \"dataset_id\"});\nconst sproc = new gcp.bigquery.Routine(\"sproc\", {\n datasetId: test.datasetId,\n routineId: \"routine_id\",\n routineType: \"PROCEDURE\",\n language: \"SQL\",\n definitionBody: \"CREATE FUNCTION Add(x FLOAT64, y FLOAT64) RETURNS FLOAT64 AS (x + y);\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest = gcp.bigquery.Dataset(\"test\", dataset_id=\"dataset_id\")\nsproc = gcp.bigquery.Routine(\"sproc\",\n dataset_id=test.dataset_id,\n routine_id=\"routine_id\",\n routine_type=\"PROCEDURE\",\n language=\"SQL\",\n definition_body=\"CREATE FUNCTION Add(x FLOAT64, y FLOAT64) RETURNS FLOAT64 AS (x + y);\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Gcp.BigQuery.Dataset(\"test\", new()\n {\n DatasetId = \"dataset_id\",\n });\n\n var sproc = new Gcp.BigQuery.Routine(\"sproc\", new()\n {\n DatasetId = test.DatasetId,\n RoutineId = \"routine_id\",\n RoutineType = \"PROCEDURE\",\n Language = \"SQL\",\n DefinitionBody = \"CREATE FUNCTION Add(x FLOAT64, y FLOAT64) RETURNS FLOAT64 AS (x + y);\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := bigquery.NewDataset(ctx, \"test\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"dataset_id\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewRoutine(ctx, \"sproc\", \u0026bigquery.RoutineArgs{\n\t\t\tDatasetId: test.DatasetId,\n\t\t\tRoutineId: pulumi.String(\"routine_id\"),\n\t\t\tRoutineType: pulumi.String(\"PROCEDURE\"),\n\t\t\tLanguage: pulumi.String(\"SQL\"),\n\t\t\tDefinitionBody: pulumi.String(\"CREATE FUNCTION Add(x FLOAT64, y FLOAT64) RETURNS FLOAT64 AS (x + y);\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Routine;\nimport com.pulumi.gcp.bigquery.RoutineArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Dataset(\"test\", DatasetArgs.builder()\n .datasetId(\"dataset_id\")\n .build());\n\n var sproc = new Routine(\"sproc\", RoutineArgs.builder()\n .datasetId(test.datasetId())\n .routineId(\"routine_id\")\n .routineType(\"PROCEDURE\")\n .language(\"SQL\")\n .definitionBody(\"CREATE FUNCTION Add(x FLOAT64, y FLOAT64) RETURNS FLOAT64 AS (x + y);\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: dataset_id\n sproc:\n type: gcp:bigquery:Routine\n properties:\n datasetId: ${test.datasetId}\n routineId: routine_id\n routineType: PROCEDURE\n language: SQL\n definitionBody: CREATE FUNCTION Add(x FLOAT64, y FLOAT64) RETURNS FLOAT64 AS (x + y);\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Routine Json\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst test = new gcp.bigquery.Dataset(\"test\", {datasetId: \"dataset_id\"});\nconst sproc = new gcp.bigquery.Routine(\"sproc\", {\n datasetId: test.datasetId,\n routineId: \"routine_id\",\n routineType: \"SCALAR_FUNCTION\",\n language: \"JAVASCRIPT\",\n definitionBody: \"CREATE FUNCTION multiplyInputs return x*y;\",\n arguments: [\n {\n name: \"x\",\n dataType: \"{\\\"typeKind\\\" : \\\"FLOAT64\\\"}\",\n },\n {\n name: \"y\",\n dataType: \"{\\\"typeKind\\\" : \\\"FLOAT64\\\"}\",\n },\n ],\n returnType: \"{\\\"typeKind\\\" : \\\"FLOAT64\\\"}\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest = gcp.bigquery.Dataset(\"test\", dataset_id=\"dataset_id\")\nsproc = gcp.bigquery.Routine(\"sproc\",\n dataset_id=test.dataset_id,\n routine_id=\"routine_id\",\n routine_type=\"SCALAR_FUNCTION\",\n language=\"JAVASCRIPT\",\n definition_body=\"CREATE FUNCTION multiplyInputs return x*y;\",\n arguments=[\n {\n \"name\": \"x\",\n \"data_type\": \"{\\\"typeKind\\\" : \\\"FLOAT64\\\"}\",\n },\n {\n \"name\": \"y\",\n \"data_type\": \"{\\\"typeKind\\\" : \\\"FLOAT64\\\"}\",\n },\n ],\n return_type=\"{\\\"typeKind\\\" : \\\"FLOAT64\\\"}\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Gcp.BigQuery.Dataset(\"test\", new()\n {\n DatasetId = \"dataset_id\",\n });\n\n var sproc = new Gcp.BigQuery.Routine(\"sproc\", new()\n {\n DatasetId = test.DatasetId,\n RoutineId = \"routine_id\",\n RoutineType = \"SCALAR_FUNCTION\",\n Language = \"JAVASCRIPT\",\n DefinitionBody = \"CREATE FUNCTION multiplyInputs return x*y;\",\n Arguments = new[]\n {\n new Gcp.BigQuery.Inputs.RoutineArgumentArgs\n {\n Name = \"x\",\n DataType = \"{\\\"typeKind\\\" : \\\"FLOAT64\\\"}\",\n },\n new Gcp.BigQuery.Inputs.RoutineArgumentArgs\n {\n Name = \"y\",\n DataType = \"{\\\"typeKind\\\" : \\\"FLOAT64\\\"}\",\n },\n },\n ReturnType = \"{\\\"typeKind\\\" : \\\"FLOAT64\\\"}\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := bigquery.NewDataset(ctx, \"test\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"dataset_id\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewRoutine(ctx, \"sproc\", \u0026bigquery.RoutineArgs{\n\t\t\tDatasetId: test.DatasetId,\n\t\t\tRoutineId: pulumi.String(\"routine_id\"),\n\t\t\tRoutineType: pulumi.String(\"SCALAR_FUNCTION\"),\n\t\t\tLanguage: pulumi.String(\"JAVASCRIPT\"),\n\t\t\tDefinitionBody: pulumi.String(\"CREATE FUNCTION multiplyInputs return x*y;\"),\n\t\t\tArguments: bigquery.RoutineArgumentArray{\n\t\t\t\t\u0026bigquery.RoutineArgumentArgs{\n\t\t\t\t\tName: pulumi.String(\"x\"),\n\t\t\t\t\tDataType: pulumi.String(\"{\\\"typeKind\\\" : \\\"FLOAT64\\\"}\"),\n\t\t\t\t},\n\t\t\t\t\u0026bigquery.RoutineArgumentArgs{\n\t\t\t\t\tName: pulumi.String(\"y\"),\n\t\t\t\t\tDataType: pulumi.String(\"{\\\"typeKind\\\" : \\\"FLOAT64\\\"}\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tReturnType: pulumi.String(\"{\\\"typeKind\\\" : \\\"FLOAT64\\\"}\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Routine;\nimport com.pulumi.gcp.bigquery.RoutineArgs;\nimport com.pulumi.gcp.bigquery.inputs.RoutineArgumentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Dataset(\"test\", DatasetArgs.builder()\n .datasetId(\"dataset_id\")\n .build());\n\n var sproc = new Routine(\"sproc\", RoutineArgs.builder()\n .datasetId(test.datasetId())\n .routineId(\"routine_id\")\n .routineType(\"SCALAR_FUNCTION\")\n .language(\"JAVASCRIPT\")\n .definitionBody(\"CREATE FUNCTION multiplyInputs return x*y;\")\n .arguments( \n RoutineArgumentArgs.builder()\n .name(\"x\")\n .dataType(\"{\\\"typeKind\\\" : \\\"FLOAT64\\\"}\")\n .build(),\n RoutineArgumentArgs.builder()\n .name(\"y\")\n .dataType(\"{\\\"typeKind\\\" : \\\"FLOAT64\\\"}\")\n .build())\n .returnType(\"{\\\"typeKind\\\" : \\\"FLOAT64\\\"}\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: dataset_id\n sproc:\n type: gcp:bigquery:Routine\n properties:\n datasetId: ${test.datasetId}\n routineId: routine_id\n routineType: SCALAR_FUNCTION\n language: JAVASCRIPT\n definitionBody: CREATE FUNCTION multiplyInputs return x*y;\n arguments:\n - name: x\n dataType: '{\"typeKind\" : \"FLOAT64\"}'\n - name: y\n dataType: '{\"typeKind\" : \"FLOAT64\"}'\n returnType: '{\"typeKind\" : \"FLOAT64\"}'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Routine Tvf\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst test = new gcp.bigquery.Dataset(\"test\", {datasetId: \"dataset_id\"});\nconst sproc = new gcp.bigquery.Routine(\"sproc\", {\n datasetId: test.datasetId,\n routineId: \"routine_id\",\n routineType: \"TABLE_VALUED_FUNCTION\",\n language: \"SQL\",\n definitionBody: \"SELECT 1 + value AS value\\n\",\n arguments: [{\n name: \"value\",\n argumentKind: \"FIXED_TYPE\",\n dataType: JSON.stringify({\n typeKind: \"INT64\",\n }),\n }],\n returnTableType: JSON.stringify({\n columns: [{\n name: \"value\",\n type: {\n typeKind: \"INT64\",\n },\n }],\n }),\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_gcp as gcp\n\ntest = gcp.bigquery.Dataset(\"test\", dataset_id=\"dataset_id\")\nsproc = gcp.bigquery.Routine(\"sproc\",\n dataset_id=test.dataset_id,\n routine_id=\"routine_id\",\n routine_type=\"TABLE_VALUED_FUNCTION\",\n language=\"SQL\",\n definition_body=\"SELECT 1 + value AS value\\n\",\n arguments=[{\n \"name\": \"value\",\n \"argument_kind\": \"FIXED_TYPE\",\n \"data_type\": json.dumps({\n \"typeKind\": \"INT64\",\n }),\n }],\n return_table_type=json.dumps({\n \"columns\": [{\n \"name\": \"value\",\n \"type\": {\n \"typeKind\": \"INT64\",\n },\n }],\n }))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Gcp.BigQuery.Dataset(\"test\", new()\n {\n DatasetId = \"dataset_id\",\n });\n\n var sproc = new Gcp.BigQuery.Routine(\"sproc\", new()\n {\n DatasetId = test.DatasetId,\n RoutineId = \"routine_id\",\n RoutineType = \"TABLE_VALUED_FUNCTION\",\n Language = \"SQL\",\n DefinitionBody = @\"SELECT 1 + value AS value\n\",\n Arguments = new[]\n {\n new Gcp.BigQuery.Inputs.RoutineArgumentArgs\n {\n Name = \"value\",\n ArgumentKind = \"FIXED_TYPE\",\n DataType = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"typeKind\"] = \"INT64\",\n }),\n },\n },\n ReturnTableType = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"columns\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"name\"] = \"value\",\n [\"type\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"typeKind\"] = \"INT64\",\n },\n },\n },\n }),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := bigquery.NewDataset(ctx, \"test\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"dataset_id\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"typeKind\": \"INT64\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\ttmpJSON1, err := json.Marshal(map[string]interface{}{\n\t\t\t\"columns\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"name\": \"value\",\n\t\t\t\t\t\"type\": map[string]interface{}{\n\t\t\t\t\t\t\"typeKind\": \"INT64\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson1 := string(tmpJSON1)\n\t\t_, err = bigquery.NewRoutine(ctx, \"sproc\", \u0026bigquery.RoutineArgs{\n\t\t\tDatasetId: test.DatasetId,\n\t\t\tRoutineId: pulumi.String(\"routine_id\"),\n\t\t\tRoutineType: pulumi.String(\"TABLE_VALUED_FUNCTION\"),\n\t\t\tLanguage: pulumi.String(\"SQL\"),\n\t\t\tDefinitionBody: pulumi.String(\"SELECT 1 + value AS value\\n\"),\n\t\t\tArguments: bigquery.RoutineArgumentArray{\n\t\t\t\t\u0026bigquery.RoutineArgumentArgs{\n\t\t\t\t\tName: pulumi.String(\"value\"),\n\t\t\t\t\tArgumentKind: pulumi.String(\"FIXED_TYPE\"),\n\t\t\t\t\tDataType: pulumi.String(json0),\n\t\t\t\t},\n\t\t\t},\n\t\t\tReturnTableType: pulumi.String(json1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Routine;\nimport com.pulumi.gcp.bigquery.RoutineArgs;\nimport com.pulumi.gcp.bigquery.inputs.RoutineArgumentArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Dataset(\"test\", DatasetArgs.builder()\n .datasetId(\"dataset_id\")\n .build());\n\n var sproc = new Routine(\"sproc\", RoutineArgs.builder()\n .datasetId(test.datasetId())\n .routineId(\"routine_id\")\n .routineType(\"TABLE_VALUED_FUNCTION\")\n .language(\"SQL\")\n .definitionBody(\"\"\"\nSELECT 1 + value AS value\n \"\"\")\n .arguments(RoutineArgumentArgs.builder()\n .name(\"value\")\n .argumentKind(\"FIXED_TYPE\")\n .dataType(serializeJson(\n jsonObject(\n jsonProperty(\"typeKind\", \"INT64\")\n )))\n .build())\n .returnTableType(serializeJson(\n jsonObject(\n jsonProperty(\"columns\", jsonArray(jsonObject(\n jsonProperty(\"name\", \"value\"),\n jsonProperty(\"type\", jsonObject(\n jsonProperty(\"typeKind\", \"INT64\")\n ))\n )))\n )))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: dataset_id\n sproc:\n type: gcp:bigquery:Routine\n properties:\n datasetId: ${test.datasetId}\n routineId: routine_id\n routineType: TABLE_VALUED_FUNCTION\n language: SQL\n definitionBody: |\n SELECT 1 + value AS value\n arguments:\n - name: value\n argumentKind: FIXED_TYPE\n dataType:\n fn::toJSON:\n typeKind: INT64\n returnTableType:\n fn::toJSON:\n columns:\n - name: value\n type:\n typeKind: INT64\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Routine Pyspark\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst test = new gcp.bigquery.Dataset(\"test\", {datasetId: \"dataset_id\"});\nconst testConnection = new gcp.bigquery.Connection(\"test\", {\n connectionId: \"connection_id\",\n location: \"US\",\n spark: {},\n});\nconst pyspark = new gcp.bigquery.Routine(\"pyspark\", {\n datasetId: test.datasetId,\n routineId: \"routine_id\",\n routineType: \"PROCEDURE\",\n language: \"PYTHON\",\n definitionBody: `from pyspark.sql import SparkSession\n\nspark = SparkSession.builder.appName(\"spark-bigquery-demo\").getOrCreate()\n \n# Load data from BigQuery.\nwords = spark.read.format(\"bigquery\") \\\\\n .option(\"table\", \"bigquery-public-data:samples.shakespeare\") \\\\\n .load()\nwords.createOrReplaceTempView(\"words\")\n \n# Perform word count.\nword_count = words.select('word', 'word_count').groupBy('word').sum('word_count').withColumnRenamed(\"sum(word_count)\", \"sum_word_count\")\nword_count.show()\nword_count.printSchema()\n \n# Saving the data to BigQuery\nword_count.write.format(\"bigquery\") \\\\\n .option(\"writeMethod\", \"direct\") \\\\\n .save(\"wordcount_dataset.wordcount_output\")\n`,\n sparkOptions: {\n connection: testConnection.name,\n runtimeVersion: \"2.1\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest = gcp.bigquery.Dataset(\"test\", dataset_id=\"dataset_id\")\ntest_connection = gcp.bigquery.Connection(\"test\",\n connection_id=\"connection_id\",\n location=\"US\",\n spark={})\npyspark = gcp.bigquery.Routine(\"pyspark\",\n dataset_id=test.dataset_id,\n routine_id=\"routine_id\",\n routine_type=\"PROCEDURE\",\n language=\"PYTHON\",\n definition_body=\"\"\"from pyspark.sql import SparkSession\n\nspark = SparkSession.builder.appName(\"spark-bigquery-demo\").getOrCreate()\n \n# Load data from BigQuery.\nwords = spark.read.format(\"bigquery\") \\\n .option(\"table\", \"bigquery-public-data:samples.shakespeare\") \\\n .load()\nwords.createOrReplaceTempView(\"words\")\n \n# Perform word count.\nword_count = words.select('word', 'word_count').groupBy('word').sum('word_count').withColumnRenamed(\"sum(word_count)\", \"sum_word_count\")\nword_count.show()\nword_count.printSchema()\n \n# Saving the data to BigQuery\nword_count.write.format(\"bigquery\") \\\n .option(\"writeMethod\", \"direct\") \\\n .save(\"wordcount_dataset.wordcount_output\")\n\"\"\",\n spark_options={\n \"connection\": test_connection.name,\n \"runtime_version\": \"2.1\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Gcp.BigQuery.Dataset(\"test\", new()\n {\n DatasetId = \"dataset_id\",\n });\n\n var testConnection = new Gcp.BigQuery.Connection(\"test\", new()\n {\n ConnectionId = \"connection_id\",\n Location = \"US\",\n Spark = null,\n });\n\n var pyspark = new Gcp.BigQuery.Routine(\"pyspark\", new()\n {\n DatasetId = test.DatasetId,\n RoutineId = \"routine_id\",\n RoutineType = \"PROCEDURE\",\n Language = \"PYTHON\",\n DefinitionBody = @\"from pyspark.sql import SparkSession\n\nspark = SparkSession.builder.appName(\"\"spark-bigquery-demo\"\").getOrCreate()\n \n# Load data from BigQuery.\nwords = spark.read.format(\"\"bigquery\"\") \\\n .option(\"\"table\"\", \"\"bigquery-public-data:samples.shakespeare\"\") \\\n .load()\nwords.createOrReplaceTempView(\"\"words\"\")\n \n# Perform word count.\nword_count = words.select('word', 'word_count').groupBy('word').sum('word_count').withColumnRenamed(\"\"sum(word_count)\"\", \"\"sum_word_count\"\")\nword_count.show()\nword_count.printSchema()\n \n# Saving the data to BigQuery\nword_count.write.format(\"\"bigquery\"\") \\\n .option(\"\"writeMethod\"\", \"\"direct\"\") \\\n .save(\"\"wordcount_dataset.wordcount_output\"\")\n\",\n SparkOptions = new Gcp.BigQuery.Inputs.RoutineSparkOptionsArgs\n {\n Connection = testConnection.Name,\n RuntimeVersion = \"2.1\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := bigquery.NewDataset(ctx, \"test\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"dataset_id\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestConnection, err := bigquery.NewConnection(ctx, \"test\", \u0026bigquery.ConnectionArgs{\n\t\t\tConnectionId: pulumi.String(\"connection_id\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tSpark: \u0026bigquery.ConnectionSparkArgs{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewRoutine(ctx, \"pyspark\", \u0026bigquery.RoutineArgs{\n\t\t\tDatasetId: test.DatasetId,\n\t\t\tRoutineId: pulumi.String(\"routine_id\"),\n\t\t\tRoutineType: pulumi.String(\"PROCEDURE\"),\n\t\t\tLanguage: pulumi.String(\"PYTHON\"),\n\t\t\tDefinitionBody: pulumi.String(`from pyspark.sql import SparkSession\n\nspark = SparkSession.builder.appName(\"spark-bigquery-demo\").getOrCreate()\n \n# Load data from BigQuery.\nwords = spark.read.format(\"bigquery\") \\\n .option(\"table\", \"bigquery-public-data:samples.shakespeare\") \\\n .load()\nwords.createOrReplaceTempView(\"words\")\n \n# Perform word count.\nword_count = words.select('word', 'word_count').groupBy('word').sum('word_count').withColumnRenamed(\"sum(word_count)\", \"sum_word_count\")\nword_count.show()\nword_count.printSchema()\n \n# Saving the data to BigQuery\nword_count.write.format(\"bigquery\") \\\n .option(\"writeMethod\", \"direct\") \\\n .save(\"wordcount_dataset.wordcount_output\")\n`),\n\t\t\tSparkOptions: \u0026bigquery.RoutineSparkOptionsArgs{\n\t\t\t\tConnection: testConnection.Name,\n\t\t\t\tRuntimeVersion: pulumi.String(\"2.1\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Connection;\nimport com.pulumi.gcp.bigquery.ConnectionArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionSparkArgs;\nimport com.pulumi.gcp.bigquery.Routine;\nimport com.pulumi.gcp.bigquery.RoutineArgs;\nimport com.pulumi.gcp.bigquery.inputs.RoutineSparkOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Dataset(\"test\", DatasetArgs.builder()\n .datasetId(\"dataset_id\")\n .build());\n\n var testConnection = new Connection(\"testConnection\", ConnectionArgs.builder()\n .connectionId(\"connection_id\")\n .location(\"US\")\n .spark()\n .build());\n\n var pyspark = new Routine(\"pyspark\", RoutineArgs.builder()\n .datasetId(test.datasetId())\n .routineId(\"routine_id\")\n .routineType(\"PROCEDURE\")\n .language(\"PYTHON\")\n .definitionBody(\"\"\"\nfrom pyspark.sql import SparkSession\n\nspark = SparkSession.builder.appName(\"spark-bigquery-demo\").getOrCreate()\n \n# Load data from BigQuery.\nwords = spark.read.format(\"bigquery\") \\\n .option(\"table\", \"bigquery-public-data:samples.shakespeare\") \\\n .load()\nwords.createOrReplaceTempView(\"words\")\n \n# Perform word count.\nword_count = words.select('word', 'word_count').groupBy('word').sum('word_count').withColumnRenamed(\"sum(word_count)\", \"sum_word_count\")\nword_count.show()\nword_count.printSchema()\n \n# Saving the data to BigQuery\nword_count.write.format(\"bigquery\") \\\n .option(\"writeMethod\", \"direct\") \\\n .save(\"wordcount_dataset.wordcount_output\")\n \"\"\")\n .sparkOptions(RoutineSparkOptionsArgs.builder()\n .connection(testConnection.name())\n .runtimeVersion(\"2.1\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: dataset_id\n testConnection:\n type: gcp:bigquery:Connection\n name: test\n properties:\n connectionId: connection_id\n location: US\n spark: {}\n pyspark:\n type: gcp:bigquery:Routine\n properties:\n datasetId: ${test.datasetId}\n routineId: routine_id\n routineType: PROCEDURE\n language: PYTHON\n definitionBody: \"from pyspark.sql import SparkSession\\n\\nspark = SparkSession.builder.appName(\\\"spark-bigquery-demo\\\").getOrCreate()\\n \\n# Load data from BigQuery.\\nwords = spark.read.format(\\\"bigquery\\\") \\\\\\n .option(\\\"table\\\", \\\"bigquery-public-data:samples.shakespeare\\\") \\\\\\n .load()\\nwords.createOrReplaceTempView(\\\"words\\\")\\n \\n# Perform word count.\\nword_count = words.select('word', 'word_count').groupBy('word').sum('word_count').withColumnRenamed(\\\"sum(word_count)\\\", \\\"sum_word_count\\\")\\nword_count.show()\\nword_count.printSchema()\\n \\n# Saving the data to BigQuery\\nword_count.write.format(\\\"bigquery\\\") \\\\\\n .option(\\\"writeMethod\\\", \\\"direct\\\") \\\\\\n .save(\\\"wordcount_dataset.wordcount_output\\\")\\n\"\n sparkOptions:\n connection: ${testConnection.name}\n runtimeVersion: '2.1'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Routine Pyspark Mainfile\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst test = new gcp.bigquery.Dataset(\"test\", {datasetId: \"dataset_id\"});\nconst testConnection = new gcp.bigquery.Connection(\"test\", {\n connectionId: \"connection_id\",\n location: \"US\",\n spark: {},\n});\nconst pysparkMainfile = new gcp.bigquery.Routine(\"pyspark_mainfile\", {\n datasetId: test.datasetId,\n routineId: \"routine_id\",\n routineType: \"PROCEDURE\",\n language: \"PYTHON\",\n definitionBody: \"\",\n sparkOptions: {\n connection: testConnection.name,\n runtimeVersion: \"2.1\",\n mainFileUri: \"gs://test-bucket/main.py\",\n pyFileUris: [\"gs://test-bucket/lib.py\"],\n fileUris: [\"gs://test-bucket/distribute_in_executor.json\"],\n archiveUris: [\"gs://test-bucket/distribute_in_executor.tar.gz\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest = gcp.bigquery.Dataset(\"test\", dataset_id=\"dataset_id\")\ntest_connection = gcp.bigquery.Connection(\"test\",\n connection_id=\"connection_id\",\n location=\"US\",\n spark={})\npyspark_mainfile = gcp.bigquery.Routine(\"pyspark_mainfile\",\n dataset_id=test.dataset_id,\n routine_id=\"routine_id\",\n routine_type=\"PROCEDURE\",\n language=\"PYTHON\",\n definition_body=\"\",\n spark_options={\n \"connection\": test_connection.name,\n \"runtime_version\": \"2.1\",\n \"main_file_uri\": \"gs://test-bucket/main.py\",\n \"py_file_uris\": [\"gs://test-bucket/lib.py\"],\n \"file_uris\": [\"gs://test-bucket/distribute_in_executor.json\"],\n \"archive_uris\": [\"gs://test-bucket/distribute_in_executor.tar.gz\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Gcp.BigQuery.Dataset(\"test\", new()\n {\n DatasetId = \"dataset_id\",\n });\n\n var testConnection = new Gcp.BigQuery.Connection(\"test\", new()\n {\n ConnectionId = \"connection_id\",\n Location = \"US\",\n Spark = null,\n });\n\n var pysparkMainfile = new Gcp.BigQuery.Routine(\"pyspark_mainfile\", new()\n {\n DatasetId = test.DatasetId,\n RoutineId = \"routine_id\",\n RoutineType = \"PROCEDURE\",\n Language = \"PYTHON\",\n DefinitionBody = \"\",\n SparkOptions = new Gcp.BigQuery.Inputs.RoutineSparkOptionsArgs\n {\n Connection = testConnection.Name,\n RuntimeVersion = \"2.1\",\n MainFileUri = \"gs://test-bucket/main.py\",\n PyFileUris = new[]\n {\n \"gs://test-bucket/lib.py\",\n },\n FileUris = new[]\n {\n \"gs://test-bucket/distribute_in_executor.json\",\n },\n ArchiveUris = new[]\n {\n \"gs://test-bucket/distribute_in_executor.tar.gz\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := bigquery.NewDataset(ctx, \"test\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"dataset_id\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestConnection, err := bigquery.NewConnection(ctx, \"test\", \u0026bigquery.ConnectionArgs{\n\t\t\tConnectionId: pulumi.String(\"connection_id\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tSpark: \u0026bigquery.ConnectionSparkArgs{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewRoutine(ctx, \"pyspark_mainfile\", \u0026bigquery.RoutineArgs{\n\t\t\tDatasetId: test.DatasetId,\n\t\t\tRoutineId: pulumi.String(\"routine_id\"),\n\t\t\tRoutineType: pulumi.String(\"PROCEDURE\"),\n\t\t\tLanguage: pulumi.String(\"PYTHON\"),\n\t\t\tDefinitionBody: pulumi.String(\"\"),\n\t\t\tSparkOptions: \u0026bigquery.RoutineSparkOptionsArgs{\n\t\t\t\tConnection: testConnection.Name,\n\t\t\t\tRuntimeVersion: pulumi.String(\"2.1\"),\n\t\t\t\tMainFileUri: pulumi.String(\"gs://test-bucket/main.py\"),\n\t\t\t\tPyFileUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"gs://test-bucket/lib.py\"),\n\t\t\t\t},\n\t\t\t\tFileUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"gs://test-bucket/distribute_in_executor.json\"),\n\t\t\t\t},\n\t\t\t\tArchiveUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"gs://test-bucket/distribute_in_executor.tar.gz\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Connection;\nimport com.pulumi.gcp.bigquery.ConnectionArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionSparkArgs;\nimport com.pulumi.gcp.bigquery.Routine;\nimport com.pulumi.gcp.bigquery.RoutineArgs;\nimport com.pulumi.gcp.bigquery.inputs.RoutineSparkOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Dataset(\"test\", DatasetArgs.builder()\n .datasetId(\"dataset_id\")\n .build());\n\n var testConnection = new Connection(\"testConnection\", ConnectionArgs.builder()\n .connectionId(\"connection_id\")\n .location(\"US\")\n .spark()\n .build());\n\n var pysparkMainfile = new Routine(\"pysparkMainfile\", RoutineArgs.builder()\n .datasetId(test.datasetId())\n .routineId(\"routine_id\")\n .routineType(\"PROCEDURE\")\n .language(\"PYTHON\")\n .definitionBody(\"\")\n .sparkOptions(RoutineSparkOptionsArgs.builder()\n .connection(testConnection.name())\n .runtimeVersion(\"2.1\")\n .mainFileUri(\"gs://test-bucket/main.py\")\n .pyFileUris(\"gs://test-bucket/lib.py\")\n .fileUris(\"gs://test-bucket/distribute_in_executor.json\")\n .archiveUris(\"gs://test-bucket/distribute_in_executor.tar.gz\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: dataset_id\n testConnection:\n type: gcp:bigquery:Connection\n name: test\n properties:\n connectionId: connection_id\n location: US\n spark: {}\n pysparkMainfile:\n type: gcp:bigquery:Routine\n name: pyspark_mainfile\n properties:\n datasetId: ${test.datasetId}\n routineId: routine_id\n routineType: PROCEDURE\n language: PYTHON\n definitionBody:\n sparkOptions:\n connection: ${testConnection.name}\n runtimeVersion: '2.1'\n mainFileUri: gs://test-bucket/main.py\n pyFileUris:\n - gs://test-bucket/lib.py\n fileUris:\n - gs://test-bucket/distribute_in_executor.json\n archiveUris:\n - gs://test-bucket/distribute_in_executor.tar.gz\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Routine Spark Jar\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst test = new gcp.bigquery.Dataset(\"test\", {datasetId: \"dataset_id\"});\nconst testConnection = new gcp.bigquery.Connection(\"test\", {\n connectionId: \"connection_id\",\n location: \"US\",\n spark: {},\n});\nconst sparkJar = new gcp.bigquery.Routine(\"spark_jar\", {\n datasetId: test.datasetId,\n routineId: \"routine_id\",\n routineType: \"PROCEDURE\",\n language: \"SCALA\",\n definitionBody: \"\",\n sparkOptions: {\n connection: testConnection.name,\n runtimeVersion: \"2.1\",\n containerImage: \"gcr.io/my-project-id/my-spark-image:latest\",\n mainClass: \"com.google.test.jar.MainClass\",\n jarUris: [\"gs://test-bucket/uberjar_spark_spark3.jar\"],\n properties: {\n \"spark.dataproc.scaling.version\": \"2\",\n \"spark.reducer.fetchMigratedShuffle.enabled\": \"true\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest = gcp.bigquery.Dataset(\"test\", dataset_id=\"dataset_id\")\ntest_connection = gcp.bigquery.Connection(\"test\",\n connection_id=\"connection_id\",\n location=\"US\",\n spark={})\nspark_jar = gcp.bigquery.Routine(\"spark_jar\",\n dataset_id=test.dataset_id,\n routine_id=\"routine_id\",\n routine_type=\"PROCEDURE\",\n language=\"SCALA\",\n definition_body=\"\",\n spark_options={\n \"connection\": test_connection.name,\n \"runtime_version\": \"2.1\",\n \"container_image\": \"gcr.io/my-project-id/my-spark-image:latest\",\n \"main_class\": \"com.google.test.jar.MainClass\",\n \"jar_uris\": [\"gs://test-bucket/uberjar_spark_spark3.jar\"],\n \"properties\": {\n \"spark.dataproc.scaling.version\": \"2\",\n \"spark.reducer.fetchMigratedShuffle.enabled\": \"true\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Gcp.BigQuery.Dataset(\"test\", new()\n {\n DatasetId = \"dataset_id\",\n });\n\n var testConnection = new Gcp.BigQuery.Connection(\"test\", new()\n {\n ConnectionId = \"connection_id\",\n Location = \"US\",\n Spark = null,\n });\n\n var sparkJar = new Gcp.BigQuery.Routine(\"spark_jar\", new()\n {\n DatasetId = test.DatasetId,\n RoutineId = \"routine_id\",\n RoutineType = \"PROCEDURE\",\n Language = \"SCALA\",\n DefinitionBody = \"\",\n SparkOptions = new Gcp.BigQuery.Inputs.RoutineSparkOptionsArgs\n {\n Connection = testConnection.Name,\n RuntimeVersion = \"2.1\",\n ContainerImage = \"gcr.io/my-project-id/my-spark-image:latest\",\n MainClass = \"com.google.test.jar.MainClass\",\n JarUris = new[]\n {\n \"gs://test-bucket/uberjar_spark_spark3.jar\",\n },\n Properties = \n {\n { \"spark.dataproc.scaling.version\", \"2\" },\n { \"spark.reducer.fetchMigratedShuffle.enabled\", \"true\" },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := bigquery.NewDataset(ctx, \"test\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"dataset_id\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestConnection, err := bigquery.NewConnection(ctx, \"test\", \u0026bigquery.ConnectionArgs{\n\t\t\tConnectionId: pulumi.String(\"connection_id\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tSpark: \u0026bigquery.ConnectionSparkArgs{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewRoutine(ctx, \"spark_jar\", \u0026bigquery.RoutineArgs{\n\t\t\tDatasetId: test.DatasetId,\n\t\t\tRoutineId: pulumi.String(\"routine_id\"),\n\t\t\tRoutineType: pulumi.String(\"PROCEDURE\"),\n\t\t\tLanguage: pulumi.String(\"SCALA\"),\n\t\t\tDefinitionBody: pulumi.String(\"\"),\n\t\t\tSparkOptions: \u0026bigquery.RoutineSparkOptionsArgs{\n\t\t\t\tConnection: testConnection.Name,\n\t\t\t\tRuntimeVersion: pulumi.String(\"2.1\"),\n\t\t\t\tContainerImage: pulumi.String(\"gcr.io/my-project-id/my-spark-image:latest\"),\n\t\t\t\tMainClass: pulumi.String(\"com.google.test.jar.MainClass\"),\n\t\t\t\tJarUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"gs://test-bucket/uberjar_spark_spark3.jar\"),\n\t\t\t\t},\n\t\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\t\"spark.dataproc.scaling.version\": pulumi.String(\"2\"),\n\t\t\t\t\t\"spark.reducer.fetchMigratedShuffle.enabled\": pulumi.String(\"true\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Connection;\nimport com.pulumi.gcp.bigquery.ConnectionArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionSparkArgs;\nimport com.pulumi.gcp.bigquery.Routine;\nimport com.pulumi.gcp.bigquery.RoutineArgs;\nimport com.pulumi.gcp.bigquery.inputs.RoutineSparkOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Dataset(\"test\", DatasetArgs.builder()\n .datasetId(\"dataset_id\")\n .build());\n\n var testConnection = new Connection(\"testConnection\", ConnectionArgs.builder()\n .connectionId(\"connection_id\")\n .location(\"US\")\n .spark()\n .build());\n\n var sparkJar = new Routine(\"sparkJar\", RoutineArgs.builder()\n .datasetId(test.datasetId())\n .routineId(\"routine_id\")\n .routineType(\"PROCEDURE\")\n .language(\"SCALA\")\n .definitionBody(\"\")\n .sparkOptions(RoutineSparkOptionsArgs.builder()\n .connection(testConnection.name())\n .runtimeVersion(\"2.1\")\n .containerImage(\"gcr.io/my-project-id/my-spark-image:latest\")\n .mainClass(\"com.google.test.jar.MainClass\")\n .jarUris(\"gs://test-bucket/uberjar_spark_spark3.jar\")\n .properties(Map.ofEntries(\n Map.entry(\"spark.dataproc.scaling.version\", \"2\"),\n Map.entry(\"spark.reducer.fetchMigratedShuffle.enabled\", \"true\")\n ))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: dataset_id\n testConnection:\n type: gcp:bigquery:Connection\n name: test\n properties:\n connectionId: connection_id\n location: US\n spark: {}\n sparkJar:\n type: gcp:bigquery:Routine\n name: spark_jar\n properties:\n datasetId: ${test.datasetId}\n routineId: routine_id\n routineType: PROCEDURE\n language: SCALA\n definitionBody:\n sparkOptions:\n connection: ${testConnection.name}\n runtimeVersion: '2.1'\n containerImage: gcr.io/my-project-id/my-spark-image:latest\n mainClass: com.google.test.jar.MainClass\n jarUris:\n - gs://test-bucket/uberjar_spark_spark3.jar\n properties:\n spark.dataproc.scaling.version: '2'\n spark.reducer.fetchMigratedShuffle.enabled: 'true'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Routine Data Governance Type\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst test = new gcp.bigquery.Dataset(\"test\", {datasetId: \"tf_test_dataset_id_15222\"});\nconst customMaskingRoutine = new gcp.bigquery.Routine(\"custom_masking_routine\", {\n datasetId: test.datasetId,\n routineId: \"custom_masking_routine\",\n routineType: \"SCALAR_FUNCTION\",\n language: \"SQL\",\n dataGovernanceType: \"DATA_MASKING\",\n definitionBody: \"SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')\",\n arguments: [{\n name: \"ssn\",\n dataType: \"{\\\"typeKind\\\" : \\\"STRING\\\"}\",\n }],\n returnType: \"{\\\"typeKind\\\" : \\\"STRING\\\"}\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest = gcp.bigquery.Dataset(\"test\", dataset_id=\"tf_test_dataset_id_15222\")\ncustom_masking_routine = gcp.bigquery.Routine(\"custom_masking_routine\",\n dataset_id=test.dataset_id,\n routine_id=\"custom_masking_routine\",\n routine_type=\"SCALAR_FUNCTION\",\n language=\"SQL\",\n data_governance_type=\"DATA_MASKING\",\n definition_body=\"SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')\",\n arguments=[{\n \"name\": \"ssn\",\n \"data_type\": \"{\\\"typeKind\\\" : \\\"STRING\\\"}\",\n }],\n return_type=\"{\\\"typeKind\\\" : \\\"STRING\\\"}\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Gcp.BigQuery.Dataset(\"test\", new()\n {\n DatasetId = \"tf_test_dataset_id_15222\",\n });\n\n var customMaskingRoutine = new Gcp.BigQuery.Routine(\"custom_masking_routine\", new()\n {\n DatasetId = test.DatasetId,\n RoutineId = \"custom_masking_routine\",\n RoutineType = \"SCALAR_FUNCTION\",\n Language = \"SQL\",\n DataGovernanceType = \"DATA_MASKING\",\n DefinitionBody = \"SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')\",\n Arguments = new[]\n {\n new Gcp.BigQuery.Inputs.RoutineArgumentArgs\n {\n Name = \"ssn\",\n DataType = \"{\\\"typeKind\\\" : \\\"STRING\\\"}\",\n },\n },\n ReturnType = \"{\\\"typeKind\\\" : \\\"STRING\\\"}\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := bigquery.NewDataset(ctx, \"test\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"tf_test_dataset_id_15222\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewRoutine(ctx, \"custom_masking_routine\", \u0026bigquery.RoutineArgs{\n\t\t\tDatasetId: test.DatasetId,\n\t\t\tRoutineId: pulumi.String(\"custom_masking_routine\"),\n\t\t\tRoutineType: pulumi.String(\"SCALAR_FUNCTION\"),\n\t\t\tLanguage: pulumi.String(\"SQL\"),\n\t\t\tDataGovernanceType: pulumi.String(\"DATA_MASKING\"),\n\t\t\tDefinitionBody: pulumi.String(\"SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')\"),\n\t\t\tArguments: bigquery.RoutineArgumentArray{\n\t\t\t\t\u0026bigquery.RoutineArgumentArgs{\n\t\t\t\t\tName: pulumi.String(\"ssn\"),\n\t\t\t\t\tDataType: pulumi.String(\"{\\\"typeKind\\\" : \\\"STRING\\\"}\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tReturnType: pulumi.String(\"{\\\"typeKind\\\" : \\\"STRING\\\"}\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Routine;\nimport com.pulumi.gcp.bigquery.RoutineArgs;\nimport com.pulumi.gcp.bigquery.inputs.RoutineArgumentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Dataset(\"test\", DatasetArgs.builder()\n .datasetId(\"tf_test_dataset_id_15222\")\n .build());\n\n var customMaskingRoutine = new Routine(\"customMaskingRoutine\", RoutineArgs.builder()\n .datasetId(test.datasetId())\n .routineId(\"custom_masking_routine\")\n .routineType(\"SCALAR_FUNCTION\")\n .language(\"SQL\")\n .dataGovernanceType(\"DATA_MASKING\")\n .definitionBody(\"SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')\")\n .arguments(RoutineArgumentArgs.builder()\n .name(\"ssn\")\n .dataType(\"{\\\"typeKind\\\" : \\\"STRING\\\"}\")\n .build())\n .returnType(\"{\\\"typeKind\\\" : \\\"STRING\\\"}\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: tf_test_dataset_id_15222\n customMaskingRoutine:\n type: gcp:bigquery:Routine\n name: custom_masking_routine\n properties:\n datasetId: ${test.datasetId}\n routineId: custom_masking_routine\n routineType: SCALAR_FUNCTION\n language: SQL\n dataGovernanceType: DATA_MASKING\n definitionBody: SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')\n arguments:\n - name: ssn\n dataType: '{\"typeKind\" : \"STRING\"}'\n returnType: '{\"typeKind\" : \"STRING\"}'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Routine Remote Function\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst test = new gcp.bigquery.Dataset(\"test\", {datasetId: \"dataset_id\"});\nconst testConnection = new gcp.bigquery.Connection(\"test\", {\n connectionId: \"connection_id\",\n location: \"US\",\n cloudResource: {},\n});\nconst remoteFunction = new gcp.bigquery.Routine(\"remote_function\", {\n datasetId: test.datasetId,\n routineId: \"routine_id\",\n routineType: \"SCALAR_FUNCTION\",\n definitionBody: \"\",\n returnType: \"{\\\"typeKind\\\" : \\\"STRING\\\"}\",\n remoteFunctionOptions: {\n endpoint: \"https://us-east1-my_gcf_project.cloudfunctions.net/remote_add\",\n connection: testConnection.name,\n maxBatchingRows: \"10\",\n userDefinedContext: {\n z: \"1.5\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest = gcp.bigquery.Dataset(\"test\", dataset_id=\"dataset_id\")\ntest_connection = gcp.bigquery.Connection(\"test\",\n connection_id=\"connection_id\",\n location=\"US\",\n cloud_resource={})\nremote_function = gcp.bigquery.Routine(\"remote_function\",\n dataset_id=test.dataset_id,\n routine_id=\"routine_id\",\n routine_type=\"SCALAR_FUNCTION\",\n definition_body=\"\",\n return_type=\"{\\\"typeKind\\\" : \\\"STRING\\\"}\",\n remote_function_options={\n \"endpoint\": \"https://us-east1-my_gcf_project.cloudfunctions.net/remote_add\",\n \"connection\": test_connection.name,\n \"max_batching_rows\": \"10\",\n \"user_defined_context\": {\n \"z\": \"1.5\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Gcp.BigQuery.Dataset(\"test\", new()\n {\n DatasetId = \"dataset_id\",\n });\n\n var testConnection = new Gcp.BigQuery.Connection(\"test\", new()\n {\n ConnectionId = \"connection_id\",\n Location = \"US\",\n CloudResource = null,\n });\n\n var remoteFunction = new Gcp.BigQuery.Routine(\"remote_function\", new()\n {\n DatasetId = test.DatasetId,\n RoutineId = \"routine_id\",\n RoutineType = \"SCALAR_FUNCTION\",\n DefinitionBody = \"\",\n ReturnType = \"{\\\"typeKind\\\" : \\\"STRING\\\"}\",\n RemoteFunctionOptions = new Gcp.BigQuery.Inputs.RoutineRemoteFunctionOptionsArgs\n {\n Endpoint = \"https://us-east1-my_gcf_project.cloudfunctions.net/remote_add\",\n Connection = testConnection.Name,\n MaxBatchingRows = \"10\",\n UserDefinedContext = \n {\n { \"z\", \"1.5\" },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := bigquery.NewDataset(ctx, \"test\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"dataset_id\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestConnection, err := bigquery.NewConnection(ctx, \"test\", \u0026bigquery.ConnectionArgs{\n\t\t\tConnectionId: pulumi.String(\"connection_id\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tCloudResource: \u0026bigquery.ConnectionCloudResourceArgs{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewRoutine(ctx, \"remote_function\", \u0026bigquery.RoutineArgs{\n\t\t\tDatasetId: test.DatasetId,\n\t\t\tRoutineId: pulumi.String(\"routine_id\"),\n\t\t\tRoutineType: pulumi.String(\"SCALAR_FUNCTION\"),\n\t\t\tDefinitionBody: pulumi.String(\"\"),\n\t\t\tReturnType: pulumi.String(\"{\\\"typeKind\\\" : \\\"STRING\\\"}\"),\n\t\t\tRemoteFunctionOptions: \u0026bigquery.RoutineRemoteFunctionOptionsArgs{\n\t\t\t\tEndpoint: pulumi.String(\"https://us-east1-my_gcf_project.cloudfunctions.net/remote_add\"),\n\t\t\t\tConnection: testConnection.Name,\n\t\t\t\tMaxBatchingRows: pulumi.String(\"10\"),\n\t\t\t\tUserDefinedContext: pulumi.StringMap{\n\t\t\t\t\t\"z\": pulumi.String(\"1.5\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Connection;\nimport com.pulumi.gcp.bigquery.ConnectionArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionCloudResourceArgs;\nimport com.pulumi.gcp.bigquery.Routine;\nimport com.pulumi.gcp.bigquery.RoutineArgs;\nimport com.pulumi.gcp.bigquery.inputs.RoutineRemoteFunctionOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Dataset(\"test\", DatasetArgs.builder()\n .datasetId(\"dataset_id\")\n .build());\n\n var testConnection = new Connection(\"testConnection\", ConnectionArgs.builder()\n .connectionId(\"connection_id\")\n .location(\"US\")\n .cloudResource()\n .build());\n\n var remoteFunction = new Routine(\"remoteFunction\", RoutineArgs.builder()\n .datasetId(test.datasetId())\n .routineId(\"routine_id\")\n .routineType(\"SCALAR_FUNCTION\")\n .definitionBody(\"\")\n .returnType(\"{\\\"typeKind\\\" : \\\"STRING\\\"}\")\n .remoteFunctionOptions(RoutineRemoteFunctionOptionsArgs.builder()\n .endpoint(\"https://us-east1-my_gcf_project.cloudfunctions.net/remote_add\")\n .connection(testConnection.name())\n .maxBatchingRows(\"10\")\n .userDefinedContext(Map.of(\"z\", \"1.5\"))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: dataset_id\n testConnection:\n type: gcp:bigquery:Connection\n name: test\n properties:\n connectionId: connection_id\n location: US\n cloudResource: {}\n remoteFunction:\n type: gcp:bigquery:Routine\n name: remote_function\n properties:\n datasetId: ${test.datasetId}\n routineId: routine_id\n routineType: SCALAR_FUNCTION\n definitionBody:\n returnType: '{\"typeKind\" : \"STRING\"}'\n remoteFunctionOptions:\n endpoint: https://us-east1-my_gcf_project.cloudfunctions.net/remote_add\n connection: ${testConnection.name}\n maxBatchingRows: '10'\n userDefinedContext:\n z: '1.5'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRoutine can be imported using any of these accepted formats:\n\n* `projects/{{project}}/datasets/{{dataset_id}}/routines/{{routine_id}}`\n\n* `{{project}}/{{dataset_id}}/{{routine_id}}`\n\n* `{{dataset_id}}/{{routine_id}}`\n\nWhen using the `pulumi import` command, Routine can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:bigquery/routine:Routine default projects/{{project}}/datasets/{{dataset_id}}/routines/{{routine_id}}\n```\n\n```sh\n$ pulumi import gcp:bigquery/routine:Routine default {{project}}/{{dataset_id}}/{{routine_id}}\n```\n\n```sh\n$ pulumi import gcp:bigquery/routine:Routine default {{dataset_id}}/{{routine_id}}\n```\n\n", + "description": "A user-defined function or a stored procedure that belongs to a Dataset\n\n\nTo get more information about Routine, see:\n\n* [API documentation](https://cloud.google.com/bigquery/docs/reference/rest/v2/routines)\n* How-to Guides\n * [Routines Intro](https://cloud.google.com/bigquery/docs/reference/rest/v2/routines)\n\n## Example Usage\n\n### Bigquery Routine Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst test = new gcp.bigquery.Dataset(\"test\", {datasetId: \"dataset_id\"});\nconst sproc = new gcp.bigquery.Routine(\"sproc\", {\n datasetId: test.datasetId,\n routineId: \"routine_id\",\n routineType: \"PROCEDURE\",\n language: \"SQL\",\n definitionBody: \"CREATE FUNCTION Add(x FLOAT64, y FLOAT64) RETURNS FLOAT64 AS (x + y);\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest = gcp.bigquery.Dataset(\"test\", dataset_id=\"dataset_id\")\nsproc = gcp.bigquery.Routine(\"sproc\",\n dataset_id=test.dataset_id,\n routine_id=\"routine_id\",\n routine_type=\"PROCEDURE\",\n language=\"SQL\",\n definition_body=\"CREATE FUNCTION Add(x FLOAT64, y FLOAT64) RETURNS FLOAT64 AS (x + y);\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Gcp.BigQuery.Dataset(\"test\", new()\n {\n DatasetId = \"dataset_id\",\n });\n\n var sproc = new Gcp.BigQuery.Routine(\"sproc\", new()\n {\n DatasetId = test.DatasetId,\n RoutineId = \"routine_id\",\n RoutineType = \"PROCEDURE\",\n Language = \"SQL\",\n DefinitionBody = \"CREATE FUNCTION Add(x FLOAT64, y FLOAT64) RETURNS FLOAT64 AS (x + y);\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := bigquery.NewDataset(ctx, \"test\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"dataset_id\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewRoutine(ctx, \"sproc\", \u0026bigquery.RoutineArgs{\n\t\t\tDatasetId: test.DatasetId,\n\t\t\tRoutineId: pulumi.String(\"routine_id\"),\n\t\t\tRoutineType: pulumi.String(\"PROCEDURE\"),\n\t\t\tLanguage: pulumi.String(\"SQL\"),\n\t\t\tDefinitionBody: pulumi.String(\"CREATE FUNCTION Add(x FLOAT64, y FLOAT64) RETURNS FLOAT64 AS (x + y);\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Routine;\nimport com.pulumi.gcp.bigquery.RoutineArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Dataset(\"test\", DatasetArgs.builder()\n .datasetId(\"dataset_id\")\n .build());\n\n var sproc = new Routine(\"sproc\", RoutineArgs.builder()\n .datasetId(test.datasetId())\n .routineId(\"routine_id\")\n .routineType(\"PROCEDURE\")\n .language(\"SQL\")\n .definitionBody(\"CREATE FUNCTION Add(x FLOAT64, y FLOAT64) RETURNS FLOAT64 AS (x + y);\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: dataset_id\n sproc:\n type: gcp:bigquery:Routine\n properties:\n datasetId: ${test.datasetId}\n routineId: routine_id\n routineType: PROCEDURE\n language: SQL\n definitionBody: CREATE FUNCTION Add(x FLOAT64, y FLOAT64) RETURNS FLOAT64 AS (x + y);\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Routine Json\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst test = new gcp.bigquery.Dataset(\"test\", {datasetId: \"dataset_id\"});\nconst sproc = new gcp.bigquery.Routine(\"sproc\", {\n datasetId: test.datasetId,\n routineId: \"routine_id\",\n routineType: \"SCALAR_FUNCTION\",\n language: \"JAVASCRIPT\",\n definitionBody: \"CREATE FUNCTION multiplyInputs return x*y;\",\n arguments: [\n {\n name: \"x\",\n dataType: \"{\\\"typeKind\\\" : \\\"FLOAT64\\\"}\",\n },\n {\n name: \"y\",\n dataType: \"{\\\"typeKind\\\" : \\\"FLOAT64\\\"}\",\n },\n ],\n returnType: \"{\\\"typeKind\\\" : \\\"FLOAT64\\\"}\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest = gcp.bigquery.Dataset(\"test\", dataset_id=\"dataset_id\")\nsproc = gcp.bigquery.Routine(\"sproc\",\n dataset_id=test.dataset_id,\n routine_id=\"routine_id\",\n routine_type=\"SCALAR_FUNCTION\",\n language=\"JAVASCRIPT\",\n definition_body=\"CREATE FUNCTION multiplyInputs return x*y;\",\n arguments=[\n {\n \"name\": \"x\",\n \"data_type\": \"{\\\"typeKind\\\" : \\\"FLOAT64\\\"}\",\n },\n {\n \"name\": \"y\",\n \"data_type\": \"{\\\"typeKind\\\" : \\\"FLOAT64\\\"}\",\n },\n ],\n return_type=\"{\\\"typeKind\\\" : \\\"FLOAT64\\\"}\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Gcp.BigQuery.Dataset(\"test\", new()\n {\n DatasetId = \"dataset_id\",\n });\n\n var sproc = new Gcp.BigQuery.Routine(\"sproc\", new()\n {\n DatasetId = test.DatasetId,\n RoutineId = \"routine_id\",\n RoutineType = \"SCALAR_FUNCTION\",\n Language = \"JAVASCRIPT\",\n DefinitionBody = \"CREATE FUNCTION multiplyInputs return x*y;\",\n Arguments = new[]\n {\n new Gcp.BigQuery.Inputs.RoutineArgumentArgs\n {\n Name = \"x\",\n DataType = \"{\\\"typeKind\\\" : \\\"FLOAT64\\\"}\",\n },\n new Gcp.BigQuery.Inputs.RoutineArgumentArgs\n {\n Name = \"y\",\n DataType = \"{\\\"typeKind\\\" : \\\"FLOAT64\\\"}\",\n },\n },\n ReturnType = \"{\\\"typeKind\\\" : \\\"FLOAT64\\\"}\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := bigquery.NewDataset(ctx, \"test\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"dataset_id\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewRoutine(ctx, \"sproc\", \u0026bigquery.RoutineArgs{\n\t\t\tDatasetId: test.DatasetId,\n\t\t\tRoutineId: pulumi.String(\"routine_id\"),\n\t\t\tRoutineType: pulumi.String(\"SCALAR_FUNCTION\"),\n\t\t\tLanguage: pulumi.String(\"JAVASCRIPT\"),\n\t\t\tDefinitionBody: pulumi.String(\"CREATE FUNCTION multiplyInputs return x*y;\"),\n\t\t\tArguments: bigquery.RoutineArgumentArray{\n\t\t\t\t\u0026bigquery.RoutineArgumentArgs{\n\t\t\t\t\tName: pulumi.String(\"x\"),\n\t\t\t\t\tDataType: pulumi.String(\"{\\\"typeKind\\\" : \\\"FLOAT64\\\"}\"),\n\t\t\t\t},\n\t\t\t\t\u0026bigquery.RoutineArgumentArgs{\n\t\t\t\t\tName: pulumi.String(\"y\"),\n\t\t\t\t\tDataType: pulumi.String(\"{\\\"typeKind\\\" : \\\"FLOAT64\\\"}\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tReturnType: pulumi.String(\"{\\\"typeKind\\\" : \\\"FLOAT64\\\"}\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Routine;\nimport com.pulumi.gcp.bigquery.RoutineArgs;\nimport com.pulumi.gcp.bigquery.inputs.RoutineArgumentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Dataset(\"test\", DatasetArgs.builder()\n .datasetId(\"dataset_id\")\n .build());\n\n var sproc = new Routine(\"sproc\", RoutineArgs.builder()\n .datasetId(test.datasetId())\n .routineId(\"routine_id\")\n .routineType(\"SCALAR_FUNCTION\")\n .language(\"JAVASCRIPT\")\n .definitionBody(\"CREATE FUNCTION multiplyInputs return x*y;\")\n .arguments( \n RoutineArgumentArgs.builder()\n .name(\"x\")\n .dataType(\"{\\\"typeKind\\\" : \\\"FLOAT64\\\"}\")\n .build(),\n RoutineArgumentArgs.builder()\n .name(\"y\")\n .dataType(\"{\\\"typeKind\\\" : \\\"FLOAT64\\\"}\")\n .build())\n .returnType(\"{\\\"typeKind\\\" : \\\"FLOAT64\\\"}\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: dataset_id\n sproc:\n type: gcp:bigquery:Routine\n properties:\n datasetId: ${test.datasetId}\n routineId: routine_id\n routineType: SCALAR_FUNCTION\n language: JAVASCRIPT\n definitionBody: CREATE FUNCTION multiplyInputs return x*y;\n arguments:\n - name: x\n dataType: '{\"typeKind\" : \"FLOAT64\"}'\n - name: y\n dataType: '{\"typeKind\" : \"FLOAT64\"}'\n returnType: '{\"typeKind\" : \"FLOAT64\"}'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Routine Tvf\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst test = new gcp.bigquery.Dataset(\"test\", {datasetId: \"dataset_id\"});\nconst sproc = new gcp.bigquery.Routine(\"sproc\", {\n datasetId: test.datasetId,\n routineId: \"routine_id\",\n routineType: \"TABLE_VALUED_FUNCTION\",\n language: \"SQL\",\n definitionBody: \"SELECT 1 + value AS value\\n\",\n arguments: [{\n name: \"value\",\n argumentKind: \"FIXED_TYPE\",\n dataType: JSON.stringify({\n typeKind: \"INT64\",\n }),\n }],\n returnTableType: JSON.stringify({\n columns: [{\n name: \"value\",\n type: {\n typeKind: \"INT64\",\n },\n }],\n }),\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_gcp as gcp\n\ntest = gcp.bigquery.Dataset(\"test\", dataset_id=\"dataset_id\")\nsproc = gcp.bigquery.Routine(\"sproc\",\n dataset_id=test.dataset_id,\n routine_id=\"routine_id\",\n routine_type=\"TABLE_VALUED_FUNCTION\",\n language=\"SQL\",\n definition_body=\"SELECT 1 + value AS value\\n\",\n arguments=[{\n \"name\": \"value\",\n \"argument_kind\": \"FIXED_TYPE\",\n \"data_type\": json.dumps({\n \"typeKind\": \"INT64\",\n }),\n }],\n return_table_type=json.dumps({\n \"columns\": [{\n \"name\": \"value\",\n \"type\": {\n \"typeKind\": \"INT64\",\n },\n }],\n }))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Gcp.BigQuery.Dataset(\"test\", new()\n {\n DatasetId = \"dataset_id\",\n });\n\n var sproc = new Gcp.BigQuery.Routine(\"sproc\", new()\n {\n DatasetId = test.DatasetId,\n RoutineId = \"routine_id\",\n RoutineType = \"TABLE_VALUED_FUNCTION\",\n Language = \"SQL\",\n DefinitionBody = @\"SELECT 1 + value AS value\n\",\n Arguments = new[]\n {\n new Gcp.BigQuery.Inputs.RoutineArgumentArgs\n {\n Name = \"value\",\n ArgumentKind = \"FIXED_TYPE\",\n DataType = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"typeKind\"] = \"INT64\",\n }),\n },\n },\n ReturnTableType = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"columns\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"name\"] = \"value\",\n [\"type\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"typeKind\"] = \"INT64\",\n },\n },\n },\n }),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := bigquery.NewDataset(ctx, \"test\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"dataset_id\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"typeKind\": \"INT64\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\ttmpJSON1, err := json.Marshal(map[string]interface{}{\n\t\t\t\"columns\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"name\": \"value\",\n\t\t\t\t\t\"type\": map[string]interface{}{\n\t\t\t\t\t\t\"typeKind\": \"INT64\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson1 := string(tmpJSON1)\n\t\t_, err = bigquery.NewRoutine(ctx, \"sproc\", \u0026bigquery.RoutineArgs{\n\t\t\tDatasetId: test.DatasetId,\n\t\t\tRoutineId: pulumi.String(\"routine_id\"),\n\t\t\tRoutineType: pulumi.String(\"TABLE_VALUED_FUNCTION\"),\n\t\t\tLanguage: pulumi.String(\"SQL\"),\n\t\t\tDefinitionBody: pulumi.String(\"SELECT 1 + value AS value\\n\"),\n\t\t\tArguments: bigquery.RoutineArgumentArray{\n\t\t\t\t\u0026bigquery.RoutineArgumentArgs{\n\t\t\t\t\tName: pulumi.String(\"value\"),\n\t\t\t\t\tArgumentKind: pulumi.String(\"FIXED_TYPE\"),\n\t\t\t\t\tDataType: pulumi.String(json0),\n\t\t\t\t},\n\t\t\t},\n\t\t\tReturnTableType: pulumi.String(json1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Routine;\nimport com.pulumi.gcp.bigquery.RoutineArgs;\nimport com.pulumi.gcp.bigquery.inputs.RoutineArgumentArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Dataset(\"test\", DatasetArgs.builder()\n .datasetId(\"dataset_id\")\n .build());\n\n var sproc = new Routine(\"sproc\", RoutineArgs.builder()\n .datasetId(test.datasetId())\n .routineId(\"routine_id\")\n .routineType(\"TABLE_VALUED_FUNCTION\")\n .language(\"SQL\")\n .definitionBody(\"\"\"\nSELECT 1 + value AS value\n \"\"\")\n .arguments(RoutineArgumentArgs.builder()\n .name(\"value\")\n .argumentKind(\"FIXED_TYPE\")\n .dataType(serializeJson(\n jsonObject(\n jsonProperty(\"typeKind\", \"INT64\")\n )))\n .build())\n .returnTableType(serializeJson(\n jsonObject(\n jsonProperty(\"columns\", jsonArray(jsonObject(\n jsonProperty(\"name\", \"value\"),\n jsonProperty(\"type\", jsonObject(\n jsonProperty(\"typeKind\", \"INT64\")\n ))\n )))\n )))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: dataset_id\n sproc:\n type: gcp:bigquery:Routine\n properties:\n datasetId: ${test.datasetId}\n routineId: routine_id\n routineType: TABLE_VALUED_FUNCTION\n language: SQL\n definitionBody: |\n SELECT 1 + value AS value\n arguments:\n - name: value\n argumentKind: FIXED_TYPE\n dataType:\n fn::toJSON:\n typeKind: INT64\n returnTableType:\n fn::toJSON:\n columns:\n - name: value\n type:\n typeKind: INT64\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Routine Pyspark\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst test = new gcp.bigquery.Dataset(\"test\", {datasetId: \"dataset_id\"});\nconst testConnection = new gcp.bigquery.Connection(\"test\", {\n connectionId: \"connection_id\",\n location: \"US\",\n spark: {},\n});\nconst pyspark = new gcp.bigquery.Routine(\"pyspark\", {\n datasetId: test.datasetId,\n routineId: \"routine_id\",\n routineType: \"PROCEDURE\",\n language: \"PYTHON\",\n definitionBody: `from pyspark.sql import SparkSession\n\nspark = SparkSession.builder.appName(\"spark-bigquery-demo\").getOrCreate()\n \n# Load data from BigQuery.\nwords = spark.read.format(\"bigquery\") \\\\\n .option(\"table\", \"bigquery-public-data:samples.shakespeare\") \\\\\n .load()\nwords.createOrReplaceTempView(\"words\")\n \n# Perform word count.\nword_count = words.select('word', 'word_count').groupBy('word').sum('word_count').withColumnRenamed(\"sum(word_count)\", \"sum_word_count\")\nword_count.show()\nword_count.printSchema()\n \n# Saving the data to BigQuery\nword_count.write.format(\"bigquery\") \\\\\n .option(\"writeMethod\", \"direct\") \\\\\n .save(\"wordcount_dataset.wordcount_output\")\n`,\n sparkOptions: {\n connection: testConnection.name,\n runtimeVersion: \"2.1\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest = gcp.bigquery.Dataset(\"test\", dataset_id=\"dataset_id\")\ntest_connection = gcp.bigquery.Connection(\"test\",\n connection_id=\"connection_id\",\n location=\"US\",\n spark={})\npyspark = gcp.bigquery.Routine(\"pyspark\",\n dataset_id=test.dataset_id,\n routine_id=\"routine_id\",\n routine_type=\"PROCEDURE\",\n language=\"PYTHON\",\n definition_body=\"\"\"from pyspark.sql import SparkSession\n\nspark = SparkSession.builder.appName(\"spark-bigquery-demo\").getOrCreate()\n \n# Load data from BigQuery.\nwords = spark.read.format(\"bigquery\") \\\n .option(\"table\", \"bigquery-public-data:samples.shakespeare\") \\\n .load()\nwords.createOrReplaceTempView(\"words\")\n \n# Perform word count.\nword_count = words.select('word', 'word_count').groupBy('word').sum('word_count').withColumnRenamed(\"sum(word_count)\", \"sum_word_count\")\nword_count.show()\nword_count.printSchema()\n \n# Saving the data to BigQuery\nword_count.write.format(\"bigquery\") \\\n .option(\"writeMethod\", \"direct\") \\\n .save(\"wordcount_dataset.wordcount_output\")\n\"\"\",\n spark_options={\n \"connection\": test_connection.name,\n \"runtime_version\": \"2.1\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Gcp.BigQuery.Dataset(\"test\", new()\n {\n DatasetId = \"dataset_id\",\n });\n\n var testConnection = new Gcp.BigQuery.Connection(\"test\", new()\n {\n ConnectionId = \"connection_id\",\n Location = \"US\",\n Spark = null,\n });\n\n var pyspark = new Gcp.BigQuery.Routine(\"pyspark\", new()\n {\n DatasetId = test.DatasetId,\n RoutineId = \"routine_id\",\n RoutineType = \"PROCEDURE\",\n Language = \"PYTHON\",\n DefinitionBody = @\"from pyspark.sql import SparkSession\n\nspark = SparkSession.builder.appName(\"\"spark-bigquery-demo\"\").getOrCreate()\n \n# Load data from BigQuery.\nwords = spark.read.format(\"\"bigquery\"\") \\\n .option(\"\"table\"\", \"\"bigquery-public-data:samples.shakespeare\"\") \\\n .load()\nwords.createOrReplaceTempView(\"\"words\"\")\n \n# Perform word count.\nword_count = words.select('word', 'word_count').groupBy('word').sum('word_count').withColumnRenamed(\"\"sum(word_count)\"\", \"\"sum_word_count\"\")\nword_count.show()\nword_count.printSchema()\n \n# Saving the data to BigQuery\nword_count.write.format(\"\"bigquery\"\") \\\n .option(\"\"writeMethod\"\", \"\"direct\"\") \\\n .save(\"\"wordcount_dataset.wordcount_output\"\")\n\",\n SparkOptions = new Gcp.BigQuery.Inputs.RoutineSparkOptionsArgs\n {\n Connection = testConnection.Name,\n RuntimeVersion = \"2.1\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := bigquery.NewDataset(ctx, \"test\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"dataset_id\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestConnection, err := bigquery.NewConnection(ctx, \"test\", \u0026bigquery.ConnectionArgs{\n\t\t\tConnectionId: pulumi.String(\"connection_id\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tSpark: \u0026bigquery.ConnectionSparkArgs{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewRoutine(ctx, \"pyspark\", \u0026bigquery.RoutineArgs{\n\t\t\tDatasetId: test.DatasetId,\n\t\t\tRoutineId: pulumi.String(\"routine_id\"),\n\t\t\tRoutineType: pulumi.String(\"PROCEDURE\"),\n\t\t\tLanguage: pulumi.String(\"PYTHON\"),\n\t\t\tDefinitionBody: pulumi.String(`from pyspark.sql import SparkSession\n\nspark = SparkSession.builder.appName(\"spark-bigquery-demo\").getOrCreate()\n \n# Load data from BigQuery.\nwords = spark.read.format(\"bigquery\") \\\n .option(\"table\", \"bigquery-public-data:samples.shakespeare\") \\\n .load()\nwords.createOrReplaceTempView(\"words\")\n \n# Perform word count.\nword_count = words.select('word', 'word_count').groupBy('word').sum('word_count').withColumnRenamed(\"sum(word_count)\", \"sum_word_count\")\nword_count.show()\nword_count.printSchema()\n \n# Saving the data to BigQuery\nword_count.write.format(\"bigquery\") \\\n .option(\"writeMethod\", \"direct\") \\\n .save(\"wordcount_dataset.wordcount_output\")\n`),\n\t\t\tSparkOptions: \u0026bigquery.RoutineSparkOptionsArgs{\n\t\t\t\tConnection: testConnection.Name,\n\t\t\t\tRuntimeVersion: pulumi.String(\"2.1\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Connection;\nimport com.pulumi.gcp.bigquery.ConnectionArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionSparkArgs;\nimport com.pulumi.gcp.bigquery.Routine;\nimport com.pulumi.gcp.bigquery.RoutineArgs;\nimport com.pulumi.gcp.bigquery.inputs.RoutineSparkOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Dataset(\"test\", DatasetArgs.builder()\n .datasetId(\"dataset_id\")\n .build());\n\n var testConnection = new Connection(\"testConnection\", ConnectionArgs.builder()\n .connectionId(\"connection_id\")\n .location(\"US\")\n .spark()\n .build());\n\n var pyspark = new Routine(\"pyspark\", RoutineArgs.builder()\n .datasetId(test.datasetId())\n .routineId(\"routine_id\")\n .routineType(\"PROCEDURE\")\n .language(\"PYTHON\")\n .definitionBody(\"\"\"\nfrom pyspark.sql import SparkSession\n\nspark = SparkSession.builder.appName(\"spark-bigquery-demo\").getOrCreate()\n \n# Load data from BigQuery.\nwords = spark.read.format(\"bigquery\") \\\n .option(\"table\", \"bigquery-public-data:samples.shakespeare\") \\\n .load()\nwords.createOrReplaceTempView(\"words\")\n \n# Perform word count.\nword_count = words.select('word', 'word_count').groupBy('word').sum('word_count').withColumnRenamed(\"sum(word_count)\", \"sum_word_count\")\nword_count.show()\nword_count.printSchema()\n \n# Saving the data to BigQuery\nword_count.write.format(\"bigquery\") \\\n .option(\"writeMethod\", \"direct\") \\\n .save(\"wordcount_dataset.wordcount_output\")\n \"\"\")\n .sparkOptions(RoutineSparkOptionsArgs.builder()\n .connection(testConnection.name())\n .runtimeVersion(\"2.1\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: dataset_id\n testConnection:\n type: gcp:bigquery:Connection\n name: test\n properties:\n connectionId: connection_id\n location: US\n spark: {}\n pyspark:\n type: gcp:bigquery:Routine\n properties:\n datasetId: ${test.datasetId}\n routineId: routine_id\n routineType: PROCEDURE\n language: PYTHON\n definitionBody: \"from pyspark.sql import SparkSession\\n\\nspark = SparkSession.builder.appName(\\\"spark-bigquery-demo\\\").getOrCreate()\\n \\n# Load data from BigQuery.\\nwords = spark.read.format(\\\"bigquery\\\") \\\\\\n .option(\\\"table\\\", \\\"bigquery-public-data:samples.shakespeare\\\") \\\\\\n .load()\\nwords.createOrReplaceTempView(\\\"words\\\")\\n \\n# Perform word count.\\nword_count = words.select('word', 'word_count').groupBy('word').sum('word_count').withColumnRenamed(\\\"sum(word_count)\\\", \\\"sum_word_count\\\")\\nword_count.show()\\nword_count.printSchema()\\n \\n# Saving the data to BigQuery\\nword_count.write.format(\\\"bigquery\\\") \\\\\\n .option(\\\"writeMethod\\\", \\\"direct\\\") \\\\\\n .save(\\\"wordcount_dataset.wordcount_output\\\")\\n\"\n sparkOptions:\n connection: ${testConnection.name}\n runtimeVersion: '2.1'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Routine Pyspark Mainfile\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst test = new gcp.bigquery.Dataset(\"test\", {datasetId: \"dataset_id\"});\nconst testConnection = new gcp.bigquery.Connection(\"test\", {\n connectionId: \"connection_id\",\n location: \"US\",\n spark: {},\n});\nconst pysparkMainfile = new gcp.bigquery.Routine(\"pyspark_mainfile\", {\n datasetId: test.datasetId,\n routineId: \"routine_id\",\n routineType: \"PROCEDURE\",\n language: \"PYTHON\",\n definitionBody: \"\",\n sparkOptions: {\n connection: testConnection.name,\n runtimeVersion: \"2.1\",\n mainFileUri: \"gs://test-bucket/main.py\",\n pyFileUris: [\"gs://test-bucket/lib.py\"],\n fileUris: [\"gs://test-bucket/distribute_in_executor.json\"],\n archiveUris: [\"gs://test-bucket/distribute_in_executor.tar.gz\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest = gcp.bigquery.Dataset(\"test\", dataset_id=\"dataset_id\")\ntest_connection = gcp.bigquery.Connection(\"test\",\n connection_id=\"connection_id\",\n location=\"US\",\n spark={})\npyspark_mainfile = gcp.bigquery.Routine(\"pyspark_mainfile\",\n dataset_id=test.dataset_id,\n routine_id=\"routine_id\",\n routine_type=\"PROCEDURE\",\n language=\"PYTHON\",\n definition_body=\"\",\n spark_options={\n \"connection\": test_connection.name,\n \"runtime_version\": \"2.1\",\n \"main_file_uri\": \"gs://test-bucket/main.py\",\n \"py_file_uris\": [\"gs://test-bucket/lib.py\"],\n \"file_uris\": [\"gs://test-bucket/distribute_in_executor.json\"],\n \"archive_uris\": [\"gs://test-bucket/distribute_in_executor.tar.gz\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Gcp.BigQuery.Dataset(\"test\", new()\n {\n DatasetId = \"dataset_id\",\n });\n\n var testConnection = new Gcp.BigQuery.Connection(\"test\", new()\n {\n ConnectionId = \"connection_id\",\n Location = \"US\",\n Spark = null,\n });\n\n var pysparkMainfile = new Gcp.BigQuery.Routine(\"pyspark_mainfile\", new()\n {\n DatasetId = test.DatasetId,\n RoutineId = \"routine_id\",\n RoutineType = \"PROCEDURE\",\n Language = \"PYTHON\",\n DefinitionBody = \"\",\n SparkOptions = new Gcp.BigQuery.Inputs.RoutineSparkOptionsArgs\n {\n Connection = testConnection.Name,\n RuntimeVersion = \"2.1\",\n MainFileUri = \"gs://test-bucket/main.py\",\n PyFileUris = new[]\n {\n \"gs://test-bucket/lib.py\",\n },\n FileUris = new[]\n {\n \"gs://test-bucket/distribute_in_executor.json\",\n },\n ArchiveUris = new[]\n {\n \"gs://test-bucket/distribute_in_executor.tar.gz\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := bigquery.NewDataset(ctx, \"test\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"dataset_id\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestConnection, err := bigquery.NewConnection(ctx, \"test\", \u0026bigquery.ConnectionArgs{\n\t\t\tConnectionId: pulumi.String(\"connection_id\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tSpark: \u0026bigquery.ConnectionSparkArgs{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewRoutine(ctx, \"pyspark_mainfile\", \u0026bigquery.RoutineArgs{\n\t\t\tDatasetId: test.DatasetId,\n\t\t\tRoutineId: pulumi.String(\"routine_id\"),\n\t\t\tRoutineType: pulumi.String(\"PROCEDURE\"),\n\t\t\tLanguage: pulumi.String(\"PYTHON\"),\n\t\t\tDefinitionBody: pulumi.String(\"\"),\n\t\t\tSparkOptions: \u0026bigquery.RoutineSparkOptionsArgs{\n\t\t\t\tConnection: testConnection.Name,\n\t\t\t\tRuntimeVersion: pulumi.String(\"2.1\"),\n\t\t\t\tMainFileUri: pulumi.String(\"gs://test-bucket/main.py\"),\n\t\t\t\tPyFileUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"gs://test-bucket/lib.py\"),\n\t\t\t\t},\n\t\t\t\tFileUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"gs://test-bucket/distribute_in_executor.json\"),\n\t\t\t\t},\n\t\t\t\tArchiveUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"gs://test-bucket/distribute_in_executor.tar.gz\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Connection;\nimport com.pulumi.gcp.bigquery.ConnectionArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionSparkArgs;\nimport com.pulumi.gcp.bigquery.Routine;\nimport com.pulumi.gcp.bigquery.RoutineArgs;\nimport com.pulumi.gcp.bigquery.inputs.RoutineSparkOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Dataset(\"test\", DatasetArgs.builder()\n .datasetId(\"dataset_id\")\n .build());\n\n var testConnection = new Connection(\"testConnection\", ConnectionArgs.builder()\n .connectionId(\"connection_id\")\n .location(\"US\")\n .spark()\n .build());\n\n var pysparkMainfile = new Routine(\"pysparkMainfile\", RoutineArgs.builder()\n .datasetId(test.datasetId())\n .routineId(\"routine_id\")\n .routineType(\"PROCEDURE\")\n .language(\"PYTHON\")\n .definitionBody(\"\")\n .sparkOptions(RoutineSparkOptionsArgs.builder()\n .connection(testConnection.name())\n .runtimeVersion(\"2.1\")\n .mainFileUri(\"gs://test-bucket/main.py\")\n .pyFileUris(\"gs://test-bucket/lib.py\")\n .fileUris(\"gs://test-bucket/distribute_in_executor.json\")\n .archiveUris(\"gs://test-bucket/distribute_in_executor.tar.gz\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: dataset_id\n testConnection:\n type: gcp:bigquery:Connection\n name: test\n properties:\n connectionId: connection_id\n location: US\n spark: {}\n pysparkMainfile:\n type: gcp:bigquery:Routine\n name: pyspark_mainfile\n properties:\n datasetId: ${test.datasetId}\n routineId: routine_id\n routineType: PROCEDURE\n language: PYTHON\n definitionBody: \"\"\n sparkOptions:\n connection: ${testConnection.name}\n runtimeVersion: '2.1'\n mainFileUri: gs://test-bucket/main.py\n pyFileUris:\n - gs://test-bucket/lib.py\n fileUris:\n - gs://test-bucket/distribute_in_executor.json\n archiveUris:\n - gs://test-bucket/distribute_in_executor.tar.gz\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Routine Spark Jar\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst test = new gcp.bigquery.Dataset(\"test\", {datasetId: \"dataset_id\"});\nconst testConnection = new gcp.bigquery.Connection(\"test\", {\n connectionId: \"connection_id\",\n location: \"US\",\n spark: {},\n});\nconst sparkJar = new gcp.bigquery.Routine(\"spark_jar\", {\n datasetId: test.datasetId,\n routineId: \"routine_id\",\n routineType: \"PROCEDURE\",\n language: \"SCALA\",\n definitionBody: \"\",\n sparkOptions: {\n connection: testConnection.name,\n runtimeVersion: \"2.1\",\n containerImage: \"gcr.io/my-project-id/my-spark-image:latest\",\n mainClass: \"com.google.test.jar.MainClass\",\n jarUris: [\"gs://test-bucket/uberjar_spark_spark3.jar\"],\n properties: {\n \"spark.dataproc.scaling.version\": \"2\",\n \"spark.reducer.fetchMigratedShuffle.enabled\": \"true\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest = gcp.bigquery.Dataset(\"test\", dataset_id=\"dataset_id\")\ntest_connection = gcp.bigquery.Connection(\"test\",\n connection_id=\"connection_id\",\n location=\"US\",\n spark={})\nspark_jar = gcp.bigquery.Routine(\"spark_jar\",\n dataset_id=test.dataset_id,\n routine_id=\"routine_id\",\n routine_type=\"PROCEDURE\",\n language=\"SCALA\",\n definition_body=\"\",\n spark_options={\n \"connection\": test_connection.name,\n \"runtime_version\": \"2.1\",\n \"container_image\": \"gcr.io/my-project-id/my-spark-image:latest\",\n \"main_class\": \"com.google.test.jar.MainClass\",\n \"jar_uris\": [\"gs://test-bucket/uberjar_spark_spark3.jar\"],\n \"properties\": {\n \"spark.dataproc.scaling.version\": \"2\",\n \"spark.reducer.fetchMigratedShuffle.enabled\": \"true\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Gcp.BigQuery.Dataset(\"test\", new()\n {\n DatasetId = \"dataset_id\",\n });\n\n var testConnection = new Gcp.BigQuery.Connection(\"test\", new()\n {\n ConnectionId = \"connection_id\",\n Location = \"US\",\n Spark = null,\n });\n\n var sparkJar = new Gcp.BigQuery.Routine(\"spark_jar\", new()\n {\n DatasetId = test.DatasetId,\n RoutineId = \"routine_id\",\n RoutineType = \"PROCEDURE\",\n Language = \"SCALA\",\n DefinitionBody = \"\",\n SparkOptions = new Gcp.BigQuery.Inputs.RoutineSparkOptionsArgs\n {\n Connection = testConnection.Name,\n RuntimeVersion = \"2.1\",\n ContainerImage = \"gcr.io/my-project-id/my-spark-image:latest\",\n MainClass = \"com.google.test.jar.MainClass\",\n JarUris = new[]\n {\n \"gs://test-bucket/uberjar_spark_spark3.jar\",\n },\n Properties = \n {\n { \"spark.dataproc.scaling.version\", \"2\" },\n { \"spark.reducer.fetchMigratedShuffle.enabled\", \"true\" },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := bigquery.NewDataset(ctx, \"test\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"dataset_id\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestConnection, err := bigquery.NewConnection(ctx, \"test\", \u0026bigquery.ConnectionArgs{\n\t\t\tConnectionId: pulumi.String(\"connection_id\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tSpark: \u0026bigquery.ConnectionSparkArgs{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewRoutine(ctx, \"spark_jar\", \u0026bigquery.RoutineArgs{\n\t\t\tDatasetId: test.DatasetId,\n\t\t\tRoutineId: pulumi.String(\"routine_id\"),\n\t\t\tRoutineType: pulumi.String(\"PROCEDURE\"),\n\t\t\tLanguage: pulumi.String(\"SCALA\"),\n\t\t\tDefinitionBody: pulumi.String(\"\"),\n\t\t\tSparkOptions: \u0026bigquery.RoutineSparkOptionsArgs{\n\t\t\t\tConnection: testConnection.Name,\n\t\t\t\tRuntimeVersion: pulumi.String(\"2.1\"),\n\t\t\t\tContainerImage: pulumi.String(\"gcr.io/my-project-id/my-spark-image:latest\"),\n\t\t\t\tMainClass: pulumi.String(\"com.google.test.jar.MainClass\"),\n\t\t\t\tJarUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"gs://test-bucket/uberjar_spark_spark3.jar\"),\n\t\t\t\t},\n\t\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\t\"spark.dataproc.scaling.version\": pulumi.String(\"2\"),\n\t\t\t\t\t\"spark.reducer.fetchMigratedShuffle.enabled\": pulumi.String(\"true\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Connection;\nimport com.pulumi.gcp.bigquery.ConnectionArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionSparkArgs;\nimport com.pulumi.gcp.bigquery.Routine;\nimport com.pulumi.gcp.bigquery.RoutineArgs;\nimport com.pulumi.gcp.bigquery.inputs.RoutineSparkOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Dataset(\"test\", DatasetArgs.builder()\n .datasetId(\"dataset_id\")\n .build());\n\n var testConnection = new Connection(\"testConnection\", ConnectionArgs.builder()\n .connectionId(\"connection_id\")\n .location(\"US\")\n .spark()\n .build());\n\n var sparkJar = new Routine(\"sparkJar\", RoutineArgs.builder()\n .datasetId(test.datasetId())\n .routineId(\"routine_id\")\n .routineType(\"PROCEDURE\")\n .language(\"SCALA\")\n .definitionBody(\"\")\n .sparkOptions(RoutineSparkOptionsArgs.builder()\n .connection(testConnection.name())\n .runtimeVersion(\"2.1\")\n .containerImage(\"gcr.io/my-project-id/my-spark-image:latest\")\n .mainClass(\"com.google.test.jar.MainClass\")\n .jarUris(\"gs://test-bucket/uberjar_spark_spark3.jar\")\n .properties(Map.ofEntries(\n Map.entry(\"spark.dataproc.scaling.version\", \"2\"),\n Map.entry(\"spark.reducer.fetchMigratedShuffle.enabled\", \"true\")\n ))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: dataset_id\n testConnection:\n type: gcp:bigquery:Connection\n name: test\n properties:\n connectionId: connection_id\n location: US\n spark: {}\n sparkJar:\n type: gcp:bigquery:Routine\n name: spark_jar\n properties:\n datasetId: ${test.datasetId}\n routineId: routine_id\n routineType: PROCEDURE\n language: SCALA\n definitionBody: \"\"\n sparkOptions:\n connection: ${testConnection.name}\n runtimeVersion: '2.1'\n containerImage: gcr.io/my-project-id/my-spark-image:latest\n mainClass: com.google.test.jar.MainClass\n jarUris:\n - gs://test-bucket/uberjar_spark_spark3.jar\n properties:\n spark.dataproc.scaling.version: '2'\n spark.reducer.fetchMigratedShuffle.enabled: 'true'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Routine Data Governance Type\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst test = new gcp.bigquery.Dataset(\"test\", {datasetId: \"tf_test_dataset_id_15222\"});\nconst customMaskingRoutine = new gcp.bigquery.Routine(\"custom_masking_routine\", {\n datasetId: test.datasetId,\n routineId: \"custom_masking_routine\",\n routineType: \"SCALAR_FUNCTION\",\n language: \"SQL\",\n dataGovernanceType: \"DATA_MASKING\",\n definitionBody: \"SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')\",\n arguments: [{\n name: \"ssn\",\n dataType: \"{\\\"typeKind\\\" : \\\"STRING\\\"}\",\n }],\n returnType: \"{\\\"typeKind\\\" : \\\"STRING\\\"}\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest = gcp.bigquery.Dataset(\"test\", dataset_id=\"tf_test_dataset_id_15222\")\ncustom_masking_routine = gcp.bigquery.Routine(\"custom_masking_routine\",\n dataset_id=test.dataset_id,\n routine_id=\"custom_masking_routine\",\n routine_type=\"SCALAR_FUNCTION\",\n language=\"SQL\",\n data_governance_type=\"DATA_MASKING\",\n definition_body=\"SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')\",\n arguments=[{\n \"name\": \"ssn\",\n \"data_type\": \"{\\\"typeKind\\\" : \\\"STRING\\\"}\",\n }],\n return_type=\"{\\\"typeKind\\\" : \\\"STRING\\\"}\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Gcp.BigQuery.Dataset(\"test\", new()\n {\n DatasetId = \"tf_test_dataset_id_15222\",\n });\n\n var customMaskingRoutine = new Gcp.BigQuery.Routine(\"custom_masking_routine\", new()\n {\n DatasetId = test.DatasetId,\n RoutineId = \"custom_masking_routine\",\n RoutineType = \"SCALAR_FUNCTION\",\n Language = \"SQL\",\n DataGovernanceType = \"DATA_MASKING\",\n DefinitionBody = \"SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')\",\n Arguments = new[]\n {\n new Gcp.BigQuery.Inputs.RoutineArgumentArgs\n {\n Name = \"ssn\",\n DataType = \"{\\\"typeKind\\\" : \\\"STRING\\\"}\",\n },\n },\n ReturnType = \"{\\\"typeKind\\\" : \\\"STRING\\\"}\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := bigquery.NewDataset(ctx, \"test\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"tf_test_dataset_id_15222\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewRoutine(ctx, \"custom_masking_routine\", \u0026bigquery.RoutineArgs{\n\t\t\tDatasetId: test.DatasetId,\n\t\t\tRoutineId: pulumi.String(\"custom_masking_routine\"),\n\t\t\tRoutineType: pulumi.String(\"SCALAR_FUNCTION\"),\n\t\t\tLanguage: pulumi.String(\"SQL\"),\n\t\t\tDataGovernanceType: pulumi.String(\"DATA_MASKING\"),\n\t\t\tDefinitionBody: pulumi.String(\"SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')\"),\n\t\t\tArguments: bigquery.RoutineArgumentArray{\n\t\t\t\t\u0026bigquery.RoutineArgumentArgs{\n\t\t\t\t\tName: pulumi.String(\"ssn\"),\n\t\t\t\t\tDataType: pulumi.String(\"{\\\"typeKind\\\" : \\\"STRING\\\"}\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tReturnType: pulumi.String(\"{\\\"typeKind\\\" : \\\"STRING\\\"}\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Routine;\nimport com.pulumi.gcp.bigquery.RoutineArgs;\nimport com.pulumi.gcp.bigquery.inputs.RoutineArgumentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Dataset(\"test\", DatasetArgs.builder()\n .datasetId(\"tf_test_dataset_id_15222\")\n .build());\n\n var customMaskingRoutine = new Routine(\"customMaskingRoutine\", RoutineArgs.builder()\n .datasetId(test.datasetId())\n .routineId(\"custom_masking_routine\")\n .routineType(\"SCALAR_FUNCTION\")\n .language(\"SQL\")\n .dataGovernanceType(\"DATA_MASKING\")\n .definitionBody(\"SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')\")\n .arguments(RoutineArgumentArgs.builder()\n .name(\"ssn\")\n .dataType(\"{\\\"typeKind\\\" : \\\"STRING\\\"}\")\n .build())\n .returnType(\"{\\\"typeKind\\\" : \\\"STRING\\\"}\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: tf_test_dataset_id_15222\n customMaskingRoutine:\n type: gcp:bigquery:Routine\n name: custom_masking_routine\n properties:\n datasetId: ${test.datasetId}\n routineId: custom_masking_routine\n routineType: SCALAR_FUNCTION\n language: SQL\n dataGovernanceType: DATA_MASKING\n definitionBody: SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')\n arguments:\n - name: ssn\n dataType: '{\"typeKind\" : \"STRING\"}'\n returnType: '{\"typeKind\" : \"STRING\"}'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Bigquery Routine Remote Function\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst test = new gcp.bigquery.Dataset(\"test\", {datasetId: \"dataset_id\"});\nconst testConnection = new gcp.bigquery.Connection(\"test\", {\n connectionId: \"connection_id\",\n location: \"US\",\n cloudResource: {},\n});\nconst remoteFunction = new gcp.bigquery.Routine(\"remote_function\", {\n datasetId: test.datasetId,\n routineId: \"routine_id\",\n routineType: \"SCALAR_FUNCTION\",\n definitionBody: \"\",\n returnType: \"{\\\"typeKind\\\" : \\\"STRING\\\"}\",\n remoteFunctionOptions: {\n endpoint: \"https://us-east1-my_gcf_project.cloudfunctions.net/remote_add\",\n connection: testConnection.name,\n maxBatchingRows: \"10\",\n userDefinedContext: {\n z: \"1.5\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest = gcp.bigquery.Dataset(\"test\", dataset_id=\"dataset_id\")\ntest_connection = gcp.bigquery.Connection(\"test\",\n connection_id=\"connection_id\",\n location=\"US\",\n cloud_resource={})\nremote_function = gcp.bigquery.Routine(\"remote_function\",\n dataset_id=test.dataset_id,\n routine_id=\"routine_id\",\n routine_type=\"SCALAR_FUNCTION\",\n definition_body=\"\",\n return_type=\"{\\\"typeKind\\\" : \\\"STRING\\\"}\",\n remote_function_options={\n \"endpoint\": \"https://us-east1-my_gcf_project.cloudfunctions.net/remote_add\",\n \"connection\": test_connection.name,\n \"max_batching_rows\": \"10\",\n \"user_defined_context\": {\n \"z\": \"1.5\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Gcp.BigQuery.Dataset(\"test\", new()\n {\n DatasetId = \"dataset_id\",\n });\n\n var testConnection = new Gcp.BigQuery.Connection(\"test\", new()\n {\n ConnectionId = \"connection_id\",\n Location = \"US\",\n CloudResource = null,\n });\n\n var remoteFunction = new Gcp.BigQuery.Routine(\"remote_function\", new()\n {\n DatasetId = test.DatasetId,\n RoutineId = \"routine_id\",\n RoutineType = \"SCALAR_FUNCTION\",\n DefinitionBody = \"\",\n ReturnType = \"{\\\"typeKind\\\" : \\\"STRING\\\"}\",\n RemoteFunctionOptions = new Gcp.BigQuery.Inputs.RoutineRemoteFunctionOptionsArgs\n {\n Endpoint = \"https://us-east1-my_gcf_project.cloudfunctions.net/remote_add\",\n Connection = testConnection.Name,\n MaxBatchingRows = \"10\",\n UserDefinedContext = \n {\n { \"z\", \"1.5\" },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := bigquery.NewDataset(ctx, \"test\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"dataset_id\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestConnection, err := bigquery.NewConnection(ctx, \"test\", \u0026bigquery.ConnectionArgs{\n\t\t\tConnectionId: pulumi.String(\"connection_id\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tCloudResource: \u0026bigquery.ConnectionCloudResourceArgs{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewRoutine(ctx, \"remote_function\", \u0026bigquery.RoutineArgs{\n\t\t\tDatasetId: test.DatasetId,\n\t\t\tRoutineId: pulumi.String(\"routine_id\"),\n\t\t\tRoutineType: pulumi.String(\"SCALAR_FUNCTION\"),\n\t\t\tDefinitionBody: pulumi.String(\"\"),\n\t\t\tReturnType: pulumi.String(\"{\\\"typeKind\\\" : \\\"STRING\\\"}\"),\n\t\t\tRemoteFunctionOptions: \u0026bigquery.RoutineRemoteFunctionOptionsArgs{\n\t\t\t\tEndpoint: pulumi.String(\"https://us-east1-my_gcf_project.cloudfunctions.net/remote_add\"),\n\t\t\t\tConnection: testConnection.Name,\n\t\t\t\tMaxBatchingRows: pulumi.String(\"10\"),\n\t\t\t\tUserDefinedContext: pulumi.StringMap{\n\t\t\t\t\t\"z\": pulumi.String(\"1.5\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Connection;\nimport com.pulumi.gcp.bigquery.ConnectionArgs;\nimport com.pulumi.gcp.bigquery.inputs.ConnectionCloudResourceArgs;\nimport com.pulumi.gcp.bigquery.Routine;\nimport com.pulumi.gcp.bigquery.RoutineArgs;\nimport com.pulumi.gcp.bigquery.inputs.RoutineRemoteFunctionOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Dataset(\"test\", DatasetArgs.builder()\n .datasetId(\"dataset_id\")\n .build());\n\n var testConnection = new Connection(\"testConnection\", ConnectionArgs.builder()\n .connectionId(\"connection_id\")\n .location(\"US\")\n .cloudResource()\n .build());\n\n var remoteFunction = new Routine(\"remoteFunction\", RoutineArgs.builder()\n .datasetId(test.datasetId())\n .routineId(\"routine_id\")\n .routineType(\"SCALAR_FUNCTION\")\n .definitionBody(\"\")\n .returnType(\"{\\\"typeKind\\\" : \\\"STRING\\\"}\")\n .remoteFunctionOptions(RoutineRemoteFunctionOptionsArgs.builder()\n .endpoint(\"https://us-east1-my_gcf_project.cloudfunctions.net/remote_add\")\n .connection(testConnection.name())\n .maxBatchingRows(\"10\")\n .userDefinedContext(Map.of(\"z\", \"1.5\"))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: dataset_id\n testConnection:\n type: gcp:bigquery:Connection\n name: test\n properties:\n connectionId: connection_id\n location: US\n cloudResource: {}\n remoteFunction:\n type: gcp:bigquery:Routine\n name: remote_function\n properties:\n datasetId: ${test.datasetId}\n routineId: routine_id\n routineType: SCALAR_FUNCTION\n definitionBody: \"\"\n returnType: '{\"typeKind\" : \"STRING\"}'\n remoteFunctionOptions:\n endpoint: https://us-east1-my_gcf_project.cloudfunctions.net/remote_add\n connection: ${testConnection.name}\n maxBatchingRows: '10'\n userDefinedContext:\n z: '1.5'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRoutine can be imported using any of these accepted formats:\n\n* `projects/{{project}}/datasets/{{dataset_id}}/routines/{{routine_id}}`\n\n* `{{project}}/{{dataset_id}}/{{routine_id}}`\n\n* `{{dataset_id}}/{{routine_id}}`\n\nWhen using the `pulumi import` command, Routine can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:bigquery/routine:Routine default projects/{{project}}/datasets/{{dataset_id}}/routines/{{routine_id}}\n```\n\n```sh\n$ pulumi import gcp:bigquery/routine:Routine default {{project}}/{{dataset_id}}/{{routine_id}}\n```\n\n```sh\n$ pulumi import gcp:bigquery/routine:Routine default {{dataset_id}}/{{routine_id}}\n```\n\n", "properties": { "arguments": { "type": "array", @@ -142981,7 +142981,7 @@ } }, "gcp:bigqueryanalyticshub/dataExchangeIamBinding:DataExchangeIamBinding": { - "description": "Three different resources help you manage your IAM policy for Bigquery Analytics Hub DataExchange. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Authoritative. Sets the IAM policy for the dataexchange and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.DataExchangeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataexchange are preserved.\n* `gcp.bigqueryanalyticshub.DataExchangeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataexchange are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Retrieves the IAM policy for the dataexchange\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamBinding` and `gcp.bigqueryanalyticshub.DataExchangeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigqueryanalyticshub.DataExchangeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.DataExchangeIamPolicy(\"policy\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewDataExchangeIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.DataExchangeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataExchangeIamPolicy(\"policy\", DataExchangeIamPolicyArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:DataExchangeIamPolicy\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.DataExchangeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.DataExchangeIamBinding(\"binding\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.DataExchangeIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataExchangeIamBinding(\"binding\", DataExchangeIamBindingArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:DataExchangeIamBinding\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.DataExchangeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.DataExchangeIamMember(\"member\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.DataExchangeIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataExchangeIamMember(\"member\", DataExchangeIamMemberArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:DataExchangeIamMember\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Bigquery Analytics Hub DataExchange\nThree different resources help you manage your IAM policy for Bigquery Analytics Hub DataExchange. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Authoritative. Sets the IAM policy for the dataexchange and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.DataExchangeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataexchange are preserved.\n* `gcp.bigqueryanalyticshub.DataExchangeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataexchange are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Retrieves the IAM policy for the dataexchange\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamBinding` and `gcp.bigqueryanalyticshub.DataExchangeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigqueryanalyticshub.DataExchangeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.DataExchangeIamPolicy(\"policy\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewDataExchangeIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.DataExchangeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataExchangeIamPolicy(\"policy\", DataExchangeIamPolicyArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:DataExchangeIamPolicy\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.DataExchangeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.DataExchangeIamBinding(\"binding\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.DataExchangeIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataExchangeIamBinding(\"binding\", DataExchangeIamBindingArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:DataExchangeIamBinding\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.DataExchangeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.DataExchangeIamMember(\"member\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.DataExchangeIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataExchangeIamMember(\"member\", DataExchangeIamMemberArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:DataExchangeIamMember\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}\n\n* {{project}}/{{location}}/{{data_exchange_id}}\n\n* {{location}}/{{data_exchange_id}}\n\n* {{data_exchange_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigquery Analytics Hub dataexchange IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamBinding:DataExchangeIamBinding editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamBinding:DataExchangeIamBinding editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamBinding:DataExchangeIamBinding editor projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Bigquery Analytics Hub DataExchange. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Authoritative. Sets the IAM policy for the dataexchange and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.DataExchangeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataexchange are preserved.\n* `gcp.bigqueryanalyticshub.DataExchangeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataexchange are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Retrieves the IAM policy for the dataexchange\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamBinding` and `gcp.bigqueryanalyticshub.DataExchangeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigqueryanalyticshub.DataExchangeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.DataExchangeIamPolicy(\"policy\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewDataExchangeIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.DataExchangeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataExchangeIamPolicy(\"policy\", DataExchangeIamPolicyArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:DataExchangeIamPolicy\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.DataExchangeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.DataExchangeIamBinding(\"binding\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.DataExchangeIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataExchangeIamBinding(\"binding\", DataExchangeIamBindingArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:DataExchangeIamBinding\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.DataExchangeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.DataExchangeIamMember(\"member\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.DataExchangeIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataExchangeIamMember(\"member\", DataExchangeIamMemberArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:DataExchangeIamMember\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Bigquery Analytics Hub DataExchange\nThree different resources help you manage your IAM policy for Bigquery Analytics Hub DataExchange. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Authoritative. Sets the IAM policy for the dataexchange and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.DataExchangeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataexchange are preserved.\n* `gcp.bigqueryanalyticshub.DataExchangeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataexchange are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Retrieves the IAM policy for the dataexchange\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamBinding` and `gcp.bigqueryanalyticshub.DataExchangeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigqueryanalyticshub.DataExchangeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.DataExchangeIamPolicy(\"policy\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewDataExchangeIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.DataExchangeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataExchangeIamPolicy(\"policy\", DataExchangeIamPolicyArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:DataExchangeIamPolicy\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.DataExchangeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.DataExchangeIamBinding(\"binding\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.DataExchangeIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataExchangeIamBinding(\"binding\", DataExchangeIamBindingArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:DataExchangeIamBinding\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.DataExchangeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.DataExchangeIamMember(\"member\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.DataExchangeIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataExchangeIamMember(\"member\", DataExchangeIamMemberArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:DataExchangeIamMember\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}\n\n* {{project}}/{{location}}/{{data_exchange_id}}\n\n* {{location}}/{{data_exchange_id}}\n\n* {{data_exchange_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigquery Analytics Hub dataexchange IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamBinding:DataExchangeIamBinding editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamBinding:DataExchangeIamBinding editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamBinding:DataExchangeIamBinding editor projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:bigqueryanalyticshub/DataExchangeIamBindingCondition:DataExchangeIamBindingCondition" @@ -143103,7 +143103,7 @@ } }, "gcp:bigqueryanalyticshub/dataExchangeIamMember:DataExchangeIamMember": { - "description": "Three different resources help you manage your IAM policy for Bigquery Analytics Hub DataExchange. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Authoritative. Sets the IAM policy for the dataexchange and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.DataExchangeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataexchange are preserved.\n* `gcp.bigqueryanalyticshub.DataExchangeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataexchange are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Retrieves the IAM policy for the dataexchange\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamBinding` and `gcp.bigqueryanalyticshub.DataExchangeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigqueryanalyticshub.DataExchangeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.DataExchangeIamPolicy(\"policy\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewDataExchangeIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.DataExchangeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataExchangeIamPolicy(\"policy\", DataExchangeIamPolicyArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:DataExchangeIamPolicy\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.DataExchangeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.DataExchangeIamBinding(\"binding\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.DataExchangeIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataExchangeIamBinding(\"binding\", DataExchangeIamBindingArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:DataExchangeIamBinding\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.DataExchangeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.DataExchangeIamMember(\"member\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.DataExchangeIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataExchangeIamMember(\"member\", DataExchangeIamMemberArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:DataExchangeIamMember\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Bigquery Analytics Hub DataExchange\nThree different resources help you manage your IAM policy for Bigquery Analytics Hub DataExchange. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Authoritative. Sets the IAM policy for the dataexchange and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.DataExchangeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataexchange are preserved.\n* `gcp.bigqueryanalyticshub.DataExchangeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataexchange are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Retrieves the IAM policy for the dataexchange\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamBinding` and `gcp.bigqueryanalyticshub.DataExchangeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigqueryanalyticshub.DataExchangeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.DataExchangeIamPolicy(\"policy\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewDataExchangeIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.DataExchangeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataExchangeIamPolicy(\"policy\", DataExchangeIamPolicyArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:DataExchangeIamPolicy\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.DataExchangeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.DataExchangeIamBinding(\"binding\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.DataExchangeIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataExchangeIamBinding(\"binding\", DataExchangeIamBindingArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:DataExchangeIamBinding\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.DataExchangeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.DataExchangeIamMember(\"member\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.DataExchangeIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataExchangeIamMember(\"member\", DataExchangeIamMemberArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:DataExchangeIamMember\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}\n\n* {{project}}/{{location}}/{{data_exchange_id}}\n\n* {{location}}/{{data_exchange_id}}\n\n* {{data_exchange_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigquery Analytics Hub dataexchange IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamMember:DataExchangeIamMember editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamMember:DataExchangeIamMember editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamMember:DataExchangeIamMember editor projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Bigquery Analytics Hub DataExchange. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Authoritative. Sets the IAM policy for the dataexchange and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.DataExchangeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataexchange are preserved.\n* `gcp.bigqueryanalyticshub.DataExchangeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataexchange are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Retrieves the IAM policy for the dataexchange\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamBinding` and `gcp.bigqueryanalyticshub.DataExchangeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigqueryanalyticshub.DataExchangeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.DataExchangeIamPolicy(\"policy\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewDataExchangeIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.DataExchangeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataExchangeIamPolicy(\"policy\", DataExchangeIamPolicyArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:DataExchangeIamPolicy\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.DataExchangeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.DataExchangeIamBinding(\"binding\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.DataExchangeIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataExchangeIamBinding(\"binding\", DataExchangeIamBindingArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:DataExchangeIamBinding\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.DataExchangeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.DataExchangeIamMember(\"member\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.DataExchangeIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataExchangeIamMember(\"member\", DataExchangeIamMemberArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:DataExchangeIamMember\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Bigquery Analytics Hub DataExchange\nThree different resources help you manage your IAM policy for Bigquery Analytics Hub DataExchange. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Authoritative. Sets the IAM policy for the dataexchange and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.DataExchangeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataexchange are preserved.\n* `gcp.bigqueryanalyticshub.DataExchangeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataexchange are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Retrieves the IAM policy for the dataexchange\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamBinding` and `gcp.bigqueryanalyticshub.DataExchangeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigqueryanalyticshub.DataExchangeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.DataExchangeIamPolicy(\"policy\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewDataExchangeIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.DataExchangeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataExchangeIamPolicy(\"policy\", DataExchangeIamPolicyArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:DataExchangeIamPolicy\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.DataExchangeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.DataExchangeIamBinding(\"binding\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.DataExchangeIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataExchangeIamBinding(\"binding\", DataExchangeIamBindingArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:DataExchangeIamBinding\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.DataExchangeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.DataExchangeIamMember(\"member\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.DataExchangeIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataExchangeIamMember(\"member\", DataExchangeIamMemberArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:DataExchangeIamMember\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}\n\n* {{project}}/{{location}}/{{data_exchange_id}}\n\n* {{location}}/{{data_exchange_id}}\n\n* {{data_exchange_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigquery Analytics Hub dataexchange IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamMember:DataExchangeIamMember editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamMember:DataExchangeIamMember editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamMember:DataExchangeIamMember editor projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:bigqueryanalyticshub/DataExchangeIamMemberCondition:DataExchangeIamMemberCondition" @@ -143218,7 +143218,7 @@ } }, "gcp:bigqueryanalyticshub/dataExchangeIamPolicy:DataExchangeIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Bigquery Analytics Hub DataExchange. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Authoritative. Sets the IAM policy for the dataexchange and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.DataExchangeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataexchange are preserved.\n* `gcp.bigqueryanalyticshub.DataExchangeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataexchange are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Retrieves the IAM policy for the dataexchange\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamBinding` and `gcp.bigqueryanalyticshub.DataExchangeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigqueryanalyticshub.DataExchangeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.DataExchangeIamPolicy(\"policy\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewDataExchangeIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.DataExchangeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataExchangeIamPolicy(\"policy\", DataExchangeIamPolicyArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:DataExchangeIamPolicy\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.DataExchangeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.DataExchangeIamBinding(\"binding\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.DataExchangeIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataExchangeIamBinding(\"binding\", DataExchangeIamBindingArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:DataExchangeIamBinding\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.DataExchangeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.DataExchangeIamMember(\"member\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.DataExchangeIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataExchangeIamMember(\"member\", DataExchangeIamMemberArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:DataExchangeIamMember\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Bigquery Analytics Hub DataExchange\nThree different resources help you manage your IAM policy for Bigquery Analytics Hub DataExchange. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Authoritative. Sets the IAM policy for the dataexchange and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.DataExchangeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataexchange are preserved.\n* `gcp.bigqueryanalyticshub.DataExchangeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataexchange are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Retrieves the IAM policy for the dataexchange\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamBinding` and `gcp.bigqueryanalyticshub.DataExchangeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigqueryanalyticshub.DataExchangeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.DataExchangeIamPolicy(\"policy\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewDataExchangeIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.DataExchangeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataExchangeIamPolicy(\"policy\", DataExchangeIamPolicyArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:DataExchangeIamPolicy\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.DataExchangeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.DataExchangeIamBinding(\"binding\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.DataExchangeIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataExchangeIamBinding(\"binding\", DataExchangeIamBindingArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:DataExchangeIamBinding\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.DataExchangeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.DataExchangeIamMember(\"member\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.DataExchangeIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataExchangeIamMember(\"member\", DataExchangeIamMemberArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:DataExchangeIamMember\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}\n\n* {{project}}/{{location}}/{{data_exchange_id}}\n\n* {{location}}/{{data_exchange_id}}\n\n* {{data_exchange_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigquery Analytics Hub dataexchange IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamPolicy:DataExchangeIamPolicy editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamPolicy:DataExchangeIamPolicy editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamPolicy:DataExchangeIamPolicy editor projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Bigquery Analytics Hub DataExchange. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Authoritative. Sets the IAM policy for the dataexchange and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.DataExchangeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataexchange are preserved.\n* `gcp.bigqueryanalyticshub.DataExchangeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataexchange are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Retrieves the IAM policy for the dataexchange\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamBinding` and `gcp.bigqueryanalyticshub.DataExchangeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigqueryanalyticshub.DataExchangeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.DataExchangeIamPolicy(\"policy\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewDataExchangeIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.DataExchangeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataExchangeIamPolicy(\"policy\", DataExchangeIamPolicyArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:DataExchangeIamPolicy\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.DataExchangeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.DataExchangeIamBinding(\"binding\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.DataExchangeIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataExchangeIamBinding(\"binding\", DataExchangeIamBindingArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:DataExchangeIamBinding\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.DataExchangeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.DataExchangeIamMember(\"member\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.DataExchangeIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataExchangeIamMember(\"member\", DataExchangeIamMemberArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:DataExchangeIamMember\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Bigquery Analytics Hub DataExchange\nThree different resources help you manage your IAM policy for Bigquery Analytics Hub DataExchange. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Authoritative. Sets the IAM policy for the dataexchange and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.DataExchangeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataexchange are preserved.\n* `gcp.bigqueryanalyticshub.DataExchangeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataexchange are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Retrieves the IAM policy for the dataexchange\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamBinding` and `gcp.bigqueryanalyticshub.DataExchangeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigqueryanalyticshub.DataExchangeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.DataExchangeIamPolicy(\"policy\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewDataExchangeIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.DataExchangeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataExchangeIamPolicy(\"policy\", DataExchangeIamPolicyArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:DataExchangeIamPolicy\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.DataExchangeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.DataExchangeIamBinding(\"binding\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.DataExchangeIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataExchangeIamBinding(\"binding\", DataExchangeIamBindingArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:DataExchangeIamBinding\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.DataExchangeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.DataExchangeIamMember(\"member\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.DataExchangeIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataExchangeIamMember(\"member\", DataExchangeIamMemberArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:DataExchangeIamMember\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}\n\n* {{project}}/{{location}}/{{data_exchange_id}}\n\n* {{location}}/{{data_exchange_id}}\n\n* {{data_exchange_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigquery Analytics Hub dataexchange IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamPolicy:DataExchangeIamPolicy editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamPolicy:DataExchangeIamPolicy editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamPolicy:DataExchangeIamPolicy editor projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "dataExchangeId": { "type": "string", @@ -143537,7 +143537,7 @@ } }, "gcp:bigqueryanalyticshub/listingIamBinding:ListingIamBinding": { - "description": "Three different resources help you manage your IAM policy for Bigquery Analytics Hub Listing. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Authoritative. Sets the IAM policy for the listing and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.ListingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the listing are preserved.\n* `gcp.bigqueryanalyticshub.ListingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the listing are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Retrieves the IAM policy for the listing\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.ListingIamBinding` and `gcp.bigqueryanalyticshub.ListingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.ListingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigqueryanalyticshub.ListingIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.ListingIamPolicy(\"policy\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewListingIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.ListingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ListingIamPolicy(\"policy\", ListingIamPolicyArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:ListingIamPolicy\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.ListingIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.ListingIamBinding(\"binding\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.ListingIamBindingArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ListingIamBinding(\"binding\", ListingIamBindingArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:ListingIamBinding\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.ListingIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.ListingIamMember(\"member\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.ListingIamMember(\"member\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.ListingIamMember(\"member\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.ListingIamMemberArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ListingIamMember(\"member\", ListingIamMemberArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:ListingIamMember\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Bigquery Analytics Hub Listing\nThree different resources help you manage your IAM policy for Bigquery Analytics Hub Listing. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Authoritative. Sets the IAM policy for the listing and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.ListingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the listing are preserved.\n* `gcp.bigqueryanalyticshub.ListingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the listing are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Retrieves the IAM policy for the listing\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.ListingIamBinding` and `gcp.bigqueryanalyticshub.ListingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.ListingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigqueryanalyticshub.ListingIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.ListingIamPolicy(\"policy\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewListingIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.ListingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ListingIamPolicy(\"policy\", ListingIamPolicyArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:ListingIamPolicy\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.ListingIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.ListingIamBinding(\"binding\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.ListingIamBindingArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ListingIamBinding(\"binding\", ListingIamBindingArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:ListingIamBinding\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.ListingIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.ListingIamMember(\"member\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.ListingIamMember(\"member\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.ListingIamMember(\"member\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.ListingIamMemberArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ListingIamMember(\"member\", ListingIamMemberArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:ListingIamMember\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}}\n\n* {{project}}/{{location}}/{{data_exchange_id}}/{{listing_id}}\n\n* {{location}}/{{data_exchange_id}}/{{listing_id}}\n\n* {{listing_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigquery Analytics Hub listing IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamBinding:ListingIamBinding editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamBinding:ListingIamBinding editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamBinding:ListingIamBinding editor projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Bigquery Analytics Hub Listing. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Authoritative. Sets the IAM policy for the listing and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.ListingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the listing are preserved.\n* `gcp.bigqueryanalyticshub.ListingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the listing are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Retrieves the IAM policy for the listing\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.ListingIamBinding` and `gcp.bigqueryanalyticshub.ListingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.ListingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigqueryanalyticshub.ListingIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.ListingIamPolicy(\"policy\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewListingIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.ListingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ListingIamPolicy(\"policy\", ListingIamPolicyArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:ListingIamPolicy\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.ListingIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.ListingIamBinding(\"binding\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.ListingIamBindingArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ListingIamBinding(\"binding\", ListingIamBindingArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:ListingIamBinding\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.ListingIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.ListingIamMember(\"member\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.ListingIamMember(\"member\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.ListingIamMember(\"member\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.ListingIamMemberArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ListingIamMember(\"member\", ListingIamMemberArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:ListingIamMember\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Bigquery Analytics Hub Listing\nThree different resources help you manage your IAM policy for Bigquery Analytics Hub Listing. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Authoritative. Sets the IAM policy for the listing and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.ListingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the listing are preserved.\n* `gcp.bigqueryanalyticshub.ListingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the listing are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Retrieves the IAM policy for the listing\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.ListingIamBinding` and `gcp.bigqueryanalyticshub.ListingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.ListingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigqueryanalyticshub.ListingIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.ListingIamPolicy(\"policy\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewListingIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.ListingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ListingIamPolicy(\"policy\", ListingIamPolicyArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:ListingIamPolicy\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.ListingIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.ListingIamBinding(\"binding\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.ListingIamBindingArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ListingIamBinding(\"binding\", ListingIamBindingArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:ListingIamBinding\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.ListingIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.ListingIamMember(\"member\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.ListingIamMember(\"member\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.ListingIamMember(\"member\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.ListingIamMemberArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ListingIamMember(\"member\", ListingIamMemberArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:ListingIamMember\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}}\n\n* {{project}}/{{location}}/{{data_exchange_id}}/{{listing_id}}\n\n* {{location}}/{{data_exchange_id}}/{{listing_id}}\n\n* {{listing_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigquery Analytics Hub listing IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamBinding:ListingIamBinding editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamBinding:ListingIamBinding editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamBinding:ListingIamBinding editor projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:bigqueryanalyticshub/ListingIamBindingCondition:ListingIamBindingCondition" @@ -143675,7 +143675,7 @@ } }, "gcp:bigqueryanalyticshub/listingIamMember:ListingIamMember": { - "description": "Three different resources help you manage your IAM policy for Bigquery Analytics Hub Listing. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Authoritative. Sets the IAM policy for the listing and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.ListingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the listing are preserved.\n* `gcp.bigqueryanalyticshub.ListingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the listing are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Retrieves the IAM policy for the listing\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.ListingIamBinding` and `gcp.bigqueryanalyticshub.ListingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.ListingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigqueryanalyticshub.ListingIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.ListingIamPolicy(\"policy\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewListingIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.ListingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ListingIamPolicy(\"policy\", ListingIamPolicyArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:ListingIamPolicy\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.ListingIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.ListingIamBinding(\"binding\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.ListingIamBindingArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ListingIamBinding(\"binding\", ListingIamBindingArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:ListingIamBinding\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.ListingIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.ListingIamMember(\"member\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.ListingIamMember(\"member\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.ListingIamMember(\"member\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.ListingIamMemberArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ListingIamMember(\"member\", ListingIamMemberArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:ListingIamMember\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Bigquery Analytics Hub Listing\nThree different resources help you manage your IAM policy for Bigquery Analytics Hub Listing. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Authoritative. Sets the IAM policy for the listing and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.ListingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the listing are preserved.\n* `gcp.bigqueryanalyticshub.ListingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the listing are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Retrieves the IAM policy for the listing\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.ListingIamBinding` and `gcp.bigqueryanalyticshub.ListingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.ListingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigqueryanalyticshub.ListingIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.ListingIamPolicy(\"policy\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewListingIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.ListingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ListingIamPolicy(\"policy\", ListingIamPolicyArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:ListingIamPolicy\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.ListingIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.ListingIamBinding(\"binding\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.ListingIamBindingArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ListingIamBinding(\"binding\", ListingIamBindingArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:ListingIamBinding\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.ListingIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.ListingIamMember(\"member\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.ListingIamMember(\"member\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.ListingIamMember(\"member\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.ListingIamMemberArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ListingIamMember(\"member\", ListingIamMemberArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:ListingIamMember\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}}\n\n* {{project}}/{{location}}/{{data_exchange_id}}/{{listing_id}}\n\n* {{location}}/{{data_exchange_id}}/{{listing_id}}\n\n* {{listing_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigquery Analytics Hub listing IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamMember:ListingIamMember editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamMember:ListingIamMember editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamMember:ListingIamMember editor projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Bigquery Analytics Hub Listing. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Authoritative. Sets the IAM policy for the listing and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.ListingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the listing are preserved.\n* `gcp.bigqueryanalyticshub.ListingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the listing are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Retrieves the IAM policy for the listing\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.ListingIamBinding` and `gcp.bigqueryanalyticshub.ListingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.ListingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigqueryanalyticshub.ListingIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.ListingIamPolicy(\"policy\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewListingIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.ListingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ListingIamPolicy(\"policy\", ListingIamPolicyArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:ListingIamPolicy\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.ListingIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.ListingIamBinding(\"binding\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.ListingIamBindingArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ListingIamBinding(\"binding\", ListingIamBindingArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:ListingIamBinding\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.ListingIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.ListingIamMember(\"member\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.ListingIamMember(\"member\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.ListingIamMember(\"member\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.ListingIamMemberArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ListingIamMember(\"member\", ListingIamMemberArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:ListingIamMember\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Bigquery Analytics Hub Listing\nThree different resources help you manage your IAM policy for Bigquery Analytics Hub Listing. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Authoritative. Sets the IAM policy for the listing and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.ListingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the listing are preserved.\n* `gcp.bigqueryanalyticshub.ListingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the listing are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Retrieves the IAM policy for the listing\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.ListingIamBinding` and `gcp.bigqueryanalyticshub.ListingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.ListingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigqueryanalyticshub.ListingIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.ListingIamPolicy(\"policy\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewListingIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.ListingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ListingIamPolicy(\"policy\", ListingIamPolicyArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:ListingIamPolicy\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.ListingIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.ListingIamBinding(\"binding\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.ListingIamBindingArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ListingIamBinding(\"binding\", ListingIamBindingArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:ListingIamBinding\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.ListingIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.ListingIamMember(\"member\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.ListingIamMember(\"member\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.ListingIamMember(\"member\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.ListingIamMemberArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ListingIamMember(\"member\", ListingIamMemberArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:ListingIamMember\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}}\n\n* {{project}}/{{location}}/{{data_exchange_id}}/{{listing_id}}\n\n* {{location}}/{{data_exchange_id}}/{{listing_id}}\n\n* {{listing_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigquery Analytics Hub listing IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamMember:ListingIamMember editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamMember:ListingIamMember editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamMember:ListingIamMember editor projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:bigqueryanalyticshub/ListingIamMemberCondition:ListingIamMemberCondition" @@ -143806,7 +143806,7 @@ } }, "gcp:bigqueryanalyticshub/listingIamPolicy:ListingIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Bigquery Analytics Hub Listing. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Authoritative. Sets the IAM policy for the listing and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.ListingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the listing are preserved.\n* `gcp.bigqueryanalyticshub.ListingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the listing are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Retrieves the IAM policy for the listing\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.ListingIamBinding` and `gcp.bigqueryanalyticshub.ListingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.ListingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigqueryanalyticshub.ListingIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.ListingIamPolicy(\"policy\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewListingIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.ListingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ListingIamPolicy(\"policy\", ListingIamPolicyArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:ListingIamPolicy\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.ListingIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.ListingIamBinding(\"binding\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.ListingIamBindingArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ListingIamBinding(\"binding\", ListingIamBindingArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:ListingIamBinding\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.ListingIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.ListingIamMember(\"member\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.ListingIamMember(\"member\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.ListingIamMember(\"member\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.ListingIamMemberArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ListingIamMember(\"member\", ListingIamMemberArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:ListingIamMember\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Bigquery Analytics Hub Listing\nThree different resources help you manage your IAM policy for Bigquery Analytics Hub Listing. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Authoritative. Sets the IAM policy for the listing and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.ListingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the listing are preserved.\n* `gcp.bigqueryanalyticshub.ListingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the listing are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Retrieves the IAM policy for the listing\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.ListingIamBinding` and `gcp.bigqueryanalyticshub.ListingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.ListingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigqueryanalyticshub.ListingIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.ListingIamPolicy(\"policy\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewListingIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.ListingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ListingIamPolicy(\"policy\", ListingIamPolicyArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:ListingIamPolicy\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.ListingIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.ListingIamBinding(\"binding\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.ListingIamBindingArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ListingIamBinding(\"binding\", ListingIamBindingArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:ListingIamBinding\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.ListingIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.ListingIamMember(\"member\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.ListingIamMember(\"member\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.ListingIamMember(\"member\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.ListingIamMemberArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ListingIamMember(\"member\", ListingIamMemberArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:ListingIamMember\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}}\n\n* {{project}}/{{location}}/{{data_exchange_id}}/{{listing_id}}\n\n* {{location}}/{{data_exchange_id}}/{{listing_id}}\n\n* {{listing_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigquery Analytics Hub listing IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamPolicy:ListingIamPolicy editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamPolicy:ListingIamPolicy editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamPolicy:ListingIamPolicy editor projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Bigquery Analytics Hub Listing. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Authoritative. Sets the IAM policy for the listing and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.ListingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the listing are preserved.\n* `gcp.bigqueryanalyticshub.ListingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the listing are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Retrieves the IAM policy for the listing\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.ListingIamBinding` and `gcp.bigqueryanalyticshub.ListingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.ListingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigqueryanalyticshub.ListingIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.ListingIamPolicy(\"policy\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewListingIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.ListingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ListingIamPolicy(\"policy\", ListingIamPolicyArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:ListingIamPolicy\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.ListingIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.ListingIamBinding(\"binding\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.ListingIamBindingArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ListingIamBinding(\"binding\", ListingIamBindingArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:ListingIamBinding\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.ListingIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.ListingIamMember(\"member\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.ListingIamMember(\"member\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.ListingIamMember(\"member\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.ListingIamMemberArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ListingIamMember(\"member\", ListingIamMemberArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:ListingIamMember\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Bigquery Analytics Hub Listing\nThree different resources help you manage your IAM policy for Bigquery Analytics Hub Listing. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Authoritative. Sets the IAM policy for the listing and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.ListingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the listing are preserved.\n* `gcp.bigqueryanalyticshub.ListingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the listing are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Retrieves the IAM policy for the listing\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.ListingIamBinding` and `gcp.bigqueryanalyticshub.ListingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.ListingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigqueryanalyticshub.ListingIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.ListingIamPolicy(\"policy\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewListingIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.ListingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ListingIamPolicy(\"policy\", ListingIamPolicyArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:ListingIamPolicy\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.ListingIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.ListingIamBinding(\"binding\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.ListingIamBindingArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ListingIamBinding(\"binding\", ListingIamBindingArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:ListingIamBinding\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigqueryanalyticshub.ListingIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.ListingIamMember(\"member\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.ListingIamMember(\"member\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.ListingIamMember(\"member\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.ListingIamMemberArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ListingIamMember(\"member\", ListingIamMemberArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:ListingIamMember\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}}\n\n* {{project}}/{{location}}/{{data_exchange_id}}/{{listing_id}}\n\n* {{location}}/{{data_exchange_id}}/{{listing_id}}\n\n* {{listing_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigquery Analytics Hub listing IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamPolicy:ListingIamPolicy editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamPolicy:ListingIamPolicy editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamPolicy:ListingIamPolicy editor projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "dataExchangeId": { "type": "string", @@ -144021,7 +144021,7 @@ } }, "gcp:bigquerydatapolicy/dataPolicyIamBinding:DataPolicyIamBinding": { - "description": "Three different resources help you manage your IAM policy for BigQuery Data Policy DataPolicy. Each of these resources serves a different use case:\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Authoritative. Sets the IAM policy for the datapolicy and replaces any existing policy already attached.\n* `gcp.bigquerydatapolicy.DataPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datapolicy are preserved.\n* `gcp.bigquerydatapolicy.DataPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datapolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Retrieves the IAM policy for the datapolicy\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamPolicy` **cannot** be used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamBinding` and `gcp.bigquerydatapolicy.DataPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamBinding` resources **can be** used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquerydatapolicy.DataPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryDataPolicy.DataPolicyIamPolicy(\"policy\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquerydatapolicy.NewDataPolicyIamPolicy(ctx, \"policy\", \u0026bigquerydatapolicy.DataPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicy;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataPolicyIamPolicy(\"policy\", DataPolicyIamPolicyArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquerydatapolicy:DataPolicyIamPolicy\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquerydatapolicy.DataPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryDataPolicy.DataPolicyIamBinding(\"binding\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamBinding(ctx, \"binding\", \u0026bigquerydatapolicy.DataPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBinding;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataPolicyIamBinding(\"binding\", DataPolicyIamBindingArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquerydatapolicy:DataPolicyIamBinding\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquerydatapolicy.DataPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryDataPolicy.DataPolicyIamMember(\"member\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamMember(ctx, \"member\", \u0026bigquerydatapolicy.DataPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMember;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataPolicyIamMember(\"member\", DataPolicyIamMemberArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquerydatapolicy:DataPolicyIamMember\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for BigQuery Data Policy DataPolicy\nThree different resources help you manage your IAM policy for BigQuery Data Policy DataPolicy. Each of these resources serves a different use case:\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Authoritative. Sets the IAM policy for the datapolicy and replaces any existing policy already attached.\n* `gcp.bigquerydatapolicy.DataPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datapolicy are preserved.\n* `gcp.bigquerydatapolicy.DataPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datapolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Retrieves the IAM policy for the datapolicy\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamPolicy` **cannot** be used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamBinding` and `gcp.bigquerydatapolicy.DataPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamBinding` resources **can be** used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquerydatapolicy.DataPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryDataPolicy.DataPolicyIamPolicy(\"policy\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquerydatapolicy.NewDataPolicyIamPolicy(ctx, \"policy\", \u0026bigquerydatapolicy.DataPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicy;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataPolicyIamPolicy(\"policy\", DataPolicyIamPolicyArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquerydatapolicy:DataPolicyIamPolicy\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquerydatapolicy.DataPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryDataPolicy.DataPolicyIamBinding(\"binding\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamBinding(ctx, \"binding\", \u0026bigquerydatapolicy.DataPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBinding;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataPolicyIamBinding(\"binding\", DataPolicyIamBindingArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquerydatapolicy:DataPolicyIamBinding\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquerydatapolicy.DataPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryDataPolicy.DataPolicyIamMember(\"member\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamMember(ctx, \"member\", \u0026bigquerydatapolicy.DataPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMember;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataPolicyIamMember(\"member\", DataPolicyIamMemberArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquerydatapolicy:DataPolicyIamMember\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}\n\n* {{project}}/{{location}}/{{data_policy_id}}\n\n* {{location}}/{{data_policy_id}}\n\n* {{data_policy_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery Data Policy datapolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamBinding:DataPolicyIamBinding editor \"projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamBinding:DataPolicyIamBinding editor \"projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamBinding:DataPolicyIamBinding editor projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for BigQuery Data Policy DataPolicy. Each of these resources serves a different use case:\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Authoritative. Sets the IAM policy for the datapolicy and replaces any existing policy already attached.\n* `gcp.bigquerydatapolicy.DataPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datapolicy are preserved.\n* `gcp.bigquerydatapolicy.DataPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datapolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Retrieves the IAM policy for the datapolicy\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamPolicy` **cannot** be used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamBinding` and `gcp.bigquerydatapolicy.DataPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamBinding` resources **can be** used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquerydatapolicy.DataPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryDataPolicy.DataPolicyIamPolicy(\"policy\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquerydatapolicy.NewDataPolicyIamPolicy(ctx, \"policy\", \u0026bigquerydatapolicy.DataPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicy;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataPolicyIamPolicy(\"policy\", DataPolicyIamPolicyArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquerydatapolicy:DataPolicyIamPolicy\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquerydatapolicy.DataPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryDataPolicy.DataPolicyIamBinding(\"binding\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamBinding(ctx, \"binding\", \u0026bigquerydatapolicy.DataPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBinding;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataPolicyIamBinding(\"binding\", DataPolicyIamBindingArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquerydatapolicy:DataPolicyIamBinding\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquerydatapolicy.DataPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryDataPolicy.DataPolicyIamMember(\"member\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamMember(ctx, \"member\", \u0026bigquerydatapolicy.DataPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMember;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataPolicyIamMember(\"member\", DataPolicyIamMemberArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquerydatapolicy:DataPolicyIamMember\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for BigQuery Data Policy DataPolicy\nThree different resources help you manage your IAM policy for BigQuery Data Policy DataPolicy. Each of these resources serves a different use case:\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Authoritative. Sets the IAM policy for the datapolicy and replaces any existing policy already attached.\n* `gcp.bigquerydatapolicy.DataPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datapolicy are preserved.\n* `gcp.bigquerydatapolicy.DataPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datapolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Retrieves the IAM policy for the datapolicy\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamPolicy` **cannot** be used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamBinding` and `gcp.bigquerydatapolicy.DataPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamBinding` resources **can be** used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquerydatapolicy.DataPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryDataPolicy.DataPolicyIamPolicy(\"policy\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquerydatapolicy.NewDataPolicyIamPolicy(ctx, \"policy\", \u0026bigquerydatapolicy.DataPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicy;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataPolicyIamPolicy(\"policy\", DataPolicyIamPolicyArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquerydatapolicy:DataPolicyIamPolicy\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquerydatapolicy.DataPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryDataPolicy.DataPolicyIamBinding(\"binding\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamBinding(ctx, \"binding\", \u0026bigquerydatapolicy.DataPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBinding;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataPolicyIamBinding(\"binding\", DataPolicyIamBindingArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquerydatapolicy:DataPolicyIamBinding\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquerydatapolicy.DataPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryDataPolicy.DataPolicyIamMember(\"member\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamMember(ctx, \"member\", \u0026bigquerydatapolicy.DataPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMember;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataPolicyIamMember(\"member\", DataPolicyIamMemberArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquerydatapolicy:DataPolicyIamMember\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}\n\n* {{project}}/{{location}}/{{data_policy_id}}\n\n* {{location}}/{{data_policy_id}}\n\n* {{data_policy_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery Data Policy datapolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamBinding:DataPolicyIamBinding editor \"projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamBinding:DataPolicyIamBinding editor \"projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamBinding:DataPolicyIamBinding editor projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:bigquerydatapolicy/DataPolicyIamBindingCondition:DataPolicyIamBindingCondition" @@ -144140,7 +144140,7 @@ } }, "gcp:bigquerydatapolicy/dataPolicyIamMember:DataPolicyIamMember": { - "description": "Three different resources help you manage your IAM policy for BigQuery Data Policy DataPolicy. Each of these resources serves a different use case:\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Authoritative. Sets the IAM policy for the datapolicy and replaces any existing policy already attached.\n* `gcp.bigquerydatapolicy.DataPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datapolicy are preserved.\n* `gcp.bigquerydatapolicy.DataPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datapolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Retrieves the IAM policy for the datapolicy\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamPolicy` **cannot** be used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamBinding` and `gcp.bigquerydatapolicy.DataPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamBinding` resources **can be** used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquerydatapolicy.DataPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryDataPolicy.DataPolicyIamPolicy(\"policy\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquerydatapolicy.NewDataPolicyIamPolicy(ctx, \"policy\", \u0026bigquerydatapolicy.DataPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicy;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataPolicyIamPolicy(\"policy\", DataPolicyIamPolicyArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquerydatapolicy:DataPolicyIamPolicy\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquerydatapolicy.DataPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryDataPolicy.DataPolicyIamBinding(\"binding\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamBinding(ctx, \"binding\", \u0026bigquerydatapolicy.DataPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBinding;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataPolicyIamBinding(\"binding\", DataPolicyIamBindingArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquerydatapolicy:DataPolicyIamBinding\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquerydatapolicy.DataPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryDataPolicy.DataPolicyIamMember(\"member\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamMember(ctx, \"member\", \u0026bigquerydatapolicy.DataPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMember;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataPolicyIamMember(\"member\", DataPolicyIamMemberArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquerydatapolicy:DataPolicyIamMember\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for BigQuery Data Policy DataPolicy\nThree different resources help you manage your IAM policy for BigQuery Data Policy DataPolicy. Each of these resources serves a different use case:\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Authoritative. Sets the IAM policy for the datapolicy and replaces any existing policy already attached.\n* `gcp.bigquerydatapolicy.DataPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datapolicy are preserved.\n* `gcp.bigquerydatapolicy.DataPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datapolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Retrieves the IAM policy for the datapolicy\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamPolicy` **cannot** be used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamBinding` and `gcp.bigquerydatapolicy.DataPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamBinding` resources **can be** used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquerydatapolicy.DataPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryDataPolicy.DataPolicyIamPolicy(\"policy\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquerydatapolicy.NewDataPolicyIamPolicy(ctx, \"policy\", \u0026bigquerydatapolicy.DataPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicy;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataPolicyIamPolicy(\"policy\", DataPolicyIamPolicyArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquerydatapolicy:DataPolicyIamPolicy\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquerydatapolicy.DataPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryDataPolicy.DataPolicyIamBinding(\"binding\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamBinding(ctx, \"binding\", \u0026bigquerydatapolicy.DataPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBinding;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataPolicyIamBinding(\"binding\", DataPolicyIamBindingArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquerydatapolicy:DataPolicyIamBinding\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquerydatapolicy.DataPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryDataPolicy.DataPolicyIamMember(\"member\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamMember(ctx, \"member\", \u0026bigquerydatapolicy.DataPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMember;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataPolicyIamMember(\"member\", DataPolicyIamMemberArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquerydatapolicy:DataPolicyIamMember\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}\n\n* {{project}}/{{location}}/{{data_policy_id}}\n\n* {{location}}/{{data_policy_id}}\n\n* {{data_policy_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery Data Policy datapolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamMember:DataPolicyIamMember editor \"projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamMember:DataPolicyIamMember editor \"projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamMember:DataPolicyIamMember editor projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for BigQuery Data Policy DataPolicy. Each of these resources serves a different use case:\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Authoritative. Sets the IAM policy for the datapolicy and replaces any existing policy already attached.\n* `gcp.bigquerydatapolicy.DataPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datapolicy are preserved.\n* `gcp.bigquerydatapolicy.DataPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datapolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Retrieves the IAM policy for the datapolicy\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamPolicy` **cannot** be used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamBinding` and `gcp.bigquerydatapolicy.DataPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamBinding` resources **can be** used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquerydatapolicy.DataPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryDataPolicy.DataPolicyIamPolicy(\"policy\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquerydatapolicy.NewDataPolicyIamPolicy(ctx, \"policy\", \u0026bigquerydatapolicy.DataPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicy;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataPolicyIamPolicy(\"policy\", DataPolicyIamPolicyArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquerydatapolicy:DataPolicyIamPolicy\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquerydatapolicy.DataPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryDataPolicy.DataPolicyIamBinding(\"binding\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamBinding(ctx, \"binding\", \u0026bigquerydatapolicy.DataPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBinding;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataPolicyIamBinding(\"binding\", DataPolicyIamBindingArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquerydatapolicy:DataPolicyIamBinding\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquerydatapolicy.DataPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryDataPolicy.DataPolicyIamMember(\"member\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamMember(ctx, \"member\", \u0026bigquerydatapolicy.DataPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMember;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataPolicyIamMember(\"member\", DataPolicyIamMemberArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquerydatapolicy:DataPolicyIamMember\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for BigQuery Data Policy DataPolicy\nThree different resources help you manage your IAM policy for BigQuery Data Policy DataPolicy. Each of these resources serves a different use case:\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Authoritative. Sets the IAM policy for the datapolicy and replaces any existing policy already attached.\n* `gcp.bigquerydatapolicy.DataPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datapolicy are preserved.\n* `gcp.bigquerydatapolicy.DataPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datapolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Retrieves the IAM policy for the datapolicy\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamPolicy` **cannot** be used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamBinding` and `gcp.bigquerydatapolicy.DataPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamBinding` resources **can be** used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquerydatapolicy.DataPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryDataPolicy.DataPolicyIamPolicy(\"policy\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquerydatapolicy.NewDataPolicyIamPolicy(ctx, \"policy\", \u0026bigquerydatapolicy.DataPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicy;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataPolicyIamPolicy(\"policy\", DataPolicyIamPolicyArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquerydatapolicy:DataPolicyIamPolicy\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquerydatapolicy.DataPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryDataPolicy.DataPolicyIamBinding(\"binding\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamBinding(ctx, \"binding\", \u0026bigquerydatapolicy.DataPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBinding;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataPolicyIamBinding(\"binding\", DataPolicyIamBindingArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquerydatapolicy:DataPolicyIamBinding\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquerydatapolicy.DataPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryDataPolicy.DataPolicyIamMember(\"member\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamMember(ctx, \"member\", \u0026bigquerydatapolicy.DataPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMember;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataPolicyIamMember(\"member\", DataPolicyIamMemberArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquerydatapolicy:DataPolicyIamMember\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}\n\n* {{project}}/{{location}}/{{data_policy_id}}\n\n* {{location}}/{{data_policy_id}}\n\n* {{data_policy_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery Data Policy datapolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamMember:DataPolicyIamMember editor \"projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamMember:DataPolicyIamMember editor \"projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamMember:DataPolicyIamMember editor projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:bigquerydatapolicy/DataPolicyIamMemberCondition:DataPolicyIamMemberCondition" @@ -144252,7 +144252,7 @@ } }, "gcp:bigquerydatapolicy/dataPolicyIamPolicy:DataPolicyIamPolicy": { - "description": "Three different resources help you manage your IAM policy for BigQuery Data Policy DataPolicy. Each of these resources serves a different use case:\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Authoritative. Sets the IAM policy for the datapolicy and replaces any existing policy already attached.\n* `gcp.bigquerydatapolicy.DataPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datapolicy are preserved.\n* `gcp.bigquerydatapolicy.DataPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datapolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Retrieves the IAM policy for the datapolicy\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamPolicy` **cannot** be used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamBinding` and `gcp.bigquerydatapolicy.DataPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamBinding` resources **can be** used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquerydatapolicy.DataPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryDataPolicy.DataPolicyIamPolicy(\"policy\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquerydatapolicy.NewDataPolicyIamPolicy(ctx, \"policy\", \u0026bigquerydatapolicy.DataPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicy;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataPolicyIamPolicy(\"policy\", DataPolicyIamPolicyArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquerydatapolicy:DataPolicyIamPolicy\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquerydatapolicy.DataPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryDataPolicy.DataPolicyIamBinding(\"binding\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamBinding(ctx, \"binding\", \u0026bigquerydatapolicy.DataPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBinding;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataPolicyIamBinding(\"binding\", DataPolicyIamBindingArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquerydatapolicy:DataPolicyIamBinding\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquerydatapolicy.DataPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryDataPolicy.DataPolicyIamMember(\"member\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamMember(ctx, \"member\", \u0026bigquerydatapolicy.DataPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMember;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataPolicyIamMember(\"member\", DataPolicyIamMemberArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquerydatapolicy:DataPolicyIamMember\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for BigQuery Data Policy DataPolicy\nThree different resources help you manage your IAM policy for BigQuery Data Policy DataPolicy. Each of these resources serves a different use case:\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Authoritative. Sets the IAM policy for the datapolicy and replaces any existing policy already attached.\n* `gcp.bigquerydatapolicy.DataPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datapolicy are preserved.\n* `gcp.bigquerydatapolicy.DataPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datapolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Retrieves the IAM policy for the datapolicy\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamPolicy` **cannot** be used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamBinding` and `gcp.bigquerydatapolicy.DataPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamBinding` resources **can be** used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquerydatapolicy.DataPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryDataPolicy.DataPolicyIamPolicy(\"policy\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquerydatapolicy.NewDataPolicyIamPolicy(ctx, \"policy\", \u0026bigquerydatapolicy.DataPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicy;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataPolicyIamPolicy(\"policy\", DataPolicyIamPolicyArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquerydatapolicy:DataPolicyIamPolicy\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquerydatapolicy.DataPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryDataPolicy.DataPolicyIamBinding(\"binding\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamBinding(ctx, \"binding\", \u0026bigquerydatapolicy.DataPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBinding;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataPolicyIamBinding(\"binding\", DataPolicyIamBindingArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquerydatapolicy:DataPolicyIamBinding\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquerydatapolicy.DataPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryDataPolicy.DataPolicyIamMember(\"member\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamMember(ctx, \"member\", \u0026bigquerydatapolicy.DataPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMember;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataPolicyIamMember(\"member\", DataPolicyIamMemberArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquerydatapolicy:DataPolicyIamMember\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}\n\n* {{project}}/{{location}}/{{data_policy_id}}\n\n* {{location}}/{{data_policy_id}}\n\n* {{data_policy_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery Data Policy datapolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamPolicy:DataPolicyIamPolicy editor \"projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamPolicy:DataPolicyIamPolicy editor \"projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamPolicy:DataPolicyIamPolicy editor projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for BigQuery Data Policy DataPolicy. Each of these resources serves a different use case:\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Authoritative. Sets the IAM policy for the datapolicy and replaces any existing policy already attached.\n* `gcp.bigquerydatapolicy.DataPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datapolicy are preserved.\n* `gcp.bigquerydatapolicy.DataPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datapolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Retrieves the IAM policy for the datapolicy\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamPolicy` **cannot** be used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamBinding` and `gcp.bigquerydatapolicy.DataPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamBinding` resources **can be** used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquerydatapolicy.DataPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryDataPolicy.DataPolicyIamPolicy(\"policy\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquerydatapolicy.NewDataPolicyIamPolicy(ctx, \"policy\", \u0026bigquerydatapolicy.DataPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicy;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataPolicyIamPolicy(\"policy\", DataPolicyIamPolicyArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquerydatapolicy:DataPolicyIamPolicy\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquerydatapolicy.DataPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryDataPolicy.DataPolicyIamBinding(\"binding\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamBinding(ctx, \"binding\", \u0026bigquerydatapolicy.DataPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBinding;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataPolicyIamBinding(\"binding\", DataPolicyIamBindingArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquerydatapolicy:DataPolicyIamBinding\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquerydatapolicy.DataPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryDataPolicy.DataPolicyIamMember(\"member\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamMember(ctx, \"member\", \u0026bigquerydatapolicy.DataPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMember;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataPolicyIamMember(\"member\", DataPolicyIamMemberArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquerydatapolicy:DataPolicyIamMember\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for BigQuery Data Policy DataPolicy\nThree different resources help you manage your IAM policy for BigQuery Data Policy DataPolicy. Each of these resources serves a different use case:\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Authoritative. Sets the IAM policy for the datapolicy and replaces any existing policy already attached.\n* `gcp.bigquerydatapolicy.DataPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datapolicy are preserved.\n* `gcp.bigquerydatapolicy.DataPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datapolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Retrieves the IAM policy for the datapolicy\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamPolicy` **cannot** be used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamBinding` and `gcp.bigquerydatapolicy.DataPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamBinding` resources **can be** used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.bigquerydatapolicy.DataPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryDataPolicy.DataPolicyIamPolicy(\"policy\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquerydatapolicy.NewDataPolicyIamPolicy(ctx, \"policy\", \u0026bigquerydatapolicy.DataPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicy;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataPolicyIamPolicy(\"policy\", DataPolicyIamPolicyArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquerydatapolicy:DataPolicyIamPolicy\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquerydatapolicy.DataPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryDataPolicy.DataPolicyIamBinding(\"binding\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamBinding(ctx, \"binding\", \u0026bigquerydatapolicy.DataPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBinding;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataPolicyIamBinding(\"binding\", DataPolicyIamBindingArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquerydatapolicy:DataPolicyIamBinding\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigquerydatapolicy.DataPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryDataPolicy.DataPolicyIamMember(\"member\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamMember(ctx, \"member\", \u0026bigquerydatapolicy.DataPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMember;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataPolicyIamMember(\"member\", DataPolicyIamMemberArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquerydatapolicy:DataPolicyIamMember\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}\n\n* {{project}}/{{location}}/{{data_policy_id}}\n\n* {{location}}/{{data_policy_id}}\n\n* {{data_policy_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery Data Policy datapolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamPolicy:DataPolicyIamPolicy editor \"projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamPolicy:DataPolicyIamPolicy editor \"projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamPolicy:DataPolicyIamPolicy editor projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "dataPolicyId": { "type": "string" @@ -144335,7 +144335,7 @@ } }, "gcp:bigtable/authorizedView:AuthorizedView": { - "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst instance = new gcp.bigtable.Instance(\"instance\", {\n name: \"tf-instance\",\n clusters: [{\n clusterId: \"tf-instance-cluster\",\n zone: \"us-central1-b\",\n numNodes: 3,\n storageType: \"HDD\",\n }],\n});\nconst table = new gcp.bigtable.Table(\"table\", {\n name: \"tf-table\",\n instanceName: instance.name,\n splitKeys: [\n \"a\",\n \"b\",\n \"c\",\n ],\n columnFamilies: [\n {\n family: \"family-first\",\n },\n {\n family: \"family-second\",\n },\n ],\n changeStreamRetention: \"24h0m0s\",\n});\nconst authorizedView = new gcp.bigtable.AuthorizedView(\"authorized_view\", {\n name: \"tf-authorized-view\",\n instanceName: instance.name,\n tableName: table.name,\n subsetView: {\n rowPrefixes: [std.base64encode({\n input: \"prefix#\",\n }).then(invoke =\u003e invoke.result)],\n familySubsets: [\n {\n familyName: \"family-first\",\n qualifiers: [\n std.base64encode({\n input: \"qualifier\",\n }).then(invoke =\u003e invoke.result),\n std.base64encode({\n input: \"qualifier-second\",\n }).then(invoke =\u003e invoke.result),\n ],\n },\n {\n familyName: \"family-second\",\n qualifierPrefixes: [\"\"],\n },\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ninstance = gcp.bigtable.Instance(\"instance\",\n name=\"tf-instance\",\n clusters=[{\n \"cluster_id\": \"tf-instance-cluster\",\n \"zone\": \"us-central1-b\",\n \"num_nodes\": 3,\n \"storage_type\": \"HDD\",\n }])\ntable = gcp.bigtable.Table(\"table\",\n name=\"tf-table\",\n instance_name=instance.name,\n split_keys=[\n \"a\",\n \"b\",\n \"c\",\n ],\n column_families=[\n {\n \"family\": \"family-first\",\n },\n {\n \"family\": \"family-second\",\n },\n ],\n change_stream_retention=\"24h0m0s\")\nauthorized_view = gcp.bigtable.AuthorizedView(\"authorized_view\",\n name=\"tf-authorized-view\",\n instance_name=instance.name,\n table_name=table.name,\n subset_view={\n \"row_prefixes\": [std.base64encode(input=\"prefix#\").result],\n \"family_subsets\": [\n {\n \"family_name\": \"family-first\",\n \"qualifiers\": [\n std.base64encode(input=\"qualifier\").result,\n std.base64encode(input=\"qualifier-second\").result,\n ],\n },\n {\n \"family_name\": \"family-second\",\n \"qualifier_prefixes\": [\"\"],\n },\n ],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.BigTable.Instance(\"instance\", new()\n {\n Name = \"tf-instance\",\n Clusters = new[]\n {\n new Gcp.BigTable.Inputs.InstanceClusterArgs\n {\n ClusterId = \"tf-instance-cluster\",\n Zone = \"us-central1-b\",\n NumNodes = 3,\n StorageType = \"HDD\",\n },\n },\n });\n\n var table = new Gcp.BigTable.Table(\"table\", new()\n {\n Name = \"tf-table\",\n InstanceName = instance.Name,\n SplitKeys = new[]\n {\n \"a\",\n \"b\",\n \"c\",\n },\n ColumnFamilies = new[]\n {\n new Gcp.BigTable.Inputs.TableColumnFamilyArgs\n {\n Family = \"family-first\",\n },\n new Gcp.BigTable.Inputs.TableColumnFamilyArgs\n {\n Family = \"family-second\",\n },\n },\n ChangeStreamRetention = \"24h0m0s\",\n });\n\n var authorizedView = new Gcp.BigTable.AuthorizedView(\"authorized_view\", new()\n {\n Name = \"tf-authorized-view\",\n InstanceName = instance.Name,\n TableName = table.Name,\n SubsetView = new Gcp.BigTable.Inputs.AuthorizedViewSubsetViewArgs\n {\n RowPrefixes = new[]\n {\n Std.Base64encode.Invoke(new()\n {\n Input = \"prefix#\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n FamilySubsets = new[]\n {\n new Gcp.BigTable.Inputs.AuthorizedViewSubsetViewFamilySubsetArgs\n {\n FamilyName = \"family-first\",\n Qualifiers = new[]\n {\n Std.Base64encode.Invoke(new()\n {\n Input = \"qualifier\",\n }).Apply(invoke =\u003e invoke.Result),\n Std.Base64encode.Invoke(new()\n {\n Input = \"qualifier-second\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n new Gcp.BigTable.Inputs.AuthorizedViewSubsetViewFamilySubsetArgs\n {\n FamilyName = \"family-second\",\n QualifierPrefixes = new[]\n {\n \"\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinstance, err := bigtable.NewInstance(ctx, \"instance\", \u0026bigtable.InstanceArgs{\n\t\t\tName: pulumi.String(\"tf-instance\"),\n\t\t\tClusters: bigtable.InstanceClusterArray{\n\t\t\t\t\u0026bigtable.InstanceClusterArgs{\n\t\t\t\t\tClusterId: pulumi.String(\"tf-instance-cluster\"),\n\t\t\t\t\tZone: pulumi.String(\"us-central1-b\"),\n\t\t\t\t\tNumNodes: pulumi.Int(3),\n\t\t\t\t\tStorageType: pulumi.String(\"HDD\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttable, err := bigtable.NewTable(ctx, \"table\", \u0026bigtable.TableArgs{\n\t\t\tName: pulumi.String(\"tf-table\"),\n\t\t\tInstanceName: instance.Name,\n\t\t\tSplitKeys: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"a\"),\n\t\t\t\tpulumi.String(\"b\"),\n\t\t\t\tpulumi.String(\"c\"),\n\t\t\t},\n\t\t\tColumnFamilies: bigtable.TableColumnFamilyArray{\n\t\t\t\t\u0026bigtable.TableColumnFamilyArgs{\n\t\t\t\t\tFamily: pulumi.String(\"family-first\"),\n\t\t\t\t},\n\t\t\t\t\u0026bigtable.TableColumnFamilyArgs{\n\t\t\t\t\tFamily: pulumi.String(\"family-second\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tChangeStreamRetention: pulumi.String(\"24h0m0s\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeBase64encode, err := std.Base64encode(ctx, \u0026std.Base64encodeArgs{\n\t\t\tInput: \"prefix#\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeBase64encode1, err := std.Base64encode(ctx, \u0026std.Base64encodeArgs{\n\t\t\tInput: \"qualifier\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeBase64encode2, err := std.Base64encode(ctx, \u0026std.Base64encodeArgs{\n\t\t\tInput: \"qualifier-second\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewAuthorizedView(ctx, \"authorized_view\", \u0026bigtable.AuthorizedViewArgs{\n\t\t\tName: pulumi.String(\"tf-authorized-view\"),\n\t\t\tInstanceName: instance.Name,\n\t\t\tTableName: table.Name,\n\t\t\tSubsetView: \u0026bigtable.AuthorizedViewSubsetViewArgs{\n\t\t\t\tRowPrefixes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(invokeBase64encode.Result),\n\t\t\t\t},\n\t\t\t\tFamilySubsets: bigtable.AuthorizedViewSubsetViewFamilySubsetArray{\n\t\t\t\t\t\u0026bigtable.AuthorizedViewSubsetViewFamilySubsetArgs{\n\t\t\t\t\t\tFamilyName: pulumi.String(\"family-first\"),\n\t\t\t\t\t\tQualifiers: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(invokeBase64encode1.Result),\n\t\t\t\t\t\t\tpulumi.String(invokeBase64encode2.Result),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026bigtable.AuthorizedViewSubsetViewFamilySubsetArgs{\n\t\t\t\t\t\tFamilyName: pulumi.String(\"family-second\"),\n\t\t\t\t\t\tQualifierPrefixes: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.Instance;\nimport com.pulumi.gcp.bigtable.InstanceArgs;\nimport com.pulumi.gcp.bigtable.inputs.InstanceClusterArgs;\nimport com.pulumi.gcp.bigtable.Table;\nimport com.pulumi.gcp.bigtable.TableArgs;\nimport com.pulumi.gcp.bigtable.inputs.TableColumnFamilyArgs;\nimport com.pulumi.gcp.bigtable.AuthorizedView;\nimport com.pulumi.gcp.bigtable.AuthorizedViewArgs;\nimport com.pulumi.gcp.bigtable.inputs.AuthorizedViewSubsetViewArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new Instance(\"instance\", InstanceArgs.builder()\n .name(\"tf-instance\")\n .clusters(InstanceClusterArgs.builder()\n .clusterId(\"tf-instance-cluster\")\n .zone(\"us-central1-b\")\n .numNodes(3)\n .storageType(\"HDD\")\n .build())\n .build());\n\n var table = new Table(\"table\", TableArgs.builder()\n .name(\"tf-table\")\n .instanceName(instance.name())\n .splitKeys( \n \"a\",\n \"b\",\n \"c\")\n .columnFamilies( \n TableColumnFamilyArgs.builder()\n .family(\"family-first\")\n .build(),\n TableColumnFamilyArgs.builder()\n .family(\"family-second\")\n .build())\n .changeStreamRetention(\"24h0m0s\")\n .build());\n\n var authorizedView = new AuthorizedView(\"authorizedView\", AuthorizedViewArgs.builder()\n .name(\"tf-authorized-view\")\n .instanceName(instance.name())\n .tableName(table.name())\n .subsetView(AuthorizedViewSubsetViewArgs.builder()\n .rowPrefixes(StdFunctions.base64encode(Base64encodeArgs.builder()\n .input(\"prefix#\")\n .build()).result())\n .familySubsets( \n AuthorizedViewSubsetViewFamilySubsetArgs.builder()\n .familyName(\"family-first\")\n .qualifiers( \n StdFunctions.base64encode(Base64encodeArgs.builder()\n .input(\"qualifier\")\n .build()).result(),\n StdFunctions.base64encode(Base64encodeArgs.builder()\n .input(\"qualifier-second\")\n .build()).result())\n .build(),\n AuthorizedViewSubsetViewFamilySubsetArgs.builder()\n .familyName(\"family-second\")\n .qualifierPrefixes(\"\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:bigtable:Instance\n properties:\n name: tf-instance\n clusters:\n - clusterId: tf-instance-cluster\n zone: us-central1-b\n numNodes: 3\n storageType: HDD\n table:\n type: gcp:bigtable:Table\n properties:\n name: tf-table\n instanceName: ${instance.name}\n splitKeys:\n - a\n - b\n - c\n columnFamilies:\n - family: family-first\n - family: family-second\n changeStreamRetention: 24h0m0s\n authorizedView:\n type: gcp:bigtable:AuthorizedView\n name: authorized_view\n properties:\n name: tf-authorized-view\n instanceName: ${instance.name}\n tableName: ${table.name}\n subsetView:\n rowPrefixes:\n - fn::invoke:\n Function: std:base64encode\n Arguments:\n input: prefix#\n Return: result\n familySubsets:\n - familyName: family-first\n qualifiers:\n - fn::invoke:\n Function: std:base64encode\n Arguments:\n input: qualifier\n Return: result\n - fn::invoke:\n Function: std:base64encode\n Arguments:\n input: qualifier-second\n Return: result\n - familyName: family-second\n qualifierPrefixes:\n -\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nBigtable Authorized Views can be imported using any of these accepted formats:\n\n* `projects/{{project}}/instances/{{instance_name}}/tables/{{table_name}}/authorizedViews/{{name}}`\n\n* `{{project}}/{{instance_name}}/{{table_name}}/{{name}}`\n\n* `{{instance_name}}/{{table_name}}/{{name}}`\n\nWhen using the `pulumi import` command, Bigtable Authorized Views can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:bigtable/authorizedView:AuthorizedView default projects/{{project}}/instances/{{instance_name}}/tables/{{table_name}}/authorizedViews/{{name}}\n```\n\n```sh\n$ pulumi import gcp:bigtable/authorizedView:AuthorizedView default {{project}}/{{instance_name}}/{{table_name}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:bigtable/authorizedView:AuthorizedView default {{instance_name}}/{{table_name}}/{{name}}\n```\n\n", + "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst instance = new gcp.bigtable.Instance(\"instance\", {\n name: \"tf-instance\",\n clusters: [{\n clusterId: \"tf-instance-cluster\",\n zone: \"us-central1-b\",\n numNodes: 3,\n storageType: \"HDD\",\n }],\n});\nconst table = new gcp.bigtable.Table(\"table\", {\n name: \"tf-table\",\n instanceName: instance.name,\n splitKeys: [\n \"a\",\n \"b\",\n \"c\",\n ],\n columnFamilies: [\n {\n family: \"family-first\",\n },\n {\n family: \"family-second\",\n },\n ],\n changeStreamRetention: \"24h0m0s\",\n});\nconst authorizedView = new gcp.bigtable.AuthorizedView(\"authorized_view\", {\n name: \"tf-authorized-view\",\n instanceName: instance.name,\n tableName: table.name,\n subsetView: {\n rowPrefixes: [std.base64encode({\n input: \"prefix#\",\n }).then(invoke =\u003e invoke.result)],\n familySubsets: [\n {\n familyName: \"family-first\",\n qualifiers: [\n std.base64encode({\n input: \"qualifier\",\n }).then(invoke =\u003e invoke.result),\n std.base64encode({\n input: \"qualifier-second\",\n }).then(invoke =\u003e invoke.result),\n ],\n },\n {\n familyName: \"family-second\",\n qualifierPrefixes: [\"\"],\n },\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ninstance = gcp.bigtable.Instance(\"instance\",\n name=\"tf-instance\",\n clusters=[{\n \"cluster_id\": \"tf-instance-cluster\",\n \"zone\": \"us-central1-b\",\n \"num_nodes\": 3,\n \"storage_type\": \"HDD\",\n }])\ntable = gcp.bigtable.Table(\"table\",\n name=\"tf-table\",\n instance_name=instance.name,\n split_keys=[\n \"a\",\n \"b\",\n \"c\",\n ],\n column_families=[\n {\n \"family\": \"family-first\",\n },\n {\n \"family\": \"family-second\",\n },\n ],\n change_stream_retention=\"24h0m0s\")\nauthorized_view = gcp.bigtable.AuthorizedView(\"authorized_view\",\n name=\"tf-authorized-view\",\n instance_name=instance.name,\n table_name=table.name,\n subset_view={\n \"row_prefixes\": [std.base64encode(input=\"prefix#\").result],\n \"family_subsets\": [\n {\n \"family_name\": \"family-first\",\n \"qualifiers\": [\n std.base64encode(input=\"qualifier\").result,\n std.base64encode(input=\"qualifier-second\").result,\n ],\n },\n {\n \"family_name\": \"family-second\",\n \"qualifier_prefixes\": [\"\"],\n },\n ],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.BigTable.Instance(\"instance\", new()\n {\n Name = \"tf-instance\",\n Clusters = new[]\n {\n new Gcp.BigTable.Inputs.InstanceClusterArgs\n {\n ClusterId = \"tf-instance-cluster\",\n Zone = \"us-central1-b\",\n NumNodes = 3,\n StorageType = \"HDD\",\n },\n },\n });\n\n var table = new Gcp.BigTable.Table(\"table\", new()\n {\n Name = \"tf-table\",\n InstanceName = instance.Name,\n SplitKeys = new[]\n {\n \"a\",\n \"b\",\n \"c\",\n },\n ColumnFamilies = new[]\n {\n new Gcp.BigTable.Inputs.TableColumnFamilyArgs\n {\n Family = \"family-first\",\n },\n new Gcp.BigTable.Inputs.TableColumnFamilyArgs\n {\n Family = \"family-second\",\n },\n },\n ChangeStreamRetention = \"24h0m0s\",\n });\n\n var authorizedView = new Gcp.BigTable.AuthorizedView(\"authorized_view\", new()\n {\n Name = \"tf-authorized-view\",\n InstanceName = instance.Name,\n TableName = table.Name,\n SubsetView = new Gcp.BigTable.Inputs.AuthorizedViewSubsetViewArgs\n {\n RowPrefixes = new[]\n {\n Std.Base64encode.Invoke(new()\n {\n Input = \"prefix#\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n FamilySubsets = new[]\n {\n new Gcp.BigTable.Inputs.AuthorizedViewSubsetViewFamilySubsetArgs\n {\n FamilyName = \"family-first\",\n Qualifiers = new[]\n {\n Std.Base64encode.Invoke(new()\n {\n Input = \"qualifier\",\n }).Apply(invoke =\u003e invoke.Result),\n Std.Base64encode.Invoke(new()\n {\n Input = \"qualifier-second\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n new Gcp.BigTable.Inputs.AuthorizedViewSubsetViewFamilySubsetArgs\n {\n FamilyName = \"family-second\",\n QualifierPrefixes = new[]\n {\n \"\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinstance, err := bigtable.NewInstance(ctx, \"instance\", \u0026bigtable.InstanceArgs{\n\t\t\tName: pulumi.String(\"tf-instance\"),\n\t\t\tClusters: bigtable.InstanceClusterArray{\n\t\t\t\t\u0026bigtable.InstanceClusterArgs{\n\t\t\t\t\tClusterId: pulumi.String(\"tf-instance-cluster\"),\n\t\t\t\t\tZone: pulumi.String(\"us-central1-b\"),\n\t\t\t\t\tNumNodes: pulumi.Int(3),\n\t\t\t\t\tStorageType: pulumi.String(\"HDD\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttable, err := bigtable.NewTable(ctx, \"table\", \u0026bigtable.TableArgs{\n\t\t\tName: pulumi.String(\"tf-table\"),\n\t\t\tInstanceName: instance.Name,\n\t\t\tSplitKeys: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"a\"),\n\t\t\t\tpulumi.String(\"b\"),\n\t\t\t\tpulumi.String(\"c\"),\n\t\t\t},\n\t\t\tColumnFamilies: bigtable.TableColumnFamilyArray{\n\t\t\t\t\u0026bigtable.TableColumnFamilyArgs{\n\t\t\t\t\tFamily: pulumi.String(\"family-first\"),\n\t\t\t\t},\n\t\t\t\t\u0026bigtable.TableColumnFamilyArgs{\n\t\t\t\t\tFamily: pulumi.String(\"family-second\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tChangeStreamRetention: pulumi.String(\"24h0m0s\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeBase64encode, err := std.Base64encode(ctx, \u0026std.Base64encodeArgs{\n\t\t\tInput: \"prefix#\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeBase64encode1, err := std.Base64encode(ctx, \u0026std.Base64encodeArgs{\n\t\t\tInput: \"qualifier\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeBase64encode2, err := std.Base64encode(ctx, \u0026std.Base64encodeArgs{\n\t\t\tInput: \"qualifier-second\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewAuthorizedView(ctx, \"authorized_view\", \u0026bigtable.AuthorizedViewArgs{\n\t\t\tName: pulumi.String(\"tf-authorized-view\"),\n\t\t\tInstanceName: instance.Name,\n\t\t\tTableName: table.Name,\n\t\t\tSubsetView: \u0026bigtable.AuthorizedViewSubsetViewArgs{\n\t\t\t\tRowPrefixes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(invokeBase64encode.Result),\n\t\t\t\t},\n\t\t\t\tFamilySubsets: bigtable.AuthorizedViewSubsetViewFamilySubsetArray{\n\t\t\t\t\t\u0026bigtable.AuthorizedViewSubsetViewFamilySubsetArgs{\n\t\t\t\t\t\tFamilyName: pulumi.String(\"family-first\"),\n\t\t\t\t\t\tQualifiers: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(invokeBase64encode1.Result),\n\t\t\t\t\t\t\tpulumi.String(invokeBase64encode2.Result),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026bigtable.AuthorizedViewSubsetViewFamilySubsetArgs{\n\t\t\t\t\t\tFamilyName: pulumi.String(\"family-second\"),\n\t\t\t\t\t\tQualifierPrefixes: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.Instance;\nimport com.pulumi.gcp.bigtable.InstanceArgs;\nimport com.pulumi.gcp.bigtable.inputs.InstanceClusterArgs;\nimport com.pulumi.gcp.bigtable.Table;\nimport com.pulumi.gcp.bigtable.TableArgs;\nimport com.pulumi.gcp.bigtable.inputs.TableColumnFamilyArgs;\nimport com.pulumi.gcp.bigtable.AuthorizedView;\nimport com.pulumi.gcp.bigtable.AuthorizedViewArgs;\nimport com.pulumi.gcp.bigtable.inputs.AuthorizedViewSubsetViewArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new Instance(\"instance\", InstanceArgs.builder()\n .name(\"tf-instance\")\n .clusters(InstanceClusterArgs.builder()\n .clusterId(\"tf-instance-cluster\")\n .zone(\"us-central1-b\")\n .numNodes(3)\n .storageType(\"HDD\")\n .build())\n .build());\n\n var table = new Table(\"table\", TableArgs.builder()\n .name(\"tf-table\")\n .instanceName(instance.name())\n .splitKeys( \n \"a\",\n \"b\",\n \"c\")\n .columnFamilies( \n TableColumnFamilyArgs.builder()\n .family(\"family-first\")\n .build(),\n TableColumnFamilyArgs.builder()\n .family(\"family-second\")\n .build())\n .changeStreamRetention(\"24h0m0s\")\n .build());\n\n var authorizedView = new AuthorizedView(\"authorizedView\", AuthorizedViewArgs.builder()\n .name(\"tf-authorized-view\")\n .instanceName(instance.name())\n .tableName(table.name())\n .subsetView(AuthorizedViewSubsetViewArgs.builder()\n .rowPrefixes(StdFunctions.base64encode(Base64encodeArgs.builder()\n .input(\"prefix#\")\n .build()).result())\n .familySubsets( \n AuthorizedViewSubsetViewFamilySubsetArgs.builder()\n .familyName(\"family-first\")\n .qualifiers( \n StdFunctions.base64encode(Base64encodeArgs.builder()\n .input(\"qualifier\")\n .build()).result(),\n StdFunctions.base64encode(Base64encodeArgs.builder()\n .input(\"qualifier-second\")\n .build()).result())\n .build(),\n AuthorizedViewSubsetViewFamilySubsetArgs.builder()\n .familyName(\"family-second\")\n .qualifierPrefixes(\"\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:bigtable:Instance\n properties:\n name: tf-instance\n clusters:\n - clusterId: tf-instance-cluster\n zone: us-central1-b\n numNodes: 3\n storageType: HDD\n table:\n type: gcp:bigtable:Table\n properties:\n name: tf-table\n instanceName: ${instance.name}\n splitKeys:\n - a\n - b\n - c\n columnFamilies:\n - family: family-first\n - family: family-second\n changeStreamRetention: 24h0m0s\n authorizedView:\n type: gcp:bigtable:AuthorizedView\n name: authorized_view\n properties:\n name: tf-authorized-view\n instanceName: ${instance.name}\n tableName: ${table.name}\n subsetView:\n rowPrefixes:\n - fn::invoke:\n function: std:base64encode\n arguments:\n input: prefix#\n return: result\n familySubsets:\n - familyName: family-first\n qualifiers:\n - fn::invoke:\n function: std:base64encode\n arguments:\n input: qualifier\n return: result\n - fn::invoke:\n function: std:base64encode\n arguments:\n input: qualifier-second\n return: result\n - familyName: family-second\n qualifierPrefixes:\n - \"\"\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nBigtable Authorized Views can be imported using any of these accepted formats:\n\n* `projects/{{project}}/instances/{{instance_name}}/tables/{{table_name}}/authorizedViews/{{name}}`\n\n* `{{project}}/{{instance_name}}/{{table_name}}/{{name}}`\n\n* `{{instance_name}}/{{table_name}}/{{name}}`\n\nWhen using the `pulumi import` command, Bigtable Authorized Views can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:bigtable/authorizedView:AuthorizedView default projects/{{project}}/instances/{{instance_name}}/tables/{{table_name}}/authorizedViews/{{name}}\n```\n\n```sh\n$ pulumi import gcp:bigtable/authorizedView:AuthorizedView default {{project}}/{{instance_name}}/{{table_name}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:bigtable/authorizedView:AuthorizedView default {{instance_name}}/{{table_name}}/{{name}}\n```\n\n", "properties": { "deletionProtection": { "type": "string" @@ -144777,7 +144777,7 @@ } }, "gcp:bigtable/instanceIamBinding:InstanceIamBinding": { - "description": "Three different resources help you manage IAM policies on bigtable instances. Each of these resources serves a different use case:\n\n* `gcp.bigtable.InstanceIamPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.bigtable.InstanceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.bigtable.InstanceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\n\u003e **Note:** `gcp.bigtable.InstanceIamPolicy` **cannot** be used in conjunction with `gcp.bigtable.InstanceIamBinding` and `gcp.bigtable.InstanceIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the instance as `gcp.bigtable.InstanceIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.bigtable.InstanceIamBinding` resources **can be** used in conjunction with `gcp.bigtable.InstanceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.bigtable.InstanceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.InstanceIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigtable.user\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.bigtable.InstanceIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.InstanceIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewInstanceIamPolicy(ctx, \"editor\", \u0026bigtable.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicy;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new InstanceIamPolicy(\"editor\", InstanceIamPolicyArgs.builder()\n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.InstanceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamBinding(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamBinding(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamBinding(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamBinding(ctx, \"editor\", \u0026bigtable.InstanceIamBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamBinding;\nimport com.pulumi.gcp.bigtable.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamBinding(\"editor\", InstanceIamBindingArgs.builder()\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamBinding\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.InstanceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamMember(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamMember(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamMember(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamMember(ctx, \"editor\", \u0026bigtable.InstanceIamMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamMember;\nimport com.pulumi.gcp.bigtable.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamMember(\"editor\", InstanceIamMemberArgs.builder()\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamMember\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.InstanceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.InstanceIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigtable.user\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.bigtable.InstanceIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.InstanceIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewInstanceIamPolicy(ctx, \"editor\", \u0026bigtable.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicy;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new InstanceIamPolicy(\"editor\", InstanceIamPolicyArgs.builder()\n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.InstanceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamBinding(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamBinding(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamBinding(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamBinding(ctx, \"editor\", \u0026bigtable.InstanceIamBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamBinding;\nimport com.pulumi.gcp.bigtable.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamBinding(\"editor\", InstanceIamBindingArgs.builder()\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamBinding\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.InstanceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamMember(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamMember(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamMember(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamMember(ctx, \"editor\", \u0026bigtable.InstanceIamMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamMember;\nimport com.pulumi.gcp.bigtable.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamMember(\"editor\", InstanceIamMemberArgs.builder()\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamMember\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `instance` identifier of the Bigtable Instance resource only. For example:\n\n* `\"projects/{project}/instances/{instance}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/instances/{instance}\"\n\n to = google_bigtable_instance_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigtable/instanceIamBinding:InstanceIamBinding default projects/{project}/instances/{instance}\n```\n\n", + "description": "Three different resources help you manage IAM policies on bigtable instances. Each of these resources serves a different use case:\n\n* `gcp.bigtable.InstanceIamPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.bigtable.InstanceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.bigtable.InstanceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\n\u003e **Note:** `gcp.bigtable.InstanceIamPolicy` **cannot** be used in conjunction with `gcp.bigtable.InstanceIamBinding` and `gcp.bigtable.InstanceIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the instance as `gcp.bigtable.InstanceIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.bigtable.InstanceIamBinding` resources **can be** used in conjunction with `gcp.bigtable.InstanceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.bigtable.InstanceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.InstanceIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigtable.user\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.bigtable.InstanceIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.InstanceIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewInstanceIamPolicy(ctx, \"editor\", \u0026bigtable.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicy;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new InstanceIamPolicy(\"editor\", InstanceIamPolicyArgs.builder()\n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.InstanceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamBinding(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamBinding(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamBinding(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamBinding(ctx, \"editor\", \u0026bigtable.InstanceIamBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamBinding;\nimport com.pulumi.gcp.bigtable.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamBinding(\"editor\", InstanceIamBindingArgs.builder()\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamBinding\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.InstanceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamMember(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamMember(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamMember(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamMember(ctx, \"editor\", \u0026bigtable.InstanceIamMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamMember;\nimport com.pulumi.gcp.bigtable.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamMember(\"editor\", InstanceIamMemberArgs.builder()\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamMember\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.InstanceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.InstanceIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigtable.user\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.bigtable.InstanceIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.InstanceIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewInstanceIamPolicy(ctx, \"editor\", \u0026bigtable.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicy;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new InstanceIamPolicy(\"editor\", InstanceIamPolicyArgs.builder()\n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.InstanceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamBinding(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamBinding(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamBinding(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamBinding(ctx, \"editor\", \u0026bigtable.InstanceIamBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamBinding;\nimport com.pulumi.gcp.bigtable.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamBinding(\"editor\", InstanceIamBindingArgs.builder()\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamBinding\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.InstanceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamMember(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamMember(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamMember(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamMember(ctx, \"editor\", \u0026bigtable.InstanceIamMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamMember;\nimport com.pulumi.gcp.bigtable.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamMember(\"editor\", InstanceIamMemberArgs.builder()\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamMember\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `instance` identifier of the Bigtable Instance resource only. For example:\n\n* `\"projects/{project}/instances/{instance}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/instances/{instance}\"\n\n to = google_bigtable_instance_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigtable/instanceIamBinding:InstanceIamBinding default projects/{project}/instances/{instance}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:bigtable/InstanceIamBindingCondition:InstanceIamBindingCondition", @@ -144884,7 +144884,7 @@ } }, "gcp:bigtable/instanceIamMember:InstanceIamMember": { - "description": "Three different resources help you manage IAM policies on bigtable instances. Each of these resources serves a different use case:\n\n* `gcp.bigtable.InstanceIamPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.bigtable.InstanceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.bigtable.InstanceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\n\u003e **Note:** `gcp.bigtable.InstanceIamPolicy` **cannot** be used in conjunction with `gcp.bigtable.InstanceIamBinding` and `gcp.bigtable.InstanceIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the instance as `gcp.bigtable.InstanceIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.bigtable.InstanceIamBinding` resources **can be** used in conjunction with `gcp.bigtable.InstanceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.bigtable.InstanceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.InstanceIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigtable.user\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.bigtable.InstanceIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.InstanceIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewInstanceIamPolicy(ctx, \"editor\", \u0026bigtable.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicy;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new InstanceIamPolicy(\"editor\", InstanceIamPolicyArgs.builder()\n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.InstanceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamBinding(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamBinding(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamBinding(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamBinding(ctx, \"editor\", \u0026bigtable.InstanceIamBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamBinding;\nimport com.pulumi.gcp.bigtable.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamBinding(\"editor\", InstanceIamBindingArgs.builder()\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamBinding\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.InstanceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamMember(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamMember(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamMember(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamMember(ctx, \"editor\", \u0026bigtable.InstanceIamMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamMember;\nimport com.pulumi.gcp.bigtable.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamMember(\"editor\", InstanceIamMemberArgs.builder()\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamMember\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.InstanceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.InstanceIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigtable.user\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.bigtable.InstanceIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.InstanceIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewInstanceIamPolicy(ctx, \"editor\", \u0026bigtable.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicy;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new InstanceIamPolicy(\"editor\", InstanceIamPolicyArgs.builder()\n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.InstanceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamBinding(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamBinding(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamBinding(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamBinding(ctx, \"editor\", \u0026bigtable.InstanceIamBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamBinding;\nimport com.pulumi.gcp.bigtable.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamBinding(\"editor\", InstanceIamBindingArgs.builder()\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamBinding\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.InstanceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamMember(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamMember(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamMember(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamMember(ctx, \"editor\", \u0026bigtable.InstanceIamMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamMember;\nimport com.pulumi.gcp.bigtable.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamMember(\"editor\", InstanceIamMemberArgs.builder()\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamMember\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `instance` identifier of the Bigtable Instance resource only. For example:\n\n* `\"projects/{project}/instances/{instance}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/instances/{instance}\"\n\n to = google_bigtable_instance_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigtable/instanceIamMember:InstanceIamMember default projects/{project}/instances/{instance}\n```\n\n", + "description": "Three different resources help you manage IAM policies on bigtable instances. Each of these resources serves a different use case:\n\n* `gcp.bigtable.InstanceIamPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.bigtable.InstanceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.bigtable.InstanceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\n\u003e **Note:** `gcp.bigtable.InstanceIamPolicy` **cannot** be used in conjunction with `gcp.bigtable.InstanceIamBinding` and `gcp.bigtable.InstanceIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the instance as `gcp.bigtable.InstanceIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.bigtable.InstanceIamBinding` resources **can be** used in conjunction with `gcp.bigtable.InstanceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.bigtable.InstanceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.InstanceIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigtable.user\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.bigtable.InstanceIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.InstanceIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewInstanceIamPolicy(ctx, \"editor\", \u0026bigtable.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicy;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new InstanceIamPolicy(\"editor\", InstanceIamPolicyArgs.builder()\n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.InstanceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamBinding(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamBinding(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamBinding(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamBinding(ctx, \"editor\", \u0026bigtable.InstanceIamBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamBinding;\nimport com.pulumi.gcp.bigtable.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamBinding(\"editor\", InstanceIamBindingArgs.builder()\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamBinding\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.InstanceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamMember(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamMember(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamMember(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamMember(ctx, \"editor\", \u0026bigtable.InstanceIamMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamMember;\nimport com.pulumi.gcp.bigtable.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamMember(\"editor\", InstanceIamMemberArgs.builder()\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamMember\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.InstanceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.InstanceIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigtable.user\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.bigtable.InstanceIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.InstanceIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewInstanceIamPolicy(ctx, \"editor\", \u0026bigtable.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicy;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new InstanceIamPolicy(\"editor\", InstanceIamPolicyArgs.builder()\n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.InstanceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamBinding(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamBinding(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamBinding(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamBinding(ctx, \"editor\", \u0026bigtable.InstanceIamBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamBinding;\nimport com.pulumi.gcp.bigtable.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamBinding(\"editor\", InstanceIamBindingArgs.builder()\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamBinding\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.InstanceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamMember(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamMember(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamMember(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamMember(ctx, \"editor\", \u0026bigtable.InstanceIamMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamMember;\nimport com.pulumi.gcp.bigtable.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamMember(\"editor\", InstanceIamMemberArgs.builder()\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamMember\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `instance` identifier of the Bigtable Instance resource only. For example:\n\n* `\"projects/{project}/instances/{instance}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/instances/{instance}\"\n\n to = google_bigtable_instance_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigtable/instanceIamMember:InstanceIamMember default projects/{project}/instances/{instance}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:bigtable/InstanceIamMemberCondition:InstanceIamMemberCondition", @@ -144984,7 +144984,7 @@ } }, "gcp:bigtable/instanceIamPolicy:InstanceIamPolicy": { - "description": "Three different resources help you manage IAM policies on bigtable instances. Each of these resources serves a different use case:\n\n* `gcp.bigtable.InstanceIamPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.bigtable.InstanceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.bigtable.InstanceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\n\u003e **Note:** `gcp.bigtable.InstanceIamPolicy` **cannot** be used in conjunction with `gcp.bigtable.InstanceIamBinding` and `gcp.bigtable.InstanceIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the instance as `gcp.bigtable.InstanceIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.bigtable.InstanceIamBinding` resources **can be** used in conjunction with `gcp.bigtable.InstanceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.bigtable.InstanceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.InstanceIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigtable.user\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.bigtable.InstanceIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.InstanceIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewInstanceIamPolicy(ctx, \"editor\", \u0026bigtable.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicy;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new InstanceIamPolicy(\"editor\", InstanceIamPolicyArgs.builder()\n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.InstanceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamBinding(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamBinding(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamBinding(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamBinding(ctx, \"editor\", \u0026bigtable.InstanceIamBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamBinding;\nimport com.pulumi.gcp.bigtable.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamBinding(\"editor\", InstanceIamBindingArgs.builder()\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamBinding\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.InstanceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamMember(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamMember(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamMember(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamMember(ctx, \"editor\", \u0026bigtable.InstanceIamMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamMember;\nimport com.pulumi.gcp.bigtable.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamMember(\"editor\", InstanceIamMemberArgs.builder()\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamMember\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.InstanceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.InstanceIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigtable.user\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.bigtable.InstanceIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.InstanceIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewInstanceIamPolicy(ctx, \"editor\", \u0026bigtable.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicy;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new InstanceIamPolicy(\"editor\", InstanceIamPolicyArgs.builder()\n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.InstanceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamBinding(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamBinding(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamBinding(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamBinding(ctx, \"editor\", \u0026bigtable.InstanceIamBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamBinding;\nimport com.pulumi.gcp.bigtable.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamBinding(\"editor\", InstanceIamBindingArgs.builder()\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamBinding\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.InstanceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamMember(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamMember(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamMember(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamMember(ctx, \"editor\", \u0026bigtable.InstanceIamMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamMember;\nimport com.pulumi.gcp.bigtable.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamMember(\"editor\", InstanceIamMemberArgs.builder()\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamMember\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `instance` identifier of the Bigtable Instance resource only. For example:\n\n* `\"projects/{project}/instances/{instance}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/instances/{instance}\"\n\n to = google_bigtable_instance_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigtable/instanceIamPolicy:InstanceIamPolicy default projects/{project}/instances/{instance}\n```\n\n", + "description": "Three different resources help you manage IAM policies on bigtable instances. Each of these resources serves a different use case:\n\n* `gcp.bigtable.InstanceIamPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.bigtable.InstanceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.bigtable.InstanceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\n\u003e **Note:** `gcp.bigtable.InstanceIamPolicy` **cannot** be used in conjunction with `gcp.bigtable.InstanceIamBinding` and `gcp.bigtable.InstanceIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the instance as `gcp.bigtable.InstanceIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.bigtable.InstanceIamBinding` resources **can be** used in conjunction with `gcp.bigtable.InstanceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.bigtable.InstanceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.InstanceIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigtable.user\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.bigtable.InstanceIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.InstanceIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewInstanceIamPolicy(ctx, \"editor\", \u0026bigtable.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicy;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new InstanceIamPolicy(\"editor\", InstanceIamPolicyArgs.builder()\n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.InstanceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamBinding(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamBinding(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamBinding(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamBinding(ctx, \"editor\", \u0026bigtable.InstanceIamBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamBinding;\nimport com.pulumi.gcp.bigtable.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamBinding(\"editor\", InstanceIamBindingArgs.builder()\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamBinding\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.InstanceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamMember(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamMember(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamMember(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamMember(ctx, \"editor\", \u0026bigtable.InstanceIamMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamMember;\nimport com.pulumi.gcp.bigtable.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamMember(\"editor\", InstanceIamMemberArgs.builder()\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamMember\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.InstanceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.InstanceIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigtable.user\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.bigtable.InstanceIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.InstanceIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewInstanceIamPolicy(ctx, \"editor\", \u0026bigtable.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicy;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new InstanceIamPolicy(\"editor\", InstanceIamPolicyArgs.builder()\n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.InstanceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamBinding(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamBinding(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamBinding(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamBinding(ctx, \"editor\", \u0026bigtable.InstanceIamBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamBinding;\nimport com.pulumi.gcp.bigtable.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamBinding(\"editor\", InstanceIamBindingArgs.builder()\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamBinding\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.InstanceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamMember(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamMember(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamMember(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamMember(ctx, \"editor\", \u0026bigtable.InstanceIamMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamMember;\nimport com.pulumi.gcp.bigtable.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamMember(\"editor\", InstanceIamMemberArgs.builder()\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamMember\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `instance` identifier of the Bigtable Instance resource only. For example:\n\n* `\"projects/{project}/instances/{instance}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/instances/{instance}\"\n\n to = google_bigtable_instance_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigtable/instanceIamPolicy:InstanceIamPolicy default projects/{project}/instances/{instance}\n```\n\n", "properties": { "etag": { "type": "string", @@ -145194,7 +145194,7 @@ } }, "gcp:bigtable/tableIamBinding:TableIamBinding": { - "description": "Three different resources help you manage IAM policies on bigtable tables. Each of these resources serves a different use case:\n\n* `gcp.bigtable.TableIamPolicy`: Authoritative. Sets the IAM policy for the tables and replaces any existing policy already attached.\n* `gcp.bigtable.TableIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.bigtable.TableIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the table are preserved.\n\n\u003e **Note:** `gcp.bigtable.TableIamPolicy` **cannot** be used in conjunction with `gcp.bigtable.TableIamBinding` and `gcp.bigtable.TableIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the table as `gcp.bigtable.TableIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.bigtable.TableIamBinding` resources **can be** used in conjunction with `gcp.bigtable.TableIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.bigtable.TableIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.TableIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n table: \"your-bigtable-table\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigtable.user\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.bigtable.TableIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n table=\"your-bigtable-table\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.TableIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n Table = \"your-bigtable-table\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewTableIamPolicy(ctx, \"editor\", \u0026bigtable.TableIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.TableIamPolicy;\nimport com.pulumi.gcp.bigtable.TableIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new TableIamPolicy(\"editor\", TableIamPolicyArgs.builder()\n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .table(\"your-bigtable-table\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n table: your-bigtable-table\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.TableIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamBinding(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamBinding(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamBinding(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamBinding(ctx, \"editor\", \u0026bigtable.TableIamBindingArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamBinding;\nimport com.pulumi.gcp.bigtable.TableIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamBinding(\"editor\", TableIamBindingArgs.builder()\n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamBinding\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.TableIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamMember(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamMember(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamMember(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamMember(ctx, \"editor\", \u0026bigtable.TableIamMemberArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamMember;\nimport com.pulumi.gcp.bigtable.TableIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamMember(\"editor\", TableIamMemberArgs.builder()\n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamMember\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.TableIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.TableIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n table: \"your-bigtable-table\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigtable.user\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.bigtable.TableIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n table=\"your-bigtable-table\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.TableIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n Table = \"your-bigtable-table\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewTableIamPolicy(ctx, \"editor\", \u0026bigtable.TableIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.TableIamPolicy;\nimport com.pulumi.gcp.bigtable.TableIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new TableIamPolicy(\"editor\", TableIamPolicyArgs.builder()\n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .table(\"your-bigtable-table\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n table: your-bigtable-table\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.TableIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamBinding(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamBinding(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamBinding(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamBinding(ctx, \"editor\", \u0026bigtable.TableIamBindingArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamBinding;\nimport com.pulumi.gcp.bigtable.TableIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamBinding(\"editor\", TableIamBindingArgs.builder()\n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamBinding\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.TableIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamMember(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamMember(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamMember(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamMember(ctx, \"editor\", \u0026bigtable.TableIamMemberArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamMember;\nimport com.pulumi.gcp.bigtable.TableIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamMember(\"editor\", TableIamMemberArgs.builder()\n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamMember\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `table` identifier of the Bigtable Table resource only. For example:\n\n* `\"projects/{project}/instances/{instance}/tables/{table}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/instances/{instance}/tables/{table}\"\n\n to = google_bigtable_table_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigtable/tableIamBinding:TableIamBinding default projects/{project}/instances/{instance}/tables/{table}\n```\n\n", + "description": "Three different resources help you manage IAM policies on bigtable tables. Each of these resources serves a different use case:\n\n* `gcp.bigtable.TableIamPolicy`: Authoritative. Sets the IAM policy for the tables and replaces any existing policy already attached.\n* `gcp.bigtable.TableIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.bigtable.TableIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the table are preserved.\n\n\u003e **Note:** `gcp.bigtable.TableIamPolicy` **cannot** be used in conjunction with `gcp.bigtable.TableIamBinding` and `gcp.bigtable.TableIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the table as `gcp.bigtable.TableIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.bigtable.TableIamBinding` resources **can be** used in conjunction with `gcp.bigtable.TableIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.bigtable.TableIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.TableIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n table: \"your-bigtable-table\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigtable.user\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.bigtable.TableIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n table=\"your-bigtable-table\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.TableIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n Table = \"your-bigtable-table\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewTableIamPolicy(ctx, \"editor\", \u0026bigtable.TableIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.TableIamPolicy;\nimport com.pulumi.gcp.bigtable.TableIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new TableIamPolicy(\"editor\", TableIamPolicyArgs.builder()\n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .table(\"your-bigtable-table\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n table: your-bigtable-table\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.TableIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamBinding(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamBinding(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamBinding(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamBinding(ctx, \"editor\", \u0026bigtable.TableIamBindingArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamBinding;\nimport com.pulumi.gcp.bigtable.TableIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamBinding(\"editor\", TableIamBindingArgs.builder()\n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamBinding\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.TableIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamMember(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamMember(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamMember(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamMember(ctx, \"editor\", \u0026bigtable.TableIamMemberArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamMember;\nimport com.pulumi.gcp.bigtable.TableIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamMember(\"editor\", TableIamMemberArgs.builder()\n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamMember\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.TableIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.TableIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n table: \"your-bigtable-table\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigtable.user\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.bigtable.TableIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n table=\"your-bigtable-table\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.TableIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n Table = \"your-bigtable-table\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewTableIamPolicy(ctx, \"editor\", \u0026bigtable.TableIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.TableIamPolicy;\nimport com.pulumi.gcp.bigtable.TableIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new TableIamPolicy(\"editor\", TableIamPolicyArgs.builder()\n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .table(\"your-bigtable-table\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n table: your-bigtable-table\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.TableIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamBinding(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamBinding(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamBinding(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamBinding(ctx, \"editor\", \u0026bigtable.TableIamBindingArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamBinding;\nimport com.pulumi.gcp.bigtable.TableIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamBinding(\"editor\", TableIamBindingArgs.builder()\n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamBinding\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.TableIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamMember(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamMember(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamMember(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamMember(ctx, \"editor\", \u0026bigtable.TableIamMemberArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamMember;\nimport com.pulumi.gcp.bigtable.TableIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamMember(\"editor\", TableIamMemberArgs.builder()\n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamMember\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `table` identifier of the Bigtable Table resource only. For example:\n\n* `\"projects/{project}/instances/{instance}/tables/{table}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/instances/{instance}/tables/{table}\"\n\n to = google_bigtable_table_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigtable/tableIamBinding:TableIamBinding default projects/{project}/instances/{instance}/tables/{table}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:bigtable/TableIamBindingCondition:TableIamBindingCondition" @@ -145317,7 +145317,7 @@ } }, "gcp:bigtable/tableIamMember:TableIamMember": { - "description": "Three different resources help you manage IAM policies on bigtable tables. Each of these resources serves a different use case:\n\n* `gcp.bigtable.TableIamPolicy`: Authoritative. Sets the IAM policy for the tables and replaces any existing policy already attached.\n* `gcp.bigtable.TableIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.bigtable.TableIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the table are preserved.\n\n\u003e **Note:** `gcp.bigtable.TableIamPolicy` **cannot** be used in conjunction with `gcp.bigtable.TableIamBinding` and `gcp.bigtable.TableIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the table as `gcp.bigtable.TableIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.bigtable.TableIamBinding` resources **can be** used in conjunction with `gcp.bigtable.TableIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.bigtable.TableIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.TableIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n table: \"your-bigtable-table\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigtable.user\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.bigtable.TableIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n table=\"your-bigtable-table\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.TableIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n Table = \"your-bigtable-table\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewTableIamPolicy(ctx, \"editor\", \u0026bigtable.TableIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.TableIamPolicy;\nimport com.pulumi.gcp.bigtable.TableIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new TableIamPolicy(\"editor\", TableIamPolicyArgs.builder()\n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .table(\"your-bigtable-table\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n table: your-bigtable-table\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.TableIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamBinding(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamBinding(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamBinding(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamBinding(ctx, \"editor\", \u0026bigtable.TableIamBindingArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamBinding;\nimport com.pulumi.gcp.bigtable.TableIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamBinding(\"editor\", TableIamBindingArgs.builder()\n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamBinding\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.TableIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamMember(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamMember(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamMember(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamMember(ctx, \"editor\", \u0026bigtable.TableIamMemberArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamMember;\nimport com.pulumi.gcp.bigtable.TableIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamMember(\"editor\", TableIamMemberArgs.builder()\n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamMember\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.TableIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.TableIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n table: \"your-bigtable-table\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigtable.user\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.bigtable.TableIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n table=\"your-bigtable-table\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.TableIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n Table = \"your-bigtable-table\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewTableIamPolicy(ctx, \"editor\", \u0026bigtable.TableIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.TableIamPolicy;\nimport com.pulumi.gcp.bigtable.TableIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new TableIamPolicy(\"editor\", TableIamPolicyArgs.builder()\n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .table(\"your-bigtable-table\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n table: your-bigtable-table\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.TableIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamBinding(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamBinding(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamBinding(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamBinding(ctx, \"editor\", \u0026bigtable.TableIamBindingArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamBinding;\nimport com.pulumi.gcp.bigtable.TableIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamBinding(\"editor\", TableIamBindingArgs.builder()\n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamBinding\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.TableIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamMember(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamMember(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamMember(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamMember(ctx, \"editor\", \u0026bigtable.TableIamMemberArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamMember;\nimport com.pulumi.gcp.bigtable.TableIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamMember(\"editor\", TableIamMemberArgs.builder()\n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamMember\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `table` identifier of the Bigtable Table resource only. For example:\n\n* `\"projects/{project}/instances/{instance}/tables/{table}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/instances/{instance}/tables/{table}\"\n\n to = google_bigtable_table_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigtable/tableIamMember:TableIamMember default projects/{project}/instances/{instance}/tables/{table}\n```\n\n", + "description": "Three different resources help you manage IAM policies on bigtable tables. Each of these resources serves a different use case:\n\n* `gcp.bigtable.TableIamPolicy`: Authoritative. Sets the IAM policy for the tables and replaces any existing policy already attached.\n* `gcp.bigtable.TableIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.bigtable.TableIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the table are preserved.\n\n\u003e **Note:** `gcp.bigtable.TableIamPolicy` **cannot** be used in conjunction with `gcp.bigtable.TableIamBinding` and `gcp.bigtable.TableIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the table as `gcp.bigtable.TableIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.bigtable.TableIamBinding` resources **can be** used in conjunction with `gcp.bigtable.TableIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.bigtable.TableIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.TableIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n table: \"your-bigtable-table\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigtable.user\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.bigtable.TableIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n table=\"your-bigtable-table\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.TableIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n Table = \"your-bigtable-table\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewTableIamPolicy(ctx, \"editor\", \u0026bigtable.TableIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.TableIamPolicy;\nimport com.pulumi.gcp.bigtable.TableIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new TableIamPolicy(\"editor\", TableIamPolicyArgs.builder()\n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .table(\"your-bigtable-table\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n table: your-bigtable-table\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.TableIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamBinding(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamBinding(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamBinding(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamBinding(ctx, \"editor\", \u0026bigtable.TableIamBindingArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamBinding;\nimport com.pulumi.gcp.bigtable.TableIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamBinding(\"editor\", TableIamBindingArgs.builder()\n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamBinding\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.TableIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamMember(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamMember(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamMember(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamMember(ctx, \"editor\", \u0026bigtable.TableIamMemberArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamMember;\nimport com.pulumi.gcp.bigtable.TableIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamMember(\"editor\", TableIamMemberArgs.builder()\n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamMember\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.TableIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.TableIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n table: \"your-bigtable-table\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigtable.user\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.bigtable.TableIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n table=\"your-bigtable-table\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.TableIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n Table = \"your-bigtable-table\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewTableIamPolicy(ctx, \"editor\", \u0026bigtable.TableIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.TableIamPolicy;\nimport com.pulumi.gcp.bigtable.TableIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new TableIamPolicy(\"editor\", TableIamPolicyArgs.builder()\n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .table(\"your-bigtable-table\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n table: your-bigtable-table\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.TableIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamBinding(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamBinding(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamBinding(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamBinding(ctx, \"editor\", \u0026bigtable.TableIamBindingArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamBinding;\nimport com.pulumi.gcp.bigtable.TableIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamBinding(\"editor\", TableIamBindingArgs.builder()\n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamBinding\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.TableIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamMember(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamMember(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamMember(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamMember(ctx, \"editor\", \u0026bigtable.TableIamMemberArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamMember;\nimport com.pulumi.gcp.bigtable.TableIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamMember(\"editor\", TableIamMemberArgs.builder()\n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamMember\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `table` identifier of the Bigtable Table resource only. For example:\n\n* `\"projects/{project}/instances/{instance}/tables/{table}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/instances/{instance}/tables/{table}\"\n\n to = google_bigtable_table_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigtable/tableIamMember:TableIamMember default projects/{project}/instances/{instance}/tables/{table}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:bigtable/TableIamMemberCondition:TableIamMemberCondition" @@ -145433,7 +145433,7 @@ } }, "gcp:bigtable/tableIamPolicy:TableIamPolicy": { - "description": "Three different resources help you manage IAM policies on bigtable tables. Each of these resources serves a different use case:\n\n* `gcp.bigtable.TableIamPolicy`: Authoritative. Sets the IAM policy for the tables and replaces any existing policy already attached.\n* `gcp.bigtable.TableIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.bigtable.TableIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the table are preserved.\n\n\u003e **Note:** `gcp.bigtable.TableIamPolicy` **cannot** be used in conjunction with `gcp.bigtable.TableIamBinding` and `gcp.bigtable.TableIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the table as `gcp.bigtable.TableIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.bigtable.TableIamBinding` resources **can be** used in conjunction with `gcp.bigtable.TableIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.bigtable.TableIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.TableIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n table: \"your-bigtable-table\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigtable.user\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.bigtable.TableIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n table=\"your-bigtable-table\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.TableIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n Table = \"your-bigtable-table\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewTableIamPolicy(ctx, \"editor\", \u0026bigtable.TableIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.TableIamPolicy;\nimport com.pulumi.gcp.bigtable.TableIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new TableIamPolicy(\"editor\", TableIamPolicyArgs.builder()\n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .table(\"your-bigtable-table\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n table: your-bigtable-table\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.TableIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamBinding(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamBinding(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamBinding(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamBinding(ctx, \"editor\", \u0026bigtable.TableIamBindingArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamBinding;\nimport com.pulumi.gcp.bigtable.TableIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamBinding(\"editor\", TableIamBindingArgs.builder()\n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamBinding\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.TableIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamMember(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamMember(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamMember(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamMember(ctx, \"editor\", \u0026bigtable.TableIamMemberArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamMember;\nimport com.pulumi.gcp.bigtable.TableIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamMember(\"editor\", TableIamMemberArgs.builder()\n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamMember\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.TableIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.TableIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n table: \"your-bigtable-table\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigtable.user\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.bigtable.TableIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n table=\"your-bigtable-table\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.TableIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n Table = \"your-bigtable-table\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewTableIamPolicy(ctx, \"editor\", \u0026bigtable.TableIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.TableIamPolicy;\nimport com.pulumi.gcp.bigtable.TableIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new TableIamPolicy(\"editor\", TableIamPolicyArgs.builder()\n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .table(\"your-bigtable-table\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n table: your-bigtable-table\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.TableIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamBinding(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamBinding(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamBinding(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamBinding(ctx, \"editor\", \u0026bigtable.TableIamBindingArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamBinding;\nimport com.pulumi.gcp.bigtable.TableIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamBinding(\"editor\", TableIamBindingArgs.builder()\n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamBinding\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.TableIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamMember(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamMember(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamMember(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamMember(ctx, \"editor\", \u0026bigtable.TableIamMemberArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamMember;\nimport com.pulumi.gcp.bigtable.TableIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamMember(\"editor\", TableIamMemberArgs.builder()\n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamMember\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `table` identifier of the Bigtable Table resource only. For example:\n\n* `\"projects/{project}/instances/{instance}/tables/{table}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/instances/{instance}/tables/{table}\"\n\n to = google_bigtable_table_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigtable/tableIamPolicy:TableIamPolicy default projects/{project}/instances/{instance}/tables/{table}\n```\n\n", + "description": "Three different resources help you manage IAM policies on bigtable tables. Each of these resources serves a different use case:\n\n* `gcp.bigtable.TableIamPolicy`: Authoritative. Sets the IAM policy for the tables and replaces any existing policy already attached.\n* `gcp.bigtable.TableIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.bigtable.TableIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the table are preserved.\n\n\u003e **Note:** `gcp.bigtable.TableIamPolicy` **cannot** be used in conjunction with `gcp.bigtable.TableIamBinding` and `gcp.bigtable.TableIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the table as `gcp.bigtable.TableIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.bigtable.TableIamBinding` resources **can be** used in conjunction with `gcp.bigtable.TableIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.bigtable.TableIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.TableIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n table: \"your-bigtable-table\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigtable.user\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.bigtable.TableIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n table=\"your-bigtable-table\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.TableIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n Table = \"your-bigtable-table\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewTableIamPolicy(ctx, \"editor\", \u0026bigtable.TableIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.TableIamPolicy;\nimport com.pulumi.gcp.bigtable.TableIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new TableIamPolicy(\"editor\", TableIamPolicyArgs.builder()\n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .table(\"your-bigtable-table\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n table: your-bigtable-table\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.TableIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamBinding(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamBinding(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamBinding(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamBinding(ctx, \"editor\", \u0026bigtable.TableIamBindingArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamBinding;\nimport com.pulumi.gcp.bigtable.TableIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamBinding(\"editor\", TableIamBindingArgs.builder()\n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamBinding\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.TableIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamMember(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamMember(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamMember(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamMember(ctx, \"editor\", \u0026bigtable.TableIamMemberArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamMember;\nimport com.pulumi.gcp.bigtable.TableIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamMember(\"editor\", TableIamMemberArgs.builder()\n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamMember\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.TableIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.TableIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n table: \"your-bigtable-table\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/bigtable.user\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.bigtable.TableIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n table=\"your-bigtable-table\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.TableIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n Table = \"your-bigtable-table\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewTableIamPolicy(ctx, \"editor\", \u0026bigtable.TableIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.TableIamPolicy;\nimport com.pulumi.gcp.bigtable.TableIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new TableIamPolicy(\"editor\", TableIamPolicyArgs.builder()\n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .table(\"your-bigtable-table\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n table: your-bigtable-table\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.TableIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamBinding(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamBinding(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamBinding(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamBinding(ctx, \"editor\", \u0026bigtable.TableIamBindingArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamBinding;\nimport com.pulumi.gcp.bigtable.TableIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamBinding(\"editor\", TableIamBindingArgs.builder()\n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamBinding\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.bigtable.TableIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamMember(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamMember(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamMember(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamMember(ctx, \"editor\", \u0026bigtable.TableIamMemberArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamMember;\nimport com.pulumi.gcp.bigtable.TableIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamMember(\"editor\", TableIamMemberArgs.builder()\n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamMember\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `table` identifier of the Bigtable Table resource only. For example:\n\n* `\"projects/{project}/instances/{instance}/tables/{table}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/instances/{instance}/tables/{table}\"\n\n to = google_bigtable_table_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigtable/tableIamPolicy:TableIamPolicy default projects/{project}/instances/{instance}/tables/{table}\n```\n\n", "properties": { "etag": { "type": "string", @@ -145520,7 +145520,7 @@ } }, "gcp:billing/accountIamBinding:AccountIamBinding": { - "description": "Three different resources help you manage IAM policies on billing accounts. Each of these resources serves a different use case:\n\n* `gcp.billing.AccountIamPolicy`: Authoritative. Sets the IAM policy for the billing accounts and replaces any existing policy already attached.\n* `gcp.billing.AccountIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.billing.AccountIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role of the billing accounts are preserved.\n\n\u003e **Note:** `gcp.billing.AccountIamPolicy` **cannot** be used in conjunction with `gcp.billing.AccountIamBinding` and `gcp.billing.AccountIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the billing account as `gcp.billing.AccountIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.billing.AccountIamBinding` resources **can be** used in conjunction with `gcp.billing.AccountIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.billing.AccountIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.billing.AccountIamPolicy(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/billing.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.billing.AccountIamPolicy(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Billing.AccountIamPolicy(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/billing.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = billing.NewAccountIamPolicy(ctx, \"editor\", \u0026billing.AccountIamPolicyArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.billing.AccountIamPolicy;\nimport com.pulumi.gcp.billing.AccountIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new AccountIamPolicy(\"editor\", AccountIamPolicyArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamPolicy\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.billing.AccountIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamBinding(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamBinding(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamBinding(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamBinding(ctx, \"editor\", \u0026billing.AccountIamBindingArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamBinding;\nimport com.pulumi.gcp.billing.AccountIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamBinding(\"editor\", AccountIamBindingArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamBinding\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.billing.AccountIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamMember(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamMember(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamMember(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamMember(ctx, \"editor\", \u0026billing.AccountIamMemberArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamMember;\nimport com.pulumi.gcp.billing.AccountIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamMember(\"editor\", AccountIamMemberArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamMember\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.billing.AccountIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.billing.AccountIamPolicy(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/billing.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.billing.AccountIamPolicy(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Billing.AccountIamPolicy(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/billing.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = billing.NewAccountIamPolicy(ctx, \"editor\", \u0026billing.AccountIamPolicyArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.billing.AccountIamPolicy;\nimport com.pulumi.gcp.billing.AccountIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new AccountIamPolicy(\"editor\", AccountIamPolicyArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamPolicy\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.billing.AccountIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamBinding(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamBinding(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamBinding(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamBinding(ctx, \"editor\", \u0026billing.AccountIamBindingArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamBinding;\nimport com.pulumi.gcp.billing.AccountIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamBinding(\"editor\", AccountIamBindingArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamBinding\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.billing.AccountIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamMember(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamMember(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamMember(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamMember(ctx, \"editor\", \u0026billing.AccountIamMemberArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamMember;\nimport com.pulumi.gcp.billing.AccountIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamMember(\"editor\", AccountIamMemberArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamMember\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `billing_account_id` identifier of the Billing Account resource only. For example:\n\n* `{{billing_account_id}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{billing_account_id}}\n\n to = google_billing_account_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:billing/accountIamBinding:AccountIamBinding default {{billing_account_id}}\n```\n\n", + "description": "Three different resources help you manage IAM policies on billing accounts. Each of these resources serves a different use case:\n\n* `gcp.billing.AccountIamPolicy`: Authoritative. Sets the IAM policy for the billing accounts and replaces any existing policy already attached.\n* `gcp.billing.AccountIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.billing.AccountIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role of the billing accounts are preserved.\n\n\u003e **Note:** `gcp.billing.AccountIamPolicy` **cannot** be used in conjunction with `gcp.billing.AccountIamBinding` and `gcp.billing.AccountIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the billing account as `gcp.billing.AccountIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.billing.AccountIamBinding` resources **can be** used in conjunction with `gcp.billing.AccountIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.billing.AccountIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.billing.AccountIamPolicy(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/billing.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.billing.AccountIamPolicy(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Billing.AccountIamPolicy(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/billing.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = billing.NewAccountIamPolicy(ctx, \"editor\", \u0026billing.AccountIamPolicyArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.billing.AccountIamPolicy;\nimport com.pulumi.gcp.billing.AccountIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new AccountIamPolicy(\"editor\", AccountIamPolicyArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamPolicy\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.billing.AccountIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamBinding(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamBinding(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamBinding(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamBinding(ctx, \"editor\", \u0026billing.AccountIamBindingArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamBinding;\nimport com.pulumi.gcp.billing.AccountIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamBinding(\"editor\", AccountIamBindingArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamBinding\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.billing.AccountIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamMember(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamMember(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamMember(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamMember(ctx, \"editor\", \u0026billing.AccountIamMemberArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamMember;\nimport com.pulumi.gcp.billing.AccountIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamMember(\"editor\", AccountIamMemberArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamMember\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.billing.AccountIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.billing.AccountIamPolicy(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/billing.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.billing.AccountIamPolicy(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Billing.AccountIamPolicy(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/billing.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = billing.NewAccountIamPolicy(ctx, \"editor\", \u0026billing.AccountIamPolicyArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.billing.AccountIamPolicy;\nimport com.pulumi.gcp.billing.AccountIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new AccountIamPolicy(\"editor\", AccountIamPolicyArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamPolicy\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.billing.AccountIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamBinding(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamBinding(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamBinding(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamBinding(ctx, \"editor\", \u0026billing.AccountIamBindingArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamBinding;\nimport com.pulumi.gcp.billing.AccountIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamBinding(\"editor\", AccountIamBindingArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamBinding\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.billing.AccountIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamMember(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamMember(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamMember(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamMember(ctx, \"editor\", \u0026billing.AccountIamMemberArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamMember;\nimport com.pulumi.gcp.billing.AccountIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamMember(\"editor\", AccountIamMemberArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamMember\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `billing_account_id` identifier of the Billing Account resource only. For example:\n\n* `{{billing_account_id}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{billing_account_id}}\n\n to = google_billing_account_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:billing/accountIamBinding:AccountIamBinding default {{billing_account_id}}\n```\n\n", "properties": { "billingAccountId": { "type": "string", @@ -145612,7 +145612,7 @@ } }, "gcp:billing/accountIamMember:AccountIamMember": { - "description": "Three different resources help you manage IAM policies on billing accounts. Each of these resources serves a different use case:\n\n* `gcp.billing.AccountIamPolicy`: Authoritative. Sets the IAM policy for the billing accounts and replaces any existing policy already attached.\n* `gcp.billing.AccountIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.billing.AccountIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role of the billing accounts are preserved.\n\n\u003e **Note:** `gcp.billing.AccountIamPolicy` **cannot** be used in conjunction with `gcp.billing.AccountIamBinding` and `gcp.billing.AccountIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the billing account as `gcp.billing.AccountIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.billing.AccountIamBinding` resources **can be** used in conjunction with `gcp.billing.AccountIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.billing.AccountIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.billing.AccountIamPolicy(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/billing.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.billing.AccountIamPolicy(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Billing.AccountIamPolicy(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/billing.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = billing.NewAccountIamPolicy(ctx, \"editor\", \u0026billing.AccountIamPolicyArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.billing.AccountIamPolicy;\nimport com.pulumi.gcp.billing.AccountIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new AccountIamPolicy(\"editor\", AccountIamPolicyArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamPolicy\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.billing.AccountIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamBinding(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamBinding(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamBinding(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamBinding(ctx, \"editor\", \u0026billing.AccountIamBindingArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamBinding;\nimport com.pulumi.gcp.billing.AccountIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamBinding(\"editor\", AccountIamBindingArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamBinding\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.billing.AccountIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamMember(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamMember(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamMember(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamMember(ctx, \"editor\", \u0026billing.AccountIamMemberArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamMember;\nimport com.pulumi.gcp.billing.AccountIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamMember(\"editor\", AccountIamMemberArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamMember\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.billing.AccountIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.billing.AccountIamPolicy(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/billing.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.billing.AccountIamPolicy(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Billing.AccountIamPolicy(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/billing.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = billing.NewAccountIamPolicy(ctx, \"editor\", \u0026billing.AccountIamPolicyArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.billing.AccountIamPolicy;\nimport com.pulumi.gcp.billing.AccountIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new AccountIamPolicy(\"editor\", AccountIamPolicyArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamPolicy\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.billing.AccountIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamBinding(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamBinding(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamBinding(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamBinding(ctx, \"editor\", \u0026billing.AccountIamBindingArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamBinding;\nimport com.pulumi.gcp.billing.AccountIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamBinding(\"editor\", AccountIamBindingArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamBinding\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.billing.AccountIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamMember(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamMember(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamMember(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamMember(ctx, \"editor\", \u0026billing.AccountIamMemberArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamMember;\nimport com.pulumi.gcp.billing.AccountIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamMember(\"editor\", AccountIamMemberArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamMember\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `billing_account_id` identifier of the Billing Account resource only. For example:\n\n* `{{billing_account_id}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{billing_account_id}}\n\n to = google_billing_account_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:billing/accountIamMember:AccountIamMember default {{billing_account_id}}\n```\n\n", + "description": "Three different resources help you manage IAM policies on billing accounts. Each of these resources serves a different use case:\n\n* `gcp.billing.AccountIamPolicy`: Authoritative. Sets the IAM policy for the billing accounts and replaces any existing policy already attached.\n* `gcp.billing.AccountIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.billing.AccountIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role of the billing accounts are preserved.\n\n\u003e **Note:** `gcp.billing.AccountIamPolicy` **cannot** be used in conjunction with `gcp.billing.AccountIamBinding` and `gcp.billing.AccountIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the billing account as `gcp.billing.AccountIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.billing.AccountIamBinding` resources **can be** used in conjunction with `gcp.billing.AccountIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.billing.AccountIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.billing.AccountIamPolicy(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/billing.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.billing.AccountIamPolicy(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Billing.AccountIamPolicy(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/billing.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = billing.NewAccountIamPolicy(ctx, \"editor\", \u0026billing.AccountIamPolicyArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.billing.AccountIamPolicy;\nimport com.pulumi.gcp.billing.AccountIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new AccountIamPolicy(\"editor\", AccountIamPolicyArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamPolicy\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.billing.AccountIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamBinding(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamBinding(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamBinding(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamBinding(ctx, \"editor\", \u0026billing.AccountIamBindingArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamBinding;\nimport com.pulumi.gcp.billing.AccountIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamBinding(\"editor\", AccountIamBindingArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamBinding\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.billing.AccountIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamMember(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamMember(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamMember(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamMember(ctx, \"editor\", \u0026billing.AccountIamMemberArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamMember;\nimport com.pulumi.gcp.billing.AccountIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamMember(\"editor\", AccountIamMemberArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamMember\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.billing.AccountIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.billing.AccountIamPolicy(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/billing.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.billing.AccountIamPolicy(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Billing.AccountIamPolicy(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/billing.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = billing.NewAccountIamPolicy(ctx, \"editor\", \u0026billing.AccountIamPolicyArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.billing.AccountIamPolicy;\nimport com.pulumi.gcp.billing.AccountIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new AccountIamPolicy(\"editor\", AccountIamPolicyArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamPolicy\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.billing.AccountIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamBinding(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamBinding(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamBinding(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamBinding(ctx, \"editor\", \u0026billing.AccountIamBindingArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamBinding;\nimport com.pulumi.gcp.billing.AccountIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamBinding(\"editor\", AccountIamBindingArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamBinding\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.billing.AccountIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamMember(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamMember(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamMember(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamMember(ctx, \"editor\", \u0026billing.AccountIamMemberArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamMember;\nimport com.pulumi.gcp.billing.AccountIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamMember(\"editor\", AccountIamMemberArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamMember\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `billing_account_id` identifier of the Billing Account resource only. For example:\n\n* `{{billing_account_id}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{billing_account_id}}\n\n to = google_billing_account_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:billing/accountIamMember:AccountIamMember default {{billing_account_id}}\n```\n\n", "properties": { "billingAccountId": { "type": "string", @@ -145697,7 +145697,7 @@ } }, "gcp:billing/accountIamPolicy:AccountIamPolicy": { - "description": "Three different resources help you manage IAM policies on billing accounts. Each of these resources serves a different use case:\n\n* `gcp.billing.AccountIamPolicy`: Authoritative. Sets the IAM policy for the billing accounts and replaces any existing policy already attached.\n* `gcp.billing.AccountIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.billing.AccountIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role of the billing accounts are preserved.\n\n\u003e **Note:** `gcp.billing.AccountIamPolicy` **cannot** be used in conjunction with `gcp.billing.AccountIamBinding` and `gcp.billing.AccountIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the billing account as `gcp.billing.AccountIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.billing.AccountIamBinding` resources **can be** used in conjunction with `gcp.billing.AccountIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.billing.AccountIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.billing.AccountIamPolicy(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/billing.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.billing.AccountIamPolicy(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Billing.AccountIamPolicy(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/billing.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = billing.NewAccountIamPolicy(ctx, \"editor\", \u0026billing.AccountIamPolicyArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.billing.AccountIamPolicy;\nimport com.pulumi.gcp.billing.AccountIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new AccountIamPolicy(\"editor\", AccountIamPolicyArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamPolicy\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.billing.AccountIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamBinding(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamBinding(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamBinding(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamBinding(ctx, \"editor\", \u0026billing.AccountIamBindingArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamBinding;\nimport com.pulumi.gcp.billing.AccountIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamBinding(\"editor\", AccountIamBindingArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamBinding\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.billing.AccountIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamMember(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamMember(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamMember(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamMember(ctx, \"editor\", \u0026billing.AccountIamMemberArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamMember;\nimport com.pulumi.gcp.billing.AccountIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamMember(\"editor\", AccountIamMemberArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamMember\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.billing.AccountIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.billing.AccountIamPolicy(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/billing.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.billing.AccountIamPolicy(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Billing.AccountIamPolicy(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/billing.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = billing.NewAccountIamPolicy(ctx, \"editor\", \u0026billing.AccountIamPolicyArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.billing.AccountIamPolicy;\nimport com.pulumi.gcp.billing.AccountIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new AccountIamPolicy(\"editor\", AccountIamPolicyArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamPolicy\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.billing.AccountIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamBinding(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamBinding(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamBinding(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamBinding(ctx, \"editor\", \u0026billing.AccountIamBindingArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamBinding;\nimport com.pulumi.gcp.billing.AccountIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamBinding(\"editor\", AccountIamBindingArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamBinding\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.billing.AccountIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamMember(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamMember(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamMember(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamMember(ctx, \"editor\", \u0026billing.AccountIamMemberArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamMember;\nimport com.pulumi.gcp.billing.AccountIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamMember(\"editor\", AccountIamMemberArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamMember\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `billing_account_id` identifier of the Billing Account resource only. For example:\n\n* `{{billing_account_id}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{billing_account_id}}\n\n to = google_billing_account_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:billing/accountIamPolicy:AccountIamPolicy default {{billing_account_id}}\n```\n\n", + "description": "Three different resources help you manage IAM policies on billing accounts. Each of these resources serves a different use case:\n\n* `gcp.billing.AccountIamPolicy`: Authoritative. Sets the IAM policy for the billing accounts and replaces any existing policy already attached.\n* `gcp.billing.AccountIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.billing.AccountIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role of the billing accounts are preserved.\n\n\u003e **Note:** `gcp.billing.AccountIamPolicy` **cannot** be used in conjunction with `gcp.billing.AccountIamBinding` and `gcp.billing.AccountIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the billing account as `gcp.billing.AccountIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.billing.AccountIamBinding` resources **can be** used in conjunction with `gcp.billing.AccountIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.billing.AccountIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.billing.AccountIamPolicy(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/billing.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.billing.AccountIamPolicy(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Billing.AccountIamPolicy(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/billing.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = billing.NewAccountIamPolicy(ctx, \"editor\", \u0026billing.AccountIamPolicyArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.billing.AccountIamPolicy;\nimport com.pulumi.gcp.billing.AccountIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new AccountIamPolicy(\"editor\", AccountIamPolicyArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamPolicy\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.billing.AccountIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamBinding(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamBinding(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamBinding(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamBinding(ctx, \"editor\", \u0026billing.AccountIamBindingArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamBinding;\nimport com.pulumi.gcp.billing.AccountIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamBinding(\"editor\", AccountIamBindingArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamBinding\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.billing.AccountIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamMember(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamMember(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamMember(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamMember(ctx, \"editor\", \u0026billing.AccountIamMemberArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamMember;\nimport com.pulumi.gcp.billing.AccountIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamMember(\"editor\", AccountIamMemberArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamMember\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.billing.AccountIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.billing.AccountIamPolicy(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/billing.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.billing.AccountIamPolicy(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Billing.AccountIamPolicy(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/billing.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = billing.NewAccountIamPolicy(ctx, \"editor\", \u0026billing.AccountIamPolicyArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.billing.AccountIamPolicy;\nimport com.pulumi.gcp.billing.AccountIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new AccountIamPolicy(\"editor\", AccountIamPolicyArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamPolicy\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.billing.AccountIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamBinding(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamBinding(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamBinding(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamBinding(ctx, \"editor\", \u0026billing.AccountIamBindingArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamBinding;\nimport com.pulumi.gcp.billing.AccountIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamBinding(\"editor\", AccountIamBindingArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamBinding\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.billing.AccountIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamMember(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamMember(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamMember(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamMember(ctx, \"editor\", \u0026billing.AccountIamMemberArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamMember;\nimport com.pulumi.gcp.billing.AccountIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamMember(\"editor\", AccountIamMemberArgs.builder()\n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamMember\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `billing_account_id` identifier of the Billing Account resource only. For example:\n\n* `{{billing_account_id}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{billing_account_id}}\n\n to = google_billing_account_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:billing/accountIamPolicy:AccountIamPolicy default {{billing_account_id}}\n```\n\n", "properties": { "billingAccountId": { "type": "string", @@ -145753,7 +145753,7 @@ } }, "gcp:billing/budget:Budget": { - "description": "Budget configuration for a billing account.\n\n\nTo get more information about Budget, see:\n\n* [API documentation](https://cloud.google.com/billing/docs/reference/budget/rest/v1/billingAccounts.budgets)\n* How-to Guides\n * [Creating a budget](https://cloud.google.com/billing/docs/how-to/budgets)\n\n\u003e **Warning:** If you are using User ADCs (Application Default Credentials) with this resource,\nyou must specify a `billing_project` and set `user_project_override` to true\nin the provider configuration. Otherwise the Billing Budgets API will return a 403 error.\nYour account must have the `serviceusage.services.use` permission on the\n`billing_project` you defined.\n\n## Example Usage\n\n### Billing Budget Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst account = gcp.organizations.getBillingAccount({\n billingAccount: \"000000-0000000-0000000-000000\",\n});\nconst budget = new gcp.billing.Budget(\"budget\", {\n billingAccount: account.then(account =\u003e account.id),\n displayName: \"Example Billing Budget\",\n amount: {\n specifiedAmount: {\n currencyCode: \"USD\",\n units: \"100000\",\n },\n },\n thresholdRules: [{\n thresholdPercent: 0.5,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\naccount = gcp.organizations.get_billing_account(billing_account=\"000000-0000000-0000000-000000\")\nbudget = gcp.billing.Budget(\"budget\",\n billing_account=account.id,\n display_name=\"Example Billing Budget\",\n amount={\n \"specified_amount\": {\n \"currency_code\": \"USD\",\n \"units\": \"100000\",\n },\n },\n threshold_rules=[{\n \"threshold_percent\": 0.5,\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var account = Gcp.Organizations.GetBillingAccount.Invoke(new()\n {\n BillingAccount = \"000000-0000000-0000000-000000\",\n });\n\n var budget = new Gcp.Billing.Budget(\"budget\", new()\n {\n BillingAccount = account.Apply(getBillingAccountResult =\u003e getBillingAccountResult.Id),\n DisplayName = \"Example Billing Budget\",\n Amount = new Gcp.Billing.Inputs.BudgetAmountArgs\n {\n SpecifiedAmount = new Gcp.Billing.Inputs.BudgetAmountSpecifiedAmountArgs\n {\n CurrencyCode = \"USD\",\n Units = \"100000\",\n },\n },\n ThresholdRules = new[]\n {\n new Gcp.Billing.Inputs.BudgetThresholdRuleArgs\n {\n ThresholdPercent = 0.5,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\taccount, err := organizations.GetBillingAccount(ctx, \u0026organizations.GetBillingAccountArgs{\n\t\t\tBillingAccount: pulumi.StringRef(\"000000-0000000-0000000-000000\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = billing.NewBudget(ctx, \"budget\", \u0026billing.BudgetArgs{\n\t\t\tBillingAccount: pulumi.String(account.Id),\n\t\t\tDisplayName: pulumi.String(\"Example Billing Budget\"),\n\t\t\tAmount: \u0026billing.BudgetAmountArgs{\n\t\t\t\tSpecifiedAmount: \u0026billing.BudgetAmountSpecifiedAmountArgs{\n\t\t\t\t\tCurrencyCode: pulumi.String(\"USD\"),\n\t\t\t\t\tUnits: pulumi.String(\"100000\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tThresholdRules: billing.BudgetThresholdRuleArray{\n\t\t\t\t\u0026billing.BudgetThresholdRuleArgs{\n\t\t\t\t\tThresholdPercent: pulumi.Float64(0.5),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetBillingAccountArgs;\nimport com.pulumi.gcp.billing.Budget;\nimport com.pulumi.gcp.billing.BudgetArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetAmountArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetAmountSpecifiedAmountArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetThresholdRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var account = OrganizationsFunctions.getBillingAccount(GetBillingAccountArgs.builder()\n .billingAccount(\"000000-0000000-0000000-000000\")\n .build());\n\n var budget = new Budget(\"budget\", BudgetArgs.builder()\n .billingAccount(account.applyValue(getBillingAccountResult -\u003e getBillingAccountResult.id()))\n .displayName(\"Example Billing Budget\")\n .amount(BudgetAmountArgs.builder()\n .specifiedAmount(BudgetAmountSpecifiedAmountArgs.builder()\n .currencyCode(\"USD\")\n .units(\"100000\")\n .build())\n .build())\n .thresholdRules(BudgetThresholdRuleArgs.builder()\n .thresholdPercent(0.5)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n budget:\n type: gcp:billing:Budget\n properties:\n billingAccount: ${account.id}\n displayName: Example Billing Budget\n amount:\n specifiedAmount:\n currencyCode: USD\n units: '100000'\n thresholdRules:\n - thresholdPercent: 0.5\nvariables:\n account:\n fn::invoke:\n Function: gcp:organizations:getBillingAccount\n Arguments:\n billingAccount: 000000-0000000-0000000-000000\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Billing Budget Lastperiod\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst account = gcp.organizations.getBillingAccount({\n billingAccount: \"000000-0000000-0000000-000000\",\n});\nconst project = gcp.organizations.getProject({});\nconst budget = new gcp.billing.Budget(\"budget\", {\n billingAccount: account.then(account =\u003e account.id),\n displayName: \"Example Billing Budget\",\n budgetFilter: {\n projects: [project.then(project =\u003e `projects/${project.number}`)],\n },\n amount: {\n lastPeriodAmount: true,\n },\n thresholdRules: [{\n thresholdPercent: 10,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\naccount = gcp.organizations.get_billing_account(billing_account=\"000000-0000000-0000000-000000\")\nproject = gcp.organizations.get_project()\nbudget = gcp.billing.Budget(\"budget\",\n billing_account=account.id,\n display_name=\"Example Billing Budget\",\n budget_filter={\n \"projects\": [f\"projects/{project.number}\"],\n },\n amount={\n \"last_period_amount\": True,\n },\n threshold_rules=[{\n \"threshold_percent\": 10,\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var account = Gcp.Organizations.GetBillingAccount.Invoke(new()\n {\n BillingAccount = \"000000-0000000-0000000-000000\",\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var budget = new Gcp.Billing.Budget(\"budget\", new()\n {\n BillingAccount = account.Apply(getBillingAccountResult =\u003e getBillingAccountResult.Id),\n DisplayName = \"Example Billing Budget\",\n BudgetFilter = new Gcp.Billing.Inputs.BudgetBudgetFilterArgs\n {\n Projects = new[]\n {\n $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}\",\n },\n },\n Amount = new Gcp.Billing.Inputs.BudgetAmountArgs\n {\n LastPeriodAmount = true,\n },\n ThresholdRules = new[]\n {\n new Gcp.Billing.Inputs.BudgetThresholdRuleArgs\n {\n ThresholdPercent = 10,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\taccount, err := organizations.GetBillingAccount(ctx, \u0026organizations.GetBillingAccountArgs{\n\t\t\tBillingAccount: pulumi.StringRef(\"000000-0000000-0000000-000000\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = billing.NewBudget(ctx, \"budget\", \u0026billing.BudgetArgs{\n\t\t\tBillingAccount: pulumi.String(account.Id),\n\t\t\tDisplayName: pulumi.String(\"Example Billing Budget\"),\n\t\t\tBudgetFilter: \u0026billing.BudgetBudgetFilterArgs{\n\t\t\t\tProjects: pulumi.StringArray{\n\t\t\t\t\tpulumi.Sprintf(\"projects/%v\", project.Number),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAmount: \u0026billing.BudgetAmountArgs{\n\t\t\t\tLastPeriodAmount: pulumi.Bool(true),\n\t\t\t},\n\t\t\tThresholdRules: billing.BudgetThresholdRuleArray{\n\t\t\t\t\u0026billing.BudgetThresholdRuleArgs{\n\t\t\t\t\tThresholdPercent: pulumi.Float64(10),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetBillingAccountArgs;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.billing.Budget;\nimport com.pulumi.gcp.billing.BudgetArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetBudgetFilterArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetAmountArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetThresholdRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var account = OrganizationsFunctions.getBillingAccount(GetBillingAccountArgs.builder()\n .billingAccount(\"000000-0000000-0000000-000000\")\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var budget = new Budget(\"budget\", BudgetArgs.builder()\n .billingAccount(account.applyValue(getBillingAccountResult -\u003e getBillingAccountResult.id()))\n .displayName(\"Example Billing Budget\")\n .budgetFilter(BudgetBudgetFilterArgs.builder()\n .projects(String.format(\"projects/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build())\n .amount(BudgetAmountArgs.builder()\n .lastPeriodAmount(true)\n .build())\n .thresholdRules(BudgetThresholdRuleArgs.builder()\n .thresholdPercent(10)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n budget:\n type: gcp:billing:Budget\n properties:\n billingAccount: ${account.id}\n displayName: Example Billing Budget\n budgetFilter:\n projects:\n - projects/${project.number}\n amount:\n lastPeriodAmount: true\n thresholdRules:\n - thresholdPercent: 10\nvariables:\n account:\n fn::invoke:\n Function: gcp:organizations:getBillingAccount\n Arguments:\n billingAccount: 000000-0000000-0000000-000000\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Billing Budget Filter\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst account = gcp.organizations.getBillingAccount({\n billingAccount: \"000000-0000000-0000000-000000\",\n});\nconst project = gcp.organizations.getProject({});\nconst budget = new gcp.billing.Budget(\"budget\", {\n billingAccount: account.then(account =\u003e account.id),\n displayName: \"Example Billing Budget\",\n budgetFilter: {\n projects: [project.then(project =\u003e `projects/${project.number}`)],\n creditTypesTreatment: \"INCLUDE_SPECIFIED_CREDITS\",\n services: [\"services/24E6-581D-38E5\"],\n creditTypes: [\n \"PROMOTION\",\n \"FREE_TIER\",\n ],\n resourceAncestors: [\"organizations/123456789\"],\n },\n amount: {\n specifiedAmount: {\n currencyCode: \"USD\",\n units: \"100000\",\n },\n },\n thresholdRules: [\n {\n thresholdPercent: 0.5,\n },\n {\n thresholdPercent: 0.9,\n spendBasis: \"FORECASTED_SPEND\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\naccount = gcp.organizations.get_billing_account(billing_account=\"000000-0000000-0000000-000000\")\nproject = gcp.organizations.get_project()\nbudget = gcp.billing.Budget(\"budget\",\n billing_account=account.id,\n display_name=\"Example Billing Budget\",\n budget_filter={\n \"projects\": [f\"projects/{project.number}\"],\n \"credit_types_treatment\": \"INCLUDE_SPECIFIED_CREDITS\",\n \"services\": [\"services/24E6-581D-38E5\"],\n \"credit_types\": [\n \"PROMOTION\",\n \"FREE_TIER\",\n ],\n \"resource_ancestors\": [\"organizations/123456789\"],\n },\n amount={\n \"specified_amount\": {\n \"currency_code\": \"USD\",\n \"units\": \"100000\",\n },\n },\n threshold_rules=[\n {\n \"threshold_percent\": 0.5,\n },\n {\n \"threshold_percent\": 0.9,\n \"spend_basis\": \"FORECASTED_SPEND\",\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var account = Gcp.Organizations.GetBillingAccount.Invoke(new()\n {\n BillingAccount = \"000000-0000000-0000000-000000\",\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var budget = new Gcp.Billing.Budget(\"budget\", new()\n {\n BillingAccount = account.Apply(getBillingAccountResult =\u003e getBillingAccountResult.Id),\n DisplayName = \"Example Billing Budget\",\n BudgetFilter = new Gcp.Billing.Inputs.BudgetBudgetFilterArgs\n {\n Projects = new[]\n {\n $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}\",\n },\n CreditTypesTreatment = \"INCLUDE_SPECIFIED_CREDITS\",\n Services = new[]\n {\n \"services/24E6-581D-38E5\",\n },\n CreditTypes = new[]\n {\n \"PROMOTION\",\n \"FREE_TIER\",\n },\n ResourceAncestors = new[]\n {\n \"organizations/123456789\",\n },\n },\n Amount = new Gcp.Billing.Inputs.BudgetAmountArgs\n {\n SpecifiedAmount = new Gcp.Billing.Inputs.BudgetAmountSpecifiedAmountArgs\n {\n CurrencyCode = \"USD\",\n Units = \"100000\",\n },\n },\n ThresholdRules = new[]\n {\n new Gcp.Billing.Inputs.BudgetThresholdRuleArgs\n {\n ThresholdPercent = 0.5,\n },\n new Gcp.Billing.Inputs.BudgetThresholdRuleArgs\n {\n ThresholdPercent = 0.9,\n SpendBasis = \"FORECASTED_SPEND\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\taccount, err := organizations.GetBillingAccount(ctx, \u0026organizations.GetBillingAccountArgs{\n\t\t\tBillingAccount: pulumi.StringRef(\"000000-0000000-0000000-000000\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = billing.NewBudget(ctx, \"budget\", \u0026billing.BudgetArgs{\n\t\t\tBillingAccount: pulumi.String(account.Id),\n\t\t\tDisplayName: pulumi.String(\"Example Billing Budget\"),\n\t\t\tBudgetFilter: \u0026billing.BudgetBudgetFilterArgs{\n\t\t\t\tProjects: pulumi.StringArray{\n\t\t\t\t\tpulumi.Sprintf(\"projects/%v\", project.Number),\n\t\t\t\t},\n\t\t\t\tCreditTypesTreatment: pulumi.String(\"INCLUDE_SPECIFIED_CREDITS\"),\n\t\t\t\tServices: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"services/24E6-581D-38E5\"),\n\t\t\t\t},\n\t\t\t\tCreditTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"PROMOTION\"),\n\t\t\t\t\tpulumi.String(\"FREE_TIER\"),\n\t\t\t\t},\n\t\t\t\tResourceAncestors: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"organizations/123456789\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAmount: \u0026billing.BudgetAmountArgs{\n\t\t\t\tSpecifiedAmount: \u0026billing.BudgetAmountSpecifiedAmountArgs{\n\t\t\t\t\tCurrencyCode: pulumi.String(\"USD\"),\n\t\t\t\t\tUnits: pulumi.String(\"100000\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tThresholdRules: billing.BudgetThresholdRuleArray{\n\t\t\t\t\u0026billing.BudgetThresholdRuleArgs{\n\t\t\t\t\tThresholdPercent: pulumi.Float64(0.5),\n\t\t\t\t},\n\t\t\t\t\u0026billing.BudgetThresholdRuleArgs{\n\t\t\t\t\tThresholdPercent: pulumi.Float64(0.9),\n\t\t\t\t\tSpendBasis: pulumi.String(\"FORECASTED_SPEND\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetBillingAccountArgs;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.billing.Budget;\nimport com.pulumi.gcp.billing.BudgetArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetBudgetFilterArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetAmountArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetAmountSpecifiedAmountArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetThresholdRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var account = OrganizationsFunctions.getBillingAccount(GetBillingAccountArgs.builder()\n .billingAccount(\"000000-0000000-0000000-000000\")\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var budget = new Budget(\"budget\", BudgetArgs.builder()\n .billingAccount(account.applyValue(getBillingAccountResult -\u003e getBillingAccountResult.id()))\n .displayName(\"Example Billing Budget\")\n .budgetFilter(BudgetBudgetFilterArgs.builder()\n .projects(String.format(\"projects/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .creditTypesTreatment(\"INCLUDE_SPECIFIED_CREDITS\")\n .services(\"services/24E6-581D-38E5\")\n .creditTypes( \n \"PROMOTION\",\n \"FREE_TIER\")\n .resourceAncestors(\"organizations/123456789\")\n .build())\n .amount(BudgetAmountArgs.builder()\n .specifiedAmount(BudgetAmountSpecifiedAmountArgs.builder()\n .currencyCode(\"USD\")\n .units(\"100000\")\n .build())\n .build())\n .thresholdRules( \n BudgetThresholdRuleArgs.builder()\n .thresholdPercent(0.5)\n .build(),\n BudgetThresholdRuleArgs.builder()\n .thresholdPercent(0.9)\n .spendBasis(\"FORECASTED_SPEND\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n budget:\n type: gcp:billing:Budget\n properties:\n billingAccount: ${account.id}\n displayName: Example Billing Budget\n budgetFilter:\n projects:\n - projects/${project.number}\n creditTypesTreatment: INCLUDE_SPECIFIED_CREDITS\n services:\n - services/24E6-581D-38E5\n creditTypes:\n - PROMOTION\n - FREE_TIER\n resourceAncestors:\n - organizations/123456789\n amount:\n specifiedAmount:\n currencyCode: USD\n units: '100000'\n thresholdRules:\n - thresholdPercent: 0.5\n - thresholdPercent: 0.9\n spendBasis: FORECASTED_SPEND\nvariables:\n account:\n fn::invoke:\n Function: gcp:organizations:getBillingAccount\n Arguments:\n billingAccount: 000000-0000000-0000000-000000\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Billing Budget Notify\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst account = gcp.organizations.getBillingAccount({\n billingAccount: \"000000-0000000-0000000-000000\",\n});\nconst project = gcp.organizations.getProject({});\nconst notificationChannel = new gcp.monitoring.NotificationChannel(\"notification_channel\", {\n displayName: \"Example Notification Channel\",\n type: \"email\",\n labels: {\n email_address: \"address@example.com\",\n },\n});\nconst budget = new gcp.billing.Budget(\"budget\", {\n billingAccount: account.then(account =\u003e account.id),\n displayName: \"Example Billing Budget\",\n budgetFilter: {\n projects: [project.then(project =\u003e `projects/${project.number}`)],\n },\n amount: {\n specifiedAmount: {\n currencyCode: \"USD\",\n units: \"100000\",\n },\n },\n thresholdRules: [\n {\n thresholdPercent: 1,\n },\n {\n thresholdPercent: 1,\n spendBasis: \"FORECASTED_SPEND\",\n },\n ],\n allUpdatesRule: {\n monitoringNotificationChannels: [notificationChannel.id],\n disableDefaultIamRecipients: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\naccount = gcp.organizations.get_billing_account(billing_account=\"000000-0000000-0000000-000000\")\nproject = gcp.organizations.get_project()\nnotification_channel = gcp.monitoring.NotificationChannel(\"notification_channel\",\n display_name=\"Example Notification Channel\",\n type=\"email\",\n labels={\n \"email_address\": \"address@example.com\",\n })\nbudget = gcp.billing.Budget(\"budget\",\n billing_account=account.id,\n display_name=\"Example Billing Budget\",\n budget_filter={\n \"projects\": [f\"projects/{project.number}\"],\n },\n amount={\n \"specified_amount\": {\n \"currency_code\": \"USD\",\n \"units\": \"100000\",\n },\n },\n threshold_rules=[\n {\n \"threshold_percent\": 1,\n },\n {\n \"threshold_percent\": 1,\n \"spend_basis\": \"FORECASTED_SPEND\",\n },\n ],\n all_updates_rule={\n \"monitoring_notification_channels\": [notification_channel.id],\n \"disable_default_iam_recipients\": True,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var account = Gcp.Organizations.GetBillingAccount.Invoke(new()\n {\n BillingAccount = \"000000-0000000-0000000-000000\",\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var notificationChannel = new Gcp.Monitoring.NotificationChannel(\"notification_channel\", new()\n {\n DisplayName = \"Example Notification Channel\",\n Type = \"email\",\n Labels = \n {\n { \"email_address\", \"address@example.com\" },\n },\n });\n\n var budget = new Gcp.Billing.Budget(\"budget\", new()\n {\n BillingAccount = account.Apply(getBillingAccountResult =\u003e getBillingAccountResult.Id),\n DisplayName = \"Example Billing Budget\",\n BudgetFilter = new Gcp.Billing.Inputs.BudgetBudgetFilterArgs\n {\n Projects = new[]\n {\n $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}\",\n },\n },\n Amount = new Gcp.Billing.Inputs.BudgetAmountArgs\n {\n SpecifiedAmount = new Gcp.Billing.Inputs.BudgetAmountSpecifiedAmountArgs\n {\n CurrencyCode = \"USD\",\n Units = \"100000\",\n },\n },\n ThresholdRules = new[]\n {\n new Gcp.Billing.Inputs.BudgetThresholdRuleArgs\n {\n ThresholdPercent = 1,\n },\n new Gcp.Billing.Inputs.BudgetThresholdRuleArgs\n {\n ThresholdPercent = 1,\n SpendBasis = \"FORECASTED_SPEND\",\n },\n },\n AllUpdatesRule = new Gcp.Billing.Inputs.BudgetAllUpdatesRuleArgs\n {\n MonitoringNotificationChannels = new[]\n {\n notificationChannel.Id,\n },\n DisableDefaultIamRecipients = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/monitoring\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\taccount, err := organizations.GetBillingAccount(ctx, \u0026organizations.GetBillingAccountArgs{\n\t\t\tBillingAccount: pulumi.StringRef(\"000000-0000000-0000000-000000\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnotificationChannel, err := monitoring.NewNotificationChannel(ctx, \"notification_channel\", \u0026monitoring.NotificationChannelArgs{\n\t\t\tDisplayName: pulumi.String(\"Example Notification Channel\"),\n\t\t\tType: pulumi.String(\"email\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"email_address\": pulumi.String(\"address@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = billing.NewBudget(ctx, \"budget\", \u0026billing.BudgetArgs{\n\t\t\tBillingAccount: pulumi.String(account.Id),\n\t\t\tDisplayName: pulumi.String(\"Example Billing Budget\"),\n\t\t\tBudgetFilter: \u0026billing.BudgetBudgetFilterArgs{\n\t\t\t\tProjects: pulumi.StringArray{\n\t\t\t\t\tpulumi.Sprintf(\"projects/%v\", project.Number),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAmount: \u0026billing.BudgetAmountArgs{\n\t\t\t\tSpecifiedAmount: \u0026billing.BudgetAmountSpecifiedAmountArgs{\n\t\t\t\t\tCurrencyCode: pulumi.String(\"USD\"),\n\t\t\t\t\tUnits: pulumi.String(\"100000\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tThresholdRules: billing.BudgetThresholdRuleArray{\n\t\t\t\t\u0026billing.BudgetThresholdRuleArgs{\n\t\t\t\t\tThresholdPercent: pulumi.Float64(1),\n\t\t\t\t},\n\t\t\t\t\u0026billing.BudgetThresholdRuleArgs{\n\t\t\t\t\tThresholdPercent: pulumi.Float64(1),\n\t\t\t\t\tSpendBasis: pulumi.String(\"FORECASTED_SPEND\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAllUpdatesRule: \u0026billing.BudgetAllUpdatesRuleArgs{\n\t\t\t\tMonitoringNotificationChannels: pulumi.StringArray{\n\t\t\t\t\tnotificationChannel.ID(),\n\t\t\t\t},\n\t\t\t\tDisableDefaultIamRecipients: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetBillingAccountArgs;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.monitoring.NotificationChannel;\nimport com.pulumi.gcp.monitoring.NotificationChannelArgs;\nimport com.pulumi.gcp.billing.Budget;\nimport com.pulumi.gcp.billing.BudgetArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetBudgetFilterArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetAmountArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetAmountSpecifiedAmountArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetThresholdRuleArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetAllUpdatesRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var account = OrganizationsFunctions.getBillingAccount(GetBillingAccountArgs.builder()\n .billingAccount(\"000000-0000000-0000000-000000\")\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var notificationChannel = new NotificationChannel(\"notificationChannel\", NotificationChannelArgs.builder()\n .displayName(\"Example Notification Channel\")\n .type(\"email\")\n .labels(Map.of(\"email_address\", \"address@example.com\"))\n .build());\n\n var budget = new Budget(\"budget\", BudgetArgs.builder()\n .billingAccount(account.applyValue(getBillingAccountResult -\u003e getBillingAccountResult.id()))\n .displayName(\"Example Billing Budget\")\n .budgetFilter(BudgetBudgetFilterArgs.builder()\n .projects(String.format(\"projects/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build())\n .amount(BudgetAmountArgs.builder()\n .specifiedAmount(BudgetAmountSpecifiedAmountArgs.builder()\n .currencyCode(\"USD\")\n .units(\"100000\")\n .build())\n .build())\n .thresholdRules( \n BudgetThresholdRuleArgs.builder()\n .thresholdPercent(1)\n .build(),\n BudgetThresholdRuleArgs.builder()\n .thresholdPercent(1)\n .spendBasis(\"FORECASTED_SPEND\")\n .build())\n .allUpdatesRule(BudgetAllUpdatesRuleArgs.builder()\n .monitoringNotificationChannels(notificationChannel.id())\n .disableDefaultIamRecipients(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n budget:\n type: gcp:billing:Budget\n properties:\n billingAccount: ${account.id}\n displayName: Example Billing Budget\n budgetFilter:\n projects:\n - projects/${project.number}\n amount:\n specifiedAmount:\n currencyCode: USD\n units: '100000'\n thresholdRules:\n - thresholdPercent: 1\n - thresholdPercent: 1\n spendBasis: FORECASTED_SPEND\n allUpdatesRule:\n monitoringNotificationChannels:\n - ${notificationChannel.id}\n disableDefaultIamRecipients: true\n notificationChannel:\n type: gcp:monitoring:NotificationChannel\n name: notification_channel\n properties:\n displayName: Example Notification Channel\n type: email\n labels:\n email_address: address@example.com\nvariables:\n account:\n fn::invoke:\n Function: gcp:organizations:getBillingAccount\n Arguments:\n billingAccount: 000000-0000000-0000000-000000\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Billing Budget Notify Project Recipient\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst account = gcp.organizations.getBillingAccount({\n billingAccount: \"000000-0000000-0000000-000000\",\n});\nconst project = gcp.organizations.getProject({});\nconst budget = new gcp.billing.Budget(\"budget\", {\n billingAccount: account.then(account =\u003e account.id),\n displayName: \"Example Billing Budget\",\n budgetFilter: {\n projects: [project.then(project =\u003e `projects/${project.number}`)],\n },\n amount: {\n specifiedAmount: {\n currencyCode: \"USD\",\n units: \"100000\",\n },\n },\n allUpdatesRule: {\n monitoringNotificationChannels: [],\n enableProjectLevelRecipients: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\naccount = gcp.organizations.get_billing_account(billing_account=\"000000-0000000-0000000-000000\")\nproject = gcp.organizations.get_project()\nbudget = gcp.billing.Budget(\"budget\",\n billing_account=account.id,\n display_name=\"Example Billing Budget\",\n budget_filter={\n \"projects\": [f\"projects/{project.number}\"],\n },\n amount={\n \"specified_amount\": {\n \"currency_code\": \"USD\",\n \"units\": \"100000\",\n },\n },\n all_updates_rule={\n \"monitoring_notification_channels\": [],\n \"enable_project_level_recipients\": True,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var account = Gcp.Organizations.GetBillingAccount.Invoke(new()\n {\n BillingAccount = \"000000-0000000-0000000-000000\",\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var budget = new Gcp.Billing.Budget(\"budget\", new()\n {\n BillingAccount = account.Apply(getBillingAccountResult =\u003e getBillingAccountResult.Id),\n DisplayName = \"Example Billing Budget\",\n BudgetFilter = new Gcp.Billing.Inputs.BudgetBudgetFilterArgs\n {\n Projects = new[]\n {\n $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}\",\n },\n },\n Amount = new Gcp.Billing.Inputs.BudgetAmountArgs\n {\n SpecifiedAmount = new Gcp.Billing.Inputs.BudgetAmountSpecifiedAmountArgs\n {\n CurrencyCode = \"USD\",\n Units = \"100000\",\n },\n },\n AllUpdatesRule = new Gcp.Billing.Inputs.BudgetAllUpdatesRuleArgs\n {\n MonitoringNotificationChannels = new() { },\n EnableProjectLevelRecipients = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\taccount, err := organizations.GetBillingAccount(ctx, \u0026organizations.GetBillingAccountArgs{\n\t\t\tBillingAccount: pulumi.StringRef(\"000000-0000000-0000000-000000\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = billing.NewBudget(ctx, \"budget\", \u0026billing.BudgetArgs{\n\t\t\tBillingAccount: pulumi.String(account.Id),\n\t\t\tDisplayName: pulumi.String(\"Example Billing Budget\"),\n\t\t\tBudgetFilter: \u0026billing.BudgetBudgetFilterArgs{\n\t\t\t\tProjects: pulumi.StringArray{\n\t\t\t\t\tpulumi.Sprintf(\"projects/%v\", project.Number),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAmount: \u0026billing.BudgetAmountArgs{\n\t\t\t\tSpecifiedAmount: \u0026billing.BudgetAmountSpecifiedAmountArgs{\n\t\t\t\t\tCurrencyCode: pulumi.String(\"USD\"),\n\t\t\t\t\tUnits: pulumi.String(\"100000\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAllUpdatesRule: \u0026billing.BudgetAllUpdatesRuleArgs{\n\t\t\t\tMonitoringNotificationChannels: pulumi.StringArray{},\n\t\t\t\tEnableProjectLevelRecipients: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetBillingAccountArgs;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.billing.Budget;\nimport com.pulumi.gcp.billing.BudgetArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetBudgetFilterArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetAmountArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetAmountSpecifiedAmountArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetAllUpdatesRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var account = OrganizationsFunctions.getBillingAccount(GetBillingAccountArgs.builder()\n .billingAccount(\"000000-0000000-0000000-000000\")\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var budget = new Budget(\"budget\", BudgetArgs.builder()\n .billingAccount(account.applyValue(getBillingAccountResult -\u003e getBillingAccountResult.id()))\n .displayName(\"Example Billing Budget\")\n .budgetFilter(BudgetBudgetFilterArgs.builder()\n .projects(String.format(\"projects/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build())\n .amount(BudgetAmountArgs.builder()\n .specifiedAmount(BudgetAmountSpecifiedAmountArgs.builder()\n .currencyCode(\"USD\")\n .units(\"100000\")\n .build())\n .build())\n .allUpdatesRule(BudgetAllUpdatesRuleArgs.builder()\n .monitoringNotificationChannels()\n .enableProjectLevelRecipients(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n budget:\n type: gcp:billing:Budget\n properties:\n billingAccount: ${account.id}\n displayName: Example Billing Budget\n budgetFilter:\n projects:\n - projects/${project.number}\n amount:\n specifiedAmount:\n currencyCode: USD\n units: '100000'\n allUpdatesRule:\n monitoringNotificationChannels: []\n enableProjectLevelRecipients: true\nvariables:\n account:\n fn::invoke:\n Function: gcp:organizations:getBillingAccount\n Arguments:\n billingAccount: 000000-0000000-0000000-000000\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Billing Budget Customperiod\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst account = gcp.organizations.getBillingAccount({\n billingAccount: \"000000-0000000-0000000-000000\",\n});\nconst project = gcp.organizations.getProject({});\nconst budget = new gcp.billing.Budget(\"budget\", {\n billingAccount: account.then(account =\u003e account.id),\n displayName: \"Example Billing Budget\",\n budgetFilter: {\n projects: [project.then(project =\u003e `projects/${project.number}`)],\n creditTypesTreatment: \"EXCLUDE_ALL_CREDITS\",\n services: [\"services/24E6-581D-38E5\"],\n customPeriod: {\n startDate: {\n year: 2022,\n month: 1,\n day: 1,\n },\n endDate: {\n year: 2023,\n month: 12,\n day: 31,\n },\n },\n },\n amount: {\n specifiedAmount: {\n currencyCode: \"USD\",\n units: \"100000\",\n },\n },\n thresholdRules: [\n {\n thresholdPercent: 0.5,\n },\n {\n thresholdPercent: 0.9,\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\naccount = gcp.organizations.get_billing_account(billing_account=\"000000-0000000-0000000-000000\")\nproject = gcp.organizations.get_project()\nbudget = gcp.billing.Budget(\"budget\",\n billing_account=account.id,\n display_name=\"Example Billing Budget\",\n budget_filter={\n \"projects\": [f\"projects/{project.number}\"],\n \"credit_types_treatment\": \"EXCLUDE_ALL_CREDITS\",\n \"services\": [\"services/24E6-581D-38E5\"],\n \"custom_period\": {\n \"start_date\": {\n \"year\": 2022,\n \"month\": 1,\n \"day\": 1,\n },\n \"end_date\": {\n \"year\": 2023,\n \"month\": 12,\n \"day\": 31,\n },\n },\n },\n amount={\n \"specified_amount\": {\n \"currency_code\": \"USD\",\n \"units\": \"100000\",\n },\n },\n threshold_rules=[\n {\n \"threshold_percent\": 0.5,\n },\n {\n \"threshold_percent\": 0.9,\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var account = Gcp.Organizations.GetBillingAccount.Invoke(new()\n {\n BillingAccount = \"000000-0000000-0000000-000000\",\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var budget = new Gcp.Billing.Budget(\"budget\", new()\n {\n BillingAccount = account.Apply(getBillingAccountResult =\u003e getBillingAccountResult.Id),\n DisplayName = \"Example Billing Budget\",\n BudgetFilter = new Gcp.Billing.Inputs.BudgetBudgetFilterArgs\n {\n Projects = new[]\n {\n $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}\",\n },\n CreditTypesTreatment = \"EXCLUDE_ALL_CREDITS\",\n Services = new[]\n {\n \"services/24E6-581D-38E5\",\n },\n CustomPeriod = new Gcp.Billing.Inputs.BudgetBudgetFilterCustomPeriodArgs\n {\n StartDate = new Gcp.Billing.Inputs.BudgetBudgetFilterCustomPeriodStartDateArgs\n {\n Year = 2022,\n Month = 1,\n Day = 1,\n },\n EndDate = new Gcp.Billing.Inputs.BudgetBudgetFilterCustomPeriodEndDateArgs\n {\n Year = 2023,\n Month = 12,\n Day = 31,\n },\n },\n },\n Amount = new Gcp.Billing.Inputs.BudgetAmountArgs\n {\n SpecifiedAmount = new Gcp.Billing.Inputs.BudgetAmountSpecifiedAmountArgs\n {\n CurrencyCode = \"USD\",\n Units = \"100000\",\n },\n },\n ThresholdRules = new[]\n {\n new Gcp.Billing.Inputs.BudgetThresholdRuleArgs\n {\n ThresholdPercent = 0.5,\n },\n new Gcp.Billing.Inputs.BudgetThresholdRuleArgs\n {\n ThresholdPercent = 0.9,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\taccount, err := organizations.GetBillingAccount(ctx, \u0026organizations.GetBillingAccountArgs{\n\t\t\tBillingAccount: pulumi.StringRef(\"000000-0000000-0000000-000000\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = billing.NewBudget(ctx, \"budget\", \u0026billing.BudgetArgs{\n\t\t\tBillingAccount: pulumi.String(account.Id),\n\t\t\tDisplayName: pulumi.String(\"Example Billing Budget\"),\n\t\t\tBudgetFilter: \u0026billing.BudgetBudgetFilterArgs{\n\t\t\t\tProjects: pulumi.StringArray{\n\t\t\t\t\tpulumi.Sprintf(\"projects/%v\", project.Number),\n\t\t\t\t},\n\t\t\t\tCreditTypesTreatment: pulumi.String(\"EXCLUDE_ALL_CREDITS\"),\n\t\t\t\tServices: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"services/24E6-581D-38E5\"),\n\t\t\t\t},\n\t\t\t\tCustomPeriod: \u0026billing.BudgetBudgetFilterCustomPeriodArgs{\n\t\t\t\t\tStartDate: \u0026billing.BudgetBudgetFilterCustomPeriodStartDateArgs{\n\t\t\t\t\t\tYear: pulumi.Int(2022),\n\t\t\t\t\t\tMonth: pulumi.Int(1),\n\t\t\t\t\t\tDay: pulumi.Int(1),\n\t\t\t\t\t},\n\t\t\t\t\tEndDate: \u0026billing.BudgetBudgetFilterCustomPeriodEndDateArgs{\n\t\t\t\t\t\tYear: pulumi.Int(2023),\n\t\t\t\t\t\tMonth: pulumi.Int(12),\n\t\t\t\t\t\tDay: pulumi.Int(31),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAmount: \u0026billing.BudgetAmountArgs{\n\t\t\t\tSpecifiedAmount: \u0026billing.BudgetAmountSpecifiedAmountArgs{\n\t\t\t\t\tCurrencyCode: pulumi.String(\"USD\"),\n\t\t\t\t\tUnits: pulumi.String(\"100000\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tThresholdRules: billing.BudgetThresholdRuleArray{\n\t\t\t\t\u0026billing.BudgetThresholdRuleArgs{\n\t\t\t\t\tThresholdPercent: pulumi.Float64(0.5),\n\t\t\t\t},\n\t\t\t\t\u0026billing.BudgetThresholdRuleArgs{\n\t\t\t\t\tThresholdPercent: pulumi.Float64(0.9),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetBillingAccountArgs;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.billing.Budget;\nimport com.pulumi.gcp.billing.BudgetArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetBudgetFilterArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetBudgetFilterCustomPeriodArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetBudgetFilterCustomPeriodStartDateArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetBudgetFilterCustomPeriodEndDateArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetAmountArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetAmountSpecifiedAmountArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetThresholdRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var account = OrganizationsFunctions.getBillingAccount(GetBillingAccountArgs.builder()\n .billingAccount(\"000000-0000000-0000000-000000\")\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var budget = new Budget(\"budget\", BudgetArgs.builder()\n .billingAccount(account.applyValue(getBillingAccountResult -\u003e getBillingAccountResult.id()))\n .displayName(\"Example Billing Budget\")\n .budgetFilter(BudgetBudgetFilterArgs.builder()\n .projects(String.format(\"projects/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .creditTypesTreatment(\"EXCLUDE_ALL_CREDITS\")\n .services(\"services/24E6-581D-38E5\")\n .customPeriod(BudgetBudgetFilterCustomPeriodArgs.builder()\n .startDate(BudgetBudgetFilterCustomPeriodStartDateArgs.builder()\n .year(2022)\n .month(1)\n .day(1)\n .build())\n .endDate(BudgetBudgetFilterCustomPeriodEndDateArgs.builder()\n .year(2023)\n .month(12)\n .day(31)\n .build())\n .build())\n .build())\n .amount(BudgetAmountArgs.builder()\n .specifiedAmount(BudgetAmountSpecifiedAmountArgs.builder()\n .currencyCode(\"USD\")\n .units(\"100000\")\n .build())\n .build())\n .thresholdRules( \n BudgetThresholdRuleArgs.builder()\n .thresholdPercent(0.5)\n .build(),\n BudgetThresholdRuleArgs.builder()\n .thresholdPercent(0.9)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n budget:\n type: gcp:billing:Budget\n properties:\n billingAccount: ${account.id}\n displayName: Example Billing Budget\n budgetFilter:\n projects:\n - projects/${project.number}\n creditTypesTreatment: EXCLUDE_ALL_CREDITS\n services:\n - services/24E6-581D-38E5\n customPeriod:\n startDate:\n year: 2022\n month: 1\n day: 1\n endDate:\n year: 2023\n month: 12\n day: 31\n amount:\n specifiedAmount:\n currencyCode: USD\n units: '100000'\n thresholdRules:\n - thresholdPercent: 0.5\n - thresholdPercent: 0.9\nvariables:\n account:\n fn::invoke:\n Function: gcp:organizations:getBillingAccount\n Arguments:\n billingAccount: 000000-0000000-0000000-000000\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nBudget can be imported using any of these accepted formats:\n\n* `billingAccounts/{{billing_account}}/budgets/{{name}}`\n\n* `{{billing_account}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Budget can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:billing/budget:Budget default billingAccounts/{{billing_account}}/budgets/{{name}}\n```\n\n```sh\n$ pulumi import gcp:billing/budget:Budget default {{billing_account}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:billing/budget:Budget default {{name}}\n```\n\n", + "description": "Budget configuration for a billing account.\n\n\nTo get more information about Budget, see:\n\n* [API documentation](https://cloud.google.com/billing/docs/reference/budget/rest/v1/billingAccounts.budgets)\n* How-to Guides\n * [Creating a budget](https://cloud.google.com/billing/docs/how-to/budgets)\n\n\u003e **Warning:** If you are using User ADCs (Application Default Credentials) with this resource,\nyou must specify a `billing_project` and set `user_project_override` to true\nin the provider configuration. Otherwise the Billing Budgets API will return a 403 error.\nYour account must have the `serviceusage.services.use` permission on the\n`billing_project` you defined.\n\n## Example Usage\n\n### Billing Budget Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst account = gcp.organizations.getBillingAccount({\n billingAccount: \"000000-0000000-0000000-000000\",\n});\nconst budget = new gcp.billing.Budget(\"budget\", {\n billingAccount: account.then(account =\u003e account.id),\n displayName: \"Example Billing Budget\",\n amount: {\n specifiedAmount: {\n currencyCode: \"USD\",\n units: \"100000\",\n },\n },\n thresholdRules: [{\n thresholdPercent: 0.5,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\naccount = gcp.organizations.get_billing_account(billing_account=\"000000-0000000-0000000-000000\")\nbudget = gcp.billing.Budget(\"budget\",\n billing_account=account.id,\n display_name=\"Example Billing Budget\",\n amount={\n \"specified_amount\": {\n \"currency_code\": \"USD\",\n \"units\": \"100000\",\n },\n },\n threshold_rules=[{\n \"threshold_percent\": 0.5,\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var account = Gcp.Organizations.GetBillingAccount.Invoke(new()\n {\n BillingAccount = \"000000-0000000-0000000-000000\",\n });\n\n var budget = new Gcp.Billing.Budget(\"budget\", new()\n {\n BillingAccount = account.Apply(getBillingAccountResult =\u003e getBillingAccountResult.Id),\n DisplayName = \"Example Billing Budget\",\n Amount = new Gcp.Billing.Inputs.BudgetAmountArgs\n {\n SpecifiedAmount = new Gcp.Billing.Inputs.BudgetAmountSpecifiedAmountArgs\n {\n CurrencyCode = \"USD\",\n Units = \"100000\",\n },\n },\n ThresholdRules = new[]\n {\n new Gcp.Billing.Inputs.BudgetThresholdRuleArgs\n {\n ThresholdPercent = 0.5,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\taccount, err := organizations.GetBillingAccount(ctx, \u0026organizations.GetBillingAccountArgs{\n\t\t\tBillingAccount: pulumi.StringRef(\"000000-0000000-0000000-000000\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = billing.NewBudget(ctx, \"budget\", \u0026billing.BudgetArgs{\n\t\t\tBillingAccount: pulumi.String(account.Id),\n\t\t\tDisplayName: pulumi.String(\"Example Billing Budget\"),\n\t\t\tAmount: \u0026billing.BudgetAmountArgs{\n\t\t\t\tSpecifiedAmount: \u0026billing.BudgetAmountSpecifiedAmountArgs{\n\t\t\t\t\tCurrencyCode: pulumi.String(\"USD\"),\n\t\t\t\t\tUnits: pulumi.String(\"100000\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tThresholdRules: billing.BudgetThresholdRuleArray{\n\t\t\t\t\u0026billing.BudgetThresholdRuleArgs{\n\t\t\t\t\tThresholdPercent: pulumi.Float64(0.5),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetBillingAccountArgs;\nimport com.pulumi.gcp.billing.Budget;\nimport com.pulumi.gcp.billing.BudgetArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetAmountArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetAmountSpecifiedAmountArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetThresholdRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var account = OrganizationsFunctions.getBillingAccount(GetBillingAccountArgs.builder()\n .billingAccount(\"000000-0000000-0000000-000000\")\n .build());\n\n var budget = new Budget(\"budget\", BudgetArgs.builder()\n .billingAccount(account.applyValue(getBillingAccountResult -\u003e getBillingAccountResult.id()))\n .displayName(\"Example Billing Budget\")\n .amount(BudgetAmountArgs.builder()\n .specifiedAmount(BudgetAmountSpecifiedAmountArgs.builder()\n .currencyCode(\"USD\")\n .units(\"100000\")\n .build())\n .build())\n .thresholdRules(BudgetThresholdRuleArgs.builder()\n .thresholdPercent(0.5)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n budget:\n type: gcp:billing:Budget\n properties:\n billingAccount: ${account.id}\n displayName: Example Billing Budget\n amount:\n specifiedAmount:\n currencyCode: USD\n units: '100000'\n thresholdRules:\n - thresholdPercent: 0.5\nvariables:\n account:\n fn::invoke:\n function: gcp:organizations:getBillingAccount\n arguments:\n billingAccount: 000000-0000000-0000000-000000\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Billing Budget Lastperiod\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst account = gcp.organizations.getBillingAccount({\n billingAccount: \"000000-0000000-0000000-000000\",\n});\nconst project = gcp.organizations.getProject({});\nconst budget = new gcp.billing.Budget(\"budget\", {\n billingAccount: account.then(account =\u003e account.id),\n displayName: \"Example Billing Budget\",\n budgetFilter: {\n projects: [project.then(project =\u003e `projects/${project.number}`)],\n },\n amount: {\n lastPeriodAmount: true,\n },\n thresholdRules: [{\n thresholdPercent: 10,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\naccount = gcp.organizations.get_billing_account(billing_account=\"000000-0000000-0000000-000000\")\nproject = gcp.organizations.get_project()\nbudget = gcp.billing.Budget(\"budget\",\n billing_account=account.id,\n display_name=\"Example Billing Budget\",\n budget_filter={\n \"projects\": [f\"projects/{project.number}\"],\n },\n amount={\n \"last_period_amount\": True,\n },\n threshold_rules=[{\n \"threshold_percent\": 10,\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var account = Gcp.Organizations.GetBillingAccount.Invoke(new()\n {\n BillingAccount = \"000000-0000000-0000000-000000\",\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var budget = new Gcp.Billing.Budget(\"budget\", new()\n {\n BillingAccount = account.Apply(getBillingAccountResult =\u003e getBillingAccountResult.Id),\n DisplayName = \"Example Billing Budget\",\n BudgetFilter = new Gcp.Billing.Inputs.BudgetBudgetFilterArgs\n {\n Projects = new[]\n {\n $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}\",\n },\n },\n Amount = new Gcp.Billing.Inputs.BudgetAmountArgs\n {\n LastPeriodAmount = true,\n },\n ThresholdRules = new[]\n {\n new Gcp.Billing.Inputs.BudgetThresholdRuleArgs\n {\n ThresholdPercent = 10,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\taccount, err := organizations.GetBillingAccount(ctx, \u0026organizations.GetBillingAccountArgs{\n\t\t\tBillingAccount: pulumi.StringRef(\"000000-0000000-0000000-000000\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = billing.NewBudget(ctx, \"budget\", \u0026billing.BudgetArgs{\n\t\t\tBillingAccount: pulumi.String(account.Id),\n\t\t\tDisplayName: pulumi.String(\"Example Billing Budget\"),\n\t\t\tBudgetFilter: \u0026billing.BudgetBudgetFilterArgs{\n\t\t\t\tProjects: pulumi.StringArray{\n\t\t\t\t\tpulumi.Sprintf(\"projects/%v\", project.Number),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAmount: \u0026billing.BudgetAmountArgs{\n\t\t\t\tLastPeriodAmount: pulumi.Bool(true),\n\t\t\t},\n\t\t\tThresholdRules: billing.BudgetThresholdRuleArray{\n\t\t\t\t\u0026billing.BudgetThresholdRuleArgs{\n\t\t\t\t\tThresholdPercent: pulumi.Float64(10),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetBillingAccountArgs;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.billing.Budget;\nimport com.pulumi.gcp.billing.BudgetArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetBudgetFilterArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetAmountArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetThresholdRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var account = OrganizationsFunctions.getBillingAccount(GetBillingAccountArgs.builder()\n .billingAccount(\"000000-0000000-0000000-000000\")\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var budget = new Budget(\"budget\", BudgetArgs.builder()\n .billingAccount(account.applyValue(getBillingAccountResult -\u003e getBillingAccountResult.id()))\n .displayName(\"Example Billing Budget\")\n .budgetFilter(BudgetBudgetFilterArgs.builder()\n .projects(String.format(\"projects/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build())\n .amount(BudgetAmountArgs.builder()\n .lastPeriodAmount(true)\n .build())\n .thresholdRules(BudgetThresholdRuleArgs.builder()\n .thresholdPercent(10)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n budget:\n type: gcp:billing:Budget\n properties:\n billingAccount: ${account.id}\n displayName: Example Billing Budget\n budgetFilter:\n projects:\n - projects/${project.number}\n amount:\n lastPeriodAmount: true\n thresholdRules:\n - thresholdPercent: 10\nvariables:\n account:\n fn::invoke:\n function: gcp:organizations:getBillingAccount\n arguments:\n billingAccount: 000000-0000000-0000000-000000\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Billing Budget Filter\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst account = gcp.organizations.getBillingAccount({\n billingAccount: \"000000-0000000-0000000-000000\",\n});\nconst project = gcp.organizations.getProject({});\nconst budget = new gcp.billing.Budget(\"budget\", {\n billingAccount: account.then(account =\u003e account.id),\n displayName: \"Example Billing Budget\",\n budgetFilter: {\n projects: [project.then(project =\u003e `projects/${project.number}`)],\n creditTypesTreatment: \"INCLUDE_SPECIFIED_CREDITS\",\n services: [\"services/24E6-581D-38E5\"],\n creditTypes: [\n \"PROMOTION\",\n \"FREE_TIER\",\n ],\n resourceAncestors: [\"organizations/123456789\"],\n },\n amount: {\n specifiedAmount: {\n currencyCode: \"USD\",\n units: \"100000\",\n },\n },\n thresholdRules: [\n {\n thresholdPercent: 0.5,\n },\n {\n thresholdPercent: 0.9,\n spendBasis: \"FORECASTED_SPEND\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\naccount = gcp.organizations.get_billing_account(billing_account=\"000000-0000000-0000000-000000\")\nproject = gcp.organizations.get_project()\nbudget = gcp.billing.Budget(\"budget\",\n billing_account=account.id,\n display_name=\"Example Billing Budget\",\n budget_filter={\n \"projects\": [f\"projects/{project.number}\"],\n \"credit_types_treatment\": \"INCLUDE_SPECIFIED_CREDITS\",\n \"services\": [\"services/24E6-581D-38E5\"],\n \"credit_types\": [\n \"PROMOTION\",\n \"FREE_TIER\",\n ],\n \"resource_ancestors\": [\"organizations/123456789\"],\n },\n amount={\n \"specified_amount\": {\n \"currency_code\": \"USD\",\n \"units\": \"100000\",\n },\n },\n threshold_rules=[\n {\n \"threshold_percent\": 0.5,\n },\n {\n \"threshold_percent\": 0.9,\n \"spend_basis\": \"FORECASTED_SPEND\",\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var account = Gcp.Organizations.GetBillingAccount.Invoke(new()\n {\n BillingAccount = \"000000-0000000-0000000-000000\",\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var budget = new Gcp.Billing.Budget(\"budget\", new()\n {\n BillingAccount = account.Apply(getBillingAccountResult =\u003e getBillingAccountResult.Id),\n DisplayName = \"Example Billing Budget\",\n BudgetFilter = new Gcp.Billing.Inputs.BudgetBudgetFilterArgs\n {\n Projects = new[]\n {\n $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}\",\n },\n CreditTypesTreatment = \"INCLUDE_SPECIFIED_CREDITS\",\n Services = new[]\n {\n \"services/24E6-581D-38E5\",\n },\n CreditTypes = new[]\n {\n \"PROMOTION\",\n \"FREE_TIER\",\n },\n ResourceAncestors = new[]\n {\n \"organizations/123456789\",\n },\n },\n Amount = new Gcp.Billing.Inputs.BudgetAmountArgs\n {\n SpecifiedAmount = new Gcp.Billing.Inputs.BudgetAmountSpecifiedAmountArgs\n {\n CurrencyCode = \"USD\",\n Units = \"100000\",\n },\n },\n ThresholdRules = new[]\n {\n new Gcp.Billing.Inputs.BudgetThresholdRuleArgs\n {\n ThresholdPercent = 0.5,\n },\n new Gcp.Billing.Inputs.BudgetThresholdRuleArgs\n {\n ThresholdPercent = 0.9,\n SpendBasis = \"FORECASTED_SPEND\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\taccount, err := organizations.GetBillingAccount(ctx, \u0026organizations.GetBillingAccountArgs{\n\t\t\tBillingAccount: pulumi.StringRef(\"000000-0000000-0000000-000000\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = billing.NewBudget(ctx, \"budget\", \u0026billing.BudgetArgs{\n\t\t\tBillingAccount: pulumi.String(account.Id),\n\t\t\tDisplayName: pulumi.String(\"Example Billing Budget\"),\n\t\t\tBudgetFilter: \u0026billing.BudgetBudgetFilterArgs{\n\t\t\t\tProjects: pulumi.StringArray{\n\t\t\t\t\tpulumi.Sprintf(\"projects/%v\", project.Number),\n\t\t\t\t},\n\t\t\t\tCreditTypesTreatment: pulumi.String(\"INCLUDE_SPECIFIED_CREDITS\"),\n\t\t\t\tServices: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"services/24E6-581D-38E5\"),\n\t\t\t\t},\n\t\t\t\tCreditTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"PROMOTION\"),\n\t\t\t\t\tpulumi.String(\"FREE_TIER\"),\n\t\t\t\t},\n\t\t\t\tResourceAncestors: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"organizations/123456789\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAmount: \u0026billing.BudgetAmountArgs{\n\t\t\t\tSpecifiedAmount: \u0026billing.BudgetAmountSpecifiedAmountArgs{\n\t\t\t\t\tCurrencyCode: pulumi.String(\"USD\"),\n\t\t\t\t\tUnits: pulumi.String(\"100000\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tThresholdRules: billing.BudgetThresholdRuleArray{\n\t\t\t\t\u0026billing.BudgetThresholdRuleArgs{\n\t\t\t\t\tThresholdPercent: pulumi.Float64(0.5),\n\t\t\t\t},\n\t\t\t\t\u0026billing.BudgetThresholdRuleArgs{\n\t\t\t\t\tThresholdPercent: pulumi.Float64(0.9),\n\t\t\t\t\tSpendBasis: pulumi.String(\"FORECASTED_SPEND\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetBillingAccountArgs;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.billing.Budget;\nimport com.pulumi.gcp.billing.BudgetArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetBudgetFilterArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetAmountArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetAmountSpecifiedAmountArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetThresholdRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var account = OrganizationsFunctions.getBillingAccount(GetBillingAccountArgs.builder()\n .billingAccount(\"000000-0000000-0000000-000000\")\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var budget = new Budget(\"budget\", BudgetArgs.builder()\n .billingAccount(account.applyValue(getBillingAccountResult -\u003e getBillingAccountResult.id()))\n .displayName(\"Example Billing Budget\")\n .budgetFilter(BudgetBudgetFilterArgs.builder()\n .projects(String.format(\"projects/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .creditTypesTreatment(\"INCLUDE_SPECIFIED_CREDITS\")\n .services(\"services/24E6-581D-38E5\")\n .creditTypes( \n \"PROMOTION\",\n \"FREE_TIER\")\n .resourceAncestors(\"organizations/123456789\")\n .build())\n .amount(BudgetAmountArgs.builder()\n .specifiedAmount(BudgetAmountSpecifiedAmountArgs.builder()\n .currencyCode(\"USD\")\n .units(\"100000\")\n .build())\n .build())\n .thresholdRules( \n BudgetThresholdRuleArgs.builder()\n .thresholdPercent(0.5)\n .build(),\n BudgetThresholdRuleArgs.builder()\n .thresholdPercent(0.9)\n .spendBasis(\"FORECASTED_SPEND\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n budget:\n type: gcp:billing:Budget\n properties:\n billingAccount: ${account.id}\n displayName: Example Billing Budget\n budgetFilter:\n projects:\n - projects/${project.number}\n creditTypesTreatment: INCLUDE_SPECIFIED_CREDITS\n services:\n - services/24E6-581D-38E5\n creditTypes:\n - PROMOTION\n - FREE_TIER\n resourceAncestors:\n - organizations/123456789\n amount:\n specifiedAmount:\n currencyCode: USD\n units: '100000'\n thresholdRules:\n - thresholdPercent: 0.5\n - thresholdPercent: 0.9\n spendBasis: FORECASTED_SPEND\nvariables:\n account:\n fn::invoke:\n function: gcp:organizations:getBillingAccount\n arguments:\n billingAccount: 000000-0000000-0000000-000000\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Billing Budget Notify\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst account = gcp.organizations.getBillingAccount({\n billingAccount: \"000000-0000000-0000000-000000\",\n});\nconst project = gcp.organizations.getProject({});\nconst notificationChannel = new gcp.monitoring.NotificationChannel(\"notification_channel\", {\n displayName: \"Example Notification Channel\",\n type: \"email\",\n labels: {\n email_address: \"address@example.com\",\n },\n});\nconst budget = new gcp.billing.Budget(\"budget\", {\n billingAccount: account.then(account =\u003e account.id),\n displayName: \"Example Billing Budget\",\n budgetFilter: {\n projects: [project.then(project =\u003e `projects/${project.number}`)],\n },\n amount: {\n specifiedAmount: {\n currencyCode: \"USD\",\n units: \"100000\",\n },\n },\n thresholdRules: [\n {\n thresholdPercent: 1,\n },\n {\n thresholdPercent: 1,\n spendBasis: \"FORECASTED_SPEND\",\n },\n ],\n allUpdatesRule: {\n monitoringNotificationChannels: [notificationChannel.id],\n disableDefaultIamRecipients: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\naccount = gcp.organizations.get_billing_account(billing_account=\"000000-0000000-0000000-000000\")\nproject = gcp.organizations.get_project()\nnotification_channel = gcp.monitoring.NotificationChannel(\"notification_channel\",\n display_name=\"Example Notification Channel\",\n type=\"email\",\n labels={\n \"email_address\": \"address@example.com\",\n })\nbudget = gcp.billing.Budget(\"budget\",\n billing_account=account.id,\n display_name=\"Example Billing Budget\",\n budget_filter={\n \"projects\": [f\"projects/{project.number}\"],\n },\n amount={\n \"specified_amount\": {\n \"currency_code\": \"USD\",\n \"units\": \"100000\",\n },\n },\n threshold_rules=[\n {\n \"threshold_percent\": 1,\n },\n {\n \"threshold_percent\": 1,\n \"spend_basis\": \"FORECASTED_SPEND\",\n },\n ],\n all_updates_rule={\n \"monitoring_notification_channels\": [notification_channel.id],\n \"disable_default_iam_recipients\": True,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var account = Gcp.Organizations.GetBillingAccount.Invoke(new()\n {\n BillingAccount = \"000000-0000000-0000000-000000\",\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var notificationChannel = new Gcp.Monitoring.NotificationChannel(\"notification_channel\", new()\n {\n DisplayName = \"Example Notification Channel\",\n Type = \"email\",\n Labels = \n {\n { \"email_address\", \"address@example.com\" },\n },\n });\n\n var budget = new Gcp.Billing.Budget(\"budget\", new()\n {\n BillingAccount = account.Apply(getBillingAccountResult =\u003e getBillingAccountResult.Id),\n DisplayName = \"Example Billing Budget\",\n BudgetFilter = new Gcp.Billing.Inputs.BudgetBudgetFilterArgs\n {\n Projects = new[]\n {\n $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}\",\n },\n },\n Amount = new Gcp.Billing.Inputs.BudgetAmountArgs\n {\n SpecifiedAmount = new Gcp.Billing.Inputs.BudgetAmountSpecifiedAmountArgs\n {\n CurrencyCode = \"USD\",\n Units = \"100000\",\n },\n },\n ThresholdRules = new[]\n {\n new Gcp.Billing.Inputs.BudgetThresholdRuleArgs\n {\n ThresholdPercent = 1,\n },\n new Gcp.Billing.Inputs.BudgetThresholdRuleArgs\n {\n ThresholdPercent = 1,\n SpendBasis = \"FORECASTED_SPEND\",\n },\n },\n AllUpdatesRule = new Gcp.Billing.Inputs.BudgetAllUpdatesRuleArgs\n {\n MonitoringNotificationChannels = new[]\n {\n notificationChannel.Id,\n },\n DisableDefaultIamRecipients = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/monitoring\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\taccount, err := organizations.GetBillingAccount(ctx, \u0026organizations.GetBillingAccountArgs{\n\t\t\tBillingAccount: pulumi.StringRef(\"000000-0000000-0000000-000000\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnotificationChannel, err := monitoring.NewNotificationChannel(ctx, \"notification_channel\", \u0026monitoring.NotificationChannelArgs{\n\t\t\tDisplayName: pulumi.String(\"Example Notification Channel\"),\n\t\t\tType: pulumi.String(\"email\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"email_address\": pulumi.String(\"address@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = billing.NewBudget(ctx, \"budget\", \u0026billing.BudgetArgs{\n\t\t\tBillingAccount: pulumi.String(account.Id),\n\t\t\tDisplayName: pulumi.String(\"Example Billing Budget\"),\n\t\t\tBudgetFilter: \u0026billing.BudgetBudgetFilterArgs{\n\t\t\t\tProjects: pulumi.StringArray{\n\t\t\t\t\tpulumi.Sprintf(\"projects/%v\", project.Number),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAmount: \u0026billing.BudgetAmountArgs{\n\t\t\t\tSpecifiedAmount: \u0026billing.BudgetAmountSpecifiedAmountArgs{\n\t\t\t\t\tCurrencyCode: pulumi.String(\"USD\"),\n\t\t\t\t\tUnits: pulumi.String(\"100000\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tThresholdRules: billing.BudgetThresholdRuleArray{\n\t\t\t\t\u0026billing.BudgetThresholdRuleArgs{\n\t\t\t\t\tThresholdPercent: pulumi.Float64(1),\n\t\t\t\t},\n\t\t\t\t\u0026billing.BudgetThresholdRuleArgs{\n\t\t\t\t\tThresholdPercent: pulumi.Float64(1),\n\t\t\t\t\tSpendBasis: pulumi.String(\"FORECASTED_SPEND\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAllUpdatesRule: \u0026billing.BudgetAllUpdatesRuleArgs{\n\t\t\t\tMonitoringNotificationChannels: pulumi.StringArray{\n\t\t\t\t\tnotificationChannel.ID(),\n\t\t\t\t},\n\t\t\t\tDisableDefaultIamRecipients: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetBillingAccountArgs;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.monitoring.NotificationChannel;\nimport com.pulumi.gcp.monitoring.NotificationChannelArgs;\nimport com.pulumi.gcp.billing.Budget;\nimport com.pulumi.gcp.billing.BudgetArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetBudgetFilterArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetAmountArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetAmountSpecifiedAmountArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetThresholdRuleArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetAllUpdatesRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var account = OrganizationsFunctions.getBillingAccount(GetBillingAccountArgs.builder()\n .billingAccount(\"000000-0000000-0000000-000000\")\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var notificationChannel = new NotificationChannel(\"notificationChannel\", NotificationChannelArgs.builder()\n .displayName(\"Example Notification Channel\")\n .type(\"email\")\n .labels(Map.of(\"email_address\", \"address@example.com\"))\n .build());\n\n var budget = new Budget(\"budget\", BudgetArgs.builder()\n .billingAccount(account.applyValue(getBillingAccountResult -\u003e getBillingAccountResult.id()))\n .displayName(\"Example Billing Budget\")\n .budgetFilter(BudgetBudgetFilterArgs.builder()\n .projects(String.format(\"projects/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build())\n .amount(BudgetAmountArgs.builder()\n .specifiedAmount(BudgetAmountSpecifiedAmountArgs.builder()\n .currencyCode(\"USD\")\n .units(\"100000\")\n .build())\n .build())\n .thresholdRules( \n BudgetThresholdRuleArgs.builder()\n .thresholdPercent(1)\n .build(),\n BudgetThresholdRuleArgs.builder()\n .thresholdPercent(1)\n .spendBasis(\"FORECASTED_SPEND\")\n .build())\n .allUpdatesRule(BudgetAllUpdatesRuleArgs.builder()\n .monitoringNotificationChannels(notificationChannel.id())\n .disableDefaultIamRecipients(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n budget:\n type: gcp:billing:Budget\n properties:\n billingAccount: ${account.id}\n displayName: Example Billing Budget\n budgetFilter:\n projects:\n - projects/${project.number}\n amount:\n specifiedAmount:\n currencyCode: USD\n units: '100000'\n thresholdRules:\n - thresholdPercent: 1\n - thresholdPercent: 1\n spendBasis: FORECASTED_SPEND\n allUpdatesRule:\n monitoringNotificationChannels:\n - ${notificationChannel.id}\n disableDefaultIamRecipients: true\n notificationChannel:\n type: gcp:monitoring:NotificationChannel\n name: notification_channel\n properties:\n displayName: Example Notification Channel\n type: email\n labels:\n email_address: address@example.com\nvariables:\n account:\n fn::invoke:\n function: gcp:organizations:getBillingAccount\n arguments:\n billingAccount: 000000-0000000-0000000-000000\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Billing Budget Notify Project Recipient\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst account = gcp.organizations.getBillingAccount({\n billingAccount: \"000000-0000000-0000000-000000\",\n});\nconst project = gcp.organizations.getProject({});\nconst budget = new gcp.billing.Budget(\"budget\", {\n billingAccount: account.then(account =\u003e account.id),\n displayName: \"Example Billing Budget\",\n budgetFilter: {\n projects: [project.then(project =\u003e `projects/${project.number}`)],\n },\n amount: {\n specifiedAmount: {\n currencyCode: \"USD\",\n units: \"100000\",\n },\n },\n allUpdatesRule: {\n monitoringNotificationChannels: [],\n enableProjectLevelRecipients: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\naccount = gcp.organizations.get_billing_account(billing_account=\"000000-0000000-0000000-000000\")\nproject = gcp.organizations.get_project()\nbudget = gcp.billing.Budget(\"budget\",\n billing_account=account.id,\n display_name=\"Example Billing Budget\",\n budget_filter={\n \"projects\": [f\"projects/{project.number}\"],\n },\n amount={\n \"specified_amount\": {\n \"currency_code\": \"USD\",\n \"units\": \"100000\",\n },\n },\n all_updates_rule={\n \"monitoring_notification_channels\": [],\n \"enable_project_level_recipients\": True,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var account = Gcp.Organizations.GetBillingAccount.Invoke(new()\n {\n BillingAccount = \"000000-0000000-0000000-000000\",\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var budget = new Gcp.Billing.Budget(\"budget\", new()\n {\n BillingAccount = account.Apply(getBillingAccountResult =\u003e getBillingAccountResult.Id),\n DisplayName = \"Example Billing Budget\",\n BudgetFilter = new Gcp.Billing.Inputs.BudgetBudgetFilterArgs\n {\n Projects = new[]\n {\n $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}\",\n },\n },\n Amount = new Gcp.Billing.Inputs.BudgetAmountArgs\n {\n SpecifiedAmount = new Gcp.Billing.Inputs.BudgetAmountSpecifiedAmountArgs\n {\n CurrencyCode = \"USD\",\n Units = \"100000\",\n },\n },\n AllUpdatesRule = new Gcp.Billing.Inputs.BudgetAllUpdatesRuleArgs\n {\n MonitoringNotificationChannels = new() { },\n EnableProjectLevelRecipients = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\taccount, err := organizations.GetBillingAccount(ctx, \u0026organizations.GetBillingAccountArgs{\n\t\t\tBillingAccount: pulumi.StringRef(\"000000-0000000-0000000-000000\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = billing.NewBudget(ctx, \"budget\", \u0026billing.BudgetArgs{\n\t\t\tBillingAccount: pulumi.String(account.Id),\n\t\t\tDisplayName: pulumi.String(\"Example Billing Budget\"),\n\t\t\tBudgetFilter: \u0026billing.BudgetBudgetFilterArgs{\n\t\t\t\tProjects: pulumi.StringArray{\n\t\t\t\t\tpulumi.Sprintf(\"projects/%v\", project.Number),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAmount: \u0026billing.BudgetAmountArgs{\n\t\t\t\tSpecifiedAmount: \u0026billing.BudgetAmountSpecifiedAmountArgs{\n\t\t\t\t\tCurrencyCode: pulumi.String(\"USD\"),\n\t\t\t\t\tUnits: pulumi.String(\"100000\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAllUpdatesRule: \u0026billing.BudgetAllUpdatesRuleArgs{\n\t\t\t\tMonitoringNotificationChannels: pulumi.StringArray{},\n\t\t\t\tEnableProjectLevelRecipients: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetBillingAccountArgs;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.billing.Budget;\nimport com.pulumi.gcp.billing.BudgetArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetBudgetFilterArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetAmountArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetAmountSpecifiedAmountArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetAllUpdatesRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var account = OrganizationsFunctions.getBillingAccount(GetBillingAccountArgs.builder()\n .billingAccount(\"000000-0000000-0000000-000000\")\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var budget = new Budget(\"budget\", BudgetArgs.builder()\n .billingAccount(account.applyValue(getBillingAccountResult -\u003e getBillingAccountResult.id()))\n .displayName(\"Example Billing Budget\")\n .budgetFilter(BudgetBudgetFilterArgs.builder()\n .projects(String.format(\"projects/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build())\n .amount(BudgetAmountArgs.builder()\n .specifiedAmount(BudgetAmountSpecifiedAmountArgs.builder()\n .currencyCode(\"USD\")\n .units(\"100000\")\n .build())\n .build())\n .allUpdatesRule(BudgetAllUpdatesRuleArgs.builder()\n .monitoringNotificationChannels()\n .enableProjectLevelRecipients(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n budget:\n type: gcp:billing:Budget\n properties:\n billingAccount: ${account.id}\n displayName: Example Billing Budget\n budgetFilter:\n projects:\n - projects/${project.number}\n amount:\n specifiedAmount:\n currencyCode: USD\n units: '100000'\n allUpdatesRule:\n monitoringNotificationChannels: []\n enableProjectLevelRecipients: true\nvariables:\n account:\n fn::invoke:\n function: gcp:organizations:getBillingAccount\n arguments:\n billingAccount: 000000-0000000-0000000-000000\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Billing Budget Customperiod\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst account = gcp.organizations.getBillingAccount({\n billingAccount: \"000000-0000000-0000000-000000\",\n});\nconst project = gcp.organizations.getProject({});\nconst budget = new gcp.billing.Budget(\"budget\", {\n billingAccount: account.then(account =\u003e account.id),\n displayName: \"Example Billing Budget\",\n budgetFilter: {\n projects: [project.then(project =\u003e `projects/${project.number}`)],\n creditTypesTreatment: \"EXCLUDE_ALL_CREDITS\",\n services: [\"services/24E6-581D-38E5\"],\n customPeriod: {\n startDate: {\n year: 2022,\n month: 1,\n day: 1,\n },\n endDate: {\n year: 2023,\n month: 12,\n day: 31,\n },\n },\n },\n amount: {\n specifiedAmount: {\n currencyCode: \"USD\",\n units: \"100000\",\n },\n },\n thresholdRules: [\n {\n thresholdPercent: 0.5,\n },\n {\n thresholdPercent: 0.9,\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\naccount = gcp.organizations.get_billing_account(billing_account=\"000000-0000000-0000000-000000\")\nproject = gcp.organizations.get_project()\nbudget = gcp.billing.Budget(\"budget\",\n billing_account=account.id,\n display_name=\"Example Billing Budget\",\n budget_filter={\n \"projects\": [f\"projects/{project.number}\"],\n \"credit_types_treatment\": \"EXCLUDE_ALL_CREDITS\",\n \"services\": [\"services/24E6-581D-38E5\"],\n \"custom_period\": {\n \"start_date\": {\n \"year\": 2022,\n \"month\": 1,\n \"day\": 1,\n },\n \"end_date\": {\n \"year\": 2023,\n \"month\": 12,\n \"day\": 31,\n },\n },\n },\n amount={\n \"specified_amount\": {\n \"currency_code\": \"USD\",\n \"units\": \"100000\",\n },\n },\n threshold_rules=[\n {\n \"threshold_percent\": 0.5,\n },\n {\n \"threshold_percent\": 0.9,\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var account = Gcp.Organizations.GetBillingAccount.Invoke(new()\n {\n BillingAccount = \"000000-0000000-0000000-000000\",\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var budget = new Gcp.Billing.Budget(\"budget\", new()\n {\n BillingAccount = account.Apply(getBillingAccountResult =\u003e getBillingAccountResult.Id),\n DisplayName = \"Example Billing Budget\",\n BudgetFilter = new Gcp.Billing.Inputs.BudgetBudgetFilterArgs\n {\n Projects = new[]\n {\n $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}\",\n },\n CreditTypesTreatment = \"EXCLUDE_ALL_CREDITS\",\n Services = new[]\n {\n \"services/24E6-581D-38E5\",\n },\n CustomPeriod = new Gcp.Billing.Inputs.BudgetBudgetFilterCustomPeriodArgs\n {\n StartDate = new Gcp.Billing.Inputs.BudgetBudgetFilterCustomPeriodStartDateArgs\n {\n Year = 2022,\n Month = 1,\n Day = 1,\n },\n EndDate = new Gcp.Billing.Inputs.BudgetBudgetFilterCustomPeriodEndDateArgs\n {\n Year = 2023,\n Month = 12,\n Day = 31,\n },\n },\n },\n Amount = new Gcp.Billing.Inputs.BudgetAmountArgs\n {\n SpecifiedAmount = new Gcp.Billing.Inputs.BudgetAmountSpecifiedAmountArgs\n {\n CurrencyCode = \"USD\",\n Units = \"100000\",\n },\n },\n ThresholdRules = new[]\n {\n new Gcp.Billing.Inputs.BudgetThresholdRuleArgs\n {\n ThresholdPercent = 0.5,\n },\n new Gcp.Billing.Inputs.BudgetThresholdRuleArgs\n {\n ThresholdPercent = 0.9,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\taccount, err := organizations.GetBillingAccount(ctx, \u0026organizations.GetBillingAccountArgs{\n\t\t\tBillingAccount: pulumi.StringRef(\"000000-0000000-0000000-000000\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = billing.NewBudget(ctx, \"budget\", \u0026billing.BudgetArgs{\n\t\t\tBillingAccount: pulumi.String(account.Id),\n\t\t\tDisplayName: pulumi.String(\"Example Billing Budget\"),\n\t\t\tBudgetFilter: \u0026billing.BudgetBudgetFilterArgs{\n\t\t\t\tProjects: pulumi.StringArray{\n\t\t\t\t\tpulumi.Sprintf(\"projects/%v\", project.Number),\n\t\t\t\t},\n\t\t\t\tCreditTypesTreatment: pulumi.String(\"EXCLUDE_ALL_CREDITS\"),\n\t\t\t\tServices: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"services/24E6-581D-38E5\"),\n\t\t\t\t},\n\t\t\t\tCustomPeriod: \u0026billing.BudgetBudgetFilterCustomPeriodArgs{\n\t\t\t\t\tStartDate: \u0026billing.BudgetBudgetFilterCustomPeriodStartDateArgs{\n\t\t\t\t\t\tYear: pulumi.Int(2022),\n\t\t\t\t\t\tMonth: pulumi.Int(1),\n\t\t\t\t\t\tDay: pulumi.Int(1),\n\t\t\t\t\t},\n\t\t\t\t\tEndDate: \u0026billing.BudgetBudgetFilterCustomPeriodEndDateArgs{\n\t\t\t\t\t\tYear: pulumi.Int(2023),\n\t\t\t\t\t\tMonth: pulumi.Int(12),\n\t\t\t\t\t\tDay: pulumi.Int(31),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAmount: \u0026billing.BudgetAmountArgs{\n\t\t\t\tSpecifiedAmount: \u0026billing.BudgetAmountSpecifiedAmountArgs{\n\t\t\t\t\tCurrencyCode: pulumi.String(\"USD\"),\n\t\t\t\t\tUnits: pulumi.String(\"100000\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tThresholdRules: billing.BudgetThresholdRuleArray{\n\t\t\t\t\u0026billing.BudgetThresholdRuleArgs{\n\t\t\t\t\tThresholdPercent: pulumi.Float64(0.5),\n\t\t\t\t},\n\t\t\t\t\u0026billing.BudgetThresholdRuleArgs{\n\t\t\t\t\tThresholdPercent: pulumi.Float64(0.9),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetBillingAccountArgs;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.billing.Budget;\nimport com.pulumi.gcp.billing.BudgetArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetBudgetFilterArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetBudgetFilterCustomPeriodArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetBudgetFilterCustomPeriodStartDateArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetBudgetFilterCustomPeriodEndDateArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetAmountArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetAmountSpecifiedAmountArgs;\nimport com.pulumi.gcp.billing.inputs.BudgetThresholdRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var account = OrganizationsFunctions.getBillingAccount(GetBillingAccountArgs.builder()\n .billingAccount(\"000000-0000000-0000000-000000\")\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var budget = new Budget(\"budget\", BudgetArgs.builder()\n .billingAccount(account.applyValue(getBillingAccountResult -\u003e getBillingAccountResult.id()))\n .displayName(\"Example Billing Budget\")\n .budgetFilter(BudgetBudgetFilterArgs.builder()\n .projects(String.format(\"projects/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .creditTypesTreatment(\"EXCLUDE_ALL_CREDITS\")\n .services(\"services/24E6-581D-38E5\")\n .customPeriod(BudgetBudgetFilterCustomPeriodArgs.builder()\n .startDate(BudgetBudgetFilterCustomPeriodStartDateArgs.builder()\n .year(2022)\n .month(1)\n .day(1)\n .build())\n .endDate(BudgetBudgetFilterCustomPeriodEndDateArgs.builder()\n .year(2023)\n .month(12)\n .day(31)\n .build())\n .build())\n .build())\n .amount(BudgetAmountArgs.builder()\n .specifiedAmount(BudgetAmountSpecifiedAmountArgs.builder()\n .currencyCode(\"USD\")\n .units(\"100000\")\n .build())\n .build())\n .thresholdRules( \n BudgetThresholdRuleArgs.builder()\n .thresholdPercent(0.5)\n .build(),\n BudgetThresholdRuleArgs.builder()\n .thresholdPercent(0.9)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n budget:\n type: gcp:billing:Budget\n properties:\n billingAccount: ${account.id}\n displayName: Example Billing Budget\n budgetFilter:\n projects:\n - projects/${project.number}\n creditTypesTreatment: EXCLUDE_ALL_CREDITS\n services:\n - services/24E6-581D-38E5\n customPeriod:\n startDate:\n year: 2022\n month: 1\n day: 1\n endDate:\n year: 2023\n month: 12\n day: 31\n amount:\n specifiedAmount:\n currencyCode: USD\n units: '100000'\n thresholdRules:\n - thresholdPercent: 0.5\n - thresholdPercent: 0.9\nvariables:\n account:\n fn::invoke:\n function: gcp:organizations:getBillingAccount\n arguments:\n billingAccount: 000000-0000000-0000000-000000\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nBudget can be imported using any of these accepted formats:\n\n* `billingAccounts/{{billing_account}}/budgets/{{name}}`\n\n* `{{billing_account}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Budget can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:billing/budget:Budget default billingAccounts/{{billing_account}}/budgets/{{name}}\n```\n\n```sh\n$ pulumi import gcp:billing/budget:Budget default {{billing_account}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:billing/budget:Budget default {{name}}\n```\n\n", "properties": { "allUpdatesRule": { "$ref": "#/types/gcp:billing/BudgetAllUpdatesRule:BudgetAllUpdatesRule", @@ -146011,7 +146011,7 @@ } }, "gcp:binaryauthorization/attestor:Attestor": { - "description": "An attestor that attests to container image artifacts.\n\n\nTo get more information about Attestor, see:\n\n* [API documentation](https://cloud.google.com/binary-authorization/docs/reference/rest/)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/binary-authorization/)\n\n## Example Usage\n\n### Binary Authorization Attestor Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst note = new gcp.containeranalysis.Note(\"note\", {\n name: \"test-attestor-note\",\n attestationAuthority: {\n hint: {\n humanReadableName: \"Attestor Note\",\n },\n },\n});\nconst attestor = new gcp.binaryauthorization.Attestor(\"attestor\", {\n name: \"test-attestor\",\n attestationAuthorityNote: {\n noteReference: note.name,\n publicKeys: [{\n asciiArmoredPgpPublicKey: `mQENBFtP0doBCADF+joTiXWKVuP8kJt3fgpBSjT9h8ezMfKA4aXZctYLx5wslWQl\nbB7Iu2ezkECNzoEeU7WxUe8a61pMCh9cisS9H5mB2K2uM4Jnf8tgFeXn3akJDVo0\noR1IC+Dp9mXbRSK3MAvKkOwWlG99sx3uEdvmeBRHBOO+grchLx24EThXFOyP9Fk6\nV39j6xMjw4aggLD15B4V0v9JqBDdJiIYFzszZDL6pJwZrzcP0z8JO4rTZd+f64bD\nMpj52j/pQfA8lZHOaAgb1OrthLdMrBAjoDjArV4Ek7vSbrcgYWcI6BhsQrFoxKdX\n83TZKai55ZCfCLIskwUIzA1NLVwyzCS+fSN/ABEBAAG0KCJUZXN0IEF0dGVzdG9y\nIiA8ZGFuYWhvZmZtYW5AZ29vZ2xlLmNvbT6JAU4EEwEIADgWIQRfWkqHt6hpTA1L\nuY060eeM4dc66AUCW0/R2gIbLwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRA6\n0eeM4dc66HdpCAC4ot3b0OyxPb0Ip+WT2U0PbpTBPJklesuwpIrM4Lh0N+1nVRLC\n51WSmVbM8BiAFhLbN9LpdHhds1kUrHF7+wWAjdR8sqAj9otc6HGRM/3qfa2qgh+U\nWTEk/3us/rYSi7T7TkMuutRMIa1IkR13uKiW56csEMnbOQpn9rDqwIr5R8nlZP5h\nMAU9vdm1DIv567meMqTaVZgR3w7bck2P49AO8lO5ERFpVkErtu/98y+rUy9d789l\n+OPuS1NGnxI1YKsNaWJF4uJVuvQuZ1twrhCbGNtVorO2U12+cEq+YtUxj7kmdOC1\nqoIRW6y0+UlAc+MbqfL0ziHDOAmcqz1GnROg\n=6Bvm\n`,\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnote = gcp.containeranalysis.Note(\"note\",\n name=\"test-attestor-note\",\n attestation_authority={\n \"hint\": {\n \"human_readable_name\": \"Attestor Note\",\n },\n })\nattestor = gcp.binaryauthorization.Attestor(\"attestor\",\n name=\"test-attestor\",\n attestation_authority_note={\n \"note_reference\": note.name,\n \"public_keys\": [{\n \"ascii_armored_pgp_public_key\": \"\"\"mQENBFtP0doBCADF+joTiXWKVuP8kJt3fgpBSjT9h8ezMfKA4aXZctYLx5wslWQl\nbB7Iu2ezkECNzoEeU7WxUe8a61pMCh9cisS9H5mB2K2uM4Jnf8tgFeXn3akJDVo0\noR1IC+Dp9mXbRSK3MAvKkOwWlG99sx3uEdvmeBRHBOO+grchLx24EThXFOyP9Fk6\nV39j6xMjw4aggLD15B4V0v9JqBDdJiIYFzszZDL6pJwZrzcP0z8JO4rTZd+f64bD\nMpj52j/pQfA8lZHOaAgb1OrthLdMrBAjoDjArV4Ek7vSbrcgYWcI6BhsQrFoxKdX\n83TZKai55ZCfCLIskwUIzA1NLVwyzCS+fSN/ABEBAAG0KCJUZXN0IEF0dGVzdG9y\nIiA8ZGFuYWhvZmZtYW5AZ29vZ2xlLmNvbT6JAU4EEwEIADgWIQRfWkqHt6hpTA1L\nuY060eeM4dc66AUCW0/R2gIbLwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRA6\n0eeM4dc66HdpCAC4ot3b0OyxPb0Ip+WT2U0PbpTBPJklesuwpIrM4Lh0N+1nVRLC\n51WSmVbM8BiAFhLbN9LpdHhds1kUrHF7+wWAjdR8sqAj9otc6HGRM/3qfa2qgh+U\nWTEk/3us/rYSi7T7TkMuutRMIa1IkR13uKiW56csEMnbOQpn9rDqwIr5R8nlZP5h\nMAU9vdm1DIv567meMqTaVZgR3w7bck2P49AO8lO5ERFpVkErtu/98y+rUy9d789l\n+OPuS1NGnxI1YKsNaWJF4uJVuvQuZ1twrhCbGNtVorO2U12+cEq+YtUxj7kmdOC1\nqoIRW6y0+UlAc+MbqfL0ziHDOAmcqz1GnROg\n=6Bvm\n\"\"\",\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var note = new Gcp.ContainerAnalysis.Note(\"note\", new()\n {\n Name = \"test-attestor-note\",\n AttestationAuthority = new Gcp.ContainerAnalysis.Inputs.NoteAttestationAuthorityArgs\n {\n Hint = new Gcp.ContainerAnalysis.Inputs.NoteAttestationAuthorityHintArgs\n {\n HumanReadableName = \"Attestor Note\",\n },\n },\n });\n\n var attestor = new Gcp.BinaryAuthorization.Attestor(\"attestor\", new()\n {\n Name = \"test-attestor\",\n AttestationAuthorityNote = new Gcp.BinaryAuthorization.Inputs.AttestorAttestationAuthorityNoteArgs\n {\n NoteReference = note.Name,\n PublicKeys = new[]\n {\n new Gcp.BinaryAuthorization.Inputs.AttestorAttestationAuthorityNotePublicKeyArgs\n {\n AsciiArmoredPgpPublicKey = @\"mQENBFtP0doBCADF+joTiXWKVuP8kJt3fgpBSjT9h8ezMfKA4aXZctYLx5wslWQl\nbB7Iu2ezkECNzoEeU7WxUe8a61pMCh9cisS9H5mB2K2uM4Jnf8tgFeXn3akJDVo0\noR1IC+Dp9mXbRSK3MAvKkOwWlG99sx3uEdvmeBRHBOO+grchLx24EThXFOyP9Fk6\nV39j6xMjw4aggLD15B4V0v9JqBDdJiIYFzszZDL6pJwZrzcP0z8JO4rTZd+f64bD\nMpj52j/pQfA8lZHOaAgb1OrthLdMrBAjoDjArV4Ek7vSbrcgYWcI6BhsQrFoxKdX\n83TZKai55ZCfCLIskwUIzA1NLVwyzCS+fSN/ABEBAAG0KCJUZXN0IEF0dGVzdG9y\nIiA8ZGFuYWhvZmZtYW5AZ29vZ2xlLmNvbT6JAU4EEwEIADgWIQRfWkqHt6hpTA1L\nuY060eeM4dc66AUCW0/R2gIbLwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRA6\n0eeM4dc66HdpCAC4ot3b0OyxPb0Ip+WT2U0PbpTBPJklesuwpIrM4Lh0N+1nVRLC\n51WSmVbM8BiAFhLbN9LpdHhds1kUrHF7+wWAjdR8sqAj9otc6HGRM/3qfa2qgh+U\nWTEk/3us/rYSi7T7TkMuutRMIa1IkR13uKiW56csEMnbOQpn9rDqwIr5R8nlZP5h\nMAU9vdm1DIv567meMqTaVZgR3w7bck2P49AO8lO5ERFpVkErtu/98y+rUy9d789l\n+OPuS1NGnxI1YKsNaWJF4uJVuvQuZ1twrhCbGNtVorO2U12+cEq+YtUxj7kmdOC1\nqoIRW6y0+UlAc+MbqfL0ziHDOAmcqz1GnROg\n=6Bvm\n\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnote, err := containeranalysis.NewNote(ctx, \"note\", \u0026containeranalysis.NoteArgs{\n\t\t\tName: pulumi.String(\"test-attestor-note\"),\n\t\t\tAttestationAuthority: \u0026containeranalysis.NoteAttestationAuthorityArgs{\n\t\t\t\tHint: \u0026containeranalysis.NoteAttestationAuthorityHintArgs{\n\t\t\t\t\tHumanReadableName: pulumi.String(\"Attestor Note\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = binaryauthorization.NewAttestor(ctx, \"attestor\", \u0026binaryauthorization.AttestorArgs{\n\t\t\tName: pulumi.String(\"test-attestor\"),\n\t\t\tAttestationAuthorityNote: \u0026binaryauthorization.AttestorAttestationAuthorityNoteArgs{\n\t\t\t\tNoteReference: note.Name,\n\t\t\t\tPublicKeys: binaryauthorization.AttestorAttestationAuthorityNotePublicKeyArray{\n\t\t\t\t\t\u0026binaryauthorization.AttestorAttestationAuthorityNotePublicKeyArgs{\n\t\t\t\t\t\tAsciiArmoredPgpPublicKey: pulumi.String(`mQENBFtP0doBCADF+joTiXWKVuP8kJt3fgpBSjT9h8ezMfKA4aXZctYLx5wslWQl\nbB7Iu2ezkECNzoEeU7WxUe8a61pMCh9cisS9H5mB2K2uM4Jnf8tgFeXn3akJDVo0\noR1IC+Dp9mXbRSK3MAvKkOwWlG99sx3uEdvmeBRHBOO+grchLx24EThXFOyP9Fk6\nV39j6xMjw4aggLD15B4V0v9JqBDdJiIYFzszZDL6pJwZrzcP0z8JO4rTZd+f64bD\nMpj52j/pQfA8lZHOaAgb1OrthLdMrBAjoDjArV4Ek7vSbrcgYWcI6BhsQrFoxKdX\n83TZKai55ZCfCLIskwUIzA1NLVwyzCS+fSN/ABEBAAG0KCJUZXN0IEF0dGVzdG9y\nIiA8ZGFuYWhvZmZtYW5AZ29vZ2xlLmNvbT6JAU4EEwEIADgWIQRfWkqHt6hpTA1L\nuY060eeM4dc66AUCW0/R2gIbLwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRA6\n0eeM4dc66HdpCAC4ot3b0OyxPb0Ip+WT2U0PbpTBPJklesuwpIrM4Lh0N+1nVRLC\n51WSmVbM8BiAFhLbN9LpdHhds1kUrHF7+wWAjdR8sqAj9otc6HGRM/3qfa2qgh+U\nWTEk/3us/rYSi7T7TkMuutRMIa1IkR13uKiW56csEMnbOQpn9rDqwIr5R8nlZP5h\nMAU9vdm1DIv567meMqTaVZgR3w7bck2P49AO8lO5ERFpVkErtu/98y+rUy9d789l\n+OPuS1NGnxI1YKsNaWJF4uJVuvQuZ1twrhCbGNtVorO2U12+cEq+YtUxj7kmdOC1\nqoIRW6y0+UlAc+MbqfL0ziHDOAmcqz1GnROg\n=6Bvm\n`),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.Note;\nimport com.pulumi.gcp.containeranalysis.NoteArgs;\nimport com.pulumi.gcp.containeranalysis.inputs.NoteAttestationAuthorityArgs;\nimport com.pulumi.gcp.containeranalysis.inputs.NoteAttestationAuthorityHintArgs;\nimport com.pulumi.gcp.binaryauthorization.Attestor;\nimport com.pulumi.gcp.binaryauthorization.AttestorArgs;\nimport com.pulumi.gcp.binaryauthorization.inputs.AttestorAttestationAuthorityNoteArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var note = new Note(\"note\", NoteArgs.builder()\n .name(\"test-attestor-note\")\n .attestationAuthority(NoteAttestationAuthorityArgs.builder()\n .hint(NoteAttestationAuthorityHintArgs.builder()\n .humanReadableName(\"Attestor Note\")\n .build())\n .build())\n .build());\n\n var attestor = new Attestor(\"attestor\", AttestorArgs.builder()\n .name(\"test-attestor\")\n .attestationAuthorityNote(AttestorAttestationAuthorityNoteArgs.builder()\n .noteReference(note.name())\n .publicKeys(AttestorAttestationAuthorityNotePublicKeyArgs.builder()\n .asciiArmoredPgpPublicKey(\"\"\"\nmQENBFtP0doBCADF+joTiXWKVuP8kJt3fgpBSjT9h8ezMfKA4aXZctYLx5wslWQl\nbB7Iu2ezkECNzoEeU7WxUe8a61pMCh9cisS9H5mB2K2uM4Jnf8tgFeXn3akJDVo0\noR1IC+Dp9mXbRSK3MAvKkOwWlG99sx3uEdvmeBRHBOO+grchLx24EThXFOyP9Fk6\nV39j6xMjw4aggLD15B4V0v9JqBDdJiIYFzszZDL6pJwZrzcP0z8JO4rTZd+f64bD\nMpj52j/pQfA8lZHOaAgb1OrthLdMrBAjoDjArV4Ek7vSbrcgYWcI6BhsQrFoxKdX\n83TZKai55ZCfCLIskwUIzA1NLVwyzCS+fSN/ABEBAAG0KCJUZXN0IEF0dGVzdG9y\nIiA8ZGFuYWhvZmZtYW5AZ29vZ2xlLmNvbT6JAU4EEwEIADgWIQRfWkqHt6hpTA1L\nuY060eeM4dc66AUCW0/R2gIbLwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRA6\n0eeM4dc66HdpCAC4ot3b0OyxPb0Ip+WT2U0PbpTBPJklesuwpIrM4Lh0N+1nVRLC\n51WSmVbM8BiAFhLbN9LpdHhds1kUrHF7+wWAjdR8sqAj9otc6HGRM/3qfa2qgh+U\nWTEk/3us/rYSi7T7TkMuutRMIa1IkR13uKiW56csEMnbOQpn9rDqwIr5R8nlZP5h\nMAU9vdm1DIv567meMqTaVZgR3w7bck2P49AO8lO5ERFpVkErtu/98y+rUy9d789l\n+OPuS1NGnxI1YKsNaWJF4uJVuvQuZ1twrhCbGNtVorO2U12+cEq+YtUxj7kmdOC1\nqoIRW6y0+UlAc+MbqfL0ziHDOAmcqz1GnROg\n=6Bvm\n \"\"\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n attestor:\n type: gcp:binaryauthorization:Attestor\n properties:\n name: test-attestor\n attestationAuthorityNote:\n noteReference: ${note.name}\n publicKeys:\n - asciiArmoredPgpPublicKey: |\n mQENBFtP0doBCADF+joTiXWKVuP8kJt3fgpBSjT9h8ezMfKA4aXZctYLx5wslWQl\n bB7Iu2ezkECNzoEeU7WxUe8a61pMCh9cisS9H5mB2K2uM4Jnf8tgFeXn3akJDVo0\n oR1IC+Dp9mXbRSK3MAvKkOwWlG99sx3uEdvmeBRHBOO+grchLx24EThXFOyP9Fk6\n V39j6xMjw4aggLD15B4V0v9JqBDdJiIYFzszZDL6pJwZrzcP0z8JO4rTZd+f64bD\n Mpj52j/pQfA8lZHOaAgb1OrthLdMrBAjoDjArV4Ek7vSbrcgYWcI6BhsQrFoxKdX\n 83TZKai55ZCfCLIskwUIzA1NLVwyzCS+fSN/ABEBAAG0KCJUZXN0IEF0dGVzdG9y\n IiA8ZGFuYWhvZmZtYW5AZ29vZ2xlLmNvbT6JAU4EEwEIADgWIQRfWkqHt6hpTA1L\n uY060eeM4dc66AUCW0/R2gIbLwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRA6\n 0eeM4dc66HdpCAC4ot3b0OyxPb0Ip+WT2U0PbpTBPJklesuwpIrM4Lh0N+1nVRLC\n 51WSmVbM8BiAFhLbN9LpdHhds1kUrHF7+wWAjdR8sqAj9otc6HGRM/3qfa2qgh+U\n WTEk/3us/rYSi7T7TkMuutRMIa1IkR13uKiW56csEMnbOQpn9rDqwIr5R8nlZP5h\n MAU9vdm1DIv567meMqTaVZgR3w7bck2P49AO8lO5ERFpVkErtu/98y+rUy9d789l\n +OPuS1NGnxI1YKsNaWJF4uJVuvQuZ1twrhCbGNtVorO2U12+cEq+YtUxj7kmdOC1\n qoIRW6y0+UlAc+MbqfL0ziHDOAmcqz1GnROg\n =6Bvm\n note:\n type: gcp:containeranalysis:Note\n properties:\n name: test-attestor-note\n attestationAuthority:\n hint:\n humanReadableName: Attestor Note\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Binary Authorization Attestor Kms\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"test-attestor-key-ring\",\n location: \"global\",\n});\nconst crypto_key = new gcp.kms.CryptoKey(\"crypto-key\", {\n name: \"test-attestor-key\",\n keyRing: keyring.id,\n purpose: \"ASYMMETRIC_SIGN\",\n versionTemplate: {\n algorithm: \"RSA_SIGN_PKCS1_4096_SHA512\",\n },\n});\nconst version = gcp.kms.getKMSCryptoKeyVersionOutput({\n cryptoKey: crypto_key.id,\n});\nconst note = new gcp.containeranalysis.Note(\"note\", {\n name: \"test-attestor-note\",\n attestationAuthority: {\n hint: {\n humanReadableName: \"Attestor Note\",\n },\n },\n});\nconst attestor = new gcp.binaryauthorization.Attestor(\"attestor\", {\n name: \"test-attestor\",\n attestationAuthorityNote: {\n noteReference: note.name,\n publicKeys: [{\n id: version.apply(version =\u003e version.id),\n pkixPublicKey: {\n publicKeyPem: version.apply(version =\u003e version.publicKeys?.[0]?.pem),\n signatureAlgorithm: version.apply(version =\u003e version.publicKeys?.[0]?.algorithm),\n },\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"test-attestor-key-ring\",\n location=\"global\")\ncrypto_key = gcp.kms.CryptoKey(\"crypto-key\",\n name=\"test-attestor-key\",\n key_ring=keyring.id,\n purpose=\"ASYMMETRIC_SIGN\",\n version_template={\n \"algorithm\": \"RSA_SIGN_PKCS1_4096_SHA512\",\n })\nversion = gcp.kms.get_kms_crypto_key_version_output(crypto_key=crypto_key.id)\nnote = gcp.containeranalysis.Note(\"note\",\n name=\"test-attestor-note\",\n attestation_authority={\n \"hint\": {\n \"human_readable_name\": \"Attestor Note\",\n },\n })\nattestor = gcp.binaryauthorization.Attestor(\"attestor\",\n name=\"test-attestor\",\n attestation_authority_note={\n \"note_reference\": note.name,\n \"public_keys\": [{\n \"id\": version.id,\n \"pkix_public_key\": {\n \"public_key_pem\": version.public_keys[0].pem,\n \"signature_algorithm\": version.public_keys[0].algorithm,\n },\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"test-attestor-key-ring\",\n Location = \"global\",\n });\n\n var crypto_key = new Gcp.Kms.CryptoKey(\"crypto-key\", new()\n {\n Name = \"test-attestor-key\",\n KeyRing = keyring.Id,\n Purpose = \"ASYMMETRIC_SIGN\",\n VersionTemplate = new Gcp.Kms.Inputs.CryptoKeyVersionTemplateArgs\n {\n Algorithm = \"RSA_SIGN_PKCS1_4096_SHA512\",\n },\n });\n\n var version = Gcp.Kms.GetKMSCryptoKeyVersion.Invoke(new()\n {\n CryptoKey = crypto_key.Id,\n });\n\n var note = new Gcp.ContainerAnalysis.Note(\"note\", new()\n {\n Name = \"test-attestor-note\",\n AttestationAuthority = new Gcp.ContainerAnalysis.Inputs.NoteAttestationAuthorityArgs\n {\n Hint = new Gcp.ContainerAnalysis.Inputs.NoteAttestationAuthorityHintArgs\n {\n HumanReadableName = \"Attestor Note\",\n },\n },\n });\n\n var attestor = new Gcp.BinaryAuthorization.Attestor(\"attestor\", new()\n {\n Name = \"test-attestor\",\n AttestationAuthorityNote = new Gcp.BinaryAuthorization.Inputs.AttestorAttestationAuthorityNoteArgs\n {\n NoteReference = note.Name,\n PublicKeys = new[]\n {\n new Gcp.BinaryAuthorization.Inputs.AttestorAttestationAuthorityNotePublicKeyArgs\n {\n Id = version.Apply(getKMSCryptoKeyVersionResult =\u003e getKMSCryptoKeyVersionResult.Id),\n PkixPublicKey = new Gcp.BinaryAuthorization.Inputs.AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs\n {\n PublicKeyPem = version.Apply(getKMSCryptoKeyVersionResult =\u003e getKMSCryptoKeyVersionResult.PublicKeys[0]?.Pem),\n SignatureAlgorithm = version.Apply(getKMSCryptoKeyVersionResult =\u003e getKMSCryptoKeyVersionResult.PublicKeys[0]?.Algorithm),\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"test-attestor-key-ring\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewCryptoKey(ctx, \"crypto-key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"test-attestor-key\"),\n\t\t\tKeyRing: keyring.ID(),\n\t\t\tPurpose: pulumi.String(\"ASYMMETRIC_SIGN\"),\n\t\t\tVersionTemplate: \u0026kms.CryptoKeyVersionTemplateArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_SIGN_PKCS1_4096_SHA512\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tversion := kms.GetKMSCryptoKeyVersionOutput(ctx, kms.GetKMSCryptoKeyVersionOutputArgs{\n\t\t\tCryptoKey: crypto_key.ID(),\n\t\t}, nil)\n\t\tnote, err := containeranalysis.NewNote(ctx, \"note\", \u0026containeranalysis.NoteArgs{\n\t\t\tName: pulumi.String(\"test-attestor-note\"),\n\t\t\tAttestationAuthority: \u0026containeranalysis.NoteAttestationAuthorityArgs{\n\t\t\t\tHint: \u0026containeranalysis.NoteAttestationAuthorityHintArgs{\n\t\t\t\t\tHumanReadableName: pulumi.String(\"Attestor Note\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = binaryauthorization.NewAttestor(ctx, \"attestor\", \u0026binaryauthorization.AttestorArgs{\n\t\t\tName: pulumi.String(\"test-attestor\"),\n\t\t\tAttestationAuthorityNote: \u0026binaryauthorization.AttestorAttestationAuthorityNoteArgs{\n\t\t\t\tNoteReference: note.Name,\n\t\t\t\tPublicKeys: binaryauthorization.AttestorAttestationAuthorityNotePublicKeyArray{\n\t\t\t\t\t\u0026binaryauthorization.AttestorAttestationAuthorityNotePublicKeyArgs{\n\t\t\t\t\t\tId: version.ApplyT(func(version kms.GetKMSCryptoKeyVersionResult) (*string, error) {\n\t\t\t\t\t\t\treturn \u0026version.Id, nil\n\t\t\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\t\t\tPkixPublicKey: \u0026binaryauthorization.AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs{\n\t\t\t\t\t\t\tPublicKeyPem: version.ApplyT(func(version kms.GetKMSCryptoKeyVersionResult) (*string, error) {\n\t\t\t\t\t\t\t\treturn \u0026version.PublicKeys[0].Pem, nil\n\t\t\t\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\t\t\t\tSignatureAlgorithm: version.ApplyT(func(version kms.GetKMSCryptoKeyVersionResult) (*string, error) {\n\t\t\t\t\t\t\t\treturn \u0026version.PublicKeys[0].Algorithm, nil\n\t\t\t\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.kms.inputs.CryptoKeyVersionTemplateArgs;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyVersionArgs;\nimport com.pulumi.gcp.containeranalysis.Note;\nimport com.pulumi.gcp.containeranalysis.NoteArgs;\nimport com.pulumi.gcp.containeranalysis.inputs.NoteAttestationAuthorityArgs;\nimport com.pulumi.gcp.containeranalysis.inputs.NoteAttestationAuthorityHintArgs;\nimport com.pulumi.gcp.binaryauthorization.Attestor;\nimport com.pulumi.gcp.binaryauthorization.AttestorArgs;\nimport com.pulumi.gcp.binaryauthorization.inputs.AttestorAttestationAuthorityNoteArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder()\n .name(\"test-attestor-key-ring\")\n .location(\"global\")\n .build());\n\n var crypto_key = new CryptoKey(\"crypto-key\", CryptoKeyArgs.builder()\n .name(\"test-attestor-key\")\n .keyRing(keyring.id())\n .purpose(\"ASYMMETRIC_SIGN\")\n .versionTemplate(CryptoKeyVersionTemplateArgs.builder()\n .algorithm(\"RSA_SIGN_PKCS1_4096_SHA512\")\n .build())\n .build());\n\n final var version = KmsFunctions.getKMSCryptoKeyVersion(GetKMSCryptoKeyVersionArgs.builder()\n .cryptoKey(crypto_key.id())\n .build());\n\n var note = new Note(\"note\", NoteArgs.builder()\n .name(\"test-attestor-note\")\n .attestationAuthority(NoteAttestationAuthorityArgs.builder()\n .hint(NoteAttestationAuthorityHintArgs.builder()\n .humanReadableName(\"Attestor Note\")\n .build())\n .build())\n .build());\n\n var attestor = new Attestor(\"attestor\", AttestorArgs.builder()\n .name(\"test-attestor\")\n .attestationAuthorityNote(AttestorAttestationAuthorityNoteArgs.builder()\n .noteReference(note.name())\n .publicKeys(AttestorAttestationAuthorityNotePublicKeyArgs.builder()\n .id(version.applyValue(getKMSCryptoKeyVersionResult -\u003e getKMSCryptoKeyVersionResult).applyValue(version -\u003e version.applyValue(getKMSCryptoKeyVersionResult -\u003e getKMSCryptoKeyVersionResult.id())))\n .pkixPublicKey(AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs.builder()\n .publicKeyPem(version.applyValue(getKMSCryptoKeyVersionResult -\u003e getKMSCryptoKeyVersionResult).applyValue(version -\u003e version.applyValue(getKMSCryptoKeyVersionResult -\u003e getKMSCryptoKeyVersionResult.publicKeys()[0].pem())))\n .signatureAlgorithm(version.applyValue(getKMSCryptoKeyVersionResult -\u003e getKMSCryptoKeyVersionResult).applyValue(version -\u003e version.applyValue(getKMSCryptoKeyVersionResult -\u003e getKMSCryptoKeyVersionResult.publicKeys()[0].algorithm())))\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n attestor:\n type: gcp:binaryauthorization:Attestor\n properties:\n name: test-attestor\n attestationAuthorityNote:\n noteReference: ${note.name}\n publicKeys:\n - id: ${version.id}\n pkixPublicKey:\n publicKeyPem: ${version.publicKeys[0].pem}\n signatureAlgorithm: ${version.publicKeys[0].algorithm}\n note:\n type: gcp:containeranalysis:Note\n properties:\n name: test-attestor-note\n attestationAuthority:\n hint:\n humanReadableName: Attestor Note\n crypto-key:\n type: gcp:kms:CryptoKey\n properties:\n name: test-attestor-key\n keyRing: ${keyring.id}\n purpose: ASYMMETRIC_SIGN\n versionTemplate:\n algorithm: RSA_SIGN_PKCS1_4096_SHA512\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: test-attestor-key-ring\n location: global\nvariables:\n version:\n fn::invoke:\n Function: gcp:kms:getKMSCryptoKeyVersion\n Arguments:\n cryptoKey: ${[\"crypto-key\"].id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAttestor can be imported using any of these accepted formats:\n\n* `projects/{{project}}/attestors/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Attestor can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestor:Attestor default projects/{{project}}/attestors/{{name}}\n```\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestor:Attestor default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestor:Attestor default {{name}}\n```\n\n", + "description": "An attestor that attests to container image artifacts.\n\n\nTo get more information about Attestor, see:\n\n* [API documentation](https://cloud.google.com/binary-authorization/docs/reference/rest/)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/binary-authorization/)\n\n## Example Usage\n\n### Binary Authorization Attestor Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst note = new gcp.containeranalysis.Note(\"note\", {\n name: \"test-attestor-note\",\n attestationAuthority: {\n hint: {\n humanReadableName: \"Attestor Note\",\n },\n },\n});\nconst attestor = new gcp.binaryauthorization.Attestor(\"attestor\", {\n name: \"test-attestor\",\n attestationAuthorityNote: {\n noteReference: note.name,\n publicKeys: [{\n asciiArmoredPgpPublicKey: `mQENBFtP0doBCADF+joTiXWKVuP8kJt3fgpBSjT9h8ezMfKA4aXZctYLx5wslWQl\nbB7Iu2ezkECNzoEeU7WxUe8a61pMCh9cisS9H5mB2K2uM4Jnf8tgFeXn3akJDVo0\noR1IC+Dp9mXbRSK3MAvKkOwWlG99sx3uEdvmeBRHBOO+grchLx24EThXFOyP9Fk6\nV39j6xMjw4aggLD15B4V0v9JqBDdJiIYFzszZDL6pJwZrzcP0z8JO4rTZd+f64bD\nMpj52j/pQfA8lZHOaAgb1OrthLdMrBAjoDjArV4Ek7vSbrcgYWcI6BhsQrFoxKdX\n83TZKai55ZCfCLIskwUIzA1NLVwyzCS+fSN/ABEBAAG0KCJUZXN0IEF0dGVzdG9y\nIiA8ZGFuYWhvZmZtYW5AZ29vZ2xlLmNvbT6JAU4EEwEIADgWIQRfWkqHt6hpTA1L\nuY060eeM4dc66AUCW0/R2gIbLwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRA6\n0eeM4dc66HdpCAC4ot3b0OyxPb0Ip+WT2U0PbpTBPJklesuwpIrM4Lh0N+1nVRLC\n51WSmVbM8BiAFhLbN9LpdHhds1kUrHF7+wWAjdR8sqAj9otc6HGRM/3qfa2qgh+U\nWTEk/3us/rYSi7T7TkMuutRMIa1IkR13uKiW56csEMnbOQpn9rDqwIr5R8nlZP5h\nMAU9vdm1DIv567meMqTaVZgR3w7bck2P49AO8lO5ERFpVkErtu/98y+rUy9d789l\n+OPuS1NGnxI1YKsNaWJF4uJVuvQuZ1twrhCbGNtVorO2U12+cEq+YtUxj7kmdOC1\nqoIRW6y0+UlAc+MbqfL0ziHDOAmcqz1GnROg\n=6Bvm\n`,\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnote = gcp.containeranalysis.Note(\"note\",\n name=\"test-attestor-note\",\n attestation_authority={\n \"hint\": {\n \"human_readable_name\": \"Attestor Note\",\n },\n })\nattestor = gcp.binaryauthorization.Attestor(\"attestor\",\n name=\"test-attestor\",\n attestation_authority_note={\n \"note_reference\": note.name,\n \"public_keys\": [{\n \"ascii_armored_pgp_public_key\": \"\"\"mQENBFtP0doBCADF+joTiXWKVuP8kJt3fgpBSjT9h8ezMfKA4aXZctYLx5wslWQl\nbB7Iu2ezkECNzoEeU7WxUe8a61pMCh9cisS9H5mB2K2uM4Jnf8tgFeXn3akJDVo0\noR1IC+Dp9mXbRSK3MAvKkOwWlG99sx3uEdvmeBRHBOO+grchLx24EThXFOyP9Fk6\nV39j6xMjw4aggLD15B4V0v9JqBDdJiIYFzszZDL6pJwZrzcP0z8JO4rTZd+f64bD\nMpj52j/pQfA8lZHOaAgb1OrthLdMrBAjoDjArV4Ek7vSbrcgYWcI6BhsQrFoxKdX\n83TZKai55ZCfCLIskwUIzA1NLVwyzCS+fSN/ABEBAAG0KCJUZXN0IEF0dGVzdG9y\nIiA8ZGFuYWhvZmZtYW5AZ29vZ2xlLmNvbT6JAU4EEwEIADgWIQRfWkqHt6hpTA1L\nuY060eeM4dc66AUCW0/R2gIbLwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRA6\n0eeM4dc66HdpCAC4ot3b0OyxPb0Ip+WT2U0PbpTBPJklesuwpIrM4Lh0N+1nVRLC\n51WSmVbM8BiAFhLbN9LpdHhds1kUrHF7+wWAjdR8sqAj9otc6HGRM/3qfa2qgh+U\nWTEk/3us/rYSi7T7TkMuutRMIa1IkR13uKiW56csEMnbOQpn9rDqwIr5R8nlZP5h\nMAU9vdm1DIv567meMqTaVZgR3w7bck2P49AO8lO5ERFpVkErtu/98y+rUy9d789l\n+OPuS1NGnxI1YKsNaWJF4uJVuvQuZ1twrhCbGNtVorO2U12+cEq+YtUxj7kmdOC1\nqoIRW6y0+UlAc+MbqfL0ziHDOAmcqz1GnROg\n=6Bvm\n\"\"\",\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var note = new Gcp.ContainerAnalysis.Note(\"note\", new()\n {\n Name = \"test-attestor-note\",\n AttestationAuthority = new Gcp.ContainerAnalysis.Inputs.NoteAttestationAuthorityArgs\n {\n Hint = new Gcp.ContainerAnalysis.Inputs.NoteAttestationAuthorityHintArgs\n {\n HumanReadableName = \"Attestor Note\",\n },\n },\n });\n\n var attestor = new Gcp.BinaryAuthorization.Attestor(\"attestor\", new()\n {\n Name = \"test-attestor\",\n AttestationAuthorityNote = new Gcp.BinaryAuthorization.Inputs.AttestorAttestationAuthorityNoteArgs\n {\n NoteReference = note.Name,\n PublicKeys = new[]\n {\n new Gcp.BinaryAuthorization.Inputs.AttestorAttestationAuthorityNotePublicKeyArgs\n {\n AsciiArmoredPgpPublicKey = @\"mQENBFtP0doBCADF+joTiXWKVuP8kJt3fgpBSjT9h8ezMfKA4aXZctYLx5wslWQl\nbB7Iu2ezkECNzoEeU7WxUe8a61pMCh9cisS9H5mB2K2uM4Jnf8tgFeXn3akJDVo0\noR1IC+Dp9mXbRSK3MAvKkOwWlG99sx3uEdvmeBRHBOO+grchLx24EThXFOyP9Fk6\nV39j6xMjw4aggLD15B4V0v9JqBDdJiIYFzszZDL6pJwZrzcP0z8JO4rTZd+f64bD\nMpj52j/pQfA8lZHOaAgb1OrthLdMrBAjoDjArV4Ek7vSbrcgYWcI6BhsQrFoxKdX\n83TZKai55ZCfCLIskwUIzA1NLVwyzCS+fSN/ABEBAAG0KCJUZXN0IEF0dGVzdG9y\nIiA8ZGFuYWhvZmZtYW5AZ29vZ2xlLmNvbT6JAU4EEwEIADgWIQRfWkqHt6hpTA1L\nuY060eeM4dc66AUCW0/R2gIbLwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRA6\n0eeM4dc66HdpCAC4ot3b0OyxPb0Ip+WT2U0PbpTBPJklesuwpIrM4Lh0N+1nVRLC\n51WSmVbM8BiAFhLbN9LpdHhds1kUrHF7+wWAjdR8sqAj9otc6HGRM/3qfa2qgh+U\nWTEk/3us/rYSi7T7TkMuutRMIa1IkR13uKiW56csEMnbOQpn9rDqwIr5R8nlZP5h\nMAU9vdm1DIv567meMqTaVZgR3w7bck2P49AO8lO5ERFpVkErtu/98y+rUy9d789l\n+OPuS1NGnxI1YKsNaWJF4uJVuvQuZ1twrhCbGNtVorO2U12+cEq+YtUxj7kmdOC1\nqoIRW6y0+UlAc+MbqfL0ziHDOAmcqz1GnROg\n=6Bvm\n\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnote, err := containeranalysis.NewNote(ctx, \"note\", \u0026containeranalysis.NoteArgs{\n\t\t\tName: pulumi.String(\"test-attestor-note\"),\n\t\t\tAttestationAuthority: \u0026containeranalysis.NoteAttestationAuthorityArgs{\n\t\t\t\tHint: \u0026containeranalysis.NoteAttestationAuthorityHintArgs{\n\t\t\t\t\tHumanReadableName: pulumi.String(\"Attestor Note\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = binaryauthorization.NewAttestor(ctx, \"attestor\", \u0026binaryauthorization.AttestorArgs{\n\t\t\tName: pulumi.String(\"test-attestor\"),\n\t\t\tAttestationAuthorityNote: \u0026binaryauthorization.AttestorAttestationAuthorityNoteArgs{\n\t\t\t\tNoteReference: note.Name,\n\t\t\t\tPublicKeys: binaryauthorization.AttestorAttestationAuthorityNotePublicKeyArray{\n\t\t\t\t\t\u0026binaryauthorization.AttestorAttestationAuthorityNotePublicKeyArgs{\n\t\t\t\t\t\tAsciiArmoredPgpPublicKey: pulumi.String(`mQENBFtP0doBCADF+joTiXWKVuP8kJt3fgpBSjT9h8ezMfKA4aXZctYLx5wslWQl\nbB7Iu2ezkECNzoEeU7WxUe8a61pMCh9cisS9H5mB2K2uM4Jnf8tgFeXn3akJDVo0\noR1IC+Dp9mXbRSK3MAvKkOwWlG99sx3uEdvmeBRHBOO+grchLx24EThXFOyP9Fk6\nV39j6xMjw4aggLD15B4V0v9JqBDdJiIYFzszZDL6pJwZrzcP0z8JO4rTZd+f64bD\nMpj52j/pQfA8lZHOaAgb1OrthLdMrBAjoDjArV4Ek7vSbrcgYWcI6BhsQrFoxKdX\n83TZKai55ZCfCLIskwUIzA1NLVwyzCS+fSN/ABEBAAG0KCJUZXN0IEF0dGVzdG9y\nIiA8ZGFuYWhvZmZtYW5AZ29vZ2xlLmNvbT6JAU4EEwEIADgWIQRfWkqHt6hpTA1L\nuY060eeM4dc66AUCW0/R2gIbLwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRA6\n0eeM4dc66HdpCAC4ot3b0OyxPb0Ip+WT2U0PbpTBPJklesuwpIrM4Lh0N+1nVRLC\n51WSmVbM8BiAFhLbN9LpdHhds1kUrHF7+wWAjdR8sqAj9otc6HGRM/3qfa2qgh+U\nWTEk/3us/rYSi7T7TkMuutRMIa1IkR13uKiW56csEMnbOQpn9rDqwIr5R8nlZP5h\nMAU9vdm1DIv567meMqTaVZgR3w7bck2P49AO8lO5ERFpVkErtu/98y+rUy9d789l\n+OPuS1NGnxI1YKsNaWJF4uJVuvQuZ1twrhCbGNtVorO2U12+cEq+YtUxj7kmdOC1\nqoIRW6y0+UlAc+MbqfL0ziHDOAmcqz1GnROg\n=6Bvm\n`),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.Note;\nimport com.pulumi.gcp.containeranalysis.NoteArgs;\nimport com.pulumi.gcp.containeranalysis.inputs.NoteAttestationAuthorityArgs;\nimport com.pulumi.gcp.containeranalysis.inputs.NoteAttestationAuthorityHintArgs;\nimport com.pulumi.gcp.binaryauthorization.Attestor;\nimport com.pulumi.gcp.binaryauthorization.AttestorArgs;\nimport com.pulumi.gcp.binaryauthorization.inputs.AttestorAttestationAuthorityNoteArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var note = new Note(\"note\", NoteArgs.builder()\n .name(\"test-attestor-note\")\n .attestationAuthority(NoteAttestationAuthorityArgs.builder()\n .hint(NoteAttestationAuthorityHintArgs.builder()\n .humanReadableName(\"Attestor Note\")\n .build())\n .build())\n .build());\n\n var attestor = new Attestor(\"attestor\", AttestorArgs.builder()\n .name(\"test-attestor\")\n .attestationAuthorityNote(AttestorAttestationAuthorityNoteArgs.builder()\n .noteReference(note.name())\n .publicKeys(AttestorAttestationAuthorityNotePublicKeyArgs.builder()\n .asciiArmoredPgpPublicKey(\"\"\"\nmQENBFtP0doBCADF+joTiXWKVuP8kJt3fgpBSjT9h8ezMfKA4aXZctYLx5wslWQl\nbB7Iu2ezkECNzoEeU7WxUe8a61pMCh9cisS9H5mB2K2uM4Jnf8tgFeXn3akJDVo0\noR1IC+Dp9mXbRSK3MAvKkOwWlG99sx3uEdvmeBRHBOO+grchLx24EThXFOyP9Fk6\nV39j6xMjw4aggLD15B4V0v9JqBDdJiIYFzszZDL6pJwZrzcP0z8JO4rTZd+f64bD\nMpj52j/pQfA8lZHOaAgb1OrthLdMrBAjoDjArV4Ek7vSbrcgYWcI6BhsQrFoxKdX\n83TZKai55ZCfCLIskwUIzA1NLVwyzCS+fSN/ABEBAAG0KCJUZXN0IEF0dGVzdG9y\nIiA8ZGFuYWhvZmZtYW5AZ29vZ2xlLmNvbT6JAU4EEwEIADgWIQRfWkqHt6hpTA1L\nuY060eeM4dc66AUCW0/R2gIbLwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRA6\n0eeM4dc66HdpCAC4ot3b0OyxPb0Ip+WT2U0PbpTBPJklesuwpIrM4Lh0N+1nVRLC\n51WSmVbM8BiAFhLbN9LpdHhds1kUrHF7+wWAjdR8sqAj9otc6HGRM/3qfa2qgh+U\nWTEk/3us/rYSi7T7TkMuutRMIa1IkR13uKiW56csEMnbOQpn9rDqwIr5R8nlZP5h\nMAU9vdm1DIv567meMqTaVZgR3w7bck2P49AO8lO5ERFpVkErtu/98y+rUy9d789l\n+OPuS1NGnxI1YKsNaWJF4uJVuvQuZ1twrhCbGNtVorO2U12+cEq+YtUxj7kmdOC1\nqoIRW6y0+UlAc+MbqfL0ziHDOAmcqz1GnROg\n=6Bvm\n \"\"\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n attestor:\n type: gcp:binaryauthorization:Attestor\n properties:\n name: test-attestor\n attestationAuthorityNote:\n noteReference: ${note.name}\n publicKeys:\n - asciiArmoredPgpPublicKey: |\n mQENBFtP0doBCADF+joTiXWKVuP8kJt3fgpBSjT9h8ezMfKA4aXZctYLx5wslWQl\n bB7Iu2ezkECNzoEeU7WxUe8a61pMCh9cisS9H5mB2K2uM4Jnf8tgFeXn3akJDVo0\n oR1IC+Dp9mXbRSK3MAvKkOwWlG99sx3uEdvmeBRHBOO+grchLx24EThXFOyP9Fk6\n V39j6xMjw4aggLD15B4V0v9JqBDdJiIYFzszZDL6pJwZrzcP0z8JO4rTZd+f64bD\n Mpj52j/pQfA8lZHOaAgb1OrthLdMrBAjoDjArV4Ek7vSbrcgYWcI6BhsQrFoxKdX\n 83TZKai55ZCfCLIskwUIzA1NLVwyzCS+fSN/ABEBAAG0KCJUZXN0IEF0dGVzdG9y\n IiA8ZGFuYWhvZmZtYW5AZ29vZ2xlLmNvbT6JAU4EEwEIADgWIQRfWkqHt6hpTA1L\n uY060eeM4dc66AUCW0/R2gIbLwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRA6\n 0eeM4dc66HdpCAC4ot3b0OyxPb0Ip+WT2U0PbpTBPJklesuwpIrM4Lh0N+1nVRLC\n 51WSmVbM8BiAFhLbN9LpdHhds1kUrHF7+wWAjdR8sqAj9otc6HGRM/3qfa2qgh+U\n WTEk/3us/rYSi7T7TkMuutRMIa1IkR13uKiW56csEMnbOQpn9rDqwIr5R8nlZP5h\n MAU9vdm1DIv567meMqTaVZgR3w7bck2P49AO8lO5ERFpVkErtu/98y+rUy9d789l\n +OPuS1NGnxI1YKsNaWJF4uJVuvQuZ1twrhCbGNtVorO2U12+cEq+YtUxj7kmdOC1\n qoIRW6y0+UlAc+MbqfL0ziHDOAmcqz1GnROg\n =6Bvm\n note:\n type: gcp:containeranalysis:Note\n properties:\n name: test-attestor-note\n attestationAuthority:\n hint:\n humanReadableName: Attestor Note\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Binary Authorization Attestor Kms\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"test-attestor-key-ring\",\n location: \"global\",\n});\nconst crypto_key = new gcp.kms.CryptoKey(\"crypto-key\", {\n name: \"test-attestor-key\",\n keyRing: keyring.id,\n purpose: \"ASYMMETRIC_SIGN\",\n versionTemplate: {\n algorithm: \"RSA_SIGN_PKCS1_4096_SHA512\",\n },\n});\nconst version = gcp.kms.getKMSCryptoKeyVersionOutput({\n cryptoKey: crypto_key.id,\n});\nconst note = new gcp.containeranalysis.Note(\"note\", {\n name: \"test-attestor-note\",\n attestationAuthority: {\n hint: {\n humanReadableName: \"Attestor Note\",\n },\n },\n});\nconst attestor = new gcp.binaryauthorization.Attestor(\"attestor\", {\n name: \"test-attestor\",\n attestationAuthorityNote: {\n noteReference: note.name,\n publicKeys: [{\n id: version.apply(version =\u003e version.id),\n pkixPublicKey: {\n publicKeyPem: version.apply(version =\u003e version.publicKeys?.[0]?.pem),\n signatureAlgorithm: version.apply(version =\u003e version.publicKeys?.[0]?.algorithm),\n },\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"test-attestor-key-ring\",\n location=\"global\")\ncrypto_key = gcp.kms.CryptoKey(\"crypto-key\",\n name=\"test-attestor-key\",\n key_ring=keyring.id,\n purpose=\"ASYMMETRIC_SIGN\",\n version_template={\n \"algorithm\": \"RSA_SIGN_PKCS1_4096_SHA512\",\n })\nversion = gcp.kms.get_kms_crypto_key_version_output(crypto_key=crypto_key.id)\nnote = gcp.containeranalysis.Note(\"note\",\n name=\"test-attestor-note\",\n attestation_authority={\n \"hint\": {\n \"human_readable_name\": \"Attestor Note\",\n },\n })\nattestor = gcp.binaryauthorization.Attestor(\"attestor\",\n name=\"test-attestor\",\n attestation_authority_note={\n \"note_reference\": note.name,\n \"public_keys\": [{\n \"id\": version.id,\n \"pkix_public_key\": {\n \"public_key_pem\": version.public_keys[0].pem,\n \"signature_algorithm\": version.public_keys[0].algorithm,\n },\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"test-attestor-key-ring\",\n Location = \"global\",\n });\n\n var crypto_key = new Gcp.Kms.CryptoKey(\"crypto-key\", new()\n {\n Name = \"test-attestor-key\",\n KeyRing = keyring.Id,\n Purpose = \"ASYMMETRIC_SIGN\",\n VersionTemplate = new Gcp.Kms.Inputs.CryptoKeyVersionTemplateArgs\n {\n Algorithm = \"RSA_SIGN_PKCS1_4096_SHA512\",\n },\n });\n\n var version = Gcp.Kms.GetKMSCryptoKeyVersion.Invoke(new()\n {\n CryptoKey = crypto_key.Id,\n });\n\n var note = new Gcp.ContainerAnalysis.Note(\"note\", new()\n {\n Name = \"test-attestor-note\",\n AttestationAuthority = new Gcp.ContainerAnalysis.Inputs.NoteAttestationAuthorityArgs\n {\n Hint = new Gcp.ContainerAnalysis.Inputs.NoteAttestationAuthorityHintArgs\n {\n HumanReadableName = \"Attestor Note\",\n },\n },\n });\n\n var attestor = new Gcp.BinaryAuthorization.Attestor(\"attestor\", new()\n {\n Name = \"test-attestor\",\n AttestationAuthorityNote = new Gcp.BinaryAuthorization.Inputs.AttestorAttestationAuthorityNoteArgs\n {\n NoteReference = note.Name,\n PublicKeys = new[]\n {\n new Gcp.BinaryAuthorization.Inputs.AttestorAttestationAuthorityNotePublicKeyArgs\n {\n Id = version.Apply(getKMSCryptoKeyVersionResult =\u003e getKMSCryptoKeyVersionResult.Id),\n PkixPublicKey = new Gcp.BinaryAuthorization.Inputs.AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs\n {\n PublicKeyPem = version.Apply(getKMSCryptoKeyVersionResult =\u003e getKMSCryptoKeyVersionResult.PublicKeys[0]?.Pem),\n SignatureAlgorithm = version.Apply(getKMSCryptoKeyVersionResult =\u003e getKMSCryptoKeyVersionResult.PublicKeys[0]?.Algorithm),\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"test-attestor-key-ring\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewCryptoKey(ctx, \"crypto-key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"test-attestor-key\"),\n\t\t\tKeyRing: keyring.ID(),\n\t\t\tPurpose: pulumi.String(\"ASYMMETRIC_SIGN\"),\n\t\t\tVersionTemplate: \u0026kms.CryptoKeyVersionTemplateArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_SIGN_PKCS1_4096_SHA512\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tversion := kms.GetKMSCryptoKeyVersionOutput(ctx, kms.GetKMSCryptoKeyVersionOutputArgs{\n\t\t\tCryptoKey: crypto_key.ID(),\n\t\t}, nil)\n\t\tnote, err := containeranalysis.NewNote(ctx, \"note\", \u0026containeranalysis.NoteArgs{\n\t\t\tName: pulumi.String(\"test-attestor-note\"),\n\t\t\tAttestationAuthority: \u0026containeranalysis.NoteAttestationAuthorityArgs{\n\t\t\t\tHint: \u0026containeranalysis.NoteAttestationAuthorityHintArgs{\n\t\t\t\t\tHumanReadableName: pulumi.String(\"Attestor Note\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = binaryauthorization.NewAttestor(ctx, \"attestor\", \u0026binaryauthorization.AttestorArgs{\n\t\t\tName: pulumi.String(\"test-attestor\"),\n\t\t\tAttestationAuthorityNote: \u0026binaryauthorization.AttestorAttestationAuthorityNoteArgs{\n\t\t\t\tNoteReference: note.Name,\n\t\t\t\tPublicKeys: binaryauthorization.AttestorAttestationAuthorityNotePublicKeyArray{\n\t\t\t\t\t\u0026binaryauthorization.AttestorAttestationAuthorityNotePublicKeyArgs{\n\t\t\t\t\t\tId: version.ApplyT(func(version kms.GetKMSCryptoKeyVersionResult) (*string, error) {\n\t\t\t\t\t\t\treturn \u0026version.Id, nil\n\t\t\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\t\t\tPkixPublicKey: \u0026binaryauthorization.AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs{\n\t\t\t\t\t\t\tPublicKeyPem: version.ApplyT(func(version kms.GetKMSCryptoKeyVersionResult) (*string, error) {\n\t\t\t\t\t\t\t\treturn \u0026version.PublicKeys[0].Pem, nil\n\t\t\t\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\t\t\t\tSignatureAlgorithm: version.ApplyT(func(version kms.GetKMSCryptoKeyVersionResult) (*string, error) {\n\t\t\t\t\t\t\t\treturn \u0026version.PublicKeys[0].Algorithm, nil\n\t\t\t\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.kms.inputs.CryptoKeyVersionTemplateArgs;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyVersionArgs;\nimport com.pulumi.gcp.containeranalysis.Note;\nimport com.pulumi.gcp.containeranalysis.NoteArgs;\nimport com.pulumi.gcp.containeranalysis.inputs.NoteAttestationAuthorityArgs;\nimport com.pulumi.gcp.containeranalysis.inputs.NoteAttestationAuthorityHintArgs;\nimport com.pulumi.gcp.binaryauthorization.Attestor;\nimport com.pulumi.gcp.binaryauthorization.AttestorArgs;\nimport com.pulumi.gcp.binaryauthorization.inputs.AttestorAttestationAuthorityNoteArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder()\n .name(\"test-attestor-key-ring\")\n .location(\"global\")\n .build());\n\n var crypto_key = new CryptoKey(\"crypto-key\", CryptoKeyArgs.builder()\n .name(\"test-attestor-key\")\n .keyRing(keyring.id())\n .purpose(\"ASYMMETRIC_SIGN\")\n .versionTemplate(CryptoKeyVersionTemplateArgs.builder()\n .algorithm(\"RSA_SIGN_PKCS1_4096_SHA512\")\n .build())\n .build());\n\n final var version = KmsFunctions.getKMSCryptoKeyVersion(GetKMSCryptoKeyVersionArgs.builder()\n .cryptoKey(crypto_key.id())\n .build());\n\n var note = new Note(\"note\", NoteArgs.builder()\n .name(\"test-attestor-note\")\n .attestationAuthority(NoteAttestationAuthorityArgs.builder()\n .hint(NoteAttestationAuthorityHintArgs.builder()\n .humanReadableName(\"Attestor Note\")\n .build())\n .build())\n .build());\n\n var attestor = new Attestor(\"attestor\", AttestorArgs.builder()\n .name(\"test-attestor\")\n .attestationAuthorityNote(AttestorAttestationAuthorityNoteArgs.builder()\n .noteReference(note.name())\n .publicKeys(AttestorAttestationAuthorityNotePublicKeyArgs.builder()\n .id(version.applyValue(getKMSCryptoKeyVersionResult -\u003e getKMSCryptoKeyVersionResult).applyValue(version -\u003e version.applyValue(getKMSCryptoKeyVersionResult -\u003e getKMSCryptoKeyVersionResult.id())))\n .pkixPublicKey(AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs.builder()\n .publicKeyPem(version.applyValue(getKMSCryptoKeyVersionResult -\u003e getKMSCryptoKeyVersionResult).applyValue(version -\u003e version.applyValue(getKMSCryptoKeyVersionResult -\u003e getKMSCryptoKeyVersionResult.publicKeys()[0].pem())))\n .signatureAlgorithm(version.applyValue(getKMSCryptoKeyVersionResult -\u003e getKMSCryptoKeyVersionResult).applyValue(version -\u003e version.applyValue(getKMSCryptoKeyVersionResult -\u003e getKMSCryptoKeyVersionResult.publicKeys()[0].algorithm())))\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n attestor:\n type: gcp:binaryauthorization:Attestor\n properties:\n name: test-attestor\n attestationAuthorityNote:\n noteReference: ${note.name}\n publicKeys:\n - id: ${version.id}\n pkixPublicKey:\n publicKeyPem: ${version.publicKeys[0].pem}\n signatureAlgorithm: ${version.publicKeys[0].algorithm}\n note:\n type: gcp:containeranalysis:Note\n properties:\n name: test-attestor-note\n attestationAuthority:\n hint:\n humanReadableName: Attestor Note\n crypto-key:\n type: gcp:kms:CryptoKey\n properties:\n name: test-attestor-key\n keyRing: ${keyring.id}\n purpose: ASYMMETRIC_SIGN\n versionTemplate:\n algorithm: RSA_SIGN_PKCS1_4096_SHA512\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: test-attestor-key-ring\n location: global\nvariables:\n version:\n fn::invoke:\n function: gcp:kms:getKMSCryptoKeyVersion\n arguments:\n cryptoKey: ${[\"crypto-key\"].id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAttestor can be imported using any of these accepted formats:\n\n* `projects/{{project}}/attestors/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Attestor can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestor:Attestor default projects/{{project}}/attestors/{{name}}\n```\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestor:Attestor default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestor:Attestor default {{name}}\n```\n\n", "properties": { "attestationAuthorityNote": { "$ref": "#/types/gcp:binaryauthorization/AttestorAttestationAuthorityNote:AttestorAttestationAuthorityNote", @@ -146081,7 +146081,7 @@ } }, "gcp:binaryauthorization/attestorIamBinding:AttestorIamBinding": { - "description": "Three different resources help you manage your IAM policy for Binary Authorization Attestor. Each of these resources serves a different use case:\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Authoritative. Sets the IAM policy for the attestor and replaces any existing policy already attached.\n* `gcp.binaryauthorization.AttestorIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the attestor are preserved.\n* `gcp.binaryauthorization.AttestorIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the attestor are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Retrieves the IAM policy for the attestor\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamPolicy` **cannot** be used in conjunction with `gcp.binaryauthorization.AttestorIamBinding` and `gcp.binaryauthorization.AttestorIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamBinding` resources **can be** used in conjunction with `gcp.binaryauthorization.AttestorIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.binaryauthorization.AttestorIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.binaryauthorization.AttestorIamPolicy(\"policy\", {\n project: attestor.project,\n attestor: attestor.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.binaryauthorization.AttestorIamPolicy(\"policy\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BinaryAuthorization.AttestorIamPolicy(\"policy\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = binaryauthorization.NewAttestorIamPolicy(ctx, \"policy\", \u0026binaryauthorization.AttestorIamPolicyArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicy;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AttestorIamPolicy(\"policy\", AttestorIamPolicyArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:binaryauthorization:AttestorIamPolicy\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.binaryauthorization.AttestorIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.binaryauthorization.AttestorIamBinding(\"binding\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.binaryauthorization.AttestorIamBinding(\"binding\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BinaryAuthorization.AttestorIamBinding(\"binding\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamBinding(ctx, \"binding\", \u0026binaryauthorization.AttestorIamBindingArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBinding;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AttestorIamBinding(\"binding\", AttestorIamBindingArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:binaryauthorization:AttestorIamBinding\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.binaryauthorization.AttestorIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.binaryauthorization.AttestorIamMember(\"member\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.binaryauthorization.AttestorIamMember(\"member\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BinaryAuthorization.AttestorIamMember(\"member\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamMember(ctx, \"member\", \u0026binaryauthorization.AttestorIamMemberArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMember;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AttestorIamMember(\"member\", AttestorIamMemberArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:binaryauthorization:AttestorIamMember\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Binary Authorization Attestor\nThree different resources help you manage your IAM policy for Binary Authorization Attestor. Each of these resources serves a different use case:\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Authoritative. Sets the IAM policy for the attestor and replaces any existing policy already attached.\n* `gcp.binaryauthorization.AttestorIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the attestor are preserved.\n* `gcp.binaryauthorization.AttestorIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the attestor are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Retrieves the IAM policy for the attestor\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamPolicy` **cannot** be used in conjunction with `gcp.binaryauthorization.AttestorIamBinding` and `gcp.binaryauthorization.AttestorIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamBinding` resources **can be** used in conjunction with `gcp.binaryauthorization.AttestorIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.binaryauthorization.AttestorIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.binaryauthorization.AttestorIamPolicy(\"policy\", {\n project: attestor.project,\n attestor: attestor.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.binaryauthorization.AttestorIamPolicy(\"policy\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BinaryAuthorization.AttestorIamPolicy(\"policy\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = binaryauthorization.NewAttestorIamPolicy(ctx, \"policy\", \u0026binaryauthorization.AttestorIamPolicyArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicy;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AttestorIamPolicy(\"policy\", AttestorIamPolicyArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:binaryauthorization:AttestorIamPolicy\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.binaryauthorization.AttestorIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.binaryauthorization.AttestorIamBinding(\"binding\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.binaryauthorization.AttestorIamBinding(\"binding\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BinaryAuthorization.AttestorIamBinding(\"binding\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamBinding(ctx, \"binding\", \u0026binaryauthorization.AttestorIamBindingArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBinding;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AttestorIamBinding(\"binding\", AttestorIamBindingArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:binaryauthorization:AttestorIamBinding\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.binaryauthorization.AttestorIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.binaryauthorization.AttestorIamMember(\"member\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.binaryauthorization.AttestorIamMember(\"member\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BinaryAuthorization.AttestorIamMember(\"member\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamMember(ctx, \"member\", \u0026binaryauthorization.AttestorIamMemberArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMember;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AttestorIamMember(\"member\", AttestorIamMemberArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:binaryauthorization:AttestorIamMember\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/attestors/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBinary Authorization attestor IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamBinding:AttestorIamBinding editor \"projects/{{project}}/attestors/{{attestor}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamBinding:AttestorIamBinding editor \"projects/{{project}}/attestors/{{attestor}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamBinding:AttestorIamBinding editor projects/{{project}}/attestors/{{attestor}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Binary Authorization Attestor. Each of these resources serves a different use case:\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Authoritative. Sets the IAM policy for the attestor and replaces any existing policy already attached.\n* `gcp.binaryauthorization.AttestorIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the attestor are preserved.\n* `gcp.binaryauthorization.AttestorIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the attestor are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Retrieves the IAM policy for the attestor\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamPolicy` **cannot** be used in conjunction with `gcp.binaryauthorization.AttestorIamBinding` and `gcp.binaryauthorization.AttestorIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamBinding` resources **can be** used in conjunction with `gcp.binaryauthorization.AttestorIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.binaryauthorization.AttestorIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.binaryauthorization.AttestorIamPolicy(\"policy\", {\n project: attestor.project,\n attestor: attestor.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.binaryauthorization.AttestorIamPolicy(\"policy\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BinaryAuthorization.AttestorIamPolicy(\"policy\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = binaryauthorization.NewAttestorIamPolicy(ctx, \"policy\", \u0026binaryauthorization.AttestorIamPolicyArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicy;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AttestorIamPolicy(\"policy\", AttestorIamPolicyArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:binaryauthorization:AttestorIamPolicy\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.binaryauthorization.AttestorIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.binaryauthorization.AttestorIamBinding(\"binding\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.binaryauthorization.AttestorIamBinding(\"binding\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BinaryAuthorization.AttestorIamBinding(\"binding\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamBinding(ctx, \"binding\", \u0026binaryauthorization.AttestorIamBindingArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBinding;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AttestorIamBinding(\"binding\", AttestorIamBindingArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:binaryauthorization:AttestorIamBinding\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.binaryauthorization.AttestorIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.binaryauthorization.AttestorIamMember(\"member\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.binaryauthorization.AttestorIamMember(\"member\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BinaryAuthorization.AttestorIamMember(\"member\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamMember(ctx, \"member\", \u0026binaryauthorization.AttestorIamMemberArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMember;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AttestorIamMember(\"member\", AttestorIamMemberArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:binaryauthorization:AttestorIamMember\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Binary Authorization Attestor\nThree different resources help you manage your IAM policy for Binary Authorization Attestor. Each of these resources serves a different use case:\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Authoritative. Sets the IAM policy for the attestor and replaces any existing policy already attached.\n* `gcp.binaryauthorization.AttestorIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the attestor are preserved.\n* `gcp.binaryauthorization.AttestorIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the attestor are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Retrieves the IAM policy for the attestor\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamPolicy` **cannot** be used in conjunction with `gcp.binaryauthorization.AttestorIamBinding` and `gcp.binaryauthorization.AttestorIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamBinding` resources **can be** used in conjunction with `gcp.binaryauthorization.AttestorIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.binaryauthorization.AttestorIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.binaryauthorization.AttestorIamPolicy(\"policy\", {\n project: attestor.project,\n attestor: attestor.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.binaryauthorization.AttestorIamPolicy(\"policy\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BinaryAuthorization.AttestorIamPolicy(\"policy\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = binaryauthorization.NewAttestorIamPolicy(ctx, \"policy\", \u0026binaryauthorization.AttestorIamPolicyArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicy;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AttestorIamPolicy(\"policy\", AttestorIamPolicyArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:binaryauthorization:AttestorIamPolicy\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.binaryauthorization.AttestorIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.binaryauthorization.AttestorIamBinding(\"binding\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.binaryauthorization.AttestorIamBinding(\"binding\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BinaryAuthorization.AttestorIamBinding(\"binding\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamBinding(ctx, \"binding\", \u0026binaryauthorization.AttestorIamBindingArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBinding;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AttestorIamBinding(\"binding\", AttestorIamBindingArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:binaryauthorization:AttestorIamBinding\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.binaryauthorization.AttestorIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.binaryauthorization.AttestorIamMember(\"member\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.binaryauthorization.AttestorIamMember(\"member\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BinaryAuthorization.AttestorIamMember(\"member\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamMember(ctx, \"member\", \u0026binaryauthorization.AttestorIamMemberArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMember;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AttestorIamMember(\"member\", AttestorIamMemberArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:binaryauthorization:AttestorIamMember\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/attestors/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBinary Authorization attestor IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamBinding:AttestorIamBinding editor \"projects/{{project}}/attestors/{{attestor}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamBinding:AttestorIamBinding editor \"projects/{{project}}/attestors/{{attestor}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamBinding:AttestorIamBinding editor projects/{{project}}/attestors/{{attestor}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "attestor": { "type": "string", @@ -146188,7 +146188,7 @@ } }, "gcp:binaryauthorization/attestorIamMember:AttestorIamMember": { - "description": "Three different resources help you manage your IAM policy for Binary Authorization Attestor. Each of these resources serves a different use case:\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Authoritative. Sets the IAM policy for the attestor and replaces any existing policy already attached.\n* `gcp.binaryauthorization.AttestorIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the attestor are preserved.\n* `gcp.binaryauthorization.AttestorIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the attestor are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Retrieves the IAM policy for the attestor\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamPolicy` **cannot** be used in conjunction with `gcp.binaryauthorization.AttestorIamBinding` and `gcp.binaryauthorization.AttestorIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamBinding` resources **can be** used in conjunction with `gcp.binaryauthorization.AttestorIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.binaryauthorization.AttestorIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.binaryauthorization.AttestorIamPolicy(\"policy\", {\n project: attestor.project,\n attestor: attestor.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.binaryauthorization.AttestorIamPolicy(\"policy\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BinaryAuthorization.AttestorIamPolicy(\"policy\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = binaryauthorization.NewAttestorIamPolicy(ctx, \"policy\", \u0026binaryauthorization.AttestorIamPolicyArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicy;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AttestorIamPolicy(\"policy\", AttestorIamPolicyArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:binaryauthorization:AttestorIamPolicy\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.binaryauthorization.AttestorIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.binaryauthorization.AttestorIamBinding(\"binding\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.binaryauthorization.AttestorIamBinding(\"binding\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BinaryAuthorization.AttestorIamBinding(\"binding\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamBinding(ctx, \"binding\", \u0026binaryauthorization.AttestorIamBindingArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBinding;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AttestorIamBinding(\"binding\", AttestorIamBindingArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:binaryauthorization:AttestorIamBinding\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.binaryauthorization.AttestorIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.binaryauthorization.AttestorIamMember(\"member\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.binaryauthorization.AttestorIamMember(\"member\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BinaryAuthorization.AttestorIamMember(\"member\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamMember(ctx, \"member\", \u0026binaryauthorization.AttestorIamMemberArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMember;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AttestorIamMember(\"member\", AttestorIamMemberArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:binaryauthorization:AttestorIamMember\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Binary Authorization Attestor\nThree different resources help you manage your IAM policy for Binary Authorization Attestor. Each of these resources serves a different use case:\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Authoritative. Sets the IAM policy for the attestor and replaces any existing policy already attached.\n* `gcp.binaryauthorization.AttestorIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the attestor are preserved.\n* `gcp.binaryauthorization.AttestorIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the attestor are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Retrieves the IAM policy for the attestor\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamPolicy` **cannot** be used in conjunction with `gcp.binaryauthorization.AttestorIamBinding` and `gcp.binaryauthorization.AttestorIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamBinding` resources **can be** used in conjunction with `gcp.binaryauthorization.AttestorIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.binaryauthorization.AttestorIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.binaryauthorization.AttestorIamPolicy(\"policy\", {\n project: attestor.project,\n attestor: attestor.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.binaryauthorization.AttestorIamPolicy(\"policy\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BinaryAuthorization.AttestorIamPolicy(\"policy\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = binaryauthorization.NewAttestorIamPolicy(ctx, \"policy\", \u0026binaryauthorization.AttestorIamPolicyArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicy;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AttestorIamPolicy(\"policy\", AttestorIamPolicyArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:binaryauthorization:AttestorIamPolicy\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.binaryauthorization.AttestorIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.binaryauthorization.AttestorIamBinding(\"binding\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.binaryauthorization.AttestorIamBinding(\"binding\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BinaryAuthorization.AttestorIamBinding(\"binding\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamBinding(ctx, \"binding\", \u0026binaryauthorization.AttestorIamBindingArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBinding;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AttestorIamBinding(\"binding\", AttestorIamBindingArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:binaryauthorization:AttestorIamBinding\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.binaryauthorization.AttestorIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.binaryauthorization.AttestorIamMember(\"member\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.binaryauthorization.AttestorIamMember(\"member\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BinaryAuthorization.AttestorIamMember(\"member\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamMember(ctx, \"member\", \u0026binaryauthorization.AttestorIamMemberArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMember;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AttestorIamMember(\"member\", AttestorIamMemberArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:binaryauthorization:AttestorIamMember\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/attestors/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBinary Authorization attestor IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamMember:AttestorIamMember editor \"projects/{{project}}/attestors/{{attestor}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamMember:AttestorIamMember editor \"projects/{{project}}/attestors/{{attestor}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamMember:AttestorIamMember editor projects/{{project}}/attestors/{{attestor}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Binary Authorization Attestor. Each of these resources serves a different use case:\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Authoritative. Sets the IAM policy for the attestor and replaces any existing policy already attached.\n* `gcp.binaryauthorization.AttestorIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the attestor are preserved.\n* `gcp.binaryauthorization.AttestorIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the attestor are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Retrieves the IAM policy for the attestor\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamPolicy` **cannot** be used in conjunction with `gcp.binaryauthorization.AttestorIamBinding` and `gcp.binaryauthorization.AttestorIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamBinding` resources **can be** used in conjunction with `gcp.binaryauthorization.AttestorIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.binaryauthorization.AttestorIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.binaryauthorization.AttestorIamPolicy(\"policy\", {\n project: attestor.project,\n attestor: attestor.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.binaryauthorization.AttestorIamPolicy(\"policy\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BinaryAuthorization.AttestorIamPolicy(\"policy\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = binaryauthorization.NewAttestorIamPolicy(ctx, \"policy\", \u0026binaryauthorization.AttestorIamPolicyArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicy;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AttestorIamPolicy(\"policy\", AttestorIamPolicyArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:binaryauthorization:AttestorIamPolicy\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.binaryauthorization.AttestorIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.binaryauthorization.AttestorIamBinding(\"binding\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.binaryauthorization.AttestorIamBinding(\"binding\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BinaryAuthorization.AttestorIamBinding(\"binding\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamBinding(ctx, \"binding\", \u0026binaryauthorization.AttestorIamBindingArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBinding;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AttestorIamBinding(\"binding\", AttestorIamBindingArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:binaryauthorization:AttestorIamBinding\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.binaryauthorization.AttestorIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.binaryauthorization.AttestorIamMember(\"member\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.binaryauthorization.AttestorIamMember(\"member\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BinaryAuthorization.AttestorIamMember(\"member\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamMember(ctx, \"member\", \u0026binaryauthorization.AttestorIamMemberArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMember;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AttestorIamMember(\"member\", AttestorIamMemberArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:binaryauthorization:AttestorIamMember\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Binary Authorization Attestor\nThree different resources help you manage your IAM policy for Binary Authorization Attestor. Each of these resources serves a different use case:\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Authoritative. Sets the IAM policy for the attestor and replaces any existing policy already attached.\n* `gcp.binaryauthorization.AttestorIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the attestor are preserved.\n* `gcp.binaryauthorization.AttestorIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the attestor are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Retrieves the IAM policy for the attestor\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamPolicy` **cannot** be used in conjunction with `gcp.binaryauthorization.AttestorIamBinding` and `gcp.binaryauthorization.AttestorIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamBinding` resources **can be** used in conjunction with `gcp.binaryauthorization.AttestorIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.binaryauthorization.AttestorIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.binaryauthorization.AttestorIamPolicy(\"policy\", {\n project: attestor.project,\n attestor: attestor.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.binaryauthorization.AttestorIamPolicy(\"policy\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BinaryAuthorization.AttestorIamPolicy(\"policy\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = binaryauthorization.NewAttestorIamPolicy(ctx, \"policy\", \u0026binaryauthorization.AttestorIamPolicyArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicy;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AttestorIamPolicy(\"policy\", AttestorIamPolicyArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:binaryauthorization:AttestorIamPolicy\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.binaryauthorization.AttestorIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.binaryauthorization.AttestorIamBinding(\"binding\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.binaryauthorization.AttestorIamBinding(\"binding\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BinaryAuthorization.AttestorIamBinding(\"binding\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamBinding(ctx, \"binding\", \u0026binaryauthorization.AttestorIamBindingArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBinding;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AttestorIamBinding(\"binding\", AttestorIamBindingArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:binaryauthorization:AttestorIamBinding\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.binaryauthorization.AttestorIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.binaryauthorization.AttestorIamMember(\"member\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.binaryauthorization.AttestorIamMember(\"member\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BinaryAuthorization.AttestorIamMember(\"member\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamMember(ctx, \"member\", \u0026binaryauthorization.AttestorIamMemberArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMember;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AttestorIamMember(\"member\", AttestorIamMemberArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:binaryauthorization:AttestorIamMember\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/attestors/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBinary Authorization attestor IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamMember:AttestorIamMember editor \"projects/{{project}}/attestors/{{attestor}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamMember:AttestorIamMember editor \"projects/{{project}}/attestors/{{attestor}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamMember:AttestorIamMember editor projects/{{project}}/attestors/{{attestor}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "attestor": { "type": "string", @@ -146288,7 +146288,7 @@ } }, "gcp:binaryauthorization/attestorIamPolicy:AttestorIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Binary Authorization Attestor. Each of these resources serves a different use case:\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Authoritative. Sets the IAM policy for the attestor and replaces any existing policy already attached.\n* `gcp.binaryauthorization.AttestorIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the attestor are preserved.\n* `gcp.binaryauthorization.AttestorIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the attestor are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Retrieves the IAM policy for the attestor\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamPolicy` **cannot** be used in conjunction with `gcp.binaryauthorization.AttestorIamBinding` and `gcp.binaryauthorization.AttestorIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamBinding` resources **can be** used in conjunction with `gcp.binaryauthorization.AttestorIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.binaryauthorization.AttestorIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.binaryauthorization.AttestorIamPolicy(\"policy\", {\n project: attestor.project,\n attestor: attestor.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.binaryauthorization.AttestorIamPolicy(\"policy\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BinaryAuthorization.AttestorIamPolicy(\"policy\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = binaryauthorization.NewAttestorIamPolicy(ctx, \"policy\", \u0026binaryauthorization.AttestorIamPolicyArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicy;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AttestorIamPolicy(\"policy\", AttestorIamPolicyArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:binaryauthorization:AttestorIamPolicy\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.binaryauthorization.AttestorIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.binaryauthorization.AttestorIamBinding(\"binding\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.binaryauthorization.AttestorIamBinding(\"binding\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BinaryAuthorization.AttestorIamBinding(\"binding\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamBinding(ctx, \"binding\", \u0026binaryauthorization.AttestorIamBindingArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBinding;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AttestorIamBinding(\"binding\", AttestorIamBindingArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:binaryauthorization:AttestorIamBinding\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.binaryauthorization.AttestorIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.binaryauthorization.AttestorIamMember(\"member\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.binaryauthorization.AttestorIamMember(\"member\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BinaryAuthorization.AttestorIamMember(\"member\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamMember(ctx, \"member\", \u0026binaryauthorization.AttestorIamMemberArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMember;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AttestorIamMember(\"member\", AttestorIamMemberArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:binaryauthorization:AttestorIamMember\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Binary Authorization Attestor\nThree different resources help you manage your IAM policy for Binary Authorization Attestor. Each of these resources serves a different use case:\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Authoritative. Sets the IAM policy for the attestor and replaces any existing policy already attached.\n* `gcp.binaryauthorization.AttestorIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the attestor are preserved.\n* `gcp.binaryauthorization.AttestorIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the attestor are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Retrieves the IAM policy for the attestor\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamPolicy` **cannot** be used in conjunction with `gcp.binaryauthorization.AttestorIamBinding` and `gcp.binaryauthorization.AttestorIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamBinding` resources **can be** used in conjunction with `gcp.binaryauthorization.AttestorIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.binaryauthorization.AttestorIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.binaryauthorization.AttestorIamPolicy(\"policy\", {\n project: attestor.project,\n attestor: attestor.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.binaryauthorization.AttestorIamPolicy(\"policy\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BinaryAuthorization.AttestorIamPolicy(\"policy\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = binaryauthorization.NewAttestorIamPolicy(ctx, \"policy\", \u0026binaryauthorization.AttestorIamPolicyArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicy;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AttestorIamPolicy(\"policy\", AttestorIamPolicyArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:binaryauthorization:AttestorIamPolicy\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.binaryauthorization.AttestorIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.binaryauthorization.AttestorIamBinding(\"binding\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.binaryauthorization.AttestorIamBinding(\"binding\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BinaryAuthorization.AttestorIamBinding(\"binding\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamBinding(ctx, \"binding\", \u0026binaryauthorization.AttestorIamBindingArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBinding;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AttestorIamBinding(\"binding\", AttestorIamBindingArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:binaryauthorization:AttestorIamBinding\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.binaryauthorization.AttestorIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.binaryauthorization.AttestorIamMember(\"member\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.binaryauthorization.AttestorIamMember(\"member\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BinaryAuthorization.AttestorIamMember(\"member\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamMember(ctx, \"member\", \u0026binaryauthorization.AttestorIamMemberArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMember;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AttestorIamMember(\"member\", AttestorIamMemberArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:binaryauthorization:AttestorIamMember\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/attestors/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBinary Authorization attestor IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamPolicy:AttestorIamPolicy editor \"projects/{{project}}/attestors/{{attestor}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamPolicy:AttestorIamPolicy editor \"projects/{{project}}/attestors/{{attestor}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamPolicy:AttestorIamPolicy editor projects/{{project}}/attestors/{{attestor}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Binary Authorization Attestor. Each of these resources serves a different use case:\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Authoritative. Sets the IAM policy for the attestor and replaces any existing policy already attached.\n* `gcp.binaryauthorization.AttestorIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the attestor are preserved.\n* `gcp.binaryauthorization.AttestorIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the attestor are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Retrieves the IAM policy for the attestor\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamPolicy` **cannot** be used in conjunction with `gcp.binaryauthorization.AttestorIamBinding` and `gcp.binaryauthorization.AttestorIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamBinding` resources **can be** used in conjunction with `gcp.binaryauthorization.AttestorIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.binaryauthorization.AttestorIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.binaryauthorization.AttestorIamPolicy(\"policy\", {\n project: attestor.project,\n attestor: attestor.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.binaryauthorization.AttestorIamPolicy(\"policy\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BinaryAuthorization.AttestorIamPolicy(\"policy\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = binaryauthorization.NewAttestorIamPolicy(ctx, \"policy\", \u0026binaryauthorization.AttestorIamPolicyArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicy;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AttestorIamPolicy(\"policy\", AttestorIamPolicyArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:binaryauthorization:AttestorIamPolicy\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.binaryauthorization.AttestorIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.binaryauthorization.AttestorIamBinding(\"binding\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.binaryauthorization.AttestorIamBinding(\"binding\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BinaryAuthorization.AttestorIamBinding(\"binding\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamBinding(ctx, \"binding\", \u0026binaryauthorization.AttestorIamBindingArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBinding;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AttestorIamBinding(\"binding\", AttestorIamBindingArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:binaryauthorization:AttestorIamBinding\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.binaryauthorization.AttestorIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.binaryauthorization.AttestorIamMember(\"member\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.binaryauthorization.AttestorIamMember(\"member\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BinaryAuthorization.AttestorIamMember(\"member\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamMember(ctx, \"member\", \u0026binaryauthorization.AttestorIamMemberArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMember;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AttestorIamMember(\"member\", AttestorIamMemberArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:binaryauthorization:AttestorIamMember\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Binary Authorization Attestor\nThree different resources help you manage your IAM policy for Binary Authorization Attestor. Each of these resources serves a different use case:\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Authoritative. Sets the IAM policy for the attestor and replaces any existing policy already attached.\n* `gcp.binaryauthorization.AttestorIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the attestor are preserved.\n* `gcp.binaryauthorization.AttestorIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the attestor are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Retrieves the IAM policy for the attestor\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamPolicy` **cannot** be used in conjunction with `gcp.binaryauthorization.AttestorIamBinding` and `gcp.binaryauthorization.AttestorIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamBinding` resources **can be** used in conjunction with `gcp.binaryauthorization.AttestorIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.binaryauthorization.AttestorIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.binaryauthorization.AttestorIamPolicy(\"policy\", {\n project: attestor.project,\n attestor: attestor.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.binaryauthorization.AttestorIamPolicy(\"policy\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BinaryAuthorization.AttestorIamPolicy(\"policy\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = binaryauthorization.NewAttestorIamPolicy(ctx, \"policy\", \u0026binaryauthorization.AttestorIamPolicyArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicy;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AttestorIamPolicy(\"policy\", AttestorIamPolicyArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:binaryauthorization:AttestorIamPolicy\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.binaryauthorization.AttestorIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.binaryauthorization.AttestorIamBinding(\"binding\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.binaryauthorization.AttestorIamBinding(\"binding\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BinaryAuthorization.AttestorIamBinding(\"binding\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamBinding(ctx, \"binding\", \u0026binaryauthorization.AttestorIamBindingArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBinding;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AttestorIamBinding(\"binding\", AttestorIamBindingArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:binaryauthorization:AttestorIamBinding\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.binaryauthorization.AttestorIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.binaryauthorization.AttestorIamMember(\"member\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.binaryauthorization.AttestorIamMember(\"member\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BinaryAuthorization.AttestorIamMember(\"member\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamMember(ctx, \"member\", \u0026binaryauthorization.AttestorIamMemberArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMember;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AttestorIamMember(\"member\", AttestorIamMemberArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:binaryauthorization:AttestorIamMember\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/attestors/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBinary Authorization attestor IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamPolicy:AttestorIamPolicy editor \"projects/{{project}}/attestors/{{attestor}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamPolicy:AttestorIamPolicy editor \"projects/{{project}}/attestors/{{attestor}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamPolicy:AttestorIamPolicy editor projects/{{project}}/attestors/{{attestor}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "attestor": { "type": "string", @@ -146654,7 +146654,7 @@ } }, "gcp:certificateauthority/authority:Authority": { - "description": "A CertificateAuthority represents an individual Certificate Authority. A\nCertificateAuthority can be used to create Certificates.\n\n\nTo get more information about CertificateAuthority, see:\n\n* [API documentation](https://cloud.google.com/certificate-authority-service/docs/reference/rest)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/certificate-authority-service)\n\n\u003e **Warning:** On newer versions of the provider, you must explicitly set `deletion_protection=false`\n(and run `pulumi up` to write the field to state) in order to destroy a CertificateAuthority.\nIt is recommended to not set this field (or set it to true) until you're ready to destroy.\n\n## Example Usage\n\n### Privateca Certificate Authority Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.certificateauthority.Authority(\"default\", {\n pool: \"ca-pool\",\n certificateAuthorityId: \"my-certificate-authority\",\n location: \"us-central1\",\n deletionProtection: true,\n config: {\n subjectConfig: {\n subject: {\n organization: \"ACME\",\n commonName: \"my-certificate-authority\",\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {},\n },\n },\n },\n lifetime: `${10 * 365 * 24 * 3600}s`,\n keySpec: {\n algorithm: \"RSA_PKCS1_4096_SHA256\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.certificateauthority.Authority(\"default\",\n pool=\"ca-pool\",\n certificate_authority_id=\"my-certificate-authority\",\n location=\"us-central1\",\n deletion_protection=True,\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"ACME\",\n \"common_name\": \"my-certificate-authority\",\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {},\n },\n },\n },\n lifetime=f\"{10 * 365 * 24 * 3600}s\",\n key_spec={\n \"algorithm\": \"RSA_PKCS1_4096_SHA256\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CertificateAuthority.Authority(\"default\", new()\n {\n Pool = \"ca-pool\",\n CertificateAuthorityId = \"my-certificate-authority\",\n Location = \"us-central1\",\n DeletionProtection = true,\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"ACME\",\n CommonName = \"my-certificate-authority\",\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = null,\n },\n },\n },\n Lifetime = $\"{10 * 365 * 24 * 3600}s\",\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n Algorithm = \"RSA_PKCS1_4096_SHA256\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewAuthority(ctx, \"default\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tPool: pulumi.String(\"ca-pool\"),\n\t\t\tCertificateAuthorityId: pulumi.String(\"my-certificate-authority\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"ACME\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-certificate-authority\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tLifetime: pulumi.Sprintf(\"%vs\", 10*365*24*3600),\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_PKCS1_4096_SHA256\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Authority(\"default\", AuthorityArgs.builder()\n .pool(\"ca-pool\")\n .certificateAuthorityId(\"my-certificate-authority\")\n .location(\"us-central1\")\n .deletionProtection(true)\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"ACME\")\n .commonName(\"my-certificate-authority\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage()\n .build())\n .build())\n .build())\n .lifetime(String.format(\"%ss\", 10 * 365 * 24 * 3600))\n .keySpec(AuthorityKeySpecArgs.builder()\n .algorithm(\"RSA_PKCS1_4096_SHA256\")\n .build())\n .build());\n\n }\n}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Privateca Certificate Authority Subordinate\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst root_ca = new gcp.certificateauthority.Authority(\"root-ca\", {\n pool: \"ca-pool\",\n certificateAuthorityId: \"my-certificate-authority-root\",\n location: \"us-central1\",\n config: {\n subjectConfig: {\n subject: {\n organization: \"ACME\",\n commonName: \"my-certificate-authority\",\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {},\n },\n },\n },\n keySpec: {\n algorithm: \"RSA_PKCS1_4096_SHA256\",\n },\n deletionProtection: false,\n skipGracePeriod: true,\n ignoreActiveCertificatesOnDeletion: true,\n});\nconst _default = new gcp.certificateauthority.Authority(\"default\", {\n pool: \"ca-pool\",\n certificateAuthorityId: \"my-certificate-authority-sub\",\n location: \"us-central1\",\n deletionProtection: true,\n subordinateConfig: {\n certificateAuthority: root_ca.name,\n },\n config: {\n subjectConfig: {\n subject: {\n organization: \"ACME\",\n commonName: \"my-subordinate-authority\",\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n zeroMaxIssuerPathLength: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {},\n },\n },\n },\n lifetime: `${5 * 365 * 24 * 3600}s`,\n keySpec: {\n algorithm: \"RSA_PKCS1_2048_SHA256\",\n },\n type: \"SUBORDINATE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nroot_ca = gcp.certificateauthority.Authority(\"root-ca\",\n pool=\"ca-pool\",\n certificate_authority_id=\"my-certificate-authority-root\",\n location=\"us-central1\",\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"ACME\",\n \"common_name\": \"my-certificate-authority\",\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {},\n },\n },\n },\n key_spec={\n \"algorithm\": \"RSA_PKCS1_4096_SHA256\",\n },\n deletion_protection=False,\n skip_grace_period=True,\n ignore_active_certificates_on_deletion=True)\ndefault = gcp.certificateauthority.Authority(\"default\",\n pool=\"ca-pool\",\n certificate_authority_id=\"my-certificate-authority-sub\",\n location=\"us-central1\",\n deletion_protection=True,\n subordinate_config={\n \"certificate_authority\": root_ca.name,\n },\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"ACME\",\n \"common_name\": \"my-subordinate-authority\",\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n \"zero_max_issuer_path_length\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {},\n },\n },\n },\n lifetime=f\"{5 * 365 * 24 * 3600}s\",\n key_spec={\n \"algorithm\": \"RSA_PKCS1_2048_SHA256\",\n },\n type=\"SUBORDINATE\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var root_ca = new Gcp.CertificateAuthority.Authority(\"root-ca\", new()\n {\n Pool = \"ca-pool\",\n CertificateAuthorityId = \"my-certificate-authority-root\",\n Location = \"us-central1\",\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"ACME\",\n CommonName = \"my-certificate-authority\",\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = null,\n },\n },\n },\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n Algorithm = \"RSA_PKCS1_4096_SHA256\",\n },\n DeletionProtection = false,\n SkipGracePeriod = true,\n IgnoreActiveCertificatesOnDeletion = true,\n });\n\n var @default = new Gcp.CertificateAuthority.Authority(\"default\", new()\n {\n Pool = \"ca-pool\",\n CertificateAuthorityId = \"my-certificate-authority-sub\",\n Location = \"us-central1\",\n DeletionProtection = true,\n SubordinateConfig = new Gcp.CertificateAuthority.Inputs.AuthoritySubordinateConfigArgs\n {\n CertificateAuthority = root_ca.Name,\n },\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"ACME\",\n CommonName = \"my-subordinate-authority\",\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n ZeroMaxIssuerPathLength = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = null,\n },\n },\n },\n Lifetime = $\"{5 * 365 * 24 * 3600}s\",\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n Algorithm = \"RSA_PKCS1_2048_SHA256\",\n },\n Type = \"SUBORDINATE\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewAuthority(ctx, \"root-ca\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tPool: pulumi.String(\"ca-pool\"),\n\t\t\tCertificateAuthorityId: pulumi.String(\"my-certificate-authority-root\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"ACME\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-certificate-authority\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_PKCS1_4096_SHA256\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tSkipGracePeriod: pulumi.Bool(true),\n\t\t\tIgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewAuthority(ctx, \"default\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tPool: pulumi.String(\"ca-pool\"),\n\t\t\tCertificateAuthorityId: pulumi.String(\"my-certificate-authority-sub\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t\tSubordinateConfig: \u0026certificateauthority.AuthoritySubordinateConfigArgs{\n\t\t\t\tCertificateAuthority: root_ca.Name,\n\t\t\t},\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"ACME\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-subordinate-authority\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t\tZeroMaxIssuerPathLength: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tLifetime: pulumi.Sprintf(\"%vs\", 5*365*24*3600),\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_PKCS1_2048_SHA256\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"SUBORDINATE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthoritySubordinateConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var root_ca = new Authority(\"root-ca\", AuthorityArgs.builder()\n .pool(\"ca-pool\")\n .certificateAuthorityId(\"my-certificate-authority-root\")\n .location(\"us-central1\")\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"ACME\")\n .commonName(\"my-certificate-authority\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage()\n .build())\n .build())\n .build())\n .keySpec(AuthorityKeySpecArgs.builder()\n .algorithm(\"RSA_PKCS1_4096_SHA256\")\n .build())\n .deletionProtection(false)\n .skipGracePeriod(true)\n .ignoreActiveCertificatesOnDeletion(true)\n .build());\n\n var default_ = new Authority(\"default\", AuthorityArgs.builder()\n .pool(\"ca-pool\")\n .certificateAuthorityId(\"my-certificate-authority-sub\")\n .location(\"us-central1\")\n .deletionProtection(true)\n .subordinateConfig(AuthoritySubordinateConfigArgs.builder()\n .certificateAuthority(root_ca.name())\n .build())\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"ACME\")\n .commonName(\"my-subordinate-authority\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .zeroMaxIssuerPathLength(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage()\n .build())\n .build())\n .build())\n .lifetime(String.format(\"%ss\", 5 * 365 * 24 * 3600))\n .keySpec(AuthorityKeySpecArgs.builder()\n .algorithm(\"RSA_PKCS1_2048_SHA256\")\n .build())\n .type(\"SUBORDINATE\")\n .build());\n\n }\n}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Privateca Certificate Authority Byo Key\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst privatecaSa = new gcp.projects.ServiceIdentity(\"privateca_sa\", {service: \"privateca.googleapis.com\"});\nconst privatecaSaKeyuserSignerverifier = new gcp.kms.CryptoKeyIAMMember(\"privateca_sa_keyuser_signerverifier\", {\n cryptoKeyId: \"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key\",\n role: \"roles/cloudkms.signerVerifier\",\n member: privatecaSa.member,\n});\nconst privatecaSaKeyuserViewer = new gcp.kms.CryptoKeyIAMMember(\"privateca_sa_keyuser_viewer\", {\n cryptoKeyId: \"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key\",\n role: \"roles/viewer\",\n member: privatecaSa.member,\n});\nconst _default = new gcp.certificateauthority.Authority(\"default\", {\n pool: \"ca-pool\",\n certificateAuthorityId: \"my-certificate-authority\",\n location: \"us-central1\",\n deletionProtection: true,\n keySpec: {\n cloudKmsKeyVersion: \"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1\",\n },\n config: {\n subjectConfig: {\n subject: {\n organization: \"Example, Org.\",\n commonName: \"Example Authority\",\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {},\n },\n nameConstraints: {\n critical: true,\n permittedDnsNames: [\"*.example.com\"],\n excludedDnsNames: [\"*.deny.example.com\"],\n permittedIpRanges: [\"10.0.0.0/8\"],\n excludedIpRanges: [\"10.1.1.0/24\"],\n permittedEmailAddresses: [\".example.com\"],\n excludedEmailAddresses: [\".deny.example.com\"],\n permittedUris: [\".example.com\"],\n excludedUris: [\".deny.example.com\"],\n },\n },\n },\n}, {\n dependsOn: [\n privatecaSaKeyuserSignerverifier,\n privatecaSaKeyuserViewer,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprivateca_sa = gcp.projects.ServiceIdentity(\"privateca_sa\", service=\"privateca.googleapis.com\")\nprivateca_sa_keyuser_signerverifier = gcp.kms.CryptoKeyIAMMember(\"privateca_sa_keyuser_signerverifier\",\n crypto_key_id=\"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key\",\n role=\"roles/cloudkms.signerVerifier\",\n member=privateca_sa.member)\nprivateca_sa_keyuser_viewer = gcp.kms.CryptoKeyIAMMember(\"privateca_sa_keyuser_viewer\",\n crypto_key_id=\"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key\",\n role=\"roles/viewer\",\n member=privateca_sa.member)\ndefault = gcp.certificateauthority.Authority(\"default\",\n pool=\"ca-pool\",\n certificate_authority_id=\"my-certificate-authority\",\n location=\"us-central1\",\n deletion_protection=True,\n key_spec={\n \"cloud_kms_key_version\": \"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1\",\n },\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"Example, Org.\",\n \"common_name\": \"Example Authority\",\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {},\n },\n \"name_constraints\": {\n \"critical\": True,\n \"permitted_dns_names\": [\"*.example.com\"],\n \"excluded_dns_names\": [\"*.deny.example.com\"],\n \"permitted_ip_ranges\": [\"10.0.0.0/8\"],\n \"excluded_ip_ranges\": [\"10.1.1.0/24\"],\n \"permitted_email_addresses\": [\".example.com\"],\n \"excluded_email_addresses\": [\".deny.example.com\"],\n \"permitted_uris\": [\".example.com\"],\n \"excluded_uris\": [\".deny.example.com\"],\n },\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[\n privateca_sa_keyuser_signerverifier,\n privateca_sa_keyuser_viewer,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var privatecaSa = new Gcp.Projects.ServiceIdentity(\"privateca_sa\", new()\n {\n Service = \"privateca.googleapis.com\",\n });\n\n var privatecaSaKeyuserSignerverifier = new Gcp.Kms.CryptoKeyIAMMember(\"privateca_sa_keyuser_signerverifier\", new()\n {\n CryptoKeyId = \"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key\",\n Role = \"roles/cloudkms.signerVerifier\",\n Member = privatecaSa.Member,\n });\n\n var privatecaSaKeyuserViewer = new Gcp.Kms.CryptoKeyIAMMember(\"privateca_sa_keyuser_viewer\", new()\n {\n CryptoKeyId = \"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key\",\n Role = \"roles/viewer\",\n Member = privatecaSa.Member,\n });\n\n var @default = new Gcp.CertificateAuthority.Authority(\"default\", new()\n {\n Pool = \"ca-pool\",\n CertificateAuthorityId = \"my-certificate-authority\",\n Location = \"us-central1\",\n DeletionProtection = true,\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n CloudKmsKeyVersion = \"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1\",\n },\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"Example, Org.\",\n CommonName = \"Example Authority\",\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = null,\n },\n NameConstraints = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigNameConstraintsArgs\n {\n Critical = true,\n PermittedDnsNames = new[]\n {\n \"*.example.com\",\n },\n ExcludedDnsNames = new[]\n {\n \"*.deny.example.com\",\n },\n PermittedIpRanges = new[]\n {\n \"10.0.0.0/8\",\n },\n ExcludedIpRanges = new[]\n {\n \"10.1.1.0/24\",\n },\n PermittedEmailAddresses = new[]\n {\n \".example.com\",\n },\n ExcludedEmailAddresses = new[]\n {\n \".deny.example.com\",\n },\n PermittedUris = new[]\n {\n \".example.com\",\n },\n ExcludedUris = new[]\n {\n \".deny.example.com\",\n },\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n privatecaSaKeyuserSignerverifier,\n privatecaSaKeyuserViewer,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprivatecaSa, err := projects.NewServiceIdentity(ctx, \"privateca_sa\", \u0026projects.ServiceIdentityArgs{\n\t\t\tService: pulumi.String(\"privateca.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivatecaSaKeyuserSignerverifier, err := kms.NewCryptoKeyIAMMember(ctx, \"privateca_sa_keyuser_signerverifier\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.String(\"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.signerVerifier\"),\n\t\t\tMember: privatecaSa.Member,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivatecaSaKeyuserViewer, err := kms.NewCryptoKeyIAMMember(ctx, \"privateca_sa_keyuser_viewer\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.String(\"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key\"),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: privatecaSa.Member,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewAuthority(ctx, \"default\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tPool: pulumi.String(\"ca-pool\"),\n\t\t\tCertificateAuthorityId: pulumi.String(\"my-certificate-authority\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tCloudKmsKeyVersion: pulumi.String(\"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1\"),\n\t\t\t},\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"Example, Org.\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"Example Authority\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{},\n\t\t\t\t\t},\n\t\t\t\t\tNameConstraints: \u0026certificateauthority.AuthorityConfigX509ConfigNameConstraintsArgs{\n\t\t\t\t\t\tCritical: pulumi.Bool(true),\n\t\t\t\t\t\tPermittedDnsNames: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"*.example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExcludedDnsNames: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"*.deny.example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tPermittedIpRanges: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"10.0.0.0/8\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExcludedIpRanges: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"10.1.1.0/24\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tPermittedEmailAddresses: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\".example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExcludedEmailAddresses: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\".deny.example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tPermittedUris: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\".example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExcludedUris: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\".deny.example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tprivatecaSaKeyuserSignerverifier,\n\t\t\tprivatecaSaKeyuserViewer,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.ServiceIdentity;\nimport com.pulumi.gcp.projects.ServiceIdentityArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigNameConstraintsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var privatecaSa = new ServiceIdentity(\"privatecaSa\", ServiceIdentityArgs.builder()\n .service(\"privateca.googleapis.com\")\n .build());\n\n var privatecaSaKeyuserSignerverifier = new CryptoKeyIAMMember(\"privatecaSaKeyuserSignerverifier\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(\"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key\")\n .role(\"roles/cloudkms.signerVerifier\")\n .member(privatecaSa.member())\n .build());\n\n var privatecaSaKeyuserViewer = new CryptoKeyIAMMember(\"privatecaSaKeyuserViewer\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(\"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key\")\n .role(\"roles/viewer\")\n .member(privatecaSa.member())\n .build());\n\n var default_ = new Authority(\"default\", AuthorityArgs.builder()\n .pool(\"ca-pool\")\n .certificateAuthorityId(\"my-certificate-authority\")\n .location(\"us-central1\")\n .deletionProtection(true)\n .keySpec(AuthorityKeySpecArgs.builder()\n .cloudKmsKeyVersion(\"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1\")\n .build())\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"Example, Org.\")\n .commonName(\"Example Authority\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage()\n .build())\n .nameConstraints(AuthorityConfigX509ConfigNameConstraintsArgs.builder()\n .critical(true)\n .permittedDnsNames(\"*.example.com\")\n .excludedDnsNames(\"*.deny.example.com\")\n .permittedIpRanges(\"10.0.0.0/8\")\n .excludedIpRanges(\"10.1.1.0/24\")\n .permittedEmailAddresses(\".example.com\")\n .excludedEmailAddresses(\".deny.example.com\")\n .permittedUris(\".example.com\")\n .excludedUris(\".deny.example.com\")\n .build())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n privatecaSaKeyuserSignerverifier,\n privatecaSaKeyuserViewer)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n privatecaSa:\n type: gcp:projects:ServiceIdentity\n name: privateca_sa\n properties:\n service: privateca.googleapis.com\n privatecaSaKeyuserSignerverifier:\n type: gcp:kms:CryptoKeyIAMMember\n name: privateca_sa_keyuser_signerverifier\n properties:\n cryptoKeyId: projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key\n role: roles/cloudkms.signerVerifier\n member: ${privatecaSa.member}\n privatecaSaKeyuserViewer:\n type: gcp:kms:CryptoKeyIAMMember\n name: privateca_sa_keyuser_viewer\n properties:\n cryptoKeyId: projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key\n role: roles/viewer\n member: ${privatecaSa.member}\n default:\n type: gcp:certificateauthority:Authority\n properties:\n pool: ca-pool\n certificateAuthorityId: my-certificate-authority\n location: us-central1\n deletionProtection: true\n keySpec:\n cloudKmsKeyVersion: projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1\n config:\n subjectConfig:\n subject:\n organization: Example, Org.\n commonName: Example Authority\n x509Config:\n caOptions:\n isCa: true\n keyUsage:\n baseKeyUsage:\n certSign: true\n crlSign: true\n extendedKeyUsage: {}\n nameConstraints:\n critical: true\n permittedDnsNames:\n - '*.example.com'\n excludedDnsNames:\n - '*.deny.example.com'\n permittedIpRanges:\n - 10.0.0.0/8\n excludedIpRanges:\n - 10.1.1.0/24\n permittedEmailAddresses:\n - .example.com\n excludedEmailAddresses:\n - .deny.example.com\n permittedUris:\n - .example.com\n excludedUris:\n - .deny.example.com\n options:\n dependson:\n - ${privatecaSaKeyuserSignerverifier}\n - ${privatecaSaKeyuserViewer}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Privateca Certificate Authority Custom Ski\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.certificateauthority.Authority(\"default\", {\n pool: \"ca-pool\",\n certificateAuthorityId: \"my-certificate-authority\",\n location: \"us-central1\",\n deletionProtection: true,\n config: {\n subjectConfig: {\n subject: {\n organization: \"ACME\",\n commonName: \"my-certificate-authority\",\n },\n },\n subjectKeyId: {\n keyId: \"4cf3372289b1d411b999dbb9ebcd44744b6b2fca\",\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {},\n },\n },\n },\n lifetime: `${10 * 365 * 24 * 3600}s`,\n keySpec: {\n cloudKmsKeyVersion: \"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.certificateauthority.Authority(\"default\",\n pool=\"ca-pool\",\n certificate_authority_id=\"my-certificate-authority\",\n location=\"us-central1\",\n deletion_protection=True,\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"ACME\",\n \"common_name\": \"my-certificate-authority\",\n },\n },\n \"subject_key_id\": {\n \"key_id\": \"4cf3372289b1d411b999dbb9ebcd44744b6b2fca\",\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {},\n },\n },\n },\n lifetime=f\"{10 * 365 * 24 * 3600}s\",\n key_spec={\n \"cloud_kms_key_version\": \"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CertificateAuthority.Authority(\"default\", new()\n {\n Pool = \"ca-pool\",\n CertificateAuthorityId = \"my-certificate-authority\",\n Location = \"us-central1\",\n DeletionProtection = true,\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"ACME\",\n CommonName = \"my-certificate-authority\",\n },\n },\n SubjectKeyId = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectKeyIdArgs\n {\n KeyId = \"4cf3372289b1d411b999dbb9ebcd44744b6b2fca\",\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = null,\n },\n },\n },\n Lifetime = $\"{10 * 365 * 24 * 3600}s\",\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n CloudKmsKeyVersion = \"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewAuthority(ctx, \"default\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tPool: pulumi.String(\"ca-pool\"),\n\t\t\tCertificateAuthorityId: pulumi.String(\"my-certificate-authority\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"ACME\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-certificate-authority\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tSubjectKeyId: \u0026certificateauthority.AuthorityConfigSubjectKeyIdArgs{\n\t\t\t\t\tKeyId: pulumi.String(\"4cf3372289b1d411b999dbb9ebcd44744b6b2fca\"),\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tLifetime: pulumi.Sprintf(\"%vs\", 10*365*24*3600),\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tCloudKmsKeyVersion: pulumi.String(\"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectKeyIdArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Authority(\"default\", AuthorityArgs.builder()\n .pool(\"ca-pool\")\n .certificateAuthorityId(\"my-certificate-authority\")\n .location(\"us-central1\")\n .deletionProtection(true)\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"ACME\")\n .commonName(\"my-certificate-authority\")\n .build())\n .build())\n .subjectKeyId(AuthorityConfigSubjectKeyIdArgs.builder()\n .keyId(\"4cf3372289b1d411b999dbb9ebcd44744b6b2fca\")\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage()\n .build())\n .build())\n .build())\n .lifetime(String.format(\"%ss\", 10 * 365 * 24 * 3600))\n .keySpec(AuthorityKeySpecArgs.builder()\n .cloudKmsKeyVersion(\"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1\")\n .build())\n .build());\n\n }\n}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nCertificateAuthority can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificateAuthorities/{{certificate_authority_id}}`\n\n* `{{project}}/{{location}}/{{pool}}/{{certificate_authority_id}}`\n\n* `{{location}}/{{pool}}/{{certificate_authority_id}}`\n\nWhen using the `pulumi import` command, CertificateAuthority can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:certificateauthority/authority:Authority default projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificateAuthorities/{{certificate_authority_id}}\n```\n\n```sh\n$ pulumi import gcp:certificateauthority/authority:Authority default {{project}}/{{location}}/{{pool}}/{{certificate_authority_id}}\n```\n\n```sh\n$ pulumi import gcp:certificateauthority/authority:Authority default {{location}}/{{pool}}/{{certificate_authority_id}}\n```\n\n", + "description": "A CertificateAuthority represents an individual Certificate Authority. A\nCertificateAuthority can be used to create Certificates.\n\n\nTo get more information about CertificateAuthority, see:\n\n* [API documentation](https://cloud.google.com/certificate-authority-service/docs/reference/rest)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/certificate-authority-service)\n\n\u003e **Warning:** On newer versions of the provider, you must explicitly set `deletion_protection=false`\n(and run `pulumi up` to write the field to state) in order to destroy a CertificateAuthority.\nIt is recommended to not set this field (or set it to true) until you're ready to destroy.\n\n## Example Usage\n\n### Privateca Certificate Authority Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.certificateauthority.Authority(\"default\", {\n pool: \"ca-pool\",\n certificateAuthorityId: \"my-certificate-authority\",\n location: \"us-central1\",\n deletionProtection: true,\n config: {\n subjectConfig: {\n subject: {\n organization: \"ACME\",\n commonName: \"my-certificate-authority\",\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {},\n },\n },\n },\n lifetime: `${10 * 365 * 24 * 3600}s`,\n keySpec: {\n algorithm: \"RSA_PKCS1_4096_SHA256\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.certificateauthority.Authority(\"default\",\n pool=\"ca-pool\",\n certificate_authority_id=\"my-certificate-authority\",\n location=\"us-central1\",\n deletion_protection=True,\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"ACME\",\n \"common_name\": \"my-certificate-authority\",\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {},\n },\n },\n },\n lifetime=f\"{10 * 365 * 24 * 3600}s\",\n key_spec={\n \"algorithm\": \"RSA_PKCS1_4096_SHA256\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CertificateAuthority.Authority(\"default\", new()\n {\n Pool = \"ca-pool\",\n CertificateAuthorityId = \"my-certificate-authority\",\n Location = \"us-central1\",\n DeletionProtection = true,\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"ACME\",\n CommonName = \"my-certificate-authority\",\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = null,\n },\n },\n },\n Lifetime = $\"{10 * 365 * 24 * 3600}s\",\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n Algorithm = \"RSA_PKCS1_4096_SHA256\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewAuthority(ctx, \"default\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tPool: pulumi.String(\"ca-pool\"),\n\t\t\tCertificateAuthorityId: pulumi.String(\"my-certificate-authority\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"ACME\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-certificate-authority\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tLifetime: pulumi.Sprintf(\"%vs\", 10*365*24*3600),\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_PKCS1_4096_SHA256\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Authority(\"default\", AuthorityArgs.builder()\n .pool(\"ca-pool\")\n .certificateAuthorityId(\"my-certificate-authority\")\n .location(\"us-central1\")\n .deletionProtection(true)\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"ACME\")\n .commonName(\"my-certificate-authority\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage()\n .build())\n .build())\n .build())\n .lifetime(String.format(\"%ss\", 10 * 365 * 24 * 3600))\n .keySpec(AuthorityKeySpecArgs.builder()\n .algorithm(\"RSA_PKCS1_4096_SHA256\")\n .build())\n .build());\n\n }\n}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Privateca Certificate Authority Subordinate\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst root_ca = new gcp.certificateauthority.Authority(\"root-ca\", {\n pool: \"ca-pool\",\n certificateAuthorityId: \"my-certificate-authority-root\",\n location: \"us-central1\",\n config: {\n subjectConfig: {\n subject: {\n organization: \"ACME\",\n commonName: \"my-certificate-authority\",\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {},\n },\n },\n },\n keySpec: {\n algorithm: \"RSA_PKCS1_4096_SHA256\",\n },\n deletionProtection: false,\n skipGracePeriod: true,\n ignoreActiveCertificatesOnDeletion: true,\n});\nconst _default = new gcp.certificateauthority.Authority(\"default\", {\n pool: \"ca-pool\",\n certificateAuthorityId: \"my-certificate-authority-sub\",\n location: \"us-central1\",\n deletionProtection: true,\n subordinateConfig: {\n certificateAuthority: root_ca.name,\n },\n config: {\n subjectConfig: {\n subject: {\n organization: \"ACME\",\n commonName: \"my-subordinate-authority\",\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n zeroMaxIssuerPathLength: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {},\n },\n },\n },\n lifetime: `${5 * 365 * 24 * 3600}s`,\n keySpec: {\n algorithm: \"RSA_PKCS1_2048_SHA256\",\n },\n type: \"SUBORDINATE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nroot_ca = gcp.certificateauthority.Authority(\"root-ca\",\n pool=\"ca-pool\",\n certificate_authority_id=\"my-certificate-authority-root\",\n location=\"us-central1\",\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"ACME\",\n \"common_name\": \"my-certificate-authority\",\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {},\n },\n },\n },\n key_spec={\n \"algorithm\": \"RSA_PKCS1_4096_SHA256\",\n },\n deletion_protection=False,\n skip_grace_period=True,\n ignore_active_certificates_on_deletion=True)\ndefault = gcp.certificateauthority.Authority(\"default\",\n pool=\"ca-pool\",\n certificate_authority_id=\"my-certificate-authority-sub\",\n location=\"us-central1\",\n deletion_protection=True,\n subordinate_config={\n \"certificate_authority\": root_ca.name,\n },\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"ACME\",\n \"common_name\": \"my-subordinate-authority\",\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n \"zero_max_issuer_path_length\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {},\n },\n },\n },\n lifetime=f\"{5 * 365 * 24 * 3600}s\",\n key_spec={\n \"algorithm\": \"RSA_PKCS1_2048_SHA256\",\n },\n type=\"SUBORDINATE\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var root_ca = new Gcp.CertificateAuthority.Authority(\"root-ca\", new()\n {\n Pool = \"ca-pool\",\n CertificateAuthorityId = \"my-certificate-authority-root\",\n Location = \"us-central1\",\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"ACME\",\n CommonName = \"my-certificate-authority\",\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = null,\n },\n },\n },\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n Algorithm = \"RSA_PKCS1_4096_SHA256\",\n },\n DeletionProtection = false,\n SkipGracePeriod = true,\n IgnoreActiveCertificatesOnDeletion = true,\n });\n\n var @default = new Gcp.CertificateAuthority.Authority(\"default\", new()\n {\n Pool = \"ca-pool\",\n CertificateAuthorityId = \"my-certificate-authority-sub\",\n Location = \"us-central1\",\n DeletionProtection = true,\n SubordinateConfig = new Gcp.CertificateAuthority.Inputs.AuthoritySubordinateConfigArgs\n {\n CertificateAuthority = root_ca.Name,\n },\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"ACME\",\n CommonName = \"my-subordinate-authority\",\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n ZeroMaxIssuerPathLength = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = null,\n },\n },\n },\n Lifetime = $\"{5 * 365 * 24 * 3600}s\",\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n Algorithm = \"RSA_PKCS1_2048_SHA256\",\n },\n Type = \"SUBORDINATE\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewAuthority(ctx, \"root-ca\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tPool: pulumi.String(\"ca-pool\"),\n\t\t\tCertificateAuthorityId: pulumi.String(\"my-certificate-authority-root\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"ACME\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-certificate-authority\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_PKCS1_4096_SHA256\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tSkipGracePeriod: pulumi.Bool(true),\n\t\t\tIgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewAuthority(ctx, \"default\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tPool: pulumi.String(\"ca-pool\"),\n\t\t\tCertificateAuthorityId: pulumi.String(\"my-certificate-authority-sub\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t\tSubordinateConfig: \u0026certificateauthority.AuthoritySubordinateConfigArgs{\n\t\t\t\tCertificateAuthority: root_ca.Name,\n\t\t\t},\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"ACME\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-subordinate-authority\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t\tZeroMaxIssuerPathLength: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tLifetime: pulumi.Sprintf(\"%vs\", 5*365*24*3600),\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_PKCS1_2048_SHA256\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"SUBORDINATE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthoritySubordinateConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var root_ca = new Authority(\"root-ca\", AuthorityArgs.builder()\n .pool(\"ca-pool\")\n .certificateAuthorityId(\"my-certificate-authority-root\")\n .location(\"us-central1\")\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"ACME\")\n .commonName(\"my-certificate-authority\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage()\n .build())\n .build())\n .build())\n .keySpec(AuthorityKeySpecArgs.builder()\n .algorithm(\"RSA_PKCS1_4096_SHA256\")\n .build())\n .deletionProtection(false)\n .skipGracePeriod(true)\n .ignoreActiveCertificatesOnDeletion(true)\n .build());\n\n var default_ = new Authority(\"default\", AuthorityArgs.builder()\n .pool(\"ca-pool\")\n .certificateAuthorityId(\"my-certificate-authority-sub\")\n .location(\"us-central1\")\n .deletionProtection(true)\n .subordinateConfig(AuthoritySubordinateConfigArgs.builder()\n .certificateAuthority(root_ca.name())\n .build())\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"ACME\")\n .commonName(\"my-subordinate-authority\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .zeroMaxIssuerPathLength(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage()\n .build())\n .build())\n .build())\n .lifetime(String.format(\"%ss\", 5 * 365 * 24 * 3600))\n .keySpec(AuthorityKeySpecArgs.builder()\n .algorithm(\"RSA_PKCS1_2048_SHA256\")\n .build())\n .type(\"SUBORDINATE\")\n .build());\n\n }\n}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Privateca Certificate Authority Byo Key\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst privatecaSa = new gcp.projects.ServiceIdentity(\"privateca_sa\", {service: \"privateca.googleapis.com\"});\nconst privatecaSaKeyuserSignerverifier = new gcp.kms.CryptoKeyIAMMember(\"privateca_sa_keyuser_signerverifier\", {\n cryptoKeyId: \"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key\",\n role: \"roles/cloudkms.signerVerifier\",\n member: privatecaSa.member,\n});\nconst privatecaSaKeyuserViewer = new gcp.kms.CryptoKeyIAMMember(\"privateca_sa_keyuser_viewer\", {\n cryptoKeyId: \"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key\",\n role: \"roles/viewer\",\n member: privatecaSa.member,\n});\nconst _default = new gcp.certificateauthority.Authority(\"default\", {\n pool: \"ca-pool\",\n certificateAuthorityId: \"my-certificate-authority\",\n location: \"us-central1\",\n deletionProtection: true,\n keySpec: {\n cloudKmsKeyVersion: \"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1\",\n },\n config: {\n subjectConfig: {\n subject: {\n organization: \"Example, Org.\",\n commonName: \"Example Authority\",\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {},\n },\n nameConstraints: {\n critical: true,\n permittedDnsNames: [\"*.example.com\"],\n excludedDnsNames: [\"*.deny.example.com\"],\n permittedIpRanges: [\"10.0.0.0/8\"],\n excludedIpRanges: [\"10.1.1.0/24\"],\n permittedEmailAddresses: [\".example.com\"],\n excludedEmailAddresses: [\".deny.example.com\"],\n permittedUris: [\".example.com\"],\n excludedUris: [\".deny.example.com\"],\n },\n },\n },\n}, {\n dependsOn: [\n privatecaSaKeyuserSignerverifier,\n privatecaSaKeyuserViewer,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprivateca_sa = gcp.projects.ServiceIdentity(\"privateca_sa\", service=\"privateca.googleapis.com\")\nprivateca_sa_keyuser_signerverifier = gcp.kms.CryptoKeyIAMMember(\"privateca_sa_keyuser_signerverifier\",\n crypto_key_id=\"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key\",\n role=\"roles/cloudkms.signerVerifier\",\n member=privateca_sa.member)\nprivateca_sa_keyuser_viewer = gcp.kms.CryptoKeyIAMMember(\"privateca_sa_keyuser_viewer\",\n crypto_key_id=\"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key\",\n role=\"roles/viewer\",\n member=privateca_sa.member)\ndefault = gcp.certificateauthority.Authority(\"default\",\n pool=\"ca-pool\",\n certificate_authority_id=\"my-certificate-authority\",\n location=\"us-central1\",\n deletion_protection=True,\n key_spec={\n \"cloud_kms_key_version\": \"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1\",\n },\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"Example, Org.\",\n \"common_name\": \"Example Authority\",\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {},\n },\n \"name_constraints\": {\n \"critical\": True,\n \"permitted_dns_names\": [\"*.example.com\"],\n \"excluded_dns_names\": [\"*.deny.example.com\"],\n \"permitted_ip_ranges\": [\"10.0.0.0/8\"],\n \"excluded_ip_ranges\": [\"10.1.1.0/24\"],\n \"permitted_email_addresses\": [\".example.com\"],\n \"excluded_email_addresses\": [\".deny.example.com\"],\n \"permitted_uris\": [\".example.com\"],\n \"excluded_uris\": [\".deny.example.com\"],\n },\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[\n privateca_sa_keyuser_signerverifier,\n privateca_sa_keyuser_viewer,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var privatecaSa = new Gcp.Projects.ServiceIdentity(\"privateca_sa\", new()\n {\n Service = \"privateca.googleapis.com\",\n });\n\n var privatecaSaKeyuserSignerverifier = new Gcp.Kms.CryptoKeyIAMMember(\"privateca_sa_keyuser_signerverifier\", new()\n {\n CryptoKeyId = \"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key\",\n Role = \"roles/cloudkms.signerVerifier\",\n Member = privatecaSa.Member,\n });\n\n var privatecaSaKeyuserViewer = new Gcp.Kms.CryptoKeyIAMMember(\"privateca_sa_keyuser_viewer\", new()\n {\n CryptoKeyId = \"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key\",\n Role = \"roles/viewer\",\n Member = privatecaSa.Member,\n });\n\n var @default = new Gcp.CertificateAuthority.Authority(\"default\", new()\n {\n Pool = \"ca-pool\",\n CertificateAuthorityId = \"my-certificate-authority\",\n Location = \"us-central1\",\n DeletionProtection = true,\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n CloudKmsKeyVersion = \"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1\",\n },\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"Example, Org.\",\n CommonName = \"Example Authority\",\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = null,\n },\n NameConstraints = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigNameConstraintsArgs\n {\n Critical = true,\n PermittedDnsNames = new[]\n {\n \"*.example.com\",\n },\n ExcludedDnsNames = new[]\n {\n \"*.deny.example.com\",\n },\n PermittedIpRanges = new[]\n {\n \"10.0.0.0/8\",\n },\n ExcludedIpRanges = new[]\n {\n \"10.1.1.0/24\",\n },\n PermittedEmailAddresses = new[]\n {\n \".example.com\",\n },\n ExcludedEmailAddresses = new[]\n {\n \".deny.example.com\",\n },\n PermittedUris = new[]\n {\n \".example.com\",\n },\n ExcludedUris = new[]\n {\n \".deny.example.com\",\n },\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n privatecaSaKeyuserSignerverifier,\n privatecaSaKeyuserViewer,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprivatecaSa, err := projects.NewServiceIdentity(ctx, \"privateca_sa\", \u0026projects.ServiceIdentityArgs{\n\t\t\tService: pulumi.String(\"privateca.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivatecaSaKeyuserSignerverifier, err := kms.NewCryptoKeyIAMMember(ctx, \"privateca_sa_keyuser_signerverifier\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.String(\"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.signerVerifier\"),\n\t\t\tMember: privatecaSa.Member,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivatecaSaKeyuserViewer, err := kms.NewCryptoKeyIAMMember(ctx, \"privateca_sa_keyuser_viewer\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.String(\"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key\"),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: privatecaSa.Member,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewAuthority(ctx, \"default\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tPool: pulumi.String(\"ca-pool\"),\n\t\t\tCertificateAuthorityId: pulumi.String(\"my-certificate-authority\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tCloudKmsKeyVersion: pulumi.String(\"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1\"),\n\t\t\t},\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"Example, Org.\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"Example Authority\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{},\n\t\t\t\t\t},\n\t\t\t\t\tNameConstraints: \u0026certificateauthority.AuthorityConfigX509ConfigNameConstraintsArgs{\n\t\t\t\t\t\tCritical: pulumi.Bool(true),\n\t\t\t\t\t\tPermittedDnsNames: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"*.example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExcludedDnsNames: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"*.deny.example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tPermittedIpRanges: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"10.0.0.0/8\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExcludedIpRanges: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"10.1.1.0/24\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tPermittedEmailAddresses: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\".example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExcludedEmailAddresses: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\".deny.example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tPermittedUris: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\".example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExcludedUris: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\".deny.example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tprivatecaSaKeyuserSignerverifier,\n\t\t\tprivatecaSaKeyuserViewer,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.ServiceIdentity;\nimport com.pulumi.gcp.projects.ServiceIdentityArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigNameConstraintsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var privatecaSa = new ServiceIdentity(\"privatecaSa\", ServiceIdentityArgs.builder()\n .service(\"privateca.googleapis.com\")\n .build());\n\n var privatecaSaKeyuserSignerverifier = new CryptoKeyIAMMember(\"privatecaSaKeyuserSignerverifier\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(\"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key\")\n .role(\"roles/cloudkms.signerVerifier\")\n .member(privatecaSa.member())\n .build());\n\n var privatecaSaKeyuserViewer = new CryptoKeyIAMMember(\"privatecaSaKeyuserViewer\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(\"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key\")\n .role(\"roles/viewer\")\n .member(privatecaSa.member())\n .build());\n\n var default_ = new Authority(\"default\", AuthorityArgs.builder()\n .pool(\"ca-pool\")\n .certificateAuthorityId(\"my-certificate-authority\")\n .location(\"us-central1\")\n .deletionProtection(true)\n .keySpec(AuthorityKeySpecArgs.builder()\n .cloudKmsKeyVersion(\"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1\")\n .build())\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"Example, Org.\")\n .commonName(\"Example Authority\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage()\n .build())\n .nameConstraints(AuthorityConfigX509ConfigNameConstraintsArgs.builder()\n .critical(true)\n .permittedDnsNames(\"*.example.com\")\n .excludedDnsNames(\"*.deny.example.com\")\n .permittedIpRanges(\"10.0.0.0/8\")\n .excludedIpRanges(\"10.1.1.0/24\")\n .permittedEmailAddresses(\".example.com\")\n .excludedEmailAddresses(\".deny.example.com\")\n .permittedUris(\".example.com\")\n .excludedUris(\".deny.example.com\")\n .build())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n privatecaSaKeyuserSignerverifier,\n privatecaSaKeyuserViewer)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n privatecaSa:\n type: gcp:projects:ServiceIdentity\n name: privateca_sa\n properties:\n service: privateca.googleapis.com\n privatecaSaKeyuserSignerverifier:\n type: gcp:kms:CryptoKeyIAMMember\n name: privateca_sa_keyuser_signerverifier\n properties:\n cryptoKeyId: projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key\n role: roles/cloudkms.signerVerifier\n member: ${privatecaSa.member}\n privatecaSaKeyuserViewer:\n type: gcp:kms:CryptoKeyIAMMember\n name: privateca_sa_keyuser_viewer\n properties:\n cryptoKeyId: projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key\n role: roles/viewer\n member: ${privatecaSa.member}\n default:\n type: gcp:certificateauthority:Authority\n properties:\n pool: ca-pool\n certificateAuthorityId: my-certificate-authority\n location: us-central1\n deletionProtection: true\n keySpec:\n cloudKmsKeyVersion: projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1\n config:\n subjectConfig:\n subject:\n organization: Example, Org.\n commonName: Example Authority\n x509Config:\n caOptions:\n isCa: true\n keyUsage:\n baseKeyUsage:\n certSign: true\n crlSign: true\n extendedKeyUsage: {}\n nameConstraints:\n critical: true\n permittedDnsNames:\n - '*.example.com'\n excludedDnsNames:\n - '*.deny.example.com'\n permittedIpRanges:\n - 10.0.0.0/8\n excludedIpRanges:\n - 10.1.1.0/24\n permittedEmailAddresses:\n - .example.com\n excludedEmailAddresses:\n - .deny.example.com\n permittedUris:\n - .example.com\n excludedUris:\n - .deny.example.com\n options:\n dependsOn:\n - ${privatecaSaKeyuserSignerverifier}\n - ${privatecaSaKeyuserViewer}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Privateca Certificate Authority Custom Ski\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.certificateauthority.Authority(\"default\", {\n pool: \"ca-pool\",\n certificateAuthorityId: \"my-certificate-authority\",\n location: \"us-central1\",\n deletionProtection: true,\n config: {\n subjectConfig: {\n subject: {\n organization: \"ACME\",\n commonName: \"my-certificate-authority\",\n },\n },\n subjectKeyId: {\n keyId: \"4cf3372289b1d411b999dbb9ebcd44744b6b2fca\",\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {},\n },\n },\n },\n lifetime: `${10 * 365 * 24 * 3600}s`,\n keySpec: {\n cloudKmsKeyVersion: \"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.certificateauthority.Authority(\"default\",\n pool=\"ca-pool\",\n certificate_authority_id=\"my-certificate-authority\",\n location=\"us-central1\",\n deletion_protection=True,\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"ACME\",\n \"common_name\": \"my-certificate-authority\",\n },\n },\n \"subject_key_id\": {\n \"key_id\": \"4cf3372289b1d411b999dbb9ebcd44744b6b2fca\",\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {},\n },\n },\n },\n lifetime=f\"{10 * 365 * 24 * 3600}s\",\n key_spec={\n \"cloud_kms_key_version\": \"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CertificateAuthority.Authority(\"default\", new()\n {\n Pool = \"ca-pool\",\n CertificateAuthorityId = \"my-certificate-authority\",\n Location = \"us-central1\",\n DeletionProtection = true,\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"ACME\",\n CommonName = \"my-certificate-authority\",\n },\n },\n SubjectKeyId = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectKeyIdArgs\n {\n KeyId = \"4cf3372289b1d411b999dbb9ebcd44744b6b2fca\",\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = null,\n },\n },\n },\n Lifetime = $\"{10 * 365 * 24 * 3600}s\",\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n CloudKmsKeyVersion = \"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewAuthority(ctx, \"default\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tPool: pulumi.String(\"ca-pool\"),\n\t\t\tCertificateAuthorityId: pulumi.String(\"my-certificate-authority\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"ACME\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-certificate-authority\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tSubjectKeyId: \u0026certificateauthority.AuthorityConfigSubjectKeyIdArgs{\n\t\t\t\t\tKeyId: pulumi.String(\"4cf3372289b1d411b999dbb9ebcd44744b6b2fca\"),\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tLifetime: pulumi.Sprintf(\"%vs\", 10*365*24*3600),\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tCloudKmsKeyVersion: pulumi.String(\"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectKeyIdArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Authority(\"default\", AuthorityArgs.builder()\n .pool(\"ca-pool\")\n .certificateAuthorityId(\"my-certificate-authority\")\n .location(\"us-central1\")\n .deletionProtection(true)\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"ACME\")\n .commonName(\"my-certificate-authority\")\n .build())\n .build())\n .subjectKeyId(AuthorityConfigSubjectKeyIdArgs.builder()\n .keyId(\"4cf3372289b1d411b999dbb9ebcd44744b6b2fca\")\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage()\n .build())\n .build())\n .build())\n .lifetime(String.format(\"%ss\", 10 * 365 * 24 * 3600))\n .keySpec(AuthorityKeySpecArgs.builder()\n .cloudKmsKeyVersion(\"projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1\")\n .build())\n .build());\n\n }\n}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nCertificateAuthority can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificateAuthorities/{{certificate_authority_id}}`\n\n* `{{project}}/{{location}}/{{pool}}/{{certificate_authority_id}}`\n\n* `{{location}}/{{pool}}/{{certificate_authority_id}}`\n\nWhen using the `pulumi import` command, CertificateAuthority can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:certificateauthority/authority:Authority default projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificateAuthorities/{{certificate_authority_id}}\n```\n\n```sh\n$ pulumi import gcp:certificateauthority/authority:Authority default {{project}}/{{location}}/{{pool}}/{{certificate_authority_id}}\n```\n\n```sh\n$ pulumi import gcp:certificateauthority/authority:Authority default {{location}}/{{pool}}/{{certificate_authority_id}}\n```\n\n", "properties": { "accessUrls": { "type": "array", @@ -147153,7 +147153,7 @@ } }, "gcp:certificateauthority/caPoolIamBinding:CaPoolIamBinding": { - "description": "Three different resources help you manage your IAM policy for Certificate Authority Service CaPool. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Authoritative. Sets the IAM policy for the capool and replaces any existing policy already attached.\n* `gcp.certificateauthority.CaPoolIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the capool are preserved.\n* `gcp.certificateauthority.CaPoolIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the capool are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Retrieves the IAM policy for the capool\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CaPoolIamBinding` and `gcp.certificateauthority.CaPoolIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CaPoolIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.certificateauthority.CaPoolIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.certificateManager\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder()\n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.certificateManager\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder()\n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CaPoolIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(CaPoolIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CaPoolIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .condition(CaPoolIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Certificate Authority Service CaPool\nThree different resources help you manage your IAM policy for Certificate Authority Service CaPool. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Authoritative. Sets the IAM policy for the capool and replaces any existing policy already attached.\n* `gcp.certificateauthority.CaPoolIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the capool are preserved.\n* `gcp.certificateauthority.CaPoolIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the capool are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Retrieves the IAM policy for the capool\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CaPoolIamBinding` and `gcp.certificateauthority.CaPoolIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CaPoolIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.certificateauthority.CaPoolIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.certificateManager\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder()\n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.certificateManager\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder()\n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CaPoolIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(CaPoolIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CaPoolIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .condition(CaPoolIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/caPools/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCertificate Authority Service capool IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamBinding:CaPoolIamBinding editor \"projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}} roles/privateca.certificateManager user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamBinding:CaPoolIamBinding editor \"projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}} roles/privateca.certificateManager\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamBinding:CaPoolIamBinding editor projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Certificate Authority Service CaPool. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Authoritative. Sets the IAM policy for the capool and replaces any existing policy already attached.\n* `gcp.certificateauthority.CaPoolIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the capool are preserved.\n* `gcp.certificateauthority.CaPoolIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the capool are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Retrieves the IAM policy for the capool\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CaPoolIamBinding` and `gcp.certificateauthority.CaPoolIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CaPoolIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.certificateauthority.CaPoolIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.certificateManager\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder()\n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.certificateManager\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder()\n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CaPoolIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(CaPoolIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CaPoolIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .condition(CaPoolIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Certificate Authority Service CaPool\nThree different resources help you manage your IAM policy for Certificate Authority Service CaPool. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Authoritative. Sets the IAM policy for the capool and replaces any existing policy already attached.\n* `gcp.certificateauthority.CaPoolIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the capool are preserved.\n* `gcp.certificateauthority.CaPoolIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the capool are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Retrieves the IAM policy for the capool\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CaPoolIamBinding` and `gcp.certificateauthority.CaPoolIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CaPoolIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.certificateauthority.CaPoolIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.certificateManager\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder()\n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.certificateManager\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder()\n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CaPoolIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(CaPoolIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CaPoolIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .condition(CaPoolIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/caPools/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCertificate Authority Service capool IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamBinding:CaPoolIamBinding editor \"projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}} roles/privateca.certificateManager user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamBinding:CaPoolIamBinding editor \"projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}} roles/privateca.certificateManager\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamBinding:CaPoolIamBinding editor projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "caPool": { "type": "string", @@ -147278,7 +147278,7 @@ } }, "gcp:certificateauthority/caPoolIamMember:CaPoolIamMember": { - "description": "Three different resources help you manage your IAM policy for Certificate Authority Service CaPool. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Authoritative. Sets the IAM policy for the capool and replaces any existing policy already attached.\n* `gcp.certificateauthority.CaPoolIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the capool are preserved.\n* `gcp.certificateauthority.CaPoolIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the capool are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Retrieves the IAM policy for the capool\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CaPoolIamBinding` and `gcp.certificateauthority.CaPoolIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CaPoolIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.certificateauthority.CaPoolIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.certificateManager\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder()\n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.certificateManager\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder()\n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CaPoolIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(CaPoolIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CaPoolIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .condition(CaPoolIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Certificate Authority Service CaPool\nThree different resources help you manage your IAM policy for Certificate Authority Service CaPool. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Authoritative. Sets the IAM policy for the capool and replaces any existing policy already attached.\n* `gcp.certificateauthority.CaPoolIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the capool are preserved.\n* `gcp.certificateauthority.CaPoolIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the capool are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Retrieves the IAM policy for the capool\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CaPoolIamBinding` and `gcp.certificateauthority.CaPoolIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CaPoolIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.certificateauthority.CaPoolIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.certificateManager\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder()\n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.certificateManager\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder()\n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CaPoolIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(CaPoolIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CaPoolIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .condition(CaPoolIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/caPools/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCertificate Authority Service capool IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamMember:CaPoolIamMember editor \"projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}} roles/privateca.certificateManager user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamMember:CaPoolIamMember editor \"projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}} roles/privateca.certificateManager\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamMember:CaPoolIamMember editor projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Certificate Authority Service CaPool. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Authoritative. Sets the IAM policy for the capool and replaces any existing policy already attached.\n* `gcp.certificateauthority.CaPoolIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the capool are preserved.\n* `gcp.certificateauthority.CaPoolIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the capool are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Retrieves the IAM policy for the capool\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CaPoolIamBinding` and `gcp.certificateauthority.CaPoolIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CaPoolIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.certificateauthority.CaPoolIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.certificateManager\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder()\n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.certificateManager\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder()\n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CaPoolIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(CaPoolIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CaPoolIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .condition(CaPoolIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Certificate Authority Service CaPool\nThree different resources help you manage your IAM policy for Certificate Authority Service CaPool. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Authoritative. Sets the IAM policy for the capool and replaces any existing policy already attached.\n* `gcp.certificateauthority.CaPoolIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the capool are preserved.\n* `gcp.certificateauthority.CaPoolIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the capool are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Retrieves the IAM policy for the capool\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CaPoolIamBinding` and `gcp.certificateauthority.CaPoolIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CaPoolIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.certificateauthority.CaPoolIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.certificateManager\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder()\n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.certificateManager\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder()\n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CaPoolIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(CaPoolIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CaPoolIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .condition(CaPoolIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/caPools/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCertificate Authority Service capool IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamMember:CaPoolIamMember editor \"projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}} roles/privateca.certificateManager user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamMember:CaPoolIamMember editor \"projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}} roles/privateca.certificateManager\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamMember:CaPoolIamMember editor projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "caPool": { "type": "string", @@ -147396,7 +147396,7 @@ } }, "gcp:certificateauthority/caPoolIamPolicy:CaPoolIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Certificate Authority Service CaPool. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Authoritative. Sets the IAM policy for the capool and replaces any existing policy already attached.\n* `gcp.certificateauthority.CaPoolIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the capool are preserved.\n* `gcp.certificateauthority.CaPoolIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the capool are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Retrieves the IAM policy for the capool\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CaPoolIamBinding` and `gcp.certificateauthority.CaPoolIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CaPoolIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.certificateauthority.CaPoolIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.certificateManager\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder()\n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.certificateManager\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder()\n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CaPoolIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(CaPoolIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CaPoolIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .condition(CaPoolIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Certificate Authority Service CaPool\nThree different resources help you manage your IAM policy for Certificate Authority Service CaPool. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Authoritative. Sets the IAM policy for the capool and replaces any existing policy already attached.\n* `gcp.certificateauthority.CaPoolIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the capool are preserved.\n* `gcp.certificateauthority.CaPoolIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the capool are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Retrieves the IAM policy for the capool\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CaPoolIamBinding` and `gcp.certificateauthority.CaPoolIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CaPoolIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.certificateauthority.CaPoolIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.certificateManager\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder()\n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.certificateManager\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder()\n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CaPoolIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(CaPoolIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CaPoolIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .condition(CaPoolIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/caPools/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCertificate Authority Service capool IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamPolicy:CaPoolIamPolicy editor \"projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}} roles/privateca.certificateManager user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamPolicy:CaPoolIamPolicy editor \"projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}} roles/privateca.certificateManager\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamPolicy:CaPoolIamPolicy editor projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Certificate Authority Service CaPool. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Authoritative. Sets the IAM policy for the capool and replaces any existing policy already attached.\n* `gcp.certificateauthority.CaPoolIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the capool are preserved.\n* `gcp.certificateauthority.CaPoolIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the capool are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Retrieves the IAM policy for the capool\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CaPoolIamBinding` and `gcp.certificateauthority.CaPoolIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CaPoolIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.certificateauthority.CaPoolIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.certificateManager\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder()\n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.certificateManager\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder()\n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CaPoolIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(CaPoolIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CaPoolIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .condition(CaPoolIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Certificate Authority Service CaPool\nThree different resources help you manage your IAM policy for Certificate Authority Service CaPool. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Authoritative. Sets the IAM policy for the capool and replaces any existing policy already attached.\n* `gcp.certificateauthority.CaPoolIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the capool are preserved.\n* `gcp.certificateauthority.CaPoolIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the capool are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Retrieves the IAM policy for the capool\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CaPoolIamBinding` and `gcp.certificateauthority.CaPoolIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CaPoolIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.certificateauthority.CaPoolIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.certificateManager\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder()\n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.certificateManager\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder()\n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CaPoolIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(CaPoolIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CaPoolIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .condition(CaPoolIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/caPools/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCertificate Authority Service capool IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamPolicy:CaPoolIamPolicy editor \"projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}} roles/privateca.certificateManager user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamPolicy:CaPoolIamPolicy editor \"projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}} roles/privateca.certificateManager\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamPolicy:CaPoolIamPolicy editor projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "caPool": { "type": "string", @@ -147482,7 +147482,7 @@ } }, "gcp:certificateauthority/certificate:Certificate": { - "description": "A Certificate corresponds to a signed X.509 certificate issued by a Certificate.\n\n\n\u003e **Note:** The Certificate Authority that is referenced by this resource **must** be\n`tier = \"ENTERPRISE\"`\n\n\n\n## Example Usage\n\n### Privateca Certificate Generated Key\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\nimport * as tls from \"@pulumi/tls\";\n\nconst _default = new gcp.certificateauthority.CaPool(\"default\", {\n location: \"us-central1\",\n name: \"default\",\n tier: \"ENTERPRISE\",\n});\nconst defaultAuthority = new gcp.certificateauthority.Authority(\"default\", {\n location: \"us-central1\",\n pool: _default.name,\n certificateAuthorityId: \"my-authority\",\n config: {\n subjectConfig: {\n subject: {\n organization: \"HashiCorp\",\n commonName: \"my-certificate-authority\",\n },\n subjectAltName: {\n dnsNames: [\"hashicorp.com\"],\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {\n serverAuth: true,\n },\n },\n },\n },\n keySpec: {\n algorithm: \"RSA_PKCS1_4096_SHA256\",\n },\n deletionProtection: false,\n skipGracePeriod: true,\n ignoreActiveCertificatesOnDeletion: true,\n});\nconst certKey = new tls.PrivateKey(\"cert_key\", {algorithm: \"RSA\"});\nconst defaultCertificate = new gcp.certificateauthority.Certificate(\"default\", {\n location: \"us-central1\",\n pool: _default.name,\n certificateAuthority: defaultAuthority.certificateAuthorityId,\n lifetime: \"86000s\",\n name: \"cert-1\",\n config: {\n subjectConfig: {\n subject: {\n commonName: \"san1.example.com\",\n countryCode: \"us\",\n organization: \"google\",\n organizationalUnit: \"enterprise\",\n locality: \"mountain view\",\n province: \"california\",\n streetAddress: \"1600 amphitheatre parkway\",\n },\n subjectAltName: {\n emailAddresses: [\"email@example.com\"],\n ipAddresses: [\"127.0.0.1\"],\n uris: [\"http://www.ietf.org/rfc/rfc3986.txt\"],\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {\n serverAuth: false,\n },\n },\n nameConstraints: {\n critical: true,\n permittedDnsNames: [\"*.example.com\"],\n excludedDnsNames: [\"*.deny.example.com\"],\n permittedIpRanges: [\"10.0.0.0/8\"],\n excludedIpRanges: [\"10.1.1.0/24\"],\n permittedEmailAddresses: [\".example.com\"],\n excludedEmailAddresses: [\".deny.example.com\"],\n permittedUris: [\".example.com\"],\n excludedUris: [\".deny.example.com\"],\n },\n },\n publicKey: {\n format: \"PEM\",\n key: std.base64encodeOutput({\n input: certKey.publicKeyPem,\n }).apply(invoke =\u003e invoke.result),\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\nimport pulumi_tls as tls\n\ndefault = gcp.certificateauthority.CaPool(\"default\",\n location=\"us-central1\",\n name=\"default\",\n tier=\"ENTERPRISE\")\ndefault_authority = gcp.certificateauthority.Authority(\"default\",\n location=\"us-central1\",\n pool=default.name,\n certificate_authority_id=\"my-authority\",\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"HashiCorp\",\n \"common_name\": \"my-certificate-authority\",\n },\n \"subject_alt_name\": {\n \"dns_names\": [\"hashicorp.com\"],\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {\n \"server_auth\": True,\n },\n },\n },\n },\n key_spec={\n \"algorithm\": \"RSA_PKCS1_4096_SHA256\",\n },\n deletion_protection=False,\n skip_grace_period=True,\n ignore_active_certificates_on_deletion=True)\ncert_key = tls.PrivateKey(\"cert_key\", algorithm=\"RSA\")\ndefault_certificate = gcp.certificateauthority.Certificate(\"default\",\n location=\"us-central1\",\n pool=default.name,\n certificate_authority=default_authority.certificate_authority_id,\n lifetime=\"86000s\",\n name=\"cert-1\",\n config={\n \"subject_config\": {\n \"subject\": {\n \"common_name\": \"san1.example.com\",\n \"country_code\": \"us\",\n \"organization\": \"google\",\n \"organizational_unit\": \"enterprise\",\n \"locality\": \"mountain view\",\n \"province\": \"california\",\n \"street_address\": \"1600 amphitheatre parkway\",\n },\n \"subject_alt_name\": {\n \"email_addresses\": [\"email@example.com\"],\n \"ip_addresses\": [\"127.0.0.1\"],\n \"uris\": [\"http://www.ietf.org/rfc/rfc3986.txt\"],\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {\n \"server_auth\": False,\n },\n },\n \"name_constraints\": {\n \"critical\": True,\n \"permitted_dns_names\": [\"*.example.com\"],\n \"excluded_dns_names\": [\"*.deny.example.com\"],\n \"permitted_ip_ranges\": [\"10.0.0.0/8\"],\n \"excluded_ip_ranges\": [\"10.1.1.0/24\"],\n \"permitted_email_addresses\": [\".example.com\"],\n \"excluded_email_addresses\": [\".deny.example.com\"],\n \"permitted_uris\": [\".example.com\"],\n \"excluded_uris\": [\".deny.example.com\"],\n },\n },\n \"public_key\": {\n \"format\": \"PEM\",\n \"key\": std.base64encode_output(input=cert_key.public_key_pem).apply(lambda invoke: invoke.result),\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\nusing Tls = Pulumi.Tls;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CertificateAuthority.CaPool(\"default\", new()\n {\n Location = \"us-central1\",\n Name = \"default\",\n Tier = \"ENTERPRISE\",\n });\n\n var defaultAuthority = new Gcp.CertificateAuthority.Authority(\"default\", new()\n {\n Location = \"us-central1\",\n Pool = @default.Name,\n CertificateAuthorityId = \"my-authority\",\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"HashiCorp\",\n CommonName = \"my-certificate-authority\",\n },\n SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs\n {\n DnsNames = new[]\n {\n \"hashicorp.com\",\n },\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = true,\n },\n },\n },\n },\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n Algorithm = \"RSA_PKCS1_4096_SHA256\",\n },\n DeletionProtection = false,\n SkipGracePeriod = true,\n IgnoreActiveCertificatesOnDeletion = true,\n });\n\n var certKey = new Tls.PrivateKey(\"cert_key\", new()\n {\n Algorithm = \"RSA\",\n });\n\n var defaultCertificate = new Gcp.CertificateAuthority.Certificate(\"default\", new()\n {\n Location = \"us-central1\",\n Pool = @default.Name,\n CertificateAuthority = defaultAuthority.CertificateAuthorityId,\n Lifetime = \"86000s\",\n Name = \"cert-1\",\n Config = new Gcp.CertificateAuthority.Inputs.CertificateConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.CertificateConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.CertificateConfigSubjectConfigSubjectArgs\n {\n CommonName = \"san1.example.com\",\n CountryCode = \"us\",\n Organization = \"google\",\n OrganizationalUnit = \"enterprise\",\n Locality = \"mountain view\",\n Province = \"california\",\n StreetAddress = \"1600 amphitheatre parkway\",\n },\n SubjectAltName = new Gcp.CertificateAuthority.Inputs.CertificateConfigSubjectConfigSubjectAltNameArgs\n {\n EmailAddresses = new[]\n {\n \"email@example.com\",\n },\n IpAddresses = new[]\n {\n \"127.0.0.1\",\n },\n Uris = new[]\n {\n \"http://www.ietf.org/rfc/rfc3986.txt\",\n },\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = false,\n },\n },\n NameConstraints = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigNameConstraintsArgs\n {\n Critical = true,\n PermittedDnsNames = new[]\n {\n \"*.example.com\",\n },\n ExcludedDnsNames = new[]\n {\n \"*.deny.example.com\",\n },\n PermittedIpRanges = new[]\n {\n \"10.0.0.0/8\",\n },\n ExcludedIpRanges = new[]\n {\n \"10.1.1.0/24\",\n },\n PermittedEmailAddresses = new[]\n {\n \".example.com\",\n },\n ExcludedEmailAddresses = new[]\n {\n \".deny.example.com\",\n },\n PermittedUris = new[]\n {\n \".example.com\",\n },\n ExcludedUris = new[]\n {\n \".deny.example.com\",\n },\n },\n },\n PublicKey = new Gcp.CertificateAuthority.Inputs.CertificateConfigPublicKeyArgs\n {\n Format = \"PEM\",\n Key = Std.Base64encode.Invoke(new()\n {\n Input = certKey.PublicKeyPem,\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi-tls/sdk/v5/go/tls\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPool(ctx, \"default\", \u0026certificateauthority.CaPoolArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"default\"),\n\t\t\tTier: pulumi.String(\"ENTERPRISE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultAuthority, err := certificateauthority.NewAuthority(ctx, \"default\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPool: _default.Name,\n\t\t\tCertificateAuthorityId: pulumi.String(\"my-authority\"),\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"HashiCorp\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-certificate-authority\"),\n\t\t\t\t\t},\n\t\t\t\t\tSubjectAltName: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{\n\t\t\t\t\t\tDnsNames: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"hashicorp.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_PKCS1_4096_SHA256\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tSkipGracePeriod: pulumi.Bool(true),\n\t\t\tIgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcertKey, err := tls.NewPrivateKey(ctx, \"cert_key\", \u0026tls.PrivateKeyArgs{\n\t\t\tAlgorithm: pulumi.String(\"RSA\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificate(ctx, \"default\", \u0026certificateauthority.CertificateArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPool: _default.Name,\n\t\t\tCertificateAuthority: defaultAuthority.CertificateAuthorityId,\n\t\t\tLifetime: pulumi.String(\"86000s\"),\n\t\t\tName: pulumi.String(\"cert-1\"),\n\t\t\tConfig: \u0026certificateauthority.CertificateConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.CertificateConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.CertificateConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tCommonName: pulumi.String(\"san1.example.com\"),\n\t\t\t\t\t\tCountryCode: pulumi.String(\"us\"),\n\t\t\t\t\t\tOrganization: pulumi.String(\"google\"),\n\t\t\t\t\t\tOrganizationalUnit: pulumi.String(\"enterprise\"),\n\t\t\t\t\t\tLocality: pulumi.String(\"mountain view\"),\n\t\t\t\t\t\tProvince: pulumi.String(\"california\"),\n\t\t\t\t\t\tStreetAddress: pulumi.String(\"1600 amphitheatre parkway\"),\n\t\t\t\t\t},\n\t\t\t\t\tSubjectAltName: \u0026certificateauthority.CertificateConfigSubjectConfigSubjectAltNameArgs{\n\t\t\t\t\t\tEmailAddresses: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"email@example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tIpAddresses: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"127.0.0.1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tUris: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"http://www.ietf.org/rfc/rfc3986.txt\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.CertificateConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.CertificateConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.CertificateConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(false),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tNameConstraints: \u0026certificateauthority.CertificateConfigX509ConfigNameConstraintsArgs{\n\t\t\t\t\t\tCritical: pulumi.Bool(true),\n\t\t\t\t\t\tPermittedDnsNames: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"*.example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExcludedDnsNames: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"*.deny.example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tPermittedIpRanges: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"10.0.0.0/8\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExcludedIpRanges: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"10.1.1.0/24\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tPermittedEmailAddresses: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\".example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExcludedEmailAddresses: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\".deny.example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tPermittedUris: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\".example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExcludedUris: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\".deny.example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tPublicKey: \u0026certificateauthority.CertificateConfigPublicKeyArgs{\n\t\t\t\t\tFormat: pulumi.String(\"PEM\"),\n\t\t\t\t\tKey: std.Base64encodeOutput(ctx, std.Base64encodeOutputArgs{\n\t\t\t\t\t\tInput: certKey.PublicKeyPem,\n\t\t\t\t\t}, nil).ApplyT(func(invoke std.Base64encodeResult) (*string, error) {\n\t\t\t\t\t\treturn invoke.Result, nil\n\t\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPool;\nimport com.pulumi.gcp.certificateauthority.CaPoolArgs;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport com.pulumi.tls.PrivateKey;\nimport com.pulumi.tls.PrivateKeyArgs;\nimport com.pulumi.gcp.certificateauthority.Certificate;\nimport com.pulumi.gcp.certificateauthority.CertificateArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigSubjectConfigSubjectAltNameArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigNameConstraintsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigPublicKeyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new CaPool(\"default\", CaPoolArgs.builder()\n .location(\"us-central1\")\n .name(\"default\")\n .tier(\"ENTERPRISE\")\n .build());\n\n var defaultAuthority = new Authority(\"defaultAuthority\", AuthorityArgs.builder()\n .location(\"us-central1\")\n .pool(default_.name())\n .certificateAuthorityId(\"my-authority\")\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"HashiCorp\")\n .commonName(\"my-certificate-authority\")\n .build())\n .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()\n .dnsNames(\"hashicorp.com\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(true)\n .build())\n .build())\n .build())\n .build())\n .keySpec(AuthorityKeySpecArgs.builder()\n .algorithm(\"RSA_PKCS1_4096_SHA256\")\n .build())\n .deletionProtection(false)\n .skipGracePeriod(true)\n .ignoreActiveCertificatesOnDeletion(true)\n .build());\n\n var certKey = new PrivateKey(\"certKey\", PrivateKeyArgs.builder()\n .algorithm(\"RSA\")\n .build());\n\n var defaultCertificate = new Certificate(\"defaultCertificate\", CertificateArgs.builder()\n .location(\"us-central1\")\n .pool(default_.name())\n .certificateAuthority(defaultAuthority.certificateAuthorityId())\n .lifetime(\"86000s\")\n .name(\"cert-1\")\n .config(CertificateConfigArgs.builder()\n .subjectConfig(CertificateConfigSubjectConfigArgs.builder()\n .subject(CertificateConfigSubjectConfigSubjectArgs.builder()\n .commonName(\"san1.example.com\")\n .countryCode(\"us\")\n .organization(\"google\")\n .organizationalUnit(\"enterprise\")\n .locality(\"mountain view\")\n .province(\"california\")\n .streetAddress(\"1600 amphitheatre parkway\")\n .build())\n .subjectAltName(CertificateConfigSubjectConfigSubjectAltNameArgs.builder()\n .emailAddresses(\"email@example.com\")\n .ipAddresses(\"127.0.0.1\")\n .uris(\"http://www.ietf.org/rfc/rfc3986.txt\")\n .build())\n .build())\n .x509Config(CertificateConfigX509ConfigArgs.builder()\n .caOptions(CertificateConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(CertificateConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage(CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(false)\n .build())\n .build())\n .nameConstraints(CertificateConfigX509ConfigNameConstraintsArgs.builder()\n .critical(true)\n .permittedDnsNames(\"*.example.com\")\n .excludedDnsNames(\"*.deny.example.com\")\n .permittedIpRanges(\"10.0.0.0/8\")\n .excludedIpRanges(\"10.1.1.0/24\")\n .permittedEmailAddresses(\".example.com\")\n .excludedEmailAddresses(\".deny.example.com\")\n .permittedUris(\".example.com\")\n .excludedUris(\".deny.example.com\")\n .build())\n .build())\n .publicKey(CertificateConfigPublicKeyArgs.builder()\n .format(\"PEM\")\n .key(StdFunctions.base64encode().applyValue(invoke -\u003e invoke.result()))\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificateauthority:CaPool\n properties:\n location: us-central1\n name: default\n tier: ENTERPRISE\n defaultAuthority:\n type: gcp:certificateauthority:Authority\n name: default\n properties:\n location: us-central1\n pool: ${default.name}\n certificateAuthorityId: my-authority\n config:\n subjectConfig:\n subject:\n organization: HashiCorp\n commonName: my-certificate-authority\n subjectAltName:\n dnsNames:\n - hashicorp.com\n x509Config:\n caOptions:\n isCa: true\n keyUsage:\n baseKeyUsage:\n certSign: true\n crlSign: true\n extendedKeyUsage:\n serverAuth: true\n keySpec:\n algorithm: RSA_PKCS1_4096_SHA256\n deletionProtection: false\n skipGracePeriod: true\n ignoreActiveCertificatesOnDeletion: true\n certKey:\n type: tls:PrivateKey\n name: cert_key\n properties:\n algorithm: RSA\n defaultCertificate:\n type: gcp:certificateauthority:Certificate\n name: default\n properties:\n location: us-central1\n pool: ${default.name}\n certificateAuthority: ${defaultAuthority.certificateAuthorityId}\n lifetime: 86000s\n name: cert-1\n config:\n subjectConfig:\n subject:\n commonName: san1.example.com\n countryCode: us\n organization: google\n organizationalUnit: enterprise\n locality: mountain view\n province: california\n streetAddress: 1600 amphitheatre parkway\n subjectAltName:\n emailAddresses:\n - email@example.com\n ipAddresses:\n - 127.0.0.1\n uris:\n - http://www.ietf.org/rfc/rfc3986.txt\n x509Config:\n caOptions:\n isCa: true\n keyUsage:\n baseKeyUsage:\n certSign: true\n crlSign: true\n extendedKeyUsage:\n serverAuth: false\n nameConstraints:\n critical: true\n permittedDnsNames:\n - '*.example.com'\n excludedDnsNames:\n - '*.deny.example.com'\n permittedIpRanges:\n - 10.0.0.0/8\n excludedIpRanges:\n - 10.1.1.0/24\n permittedEmailAddresses:\n - .example.com\n excludedEmailAddresses:\n - .deny.example.com\n permittedUris:\n - .example.com\n excludedUris:\n - .deny.example.com\n publicKey:\n format: PEM\n key:\n fn::invoke:\n Function: std:base64encode\n Arguments:\n input: ${certKey.publicKeyPem}\n Return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Privateca Certificate With Template\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst _default = new gcp.certificateauthority.CaPool(\"default\", {\n location: \"us-central1\",\n name: \"my-pool\",\n tier: \"ENTERPRISE\",\n});\nconst defaultCertificateTemplate = new gcp.certificateauthority.CertificateTemplate(\"default\", {\n location: \"us-central1\",\n name: \"my-certificate-template\",\n description: \"An updated sample certificate template\",\n identityConstraints: {\n allowSubjectAltNamesPassthrough: true,\n allowSubjectPassthrough: true,\n celExpression: {\n description: \"Always true\",\n expression: \"true\",\n location: \"any.file.anywhere\",\n title: \"Sample expression\",\n },\n },\n passthroughExtensions: {\n additionalExtensions: [{\n objectIdPaths: [\n 1,\n 6,\n ],\n }],\n knownExtensions: [\"EXTENDED_KEY_USAGE\"],\n },\n predefinedValues: {\n additionalExtensions: [{\n objectId: {\n objectIdPaths: [\n 1,\n 6,\n ],\n },\n value: \"c3RyaW5nCg==\",\n critical: true,\n }],\n aiaOcspServers: [\"string\"],\n caOptions: {\n isCa: false,\n maxIssuerPathLength: 6,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: false,\n contentCommitment: true,\n crlSign: false,\n dataEncipherment: true,\n decipherOnly: true,\n digitalSignature: true,\n encipherOnly: true,\n keyAgreement: true,\n keyEncipherment: true,\n },\n extendedKeyUsage: {\n clientAuth: true,\n codeSigning: true,\n emailProtection: true,\n ocspSigning: true,\n serverAuth: true,\n timeStamping: true,\n },\n unknownExtendedKeyUsages: [{\n objectIdPaths: [\n 1,\n 6,\n ],\n }],\n },\n policyIds: [{\n objectIdPaths: [\n 1,\n 6,\n ],\n }],\n },\n});\nconst defaultAuthority = new gcp.certificateauthority.Authority(\"default\", {\n location: \"us-central1\",\n pool: _default.name,\n certificateAuthorityId: \"my-authority\",\n config: {\n subjectConfig: {\n subject: {\n organization: \"HashiCorp\",\n commonName: \"my-certificate-authority\",\n },\n subjectAltName: {\n dnsNames: [\"hashicorp.com\"],\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {\n serverAuth: false,\n },\n },\n },\n },\n keySpec: {\n algorithm: \"RSA_PKCS1_4096_SHA256\",\n },\n deletionProtection: false,\n skipGracePeriod: true,\n ignoreActiveCertificatesOnDeletion: true,\n});\nconst defaultCertificate = new gcp.certificateauthority.Certificate(\"default\", {\n location: \"us-central1\",\n pool: _default.name,\n certificateAuthority: defaultAuthority.certificateAuthorityId,\n name: \"my-certificate\",\n lifetime: \"860s\",\n pemCsr: std.file({\n input: \"test-fixtures/rsa_csr.pem\",\n }).then(invoke =\u003e invoke.result),\n certificateTemplate: defaultCertificateTemplate.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndefault = gcp.certificateauthority.CaPool(\"default\",\n location=\"us-central1\",\n name=\"my-pool\",\n tier=\"ENTERPRISE\")\ndefault_certificate_template = gcp.certificateauthority.CertificateTemplate(\"default\",\n location=\"us-central1\",\n name=\"my-certificate-template\",\n description=\"An updated sample certificate template\",\n identity_constraints={\n \"allow_subject_alt_names_passthrough\": True,\n \"allow_subject_passthrough\": True,\n \"cel_expression\": {\n \"description\": \"Always true\",\n \"expression\": \"true\",\n \"location\": \"any.file.anywhere\",\n \"title\": \"Sample expression\",\n },\n },\n passthrough_extensions={\n \"additional_extensions\": [{\n \"object_id_paths\": [\n 1,\n 6,\n ],\n }],\n \"known_extensions\": [\"EXTENDED_KEY_USAGE\"],\n },\n predefined_values={\n \"additional_extensions\": [{\n \"object_id\": {\n \"object_id_paths\": [\n 1,\n 6,\n ],\n },\n \"value\": \"c3RyaW5nCg==\",\n \"critical\": True,\n }],\n \"aia_ocsp_servers\": [\"string\"],\n \"ca_options\": {\n \"is_ca\": False,\n \"max_issuer_path_length\": 6,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": False,\n \"content_commitment\": True,\n \"crl_sign\": False,\n \"data_encipherment\": True,\n \"decipher_only\": True,\n \"digital_signature\": True,\n \"encipher_only\": True,\n \"key_agreement\": True,\n \"key_encipherment\": True,\n },\n \"extended_key_usage\": {\n \"client_auth\": True,\n \"code_signing\": True,\n \"email_protection\": True,\n \"ocsp_signing\": True,\n \"server_auth\": True,\n \"time_stamping\": True,\n },\n \"unknown_extended_key_usages\": [{\n \"object_id_paths\": [\n 1,\n 6,\n ],\n }],\n },\n \"policy_ids\": [{\n \"object_id_paths\": [\n 1,\n 6,\n ],\n }],\n })\ndefault_authority = gcp.certificateauthority.Authority(\"default\",\n location=\"us-central1\",\n pool=default.name,\n certificate_authority_id=\"my-authority\",\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"HashiCorp\",\n \"common_name\": \"my-certificate-authority\",\n },\n \"subject_alt_name\": {\n \"dns_names\": [\"hashicorp.com\"],\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {\n \"server_auth\": False,\n },\n },\n },\n },\n key_spec={\n \"algorithm\": \"RSA_PKCS1_4096_SHA256\",\n },\n deletion_protection=False,\n skip_grace_period=True,\n ignore_active_certificates_on_deletion=True)\ndefault_certificate = gcp.certificateauthority.Certificate(\"default\",\n location=\"us-central1\",\n pool=default.name,\n certificate_authority=default_authority.certificate_authority_id,\n name=\"my-certificate\",\n lifetime=\"860s\",\n pem_csr=std.file(input=\"test-fixtures/rsa_csr.pem\").result,\n certificate_template=default_certificate_template.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CertificateAuthority.CaPool(\"default\", new()\n {\n Location = \"us-central1\",\n Name = \"my-pool\",\n Tier = \"ENTERPRISE\",\n });\n\n var defaultCertificateTemplate = new Gcp.CertificateAuthority.CertificateTemplate(\"default\", new()\n {\n Location = \"us-central1\",\n Name = \"my-certificate-template\",\n Description = \"An updated sample certificate template\",\n IdentityConstraints = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIdentityConstraintsArgs\n {\n AllowSubjectAltNamesPassthrough = true,\n AllowSubjectPassthrough = true,\n CelExpression = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIdentityConstraintsCelExpressionArgs\n {\n Description = \"Always true\",\n Expression = \"true\",\n Location = \"any.file.anywhere\",\n Title = \"Sample expression\",\n },\n },\n PassthroughExtensions = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePassthroughExtensionsArgs\n {\n AdditionalExtensions = new[]\n {\n new Gcp.CertificateAuthority.Inputs.CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs\n {\n ObjectIdPaths = new[]\n {\n 1,\n 6,\n },\n },\n },\n KnownExtensions = new[]\n {\n \"EXTENDED_KEY_USAGE\",\n },\n },\n PredefinedValues = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesArgs\n {\n AdditionalExtensions = new[]\n {\n new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesAdditionalExtensionArgs\n {\n ObjectId = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs\n {\n ObjectIdPaths = new[]\n {\n 1,\n 6,\n },\n },\n Value = \"c3RyaW5nCg==\",\n Critical = true,\n },\n },\n AiaOcspServers = new[]\n {\n \"string\",\n },\n CaOptions = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesCaOptionsArgs\n {\n IsCa = false,\n MaxIssuerPathLength = 6,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs\n {\n CertSign = false,\n ContentCommitment = true,\n CrlSign = false,\n DataEncipherment = true,\n DecipherOnly = true,\n DigitalSignature = true,\n EncipherOnly = true,\n KeyAgreement = true,\n KeyEncipherment = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs\n {\n ClientAuth = true,\n CodeSigning = true,\n EmailProtection = true,\n OcspSigning = true,\n ServerAuth = true,\n TimeStamping = true,\n },\n UnknownExtendedKeyUsages = new[]\n {\n new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs\n {\n ObjectIdPaths = new[]\n {\n 1,\n 6,\n },\n },\n },\n },\n PolicyIds = new[]\n {\n new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesPolicyIdArgs\n {\n ObjectIdPaths = new[]\n {\n 1,\n 6,\n },\n },\n },\n },\n });\n\n var defaultAuthority = new Gcp.CertificateAuthority.Authority(\"default\", new()\n {\n Location = \"us-central1\",\n Pool = @default.Name,\n CertificateAuthorityId = \"my-authority\",\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"HashiCorp\",\n CommonName = \"my-certificate-authority\",\n },\n SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs\n {\n DnsNames = new[]\n {\n \"hashicorp.com\",\n },\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = false,\n },\n },\n },\n },\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n Algorithm = \"RSA_PKCS1_4096_SHA256\",\n },\n DeletionProtection = false,\n SkipGracePeriod = true,\n IgnoreActiveCertificatesOnDeletion = true,\n });\n\n var defaultCertificate = new Gcp.CertificateAuthority.Certificate(\"default\", new()\n {\n Location = \"us-central1\",\n Pool = @default.Name,\n CertificateAuthority = defaultAuthority.CertificateAuthorityId,\n Name = \"my-certificate\",\n Lifetime = \"860s\",\n PemCsr = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/rsa_csr.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n CertificateTemplate = defaultCertificateTemplate.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPool(ctx, \"default\", \u0026certificateauthority.CaPoolArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"my-pool\"),\n\t\t\tTier: pulumi.String(\"ENTERPRISE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultCertificateTemplate, err := certificateauthority.NewCertificateTemplate(ctx, \"default\", \u0026certificateauthority.CertificateTemplateArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"my-certificate-template\"),\n\t\t\tDescription: pulumi.String(\"An updated sample certificate template\"),\n\t\t\tIdentityConstraints: \u0026certificateauthority.CertificateTemplateIdentityConstraintsArgs{\n\t\t\t\tAllowSubjectAltNamesPassthrough: pulumi.Bool(true),\n\t\t\t\tAllowSubjectPassthrough: pulumi.Bool(true),\n\t\t\t\tCelExpression: \u0026certificateauthority.CertificateTemplateIdentityConstraintsCelExpressionArgs{\n\t\t\t\t\tDescription: pulumi.String(\"Always true\"),\n\t\t\t\t\tExpression: pulumi.String(\"true\"),\n\t\t\t\t\tLocation: pulumi.String(\"any.file.anywhere\"),\n\t\t\t\t\tTitle: pulumi.String(\"Sample expression\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPassthroughExtensions: \u0026certificateauthority.CertificateTemplatePassthroughExtensionsArgs{\n\t\t\t\tAdditionalExtensions: certificateauthority.CertificateTemplatePassthroughExtensionsAdditionalExtensionArray{\n\t\t\t\t\t\u0026certificateauthority.CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs{\n\t\t\t\t\t\tObjectIdPaths: pulumi.IntArray{\n\t\t\t\t\t\t\tpulumi.Int(1),\n\t\t\t\t\t\t\tpulumi.Int(6),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tKnownExtensions: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"EXTENDED_KEY_USAGE\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPredefinedValues: \u0026certificateauthority.CertificateTemplatePredefinedValuesArgs{\n\t\t\t\tAdditionalExtensions: certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionArray{\n\t\t\t\t\t\u0026certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionArgs{\n\t\t\t\t\t\tObjectId: \u0026certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs{\n\t\t\t\t\t\t\tObjectIdPaths: pulumi.IntArray{\n\t\t\t\t\t\t\t\tpulumi.Int(1),\n\t\t\t\t\t\t\t\tpulumi.Int(6),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tValue: pulumi.String(\"c3RyaW5nCg==\"),\n\t\t\t\t\t\tCritical: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tAiaOcspServers: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"string\"),\n\t\t\t\t},\n\t\t\t\tCaOptions: \u0026certificateauthority.CertificateTemplatePredefinedValuesCaOptionsArgs{\n\t\t\t\t\tIsCa: pulumi.Bool(false),\n\t\t\t\t\tMaxIssuerPathLength: pulumi.Int(6),\n\t\t\t\t},\n\t\t\t\tKeyUsage: \u0026certificateauthority.CertificateTemplatePredefinedValuesKeyUsageArgs{\n\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\tCertSign: pulumi.Bool(false),\n\t\t\t\t\t\tContentCommitment: pulumi.Bool(true),\n\t\t\t\t\t\tCrlSign: pulumi.Bool(false),\n\t\t\t\t\t\tDataEncipherment: pulumi.Bool(true),\n\t\t\t\t\t\tDecipherOnly: pulumi.Bool(true),\n\t\t\t\t\t\tDigitalSignature: pulumi.Bool(true),\n\t\t\t\t\t\tEncipherOnly: pulumi.Bool(true),\n\t\t\t\t\t\tKeyAgreement: pulumi.Bool(true),\n\t\t\t\t\t\tKeyEncipherment: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\tClientAuth: pulumi.Bool(true),\n\t\t\t\t\t\tCodeSigning: pulumi.Bool(true),\n\t\t\t\t\t\tEmailProtection: pulumi.Bool(true),\n\t\t\t\t\t\tOcspSigning: pulumi.Bool(true),\n\t\t\t\t\t\tServerAuth: pulumi.Bool(true),\n\t\t\t\t\t\tTimeStamping: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tUnknownExtendedKeyUsages: certificateauthority.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArray{\n\t\t\t\t\t\t\u0026certificateauthority.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tObjectIdPaths: pulumi.IntArray{\n\t\t\t\t\t\t\t\tpulumi.Int(1),\n\t\t\t\t\t\t\t\tpulumi.Int(6),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tPolicyIds: certificateauthority.CertificateTemplatePredefinedValuesPolicyIdArray{\n\t\t\t\t\t\u0026certificateauthority.CertificateTemplatePredefinedValuesPolicyIdArgs{\n\t\t\t\t\t\tObjectIdPaths: pulumi.IntArray{\n\t\t\t\t\t\t\tpulumi.Int(1),\n\t\t\t\t\t\t\tpulumi.Int(6),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultAuthority, err := certificateauthority.NewAuthority(ctx, \"default\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPool: _default.Name,\n\t\t\tCertificateAuthorityId: pulumi.String(\"my-authority\"),\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"HashiCorp\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-certificate-authority\"),\n\t\t\t\t\t},\n\t\t\t\t\tSubjectAltName: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{\n\t\t\t\t\t\tDnsNames: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"hashicorp.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(false),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_PKCS1_4096_SHA256\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tSkipGracePeriod: pulumi.Bool(true),\n\t\t\tIgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/rsa_csr.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificate(ctx, \"default\", \u0026certificateauthority.CertificateArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPool: _default.Name,\n\t\t\tCertificateAuthority: defaultAuthority.CertificateAuthorityId,\n\t\t\tName: pulumi.String(\"my-certificate\"),\n\t\t\tLifetime: pulumi.String(\"860s\"),\n\t\t\tPemCsr: pulumi.String(invokeFile.Result),\n\t\t\tCertificateTemplate: defaultCertificateTemplate.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPool;\nimport com.pulumi.gcp.certificateauthority.CaPoolArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplate;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIdentityConstraintsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIdentityConstraintsCelExpressionArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePassthroughExtensionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport com.pulumi.gcp.certificateauthority.Certificate;\nimport com.pulumi.gcp.certificateauthority.CertificateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new CaPool(\"default\", CaPoolArgs.builder()\n .location(\"us-central1\")\n .name(\"my-pool\")\n .tier(\"ENTERPRISE\")\n .build());\n\n var defaultCertificateTemplate = new CertificateTemplate(\"defaultCertificateTemplate\", CertificateTemplateArgs.builder()\n .location(\"us-central1\")\n .name(\"my-certificate-template\")\n .description(\"An updated sample certificate template\")\n .identityConstraints(CertificateTemplateIdentityConstraintsArgs.builder()\n .allowSubjectAltNamesPassthrough(true)\n .allowSubjectPassthrough(true)\n .celExpression(CertificateTemplateIdentityConstraintsCelExpressionArgs.builder()\n .description(\"Always true\")\n .expression(\"true\")\n .location(\"any.file.anywhere\")\n .title(\"Sample expression\")\n .build())\n .build())\n .passthroughExtensions(CertificateTemplatePassthroughExtensionsArgs.builder()\n .additionalExtensions(CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs.builder()\n .objectIdPaths( \n 1,\n 6)\n .build())\n .knownExtensions(\"EXTENDED_KEY_USAGE\")\n .build())\n .predefinedValues(CertificateTemplatePredefinedValuesArgs.builder()\n .additionalExtensions(CertificateTemplatePredefinedValuesAdditionalExtensionArgs.builder()\n .objectId(CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs.builder()\n .objectIdPaths( \n 1,\n 6)\n .build())\n .value(\"c3RyaW5nCg==\")\n .critical(true)\n .build())\n .aiaOcspServers(\"string\")\n .caOptions(CertificateTemplatePredefinedValuesCaOptionsArgs.builder()\n .isCa(false)\n .maxIssuerPathLength(6)\n .build())\n .keyUsage(CertificateTemplatePredefinedValuesKeyUsageArgs.builder()\n .baseKeyUsage(CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs.builder()\n .certSign(false)\n .contentCommitment(true)\n .crlSign(false)\n .dataEncipherment(true)\n .decipherOnly(true)\n .digitalSignature(true)\n .encipherOnly(true)\n .keyAgreement(true)\n .keyEncipherment(true)\n .build())\n .extendedKeyUsage(CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs.builder()\n .clientAuth(true)\n .codeSigning(true)\n .emailProtection(true)\n .ocspSigning(true)\n .serverAuth(true)\n .timeStamping(true)\n .build())\n .unknownExtendedKeyUsages(CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs.builder()\n .objectIdPaths( \n 1,\n 6)\n .build())\n .build())\n .policyIds(CertificateTemplatePredefinedValuesPolicyIdArgs.builder()\n .objectIdPaths( \n 1,\n 6)\n .build())\n .build())\n .build());\n\n var defaultAuthority = new Authority(\"defaultAuthority\", AuthorityArgs.builder()\n .location(\"us-central1\")\n .pool(default_.name())\n .certificateAuthorityId(\"my-authority\")\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"HashiCorp\")\n .commonName(\"my-certificate-authority\")\n .build())\n .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()\n .dnsNames(\"hashicorp.com\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(false)\n .build())\n .build())\n .build())\n .build())\n .keySpec(AuthorityKeySpecArgs.builder()\n .algorithm(\"RSA_PKCS1_4096_SHA256\")\n .build())\n .deletionProtection(false)\n .skipGracePeriod(true)\n .ignoreActiveCertificatesOnDeletion(true)\n .build());\n\n var defaultCertificate = new Certificate(\"defaultCertificate\", CertificateArgs.builder()\n .location(\"us-central1\")\n .pool(default_.name())\n .certificateAuthority(defaultAuthority.certificateAuthorityId())\n .name(\"my-certificate\")\n .lifetime(\"860s\")\n .pemCsr(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/rsa_csr.pem\")\n .build()).result())\n .certificateTemplate(defaultCertificateTemplate.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificateauthority:CaPool\n properties:\n location: us-central1\n name: my-pool\n tier: ENTERPRISE\n defaultCertificateTemplate:\n type: gcp:certificateauthority:CertificateTemplate\n name: default\n properties:\n location: us-central1\n name: my-certificate-template\n description: An updated sample certificate template\n identityConstraints:\n allowSubjectAltNamesPassthrough: true\n allowSubjectPassthrough: true\n celExpression:\n description: Always true\n expression: 'true'\n location: any.file.anywhere\n title: Sample expression\n passthroughExtensions:\n additionalExtensions:\n - objectIdPaths:\n - 1\n - 6\n knownExtensions:\n - EXTENDED_KEY_USAGE\n predefinedValues:\n additionalExtensions:\n - objectId:\n objectIdPaths:\n - 1\n - 6\n value: c3RyaW5nCg==\n critical: true\n aiaOcspServers:\n - string\n caOptions:\n isCa: false\n maxIssuerPathLength: 6\n keyUsage:\n baseKeyUsage:\n certSign: false\n contentCommitment: true\n crlSign: false\n dataEncipherment: true\n decipherOnly: true\n digitalSignature: true\n encipherOnly: true\n keyAgreement: true\n keyEncipherment: true\n extendedKeyUsage:\n clientAuth: true\n codeSigning: true\n emailProtection: true\n ocspSigning: true\n serverAuth: true\n timeStamping: true\n unknownExtendedKeyUsages:\n - objectIdPaths:\n - 1\n - 6\n policyIds:\n - objectIdPaths:\n - 1\n - 6\n defaultAuthority:\n type: gcp:certificateauthority:Authority\n name: default\n properties:\n location: us-central1\n pool: ${default.name}\n certificateAuthorityId: my-authority\n config:\n subjectConfig:\n subject:\n organization: HashiCorp\n commonName: my-certificate-authority\n subjectAltName:\n dnsNames:\n - hashicorp.com\n x509Config:\n caOptions:\n isCa: true\n keyUsage:\n baseKeyUsage:\n certSign: true\n crlSign: true\n extendedKeyUsage:\n serverAuth: false\n keySpec:\n algorithm: RSA_PKCS1_4096_SHA256\n deletionProtection: false\n skipGracePeriod: true\n ignoreActiveCertificatesOnDeletion: true\n defaultCertificate:\n type: gcp:certificateauthority:Certificate\n name: default\n properties:\n location: us-central1\n pool: ${default.name}\n certificateAuthority: ${defaultAuthority.certificateAuthorityId}\n name: my-certificate\n lifetime: 860s\n pemCsr:\n fn::invoke:\n Function: std:file\n Arguments:\n input: test-fixtures/rsa_csr.pem\n Return: result\n certificateTemplate: ${defaultCertificateTemplate.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Privateca Certificate Csr\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst _default = new gcp.certificateauthority.CaPool(\"default\", {\n location: \"us-central1\",\n name: \"my-pool\",\n tier: \"ENTERPRISE\",\n});\nconst defaultAuthority = new gcp.certificateauthority.Authority(\"default\", {\n location: \"us-central1\",\n pool: _default.name,\n certificateAuthorityId: \"my-authority\",\n config: {\n subjectConfig: {\n subject: {\n organization: \"HashiCorp\",\n commonName: \"my-certificate-authority\",\n },\n subjectAltName: {\n dnsNames: [\"hashicorp.com\"],\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {\n serverAuth: false,\n },\n },\n },\n },\n keySpec: {\n algorithm: \"RSA_PKCS1_4096_SHA256\",\n },\n deletionProtection: false,\n skipGracePeriod: true,\n ignoreActiveCertificatesOnDeletion: true,\n});\nconst defaultCertificate = new gcp.certificateauthority.Certificate(\"default\", {\n location: \"us-central1\",\n pool: _default.name,\n certificateAuthority: defaultAuthority.certificateAuthorityId,\n name: \"my-certificate\",\n lifetime: \"860s\",\n pemCsr: std.file({\n input: \"test-fixtures/rsa_csr.pem\",\n }).then(invoke =\u003e invoke.result),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndefault = gcp.certificateauthority.CaPool(\"default\",\n location=\"us-central1\",\n name=\"my-pool\",\n tier=\"ENTERPRISE\")\ndefault_authority = gcp.certificateauthority.Authority(\"default\",\n location=\"us-central1\",\n pool=default.name,\n certificate_authority_id=\"my-authority\",\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"HashiCorp\",\n \"common_name\": \"my-certificate-authority\",\n },\n \"subject_alt_name\": {\n \"dns_names\": [\"hashicorp.com\"],\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {\n \"server_auth\": False,\n },\n },\n },\n },\n key_spec={\n \"algorithm\": \"RSA_PKCS1_4096_SHA256\",\n },\n deletion_protection=False,\n skip_grace_period=True,\n ignore_active_certificates_on_deletion=True)\ndefault_certificate = gcp.certificateauthority.Certificate(\"default\",\n location=\"us-central1\",\n pool=default.name,\n certificate_authority=default_authority.certificate_authority_id,\n name=\"my-certificate\",\n lifetime=\"860s\",\n pem_csr=std.file(input=\"test-fixtures/rsa_csr.pem\").result)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CertificateAuthority.CaPool(\"default\", new()\n {\n Location = \"us-central1\",\n Name = \"my-pool\",\n Tier = \"ENTERPRISE\",\n });\n\n var defaultAuthority = new Gcp.CertificateAuthority.Authority(\"default\", new()\n {\n Location = \"us-central1\",\n Pool = @default.Name,\n CertificateAuthorityId = \"my-authority\",\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"HashiCorp\",\n CommonName = \"my-certificate-authority\",\n },\n SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs\n {\n DnsNames = new[]\n {\n \"hashicorp.com\",\n },\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = false,\n },\n },\n },\n },\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n Algorithm = \"RSA_PKCS1_4096_SHA256\",\n },\n DeletionProtection = false,\n SkipGracePeriod = true,\n IgnoreActiveCertificatesOnDeletion = true,\n });\n\n var defaultCertificate = new Gcp.CertificateAuthority.Certificate(\"default\", new()\n {\n Location = \"us-central1\",\n Pool = @default.Name,\n CertificateAuthority = defaultAuthority.CertificateAuthorityId,\n Name = \"my-certificate\",\n Lifetime = \"860s\",\n PemCsr = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/rsa_csr.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPool(ctx, \"default\", \u0026certificateauthority.CaPoolArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"my-pool\"),\n\t\t\tTier: pulumi.String(\"ENTERPRISE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultAuthority, err := certificateauthority.NewAuthority(ctx, \"default\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPool: _default.Name,\n\t\t\tCertificateAuthorityId: pulumi.String(\"my-authority\"),\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"HashiCorp\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-certificate-authority\"),\n\t\t\t\t\t},\n\t\t\t\t\tSubjectAltName: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{\n\t\t\t\t\t\tDnsNames: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"hashicorp.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(false),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_PKCS1_4096_SHA256\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tSkipGracePeriod: pulumi.Bool(true),\n\t\t\tIgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/rsa_csr.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificate(ctx, \"default\", \u0026certificateauthority.CertificateArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPool: _default.Name,\n\t\t\tCertificateAuthority: defaultAuthority.CertificateAuthorityId,\n\t\t\tName: pulumi.String(\"my-certificate\"),\n\t\t\tLifetime: pulumi.String(\"860s\"),\n\t\t\tPemCsr: pulumi.String(invokeFile.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPool;\nimport com.pulumi.gcp.certificateauthority.CaPoolArgs;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport com.pulumi.gcp.certificateauthority.Certificate;\nimport com.pulumi.gcp.certificateauthority.CertificateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new CaPool(\"default\", CaPoolArgs.builder()\n .location(\"us-central1\")\n .name(\"my-pool\")\n .tier(\"ENTERPRISE\")\n .build());\n\n var defaultAuthority = new Authority(\"defaultAuthority\", AuthorityArgs.builder()\n .location(\"us-central1\")\n .pool(default_.name())\n .certificateAuthorityId(\"my-authority\")\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"HashiCorp\")\n .commonName(\"my-certificate-authority\")\n .build())\n .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()\n .dnsNames(\"hashicorp.com\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(false)\n .build())\n .build())\n .build())\n .build())\n .keySpec(AuthorityKeySpecArgs.builder()\n .algorithm(\"RSA_PKCS1_4096_SHA256\")\n .build())\n .deletionProtection(false)\n .skipGracePeriod(true)\n .ignoreActiveCertificatesOnDeletion(true)\n .build());\n\n var defaultCertificate = new Certificate(\"defaultCertificate\", CertificateArgs.builder()\n .location(\"us-central1\")\n .pool(default_.name())\n .certificateAuthority(defaultAuthority.certificateAuthorityId())\n .name(\"my-certificate\")\n .lifetime(\"860s\")\n .pemCsr(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/rsa_csr.pem\")\n .build()).result())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificateauthority:CaPool\n properties:\n location: us-central1\n name: my-pool\n tier: ENTERPRISE\n defaultAuthority:\n type: gcp:certificateauthority:Authority\n name: default\n properties:\n location: us-central1\n pool: ${default.name}\n certificateAuthorityId: my-authority\n config:\n subjectConfig:\n subject:\n organization: HashiCorp\n commonName: my-certificate-authority\n subjectAltName:\n dnsNames:\n - hashicorp.com\n x509Config:\n caOptions:\n isCa: true\n keyUsage:\n baseKeyUsage:\n certSign: true\n crlSign: true\n extendedKeyUsage:\n serverAuth: false\n keySpec:\n algorithm: RSA_PKCS1_4096_SHA256\n deletionProtection: false\n skipGracePeriod: true\n ignoreActiveCertificatesOnDeletion: true\n defaultCertificate:\n type: gcp:certificateauthority:Certificate\n name: default\n properties:\n location: us-central1\n pool: ${default.name}\n certificateAuthority: ${defaultAuthority.certificateAuthorityId}\n name: my-certificate\n lifetime: 860s\n pemCsr:\n fn::invoke:\n Function: std:file\n Arguments:\n input: test-fixtures/rsa_csr.pem\n Return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Privateca Certificate No Authority\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst _default = new gcp.certificateauthority.CaPool(\"default\", {\n location: \"us-central1\",\n name: \"my-pool\",\n tier: \"ENTERPRISE\",\n});\nconst defaultAuthority = new gcp.certificateauthority.Authority(\"default\", {\n location: \"us-central1\",\n pool: _default.name,\n certificateAuthorityId: \"my-authority\",\n config: {\n subjectConfig: {\n subject: {\n organization: \"HashiCorp\",\n commonName: \"my-certificate-authority\",\n },\n subjectAltName: {\n dnsNames: [\"hashicorp.com\"],\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n digitalSignature: true,\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {\n serverAuth: true,\n },\n },\n },\n },\n lifetime: \"86400s\",\n keySpec: {\n algorithm: \"RSA_PKCS1_4096_SHA256\",\n },\n deletionProtection: false,\n skipGracePeriod: true,\n ignoreActiveCertificatesOnDeletion: true,\n});\nconst defaultCertificate = new gcp.certificateauthority.Certificate(\"default\", {\n location: \"us-central1\",\n pool: _default.name,\n name: \"my-certificate\",\n lifetime: \"860s\",\n config: {\n subjectConfig: {\n subject: {\n commonName: \"san1.example.com\",\n countryCode: \"us\",\n organization: \"google\",\n organizationalUnit: \"enterprise\",\n locality: \"mountain view\",\n province: \"california\",\n streetAddress: \"1600 amphitheatre parkway\",\n postalCode: \"94109\",\n },\n },\n x509Config: {\n caOptions: {\n isCa: false,\n },\n keyUsage: {\n baseKeyUsage: {\n crlSign: true,\n },\n extendedKeyUsage: {\n serverAuth: true,\n },\n },\n },\n publicKey: {\n format: \"PEM\",\n key: std.filebase64({\n input: \"test-fixtures/rsa_public.pem\",\n }).then(invoke =\u003e invoke.result),\n },\n },\n}, {\n dependsOn: [defaultAuthority],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndefault = gcp.certificateauthority.CaPool(\"default\",\n location=\"us-central1\",\n name=\"my-pool\",\n tier=\"ENTERPRISE\")\ndefault_authority = gcp.certificateauthority.Authority(\"default\",\n location=\"us-central1\",\n pool=default.name,\n certificate_authority_id=\"my-authority\",\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"HashiCorp\",\n \"common_name\": \"my-certificate-authority\",\n },\n \"subject_alt_name\": {\n \"dns_names\": [\"hashicorp.com\"],\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"digital_signature\": True,\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {\n \"server_auth\": True,\n },\n },\n },\n },\n lifetime=\"86400s\",\n key_spec={\n \"algorithm\": \"RSA_PKCS1_4096_SHA256\",\n },\n deletion_protection=False,\n skip_grace_period=True,\n ignore_active_certificates_on_deletion=True)\ndefault_certificate = gcp.certificateauthority.Certificate(\"default\",\n location=\"us-central1\",\n pool=default.name,\n name=\"my-certificate\",\n lifetime=\"860s\",\n config={\n \"subject_config\": {\n \"subject\": {\n \"common_name\": \"san1.example.com\",\n \"country_code\": \"us\",\n \"organization\": \"google\",\n \"organizational_unit\": \"enterprise\",\n \"locality\": \"mountain view\",\n \"province\": \"california\",\n \"street_address\": \"1600 amphitheatre parkway\",\n \"postal_code\": \"94109\",\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": False,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {\n \"server_auth\": True,\n },\n },\n },\n \"public_key\": {\n \"format\": \"PEM\",\n \"key\": std.filebase64(input=\"test-fixtures/rsa_public.pem\").result,\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[default_authority]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CertificateAuthority.CaPool(\"default\", new()\n {\n Location = \"us-central1\",\n Name = \"my-pool\",\n Tier = \"ENTERPRISE\",\n });\n\n var defaultAuthority = new Gcp.CertificateAuthority.Authority(\"default\", new()\n {\n Location = \"us-central1\",\n Pool = @default.Name,\n CertificateAuthorityId = \"my-authority\",\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"HashiCorp\",\n CommonName = \"my-certificate-authority\",\n },\n SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs\n {\n DnsNames = new[]\n {\n \"hashicorp.com\",\n },\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n DigitalSignature = true,\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = true,\n },\n },\n },\n },\n Lifetime = \"86400s\",\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n Algorithm = \"RSA_PKCS1_4096_SHA256\",\n },\n DeletionProtection = false,\n SkipGracePeriod = true,\n IgnoreActiveCertificatesOnDeletion = true,\n });\n\n var defaultCertificate = new Gcp.CertificateAuthority.Certificate(\"default\", new()\n {\n Location = \"us-central1\",\n Pool = @default.Name,\n Name = \"my-certificate\",\n Lifetime = \"860s\",\n Config = new Gcp.CertificateAuthority.Inputs.CertificateConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.CertificateConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.CertificateConfigSubjectConfigSubjectArgs\n {\n CommonName = \"san1.example.com\",\n CountryCode = \"us\",\n Organization = \"google\",\n OrganizationalUnit = \"enterprise\",\n Locality = \"mountain view\",\n Province = \"california\",\n StreetAddress = \"1600 amphitheatre parkway\",\n PostalCode = \"94109\",\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigCaOptionsArgs\n {\n IsCa = false,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CrlSign = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = true,\n },\n },\n },\n PublicKey = new Gcp.CertificateAuthority.Inputs.CertificateConfigPublicKeyArgs\n {\n Format = \"PEM\",\n Key = Std.Filebase64.Invoke(new()\n {\n Input = \"test-fixtures/rsa_public.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n defaultAuthority,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPool(ctx, \"default\", \u0026certificateauthority.CaPoolArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"my-pool\"),\n\t\t\tTier: pulumi.String(\"ENTERPRISE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultAuthority, err := certificateauthority.NewAuthority(ctx, \"default\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPool: _default.Name,\n\t\t\tCertificateAuthorityId: pulumi.String(\"my-authority\"),\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"HashiCorp\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-certificate-authority\"),\n\t\t\t\t\t},\n\t\t\t\t\tSubjectAltName: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{\n\t\t\t\t\t\tDnsNames: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"hashicorp.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tDigitalSignature: pulumi.Bool(true),\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tLifetime: pulumi.String(\"86400s\"),\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_PKCS1_4096_SHA256\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tSkipGracePeriod: pulumi.Bool(true),\n\t\t\tIgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFilebase64, err := std.Filebase64(ctx, \u0026std.Filebase64Args{\n\t\t\tInput: \"test-fixtures/rsa_public.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificate(ctx, \"default\", \u0026certificateauthority.CertificateArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPool: _default.Name,\n\t\t\tName: pulumi.String(\"my-certificate\"),\n\t\t\tLifetime: pulumi.String(\"860s\"),\n\t\t\tConfig: \u0026certificateauthority.CertificateConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.CertificateConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.CertificateConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tCommonName: pulumi.String(\"san1.example.com\"),\n\t\t\t\t\t\tCountryCode: pulumi.String(\"us\"),\n\t\t\t\t\t\tOrganization: pulumi.String(\"google\"),\n\t\t\t\t\t\tOrganizationalUnit: pulumi.String(\"enterprise\"),\n\t\t\t\t\t\tLocality: pulumi.String(\"mountain view\"),\n\t\t\t\t\t\tProvince: pulumi.String(\"california\"),\n\t\t\t\t\t\tStreetAddress: pulumi.String(\"1600 amphitheatre parkway\"),\n\t\t\t\t\t\tPostalCode: pulumi.String(\"94109\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.CertificateConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.CertificateConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.CertificateConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tPublicKey: \u0026certificateauthority.CertificateConfigPublicKeyArgs{\n\t\t\t\t\tFormat: pulumi.String(\"PEM\"),\n\t\t\t\t\tKey: pulumi.String(invokeFilebase64.Result),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdefaultAuthority,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPool;\nimport com.pulumi.gcp.certificateauthority.CaPoolArgs;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport com.pulumi.gcp.certificateauthority.Certificate;\nimport com.pulumi.gcp.certificateauthority.CertificateArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigPublicKeyArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new CaPool(\"default\", CaPoolArgs.builder()\n .location(\"us-central1\")\n .name(\"my-pool\")\n .tier(\"ENTERPRISE\")\n .build());\n\n var defaultAuthority = new Authority(\"defaultAuthority\", AuthorityArgs.builder()\n .location(\"us-central1\")\n .pool(default_.name())\n .certificateAuthorityId(\"my-authority\")\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"HashiCorp\")\n .commonName(\"my-certificate-authority\")\n .build())\n .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()\n .dnsNames(\"hashicorp.com\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .digitalSignature(true)\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(true)\n .build())\n .build())\n .build())\n .build())\n .lifetime(\"86400s\")\n .keySpec(AuthorityKeySpecArgs.builder()\n .algorithm(\"RSA_PKCS1_4096_SHA256\")\n .build())\n .deletionProtection(false)\n .skipGracePeriod(true)\n .ignoreActiveCertificatesOnDeletion(true)\n .build());\n\n var defaultCertificate = new Certificate(\"defaultCertificate\", CertificateArgs.builder()\n .location(\"us-central1\")\n .pool(default_.name())\n .name(\"my-certificate\")\n .lifetime(\"860s\")\n .config(CertificateConfigArgs.builder()\n .subjectConfig(CertificateConfigSubjectConfigArgs.builder()\n .subject(CertificateConfigSubjectConfigSubjectArgs.builder()\n .commonName(\"san1.example.com\")\n .countryCode(\"us\")\n .organization(\"google\")\n .organizationalUnit(\"enterprise\")\n .locality(\"mountain view\")\n .province(\"california\")\n .streetAddress(\"1600 amphitheatre parkway\")\n .postalCode(\"94109\")\n .build())\n .build())\n .x509Config(CertificateConfigX509ConfigArgs.builder()\n .caOptions(CertificateConfigX509ConfigCaOptionsArgs.builder()\n .isCa(false)\n .build())\n .keyUsage(CertificateConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .crlSign(true)\n .build())\n .extendedKeyUsage(CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(true)\n .build())\n .build())\n .build())\n .publicKey(CertificateConfigPublicKeyArgs.builder()\n .format(\"PEM\")\n .key(StdFunctions.filebase64(Filebase64Args.builder()\n .input(\"test-fixtures/rsa_public.pem\")\n .build()).result())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(defaultAuthority)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificateauthority:CaPool\n properties:\n location: us-central1\n name: my-pool\n tier: ENTERPRISE\n defaultAuthority:\n type: gcp:certificateauthority:Authority\n name: default\n properties:\n location: us-central1\n pool: ${default.name}\n certificateAuthorityId: my-authority\n config:\n subjectConfig:\n subject:\n organization: HashiCorp\n commonName: my-certificate-authority\n subjectAltName:\n dnsNames:\n - hashicorp.com\n x509Config:\n caOptions:\n isCa: true\n keyUsage:\n baseKeyUsage:\n digitalSignature: true\n certSign: true\n crlSign: true\n extendedKeyUsage:\n serverAuth: true\n lifetime: 86400s\n keySpec:\n algorithm: RSA_PKCS1_4096_SHA256\n deletionProtection: false\n skipGracePeriod: true\n ignoreActiveCertificatesOnDeletion: true\n defaultCertificate:\n type: gcp:certificateauthority:Certificate\n name: default\n properties:\n location: us-central1\n pool: ${default.name}\n name: my-certificate\n lifetime: 860s\n config:\n subjectConfig:\n subject:\n commonName: san1.example.com\n countryCode: us\n organization: google\n organizationalUnit: enterprise\n locality: mountain view\n province: california\n streetAddress: 1600 amphitheatre parkway\n postalCode: '94109'\n x509Config:\n caOptions:\n isCa: false\n keyUsage:\n baseKeyUsage:\n crlSign: true\n extendedKeyUsage:\n serverAuth: true\n publicKey:\n format: PEM\n key:\n fn::invoke:\n Function: std:filebase64\n Arguments:\n input: test-fixtures/rsa_public.pem\n Return: result\n options:\n dependson:\n - ${defaultAuthority}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Privateca Certificate Custom Ski\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst _default = new gcp.certificateauthority.CaPool(\"default\", {\n location: \"us-central1\",\n name: \"my-pool\",\n tier: \"ENTERPRISE\",\n});\nconst defaultAuthority = new gcp.certificateauthority.Authority(\"default\", {\n location: \"us-central1\",\n pool: _default.name,\n certificateAuthorityId: \"my-authority\",\n config: {\n subjectConfig: {\n subject: {\n organization: \"HashiCorp\",\n commonName: \"my-certificate-authority\",\n },\n subjectAltName: {\n dnsNames: [\"hashicorp.com\"],\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n digitalSignature: true,\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {\n serverAuth: true,\n },\n },\n },\n },\n lifetime: \"86400s\",\n keySpec: {\n algorithm: \"RSA_PKCS1_4096_SHA256\",\n },\n deletionProtection: false,\n skipGracePeriod: true,\n ignoreActiveCertificatesOnDeletion: true,\n});\nconst defaultCertificate = new gcp.certificateauthority.Certificate(\"default\", {\n location: \"us-central1\",\n pool: _default.name,\n name: \"my-certificate\",\n lifetime: \"860s\",\n config: {\n subjectConfig: {\n subject: {\n commonName: \"san1.example.com\",\n countryCode: \"us\",\n organization: \"google\",\n organizationalUnit: \"enterprise\",\n locality: \"mountain view\",\n province: \"california\",\n streetAddress: \"1600 amphitheatre parkway\",\n postalCode: \"94109\",\n },\n },\n subjectKeyId: {\n keyId: \"4cf3372289b1d411b999dbb9ebcd44744b6b2fca\",\n },\n x509Config: {\n caOptions: {\n isCa: false,\n },\n keyUsage: {\n baseKeyUsage: {\n crlSign: true,\n },\n extendedKeyUsage: {\n serverAuth: true,\n },\n },\n },\n publicKey: {\n format: \"PEM\",\n key: std.filebase64({\n input: \"test-fixtures/rsa_public.pem\",\n }).then(invoke =\u003e invoke.result),\n },\n },\n}, {\n dependsOn: [defaultAuthority],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndefault = gcp.certificateauthority.CaPool(\"default\",\n location=\"us-central1\",\n name=\"my-pool\",\n tier=\"ENTERPRISE\")\ndefault_authority = gcp.certificateauthority.Authority(\"default\",\n location=\"us-central1\",\n pool=default.name,\n certificate_authority_id=\"my-authority\",\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"HashiCorp\",\n \"common_name\": \"my-certificate-authority\",\n },\n \"subject_alt_name\": {\n \"dns_names\": [\"hashicorp.com\"],\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"digital_signature\": True,\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {\n \"server_auth\": True,\n },\n },\n },\n },\n lifetime=\"86400s\",\n key_spec={\n \"algorithm\": \"RSA_PKCS1_4096_SHA256\",\n },\n deletion_protection=False,\n skip_grace_period=True,\n ignore_active_certificates_on_deletion=True)\ndefault_certificate = gcp.certificateauthority.Certificate(\"default\",\n location=\"us-central1\",\n pool=default.name,\n name=\"my-certificate\",\n lifetime=\"860s\",\n config={\n \"subject_config\": {\n \"subject\": {\n \"common_name\": \"san1.example.com\",\n \"country_code\": \"us\",\n \"organization\": \"google\",\n \"organizational_unit\": \"enterprise\",\n \"locality\": \"mountain view\",\n \"province\": \"california\",\n \"street_address\": \"1600 amphitheatre parkway\",\n \"postal_code\": \"94109\",\n },\n },\n \"subject_key_id\": {\n \"key_id\": \"4cf3372289b1d411b999dbb9ebcd44744b6b2fca\",\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": False,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {\n \"server_auth\": True,\n },\n },\n },\n \"public_key\": {\n \"format\": \"PEM\",\n \"key\": std.filebase64(input=\"test-fixtures/rsa_public.pem\").result,\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[default_authority]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CertificateAuthority.CaPool(\"default\", new()\n {\n Location = \"us-central1\",\n Name = \"my-pool\",\n Tier = \"ENTERPRISE\",\n });\n\n var defaultAuthority = new Gcp.CertificateAuthority.Authority(\"default\", new()\n {\n Location = \"us-central1\",\n Pool = @default.Name,\n CertificateAuthorityId = \"my-authority\",\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"HashiCorp\",\n CommonName = \"my-certificate-authority\",\n },\n SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs\n {\n DnsNames = new[]\n {\n \"hashicorp.com\",\n },\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n DigitalSignature = true,\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = true,\n },\n },\n },\n },\n Lifetime = \"86400s\",\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n Algorithm = \"RSA_PKCS1_4096_SHA256\",\n },\n DeletionProtection = false,\n SkipGracePeriod = true,\n IgnoreActiveCertificatesOnDeletion = true,\n });\n\n var defaultCertificate = new Gcp.CertificateAuthority.Certificate(\"default\", new()\n {\n Location = \"us-central1\",\n Pool = @default.Name,\n Name = \"my-certificate\",\n Lifetime = \"860s\",\n Config = new Gcp.CertificateAuthority.Inputs.CertificateConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.CertificateConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.CertificateConfigSubjectConfigSubjectArgs\n {\n CommonName = \"san1.example.com\",\n CountryCode = \"us\",\n Organization = \"google\",\n OrganizationalUnit = \"enterprise\",\n Locality = \"mountain view\",\n Province = \"california\",\n StreetAddress = \"1600 amphitheatre parkway\",\n PostalCode = \"94109\",\n },\n },\n SubjectKeyId = new Gcp.CertificateAuthority.Inputs.CertificateConfigSubjectKeyIdArgs\n {\n KeyId = \"4cf3372289b1d411b999dbb9ebcd44744b6b2fca\",\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigCaOptionsArgs\n {\n IsCa = false,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CrlSign = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = true,\n },\n },\n },\n PublicKey = new Gcp.CertificateAuthority.Inputs.CertificateConfigPublicKeyArgs\n {\n Format = \"PEM\",\n Key = Std.Filebase64.Invoke(new()\n {\n Input = \"test-fixtures/rsa_public.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n defaultAuthority,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPool(ctx, \"default\", \u0026certificateauthority.CaPoolArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"my-pool\"),\n\t\t\tTier: pulumi.String(\"ENTERPRISE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultAuthority, err := certificateauthority.NewAuthority(ctx, \"default\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPool: _default.Name,\n\t\t\tCertificateAuthorityId: pulumi.String(\"my-authority\"),\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"HashiCorp\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-certificate-authority\"),\n\t\t\t\t\t},\n\t\t\t\t\tSubjectAltName: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{\n\t\t\t\t\t\tDnsNames: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"hashicorp.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tDigitalSignature: pulumi.Bool(true),\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tLifetime: pulumi.String(\"86400s\"),\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_PKCS1_4096_SHA256\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tSkipGracePeriod: pulumi.Bool(true),\n\t\t\tIgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFilebase64, err := std.Filebase64(ctx, \u0026std.Filebase64Args{\n\t\t\tInput: \"test-fixtures/rsa_public.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificate(ctx, \"default\", \u0026certificateauthority.CertificateArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPool: _default.Name,\n\t\t\tName: pulumi.String(\"my-certificate\"),\n\t\t\tLifetime: pulumi.String(\"860s\"),\n\t\t\tConfig: \u0026certificateauthority.CertificateConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.CertificateConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.CertificateConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tCommonName: pulumi.String(\"san1.example.com\"),\n\t\t\t\t\t\tCountryCode: pulumi.String(\"us\"),\n\t\t\t\t\t\tOrganization: pulumi.String(\"google\"),\n\t\t\t\t\t\tOrganizationalUnit: pulumi.String(\"enterprise\"),\n\t\t\t\t\t\tLocality: pulumi.String(\"mountain view\"),\n\t\t\t\t\t\tProvince: pulumi.String(\"california\"),\n\t\t\t\t\t\tStreetAddress: pulumi.String(\"1600 amphitheatre parkway\"),\n\t\t\t\t\t\tPostalCode: pulumi.String(\"94109\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tSubjectKeyId: \u0026certificateauthority.CertificateConfigSubjectKeyIdArgs{\n\t\t\t\t\tKeyId: pulumi.String(\"4cf3372289b1d411b999dbb9ebcd44744b6b2fca\"),\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.CertificateConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.CertificateConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.CertificateConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tPublicKey: \u0026certificateauthority.CertificateConfigPublicKeyArgs{\n\t\t\t\t\tFormat: pulumi.String(\"PEM\"),\n\t\t\t\t\tKey: pulumi.String(invokeFilebase64.Result),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdefaultAuthority,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPool;\nimport com.pulumi.gcp.certificateauthority.CaPoolArgs;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport com.pulumi.gcp.certificateauthority.Certificate;\nimport com.pulumi.gcp.certificateauthority.CertificateArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigSubjectKeyIdArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigPublicKeyArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new CaPool(\"default\", CaPoolArgs.builder()\n .location(\"us-central1\")\n .name(\"my-pool\")\n .tier(\"ENTERPRISE\")\n .build());\n\n var defaultAuthority = new Authority(\"defaultAuthority\", AuthorityArgs.builder()\n .location(\"us-central1\")\n .pool(default_.name())\n .certificateAuthorityId(\"my-authority\")\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"HashiCorp\")\n .commonName(\"my-certificate-authority\")\n .build())\n .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()\n .dnsNames(\"hashicorp.com\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .digitalSignature(true)\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(true)\n .build())\n .build())\n .build())\n .build())\n .lifetime(\"86400s\")\n .keySpec(AuthorityKeySpecArgs.builder()\n .algorithm(\"RSA_PKCS1_4096_SHA256\")\n .build())\n .deletionProtection(false)\n .skipGracePeriod(true)\n .ignoreActiveCertificatesOnDeletion(true)\n .build());\n\n var defaultCertificate = new Certificate(\"defaultCertificate\", CertificateArgs.builder()\n .location(\"us-central1\")\n .pool(default_.name())\n .name(\"my-certificate\")\n .lifetime(\"860s\")\n .config(CertificateConfigArgs.builder()\n .subjectConfig(CertificateConfigSubjectConfigArgs.builder()\n .subject(CertificateConfigSubjectConfigSubjectArgs.builder()\n .commonName(\"san1.example.com\")\n .countryCode(\"us\")\n .organization(\"google\")\n .organizationalUnit(\"enterprise\")\n .locality(\"mountain view\")\n .province(\"california\")\n .streetAddress(\"1600 amphitheatre parkway\")\n .postalCode(\"94109\")\n .build())\n .build())\n .subjectKeyId(CertificateConfigSubjectKeyIdArgs.builder()\n .keyId(\"4cf3372289b1d411b999dbb9ebcd44744b6b2fca\")\n .build())\n .x509Config(CertificateConfigX509ConfigArgs.builder()\n .caOptions(CertificateConfigX509ConfigCaOptionsArgs.builder()\n .isCa(false)\n .build())\n .keyUsage(CertificateConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .crlSign(true)\n .build())\n .extendedKeyUsage(CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(true)\n .build())\n .build())\n .build())\n .publicKey(CertificateConfigPublicKeyArgs.builder()\n .format(\"PEM\")\n .key(StdFunctions.filebase64(Filebase64Args.builder()\n .input(\"test-fixtures/rsa_public.pem\")\n .build()).result())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(defaultAuthority)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificateauthority:CaPool\n properties:\n location: us-central1\n name: my-pool\n tier: ENTERPRISE\n defaultAuthority:\n type: gcp:certificateauthority:Authority\n name: default\n properties:\n location: us-central1\n pool: ${default.name}\n certificateAuthorityId: my-authority\n config:\n subjectConfig:\n subject:\n organization: HashiCorp\n commonName: my-certificate-authority\n subjectAltName:\n dnsNames:\n - hashicorp.com\n x509Config:\n caOptions:\n isCa: true\n keyUsage:\n baseKeyUsage:\n digitalSignature: true\n certSign: true\n crlSign: true\n extendedKeyUsage:\n serverAuth: true\n lifetime: 86400s\n keySpec:\n algorithm: RSA_PKCS1_4096_SHA256\n deletionProtection: false\n skipGracePeriod: true\n ignoreActiveCertificatesOnDeletion: true\n defaultCertificate:\n type: gcp:certificateauthority:Certificate\n name: default\n properties:\n location: us-central1\n pool: ${default.name}\n name: my-certificate\n lifetime: 860s\n config:\n subjectConfig:\n subject:\n commonName: san1.example.com\n countryCode: us\n organization: google\n organizationalUnit: enterprise\n locality: mountain view\n province: california\n streetAddress: 1600 amphitheatre parkway\n postalCode: '94109'\n subjectKeyId:\n keyId: 4cf3372289b1d411b999dbb9ebcd44744b6b2fca\n x509Config:\n caOptions:\n isCa: false\n keyUsage:\n baseKeyUsage:\n crlSign: true\n extendedKeyUsage:\n serverAuth: true\n publicKey:\n format: PEM\n key:\n fn::invoke:\n Function: std:filebase64\n Arguments:\n input: test-fixtures/rsa_public.pem\n Return: result\n options:\n dependson:\n - ${defaultAuthority}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nCertificate can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificates/{{name}}`\n\n* `{{project}}/{{location}}/{{pool}}/{{name}}`\n\n* `{{location}}/{{pool}}/{{name}}`\n\nWhen using the `pulumi import` command, Certificate can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:certificateauthority/certificate:Certificate default projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificates/{{name}}\n```\n\n```sh\n$ pulumi import gcp:certificateauthority/certificate:Certificate default {{project}}/{{location}}/{{pool}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:certificateauthority/certificate:Certificate default {{location}}/{{pool}}/{{name}}\n```\n\n", + "description": "A Certificate corresponds to a signed X.509 certificate issued by a Certificate.\n\n\n\u003e **Note:** The Certificate Authority that is referenced by this resource **must** be\n`tier = \"ENTERPRISE\"`\n\n\n\n## Example Usage\n\n### Privateca Certificate Generated Key\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\nimport * as tls from \"@pulumi/tls\";\n\nconst _default = new gcp.certificateauthority.CaPool(\"default\", {\n location: \"us-central1\",\n name: \"default\",\n tier: \"ENTERPRISE\",\n});\nconst defaultAuthority = new gcp.certificateauthority.Authority(\"default\", {\n location: \"us-central1\",\n pool: _default.name,\n certificateAuthorityId: \"my-authority\",\n config: {\n subjectConfig: {\n subject: {\n organization: \"HashiCorp\",\n commonName: \"my-certificate-authority\",\n },\n subjectAltName: {\n dnsNames: [\"hashicorp.com\"],\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {\n serverAuth: true,\n },\n },\n },\n },\n keySpec: {\n algorithm: \"RSA_PKCS1_4096_SHA256\",\n },\n deletionProtection: false,\n skipGracePeriod: true,\n ignoreActiveCertificatesOnDeletion: true,\n});\nconst certKey = new tls.PrivateKey(\"cert_key\", {algorithm: \"RSA\"});\nconst defaultCertificate = new gcp.certificateauthority.Certificate(\"default\", {\n location: \"us-central1\",\n pool: _default.name,\n certificateAuthority: defaultAuthority.certificateAuthorityId,\n lifetime: \"86000s\",\n name: \"cert-1\",\n config: {\n subjectConfig: {\n subject: {\n commonName: \"san1.example.com\",\n countryCode: \"us\",\n organization: \"google\",\n organizationalUnit: \"enterprise\",\n locality: \"mountain view\",\n province: \"california\",\n streetAddress: \"1600 amphitheatre parkway\",\n },\n subjectAltName: {\n emailAddresses: [\"email@example.com\"],\n ipAddresses: [\"127.0.0.1\"],\n uris: [\"http://www.ietf.org/rfc/rfc3986.txt\"],\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {\n serverAuth: false,\n },\n },\n nameConstraints: {\n critical: true,\n permittedDnsNames: [\"*.example.com\"],\n excludedDnsNames: [\"*.deny.example.com\"],\n permittedIpRanges: [\"10.0.0.0/8\"],\n excludedIpRanges: [\"10.1.1.0/24\"],\n permittedEmailAddresses: [\".example.com\"],\n excludedEmailAddresses: [\".deny.example.com\"],\n permittedUris: [\".example.com\"],\n excludedUris: [\".deny.example.com\"],\n },\n },\n publicKey: {\n format: \"PEM\",\n key: std.base64encodeOutput({\n input: certKey.publicKeyPem,\n }).apply(invoke =\u003e invoke.result),\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\nimport pulumi_tls as tls\n\ndefault = gcp.certificateauthority.CaPool(\"default\",\n location=\"us-central1\",\n name=\"default\",\n tier=\"ENTERPRISE\")\ndefault_authority = gcp.certificateauthority.Authority(\"default\",\n location=\"us-central1\",\n pool=default.name,\n certificate_authority_id=\"my-authority\",\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"HashiCorp\",\n \"common_name\": \"my-certificate-authority\",\n },\n \"subject_alt_name\": {\n \"dns_names\": [\"hashicorp.com\"],\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {\n \"server_auth\": True,\n },\n },\n },\n },\n key_spec={\n \"algorithm\": \"RSA_PKCS1_4096_SHA256\",\n },\n deletion_protection=False,\n skip_grace_period=True,\n ignore_active_certificates_on_deletion=True)\ncert_key = tls.PrivateKey(\"cert_key\", algorithm=\"RSA\")\ndefault_certificate = gcp.certificateauthority.Certificate(\"default\",\n location=\"us-central1\",\n pool=default.name,\n certificate_authority=default_authority.certificate_authority_id,\n lifetime=\"86000s\",\n name=\"cert-1\",\n config={\n \"subject_config\": {\n \"subject\": {\n \"common_name\": \"san1.example.com\",\n \"country_code\": \"us\",\n \"organization\": \"google\",\n \"organizational_unit\": \"enterprise\",\n \"locality\": \"mountain view\",\n \"province\": \"california\",\n \"street_address\": \"1600 amphitheatre parkway\",\n },\n \"subject_alt_name\": {\n \"email_addresses\": [\"email@example.com\"],\n \"ip_addresses\": [\"127.0.0.1\"],\n \"uris\": [\"http://www.ietf.org/rfc/rfc3986.txt\"],\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {\n \"server_auth\": False,\n },\n },\n \"name_constraints\": {\n \"critical\": True,\n \"permitted_dns_names\": [\"*.example.com\"],\n \"excluded_dns_names\": [\"*.deny.example.com\"],\n \"permitted_ip_ranges\": [\"10.0.0.0/8\"],\n \"excluded_ip_ranges\": [\"10.1.1.0/24\"],\n \"permitted_email_addresses\": [\".example.com\"],\n \"excluded_email_addresses\": [\".deny.example.com\"],\n \"permitted_uris\": [\".example.com\"],\n \"excluded_uris\": [\".deny.example.com\"],\n },\n },\n \"public_key\": {\n \"format\": \"PEM\",\n \"key\": std.base64encode_output(input=cert_key.public_key_pem).apply(lambda invoke: invoke.result),\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\nusing Tls = Pulumi.Tls;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CertificateAuthority.CaPool(\"default\", new()\n {\n Location = \"us-central1\",\n Name = \"default\",\n Tier = \"ENTERPRISE\",\n });\n\n var defaultAuthority = new Gcp.CertificateAuthority.Authority(\"default\", new()\n {\n Location = \"us-central1\",\n Pool = @default.Name,\n CertificateAuthorityId = \"my-authority\",\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"HashiCorp\",\n CommonName = \"my-certificate-authority\",\n },\n SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs\n {\n DnsNames = new[]\n {\n \"hashicorp.com\",\n },\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = true,\n },\n },\n },\n },\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n Algorithm = \"RSA_PKCS1_4096_SHA256\",\n },\n DeletionProtection = false,\n SkipGracePeriod = true,\n IgnoreActiveCertificatesOnDeletion = true,\n });\n\n var certKey = new Tls.PrivateKey(\"cert_key\", new()\n {\n Algorithm = \"RSA\",\n });\n\n var defaultCertificate = new Gcp.CertificateAuthority.Certificate(\"default\", new()\n {\n Location = \"us-central1\",\n Pool = @default.Name,\n CertificateAuthority = defaultAuthority.CertificateAuthorityId,\n Lifetime = \"86000s\",\n Name = \"cert-1\",\n Config = new Gcp.CertificateAuthority.Inputs.CertificateConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.CertificateConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.CertificateConfigSubjectConfigSubjectArgs\n {\n CommonName = \"san1.example.com\",\n CountryCode = \"us\",\n Organization = \"google\",\n OrganizationalUnit = \"enterprise\",\n Locality = \"mountain view\",\n Province = \"california\",\n StreetAddress = \"1600 amphitheatre parkway\",\n },\n SubjectAltName = new Gcp.CertificateAuthority.Inputs.CertificateConfigSubjectConfigSubjectAltNameArgs\n {\n EmailAddresses = new[]\n {\n \"email@example.com\",\n },\n IpAddresses = new[]\n {\n \"127.0.0.1\",\n },\n Uris = new[]\n {\n \"http://www.ietf.org/rfc/rfc3986.txt\",\n },\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = false,\n },\n },\n NameConstraints = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigNameConstraintsArgs\n {\n Critical = true,\n PermittedDnsNames = new[]\n {\n \"*.example.com\",\n },\n ExcludedDnsNames = new[]\n {\n \"*.deny.example.com\",\n },\n PermittedIpRanges = new[]\n {\n \"10.0.0.0/8\",\n },\n ExcludedIpRanges = new[]\n {\n \"10.1.1.0/24\",\n },\n PermittedEmailAddresses = new[]\n {\n \".example.com\",\n },\n ExcludedEmailAddresses = new[]\n {\n \".deny.example.com\",\n },\n PermittedUris = new[]\n {\n \".example.com\",\n },\n ExcludedUris = new[]\n {\n \".deny.example.com\",\n },\n },\n },\n PublicKey = new Gcp.CertificateAuthority.Inputs.CertificateConfigPublicKeyArgs\n {\n Format = \"PEM\",\n Key = Std.Base64encode.Invoke(new()\n {\n Input = certKey.PublicKeyPem,\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi-tls/sdk/v5/go/tls\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPool(ctx, \"default\", \u0026certificateauthority.CaPoolArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"default\"),\n\t\t\tTier: pulumi.String(\"ENTERPRISE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultAuthority, err := certificateauthority.NewAuthority(ctx, \"default\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPool: _default.Name,\n\t\t\tCertificateAuthorityId: pulumi.String(\"my-authority\"),\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"HashiCorp\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-certificate-authority\"),\n\t\t\t\t\t},\n\t\t\t\t\tSubjectAltName: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{\n\t\t\t\t\t\tDnsNames: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"hashicorp.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_PKCS1_4096_SHA256\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tSkipGracePeriod: pulumi.Bool(true),\n\t\t\tIgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcertKey, err := tls.NewPrivateKey(ctx, \"cert_key\", \u0026tls.PrivateKeyArgs{\n\t\t\tAlgorithm: pulumi.String(\"RSA\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificate(ctx, \"default\", \u0026certificateauthority.CertificateArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPool: _default.Name,\n\t\t\tCertificateAuthority: defaultAuthority.CertificateAuthorityId,\n\t\t\tLifetime: pulumi.String(\"86000s\"),\n\t\t\tName: pulumi.String(\"cert-1\"),\n\t\t\tConfig: \u0026certificateauthority.CertificateConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.CertificateConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.CertificateConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tCommonName: pulumi.String(\"san1.example.com\"),\n\t\t\t\t\t\tCountryCode: pulumi.String(\"us\"),\n\t\t\t\t\t\tOrganization: pulumi.String(\"google\"),\n\t\t\t\t\t\tOrganizationalUnit: pulumi.String(\"enterprise\"),\n\t\t\t\t\t\tLocality: pulumi.String(\"mountain view\"),\n\t\t\t\t\t\tProvince: pulumi.String(\"california\"),\n\t\t\t\t\t\tStreetAddress: pulumi.String(\"1600 amphitheatre parkway\"),\n\t\t\t\t\t},\n\t\t\t\t\tSubjectAltName: \u0026certificateauthority.CertificateConfigSubjectConfigSubjectAltNameArgs{\n\t\t\t\t\t\tEmailAddresses: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"email@example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tIpAddresses: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"127.0.0.1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tUris: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"http://www.ietf.org/rfc/rfc3986.txt\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.CertificateConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.CertificateConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.CertificateConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(false),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tNameConstraints: \u0026certificateauthority.CertificateConfigX509ConfigNameConstraintsArgs{\n\t\t\t\t\t\tCritical: pulumi.Bool(true),\n\t\t\t\t\t\tPermittedDnsNames: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"*.example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExcludedDnsNames: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"*.deny.example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tPermittedIpRanges: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"10.0.0.0/8\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExcludedIpRanges: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"10.1.1.0/24\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tPermittedEmailAddresses: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\".example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExcludedEmailAddresses: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\".deny.example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tPermittedUris: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\".example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExcludedUris: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\".deny.example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tPublicKey: \u0026certificateauthority.CertificateConfigPublicKeyArgs{\n\t\t\t\t\tFormat: pulumi.String(\"PEM\"),\n\t\t\t\t\tKey: std.Base64encodeOutput(ctx, std.Base64encodeOutputArgs{\n\t\t\t\t\t\tInput: certKey.PublicKeyPem,\n\t\t\t\t\t}, nil).ApplyT(func(invoke std.Base64encodeResult) (*string, error) {\n\t\t\t\t\t\treturn invoke.Result, nil\n\t\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPool;\nimport com.pulumi.gcp.certificateauthority.CaPoolArgs;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport com.pulumi.tls.PrivateKey;\nimport com.pulumi.tls.PrivateKeyArgs;\nimport com.pulumi.gcp.certificateauthority.Certificate;\nimport com.pulumi.gcp.certificateauthority.CertificateArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigSubjectConfigSubjectAltNameArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigNameConstraintsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigPublicKeyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new CaPool(\"default\", CaPoolArgs.builder()\n .location(\"us-central1\")\n .name(\"default\")\n .tier(\"ENTERPRISE\")\n .build());\n\n var defaultAuthority = new Authority(\"defaultAuthority\", AuthorityArgs.builder()\n .location(\"us-central1\")\n .pool(default_.name())\n .certificateAuthorityId(\"my-authority\")\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"HashiCorp\")\n .commonName(\"my-certificate-authority\")\n .build())\n .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()\n .dnsNames(\"hashicorp.com\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(true)\n .build())\n .build())\n .build())\n .build())\n .keySpec(AuthorityKeySpecArgs.builder()\n .algorithm(\"RSA_PKCS1_4096_SHA256\")\n .build())\n .deletionProtection(false)\n .skipGracePeriod(true)\n .ignoreActiveCertificatesOnDeletion(true)\n .build());\n\n var certKey = new PrivateKey(\"certKey\", PrivateKeyArgs.builder()\n .algorithm(\"RSA\")\n .build());\n\n var defaultCertificate = new Certificate(\"defaultCertificate\", CertificateArgs.builder()\n .location(\"us-central1\")\n .pool(default_.name())\n .certificateAuthority(defaultAuthority.certificateAuthorityId())\n .lifetime(\"86000s\")\n .name(\"cert-1\")\n .config(CertificateConfigArgs.builder()\n .subjectConfig(CertificateConfigSubjectConfigArgs.builder()\n .subject(CertificateConfigSubjectConfigSubjectArgs.builder()\n .commonName(\"san1.example.com\")\n .countryCode(\"us\")\n .organization(\"google\")\n .organizationalUnit(\"enterprise\")\n .locality(\"mountain view\")\n .province(\"california\")\n .streetAddress(\"1600 amphitheatre parkway\")\n .build())\n .subjectAltName(CertificateConfigSubjectConfigSubjectAltNameArgs.builder()\n .emailAddresses(\"email@example.com\")\n .ipAddresses(\"127.0.0.1\")\n .uris(\"http://www.ietf.org/rfc/rfc3986.txt\")\n .build())\n .build())\n .x509Config(CertificateConfigX509ConfigArgs.builder()\n .caOptions(CertificateConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(CertificateConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage(CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(false)\n .build())\n .build())\n .nameConstraints(CertificateConfigX509ConfigNameConstraintsArgs.builder()\n .critical(true)\n .permittedDnsNames(\"*.example.com\")\n .excludedDnsNames(\"*.deny.example.com\")\n .permittedIpRanges(\"10.0.0.0/8\")\n .excludedIpRanges(\"10.1.1.0/24\")\n .permittedEmailAddresses(\".example.com\")\n .excludedEmailAddresses(\".deny.example.com\")\n .permittedUris(\".example.com\")\n .excludedUris(\".deny.example.com\")\n .build())\n .build())\n .publicKey(CertificateConfigPublicKeyArgs.builder()\n .format(\"PEM\")\n .key(StdFunctions.base64encode().applyValue(invoke -\u003e invoke.result()))\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificateauthority:CaPool\n properties:\n location: us-central1\n name: default\n tier: ENTERPRISE\n defaultAuthority:\n type: gcp:certificateauthority:Authority\n name: default\n properties:\n location: us-central1\n pool: ${default.name}\n certificateAuthorityId: my-authority\n config:\n subjectConfig:\n subject:\n organization: HashiCorp\n commonName: my-certificate-authority\n subjectAltName:\n dnsNames:\n - hashicorp.com\n x509Config:\n caOptions:\n isCa: true\n keyUsage:\n baseKeyUsage:\n certSign: true\n crlSign: true\n extendedKeyUsage:\n serverAuth: true\n keySpec:\n algorithm: RSA_PKCS1_4096_SHA256\n deletionProtection: false\n skipGracePeriod: true\n ignoreActiveCertificatesOnDeletion: true\n certKey:\n type: tls:PrivateKey\n name: cert_key\n properties:\n algorithm: RSA\n defaultCertificate:\n type: gcp:certificateauthority:Certificate\n name: default\n properties:\n location: us-central1\n pool: ${default.name}\n certificateAuthority: ${defaultAuthority.certificateAuthorityId}\n lifetime: 86000s\n name: cert-1\n config:\n subjectConfig:\n subject:\n commonName: san1.example.com\n countryCode: us\n organization: google\n organizationalUnit: enterprise\n locality: mountain view\n province: california\n streetAddress: 1600 amphitheatre parkway\n subjectAltName:\n emailAddresses:\n - email@example.com\n ipAddresses:\n - 127.0.0.1\n uris:\n - http://www.ietf.org/rfc/rfc3986.txt\n x509Config:\n caOptions:\n isCa: true\n keyUsage:\n baseKeyUsage:\n certSign: true\n crlSign: true\n extendedKeyUsage:\n serverAuth: false\n nameConstraints:\n critical: true\n permittedDnsNames:\n - '*.example.com'\n excludedDnsNames:\n - '*.deny.example.com'\n permittedIpRanges:\n - 10.0.0.0/8\n excludedIpRanges:\n - 10.1.1.0/24\n permittedEmailAddresses:\n - .example.com\n excludedEmailAddresses:\n - .deny.example.com\n permittedUris:\n - .example.com\n excludedUris:\n - .deny.example.com\n publicKey:\n format: PEM\n key:\n fn::invoke:\n function: std:base64encode\n arguments:\n input: ${certKey.publicKeyPem}\n return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Privateca Certificate With Template\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst _default = new gcp.certificateauthority.CaPool(\"default\", {\n location: \"us-central1\",\n name: \"my-pool\",\n tier: \"ENTERPRISE\",\n});\nconst defaultCertificateTemplate = new gcp.certificateauthority.CertificateTemplate(\"default\", {\n location: \"us-central1\",\n name: \"my-certificate-template\",\n description: \"An updated sample certificate template\",\n identityConstraints: {\n allowSubjectAltNamesPassthrough: true,\n allowSubjectPassthrough: true,\n celExpression: {\n description: \"Always true\",\n expression: \"true\",\n location: \"any.file.anywhere\",\n title: \"Sample expression\",\n },\n },\n passthroughExtensions: {\n additionalExtensions: [{\n objectIdPaths: [\n 1,\n 6,\n ],\n }],\n knownExtensions: [\"EXTENDED_KEY_USAGE\"],\n },\n predefinedValues: {\n additionalExtensions: [{\n objectId: {\n objectIdPaths: [\n 1,\n 6,\n ],\n },\n value: \"c3RyaW5nCg==\",\n critical: true,\n }],\n aiaOcspServers: [\"string\"],\n caOptions: {\n isCa: false,\n maxIssuerPathLength: 6,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: false,\n contentCommitment: true,\n crlSign: false,\n dataEncipherment: true,\n decipherOnly: true,\n digitalSignature: true,\n encipherOnly: true,\n keyAgreement: true,\n keyEncipherment: true,\n },\n extendedKeyUsage: {\n clientAuth: true,\n codeSigning: true,\n emailProtection: true,\n ocspSigning: true,\n serverAuth: true,\n timeStamping: true,\n },\n unknownExtendedKeyUsages: [{\n objectIdPaths: [\n 1,\n 6,\n ],\n }],\n },\n policyIds: [{\n objectIdPaths: [\n 1,\n 6,\n ],\n }],\n },\n});\nconst defaultAuthority = new gcp.certificateauthority.Authority(\"default\", {\n location: \"us-central1\",\n pool: _default.name,\n certificateAuthorityId: \"my-authority\",\n config: {\n subjectConfig: {\n subject: {\n organization: \"HashiCorp\",\n commonName: \"my-certificate-authority\",\n },\n subjectAltName: {\n dnsNames: [\"hashicorp.com\"],\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {\n serverAuth: false,\n },\n },\n },\n },\n keySpec: {\n algorithm: \"RSA_PKCS1_4096_SHA256\",\n },\n deletionProtection: false,\n skipGracePeriod: true,\n ignoreActiveCertificatesOnDeletion: true,\n});\nconst defaultCertificate = new gcp.certificateauthority.Certificate(\"default\", {\n location: \"us-central1\",\n pool: _default.name,\n certificateAuthority: defaultAuthority.certificateAuthorityId,\n name: \"my-certificate\",\n lifetime: \"860s\",\n pemCsr: std.file({\n input: \"test-fixtures/rsa_csr.pem\",\n }).then(invoke =\u003e invoke.result),\n certificateTemplate: defaultCertificateTemplate.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndefault = gcp.certificateauthority.CaPool(\"default\",\n location=\"us-central1\",\n name=\"my-pool\",\n tier=\"ENTERPRISE\")\ndefault_certificate_template = gcp.certificateauthority.CertificateTemplate(\"default\",\n location=\"us-central1\",\n name=\"my-certificate-template\",\n description=\"An updated sample certificate template\",\n identity_constraints={\n \"allow_subject_alt_names_passthrough\": True,\n \"allow_subject_passthrough\": True,\n \"cel_expression\": {\n \"description\": \"Always true\",\n \"expression\": \"true\",\n \"location\": \"any.file.anywhere\",\n \"title\": \"Sample expression\",\n },\n },\n passthrough_extensions={\n \"additional_extensions\": [{\n \"object_id_paths\": [\n 1,\n 6,\n ],\n }],\n \"known_extensions\": [\"EXTENDED_KEY_USAGE\"],\n },\n predefined_values={\n \"additional_extensions\": [{\n \"object_id\": {\n \"object_id_paths\": [\n 1,\n 6,\n ],\n },\n \"value\": \"c3RyaW5nCg==\",\n \"critical\": True,\n }],\n \"aia_ocsp_servers\": [\"string\"],\n \"ca_options\": {\n \"is_ca\": False,\n \"max_issuer_path_length\": 6,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": False,\n \"content_commitment\": True,\n \"crl_sign\": False,\n \"data_encipherment\": True,\n \"decipher_only\": True,\n \"digital_signature\": True,\n \"encipher_only\": True,\n \"key_agreement\": True,\n \"key_encipherment\": True,\n },\n \"extended_key_usage\": {\n \"client_auth\": True,\n \"code_signing\": True,\n \"email_protection\": True,\n \"ocsp_signing\": True,\n \"server_auth\": True,\n \"time_stamping\": True,\n },\n \"unknown_extended_key_usages\": [{\n \"object_id_paths\": [\n 1,\n 6,\n ],\n }],\n },\n \"policy_ids\": [{\n \"object_id_paths\": [\n 1,\n 6,\n ],\n }],\n })\ndefault_authority = gcp.certificateauthority.Authority(\"default\",\n location=\"us-central1\",\n pool=default.name,\n certificate_authority_id=\"my-authority\",\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"HashiCorp\",\n \"common_name\": \"my-certificate-authority\",\n },\n \"subject_alt_name\": {\n \"dns_names\": [\"hashicorp.com\"],\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {\n \"server_auth\": False,\n },\n },\n },\n },\n key_spec={\n \"algorithm\": \"RSA_PKCS1_4096_SHA256\",\n },\n deletion_protection=False,\n skip_grace_period=True,\n ignore_active_certificates_on_deletion=True)\ndefault_certificate = gcp.certificateauthority.Certificate(\"default\",\n location=\"us-central1\",\n pool=default.name,\n certificate_authority=default_authority.certificate_authority_id,\n name=\"my-certificate\",\n lifetime=\"860s\",\n pem_csr=std.file(input=\"test-fixtures/rsa_csr.pem\").result,\n certificate_template=default_certificate_template.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CertificateAuthority.CaPool(\"default\", new()\n {\n Location = \"us-central1\",\n Name = \"my-pool\",\n Tier = \"ENTERPRISE\",\n });\n\n var defaultCertificateTemplate = new Gcp.CertificateAuthority.CertificateTemplate(\"default\", new()\n {\n Location = \"us-central1\",\n Name = \"my-certificate-template\",\n Description = \"An updated sample certificate template\",\n IdentityConstraints = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIdentityConstraintsArgs\n {\n AllowSubjectAltNamesPassthrough = true,\n AllowSubjectPassthrough = true,\n CelExpression = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIdentityConstraintsCelExpressionArgs\n {\n Description = \"Always true\",\n Expression = \"true\",\n Location = \"any.file.anywhere\",\n Title = \"Sample expression\",\n },\n },\n PassthroughExtensions = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePassthroughExtensionsArgs\n {\n AdditionalExtensions = new[]\n {\n new Gcp.CertificateAuthority.Inputs.CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs\n {\n ObjectIdPaths = new[]\n {\n 1,\n 6,\n },\n },\n },\n KnownExtensions = new[]\n {\n \"EXTENDED_KEY_USAGE\",\n },\n },\n PredefinedValues = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesArgs\n {\n AdditionalExtensions = new[]\n {\n new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesAdditionalExtensionArgs\n {\n ObjectId = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs\n {\n ObjectIdPaths = new[]\n {\n 1,\n 6,\n },\n },\n Value = \"c3RyaW5nCg==\",\n Critical = true,\n },\n },\n AiaOcspServers = new[]\n {\n \"string\",\n },\n CaOptions = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesCaOptionsArgs\n {\n IsCa = false,\n MaxIssuerPathLength = 6,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs\n {\n CertSign = false,\n ContentCommitment = true,\n CrlSign = false,\n DataEncipherment = true,\n DecipherOnly = true,\n DigitalSignature = true,\n EncipherOnly = true,\n KeyAgreement = true,\n KeyEncipherment = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs\n {\n ClientAuth = true,\n CodeSigning = true,\n EmailProtection = true,\n OcspSigning = true,\n ServerAuth = true,\n TimeStamping = true,\n },\n UnknownExtendedKeyUsages = new[]\n {\n new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs\n {\n ObjectIdPaths = new[]\n {\n 1,\n 6,\n },\n },\n },\n },\n PolicyIds = new[]\n {\n new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesPolicyIdArgs\n {\n ObjectIdPaths = new[]\n {\n 1,\n 6,\n },\n },\n },\n },\n });\n\n var defaultAuthority = new Gcp.CertificateAuthority.Authority(\"default\", new()\n {\n Location = \"us-central1\",\n Pool = @default.Name,\n CertificateAuthorityId = \"my-authority\",\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"HashiCorp\",\n CommonName = \"my-certificate-authority\",\n },\n SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs\n {\n DnsNames = new[]\n {\n \"hashicorp.com\",\n },\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = false,\n },\n },\n },\n },\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n Algorithm = \"RSA_PKCS1_4096_SHA256\",\n },\n DeletionProtection = false,\n SkipGracePeriod = true,\n IgnoreActiveCertificatesOnDeletion = true,\n });\n\n var defaultCertificate = new Gcp.CertificateAuthority.Certificate(\"default\", new()\n {\n Location = \"us-central1\",\n Pool = @default.Name,\n CertificateAuthority = defaultAuthority.CertificateAuthorityId,\n Name = \"my-certificate\",\n Lifetime = \"860s\",\n PemCsr = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/rsa_csr.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n CertificateTemplate = defaultCertificateTemplate.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPool(ctx, \"default\", \u0026certificateauthority.CaPoolArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"my-pool\"),\n\t\t\tTier: pulumi.String(\"ENTERPRISE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultCertificateTemplate, err := certificateauthority.NewCertificateTemplate(ctx, \"default\", \u0026certificateauthority.CertificateTemplateArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"my-certificate-template\"),\n\t\t\tDescription: pulumi.String(\"An updated sample certificate template\"),\n\t\t\tIdentityConstraints: \u0026certificateauthority.CertificateTemplateIdentityConstraintsArgs{\n\t\t\t\tAllowSubjectAltNamesPassthrough: pulumi.Bool(true),\n\t\t\t\tAllowSubjectPassthrough: pulumi.Bool(true),\n\t\t\t\tCelExpression: \u0026certificateauthority.CertificateTemplateIdentityConstraintsCelExpressionArgs{\n\t\t\t\t\tDescription: pulumi.String(\"Always true\"),\n\t\t\t\t\tExpression: pulumi.String(\"true\"),\n\t\t\t\t\tLocation: pulumi.String(\"any.file.anywhere\"),\n\t\t\t\t\tTitle: pulumi.String(\"Sample expression\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPassthroughExtensions: \u0026certificateauthority.CertificateTemplatePassthroughExtensionsArgs{\n\t\t\t\tAdditionalExtensions: certificateauthority.CertificateTemplatePassthroughExtensionsAdditionalExtensionArray{\n\t\t\t\t\t\u0026certificateauthority.CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs{\n\t\t\t\t\t\tObjectIdPaths: pulumi.IntArray{\n\t\t\t\t\t\t\tpulumi.Int(1),\n\t\t\t\t\t\t\tpulumi.Int(6),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tKnownExtensions: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"EXTENDED_KEY_USAGE\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPredefinedValues: \u0026certificateauthority.CertificateTemplatePredefinedValuesArgs{\n\t\t\t\tAdditionalExtensions: certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionArray{\n\t\t\t\t\t\u0026certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionArgs{\n\t\t\t\t\t\tObjectId: \u0026certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs{\n\t\t\t\t\t\t\tObjectIdPaths: pulumi.IntArray{\n\t\t\t\t\t\t\t\tpulumi.Int(1),\n\t\t\t\t\t\t\t\tpulumi.Int(6),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tValue: pulumi.String(\"c3RyaW5nCg==\"),\n\t\t\t\t\t\tCritical: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tAiaOcspServers: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"string\"),\n\t\t\t\t},\n\t\t\t\tCaOptions: \u0026certificateauthority.CertificateTemplatePredefinedValuesCaOptionsArgs{\n\t\t\t\t\tIsCa: pulumi.Bool(false),\n\t\t\t\t\tMaxIssuerPathLength: pulumi.Int(6),\n\t\t\t\t},\n\t\t\t\tKeyUsage: \u0026certificateauthority.CertificateTemplatePredefinedValuesKeyUsageArgs{\n\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\tCertSign: pulumi.Bool(false),\n\t\t\t\t\t\tContentCommitment: pulumi.Bool(true),\n\t\t\t\t\t\tCrlSign: pulumi.Bool(false),\n\t\t\t\t\t\tDataEncipherment: pulumi.Bool(true),\n\t\t\t\t\t\tDecipherOnly: pulumi.Bool(true),\n\t\t\t\t\t\tDigitalSignature: pulumi.Bool(true),\n\t\t\t\t\t\tEncipherOnly: pulumi.Bool(true),\n\t\t\t\t\t\tKeyAgreement: pulumi.Bool(true),\n\t\t\t\t\t\tKeyEncipherment: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\tClientAuth: pulumi.Bool(true),\n\t\t\t\t\t\tCodeSigning: pulumi.Bool(true),\n\t\t\t\t\t\tEmailProtection: pulumi.Bool(true),\n\t\t\t\t\t\tOcspSigning: pulumi.Bool(true),\n\t\t\t\t\t\tServerAuth: pulumi.Bool(true),\n\t\t\t\t\t\tTimeStamping: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tUnknownExtendedKeyUsages: certificateauthority.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArray{\n\t\t\t\t\t\t\u0026certificateauthority.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tObjectIdPaths: pulumi.IntArray{\n\t\t\t\t\t\t\t\tpulumi.Int(1),\n\t\t\t\t\t\t\t\tpulumi.Int(6),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tPolicyIds: certificateauthority.CertificateTemplatePredefinedValuesPolicyIdArray{\n\t\t\t\t\t\u0026certificateauthority.CertificateTemplatePredefinedValuesPolicyIdArgs{\n\t\t\t\t\t\tObjectIdPaths: pulumi.IntArray{\n\t\t\t\t\t\t\tpulumi.Int(1),\n\t\t\t\t\t\t\tpulumi.Int(6),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultAuthority, err := certificateauthority.NewAuthority(ctx, \"default\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPool: _default.Name,\n\t\t\tCertificateAuthorityId: pulumi.String(\"my-authority\"),\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"HashiCorp\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-certificate-authority\"),\n\t\t\t\t\t},\n\t\t\t\t\tSubjectAltName: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{\n\t\t\t\t\t\tDnsNames: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"hashicorp.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(false),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_PKCS1_4096_SHA256\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tSkipGracePeriod: pulumi.Bool(true),\n\t\t\tIgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/rsa_csr.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificate(ctx, \"default\", \u0026certificateauthority.CertificateArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPool: _default.Name,\n\t\t\tCertificateAuthority: defaultAuthority.CertificateAuthorityId,\n\t\t\tName: pulumi.String(\"my-certificate\"),\n\t\t\tLifetime: pulumi.String(\"860s\"),\n\t\t\tPemCsr: pulumi.String(invokeFile.Result),\n\t\t\tCertificateTemplate: defaultCertificateTemplate.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPool;\nimport com.pulumi.gcp.certificateauthority.CaPoolArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplate;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIdentityConstraintsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIdentityConstraintsCelExpressionArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePassthroughExtensionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport com.pulumi.gcp.certificateauthority.Certificate;\nimport com.pulumi.gcp.certificateauthority.CertificateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new CaPool(\"default\", CaPoolArgs.builder()\n .location(\"us-central1\")\n .name(\"my-pool\")\n .tier(\"ENTERPRISE\")\n .build());\n\n var defaultCertificateTemplate = new CertificateTemplate(\"defaultCertificateTemplate\", CertificateTemplateArgs.builder()\n .location(\"us-central1\")\n .name(\"my-certificate-template\")\n .description(\"An updated sample certificate template\")\n .identityConstraints(CertificateTemplateIdentityConstraintsArgs.builder()\n .allowSubjectAltNamesPassthrough(true)\n .allowSubjectPassthrough(true)\n .celExpression(CertificateTemplateIdentityConstraintsCelExpressionArgs.builder()\n .description(\"Always true\")\n .expression(\"true\")\n .location(\"any.file.anywhere\")\n .title(\"Sample expression\")\n .build())\n .build())\n .passthroughExtensions(CertificateTemplatePassthroughExtensionsArgs.builder()\n .additionalExtensions(CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs.builder()\n .objectIdPaths( \n 1,\n 6)\n .build())\n .knownExtensions(\"EXTENDED_KEY_USAGE\")\n .build())\n .predefinedValues(CertificateTemplatePredefinedValuesArgs.builder()\n .additionalExtensions(CertificateTemplatePredefinedValuesAdditionalExtensionArgs.builder()\n .objectId(CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs.builder()\n .objectIdPaths( \n 1,\n 6)\n .build())\n .value(\"c3RyaW5nCg==\")\n .critical(true)\n .build())\n .aiaOcspServers(\"string\")\n .caOptions(CertificateTemplatePredefinedValuesCaOptionsArgs.builder()\n .isCa(false)\n .maxIssuerPathLength(6)\n .build())\n .keyUsage(CertificateTemplatePredefinedValuesKeyUsageArgs.builder()\n .baseKeyUsage(CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs.builder()\n .certSign(false)\n .contentCommitment(true)\n .crlSign(false)\n .dataEncipherment(true)\n .decipherOnly(true)\n .digitalSignature(true)\n .encipherOnly(true)\n .keyAgreement(true)\n .keyEncipherment(true)\n .build())\n .extendedKeyUsage(CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs.builder()\n .clientAuth(true)\n .codeSigning(true)\n .emailProtection(true)\n .ocspSigning(true)\n .serverAuth(true)\n .timeStamping(true)\n .build())\n .unknownExtendedKeyUsages(CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs.builder()\n .objectIdPaths( \n 1,\n 6)\n .build())\n .build())\n .policyIds(CertificateTemplatePredefinedValuesPolicyIdArgs.builder()\n .objectIdPaths( \n 1,\n 6)\n .build())\n .build())\n .build());\n\n var defaultAuthority = new Authority(\"defaultAuthority\", AuthorityArgs.builder()\n .location(\"us-central1\")\n .pool(default_.name())\n .certificateAuthorityId(\"my-authority\")\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"HashiCorp\")\n .commonName(\"my-certificate-authority\")\n .build())\n .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()\n .dnsNames(\"hashicorp.com\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(false)\n .build())\n .build())\n .build())\n .build())\n .keySpec(AuthorityKeySpecArgs.builder()\n .algorithm(\"RSA_PKCS1_4096_SHA256\")\n .build())\n .deletionProtection(false)\n .skipGracePeriod(true)\n .ignoreActiveCertificatesOnDeletion(true)\n .build());\n\n var defaultCertificate = new Certificate(\"defaultCertificate\", CertificateArgs.builder()\n .location(\"us-central1\")\n .pool(default_.name())\n .certificateAuthority(defaultAuthority.certificateAuthorityId())\n .name(\"my-certificate\")\n .lifetime(\"860s\")\n .pemCsr(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/rsa_csr.pem\")\n .build()).result())\n .certificateTemplate(defaultCertificateTemplate.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificateauthority:CaPool\n properties:\n location: us-central1\n name: my-pool\n tier: ENTERPRISE\n defaultCertificateTemplate:\n type: gcp:certificateauthority:CertificateTemplate\n name: default\n properties:\n location: us-central1\n name: my-certificate-template\n description: An updated sample certificate template\n identityConstraints:\n allowSubjectAltNamesPassthrough: true\n allowSubjectPassthrough: true\n celExpression:\n description: Always true\n expression: 'true'\n location: any.file.anywhere\n title: Sample expression\n passthroughExtensions:\n additionalExtensions:\n - objectIdPaths:\n - 1\n - 6\n knownExtensions:\n - EXTENDED_KEY_USAGE\n predefinedValues:\n additionalExtensions:\n - objectId:\n objectIdPaths:\n - 1\n - 6\n value: c3RyaW5nCg==\n critical: true\n aiaOcspServers:\n - string\n caOptions:\n isCa: false\n maxIssuerPathLength: 6\n keyUsage:\n baseKeyUsage:\n certSign: false\n contentCommitment: true\n crlSign: false\n dataEncipherment: true\n decipherOnly: true\n digitalSignature: true\n encipherOnly: true\n keyAgreement: true\n keyEncipherment: true\n extendedKeyUsage:\n clientAuth: true\n codeSigning: true\n emailProtection: true\n ocspSigning: true\n serverAuth: true\n timeStamping: true\n unknownExtendedKeyUsages:\n - objectIdPaths:\n - 1\n - 6\n policyIds:\n - objectIdPaths:\n - 1\n - 6\n defaultAuthority:\n type: gcp:certificateauthority:Authority\n name: default\n properties:\n location: us-central1\n pool: ${default.name}\n certificateAuthorityId: my-authority\n config:\n subjectConfig:\n subject:\n organization: HashiCorp\n commonName: my-certificate-authority\n subjectAltName:\n dnsNames:\n - hashicorp.com\n x509Config:\n caOptions:\n isCa: true\n keyUsage:\n baseKeyUsage:\n certSign: true\n crlSign: true\n extendedKeyUsage:\n serverAuth: false\n keySpec:\n algorithm: RSA_PKCS1_4096_SHA256\n deletionProtection: false\n skipGracePeriod: true\n ignoreActiveCertificatesOnDeletion: true\n defaultCertificate:\n type: gcp:certificateauthority:Certificate\n name: default\n properties:\n location: us-central1\n pool: ${default.name}\n certificateAuthority: ${defaultAuthority.certificateAuthorityId}\n name: my-certificate\n lifetime: 860s\n pemCsr:\n fn::invoke:\n function: std:file\n arguments:\n input: test-fixtures/rsa_csr.pem\n return: result\n certificateTemplate: ${defaultCertificateTemplate.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Privateca Certificate Csr\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst _default = new gcp.certificateauthority.CaPool(\"default\", {\n location: \"us-central1\",\n name: \"my-pool\",\n tier: \"ENTERPRISE\",\n});\nconst defaultAuthority = new gcp.certificateauthority.Authority(\"default\", {\n location: \"us-central1\",\n pool: _default.name,\n certificateAuthorityId: \"my-authority\",\n config: {\n subjectConfig: {\n subject: {\n organization: \"HashiCorp\",\n commonName: \"my-certificate-authority\",\n },\n subjectAltName: {\n dnsNames: [\"hashicorp.com\"],\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {\n serverAuth: false,\n },\n },\n },\n },\n keySpec: {\n algorithm: \"RSA_PKCS1_4096_SHA256\",\n },\n deletionProtection: false,\n skipGracePeriod: true,\n ignoreActiveCertificatesOnDeletion: true,\n});\nconst defaultCertificate = new gcp.certificateauthority.Certificate(\"default\", {\n location: \"us-central1\",\n pool: _default.name,\n certificateAuthority: defaultAuthority.certificateAuthorityId,\n name: \"my-certificate\",\n lifetime: \"860s\",\n pemCsr: std.file({\n input: \"test-fixtures/rsa_csr.pem\",\n }).then(invoke =\u003e invoke.result),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndefault = gcp.certificateauthority.CaPool(\"default\",\n location=\"us-central1\",\n name=\"my-pool\",\n tier=\"ENTERPRISE\")\ndefault_authority = gcp.certificateauthority.Authority(\"default\",\n location=\"us-central1\",\n pool=default.name,\n certificate_authority_id=\"my-authority\",\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"HashiCorp\",\n \"common_name\": \"my-certificate-authority\",\n },\n \"subject_alt_name\": {\n \"dns_names\": [\"hashicorp.com\"],\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {\n \"server_auth\": False,\n },\n },\n },\n },\n key_spec={\n \"algorithm\": \"RSA_PKCS1_4096_SHA256\",\n },\n deletion_protection=False,\n skip_grace_period=True,\n ignore_active_certificates_on_deletion=True)\ndefault_certificate = gcp.certificateauthority.Certificate(\"default\",\n location=\"us-central1\",\n pool=default.name,\n certificate_authority=default_authority.certificate_authority_id,\n name=\"my-certificate\",\n lifetime=\"860s\",\n pem_csr=std.file(input=\"test-fixtures/rsa_csr.pem\").result)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CertificateAuthority.CaPool(\"default\", new()\n {\n Location = \"us-central1\",\n Name = \"my-pool\",\n Tier = \"ENTERPRISE\",\n });\n\n var defaultAuthority = new Gcp.CertificateAuthority.Authority(\"default\", new()\n {\n Location = \"us-central1\",\n Pool = @default.Name,\n CertificateAuthorityId = \"my-authority\",\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"HashiCorp\",\n CommonName = \"my-certificate-authority\",\n },\n SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs\n {\n DnsNames = new[]\n {\n \"hashicorp.com\",\n },\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = false,\n },\n },\n },\n },\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n Algorithm = \"RSA_PKCS1_4096_SHA256\",\n },\n DeletionProtection = false,\n SkipGracePeriod = true,\n IgnoreActiveCertificatesOnDeletion = true,\n });\n\n var defaultCertificate = new Gcp.CertificateAuthority.Certificate(\"default\", new()\n {\n Location = \"us-central1\",\n Pool = @default.Name,\n CertificateAuthority = defaultAuthority.CertificateAuthorityId,\n Name = \"my-certificate\",\n Lifetime = \"860s\",\n PemCsr = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/rsa_csr.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPool(ctx, \"default\", \u0026certificateauthority.CaPoolArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"my-pool\"),\n\t\t\tTier: pulumi.String(\"ENTERPRISE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultAuthority, err := certificateauthority.NewAuthority(ctx, \"default\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPool: _default.Name,\n\t\t\tCertificateAuthorityId: pulumi.String(\"my-authority\"),\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"HashiCorp\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-certificate-authority\"),\n\t\t\t\t\t},\n\t\t\t\t\tSubjectAltName: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{\n\t\t\t\t\t\tDnsNames: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"hashicorp.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(false),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_PKCS1_4096_SHA256\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tSkipGracePeriod: pulumi.Bool(true),\n\t\t\tIgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/rsa_csr.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificate(ctx, \"default\", \u0026certificateauthority.CertificateArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPool: _default.Name,\n\t\t\tCertificateAuthority: defaultAuthority.CertificateAuthorityId,\n\t\t\tName: pulumi.String(\"my-certificate\"),\n\t\t\tLifetime: pulumi.String(\"860s\"),\n\t\t\tPemCsr: pulumi.String(invokeFile.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPool;\nimport com.pulumi.gcp.certificateauthority.CaPoolArgs;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport com.pulumi.gcp.certificateauthority.Certificate;\nimport com.pulumi.gcp.certificateauthority.CertificateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new CaPool(\"default\", CaPoolArgs.builder()\n .location(\"us-central1\")\n .name(\"my-pool\")\n .tier(\"ENTERPRISE\")\n .build());\n\n var defaultAuthority = new Authority(\"defaultAuthority\", AuthorityArgs.builder()\n .location(\"us-central1\")\n .pool(default_.name())\n .certificateAuthorityId(\"my-authority\")\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"HashiCorp\")\n .commonName(\"my-certificate-authority\")\n .build())\n .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()\n .dnsNames(\"hashicorp.com\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(false)\n .build())\n .build())\n .build())\n .build())\n .keySpec(AuthorityKeySpecArgs.builder()\n .algorithm(\"RSA_PKCS1_4096_SHA256\")\n .build())\n .deletionProtection(false)\n .skipGracePeriod(true)\n .ignoreActiveCertificatesOnDeletion(true)\n .build());\n\n var defaultCertificate = new Certificate(\"defaultCertificate\", CertificateArgs.builder()\n .location(\"us-central1\")\n .pool(default_.name())\n .certificateAuthority(defaultAuthority.certificateAuthorityId())\n .name(\"my-certificate\")\n .lifetime(\"860s\")\n .pemCsr(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/rsa_csr.pem\")\n .build()).result())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificateauthority:CaPool\n properties:\n location: us-central1\n name: my-pool\n tier: ENTERPRISE\n defaultAuthority:\n type: gcp:certificateauthority:Authority\n name: default\n properties:\n location: us-central1\n pool: ${default.name}\n certificateAuthorityId: my-authority\n config:\n subjectConfig:\n subject:\n organization: HashiCorp\n commonName: my-certificate-authority\n subjectAltName:\n dnsNames:\n - hashicorp.com\n x509Config:\n caOptions:\n isCa: true\n keyUsage:\n baseKeyUsage:\n certSign: true\n crlSign: true\n extendedKeyUsage:\n serverAuth: false\n keySpec:\n algorithm: RSA_PKCS1_4096_SHA256\n deletionProtection: false\n skipGracePeriod: true\n ignoreActiveCertificatesOnDeletion: true\n defaultCertificate:\n type: gcp:certificateauthority:Certificate\n name: default\n properties:\n location: us-central1\n pool: ${default.name}\n certificateAuthority: ${defaultAuthority.certificateAuthorityId}\n name: my-certificate\n lifetime: 860s\n pemCsr:\n fn::invoke:\n function: std:file\n arguments:\n input: test-fixtures/rsa_csr.pem\n return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Privateca Certificate No Authority\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst _default = new gcp.certificateauthority.CaPool(\"default\", {\n location: \"us-central1\",\n name: \"my-pool\",\n tier: \"ENTERPRISE\",\n});\nconst defaultAuthority = new gcp.certificateauthority.Authority(\"default\", {\n location: \"us-central1\",\n pool: _default.name,\n certificateAuthorityId: \"my-authority\",\n config: {\n subjectConfig: {\n subject: {\n organization: \"HashiCorp\",\n commonName: \"my-certificate-authority\",\n },\n subjectAltName: {\n dnsNames: [\"hashicorp.com\"],\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n digitalSignature: true,\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {\n serverAuth: true,\n },\n },\n },\n },\n lifetime: \"86400s\",\n keySpec: {\n algorithm: \"RSA_PKCS1_4096_SHA256\",\n },\n deletionProtection: false,\n skipGracePeriod: true,\n ignoreActiveCertificatesOnDeletion: true,\n});\nconst defaultCertificate = new gcp.certificateauthority.Certificate(\"default\", {\n location: \"us-central1\",\n pool: _default.name,\n name: \"my-certificate\",\n lifetime: \"860s\",\n config: {\n subjectConfig: {\n subject: {\n commonName: \"san1.example.com\",\n countryCode: \"us\",\n organization: \"google\",\n organizationalUnit: \"enterprise\",\n locality: \"mountain view\",\n province: \"california\",\n streetAddress: \"1600 amphitheatre parkway\",\n postalCode: \"94109\",\n },\n },\n x509Config: {\n caOptions: {\n isCa: false,\n },\n keyUsage: {\n baseKeyUsage: {\n crlSign: true,\n },\n extendedKeyUsage: {\n serverAuth: true,\n },\n },\n },\n publicKey: {\n format: \"PEM\",\n key: std.filebase64({\n input: \"test-fixtures/rsa_public.pem\",\n }).then(invoke =\u003e invoke.result),\n },\n },\n}, {\n dependsOn: [defaultAuthority],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndefault = gcp.certificateauthority.CaPool(\"default\",\n location=\"us-central1\",\n name=\"my-pool\",\n tier=\"ENTERPRISE\")\ndefault_authority = gcp.certificateauthority.Authority(\"default\",\n location=\"us-central1\",\n pool=default.name,\n certificate_authority_id=\"my-authority\",\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"HashiCorp\",\n \"common_name\": \"my-certificate-authority\",\n },\n \"subject_alt_name\": {\n \"dns_names\": [\"hashicorp.com\"],\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"digital_signature\": True,\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {\n \"server_auth\": True,\n },\n },\n },\n },\n lifetime=\"86400s\",\n key_spec={\n \"algorithm\": \"RSA_PKCS1_4096_SHA256\",\n },\n deletion_protection=False,\n skip_grace_period=True,\n ignore_active_certificates_on_deletion=True)\ndefault_certificate = gcp.certificateauthority.Certificate(\"default\",\n location=\"us-central1\",\n pool=default.name,\n name=\"my-certificate\",\n lifetime=\"860s\",\n config={\n \"subject_config\": {\n \"subject\": {\n \"common_name\": \"san1.example.com\",\n \"country_code\": \"us\",\n \"organization\": \"google\",\n \"organizational_unit\": \"enterprise\",\n \"locality\": \"mountain view\",\n \"province\": \"california\",\n \"street_address\": \"1600 amphitheatre parkway\",\n \"postal_code\": \"94109\",\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": False,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {\n \"server_auth\": True,\n },\n },\n },\n \"public_key\": {\n \"format\": \"PEM\",\n \"key\": std.filebase64(input=\"test-fixtures/rsa_public.pem\").result,\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[default_authority]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CertificateAuthority.CaPool(\"default\", new()\n {\n Location = \"us-central1\",\n Name = \"my-pool\",\n Tier = \"ENTERPRISE\",\n });\n\n var defaultAuthority = new Gcp.CertificateAuthority.Authority(\"default\", new()\n {\n Location = \"us-central1\",\n Pool = @default.Name,\n CertificateAuthorityId = \"my-authority\",\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"HashiCorp\",\n CommonName = \"my-certificate-authority\",\n },\n SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs\n {\n DnsNames = new[]\n {\n \"hashicorp.com\",\n },\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n DigitalSignature = true,\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = true,\n },\n },\n },\n },\n Lifetime = \"86400s\",\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n Algorithm = \"RSA_PKCS1_4096_SHA256\",\n },\n DeletionProtection = false,\n SkipGracePeriod = true,\n IgnoreActiveCertificatesOnDeletion = true,\n });\n\n var defaultCertificate = new Gcp.CertificateAuthority.Certificate(\"default\", new()\n {\n Location = \"us-central1\",\n Pool = @default.Name,\n Name = \"my-certificate\",\n Lifetime = \"860s\",\n Config = new Gcp.CertificateAuthority.Inputs.CertificateConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.CertificateConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.CertificateConfigSubjectConfigSubjectArgs\n {\n CommonName = \"san1.example.com\",\n CountryCode = \"us\",\n Organization = \"google\",\n OrganizationalUnit = \"enterprise\",\n Locality = \"mountain view\",\n Province = \"california\",\n StreetAddress = \"1600 amphitheatre parkway\",\n PostalCode = \"94109\",\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigCaOptionsArgs\n {\n IsCa = false,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CrlSign = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = true,\n },\n },\n },\n PublicKey = new Gcp.CertificateAuthority.Inputs.CertificateConfigPublicKeyArgs\n {\n Format = \"PEM\",\n Key = Std.Filebase64.Invoke(new()\n {\n Input = \"test-fixtures/rsa_public.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n defaultAuthority,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPool(ctx, \"default\", \u0026certificateauthority.CaPoolArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"my-pool\"),\n\t\t\tTier: pulumi.String(\"ENTERPRISE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultAuthority, err := certificateauthority.NewAuthority(ctx, \"default\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPool: _default.Name,\n\t\t\tCertificateAuthorityId: pulumi.String(\"my-authority\"),\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"HashiCorp\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-certificate-authority\"),\n\t\t\t\t\t},\n\t\t\t\t\tSubjectAltName: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{\n\t\t\t\t\t\tDnsNames: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"hashicorp.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tDigitalSignature: pulumi.Bool(true),\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tLifetime: pulumi.String(\"86400s\"),\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_PKCS1_4096_SHA256\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tSkipGracePeriod: pulumi.Bool(true),\n\t\t\tIgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFilebase64, err := std.Filebase64(ctx, \u0026std.Filebase64Args{\n\t\t\tInput: \"test-fixtures/rsa_public.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificate(ctx, \"default\", \u0026certificateauthority.CertificateArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPool: _default.Name,\n\t\t\tName: pulumi.String(\"my-certificate\"),\n\t\t\tLifetime: pulumi.String(\"860s\"),\n\t\t\tConfig: \u0026certificateauthority.CertificateConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.CertificateConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.CertificateConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tCommonName: pulumi.String(\"san1.example.com\"),\n\t\t\t\t\t\tCountryCode: pulumi.String(\"us\"),\n\t\t\t\t\t\tOrganization: pulumi.String(\"google\"),\n\t\t\t\t\t\tOrganizationalUnit: pulumi.String(\"enterprise\"),\n\t\t\t\t\t\tLocality: pulumi.String(\"mountain view\"),\n\t\t\t\t\t\tProvince: pulumi.String(\"california\"),\n\t\t\t\t\t\tStreetAddress: pulumi.String(\"1600 amphitheatre parkway\"),\n\t\t\t\t\t\tPostalCode: pulumi.String(\"94109\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.CertificateConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.CertificateConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.CertificateConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tPublicKey: \u0026certificateauthority.CertificateConfigPublicKeyArgs{\n\t\t\t\t\tFormat: pulumi.String(\"PEM\"),\n\t\t\t\t\tKey: pulumi.String(invokeFilebase64.Result),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdefaultAuthority,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPool;\nimport com.pulumi.gcp.certificateauthority.CaPoolArgs;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport com.pulumi.gcp.certificateauthority.Certificate;\nimport com.pulumi.gcp.certificateauthority.CertificateArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigPublicKeyArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new CaPool(\"default\", CaPoolArgs.builder()\n .location(\"us-central1\")\n .name(\"my-pool\")\n .tier(\"ENTERPRISE\")\n .build());\n\n var defaultAuthority = new Authority(\"defaultAuthority\", AuthorityArgs.builder()\n .location(\"us-central1\")\n .pool(default_.name())\n .certificateAuthorityId(\"my-authority\")\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"HashiCorp\")\n .commonName(\"my-certificate-authority\")\n .build())\n .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()\n .dnsNames(\"hashicorp.com\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .digitalSignature(true)\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(true)\n .build())\n .build())\n .build())\n .build())\n .lifetime(\"86400s\")\n .keySpec(AuthorityKeySpecArgs.builder()\n .algorithm(\"RSA_PKCS1_4096_SHA256\")\n .build())\n .deletionProtection(false)\n .skipGracePeriod(true)\n .ignoreActiveCertificatesOnDeletion(true)\n .build());\n\n var defaultCertificate = new Certificate(\"defaultCertificate\", CertificateArgs.builder()\n .location(\"us-central1\")\n .pool(default_.name())\n .name(\"my-certificate\")\n .lifetime(\"860s\")\n .config(CertificateConfigArgs.builder()\n .subjectConfig(CertificateConfigSubjectConfigArgs.builder()\n .subject(CertificateConfigSubjectConfigSubjectArgs.builder()\n .commonName(\"san1.example.com\")\n .countryCode(\"us\")\n .organization(\"google\")\n .organizationalUnit(\"enterprise\")\n .locality(\"mountain view\")\n .province(\"california\")\n .streetAddress(\"1600 amphitheatre parkway\")\n .postalCode(\"94109\")\n .build())\n .build())\n .x509Config(CertificateConfigX509ConfigArgs.builder()\n .caOptions(CertificateConfigX509ConfigCaOptionsArgs.builder()\n .isCa(false)\n .build())\n .keyUsage(CertificateConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .crlSign(true)\n .build())\n .extendedKeyUsage(CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(true)\n .build())\n .build())\n .build())\n .publicKey(CertificateConfigPublicKeyArgs.builder()\n .format(\"PEM\")\n .key(StdFunctions.filebase64(Filebase64Args.builder()\n .input(\"test-fixtures/rsa_public.pem\")\n .build()).result())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(defaultAuthority)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificateauthority:CaPool\n properties:\n location: us-central1\n name: my-pool\n tier: ENTERPRISE\n defaultAuthority:\n type: gcp:certificateauthority:Authority\n name: default\n properties:\n location: us-central1\n pool: ${default.name}\n certificateAuthorityId: my-authority\n config:\n subjectConfig:\n subject:\n organization: HashiCorp\n commonName: my-certificate-authority\n subjectAltName:\n dnsNames:\n - hashicorp.com\n x509Config:\n caOptions:\n isCa: true\n keyUsage:\n baseKeyUsage:\n digitalSignature: true\n certSign: true\n crlSign: true\n extendedKeyUsage:\n serverAuth: true\n lifetime: 86400s\n keySpec:\n algorithm: RSA_PKCS1_4096_SHA256\n deletionProtection: false\n skipGracePeriod: true\n ignoreActiveCertificatesOnDeletion: true\n defaultCertificate:\n type: gcp:certificateauthority:Certificate\n name: default\n properties:\n location: us-central1\n pool: ${default.name}\n name: my-certificate\n lifetime: 860s\n config:\n subjectConfig:\n subject:\n commonName: san1.example.com\n countryCode: us\n organization: google\n organizationalUnit: enterprise\n locality: mountain view\n province: california\n streetAddress: 1600 amphitheatre parkway\n postalCode: '94109'\n x509Config:\n caOptions:\n isCa: false\n keyUsage:\n baseKeyUsage:\n crlSign: true\n extendedKeyUsage:\n serverAuth: true\n publicKey:\n format: PEM\n key:\n fn::invoke:\n function: std:filebase64\n arguments:\n input: test-fixtures/rsa_public.pem\n return: result\n options:\n dependsOn:\n - ${defaultAuthority}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Privateca Certificate Custom Ski\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst _default = new gcp.certificateauthority.CaPool(\"default\", {\n location: \"us-central1\",\n name: \"my-pool\",\n tier: \"ENTERPRISE\",\n});\nconst defaultAuthority = new gcp.certificateauthority.Authority(\"default\", {\n location: \"us-central1\",\n pool: _default.name,\n certificateAuthorityId: \"my-authority\",\n config: {\n subjectConfig: {\n subject: {\n organization: \"HashiCorp\",\n commonName: \"my-certificate-authority\",\n },\n subjectAltName: {\n dnsNames: [\"hashicorp.com\"],\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n digitalSignature: true,\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {\n serverAuth: true,\n },\n },\n },\n },\n lifetime: \"86400s\",\n keySpec: {\n algorithm: \"RSA_PKCS1_4096_SHA256\",\n },\n deletionProtection: false,\n skipGracePeriod: true,\n ignoreActiveCertificatesOnDeletion: true,\n});\nconst defaultCertificate = new gcp.certificateauthority.Certificate(\"default\", {\n location: \"us-central1\",\n pool: _default.name,\n name: \"my-certificate\",\n lifetime: \"860s\",\n config: {\n subjectConfig: {\n subject: {\n commonName: \"san1.example.com\",\n countryCode: \"us\",\n organization: \"google\",\n organizationalUnit: \"enterprise\",\n locality: \"mountain view\",\n province: \"california\",\n streetAddress: \"1600 amphitheatre parkway\",\n postalCode: \"94109\",\n },\n },\n subjectKeyId: {\n keyId: \"4cf3372289b1d411b999dbb9ebcd44744b6b2fca\",\n },\n x509Config: {\n caOptions: {\n isCa: false,\n },\n keyUsage: {\n baseKeyUsage: {\n crlSign: true,\n },\n extendedKeyUsage: {\n serverAuth: true,\n },\n },\n },\n publicKey: {\n format: \"PEM\",\n key: std.filebase64({\n input: \"test-fixtures/rsa_public.pem\",\n }).then(invoke =\u003e invoke.result),\n },\n },\n}, {\n dependsOn: [defaultAuthority],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndefault = gcp.certificateauthority.CaPool(\"default\",\n location=\"us-central1\",\n name=\"my-pool\",\n tier=\"ENTERPRISE\")\ndefault_authority = gcp.certificateauthority.Authority(\"default\",\n location=\"us-central1\",\n pool=default.name,\n certificate_authority_id=\"my-authority\",\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"HashiCorp\",\n \"common_name\": \"my-certificate-authority\",\n },\n \"subject_alt_name\": {\n \"dns_names\": [\"hashicorp.com\"],\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"digital_signature\": True,\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {\n \"server_auth\": True,\n },\n },\n },\n },\n lifetime=\"86400s\",\n key_spec={\n \"algorithm\": \"RSA_PKCS1_4096_SHA256\",\n },\n deletion_protection=False,\n skip_grace_period=True,\n ignore_active_certificates_on_deletion=True)\ndefault_certificate = gcp.certificateauthority.Certificate(\"default\",\n location=\"us-central1\",\n pool=default.name,\n name=\"my-certificate\",\n lifetime=\"860s\",\n config={\n \"subject_config\": {\n \"subject\": {\n \"common_name\": \"san1.example.com\",\n \"country_code\": \"us\",\n \"organization\": \"google\",\n \"organizational_unit\": \"enterprise\",\n \"locality\": \"mountain view\",\n \"province\": \"california\",\n \"street_address\": \"1600 amphitheatre parkway\",\n \"postal_code\": \"94109\",\n },\n },\n \"subject_key_id\": {\n \"key_id\": \"4cf3372289b1d411b999dbb9ebcd44744b6b2fca\",\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": False,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {\n \"server_auth\": True,\n },\n },\n },\n \"public_key\": {\n \"format\": \"PEM\",\n \"key\": std.filebase64(input=\"test-fixtures/rsa_public.pem\").result,\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[default_authority]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CertificateAuthority.CaPool(\"default\", new()\n {\n Location = \"us-central1\",\n Name = \"my-pool\",\n Tier = \"ENTERPRISE\",\n });\n\n var defaultAuthority = new Gcp.CertificateAuthority.Authority(\"default\", new()\n {\n Location = \"us-central1\",\n Pool = @default.Name,\n CertificateAuthorityId = \"my-authority\",\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"HashiCorp\",\n CommonName = \"my-certificate-authority\",\n },\n SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs\n {\n DnsNames = new[]\n {\n \"hashicorp.com\",\n },\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n DigitalSignature = true,\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = true,\n },\n },\n },\n },\n Lifetime = \"86400s\",\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n Algorithm = \"RSA_PKCS1_4096_SHA256\",\n },\n DeletionProtection = false,\n SkipGracePeriod = true,\n IgnoreActiveCertificatesOnDeletion = true,\n });\n\n var defaultCertificate = new Gcp.CertificateAuthority.Certificate(\"default\", new()\n {\n Location = \"us-central1\",\n Pool = @default.Name,\n Name = \"my-certificate\",\n Lifetime = \"860s\",\n Config = new Gcp.CertificateAuthority.Inputs.CertificateConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.CertificateConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.CertificateConfigSubjectConfigSubjectArgs\n {\n CommonName = \"san1.example.com\",\n CountryCode = \"us\",\n Organization = \"google\",\n OrganizationalUnit = \"enterprise\",\n Locality = \"mountain view\",\n Province = \"california\",\n StreetAddress = \"1600 amphitheatre parkway\",\n PostalCode = \"94109\",\n },\n },\n SubjectKeyId = new Gcp.CertificateAuthority.Inputs.CertificateConfigSubjectKeyIdArgs\n {\n KeyId = \"4cf3372289b1d411b999dbb9ebcd44744b6b2fca\",\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigCaOptionsArgs\n {\n IsCa = false,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CrlSign = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = true,\n },\n },\n },\n PublicKey = new Gcp.CertificateAuthority.Inputs.CertificateConfigPublicKeyArgs\n {\n Format = \"PEM\",\n Key = Std.Filebase64.Invoke(new()\n {\n Input = \"test-fixtures/rsa_public.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n defaultAuthority,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPool(ctx, \"default\", \u0026certificateauthority.CaPoolArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"my-pool\"),\n\t\t\tTier: pulumi.String(\"ENTERPRISE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultAuthority, err := certificateauthority.NewAuthority(ctx, \"default\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPool: _default.Name,\n\t\t\tCertificateAuthorityId: pulumi.String(\"my-authority\"),\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"HashiCorp\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-certificate-authority\"),\n\t\t\t\t\t},\n\t\t\t\t\tSubjectAltName: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{\n\t\t\t\t\t\tDnsNames: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"hashicorp.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tDigitalSignature: pulumi.Bool(true),\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tLifetime: pulumi.String(\"86400s\"),\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_PKCS1_4096_SHA256\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tSkipGracePeriod: pulumi.Bool(true),\n\t\t\tIgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFilebase64, err := std.Filebase64(ctx, \u0026std.Filebase64Args{\n\t\t\tInput: \"test-fixtures/rsa_public.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificate(ctx, \"default\", \u0026certificateauthority.CertificateArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPool: _default.Name,\n\t\t\tName: pulumi.String(\"my-certificate\"),\n\t\t\tLifetime: pulumi.String(\"860s\"),\n\t\t\tConfig: \u0026certificateauthority.CertificateConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.CertificateConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.CertificateConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tCommonName: pulumi.String(\"san1.example.com\"),\n\t\t\t\t\t\tCountryCode: pulumi.String(\"us\"),\n\t\t\t\t\t\tOrganization: pulumi.String(\"google\"),\n\t\t\t\t\t\tOrganizationalUnit: pulumi.String(\"enterprise\"),\n\t\t\t\t\t\tLocality: pulumi.String(\"mountain view\"),\n\t\t\t\t\t\tProvince: pulumi.String(\"california\"),\n\t\t\t\t\t\tStreetAddress: pulumi.String(\"1600 amphitheatre parkway\"),\n\t\t\t\t\t\tPostalCode: pulumi.String(\"94109\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tSubjectKeyId: \u0026certificateauthority.CertificateConfigSubjectKeyIdArgs{\n\t\t\t\t\tKeyId: pulumi.String(\"4cf3372289b1d411b999dbb9ebcd44744b6b2fca\"),\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.CertificateConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.CertificateConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.CertificateConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tPublicKey: \u0026certificateauthority.CertificateConfigPublicKeyArgs{\n\t\t\t\t\tFormat: pulumi.String(\"PEM\"),\n\t\t\t\t\tKey: pulumi.String(invokeFilebase64.Result),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdefaultAuthority,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPool;\nimport com.pulumi.gcp.certificateauthority.CaPoolArgs;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport com.pulumi.gcp.certificateauthority.Certificate;\nimport com.pulumi.gcp.certificateauthority.CertificateArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigSubjectKeyIdArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateConfigPublicKeyArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new CaPool(\"default\", CaPoolArgs.builder()\n .location(\"us-central1\")\n .name(\"my-pool\")\n .tier(\"ENTERPRISE\")\n .build());\n\n var defaultAuthority = new Authority(\"defaultAuthority\", AuthorityArgs.builder()\n .location(\"us-central1\")\n .pool(default_.name())\n .certificateAuthorityId(\"my-authority\")\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"HashiCorp\")\n .commonName(\"my-certificate-authority\")\n .build())\n .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()\n .dnsNames(\"hashicorp.com\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .digitalSignature(true)\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(true)\n .build())\n .build())\n .build())\n .build())\n .lifetime(\"86400s\")\n .keySpec(AuthorityKeySpecArgs.builder()\n .algorithm(\"RSA_PKCS1_4096_SHA256\")\n .build())\n .deletionProtection(false)\n .skipGracePeriod(true)\n .ignoreActiveCertificatesOnDeletion(true)\n .build());\n\n var defaultCertificate = new Certificate(\"defaultCertificate\", CertificateArgs.builder()\n .location(\"us-central1\")\n .pool(default_.name())\n .name(\"my-certificate\")\n .lifetime(\"860s\")\n .config(CertificateConfigArgs.builder()\n .subjectConfig(CertificateConfigSubjectConfigArgs.builder()\n .subject(CertificateConfigSubjectConfigSubjectArgs.builder()\n .commonName(\"san1.example.com\")\n .countryCode(\"us\")\n .organization(\"google\")\n .organizationalUnit(\"enterprise\")\n .locality(\"mountain view\")\n .province(\"california\")\n .streetAddress(\"1600 amphitheatre parkway\")\n .postalCode(\"94109\")\n .build())\n .build())\n .subjectKeyId(CertificateConfigSubjectKeyIdArgs.builder()\n .keyId(\"4cf3372289b1d411b999dbb9ebcd44744b6b2fca\")\n .build())\n .x509Config(CertificateConfigX509ConfigArgs.builder()\n .caOptions(CertificateConfigX509ConfigCaOptionsArgs.builder()\n .isCa(false)\n .build())\n .keyUsage(CertificateConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .crlSign(true)\n .build())\n .extendedKeyUsage(CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(true)\n .build())\n .build())\n .build())\n .publicKey(CertificateConfigPublicKeyArgs.builder()\n .format(\"PEM\")\n .key(StdFunctions.filebase64(Filebase64Args.builder()\n .input(\"test-fixtures/rsa_public.pem\")\n .build()).result())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(defaultAuthority)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificateauthority:CaPool\n properties:\n location: us-central1\n name: my-pool\n tier: ENTERPRISE\n defaultAuthority:\n type: gcp:certificateauthority:Authority\n name: default\n properties:\n location: us-central1\n pool: ${default.name}\n certificateAuthorityId: my-authority\n config:\n subjectConfig:\n subject:\n organization: HashiCorp\n commonName: my-certificate-authority\n subjectAltName:\n dnsNames:\n - hashicorp.com\n x509Config:\n caOptions:\n isCa: true\n keyUsage:\n baseKeyUsage:\n digitalSignature: true\n certSign: true\n crlSign: true\n extendedKeyUsage:\n serverAuth: true\n lifetime: 86400s\n keySpec:\n algorithm: RSA_PKCS1_4096_SHA256\n deletionProtection: false\n skipGracePeriod: true\n ignoreActiveCertificatesOnDeletion: true\n defaultCertificate:\n type: gcp:certificateauthority:Certificate\n name: default\n properties:\n location: us-central1\n pool: ${default.name}\n name: my-certificate\n lifetime: 860s\n config:\n subjectConfig:\n subject:\n commonName: san1.example.com\n countryCode: us\n organization: google\n organizationalUnit: enterprise\n locality: mountain view\n province: california\n streetAddress: 1600 amphitheatre parkway\n postalCode: '94109'\n subjectKeyId:\n keyId: 4cf3372289b1d411b999dbb9ebcd44744b6b2fca\n x509Config:\n caOptions:\n isCa: false\n keyUsage:\n baseKeyUsage:\n crlSign: true\n extendedKeyUsage:\n serverAuth: true\n publicKey:\n format: PEM\n key:\n fn::invoke:\n function: std:filebase64\n arguments:\n input: test-fixtures/rsa_public.pem\n return: result\n options:\n dependsOn:\n - ${defaultAuthority}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nCertificate can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificates/{{name}}`\n\n* `{{project}}/{{location}}/{{pool}}/{{name}}`\n\n* `{{location}}/{{pool}}/{{name}}`\n\nWhen using the `pulumi import` command, Certificate can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:certificateauthority/certificate:Certificate default projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificates/{{name}}\n```\n\n```sh\n$ pulumi import gcp:certificateauthority/certificate:Certificate default {{project}}/{{location}}/{{pool}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:certificateauthority/certificate:Certificate default {{location}}/{{pool}}/{{name}}\n```\n\n", "properties": { "certificateAuthority": { "type": "string", @@ -147963,7 +147963,7 @@ } }, "gcp:certificateauthority/certificateTemplateIamBinding:CertificateTemplateIamBinding": { - "description": "Three different resources help you manage your IAM policy for Certificate Authority Service CertificateTemplate. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Authoritative. Sets the IAM policy for the certificatetemplate and replaces any existing policy already attached.\n* `gcp.certificateauthority.CertificateTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the certificatetemplate are preserved.\n* `gcp.certificateauthority.CertificateTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the certificatetemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Retrieves the IAM policy for the certificatetemplate\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CertificateTemplateIamBinding` and `gcp.certificateauthority.CertificateTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CertificateTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.certificateauthority.CertificateTemplateIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.templateUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder()\n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.templateUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder()\n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CertificateTemplateIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(CertificateTemplateIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CertificateTemplateIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .condition(CertificateTemplateIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Certificate Authority Service CertificateTemplate\nThree different resources help you manage your IAM policy for Certificate Authority Service CertificateTemplate. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Authoritative. Sets the IAM policy for the certificatetemplate and replaces any existing policy already attached.\n* `gcp.certificateauthority.CertificateTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the certificatetemplate are preserved.\n* `gcp.certificateauthority.CertificateTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the certificatetemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Retrieves the IAM policy for the certificatetemplate\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CertificateTemplateIamBinding` and `gcp.certificateauthority.CertificateTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CertificateTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.certificateauthority.CertificateTemplateIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.templateUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder()\n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.templateUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder()\n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CertificateTemplateIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(CertificateTemplateIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CertificateTemplateIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .condition(CertificateTemplateIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/certificateTemplates/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCertificate Authority Service certificatetemplate IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamBinding:CertificateTemplateIamBinding editor \"projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}} roles/privateca.templateUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamBinding:CertificateTemplateIamBinding editor \"projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}} roles/privateca.templateUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamBinding:CertificateTemplateIamBinding editor projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Certificate Authority Service CertificateTemplate. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Authoritative. Sets the IAM policy for the certificatetemplate and replaces any existing policy already attached.\n* `gcp.certificateauthority.CertificateTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the certificatetemplate are preserved.\n* `gcp.certificateauthority.CertificateTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the certificatetemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Retrieves the IAM policy for the certificatetemplate\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CertificateTemplateIamBinding` and `gcp.certificateauthority.CertificateTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CertificateTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.certificateauthority.CertificateTemplateIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.templateUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder()\n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.templateUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder()\n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CertificateTemplateIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(CertificateTemplateIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CertificateTemplateIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .condition(CertificateTemplateIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Certificate Authority Service CertificateTemplate\nThree different resources help you manage your IAM policy for Certificate Authority Service CertificateTemplate. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Authoritative. Sets the IAM policy for the certificatetemplate and replaces any existing policy already attached.\n* `gcp.certificateauthority.CertificateTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the certificatetemplate are preserved.\n* `gcp.certificateauthority.CertificateTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the certificatetemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Retrieves the IAM policy for the certificatetemplate\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CertificateTemplateIamBinding` and `gcp.certificateauthority.CertificateTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CertificateTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.certificateauthority.CertificateTemplateIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.templateUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder()\n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.templateUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder()\n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CertificateTemplateIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(CertificateTemplateIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CertificateTemplateIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .condition(CertificateTemplateIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/certificateTemplates/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCertificate Authority Service certificatetemplate IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamBinding:CertificateTemplateIamBinding editor \"projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}} roles/privateca.templateUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamBinding:CertificateTemplateIamBinding editor \"projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}} roles/privateca.templateUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamBinding:CertificateTemplateIamBinding editor projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "certificateTemplate": { "type": "string", @@ -148088,7 +148088,7 @@ } }, "gcp:certificateauthority/certificateTemplateIamMember:CertificateTemplateIamMember": { - "description": "Three different resources help you manage your IAM policy for Certificate Authority Service CertificateTemplate. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Authoritative. Sets the IAM policy for the certificatetemplate and replaces any existing policy already attached.\n* `gcp.certificateauthority.CertificateTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the certificatetemplate are preserved.\n* `gcp.certificateauthority.CertificateTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the certificatetemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Retrieves the IAM policy for the certificatetemplate\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CertificateTemplateIamBinding` and `gcp.certificateauthority.CertificateTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CertificateTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.certificateauthority.CertificateTemplateIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.templateUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder()\n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.templateUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder()\n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CertificateTemplateIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(CertificateTemplateIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CertificateTemplateIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .condition(CertificateTemplateIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Certificate Authority Service CertificateTemplate\nThree different resources help you manage your IAM policy for Certificate Authority Service CertificateTemplate. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Authoritative. Sets the IAM policy for the certificatetemplate and replaces any existing policy already attached.\n* `gcp.certificateauthority.CertificateTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the certificatetemplate are preserved.\n* `gcp.certificateauthority.CertificateTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the certificatetemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Retrieves the IAM policy for the certificatetemplate\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CertificateTemplateIamBinding` and `gcp.certificateauthority.CertificateTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CertificateTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.certificateauthority.CertificateTemplateIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.templateUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder()\n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.templateUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder()\n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CertificateTemplateIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(CertificateTemplateIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CertificateTemplateIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .condition(CertificateTemplateIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/certificateTemplates/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCertificate Authority Service certificatetemplate IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamMember:CertificateTemplateIamMember editor \"projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}} roles/privateca.templateUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamMember:CertificateTemplateIamMember editor \"projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}} roles/privateca.templateUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamMember:CertificateTemplateIamMember editor projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Certificate Authority Service CertificateTemplate. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Authoritative. Sets the IAM policy for the certificatetemplate and replaces any existing policy already attached.\n* `gcp.certificateauthority.CertificateTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the certificatetemplate are preserved.\n* `gcp.certificateauthority.CertificateTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the certificatetemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Retrieves the IAM policy for the certificatetemplate\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CertificateTemplateIamBinding` and `gcp.certificateauthority.CertificateTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CertificateTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.certificateauthority.CertificateTemplateIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.templateUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder()\n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.templateUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder()\n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CertificateTemplateIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(CertificateTemplateIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CertificateTemplateIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .condition(CertificateTemplateIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Certificate Authority Service CertificateTemplate\nThree different resources help you manage your IAM policy for Certificate Authority Service CertificateTemplate. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Authoritative. Sets the IAM policy for the certificatetemplate and replaces any existing policy already attached.\n* `gcp.certificateauthority.CertificateTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the certificatetemplate are preserved.\n* `gcp.certificateauthority.CertificateTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the certificatetemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Retrieves the IAM policy for the certificatetemplate\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CertificateTemplateIamBinding` and `gcp.certificateauthority.CertificateTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CertificateTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.certificateauthority.CertificateTemplateIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.templateUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder()\n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.templateUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder()\n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CertificateTemplateIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(CertificateTemplateIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CertificateTemplateIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .condition(CertificateTemplateIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/certificateTemplates/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCertificate Authority Service certificatetemplate IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamMember:CertificateTemplateIamMember editor \"projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}} roles/privateca.templateUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamMember:CertificateTemplateIamMember editor \"projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}} roles/privateca.templateUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamMember:CertificateTemplateIamMember editor projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "certificateTemplate": { "type": "string", @@ -148206,7 +148206,7 @@ } }, "gcp:certificateauthority/certificateTemplateIamPolicy:CertificateTemplateIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Certificate Authority Service CertificateTemplate. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Authoritative. Sets the IAM policy for the certificatetemplate and replaces any existing policy already attached.\n* `gcp.certificateauthority.CertificateTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the certificatetemplate are preserved.\n* `gcp.certificateauthority.CertificateTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the certificatetemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Retrieves the IAM policy for the certificatetemplate\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CertificateTemplateIamBinding` and `gcp.certificateauthority.CertificateTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CertificateTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.certificateauthority.CertificateTemplateIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.templateUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder()\n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.templateUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder()\n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CertificateTemplateIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(CertificateTemplateIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CertificateTemplateIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .condition(CertificateTemplateIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Certificate Authority Service CertificateTemplate\nThree different resources help you manage your IAM policy for Certificate Authority Service CertificateTemplate. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Authoritative. Sets the IAM policy for the certificatetemplate and replaces any existing policy already attached.\n* `gcp.certificateauthority.CertificateTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the certificatetemplate are preserved.\n* `gcp.certificateauthority.CertificateTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the certificatetemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Retrieves the IAM policy for the certificatetemplate\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CertificateTemplateIamBinding` and `gcp.certificateauthority.CertificateTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CertificateTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.certificateauthority.CertificateTemplateIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.templateUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder()\n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.templateUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder()\n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CertificateTemplateIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(CertificateTemplateIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CertificateTemplateIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .condition(CertificateTemplateIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/certificateTemplates/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCertificate Authority Service certificatetemplate IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamPolicy:CertificateTemplateIamPolicy editor \"projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}} roles/privateca.templateUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamPolicy:CertificateTemplateIamPolicy editor \"projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}} roles/privateca.templateUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamPolicy:CertificateTemplateIamPolicy editor projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Certificate Authority Service CertificateTemplate. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Authoritative. Sets the IAM policy for the certificatetemplate and replaces any existing policy already attached.\n* `gcp.certificateauthority.CertificateTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the certificatetemplate are preserved.\n* `gcp.certificateauthority.CertificateTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the certificatetemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Retrieves the IAM policy for the certificatetemplate\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CertificateTemplateIamBinding` and `gcp.certificateauthority.CertificateTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CertificateTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.certificateauthority.CertificateTemplateIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.templateUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder()\n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.templateUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder()\n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CertificateTemplateIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(CertificateTemplateIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CertificateTemplateIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .condition(CertificateTemplateIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Certificate Authority Service CertificateTemplate\nThree different resources help you manage your IAM policy for Certificate Authority Service CertificateTemplate. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Authoritative. Sets the IAM policy for the certificatetemplate and replaces any existing policy already attached.\n* `gcp.certificateauthority.CertificateTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the certificatetemplate are preserved.\n* `gcp.certificateauthority.CertificateTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the certificatetemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Retrieves the IAM policy for the certificatetemplate\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CertificateTemplateIamBinding` and `gcp.certificateauthority.CertificateTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CertificateTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.certificateauthority.CertificateTemplateIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.templateUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder()\n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/privateca.templateUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder()\n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CertificateTemplateIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(CertificateTemplateIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.certificateauthority.CertificateTemplateIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder()\n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .condition(CertificateTemplateIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/certificateTemplates/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCertificate Authority Service certificatetemplate IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamPolicy:CertificateTemplateIamPolicy editor \"projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}} roles/privateca.templateUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamPolicy:CertificateTemplateIamPolicy editor \"projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}} roles/privateca.templateUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamPolicy:CertificateTemplateIamPolicy editor projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "certificateTemplate": { "type": "string", @@ -148292,7 +148292,7 @@ } }, "gcp:certificatemanager/certificate:Certificate": { - "description": "Certificate represents a HTTP-reachable backend for a Certificate.\n\n\n\n\n\n## Example Usage\n\n### Certificate Manager Google Managed Certificate Dns\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.certificatemanager.DnsAuthorization(\"instance\", {\n name: \"dns-auth\",\n description: \"The default dnss\",\n domain: \"subdomain.hashicorptest.com\",\n});\nconst instance2 = new gcp.certificatemanager.DnsAuthorization(\"instance2\", {\n name: \"dns-auth2\",\n description: \"The default dnss\",\n domain: \"subdomain2.hashicorptest.com\",\n});\nconst _default = new gcp.certificatemanager.Certificate(\"default\", {\n name: \"dns-cert\",\n description: \"The default cert\",\n scope: \"EDGE_CACHE\",\n labels: {\n env: \"test\",\n },\n managed: {\n domains: [\n instance.domain,\n instance2.domain,\n ],\n dnsAuthorizations: [\n instance.id,\n instance2.id,\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.certificatemanager.DnsAuthorization(\"instance\",\n name=\"dns-auth\",\n description=\"The default dnss\",\n domain=\"subdomain.hashicorptest.com\")\ninstance2 = gcp.certificatemanager.DnsAuthorization(\"instance2\",\n name=\"dns-auth2\",\n description=\"The default dnss\",\n domain=\"subdomain2.hashicorptest.com\")\ndefault = gcp.certificatemanager.Certificate(\"default\",\n name=\"dns-cert\",\n description=\"The default cert\",\n scope=\"EDGE_CACHE\",\n labels={\n \"env\": \"test\",\n },\n managed={\n \"domains\": [\n instance.domain,\n instance2.domain,\n ],\n \"dns_authorizations\": [\n instance.id,\n instance2.id,\n ],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.CertificateManager.DnsAuthorization(\"instance\", new()\n {\n Name = \"dns-auth\",\n Description = \"The default dnss\",\n Domain = \"subdomain.hashicorptest.com\",\n });\n\n var instance2 = new Gcp.CertificateManager.DnsAuthorization(\"instance2\", new()\n {\n Name = \"dns-auth2\",\n Description = \"The default dnss\",\n Domain = \"subdomain2.hashicorptest.com\",\n });\n\n var @default = new Gcp.CertificateManager.Certificate(\"default\", new()\n {\n Name = \"dns-cert\",\n Description = \"The default cert\",\n Scope = \"EDGE_CACHE\",\n Labels = \n {\n { \"env\", \"test\" },\n },\n Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs\n {\n Domains = new[]\n {\n instance.Domain,\n instance2.Domain,\n },\n DnsAuthorizations = new[]\n {\n instance.Id,\n instance2.Id,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinstance, err := certificatemanager.NewDnsAuthorization(ctx, \"instance\", \u0026certificatemanager.DnsAuthorizationArgs{\n\t\t\tName: pulumi.String(\"dns-auth\"),\n\t\t\tDescription: pulumi.String(\"The default dnss\"),\n\t\t\tDomain: pulumi.String(\"subdomain.hashicorptest.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstance2, err := certificatemanager.NewDnsAuthorization(ctx, \"instance2\", \u0026certificatemanager.DnsAuthorizationArgs{\n\t\t\tName: pulumi.String(\"dns-auth2\"),\n\t\t\tDescription: pulumi.String(\"The default dnss\"),\n\t\t\tDomain: pulumi.String(\"subdomain2.hashicorptest.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificatemanager.NewCertificate(ctx, \"default\", \u0026certificatemanager.CertificateArgs{\n\t\t\tName: pulumi.String(\"dns-cert\"),\n\t\t\tDescription: pulumi.String(\"The default cert\"),\n\t\t\tScope: pulumi.String(\"EDGE_CACHE\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"env\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t\tManaged: \u0026certificatemanager.CertificateManagedArgs{\n\t\t\t\tDomains: pulumi.StringArray{\n\t\t\t\t\tinstance.Domain,\n\t\t\t\t\tinstance2.Domain,\n\t\t\t\t},\n\t\t\t\tDnsAuthorizations: pulumi.StringArray{\n\t\t\t\t\tinstance.ID(),\n\t\t\t\t\tinstance2.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificatemanager.DnsAuthorization;\nimport com.pulumi.gcp.certificatemanager.DnsAuthorizationArgs;\nimport com.pulumi.gcp.certificatemanager.Certificate;\nimport com.pulumi.gcp.certificatemanager.CertificateArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new DnsAuthorization(\"instance\", DnsAuthorizationArgs.builder()\n .name(\"dns-auth\")\n .description(\"The default dnss\")\n .domain(\"subdomain.hashicorptest.com\")\n .build());\n\n var instance2 = new DnsAuthorization(\"instance2\", DnsAuthorizationArgs.builder()\n .name(\"dns-auth2\")\n .description(\"The default dnss\")\n .domain(\"subdomain2.hashicorptest.com\")\n .build());\n\n var default_ = new Certificate(\"default\", CertificateArgs.builder()\n .name(\"dns-cert\")\n .description(\"The default cert\")\n .scope(\"EDGE_CACHE\")\n .labels(Map.of(\"env\", \"test\"))\n .managed(CertificateManagedArgs.builder()\n .domains( \n instance.domain(),\n instance2.domain())\n .dnsAuthorizations( \n instance.id(),\n instance2.id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificatemanager:Certificate\n properties:\n name: dns-cert\n description: The default cert\n scope: EDGE_CACHE\n labels:\n env: test\n managed:\n domains:\n - ${instance.domain}\n - ${instance2.domain}\n dnsAuthorizations:\n - ${instance.id}\n - ${instance2.id}\n instance:\n type: gcp:certificatemanager:DnsAuthorization\n properties:\n name: dns-auth\n description: The default dnss\n domain: subdomain.hashicorptest.com\n instance2:\n type: gcp:certificatemanager:DnsAuthorization\n properties:\n name: dns-auth2\n description: The default dnss\n domain: subdomain2.hashicorptest.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Certificate Manager Google Managed Certificate Issuance Config\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst pool = new gcp.certificateauthority.CaPool(\"pool\", {\n name: \"ca-pool\",\n location: \"us-central1\",\n tier: \"ENTERPRISE\",\n});\nconst caAuthority = new gcp.certificateauthority.Authority(\"ca_authority\", {\n location: \"us-central1\",\n pool: pool.name,\n certificateAuthorityId: \"ca-authority\",\n config: {\n subjectConfig: {\n subject: {\n organization: \"HashiCorp\",\n commonName: \"my-certificate-authority\",\n },\n subjectAltName: {\n dnsNames: [\"hashicorp.com\"],\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {\n serverAuth: true,\n },\n },\n },\n },\n keySpec: {\n algorithm: \"RSA_PKCS1_4096_SHA256\",\n },\n deletionProtection: false,\n skipGracePeriod: true,\n ignoreActiveCertificatesOnDeletion: true,\n});\n// creating certificate_issuance_config to use it in the managed certificate\nconst issuanceconfig = new gcp.certificatemanager.CertificateIssuanceConfig(\"issuanceconfig\", {\n name: \"issuance-config\",\n description: \"sample description for the certificate issuanceConfigs\",\n certificateAuthorityConfig: {\n certificateAuthorityServiceConfig: {\n caPool: pool.id,\n },\n },\n lifetime: \"1814400s\",\n rotationWindowPercentage: 34,\n keyAlgorithm: \"ECDSA_P256\",\n}, {\n dependsOn: [caAuthority],\n});\nconst _default = new gcp.certificatemanager.Certificate(\"default\", {\n name: \"issuance-config-cert\",\n description: \"The default cert\",\n scope: \"EDGE_CACHE\",\n managed: {\n domains: [\"terraform.subdomain1.com\"],\n issuanceConfig: issuanceconfig.id,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npool = gcp.certificateauthority.CaPool(\"pool\",\n name=\"ca-pool\",\n location=\"us-central1\",\n tier=\"ENTERPRISE\")\nca_authority = gcp.certificateauthority.Authority(\"ca_authority\",\n location=\"us-central1\",\n pool=pool.name,\n certificate_authority_id=\"ca-authority\",\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"HashiCorp\",\n \"common_name\": \"my-certificate-authority\",\n },\n \"subject_alt_name\": {\n \"dns_names\": [\"hashicorp.com\"],\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {\n \"server_auth\": True,\n },\n },\n },\n },\n key_spec={\n \"algorithm\": \"RSA_PKCS1_4096_SHA256\",\n },\n deletion_protection=False,\n skip_grace_period=True,\n ignore_active_certificates_on_deletion=True)\n# creating certificate_issuance_config to use it in the managed certificate\nissuanceconfig = gcp.certificatemanager.CertificateIssuanceConfig(\"issuanceconfig\",\n name=\"issuance-config\",\n description=\"sample description for the certificate issuanceConfigs\",\n certificate_authority_config={\n \"certificate_authority_service_config\": {\n \"ca_pool\": pool.id,\n },\n },\n lifetime=\"1814400s\",\n rotation_window_percentage=34,\n key_algorithm=\"ECDSA_P256\",\n opts = pulumi.ResourceOptions(depends_on=[ca_authority]))\ndefault = gcp.certificatemanager.Certificate(\"default\",\n name=\"issuance-config-cert\",\n description=\"The default cert\",\n scope=\"EDGE_CACHE\",\n managed={\n \"domains\": [\"terraform.subdomain1.com\"],\n \"issuance_config\": issuanceconfig.id,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Gcp.CertificateAuthority.CaPool(\"pool\", new()\n {\n Name = \"ca-pool\",\n Location = \"us-central1\",\n Tier = \"ENTERPRISE\",\n });\n\n var caAuthority = new Gcp.CertificateAuthority.Authority(\"ca_authority\", new()\n {\n Location = \"us-central1\",\n Pool = pool.Name,\n CertificateAuthorityId = \"ca-authority\",\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"HashiCorp\",\n CommonName = \"my-certificate-authority\",\n },\n SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs\n {\n DnsNames = new[]\n {\n \"hashicorp.com\",\n },\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = true,\n },\n },\n },\n },\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n Algorithm = \"RSA_PKCS1_4096_SHA256\",\n },\n DeletionProtection = false,\n SkipGracePeriod = true,\n IgnoreActiveCertificatesOnDeletion = true,\n });\n\n // creating certificate_issuance_config to use it in the managed certificate\n var issuanceconfig = new Gcp.CertificateManager.CertificateIssuanceConfig(\"issuanceconfig\", new()\n {\n Name = \"issuance-config\",\n Description = \"sample description for the certificate issuanceConfigs\",\n CertificateAuthorityConfig = new Gcp.CertificateManager.Inputs.CertificateIssuanceConfigCertificateAuthorityConfigArgs\n {\n CertificateAuthorityServiceConfig = new Gcp.CertificateManager.Inputs.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs\n {\n CaPool = pool.Id,\n },\n },\n Lifetime = \"1814400s\",\n RotationWindowPercentage = 34,\n KeyAlgorithm = \"ECDSA_P256\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n caAuthority,\n },\n });\n\n var @default = new Gcp.CertificateManager.Certificate(\"default\", new()\n {\n Name = \"issuance-config-cert\",\n Description = \"The default cert\",\n Scope = \"EDGE_CACHE\",\n Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs\n {\n Domains = new[]\n {\n \"terraform.subdomain1.com\",\n },\n IssuanceConfig = issuanceconfig.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := certificateauthority.NewCaPool(ctx, \"pool\", \u0026certificateauthority.CaPoolArgs{\n\t\t\tName: pulumi.String(\"ca-pool\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTier: pulumi.String(\"ENTERPRISE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcaAuthority, err := certificateauthority.NewAuthority(ctx, \"ca_authority\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPool: pool.Name,\n\t\t\tCertificateAuthorityId: pulumi.String(\"ca-authority\"),\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"HashiCorp\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-certificate-authority\"),\n\t\t\t\t\t},\n\t\t\t\t\tSubjectAltName: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{\n\t\t\t\t\t\tDnsNames: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"hashicorp.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_PKCS1_4096_SHA256\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tSkipGracePeriod: pulumi.Bool(true),\n\t\t\tIgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// creating certificate_issuance_config to use it in the managed certificate\n\t\tissuanceconfig, err := certificatemanager.NewCertificateIssuanceConfig(ctx, \"issuanceconfig\", \u0026certificatemanager.CertificateIssuanceConfigArgs{\n\t\t\tName: pulumi.String(\"issuance-config\"),\n\t\t\tDescription: pulumi.String(\"sample description for the certificate issuanceConfigs\"),\n\t\t\tCertificateAuthorityConfig: \u0026certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigArgs{\n\t\t\t\tCertificateAuthorityServiceConfig: \u0026certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs{\n\t\t\t\t\tCaPool: pool.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLifetime: pulumi.String(\"1814400s\"),\n\t\t\tRotationWindowPercentage: pulumi.Int(34),\n\t\t\tKeyAlgorithm: pulumi.String(\"ECDSA_P256\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcaAuthority,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificatemanager.NewCertificate(ctx, \"default\", \u0026certificatemanager.CertificateArgs{\n\t\t\tName: pulumi.String(\"issuance-config-cert\"),\n\t\t\tDescription: pulumi.String(\"The default cert\"),\n\t\t\tScope: pulumi.String(\"EDGE_CACHE\"),\n\t\t\tManaged: \u0026certificatemanager.CertificateManagedArgs{\n\t\t\t\tDomains: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"terraform.subdomain1.com\"),\n\t\t\t\t},\n\t\t\t\tIssuanceConfig: issuanceconfig.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPool;\nimport com.pulumi.gcp.certificateauthority.CaPoolArgs;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport com.pulumi.gcp.certificatemanager.CertificateIssuanceConfig;\nimport com.pulumi.gcp.certificatemanager.CertificateIssuanceConfigArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs;\nimport com.pulumi.gcp.certificatemanager.Certificate;\nimport com.pulumi.gcp.certificatemanager.CertificateArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new CaPool(\"pool\", CaPoolArgs.builder()\n .name(\"ca-pool\")\n .location(\"us-central1\")\n .tier(\"ENTERPRISE\")\n .build());\n\n var caAuthority = new Authority(\"caAuthority\", AuthorityArgs.builder()\n .location(\"us-central1\")\n .pool(pool.name())\n .certificateAuthorityId(\"ca-authority\")\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"HashiCorp\")\n .commonName(\"my-certificate-authority\")\n .build())\n .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()\n .dnsNames(\"hashicorp.com\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(true)\n .build())\n .build())\n .build())\n .build())\n .keySpec(AuthorityKeySpecArgs.builder()\n .algorithm(\"RSA_PKCS1_4096_SHA256\")\n .build())\n .deletionProtection(false)\n .skipGracePeriod(true)\n .ignoreActiveCertificatesOnDeletion(true)\n .build());\n\n // creating certificate_issuance_config to use it in the managed certificate\n var issuanceconfig = new CertificateIssuanceConfig(\"issuanceconfig\", CertificateIssuanceConfigArgs.builder()\n .name(\"issuance-config\")\n .description(\"sample description for the certificate issuanceConfigs\")\n .certificateAuthorityConfig(CertificateIssuanceConfigCertificateAuthorityConfigArgs.builder()\n .certificateAuthorityServiceConfig(CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs.builder()\n .caPool(pool.id())\n .build())\n .build())\n .lifetime(\"1814400s\")\n .rotationWindowPercentage(34)\n .keyAlgorithm(\"ECDSA_P256\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(caAuthority)\n .build());\n\n var default_ = new Certificate(\"default\", CertificateArgs.builder()\n .name(\"issuance-config-cert\")\n .description(\"The default cert\")\n .scope(\"EDGE_CACHE\")\n .managed(CertificateManagedArgs.builder()\n .domains(\"terraform.subdomain1.com\")\n .issuanceConfig(issuanceconfig.id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificatemanager:Certificate\n properties:\n name: issuance-config-cert\n description: The default cert\n scope: EDGE_CACHE\n managed:\n domains:\n - terraform.subdomain1.com\n issuanceConfig: ${issuanceconfig.id}\n # creating certificate_issuance_config to use it in the managed certificate\n issuanceconfig:\n type: gcp:certificatemanager:CertificateIssuanceConfig\n properties:\n name: issuance-config\n description: sample description for the certificate issuanceConfigs\n certificateAuthorityConfig:\n certificateAuthorityServiceConfig:\n caPool: ${pool.id}\n lifetime: 1814400s\n rotationWindowPercentage: 34\n keyAlgorithm: ECDSA_P256\n options:\n dependson:\n - ${caAuthority}\n pool:\n type: gcp:certificateauthority:CaPool\n properties:\n name: ca-pool\n location: us-central1\n tier: ENTERPRISE\n caAuthority:\n type: gcp:certificateauthority:Authority\n name: ca_authority\n properties:\n location: us-central1\n pool: ${pool.name}\n certificateAuthorityId: ca-authority\n config:\n subjectConfig:\n subject:\n organization: HashiCorp\n commonName: my-certificate-authority\n subjectAltName:\n dnsNames:\n - hashicorp.com\n x509Config:\n caOptions:\n isCa: true\n keyUsage:\n baseKeyUsage:\n certSign: true\n crlSign: true\n extendedKeyUsage:\n serverAuth: true\n keySpec:\n algorithm: RSA_PKCS1_4096_SHA256\n deletionProtection: false\n skipGracePeriod: true\n ignoreActiveCertificatesOnDeletion: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Certificate Manager Certificate Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.certificatemanager.DnsAuthorization(\"instance\", {\n name: \"dns-auth\",\n description: \"The default dnss\",\n domain: \"subdomain.hashicorptest.com\",\n});\nconst instance2 = new gcp.certificatemanager.DnsAuthorization(\"instance2\", {\n name: \"dns-auth2\",\n description: \"The default dnss\",\n domain: \"subdomain2.hashicorptest.com\",\n});\nconst _default = new gcp.certificatemanager.Certificate(\"default\", {\n name: \"self-managed-cert\",\n description: \"Global cert\",\n scope: \"EDGE_CACHE\",\n managed: {\n domains: [\n instance.domain,\n instance2.domain,\n ],\n dnsAuthorizations: [\n instance.id,\n instance2.id,\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.certificatemanager.DnsAuthorization(\"instance\",\n name=\"dns-auth\",\n description=\"The default dnss\",\n domain=\"subdomain.hashicorptest.com\")\ninstance2 = gcp.certificatemanager.DnsAuthorization(\"instance2\",\n name=\"dns-auth2\",\n description=\"The default dnss\",\n domain=\"subdomain2.hashicorptest.com\")\ndefault = gcp.certificatemanager.Certificate(\"default\",\n name=\"self-managed-cert\",\n description=\"Global cert\",\n scope=\"EDGE_CACHE\",\n managed={\n \"domains\": [\n instance.domain,\n instance2.domain,\n ],\n \"dns_authorizations\": [\n instance.id,\n instance2.id,\n ],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.CertificateManager.DnsAuthorization(\"instance\", new()\n {\n Name = \"dns-auth\",\n Description = \"The default dnss\",\n Domain = \"subdomain.hashicorptest.com\",\n });\n\n var instance2 = new Gcp.CertificateManager.DnsAuthorization(\"instance2\", new()\n {\n Name = \"dns-auth2\",\n Description = \"The default dnss\",\n Domain = \"subdomain2.hashicorptest.com\",\n });\n\n var @default = new Gcp.CertificateManager.Certificate(\"default\", new()\n {\n Name = \"self-managed-cert\",\n Description = \"Global cert\",\n Scope = \"EDGE_CACHE\",\n Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs\n {\n Domains = new[]\n {\n instance.Domain,\n instance2.Domain,\n },\n DnsAuthorizations = new[]\n {\n instance.Id,\n instance2.Id,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinstance, err := certificatemanager.NewDnsAuthorization(ctx, \"instance\", \u0026certificatemanager.DnsAuthorizationArgs{\n\t\t\tName: pulumi.String(\"dns-auth\"),\n\t\t\tDescription: pulumi.String(\"The default dnss\"),\n\t\t\tDomain: pulumi.String(\"subdomain.hashicorptest.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstance2, err := certificatemanager.NewDnsAuthorization(ctx, \"instance2\", \u0026certificatemanager.DnsAuthorizationArgs{\n\t\t\tName: pulumi.String(\"dns-auth2\"),\n\t\t\tDescription: pulumi.String(\"The default dnss\"),\n\t\t\tDomain: pulumi.String(\"subdomain2.hashicorptest.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificatemanager.NewCertificate(ctx, \"default\", \u0026certificatemanager.CertificateArgs{\n\t\t\tName: pulumi.String(\"self-managed-cert\"),\n\t\t\tDescription: pulumi.String(\"Global cert\"),\n\t\t\tScope: pulumi.String(\"EDGE_CACHE\"),\n\t\t\tManaged: \u0026certificatemanager.CertificateManagedArgs{\n\t\t\t\tDomains: pulumi.StringArray{\n\t\t\t\t\tinstance.Domain,\n\t\t\t\t\tinstance2.Domain,\n\t\t\t\t},\n\t\t\t\tDnsAuthorizations: pulumi.StringArray{\n\t\t\t\t\tinstance.ID(),\n\t\t\t\t\tinstance2.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificatemanager.DnsAuthorization;\nimport com.pulumi.gcp.certificatemanager.DnsAuthorizationArgs;\nimport com.pulumi.gcp.certificatemanager.Certificate;\nimport com.pulumi.gcp.certificatemanager.CertificateArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new DnsAuthorization(\"instance\", DnsAuthorizationArgs.builder()\n .name(\"dns-auth\")\n .description(\"The default dnss\")\n .domain(\"subdomain.hashicorptest.com\")\n .build());\n\n var instance2 = new DnsAuthorization(\"instance2\", DnsAuthorizationArgs.builder()\n .name(\"dns-auth2\")\n .description(\"The default dnss\")\n .domain(\"subdomain2.hashicorptest.com\")\n .build());\n\n var default_ = new Certificate(\"default\", CertificateArgs.builder()\n .name(\"self-managed-cert\")\n .description(\"Global cert\")\n .scope(\"EDGE_CACHE\")\n .managed(CertificateManagedArgs.builder()\n .domains( \n instance.domain(),\n instance2.domain())\n .dnsAuthorizations( \n instance.id(),\n instance2.id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificatemanager:Certificate\n properties:\n name: self-managed-cert\n description: Global cert\n scope: EDGE_CACHE\n managed:\n domains:\n - ${instance.domain}\n - ${instance2.domain}\n dnsAuthorizations:\n - ${instance.id}\n - ${instance2.id}\n instance:\n type: gcp:certificatemanager:DnsAuthorization\n properties:\n name: dns-auth\n description: The default dnss\n domain: subdomain.hashicorptest.com\n instance2:\n type: gcp:certificatemanager:DnsAuthorization\n properties:\n name: dns-auth2\n description: The default dnss\n domain: subdomain2.hashicorptest.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Certificate Manager Self Managed Certificate Regional\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst _default = new gcp.certificatemanager.Certificate(\"default\", {\n name: \"self-managed-cert\",\n description: \"Regional cert\",\n location: \"us-central1\",\n selfManaged: {\n pemCertificate: std.file({\n input: \"test-fixtures/cert.pem\",\n }).then(invoke =\u003e invoke.result),\n pemPrivateKey: std.file({\n input: \"test-fixtures/private-key.pem\",\n }).then(invoke =\u003e invoke.result),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndefault = gcp.certificatemanager.Certificate(\"default\",\n name=\"self-managed-cert\",\n description=\"Regional cert\",\n location=\"us-central1\",\n self_managed={\n \"pem_certificate\": std.file(input=\"test-fixtures/cert.pem\").result,\n \"pem_private_key\": std.file(input=\"test-fixtures/private-key.pem\").result,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CertificateManager.Certificate(\"default\", new()\n {\n Name = \"self-managed-cert\",\n Description = \"Regional cert\",\n Location = \"us-central1\",\n SelfManaged = new Gcp.CertificateManager.Inputs.CertificateSelfManagedArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n PemPrivateKey = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/private-key.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/private-key.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificatemanager.NewCertificate(ctx, \"default\", \u0026certificatemanager.CertificateArgs{\n\t\t\tName: pulumi.String(\"self-managed-cert\"),\n\t\t\tDescription: pulumi.String(\"Regional cert\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tSelfManaged: \u0026certificatemanager.CertificateSelfManagedArgs{\n\t\t\t\tPemCertificate: pulumi.String(invokeFile.Result),\n\t\t\t\tPemPrivateKey: pulumi.String(invokeFile1.Result),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificatemanager.Certificate;\nimport com.pulumi.gcp.certificatemanager.CertificateArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.CertificateSelfManagedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Certificate(\"default\", CertificateArgs.builder()\n .name(\"self-managed-cert\")\n .description(\"Regional cert\")\n .location(\"us-central1\")\n .selfManaged(CertificateSelfManagedArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/cert.pem\")\n .build()).result())\n .pemPrivateKey(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/private-key.pem\")\n .build()).result())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificatemanager:Certificate\n properties:\n name: self-managed-cert\n description: Regional cert\n location: us-central1\n selfManaged:\n pemCertificate:\n fn::invoke:\n Function: std:file\n Arguments:\n input: test-fixtures/cert.pem\n Return: result\n pemPrivateKey:\n fn::invoke:\n Function: std:file\n Arguments:\n input: test-fixtures/private-key.pem\n Return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Certificate Manager Google Managed Certificate Issuance Config All Regions\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst pool = new gcp.certificateauthority.CaPool(\"pool\", {\n name: \"ca-pool\",\n location: \"us-central1\",\n tier: \"ENTERPRISE\",\n});\nconst caAuthority = new gcp.certificateauthority.Authority(\"ca_authority\", {\n location: \"us-central1\",\n pool: pool.name,\n certificateAuthorityId: \"ca-authority\",\n config: {\n subjectConfig: {\n subject: {\n organization: \"HashiCorp\",\n commonName: \"my-certificate-authority\",\n },\n subjectAltName: {\n dnsNames: [\"hashicorp.com\"],\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {\n serverAuth: true,\n },\n },\n },\n },\n keySpec: {\n algorithm: \"RSA_PKCS1_4096_SHA256\",\n },\n deletionProtection: false,\n skipGracePeriod: true,\n ignoreActiveCertificatesOnDeletion: true,\n});\n// creating certificate_issuance_config to use it in the managed certificate\nconst issuanceconfig = new gcp.certificatemanager.CertificateIssuanceConfig(\"issuanceconfig\", {\n name: \"issuance-config\",\n description: \"sample description for the certificate issuanceConfigs\",\n certificateAuthorityConfig: {\n certificateAuthorityServiceConfig: {\n caPool: pool.id,\n },\n },\n lifetime: \"1814400s\",\n rotationWindowPercentage: 34,\n keyAlgorithm: \"ECDSA_P256\",\n}, {\n dependsOn: [caAuthority],\n});\nconst _default = new gcp.certificatemanager.Certificate(\"default\", {\n name: \"issuance-config-cert\",\n description: \"sample google managed all_regions certificate with issuance config for terraform\",\n scope: \"ALL_REGIONS\",\n managed: {\n domains: [\"terraform.subdomain1.com\"],\n issuanceConfig: issuanceconfig.id,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npool = gcp.certificateauthority.CaPool(\"pool\",\n name=\"ca-pool\",\n location=\"us-central1\",\n tier=\"ENTERPRISE\")\nca_authority = gcp.certificateauthority.Authority(\"ca_authority\",\n location=\"us-central1\",\n pool=pool.name,\n certificate_authority_id=\"ca-authority\",\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"HashiCorp\",\n \"common_name\": \"my-certificate-authority\",\n },\n \"subject_alt_name\": {\n \"dns_names\": [\"hashicorp.com\"],\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {\n \"server_auth\": True,\n },\n },\n },\n },\n key_spec={\n \"algorithm\": \"RSA_PKCS1_4096_SHA256\",\n },\n deletion_protection=False,\n skip_grace_period=True,\n ignore_active_certificates_on_deletion=True)\n# creating certificate_issuance_config to use it in the managed certificate\nissuanceconfig = gcp.certificatemanager.CertificateIssuanceConfig(\"issuanceconfig\",\n name=\"issuance-config\",\n description=\"sample description for the certificate issuanceConfigs\",\n certificate_authority_config={\n \"certificate_authority_service_config\": {\n \"ca_pool\": pool.id,\n },\n },\n lifetime=\"1814400s\",\n rotation_window_percentage=34,\n key_algorithm=\"ECDSA_P256\",\n opts = pulumi.ResourceOptions(depends_on=[ca_authority]))\ndefault = gcp.certificatemanager.Certificate(\"default\",\n name=\"issuance-config-cert\",\n description=\"sample google managed all_regions certificate with issuance config for terraform\",\n scope=\"ALL_REGIONS\",\n managed={\n \"domains\": [\"terraform.subdomain1.com\"],\n \"issuance_config\": issuanceconfig.id,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Gcp.CertificateAuthority.CaPool(\"pool\", new()\n {\n Name = \"ca-pool\",\n Location = \"us-central1\",\n Tier = \"ENTERPRISE\",\n });\n\n var caAuthority = new Gcp.CertificateAuthority.Authority(\"ca_authority\", new()\n {\n Location = \"us-central1\",\n Pool = pool.Name,\n CertificateAuthorityId = \"ca-authority\",\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"HashiCorp\",\n CommonName = \"my-certificate-authority\",\n },\n SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs\n {\n DnsNames = new[]\n {\n \"hashicorp.com\",\n },\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = true,\n },\n },\n },\n },\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n Algorithm = \"RSA_PKCS1_4096_SHA256\",\n },\n DeletionProtection = false,\n SkipGracePeriod = true,\n IgnoreActiveCertificatesOnDeletion = true,\n });\n\n // creating certificate_issuance_config to use it in the managed certificate\n var issuanceconfig = new Gcp.CertificateManager.CertificateIssuanceConfig(\"issuanceconfig\", new()\n {\n Name = \"issuance-config\",\n Description = \"sample description for the certificate issuanceConfigs\",\n CertificateAuthorityConfig = new Gcp.CertificateManager.Inputs.CertificateIssuanceConfigCertificateAuthorityConfigArgs\n {\n CertificateAuthorityServiceConfig = new Gcp.CertificateManager.Inputs.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs\n {\n CaPool = pool.Id,\n },\n },\n Lifetime = \"1814400s\",\n RotationWindowPercentage = 34,\n KeyAlgorithm = \"ECDSA_P256\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n caAuthority,\n },\n });\n\n var @default = new Gcp.CertificateManager.Certificate(\"default\", new()\n {\n Name = \"issuance-config-cert\",\n Description = \"sample google managed all_regions certificate with issuance config for terraform\",\n Scope = \"ALL_REGIONS\",\n Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs\n {\n Domains = new[]\n {\n \"terraform.subdomain1.com\",\n },\n IssuanceConfig = issuanceconfig.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := certificateauthority.NewCaPool(ctx, \"pool\", \u0026certificateauthority.CaPoolArgs{\n\t\t\tName: pulumi.String(\"ca-pool\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTier: pulumi.String(\"ENTERPRISE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcaAuthority, err := certificateauthority.NewAuthority(ctx, \"ca_authority\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPool: pool.Name,\n\t\t\tCertificateAuthorityId: pulumi.String(\"ca-authority\"),\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"HashiCorp\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-certificate-authority\"),\n\t\t\t\t\t},\n\t\t\t\t\tSubjectAltName: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{\n\t\t\t\t\t\tDnsNames: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"hashicorp.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_PKCS1_4096_SHA256\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tSkipGracePeriod: pulumi.Bool(true),\n\t\t\tIgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// creating certificate_issuance_config to use it in the managed certificate\n\t\tissuanceconfig, err := certificatemanager.NewCertificateIssuanceConfig(ctx, \"issuanceconfig\", \u0026certificatemanager.CertificateIssuanceConfigArgs{\n\t\t\tName: pulumi.String(\"issuance-config\"),\n\t\t\tDescription: pulumi.String(\"sample description for the certificate issuanceConfigs\"),\n\t\t\tCertificateAuthorityConfig: \u0026certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigArgs{\n\t\t\t\tCertificateAuthorityServiceConfig: \u0026certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs{\n\t\t\t\t\tCaPool: pool.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLifetime: pulumi.String(\"1814400s\"),\n\t\t\tRotationWindowPercentage: pulumi.Int(34),\n\t\t\tKeyAlgorithm: pulumi.String(\"ECDSA_P256\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcaAuthority,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificatemanager.NewCertificate(ctx, \"default\", \u0026certificatemanager.CertificateArgs{\n\t\t\tName: pulumi.String(\"issuance-config-cert\"),\n\t\t\tDescription: pulumi.String(\"sample google managed all_regions certificate with issuance config for terraform\"),\n\t\t\tScope: pulumi.String(\"ALL_REGIONS\"),\n\t\t\tManaged: \u0026certificatemanager.CertificateManagedArgs{\n\t\t\t\tDomains: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"terraform.subdomain1.com\"),\n\t\t\t\t},\n\t\t\t\tIssuanceConfig: issuanceconfig.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPool;\nimport com.pulumi.gcp.certificateauthority.CaPoolArgs;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport com.pulumi.gcp.certificatemanager.CertificateIssuanceConfig;\nimport com.pulumi.gcp.certificatemanager.CertificateIssuanceConfigArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs;\nimport com.pulumi.gcp.certificatemanager.Certificate;\nimport com.pulumi.gcp.certificatemanager.CertificateArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new CaPool(\"pool\", CaPoolArgs.builder()\n .name(\"ca-pool\")\n .location(\"us-central1\")\n .tier(\"ENTERPRISE\")\n .build());\n\n var caAuthority = new Authority(\"caAuthority\", AuthorityArgs.builder()\n .location(\"us-central1\")\n .pool(pool.name())\n .certificateAuthorityId(\"ca-authority\")\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"HashiCorp\")\n .commonName(\"my-certificate-authority\")\n .build())\n .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()\n .dnsNames(\"hashicorp.com\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(true)\n .build())\n .build())\n .build())\n .build())\n .keySpec(AuthorityKeySpecArgs.builder()\n .algorithm(\"RSA_PKCS1_4096_SHA256\")\n .build())\n .deletionProtection(false)\n .skipGracePeriod(true)\n .ignoreActiveCertificatesOnDeletion(true)\n .build());\n\n // creating certificate_issuance_config to use it in the managed certificate\n var issuanceconfig = new CertificateIssuanceConfig(\"issuanceconfig\", CertificateIssuanceConfigArgs.builder()\n .name(\"issuance-config\")\n .description(\"sample description for the certificate issuanceConfigs\")\n .certificateAuthorityConfig(CertificateIssuanceConfigCertificateAuthorityConfigArgs.builder()\n .certificateAuthorityServiceConfig(CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs.builder()\n .caPool(pool.id())\n .build())\n .build())\n .lifetime(\"1814400s\")\n .rotationWindowPercentage(34)\n .keyAlgorithm(\"ECDSA_P256\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(caAuthority)\n .build());\n\n var default_ = new Certificate(\"default\", CertificateArgs.builder()\n .name(\"issuance-config-cert\")\n .description(\"sample google managed all_regions certificate with issuance config for terraform\")\n .scope(\"ALL_REGIONS\")\n .managed(CertificateManagedArgs.builder()\n .domains(\"terraform.subdomain1.com\")\n .issuanceConfig(issuanceconfig.id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificatemanager:Certificate\n properties:\n name: issuance-config-cert\n description: sample google managed all_regions certificate with issuance config for terraform\n scope: ALL_REGIONS\n managed:\n domains:\n - terraform.subdomain1.com\n issuanceConfig: ${issuanceconfig.id}\n # creating certificate_issuance_config to use it in the managed certificate\n issuanceconfig:\n type: gcp:certificatemanager:CertificateIssuanceConfig\n properties:\n name: issuance-config\n description: sample description for the certificate issuanceConfigs\n certificateAuthorityConfig:\n certificateAuthorityServiceConfig:\n caPool: ${pool.id}\n lifetime: 1814400s\n rotationWindowPercentage: 34\n keyAlgorithm: ECDSA_P256\n options:\n dependson:\n - ${caAuthority}\n pool:\n type: gcp:certificateauthority:CaPool\n properties:\n name: ca-pool\n location: us-central1\n tier: ENTERPRISE\n caAuthority:\n type: gcp:certificateauthority:Authority\n name: ca_authority\n properties:\n location: us-central1\n pool: ${pool.name}\n certificateAuthorityId: ca-authority\n config:\n subjectConfig:\n subject:\n organization: HashiCorp\n commonName: my-certificate-authority\n subjectAltName:\n dnsNames:\n - hashicorp.com\n x509Config:\n caOptions:\n isCa: true\n keyUsage:\n baseKeyUsage:\n certSign: true\n crlSign: true\n extendedKeyUsage:\n serverAuth: true\n keySpec:\n algorithm: RSA_PKCS1_4096_SHA256\n deletionProtection: false\n skipGracePeriod: true\n ignoreActiveCertificatesOnDeletion: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Certificate Manager Google Managed Certificate Dns All Regions\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.certificatemanager.DnsAuthorization(\"instance\", {\n name: \"dns-auth\",\n description: \"The default dnss\",\n domain: \"subdomain.hashicorptest.com\",\n});\nconst instance2 = new gcp.certificatemanager.DnsAuthorization(\"instance2\", {\n name: \"dns-auth2\",\n description: \"The default dnss\",\n domain: \"subdomain2.hashicorptest.com\",\n});\nconst _default = new gcp.certificatemanager.Certificate(\"default\", {\n name: \"dns-cert\",\n description: \"The default cert\",\n scope: \"ALL_REGIONS\",\n managed: {\n domains: [\n instance.domain,\n instance2.domain,\n ],\n dnsAuthorizations: [\n instance.id,\n instance2.id,\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.certificatemanager.DnsAuthorization(\"instance\",\n name=\"dns-auth\",\n description=\"The default dnss\",\n domain=\"subdomain.hashicorptest.com\")\ninstance2 = gcp.certificatemanager.DnsAuthorization(\"instance2\",\n name=\"dns-auth2\",\n description=\"The default dnss\",\n domain=\"subdomain2.hashicorptest.com\")\ndefault = gcp.certificatemanager.Certificate(\"default\",\n name=\"dns-cert\",\n description=\"The default cert\",\n scope=\"ALL_REGIONS\",\n managed={\n \"domains\": [\n instance.domain,\n instance2.domain,\n ],\n \"dns_authorizations\": [\n instance.id,\n instance2.id,\n ],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.CertificateManager.DnsAuthorization(\"instance\", new()\n {\n Name = \"dns-auth\",\n Description = \"The default dnss\",\n Domain = \"subdomain.hashicorptest.com\",\n });\n\n var instance2 = new Gcp.CertificateManager.DnsAuthorization(\"instance2\", new()\n {\n Name = \"dns-auth2\",\n Description = \"The default dnss\",\n Domain = \"subdomain2.hashicorptest.com\",\n });\n\n var @default = new Gcp.CertificateManager.Certificate(\"default\", new()\n {\n Name = \"dns-cert\",\n Description = \"The default cert\",\n Scope = \"ALL_REGIONS\",\n Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs\n {\n Domains = new[]\n {\n instance.Domain,\n instance2.Domain,\n },\n DnsAuthorizations = new[]\n {\n instance.Id,\n instance2.Id,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinstance, err := certificatemanager.NewDnsAuthorization(ctx, \"instance\", \u0026certificatemanager.DnsAuthorizationArgs{\n\t\t\tName: pulumi.String(\"dns-auth\"),\n\t\t\tDescription: pulumi.String(\"The default dnss\"),\n\t\t\tDomain: pulumi.String(\"subdomain.hashicorptest.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstance2, err := certificatemanager.NewDnsAuthorization(ctx, \"instance2\", \u0026certificatemanager.DnsAuthorizationArgs{\n\t\t\tName: pulumi.String(\"dns-auth2\"),\n\t\t\tDescription: pulumi.String(\"The default dnss\"),\n\t\t\tDomain: pulumi.String(\"subdomain2.hashicorptest.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificatemanager.NewCertificate(ctx, \"default\", \u0026certificatemanager.CertificateArgs{\n\t\t\tName: pulumi.String(\"dns-cert\"),\n\t\t\tDescription: pulumi.String(\"The default cert\"),\n\t\t\tScope: pulumi.String(\"ALL_REGIONS\"),\n\t\t\tManaged: \u0026certificatemanager.CertificateManagedArgs{\n\t\t\t\tDomains: pulumi.StringArray{\n\t\t\t\t\tinstance.Domain,\n\t\t\t\t\tinstance2.Domain,\n\t\t\t\t},\n\t\t\t\tDnsAuthorizations: pulumi.StringArray{\n\t\t\t\t\tinstance.ID(),\n\t\t\t\t\tinstance2.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificatemanager.DnsAuthorization;\nimport com.pulumi.gcp.certificatemanager.DnsAuthorizationArgs;\nimport com.pulumi.gcp.certificatemanager.Certificate;\nimport com.pulumi.gcp.certificatemanager.CertificateArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new DnsAuthorization(\"instance\", DnsAuthorizationArgs.builder()\n .name(\"dns-auth\")\n .description(\"The default dnss\")\n .domain(\"subdomain.hashicorptest.com\")\n .build());\n\n var instance2 = new DnsAuthorization(\"instance2\", DnsAuthorizationArgs.builder()\n .name(\"dns-auth2\")\n .description(\"The default dnss\")\n .domain(\"subdomain2.hashicorptest.com\")\n .build());\n\n var default_ = new Certificate(\"default\", CertificateArgs.builder()\n .name(\"dns-cert\")\n .description(\"The default cert\")\n .scope(\"ALL_REGIONS\")\n .managed(CertificateManagedArgs.builder()\n .domains( \n instance.domain(),\n instance2.domain())\n .dnsAuthorizations( \n instance.id(),\n instance2.id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificatemanager:Certificate\n properties:\n name: dns-cert\n description: The default cert\n scope: ALL_REGIONS\n managed:\n domains:\n - ${instance.domain}\n - ${instance2.domain}\n dnsAuthorizations:\n - ${instance.id}\n - ${instance2.id}\n instance:\n type: gcp:certificatemanager:DnsAuthorization\n properties:\n name: dns-auth\n description: The default dnss\n domain: subdomain.hashicorptest.com\n instance2:\n type: gcp:certificatemanager:DnsAuthorization\n properties:\n name: dns-auth2\n description: The default dnss\n domain: subdomain2.hashicorptest.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Certificate Manager Google Managed Regional Certificate Dns Auth\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.certificatemanager.DnsAuthorization(\"instance\", {\n name: \"dns-auth\",\n location: \"us-central1\",\n description: \"The default dnss\",\n domain: \"subdomain.hashicorptest.com\",\n});\nconst _default = new gcp.certificatemanager.Certificate(\"default\", {\n name: \"dns-cert\",\n description: \"regional managed certs\",\n location: \"us-central1\",\n managed: {\n domains: [instance.domain],\n dnsAuthorizations: [instance.id],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.certificatemanager.DnsAuthorization(\"instance\",\n name=\"dns-auth\",\n location=\"us-central1\",\n description=\"The default dnss\",\n domain=\"subdomain.hashicorptest.com\")\ndefault = gcp.certificatemanager.Certificate(\"default\",\n name=\"dns-cert\",\n description=\"regional managed certs\",\n location=\"us-central1\",\n managed={\n \"domains\": [instance.domain],\n \"dns_authorizations\": [instance.id],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.CertificateManager.DnsAuthorization(\"instance\", new()\n {\n Name = \"dns-auth\",\n Location = \"us-central1\",\n Description = \"The default dnss\",\n Domain = \"subdomain.hashicorptest.com\",\n });\n\n var @default = new Gcp.CertificateManager.Certificate(\"default\", new()\n {\n Name = \"dns-cert\",\n Description = \"regional managed certs\",\n Location = \"us-central1\",\n Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs\n {\n Domains = new[]\n {\n instance.Domain,\n },\n DnsAuthorizations = new[]\n {\n instance.Id,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinstance, err := certificatemanager.NewDnsAuthorization(ctx, \"instance\", \u0026certificatemanager.DnsAuthorizationArgs{\n\t\t\tName: pulumi.String(\"dns-auth\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"The default dnss\"),\n\t\t\tDomain: pulumi.String(\"subdomain.hashicorptest.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificatemanager.NewCertificate(ctx, \"default\", \u0026certificatemanager.CertificateArgs{\n\t\t\tName: pulumi.String(\"dns-cert\"),\n\t\t\tDescription: pulumi.String(\"regional managed certs\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tManaged: \u0026certificatemanager.CertificateManagedArgs{\n\t\t\t\tDomains: pulumi.StringArray{\n\t\t\t\t\tinstance.Domain,\n\t\t\t\t},\n\t\t\t\tDnsAuthorizations: pulumi.StringArray{\n\t\t\t\t\tinstance.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificatemanager.DnsAuthorization;\nimport com.pulumi.gcp.certificatemanager.DnsAuthorizationArgs;\nimport com.pulumi.gcp.certificatemanager.Certificate;\nimport com.pulumi.gcp.certificatemanager.CertificateArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new DnsAuthorization(\"instance\", DnsAuthorizationArgs.builder()\n .name(\"dns-auth\")\n .location(\"us-central1\")\n .description(\"The default dnss\")\n .domain(\"subdomain.hashicorptest.com\")\n .build());\n\n var default_ = new Certificate(\"default\", CertificateArgs.builder()\n .name(\"dns-cert\")\n .description(\"regional managed certs\")\n .location(\"us-central1\")\n .managed(CertificateManagedArgs.builder()\n .domains(instance.domain())\n .dnsAuthorizations(instance.id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificatemanager:Certificate\n properties:\n name: dns-cert\n description: regional managed certs\n location: us-central1\n managed:\n domains:\n - ${instance.domain}\n dnsAuthorizations:\n - ${instance.id}\n instance:\n type: gcp:certificatemanager:DnsAuthorization\n properties:\n name: dns-auth\n location: us-central1\n description: The default dnss\n domain: subdomain.hashicorptest.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nCertificate can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/certificates/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Certificate can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:certificatemanager/certificate:Certificate default projects/{{project}}/locations/{{location}}/certificates/{{name}}\n```\n\n```sh\n$ pulumi import gcp:certificatemanager/certificate:Certificate default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:certificatemanager/certificate:Certificate default {{location}}/{{name}}\n```\n\n", + "description": "Certificate represents a HTTP-reachable backend for a Certificate.\n\n\n\n\n\n## Example Usage\n\n### Certificate Manager Google Managed Certificate Dns\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.certificatemanager.DnsAuthorization(\"instance\", {\n name: \"dns-auth\",\n description: \"The default dnss\",\n domain: \"subdomain.hashicorptest.com\",\n});\nconst instance2 = new gcp.certificatemanager.DnsAuthorization(\"instance2\", {\n name: \"dns-auth2\",\n description: \"The default dnss\",\n domain: \"subdomain2.hashicorptest.com\",\n});\nconst _default = new gcp.certificatemanager.Certificate(\"default\", {\n name: \"dns-cert\",\n description: \"The default cert\",\n scope: \"EDGE_CACHE\",\n labels: {\n env: \"test\",\n },\n managed: {\n domains: [\n instance.domain,\n instance2.domain,\n ],\n dnsAuthorizations: [\n instance.id,\n instance2.id,\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.certificatemanager.DnsAuthorization(\"instance\",\n name=\"dns-auth\",\n description=\"The default dnss\",\n domain=\"subdomain.hashicorptest.com\")\ninstance2 = gcp.certificatemanager.DnsAuthorization(\"instance2\",\n name=\"dns-auth2\",\n description=\"The default dnss\",\n domain=\"subdomain2.hashicorptest.com\")\ndefault = gcp.certificatemanager.Certificate(\"default\",\n name=\"dns-cert\",\n description=\"The default cert\",\n scope=\"EDGE_CACHE\",\n labels={\n \"env\": \"test\",\n },\n managed={\n \"domains\": [\n instance.domain,\n instance2.domain,\n ],\n \"dns_authorizations\": [\n instance.id,\n instance2.id,\n ],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.CertificateManager.DnsAuthorization(\"instance\", new()\n {\n Name = \"dns-auth\",\n Description = \"The default dnss\",\n Domain = \"subdomain.hashicorptest.com\",\n });\n\n var instance2 = new Gcp.CertificateManager.DnsAuthorization(\"instance2\", new()\n {\n Name = \"dns-auth2\",\n Description = \"The default dnss\",\n Domain = \"subdomain2.hashicorptest.com\",\n });\n\n var @default = new Gcp.CertificateManager.Certificate(\"default\", new()\n {\n Name = \"dns-cert\",\n Description = \"The default cert\",\n Scope = \"EDGE_CACHE\",\n Labels = \n {\n { \"env\", \"test\" },\n },\n Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs\n {\n Domains = new[]\n {\n instance.Domain,\n instance2.Domain,\n },\n DnsAuthorizations = new[]\n {\n instance.Id,\n instance2.Id,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinstance, err := certificatemanager.NewDnsAuthorization(ctx, \"instance\", \u0026certificatemanager.DnsAuthorizationArgs{\n\t\t\tName: pulumi.String(\"dns-auth\"),\n\t\t\tDescription: pulumi.String(\"The default dnss\"),\n\t\t\tDomain: pulumi.String(\"subdomain.hashicorptest.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstance2, err := certificatemanager.NewDnsAuthorization(ctx, \"instance2\", \u0026certificatemanager.DnsAuthorizationArgs{\n\t\t\tName: pulumi.String(\"dns-auth2\"),\n\t\t\tDescription: pulumi.String(\"The default dnss\"),\n\t\t\tDomain: pulumi.String(\"subdomain2.hashicorptest.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificatemanager.NewCertificate(ctx, \"default\", \u0026certificatemanager.CertificateArgs{\n\t\t\tName: pulumi.String(\"dns-cert\"),\n\t\t\tDescription: pulumi.String(\"The default cert\"),\n\t\t\tScope: pulumi.String(\"EDGE_CACHE\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"env\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t\tManaged: \u0026certificatemanager.CertificateManagedArgs{\n\t\t\t\tDomains: pulumi.StringArray{\n\t\t\t\t\tinstance.Domain,\n\t\t\t\t\tinstance2.Domain,\n\t\t\t\t},\n\t\t\t\tDnsAuthorizations: pulumi.StringArray{\n\t\t\t\t\tinstance.ID(),\n\t\t\t\t\tinstance2.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificatemanager.DnsAuthorization;\nimport com.pulumi.gcp.certificatemanager.DnsAuthorizationArgs;\nimport com.pulumi.gcp.certificatemanager.Certificate;\nimport com.pulumi.gcp.certificatemanager.CertificateArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new DnsAuthorization(\"instance\", DnsAuthorizationArgs.builder()\n .name(\"dns-auth\")\n .description(\"The default dnss\")\n .domain(\"subdomain.hashicorptest.com\")\n .build());\n\n var instance2 = new DnsAuthorization(\"instance2\", DnsAuthorizationArgs.builder()\n .name(\"dns-auth2\")\n .description(\"The default dnss\")\n .domain(\"subdomain2.hashicorptest.com\")\n .build());\n\n var default_ = new Certificate(\"default\", CertificateArgs.builder()\n .name(\"dns-cert\")\n .description(\"The default cert\")\n .scope(\"EDGE_CACHE\")\n .labels(Map.of(\"env\", \"test\"))\n .managed(CertificateManagedArgs.builder()\n .domains( \n instance.domain(),\n instance2.domain())\n .dnsAuthorizations( \n instance.id(),\n instance2.id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificatemanager:Certificate\n properties:\n name: dns-cert\n description: The default cert\n scope: EDGE_CACHE\n labels:\n env: test\n managed:\n domains:\n - ${instance.domain}\n - ${instance2.domain}\n dnsAuthorizations:\n - ${instance.id}\n - ${instance2.id}\n instance:\n type: gcp:certificatemanager:DnsAuthorization\n properties:\n name: dns-auth\n description: The default dnss\n domain: subdomain.hashicorptest.com\n instance2:\n type: gcp:certificatemanager:DnsAuthorization\n properties:\n name: dns-auth2\n description: The default dnss\n domain: subdomain2.hashicorptest.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Certificate Manager Google Managed Certificate Issuance Config\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst pool = new gcp.certificateauthority.CaPool(\"pool\", {\n name: \"ca-pool\",\n location: \"us-central1\",\n tier: \"ENTERPRISE\",\n});\nconst caAuthority = new gcp.certificateauthority.Authority(\"ca_authority\", {\n location: \"us-central1\",\n pool: pool.name,\n certificateAuthorityId: \"ca-authority\",\n config: {\n subjectConfig: {\n subject: {\n organization: \"HashiCorp\",\n commonName: \"my-certificate-authority\",\n },\n subjectAltName: {\n dnsNames: [\"hashicorp.com\"],\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {\n serverAuth: true,\n },\n },\n },\n },\n keySpec: {\n algorithm: \"RSA_PKCS1_4096_SHA256\",\n },\n deletionProtection: false,\n skipGracePeriod: true,\n ignoreActiveCertificatesOnDeletion: true,\n});\n// creating certificate_issuance_config to use it in the managed certificate\nconst issuanceconfig = new gcp.certificatemanager.CertificateIssuanceConfig(\"issuanceconfig\", {\n name: \"issuance-config\",\n description: \"sample description for the certificate issuanceConfigs\",\n certificateAuthorityConfig: {\n certificateAuthorityServiceConfig: {\n caPool: pool.id,\n },\n },\n lifetime: \"1814400s\",\n rotationWindowPercentage: 34,\n keyAlgorithm: \"ECDSA_P256\",\n}, {\n dependsOn: [caAuthority],\n});\nconst _default = new gcp.certificatemanager.Certificate(\"default\", {\n name: \"issuance-config-cert\",\n description: \"The default cert\",\n scope: \"EDGE_CACHE\",\n managed: {\n domains: [\"terraform.subdomain1.com\"],\n issuanceConfig: issuanceconfig.id,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npool = gcp.certificateauthority.CaPool(\"pool\",\n name=\"ca-pool\",\n location=\"us-central1\",\n tier=\"ENTERPRISE\")\nca_authority = gcp.certificateauthority.Authority(\"ca_authority\",\n location=\"us-central1\",\n pool=pool.name,\n certificate_authority_id=\"ca-authority\",\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"HashiCorp\",\n \"common_name\": \"my-certificate-authority\",\n },\n \"subject_alt_name\": {\n \"dns_names\": [\"hashicorp.com\"],\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {\n \"server_auth\": True,\n },\n },\n },\n },\n key_spec={\n \"algorithm\": \"RSA_PKCS1_4096_SHA256\",\n },\n deletion_protection=False,\n skip_grace_period=True,\n ignore_active_certificates_on_deletion=True)\n# creating certificate_issuance_config to use it in the managed certificate\nissuanceconfig = gcp.certificatemanager.CertificateIssuanceConfig(\"issuanceconfig\",\n name=\"issuance-config\",\n description=\"sample description for the certificate issuanceConfigs\",\n certificate_authority_config={\n \"certificate_authority_service_config\": {\n \"ca_pool\": pool.id,\n },\n },\n lifetime=\"1814400s\",\n rotation_window_percentage=34,\n key_algorithm=\"ECDSA_P256\",\n opts = pulumi.ResourceOptions(depends_on=[ca_authority]))\ndefault = gcp.certificatemanager.Certificate(\"default\",\n name=\"issuance-config-cert\",\n description=\"The default cert\",\n scope=\"EDGE_CACHE\",\n managed={\n \"domains\": [\"terraform.subdomain1.com\"],\n \"issuance_config\": issuanceconfig.id,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Gcp.CertificateAuthority.CaPool(\"pool\", new()\n {\n Name = \"ca-pool\",\n Location = \"us-central1\",\n Tier = \"ENTERPRISE\",\n });\n\n var caAuthority = new Gcp.CertificateAuthority.Authority(\"ca_authority\", new()\n {\n Location = \"us-central1\",\n Pool = pool.Name,\n CertificateAuthorityId = \"ca-authority\",\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"HashiCorp\",\n CommonName = \"my-certificate-authority\",\n },\n SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs\n {\n DnsNames = new[]\n {\n \"hashicorp.com\",\n },\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = true,\n },\n },\n },\n },\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n Algorithm = \"RSA_PKCS1_4096_SHA256\",\n },\n DeletionProtection = false,\n SkipGracePeriod = true,\n IgnoreActiveCertificatesOnDeletion = true,\n });\n\n // creating certificate_issuance_config to use it in the managed certificate\n var issuanceconfig = new Gcp.CertificateManager.CertificateIssuanceConfig(\"issuanceconfig\", new()\n {\n Name = \"issuance-config\",\n Description = \"sample description for the certificate issuanceConfigs\",\n CertificateAuthorityConfig = new Gcp.CertificateManager.Inputs.CertificateIssuanceConfigCertificateAuthorityConfigArgs\n {\n CertificateAuthorityServiceConfig = new Gcp.CertificateManager.Inputs.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs\n {\n CaPool = pool.Id,\n },\n },\n Lifetime = \"1814400s\",\n RotationWindowPercentage = 34,\n KeyAlgorithm = \"ECDSA_P256\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n caAuthority,\n },\n });\n\n var @default = new Gcp.CertificateManager.Certificate(\"default\", new()\n {\n Name = \"issuance-config-cert\",\n Description = \"The default cert\",\n Scope = \"EDGE_CACHE\",\n Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs\n {\n Domains = new[]\n {\n \"terraform.subdomain1.com\",\n },\n IssuanceConfig = issuanceconfig.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := certificateauthority.NewCaPool(ctx, \"pool\", \u0026certificateauthority.CaPoolArgs{\n\t\t\tName: pulumi.String(\"ca-pool\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTier: pulumi.String(\"ENTERPRISE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcaAuthority, err := certificateauthority.NewAuthority(ctx, \"ca_authority\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPool: pool.Name,\n\t\t\tCertificateAuthorityId: pulumi.String(\"ca-authority\"),\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"HashiCorp\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-certificate-authority\"),\n\t\t\t\t\t},\n\t\t\t\t\tSubjectAltName: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{\n\t\t\t\t\t\tDnsNames: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"hashicorp.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_PKCS1_4096_SHA256\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tSkipGracePeriod: pulumi.Bool(true),\n\t\t\tIgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// creating certificate_issuance_config to use it in the managed certificate\n\t\tissuanceconfig, err := certificatemanager.NewCertificateIssuanceConfig(ctx, \"issuanceconfig\", \u0026certificatemanager.CertificateIssuanceConfigArgs{\n\t\t\tName: pulumi.String(\"issuance-config\"),\n\t\t\tDescription: pulumi.String(\"sample description for the certificate issuanceConfigs\"),\n\t\t\tCertificateAuthorityConfig: \u0026certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigArgs{\n\t\t\t\tCertificateAuthorityServiceConfig: \u0026certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs{\n\t\t\t\t\tCaPool: pool.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLifetime: pulumi.String(\"1814400s\"),\n\t\t\tRotationWindowPercentage: pulumi.Int(34),\n\t\t\tKeyAlgorithm: pulumi.String(\"ECDSA_P256\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcaAuthority,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificatemanager.NewCertificate(ctx, \"default\", \u0026certificatemanager.CertificateArgs{\n\t\t\tName: pulumi.String(\"issuance-config-cert\"),\n\t\t\tDescription: pulumi.String(\"The default cert\"),\n\t\t\tScope: pulumi.String(\"EDGE_CACHE\"),\n\t\t\tManaged: \u0026certificatemanager.CertificateManagedArgs{\n\t\t\t\tDomains: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"terraform.subdomain1.com\"),\n\t\t\t\t},\n\t\t\t\tIssuanceConfig: issuanceconfig.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPool;\nimport com.pulumi.gcp.certificateauthority.CaPoolArgs;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport com.pulumi.gcp.certificatemanager.CertificateIssuanceConfig;\nimport com.pulumi.gcp.certificatemanager.CertificateIssuanceConfigArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs;\nimport com.pulumi.gcp.certificatemanager.Certificate;\nimport com.pulumi.gcp.certificatemanager.CertificateArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new CaPool(\"pool\", CaPoolArgs.builder()\n .name(\"ca-pool\")\n .location(\"us-central1\")\n .tier(\"ENTERPRISE\")\n .build());\n\n var caAuthority = new Authority(\"caAuthority\", AuthorityArgs.builder()\n .location(\"us-central1\")\n .pool(pool.name())\n .certificateAuthorityId(\"ca-authority\")\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"HashiCorp\")\n .commonName(\"my-certificate-authority\")\n .build())\n .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()\n .dnsNames(\"hashicorp.com\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(true)\n .build())\n .build())\n .build())\n .build())\n .keySpec(AuthorityKeySpecArgs.builder()\n .algorithm(\"RSA_PKCS1_4096_SHA256\")\n .build())\n .deletionProtection(false)\n .skipGracePeriod(true)\n .ignoreActiveCertificatesOnDeletion(true)\n .build());\n\n // creating certificate_issuance_config to use it in the managed certificate\n var issuanceconfig = new CertificateIssuanceConfig(\"issuanceconfig\", CertificateIssuanceConfigArgs.builder()\n .name(\"issuance-config\")\n .description(\"sample description for the certificate issuanceConfigs\")\n .certificateAuthorityConfig(CertificateIssuanceConfigCertificateAuthorityConfigArgs.builder()\n .certificateAuthorityServiceConfig(CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs.builder()\n .caPool(pool.id())\n .build())\n .build())\n .lifetime(\"1814400s\")\n .rotationWindowPercentage(34)\n .keyAlgorithm(\"ECDSA_P256\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(caAuthority)\n .build());\n\n var default_ = new Certificate(\"default\", CertificateArgs.builder()\n .name(\"issuance-config-cert\")\n .description(\"The default cert\")\n .scope(\"EDGE_CACHE\")\n .managed(CertificateManagedArgs.builder()\n .domains(\"terraform.subdomain1.com\")\n .issuanceConfig(issuanceconfig.id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificatemanager:Certificate\n properties:\n name: issuance-config-cert\n description: The default cert\n scope: EDGE_CACHE\n managed:\n domains:\n - terraform.subdomain1.com\n issuanceConfig: ${issuanceconfig.id}\n # creating certificate_issuance_config to use it in the managed certificate\n issuanceconfig:\n type: gcp:certificatemanager:CertificateIssuanceConfig\n properties:\n name: issuance-config\n description: sample description for the certificate issuanceConfigs\n certificateAuthorityConfig:\n certificateAuthorityServiceConfig:\n caPool: ${pool.id}\n lifetime: 1814400s\n rotationWindowPercentage: 34\n keyAlgorithm: ECDSA_P256\n options:\n dependsOn:\n - ${caAuthority}\n pool:\n type: gcp:certificateauthority:CaPool\n properties:\n name: ca-pool\n location: us-central1\n tier: ENTERPRISE\n caAuthority:\n type: gcp:certificateauthority:Authority\n name: ca_authority\n properties:\n location: us-central1\n pool: ${pool.name}\n certificateAuthorityId: ca-authority\n config:\n subjectConfig:\n subject:\n organization: HashiCorp\n commonName: my-certificate-authority\n subjectAltName:\n dnsNames:\n - hashicorp.com\n x509Config:\n caOptions:\n isCa: true\n keyUsage:\n baseKeyUsage:\n certSign: true\n crlSign: true\n extendedKeyUsage:\n serverAuth: true\n keySpec:\n algorithm: RSA_PKCS1_4096_SHA256\n deletionProtection: false\n skipGracePeriod: true\n ignoreActiveCertificatesOnDeletion: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Certificate Manager Certificate Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.certificatemanager.DnsAuthorization(\"instance\", {\n name: \"dns-auth\",\n description: \"The default dnss\",\n domain: \"subdomain.hashicorptest.com\",\n});\nconst instance2 = new gcp.certificatemanager.DnsAuthorization(\"instance2\", {\n name: \"dns-auth2\",\n description: \"The default dnss\",\n domain: \"subdomain2.hashicorptest.com\",\n});\nconst _default = new gcp.certificatemanager.Certificate(\"default\", {\n name: \"self-managed-cert\",\n description: \"Global cert\",\n scope: \"EDGE_CACHE\",\n managed: {\n domains: [\n instance.domain,\n instance2.domain,\n ],\n dnsAuthorizations: [\n instance.id,\n instance2.id,\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.certificatemanager.DnsAuthorization(\"instance\",\n name=\"dns-auth\",\n description=\"The default dnss\",\n domain=\"subdomain.hashicorptest.com\")\ninstance2 = gcp.certificatemanager.DnsAuthorization(\"instance2\",\n name=\"dns-auth2\",\n description=\"The default dnss\",\n domain=\"subdomain2.hashicorptest.com\")\ndefault = gcp.certificatemanager.Certificate(\"default\",\n name=\"self-managed-cert\",\n description=\"Global cert\",\n scope=\"EDGE_CACHE\",\n managed={\n \"domains\": [\n instance.domain,\n instance2.domain,\n ],\n \"dns_authorizations\": [\n instance.id,\n instance2.id,\n ],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.CertificateManager.DnsAuthorization(\"instance\", new()\n {\n Name = \"dns-auth\",\n Description = \"The default dnss\",\n Domain = \"subdomain.hashicorptest.com\",\n });\n\n var instance2 = new Gcp.CertificateManager.DnsAuthorization(\"instance2\", new()\n {\n Name = \"dns-auth2\",\n Description = \"The default dnss\",\n Domain = \"subdomain2.hashicorptest.com\",\n });\n\n var @default = new Gcp.CertificateManager.Certificate(\"default\", new()\n {\n Name = \"self-managed-cert\",\n Description = \"Global cert\",\n Scope = \"EDGE_CACHE\",\n Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs\n {\n Domains = new[]\n {\n instance.Domain,\n instance2.Domain,\n },\n DnsAuthorizations = new[]\n {\n instance.Id,\n instance2.Id,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinstance, err := certificatemanager.NewDnsAuthorization(ctx, \"instance\", \u0026certificatemanager.DnsAuthorizationArgs{\n\t\t\tName: pulumi.String(\"dns-auth\"),\n\t\t\tDescription: pulumi.String(\"The default dnss\"),\n\t\t\tDomain: pulumi.String(\"subdomain.hashicorptest.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstance2, err := certificatemanager.NewDnsAuthorization(ctx, \"instance2\", \u0026certificatemanager.DnsAuthorizationArgs{\n\t\t\tName: pulumi.String(\"dns-auth2\"),\n\t\t\tDescription: pulumi.String(\"The default dnss\"),\n\t\t\tDomain: pulumi.String(\"subdomain2.hashicorptest.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificatemanager.NewCertificate(ctx, \"default\", \u0026certificatemanager.CertificateArgs{\n\t\t\tName: pulumi.String(\"self-managed-cert\"),\n\t\t\tDescription: pulumi.String(\"Global cert\"),\n\t\t\tScope: pulumi.String(\"EDGE_CACHE\"),\n\t\t\tManaged: \u0026certificatemanager.CertificateManagedArgs{\n\t\t\t\tDomains: pulumi.StringArray{\n\t\t\t\t\tinstance.Domain,\n\t\t\t\t\tinstance2.Domain,\n\t\t\t\t},\n\t\t\t\tDnsAuthorizations: pulumi.StringArray{\n\t\t\t\t\tinstance.ID(),\n\t\t\t\t\tinstance2.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificatemanager.DnsAuthorization;\nimport com.pulumi.gcp.certificatemanager.DnsAuthorizationArgs;\nimport com.pulumi.gcp.certificatemanager.Certificate;\nimport com.pulumi.gcp.certificatemanager.CertificateArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new DnsAuthorization(\"instance\", DnsAuthorizationArgs.builder()\n .name(\"dns-auth\")\n .description(\"The default dnss\")\n .domain(\"subdomain.hashicorptest.com\")\n .build());\n\n var instance2 = new DnsAuthorization(\"instance2\", DnsAuthorizationArgs.builder()\n .name(\"dns-auth2\")\n .description(\"The default dnss\")\n .domain(\"subdomain2.hashicorptest.com\")\n .build());\n\n var default_ = new Certificate(\"default\", CertificateArgs.builder()\n .name(\"self-managed-cert\")\n .description(\"Global cert\")\n .scope(\"EDGE_CACHE\")\n .managed(CertificateManagedArgs.builder()\n .domains( \n instance.domain(),\n instance2.domain())\n .dnsAuthorizations( \n instance.id(),\n instance2.id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificatemanager:Certificate\n properties:\n name: self-managed-cert\n description: Global cert\n scope: EDGE_CACHE\n managed:\n domains:\n - ${instance.domain}\n - ${instance2.domain}\n dnsAuthorizations:\n - ${instance.id}\n - ${instance2.id}\n instance:\n type: gcp:certificatemanager:DnsAuthorization\n properties:\n name: dns-auth\n description: The default dnss\n domain: subdomain.hashicorptest.com\n instance2:\n type: gcp:certificatemanager:DnsAuthorization\n properties:\n name: dns-auth2\n description: The default dnss\n domain: subdomain2.hashicorptest.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Certificate Manager Self Managed Certificate Regional\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst _default = new gcp.certificatemanager.Certificate(\"default\", {\n name: \"self-managed-cert\",\n description: \"Regional cert\",\n location: \"us-central1\",\n selfManaged: {\n pemCertificate: std.file({\n input: \"test-fixtures/cert.pem\",\n }).then(invoke =\u003e invoke.result),\n pemPrivateKey: std.file({\n input: \"test-fixtures/private-key.pem\",\n }).then(invoke =\u003e invoke.result),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndefault = gcp.certificatemanager.Certificate(\"default\",\n name=\"self-managed-cert\",\n description=\"Regional cert\",\n location=\"us-central1\",\n self_managed={\n \"pem_certificate\": std.file(input=\"test-fixtures/cert.pem\").result,\n \"pem_private_key\": std.file(input=\"test-fixtures/private-key.pem\").result,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CertificateManager.Certificate(\"default\", new()\n {\n Name = \"self-managed-cert\",\n Description = \"Regional cert\",\n Location = \"us-central1\",\n SelfManaged = new Gcp.CertificateManager.Inputs.CertificateSelfManagedArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n PemPrivateKey = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/private-key.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/private-key.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificatemanager.NewCertificate(ctx, \"default\", \u0026certificatemanager.CertificateArgs{\n\t\t\tName: pulumi.String(\"self-managed-cert\"),\n\t\t\tDescription: pulumi.String(\"Regional cert\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tSelfManaged: \u0026certificatemanager.CertificateSelfManagedArgs{\n\t\t\t\tPemCertificate: pulumi.String(invokeFile.Result),\n\t\t\t\tPemPrivateKey: pulumi.String(invokeFile1.Result),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificatemanager.Certificate;\nimport com.pulumi.gcp.certificatemanager.CertificateArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.CertificateSelfManagedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Certificate(\"default\", CertificateArgs.builder()\n .name(\"self-managed-cert\")\n .description(\"Regional cert\")\n .location(\"us-central1\")\n .selfManaged(CertificateSelfManagedArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/cert.pem\")\n .build()).result())\n .pemPrivateKey(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/private-key.pem\")\n .build()).result())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificatemanager:Certificate\n properties:\n name: self-managed-cert\n description: Regional cert\n location: us-central1\n selfManaged:\n pemCertificate:\n fn::invoke:\n function: std:file\n arguments:\n input: test-fixtures/cert.pem\n return: result\n pemPrivateKey:\n fn::invoke:\n function: std:file\n arguments:\n input: test-fixtures/private-key.pem\n return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Certificate Manager Google Managed Certificate Issuance Config All Regions\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst pool = new gcp.certificateauthority.CaPool(\"pool\", {\n name: \"ca-pool\",\n location: \"us-central1\",\n tier: \"ENTERPRISE\",\n});\nconst caAuthority = new gcp.certificateauthority.Authority(\"ca_authority\", {\n location: \"us-central1\",\n pool: pool.name,\n certificateAuthorityId: \"ca-authority\",\n config: {\n subjectConfig: {\n subject: {\n organization: \"HashiCorp\",\n commonName: \"my-certificate-authority\",\n },\n subjectAltName: {\n dnsNames: [\"hashicorp.com\"],\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {\n serverAuth: true,\n },\n },\n },\n },\n keySpec: {\n algorithm: \"RSA_PKCS1_4096_SHA256\",\n },\n deletionProtection: false,\n skipGracePeriod: true,\n ignoreActiveCertificatesOnDeletion: true,\n});\n// creating certificate_issuance_config to use it in the managed certificate\nconst issuanceconfig = new gcp.certificatemanager.CertificateIssuanceConfig(\"issuanceconfig\", {\n name: \"issuance-config\",\n description: \"sample description for the certificate issuanceConfigs\",\n certificateAuthorityConfig: {\n certificateAuthorityServiceConfig: {\n caPool: pool.id,\n },\n },\n lifetime: \"1814400s\",\n rotationWindowPercentage: 34,\n keyAlgorithm: \"ECDSA_P256\",\n}, {\n dependsOn: [caAuthority],\n});\nconst _default = new gcp.certificatemanager.Certificate(\"default\", {\n name: \"issuance-config-cert\",\n description: \"sample google managed all_regions certificate with issuance config for terraform\",\n scope: \"ALL_REGIONS\",\n managed: {\n domains: [\"terraform.subdomain1.com\"],\n issuanceConfig: issuanceconfig.id,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npool = gcp.certificateauthority.CaPool(\"pool\",\n name=\"ca-pool\",\n location=\"us-central1\",\n tier=\"ENTERPRISE\")\nca_authority = gcp.certificateauthority.Authority(\"ca_authority\",\n location=\"us-central1\",\n pool=pool.name,\n certificate_authority_id=\"ca-authority\",\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"HashiCorp\",\n \"common_name\": \"my-certificate-authority\",\n },\n \"subject_alt_name\": {\n \"dns_names\": [\"hashicorp.com\"],\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {\n \"server_auth\": True,\n },\n },\n },\n },\n key_spec={\n \"algorithm\": \"RSA_PKCS1_4096_SHA256\",\n },\n deletion_protection=False,\n skip_grace_period=True,\n ignore_active_certificates_on_deletion=True)\n# creating certificate_issuance_config to use it in the managed certificate\nissuanceconfig = gcp.certificatemanager.CertificateIssuanceConfig(\"issuanceconfig\",\n name=\"issuance-config\",\n description=\"sample description for the certificate issuanceConfigs\",\n certificate_authority_config={\n \"certificate_authority_service_config\": {\n \"ca_pool\": pool.id,\n },\n },\n lifetime=\"1814400s\",\n rotation_window_percentage=34,\n key_algorithm=\"ECDSA_P256\",\n opts = pulumi.ResourceOptions(depends_on=[ca_authority]))\ndefault = gcp.certificatemanager.Certificate(\"default\",\n name=\"issuance-config-cert\",\n description=\"sample google managed all_regions certificate with issuance config for terraform\",\n scope=\"ALL_REGIONS\",\n managed={\n \"domains\": [\"terraform.subdomain1.com\"],\n \"issuance_config\": issuanceconfig.id,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Gcp.CertificateAuthority.CaPool(\"pool\", new()\n {\n Name = \"ca-pool\",\n Location = \"us-central1\",\n Tier = \"ENTERPRISE\",\n });\n\n var caAuthority = new Gcp.CertificateAuthority.Authority(\"ca_authority\", new()\n {\n Location = \"us-central1\",\n Pool = pool.Name,\n CertificateAuthorityId = \"ca-authority\",\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"HashiCorp\",\n CommonName = \"my-certificate-authority\",\n },\n SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs\n {\n DnsNames = new[]\n {\n \"hashicorp.com\",\n },\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = true,\n },\n },\n },\n },\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n Algorithm = \"RSA_PKCS1_4096_SHA256\",\n },\n DeletionProtection = false,\n SkipGracePeriod = true,\n IgnoreActiveCertificatesOnDeletion = true,\n });\n\n // creating certificate_issuance_config to use it in the managed certificate\n var issuanceconfig = new Gcp.CertificateManager.CertificateIssuanceConfig(\"issuanceconfig\", new()\n {\n Name = \"issuance-config\",\n Description = \"sample description for the certificate issuanceConfigs\",\n CertificateAuthorityConfig = new Gcp.CertificateManager.Inputs.CertificateIssuanceConfigCertificateAuthorityConfigArgs\n {\n CertificateAuthorityServiceConfig = new Gcp.CertificateManager.Inputs.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs\n {\n CaPool = pool.Id,\n },\n },\n Lifetime = \"1814400s\",\n RotationWindowPercentage = 34,\n KeyAlgorithm = \"ECDSA_P256\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n caAuthority,\n },\n });\n\n var @default = new Gcp.CertificateManager.Certificate(\"default\", new()\n {\n Name = \"issuance-config-cert\",\n Description = \"sample google managed all_regions certificate with issuance config for terraform\",\n Scope = \"ALL_REGIONS\",\n Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs\n {\n Domains = new[]\n {\n \"terraform.subdomain1.com\",\n },\n IssuanceConfig = issuanceconfig.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := certificateauthority.NewCaPool(ctx, \"pool\", \u0026certificateauthority.CaPoolArgs{\n\t\t\tName: pulumi.String(\"ca-pool\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTier: pulumi.String(\"ENTERPRISE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcaAuthority, err := certificateauthority.NewAuthority(ctx, \"ca_authority\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPool: pool.Name,\n\t\t\tCertificateAuthorityId: pulumi.String(\"ca-authority\"),\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"HashiCorp\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-certificate-authority\"),\n\t\t\t\t\t},\n\t\t\t\t\tSubjectAltName: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{\n\t\t\t\t\t\tDnsNames: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"hashicorp.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_PKCS1_4096_SHA256\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tSkipGracePeriod: pulumi.Bool(true),\n\t\t\tIgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// creating certificate_issuance_config to use it in the managed certificate\n\t\tissuanceconfig, err := certificatemanager.NewCertificateIssuanceConfig(ctx, \"issuanceconfig\", \u0026certificatemanager.CertificateIssuanceConfigArgs{\n\t\t\tName: pulumi.String(\"issuance-config\"),\n\t\t\tDescription: pulumi.String(\"sample description for the certificate issuanceConfigs\"),\n\t\t\tCertificateAuthorityConfig: \u0026certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigArgs{\n\t\t\t\tCertificateAuthorityServiceConfig: \u0026certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs{\n\t\t\t\t\tCaPool: pool.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLifetime: pulumi.String(\"1814400s\"),\n\t\t\tRotationWindowPercentage: pulumi.Int(34),\n\t\t\tKeyAlgorithm: pulumi.String(\"ECDSA_P256\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcaAuthority,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificatemanager.NewCertificate(ctx, \"default\", \u0026certificatemanager.CertificateArgs{\n\t\t\tName: pulumi.String(\"issuance-config-cert\"),\n\t\t\tDescription: pulumi.String(\"sample google managed all_regions certificate with issuance config for terraform\"),\n\t\t\tScope: pulumi.String(\"ALL_REGIONS\"),\n\t\t\tManaged: \u0026certificatemanager.CertificateManagedArgs{\n\t\t\t\tDomains: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"terraform.subdomain1.com\"),\n\t\t\t\t},\n\t\t\t\tIssuanceConfig: issuanceconfig.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPool;\nimport com.pulumi.gcp.certificateauthority.CaPoolArgs;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport com.pulumi.gcp.certificatemanager.CertificateIssuanceConfig;\nimport com.pulumi.gcp.certificatemanager.CertificateIssuanceConfigArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs;\nimport com.pulumi.gcp.certificatemanager.Certificate;\nimport com.pulumi.gcp.certificatemanager.CertificateArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new CaPool(\"pool\", CaPoolArgs.builder()\n .name(\"ca-pool\")\n .location(\"us-central1\")\n .tier(\"ENTERPRISE\")\n .build());\n\n var caAuthority = new Authority(\"caAuthority\", AuthorityArgs.builder()\n .location(\"us-central1\")\n .pool(pool.name())\n .certificateAuthorityId(\"ca-authority\")\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"HashiCorp\")\n .commonName(\"my-certificate-authority\")\n .build())\n .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()\n .dnsNames(\"hashicorp.com\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(true)\n .build())\n .build())\n .build())\n .build())\n .keySpec(AuthorityKeySpecArgs.builder()\n .algorithm(\"RSA_PKCS1_4096_SHA256\")\n .build())\n .deletionProtection(false)\n .skipGracePeriod(true)\n .ignoreActiveCertificatesOnDeletion(true)\n .build());\n\n // creating certificate_issuance_config to use it in the managed certificate\n var issuanceconfig = new CertificateIssuanceConfig(\"issuanceconfig\", CertificateIssuanceConfigArgs.builder()\n .name(\"issuance-config\")\n .description(\"sample description for the certificate issuanceConfigs\")\n .certificateAuthorityConfig(CertificateIssuanceConfigCertificateAuthorityConfigArgs.builder()\n .certificateAuthorityServiceConfig(CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs.builder()\n .caPool(pool.id())\n .build())\n .build())\n .lifetime(\"1814400s\")\n .rotationWindowPercentage(34)\n .keyAlgorithm(\"ECDSA_P256\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(caAuthority)\n .build());\n\n var default_ = new Certificate(\"default\", CertificateArgs.builder()\n .name(\"issuance-config-cert\")\n .description(\"sample google managed all_regions certificate with issuance config for terraform\")\n .scope(\"ALL_REGIONS\")\n .managed(CertificateManagedArgs.builder()\n .domains(\"terraform.subdomain1.com\")\n .issuanceConfig(issuanceconfig.id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificatemanager:Certificate\n properties:\n name: issuance-config-cert\n description: sample google managed all_regions certificate with issuance config for terraform\n scope: ALL_REGIONS\n managed:\n domains:\n - terraform.subdomain1.com\n issuanceConfig: ${issuanceconfig.id}\n # creating certificate_issuance_config to use it in the managed certificate\n issuanceconfig:\n type: gcp:certificatemanager:CertificateIssuanceConfig\n properties:\n name: issuance-config\n description: sample description for the certificate issuanceConfigs\n certificateAuthorityConfig:\n certificateAuthorityServiceConfig:\n caPool: ${pool.id}\n lifetime: 1814400s\n rotationWindowPercentage: 34\n keyAlgorithm: ECDSA_P256\n options:\n dependsOn:\n - ${caAuthority}\n pool:\n type: gcp:certificateauthority:CaPool\n properties:\n name: ca-pool\n location: us-central1\n tier: ENTERPRISE\n caAuthority:\n type: gcp:certificateauthority:Authority\n name: ca_authority\n properties:\n location: us-central1\n pool: ${pool.name}\n certificateAuthorityId: ca-authority\n config:\n subjectConfig:\n subject:\n organization: HashiCorp\n commonName: my-certificate-authority\n subjectAltName:\n dnsNames:\n - hashicorp.com\n x509Config:\n caOptions:\n isCa: true\n keyUsage:\n baseKeyUsage:\n certSign: true\n crlSign: true\n extendedKeyUsage:\n serverAuth: true\n keySpec:\n algorithm: RSA_PKCS1_4096_SHA256\n deletionProtection: false\n skipGracePeriod: true\n ignoreActiveCertificatesOnDeletion: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Certificate Manager Google Managed Certificate Dns All Regions\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.certificatemanager.DnsAuthorization(\"instance\", {\n name: \"dns-auth\",\n description: \"The default dnss\",\n domain: \"subdomain.hashicorptest.com\",\n});\nconst instance2 = new gcp.certificatemanager.DnsAuthorization(\"instance2\", {\n name: \"dns-auth2\",\n description: \"The default dnss\",\n domain: \"subdomain2.hashicorptest.com\",\n});\nconst _default = new gcp.certificatemanager.Certificate(\"default\", {\n name: \"dns-cert\",\n description: \"The default cert\",\n scope: \"ALL_REGIONS\",\n managed: {\n domains: [\n instance.domain,\n instance2.domain,\n ],\n dnsAuthorizations: [\n instance.id,\n instance2.id,\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.certificatemanager.DnsAuthorization(\"instance\",\n name=\"dns-auth\",\n description=\"The default dnss\",\n domain=\"subdomain.hashicorptest.com\")\ninstance2 = gcp.certificatemanager.DnsAuthorization(\"instance2\",\n name=\"dns-auth2\",\n description=\"The default dnss\",\n domain=\"subdomain2.hashicorptest.com\")\ndefault = gcp.certificatemanager.Certificate(\"default\",\n name=\"dns-cert\",\n description=\"The default cert\",\n scope=\"ALL_REGIONS\",\n managed={\n \"domains\": [\n instance.domain,\n instance2.domain,\n ],\n \"dns_authorizations\": [\n instance.id,\n instance2.id,\n ],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.CertificateManager.DnsAuthorization(\"instance\", new()\n {\n Name = \"dns-auth\",\n Description = \"The default dnss\",\n Domain = \"subdomain.hashicorptest.com\",\n });\n\n var instance2 = new Gcp.CertificateManager.DnsAuthorization(\"instance2\", new()\n {\n Name = \"dns-auth2\",\n Description = \"The default dnss\",\n Domain = \"subdomain2.hashicorptest.com\",\n });\n\n var @default = new Gcp.CertificateManager.Certificate(\"default\", new()\n {\n Name = \"dns-cert\",\n Description = \"The default cert\",\n Scope = \"ALL_REGIONS\",\n Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs\n {\n Domains = new[]\n {\n instance.Domain,\n instance2.Domain,\n },\n DnsAuthorizations = new[]\n {\n instance.Id,\n instance2.Id,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinstance, err := certificatemanager.NewDnsAuthorization(ctx, \"instance\", \u0026certificatemanager.DnsAuthorizationArgs{\n\t\t\tName: pulumi.String(\"dns-auth\"),\n\t\t\tDescription: pulumi.String(\"The default dnss\"),\n\t\t\tDomain: pulumi.String(\"subdomain.hashicorptest.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstance2, err := certificatemanager.NewDnsAuthorization(ctx, \"instance2\", \u0026certificatemanager.DnsAuthorizationArgs{\n\t\t\tName: pulumi.String(\"dns-auth2\"),\n\t\t\tDescription: pulumi.String(\"The default dnss\"),\n\t\t\tDomain: pulumi.String(\"subdomain2.hashicorptest.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificatemanager.NewCertificate(ctx, \"default\", \u0026certificatemanager.CertificateArgs{\n\t\t\tName: pulumi.String(\"dns-cert\"),\n\t\t\tDescription: pulumi.String(\"The default cert\"),\n\t\t\tScope: pulumi.String(\"ALL_REGIONS\"),\n\t\t\tManaged: \u0026certificatemanager.CertificateManagedArgs{\n\t\t\t\tDomains: pulumi.StringArray{\n\t\t\t\t\tinstance.Domain,\n\t\t\t\t\tinstance2.Domain,\n\t\t\t\t},\n\t\t\t\tDnsAuthorizations: pulumi.StringArray{\n\t\t\t\t\tinstance.ID(),\n\t\t\t\t\tinstance2.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificatemanager.DnsAuthorization;\nimport com.pulumi.gcp.certificatemanager.DnsAuthorizationArgs;\nimport com.pulumi.gcp.certificatemanager.Certificate;\nimport com.pulumi.gcp.certificatemanager.CertificateArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new DnsAuthorization(\"instance\", DnsAuthorizationArgs.builder()\n .name(\"dns-auth\")\n .description(\"The default dnss\")\n .domain(\"subdomain.hashicorptest.com\")\n .build());\n\n var instance2 = new DnsAuthorization(\"instance2\", DnsAuthorizationArgs.builder()\n .name(\"dns-auth2\")\n .description(\"The default dnss\")\n .domain(\"subdomain2.hashicorptest.com\")\n .build());\n\n var default_ = new Certificate(\"default\", CertificateArgs.builder()\n .name(\"dns-cert\")\n .description(\"The default cert\")\n .scope(\"ALL_REGIONS\")\n .managed(CertificateManagedArgs.builder()\n .domains( \n instance.domain(),\n instance2.domain())\n .dnsAuthorizations( \n instance.id(),\n instance2.id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificatemanager:Certificate\n properties:\n name: dns-cert\n description: The default cert\n scope: ALL_REGIONS\n managed:\n domains:\n - ${instance.domain}\n - ${instance2.domain}\n dnsAuthorizations:\n - ${instance.id}\n - ${instance2.id}\n instance:\n type: gcp:certificatemanager:DnsAuthorization\n properties:\n name: dns-auth\n description: The default dnss\n domain: subdomain.hashicorptest.com\n instance2:\n type: gcp:certificatemanager:DnsAuthorization\n properties:\n name: dns-auth2\n description: The default dnss\n domain: subdomain2.hashicorptest.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Certificate Manager Google Managed Regional Certificate Dns Auth\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.certificatemanager.DnsAuthorization(\"instance\", {\n name: \"dns-auth\",\n location: \"us-central1\",\n description: \"The default dnss\",\n domain: \"subdomain.hashicorptest.com\",\n});\nconst _default = new gcp.certificatemanager.Certificate(\"default\", {\n name: \"dns-cert\",\n description: \"regional managed certs\",\n location: \"us-central1\",\n managed: {\n domains: [instance.domain],\n dnsAuthorizations: [instance.id],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.certificatemanager.DnsAuthorization(\"instance\",\n name=\"dns-auth\",\n location=\"us-central1\",\n description=\"The default dnss\",\n domain=\"subdomain.hashicorptest.com\")\ndefault = gcp.certificatemanager.Certificate(\"default\",\n name=\"dns-cert\",\n description=\"regional managed certs\",\n location=\"us-central1\",\n managed={\n \"domains\": [instance.domain],\n \"dns_authorizations\": [instance.id],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.CertificateManager.DnsAuthorization(\"instance\", new()\n {\n Name = \"dns-auth\",\n Location = \"us-central1\",\n Description = \"The default dnss\",\n Domain = \"subdomain.hashicorptest.com\",\n });\n\n var @default = new Gcp.CertificateManager.Certificate(\"default\", new()\n {\n Name = \"dns-cert\",\n Description = \"regional managed certs\",\n Location = \"us-central1\",\n Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs\n {\n Domains = new[]\n {\n instance.Domain,\n },\n DnsAuthorizations = new[]\n {\n instance.Id,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinstance, err := certificatemanager.NewDnsAuthorization(ctx, \"instance\", \u0026certificatemanager.DnsAuthorizationArgs{\n\t\t\tName: pulumi.String(\"dns-auth\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"The default dnss\"),\n\t\t\tDomain: pulumi.String(\"subdomain.hashicorptest.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificatemanager.NewCertificate(ctx, \"default\", \u0026certificatemanager.CertificateArgs{\n\t\t\tName: pulumi.String(\"dns-cert\"),\n\t\t\tDescription: pulumi.String(\"regional managed certs\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tManaged: \u0026certificatemanager.CertificateManagedArgs{\n\t\t\t\tDomains: pulumi.StringArray{\n\t\t\t\t\tinstance.Domain,\n\t\t\t\t},\n\t\t\t\tDnsAuthorizations: pulumi.StringArray{\n\t\t\t\t\tinstance.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificatemanager.DnsAuthorization;\nimport com.pulumi.gcp.certificatemanager.DnsAuthorizationArgs;\nimport com.pulumi.gcp.certificatemanager.Certificate;\nimport com.pulumi.gcp.certificatemanager.CertificateArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new DnsAuthorization(\"instance\", DnsAuthorizationArgs.builder()\n .name(\"dns-auth\")\n .location(\"us-central1\")\n .description(\"The default dnss\")\n .domain(\"subdomain.hashicorptest.com\")\n .build());\n\n var default_ = new Certificate(\"default\", CertificateArgs.builder()\n .name(\"dns-cert\")\n .description(\"regional managed certs\")\n .location(\"us-central1\")\n .managed(CertificateManagedArgs.builder()\n .domains(instance.domain())\n .dnsAuthorizations(instance.id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificatemanager:Certificate\n properties:\n name: dns-cert\n description: regional managed certs\n location: us-central1\n managed:\n domains:\n - ${instance.domain}\n dnsAuthorizations:\n - ${instance.id}\n instance:\n type: gcp:certificatemanager:DnsAuthorization\n properties:\n name: dns-auth\n location: us-central1\n description: The default dnss\n domain: subdomain.hashicorptest.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nCertificate can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/certificates/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Certificate can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:certificatemanager/certificate:Certificate default projects/{{project}}/locations/{{location}}/certificates/{{name}}\n```\n\n```sh\n$ pulumi import gcp:certificatemanager/certificate:Certificate default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:certificatemanager/certificate:Certificate default {{location}}/{{name}}\n```\n\n", "properties": { "description": { "type": "string", @@ -148475,7 +148475,7 @@ } }, "gcp:certificatemanager/certificateIssuanceConfig:CertificateIssuanceConfig": { - "description": "Certificate represents a HTTP-reachable backend for a Certificate.\n\n\nTo get more information about CertificateIssuanceConfig, see:\n\n* [API documentation](https://cloud.google.com/certificate-manager/docs/reference/certificate-manager/rest/v1/projects.locations.certificateIssuanceConfigs)\n* How-to Guides\n * [Manage certificate issuance configs](https://cloud.google.com/certificate-manager/docs/issuance-configs)\n\n## Example Usage\n\n### Certificate Manager Certificate Issuance Config\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst pool = new gcp.certificateauthority.CaPool(\"pool\", {\n name: \"ca-pool\",\n location: \"us-central1\",\n tier: \"ENTERPRISE\",\n});\nconst caAuthority = new gcp.certificateauthority.Authority(\"ca_authority\", {\n location: \"us-central1\",\n pool: pool.name,\n certificateAuthorityId: \"ca-authority\",\n config: {\n subjectConfig: {\n subject: {\n organization: \"HashiCorp\",\n commonName: \"my-certificate-authority\",\n },\n subjectAltName: {\n dnsNames: [\"hashicorp.com\"],\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {\n serverAuth: true,\n },\n },\n },\n },\n keySpec: {\n algorithm: \"RSA_PKCS1_4096_SHA256\",\n },\n deletionProtection: false,\n skipGracePeriod: true,\n ignoreActiveCertificatesOnDeletion: true,\n});\nconst _default = new gcp.certificatemanager.CertificateIssuanceConfig(\"default\", {\n name: \"issuance-config\",\n description: \"sample description for the certificate issuanceConfigs\",\n certificateAuthorityConfig: {\n certificateAuthorityServiceConfig: {\n caPool: pool.id,\n },\n },\n lifetime: \"1814400s\",\n rotationWindowPercentage: 34,\n keyAlgorithm: \"ECDSA_P256\",\n labels: {\n name: \"wrench\",\n count: \"3\",\n },\n}, {\n dependsOn: [caAuthority],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npool = gcp.certificateauthority.CaPool(\"pool\",\n name=\"ca-pool\",\n location=\"us-central1\",\n tier=\"ENTERPRISE\")\nca_authority = gcp.certificateauthority.Authority(\"ca_authority\",\n location=\"us-central1\",\n pool=pool.name,\n certificate_authority_id=\"ca-authority\",\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"HashiCorp\",\n \"common_name\": \"my-certificate-authority\",\n },\n \"subject_alt_name\": {\n \"dns_names\": [\"hashicorp.com\"],\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {\n \"server_auth\": True,\n },\n },\n },\n },\n key_spec={\n \"algorithm\": \"RSA_PKCS1_4096_SHA256\",\n },\n deletion_protection=False,\n skip_grace_period=True,\n ignore_active_certificates_on_deletion=True)\ndefault = gcp.certificatemanager.CertificateIssuanceConfig(\"default\",\n name=\"issuance-config\",\n description=\"sample description for the certificate issuanceConfigs\",\n certificate_authority_config={\n \"certificate_authority_service_config\": {\n \"ca_pool\": pool.id,\n },\n },\n lifetime=\"1814400s\",\n rotation_window_percentage=34,\n key_algorithm=\"ECDSA_P256\",\n labels={\n \"name\": \"wrench\",\n \"count\": \"3\",\n },\n opts = pulumi.ResourceOptions(depends_on=[ca_authority]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Gcp.CertificateAuthority.CaPool(\"pool\", new()\n {\n Name = \"ca-pool\",\n Location = \"us-central1\",\n Tier = \"ENTERPRISE\",\n });\n\n var caAuthority = new Gcp.CertificateAuthority.Authority(\"ca_authority\", new()\n {\n Location = \"us-central1\",\n Pool = pool.Name,\n CertificateAuthorityId = \"ca-authority\",\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"HashiCorp\",\n CommonName = \"my-certificate-authority\",\n },\n SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs\n {\n DnsNames = new[]\n {\n \"hashicorp.com\",\n },\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = true,\n },\n },\n },\n },\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n Algorithm = \"RSA_PKCS1_4096_SHA256\",\n },\n DeletionProtection = false,\n SkipGracePeriod = true,\n IgnoreActiveCertificatesOnDeletion = true,\n });\n\n var @default = new Gcp.CertificateManager.CertificateIssuanceConfig(\"default\", new()\n {\n Name = \"issuance-config\",\n Description = \"sample description for the certificate issuanceConfigs\",\n CertificateAuthorityConfig = new Gcp.CertificateManager.Inputs.CertificateIssuanceConfigCertificateAuthorityConfigArgs\n {\n CertificateAuthorityServiceConfig = new Gcp.CertificateManager.Inputs.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs\n {\n CaPool = pool.Id,\n },\n },\n Lifetime = \"1814400s\",\n RotationWindowPercentage = 34,\n KeyAlgorithm = \"ECDSA_P256\",\n Labels = \n {\n { \"name\", \"wrench\" },\n { \"count\", \"3\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n caAuthority,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := certificateauthority.NewCaPool(ctx, \"pool\", \u0026certificateauthority.CaPoolArgs{\n\t\t\tName: pulumi.String(\"ca-pool\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTier: pulumi.String(\"ENTERPRISE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcaAuthority, err := certificateauthority.NewAuthority(ctx, \"ca_authority\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPool: pool.Name,\n\t\t\tCertificateAuthorityId: pulumi.String(\"ca-authority\"),\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"HashiCorp\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-certificate-authority\"),\n\t\t\t\t\t},\n\t\t\t\t\tSubjectAltName: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{\n\t\t\t\t\t\tDnsNames: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"hashicorp.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_PKCS1_4096_SHA256\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tSkipGracePeriod: pulumi.Bool(true),\n\t\t\tIgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificatemanager.NewCertificateIssuanceConfig(ctx, \"default\", \u0026certificatemanager.CertificateIssuanceConfigArgs{\n\t\t\tName: pulumi.String(\"issuance-config\"),\n\t\t\tDescription: pulumi.String(\"sample description for the certificate issuanceConfigs\"),\n\t\t\tCertificateAuthorityConfig: \u0026certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigArgs{\n\t\t\t\tCertificateAuthorityServiceConfig: \u0026certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs{\n\t\t\t\t\tCaPool: pool.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLifetime: pulumi.String(\"1814400s\"),\n\t\t\tRotationWindowPercentage: pulumi.Int(34),\n\t\t\tKeyAlgorithm: pulumi.String(\"ECDSA_P256\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"name\": pulumi.String(\"wrench\"),\n\t\t\t\t\"count\": pulumi.String(\"3\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcaAuthority,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPool;\nimport com.pulumi.gcp.certificateauthority.CaPoolArgs;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport com.pulumi.gcp.certificatemanager.CertificateIssuanceConfig;\nimport com.pulumi.gcp.certificatemanager.CertificateIssuanceConfigArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new CaPool(\"pool\", CaPoolArgs.builder()\n .name(\"ca-pool\")\n .location(\"us-central1\")\n .tier(\"ENTERPRISE\")\n .build());\n\n var caAuthority = new Authority(\"caAuthority\", AuthorityArgs.builder()\n .location(\"us-central1\")\n .pool(pool.name())\n .certificateAuthorityId(\"ca-authority\")\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"HashiCorp\")\n .commonName(\"my-certificate-authority\")\n .build())\n .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()\n .dnsNames(\"hashicorp.com\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(true)\n .build())\n .build())\n .build())\n .build())\n .keySpec(AuthorityKeySpecArgs.builder()\n .algorithm(\"RSA_PKCS1_4096_SHA256\")\n .build())\n .deletionProtection(false)\n .skipGracePeriod(true)\n .ignoreActiveCertificatesOnDeletion(true)\n .build());\n\n var default_ = new CertificateIssuanceConfig(\"default\", CertificateIssuanceConfigArgs.builder()\n .name(\"issuance-config\")\n .description(\"sample description for the certificate issuanceConfigs\")\n .certificateAuthorityConfig(CertificateIssuanceConfigCertificateAuthorityConfigArgs.builder()\n .certificateAuthorityServiceConfig(CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs.builder()\n .caPool(pool.id())\n .build())\n .build())\n .lifetime(\"1814400s\")\n .rotationWindowPercentage(34)\n .keyAlgorithm(\"ECDSA_P256\")\n .labels(Map.ofEntries(\n Map.entry(\"name\", \"wrench\"),\n Map.entry(\"count\", \"3\")\n ))\n .build(), CustomResourceOptions.builder()\n .dependsOn(caAuthority)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificatemanager:CertificateIssuanceConfig\n properties:\n name: issuance-config\n description: sample description for the certificate issuanceConfigs\n certificateAuthorityConfig:\n certificateAuthorityServiceConfig:\n caPool: ${pool.id}\n lifetime: 1814400s\n rotationWindowPercentage: 34\n keyAlgorithm: ECDSA_P256\n labels:\n name: wrench\n count: '3'\n options:\n dependson:\n - ${caAuthority}\n pool:\n type: gcp:certificateauthority:CaPool\n properties:\n name: ca-pool\n location: us-central1\n tier: ENTERPRISE\n caAuthority:\n type: gcp:certificateauthority:Authority\n name: ca_authority\n properties:\n location: us-central1\n pool: ${pool.name}\n certificateAuthorityId: ca-authority\n config:\n subjectConfig:\n subject:\n organization: HashiCorp\n commonName: my-certificate-authority\n subjectAltName:\n dnsNames:\n - hashicorp.com\n x509Config:\n caOptions:\n isCa: true\n keyUsage:\n baseKeyUsage:\n certSign: true\n crlSign: true\n extendedKeyUsage:\n serverAuth: true\n keySpec:\n algorithm: RSA_PKCS1_4096_SHA256\n deletionProtection: false\n skipGracePeriod: true\n ignoreActiveCertificatesOnDeletion: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nCertificateIssuanceConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/certificateIssuanceConfigs/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, CertificateIssuanceConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:certificatemanager/certificateIssuanceConfig:CertificateIssuanceConfig default projects/{{project}}/locations/{{location}}/certificateIssuanceConfigs/{{name}}\n```\n\n```sh\n$ pulumi import gcp:certificatemanager/certificateIssuanceConfig:CertificateIssuanceConfig default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:certificatemanager/certificateIssuanceConfig:CertificateIssuanceConfig default {{location}}/{{name}}\n```\n\n", + "description": "Certificate represents a HTTP-reachable backend for a Certificate.\n\n\nTo get more information about CertificateIssuanceConfig, see:\n\n* [API documentation](https://cloud.google.com/certificate-manager/docs/reference/certificate-manager/rest/v1/projects.locations.certificateIssuanceConfigs)\n* How-to Guides\n * [Manage certificate issuance configs](https://cloud.google.com/certificate-manager/docs/issuance-configs)\n\n## Example Usage\n\n### Certificate Manager Certificate Issuance Config\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst pool = new gcp.certificateauthority.CaPool(\"pool\", {\n name: \"ca-pool\",\n location: \"us-central1\",\n tier: \"ENTERPRISE\",\n});\nconst caAuthority = new gcp.certificateauthority.Authority(\"ca_authority\", {\n location: \"us-central1\",\n pool: pool.name,\n certificateAuthorityId: \"ca-authority\",\n config: {\n subjectConfig: {\n subject: {\n organization: \"HashiCorp\",\n commonName: \"my-certificate-authority\",\n },\n subjectAltName: {\n dnsNames: [\"hashicorp.com\"],\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {\n serverAuth: true,\n },\n },\n },\n },\n keySpec: {\n algorithm: \"RSA_PKCS1_4096_SHA256\",\n },\n deletionProtection: false,\n skipGracePeriod: true,\n ignoreActiveCertificatesOnDeletion: true,\n});\nconst _default = new gcp.certificatemanager.CertificateIssuanceConfig(\"default\", {\n name: \"issuance-config\",\n description: \"sample description for the certificate issuanceConfigs\",\n certificateAuthorityConfig: {\n certificateAuthorityServiceConfig: {\n caPool: pool.id,\n },\n },\n lifetime: \"1814400s\",\n rotationWindowPercentage: 34,\n keyAlgorithm: \"ECDSA_P256\",\n labels: {\n name: \"wrench\",\n count: \"3\",\n },\n}, {\n dependsOn: [caAuthority],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npool = gcp.certificateauthority.CaPool(\"pool\",\n name=\"ca-pool\",\n location=\"us-central1\",\n tier=\"ENTERPRISE\")\nca_authority = gcp.certificateauthority.Authority(\"ca_authority\",\n location=\"us-central1\",\n pool=pool.name,\n certificate_authority_id=\"ca-authority\",\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"HashiCorp\",\n \"common_name\": \"my-certificate-authority\",\n },\n \"subject_alt_name\": {\n \"dns_names\": [\"hashicorp.com\"],\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {\n \"server_auth\": True,\n },\n },\n },\n },\n key_spec={\n \"algorithm\": \"RSA_PKCS1_4096_SHA256\",\n },\n deletion_protection=False,\n skip_grace_period=True,\n ignore_active_certificates_on_deletion=True)\ndefault = gcp.certificatemanager.CertificateIssuanceConfig(\"default\",\n name=\"issuance-config\",\n description=\"sample description for the certificate issuanceConfigs\",\n certificate_authority_config={\n \"certificate_authority_service_config\": {\n \"ca_pool\": pool.id,\n },\n },\n lifetime=\"1814400s\",\n rotation_window_percentage=34,\n key_algorithm=\"ECDSA_P256\",\n labels={\n \"name\": \"wrench\",\n \"count\": \"3\",\n },\n opts = pulumi.ResourceOptions(depends_on=[ca_authority]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Gcp.CertificateAuthority.CaPool(\"pool\", new()\n {\n Name = \"ca-pool\",\n Location = \"us-central1\",\n Tier = \"ENTERPRISE\",\n });\n\n var caAuthority = new Gcp.CertificateAuthority.Authority(\"ca_authority\", new()\n {\n Location = \"us-central1\",\n Pool = pool.Name,\n CertificateAuthorityId = \"ca-authority\",\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"HashiCorp\",\n CommonName = \"my-certificate-authority\",\n },\n SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs\n {\n DnsNames = new[]\n {\n \"hashicorp.com\",\n },\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = true,\n },\n },\n },\n },\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n Algorithm = \"RSA_PKCS1_4096_SHA256\",\n },\n DeletionProtection = false,\n SkipGracePeriod = true,\n IgnoreActiveCertificatesOnDeletion = true,\n });\n\n var @default = new Gcp.CertificateManager.CertificateIssuanceConfig(\"default\", new()\n {\n Name = \"issuance-config\",\n Description = \"sample description for the certificate issuanceConfigs\",\n CertificateAuthorityConfig = new Gcp.CertificateManager.Inputs.CertificateIssuanceConfigCertificateAuthorityConfigArgs\n {\n CertificateAuthorityServiceConfig = new Gcp.CertificateManager.Inputs.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs\n {\n CaPool = pool.Id,\n },\n },\n Lifetime = \"1814400s\",\n RotationWindowPercentage = 34,\n KeyAlgorithm = \"ECDSA_P256\",\n Labels = \n {\n { \"name\", \"wrench\" },\n { \"count\", \"3\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n caAuthority,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := certificateauthority.NewCaPool(ctx, \"pool\", \u0026certificateauthority.CaPoolArgs{\n\t\t\tName: pulumi.String(\"ca-pool\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTier: pulumi.String(\"ENTERPRISE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcaAuthority, err := certificateauthority.NewAuthority(ctx, \"ca_authority\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPool: pool.Name,\n\t\t\tCertificateAuthorityId: pulumi.String(\"ca-authority\"),\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"HashiCorp\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-certificate-authority\"),\n\t\t\t\t\t},\n\t\t\t\t\tSubjectAltName: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{\n\t\t\t\t\t\tDnsNames: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"hashicorp.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_PKCS1_4096_SHA256\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tSkipGracePeriod: pulumi.Bool(true),\n\t\t\tIgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificatemanager.NewCertificateIssuanceConfig(ctx, \"default\", \u0026certificatemanager.CertificateIssuanceConfigArgs{\n\t\t\tName: pulumi.String(\"issuance-config\"),\n\t\t\tDescription: pulumi.String(\"sample description for the certificate issuanceConfigs\"),\n\t\t\tCertificateAuthorityConfig: \u0026certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigArgs{\n\t\t\t\tCertificateAuthorityServiceConfig: \u0026certificatemanager.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs{\n\t\t\t\t\tCaPool: pool.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLifetime: pulumi.String(\"1814400s\"),\n\t\t\tRotationWindowPercentage: pulumi.Int(34),\n\t\t\tKeyAlgorithm: pulumi.String(\"ECDSA_P256\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"name\": pulumi.String(\"wrench\"),\n\t\t\t\t\"count\": pulumi.String(\"3\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcaAuthority,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPool;\nimport com.pulumi.gcp.certificateauthority.CaPoolArgs;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport com.pulumi.gcp.certificatemanager.CertificateIssuanceConfig;\nimport com.pulumi.gcp.certificatemanager.CertificateIssuanceConfigArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new CaPool(\"pool\", CaPoolArgs.builder()\n .name(\"ca-pool\")\n .location(\"us-central1\")\n .tier(\"ENTERPRISE\")\n .build());\n\n var caAuthority = new Authority(\"caAuthority\", AuthorityArgs.builder()\n .location(\"us-central1\")\n .pool(pool.name())\n .certificateAuthorityId(\"ca-authority\")\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"HashiCorp\")\n .commonName(\"my-certificate-authority\")\n .build())\n .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()\n .dnsNames(\"hashicorp.com\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(true)\n .build())\n .build())\n .build())\n .build())\n .keySpec(AuthorityKeySpecArgs.builder()\n .algorithm(\"RSA_PKCS1_4096_SHA256\")\n .build())\n .deletionProtection(false)\n .skipGracePeriod(true)\n .ignoreActiveCertificatesOnDeletion(true)\n .build());\n\n var default_ = new CertificateIssuanceConfig(\"default\", CertificateIssuanceConfigArgs.builder()\n .name(\"issuance-config\")\n .description(\"sample description for the certificate issuanceConfigs\")\n .certificateAuthorityConfig(CertificateIssuanceConfigCertificateAuthorityConfigArgs.builder()\n .certificateAuthorityServiceConfig(CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs.builder()\n .caPool(pool.id())\n .build())\n .build())\n .lifetime(\"1814400s\")\n .rotationWindowPercentage(34)\n .keyAlgorithm(\"ECDSA_P256\")\n .labels(Map.ofEntries(\n Map.entry(\"name\", \"wrench\"),\n Map.entry(\"count\", \"3\")\n ))\n .build(), CustomResourceOptions.builder()\n .dependsOn(caAuthority)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificatemanager:CertificateIssuanceConfig\n properties:\n name: issuance-config\n description: sample description for the certificate issuanceConfigs\n certificateAuthorityConfig:\n certificateAuthorityServiceConfig:\n caPool: ${pool.id}\n lifetime: 1814400s\n rotationWindowPercentage: 34\n keyAlgorithm: ECDSA_P256\n labels:\n name: wrench\n count: '3'\n options:\n dependsOn:\n - ${caAuthority}\n pool:\n type: gcp:certificateauthority:CaPool\n properties:\n name: ca-pool\n location: us-central1\n tier: ENTERPRISE\n caAuthority:\n type: gcp:certificateauthority:Authority\n name: ca_authority\n properties:\n location: us-central1\n pool: ${pool.name}\n certificateAuthorityId: ca-authority\n config:\n subjectConfig:\n subject:\n organization: HashiCorp\n commonName: my-certificate-authority\n subjectAltName:\n dnsNames:\n - hashicorp.com\n x509Config:\n caOptions:\n isCa: true\n keyUsage:\n baseKeyUsage:\n certSign: true\n crlSign: true\n extendedKeyUsage:\n serverAuth: true\n keySpec:\n algorithm: RSA_PKCS1_4096_SHA256\n deletionProtection: false\n skipGracePeriod: true\n ignoreActiveCertificatesOnDeletion: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nCertificateIssuanceConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/certificateIssuanceConfigs/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, CertificateIssuanceConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:certificatemanager/certificateIssuanceConfig:CertificateIssuanceConfig default projects/{{project}}/locations/{{location}}/certificateIssuanceConfigs/{{name}}\n```\n\n```sh\n$ pulumi import gcp:certificatemanager/certificateIssuanceConfig:CertificateIssuanceConfig default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:certificatemanager/certificateIssuanceConfig:CertificateIssuanceConfig default {{location}}/{{name}}\n```\n\n", "properties": { "certificateAuthorityConfig": { "$ref": "#/types/gcp:certificatemanager/CertificateIssuanceConfigCertificateAuthorityConfig:CertificateIssuanceConfigCertificateAuthorityConfig", @@ -149212,7 +149212,7 @@ } }, "gcp:certificatemanager/trustConfig:TrustConfig": { - "description": "TrustConfig represents a resource that represents your Public Key Infrastructure (PKI) configuration in Certificate Manager for use in mutual TLS authentication scenarios.\n\n\nTo get more information about TrustConfig, see:\n\n* [API documentation](https://cloud.google.com/certificate-manager/docs/reference/certificate-manager/rest/v1/projects.locations.trustConfigs/create)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/certificate-manager/docs)\n\n\n\n## Example Usage\n\n### Certificate Manager Trust Config\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst _default = new gcp.certificatemanager.TrustConfig(\"default\", {\n name: \"trust-config\",\n description: \"sample description for the trust config\",\n location: \"us-central1\",\n trustStores: [{\n trustAnchors: [{\n pemCertificate: std.file({\n input: \"test-fixtures/cert.pem\",\n }).then(invoke =\u003e invoke.result),\n }],\n intermediateCas: [{\n pemCertificate: std.file({\n input: \"test-fixtures/cert.pem\",\n }).then(invoke =\u003e invoke.result),\n }],\n }],\n labels: {\n foo: \"bar\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndefault = gcp.certificatemanager.TrustConfig(\"default\",\n name=\"trust-config\",\n description=\"sample description for the trust config\",\n location=\"us-central1\",\n trust_stores=[{\n \"trust_anchors\": [{\n \"pem_certificate\": std.file(input=\"test-fixtures/cert.pem\").result,\n }],\n \"intermediate_cas\": [{\n \"pem_certificate\": std.file(input=\"test-fixtures/cert.pem\").result,\n }],\n }],\n labels={\n \"foo\": \"bar\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CertificateManager.TrustConfig(\"default\", new()\n {\n Name = \"trust-config\",\n Description = \"sample description for the trust config\",\n Location = \"us-central1\",\n TrustStores = new[]\n {\n new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreArgs\n {\n TrustAnchors = new[]\n {\n new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreTrustAnchorArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n IntermediateCas = new[]\n {\n new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreIntermediateCaArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n },\n },\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificatemanager.NewTrustConfig(ctx, \"default\", \u0026certificatemanager.TrustConfigArgs{\n\t\t\tName: pulumi.String(\"trust-config\"),\n\t\t\tDescription: pulumi.String(\"sample description for the trust config\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTrustStores: certificatemanager.TrustConfigTrustStoreArray{\n\t\t\t\t\u0026certificatemanager.TrustConfigTrustStoreArgs{\n\t\t\t\t\tTrustAnchors: certificatemanager.TrustConfigTrustStoreTrustAnchorArray{\n\t\t\t\t\t\t\u0026certificatemanager.TrustConfigTrustStoreTrustAnchorArgs{\n\t\t\t\t\t\t\tPemCertificate: pulumi.String(invokeFile.Result),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tIntermediateCas: certificatemanager.TrustConfigTrustStoreIntermediateCaArray{\n\t\t\t\t\t\t\u0026certificatemanager.TrustConfigTrustStoreIntermediateCaArgs{\n\t\t\t\t\t\t\tPemCertificate: pulumi.String(invokeFile1.Result),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificatemanager.TrustConfig;\nimport com.pulumi.gcp.certificatemanager.TrustConfigArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.TrustConfigTrustStoreArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new TrustConfig(\"default\", TrustConfigArgs.builder()\n .name(\"trust-config\")\n .description(\"sample description for the trust config\")\n .location(\"us-central1\")\n .trustStores(TrustConfigTrustStoreArgs.builder()\n .trustAnchors(TrustConfigTrustStoreTrustAnchorArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/cert.pem\")\n .build()).result())\n .build())\n .intermediateCas(TrustConfigTrustStoreIntermediateCaArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/cert.pem\")\n .build()).result())\n .build())\n .build())\n .labels(Map.of(\"foo\", \"bar\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificatemanager:TrustConfig\n properties:\n name: trust-config\n description: sample description for the trust config\n location: us-central1\n trustStores:\n - trustAnchors:\n - pemCertificate:\n fn::invoke:\n Function: std:file\n Arguments:\n input: test-fixtures/cert.pem\n Return: result\n intermediateCas:\n - pemCertificate:\n fn::invoke:\n Function: std:file\n Arguments:\n input: test-fixtures/cert.pem\n Return: result\n labels:\n foo: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Certificate Manager Trust Config Allowlisted Certificates\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst _default = new gcp.certificatemanager.TrustConfig(\"default\", {\n name: \"trust-config\",\n description: \"A sample trust config resource with allowlisted certificates\",\n location: \"global\",\n allowlistedCertificates: [\n {\n pemCertificate: std.file({\n input: \"test-fixtures/cert.pem\",\n }).then(invoke =\u003e invoke.result),\n },\n {\n pemCertificate: std.file({\n input: \"test-fixtures/cert2.pem\",\n }).then(invoke =\u003e invoke.result),\n },\n ],\n labels: {\n foo: \"bar\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndefault = gcp.certificatemanager.TrustConfig(\"default\",\n name=\"trust-config\",\n description=\"A sample trust config resource with allowlisted certificates\",\n location=\"global\",\n allowlisted_certificates=[\n {\n \"pem_certificate\": std.file(input=\"test-fixtures/cert.pem\").result,\n },\n {\n \"pem_certificate\": std.file(input=\"test-fixtures/cert2.pem\").result,\n },\n ],\n labels={\n \"foo\": \"bar\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CertificateManager.TrustConfig(\"default\", new()\n {\n Name = \"trust-config\",\n Description = \"A sample trust config resource with allowlisted certificates\",\n Location = \"global\",\n AllowlistedCertificates = new[]\n {\n new Gcp.CertificateManager.Inputs.TrustConfigAllowlistedCertificateArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n new Gcp.CertificateManager.Inputs.TrustConfigAllowlistedCertificateArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/cert2.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/cert2.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificatemanager.NewTrustConfig(ctx, \"default\", \u0026certificatemanager.TrustConfigArgs{\n\t\t\tName: pulumi.String(\"trust-config\"),\n\t\t\tDescription: pulumi.String(\"A sample trust config resource with allowlisted certificates\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tAllowlistedCertificates: certificatemanager.TrustConfigAllowlistedCertificateArray{\n\t\t\t\t\u0026certificatemanager.TrustConfigAllowlistedCertificateArgs{\n\t\t\t\t\tPemCertificate: pulumi.String(invokeFile.Result),\n\t\t\t\t},\n\t\t\t\t\u0026certificatemanager.TrustConfigAllowlistedCertificateArgs{\n\t\t\t\t\tPemCertificate: pulumi.String(invokeFile1.Result),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificatemanager.TrustConfig;\nimport com.pulumi.gcp.certificatemanager.TrustConfigArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.TrustConfigAllowlistedCertificateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new TrustConfig(\"default\", TrustConfigArgs.builder()\n .name(\"trust-config\")\n .description(\"A sample trust config resource with allowlisted certificates\")\n .location(\"global\")\n .allowlistedCertificates( \n TrustConfigAllowlistedCertificateArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/cert.pem\")\n .build()).result())\n .build(),\n TrustConfigAllowlistedCertificateArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/cert2.pem\")\n .build()).result())\n .build())\n .labels(Map.of(\"foo\", \"bar\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificatemanager:TrustConfig\n properties:\n name: trust-config\n description: A sample trust config resource with allowlisted certificates\n location: global\n allowlistedCertificates:\n - pemCertificate:\n fn::invoke:\n Function: std:file\n Arguments:\n input: test-fixtures/cert.pem\n Return: result\n - pemCertificate:\n fn::invoke:\n Function: std:file\n Arguments:\n input: test-fixtures/cert2.pem\n Return: result\n labels:\n foo: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nTrustConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/trustConfigs/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, TrustConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:certificatemanager/trustConfig:TrustConfig default projects/{{project}}/locations/{{location}}/trustConfigs/{{name}}\n```\n\n```sh\n$ pulumi import gcp:certificatemanager/trustConfig:TrustConfig default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:certificatemanager/trustConfig:TrustConfig default {{location}}/{{name}}\n```\n\n", + "description": "TrustConfig represents a resource that represents your Public Key Infrastructure (PKI) configuration in Certificate Manager for use in mutual TLS authentication scenarios.\n\n\nTo get more information about TrustConfig, see:\n\n* [API documentation](https://cloud.google.com/certificate-manager/docs/reference/certificate-manager/rest/v1/projects.locations.trustConfigs/create)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/certificate-manager/docs)\n\n\n\n## Example Usage\n\n### Certificate Manager Trust Config\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst _default = new gcp.certificatemanager.TrustConfig(\"default\", {\n name: \"trust-config\",\n description: \"sample description for the trust config\",\n location: \"us-central1\",\n trustStores: [{\n trustAnchors: [{\n pemCertificate: std.file({\n input: \"test-fixtures/cert.pem\",\n }).then(invoke =\u003e invoke.result),\n }],\n intermediateCas: [{\n pemCertificate: std.file({\n input: \"test-fixtures/cert.pem\",\n }).then(invoke =\u003e invoke.result),\n }],\n }],\n labels: {\n foo: \"bar\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndefault = gcp.certificatemanager.TrustConfig(\"default\",\n name=\"trust-config\",\n description=\"sample description for the trust config\",\n location=\"us-central1\",\n trust_stores=[{\n \"trust_anchors\": [{\n \"pem_certificate\": std.file(input=\"test-fixtures/cert.pem\").result,\n }],\n \"intermediate_cas\": [{\n \"pem_certificate\": std.file(input=\"test-fixtures/cert.pem\").result,\n }],\n }],\n labels={\n \"foo\": \"bar\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CertificateManager.TrustConfig(\"default\", new()\n {\n Name = \"trust-config\",\n Description = \"sample description for the trust config\",\n Location = \"us-central1\",\n TrustStores = new[]\n {\n new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreArgs\n {\n TrustAnchors = new[]\n {\n new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreTrustAnchorArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n IntermediateCas = new[]\n {\n new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreIntermediateCaArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n },\n },\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificatemanager.NewTrustConfig(ctx, \"default\", \u0026certificatemanager.TrustConfigArgs{\n\t\t\tName: pulumi.String(\"trust-config\"),\n\t\t\tDescription: pulumi.String(\"sample description for the trust config\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTrustStores: certificatemanager.TrustConfigTrustStoreArray{\n\t\t\t\t\u0026certificatemanager.TrustConfigTrustStoreArgs{\n\t\t\t\t\tTrustAnchors: certificatemanager.TrustConfigTrustStoreTrustAnchorArray{\n\t\t\t\t\t\t\u0026certificatemanager.TrustConfigTrustStoreTrustAnchorArgs{\n\t\t\t\t\t\t\tPemCertificate: pulumi.String(invokeFile.Result),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tIntermediateCas: certificatemanager.TrustConfigTrustStoreIntermediateCaArray{\n\t\t\t\t\t\t\u0026certificatemanager.TrustConfigTrustStoreIntermediateCaArgs{\n\t\t\t\t\t\t\tPemCertificate: pulumi.String(invokeFile1.Result),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificatemanager.TrustConfig;\nimport com.pulumi.gcp.certificatemanager.TrustConfigArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.TrustConfigTrustStoreArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new TrustConfig(\"default\", TrustConfigArgs.builder()\n .name(\"trust-config\")\n .description(\"sample description for the trust config\")\n .location(\"us-central1\")\n .trustStores(TrustConfigTrustStoreArgs.builder()\n .trustAnchors(TrustConfigTrustStoreTrustAnchorArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/cert.pem\")\n .build()).result())\n .build())\n .intermediateCas(TrustConfigTrustStoreIntermediateCaArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/cert.pem\")\n .build()).result())\n .build())\n .build())\n .labels(Map.of(\"foo\", \"bar\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificatemanager:TrustConfig\n properties:\n name: trust-config\n description: sample description for the trust config\n location: us-central1\n trustStores:\n - trustAnchors:\n - pemCertificate:\n fn::invoke:\n function: std:file\n arguments:\n input: test-fixtures/cert.pem\n return: result\n intermediateCas:\n - pemCertificate:\n fn::invoke:\n function: std:file\n arguments:\n input: test-fixtures/cert.pem\n return: result\n labels:\n foo: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Certificate Manager Trust Config Allowlisted Certificates\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst _default = new gcp.certificatemanager.TrustConfig(\"default\", {\n name: \"trust-config\",\n description: \"A sample trust config resource with allowlisted certificates\",\n location: \"global\",\n allowlistedCertificates: [\n {\n pemCertificate: std.file({\n input: \"test-fixtures/cert.pem\",\n }).then(invoke =\u003e invoke.result),\n },\n {\n pemCertificate: std.file({\n input: \"test-fixtures/cert2.pem\",\n }).then(invoke =\u003e invoke.result),\n },\n ],\n labels: {\n foo: \"bar\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndefault = gcp.certificatemanager.TrustConfig(\"default\",\n name=\"trust-config\",\n description=\"A sample trust config resource with allowlisted certificates\",\n location=\"global\",\n allowlisted_certificates=[\n {\n \"pem_certificate\": std.file(input=\"test-fixtures/cert.pem\").result,\n },\n {\n \"pem_certificate\": std.file(input=\"test-fixtures/cert2.pem\").result,\n },\n ],\n labels={\n \"foo\": \"bar\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CertificateManager.TrustConfig(\"default\", new()\n {\n Name = \"trust-config\",\n Description = \"A sample trust config resource with allowlisted certificates\",\n Location = \"global\",\n AllowlistedCertificates = new[]\n {\n new Gcp.CertificateManager.Inputs.TrustConfigAllowlistedCertificateArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n new Gcp.CertificateManager.Inputs.TrustConfigAllowlistedCertificateArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/cert2.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/cert2.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificatemanager.NewTrustConfig(ctx, \"default\", \u0026certificatemanager.TrustConfigArgs{\n\t\t\tName: pulumi.String(\"trust-config\"),\n\t\t\tDescription: pulumi.String(\"A sample trust config resource with allowlisted certificates\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tAllowlistedCertificates: certificatemanager.TrustConfigAllowlistedCertificateArray{\n\t\t\t\t\u0026certificatemanager.TrustConfigAllowlistedCertificateArgs{\n\t\t\t\t\tPemCertificate: pulumi.String(invokeFile.Result),\n\t\t\t\t},\n\t\t\t\t\u0026certificatemanager.TrustConfigAllowlistedCertificateArgs{\n\t\t\t\t\tPemCertificate: pulumi.String(invokeFile1.Result),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificatemanager.TrustConfig;\nimport com.pulumi.gcp.certificatemanager.TrustConfigArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.TrustConfigAllowlistedCertificateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new TrustConfig(\"default\", TrustConfigArgs.builder()\n .name(\"trust-config\")\n .description(\"A sample trust config resource with allowlisted certificates\")\n .location(\"global\")\n .allowlistedCertificates( \n TrustConfigAllowlistedCertificateArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/cert.pem\")\n .build()).result())\n .build(),\n TrustConfigAllowlistedCertificateArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/cert2.pem\")\n .build()).result())\n .build())\n .labels(Map.of(\"foo\", \"bar\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificatemanager:TrustConfig\n properties:\n name: trust-config\n description: A sample trust config resource with allowlisted certificates\n location: global\n allowlistedCertificates:\n - pemCertificate:\n fn::invoke:\n function: std:file\n arguments:\n input: test-fixtures/cert.pem\n return: result\n - pemCertificate:\n fn::invoke:\n function: std:file\n arguments:\n input: test-fixtures/cert2.pem\n return: result\n labels:\n foo: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nTrustConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/trustConfigs/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, TrustConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:certificatemanager/trustConfig:TrustConfig default projects/{{project}}/locations/{{location}}/trustConfigs/{{name}}\n```\n\n```sh\n$ pulumi import gcp:certificatemanager/trustConfig:TrustConfig default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:certificatemanager/trustConfig:TrustConfig default {{location}}/{{name}}\n```\n\n", "properties": { "allowlistedCertificates": { "type": "array", @@ -149402,7 +149402,7 @@ } }, "gcp:cloudasset/folderFeed:FolderFeed": { - "description": "Describes a Cloud Asset Inventory feed used to to listen to asset updates.\n\n\nTo get more information about FolderFeed, see:\n\n* [API documentation](https://cloud.google.com/asset-inventory/docs/reference/rest/)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/asset-inventory/docs)\n\n## Example Usage\n\n### Cloud Asset Folder Feed\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n// The topic where the resource change notifications will be sent.\nconst feedOutput = new gcp.pubsub.Topic(\"feed_output\", {\n project: \"my-project-name\",\n name: \"network-updates\",\n});\n// The folder that will be monitored for resource updates.\nconst myFolder = new gcp.organizations.Folder(\"my_folder\", {\n displayName: \"Networking\",\n parent: \"organizations/123456789\",\n deletionProtection: false,\n});\n// Create a feed that sends notifications about network resource updates under a\n// particular folder.\nconst folderFeed = new gcp.cloudasset.FolderFeed(\"folder_feed\", {\n billingProject: \"my-project-name\",\n folder: myFolder.folderId,\n feedId: \"network-updates\",\n contentType: \"RESOURCE\",\n assetTypes: [\n \"compute.googleapis.com/Subnetwork\",\n \"compute.googleapis.com/Network\",\n ],\n feedOutputConfig: {\n pubsubDestination: {\n topic: feedOutput.id,\n },\n },\n condition: {\n expression: `!temporal_asset.deleted \u0026\u0026\ntemporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\n`,\n title: \"created\",\n description: \"Send notifications on creation events\",\n },\n});\n// Find the project number of the project whose identity will be used for sending\n// the asset change notifications.\nconst project = gcp.organizations.getProject({\n projectId: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n# The topic where the resource change notifications will be sent.\nfeed_output = gcp.pubsub.Topic(\"feed_output\",\n project=\"my-project-name\",\n name=\"network-updates\")\n# The folder that will be monitored for resource updates.\nmy_folder = gcp.organizations.Folder(\"my_folder\",\n display_name=\"Networking\",\n parent=\"organizations/123456789\",\n deletion_protection=False)\n# Create a feed that sends notifications about network resource updates under a\n# particular folder.\nfolder_feed = gcp.cloudasset.FolderFeed(\"folder_feed\",\n billing_project=\"my-project-name\",\n folder=my_folder.folder_id,\n feed_id=\"network-updates\",\n content_type=\"RESOURCE\",\n asset_types=[\n \"compute.googleapis.com/Subnetwork\",\n \"compute.googleapis.com/Network\",\n ],\n feed_output_config={\n \"pubsub_destination\": {\n \"topic\": feed_output.id,\n },\n },\n condition={\n \"expression\": \"\"\"!temporal_asset.deleted \u0026\u0026\ntemporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\n\"\"\",\n \"title\": \"created\",\n \"description\": \"Send notifications on creation events\",\n })\n# Find the project number of the project whose identity will be used for sending\n# the asset change notifications.\nproject = gcp.organizations.get_project(project_id=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // The topic where the resource change notifications will be sent.\n var feedOutput = new Gcp.PubSub.Topic(\"feed_output\", new()\n {\n Project = \"my-project-name\",\n Name = \"network-updates\",\n });\n\n // The folder that will be monitored for resource updates.\n var myFolder = new Gcp.Organizations.Folder(\"my_folder\", new()\n {\n DisplayName = \"Networking\",\n Parent = \"organizations/123456789\",\n DeletionProtection = false,\n });\n\n // Create a feed that sends notifications about network resource updates under a\n // particular folder.\n var folderFeed = new Gcp.CloudAsset.FolderFeed(\"folder_feed\", new()\n {\n BillingProject = \"my-project-name\",\n Folder = myFolder.FolderId,\n FeedId = \"network-updates\",\n ContentType = \"RESOURCE\",\n AssetTypes = new[]\n {\n \"compute.googleapis.com/Subnetwork\",\n \"compute.googleapis.com/Network\",\n },\n FeedOutputConfig = new Gcp.CloudAsset.Inputs.FolderFeedFeedOutputConfigArgs\n {\n PubsubDestination = new Gcp.CloudAsset.Inputs.FolderFeedFeedOutputConfigPubsubDestinationArgs\n {\n Topic = feedOutput.Id,\n },\n },\n Condition = new Gcp.CloudAsset.Inputs.FolderFeedConditionArgs\n {\n Expression = @\"!temporal_asset.deleted \u0026\u0026\ntemporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\n\",\n Title = \"created\",\n Description = \"Send notifications on creation events\",\n },\n });\n\n // Find the project number of the project whose identity will be used for sending\n // the asset change notifications.\n var project = Gcp.Organizations.GetProject.Invoke(new()\n {\n ProjectId = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudasset\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// The topic where the resource change notifications will be sent.\n\t\tfeedOutput, err := pubsub.NewTopic(ctx, \"feed_output\", \u0026pubsub.TopicArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tName: pulumi.String(\"network-updates\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// The folder that will be monitored for resource updates.\n\t\tmyFolder, err := organizations.NewFolder(ctx, \"my_folder\", \u0026organizations.FolderArgs{\n\t\t\tDisplayName: pulumi.String(\"Networking\"),\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a feed that sends notifications about network resource updates under a\n\t\t// particular folder.\n\t\t_, err = cloudasset.NewFolderFeed(ctx, \"folder_feed\", \u0026cloudasset.FolderFeedArgs{\n\t\t\tBillingProject: pulumi.String(\"my-project-name\"),\n\t\t\tFolder: myFolder.FolderId,\n\t\t\tFeedId: pulumi.String(\"network-updates\"),\n\t\t\tContentType: pulumi.String(\"RESOURCE\"),\n\t\t\tAssetTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"compute.googleapis.com/Subnetwork\"),\n\t\t\t\tpulumi.String(\"compute.googleapis.com/Network\"),\n\t\t\t},\n\t\t\tFeedOutputConfig: \u0026cloudasset.FolderFeedFeedOutputConfigArgs{\n\t\t\t\tPubsubDestination: \u0026cloudasset.FolderFeedFeedOutputConfigPubsubDestinationArgs{\n\t\t\t\t\tTopic: feedOutput.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tCondition: \u0026cloudasset.FolderFeedConditionArgs{\n\t\t\t\tExpression: pulumi.String(\"!temporal_asset.deleted \u0026\u0026\\ntemporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\\n\"),\n\t\t\t\tTitle: pulumi.String(\"created\"),\n\t\t\t\tDescription: pulumi.String(\"Send notifications on creation events\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Find the project number of the project whose identity will be used for sending\n\t\t// the asset change notifications.\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{\n\t\t\tProjectId: pulumi.StringRef(\"my-project-name\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.organizations.Folder;\nimport com.pulumi.gcp.organizations.FolderArgs;\nimport com.pulumi.gcp.cloudasset.FolderFeed;\nimport com.pulumi.gcp.cloudasset.FolderFeedArgs;\nimport com.pulumi.gcp.cloudasset.inputs.FolderFeedFeedOutputConfigArgs;\nimport com.pulumi.gcp.cloudasset.inputs.FolderFeedFeedOutputConfigPubsubDestinationArgs;\nimport com.pulumi.gcp.cloudasset.inputs.FolderFeedConditionArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // The topic where the resource change notifications will be sent.\n var feedOutput = new Topic(\"feedOutput\", TopicArgs.builder()\n .project(\"my-project-name\")\n .name(\"network-updates\")\n .build());\n\n // The folder that will be monitored for resource updates.\n var myFolder = new Folder(\"myFolder\", FolderArgs.builder()\n .displayName(\"Networking\")\n .parent(\"organizations/123456789\")\n .deletionProtection(false)\n .build());\n\n // Create a feed that sends notifications about network resource updates under a\n // particular folder.\n var folderFeed = new FolderFeed(\"folderFeed\", FolderFeedArgs.builder()\n .billingProject(\"my-project-name\")\n .folder(myFolder.folderId())\n .feedId(\"network-updates\")\n .contentType(\"RESOURCE\")\n .assetTypes( \n \"compute.googleapis.com/Subnetwork\",\n \"compute.googleapis.com/Network\")\n .feedOutputConfig(FolderFeedFeedOutputConfigArgs.builder()\n .pubsubDestination(FolderFeedFeedOutputConfigPubsubDestinationArgs.builder()\n .topic(feedOutput.id())\n .build())\n .build())\n .condition(FolderFeedConditionArgs.builder()\n .expression(\"\"\"\n!temporal_asset.deleted \u0026\u0026\ntemporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\n \"\"\")\n .title(\"created\")\n .description(\"Send notifications on creation events\")\n .build())\n .build());\n\n // Find the project number of the project whose identity will be used for sending\n // the asset change notifications.\n final var project = OrganizationsFunctions.getProject(GetProjectArgs.builder()\n .projectId(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a feed that sends notifications about network resource updates under a\n # particular folder.\n folderFeed:\n type: gcp:cloudasset:FolderFeed\n name: folder_feed\n properties:\n billingProject: my-project-name\n folder: ${myFolder.folderId}\n feedId: network-updates\n contentType: RESOURCE\n assetTypes:\n - compute.googleapis.com/Subnetwork\n - compute.googleapis.com/Network\n feedOutputConfig:\n pubsubDestination:\n topic: ${feedOutput.id}\n condition:\n expression: |\n !temporal_asset.deleted \u0026\u0026\n temporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\n title: created\n description: Send notifications on creation events\n # The topic where the resource change notifications will be sent.\n feedOutput:\n type: gcp:pubsub:Topic\n name: feed_output\n properties:\n project: my-project-name\n name: network-updates\n # The folder that will be monitored for resource updates.\n myFolder:\n type: gcp:organizations:Folder\n name: my_folder\n properties:\n displayName: Networking\n parent: organizations/123456789\n deletionProtection: false\nvariables:\n # Find the project number of the project whose identity will be used for sending\n # the asset change notifications.\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments:\n projectId: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFolderFeed can be imported using any of these accepted formats:\n\n* `folders/{{folder_id}}/feeds/{{name}}`\n\n* `{{folder_id}}/{{name}}`\n\nWhen using the `pulumi import` command, FolderFeed can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:cloudasset/folderFeed:FolderFeed default folders/{{folder_id}}/feeds/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudasset/folderFeed:FolderFeed default {{folder_id}}/{{name}}\n```\n\n", + "description": "Describes a Cloud Asset Inventory feed used to to listen to asset updates.\n\n\nTo get more information about FolderFeed, see:\n\n* [API documentation](https://cloud.google.com/asset-inventory/docs/reference/rest/)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/asset-inventory/docs)\n\n## Example Usage\n\n### Cloud Asset Folder Feed\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n// The topic where the resource change notifications will be sent.\nconst feedOutput = new gcp.pubsub.Topic(\"feed_output\", {\n project: \"my-project-name\",\n name: \"network-updates\",\n});\n// The folder that will be monitored for resource updates.\nconst myFolder = new gcp.organizations.Folder(\"my_folder\", {\n displayName: \"Networking\",\n parent: \"organizations/123456789\",\n deletionProtection: false,\n});\n// Create a feed that sends notifications about network resource updates under a\n// particular folder.\nconst folderFeed = new gcp.cloudasset.FolderFeed(\"folder_feed\", {\n billingProject: \"my-project-name\",\n folder: myFolder.folderId,\n feedId: \"network-updates\",\n contentType: \"RESOURCE\",\n assetTypes: [\n \"compute.googleapis.com/Subnetwork\",\n \"compute.googleapis.com/Network\",\n ],\n feedOutputConfig: {\n pubsubDestination: {\n topic: feedOutput.id,\n },\n },\n condition: {\n expression: `!temporal_asset.deleted \u0026\u0026\ntemporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\n`,\n title: \"created\",\n description: \"Send notifications on creation events\",\n },\n});\n// Find the project number of the project whose identity will be used for sending\n// the asset change notifications.\nconst project = gcp.organizations.getProject({\n projectId: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n# The topic where the resource change notifications will be sent.\nfeed_output = gcp.pubsub.Topic(\"feed_output\",\n project=\"my-project-name\",\n name=\"network-updates\")\n# The folder that will be monitored for resource updates.\nmy_folder = gcp.organizations.Folder(\"my_folder\",\n display_name=\"Networking\",\n parent=\"organizations/123456789\",\n deletion_protection=False)\n# Create a feed that sends notifications about network resource updates under a\n# particular folder.\nfolder_feed = gcp.cloudasset.FolderFeed(\"folder_feed\",\n billing_project=\"my-project-name\",\n folder=my_folder.folder_id,\n feed_id=\"network-updates\",\n content_type=\"RESOURCE\",\n asset_types=[\n \"compute.googleapis.com/Subnetwork\",\n \"compute.googleapis.com/Network\",\n ],\n feed_output_config={\n \"pubsub_destination\": {\n \"topic\": feed_output.id,\n },\n },\n condition={\n \"expression\": \"\"\"!temporal_asset.deleted \u0026\u0026\ntemporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\n\"\"\",\n \"title\": \"created\",\n \"description\": \"Send notifications on creation events\",\n })\n# Find the project number of the project whose identity will be used for sending\n# the asset change notifications.\nproject = gcp.organizations.get_project(project_id=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // The topic where the resource change notifications will be sent.\n var feedOutput = new Gcp.PubSub.Topic(\"feed_output\", new()\n {\n Project = \"my-project-name\",\n Name = \"network-updates\",\n });\n\n // The folder that will be monitored for resource updates.\n var myFolder = new Gcp.Organizations.Folder(\"my_folder\", new()\n {\n DisplayName = \"Networking\",\n Parent = \"organizations/123456789\",\n DeletionProtection = false,\n });\n\n // Create a feed that sends notifications about network resource updates under a\n // particular folder.\n var folderFeed = new Gcp.CloudAsset.FolderFeed(\"folder_feed\", new()\n {\n BillingProject = \"my-project-name\",\n Folder = myFolder.FolderId,\n FeedId = \"network-updates\",\n ContentType = \"RESOURCE\",\n AssetTypes = new[]\n {\n \"compute.googleapis.com/Subnetwork\",\n \"compute.googleapis.com/Network\",\n },\n FeedOutputConfig = new Gcp.CloudAsset.Inputs.FolderFeedFeedOutputConfigArgs\n {\n PubsubDestination = new Gcp.CloudAsset.Inputs.FolderFeedFeedOutputConfigPubsubDestinationArgs\n {\n Topic = feedOutput.Id,\n },\n },\n Condition = new Gcp.CloudAsset.Inputs.FolderFeedConditionArgs\n {\n Expression = @\"!temporal_asset.deleted \u0026\u0026\ntemporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\n\",\n Title = \"created\",\n Description = \"Send notifications on creation events\",\n },\n });\n\n // Find the project number of the project whose identity will be used for sending\n // the asset change notifications.\n var project = Gcp.Organizations.GetProject.Invoke(new()\n {\n ProjectId = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudasset\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// The topic where the resource change notifications will be sent.\n\t\tfeedOutput, err := pubsub.NewTopic(ctx, \"feed_output\", \u0026pubsub.TopicArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tName: pulumi.String(\"network-updates\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// The folder that will be monitored for resource updates.\n\t\tmyFolder, err := organizations.NewFolder(ctx, \"my_folder\", \u0026organizations.FolderArgs{\n\t\t\tDisplayName: pulumi.String(\"Networking\"),\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a feed that sends notifications about network resource updates under a\n\t\t// particular folder.\n\t\t_, err = cloudasset.NewFolderFeed(ctx, \"folder_feed\", \u0026cloudasset.FolderFeedArgs{\n\t\t\tBillingProject: pulumi.String(\"my-project-name\"),\n\t\t\tFolder: myFolder.FolderId,\n\t\t\tFeedId: pulumi.String(\"network-updates\"),\n\t\t\tContentType: pulumi.String(\"RESOURCE\"),\n\t\t\tAssetTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"compute.googleapis.com/Subnetwork\"),\n\t\t\t\tpulumi.String(\"compute.googleapis.com/Network\"),\n\t\t\t},\n\t\t\tFeedOutputConfig: \u0026cloudasset.FolderFeedFeedOutputConfigArgs{\n\t\t\t\tPubsubDestination: \u0026cloudasset.FolderFeedFeedOutputConfigPubsubDestinationArgs{\n\t\t\t\t\tTopic: feedOutput.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tCondition: \u0026cloudasset.FolderFeedConditionArgs{\n\t\t\t\tExpression: pulumi.String(\"!temporal_asset.deleted \u0026\u0026\\ntemporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\\n\"),\n\t\t\t\tTitle: pulumi.String(\"created\"),\n\t\t\t\tDescription: pulumi.String(\"Send notifications on creation events\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Find the project number of the project whose identity will be used for sending\n\t\t// the asset change notifications.\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{\n\t\t\tProjectId: pulumi.StringRef(\"my-project-name\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.organizations.Folder;\nimport com.pulumi.gcp.organizations.FolderArgs;\nimport com.pulumi.gcp.cloudasset.FolderFeed;\nimport com.pulumi.gcp.cloudasset.FolderFeedArgs;\nimport com.pulumi.gcp.cloudasset.inputs.FolderFeedFeedOutputConfigArgs;\nimport com.pulumi.gcp.cloudasset.inputs.FolderFeedFeedOutputConfigPubsubDestinationArgs;\nimport com.pulumi.gcp.cloudasset.inputs.FolderFeedConditionArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // The topic where the resource change notifications will be sent.\n var feedOutput = new Topic(\"feedOutput\", TopicArgs.builder()\n .project(\"my-project-name\")\n .name(\"network-updates\")\n .build());\n\n // The folder that will be monitored for resource updates.\n var myFolder = new Folder(\"myFolder\", FolderArgs.builder()\n .displayName(\"Networking\")\n .parent(\"organizations/123456789\")\n .deletionProtection(false)\n .build());\n\n // Create a feed that sends notifications about network resource updates under a\n // particular folder.\n var folderFeed = new FolderFeed(\"folderFeed\", FolderFeedArgs.builder()\n .billingProject(\"my-project-name\")\n .folder(myFolder.folderId())\n .feedId(\"network-updates\")\n .contentType(\"RESOURCE\")\n .assetTypes( \n \"compute.googleapis.com/Subnetwork\",\n \"compute.googleapis.com/Network\")\n .feedOutputConfig(FolderFeedFeedOutputConfigArgs.builder()\n .pubsubDestination(FolderFeedFeedOutputConfigPubsubDestinationArgs.builder()\n .topic(feedOutput.id())\n .build())\n .build())\n .condition(FolderFeedConditionArgs.builder()\n .expression(\"\"\"\n!temporal_asset.deleted \u0026\u0026\ntemporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\n \"\"\")\n .title(\"created\")\n .description(\"Send notifications on creation events\")\n .build())\n .build());\n\n // Find the project number of the project whose identity will be used for sending\n // the asset change notifications.\n final var project = OrganizationsFunctions.getProject(GetProjectArgs.builder()\n .projectId(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a feed that sends notifications about network resource updates under a\n # particular folder.\n folderFeed:\n type: gcp:cloudasset:FolderFeed\n name: folder_feed\n properties:\n billingProject: my-project-name\n folder: ${myFolder.folderId}\n feedId: network-updates\n contentType: RESOURCE\n assetTypes:\n - compute.googleapis.com/Subnetwork\n - compute.googleapis.com/Network\n feedOutputConfig:\n pubsubDestination:\n topic: ${feedOutput.id}\n condition:\n expression: |\n !temporal_asset.deleted \u0026\u0026\n temporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\n title: created\n description: Send notifications on creation events\n # The topic where the resource change notifications will be sent.\n feedOutput:\n type: gcp:pubsub:Topic\n name: feed_output\n properties:\n project: my-project-name\n name: network-updates\n # The folder that will be monitored for resource updates.\n myFolder:\n type: gcp:organizations:Folder\n name: my_folder\n properties:\n displayName: Networking\n parent: organizations/123456789\n deletionProtection: false\nvariables:\n # Find the project number of the project whose identity will be used for sending\n # the asset change notifications.\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments:\n projectId: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFolderFeed can be imported using any of these accepted formats:\n\n* `folders/{{folder_id}}/feeds/{{name}}`\n\n* `{{folder_id}}/{{name}}`\n\nWhen using the `pulumi import` command, FolderFeed can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:cloudasset/folderFeed:FolderFeed default folders/{{folder_id}}/feeds/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudasset/folderFeed:FolderFeed default {{folder_id}}/{{name}}\n```\n\n", "properties": { "assetNames": { "type": "array", @@ -149565,7 +149565,7 @@ } }, "gcp:cloudasset/organizationFeed:OrganizationFeed": { - "description": "Describes a Cloud Asset Inventory feed used to to listen to asset updates.\n\n\nTo get more information about OrganizationFeed, see:\n\n* [API documentation](https://cloud.google.com/asset-inventory/docs/reference/rest/)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/asset-inventory/docs)\n\n## Example Usage\n\n### Cloud Asset Organization Feed\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n// The topic where the resource change notifications will be sent.\nconst feedOutput = new gcp.pubsub.Topic(\"feed_output\", {\n project: \"my-project-name\",\n name: \"network-updates\",\n});\n// Create a feed that sends notifications about network resource updates under a\n// particular organization.\nconst organizationFeed = new gcp.cloudasset.OrganizationFeed(\"organization_feed\", {\n billingProject: \"my-project-name\",\n orgId: \"123456789\",\n feedId: \"network-updates\",\n contentType: \"RESOURCE\",\n assetTypes: [\n \"compute.googleapis.com/Subnetwork\",\n \"compute.googleapis.com/Network\",\n ],\n feedOutputConfig: {\n pubsubDestination: {\n topic: feedOutput.id,\n },\n },\n condition: {\n expression: `!temporal_asset.deleted \u0026\u0026\ntemporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\n`,\n title: \"created\",\n description: \"Send notifications on creation events\",\n },\n});\n// Find the project number of the project whose identity will be used for sending\n// the asset change notifications.\nconst project = gcp.organizations.getProject({\n projectId: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n# The topic where the resource change notifications will be sent.\nfeed_output = gcp.pubsub.Topic(\"feed_output\",\n project=\"my-project-name\",\n name=\"network-updates\")\n# Create a feed that sends notifications about network resource updates under a\n# particular organization.\norganization_feed = gcp.cloudasset.OrganizationFeed(\"organization_feed\",\n billing_project=\"my-project-name\",\n org_id=\"123456789\",\n feed_id=\"network-updates\",\n content_type=\"RESOURCE\",\n asset_types=[\n \"compute.googleapis.com/Subnetwork\",\n \"compute.googleapis.com/Network\",\n ],\n feed_output_config={\n \"pubsub_destination\": {\n \"topic\": feed_output.id,\n },\n },\n condition={\n \"expression\": \"\"\"!temporal_asset.deleted \u0026\u0026\ntemporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\n\"\"\",\n \"title\": \"created\",\n \"description\": \"Send notifications on creation events\",\n })\n# Find the project number of the project whose identity will be used for sending\n# the asset change notifications.\nproject = gcp.organizations.get_project(project_id=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // The topic where the resource change notifications will be sent.\n var feedOutput = new Gcp.PubSub.Topic(\"feed_output\", new()\n {\n Project = \"my-project-name\",\n Name = \"network-updates\",\n });\n\n // Create a feed that sends notifications about network resource updates under a\n // particular organization.\n var organizationFeed = new Gcp.CloudAsset.OrganizationFeed(\"organization_feed\", new()\n {\n BillingProject = \"my-project-name\",\n OrgId = \"123456789\",\n FeedId = \"network-updates\",\n ContentType = \"RESOURCE\",\n AssetTypes = new[]\n {\n \"compute.googleapis.com/Subnetwork\",\n \"compute.googleapis.com/Network\",\n },\n FeedOutputConfig = new Gcp.CloudAsset.Inputs.OrganizationFeedFeedOutputConfigArgs\n {\n PubsubDestination = new Gcp.CloudAsset.Inputs.OrganizationFeedFeedOutputConfigPubsubDestinationArgs\n {\n Topic = feedOutput.Id,\n },\n },\n Condition = new Gcp.CloudAsset.Inputs.OrganizationFeedConditionArgs\n {\n Expression = @\"!temporal_asset.deleted \u0026\u0026\ntemporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\n\",\n Title = \"created\",\n Description = \"Send notifications on creation events\",\n },\n });\n\n // Find the project number of the project whose identity will be used for sending\n // the asset change notifications.\n var project = Gcp.Organizations.GetProject.Invoke(new()\n {\n ProjectId = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudasset\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// The topic where the resource change notifications will be sent.\n\t\tfeedOutput, err := pubsub.NewTopic(ctx, \"feed_output\", \u0026pubsub.TopicArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tName: pulumi.String(\"network-updates\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a feed that sends notifications about network resource updates under a\n\t\t// particular organization.\n\t\t_, err = cloudasset.NewOrganizationFeed(ctx, \"organization_feed\", \u0026cloudasset.OrganizationFeedArgs{\n\t\t\tBillingProject: pulumi.String(\"my-project-name\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tFeedId: pulumi.String(\"network-updates\"),\n\t\t\tContentType: pulumi.String(\"RESOURCE\"),\n\t\t\tAssetTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"compute.googleapis.com/Subnetwork\"),\n\t\t\t\tpulumi.String(\"compute.googleapis.com/Network\"),\n\t\t\t},\n\t\t\tFeedOutputConfig: \u0026cloudasset.OrganizationFeedFeedOutputConfigArgs{\n\t\t\t\tPubsubDestination: \u0026cloudasset.OrganizationFeedFeedOutputConfigPubsubDestinationArgs{\n\t\t\t\t\tTopic: feedOutput.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tCondition: \u0026cloudasset.OrganizationFeedConditionArgs{\n\t\t\t\tExpression: pulumi.String(\"!temporal_asset.deleted \u0026\u0026\\ntemporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\\n\"),\n\t\t\t\tTitle: pulumi.String(\"created\"),\n\t\t\t\tDescription: pulumi.String(\"Send notifications on creation events\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Find the project number of the project whose identity will be used for sending\n\t\t// the asset change notifications.\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{\n\t\t\tProjectId: pulumi.StringRef(\"my-project-name\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.cloudasset.OrganizationFeed;\nimport com.pulumi.gcp.cloudasset.OrganizationFeedArgs;\nimport com.pulumi.gcp.cloudasset.inputs.OrganizationFeedFeedOutputConfigArgs;\nimport com.pulumi.gcp.cloudasset.inputs.OrganizationFeedFeedOutputConfigPubsubDestinationArgs;\nimport com.pulumi.gcp.cloudasset.inputs.OrganizationFeedConditionArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // The topic where the resource change notifications will be sent.\n var feedOutput = new Topic(\"feedOutput\", TopicArgs.builder()\n .project(\"my-project-name\")\n .name(\"network-updates\")\n .build());\n\n // Create a feed that sends notifications about network resource updates under a\n // particular organization.\n var organizationFeed = new OrganizationFeed(\"organizationFeed\", OrganizationFeedArgs.builder()\n .billingProject(\"my-project-name\")\n .orgId(\"123456789\")\n .feedId(\"network-updates\")\n .contentType(\"RESOURCE\")\n .assetTypes( \n \"compute.googleapis.com/Subnetwork\",\n \"compute.googleapis.com/Network\")\n .feedOutputConfig(OrganizationFeedFeedOutputConfigArgs.builder()\n .pubsubDestination(OrganizationFeedFeedOutputConfigPubsubDestinationArgs.builder()\n .topic(feedOutput.id())\n .build())\n .build())\n .condition(OrganizationFeedConditionArgs.builder()\n .expression(\"\"\"\n!temporal_asset.deleted \u0026\u0026\ntemporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\n \"\"\")\n .title(\"created\")\n .description(\"Send notifications on creation events\")\n .build())\n .build());\n\n // Find the project number of the project whose identity will be used for sending\n // the asset change notifications.\n final var project = OrganizationsFunctions.getProject(GetProjectArgs.builder()\n .projectId(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a feed that sends notifications about network resource updates under a\n # particular organization.\n organizationFeed:\n type: gcp:cloudasset:OrganizationFeed\n name: organization_feed\n properties:\n billingProject: my-project-name\n orgId: '123456789'\n feedId: network-updates\n contentType: RESOURCE\n assetTypes:\n - compute.googleapis.com/Subnetwork\n - compute.googleapis.com/Network\n feedOutputConfig:\n pubsubDestination:\n topic: ${feedOutput.id}\n condition:\n expression: |\n !temporal_asset.deleted \u0026\u0026\n temporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\n title: created\n description: Send notifications on creation events\n # The topic where the resource change notifications will be sent.\n feedOutput:\n type: gcp:pubsub:Topic\n name: feed_output\n properties:\n project: my-project-name\n name: network-updates\nvariables:\n # Find the project number of the project whose identity will be used for sending\n # the asset change notifications.\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments:\n projectId: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nOrganizationFeed can be imported using any of these accepted formats:\n\n* `organizations/{{org_id}}/feeds/{{name}}`\n\n* `{{org_id}}/{{name}}`\n\nWhen using the `pulumi import` command, OrganizationFeed can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:cloudasset/organizationFeed:OrganizationFeed default organizations/{{org_id}}/feeds/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudasset/organizationFeed:OrganizationFeed default {{org_id}}/{{name}}\n```\n\n", + "description": "Describes a Cloud Asset Inventory feed used to to listen to asset updates.\n\n\nTo get more information about OrganizationFeed, see:\n\n* [API documentation](https://cloud.google.com/asset-inventory/docs/reference/rest/)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/asset-inventory/docs)\n\n## Example Usage\n\n### Cloud Asset Organization Feed\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n// The topic where the resource change notifications will be sent.\nconst feedOutput = new gcp.pubsub.Topic(\"feed_output\", {\n project: \"my-project-name\",\n name: \"network-updates\",\n});\n// Create a feed that sends notifications about network resource updates under a\n// particular organization.\nconst organizationFeed = new gcp.cloudasset.OrganizationFeed(\"organization_feed\", {\n billingProject: \"my-project-name\",\n orgId: \"123456789\",\n feedId: \"network-updates\",\n contentType: \"RESOURCE\",\n assetTypes: [\n \"compute.googleapis.com/Subnetwork\",\n \"compute.googleapis.com/Network\",\n ],\n feedOutputConfig: {\n pubsubDestination: {\n topic: feedOutput.id,\n },\n },\n condition: {\n expression: `!temporal_asset.deleted \u0026\u0026\ntemporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\n`,\n title: \"created\",\n description: \"Send notifications on creation events\",\n },\n});\n// Find the project number of the project whose identity will be used for sending\n// the asset change notifications.\nconst project = gcp.organizations.getProject({\n projectId: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n# The topic where the resource change notifications will be sent.\nfeed_output = gcp.pubsub.Topic(\"feed_output\",\n project=\"my-project-name\",\n name=\"network-updates\")\n# Create a feed that sends notifications about network resource updates under a\n# particular organization.\norganization_feed = gcp.cloudasset.OrganizationFeed(\"organization_feed\",\n billing_project=\"my-project-name\",\n org_id=\"123456789\",\n feed_id=\"network-updates\",\n content_type=\"RESOURCE\",\n asset_types=[\n \"compute.googleapis.com/Subnetwork\",\n \"compute.googleapis.com/Network\",\n ],\n feed_output_config={\n \"pubsub_destination\": {\n \"topic\": feed_output.id,\n },\n },\n condition={\n \"expression\": \"\"\"!temporal_asset.deleted \u0026\u0026\ntemporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\n\"\"\",\n \"title\": \"created\",\n \"description\": \"Send notifications on creation events\",\n })\n# Find the project number of the project whose identity will be used for sending\n# the asset change notifications.\nproject = gcp.organizations.get_project(project_id=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // The topic where the resource change notifications will be sent.\n var feedOutput = new Gcp.PubSub.Topic(\"feed_output\", new()\n {\n Project = \"my-project-name\",\n Name = \"network-updates\",\n });\n\n // Create a feed that sends notifications about network resource updates under a\n // particular organization.\n var organizationFeed = new Gcp.CloudAsset.OrganizationFeed(\"organization_feed\", new()\n {\n BillingProject = \"my-project-name\",\n OrgId = \"123456789\",\n FeedId = \"network-updates\",\n ContentType = \"RESOURCE\",\n AssetTypes = new[]\n {\n \"compute.googleapis.com/Subnetwork\",\n \"compute.googleapis.com/Network\",\n },\n FeedOutputConfig = new Gcp.CloudAsset.Inputs.OrganizationFeedFeedOutputConfigArgs\n {\n PubsubDestination = new Gcp.CloudAsset.Inputs.OrganizationFeedFeedOutputConfigPubsubDestinationArgs\n {\n Topic = feedOutput.Id,\n },\n },\n Condition = new Gcp.CloudAsset.Inputs.OrganizationFeedConditionArgs\n {\n Expression = @\"!temporal_asset.deleted \u0026\u0026\ntemporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\n\",\n Title = \"created\",\n Description = \"Send notifications on creation events\",\n },\n });\n\n // Find the project number of the project whose identity will be used for sending\n // the asset change notifications.\n var project = Gcp.Organizations.GetProject.Invoke(new()\n {\n ProjectId = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudasset\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// The topic where the resource change notifications will be sent.\n\t\tfeedOutput, err := pubsub.NewTopic(ctx, \"feed_output\", \u0026pubsub.TopicArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tName: pulumi.String(\"network-updates\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a feed that sends notifications about network resource updates under a\n\t\t// particular organization.\n\t\t_, err = cloudasset.NewOrganizationFeed(ctx, \"organization_feed\", \u0026cloudasset.OrganizationFeedArgs{\n\t\t\tBillingProject: pulumi.String(\"my-project-name\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tFeedId: pulumi.String(\"network-updates\"),\n\t\t\tContentType: pulumi.String(\"RESOURCE\"),\n\t\t\tAssetTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"compute.googleapis.com/Subnetwork\"),\n\t\t\t\tpulumi.String(\"compute.googleapis.com/Network\"),\n\t\t\t},\n\t\t\tFeedOutputConfig: \u0026cloudasset.OrganizationFeedFeedOutputConfigArgs{\n\t\t\t\tPubsubDestination: \u0026cloudasset.OrganizationFeedFeedOutputConfigPubsubDestinationArgs{\n\t\t\t\t\tTopic: feedOutput.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tCondition: \u0026cloudasset.OrganizationFeedConditionArgs{\n\t\t\t\tExpression: pulumi.String(\"!temporal_asset.deleted \u0026\u0026\\ntemporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\\n\"),\n\t\t\t\tTitle: pulumi.String(\"created\"),\n\t\t\t\tDescription: pulumi.String(\"Send notifications on creation events\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Find the project number of the project whose identity will be used for sending\n\t\t// the asset change notifications.\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{\n\t\t\tProjectId: pulumi.StringRef(\"my-project-name\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.cloudasset.OrganizationFeed;\nimport com.pulumi.gcp.cloudasset.OrganizationFeedArgs;\nimport com.pulumi.gcp.cloudasset.inputs.OrganizationFeedFeedOutputConfigArgs;\nimport com.pulumi.gcp.cloudasset.inputs.OrganizationFeedFeedOutputConfigPubsubDestinationArgs;\nimport com.pulumi.gcp.cloudasset.inputs.OrganizationFeedConditionArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // The topic where the resource change notifications will be sent.\n var feedOutput = new Topic(\"feedOutput\", TopicArgs.builder()\n .project(\"my-project-name\")\n .name(\"network-updates\")\n .build());\n\n // Create a feed that sends notifications about network resource updates under a\n // particular organization.\n var organizationFeed = new OrganizationFeed(\"organizationFeed\", OrganizationFeedArgs.builder()\n .billingProject(\"my-project-name\")\n .orgId(\"123456789\")\n .feedId(\"network-updates\")\n .contentType(\"RESOURCE\")\n .assetTypes( \n \"compute.googleapis.com/Subnetwork\",\n \"compute.googleapis.com/Network\")\n .feedOutputConfig(OrganizationFeedFeedOutputConfigArgs.builder()\n .pubsubDestination(OrganizationFeedFeedOutputConfigPubsubDestinationArgs.builder()\n .topic(feedOutput.id())\n .build())\n .build())\n .condition(OrganizationFeedConditionArgs.builder()\n .expression(\"\"\"\n!temporal_asset.deleted \u0026\u0026\ntemporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\n \"\"\")\n .title(\"created\")\n .description(\"Send notifications on creation events\")\n .build())\n .build());\n\n // Find the project number of the project whose identity will be used for sending\n // the asset change notifications.\n final var project = OrganizationsFunctions.getProject(GetProjectArgs.builder()\n .projectId(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a feed that sends notifications about network resource updates under a\n # particular organization.\n organizationFeed:\n type: gcp:cloudasset:OrganizationFeed\n name: organization_feed\n properties:\n billingProject: my-project-name\n orgId: '123456789'\n feedId: network-updates\n contentType: RESOURCE\n assetTypes:\n - compute.googleapis.com/Subnetwork\n - compute.googleapis.com/Network\n feedOutputConfig:\n pubsubDestination:\n topic: ${feedOutput.id}\n condition:\n expression: |\n !temporal_asset.deleted \u0026\u0026\n temporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\n title: created\n description: Send notifications on creation events\n # The topic where the resource change notifications will be sent.\n feedOutput:\n type: gcp:pubsub:Topic\n name: feed_output\n properties:\n project: my-project-name\n name: network-updates\nvariables:\n # Find the project number of the project whose identity will be used for sending\n # the asset change notifications.\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments:\n projectId: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nOrganizationFeed can be imported using any of these accepted formats:\n\n* `organizations/{{org_id}}/feeds/{{name}}`\n\n* `{{org_id}}/{{name}}`\n\nWhen using the `pulumi import` command, OrganizationFeed can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:cloudasset/organizationFeed:OrganizationFeed default organizations/{{org_id}}/feeds/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudasset/organizationFeed:OrganizationFeed default {{org_id}}/{{name}}\n```\n\n", "properties": { "assetNames": { "type": "array", @@ -149719,7 +149719,7 @@ } }, "gcp:cloudasset/projectFeed:ProjectFeed": { - "description": "Describes a Cloud Asset Inventory feed used to to listen to asset updates.\n\n\nTo get more information about ProjectFeed, see:\n\n* [API documentation](https://cloud.google.com/asset-inventory/docs/reference/rest/)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/asset-inventory/docs)\n\n## Example Usage\n\n### Cloud Asset Project Feed\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n// The topic where the resource change notifications will be sent.\nconst feedOutput = new gcp.pubsub.Topic(\"feed_output\", {\n project: \"my-project-name\",\n name: \"network-updates\",\n});\n// Create a feed that sends notifications about network resource updates.\nconst projectFeed = new gcp.cloudasset.ProjectFeed(\"project_feed\", {\n project: \"my-project-name\",\n feedId: \"network-updates\",\n contentType: \"RESOURCE\",\n assetTypes: [\n \"compute.googleapis.com/Subnetwork\",\n \"compute.googleapis.com/Network\",\n ],\n feedOutputConfig: {\n pubsubDestination: {\n topic: feedOutput.id,\n },\n },\n condition: {\n expression: `!temporal_asset.deleted \u0026\u0026\ntemporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\n`,\n title: \"created\",\n description: \"Send notifications on creation events\",\n },\n});\n// Find the project number of the project whose identity will be used for sending\n// the asset change notifications.\nconst project = gcp.organizations.getProject({\n projectId: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n# The topic where the resource change notifications will be sent.\nfeed_output = gcp.pubsub.Topic(\"feed_output\",\n project=\"my-project-name\",\n name=\"network-updates\")\n# Create a feed that sends notifications about network resource updates.\nproject_feed = gcp.cloudasset.ProjectFeed(\"project_feed\",\n project=\"my-project-name\",\n feed_id=\"network-updates\",\n content_type=\"RESOURCE\",\n asset_types=[\n \"compute.googleapis.com/Subnetwork\",\n \"compute.googleapis.com/Network\",\n ],\n feed_output_config={\n \"pubsub_destination\": {\n \"topic\": feed_output.id,\n },\n },\n condition={\n \"expression\": \"\"\"!temporal_asset.deleted \u0026\u0026\ntemporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\n\"\"\",\n \"title\": \"created\",\n \"description\": \"Send notifications on creation events\",\n })\n# Find the project number of the project whose identity will be used for sending\n# the asset change notifications.\nproject = gcp.organizations.get_project(project_id=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // The topic where the resource change notifications will be sent.\n var feedOutput = new Gcp.PubSub.Topic(\"feed_output\", new()\n {\n Project = \"my-project-name\",\n Name = \"network-updates\",\n });\n\n // Create a feed that sends notifications about network resource updates.\n var projectFeed = new Gcp.CloudAsset.ProjectFeed(\"project_feed\", new()\n {\n Project = \"my-project-name\",\n FeedId = \"network-updates\",\n ContentType = \"RESOURCE\",\n AssetTypes = new[]\n {\n \"compute.googleapis.com/Subnetwork\",\n \"compute.googleapis.com/Network\",\n },\n FeedOutputConfig = new Gcp.CloudAsset.Inputs.ProjectFeedFeedOutputConfigArgs\n {\n PubsubDestination = new Gcp.CloudAsset.Inputs.ProjectFeedFeedOutputConfigPubsubDestinationArgs\n {\n Topic = feedOutput.Id,\n },\n },\n Condition = new Gcp.CloudAsset.Inputs.ProjectFeedConditionArgs\n {\n Expression = @\"!temporal_asset.deleted \u0026\u0026\ntemporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\n\",\n Title = \"created\",\n Description = \"Send notifications on creation events\",\n },\n });\n\n // Find the project number of the project whose identity will be used for sending\n // the asset change notifications.\n var project = Gcp.Organizations.GetProject.Invoke(new()\n {\n ProjectId = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudasset\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// The topic where the resource change notifications will be sent.\n\t\tfeedOutput, err := pubsub.NewTopic(ctx, \"feed_output\", \u0026pubsub.TopicArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tName: pulumi.String(\"network-updates\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a feed that sends notifications about network resource updates.\n\t\t_, err = cloudasset.NewProjectFeed(ctx, \"project_feed\", \u0026cloudasset.ProjectFeedArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tFeedId: pulumi.String(\"network-updates\"),\n\t\t\tContentType: pulumi.String(\"RESOURCE\"),\n\t\t\tAssetTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"compute.googleapis.com/Subnetwork\"),\n\t\t\t\tpulumi.String(\"compute.googleapis.com/Network\"),\n\t\t\t},\n\t\t\tFeedOutputConfig: \u0026cloudasset.ProjectFeedFeedOutputConfigArgs{\n\t\t\t\tPubsubDestination: \u0026cloudasset.ProjectFeedFeedOutputConfigPubsubDestinationArgs{\n\t\t\t\t\tTopic: feedOutput.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tCondition: \u0026cloudasset.ProjectFeedConditionArgs{\n\t\t\t\tExpression: pulumi.String(\"!temporal_asset.deleted \u0026\u0026\\ntemporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\\n\"),\n\t\t\t\tTitle: pulumi.String(\"created\"),\n\t\t\t\tDescription: pulumi.String(\"Send notifications on creation events\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Find the project number of the project whose identity will be used for sending\n\t\t// the asset change notifications.\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{\n\t\t\tProjectId: pulumi.StringRef(\"my-project-name\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.cloudasset.ProjectFeed;\nimport com.pulumi.gcp.cloudasset.ProjectFeedArgs;\nimport com.pulumi.gcp.cloudasset.inputs.ProjectFeedFeedOutputConfigArgs;\nimport com.pulumi.gcp.cloudasset.inputs.ProjectFeedFeedOutputConfigPubsubDestinationArgs;\nimport com.pulumi.gcp.cloudasset.inputs.ProjectFeedConditionArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // The topic where the resource change notifications will be sent.\n var feedOutput = new Topic(\"feedOutput\", TopicArgs.builder()\n .project(\"my-project-name\")\n .name(\"network-updates\")\n .build());\n\n // Create a feed that sends notifications about network resource updates.\n var projectFeed = new ProjectFeed(\"projectFeed\", ProjectFeedArgs.builder()\n .project(\"my-project-name\")\n .feedId(\"network-updates\")\n .contentType(\"RESOURCE\")\n .assetTypes( \n \"compute.googleapis.com/Subnetwork\",\n \"compute.googleapis.com/Network\")\n .feedOutputConfig(ProjectFeedFeedOutputConfigArgs.builder()\n .pubsubDestination(ProjectFeedFeedOutputConfigPubsubDestinationArgs.builder()\n .topic(feedOutput.id())\n .build())\n .build())\n .condition(ProjectFeedConditionArgs.builder()\n .expression(\"\"\"\n!temporal_asset.deleted \u0026\u0026\ntemporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\n \"\"\")\n .title(\"created\")\n .description(\"Send notifications on creation events\")\n .build())\n .build());\n\n // Find the project number of the project whose identity will be used for sending\n // the asset change notifications.\n final var project = OrganizationsFunctions.getProject(GetProjectArgs.builder()\n .projectId(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a feed that sends notifications about network resource updates.\n projectFeed:\n type: gcp:cloudasset:ProjectFeed\n name: project_feed\n properties:\n project: my-project-name\n feedId: network-updates\n contentType: RESOURCE\n assetTypes:\n - compute.googleapis.com/Subnetwork\n - compute.googleapis.com/Network\n feedOutputConfig:\n pubsubDestination:\n topic: ${feedOutput.id}\n condition:\n expression: |\n !temporal_asset.deleted \u0026\u0026\n temporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\n title: created\n description: Send notifications on creation events\n # The topic where the resource change notifications will be sent.\n feedOutput:\n type: gcp:pubsub:Topic\n name: feed_output\n properties:\n project: my-project-name\n name: network-updates\nvariables:\n # Find the project number of the project whose identity will be used for sending\n # the asset change notifications.\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments:\n projectId: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProjectFeed can be imported using any of these accepted formats:\n\n* `projects/{{project}}/feeds/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, ProjectFeed can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:cloudasset/projectFeed:ProjectFeed default projects/{{project}}/feeds/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudasset/projectFeed:ProjectFeed default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudasset/projectFeed:ProjectFeed default {{name}}\n```\n\n", + "description": "Describes a Cloud Asset Inventory feed used to to listen to asset updates.\n\n\nTo get more information about ProjectFeed, see:\n\n* [API documentation](https://cloud.google.com/asset-inventory/docs/reference/rest/)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/asset-inventory/docs)\n\n## Example Usage\n\n### Cloud Asset Project Feed\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n// The topic where the resource change notifications will be sent.\nconst feedOutput = new gcp.pubsub.Topic(\"feed_output\", {\n project: \"my-project-name\",\n name: \"network-updates\",\n});\n// Create a feed that sends notifications about network resource updates.\nconst projectFeed = new gcp.cloudasset.ProjectFeed(\"project_feed\", {\n project: \"my-project-name\",\n feedId: \"network-updates\",\n contentType: \"RESOURCE\",\n assetTypes: [\n \"compute.googleapis.com/Subnetwork\",\n \"compute.googleapis.com/Network\",\n ],\n feedOutputConfig: {\n pubsubDestination: {\n topic: feedOutput.id,\n },\n },\n condition: {\n expression: `!temporal_asset.deleted \u0026\u0026\ntemporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\n`,\n title: \"created\",\n description: \"Send notifications on creation events\",\n },\n});\n// Find the project number of the project whose identity will be used for sending\n// the asset change notifications.\nconst project = gcp.organizations.getProject({\n projectId: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n# The topic where the resource change notifications will be sent.\nfeed_output = gcp.pubsub.Topic(\"feed_output\",\n project=\"my-project-name\",\n name=\"network-updates\")\n# Create a feed that sends notifications about network resource updates.\nproject_feed = gcp.cloudasset.ProjectFeed(\"project_feed\",\n project=\"my-project-name\",\n feed_id=\"network-updates\",\n content_type=\"RESOURCE\",\n asset_types=[\n \"compute.googleapis.com/Subnetwork\",\n \"compute.googleapis.com/Network\",\n ],\n feed_output_config={\n \"pubsub_destination\": {\n \"topic\": feed_output.id,\n },\n },\n condition={\n \"expression\": \"\"\"!temporal_asset.deleted \u0026\u0026\ntemporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\n\"\"\",\n \"title\": \"created\",\n \"description\": \"Send notifications on creation events\",\n })\n# Find the project number of the project whose identity will be used for sending\n# the asset change notifications.\nproject = gcp.organizations.get_project(project_id=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // The topic where the resource change notifications will be sent.\n var feedOutput = new Gcp.PubSub.Topic(\"feed_output\", new()\n {\n Project = \"my-project-name\",\n Name = \"network-updates\",\n });\n\n // Create a feed that sends notifications about network resource updates.\n var projectFeed = new Gcp.CloudAsset.ProjectFeed(\"project_feed\", new()\n {\n Project = \"my-project-name\",\n FeedId = \"network-updates\",\n ContentType = \"RESOURCE\",\n AssetTypes = new[]\n {\n \"compute.googleapis.com/Subnetwork\",\n \"compute.googleapis.com/Network\",\n },\n FeedOutputConfig = new Gcp.CloudAsset.Inputs.ProjectFeedFeedOutputConfigArgs\n {\n PubsubDestination = new Gcp.CloudAsset.Inputs.ProjectFeedFeedOutputConfigPubsubDestinationArgs\n {\n Topic = feedOutput.Id,\n },\n },\n Condition = new Gcp.CloudAsset.Inputs.ProjectFeedConditionArgs\n {\n Expression = @\"!temporal_asset.deleted \u0026\u0026\ntemporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\n\",\n Title = \"created\",\n Description = \"Send notifications on creation events\",\n },\n });\n\n // Find the project number of the project whose identity will be used for sending\n // the asset change notifications.\n var project = Gcp.Organizations.GetProject.Invoke(new()\n {\n ProjectId = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudasset\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// The topic where the resource change notifications will be sent.\n\t\tfeedOutput, err := pubsub.NewTopic(ctx, \"feed_output\", \u0026pubsub.TopicArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tName: pulumi.String(\"network-updates\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a feed that sends notifications about network resource updates.\n\t\t_, err = cloudasset.NewProjectFeed(ctx, \"project_feed\", \u0026cloudasset.ProjectFeedArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tFeedId: pulumi.String(\"network-updates\"),\n\t\t\tContentType: pulumi.String(\"RESOURCE\"),\n\t\t\tAssetTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"compute.googleapis.com/Subnetwork\"),\n\t\t\t\tpulumi.String(\"compute.googleapis.com/Network\"),\n\t\t\t},\n\t\t\tFeedOutputConfig: \u0026cloudasset.ProjectFeedFeedOutputConfigArgs{\n\t\t\t\tPubsubDestination: \u0026cloudasset.ProjectFeedFeedOutputConfigPubsubDestinationArgs{\n\t\t\t\t\tTopic: feedOutput.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tCondition: \u0026cloudasset.ProjectFeedConditionArgs{\n\t\t\t\tExpression: pulumi.String(\"!temporal_asset.deleted \u0026\u0026\\ntemporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\\n\"),\n\t\t\t\tTitle: pulumi.String(\"created\"),\n\t\t\t\tDescription: pulumi.String(\"Send notifications on creation events\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Find the project number of the project whose identity will be used for sending\n\t\t// the asset change notifications.\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{\n\t\t\tProjectId: pulumi.StringRef(\"my-project-name\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.cloudasset.ProjectFeed;\nimport com.pulumi.gcp.cloudasset.ProjectFeedArgs;\nimport com.pulumi.gcp.cloudasset.inputs.ProjectFeedFeedOutputConfigArgs;\nimport com.pulumi.gcp.cloudasset.inputs.ProjectFeedFeedOutputConfigPubsubDestinationArgs;\nimport com.pulumi.gcp.cloudasset.inputs.ProjectFeedConditionArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // The topic where the resource change notifications will be sent.\n var feedOutput = new Topic(\"feedOutput\", TopicArgs.builder()\n .project(\"my-project-name\")\n .name(\"network-updates\")\n .build());\n\n // Create a feed that sends notifications about network resource updates.\n var projectFeed = new ProjectFeed(\"projectFeed\", ProjectFeedArgs.builder()\n .project(\"my-project-name\")\n .feedId(\"network-updates\")\n .contentType(\"RESOURCE\")\n .assetTypes( \n \"compute.googleapis.com/Subnetwork\",\n \"compute.googleapis.com/Network\")\n .feedOutputConfig(ProjectFeedFeedOutputConfigArgs.builder()\n .pubsubDestination(ProjectFeedFeedOutputConfigPubsubDestinationArgs.builder()\n .topic(feedOutput.id())\n .build())\n .build())\n .condition(ProjectFeedConditionArgs.builder()\n .expression(\"\"\"\n!temporal_asset.deleted \u0026\u0026\ntemporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\n \"\"\")\n .title(\"created\")\n .description(\"Send notifications on creation events\")\n .build())\n .build());\n\n // Find the project number of the project whose identity will be used for sending\n // the asset change notifications.\n final var project = OrganizationsFunctions.getProject(GetProjectArgs.builder()\n .projectId(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a feed that sends notifications about network resource updates.\n projectFeed:\n type: gcp:cloudasset:ProjectFeed\n name: project_feed\n properties:\n project: my-project-name\n feedId: network-updates\n contentType: RESOURCE\n assetTypes:\n - compute.googleapis.com/Subnetwork\n - compute.googleapis.com/Network\n feedOutputConfig:\n pubsubDestination:\n topic: ${feedOutput.id}\n condition:\n expression: |\n !temporal_asset.deleted \u0026\u0026\n temporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\n title: created\n description: Send notifications on creation events\n # The topic where the resource change notifications will be sent.\n feedOutput:\n type: gcp:pubsub:Topic\n name: feed_output\n properties:\n project: my-project-name\n name: network-updates\nvariables:\n # Find the project number of the project whose identity will be used for sending\n # the asset change notifications.\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments:\n projectId: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProjectFeed can be imported using any of these accepted formats:\n\n* `projects/{{project}}/feeds/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, ProjectFeed can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:cloudasset/projectFeed:ProjectFeed default projects/{{project}}/feeds/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudasset/projectFeed:ProjectFeed default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudasset/projectFeed:ProjectFeed default {{name}}\n```\n\n", "properties": { "assetNames": { "type": "array", @@ -149867,7 +149867,7 @@ } }, "gcp:cloudbuild/bitbucketServerConfig:BitbucketServerConfig": { - "description": "BitbucketServerConfig represents the configuration for a Bitbucket Server.\n\n\nTo get more information about BitbucketServerConfig, see:\n\n* [API documentation](https://cloud.google.com/build/docs/api/reference/rest/v1/projects.locations.bitbucketServerConfigs)\n* How-to Guides\n * [Connect to a Bitbucket Server host](https://cloud.google.com/build/docs/automating-builds/bitbucket/connect-host-bitbucket-server)\n\n## Example Usage\n\n### Cloudbuild Bitbucket Server Config\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst bbs_config = new gcp.cloudbuild.BitbucketServerConfig(\"bbs-config\", {\n configId: \"bbs-config\",\n location: \"us-central1\",\n hostUri: \"https://bbs.com\",\n secrets: {\n adminAccessTokenVersionName: \"projects/myProject/secrets/mybbspat/versions/1\",\n readAccessTokenVersionName: \"projects/myProject/secrets/mybbspat/versions/1\",\n webhookSecretVersionName: \"projects/myProject/secrets/mybbspat/versions/1\",\n },\n username: \"test\",\n apiKey: \"\u003capi-key\u003e\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbbs_config = gcp.cloudbuild.BitbucketServerConfig(\"bbs-config\",\n config_id=\"bbs-config\",\n location=\"us-central1\",\n host_uri=\"https://bbs.com\",\n secrets={\n \"admin_access_token_version_name\": \"projects/myProject/secrets/mybbspat/versions/1\",\n \"read_access_token_version_name\": \"projects/myProject/secrets/mybbspat/versions/1\",\n \"webhook_secret_version_name\": \"projects/myProject/secrets/mybbspat/versions/1\",\n },\n username=\"test\",\n api_key=\"\u003capi-key\u003e\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bbs_config = new Gcp.CloudBuild.BitbucketServerConfig(\"bbs-config\", new()\n {\n ConfigId = \"bbs-config\",\n Location = \"us-central1\",\n HostUri = \"https://bbs.com\",\n Secrets = new Gcp.CloudBuild.Inputs.BitbucketServerConfigSecretsArgs\n {\n AdminAccessTokenVersionName = \"projects/myProject/secrets/mybbspat/versions/1\",\n ReadAccessTokenVersionName = \"projects/myProject/secrets/mybbspat/versions/1\",\n WebhookSecretVersionName = \"projects/myProject/secrets/mybbspat/versions/1\",\n },\n Username = \"test\",\n ApiKey = \"\u003capi-key\u003e\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuild.NewBitbucketServerConfig(ctx, \"bbs-config\", \u0026cloudbuild.BitbucketServerConfigArgs{\n\t\t\tConfigId: pulumi.String(\"bbs-config\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tHostUri: pulumi.String(\"https://bbs.com\"),\n\t\t\tSecrets: \u0026cloudbuild.BitbucketServerConfigSecretsArgs{\n\t\t\t\tAdminAccessTokenVersionName: pulumi.String(\"projects/myProject/secrets/mybbspat/versions/1\"),\n\t\t\t\tReadAccessTokenVersionName: pulumi.String(\"projects/myProject/secrets/mybbspat/versions/1\"),\n\t\t\t\tWebhookSecretVersionName: pulumi.String(\"projects/myProject/secrets/mybbspat/versions/1\"),\n\t\t\t},\n\t\t\tUsername: pulumi.String(\"test\"),\n\t\t\tApiKey: pulumi.String(\"\u003capi-key\u003e\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuild.BitbucketServerConfig;\nimport com.pulumi.gcp.cloudbuild.BitbucketServerConfigArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.BitbucketServerConfigSecretsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bbs_config = new BitbucketServerConfig(\"bbs-config\", BitbucketServerConfigArgs.builder()\n .configId(\"bbs-config\")\n .location(\"us-central1\")\n .hostUri(\"https://bbs.com\")\n .secrets(BitbucketServerConfigSecretsArgs.builder()\n .adminAccessTokenVersionName(\"projects/myProject/secrets/mybbspat/versions/1\")\n .readAccessTokenVersionName(\"projects/myProject/secrets/mybbspat/versions/1\")\n .webhookSecretVersionName(\"projects/myProject/secrets/mybbspat/versions/1\")\n .build())\n .username(\"test\")\n .apiKey(\"\u003capi-key\u003e\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bbs-config:\n type: gcp:cloudbuild:BitbucketServerConfig\n properties:\n configId: bbs-config\n location: us-central1\n hostUri: https://bbs.com\n secrets:\n adminAccessTokenVersionName: projects/myProject/secrets/mybbspat/versions/1\n readAccessTokenVersionName: projects/myProject/secrets/mybbspat/versions/1\n webhookSecretVersionName: projects/myProject/secrets/mybbspat/versions/1\n username: test\n apiKey: \u003capi-key\u003e\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuild Bitbucket Server Config Repositories\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst bbs_config_with_repos = new gcp.cloudbuild.BitbucketServerConfig(\"bbs-config-with-repos\", {\n configId: \"bbs-config\",\n location: \"us-central1\",\n hostUri: \"https://bbs.com\",\n secrets: {\n adminAccessTokenVersionName: \"projects/myProject/secrets/mybbspat/versions/1\",\n readAccessTokenVersionName: \"projects/myProject/secrets/mybbspat/versions/1\",\n webhookSecretVersionName: \"projects/myProject/secrets/mybbspat/versions/1\",\n },\n username: \"test\",\n apiKey: \"\u003capi-key\u003e\",\n connectedRepositories: [\n {\n projectKey: \"DEV\",\n repoSlug: \"repo1\",\n },\n {\n projectKey: \"PROD\",\n repoSlug: \"repo1\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbbs_config_with_repos = gcp.cloudbuild.BitbucketServerConfig(\"bbs-config-with-repos\",\n config_id=\"bbs-config\",\n location=\"us-central1\",\n host_uri=\"https://bbs.com\",\n secrets={\n \"admin_access_token_version_name\": \"projects/myProject/secrets/mybbspat/versions/1\",\n \"read_access_token_version_name\": \"projects/myProject/secrets/mybbspat/versions/1\",\n \"webhook_secret_version_name\": \"projects/myProject/secrets/mybbspat/versions/1\",\n },\n username=\"test\",\n api_key=\"\u003capi-key\u003e\",\n connected_repositories=[\n {\n \"project_key\": \"DEV\",\n \"repo_slug\": \"repo1\",\n },\n {\n \"project_key\": \"PROD\",\n \"repo_slug\": \"repo1\",\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bbs_config_with_repos = new Gcp.CloudBuild.BitbucketServerConfig(\"bbs-config-with-repos\", new()\n {\n ConfigId = \"bbs-config\",\n Location = \"us-central1\",\n HostUri = \"https://bbs.com\",\n Secrets = new Gcp.CloudBuild.Inputs.BitbucketServerConfigSecretsArgs\n {\n AdminAccessTokenVersionName = \"projects/myProject/secrets/mybbspat/versions/1\",\n ReadAccessTokenVersionName = \"projects/myProject/secrets/mybbspat/versions/1\",\n WebhookSecretVersionName = \"projects/myProject/secrets/mybbspat/versions/1\",\n },\n Username = \"test\",\n ApiKey = \"\u003capi-key\u003e\",\n ConnectedRepositories = new[]\n {\n new Gcp.CloudBuild.Inputs.BitbucketServerConfigConnectedRepositoryArgs\n {\n ProjectKey = \"DEV\",\n RepoSlug = \"repo1\",\n },\n new Gcp.CloudBuild.Inputs.BitbucketServerConfigConnectedRepositoryArgs\n {\n ProjectKey = \"PROD\",\n RepoSlug = \"repo1\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuild.NewBitbucketServerConfig(ctx, \"bbs-config-with-repos\", \u0026cloudbuild.BitbucketServerConfigArgs{\n\t\t\tConfigId: pulumi.String(\"bbs-config\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tHostUri: pulumi.String(\"https://bbs.com\"),\n\t\t\tSecrets: \u0026cloudbuild.BitbucketServerConfigSecretsArgs{\n\t\t\t\tAdminAccessTokenVersionName: pulumi.String(\"projects/myProject/secrets/mybbspat/versions/1\"),\n\t\t\t\tReadAccessTokenVersionName: pulumi.String(\"projects/myProject/secrets/mybbspat/versions/1\"),\n\t\t\t\tWebhookSecretVersionName: pulumi.String(\"projects/myProject/secrets/mybbspat/versions/1\"),\n\t\t\t},\n\t\t\tUsername: pulumi.String(\"test\"),\n\t\t\tApiKey: pulumi.String(\"\u003capi-key\u003e\"),\n\t\t\tConnectedRepositories: cloudbuild.BitbucketServerConfigConnectedRepositoryArray{\n\t\t\t\t\u0026cloudbuild.BitbucketServerConfigConnectedRepositoryArgs{\n\t\t\t\t\tProjectKey: pulumi.String(\"DEV\"),\n\t\t\t\t\tRepoSlug: pulumi.String(\"repo1\"),\n\t\t\t\t},\n\t\t\t\t\u0026cloudbuild.BitbucketServerConfigConnectedRepositoryArgs{\n\t\t\t\t\tProjectKey: pulumi.String(\"PROD\"),\n\t\t\t\t\tRepoSlug: pulumi.String(\"repo1\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuild.BitbucketServerConfig;\nimport com.pulumi.gcp.cloudbuild.BitbucketServerConfigArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.BitbucketServerConfigSecretsArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.BitbucketServerConfigConnectedRepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bbs_config_with_repos = new BitbucketServerConfig(\"bbs-config-with-repos\", BitbucketServerConfigArgs.builder()\n .configId(\"bbs-config\")\n .location(\"us-central1\")\n .hostUri(\"https://bbs.com\")\n .secrets(BitbucketServerConfigSecretsArgs.builder()\n .adminAccessTokenVersionName(\"projects/myProject/secrets/mybbspat/versions/1\")\n .readAccessTokenVersionName(\"projects/myProject/secrets/mybbspat/versions/1\")\n .webhookSecretVersionName(\"projects/myProject/secrets/mybbspat/versions/1\")\n .build())\n .username(\"test\")\n .apiKey(\"\u003capi-key\u003e\")\n .connectedRepositories( \n BitbucketServerConfigConnectedRepositoryArgs.builder()\n .projectKey(\"DEV\")\n .repoSlug(\"repo1\")\n .build(),\n BitbucketServerConfigConnectedRepositoryArgs.builder()\n .projectKey(\"PROD\")\n .repoSlug(\"repo1\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bbs-config-with-repos:\n type: gcp:cloudbuild:BitbucketServerConfig\n properties:\n configId: bbs-config\n location: us-central1\n hostUri: https://bbs.com\n secrets:\n adminAccessTokenVersionName: projects/myProject/secrets/mybbspat/versions/1\n readAccessTokenVersionName: projects/myProject/secrets/mybbspat/versions/1\n webhookSecretVersionName: projects/myProject/secrets/mybbspat/versions/1\n username: test\n apiKey: \u003capi-key\u003e\n connectedRepositories:\n - projectKey: DEV\n repoSlug: repo1\n - projectKey: PROD\n repoSlug: repo1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuild Bitbucket Server Config Peered Network\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst project = gcp.organizations.getProject({});\nconst servicenetworking = new gcp.projects.Service(\"servicenetworking\", {\n service: \"servicenetworking.googleapis.com\",\n disableOnDestroy: false,\n});\nconst vpcNetwork = new gcp.compute.Network(\"vpc_network\", {name: \"vpc-network\"}, {\n dependsOn: [servicenetworking],\n});\nconst privateIpAlloc = new gcp.compute.GlobalAddress(\"private_ip_alloc\", {\n name: \"private-ip-alloc\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: vpcNetwork.id,\n});\nconst _default = new gcp.servicenetworking.Connection(\"default\", {\n network: vpcNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [privateIpAlloc.name],\n}, {\n dependsOn: [servicenetworking],\n});\nconst bbs_config_with_peered_network = new gcp.cloudbuild.BitbucketServerConfig(\"bbs-config-with-peered-network\", {\n configId: \"bbs-config\",\n location: \"us-central1\",\n hostUri: \"https://bbs.com\",\n secrets: {\n adminAccessTokenVersionName: \"projects/myProject/secrets/mybbspat/versions/1\",\n readAccessTokenVersionName: \"projects/myProject/secrets/mybbspat/versions/1\",\n webhookSecretVersionName: \"projects/myProject/secrets/mybbspat/versions/1\",\n },\n username: \"test\",\n apiKey: \"\u003capi-key\u003e\",\n peeredNetwork: pulumi.all([vpcNetwork.id, project, project]).apply(([id, project, project1]) =\u003e std.replaceOutput({\n text: id,\n search: project.name,\n replace: project1.number,\n })).apply(invoke =\u003e invoke.result),\n sslCa: `-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----\n`,\n}, {\n dependsOn: [_default],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nproject = gcp.organizations.get_project()\nservicenetworking = gcp.projects.Service(\"servicenetworking\",\n service=\"servicenetworking.googleapis.com\",\n disable_on_destroy=False)\nvpc_network = gcp.compute.Network(\"vpc_network\", name=\"vpc-network\",\nopts = pulumi.ResourceOptions(depends_on=[servicenetworking]))\nprivate_ip_alloc = gcp.compute.GlobalAddress(\"private_ip_alloc\",\n name=\"private-ip-alloc\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=vpc_network.id)\ndefault = gcp.servicenetworking.Connection(\"default\",\n network=vpc_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[private_ip_alloc.name],\n opts = pulumi.ResourceOptions(depends_on=[servicenetworking]))\nbbs_config_with_peered_network = gcp.cloudbuild.BitbucketServerConfig(\"bbs-config-with-peered-network\",\n config_id=\"bbs-config\",\n location=\"us-central1\",\n host_uri=\"https://bbs.com\",\n secrets={\n \"admin_access_token_version_name\": \"projects/myProject/secrets/mybbspat/versions/1\",\n \"read_access_token_version_name\": \"projects/myProject/secrets/mybbspat/versions/1\",\n \"webhook_secret_version_name\": \"projects/myProject/secrets/mybbspat/versions/1\",\n },\n username=\"test\",\n api_key=\"\u003capi-key\u003e\",\n peered_network=vpc_network.id.apply(lambda id: std.replace_output(text=id,\n search=project.name,\n replace=project.number)).apply(lambda invoke: invoke.result),\n ssl_ca=\"\"\"-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----\n\"\"\",\n opts = pulumi.ResourceOptions(depends_on=[default]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var servicenetworking = new Gcp.Projects.Service(\"servicenetworking\", new()\n {\n ServiceName = \"servicenetworking.googleapis.com\",\n DisableOnDestroy = false,\n });\n\n var vpcNetwork = new Gcp.Compute.Network(\"vpc_network\", new()\n {\n Name = \"vpc-network\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n servicenetworking,\n },\n });\n\n var privateIpAlloc = new Gcp.Compute.GlobalAddress(\"private_ip_alloc\", new()\n {\n Name = \"private-ip-alloc\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = vpcNetwork.Id,\n });\n\n var @default = new Gcp.ServiceNetworking.Connection(\"default\", new()\n {\n Network = vpcNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n privateIpAlloc.Name,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n servicenetworking,\n },\n });\n\n var bbs_config_with_peered_network = new Gcp.CloudBuild.BitbucketServerConfig(\"bbs-config-with-peered-network\", new()\n {\n ConfigId = \"bbs-config\",\n Location = \"us-central1\",\n HostUri = \"https://bbs.com\",\n Secrets = new Gcp.CloudBuild.Inputs.BitbucketServerConfigSecretsArgs\n {\n AdminAccessTokenVersionName = \"projects/myProject/secrets/mybbspat/versions/1\",\n ReadAccessTokenVersionName = \"projects/myProject/secrets/mybbspat/versions/1\",\n WebhookSecretVersionName = \"projects/myProject/secrets/mybbspat/versions/1\",\n },\n Username = \"test\",\n ApiKey = \"\u003capi-key\u003e\",\n PeeredNetwork = Output.Tuple(vpcNetwork.Id, project, project).Apply(values =\u003e\n {\n var id = values.Item1;\n var project = values.Item2;\n var project1 = values.Item3;\n return Std.Replace.Invoke(new()\n {\n Text = id,\n Search = project.Apply(getProjectResult =\u003e getProjectResult.Name),\n Replace = project1.Number,\n });\n }).Apply(invoke =\u003e invoke.Result),\n SslCa = @\"-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----\n\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tservicenetworking, err := projects.NewService(ctx, \"servicenetworking\", \u0026projects.ServiceArgs{\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tDisableOnDestroy: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpcNetwork, err := compute.NewNetwork(ctx, \"vpc_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"vpc-network\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tservicenetworking,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateIpAlloc, err := compute.NewGlobalAddress(ctx, \"private_ip_alloc\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"private-ip-alloc\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: vpcNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicenetworking.NewConnection(ctx, \"default\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: vpcNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tprivateIpAlloc.Name,\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tservicenetworking,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuild.NewBitbucketServerConfig(ctx, \"bbs-config-with-peered-network\", \u0026cloudbuild.BitbucketServerConfigArgs{\n\t\t\tConfigId: pulumi.String(\"bbs-config\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tHostUri: pulumi.String(\"https://bbs.com\"),\n\t\t\tSecrets: \u0026cloudbuild.BitbucketServerConfigSecretsArgs{\n\t\t\t\tAdminAccessTokenVersionName: pulumi.String(\"projects/myProject/secrets/mybbspat/versions/1\"),\n\t\t\t\tReadAccessTokenVersionName: pulumi.String(\"projects/myProject/secrets/mybbspat/versions/1\"),\n\t\t\t\tWebhookSecretVersionName: pulumi.String(\"projects/myProject/secrets/mybbspat/versions/1\"),\n\t\t\t},\n\t\t\tUsername: pulumi.String(\"test\"),\n\t\t\tApiKey: pulumi.String(\"\u003capi-key\u003e\"),\n\t\t\tPeeredNetwork: pulumi.String(vpcNetwork.ID().ApplyT(func(id string) (std.ReplaceResult, error) {\n\t\t\t\treturn std.ReplaceResult(interface{}(std.ReplaceOutput(ctx, std.ReplaceOutputArgs{\n\t\t\t\t\tText: id,\n\t\t\t\t\tSearch: project.Name,\n\t\t\t\t\tReplace: project.Number,\n\t\t\t\t}, nil))), nil\n\t\t\t}).(std.ReplaceResultOutput).ApplyT(func(invoke std.ReplaceResult) (*string, error) {\n\t\t\t\treturn invoke.Result, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\tSslCa: pulumi.String(\"-----BEGIN CERTIFICATE-----\\n-----END CERTIFICATE-----\\n-----BEGIN CERTIFICATE-----\\n-----END CERTIFICATE-----\\n\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.cloudbuild.BitbucketServerConfig;\nimport com.pulumi.gcp.cloudbuild.BitbucketServerConfigArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.BitbucketServerConfigSecretsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var servicenetworking = new Service(\"servicenetworking\", ServiceArgs.builder()\n .service(\"servicenetworking.googleapis.com\")\n .disableOnDestroy(false)\n .build());\n\n var vpcNetwork = new Network(\"vpcNetwork\", NetworkArgs.builder()\n .name(\"vpc-network\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(servicenetworking)\n .build());\n\n var privateIpAlloc = new GlobalAddress(\"privateIpAlloc\", GlobalAddressArgs.builder()\n .name(\"private-ip-alloc\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(vpcNetwork.id())\n .build());\n\n var default_ = new Connection(\"default\", ConnectionArgs.builder()\n .network(vpcNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(privateIpAlloc.name())\n .build(), CustomResourceOptions.builder()\n .dependsOn(servicenetworking)\n .build());\n\n var bbs_config_with_peered_network = new BitbucketServerConfig(\"bbs-config-with-peered-network\", BitbucketServerConfigArgs.builder()\n .configId(\"bbs-config\")\n .location(\"us-central1\")\n .hostUri(\"https://bbs.com\")\n .secrets(BitbucketServerConfigSecretsArgs.builder()\n .adminAccessTokenVersionName(\"projects/myProject/secrets/mybbspat/versions/1\")\n .readAccessTokenVersionName(\"projects/myProject/secrets/mybbspat/versions/1\")\n .webhookSecretVersionName(\"projects/myProject/secrets/mybbspat/versions/1\")\n .build())\n .username(\"test\")\n .apiKey(\"\u003capi-key\u003e\")\n .peeredNetwork(vpcNetwork.id().applyValue(id -\u003e StdFunctions.replace()).applyValue(invoke -\u003e invoke.result()))\n .sslCa(\"\"\"\n-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----\n \"\"\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n servicenetworking:\n type: gcp:projects:Service\n properties:\n service: servicenetworking.googleapis.com\n disableOnDestroy: false\n vpcNetwork:\n type: gcp:compute:Network\n name: vpc_network\n properties:\n name: vpc-network\n options:\n dependson:\n - ${servicenetworking}\n privateIpAlloc:\n type: gcp:compute:GlobalAddress\n name: private_ip_alloc\n properties:\n name: private-ip-alloc\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${vpcNetwork.id}\n default:\n type: gcp:servicenetworking:Connection\n properties:\n network: ${vpcNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${privateIpAlloc.name}\n options:\n dependson:\n - ${servicenetworking}\n bbs-config-with-peered-network:\n type: gcp:cloudbuild:BitbucketServerConfig\n properties:\n configId: bbs-config\n location: us-central1\n hostUri: https://bbs.com\n secrets:\n adminAccessTokenVersionName: projects/myProject/secrets/mybbspat/versions/1\n readAccessTokenVersionName: projects/myProject/secrets/mybbspat/versions/1\n webhookSecretVersionName: projects/myProject/secrets/mybbspat/versions/1\n username: test\n apiKey: \u003capi-key\u003e\n peeredNetwork:\n fn::invoke:\n Function: std:replace\n Arguments:\n text: ${vpcNetwork.id}\n search: ${project.name}\n replace: ${project.number}\n Return: result\n sslCa: |\n -----BEGIN CERTIFICATE-----\n -----END CERTIFICATE-----\n -----BEGIN CERTIFICATE-----\n -----END CERTIFICATE-----\n options:\n dependson:\n - ${default}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nBitbucketServerConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/bitbucketServerConfigs/{{config_id}}`\n\n* `{{project}}/{{location}}/{{config_id}}`\n\n* `{{location}}/{{config_id}}`\n\nWhen using the `pulumi import` command, BitbucketServerConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:cloudbuild/bitbucketServerConfig:BitbucketServerConfig default projects/{{project}}/locations/{{location}}/bitbucketServerConfigs/{{config_id}}\n```\n\n```sh\n$ pulumi import gcp:cloudbuild/bitbucketServerConfig:BitbucketServerConfig default {{project}}/{{location}}/{{config_id}}\n```\n\n```sh\n$ pulumi import gcp:cloudbuild/bitbucketServerConfig:BitbucketServerConfig default {{location}}/{{config_id}}\n```\n\n", + "description": "BitbucketServerConfig represents the configuration for a Bitbucket Server.\n\n\nTo get more information about BitbucketServerConfig, see:\n\n* [API documentation](https://cloud.google.com/build/docs/api/reference/rest/v1/projects.locations.bitbucketServerConfigs)\n* How-to Guides\n * [Connect to a Bitbucket Server host](https://cloud.google.com/build/docs/automating-builds/bitbucket/connect-host-bitbucket-server)\n\n## Example Usage\n\n### Cloudbuild Bitbucket Server Config\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst bbs_config = new gcp.cloudbuild.BitbucketServerConfig(\"bbs-config\", {\n configId: \"bbs-config\",\n location: \"us-central1\",\n hostUri: \"https://bbs.com\",\n secrets: {\n adminAccessTokenVersionName: \"projects/myProject/secrets/mybbspat/versions/1\",\n readAccessTokenVersionName: \"projects/myProject/secrets/mybbspat/versions/1\",\n webhookSecretVersionName: \"projects/myProject/secrets/mybbspat/versions/1\",\n },\n username: \"test\",\n apiKey: \"\u003capi-key\u003e\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbbs_config = gcp.cloudbuild.BitbucketServerConfig(\"bbs-config\",\n config_id=\"bbs-config\",\n location=\"us-central1\",\n host_uri=\"https://bbs.com\",\n secrets={\n \"admin_access_token_version_name\": \"projects/myProject/secrets/mybbspat/versions/1\",\n \"read_access_token_version_name\": \"projects/myProject/secrets/mybbspat/versions/1\",\n \"webhook_secret_version_name\": \"projects/myProject/secrets/mybbspat/versions/1\",\n },\n username=\"test\",\n api_key=\"\u003capi-key\u003e\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bbs_config = new Gcp.CloudBuild.BitbucketServerConfig(\"bbs-config\", new()\n {\n ConfigId = \"bbs-config\",\n Location = \"us-central1\",\n HostUri = \"https://bbs.com\",\n Secrets = new Gcp.CloudBuild.Inputs.BitbucketServerConfigSecretsArgs\n {\n AdminAccessTokenVersionName = \"projects/myProject/secrets/mybbspat/versions/1\",\n ReadAccessTokenVersionName = \"projects/myProject/secrets/mybbspat/versions/1\",\n WebhookSecretVersionName = \"projects/myProject/secrets/mybbspat/versions/1\",\n },\n Username = \"test\",\n ApiKey = \"\u003capi-key\u003e\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuild.NewBitbucketServerConfig(ctx, \"bbs-config\", \u0026cloudbuild.BitbucketServerConfigArgs{\n\t\t\tConfigId: pulumi.String(\"bbs-config\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tHostUri: pulumi.String(\"https://bbs.com\"),\n\t\t\tSecrets: \u0026cloudbuild.BitbucketServerConfigSecretsArgs{\n\t\t\t\tAdminAccessTokenVersionName: pulumi.String(\"projects/myProject/secrets/mybbspat/versions/1\"),\n\t\t\t\tReadAccessTokenVersionName: pulumi.String(\"projects/myProject/secrets/mybbspat/versions/1\"),\n\t\t\t\tWebhookSecretVersionName: pulumi.String(\"projects/myProject/secrets/mybbspat/versions/1\"),\n\t\t\t},\n\t\t\tUsername: pulumi.String(\"test\"),\n\t\t\tApiKey: pulumi.String(\"\u003capi-key\u003e\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuild.BitbucketServerConfig;\nimport com.pulumi.gcp.cloudbuild.BitbucketServerConfigArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.BitbucketServerConfigSecretsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bbs_config = new BitbucketServerConfig(\"bbs-config\", BitbucketServerConfigArgs.builder()\n .configId(\"bbs-config\")\n .location(\"us-central1\")\n .hostUri(\"https://bbs.com\")\n .secrets(BitbucketServerConfigSecretsArgs.builder()\n .adminAccessTokenVersionName(\"projects/myProject/secrets/mybbspat/versions/1\")\n .readAccessTokenVersionName(\"projects/myProject/secrets/mybbspat/versions/1\")\n .webhookSecretVersionName(\"projects/myProject/secrets/mybbspat/versions/1\")\n .build())\n .username(\"test\")\n .apiKey(\"\u003capi-key\u003e\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bbs-config:\n type: gcp:cloudbuild:BitbucketServerConfig\n properties:\n configId: bbs-config\n location: us-central1\n hostUri: https://bbs.com\n secrets:\n adminAccessTokenVersionName: projects/myProject/secrets/mybbspat/versions/1\n readAccessTokenVersionName: projects/myProject/secrets/mybbspat/versions/1\n webhookSecretVersionName: projects/myProject/secrets/mybbspat/versions/1\n username: test\n apiKey: \u003capi-key\u003e\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuild Bitbucket Server Config Repositories\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst bbs_config_with_repos = new gcp.cloudbuild.BitbucketServerConfig(\"bbs-config-with-repos\", {\n configId: \"bbs-config\",\n location: \"us-central1\",\n hostUri: \"https://bbs.com\",\n secrets: {\n adminAccessTokenVersionName: \"projects/myProject/secrets/mybbspat/versions/1\",\n readAccessTokenVersionName: \"projects/myProject/secrets/mybbspat/versions/1\",\n webhookSecretVersionName: \"projects/myProject/secrets/mybbspat/versions/1\",\n },\n username: \"test\",\n apiKey: \"\u003capi-key\u003e\",\n connectedRepositories: [\n {\n projectKey: \"DEV\",\n repoSlug: \"repo1\",\n },\n {\n projectKey: \"PROD\",\n repoSlug: \"repo1\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbbs_config_with_repos = gcp.cloudbuild.BitbucketServerConfig(\"bbs-config-with-repos\",\n config_id=\"bbs-config\",\n location=\"us-central1\",\n host_uri=\"https://bbs.com\",\n secrets={\n \"admin_access_token_version_name\": \"projects/myProject/secrets/mybbspat/versions/1\",\n \"read_access_token_version_name\": \"projects/myProject/secrets/mybbspat/versions/1\",\n \"webhook_secret_version_name\": \"projects/myProject/secrets/mybbspat/versions/1\",\n },\n username=\"test\",\n api_key=\"\u003capi-key\u003e\",\n connected_repositories=[\n {\n \"project_key\": \"DEV\",\n \"repo_slug\": \"repo1\",\n },\n {\n \"project_key\": \"PROD\",\n \"repo_slug\": \"repo1\",\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bbs_config_with_repos = new Gcp.CloudBuild.BitbucketServerConfig(\"bbs-config-with-repos\", new()\n {\n ConfigId = \"bbs-config\",\n Location = \"us-central1\",\n HostUri = \"https://bbs.com\",\n Secrets = new Gcp.CloudBuild.Inputs.BitbucketServerConfigSecretsArgs\n {\n AdminAccessTokenVersionName = \"projects/myProject/secrets/mybbspat/versions/1\",\n ReadAccessTokenVersionName = \"projects/myProject/secrets/mybbspat/versions/1\",\n WebhookSecretVersionName = \"projects/myProject/secrets/mybbspat/versions/1\",\n },\n Username = \"test\",\n ApiKey = \"\u003capi-key\u003e\",\n ConnectedRepositories = new[]\n {\n new Gcp.CloudBuild.Inputs.BitbucketServerConfigConnectedRepositoryArgs\n {\n ProjectKey = \"DEV\",\n RepoSlug = \"repo1\",\n },\n new Gcp.CloudBuild.Inputs.BitbucketServerConfigConnectedRepositoryArgs\n {\n ProjectKey = \"PROD\",\n RepoSlug = \"repo1\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuild.NewBitbucketServerConfig(ctx, \"bbs-config-with-repos\", \u0026cloudbuild.BitbucketServerConfigArgs{\n\t\t\tConfigId: pulumi.String(\"bbs-config\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tHostUri: pulumi.String(\"https://bbs.com\"),\n\t\t\tSecrets: \u0026cloudbuild.BitbucketServerConfigSecretsArgs{\n\t\t\t\tAdminAccessTokenVersionName: pulumi.String(\"projects/myProject/secrets/mybbspat/versions/1\"),\n\t\t\t\tReadAccessTokenVersionName: pulumi.String(\"projects/myProject/secrets/mybbspat/versions/1\"),\n\t\t\t\tWebhookSecretVersionName: pulumi.String(\"projects/myProject/secrets/mybbspat/versions/1\"),\n\t\t\t},\n\t\t\tUsername: pulumi.String(\"test\"),\n\t\t\tApiKey: pulumi.String(\"\u003capi-key\u003e\"),\n\t\t\tConnectedRepositories: cloudbuild.BitbucketServerConfigConnectedRepositoryArray{\n\t\t\t\t\u0026cloudbuild.BitbucketServerConfigConnectedRepositoryArgs{\n\t\t\t\t\tProjectKey: pulumi.String(\"DEV\"),\n\t\t\t\t\tRepoSlug: pulumi.String(\"repo1\"),\n\t\t\t\t},\n\t\t\t\t\u0026cloudbuild.BitbucketServerConfigConnectedRepositoryArgs{\n\t\t\t\t\tProjectKey: pulumi.String(\"PROD\"),\n\t\t\t\t\tRepoSlug: pulumi.String(\"repo1\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuild.BitbucketServerConfig;\nimport com.pulumi.gcp.cloudbuild.BitbucketServerConfigArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.BitbucketServerConfigSecretsArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.BitbucketServerConfigConnectedRepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bbs_config_with_repos = new BitbucketServerConfig(\"bbs-config-with-repos\", BitbucketServerConfigArgs.builder()\n .configId(\"bbs-config\")\n .location(\"us-central1\")\n .hostUri(\"https://bbs.com\")\n .secrets(BitbucketServerConfigSecretsArgs.builder()\n .adminAccessTokenVersionName(\"projects/myProject/secrets/mybbspat/versions/1\")\n .readAccessTokenVersionName(\"projects/myProject/secrets/mybbspat/versions/1\")\n .webhookSecretVersionName(\"projects/myProject/secrets/mybbspat/versions/1\")\n .build())\n .username(\"test\")\n .apiKey(\"\u003capi-key\u003e\")\n .connectedRepositories( \n BitbucketServerConfigConnectedRepositoryArgs.builder()\n .projectKey(\"DEV\")\n .repoSlug(\"repo1\")\n .build(),\n BitbucketServerConfigConnectedRepositoryArgs.builder()\n .projectKey(\"PROD\")\n .repoSlug(\"repo1\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bbs-config-with-repos:\n type: gcp:cloudbuild:BitbucketServerConfig\n properties:\n configId: bbs-config\n location: us-central1\n hostUri: https://bbs.com\n secrets:\n adminAccessTokenVersionName: projects/myProject/secrets/mybbspat/versions/1\n readAccessTokenVersionName: projects/myProject/secrets/mybbspat/versions/1\n webhookSecretVersionName: projects/myProject/secrets/mybbspat/versions/1\n username: test\n apiKey: \u003capi-key\u003e\n connectedRepositories:\n - projectKey: DEV\n repoSlug: repo1\n - projectKey: PROD\n repoSlug: repo1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuild Bitbucket Server Config Peered Network\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst project = gcp.organizations.getProject({});\nconst servicenetworking = new gcp.projects.Service(\"servicenetworking\", {\n service: \"servicenetworking.googleapis.com\",\n disableOnDestroy: false,\n});\nconst vpcNetwork = new gcp.compute.Network(\"vpc_network\", {name: \"vpc-network\"}, {\n dependsOn: [servicenetworking],\n});\nconst privateIpAlloc = new gcp.compute.GlobalAddress(\"private_ip_alloc\", {\n name: \"private-ip-alloc\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: vpcNetwork.id,\n});\nconst _default = new gcp.servicenetworking.Connection(\"default\", {\n network: vpcNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [privateIpAlloc.name],\n}, {\n dependsOn: [servicenetworking],\n});\nconst bbs_config_with_peered_network = new gcp.cloudbuild.BitbucketServerConfig(\"bbs-config-with-peered-network\", {\n configId: \"bbs-config\",\n location: \"us-central1\",\n hostUri: \"https://bbs.com\",\n secrets: {\n adminAccessTokenVersionName: \"projects/myProject/secrets/mybbspat/versions/1\",\n readAccessTokenVersionName: \"projects/myProject/secrets/mybbspat/versions/1\",\n webhookSecretVersionName: \"projects/myProject/secrets/mybbspat/versions/1\",\n },\n username: \"test\",\n apiKey: \"\u003capi-key\u003e\",\n peeredNetwork: pulumi.all([vpcNetwork.id, project, project]).apply(([id, project, project1]) =\u003e std.replaceOutput({\n text: id,\n search: project.name,\n replace: project1.number,\n })).apply(invoke =\u003e invoke.result),\n sslCa: `-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----\n`,\n}, {\n dependsOn: [_default],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nproject = gcp.organizations.get_project()\nservicenetworking = gcp.projects.Service(\"servicenetworking\",\n service=\"servicenetworking.googleapis.com\",\n disable_on_destroy=False)\nvpc_network = gcp.compute.Network(\"vpc_network\", name=\"vpc-network\",\nopts = pulumi.ResourceOptions(depends_on=[servicenetworking]))\nprivate_ip_alloc = gcp.compute.GlobalAddress(\"private_ip_alloc\",\n name=\"private-ip-alloc\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=vpc_network.id)\ndefault = gcp.servicenetworking.Connection(\"default\",\n network=vpc_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[private_ip_alloc.name],\n opts = pulumi.ResourceOptions(depends_on=[servicenetworking]))\nbbs_config_with_peered_network = gcp.cloudbuild.BitbucketServerConfig(\"bbs-config-with-peered-network\",\n config_id=\"bbs-config\",\n location=\"us-central1\",\n host_uri=\"https://bbs.com\",\n secrets={\n \"admin_access_token_version_name\": \"projects/myProject/secrets/mybbspat/versions/1\",\n \"read_access_token_version_name\": \"projects/myProject/secrets/mybbspat/versions/1\",\n \"webhook_secret_version_name\": \"projects/myProject/secrets/mybbspat/versions/1\",\n },\n username=\"test\",\n api_key=\"\u003capi-key\u003e\",\n peered_network=vpc_network.id.apply(lambda id: std.replace_output(text=id,\n search=project.name,\n replace=project.number)).apply(lambda invoke: invoke.result),\n ssl_ca=\"\"\"-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----\n\"\"\",\n opts = pulumi.ResourceOptions(depends_on=[default]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var servicenetworking = new Gcp.Projects.Service(\"servicenetworking\", new()\n {\n ServiceName = \"servicenetworking.googleapis.com\",\n DisableOnDestroy = false,\n });\n\n var vpcNetwork = new Gcp.Compute.Network(\"vpc_network\", new()\n {\n Name = \"vpc-network\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n servicenetworking,\n },\n });\n\n var privateIpAlloc = new Gcp.Compute.GlobalAddress(\"private_ip_alloc\", new()\n {\n Name = \"private-ip-alloc\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = vpcNetwork.Id,\n });\n\n var @default = new Gcp.ServiceNetworking.Connection(\"default\", new()\n {\n Network = vpcNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n privateIpAlloc.Name,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n servicenetworking,\n },\n });\n\n var bbs_config_with_peered_network = new Gcp.CloudBuild.BitbucketServerConfig(\"bbs-config-with-peered-network\", new()\n {\n ConfigId = \"bbs-config\",\n Location = \"us-central1\",\n HostUri = \"https://bbs.com\",\n Secrets = new Gcp.CloudBuild.Inputs.BitbucketServerConfigSecretsArgs\n {\n AdminAccessTokenVersionName = \"projects/myProject/secrets/mybbspat/versions/1\",\n ReadAccessTokenVersionName = \"projects/myProject/secrets/mybbspat/versions/1\",\n WebhookSecretVersionName = \"projects/myProject/secrets/mybbspat/versions/1\",\n },\n Username = \"test\",\n ApiKey = \"\u003capi-key\u003e\",\n PeeredNetwork = Output.Tuple(vpcNetwork.Id, project, project).Apply(values =\u003e\n {\n var id = values.Item1;\n var project = values.Item2;\n var project1 = values.Item3;\n return Std.Replace.Invoke(new()\n {\n Text = id,\n Search = project.Apply(getProjectResult =\u003e getProjectResult.Name),\n Replace = project1.Number,\n });\n }).Apply(invoke =\u003e invoke.Result),\n SslCa = @\"-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----\n\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tservicenetworking, err := projects.NewService(ctx, \"servicenetworking\", \u0026projects.ServiceArgs{\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tDisableOnDestroy: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpcNetwork, err := compute.NewNetwork(ctx, \"vpc_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"vpc-network\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tservicenetworking,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateIpAlloc, err := compute.NewGlobalAddress(ctx, \"private_ip_alloc\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"private-ip-alloc\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: vpcNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicenetworking.NewConnection(ctx, \"default\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: vpcNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tprivateIpAlloc.Name,\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tservicenetworking,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuild.NewBitbucketServerConfig(ctx, \"bbs-config-with-peered-network\", \u0026cloudbuild.BitbucketServerConfigArgs{\n\t\t\tConfigId: pulumi.String(\"bbs-config\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tHostUri: pulumi.String(\"https://bbs.com\"),\n\t\t\tSecrets: \u0026cloudbuild.BitbucketServerConfigSecretsArgs{\n\t\t\t\tAdminAccessTokenVersionName: pulumi.String(\"projects/myProject/secrets/mybbspat/versions/1\"),\n\t\t\t\tReadAccessTokenVersionName: pulumi.String(\"projects/myProject/secrets/mybbspat/versions/1\"),\n\t\t\t\tWebhookSecretVersionName: pulumi.String(\"projects/myProject/secrets/mybbspat/versions/1\"),\n\t\t\t},\n\t\t\tUsername: pulumi.String(\"test\"),\n\t\t\tApiKey: pulumi.String(\"\u003capi-key\u003e\"),\n\t\t\tPeeredNetwork: pulumi.String(vpcNetwork.ID().ApplyT(func(id string) (std.ReplaceResult, error) {\n\t\t\t\treturn std.ReplaceResult(interface{}(std.ReplaceOutput(ctx, std.ReplaceOutputArgs{\n\t\t\t\t\tText: id,\n\t\t\t\t\tSearch: project.Name,\n\t\t\t\t\tReplace: project.Number,\n\t\t\t\t}, nil))), nil\n\t\t\t}).(std.ReplaceResultOutput).ApplyT(func(invoke std.ReplaceResult) (*string, error) {\n\t\t\t\treturn invoke.Result, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\tSslCa: pulumi.String(\"-----BEGIN CERTIFICATE-----\\n-----END CERTIFICATE-----\\n-----BEGIN CERTIFICATE-----\\n-----END CERTIFICATE-----\\n\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.cloudbuild.BitbucketServerConfig;\nimport com.pulumi.gcp.cloudbuild.BitbucketServerConfigArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.BitbucketServerConfigSecretsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var servicenetworking = new Service(\"servicenetworking\", ServiceArgs.builder()\n .service(\"servicenetworking.googleapis.com\")\n .disableOnDestroy(false)\n .build());\n\n var vpcNetwork = new Network(\"vpcNetwork\", NetworkArgs.builder()\n .name(\"vpc-network\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(servicenetworking)\n .build());\n\n var privateIpAlloc = new GlobalAddress(\"privateIpAlloc\", GlobalAddressArgs.builder()\n .name(\"private-ip-alloc\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(vpcNetwork.id())\n .build());\n\n var default_ = new Connection(\"default\", ConnectionArgs.builder()\n .network(vpcNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(privateIpAlloc.name())\n .build(), CustomResourceOptions.builder()\n .dependsOn(servicenetworking)\n .build());\n\n var bbs_config_with_peered_network = new BitbucketServerConfig(\"bbs-config-with-peered-network\", BitbucketServerConfigArgs.builder()\n .configId(\"bbs-config\")\n .location(\"us-central1\")\n .hostUri(\"https://bbs.com\")\n .secrets(BitbucketServerConfigSecretsArgs.builder()\n .adminAccessTokenVersionName(\"projects/myProject/secrets/mybbspat/versions/1\")\n .readAccessTokenVersionName(\"projects/myProject/secrets/mybbspat/versions/1\")\n .webhookSecretVersionName(\"projects/myProject/secrets/mybbspat/versions/1\")\n .build())\n .username(\"test\")\n .apiKey(\"\u003capi-key\u003e\")\n .peeredNetwork(vpcNetwork.id().applyValue(id -\u003e StdFunctions.replace()).applyValue(invoke -\u003e invoke.result()))\n .sslCa(\"\"\"\n-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----\n \"\"\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n servicenetworking:\n type: gcp:projects:Service\n properties:\n service: servicenetworking.googleapis.com\n disableOnDestroy: false\n vpcNetwork:\n type: gcp:compute:Network\n name: vpc_network\n properties:\n name: vpc-network\n options:\n dependsOn:\n - ${servicenetworking}\n privateIpAlloc:\n type: gcp:compute:GlobalAddress\n name: private_ip_alloc\n properties:\n name: private-ip-alloc\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${vpcNetwork.id}\n default:\n type: gcp:servicenetworking:Connection\n properties:\n network: ${vpcNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${privateIpAlloc.name}\n options:\n dependsOn:\n - ${servicenetworking}\n bbs-config-with-peered-network:\n type: gcp:cloudbuild:BitbucketServerConfig\n properties:\n configId: bbs-config\n location: us-central1\n hostUri: https://bbs.com\n secrets:\n adminAccessTokenVersionName: projects/myProject/secrets/mybbspat/versions/1\n readAccessTokenVersionName: projects/myProject/secrets/mybbspat/versions/1\n webhookSecretVersionName: projects/myProject/secrets/mybbspat/versions/1\n username: test\n apiKey: \u003capi-key\u003e\n peeredNetwork:\n fn::invoke:\n function: std:replace\n arguments:\n text: ${vpcNetwork.id}\n search: ${project.name}\n replace: ${project.number}\n return: result\n sslCa: |\n -----BEGIN CERTIFICATE-----\n -----END CERTIFICATE-----\n -----BEGIN CERTIFICATE-----\n -----END CERTIFICATE-----\n options:\n dependsOn:\n - ${default}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nBitbucketServerConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/bitbucketServerConfigs/{{config_id}}`\n\n* `{{project}}/{{location}}/{{config_id}}`\n\n* `{{location}}/{{config_id}}`\n\nWhen using the `pulumi import` command, BitbucketServerConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:cloudbuild/bitbucketServerConfig:BitbucketServerConfig default projects/{{project}}/locations/{{location}}/bitbucketServerConfigs/{{config_id}}\n```\n\n```sh\n$ pulumi import gcp:cloudbuild/bitbucketServerConfig:BitbucketServerConfig default {{project}}/{{location}}/{{config_id}}\n```\n\n```sh\n$ pulumi import gcp:cloudbuild/bitbucketServerConfig:BitbucketServerConfig default {{location}}/{{config_id}}\n```\n\n", "properties": { "apiKey": { "type": "string", @@ -150049,7 +150049,7 @@ } }, "gcp:cloudbuild/trigger:Trigger": { - "description": "Configuration for an automated build in response to source repository changes.\n\n\nTo get more information about Trigger, see:\n\n* [API documentation](https://cloud.google.com/cloud-build/docs/api/reference/rest/v1/projects.triggers)\n* How-to Guides\n * [Automating builds using build triggers](https://cloud.google.com/cloud-build/docs/running-builds/automate-builds)\n\n\u003e **Note:** You can retrieve the email of the Cloud Build Service Account used in jobs by using the `gcp.projects.ServiceIdentity` resource.\n\n## Example Usage\n\n### Cloudbuild Trigger Filename\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst filename_trigger = new gcp.cloudbuild.Trigger(\"filename-trigger\", {\n location: \"us-central1\",\n triggerTemplate: {\n branchName: \"main\",\n repoName: \"my-repo\",\n },\n substitutions: {\n _FOO: \"bar\",\n _BAZ: \"qux\",\n },\n filename: \"cloudbuild.yaml\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfilename_trigger = gcp.cloudbuild.Trigger(\"filename-trigger\",\n location=\"us-central1\",\n trigger_template={\n \"branch_name\": \"main\",\n \"repo_name\": \"my-repo\",\n },\n substitutions={\n \"_FOO\": \"bar\",\n \"_BAZ\": \"qux\",\n },\n filename=\"cloudbuild.yaml\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var filename_trigger = new Gcp.CloudBuild.Trigger(\"filename-trigger\", new()\n {\n Location = \"us-central1\",\n TriggerTemplate = new Gcp.CloudBuild.Inputs.TriggerTriggerTemplateArgs\n {\n BranchName = \"main\",\n RepoName = \"my-repo\",\n },\n Substitutions = \n {\n { \"_FOO\", \"bar\" },\n { \"_BAZ\", \"qux\" },\n },\n Filename = \"cloudbuild.yaml\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuild.NewTrigger(ctx, \"filename-trigger\", \u0026cloudbuild.TriggerArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTriggerTemplate: \u0026cloudbuild.TriggerTriggerTemplateArgs{\n\t\t\t\tBranchName: pulumi.String(\"main\"),\n\t\t\t\tRepoName: pulumi.String(\"my-repo\"),\n\t\t\t},\n\t\t\tSubstitutions: pulumi.StringMap{\n\t\t\t\t\"_FOO\": pulumi.String(\"bar\"),\n\t\t\t\t\"_BAZ\": pulumi.String(\"qux\"),\n\t\t\t},\n\t\t\tFilename: pulumi.String(\"cloudbuild.yaml\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuild.Trigger;\nimport com.pulumi.gcp.cloudbuild.TriggerArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerTriggerTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var filename_trigger = new Trigger(\"filename-trigger\", TriggerArgs.builder()\n .location(\"us-central1\")\n .triggerTemplate(TriggerTriggerTemplateArgs.builder()\n .branchName(\"main\")\n .repoName(\"my-repo\")\n .build())\n .substitutions(Map.ofEntries(\n Map.entry(\"_FOO\", \"bar\"),\n Map.entry(\"_BAZ\", \"qux\")\n ))\n .filename(\"cloudbuild.yaml\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n filename-trigger:\n type: gcp:cloudbuild:Trigger\n properties:\n location: us-central1\n triggerTemplate:\n branchName: main\n repoName: my-repo\n substitutions:\n _FOO: bar\n _BAZ: qux\n filename: cloudbuild.yaml\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuild Trigger Build\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst build_trigger = new gcp.cloudbuild.Trigger(\"build-trigger\", {\n name: \"my-trigger\",\n location: \"global\",\n triggerTemplate: {\n branchName: \"main\",\n repoName: \"my-repo\",\n },\n build: {\n steps: [\n {\n name: \"gcr.io/cloud-builders/gsutil\",\n args: [\n \"cp\",\n \"gs://mybucket/remotefile.zip\",\n \"localfile.zip\",\n ],\n timeout: \"120s\",\n secretEnvs: [\"MY_SECRET\"],\n },\n {\n name: \"ubuntu\",\n script: \"echo hello\",\n },\n ],\n source: {\n storageSource: {\n bucket: \"mybucket\",\n object: \"source_code.tar.gz\",\n },\n },\n tags: [\n \"build\",\n \"newFeature\",\n ],\n substitutions: {\n _FOO: \"bar\",\n _BAZ: \"qux\",\n },\n queueTtl: \"20s\",\n logsBucket: \"gs://mybucket/logs\",\n secrets: [{\n kmsKeyName: \"projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\",\n secretEnv: {\n PASSWORD: \"ZW5jcnlwdGVkLXBhc3N3b3JkCg==\",\n },\n }],\n availableSecrets: {\n secretManagers: [{\n env: \"MY_SECRET\",\n versionName: \"projects/myProject/secrets/mySecret/versions/latest\",\n }],\n },\n artifacts: {\n images: [\"gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\"],\n objects: {\n location: \"gs://bucket/path/to/somewhere/\",\n paths: [\"path\"],\n },\n npmPackages: [{\n packagePath: \"package.json\",\n repository: \"https://us-west1-npm.pkg.dev/myProject/quickstart-nodejs-repo\",\n }],\n pythonPackages: [{\n paths: [\"dist/*\"],\n repository: \"https://us-west1-python.pkg.dev/myProject/quickstart-python-repo\",\n }],\n mavenArtifacts: [{\n repository: \"https://us-west1-maven.pkg.dev/myProject/quickstart-java-repo\",\n path: \"/workspace/my-app/target/my-app-1.0.SNAPSHOT.jar\",\n artifactId: \"my-app\",\n groupId: \"com.mycompany.app\",\n version: \"1.0\",\n }],\n },\n options: {\n sourceProvenanceHashes: [\"MD5\"],\n requestedVerifyOption: \"VERIFIED\",\n machineType: \"N1_HIGHCPU_8\",\n diskSizeGb: 100,\n substitutionOption: \"ALLOW_LOOSE\",\n dynamicSubstitutions: true,\n logStreamingOption: \"STREAM_OFF\",\n workerPool: \"pool\",\n logging: \"LEGACY\",\n envs: [\"ekey = evalue\"],\n secretEnvs: [\"secretenv = svalue\"],\n volumes: [{\n name: \"v1\",\n path: \"v1\",\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbuild_trigger = gcp.cloudbuild.Trigger(\"build-trigger\",\n name=\"my-trigger\",\n location=\"global\",\n trigger_template={\n \"branch_name\": \"main\",\n \"repo_name\": \"my-repo\",\n },\n build={\n \"steps\": [\n {\n \"name\": \"gcr.io/cloud-builders/gsutil\",\n \"args\": [\n \"cp\",\n \"gs://mybucket/remotefile.zip\",\n \"localfile.zip\",\n ],\n \"timeout\": \"120s\",\n \"secret_envs\": [\"MY_SECRET\"],\n },\n {\n \"name\": \"ubuntu\",\n \"script\": \"echo hello\",\n },\n ],\n \"source\": {\n \"storage_source\": {\n \"bucket\": \"mybucket\",\n \"object\": \"source_code.tar.gz\",\n },\n },\n \"tags\": [\n \"build\",\n \"newFeature\",\n ],\n \"substitutions\": {\n \"_FOO\": \"bar\",\n \"_BAZ\": \"qux\",\n },\n \"queue_ttl\": \"20s\",\n \"logs_bucket\": \"gs://mybucket/logs\",\n \"secrets\": [{\n \"kms_key_name\": \"projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\",\n \"secret_env\": {\n \"PASSWORD\": \"ZW5jcnlwdGVkLXBhc3N3b3JkCg==\",\n },\n }],\n \"available_secrets\": {\n \"secret_managers\": [{\n \"env\": \"MY_SECRET\",\n \"version_name\": \"projects/myProject/secrets/mySecret/versions/latest\",\n }],\n },\n \"artifacts\": {\n \"images\": [\"gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\"],\n \"objects\": {\n \"location\": \"gs://bucket/path/to/somewhere/\",\n \"paths\": [\"path\"],\n },\n \"npm_packages\": [{\n \"package_path\": \"package.json\",\n \"repository\": \"https://us-west1-npm.pkg.dev/myProject/quickstart-nodejs-repo\",\n }],\n \"python_packages\": [{\n \"paths\": [\"dist/*\"],\n \"repository\": \"https://us-west1-python.pkg.dev/myProject/quickstart-python-repo\",\n }],\n \"maven_artifacts\": [{\n \"repository\": \"https://us-west1-maven.pkg.dev/myProject/quickstart-java-repo\",\n \"path\": \"/workspace/my-app/target/my-app-1.0.SNAPSHOT.jar\",\n \"artifact_id\": \"my-app\",\n \"group_id\": \"com.mycompany.app\",\n \"version\": \"1.0\",\n }],\n },\n \"options\": {\n \"source_provenance_hashes\": [\"MD5\"],\n \"requested_verify_option\": \"VERIFIED\",\n \"machine_type\": \"N1_HIGHCPU_8\",\n \"disk_size_gb\": 100,\n \"substitution_option\": \"ALLOW_LOOSE\",\n \"dynamic_substitutions\": True,\n \"log_streaming_option\": \"STREAM_OFF\",\n \"worker_pool\": \"pool\",\n \"logging\": \"LEGACY\",\n \"envs\": [\"ekey = evalue\"],\n \"secret_envs\": [\"secretenv = svalue\"],\n \"volumes\": [{\n \"name\": \"v1\",\n \"path\": \"v1\",\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var build_trigger = new Gcp.CloudBuild.Trigger(\"build-trigger\", new()\n {\n Name = \"my-trigger\",\n Location = \"global\",\n TriggerTemplate = new Gcp.CloudBuild.Inputs.TriggerTriggerTemplateArgs\n {\n BranchName = \"main\",\n RepoName = \"my-repo\",\n },\n Build = new Gcp.CloudBuild.Inputs.TriggerBuildArgs\n {\n Steps = new[]\n {\n new Gcp.CloudBuild.Inputs.TriggerBuildStepArgs\n {\n Name = \"gcr.io/cloud-builders/gsutil\",\n Args = new[]\n {\n \"cp\",\n \"gs://mybucket/remotefile.zip\",\n \"localfile.zip\",\n },\n Timeout = \"120s\",\n SecretEnvs = new[]\n {\n \"MY_SECRET\",\n },\n },\n new Gcp.CloudBuild.Inputs.TriggerBuildStepArgs\n {\n Name = \"ubuntu\",\n Script = \"echo hello\",\n },\n },\n Source = new Gcp.CloudBuild.Inputs.TriggerBuildSourceArgs\n {\n StorageSource = new Gcp.CloudBuild.Inputs.TriggerBuildSourceStorageSourceArgs\n {\n Bucket = \"mybucket\",\n Object = \"source_code.tar.gz\",\n },\n },\n Tags = new[]\n {\n \"build\",\n \"newFeature\",\n },\n Substitutions = \n {\n { \"_FOO\", \"bar\" },\n { \"_BAZ\", \"qux\" },\n },\n QueueTtl = \"20s\",\n LogsBucket = \"gs://mybucket/logs\",\n Secrets = new[]\n {\n new Gcp.CloudBuild.Inputs.TriggerBuildSecretArgs\n {\n KmsKeyName = \"projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\",\n SecretEnv = \n {\n { \"PASSWORD\", \"ZW5jcnlwdGVkLXBhc3N3b3JkCg==\" },\n },\n },\n },\n AvailableSecrets = new Gcp.CloudBuild.Inputs.TriggerBuildAvailableSecretsArgs\n {\n SecretManagers = new[]\n {\n new Gcp.CloudBuild.Inputs.TriggerBuildAvailableSecretsSecretManagerArgs\n {\n Env = \"MY_SECRET\",\n VersionName = \"projects/myProject/secrets/mySecret/versions/latest\",\n },\n },\n },\n Artifacts = new Gcp.CloudBuild.Inputs.TriggerBuildArtifactsArgs\n {\n Images = new[]\n {\n \"gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\",\n },\n Objects = new Gcp.CloudBuild.Inputs.TriggerBuildArtifactsObjectsArgs\n {\n Location = \"gs://bucket/path/to/somewhere/\",\n Paths = new[]\n {\n \"path\",\n },\n },\n NpmPackages = new[]\n {\n new Gcp.CloudBuild.Inputs.TriggerBuildArtifactsNpmPackageArgs\n {\n PackagePath = \"package.json\",\n Repository = \"https://us-west1-npm.pkg.dev/myProject/quickstart-nodejs-repo\",\n },\n },\n PythonPackages = new[]\n {\n new Gcp.CloudBuild.Inputs.TriggerBuildArtifactsPythonPackageArgs\n {\n Paths = new[]\n {\n \"dist/*\",\n },\n Repository = \"https://us-west1-python.pkg.dev/myProject/quickstart-python-repo\",\n },\n },\n MavenArtifacts = new[]\n {\n new Gcp.CloudBuild.Inputs.TriggerBuildArtifactsMavenArtifactArgs\n {\n Repository = \"https://us-west1-maven.pkg.dev/myProject/quickstart-java-repo\",\n Path = \"/workspace/my-app/target/my-app-1.0.SNAPSHOT.jar\",\n ArtifactId = \"my-app\",\n GroupId = \"com.mycompany.app\",\n Version = \"1.0\",\n },\n },\n },\n Options = new Gcp.CloudBuild.Inputs.TriggerBuildOptionsArgs\n {\n SourceProvenanceHashes = new[]\n {\n \"MD5\",\n },\n RequestedVerifyOption = \"VERIFIED\",\n MachineType = \"N1_HIGHCPU_8\",\n DiskSizeGb = 100,\n SubstitutionOption = \"ALLOW_LOOSE\",\n DynamicSubstitutions = true,\n LogStreamingOption = \"STREAM_OFF\",\n WorkerPool = \"pool\",\n Logging = \"LEGACY\",\n Envs = new[]\n {\n \"ekey = evalue\",\n },\n SecretEnvs = new[]\n {\n \"secretenv = svalue\",\n },\n Volumes = new[]\n {\n new Gcp.CloudBuild.Inputs.TriggerBuildOptionsVolumeArgs\n {\n Name = \"v1\",\n Path = \"v1\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuild.NewTrigger(ctx, \"build-trigger\", \u0026cloudbuild.TriggerArgs{\n\t\t\tName: pulumi.String(\"my-trigger\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tTriggerTemplate: \u0026cloudbuild.TriggerTriggerTemplateArgs{\n\t\t\t\tBranchName: pulumi.String(\"main\"),\n\t\t\t\tRepoName: pulumi.String(\"my-repo\"),\n\t\t\t},\n\t\t\tBuild: \u0026cloudbuild.TriggerBuildArgs{\n\t\t\t\tSteps: cloudbuild.TriggerBuildStepArray{\n\t\t\t\t\t\u0026cloudbuild.TriggerBuildStepArgs{\n\t\t\t\t\t\tName: pulumi.String(\"gcr.io/cloud-builders/gsutil\"),\n\t\t\t\t\t\tArgs: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"cp\"),\n\t\t\t\t\t\t\tpulumi.String(\"gs://mybucket/remotefile.zip\"),\n\t\t\t\t\t\t\tpulumi.String(\"localfile.zip\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tTimeout: pulumi.String(\"120s\"),\n\t\t\t\t\t\tSecretEnvs: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"MY_SECRET\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026cloudbuild.TriggerBuildStepArgs{\n\t\t\t\t\t\tName: pulumi.String(\"ubuntu\"),\n\t\t\t\t\t\tScript: pulumi.String(\"echo hello\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tSource: \u0026cloudbuild.TriggerBuildSourceArgs{\n\t\t\t\t\tStorageSource: \u0026cloudbuild.TriggerBuildSourceStorageSourceArgs{\n\t\t\t\t\t\tBucket: pulumi.String(\"mybucket\"),\n\t\t\t\t\t\tObject: pulumi.String(\"source_code.tar.gz\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tTags: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"build\"),\n\t\t\t\t\tpulumi.String(\"newFeature\"),\n\t\t\t\t},\n\t\t\t\tSubstitutions: pulumi.StringMap{\n\t\t\t\t\t\"_FOO\": pulumi.String(\"bar\"),\n\t\t\t\t\t\"_BAZ\": pulumi.String(\"qux\"),\n\t\t\t\t},\n\t\t\t\tQueueTtl: pulumi.String(\"20s\"),\n\t\t\t\tLogsBucket: pulumi.String(\"gs://mybucket/logs\"),\n\t\t\t\tSecrets: cloudbuild.TriggerBuildSecretArray{\n\t\t\t\t\t\u0026cloudbuild.TriggerBuildSecretArgs{\n\t\t\t\t\t\tKmsKeyName: pulumi.String(\"projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\"),\n\t\t\t\t\t\tSecretEnv: pulumi.StringMap{\n\t\t\t\t\t\t\t\"PASSWORD\": pulumi.String(\"ZW5jcnlwdGVkLXBhc3N3b3JkCg==\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tAvailableSecrets: \u0026cloudbuild.TriggerBuildAvailableSecretsArgs{\n\t\t\t\t\tSecretManagers: cloudbuild.TriggerBuildAvailableSecretsSecretManagerArray{\n\t\t\t\t\t\t\u0026cloudbuild.TriggerBuildAvailableSecretsSecretManagerArgs{\n\t\t\t\t\t\t\tEnv: pulumi.String(\"MY_SECRET\"),\n\t\t\t\t\t\t\tVersionName: pulumi.String(\"projects/myProject/secrets/mySecret/versions/latest\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tArtifacts: \u0026cloudbuild.TriggerBuildArtifactsArgs{\n\t\t\t\t\tImages: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\"),\n\t\t\t\t\t},\n\t\t\t\t\tObjects: \u0026cloudbuild.TriggerBuildArtifactsObjectsArgs{\n\t\t\t\t\t\tLocation: pulumi.String(\"gs://bucket/path/to/somewhere/\"),\n\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"path\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tNpmPackages: cloudbuild.TriggerBuildArtifactsNpmPackageArray{\n\t\t\t\t\t\t\u0026cloudbuild.TriggerBuildArtifactsNpmPackageArgs{\n\t\t\t\t\t\t\tPackagePath: pulumi.String(\"package.json\"),\n\t\t\t\t\t\t\tRepository: pulumi.String(\"https://us-west1-npm.pkg.dev/myProject/quickstart-nodejs-repo\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tPythonPackages: cloudbuild.TriggerBuildArtifactsPythonPackageArray{\n\t\t\t\t\t\t\u0026cloudbuild.TriggerBuildArtifactsPythonPackageArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"dist/*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tRepository: pulumi.String(\"https://us-west1-python.pkg.dev/myProject/quickstart-python-repo\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tMavenArtifacts: cloudbuild.TriggerBuildArtifactsMavenArtifactArray{\n\t\t\t\t\t\t\u0026cloudbuild.TriggerBuildArtifactsMavenArtifactArgs{\n\t\t\t\t\t\t\tRepository: pulumi.String(\"https://us-west1-maven.pkg.dev/myProject/quickstart-java-repo\"),\n\t\t\t\t\t\t\tPath: pulumi.String(\"/workspace/my-app/target/my-app-1.0.SNAPSHOT.jar\"),\n\t\t\t\t\t\t\tArtifactId: pulumi.String(\"my-app\"),\n\t\t\t\t\t\t\tGroupId: pulumi.String(\"com.mycompany.app\"),\n\t\t\t\t\t\t\tVersion: pulumi.String(\"1.0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tOptions: \u0026cloudbuild.TriggerBuildOptionsArgs{\n\t\t\t\t\tSourceProvenanceHashes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"MD5\"),\n\t\t\t\t\t},\n\t\t\t\t\tRequestedVerifyOption: pulumi.String(\"VERIFIED\"),\n\t\t\t\t\tMachineType: pulumi.String(\"N1_HIGHCPU_8\"),\n\t\t\t\t\tDiskSizeGb: pulumi.Int(100),\n\t\t\t\t\tSubstitutionOption: pulumi.String(\"ALLOW_LOOSE\"),\n\t\t\t\t\tDynamicSubstitutions: pulumi.Bool(true),\n\t\t\t\t\tLogStreamingOption: pulumi.String(\"STREAM_OFF\"),\n\t\t\t\t\tWorkerPool: pulumi.String(\"pool\"),\n\t\t\t\t\tLogging: pulumi.String(\"LEGACY\"),\n\t\t\t\t\tEnvs: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"ekey = evalue\"),\n\t\t\t\t\t},\n\t\t\t\t\tSecretEnvs: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"secretenv = svalue\"),\n\t\t\t\t\t},\n\t\t\t\t\tVolumes: cloudbuild.TriggerBuildOptionsVolumeArray{\n\t\t\t\t\t\t\u0026cloudbuild.TriggerBuildOptionsVolumeArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"v1\"),\n\t\t\t\t\t\t\tPath: pulumi.String(\"v1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuild.Trigger;\nimport com.pulumi.gcp.cloudbuild.TriggerArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerTriggerTemplateArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildSourceArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildSourceStorageSourceArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildAvailableSecretsArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildArtifactsArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildArtifactsObjectsArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var build_trigger = new Trigger(\"build-trigger\", TriggerArgs.builder()\n .name(\"my-trigger\")\n .location(\"global\")\n .triggerTemplate(TriggerTriggerTemplateArgs.builder()\n .branchName(\"main\")\n .repoName(\"my-repo\")\n .build())\n .build(TriggerBuildArgs.builder()\n .steps( \n TriggerBuildStepArgs.builder()\n .name(\"gcr.io/cloud-builders/gsutil\")\n .args( \n \"cp\",\n \"gs://mybucket/remotefile.zip\",\n \"localfile.zip\")\n .timeout(\"120s\")\n .secretEnvs(\"MY_SECRET\")\n .build(),\n TriggerBuildStepArgs.builder()\n .name(\"ubuntu\")\n .script(\"echo hello\")\n .build())\n .source(TriggerBuildSourceArgs.builder()\n .storageSource(TriggerBuildSourceStorageSourceArgs.builder()\n .bucket(\"mybucket\")\n .object(\"source_code.tar.gz\")\n .build())\n .build())\n .tags( \n \"build\",\n \"newFeature\")\n .substitutions(Map.ofEntries(\n Map.entry(\"_FOO\", \"bar\"),\n Map.entry(\"_BAZ\", \"qux\")\n ))\n .queueTtl(\"20s\")\n .logsBucket(\"gs://mybucket/logs\")\n .secrets(TriggerBuildSecretArgs.builder()\n .kmsKeyName(\"projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\")\n .secretEnv(Map.of(\"PASSWORD\", \"ZW5jcnlwdGVkLXBhc3N3b3JkCg==\"))\n .build())\n .availableSecrets(TriggerBuildAvailableSecretsArgs.builder()\n .secretManagers(TriggerBuildAvailableSecretsSecretManagerArgs.builder()\n .env(\"MY_SECRET\")\n .versionName(\"projects/myProject/secrets/mySecret/versions/latest\")\n .build())\n .build())\n .artifacts(TriggerBuildArtifactsArgs.builder()\n .images(\"gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\")\n .objects(TriggerBuildArtifactsObjectsArgs.builder()\n .location(\"gs://bucket/path/to/somewhere/\")\n .paths(\"path\")\n .build())\n .npmPackages(TriggerBuildArtifactsNpmPackageArgs.builder()\n .packagePath(\"package.json\")\n .repository(\"https://us-west1-npm.pkg.dev/myProject/quickstart-nodejs-repo\")\n .build())\n .pythonPackages(TriggerBuildArtifactsPythonPackageArgs.builder()\n .paths(\"dist/*\")\n .repository(\"https://us-west1-python.pkg.dev/myProject/quickstart-python-repo\")\n .build())\n .mavenArtifacts(TriggerBuildArtifactsMavenArtifactArgs.builder()\n .repository(\"https://us-west1-maven.pkg.dev/myProject/quickstart-java-repo\")\n .path(\"/workspace/my-app/target/my-app-1.0.SNAPSHOT.jar\")\n .artifactId(\"my-app\")\n .groupId(\"com.mycompany.app\")\n .version(\"1.0\")\n .build())\n .build())\n .options(TriggerBuildOptionsArgs.builder()\n .sourceProvenanceHashes(\"MD5\")\n .requestedVerifyOption(\"VERIFIED\")\n .machineType(\"N1_HIGHCPU_8\")\n .diskSizeGb(100)\n .substitutionOption(\"ALLOW_LOOSE\")\n .dynamicSubstitutions(true)\n .logStreamingOption(\"STREAM_OFF\")\n .workerPool(\"pool\")\n .logging(\"LEGACY\")\n .envs(\"ekey = evalue\")\n .secretEnvs(\"secretenv = svalue\")\n .volumes(TriggerBuildOptionsVolumeArgs.builder()\n .name(\"v1\")\n .path(\"v1\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n build-trigger:\n type: gcp:cloudbuild:Trigger\n properties:\n name: my-trigger\n location: global\n triggerTemplate:\n branchName: main\n repoName: my-repo\n build:\n steps:\n - name: gcr.io/cloud-builders/gsutil\n args:\n - cp\n - gs://mybucket/remotefile.zip\n - localfile.zip\n timeout: 120s\n secretEnvs:\n - MY_SECRET\n - name: ubuntu\n script: echo hello\n source:\n storageSource:\n bucket: mybucket\n object: source_code.tar.gz\n tags:\n - build\n - newFeature\n substitutions:\n _FOO: bar\n _BAZ: qux\n queueTtl: 20s\n logsBucket: gs://mybucket/logs\n secrets:\n - kmsKeyName: projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\n secretEnv:\n PASSWORD: ZW5jcnlwdGVkLXBhc3N3b3JkCg==\n availableSecrets:\n secretManagers:\n - env: MY_SECRET\n versionName: projects/myProject/secrets/mySecret/versions/latest\n artifacts:\n images:\n - gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\n objects:\n location: gs://bucket/path/to/somewhere/\n paths:\n - path\n npmPackages:\n - packagePath: package.json\n repository: https://us-west1-npm.pkg.dev/myProject/quickstart-nodejs-repo\n pythonPackages:\n - paths:\n - dist/*\n repository: https://us-west1-python.pkg.dev/myProject/quickstart-python-repo\n mavenArtifacts:\n - repository: https://us-west1-maven.pkg.dev/myProject/quickstart-java-repo\n path: /workspace/my-app/target/my-app-1.0.SNAPSHOT.jar\n artifactId: my-app\n groupId: com.mycompany.app\n version: '1.0'\n options:\n sourceProvenanceHashes:\n - MD5\n requestedVerifyOption: VERIFIED\n machineType: N1_HIGHCPU_8\n diskSizeGb: 100\n substitutionOption: ALLOW_LOOSE\n dynamicSubstitutions: true\n logStreamingOption: STREAM_OFF\n workerPool: pool\n logging: LEGACY\n envs:\n - ekey = evalue\n secretEnvs:\n - secretenv = svalue\n volumes:\n - name: v1\n path: v1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuild Trigger Service Account\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst cloudbuildServiceAccount = new gcp.serviceaccount.Account(\"cloudbuild_service_account\", {accountId: \"cloud-sa\"});\nconst actAs = new gcp.projects.IAMMember(\"act_as\", {\n project: project.then(project =\u003e project.projectId),\n role: \"roles/iam.serviceAccountUser\",\n member: pulumi.interpolate`serviceAccount:${cloudbuildServiceAccount.email}`,\n});\nconst logsWriter = new gcp.projects.IAMMember(\"logs_writer\", {\n project: project.then(project =\u003e project.projectId),\n role: \"roles/logging.logWriter\",\n member: pulumi.interpolate`serviceAccount:${cloudbuildServiceAccount.email}`,\n});\nconst service_account_trigger = new gcp.cloudbuild.Trigger(\"service-account-trigger\", {\n triggerTemplate: {\n branchName: \"main\",\n repoName: \"my-repo\",\n },\n serviceAccount: cloudbuildServiceAccount.id,\n filename: \"cloudbuild.yaml\",\n}, {\n dependsOn: [\n actAs,\n logsWriter,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ncloudbuild_service_account = gcp.serviceaccount.Account(\"cloudbuild_service_account\", account_id=\"cloud-sa\")\nact_as = gcp.projects.IAMMember(\"act_as\",\n project=project.project_id,\n role=\"roles/iam.serviceAccountUser\",\n member=cloudbuild_service_account.email.apply(lambda email: f\"serviceAccount:{email}\"))\nlogs_writer = gcp.projects.IAMMember(\"logs_writer\",\n project=project.project_id,\n role=\"roles/logging.logWriter\",\n member=cloudbuild_service_account.email.apply(lambda email: f\"serviceAccount:{email}\"))\nservice_account_trigger = gcp.cloudbuild.Trigger(\"service-account-trigger\",\n trigger_template={\n \"branch_name\": \"main\",\n \"repo_name\": \"my-repo\",\n },\n service_account=cloudbuild_service_account.id,\n filename=\"cloudbuild.yaml\",\n opts = pulumi.ResourceOptions(depends_on=[\n act_as,\n logs_writer,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var cloudbuildServiceAccount = new Gcp.ServiceAccount.Account(\"cloudbuild_service_account\", new()\n {\n AccountId = \"cloud-sa\",\n });\n\n var actAs = new Gcp.Projects.IAMMember(\"act_as\", new()\n {\n Project = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n Role = \"roles/iam.serviceAccountUser\",\n Member = cloudbuildServiceAccount.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n var logsWriter = new Gcp.Projects.IAMMember(\"logs_writer\", new()\n {\n Project = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n Role = \"roles/logging.logWriter\",\n Member = cloudbuildServiceAccount.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n var service_account_trigger = new Gcp.CloudBuild.Trigger(\"service-account-trigger\", new()\n {\n TriggerTemplate = new Gcp.CloudBuild.Inputs.TriggerTriggerTemplateArgs\n {\n BranchName = \"main\",\n RepoName = \"my-repo\",\n },\n ServiceAccount = cloudbuildServiceAccount.Id,\n Filename = \"cloudbuild.yaml\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n actAs,\n logsWriter,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcloudbuildServiceAccount, err := serviceaccount.NewAccount(ctx, \"cloudbuild_service_account\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"cloud-sa\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tactAs, err := projects.NewIAMMember(ctx, \"act_as\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(project.ProjectId),\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: cloudbuildServiceAccount.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlogsWriter, err := projects.NewIAMMember(ctx, \"logs_writer\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(project.ProjectId),\n\t\t\tRole: pulumi.String(\"roles/logging.logWriter\"),\n\t\t\tMember: cloudbuildServiceAccount.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuild.NewTrigger(ctx, \"service-account-trigger\", \u0026cloudbuild.TriggerArgs{\n\t\t\tTriggerTemplate: \u0026cloudbuild.TriggerTriggerTemplateArgs{\n\t\t\t\tBranchName: pulumi.String(\"main\"),\n\t\t\t\tRepoName: pulumi.String(\"my-repo\"),\n\t\t\t},\n\t\t\tServiceAccount: cloudbuildServiceAccount.ID(),\n\t\t\tFilename: pulumi.String(\"cloudbuild.yaml\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tactAs,\n\t\t\tlogsWriter,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.cloudbuild.Trigger;\nimport com.pulumi.gcp.cloudbuild.TriggerArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerTriggerTemplateArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var cloudbuildServiceAccount = new Account(\"cloudbuildServiceAccount\", AccountArgs.builder()\n .accountId(\"cloud-sa\")\n .build());\n\n var actAs = new IAMMember(\"actAs\", IAMMemberArgs.builder()\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .role(\"roles/iam.serviceAccountUser\")\n .member(cloudbuildServiceAccount.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n var logsWriter = new IAMMember(\"logsWriter\", IAMMemberArgs.builder()\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .role(\"roles/logging.logWriter\")\n .member(cloudbuildServiceAccount.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n var service_account_trigger = new Trigger(\"service-account-trigger\", TriggerArgs.builder()\n .triggerTemplate(TriggerTriggerTemplateArgs.builder()\n .branchName(\"main\")\n .repoName(\"my-repo\")\n .build())\n .serviceAccount(cloudbuildServiceAccount.id())\n .filename(\"cloudbuild.yaml\")\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n actAs,\n logsWriter)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n service-account-trigger:\n type: gcp:cloudbuild:Trigger\n properties:\n triggerTemplate:\n branchName: main\n repoName: my-repo\n serviceAccount: ${cloudbuildServiceAccount.id}\n filename: cloudbuild.yaml\n options:\n dependson:\n - ${actAs}\n - ${logsWriter}\n cloudbuildServiceAccount:\n type: gcp:serviceaccount:Account\n name: cloudbuild_service_account\n properties:\n accountId: cloud-sa\n actAs:\n type: gcp:projects:IAMMember\n name: act_as\n properties:\n project: ${project.projectId}\n role: roles/iam.serviceAccountUser\n member: serviceAccount:${cloudbuildServiceAccount.email}\n logsWriter:\n type: gcp:projects:IAMMember\n name: logs_writer\n properties:\n project: ${project.projectId}\n role: roles/logging.logWriter\n member: serviceAccount:${cloudbuildServiceAccount.email}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuild Trigger Include Build Logs\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst include_build_logs_trigger = new gcp.cloudbuild.Trigger(\"include-build-logs-trigger\", {\n location: \"us-central1\",\n name: \"include-build-logs-trigger\",\n filename: \"cloudbuild.yaml\",\n github: {\n owner: \"hashicorp\",\n name: \"terraform-provider-google-beta\",\n push: {\n branch: \"^main$\",\n },\n },\n includeBuildLogs: \"INCLUDE_BUILD_LOGS_WITH_STATUS\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninclude_build_logs_trigger = gcp.cloudbuild.Trigger(\"include-build-logs-trigger\",\n location=\"us-central1\",\n name=\"include-build-logs-trigger\",\n filename=\"cloudbuild.yaml\",\n github={\n \"owner\": \"hashicorp\",\n \"name\": \"terraform-provider-google-beta\",\n \"push\": {\n \"branch\": \"^main$\",\n },\n },\n include_build_logs=\"INCLUDE_BUILD_LOGS_WITH_STATUS\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var include_build_logs_trigger = new Gcp.CloudBuild.Trigger(\"include-build-logs-trigger\", new()\n {\n Location = \"us-central1\",\n Name = \"include-build-logs-trigger\",\n Filename = \"cloudbuild.yaml\",\n Github = new Gcp.CloudBuild.Inputs.TriggerGithubArgs\n {\n Owner = \"hashicorp\",\n Name = \"terraform-provider-google-beta\",\n Push = new Gcp.CloudBuild.Inputs.TriggerGithubPushArgs\n {\n Branch = \"^main$\",\n },\n },\n IncludeBuildLogs = \"INCLUDE_BUILD_LOGS_WITH_STATUS\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuild.NewTrigger(ctx, \"include-build-logs-trigger\", \u0026cloudbuild.TriggerArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"include-build-logs-trigger\"),\n\t\t\tFilename: pulumi.String(\"cloudbuild.yaml\"),\n\t\t\tGithub: \u0026cloudbuild.TriggerGithubArgs{\n\t\t\t\tOwner: pulumi.String(\"hashicorp\"),\n\t\t\t\tName: pulumi.String(\"terraform-provider-google-beta\"),\n\t\t\t\tPush: \u0026cloudbuild.TriggerGithubPushArgs{\n\t\t\t\t\tBranch: pulumi.String(\"^main$\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tIncludeBuildLogs: pulumi.String(\"INCLUDE_BUILD_LOGS_WITH_STATUS\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuild.Trigger;\nimport com.pulumi.gcp.cloudbuild.TriggerArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerGithubArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerGithubPushArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var include_build_logs_trigger = new Trigger(\"include-build-logs-trigger\", TriggerArgs.builder()\n .location(\"us-central1\")\n .name(\"include-build-logs-trigger\")\n .filename(\"cloudbuild.yaml\")\n .github(TriggerGithubArgs.builder()\n .owner(\"hashicorp\")\n .name(\"terraform-provider-google-beta\")\n .push(TriggerGithubPushArgs.builder()\n .branch(\"^main$\")\n .build())\n .build())\n .includeBuildLogs(\"INCLUDE_BUILD_LOGS_WITH_STATUS\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n include-build-logs-trigger:\n type: gcp:cloudbuild:Trigger\n properties:\n location: us-central1\n name: include-build-logs-trigger\n filename: cloudbuild.yaml\n github:\n owner: hashicorp\n name: terraform-provider-google-beta\n push:\n branch: ^main$\n includeBuildLogs: INCLUDE_BUILD_LOGS_WITH_STATUS\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuild Trigger Pubsub Config\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst mytopic = new gcp.pubsub.Topic(\"mytopic\", {name: \"my-topic\"});\nconst pubsub_config_trigger = new gcp.cloudbuild.Trigger(\"pubsub-config-trigger\", {\n location: \"us-central1\",\n name: \"pubsub-trigger\",\n description: \"acceptance test example pubsub build trigger\",\n pubsubConfig: {\n topic: mytopic.id,\n },\n sourceToBuild: {\n uri: \"https://hashicorp/terraform-provider-google-beta\",\n ref: \"refs/heads/main\",\n repoType: \"GITHUB\",\n },\n gitFileSource: {\n path: \"cloudbuild.yaml\",\n uri: \"https://hashicorp/terraform-provider-google-beta\",\n revision: \"refs/heads/main\",\n repoType: \"GITHUB\",\n },\n substitutions: {\n _ACTION: \"$(body.message.data.action)\",\n },\n filter: \"_ACTION.matches('INSERT')\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmytopic = gcp.pubsub.Topic(\"mytopic\", name=\"my-topic\")\npubsub_config_trigger = gcp.cloudbuild.Trigger(\"pubsub-config-trigger\",\n location=\"us-central1\",\n name=\"pubsub-trigger\",\n description=\"acceptance test example pubsub build trigger\",\n pubsub_config={\n \"topic\": mytopic.id,\n },\n source_to_build={\n \"uri\": \"https://hashicorp/terraform-provider-google-beta\",\n \"ref\": \"refs/heads/main\",\n \"repo_type\": \"GITHUB\",\n },\n git_file_source={\n \"path\": \"cloudbuild.yaml\",\n \"uri\": \"https://hashicorp/terraform-provider-google-beta\",\n \"revision\": \"refs/heads/main\",\n \"repo_type\": \"GITHUB\",\n },\n substitutions={\n \"_ACTION\": \"$(body.message.data.action)\",\n },\n filter=\"_ACTION.matches('INSERT')\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var mytopic = new Gcp.PubSub.Topic(\"mytopic\", new()\n {\n Name = \"my-topic\",\n });\n\n var pubsub_config_trigger = new Gcp.CloudBuild.Trigger(\"pubsub-config-trigger\", new()\n {\n Location = \"us-central1\",\n Name = \"pubsub-trigger\",\n Description = \"acceptance test example pubsub build trigger\",\n PubsubConfig = new Gcp.CloudBuild.Inputs.TriggerPubsubConfigArgs\n {\n Topic = mytopic.Id,\n },\n SourceToBuild = new Gcp.CloudBuild.Inputs.TriggerSourceToBuildArgs\n {\n Uri = \"https://hashicorp/terraform-provider-google-beta\",\n Ref = \"refs/heads/main\",\n RepoType = \"GITHUB\",\n },\n GitFileSource = new Gcp.CloudBuild.Inputs.TriggerGitFileSourceArgs\n {\n Path = \"cloudbuild.yaml\",\n Uri = \"https://hashicorp/terraform-provider-google-beta\",\n Revision = \"refs/heads/main\",\n RepoType = \"GITHUB\",\n },\n Substitutions = \n {\n { \"_ACTION\", \"$(body.message.data.action)\" },\n },\n Filter = \"_ACTION.matches('INSERT')\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmytopic, err := pubsub.NewTopic(ctx, \"mytopic\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"my-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuild.NewTrigger(ctx, \"pubsub-config-trigger\", \u0026cloudbuild.TriggerArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"pubsub-trigger\"),\n\t\t\tDescription: pulumi.String(\"acceptance test example pubsub build trigger\"),\n\t\t\tPubsubConfig: \u0026cloudbuild.TriggerPubsubConfigArgs{\n\t\t\t\tTopic: mytopic.ID(),\n\t\t\t},\n\t\t\tSourceToBuild: \u0026cloudbuild.TriggerSourceToBuildArgs{\n\t\t\t\tUri: pulumi.String(\"https://hashicorp/terraform-provider-google-beta\"),\n\t\t\t\tRef: pulumi.String(\"refs/heads/main\"),\n\t\t\t\tRepoType: pulumi.String(\"GITHUB\"),\n\t\t\t},\n\t\t\tGitFileSource: \u0026cloudbuild.TriggerGitFileSourceArgs{\n\t\t\t\tPath: pulumi.String(\"cloudbuild.yaml\"),\n\t\t\t\tUri: pulumi.String(\"https://hashicorp/terraform-provider-google-beta\"),\n\t\t\t\tRevision: pulumi.String(\"refs/heads/main\"),\n\t\t\t\tRepoType: pulumi.String(\"GITHUB\"),\n\t\t\t},\n\t\t\tSubstitutions: pulumi.StringMap{\n\t\t\t\t\"_ACTION\": pulumi.String(\"$(body.message.data.action)\"),\n\t\t\t},\n\t\t\tFilter: pulumi.String(\"_ACTION.matches('INSERT')\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.cloudbuild.Trigger;\nimport com.pulumi.gcp.cloudbuild.TriggerArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerPubsubConfigArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerSourceToBuildArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerGitFileSourceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var mytopic = new Topic(\"mytopic\", TopicArgs.builder()\n .name(\"my-topic\")\n .build());\n\n var pubsub_config_trigger = new Trigger(\"pubsub-config-trigger\", TriggerArgs.builder()\n .location(\"us-central1\")\n .name(\"pubsub-trigger\")\n .description(\"acceptance test example pubsub build trigger\")\n .pubsubConfig(TriggerPubsubConfigArgs.builder()\n .topic(mytopic.id())\n .build())\n .sourceToBuild(TriggerSourceToBuildArgs.builder()\n .uri(\"https://hashicorp/terraform-provider-google-beta\")\n .ref(\"refs/heads/main\")\n .repoType(\"GITHUB\")\n .build())\n .gitFileSource(TriggerGitFileSourceArgs.builder()\n .path(\"cloudbuild.yaml\")\n .uri(\"https://hashicorp/terraform-provider-google-beta\")\n .revision(\"refs/heads/main\")\n .repoType(\"GITHUB\")\n .build())\n .substitutions(Map.of(\"_ACTION\", \"$(body.message.data.action)\"))\n .filter(\"_ACTION.matches('INSERT')\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n mytopic:\n type: gcp:pubsub:Topic\n properties:\n name: my-topic\n pubsub-config-trigger:\n type: gcp:cloudbuild:Trigger\n properties:\n location: us-central1\n name: pubsub-trigger\n description: acceptance test example pubsub build trigger\n pubsubConfig:\n topic: ${mytopic.id}\n sourceToBuild:\n uri: https://hashicorp/terraform-provider-google-beta\n ref: refs/heads/main\n repoType: GITHUB\n gitFileSource:\n path: cloudbuild.yaml\n uri: https://hashicorp/terraform-provider-google-beta\n revision: refs/heads/main\n repoType: GITHUB\n substitutions:\n _ACTION: $(body.message.data.action)\n filter: _ACTION.matches('INSERT')\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuild Trigger Webhook Config\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst webhookTriggerSecretKey = new gcp.secretmanager.Secret(\"webhook_trigger_secret_key\", {\n secretId: \"webhook-trigger-secret-key\",\n replication: {\n userManaged: {\n replicas: [{\n location: \"us-central1\",\n }],\n },\n },\n});\nconst webhookTriggerSecretKeyData = new gcp.secretmanager.SecretVersion(\"webhook_trigger_secret_key_data\", {\n secret: webhookTriggerSecretKey.id,\n secretData: \"secretkeygoeshere\",\n});\nconst project = gcp.organizations.getProject({});\nconst secretAccessor = project.then(project =\u003e gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [`serviceAccount:service-${project.number}@gcp-sa-cloudbuild.iam.gserviceaccount.com`],\n }],\n}));\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: webhookTriggerSecretKey.project,\n secretId: webhookTriggerSecretKey.secretId,\n policyData: secretAccessor.then(secretAccessor =\u003e secretAccessor.policyData),\n});\nconst webhook_config_trigger = new gcp.cloudbuild.Trigger(\"webhook-config-trigger\", {\n name: \"webhook-trigger\",\n description: \"acceptance test example webhook build trigger\",\n webhookConfig: {\n secret: webhookTriggerSecretKeyData.id,\n },\n sourceToBuild: {\n uri: \"https://hashicorp/terraform-provider-google-beta\",\n ref: \"refs/heads/main\",\n repoType: \"GITHUB\",\n },\n gitFileSource: {\n path: \"cloudbuild.yaml\",\n uri: \"https://hashicorp/terraform-provider-google-beta\",\n revision: \"refs/heads/main\",\n repoType: \"GITHUB\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nwebhook_trigger_secret_key = gcp.secretmanager.Secret(\"webhook_trigger_secret_key\",\n secret_id=\"webhook-trigger-secret-key\",\n replication={\n \"user_managed\": {\n \"replicas\": [{\n \"location\": \"us-central1\",\n }],\n },\n })\nwebhook_trigger_secret_key_data = gcp.secretmanager.SecretVersion(\"webhook_trigger_secret_key_data\",\n secret=webhook_trigger_secret_key.id,\n secret_data=\"secretkeygoeshere\")\nproject = gcp.organizations.get_project()\nsecret_accessor = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [f\"serviceAccount:service-{project.number}@gcp-sa-cloudbuild.iam.gserviceaccount.com\"],\n}])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=webhook_trigger_secret_key.project,\n secret_id=webhook_trigger_secret_key.secret_id,\n policy_data=secret_accessor.policy_data)\nwebhook_config_trigger = gcp.cloudbuild.Trigger(\"webhook-config-trigger\",\n name=\"webhook-trigger\",\n description=\"acceptance test example webhook build trigger\",\n webhook_config={\n \"secret\": webhook_trigger_secret_key_data.id,\n },\n source_to_build={\n \"uri\": \"https://hashicorp/terraform-provider-google-beta\",\n \"ref\": \"refs/heads/main\",\n \"repo_type\": \"GITHUB\",\n },\n git_file_source={\n \"path\": \"cloudbuild.yaml\",\n \"uri\": \"https://hashicorp/terraform-provider-google-beta\",\n \"revision\": \"refs/heads/main\",\n \"repo_type\": \"GITHUB\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var webhookTriggerSecretKey = new Gcp.SecretManager.Secret(\"webhook_trigger_secret_key\", new()\n {\n SecretId = \"webhook-trigger-secret-key\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n UserManaged = new Gcp.SecretManager.Inputs.SecretReplicationUserManagedArgs\n {\n Replicas = new[]\n {\n new Gcp.SecretManager.Inputs.SecretReplicationUserManagedReplicaArgs\n {\n Location = \"us-central1\",\n },\n },\n },\n },\n });\n\n var webhookTriggerSecretKeyData = new Gcp.SecretManager.SecretVersion(\"webhook_trigger_secret_key_data\", new()\n {\n Secret = webhookTriggerSecretKey.Id,\n SecretData = \"secretkeygoeshere\",\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var secretAccessor = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-cloudbuild.iam.gserviceaccount.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = webhookTriggerSecretKey.Project,\n SecretId = webhookTriggerSecretKey.SecretId,\n PolicyData = secretAccessor.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n var webhook_config_trigger = new Gcp.CloudBuild.Trigger(\"webhook-config-trigger\", new()\n {\n Name = \"webhook-trigger\",\n Description = \"acceptance test example webhook build trigger\",\n WebhookConfig = new Gcp.CloudBuild.Inputs.TriggerWebhookConfigArgs\n {\n Secret = webhookTriggerSecretKeyData.Id,\n },\n SourceToBuild = new Gcp.CloudBuild.Inputs.TriggerSourceToBuildArgs\n {\n Uri = \"https://hashicorp/terraform-provider-google-beta\",\n Ref = \"refs/heads/main\",\n RepoType = \"GITHUB\",\n },\n GitFileSource = new Gcp.CloudBuild.Inputs.TriggerGitFileSourceArgs\n {\n Path = \"cloudbuild.yaml\",\n Uri = \"https://hashicorp/terraform-provider-google-beta\",\n Revision = \"refs/heads/main\",\n RepoType = \"GITHUB\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\twebhookTriggerSecretKey, err := secretmanager.NewSecret(ctx, \"webhook_trigger_secret_key\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"webhook-trigger-secret-key\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tUserManaged: \u0026secretmanager.SecretReplicationUserManagedArgs{\n\t\t\t\t\tReplicas: secretmanager.SecretReplicationUserManagedReplicaArray{\n\t\t\t\t\t\t\u0026secretmanager.SecretReplicationUserManagedReplicaArgs{\n\t\t\t\t\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twebhookTriggerSecretKeyData, err := secretmanager.NewSecretVersion(ctx, \"webhook_trigger_secret_key_data\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: webhookTriggerSecretKey.ID(),\n\t\t\tSecretData: pulumi.String(\"secretkeygoeshere\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecretAccessor, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\tfmt.Sprintf(\"serviceAccount:service-%v@gcp-sa-cloudbuild.iam.gserviceaccount.com\", project.Number),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: webhookTriggerSecretKey.Project,\n\t\t\tSecretId: webhookTriggerSecretKey.SecretId,\n\t\t\tPolicyData: pulumi.String(secretAccessor.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuild.NewTrigger(ctx, \"webhook-config-trigger\", \u0026cloudbuild.TriggerArgs{\n\t\t\tName: pulumi.String(\"webhook-trigger\"),\n\t\t\tDescription: pulumi.String(\"acceptance test example webhook build trigger\"),\n\t\t\tWebhookConfig: \u0026cloudbuild.TriggerWebhookConfigArgs{\n\t\t\t\tSecret: webhookTriggerSecretKeyData.ID(),\n\t\t\t},\n\t\t\tSourceToBuild: \u0026cloudbuild.TriggerSourceToBuildArgs{\n\t\t\t\tUri: pulumi.String(\"https://hashicorp/terraform-provider-google-beta\"),\n\t\t\t\tRef: pulumi.String(\"refs/heads/main\"),\n\t\t\t\tRepoType: pulumi.String(\"GITHUB\"),\n\t\t\t},\n\t\t\tGitFileSource: \u0026cloudbuild.TriggerGitFileSourceArgs{\n\t\t\t\tPath: pulumi.String(\"cloudbuild.yaml\"),\n\t\t\t\tUri: pulumi.String(\"https://hashicorp/terraform-provider-google-beta\"),\n\t\t\t\tRevision: pulumi.String(\"refs/heads/main\"),\n\t\t\t\tRepoType: pulumi.String(\"GITHUB\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationUserManagedArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport com.pulumi.gcp.cloudbuild.Trigger;\nimport com.pulumi.gcp.cloudbuild.TriggerArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerWebhookConfigArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerSourceToBuildArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerGitFileSourceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var webhookTriggerSecretKey = new Secret(\"webhookTriggerSecretKey\", SecretArgs.builder()\n .secretId(\"webhook-trigger-secret-key\")\n .replication(SecretReplicationArgs.builder()\n .userManaged(SecretReplicationUserManagedArgs.builder()\n .replicas(SecretReplicationUserManagedReplicaArgs.builder()\n .location(\"us-central1\")\n .build())\n .build())\n .build())\n .build());\n\n var webhookTriggerSecretKeyData = new SecretVersion(\"webhookTriggerSecretKeyData\", SecretVersionArgs.builder()\n .secret(webhookTriggerSecretKey.id())\n .secretData(\"secretkeygoeshere\")\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n final var secretAccessor = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(String.format(\"serviceAccount:service-%s@gcp-sa-cloudbuild.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder()\n .project(webhookTriggerSecretKey.project())\n .secretId(webhookTriggerSecretKey.secretId())\n .policyData(secretAccessor.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n var webhook_config_trigger = new Trigger(\"webhook-config-trigger\", TriggerArgs.builder()\n .name(\"webhook-trigger\")\n .description(\"acceptance test example webhook build trigger\")\n .webhookConfig(TriggerWebhookConfigArgs.builder()\n .secret(webhookTriggerSecretKeyData.id())\n .build())\n .sourceToBuild(TriggerSourceToBuildArgs.builder()\n .uri(\"https://hashicorp/terraform-provider-google-beta\")\n .ref(\"refs/heads/main\")\n .repoType(\"GITHUB\")\n .build())\n .gitFileSource(TriggerGitFileSourceArgs.builder()\n .path(\"cloudbuild.yaml\")\n .uri(\"https://hashicorp/terraform-provider-google-beta\")\n .revision(\"refs/heads/main\")\n .repoType(\"GITHUB\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n webhookTriggerSecretKey:\n type: gcp:secretmanager:Secret\n name: webhook_trigger_secret_key\n properties:\n secretId: webhook-trigger-secret-key\n replication:\n userManaged:\n replicas:\n - location: us-central1\n webhookTriggerSecretKeyData:\n type: gcp:secretmanager:SecretVersion\n name: webhook_trigger_secret_key_data\n properties:\n secret: ${webhookTriggerSecretKey.id}\n secretData: secretkeygoeshere\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${webhookTriggerSecretKey.project}\n secretId: ${webhookTriggerSecretKey.secretId}\n policyData: ${secretAccessor.policyData}\n webhook-config-trigger:\n type: gcp:cloudbuild:Trigger\n properties:\n name: webhook-trigger\n description: acceptance test example webhook build trigger\n webhookConfig:\n secret: ${webhookTriggerSecretKeyData.id}\n sourceToBuild:\n uri: https://hashicorp/terraform-provider-google-beta\n ref: refs/heads/main\n repoType: GITHUB\n gitFileSource:\n path: cloudbuild.yaml\n uri: https://hashicorp/terraform-provider-google-beta\n revision: refs/heads/main\n repoType: GITHUB\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n secretAccessor:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - serviceAccount:service-${project.number}@gcp-sa-cloudbuild.iam.gserviceaccount.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuild Trigger Manual\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst manual_trigger = new gcp.cloudbuild.Trigger(\"manual-trigger\", {\n name: \"manual-trigger\",\n sourceToBuild: {\n uri: \"https://hashicorp/terraform-provider-google-beta\",\n ref: \"refs/heads/main\",\n repoType: \"GITHUB\",\n },\n gitFileSource: {\n path: \"cloudbuild.yaml\",\n uri: \"https://hashicorp/terraform-provider-google-beta\",\n revision: \"refs/heads/main\",\n repoType: \"GITHUB\",\n },\n approvalConfig: {\n approvalRequired: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmanual_trigger = gcp.cloudbuild.Trigger(\"manual-trigger\",\n name=\"manual-trigger\",\n source_to_build={\n \"uri\": \"https://hashicorp/terraform-provider-google-beta\",\n \"ref\": \"refs/heads/main\",\n \"repo_type\": \"GITHUB\",\n },\n git_file_source={\n \"path\": \"cloudbuild.yaml\",\n \"uri\": \"https://hashicorp/terraform-provider-google-beta\",\n \"revision\": \"refs/heads/main\",\n \"repo_type\": \"GITHUB\",\n },\n approval_config={\n \"approval_required\": True,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var manual_trigger = new Gcp.CloudBuild.Trigger(\"manual-trigger\", new()\n {\n Name = \"manual-trigger\",\n SourceToBuild = new Gcp.CloudBuild.Inputs.TriggerSourceToBuildArgs\n {\n Uri = \"https://hashicorp/terraform-provider-google-beta\",\n Ref = \"refs/heads/main\",\n RepoType = \"GITHUB\",\n },\n GitFileSource = new Gcp.CloudBuild.Inputs.TriggerGitFileSourceArgs\n {\n Path = \"cloudbuild.yaml\",\n Uri = \"https://hashicorp/terraform-provider-google-beta\",\n Revision = \"refs/heads/main\",\n RepoType = \"GITHUB\",\n },\n ApprovalConfig = new Gcp.CloudBuild.Inputs.TriggerApprovalConfigArgs\n {\n ApprovalRequired = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuild.NewTrigger(ctx, \"manual-trigger\", \u0026cloudbuild.TriggerArgs{\n\t\t\tName: pulumi.String(\"manual-trigger\"),\n\t\t\tSourceToBuild: \u0026cloudbuild.TriggerSourceToBuildArgs{\n\t\t\t\tUri: pulumi.String(\"https://hashicorp/terraform-provider-google-beta\"),\n\t\t\t\tRef: pulumi.String(\"refs/heads/main\"),\n\t\t\t\tRepoType: pulumi.String(\"GITHUB\"),\n\t\t\t},\n\t\t\tGitFileSource: \u0026cloudbuild.TriggerGitFileSourceArgs{\n\t\t\t\tPath: pulumi.String(\"cloudbuild.yaml\"),\n\t\t\t\tUri: pulumi.String(\"https://hashicorp/terraform-provider-google-beta\"),\n\t\t\t\tRevision: pulumi.String(\"refs/heads/main\"),\n\t\t\t\tRepoType: pulumi.String(\"GITHUB\"),\n\t\t\t},\n\t\t\tApprovalConfig: \u0026cloudbuild.TriggerApprovalConfigArgs{\n\t\t\t\tApprovalRequired: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuild.Trigger;\nimport com.pulumi.gcp.cloudbuild.TriggerArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerSourceToBuildArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerGitFileSourceArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerApprovalConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var manual_trigger = new Trigger(\"manual-trigger\", TriggerArgs.builder()\n .name(\"manual-trigger\")\n .sourceToBuild(TriggerSourceToBuildArgs.builder()\n .uri(\"https://hashicorp/terraform-provider-google-beta\")\n .ref(\"refs/heads/main\")\n .repoType(\"GITHUB\")\n .build())\n .gitFileSource(TriggerGitFileSourceArgs.builder()\n .path(\"cloudbuild.yaml\")\n .uri(\"https://hashicorp/terraform-provider-google-beta\")\n .revision(\"refs/heads/main\")\n .repoType(\"GITHUB\")\n .build())\n .approvalConfig(TriggerApprovalConfigArgs.builder()\n .approvalRequired(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n manual-trigger:\n type: gcp:cloudbuild:Trigger\n properties:\n name: manual-trigger\n sourceToBuild:\n uri: https://hashicorp/terraform-provider-google-beta\n ref: refs/heads/main\n repoType: GITHUB\n gitFileSource:\n path: cloudbuild.yaml\n uri: https://hashicorp/terraform-provider-google-beta\n revision: refs/heads/main\n repoType: GITHUB\n approvalConfig:\n approvalRequired: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuild Trigger Manual Github Enterprise\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst manual_ghe_trigger = new gcp.cloudbuild.Trigger(\"manual-ghe-trigger\", {\n name: \"\",\n sourceToBuild: {\n uri: \"https://hashicorp/terraform-provider-google-beta\",\n ref: \"refs/heads/main\",\n repoType: \"GITHUB\",\n githubEnterpriseConfig: \"projects/myProject/locations/global/githubEnterpriseConfigs/configID\",\n },\n gitFileSource: {\n path: \"cloudbuild.yaml\",\n uri: \"https://hashicorp/terraform-provider-google-beta\",\n revision: \"refs/heads/main\",\n repoType: \"GITHUB\",\n githubEnterpriseConfig: \"projects/myProject/locations/global/githubEnterpriseConfigs/configID\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmanual_ghe_trigger = gcp.cloudbuild.Trigger(\"manual-ghe-trigger\",\n name=\"\",\n source_to_build={\n \"uri\": \"https://hashicorp/terraform-provider-google-beta\",\n \"ref\": \"refs/heads/main\",\n \"repo_type\": \"GITHUB\",\n \"github_enterprise_config\": \"projects/myProject/locations/global/githubEnterpriseConfigs/configID\",\n },\n git_file_source={\n \"path\": \"cloudbuild.yaml\",\n \"uri\": \"https://hashicorp/terraform-provider-google-beta\",\n \"revision\": \"refs/heads/main\",\n \"repo_type\": \"GITHUB\",\n \"github_enterprise_config\": \"projects/myProject/locations/global/githubEnterpriseConfigs/configID\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var manual_ghe_trigger = new Gcp.CloudBuild.Trigger(\"manual-ghe-trigger\", new()\n {\n Name = \"\",\n SourceToBuild = new Gcp.CloudBuild.Inputs.TriggerSourceToBuildArgs\n {\n Uri = \"https://hashicorp/terraform-provider-google-beta\",\n Ref = \"refs/heads/main\",\n RepoType = \"GITHUB\",\n GithubEnterpriseConfig = \"projects/myProject/locations/global/githubEnterpriseConfigs/configID\",\n },\n GitFileSource = new Gcp.CloudBuild.Inputs.TriggerGitFileSourceArgs\n {\n Path = \"cloudbuild.yaml\",\n Uri = \"https://hashicorp/terraform-provider-google-beta\",\n Revision = \"refs/heads/main\",\n RepoType = \"GITHUB\",\n GithubEnterpriseConfig = \"projects/myProject/locations/global/githubEnterpriseConfigs/configID\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuild.NewTrigger(ctx, \"manual-ghe-trigger\", \u0026cloudbuild.TriggerArgs{\n\t\t\tName: pulumi.String(\"\"),\n\t\t\tSourceToBuild: \u0026cloudbuild.TriggerSourceToBuildArgs{\n\t\t\t\tUri: pulumi.String(\"https://hashicorp/terraform-provider-google-beta\"),\n\t\t\t\tRef: pulumi.String(\"refs/heads/main\"),\n\t\t\t\tRepoType: pulumi.String(\"GITHUB\"),\n\t\t\t\tGithubEnterpriseConfig: pulumi.String(\"projects/myProject/locations/global/githubEnterpriseConfigs/configID\"),\n\t\t\t},\n\t\t\tGitFileSource: \u0026cloudbuild.TriggerGitFileSourceArgs{\n\t\t\t\tPath: pulumi.String(\"cloudbuild.yaml\"),\n\t\t\t\tUri: pulumi.String(\"https://hashicorp/terraform-provider-google-beta\"),\n\t\t\t\tRevision: pulumi.String(\"refs/heads/main\"),\n\t\t\t\tRepoType: pulumi.String(\"GITHUB\"),\n\t\t\t\tGithubEnterpriseConfig: pulumi.String(\"projects/myProject/locations/global/githubEnterpriseConfigs/configID\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuild.Trigger;\nimport com.pulumi.gcp.cloudbuild.TriggerArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerSourceToBuildArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerGitFileSourceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var manual_ghe_trigger = new Trigger(\"manual-ghe-trigger\", TriggerArgs.builder()\n .name(\"\")\n .sourceToBuild(TriggerSourceToBuildArgs.builder()\n .uri(\"https://hashicorp/terraform-provider-google-beta\")\n .ref(\"refs/heads/main\")\n .repoType(\"GITHUB\")\n .githubEnterpriseConfig(\"projects/myProject/locations/global/githubEnterpriseConfigs/configID\")\n .build())\n .gitFileSource(TriggerGitFileSourceArgs.builder()\n .path(\"cloudbuild.yaml\")\n .uri(\"https://hashicorp/terraform-provider-google-beta\")\n .revision(\"refs/heads/main\")\n .repoType(\"GITHUB\")\n .githubEnterpriseConfig(\"projects/myProject/locations/global/githubEnterpriseConfigs/configID\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n manual-ghe-trigger:\n type: gcp:cloudbuild:Trigger\n properties:\n name:\n sourceToBuild:\n uri: https://hashicorp/terraform-provider-google-beta\n ref: refs/heads/main\n repoType: GITHUB\n githubEnterpriseConfig: projects/myProject/locations/global/githubEnterpriseConfigs/configID\n gitFileSource:\n path: cloudbuild.yaml\n uri: https://hashicorp/terraform-provider-google-beta\n revision: refs/heads/main\n repoType: GITHUB\n githubEnterpriseConfig: projects/myProject/locations/global/githubEnterpriseConfigs/configID\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuild Trigger Manual Bitbucket Server\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst manual_bitbucket_trigger = new gcp.cloudbuild.Trigger(\"manual-bitbucket-trigger\", {\n name: \"terraform-manual-bbs-trigger\",\n sourceToBuild: {\n uri: \"https://bbs.com/scm/stag/test-repo.git\",\n ref: \"refs/heads/main\",\n repoType: \"BITBUCKET_SERVER\",\n bitbucketServerConfig: \"projects/myProject/locations/global/bitbucketServerConfigs/configID\",\n },\n gitFileSource: {\n path: \"cloudbuild.yaml\",\n uri: \"https://bbs.com/scm/stag/test-repo.git\",\n revision: \"refs/heads/main\",\n repoType: \"BITBUCKET_SERVER\",\n bitbucketServerConfig: \"projects/myProject/locations/global/bitbucketServerConfigs/configID\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmanual_bitbucket_trigger = gcp.cloudbuild.Trigger(\"manual-bitbucket-trigger\",\n name=\"terraform-manual-bbs-trigger\",\n source_to_build={\n \"uri\": \"https://bbs.com/scm/stag/test-repo.git\",\n \"ref\": \"refs/heads/main\",\n \"repo_type\": \"BITBUCKET_SERVER\",\n \"bitbucket_server_config\": \"projects/myProject/locations/global/bitbucketServerConfigs/configID\",\n },\n git_file_source={\n \"path\": \"cloudbuild.yaml\",\n \"uri\": \"https://bbs.com/scm/stag/test-repo.git\",\n \"revision\": \"refs/heads/main\",\n \"repo_type\": \"BITBUCKET_SERVER\",\n \"bitbucket_server_config\": \"projects/myProject/locations/global/bitbucketServerConfigs/configID\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var manual_bitbucket_trigger = new Gcp.CloudBuild.Trigger(\"manual-bitbucket-trigger\", new()\n {\n Name = \"terraform-manual-bbs-trigger\",\n SourceToBuild = new Gcp.CloudBuild.Inputs.TriggerSourceToBuildArgs\n {\n Uri = \"https://bbs.com/scm/stag/test-repo.git\",\n Ref = \"refs/heads/main\",\n RepoType = \"BITBUCKET_SERVER\",\n BitbucketServerConfig = \"projects/myProject/locations/global/bitbucketServerConfigs/configID\",\n },\n GitFileSource = new Gcp.CloudBuild.Inputs.TriggerGitFileSourceArgs\n {\n Path = \"cloudbuild.yaml\",\n Uri = \"https://bbs.com/scm/stag/test-repo.git\",\n Revision = \"refs/heads/main\",\n RepoType = \"BITBUCKET_SERVER\",\n BitbucketServerConfig = \"projects/myProject/locations/global/bitbucketServerConfigs/configID\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuild.NewTrigger(ctx, \"manual-bitbucket-trigger\", \u0026cloudbuild.TriggerArgs{\n\t\t\tName: pulumi.String(\"terraform-manual-bbs-trigger\"),\n\t\t\tSourceToBuild: \u0026cloudbuild.TriggerSourceToBuildArgs{\n\t\t\t\tUri: pulumi.String(\"https://bbs.com/scm/stag/test-repo.git\"),\n\t\t\t\tRef: pulumi.String(\"refs/heads/main\"),\n\t\t\t\tRepoType: pulumi.String(\"BITBUCKET_SERVER\"),\n\t\t\t\tBitbucketServerConfig: pulumi.String(\"projects/myProject/locations/global/bitbucketServerConfigs/configID\"),\n\t\t\t},\n\t\t\tGitFileSource: \u0026cloudbuild.TriggerGitFileSourceArgs{\n\t\t\t\tPath: pulumi.String(\"cloudbuild.yaml\"),\n\t\t\t\tUri: pulumi.String(\"https://bbs.com/scm/stag/test-repo.git\"),\n\t\t\t\tRevision: pulumi.String(\"refs/heads/main\"),\n\t\t\t\tRepoType: pulumi.String(\"BITBUCKET_SERVER\"),\n\t\t\t\tBitbucketServerConfig: pulumi.String(\"projects/myProject/locations/global/bitbucketServerConfigs/configID\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuild.Trigger;\nimport com.pulumi.gcp.cloudbuild.TriggerArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerSourceToBuildArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerGitFileSourceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var manual_bitbucket_trigger = new Trigger(\"manual-bitbucket-trigger\", TriggerArgs.builder()\n .name(\"terraform-manual-bbs-trigger\")\n .sourceToBuild(TriggerSourceToBuildArgs.builder()\n .uri(\"https://bbs.com/scm/stag/test-repo.git\")\n .ref(\"refs/heads/main\")\n .repoType(\"BITBUCKET_SERVER\")\n .bitbucketServerConfig(\"projects/myProject/locations/global/bitbucketServerConfigs/configID\")\n .build())\n .gitFileSource(TriggerGitFileSourceArgs.builder()\n .path(\"cloudbuild.yaml\")\n .uri(\"https://bbs.com/scm/stag/test-repo.git\")\n .revision(\"refs/heads/main\")\n .repoType(\"BITBUCKET_SERVER\")\n .bitbucketServerConfig(\"projects/myProject/locations/global/bitbucketServerConfigs/configID\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n manual-bitbucket-trigger:\n type: gcp:cloudbuild:Trigger\n properties:\n name: terraform-manual-bbs-trigger\n sourceToBuild:\n uri: https://bbs.com/scm/stag/test-repo.git\n ref: refs/heads/main\n repoType: BITBUCKET_SERVER\n bitbucketServerConfig: projects/myProject/locations/global/bitbucketServerConfigs/configID\n gitFileSource:\n path: cloudbuild.yaml\n uri: https://bbs.com/scm/stag/test-repo.git\n revision: refs/heads/main\n repoType: BITBUCKET_SERVER\n bitbucketServerConfig: projects/myProject/locations/global/bitbucketServerConfigs/configID\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuild Trigger Repo\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_connection = new gcp.cloudbuildv2.Connection(\"my-connection\", {\n location: \"us-central1\",\n name: \"my-connection\",\n githubConfig: {\n appInstallationId: 123123,\n authorizerCredential: {\n oauthTokenSecretVersion: \"projects/my-project/secrets/github-pat-secret/versions/latest\",\n },\n },\n});\nconst my_repository = new gcp.cloudbuildv2.Repository(\"my-repository\", {\n name: \"my-repo\",\n parentConnection: my_connection.id,\n remoteUri: \"https://github.com/myuser/my-repo.git\",\n});\nconst repo_trigger = new gcp.cloudbuild.Trigger(\"repo-trigger\", {\n location: \"us-central1\",\n repositoryEventConfig: {\n repository: my_repository.id,\n push: {\n branch: \"feature-.*\",\n },\n },\n filename: \"cloudbuild.yaml\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_connection = gcp.cloudbuildv2.Connection(\"my-connection\",\n location=\"us-central1\",\n name=\"my-connection\",\n github_config={\n \"app_installation_id\": 123123,\n \"authorizer_credential\": {\n \"oauth_token_secret_version\": \"projects/my-project/secrets/github-pat-secret/versions/latest\",\n },\n })\nmy_repository = gcp.cloudbuildv2.Repository(\"my-repository\",\n name=\"my-repo\",\n parent_connection=my_connection.id,\n remote_uri=\"https://github.com/myuser/my-repo.git\")\nrepo_trigger = gcp.cloudbuild.Trigger(\"repo-trigger\",\n location=\"us-central1\",\n repository_event_config={\n \"repository\": my_repository.id,\n \"push\": {\n \"branch\": \"feature-.*\",\n },\n },\n filename=\"cloudbuild.yaml\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_connection = new Gcp.CloudBuildV2.Connection(\"my-connection\", new()\n {\n Location = \"us-central1\",\n Name = \"my-connection\",\n GithubConfig = new Gcp.CloudBuildV2.Inputs.ConnectionGithubConfigArgs\n {\n AppInstallationId = 123123,\n AuthorizerCredential = new Gcp.CloudBuildV2.Inputs.ConnectionGithubConfigAuthorizerCredentialArgs\n {\n OauthTokenSecretVersion = \"projects/my-project/secrets/github-pat-secret/versions/latest\",\n },\n },\n });\n\n var my_repository = new Gcp.CloudBuildV2.Repository(\"my-repository\", new()\n {\n Name = \"my-repo\",\n ParentConnection = my_connection.Id,\n RemoteUri = \"https://github.com/myuser/my-repo.git\",\n });\n\n var repo_trigger = new Gcp.CloudBuild.Trigger(\"repo-trigger\", new()\n {\n Location = \"us-central1\",\n RepositoryEventConfig = new Gcp.CloudBuild.Inputs.TriggerRepositoryEventConfigArgs\n {\n Repository = my_repository.Id,\n Push = new Gcp.CloudBuild.Inputs.TriggerRepositoryEventConfigPushArgs\n {\n Branch = \"feature-.*\",\n },\n },\n Filename = \"cloudbuild.yaml\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnection(ctx, \"my-connection\", \u0026cloudbuildv2.ConnectionArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"my-connection\"),\n\t\t\tGithubConfig: \u0026cloudbuildv2.ConnectionGithubConfigArgs{\n\t\t\t\tAppInstallationId: pulumi.Int(123123),\n\t\t\t\tAuthorizerCredential: \u0026cloudbuildv2.ConnectionGithubConfigAuthorizerCredentialArgs{\n\t\t\t\t\tOauthTokenSecretVersion: pulumi.String(\"projects/my-project/secrets/github-pat-secret/versions/latest\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewRepository(ctx, \"my-repository\", \u0026cloudbuildv2.RepositoryArgs{\n\t\t\tName: pulumi.String(\"my-repo\"),\n\t\t\tParentConnection: my_connection.ID(),\n\t\t\tRemoteUri: pulumi.String(\"https://github.com/myuser/my-repo.git\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuild.NewTrigger(ctx, \"repo-trigger\", \u0026cloudbuild.TriggerArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryEventConfig: \u0026cloudbuild.TriggerRepositoryEventConfigArgs{\n\t\t\t\tRepository: my_repository.ID(),\n\t\t\t\tPush: \u0026cloudbuild.TriggerRepositoryEventConfigPushArgs{\n\t\t\t\t\tBranch: pulumi.String(\"feature-.*\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tFilename: pulumi.String(\"cloudbuild.yaml\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.Connection;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionArgs;\nimport com.pulumi.gcp.cloudbuildv2.inputs.ConnectionGithubConfigArgs;\nimport com.pulumi.gcp.cloudbuildv2.inputs.ConnectionGithubConfigAuthorizerCredentialArgs;\nimport com.pulumi.gcp.cloudbuildv2.Repository;\nimport com.pulumi.gcp.cloudbuildv2.RepositoryArgs;\nimport com.pulumi.gcp.cloudbuild.Trigger;\nimport com.pulumi.gcp.cloudbuild.TriggerArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerRepositoryEventConfigArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerRepositoryEventConfigPushArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_connection = new Connection(\"my-connection\", ConnectionArgs.builder()\n .location(\"us-central1\")\n .name(\"my-connection\")\n .githubConfig(ConnectionGithubConfigArgs.builder()\n .appInstallationId(123123)\n .authorizerCredential(ConnectionGithubConfigAuthorizerCredentialArgs.builder()\n .oauthTokenSecretVersion(\"projects/my-project/secrets/github-pat-secret/versions/latest\")\n .build())\n .build())\n .build());\n\n var my_repository = new Repository(\"my-repository\", RepositoryArgs.builder()\n .name(\"my-repo\")\n .parentConnection(my_connection.id())\n .remoteUri(\"https://github.com/myuser/my-repo.git\")\n .build());\n\n var repo_trigger = new Trigger(\"repo-trigger\", TriggerArgs.builder()\n .location(\"us-central1\")\n .repositoryEventConfig(TriggerRepositoryEventConfigArgs.builder()\n .repository(my_repository.id())\n .push(TriggerRepositoryEventConfigPushArgs.builder()\n .branch(\"feature-.*\")\n .build())\n .build())\n .filename(\"cloudbuild.yaml\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-connection:\n type: gcp:cloudbuildv2:Connection\n properties:\n location: us-central1\n name: my-connection\n githubConfig:\n appInstallationId: 123123\n authorizerCredential:\n oauthTokenSecretVersion: projects/my-project/secrets/github-pat-secret/versions/latest\n my-repository:\n type: gcp:cloudbuildv2:Repository\n properties:\n name: my-repo\n parentConnection: ${[\"my-connection\"].id}\n remoteUri: https://github.com/myuser/my-repo.git\n repo-trigger:\n type: gcp:cloudbuild:Trigger\n properties:\n location: us-central1\n repositoryEventConfig:\n repository: ${[\"my-repository\"].id}\n push:\n branch: feature-.*\n filename: cloudbuild.yaml\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuild Trigger Bitbucket Server Push\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst bbs_push_trigger = new gcp.cloudbuild.Trigger(\"bbs-push-trigger\", {\n name: \"bbs-push-trigger\",\n location: \"us-central1\",\n bitbucketServerTriggerConfig: {\n repoSlug: \"bbs-push-trigger\",\n projectKey: \"STAG\",\n bitbucketServerConfigResource: \"projects/123456789/locations/us-central1/bitbucketServerConfigs/myBitbucketConfig\",\n push: {\n tag: \"^0.1.*\",\n invertRegex: true,\n },\n },\n filename: \"cloudbuild.yaml\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbbs_push_trigger = gcp.cloudbuild.Trigger(\"bbs-push-trigger\",\n name=\"bbs-push-trigger\",\n location=\"us-central1\",\n bitbucket_server_trigger_config={\n \"repo_slug\": \"bbs-push-trigger\",\n \"project_key\": \"STAG\",\n \"bitbucket_server_config_resource\": \"projects/123456789/locations/us-central1/bitbucketServerConfigs/myBitbucketConfig\",\n \"push\": {\n \"tag\": \"^0.1.*\",\n \"invert_regex\": True,\n },\n },\n filename=\"cloudbuild.yaml\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bbs_push_trigger = new Gcp.CloudBuild.Trigger(\"bbs-push-trigger\", new()\n {\n Name = \"bbs-push-trigger\",\n Location = \"us-central1\",\n BitbucketServerTriggerConfig = new Gcp.CloudBuild.Inputs.TriggerBitbucketServerTriggerConfigArgs\n {\n RepoSlug = \"bbs-push-trigger\",\n ProjectKey = \"STAG\",\n BitbucketServerConfigResource = \"projects/123456789/locations/us-central1/bitbucketServerConfigs/myBitbucketConfig\",\n Push = new Gcp.CloudBuild.Inputs.TriggerBitbucketServerTriggerConfigPushArgs\n {\n Tag = \"^0.1.*\",\n InvertRegex = true,\n },\n },\n Filename = \"cloudbuild.yaml\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuild.NewTrigger(ctx, \"bbs-push-trigger\", \u0026cloudbuild.TriggerArgs{\n\t\t\tName: pulumi.String(\"bbs-push-trigger\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBitbucketServerTriggerConfig: \u0026cloudbuild.TriggerBitbucketServerTriggerConfigArgs{\n\t\t\t\tRepoSlug: pulumi.String(\"bbs-push-trigger\"),\n\t\t\t\tProjectKey: pulumi.String(\"STAG\"),\n\t\t\t\tBitbucketServerConfigResource: pulumi.String(\"projects/123456789/locations/us-central1/bitbucketServerConfigs/myBitbucketConfig\"),\n\t\t\t\tPush: \u0026cloudbuild.TriggerBitbucketServerTriggerConfigPushArgs{\n\t\t\t\t\tTag: pulumi.String(\"^0.1.*\"),\n\t\t\t\t\tInvertRegex: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tFilename: pulumi.String(\"cloudbuild.yaml\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuild.Trigger;\nimport com.pulumi.gcp.cloudbuild.TriggerArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBitbucketServerTriggerConfigArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBitbucketServerTriggerConfigPushArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bbs_push_trigger = new Trigger(\"bbs-push-trigger\", TriggerArgs.builder()\n .name(\"bbs-push-trigger\")\n .location(\"us-central1\")\n .bitbucketServerTriggerConfig(TriggerBitbucketServerTriggerConfigArgs.builder()\n .repoSlug(\"bbs-push-trigger\")\n .projectKey(\"STAG\")\n .bitbucketServerConfigResource(\"projects/123456789/locations/us-central1/bitbucketServerConfigs/myBitbucketConfig\")\n .push(TriggerBitbucketServerTriggerConfigPushArgs.builder()\n .tag(\"^0.1.*\")\n .invertRegex(true)\n .build())\n .build())\n .filename(\"cloudbuild.yaml\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bbs-push-trigger:\n type: gcp:cloudbuild:Trigger\n properties:\n name: bbs-push-trigger\n location: us-central1\n bitbucketServerTriggerConfig:\n repoSlug: bbs-push-trigger\n projectKey: STAG\n bitbucketServerConfigResource: projects/123456789/locations/us-central1/bitbucketServerConfigs/myBitbucketConfig\n push:\n tag: ^0.1.*\n invertRegex: true\n filename: cloudbuild.yaml\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuild Trigger Bitbucket Server Pull Request\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst bbs_pull_request_trigger = new gcp.cloudbuild.Trigger(\"bbs-pull-request-trigger\", {\n name: \"ghe-trigger\",\n location: \"us-central1\",\n bitbucketServerTriggerConfig: {\n repoSlug: \"terraform-provider-google\",\n projectKey: \"STAG\",\n bitbucketServerConfigResource: \"projects/123456789/locations/us-central1/bitbucketServerConfigs/myBitbucketConfig\",\n pullRequest: {\n branch: \"^master$\",\n invertRegex: false,\n commentControl: \"COMMENTS_ENABLED\",\n },\n },\n filename: \"cloudbuild.yaml\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbbs_pull_request_trigger = gcp.cloudbuild.Trigger(\"bbs-pull-request-trigger\",\n name=\"ghe-trigger\",\n location=\"us-central1\",\n bitbucket_server_trigger_config={\n \"repo_slug\": \"terraform-provider-google\",\n \"project_key\": \"STAG\",\n \"bitbucket_server_config_resource\": \"projects/123456789/locations/us-central1/bitbucketServerConfigs/myBitbucketConfig\",\n \"pull_request\": {\n \"branch\": \"^master$\",\n \"invert_regex\": False,\n \"comment_control\": \"COMMENTS_ENABLED\",\n },\n },\n filename=\"cloudbuild.yaml\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bbs_pull_request_trigger = new Gcp.CloudBuild.Trigger(\"bbs-pull-request-trigger\", new()\n {\n Name = \"ghe-trigger\",\n Location = \"us-central1\",\n BitbucketServerTriggerConfig = new Gcp.CloudBuild.Inputs.TriggerBitbucketServerTriggerConfigArgs\n {\n RepoSlug = \"terraform-provider-google\",\n ProjectKey = \"STAG\",\n BitbucketServerConfigResource = \"projects/123456789/locations/us-central1/bitbucketServerConfigs/myBitbucketConfig\",\n PullRequest = new Gcp.CloudBuild.Inputs.TriggerBitbucketServerTriggerConfigPullRequestArgs\n {\n Branch = \"^master$\",\n InvertRegex = false,\n CommentControl = \"COMMENTS_ENABLED\",\n },\n },\n Filename = \"cloudbuild.yaml\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuild.NewTrigger(ctx, \"bbs-pull-request-trigger\", \u0026cloudbuild.TriggerArgs{\n\t\t\tName: pulumi.String(\"ghe-trigger\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBitbucketServerTriggerConfig: \u0026cloudbuild.TriggerBitbucketServerTriggerConfigArgs{\n\t\t\t\tRepoSlug: pulumi.String(\"terraform-provider-google\"),\n\t\t\t\tProjectKey: pulumi.String(\"STAG\"),\n\t\t\t\tBitbucketServerConfigResource: pulumi.String(\"projects/123456789/locations/us-central1/bitbucketServerConfigs/myBitbucketConfig\"),\n\t\t\t\tPullRequest: \u0026cloudbuild.TriggerBitbucketServerTriggerConfigPullRequestArgs{\n\t\t\t\t\tBranch: pulumi.String(\"^master$\"),\n\t\t\t\t\tInvertRegex: pulumi.Bool(false),\n\t\t\t\t\tCommentControl: pulumi.String(\"COMMENTS_ENABLED\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tFilename: pulumi.String(\"cloudbuild.yaml\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuild.Trigger;\nimport com.pulumi.gcp.cloudbuild.TriggerArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBitbucketServerTriggerConfigArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBitbucketServerTriggerConfigPullRequestArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bbs_pull_request_trigger = new Trigger(\"bbs-pull-request-trigger\", TriggerArgs.builder()\n .name(\"ghe-trigger\")\n .location(\"us-central1\")\n .bitbucketServerTriggerConfig(TriggerBitbucketServerTriggerConfigArgs.builder()\n .repoSlug(\"terraform-provider-google\")\n .projectKey(\"STAG\")\n .bitbucketServerConfigResource(\"projects/123456789/locations/us-central1/bitbucketServerConfigs/myBitbucketConfig\")\n .pullRequest(TriggerBitbucketServerTriggerConfigPullRequestArgs.builder()\n .branch(\"^master$\")\n .invertRegex(false)\n .commentControl(\"COMMENTS_ENABLED\")\n .build())\n .build())\n .filename(\"cloudbuild.yaml\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bbs-pull-request-trigger:\n type: gcp:cloudbuild:Trigger\n properties:\n name: ghe-trigger\n location: us-central1\n bitbucketServerTriggerConfig:\n repoSlug: terraform-provider-google\n projectKey: STAG\n bitbucketServerConfigResource: projects/123456789/locations/us-central1/bitbucketServerConfigs/myBitbucketConfig\n pullRequest:\n branch: ^master$\n invertRegex: false\n commentControl: COMMENTS_ENABLED\n filename: cloudbuild.yaml\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuild Trigger Github Enterprise\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst ghe_trigger = new gcp.cloudbuild.Trigger(\"ghe-trigger\", {\n name: \"ghe-trigger\",\n location: \"us-central1\",\n github: {\n owner: \"hashicorp\",\n name: \"terraform-provider-google\",\n push: {\n branch: \"^main$\",\n },\n enterpriseConfigResourceName: \"projects/123456789/locations/us-central1/githubEnterpriseConfigs/configID\",\n },\n filename: \"cloudbuild.yaml\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nghe_trigger = gcp.cloudbuild.Trigger(\"ghe-trigger\",\n name=\"ghe-trigger\",\n location=\"us-central1\",\n github={\n \"owner\": \"hashicorp\",\n \"name\": \"terraform-provider-google\",\n \"push\": {\n \"branch\": \"^main$\",\n },\n \"enterprise_config_resource_name\": \"projects/123456789/locations/us-central1/githubEnterpriseConfigs/configID\",\n },\n filename=\"cloudbuild.yaml\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ghe_trigger = new Gcp.CloudBuild.Trigger(\"ghe-trigger\", new()\n {\n Name = \"ghe-trigger\",\n Location = \"us-central1\",\n Github = new Gcp.CloudBuild.Inputs.TriggerGithubArgs\n {\n Owner = \"hashicorp\",\n Name = \"terraform-provider-google\",\n Push = new Gcp.CloudBuild.Inputs.TriggerGithubPushArgs\n {\n Branch = \"^main$\",\n },\n EnterpriseConfigResourceName = \"projects/123456789/locations/us-central1/githubEnterpriseConfigs/configID\",\n },\n Filename = \"cloudbuild.yaml\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuild.NewTrigger(ctx, \"ghe-trigger\", \u0026cloudbuild.TriggerArgs{\n\t\t\tName: pulumi.String(\"ghe-trigger\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tGithub: \u0026cloudbuild.TriggerGithubArgs{\n\t\t\t\tOwner: pulumi.String(\"hashicorp\"),\n\t\t\t\tName: pulumi.String(\"terraform-provider-google\"),\n\t\t\t\tPush: \u0026cloudbuild.TriggerGithubPushArgs{\n\t\t\t\t\tBranch: pulumi.String(\"^main$\"),\n\t\t\t\t},\n\t\t\t\tEnterpriseConfigResourceName: pulumi.String(\"projects/123456789/locations/us-central1/githubEnterpriseConfigs/configID\"),\n\t\t\t},\n\t\t\tFilename: pulumi.String(\"cloudbuild.yaml\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuild.Trigger;\nimport com.pulumi.gcp.cloudbuild.TriggerArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerGithubArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerGithubPushArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var ghe_trigger = new Trigger(\"ghe-trigger\", TriggerArgs.builder()\n .name(\"ghe-trigger\")\n .location(\"us-central1\")\n .github(TriggerGithubArgs.builder()\n .owner(\"hashicorp\")\n .name(\"terraform-provider-google\")\n .push(TriggerGithubPushArgs.builder()\n .branch(\"^main$\")\n .build())\n .enterpriseConfigResourceName(\"projects/123456789/locations/us-central1/githubEnterpriseConfigs/configID\")\n .build())\n .filename(\"cloudbuild.yaml\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n ghe-trigger:\n type: gcp:cloudbuild:Trigger\n properties:\n name: ghe-trigger\n location: us-central1\n github:\n owner: hashicorp\n name: terraform-provider-google\n push:\n branch: ^main$\n enterpriseConfigResourceName: projects/123456789/locations/us-central1/githubEnterpriseConfigs/configID\n filename: cloudbuild.yaml\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuild Trigger Allow Failure\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst allow_failure_trigger = new gcp.cloudbuild.Trigger(\"allow-failure-trigger\", {\n name: \"my-trigger\",\n location: \"global\",\n triggerTemplate: {\n branchName: \"main\",\n repoName: \"my-repo\",\n },\n build: {\n steps: [{\n name: \"ubuntu\",\n args: [\n \"-c\",\n \"exit 1\",\n ],\n allowFailure: true,\n }],\n source: {\n storageSource: {\n bucket: \"mybucket\",\n object: \"source_code.tar.gz\",\n },\n },\n tags: [\n \"build\",\n \"newFeature\",\n ],\n substitutions: {\n _FOO: \"bar\",\n _BAZ: \"qux\",\n },\n queueTtl: \"20s\",\n logsBucket: \"gs://mybucket/logs\",\n secrets: [{\n kmsKeyName: \"projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\",\n secretEnv: {\n PASSWORD: \"ZW5jcnlwdGVkLXBhc3N3b3JkCg==\",\n },\n }],\n availableSecrets: {\n secretManagers: [{\n env: \"MY_SECRET\",\n versionName: \"projects/myProject/secrets/mySecret/versions/latest\",\n }],\n },\n artifacts: {\n images: [\"gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\"],\n objects: {\n location: \"gs://bucket/path/to/somewhere/\",\n paths: [\"path\"],\n },\n },\n options: {\n sourceProvenanceHashes: [\"MD5\"],\n requestedVerifyOption: \"VERIFIED\",\n machineType: \"N1_HIGHCPU_8\",\n diskSizeGb: 100,\n substitutionOption: \"ALLOW_LOOSE\",\n dynamicSubstitutions: true,\n logStreamingOption: \"STREAM_OFF\",\n workerPool: \"pool\",\n logging: \"LEGACY\",\n envs: [\"ekey = evalue\"],\n secretEnvs: [\"secretenv = svalue\"],\n volumes: [{\n name: \"v1\",\n path: \"v1\",\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nallow_failure_trigger = gcp.cloudbuild.Trigger(\"allow-failure-trigger\",\n name=\"my-trigger\",\n location=\"global\",\n trigger_template={\n \"branch_name\": \"main\",\n \"repo_name\": \"my-repo\",\n },\n build={\n \"steps\": [{\n \"name\": \"ubuntu\",\n \"args\": [\n \"-c\",\n \"exit 1\",\n ],\n \"allow_failure\": True,\n }],\n \"source\": {\n \"storage_source\": {\n \"bucket\": \"mybucket\",\n \"object\": \"source_code.tar.gz\",\n },\n },\n \"tags\": [\n \"build\",\n \"newFeature\",\n ],\n \"substitutions\": {\n \"_FOO\": \"bar\",\n \"_BAZ\": \"qux\",\n },\n \"queue_ttl\": \"20s\",\n \"logs_bucket\": \"gs://mybucket/logs\",\n \"secrets\": [{\n \"kms_key_name\": \"projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\",\n \"secret_env\": {\n \"PASSWORD\": \"ZW5jcnlwdGVkLXBhc3N3b3JkCg==\",\n },\n }],\n \"available_secrets\": {\n \"secret_managers\": [{\n \"env\": \"MY_SECRET\",\n \"version_name\": \"projects/myProject/secrets/mySecret/versions/latest\",\n }],\n },\n \"artifacts\": {\n \"images\": [\"gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\"],\n \"objects\": {\n \"location\": \"gs://bucket/path/to/somewhere/\",\n \"paths\": [\"path\"],\n },\n },\n \"options\": {\n \"source_provenance_hashes\": [\"MD5\"],\n \"requested_verify_option\": \"VERIFIED\",\n \"machine_type\": \"N1_HIGHCPU_8\",\n \"disk_size_gb\": 100,\n \"substitution_option\": \"ALLOW_LOOSE\",\n \"dynamic_substitutions\": True,\n \"log_streaming_option\": \"STREAM_OFF\",\n \"worker_pool\": \"pool\",\n \"logging\": \"LEGACY\",\n \"envs\": [\"ekey = evalue\"],\n \"secret_envs\": [\"secretenv = svalue\"],\n \"volumes\": [{\n \"name\": \"v1\",\n \"path\": \"v1\",\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var allow_failure_trigger = new Gcp.CloudBuild.Trigger(\"allow-failure-trigger\", new()\n {\n Name = \"my-trigger\",\n Location = \"global\",\n TriggerTemplate = new Gcp.CloudBuild.Inputs.TriggerTriggerTemplateArgs\n {\n BranchName = \"main\",\n RepoName = \"my-repo\",\n },\n Build = new Gcp.CloudBuild.Inputs.TriggerBuildArgs\n {\n Steps = new[]\n {\n new Gcp.CloudBuild.Inputs.TriggerBuildStepArgs\n {\n Name = \"ubuntu\",\n Args = new[]\n {\n \"-c\",\n \"exit 1\",\n },\n AllowFailure = true,\n },\n },\n Source = new Gcp.CloudBuild.Inputs.TriggerBuildSourceArgs\n {\n StorageSource = new Gcp.CloudBuild.Inputs.TriggerBuildSourceStorageSourceArgs\n {\n Bucket = \"mybucket\",\n Object = \"source_code.tar.gz\",\n },\n },\n Tags = new[]\n {\n \"build\",\n \"newFeature\",\n },\n Substitutions = \n {\n { \"_FOO\", \"bar\" },\n { \"_BAZ\", \"qux\" },\n },\n QueueTtl = \"20s\",\n LogsBucket = \"gs://mybucket/logs\",\n Secrets = new[]\n {\n new Gcp.CloudBuild.Inputs.TriggerBuildSecretArgs\n {\n KmsKeyName = \"projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\",\n SecretEnv = \n {\n { \"PASSWORD\", \"ZW5jcnlwdGVkLXBhc3N3b3JkCg==\" },\n },\n },\n },\n AvailableSecrets = new Gcp.CloudBuild.Inputs.TriggerBuildAvailableSecretsArgs\n {\n SecretManagers = new[]\n {\n new Gcp.CloudBuild.Inputs.TriggerBuildAvailableSecretsSecretManagerArgs\n {\n Env = \"MY_SECRET\",\n VersionName = \"projects/myProject/secrets/mySecret/versions/latest\",\n },\n },\n },\n Artifacts = new Gcp.CloudBuild.Inputs.TriggerBuildArtifactsArgs\n {\n Images = new[]\n {\n \"gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\",\n },\n Objects = new Gcp.CloudBuild.Inputs.TriggerBuildArtifactsObjectsArgs\n {\n Location = \"gs://bucket/path/to/somewhere/\",\n Paths = new[]\n {\n \"path\",\n },\n },\n },\n Options = new Gcp.CloudBuild.Inputs.TriggerBuildOptionsArgs\n {\n SourceProvenanceHashes = new[]\n {\n \"MD5\",\n },\n RequestedVerifyOption = \"VERIFIED\",\n MachineType = \"N1_HIGHCPU_8\",\n DiskSizeGb = 100,\n SubstitutionOption = \"ALLOW_LOOSE\",\n DynamicSubstitutions = true,\n LogStreamingOption = \"STREAM_OFF\",\n WorkerPool = \"pool\",\n Logging = \"LEGACY\",\n Envs = new[]\n {\n \"ekey = evalue\",\n },\n SecretEnvs = new[]\n {\n \"secretenv = svalue\",\n },\n Volumes = new[]\n {\n new Gcp.CloudBuild.Inputs.TriggerBuildOptionsVolumeArgs\n {\n Name = \"v1\",\n Path = \"v1\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuild.NewTrigger(ctx, \"allow-failure-trigger\", \u0026cloudbuild.TriggerArgs{\n\t\t\tName: pulumi.String(\"my-trigger\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tTriggerTemplate: \u0026cloudbuild.TriggerTriggerTemplateArgs{\n\t\t\t\tBranchName: pulumi.String(\"main\"),\n\t\t\t\tRepoName: pulumi.String(\"my-repo\"),\n\t\t\t},\n\t\t\tBuild: \u0026cloudbuild.TriggerBuildArgs{\n\t\t\t\tSteps: cloudbuild.TriggerBuildStepArray{\n\t\t\t\t\t\u0026cloudbuild.TriggerBuildStepArgs{\n\t\t\t\t\t\tName: pulumi.String(\"ubuntu\"),\n\t\t\t\t\t\tArgs: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"-c\"),\n\t\t\t\t\t\t\tpulumi.String(\"exit 1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tAllowFailure: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tSource: \u0026cloudbuild.TriggerBuildSourceArgs{\n\t\t\t\t\tStorageSource: \u0026cloudbuild.TriggerBuildSourceStorageSourceArgs{\n\t\t\t\t\t\tBucket: pulumi.String(\"mybucket\"),\n\t\t\t\t\t\tObject: pulumi.String(\"source_code.tar.gz\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tTags: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"build\"),\n\t\t\t\t\tpulumi.String(\"newFeature\"),\n\t\t\t\t},\n\t\t\t\tSubstitutions: pulumi.StringMap{\n\t\t\t\t\t\"_FOO\": pulumi.String(\"bar\"),\n\t\t\t\t\t\"_BAZ\": pulumi.String(\"qux\"),\n\t\t\t\t},\n\t\t\t\tQueueTtl: pulumi.String(\"20s\"),\n\t\t\t\tLogsBucket: pulumi.String(\"gs://mybucket/logs\"),\n\t\t\t\tSecrets: cloudbuild.TriggerBuildSecretArray{\n\t\t\t\t\t\u0026cloudbuild.TriggerBuildSecretArgs{\n\t\t\t\t\t\tKmsKeyName: pulumi.String(\"projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\"),\n\t\t\t\t\t\tSecretEnv: pulumi.StringMap{\n\t\t\t\t\t\t\t\"PASSWORD\": pulumi.String(\"ZW5jcnlwdGVkLXBhc3N3b3JkCg==\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tAvailableSecrets: \u0026cloudbuild.TriggerBuildAvailableSecretsArgs{\n\t\t\t\t\tSecretManagers: cloudbuild.TriggerBuildAvailableSecretsSecretManagerArray{\n\t\t\t\t\t\t\u0026cloudbuild.TriggerBuildAvailableSecretsSecretManagerArgs{\n\t\t\t\t\t\t\tEnv: pulumi.String(\"MY_SECRET\"),\n\t\t\t\t\t\t\tVersionName: pulumi.String(\"projects/myProject/secrets/mySecret/versions/latest\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tArtifacts: \u0026cloudbuild.TriggerBuildArtifactsArgs{\n\t\t\t\t\tImages: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\"),\n\t\t\t\t\t},\n\t\t\t\t\tObjects: \u0026cloudbuild.TriggerBuildArtifactsObjectsArgs{\n\t\t\t\t\t\tLocation: pulumi.String(\"gs://bucket/path/to/somewhere/\"),\n\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"path\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tOptions: \u0026cloudbuild.TriggerBuildOptionsArgs{\n\t\t\t\t\tSourceProvenanceHashes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"MD5\"),\n\t\t\t\t\t},\n\t\t\t\t\tRequestedVerifyOption: pulumi.String(\"VERIFIED\"),\n\t\t\t\t\tMachineType: pulumi.String(\"N1_HIGHCPU_8\"),\n\t\t\t\t\tDiskSizeGb: pulumi.Int(100),\n\t\t\t\t\tSubstitutionOption: pulumi.String(\"ALLOW_LOOSE\"),\n\t\t\t\t\tDynamicSubstitutions: pulumi.Bool(true),\n\t\t\t\t\tLogStreamingOption: pulumi.String(\"STREAM_OFF\"),\n\t\t\t\t\tWorkerPool: pulumi.String(\"pool\"),\n\t\t\t\t\tLogging: pulumi.String(\"LEGACY\"),\n\t\t\t\t\tEnvs: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"ekey = evalue\"),\n\t\t\t\t\t},\n\t\t\t\t\tSecretEnvs: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"secretenv = svalue\"),\n\t\t\t\t\t},\n\t\t\t\t\tVolumes: cloudbuild.TriggerBuildOptionsVolumeArray{\n\t\t\t\t\t\t\u0026cloudbuild.TriggerBuildOptionsVolumeArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"v1\"),\n\t\t\t\t\t\t\tPath: pulumi.String(\"v1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuild.Trigger;\nimport com.pulumi.gcp.cloudbuild.TriggerArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerTriggerTemplateArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildSourceArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildSourceStorageSourceArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildAvailableSecretsArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildArtifactsArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildArtifactsObjectsArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var allow_failure_trigger = new Trigger(\"allow-failure-trigger\", TriggerArgs.builder()\n .name(\"my-trigger\")\n .location(\"global\")\n .triggerTemplate(TriggerTriggerTemplateArgs.builder()\n .branchName(\"main\")\n .repoName(\"my-repo\")\n .build())\n .build(TriggerBuildArgs.builder()\n .steps(TriggerBuildStepArgs.builder()\n .name(\"ubuntu\")\n .args( \n \"-c\",\n \"exit 1\")\n .allowFailure(true)\n .build())\n .source(TriggerBuildSourceArgs.builder()\n .storageSource(TriggerBuildSourceStorageSourceArgs.builder()\n .bucket(\"mybucket\")\n .object(\"source_code.tar.gz\")\n .build())\n .build())\n .tags( \n \"build\",\n \"newFeature\")\n .substitutions(Map.ofEntries(\n Map.entry(\"_FOO\", \"bar\"),\n Map.entry(\"_BAZ\", \"qux\")\n ))\n .queueTtl(\"20s\")\n .logsBucket(\"gs://mybucket/logs\")\n .secrets(TriggerBuildSecretArgs.builder()\n .kmsKeyName(\"projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\")\n .secretEnv(Map.of(\"PASSWORD\", \"ZW5jcnlwdGVkLXBhc3N3b3JkCg==\"))\n .build())\n .availableSecrets(TriggerBuildAvailableSecretsArgs.builder()\n .secretManagers(TriggerBuildAvailableSecretsSecretManagerArgs.builder()\n .env(\"MY_SECRET\")\n .versionName(\"projects/myProject/secrets/mySecret/versions/latest\")\n .build())\n .build())\n .artifacts(TriggerBuildArtifactsArgs.builder()\n .images(\"gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\")\n .objects(TriggerBuildArtifactsObjectsArgs.builder()\n .location(\"gs://bucket/path/to/somewhere/\")\n .paths(\"path\")\n .build())\n .build())\n .options(TriggerBuildOptionsArgs.builder()\n .sourceProvenanceHashes(\"MD5\")\n .requestedVerifyOption(\"VERIFIED\")\n .machineType(\"N1_HIGHCPU_8\")\n .diskSizeGb(100)\n .substitutionOption(\"ALLOW_LOOSE\")\n .dynamicSubstitutions(true)\n .logStreamingOption(\"STREAM_OFF\")\n .workerPool(\"pool\")\n .logging(\"LEGACY\")\n .envs(\"ekey = evalue\")\n .secretEnvs(\"secretenv = svalue\")\n .volumes(TriggerBuildOptionsVolumeArgs.builder()\n .name(\"v1\")\n .path(\"v1\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n allow-failure-trigger:\n type: gcp:cloudbuild:Trigger\n properties:\n name: my-trigger\n location: global\n triggerTemplate:\n branchName: main\n repoName: my-repo\n build:\n steps:\n - name: ubuntu\n args:\n - -c\n - exit 1\n allowFailure: true\n source:\n storageSource:\n bucket: mybucket\n object: source_code.tar.gz\n tags:\n - build\n - newFeature\n substitutions:\n _FOO: bar\n _BAZ: qux\n queueTtl: 20s\n logsBucket: gs://mybucket/logs\n secrets:\n - kmsKeyName: projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\n secretEnv:\n PASSWORD: ZW5jcnlwdGVkLXBhc3N3b3JkCg==\n availableSecrets:\n secretManagers:\n - env: MY_SECRET\n versionName: projects/myProject/secrets/mySecret/versions/latest\n artifacts:\n images:\n - gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\n objects:\n location: gs://bucket/path/to/somewhere/\n paths:\n - path\n options:\n sourceProvenanceHashes:\n - MD5\n requestedVerifyOption: VERIFIED\n machineType: N1_HIGHCPU_8\n diskSizeGb: 100\n substitutionOption: ALLOW_LOOSE\n dynamicSubstitutions: true\n logStreamingOption: STREAM_OFF\n workerPool: pool\n logging: LEGACY\n envs:\n - ekey = evalue\n secretEnvs:\n - secretenv = svalue\n volumes:\n - name: v1\n path: v1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuild Trigger Allow Exit Codes\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst allow_exit_codes_trigger = new gcp.cloudbuild.Trigger(\"allow-exit-codes-trigger\", {\n name: \"my-trigger\",\n location: \"global\",\n triggerTemplate: {\n branchName: \"main\",\n repoName: \"my-repo\",\n },\n build: {\n steps: [{\n name: \"ubuntu\",\n args: [\n \"-c\",\n \"exit 1\",\n ],\n allowExitCodes: [\n 1,\n 3,\n ],\n }],\n source: {\n storageSource: {\n bucket: \"mybucket\",\n object: \"source_code.tar.gz\",\n },\n },\n tags: [\n \"build\",\n \"newFeature\",\n ],\n substitutions: {\n _FOO: \"bar\",\n _BAZ: \"qux\",\n },\n queueTtl: \"20s\",\n logsBucket: \"gs://mybucket/logs\",\n secrets: [{\n kmsKeyName: \"projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\",\n secretEnv: {\n PASSWORD: \"ZW5jcnlwdGVkLXBhc3N3b3JkCg==\",\n },\n }],\n availableSecrets: {\n secretManagers: [{\n env: \"MY_SECRET\",\n versionName: \"projects/myProject/secrets/mySecret/versions/latest\",\n }],\n },\n artifacts: {\n images: [\"gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\"],\n objects: {\n location: \"gs://bucket/path/to/somewhere/\",\n paths: [\"path\"],\n },\n },\n options: {\n sourceProvenanceHashes: [\"MD5\"],\n requestedVerifyOption: \"VERIFIED\",\n machineType: \"N1_HIGHCPU_8\",\n diskSizeGb: 100,\n substitutionOption: \"ALLOW_LOOSE\",\n dynamicSubstitutions: true,\n logStreamingOption: \"STREAM_OFF\",\n workerPool: \"pool\",\n logging: \"LEGACY\",\n envs: [\"ekey = evalue\"],\n secretEnvs: [\"secretenv = svalue\"],\n volumes: [{\n name: \"v1\",\n path: \"v1\",\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nallow_exit_codes_trigger = gcp.cloudbuild.Trigger(\"allow-exit-codes-trigger\",\n name=\"my-trigger\",\n location=\"global\",\n trigger_template={\n \"branch_name\": \"main\",\n \"repo_name\": \"my-repo\",\n },\n build={\n \"steps\": [{\n \"name\": \"ubuntu\",\n \"args\": [\n \"-c\",\n \"exit 1\",\n ],\n \"allow_exit_codes\": [\n 1,\n 3,\n ],\n }],\n \"source\": {\n \"storage_source\": {\n \"bucket\": \"mybucket\",\n \"object\": \"source_code.tar.gz\",\n },\n },\n \"tags\": [\n \"build\",\n \"newFeature\",\n ],\n \"substitutions\": {\n \"_FOO\": \"bar\",\n \"_BAZ\": \"qux\",\n },\n \"queue_ttl\": \"20s\",\n \"logs_bucket\": \"gs://mybucket/logs\",\n \"secrets\": [{\n \"kms_key_name\": \"projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\",\n \"secret_env\": {\n \"PASSWORD\": \"ZW5jcnlwdGVkLXBhc3N3b3JkCg==\",\n },\n }],\n \"available_secrets\": {\n \"secret_managers\": [{\n \"env\": \"MY_SECRET\",\n \"version_name\": \"projects/myProject/secrets/mySecret/versions/latest\",\n }],\n },\n \"artifacts\": {\n \"images\": [\"gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\"],\n \"objects\": {\n \"location\": \"gs://bucket/path/to/somewhere/\",\n \"paths\": [\"path\"],\n },\n },\n \"options\": {\n \"source_provenance_hashes\": [\"MD5\"],\n \"requested_verify_option\": \"VERIFIED\",\n \"machine_type\": \"N1_HIGHCPU_8\",\n \"disk_size_gb\": 100,\n \"substitution_option\": \"ALLOW_LOOSE\",\n \"dynamic_substitutions\": True,\n \"log_streaming_option\": \"STREAM_OFF\",\n \"worker_pool\": \"pool\",\n \"logging\": \"LEGACY\",\n \"envs\": [\"ekey = evalue\"],\n \"secret_envs\": [\"secretenv = svalue\"],\n \"volumes\": [{\n \"name\": \"v1\",\n \"path\": \"v1\",\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var allow_exit_codes_trigger = new Gcp.CloudBuild.Trigger(\"allow-exit-codes-trigger\", new()\n {\n Name = \"my-trigger\",\n Location = \"global\",\n TriggerTemplate = new Gcp.CloudBuild.Inputs.TriggerTriggerTemplateArgs\n {\n BranchName = \"main\",\n RepoName = \"my-repo\",\n },\n Build = new Gcp.CloudBuild.Inputs.TriggerBuildArgs\n {\n Steps = new[]\n {\n new Gcp.CloudBuild.Inputs.TriggerBuildStepArgs\n {\n Name = \"ubuntu\",\n Args = new[]\n {\n \"-c\",\n \"exit 1\",\n },\n AllowExitCodes = new[]\n {\n 1,\n 3,\n },\n },\n },\n Source = new Gcp.CloudBuild.Inputs.TriggerBuildSourceArgs\n {\n StorageSource = new Gcp.CloudBuild.Inputs.TriggerBuildSourceStorageSourceArgs\n {\n Bucket = \"mybucket\",\n Object = \"source_code.tar.gz\",\n },\n },\n Tags = new[]\n {\n \"build\",\n \"newFeature\",\n },\n Substitutions = \n {\n { \"_FOO\", \"bar\" },\n { \"_BAZ\", \"qux\" },\n },\n QueueTtl = \"20s\",\n LogsBucket = \"gs://mybucket/logs\",\n Secrets = new[]\n {\n new Gcp.CloudBuild.Inputs.TriggerBuildSecretArgs\n {\n KmsKeyName = \"projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\",\n SecretEnv = \n {\n { \"PASSWORD\", \"ZW5jcnlwdGVkLXBhc3N3b3JkCg==\" },\n },\n },\n },\n AvailableSecrets = new Gcp.CloudBuild.Inputs.TriggerBuildAvailableSecretsArgs\n {\n SecretManagers = new[]\n {\n new Gcp.CloudBuild.Inputs.TriggerBuildAvailableSecretsSecretManagerArgs\n {\n Env = \"MY_SECRET\",\n VersionName = \"projects/myProject/secrets/mySecret/versions/latest\",\n },\n },\n },\n Artifacts = new Gcp.CloudBuild.Inputs.TriggerBuildArtifactsArgs\n {\n Images = new[]\n {\n \"gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\",\n },\n Objects = new Gcp.CloudBuild.Inputs.TriggerBuildArtifactsObjectsArgs\n {\n Location = \"gs://bucket/path/to/somewhere/\",\n Paths = new[]\n {\n \"path\",\n },\n },\n },\n Options = new Gcp.CloudBuild.Inputs.TriggerBuildOptionsArgs\n {\n SourceProvenanceHashes = new[]\n {\n \"MD5\",\n },\n RequestedVerifyOption = \"VERIFIED\",\n MachineType = \"N1_HIGHCPU_8\",\n DiskSizeGb = 100,\n SubstitutionOption = \"ALLOW_LOOSE\",\n DynamicSubstitutions = true,\n LogStreamingOption = \"STREAM_OFF\",\n WorkerPool = \"pool\",\n Logging = \"LEGACY\",\n Envs = new[]\n {\n \"ekey = evalue\",\n },\n SecretEnvs = new[]\n {\n \"secretenv = svalue\",\n },\n Volumes = new[]\n {\n new Gcp.CloudBuild.Inputs.TriggerBuildOptionsVolumeArgs\n {\n Name = \"v1\",\n Path = \"v1\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuild.NewTrigger(ctx, \"allow-exit-codes-trigger\", \u0026cloudbuild.TriggerArgs{\n\t\t\tName: pulumi.String(\"my-trigger\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tTriggerTemplate: \u0026cloudbuild.TriggerTriggerTemplateArgs{\n\t\t\t\tBranchName: pulumi.String(\"main\"),\n\t\t\t\tRepoName: pulumi.String(\"my-repo\"),\n\t\t\t},\n\t\t\tBuild: \u0026cloudbuild.TriggerBuildArgs{\n\t\t\t\tSteps: cloudbuild.TriggerBuildStepArray{\n\t\t\t\t\t\u0026cloudbuild.TriggerBuildStepArgs{\n\t\t\t\t\t\tName: pulumi.String(\"ubuntu\"),\n\t\t\t\t\t\tArgs: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"-c\"),\n\t\t\t\t\t\t\tpulumi.String(\"exit 1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tAllowExitCodes: pulumi.IntArray{\n\t\t\t\t\t\t\tpulumi.Int(1),\n\t\t\t\t\t\t\tpulumi.Int(3),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tSource: \u0026cloudbuild.TriggerBuildSourceArgs{\n\t\t\t\t\tStorageSource: \u0026cloudbuild.TriggerBuildSourceStorageSourceArgs{\n\t\t\t\t\t\tBucket: pulumi.String(\"mybucket\"),\n\t\t\t\t\t\tObject: pulumi.String(\"source_code.tar.gz\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tTags: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"build\"),\n\t\t\t\t\tpulumi.String(\"newFeature\"),\n\t\t\t\t},\n\t\t\t\tSubstitutions: pulumi.StringMap{\n\t\t\t\t\t\"_FOO\": pulumi.String(\"bar\"),\n\t\t\t\t\t\"_BAZ\": pulumi.String(\"qux\"),\n\t\t\t\t},\n\t\t\t\tQueueTtl: pulumi.String(\"20s\"),\n\t\t\t\tLogsBucket: pulumi.String(\"gs://mybucket/logs\"),\n\t\t\t\tSecrets: cloudbuild.TriggerBuildSecretArray{\n\t\t\t\t\t\u0026cloudbuild.TriggerBuildSecretArgs{\n\t\t\t\t\t\tKmsKeyName: pulumi.String(\"projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\"),\n\t\t\t\t\t\tSecretEnv: pulumi.StringMap{\n\t\t\t\t\t\t\t\"PASSWORD\": pulumi.String(\"ZW5jcnlwdGVkLXBhc3N3b3JkCg==\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tAvailableSecrets: \u0026cloudbuild.TriggerBuildAvailableSecretsArgs{\n\t\t\t\t\tSecretManagers: cloudbuild.TriggerBuildAvailableSecretsSecretManagerArray{\n\t\t\t\t\t\t\u0026cloudbuild.TriggerBuildAvailableSecretsSecretManagerArgs{\n\t\t\t\t\t\t\tEnv: pulumi.String(\"MY_SECRET\"),\n\t\t\t\t\t\t\tVersionName: pulumi.String(\"projects/myProject/secrets/mySecret/versions/latest\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tArtifacts: \u0026cloudbuild.TriggerBuildArtifactsArgs{\n\t\t\t\t\tImages: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\"),\n\t\t\t\t\t},\n\t\t\t\t\tObjects: \u0026cloudbuild.TriggerBuildArtifactsObjectsArgs{\n\t\t\t\t\t\tLocation: pulumi.String(\"gs://bucket/path/to/somewhere/\"),\n\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"path\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tOptions: \u0026cloudbuild.TriggerBuildOptionsArgs{\n\t\t\t\t\tSourceProvenanceHashes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"MD5\"),\n\t\t\t\t\t},\n\t\t\t\t\tRequestedVerifyOption: pulumi.String(\"VERIFIED\"),\n\t\t\t\t\tMachineType: pulumi.String(\"N1_HIGHCPU_8\"),\n\t\t\t\t\tDiskSizeGb: pulumi.Int(100),\n\t\t\t\t\tSubstitutionOption: pulumi.String(\"ALLOW_LOOSE\"),\n\t\t\t\t\tDynamicSubstitutions: pulumi.Bool(true),\n\t\t\t\t\tLogStreamingOption: pulumi.String(\"STREAM_OFF\"),\n\t\t\t\t\tWorkerPool: pulumi.String(\"pool\"),\n\t\t\t\t\tLogging: pulumi.String(\"LEGACY\"),\n\t\t\t\t\tEnvs: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"ekey = evalue\"),\n\t\t\t\t\t},\n\t\t\t\t\tSecretEnvs: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"secretenv = svalue\"),\n\t\t\t\t\t},\n\t\t\t\t\tVolumes: cloudbuild.TriggerBuildOptionsVolumeArray{\n\t\t\t\t\t\t\u0026cloudbuild.TriggerBuildOptionsVolumeArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"v1\"),\n\t\t\t\t\t\t\tPath: pulumi.String(\"v1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuild.Trigger;\nimport com.pulumi.gcp.cloudbuild.TriggerArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerTriggerTemplateArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildSourceArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildSourceStorageSourceArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildAvailableSecretsArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildArtifactsArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildArtifactsObjectsArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var allow_exit_codes_trigger = new Trigger(\"allow-exit-codes-trigger\", TriggerArgs.builder()\n .name(\"my-trigger\")\n .location(\"global\")\n .triggerTemplate(TriggerTriggerTemplateArgs.builder()\n .branchName(\"main\")\n .repoName(\"my-repo\")\n .build())\n .build(TriggerBuildArgs.builder()\n .steps(TriggerBuildStepArgs.builder()\n .name(\"ubuntu\")\n .args( \n \"-c\",\n \"exit 1\")\n .allowExitCodes( \n 1,\n 3)\n .build())\n .source(TriggerBuildSourceArgs.builder()\n .storageSource(TriggerBuildSourceStorageSourceArgs.builder()\n .bucket(\"mybucket\")\n .object(\"source_code.tar.gz\")\n .build())\n .build())\n .tags( \n \"build\",\n \"newFeature\")\n .substitutions(Map.ofEntries(\n Map.entry(\"_FOO\", \"bar\"),\n Map.entry(\"_BAZ\", \"qux\")\n ))\n .queueTtl(\"20s\")\n .logsBucket(\"gs://mybucket/logs\")\n .secrets(TriggerBuildSecretArgs.builder()\n .kmsKeyName(\"projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\")\n .secretEnv(Map.of(\"PASSWORD\", \"ZW5jcnlwdGVkLXBhc3N3b3JkCg==\"))\n .build())\n .availableSecrets(TriggerBuildAvailableSecretsArgs.builder()\n .secretManagers(TriggerBuildAvailableSecretsSecretManagerArgs.builder()\n .env(\"MY_SECRET\")\n .versionName(\"projects/myProject/secrets/mySecret/versions/latest\")\n .build())\n .build())\n .artifacts(TriggerBuildArtifactsArgs.builder()\n .images(\"gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\")\n .objects(TriggerBuildArtifactsObjectsArgs.builder()\n .location(\"gs://bucket/path/to/somewhere/\")\n .paths(\"path\")\n .build())\n .build())\n .options(TriggerBuildOptionsArgs.builder()\n .sourceProvenanceHashes(\"MD5\")\n .requestedVerifyOption(\"VERIFIED\")\n .machineType(\"N1_HIGHCPU_8\")\n .diskSizeGb(100)\n .substitutionOption(\"ALLOW_LOOSE\")\n .dynamicSubstitutions(true)\n .logStreamingOption(\"STREAM_OFF\")\n .workerPool(\"pool\")\n .logging(\"LEGACY\")\n .envs(\"ekey = evalue\")\n .secretEnvs(\"secretenv = svalue\")\n .volumes(TriggerBuildOptionsVolumeArgs.builder()\n .name(\"v1\")\n .path(\"v1\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n allow-exit-codes-trigger:\n type: gcp:cloudbuild:Trigger\n properties:\n name: my-trigger\n location: global\n triggerTemplate:\n branchName: main\n repoName: my-repo\n build:\n steps:\n - name: ubuntu\n args:\n - -c\n - exit 1\n allowExitCodes:\n - 1\n - 3\n source:\n storageSource:\n bucket: mybucket\n object: source_code.tar.gz\n tags:\n - build\n - newFeature\n substitutions:\n _FOO: bar\n _BAZ: qux\n queueTtl: 20s\n logsBucket: gs://mybucket/logs\n secrets:\n - kmsKeyName: projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\n secretEnv:\n PASSWORD: ZW5jcnlwdGVkLXBhc3N3b3JkCg==\n availableSecrets:\n secretManagers:\n - env: MY_SECRET\n versionName: projects/myProject/secrets/mySecret/versions/latest\n artifacts:\n images:\n - gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\n objects:\n location: gs://bucket/path/to/somewhere/\n paths:\n - path\n options:\n sourceProvenanceHashes:\n - MD5\n requestedVerifyOption: VERIFIED\n machineType: N1_HIGHCPU_8\n diskSizeGb: 100\n substitutionOption: ALLOW_LOOSE\n dynamicSubstitutions: true\n logStreamingOption: STREAM_OFF\n workerPool: pool\n logging: LEGACY\n envs:\n - ekey = evalue\n secretEnvs:\n - secretenv = svalue\n volumes:\n - name: v1\n path: v1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuild Trigger Pubsub With Repo\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_connection = new gcp.cloudbuildv2.Connection(\"my-connection\", {\n location: \"us-central1\",\n name: \"my-connection\",\n githubConfig: {\n appInstallationId: 123123,\n authorizerCredential: {\n oauthTokenSecretVersion: \"projects/my-project/secrets/github-pat-secret/versions/latest\",\n },\n },\n});\nconst my_repository = new gcp.cloudbuildv2.Repository(\"my-repository\", {\n name: \"my-repo\",\n parentConnection: my_connection.id,\n remoteUri: \"https://github.com/myuser/my-repo.git\",\n});\nconst mytopic = new gcp.pubsub.Topic(\"mytopic\", {name: \"my-topic\"});\nconst pubsub_with_repo_trigger = new gcp.cloudbuild.Trigger(\"pubsub-with-repo-trigger\", {\n name: \"pubsub-with-repo-trigger\",\n location: \"us-central1\",\n pubsubConfig: {\n topic: mytopic.id,\n },\n sourceToBuild: {\n repository: my_repository.id,\n ref: \"refs/heads/main\",\n repoType: \"GITHUB\",\n },\n gitFileSource: {\n path: \"cloudbuild.yaml\",\n repository: my_repository.id,\n revision: \"refs/heads/main\",\n repoType: \"GITHUB\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_connection = gcp.cloudbuildv2.Connection(\"my-connection\",\n location=\"us-central1\",\n name=\"my-connection\",\n github_config={\n \"app_installation_id\": 123123,\n \"authorizer_credential\": {\n \"oauth_token_secret_version\": \"projects/my-project/secrets/github-pat-secret/versions/latest\",\n },\n })\nmy_repository = gcp.cloudbuildv2.Repository(\"my-repository\",\n name=\"my-repo\",\n parent_connection=my_connection.id,\n remote_uri=\"https://github.com/myuser/my-repo.git\")\nmytopic = gcp.pubsub.Topic(\"mytopic\", name=\"my-topic\")\npubsub_with_repo_trigger = gcp.cloudbuild.Trigger(\"pubsub-with-repo-trigger\",\n name=\"pubsub-with-repo-trigger\",\n location=\"us-central1\",\n pubsub_config={\n \"topic\": mytopic.id,\n },\n source_to_build={\n \"repository\": my_repository.id,\n \"ref\": \"refs/heads/main\",\n \"repo_type\": \"GITHUB\",\n },\n git_file_source={\n \"path\": \"cloudbuild.yaml\",\n \"repository\": my_repository.id,\n \"revision\": \"refs/heads/main\",\n \"repo_type\": \"GITHUB\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_connection = new Gcp.CloudBuildV2.Connection(\"my-connection\", new()\n {\n Location = \"us-central1\",\n Name = \"my-connection\",\n GithubConfig = new Gcp.CloudBuildV2.Inputs.ConnectionGithubConfigArgs\n {\n AppInstallationId = 123123,\n AuthorizerCredential = new Gcp.CloudBuildV2.Inputs.ConnectionGithubConfigAuthorizerCredentialArgs\n {\n OauthTokenSecretVersion = \"projects/my-project/secrets/github-pat-secret/versions/latest\",\n },\n },\n });\n\n var my_repository = new Gcp.CloudBuildV2.Repository(\"my-repository\", new()\n {\n Name = \"my-repo\",\n ParentConnection = my_connection.Id,\n RemoteUri = \"https://github.com/myuser/my-repo.git\",\n });\n\n var mytopic = new Gcp.PubSub.Topic(\"mytopic\", new()\n {\n Name = \"my-topic\",\n });\n\n var pubsub_with_repo_trigger = new Gcp.CloudBuild.Trigger(\"pubsub-with-repo-trigger\", new()\n {\n Name = \"pubsub-with-repo-trigger\",\n Location = \"us-central1\",\n PubsubConfig = new Gcp.CloudBuild.Inputs.TriggerPubsubConfigArgs\n {\n Topic = mytopic.Id,\n },\n SourceToBuild = new Gcp.CloudBuild.Inputs.TriggerSourceToBuildArgs\n {\n Repository = my_repository.Id,\n Ref = \"refs/heads/main\",\n RepoType = \"GITHUB\",\n },\n GitFileSource = new Gcp.CloudBuild.Inputs.TriggerGitFileSourceArgs\n {\n Path = \"cloudbuild.yaml\",\n Repository = my_repository.Id,\n Revision = \"refs/heads/main\",\n RepoType = \"GITHUB\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnection(ctx, \"my-connection\", \u0026cloudbuildv2.ConnectionArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"my-connection\"),\n\t\t\tGithubConfig: \u0026cloudbuildv2.ConnectionGithubConfigArgs{\n\t\t\t\tAppInstallationId: pulumi.Int(123123),\n\t\t\t\tAuthorizerCredential: \u0026cloudbuildv2.ConnectionGithubConfigAuthorizerCredentialArgs{\n\t\t\t\t\tOauthTokenSecretVersion: pulumi.String(\"projects/my-project/secrets/github-pat-secret/versions/latest\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewRepository(ctx, \"my-repository\", \u0026cloudbuildv2.RepositoryArgs{\n\t\t\tName: pulumi.String(\"my-repo\"),\n\t\t\tParentConnection: my_connection.ID(),\n\t\t\tRemoteUri: pulumi.String(\"https://github.com/myuser/my-repo.git\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmytopic, err := pubsub.NewTopic(ctx, \"mytopic\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"my-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuild.NewTrigger(ctx, \"pubsub-with-repo-trigger\", \u0026cloudbuild.TriggerArgs{\n\t\t\tName: pulumi.String(\"pubsub-with-repo-trigger\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPubsubConfig: \u0026cloudbuild.TriggerPubsubConfigArgs{\n\t\t\t\tTopic: mytopic.ID(),\n\t\t\t},\n\t\t\tSourceToBuild: \u0026cloudbuild.TriggerSourceToBuildArgs{\n\t\t\t\tRepository: my_repository.ID(),\n\t\t\t\tRef: pulumi.String(\"refs/heads/main\"),\n\t\t\t\tRepoType: pulumi.String(\"GITHUB\"),\n\t\t\t},\n\t\t\tGitFileSource: \u0026cloudbuild.TriggerGitFileSourceArgs{\n\t\t\t\tPath: pulumi.String(\"cloudbuild.yaml\"),\n\t\t\t\tRepository: my_repository.ID(),\n\t\t\t\tRevision: pulumi.String(\"refs/heads/main\"),\n\t\t\t\tRepoType: pulumi.String(\"GITHUB\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.Connection;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionArgs;\nimport com.pulumi.gcp.cloudbuildv2.inputs.ConnectionGithubConfigArgs;\nimport com.pulumi.gcp.cloudbuildv2.inputs.ConnectionGithubConfigAuthorizerCredentialArgs;\nimport com.pulumi.gcp.cloudbuildv2.Repository;\nimport com.pulumi.gcp.cloudbuildv2.RepositoryArgs;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.cloudbuild.Trigger;\nimport com.pulumi.gcp.cloudbuild.TriggerArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerPubsubConfigArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerSourceToBuildArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerGitFileSourceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_connection = new Connection(\"my-connection\", ConnectionArgs.builder()\n .location(\"us-central1\")\n .name(\"my-connection\")\n .githubConfig(ConnectionGithubConfigArgs.builder()\n .appInstallationId(123123)\n .authorizerCredential(ConnectionGithubConfigAuthorizerCredentialArgs.builder()\n .oauthTokenSecretVersion(\"projects/my-project/secrets/github-pat-secret/versions/latest\")\n .build())\n .build())\n .build());\n\n var my_repository = new Repository(\"my-repository\", RepositoryArgs.builder()\n .name(\"my-repo\")\n .parentConnection(my_connection.id())\n .remoteUri(\"https://github.com/myuser/my-repo.git\")\n .build());\n\n var mytopic = new Topic(\"mytopic\", TopicArgs.builder()\n .name(\"my-topic\")\n .build());\n\n var pubsub_with_repo_trigger = new Trigger(\"pubsub-with-repo-trigger\", TriggerArgs.builder()\n .name(\"pubsub-with-repo-trigger\")\n .location(\"us-central1\")\n .pubsubConfig(TriggerPubsubConfigArgs.builder()\n .topic(mytopic.id())\n .build())\n .sourceToBuild(TriggerSourceToBuildArgs.builder()\n .repository(my_repository.id())\n .ref(\"refs/heads/main\")\n .repoType(\"GITHUB\")\n .build())\n .gitFileSource(TriggerGitFileSourceArgs.builder()\n .path(\"cloudbuild.yaml\")\n .repository(my_repository.id())\n .revision(\"refs/heads/main\")\n .repoType(\"GITHUB\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-connection:\n type: gcp:cloudbuildv2:Connection\n properties:\n location: us-central1\n name: my-connection\n githubConfig:\n appInstallationId: 123123\n authorizerCredential:\n oauthTokenSecretVersion: projects/my-project/secrets/github-pat-secret/versions/latest\n my-repository:\n type: gcp:cloudbuildv2:Repository\n properties:\n name: my-repo\n parentConnection: ${[\"my-connection\"].id}\n remoteUri: https://github.com/myuser/my-repo.git\n mytopic:\n type: gcp:pubsub:Topic\n properties:\n name: my-topic\n pubsub-with-repo-trigger:\n type: gcp:cloudbuild:Trigger\n properties:\n name: pubsub-with-repo-trigger\n location: us-central1\n pubsubConfig:\n topic: ${mytopic.id}\n sourceToBuild:\n repository: ${[\"my-repository\"].id}\n ref: refs/heads/main\n repoType: GITHUB\n gitFileSource:\n path: cloudbuild.yaml\n repository: ${[\"my-repository\"].id}\n revision: refs/heads/main\n repoType: GITHUB\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nTrigger can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/triggers/{{trigger_id}}`\n\n* `projects/{{project}}/triggers/{{trigger_id}}`\n\n* `{{project}}/{{trigger_id}}`\n\n* `{{trigger_id}}`\n\nWhen using the `pulumi import` command, Trigger can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:cloudbuild/trigger:Trigger default projects/{{project}}/locations/{{location}}/triggers/{{trigger_id}}\n```\n\n```sh\n$ pulumi import gcp:cloudbuild/trigger:Trigger default projects/{{project}}/triggers/{{trigger_id}}\n```\n\n```sh\n$ pulumi import gcp:cloudbuild/trigger:Trigger default {{project}}/{{trigger_id}}\n```\n\n```sh\n$ pulumi import gcp:cloudbuild/trigger:Trigger default {{trigger_id}}\n```\n\n", + "description": "Configuration for an automated build in response to source repository changes.\n\n\nTo get more information about Trigger, see:\n\n* [API documentation](https://cloud.google.com/cloud-build/docs/api/reference/rest/v1/projects.triggers)\n* How-to Guides\n * [Automating builds using build triggers](https://cloud.google.com/cloud-build/docs/running-builds/automate-builds)\n\n\u003e **Note:** You can retrieve the email of the Cloud Build Service Account used in jobs by using the `gcp.projects.ServiceIdentity` resource.\n\n## Example Usage\n\n### Cloudbuild Trigger Filename\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst filename_trigger = new gcp.cloudbuild.Trigger(\"filename-trigger\", {\n location: \"us-central1\",\n triggerTemplate: {\n branchName: \"main\",\n repoName: \"my-repo\",\n },\n substitutions: {\n _FOO: \"bar\",\n _BAZ: \"qux\",\n },\n filename: \"cloudbuild.yaml\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfilename_trigger = gcp.cloudbuild.Trigger(\"filename-trigger\",\n location=\"us-central1\",\n trigger_template={\n \"branch_name\": \"main\",\n \"repo_name\": \"my-repo\",\n },\n substitutions={\n \"_FOO\": \"bar\",\n \"_BAZ\": \"qux\",\n },\n filename=\"cloudbuild.yaml\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var filename_trigger = new Gcp.CloudBuild.Trigger(\"filename-trigger\", new()\n {\n Location = \"us-central1\",\n TriggerTemplate = new Gcp.CloudBuild.Inputs.TriggerTriggerTemplateArgs\n {\n BranchName = \"main\",\n RepoName = \"my-repo\",\n },\n Substitutions = \n {\n { \"_FOO\", \"bar\" },\n { \"_BAZ\", \"qux\" },\n },\n Filename = \"cloudbuild.yaml\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuild.NewTrigger(ctx, \"filename-trigger\", \u0026cloudbuild.TriggerArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTriggerTemplate: \u0026cloudbuild.TriggerTriggerTemplateArgs{\n\t\t\t\tBranchName: pulumi.String(\"main\"),\n\t\t\t\tRepoName: pulumi.String(\"my-repo\"),\n\t\t\t},\n\t\t\tSubstitutions: pulumi.StringMap{\n\t\t\t\t\"_FOO\": pulumi.String(\"bar\"),\n\t\t\t\t\"_BAZ\": pulumi.String(\"qux\"),\n\t\t\t},\n\t\t\tFilename: pulumi.String(\"cloudbuild.yaml\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuild.Trigger;\nimport com.pulumi.gcp.cloudbuild.TriggerArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerTriggerTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var filename_trigger = new Trigger(\"filename-trigger\", TriggerArgs.builder()\n .location(\"us-central1\")\n .triggerTemplate(TriggerTriggerTemplateArgs.builder()\n .branchName(\"main\")\n .repoName(\"my-repo\")\n .build())\n .substitutions(Map.ofEntries(\n Map.entry(\"_FOO\", \"bar\"),\n Map.entry(\"_BAZ\", \"qux\")\n ))\n .filename(\"cloudbuild.yaml\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n filename-trigger:\n type: gcp:cloudbuild:Trigger\n properties:\n location: us-central1\n triggerTemplate:\n branchName: main\n repoName: my-repo\n substitutions:\n _FOO: bar\n _BAZ: qux\n filename: cloudbuild.yaml\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuild Trigger Build\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst build_trigger = new gcp.cloudbuild.Trigger(\"build-trigger\", {\n name: \"my-trigger\",\n location: \"global\",\n triggerTemplate: {\n branchName: \"main\",\n repoName: \"my-repo\",\n },\n build: {\n steps: [\n {\n name: \"gcr.io/cloud-builders/gsutil\",\n args: [\n \"cp\",\n \"gs://mybucket/remotefile.zip\",\n \"localfile.zip\",\n ],\n timeout: \"120s\",\n secretEnvs: [\"MY_SECRET\"],\n },\n {\n name: \"ubuntu\",\n script: \"echo hello\",\n },\n ],\n source: {\n storageSource: {\n bucket: \"mybucket\",\n object: \"source_code.tar.gz\",\n },\n },\n tags: [\n \"build\",\n \"newFeature\",\n ],\n substitutions: {\n _FOO: \"bar\",\n _BAZ: \"qux\",\n },\n queueTtl: \"20s\",\n logsBucket: \"gs://mybucket/logs\",\n secrets: [{\n kmsKeyName: \"projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\",\n secretEnv: {\n PASSWORD: \"ZW5jcnlwdGVkLXBhc3N3b3JkCg==\",\n },\n }],\n availableSecrets: {\n secretManagers: [{\n env: \"MY_SECRET\",\n versionName: \"projects/myProject/secrets/mySecret/versions/latest\",\n }],\n },\n artifacts: {\n images: [\"gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\"],\n objects: {\n location: \"gs://bucket/path/to/somewhere/\",\n paths: [\"path\"],\n },\n npmPackages: [{\n packagePath: \"package.json\",\n repository: \"https://us-west1-npm.pkg.dev/myProject/quickstart-nodejs-repo\",\n }],\n pythonPackages: [{\n paths: [\"dist/*\"],\n repository: \"https://us-west1-python.pkg.dev/myProject/quickstart-python-repo\",\n }],\n mavenArtifacts: [{\n repository: \"https://us-west1-maven.pkg.dev/myProject/quickstart-java-repo\",\n path: \"/workspace/my-app/target/my-app-1.0.SNAPSHOT.jar\",\n artifactId: \"my-app\",\n groupId: \"com.mycompany.app\",\n version: \"1.0\",\n }],\n },\n options: {\n sourceProvenanceHashes: [\"MD5\"],\n requestedVerifyOption: \"VERIFIED\",\n machineType: \"N1_HIGHCPU_8\",\n diskSizeGb: 100,\n substitutionOption: \"ALLOW_LOOSE\",\n dynamicSubstitutions: true,\n logStreamingOption: \"STREAM_OFF\",\n workerPool: \"pool\",\n logging: \"LEGACY\",\n envs: [\"ekey = evalue\"],\n secretEnvs: [\"secretenv = svalue\"],\n volumes: [{\n name: \"v1\",\n path: \"v1\",\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbuild_trigger = gcp.cloudbuild.Trigger(\"build-trigger\",\n name=\"my-trigger\",\n location=\"global\",\n trigger_template={\n \"branch_name\": \"main\",\n \"repo_name\": \"my-repo\",\n },\n build={\n \"steps\": [\n {\n \"name\": \"gcr.io/cloud-builders/gsutil\",\n \"args\": [\n \"cp\",\n \"gs://mybucket/remotefile.zip\",\n \"localfile.zip\",\n ],\n \"timeout\": \"120s\",\n \"secret_envs\": [\"MY_SECRET\"],\n },\n {\n \"name\": \"ubuntu\",\n \"script\": \"echo hello\",\n },\n ],\n \"source\": {\n \"storage_source\": {\n \"bucket\": \"mybucket\",\n \"object\": \"source_code.tar.gz\",\n },\n },\n \"tags\": [\n \"build\",\n \"newFeature\",\n ],\n \"substitutions\": {\n \"_FOO\": \"bar\",\n \"_BAZ\": \"qux\",\n },\n \"queue_ttl\": \"20s\",\n \"logs_bucket\": \"gs://mybucket/logs\",\n \"secrets\": [{\n \"kms_key_name\": \"projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\",\n \"secret_env\": {\n \"PASSWORD\": \"ZW5jcnlwdGVkLXBhc3N3b3JkCg==\",\n },\n }],\n \"available_secrets\": {\n \"secret_managers\": [{\n \"env\": \"MY_SECRET\",\n \"version_name\": \"projects/myProject/secrets/mySecret/versions/latest\",\n }],\n },\n \"artifacts\": {\n \"images\": [\"gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\"],\n \"objects\": {\n \"location\": \"gs://bucket/path/to/somewhere/\",\n \"paths\": [\"path\"],\n },\n \"npm_packages\": [{\n \"package_path\": \"package.json\",\n \"repository\": \"https://us-west1-npm.pkg.dev/myProject/quickstart-nodejs-repo\",\n }],\n \"python_packages\": [{\n \"paths\": [\"dist/*\"],\n \"repository\": \"https://us-west1-python.pkg.dev/myProject/quickstart-python-repo\",\n }],\n \"maven_artifacts\": [{\n \"repository\": \"https://us-west1-maven.pkg.dev/myProject/quickstart-java-repo\",\n \"path\": \"/workspace/my-app/target/my-app-1.0.SNAPSHOT.jar\",\n \"artifact_id\": \"my-app\",\n \"group_id\": \"com.mycompany.app\",\n \"version\": \"1.0\",\n }],\n },\n \"options\": {\n \"source_provenance_hashes\": [\"MD5\"],\n \"requested_verify_option\": \"VERIFIED\",\n \"machine_type\": \"N1_HIGHCPU_8\",\n \"disk_size_gb\": 100,\n \"substitution_option\": \"ALLOW_LOOSE\",\n \"dynamic_substitutions\": True,\n \"log_streaming_option\": \"STREAM_OFF\",\n \"worker_pool\": \"pool\",\n \"logging\": \"LEGACY\",\n \"envs\": [\"ekey = evalue\"],\n \"secret_envs\": [\"secretenv = svalue\"],\n \"volumes\": [{\n \"name\": \"v1\",\n \"path\": \"v1\",\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var build_trigger = new Gcp.CloudBuild.Trigger(\"build-trigger\", new()\n {\n Name = \"my-trigger\",\n Location = \"global\",\n TriggerTemplate = new Gcp.CloudBuild.Inputs.TriggerTriggerTemplateArgs\n {\n BranchName = \"main\",\n RepoName = \"my-repo\",\n },\n Build = new Gcp.CloudBuild.Inputs.TriggerBuildArgs\n {\n Steps = new[]\n {\n new Gcp.CloudBuild.Inputs.TriggerBuildStepArgs\n {\n Name = \"gcr.io/cloud-builders/gsutil\",\n Args = new[]\n {\n \"cp\",\n \"gs://mybucket/remotefile.zip\",\n \"localfile.zip\",\n },\n Timeout = \"120s\",\n SecretEnvs = new[]\n {\n \"MY_SECRET\",\n },\n },\n new Gcp.CloudBuild.Inputs.TriggerBuildStepArgs\n {\n Name = \"ubuntu\",\n Script = \"echo hello\",\n },\n },\n Source = new Gcp.CloudBuild.Inputs.TriggerBuildSourceArgs\n {\n StorageSource = new Gcp.CloudBuild.Inputs.TriggerBuildSourceStorageSourceArgs\n {\n Bucket = \"mybucket\",\n Object = \"source_code.tar.gz\",\n },\n },\n Tags = new[]\n {\n \"build\",\n \"newFeature\",\n },\n Substitutions = \n {\n { \"_FOO\", \"bar\" },\n { \"_BAZ\", \"qux\" },\n },\n QueueTtl = \"20s\",\n LogsBucket = \"gs://mybucket/logs\",\n Secrets = new[]\n {\n new Gcp.CloudBuild.Inputs.TriggerBuildSecretArgs\n {\n KmsKeyName = \"projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\",\n SecretEnv = \n {\n { \"PASSWORD\", \"ZW5jcnlwdGVkLXBhc3N3b3JkCg==\" },\n },\n },\n },\n AvailableSecrets = new Gcp.CloudBuild.Inputs.TriggerBuildAvailableSecretsArgs\n {\n SecretManagers = new[]\n {\n new Gcp.CloudBuild.Inputs.TriggerBuildAvailableSecretsSecretManagerArgs\n {\n Env = \"MY_SECRET\",\n VersionName = \"projects/myProject/secrets/mySecret/versions/latest\",\n },\n },\n },\n Artifacts = new Gcp.CloudBuild.Inputs.TriggerBuildArtifactsArgs\n {\n Images = new[]\n {\n \"gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\",\n },\n Objects = new Gcp.CloudBuild.Inputs.TriggerBuildArtifactsObjectsArgs\n {\n Location = \"gs://bucket/path/to/somewhere/\",\n Paths = new[]\n {\n \"path\",\n },\n },\n NpmPackages = new[]\n {\n new Gcp.CloudBuild.Inputs.TriggerBuildArtifactsNpmPackageArgs\n {\n PackagePath = \"package.json\",\n Repository = \"https://us-west1-npm.pkg.dev/myProject/quickstart-nodejs-repo\",\n },\n },\n PythonPackages = new[]\n {\n new Gcp.CloudBuild.Inputs.TriggerBuildArtifactsPythonPackageArgs\n {\n Paths = new[]\n {\n \"dist/*\",\n },\n Repository = \"https://us-west1-python.pkg.dev/myProject/quickstart-python-repo\",\n },\n },\n MavenArtifacts = new[]\n {\n new Gcp.CloudBuild.Inputs.TriggerBuildArtifactsMavenArtifactArgs\n {\n Repository = \"https://us-west1-maven.pkg.dev/myProject/quickstart-java-repo\",\n Path = \"/workspace/my-app/target/my-app-1.0.SNAPSHOT.jar\",\n ArtifactId = \"my-app\",\n GroupId = \"com.mycompany.app\",\n Version = \"1.0\",\n },\n },\n },\n Options = new Gcp.CloudBuild.Inputs.TriggerBuildOptionsArgs\n {\n SourceProvenanceHashes = new[]\n {\n \"MD5\",\n },\n RequestedVerifyOption = \"VERIFIED\",\n MachineType = \"N1_HIGHCPU_8\",\n DiskSizeGb = 100,\n SubstitutionOption = \"ALLOW_LOOSE\",\n DynamicSubstitutions = true,\n LogStreamingOption = \"STREAM_OFF\",\n WorkerPool = \"pool\",\n Logging = \"LEGACY\",\n Envs = new[]\n {\n \"ekey = evalue\",\n },\n SecretEnvs = new[]\n {\n \"secretenv = svalue\",\n },\n Volumes = new[]\n {\n new Gcp.CloudBuild.Inputs.TriggerBuildOptionsVolumeArgs\n {\n Name = \"v1\",\n Path = \"v1\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuild.NewTrigger(ctx, \"build-trigger\", \u0026cloudbuild.TriggerArgs{\n\t\t\tName: pulumi.String(\"my-trigger\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tTriggerTemplate: \u0026cloudbuild.TriggerTriggerTemplateArgs{\n\t\t\t\tBranchName: pulumi.String(\"main\"),\n\t\t\t\tRepoName: pulumi.String(\"my-repo\"),\n\t\t\t},\n\t\t\tBuild: \u0026cloudbuild.TriggerBuildArgs{\n\t\t\t\tSteps: cloudbuild.TriggerBuildStepArray{\n\t\t\t\t\t\u0026cloudbuild.TriggerBuildStepArgs{\n\t\t\t\t\t\tName: pulumi.String(\"gcr.io/cloud-builders/gsutil\"),\n\t\t\t\t\t\tArgs: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"cp\"),\n\t\t\t\t\t\t\tpulumi.String(\"gs://mybucket/remotefile.zip\"),\n\t\t\t\t\t\t\tpulumi.String(\"localfile.zip\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tTimeout: pulumi.String(\"120s\"),\n\t\t\t\t\t\tSecretEnvs: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"MY_SECRET\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026cloudbuild.TriggerBuildStepArgs{\n\t\t\t\t\t\tName: pulumi.String(\"ubuntu\"),\n\t\t\t\t\t\tScript: pulumi.String(\"echo hello\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tSource: \u0026cloudbuild.TriggerBuildSourceArgs{\n\t\t\t\t\tStorageSource: \u0026cloudbuild.TriggerBuildSourceStorageSourceArgs{\n\t\t\t\t\t\tBucket: pulumi.String(\"mybucket\"),\n\t\t\t\t\t\tObject: pulumi.String(\"source_code.tar.gz\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tTags: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"build\"),\n\t\t\t\t\tpulumi.String(\"newFeature\"),\n\t\t\t\t},\n\t\t\t\tSubstitutions: pulumi.StringMap{\n\t\t\t\t\t\"_FOO\": pulumi.String(\"bar\"),\n\t\t\t\t\t\"_BAZ\": pulumi.String(\"qux\"),\n\t\t\t\t},\n\t\t\t\tQueueTtl: pulumi.String(\"20s\"),\n\t\t\t\tLogsBucket: pulumi.String(\"gs://mybucket/logs\"),\n\t\t\t\tSecrets: cloudbuild.TriggerBuildSecretArray{\n\t\t\t\t\t\u0026cloudbuild.TriggerBuildSecretArgs{\n\t\t\t\t\t\tKmsKeyName: pulumi.String(\"projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\"),\n\t\t\t\t\t\tSecretEnv: pulumi.StringMap{\n\t\t\t\t\t\t\t\"PASSWORD\": pulumi.String(\"ZW5jcnlwdGVkLXBhc3N3b3JkCg==\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tAvailableSecrets: \u0026cloudbuild.TriggerBuildAvailableSecretsArgs{\n\t\t\t\t\tSecretManagers: cloudbuild.TriggerBuildAvailableSecretsSecretManagerArray{\n\t\t\t\t\t\t\u0026cloudbuild.TriggerBuildAvailableSecretsSecretManagerArgs{\n\t\t\t\t\t\t\tEnv: pulumi.String(\"MY_SECRET\"),\n\t\t\t\t\t\t\tVersionName: pulumi.String(\"projects/myProject/secrets/mySecret/versions/latest\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tArtifacts: \u0026cloudbuild.TriggerBuildArtifactsArgs{\n\t\t\t\t\tImages: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\"),\n\t\t\t\t\t},\n\t\t\t\t\tObjects: \u0026cloudbuild.TriggerBuildArtifactsObjectsArgs{\n\t\t\t\t\t\tLocation: pulumi.String(\"gs://bucket/path/to/somewhere/\"),\n\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"path\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tNpmPackages: cloudbuild.TriggerBuildArtifactsNpmPackageArray{\n\t\t\t\t\t\t\u0026cloudbuild.TriggerBuildArtifactsNpmPackageArgs{\n\t\t\t\t\t\t\tPackagePath: pulumi.String(\"package.json\"),\n\t\t\t\t\t\t\tRepository: pulumi.String(\"https://us-west1-npm.pkg.dev/myProject/quickstart-nodejs-repo\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tPythonPackages: cloudbuild.TriggerBuildArtifactsPythonPackageArray{\n\t\t\t\t\t\t\u0026cloudbuild.TriggerBuildArtifactsPythonPackageArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"dist/*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tRepository: pulumi.String(\"https://us-west1-python.pkg.dev/myProject/quickstart-python-repo\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tMavenArtifacts: cloudbuild.TriggerBuildArtifactsMavenArtifactArray{\n\t\t\t\t\t\t\u0026cloudbuild.TriggerBuildArtifactsMavenArtifactArgs{\n\t\t\t\t\t\t\tRepository: pulumi.String(\"https://us-west1-maven.pkg.dev/myProject/quickstart-java-repo\"),\n\t\t\t\t\t\t\tPath: pulumi.String(\"/workspace/my-app/target/my-app-1.0.SNAPSHOT.jar\"),\n\t\t\t\t\t\t\tArtifactId: pulumi.String(\"my-app\"),\n\t\t\t\t\t\t\tGroupId: pulumi.String(\"com.mycompany.app\"),\n\t\t\t\t\t\t\tVersion: pulumi.String(\"1.0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tOptions: \u0026cloudbuild.TriggerBuildOptionsArgs{\n\t\t\t\t\tSourceProvenanceHashes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"MD5\"),\n\t\t\t\t\t},\n\t\t\t\t\tRequestedVerifyOption: pulumi.String(\"VERIFIED\"),\n\t\t\t\t\tMachineType: pulumi.String(\"N1_HIGHCPU_8\"),\n\t\t\t\t\tDiskSizeGb: pulumi.Int(100),\n\t\t\t\t\tSubstitutionOption: pulumi.String(\"ALLOW_LOOSE\"),\n\t\t\t\t\tDynamicSubstitutions: pulumi.Bool(true),\n\t\t\t\t\tLogStreamingOption: pulumi.String(\"STREAM_OFF\"),\n\t\t\t\t\tWorkerPool: pulumi.String(\"pool\"),\n\t\t\t\t\tLogging: pulumi.String(\"LEGACY\"),\n\t\t\t\t\tEnvs: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"ekey = evalue\"),\n\t\t\t\t\t},\n\t\t\t\t\tSecretEnvs: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"secretenv = svalue\"),\n\t\t\t\t\t},\n\t\t\t\t\tVolumes: cloudbuild.TriggerBuildOptionsVolumeArray{\n\t\t\t\t\t\t\u0026cloudbuild.TriggerBuildOptionsVolumeArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"v1\"),\n\t\t\t\t\t\t\tPath: pulumi.String(\"v1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuild.Trigger;\nimport com.pulumi.gcp.cloudbuild.TriggerArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerTriggerTemplateArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildSourceArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildSourceStorageSourceArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildAvailableSecretsArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildArtifactsArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildArtifactsObjectsArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var build_trigger = new Trigger(\"build-trigger\", TriggerArgs.builder()\n .name(\"my-trigger\")\n .location(\"global\")\n .triggerTemplate(TriggerTriggerTemplateArgs.builder()\n .branchName(\"main\")\n .repoName(\"my-repo\")\n .build())\n .build(TriggerBuildArgs.builder()\n .steps( \n TriggerBuildStepArgs.builder()\n .name(\"gcr.io/cloud-builders/gsutil\")\n .args( \n \"cp\",\n \"gs://mybucket/remotefile.zip\",\n \"localfile.zip\")\n .timeout(\"120s\")\n .secretEnvs(\"MY_SECRET\")\n .build(),\n TriggerBuildStepArgs.builder()\n .name(\"ubuntu\")\n .script(\"echo hello\")\n .build())\n .source(TriggerBuildSourceArgs.builder()\n .storageSource(TriggerBuildSourceStorageSourceArgs.builder()\n .bucket(\"mybucket\")\n .object(\"source_code.tar.gz\")\n .build())\n .build())\n .tags( \n \"build\",\n \"newFeature\")\n .substitutions(Map.ofEntries(\n Map.entry(\"_FOO\", \"bar\"),\n Map.entry(\"_BAZ\", \"qux\")\n ))\n .queueTtl(\"20s\")\n .logsBucket(\"gs://mybucket/logs\")\n .secrets(TriggerBuildSecretArgs.builder()\n .kmsKeyName(\"projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\")\n .secretEnv(Map.of(\"PASSWORD\", \"ZW5jcnlwdGVkLXBhc3N3b3JkCg==\"))\n .build())\n .availableSecrets(TriggerBuildAvailableSecretsArgs.builder()\n .secretManagers(TriggerBuildAvailableSecretsSecretManagerArgs.builder()\n .env(\"MY_SECRET\")\n .versionName(\"projects/myProject/secrets/mySecret/versions/latest\")\n .build())\n .build())\n .artifacts(TriggerBuildArtifactsArgs.builder()\n .images(\"gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\")\n .objects(TriggerBuildArtifactsObjectsArgs.builder()\n .location(\"gs://bucket/path/to/somewhere/\")\n .paths(\"path\")\n .build())\n .npmPackages(TriggerBuildArtifactsNpmPackageArgs.builder()\n .packagePath(\"package.json\")\n .repository(\"https://us-west1-npm.pkg.dev/myProject/quickstart-nodejs-repo\")\n .build())\n .pythonPackages(TriggerBuildArtifactsPythonPackageArgs.builder()\n .paths(\"dist/*\")\n .repository(\"https://us-west1-python.pkg.dev/myProject/quickstart-python-repo\")\n .build())\n .mavenArtifacts(TriggerBuildArtifactsMavenArtifactArgs.builder()\n .repository(\"https://us-west1-maven.pkg.dev/myProject/quickstart-java-repo\")\n .path(\"/workspace/my-app/target/my-app-1.0.SNAPSHOT.jar\")\n .artifactId(\"my-app\")\n .groupId(\"com.mycompany.app\")\n .version(\"1.0\")\n .build())\n .build())\n .options(TriggerBuildOptionsArgs.builder()\n .sourceProvenanceHashes(\"MD5\")\n .requestedVerifyOption(\"VERIFIED\")\n .machineType(\"N1_HIGHCPU_8\")\n .diskSizeGb(100)\n .substitutionOption(\"ALLOW_LOOSE\")\n .dynamicSubstitutions(true)\n .logStreamingOption(\"STREAM_OFF\")\n .workerPool(\"pool\")\n .logging(\"LEGACY\")\n .envs(\"ekey = evalue\")\n .secretEnvs(\"secretenv = svalue\")\n .volumes(TriggerBuildOptionsVolumeArgs.builder()\n .name(\"v1\")\n .path(\"v1\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n build-trigger:\n type: gcp:cloudbuild:Trigger\n properties:\n name: my-trigger\n location: global\n triggerTemplate:\n branchName: main\n repoName: my-repo\n build:\n steps:\n - name: gcr.io/cloud-builders/gsutil\n args:\n - cp\n - gs://mybucket/remotefile.zip\n - localfile.zip\n timeout: 120s\n secretEnvs:\n - MY_SECRET\n - name: ubuntu\n script: echo hello\n source:\n storageSource:\n bucket: mybucket\n object: source_code.tar.gz\n tags:\n - build\n - newFeature\n substitutions:\n _FOO: bar\n _BAZ: qux\n queueTtl: 20s\n logsBucket: gs://mybucket/logs\n secrets:\n - kmsKeyName: projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\n secretEnv:\n PASSWORD: ZW5jcnlwdGVkLXBhc3N3b3JkCg==\n availableSecrets:\n secretManagers:\n - env: MY_SECRET\n versionName: projects/myProject/secrets/mySecret/versions/latest\n artifacts:\n images:\n - gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\n objects:\n location: gs://bucket/path/to/somewhere/\n paths:\n - path\n npmPackages:\n - packagePath: package.json\n repository: https://us-west1-npm.pkg.dev/myProject/quickstart-nodejs-repo\n pythonPackages:\n - paths:\n - dist/*\n repository: https://us-west1-python.pkg.dev/myProject/quickstart-python-repo\n mavenArtifacts:\n - repository: https://us-west1-maven.pkg.dev/myProject/quickstart-java-repo\n path: /workspace/my-app/target/my-app-1.0.SNAPSHOT.jar\n artifactId: my-app\n groupId: com.mycompany.app\n version: '1.0'\n options:\n sourceProvenanceHashes:\n - MD5\n requestedVerifyOption: VERIFIED\n machineType: N1_HIGHCPU_8\n diskSizeGb: 100\n substitutionOption: ALLOW_LOOSE\n dynamicSubstitutions: true\n logStreamingOption: STREAM_OFF\n workerPool: pool\n logging: LEGACY\n envs:\n - ekey = evalue\n secretEnvs:\n - secretenv = svalue\n volumes:\n - name: v1\n path: v1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuild Trigger Service Account\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst cloudbuildServiceAccount = new gcp.serviceaccount.Account(\"cloudbuild_service_account\", {accountId: \"cloud-sa\"});\nconst actAs = new gcp.projects.IAMMember(\"act_as\", {\n project: project.then(project =\u003e project.projectId),\n role: \"roles/iam.serviceAccountUser\",\n member: pulumi.interpolate`serviceAccount:${cloudbuildServiceAccount.email}`,\n});\nconst logsWriter = new gcp.projects.IAMMember(\"logs_writer\", {\n project: project.then(project =\u003e project.projectId),\n role: \"roles/logging.logWriter\",\n member: pulumi.interpolate`serviceAccount:${cloudbuildServiceAccount.email}`,\n});\nconst service_account_trigger = new gcp.cloudbuild.Trigger(\"service-account-trigger\", {\n triggerTemplate: {\n branchName: \"main\",\n repoName: \"my-repo\",\n },\n serviceAccount: cloudbuildServiceAccount.id,\n filename: \"cloudbuild.yaml\",\n}, {\n dependsOn: [\n actAs,\n logsWriter,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ncloudbuild_service_account = gcp.serviceaccount.Account(\"cloudbuild_service_account\", account_id=\"cloud-sa\")\nact_as = gcp.projects.IAMMember(\"act_as\",\n project=project.project_id,\n role=\"roles/iam.serviceAccountUser\",\n member=cloudbuild_service_account.email.apply(lambda email: f\"serviceAccount:{email}\"))\nlogs_writer = gcp.projects.IAMMember(\"logs_writer\",\n project=project.project_id,\n role=\"roles/logging.logWriter\",\n member=cloudbuild_service_account.email.apply(lambda email: f\"serviceAccount:{email}\"))\nservice_account_trigger = gcp.cloudbuild.Trigger(\"service-account-trigger\",\n trigger_template={\n \"branch_name\": \"main\",\n \"repo_name\": \"my-repo\",\n },\n service_account=cloudbuild_service_account.id,\n filename=\"cloudbuild.yaml\",\n opts = pulumi.ResourceOptions(depends_on=[\n act_as,\n logs_writer,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var cloudbuildServiceAccount = new Gcp.ServiceAccount.Account(\"cloudbuild_service_account\", new()\n {\n AccountId = \"cloud-sa\",\n });\n\n var actAs = new Gcp.Projects.IAMMember(\"act_as\", new()\n {\n Project = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n Role = \"roles/iam.serviceAccountUser\",\n Member = cloudbuildServiceAccount.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n var logsWriter = new Gcp.Projects.IAMMember(\"logs_writer\", new()\n {\n Project = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n Role = \"roles/logging.logWriter\",\n Member = cloudbuildServiceAccount.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n var service_account_trigger = new Gcp.CloudBuild.Trigger(\"service-account-trigger\", new()\n {\n TriggerTemplate = new Gcp.CloudBuild.Inputs.TriggerTriggerTemplateArgs\n {\n BranchName = \"main\",\n RepoName = \"my-repo\",\n },\n ServiceAccount = cloudbuildServiceAccount.Id,\n Filename = \"cloudbuild.yaml\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n actAs,\n logsWriter,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcloudbuildServiceAccount, err := serviceaccount.NewAccount(ctx, \"cloudbuild_service_account\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"cloud-sa\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tactAs, err := projects.NewIAMMember(ctx, \"act_as\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(project.ProjectId),\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: cloudbuildServiceAccount.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlogsWriter, err := projects.NewIAMMember(ctx, \"logs_writer\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(project.ProjectId),\n\t\t\tRole: pulumi.String(\"roles/logging.logWriter\"),\n\t\t\tMember: cloudbuildServiceAccount.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuild.NewTrigger(ctx, \"service-account-trigger\", \u0026cloudbuild.TriggerArgs{\n\t\t\tTriggerTemplate: \u0026cloudbuild.TriggerTriggerTemplateArgs{\n\t\t\t\tBranchName: pulumi.String(\"main\"),\n\t\t\t\tRepoName: pulumi.String(\"my-repo\"),\n\t\t\t},\n\t\t\tServiceAccount: cloudbuildServiceAccount.ID(),\n\t\t\tFilename: pulumi.String(\"cloudbuild.yaml\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tactAs,\n\t\t\tlogsWriter,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.cloudbuild.Trigger;\nimport com.pulumi.gcp.cloudbuild.TriggerArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerTriggerTemplateArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var cloudbuildServiceAccount = new Account(\"cloudbuildServiceAccount\", AccountArgs.builder()\n .accountId(\"cloud-sa\")\n .build());\n\n var actAs = new IAMMember(\"actAs\", IAMMemberArgs.builder()\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .role(\"roles/iam.serviceAccountUser\")\n .member(cloudbuildServiceAccount.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n var logsWriter = new IAMMember(\"logsWriter\", IAMMemberArgs.builder()\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .role(\"roles/logging.logWriter\")\n .member(cloudbuildServiceAccount.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n var service_account_trigger = new Trigger(\"service-account-trigger\", TriggerArgs.builder()\n .triggerTemplate(TriggerTriggerTemplateArgs.builder()\n .branchName(\"main\")\n .repoName(\"my-repo\")\n .build())\n .serviceAccount(cloudbuildServiceAccount.id())\n .filename(\"cloudbuild.yaml\")\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n actAs,\n logsWriter)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n service-account-trigger:\n type: gcp:cloudbuild:Trigger\n properties:\n triggerTemplate:\n branchName: main\n repoName: my-repo\n serviceAccount: ${cloudbuildServiceAccount.id}\n filename: cloudbuild.yaml\n options:\n dependsOn:\n - ${actAs}\n - ${logsWriter}\n cloudbuildServiceAccount:\n type: gcp:serviceaccount:Account\n name: cloudbuild_service_account\n properties:\n accountId: cloud-sa\n actAs:\n type: gcp:projects:IAMMember\n name: act_as\n properties:\n project: ${project.projectId}\n role: roles/iam.serviceAccountUser\n member: serviceAccount:${cloudbuildServiceAccount.email}\n logsWriter:\n type: gcp:projects:IAMMember\n name: logs_writer\n properties:\n project: ${project.projectId}\n role: roles/logging.logWriter\n member: serviceAccount:${cloudbuildServiceAccount.email}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuild Trigger Include Build Logs\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst include_build_logs_trigger = new gcp.cloudbuild.Trigger(\"include-build-logs-trigger\", {\n location: \"us-central1\",\n name: \"include-build-logs-trigger\",\n filename: \"cloudbuild.yaml\",\n github: {\n owner: \"hashicorp\",\n name: \"terraform-provider-google-beta\",\n push: {\n branch: \"^main$\",\n },\n },\n includeBuildLogs: \"INCLUDE_BUILD_LOGS_WITH_STATUS\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninclude_build_logs_trigger = gcp.cloudbuild.Trigger(\"include-build-logs-trigger\",\n location=\"us-central1\",\n name=\"include-build-logs-trigger\",\n filename=\"cloudbuild.yaml\",\n github={\n \"owner\": \"hashicorp\",\n \"name\": \"terraform-provider-google-beta\",\n \"push\": {\n \"branch\": \"^main$\",\n },\n },\n include_build_logs=\"INCLUDE_BUILD_LOGS_WITH_STATUS\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var include_build_logs_trigger = new Gcp.CloudBuild.Trigger(\"include-build-logs-trigger\", new()\n {\n Location = \"us-central1\",\n Name = \"include-build-logs-trigger\",\n Filename = \"cloudbuild.yaml\",\n Github = new Gcp.CloudBuild.Inputs.TriggerGithubArgs\n {\n Owner = \"hashicorp\",\n Name = \"terraform-provider-google-beta\",\n Push = new Gcp.CloudBuild.Inputs.TriggerGithubPushArgs\n {\n Branch = \"^main$\",\n },\n },\n IncludeBuildLogs = \"INCLUDE_BUILD_LOGS_WITH_STATUS\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuild.NewTrigger(ctx, \"include-build-logs-trigger\", \u0026cloudbuild.TriggerArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"include-build-logs-trigger\"),\n\t\t\tFilename: pulumi.String(\"cloudbuild.yaml\"),\n\t\t\tGithub: \u0026cloudbuild.TriggerGithubArgs{\n\t\t\t\tOwner: pulumi.String(\"hashicorp\"),\n\t\t\t\tName: pulumi.String(\"terraform-provider-google-beta\"),\n\t\t\t\tPush: \u0026cloudbuild.TriggerGithubPushArgs{\n\t\t\t\t\tBranch: pulumi.String(\"^main$\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tIncludeBuildLogs: pulumi.String(\"INCLUDE_BUILD_LOGS_WITH_STATUS\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuild.Trigger;\nimport com.pulumi.gcp.cloudbuild.TriggerArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerGithubArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerGithubPushArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var include_build_logs_trigger = new Trigger(\"include-build-logs-trigger\", TriggerArgs.builder()\n .location(\"us-central1\")\n .name(\"include-build-logs-trigger\")\n .filename(\"cloudbuild.yaml\")\n .github(TriggerGithubArgs.builder()\n .owner(\"hashicorp\")\n .name(\"terraform-provider-google-beta\")\n .push(TriggerGithubPushArgs.builder()\n .branch(\"^main$\")\n .build())\n .build())\n .includeBuildLogs(\"INCLUDE_BUILD_LOGS_WITH_STATUS\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n include-build-logs-trigger:\n type: gcp:cloudbuild:Trigger\n properties:\n location: us-central1\n name: include-build-logs-trigger\n filename: cloudbuild.yaml\n github:\n owner: hashicorp\n name: terraform-provider-google-beta\n push:\n branch: ^main$\n includeBuildLogs: INCLUDE_BUILD_LOGS_WITH_STATUS\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuild Trigger Pubsub Config\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst mytopic = new gcp.pubsub.Topic(\"mytopic\", {name: \"my-topic\"});\nconst pubsub_config_trigger = new gcp.cloudbuild.Trigger(\"pubsub-config-trigger\", {\n location: \"us-central1\",\n name: \"pubsub-trigger\",\n description: \"acceptance test example pubsub build trigger\",\n pubsubConfig: {\n topic: mytopic.id,\n },\n sourceToBuild: {\n uri: \"https://hashicorp/terraform-provider-google-beta\",\n ref: \"refs/heads/main\",\n repoType: \"GITHUB\",\n },\n gitFileSource: {\n path: \"cloudbuild.yaml\",\n uri: \"https://hashicorp/terraform-provider-google-beta\",\n revision: \"refs/heads/main\",\n repoType: \"GITHUB\",\n },\n substitutions: {\n _ACTION: \"$(body.message.data.action)\",\n },\n filter: \"_ACTION.matches('INSERT')\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmytopic = gcp.pubsub.Topic(\"mytopic\", name=\"my-topic\")\npubsub_config_trigger = gcp.cloudbuild.Trigger(\"pubsub-config-trigger\",\n location=\"us-central1\",\n name=\"pubsub-trigger\",\n description=\"acceptance test example pubsub build trigger\",\n pubsub_config={\n \"topic\": mytopic.id,\n },\n source_to_build={\n \"uri\": \"https://hashicorp/terraform-provider-google-beta\",\n \"ref\": \"refs/heads/main\",\n \"repo_type\": \"GITHUB\",\n },\n git_file_source={\n \"path\": \"cloudbuild.yaml\",\n \"uri\": \"https://hashicorp/terraform-provider-google-beta\",\n \"revision\": \"refs/heads/main\",\n \"repo_type\": \"GITHUB\",\n },\n substitutions={\n \"_ACTION\": \"$(body.message.data.action)\",\n },\n filter=\"_ACTION.matches('INSERT')\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var mytopic = new Gcp.PubSub.Topic(\"mytopic\", new()\n {\n Name = \"my-topic\",\n });\n\n var pubsub_config_trigger = new Gcp.CloudBuild.Trigger(\"pubsub-config-trigger\", new()\n {\n Location = \"us-central1\",\n Name = \"pubsub-trigger\",\n Description = \"acceptance test example pubsub build trigger\",\n PubsubConfig = new Gcp.CloudBuild.Inputs.TriggerPubsubConfigArgs\n {\n Topic = mytopic.Id,\n },\n SourceToBuild = new Gcp.CloudBuild.Inputs.TriggerSourceToBuildArgs\n {\n Uri = \"https://hashicorp/terraform-provider-google-beta\",\n Ref = \"refs/heads/main\",\n RepoType = \"GITHUB\",\n },\n GitFileSource = new Gcp.CloudBuild.Inputs.TriggerGitFileSourceArgs\n {\n Path = \"cloudbuild.yaml\",\n Uri = \"https://hashicorp/terraform-provider-google-beta\",\n Revision = \"refs/heads/main\",\n RepoType = \"GITHUB\",\n },\n Substitutions = \n {\n { \"_ACTION\", \"$(body.message.data.action)\" },\n },\n Filter = \"_ACTION.matches('INSERT')\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmytopic, err := pubsub.NewTopic(ctx, \"mytopic\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"my-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuild.NewTrigger(ctx, \"pubsub-config-trigger\", \u0026cloudbuild.TriggerArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"pubsub-trigger\"),\n\t\t\tDescription: pulumi.String(\"acceptance test example pubsub build trigger\"),\n\t\t\tPubsubConfig: \u0026cloudbuild.TriggerPubsubConfigArgs{\n\t\t\t\tTopic: mytopic.ID(),\n\t\t\t},\n\t\t\tSourceToBuild: \u0026cloudbuild.TriggerSourceToBuildArgs{\n\t\t\t\tUri: pulumi.String(\"https://hashicorp/terraform-provider-google-beta\"),\n\t\t\t\tRef: pulumi.String(\"refs/heads/main\"),\n\t\t\t\tRepoType: pulumi.String(\"GITHUB\"),\n\t\t\t},\n\t\t\tGitFileSource: \u0026cloudbuild.TriggerGitFileSourceArgs{\n\t\t\t\tPath: pulumi.String(\"cloudbuild.yaml\"),\n\t\t\t\tUri: pulumi.String(\"https://hashicorp/terraform-provider-google-beta\"),\n\t\t\t\tRevision: pulumi.String(\"refs/heads/main\"),\n\t\t\t\tRepoType: pulumi.String(\"GITHUB\"),\n\t\t\t},\n\t\t\tSubstitutions: pulumi.StringMap{\n\t\t\t\t\"_ACTION\": pulumi.String(\"$(body.message.data.action)\"),\n\t\t\t},\n\t\t\tFilter: pulumi.String(\"_ACTION.matches('INSERT')\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.cloudbuild.Trigger;\nimport com.pulumi.gcp.cloudbuild.TriggerArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerPubsubConfigArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerSourceToBuildArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerGitFileSourceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var mytopic = new Topic(\"mytopic\", TopicArgs.builder()\n .name(\"my-topic\")\n .build());\n\n var pubsub_config_trigger = new Trigger(\"pubsub-config-trigger\", TriggerArgs.builder()\n .location(\"us-central1\")\n .name(\"pubsub-trigger\")\n .description(\"acceptance test example pubsub build trigger\")\n .pubsubConfig(TriggerPubsubConfigArgs.builder()\n .topic(mytopic.id())\n .build())\n .sourceToBuild(TriggerSourceToBuildArgs.builder()\n .uri(\"https://hashicorp/terraform-provider-google-beta\")\n .ref(\"refs/heads/main\")\n .repoType(\"GITHUB\")\n .build())\n .gitFileSource(TriggerGitFileSourceArgs.builder()\n .path(\"cloudbuild.yaml\")\n .uri(\"https://hashicorp/terraform-provider-google-beta\")\n .revision(\"refs/heads/main\")\n .repoType(\"GITHUB\")\n .build())\n .substitutions(Map.of(\"_ACTION\", \"$(body.message.data.action)\"))\n .filter(\"_ACTION.matches('INSERT')\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n mytopic:\n type: gcp:pubsub:Topic\n properties:\n name: my-topic\n pubsub-config-trigger:\n type: gcp:cloudbuild:Trigger\n properties:\n location: us-central1\n name: pubsub-trigger\n description: acceptance test example pubsub build trigger\n pubsubConfig:\n topic: ${mytopic.id}\n sourceToBuild:\n uri: https://hashicorp/terraform-provider-google-beta\n ref: refs/heads/main\n repoType: GITHUB\n gitFileSource:\n path: cloudbuild.yaml\n uri: https://hashicorp/terraform-provider-google-beta\n revision: refs/heads/main\n repoType: GITHUB\n substitutions:\n _ACTION: $(body.message.data.action)\n filter: _ACTION.matches('INSERT')\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuild Trigger Webhook Config\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst webhookTriggerSecretKey = new gcp.secretmanager.Secret(\"webhook_trigger_secret_key\", {\n secretId: \"webhook-trigger-secret-key\",\n replication: {\n userManaged: {\n replicas: [{\n location: \"us-central1\",\n }],\n },\n },\n});\nconst webhookTriggerSecretKeyData = new gcp.secretmanager.SecretVersion(\"webhook_trigger_secret_key_data\", {\n secret: webhookTriggerSecretKey.id,\n secretData: \"secretkeygoeshere\",\n});\nconst project = gcp.organizations.getProject({});\nconst secretAccessor = project.then(project =\u003e gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [`serviceAccount:service-${project.number}@gcp-sa-cloudbuild.iam.gserviceaccount.com`],\n }],\n}));\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: webhookTriggerSecretKey.project,\n secretId: webhookTriggerSecretKey.secretId,\n policyData: secretAccessor.then(secretAccessor =\u003e secretAccessor.policyData),\n});\nconst webhook_config_trigger = new gcp.cloudbuild.Trigger(\"webhook-config-trigger\", {\n name: \"webhook-trigger\",\n description: \"acceptance test example webhook build trigger\",\n webhookConfig: {\n secret: webhookTriggerSecretKeyData.id,\n },\n sourceToBuild: {\n uri: \"https://hashicorp/terraform-provider-google-beta\",\n ref: \"refs/heads/main\",\n repoType: \"GITHUB\",\n },\n gitFileSource: {\n path: \"cloudbuild.yaml\",\n uri: \"https://hashicorp/terraform-provider-google-beta\",\n revision: \"refs/heads/main\",\n repoType: \"GITHUB\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nwebhook_trigger_secret_key = gcp.secretmanager.Secret(\"webhook_trigger_secret_key\",\n secret_id=\"webhook-trigger-secret-key\",\n replication={\n \"user_managed\": {\n \"replicas\": [{\n \"location\": \"us-central1\",\n }],\n },\n })\nwebhook_trigger_secret_key_data = gcp.secretmanager.SecretVersion(\"webhook_trigger_secret_key_data\",\n secret=webhook_trigger_secret_key.id,\n secret_data=\"secretkeygoeshere\")\nproject = gcp.organizations.get_project()\nsecret_accessor = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [f\"serviceAccount:service-{project.number}@gcp-sa-cloudbuild.iam.gserviceaccount.com\"],\n}])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=webhook_trigger_secret_key.project,\n secret_id=webhook_trigger_secret_key.secret_id,\n policy_data=secret_accessor.policy_data)\nwebhook_config_trigger = gcp.cloudbuild.Trigger(\"webhook-config-trigger\",\n name=\"webhook-trigger\",\n description=\"acceptance test example webhook build trigger\",\n webhook_config={\n \"secret\": webhook_trigger_secret_key_data.id,\n },\n source_to_build={\n \"uri\": \"https://hashicorp/terraform-provider-google-beta\",\n \"ref\": \"refs/heads/main\",\n \"repo_type\": \"GITHUB\",\n },\n git_file_source={\n \"path\": \"cloudbuild.yaml\",\n \"uri\": \"https://hashicorp/terraform-provider-google-beta\",\n \"revision\": \"refs/heads/main\",\n \"repo_type\": \"GITHUB\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var webhookTriggerSecretKey = new Gcp.SecretManager.Secret(\"webhook_trigger_secret_key\", new()\n {\n SecretId = \"webhook-trigger-secret-key\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n UserManaged = new Gcp.SecretManager.Inputs.SecretReplicationUserManagedArgs\n {\n Replicas = new[]\n {\n new Gcp.SecretManager.Inputs.SecretReplicationUserManagedReplicaArgs\n {\n Location = \"us-central1\",\n },\n },\n },\n },\n });\n\n var webhookTriggerSecretKeyData = new Gcp.SecretManager.SecretVersion(\"webhook_trigger_secret_key_data\", new()\n {\n Secret = webhookTriggerSecretKey.Id,\n SecretData = \"secretkeygoeshere\",\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var secretAccessor = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-cloudbuild.iam.gserviceaccount.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = webhookTriggerSecretKey.Project,\n SecretId = webhookTriggerSecretKey.SecretId,\n PolicyData = secretAccessor.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n var webhook_config_trigger = new Gcp.CloudBuild.Trigger(\"webhook-config-trigger\", new()\n {\n Name = \"webhook-trigger\",\n Description = \"acceptance test example webhook build trigger\",\n WebhookConfig = new Gcp.CloudBuild.Inputs.TriggerWebhookConfigArgs\n {\n Secret = webhookTriggerSecretKeyData.Id,\n },\n SourceToBuild = new Gcp.CloudBuild.Inputs.TriggerSourceToBuildArgs\n {\n Uri = \"https://hashicorp/terraform-provider-google-beta\",\n Ref = \"refs/heads/main\",\n RepoType = \"GITHUB\",\n },\n GitFileSource = new Gcp.CloudBuild.Inputs.TriggerGitFileSourceArgs\n {\n Path = \"cloudbuild.yaml\",\n Uri = \"https://hashicorp/terraform-provider-google-beta\",\n Revision = \"refs/heads/main\",\n RepoType = \"GITHUB\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\twebhookTriggerSecretKey, err := secretmanager.NewSecret(ctx, \"webhook_trigger_secret_key\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"webhook-trigger-secret-key\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tUserManaged: \u0026secretmanager.SecretReplicationUserManagedArgs{\n\t\t\t\t\tReplicas: secretmanager.SecretReplicationUserManagedReplicaArray{\n\t\t\t\t\t\t\u0026secretmanager.SecretReplicationUserManagedReplicaArgs{\n\t\t\t\t\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twebhookTriggerSecretKeyData, err := secretmanager.NewSecretVersion(ctx, \"webhook_trigger_secret_key_data\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: webhookTriggerSecretKey.ID(),\n\t\t\tSecretData: pulumi.String(\"secretkeygoeshere\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecretAccessor, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\tfmt.Sprintf(\"serviceAccount:service-%v@gcp-sa-cloudbuild.iam.gserviceaccount.com\", project.Number),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: webhookTriggerSecretKey.Project,\n\t\t\tSecretId: webhookTriggerSecretKey.SecretId,\n\t\t\tPolicyData: pulumi.String(secretAccessor.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuild.NewTrigger(ctx, \"webhook-config-trigger\", \u0026cloudbuild.TriggerArgs{\n\t\t\tName: pulumi.String(\"webhook-trigger\"),\n\t\t\tDescription: pulumi.String(\"acceptance test example webhook build trigger\"),\n\t\t\tWebhookConfig: \u0026cloudbuild.TriggerWebhookConfigArgs{\n\t\t\t\tSecret: webhookTriggerSecretKeyData.ID(),\n\t\t\t},\n\t\t\tSourceToBuild: \u0026cloudbuild.TriggerSourceToBuildArgs{\n\t\t\t\tUri: pulumi.String(\"https://hashicorp/terraform-provider-google-beta\"),\n\t\t\t\tRef: pulumi.String(\"refs/heads/main\"),\n\t\t\t\tRepoType: pulumi.String(\"GITHUB\"),\n\t\t\t},\n\t\t\tGitFileSource: \u0026cloudbuild.TriggerGitFileSourceArgs{\n\t\t\t\tPath: pulumi.String(\"cloudbuild.yaml\"),\n\t\t\t\tUri: pulumi.String(\"https://hashicorp/terraform-provider-google-beta\"),\n\t\t\t\tRevision: pulumi.String(\"refs/heads/main\"),\n\t\t\t\tRepoType: pulumi.String(\"GITHUB\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationUserManagedArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport com.pulumi.gcp.cloudbuild.Trigger;\nimport com.pulumi.gcp.cloudbuild.TriggerArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerWebhookConfigArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerSourceToBuildArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerGitFileSourceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var webhookTriggerSecretKey = new Secret(\"webhookTriggerSecretKey\", SecretArgs.builder()\n .secretId(\"webhook-trigger-secret-key\")\n .replication(SecretReplicationArgs.builder()\n .userManaged(SecretReplicationUserManagedArgs.builder()\n .replicas(SecretReplicationUserManagedReplicaArgs.builder()\n .location(\"us-central1\")\n .build())\n .build())\n .build())\n .build());\n\n var webhookTriggerSecretKeyData = new SecretVersion(\"webhookTriggerSecretKeyData\", SecretVersionArgs.builder()\n .secret(webhookTriggerSecretKey.id())\n .secretData(\"secretkeygoeshere\")\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n final var secretAccessor = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(String.format(\"serviceAccount:service-%s@gcp-sa-cloudbuild.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder()\n .project(webhookTriggerSecretKey.project())\n .secretId(webhookTriggerSecretKey.secretId())\n .policyData(secretAccessor.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n var webhook_config_trigger = new Trigger(\"webhook-config-trigger\", TriggerArgs.builder()\n .name(\"webhook-trigger\")\n .description(\"acceptance test example webhook build trigger\")\n .webhookConfig(TriggerWebhookConfigArgs.builder()\n .secret(webhookTriggerSecretKeyData.id())\n .build())\n .sourceToBuild(TriggerSourceToBuildArgs.builder()\n .uri(\"https://hashicorp/terraform-provider-google-beta\")\n .ref(\"refs/heads/main\")\n .repoType(\"GITHUB\")\n .build())\n .gitFileSource(TriggerGitFileSourceArgs.builder()\n .path(\"cloudbuild.yaml\")\n .uri(\"https://hashicorp/terraform-provider-google-beta\")\n .revision(\"refs/heads/main\")\n .repoType(\"GITHUB\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n webhookTriggerSecretKey:\n type: gcp:secretmanager:Secret\n name: webhook_trigger_secret_key\n properties:\n secretId: webhook-trigger-secret-key\n replication:\n userManaged:\n replicas:\n - location: us-central1\n webhookTriggerSecretKeyData:\n type: gcp:secretmanager:SecretVersion\n name: webhook_trigger_secret_key_data\n properties:\n secret: ${webhookTriggerSecretKey.id}\n secretData: secretkeygoeshere\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${webhookTriggerSecretKey.project}\n secretId: ${webhookTriggerSecretKey.secretId}\n policyData: ${secretAccessor.policyData}\n webhook-config-trigger:\n type: gcp:cloudbuild:Trigger\n properties:\n name: webhook-trigger\n description: acceptance test example webhook build trigger\n webhookConfig:\n secret: ${webhookTriggerSecretKeyData.id}\n sourceToBuild:\n uri: https://hashicorp/terraform-provider-google-beta\n ref: refs/heads/main\n repoType: GITHUB\n gitFileSource:\n path: cloudbuild.yaml\n uri: https://hashicorp/terraform-provider-google-beta\n revision: refs/heads/main\n repoType: GITHUB\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n secretAccessor:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - serviceAccount:service-${project.number}@gcp-sa-cloudbuild.iam.gserviceaccount.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuild Trigger Manual\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst manual_trigger = new gcp.cloudbuild.Trigger(\"manual-trigger\", {\n name: \"manual-trigger\",\n sourceToBuild: {\n uri: \"https://hashicorp/terraform-provider-google-beta\",\n ref: \"refs/heads/main\",\n repoType: \"GITHUB\",\n },\n gitFileSource: {\n path: \"cloudbuild.yaml\",\n uri: \"https://hashicorp/terraform-provider-google-beta\",\n revision: \"refs/heads/main\",\n repoType: \"GITHUB\",\n },\n approvalConfig: {\n approvalRequired: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmanual_trigger = gcp.cloudbuild.Trigger(\"manual-trigger\",\n name=\"manual-trigger\",\n source_to_build={\n \"uri\": \"https://hashicorp/terraform-provider-google-beta\",\n \"ref\": \"refs/heads/main\",\n \"repo_type\": \"GITHUB\",\n },\n git_file_source={\n \"path\": \"cloudbuild.yaml\",\n \"uri\": \"https://hashicorp/terraform-provider-google-beta\",\n \"revision\": \"refs/heads/main\",\n \"repo_type\": \"GITHUB\",\n },\n approval_config={\n \"approval_required\": True,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var manual_trigger = new Gcp.CloudBuild.Trigger(\"manual-trigger\", new()\n {\n Name = \"manual-trigger\",\n SourceToBuild = new Gcp.CloudBuild.Inputs.TriggerSourceToBuildArgs\n {\n Uri = \"https://hashicorp/terraform-provider-google-beta\",\n Ref = \"refs/heads/main\",\n RepoType = \"GITHUB\",\n },\n GitFileSource = new Gcp.CloudBuild.Inputs.TriggerGitFileSourceArgs\n {\n Path = \"cloudbuild.yaml\",\n Uri = \"https://hashicorp/terraform-provider-google-beta\",\n Revision = \"refs/heads/main\",\n RepoType = \"GITHUB\",\n },\n ApprovalConfig = new Gcp.CloudBuild.Inputs.TriggerApprovalConfigArgs\n {\n ApprovalRequired = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuild.NewTrigger(ctx, \"manual-trigger\", \u0026cloudbuild.TriggerArgs{\n\t\t\tName: pulumi.String(\"manual-trigger\"),\n\t\t\tSourceToBuild: \u0026cloudbuild.TriggerSourceToBuildArgs{\n\t\t\t\tUri: pulumi.String(\"https://hashicorp/terraform-provider-google-beta\"),\n\t\t\t\tRef: pulumi.String(\"refs/heads/main\"),\n\t\t\t\tRepoType: pulumi.String(\"GITHUB\"),\n\t\t\t},\n\t\t\tGitFileSource: \u0026cloudbuild.TriggerGitFileSourceArgs{\n\t\t\t\tPath: pulumi.String(\"cloudbuild.yaml\"),\n\t\t\t\tUri: pulumi.String(\"https://hashicorp/terraform-provider-google-beta\"),\n\t\t\t\tRevision: pulumi.String(\"refs/heads/main\"),\n\t\t\t\tRepoType: pulumi.String(\"GITHUB\"),\n\t\t\t},\n\t\t\tApprovalConfig: \u0026cloudbuild.TriggerApprovalConfigArgs{\n\t\t\t\tApprovalRequired: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuild.Trigger;\nimport com.pulumi.gcp.cloudbuild.TriggerArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerSourceToBuildArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerGitFileSourceArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerApprovalConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var manual_trigger = new Trigger(\"manual-trigger\", TriggerArgs.builder()\n .name(\"manual-trigger\")\n .sourceToBuild(TriggerSourceToBuildArgs.builder()\n .uri(\"https://hashicorp/terraform-provider-google-beta\")\n .ref(\"refs/heads/main\")\n .repoType(\"GITHUB\")\n .build())\n .gitFileSource(TriggerGitFileSourceArgs.builder()\n .path(\"cloudbuild.yaml\")\n .uri(\"https://hashicorp/terraform-provider-google-beta\")\n .revision(\"refs/heads/main\")\n .repoType(\"GITHUB\")\n .build())\n .approvalConfig(TriggerApprovalConfigArgs.builder()\n .approvalRequired(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n manual-trigger:\n type: gcp:cloudbuild:Trigger\n properties:\n name: manual-trigger\n sourceToBuild:\n uri: https://hashicorp/terraform-provider-google-beta\n ref: refs/heads/main\n repoType: GITHUB\n gitFileSource:\n path: cloudbuild.yaml\n uri: https://hashicorp/terraform-provider-google-beta\n revision: refs/heads/main\n repoType: GITHUB\n approvalConfig:\n approvalRequired: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuild Trigger Manual Github Enterprise\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst manual_ghe_trigger = new gcp.cloudbuild.Trigger(\"manual-ghe-trigger\", {\n name: \"\",\n sourceToBuild: {\n uri: \"https://hashicorp/terraform-provider-google-beta\",\n ref: \"refs/heads/main\",\n repoType: \"GITHUB\",\n githubEnterpriseConfig: \"projects/myProject/locations/global/githubEnterpriseConfigs/configID\",\n },\n gitFileSource: {\n path: \"cloudbuild.yaml\",\n uri: \"https://hashicorp/terraform-provider-google-beta\",\n revision: \"refs/heads/main\",\n repoType: \"GITHUB\",\n githubEnterpriseConfig: \"projects/myProject/locations/global/githubEnterpriseConfigs/configID\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmanual_ghe_trigger = gcp.cloudbuild.Trigger(\"manual-ghe-trigger\",\n name=\"\",\n source_to_build={\n \"uri\": \"https://hashicorp/terraform-provider-google-beta\",\n \"ref\": \"refs/heads/main\",\n \"repo_type\": \"GITHUB\",\n \"github_enterprise_config\": \"projects/myProject/locations/global/githubEnterpriseConfigs/configID\",\n },\n git_file_source={\n \"path\": \"cloudbuild.yaml\",\n \"uri\": \"https://hashicorp/terraform-provider-google-beta\",\n \"revision\": \"refs/heads/main\",\n \"repo_type\": \"GITHUB\",\n \"github_enterprise_config\": \"projects/myProject/locations/global/githubEnterpriseConfigs/configID\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var manual_ghe_trigger = new Gcp.CloudBuild.Trigger(\"manual-ghe-trigger\", new()\n {\n Name = \"\",\n SourceToBuild = new Gcp.CloudBuild.Inputs.TriggerSourceToBuildArgs\n {\n Uri = \"https://hashicorp/terraform-provider-google-beta\",\n Ref = \"refs/heads/main\",\n RepoType = \"GITHUB\",\n GithubEnterpriseConfig = \"projects/myProject/locations/global/githubEnterpriseConfigs/configID\",\n },\n GitFileSource = new Gcp.CloudBuild.Inputs.TriggerGitFileSourceArgs\n {\n Path = \"cloudbuild.yaml\",\n Uri = \"https://hashicorp/terraform-provider-google-beta\",\n Revision = \"refs/heads/main\",\n RepoType = \"GITHUB\",\n GithubEnterpriseConfig = \"projects/myProject/locations/global/githubEnterpriseConfigs/configID\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuild.NewTrigger(ctx, \"manual-ghe-trigger\", \u0026cloudbuild.TriggerArgs{\n\t\t\tName: pulumi.String(\"\"),\n\t\t\tSourceToBuild: \u0026cloudbuild.TriggerSourceToBuildArgs{\n\t\t\t\tUri: pulumi.String(\"https://hashicorp/terraform-provider-google-beta\"),\n\t\t\t\tRef: pulumi.String(\"refs/heads/main\"),\n\t\t\t\tRepoType: pulumi.String(\"GITHUB\"),\n\t\t\t\tGithubEnterpriseConfig: pulumi.String(\"projects/myProject/locations/global/githubEnterpriseConfigs/configID\"),\n\t\t\t},\n\t\t\tGitFileSource: \u0026cloudbuild.TriggerGitFileSourceArgs{\n\t\t\t\tPath: pulumi.String(\"cloudbuild.yaml\"),\n\t\t\t\tUri: pulumi.String(\"https://hashicorp/terraform-provider-google-beta\"),\n\t\t\t\tRevision: pulumi.String(\"refs/heads/main\"),\n\t\t\t\tRepoType: pulumi.String(\"GITHUB\"),\n\t\t\t\tGithubEnterpriseConfig: pulumi.String(\"projects/myProject/locations/global/githubEnterpriseConfigs/configID\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuild.Trigger;\nimport com.pulumi.gcp.cloudbuild.TriggerArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerSourceToBuildArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerGitFileSourceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var manual_ghe_trigger = new Trigger(\"manual-ghe-trigger\", TriggerArgs.builder()\n .name(\"\")\n .sourceToBuild(TriggerSourceToBuildArgs.builder()\n .uri(\"https://hashicorp/terraform-provider-google-beta\")\n .ref(\"refs/heads/main\")\n .repoType(\"GITHUB\")\n .githubEnterpriseConfig(\"projects/myProject/locations/global/githubEnterpriseConfigs/configID\")\n .build())\n .gitFileSource(TriggerGitFileSourceArgs.builder()\n .path(\"cloudbuild.yaml\")\n .uri(\"https://hashicorp/terraform-provider-google-beta\")\n .revision(\"refs/heads/main\")\n .repoType(\"GITHUB\")\n .githubEnterpriseConfig(\"projects/myProject/locations/global/githubEnterpriseConfigs/configID\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n manual-ghe-trigger:\n type: gcp:cloudbuild:Trigger\n properties:\n name: \"\"\n sourceToBuild:\n uri: https://hashicorp/terraform-provider-google-beta\n ref: refs/heads/main\n repoType: GITHUB\n githubEnterpriseConfig: projects/myProject/locations/global/githubEnterpriseConfigs/configID\n gitFileSource:\n path: cloudbuild.yaml\n uri: https://hashicorp/terraform-provider-google-beta\n revision: refs/heads/main\n repoType: GITHUB\n githubEnterpriseConfig: projects/myProject/locations/global/githubEnterpriseConfigs/configID\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuild Trigger Manual Bitbucket Server\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst manual_bitbucket_trigger = new gcp.cloudbuild.Trigger(\"manual-bitbucket-trigger\", {\n name: \"terraform-manual-bbs-trigger\",\n sourceToBuild: {\n uri: \"https://bbs.com/scm/stag/test-repo.git\",\n ref: \"refs/heads/main\",\n repoType: \"BITBUCKET_SERVER\",\n bitbucketServerConfig: \"projects/myProject/locations/global/bitbucketServerConfigs/configID\",\n },\n gitFileSource: {\n path: \"cloudbuild.yaml\",\n uri: \"https://bbs.com/scm/stag/test-repo.git\",\n revision: \"refs/heads/main\",\n repoType: \"BITBUCKET_SERVER\",\n bitbucketServerConfig: \"projects/myProject/locations/global/bitbucketServerConfigs/configID\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmanual_bitbucket_trigger = gcp.cloudbuild.Trigger(\"manual-bitbucket-trigger\",\n name=\"terraform-manual-bbs-trigger\",\n source_to_build={\n \"uri\": \"https://bbs.com/scm/stag/test-repo.git\",\n \"ref\": \"refs/heads/main\",\n \"repo_type\": \"BITBUCKET_SERVER\",\n \"bitbucket_server_config\": \"projects/myProject/locations/global/bitbucketServerConfigs/configID\",\n },\n git_file_source={\n \"path\": \"cloudbuild.yaml\",\n \"uri\": \"https://bbs.com/scm/stag/test-repo.git\",\n \"revision\": \"refs/heads/main\",\n \"repo_type\": \"BITBUCKET_SERVER\",\n \"bitbucket_server_config\": \"projects/myProject/locations/global/bitbucketServerConfigs/configID\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var manual_bitbucket_trigger = new Gcp.CloudBuild.Trigger(\"manual-bitbucket-trigger\", new()\n {\n Name = \"terraform-manual-bbs-trigger\",\n SourceToBuild = new Gcp.CloudBuild.Inputs.TriggerSourceToBuildArgs\n {\n Uri = \"https://bbs.com/scm/stag/test-repo.git\",\n Ref = \"refs/heads/main\",\n RepoType = \"BITBUCKET_SERVER\",\n BitbucketServerConfig = \"projects/myProject/locations/global/bitbucketServerConfigs/configID\",\n },\n GitFileSource = new Gcp.CloudBuild.Inputs.TriggerGitFileSourceArgs\n {\n Path = \"cloudbuild.yaml\",\n Uri = \"https://bbs.com/scm/stag/test-repo.git\",\n Revision = \"refs/heads/main\",\n RepoType = \"BITBUCKET_SERVER\",\n BitbucketServerConfig = \"projects/myProject/locations/global/bitbucketServerConfigs/configID\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuild.NewTrigger(ctx, \"manual-bitbucket-trigger\", \u0026cloudbuild.TriggerArgs{\n\t\t\tName: pulumi.String(\"terraform-manual-bbs-trigger\"),\n\t\t\tSourceToBuild: \u0026cloudbuild.TriggerSourceToBuildArgs{\n\t\t\t\tUri: pulumi.String(\"https://bbs.com/scm/stag/test-repo.git\"),\n\t\t\t\tRef: pulumi.String(\"refs/heads/main\"),\n\t\t\t\tRepoType: pulumi.String(\"BITBUCKET_SERVER\"),\n\t\t\t\tBitbucketServerConfig: pulumi.String(\"projects/myProject/locations/global/bitbucketServerConfigs/configID\"),\n\t\t\t},\n\t\t\tGitFileSource: \u0026cloudbuild.TriggerGitFileSourceArgs{\n\t\t\t\tPath: pulumi.String(\"cloudbuild.yaml\"),\n\t\t\t\tUri: pulumi.String(\"https://bbs.com/scm/stag/test-repo.git\"),\n\t\t\t\tRevision: pulumi.String(\"refs/heads/main\"),\n\t\t\t\tRepoType: pulumi.String(\"BITBUCKET_SERVER\"),\n\t\t\t\tBitbucketServerConfig: pulumi.String(\"projects/myProject/locations/global/bitbucketServerConfigs/configID\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuild.Trigger;\nimport com.pulumi.gcp.cloudbuild.TriggerArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerSourceToBuildArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerGitFileSourceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var manual_bitbucket_trigger = new Trigger(\"manual-bitbucket-trigger\", TriggerArgs.builder()\n .name(\"terraform-manual-bbs-trigger\")\n .sourceToBuild(TriggerSourceToBuildArgs.builder()\n .uri(\"https://bbs.com/scm/stag/test-repo.git\")\n .ref(\"refs/heads/main\")\n .repoType(\"BITBUCKET_SERVER\")\n .bitbucketServerConfig(\"projects/myProject/locations/global/bitbucketServerConfigs/configID\")\n .build())\n .gitFileSource(TriggerGitFileSourceArgs.builder()\n .path(\"cloudbuild.yaml\")\n .uri(\"https://bbs.com/scm/stag/test-repo.git\")\n .revision(\"refs/heads/main\")\n .repoType(\"BITBUCKET_SERVER\")\n .bitbucketServerConfig(\"projects/myProject/locations/global/bitbucketServerConfigs/configID\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n manual-bitbucket-trigger:\n type: gcp:cloudbuild:Trigger\n properties:\n name: terraform-manual-bbs-trigger\n sourceToBuild:\n uri: https://bbs.com/scm/stag/test-repo.git\n ref: refs/heads/main\n repoType: BITBUCKET_SERVER\n bitbucketServerConfig: projects/myProject/locations/global/bitbucketServerConfigs/configID\n gitFileSource:\n path: cloudbuild.yaml\n uri: https://bbs.com/scm/stag/test-repo.git\n revision: refs/heads/main\n repoType: BITBUCKET_SERVER\n bitbucketServerConfig: projects/myProject/locations/global/bitbucketServerConfigs/configID\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuild Trigger Repo\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_connection = new gcp.cloudbuildv2.Connection(\"my-connection\", {\n location: \"us-central1\",\n name: \"my-connection\",\n githubConfig: {\n appInstallationId: 123123,\n authorizerCredential: {\n oauthTokenSecretVersion: \"projects/my-project/secrets/github-pat-secret/versions/latest\",\n },\n },\n});\nconst my_repository = new gcp.cloudbuildv2.Repository(\"my-repository\", {\n name: \"my-repo\",\n parentConnection: my_connection.id,\n remoteUri: \"https://github.com/myuser/my-repo.git\",\n});\nconst repo_trigger = new gcp.cloudbuild.Trigger(\"repo-trigger\", {\n location: \"us-central1\",\n repositoryEventConfig: {\n repository: my_repository.id,\n push: {\n branch: \"feature-.*\",\n },\n },\n filename: \"cloudbuild.yaml\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_connection = gcp.cloudbuildv2.Connection(\"my-connection\",\n location=\"us-central1\",\n name=\"my-connection\",\n github_config={\n \"app_installation_id\": 123123,\n \"authorizer_credential\": {\n \"oauth_token_secret_version\": \"projects/my-project/secrets/github-pat-secret/versions/latest\",\n },\n })\nmy_repository = gcp.cloudbuildv2.Repository(\"my-repository\",\n name=\"my-repo\",\n parent_connection=my_connection.id,\n remote_uri=\"https://github.com/myuser/my-repo.git\")\nrepo_trigger = gcp.cloudbuild.Trigger(\"repo-trigger\",\n location=\"us-central1\",\n repository_event_config={\n \"repository\": my_repository.id,\n \"push\": {\n \"branch\": \"feature-.*\",\n },\n },\n filename=\"cloudbuild.yaml\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_connection = new Gcp.CloudBuildV2.Connection(\"my-connection\", new()\n {\n Location = \"us-central1\",\n Name = \"my-connection\",\n GithubConfig = new Gcp.CloudBuildV2.Inputs.ConnectionGithubConfigArgs\n {\n AppInstallationId = 123123,\n AuthorizerCredential = new Gcp.CloudBuildV2.Inputs.ConnectionGithubConfigAuthorizerCredentialArgs\n {\n OauthTokenSecretVersion = \"projects/my-project/secrets/github-pat-secret/versions/latest\",\n },\n },\n });\n\n var my_repository = new Gcp.CloudBuildV2.Repository(\"my-repository\", new()\n {\n Name = \"my-repo\",\n ParentConnection = my_connection.Id,\n RemoteUri = \"https://github.com/myuser/my-repo.git\",\n });\n\n var repo_trigger = new Gcp.CloudBuild.Trigger(\"repo-trigger\", new()\n {\n Location = \"us-central1\",\n RepositoryEventConfig = new Gcp.CloudBuild.Inputs.TriggerRepositoryEventConfigArgs\n {\n Repository = my_repository.Id,\n Push = new Gcp.CloudBuild.Inputs.TriggerRepositoryEventConfigPushArgs\n {\n Branch = \"feature-.*\",\n },\n },\n Filename = \"cloudbuild.yaml\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnection(ctx, \"my-connection\", \u0026cloudbuildv2.ConnectionArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"my-connection\"),\n\t\t\tGithubConfig: \u0026cloudbuildv2.ConnectionGithubConfigArgs{\n\t\t\t\tAppInstallationId: pulumi.Int(123123),\n\t\t\t\tAuthorizerCredential: \u0026cloudbuildv2.ConnectionGithubConfigAuthorizerCredentialArgs{\n\t\t\t\t\tOauthTokenSecretVersion: pulumi.String(\"projects/my-project/secrets/github-pat-secret/versions/latest\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewRepository(ctx, \"my-repository\", \u0026cloudbuildv2.RepositoryArgs{\n\t\t\tName: pulumi.String(\"my-repo\"),\n\t\t\tParentConnection: my_connection.ID(),\n\t\t\tRemoteUri: pulumi.String(\"https://github.com/myuser/my-repo.git\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuild.NewTrigger(ctx, \"repo-trigger\", \u0026cloudbuild.TriggerArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryEventConfig: \u0026cloudbuild.TriggerRepositoryEventConfigArgs{\n\t\t\t\tRepository: my_repository.ID(),\n\t\t\t\tPush: \u0026cloudbuild.TriggerRepositoryEventConfigPushArgs{\n\t\t\t\t\tBranch: pulumi.String(\"feature-.*\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tFilename: pulumi.String(\"cloudbuild.yaml\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.Connection;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionArgs;\nimport com.pulumi.gcp.cloudbuildv2.inputs.ConnectionGithubConfigArgs;\nimport com.pulumi.gcp.cloudbuildv2.inputs.ConnectionGithubConfigAuthorizerCredentialArgs;\nimport com.pulumi.gcp.cloudbuildv2.Repository;\nimport com.pulumi.gcp.cloudbuildv2.RepositoryArgs;\nimport com.pulumi.gcp.cloudbuild.Trigger;\nimport com.pulumi.gcp.cloudbuild.TriggerArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerRepositoryEventConfigArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerRepositoryEventConfigPushArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_connection = new Connection(\"my-connection\", ConnectionArgs.builder()\n .location(\"us-central1\")\n .name(\"my-connection\")\n .githubConfig(ConnectionGithubConfigArgs.builder()\n .appInstallationId(123123)\n .authorizerCredential(ConnectionGithubConfigAuthorizerCredentialArgs.builder()\n .oauthTokenSecretVersion(\"projects/my-project/secrets/github-pat-secret/versions/latest\")\n .build())\n .build())\n .build());\n\n var my_repository = new Repository(\"my-repository\", RepositoryArgs.builder()\n .name(\"my-repo\")\n .parentConnection(my_connection.id())\n .remoteUri(\"https://github.com/myuser/my-repo.git\")\n .build());\n\n var repo_trigger = new Trigger(\"repo-trigger\", TriggerArgs.builder()\n .location(\"us-central1\")\n .repositoryEventConfig(TriggerRepositoryEventConfigArgs.builder()\n .repository(my_repository.id())\n .push(TriggerRepositoryEventConfigPushArgs.builder()\n .branch(\"feature-.*\")\n .build())\n .build())\n .filename(\"cloudbuild.yaml\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-connection:\n type: gcp:cloudbuildv2:Connection\n properties:\n location: us-central1\n name: my-connection\n githubConfig:\n appInstallationId: 123123\n authorizerCredential:\n oauthTokenSecretVersion: projects/my-project/secrets/github-pat-secret/versions/latest\n my-repository:\n type: gcp:cloudbuildv2:Repository\n properties:\n name: my-repo\n parentConnection: ${[\"my-connection\"].id}\n remoteUri: https://github.com/myuser/my-repo.git\n repo-trigger:\n type: gcp:cloudbuild:Trigger\n properties:\n location: us-central1\n repositoryEventConfig:\n repository: ${[\"my-repository\"].id}\n push:\n branch: feature-.*\n filename: cloudbuild.yaml\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuild Trigger Bitbucket Server Push\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst bbs_push_trigger = new gcp.cloudbuild.Trigger(\"bbs-push-trigger\", {\n name: \"bbs-push-trigger\",\n location: \"us-central1\",\n bitbucketServerTriggerConfig: {\n repoSlug: \"bbs-push-trigger\",\n projectKey: \"STAG\",\n bitbucketServerConfigResource: \"projects/123456789/locations/us-central1/bitbucketServerConfigs/myBitbucketConfig\",\n push: {\n tag: \"^0.1.*\",\n invertRegex: true,\n },\n },\n filename: \"cloudbuild.yaml\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbbs_push_trigger = gcp.cloudbuild.Trigger(\"bbs-push-trigger\",\n name=\"bbs-push-trigger\",\n location=\"us-central1\",\n bitbucket_server_trigger_config={\n \"repo_slug\": \"bbs-push-trigger\",\n \"project_key\": \"STAG\",\n \"bitbucket_server_config_resource\": \"projects/123456789/locations/us-central1/bitbucketServerConfigs/myBitbucketConfig\",\n \"push\": {\n \"tag\": \"^0.1.*\",\n \"invert_regex\": True,\n },\n },\n filename=\"cloudbuild.yaml\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bbs_push_trigger = new Gcp.CloudBuild.Trigger(\"bbs-push-trigger\", new()\n {\n Name = \"bbs-push-trigger\",\n Location = \"us-central1\",\n BitbucketServerTriggerConfig = new Gcp.CloudBuild.Inputs.TriggerBitbucketServerTriggerConfigArgs\n {\n RepoSlug = \"bbs-push-trigger\",\n ProjectKey = \"STAG\",\n BitbucketServerConfigResource = \"projects/123456789/locations/us-central1/bitbucketServerConfigs/myBitbucketConfig\",\n Push = new Gcp.CloudBuild.Inputs.TriggerBitbucketServerTriggerConfigPushArgs\n {\n Tag = \"^0.1.*\",\n InvertRegex = true,\n },\n },\n Filename = \"cloudbuild.yaml\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuild.NewTrigger(ctx, \"bbs-push-trigger\", \u0026cloudbuild.TriggerArgs{\n\t\t\tName: pulumi.String(\"bbs-push-trigger\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBitbucketServerTriggerConfig: \u0026cloudbuild.TriggerBitbucketServerTriggerConfigArgs{\n\t\t\t\tRepoSlug: pulumi.String(\"bbs-push-trigger\"),\n\t\t\t\tProjectKey: pulumi.String(\"STAG\"),\n\t\t\t\tBitbucketServerConfigResource: pulumi.String(\"projects/123456789/locations/us-central1/bitbucketServerConfigs/myBitbucketConfig\"),\n\t\t\t\tPush: \u0026cloudbuild.TriggerBitbucketServerTriggerConfigPushArgs{\n\t\t\t\t\tTag: pulumi.String(\"^0.1.*\"),\n\t\t\t\t\tInvertRegex: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tFilename: pulumi.String(\"cloudbuild.yaml\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuild.Trigger;\nimport com.pulumi.gcp.cloudbuild.TriggerArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBitbucketServerTriggerConfigArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBitbucketServerTriggerConfigPushArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bbs_push_trigger = new Trigger(\"bbs-push-trigger\", TriggerArgs.builder()\n .name(\"bbs-push-trigger\")\n .location(\"us-central1\")\n .bitbucketServerTriggerConfig(TriggerBitbucketServerTriggerConfigArgs.builder()\n .repoSlug(\"bbs-push-trigger\")\n .projectKey(\"STAG\")\n .bitbucketServerConfigResource(\"projects/123456789/locations/us-central1/bitbucketServerConfigs/myBitbucketConfig\")\n .push(TriggerBitbucketServerTriggerConfigPushArgs.builder()\n .tag(\"^0.1.*\")\n .invertRegex(true)\n .build())\n .build())\n .filename(\"cloudbuild.yaml\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bbs-push-trigger:\n type: gcp:cloudbuild:Trigger\n properties:\n name: bbs-push-trigger\n location: us-central1\n bitbucketServerTriggerConfig:\n repoSlug: bbs-push-trigger\n projectKey: STAG\n bitbucketServerConfigResource: projects/123456789/locations/us-central1/bitbucketServerConfigs/myBitbucketConfig\n push:\n tag: ^0.1.*\n invertRegex: true\n filename: cloudbuild.yaml\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuild Trigger Bitbucket Server Pull Request\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst bbs_pull_request_trigger = new gcp.cloudbuild.Trigger(\"bbs-pull-request-trigger\", {\n name: \"ghe-trigger\",\n location: \"us-central1\",\n bitbucketServerTriggerConfig: {\n repoSlug: \"terraform-provider-google\",\n projectKey: \"STAG\",\n bitbucketServerConfigResource: \"projects/123456789/locations/us-central1/bitbucketServerConfigs/myBitbucketConfig\",\n pullRequest: {\n branch: \"^master$\",\n invertRegex: false,\n commentControl: \"COMMENTS_ENABLED\",\n },\n },\n filename: \"cloudbuild.yaml\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbbs_pull_request_trigger = gcp.cloudbuild.Trigger(\"bbs-pull-request-trigger\",\n name=\"ghe-trigger\",\n location=\"us-central1\",\n bitbucket_server_trigger_config={\n \"repo_slug\": \"terraform-provider-google\",\n \"project_key\": \"STAG\",\n \"bitbucket_server_config_resource\": \"projects/123456789/locations/us-central1/bitbucketServerConfigs/myBitbucketConfig\",\n \"pull_request\": {\n \"branch\": \"^master$\",\n \"invert_regex\": False,\n \"comment_control\": \"COMMENTS_ENABLED\",\n },\n },\n filename=\"cloudbuild.yaml\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bbs_pull_request_trigger = new Gcp.CloudBuild.Trigger(\"bbs-pull-request-trigger\", new()\n {\n Name = \"ghe-trigger\",\n Location = \"us-central1\",\n BitbucketServerTriggerConfig = new Gcp.CloudBuild.Inputs.TriggerBitbucketServerTriggerConfigArgs\n {\n RepoSlug = \"terraform-provider-google\",\n ProjectKey = \"STAG\",\n BitbucketServerConfigResource = \"projects/123456789/locations/us-central1/bitbucketServerConfigs/myBitbucketConfig\",\n PullRequest = new Gcp.CloudBuild.Inputs.TriggerBitbucketServerTriggerConfigPullRequestArgs\n {\n Branch = \"^master$\",\n InvertRegex = false,\n CommentControl = \"COMMENTS_ENABLED\",\n },\n },\n Filename = \"cloudbuild.yaml\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuild.NewTrigger(ctx, \"bbs-pull-request-trigger\", \u0026cloudbuild.TriggerArgs{\n\t\t\tName: pulumi.String(\"ghe-trigger\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBitbucketServerTriggerConfig: \u0026cloudbuild.TriggerBitbucketServerTriggerConfigArgs{\n\t\t\t\tRepoSlug: pulumi.String(\"terraform-provider-google\"),\n\t\t\t\tProjectKey: pulumi.String(\"STAG\"),\n\t\t\t\tBitbucketServerConfigResource: pulumi.String(\"projects/123456789/locations/us-central1/bitbucketServerConfigs/myBitbucketConfig\"),\n\t\t\t\tPullRequest: \u0026cloudbuild.TriggerBitbucketServerTriggerConfigPullRequestArgs{\n\t\t\t\t\tBranch: pulumi.String(\"^master$\"),\n\t\t\t\t\tInvertRegex: pulumi.Bool(false),\n\t\t\t\t\tCommentControl: pulumi.String(\"COMMENTS_ENABLED\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tFilename: pulumi.String(\"cloudbuild.yaml\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuild.Trigger;\nimport com.pulumi.gcp.cloudbuild.TriggerArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBitbucketServerTriggerConfigArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBitbucketServerTriggerConfigPullRequestArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bbs_pull_request_trigger = new Trigger(\"bbs-pull-request-trigger\", TriggerArgs.builder()\n .name(\"ghe-trigger\")\n .location(\"us-central1\")\n .bitbucketServerTriggerConfig(TriggerBitbucketServerTriggerConfigArgs.builder()\n .repoSlug(\"terraform-provider-google\")\n .projectKey(\"STAG\")\n .bitbucketServerConfigResource(\"projects/123456789/locations/us-central1/bitbucketServerConfigs/myBitbucketConfig\")\n .pullRequest(TriggerBitbucketServerTriggerConfigPullRequestArgs.builder()\n .branch(\"^master$\")\n .invertRegex(false)\n .commentControl(\"COMMENTS_ENABLED\")\n .build())\n .build())\n .filename(\"cloudbuild.yaml\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bbs-pull-request-trigger:\n type: gcp:cloudbuild:Trigger\n properties:\n name: ghe-trigger\n location: us-central1\n bitbucketServerTriggerConfig:\n repoSlug: terraform-provider-google\n projectKey: STAG\n bitbucketServerConfigResource: projects/123456789/locations/us-central1/bitbucketServerConfigs/myBitbucketConfig\n pullRequest:\n branch: ^master$\n invertRegex: false\n commentControl: COMMENTS_ENABLED\n filename: cloudbuild.yaml\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuild Trigger Github Enterprise\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst ghe_trigger = new gcp.cloudbuild.Trigger(\"ghe-trigger\", {\n name: \"ghe-trigger\",\n location: \"us-central1\",\n github: {\n owner: \"hashicorp\",\n name: \"terraform-provider-google\",\n push: {\n branch: \"^main$\",\n },\n enterpriseConfigResourceName: \"projects/123456789/locations/us-central1/githubEnterpriseConfigs/configID\",\n },\n filename: \"cloudbuild.yaml\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nghe_trigger = gcp.cloudbuild.Trigger(\"ghe-trigger\",\n name=\"ghe-trigger\",\n location=\"us-central1\",\n github={\n \"owner\": \"hashicorp\",\n \"name\": \"terraform-provider-google\",\n \"push\": {\n \"branch\": \"^main$\",\n },\n \"enterprise_config_resource_name\": \"projects/123456789/locations/us-central1/githubEnterpriseConfigs/configID\",\n },\n filename=\"cloudbuild.yaml\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ghe_trigger = new Gcp.CloudBuild.Trigger(\"ghe-trigger\", new()\n {\n Name = \"ghe-trigger\",\n Location = \"us-central1\",\n Github = new Gcp.CloudBuild.Inputs.TriggerGithubArgs\n {\n Owner = \"hashicorp\",\n Name = \"terraform-provider-google\",\n Push = new Gcp.CloudBuild.Inputs.TriggerGithubPushArgs\n {\n Branch = \"^main$\",\n },\n EnterpriseConfigResourceName = \"projects/123456789/locations/us-central1/githubEnterpriseConfigs/configID\",\n },\n Filename = \"cloudbuild.yaml\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuild.NewTrigger(ctx, \"ghe-trigger\", \u0026cloudbuild.TriggerArgs{\n\t\t\tName: pulumi.String(\"ghe-trigger\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tGithub: \u0026cloudbuild.TriggerGithubArgs{\n\t\t\t\tOwner: pulumi.String(\"hashicorp\"),\n\t\t\t\tName: pulumi.String(\"terraform-provider-google\"),\n\t\t\t\tPush: \u0026cloudbuild.TriggerGithubPushArgs{\n\t\t\t\t\tBranch: pulumi.String(\"^main$\"),\n\t\t\t\t},\n\t\t\t\tEnterpriseConfigResourceName: pulumi.String(\"projects/123456789/locations/us-central1/githubEnterpriseConfigs/configID\"),\n\t\t\t},\n\t\t\tFilename: pulumi.String(\"cloudbuild.yaml\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuild.Trigger;\nimport com.pulumi.gcp.cloudbuild.TriggerArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerGithubArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerGithubPushArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var ghe_trigger = new Trigger(\"ghe-trigger\", TriggerArgs.builder()\n .name(\"ghe-trigger\")\n .location(\"us-central1\")\n .github(TriggerGithubArgs.builder()\n .owner(\"hashicorp\")\n .name(\"terraform-provider-google\")\n .push(TriggerGithubPushArgs.builder()\n .branch(\"^main$\")\n .build())\n .enterpriseConfigResourceName(\"projects/123456789/locations/us-central1/githubEnterpriseConfigs/configID\")\n .build())\n .filename(\"cloudbuild.yaml\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n ghe-trigger:\n type: gcp:cloudbuild:Trigger\n properties:\n name: ghe-trigger\n location: us-central1\n github:\n owner: hashicorp\n name: terraform-provider-google\n push:\n branch: ^main$\n enterpriseConfigResourceName: projects/123456789/locations/us-central1/githubEnterpriseConfigs/configID\n filename: cloudbuild.yaml\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuild Trigger Allow Failure\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst allow_failure_trigger = new gcp.cloudbuild.Trigger(\"allow-failure-trigger\", {\n name: \"my-trigger\",\n location: \"global\",\n triggerTemplate: {\n branchName: \"main\",\n repoName: \"my-repo\",\n },\n build: {\n steps: [{\n name: \"ubuntu\",\n args: [\n \"-c\",\n \"exit 1\",\n ],\n allowFailure: true,\n }],\n source: {\n storageSource: {\n bucket: \"mybucket\",\n object: \"source_code.tar.gz\",\n },\n },\n tags: [\n \"build\",\n \"newFeature\",\n ],\n substitutions: {\n _FOO: \"bar\",\n _BAZ: \"qux\",\n },\n queueTtl: \"20s\",\n logsBucket: \"gs://mybucket/logs\",\n secrets: [{\n kmsKeyName: \"projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\",\n secretEnv: {\n PASSWORD: \"ZW5jcnlwdGVkLXBhc3N3b3JkCg==\",\n },\n }],\n availableSecrets: {\n secretManagers: [{\n env: \"MY_SECRET\",\n versionName: \"projects/myProject/secrets/mySecret/versions/latest\",\n }],\n },\n artifacts: {\n images: [\"gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\"],\n objects: {\n location: \"gs://bucket/path/to/somewhere/\",\n paths: [\"path\"],\n },\n },\n options: {\n sourceProvenanceHashes: [\"MD5\"],\n requestedVerifyOption: \"VERIFIED\",\n machineType: \"N1_HIGHCPU_8\",\n diskSizeGb: 100,\n substitutionOption: \"ALLOW_LOOSE\",\n dynamicSubstitutions: true,\n logStreamingOption: \"STREAM_OFF\",\n workerPool: \"pool\",\n logging: \"LEGACY\",\n envs: [\"ekey = evalue\"],\n secretEnvs: [\"secretenv = svalue\"],\n volumes: [{\n name: \"v1\",\n path: \"v1\",\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nallow_failure_trigger = gcp.cloudbuild.Trigger(\"allow-failure-trigger\",\n name=\"my-trigger\",\n location=\"global\",\n trigger_template={\n \"branch_name\": \"main\",\n \"repo_name\": \"my-repo\",\n },\n build={\n \"steps\": [{\n \"name\": \"ubuntu\",\n \"args\": [\n \"-c\",\n \"exit 1\",\n ],\n \"allow_failure\": True,\n }],\n \"source\": {\n \"storage_source\": {\n \"bucket\": \"mybucket\",\n \"object\": \"source_code.tar.gz\",\n },\n },\n \"tags\": [\n \"build\",\n \"newFeature\",\n ],\n \"substitutions\": {\n \"_FOO\": \"bar\",\n \"_BAZ\": \"qux\",\n },\n \"queue_ttl\": \"20s\",\n \"logs_bucket\": \"gs://mybucket/logs\",\n \"secrets\": [{\n \"kms_key_name\": \"projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\",\n \"secret_env\": {\n \"PASSWORD\": \"ZW5jcnlwdGVkLXBhc3N3b3JkCg==\",\n },\n }],\n \"available_secrets\": {\n \"secret_managers\": [{\n \"env\": \"MY_SECRET\",\n \"version_name\": \"projects/myProject/secrets/mySecret/versions/latest\",\n }],\n },\n \"artifacts\": {\n \"images\": [\"gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\"],\n \"objects\": {\n \"location\": \"gs://bucket/path/to/somewhere/\",\n \"paths\": [\"path\"],\n },\n },\n \"options\": {\n \"source_provenance_hashes\": [\"MD5\"],\n \"requested_verify_option\": \"VERIFIED\",\n \"machine_type\": \"N1_HIGHCPU_8\",\n \"disk_size_gb\": 100,\n \"substitution_option\": \"ALLOW_LOOSE\",\n \"dynamic_substitutions\": True,\n \"log_streaming_option\": \"STREAM_OFF\",\n \"worker_pool\": \"pool\",\n \"logging\": \"LEGACY\",\n \"envs\": [\"ekey = evalue\"],\n \"secret_envs\": [\"secretenv = svalue\"],\n \"volumes\": [{\n \"name\": \"v1\",\n \"path\": \"v1\",\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var allow_failure_trigger = new Gcp.CloudBuild.Trigger(\"allow-failure-trigger\", new()\n {\n Name = \"my-trigger\",\n Location = \"global\",\n TriggerTemplate = new Gcp.CloudBuild.Inputs.TriggerTriggerTemplateArgs\n {\n BranchName = \"main\",\n RepoName = \"my-repo\",\n },\n Build = new Gcp.CloudBuild.Inputs.TriggerBuildArgs\n {\n Steps = new[]\n {\n new Gcp.CloudBuild.Inputs.TriggerBuildStepArgs\n {\n Name = \"ubuntu\",\n Args = new[]\n {\n \"-c\",\n \"exit 1\",\n },\n AllowFailure = true,\n },\n },\n Source = new Gcp.CloudBuild.Inputs.TriggerBuildSourceArgs\n {\n StorageSource = new Gcp.CloudBuild.Inputs.TriggerBuildSourceStorageSourceArgs\n {\n Bucket = \"mybucket\",\n Object = \"source_code.tar.gz\",\n },\n },\n Tags = new[]\n {\n \"build\",\n \"newFeature\",\n },\n Substitutions = \n {\n { \"_FOO\", \"bar\" },\n { \"_BAZ\", \"qux\" },\n },\n QueueTtl = \"20s\",\n LogsBucket = \"gs://mybucket/logs\",\n Secrets = new[]\n {\n new Gcp.CloudBuild.Inputs.TriggerBuildSecretArgs\n {\n KmsKeyName = \"projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\",\n SecretEnv = \n {\n { \"PASSWORD\", \"ZW5jcnlwdGVkLXBhc3N3b3JkCg==\" },\n },\n },\n },\n AvailableSecrets = new Gcp.CloudBuild.Inputs.TriggerBuildAvailableSecretsArgs\n {\n SecretManagers = new[]\n {\n new Gcp.CloudBuild.Inputs.TriggerBuildAvailableSecretsSecretManagerArgs\n {\n Env = \"MY_SECRET\",\n VersionName = \"projects/myProject/secrets/mySecret/versions/latest\",\n },\n },\n },\n Artifacts = new Gcp.CloudBuild.Inputs.TriggerBuildArtifactsArgs\n {\n Images = new[]\n {\n \"gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\",\n },\n Objects = new Gcp.CloudBuild.Inputs.TriggerBuildArtifactsObjectsArgs\n {\n Location = \"gs://bucket/path/to/somewhere/\",\n Paths = new[]\n {\n \"path\",\n },\n },\n },\n Options = new Gcp.CloudBuild.Inputs.TriggerBuildOptionsArgs\n {\n SourceProvenanceHashes = new[]\n {\n \"MD5\",\n },\n RequestedVerifyOption = \"VERIFIED\",\n MachineType = \"N1_HIGHCPU_8\",\n DiskSizeGb = 100,\n SubstitutionOption = \"ALLOW_LOOSE\",\n DynamicSubstitutions = true,\n LogStreamingOption = \"STREAM_OFF\",\n WorkerPool = \"pool\",\n Logging = \"LEGACY\",\n Envs = new[]\n {\n \"ekey = evalue\",\n },\n SecretEnvs = new[]\n {\n \"secretenv = svalue\",\n },\n Volumes = new[]\n {\n new Gcp.CloudBuild.Inputs.TriggerBuildOptionsVolumeArgs\n {\n Name = \"v1\",\n Path = \"v1\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuild.NewTrigger(ctx, \"allow-failure-trigger\", \u0026cloudbuild.TriggerArgs{\n\t\t\tName: pulumi.String(\"my-trigger\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tTriggerTemplate: \u0026cloudbuild.TriggerTriggerTemplateArgs{\n\t\t\t\tBranchName: pulumi.String(\"main\"),\n\t\t\t\tRepoName: pulumi.String(\"my-repo\"),\n\t\t\t},\n\t\t\tBuild: \u0026cloudbuild.TriggerBuildArgs{\n\t\t\t\tSteps: cloudbuild.TriggerBuildStepArray{\n\t\t\t\t\t\u0026cloudbuild.TriggerBuildStepArgs{\n\t\t\t\t\t\tName: pulumi.String(\"ubuntu\"),\n\t\t\t\t\t\tArgs: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"-c\"),\n\t\t\t\t\t\t\tpulumi.String(\"exit 1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tAllowFailure: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tSource: \u0026cloudbuild.TriggerBuildSourceArgs{\n\t\t\t\t\tStorageSource: \u0026cloudbuild.TriggerBuildSourceStorageSourceArgs{\n\t\t\t\t\t\tBucket: pulumi.String(\"mybucket\"),\n\t\t\t\t\t\tObject: pulumi.String(\"source_code.tar.gz\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tTags: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"build\"),\n\t\t\t\t\tpulumi.String(\"newFeature\"),\n\t\t\t\t},\n\t\t\t\tSubstitutions: pulumi.StringMap{\n\t\t\t\t\t\"_FOO\": pulumi.String(\"bar\"),\n\t\t\t\t\t\"_BAZ\": pulumi.String(\"qux\"),\n\t\t\t\t},\n\t\t\t\tQueueTtl: pulumi.String(\"20s\"),\n\t\t\t\tLogsBucket: pulumi.String(\"gs://mybucket/logs\"),\n\t\t\t\tSecrets: cloudbuild.TriggerBuildSecretArray{\n\t\t\t\t\t\u0026cloudbuild.TriggerBuildSecretArgs{\n\t\t\t\t\t\tKmsKeyName: pulumi.String(\"projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\"),\n\t\t\t\t\t\tSecretEnv: pulumi.StringMap{\n\t\t\t\t\t\t\t\"PASSWORD\": pulumi.String(\"ZW5jcnlwdGVkLXBhc3N3b3JkCg==\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tAvailableSecrets: \u0026cloudbuild.TriggerBuildAvailableSecretsArgs{\n\t\t\t\t\tSecretManagers: cloudbuild.TriggerBuildAvailableSecretsSecretManagerArray{\n\t\t\t\t\t\t\u0026cloudbuild.TriggerBuildAvailableSecretsSecretManagerArgs{\n\t\t\t\t\t\t\tEnv: pulumi.String(\"MY_SECRET\"),\n\t\t\t\t\t\t\tVersionName: pulumi.String(\"projects/myProject/secrets/mySecret/versions/latest\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tArtifacts: \u0026cloudbuild.TriggerBuildArtifactsArgs{\n\t\t\t\t\tImages: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\"),\n\t\t\t\t\t},\n\t\t\t\t\tObjects: \u0026cloudbuild.TriggerBuildArtifactsObjectsArgs{\n\t\t\t\t\t\tLocation: pulumi.String(\"gs://bucket/path/to/somewhere/\"),\n\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"path\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tOptions: \u0026cloudbuild.TriggerBuildOptionsArgs{\n\t\t\t\t\tSourceProvenanceHashes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"MD5\"),\n\t\t\t\t\t},\n\t\t\t\t\tRequestedVerifyOption: pulumi.String(\"VERIFIED\"),\n\t\t\t\t\tMachineType: pulumi.String(\"N1_HIGHCPU_8\"),\n\t\t\t\t\tDiskSizeGb: pulumi.Int(100),\n\t\t\t\t\tSubstitutionOption: pulumi.String(\"ALLOW_LOOSE\"),\n\t\t\t\t\tDynamicSubstitutions: pulumi.Bool(true),\n\t\t\t\t\tLogStreamingOption: pulumi.String(\"STREAM_OFF\"),\n\t\t\t\t\tWorkerPool: pulumi.String(\"pool\"),\n\t\t\t\t\tLogging: pulumi.String(\"LEGACY\"),\n\t\t\t\t\tEnvs: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"ekey = evalue\"),\n\t\t\t\t\t},\n\t\t\t\t\tSecretEnvs: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"secretenv = svalue\"),\n\t\t\t\t\t},\n\t\t\t\t\tVolumes: cloudbuild.TriggerBuildOptionsVolumeArray{\n\t\t\t\t\t\t\u0026cloudbuild.TriggerBuildOptionsVolumeArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"v1\"),\n\t\t\t\t\t\t\tPath: pulumi.String(\"v1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuild.Trigger;\nimport com.pulumi.gcp.cloudbuild.TriggerArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerTriggerTemplateArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildSourceArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildSourceStorageSourceArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildAvailableSecretsArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildArtifactsArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildArtifactsObjectsArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var allow_failure_trigger = new Trigger(\"allow-failure-trigger\", TriggerArgs.builder()\n .name(\"my-trigger\")\n .location(\"global\")\n .triggerTemplate(TriggerTriggerTemplateArgs.builder()\n .branchName(\"main\")\n .repoName(\"my-repo\")\n .build())\n .build(TriggerBuildArgs.builder()\n .steps(TriggerBuildStepArgs.builder()\n .name(\"ubuntu\")\n .args( \n \"-c\",\n \"exit 1\")\n .allowFailure(true)\n .build())\n .source(TriggerBuildSourceArgs.builder()\n .storageSource(TriggerBuildSourceStorageSourceArgs.builder()\n .bucket(\"mybucket\")\n .object(\"source_code.tar.gz\")\n .build())\n .build())\n .tags( \n \"build\",\n \"newFeature\")\n .substitutions(Map.ofEntries(\n Map.entry(\"_FOO\", \"bar\"),\n Map.entry(\"_BAZ\", \"qux\")\n ))\n .queueTtl(\"20s\")\n .logsBucket(\"gs://mybucket/logs\")\n .secrets(TriggerBuildSecretArgs.builder()\n .kmsKeyName(\"projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\")\n .secretEnv(Map.of(\"PASSWORD\", \"ZW5jcnlwdGVkLXBhc3N3b3JkCg==\"))\n .build())\n .availableSecrets(TriggerBuildAvailableSecretsArgs.builder()\n .secretManagers(TriggerBuildAvailableSecretsSecretManagerArgs.builder()\n .env(\"MY_SECRET\")\n .versionName(\"projects/myProject/secrets/mySecret/versions/latest\")\n .build())\n .build())\n .artifacts(TriggerBuildArtifactsArgs.builder()\n .images(\"gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\")\n .objects(TriggerBuildArtifactsObjectsArgs.builder()\n .location(\"gs://bucket/path/to/somewhere/\")\n .paths(\"path\")\n .build())\n .build())\n .options(TriggerBuildOptionsArgs.builder()\n .sourceProvenanceHashes(\"MD5\")\n .requestedVerifyOption(\"VERIFIED\")\n .machineType(\"N1_HIGHCPU_8\")\n .diskSizeGb(100)\n .substitutionOption(\"ALLOW_LOOSE\")\n .dynamicSubstitutions(true)\n .logStreamingOption(\"STREAM_OFF\")\n .workerPool(\"pool\")\n .logging(\"LEGACY\")\n .envs(\"ekey = evalue\")\n .secretEnvs(\"secretenv = svalue\")\n .volumes(TriggerBuildOptionsVolumeArgs.builder()\n .name(\"v1\")\n .path(\"v1\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n allow-failure-trigger:\n type: gcp:cloudbuild:Trigger\n properties:\n name: my-trigger\n location: global\n triggerTemplate:\n branchName: main\n repoName: my-repo\n build:\n steps:\n - name: ubuntu\n args:\n - -c\n - exit 1\n allowFailure: true\n source:\n storageSource:\n bucket: mybucket\n object: source_code.tar.gz\n tags:\n - build\n - newFeature\n substitutions:\n _FOO: bar\n _BAZ: qux\n queueTtl: 20s\n logsBucket: gs://mybucket/logs\n secrets:\n - kmsKeyName: projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\n secretEnv:\n PASSWORD: ZW5jcnlwdGVkLXBhc3N3b3JkCg==\n availableSecrets:\n secretManagers:\n - env: MY_SECRET\n versionName: projects/myProject/secrets/mySecret/versions/latest\n artifacts:\n images:\n - gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\n objects:\n location: gs://bucket/path/to/somewhere/\n paths:\n - path\n options:\n sourceProvenanceHashes:\n - MD5\n requestedVerifyOption: VERIFIED\n machineType: N1_HIGHCPU_8\n diskSizeGb: 100\n substitutionOption: ALLOW_LOOSE\n dynamicSubstitutions: true\n logStreamingOption: STREAM_OFF\n workerPool: pool\n logging: LEGACY\n envs:\n - ekey = evalue\n secretEnvs:\n - secretenv = svalue\n volumes:\n - name: v1\n path: v1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuild Trigger Allow Exit Codes\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst allow_exit_codes_trigger = new gcp.cloudbuild.Trigger(\"allow-exit-codes-trigger\", {\n name: \"my-trigger\",\n location: \"global\",\n triggerTemplate: {\n branchName: \"main\",\n repoName: \"my-repo\",\n },\n build: {\n steps: [{\n name: \"ubuntu\",\n args: [\n \"-c\",\n \"exit 1\",\n ],\n allowExitCodes: [\n 1,\n 3,\n ],\n }],\n source: {\n storageSource: {\n bucket: \"mybucket\",\n object: \"source_code.tar.gz\",\n },\n },\n tags: [\n \"build\",\n \"newFeature\",\n ],\n substitutions: {\n _FOO: \"bar\",\n _BAZ: \"qux\",\n },\n queueTtl: \"20s\",\n logsBucket: \"gs://mybucket/logs\",\n secrets: [{\n kmsKeyName: \"projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\",\n secretEnv: {\n PASSWORD: \"ZW5jcnlwdGVkLXBhc3N3b3JkCg==\",\n },\n }],\n availableSecrets: {\n secretManagers: [{\n env: \"MY_SECRET\",\n versionName: \"projects/myProject/secrets/mySecret/versions/latest\",\n }],\n },\n artifacts: {\n images: [\"gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\"],\n objects: {\n location: \"gs://bucket/path/to/somewhere/\",\n paths: [\"path\"],\n },\n },\n options: {\n sourceProvenanceHashes: [\"MD5\"],\n requestedVerifyOption: \"VERIFIED\",\n machineType: \"N1_HIGHCPU_8\",\n diskSizeGb: 100,\n substitutionOption: \"ALLOW_LOOSE\",\n dynamicSubstitutions: true,\n logStreamingOption: \"STREAM_OFF\",\n workerPool: \"pool\",\n logging: \"LEGACY\",\n envs: [\"ekey = evalue\"],\n secretEnvs: [\"secretenv = svalue\"],\n volumes: [{\n name: \"v1\",\n path: \"v1\",\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nallow_exit_codes_trigger = gcp.cloudbuild.Trigger(\"allow-exit-codes-trigger\",\n name=\"my-trigger\",\n location=\"global\",\n trigger_template={\n \"branch_name\": \"main\",\n \"repo_name\": \"my-repo\",\n },\n build={\n \"steps\": [{\n \"name\": \"ubuntu\",\n \"args\": [\n \"-c\",\n \"exit 1\",\n ],\n \"allow_exit_codes\": [\n 1,\n 3,\n ],\n }],\n \"source\": {\n \"storage_source\": {\n \"bucket\": \"mybucket\",\n \"object\": \"source_code.tar.gz\",\n },\n },\n \"tags\": [\n \"build\",\n \"newFeature\",\n ],\n \"substitutions\": {\n \"_FOO\": \"bar\",\n \"_BAZ\": \"qux\",\n },\n \"queue_ttl\": \"20s\",\n \"logs_bucket\": \"gs://mybucket/logs\",\n \"secrets\": [{\n \"kms_key_name\": \"projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\",\n \"secret_env\": {\n \"PASSWORD\": \"ZW5jcnlwdGVkLXBhc3N3b3JkCg==\",\n },\n }],\n \"available_secrets\": {\n \"secret_managers\": [{\n \"env\": \"MY_SECRET\",\n \"version_name\": \"projects/myProject/secrets/mySecret/versions/latest\",\n }],\n },\n \"artifacts\": {\n \"images\": [\"gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\"],\n \"objects\": {\n \"location\": \"gs://bucket/path/to/somewhere/\",\n \"paths\": [\"path\"],\n },\n },\n \"options\": {\n \"source_provenance_hashes\": [\"MD5\"],\n \"requested_verify_option\": \"VERIFIED\",\n \"machine_type\": \"N1_HIGHCPU_8\",\n \"disk_size_gb\": 100,\n \"substitution_option\": \"ALLOW_LOOSE\",\n \"dynamic_substitutions\": True,\n \"log_streaming_option\": \"STREAM_OFF\",\n \"worker_pool\": \"pool\",\n \"logging\": \"LEGACY\",\n \"envs\": [\"ekey = evalue\"],\n \"secret_envs\": [\"secretenv = svalue\"],\n \"volumes\": [{\n \"name\": \"v1\",\n \"path\": \"v1\",\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var allow_exit_codes_trigger = new Gcp.CloudBuild.Trigger(\"allow-exit-codes-trigger\", new()\n {\n Name = \"my-trigger\",\n Location = \"global\",\n TriggerTemplate = new Gcp.CloudBuild.Inputs.TriggerTriggerTemplateArgs\n {\n BranchName = \"main\",\n RepoName = \"my-repo\",\n },\n Build = new Gcp.CloudBuild.Inputs.TriggerBuildArgs\n {\n Steps = new[]\n {\n new Gcp.CloudBuild.Inputs.TriggerBuildStepArgs\n {\n Name = \"ubuntu\",\n Args = new[]\n {\n \"-c\",\n \"exit 1\",\n },\n AllowExitCodes = new[]\n {\n 1,\n 3,\n },\n },\n },\n Source = new Gcp.CloudBuild.Inputs.TriggerBuildSourceArgs\n {\n StorageSource = new Gcp.CloudBuild.Inputs.TriggerBuildSourceStorageSourceArgs\n {\n Bucket = \"mybucket\",\n Object = \"source_code.tar.gz\",\n },\n },\n Tags = new[]\n {\n \"build\",\n \"newFeature\",\n },\n Substitutions = \n {\n { \"_FOO\", \"bar\" },\n { \"_BAZ\", \"qux\" },\n },\n QueueTtl = \"20s\",\n LogsBucket = \"gs://mybucket/logs\",\n Secrets = new[]\n {\n new Gcp.CloudBuild.Inputs.TriggerBuildSecretArgs\n {\n KmsKeyName = \"projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\",\n SecretEnv = \n {\n { \"PASSWORD\", \"ZW5jcnlwdGVkLXBhc3N3b3JkCg==\" },\n },\n },\n },\n AvailableSecrets = new Gcp.CloudBuild.Inputs.TriggerBuildAvailableSecretsArgs\n {\n SecretManagers = new[]\n {\n new Gcp.CloudBuild.Inputs.TriggerBuildAvailableSecretsSecretManagerArgs\n {\n Env = \"MY_SECRET\",\n VersionName = \"projects/myProject/secrets/mySecret/versions/latest\",\n },\n },\n },\n Artifacts = new Gcp.CloudBuild.Inputs.TriggerBuildArtifactsArgs\n {\n Images = new[]\n {\n \"gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\",\n },\n Objects = new Gcp.CloudBuild.Inputs.TriggerBuildArtifactsObjectsArgs\n {\n Location = \"gs://bucket/path/to/somewhere/\",\n Paths = new[]\n {\n \"path\",\n },\n },\n },\n Options = new Gcp.CloudBuild.Inputs.TriggerBuildOptionsArgs\n {\n SourceProvenanceHashes = new[]\n {\n \"MD5\",\n },\n RequestedVerifyOption = \"VERIFIED\",\n MachineType = \"N1_HIGHCPU_8\",\n DiskSizeGb = 100,\n SubstitutionOption = \"ALLOW_LOOSE\",\n DynamicSubstitutions = true,\n LogStreamingOption = \"STREAM_OFF\",\n WorkerPool = \"pool\",\n Logging = \"LEGACY\",\n Envs = new[]\n {\n \"ekey = evalue\",\n },\n SecretEnvs = new[]\n {\n \"secretenv = svalue\",\n },\n Volumes = new[]\n {\n new Gcp.CloudBuild.Inputs.TriggerBuildOptionsVolumeArgs\n {\n Name = \"v1\",\n Path = \"v1\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuild.NewTrigger(ctx, \"allow-exit-codes-trigger\", \u0026cloudbuild.TriggerArgs{\n\t\t\tName: pulumi.String(\"my-trigger\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tTriggerTemplate: \u0026cloudbuild.TriggerTriggerTemplateArgs{\n\t\t\t\tBranchName: pulumi.String(\"main\"),\n\t\t\t\tRepoName: pulumi.String(\"my-repo\"),\n\t\t\t},\n\t\t\tBuild: \u0026cloudbuild.TriggerBuildArgs{\n\t\t\t\tSteps: cloudbuild.TriggerBuildStepArray{\n\t\t\t\t\t\u0026cloudbuild.TriggerBuildStepArgs{\n\t\t\t\t\t\tName: pulumi.String(\"ubuntu\"),\n\t\t\t\t\t\tArgs: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"-c\"),\n\t\t\t\t\t\t\tpulumi.String(\"exit 1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tAllowExitCodes: pulumi.IntArray{\n\t\t\t\t\t\t\tpulumi.Int(1),\n\t\t\t\t\t\t\tpulumi.Int(3),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tSource: \u0026cloudbuild.TriggerBuildSourceArgs{\n\t\t\t\t\tStorageSource: \u0026cloudbuild.TriggerBuildSourceStorageSourceArgs{\n\t\t\t\t\t\tBucket: pulumi.String(\"mybucket\"),\n\t\t\t\t\t\tObject: pulumi.String(\"source_code.tar.gz\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tTags: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"build\"),\n\t\t\t\t\tpulumi.String(\"newFeature\"),\n\t\t\t\t},\n\t\t\t\tSubstitutions: pulumi.StringMap{\n\t\t\t\t\t\"_FOO\": pulumi.String(\"bar\"),\n\t\t\t\t\t\"_BAZ\": pulumi.String(\"qux\"),\n\t\t\t\t},\n\t\t\t\tQueueTtl: pulumi.String(\"20s\"),\n\t\t\t\tLogsBucket: pulumi.String(\"gs://mybucket/logs\"),\n\t\t\t\tSecrets: cloudbuild.TriggerBuildSecretArray{\n\t\t\t\t\t\u0026cloudbuild.TriggerBuildSecretArgs{\n\t\t\t\t\t\tKmsKeyName: pulumi.String(\"projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\"),\n\t\t\t\t\t\tSecretEnv: pulumi.StringMap{\n\t\t\t\t\t\t\t\"PASSWORD\": pulumi.String(\"ZW5jcnlwdGVkLXBhc3N3b3JkCg==\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tAvailableSecrets: \u0026cloudbuild.TriggerBuildAvailableSecretsArgs{\n\t\t\t\t\tSecretManagers: cloudbuild.TriggerBuildAvailableSecretsSecretManagerArray{\n\t\t\t\t\t\t\u0026cloudbuild.TriggerBuildAvailableSecretsSecretManagerArgs{\n\t\t\t\t\t\t\tEnv: pulumi.String(\"MY_SECRET\"),\n\t\t\t\t\t\t\tVersionName: pulumi.String(\"projects/myProject/secrets/mySecret/versions/latest\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tArtifacts: \u0026cloudbuild.TriggerBuildArtifactsArgs{\n\t\t\t\t\tImages: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\"),\n\t\t\t\t\t},\n\t\t\t\t\tObjects: \u0026cloudbuild.TriggerBuildArtifactsObjectsArgs{\n\t\t\t\t\t\tLocation: pulumi.String(\"gs://bucket/path/to/somewhere/\"),\n\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"path\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tOptions: \u0026cloudbuild.TriggerBuildOptionsArgs{\n\t\t\t\t\tSourceProvenanceHashes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"MD5\"),\n\t\t\t\t\t},\n\t\t\t\t\tRequestedVerifyOption: pulumi.String(\"VERIFIED\"),\n\t\t\t\t\tMachineType: pulumi.String(\"N1_HIGHCPU_8\"),\n\t\t\t\t\tDiskSizeGb: pulumi.Int(100),\n\t\t\t\t\tSubstitutionOption: pulumi.String(\"ALLOW_LOOSE\"),\n\t\t\t\t\tDynamicSubstitutions: pulumi.Bool(true),\n\t\t\t\t\tLogStreamingOption: pulumi.String(\"STREAM_OFF\"),\n\t\t\t\t\tWorkerPool: pulumi.String(\"pool\"),\n\t\t\t\t\tLogging: pulumi.String(\"LEGACY\"),\n\t\t\t\t\tEnvs: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"ekey = evalue\"),\n\t\t\t\t\t},\n\t\t\t\t\tSecretEnvs: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"secretenv = svalue\"),\n\t\t\t\t\t},\n\t\t\t\t\tVolumes: cloudbuild.TriggerBuildOptionsVolumeArray{\n\t\t\t\t\t\t\u0026cloudbuild.TriggerBuildOptionsVolumeArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"v1\"),\n\t\t\t\t\t\t\tPath: pulumi.String(\"v1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuild.Trigger;\nimport com.pulumi.gcp.cloudbuild.TriggerArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerTriggerTemplateArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildSourceArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildSourceStorageSourceArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildAvailableSecretsArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildArtifactsArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildArtifactsObjectsArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerBuildOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var allow_exit_codes_trigger = new Trigger(\"allow-exit-codes-trigger\", TriggerArgs.builder()\n .name(\"my-trigger\")\n .location(\"global\")\n .triggerTemplate(TriggerTriggerTemplateArgs.builder()\n .branchName(\"main\")\n .repoName(\"my-repo\")\n .build())\n .build(TriggerBuildArgs.builder()\n .steps(TriggerBuildStepArgs.builder()\n .name(\"ubuntu\")\n .args( \n \"-c\",\n \"exit 1\")\n .allowExitCodes( \n 1,\n 3)\n .build())\n .source(TriggerBuildSourceArgs.builder()\n .storageSource(TriggerBuildSourceStorageSourceArgs.builder()\n .bucket(\"mybucket\")\n .object(\"source_code.tar.gz\")\n .build())\n .build())\n .tags( \n \"build\",\n \"newFeature\")\n .substitutions(Map.ofEntries(\n Map.entry(\"_FOO\", \"bar\"),\n Map.entry(\"_BAZ\", \"qux\")\n ))\n .queueTtl(\"20s\")\n .logsBucket(\"gs://mybucket/logs\")\n .secrets(TriggerBuildSecretArgs.builder()\n .kmsKeyName(\"projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\")\n .secretEnv(Map.of(\"PASSWORD\", \"ZW5jcnlwdGVkLXBhc3N3b3JkCg==\"))\n .build())\n .availableSecrets(TriggerBuildAvailableSecretsArgs.builder()\n .secretManagers(TriggerBuildAvailableSecretsSecretManagerArgs.builder()\n .env(\"MY_SECRET\")\n .versionName(\"projects/myProject/secrets/mySecret/versions/latest\")\n .build())\n .build())\n .artifacts(TriggerBuildArtifactsArgs.builder()\n .images(\"gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\")\n .objects(TriggerBuildArtifactsObjectsArgs.builder()\n .location(\"gs://bucket/path/to/somewhere/\")\n .paths(\"path\")\n .build())\n .build())\n .options(TriggerBuildOptionsArgs.builder()\n .sourceProvenanceHashes(\"MD5\")\n .requestedVerifyOption(\"VERIFIED\")\n .machineType(\"N1_HIGHCPU_8\")\n .diskSizeGb(100)\n .substitutionOption(\"ALLOW_LOOSE\")\n .dynamicSubstitutions(true)\n .logStreamingOption(\"STREAM_OFF\")\n .workerPool(\"pool\")\n .logging(\"LEGACY\")\n .envs(\"ekey = evalue\")\n .secretEnvs(\"secretenv = svalue\")\n .volumes(TriggerBuildOptionsVolumeArgs.builder()\n .name(\"v1\")\n .path(\"v1\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n allow-exit-codes-trigger:\n type: gcp:cloudbuild:Trigger\n properties:\n name: my-trigger\n location: global\n triggerTemplate:\n branchName: main\n repoName: my-repo\n build:\n steps:\n - name: ubuntu\n args:\n - -c\n - exit 1\n allowExitCodes:\n - 1\n - 3\n source:\n storageSource:\n bucket: mybucket\n object: source_code.tar.gz\n tags:\n - build\n - newFeature\n substitutions:\n _FOO: bar\n _BAZ: qux\n queueTtl: 20s\n logsBucket: gs://mybucket/logs\n secrets:\n - kmsKeyName: projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name\n secretEnv:\n PASSWORD: ZW5jcnlwdGVkLXBhc3N3b3JkCg==\n availableSecrets:\n secretManagers:\n - env: MY_SECRET\n versionName: projects/myProject/secrets/mySecret/versions/latest\n artifacts:\n images:\n - gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA\n objects:\n location: gs://bucket/path/to/somewhere/\n paths:\n - path\n options:\n sourceProvenanceHashes:\n - MD5\n requestedVerifyOption: VERIFIED\n machineType: N1_HIGHCPU_8\n diskSizeGb: 100\n substitutionOption: ALLOW_LOOSE\n dynamicSubstitutions: true\n logStreamingOption: STREAM_OFF\n workerPool: pool\n logging: LEGACY\n envs:\n - ekey = evalue\n secretEnvs:\n - secretenv = svalue\n volumes:\n - name: v1\n path: v1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuild Trigger Pubsub With Repo\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_connection = new gcp.cloudbuildv2.Connection(\"my-connection\", {\n location: \"us-central1\",\n name: \"my-connection\",\n githubConfig: {\n appInstallationId: 123123,\n authorizerCredential: {\n oauthTokenSecretVersion: \"projects/my-project/secrets/github-pat-secret/versions/latest\",\n },\n },\n});\nconst my_repository = new gcp.cloudbuildv2.Repository(\"my-repository\", {\n name: \"my-repo\",\n parentConnection: my_connection.id,\n remoteUri: \"https://github.com/myuser/my-repo.git\",\n});\nconst mytopic = new gcp.pubsub.Topic(\"mytopic\", {name: \"my-topic\"});\nconst pubsub_with_repo_trigger = new gcp.cloudbuild.Trigger(\"pubsub-with-repo-trigger\", {\n name: \"pubsub-with-repo-trigger\",\n location: \"us-central1\",\n pubsubConfig: {\n topic: mytopic.id,\n },\n sourceToBuild: {\n repository: my_repository.id,\n ref: \"refs/heads/main\",\n repoType: \"GITHUB\",\n },\n gitFileSource: {\n path: \"cloudbuild.yaml\",\n repository: my_repository.id,\n revision: \"refs/heads/main\",\n repoType: \"GITHUB\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_connection = gcp.cloudbuildv2.Connection(\"my-connection\",\n location=\"us-central1\",\n name=\"my-connection\",\n github_config={\n \"app_installation_id\": 123123,\n \"authorizer_credential\": {\n \"oauth_token_secret_version\": \"projects/my-project/secrets/github-pat-secret/versions/latest\",\n },\n })\nmy_repository = gcp.cloudbuildv2.Repository(\"my-repository\",\n name=\"my-repo\",\n parent_connection=my_connection.id,\n remote_uri=\"https://github.com/myuser/my-repo.git\")\nmytopic = gcp.pubsub.Topic(\"mytopic\", name=\"my-topic\")\npubsub_with_repo_trigger = gcp.cloudbuild.Trigger(\"pubsub-with-repo-trigger\",\n name=\"pubsub-with-repo-trigger\",\n location=\"us-central1\",\n pubsub_config={\n \"topic\": mytopic.id,\n },\n source_to_build={\n \"repository\": my_repository.id,\n \"ref\": \"refs/heads/main\",\n \"repo_type\": \"GITHUB\",\n },\n git_file_source={\n \"path\": \"cloudbuild.yaml\",\n \"repository\": my_repository.id,\n \"revision\": \"refs/heads/main\",\n \"repo_type\": \"GITHUB\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_connection = new Gcp.CloudBuildV2.Connection(\"my-connection\", new()\n {\n Location = \"us-central1\",\n Name = \"my-connection\",\n GithubConfig = new Gcp.CloudBuildV2.Inputs.ConnectionGithubConfigArgs\n {\n AppInstallationId = 123123,\n AuthorizerCredential = new Gcp.CloudBuildV2.Inputs.ConnectionGithubConfigAuthorizerCredentialArgs\n {\n OauthTokenSecretVersion = \"projects/my-project/secrets/github-pat-secret/versions/latest\",\n },\n },\n });\n\n var my_repository = new Gcp.CloudBuildV2.Repository(\"my-repository\", new()\n {\n Name = \"my-repo\",\n ParentConnection = my_connection.Id,\n RemoteUri = \"https://github.com/myuser/my-repo.git\",\n });\n\n var mytopic = new Gcp.PubSub.Topic(\"mytopic\", new()\n {\n Name = \"my-topic\",\n });\n\n var pubsub_with_repo_trigger = new Gcp.CloudBuild.Trigger(\"pubsub-with-repo-trigger\", new()\n {\n Name = \"pubsub-with-repo-trigger\",\n Location = \"us-central1\",\n PubsubConfig = new Gcp.CloudBuild.Inputs.TriggerPubsubConfigArgs\n {\n Topic = mytopic.Id,\n },\n SourceToBuild = new Gcp.CloudBuild.Inputs.TriggerSourceToBuildArgs\n {\n Repository = my_repository.Id,\n Ref = \"refs/heads/main\",\n RepoType = \"GITHUB\",\n },\n GitFileSource = new Gcp.CloudBuild.Inputs.TriggerGitFileSourceArgs\n {\n Path = \"cloudbuild.yaml\",\n Repository = my_repository.Id,\n Revision = \"refs/heads/main\",\n RepoType = \"GITHUB\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnection(ctx, \"my-connection\", \u0026cloudbuildv2.ConnectionArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"my-connection\"),\n\t\t\tGithubConfig: \u0026cloudbuildv2.ConnectionGithubConfigArgs{\n\t\t\t\tAppInstallationId: pulumi.Int(123123),\n\t\t\t\tAuthorizerCredential: \u0026cloudbuildv2.ConnectionGithubConfigAuthorizerCredentialArgs{\n\t\t\t\t\tOauthTokenSecretVersion: pulumi.String(\"projects/my-project/secrets/github-pat-secret/versions/latest\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewRepository(ctx, \"my-repository\", \u0026cloudbuildv2.RepositoryArgs{\n\t\t\tName: pulumi.String(\"my-repo\"),\n\t\t\tParentConnection: my_connection.ID(),\n\t\t\tRemoteUri: pulumi.String(\"https://github.com/myuser/my-repo.git\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmytopic, err := pubsub.NewTopic(ctx, \"mytopic\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"my-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuild.NewTrigger(ctx, \"pubsub-with-repo-trigger\", \u0026cloudbuild.TriggerArgs{\n\t\t\tName: pulumi.String(\"pubsub-with-repo-trigger\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPubsubConfig: \u0026cloudbuild.TriggerPubsubConfigArgs{\n\t\t\t\tTopic: mytopic.ID(),\n\t\t\t},\n\t\t\tSourceToBuild: \u0026cloudbuild.TriggerSourceToBuildArgs{\n\t\t\t\tRepository: my_repository.ID(),\n\t\t\t\tRef: pulumi.String(\"refs/heads/main\"),\n\t\t\t\tRepoType: pulumi.String(\"GITHUB\"),\n\t\t\t},\n\t\t\tGitFileSource: \u0026cloudbuild.TriggerGitFileSourceArgs{\n\t\t\t\tPath: pulumi.String(\"cloudbuild.yaml\"),\n\t\t\t\tRepository: my_repository.ID(),\n\t\t\t\tRevision: pulumi.String(\"refs/heads/main\"),\n\t\t\t\tRepoType: pulumi.String(\"GITHUB\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.Connection;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionArgs;\nimport com.pulumi.gcp.cloudbuildv2.inputs.ConnectionGithubConfigArgs;\nimport com.pulumi.gcp.cloudbuildv2.inputs.ConnectionGithubConfigAuthorizerCredentialArgs;\nimport com.pulumi.gcp.cloudbuildv2.Repository;\nimport com.pulumi.gcp.cloudbuildv2.RepositoryArgs;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.cloudbuild.Trigger;\nimport com.pulumi.gcp.cloudbuild.TriggerArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerPubsubConfigArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerSourceToBuildArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.TriggerGitFileSourceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_connection = new Connection(\"my-connection\", ConnectionArgs.builder()\n .location(\"us-central1\")\n .name(\"my-connection\")\n .githubConfig(ConnectionGithubConfigArgs.builder()\n .appInstallationId(123123)\n .authorizerCredential(ConnectionGithubConfigAuthorizerCredentialArgs.builder()\n .oauthTokenSecretVersion(\"projects/my-project/secrets/github-pat-secret/versions/latest\")\n .build())\n .build())\n .build());\n\n var my_repository = new Repository(\"my-repository\", RepositoryArgs.builder()\n .name(\"my-repo\")\n .parentConnection(my_connection.id())\n .remoteUri(\"https://github.com/myuser/my-repo.git\")\n .build());\n\n var mytopic = new Topic(\"mytopic\", TopicArgs.builder()\n .name(\"my-topic\")\n .build());\n\n var pubsub_with_repo_trigger = new Trigger(\"pubsub-with-repo-trigger\", TriggerArgs.builder()\n .name(\"pubsub-with-repo-trigger\")\n .location(\"us-central1\")\n .pubsubConfig(TriggerPubsubConfigArgs.builder()\n .topic(mytopic.id())\n .build())\n .sourceToBuild(TriggerSourceToBuildArgs.builder()\n .repository(my_repository.id())\n .ref(\"refs/heads/main\")\n .repoType(\"GITHUB\")\n .build())\n .gitFileSource(TriggerGitFileSourceArgs.builder()\n .path(\"cloudbuild.yaml\")\n .repository(my_repository.id())\n .revision(\"refs/heads/main\")\n .repoType(\"GITHUB\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-connection:\n type: gcp:cloudbuildv2:Connection\n properties:\n location: us-central1\n name: my-connection\n githubConfig:\n appInstallationId: 123123\n authorizerCredential:\n oauthTokenSecretVersion: projects/my-project/secrets/github-pat-secret/versions/latest\n my-repository:\n type: gcp:cloudbuildv2:Repository\n properties:\n name: my-repo\n parentConnection: ${[\"my-connection\"].id}\n remoteUri: https://github.com/myuser/my-repo.git\n mytopic:\n type: gcp:pubsub:Topic\n properties:\n name: my-topic\n pubsub-with-repo-trigger:\n type: gcp:cloudbuild:Trigger\n properties:\n name: pubsub-with-repo-trigger\n location: us-central1\n pubsubConfig:\n topic: ${mytopic.id}\n sourceToBuild:\n repository: ${[\"my-repository\"].id}\n ref: refs/heads/main\n repoType: GITHUB\n gitFileSource:\n path: cloudbuild.yaml\n repository: ${[\"my-repository\"].id}\n revision: refs/heads/main\n repoType: GITHUB\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nTrigger can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/triggers/{{trigger_id}}`\n\n* `projects/{{project}}/triggers/{{trigger_id}}`\n\n* `{{project}}/{{trigger_id}}`\n\n* `{{trigger_id}}`\n\nWhen using the `pulumi import` command, Trigger can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:cloudbuild/trigger:Trigger default projects/{{project}}/locations/{{location}}/triggers/{{trigger_id}}\n```\n\n```sh\n$ pulumi import gcp:cloudbuild/trigger:Trigger default projects/{{project}}/triggers/{{trigger_id}}\n```\n\n```sh\n$ pulumi import gcp:cloudbuild/trigger:Trigger default {{project}}/{{trigger_id}}\n```\n\n```sh\n$ pulumi import gcp:cloudbuild/trigger:Trigger default {{trigger_id}}\n```\n\n", "properties": { "approvalConfig": { "$ref": "#/types/gcp:cloudbuild/TriggerApprovalConfig:TriggerApprovalConfig", @@ -150401,7 +150401,7 @@ } }, "gcp:cloudbuild/workerPool:WorkerPool": { - "description": "Definition of custom Cloud Build WorkerPools for running jobs with custom configuration and custom networking.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst pool = new gcp.cloudbuild.WorkerPool(\"pool\", {\n name: \"my-pool\",\n location: \"europe-west1\",\n workerConfig: {\n diskSizeGb: 100,\n machineType: \"e2-standard-4\",\n noExternalIp: false,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npool = gcp.cloudbuild.WorkerPool(\"pool\",\n name=\"my-pool\",\n location=\"europe-west1\",\n worker_config={\n \"disk_size_gb\": 100,\n \"machine_type\": \"e2-standard-4\",\n \"no_external_ip\": False,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Gcp.CloudBuild.WorkerPool(\"pool\", new()\n {\n Name = \"my-pool\",\n Location = \"europe-west1\",\n WorkerConfig = new Gcp.CloudBuild.Inputs.WorkerPoolWorkerConfigArgs\n {\n DiskSizeGb = 100,\n MachineType = \"e2-standard-4\",\n NoExternalIp = false,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuild.NewWorkerPool(ctx, \"pool\", \u0026cloudbuild.WorkerPoolArgs{\n\t\t\tName: pulumi.String(\"my-pool\"),\n\t\t\tLocation: pulumi.String(\"europe-west1\"),\n\t\t\tWorkerConfig: \u0026cloudbuild.WorkerPoolWorkerConfigArgs{\n\t\t\t\tDiskSizeGb: pulumi.Int(100),\n\t\t\t\tMachineType: pulumi.String(\"e2-standard-4\"),\n\t\t\t\tNoExternalIp: pulumi.Bool(false),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuild.WorkerPool;\nimport com.pulumi.gcp.cloudbuild.WorkerPoolArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.WorkerPoolWorkerConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new WorkerPool(\"pool\", WorkerPoolArgs.builder()\n .name(\"my-pool\")\n .location(\"europe-west1\")\n .workerConfig(WorkerPoolWorkerConfigArgs.builder()\n .diskSizeGb(100)\n .machineType(\"e2-standard-4\")\n .noExternalIp(false)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pool:\n type: gcp:cloudbuild:WorkerPool\n properties:\n name: my-pool\n location: europe-west1\n workerConfig:\n diskSizeGb: 100\n machineType: e2-standard-4\n noExternalIp: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Network Config\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst servicenetworking = new gcp.projects.Service(\"servicenetworking\", {\n service: \"servicenetworking.googleapis.com\",\n disableOnDestroy: false,\n});\nconst network = new gcp.compute.Network(\"network\", {\n name: \"my-network\",\n autoCreateSubnetworks: false,\n}, {\n dependsOn: [servicenetworking],\n});\nconst workerRange = new gcp.compute.GlobalAddress(\"worker_range\", {\n name: \"worker-pool-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: network.id,\n});\nconst workerPoolConn = new gcp.servicenetworking.Connection(\"worker_pool_conn\", {\n network: network.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [workerRange.name],\n}, {\n dependsOn: [servicenetworking],\n});\nconst pool = new gcp.cloudbuild.WorkerPool(\"pool\", {\n name: \"my-pool\",\n location: \"europe-west1\",\n workerConfig: {\n diskSizeGb: 100,\n machineType: \"e2-standard-4\",\n noExternalIp: false,\n },\n networkConfig: {\n peeredNetwork: network.id,\n peeredNetworkIpRange: \"/29\",\n },\n}, {\n dependsOn: [workerPoolConn],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nservicenetworking = gcp.projects.Service(\"servicenetworking\",\n service=\"servicenetworking.googleapis.com\",\n disable_on_destroy=False)\nnetwork = gcp.compute.Network(\"network\",\n name=\"my-network\",\n auto_create_subnetworks=False,\n opts = pulumi.ResourceOptions(depends_on=[servicenetworking]))\nworker_range = gcp.compute.GlobalAddress(\"worker_range\",\n name=\"worker-pool-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=network.id)\nworker_pool_conn = gcp.servicenetworking.Connection(\"worker_pool_conn\",\n network=network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[worker_range.name],\n opts = pulumi.ResourceOptions(depends_on=[servicenetworking]))\npool = gcp.cloudbuild.WorkerPool(\"pool\",\n name=\"my-pool\",\n location=\"europe-west1\",\n worker_config={\n \"disk_size_gb\": 100,\n \"machine_type\": \"e2-standard-4\",\n \"no_external_ip\": False,\n },\n network_config={\n \"peered_network\": network.id,\n \"peered_network_ip_range\": \"/29\",\n },\n opts = pulumi.ResourceOptions(depends_on=[worker_pool_conn]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var servicenetworking = new Gcp.Projects.Service(\"servicenetworking\", new()\n {\n ServiceName = \"servicenetworking.googleapis.com\",\n DisableOnDestroy = false,\n });\n\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"my-network\",\n AutoCreateSubnetworks = false,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n servicenetworking,\n },\n });\n\n var workerRange = new Gcp.Compute.GlobalAddress(\"worker_range\", new()\n {\n Name = \"worker-pool-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = network.Id,\n });\n\n var workerPoolConn = new Gcp.ServiceNetworking.Connection(\"worker_pool_conn\", new()\n {\n Network = network.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n workerRange.Name,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n servicenetworking,\n },\n });\n\n var pool = new Gcp.CloudBuild.WorkerPool(\"pool\", new()\n {\n Name = \"my-pool\",\n Location = \"europe-west1\",\n WorkerConfig = new Gcp.CloudBuild.Inputs.WorkerPoolWorkerConfigArgs\n {\n DiskSizeGb = 100,\n MachineType = \"e2-standard-4\",\n NoExternalIp = false,\n },\n NetworkConfig = new Gcp.CloudBuild.Inputs.WorkerPoolNetworkConfigArgs\n {\n PeeredNetwork = network.Id,\n PeeredNetworkIpRange = \"/29\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n workerPoolConn,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tservicenetworking, err := projects.NewService(ctx, \"servicenetworking\", \u0026projects.ServiceArgs{\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tDisableOnDestroy: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tservicenetworking,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tworkerRange, err := compute.NewGlobalAddress(ctx, \"worker_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"worker-pool-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: network.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tworkerPoolConn, err := servicenetworking.NewConnection(ctx, \"worker_pool_conn\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: network.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tworkerRange.Name,\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tservicenetworking,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuild.NewWorkerPool(ctx, \"pool\", \u0026cloudbuild.WorkerPoolArgs{\n\t\t\tName: pulumi.String(\"my-pool\"),\n\t\t\tLocation: pulumi.String(\"europe-west1\"),\n\t\t\tWorkerConfig: \u0026cloudbuild.WorkerPoolWorkerConfigArgs{\n\t\t\t\tDiskSizeGb: pulumi.Int(100),\n\t\t\t\tMachineType: pulumi.String(\"e2-standard-4\"),\n\t\t\t\tNoExternalIp: pulumi.Bool(false),\n\t\t\t},\n\t\t\tNetworkConfig: \u0026cloudbuild.WorkerPoolNetworkConfigArgs{\n\t\t\t\tPeeredNetwork: network.ID(),\n\t\t\t\tPeeredNetworkIpRange: pulumi.String(\"/29\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tworkerPoolConn,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.cloudbuild.WorkerPool;\nimport com.pulumi.gcp.cloudbuild.WorkerPoolArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.WorkerPoolWorkerConfigArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.WorkerPoolNetworkConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var servicenetworking = new Service(\"servicenetworking\", ServiceArgs.builder()\n .service(\"servicenetworking.googleapis.com\")\n .disableOnDestroy(false)\n .build());\n\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"my-network\")\n .autoCreateSubnetworks(false)\n .build(), CustomResourceOptions.builder()\n .dependsOn(servicenetworking)\n .build());\n\n var workerRange = new GlobalAddress(\"workerRange\", GlobalAddressArgs.builder()\n .name(\"worker-pool-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(network.id())\n .build());\n\n var workerPoolConn = new Connection(\"workerPoolConn\", ConnectionArgs.builder()\n .network(network.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(workerRange.name())\n .build(), CustomResourceOptions.builder()\n .dependsOn(servicenetworking)\n .build());\n\n var pool = new WorkerPool(\"pool\", WorkerPoolArgs.builder()\n .name(\"my-pool\")\n .location(\"europe-west1\")\n .workerConfig(WorkerPoolWorkerConfigArgs.builder()\n .diskSizeGb(100)\n .machineType(\"e2-standard-4\")\n .noExternalIp(false)\n .build())\n .networkConfig(WorkerPoolNetworkConfigArgs.builder()\n .peeredNetwork(network.id())\n .peeredNetworkIpRange(\"/29\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(workerPoolConn)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n servicenetworking:\n type: gcp:projects:Service\n properties:\n service: servicenetworking.googleapis.com\n disableOnDestroy: false\n network:\n type: gcp:compute:Network\n properties:\n name: my-network\n autoCreateSubnetworks: false\n options:\n dependson:\n - ${servicenetworking}\n workerRange:\n type: gcp:compute:GlobalAddress\n name: worker_range\n properties:\n name: worker-pool-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${network.id}\n workerPoolConn:\n type: gcp:servicenetworking:Connection\n name: worker_pool_conn\n properties:\n network: ${network.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${workerRange.name}\n options:\n dependson:\n - ${servicenetworking}\n pool:\n type: gcp:cloudbuild:WorkerPool\n properties:\n name: my-pool\n location: europe-west1\n workerConfig:\n diskSizeGb: 100\n machineType: e2-standard-4\n noExternalIp: false\n networkConfig:\n peeredNetwork: ${network.id}\n peeredNetworkIpRange: /29\n options:\n dependson:\n - ${workerPoolConn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nWorkerPool can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/workerPools/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, WorkerPool can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:cloudbuild/workerPool:WorkerPool default projects/{{project}}/locations/{{location}}/workerPools/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudbuild/workerPool:WorkerPool default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudbuild/workerPool:WorkerPool default {{location}}/{{name}}\n```\n\n", + "description": "Definition of custom Cloud Build WorkerPools for running jobs with custom configuration and custom networking.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst pool = new gcp.cloudbuild.WorkerPool(\"pool\", {\n name: \"my-pool\",\n location: \"europe-west1\",\n workerConfig: {\n diskSizeGb: 100,\n machineType: \"e2-standard-4\",\n noExternalIp: false,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npool = gcp.cloudbuild.WorkerPool(\"pool\",\n name=\"my-pool\",\n location=\"europe-west1\",\n worker_config={\n \"disk_size_gb\": 100,\n \"machine_type\": \"e2-standard-4\",\n \"no_external_ip\": False,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Gcp.CloudBuild.WorkerPool(\"pool\", new()\n {\n Name = \"my-pool\",\n Location = \"europe-west1\",\n WorkerConfig = new Gcp.CloudBuild.Inputs.WorkerPoolWorkerConfigArgs\n {\n DiskSizeGb = 100,\n MachineType = \"e2-standard-4\",\n NoExternalIp = false,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuild.NewWorkerPool(ctx, \"pool\", \u0026cloudbuild.WorkerPoolArgs{\n\t\t\tName: pulumi.String(\"my-pool\"),\n\t\t\tLocation: pulumi.String(\"europe-west1\"),\n\t\t\tWorkerConfig: \u0026cloudbuild.WorkerPoolWorkerConfigArgs{\n\t\t\t\tDiskSizeGb: pulumi.Int(100),\n\t\t\t\tMachineType: pulumi.String(\"e2-standard-4\"),\n\t\t\t\tNoExternalIp: pulumi.Bool(false),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuild.WorkerPool;\nimport com.pulumi.gcp.cloudbuild.WorkerPoolArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.WorkerPoolWorkerConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new WorkerPool(\"pool\", WorkerPoolArgs.builder()\n .name(\"my-pool\")\n .location(\"europe-west1\")\n .workerConfig(WorkerPoolWorkerConfigArgs.builder()\n .diskSizeGb(100)\n .machineType(\"e2-standard-4\")\n .noExternalIp(false)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pool:\n type: gcp:cloudbuild:WorkerPool\n properties:\n name: my-pool\n location: europe-west1\n workerConfig:\n diskSizeGb: 100\n machineType: e2-standard-4\n noExternalIp: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Network Config\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst servicenetworking = new gcp.projects.Service(\"servicenetworking\", {\n service: \"servicenetworking.googleapis.com\",\n disableOnDestroy: false,\n});\nconst network = new gcp.compute.Network(\"network\", {\n name: \"my-network\",\n autoCreateSubnetworks: false,\n}, {\n dependsOn: [servicenetworking],\n});\nconst workerRange = new gcp.compute.GlobalAddress(\"worker_range\", {\n name: \"worker-pool-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: network.id,\n});\nconst workerPoolConn = new gcp.servicenetworking.Connection(\"worker_pool_conn\", {\n network: network.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [workerRange.name],\n}, {\n dependsOn: [servicenetworking],\n});\nconst pool = new gcp.cloudbuild.WorkerPool(\"pool\", {\n name: \"my-pool\",\n location: \"europe-west1\",\n workerConfig: {\n diskSizeGb: 100,\n machineType: \"e2-standard-4\",\n noExternalIp: false,\n },\n networkConfig: {\n peeredNetwork: network.id,\n peeredNetworkIpRange: \"/29\",\n },\n}, {\n dependsOn: [workerPoolConn],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nservicenetworking = gcp.projects.Service(\"servicenetworking\",\n service=\"servicenetworking.googleapis.com\",\n disable_on_destroy=False)\nnetwork = gcp.compute.Network(\"network\",\n name=\"my-network\",\n auto_create_subnetworks=False,\n opts = pulumi.ResourceOptions(depends_on=[servicenetworking]))\nworker_range = gcp.compute.GlobalAddress(\"worker_range\",\n name=\"worker-pool-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=network.id)\nworker_pool_conn = gcp.servicenetworking.Connection(\"worker_pool_conn\",\n network=network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[worker_range.name],\n opts = pulumi.ResourceOptions(depends_on=[servicenetworking]))\npool = gcp.cloudbuild.WorkerPool(\"pool\",\n name=\"my-pool\",\n location=\"europe-west1\",\n worker_config={\n \"disk_size_gb\": 100,\n \"machine_type\": \"e2-standard-4\",\n \"no_external_ip\": False,\n },\n network_config={\n \"peered_network\": network.id,\n \"peered_network_ip_range\": \"/29\",\n },\n opts = pulumi.ResourceOptions(depends_on=[worker_pool_conn]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var servicenetworking = new Gcp.Projects.Service(\"servicenetworking\", new()\n {\n ServiceName = \"servicenetworking.googleapis.com\",\n DisableOnDestroy = false,\n });\n\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"my-network\",\n AutoCreateSubnetworks = false,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n servicenetworking,\n },\n });\n\n var workerRange = new Gcp.Compute.GlobalAddress(\"worker_range\", new()\n {\n Name = \"worker-pool-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = network.Id,\n });\n\n var workerPoolConn = new Gcp.ServiceNetworking.Connection(\"worker_pool_conn\", new()\n {\n Network = network.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n workerRange.Name,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n servicenetworking,\n },\n });\n\n var pool = new Gcp.CloudBuild.WorkerPool(\"pool\", new()\n {\n Name = \"my-pool\",\n Location = \"europe-west1\",\n WorkerConfig = new Gcp.CloudBuild.Inputs.WorkerPoolWorkerConfigArgs\n {\n DiskSizeGb = 100,\n MachineType = \"e2-standard-4\",\n NoExternalIp = false,\n },\n NetworkConfig = new Gcp.CloudBuild.Inputs.WorkerPoolNetworkConfigArgs\n {\n PeeredNetwork = network.Id,\n PeeredNetworkIpRange = \"/29\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n workerPoolConn,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tservicenetworking, err := projects.NewService(ctx, \"servicenetworking\", \u0026projects.ServiceArgs{\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tDisableOnDestroy: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tservicenetworking,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tworkerRange, err := compute.NewGlobalAddress(ctx, \"worker_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"worker-pool-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: network.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tworkerPoolConn, err := servicenetworking.NewConnection(ctx, \"worker_pool_conn\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: network.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tworkerRange.Name,\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tservicenetworking,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuild.NewWorkerPool(ctx, \"pool\", \u0026cloudbuild.WorkerPoolArgs{\n\t\t\tName: pulumi.String(\"my-pool\"),\n\t\t\tLocation: pulumi.String(\"europe-west1\"),\n\t\t\tWorkerConfig: \u0026cloudbuild.WorkerPoolWorkerConfigArgs{\n\t\t\t\tDiskSizeGb: pulumi.Int(100),\n\t\t\t\tMachineType: pulumi.String(\"e2-standard-4\"),\n\t\t\t\tNoExternalIp: pulumi.Bool(false),\n\t\t\t},\n\t\t\tNetworkConfig: \u0026cloudbuild.WorkerPoolNetworkConfigArgs{\n\t\t\t\tPeeredNetwork: network.ID(),\n\t\t\t\tPeeredNetworkIpRange: pulumi.String(\"/29\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tworkerPoolConn,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.cloudbuild.WorkerPool;\nimport com.pulumi.gcp.cloudbuild.WorkerPoolArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.WorkerPoolWorkerConfigArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.WorkerPoolNetworkConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var servicenetworking = new Service(\"servicenetworking\", ServiceArgs.builder()\n .service(\"servicenetworking.googleapis.com\")\n .disableOnDestroy(false)\n .build());\n\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"my-network\")\n .autoCreateSubnetworks(false)\n .build(), CustomResourceOptions.builder()\n .dependsOn(servicenetworking)\n .build());\n\n var workerRange = new GlobalAddress(\"workerRange\", GlobalAddressArgs.builder()\n .name(\"worker-pool-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(network.id())\n .build());\n\n var workerPoolConn = new Connection(\"workerPoolConn\", ConnectionArgs.builder()\n .network(network.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(workerRange.name())\n .build(), CustomResourceOptions.builder()\n .dependsOn(servicenetworking)\n .build());\n\n var pool = new WorkerPool(\"pool\", WorkerPoolArgs.builder()\n .name(\"my-pool\")\n .location(\"europe-west1\")\n .workerConfig(WorkerPoolWorkerConfigArgs.builder()\n .diskSizeGb(100)\n .machineType(\"e2-standard-4\")\n .noExternalIp(false)\n .build())\n .networkConfig(WorkerPoolNetworkConfigArgs.builder()\n .peeredNetwork(network.id())\n .peeredNetworkIpRange(\"/29\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(workerPoolConn)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n servicenetworking:\n type: gcp:projects:Service\n properties:\n service: servicenetworking.googleapis.com\n disableOnDestroy: false\n network:\n type: gcp:compute:Network\n properties:\n name: my-network\n autoCreateSubnetworks: false\n options:\n dependsOn:\n - ${servicenetworking}\n workerRange:\n type: gcp:compute:GlobalAddress\n name: worker_range\n properties:\n name: worker-pool-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${network.id}\n workerPoolConn:\n type: gcp:servicenetworking:Connection\n name: worker_pool_conn\n properties:\n network: ${network.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${workerRange.name}\n options:\n dependsOn:\n - ${servicenetworking}\n pool:\n type: gcp:cloudbuild:WorkerPool\n properties:\n name: my-pool\n location: europe-west1\n workerConfig:\n diskSizeGb: 100\n machineType: e2-standard-4\n noExternalIp: false\n networkConfig:\n peeredNetwork: ${network.id}\n peeredNetworkIpRange: /29\n options:\n dependsOn:\n - ${workerPoolConn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nWorkerPool can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/workerPools/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, WorkerPool can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:cloudbuild/workerPool:WorkerPool default projects/{{project}}/locations/{{location}}/workerPools/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudbuild/workerPool:WorkerPool default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudbuild/workerPool:WorkerPool default {{location}}/{{name}}\n```\n\n", "properties": { "annotations": { "type": "object", @@ -150582,7 +150582,7 @@ } }, "gcp:cloudbuildv2/connection:Connection": { - "description": "A connection to a SCM like GitHub, GitHub Enterprise, Bitbucket Data Center/Cloud or GitLab.\n\n\nTo get more information about Connection, see:\n\n* [API documentation](https://cloud.google.com/build/docs/api/reference/rest)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/build/docs)\n\n## Example Usage\n\n### Cloudbuildv2 Connection\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_connection = new gcp.cloudbuildv2.Connection(\"my-connection\", {\n location: \"us-central1\",\n name: \"tf-test-connection\",\n githubConfig: {\n appInstallationId: 0,\n authorizerCredential: {\n oauthTokenSecretVersion: \"projects/gcb-terraform-creds/secrets/github-pat/versions/1\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_connection = gcp.cloudbuildv2.Connection(\"my-connection\",\n location=\"us-central1\",\n name=\"tf-test-connection\",\n github_config={\n \"app_installation_id\": 0,\n \"authorizer_credential\": {\n \"oauth_token_secret_version\": \"projects/gcb-terraform-creds/secrets/github-pat/versions/1\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_connection = new Gcp.CloudBuildV2.Connection(\"my-connection\", new()\n {\n Location = \"us-central1\",\n Name = \"tf-test-connection\",\n GithubConfig = new Gcp.CloudBuildV2.Inputs.ConnectionGithubConfigArgs\n {\n AppInstallationId = 0,\n AuthorizerCredential = new Gcp.CloudBuildV2.Inputs.ConnectionGithubConfigAuthorizerCredentialArgs\n {\n OauthTokenSecretVersion = \"projects/gcb-terraform-creds/secrets/github-pat/versions/1\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnection(ctx, \"my-connection\", \u0026cloudbuildv2.ConnectionArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"tf-test-connection\"),\n\t\t\tGithubConfig: \u0026cloudbuildv2.ConnectionGithubConfigArgs{\n\t\t\t\tAppInstallationId: pulumi.Int(0),\n\t\t\t\tAuthorizerCredential: \u0026cloudbuildv2.ConnectionGithubConfigAuthorizerCredentialArgs{\n\t\t\t\t\tOauthTokenSecretVersion: pulumi.String(\"projects/gcb-terraform-creds/secrets/github-pat/versions/1\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.Connection;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionArgs;\nimport com.pulumi.gcp.cloudbuildv2.inputs.ConnectionGithubConfigArgs;\nimport com.pulumi.gcp.cloudbuildv2.inputs.ConnectionGithubConfigAuthorizerCredentialArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_connection = new Connection(\"my-connection\", ConnectionArgs.builder()\n .location(\"us-central1\")\n .name(\"tf-test-connection\")\n .githubConfig(ConnectionGithubConfigArgs.builder()\n .appInstallationId(0)\n .authorizerCredential(ConnectionGithubConfigAuthorizerCredentialArgs.builder()\n .oauthTokenSecretVersion(\"projects/gcb-terraform-creds/secrets/github-pat/versions/1\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-connection:\n type: gcp:cloudbuildv2:Connection\n properties:\n location: us-central1\n name: tf-test-connection\n githubConfig:\n appInstallationId: 0\n authorizerCredential:\n oauthTokenSecretVersion: projects/gcb-terraform-creds/secrets/github-pat/versions/1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuildv2 Connection Ghe\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst private_key_secret = new gcp.secretmanager.Secret(\"private-key-secret\", {\n secretId: \"ghe-pk-secret\",\n replication: {\n auto: {},\n },\n});\nconst private_key_secret_version = new gcp.secretmanager.SecretVersion(\"private-key-secret-version\", {\n secret: private_key_secret.id,\n secretData: std.file({\n input: \"private-key.pem\",\n }).then(invoke =\u003e invoke.result),\n});\nconst webhook_secret_secret = new gcp.secretmanager.Secret(\"webhook-secret-secret\", {\n secretId: \"github-token-secret\",\n replication: {\n auto: {},\n },\n});\nconst webhook_secret_secret_version = new gcp.secretmanager.SecretVersion(\"webhook-secret-secret-version\", {\n secret: webhook_secret_secret.id,\n secretData: \"\u003cwebhook-secret-data\u003e\",\n});\nconst p4sa-secretAccessor = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\"],\n }],\n});\nconst policy_pk = new gcp.secretmanager.SecretIamPolicy(\"policy-pk\", {\n secretId: private_key_secret.secretId,\n policyData: p4sa_secretAccessor.then(p4sa_secretAccessor =\u003e p4sa_secretAccessor.policyData),\n});\nconst policy_whs = new gcp.secretmanager.SecretIamPolicy(\"policy-whs\", {\n secretId: webhook_secret_secret.secretId,\n policyData: p4sa_secretAccessor.then(p4sa_secretAccessor =\u003e p4sa_secretAccessor.policyData),\n});\nconst my_connection = new gcp.cloudbuildv2.Connection(\"my-connection\", {\n location: \"us-central1\",\n name: \"my-terraform-ghe-connection\",\n githubEnterpriseConfig: {\n hostUri: \"https://ghe.com\",\n privateKeySecretVersion: private_key_secret_version.id,\n webhookSecretSecretVersion: webhook_secret_secret_version.id,\n appId: 200,\n appSlug: \"gcb-app\",\n appInstallationId: 300,\n },\n}, {\n dependsOn: [\n policy_pk,\n policy_whs,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nprivate_key_secret = gcp.secretmanager.Secret(\"private-key-secret\",\n secret_id=\"ghe-pk-secret\",\n replication={\n \"auto\": {},\n })\nprivate_key_secret_version = gcp.secretmanager.SecretVersion(\"private-key-secret-version\",\n secret=private_key_secret.id,\n secret_data=std.file(input=\"private-key.pem\").result)\nwebhook_secret_secret = gcp.secretmanager.Secret(\"webhook-secret-secret\",\n secret_id=\"github-token-secret\",\n replication={\n \"auto\": {},\n })\nwebhook_secret_secret_version = gcp.secretmanager.SecretVersion(\"webhook-secret-secret-version\",\n secret=webhook_secret_secret.id,\n secret_data=\"\u003cwebhook-secret-data\u003e\")\np4sa_secret_accessor = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\"],\n}])\npolicy_pk = gcp.secretmanager.SecretIamPolicy(\"policy-pk\",\n secret_id=private_key_secret.secret_id,\n policy_data=p4sa_secret_accessor.policy_data)\npolicy_whs = gcp.secretmanager.SecretIamPolicy(\"policy-whs\",\n secret_id=webhook_secret_secret.secret_id,\n policy_data=p4sa_secret_accessor.policy_data)\nmy_connection = gcp.cloudbuildv2.Connection(\"my-connection\",\n location=\"us-central1\",\n name=\"my-terraform-ghe-connection\",\n github_enterprise_config={\n \"host_uri\": \"https://ghe.com\",\n \"private_key_secret_version\": private_key_secret_version.id,\n \"webhook_secret_secret_version\": webhook_secret_secret_version.id,\n \"app_id\": 200,\n \"app_slug\": \"gcb-app\",\n \"app_installation_id\": 300,\n },\n opts = pulumi.ResourceOptions(depends_on=[\n policy_pk,\n policy_whs,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var private_key_secret = new Gcp.SecretManager.Secret(\"private-key-secret\", new()\n {\n SecretId = \"ghe-pk-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var private_key_secret_version = new Gcp.SecretManager.SecretVersion(\"private-key-secret-version\", new()\n {\n Secret = private_key_secret.Id,\n SecretData = Std.File.Invoke(new()\n {\n Input = \"private-key.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n var webhook_secret_secret = new Gcp.SecretManager.Secret(\"webhook-secret-secret\", new()\n {\n SecretId = \"github-token-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var webhook_secret_secret_version = new Gcp.SecretManager.SecretVersion(\"webhook-secret-secret-version\", new()\n {\n Secret = webhook_secret_secret.Id,\n SecretData = \"\u003cwebhook-secret-data\u003e\",\n });\n\n var p4sa_secretAccessor = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\",\n },\n },\n },\n });\n\n var policy_pk = new Gcp.SecretManager.SecretIamPolicy(\"policy-pk\", new()\n {\n SecretId = private_key_secret.SecretId,\n PolicyData = p4sa_secretAccessor.Apply(p4sa_secretAccessor =\u003e p4sa_secretAccessor.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData)),\n });\n\n var policy_whs = new Gcp.SecretManager.SecretIamPolicy(\"policy-whs\", new()\n {\n SecretId = webhook_secret_secret.SecretId,\n PolicyData = p4sa_secretAccessor.Apply(p4sa_secretAccessor =\u003e p4sa_secretAccessor.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData)),\n });\n\n var my_connection = new Gcp.CloudBuildV2.Connection(\"my-connection\", new()\n {\n Location = \"us-central1\",\n Name = \"my-terraform-ghe-connection\",\n GithubEnterpriseConfig = new Gcp.CloudBuildV2.Inputs.ConnectionGithubEnterpriseConfigArgs\n {\n HostUri = \"https://ghe.com\",\n PrivateKeySecretVersion = private_key_secret_version.Id,\n WebhookSecretSecretVersion = webhook_secret_secret_version.Id,\n AppId = 200,\n AppSlug = \"gcb-app\",\n AppInstallationId = 300,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n policy_pk,\n policy_whs,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecret(ctx, \"private-key-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"ghe-pk-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"private-key.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"private-key-secret-version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: private_key_secret.ID(),\n\t\t\tSecretData: pulumi.String(invokeFile.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecret(ctx, \"webhook-secret-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"github-token-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"webhook-secret-secret-version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: webhook_secret_secret.ID(),\n\t\t\tSecretData: pulumi.String(\"\u003cwebhook-secret-data\u003e\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tp4sa_secretAccessor, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy-pk\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tSecretId: private_key_secret.SecretId,\n\t\t\tPolicyData: pulumi.String(p4sa_secretAccessor.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy-whs\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tSecretId: webhook_secret_secret.SecretId,\n\t\t\tPolicyData: pulumi.String(p4sa_secretAccessor.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewConnection(ctx, \"my-connection\", \u0026cloudbuildv2.ConnectionArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"my-terraform-ghe-connection\"),\n\t\t\tGithubEnterpriseConfig: \u0026cloudbuildv2.ConnectionGithubEnterpriseConfigArgs{\n\t\t\t\tHostUri: pulumi.String(\"https://ghe.com\"),\n\t\t\t\tPrivateKeySecretVersion: private_key_secret_version.ID(),\n\t\t\t\tWebhookSecretSecretVersion: webhook_secret_secret_version.ID(),\n\t\t\t\tAppId: pulumi.Int(200),\n\t\t\t\tAppSlug: pulumi.String(\"gcb-app\"),\n\t\t\t\tAppInstallationId: pulumi.Int(300),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tpolicy_pk,\n\t\t\tpolicy_whs,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport com.pulumi.gcp.cloudbuildv2.Connection;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionArgs;\nimport com.pulumi.gcp.cloudbuildv2.inputs.ConnectionGithubEnterpriseConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var private_key_secret = new Secret(\"private-key-secret\", SecretArgs.builder()\n .secretId(\"ghe-pk-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var private_key_secret_version = new SecretVersion(\"private-key-secret-version\", SecretVersionArgs.builder()\n .secret(private_key_secret.id())\n .secretData(StdFunctions.file(FileArgs.builder()\n .input(\"private-key.pem\")\n .build()).result())\n .build());\n\n var webhook_secret_secret = new Secret(\"webhook-secret-secret\", SecretArgs.builder()\n .secretId(\"github-token-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var webhook_secret_secret_version = new SecretVersion(\"webhook-secret-secret-version\", SecretVersionArgs.builder()\n .secret(webhook_secret_secret.id())\n .secretData(\"\u003cwebhook-secret-data\u003e\")\n .build());\n\n final var p4sa-secretAccessor = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\")\n .build())\n .build());\n\n var policy_pk = new SecretIamPolicy(\"policy-pk\", SecretIamPolicyArgs.builder()\n .secretId(private_key_secret.secretId())\n .policyData(p4sa_secretAccessor.policyData())\n .build());\n\n var policy_whs = new SecretIamPolicy(\"policy-whs\", SecretIamPolicyArgs.builder()\n .secretId(webhook_secret_secret.secretId())\n .policyData(p4sa_secretAccessor.policyData())\n .build());\n\n var my_connection = new Connection(\"my-connection\", ConnectionArgs.builder()\n .location(\"us-central1\")\n .name(\"my-terraform-ghe-connection\")\n .githubEnterpriseConfig(ConnectionGithubEnterpriseConfigArgs.builder()\n .hostUri(\"https://ghe.com\")\n .privateKeySecretVersion(private_key_secret_version.id())\n .webhookSecretSecretVersion(webhook_secret_secret_version.id())\n .appId(200)\n .appSlug(\"gcb-app\")\n .appInstallationId(300)\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n policy_pk,\n policy_whs)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n private-key-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: ghe-pk-secret\n replication:\n auto: {}\n private-key-secret-version:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${[\"private-key-secret\"].id}\n secretData:\n fn::invoke:\n Function: std:file\n Arguments:\n input: private-key.pem\n Return: result\n webhook-secret-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: github-token-secret\n replication:\n auto: {}\n webhook-secret-secret-version:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${[\"webhook-secret-secret\"].id}\n secretData: \u003cwebhook-secret-data\u003e\n policy-pk:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n secretId: ${[\"private-key-secret\"].secretId}\n policyData: ${[\"p4sa-secretAccessor\"].policyData}\n policy-whs:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n secretId: ${[\"webhook-secret-secret\"].secretId}\n policyData: ${[\"p4sa-secretAccessor\"].policyData}\n my-connection:\n type: gcp:cloudbuildv2:Connection\n properties:\n location: us-central1\n name: my-terraform-ghe-connection\n githubEnterpriseConfig:\n hostUri: https://ghe.com\n privateKeySecretVersion: ${[\"private-key-secret-version\"].id}\n webhookSecretSecretVersion: ${[\"webhook-secret-secret-version\"].id}\n appId: 200\n appSlug: gcb-app\n appInstallationId: 300\n options:\n dependson:\n - ${[\"policy-pk\"]}\n - ${[\"policy-whs\"]}\nvariables:\n p4sa-secretAccessor:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuildv2 Connection Github\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst github_token_secret = new gcp.secretmanager.Secret(\"github-token-secret\", {\n secretId: \"github-token-secret\",\n replication: {\n auto: {},\n },\n});\nconst github_token_secret_version = new gcp.secretmanager.SecretVersion(\"github-token-secret-version\", {\n secret: github_token_secret.id,\n secretData: std.file({\n input: \"my-github-token.txt\",\n }).then(invoke =\u003e invoke.result),\n});\nconst p4sa-secretAccessor = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n secretId: github_token_secret.secretId,\n policyData: p4sa_secretAccessor.then(p4sa_secretAccessor =\u003e p4sa_secretAccessor.policyData),\n});\nconst my_connection = new gcp.cloudbuildv2.Connection(\"my-connection\", {\n location: \"us-central1\",\n name: \"my-connection\",\n githubConfig: {\n appInstallationId: 123123,\n authorizerCredential: {\n oauthTokenSecretVersion: github_token_secret_version.id,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ngithub_token_secret = gcp.secretmanager.Secret(\"github-token-secret\",\n secret_id=\"github-token-secret\",\n replication={\n \"auto\": {},\n })\ngithub_token_secret_version = gcp.secretmanager.SecretVersion(\"github-token-secret-version\",\n secret=github_token_secret.id,\n secret_data=std.file(input=\"my-github-token.txt\").result)\np4sa_secret_accessor = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\"],\n}])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n secret_id=github_token_secret.secret_id,\n policy_data=p4sa_secret_accessor.policy_data)\nmy_connection = gcp.cloudbuildv2.Connection(\"my-connection\",\n location=\"us-central1\",\n name=\"my-connection\",\n github_config={\n \"app_installation_id\": 123123,\n \"authorizer_credential\": {\n \"oauth_token_secret_version\": github_token_secret_version.id,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var github_token_secret = new Gcp.SecretManager.Secret(\"github-token-secret\", new()\n {\n SecretId = \"github-token-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var github_token_secret_version = new Gcp.SecretManager.SecretVersion(\"github-token-secret-version\", new()\n {\n Secret = github_token_secret.Id,\n SecretData = Std.File.Invoke(new()\n {\n Input = \"my-github-token.txt\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n var p4sa_secretAccessor = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n SecretId = github_token_secret.SecretId,\n PolicyData = p4sa_secretAccessor.Apply(p4sa_secretAccessor =\u003e p4sa_secretAccessor.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData)),\n });\n\n var my_connection = new Gcp.CloudBuildV2.Connection(\"my-connection\", new()\n {\n Location = \"us-central1\",\n Name = \"my-connection\",\n GithubConfig = new Gcp.CloudBuildV2.Inputs.ConnectionGithubConfigArgs\n {\n AppInstallationId = 123123,\n AuthorizerCredential = new Gcp.CloudBuildV2.Inputs.ConnectionGithubConfigAuthorizerCredentialArgs\n {\n OauthTokenSecretVersion = github_token_secret_version.Id,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecret(ctx, \"github-token-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"github-token-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"my-github-token.txt\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"github-token-secret-version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: github_token_secret.ID(),\n\t\t\tSecretData: pulumi.String(invokeFile.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tp4sa_secretAccessor, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tSecretId: github_token_secret.SecretId,\n\t\t\tPolicyData: pulumi.String(p4sa_secretAccessor.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewConnection(ctx, \"my-connection\", \u0026cloudbuildv2.ConnectionArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"my-connection\"),\n\t\t\tGithubConfig: \u0026cloudbuildv2.ConnectionGithubConfigArgs{\n\t\t\t\tAppInstallationId: pulumi.Int(123123),\n\t\t\t\tAuthorizerCredential: \u0026cloudbuildv2.ConnectionGithubConfigAuthorizerCredentialArgs{\n\t\t\t\t\tOauthTokenSecretVersion: github_token_secret_version.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport com.pulumi.gcp.cloudbuildv2.Connection;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionArgs;\nimport com.pulumi.gcp.cloudbuildv2.inputs.ConnectionGithubConfigArgs;\nimport com.pulumi.gcp.cloudbuildv2.inputs.ConnectionGithubConfigAuthorizerCredentialArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var github_token_secret = new Secret(\"github-token-secret\", SecretArgs.builder()\n .secretId(\"github-token-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var github_token_secret_version = new SecretVersion(\"github-token-secret-version\", SecretVersionArgs.builder()\n .secret(github_token_secret.id())\n .secretData(StdFunctions.file(FileArgs.builder()\n .input(\"my-github-token.txt\")\n .build()).result())\n .build());\n\n final var p4sa-secretAccessor = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\")\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder()\n .secretId(github_token_secret.secretId())\n .policyData(p4sa_secretAccessor.policyData())\n .build());\n\n var my_connection = new Connection(\"my-connection\", ConnectionArgs.builder()\n .location(\"us-central1\")\n .name(\"my-connection\")\n .githubConfig(ConnectionGithubConfigArgs.builder()\n .appInstallationId(123123)\n .authorizerCredential(ConnectionGithubConfigAuthorizerCredentialArgs.builder()\n .oauthTokenSecretVersion(github_token_secret_version.id())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n github-token-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: github-token-secret\n replication:\n auto: {}\n github-token-secret-version:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${[\"github-token-secret\"].id}\n secretData:\n fn::invoke:\n Function: std:file\n Arguments:\n input: my-github-token.txt\n Return: result\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n secretId: ${[\"github-token-secret\"].secretId}\n policyData: ${[\"p4sa-secretAccessor\"].policyData}\n my-connection:\n type: gcp:cloudbuildv2:Connection\n properties:\n location: us-central1\n name: my-connection\n githubConfig:\n appInstallationId: 123123\n authorizerCredential:\n oauthTokenSecretVersion: ${[\"github-token-secret-version\"].id}\nvariables:\n p4sa-secretAccessor:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nConnection can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/connections/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Connection can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connection:Connection default projects/{{project}}/locations/{{location}}/connections/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connection:Connection default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connection:Connection default {{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connection:Connection default {{name}}\n```\n\n", + "description": "A connection to a SCM like GitHub, GitHub Enterprise, Bitbucket Data Center/Cloud or GitLab.\n\n\nTo get more information about Connection, see:\n\n* [API documentation](https://cloud.google.com/build/docs/api/reference/rest)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/build/docs)\n\n## Example Usage\n\n### Cloudbuildv2 Connection\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_connection = new gcp.cloudbuildv2.Connection(\"my-connection\", {\n location: \"us-central1\",\n name: \"tf-test-connection\",\n githubConfig: {\n appInstallationId: 0,\n authorizerCredential: {\n oauthTokenSecretVersion: \"projects/gcb-terraform-creds/secrets/github-pat/versions/1\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_connection = gcp.cloudbuildv2.Connection(\"my-connection\",\n location=\"us-central1\",\n name=\"tf-test-connection\",\n github_config={\n \"app_installation_id\": 0,\n \"authorizer_credential\": {\n \"oauth_token_secret_version\": \"projects/gcb-terraform-creds/secrets/github-pat/versions/1\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_connection = new Gcp.CloudBuildV2.Connection(\"my-connection\", new()\n {\n Location = \"us-central1\",\n Name = \"tf-test-connection\",\n GithubConfig = new Gcp.CloudBuildV2.Inputs.ConnectionGithubConfigArgs\n {\n AppInstallationId = 0,\n AuthorizerCredential = new Gcp.CloudBuildV2.Inputs.ConnectionGithubConfigAuthorizerCredentialArgs\n {\n OauthTokenSecretVersion = \"projects/gcb-terraform-creds/secrets/github-pat/versions/1\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnection(ctx, \"my-connection\", \u0026cloudbuildv2.ConnectionArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"tf-test-connection\"),\n\t\t\tGithubConfig: \u0026cloudbuildv2.ConnectionGithubConfigArgs{\n\t\t\t\tAppInstallationId: pulumi.Int(0),\n\t\t\t\tAuthorizerCredential: \u0026cloudbuildv2.ConnectionGithubConfigAuthorizerCredentialArgs{\n\t\t\t\t\tOauthTokenSecretVersion: pulumi.String(\"projects/gcb-terraform-creds/secrets/github-pat/versions/1\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.Connection;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionArgs;\nimport com.pulumi.gcp.cloudbuildv2.inputs.ConnectionGithubConfigArgs;\nimport com.pulumi.gcp.cloudbuildv2.inputs.ConnectionGithubConfigAuthorizerCredentialArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_connection = new Connection(\"my-connection\", ConnectionArgs.builder()\n .location(\"us-central1\")\n .name(\"tf-test-connection\")\n .githubConfig(ConnectionGithubConfigArgs.builder()\n .appInstallationId(0)\n .authorizerCredential(ConnectionGithubConfigAuthorizerCredentialArgs.builder()\n .oauthTokenSecretVersion(\"projects/gcb-terraform-creds/secrets/github-pat/versions/1\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-connection:\n type: gcp:cloudbuildv2:Connection\n properties:\n location: us-central1\n name: tf-test-connection\n githubConfig:\n appInstallationId: 0\n authorizerCredential:\n oauthTokenSecretVersion: projects/gcb-terraform-creds/secrets/github-pat/versions/1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuildv2 Connection Ghe\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst private_key_secret = new gcp.secretmanager.Secret(\"private-key-secret\", {\n secretId: \"ghe-pk-secret\",\n replication: {\n auto: {},\n },\n});\nconst private_key_secret_version = new gcp.secretmanager.SecretVersion(\"private-key-secret-version\", {\n secret: private_key_secret.id,\n secretData: std.file({\n input: \"private-key.pem\",\n }).then(invoke =\u003e invoke.result),\n});\nconst webhook_secret_secret = new gcp.secretmanager.Secret(\"webhook-secret-secret\", {\n secretId: \"github-token-secret\",\n replication: {\n auto: {},\n },\n});\nconst webhook_secret_secret_version = new gcp.secretmanager.SecretVersion(\"webhook-secret-secret-version\", {\n secret: webhook_secret_secret.id,\n secretData: \"\u003cwebhook-secret-data\u003e\",\n});\nconst p4sa-secretAccessor = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\"],\n }],\n});\nconst policy_pk = new gcp.secretmanager.SecretIamPolicy(\"policy-pk\", {\n secretId: private_key_secret.secretId,\n policyData: p4sa_secretAccessor.then(p4sa_secretAccessor =\u003e p4sa_secretAccessor.policyData),\n});\nconst policy_whs = new gcp.secretmanager.SecretIamPolicy(\"policy-whs\", {\n secretId: webhook_secret_secret.secretId,\n policyData: p4sa_secretAccessor.then(p4sa_secretAccessor =\u003e p4sa_secretAccessor.policyData),\n});\nconst my_connection = new gcp.cloudbuildv2.Connection(\"my-connection\", {\n location: \"us-central1\",\n name: \"my-terraform-ghe-connection\",\n githubEnterpriseConfig: {\n hostUri: \"https://ghe.com\",\n privateKeySecretVersion: private_key_secret_version.id,\n webhookSecretSecretVersion: webhook_secret_secret_version.id,\n appId: 200,\n appSlug: \"gcb-app\",\n appInstallationId: 300,\n },\n}, {\n dependsOn: [\n policy_pk,\n policy_whs,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nprivate_key_secret = gcp.secretmanager.Secret(\"private-key-secret\",\n secret_id=\"ghe-pk-secret\",\n replication={\n \"auto\": {},\n })\nprivate_key_secret_version = gcp.secretmanager.SecretVersion(\"private-key-secret-version\",\n secret=private_key_secret.id,\n secret_data=std.file(input=\"private-key.pem\").result)\nwebhook_secret_secret = gcp.secretmanager.Secret(\"webhook-secret-secret\",\n secret_id=\"github-token-secret\",\n replication={\n \"auto\": {},\n })\nwebhook_secret_secret_version = gcp.secretmanager.SecretVersion(\"webhook-secret-secret-version\",\n secret=webhook_secret_secret.id,\n secret_data=\"\u003cwebhook-secret-data\u003e\")\np4sa_secret_accessor = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\"],\n}])\npolicy_pk = gcp.secretmanager.SecretIamPolicy(\"policy-pk\",\n secret_id=private_key_secret.secret_id,\n policy_data=p4sa_secret_accessor.policy_data)\npolicy_whs = gcp.secretmanager.SecretIamPolicy(\"policy-whs\",\n secret_id=webhook_secret_secret.secret_id,\n policy_data=p4sa_secret_accessor.policy_data)\nmy_connection = gcp.cloudbuildv2.Connection(\"my-connection\",\n location=\"us-central1\",\n name=\"my-terraform-ghe-connection\",\n github_enterprise_config={\n \"host_uri\": \"https://ghe.com\",\n \"private_key_secret_version\": private_key_secret_version.id,\n \"webhook_secret_secret_version\": webhook_secret_secret_version.id,\n \"app_id\": 200,\n \"app_slug\": \"gcb-app\",\n \"app_installation_id\": 300,\n },\n opts = pulumi.ResourceOptions(depends_on=[\n policy_pk,\n policy_whs,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var private_key_secret = new Gcp.SecretManager.Secret(\"private-key-secret\", new()\n {\n SecretId = \"ghe-pk-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var private_key_secret_version = new Gcp.SecretManager.SecretVersion(\"private-key-secret-version\", new()\n {\n Secret = private_key_secret.Id,\n SecretData = Std.File.Invoke(new()\n {\n Input = \"private-key.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n var webhook_secret_secret = new Gcp.SecretManager.Secret(\"webhook-secret-secret\", new()\n {\n SecretId = \"github-token-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var webhook_secret_secret_version = new Gcp.SecretManager.SecretVersion(\"webhook-secret-secret-version\", new()\n {\n Secret = webhook_secret_secret.Id,\n SecretData = \"\u003cwebhook-secret-data\u003e\",\n });\n\n var p4sa_secretAccessor = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\",\n },\n },\n },\n });\n\n var policy_pk = new Gcp.SecretManager.SecretIamPolicy(\"policy-pk\", new()\n {\n SecretId = private_key_secret.SecretId,\n PolicyData = p4sa_secretAccessor.Apply(p4sa_secretAccessor =\u003e p4sa_secretAccessor.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData)),\n });\n\n var policy_whs = new Gcp.SecretManager.SecretIamPolicy(\"policy-whs\", new()\n {\n SecretId = webhook_secret_secret.SecretId,\n PolicyData = p4sa_secretAccessor.Apply(p4sa_secretAccessor =\u003e p4sa_secretAccessor.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData)),\n });\n\n var my_connection = new Gcp.CloudBuildV2.Connection(\"my-connection\", new()\n {\n Location = \"us-central1\",\n Name = \"my-terraform-ghe-connection\",\n GithubEnterpriseConfig = new Gcp.CloudBuildV2.Inputs.ConnectionGithubEnterpriseConfigArgs\n {\n HostUri = \"https://ghe.com\",\n PrivateKeySecretVersion = private_key_secret_version.Id,\n WebhookSecretSecretVersion = webhook_secret_secret_version.Id,\n AppId = 200,\n AppSlug = \"gcb-app\",\n AppInstallationId = 300,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n policy_pk,\n policy_whs,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecret(ctx, \"private-key-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"ghe-pk-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"private-key.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"private-key-secret-version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: private_key_secret.ID(),\n\t\t\tSecretData: pulumi.String(invokeFile.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecret(ctx, \"webhook-secret-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"github-token-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"webhook-secret-secret-version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: webhook_secret_secret.ID(),\n\t\t\tSecretData: pulumi.String(\"\u003cwebhook-secret-data\u003e\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tp4sa_secretAccessor, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy-pk\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tSecretId: private_key_secret.SecretId,\n\t\t\tPolicyData: pulumi.String(p4sa_secretAccessor.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy-whs\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tSecretId: webhook_secret_secret.SecretId,\n\t\t\tPolicyData: pulumi.String(p4sa_secretAccessor.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewConnection(ctx, \"my-connection\", \u0026cloudbuildv2.ConnectionArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"my-terraform-ghe-connection\"),\n\t\t\tGithubEnterpriseConfig: \u0026cloudbuildv2.ConnectionGithubEnterpriseConfigArgs{\n\t\t\t\tHostUri: pulumi.String(\"https://ghe.com\"),\n\t\t\t\tPrivateKeySecretVersion: private_key_secret_version.ID(),\n\t\t\t\tWebhookSecretSecretVersion: webhook_secret_secret_version.ID(),\n\t\t\t\tAppId: pulumi.Int(200),\n\t\t\t\tAppSlug: pulumi.String(\"gcb-app\"),\n\t\t\t\tAppInstallationId: pulumi.Int(300),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tpolicy_pk,\n\t\t\tpolicy_whs,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport com.pulumi.gcp.cloudbuildv2.Connection;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionArgs;\nimport com.pulumi.gcp.cloudbuildv2.inputs.ConnectionGithubEnterpriseConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var private_key_secret = new Secret(\"private-key-secret\", SecretArgs.builder()\n .secretId(\"ghe-pk-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var private_key_secret_version = new SecretVersion(\"private-key-secret-version\", SecretVersionArgs.builder()\n .secret(private_key_secret.id())\n .secretData(StdFunctions.file(FileArgs.builder()\n .input(\"private-key.pem\")\n .build()).result())\n .build());\n\n var webhook_secret_secret = new Secret(\"webhook-secret-secret\", SecretArgs.builder()\n .secretId(\"github-token-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var webhook_secret_secret_version = new SecretVersion(\"webhook-secret-secret-version\", SecretVersionArgs.builder()\n .secret(webhook_secret_secret.id())\n .secretData(\"\u003cwebhook-secret-data\u003e\")\n .build());\n\n final var p4sa-secretAccessor = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\")\n .build())\n .build());\n\n var policy_pk = new SecretIamPolicy(\"policy-pk\", SecretIamPolicyArgs.builder()\n .secretId(private_key_secret.secretId())\n .policyData(p4sa_secretAccessor.policyData())\n .build());\n\n var policy_whs = new SecretIamPolicy(\"policy-whs\", SecretIamPolicyArgs.builder()\n .secretId(webhook_secret_secret.secretId())\n .policyData(p4sa_secretAccessor.policyData())\n .build());\n\n var my_connection = new Connection(\"my-connection\", ConnectionArgs.builder()\n .location(\"us-central1\")\n .name(\"my-terraform-ghe-connection\")\n .githubEnterpriseConfig(ConnectionGithubEnterpriseConfigArgs.builder()\n .hostUri(\"https://ghe.com\")\n .privateKeySecretVersion(private_key_secret_version.id())\n .webhookSecretSecretVersion(webhook_secret_secret_version.id())\n .appId(200)\n .appSlug(\"gcb-app\")\n .appInstallationId(300)\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n policy_pk,\n policy_whs)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n private-key-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: ghe-pk-secret\n replication:\n auto: {}\n private-key-secret-version:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${[\"private-key-secret\"].id}\n secretData:\n fn::invoke:\n function: std:file\n arguments:\n input: private-key.pem\n return: result\n webhook-secret-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: github-token-secret\n replication:\n auto: {}\n webhook-secret-secret-version:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${[\"webhook-secret-secret\"].id}\n secretData: \u003cwebhook-secret-data\u003e\n policy-pk:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n secretId: ${[\"private-key-secret\"].secretId}\n policyData: ${[\"p4sa-secretAccessor\"].policyData}\n policy-whs:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n secretId: ${[\"webhook-secret-secret\"].secretId}\n policyData: ${[\"p4sa-secretAccessor\"].policyData}\n my-connection:\n type: gcp:cloudbuildv2:Connection\n properties:\n location: us-central1\n name: my-terraform-ghe-connection\n githubEnterpriseConfig:\n hostUri: https://ghe.com\n privateKeySecretVersion: ${[\"private-key-secret-version\"].id}\n webhookSecretSecretVersion: ${[\"webhook-secret-secret-version\"].id}\n appId: 200\n appSlug: gcb-app\n appInstallationId: 300\n options:\n dependsOn:\n - ${[\"policy-pk\"]}\n - ${[\"policy-whs\"]}\nvariables:\n p4sa-secretAccessor:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuildv2 Connection Github\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst github_token_secret = new gcp.secretmanager.Secret(\"github-token-secret\", {\n secretId: \"github-token-secret\",\n replication: {\n auto: {},\n },\n});\nconst github_token_secret_version = new gcp.secretmanager.SecretVersion(\"github-token-secret-version\", {\n secret: github_token_secret.id,\n secretData: std.file({\n input: \"my-github-token.txt\",\n }).then(invoke =\u003e invoke.result),\n});\nconst p4sa-secretAccessor = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n secretId: github_token_secret.secretId,\n policyData: p4sa_secretAccessor.then(p4sa_secretAccessor =\u003e p4sa_secretAccessor.policyData),\n});\nconst my_connection = new gcp.cloudbuildv2.Connection(\"my-connection\", {\n location: \"us-central1\",\n name: \"my-connection\",\n githubConfig: {\n appInstallationId: 123123,\n authorizerCredential: {\n oauthTokenSecretVersion: github_token_secret_version.id,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ngithub_token_secret = gcp.secretmanager.Secret(\"github-token-secret\",\n secret_id=\"github-token-secret\",\n replication={\n \"auto\": {},\n })\ngithub_token_secret_version = gcp.secretmanager.SecretVersion(\"github-token-secret-version\",\n secret=github_token_secret.id,\n secret_data=std.file(input=\"my-github-token.txt\").result)\np4sa_secret_accessor = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\"],\n}])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n secret_id=github_token_secret.secret_id,\n policy_data=p4sa_secret_accessor.policy_data)\nmy_connection = gcp.cloudbuildv2.Connection(\"my-connection\",\n location=\"us-central1\",\n name=\"my-connection\",\n github_config={\n \"app_installation_id\": 123123,\n \"authorizer_credential\": {\n \"oauth_token_secret_version\": github_token_secret_version.id,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var github_token_secret = new Gcp.SecretManager.Secret(\"github-token-secret\", new()\n {\n SecretId = \"github-token-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var github_token_secret_version = new Gcp.SecretManager.SecretVersion(\"github-token-secret-version\", new()\n {\n Secret = github_token_secret.Id,\n SecretData = Std.File.Invoke(new()\n {\n Input = \"my-github-token.txt\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n var p4sa_secretAccessor = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n SecretId = github_token_secret.SecretId,\n PolicyData = p4sa_secretAccessor.Apply(p4sa_secretAccessor =\u003e p4sa_secretAccessor.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData)),\n });\n\n var my_connection = new Gcp.CloudBuildV2.Connection(\"my-connection\", new()\n {\n Location = \"us-central1\",\n Name = \"my-connection\",\n GithubConfig = new Gcp.CloudBuildV2.Inputs.ConnectionGithubConfigArgs\n {\n AppInstallationId = 123123,\n AuthorizerCredential = new Gcp.CloudBuildV2.Inputs.ConnectionGithubConfigAuthorizerCredentialArgs\n {\n OauthTokenSecretVersion = github_token_secret_version.Id,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecret(ctx, \"github-token-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"github-token-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"my-github-token.txt\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"github-token-secret-version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: github_token_secret.ID(),\n\t\t\tSecretData: pulumi.String(invokeFile.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tp4sa_secretAccessor, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tSecretId: github_token_secret.SecretId,\n\t\t\tPolicyData: pulumi.String(p4sa_secretAccessor.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewConnection(ctx, \"my-connection\", \u0026cloudbuildv2.ConnectionArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"my-connection\"),\n\t\t\tGithubConfig: \u0026cloudbuildv2.ConnectionGithubConfigArgs{\n\t\t\t\tAppInstallationId: pulumi.Int(123123),\n\t\t\t\tAuthorizerCredential: \u0026cloudbuildv2.ConnectionGithubConfigAuthorizerCredentialArgs{\n\t\t\t\t\tOauthTokenSecretVersion: github_token_secret_version.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport com.pulumi.gcp.cloudbuildv2.Connection;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionArgs;\nimport com.pulumi.gcp.cloudbuildv2.inputs.ConnectionGithubConfigArgs;\nimport com.pulumi.gcp.cloudbuildv2.inputs.ConnectionGithubConfigAuthorizerCredentialArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var github_token_secret = new Secret(\"github-token-secret\", SecretArgs.builder()\n .secretId(\"github-token-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var github_token_secret_version = new SecretVersion(\"github-token-secret-version\", SecretVersionArgs.builder()\n .secret(github_token_secret.id())\n .secretData(StdFunctions.file(FileArgs.builder()\n .input(\"my-github-token.txt\")\n .build()).result())\n .build());\n\n final var p4sa-secretAccessor = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\")\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder()\n .secretId(github_token_secret.secretId())\n .policyData(p4sa_secretAccessor.policyData())\n .build());\n\n var my_connection = new Connection(\"my-connection\", ConnectionArgs.builder()\n .location(\"us-central1\")\n .name(\"my-connection\")\n .githubConfig(ConnectionGithubConfigArgs.builder()\n .appInstallationId(123123)\n .authorizerCredential(ConnectionGithubConfigAuthorizerCredentialArgs.builder()\n .oauthTokenSecretVersion(github_token_secret_version.id())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n github-token-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: github-token-secret\n replication:\n auto: {}\n github-token-secret-version:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${[\"github-token-secret\"].id}\n secretData:\n fn::invoke:\n function: std:file\n arguments:\n input: my-github-token.txt\n return: result\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n secretId: ${[\"github-token-secret\"].secretId}\n policyData: ${[\"p4sa-secretAccessor\"].policyData}\n my-connection:\n type: gcp:cloudbuildv2:Connection\n properties:\n location: us-central1\n name: my-connection\n githubConfig:\n appInstallationId: 123123\n authorizerCredential:\n oauthTokenSecretVersion: ${[\"github-token-secret-version\"].id}\nvariables:\n p4sa-secretAccessor:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nConnection can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/connections/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Connection can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connection:Connection default projects/{{project}}/locations/{{location}}/connections/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connection:Connection default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connection:Connection default {{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connection:Connection default {{name}}\n```\n\n", "properties": { "annotations": { "type": "object", @@ -150802,7 +150802,7 @@ } }, "gcp:cloudbuildv2/connectionIAMBinding:ConnectionIAMBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud Build v2 Connection. Each of these resources serves a different use case:\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.cloudbuildv2.ConnectionIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.cloudbuildv2.ConnectionIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMPolicy` **cannot** be used in conjunction with `gcp.cloudbuildv2.ConnectionIAMBinding` and `gcp.cloudbuildv2.ConnectionIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMBinding` resources **can be** used in conjunction with `gcp.cloudbuildv2.ConnectionIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudbuildv2.ConnectionIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/cloudbuild.connectionViewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudBuildV2.ConnectionIAMPolicy(\"policy\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/cloudbuild.connectionViewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewConnectionIAMPolicy(ctx, \"policy\", \u0026cloudbuildv2.ConnectionIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicy;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIAMPolicy(\"policy\", ConnectionIAMPolicyArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudbuildv2:ConnectionIAMPolicy\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudbuildv2.ConnectionIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudBuildV2.ConnectionIAMBinding(\"binding\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMBinding(ctx, \"binding\", \u0026cloudbuildv2.ConnectionIAMBindingArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBinding;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIAMBinding(\"binding\", ConnectionIAMBindingArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudbuildv2:ConnectionIAMBinding\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudbuildv2.ConnectionIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudbuildv2.ConnectionIAMMember(\"member\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudbuildv2.ConnectionIAMMember(\"member\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudBuildV2.ConnectionIAMMember(\"member\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMMember(ctx, \"member\", \u0026cloudbuildv2.ConnectionIAMMemberArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMember;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIAMMember(\"member\", ConnectionIAMMemberArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudbuildv2:ConnectionIAMMember\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Build v2 Connection\nThree different resources help you manage your IAM policy for Cloud Build v2 Connection. Each of these resources serves a different use case:\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.cloudbuildv2.ConnectionIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.cloudbuildv2.ConnectionIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMPolicy` **cannot** be used in conjunction with `gcp.cloudbuildv2.ConnectionIAMBinding` and `gcp.cloudbuildv2.ConnectionIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMBinding` resources **can be** used in conjunction with `gcp.cloudbuildv2.ConnectionIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudbuildv2.ConnectionIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/cloudbuild.connectionViewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudBuildV2.ConnectionIAMPolicy(\"policy\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/cloudbuild.connectionViewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewConnectionIAMPolicy(ctx, \"policy\", \u0026cloudbuildv2.ConnectionIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicy;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIAMPolicy(\"policy\", ConnectionIAMPolicyArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudbuildv2:ConnectionIAMPolicy\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudbuildv2.ConnectionIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudBuildV2.ConnectionIAMBinding(\"binding\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMBinding(ctx, \"binding\", \u0026cloudbuildv2.ConnectionIAMBindingArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBinding;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIAMBinding(\"binding\", ConnectionIAMBindingArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudbuildv2:ConnectionIAMBinding\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudbuildv2.ConnectionIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudbuildv2.ConnectionIAMMember(\"member\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudbuildv2.ConnectionIAMMember(\"member\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudBuildV2.ConnectionIAMMember(\"member\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMMember(ctx, \"member\", \u0026cloudbuildv2.ConnectionIAMMemberArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMember;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIAMMember(\"member\", ConnectionIAMMemberArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudbuildv2:ConnectionIAMMember\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/connections/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Build v2 connection IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMBinding:ConnectionIAMBinding editor \"projects/{{project}}/locations/{{location}}/connections/{{connection}} roles/cloudbuild.connectionViewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMBinding:ConnectionIAMBinding editor \"projects/{{project}}/locations/{{location}}/connections/{{connection}} roles/cloudbuild.connectionViewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMBinding:ConnectionIAMBinding editor projects/{{project}}/locations/{{location}}/connections/{{connection}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Build v2 Connection. Each of these resources serves a different use case:\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.cloudbuildv2.ConnectionIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.cloudbuildv2.ConnectionIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMPolicy` **cannot** be used in conjunction with `gcp.cloudbuildv2.ConnectionIAMBinding` and `gcp.cloudbuildv2.ConnectionIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMBinding` resources **can be** used in conjunction with `gcp.cloudbuildv2.ConnectionIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudbuildv2.ConnectionIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/cloudbuild.connectionViewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudBuildV2.ConnectionIAMPolicy(\"policy\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/cloudbuild.connectionViewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewConnectionIAMPolicy(ctx, \"policy\", \u0026cloudbuildv2.ConnectionIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicy;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIAMPolicy(\"policy\", ConnectionIAMPolicyArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudbuildv2:ConnectionIAMPolicy\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudbuildv2.ConnectionIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudBuildV2.ConnectionIAMBinding(\"binding\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMBinding(ctx, \"binding\", \u0026cloudbuildv2.ConnectionIAMBindingArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBinding;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIAMBinding(\"binding\", ConnectionIAMBindingArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudbuildv2:ConnectionIAMBinding\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudbuildv2.ConnectionIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudbuildv2.ConnectionIAMMember(\"member\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudbuildv2.ConnectionIAMMember(\"member\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudBuildV2.ConnectionIAMMember(\"member\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMMember(ctx, \"member\", \u0026cloudbuildv2.ConnectionIAMMemberArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMember;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIAMMember(\"member\", ConnectionIAMMemberArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudbuildv2:ConnectionIAMMember\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Build v2 Connection\nThree different resources help you manage your IAM policy for Cloud Build v2 Connection. Each of these resources serves a different use case:\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.cloudbuildv2.ConnectionIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.cloudbuildv2.ConnectionIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMPolicy` **cannot** be used in conjunction with `gcp.cloudbuildv2.ConnectionIAMBinding` and `gcp.cloudbuildv2.ConnectionIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMBinding` resources **can be** used in conjunction with `gcp.cloudbuildv2.ConnectionIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudbuildv2.ConnectionIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/cloudbuild.connectionViewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudBuildV2.ConnectionIAMPolicy(\"policy\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/cloudbuild.connectionViewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewConnectionIAMPolicy(ctx, \"policy\", \u0026cloudbuildv2.ConnectionIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicy;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIAMPolicy(\"policy\", ConnectionIAMPolicyArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudbuildv2:ConnectionIAMPolicy\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudbuildv2.ConnectionIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudBuildV2.ConnectionIAMBinding(\"binding\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMBinding(ctx, \"binding\", \u0026cloudbuildv2.ConnectionIAMBindingArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBinding;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIAMBinding(\"binding\", ConnectionIAMBindingArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudbuildv2:ConnectionIAMBinding\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudbuildv2.ConnectionIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudbuildv2.ConnectionIAMMember(\"member\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudbuildv2.ConnectionIAMMember(\"member\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudBuildV2.ConnectionIAMMember(\"member\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMMember(ctx, \"member\", \u0026cloudbuildv2.ConnectionIAMMemberArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMember;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIAMMember(\"member\", ConnectionIAMMemberArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudbuildv2:ConnectionIAMMember\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/connections/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Build v2 connection IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMBinding:ConnectionIAMBinding editor \"projects/{{project}}/locations/{{location}}/connections/{{connection}} roles/cloudbuild.connectionViewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMBinding:ConnectionIAMBinding editor \"projects/{{project}}/locations/{{location}}/connections/{{connection}} roles/cloudbuild.connectionViewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMBinding:ConnectionIAMBinding editor projects/{{project}}/locations/{{location}}/connections/{{connection}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:cloudbuildv2/ConnectionIAMBindingCondition:ConnectionIAMBindingCondition" @@ -150923,7 +150923,7 @@ } }, "gcp:cloudbuildv2/connectionIAMMember:ConnectionIAMMember": { - "description": "Three different resources help you manage your IAM policy for Cloud Build v2 Connection. Each of these resources serves a different use case:\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.cloudbuildv2.ConnectionIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.cloudbuildv2.ConnectionIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMPolicy` **cannot** be used in conjunction with `gcp.cloudbuildv2.ConnectionIAMBinding` and `gcp.cloudbuildv2.ConnectionIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMBinding` resources **can be** used in conjunction with `gcp.cloudbuildv2.ConnectionIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudbuildv2.ConnectionIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/cloudbuild.connectionViewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudBuildV2.ConnectionIAMPolicy(\"policy\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/cloudbuild.connectionViewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewConnectionIAMPolicy(ctx, \"policy\", \u0026cloudbuildv2.ConnectionIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicy;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIAMPolicy(\"policy\", ConnectionIAMPolicyArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudbuildv2:ConnectionIAMPolicy\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudbuildv2.ConnectionIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudBuildV2.ConnectionIAMBinding(\"binding\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMBinding(ctx, \"binding\", \u0026cloudbuildv2.ConnectionIAMBindingArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBinding;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIAMBinding(\"binding\", ConnectionIAMBindingArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudbuildv2:ConnectionIAMBinding\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudbuildv2.ConnectionIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudbuildv2.ConnectionIAMMember(\"member\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudbuildv2.ConnectionIAMMember(\"member\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudBuildV2.ConnectionIAMMember(\"member\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMMember(ctx, \"member\", \u0026cloudbuildv2.ConnectionIAMMemberArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMember;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIAMMember(\"member\", ConnectionIAMMemberArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudbuildv2:ConnectionIAMMember\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Build v2 Connection\nThree different resources help you manage your IAM policy for Cloud Build v2 Connection. Each of these resources serves a different use case:\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.cloudbuildv2.ConnectionIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.cloudbuildv2.ConnectionIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMPolicy` **cannot** be used in conjunction with `gcp.cloudbuildv2.ConnectionIAMBinding` and `gcp.cloudbuildv2.ConnectionIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMBinding` resources **can be** used in conjunction with `gcp.cloudbuildv2.ConnectionIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudbuildv2.ConnectionIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/cloudbuild.connectionViewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudBuildV2.ConnectionIAMPolicy(\"policy\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/cloudbuild.connectionViewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewConnectionIAMPolicy(ctx, \"policy\", \u0026cloudbuildv2.ConnectionIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicy;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIAMPolicy(\"policy\", ConnectionIAMPolicyArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudbuildv2:ConnectionIAMPolicy\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudbuildv2.ConnectionIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudBuildV2.ConnectionIAMBinding(\"binding\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMBinding(ctx, \"binding\", \u0026cloudbuildv2.ConnectionIAMBindingArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBinding;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIAMBinding(\"binding\", ConnectionIAMBindingArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudbuildv2:ConnectionIAMBinding\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudbuildv2.ConnectionIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudbuildv2.ConnectionIAMMember(\"member\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudbuildv2.ConnectionIAMMember(\"member\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudBuildV2.ConnectionIAMMember(\"member\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMMember(ctx, \"member\", \u0026cloudbuildv2.ConnectionIAMMemberArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMember;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIAMMember(\"member\", ConnectionIAMMemberArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudbuildv2:ConnectionIAMMember\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/connections/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Build v2 connection IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMMember:ConnectionIAMMember editor \"projects/{{project}}/locations/{{location}}/connections/{{connection}} roles/cloudbuild.connectionViewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMMember:ConnectionIAMMember editor \"projects/{{project}}/locations/{{location}}/connections/{{connection}} roles/cloudbuild.connectionViewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMMember:ConnectionIAMMember editor projects/{{project}}/locations/{{location}}/connections/{{connection}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Build v2 Connection. Each of these resources serves a different use case:\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.cloudbuildv2.ConnectionIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.cloudbuildv2.ConnectionIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMPolicy` **cannot** be used in conjunction with `gcp.cloudbuildv2.ConnectionIAMBinding` and `gcp.cloudbuildv2.ConnectionIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMBinding` resources **can be** used in conjunction with `gcp.cloudbuildv2.ConnectionIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudbuildv2.ConnectionIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/cloudbuild.connectionViewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudBuildV2.ConnectionIAMPolicy(\"policy\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/cloudbuild.connectionViewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewConnectionIAMPolicy(ctx, \"policy\", \u0026cloudbuildv2.ConnectionIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicy;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIAMPolicy(\"policy\", ConnectionIAMPolicyArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudbuildv2:ConnectionIAMPolicy\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudbuildv2.ConnectionIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudBuildV2.ConnectionIAMBinding(\"binding\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMBinding(ctx, \"binding\", \u0026cloudbuildv2.ConnectionIAMBindingArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBinding;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIAMBinding(\"binding\", ConnectionIAMBindingArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudbuildv2:ConnectionIAMBinding\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudbuildv2.ConnectionIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudbuildv2.ConnectionIAMMember(\"member\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudbuildv2.ConnectionIAMMember(\"member\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudBuildV2.ConnectionIAMMember(\"member\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMMember(ctx, \"member\", \u0026cloudbuildv2.ConnectionIAMMemberArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMember;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIAMMember(\"member\", ConnectionIAMMemberArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudbuildv2:ConnectionIAMMember\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Build v2 Connection\nThree different resources help you manage your IAM policy for Cloud Build v2 Connection. Each of these resources serves a different use case:\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.cloudbuildv2.ConnectionIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.cloudbuildv2.ConnectionIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMPolicy` **cannot** be used in conjunction with `gcp.cloudbuildv2.ConnectionIAMBinding` and `gcp.cloudbuildv2.ConnectionIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMBinding` resources **can be** used in conjunction with `gcp.cloudbuildv2.ConnectionIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudbuildv2.ConnectionIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/cloudbuild.connectionViewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudBuildV2.ConnectionIAMPolicy(\"policy\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/cloudbuild.connectionViewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewConnectionIAMPolicy(ctx, \"policy\", \u0026cloudbuildv2.ConnectionIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicy;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIAMPolicy(\"policy\", ConnectionIAMPolicyArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudbuildv2:ConnectionIAMPolicy\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudbuildv2.ConnectionIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudBuildV2.ConnectionIAMBinding(\"binding\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMBinding(ctx, \"binding\", \u0026cloudbuildv2.ConnectionIAMBindingArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBinding;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIAMBinding(\"binding\", ConnectionIAMBindingArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudbuildv2:ConnectionIAMBinding\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudbuildv2.ConnectionIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudbuildv2.ConnectionIAMMember(\"member\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudbuildv2.ConnectionIAMMember(\"member\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudBuildV2.ConnectionIAMMember(\"member\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMMember(ctx, \"member\", \u0026cloudbuildv2.ConnectionIAMMemberArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMember;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIAMMember(\"member\", ConnectionIAMMemberArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudbuildv2:ConnectionIAMMember\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/connections/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Build v2 connection IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMMember:ConnectionIAMMember editor \"projects/{{project}}/locations/{{location}}/connections/{{connection}} roles/cloudbuild.connectionViewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMMember:ConnectionIAMMember editor \"projects/{{project}}/locations/{{location}}/connections/{{connection}} roles/cloudbuild.connectionViewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMMember:ConnectionIAMMember editor projects/{{project}}/locations/{{location}}/connections/{{connection}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:cloudbuildv2/ConnectionIAMMemberCondition:ConnectionIAMMemberCondition" @@ -151037,7 +151037,7 @@ } }, "gcp:cloudbuildv2/connectionIAMPolicy:ConnectionIAMPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud Build v2 Connection. Each of these resources serves a different use case:\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.cloudbuildv2.ConnectionIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.cloudbuildv2.ConnectionIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMPolicy` **cannot** be used in conjunction with `gcp.cloudbuildv2.ConnectionIAMBinding` and `gcp.cloudbuildv2.ConnectionIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMBinding` resources **can be** used in conjunction with `gcp.cloudbuildv2.ConnectionIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudbuildv2.ConnectionIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/cloudbuild.connectionViewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudBuildV2.ConnectionIAMPolicy(\"policy\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/cloudbuild.connectionViewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewConnectionIAMPolicy(ctx, \"policy\", \u0026cloudbuildv2.ConnectionIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicy;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIAMPolicy(\"policy\", ConnectionIAMPolicyArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudbuildv2:ConnectionIAMPolicy\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudbuildv2.ConnectionIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudBuildV2.ConnectionIAMBinding(\"binding\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMBinding(ctx, \"binding\", \u0026cloudbuildv2.ConnectionIAMBindingArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBinding;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIAMBinding(\"binding\", ConnectionIAMBindingArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudbuildv2:ConnectionIAMBinding\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudbuildv2.ConnectionIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudbuildv2.ConnectionIAMMember(\"member\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudbuildv2.ConnectionIAMMember(\"member\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudBuildV2.ConnectionIAMMember(\"member\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMMember(ctx, \"member\", \u0026cloudbuildv2.ConnectionIAMMemberArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMember;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIAMMember(\"member\", ConnectionIAMMemberArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudbuildv2:ConnectionIAMMember\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Build v2 Connection\nThree different resources help you manage your IAM policy for Cloud Build v2 Connection. Each of these resources serves a different use case:\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.cloudbuildv2.ConnectionIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.cloudbuildv2.ConnectionIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMPolicy` **cannot** be used in conjunction with `gcp.cloudbuildv2.ConnectionIAMBinding` and `gcp.cloudbuildv2.ConnectionIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMBinding` resources **can be** used in conjunction with `gcp.cloudbuildv2.ConnectionIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudbuildv2.ConnectionIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/cloudbuild.connectionViewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudBuildV2.ConnectionIAMPolicy(\"policy\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/cloudbuild.connectionViewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewConnectionIAMPolicy(ctx, \"policy\", \u0026cloudbuildv2.ConnectionIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicy;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIAMPolicy(\"policy\", ConnectionIAMPolicyArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudbuildv2:ConnectionIAMPolicy\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudbuildv2.ConnectionIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudBuildV2.ConnectionIAMBinding(\"binding\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMBinding(ctx, \"binding\", \u0026cloudbuildv2.ConnectionIAMBindingArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBinding;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIAMBinding(\"binding\", ConnectionIAMBindingArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudbuildv2:ConnectionIAMBinding\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudbuildv2.ConnectionIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudbuildv2.ConnectionIAMMember(\"member\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudbuildv2.ConnectionIAMMember(\"member\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudBuildV2.ConnectionIAMMember(\"member\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMMember(ctx, \"member\", \u0026cloudbuildv2.ConnectionIAMMemberArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMember;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIAMMember(\"member\", ConnectionIAMMemberArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudbuildv2:ConnectionIAMMember\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/connections/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Build v2 connection IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMPolicy:ConnectionIAMPolicy editor \"projects/{{project}}/locations/{{location}}/connections/{{connection}} roles/cloudbuild.connectionViewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMPolicy:ConnectionIAMPolicy editor \"projects/{{project}}/locations/{{location}}/connections/{{connection}} roles/cloudbuild.connectionViewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMPolicy:ConnectionIAMPolicy editor projects/{{project}}/locations/{{location}}/connections/{{connection}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Build v2 Connection. Each of these resources serves a different use case:\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.cloudbuildv2.ConnectionIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.cloudbuildv2.ConnectionIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMPolicy` **cannot** be used in conjunction with `gcp.cloudbuildv2.ConnectionIAMBinding` and `gcp.cloudbuildv2.ConnectionIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMBinding` resources **can be** used in conjunction with `gcp.cloudbuildv2.ConnectionIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudbuildv2.ConnectionIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/cloudbuild.connectionViewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudBuildV2.ConnectionIAMPolicy(\"policy\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/cloudbuild.connectionViewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewConnectionIAMPolicy(ctx, \"policy\", \u0026cloudbuildv2.ConnectionIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicy;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIAMPolicy(\"policy\", ConnectionIAMPolicyArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudbuildv2:ConnectionIAMPolicy\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudbuildv2.ConnectionIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudBuildV2.ConnectionIAMBinding(\"binding\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMBinding(ctx, \"binding\", \u0026cloudbuildv2.ConnectionIAMBindingArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBinding;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIAMBinding(\"binding\", ConnectionIAMBindingArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudbuildv2:ConnectionIAMBinding\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudbuildv2.ConnectionIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudbuildv2.ConnectionIAMMember(\"member\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudbuildv2.ConnectionIAMMember(\"member\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudBuildV2.ConnectionIAMMember(\"member\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMMember(ctx, \"member\", \u0026cloudbuildv2.ConnectionIAMMemberArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMember;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIAMMember(\"member\", ConnectionIAMMemberArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudbuildv2:ConnectionIAMMember\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Build v2 Connection\nThree different resources help you manage your IAM policy for Cloud Build v2 Connection. Each of these resources serves a different use case:\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.cloudbuildv2.ConnectionIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.cloudbuildv2.ConnectionIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMPolicy` **cannot** be used in conjunction with `gcp.cloudbuildv2.ConnectionIAMBinding` and `gcp.cloudbuildv2.ConnectionIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMBinding` resources **can be** used in conjunction with `gcp.cloudbuildv2.ConnectionIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudbuildv2.ConnectionIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/cloudbuild.connectionViewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudBuildV2.ConnectionIAMPolicy(\"policy\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/cloudbuild.connectionViewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewConnectionIAMPolicy(ctx, \"policy\", \u0026cloudbuildv2.ConnectionIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicy;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIAMPolicy(\"policy\", ConnectionIAMPolicyArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudbuildv2:ConnectionIAMPolicy\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudbuildv2.ConnectionIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudBuildV2.ConnectionIAMBinding(\"binding\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMBinding(ctx, \"binding\", \u0026cloudbuildv2.ConnectionIAMBindingArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBinding;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIAMBinding(\"binding\", ConnectionIAMBindingArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudbuildv2:ConnectionIAMBinding\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudbuildv2.ConnectionIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudbuildv2.ConnectionIAMMember(\"member\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudbuildv2.ConnectionIAMMember(\"member\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudBuildV2.ConnectionIAMMember(\"member\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMMember(ctx, \"member\", \u0026cloudbuildv2.ConnectionIAMMemberArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMember;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIAMMember(\"member\", ConnectionIAMMemberArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudbuildv2:ConnectionIAMMember\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/connections/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Build v2 connection IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMPolicy:ConnectionIAMPolicy editor \"projects/{{project}}/locations/{{location}}/connections/{{connection}} roles/cloudbuild.connectionViewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMPolicy:ConnectionIAMPolicy editor \"projects/{{project}}/locations/{{location}}/connections/{{connection}} roles/cloudbuild.connectionViewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMPolicy:ConnectionIAMPolicy editor projects/{{project}}/locations/{{location}}/connections/{{connection}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -151122,7 +151122,7 @@ } }, "gcp:cloudbuildv2/repository:Repository": { - "description": "A repository associated to a parent connection.\n\n\nTo get more information about Repository, see:\n\n* [API documentation](https://cloud.google.com/build/docs/api/reference/rest)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/build/docs)\n\n## Example Usage\n\n### Cloudbuildv2 Repository Ghe Doc\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst private_key_secret = new gcp.secretmanager.Secret(\"private-key-secret\", {\n secretId: \"ghe-pk-secret\",\n replication: {\n auto: {},\n },\n});\nconst private_key_secret_version = new gcp.secretmanager.SecretVersion(\"private-key-secret-version\", {\n secret: private_key_secret.id,\n secretData: std.file({\n input: \"private-key.pem\",\n }).then(invoke =\u003e invoke.result),\n});\nconst webhook_secret_secret = new gcp.secretmanager.Secret(\"webhook-secret-secret\", {\n secretId: \"github-token-secret\",\n replication: {\n auto: {},\n },\n});\nconst webhook_secret_secret_version = new gcp.secretmanager.SecretVersion(\"webhook-secret-secret-version\", {\n secret: webhook_secret_secret.id,\n secretData: \"\u003cwebhook-secret-data\u003e\",\n});\nconst p4sa-secretAccessor = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\"],\n }],\n});\nconst policy_pk = new gcp.secretmanager.SecretIamPolicy(\"policy-pk\", {\n secretId: private_key_secret.secretId,\n policyData: p4sa_secretAccessor.then(p4sa_secretAccessor =\u003e p4sa_secretAccessor.policyData),\n});\nconst policy_whs = new gcp.secretmanager.SecretIamPolicy(\"policy-whs\", {\n secretId: webhook_secret_secret.secretId,\n policyData: p4sa_secretAccessor.then(p4sa_secretAccessor =\u003e p4sa_secretAccessor.policyData),\n});\nconst my_connection = new gcp.cloudbuildv2.Connection(\"my-connection\", {\n location: \"us-central1\",\n name: \"my-terraform-ghe-connection\",\n githubEnterpriseConfig: {\n hostUri: \"https://ghe.com\",\n privateKeySecretVersion: private_key_secret_version.id,\n webhookSecretSecretVersion: webhook_secret_secret_version.id,\n appId: 200,\n appSlug: \"gcb-app\",\n appInstallationId: 300,\n },\n}, {\n dependsOn: [\n policy_pk,\n policy_whs,\n ],\n});\nconst my_repository = new gcp.cloudbuildv2.Repository(\"my-repository\", {\n name: \"my-terraform-ghe-repo\",\n location: \"us-central1\",\n parentConnection: my_connection.name,\n remoteUri: \"https://ghe.com/hashicorp/terraform-provider-google.git\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nprivate_key_secret = gcp.secretmanager.Secret(\"private-key-secret\",\n secret_id=\"ghe-pk-secret\",\n replication={\n \"auto\": {},\n })\nprivate_key_secret_version = gcp.secretmanager.SecretVersion(\"private-key-secret-version\",\n secret=private_key_secret.id,\n secret_data=std.file(input=\"private-key.pem\").result)\nwebhook_secret_secret = gcp.secretmanager.Secret(\"webhook-secret-secret\",\n secret_id=\"github-token-secret\",\n replication={\n \"auto\": {},\n })\nwebhook_secret_secret_version = gcp.secretmanager.SecretVersion(\"webhook-secret-secret-version\",\n secret=webhook_secret_secret.id,\n secret_data=\"\u003cwebhook-secret-data\u003e\")\np4sa_secret_accessor = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\"],\n}])\npolicy_pk = gcp.secretmanager.SecretIamPolicy(\"policy-pk\",\n secret_id=private_key_secret.secret_id,\n policy_data=p4sa_secret_accessor.policy_data)\npolicy_whs = gcp.secretmanager.SecretIamPolicy(\"policy-whs\",\n secret_id=webhook_secret_secret.secret_id,\n policy_data=p4sa_secret_accessor.policy_data)\nmy_connection = gcp.cloudbuildv2.Connection(\"my-connection\",\n location=\"us-central1\",\n name=\"my-terraform-ghe-connection\",\n github_enterprise_config={\n \"host_uri\": \"https://ghe.com\",\n \"private_key_secret_version\": private_key_secret_version.id,\n \"webhook_secret_secret_version\": webhook_secret_secret_version.id,\n \"app_id\": 200,\n \"app_slug\": \"gcb-app\",\n \"app_installation_id\": 300,\n },\n opts = pulumi.ResourceOptions(depends_on=[\n policy_pk,\n policy_whs,\n ]))\nmy_repository = gcp.cloudbuildv2.Repository(\"my-repository\",\n name=\"my-terraform-ghe-repo\",\n location=\"us-central1\",\n parent_connection=my_connection.name,\n remote_uri=\"https://ghe.com/hashicorp/terraform-provider-google.git\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var private_key_secret = new Gcp.SecretManager.Secret(\"private-key-secret\", new()\n {\n SecretId = \"ghe-pk-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var private_key_secret_version = new Gcp.SecretManager.SecretVersion(\"private-key-secret-version\", new()\n {\n Secret = private_key_secret.Id,\n SecretData = Std.File.Invoke(new()\n {\n Input = \"private-key.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n var webhook_secret_secret = new Gcp.SecretManager.Secret(\"webhook-secret-secret\", new()\n {\n SecretId = \"github-token-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var webhook_secret_secret_version = new Gcp.SecretManager.SecretVersion(\"webhook-secret-secret-version\", new()\n {\n Secret = webhook_secret_secret.Id,\n SecretData = \"\u003cwebhook-secret-data\u003e\",\n });\n\n var p4sa_secretAccessor = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\",\n },\n },\n },\n });\n\n var policy_pk = new Gcp.SecretManager.SecretIamPolicy(\"policy-pk\", new()\n {\n SecretId = private_key_secret.SecretId,\n PolicyData = p4sa_secretAccessor.Apply(p4sa_secretAccessor =\u003e p4sa_secretAccessor.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData)),\n });\n\n var policy_whs = new Gcp.SecretManager.SecretIamPolicy(\"policy-whs\", new()\n {\n SecretId = webhook_secret_secret.SecretId,\n PolicyData = p4sa_secretAccessor.Apply(p4sa_secretAccessor =\u003e p4sa_secretAccessor.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData)),\n });\n\n var my_connection = new Gcp.CloudBuildV2.Connection(\"my-connection\", new()\n {\n Location = \"us-central1\",\n Name = \"my-terraform-ghe-connection\",\n GithubEnterpriseConfig = new Gcp.CloudBuildV2.Inputs.ConnectionGithubEnterpriseConfigArgs\n {\n HostUri = \"https://ghe.com\",\n PrivateKeySecretVersion = private_key_secret_version.Id,\n WebhookSecretSecretVersion = webhook_secret_secret_version.Id,\n AppId = 200,\n AppSlug = \"gcb-app\",\n AppInstallationId = 300,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n policy_pk,\n policy_whs,\n },\n });\n\n var my_repository = new Gcp.CloudBuildV2.Repository(\"my-repository\", new()\n {\n Name = \"my-terraform-ghe-repo\",\n Location = \"us-central1\",\n ParentConnection = my_connection.Name,\n RemoteUri = \"https://ghe.com/hashicorp/terraform-provider-google.git\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecret(ctx, \"private-key-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"ghe-pk-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"private-key.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"private-key-secret-version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: private_key_secret.ID(),\n\t\t\tSecretData: pulumi.String(invokeFile.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecret(ctx, \"webhook-secret-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"github-token-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"webhook-secret-secret-version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: webhook_secret_secret.ID(),\n\t\t\tSecretData: pulumi.String(\"\u003cwebhook-secret-data\u003e\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tp4sa_secretAccessor, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy-pk\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tSecretId: private_key_secret.SecretId,\n\t\t\tPolicyData: pulumi.String(p4sa_secretAccessor.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy-whs\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tSecretId: webhook_secret_secret.SecretId,\n\t\t\tPolicyData: pulumi.String(p4sa_secretAccessor.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewConnection(ctx, \"my-connection\", \u0026cloudbuildv2.ConnectionArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"my-terraform-ghe-connection\"),\n\t\t\tGithubEnterpriseConfig: \u0026cloudbuildv2.ConnectionGithubEnterpriseConfigArgs{\n\t\t\t\tHostUri: pulumi.String(\"https://ghe.com\"),\n\t\t\t\tPrivateKeySecretVersion: private_key_secret_version.ID(),\n\t\t\t\tWebhookSecretSecretVersion: webhook_secret_secret_version.ID(),\n\t\t\t\tAppId: pulumi.Int(200),\n\t\t\t\tAppSlug: pulumi.String(\"gcb-app\"),\n\t\t\t\tAppInstallationId: pulumi.Int(300),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tpolicy_pk,\n\t\t\tpolicy_whs,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewRepository(ctx, \"my-repository\", \u0026cloudbuildv2.RepositoryArgs{\n\t\t\tName: pulumi.String(\"my-terraform-ghe-repo\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tParentConnection: my_connection.Name,\n\t\t\tRemoteUri: pulumi.String(\"https://ghe.com/hashicorp/terraform-provider-google.git\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport com.pulumi.gcp.cloudbuildv2.Connection;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionArgs;\nimport com.pulumi.gcp.cloudbuildv2.inputs.ConnectionGithubEnterpriseConfigArgs;\nimport com.pulumi.gcp.cloudbuildv2.Repository;\nimport com.pulumi.gcp.cloudbuildv2.RepositoryArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var private_key_secret = new Secret(\"private-key-secret\", SecretArgs.builder()\n .secretId(\"ghe-pk-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var private_key_secret_version = new SecretVersion(\"private-key-secret-version\", SecretVersionArgs.builder()\n .secret(private_key_secret.id())\n .secretData(StdFunctions.file(FileArgs.builder()\n .input(\"private-key.pem\")\n .build()).result())\n .build());\n\n var webhook_secret_secret = new Secret(\"webhook-secret-secret\", SecretArgs.builder()\n .secretId(\"github-token-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var webhook_secret_secret_version = new SecretVersion(\"webhook-secret-secret-version\", SecretVersionArgs.builder()\n .secret(webhook_secret_secret.id())\n .secretData(\"\u003cwebhook-secret-data\u003e\")\n .build());\n\n final var p4sa-secretAccessor = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\")\n .build())\n .build());\n\n var policy_pk = new SecretIamPolicy(\"policy-pk\", SecretIamPolicyArgs.builder()\n .secretId(private_key_secret.secretId())\n .policyData(p4sa_secretAccessor.policyData())\n .build());\n\n var policy_whs = new SecretIamPolicy(\"policy-whs\", SecretIamPolicyArgs.builder()\n .secretId(webhook_secret_secret.secretId())\n .policyData(p4sa_secretAccessor.policyData())\n .build());\n\n var my_connection = new Connection(\"my-connection\", ConnectionArgs.builder()\n .location(\"us-central1\")\n .name(\"my-terraform-ghe-connection\")\n .githubEnterpriseConfig(ConnectionGithubEnterpriseConfigArgs.builder()\n .hostUri(\"https://ghe.com\")\n .privateKeySecretVersion(private_key_secret_version.id())\n .webhookSecretSecretVersion(webhook_secret_secret_version.id())\n .appId(200)\n .appSlug(\"gcb-app\")\n .appInstallationId(300)\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n policy_pk,\n policy_whs)\n .build());\n\n var my_repository = new Repository(\"my-repository\", RepositoryArgs.builder()\n .name(\"my-terraform-ghe-repo\")\n .location(\"us-central1\")\n .parentConnection(my_connection.name())\n .remoteUri(\"https://ghe.com/hashicorp/terraform-provider-google.git\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n private-key-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: ghe-pk-secret\n replication:\n auto: {}\n private-key-secret-version:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${[\"private-key-secret\"].id}\n secretData:\n fn::invoke:\n Function: std:file\n Arguments:\n input: private-key.pem\n Return: result\n webhook-secret-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: github-token-secret\n replication:\n auto: {}\n webhook-secret-secret-version:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${[\"webhook-secret-secret\"].id}\n secretData: \u003cwebhook-secret-data\u003e\n policy-pk:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n secretId: ${[\"private-key-secret\"].secretId}\n policyData: ${[\"p4sa-secretAccessor\"].policyData}\n policy-whs:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n secretId: ${[\"webhook-secret-secret\"].secretId}\n policyData: ${[\"p4sa-secretAccessor\"].policyData}\n my-connection:\n type: gcp:cloudbuildv2:Connection\n properties:\n location: us-central1\n name: my-terraform-ghe-connection\n githubEnterpriseConfig:\n hostUri: https://ghe.com\n privateKeySecretVersion: ${[\"private-key-secret-version\"].id}\n webhookSecretSecretVersion: ${[\"webhook-secret-secret-version\"].id}\n appId: 200\n appSlug: gcb-app\n appInstallationId: 300\n options:\n dependson:\n - ${[\"policy-pk\"]}\n - ${[\"policy-whs\"]}\n my-repository:\n type: gcp:cloudbuildv2:Repository\n properties:\n name: my-terraform-ghe-repo\n location: us-central1\n parentConnection: ${[\"my-connection\"].name}\n remoteUri: https://ghe.com/hashicorp/terraform-provider-google.git\nvariables:\n p4sa-secretAccessor:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuildv2 Repository Github Doc\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst github_token_secret = new gcp.secretmanager.Secret(\"github-token-secret\", {\n secretId: \"github-token-secret\",\n replication: {\n auto: {},\n },\n});\nconst github_token_secret_version = new gcp.secretmanager.SecretVersion(\"github-token-secret-version\", {\n secret: github_token_secret.id,\n secretData: std.file({\n input: \"my-github-token.txt\",\n }).then(invoke =\u003e invoke.result),\n});\nconst p4sa-secretAccessor = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n secretId: github_token_secret.secretId,\n policyData: p4sa_secretAccessor.then(p4sa_secretAccessor =\u003e p4sa_secretAccessor.policyData),\n});\nconst my_connection = new gcp.cloudbuildv2.Connection(\"my-connection\", {\n location: \"us-central1\",\n name: \"my-connection\",\n githubConfig: {\n appInstallationId: 123123,\n authorizerCredential: {\n oauthTokenSecretVersion: github_token_secret_version.id,\n },\n },\n});\nconst my_repository = new gcp.cloudbuildv2.Repository(\"my-repository\", {\n location: \"us-central1\",\n name: \"my-repo\",\n parentConnection: my_connection.name,\n remoteUri: \"https://github.com/myuser/myrepo.git\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ngithub_token_secret = gcp.secretmanager.Secret(\"github-token-secret\",\n secret_id=\"github-token-secret\",\n replication={\n \"auto\": {},\n })\ngithub_token_secret_version = gcp.secretmanager.SecretVersion(\"github-token-secret-version\",\n secret=github_token_secret.id,\n secret_data=std.file(input=\"my-github-token.txt\").result)\np4sa_secret_accessor = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\"],\n}])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n secret_id=github_token_secret.secret_id,\n policy_data=p4sa_secret_accessor.policy_data)\nmy_connection = gcp.cloudbuildv2.Connection(\"my-connection\",\n location=\"us-central1\",\n name=\"my-connection\",\n github_config={\n \"app_installation_id\": 123123,\n \"authorizer_credential\": {\n \"oauth_token_secret_version\": github_token_secret_version.id,\n },\n })\nmy_repository = gcp.cloudbuildv2.Repository(\"my-repository\",\n location=\"us-central1\",\n name=\"my-repo\",\n parent_connection=my_connection.name,\n remote_uri=\"https://github.com/myuser/myrepo.git\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var github_token_secret = new Gcp.SecretManager.Secret(\"github-token-secret\", new()\n {\n SecretId = \"github-token-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var github_token_secret_version = new Gcp.SecretManager.SecretVersion(\"github-token-secret-version\", new()\n {\n Secret = github_token_secret.Id,\n SecretData = Std.File.Invoke(new()\n {\n Input = \"my-github-token.txt\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n var p4sa_secretAccessor = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n SecretId = github_token_secret.SecretId,\n PolicyData = p4sa_secretAccessor.Apply(p4sa_secretAccessor =\u003e p4sa_secretAccessor.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData)),\n });\n\n var my_connection = new Gcp.CloudBuildV2.Connection(\"my-connection\", new()\n {\n Location = \"us-central1\",\n Name = \"my-connection\",\n GithubConfig = new Gcp.CloudBuildV2.Inputs.ConnectionGithubConfigArgs\n {\n AppInstallationId = 123123,\n AuthorizerCredential = new Gcp.CloudBuildV2.Inputs.ConnectionGithubConfigAuthorizerCredentialArgs\n {\n OauthTokenSecretVersion = github_token_secret_version.Id,\n },\n },\n });\n\n var my_repository = new Gcp.CloudBuildV2.Repository(\"my-repository\", new()\n {\n Location = \"us-central1\",\n Name = \"my-repo\",\n ParentConnection = my_connection.Name,\n RemoteUri = \"https://github.com/myuser/myrepo.git\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecret(ctx, \"github-token-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"github-token-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"my-github-token.txt\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"github-token-secret-version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: github_token_secret.ID(),\n\t\t\tSecretData: pulumi.String(invokeFile.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tp4sa_secretAccessor, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tSecretId: github_token_secret.SecretId,\n\t\t\tPolicyData: pulumi.String(p4sa_secretAccessor.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewConnection(ctx, \"my-connection\", \u0026cloudbuildv2.ConnectionArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"my-connection\"),\n\t\t\tGithubConfig: \u0026cloudbuildv2.ConnectionGithubConfigArgs{\n\t\t\t\tAppInstallationId: pulumi.Int(123123),\n\t\t\t\tAuthorizerCredential: \u0026cloudbuildv2.ConnectionGithubConfigAuthorizerCredentialArgs{\n\t\t\t\t\tOauthTokenSecretVersion: github_token_secret_version.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewRepository(ctx, \"my-repository\", \u0026cloudbuildv2.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"my-repo\"),\n\t\t\tParentConnection: my_connection.Name,\n\t\t\tRemoteUri: pulumi.String(\"https://github.com/myuser/myrepo.git\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport com.pulumi.gcp.cloudbuildv2.Connection;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionArgs;\nimport com.pulumi.gcp.cloudbuildv2.inputs.ConnectionGithubConfigArgs;\nimport com.pulumi.gcp.cloudbuildv2.inputs.ConnectionGithubConfigAuthorizerCredentialArgs;\nimport com.pulumi.gcp.cloudbuildv2.Repository;\nimport com.pulumi.gcp.cloudbuildv2.RepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var github_token_secret = new Secret(\"github-token-secret\", SecretArgs.builder()\n .secretId(\"github-token-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var github_token_secret_version = new SecretVersion(\"github-token-secret-version\", SecretVersionArgs.builder()\n .secret(github_token_secret.id())\n .secretData(StdFunctions.file(FileArgs.builder()\n .input(\"my-github-token.txt\")\n .build()).result())\n .build());\n\n final var p4sa-secretAccessor = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\")\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder()\n .secretId(github_token_secret.secretId())\n .policyData(p4sa_secretAccessor.policyData())\n .build());\n\n var my_connection = new Connection(\"my-connection\", ConnectionArgs.builder()\n .location(\"us-central1\")\n .name(\"my-connection\")\n .githubConfig(ConnectionGithubConfigArgs.builder()\n .appInstallationId(123123)\n .authorizerCredential(ConnectionGithubConfigAuthorizerCredentialArgs.builder()\n .oauthTokenSecretVersion(github_token_secret_version.id())\n .build())\n .build())\n .build());\n\n var my_repository = new Repository(\"my-repository\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .name(\"my-repo\")\n .parentConnection(my_connection.name())\n .remoteUri(\"https://github.com/myuser/myrepo.git\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n github-token-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: github-token-secret\n replication:\n auto: {}\n github-token-secret-version:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${[\"github-token-secret\"].id}\n secretData:\n fn::invoke:\n Function: std:file\n Arguments:\n input: my-github-token.txt\n Return: result\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n secretId: ${[\"github-token-secret\"].secretId}\n policyData: ${[\"p4sa-secretAccessor\"].policyData}\n my-connection:\n type: gcp:cloudbuildv2:Connection\n properties:\n location: us-central1\n name: my-connection\n githubConfig:\n appInstallationId: 123123\n authorizerCredential:\n oauthTokenSecretVersion: ${[\"github-token-secret-version\"].id}\n my-repository:\n type: gcp:cloudbuildv2:Repository\n properties:\n location: us-central1\n name: my-repo\n parentConnection: ${[\"my-connection\"].name}\n remoteUri: https://github.com/myuser/myrepo.git\nvariables:\n p4sa-secretAccessor:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRepository can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/connections/{{parent_connection}}/repositories/{{name}}`\n\n* `{{project}}/{{location}}/{{parent_connection}}/{{name}}`\n\n* `{{location}}/{{parent_connection}}/{{name}}`\n\nWhen using the `pulumi import` command, Repository can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:cloudbuildv2/repository:Repository default projects/{{project}}/locations/{{location}}/connections/{{parent_connection}}/repositories/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudbuildv2/repository:Repository default {{project}}/{{location}}/{{parent_connection}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudbuildv2/repository:Repository default {{location}}/{{parent_connection}}/{{name}}\n```\n\n", + "description": "A repository associated to a parent connection.\n\n\nTo get more information about Repository, see:\n\n* [API documentation](https://cloud.google.com/build/docs/api/reference/rest)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/build/docs)\n\n## Example Usage\n\n### Cloudbuildv2 Repository Ghe Doc\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst private_key_secret = new gcp.secretmanager.Secret(\"private-key-secret\", {\n secretId: \"ghe-pk-secret\",\n replication: {\n auto: {},\n },\n});\nconst private_key_secret_version = new gcp.secretmanager.SecretVersion(\"private-key-secret-version\", {\n secret: private_key_secret.id,\n secretData: std.file({\n input: \"private-key.pem\",\n }).then(invoke =\u003e invoke.result),\n});\nconst webhook_secret_secret = new gcp.secretmanager.Secret(\"webhook-secret-secret\", {\n secretId: \"github-token-secret\",\n replication: {\n auto: {},\n },\n});\nconst webhook_secret_secret_version = new gcp.secretmanager.SecretVersion(\"webhook-secret-secret-version\", {\n secret: webhook_secret_secret.id,\n secretData: \"\u003cwebhook-secret-data\u003e\",\n});\nconst p4sa-secretAccessor = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\"],\n }],\n});\nconst policy_pk = new gcp.secretmanager.SecretIamPolicy(\"policy-pk\", {\n secretId: private_key_secret.secretId,\n policyData: p4sa_secretAccessor.then(p4sa_secretAccessor =\u003e p4sa_secretAccessor.policyData),\n});\nconst policy_whs = new gcp.secretmanager.SecretIamPolicy(\"policy-whs\", {\n secretId: webhook_secret_secret.secretId,\n policyData: p4sa_secretAccessor.then(p4sa_secretAccessor =\u003e p4sa_secretAccessor.policyData),\n});\nconst my_connection = new gcp.cloudbuildv2.Connection(\"my-connection\", {\n location: \"us-central1\",\n name: \"my-terraform-ghe-connection\",\n githubEnterpriseConfig: {\n hostUri: \"https://ghe.com\",\n privateKeySecretVersion: private_key_secret_version.id,\n webhookSecretSecretVersion: webhook_secret_secret_version.id,\n appId: 200,\n appSlug: \"gcb-app\",\n appInstallationId: 300,\n },\n}, {\n dependsOn: [\n policy_pk,\n policy_whs,\n ],\n});\nconst my_repository = new gcp.cloudbuildv2.Repository(\"my-repository\", {\n name: \"my-terraform-ghe-repo\",\n location: \"us-central1\",\n parentConnection: my_connection.name,\n remoteUri: \"https://ghe.com/hashicorp/terraform-provider-google.git\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nprivate_key_secret = gcp.secretmanager.Secret(\"private-key-secret\",\n secret_id=\"ghe-pk-secret\",\n replication={\n \"auto\": {},\n })\nprivate_key_secret_version = gcp.secretmanager.SecretVersion(\"private-key-secret-version\",\n secret=private_key_secret.id,\n secret_data=std.file(input=\"private-key.pem\").result)\nwebhook_secret_secret = gcp.secretmanager.Secret(\"webhook-secret-secret\",\n secret_id=\"github-token-secret\",\n replication={\n \"auto\": {},\n })\nwebhook_secret_secret_version = gcp.secretmanager.SecretVersion(\"webhook-secret-secret-version\",\n secret=webhook_secret_secret.id,\n secret_data=\"\u003cwebhook-secret-data\u003e\")\np4sa_secret_accessor = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\"],\n}])\npolicy_pk = gcp.secretmanager.SecretIamPolicy(\"policy-pk\",\n secret_id=private_key_secret.secret_id,\n policy_data=p4sa_secret_accessor.policy_data)\npolicy_whs = gcp.secretmanager.SecretIamPolicy(\"policy-whs\",\n secret_id=webhook_secret_secret.secret_id,\n policy_data=p4sa_secret_accessor.policy_data)\nmy_connection = gcp.cloudbuildv2.Connection(\"my-connection\",\n location=\"us-central1\",\n name=\"my-terraform-ghe-connection\",\n github_enterprise_config={\n \"host_uri\": \"https://ghe.com\",\n \"private_key_secret_version\": private_key_secret_version.id,\n \"webhook_secret_secret_version\": webhook_secret_secret_version.id,\n \"app_id\": 200,\n \"app_slug\": \"gcb-app\",\n \"app_installation_id\": 300,\n },\n opts = pulumi.ResourceOptions(depends_on=[\n policy_pk,\n policy_whs,\n ]))\nmy_repository = gcp.cloudbuildv2.Repository(\"my-repository\",\n name=\"my-terraform-ghe-repo\",\n location=\"us-central1\",\n parent_connection=my_connection.name,\n remote_uri=\"https://ghe.com/hashicorp/terraform-provider-google.git\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var private_key_secret = new Gcp.SecretManager.Secret(\"private-key-secret\", new()\n {\n SecretId = \"ghe-pk-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var private_key_secret_version = new Gcp.SecretManager.SecretVersion(\"private-key-secret-version\", new()\n {\n Secret = private_key_secret.Id,\n SecretData = Std.File.Invoke(new()\n {\n Input = \"private-key.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n var webhook_secret_secret = new Gcp.SecretManager.Secret(\"webhook-secret-secret\", new()\n {\n SecretId = \"github-token-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var webhook_secret_secret_version = new Gcp.SecretManager.SecretVersion(\"webhook-secret-secret-version\", new()\n {\n Secret = webhook_secret_secret.Id,\n SecretData = \"\u003cwebhook-secret-data\u003e\",\n });\n\n var p4sa_secretAccessor = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\",\n },\n },\n },\n });\n\n var policy_pk = new Gcp.SecretManager.SecretIamPolicy(\"policy-pk\", new()\n {\n SecretId = private_key_secret.SecretId,\n PolicyData = p4sa_secretAccessor.Apply(p4sa_secretAccessor =\u003e p4sa_secretAccessor.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData)),\n });\n\n var policy_whs = new Gcp.SecretManager.SecretIamPolicy(\"policy-whs\", new()\n {\n SecretId = webhook_secret_secret.SecretId,\n PolicyData = p4sa_secretAccessor.Apply(p4sa_secretAccessor =\u003e p4sa_secretAccessor.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData)),\n });\n\n var my_connection = new Gcp.CloudBuildV2.Connection(\"my-connection\", new()\n {\n Location = \"us-central1\",\n Name = \"my-terraform-ghe-connection\",\n GithubEnterpriseConfig = new Gcp.CloudBuildV2.Inputs.ConnectionGithubEnterpriseConfigArgs\n {\n HostUri = \"https://ghe.com\",\n PrivateKeySecretVersion = private_key_secret_version.Id,\n WebhookSecretSecretVersion = webhook_secret_secret_version.Id,\n AppId = 200,\n AppSlug = \"gcb-app\",\n AppInstallationId = 300,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n policy_pk,\n policy_whs,\n },\n });\n\n var my_repository = new Gcp.CloudBuildV2.Repository(\"my-repository\", new()\n {\n Name = \"my-terraform-ghe-repo\",\n Location = \"us-central1\",\n ParentConnection = my_connection.Name,\n RemoteUri = \"https://ghe.com/hashicorp/terraform-provider-google.git\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecret(ctx, \"private-key-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"ghe-pk-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"private-key.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"private-key-secret-version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: private_key_secret.ID(),\n\t\t\tSecretData: pulumi.String(invokeFile.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecret(ctx, \"webhook-secret-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"github-token-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"webhook-secret-secret-version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: webhook_secret_secret.ID(),\n\t\t\tSecretData: pulumi.String(\"\u003cwebhook-secret-data\u003e\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tp4sa_secretAccessor, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy-pk\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tSecretId: private_key_secret.SecretId,\n\t\t\tPolicyData: pulumi.String(p4sa_secretAccessor.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy-whs\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tSecretId: webhook_secret_secret.SecretId,\n\t\t\tPolicyData: pulumi.String(p4sa_secretAccessor.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewConnection(ctx, \"my-connection\", \u0026cloudbuildv2.ConnectionArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"my-terraform-ghe-connection\"),\n\t\t\tGithubEnterpriseConfig: \u0026cloudbuildv2.ConnectionGithubEnterpriseConfigArgs{\n\t\t\t\tHostUri: pulumi.String(\"https://ghe.com\"),\n\t\t\t\tPrivateKeySecretVersion: private_key_secret_version.ID(),\n\t\t\t\tWebhookSecretSecretVersion: webhook_secret_secret_version.ID(),\n\t\t\t\tAppId: pulumi.Int(200),\n\t\t\t\tAppSlug: pulumi.String(\"gcb-app\"),\n\t\t\t\tAppInstallationId: pulumi.Int(300),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tpolicy_pk,\n\t\t\tpolicy_whs,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewRepository(ctx, \"my-repository\", \u0026cloudbuildv2.RepositoryArgs{\n\t\t\tName: pulumi.String(\"my-terraform-ghe-repo\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tParentConnection: my_connection.Name,\n\t\t\tRemoteUri: pulumi.String(\"https://ghe.com/hashicorp/terraform-provider-google.git\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport com.pulumi.gcp.cloudbuildv2.Connection;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionArgs;\nimport com.pulumi.gcp.cloudbuildv2.inputs.ConnectionGithubEnterpriseConfigArgs;\nimport com.pulumi.gcp.cloudbuildv2.Repository;\nimport com.pulumi.gcp.cloudbuildv2.RepositoryArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var private_key_secret = new Secret(\"private-key-secret\", SecretArgs.builder()\n .secretId(\"ghe-pk-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var private_key_secret_version = new SecretVersion(\"private-key-secret-version\", SecretVersionArgs.builder()\n .secret(private_key_secret.id())\n .secretData(StdFunctions.file(FileArgs.builder()\n .input(\"private-key.pem\")\n .build()).result())\n .build());\n\n var webhook_secret_secret = new Secret(\"webhook-secret-secret\", SecretArgs.builder()\n .secretId(\"github-token-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var webhook_secret_secret_version = new SecretVersion(\"webhook-secret-secret-version\", SecretVersionArgs.builder()\n .secret(webhook_secret_secret.id())\n .secretData(\"\u003cwebhook-secret-data\u003e\")\n .build());\n\n final var p4sa-secretAccessor = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\")\n .build())\n .build());\n\n var policy_pk = new SecretIamPolicy(\"policy-pk\", SecretIamPolicyArgs.builder()\n .secretId(private_key_secret.secretId())\n .policyData(p4sa_secretAccessor.policyData())\n .build());\n\n var policy_whs = new SecretIamPolicy(\"policy-whs\", SecretIamPolicyArgs.builder()\n .secretId(webhook_secret_secret.secretId())\n .policyData(p4sa_secretAccessor.policyData())\n .build());\n\n var my_connection = new Connection(\"my-connection\", ConnectionArgs.builder()\n .location(\"us-central1\")\n .name(\"my-terraform-ghe-connection\")\n .githubEnterpriseConfig(ConnectionGithubEnterpriseConfigArgs.builder()\n .hostUri(\"https://ghe.com\")\n .privateKeySecretVersion(private_key_secret_version.id())\n .webhookSecretSecretVersion(webhook_secret_secret_version.id())\n .appId(200)\n .appSlug(\"gcb-app\")\n .appInstallationId(300)\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n policy_pk,\n policy_whs)\n .build());\n\n var my_repository = new Repository(\"my-repository\", RepositoryArgs.builder()\n .name(\"my-terraform-ghe-repo\")\n .location(\"us-central1\")\n .parentConnection(my_connection.name())\n .remoteUri(\"https://ghe.com/hashicorp/terraform-provider-google.git\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n private-key-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: ghe-pk-secret\n replication:\n auto: {}\n private-key-secret-version:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${[\"private-key-secret\"].id}\n secretData:\n fn::invoke:\n function: std:file\n arguments:\n input: private-key.pem\n return: result\n webhook-secret-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: github-token-secret\n replication:\n auto: {}\n webhook-secret-secret-version:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${[\"webhook-secret-secret\"].id}\n secretData: \u003cwebhook-secret-data\u003e\n policy-pk:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n secretId: ${[\"private-key-secret\"].secretId}\n policyData: ${[\"p4sa-secretAccessor\"].policyData}\n policy-whs:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n secretId: ${[\"webhook-secret-secret\"].secretId}\n policyData: ${[\"p4sa-secretAccessor\"].policyData}\n my-connection:\n type: gcp:cloudbuildv2:Connection\n properties:\n location: us-central1\n name: my-terraform-ghe-connection\n githubEnterpriseConfig:\n hostUri: https://ghe.com\n privateKeySecretVersion: ${[\"private-key-secret-version\"].id}\n webhookSecretSecretVersion: ${[\"webhook-secret-secret-version\"].id}\n appId: 200\n appSlug: gcb-app\n appInstallationId: 300\n options:\n dependsOn:\n - ${[\"policy-pk\"]}\n - ${[\"policy-whs\"]}\n my-repository:\n type: gcp:cloudbuildv2:Repository\n properties:\n name: my-terraform-ghe-repo\n location: us-central1\n parentConnection: ${[\"my-connection\"].name}\n remoteUri: https://ghe.com/hashicorp/terraform-provider-google.git\nvariables:\n p4sa-secretAccessor:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudbuildv2 Repository Github Doc\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst github_token_secret = new gcp.secretmanager.Secret(\"github-token-secret\", {\n secretId: \"github-token-secret\",\n replication: {\n auto: {},\n },\n});\nconst github_token_secret_version = new gcp.secretmanager.SecretVersion(\"github-token-secret-version\", {\n secret: github_token_secret.id,\n secretData: std.file({\n input: \"my-github-token.txt\",\n }).then(invoke =\u003e invoke.result),\n});\nconst p4sa-secretAccessor = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n secretId: github_token_secret.secretId,\n policyData: p4sa_secretAccessor.then(p4sa_secretAccessor =\u003e p4sa_secretAccessor.policyData),\n});\nconst my_connection = new gcp.cloudbuildv2.Connection(\"my-connection\", {\n location: \"us-central1\",\n name: \"my-connection\",\n githubConfig: {\n appInstallationId: 123123,\n authorizerCredential: {\n oauthTokenSecretVersion: github_token_secret_version.id,\n },\n },\n});\nconst my_repository = new gcp.cloudbuildv2.Repository(\"my-repository\", {\n location: \"us-central1\",\n name: \"my-repo\",\n parentConnection: my_connection.name,\n remoteUri: \"https://github.com/myuser/myrepo.git\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ngithub_token_secret = gcp.secretmanager.Secret(\"github-token-secret\",\n secret_id=\"github-token-secret\",\n replication={\n \"auto\": {},\n })\ngithub_token_secret_version = gcp.secretmanager.SecretVersion(\"github-token-secret-version\",\n secret=github_token_secret.id,\n secret_data=std.file(input=\"my-github-token.txt\").result)\np4sa_secret_accessor = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\"],\n}])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n secret_id=github_token_secret.secret_id,\n policy_data=p4sa_secret_accessor.policy_data)\nmy_connection = gcp.cloudbuildv2.Connection(\"my-connection\",\n location=\"us-central1\",\n name=\"my-connection\",\n github_config={\n \"app_installation_id\": 123123,\n \"authorizer_credential\": {\n \"oauth_token_secret_version\": github_token_secret_version.id,\n },\n })\nmy_repository = gcp.cloudbuildv2.Repository(\"my-repository\",\n location=\"us-central1\",\n name=\"my-repo\",\n parent_connection=my_connection.name,\n remote_uri=\"https://github.com/myuser/myrepo.git\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var github_token_secret = new Gcp.SecretManager.Secret(\"github-token-secret\", new()\n {\n SecretId = \"github-token-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var github_token_secret_version = new Gcp.SecretManager.SecretVersion(\"github-token-secret-version\", new()\n {\n Secret = github_token_secret.Id,\n SecretData = Std.File.Invoke(new()\n {\n Input = \"my-github-token.txt\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n var p4sa_secretAccessor = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n SecretId = github_token_secret.SecretId,\n PolicyData = p4sa_secretAccessor.Apply(p4sa_secretAccessor =\u003e p4sa_secretAccessor.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData)),\n });\n\n var my_connection = new Gcp.CloudBuildV2.Connection(\"my-connection\", new()\n {\n Location = \"us-central1\",\n Name = \"my-connection\",\n GithubConfig = new Gcp.CloudBuildV2.Inputs.ConnectionGithubConfigArgs\n {\n AppInstallationId = 123123,\n AuthorizerCredential = new Gcp.CloudBuildV2.Inputs.ConnectionGithubConfigAuthorizerCredentialArgs\n {\n OauthTokenSecretVersion = github_token_secret_version.Id,\n },\n },\n });\n\n var my_repository = new Gcp.CloudBuildV2.Repository(\"my-repository\", new()\n {\n Location = \"us-central1\",\n Name = \"my-repo\",\n ParentConnection = my_connection.Name,\n RemoteUri = \"https://github.com/myuser/myrepo.git\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecret(ctx, \"github-token-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"github-token-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"my-github-token.txt\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"github-token-secret-version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: github_token_secret.ID(),\n\t\t\tSecretData: pulumi.String(invokeFile.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tp4sa_secretAccessor, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tSecretId: github_token_secret.SecretId,\n\t\t\tPolicyData: pulumi.String(p4sa_secretAccessor.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewConnection(ctx, \"my-connection\", \u0026cloudbuildv2.ConnectionArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"my-connection\"),\n\t\t\tGithubConfig: \u0026cloudbuildv2.ConnectionGithubConfigArgs{\n\t\t\t\tAppInstallationId: pulumi.Int(123123),\n\t\t\t\tAuthorizerCredential: \u0026cloudbuildv2.ConnectionGithubConfigAuthorizerCredentialArgs{\n\t\t\t\t\tOauthTokenSecretVersion: github_token_secret_version.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewRepository(ctx, \"my-repository\", \u0026cloudbuildv2.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"my-repo\"),\n\t\t\tParentConnection: my_connection.Name,\n\t\t\tRemoteUri: pulumi.String(\"https://github.com/myuser/myrepo.git\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport com.pulumi.gcp.cloudbuildv2.Connection;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionArgs;\nimport com.pulumi.gcp.cloudbuildv2.inputs.ConnectionGithubConfigArgs;\nimport com.pulumi.gcp.cloudbuildv2.inputs.ConnectionGithubConfigAuthorizerCredentialArgs;\nimport com.pulumi.gcp.cloudbuildv2.Repository;\nimport com.pulumi.gcp.cloudbuildv2.RepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var github_token_secret = new Secret(\"github-token-secret\", SecretArgs.builder()\n .secretId(\"github-token-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var github_token_secret_version = new SecretVersion(\"github-token-secret-version\", SecretVersionArgs.builder()\n .secret(github_token_secret.id())\n .secretData(StdFunctions.file(FileArgs.builder()\n .input(\"my-github-token.txt\")\n .build()).result())\n .build());\n\n final var p4sa-secretAccessor = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\")\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder()\n .secretId(github_token_secret.secretId())\n .policyData(p4sa_secretAccessor.policyData())\n .build());\n\n var my_connection = new Connection(\"my-connection\", ConnectionArgs.builder()\n .location(\"us-central1\")\n .name(\"my-connection\")\n .githubConfig(ConnectionGithubConfigArgs.builder()\n .appInstallationId(123123)\n .authorizerCredential(ConnectionGithubConfigAuthorizerCredentialArgs.builder()\n .oauthTokenSecretVersion(github_token_secret_version.id())\n .build())\n .build())\n .build());\n\n var my_repository = new Repository(\"my-repository\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .name(\"my-repo\")\n .parentConnection(my_connection.name())\n .remoteUri(\"https://github.com/myuser/myrepo.git\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n github-token-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: github-token-secret\n replication:\n auto: {}\n github-token-secret-version:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${[\"github-token-secret\"].id}\n secretData:\n fn::invoke:\n function: std:file\n arguments:\n input: my-github-token.txt\n return: result\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n secretId: ${[\"github-token-secret\"].secretId}\n policyData: ${[\"p4sa-secretAccessor\"].policyData}\n my-connection:\n type: gcp:cloudbuildv2:Connection\n properties:\n location: us-central1\n name: my-connection\n githubConfig:\n appInstallationId: 123123\n authorizerCredential:\n oauthTokenSecretVersion: ${[\"github-token-secret-version\"].id}\n my-repository:\n type: gcp:cloudbuildv2:Repository\n properties:\n location: us-central1\n name: my-repo\n parentConnection: ${[\"my-connection\"].name}\n remoteUri: https://github.com/myuser/myrepo.git\nvariables:\n p4sa-secretAccessor:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - serviceAccount:service-123456789@gcp-sa-cloudbuild.iam.gserviceaccount.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRepository can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/connections/{{parent_connection}}/repositories/{{name}}`\n\n* `{{project}}/{{location}}/{{parent_connection}}/{{name}}`\n\n* `{{location}}/{{parent_connection}}/{{name}}`\n\nWhen using the `pulumi import` command, Repository can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:cloudbuildv2/repository:Repository default projects/{{project}}/locations/{{location}}/connections/{{parent_connection}}/repositories/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudbuildv2/repository:Repository default {{project}}/{{location}}/{{parent_connection}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudbuildv2/repository:Repository default {{location}}/{{parent_connection}}/{{name}}\n```\n\n", "properties": { "annotations": { "type": "object", @@ -153957,7 +153957,7 @@ } }, "gcp:cloudfunctions/functionIamBinding:FunctionIamBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud Functions CloudFunction. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the cloudfunction and replaces any existing policy already attached.\n* `gcp.cloudfunctions.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cloudfunction are preserved.\n* `gcp.cloudfunctions.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cloudfunction are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Retrieves the IAM policy for the cloudfunction\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctions.FunctionIamBinding` and `gcp.cloudfunctions.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctions.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudfunctions.FunctionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctions.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudfunctions.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctions.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctions.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctions.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctions:FunctionIamPolicy\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctions.FunctionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctions.FunctionIamBinding(\"binding\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctions.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctions.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctions.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctions:FunctionIamBinding\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctions.FunctionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctions.FunctionIamMember(\"member\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctions.FunctionIamMember(\"member\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctions.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctions.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctions:FunctionIamMember\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Functions CloudFunction\nThree different resources help you manage your IAM policy for Cloud Functions CloudFunction. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the cloudfunction and replaces any existing policy already attached.\n* `gcp.cloudfunctions.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cloudfunction are preserved.\n* `gcp.cloudfunctions.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cloudfunction are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Retrieves the IAM policy for the cloudfunction\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctions.FunctionIamBinding` and `gcp.cloudfunctions.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctions.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudfunctions.FunctionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctions.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudfunctions.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctions.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctions.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctions.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctions:FunctionIamPolicy\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctions.FunctionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctions.FunctionIamBinding(\"binding\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctions.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctions.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctions.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctions:FunctionIamBinding\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctions.FunctionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctions.FunctionIamMember(\"member\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctions.FunctionIamMember(\"member\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctions.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctions.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctions:FunctionIamMember\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/functions/{{cloud_function}}\n\n* {{project}}/{{region}}/{{cloud_function}}\n\n* {{region}}/{{cloud_function}}\n\n* {{cloud_function}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Functions cloudfunction IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamBinding:FunctionIamBinding editor \"projects/{{project}}/locations/{{region}}/functions/{{cloud_function}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamBinding:FunctionIamBinding editor \"projects/{{project}}/locations/{{region}}/functions/{{cloud_function}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamBinding:FunctionIamBinding editor projects/{{project}}/locations/{{region}}/functions/{{cloud_function}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Functions CloudFunction. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the cloudfunction and replaces any existing policy already attached.\n* `gcp.cloudfunctions.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cloudfunction are preserved.\n* `gcp.cloudfunctions.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cloudfunction are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Retrieves the IAM policy for the cloudfunction\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctions.FunctionIamBinding` and `gcp.cloudfunctions.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctions.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudfunctions.FunctionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctions.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudfunctions.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctions.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctions.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctions.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctions:FunctionIamPolicy\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctions.FunctionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctions.FunctionIamBinding(\"binding\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctions.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctions.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctions.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctions:FunctionIamBinding\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctions.FunctionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctions.FunctionIamMember(\"member\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctions.FunctionIamMember(\"member\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctions.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctions.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctions:FunctionIamMember\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Functions CloudFunction\nThree different resources help you manage your IAM policy for Cloud Functions CloudFunction. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the cloudfunction and replaces any existing policy already attached.\n* `gcp.cloudfunctions.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cloudfunction are preserved.\n* `gcp.cloudfunctions.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cloudfunction are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Retrieves the IAM policy for the cloudfunction\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctions.FunctionIamBinding` and `gcp.cloudfunctions.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctions.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudfunctions.FunctionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctions.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudfunctions.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctions.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctions.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctions.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctions:FunctionIamPolicy\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctions.FunctionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctions.FunctionIamBinding(\"binding\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctions.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctions.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctions.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctions:FunctionIamBinding\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctions.FunctionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctions.FunctionIamMember(\"member\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctions.FunctionIamMember(\"member\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctions.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctions.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctions:FunctionIamMember\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/functions/{{cloud_function}}\n\n* {{project}}/{{region}}/{{cloud_function}}\n\n* {{region}}/{{cloud_function}}\n\n* {{cloud_function}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Functions cloudfunction IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamBinding:FunctionIamBinding editor \"projects/{{project}}/locations/{{region}}/functions/{{cloud_function}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamBinding:FunctionIamBinding editor \"projects/{{project}}/locations/{{region}}/functions/{{cloud_function}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamBinding:FunctionIamBinding editor projects/{{project}}/locations/{{region}}/functions/{{cloud_function}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "cloudFunction": { "type": "string", @@ -154079,7 +154079,7 @@ } }, "gcp:cloudfunctions/functionIamMember:FunctionIamMember": { - "description": "Three different resources help you manage your IAM policy for Cloud Functions CloudFunction. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the cloudfunction and replaces any existing policy already attached.\n* `gcp.cloudfunctions.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cloudfunction are preserved.\n* `gcp.cloudfunctions.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cloudfunction are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Retrieves the IAM policy for the cloudfunction\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctions.FunctionIamBinding` and `gcp.cloudfunctions.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctions.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudfunctions.FunctionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctions.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudfunctions.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctions.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctions.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctions.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctions:FunctionIamPolicy\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctions.FunctionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctions.FunctionIamBinding(\"binding\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctions.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctions.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctions.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctions:FunctionIamBinding\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctions.FunctionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctions.FunctionIamMember(\"member\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctions.FunctionIamMember(\"member\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctions.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctions.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctions:FunctionIamMember\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Functions CloudFunction\nThree different resources help you manage your IAM policy for Cloud Functions CloudFunction. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the cloudfunction and replaces any existing policy already attached.\n* `gcp.cloudfunctions.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cloudfunction are preserved.\n* `gcp.cloudfunctions.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cloudfunction are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Retrieves the IAM policy for the cloudfunction\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctions.FunctionIamBinding` and `gcp.cloudfunctions.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctions.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudfunctions.FunctionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctions.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudfunctions.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctions.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctions.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctions.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctions:FunctionIamPolicy\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctions.FunctionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctions.FunctionIamBinding(\"binding\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctions.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctions.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctions.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctions:FunctionIamBinding\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctions.FunctionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctions.FunctionIamMember(\"member\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctions.FunctionIamMember(\"member\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctions.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctions.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctions:FunctionIamMember\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/functions/{{cloud_function}}\n\n* {{project}}/{{region}}/{{cloud_function}}\n\n* {{region}}/{{cloud_function}}\n\n* {{cloud_function}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Functions cloudfunction IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamMember:FunctionIamMember editor \"projects/{{project}}/locations/{{region}}/functions/{{cloud_function}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamMember:FunctionIamMember editor \"projects/{{project}}/locations/{{region}}/functions/{{cloud_function}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamMember:FunctionIamMember editor projects/{{project}}/locations/{{region}}/functions/{{cloud_function}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Functions CloudFunction. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the cloudfunction and replaces any existing policy already attached.\n* `gcp.cloudfunctions.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cloudfunction are preserved.\n* `gcp.cloudfunctions.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cloudfunction are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Retrieves the IAM policy for the cloudfunction\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctions.FunctionIamBinding` and `gcp.cloudfunctions.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctions.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudfunctions.FunctionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctions.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudfunctions.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctions.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctions.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctions.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctions:FunctionIamPolicy\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctions.FunctionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctions.FunctionIamBinding(\"binding\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctions.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctions.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctions.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctions:FunctionIamBinding\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctions.FunctionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctions.FunctionIamMember(\"member\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctions.FunctionIamMember(\"member\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctions.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctions.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctions:FunctionIamMember\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Functions CloudFunction\nThree different resources help you manage your IAM policy for Cloud Functions CloudFunction. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the cloudfunction and replaces any existing policy already attached.\n* `gcp.cloudfunctions.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cloudfunction are preserved.\n* `gcp.cloudfunctions.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cloudfunction are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Retrieves the IAM policy for the cloudfunction\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctions.FunctionIamBinding` and `gcp.cloudfunctions.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctions.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudfunctions.FunctionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctions.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudfunctions.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctions.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctions.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctions.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctions:FunctionIamPolicy\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctions.FunctionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctions.FunctionIamBinding(\"binding\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctions.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctions.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctions.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctions:FunctionIamBinding\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctions.FunctionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctions.FunctionIamMember(\"member\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctions.FunctionIamMember(\"member\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctions.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctions.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctions:FunctionIamMember\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/functions/{{cloud_function}}\n\n* {{project}}/{{region}}/{{cloud_function}}\n\n* {{region}}/{{cloud_function}}\n\n* {{cloud_function}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Functions cloudfunction IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamMember:FunctionIamMember editor \"projects/{{project}}/locations/{{region}}/functions/{{cloud_function}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamMember:FunctionIamMember editor \"projects/{{project}}/locations/{{region}}/functions/{{cloud_function}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamMember:FunctionIamMember editor projects/{{project}}/locations/{{region}}/functions/{{cloud_function}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "cloudFunction": { "type": "string", @@ -154194,7 +154194,7 @@ } }, "gcp:cloudfunctions/functionIamPolicy:FunctionIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud Functions CloudFunction. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the cloudfunction and replaces any existing policy already attached.\n* `gcp.cloudfunctions.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cloudfunction are preserved.\n* `gcp.cloudfunctions.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cloudfunction are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Retrieves the IAM policy for the cloudfunction\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctions.FunctionIamBinding` and `gcp.cloudfunctions.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctions.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudfunctions.FunctionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctions.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudfunctions.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctions.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctions.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctions.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctions:FunctionIamPolicy\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctions.FunctionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctions.FunctionIamBinding(\"binding\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctions.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctions.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctions.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctions:FunctionIamBinding\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctions.FunctionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctions.FunctionIamMember(\"member\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctions.FunctionIamMember(\"member\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctions.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctions.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctions:FunctionIamMember\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Functions CloudFunction\nThree different resources help you manage your IAM policy for Cloud Functions CloudFunction. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the cloudfunction and replaces any existing policy already attached.\n* `gcp.cloudfunctions.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cloudfunction are preserved.\n* `gcp.cloudfunctions.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cloudfunction are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Retrieves the IAM policy for the cloudfunction\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctions.FunctionIamBinding` and `gcp.cloudfunctions.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctions.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudfunctions.FunctionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctions.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudfunctions.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctions.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctions.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctions.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctions:FunctionIamPolicy\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctions.FunctionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctions.FunctionIamBinding(\"binding\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctions.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctions.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctions.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctions:FunctionIamBinding\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctions.FunctionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctions.FunctionIamMember(\"member\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctions.FunctionIamMember(\"member\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctions.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctions.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctions:FunctionIamMember\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/functions/{{cloud_function}}\n\n* {{project}}/{{region}}/{{cloud_function}}\n\n* {{region}}/{{cloud_function}}\n\n* {{cloud_function}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Functions cloudfunction IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamPolicy:FunctionIamPolicy editor \"projects/{{project}}/locations/{{region}}/functions/{{cloud_function}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamPolicy:FunctionIamPolicy editor \"projects/{{project}}/locations/{{region}}/functions/{{cloud_function}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamPolicy:FunctionIamPolicy editor projects/{{project}}/locations/{{region}}/functions/{{cloud_function}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Functions CloudFunction. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the cloudfunction and replaces any existing policy already attached.\n* `gcp.cloudfunctions.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cloudfunction are preserved.\n* `gcp.cloudfunctions.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cloudfunction are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Retrieves the IAM policy for the cloudfunction\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctions.FunctionIamBinding` and `gcp.cloudfunctions.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctions.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudfunctions.FunctionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctions.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudfunctions.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctions.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctions.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctions.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctions:FunctionIamPolicy\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctions.FunctionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctions.FunctionIamBinding(\"binding\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctions.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctions.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctions.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctions:FunctionIamBinding\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctions.FunctionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctions.FunctionIamMember(\"member\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctions.FunctionIamMember(\"member\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctions.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctions.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctions:FunctionIamMember\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Functions CloudFunction\nThree different resources help you manage your IAM policy for Cloud Functions CloudFunction. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the cloudfunction and replaces any existing policy already attached.\n* `gcp.cloudfunctions.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cloudfunction are preserved.\n* `gcp.cloudfunctions.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cloudfunction are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Retrieves the IAM policy for the cloudfunction\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctions.FunctionIamBinding` and `gcp.cloudfunctions.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctions.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudfunctions.FunctionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctions.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudfunctions.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctions.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctions.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctions.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctions:FunctionIamPolicy\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctions.FunctionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctions.FunctionIamBinding(\"binding\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctions.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctions.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctions.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctions:FunctionIamBinding\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctions.FunctionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctions.FunctionIamMember(\"member\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctions.FunctionIamMember(\"member\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctions.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctions.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctions:FunctionIamMember\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/functions/{{cloud_function}}\n\n* {{project}}/{{region}}/{{cloud_function}}\n\n* {{region}}/{{cloud_function}}\n\n* {{cloud_function}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Functions cloudfunction IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamPolicy:FunctionIamPolicy editor \"projects/{{project}}/locations/{{region}}/functions/{{cloud_function}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamPolicy:FunctionIamPolicy editor \"projects/{{project}}/locations/{{region}}/functions/{{cloud_function}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamPolicy:FunctionIamPolicy editor projects/{{project}}/locations/{{region}}/functions/{{cloud_function}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "cloudFunction": { "type": "string", @@ -154280,7 +154280,7 @@ } }, "gcp:cloudfunctionsv2/function:Function": { - "description": "A Cloud Function that contains user computation executed in response to an event.\n\n\nTo get more information about function, see:\n\n* [API documentation](https://cloud.google.com/functions/docs/reference/rest/v2beta/projects.locations.functions)\n\n## Example Usage\n\n### Cloudfunctions2 Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = \"my-project-name\";\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: `${project}-gcf-source`,\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst object = new gcp.storage.BucketObject(\"object\", {\n name: \"function-source.zip\",\n bucket: bucket.name,\n source: new pulumi.asset.FileAsset(\"function-source.zip\"),\n});\nconst _function = new gcp.cloudfunctionsv2.Function(\"function\", {\n name: \"function-v2\",\n location: \"us-central1\",\n description: \"a new function\",\n buildConfig: {\n runtime: \"nodejs16\",\n entryPoint: \"helloHttp\",\n source: {\n storageSource: {\n bucket: bucket.name,\n object: object.name,\n },\n },\n },\n serviceConfig: {\n maxInstanceCount: 1,\n availableMemory: \"256M\",\n timeoutSeconds: 60,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = \"my-project-name\"\nbucket = gcp.storage.Bucket(\"bucket\",\n name=f\"{project}-gcf-source\",\n location=\"US\",\n uniform_bucket_level_access=True)\nobject = gcp.storage.BucketObject(\"object\",\n name=\"function-source.zip\",\n bucket=bucket.name,\n source=pulumi.FileAsset(\"function-source.zip\"))\nfunction = gcp.cloudfunctionsv2.Function(\"function\",\n name=\"function-v2\",\n location=\"us-central1\",\n description=\"a new function\",\n build_config={\n \"runtime\": \"nodejs16\",\n \"entry_point\": \"helloHttp\",\n \"source\": {\n \"storage_source\": {\n \"bucket\": bucket.name,\n \"object\": object.name,\n },\n },\n },\n service_config={\n \"max_instance_count\": 1,\n \"available_memory\": \"256M\",\n \"timeout_seconds\": 60,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = \"my-project-name\";\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = $\"{project}-gcf-source\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var @object = new Gcp.Storage.BucketObject(\"object\", new()\n {\n Name = \"function-source.zip\",\n Bucket = bucket.Name,\n Source = new FileAsset(\"function-source.zip\"),\n });\n\n var function = new Gcp.CloudFunctionsV2.Function(\"function\", new()\n {\n Name = \"function-v2\",\n Location = \"us-central1\",\n Description = \"a new function\",\n BuildConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigArgs\n {\n Runtime = \"nodejs16\",\n EntryPoint = \"helloHttp\",\n Source = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceArgs\n {\n StorageSource = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceStorageSourceArgs\n {\n Bucket = bucket.Name,\n Object = @object.Name,\n },\n },\n },\n ServiceConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionServiceConfigArgs\n {\n MaxInstanceCount = 1,\n AvailableMemory = \"256M\",\n TimeoutSeconds = 60,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject := \"my-project-name\"\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.Sprintf(\"%v-gcf-source\", project),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tobject, err := storage.NewBucketObject(ctx, \"object\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"function-source.zip\"),\n\t\t\tBucket: bucket.Name,\n\t\t\tSource: pulumi.NewFileAsset(\"function-source.zip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunction(ctx, \"function\", \u0026cloudfunctionsv2.FunctionArgs{\n\t\t\tName: pulumi.String(\"function-v2\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"a new function\"),\n\t\t\tBuildConfig: \u0026cloudfunctionsv2.FunctionBuildConfigArgs{\n\t\t\t\tRuntime: pulumi.String(\"nodejs16\"),\n\t\t\t\tEntryPoint: pulumi.String(\"helloHttp\"),\n\t\t\t\tSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceArgs{\n\t\t\t\t\tStorageSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs{\n\t\t\t\t\t\tBucket: bucket.Name,\n\t\t\t\t\t\tObject: object.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tServiceConfig: \u0026cloudfunctionsv2.FunctionServiceConfigArgs{\n\t\t\t\tMaxInstanceCount: pulumi.Int(1),\n\t\t\t\tAvailableMemory: pulumi.String(\"256M\"),\n\t\t\t\tTimeoutSeconds: pulumi.Int(60),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.Function;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceStorageSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionServiceConfigArgs;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = \"my-project-name\";\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(String.format(\"%s-gcf-source\", project))\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var object = new BucketObject(\"object\", BucketObjectArgs.builder()\n .name(\"function-source.zip\")\n .bucket(bucket.name())\n .source(new FileAsset(\"function-source.zip\"))\n .build());\n\n var function = new Function(\"function\", FunctionArgs.builder()\n .name(\"function-v2\")\n .location(\"us-central1\")\n .description(\"a new function\")\n .buildConfig(FunctionBuildConfigArgs.builder()\n .runtime(\"nodejs16\")\n .entryPoint(\"helloHttp\")\n .source(FunctionBuildConfigSourceArgs.builder()\n .storageSource(FunctionBuildConfigSourceStorageSourceArgs.builder()\n .bucket(bucket.name())\n .object(object.name())\n .build())\n .build())\n .build())\n .serviceConfig(FunctionServiceConfigArgs.builder()\n .maxInstanceCount(1)\n .availableMemory(\"256M\")\n .timeoutSeconds(60)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: ${project}-gcf-source\n location: US\n uniformBucketLevelAccess: true\n object:\n type: gcp:storage:BucketObject\n properties:\n name: function-source.zip\n bucket: ${bucket.name}\n source:\n fn::FileAsset: function-source.zip\n function:\n type: gcp:cloudfunctionsv2:Function\n properties:\n name: function-v2\n location: us-central1\n description: a new function\n buildConfig:\n runtime: nodejs16\n entryPoint: helloHttp\n source:\n storageSource:\n bucket: ${bucket.name}\n object: ${object.name}\n serviceConfig:\n maxInstanceCount: 1\n availableMemory: 256M\n timeoutSeconds: 60\nvariables:\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudfunctions2 Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = \"my-project-name\";\nconst account = new gcp.serviceaccount.Account(\"account\", {\n accountId: \"gcf-sa\",\n displayName: \"Test Service Account\",\n});\nconst topic = new gcp.pubsub.Topic(\"topic\", {name: \"functions2-topic\"});\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: `${project}-gcf-source`,\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst object = new gcp.storage.BucketObject(\"object\", {\n name: \"function-source.zip\",\n bucket: bucket.name,\n source: new pulumi.asset.FileAsset(\"function-source.zip\"),\n});\nconst _function = new gcp.cloudfunctionsv2.Function(\"function\", {\n name: \"gcf-function\",\n location: \"us-central1\",\n description: \"a new function\",\n buildConfig: {\n runtime: \"nodejs16\",\n entryPoint: \"helloPubSub\",\n environmentVariables: {\n BUILD_CONFIG_TEST: \"build_test\",\n },\n source: {\n storageSource: {\n bucket: bucket.name,\n object: object.name,\n },\n },\n },\n serviceConfig: {\n maxInstanceCount: 3,\n minInstanceCount: 1,\n availableMemory: \"4Gi\",\n timeoutSeconds: 60,\n maxInstanceRequestConcurrency: 80,\n availableCpu: \"4\",\n environmentVariables: {\n SERVICE_CONFIG_TEST: \"config_test\",\n SERVICE_CONFIG_DIFF_TEST: account.email,\n },\n ingressSettings: \"ALLOW_INTERNAL_ONLY\",\n allTrafficOnLatestRevision: true,\n serviceAccountEmail: account.email,\n },\n eventTrigger: {\n triggerRegion: \"us-central1\",\n eventType: \"google.cloud.pubsub.topic.v1.messagePublished\",\n pubsubTopic: topic.id,\n retryPolicy: \"RETRY_POLICY_RETRY\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = \"my-project-name\"\naccount = gcp.serviceaccount.Account(\"account\",\n account_id=\"gcf-sa\",\n display_name=\"Test Service Account\")\ntopic = gcp.pubsub.Topic(\"topic\", name=\"functions2-topic\")\nbucket = gcp.storage.Bucket(\"bucket\",\n name=f\"{project}-gcf-source\",\n location=\"US\",\n uniform_bucket_level_access=True)\nobject = gcp.storage.BucketObject(\"object\",\n name=\"function-source.zip\",\n bucket=bucket.name,\n source=pulumi.FileAsset(\"function-source.zip\"))\nfunction = gcp.cloudfunctionsv2.Function(\"function\",\n name=\"gcf-function\",\n location=\"us-central1\",\n description=\"a new function\",\n build_config={\n \"runtime\": \"nodejs16\",\n \"entry_point\": \"helloPubSub\",\n \"environment_variables\": {\n \"BUILD_CONFIG_TEST\": \"build_test\",\n },\n \"source\": {\n \"storage_source\": {\n \"bucket\": bucket.name,\n \"object\": object.name,\n },\n },\n },\n service_config={\n \"max_instance_count\": 3,\n \"min_instance_count\": 1,\n \"available_memory\": \"4Gi\",\n \"timeout_seconds\": 60,\n \"max_instance_request_concurrency\": 80,\n \"available_cpu\": \"4\",\n \"environment_variables\": {\n \"SERVICE_CONFIG_TEST\": \"config_test\",\n \"SERVICE_CONFIG_DIFF_TEST\": account.email,\n },\n \"ingress_settings\": \"ALLOW_INTERNAL_ONLY\",\n \"all_traffic_on_latest_revision\": True,\n \"service_account_email\": account.email,\n },\n event_trigger={\n \"trigger_region\": \"us-central1\",\n \"event_type\": \"google.cloud.pubsub.topic.v1.messagePublished\",\n \"pubsub_topic\": topic.id,\n \"retry_policy\": \"RETRY_POLICY_RETRY\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = \"my-project-name\";\n\n var account = new Gcp.ServiceAccount.Account(\"account\", new()\n {\n AccountId = \"gcf-sa\",\n DisplayName = \"Test Service Account\",\n });\n\n var topic = new Gcp.PubSub.Topic(\"topic\", new()\n {\n Name = \"functions2-topic\",\n });\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = $\"{project}-gcf-source\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var @object = new Gcp.Storage.BucketObject(\"object\", new()\n {\n Name = \"function-source.zip\",\n Bucket = bucket.Name,\n Source = new FileAsset(\"function-source.zip\"),\n });\n\n var function = new Gcp.CloudFunctionsV2.Function(\"function\", new()\n {\n Name = \"gcf-function\",\n Location = \"us-central1\",\n Description = \"a new function\",\n BuildConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigArgs\n {\n Runtime = \"nodejs16\",\n EntryPoint = \"helloPubSub\",\n EnvironmentVariables = \n {\n { \"BUILD_CONFIG_TEST\", \"build_test\" },\n },\n Source = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceArgs\n {\n StorageSource = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceStorageSourceArgs\n {\n Bucket = bucket.Name,\n Object = @object.Name,\n },\n },\n },\n ServiceConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionServiceConfigArgs\n {\n MaxInstanceCount = 3,\n MinInstanceCount = 1,\n AvailableMemory = \"4Gi\",\n TimeoutSeconds = 60,\n MaxInstanceRequestConcurrency = 80,\n AvailableCpu = \"4\",\n EnvironmentVariables = \n {\n { \"SERVICE_CONFIG_TEST\", \"config_test\" },\n { \"SERVICE_CONFIG_DIFF_TEST\", account.Email },\n },\n IngressSettings = \"ALLOW_INTERNAL_ONLY\",\n AllTrafficOnLatestRevision = true,\n ServiceAccountEmail = account.Email,\n },\n EventTrigger = new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerArgs\n {\n TriggerRegion = \"us-central1\",\n EventType = \"google.cloud.pubsub.topic.v1.messagePublished\",\n PubsubTopic = topic.Id,\n RetryPolicy = \"RETRY_POLICY_RETRY\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject := \"my-project-name\"\n\t\taccount, err := serviceaccount.NewAccount(ctx, \"account\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"gcf-sa\"),\n\t\t\tDisplayName: pulumi.String(\"Test Service Account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttopic, err := pubsub.NewTopic(ctx, \"topic\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"functions2-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.Sprintf(\"%v-gcf-source\", project),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tobject, err := storage.NewBucketObject(ctx, \"object\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"function-source.zip\"),\n\t\t\tBucket: bucket.Name,\n\t\t\tSource: pulumi.NewFileAsset(\"function-source.zip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunction(ctx, \"function\", \u0026cloudfunctionsv2.FunctionArgs{\n\t\t\tName: pulumi.String(\"gcf-function\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"a new function\"),\n\t\t\tBuildConfig: \u0026cloudfunctionsv2.FunctionBuildConfigArgs{\n\t\t\t\tRuntime: pulumi.String(\"nodejs16\"),\n\t\t\t\tEntryPoint: pulumi.String(\"helloPubSub\"),\n\t\t\t\tEnvironmentVariables: pulumi.StringMap{\n\t\t\t\t\t\"BUILD_CONFIG_TEST\": pulumi.String(\"build_test\"),\n\t\t\t\t},\n\t\t\t\tSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceArgs{\n\t\t\t\t\tStorageSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs{\n\t\t\t\t\t\tBucket: bucket.Name,\n\t\t\t\t\t\tObject: object.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tServiceConfig: \u0026cloudfunctionsv2.FunctionServiceConfigArgs{\n\t\t\t\tMaxInstanceCount: pulumi.Int(3),\n\t\t\t\tMinInstanceCount: pulumi.Int(1),\n\t\t\t\tAvailableMemory: pulumi.String(\"4Gi\"),\n\t\t\t\tTimeoutSeconds: pulumi.Int(60),\n\t\t\t\tMaxInstanceRequestConcurrency: pulumi.Int(80),\n\t\t\t\tAvailableCpu: pulumi.String(\"4\"),\n\t\t\t\tEnvironmentVariables: pulumi.StringMap{\n\t\t\t\t\t\"SERVICE_CONFIG_TEST\": pulumi.String(\"config_test\"),\n\t\t\t\t\t\"SERVICE_CONFIG_DIFF_TEST\": account.Email,\n\t\t\t\t},\n\t\t\t\tIngressSettings: pulumi.String(\"ALLOW_INTERNAL_ONLY\"),\n\t\t\t\tAllTrafficOnLatestRevision: pulumi.Bool(true),\n\t\t\t\tServiceAccountEmail: account.Email,\n\t\t\t},\n\t\t\tEventTrigger: \u0026cloudfunctionsv2.FunctionEventTriggerArgs{\n\t\t\t\tTriggerRegion: pulumi.String(\"us-central1\"),\n\t\t\t\tEventType: pulumi.String(\"google.cloud.pubsub.topic.v1.messagePublished\"),\n\t\t\t\tPubsubTopic: topic.ID(),\n\t\t\t\tRetryPolicy: pulumi.String(\"RETRY_POLICY_RETRY\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.Function;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceStorageSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionServiceConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionEventTriggerArgs;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = \"my-project-name\";\n\n var account = new Account(\"account\", AccountArgs.builder()\n .accountId(\"gcf-sa\")\n .displayName(\"Test Service Account\")\n .build());\n\n var topic = new Topic(\"topic\", TopicArgs.builder()\n .name(\"functions2-topic\")\n .build());\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(String.format(\"%s-gcf-source\", project))\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var object = new BucketObject(\"object\", BucketObjectArgs.builder()\n .name(\"function-source.zip\")\n .bucket(bucket.name())\n .source(new FileAsset(\"function-source.zip\"))\n .build());\n\n var function = new Function(\"function\", FunctionArgs.builder()\n .name(\"gcf-function\")\n .location(\"us-central1\")\n .description(\"a new function\")\n .buildConfig(FunctionBuildConfigArgs.builder()\n .runtime(\"nodejs16\")\n .entryPoint(\"helloPubSub\")\n .environmentVariables(Map.of(\"BUILD_CONFIG_TEST\", \"build_test\"))\n .source(FunctionBuildConfigSourceArgs.builder()\n .storageSource(FunctionBuildConfigSourceStorageSourceArgs.builder()\n .bucket(bucket.name())\n .object(object.name())\n .build())\n .build())\n .build())\n .serviceConfig(FunctionServiceConfigArgs.builder()\n .maxInstanceCount(3)\n .minInstanceCount(1)\n .availableMemory(\"4Gi\")\n .timeoutSeconds(60)\n .maxInstanceRequestConcurrency(80)\n .availableCpu(\"4\")\n .environmentVariables(Map.ofEntries(\n Map.entry(\"SERVICE_CONFIG_TEST\", \"config_test\"),\n Map.entry(\"SERVICE_CONFIG_DIFF_TEST\", account.email())\n ))\n .ingressSettings(\"ALLOW_INTERNAL_ONLY\")\n .allTrafficOnLatestRevision(true)\n .serviceAccountEmail(account.email())\n .build())\n .eventTrigger(FunctionEventTriggerArgs.builder()\n .triggerRegion(\"us-central1\")\n .eventType(\"google.cloud.pubsub.topic.v1.messagePublished\")\n .pubsubTopic(topic.id())\n .retryPolicy(\"RETRY_POLICY_RETRY\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n account:\n type: gcp:serviceaccount:Account\n properties:\n accountId: gcf-sa\n displayName: Test Service Account\n topic:\n type: gcp:pubsub:Topic\n properties:\n name: functions2-topic\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: ${project}-gcf-source\n location: US\n uniformBucketLevelAccess: true\n object:\n type: gcp:storage:BucketObject\n properties:\n name: function-source.zip\n bucket: ${bucket.name}\n source:\n fn::FileAsset: function-source.zip\n function:\n type: gcp:cloudfunctionsv2:Function\n properties:\n name: gcf-function\n location: us-central1\n description: a new function\n buildConfig:\n runtime: nodejs16\n entryPoint: helloPubSub\n environmentVariables:\n BUILD_CONFIG_TEST: build_test\n source:\n storageSource:\n bucket: ${bucket.name}\n object: ${object.name}\n serviceConfig:\n maxInstanceCount: 3\n minInstanceCount: 1\n availableMemory: 4Gi\n timeoutSeconds: 60\n maxInstanceRequestConcurrency: 80\n availableCpu: '4'\n environmentVariables:\n SERVICE_CONFIG_TEST: config_test\n SERVICE_CONFIG_DIFF_TEST: ${account.email}\n ingressSettings: ALLOW_INTERNAL_ONLY\n allTrafficOnLatestRevision: true\n serviceAccountEmail: ${account.email}\n eventTrigger:\n triggerRegion: us-central1\n eventType: google.cloud.pubsub.topic.v1.messagePublished\n pubsubTopic: ${topic.id}\n retryPolicy: RETRY_POLICY_RETRY\nvariables:\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudfunctions2 Scheduler Auth\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = \"my-project-name\";\nconst account = new gcp.serviceaccount.Account(\"account\", {\n accountId: \"gcf-sa\",\n displayName: \"Test Service Account\",\n});\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: `${project}-gcf-source`,\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst object = new gcp.storage.BucketObject(\"object\", {\n name: \"function-source.zip\",\n bucket: bucket.name,\n source: new pulumi.asset.FileAsset(\"function-source.zip\"),\n});\nconst _function = new gcp.cloudfunctionsv2.Function(\"function\", {\n name: \"gcf-function\",\n location: \"us-central1\",\n description: \"a new function\",\n buildConfig: {\n runtime: \"nodejs16\",\n entryPoint: \"helloHttp\",\n source: {\n storageSource: {\n bucket: bucket.name,\n object: object.name,\n },\n },\n },\n serviceConfig: {\n minInstanceCount: 1,\n availableMemory: \"256M\",\n timeoutSeconds: 60,\n serviceAccountEmail: account.email,\n },\n});\nconst invoker = new gcp.cloudfunctionsv2.FunctionIamMember(\"invoker\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/cloudfunctions.invoker\",\n member: pulumi.interpolate`serviceAccount:${account.email}`,\n});\nconst cloudRunInvoker = new gcp.cloudrun.IamMember(\"cloud_run_invoker\", {\n project: _function.project,\n location: _function.location,\n service: _function.name,\n role: \"roles/run.invoker\",\n member: pulumi.interpolate`serviceAccount:${account.email}`,\n});\nconst invokeCloudFunction = new gcp.cloudscheduler.Job(\"invoke_cloud_function\", {\n name: \"invoke-gcf-function\",\n description: \"Schedule the HTTPS trigger for cloud function\",\n schedule: \"0 0 * * *\",\n project: _function.project,\n region: _function.location,\n httpTarget: {\n uri: _function.serviceConfig.apply(serviceConfig =\u003e serviceConfig?.uri),\n httpMethod: \"POST\",\n oidcToken: {\n audience: _function.serviceConfig.apply(serviceConfig =\u003e `${serviceConfig?.uri}/`),\n serviceAccountEmail: account.email,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = \"my-project-name\"\naccount = gcp.serviceaccount.Account(\"account\",\n account_id=\"gcf-sa\",\n display_name=\"Test Service Account\")\nbucket = gcp.storage.Bucket(\"bucket\",\n name=f\"{project}-gcf-source\",\n location=\"US\",\n uniform_bucket_level_access=True)\nobject = gcp.storage.BucketObject(\"object\",\n name=\"function-source.zip\",\n bucket=bucket.name,\n source=pulumi.FileAsset(\"function-source.zip\"))\nfunction = gcp.cloudfunctionsv2.Function(\"function\",\n name=\"gcf-function\",\n location=\"us-central1\",\n description=\"a new function\",\n build_config={\n \"runtime\": \"nodejs16\",\n \"entry_point\": \"helloHttp\",\n \"source\": {\n \"storage_source\": {\n \"bucket\": bucket.name,\n \"object\": object.name,\n },\n },\n },\n service_config={\n \"min_instance_count\": 1,\n \"available_memory\": \"256M\",\n \"timeout_seconds\": 60,\n \"service_account_email\": account.email,\n })\ninvoker = gcp.cloudfunctionsv2.FunctionIamMember(\"invoker\",\n project=function.project,\n location=function.location,\n cloud_function=function.name,\n role=\"roles/cloudfunctions.invoker\",\n member=account.email.apply(lambda email: f\"serviceAccount:{email}\"))\ncloud_run_invoker = gcp.cloudrun.IamMember(\"cloud_run_invoker\",\n project=function.project,\n location=function.location,\n service=function.name,\n role=\"roles/run.invoker\",\n member=account.email.apply(lambda email: f\"serviceAccount:{email}\"))\ninvoke_cloud_function = gcp.cloudscheduler.Job(\"invoke_cloud_function\",\n name=\"invoke-gcf-function\",\n description=\"Schedule the HTTPS trigger for cloud function\",\n schedule=\"0 0 * * *\",\n project=function.project,\n region=function.location,\n http_target={\n \"uri\": function.service_config.uri,\n \"http_method\": \"POST\",\n \"oidc_token\": {\n \"audience\": function.service_config.apply(lambda service_config: f\"{service_config.uri}/\"),\n \"service_account_email\": account.email,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = \"my-project-name\";\n\n var account = new Gcp.ServiceAccount.Account(\"account\", new()\n {\n AccountId = \"gcf-sa\",\n DisplayName = \"Test Service Account\",\n });\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = $\"{project}-gcf-source\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var @object = new Gcp.Storage.BucketObject(\"object\", new()\n {\n Name = \"function-source.zip\",\n Bucket = bucket.Name,\n Source = new FileAsset(\"function-source.zip\"),\n });\n\n var function = new Gcp.CloudFunctionsV2.Function(\"function\", new()\n {\n Name = \"gcf-function\",\n Location = \"us-central1\",\n Description = \"a new function\",\n BuildConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigArgs\n {\n Runtime = \"nodejs16\",\n EntryPoint = \"helloHttp\",\n Source = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceArgs\n {\n StorageSource = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceStorageSourceArgs\n {\n Bucket = bucket.Name,\n Object = @object.Name,\n },\n },\n },\n ServiceConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionServiceConfigArgs\n {\n MinInstanceCount = 1,\n AvailableMemory = \"256M\",\n TimeoutSeconds = 60,\n ServiceAccountEmail = account.Email,\n },\n });\n\n var invoker = new Gcp.CloudFunctionsV2.FunctionIamMember(\"invoker\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/cloudfunctions.invoker\",\n Member = account.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n var cloudRunInvoker = new Gcp.CloudRun.IamMember(\"cloud_run_invoker\", new()\n {\n Project = function.Project,\n Location = function.Location,\n Service = function.Name,\n Role = \"roles/run.invoker\",\n Member = account.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n var invokeCloudFunction = new Gcp.CloudScheduler.Job(\"invoke_cloud_function\", new()\n {\n Name = \"invoke-gcf-function\",\n Description = \"Schedule the HTTPS trigger for cloud function\",\n Schedule = \"0 0 * * *\",\n Project = function.Project,\n Region = function.Location,\n HttpTarget = new Gcp.CloudScheduler.Inputs.JobHttpTargetArgs\n {\n Uri = function.ServiceConfig.Apply(serviceConfig =\u003e serviceConfig?.Uri),\n HttpMethod = \"POST\",\n OidcToken = new Gcp.CloudScheduler.Inputs.JobHttpTargetOidcTokenArgs\n {\n Audience = function.ServiceConfig.Apply(serviceConfig =\u003e $\"{serviceConfig?.Uri}/\"),\n ServiceAccountEmail = account.Email,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudscheduler\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject := \"my-project-name\"\n\t\taccount, err := serviceaccount.NewAccount(ctx, \"account\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"gcf-sa\"),\n\t\t\tDisplayName: pulumi.String(\"Test Service Account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.Sprintf(\"%v-gcf-source\", project),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tobject, err := storage.NewBucketObject(ctx, \"object\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"function-source.zip\"),\n\t\t\tBucket: bucket.Name,\n\t\t\tSource: pulumi.NewFileAsset(\"function-source.zip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfunction, err := cloudfunctionsv2.NewFunction(ctx, \"function\", \u0026cloudfunctionsv2.FunctionArgs{\n\t\t\tName: pulumi.String(\"gcf-function\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"a new function\"),\n\t\t\tBuildConfig: \u0026cloudfunctionsv2.FunctionBuildConfigArgs{\n\t\t\t\tRuntime: pulumi.String(\"nodejs16\"),\n\t\t\t\tEntryPoint: pulumi.String(\"helloHttp\"),\n\t\t\t\tSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceArgs{\n\t\t\t\t\tStorageSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs{\n\t\t\t\t\t\tBucket: bucket.Name,\n\t\t\t\t\t\tObject: object.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tServiceConfig: \u0026cloudfunctionsv2.FunctionServiceConfigArgs{\n\t\t\t\tMinInstanceCount: pulumi.Int(1),\n\t\t\t\tAvailableMemory: pulumi.String(\"256M\"),\n\t\t\t\tTimeoutSeconds: pulumi.Int(60),\n\t\t\t\tServiceAccountEmail: account.Email,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunctionIamMember(ctx, \"invoker\", \u0026cloudfunctionsv2.FunctionIamMemberArgs{\n\t\t\tProject: function.Project,\n\t\t\tLocation: function.Location,\n\t\t\tCloudFunction: function.Name,\n\t\t\tRole: pulumi.String(\"roles/cloudfunctions.invoker\"),\n\t\t\tMember: account.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrun.NewIamMember(ctx, \"cloud_run_invoker\", \u0026cloudrun.IamMemberArgs{\n\t\t\tProject: function.Project,\n\t\t\tLocation: function.Location,\n\t\t\tService: function.Name,\n\t\t\tRole: pulumi.String(\"roles/run.invoker\"),\n\t\t\tMember: account.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudscheduler.NewJob(ctx, \"invoke_cloud_function\", \u0026cloudscheduler.JobArgs{\n\t\t\tName: pulumi.String(\"invoke-gcf-function\"),\n\t\t\tDescription: pulumi.String(\"Schedule the HTTPS trigger for cloud function\"),\n\t\t\tSchedule: pulumi.String(\"0 0 * * *\"),\n\t\t\tProject: function.Project,\n\t\t\tRegion: function.Location,\n\t\t\tHttpTarget: \u0026cloudscheduler.JobHttpTargetArgs{\n\t\t\t\tUri: function.ServiceConfig.ApplyT(func(serviceConfig cloudfunctionsv2.FunctionServiceConfig) (*string, error) {\n\t\t\t\t\treturn \u0026serviceConfig.Uri, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\tHttpMethod: pulumi.String(\"POST\"),\n\t\t\t\tOidcToken: \u0026cloudscheduler.JobHttpTargetOidcTokenArgs{\n\t\t\t\t\tAudience: function.ServiceConfig.ApplyT(func(serviceConfig cloudfunctionsv2.FunctionServiceConfig) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"%v/\", serviceConfig.Uri), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\tServiceAccountEmail: account.Email,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.Function;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceStorageSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionServiceConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMemberArgs;\nimport com.pulumi.gcp.cloudrun.IamMember;\nimport com.pulumi.gcp.cloudrun.IamMemberArgs;\nimport com.pulumi.gcp.cloudscheduler.Job;\nimport com.pulumi.gcp.cloudscheduler.JobArgs;\nimport com.pulumi.gcp.cloudscheduler.inputs.JobHttpTargetArgs;\nimport com.pulumi.gcp.cloudscheduler.inputs.JobHttpTargetOidcTokenArgs;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = \"my-project-name\";\n\n var account = new Account(\"account\", AccountArgs.builder()\n .accountId(\"gcf-sa\")\n .displayName(\"Test Service Account\")\n .build());\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(String.format(\"%s-gcf-source\", project))\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var object = new BucketObject(\"object\", BucketObjectArgs.builder()\n .name(\"function-source.zip\")\n .bucket(bucket.name())\n .source(new FileAsset(\"function-source.zip\"))\n .build());\n\n var function = new Function(\"function\", FunctionArgs.builder()\n .name(\"gcf-function\")\n .location(\"us-central1\")\n .description(\"a new function\")\n .buildConfig(FunctionBuildConfigArgs.builder()\n .runtime(\"nodejs16\")\n .entryPoint(\"helloHttp\")\n .source(FunctionBuildConfigSourceArgs.builder()\n .storageSource(FunctionBuildConfigSourceStorageSourceArgs.builder()\n .bucket(bucket.name())\n .object(object.name())\n .build())\n .build())\n .build())\n .serviceConfig(FunctionServiceConfigArgs.builder()\n .minInstanceCount(1)\n .availableMemory(\"256M\")\n .timeoutSeconds(60)\n .serviceAccountEmail(account.email())\n .build())\n .build());\n\n var invoker = new FunctionIamMember(\"invoker\", FunctionIamMemberArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/cloudfunctions.invoker\")\n .member(account.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n var cloudRunInvoker = new IamMember(\"cloudRunInvoker\", IamMemberArgs.builder()\n .project(function.project())\n .location(function.location())\n .service(function.name())\n .role(\"roles/run.invoker\")\n .member(account.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n var invokeCloudFunction = new Job(\"invokeCloudFunction\", JobArgs.builder()\n .name(\"invoke-gcf-function\")\n .description(\"Schedule the HTTPS trigger for cloud function\")\n .schedule(\"0 0 * * *\")\n .project(function.project())\n .region(function.location())\n .httpTarget(JobHttpTargetArgs.builder()\n .uri(function.serviceConfig().applyValue(serviceConfig -\u003e serviceConfig.uri()))\n .httpMethod(\"POST\")\n .oidcToken(JobHttpTargetOidcTokenArgs.builder()\n .audience(function.serviceConfig().applyValue(serviceConfig -\u003e String.format(\"%s/\", serviceConfig.uri())))\n .serviceAccountEmail(account.email())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n account:\n type: gcp:serviceaccount:Account\n properties:\n accountId: gcf-sa\n displayName: Test Service Account\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: ${project}-gcf-source\n location: US\n uniformBucketLevelAccess: true\n object:\n type: gcp:storage:BucketObject\n properties:\n name: function-source.zip\n bucket: ${bucket.name}\n source:\n fn::FileAsset: function-source.zip\n function:\n type: gcp:cloudfunctionsv2:Function\n properties:\n name: gcf-function\n location: us-central1\n description: a new function\n buildConfig:\n runtime: nodejs16\n entryPoint: helloHttp\n source:\n storageSource:\n bucket: ${bucket.name}\n object: ${object.name}\n serviceConfig:\n minInstanceCount: 1\n availableMemory: 256M\n timeoutSeconds: 60\n serviceAccountEmail: ${account.email}\n invoker:\n type: gcp:cloudfunctionsv2:FunctionIamMember\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/cloudfunctions.invoker\n member: serviceAccount:${account.email}\n cloudRunInvoker:\n type: gcp:cloudrun:IamMember\n name: cloud_run_invoker\n properties:\n project: ${function.project}\n location: ${function.location}\n service: ${function.name}\n role: roles/run.invoker\n member: serviceAccount:${account.email}\n invokeCloudFunction:\n type: gcp:cloudscheduler:Job\n name: invoke_cloud_function\n properties:\n name: invoke-gcf-function\n description: Schedule the HTTPS trigger for cloud function\n schedule: 0 0 * * *\n project: ${function.project}\n region: ${function.location}\n httpTarget:\n uri: ${function.serviceConfig.uri}\n httpMethod: POST\n oidcToken:\n audience: ${function.serviceConfig.uri}/\n serviceAccountEmail: ${account.email}\nvariables:\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudfunctions2 Basic Gcs\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst source_bucket = new gcp.storage.Bucket(\"source-bucket\", {\n name: \"gcf-source-bucket\",\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst object = new gcp.storage.BucketObject(\"object\", {\n name: \"function-source.zip\",\n bucket: source_bucket.name,\n source: new pulumi.asset.FileAsset(\"function-source.zip\"),\n});\nconst trigger_bucket = new gcp.storage.Bucket(\"trigger-bucket\", {\n name: \"gcf-trigger-bucket\",\n location: \"us-central1\",\n uniformBucketLevelAccess: true,\n});\nconst gcsAccount = gcp.storage.getProjectServiceAccount({});\n// To use GCS CloudEvent triggers, the GCS service account requires the Pub/Sub Publisher(roles/pubsub.publisher) IAM role in the specified project.\n// (See https://cloud.google.com/eventarc/docs/run/quickstart-storage#before-you-begin)\nconst gcs_pubsub_publishing = new gcp.projects.IAMMember(\"gcs-pubsub-publishing\", {\n project: \"my-project-name\",\n role: \"roles/pubsub.publisher\",\n member: gcsAccount.then(gcsAccount =\u003e `serviceAccount:${gcsAccount.emailAddress}`),\n});\nconst account = new gcp.serviceaccount.Account(\"account\", {\n accountId: \"gcf-sa\",\n displayName: \"Test Service Account - used for both the cloud function and eventarc trigger in the test\",\n});\n// Permissions on the service account used by the function and Eventarc trigger\nconst invoking = new gcp.projects.IAMMember(\"invoking\", {\n project: \"my-project-name\",\n role: \"roles/run.invoker\",\n member: pulumi.interpolate`serviceAccount:${account.email}`,\n}, {\n dependsOn: [gcs_pubsub_publishing],\n});\nconst event_receiving = new gcp.projects.IAMMember(\"event-receiving\", {\n project: \"my-project-name\",\n role: \"roles/eventarc.eventReceiver\",\n member: pulumi.interpolate`serviceAccount:${account.email}`,\n}, {\n dependsOn: [invoking],\n});\nconst artifactregistry_reader = new gcp.projects.IAMMember(\"artifactregistry-reader\", {\n project: \"my-project-name\",\n role: \"roles/artifactregistry.reader\",\n member: pulumi.interpolate`serviceAccount:${account.email}`,\n}, {\n dependsOn: [event_receiving],\n});\nconst _function = new gcp.cloudfunctionsv2.Function(\"function\", {\n name: \"gcf-function\",\n location: \"us-central1\",\n description: \"a new function\",\n buildConfig: {\n runtime: \"nodejs12\",\n entryPoint: \"entryPoint\",\n environmentVariables: {\n BUILD_CONFIG_TEST: \"build_test\",\n },\n source: {\n storageSource: {\n bucket: source_bucket.name,\n object: object.name,\n },\n },\n },\n serviceConfig: {\n maxInstanceCount: 3,\n minInstanceCount: 1,\n availableMemory: \"256M\",\n timeoutSeconds: 60,\n environmentVariables: {\n SERVICE_CONFIG_TEST: \"config_test\",\n },\n ingressSettings: \"ALLOW_INTERNAL_ONLY\",\n allTrafficOnLatestRevision: true,\n serviceAccountEmail: account.email,\n },\n eventTrigger: {\n eventType: \"google.cloud.storage.object.v1.finalized\",\n retryPolicy: \"RETRY_POLICY_RETRY\",\n serviceAccountEmail: account.email,\n eventFilters: [{\n attribute: \"bucket\",\n value: trigger_bucket.name,\n }],\n },\n}, {\n dependsOn: [\n event_receiving,\n artifactregistry_reader,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsource_bucket = gcp.storage.Bucket(\"source-bucket\",\n name=\"gcf-source-bucket\",\n location=\"US\",\n uniform_bucket_level_access=True)\nobject = gcp.storage.BucketObject(\"object\",\n name=\"function-source.zip\",\n bucket=source_bucket.name,\n source=pulumi.FileAsset(\"function-source.zip\"))\ntrigger_bucket = gcp.storage.Bucket(\"trigger-bucket\",\n name=\"gcf-trigger-bucket\",\n location=\"us-central1\",\n uniform_bucket_level_access=True)\ngcs_account = gcp.storage.get_project_service_account()\n# To use GCS CloudEvent triggers, the GCS service account requires the Pub/Sub Publisher(roles/pubsub.publisher) IAM role in the specified project.\n# (See https://cloud.google.com/eventarc/docs/run/quickstart-storage#before-you-begin)\ngcs_pubsub_publishing = gcp.projects.IAMMember(\"gcs-pubsub-publishing\",\n project=\"my-project-name\",\n role=\"roles/pubsub.publisher\",\n member=f\"serviceAccount:{gcs_account.email_address}\")\naccount = gcp.serviceaccount.Account(\"account\",\n account_id=\"gcf-sa\",\n display_name=\"Test Service Account - used for both the cloud function and eventarc trigger in the test\")\n# Permissions on the service account used by the function and Eventarc trigger\ninvoking = gcp.projects.IAMMember(\"invoking\",\n project=\"my-project-name\",\n role=\"roles/run.invoker\",\n member=account.email.apply(lambda email: f\"serviceAccount:{email}\"),\n opts = pulumi.ResourceOptions(depends_on=[gcs_pubsub_publishing]))\nevent_receiving = gcp.projects.IAMMember(\"event-receiving\",\n project=\"my-project-name\",\n role=\"roles/eventarc.eventReceiver\",\n member=account.email.apply(lambda email: f\"serviceAccount:{email}\"),\n opts = pulumi.ResourceOptions(depends_on=[invoking]))\nartifactregistry_reader = gcp.projects.IAMMember(\"artifactregistry-reader\",\n project=\"my-project-name\",\n role=\"roles/artifactregistry.reader\",\n member=account.email.apply(lambda email: f\"serviceAccount:{email}\"),\n opts = pulumi.ResourceOptions(depends_on=[event_receiving]))\nfunction = gcp.cloudfunctionsv2.Function(\"function\",\n name=\"gcf-function\",\n location=\"us-central1\",\n description=\"a new function\",\n build_config={\n \"runtime\": \"nodejs12\",\n \"entry_point\": \"entryPoint\",\n \"environment_variables\": {\n \"BUILD_CONFIG_TEST\": \"build_test\",\n },\n \"source\": {\n \"storage_source\": {\n \"bucket\": source_bucket.name,\n \"object\": object.name,\n },\n },\n },\n service_config={\n \"max_instance_count\": 3,\n \"min_instance_count\": 1,\n \"available_memory\": \"256M\",\n \"timeout_seconds\": 60,\n \"environment_variables\": {\n \"SERVICE_CONFIG_TEST\": \"config_test\",\n },\n \"ingress_settings\": \"ALLOW_INTERNAL_ONLY\",\n \"all_traffic_on_latest_revision\": True,\n \"service_account_email\": account.email,\n },\n event_trigger={\n \"event_type\": \"google.cloud.storage.object.v1.finalized\",\n \"retry_policy\": \"RETRY_POLICY_RETRY\",\n \"service_account_email\": account.email,\n \"event_filters\": [{\n \"attribute\": \"bucket\",\n \"value\": trigger_bucket.name,\n }],\n },\n opts = pulumi.ResourceOptions(depends_on=[\n event_receiving,\n artifactregistry_reader,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var source_bucket = new Gcp.Storage.Bucket(\"source-bucket\", new()\n {\n Name = \"gcf-source-bucket\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var @object = new Gcp.Storage.BucketObject(\"object\", new()\n {\n Name = \"function-source.zip\",\n Bucket = source_bucket.Name,\n Source = new FileAsset(\"function-source.zip\"),\n });\n\n var trigger_bucket = new Gcp.Storage.Bucket(\"trigger-bucket\", new()\n {\n Name = \"gcf-trigger-bucket\",\n Location = \"us-central1\",\n UniformBucketLevelAccess = true,\n });\n\n var gcsAccount = Gcp.Storage.GetProjectServiceAccount.Invoke();\n\n // To use GCS CloudEvent triggers, the GCS service account requires the Pub/Sub Publisher(roles/pubsub.publisher) IAM role in the specified project.\n // (See https://cloud.google.com/eventarc/docs/run/quickstart-storage#before-you-begin)\n var gcs_pubsub_publishing = new Gcp.Projects.IAMMember(\"gcs-pubsub-publishing\", new()\n {\n Project = \"my-project-name\",\n Role = \"roles/pubsub.publisher\",\n Member = $\"serviceAccount:{gcsAccount.Apply(getProjectServiceAccountResult =\u003e getProjectServiceAccountResult.EmailAddress)}\",\n });\n\n var account = new Gcp.ServiceAccount.Account(\"account\", new()\n {\n AccountId = \"gcf-sa\",\n DisplayName = \"Test Service Account - used for both the cloud function and eventarc trigger in the test\",\n });\n\n // Permissions on the service account used by the function and Eventarc trigger\n var invoking = new Gcp.Projects.IAMMember(\"invoking\", new()\n {\n Project = \"my-project-name\",\n Role = \"roles/run.invoker\",\n Member = account.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n gcs_pubsub_publishing,\n },\n });\n\n var event_receiving = new Gcp.Projects.IAMMember(\"event-receiving\", new()\n {\n Project = \"my-project-name\",\n Role = \"roles/eventarc.eventReceiver\",\n Member = account.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n invoking,\n },\n });\n\n var artifactregistry_reader = new Gcp.Projects.IAMMember(\"artifactregistry-reader\", new()\n {\n Project = \"my-project-name\",\n Role = \"roles/artifactregistry.reader\",\n Member = account.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n event_receiving,\n },\n });\n\n var function = new Gcp.CloudFunctionsV2.Function(\"function\", new()\n {\n Name = \"gcf-function\",\n Location = \"us-central1\",\n Description = \"a new function\",\n BuildConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigArgs\n {\n Runtime = \"nodejs12\",\n EntryPoint = \"entryPoint\",\n EnvironmentVariables = \n {\n { \"BUILD_CONFIG_TEST\", \"build_test\" },\n },\n Source = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceArgs\n {\n StorageSource = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceStorageSourceArgs\n {\n Bucket = source_bucket.Name,\n Object = @object.Name,\n },\n },\n },\n ServiceConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionServiceConfigArgs\n {\n MaxInstanceCount = 3,\n MinInstanceCount = 1,\n AvailableMemory = \"256M\",\n TimeoutSeconds = 60,\n EnvironmentVariables = \n {\n { \"SERVICE_CONFIG_TEST\", \"config_test\" },\n },\n IngressSettings = \"ALLOW_INTERNAL_ONLY\",\n AllTrafficOnLatestRevision = true,\n ServiceAccountEmail = account.Email,\n },\n EventTrigger = new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerArgs\n {\n EventType = \"google.cloud.storage.object.v1.finalized\",\n RetryPolicy = \"RETRY_POLICY_RETRY\",\n ServiceAccountEmail = account.Email,\n EventFilters = new[]\n {\n new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerEventFilterArgs\n {\n Attribute = \"bucket\",\n Value = trigger_bucket.Name,\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n event_receiving,\n artifactregistry_reader,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucket(ctx, \"source-bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"gcf-source-bucket\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tobject, err := storage.NewBucketObject(ctx, \"object\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"function-source.zip\"),\n\t\t\tBucket: source_bucket.Name,\n\t\t\tSource: pulumi.NewFileAsset(\"function-source.zip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucket(ctx, \"trigger-bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"gcf-trigger-bucket\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgcsAccount, err := storage.GetProjectServiceAccount(ctx, \u0026storage.GetProjectServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// To use GCS CloudEvent triggers, the GCS service account requires the Pub/Sub Publisher(roles/pubsub.publisher) IAM role in the specified project.\n\t\t// (See https://cloud.google.com/eventarc/docs/run/quickstart-storage#before-you-begin)\n\t\t_, err = projects.NewIAMMember(ctx, \"gcs-pubsub-publishing\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tRole: pulumi.String(\"roles/pubsub.publisher\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v\", gcsAccount.EmailAddress),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\taccount, err := serviceaccount.NewAccount(ctx, \"account\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"gcf-sa\"),\n\t\t\tDisplayName: pulumi.String(\"Test Service Account - used for both the cloud function and eventarc trigger in the test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Permissions on the service account used by the function and Eventarc trigger\n\t\tinvoking, err := projects.NewIAMMember(ctx, \"invoking\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tRole: pulumi.String(\"roles/run.invoker\"),\n\t\t\tMember: account.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tgcs_pubsub_publishing,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMMember(ctx, \"event-receiving\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tRole: pulumi.String(\"roles/eventarc.eventReceiver\"),\n\t\t\tMember: account.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tinvoking,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMMember(ctx, \"artifactregistry-reader\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMember: account.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tevent_receiving,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunction(ctx, \"function\", \u0026cloudfunctionsv2.FunctionArgs{\n\t\t\tName: pulumi.String(\"gcf-function\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"a new function\"),\n\t\t\tBuildConfig: \u0026cloudfunctionsv2.FunctionBuildConfigArgs{\n\t\t\t\tRuntime: pulumi.String(\"nodejs12\"),\n\t\t\t\tEntryPoint: pulumi.String(\"entryPoint\"),\n\t\t\t\tEnvironmentVariables: pulumi.StringMap{\n\t\t\t\t\t\"BUILD_CONFIG_TEST\": pulumi.String(\"build_test\"),\n\t\t\t\t},\n\t\t\t\tSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceArgs{\n\t\t\t\t\tStorageSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs{\n\t\t\t\t\t\tBucket: source_bucket.Name,\n\t\t\t\t\t\tObject: object.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tServiceConfig: \u0026cloudfunctionsv2.FunctionServiceConfigArgs{\n\t\t\t\tMaxInstanceCount: pulumi.Int(3),\n\t\t\t\tMinInstanceCount: pulumi.Int(1),\n\t\t\t\tAvailableMemory: pulumi.String(\"256M\"),\n\t\t\t\tTimeoutSeconds: pulumi.Int(60),\n\t\t\t\tEnvironmentVariables: pulumi.StringMap{\n\t\t\t\t\t\"SERVICE_CONFIG_TEST\": pulumi.String(\"config_test\"),\n\t\t\t\t},\n\t\t\t\tIngressSettings: pulumi.String(\"ALLOW_INTERNAL_ONLY\"),\n\t\t\t\tAllTrafficOnLatestRevision: pulumi.Bool(true),\n\t\t\t\tServiceAccountEmail: account.Email,\n\t\t\t},\n\t\t\tEventTrigger: \u0026cloudfunctionsv2.FunctionEventTriggerArgs{\n\t\t\t\tEventType: pulumi.String(\"google.cloud.storage.object.v1.finalized\"),\n\t\t\t\tRetryPolicy: pulumi.String(\"RETRY_POLICY_RETRY\"),\n\t\t\t\tServiceAccountEmail: account.Email,\n\t\t\t\tEventFilters: cloudfunctionsv2.FunctionEventTriggerEventFilterArray{\n\t\t\t\t\t\u0026cloudfunctionsv2.FunctionEventTriggerEventFilterArgs{\n\t\t\t\t\t\tAttribute: pulumi.String(\"bucket\"),\n\t\t\t\t\t\tValue: trigger_bucket.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tevent_receiving,\n\t\t\tartifactregistry_reader,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.storage.StorageFunctions;\nimport com.pulumi.gcp.storage.inputs.GetProjectServiceAccountArgs;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.Function;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceStorageSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionServiceConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionEventTriggerArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var source_bucket = new Bucket(\"source-bucket\", BucketArgs.builder()\n .name(\"gcf-source-bucket\")\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var object = new BucketObject(\"object\", BucketObjectArgs.builder()\n .name(\"function-source.zip\")\n .bucket(source_bucket.name())\n .source(new FileAsset(\"function-source.zip\"))\n .build());\n\n var trigger_bucket = new Bucket(\"trigger-bucket\", BucketArgs.builder()\n .name(\"gcf-trigger-bucket\")\n .location(\"us-central1\")\n .uniformBucketLevelAccess(true)\n .build());\n\n final var gcsAccount = StorageFunctions.getProjectServiceAccount();\n\n // To use GCS CloudEvent triggers, the GCS service account requires the Pub/Sub Publisher(roles/pubsub.publisher) IAM role in the specified project.\n // (See https://cloud.google.com/eventarc/docs/run/quickstart-storage#before-you-begin)\n var gcs_pubsub_publishing = new IAMMember(\"gcs-pubsub-publishing\", IAMMemberArgs.builder()\n .project(\"my-project-name\")\n .role(\"roles/pubsub.publisher\")\n .member(String.format(\"serviceAccount:%s\", gcsAccount.applyValue(getProjectServiceAccountResult -\u003e getProjectServiceAccountResult.emailAddress())))\n .build());\n\n var account = new Account(\"account\", AccountArgs.builder()\n .accountId(\"gcf-sa\")\n .displayName(\"Test Service Account - used for both the cloud function and eventarc trigger in the test\")\n .build());\n\n // Permissions on the service account used by the function and Eventarc trigger\n var invoking = new IAMMember(\"invoking\", IAMMemberArgs.builder()\n .project(\"my-project-name\")\n .role(\"roles/run.invoker\")\n .member(account.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build(), CustomResourceOptions.builder()\n .dependsOn(gcs_pubsub_publishing)\n .build());\n\n var event_receiving = new IAMMember(\"event-receiving\", IAMMemberArgs.builder()\n .project(\"my-project-name\")\n .role(\"roles/eventarc.eventReceiver\")\n .member(account.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build(), CustomResourceOptions.builder()\n .dependsOn(invoking)\n .build());\n\n var artifactregistry_reader = new IAMMember(\"artifactregistry-reader\", IAMMemberArgs.builder()\n .project(\"my-project-name\")\n .role(\"roles/artifactregistry.reader\")\n .member(account.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build(), CustomResourceOptions.builder()\n .dependsOn(event_receiving)\n .build());\n\n var function = new Function(\"function\", FunctionArgs.builder()\n .name(\"gcf-function\")\n .location(\"us-central1\")\n .description(\"a new function\")\n .buildConfig(FunctionBuildConfigArgs.builder()\n .runtime(\"nodejs12\")\n .entryPoint(\"entryPoint\")\n .environmentVariables(Map.of(\"BUILD_CONFIG_TEST\", \"build_test\"))\n .source(FunctionBuildConfigSourceArgs.builder()\n .storageSource(FunctionBuildConfigSourceStorageSourceArgs.builder()\n .bucket(source_bucket.name())\n .object(object.name())\n .build())\n .build())\n .build())\n .serviceConfig(FunctionServiceConfigArgs.builder()\n .maxInstanceCount(3)\n .minInstanceCount(1)\n .availableMemory(\"256M\")\n .timeoutSeconds(60)\n .environmentVariables(Map.of(\"SERVICE_CONFIG_TEST\", \"config_test\"))\n .ingressSettings(\"ALLOW_INTERNAL_ONLY\")\n .allTrafficOnLatestRevision(true)\n .serviceAccountEmail(account.email())\n .build())\n .eventTrigger(FunctionEventTriggerArgs.builder()\n .eventType(\"google.cloud.storage.object.v1.finalized\")\n .retryPolicy(\"RETRY_POLICY_RETRY\")\n .serviceAccountEmail(account.email())\n .eventFilters(FunctionEventTriggerEventFilterArgs.builder()\n .attribute(\"bucket\")\n .value(trigger_bucket.name())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n event_receiving,\n artifactregistry_reader)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n source-bucket:\n type: gcp:storage:Bucket\n properties:\n name: gcf-source-bucket\n location: US\n uniformBucketLevelAccess: true\n object:\n type: gcp:storage:BucketObject\n properties:\n name: function-source.zip\n bucket: ${[\"source-bucket\"].name}\n source:\n fn::FileAsset: function-source.zip\n trigger-bucket:\n type: gcp:storage:Bucket\n properties:\n name: gcf-trigger-bucket\n location: us-central1\n uniformBucketLevelAccess: true\n # To use GCS CloudEvent triggers, the GCS service account requires the Pub/Sub Publisher(roles/pubsub.publisher) IAM role in the specified project.\n # (See https://cloud.google.com/eventarc/docs/run/quickstart-storage#before-you-begin)\n gcs-pubsub-publishing:\n type: gcp:projects:IAMMember\n properties:\n project: my-project-name\n role: roles/pubsub.publisher\n member: serviceAccount:${gcsAccount.emailAddress}\n account:\n type: gcp:serviceaccount:Account\n properties:\n accountId: gcf-sa\n displayName: Test Service Account - used for both the cloud function and eventarc trigger in the test\n # Permissions on the service account used by the function and Eventarc trigger\n invoking:\n type: gcp:projects:IAMMember\n properties:\n project: my-project-name\n role: roles/run.invoker\n member: serviceAccount:${account.email}\n options:\n dependson:\n - ${[\"gcs-pubsub-publishing\"]}\n event-receiving:\n type: gcp:projects:IAMMember\n properties:\n project: my-project-name\n role: roles/eventarc.eventReceiver\n member: serviceAccount:${account.email}\n options:\n dependson:\n - ${invoking}\n artifactregistry-reader:\n type: gcp:projects:IAMMember\n properties:\n project: my-project-name\n role: roles/artifactregistry.reader\n member: serviceAccount:${account.email}\n options:\n dependson:\n - ${[\"event-receiving\"]}\n function:\n type: gcp:cloudfunctionsv2:Function\n properties:\n name: gcf-function\n location: us-central1\n description: a new function\n buildConfig:\n runtime: nodejs12\n entryPoint: entryPoint\n environmentVariables:\n BUILD_CONFIG_TEST: build_test\n source:\n storageSource:\n bucket: ${[\"source-bucket\"].name}\n object: ${object.name}\n serviceConfig:\n maxInstanceCount: 3\n minInstanceCount: 1\n availableMemory: 256M\n timeoutSeconds: 60\n environmentVariables:\n SERVICE_CONFIG_TEST: config_test\n ingressSettings: ALLOW_INTERNAL_ONLY\n allTrafficOnLatestRevision: true\n serviceAccountEmail: ${account.email}\n eventTrigger:\n eventType: google.cloud.storage.object.v1.finalized\n retryPolicy: RETRY_POLICY_RETRY\n serviceAccountEmail: ${account.email}\n eventFilters:\n - attribute: bucket\n value: ${[\"trigger-bucket\"].name}\n options:\n dependson:\n - ${[\"event-receiving\"]}\n - ${[\"artifactregistry-reader\"]}\nvariables:\n gcsAccount:\n fn::invoke:\n Function: gcp:storage:getProjectServiceAccount\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudfunctions2 Basic Auditlogs\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n// This example follows the examples shown in this Google Cloud Community blog post\n// https://medium.com/google-cloud/applying-a-path-pattern-when-filtering-in-eventarc-f06b937b4c34\n// and the docs:\n// https://cloud.google.com/eventarc/docs/path-patterns\nconst source_bucket = new gcp.storage.Bucket(\"source-bucket\", {\n name: \"gcf-source-bucket\",\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst object = new gcp.storage.BucketObject(\"object\", {\n name: \"function-source.zip\",\n bucket: source_bucket.name,\n source: new pulumi.asset.FileAsset(\"function-source.zip\"),\n});\nconst account = new gcp.serviceaccount.Account(\"account\", {\n accountId: \"gcf-sa\",\n displayName: \"Test Service Account - used for both the cloud function and eventarc trigger in the test\",\n});\n// Note: The right way of listening for Cloud Storage events is to use a Cloud Storage trigger.\n// Here we use Audit Logs to monitor the bucket so path patterns can be used in the example of\n// google_cloudfunctions2_function below (Audit Log events have path pattern support)\nconst audit_log_bucket = new gcp.storage.Bucket(\"audit-log-bucket\", {\n name: \"gcf-auditlog-bucket\",\n location: \"us-central1\",\n uniformBucketLevelAccess: true,\n});\n// Permissions on the service account used by the function and Eventarc trigger\nconst invoking = new gcp.projects.IAMMember(\"invoking\", {\n project: \"my-project-name\",\n role: \"roles/run.invoker\",\n member: pulumi.interpolate`serviceAccount:${account.email}`,\n});\nconst event_receiving = new gcp.projects.IAMMember(\"event-receiving\", {\n project: \"my-project-name\",\n role: \"roles/eventarc.eventReceiver\",\n member: pulumi.interpolate`serviceAccount:${account.email}`,\n}, {\n dependsOn: [invoking],\n});\nconst artifactregistry_reader = new gcp.projects.IAMMember(\"artifactregistry-reader\", {\n project: \"my-project-name\",\n role: \"roles/artifactregistry.reader\",\n member: pulumi.interpolate`serviceAccount:${account.email}`,\n}, {\n dependsOn: [event_receiving],\n});\nconst _function = new gcp.cloudfunctionsv2.Function(\"function\", {\n name: \"gcf-function\",\n location: \"us-central1\",\n description: \"a new function\",\n buildConfig: {\n runtime: \"nodejs12\",\n entryPoint: \"entryPoint\",\n environmentVariables: {\n BUILD_CONFIG_TEST: \"build_test\",\n },\n source: {\n storageSource: {\n bucket: source_bucket.name,\n object: object.name,\n },\n },\n },\n serviceConfig: {\n maxInstanceCount: 3,\n minInstanceCount: 1,\n availableMemory: \"256M\",\n timeoutSeconds: 60,\n environmentVariables: {\n SERVICE_CONFIG_TEST: \"config_test\",\n },\n ingressSettings: \"ALLOW_INTERNAL_ONLY\",\n allTrafficOnLatestRevision: true,\n serviceAccountEmail: account.email,\n },\n eventTrigger: {\n triggerRegion: \"us-central1\",\n eventType: \"google.cloud.audit.log.v1.written\",\n retryPolicy: \"RETRY_POLICY_RETRY\",\n serviceAccountEmail: account.email,\n eventFilters: [\n {\n attribute: \"serviceName\",\n value: \"storage.googleapis.com\",\n },\n {\n attribute: \"methodName\",\n value: \"storage.objects.create\",\n },\n {\n attribute: \"resourceName\",\n value: pulumi.interpolate`/projects/_/buckets/${audit_log_bucket.name}/objects/*.txt`,\n operator: \"match-path-pattern\",\n },\n ],\n },\n}, {\n dependsOn: [\n event_receiving,\n artifactregistry_reader,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n# This example follows the examples shown in this Google Cloud Community blog post\n# https://medium.com/google-cloud/applying-a-path-pattern-when-filtering-in-eventarc-f06b937b4c34\n# and the docs:\n# https://cloud.google.com/eventarc/docs/path-patterns\nsource_bucket = gcp.storage.Bucket(\"source-bucket\",\n name=\"gcf-source-bucket\",\n location=\"US\",\n uniform_bucket_level_access=True)\nobject = gcp.storage.BucketObject(\"object\",\n name=\"function-source.zip\",\n bucket=source_bucket.name,\n source=pulumi.FileAsset(\"function-source.zip\"))\naccount = gcp.serviceaccount.Account(\"account\",\n account_id=\"gcf-sa\",\n display_name=\"Test Service Account - used for both the cloud function and eventarc trigger in the test\")\n# Note: The right way of listening for Cloud Storage events is to use a Cloud Storage trigger.\n# Here we use Audit Logs to monitor the bucket so path patterns can be used in the example of\n# google_cloudfunctions2_function below (Audit Log events have path pattern support)\naudit_log_bucket = gcp.storage.Bucket(\"audit-log-bucket\",\n name=\"gcf-auditlog-bucket\",\n location=\"us-central1\",\n uniform_bucket_level_access=True)\n# Permissions on the service account used by the function and Eventarc trigger\ninvoking = gcp.projects.IAMMember(\"invoking\",\n project=\"my-project-name\",\n role=\"roles/run.invoker\",\n member=account.email.apply(lambda email: f\"serviceAccount:{email}\"))\nevent_receiving = gcp.projects.IAMMember(\"event-receiving\",\n project=\"my-project-name\",\n role=\"roles/eventarc.eventReceiver\",\n member=account.email.apply(lambda email: f\"serviceAccount:{email}\"),\n opts = pulumi.ResourceOptions(depends_on=[invoking]))\nartifactregistry_reader = gcp.projects.IAMMember(\"artifactregistry-reader\",\n project=\"my-project-name\",\n role=\"roles/artifactregistry.reader\",\n member=account.email.apply(lambda email: f\"serviceAccount:{email}\"),\n opts = pulumi.ResourceOptions(depends_on=[event_receiving]))\nfunction = gcp.cloudfunctionsv2.Function(\"function\",\n name=\"gcf-function\",\n location=\"us-central1\",\n description=\"a new function\",\n build_config={\n \"runtime\": \"nodejs12\",\n \"entry_point\": \"entryPoint\",\n \"environment_variables\": {\n \"BUILD_CONFIG_TEST\": \"build_test\",\n },\n \"source\": {\n \"storage_source\": {\n \"bucket\": source_bucket.name,\n \"object\": object.name,\n },\n },\n },\n service_config={\n \"max_instance_count\": 3,\n \"min_instance_count\": 1,\n \"available_memory\": \"256M\",\n \"timeout_seconds\": 60,\n \"environment_variables\": {\n \"SERVICE_CONFIG_TEST\": \"config_test\",\n },\n \"ingress_settings\": \"ALLOW_INTERNAL_ONLY\",\n \"all_traffic_on_latest_revision\": True,\n \"service_account_email\": account.email,\n },\n event_trigger={\n \"trigger_region\": \"us-central1\",\n \"event_type\": \"google.cloud.audit.log.v1.written\",\n \"retry_policy\": \"RETRY_POLICY_RETRY\",\n \"service_account_email\": account.email,\n \"event_filters\": [\n {\n \"attribute\": \"serviceName\",\n \"value\": \"storage.googleapis.com\",\n },\n {\n \"attribute\": \"methodName\",\n \"value\": \"storage.objects.create\",\n },\n {\n \"attribute\": \"resourceName\",\n \"value\": audit_log_bucket.name.apply(lambda name: f\"/projects/_/buckets/{name}/objects/*.txt\"),\n \"operator\": \"match-path-pattern\",\n },\n ],\n },\n opts = pulumi.ResourceOptions(depends_on=[\n event_receiving,\n artifactregistry_reader,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // This example follows the examples shown in this Google Cloud Community blog post\n // https://medium.com/google-cloud/applying-a-path-pattern-when-filtering-in-eventarc-f06b937b4c34\n // and the docs:\n // https://cloud.google.com/eventarc/docs/path-patterns\n var source_bucket = new Gcp.Storage.Bucket(\"source-bucket\", new()\n {\n Name = \"gcf-source-bucket\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var @object = new Gcp.Storage.BucketObject(\"object\", new()\n {\n Name = \"function-source.zip\",\n Bucket = source_bucket.Name,\n Source = new FileAsset(\"function-source.zip\"),\n });\n\n var account = new Gcp.ServiceAccount.Account(\"account\", new()\n {\n AccountId = \"gcf-sa\",\n DisplayName = \"Test Service Account - used for both the cloud function and eventarc trigger in the test\",\n });\n\n // Note: The right way of listening for Cloud Storage events is to use a Cloud Storage trigger.\n // Here we use Audit Logs to monitor the bucket so path patterns can be used in the example of\n // google_cloudfunctions2_function below (Audit Log events have path pattern support)\n var audit_log_bucket = new Gcp.Storage.Bucket(\"audit-log-bucket\", new()\n {\n Name = \"gcf-auditlog-bucket\",\n Location = \"us-central1\",\n UniformBucketLevelAccess = true,\n });\n\n // Permissions on the service account used by the function and Eventarc trigger\n var invoking = new Gcp.Projects.IAMMember(\"invoking\", new()\n {\n Project = \"my-project-name\",\n Role = \"roles/run.invoker\",\n Member = account.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n var event_receiving = new Gcp.Projects.IAMMember(\"event-receiving\", new()\n {\n Project = \"my-project-name\",\n Role = \"roles/eventarc.eventReceiver\",\n Member = account.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n invoking,\n },\n });\n\n var artifactregistry_reader = new Gcp.Projects.IAMMember(\"artifactregistry-reader\", new()\n {\n Project = \"my-project-name\",\n Role = \"roles/artifactregistry.reader\",\n Member = account.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n event_receiving,\n },\n });\n\n var function = new Gcp.CloudFunctionsV2.Function(\"function\", new()\n {\n Name = \"gcf-function\",\n Location = \"us-central1\",\n Description = \"a new function\",\n BuildConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigArgs\n {\n Runtime = \"nodejs12\",\n EntryPoint = \"entryPoint\",\n EnvironmentVariables = \n {\n { \"BUILD_CONFIG_TEST\", \"build_test\" },\n },\n Source = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceArgs\n {\n StorageSource = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceStorageSourceArgs\n {\n Bucket = source_bucket.Name,\n Object = @object.Name,\n },\n },\n },\n ServiceConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionServiceConfigArgs\n {\n MaxInstanceCount = 3,\n MinInstanceCount = 1,\n AvailableMemory = \"256M\",\n TimeoutSeconds = 60,\n EnvironmentVariables = \n {\n { \"SERVICE_CONFIG_TEST\", \"config_test\" },\n },\n IngressSettings = \"ALLOW_INTERNAL_ONLY\",\n AllTrafficOnLatestRevision = true,\n ServiceAccountEmail = account.Email,\n },\n EventTrigger = new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerArgs\n {\n TriggerRegion = \"us-central1\",\n EventType = \"google.cloud.audit.log.v1.written\",\n RetryPolicy = \"RETRY_POLICY_RETRY\",\n ServiceAccountEmail = account.Email,\n EventFilters = new[]\n {\n new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerEventFilterArgs\n {\n Attribute = \"serviceName\",\n Value = \"storage.googleapis.com\",\n },\n new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerEventFilterArgs\n {\n Attribute = \"methodName\",\n Value = \"storage.objects.create\",\n },\n new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerEventFilterArgs\n {\n Attribute = \"resourceName\",\n Value = audit_log_bucket.Name.Apply(name =\u003e $\"/projects/_/buckets/{name}/objects/*.txt\"),\n Operator = \"match-path-pattern\",\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n event_receiving,\n artifactregistry_reader,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// This example follows the examples shown in this Google Cloud Community blog post\n\t\t// https://medium.com/google-cloud/applying-a-path-pattern-when-filtering-in-eventarc-f06b937b4c34\n\t\t// and the docs:\n\t\t// https://cloud.google.com/eventarc/docs/path-patterns\n\t\t_, err := storage.NewBucket(ctx, \"source-bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"gcf-source-bucket\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tobject, err := storage.NewBucketObject(ctx, \"object\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"function-source.zip\"),\n\t\t\tBucket: source_bucket.Name,\n\t\t\tSource: pulumi.NewFileAsset(\"function-source.zip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\taccount, err := serviceaccount.NewAccount(ctx, \"account\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"gcf-sa\"),\n\t\t\tDisplayName: pulumi.String(\"Test Service Account - used for both the cloud function and eventarc trigger in the test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Note: The right way of listening for Cloud Storage events is to use a Cloud Storage trigger.\n\t\t// Here we use Audit Logs to monitor the bucket so path patterns can be used in the example of\n\t\t// google_cloudfunctions2_function below (Audit Log events have path pattern support)\n\t\t_, err = storage.NewBucket(ctx, \"audit-log-bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"gcf-auditlog-bucket\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Permissions on the service account used by the function and Eventarc trigger\n\t\tinvoking, err := projects.NewIAMMember(ctx, \"invoking\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tRole: pulumi.String(\"roles/run.invoker\"),\n\t\t\tMember: account.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMMember(ctx, \"event-receiving\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tRole: pulumi.String(\"roles/eventarc.eventReceiver\"),\n\t\t\tMember: account.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tinvoking,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMMember(ctx, \"artifactregistry-reader\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMember: account.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tevent_receiving,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunction(ctx, \"function\", \u0026cloudfunctionsv2.FunctionArgs{\n\t\t\tName: pulumi.String(\"gcf-function\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"a new function\"),\n\t\t\tBuildConfig: \u0026cloudfunctionsv2.FunctionBuildConfigArgs{\n\t\t\t\tRuntime: pulumi.String(\"nodejs12\"),\n\t\t\t\tEntryPoint: pulumi.String(\"entryPoint\"),\n\t\t\t\tEnvironmentVariables: pulumi.StringMap{\n\t\t\t\t\t\"BUILD_CONFIG_TEST\": pulumi.String(\"build_test\"),\n\t\t\t\t},\n\t\t\t\tSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceArgs{\n\t\t\t\t\tStorageSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs{\n\t\t\t\t\t\tBucket: source_bucket.Name,\n\t\t\t\t\t\tObject: object.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tServiceConfig: \u0026cloudfunctionsv2.FunctionServiceConfigArgs{\n\t\t\t\tMaxInstanceCount: pulumi.Int(3),\n\t\t\t\tMinInstanceCount: pulumi.Int(1),\n\t\t\t\tAvailableMemory: pulumi.String(\"256M\"),\n\t\t\t\tTimeoutSeconds: pulumi.Int(60),\n\t\t\t\tEnvironmentVariables: pulumi.StringMap{\n\t\t\t\t\t\"SERVICE_CONFIG_TEST\": pulumi.String(\"config_test\"),\n\t\t\t\t},\n\t\t\t\tIngressSettings: pulumi.String(\"ALLOW_INTERNAL_ONLY\"),\n\t\t\t\tAllTrafficOnLatestRevision: pulumi.Bool(true),\n\t\t\t\tServiceAccountEmail: account.Email,\n\t\t\t},\n\t\t\tEventTrigger: \u0026cloudfunctionsv2.FunctionEventTriggerArgs{\n\t\t\t\tTriggerRegion: pulumi.String(\"us-central1\"),\n\t\t\t\tEventType: pulumi.String(\"google.cloud.audit.log.v1.written\"),\n\t\t\t\tRetryPolicy: pulumi.String(\"RETRY_POLICY_RETRY\"),\n\t\t\t\tServiceAccountEmail: account.Email,\n\t\t\t\tEventFilters: cloudfunctionsv2.FunctionEventTriggerEventFilterArray{\n\t\t\t\t\t\u0026cloudfunctionsv2.FunctionEventTriggerEventFilterArgs{\n\t\t\t\t\t\tAttribute: pulumi.String(\"serviceName\"),\n\t\t\t\t\t\tValue: pulumi.String(\"storage.googleapis.com\"),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026cloudfunctionsv2.FunctionEventTriggerEventFilterArgs{\n\t\t\t\t\t\tAttribute: pulumi.String(\"methodName\"),\n\t\t\t\t\t\tValue: pulumi.String(\"storage.objects.create\"),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026cloudfunctionsv2.FunctionEventTriggerEventFilterArgs{\n\t\t\t\t\t\tAttribute: pulumi.String(\"resourceName\"),\n\t\t\t\t\t\tValue: audit_log_bucket.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"/projects/_/buckets/%v/objects/*.txt\", name), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\tOperator: pulumi.String(\"match-path-pattern\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tevent_receiving,\n\t\t\tartifactregistry_reader,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.Function;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceStorageSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionServiceConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionEventTriggerArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // This example follows the examples shown in this Google Cloud Community blog post\n // https://medium.com/google-cloud/applying-a-path-pattern-when-filtering-in-eventarc-f06b937b4c34\n // and the docs:\n // https://cloud.google.com/eventarc/docs/path-patterns\n var source_bucket = new Bucket(\"source-bucket\", BucketArgs.builder()\n .name(\"gcf-source-bucket\")\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var object = new BucketObject(\"object\", BucketObjectArgs.builder()\n .name(\"function-source.zip\")\n .bucket(source_bucket.name())\n .source(new FileAsset(\"function-source.zip\"))\n .build());\n\n var account = new Account(\"account\", AccountArgs.builder()\n .accountId(\"gcf-sa\")\n .displayName(\"Test Service Account - used for both the cloud function and eventarc trigger in the test\")\n .build());\n\n // Note: The right way of listening for Cloud Storage events is to use a Cloud Storage trigger.\n // Here we use Audit Logs to monitor the bucket so path patterns can be used in the example of\n // google_cloudfunctions2_function below (Audit Log events have path pattern support)\n var audit_log_bucket = new Bucket(\"audit-log-bucket\", BucketArgs.builder()\n .name(\"gcf-auditlog-bucket\")\n .location(\"us-central1\")\n .uniformBucketLevelAccess(true)\n .build());\n\n // Permissions on the service account used by the function and Eventarc trigger\n var invoking = new IAMMember(\"invoking\", IAMMemberArgs.builder()\n .project(\"my-project-name\")\n .role(\"roles/run.invoker\")\n .member(account.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n var event_receiving = new IAMMember(\"event-receiving\", IAMMemberArgs.builder()\n .project(\"my-project-name\")\n .role(\"roles/eventarc.eventReceiver\")\n .member(account.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build(), CustomResourceOptions.builder()\n .dependsOn(invoking)\n .build());\n\n var artifactregistry_reader = new IAMMember(\"artifactregistry-reader\", IAMMemberArgs.builder()\n .project(\"my-project-name\")\n .role(\"roles/artifactregistry.reader\")\n .member(account.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build(), CustomResourceOptions.builder()\n .dependsOn(event_receiving)\n .build());\n\n var function = new Function(\"function\", FunctionArgs.builder()\n .name(\"gcf-function\")\n .location(\"us-central1\")\n .description(\"a new function\")\n .buildConfig(FunctionBuildConfigArgs.builder()\n .runtime(\"nodejs12\")\n .entryPoint(\"entryPoint\")\n .environmentVariables(Map.of(\"BUILD_CONFIG_TEST\", \"build_test\"))\n .source(FunctionBuildConfigSourceArgs.builder()\n .storageSource(FunctionBuildConfigSourceStorageSourceArgs.builder()\n .bucket(source_bucket.name())\n .object(object.name())\n .build())\n .build())\n .build())\n .serviceConfig(FunctionServiceConfigArgs.builder()\n .maxInstanceCount(3)\n .minInstanceCount(1)\n .availableMemory(\"256M\")\n .timeoutSeconds(60)\n .environmentVariables(Map.of(\"SERVICE_CONFIG_TEST\", \"config_test\"))\n .ingressSettings(\"ALLOW_INTERNAL_ONLY\")\n .allTrafficOnLatestRevision(true)\n .serviceAccountEmail(account.email())\n .build())\n .eventTrigger(FunctionEventTriggerArgs.builder()\n .triggerRegion(\"us-central1\")\n .eventType(\"google.cloud.audit.log.v1.written\")\n .retryPolicy(\"RETRY_POLICY_RETRY\")\n .serviceAccountEmail(account.email())\n .eventFilters( \n FunctionEventTriggerEventFilterArgs.builder()\n .attribute(\"serviceName\")\n .value(\"storage.googleapis.com\")\n .build(),\n FunctionEventTriggerEventFilterArgs.builder()\n .attribute(\"methodName\")\n .value(\"storage.objects.create\")\n .build(),\n FunctionEventTriggerEventFilterArgs.builder()\n .attribute(\"resourceName\")\n .value(audit_log_bucket.name().applyValue(name -\u003e String.format(\"/projects/_/buckets/%s/objects/*.txt\", name)))\n .operator(\"match-path-pattern\")\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n event_receiving,\n artifactregistry_reader)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # This example follows the examples shown in this Google Cloud Community blog post\n # https://medium.com/google-cloud/applying-a-path-pattern-when-filtering-in-eventarc-f06b937b4c34\n # and the docs:\n # https://cloud.google.com/eventarc/docs/path-patterns\n source-bucket:\n type: gcp:storage:Bucket\n properties:\n name: gcf-source-bucket\n location: US\n uniformBucketLevelAccess: true\n object:\n type: gcp:storage:BucketObject\n properties:\n name: function-source.zip\n bucket: ${[\"source-bucket\"].name}\n source:\n fn::FileAsset: function-source.zip\n account:\n type: gcp:serviceaccount:Account\n properties:\n accountId: gcf-sa\n displayName: Test Service Account - used for both the cloud function and eventarc trigger in the test\n # Note: The right way of listening for Cloud Storage events is to use a Cloud Storage trigger.\n # Here we use Audit Logs to monitor the bucket so path patterns can be used in the example of\n # google_cloudfunctions2_function below (Audit Log events have path pattern support)\n audit-log-bucket:\n type: gcp:storage:Bucket\n properties:\n name: gcf-auditlog-bucket\n location: us-central1\n uniformBucketLevelAccess: true\n # Permissions on the service account used by the function and Eventarc trigger\n invoking:\n type: gcp:projects:IAMMember\n properties:\n project: my-project-name\n role: roles/run.invoker\n member: serviceAccount:${account.email}\n event-receiving:\n type: gcp:projects:IAMMember\n properties:\n project: my-project-name\n role: roles/eventarc.eventReceiver\n member: serviceAccount:${account.email}\n options:\n dependson:\n - ${invoking}\n artifactregistry-reader:\n type: gcp:projects:IAMMember\n properties:\n project: my-project-name\n role: roles/artifactregistry.reader\n member: serviceAccount:${account.email}\n options:\n dependson:\n - ${[\"event-receiving\"]}\n function:\n type: gcp:cloudfunctionsv2:Function\n properties:\n name: gcf-function\n location: us-central1\n description: a new function\n buildConfig:\n runtime: nodejs12\n entryPoint: entryPoint\n environmentVariables:\n BUILD_CONFIG_TEST: build_test\n source:\n storageSource:\n bucket: ${[\"source-bucket\"].name}\n object: ${object.name}\n serviceConfig:\n maxInstanceCount: 3\n minInstanceCount: 1\n availableMemory: 256M\n timeoutSeconds: 60\n environmentVariables:\n SERVICE_CONFIG_TEST: config_test\n ingressSettings: ALLOW_INTERNAL_ONLY\n allTrafficOnLatestRevision: true\n serviceAccountEmail: ${account.email}\n eventTrigger:\n triggerRegion: us-central1\n eventType: google.cloud.audit.log.v1.written\n retryPolicy: RETRY_POLICY_RETRY\n serviceAccountEmail: ${account.email}\n eventFilters:\n - attribute: serviceName\n value: storage.googleapis.com\n - attribute: methodName\n value: storage.objects.create\n - attribute: resourceName\n value: /projects/_/buckets/${[\"audit-log-bucket\"].name}/objects/*.txt\n operator: match-path-pattern\n options:\n dependson:\n - ${[\"event-receiving\"]}\n - ${[\"artifactregistry-reader\"]}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudfunctions2 Basic Builder\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst project = \"my-project-name\";\nconst account = new gcp.serviceaccount.Account(\"account\", {\n accountId: \"gcf-sa\",\n displayName: \"Test Service Account\",\n});\nconst logWriter = new gcp.projects.IAMMember(\"log_writer\", {\n project: account.project,\n role: \"roles/logging.logWriter\",\n member: pulumi.interpolate`serviceAccount:${account.email}`,\n});\nconst artifactRegistryWriter = new gcp.projects.IAMMember(\"artifact_registry_writer\", {\n project: account.project,\n role: \"roles/artifactregistry.writer\",\n member: pulumi.interpolate`serviceAccount:${account.email}`,\n});\nconst storageObjectAdmin = new gcp.projects.IAMMember(\"storage_object_admin\", {\n project: account.project,\n role: \"roles/storage.objectAdmin\",\n member: pulumi.interpolate`serviceAccount:${account.email}`,\n});\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: `${project}-gcf-source`,\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst object = new gcp.storage.BucketObject(\"object\", {\n name: \"function-source.zip\",\n bucket: bucket.name,\n source: new pulumi.asset.FileAsset(\"function-source.zip\"),\n});\n// builder permissions need to stablize before it can pull the source zip\nconst wait60s = new time.index.Sleep(\"wait_60s\", {createDuration: \"60s\"}, {\n dependsOn: [\n logWriter,\n artifactRegistryWriter,\n storageObjectAdmin,\n ],\n});\nconst _function = new gcp.cloudfunctionsv2.Function(\"function\", {\n name: \"function-v2\",\n location: \"us-central1\",\n description: \"a new function\",\n buildConfig: {\n runtime: \"nodejs16\",\n entryPoint: \"helloHttp\",\n source: {\n storageSource: {\n bucket: bucket.name,\n object: object.name,\n },\n },\n serviceAccount: account.id,\n },\n serviceConfig: {\n maxInstanceCount: 1,\n availableMemory: \"256M\",\n timeoutSeconds: 60,\n },\n}, {\n dependsOn: [wait60s],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\nproject = \"my-project-name\"\naccount = gcp.serviceaccount.Account(\"account\",\n account_id=\"gcf-sa\",\n display_name=\"Test Service Account\")\nlog_writer = gcp.projects.IAMMember(\"log_writer\",\n project=account.project,\n role=\"roles/logging.logWriter\",\n member=account.email.apply(lambda email: f\"serviceAccount:{email}\"))\nartifact_registry_writer = gcp.projects.IAMMember(\"artifact_registry_writer\",\n project=account.project,\n role=\"roles/artifactregistry.writer\",\n member=account.email.apply(lambda email: f\"serviceAccount:{email}\"))\nstorage_object_admin = gcp.projects.IAMMember(\"storage_object_admin\",\n project=account.project,\n role=\"roles/storage.objectAdmin\",\n member=account.email.apply(lambda email: f\"serviceAccount:{email}\"))\nbucket = gcp.storage.Bucket(\"bucket\",\n name=f\"{project}-gcf-source\",\n location=\"US\",\n uniform_bucket_level_access=True)\nobject = gcp.storage.BucketObject(\"object\",\n name=\"function-source.zip\",\n bucket=bucket.name,\n source=pulumi.FileAsset(\"function-source.zip\"))\n# builder permissions need to stablize before it can pull the source zip\nwait60s = time.index.Sleep(\"wait_60s\", create_duration=60s,\nopts = pulumi.ResourceOptions(depends_on=[\n log_writer,\n artifact_registry_writer,\n storage_object_admin,\n ]))\nfunction = gcp.cloudfunctionsv2.Function(\"function\",\n name=\"function-v2\",\n location=\"us-central1\",\n description=\"a new function\",\n build_config={\n \"runtime\": \"nodejs16\",\n \"entry_point\": \"helloHttp\",\n \"source\": {\n \"storage_source\": {\n \"bucket\": bucket.name,\n \"object\": object.name,\n },\n },\n \"service_account\": account.id,\n },\n service_config={\n \"max_instance_count\": 1,\n \"available_memory\": \"256M\",\n \"timeout_seconds\": 60,\n },\n opts = pulumi.ResourceOptions(depends_on=[wait60s]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = \"my-project-name\";\n\n var account = new Gcp.ServiceAccount.Account(\"account\", new()\n {\n AccountId = \"gcf-sa\",\n DisplayName = \"Test Service Account\",\n });\n\n var logWriter = new Gcp.Projects.IAMMember(\"log_writer\", new()\n {\n Project = account.Project,\n Role = \"roles/logging.logWriter\",\n Member = account.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n var artifactRegistryWriter = new Gcp.Projects.IAMMember(\"artifact_registry_writer\", new()\n {\n Project = account.Project,\n Role = \"roles/artifactregistry.writer\",\n Member = account.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n var storageObjectAdmin = new Gcp.Projects.IAMMember(\"storage_object_admin\", new()\n {\n Project = account.Project,\n Role = \"roles/storage.objectAdmin\",\n Member = account.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = $\"{project}-gcf-source\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var @object = new Gcp.Storage.BucketObject(\"object\", new()\n {\n Name = \"function-source.zip\",\n Bucket = bucket.Name,\n Source = new FileAsset(\"function-source.zip\"),\n });\n\n // builder permissions need to stablize before it can pull the source zip\n var wait60s = new Time.Index.Sleep(\"wait_60s\", new()\n {\n CreateDuration = \"60s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n logWriter,\n artifactRegistryWriter,\n storageObjectAdmin,\n },\n });\n\n var function = new Gcp.CloudFunctionsV2.Function(\"function\", new()\n {\n Name = \"function-v2\",\n Location = \"us-central1\",\n Description = \"a new function\",\n BuildConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigArgs\n {\n Runtime = \"nodejs16\",\n EntryPoint = \"helloHttp\",\n Source = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceArgs\n {\n StorageSource = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceStorageSourceArgs\n {\n Bucket = bucket.Name,\n Object = @object.Name,\n },\n },\n ServiceAccount = account.Id,\n },\n ServiceConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionServiceConfigArgs\n {\n MaxInstanceCount = 1,\n AvailableMemory = \"256M\",\n TimeoutSeconds = 60,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait60s,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject := \"my-project-name\"\n\t\taccount, err := serviceaccount.NewAccount(ctx, \"account\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"gcf-sa\"),\n\t\t\tDisplayName: pulumi.String(\"Test Service Account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlogWriter, err := projects.NewIAMMember(ctx, \"log_writer\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: account.Project,\n\t\t\tRole: pulumi.String(\"roles/logging.logWriter\"),\n\t\t\tMember: account.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tartifactRegistryWriter, err := projects.NewIAMMember(ctx, \"artifact_registry_writer\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: account.Project,\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.writer\"),\n\t\t\tMember: account.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tstorageObjectAdmin, err := projects.NewIAMMember(ctx, \"storage_object_admin\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: account.Project,\n\t\t\tRole: pulumi.String(\"roles/storage.objectAdmin\"),\n\t\t\tMember: account.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.Sprintf(\"%v-gcf-source\", project),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tobject, err := storage.NewBucketObject(ctx, \"object\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"function-source.zip\"),\n\t\t\tBucket: bucket.Name,\n\t\t\tSource: pulumi.NewFileAsset(\"function-source.zip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// builder permissions need to stablize before it can pull the source zip\n\t\twait60s, err := time.NewSleep(ctx, \"wait_60s\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"60s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tlogWriter,\n\t\t\tartifactRegistryWriter,\n\t\t\tstorageObjectAdmin,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunction(ctx, \"function\", \u0026cloudfunctionsv2.FunctionArgs{\n\t\t\tName: pulumi.String(\"function-v2\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"a new function\"),\n\t\t\tBuildConfig: \u0026cloudfunctionsv2.FunctionBuildConfigArgs{\n\t\t\t\tRuntime: pulumi.String(\"nodejs16\"),\n\t\t\t\tEntryPoint: pulumi.String(\"helloHttp\"),\n\t\t\t\tSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceArgs{\n\t\t\t\t\tStorageSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs{\n\t\t\t\t\t\tBucket: bucket.Name,\n\t\t\t\t\t\tObject: object.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tServiceAccount: account.ID(),\n\t\t\t},\n\t\t\tServiceConfig: \u0026cloudfunctionsv2.FunctionServiceConfigArgs{\n\t\t\t\tMaxInstanceCount: pulumi.Int(1),\n\t\t\t\tAvailableMemory: pulumi.String(\"256M\"),\n\t\t\t\tTimeoutSeconds: pulumi.Int(60),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait60s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.Function;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceStorageSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionServiceConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = \"my-project-name\";\n\n var account = new Account(\"account\", AccountArgs.builder()\n .accountId(\"gcf-sa\")\n .displayName(\"Test Service Account\")\n .build());\n\n var logWriter = new IAMMember(\"logWriter\", IAMMemberArgs.builder()\n .project(account.project())\n .role(\"roles/logging.logWriter\")\n .member(account.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n var artifactRegistryWriter = new IAMMember(\"artifactRegistryWriter\", IAMMemberArgs.builder()\n .project(account.project())\n .role(\"roles/artifactregistry.writer\")\n .member(account.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n var storageObjectAdmin = new IAMMember(\"storageObjectAdmin\", IAMMemberArgs.builder()\n .project(account.project())\n .role(\"roles/storage.objectAdmin\")\n .member(account.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(String.format(\"%s-gcf-source\", project))\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var object = new BucketObject(\"object\", BucketObjectArgs.builder()\n .name(\"function-source.zip\")\n .bucket(bucket.name())\n .source(new FileAsset(\"function-source.zip\"))\n .build());\n\n // builder permissions need to stablize before it can pull the source zip\n var wait60s = new Sleep(\"wait60s\", SleepArgs.builder()\n .createDuration(\"60s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n logWriter,\n artifactRegistryWriter,\n storageObjectAdmin)\n .build());\n\n var function = new Function(\"function\", FunctionArgs.builder()\n .name(\"function-v2\")\n .location(\"us-central1\")\n .description(\"a new function\")\n .buildConfig(FunctionBuildConfigArgs.builder()\n .runtime(\"nodejs16\")\n .entryPoint(\"helloHttp\")\n .source(FunctionBuildConfigSourceArgs.builder()\n .storageSource(FunctionBuildConfigSourceStorageSourceArgs.builder()\n .bucket(bucket.name())\n .object(object.name())\n .build())\n .build())\n .serviceAccount(account.id())\n .build())\n .serviceConfig(FunctionServiceConfigArgs.builder()\n .maxInstanceCount(1)\n .availableMemory(\"256M\")\n .timeoutSeconds(60)\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait60s)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n account:\n type: gcp:serviceaccount:Account\n properties:\n accountId: gcf-sa\n displayName: Test Service Account\n logWriter:\n type: gcp:projects:IAMMember\n name: log_writer\n properties:\n project: ${account.project}\n role: roles/logging.logWriter\n member: serviceAccount:${account.email}\n artifactRegistryWriter:\n type: gcp:projects:IAMMember\n name: artifact_registry_writer\n properties:\n project: ${account.project}\n role: roles/artifactregistry.writer\n member: serviceAccount:${account.email}\n storageObjectAdmin:\n type: gcp:projects:IAMMember\n name: storage_object_admin\n properties:\n project: ${account.project}\n role: roles/storage.objectAdmin\n member: serviceAccount:${account.email}\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: ${project}-gcf-source\n location: US\n uniformBucketLevelAccess: true\n object:\n type: gcp:storage:BucketObject\n properties:\n name: function-source.zip\n bucket: ${bucket.name}\n source:\n fn::FileAsset: function-source.zip\n # builder permissions need to stablize before it can pull the source zip\n wait60s:\n type: time:sleep\n name: wait_60s\n properties:\n createDuration: 60s\n options:\n dependson:\n - ${logWriter}\n - ${artifactRegistryWriter}\n - ${storageObjectAdmin}\n function:\n type: gcp:cloudfunctionsv2:Function\n properties:\n name: function-v2\n location: us-central1\n description: a new function\n buildConfig:\n runtime: nodejs16\n entryPoint: helloHttp\n source:\n storageSource:\n bucket: ${bucket.name}\n object: ${object.name}\n serviceAccount: ${account.id}\n serviceConfig:\n maxInstanceCount: 1\n availableMemory: 256M\n timeoutSeconds: 60\n options:\n dependson:\n - ${wait60s}\nvariables:\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudfunctions2 Secret Env\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = \"my-project-name\";\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: `${project}-gcf-source`,\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst object = new gcp.storage.BucketObject(\"object\", {\n name: \"function-source.zip\",\n bucket: bucket.name,\n source: new pulumi.asset.FileAsset(\"function-source.zip\"),\n});\nconst secret = new gcp.secretmanager.Secret(\"secret\", {\n secretId: \"secret\",\n replication: {\n userManaged: {\n replicas: [{\n location: \"us-central1\",\n }],\n },\n },\n});\nconst secretSecretVersion = new gcp.secretmanager.SecretVersion(\"secret\", {\n secret: secret.name,\n secretData: \"secret\",\n enabled: true,\n});\nconst _function = new gcp.cloudfunctionsv2.Function(\"function\", {\n name: \"function-secret\",\n location: \"us-central1\",\n description: \"a new function\",\n buildConfig: {\n runtime: \"nodejs16\",\n entryPoint: \"helloHttp\",\n source: {\n storageSource: {\n bucket: bucket.name,\n object: object.name,\n },\n },\n },\n serviceConfig: {\n maxInstanceCount: 1,\n availableMemory: \"256M\",\n timeoutSeconds: 60,\n secretEnvironmentVariables: [{\n key: \"TEST\",\n projectId: project,\n secret: secret.secretId,\n version: \"latest\",\n }],\n },\n}, {\n dependsOn: [secretSecretVersion],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = \"my-project-name\"\nbucket = gcp.storage.Bucket(\"bucket\",\n name=f\"{project}-gcf-source\",\n location=\"US\",\n uniform_bucket_level_access=True)\nobject = gcp.storage.BucketObject(\"object\",\n name=\"function-source.zip\",\n bucket=bucket.name,\n source=pulumi.FileAsset(\"function-source.zip\"))\nsecret = gcp.secretmanager.Secret(\"secret\",\n secret_id=\"secret\",\n replication={\n \"user_managed\": {\n \"replicas\": [{\n \"location\": \"us-central1\",\n }],\n },\n })\nsecret_secret_version = gcp.secretmanager.SecretVersion(\"secret\",\n secret=secret.name,\n secret_data=\"secret\",\n enabled=True)\nfunction = gcp.cloudfunctionsv2.Function(\"function\",\n name=\"function-secret\",\n location=\"us-central1\",\n description=\"a new function\",\n build_config={\n \"runtime\": \"nodejs16\",\n \"entry_point\": \"helloHttp\",\n \"source\": {\n \"storage_source\": {\n \"bucket\": bucket.name,\n \"object\": object.name,\n },\n },\n },\n service_config={\n \"max_instance_count\": 1,\n \"available_memory\": \"256M\",\n \"timeout_seconds\": 60,\n \"secret_environment_variables\": [{\n \"key\": \"TEST\",\n \"project_id\": project,\n \"secret\": secret.secret_id,\n \"version\": \"latest\",\n }],\n },\n opts = pulumi.ResourceOptions(depends_on=[secret_secret_version]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = \"my-project-name\";\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = $\"{project}-gcf-source\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var @object = new Gcp.Storage.BucketObject(\"object\", new()\n {\n Name = \"function-source.zip\",\n Bucket = bucket.Name,\n Source = new FileAsset(\"function-source.zip\"),\n });\n\n var secret = new Gcp.SecretManager.Secret(\"secret\", new()\n {\n SecretId = \"secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n UserManaged = new Gcp.SecretManager.Inputs.SecretReplicationUserManagedArgs\n {\n Replicas = new[]\n {\n new Gcp.SecretManager.Inputs.SecretReplicationUserManagedReplicaArgs\n {\n Location = \"us-central1\",\n },\n },\n },\n },\n });\n\n var secretSecretVersion = new Gcp.SecretManager.SecretVersion(\"secret\", new()\n {\n Secret = secret.Name,\n SecretData = \"secret\",\n Enabled = true,\n });\n\n var function = new Gcp.CloudFunctionsV2.Function(\"function\", new()\n {\n Name = \"function-secret\",\n Location = \"us-central1\",\n Description = \"a new function\",\n BuildConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigArgs\n {\n Runtime = \"nodejs16\",\n EntryPoint = \"helloHttp\",\n Source = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceArgs\n {\n StorageSource = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceStorageSourceArgs\n {\n Bucket = bucket.Name,\n Object = @object.Name,\n },\n },\n },\n ServiceConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionServiceConfigArgs\n {\n MaxInstanceCount = 1,\n AvailableMemory = \"256M\",\n TimeoutSeconds = 60,\n SecretEnvironmentVariables = new[]\n {\n new Gcp.CloudFunctionsV2.Inputs.FunctionServiceConfigSecretEnvironmentVariableArgs\n {\n Key = \"TEST\",\n ProjectId = project,\n Secret = secret.SecretId,\n Version = \"latest\",\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n secretSecretVersion,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject := \"my-project-name\"\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.Sprintf(\"%v-gcf-source\", project),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tobject, err := storage.NewBucketObject(ctx, \"object\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"function-source.zip\"),\n\t\t\tBucket: bucket.Name,\n\t\t\tSource: pulumi.NewFileAsset(\"function-source.zip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecret, err := secretmanager.NewSecret(ctx, \"secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tUserManaged: \u0026secretmanager.SecretReplicationUserManagedArgs{\n\t\t\t\t\tReplicas: secretmanager.SecretReplicationUserManagedReplicaArray{\n\t\t\t\t\t\t\u0026secretmanager.SecretReplicationUserManagedReplicaArgs{\n\t\t\t\t\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecretSecretVersion, err := secretmanager.NewSecretVersion(ctx, \"secret\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: secret.Name,\n\t\t\tSecretData: pulumi.String(\"secret\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunction(ctx, \"function\", \u0026cloudfunctionsv2.FunctionArgs{\n\t\t\tName: pulumi.String(\"function-secret\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"a new function\"),\n\t\t\tBuildConfig: \u0026cloudfunctionsv2.FunctionBuildConfigArgs{\n\t\t\t\tRuntime: pulumi.String(\"nodejs16\"),\n\t\t\t\tEntryPoint: pulumi.String(\"helloHttp\"),\n\t\t\t\tSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceArgs{\n\t\t\t\t\tStorageSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs{\n\t\t\t\t\t\tBucket: bucket.Name,\n\t\t\t\t\t\tObject: object.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tServiceConfig: \u0026cloudfunctionsv2.FunctionServiceConfigArgs{\n\t\t\t\tMaxInstanceCount: pulumi.Int(1),\n\t\t\t\tAvailableMemory: pulumi.String(\"256M\"),\n\t\t\t\tTimeoutSeconds: pulumi.Int(60),\n\t\t\t\tSecretEnvironmentVariables: cloudfunctionsv2.FunctionServiceConfigSecretEnvironmentVariableArray{\n\t\t\t\t\t\u0026cloudfunctionsv2.FunctionServiceConfigSecretEnvironmentVariableArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"TEST\"),\n\t\t\t\t\t\tProjectId: pulumi.String(project),\n\t\t\t\t\t\tSecret: secret.SecretId,\n\t\t\t\t\t\tVersion: pulumi.String(\"latest\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsecretSecretVersion,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationUserManagedArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.Function;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceStorageSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionServiceConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = \"my-project-name\";\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(String.format(\"%s-gcf-source\", project))\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var object = new BucketObject(\"object\", BucketObjectArgs.builder()\n .name(\"function-source.zip\")\n .bucket(bucket.name())\n .source(new FileAsset(\"function-source.zip\"))\n .build());\n\n var secret = new Secret(\"secret\", SecretArgs.builder()\n .secretId(\"secret\")\n .replication(SecretReplicationArgs.builder()\n .userManaged(SecretReplicationUserManagedArgs.builder()\n .replicas(SecretReplicationUserManagedReplicaArgs.builder()\n .location(\"us-central1\")\n .build())\n .build())\n .build())\n .build());\n\n var secretSecretVersion = new SecretVersion(\"secretSecretVersion\", SecretVersionArgs.builder()\n .secret(secret.name())\n .secretData(\"secret\")\n .enabled(true)\n .build());\n\n var function = new Function(\"function\", FunctionArgs.builder()\n .name(\"function-secret\")\n .location(\"us-central1\")\n .description(\"a new function\")\n .buildConfig(FunctionBuildConfigArgs.builder()\n .runtime(\"nodejs16\")\n .entryPoint(\"helloHttp\")\n .source(FunctionBuildConfigSourceArgs.builder()\n .storageSource(FunctionBuildConfigSourceStorageSourceArgs.builder()\n .bucket(bucket.name())\n .object(object.name())\n .build())\n .build())\n .build())\n .serviceConfig(FunctionServiceConfigArgs.builder()\n .maxInstanceCount(1)\n .availableMemory(\"256M\")\n .timeoutSeconds(60)\n .secretEnvironmentVariables(FunctionServiceConfigSecretEnvironmentVariableArgs.builder()\n .key(\"TEST\")\n .projectId(project)\n .secret(secret.secretId())\n .version(\"latest\")\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(secretSecretVersion)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: ${project}-gcf-source\n location: US\n uniformBucketLevelAccess: true\n object:\n type: gcp:storage:BucketObject\n properties:\n name: function-source.zip\n bucket: ${bucket.name}\n source:\n fn::FileAsset: function-source.zip\n function:\n type: gcp:cloudfunctionsv2:Function\n properties:\n name: function-secret\n location: us-central1\n description: a new function\n buildConfig:\n runtime: nodejs16\n entryPoint: helloHttp\n source:\n storageSource:\n bucket: ${bucket.name}\n object: ${object.name}\n serviceConfig:\n maxInstanceCount: 1\n availableMemory: 256M\n timeoutSeconds: 60\n secretEnvironmentVariables:\n - key: TEST\n projectId: ${project}\n secret: ${secret.secretId}\n version: latest\n options:\n dependson:\n - ${secretSecretVersion}\n secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: secret\n replication:\n userManaged:\n replicas:\n - location: us-central1\n secretSecretVersion:\n type: gcp:secretmanager:SecretVersion\n name: secret\n properties:\n secret: ${secret.name}\n secretData: secret\n enabled: true\nvariables:\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudfunctions2 Secret Volume\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = \"my-project-name\";\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: `${project}-gcf-source`,\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst object = new gcp.storage.BucketObject(\"object\", {\n name: \"function-source.zip\",\n bucket: bucket.name,\n source: new pulumi.asset.FileAsset(\"function-source.zip\"),\n});\nconst secret = new gcp.secretmanager.Secret(\"secret\", {\n secretId: \"secret\",\n replication: {\n userManaged: {\n replicas: [{\n location: \"us-central1\",\n }],\n },\n },\n});\nconst secretSecretVersion = new gcp.secretmanager.SecretVersion(\"secret\", {\n secret: secret.name,\n secretData: \"secret\",\n enabled: true,\n});\nconst _function = new gcp.cloudfunctionsv2.Function(\"function\", {\n name: \"function-secret\",\n location: \"us-central1\",\n description: \"a new function\",\n buildConfig: {\n runtime: \"nodejs16\",\n entryPoint: \"helloHttp\",\n source: {\n storageSource: {\n bucket: bucket.name,\n object: object.name,\n },\n },\n },\n serviceConfig: {\n maxInstanceCount: 1,\n availableMemory: \"256M\",\n timeoutSeconds: 60,\n secretVolumes: [{\n mountPath: \"/etc/secrets\",\n projectId: project,\n secret: secret.secretId,\n }],\n },\n}, {\n dependsOn: [secretSecretVersion],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = \"my-project-name\"\nbucket = gcp.storage.Bucket(\"bucket\",\n name=f\"{project}-gcf-source\",\n location=\"US\",\n uniform_bucket_level_access=True)\nobject = gcp.storage.BucketObject(\"object\",\n name=\"function-source.zip\",\n bucket=bucket.name,\n source=pulumi.FileAsset(\"function-source.zip\"))\nsecret = gcp.secretmanager.Secret(\"secret\",\n secret_id=\"secret\",\n replication={\n \"user_managed\": {\n \"replicas\": [{\n \"location\": \"us-central1\",\n }],\n },\n })\nsecret_secret_version = gcp.secretmanager.SecretVersion(\"secret\",\n secret=secret.name,\n secret_data=\"secret\",\n enabled=True)\nfunction = gcp.cloudfunctionsv2.Function(\"function\",\n name=\"function-secret\",\n location=\"us-central1\",\n description=\"a new function\",\n build_config={\n \"runtime\": \"nodejs16\",\n \"entry_point\": \"helloHttp\",\n \"source\": {\n \"storage_source\": {\n \"bucket\": bucket.name,\n \"object\": object.name,\n },\n },\n },\n service_config={\n \"max_instance_count\": 1,\n \"available_memory\": \"256M\",\n \"timeout_seconds\": 60,\n \"secret_volumes\": [{\n \"mount_path\": \"/etc/secrets\",\n \"project_id\": project,\n \"secret\": secret.secret_id,\n }],\n },\n opts = pulumi.ResourceOptions(depends_on=[secret_secret_version]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = \"my-project-name\";\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = $\"{project}-gcf-source\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var @object = new Gcp.Storage.BucketObject(\"object\", new()\n {\n Name = \"function-source.zip\",\n Bucket = bucket.Name,\n Source = new FileAsset(\"function-source.zip\"),\n });\n\n var secret = new Gcp.SecretManager.Secret(\"secret\", new()\n {\n SecretId = \"secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n UserManaged = new Gcp.SecretManager.Inputs.SecretReplicationUserManagedArgs\n {\n Replicas = new[]\n {\n new Gcp.SecretManager.Inputs.SecretReplicationUserManagedReplicaArgs\n {\n Location = \"us-central1\",\n },\n },\n },\n },\n });\n\n var secretSecretVersion = new Gcp.SecretManager.SecretVersion(\"secret\", new()\n {\n Secret = secret.Name,\n SecretData = \"secret\",\n Enabled = true,\n });\n\n var function = new Gcp.CloudFunctionsV2.Function(\"function\", new()\n {\n Name = \"function-secret\",\n Location = \"us-central1\",\n Description = \"a new function\",\n BuildConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigArgs\n {\n Runtime = \"nodejs16\",\n EntryPoint = \"helloHttp\",\n Source = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceArgs\n {\n StorageSource = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceStorageSourceArgs\n {\n Bucket = bucket.Name,\n Object = @object.Name,\n },\n },\n },\n ServiceConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionServiceConfigArgs\n {\n MaxInstanceCount = 1,\n AvailableMemory = \"256M\",\n TimeoutSeconds = 60,\n SecretVolumes = new[]\n {\n new Gcp.CloudFunctionsV2.Inputs.FunctionServiceConfigSecretVolumeArgs\n {\n MountPath = \"/etc/secrets\",\n ProjectId = project,\n Secret = secret.SecretId,\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n secretSecretVersion,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject := \"my-project-name\"\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.Sprintf(\"%v-gcf-source\", project),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tobject, err := storage.NewBucketObject(ctx, \"object\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"function-source.zip\"),\n\t\t\tBucket: bucket.Name,\n\t\t\tSource: pulumi.NewFileAsset(\"function-source.zip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecret, err := secretmanager.NewSecret(ctx, \"secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tUserManaged: \u0026secretmanager.SecretReplicationUserManagedArgs{\n\t\t\t\t\tReplicas: secretmanager.SecretReplicationUserManagedReplicaArray{\n\t\t\t\t\t\t\u0026secretmanager.SecretReplicationUserManagedReplicaArgs{\n\t\t\t\t\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecretSecretVersion, err := secretmanager.NewSecretVersion(ctx, \"secret\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: secret.Name,\n\t\t\tSecretData: pulumi.String(\"secret\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunction(ctx, \"function\", \u0026cloudfunctionsv2.FunctionArgs{\n\t\t\tName: pulumi.String(\"function-secret\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"a new function\"),\n\t\t\tBuildConfig: \u0026cloudfunctionsv2.FunctionBuildConfigArgs{\n\t\t\t\tRuntime: pulumi.String(\"nodejs16\"),\n\t\t\t\tEntryPoint: pulumi.String(\"helloHttp\"),\n\t\t\t\tSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceArgs{\n\t\t\t\t\tStorageSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs{\n\t\t\t\t\t\tBucket: bucket.Name,\n\t\t\t\t\t\tObject: object.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tServiceConfig: \u0026cloudfunctionsv2.FunctionServiceConfigArgs{\n\t\t\t\tMaxInstanceCount: pulumi.Int(1),\n\t\t\t\tAvailableMemory: pulumi.String(\"256M\"),\n\t\t\t\tTimeoutSeconds: pulumi.Int(60),\n\t\t\t\tSecretVolumes: cloudfunctionsv2.FunctionServiceConfigSecretVolumeArray{\n\t\t\t\t\t\u0026cloudfunctionsv2.FunctionServiceConfigSecretVolumeArgs{\n\t\t\t\t\t\tMountPath: pulumi.String(\"/etc/secrets\"),\n\t\t\t\t\t\tProjectId: pulumi.String(project),\n\t\t\t\t\t\tSecret: secret.SecretId,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsecretSecretVersion,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationUserManagedArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.Function;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceStorageSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionServiceConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = \"my-project-name\";\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(String.format(\"%s-gcf-source\", project))\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var object = new BucketObject(\"object\", BucketObjectArgs.builder()\n .name(\"function-source.zip\")\n .bucket(bucket.name())\n .source(new FileAsset(\"function-source.zip\"))\n .build());\n\n var secret = new Secret(\"secret\", SecretArgs.builder()\n .secretId(\"secret\")\n .replication(SecretReplicationArgs.builder()\n .userManaged(SecretReplicationUserManagedArgs.builder()\n .replicas(SecretReplicationUserManagedReplicaArgs.builder()\n .location(\"us-central1\")\n .build())\n .build())\n .build())\n .build());\n\n var secretSecretVersion = new SecretVersion(\"secretSecretVersion\", SecretVersionArgs.builder()\n .secret(secret.name())\n .secretData(\"secret\")\n .enabled(true)\n .build());\n\n var function = new Function(\"function\", FunctionArgs.builder()\n .name(\"function-secret\")\n .location(\"us-central1\")\n .description(\"a new function\")\n .buildConfig(FunctionBuildConfigArgs.builder()\n .runtime(\"nodejs16\")\n .entryPoint(\"helloHttp\")\n .source(FunctionBuildConfigSourceArgs.builder()\n .storageSource(FunctionBuildConfigSourceStorageSourceArgs.builder()\n .bucket(bucket.name())\n .object(object.name())\n .build())\n .build())\n .build())\n .serviceConfig(FunctionServiceConfigArgs.builder()\n .maxInstanceCount(1)\n .availableMemory(\"256M\")\n .timeoutSeconds(60)\n .secretVolumes(FunctionServiceConfigSecretVolumeArgs.builder()\n .mountPath(\"/etc/secrets\")\n .projectId(project)\n .secret(secret.secretId())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(secretSecretVersion)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: ${project}-gcf-source\n location: US\n uniformBucketLevelAccess: true\n object:\n type: gcp:storage:BucketObject\n properties:\n name: function-source.zip\n bucket: ${bucket.name}\n source:\n fn::FileAsset: function-source.zip\n function:\n type: gcp:cloudfunctionsv2:Function\n properties:\n name: function-secret\n location: us-central1\n description: a new function\n buildConfig:\n runtime: nodejs16\n entryPoint: helloHttp\n source:\n storageSource:\n bucket: ${bucket.name}\n object: ${object.name}\n serviceConfig:\n maxInstanceCount: 1\n availableMemory: 256M\n timeoutSeconds: 60\n secretVolumes:\n - mountPath: /etc/secrets\n projectId: ${project}\n secret: ${secret.secretId}\n options:\n dependson:\n - ${secretSecretVersion}\n secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: secret\n replication:\n userManaged:\n replicas:\n - location: us-central1\n secretSecretVersion:\n type: gcp:secretmanager:SecretVersion\n name: secret\n properties:\n secret: ${secret.name}\n secretData: secret\n enabled: true\nvariables:\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudfunctions2 Private Workerpool\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = \"my-project-name\";\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: `${project}-gcf-source`,\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst object = new gcp.storage.BucketObject(\"object\", {\n name: \"function-source.zip\",\n bucket: bucket.name,\n source: new pulumi.asset.FileAsset(\"function-source.zip\"),\n});\nconst pool = new gcp.cloudbuild.WorkerPool(\"pool\", {\n name: \"workerpool\",\n location: \"us-central1\",\n workerConfig: {\n diskSizeGb: 100,\n machineType: \"e2-standard-8\",\n noExternalIp: false,\n },\n});\nconst _function = new gcp.cloudfunctionsv2.Function(\"function\", {\n name: \"function-workerpool\",\n location: \"us-central1\",\n description: \"a new function\",\n buildConfig: {\n runtime: \"nodejs16\",\n entryPoint: \"helloHttp\",\n source: {\n storageSource: {\n bucket: bucket.name,\n object: object.name,\n },\n },\n workerPool: pool.id,\n },\n serviceConfig: {\n maxInstanceCount: 1,\n availableMemory: \"256M\",\n timeoutSeconds: 60,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = \"my-project-name\"\nbucket = gcp.storage.Bucket(\"bucket\",\n name=f\"{project}-gcf-source\",\n location=\"US\",\n uniform_bucket_level_access=True)\nobject = gcp.storage.BucketObject(\"object\",\n name=\"function-source.zip\",\n bucket=bucket.name,\n source=pulumi.FileAsset(\"function-source.zip\"))\npool = gcp.cloudbuild.WorkerPool(\"pool\",\n name=\"workerpool\",\n location=\"us-central1\",\n worker_config={\n \"disk_size_gb\": 100,\n \"machine_type\": \"e2-standard-8\",\n \"no_external_ip\": False,\n })\nfunction = gcp.cloudfunctionsv2.Function(\"function\",\n name=\"function-workerpool\",\n location=\"us-central1\",\n description=\"a new function\",\n build_config={\n \"runtime\": \"nodejs16\",\n \"entry_point\": \"helloHttp\",\n \"source\": {\n \"storage_source\": {\n \"bucket\": bucket.name,\n \"object\": object.name,\n },\n },\n \"worker_pool\": pool.id,\n },\n service_config={\n \"max_instance_count\": 1,\n \"available_memory\": \"256M\",\n \"timeout_seconds\": 60,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = \"my-project-name\";\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = $\"{project}-gcf-source\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var @object = new Gcp.Storage.BucketObject(\"object\", new()\n {\n Name = \"function-source.zip\",\n Bucket = bucket.Name,\n Source = new FileAsset(\"function-source.zip\"),\n });\n\n var pool = new Gcp.CloudBuild.WorkerPool(\"pool\", new()\n {\n Name = \"workerpool\",\n Location = \"us-central1\",\n WorkerConfig = new Gcp.CloudBuild.Inputs.WorkerPoolWorkerConfigArgs\n {\n DiskSizeGb = 100,\n MachineType = \"e2-standard-8\",\n NoExternalIp = false,\n },\n });\n\n var function = new Gcp.CloudFunctionsV2.Function(\"function\", new()\n {\n Name = \"function-workerpool\",\n Location = \"us-central1\",\n Description = \"a new function\",\n BuildConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigArgs\n {\n Runtime = \"nodejs16\",\n EntryPoint = \"helloHttp\",\n Source = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceArgs\n {\n StorageSource = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceStorageSourceArgs\n {\n Bucket = bucket.Name,\n Object = @object.Name,\n },\n },\n WorkerPool = pool.Id,\n },\n ServiceConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionServiceConfigArgs\n {\n MaxInstanceCount = 1,\n AvailableMemory = \"256M\",\n TimeoutSeconds = 60,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject := \"my-project-name\"\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.Sprintf(\"%v-gcf-source\", project),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tobject, err := storage.NewBucketObject(ctx, \"object\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"function-source.zip\"),\n\t\t\tBucket: bucket.Name,\n\t\t\tSource: pulumi.NewFileAsset(\"function-source.zip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpool, err := cloudbuild.NewWorkerPool(ctx, \"pool\", \u0026cloudbuild.WorkerPoolArgs{\n\t\t\tName: pulumi.String(\"workerpool\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tWorkerConfig: \u0026cloudbuild.WorkerPoolWorkerConfigArgs{\n\t\t\t\tDiskSizeGb: pulumi.Int(100),\n\t\t\t\tMachineType: pulumi.String(\"e2-standard-8\"),\n\t\t\t\tNoExternalIp: pulumi.Bool(false),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunction(ctx, \"function\", \u0026cloudfunctionsv2.FunctionArgs{\n\t\t\tName: pulumi.String(\"function-workerpool\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"a new function\"),\n\t\t\tBuildConfig: \u0026cloudfunctionsv2.FunctionBuildConfigArgs{\n\t\t\t\tRuntime: pulumi.String(\"nodejs16\"),\n\t\t\t\tEntryPoint: pulumi.String(\"helloHttp\"),\n\t\t\t\tSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceArgs{\n\t\t\t\t\tStorageSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs{\n\t\t\t\t\t\tBucket: bucket.Name,\n\t\t\t\t\t\tObject: object.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tWorkerPool: pool.ID(),\n\t\t\t},\n\t\t\tServiceConfig: \u0026cloudfunctionsv2.FunctionServiceConfigArgs{\n\t\t\t\tMaxInstanceCount: pulumi.Int(1),\n\t\t\t\tAvailableMemory: pulumi.String(\"256M\"),\n\t\t\t\tTimeoutSeconds: pulumi.Int(60),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.cloudbuild.WorkerPool;\nimport com.pulumi.gcp.cloudbuild.WorkerPoolArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.WorkerPoolWorkerConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.Function;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceStorageSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionServiceConfigArgs;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = \"my-project-name\";\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(String.format(\"%s-gcf-source\", project))\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var object = new BucketObject(\"object\", BucketObjectArgs.builder()\n .name(\"function-source.zip\")\n .bucket(bucket.name())\n .source(new FileAsset(\"function-source.zip\"))\n .build());\n\n var pool = new WorkerPool(\"pool\", WorkerPoolArgs.builder()\n .name(\"workerpool\")\n .location(\"us-central1\")\n .workerConfig(WorkerPoolWorkerConfigArgs.builder()\n .diskSizeGb(100)\n .machineType(\"e2-standard-8\")\n .noExternalIp(false)\n .build())\n .build());\n\n var function = new Function(\"function\", FunctionArgs.builder()\n .name(\"function-workerpool\")\n .location(\"us-central1\")\n .description(\"a new function\")\n .buildConfig(FunctionBuildConfigArgs.builder()\n .runtime(\"nodejs16\")\n .entryPoint(\"helloHttp\")\n .source(FunctionBuildConfigSourceArgs.builder()\n .storageSource(FunctionBuildConfigSourceStorageSourceArgs.builder()\n .bucket(bucket.name())\n .object(object.name())\n .build())\n .build())\n .workerPool(pool.id())\n .build())\n .serviceConfig(FunctionServiceConfigArgs.builder()\n .maxInstanceCount(1)\n .availableMemory(\"256M\")\n .timeoutSeconds(60)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: ${project}-gcf-source\n location: US\n uniformBucketLevelAccess: true\n object:\n type: gcp:storage:BucketObject\n properties:\n name: function-source.zip\n bucket: ${bucket.name}\n source:\n fn::FileAsset: function-source.zip\n pool:\n type: gcp:cloudbuild:WorkerPool\n properties:\n name: workerpool\n location: us-central1\n workerConfig:\n diskSizeGb: 100\n machineType: e2-standard-8\n noExternalIp: false\n function:\n type: gcp:cloudfunctionsv2:Function\n properties:\n name: function-workerpool\n location: us-central1\n description: a new function\n buildConfig:\n runtime: nodejs16\n entryPoint: helloHttp\n source:\n storageSource:\n bucket: ${bucket.name}\n object: ${object.name}\n workerPool: ${pool.id}\n serviceConfig:\n maxInstanceCount: 1\n availableMemory: 256M\n timeoutSeconds: 60\nvariables:\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudfunctions2 Cmek Docs\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = \"my-project-name\";\nconst projectGetProject = gcp.organizations.getProject({});\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: `${project}-gcf-source`,\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst object = new gcp.storage.BucketObject(\"object\", {\n name: \"function-source.zip\",\n bucket: bucket.name,\n source: new pulumi.asset.FileAsset(\"function-source.zip\"),\n});\nconst eaSa = new gcp.projects.ServiceIdentity(\"ea_sa\", {\n project: projectGetProject.then(projectGetProject =\u003e projectGetProject.projectId),\n service: \"eventarc.googleapis.com\",\n});\nconst unencoded_ar_repo = new gcp.artifactregistry.Repository(\"unencoded-ar-repo\", {\n repositoryId: \"ar-repo\",\n location: \"us-central1\",\n format: \"DOCKER\",\n});\nconst gcfCmekKeyuser = new gcp.kms.CryptoKeyIAMBinding(\"gcf_cmek_keyuser\", {\n cryptoKeyId: \"cmek-key\",\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n members: [\n projectGetProject.then(projectGetProject =\u003e `serviceAccount:service-${projectGetProject.number}@gcf-admin-robot.iam.gserviceaccount.com`),\n projectGetProject.then(projectGetProject =\u003e `serviceAccount:service-${projectGetProject.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com`),\n projectGetProject.then(projectGetProject =\u003e `serviceAccount:service-${projectGetProject.number}@gs-project-accounts.iam.gserviceaccount.com`),\n projectGetProject.then(projectGetProject =\u003e `serviceAccount:service-${projectGetProject.number}@serverless-robot-prod.iam.gserviceaccount.com`),\n eaSa.member,\n ],\n}, {\n dependsOn: [eaSa],\n});\nconst encoded_ar_repo = new gcp.artifactregistry.Repository(\"encoded-ar-repo\", {\n location: \"us-central1\",\n repositoryId: \"cmek-repo\",\n format: \"DOCKER\",\n kmsKeyName: \"cmek-key\",\n}, {\n dependsOn: [gcfCmekKeyuser],\n});\nconst binding = new gcp.artifactregistry.RepositoryIamBinding(\"binding\", {\n location: encoded_ar_repo.location,\n repository: encoded_ar_repo.name,\n role: \"roles/artifactregistry.admin\",\n members: [projectGetProject.then(projectGetProject =\u003e `serviceAccount:service-${projectGetProject.number}@gcf-admin-robot.iam.gserviceaccount.com`)],\n});\nconst _function = new gcp.cloudfunctionsv2.Function(\"function\", {\n name: \"function-cmek\",\n location: \"us-central1\",\n description: \"CMEK function\",\n kmsKeyName: \"cmek-key\",\n buildConfig: {\n runtime: \"nodejs16\",\n entryPoint: \"helloHttp\",\n dockerRepository: encoded_ar_repo.id,\n source: {\n storageSource: {\n bucket: bucket.name,\n object: object.name,\n },\n },\n },\n serviceConfig: {\n maxInstanceCount: 1,\n availableMemory: \"256M\",\n timeoutSeconds: 60,\n },\n}, {\n dependsOn: [gcfCmekKeyuser],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = \"my-project-name\"\nproject_get_project = gcp.organizations.get_project()\nbucket = gcp.storage.Bucket(\"bucket\",\n name=f\"{project}-gcf-source\",\n location=\"US\",\n uniform_bucket_level_access=True)\nobject = gcp.storage.BucketObject(\"object\",\n name=\"function-source.zip\",\n bucket=bucket.name,\n source=pulumi.FileAsset(\"function-source.zip\"))\nea_sa = gcp.projects.ServiceIdentity(\"ea_sa\",\n project=project_get_project.project_id,\n service=\"eventarc.googleapis.com\")\nunencoded_ar_repo = gcp.artifactregistry.Repository(\"unencoded-ar-repo\",\n repository_id=\"ar-repo\",\n location=\"us-central1\",\n format=\"DOCKER\")\ngcf_cmek_keyuser = gcp.kms.CryptoKeyIAMBinding(\"gcf_cmek_keyuser\",\n crypto_key_id=\"cmek-key\",\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n members=[\n f\"serviceAccount:service-{project_get_project.number}@gcf-admin-robot.iam.gserviceaccount.com\",\n f\"serviceAccount:service-{project_get_project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\",\n f\"serviceAccount:service-{project_get_project.number}@gs-project-accounts.iam.gserviceaccount.com\",\n f\"serviceAccount:service-{project_get_project.number}@serverless-robot-prod.iam.gserviceaccount.com\",\n ea_sa.member,\n ],\n opts = pulumi.ResourceOptions(depends_on=[ea_sa]))\nencoded_ar_repo = gcp.artifactregistry.Repository(\"encoded-ar-repo\",\n location=\"us-central1\",\n repository_id=\"cmek-repo\",\n format=\"DOCKER\",\n kms_key_name=\"cmek-key\",\n opts = pulumi.ResourceOptions(depends_on=[gcf_cmek_keyuser]))\nbinding = gcp.artifactregistry.RepositoryIamBinding(\"binding\",\n location=encoded_ar_repo.location,\n repository=encoded_ar_repo.name,\n role=\"roles/artifactregistry.admin\",\n members=[f\"serviceAccount:service-{project_get_project.number}@gcf-admin-robot.iam.gserviceaccount.com\"])\nfunction = gcp.cloudfunctionsv2.Function(\"function\",\n name=\"function-cmek\",\n location=\"us-central1\",\n description=\"CMEK function\",\n kms_key_name=\"cmek-key\",\n build_config={\n \"runtime\": \"nodejs16\",\n \"entry_point\": \"helloHttp\",\n \"docker_repository\": encoded_ar_repo.id,\n \"source\": {\n \"storage_source\": {\n \"bucket\": bucket.name,\n \"object\": object.name,\n },\n },\n },\n service_config={\n \"max_instance_count\": 1,\n \"available_memory\": \"256M\",\n \"timeout_seconds\": 60,\n },\n opts = pulumi.ResourceOptions(depends_on=[gcf_cmek_keyuser]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = \"my-project-name\";\n\n var projectGetProject = Gcp.Organizations.GetProject.Invoke();\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = $\"{project}-gcf-source\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var @object = new Gcp.Storage.BucketObject(\"object\", new()\n {\n Name = \"function-source.zip\",\n Bucket = bucket.Name,\n Source = new FileAsset(\"function-source.zip\"),\n });\n\n var eaSa = new Gcp.Projects.ServiceIdentity(\"ea_sa\", new()\n {\n Project = projectGetProject.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n Service = \"eventarc.googleapis.com\",\n });\n\n var unencoded_ar_repo = new Gcp.ArtifactRegistry.Repository(\"unencoded-ar-repo\", new()\n {\n RepositoryId = \"ar-repo\",\n Location = \"us-central1\",\n Format = \"DOCKER\",\n });\n\n var gcfCmekKeyuser = new Gcp.Kms.CryptoKeyIAMBinding(\"gcf_cmek_keyuser\", new()\n {\n CryptoKeyId = \"cmek-key\",\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Members = new[]\n {\n $\"serviceAccount:service-{projectGetProject.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcf-admin-robot.iam.gserviceaccount.com\",\n $\"serviceAccount:service-{projectGetProject.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-artifactregistry.iam.gserviceaccount.com\",\n $\"serviceAccount:service-{projectGetProject.Apply(getProjectResult =\u003e getProjectResult.Number)}@gs-project-accounts.iam.gserviceaccount.com\",\n $\"serviceAccount:service-{projectGetProject.Apply(getProjectResult =\u003e getProjectResult.Number)}@serverless-robot-prod.iam.gserviceaccount.com\",\n eaSa.Member,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n eaSa,\n },\n });\n\n var encoded_ar_repo = new Gcp.ArtifactRegistry.Repository(\"encoded-ar-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"cmek-repo\",\n Format = \"DOCKER\",\n KmsKeyName = \"cmek-key\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n gcfCmekKeyuser,\n },\n });\n\n var binding = new Gcp.ArtifactRegistry.RepositoryIamBinding(\"binding\", new()\n {\n Location = encoded_ar_repo.Location,\n Repository = encoded_ar_repo.Name,\n Role = \"roles/artifactregistry.admin\",\n Members = new[]\n {\n $\"serviceAccount:service-{projectGetProject.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcf-admin-robot.iam.gserviceaccount.com\",\n },\n });\n\n var function = new Gcp.CloudFunctionsV2.Function(\"function\", new()\n {\n Name = \"function-cmek\",\n Location = \"us-central1\",\n Description = \"CMEK function\",\n KmsKeyName = \"cmek-key\",\n BuildConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigArgs\n {\n Runtime = \"nodejs16\",\n EntryPoint = \"helloHttp\",\n DockerRepository = encoded_ar_repo.Id,\n Source = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceArgs\n {\n StorageSource = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceStorageSourceArgs\n {\n Bucket = bucket.Name,\n Object = @object.Name,\n },\n },\n },\n ServiceConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionServiceConfigArgs\n {\n MaxInstanceCount = 1,\n AvailableMemory = \"256M\",\n TimeoutSeconds = 60,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n gcfCmekKeyuser,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject := \"my-project-name\"\n\t\tprojectGetProject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.Sprintf(\"%v-gcf-source\", project),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tobject, err := storage.NewBucketObject(ctx, \"object\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"function-source.zip\"),\n\t\t\tBucket: bucket.Name,\n\t\t\tSource: pulumi.NewFileAsset(\"function-source.zip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\teaSa, err := projects.NewServiceIdentity(ctx, \"ea_sa\", \u0026projects.ServiceIdentityArgs{\n\t\t\tProject: pulumi.String(projectGetProject.ProjectId),\n\t\t\tService: pulumi.String(\"eventarc.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"unencoded-ar-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tRepositoryId: pulumi.String(\"ar-repo\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgcfCmekKeyuser, err := kms.NewCryptoKeyIAMBinding(ctx, \"gcf_cmek_keyuser\", \u0026kms.CryptoKeyIAMBindingArgs{\n\t\t\tCryptoKeyId: pulumi.String(\"cmek-key\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:service-%v@gcf-admin-robot.iam.gserviceaccount.com\", projectGetProject.Number),\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-artifactregistry.iam.gserviceaccount.com\", projectGetProject.Number),\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:service-%v@gs-project-accounts.iam.gserviceaccount.com\", projectGetProject.Number),\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:service-%v@serverless-robot-prod.iam.gserviceaccount.com\", projectGetProject.Number),\n\t\t\t\teaSa.Member,\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\teaSa,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"encoded-ar-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"cmek-repo\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tKmsKeyName: pulumi.String(\"cmek-key\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tgcfCmekKeyuser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepositoryIamBinding(ctx, \"binding\", \u0026artifactregistry.RepositoryIamBindingArgs{\n\t\t\tLocation: encoded_ar_repo.Location,\n\t\t\tRepository: encoded_ar_repo.Name,\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:service-%v@gcf-admin-robot.iam.gserviceaccount.com\", projectGetProject.Number),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunction(ctx, \"function\", \u0026cloudfunctionsv2.FunctionArgs{\n\t\t\tName: pulumi.String(\"function-cmek\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"CMEK function\"),\n\t\t\tKmsKeyName: pulumi.String(\"cmek-key\"),\n\t\t\tBuildConfig: \u0026cloudfunctionsv2.FunctionBuildConfigArgs{\n\t\t\t\tRuntime: pulumi.String(\"nodejs16\"),\n\t\t\t\tEntryPoint: pulumi.String(\"helloHttp\"),\n\t\t\t\tDockerRepository: encoded_ar_repo.ID(),\n\t\t\t\tSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceArgs{\n\t\t\t\t\tStorageSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs{\n\t\t\t\t\t\tBucket: bucket.Name,\n\t\t\t\t\t\tObject: object.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tServiceConfig: \u0026cloudfunctionsv2.FunctionServiceConfigArgs{\n\t\t\t\tMaxInstanceCount: pulumi.Int(1),\n\t\t\t\tAvailableMemory: pulumi.String(\"256M\"),\n\t\t\t\tTimeoutSeconds: pulumi.Int(60),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tgcfCmekKeyuser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.projects.ServiceIdentity;\nimport com.pulumi.gcp.projects.ServiceIdentityArgs;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBinding;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBinding;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBindingArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.Function;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceStorageSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionServiceConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = \"my-project-name\";\n\n final var projectGetProject = OrganizationsFunctions.getProject();\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(String.format(\"%s-gcf-source\", project))\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var object = new BucketObject(\"object\", BucketObjectArgs.builder()\n .name(\"function-source.zip\")\n .bucket(bucket.name())\n .source(new FileAsset(\"function-source.zip\"))\n .build());\n\n var eaSa = new ServiceIdentity(\"eaSa\", ServiceIdentityArgs.builder()\n .project(projectGetProject.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .service(\"eventarc.googleapis.com\")\n .build());\n\n var unencoded_ar_repo = new Repository(\"unencoded-ar-repo\", RepositoryArgs.builder()\n .repositoryId(\"ar-repo\")\n .location(\"us-central1\")\n .format(\"DOCKER\")\n .build());\n\n var gcfCmekKeyuser = new CryptoKeyIAMBinding(\"gcfCmekKeyuser\", CryptoKeyIAMBindingArgs.builder()\n .cryptoKeyId(\"cmek-key\")\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .members( \n String.format(\"serviceAccount:service-%s@gcf-admin-robot.iam.gserviceaccount.com\", projectGetProject.applyValue(getProjectResult -\u003e getProjectResult.number())),\n String.format(\"serviceAccount:service-%s@gcp-sa-artifactregistry.iam.gserviceaccount.com\", projectGetProject.applyValue(getProjectResult -\u003e getProjectResult.number())),\n String.format(\"serviceAccount:service-%s@gs-project-accounts.iam.gserviceaccount.com\", projectGetProject.applyValue(getProjectResult -\u003e getProjectResult.number())),\n String.format(\"serviceAccount:service-%s@serverless-robot-prod.iam.gserviceaccount.com\", projectGetProject.applyValue(getProjectResult -\u003e getProjectResult.number())),\n eaSa.member())\n .build(), CustomResourceOptions.builder()\n .dependsOn(eaSa)\n .build());\n\n var encoded_ar_repo = new Repository(\"encoded-ar-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"cmek-repo\")\n .format(\"DOCKER\")\n .kmsKeyName(\"cmek-key\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(gcfCmekKeyuser)\n .build());\n\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .location(encoded_ar_repo.location())\n .repository(encoded_ar_repo.name())\n .role(\"roles/artifactregistry.admin\")\n .members(String.format(\"serviceAccount:service-%s@gcf-admin-robot.iam.gserviceaccount.com\", projectGetProject.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var function = new Function(\"function\", FunctionArgs.builder()\n .name(\"function-cmek\")\n .location(\"us-central1\")\n .description(\"CMEK function\")\n .kmsKeyName(\"cmek-key\")\n .buildConfig(FunctionBuildConfigArgs.builder()\n .runtime(\"nodejs16\")\n .entryPoint(\"helloHttp\")\n .dockerRepository(encoded_ar_repo.id())\n .source(FunctionBuildConfigSourceArgs.builder()\n .storageSource(FunctionBuildConfigSourceStorageSourceArgs.builder()\n .bucket(bucket.name())\n .object(object.name())\n .build())\n .build())\n .build())\n .serviceConfig(FunctionServiceConfigArgs.builder()\n .maxInstanceCount(1)\n .availableMemory(\"256M\")\n .timeoutSeconds(60)\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(gcfCmekKeyuser)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: ${project}-gcf-source\n location: US\n uniformBucketLevelAccess: true\n object:\n type: gcp:storage:BucketObject\n properties:\n name: function-source.zip\n bucket: ${bucket.name}\n source:\n fn::FileAsset: function-source.zip\n eaSa:\n type: gcp:projects:ServiceIdentity\n name: ea_sa\n properties:\n project: ${projectGetProject.projectId}\n service: eventarc.googleapis.com\n unencoded-ar-repo:\n type: gcp:artifactregistry:Repository\n properties:\n repositoryId: ar-repo\n location: us-central1\n format: DOCKER\n binding:\n type: gcp:artifactregistry:RepositoryIamBinding\n properties:\n location: ${[\"encoded-ar-repo\"].location}\n repository: ${[\"encoded-ar-repo\"].name}\n role: roles/artifactregistry.admin\n members:\n - serviceAccount:service-${projectGetProject.number}@gcf-admin-robot.iam.gserviceaccount.com\n gcfCmekKeyuser:\n type: gcp:kms:CryptoKeyIAMBinding\n name: gcf_cmek_keyuser\n properties:\n cryptoKeyId: cmek-key\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n members:\n - serviceAccount:service-${projectGetProject.number}@gcf-admin-robot.iam.gserviceaccount.com\n - serviceAccount:service-${projectGetProject.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\n - serviceAccount:service-${projectGetProject.number}@gs-project-accounts.iam.gserviceaccount.com\n - serviceAccount:service-${projectGetProject.number}@serverless-robot-prod.iam.gserviceaccount.com\n - ${eaSa.member}\n options:\n dependson:\n - ${eaSa}\n encoded-ar-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: cmek-repo\n format: DOCKER\n kmsKeyName: cmek-key\n options:\n dependson:\n - ${gcfCmekKeyuser}\n function:\n type: gcp:cloudfunctionsv2:Function\n properties:\n name: function-cmek\n location: us-central1\n description: CMEK function\n kmsKeyName: cmek-key\n buildConfig:\n runtime: nodejs16\n entryPoint: helloHttp\n dockerRepository: ${[\"encoded-ar-repo\"].id}\n source:\n storageSource:\n bucket: ${bucket.name}\n object: ${object.name}\n serviceConfig:\n maxInstanceCount: 1\n availableMemory: 256M\n timeoutSeconds: 60\n options:\n dependson:\n - ${gcfCmekKeyuser}\nvariables:\n project: my-project-name\n projectGetProject:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudfunctions2 Abiu\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = \"my-project-name\";\nconst account = new gcp.serviceaccount.Account(\"account\", {\n accountId: \"gcf-sa\",\n displayName: \"Test Service Account\",\n});\nconst topic = new gcp.pubsub.Topic(\"topic\", {name: \"functions2-topic\"});\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: `${project}-gcf-source`,\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst object = new gcp.storage.BucketObject(\"object\", {\n name: \"function-source.zip\",\n bucket: bucket.name,\n source: new pulumi.asset.FileAsset(\"function-source.zip\"),\n});\nconst _function = new gcp.cloudfunctionsv2.Function(\"function\", {\n name: \"gcf-function\",\n location: \"europe-west6\",\n description: \"a new function\",\n buildConfig: {\n runtime: \"nodejs16\",\n entryPoint: \"helloPubSub\",\n environmentVariables: {\n BUILD_CONFIG_TEST: \"build_test\",\n },\n source: {\n storageSource: {\n bucket: bucket.name,\n object: object.name,\n },\n },\n automaticUpdatePolicy: {},\n },\n serviceConfig: {\n maxInstanceCount: 3,\n minInstanceCount: 1,\n availableMemory: \"4Gi\",\n timeoutSeconds: 60,\n maxInstanceRequestConcurrency: 80,\n availableCpu: \"4\",\n environmentVariables: {\n SERVICE_CONFIG_TEST: \"config_test\",\n },\n ingressSettings: \"ALLOW_INTERNAL_ONLY\",\n allTrafficOnLatestRevision: true,\n serviceAccountEmail: account.email,\n },\n eventTrigger: {\n triggerRegion: \"us-central1\",\n eventType: \"google.cloud.pubsub.topic.v1.messagePublished\",\n pubsubTopic: topic.id,\n retryPolicy: \"RETRY_POLICY_RETRY\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = \"my-project-name\"\naccount = gcp.serviceaccount.Account(\"account\",\n account_id=\"gcf-sa\",\n display_name=\"Test Service Account\")\ntopic = gcp.pubsub.Topic(\"topic\", name=\"functions2-topic\")\nbucket = gcp.storage.Bucket(\"bucket\",\n name=f\"{project}-gcf-source\",\n location=\"US\",\n uniform_bucket_level_access=True)\nobject = gcp.storage.BucketObject(\"object\",\n name=\"function-source.zip\",\n bucket=bucket.name,\n source=pulumi.FileAsset(\"function-source.zip\"))\nfunction = gcp.cloudfunctionsv2.Function(\"function\",\n name=\"gcf-function\",\n location=\"europe-west6\",\n description=\"a new function\",\n build_config={\n \"runtime\": \"nodejs16\",\n \"entry_point\": \"helloPubSub\",\n \"environment_variables\": {\n \"BUILD_CONFIG_TEST\": \"build_test\",\n },\n \"source\": {\n \"storage_source\": {\n \"bucket\": bucket.name,\n \"object\": object.name,\n },\n },\n \"automatic_update_policy\": {},\n },\n service_config={\n \"max_instance_count\": 3,\n \"min_instance_count\": 1,\n \"available_memory\": \"4Gi\",\n \"timeout_seconds\": 60,\n \"max_instance_request_concurrency\": 80,\n \"available_cpu\": \"4\",\n \"environment_variables\": {\n \"SERVICE_CONFIG_TEST\": \"config_test\",\n },\n \"ingress_settings\": \"ALLOW_INTERNAL_ONLY\",\n \"all_traffic_on_latest_revision\": True,\n \"service_account_email\": account.email,\n },\n event_trigger={\n \"trigger_region\": \"us-central1\",\n \"event_type\": \"google.cloud.pubsub.topic.v1.messagePublished\",\n \"pubsub_topic\": topic.id,\n \"retry_policy\": \"RETRY_POLICY_RETRY\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = \"my-project-name\";\n\n var account = new Gcp.ServiceAccount.Account(\"account\", new()\n {\n AccountId = \"gcf-sa\",\n DisplayName = \"Test Service Account\",\n });\n\n var topic = new Gcp.PubSub.Topic(\"topic\", new()\n {\n Name = \"functions2-topic\",\n });\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = $\"{project}-gcf-source\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var @object = new Gcp.Storage.BucketObject(\"object\", new()\n {\n Name = \"function-source.zip\",\n Bucket = bucket.Name,\n Source = new FileAsset(\"function-source.zip\"),\n });\n\n var function = new Gcp.CloudFunctionsV2.Function(\"function\", new()\n {\n Name = \"gcf-function\",\n Location = \"europe-west6\",\n Description = \"a new function\",\n BuildConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigArgs\n {\n Runtime = \"nodejs16\",\n EntryPoint = \"helloPubSub\",\n EnvironmentVariables = \n {\n { \"BUILD_CONFIG_TEST\", \"build_test\" },\n },\n Source = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceArgs\n {\n StorageSource = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceStorageSourceArgs\n {\n Bucket = bucket.Name,\n Object = @object.Name,\n },\n },\n AutomaticUpdatePolicy = null,\n },\n ServiceConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionServiceConfigArgs\n {\n MaxInstanceCount = 3,\n MinInstanceCount = 1,\n AvailableMemory = \"4Gi\",\n TimeoutSeconds = 60,\n MaxInstanceRequestConcurrency = 80,\n AvailableCpu = \"4\",\n EnvironmentVariables = \n {\n { \"SERVICE_CONFIG_TEST\", \"config_test\" },\n },\n IngressSettings = \"ALLOW_INTERNAL_ONLY\",\n AllTrafficOnLatestRevision = true,\n ServiceAccountEmail = account.Email,\n },\n EventTrigger = new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerArgs\n {\n TriggerRegion = \"us-central1\",\n EventType = \"google.cloud.pubsub.topic.v1.messagePublished\",\n PubsubTopic = topic.Id,\n RetryPolicy = \"RETRY_POLICY_RETRY\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject := \"my-project-name\"\n\t\taccount, err := serviceaccount.NewAccount(ctx, \"account\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"gcf-sa\"),\n\t\t\tDisplayName: pulumi.String(\"Test Service Account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttopic, err := pubsub.NewTopic(ctx, \"topic\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"functions2-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.Sprintf(\"%v-gcf-source\", project),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tobject, err := storage.NewBucketObject(ctx, \"object\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"function-source.zip\"),\n\t\t\tBucket: bucket.Name,\n\t\t\tSource: pulumi.NewFileAsset(\"function-source.zip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunction(ctx, \"function\", \u0026cloudfunctionsv2.FunctionArgs{\n\t\t\tName: pulumi.String(\"gcf-function\"),\n\t\t\tLocation: pulumi.String(\"europe-west6\"),\n\t\t\tDescription: pulumi.String(\"a new function\"),\n\t\t\tBuildConfig: \u0026cloudfunctionsv2.FunctionBuildConfigArgs{\n\t\t\t\tRuntime: pulumi.String(\"nodejs16\"),\n\t\t\t\tEntryPoint: pulumi.String(\"helloPubSub\"),\n\t\t\t\tEnvironmentVariables: pulumi.StringMap{\n\t\t\t\t\t\"BUILD_CONFIG_TEST\": pulumi.String(\"build_test\"),\n\t\t\t\t},\n\t\t\t\tSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceArgs{\n\t\t\t\t\tStorageSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs{\n\t\t\t\t\t\tBucket: bucket.Name,\n\t\t\t\t\t\tObject: object.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tAutomaticUpdatePolicy: \u0026cloudfunctionsv2.FunctionBuildConfigAutomaticUpdatePolicyArgs{},\n\t\t\t},\n\t\t\tServiceConfig: \u0026cloudfunctionsv2.FunctionServiceConfigArgs{\n\t\t\t\tMaxInstanceCount: pulumi.Int(3),\n\t\t\t\tMinInstanceCount: pulumi.Int(1),\n\t\t\t\tAvailableMemory: pulumi.String(\"4Gi\"),\n\t\t\t\tTimeoutSeconds: pulumi.Int(60),\n\t\t\t\tMaxInstanceRequestConcurrency: pulumi.Int(80),\n\t\t\t\tAvailableCpu: pulumi.String(\"4\"),\n\t\t\t\tEnvironmentVariables: pulumi.StringMap{\n\t\t\t\t\t\"SERVICE_CONFIG_TEST\": pulumi.String(\"config_test\"),\n\t\t\t\t},\n\t\t\t\tIngressSettings: pulumi.String(\"ALLOW_INTERNAL_ONLY\"),\n\t\t\t\tAllTrafficOnLatestRevision: pulumi.Bool(true),\n\t\t\t\tServiceAccountEmail: account.Email,\n\t\t\t},\n\t\t\tEventTrigger: \u0026cloudfunctionsv2.FunctionEventTriggerArgs{\n\t\t\t\tTriggerRegion: pulumi.String(\"us-central1\"),\n\t\t\t\tEventType: pulumi.String(\"google.cloud.pubsub.topic.v1.messagePublished\"),\n\t\t\t\tPubsubTopic: topic.ID(),\n\t\t\t\tRetryPolicy: pulumi.String(\"RETRY_POLICY_RETRY\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.Function;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceStorageSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigAutomaticUpdatePolicyArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionServiceConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionEventTriggerArgs;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = \"my-project-name\";\n\n var account = new Account(\"account\", AccountArgs.builder()\n .accountId(\"gcf-sa\")\n .displayName(\"Test Service Account\")\n .build());\n\n var topic = new Topic(\"topic\", TopicArgs.builder()\n .name(\"functions2-topic\")\n .build());\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(String.format(\"%s-gcf-source\", project))\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var object = new BucketObject(\"object\", BucketObjectArgs.builder()\n .name(\"function-source.zip\")\n .bucket(bucket.name())\n .source(new FileAsset(\"function-source.zip\"))\n .build());\n\n var function = new Function(\"function\", FunctionArgs.builder()\n .name(\"gcf-function\")\n .location(\"europe-west6\")\n .description(\"a new function\")\n .buildConfig(FunctionBuildConfigArgs.builder()\n .runtime(\"nodejs16\")\n .entryPoint(\"helloPubSub\")\n .environmentVariables(Map.of(\"BUILD_CONFIG_TEST\", \"build_test\"))\n .source(FunctionBuildConfigSourceArgs.builder()\n .storageSource(FunctionBuildConfigSourceStorageSourceArgs.builder()\n .bucket(bucket.name())\n .object(object.name())\n .build())\n .build())\n .automaticUpdatePolicy()\n .build())\n .serviceConfig(FunctionServiceConfigArgs.builder()\n .maxInstanceCount(3)\n .minInstanceCount(1)\n .availableMemory(\"4Gi\")\n .timeoutSeconds(60)\n .maxInstanceRequestConcurrency(80)\n .availableCpu(\"4\")\n .environmentVariables(Map.of(\"SERVICE_CONFIG_TEST\", \"config_test\"))\n .ingressSettings(\"ALLOW_INTERNAL_ONLY\")\n .allTrafficOnLatestRevision(true)\n .serviceAccountEmail(account.email())\n .build())\n .eventTrigger(FunctionEventTriggerArgs.builder()\n .triggerRegion(\"us-central1\")\n .eventType(\"google.cloud.pubsub.topic.v1.messagePublished\")\n .pubsubTopic(topic.id())\n .retryPolicy(\"RETRY_POLICY_RETRY\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n account:\n type: gcp:serviceaccount:Account\n properties:\n accountId: gcf-sa\n displayName: Test Service Account\n topic:\n type: gcp:pubsub:Topic\n properties:\n name: functions2-topic\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: ${project}-gcf-source\n location: US\n uniformBucketLevelAccess: true\n object:\n type: gcp:storage:BucketObject\n properties:\n name: function-source.zip\n bucket: ${bucket.name}\n source:\n fn::FileAsset: function-source.zip\n function:\n type: gcp:cloudfunctionsv2:Function\n properties:\n name: gcf-function\n location: europe-west6\n description: a new function\n buildConfig:\n runtime: nodejs16\n entryPoint: helloPubSub\n environmentVariables:\n BUILD_CONFIG_TEST: build_test\n source:\n storageSource:\n bucket: ${bucket.name}\n object: ${object.name}\n automaticUpdatePolicy: {}\n serviceConfig:\n maxInstanceCount: 3\n minInstanceCount: 1\n availableMemory: 4Gi\n timeoutSeconds: 60\n maxInstanceRequestConcurrency: 80\n availableCpu: '4'\n environmentVariables:\n SERVICE_CONFIG_TEST: config_test\n ingressSettings: ALLOW_INTERNAL_ONLY\n allTrafficOnLatestRevision: true\n serviceAccountEmail: ${account.email}\n eventTrigger:\n triggerRegion: us-central1\n eventType: google.cloud.pubsub.topic.v1.messagePublished\n pubsubTopic: ${topic.id}\n retryPolicy: RETRY_POLICY_RETRY\nvariables:\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudfunctions2 Abiu On Deploy\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = \"my-project-name\";\nconst account = new gcp.serviceaccount.Account(\"account\", {\n accountId: \"gcf-sa\",\n displayName: \"Test Service Account\",\n});\nconst topic = new gcp.pubsub.Topic(\"topic\", {name: \"functions2-topic\"});\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: `${project}-gcf-source`,\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst object = new gcp.storage.BucketObject(\"object\", {\n name: \"function-source.zip\",\n bucket: bucket.name,\n source: new pulumi.asset.FileAsset(\"function-source.zip\"),\n});\nconst _function = new gcp.cloudfunctionsv2.Function(\"function\", {\n name: \"gcf-function\",\n location: \"europe-west6\",\n description: \"a new function\",\n buildConfig: {\n runtime: \"nodejs16\",\n entryPoint: \"helloPubSub\",\n environmentVariables: {\n BUILD_CONFIG_TEST: \"build_test\",\n },\n source: {\n storageSource: {\n bucket: bucket.name,\n object: object.name,\n },\n },\n onDeployUpdatePolicy: {},\n },\n serviceConfig: {\n maxInstanceCount: 3,\n minInstanceCount: 1,\n availableMemory: \"4Gi\",\n timeoutSeconds: 60,\n maxInstanceRequestConcurrency: 80,\n availableCpu: \"4\",\n environmentVariables: {\n SERVICE_CONFIG_TEST: \"config_test\",\n },\n ingressSettings: \"ALLOW_INTERNAL_ONLY\",\n allTrafficOnLatestRevision: true,\n serviceAccountEmail: account.email,\n },\n eventTrigger: {\n triggerRegion: \"us-central1\",\n eventType: \"google.cloud.pubsub.topic.v1.messagePublished\",\n pubsubTopic: topic.id,\n retryPolicy: \"RETRY_POLICY_RETRY\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = \"my-project-name\"\naccount = gcp.serviceaccount.Account(\"account\",\n account_id=\"gcf-sa\",\n display_name=\"Test Service Account\")\ntopic = gcp.pubsub.Topic(\"topic\", name=\"functions2-topic\")\nbucket = gcp.storage.Bucket(\"bucket\",\n name=f\"{project}-gcf-source\",\n location=\"US\",\n uniform_bucket_level_access=True)\nobject = gcp.storage.BucketObject(\"object\",\n name=\"function-source.zip\",\n bucket=bucket.name,\n source=pulumi.FileAsset(\"function-source.zip\"))\nfunction = gcp.cloudfunctionsv2.Function(\"function\",\n name=\"gcf-function\",\n location=\"europe-west6\",\n description=\"a new function\",\n build_config={\n \"runtime\": \"nodejs16\",\n \"entry_point\": \"helloPubSub\",\n \"environment_variables\": {\n \"BUILD_CONFIG_TEST\": \"build_test\",\n },\n \"source\": {\n \"storage_source\": {\n \"bucket\": bucket.name,\n \"object\": object.name,\n },\n },\n \"on_deploy_update_policy\": {},\n },\n service_config={\n \"max_instance_count\": 3,\n \"min_instance_count\": 1,\n \"available_memory\": \"4Gi\",\n \"timeout_seconds\": 60,\n \"max_instance_request_concurrency\": 80,\n \"available_cpu\": \"4\",\n \"environment_variables\": {\n \"SERVICE_CONFIG_TEST\": \"config_test\",\n },\n \"ingress_settings\": \"ALLOW_INTERNAL_ONLY\",\n \"all_traffic_on_latest_revision\": True,\n \"service_account_email\": account.email,\n },\n event_trigger={\n \"trigger_region\": \"us-central1\",\n \"event_type\": \"google.cloud.pubsub.topic.v1.messagePublished\",\n \"pubsub_topic\": topic.id,\n \"retry_policy\": \"RETRY_POLICY_RETRY\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = \"my-project-name\";\n\n var account = new Gcp.ServiceAccount.Account(\"account\", new()\n {\n AccountId = \"gcf-sa\",\n DisplayName = \"Test Service Account\",\n });\n\n var topic = new Gcp.PubSub.Topic(\"topic\", new()\n {\n Name = \"functions2-topic\",\n });\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = $\"{project}-gcf-source\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var @object = new Gcp.Storage.BucketObject(\"object\", new()\n {\n Name = \"function-source.zip\",\n Bucket = bucket.Name,\n Source = new FileAsset(\"function-source.zip\"),\n });\n\n var function = new Gcp.CloudFunctionsV2.Function(\"function\", new()\n {\n Name = \"gcf-function\",\n Location = \"europe-west6\",\n Description = \"a new function\",\n BuildConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigArgs\n {\n Runtime = \"nodejs16\",\n EntryPoint = \"helloPubSub\",\n EnvironmentVariables = \n {\n { \"BUILD_CONFIG_TEST\", \"build_test\" },\n },\n Source = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceArgs\n {\n StorageSource = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceStorageSourceArgs\n {\n Bucket = bucket.Name,\n Object = @object.Name,\n },\n },\n OnDeployUpdatePolicy = null,\n },\n ServiceConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionServiceConfigArgs\n {\n MaxInstanceCount = 3,\n MinInstanceCount = 1,\n AvailableMemory = \"4Gi\",\n TimeoutSeconds = 60,\n MaxInstanceRequestConcurrency = 80,\n AvailableCpu = \"4\",\n EnvironmentVariables = \n {\n { \"SERVICE_CONFIG_TEST\", \"config_test\" },\n },\n IngressSettings = \"ALLOW_INTERNAL_ONLY\",\n AllTrafficOnLatestRevision = true,\n ServiceAccountEmail = account.Email,\n },\n EventTrigger = new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerArgs\n {\n TriggerRegion = \"us-central1\",\n EventType = \"google.cloud.pubsub.topic.v1.messagePublished\",\n PubsubTopic = topic.Id,\n RetryPolicy = \"RETRY_POLICY_RETRY\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject := \"my-project-name\"\n\t\taccount, err := serviceaccount.NewAccount(ctx, \"account\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"gcf-sa\"),\n\t\t\tDisplayName: pulumi.String(\"Test Service Account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttopic, err := pubsub.NewTopic(ctx, \"topic\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"functions2-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.Sprintf(\"%v-gcf-source\", project),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tobject, err := storage.NewBucketObject(ctx, \"object\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"function-source.zip\"),\n\t\t\tBucket: bucket.Name,\n\t\t\tSource: pulumi.NewFileAsset(\"function-source.zip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunction(ctx, \"function\", \u0026cloudfunctionsv2.FunctionArgs{\n\t\t\tName: pulumi.String(\"gcf-function\"),\n\t\t\tLocation: pulumi.String(\"europe-west6\"),\n\t\t\tDescription: pulumi.String(\"a new function\"),\n\t\t\tBuildConfig: \u0026cloudfunctionsv2.FunctionBuildConfigArgs{\n\t\t\t\tRuntime: pulumi.String(\"nodejs16\"),\n\t\t\t\tEntryPoint: pulumi.String(\"helloPubSub\"),\n\t\t\t\tEnvironmentVariables: pulumi.StringMap{\n\t\t\t\t\t\"BUILD_CONFIG_TEST\": pulumi.String(\"build_test\"),\n\t\t\t\t},\n\t\t\t\tSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceArgs{\n\t\t\t\t\tStorageSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs{\n\t\t\t\t\t\tBucket: bucket.Name,\n\t\t\t\t\t\tObject: object.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tOnDeployUpdatePolicy: \u0026cloudfunctionsv2.FunctionBuildConfigOnDeployUpdatePolicyArgs{},\n\t\t\t},\n\t\t\tServiceConfig: \u0026cloudfunctionsv2.FunctionServiceConfigArgs{\n\t\t\t\tMaxInstanceCount: pulumi.Int(3),\n\t\t\t\tMinInstanceCount: pulumi.Int(1),\n\t\t\t\tAvailableMemory: pulumi.String(\"4Gi\"),\n\t\t\t\tTimeoutSeconds: pulumi.Int(60),\n\t\t\t\tMaxInstanceRequestConcurrency: pulumi.Int(80),\n\t\t\t\tAvailableCpu: pulumi.String(\"4\"),\n\t\t\t\tEnvironmentVariables: pulumi.StringMap{\n\t\t\t\t\t\"SERVICE_CONFIG_TEST\": pulumi.String(\"config_test\"),\n\t\t\t\t},\n\t\t\t\tIngressSettings: pulumi.String(\"ALLOW_INTERNAL_ONLY\"),\n\t\t\t\tAllTrafficOnLatestRevision: pulumi.Bool(true),\n\t\t\t\tServiceAccountEmail: account.Email,\n\t\t\t},\n\t\t\tEventTrigger: \u0026cloudfunctionsv2.FunctionEventTriggerArgs{\n\t\t\t\tTriggerRegion: pulumi.String(\"us-central1\"),\n\t\t\t\tEventType: pulumi.String(\"google.cloud.pubsub.topic.v1.messagePublished\"),\n\t\t\t\tPubsubTopic: topic.ID(),\n\t\t\t\tRetryPolicy: pulumi.String(\"RETRY_POLICY_RETRY\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.Function;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceStorageSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigOnDeployUpdatePolicyArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionServiceConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionEventTriggerArgs;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = \"my-project-name\";\n\n var account = new Account(\"account\", AccountArgs.builder()\n .accountId(\"gcf-sa\")\n .displayName(\"Test Service Account\")\n .build());\n\n var topic = new Topic(\"topic\", TopicArgs.builder()\n .name(\"functions2-topic\")\n .build());\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(String.format(\"%s-gcf-source\", project))\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var object = new BucketObject(\"object\", BucketObjectArgs.builder()\n .name(\"function-source.zip\")\n .bucket(bucket.name())\n .source(new FileAsset(\"function-source.zip\"))\n .build());\n\n var function = new Function(\"function\", FunctionArgs.builder()\n .name(\"gcf-function\")\n .location(\"europe-west6\")\n .description(\"a new function\")\n .buildConfig(FunctionBuildConfigArgs.builder()\n .runtime(\"nodejs16\")\n .entryPoint(\"helloPubSub\")\n .environmentVariables(Map.of(\"BUILD_CONFIG_TEST\", \"build_test\"))\n .source(FunctionBuildConfigSourceArgs.builder()\n .storageSource(FunctionBuildConfigSourceStorageSourceArgs.builder()\n .bucket(bucket.name())\n .object(object.name())\n .build())\n .build())\n .onDeployUpdatePolicy()\n .build())\n .serviceConfig(FunctionServiceConfigArgs.builder()\n .maxInstanceCount(3)\n .minInstanceCount(1)\n .availableMemory(\"4Gi\")\n .timeoutSeconds(60)\n .maxInstanceRequestConcurrency(80)\n .availableCpu(\"4\")\n .environmentVariables(Map.of(\"SERVICE_CONFIG_TEST\", \"config_test\"))\n .ingressSettings(\"ALLOW_INTERNAL_ONLY\")\n .allTrafficOnLatestRevision(true)\n .serviceAccountEmail(account.email())\n .build())\n .eventTrigger(FunctionEventTriggerArgs.builder()\n .triggerRegion(\"us-central1\")\n .eventType(\"google.cloud.pubsub.topic.v1.messagePublished\")\n .pubsubTopic(topic.id())\n .retryPolicy(\"RETRY_POLICY_RETRY\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n account:\n type: gcp:serviceaccount:Account\n properties:\n accountId: gcf-sa\n displayName: Test Service Account\n topic:\n type: gcp:pubsub:Topic\n properties:\n name: functions2-topic\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: ${project}-gcf-source\n location: US\n uniformBucketLevelAccess: true\n object:\n type: gcp:storage:BucketObject\n properties:\n name: function-source.zip\n bucket: ${bucket.name}\n source:\n fn::FileAsset: function-source.zip\n function:\n type: gcp:cloudfunctionsv2:Function\n properties:\n name: gcf-function\n location: europe-west6\n description: a new function\n buildConfig:\n runtime: nodejs16\n entryPoint: helloPubSub\n environmentVariables:\n BUILD_CONFIG_TEST: build_test\n source:\n storageSource:\n bucket: ${bucket.name}\n object: ${object.name}\n onDeployUpdatePolicy: {}\n serviceConfig:\n maxInstanceCount: 3\n minInstanceCount: 1\n availableMemory: 4Gi\n timeoutSeconds: 60\n maxInstanceRequestConcurrency: 80\n availableCpu: '4'\n environmentVariables:\n SERVICE_CONFIG_TEST: config_test\n ingressSettings: ALLOW_INTERNAL_ONLY\n allTrafficOnLatestRevision: true\n serviceAccountEmail: ${account.email}\n eventTrigger:\n triggerRegion: us-central1\n eventType: google.cloud.pubsub.topic.v1.messagePublished\n pubsubTopic: ${topic.id}\n retryPolicy: RETRY_POLICY_RETRY\nvariables:\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nfunction can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/functions/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, function can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/function:Function default projects/{{project}}/locations/{{location}}/functions/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/function:Function default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/function:Function default {{location}}/{{name}}\n```\n\n", + "description": "A Cloud Function that contains user computation executed in response to an event.\n\n\nTo get more information about function, see:\n\n* [API documentation](https://cloud.google.com/functions/docs/reference/rest/v2beta/projects.locations.functions)\n\n## Example Usage\n\n### Cloudfunctions2 Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = \"my-project-name\";\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: `${project}-gcf-source`,\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst object = new gcp.storage.BucketObject(\"object\", {\n name: \"function-source.zip\",\n bucket: bucket.name,\n source: new pulumi.asset.FileAsset(\"function-source.zip\"),\n});\nconst _function = new gcp.cloudfunctionsv2.Function(\"function\", {\n name: \"function-v2\",\n location: \"us-central1\",\n description: \"a new function\",\n buildConfig: {\n runtime: \"nodejs16\",\n entryPoint: \"helloHttp\",\n source: {\n storageSource: {\n bucket: bucket.name,\n object: object.name,\n },\n },\n },\n serviceConfig: {\n maxInstanceCount: 1,\n availableMemory: \"256M\",\n timeoutSeconds: 60,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = \"my-project-name\"\nbucket = gcp.storage.Bucket(\"bucket\",\n name=f\"{project}-gcf-source\",\n location=\"US\",\n uniform_bucket_level_access=True)\nobject = gcp.storage.BucketObject(\"object\",\n name=\"function-source.zip\",\n bucket=bucket.name,\n source=pulumi.FileAsset(\"function-source.zip\"))\nfunction = gcp.cloudfunctionsv2.Function(\"function\",\n name=\"function-v2\",\n location=\"us-central1\",\n description=\"a new function\",\n build_config={\n \"runtime\": \"nodejs16\",\n \"entry_point\": \"helloHttp\",\n \"source\": {\n \"storage_source\": {\n \"bucket\": bucket.name,\n \"object\": object.name,\n },\n },\n },\n service_config={\n \"max_instance_count\": 1,\n \"available_memory\": \"256M\",\n \"timeout_seconds\": 60,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = \"my-project-name\";\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = $\"{project}-gcf-source\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var @object = new Gcp.Storage.BucketObject(\"object\", new()\n {\n Name = \"function-source.zip\",\n Bucket = bucket.Name,\n Source = new FileAsset(\"function-source.zip\"),\n });\n\n var function = new Gcp.CloudFunctionsV2.Function(\"function\", new()\n {\n Name = \"function-v2\",\n Location = \"us-central1\",\n Description = \"a new function\",\n BuildConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigArgs\n {\n Runtime = \"nodejs16\",\n EntryPoint = \"helloHttp\",\n Source = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceArgs\n {\n StorageSource = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceStorageSourceArgs\n {\n Bucket = bucket.Name,\n Object = @object.Name,\n },\n },\n },\n ServiceConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionServiceConfigArgs\n {\n MaxInstanceCount = 1,\n AvailableMemory = \"256M\",\n TimeoutSeconds = 60,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject := \"my-project-name\"\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.Sprintf(\"%v-gcf-source\", project),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tobject, err := storage.NewBucketObject(ctx, \"object\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"function-source.zip\"),\n\t\t\tBucket: bucket.Name,\n\t\t\tSource: pulumi.NewFileAsset(\"function-source.zip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunction(ctx, \"function\", \u0026cloudfunctionsv2.FunctionArgs{\n\t\t\tName: pulumi.String(\"function-v2\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"a new function\"),\n\t\t\tBuildConfig: \u0026cloudfunctionsv2.FunctionBuildConfigArgs{\n\t\t\t\tRuntime: pulumi.String(\"nodejs16\"),\n\t\t\t\tEntryPoint: pulumi.String(\"helloHttp\"),\n\t\t\t\tSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceArgs{\n\t\t\t\t\tStorageSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs{\n\t\t\t\t\t\tBucket: bucket.Name,\n\t\t\t\t\t\tObject: object.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tServiceConfig: \u0026cloudfunctionsv2.FunctionServiceConfigArgs{\n\t\t\t\tMaxInstanceCount: pulumi.Int(1),\n\t\t\t\tAvailableMemory: pulumi.String(\"256M\"),\n\t\t\t\tTimeoutSeconds: pulumi.Int(60),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.Function;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceStorageSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionServiceConfigArgs;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = \"my-project-name\";\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(String.format(\"%s-gcf-source\", project))\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var object = new BucketObject(\"object\", BucketObjectArgs.builder()\n .name(\"function-source.zip\")\n .bucket(bucket.name())\n .source(new FileAsset(\"function-source.zip\"))\n .build());\n\n var function = new Function(\"function\", FunctionArgs.builder()\n .name(\"function-v2\")\n .location(\"us-central1\")\n .description(\"a new function\")\n .buildConfig(FunctionBuildConfigArgs.builder()\n .runtime(\"nodejs16\")\n .entryPoint(\"helloHttp\")\n .source(FunctionBuildConfigSourceArgs.builder()\n .storageSource(FunctionBuildConfigSourceStorageSourceArgs.builder()\n .bucket(bucket.name())\n .object(object.name())\n .build())\n .build())\n .build())\n .serviceConfig(FunctionServiceConfigArgs.builder()\n .maxInstanceCount(1)\n .availableMemory(\"256M\")\n .timeoutSeconds(60)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: ${project}-gcf-source\n location: US\n uniformBucketLevelAccess: true\n object:\n type: gcp:storage:BucketObject\n properties:\n name: function-source.zip\n bucket: ${bucket.name}\n source:\n fn::FileAsset: function-source.zip\n function:\n type: gcp:cloudfunctionsv2:Function\n properties:\n name: function-v2\n location: us-central1\n description: a new function\n buildConfig:\n runtime: nodejs16\n entryPoint: helloHttp\n source:\n storageSource:\n bucket: ${bucket.name}\n object: ${object.name}\n serviceConfig:\n maxInstanceCount: 1\n availableMemory: 256M\n timeoutSeconds: 60\nvariables:\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudfunctions2 Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = \"my-project-name\";\nconst account = new gcp.serviceaccount.Account(\"account\", {\n accountId: \"gcf-sa\",\n displayName: \"Test Service Account\",\n});\nconst topic = new gcp.pubsub.Topic(\"topic\", {name: \"functions2-topic\"});\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: `${project}-gcf-source`,\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst object = new gcp.storage.BucketObject(\"object\", {\n name: \"function-source.zip\",\n bucket: bucket.name,\n source: new pulumi.asset.FileAsset(\"function-source.zip\"),\n});\nconst _function = new gcp.cloudfunctionsv2.Function(\"function\", {\n name: \"gcf-function\",\n location: \"us-central1\",\n description: \"a new function\",\n buildConfig: {\n runtime: \"nodejs16\",\n entryPoint: \"helloPubSub\",\n environmentVariables: {\n BUILD_CONFIG_TEST: \"build_test\",\n },\n source: {\n storageSource: {\n bucket: bucket.name,\n object: object.name,\n },\n },\n },\n serviceConfig: {\n maxInstanceCount: 3,\n minInstanceCount: 1,\n availableMemory: \"4Gi\",\n timeoutSeconds: 60,\n maxInstanceRequestConcurrency: 80,\n availableCpu: \"4\",\n environmentVariables: {\n SERVICE_CONFIG_TEST: \"config_test\",\n SERVICE_CONFIG_DIFF_TEST: account.email,\n },\n ingressSettings: \"ALLOW_INTERNAL_ONLY\",\n allTrafficOnLatestRevision: true,\n serviceAccountEmail: account.email,\n },\n eventTrigger: {\n triggerRegion: \"us-central1\",\n eventType: \"google.cloud.pubsub.topic.v1.messagePublished\",\n pubsubTopic: topic.id,\n retryPolicy: \"RETRY_POLICY_RETRY\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = \"my-project-name\"\naccount = gcp.serviceaccount.Account(\"account\",\n account_id=\"gcf-sa\",\n display_name=\"Test Service Account\")\ntopic = gcp.pubsub.Topic(\"topic\", name=\"functions2-topic\")\nbucket = gcp.storage.Bucket(\"bucket\",\n name=f\"{project}-gcf-source\",\n location=\"US\",\n uniform_bucket_level_access=True)\nobject = gcp.storage.BucketObject(\"object\",\n name=\"function-source.zip\",\n bucket=bucket.name,\n source=pulumi.FileAsset(\"function-source.zip\"))\nfunction = gcp.cloudfunctionsv2.Function(\"function\",\n name=\"gcf-function\",\n location=\"us-central1\",\n description=\"a new function\",\n build_config={\n \"runtime\": \"nodejs16\",\n \"entry_point\": \"helloPubSub\",\n \"environment_variables\": {\n \"BUILD_CONFIG_TEST\": \"build_test\",\n },\n \"source\": {\n \"storage_source\": {\n \"bucket\": bucket.name,\n \"object\": object.name,\n },\n },\n },\n service_config={\n \"max_instance_count\": 3,\n \"min_instance_count\": 1,\n \"available_memory\": \"4Gi\",\n \"timeout_seconds\": 60,\n \"max_instance_request_concurrency\": 80,\n \"available_cpu\": \"4\",\n \"environment_variables\": {\n \"SERVICE_CONFIG_TEST\": \"config_test\",\n \"SERVICE_CONFIG_DIFF_TEST\": account.email,\n },\n \"ingress_settings\": \"ALLOW_INTERNAL_ONLY\",\n \"all_traffic_on_latest_revision\": True,\n \"service_account_email\": account.email,\n },\n event_trigger={\n \"trigger_region\": \"us-central1\",\n \"event_type\": \"google.cloud.pubsub.topic.v1.messagePublished\",\n \"pubsub_topic\": topic.id,\n \"retry_policy\": \"RETRY_POLICY_RETRY\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = \"my-project-name\";\n\n var account = new Gcp.ServiceAccount.Account(\"account\", new()\n {\n AccountId = \"gcf-sa\",\n DisplayName = \"Test Service Account\",\n });\n\n var topic = new Gcp.PubSub.Topic(\"topic\", new()\n {\n Name = \"functions2-topic\",\n });\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = $\"{project}-gcf-source\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var @object = new Gcp.Storage.BucketObject(\"object\", new()\n {\n Name = \"function-source.zip\",\n Bucket = bucket.Name,\n Source = new FileAsset(\"function-source.zip\"),\n });\n\n var function = new Gcp.CloudFunctionsV2.Function(\"function\", new()\n {\n Name = \"gcf-function\",\n Location = \"us-central1\",\n Description = \"a new function\",\n BuildConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigArgs\n {\n Runtime = \"nodejs16\",\n EntryPoint = \"helloPubSub\",\n EnvironmentVariables = \n {\n { \"BUILD_CONFIG_TEST\", \"build_test\" },\n },\n Source = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceArgs\n {\n StorageSource = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceStorageSourceArgs\n {\n Bucket = bucket.Name,\n Object = @object.Name,\n },\n },\n },\n ServiceConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionServiceConfigArgs\n {\n MaxInstanceCount = 3,\n MinInstanceCount = 1,\n AvailableMemory = \"4Gi\",\n TimeoutSeconds = 60,\n MaxInstanceRequestConcurrency = 80,\n AvailableCpu = \"4\",\n EnvironmentVariables = \n {\n { \"SERVICE_CONFIG_TEST\", \"config_test\" },\n { \"SERVICE_CONFIG_DIFF_TEST\", account.Email },\n },\n IngressSettings = \"ALLOW_INTERNAL_ONLY\",\n AllTrafficOnLatestRevision = true,\n ServiceAccountEmail = account.Email,\n },\n EventTrigger = new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerArgs\n {\n TriggerRegion = \"us-central1\",\n EventType = \"google.cloud.pubsub.topic.v1.messagePublished\",\n PubsubTopic = topic.Id,\n RetryPolicy = \"RETRY_POLICY_RETRY\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject := \"my-project-name\"\n\t\taccount, err := serviceaccount.NewAccount(ctx, \"account\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"gcf-sa\"),\n\t\t\tDisplayName: pulumi.String(\"Test Service Account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttopic, err := pubsub.NewTopic(ctx, \"topic\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"functions2-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.Sprintf(\"%v-gcf-source\", project),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tobject, err := storage.NewBucketObject(ctx, \"object\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"function-source.zip\"),\n\t\t\tBucket: bucket.Name,\n\t\t\tSource: pulumi.NewFileAsset(\"function-source.zip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunction(ctx, \"function\", \u0026cloudfunctionsv2.FunctionArgs{\n\t\t\tName: pulumi.String(\"gcf-function\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"a new function\"),\n\t\t\tBuildConfig: \u0026cloudfunctionsv2.FunctionBuildConfigArgs{\n\t\t\t\tRuntime: pulumi.String(\"nodejs16\"),\n\t\t\t\tEntryPoint: pulumi.String(\"helloPubSub\"),\n\t\t\t\tEnvironmentVariables: pulumi.StringMap{\n\t\t\t\t\t\"BUILD_CONFIG_TEST\": pulumi.String(\"build_test\"),\n\t\t\t\t},\n\t\t\t\tSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceArgs{\n\t\t\t\t\tStorageSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs{\n\t\t\t\t\t\tBucket: bucket.Name,\n\t\t\t\t\t\tObject: object.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tServiceConfig: \u0026cloudfunctionsv2.FunctionServiceConfigArgs{\n\t\t\t\tMaxInstanceCount: pulumi.Int(3),\n\t\t\t\tMinInstanceCount: pulumi.Int(1),\n\t\t\t\tAvailableMemory: pulumi.String(\"4Gi\"),\n\t\t\t\tTimeoutSeconds: pulumi.Int(60),\n\t\t\t\tMaxInstanceRequestConcurrency: pulumi.Int(80),\n\t\t\t\tAvailableCpu: pulumi.String(\"4\"),\n\t\t\t\tEnvironmentVariables: pulumi.StringMap{\n\t\t\t\t\t\"SERVICE_CONFIG_TEST\": pulumi.String(\"config_test\"),\n\t\t\t\t\t\"SERVICE_CONFIG_DIFF_TEST\": account.Email,\n\t\t\t\t},\n\t\t\t\tIngressSettings: pulumi.String(\"ALLOW_INTERNAL_ONLY\"),\n\t\t\t\tAllTrafficOnLatestRevision: pulumi.Bool(true),\n\t\t\t\tServiceAccountEmail: account.Email,\n\t\t\t},\n\t\t\tEventTrigger: \u0026cloudfunctionsv2.FunctionEventTriggerArgs{\n\t\t\t\tTriggerRegion: pulumi.String(\"us-central1\"),\n\t\t\t\tEventType: pulumi.String(\"google.cloud.pubsub.topic.v1.messagePublished\"),\n\t\t\t\tPubsubTopic: topic.ID(),\n\t\t\t\tRetryPolicy: pulumi.String(\"RETRY_POLICY_RETRY\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.Function;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceStorageSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionServiceConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionEventTriggerArgs;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = \"my-project-name\";\n\n var account = new Account(\"account\", AccountArgs.builder()\n .accountId(\"gcf-sa\")\n .displayName(\"Test Service Account\")\n .build());\n\n var topic = new Topic(\"topic\", TopicArgs.builder()\n .name(\"functions2-topic\")\n .build());\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(String.format(\"%s-gcf-source\", project))\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var object = new BucketObject(\"object\", BucketObjectArgs.builder()\n .name(\"function-source.zip\")\n .bucket(bucket.name())\n .source(new FileAsset(\"function-source.zip\"))\n .build());\n\n var function = new Function(\"function\", FunctionArgs.builder()\n .name(\"gcf-function\")\n .location(\"us-central1\")\n .description(\"a new function\")\n .buildConfig(FunctionBuildConfigArgs.builder()\n .runtime(\"nodejs16\")\n .entryPoint(\"helloPubSub\")\n .environmentVariables(Map.of(\"BUILD_CONFIG_TEST\", \"build_test\"))\n .source(FunctionBuildConfigSourceArgs.builder()\n .storageSource(FunctionBuildConfigSourceStorageSourceArgs.builder()\n .bucket(bucket.name())\n .object(object.name())\n .build())\n .build())\n .build())\n .serviceConfig(FunctionServiceConfigArgs.builder()\n .maxInstanceCount(3)\n .minInstanceCount(1)\n .availableMemory(\"4Gi\")\n .timeoutSeconds(60)\n .maxInstanceRequestConcurrency(80)\n .availableCpu(\"4\")\n .environmentVariables(Map.ofEntries(\n Map.entry(\"SERVICE_CONFIG_TEST\", \"config_test\"),\n Map.entry(\"SERVICE_CONFIG_DIFF_TEST\", account.email())\n ))\n .ingressSettings(\"ALLOW_INTERNAL_ONLY\")\n .allTrafficOnLatestRevision(true)\n .serviceAccountEmail(account.email())\n .build())\n .eventTrigger(FunctionEventTriggerArgs.builder()\n .triggerRegion(\"us-central1\")\n .eventType(\"google.cloud.pubsub.topic.v1.messagePublished\")\n .pubsubTopic(topic.id())\n .retryPolicy(\"RETRY_POLICY_RETRY\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n account:\n type: gcp:serviceaccount:Account\n properties:\n accountId: gcf-sa\n displayName: Test Service Account\n topic:\n type: gcp:pubsub:Topic\n properties:\n name: functions2-topic\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: ${project}-gcf-source\n location: US\n uniformBucketLevelAccess: true\n object:\n type: gcp:storage:BucketObject\n properties:\n name: function-source.zip\n bucket: ${bucket.name}\n source:\n fn::FileAsset: function-source.zip\n function:\n type: gcp:cloudfunctionsv2:Function\n properties:\n name: gcf-function\n location: us-central1\n description: a new function\n buildConfig:\n runtime: nodejs16\n entryPoint: helloPubSub\n environmentVariables:\n BUILD_CONFIG_TEST: build_test\n source:\n storageSource:\n bucket: ${bucket.name}\n object: ${object.name}\n serviceConfig:\n maxInstanceCount: 3\n minInstanceCount: 1\n availableMemory: 4Gi\n timeoutSeconds: 60\n maxInstanceRequestConcurrency: 80\n availableCpu: '4'\n environmentVariables:\n SERVICE_CONFIG_TEST: config_test\n SERVICE_CONFIG_DIFF_TEST: ${account.email}\n ingressSettings: ALLOW_INTERNAL_ONLY\n allTrafficOnLatestRevision: true\n serviceAccountEmail: ${account.email}\n eventTrigger:\n triggerRegion: us-central1\n eventType: google.cloud.pubsub.topic.v1.messagePublished\n pubsubTopic: ${topic.id}\n retryPolicy: RETRY_POLICY_RETRY\nvariables:\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudfunctions2 Scheduler Auth\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = \"my-project-name\";\nconst account = new gcp.serviceaccount.Account(\"account\", {\n accountId: \"gcf-sa\",\n displayName: \"Test Service Account\",\n});\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: `${project}-gcf-source`,\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst object = new gcp.storage.BucketObject(\"object\", {\n name: \"function-source.zip\",\n bucket: bucket.name,\n source: new pulumi.asset.FileAsset(\"function-source.zip\"),\n});\nconst _function = new gcp.cloudfunctionsv2.Function(\"function\", {\n name: \"gcf-function\",\n location: \"us-central1\",\n description: \"a new function\",\n buildConfig: {\n runtime: \"nodejs16\",\n entryPoint: \"helloHttp\",\n source: {\n storageSource: {\n bucket: bucket.name,\n object: object.name,\n },\n },\n },\n serviceConfig: {\n minInstanceCount: 1,\n availableMemory: \"256M\",\n timeoutSeconds: 60,\n serviceAccountEmail: account.email,\n },\n});\nconst invoker = new gcp.cloudfunctionsv2.FunctionIamMember(\"invoker\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/cloudfunctions.invoker\",\n member: pulumi.interpolate`serviceAccount:${account.email}`,\n});\nconst cloudRunInvoker = new gcp.cloudrun.IamMember(\"cloud_run_invoker\", {\n project: _function.project,\n location: _function.location,\n service: _function.name,\n role: \"roles/run.invoker\",\n member: pulumi.interpolate`serviceAccount:${account.email}`,\n});\nconst invokeCloudFunction = new gcp.cloudscheduler.Job(\"invoke_cloud_function\", {\n name: \"invoke-gcf-function\",\n description: \"Schedule the HTTPS trigger for cloud function\",\n schedule: \"0 0 * * *\",\n project: _function.project,\n region: _function.location,\n httpTarget: {\n uri: _function.serviceConfig.apply(serviceConfig =\u003e serviceConfig?.uri),\n httpMethod: \"POST\",\n oidcToken: {\n audience: _function.serviceConfig.apply(serviceConfig =\u003e `${serviceConfig?.uri}/`),\n serviceAccountEmail: account.email,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = \"my-project-name\"\naccount = gcp.serviceaccount.Account(\"account\",\n account_id=\"gcf-sa\",\n display_name=\"Test Service Account\")\nbucket = gcp.storage.Bucket(\"bucket\",\n name=f\"{project}-gcf-source\",\n location=\"US\",\n uniform_bucket_level_access=True)\nobject = gcp.storage.BucketObject(\"object\",\n name=\"function-source.zip\",\n bucket=bucket.name,\n source=pulumi.FileAsset(\"function-source.zip\"))\nfunction = gcp.cloudfunctionsv2.Function(\"function\",\n name=\"gcf-function\",\n location=\"us-central1\",\n description=\"a new function\",\n build_config={\n \"runtime\": \"nodejs16\",\n \"entry_point\": \"helloHttp\",\n \"source\": {\n \"storage_source\": {\n \"bucket\": bucket.name,\n \"object\": object.name,\n },\n },\n },\n service_config={\n \"min_instance_count\": 1,\n \"available_memory\": \"256M\",\n \"timeout_seconds\": 60,\n \"service_account_email\": account.email,\n })\ninvoker = gcp.cloudfunctionsv2.FunctionIamMember(\"invoker\",\n project=function.project,\n location=function.location,\n cloud_function=function.name,\n role=\"roles/cloudfunctions.invoker\",\n member=account.email.apply(lambda email: f\"serviceAccount:{email}\"))\ncloud_run_invoker = gcp.cloudrun.IamMember(\"cloud_run_invoker\",\n project=function.project,\n location=function.location,\n service=function.name,\n role=\"roles/run.invoker\",\n member=account.email.apply(lambda email: f\"serviceAccount:{email}\"))\ninvoke_cloud_function = gcp.cloudscheduler.Job(\"invoke_cloud_function\",\n name=\"invoke-gcf-function\",\n description=\"Schedule the HTTPS trigger for cloud function\",\n schedule=\"0 0 * * *\",\n project=function.project,\n region=function.location,\n http_target={\n \"uri\": function.service_config.uri,\n \"http_method\": \"POST\",\n \"oidc_token\": {\n \"audience\": function.service_config.apply(lambda service_config: f\"{service_config.uri}/\"),\n \"service_account_email\": account.email,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = \"my-project-name\";\n\n var account = new Gcp.ServiceAccount.Account(\"account\", new()\n {\n AccountId = \"gcf-sa\",\n DisplayName = \"Test Service Account\",\n });\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = $\"{project}-gcf-source\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var @object = new Gcp.Storage.BucketObject(\"object\", new()\n {\n Name = \"function-source.zip\",\n Bucket = bucket.Name,\n Source = new FileAsset(\"function-source.zip\"),\n });\n\n var function = new Gcp.CloudFunctionsV2.Function(\"function\", new()\n {\n Name = \"gcf-function\",\n Location = \"us-central1\",\n Description = \"a new function\",\n BuildConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigArgs\n {\n Runtime = \"nodejs16\",\n EntryPoint = \"helloHttp\",\n Source = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceArgs\n {\n StorageSource = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceStorageSourceArgs\n {\n Bucket = bucket.Name,\n Object = @object.Name,\n },\n },\n },\n ServiceConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionServiceConfigArgs\n {\n MinInstanceCount = 1,\n AvailableMemory = \"256M\",\n TimeoutSeconds = 60,\n ServiceAccountEmail = account.Email,\n },\n });\n\n var invoker = new Gcp.CloudFunctionsV2.FunctionIamMember(\"invoker\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/cloudfunctions.invoker\",\n Member = account.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n var cloudRunInvoker = new Gcp.CloudRun.IamMember(\"cloud_run_invoker\", new()\n {\n Project = function.Project,\n Location = function.Location,\n Service = function.Name,\n Role = \"roles/run.invoker\",\n Member = account.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n var invokeCloudFunction = new Gcp.CloudScheduler.Job(\"invoke_cloud_function\", new()\n {\n Name = \"invoke-gcf-function\",\n Description = \"Schedule the HTTPS trigger for cloud function\",\n Schedule = \"0 0 * * *\",\n Project = function.Project,\n Region = function.Location,\n HttpTarget = new Gcp.CloudScheduler.Inputs.JobHttpTargetArgs\n {\n Uri = function.ServiceConfig.Apply(serviceConfig =\u003e serviceConfig?.Uri),\n HttpMethod = \"POST\",\n OidcToken = new Gcp.CloudScheduler.Inputs.JobHttpTargetOidcTokenArgs\n {\n Audience = function.ServiceConfig.Apply(serviceConfig =\u003e $\"{serviceConfig?.Uri}/\"),\n ServiceAccountEmail = account.Email,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudscheduler\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject := \"my-project-name\"\n\t\taccount, err := serviceaccount.NewAccount(ctx, \"account\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"gcf-sa\"),\n\t\t\tDisplayName: pulumi.String(\"Test Service Account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.Sprintf(\"%v-gcf-source\", project),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tobject, err := storage.NewBucketObject(ctx, \"object\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"function-source.zip\"),\n\t\t\tBucket: bucket.Name,\n\t\t\tSource: pulumi.NewFileAsset(\"function-source.zip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfunction, err := cloudfunctionsv2.NewFunction(ctx, \"function\", \u0026cloudfunctionsv2.FunctionArgs{\n\t\t\tName: pulumi.String(\"gcf-function\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"a new function\"),\n\t\t\tBuildConfig: \u0026cloudfunctionsv2.FunctionBuildConfigArgs{\n\t\t\t\tRuntime: pulumi.String(\"nodejs16\"),\n\t\t\t\tEntryPoint: pulumi.String(\"helloHttp\"),\n\t\t\t\tSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceArgs{\n\t\t\t\t\tStorageSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs{\n\t\t\t\t\t\tBucket: bucket.Name,\n\t\t\t\t\t\tObject: object.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tServiceConfig: \u0026cloudfunctionsv2.FunctionServiceConfigArgs{\n\t\t\t\tMinInstanceCount: pulumi.Int(1),\n\t\t\t\tAvailableMemory: pulumi.String(\"256M\"),\n\t\t\t\tTimeoutSeconds: pulumi.Int(60),\n\t\t\t\tServiceAccountEmail: account.Email,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunctionIamMember(ctx, \"invoker\", \u0026cloudfunctionsv2.FunctionIamMemberArgs{\n\t\t\tProject: function.Project,\n\t\t\tLocation: function.Location,\n\t\t\tCloudFunction: function.Name,\n\t\t\tRole: pulumi.String(\"roles/cloudfunctions.invoker\"),\n\t\t\tMember: account.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrun.NewIamMember(ctx, \"cloud_run_invoker\", \u0026cloudrun.IamMemberArgs{\n\t\t\tProject: function.Project,\n\t\t\tLocation: function.Location,\n\t\t\tService: function.Name,\n\t\t\tRole: pulumi.String(\"roles/run.invoker\"),\n\t\t\tMember: account.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudscheduler.NewJob(ctx, \"invoke_cloud_function\", \u0026cloudscheduler.JobArgs{\n\t\t\tName: pulumi.String(\"invoke-gcf-function\"),\n\t\t\tDescription: pulumi.String(\"Schedule the HTTPS trigger for cloud function\"),\n\t\t\tSchedule: pulumi.String(\"0 0 * * *\"),\n\t\t\tProject: function.Project,\n\t\t\tRegion: function.Location,\n\t\t\tHttpTarget: \u0026cloudscheduler.JobHttpTargetArgs{\n\t\t\t\tUri: function.ServiceConfig.ApplyT(func(serviceConfig cloudfunctionsv2.FunctionServiceConfig) (*string, error) {\n\t\t\t\t\treturn \u0026serviceConfig.Uri, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\tHttpMethod: pulumi.String(\"POST\"),\n\t\t\t\tOidcToken: \u0026cloudscheduler.JobHttpTargetOidcTokenArgs{\n\t\t\t\t\tAudience: function.ServiceConfig.ApplyT(func(serviceConfig cloudfunctionsv2.FunctionServiceConfig) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"%v/\", serviceConfig.Uri), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\tServiceAccountEmail: account.Email,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.Function;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceStorageSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionServiceConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMemberArgs;\nimport com.pulumi.gcp.cloudrun.IamMember;\nimport com.pulumi.gcp.cloudrun.IamMemberArgs;\nimport com.pulumi.gcp.cloudscheduler.Job;\nimport com.pulumi.gcp.cloudscheduler.JobArgs;\nimport com.pulumi.gcp.cloudscheduler.inputs.JobHttpTargetArgs;\nimport com.pulumi.gcp.cloudscheduler.inputs.JobHttpTargetOidcTokenArgs;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = \"my-project-name\";\n\n var account = new Account(\"account\", AccountArgs.builder()\n .accountId(\"gcf-sa\")\n .displayName(\"Test Service Account\")\n .build());\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(String.format(\"%s-gcf-source\", project))\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var object = new BucketObject(\"object\", BucketObjectArgs.builder()\n .name(\"function-source.zip\")\n .bucket(bucket.name())\n .source(new FileAsset(\"function-source.zip\"))\n .build());\n\n var function = new Function(\"function\", FunctionArgs.builder()\n .name(\"gcf-function\")\n .location(\"us-central1\")\n .description(\"a new function\")\n .buildConfig(FunctionBuildConfigArgs.builder()\n .runtime(\"nodejs16\")\n .entryPoint(\"helloHttp\")\n .source(FunctionBuildConfigSourceArgs.builder()\n .storageSource(FunctionBuildConfigSourceStorageSourceArgs.builder()\n .bucket(bucket.name())\n .object(object.name())\n .build())\n .build())\n .build())\n .serviceConfig(FunctionServiceConfigArgs.builder()\n .minInstanceCount(1)\n .availableMemory(\"256M\")\n .timeoutSeconds(60)\n .serviceAccountEmail(account.email())\n .build())\n .build());\n\n var invoker = new FunctionIamMember(\"invoker\", FunctionIamMemberArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/cloudfunctions.invoker\")\n .member(account.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n var cloudRunInvoker = new IamMember(\"cloudRunInvoker\", IamMemberArgs.builder()\n .project(function.project())\n .location(function.location())\n .service(function.name())\n .role(\"roles/run.invoker\")\n .member(account.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n var invokeCloudFunction = new Job(\"invokeCloudFunction\", JobArgs.builder()\n .name(\"invoke-gcf-function\")\n .description(\"Schedule the HTTPS trigger for cloud function\")\n .schedule(\"0 0 * * *\")\n .project(function.project())\n .region(function.location())\n .httpTarget(JobHttpTargetArgs.builder()\n .uri(function.serviceConfig().applyValue(serviceConfig -\u003e serviceConfig.uri()))\n .httpMethod(\"POST\")\n .oidcToken(JobHttpTargetOidcTokenArgs.builder()\n .audience(function.serviceConfig().applyValue(serviceConfig -\u003e String.format(\"%s/\", serviceConfig.uri())))\n .serviceAccountEmail(account.email())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n account:\n type: gcp:serviceaccount:Account\n properties:\n accountId: gcf-sa\n displayName: Test Service Account\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: ${project}-gcf-source\n location: US\n uniformBucketLevelAccess: true\n object:\n type: gcp:storage:BucketObject\n properties:\n name: function-source.zip\n bucket: ${bucket.name}\n source:\n fn::FileAsset: function-source.zip\n function:\n type: gcp:cloudfunctionsv2:Function\n properties:\n name: gcf-function\n location: us-central1\n description: a new function\n buildConfig:\n runtime: nodejs16\n entryPoint: helloHttp\n source:\n storageSource:\n bucket: ${bucket.name}\n object: ${object.name}\n serviceConfig:\n minInstanceCount: 1\n availableMemory: 256M\n timeoutSeconds: 60\n serviceAccountEmail: ${account.email}\n invoker:\n type: gcp:cloudfunctionsv2:FunctionIamMember\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/cloudfunctions.invoker\n member: serviceAccount:${account.email}\n cloudRunInvoker:\n type: gcp:cloudrun:IamMember\n name: cloud_run_invoker\n properties:\n project: ${function.project}\n location: ${function.location}\n service: ${function.name}\n role: roles/run.invoker\n member: serviceAccount:${account.email}\n invokeCloudFunction:\n type: gcp:cloudscheduler:Job\n name: invoke_cloud_function\n properties:\n name: invoke-gcf-function\n description: Schedule the HTTPS trigger for cloud function\n schedule: 0 0 * * *\n project: ${function.project}\n region: ${function.location}\n httpTarget:\n uri: ${function.serviceConfig.uri}\n httpMethod: POST\n oidcToken:\n audience: ${function.serviceConfig.uri}/\n serviceAccountEmail: ${account.email}\nvariables:\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudfunctions2 Basic Gcs\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst source_bucket = new gcp.storage.Bucket(\"source-bucket\", {\n name: \"gcf-source-bucket\",\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst object = new gcp.storage.BucketObject(\"object\", {\n name: \"function-source.zip\",\n bucket: source_bucket.name,\n source: new pulumi.asset.FileAsset(\"function-source.zip\"),\n});\nconst trigger_bucket = new gcp.storage.Bucket(\"trigger-bucket\", {\n name: \"gcf-trigger-bucket\",\n location: \"us-central1\",\n uniformBucketLevelAccess: true,\n});\nconst gcsAccount = gcp.storage.getProjectServiceAccount({});\n// To use GCS CloudEvent triggers, the GCS service account requires the Pub/Sub Publisher(roles/pubsub.publisher) IAM role in the specified project.\n// (See https://cloud.google.com/eventarc/docs/run/quickstart-storage#before-you-begin)\nconst gcs_pubsub_publishing = new gcp.projects.IAMMember(\"gcs-pubsub-publishing\", {\n project: \"my-project-name\",\n role: \"roles/pubsub.publisher\",\n member: gcsAccount.then(gcsAccount =\u003e `serviceAccount:${gcsAccount.emailAddress}`),\n});\nconst account = new gcp.serviceaccount.Account(\"account\", {\n accountId: \"gcf-sa\",\n displayName: \"Test Service Account - used for both the cloud function and eventarc trigger in the test\",\n});\n// Permissions on the service account used by the function and Eventarc trigger\nconst invoking = new gcp.projects.IAMMember(\"invoking\", {\n project: \"my-project-name\",\n role: \"roles/run.invoker\",\n member: pulumi.interpolate`serviceAccount:${account.email}`,\n}, {\n dependsOn: [gcs_pubsub_publishing],\n});\nconst event_receiving = new gcp.projects.IAMMember(\"event-receiving\", {\n project: \"my-project-name\",\n role: \"roles/eventarc.eventReceiver\",\n member: pulumi.interpolate`serviceAccount:${account.email}`,\n}, {\n dependsOn: [invoking],\n});\nconst artifactregistry_reader = new gcp.projects.IAMMember(\"artifactregistry-reader\", {\n project: \"my-project-name\",\n role: \"roles/artifactregistry.reader\",\n member: pulumi.interpolate`serviceAccount:${account.email}`,\n}, {\n dependsOn: [event_receiving],\n});\nconst _function = new gcp.cloudfunctionsv2.Function(\"function\", {\n name: \"gcf-function\",\n location: \"us-central1\",\n description: \"a new function\",\n buildConfig: {\n runtime: \"nodejs12\",\n entryPoint: \"entryPoint\",\n environmentVariables: {\n BUILD_CONFIG_TEST: \"build_test\",\n },\n source: {\n storageSource: {\n bucket: source_bucket.name,\n object: object.name,\n },\n },\n },\n serviceConfig: {\n maxInstanceCount: 3,\n minInstanceCount: 1,\n availableMemory: \"256M\",\n timeoutSeconds: 60,\n environmentVariables: {\n SERVICE_CONFIG_TEST: \"config_test\",\n },\n ingressSettings: \"ALLOW_INTERNAL_ONLY\",\n allTrafficOnLatestRevision: true,\n serviceAccountEmail: account.email,\n },\n eventTrigger: {\n eventType: \"google.cloud.storage.object.v1.finalized\",\n retryPolicy: \"RETRY_POLICY_RETRY\",\n serviceAccountEmail: account.email,\n eventFilters: [{\n attribute: \"bucket\",\n value: trigger_bucket.name,\n }],\n },\n}, {\n dependsOn: [\n event_receiving,\n artifactregistry_reader,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsource_bucket = gcp.storage.Bucket(\"source-bucket\",\n name=\"gcf-source-bucket\",\n location=\"US\",\n uniform_bucket_level_access=True)\nobject = gcp.storage.BucketObject(\"object\",\n name=\"function-source.zip\",\n bucket=source_bucket.name,\n source=pulumi.FileAsset(\"function-source.zip\"))\ntrigger_bucket = gcp.storage.Bucket(\"trigger-bucket\",\n name=\"gcf-trigger-bucket\",\n location=\"us-central1\",\n uniform_bucket_level_access=True)\ngcs_account = gcp.storage.get_project_service_account()\n# To use GCS CloudEvent triggers, the GCS service account requires the Pub/Sub Publisher(roles/pubsub.publisher) IAM role in the specified project.\n# (See https://cloud.google.com/eventarc/docs/run/quickstart-storage#before-you-begin)\ngcs_pubsub_publishing = gcp.projects.IAMMember(\"gcs-pubsub-publishing\",\n project=\"my-project-name\",\n role=\"roles/pubsub.publisher\",\n member=f\"serviceAccount:{gcs_account.email_address}\")\naccount = gcp.serviceaccount.Account(\"account\",\n account_id=\"gcf-sa\",\n display_name=\"Test Service Account - used for both the cloud function and eventarc trigger in the test\")\n# Permissions on the service account used by the function and Eventarc trigger\ninvoking = gcp.projects.IAMMember(\"invoking\",\n project=\"my-project-name\",\n role=\"roles/run.invoker\",\n member=account.email.apply(lambda email: f\"serviceAccount:{email}\"),\n opts = pulumi.ResourceOptions(depends_on=[gcs_pubsub_publishing]))\nevent_receiving = gcp.projects.IAMMember(\"event-receiving\",\n project=\"my-project-name\",\n role=\"roles/eventarc.eventReceiver\",\n member=account.email.apply(lambda email: f\"serviceAccount:{email}\"),\n opts = pulumi.ResourceOptions(depends_on=[invoking]))\nartifactregistry_reader = gcp.projects.IAMMember(\"artifactregistry-reader\",\n project=\"my-project-name\",\n role=\"roles/artifactregistry.reader\",\n member=account.email.apply(lambda email: f\"serviceAccount:{email}\"),\n opts = pulumi.ResourceOptions(depends_on=[event_receiving]))\nfunction = gcp.cloudfunctionsv2.Function(\"function\",\n name=\"gcf-function\",\n location=\"us-central1\",\n description=\"a new function\",\n build_config={\n \"runtime\": \"nodejs12\",\n \"entry_point\": \"entryPoint\",\n \"environment_variables\": {\n \"BUILD_CONFIG_TEST\": \"build_test\",\n },\n \"source\": {\n \"storage_source\": {\n \"bucket\": source_bucket.name,\n \"object\": object.name,\n },\n },\n },\n service_config={\n \"max_instance_count\": 3,\n \"min_instance_count\": 1,\n \"available_memory\": \"256M\",\n \"timeout_seconds\": 60,\n \"environment_variables\": {\n \"SERVICE_CONFIG_TEST\": \"config_test\",\n },\n \"ingress_settings\": \"ALLOW_INTERNAL_ONLY\",\n \"all_traffic_on_latest_revision\": True,\n \"service_account_email\": account.email,\n },\n event_trigger={\n \"event_type\": \"google.cloud.storage.object.v1.finalized\",\n \"retry_policy\": \"RETRY_POLICY_RETRY\",\n \"service_account_email\": account.email,\n \"event_filters\": [{\n \"attribute\": \"bucket\",\n \"value\": trigger_bucket.name,\n }],\n },\n opts = pulumi.ResourceOptions(depends_on=[\n event_receiving,\n artifactregistry_reader,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var source_bucket = new Gcp.Storage.Bucket(\"source-bucket\", new()\n {\n Name = \"gcf-source-bucket\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var @object = new Gcp.Storage.BucketObject(\"object\", new()\n {\n Name = \"function-source.zip\",\n Bucket = source_bucket.Name,\n Source = new FileAsset(\"function-source.zip\"),\n });\n\n var trigger_bucket = new Gcp.Storage.Bucket(\"trigger-bucket\", new()\n {\n Name = \"gcf-trigger-bucket\",\n Location = \"us-central1\",\n UniformBucketLevelAccess = true,\n });\n\n var gcsAccount = Gcp.Storage.GetProjectServiceAccount.Invoke();\n\n // To use GCS CloudEvent triggers, the GCS service account requires the Pub/Sub Publisher(roles/pubsub.publisher) IAM role in the specified project.\n // (See https://cloud.google.com/eventarc/docs/run/quickstart-storage#before-you-begin)\n var gcs_pubsub_publishing = new Gcp.Projects.IAMMember(\"gcs-pubsub-publishing\", new()\n {\n Project = \"my-project-name\",\n Role = \"roles/pubsub.publisher\",\n Member = $\"serviceAccount:{gcsAccount.Apply(getProjectServiceAccountResult =\u003e getProjectServiceAccountResult.EmailAddress)}\",\n });\n\n var account = new Gcp.ServiceAccount.Account(\"account\", new()\n {\n AccountId = \"gcf-sa\",\n DisplayName = \"Test Service Account - used for both the cloud function and eventarc trigger in the test\",\n });\n\n // Permissions on the service account used by the function and Eventarc trigger\n var invoking = new Gcp.Projects.IAMMember(\"invoking\", new()\n {\n Project = \"my-project-name\",\n Role = \"roles/run.invoker\",\n Member = account.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n gcs_pubsub_publishing,\n },\n });\n\n var event_receiving = new Gcp.Projects.IAMMember(\"event-receiving\", new()\n {\n Project = \"my-project-name\",\n Role = \"roles/eventarc.eventReceiver\",\n Member = account.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n invoking,\n },\n });\n\n var artifactregistry_reader = new Gcp.Projects.IAMMember(\"artifactregistry-reader\", new()\n {\n Project = \"my-project-name\",\n Role = \"roles/artifactregistry.reader\",\n Member = account.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n event_receiving,\n },\n });\n\n var function = new Gcp.CloudFunctionsV2.Function(\"function\", new()\n {\n Name = \"gcf-function\",\n Location = \"us-central1\",\n Description = \"a new function\",\n BuildConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigArgs\n {\n Runtime = \"nodejs12\",\n EntryPoint = \"entryPoint\",\n EnvironmentVariables = \n {\n { \"BUILD_CONFIG_TEST\", \"build_test\" },\n },\n Source = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceArgs\n {\n StorageSource = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceStorageSourceArgs\n {\n Bucket = source_bucket.Name,\n Object = @object.Name,\n },\n },\n },\n ServiceConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionServiceConfigArgs\n {\n MaxInstanceCount = 3,\n MinInstanceCount = 1,\n AvailableMemory = \"256M\",\n TimeoutSeconds = 60,\n EnvironmentVariables = \n {\n { \"SERVICE_CONFIG_TEST\", \"config_test\" },\n },\n IngressSettings = \"ALLOW_INTERNAL_ONLY\",\n AllTrafficOnLatestRevision = true,\n ServiceAccountEmail = account.Email,\n },\n EventTrigger = new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerArgs\n {\n EventType = \"google.cloud.storage.object.v1.finalized\",\n RetryPolicy = \"RETRY_POLICY_RETRY\",\n ServiceAccountEmail = account.Email,\n EventFilters = new[]\n {\n new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerEventFilterArgs\n {\n Attribute = \"bucket\",\n Value = trigger_bucket.Name,\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n event_receiving,\n artifactregistry_reader,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucket(ctx, \"source-bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"gcf-source-bucket\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tobject, err := storage.NewBucketObject(ctx, \"object\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"function-source.zip\"),\n\t\t\tBucket: source_bucket.Name,\n\t\t\tSource: pulumi.NewFileAsset(\"function-source.zip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucket(ctx, \"trigger-bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"gcf-trigger-bucket\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgcsAccount, err := storage.GetProjectServiceAccount(ctx, \u0026storage.GetProjectServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// To use GCS CloudEvent triggers, the GCS service account requires the Pub/Sub Publisher(roles/pubsub.publisher) IAM role in the specified project.\n\t\t// (See https://cloud.google.com/eventarc/docs/run/quickstart-storage#before-you-begin)\n\t\t_, err = projects.NewIAMMember(ctx, \"gcs-pubsub-publishing\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tRole: pulumi.String(\"roles/pubsub.publisher\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v\", gcsAccount.EmailAddress),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\taccount, err := serviceaccount.NewAccount(ctx, \"account\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"gcf-sa\"),\n\t\t\tDisplayName: pulumi.String(\"Test Service Account - used for both the cloud function and eventarc trigger in the test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Permissions on the service account used by the function and Eventarc trigger\n\t\tinvoking, err := projects.NewIAMMember(ctx, \"invoking\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tRole: pulumi.String(\"roles/run.invoker\"),\n\t\t\tMember: account.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tgcs_pubsub_publishing,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMMember(ctx, \"event-receiving\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tRole: pulumi.String(\"roles/eventarc.eventReceiver\"),\n\t\t\tMember: account.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tinvoking,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMMember(ctx, \"artifactregistry-reader\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMember: account.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tevent_receiving,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunction(ctx, \"function\", \u0026cloudfunctionsv2.FunctionArgs{\n\t\t\tName: pulumi.String(\"gcf-function\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"a new function\"),\n\t\t\tBuildConfig: \u0026cloudfunctionsv2.FunctionBuildConfigArgs{\n\t\t\t\tRuntime: pulumi.String(\"nodejs12\"),\n\t\t\t\tEntryPoint: pulumi.String(\"entryPoint\"),\n\t\t\t\tEnvironmentVariables: pulumi.StringMap{\n\t\t\t\t\t\"BUILD_CONFIG_TEST\": pulumi.String(\"build_test\"),\n\t\t\t\t},\n\t\t\t\tSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceArgs{\n\t\t\t\t\tStorageSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs{\n\t\t\t\t\t\tBucket: source_bucket.Name,\n\t\t\t\t\t\tObject: object.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tServiceConfig: \u0026cloudfunctionsv2.FunctionServiceConfigArgs{\n\t\t\t\tMaxInstanceCount: pulumi.Int(3),\n\t\t\t\tMinInstanceCount: pulumi.Int(1),\n\t\t\t\tAvailableMemory: pulumi.String(\"256M\"),\n\t\t\t\tTimeoutSeconds: pulumi.Int(60),\n\t\t\t\tEnvironmentVariables: pulumi.StringMap{\n\t\t\t\t\t\"SERVICE_CONFIG_TEST\": pulumi.String(\"config_test\"),\n\t\t\t\t},\n\t\t\t\tIngressSettings: pulumi.String(\"ALLOW_INTERNAL_ONLY\"),\n\t\t\t\tAllTrafficOnLatestRevision: pulumi.Bool(true),\n\t\t\t\tServiceAccountEmail: account.Email,\n\t\t\t},\n\t\t\tEventTrigger: \u0026cloudfunctionsv2.FunctionEventTriggerArgs{\n\t\t\t\tEventType: pulumi.String(\"google.cloud.storage.object.v1.finalized\"),\n\t\t\t\tRetryPolicy: pulumi.String(\"RETRY_POLICY_RETRY\"),\n\t\t\t\tServiceAccountEmail: account.Email,\n\t\t\t\tEventFilters: cloudfunctionsv2.FunctionEventTriggerEventFilterArray{\n\t\t\t\t\t\u0026cloudfunctionsv2.FunctionEventTriggerEventFilterArgs{\n\t\t\t\t\t\tAttribute: pulumi.String(\"bucket\"),\n\t\t\t\t\t\tValue: trigger_bucket.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tevent_receiving,\n\t\t\tartifactregistry_reader,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.storage.StorageFunctions;\nimport com.pulumi.gcp.storage.inputs.GetProjectServiceAccountArgs;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.Function;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceStorageSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionServiceConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionEventTriggerArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var source_bucket = new Bucket(\"source-bucket\", BucketArgs.builder()\n .name(\"gcf-source-bucket\")\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var object = new BucketObject(\"object\", BucketObjectArgs.builder()\n .name(\"function-source.zip\")\n .bucket(source_bucket.name())\n .source(new FileAsset(\"function-source.zip\"))\n .build());\n\n var trigger_bucket = new Bucket(\"trigger-bucket\", BucketArgs.builder()\n .name(\"gcf-trigger-bucket\")\n .location(\"us-central1\")\n .uniformBucketLevelAccess(true)\n .build());\n\n final var gcsAccount = StorageFunctions.getProjectServiceAccount();\n\n // To use GCS CloudEvent triggers, the GCS service account requires the Pub/Sub Publisher(roles/pubsub.publisher) IAM role in the specified project.\n // (See https://cloud.google.com/eventarc/docs/run/quickstart-storage#before-you-begin)\n var gcs_pubsub_publishing = new IAMMember(\"gcs-pubsub-publishing\", IAMMemberArgs.builder()\n .project(\"my-project-name\")\n .role(\"roles/pubsub.publisher\")\n .member(String.format(\"serviceAccount:%s\", gcsAccount.applyValue(getProjectServiceAccountResult -\u003e getProjectServiceAccountResult.emailAddress())))\n .build());\n\n var account = new Account(\"account\", AccountArgs.builder()\n .accountId(\"gcf-sa\")\n .displayName(\"Test Service Account - used for both the cloud function and eventarc trigger in the test\")\n .build());\n\n // Permissions on the service account used by the function and Eventarc trigger\n var invoking = new IAMMember(\"invoking\", IAMMemberArgs.builder()\n .project(\"my-project-name\")\n .role(\"roles/run.invoker\")\n .member(account.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build(), CustomResourceOptions.builder()\n .dependsOn(gcs_pubsub_publishing)\n .build());\n\n var event_receiving = new IAMMember(\"event-receiving\", IAMMemberArgs.builder()\n .project(\"my-project-name\")\n .role(\"roles/eventarc.eventReceiver\")\n .member(account.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build(), CustomResourceOptions.builder()\n .dependsOn(invoking)\n .build());\n\n var artifactregistry_reader = new IAMMember(\"artifactregistry-reader\", IAMMemberArgs.builder()\n .project(\"my-project-name\")\n .role(\"roles/artifactregistry.reader\")\n .member(account.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build(), CustomResourceOptions.builder()\n .dependsOn(event_receiving)\n .build());\n\n var function = new Function(\"function\", FunctionArgs.builder()\n .name(\"gcf-function\")\n .location(\"us-central1\")\n .description(\"a new function\")\n .buildConfig(FunctionBuildConfigArgs.builder()\n .runtime(\"nodejs12\")\n .entryPoint(\"entryPoint\")\n .environmentVariables(Map.of(\"BUILD_CONFIG_TEST\", \"build_test\"))\n .source(FunctionBuildConfigSourceArgs.builder()\n .storageSource(FunctionBuildConfigSourceStorageSourceArgs.builder()\n .bucket(source_bucket.name())\n .object(object.name())\n .build())\n .build())\n .build())\n .serviceConfig(FunctionServiceConfigArgs.builder()\n .maxInstanceCount(3)\n .minInstanceCount(1)\n .availableMemory(\"256M\")\n .timeoutSeconds(60)\n .environmentVariables(Map.of(\"SERVICE_CONFIG_TEST\", \"config_test\"))\n .ingressSettings(\"ALLOW_INTERNAL_ONLY\")\n .allTrafficOnLatestRevision(true)\n .serviceAccountEmail(account.email())\n .build())\n .eventTrigger(FunctionEventTriggerArgs.builder()\n .eventType(\"google.cloud.storage.object.v1.finalized\")\n .retryPolicy(\"RETRY_POLICY_RETRY\")\n .serviceAccountEmail(account.email())\n .eventFilters(FunctionEventTriggerEventFilterArgs.builder()\n .attribute(\"bucket\")\n .value(trigger_bucket.name())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n event_receiving,\n artifactregistry_reader)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n source-bucket:\n type: gcp:storage:Bucket\n properties:\n name: gcf-source-bucket\n location: US\n uniformBucketLevelAccess: true\n object:\n type: gcp:storage:BucketObject\n properties:\n name: function-source.zip\n bucket: ${[\"source-bucket\"].name}\n source:\n fn::FileAsset: function-source.zip\n trigger-bucket:\n type: gcp:storage:Bucket\n properties:\n name: gcf-trigger-bucket\n location: us-central1\n uniformBucketLevelAccess: true\n # To use GCS CloudEvent triggers, the GCS service account requires the Pub/Sub Publisher(roles/pubsub.publisher) IAM role in the specified project.\n # (See https://cloud.google.com/eventarc/docs/run/quickstart-storage#before-you-begin)\n gcs-pubsub-publishing:\n type: gcp:projects:IAMMember\n properties:\n project: my-project-name\n role: roles/pubsub.publisher\n member: serviceAccount:${gcsAccount.emailAddress}\n account:\n type: gcp:serviceaccount:Account\n properties:\n accountId: gcf-sa\n displayName: Test Service Account - used for both the cloud function and eventarc trigger in the test\n # Permissions on the service account used by the function and Eventarc trigger\n invoking:\n type: gcp:projects:IAMMember\n properties:\n project: my-project-name\n role: roles/run.invoker\n member: serviceAccount:${account.email}\n options:\n dependsOn:\n - ${[\"gcs-pubsub-publishing\"]}\n event-receiving:\n type: gcp:projects:IAMMember\n properties:\n project: my-project-name\n role: roles/eventarc.eventReceiver\n member: serviceAccount:${account.email}\n options:\n dependsOn:\n - ${invoking}\n artifactregistry-reader:\n type: gcp:projects:IAMMember\n properties:\n project: my-project-name\n role: roles/artifactregistry.reader\n member: serviceAccount:${account.email}\n options:\n dependsOn:\n - ${[\"event-receiving\"]}\n function:\n type: gcp:cloudfunctionsv2:Function\n properties:\n name: gcf-function\n location: us-central1\n description: a new function\n buildConfig:\n runtime: nodejs12\n entryPoint: entryPoint\n environmentVariables:\n BUILD_CONFIG_TEST: build_test\n source:\n storageSource:\n bucket: ${[\"source-bucket\"].name}\n object: ${object.name}\n serviceConfig:\n maxInstanceCount: 3\n minInstanceCount: 1\n availableMemory: 256M\n timeoutSeconds: 60\n environmentVariables:\n SERVICE_CONFIG_TEST: config_test\n ingressSettings: ALLOW_INTERNAL_ONLY\n allTrafficOnLatestRevision: true\n serviceAccountEmail: ${account.email}\n eventTrigger:\n eventType: google.cloud.storage.object.v1.finalized\n retryPolicy: RETRY_POLICY_RETRY\n serviceAccountEmail: ${account.email}\n eventFilters:\n - attribute: bucket\n value: ${[\"trigger-bucket\"].name}\n options:\n dependsOn:\n - ${[\"event-receiving\"]}\n - ${[\"artifactregistry-reader\"]}\nvariables:\n gcsAccount:\n fn::invoke:\n function: gcp:storage:getProjectServiceAccount\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudfunctions2 Basic Auditlogs\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n// This example follows the examples shown in this Google Cloud Community blog post\n// https://medium.com/google-cloud/applying-a-path-pattern-when-filtering-in-eventarc-f06b937b4c34\n// and the docs:\n// https://cloud.google.com/eventarc/docs/path-patterns\nconst source_bucket = new gcp.storage.Bucket(\"source-bucket\", {\n name: \"gcf-source-bucket\",\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst object = new gcp.storage.BucketObject(\"object\", {\n name: \"function-source.zip\",\n bucket: source_bucket.name,\n source: new pulumi.asset.FileAsset(\"function-source.zip\"),\n});\nconst account = new gcp.serviceaccount.Account(\"account\", {\n accountId: \"gcf-sa\",\n displayName: \"Test Service Account - used for both the cloud function and eventarc trigger in the test\",\n});\n// Note: The right way of listening for Cloud Storage events is to use a Cloud Storage trigger.\n// Here we use Audit Logs to monitor the bucket so path patterns can be used in the example of\n// google_cloudfunctions2_function below (Audit Log events have path pattern support)\nconst audit_log_bucket = new gcp.storage.Bucket(\"audit-log-bucket\", {\n name: \"gcf-auditlog-bucket\",\n location: \"us-central1\",\n uniformBucketLevelAccess: true,\n});\n// Permissions on the service account used by the function and Eventarc trigger\nconst invoking = new gcp.projects.IAMMember(\"invoking\", {\n project: \"my-project-name\",\n role: \"roles/run.invoker\",\n member: pulumi.interpolate`serviceAccount:${account.email}`,\n});\nconst event_receiving = new gcp.projects.IAMMember(\"event-receiving\", {\n project: \"my-project-name\",\n role: \"roles/eventarc.eventReceiver\",\n member: pulumi.interpolate`serviceAccount:${account.email}`,\n}, {\n dependsOn: [invoking],\n});\nconst artifactregistry_reader = new gcp.projects.IAMMember(\"artifactregistry-reader\", {\n project: \"my-project-name\",\n role: \"roles/artifactregistry.reader\",\n member: pulumi.interpolate`serviceAccount:${account.email}`,\n}, {\n dependsOn: [event_receiving],\n});\nconst _function = new gcp.cloudfunctionsv2.Function(\"function\", {\n name: \"gcf-function\",\n location: \"us-central1\",\n description: \"a new function\",\n buildConfig: {\n runtime: \"nodejs12\",\n entryPoint: \"entryPoint\",\n environmentVariables: {\n BUILD_CONFIG_TEST: \"build_test\",\n },\n source: {\n storageSource: {\n bucket: source_bucket.name,\n object: object.name,\n },\n },\n },\n serviceConfig: {\n maxInstanceCount: 3,\n minInstanceCount: 1,\n availableMemory: \"256M\",\n timeoutSeconds: 60,\n environmentVariables: {\n SERVICE_CONFIG_TEST: \"config_test\",\n },\n ingressSettings: \"ALLOW_INTERNAL_ONLY\",\n allTrafficOnLatestRevision: true,\n serviceAccountEmail: account.email,\n },\n eventTrigger: {\n triggerRegion: \"us-central1\",\n eventType: \"google.cloud.audit.log.v1.written\",\n retryPolicy: \"RETRY_POLICY_RETRY\",\n serviceAccountEmail: account.email,\n eventFilters: [\n {\n attribute: \"serviceName\",\n value: \"storage.googleapis.com\",\n },\n {\n attribute: \"methodName\",\n value: \"storage.objects.create\",\n },\n {\n attribute: \"resourceName\",\n value: pulumi.interpolate`/projects/_/buckets/${audit_log_bucket.name}/objects/*.txt`,\n operator: \"match-path-pattern\",\n },\n ],\n },\n}, {\n dependsOn: [\n event_receiving,\n artifactregistry_reader,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n# This example follows the examples shown in this Google Cloud Community blog post\n# https://medium.com/google-cloud/applying-a-path-pattern-when-filtering-in-eventarc-f06b937b4c34\n# and the docs:\n# https://cloud.google.com/eventarc/docs/path-patterns\nsource_bucket = gcp.storage.Bucket(\"source-bucket\",\n name=\"gcf-source-bucket\",\n location=\"US\",\n uniform_bucket_level_access=True)\nobject = gcp.storage.BucketObject(\"object\",\n name=\"function-source.zip\",\n bucket=source_bucket.name,\n source=pulumi.FileAsset(\"function-source.zip\"))\naccount = gcp.serviceaccount.Account(\"account\",\n account_id=\"gcf-sa\",\n display_name=\"Test Service Account - used for both the cloud function and eventarc trigger in the test\")\n# Note: The right way of listening for Cloud Storage events is to use a Cloud Storage trigger.\n# Here we use Audit Logs to monitor the bucket so path patterns can be used in the example of\n# google_cloudfunctions2_function below (Audit Log events have path pattern support)\naudit_log_bucket = gcp.storage.Bucket(\"audit-log-bucket\",\n name=\"gcf-auditlog-bucket\",\n location=\"us-central1\",\n uniform_bucket_level_access=True)\n# Permissions on the service account used by the function and Eventarc trigger\ninvoking = gcp.projects.IAMMember(\"invoking\",\n project=\"my-project-name\",\n role=\"roles/run.invoker\",\n member=account.email.apply(lambda email: f\"serviceAccount:{email}\"))\nevent_receiving = gcp.projects.IAMMember(\"event-receiving\",\n project=\"my-project-name\",\n role=\"roles/eventarc.eventReceiver\",\n member=account.email.apply(lambda email: f\"serviceAccount:{email}\"),\n opts = pulumi.ResourceOptions(depends_on=[invoking]))\nartifactregistry_reader = gcp.projects.IAMMember(\"artifactregistry-reader\",\n project=\"my-project-name\",\n role=\"roles/artifactregistry.reader\",\n member=account.email.apply(lambda email: f\"serviceAccount:{email}\"),\n opts = pulumi.ResourceOptions(depends_on=[event_receiving]))\nfunction = gcp.cloudfunctionsv2.Function(\"function\",\n name=\"gcf-function\",\n location=\"us-central1\",\n description=\"a new function\",\n build_config={\n \"runtime\": \"nodejs12\",\n \"entry_point\": \"entryPoint\",\n \"environment_variables\": {\n \"BUILD_CONFIG_TEST\": \"build_test\",\n },\n \"source\": {\n \"storage_source\": {\n \"bucket\": source_bucket.name,\n \"object\": object.name,\n },\n },\n },\n service_config={\n \"max_instance_count\": 3,\n \"min_instance_count\": 1,\n \"available_memory\": \"256M\",\n \"timeout_seconds\": 60,\n \"environment_variables\": {\n \"SERVICE_CONFIG_TEST\": \"config_test\",\n },\n \"ingress_settings\": \"ALLOW_INTERNAL_ONLY\",\n \"all_traffic_on_latest_revision\": True,\n \"service_account_email\": account.email,\n },\n event_trigger={\n \"trigger_region\": \"us-central1\",\n \"event_type\": \"google.cloud.audit.log.v1.written\",\n \"retry_policy\": \"RETRY_POLICY_RETRY\",\n \"service_account_email\": account.email,\n \"event_filters\": [\n {\n \"attribute\": \"serviceName\",\n \"value\": \"storage.googleapis.com\",\n },\n {\n \"attribute\": \"methodName\",\n \"value\": \"storage.objects.create\",\n },\n {\n \"attribute\": \"resourceName\",\n \"value\": audit_log_bucket.name.apply(lambda name: f\"/projects/_/buckets/{name}/objects/*.txt\"),\n \"operator\": \"match-path-pattern\",\n },\n ],\n },\n opts = pulumi.ResourceOptions(depends_on=[\n event_receiving,\n artifactregistry_reader,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // This example follows the examples shown in this Google Cloud Community blog post\n // https://medium.com/google-cloud/applying-a-path-pattern-when-filtering-in-eventarc-f06b937b4c34\n // and the docs:\n // https://cloud.google.com/eventarc/docs/path-patterns\n var source_bucket = new Gcp.Storage.Bucket(\"source-bucket\", new()\n {\n Name = \"gcf-source-bucket\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var @object = new Gcp.Storage.BucketObject(\"object\", new()\n {\n Name = \"function-source.zip\",\n Bucket = source_bucket.Name,\n Source = new FileAsset(\"function-source.zip\"),\n });\n\n var account = new Gcp.ServiceAccount.Account(\"account\", new()\n {\n AccountId = \"gcf-sa\",\n DisplayName = \"Test Service Account - used for both the cloud function and eventarc trigger in the test\",\n });\n\n // Note: The right way of listening for Cloud Storage events is to use a Cloud Storage trigger.\n // Here we use Audit Logs to monitor the bucket so path patterns can be used in the example of\n // google_cloudfunctions2_function below (Audit Log events have path pattern support)\n var audit_log_bucket = new Gcp.Storage.Bucket(\"audit-log-bucket\", new()\n {\n Name = \"gcf-auditlog-bucket\",\n Location = \"us-central1\",\n UniformBucketLevelAccess = true,\n });\n\n // Permissions on the service account used by the function and Eventarc trigger\n var invoking = new Gcp.Projects.IAMMember(\"invoking\", new()\n {\n Project = \"my-project-name\",\n Role = \"roles/run.invoker\",\n Member = account.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n var event_receiving = new Gcp.Projects.IAMMember(\"event-receiving\", new()\n {\n Project = \"my-project-name\",\n Role = \"roles/eventarc.eventReceiver\",\n Member = account.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n invoking,\n },\n });\n\n var artifactregistry_reader = new Gcp.Projects.IAMMember(\"artifactregistry-reader\", new()\n {\n Project = \"my-project-name\",\n Role = \"roles/artifactregistry.reader\",\n Member = account.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n event_receiving,\n },\n });\n\n var function = new Gcp.CloudFunctionsV2.Function(\"function\", new()\n {\n Name = \"gcf-function\",\n Location = \"us-central1\",\n Description = \"a new function\",\n BuildConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigArgs\n {\n Runtime = \"nodejs12\",\n EntryPoint = \"entryPoint\",\n EnvironmentVariables = \n {\n { \"BUILD_CONFIG_TEST\", \"build_test\" },\n },\n Source = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceArgs\n {\n StorageSource = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceStorageSourceArgs\n {\n Bucket = source_bucket.Name,\n Object = @object.Name,\n },\n },\n },\n ServiceConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionServiceConfigArgs\n {\n MaxInstanceCount = 3,\n MinInstanceCount = 1,\n AvailableMemory = \"256M\",\n TimeoutSeconds = 60,\n EnvironmentVariables = \n {\n { \"SERVICE_CONFIG_TEST\", \"config_test\" },\n },\n IngressSettings = \"ALLOW_INTERNAL_ONLY\",\n AllTrafficOnLatestRevision = true,\n ServiceAccountEmail = account.Email,\n },\n EventTrigger = new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerArgs\n {\n TriggerRegion = \"us-central1\",\n EventType = \"google.cloud.audit.log.v1.written\",\n RetryPolicy = \"RETRY_POLICY_RETRY\",\n ServiceAccountEmail = account.Email,\n EventFilters = new[]\n {\n new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerEventFilterArgs\n {\n Attribute = \"serviceName\",\n Value = \"storage.googleapis.com\",\n },\n new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerEventFilterArgs\n {\n Attribute = \"methodName\",\n Value = \"storage.objects.create\",\n },\n new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerEventFilterArgs\n {\n Attribute = \"resourceName\",\n Value = audit_log_bucket.Name.Apply(name =\u003e $\"/projects/_/buckets/{name}/objects/*.txt\"),\n Operator = \"match-path-pattern\",\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n event_receiving,\n artifactregistry_reader,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// This example follows the examples shown in this Google Cloud Community blog post\n\t\t// https://medium.com/google-cloud/applying-a-path-pattern-when-filtering-in-eventarc-f06b937b4c34\n\t\t// and the docs:\n\t\t// https://cloud.google.com/eventarc/docs/path-patterns\n\t\t_, err := storage.NewBucket(ctx, \"source-bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"gcf-source-bucket\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tobject, err := storage.NewBucketObject(ctx, \"object\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"function-source.zip\"),\n\t\t\tBucket: source_bucket.Name,\n\t\t\tSource: pulumi.NewFileAsset(\"function-source.zip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\taccount, err := serviceaccount.NewAccount(ctx, \"account\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"gcf-sa\"),\n\t\t\tDisplayName: pulumi.String(\"Test Service Account - used for both the cloud function and eventarc trigger in the test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Note: The right way of listening for Cloud Storage events is to use a Cloud Storage trigger.\n\t\t// Here we use Audit Logs to monitor the bucket so path patterns can be used in the example of\n\t\t// google_cloudfunctions2_function below (Audit Log events have path pattern support)\n\t\t_, err = storage.NewBucket(ctx, \"audit-log-bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"gcf-auditlog-bucket\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Permissions on the service account used by the function and Eventarc trigger\n\t\tinvoking, err := projects.NewIAMMember(ctx, \"invoking\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tRole: pulumi.String(\"roles/run.invoker\"),\n\t\t\tMember: account.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMMember(ctx, \"event-receiving\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tRole: pulumi.String(\"roles/eventarc.eventReceiver\"),\n\t\t\tMember: account.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tinvoking,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMMember(ctx, \"artifactregistry-reader\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMember: account.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tevent_receiving,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunction(ctx, \"function\", \u0026cloudfunctionsv2.FunctionArgs{\n\t\t\tName: pulumi.String(\"gcf-function\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"a new function\"),\n\t\t\tBuildConfig: \u0026cloudfunctionsv2.FunctionBuildConfigArgs{\n\t\t\t\tRuntime: pulumi.String(\"nodejs12\"),\n\t\t\t\tEntryPoint: pulumi.String(\"entryPoint\"),\n\t\t\t\tEnvironmentVariables: pulumi.StringMap{\n\t\t\t\t\t\"BUILD_CONFIG_TEST\": pulumi.String(\"build_test\"),\n\t\t\t\t},\n\t\t\t\tSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceArgs{\n\t\t\t\t\tStorageSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs{\n\t\t\t\t\t\tBucket: source_bucket.Name,\n\t\t\t\t\t\tObject: object.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tServiceConfig: \u0026cloudfunctionsv2.FunctionServiceConfigArgs{\n\t\t\t\tMaxInstanceCount: pulumi.Int(3),\n\t\t\t\tMinInstanceCount: pulumi.Int(1),\n\t\t\t\tAvailableMemory: pulumi.String(\"256M\"),\n\t\t\t\tTimeoutSeconds: pulumi.Int(60),\n\t\t\t\tEnvironmentVariables: pulumi.StringMap{\n\t\t\t\t\t\"SERVICE_CONFIG_TEST\": pulumi.String(\"config_test\"),\n\t\t\t\t},\n\t\t\t\tIngressSettings: pulumi.String(\"ALLOW_INTERNAL_ONLY\"),\n\t\t\t\tAllTrafficOnLatestRevision: pulumi.Bool(true),\n\t\t\t\tServiceAccountEmail: account.Email,\n\t\t\t},\n\t\t\tEventTrigger: \u0026cloudfunctionsv2.FunctionEventTriggerArgs{\n\t\t\t\tTriggerRegion: pulumi.String(\"us-central1\"),\n\t\t\t\tEventType: pulumi.String(\"google.cloud.audit.log.v1.written\"),\n\t\t\t\tRetryPolicy: pulumi.String(\"RETRY_POLICY_RETRY\"),\n\t\t\t\tServiceAccountEmail: account.Email,\n\t\t\t\tEventFilters: cloudfunctionsv2.FunctionEventTriggerEventFilterArray{\n\t\t\t\t\t\u0026cloudfunctionsv2.FunctionEventTriggerEventFilterArgs{\n\t\t\t\t\t\tAttribute: pulumi.String(\"serviceName\"),\n\t\t\t\t\t\tValue: pulumi.String(\"storage.googleapis.com\"),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026cloudfunctionsv2.FunctionEventTriggerEventFilterArgs{\n\t\t\t\t\t\tAttribute: pulumi.String(\"methodName\"),\n\t\t\t\t\t\tValue: pulumi.String(\"storage.objects.create\"),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026cloudfunctionsv2.FunctionEventTriggerEventFilterArgs{\n\t\t\t\t\t\tAttribute: pulumi.String(\"resourceName\"),\n\t\t\t\t\t\tValue: audit_log_bucket.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"/projects/_/buckets/%v/objects/*.txt\", name), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\tOperator: pulumi.String(\"match-path-pattern\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tevent_receiving,\n\t\t\tartifactregistry_reader,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.Function;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceStorageSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionServiceConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionEventTriggerArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // This example follows the examples shown in this Google Cloud Community blog post\n // https://medium.com/google-cloud/applying-a-path-pattern-when-filtering-in-eventarc-f06b937b4c34\n // and the docs:\n // https://cloud.google.com/eventarc/docs/path-patterns\n var source_bucket = new Bucket(\"source-bucket\", BucketArgs.builder()\n .name(\"gcf-source-bucket\")\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var object = new BucketObject(\"object\", BucketObjectArgs.builder()\n .name(\"function-source.zip\")\n .bucket(source_bucket.name())\n .source(new FileAsset(\"function-source.zip\"))\n .build());\n\n var account = new Account(\"account\", AccountArgs.builder()\n .accountId(\"gcf-sa\")\n .displayName(\"Test Service Account - used for both the cloud function and eventarc trigger in the test\")\n .build());\n\n // Note: The right way of listening for Cloud Storage events is to use a Cloud Storage trigger.\n // Here we use Audit Logs to monitor the bucket so path patterns can be used in the example of\n // google_cloudfunctions2_function below (Audit Log events have path pattern support)\n var audit_log_bucket = new Bucket(\"audit-log-bucket\", BucketArgs.builder()\n .name(\"gcf-auditlog-bucket\")\n .location(\"us-central1\")\n .uniformBucketLevelAccess(true)\n .build());\n\n // Permissions on the service account used by the function and Eventarc trigger\n var invoking = new IAMMember(\"invoking\", IAMMemberArgs.builder()\n .project(\"my-project-name\")\n .role(\"roles/run.invoker\")\n .member(account.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n var event_receiving = new IAMMember(\"event-receiving\", IAMMemberArgs.builder()\n .project(\"my-project-name\")\n .role(\"roles/eventarc.eventReceiver\")\n .member(account.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build(), CustomResourceOptions.builder()\n .dependsOn(invoking)\n .build());\n\n var artifactregistry_reader = new IAMMember(\"artifactregistry-reader\", IAMMemberArgs.builder()\n .project(\"my-project-name\")\n .role(\"roles/artifactregistry.reader\")\n .member(account.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build(), CustomResourceOptions.builder()\n .dependsOn(event_receiving)\n .build());\n\n var function = new Function(\"function\", FunctionArgs.builder()\n .name(\"gcf-function\")\n .location(\"us-central1\")\n .description(\"a new function\")\n .buildConfig(FunctionBuildConfigArgs.builder()\n .runtime(\"nodejs12\")\n .entryPoint(\"entryPoint\")\n .environmentVariables(Map.of(\"BUILD_CONFIG_TEST\", \"build_test\"))\n .source(FunctionBuildConfigSourceArgs.builder()\n .storageSource(FunctionBuildConfigSourceStorageSourceArgs.builder()\n .bucket(source_bucket.name())\n .object(object.name())\n .build())\n .build())\n .build())\n .serviceConfig(FunctionServiceConfigArgs.builder()\n .maxInstanceCount(3)\n .minInstanceCount(1)\n .availableMemory(\"256M\")\n .timeoutSeconds(60)\n .environmentVariables(Map.of(\"SERVICE_CONFIG_TEST\", \"config_test\"))\n .ingressSettings(\"ALLOW_INTERNAL_ONLY\")\n .allTrafficOnLatestRevision(true)\n .serviceAccountEmail(account.email())\n .build())\n .eventTrigger(FunctionEventTriggerArgs.builder()\n .triggerRegion(\"us-central1\")\n .eventType(\"google.cloud.audit.log.v1.written\")\n .retryPolicy(\"RETRY_POLICY_RETRY\")\n .serviceAccountEmail(account.email())\n .eventFilters( \n FunctionEventTriggerEventFilterArgs.builder()\n .attribute(\"serviceName\")\n .value(\"storage.googleapis.com\")\n .build(),\n FunctionEventTriggerEventFilterArgs.builder()\n .attribute(\"methodName\")\n .value(\"storage.objects.create\")\n .build(),\n FunctionEventTriggerEventFilterArgs.builder()\n .attribute(\"resourceName\")\n .value(audit_log_bucket.name().applyValue(name -\u003e String.format(\"/projects/_/buckets/%s/objects/*.txt\", name)))\n .operator(\"match-path-pattern\")\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n event_receiving,\n artifactregistry_reader)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # This example follows the examples shown in this Google Cloud Community blog post\n # https://medium.com/google-cloud/applying-a-path-pattern-when-filtering-in-eventarc-f06b937b4c34\n # and the docs:\n # https://cloud.google.com/eventarc/docs/path-patterns\n source-bucket:\n type: gcp:storage:Bucket\n properties:\n name: gcf-source-bucket\n location: US\n uniformBucketLevelAccess: true\n object:\n type: gcp:storage:BucketObject\n properties:\n name: function-source.zip\n bucket: ${[\"source-bucket\"].name}\n source:\n fn::FileAsset: function-source.zip\n account:\n type: gcp:serviceaccount:Account\n properties:\n accountId: gcf-sa\n displayName: Test Service Account - used for both the cloud function and eventarc trigger in the test\n # Note: The right way of listening for Cloud Storage events is to use a Cloud Storage trigger.\n # Here we use Audit Logs to monitor the bucket so path patterns can be used in the example of\n # google_cloudfunctions2_function below (Audit Log events have path pattern support)\n audit-log-bucket:\n type: gcp:storage:Bucket\n properties:\n name: gcf-auditlog-bucket\n location: us-central1\n uniformBucketLevelAccess: true\n # Permissions on the service account used by the function and Eventarc trigger\n invoking:\n type: gcp:projects:IAMMember\n properties:\n project: my-project-name\n role: roles/run.invoker\n member: serviceAccount:${account.email}\n event-receiving:\n type: gcp:projects:IAMMember\n properties:\n project: my-project-name\n role: roles/eventarc.eventReceiver\n member: serviceAccount:${account.email}\n options:\n dependsOn:\n - ${invoking}\n artifactregistry-reader:\n type: gcp:projects:IAMMember\n properties:\n project: my-project-name\n role: roles/artifactregistry.reader\n member: serviceAccount:${account.email}\n options:\n dependsOn:\n - ${[\"event-receiving\"]}\n function:\n type: gcp:cloudfunctionsv2:Function\n properties:\n name: gcf-function\n location: us-central1\n description: a new function\n buildConfig:\n runtime: nodejs12\n entryPoint: entryPoint\n environmentVariables:\n BUILD_CONFIG_TEST: build_test\n source:\n storageSource:\n bucket: ${[\"source-bucket\"].name}\n object: ${object.name}\n serviceConfig:\n maxInstanceCount: 3\n minInstanceCount: 1\n availableMemory: 256M\n timeoutSeconds: 60\n environmentVariables:\n SERVICE_CONFIG_TEST: config_test\n ingressSettings: ALLOW_INTERNAL_ONLY\n allTrafficOnLatestRevision: true\n serviceAccountEmail: ${account.email}\n eventTrigger:\n triggerRegion: us-central1\n eventType: google.cloud.audit.log.v1.written\n retryPolicy: RETRY_POLICY_RETRY\n serviceAccountEmail: ${account.email}\n eventFilters:\n - attribute: serviceName\n value: storage.googleapis.com\n - attribute: methodName\n value: storage.objects.create\n - attribute: resourceName\n value: /projects/_/buckets/${[\"audit-log-bucket\"].name}/objects/*.txt\n operator: match-path-pattern\n options:\n dependsOn:\n - ${[\"event-receiving\"]}\n - ${[\"artifactregistry-reader\"]}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudfunctions2 Basic Builder\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst project = \"my-project-name\";\nconst account = new gcp.serviceaccount.Account(\"account\", {\n accountId: \"gcf-sa\",\n displayName: \"Test Service Account\",\n});\nconst logWriter = new gcp.projects.IAMMember(\"log_writer\", {\n project: account.project,\n role: \"roles/logging.logWriter\",\n member: pulumi.interpolate`serviceAccount:${account.email}`,\n});\nconst artifactRegistryWriter = new gcp.projects.IAMMember(\"artifact_registry_writer\", {\n project: account.project,\n role: \"roles/artifactregistry.writer\",\n member: pulumi.interpolate`serviceAccount:${account.email}`,\n});\nconst storageObjectAdmin = new gcp.projects.IAMMember(\"storage_object_admin\", {\n project: account.project,\n role: \"roles/storage.objectAdmin\",\n member: pulumi.interpolate`serviceAccount:${account.email}`,\n});\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: `${project}-gcf-source`,\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst object = new gcp.storage.BucketObject(\"object\", {\n name: \"function-source.zip\",\n bucket: bucket.name,\n source: new pulumi.asset.FileAsset(\"function-source.zip\"),\n});\n// builder permissions need to stablize before it can pull the source zip\nconst wait60s = new time.index.Sleep(\"wait_60s\", {createDuration: \"60s\"}, {\n dependsOn: [\n logWriter,\n artifactRegistryWriter,\n storageObjectAdmin,\n ],\n});\nconst _function = new gcp.cloudfunctionsv2.Function(\"function\", {\n name: \"function-v2\",\n location: \"us-central1\",\n description: \"a new function\",\n buildConfig: {\n runtime: \"nodejs16\",\n entryPoint: \"helloHttp\",\n source: {\n storageSource: {\n bucket: bucket.name,\n object: object.name,\n },\n },\n serviceAccount: account.id,\n },\n serviceConfig: {\n maxInstanceCount: 1,\n availableMemory: \"256M\",\n timeoutSeconds: 60,\n },\n}, {\n dependsOn: [wait60s],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\nproject = \"my-project-name\"\naccount = gcp.serviceaccount.Account(\"account\",\n account_id=\"gcf-sa\",\n display_name=\"Test Service Account\")\nlog_writer = gcp.projects.IAMMember(\"log_writer\",\n project=account.project,\n role=\"roles/logging.logWriter\",\n member=account.email.apply(lambda email: f\"serviceAccount:{email}\"))\nartifact_registry_writer = gcp.projects.IAMMember(\"artifact_registry_writer\",\n project=account.project,\n role=\"roles/artifactregistry.writer\",\n member=account.email.apply(lambda email: f\"serviceAccount:{email}\"))\nstorage_object_admin = gcp.projects.IAMMember(\"storage_object_admin\",\n project=account.project,\n role=\"roles/storage.objectAdmin\",\n member=account.email.apply(lambda email: f\"serviceAccount:{email}\"))\nbucket = gcp.storage.Bucket(\"bucket\",\n name=f\"{project}-gcf-source\",\n location=\"US\",\n uniform_bucket_level_access=True)\nobject = gcp.storage.BucketObject(\"object\",\n name=\"function-source.zip\",\n bucket=bucket.name,\n source=pulumi.FileAsset(\"function-source.zip\"))\n# builder permissions need to stablize before it can pull the source zip\nwait60s = time.index.Sleep(\"wait_60s\", create_duration=60s,\nopts = pulumi.ResourceOptions(depends_on=[\n log_writer,\n artifact_registry_writer,\n storage_object_admin,\n ]))\nfunction = gcp.cloudfunctionsv2.Function(\"function\",\n name=\"function-v2\",\n location=\"us-central1\",\n description=\"a new function\",\n build_config={\n \"runtime\": \"nodejs16\",\n \"entry_point\": \"helloHttp\",\n \"source\": {\n \"storage_source\": {\n \"bucket\": bucket.name,\n \"object\": object.name,\n },\n },\n \"service_account\": account.id,\n },\n service_config={\n \"max_instance_count\": 1,\n \"available_memory\": \"256M\",\n \"timeout_seconds\": 60,\n },\n opts = pulumi.ResourceOptions(depends_on=[wait60s]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = \"my-project-name\";\n\n var account = new Gcp.ServiceAccount.Account(\"account\", new()\n {\n AccountId = \"gcf-sa\",\n DisplayName = \"Test Service Account\",\n });\n\n var logWriter = new Gcp.Projects.IAMMember(\"log_writer\", new()\n {\n Project = account.Project,\n Role = \"roles/logging.logWriter\",\n Member = account.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n var artifactRegistryWriter = new Gcp.Projects.IAMMember(\"artifact_registry_writer\", new()\n {\n Project = account.Project,\n Role = \"roles/artifactregistry.writer\",\n Member = account.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n var storageObjectAdmin = new Gcp.Projects.IAMMember(\"storage_object_admin\", new()\n {\n Project = account.Project,\n Role = \"roles/storage.objectAdmin\",\n Member = account.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = $\"{project}-gcf-source\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var @object = new Gcp.Storage.BucketObject(\"object\", new()\n {\n Name = \"function-source.zip\",\n Bucket = bucket.Name,\n Source = new FileAsset(\"function-source.zip\"),\n });\n\n // builder permissions need to stablize before it can pull the source zip\n var wait60s = new Time.Index.Sleep(\"wait_60s\", new()\n {\n CreateDuration = \"60s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n logWriter,\n artifactRegistryWriter,\n storageObjectAdmin,\n },\n });\n\n var function = new Gcp.CloudFunctionsV2.Function(\"function\", new()\n {\n Name = \"function-v2\",\n Location = \"us-central1\",\n Description = \"a new function\",\n BuildConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigArgs\n {\n Runtime = \"nodejs16\",\n EntryPoint = \"helloHttp\",\n Source = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceArgs\n {\n StorageSource = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceStorageSourceArgs\n {\n Bucket = bucket.Name,\n Object = @object.Name,\n },\n },\n ServiceAccount = account.Id,\n },\n ServiceConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionServiceConfigArgs\n {\n MaxInstanceCount = 1,\n AvailableMemory = \"256M\",\n TimeoutSeconds = 60,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait60s,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject := \"my-project-name\"\n\t\taccount, err := serviceaccount.NewAccount(ctx, \"account\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"gcf-sa\"),\n\t\t\tDisplayName: pulumi.String(\"Test Service Account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlogWriter, err := projects.NewIAMMember(ctx, \"log_writer\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: account.Project,\n\t\t\tRole: pulumi.String(\"roles/logging.logWriter\"),\n\t\t\tMember: account.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tartifactRegistryWriter, err := projects.NewIAMMember(ctx, \"artifact_registry_writer\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: account.Project,\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.writer\"),\n\t\t\tMember: account.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tstorageObjectAdmin, err := projects.NewIAMMember(ctx, \"storage_object_admin\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: account.Project,\n\t\t\tRole: pulumi.String(\"roles/storage.objectAdmin\"),\n\t\t\tMember: account.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.Sprintf(\"%v-gcf-source\", project),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tobject, err := storage.NewBucketObject(ctx, \"object\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"function-source.zip\"),\n\t\t\tBucket: bucket.Name,\n\t\t\tSource: pulumi.NewFileAsset(\"function-source.zip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// builder permissions need to stablize before it can pull the source zip\n\t\twait60s, err := time.NewSleep(ctx, \"wait_60s\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"60s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tlogWriter,\n\t\t\tartifactRegistryWriter,\n\t\t\tstorageObjectAdmin,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunction(ctx, \"function\", \u0026cloudfunctionsv2.FunctionArgs{\n\t\t\tName: pulumi.String(\"function-v2\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"a new function\"),\n\t\t\tBuildConfig: \u0026cloudfunctionsv2.FunctionBuildConfigArgs{\n\t\t\t\tRuntime: pulumi.String(\"nodejs16\"),\n\t\t\t\tEntryPoint: pulumi.String(\"helloHttp\"),\n\t\t\t\tSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceArgs{\n\t\t\t\t\tStorageSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs{\n\t\t\t\t\t\tBucket: bucket.Name,\n\t\t\t\t\t\tObject: object.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tServiceAccount: account.ID(),\n\t\t\t},\n\t\t\tServiceConfig: \u0026cloudfunctionsv2.FunctionServiceConfigArgs{\n\t\t\t\tMaxInstanceCount: pulumi.Int(1),\n\t\t\t\tAvailableMemory: pulumi.String(\"256M\"),\n\t\t\t\tTimeoutSeconds: pulumi.Int(60),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait60s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.Function;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceStorageSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionServiceConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = \"my-project-name\";\n\n var account = new Account(\"account\", AccountArgs.builder()\n .accountId(\"gcf-sa\")\n .displayName(\"Test Service Account\")\n .build());\n\n var logWriter = new IAMMember(\"logWriter\", IAMMemberArgs.builder()\n .project(account.project())\n .role(\"roles/logging.logWriter\")\n .member(account.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n var artifactRegistryWriter = new IAMMember(\"artifactRegistryWriter\", IAMMemberArgs.builder()\n .project(account.project())\n .role(\"roles/artifactregistry.writer\")\n .member(account.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n var storageObjectAdmin = new IAMMember(\"storageObjectAdmin\", IAMMemberArgs.builder()\n .project(account.project())\n .role(\"roles/storage.objectAdmin\")\n .member(account.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(String.format(\"%s-gcf-source\", project))\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var object = new BucketObject(\"object\", BucketObjectArgs.builder()\n .name(\"function-source.zip\")\n .bucket(bucket.name())\n .source(new FileAsset(\"function-source.zip\"))\n .build());\n\n // builder permissions need to stablize before it can pull the source zip\n var wait60s = new Sleep(\"wait60s\", SleepArgs.builder()\n .createDuration(\"60s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n logWriter,\n artifactRegistryWriter,\n storageObjectAdmin)\n .build());\n\n var function = new Function(\"function\", FunctionArgs.builder()\n .name(\"function-v2\")\n .location(\"us-central1\")\n .description(\"a new function\")\n .buildConfig(FunctionBuildConfigArgs.builder()\n .runtime(\"nodejs16\")\n .entryPoint(\"helloHttp\")\n .source(FunctionBuildConfigSourceArgs.builder()\n .storageSource(FunctionBuildConfigSourceStorageSourceArgs.builder()\n .bucket(bucket.name())\n .object(object.name())\n .build())\n .build())\n .serviceAccount(account.id())\n .build())\n .serviceConfig(FunctionServiceConfigArgs.builder()\n .maxInstanceCount(1)\n .availableMemory(\"256M\")\n .timeoutSeconds(60)\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait60s)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n account:\n type: gcp:serviceaccount:Account\n properties:\n accountId: gcf-sa\n displayName: Test Service Account\n logWriter:\n type: gcp:projects:IAMMember\n name: log_writer\n properties:\n project: ${account.project}\n role: roles/logging.logWriter\n member: serviceAccount:${account.email}\n artifactRegistryWriter:\n type: gcp:projects:IAMMember\n name: artifact_registry_writer\n properties:\n project: ${account.project}\n role: roles/artifactregistry.writer\n member: serviceAccount:${account.email}\n storageObjectAdmin:\n type: gcp:projects:IAMMember\n name: storage_object_admin\n properties:\n project: ${account.project}\n role: roles/storage.objectAdmin\n member: serviceAccount:${account.email}\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: ${project}-gcf-source\n location: US\n uniformBucketLevelAccess: true\n object:\n type: gcp:storage:BucketObject\n properties:\n name: function-source.zip\n bucket: ${bucket.name}\n source:\n fn::FileAsset: function-source.zip\n # builder permissions need to stablize before it can pull the source zip\n wait60s:\n type: time:sleep\n name: wait_60s\n properties:\n createDuration: 60s\n options:\n dependsOn:\n - ${logWriter}\n - ${artifactRegistryWriter}\n - ${storageObjectAdmin}\n function:\n type: gcp:cloudfunctionsv2:Function\n properties:\n name: function-v2\n location: us-central1\n description: a new function\n buildConfig:\n runtime: nodejs16\n entryPoint: helloHttp\n source:\n storageSource:\n bucket: ${bucket.name}\n object: ${object.name}\n serviceAccount: ${account.id}\n serviceConfig:\n maxInstanceCount: 1\n availableMemory: 256M\n timeoutSeconds: 60\n options:\n dependsOn:\n - ${wait60s}\nvariables:\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudfunctions2 Secret Env\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = \"my-project-name\";\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: `${project}-gcf-source`,\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst object = new gcp.storage.BucketObject(\"object\", {\n name: \"function-source.zip\",\n bucket: bucket.name,\n source: new pulumi.asset.FileAsset(\"function-source.zip\"),\n});\nconst secret = new gcp.secretmanager.Secret(\"secret\", {\n secretId: \"secret\",\n replication: {\n userManaged: {\n replicas: [{\n location: \"us-central1\",\n }],\n },\n },\n});\nconst secretSecretVersion = new gcp.secretmanager.SecretVersion(\"secret\", {\n secret: secret.name,\n secretData: \"secret\",\n enabled: true,\n});\nconst _function = new gcp.cloudfunctionsv2.Function(\"function\", {\n name: \"function-secret\",\n location: \"us-central1\",\n description: \"a new function\",\n buildConfig: {\n runtime: \"nodejs16\",\n entryPoint: \"helloHttp\",\n source: {\n storageSource: {\n bucket: bucket.name,\n object: object.name,\n },\n },\n },\n serviceConfig: {\n maxInstanceCount: 1,\n availableMemory: \"256M\",\n timeoutSeconds: 60,\n secretEnvironmentVariables: [{\n key: \"TEST\",\n projectId: project,\n secret: secret.secretId,\n version: \"latest\",\n }],\n },\n}, {\n dependsOn: [secretSecretVersion],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = \"my-project-name\"\nbucket = gcp.storage.Bucket(\"bucket\",\n name=f\"{project}-gcf-source\",\n location=\"US\",\n uniform_bucket_level_access=True)\nobject = gcp.storage.BucketObject(\"object\",\n name=\"function-source.zip\",\n bucket=bucket.name,\n source=pulumi.FileAsset(\"function-source.zip\"))\nsecret = gcp.secretmanager.Secret(\"secret\",\n secret_id=\"secret\",\n replication={\n \"user_managed\": {\n \"replicas\": [{\n \"location\": \"us-central1\",\n }],\n },\n })\nsecret_secret_version = gcp.secretmanager.SecretVersion(\"secret\",\n secret=secret.name,\n secret_data=\"secret\",\n enabled=True)\nfunction = gcp.cloudfunctionsv2.Function(\"function\",\n name=\"function-secret\",\n location=\"us-central1\",\n description=\"a new function\",\n build_config={\n \"runtime\": \"nodejs16\",\n \"entry_point\": \"helloHttp\",\n \"source\": {\n \"storage_source\": {\n \"bucket\": bucket.name,\n \"object\": object.name,\n },\n },\n },\n service_config={\n \"max_instance_count\": 1,\n \"available_memory\": \"256M\",\n \"timeout_seconds\": 60,\n \"secret_environment_variables\": [{\n \"key\": \"TEST\",\n \"project_id\": project,\n \"secret\": secret.secret_id,\n \"version\": \"latest\",\n }],\n },\n opts = pulumi.ResourceOptions(depends_on=[secret_secret_version]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = \"my-project-name\";\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = $\"{project}-gcf-source\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var @object = new Gcp.Storage.BucketObject(\"object\", new()\n {\n Name = \"function-source.zip\",\n Bucket = bucket.Name,\n Source = new FileAsset(\"function-source.zip\"),\n });\n\n var secret = new Gcp.SecretManager.Secret(\"secret\", new()\n {\n SecretId = \"secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n UserManaged = new Gcp.SecretManager.Inputs.SecretReplicationUserManagedArgs\n {\n Replicas = new[]\n {\n new Gcp.SecretManager.Inputs.SecretReplicationUserManagedReplicaArgs\n {\n Location = \"us-central1\",\n },\n },\n },\n },\n });\n\n var secretSecretVersion = new Gcp.SecretManager.SecretVersion(\"secret\", new()\n {\n Secret = secret.Name,\n SecretData = \"secret\",\n Enabled = true,\n });\n\n var function = new Gcp.CloudFunctionsV2.Function(\"function\", new()\n {\n Name = \"function-secret\",\n Location = \"us-central1\",\n Description = \"a new function\",\n BuildConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigArgs\n {\n Runtime = \"nodejs16\",\n EntryPoint = \"helloHttp\",\n Source = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceArgs\n {\n StorageSource = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceStorageSourceArgs\n {\n Bucket = bucket.Name,\n Object = @object.Name,\n },\n },\n },\n ServiceConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionServiceConfigArgs\n {\n MaxInstanceCount = 1,\n AvailableMemory = \"256M\",\n TimeoutSeconds = 60,\n SecretEnvironmentVariables = new[]\n {\n new Gcp.CloudFunctionsV2.Inputs.FunctionServiceConfigSecretEnvironmentVariableArgs\n {\n Key = \"TEST\",\n ProjectId = project,\n Secret = secret.SecretId,\n Version = \"latest\",\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n secretSecretVersion,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject := \"my-project-name\"\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.Sprintf(\"%v-gcf-source\", project),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tobject, err := storage.NewBucketObject(ctx, \"object\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"function-source.zip\"),\n\t\t\tBucket: bucket.Name,\n\t\t\tSource: pulumi.NewFileAsset(\"function-source.zip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecret, err := secretmanager.NewSecret(ctx, \"secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tUserManaged: \u0026secretmanager.SecretReplicationUserManagedArgs{\n\t\t\t\t\tReplicas: secretmanager.SecretReplicationUserManagedReplicaArray{\n\t\t\t\t\t\t\u0026secretmanager.SecretReplicationUserManagedReplicaArgs{\n\t\t\t\t\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecretSecretVersion, err := secretmanager.NewSecretVersion(ctx, \"secret\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: secret.Name,\n\t\t\tSecretData: pulumi.String(\"secret\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunction(ctx, \"function\", \u0026cloudfunctionsv2.FunctionArgs{\n\t\t\tName: pulumi.String(\"function-secret\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"a new function\"),\n\t\t\tBuildConfig: \u0026cloudfunctionsv2.FunctionBuildConfigArgs{\n\t\t\t\tRuntime: pulumi.String(\"nodejs16\"),\n\t\t\t\tEntryPoint: pulumi.String(\"helloHttp\"),\n\t\t\t\tSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceArgs{\n\t\t\t\t\tStorageSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs{\n\t\t\t\t\t\tBucket: bucket.Name,\n\t\t\t\t\t\tObject: object.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tServiceConfig: \u0026cloudfunctionsv2.FunctionServiceConfigArgs{\n\t\t\t\tMaxInstanceCount: pulumi.Int(1),\n\t\t\t\tAvailableMemory: pulumi.String(\"256M\"),\n\t\t\t\tTimeoutSeconds: pulumi.Int(60),\n\t\t\t\tSecretEnvironmentVariables: cloudfunctionsv2.FunctionServiceConfigSecretEnvironmentVariableArray{\n\t\t\t\t\t\u0026cloudfunctionsv2.FunctionServiceConfigSecretEnvironmentVariableArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"TEST\"),\n\t\t\t\t\t\tProjectId: pulumi.String(project),\n\t\t\t\t\t\tSecret: secret.SecretId,\n\t\t\t\t\t\tVersion: pulumi.String(\"latest\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsecretSecretVersion,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationUserManagedArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.Function;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceStorageSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionServiceConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = \"my-project-name\";\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(String.format(\"%s-gcf-source\", project))\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var object = new BucketObject(\"object\", BucketObjectArgs.builder()\n .name(\"function-source.zip\")\n .bucket(bucket.name())\n .source(new FileAsset(\"function-source.zip\"))\n .build());\n\n var secret = new Secret(\"secret\", SecretArgs.builder()\n .secretId(\"secret\")\n .replication(SecretReplicationArgs.builder()\n .userManaged(SecretReplicationUserManagedArgs.builder()\n .replicas(SecretReplicationUserManagedReplicaArgs.builder()\n .location(\"us-central1\")\n .build())\n .build())\n .build())\n .build());\n\n var secretSecretVersion = new SecretVersion(\"secretSecretVersion\", SecretVersionArgs.builder()\n .secret(secret.name())\n .secretData(\"secret\")\n .enabled(true)\n .build());\n\n var function = new Function(\"function\", FunctionArgs.builder()\n .name(\"function-secret\")\n .location(\"us-central1\")\n .description(\"a new function\")\n .buildConfig(FunctionBuildConfigArgs.builder()\n .runtime(\"nodejs16\")\n .entryPoint(\"helloHttp\")\n .source(FunctionBuildConfigSourceArgs.builder()\n .storageSource(FunctionBuildConfigSourceStorageSourceArgs.builder()\n .bucket(bucket.name())\n .object(object.name())\n .build())\n .build())\n .build())\n .serviceConfig(FunctionServiceConfigArgs.builder()\n .maxInstanceCount(1)\n .availableMemory(\"256M\")\n .timeoutSeconds(60)\n .secretEnvironmentVariables(FunctionServiceConfigSecretEnvironmentVariableArgs.builder()\n .key(\"TEST\")\n .projectId(project)\n .secret(secret.secretId())\n .version(\"latest\")\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(secretSecretVersion)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: ${project}-gcf-source\n location: US\n uniformBucketLevelAccess: true\n object:\n type: gcp:storage:BucketObject\n properties:\n name: function-source.zip\n bucket: ${bucket.name}\n source:\n fn::FileAsset: function-source.zip\n function:\n type: gcp:cloudfunctionsv2:Function\n properties:\n name: function-secret\n location: us-central1\n description: a new function\n buildConfig:\n runtime: nodejs16\n entryPoint: helloHttp\n source:\n storageSource:\n bucket: ${bucket.name}\n object: ${object.name}\n serviceConfig:\n maxInstanceCount: 1\n availableMemory: 256M\n timeoutSeconds: 60\n secretEnvironmentVariables:\n - key: TEST\n projectId: ${project}\n secret: ${secret.secretId}\n version: latest\n options:\n dependsOn:\n - ${secretSecretVersion}\n secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: secret\n replication:\n userManaged:\n replicas:\n - location: us-central1\n secretSecretVersion:\n type: gcp:secretmanager:SecretVersion\n name: secret\n properties:\n secret: ${secret.name}\n secretData: secret\n enabled: true\nvariables:\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudfunctions2 Secret Volume\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = \"my-project-name\";\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: `${project}-gcf-source`,\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst object = new gcp.storage.BucketObject(\"object\", {\n name: \"function-source.zip\",\n bucket: bucket.name,\n source: new pulumi.asset.FileAsset(\"function-source.zip\"),\n});\nconst secret = new gcp.secretmanager.Secret(\"secret\", {\n secretId: \"secret\",\n replication: {\n userManaged: {\n replicas: [{\n location: \"us-central1\",\n }],\n },\n },\n});\nconst secretSecretVersion = new gcp.secretmanager.SecretVersion(\"secret\", {\n secret: secret.name,\n secretData: \"secret\",\n enabled: true,\n});\nconst _function = new gcp.cloudfunctionsv2.Function(\"function\", {\n name: \"function-secret\",\n location: \"us-central1\",\n description: \"a new function\",\n buildConfig: {\n runtime: \"nodejs16\",\n entryPoint: \"helloHttp\",\n source: {\n storageSource: {\n bucket: bucket.name,\n object: object.name,\n },\n },\n },\n serviceConfig: {\n maxInstanceCount: 1,\n availableMemory: \"256M\",\n timeoutSeconds: 60,\n secretVolumes: [{\n mountPath: \"/etc/secrets\",\n projectId: project,\n secret: secret.secretId,\n }],\n },\n}, {\n dependsOn: [secretSecretVersion],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = \"my-project-name\"\nbucket = gcp.storage.Bucket(\"bucket\",\n name=f\"{project}-gcf-source\",\n location=\"US\",\n uniform_bucket_level_access=True)\nobject = gcp.storage.BucketObject(\"object\",\n name=\"function-source.zip\",\n bucket=bucket.name,\n source=pulumi.FileAsset(\"function-source.zip\"))\nsecret = gcp.secretmanager.Secret(\"secret\",\n secret_id=\"secret\",\n replication={\n \"user_managed\": {\n \"replicas\": [{\n \"location\": \"us-central1\",\n }],\n },\n })\nsecret_secret_version = gcp.secretmanager.SecretVersion(\"secret\",\n secret=secret.name,\n secret_data=\"secret\",\n enabled=True)\nfunction = gcp.cloudfunctionsv2.Function(\"function\",\n name=\"function-secret\",\n location=\"us-central1\",\n description=\"a new function\",\n build_config={\n \"runtime\": \"nodejs16\",\n \"entry_point\": \"helloHttp\",\n \"source\": {\n \"storage_source\": {\n \"bucket\": bucket.name,\n \"object\": object.name,\n },\n },\n },\n service_config={\n \"max_instance_count\": 1,\n \"available_memory\": \"256M\",\n \"timeout_seconds\": 60,\n \"secret_volumes\": [{\n \"mount_path\": \"/etc/secrets\",\n \"project_id\": project,\n \"secret\": secret.secret_id,\n }],\n },\n opts = pulumi.ResourceOptions(depends_on=[secret_secret_version]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = \"my-project-name\";\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = $\"{project}-gcf-source\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var @object = new Gcp.Storage.BucketObject(\"object\", new()\n {\n Name = \"function-source.zip\",\n Bucket = bucket.Name,\n Source = new FileAsset(\"function-source.zip\"),\n });\n\n var secret = new Gcp.SecretManager.Secret(\"secret\", new()\n {\n SecretId = \"secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n UserManaged = new Gcp.SecretManager.Inputs.SecretReplicationUserManagedArgs\n {\n Replicas = new[]\n {\n new Gcp.SecretManager.Inputs.SecretReplicationUserManagedReplicaArgs\n {\n Location = \"us-central1\",\n },\n },\n },\n },\n });\n\n var secretSecretVersion = new Gcp.SecretManager.SecretVersion(\"secret\", new()\n {\n Secret = secret.Name,\n SecretData = \"secret\",\n Enabled = true,\n });\n\n var function = new Gcp.CloudFunctionsV2.Function(\"function\", new()\n {\n Name = \"function-secret\",\n Location = \"us-central1\",\n Description = \"a new function\",\n BuildConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigArgs\n {\n Runtime = \"nodejs16\",\n EntryPoint = \"helloHttp\",\n Source = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceArgs\n {\n StorageSource = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceStorageSourceArgs\n {\n Bucket = bucket.Name,\n Object = @object.Name,\n },\n },\n },\n ServiceConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionServiceConfigArgs\n {\n MaxInstanceCount = 1,\n AvailableMemory = \"256M\",\n TimeoutSeconds = 60,\n SecretVolumes = new[]\n {\n new Gcp.CloudFunctionsV2.Inputs.FunctionServiceConfigSecretVolumeArgs\n {\n MountPath = \"/etc/secrets\",\n ProjectId = project,\n Secret = secret.SecretId,\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n secretSecretVersion,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject := \"my-project-name\"\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.Sprintf(\"%v-gcf-source\", project),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tobject, err := storage.NewBucketObject(ctx, \"object\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"function-source.zip\"),\n\t\t\tBucket: bucket.Name,\n\t\t\tSource: pulumi.NewFileAsset(\"function-source.zip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecret, err := secretmanager.NewSecret(ctx, \"secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tUserManaged: \u0026secretmanager.SecretReplicationUserManagedArgs{\n\t\t\t\t\tReplicas: secretmanager.SecretReplicationUserManagedReplicaArray{\n\t\t\t\t\t\t\u0026secretmanager.SecretReplicationUserManagedReplicaArgs{\n\t\t\t\t\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecretSecretVersion, err := secretmanager.NewSecretVersion(ctx, \"secret\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: secret.Name,\n\t\t\tSecretData: pulumi.String(\"secret\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunction(ctx, \"function\", \u0026cloudfunctionsv2.FunctionArgs{\n\t\t\tName: pulumi.String(\"function-secret\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"a new function\"),\n\t\t\tBuildConfig: \u0026cloudfunctionsv2.FunctionBuildConfigArgs{\n\t\t\t\tRuntime: pulumi.String(\"nodejs16\"),\n\t\t\t\tEntryPoint: pulumi.String(\"helloHttp\"),\n\t\t\t\tSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceArgs{\n\t\t\t\t\tStorageSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs{\n\t\t\t\t\t\tBucket: bucket.Name,\n\t\t\t\t\t\tObject: object.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tServiceConfig: \u0026cloudfunctionsv2.FunctionServiceConfigArgs{\n\t\t\t\tMaxInstanceCount: pulumi.Int(1),\n\t\t\t\tAvailableMemory: pulumi.String(\"256M\"),\n\t\t\t\tTimeoutSeconds: pulumi.Int(60),\n\t\t\t\tSecretVolumes: cloudfunctionsv2.FunctionServiceConfigSecretVolumeArray{\n\t\t\t\t\t\u0026cloudfunctionsv2.FunctionServiceConfigSecretVolumeArgs{\n\t\t\t\t\t\tMountPath: pulumi.String(\"/etc/secrets\"),\n\t\t\t\t\t\tProjectId: pulumi.String(project),\n\t\t\t\t\t\tSecret: secret.SecretId,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsecretSecretVersion,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationUserManagedArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.Function;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceStorageSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionServiceConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = \"my-project-name\";\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(String.format(\"%s-gcf-source\", project))\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var object = new BucketObject(\"object\", BucketObjectArgs.builder()\n .name(\"function-source.zip\")\n .bucket(bucket.name())\n .source(new FileAsset(\"function-source.zip\"))\n .build());\n\n var secret = new Secret(\"secret\", SecretArgs.builder()\n .secretId(\"secret\")\n .replication(SecretReplicationArgs.builder()\n .userManaged(SecretReplicationUserManagedArgs.builder()\n .replicas(SecretReplicationUserManagedReplicaArgs.builder()\n .location(\"us-central1\")\n .build())\n .build())\n .build())\n .build());\n\n var secretSecretVersion = new SecretVersion(\"secretSecretVersion\", SecretVersionArgs.builder()\n .secret(secret.name())\n .secretData(\"secret\")\n .enabled(true)\n .build());\n\n var function = new Function(\"function\", FunctionArgs.builder()\n .name(\"function-secret\")\n .location(\"us-central1\")\n .description(\"a new function\")\n .buildConfig(FunctionBuildConfigArgs.builder()\n .runtime(\"nodejs16\")\n .entryPoint(\"helloHttp\")\n .source(FunctionBuildConfigSourceArgs.builder()\n .storageSource(FunctionBuildConfigSourceStorageSourceArgs.builder()\n .bucket(bucket.name())\n .object(object.name())\n .build())\n .build())\n .build())\n .serviceConfig(FunctionServiceConfigArgs.builder()\n .maxInstanceCount(1)\n .availableMemory(\"256M\")\n .timeoutSeconds(60)\n .secretVolumes(FunctionServiceConfigSecretVolumeArgs.builder()\n .mountPath(\"/etc/secrets\")\n .projectId(project)\n .secret(secret.secretId())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(secretSecretVersion)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: ${project}-gcf-source\n location: US\n uniformBucketLevelAccess: true\n object:\n type: gcp:storage:BucketObject\n properties:\n name: function-source.zip\n bucket: ${bucket.name}\n source:\n fn::FileAsset: function-source.zip\n function:\n type: gcp:cloudfunctionsv2:Function\n properties:\n name: function-secret\n location: us-central1\n description: a new function\n buildConfig:\n runtime: nodejs16\n entryPoint: helloHttp\n source:\n storageSource:\n bucket: ${bucket.name}\n object: ${object.name}\n serviceConfig:\n maxInstanceCount: 1\n availableMemory: 256M\n timeoutSeconds: 60\n secretVolumes:\n - mountPath: /etc/secrets\n projectId: ${project}\n secret: ${secret.secretId}\n options:\n dependsOn:\n - ${secretSecretVersion}\n secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: secret\n replication:\n userManaged:\n replicas:\n - location: us-central1\n secretSecretVersion:\n type: gcp:secretmanager:SecretVersion\n name: secret\n properties:\n secret: ${secret.name}\n secretData: secret\n enabled: true\nvariables:\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudfunctions2 Private Workerpool\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = \"my-project-name\";\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: `${project}-gcf-source`,\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst object = new gcp.storage.BucketObject(\"object\", {\n name: \"function-source.zip\",\n bucket: bucket.name,\n source: new pulumi.asset.FileAsset(\"function-source.zip\"),\n});\nconst pool = new gcp.cloudbuild.WorkerPool(\"pool\", {\n name: \"workerpool\",\n location: \"us-central1\",\n workerConfig: {\n diskSizeGb: 100,\n machineType: \"e2-standard-8\",\n noExternalIp: false,\n },\n});\nconst _function = new gcp.cloudfunctionsv2.Function(\"function\", {\n name: \"function-workerpool\",\n location: \"us-central1\",\n description: \"a new function\",\n buildConfig: {\n runtime: \"nodejs16\",\n entryPoint: \"helloHttp\",\n source: {\n storageSource: {\n bucket: bucket.name,\n object: object.name,\n },\n },\n workerPool: pool.id,\n },\n serviceConfig: {\n maxInstanceCount: 1,\n availableMemory: \"256M\",\n timeoutSeconds: 60,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = \"my-project-name\"\nbucket = gcp.storage.Bucket(\"bucket\",\n name=f\"{project}-gcf-source\",\n location=\"US\",\n uniform_bucket_level_access=True)\nobject = gcp.storage.BucketObject(\"object\",\n name=\"function-source.zip\",\n bucket=bucket.name,\n source=pulumi.FileAsset(\"function-source.zip\"))\npool = gcp.cloudbuild.WorkerPool(\"pool\",\n name=\"workerpool\",\n location=\"us-central1\",\n worker_config={\n \"disk_size_gb\": 100,\n \"machine_type\": \"e2-standard-8\",\n \"no_external_ip\": False,\n })\nfunction = gcp.cloudfunctionsv2.Function(\"function\",\n name=\"function-workerpool\",\n location=\"us-central1\",\n description=\"a new function\",\n build_config={\n \"runtime\": \"nodejs16\",\n \"entry_point\": \"helloHttp\",\n \"source\": {\n \"storage_source\": {\n \"bucket\": bucket.name,\n \"object\": object.name,\n },\n },\n \"worker_pool\": pool.id,\n },\n service_config={\n \"max_instance_count\": 1,\n \"available_memory\": \"256M\",\n \"timeout_seconds\": 60,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = \"my-project-name\";\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = $\"{project}-gcf-source\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var @object = new Gcp.Storage.BucketObject(\"object\", new()\n {\n Name = \"function-source.zip\",\n Bucket = bucket.Name,\n Source = new FileAsset(\"function-source.zip\"),\n });\n\n var pool = new Gcp.CloudBuild.WorkerPool(\"pool\", new()\n {\n Name = \"workerpool\",\n Location = \"us-central1\",\n WorkerConfig = new Gcp.CloudBuild.Inputs.WorkerPoolWorkerConfigArgs\n {\n DiskSizeGb = 100,\n MachineType = \"e2-standard-8\",\n NoExternalIp = false,\n },\n });\n\n var function = new Gcp.CloudFunctionsV2.Function(\"function\", new()\n {\n Name = \"function-workerpool\",\n Location = \"us-central1\",\n Description = \"a new function\",\n BuildConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigArgs\n {\n Runtime = \"nodejs16\",\n EntryPoint = \"helloHttp\",\n Source = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceArgs\n {\n StorageSource = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceStorageSourceArgs\n {\n Bucket = bucket.Name,\n Object = @object.Name,\n },\n },\n WorkerPool = pool.Id,\n },\n ServiceConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionServiceConfigArgs\n {\n MaxInstanceCount = 1,\n AvailableMemory = \"256M\",\n TimeoutSeconds = 60,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject := \"my-project-name\"\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.Sprintf(\"%v-gcf-source\", project),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tobject, err := storage.NewBucketObject(ctx, \"object\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"function-source.zip\"),\n\t\t\tBucket: bucket.Name,\n\t\t\tSource: pulumi.NewFileAsset(\"function-source.zip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpool, err := cloudbuild.NewWorkerPool(ctx, \"pool\", \u0026cloudbuild.WorkerPoolArgs{\n\t\t\tName: pulumi.String(\"workerpool\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tWorkerConfig: \u0026cloudbuild.WorkerPoolWorkerConfigArgs{\n\t\t\t\tDiskSizeGb: pulumi.Int(100),\n\t\t\t\tMachineType: pulumi.String(\"e2-standard-8\"),\n\t\t\t\tNoExternalIp: pulumi.Bool(false),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunction(ctx, \"function\", \u0026cloudfunctionsv2.FunctionArgs{\n\t\t\tName: pulumi.String(\"function-workerpool\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"a new function\"),\n\t\t\tBuildConfig: \u0026cloudfunctionsv2.FunctionBuildConfigArgs{\n\t\t\t\tRuntime: pulumi.String(\"nodejs16\"),\n\t\t\t\tEntryPoint: pulumi.String(\"helloHttp\"),\n\t\t\t\tSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceArgs{\n\t\t\t\t\tStorageSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs{\n\t\t\t\t\t\tBucket: bucket.Name,\n\t\t\t\t\t\tObject: object.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tWorkerPool: pool.ID(),\n\t\t\t},\n\t\t\tServiceConfig: \u0026cloudfunctionsv2.FunctionServiceConfigArgs{\n\t\t\t\tMaxInstanceCount: pulumi.Int(1),\n\t\t\t\tAvailableMemory: pulumi.String(\"256M\"),\n\t\t\t\tTimeoutSeconds: pulumi.Int(60),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.cloudbuild.WorkerPool;\nimport com.pulumi.gcp.cloudbuild.WorkerPoolArgs;\nimport com.pulumi.gcp.cloudbuild.inputs.WorkerPoolWorkerConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.Function;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceStorageSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionServiceConfigArgs;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = \"my-project-name\";\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(String.format(\"%s-gcf-source\", project))\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var object = new BucketObject(\"object\", BucketObjectArgs.builder()\n .name(\"function-source.zip\")\n .bucket(bucket.name())\n .source(new FileAsset(\"function-source.zip\"))\n .build());\n\n var pool = new WorkerPool(\"pool\", WorkerPoolArgs.builder()\n .name(\"workerpool\")\n .location(\"us-central1\")\n .workerConfig(WorkerPoolWorkerConfigArgs.builder()\n .diskSizeGb(100)\n .machineType(\"e2-standard-8\")\n .noExternalIp(false)\n .build())\n .build());\n\n var function = new Function(\"function\", FunctionArgs.builder()\n .name(\"function-workerpool\")\n .location(\"us-central1\")\n .description(\"a new function\")\n .buildConfig(FunctionBuildConfigArgs.builder()\n .runtime(\"nodejs16\")\n .entryPoint(\"helloHttp\")\n .source(FunctionBuildConfigSourceArgs.builder()\n .storageSource(FunctionBuildConfigSourceStorageSourceArgs.builder()\n .bucket(bucket.name())\n .object(object.name())\n .build())\n .build())\n .workerPool(pool.id())\n .build())\n .serviceConfig(FunctionServiceConfigArgs.builder()\n .maxInstanceCount(1)\n .availableMemory(\"256M\")\n .timeoutSeconds(60)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: ${project}-gcf-source\n location: US\n uniformBucketLevelAccess: true\n object:\n type: gcp:storage:BucketObject\n properties:\n name: function-source.zip\n bucket: ${bucket.name}\n source:\n fn::FileAsset: function-source.zip\n pool:\n type: gcp:cloudbuild:WorkerPool\n properties:\n name: workerpool\n location: us-central1\n workerConfig:\n diskSizeGb: 100\n machineType: e2-standard-8\n noExternalIp: false\n function:\n type: gcp:cloudfunctionsv2:Function\n properties:\n name: function-workerpool\n location: us-central1\n description: a new function\n buildConfig:\n runtime: nodejs16\n entryPoint: helloHttp\n source:\n storageSource:\n bucket: ${bucket.name}\n object: ${object.name}\n workerPool: ${pool.id}\n serviceConfig:\n maxInstanceCount: 1\n availableMemory: 256M\n timeoutSeconds: 60\nvariables:\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudfunctions2 Cmek Docs\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = \"my-project-name\";\nconst projectGetProject = gcp.organizations.getProject({});\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: `${project}-gcf-source`,\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst object = new gcp.storage.BucketObject(\"object\", {\n name: \"function-source.zip\",\n bucket: bucket.name,\n source: new pulumi.asset.FileAsset(\"function-source.zip\"),\n});\nconst eaSa = new gcp.projects.ServiceIdentity(\"ea_sa\", {\n project: projectGetProject.then(projectGetProject =\u003e projectGetProject.projectId),\n service: \"eventarc.googleapis.com\",\n});\nconst unencoded_ar_repo = new gcp.artifactregistry.Repository(\"unencoded-ar-repo\", {\n repositoryId: \"ar-repo\",\n location: \"us-central1\",\n format: \"DOCKER\",\n});\nconst gcfCmekKeyuser = new gcp.kms.CryptoKeyIAMBinding(\"gcf_cmek_keyuser\", {\n cryptoKeyId: \"cmek-key\",\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n members: [\n projectGetProject.then(projectGetProject =\u003e `serviceAccount:service-${projectGetProject.number}@gcf-admin-robot.iam.gserviceaccount.com`),\n projectGetProject.then(projectGetProject =\u003e `serviceAccount:service-${projectGetProject.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com`),\n projectGetProject.then(projectGetProject =\u003e `serviceAccount:service-${projectGetProject.number}@gs-project-accounts.iam.gserviceaccount.com`),\n projectGetProject.then(projectGetProject =\u003e `serviceAccount:service-${projectGetProject.number}@serverless-robot-prod.iam.gserviceaccount.com`),\n eaSa.member,\n ],\n}, {\n dependsOn: [eaSa],\n});\nconst encoded_ar_repo = new gcp.artifactregistry.Repository(\"encoded-ar-repo\", {\n location: \"us-central1\",\n repositoryId: \"cmek-repo\",\n format: \"DOCKER\",\n kmsKeyName: \"cmek-key\",\n}, {\n dependsOn: [gcfCmekKeyuser],\n});\nconst binding = new gcp.artifactregistry.RepositoryIamBinding(\"binding\", {\n location: encoded_ar_repo.location,\n repository: encoded_ar_repo.name,\n role: \"roles/artifactregistry.admin\",\n members: [projectGetProject.then(projectGetProject =\u003e `serviceAccount:service-${projectGetProject.number}@gcf-admin-robot.iam.gserviceaccount.com`)],\n});\nconst _function = new gcp.cloudfunctionsv2.Function(\"function\", {\n name: \"function-cmek\",\n location: \"us-central1\",\n description: \"CMEK function\",\n kmsKeyName: \"cmek-key\",\n buildConfig: {\n runtime: \"nodejs16\",\n entryPoint: \"helloHttp\",\n dockerRepository: encoded_ar_repo.id,\n source: {\n storageSource: {\n bucket: bucket.name,\n object: object.name,\n },\n },\n },\n serviceConfig: {\n maxInstanceCount: 1,\n availableMemory: \"256M\",\n timeoutSeconds: 60,\n },\n}, {\n dependsOn: [gcfCmekKeyuser],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = \"my-project-name\"\nproject_get_project = gcp.organizations.get_project()\nbucket = gcp.storage.Bucket(\"bucket\",\n name=f\"{project}-gcf-source\",\n location=\"US\",\n uniform_bucket_level_access=True)\nobject = gcp.storage.BucketObject(\"object\",\n name=\"function-source.zip\",\n bucket=bucket.name,\n source=pulumi.FileAsset(\"function-source.zip\"))\nea_sa = gcp.projects.ServiceIdentity(\"ea_sa\",\n project=project_get_project.project_id,\n service=\"eventarc.googleapis.com\")\nunencoded_ar_repo = gcp.artifactregistry.Repository(\"unencoded-ar-repo\",\n repository_id=\"ar-repo\",\n location=\"us-central1\",\n format=\"DOCKER\")\ngcf_cmek_keyuser = gcp.kms.CryptoKeyIAMBinding(\"gcf_cmek_keyuser\",\n crypto_key_id=\"cmek-key\",\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n members=[\n f\"serviceAccount:service-{project_get_project.number}@gcf-admin-robot.iam.gserviceaccount.com\",\n f\"serviceAccount:service-{project_get_project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\",\n f\"serviceAccount:service-{project_get_project.number}@gs-project-accounts.iam.gserviceaccount.com\",\n f\"serviceAccount:service-{project_get_project.number}@serverless-robot-prod.iam.gserviceaccount.com\",\n ea_sa.member,\n ],\n opts = pulumi.ResourceOptions(depends_on=[ea_sa]))\nencoded_ar_repo = gcp.artifactregistry.Repository(\"encoded-ar-repo\",\n location=\"us-central1\",\n repository_id=\"cmek-repo\",\n format=\"DOCKER\",\n kms_key_name=\"cmek-key\",\n opts = pulumi.ResourceOptions(depends_on=[gcf_cmek_keyuser]))\nbinding = gcp.artifactregistry.RepositoryIamBinding(\"binding\",\n location=encoded_ar_repo.location,\n repository=encoded_ar_repo.name,\n role=\"roles/artifactregistry.admin\",\n members=[f\"serviceAccount:service-{project_get_project.number}@gcf-admin-robot.iam.gserviceaccount.com\"])\nfunction = gcp.cloudfunctionsv2.Function(\"function\",\n name=\"function-cmek\",\n location=\"us-central1\",\n description=\"CMEK function\",\n kms_key_name=\"cmek-key\",\n build_config={\n \"runtime\": \"nodejs16\",\n \"entry_point\": \"helloHttp\",\n \"docker_repository\": encoded_ar_repo.id,\n \"source\": {\n \"storage_source\": {\n \"bucket\": bucket.name,\n \"object\": object.name,\n },\n },\n },\n service_config={\n \"max_instance_count\": 1,\n \"available_memory\": \"256M\",\n \"timeout_seconds\": 60,\n },\n opts = pulumi.ResourceOptions(depends_on=[gcf_cmek_keyuser]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = \"my-project-name\";\n\n var projectGetProject = Gcp.Organizations.GetProject.Invoke();\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = $\"{project}-gcf-source\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var @object = new Gcp.Storage.BucketObject(\"object\", new()\n {\n Name = \"function-source.zip\",\n Bucket = bucket.Name,\n Source = new FileAsset(\"function-source.zip\"),\n });\n\n var eaSa = new Gcp.Projects.ServiceIdentity(\"ea_sa\", new()\n {\n Project = projectGetProject.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n Service = \"eventarc.googleapis.com\",\n });\n\n var unencoded_ar_repo = new Gcp.ArtifactRegistry.Repository(\"unencoded-ar-repo\", new()\n {\n RepositoryId = \"ar-repo\",\n Location = \"us-central1\",\n Format = \"DOCKER\",\n });\n\n var gcfCmekKeyuser = new Gcp.Kms.CryptoKeyIAMBinding(\"gcf_cmek_keyuser\", new()\n {\n CryptoKeyId = \"cmek-key\",\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Members = new[]\n {\n $\"serviceAccount:service-{projectGetProject.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcf-admin-robot.iam.gserviceaccount.com\",\n $\"serviceAccount:service-{projectGetProject.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-artifactregistry.iam.gserviceaccount.com\",\n $\"serviceAccount:service-{projectGetProject.Apply(getProjectResult =\u003e getProjectResult.Number)}@gs-project-accounts.iam.gserviceaccount.com\",\n $\"serviceAccount:service-{projectGetProject.Apply(getProjectResult =\u003e getProjectResult.Number)}@serverless-robot-prod.iam.gserviceaccount.com\",\n eaSa.Member,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n eaSa,\n },\n });\n\n var encoded_ar_repo = new Gcp.ArtifactRegistry.Repository(\"encoded-ar-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"cmek-repo\",\n Format = \"DOCKER\",\n KmsKeyName = \"cmek-key\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n gcfCmekKeyuser,\n },\n });\n\n var binding = new Gcp.ArtifactRegistry.RepositoryIamBinding(\"binding\", new()\n {\n Location = encoded_ar_repo.Location,\n Repository = encoded_ar_repo.Name,\n Role = \"roles/artifactregistry.admin\",\n Members = new[]\n {\n $\"serviceAccount:service-{projectGetProject.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcf-admin-robot.iam.gserviceaccount.com\",\n },\n });\n\n var function = new Gcp.CloudFunctionsV2.Function(\"function\", new()\n {\n Name = \"function-cmek\",\n Location = \"us-central1\",\n Description = \"CMEK function\",\n KmsKeyName = \"cmek-key\",\n BuildConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigArgs\n {\n Runtime = \"nodejs16\",\n EntryPoint = \"helloHttp\",\n DockerRepository = encoded_ar_repo.Id,\n Source = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceArgs\n {\n StorageSource = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceStorageSourceArgs\n {\n Bucket = bucket.Name,\n Object = @object.Name,\n },\n },\n },\n ServiceConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionServiceConfigArgs\n {\n MaxInstanceCount = 1,\n AvailableMemory = \"256M\",\n TimeoutSeconds = 60,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n gcfCmekKeyuser,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject := \"my-project-name\"\n\t\tprojectGetProject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.Sprintf(\"%v-gcf-source\", project),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tobject, err := storage.NewBucketObject(ctx, \"object\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"function-source.zip\"),\n\t\t\tBucket: bucket.Name,\n\t\t\tSource: pulumi.NewFileAsset(\"function-source.zip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\teaSa, err := projects.NewServiceIdentity(ctx, \"ea_sa\", \u0026projects.ServiceIdentityArgs{\n\t\t\tProject: pulumi.String(projectGetProject.ProjectId),\n\t\t\tService: pulumi.String(\"eventarc.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"unencoded-ar-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tRepositoryId: pulumi.String(\"ar-repo\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgcfCmekKeyuser, err := kms.NewCryptoKeyIAMBinding(ctx, \"gcf_cmek_keyuser\", \u0026kms.CryptoKeyIAMBindingArgs{\n\t\t\tCryptoKeyId: pulumi.String(\"cmek-key\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:service-%v@gcf-admin-robot.iam.gserviceaccount.com\", projectGetProject.Number),\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-artifactregistry.iam.gserviceaccount.com\", projectGetProject.Number),\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:service-%v@gs-project-accounts.iam.gserviceaccount.com\", projectGetProject.Number),\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:service-%v@serverless-robot-prod.iam.gserviceaccount.com\", projectGetProject.Number),\n\t\t\t\teaSa.Member,\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\teaSa,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"encoded-ar-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"cmek-repo\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tKmsKeyName: pulumi.String(\"cmek-key\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tgcfCmekKeyuser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepositoryIamBinding(ctx, \"binding\", \u0026artifactregistry.RepositoryIamBindingArgs{\n\t\t\tLocation: encoded_ar_repo.Location,\n\t\t\tRepository: encoded_ar_repo.Name,\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:service-%v@gcf-admin-robot.iam.gserviceaccount.com\", projectGetProject.Number),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunction(ctx, \"function\", \u0026cloudfunctionsv2.FunctionArgs{\n\t\t\tName: pulumi.String(\"function-cmek\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"CMEK function\"),\n\t\t\tKmsKeyName: pulumi.String(\"cmek-key\"),\n\t\t\tBuildConfig: \u0026cloudfunctionsv2.FunctionBuildConfigArgs{\n\t\t\t\tRuntime: pulumi.String(\"nodejs16\"),\n\t\t\t\tEntryPoint: pulumi.String(\"helloHttp\"),\n\t\t\t\tDockerRepository: encoded_ar_repo.ID(),\n\t\t\t\tSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceArgs{\n\t\t\t\t\tStorageSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs{\n\t\t\t\t\t\tBucket: bucket.Name,\n\t\t\t\t\t\tObject: object.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tServiceConfig: \u0026cloudfunctionsv2.FunctionServiceConfigArgs{\n\t\t\t\tMaxInstanceCount: pulumi.Int(1),\n\t\t\t\tAvailableMemory: pulumi.String(\"256M\"),\n\t\t\t\tTimeoutSeconds: pulumi.Int(60),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tgcfCmekKeyuser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.projects.ServiceIdentity;\nimport com.pulumi.gcp.projects.ServiceIdentityArgs;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBinding;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBinding;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBindingArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.Function;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceStorageSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionServiceConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = \"my-project-name\";\n\n final var projectGetProject = OrganizationsFunctions.getProject();\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(String.format(\"%s-gcf-source\", project))\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var object = new BucketObject(\"object\", BucketObjectArgs.builder()\n .name(\"function-source.zip\")\n .bucket(bucket.name())\n .source(new FileAsset(\"function-source.zip\"))\n .build());\n\n var eaSa = new ServiceIdentity(\"eaSa\", ServiceIdentityArgs.builder()\n .project(projectGetProject.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .service(\"eventarc.googleapis.com\")\n .build());\n\n var unencoded_ar_repo = new Repository(\"unencoded-ar-repo\", RepositoryArgs.builder()\n .repositoryId(\"ar-repo\")\n .location(\"us-central1\")\n .format(\"DOCKER\")\n .build());\n\n var gcfCmekKeyuser = new CryptoKeyIAMBinding(\"gcfCmekKeyuser\", CryptoKeyIAMBindingArgs.builder()\n .cryptoKeyId(\"cmek-key\")\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .members( \n String.format(\"serviceAccount:service-%s@gcf-admin-robot.iam.gserviceaccount.com\", projectGetProject.applyValue(getProjectResult -\u003e getProjectResult.number())),\n String.format(\"serviceAccount:service-%s@gcp-sa-artifactregistry.iam.gserviceaccount.com\", projectGetProject.applyValue(getProjectResult -\u003e getProjectResult.number())),\n String.format(\"serviceAccount:service-%s@gs-project-accounts.iam.gserviceaccount.com\", projectGetProject.applyValue(getProjectResult -\u003e getProjectResult.number())),\n String.format(\"serviceAccount:service-%s@serverless-robot-prod.iam.gserviceaccount.com\", projectGetProject.applyValue(getProjectResult -\u003e getProjectResult.number())),\n eaSa.member())\n .build(), CustomResourceOptions.builder()\n .dependsOn(eaSa)\n .build());\n\n var encoded_ar_repo = new Repository(\"encoded-ar-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"cmek-repo\")\n .format(\"DOCKER\")\n .kmsKeyName(\"cmek-key\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(gcfCmekKeyuser)\n .build());\n\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .location(encoded_ar_repo.location())\n .repository(encoded_ar_repo.name())\n .role(\"roles/artifactregistry.admin\")\n .members(String.format(\"serviceAccount:service-%s@gcf-admin-robot.iam.gserviceaccount.com\", projectGetProject.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var function = new Function(\"function\", FunctionArgs.builder()\n .name(\"function-cmek\")\n .location(\"us-central1\")\n .description(\"CMEK function\")\n .kmsKeyName(\"cmek-key\")\n .buildConfig(FunctionBuildConfigArgs.builder()\n .runtime(\"nodejs16\")\n .entryPoint(\"helloHttp\")\n .dockerRepository(encoded_ar_repo.id())\n .source(FunctionBuildConfigSourceArgs.builder()\n .storageSource(FunctionBuildConfigSourceStorageSourceArgs.builder()\n .bucket(bucket.name())\n .object(object.name())\n .build())\n .build())\n .build())\n .serviceConfig(FunctionServiceConfigArgs.builder()\n .maxInstanceCount(1)\n .availableMemory(\"256M\")\n .timeoutSeconds(60)\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(gcfCmekKeyuser)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: ${project}-gcf-source\n location: US\n uniformBucketLevelAccess: true\n object:\n type: gcp:storage:BucketObject\n properties:\n name: function-source.zip\n bucket: ${bucket.name}\n source:\n fn::FileAsset: function-source.zip\n eaSa:\n type: gcp:projects:ServiceIdentity\n name: ea_sa\n properties:\n project: ${projectGetProject.projectId}\n service: eventarc.googleapis.com\n unencoded-ar-repo:\n type: gcp:artifactregistry:Repository\n properties:\n repositoryId: ar-repo\n location: us-central1\n format: DOCKER\n binding:\n type: gcp:artifactregistry:RepositoryIamBinding\n properties:\n location: ${[\"encoded-ar-repo\"].location}\n repository: ${[\"encoded-ar-repo\"].name}\n role: roles/artifactregistry.admin\n members:\n - serviceAccount:service-${projectGetProject.number}@gcf-admin-robot.iam.gserviceaccount.com\n gcfCmekKeyuser:\n type: gcp:kms:CryptoKeyIAMBinding\n name: gcf_cmek_keyuser\n properties:\n cryptoKeyId: cmek-key\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n members:\n - serviceAccount:service-${projectGetProject.number}@gcf-admin-robot.iam.gserviceaccount.com\n - serviceAccount:service-${projectGetProject.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\n - serviceAccount:service-${projectGetProject.number}@gs-project-accounts.iam.gserviceaccount.com\n - serviceAccount:service-${projectGetProject.number}@serverless-robot-prod.iam.gserviceaccount.com\n - ${eaSa.member}\n options:\n dependsOn:\n - ${eaSa}\n encoded-ar-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: cmek-repo\n format: DOCKER\n kmsKeyName: cmek-key\n options:\n dependsOn:\n - ${gcfCmekKeyuser}\n function:\n type: gcp:cloudfunctionsv2:Function\n properties:\n name: function-cmek\n location: us-central1\n description: CMEK function\n kmsKeyName: cmek-key\n buildConfig:\n runtime: nodejs16\n entryPoint: helloHttp\n dockerRepository: ${[\"encoded-ar-repo\"].id}\n source:\n storageSource:\n bucket: ${bucket.name}\n object: ${object.name}\n serviceConfig:\n maxInstanceCount: 1\n availableMemory: 256M\n timeoutSeconds: 60\n options:\n dependsOn:\n - ${gcfCmekKeyuser}\nvariables:\n project: my-project-name\n projectGetProject:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudfunctions2 Abiu\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = \"my-project-name\";\nconst account = new gcp.serviceaccount.Account(\"account\", {\n accountId: \"gcf-sa\",\n displayName: \"Test Service Account\",\n});\nconst topic = new gcp.pubsub.Topic(\"topic\", {name: \"functions2-topic\"});\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: `${project}-gcf-source`,\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst object = new gcp.storage.BucketObject(\"object\", {\n name: \"function-source.zip\",\n bucket: bucket.name,\n source: new pulumi.asset.FileAsset(\"function-source.zip\"),\n});\nconst _function = new gcp.cloudfunctionsv2.Function(\"function\", {\n name: \"gcf-function\",\n location: \"europe-west6\",\n description: \"a new function\",\n buildConfig: {\n runtime: \"nodejs16\",\n entryPoint: \"helloPubSub\",\n environmentVariables: {\n BUILD_CONFIG_TEST: \"build_test\",\n },\n source: {\n storageSource: {\n bucket: bucket.name,\n object: object.name,\n },\n },\n automaticUpdatePolicy: {},\n },\n serviceConfig: {\n maxInstanceCount: 3,\n minInstanceCount: 1,\n availableMemory: \"4Gi\",\n timeoutSeconds: 60,\n maxInstanceRequestConcurrency: 80,\n availableCpu: \"4\",\n environmentVariables: {\n SERVICE_CONFIG_TEST: \"config_test\",\n },\n ingressSettings: \"ALLOW_INTERNAL_ONLY\",\n allTrafficOnLatestRevision: true,\n serviceAccountEmail: account.email,\n },\n eventTrigger: {\n triggerRegion: \"us-central1\",\n eventType: \"google.cloud.pubsub.topic.v1.messagePublished\",\n pubsubTopic: topic.id,\n retryPolicy: \"RETRY_POLICY_RETRY\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = \"my-project-name\"\naccount = gcp.serviceaccount.Account(\"account\",\n account_id=\"gcf-sa\",\n display_name=\"Test Service Account\")\ntopic = gcp.pubsub.Topic(\"topic\", name=\"functions2-topic\")\nbucket = gcp.storage.Bucket(\"bucket\",\n name=f\"{project}-gcf-source\",\n location=\"US\",\n uniform_bucket_level_access=True)\nobject = gcp.storage.BucketObject(\"object\",\n name=\"function-source.zip\",\n bucket=bucket.name,\n source=pulumi.FileAsset(\"function-source.zip\"))\nfunction = gcp.cloudfunctionsv2.Function(\"function\",\n name=\"gcf-function\",\n location=\"europe-west6\",\n description=\"a new function\",\n build_config={\n \"runtime\": \"nodejs16\",\n \"entry_point\": \"helloPubSub\",\n \"environment_variables\": {\n \"BUILD_CONFIG_TEST\": \"build_test\",\n },\n \"source\": {\n \"storage_source\": {\n \"bucket\": bucket.name,\n \"object\": object.name,\n },\n },\n \"automatic_update_policy\": {},\n },\n service_config={\n \"max_instance_count\": 3,\n \"min_instance_count\": 1,\n \"available_memory\": \"4Gi\",\n \"timeout_seconds\": 60,\n \"max_instance_request_concurrency\": 80,\n \"available_cpu\": \"4\",\n \"environment_variables\": {\n \"SERVICE_CONFIG_TEST\": \"config_test\",\n },\n \"ingress_settings\": \"ALLOW_INTERNAL_ONLY\",\n \"all_traffic_on_latest_revision\": True,\n \"service_account_email\": account.email,\n },\n event_trigger={\n \"trigger_region\": \"us-central1\",\n \"event_type\": \"google.cloud.pubsub.topic.v1.messagePublished\",\n \"pubsub_topic\": topic.id,\n \"retry_policy\": \"RETRY_POLICY_RETRY\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = \"my-project-name\";\n\n var account = new Gcp.ServiceAccount.Account(\"account\", new()\n {\n AccountId = \"gcf-sa\",\n DisplayName = \"Test Service Account\",\n });\n\n var topic = new Gcp.PubSub.Topic(\"topic\", new()\n {\n Name = \"functions2-topic\",\n });\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = $\"{project}-gcf-source\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var @object = new Gcp.Storage.BucketObject(\"object\", new()\n {\n Name = \"function-source.zip\",\n Bucket = bucket.Name,\n Source = new FileAsset(\"function-source.zip\"),\n });\n\n var function = new Gcp.CloudFunctionsV2.Function(\"function\", new()\n {\n Name = \"gcf-function\",\n Location = \"europe-west6\",\n Description = \"a new function\",\n BuildConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigArgs\n {\n Runtime = \"nodejs16\",\n EntryPoint = \"helloPubSub\",\n EnvironmentVariables = \n {\n { \"BUILD_CONFIG_TEST\", \"build_test\" },\n },\n Source = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceArgs\n {\n StorageSource = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceStorageSourceArgs\n {\n Bucket = bucket.Name,\n Object = @object.Name,\n },\n },\n AutomaticUpdatePolicy = null,\n },\n ServiceConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionServiceConfigArgs\n {\n MaxInstanceCount = 3,\n MinInstanceCount = 1,\n AvailableMemory = \"4Gi\",\n TimeoutSeconds = 60,\n MaxInstanceRequestConcurrency = 80,\n AvailableCpu = \"4\",\n EnvironmentVariables = \n {\n { \"SERVICE_CONFIG_TEST\", \"config_test\" },\n },\n IngressSettings = \"ALLOW_INTERNAL_ONLY\",\n AllTrafficOnLatestRevision = true,\n ServiceAccountEmail = account.Email,\n },\n EventTrigger = new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerArgs\n {\n TriggerRegion = \"us-central1\",\n EventType = \"google.cloud.pubsub.topic.v1.messagePublished\",\n PubsubTopic = topic.Id,\n RetryPolicy = \"RETRY_POLICY_RETRY\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject := \"my-project-name\"\n\t\taccount, err := serviceaccount.NewAccount(ctx, \"account\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"gcf-sa\"),\n\t\t\tDisplayName: pulumi.String(\"Test Service Account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttopic, err := pubsub.NewTopic(ctx, \"topic\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"functions2-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.Sprintf(\"%v-gcf-source\", project),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tobject, err := storage.NewBucketObject(ctx, \"object\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"function-source.zip\"),\n\t\t\tBucket: bucket.Name,\n\t\t\tSource: pulumi.NewFileAsset(\"function-source.zip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunction(ctx, \"function\", \u0026cloudfunctionsv2.FunctionArgs{\n\t\t\tName: pulumi.String(\"gcf-function\"),\n\t\t\tLocation: pulumi.String(\"europe-west6\"),\n\t\t\tDescription: pulumi.String(\"a new function\"),\n\t\t\tBuildConfig: \u0026cloudfunctionsv2.FunctionBuildConfigArgs{\n\t\t\t\tRuntime: pulumi.String(\"nodejs16\"),\n\t\t\t\tEntryPoint: pulumi.String(\"helloPubSub\"),\n\t\t\t\tEnvironmentVariables: pulumi.StringMap{\n\t\t\t\t\t\"BUILD_CONFIG_TEST\": pulumi.String(\"build_test\"),\n\t\t\t\t},\n\t\t\t\tSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceArgs{\n\t\t\t\t\tStorageSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs{\n\t\t\t\t\t\tBucket: bucket.Name,\n\t\t\t\t\t\tObject: object.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tAutomaticUpdatePolicy: \u0026cloudfunctionsv2.FunctionBuildConfigAutomaticUpdatePolicyArgs{},\n\t\t\t},\n\t\t\tServiceConfig: \u0026cloudfunctionsv2.FunctionServiceConfigArgs{\n\t\t\t\tMaxInstanceCount: pulumi.Int(3),\n\t\t\t\tMinInstanceCount: pulumi.Int(1),\n\t\t\t\tAvailableMemory: pulumi.String(\"4Gi\"),\n\t\t\t\tTimeoutSeconds: pulumi.Int(60),\n\t\t\t\tMaxInstanceRequestConcurrency: pulumi.Int(80),\n\t\t\t\tAvailableCpu: pulumi.String(\"4\"),\n\t\t\t\tEnvironmentVariables: pulumi.StringMap{\n\t\t\t\t\t\"SERVICE_CONFIG_TEST\": pulumi.String(\"config_test\"),\n\t\t\t\t},\n\t\t\t\tIngressSettings: pulumi.String(\"ALLOW_INTERNAL_ONLY\"),\n\t\t\t\tAllTrafficOnLatestRevision: pulumi.Bool(true),\n\t\t\t\tServiceAccountEmail: account.Email,\n\t\t\t},\n\t\t\tEventTrigger: \u0026cloudfunctionsv2.FunctionEventTriggerArgs{\n\t\t\t\tTriggerRegion: pulumi.String(\"us-central1\"),\n\t\t\t\tEventType: pulumi.String(\"google.cloud.pubsub.topic.v1.messagePublished\"),\n\t\t\t\tPubsubTopic: topic.ID(),\n\t\t\t\tRetryPolicy: pulumi.String(\"RETRY_POLICY_RETRY\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.Function;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceStorageSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigAutomaticUpdatePolicyArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionServiceConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionEventTriggerArgs;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = \"my-project-name\";\n\n var account = new Account(\"account\", AccountArgs.builder()\n .accountId(\"gcf-sa\")\n .displayName(\"Test Service Account\")\n .build());\n\n var topic = new Topic(\"topic\", TopicArgs.builder()\n .name(\"functions2-topic\")\n .build());\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(String.format(\"%s-gcf-source\", project))\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var object = new BucketObject(\"object\", BucketObjectArgs.builder()\n .name(\"function-source.zip\")\n .bucket(bucket.name())\n .source(new FileAsset(\"function-source.zip\"))\n .build());\n\n var function = new Function(\"function\", FunctionArgs.builder()\n .name(\"gcf-function\")\n .location(\"europe-west6\")\n .description(\"a new function\")\n .buildConfig(FunctionBuildConfigArgs.builder()\n .runtime(\"nodejs16\")\n .entryPoint(\"helloPubSub\")\n .environmentVariables(Map.of(\"BUILD_CONFIG_TEST\", \"build_test\"))\n .source(FunctionBuildConfigSourceArgs.builder()\n .storageSource(FunctionBuildConfigSourceStorageSourceArgs.builder()\n .bucket(bucket.name())\n .object(object.name())\n .build())\n .build())\n .automaticUpdatePolicy()\n .build())\n .serviceConfig(FunctionServiceConfigArgs.builder()\n .maxInstanceCount(3)\n .minInstanceCount(1)\n .availableMemory(\"4Gi\")\n .timeoutSeconds(60)\n .maxInstanceRequestConcurrency(80)\n .availableCpu(\"4\")\n .environmentVariables(Map.of(\"SERVICE_CONFIG_TEST\", \"config_test\"))\n .ingressSettings(\"ALLOW_INTERNAL_ONLY\")\n .allTrafficOnLatestRevision(true)\n .serviceAccountEmail(account.email())\n .build())\n .eventTrigger(FunctionEventTriggerArgs.builder()\n .triggerRegion(\"us-central1\")\n .eventType(\"google.cloud.pubsub.topic.v1.messagePublished\")\n .pubsubTopic(topic.id())\n .retryPolicy(\"RETRY_POLICY_RETRY\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n account:\n type: gcp:serviceaccount:Account\n properties:\n accountId: gcf-sa\n displayName: Test Service Account\n topic:\n type: gcp:pubsub:Topic\n properties:\n name: functions2-topic\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: ${project}-gcf-source\n location: US\n uniformBucketLevelAccess: true\n object:\n type: gcp:storage:BucketObject\n properties:\n name: function-source.zip\n bucket: ${bucket.name}\n source:\n fn::FileAsset: function-source.zip\n function:\n type: gcp:cloudfunctionsv2:Function\n properties:\n name: gcf-function\n location: europe-west6\n description: a new function\n buildConfig:\n runtime: nodejs16\n entryPoint: helloPubSub\n environmentVariables:\n BUILD_CONFIG_TEST: build_test\n source:\n storageSource:\n bucket: ${bucket.name}\n object: ${object.name}\n automaticUpdatePolicy: {}\n serviceConfig:\n maxInstanceCount: 3\n minInstanceCount: 1\n availableMemory: 4Gi\n timeoutSeconds: 60\n maxInstanceRequestConcurrency: 80\n availableCpu: '4'\n environmentVariables:\n SERVICE_CONFIG_TEST: config_test\n ingressSettings: ALLOW_INTERNAL_ONLY\n allTrafficOnLatestRevision: true\n serviceAccountEmail: ${account.email}\n eventTrigger:\n triggerRegion: us-central1\n eventType: google.cloud.pubsub.topic.v1.messagePublished\n pubsubTopic: ${topic.id}\n retryPolicy: RETRY_POLICY_RETRY\nvariables:\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudfunctions2 Abiu On Deploy\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = \"my-project-name\";\nconst account = new gcp.serviceaccount.Account(\"account\", {\n accountId: \"gcf-sa\",\n displayName: \"Test Service Account\",\n});\nconst topic = new gcp.pubsub.Topic(\"topic\", {name: \"functions2-topic\"});\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: `${project}-gcf-source`,\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst object = new gcp.storage.BucketObject(\"object\", {\n name: \"function-source.zip\",\n bucket: bucket.name,\n source: new pulumi.asset.FileAsset(\"function-source.zip\"),\n});\nconst _function = new gcp.cloudfunctionsv2.Function(\"function\", {\n name: \"gcf-function\",\n location: \"europe-west6\",\n description: \"a new function\",\n buildConfig: {\n runtime: \"nodejs16\",\n entryPoint: \"helloPubSub\",\n environmentVariables: {\n BUILD_CONFIG_TEST: \"build_test\",\n },\n source: {\n storageSource: {\n bucket: bucket.name,\n object: object.name,\n },\n },\n onDeployUpdatePolicy: {},\n },\n serviceConfig: {\n maxInstanceCount: 3,\n minInstanceCount: 1,\n availableMemory: \"4Gi\",\n timeoutSeconds: 60,\n maxInstanceRequestConcurrency: 80,\n availableCpu: \"4\",\n environmentVariables: {\n SERVICE_CONFIG_TEST: \"config_test\",\n },\n ingressSettings: \"ALLOW_INTERNAL_ONLY\",\n allTrafficOnLatestRevision: true,\n serviceAccountEmail: account.email,\n },\n eventTrigger: {\n triggerRegion: \"us-central1\",\n eventType: \"google.cloud.pubsub.topic.v1.messagePublished\",\n pubsubTopic: topic.id,\n retryPolicy: \"RETRY_POLICY_RETRY\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = \"my-project-name\"\naccount = gcp.serviceaccount.Account(\"account\",\n account_id=\"gcf-sa\",\n display_name=\"Test Service Account\")\ntopic = gcp.pubsub.Topic(\"topic\", name=\"functions2-topic\")\nbucket = gcp.storage.Bucket(\"bucket\",\n name=f\"{project}-gcf-source\",\n location=\"US\",\n uniform_bucket_level_access=True)\nobject = gcp.storage.BucketObject(\"object\",\n name=\"function-source.zip\",\n bucket=bucket.name,\n source=pulumi.FileAsset(\"function-source.zip\"))\nfunction = gcp.cloudfunctionsv2.Function(\"function\",\n name=\"gcf-function\",\n location=\"europe-west6\",\n description=\"a new function\",\n build_config={\n \"runtime\": \"nodejs16\",\n \"entry_point\": \"helloPubSub\",\n \"environment_variables\": {\n \"BUILD_CONFIG_TEST\": \"build_test\",\n },\n \"source\": {\n \"storage_source\": {\n \"bucket\": bucket.name,\n \"object\": object.name,\n },\n },\n \"on_deploy_update_policy\": {},\n },\n service_config={\n \"max_instance_count\": 3,\n \"min_instance_count\": 1,\n \"available_memory\": \"4Gi\",\n \"timeout_seconds\": 60,\n \"max_instance_request_concurrency\": 80,\n \"available_cpu\": \"4\",\n \"environment_variables\": {\n \"SERVICE_CONFIG_TEST\": \"config_test\",\n },\n \"ingress_settings\": \"ALLOW_INTERNAL_ONLY\",\n \"all_traffic_on_latest_revision\": True,\n \"service_account_email\": account.email,\n },\n event_trigger={\n \"trigger_region\": \"us-central1\",\n \"event_type\": \"google.cloud.pubsub.topic.v1.messagePublished\",\n \"pubsub_topic\": topic.id,\n \"retry_policy\": \"RETRY_POLICY_RETRY\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = \"my-project-name\";\n\n var account = new Gcp.ServiceAccount.Account(\"account\", new()\n {\n AccountId = \"gcf-sa\",\n DisplayName = \"Test Service Account\",\n });\n\n var topic = new Gcp.PubSub.Topic(\"topic\", new()\n {\n Name = \"functions2-topic\",\n });\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = $\"{project}-gcf-source\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var @object = new Gcp.Storage.BucketObject(\"object\", new()\n {\n Name = \"function-source.zip\",\n Bucket = bucket.Name,\n Source = new FileAsset(\"function-source.zip\"),\n });\n\n var function = new Gcp.CloudFunctionsV2.Function(\"function\", new()\n {\n Name = \"gcf-function\",\n Location = \"europe-west6\",\n Description = \"a new function\",\n BuildConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigArgs\n {\n Runtime = \"nodejs16\",\n EntryPoint = \"helloPubSub\",\n EnvironmentVariables = \n {\n { \"BUILD_CONFIG_TEST\", \"build_test\" },\n },\n Source = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceArgs\n {\n StorageSource = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceStorageSourceArgs\n {\n Bucket = bucket.Name,\n Object = @object.Name,\n },\n },\n OnDeployUpdatePolicy = null,\n },\n ServiceConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionServiceConfigArgs\n {\n MaxInstanceCount = 3,\n MinInstanceCount = 1,\n AvailableMemory = \"4Gi\",\n TimeoutSeconds = 60,\n MaxInstanceRequestConcurrency = 80,\n AvailableCpu = \"4\",\n EnvironmentVariables = \n {\n { \"SERVICE_CONFIG_TEST\", \"config_test\" },\n },\n IngressSettings = \"ALLOW_INTERNAL_ONLY\",\n AllTrafficOnLatestRevision = true,\n ServiceAccountEmail = account.Email,\n },\n EventTrigger = new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerArgs\n {\n TriggerRegion = \"us-central1\",\n EventType = \"google.cloud.pubsub.topic.v1.messagePublished\",\n PubsubTopic = topic.Id,\n RetryPolicy = \"RETRY_POLICY_RETRY\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject := \"my-project-name\"\n\t\taccount, err := serviceaccount.NewAccount(ctx, \"account\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"gcf-sa\"),\n\t\t\tDisplayName: pulumi.String(\"Test Service Account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttopic, err := pubsub.NewTopic(ctx, \"topic\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"functions2-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.Sprintf(\"%v-gcf-source\", project),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tobject, err := storage.NewBucketObject(ctx, \"object\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"function-source.zip\"),\n\t\t\tBucket: bucket.Name,\n\t\t\tSource: pulumi.NewFileAsset(\"function-source.zip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunction(ctx, \"function\", \u0026cloudfunctionsv2.FunctionArgs{\n\t\t\tName: pulumi.String(\"gcf-function\"),\n\t\t\tLocation: pulumi.String(\"europe-west6\"),\n\t\t\tDescription: pulumi.String(\"a new function\"),\n\t\t\tBuildConfig: \u0026cloudfunctionsv2.FunctionBuildConfigArgs{\n\t\t\t\tRuntime: pulumi.String(\"nodejs16\"),\n\t\t\t\tEntryPoint: pulumi.String(\"helloPubSub\"),\n\t\t\t\tEnvironmentVariables: pulumi.StringMap{\n\t\t\t\t\t\"BUILD_CONFIG_TEST\": pulumi.String(\"build_test\"),\n\t\t\t\t},\n\t\t\t\tSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceArgs{\n\t\t\t\t\tStorageSource: \u0026cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs{\n\t\t\t\t\t\tBucket: bucket.Name,\n\t\t\t\t\t\tObject: object.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tOnDeployUpdatePolicy: \u0026cloudfunctionsv2.FunctionBuildConfigOnDeployUpdatePolicyArgs{},\n\t\t\t},\n\t\t\tServiceConfig: \u0026cloudfunctionsv2.FunctionServiceConfigArgs{\n\t\t\t\tMaxInstanceCount: pulumi.Int(3),\n\t\t\t\tMinInstanceCount: pulumi.Int(1),\n\t\t\t\tAvailableMemory: pulumi.String(\"4Gi\"),\n\t\t\t\tTimeoutSeconds: pulumi.Int(60),\n\t\t\t\tMaxInstanceRequestConcurrency: pulumi.Int(80),\n\t\t\t\tAvailableCpu: pulumi.String(\"4\"),\n\t\t\t\tEnvironmentVariables: pulumi.StringMap{\n\t\t\t\t\t\"SERVICE_CONFIG_TEST\": pulumi.String(\"config_test\"),\n\t\t\t\t},\n\t\t\t\tIngressSettings: pulumi.String(\"ALLOW_INTERNAL_ONLY\"),\n\t\t\t\tAllTrafficOnLatestRevision: pulumi.Bool(true),\n\t\t\t\tServiceAccountEmail: account.Email,\n\t\t\t},\n\t\t\tEventTrigger: \u0026cloudfunctionsv2.FunctionEventTriggerArgs{\n\t\t\t\tTriggerRegion: pulumi.String(\"us-central1\"),\n\t\t\t\tEventType: pulumi.String(\"google.cloud.pubsub.topic.v1.messagePublished\"),\n\t\t\t\tPubsubTopic: topic.ID(),\n\t\t\t\tRetryPolicy: pulumi.String(\"RETRY_POLICY_RETRY\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.Function;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceStorageSourceArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigOnDeployUpdatePolicyArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionServiceConfigArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionEventTriggerArgs;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = \"my-project-name\";\n\n var account = new Account(\"account\", AccountArgs.builder()\n .accountId(\"gcf-sa\")\n .displayName(\"Test Service Account\")\n .build());\n\n var topic = new Topic(\"topic\", TopicArgs.builder()\n .name(\"functions2-topic\")\n .build());\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(String.format(\"%s-gcf-source\", project))\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var object = new BucketObject(\"object\", BucketObjectArgs.builder()\n .name(\"function-source.zip\")\n .bucket(bucket.name())\n .source(new FileAsset(\"function-source.zip\"))\n .build());\n\n var function = new Function(\"function\", FunctionArgs.builder()\n .name(\"gcf-function\")\n .location(\"europe-west6\")\n .description(\"a new function\")\n .buildConfig(FunctionBuildConfigArgs.builder()\n .runtime(\"nodejs16\")\n .entryPoint(\"helloPubSub\")\n .environmentVariables(Map.of(\"BUILD_CONFIG_TEST\", \"build_test\"))\n .source(FunctionBuildConfigSourceArgs.builder()\n .storageSource(FunctionBuildConfigSourceStorageSourceArgs.builder()\n .bucket(bucket.name())\n .object(object.name())\n .build())\n .build())\n .onDeployUpdatePolicy()\n .build())\n .serviceConfig(FunctionServiceConfigArgs.builder()\n .maxInstanceCount(3)\n .minInstanceCount(1)\n .availableMemory(\"4Gi\")\n .timeoutSeconds(60)\n .maxInstanceRequestConcurrency(80)\n .availableCpu(\"4\")\n .environmentVariables(Map.of(\"SERVICE_CONFIG_TEST\", \"config_test\"))\n .ingressSettings(\"ALLOW_INTERNAL_ONLY\")\n .allTrafficOnLatestRevision(true)\n .serviceAccountEmail(account.email())\n .build())\n .eventTrigger(FunctionEventTriggerArgs.builder()\n .triggerRegion(\"us-central1\")\n .eventType(\"google.cloud.pubsub.topic.v1.messagePublished\")\n .pubsubTopic(topic.id())\n .retryPolicy(\"RETRY_POLICY_RETRY\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n account:\n type: gcp:serviceaccount:Account\n properties:\n accountId: gcf-sa\n displayName: Test Service Account\n topic:\n type: gcp:pubsub:Topic\n properties:\n name: functions2-topic\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: ${project}-gcf-source\n location: US\n uniformBucketLevelAccess: true\n object:\n type: gcp:storage:BucketObject\n properties:\n name: function-source.zip\n bucket: ${bucket.name}\n source:\n fn::FileAsset: function-source.zip\n function:\n type: gcp:cloudfunctionsv2:Function\n properties:\n name: gcf-function\n location: europe-west6\n description: a new function\n buildConfig:\n runtime: nodejs16\n entryPoint: helloPubSub\n environmentVariables:\n BUILD_CONFIG_TEST: build_test\n source:\n storageSource:\n bucket: ${bucket.name}\n object: ${object.name}\n onDeployUpdatePolicy: {}\n serviceConfig:\n maxInstanceCount: 3\n minInstanceCount: 1\n availableMemory: 4Gi\n timeoutSeconds: 60\n maxInstanceRequestConcurrency: 80\n availableCpu: '4'\n environmentVariables:\n SERVICE_CONFIG_TEST: config_test\n ingressSettings: ALLOW_INTERNAL_ONLY\n allTrafficOnLatestRevision: true\n serviceAccountEmail: ${account.email}\n eventTrigger:\n triggerRegion: us-central1\n eventType: google.cloud.pubsub.topic.v1.messagePublished\n pubsubTopic: ${topic.id}\n retryPolicy: RETRY_POLICY_RETRY\nvariables:\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nfunction can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/functions/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, function can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/function:Function default projects/{{project}}/locations/{{location}}/functions/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/function:Function default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/function:Function default {{location}}/{{name}}\n```\n\n", "properties": { "buildConfig": { "$ref": "#/types/gcp:cloudfunctionsv2/FunctionBuildConfig:FunctionBuildConfig", @@ -154494,7 +154494,7 @@ } }, "gcp:cloudfunctionsv2/functionIamBinding:FunctionIamBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud Functions (2nd gen) function. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the function and replaces any existing policy already attached.\n* `gcp.cloudfunctionsv2.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the function are preserved.\n* `gcp.cloudfunctionsv2.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the function are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Retrieves the IAM policy for the function\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctionsv2.FunctionIamBinding` and `gcp.cloudfunctionsv2.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctionsv2.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudfunctionsv2.FunctionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctionsV2.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctionsv2.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctionsv2:FunctionIamPolicy\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctionsv2.FunctionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctionsV2.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctionsv2.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctionsv2:FunctionIamBinding\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctionsv2.FunctionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctionsv2.FunctionIamMember(\"member\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctionsv2.FunctionIamMember(\"member\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctionsV2.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctionsv2.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctionsv2:FunctionIamMember\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Functions (2nd gen) function\nThree different resources help you manage your IAM policy for Cloud Functions (2nd gen) function. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the function and replaces any existing policy already attached.\n* `gcp.cloudfunctionsv2.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the function are preserved.\n* `gcp.cloudfunctionsv2.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the function are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Retrieves the IAM policy for the function\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctionsv2.FunctionIamBinding` and `gcp.cloudfunctionsv2.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctionsv2.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudfunctionsv2.FunctionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctionsV2.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctionsv2.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctionsv2:FunctionIamPolicy\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctionsv2.FunctionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctionsV2.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctionsv2.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctionsv2:FunctionIamBinding\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctionsv2.FunctionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctionsv2.FunctionIamMember(\"member\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctionsv2.FunctionIamMember(\"member\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctionsV2.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctionsv2.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctionsv2:FunctionIamMember\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/functions/{{cloud_function}}\n\n* {{project}}/{{location}}/{{cloud_function}}\n\n* {{location}}/{{cloud_function}}\n\n* {{cloud_function}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Functions (2nd gen) function IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamBinding:FunctionIamBinding editor \"projects/{{project}}/locations/{{location}}/functions/{{cloud_function}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamBinding:FunctionIamBinding editor \"projects/{{project}}/locations/{{location}}/functions/{{cloud_function}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamBinding:FunctionIamBinding editor projects/{{project}}/locations/{{location}}/functions/{{cloud_function}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Functions (2nd gen) function. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the function and replaces any existing policy already attached.\n* `gcp.cloudfunctionsv2.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the function are preserved.\n* `gcp.cloudfunctionsv2.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the function are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Retrieves the IAM policy for the function\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctionsv2.FunctionIamBinding` and `gcp.cloudfunctionsv2.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctionsv2.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudfunctionsv2.FunctionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctionsV2.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctionsv2.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctionsv2:FunctionIamPolicy\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctionsv2.FunctionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctionsV2.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctionsv2.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctionsv2:FunctionIamBinding\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctionsv2.FunctionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctionsv2.FunctionIamMember(\"member\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctionsv2.FunctionIamMember(\"member\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctionsV2.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctionsv2.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctionsv2:FunctionIamMember\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Functions (2nd gen) function\nThree different resources help you manage your IAM policy for Cloud Functions (2nd gen) function. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the function and replaces any existing policy already attached.\n* `gcp.cloudfunctionsv2.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the function are preserved.\n* `gcp.cloudfunctionsv2.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the function are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Retrieves the IAM policy for the function\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctionsv2.FunctionIamBinding` and `gcp.cloudfunctionsv2.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctionsv2.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudfunctionsv2.FunctionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctionsV2.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctionsv2.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctionsv2:FunctionIamPolicy\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctionsv2.FunctionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctionsV2.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctionsv2.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctionsv2:FunctionIamBinding\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctionsv2.FunctionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctionsv2.FunctionIamMember(\"member\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctionsv2.FunctionIamMember(\"member\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctionsV2.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctionsv2.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctionsv2:FunctionIamMember\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/functions/{{cloud_function}}\n\n* {{project}}/{{location}}/{{cloud_function}}\n\n* {{location}}/{{cloud_function}}\n\n* {{cloud_function}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Functions (2nd gen) function IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamBinding:FunctionIamBinding editor \"projects/{{project}}/locations/{{location}}/functions/{{cloud_function}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamBinding:FunctionIamBinding editor \"projects/{{project}}/locations/{{location}}/functions/{{cloud_function}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamBinding:FunctionIamBinding editor projects/{{project}}/locations/{{location}}/functions/{{cloud_function}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "cloudFunction": { "type": "string", @@ -154616,7 +154616,7 @@ } }, "gcp:cloudfunctionsv2/functionIamMember:FunctionIamMember": { - "description": "Three different resources help you manage your IAM policy for Cloud Functions (2nd gen) function. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the function and replaces any existing policy already attached.\n* `gcp.cloudfunctionsv2.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the function are preserved.\n* `gcp.cloudfunctionsv2.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the function are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Retrieves the IAM policy for the function\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctionsv2.FunctionIamBinding` and `gcp.cloudfunctionsv2.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctionsv2.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudfunctionsv2.FunctionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctionsV2.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctionsv2.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctionsv2:FunctionIamPolicy\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctionsv2.FunctionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctionsV2.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctionsv2.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctionsv2:FunctionIamBinding\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctionsv2.FunctionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctionsv2.FunctionIamMember(\"member\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctionsv2.FunctionIamMember(\"member\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctionsV2.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctionsv2.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctionsv2:FunctionIamMember\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Functions (2nd gen) function\nThree different resources help you manage your IAM policy for Cloud Functions (2nd gen) function. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the function and replaces any existing policy already attached.\n* `gcp.cloudfunctionsv2.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the function are preserved.\n* `gcp.cloudfunctionsv2.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the function are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Retrieves the IAM policy for the function\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctionsv2.FunctionIamBinding` and `gcp.cloudfunctionsv2.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctionsv2.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudfunctionsv2.FunctionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctionsV2.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctionsv2.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctionsv2:FunctionIamPolicy\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctionsv2.FunctionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctionsV2.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctionsv2.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctionsv2:FunctionIamBinding\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctionsv2.FunctionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctionsv2.FunctionIamMember(\"member\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctionsv2.FunctionIamMember(\"member\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctionsV2.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctionsv2.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctionsv2:FunctionIamMember\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/functions/{{cloud_function}}\n\n* {{project}}/{{location}}/{{cloud_function}}\n\n* {{location}}/{{cloud_function}}\n\n* {{cloud_function}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Functions (2nd gen) function IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamMember:FunctionIamMember editor \"projects/{{project}}/locations/{{location}}/functions/{{cloud_function}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamMember:FunctionIamMember editor \"projects/{{project}}/locations/{{location}}/functions/{{cloud_function}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamMember:FunctionIamMember editor projects/{{project}}/locations/{{location}}/functions/{{cloud_function}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Functions (2nd gen) function. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the function and replaces any existing policy already attached.\n* `gcp.cloudfunctionsv2.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the function are preserved.\n* `gcp.cloudfunctionsv2.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the function are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Retrieves the IAM policy for the function\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctionsv2.FunctionIamBinding` and `gcp.cloudfunctionsv2.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctionsv2.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudfunctionsv2.FunctionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctionsV2.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctionsv2.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctionsv2:FunctionIamPolicy\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctionsv2.FunctionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctionsV2.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctionsv2.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctionsv2:FunctionIamBinding\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctionsv2.FunctionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctionsv2.FunctionIamMember(\"member\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctionsv2.FunctionIamMember(\"member\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctionsV2.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctionsv2.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctionsv2:FunctionIamMember\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Functions (2nd gen) function\nThree different resources help you manage your IAM policy for Cloud Functions (2nd gen) function. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the function and replaces any existing policy already attached.\n* `gcp.cloudfunctionsv2.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the function are preserved.\n* `gcp.cloudfunctionsv2.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the function are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Retrieves the IAM policy for the function\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctionsv2.FunctionIamBinding` and `gcp.cloudfunctionsv2.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctionsv2.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudfunctionsv2.FunctionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctionsV2.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctionsv2.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctionsv2:FunctionIamPolicy\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctionsv2.FunctionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctionsV2.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctionsv2.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctionsv2:FunctionIamBinding\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctionsv2.FunctionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctionsv2.FunctionIamMember(\"member\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctionsv2.FunctionIamMember(\"member\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctionsV2.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctionsv2.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctionsv2:FunctionIamMember\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/functions/{{cloud_function}}\n\n* {{project}}/{{location}}/{{cloud_function}}\n\n* {{location}}/{{cloud_function}}\n\n* {{cloud_function}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Functions (2nd gen) function IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamMember:FunctionIamMember editor \"projects/{{project}}/locations/{{location}}/functions/{{cloud_function}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamMember:FunctionIamMember editor \"projects/{{project}}/locations/{{location}}/functions/{{cloud_function}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamMember:FunctionIamMember editor projects/{{project}}/locations/{{location}}/functions/{{cloud_function}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "cloudFunction": { "type": "string", @@ -154731,7 +154731,7 @@ } }, "gcp:cloudfunctionsv2/functionIamPolicy:FunctionIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud Functions (2nd gen) function. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the function and replaces any existing policy already attached.\n* `gcp.cloudfunctionsv2.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the function are preserved.\n* `gcp.cloudfunctionsv2.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the function are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Retrieves the IAM policy for the function\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctionsv2.FunctionIamBinding` and `gcp.cloudfunctionsv2.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctionsv2.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudfunctionsv2.FunctionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctionsV2.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctionsv2.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctionsv2:FunctionIamPolicy\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctionsv2.FunctionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctionsV2.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctionsv2.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctionsv2:FunctionIamBinding\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctionsv2.FunctionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctionsv2.FunctionIamMember(\"member\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctionsv2.FunctionIamMember(\"member\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctionsV2.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctionsv2.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctionsv2:FunctionIamMember\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Functions (2nd gen) function\nThree different resources help you manage your IAM policy for Cloud Functions (2nd gen) function. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the function and replaces any existing policy already attached.\n* `gcp.cloudfunctionsv2.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the function are preserved.\n* `gcp.cloudfunctionsv2.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the function are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Retrieves the IAM policy for the function\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctionsv2.FunctionIamBinding` and `gcp.cloudfunctionsv2.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctionsv2.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudfunctionsv2.FunctionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctionsV2.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctionsv2.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctionsv2:FunctionIamPolicy\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctionsv2.FunctionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctionsV2.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctionsv2.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctionsv2:FunctionIamBinding\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctionsv2.FunctionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctionsv2.FunctionIamMember(\"member\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctionsv2.FunctionIamMember(\"member\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctionsV2.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctionsv2.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctionsv2:FunctionIamMember\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/functions/{{cloud_function}}\n\n* {{project}}/{{location}}/{{cloud_function}}\n\n* {{location}}/{{cloud_function}}\n\n* {{cloud_function}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Functions (2nd gen) function IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamPolicy:FunctionIamPolicy editor \"projects/{{project}}/locations/{{location}}/functions/{{cloud_function}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamPolicy:FunctionIamPolicy editor \"projects/{{project}}/locations/{{location}}/functions/{{cloud_function}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamPolicy:FunctionIamPolicy editor projects/{{project}}/locations/{{location}}/functions/{{cloud_function}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Functions (2nd gen) function. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the function and replaces any existing policy already attached.\n* `gcp.cloudfunctionsv2.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the function are preserved.\n* `gcp.cloudfunctionsv2.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the function are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Retrieves the IAM policy for the function\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctionsv2.FunctionIamBinding` and `gcp.cloudfunctionsv2.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctionsv2.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudfunctionsv2.FunctionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctionsV2.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctionsv2.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctionsv2:FunctionIamPolicy\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctionsv2.FunctionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctionsV2.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctionsv2.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctionsv2:FunctionIamBinding\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctionsv2.FunctionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctionsv2.FunctionIamMember(\"member\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctionsv2.FunctionIamMember(\"member\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctionsV2.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctionsv2.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctionsv2:FunctionIamMember\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Functions (2nd gen) function\nThree different resources help you manage your IAM policy for Cloud Functions (2nd gen) function. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the function and replaces any existing policy already attached.\n* `gcp.cloudfunctionsv2.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the function are preserved.\n* `gcp.cloudfunctionsv2.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the function are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Retrieves the IAM policy for the function\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctionsv2.FunctionIamBinding` and `gcp.cloudfunctionsv2.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctionsv2.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudfunctionsv2.FunctionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctionsV2.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctionsv2.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctionsv2:FunctionIamPolicy\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctionsv2.FunctionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctionsV2.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctionsv2.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctionsv2:FunctionIamBinding\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudfunctionsv2.FunctionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctionsv2.FunctionIamMember(\"member\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctionsv2.FunctionIamMember(\"member\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctionsV2.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctionsv2.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctionsv2:FunctionIamMember\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/functions/{{cloud_function}}\n\n* {{project}}/{{location}}/{{cloud_function}}\n\n* {{location}}/{{cloud_function}}\n\n* {{cloud_function}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Functions (2nd gen) function IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamPolicy:FunctionIamPolicy editor \"projects/{{project}}/locations/{{location}}/functions/{{cloud_function}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamPolicy:FunctionIamPolicy editor \"projects/{{project}}/locations/{{location}}/functions/{{cloud_function}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamPolicy:FunctionIamPolicy editor projects/{{project}}/locations/{{location}}/functions/{{cloud_function}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "cloudFunction": { "type": "string", @@ -154817,7 +154817,7 @@ } }, "gcp:cloudidentity/group:Group": { - "description": "A Cloud Identity resource representing a Group.\n\n\nTo get more information about Group, see:\n\n* [API documentation](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/identity/docs/how-to/setup)\n\n\u003e **Warning:** If you are using User ADCs (Application Default Credentials) with this resource,\nyou must specify a `billing_project` and set `user_project_override` to true\nin the provider configuration. Otherwise the Cloud Identity API will return a 403 error.\nYour account must have the `serviceusage.services.use` permission on the\n`billing_project` you defined.\n\n## Example Usage\n\n### Cloud Identity Groups Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cloudIdentityGroupBasic = new gcp.cloudidentity.Group(\"cloud_identity_group_basic\", {\n displayName: \"my-identity-group\",\n initialGroupConfig: \"WITH_INITIAL_OWNER\",\n parent: \"customers/A01b123xz\",\n groupKey: {\n id: \"my-identity-group@example.com\",\n },\n labels: {\n \"cloudidentity.googleapis.com/groups.discussion_forum\": \"\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncloud_identity_group_basic = gcp.cloudidentity.Group(\"cloud_identity_group_basic\",\n display_name=\"my-identity-group\",\n initial_group_config=\"WITH_INITIAL_OWNER\",\n parent=\"customers/A01b123xz\",\n group_key={\n \"id\": \"my-identity-group@example.com\",\n },\n labels={\n \"cloudidentity.googleapis.com/groups.discussion_forum\": \"\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cloudIdentityGroupBasic = new Gcp.CloudIdentity.Group(\"cloud_identity_group_basic\", new()\n {\n DisplayName = \"my-identity-group\",\n InitialGroupConfig = \"WITH_INITIAL_OWNER\",\n Parent = \"customers/A01b123xz\",\n GroupKey = new Gcp.CloudIdentity.Inputs.GroupGroupKeyArgs\n {\n Id = \"my-identity-group@example.com\",\n },\n Labels = \n {\n { \"cloudidentity.googleapis.com/groups.discussion_forum\", \"\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudidentity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudidentity.NewGroup(ctx, \"cloud_identity_group_basic\", \u0026cloudidentity.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"my-identity-group\"),\n\t\t\tInitialGroupConfig: pulumi.String(\"WITH_INITIAL_OWNER\"),\n\t\t\tParent: pulumi.String(\"customers/A01b123xz\"),\n\t\t\tGroupKey: \u0026cloudidentity.GroupGroupKeyArgs{\n\t\t\t\tId: pulumi.String(\"my-identity-group@example.com\"),\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"cloudidentity.googleapis.com/groups.discussion_forum\": pulumi.String(\"\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudidentity.Group;\nimport com.pulumi.gcp.cloudidentity.GroupArgs;\nimport com.pulumi.gcp.cloudidentity.inputs.GroupGroupKeyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cloudIdentityGroupBasic = new Group(\"cloudIdentityGroupBasic\", GroupArgs.builder()\n .displayName(\"my-identity-group\")\n .initialGroupConfig(\"WITH_INITIAL_OWNER\")\n .parent(\"customers/A01b123xz\")\n .groupKey(GroupGroupKeyArgs.builder()\n .id(\"my-identity-group@example.com\")\n .build())\n .labels(Map.of(\"cloudidentity.googleapis.com/groups.discussion_forum\", \"\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cloudIdentityGroupBasic:\n type: gcp:cloudidentity:Group\n name: cloud_identity_group_basic\n properties:\n displayName: my-identity-group\n initialGroupConfig: WITH_INITIAL_OWNER\n parent: customers/A01b123xz\n groupKey:\n id: my-identity-group@example.com\n labels:\n cloudidentity.googleapis.com/groups.discussion_forum:\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGroup can be imported using any of these accepted formats:\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Group can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:cloudidentity/group:Group default {{name}}\n```\n\n", + "description": "A Cloud Identity resource representing a Group.\n\n\nTo get more information about Group, see:\n\n* [API documentation](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/identity/docs/how-to/setup)\n\n\u003e **Warning:** If you are using User ADCs (Application Default Credentials) with this resource,\nyou must specify a `billing_project` and set `user_project_override` to true\nin the provider configuration. Otherwise the Cloud Identity API will return a 403 error.\nYour account must have the `serviceusage.services.use` permission on the\n`billing_project` you defined.\n\n## Example Usage\n\n### Cloud Identity Groups Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cloudIdentityGroupBasic = new gcp.cloudidentity.Group(\"cloud_identity_group_basic\", {\n displayName: \"my-identity-group\",\n initialGroupConfig: \"WITH_INITIAL_OWNER\",\n parent: \"customers/A01b123xz\",\n groupKey: {\n id: \"my-identity-group@example.com\",\n },\n labels: {\n \"cloudidentity.googleapis.com/groups.discussion_forum\": \"\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncloud_identity_group_basic = gcp.cloudidentity.Group(\"cloud_identity_group_basic\",\n display_name=\"my-identity-group\",\n initial_group_config=\"WITH_INITIAL_OWNER\",\n parent=\"customers/A01b123xz\",\n group_key={\n \"id\": \"my-identity-group@example.com\",\n },\n labels={\n \"cloudidentity.googleapis.com/groups.discussion_forum\": \"\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cloudIdentityGroupBasic = new Gcp.CloudIdentity.Group(\"cloud_identity_group_basic\", new()\n {\n DisplayName = \"my-identity-group\",\n InitialGroupConfig = \"WITH_INITIAL_OWNER\",\n Parent = \"customers/A01b123xz\",\n GroupKey = new Gcp.CloudIdentity.Inputs.GroupGroupKeyArgs\n {\n Id = \"my-identity-group@example.com\",\n },\n Labels = \n {\n { \"cloudidentity.googleapis.com/groups.discussion_forum\", \"\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudidentity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudidentity.NewGroup(ctx, \"cloud_identity_group_basic\", \u0026cloudidentity.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"my-identity-group\"),\n\t\t\tInitialGroupConfig: pulumi.String(\"WITH_INITIAL_OWNER\"),\n\t\t\tParent: pulumi.String(\"customers/A01b123xz\"),\n\t\t\tGroupKey: \u0026cloudidentity.GroupGroupKeyArgs{\n\t\t\t\tId: pulumi.String(\"my-identity-group@example.com\"),\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"cloudidentity.googleapis.com/groups.discussion_forum\": pulumi.String(\"\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudidentity.Group;\nimport com.pulumi.gcp.cloudidentity.GroupArgs;\nimport com.pulumi.gcp.cloudidentity.inputs.GroupGroupKeyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cloudIdentityGroupBasic = new Group(\"cloudIdentityGroupBasic\", GroupArgs.builder()\n .displayName(\"my-identity-group\")\n .initialGroupConfig(\"WITH_INITIAL_OWNER\")\n .parent(\"customers/A01b123xz\")\n .groupKey(GroupGroupKeyArgs.builder()\n .id(\"my-identity-group@example.com\")\n .build())\n .labels(Map.of(\"cloudidentity.googleapis.com/groups.discussion_forum\", \"\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cloudIdentityGroupBasic:\n type: gcp:cloudidentity:Group\n name: cloud_identity_group_basic\n properties:\n displayName: my-identity-group\n initialGroupConfig: WITH_INITIAL_OWNER\n parent: customers/A01b123xz\n groupKey:\n id: my-identity-group@example.com\n labels:\n cloudidentity.googleapis.com/groups.discussion_forum: \"\"\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGroup can be imported using any of these accepted formats:\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Group can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:cloudidentity/group:Group default {{name}}\n```\n\n", "properties": { "additionalGroupKeys": { "type": "array", @@ -154969,7 +154969,7 @@ } }, "gcp:cloudidentity/groupMembership:GroupMembership": { - "description": "A Membership defines a relationship between a Group and an entity belonging to that Group, referred to as a \"member\".\n\n\nTo get more information about GroupMembership, see:\n\n* [API documentation](https://cloud.google.com/identity/docs/reference/rest/v1/groups.memberships)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/identity/docs/how-to/memberships-google-groups)\n\n\u003e **Warning:** If you are using User ADCs (Application Default Credentials) with this resource,\nyou must specify a `billing_project` and set `user_project_override` to true\nin the provider configuration. Otherwise the Cloud Identity API will return a 403 error.\nYour account must have the `serviceusage.services.use` permission on the\n`billing_project` you defined.\n\n## Example Usage\n\n### Cloud Identity Group Membership\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst group = new gcp.cloudidentity.Group(\"group\", {\n displayName: \"my-identity-group\",\n parent: \"customers/A01b123xz\",\n groupKey: {\n id: \"my-identity-group@example.com\",\n },\n labels: {\n \"cloudidentity.googleapis.com/groups.discussion_forum\": \"\",\n },\n});\nconst child_group = new gcp.cloudidentity.Group(\"child-group\", {\n displayName: \"my-identity-group-child\",\n parent: \"customers/A01b123xz\",\n groupKey: {\n id: \"my-identity-group-child@example.com\",\n },\n labels: {\n \"cloudidentity.googleapis.com/groups.discussion_forum\": \"\",\n },\n});\nconst cloudIdentityGroupMembershipBasic = new gcp.cloudidentity.GroupMembership(\"cloud_identity_group_membership_basic\", {\n group: group.id,\n preferredMemberKey: {\n id: child_group.groupKey.apply(groupKey =\u003e groupKey.id),\n },\n roles: [{\n name: \"MEMBER\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ngroup = gcp.cloudidentity.Group(\"group\",\n display_name=\"my-identity-group\",\n parent=\"customers/A01b123xz\",\n group_key={\n \"id\": \"my-identity-group@example.com\",\n },\n labels={\n \"cloudidentity.googleapis.com/groups.discussion_forum\": \"\",\n })\nchild_group = gcp.cloudidentity.Group(\"child-group\",\n display_name=\"my-identity-group-child\",\n parent=\"customers/A01b123xz\",\n group_key={\n \"id\": \"my-identity-group-child@example.com\",\n },\n labels={\n \"cloudidentity.googleapis.com/groups.discussion_forum\": \"\",\n })\ncloud_identity_group_membership_basic = gcp.cloudidentity.GroupMembership(\"cloud_identity_group_membership_basic\",\n group=group.id,\n preferred_member_key={\n \"id\": child_group.group_key.id,\n },\n roles=[{\n \"name\": \"MEMBER\",\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @group = new Gcp.CloudIdentity.Group(\"group\", new()\n {\n DisplayName = \"my-identity-group\",\n Parent = \"customers/A01b123xz\",\n GroupKey = new Gcp.CloudIdentity.Inputs.GroupGroupKeyArgs\n {\n Id = \"my-identity-group@example.com\",\n },\n Labels = \n {\n { \"cloudidentity.googleapis.com/groups.discussion_forum\", \"\" },\n },\n });\n\n var child_group = new Gcp.CloudIdentity.Group(\"child-group\", new()\n {\n DisplayName = \"my-identity-group-child\",\n Parent = \"customers/A01b123xz\",\n GroupKey = new Gcp.CloudIdentity.Inputs.GroupGroupKeyArgs\n {\n Id = \"my-identity-group-child@example.com\",\n },\n Labels = \n {\n { \"cloudidentity.googleapis.com/groups.discussion_forum\", \"\" },\n },\n });\n\n var cloudIdentityGroupMembershipBasic = new Gcp.CloudIdentity.GroupMembership(\"cloud_identity_group_membership_basic\", new()\n {\n Group = @group.Id,\n PreferredMemberKey = new Gcp.CloudIdentity.Inputs.GroupMembershipPreferredMemberKeyArgs\n {\n Id = child_group.GroupKey.Apply(groupKey =\u003e groupKey.Id),\n },\n Roles = new[]\n {\n new Gcp.CloudIdentity.Inputs.GroupMembershipRoleArgs\n {\n Name = \"MEMBER\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudidentity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tgroup, err := cloudidentity.NewGroup(ctx, \"group\", \u0026cloudidentity.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"my-identity-group\"),\n\t\t\tParent: pulumi.String(\"customers/A01b123xz\"),\n\t\t\tGroupKey: \u0026cloudidentity.GroupGroupKeyArgs{\n\t\t\t\tId: pulumi.String(\"my-identity-group@example.com\"),\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"cloudidentity.googleapis.com/groups.discussion_forum\": pulumi.String(\"\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudidentity.NewGroup(ctx, \"child-group\", \u0026cloudidentity.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"my-identity-group-child\"),\n\t\t\tParent: pulumi.String(\"customers/A01b123xz\"),\n\t\t\tGroupKey: \u0026cloudidentity.GroupGroupKeyArgs{\n\t\t\t\tId: pulumi.String(\"my-identity-group-child@example.com\"),\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"cloudidentity.googleapis.com/groups.discussion_forum\": pulumi.String(\"\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudidentity.NewGroupMembership(ctx, \"cloud_identity_group_membership_basic\", \u0026cloudidentity.GroupMembershipArgs{\n\t\t\tGroup: group.ID(),\n\t\t\tPreferredMemberKey: \u0026cloudidentity.GroupMembershipPreferredMemberKeyArgs{\n\t\t\t\tId: child_group.GroupKey.ApplyT(func(groupKey cloudidentity.GroupGroupKey) (*string, error) {\n\t\t\t\t\treturn \u0026groupKey.Id, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t},\n\t\t\tRoles: cloudidentity.GroupMembershipRoleArray{\n\t\t\t\t\u0026cloudidentity.GroupMembershipRoleArgs{\n\t\t\t\t\tName: pulumi.String(\"MEMBER\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudidentity.Group;\nimport com.pulumi.gcp.cloudidentity.GroupArgs;\nimport com.pulumi.gcp.cloudidentity.inputs.GroupGroupKeyArgs;\nimport com.pulumi.gcp.cloudidentity.GroupMembership;\nimport com.pulumi.gcp.cloudidentity.GroupMembershipArgs;\nimport com.pulumi.gcp.cloudidentity.inputs.GroupMembershipPreferredMemberKeyArgs;\nimport com.pulumi.gcp.cloudidentity.inputs.GroupMembershipRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var group = new Group(\"group\", GroupArgs.builder()\n .displayName(\"my-identity-group\")\n .parent(\"customers/A01b123xz\")\n .groupKey(GroupGroupKeyArgs.builder()\n .id(\"my-identity-group@example.com\")\n .build())\n .labels(Map.of(\"cloudidentity.googleapis.com/groups.discussion_forum\", \"\"))\n .build());\n\n var child_group = new Group(\"child-group\", GroupArgs.builder()\n .displayName(\"my-identity-group-child\")\n .parent(\"customers/A01b123xz\")\n .groupKey(GroupGroupKeyArgs.builder()\n .id(\"my-identity-group-child@example.com\")\n .build())\n .labels(Map.of(\"cloudidentity.googleapis.com/groups.discussion_forum\", \"\"))\n .build());\n\n var cloudIdentityGroupMembershipBasic = new GroupMembership(\"cloudIdentityGroupMembershipBasic\", GroupMembershipArgs.builder()\n .group(group.id())\n .preferredMemberKey(GroupMembershipPreferredMemberKeyArgs.builder()\n .id(child_group.groupKey().applyValue(groupKey -\u003e groupKey.id()))\n .build())\n .roles(GroupMembershipRoleArgs.builder()\n .name(\"MEMBER\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n group:\n type: gcp:cloudidentity:Group\n properties:\n displayName: my-identity-group\n parent: customers/A01b123xz\n groupKey:\n id: my-identity-group@example.com\n labels:\n cloudidentity.googleapis.com/groups.discussion_forum:\n child-group:\n type: gcp:cloudidentity:Group\n properties:\n displayName: my-identity-group-child\n parent: customers/A01b123xz\n groupKey:\n id: my-identity-group-child@example.com\n labels:\n cloudidentity.googleapis.com/groups.discussion_forum:\n cloudIdentityGroupMembershipBasic:\n type: gcp:cloudidentity:GroupMembership\n name: cloud_identity_group_membership_basic\n properties:\n group: ${group.id}\n preferredMemberKey:\n id: ${[\"child-group\"].groupKey.id}\n roles:\n - name: MEMBER\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloud Identity Group Membership User\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst group = new gcp.cloudidentity.Group(\"group\", {\n displayName: \"my-identity-group\",\n parent: \"customers/A01b123xz\",\n groupKey: {\n id: \"my-identity-group@example.com\",\n },\n labels: {\n \"cloudidentity.googleapis.com/groups.discussion_forum\": \"\",\n },\n});\nconst cloudIdentityGroupMembershipBasic = new gcp.cloudidentity.GroupMembership(\"cloud_identity_group_membership_basic\", {\n group: group.id,\n preferredMemberKey: {\n id: \"cloud_identity_user@example.com\",\n },\n roles: [\n {\n name: \"MEMBER\",\n },\n {\n name: \"MANAGER\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ngroup = gcp.cloudidentity.Group(\"group\",\n display_name=\"my-identity-group\",\n parent=\"customers/A01b123xz\",\n group_key={\n \"id\": \"my-identity-group@example.com\",\n },\n labels={\n \"cloudidentity.googleapis.com/groups.discussion_forum\": \"\",\n })\ncloud_identity_group_membership_basic = gcp.cloudidentity.GroupMembership(\"cloud_identity_group_membership_basic\",\n group=group.id,\n preferred_member_key={\n \"id\": \"cloud_identity_user@example.com\",\n },\n roles=[\n {\n \"name\": \"MEMBER\",\n },\n {\n \"name\": \"MANAGER\",\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @group = new Gcp.CloudIdentity.Group(\"group\", new()\n {\n DisplayName = \"my-identity-group\",\n Parent = \"customers/A01b123xz\",\n GroupKey = new Gcp.CloudIdentity.Inputs.GroupGroupKeyArgs\n {\n Id = \"my-identity-group@example.com\",\n },\n Labels = \n {\n { \"cloudidentity.googleapis.com/groups.discussion_forum\", \"\" },\n },\n });\n\n var cloudIdentityGroupMembershipBasic = new Gcp.CloudIdentity.GroupMembership(\"cloud_identity_group_membership_basic\", new()\n {\n Group = @group.Id,\n PreferredMemberKey = new Gcp.CloudIdentity.Inputs.GroupMembershipPreferredMemberKeyArgs\n {\n Id = \"cloud_identity_user@example.com\",\n },\n Roles = new[]\n {\n new Gcp.CloudIdentity.Inputs.GroupMembershipRoleArgs\n {\n Name = \"MEMBER\",\n },\n new Gcp.CloudIdentity.Inputs.GroupMembershipRoleArgs\n {\n Name = \"MANAGER\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudidentity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tgroup, err := cloudidentity.NewGroup(ctx, \"group\", \u0026cloudidentity.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"my-identity-group\"),\n\t\t\tParent: pulumi.String(\"customers/A01b123xz\"),\n\t\t\tGroupKey: \u0026cloudidentity.GroupGroupKeyArgs{\n\t\t\t\tId: pulumi.String(\"my-identity-group@example.com\"),\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"cloudidentity.googleapis.com/groups.discussion_forum\": pulumi.String(\"\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudidentity.NewGroupMembership(ctx, \"cloud_identity_group_membership_basic\", \u0026cloudidentity.GroupMembershipArgs{\n\t\t\tGroup: group.ID(),\n\t\t\tPreferredMemberKey: \u0026cloudidentity.GroupMembershipPreferredMemberKeyArgs{\n\t\t\t\tId: pulumi.String(\"cloud_identity_user@example.com\"),\n\t\t\t},\n\t\t\tRoles: cloudidentity.GroupMembershipRoleArray{\n\t\t\t\t\u0026cloudidentity.GroupMembershipRoleArgs{\n\t\t\t\t\tName: pulumi.String(\"MEMBER\"),\n\t\t\t\t},\n\t\t\t\t\u0026cloudidentity.GroupMembershipRoleArgs{\n\t\t\t\t\tName: pulumi.String(\"MANAGER\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudidentity.Group;\nimport com.pulumi.gcp.cloudidentity.GroupArgs;\nimport com.pulumi.gcp.cloudidentity.inputs.GroupGroupKeyArgs;\nimport com.pulumi.gcp.cloudidentity.GroupMembership;\nimport com.pulumi.gcp.cloudidentity.GroupMembershipArgs;\nimport com.pulumi.gcp.cloudidentity.inputs.GroupMembershipPreferredMemberKeyArgs;\nimport com.pulumi.gcp.cloudidentity.inputs.GroupMembershipRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var group = new Group(\"group\", GroupArgs.builder()\n .displayName(\"my-identity-group\")\n .parent(\"customers/A01b123xz\")\n .groupKey(GroupGroupKeyArgs.builder()\n .id(\"my-identity-group@example.com\")\n .build())\n .labels(Map.of(\"cloudidentity.googleapis.com/groups.discussion_forum\", \"\"))\n .build());\n\n var cloudIdentityGroupMembershipBasic = new GroupMembership(\"cloudIdentityGroupMembershipBasic\", GroupMembershipArgs.builder()\n .group(group.id())\n .preferredMemberKey(GroupMembershipPreferredMemberKeyArgs.builder()\n .id(\"cloud_identity_user@example.com\")\n .build())\n .roles( \n GroupMembershipRoleArgs.builder()\n .name(\"MEMBER\")\n .build(),\n GroupMembershipRoleArgs.builder()\n .name(\"MANAGER\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n group:\n type: gcp:cloudidentity:Group\n properties:\n displayName: my-identity-group\n parent: customers/A01b123xz\n groupKey:\n id: my-identity-group@example.com\n labels:\n cloudidentity.googleapis.com/groups.discussion_forum:\n cloudIdentityGroupMembershipBasic:\n type: gcp:cloudidentity:GroupMembership\n name: cloud_identity_group_membership_basic\n properties:\n group: ${group.id}\n preferredMemberKey:\n id: cloud_identity_user@example.com\n roles:\n - name: MEMBER\n - name: MANAGER\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGroupMembership can be imported using any of these accepted formats:\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, GroupMembership can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:cloudidentity/groupMembership:GroupMembership default {{name}}\n```\n\n", + "description": "A Membership defines a relationship between a Group and an entity belonging to that Group, referred to as a \"member\".\n\n\nTo get more information about GroupMembership, see:\n\n* [API documentation](https://cloud.google.com/identity/docs/reference/rest/v1/groups.memberships)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/identity/docs/how-to/memberships-google-groups)\n\n\u003e **Warning:** If you are using User ADCs (Application Default Credentials) with this resource,\nyou must specify a `billing_project` and set `user_project_override` to true\nin the provider configuration. Otherwise the Cloud Identity API will return a 403 error.\nYour account must have the `serviceusage.services.use` permission on the\n`billing_project` you defined.\n\n## Example Usage\n\n### Cloud Identity Group Membership\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst group = new gcp.cloudidentity.Group(\"group\", {\n displayName: \"my-identity-group\",\n parent: \"customers/A01b123xz\",\n groupKey: {\n id: \"my-identity-group@example.com\",\n },\n labels: {\n \"cloudidentity.googleapis.com/groups.discussion_forum\": \"\",\n },\n});\nconst child_group = new gcp.cloudidentity.Group(\"child-group\", {\n displayName: \"my-identity-group-child\",\n parent: \"customers/A01b123xz\",\n groupKey: {\n id: \"my-identity-group-child@example.com\",\n },\n labels: {\n \"cloudidentity.googleapis.com/groups.discussion_forum\": \"\",\n },\n});\nconst cloudIdentityGroupMembershipBasic = new gcp.cloudidentity.GroupMembership(\"cloud_identity_group_membership_basic\", {\n group: group.id,\n preferredMemberKey: {\n id: child_group.groupKey.apply(groupKey =\u003e groupKey.id),\n },\n roles: [{\n name: \"MEMBER\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ngroup = gcp.cloudidentity.Group(\"group\",\n display_name=\"my-identity-group\",\n parent=\"customers/A01b123xz\",\n group_key={\n \"id\": \"my-identity-group@example.com\",\n },\n labels={\n \"cloudidentity.googleapis.com/groups.discussion_forum\": \"\",\n })\nchild_group = gcp.cloudidentity.Group(\"child-group\",\n display_name=\"my-identity-group-child\",\n parent=\"customers/A01b123xz\",\n group_key={\n \"id\": \"my-identity-group-child@example.com\",\n },\n labels={\n \"cloudidentity.googleapis.com/groups.discussion_forum\": \"\",\n })\ncloud_identity_group_membership_basic = gcp.cloudidentity.GroupMembership(\"cloud_identity_group_membership_basic\",\n group=group.id,\n preferred_member_key={\n \"id\": child_group.group_key.id,\n },\n roles=[{\n \"name\": \"MEMBER\",\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @group = new Gcp.CloudIdentity.Group(\"group\", new()\n {\n DisplayName = \"my-identity-group\",\n Parent = \"customers/A01b123xz\",\n GroupKey = new Gcp.CloudIdentity.Inputs.GroupGroupKeyArgs\n {\n Id = \"my-identity-group@example.com\",\n },\n Labels = \n {\n { \"cloudidentity.googleapis.com/groups.discussion_forum\", \"\" },\n },\n });\n\n var child_group = new Gcp.CloudIdentity.Group(\"child-group\", new()\n {\n DisplayName = \"my-identity-group-child\",\n Parent = \"customers/A01b123xz\",\n GroupKey = new Gcp.CloudIdentity.Inputs.GroupGroupKeyArgs\n {\n Id = \"my-identity-group-child@example.com\",\n },\n Labels = \n {\n { \"cloudidentity.googleapis.com/groups.discussion_forum\", \"\" },\n },\n });\n\n var cloudIdentityGroupMembershipBasic = new Gcp.CloudIdentity.GroupMembership(\"cloud_identity_group_membership_basic\", new()\n {\n Group = @group.Id,\n PreferredMemberKey = new Gcp.CloudIdentity.Inputs.GroupMembershipPreferredMemberKeyArgs\n {\n Id = child_group.GroupKey.Apply(groupKey =\u003e groupKey.Id),\n },\n Roles = new[]\n {\n new Gcp.CloudIdentity.Inputs.GroupMembershipRoleArgs\n {\n Name = \"MEMBER\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudidentity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tgroup, err := cloudidentity.NewGroup(ctx, \"group\", \u0026cloudidentity.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"my-identity-group\"),\n\t\t\tParent: pulumi.String(\"customers/A01b123xz\"),\n\t\t\tGroupKey: \u0026cloudidentity.GroupGroupKeyArgs{\n\t\t\t\tId: pulumi.String(\"my-identity-group@example.com\"),\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"cloudidentity.googleapis.com/groups.discussion_forum\": pulumi.String(\"\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudidentity.NewGroup(ctx, \"child-group\", \u0026cloudidentity.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"my-identity-group-child\"),\n\t\t\tParent: pulumi.String(\"customers/A01b123xz\"),\n\t\t\tGroupKey: \u0026cloudidentity.GroupGroupKeyArgs{\n\t\t\t\tId: pulumi.String(\"my-identity-group-child@example.com\"),\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"cloudidentity.googleapis.com/groups.discussion_forum\": pulumi.String(\"\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudidentity.NewGroupMembership(ctx, \"cloud_identity_group_membership_basic\", \u0026cloudidentity.GroupMembershipArgs{\n\t\t\tGroup: group.ID(),\n\t\t\tPreferredMemberKey: \u0026cloudidentity.GroupMembershipPreferredMemberKeyArgs{\n\t\t\t\tId: child_group.GroupKey.ApplyT(func(groupKey cloudidentity.GroupGroupKey) (*string, error) {\n\t\t\t\t\treturn \u0026groupKey.Id, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t},\n\t\t\tRoles: cloudidentity.GroupMembershipRoleArray{\n\t\t\t\t\u0026cloudidentity.GroupMembershipRoleArgs{\n\t\t\t\t\tName: pulumi.String(\"MEMBER\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudidentity.Group;\nimport com.pulumi.gcp.cloudidentity.GroupArgs;\nimport com.pulumi.gcp.cloudidentity.inputs.GroupGroupKeyArgs;\nimport com.pulumi.gcp.cloudidentity.GroupMembership;\nimport com.pulumi.gcp.cloudidentity.GroupMembershipArgs;\nimport com.pulumi.gcp.cloudidentity.inputs.GroupMembershipPreferredMemberKeyArgs;\nimport com.pulumi.gcp.cloudidentity.inputs.GroupMembershipRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var group = new Group(\"group\", GroupArgs.builder()\n .displayName(\"my-identity-group\")\n .parent(\"customers/A01b123xz\")\n .groupKey(GroupGroupKeyArgs.builder()\n .id(\"my-identity-group@example.com\")\n .build())\n .labels(Map.of(\"cloudidentity.googleapis.com/groups.discussion_forum\", \"\"))\n .build());\n\n var child_group = new Group(\"child-group\", GroupArgs.builder()\n .displayName(\"my-identity-group-child\")\n .parent(\"customers/A01b123xz\")\n .groupKey(GroupGroupKeyArgs.builder()\n .id(\"my-identity-group-child@example.com\")\n .build())\n .labels(Map.of(\"cloudidentity.googleapis.com/groups.discussion_forum\", \"\"))\n .build());\n\n var cloudIdentityGroupMembershipBasic = new GroupMembership(\"cloudIdentityGroupMembershipBasic\", GroupMembershipArgs.builder()\n .group(group.id())\n .preferredMemberKey(GroupMembershipPreferredMemberKeyArgs.builder()\n .id(child_group.groupKey().applyValue(groupKey -\u003e groupKey.id()))\n .build())\n .roles(GroupMembershipRoleArgs.builder()\n .name(\"MEMBER\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n group:\n type: gcp:cloudidentity:Group\n properties:\n displayName: my-identity-group\n parent: customers/A01b123xz\n groupKey:\n id: my-identity-group@example.com\n labels:\n cloudidentity.googleapis.com/groups.discussion_forum: \"\"\n child-group:\n type: gcp:cloudidentity:Group\n properties:\n displayName: my-identity-group-child\n parent: customers/A01b123xz\n groupKey:\n id: my-identity-group-child@example.com\n labels:\n cloudidentity.googleapis.com/groups.discussion_forum: \"\"\n cloudIdentityGroupMembershipBasic:\n type: gcp:cloudidentity:GroupMembership\n name: cloud_identity_group_membership_basic\n properties:\n group: ${group.id}\n preferredMemberKey:\n id: ${[\"child-group\"].groupKey.id}\n roles:\n - name: MEMBER\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloud Identity Group Membership User\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst group = new gcp.cloudidentity.Group(\"group\", {\n displayName: \"my-identity-group\",\n parent: \"customers/A01b123xz\",\n groupKey: {\n id: \"my-identity-group@example.com\",\n },\n labels: {\n \"cloudidentity.googleapis.com/groups.discussion_forum\": \"\",\n },\n});\nconst cloudIdentityGroupMembershipBasic = new gcp.cloudidentity.GroupMembership(\"cloud_identity_group_membership_basic\", {\n group: group.id,\n preferredMemberKey: {\n id: \"cloud_identity_user@example.com\",\n },\n roles: [\n {\n name: \"MEMBER\",\n },\n {\n name: \"MANAGER\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ngroup = gcp.cloudidentity.Group(\"group\",\n display_name=\"my-identity-group\",\n parent=\"customers/A01b123xz\",\n group_key={\n \"id\": \"my-identity-group@example.com\",\n },\n labels={\n \"cloudidentity.googleapis.com/groups.discussion_forum\": \"\",\n })\ncloud_identity_group_membership_basic = gcp.cloudidentity.GroupMembership(\"cloud_identity_group_membership_basic\",\n group=group.id,\n preferred_member_key={\n \"id\": \"cloud_identity_user@example.com\",\n },\n roles=[\n {\n \"name\": \"MEMBER\",\n },\n {\n \"name\": \"MANAGER\",\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @group = new Gcp.CloudIdentity.Group(\"group\", new()\n {\n DisplayName = \"my-identity-group\",\n Parent = \"customers/A01b123xz\",\n GroupKey = new Gcp.CloudIdentity.Inputs.GroupGroupKeyArgs\n {\n Id = \"my-identity-group@example.com\",\n },\n Labels = \n {\n { \"cloudidentity.googleapis.com/groups.discussion_forum\", \"\" },\n },\n });\n\n var cloudIdentityGroupMembershipBasic = new Gcp.CloudIdentity.GroupMembership(\"cloud_identity_group_membership_basic\", new()\n {\n Group = @group.Id,\n PreferredMemberKey = new Gcp.CloudIdentity.Inputs.GroupMembershipPreferredMemberKeyArgs\n {\n Id = \"cloud_identity_user@example.com\",\n },\n Roles = new[]\n {\n new Gcp.CloudIdentity.Inputs.GroupMembershipRoleArgs\n {\n Name = \"MEMBER\",\n },\n new Gcp.CloudIdentity.Inputs.GroupMembershipRoleArgs\n {\n Name = \"MANAGER\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudidentity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tgroup, err := cloudidentity.NewGroup(ctx, \"group\", \u0026cloudidentity.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"my-identity-group\"),\n\t\t\tParent: pulumi.String(\"customers/A01b123xz\"),\n\t\t\tGroupKey: \u0026cloudidentity.GroupGroupKeyArgs{\n\t\t\t\tId: pulumi.String(\"my-identity-group@example.com\"),\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"cloudidentity.googleapis.com/groups.discussion_forum\": pulumi.String(\"\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudidentity.NewGroupMembership(ctx, \"cloud_identity_group_membership_basic\", \u0026cloudidentity.GroupMembershipArgs{\n\t\t\tGroup: group.ID(),\n\t\t\tPreferredMemberKey: \u0026cloudidentity.GroupMembershipPreferredMemberKeyArgs{\n\t\t\t\tId: pulumi.String(\"cloud_identity_user@example.com\"),\n\t\t\t},\n\t\t\tRoles: cloudidentity.GroupMembershipRoleArray{\n\t\t\t\t\u0026cloudidentity.GroupMembershipRoleArgs{\n\t\t\t\t\tName: pulumi.String(\"MEMBER\"),\n\t\t\t\t},\n\t\t\t\t\u0026cloudidentity.GroupMembershipRoleArgs{\n\t\t\t\t\tName: pulumi.String(\"MANAGER\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudidentity.Group;\nimport com.pulumi.gcp.cloudidentity.GroupArgs;\nimport com.pulumi.gcp.cloudidentity.inputs.GroupGroupKeyArgs;\nimport com.pulumi.gcp.cloudidentity.GroupMembership;\nimport com.pulumi.gcp.cloudidentity.GroupMembershipArgs;\nimport com.pulumi.gcp.cloudidentity.inputs.GroupMembershipPreferredMemberKeyArgs;\nimport com.pulumi.gcp.cloudidentity.inputs.GroupMembershipRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var group = new Group(\"group\", GroupArgs.builder()\n .displayName(\"my-identity-group\")\n .parent(\"customers/A01b123xz\")\n .groupKey(GroupGroupKeyArgs.builder()\n .id(\"my-identity-group@example.com\")\n .build())\n .labels(Map.of(\"cloudidentity.googleapis.com/groups.discussion_forum\", \"\"))\n .build());\n\n var cloudIdentityGroupMembershipBasic = new GroupMembership(\"cloudIdentityGroupMembershipBasic\", GroupMembershipArgs.builder()\n .group(group.id())\n .preferredMemberKey(GroupMembershipPreferredMemberKeyArgs.builder()\n .id(\"cloud_identity_user@example.com\")\n .build())\n .roles( \n GroupMembershipRoleArgs.builder()\n .name(\"MEMBER\")\n .build(),\n GroupMembershipRoleArgs.builder()\n .name(\"MANAGER\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n group:\n type: gcp:cloudidentity:Group\n properties:\n displayName: my-identity-group\n parent: customers/A01b123xz\n groupKey:\n id: my-identity-group@example.com\n labels:\n cloudidentity.googleapis.com/groups.discussion_forum: \"\"\n cloudIdentityGroupMembershipBasic:\n type: gcp:cloudidentity:GroupMembership\n name: cloud_identity_group_membership_basic\n properties:\n group: ${group.id}\n preferredMemberKey:\n id: cloud_identity_user@example.com\n roles:\n - name: MEMBER\n - name: MANAGER\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGroupMembership can be imported using any of these accepted formats:\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, GroupMembership can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:cloudidentity/groupMembership:GroupMembership default {{name}}\n```\n\n", "properties": { "createTime": { "type": "string", @@ -155091,7 +155091,7 @@ } }, "gcp:cloudids/endpoint:Endpoint": { - "description": "Cloud IDS is an intrusion detection service that provides threat detection for intrusions, malware, spyware, and command-and-control attacks on your network.\n\n\nTo get more information about Endpoint, see:\n\n* [API documentation](https://cloud.google.com/intrusion-detection-system/docs/configuring-ids)\n\n## Example Usage\n\n### Cloudids Endpoint\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.Network(\"default\", {name: \"tf-test-my-network\"});\nconst serviceRange = new gcp.compute.GlobalAddress(\"service_range\", {\n name: \"address\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: _default.id,\n});\nconst privateServiceConnection = new gcp.servicenetworking.Connection(\"private_service_connection\", {\n network: _default.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [serviceRange.name],\n});\nconst example_endpoint = new gcp.cloudids.Endpoint(\"example-endpoint\", {\n name: \"test\",\n location: \"us-central1-f\",\n network: _default.id,\n severity: \"INFORMATIONAL\",\n}, {\n dependsOn: [privateServiceConnection],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.Network(\"default\", name=\"tf-test-my-network\")\nservice_range = gcp.compute.GlobalAddress(\"service_range\",\n name=\"address\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=default.id)\nprivate_service_connection = gcp.servicenetworking.Connection(\"private_service_connection\",\n network=default.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[service_range.name])\nexample_endpoint = gcp.cloudids.Endpoint(\"example-endpoint\",\n name=\"test\",\n location=\"us-central1-f\",\n network=default.id,\n severity=\"INFORMATIONAL\",\n opts = pulumi.ResourceOptions(depends_on=[private_service_connection]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"tf-test-my-network\",\n });\n\n var serviceRange = new Gcp.Compute.GlobalAddress(\"service_range\", new()\n {\n Name = \"address\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = @default.Id,\n });\n\n var privateServiceConnection = new Gcp.ServiceNetworking.Connection(\"private_service_connection\", new()\n {\n Network = @default.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n serviceRange.Name,\n },\n });\n\n var example_endpoint = new Gcp.CloudIds.Endpoint(\"example-endpoint\", new()\n {\n Name = \"test\",\n Location = \"us-central1-f\",\n Network = @default.Id,\n Severity = \"INFORMATIONAL\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n privateServiceConnection,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudids\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"tf-test-my-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tserviceRange, err := compute.NewGlobalAddress(ctx, \"service_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"address\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateServiceConnection, err := servicenetworking.NewConnection(ctx, \"private_service_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: _default.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tserviceRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudids.NewEndpoint(ctx, \"example-endpoint\", \u0026cloudids.EndpointArgs{\n\t\t\tName: pulumi.String(\"test\"),\n\t\t\tLocation: pulumi.String(\"us-central1-f\"),\n\t\t\tNetwork: _default.ID(),\n\t\t\tSeverity: pulumi.String(\"INFORMATIONAL\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tprivateServiceConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.cloudids.Endpoint;\nimport com.pulumi.gcp.cloudids.EndpointArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"tf-test-my-network\")\n .build());\n\n var serviceRange = new GlobalAddress(\"serviceRange\", GlobalAddressArgs.builder()\n .name(\"address\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(default_.id())\n .build());\n\n var privateServiceConnection = new Connection(\"privateServiceConnection\", ConnectionArgs.builder()\n .network(default_.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(serviceRange.name())\n .build());\n\n var example_endpoint = new Endpoint(\"example-endpoint\", EndpointArgs.builder()\n .name(\"test\")\n .location(\"us-central1-f\")\n .network(default_.id())\n .severity(\"INFORMATIONAL\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(privateServiceConnection)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:Network\n properties:\n name: tf-test-my-network\n serviceRange:\n type: gcp:compute:GlobalAddress\n name: service_range\n properties:\n name: address\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${default.id}\n privateServiceConnection:\n type: gcp:servicenetworking:Connection\n name: private_service_connection\n properties:\n network: ${default.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${serviceRange.name}\n example-endpoint:\n type: gcp:cloudids:Endpoint\n properties:\n name: test\n location: us-central1-f\n network: ${default.id}\n severity: INFORMATIONAL\n options:\n dependson:\n - ${privateServiceConnection}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nEndpoint can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/endpoints/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Endpoint can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:cloudids/endpoint:Endpoint default projects/{{project}}/locations/{{location}}/endpoints/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudids/endpoint:Endpoint default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudids/endpoint:Endpoint default {{location}}/{{name}}\n```\n\n", + "description": "Cloud IDS is an intrusion detection service that provides threat detection for intrusions, malware, spyware, and command-and-control attacks on your network.\n\n\nTo get more information about Endpoint, see:\n\n* [API documentation](https://cloud.google.com/intrusion-detection-system/docs/configuring-ids)\n\n## Example Usage\n\n### Cloudids Endpoint\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.Network(\"default\", {name: \"tf-test-my-network\"});\nconst serviceRange = new gcp.compute.GlobalAddress(\"service_range\", {\n name: \"address\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: _default.id,\n});\nconst privateServiceConnection = new gcp.servicenetworking.Connection(\"private_service_connection\", {\n network: _default.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [serviceRange.name],\n});\nconst example_endpoint = new gcp.cloudids.Endpoint(\"example-endpoint\", {\n name: \"test\",\n location: \"us-central1-f\",\n network: _default.id,\n severity: \"INFORMATIONAL\",\n}, {\n dependsOn: [privateServiceConnection],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.Network(\"default\", name=\"tf-test-my-network\")\nservice_range = gcp.compute.GlobalAddress(\"service_range\",\n name=\"address\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=default.id)\nprivate_service_connection = gcp.servicenetworking.Connection(\"private_service_connection\",\n network=default.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[service_range.name])\nexample_endpoint = gcp.cloudids.Endpoint(\"example-endpoint\",\n name=\"test\",\n location=\"us-central1-f\",\n network=default.id,\n severity=\"INFORMATIONAL\",\n opts = pulumi.ResourceOptions(depends_on=[private_service_connection]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"tf-test-my-network\",\n });\n\n var serviceRange = new Gcp.Compute.GlobalAddress(\"service_range\", new()\n {\n Name = \"address\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = @default.Id,\n });\n\n var privateServiceConnection = new Gcp.ServiceNetworking.Connection(\"private_service_connection\", new()\n {\n Network = @default.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n serviceRange.Name,\n },\n });\n\n var example_endpoint = new Gcp.CloudIds.Endpoint(\"example-endpoint\", new()\n {\n Name = \"test\",\n Location = \"us-central1-f\",\n Network = @default.Id,\n Severity = \"INFORMATIONAL\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n privateServiceConnection,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudids\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"tf-test-my-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tserviceRange, err := compute.NewGlobalAddress(ctx, \"service_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"address\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateServiceConnection, err := servicenetworking.NewConnection(ctx, \"private_service_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: _default.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tserviceRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudids.NewEndpoint(ctx, \"example-endpoint\", \u0026cloudids.EndpointArgs{\n\t\t\tName: pulumi.String(\"test\"),\n\t\t\tLocation: pulumi.String(\"us-central1-f\"),\n\t\t\tNetwork: _default.ID(),\n\t\t\tSeverity: pulumi.String(\"INFORMATIONAL\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tprivateServiceConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.cloudids.Endpoint;\nimport com.pulumi.gcp.cloudids.EndpointArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"tf-test-my-network\")\n .build());\n\n var serviceRange = new GlobalAddress(\"serviceRange\", GlobalAddressArgs.builder()\n .name(\"address\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(default_.id())\n .build());\n\n var privateServiceConnection = new Connection(\"privateServiceConnection\", ConnectionArgs.builder()\n .network(default_.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(serviceRange.name())\n .build());\n\n var example_endpoint = new Endpoint(\"example-endpoint\", EndpointArgs.builder()\n .name(\"test\")\n .location(\"us-central1-f\")\n .network(default_.id())\n .severity(\"INFORMATIONAL\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(privateServiceConnection)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:Network\n properties:\n name: tf-test-my-network\n serviceRange:\n type: gcp:compute:GlobalAddress\n name: service_range\n properties:\n name: address\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${default.id}\n privateServiceConnection:\n type: gcp:servicenetworking:Connection\n name: private_service_connection\n properties:\n network: ${default.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${serviceRange.name}\n example-endpoint:\n type: gcp:cloudids:Endpoint\n properties:\n name: test\n location: us-central1-f\n network: ${default.id}\n severity: INFORMATIONAL\n options:\n dependsOn:\n - ${privateServiceConnection}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nEndpoint can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/endpoints/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Endpoint can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:cloudids/endpoint:Endpoint default projects/{{project}}/locations/{{location}}/endpoints/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudids/endpoint:Endpoint default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudids/endpoint:Endpoint default {{location}}/{{name}}\n```\n\n", "properties": { "createTime": { "type": "string", @@ -155542,7 +155542,7 @@ } }, "gcp:cloudrun/iamBinding:IamBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud Run Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrun.IamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrun.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrun.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrun.IamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrun.IamPolicy` **cannot** be used in conjunction with `gcp.cloudrun.IamBinding` and `gcp.cloudrun.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrun.IamBinding` resources **can be** used in conjunction with `gcp.cloudrun.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrun.IamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrun.IamPolicy(\"policy\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrun.IamPolicy(\"policy\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRun.IamPolicy(\"policy\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrun.NewIamPolicy(ctx, \"policy\", \u0026cloudrun.IamPolicyArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrun.IamPolicy;\nimport com.pulumi.gcp.cloudrun.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrun:IamPolicy\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrun.IamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrun.IamBinding(\"binding\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrun.IamBinding(\"binding\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRun.IamBinding(\"binding\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamBinding(ctx, \"binding\", \u0026cloudrun.IamBindingArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamBinding;\nimport com.pulumi.gcp.cloudrun.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrun:IamBinding\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrun.IamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrun.IamMember(\"member\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrun.IamMember(\"member\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRun.IamMember(\"member\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamMember(ctx, \"member\", \u0026cloudrun.IamMemberArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamMember;\nimport com.pulumi.gcp.cloudrun.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrun:IamMember\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Run Service\nThree different resources help you manage your IAM policy for Cloud Run Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrun.IamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrun.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrun.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrun.IamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrun.IamPolicy` **cannot** be used in conjunction with `gcp.cloudrun.IamBinding` and `gcp.cloudrun.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrun.IamBinding` resources **can be** used in conjunction with `gcp.cloudrun.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrun.IamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrun.IamPolicy(\"policy\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrun.IamPolicy(\"policy\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRun.IamPolicy(\"policy\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrun.NewIamPolicy(ctx, \"policy\", \u0026cloudrun.IamPolicyArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrun.IamPolicy;\nimport com.pulumi.gcp.cloudrun.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrun:IamPolicy\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrun.IamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrun.IamBinding(\"binding\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrun.IamBinding(\"binding\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRun.IamBinding(\"binding\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamBinding(ctx, \"binding\", \u0026cloudrun.IamBindingArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamBinding;\nimport com.pulumi.gcp.cloudrun.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrun:IamBinding\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrun.IamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrun.IamMember(\"member\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrun.IamMember(\"member\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRun.IamMember(\"member\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamMember(ctx, \"member\", \u0026cloudrun.IamMemberArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamMember;\nimport com.pulumi.gcp.cloudrun.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrun:IamMember\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{service}}\n\n* {{project}}/{{location}}/{{service}}\n\n* {{location}}/{{service}}\n\n* {{service}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamBinding:IamBinding editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamBinding:IamBinding editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamBinding:IamBinding editor projects/{{project}}/locations/{{location}}/services/{{service}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Run Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrun.IamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrun.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrun.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrun.IamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrun.IamPolicy` **cannot** be used in conjunction with `gcp.cloudrun.IamBinding` and `gcp.cloudrun.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrun.IamBinding` resources **can be** used in conjunction with `gcp.cloudrun.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrun.IamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrun.IamPolicy(\"policy\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrun.IamPolicy(\"policy\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRun.IamPolicy(\"policy\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrun.NewIamPolicy(ctx, \"policy\", \u0026cloudrun.IamPolicyArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrun.IamPolicy;\nimport com.pulumi.gcp.cloudrun.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrun:IamPolicy\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrun.IamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrun.IamBinding(\"binding\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrun.IamBinding(\"binding\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRun.IamBinding(\"binding\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamBinding(ctx, \"binding\", \u0026cloudrun.IamBindingArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamBinding;\nimport com.pulumi.gcp.cloudrun.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrun:IamBinding\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrun.IamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrun.IamMember(\"member\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrun.IamMember(\"member\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRun.IamMember(\"member\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamMember(ctx, \"member\", \u0026cloudrun.IamMemberArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamMember;\nimport com.pulumi.gcp.cloudrun.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrun:IamMember\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Run Service\nThree different resources help you manage your IAM policy for Cloud Run Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrun.IamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrun.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrun.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrun.IamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrun.IamPolicy` **cannot** be used in conjunction with `gcp.cloudrun.IamBinding` and `gcp.cloudrun.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrun.IamBinding` resources **can be** used in conjunction with `gcp.cloudrun.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrun.IamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrun.IamPolicy(\"policy\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrun.IamPolicy(\"policy\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRun.IamPolicy(\"policy\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrun.NewIamPolicy(ctx, \"policy\", \u0026cloudrun.IamPolicyArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrun.IamPolicy;\nimport com.pulumi.gcp.cloudrun.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrun:IamPolicy\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrun.IamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrun.IamBinding(\"binding\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrun.IamBinding(\"binding\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRun.IamBinding(\"binding\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamBinding(ctx, \"binding\", \u0026cloudrun.IamBindingArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamBinding;\nimport com.pulumi.gcp.cloudrun.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrun:IamBinding\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrun.IamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrun.IamMember(\"member\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrun.IamMember(\"member\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRun.IamMember(\"member\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamMember(ctx, \"member\", \u0026cloudrun.IamMemberArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamMember;\nimport com.pulumi.gcp.cloudrun.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrun:IamMember\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{service}}\n\n* {{project}}/{{location}}/{{service}}\n\n* {{location}}/{{service}}\n\n* {{service}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamBinding:IamBinding editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamBinding:IamBinding editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamBinding:IamBinding editor projects/{{project}}/locations/{{location}}/services/{{service}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:cloudrun/IamBindingCondition:IamBindingCondition" @@ -155664,7 +155664,7 @@ } }, "gcp:cloudrun/iamMember:IamMember": { - "description": "Three different resources help you manage your IAM policy for Cloud Run Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrun.IamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrun.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrun.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrun.IamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrun.IamPolicy` **cannot** be used in conjunction with `gcp.cloudrun.IamBinding` and `gcp.cloudrun.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrun.IamBinding` resources **can be** used in conjunction with `gcp.cloudrun.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrun.IamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrun.IamPolicy(\"policy\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrun.IamPolicy(\"policy\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRun.IamPolicy(\"policy\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrun.NewIamPolicy(ctx, \"policy\", \u0026cloudrun.IamPolicyArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrun.IamPolicy;\nimport com.pulumi.gcp.cloudrun.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrun:IamPolicy\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrun.IamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrun.IamBinding(\"binding\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrun.IamBinding(\"binding\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRun.IamBinding(\"binding\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamBinding(ctx, \"binding\", \u0026cloudrun.IamBindingArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamBinding;\nimport com.pulumi.gcp.cloudrun.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrun:IamBinding\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrun.IamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrun.IamMember(\"member\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrun.IamMember(\"member\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRun.IamMember(\"member\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamMember(ctx, \"member\", \u0026cloudrun.IamMemberArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamMember;\nimport com.pulumi.gcp.cloudrun.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrun:IamMember\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Run Service\nThree different resources help you manage your IAM policy for Cloud Run Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrun.IamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrun.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrun.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrun.IamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrun.IamPolicy` **cannot** be used in conjunction with `gcp.cloudrun.IamBinding` and `gcp.cloudrun.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrun.IamBinding` resources **can be** used in conjunction with `gcp.cloudrun.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrun.IamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrun.IamPolicy(\"policy\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrun.IamPolicy(\"policy\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRun.IamPolicy(\"policy\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrun.NewIamPolicy(ctx, \"policy\", \u0026cloudrun.IamPolicyArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrun.IamPolicy;\nimport com.pulumi.gcp.cloudrun.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrun:IamPolicy\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrun.IamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrun.IamBinding(\"binding\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrun.IamBinding(\"binding\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRun.IamBinding(\"binding\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamBinding(ctx, \"binding\", \u0026cloudrun.IamBindingArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamBinding;\nimport com.pulumi.gcp.cloudrun.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrun:IamBinding\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrun.IamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrun.IamMember(\"member\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrun.IamMember(\"member\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRun.IamMember(\"member\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamMember(ctx, \"member\", \u0026cloudrun.IamMemberArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamMember;\nimport com.pulumi.gcp.cloudrun.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrun:IamMember\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{service}}\n\n* {{project}}/{{location}}/{{service}}\n\n* {{location}}/{{service}}\n\n* {{service}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamMember:IamMember editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamMember:IamMember editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamMember:IamMember editor projects/{{project}}/locations/{{location}}/services/{{service}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Run Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrun.IamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrun.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrun.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrun.IamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrun.IamPolicy` **cannot** be used in conjunction with `gcp.cloudrun.IamBinding` and `gcp.cloudrun.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrun.IamBinding` resources **can be** used in conjunction with `gcp.cloudrun.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrun.IamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrun.IamPolicy(\"policy\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrun.IamPolicy(\"policy\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRun.IamPolicy(\"policy\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrun.NewIamPolicy(ctx, \"policy\", \u0026cloudrun.IamPolicyArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrun.IamPolicy;\nimport com.pulumi.gcp.cloudrun.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrun:IamPolicy\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrun.IamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrun.IamBinding(\"binding\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrun.IamBinding(\"binding\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRun.IamBinding(\"binding\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamBinding(ctx, \"binding\", \u0026cloudrun.IamBindingArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamBinding;\nimport com.pulumi.gcp.cloudrun.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrun:IamBinding\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrun.IamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrun.IamMember(\"member\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrun.IamMember(\"member\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRun.IamMember(\"member\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamMember(ctx, \"member\", \u0026cloudrun.IamMemberArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamMember;\nimport com.pulumi.gcp.cloudrun.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrun:IamMember\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Run Service\nThree different resources help you manage your IAM policy for Cloud Run Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrun.IamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrun.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrun.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrun.IamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrun.IamPolicy` **cannot** be used in conjunction with `gcp.cloudrun.IamBinding` and `gcp.cloudrun.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrun.IamBinding` resources **can be** used in conjunction with `gcp.cloudrun.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrun.IamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrun.IamPolicy(\"policy\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrun.IamPolicy(\"policy\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRun.IamPolicy(\"policy\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrun.NewIamPolicy(ctx, \"policy\", \u0026cloudrun.IamPolicyArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrun.IamPolicy;\nimport com.pulumi.gcp.cloudrun.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrun:IamPolicy\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrun.IamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrun.IamBinding(\"binding\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrun.IamBinding(\"binding\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRun.IamBinding(\"binding\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamBinding(ctx, \"binding\", \u0026cloudrun.IamBindingArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamBinding;\nimport com.pulumi.gcp.cloudrun.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrun:IamBinding\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrun.IamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrun.IamMember(\"member\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrun.IamMember(\"member\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRun.IamMember(\"member\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamMember(ctx, \"member\", \u0026cloudrun.IamMemberArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamMember;\nimport com.pulumi.gcp.cloudrun.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrun:IamMember\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{service}}\n\n* {{project}}/{{location}}/{{service}}\n\n* {{location}}/{{service}}\n\n* {{service}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamMember:IamMember editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamMember:IamMember editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamMember:IamMember editor projects/{{project}}/locations/{{location}}/services/{{service}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:cloudrun/IamMemberCondition:IamMemberCondition" @@ -155779,7 +155779,7 @@ } }, "gcp:cloudrun/iamPolicy:IamPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud Run Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrun.IamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrun.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrun.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrun.IamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrun.IamPolicy` **cannot** be used in conjunction with `gcp.cloudrun.IamBinding` and `gcp.cloudrun.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrun.IamBinding` resources **can be** used in conjunction with `gcp.cloudrun.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrun.IamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrun.IamPolicy(\"policy\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrun.IamPolicy(\"policy\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRun.IamPolicy(\"policy\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrun.NewIamPolicy(ctx, \"policy\", \u0026cloudrun.IamPolicyArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrun.IamPolicy;\nimport com.pulumi.gcp.cloudrun.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrun:IamPolicy\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrun.IamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrun.IamBinding(\"binding\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrun.IamBinding(\"binding\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRun.IamBinding(\"binding\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamBinding(ctx, \"binding\", \u0026cloudrun.IamBindingArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamBinding;\nimport com.pulumi.gcp.cloudrun.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrun:IamBinding\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrun.IamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrun.IamMember(\"member\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrun.IamMember(\"member\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRun.IamMember(\"member\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamMember(ctx, \"member\", \u0026cloudrun.IamMemberArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamMember;\nimport com.pulumi.gcp.cloudrun.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrun:IamMember\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Run Service\nThree different resources help you manage your IAM policy for Cloud Run Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrun.IamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrun.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrun.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrun.IamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrun.IamPolicy` **cannot** be used in conjunction with `gcp.cloudrun.IamBinding` and `gcp.cloudrun.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrun.IamBinding` resources **can be** used in conjunction with `gcp.cloudrun.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrun.IamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrun.IamPolicy(\"policy\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrun.IamPolicy(\"policy\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRun.IamPolicy(\"policy\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrun.NewIamPolicy(ctx, \"policy\", \u0026cloudrun.IamPolicyArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrun.IamPolicy;\nimport com.pulumi.gcp.cloudrun.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrun:IamPolicy\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrun.IamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrun.IamBinding(\"binding\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrun.IamBinding(\"binding\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRun.IamBinding(\"binding\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamBinding(ctx, \"binding\", \u0026cloudrun.IamBindingArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamBinding;\nimport com.pulumi.gcp.cloudrun.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrun:IamBinding\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrun.IamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrun.IamMember(\"member\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrun.IamMember(\"member\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRun.IamMember(\"member\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamMember(ctx, \"member\", \u0026cloudrun.IamMemberArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamMember;\nimport com.pulumi.gcp.cloudrun.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrun:IamMember\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{service}}\n\n* {{project}}/{{location}}/{{service}}\n\n* {{location}}/{{service}}\n\n* {{service}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamPolicy:IamPolicy editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamPolicy:IamPolicy editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamPolicy:IamPolicy editor projects/{{project}}/locations/{{location}}/services/{{service}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Run Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrun.IamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrun.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrun.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrun.IamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrun.IamPolicy` **cannot** be used in conjunction with `gcp.cloudrun.IamBinding` and `gcp.cloudrun.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrun.IamBinding` resources **can be** used in conjunction with `gcp.cloudrun.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrun.IamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrun.IamPolicy(\"policy\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrun.IamPolicy(\"policy\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRun.IamPolicy(\"policy\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrun.NewIamPolicy(ctx, \"policy\", \u0026cloudrun.IamPolicyArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrun.IamPolicy;\nimport com.pulumi.gcp.cloudrun.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrun:IamPolicy\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrun.IamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrun.IamBinding(\"binding\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrun.IamBinding(\"binding\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRun.IamBinding(\"binding\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamBinding(ctx, \"binding\", \u0026cloudrun.IamBindingArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamBinding;\nimport com.pulumi.gcp.cloudrun.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrun:IamBinding\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrun.IamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrun.IamMember(\"member\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrun.IamMember(\"member\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRun.IamMember(\"member\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamMember(ctx, \"member\", \u0026cloudrun.IamMemberArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamMember;\nimport com.pulumi.gcp.cloudrun.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrun:IamMember\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Run Service\nThree different resources help you manage your IAM policy for Cloud Run Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrun.IamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrun.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrun.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrun.IamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrun.IamPolicy` **cannot** be used in conjunction with `gcp.cloudrun.IamBinding` and `gcp.cloudrun.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrun.IamBinding` resources **can be** used in conjunction with `gcp.cloudrun.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrun.IamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrun.IamPolicy(\"policy\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrun.IamPolicy(\"policy\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRun.IamPolicy(\"policy\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrun.NewIamPolicy(ctx, \"policy\", \u0026cloudrun.IamPolicyArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrun.IamPolicy;\nimport com.pulumi.gcp.cloudrun.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrun:IamPolicy\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrun.IamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrun.IamBinding(\"binding\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrun.IamBinding(\"binding\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRun.IamBinding(\"binding\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamBinding(ctx, \"binding\", \u0026cloudrun.IamBindingArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamBinding;\nimport com.pulumi.gcp.cloudrun.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrun:IamBinding\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrun.IamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrun.IamMember(\"member\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrun.IamMember(\"member\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRun.IamMember(\"member\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamMember(ctx, \"member\", \u0026cloudrun.IamMemberArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamMember;\nimport com.pulumi.gcp.cloudrun.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrun:IamMember\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{service}}\n\n* {{project}}/{{location}}/{{service}}\n\n* {{location}}/{{service}}\n\n* {{service}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamPolicy:IamPolicy editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamPolicy:IamPolicy editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamPolicy:IamPolicy editor projects/{{project}}/locations/{{location}}/services/{{service}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -155865,7 +155865,7 @@ } }, "gcp:cloudrun/service:Service": { - "description": "A Cloud Run service has a unique endpoint and autoscales containers.\n\n\nTo get more information about Service, see:\n\n* [API documentation](https://cloud.google.com/run/docs/reference/rest/v1/namespaces.services)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/run/docs/)\n\n\u003e **Warning:** We recommend using the `gcp.cloudrunv2.Service` resource which offers a better\ndeveloper experience and broader support of Cloud Run features.\n\n## Example Usage\n\n### Cloud Run Service Pubsub\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrun.Service(\"default\", {\n name: \"cloud_run_service_name\",\n location: \"us-central1\",\n template: {\n spec: {\n containers: [{\n image: \"gcr.io/cloudrun/hello\",\n }],\n },\n },\n traffics: [{\n percent: 100,\n latestRevision: true,\n }],\n});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"cloud-run-pubsub-invoker\",\n displayName: \"Cloud Run Pub/Sub Invoker\",\n});\nconst binding = new gcp.cloudrun.IamBinding(\"binding\", {\n location: _default.location,\n service: _default.name,\n role: \"roles/run.invoker\",\n members: [pulumi.interpolate`serviceAccount:${sa.email}`],\n});\nconst project = new gcp.projects.IAMBinding(\"project\", {\n role: \"roles/iam.serviceAccountTokenCreator\",\n members: [pulumi.interpolate`serviceAccount:${sa.email}`],\n});\nconst topic = new gcp.pubsub.Topic(\"topic\", {name: \"pubsub_topic\"});\nconst subscription = new gcp.pubsub.Subscription(\"subscription\", {\n name: \"pubsub_subscription\",\n topic: topic.name,\n pushConfig: {\n pushEndpoint: _default.statuses.apply(statuses =\u003e statuses[0].url),\n oidcToken: {\n serviceAccountEmail: sa.email,\n },\n attributes: {\n \"x-goog-version\": \"v1\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrun.Service(\"default\",\n name=\"cloud_run_service_name\",\n location=\"us-central1\",\n template={\n \"spec\": {\n \"containers\": [{\n \"image\": \"gcr.io/cloudrun/hello\",\n }],\n },\n },\n traffics=[{\n \"percent\": 100,\n \"latest_revision\": True,\n }])\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"cloud-run-pubsub-invoker\",\n display_name=\"Cloud Run Pub/Sub Invoker\")\nbinding = gcp.cloudrun.IamBinding(\"binding\",\n location=default.location,\n service=default.name,\n role=\"roles/run.invoker\",\n members=[sa.email.apply(lambda email: f\"serviceAccount:{email}\")])\nproject = gcp.projects.IAMBinding(\"project\",\n role=\"roles/iam.serviceAccountTokenCreator\",\n members=[sa.email.apply(lambda email: f\"serviceAccount:{email}\")])\ntopic = gcp.pubsub.Topic(\"topic\", name=\"pubsub_topic\")\nsubscription = gcp.pubsub.Subscription(\"subscription\",\n name=\"pubsub_subscription\",\n topic=topic.name,\n push_config={\n \"push_endpoint\": default.statuses[0].url,\n \"oidc_token\": {\n \"service_account_email\": sa.email,\n },\n \"attributes\": {\n \"x-goog-version\": \"v1\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRun.Service(\"default\", new()\n {\n Name = \"cloud_run_service_name\",\n Location = \"us-central1\",\n Template = new Gcp.CloudRun.Inputs.ServiceTemplateArgs\n {\n Spec = new Gcp.CloudRun.Inputs.ServiceTemplateSpecArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerArgs\n {\n Image = \"gcr.io/cloudrun/hello\",\n },\n },\n },\n },\n Traffics = new[]\n {\n new Gcp.CloudRun.Inputs.ServiceTrafficArgs\n {\n Percent = 100,\n LatestRevision = true,\n },\n },\n });\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"cloud-run-pubsub-invoker\",\n DisplayName = \"Cloud Run Pub/Sub Invoker\",\n });\n\n var binding = new Gcp.CloudRun.IamBinding(\"binding\", new()\n {\n Location = @default.Location,\n Service = @default.Name,\n Role = \"roles/run.invoker\",\n Members = new[]\n {\n sa.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n },\n });\n\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Role = \"roles/iam.serviceAccountTokenCreator\",\n Members = new[]\n {\n sa.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n },\n });\n\n var topic = new Gcp.PubSub.Topic(\"topic\", new()\n {\n Name = \"pubsub_topic\",\n });\n\n var subscription = new Gcp.PubSub.Subscription(\"subscription\", new()\n {\n Name = \"pubsub_subscription\",\n Topic = topic.Name,\n PushConfig = new Gcp.PubSub.Inputs.SubscriptionPushConfigArgs\n {\n PushEndpoint = @default.Statuses.Apply(statuses =\u003e statuses[0].Url),\n OidcToken = new Gcp.PubSub.Inputs.SubscriptionPushConfigOidcTokenArgs\n {\n ServiceAccountEmail = sa.Email,\n },\n Attributes = \n {\n { \"x-goog-version\", \"v1\" },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewService(ctx, \"default\", \u0026cloudrun.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloud_run_service_name\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTemplate: \u0026cloudrun.ServiceTemplateArgs{\n\t\t\t\tSpec: \u0026cloudrun.ServiceTemplateSpecArgs{\n\t\t\t\t\tContainers: cloudrun.ServiceTemplateSpecContainerArray{\n\t\t\t\t\t\t\u0026cloudrun.ServiceTemplateSpecContainerArgs{\n\t\t\t\t\t\t\tImage: pulumi.String(\"gcr.io/cloudrun/hello\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTraffics: cloudrun.ServiceTrafficArray{\n\t\t\t\t\u0026cloudrun.ServiceTrafficArgs{\n\t\t\t\t\tPercent: pulumi.Int(100),\n\t\t\t\t\tLatestRevision: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"cloud-run-pubsub-invoker\"),\n\t\t\tDisplayName: pulumi.String(\"Cloud Run Pub/Sub Invoker\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrun.NewIamBinding(ctx, \"binding\", \u0026cloudrun.IamBindingArgs{\n\t\t\tLocation: _default.Location,\n\t\t\tService: _default.Name,\n\t\t\tRole: pulumi.String(\"roles/run.invoker\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tsa.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountTokenCreator\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tsa.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttopic, err := pubsub.NewTopic(ctx, \"topic\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"pubsub_topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscription(ctx, \"subscription\", \u0026pubsub.SubscriptionArgs{\n\t\t\tName: pulumi.String(\"pubsub_subscription\"),\n\t\t\tTopic: topic.Name,\n\t\t\tPushConfig: \u0026pubsub.SubscriptionPushConfigArgs{\n\t\t\t\tPushEndpoint: _default.Statuses.ApplyT(func(statuses []cloudrun.ServiceStatus) (*string, error) {\n\t\t\t\t\treturn \u0026statuses[0].Url, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\tOidcToken: \u0026pubsub.SubscriptionPushConfigOidcTokenArgs{\n\t\t\t\t\tServiceAccountEmail: sa.Email,\n\t\t\t\t},\n\t\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\t\"x-goog-version\": pulumi.String(\"v1\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.Service;\nimport com.pulumi.gcp.cloudrun.ServiceArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTemplateArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTemplateSpecArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTrafficArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.cloudrun.IamBinding;\nimport com.pulumi.gcp.cloudrun.IamBindingArgs;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.pubsub.Subscription;\nimport com.pulumi.gcp.pubsub.SubscriptionArgs;\nimport com.pulumi.gcp.pubsub.inputs.SubscriptionPushConfigArgs;\nimport com.pulumi.gcp.pubsub.inputs.SubscriptionPushConfigOidcTokenArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloud_run_service_name\")\n .location(\"us-central1\")\n .template(ServiceTemplateArgs.builder()\n .spec(ServiceTemplateSpecArgs.builder()\n .containers(ServiceTemplateSpecContainerArgs.builder()\n .image(\"gcr.io/cloudrun/hello\")\n .build())\n .build())\n .build())\n .traffics(ServiceTrafficArgs.builder()\n .percent(100)\n .latestRevision(true)\n .build())\n .build());\n\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"cloud-run-pubsub-invoker\")\n .displayName(\"Cloud Run Pub/Sub Invoker\")\n .build());\n\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder()\n .location(default_.location())\n .service(default_.name())\n .role(\"roles/run.invoker\")\n .members(sa.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder()\n .role(\"roles/iam.serviceAccountTokenCreator\")\n .members(sa.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n var topic = new Topic(\"topic\", TopicArgs.builder()\n .name(\"pubsub_topic\")\n .build());\n\n var subscription = new Subscription(\"subscription\", SubscriptionArgs.builder()\n .name(\"pubsub_subscription\")\n .topic(topic.name())\n .pushConfig(SubscriptionPushConfigArgs.builder()\n .pushEndpoint(default_.statuses().applyValue(statuses -\u003e statuses[0].url()))\n .oidcToken(SubscriptionPushConfigOidcTokenArgs.builder()\n .serviceAccountEmail(sa.email())\n .build())\n .attributes(Map.of(\"x-goog-version\", \"v1\"))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrun:Service\n properties:\n name: cloud_run_service_name\n location: us-central1\n template:\n spec:\n containers:\n - image: gcr.io/cloudrun/hello\n traffics:\n - percent: 100\n latestRevision: true\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: cloud-run-pubsub-invoker\n displayName: Cloud Run Pub/Sub Invoker\n binding:\n type: gcp:cloudrun:IamBinding\n properties:\n location: ${default.location}\n service: ${default.name}\n role: roles/run.invoker\n members:\n - serviceAccount:${sa.email}\n project:\n type: gcp:projects:IAMBinding\n properties:\n role: roles/iam.serviceAccountTokenCreator\n members:\n - serviceAccount:${sa.email}\n topic:\n type: gcp:pubsub:Topic\n properties:\n name: pubsub_topic\n subscription:\n type: gcp:pubsub:Subscription\n properties:\n name: pubsub_subscription\n topic: ${topic.name}\n pushConfig:\n pushEndpoint: ${default.statuses[0].url}\n oidcToken:\n serviceAccountEmail: ${sa.email}\n attributes:\n x-goog-version: v1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Cloud Run Service Basic\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrun.Service(\"default\", {\n name: \"cloudrun-srv\",\n location: \"us-central1\",\n template: {\n spec: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n },\n },\n traffics: [{\n percent: 100,\n latestRevision: true,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrun.Service(\"default\",\n name=\"cloudrun-srv\",\n location=\"us-central1\",\n template={\n \"spec\": {\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n },\n },\n traffics=[{\n \"percent\": 100,\n \"latest_revision\": True,\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRun.Service(\"default\", new()\n {\n Name = \"cloudrun-srv\",\n Location = \"us-central1\",\n Template = new Gcp.CloudRun.Inputs.ServiceTemplateArgs\n {\n Spec = new Gcp.CloudRun.Inputs.ServiceTemplateSpecArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n },\n },\n },\n },\n Traffics = new[]\n {\n new Gcp.CloudRun.Inputs.ServiceTrafficArgs\n {\n Percent = 100,\n LatestRevision = true,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewService(ctx, \"default\", \u0026cloudrun.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-srv\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTemplate: \u0026cloudrun.ServiceTemplateArgs{\n\t\t\t\tSpec: \u0026cloudrun.ServiceTemplateSpecArgs{\n\t\t\t\t\tContainers: cloudrun.ServiceTemplateSpecContainerArray{\n\t\t\t\t\t\t\u0026cloudrun.ServiceTemplateSpecContainerArgs{\n\t\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTraffics: cloudrun.ServiceTrafficArray{\n\t\t\t\t\u0026cloudrun.ServiceTrafficArgs{\n\t\t\t\t\tPercent: pulumi.Int(100),\n\t\t\t\t\tLatestRevision: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.Service;\nimport com.pulumi.gcp.cloudrun.ServiceArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTemplateArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTemplateSpecArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTrafficArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-srv\")\n .location(\"us-central1\")\n .template(ServiceTemplateArgs.builder()\n .spec(ServiceTemplateSpecArgs.builder()\n .containers(ServiceTemplateSpecContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .build())\n .build())\n .build())\n .traffics(ServiceTrafficArgs.builder()\n .percent(100)\n .latestRevision(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrun:Service\n properties:\n name: cloudrun-srv\n location: us-central1\n template:\n spec:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/hello\n traffics:\n - percent: 100\n latestRevision: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloud Run Service Gpu\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrun.Service(\"default\", {\n name: \"cloudrun-srv\",\n location: \"us-central1\",\n metadata: {\n annotations: {\n \"run.googleapis.com/launch-stage\": \"BETA\",\n },\n },\n template: {\n metadata: {\n annotations: {\n \"autoscaling.knative.dev/maxScale\": \"1\",\n \"run.googleapis.com/cpu-throttling\": \"false\",\n },\n },\n spec: {\n containers: [{\n image: \"gcr.io/cloudrun/hello\",\n resources: {\n limits: {\n cpu: \"4\",\n memory: \"16Gi\",\n \"nvidia.com/gpu\": \"1\",\n },\n },\n }],\n nodeSelector: {\n \"run.googleapis.com/accelerator\": \"nvidia-l4\",\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrun.Service(\"default\",\n name=\"cloudrun-srv\",\n location=\"us-central1\",\n metadata={\n \"annotations\": {\n \"run.googleapis.com/launch-stage\": \"BETA\",\n },\n },\n template={\n \"metadata\": {\n \"annotations\": {\n \"autoscaling.knative.dev/maxScale\": \"1\",\n \"run.googleapis.com/cpu-throttling\": \"false\",\n },\n },\n \"spec\": {\n \"containers\": [{\n \"image\": \"gcr.io/cloudrun/hello\",\n \"resources\": {\n \"limits\": {\n \"cpu\": \"4\",\n \"memory\": \"16Gi\",\n \"nvidia.com/gpu\": \"1\",\n },\n },\n }],\n \"node_selector\": {\n \"run.googleapis.com/accelerator\": \"nvidia-l4\",\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRun.Service(\"default\", new()\n {\n Name = \"cloudrun-srv\",\n Location = \"us-central1\",\n Metadata = new Gcp.CloudRun.Inputs.ServiceMetadataArgs\n {\n Annotations = \n {\n { \"run.googleapis.com/launch-stage\", \"BETA\" },\n },\n },\n Template = new Gcp.CloudRun.Inputs.ServiceTemplateArgs\n {\n Metadata = new Gcp.CloudRun.Inputs.ServiceTemplateMetadataArgs\n {\n Annotations = \n {\n { \"autoscaling.knative.dev/maxScale\", \"1\" },\n { \"run.googleapis.com/cpu-throttling\", \"false\" },\n },\n },\n Spec = new Gcp.CloudRun.Inputs.ServiceTemplateSpecArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerArgs\n {\n Image = \"gcr.io/cloudrun/hello\",\n Resources = new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerResourcesArgs\n {\n Limits = \n {\n { \"cpu\", \"4\" },\n { \"memory\", \"16Gi\" },\n { \"nvidia.com/gpu\", \"1\" },\n },\n },\n },\n },\n NodeSelector = \n {\n { \"run.googleapis.com/accelerator\", \"nvidia-l4\" },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewService(ctx, \"default\", \u0026cloudrun.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-srv\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tMetadata: \u0026cloudrun.ServiceMetadataArgs{\n\t\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\t\"run.googleapis.com/launch-stage\": pulumi.String(\"BETA\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTemplate: \u0026cloudrun.ServiceTemplateArgs{\n\t\t\t\tMetadata: \u0026cloudrun.ServiceTemplateMetadataArgs{\n\t\t\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\t\t\"autoscaling.knative.dev/maxScale\": pulumi.String(\"1\"),\n\t\t\t\t\t\t\"run.googleapis.com/cpu-throttling\": pulumi.String(\"false\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tSpec: \u0026cloudrun.ServiceTemplateSpecArgs{\n\t\t\t\t\tContainers: cloudrun.ServiceTemplateSpecContainerArray{\n\t\t\t\t\t\t\u0026cloudrun.ServiceTemplateSpecContainerArgs{\n\t\t\t\t\t\t\tImage: pulumi.String(\"gcr.io/cloudrun/hello\"),\n\t\t\t\t\t\t\tResources: \u0026cloudrun.ServiceTemplateSpecContainerResourcesArgs{\n\t\t\t\t\t\t\t\tLimits: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\t\"cpu\": pulumi.String(\"4\"),\n\t\t\t\t\t\t\t\t\t\"memory\": pulumi.String(\"16Gi\"),\n\t\t\t\t\t\t\t\t\t\"nvidia.com/gpu\": pulumi.String(\"1\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tNodeSelector: pulumi.StringMap{\n\t\t\t\t\t\t\"run.googleapis.com/accelerator\": pulumi.String(\"nvidia-l4\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.Service;\nimport com.pulumi.gcp.cloudrun.ServiceArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceMetadataArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTemplateArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTemplateMetadataArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTemplateSpecArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-srv\")\n .location(\"us-central1\")\n .metadata(ServiceMetadataArgs.builder()\n .annotations(Map.of(\"run.googleapis.com/launch-stage\", \"BETA\"))\n .build())\n .template(ServiceTemplateArgs.builder()\n .metadata(ServiceTemplateMetadataArgs.builder()\n .annotations(Map.ofEntries(\n Map.entry(\"autoscaling.knative.dev/maxScale\", \"1\"),\n Map.entry(\"run.googleapis.com/cpu-throttling\", \"false\")\n ))\n .build())\n .spec(ServiceTemplateSpecArgs.builder()\n .containers(ServiceTemplateSpecContainerArgs.builder()\n .image(\"gcr.io/cloudrun/hello\")\n .resources(ServiceTemplateSpecContainerResourcesArgs.builder()\n .limits(Map.ofEntries(\n Map.entry(\"cpu\", \"4\"),\n Map.entry(\"memory\", \"16Gi\"),\n Map.entry(\"nvidia.com/gpu\", \"1\")\n ))\n .build())\n .build())\n .nodeSelector(Map.of(\"run.googleapis.com/accelerator\", \"nvidia-l4\"))\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrun:Service\n properties:\n name: cloudrun-srv\n location: us-central1\n metadata:\n annotations:\n run.googleapis.com/launch-stage: BETA\n template:\n metadata:\n annotations:\n autoscaling.knative.dev/maxScale: '1'\n run.googleapis.com/cpu-throttling: 'false'\n spec:\n containers:\n - image: gcr.io/cloudrun/hello\n resources:\n limits:\n cpu: '4'\n memory: 16Gi\n nvidia.com/gpu: '1'\n nodeSelector:\n run.googleapis.com/accelerator: nvidia-l4\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloud Run Service Sql\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.sql.DatabaseInstance(\"instance\", {\n name: \"cloudrun-sql\",\n region: \"us-east1\",\n databaseVersion: \"MYSQL_5_7\",\n settings: {\n tier: \"db-f1-micro\",\n },\n deletionProtection: true,\n});\nconst _default = new gcp.cloudrun.Service(\"default\", {\n name: \"cloudrun-srv\",\n location: \"us-central1\",\n template: {\n spec: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n },\n metadata: {\n annotations: {\n \"autoscaling.knative.dev/maxScale\": \"1000\",\n \"run.googleapis.com/cloudsql-instances\": instance.connectionName,\n \"run.googleapis.com/client-name\": \"demo\",\n },\n },\n },\n autogenerateRevisionName: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.sql.DatabaseInstance(\"instance\",\n name=\"cloudrun-sql\",\n region=\"us-east1\",\n database_version=\"MYSQL_5_7\",\n settings={\n \"tier\": \"db-f1-micro\",\n },\n deletion_protection=True)\ndefault = gcp.cloudrun.Service(\"default\",\n name=\"cloudrun-srv\",\n location=\"us-central1\",\n template={\n \"spec\": {\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n },\n \"metadata\": {\n \"annotations\": {\n \"autoscaling.knative.dev/maxScale\": \"1000\",\n \"run.googleapis.com/cloudsql-instances\": instance.connection_name,\n \"run.googleapis.com/client-name\": \"demo\",\n },\n },\n },\n autogenerate_revision_name=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Sql.DatabaseInstance(\"instance\", new()\n {\n Name = \"cloudrun-sql\",\n Region = \"us-east1\",\n DatabaseVersion = \"MYSQL_5_7\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n },\n DeletionProtection = true,\n });\n\n var @default = new Gcp.CloudRun.Service(\"default\", new()\n {\n Name = \"cloudrun-srv\",\n Location = \"us-central1\",\n Template = new Gcp.CloudRun.Inputs.ServiceTemplateArgs\n {\n Spec = new Gcp.CloudRun.Inputs.ServiceTemplateSpecArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n },\n },\n },\n Metadata = new Gcp.CloudRun.Inputs.ServiceTemplateMetadataArgs\n {\n Annotations = \n {\n { \"autoscaling.knative.dev/maxScale\", \"1000\" },\n { \"run.googleapis.com/cloudsql-instances\", instance.ConnectionName },\n { \"run.googleapis.com/client-name\", \"demo\" },\n },\n },\n },\n AutogenerateRevisionName = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinstance, err := sql.NewDatabaseInstance(ctx, \"instance\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-sql\"),\n\t\t\tRegion: pulumi.String(\"us-east1\"),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_5_7\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrun.NewService(ctx, \"default\", \u0026cloudrun.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-srv\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTemplate: \u0026cloudrun.ServiceTemplateArgs{\n\t\t\t\tSpec: \u0026cloudrun.ServiceTemplateSpecArgs{\n\t\t\t\t\tContainers: cloudrun.ServiceTemplateSpecContainerArray{\n\t\t\t\t\t\t\u0026cloudrun.ServiceTemplateSpecContainerArgs{\n\t\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tMetadata: \u0026cloudrun.ServiceTemplateMetadataArgs{\n\t\t\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\t\t\"autoscaling.knative.dev/maxScale\": pulumi.String(\"1000\"),\n\t\t\t\t\t\t\"run.googleapis.com/cloudsql-instances\": instance.ConnectionName,\n\t\t\t\t\t\t\"run.googleapis.com/client-name\": pulumi.String(\"demo\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAutogenerateRevisionName: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.cloudrun.Service;\nimport com.pulumi.gcp.cloudrun.ServiceArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTemplateArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTemplateSpecArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTemplateMetadataArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new DatabaseInstance(\"instance\", DatabaseInstanceArgs.builder()\n .name(\"cloudrun-sql\")\n .region(\"us-east1\")\n .databaseVersion(\"MYSQL_5_7\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .build())\n .deletionProtection(true)\n .build());\n\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-srv\")\n .location(\"us-central1\")\n .template(ServiceTemplateArgs.builder()\n .spec(ServiceTemplateSpecArgs.builder()\n .containers(ServiceTemplateSpecContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .build())\n .build())\n .metadata(ServiceTemplateMetadataArgs.builder()\n .annotations(Map.ofEntries(\n Map.entry(\"autoscaling.knative.dev/maxScale\", \"1000\"),\n Map.entry(\"run.googleapis.com/cloudsql-instances\", instance.connectionName()),\n Map.entry(\"run.googleapis.com/client-name\", \"demo\")\n ))\n .build())\n .build())\n .autogenerateRevisionName(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrun:Service\n properties:\n name: cloudrun-srv\n location: us-central1\n template:\n spec:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/hello\n metadata:\n annotations:\n autoscaling.knative.dev/maxScale: '1000'\n run.googleapis.com/cloudsql-instances: ${instance.connectionName}\n run.googleapis.com/client-name: demo\n autogenerateRevisionName: true\n instance:\n type: gcp:sql:DatabaseInstance\n properties:\n name: cloudrun-sql\n region: us-east1\n databaseVersion: MYSQL_5_7\n settings:\n tier: db-f1-micro\n deletionProtection: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloud Run Service Noauth\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrun.Service(\"default\", {\n name: \"cloudrun-srv\",\n location: \"us-central1\",\n template: {\n spec: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n },\n },\n});\nconst noauth = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/run.invoker\",\n members: [\"allUsers\"],\n }],\n});\nconst noauthIamPolicy = new gcp.cloudrun.IamPolicy(\"noauth\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n policyData: noauth.then(noauth =\u003e noauth.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrun.Service(\"default\",\n name=\"cloudrun-srv\",\n location=\"us-central1\",\n template={\n \"spec\": {\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n },\n })\nnoauth = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/run.invoker\",\n \"members\": [\"allUsers\"],\n}])\nnoauth_iam_policy = gcp.cloudrun.IamPolicy(\"noauth\",\n location=default.location,\n project=default.project,\n service=default.name,\n policy_data=noauth.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRun.Service(\"default\", new()\n {\n Name = \"cloudrun-srv\",\n Location = \"us-central1\",\n Template = new Gcp.CloudRun.Inputs.ServiceTemplateArgs\n {\n Spec = new Gcp.CloudRun.Inputs.ServiceTemplateSpecArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n },\n },\n },\n },\n });\n\n var noauth = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/run.invoker\",\n Members = new[]\n {\n \"allUsers\",\n },\n },\n },\n });\n\n var noauthIamPolicy = new Gcp.CloudRun.IamPolicy(\"noauth\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n PolicyData = noauth.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewService(ctx, \"default\", \u0026cloudrun.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-srv\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTemplate: \u0026cloudrun.ServiceTemplateArgs{\n\t\t\t\tSpec: \u0026cloudrun.ServiceTemplateSpecArgs{\n\t\t\t\t\tContainers: cloudrun.ServiceTemplateSpecContainerArray{\n\t\t\t\t\t\t\u0026cloudrun.ServiceTemplateSpecContainerArgs{\n\t\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnoauth, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/run.invoker\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"allUsers\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrun.NewIamPolicy(ctx, \"noauth\", \u0026cloudrun.IamPolicyArgs{\n\t\t\tLocation: _default.Location,\n\t\t\tProject: _default.Project,\n\t\t\tService: _default.Name,\n\t\t\tPolicyData: pulumi.String(noauth.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.Service;\nimport com.pulumi.gcp.cloudrun.ServiceArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTemplateArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTemplateSpecArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrun.IamPolicy;\nimport com.pulumi.gcp.cloudrun.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-srv\")\n .location(\"us-central1\")\n .template(ServiceTemplateArgs.builder()\n .spec(ServiceTemplateSpecArgs.builder()\n .containers(ServiceTemplateSpecContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .build())\n .build())\n .build())\n .build());\n\n final var noauth = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/run.invoker\")\n .members(\"allUsers\")\n .build())\n .build());\n\n var noauthIamPolicy = new IamPolicy(\"noauthIamPolicy\", IamPolicyArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .policyData(noauth.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrun:Service\n properties:\n name: cloudrun-srv\n location: us-central1\n template:\n spec:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/hello\n noauthIamPolicy:\n type: gcp:cloudrun:IamPolicy\n name: noauth\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n policyData: ${noauth.policyData}\nvariables:\n noauth:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/run.invoker\n members:\n - allUsers\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloud Run Service Probes\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrun.Service(\"default\", {\n name: \"cloudrun-srv\",\n location: \"us-central1\",\n template: {\n spec: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n startupProbe: {\n initialDelaySeconds: 0,\n timeoutSeconds: 1,\n periodSeconds: 3,\n failureThreshold: 1,\n tcpSocket: {\n port: 8080,\n },\n },\n livenessProbe: {\n httpGet: {\n path: \"/\",\n },\n },\n }],\n },\n },\n traffics: [{\n percent: 100,\n latestRevision: true,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrun.Service(\"default\",\n name=\"cloudrun-srv\",\n location=\"us-central1\",\n template={\n \"spec\": {\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n \"startup_probe\": {\n \"initial_delay_seconds\": 0,\n \"timeout_seconds\": 1,\n \"period_seconds\": 3,\n \"failure_threshold\": 1,\n \"tcp_socket\": {\n \"port\": 8080,\n },\n },\n \"liveness_probe\": {\n \"http_get\": {\n \"path\": \"/\",\n },\n },\n }],\n },\n },\n traffics=[{\n \"percent\": 100,\n \"latest_revision\": True,\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRun.Service(\"default\", new()\n {\n Name = \"cloudrun-srv\",\n Location = \"us-central1\",\n Template = new Gcp.CloudRun.Inputs.ServiceTemplateArgs\n {\n Spec = new Gcp.CloudRun.Inputs.ServiceTemplateSpecArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n StartupProbe = new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerStartupProbeArgs\n {\n InitialDelaySeconds = 0,\n TimeoutSeconds = 1,\n PeriodSeconds = 3,\n FailureThreshold = 1,\n TcpSocket = new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerStartupProbeTcpSocketArgs\n {\n Port = 8080,\n },\n },\n LivenessProbe = new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerLivenessProbeArgs\n {\n HttpGet = new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerLivenessProbeHttpGetArgs\n {\n Path = \"/\",\n },\n },\n },\n },\n },\n },\n Traffics = new[]\n {\n new Gcp.CloudRun.Inputs.ServiceTrafficArgs\n {\n Percent = 100,\n LatestRevision = true,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewService(ctx, \"default\", \u0026cloudrun.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-srv\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTemplate: \u0026cloudrun.ServiceTemplateArgs{\n\t\t\t\tSpec: \u0026cloudrun.ServiceTemplateSpecArgs{\n\t\t\t\t\tContainers: cloudrun.ServiceTemplateSpecContainerArray{\n\t\t\t\t\t\t\u0026cloudrun.ServiceTemplateSpecContainerArgs{\n\t\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t\t\tStartupProbe: \u0026cloudrun.ServiceTemplateSpecContainerStartupProbeArgs{\n\t\t\t\t\t\t\t\tInitialDelaySeconds: pulumi.Int(0),\n\t\t\t\t\t\t\t\tTimeoutSeconds: pulumi.Int(1),\n\t\t\t\t\t\t\t\tPeriodSeconds: pulumi.Int(3),\n\t\t\t\t\t\t\t\tFailureThreshold: pulumi.Int(1),\n\t\t\t\t\t\t\t\tTcpSocket: \u0026cloudrun.ServiceTemplateSpecContainerStartupProbeTcpSocketArgs{\n\t\t\t\t\t\t\t\t\tPort: pulumi.Int(8080),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tLivenessProbe: \u0026cloudrun.ServiceTemplateSpecContainerLivenessProbeArgs{\n\t\t\t\t\t\t\t\tHttpGet: \u0026cloudrun.ServiceTemplateSpecContainerLivenessProbeHttpGetArgs{\n\t\t\t\t\t\t\t\t\tPath: pulumi.String(\"/\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTraffics: cloudrun.ServiceTrafficArray{\n\t\t\t\t\u0026cloudrun.ServiceTrafficArgs{\n\t\t\t\t\tPercent: pulumi.Int(100),\n\t\t\t\t\tLatestRevision: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.Service;\nimport com.pulumi.gcp.cloudrun.ServiceArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTemplateArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTemplateSpecArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTrafficArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-srv\")\n .location(\"us-central1\")\n .template(ServiceTemplateArgs.builder()\n .spec(ServiceTemplateSpecArgs.builder()\n .containers(ServiceTemplateSpecContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .startupProbe(ServiceTemplateSpecContainerStartupProbeArgs.builder()\n .initialDelaySeconds(0)\n .timeoutSeconds(1)\n .periodSeconds(3)\n .failureThreshold(1)\n .tcpSocket(ServiceTemplateSpecContainerStartupProbeTcpSocketArgs.builder()\n .port(8080)\n .build())\n .build())\n .livenessProbe(ServiceTemplateSpecContainerLivenessProbeArgs.builder()\n .httpGet(ServiceTemplateSpecContainerLivenessProbeHttpGetArgs.builder()\n .path(\"/\")\n .build())\n .build())\n .build())\n .build())\n .build())\n .traffics(ServiceTrafficArgs.builder()\n .percent(100)\n .latestRevision(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrun:Service\n properties:\n name: cloudrun-srv\n location: us-central1\n template:\n spec:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/hello\n startupProbe:\n initialDelaySeconds: 0\n timeoutSeconds: 1\n periodSeconds: 3\n failureThreshold: 1\n tcpSocket:\n port: 8080\n livenessProbe:\n httpGet:\n path: /\n traffics:\n - percent: 100\n latestRevision: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloud Run Service Multicontainer\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrun.Service(\"default\", {\n name: \"cloudrun-srv\",\n location: \"us-central1\",\n template: {\n metadata: {\n annotations: {\n \"run.googleapis.com/container-dependencies\": JSON.stringify({\n \"hello-1\": [\"hello-2\"],\n }),\n },\n },\n spec: {\n containers: [\n {\n name: \"hello-1\",\n ports: [{\n containerPort: 8080,\n }],\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n volumeMounts: [{\n name: \"shared-volume\",\n mountPath: \"/mnt/shared\",\n }],\n },\n {\n name: \"hello-2\",\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n envs: [{\n name: \"PORT\",\n value: \"8081\",\n }],\n startupProbe: {\n httpGet: {\n port: 8081,\n },\n },\n volumeMounts: [{\n name: \"shared-volume\",\n mountPath: \"/mnt/shared\",\n }],\n },\n ],\n volumes: [{\n name: \"shared-volume\",\n emptyDir: {\n medium: \"Memory\",\n sizeLimit: \"128Mi\",\n },\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrun.Service(\"default\",\n name=\"cloudrun-srv\",\n location=\"us-central1\",\n template={\n \"metadata\": {\n \"annotations\": {\n \"run.googleapis.com/container-dependencies\": json.dumps({\n \"hello-1\": [\"hello-2\"],\n }),\n },\n },\n \"spec\": {\n \"containers\": [\n {\n \"name\": \"hello-1\",\n \"ports\": [{\n \"container_port\": 8080,\n }],\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n \"volume_mounts\": [{\n \"name\": \"shared-volume\",\n \"mount_path\": \"/mnt/shared\",\n }],\n },\n {\n \"name\": \"hello-2\",\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n \"envs\": [{\n \"name\": \"PORT\",\n \"value\": \"8081\",\n }],\n \"startup_probe\": {\n \"http_get\": {\n \"port\": 8081,\n },\n },\n \"volume_mounts\": [{\n \"name\": \"shared-volume\",\n \"mount_path\": \"/mnt/shared\",\n }],\n },\n ],\n \"volumes\": [{\n \"name\": \"shared-volume\",\n \"empty_dir\": {\n \"medium\": \"Memory\",\n \"size_limit\": \"128Mi\",\n },\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRun.Service(\"default\", new()\n {\n Name = \"cloudrun-srv\",\n Location = \"us-central1\",\n Template = new Gcp.CloudRun.Inputs.ServiceTemplateArgs\n {\n Metadata = new Gcp.CloudRun.Inputs.ServiceTemplateMetadataArgs\n {\n Annotations = \n {\n { \"run.googleapis.com/container-dependencies\", JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"hello-1\"] = new[]\n {\n \"hello-2\",\n },\n }) },\n },\n },\n Spec = new Gcp.CloudRun.Inputs.ServiceTemplateSpecArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerArgs\n {\n Name = \"hello-1\",\n Ports = new[]\n {\n new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerPortArgs\n {\n ContainerPort = 8080,\n },\n },\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n VolumeMounts = new[]\n {\n new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerVolumeMountArgs\n {\n Name = \"shared-volume\",\n MountPath = \"/mnt/shared\",\n },\n },\n },\n new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerArgs\n {\n Name = \"hello-2\",\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n Envs = new[]\n {\n new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerEnvArgs\n {\n Name = \"PORT\",\n Value = \"8081\",\n },\n },\n StartupProbe = new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerStartupProbeArgs\n {\n HttpGet = new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerStartupProbeHttpGetArgs\n {\n Port = 8081,\n },\n },\n VolumeMounts = new[]\n {\n new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerVolumeMountArgs\n {\n Name = \"shared-volume\",\n MountPath = \"/mnt/shared\",\n },\n },\n },\n },\n Volumes = new[]\n {\n new Gcp.CloudRun.Inputs.ServiceTemplateSpecVolumeArgs\n {\n Name = \"shared-volume\",\n EmptyDir = new Gcp.CloudRun.Inputs.ServiceTemplateSpecVolumeEmptyDirArgs\n {\n Medium = \"Memory\",\n SizeLimit = \"128Mi\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"hello-1\": []string{\n\t\t\t\t\"hello-2\",\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = cloudrun.NewService(ctx, \"default\", \u0026cloudrun.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-srv\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTemplate: \u0026cloudrun.ServiceTemplateArgs{\n\t\t\t\tMetadata: \u0026cloudrun.ServiceTemplateMetadataArgs{\n\t\t\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\t\t\"run.googleapis.com/container-dependencies\": pulumi.String(json0),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tSpec: \u0026cloudrun.ServiceTemplateSpecArgs{\n\t\t\t\t\tContainers: cloudrun.ServiceTemplateSpecContainerArray{\n\t\t\t\t\t\t\u0026cloudrun.ServiceTemplateSpecContainerArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"hello-1\"),\n\t\t\t\t\t\t\tPorts: cloudrun.ServiceTemplateSpecContainerPortArray{\n\t\t\t\t\t\t\t\t\u0026cloudrun.ServiceTemplateSpecContainerPortArgs{\n\t\t\t\t\t\t\t\t\tContainerPort: pulumi.Int(8080),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t\t\tVolumeMounts: cloudrun.ServiceTemplateSpecContainerVolumeMountArray{\n\t\t\t\t\t\t\t\t\u0026cloudrun.ServiceTemplateSpecContainerVolumeMountArgs{\n\t\t\t\t\t\t\t\t\tName: pulumi.String(\"shared-volume\"),\n\t\t\t\t\t\t\t\t\tMountPath: pulumi.String(\"/mnt/shared\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026cloudrun.ServiceTemplateSpecContainerArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"hello-2\"),\n\t\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t\t\tEnvs: cloudrun.ServiceTemplateSpecContainerEnvArray{\n\t\t\t\t\t\t\t\t\u0026cloudrun.ServiceTemplateSpecContainerEnvArgs{\n\t\t\t\t\t\t\t\t\tName: pulumi.String(\"PORT\"),\n\t\t\t\t\t\t\t\t\tValue: pulumi.String(\"8081\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tStartupProbe: \u0026cloudrun.ServiceTemplateSpecContainerStartupProbeArgs{\n\t\t\t\t\t\t\t\tHttpGet: \u0026cloudrun.ServiceTemplateSpecContainerStartupProbeHttpGetArgs{\n\t\t\t\t\t\t\t\t\tPort: pulumi.Int(8081),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tVolumeMounts: cloudrun.ServiceTemplateSpecContainerVolumeMountArray{\n\t\t\t\t\t\t\t\t\u0026cloudrun.ServiceTemplateSpecContainerVolumeMountArgs{\n\t\t\t\t\t\t\t\t\tName: pulumi.String(\"shared-volume\"),\n\t\t\t\t\t\t\t\t\tMountPath: pulumi.String(\"/mnt/shared\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVolumes: cloudrun.ServiceTemplateSpecVolumeArray{\n\t\t\t\t\t\t\u0026cloudrun.ServiceTemplateSpecVolumeArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"shared-volume\"),\n\t\t\t\t\t\t\tEmptyDir: \u0026cloudrun.ServiceTemplateSpecVolumeEmptyDirArgs{\n\t\t\t\t\t\t\t\tMedium: pulumi.String(\"Memory\"),\n\t\t\t\t\t\t\t\tSizeLimit: pulumi.String(\"128Mi\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.Service;\nimport com.pulumi.gcp.cloudrun.ServiceArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTemplateArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTemplateMetadataArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTemplateSpecArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-srv\")\n .location(\"us-central1\")\n .template(ServiceTemplateArgs.builder()\n .metadata(ServiceTemplateMetadataArgs.builder()\n .annotations(Map.of(\"run.googleapis.com/container-dependencies\", serializeJson(\n jsonObject(\n jsonProperty(\"hello-1\", jsonArray(\"hello-2\"))\n ))))\n .build())\n .spec(ServiceTemplateSpecArgs.builder()\n .containers( \n ServiceTemplateSpecContainerArgs.builder()\n .name(\"hello-1\")\n .ports(ServiceTemplateSpecContainerPortArgs.builder()\n .containerPort(8080)\n .build())\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .volumeMounts(ServiceTemplateSpecContainerVolumeMountArgs.builder()\n .name(\"shared-volume\")\n .mountPath(\"/mnt/shared\")\n .build())\n .build(),\n ServiceTemplateSpecContainerArgs.builder()\n .name(\"hello-2\")\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .envs(ServiceTemplateSpecContainerEnvArgs.builder()\n .name(\"PORT\")\n .value(\"8081\")\n .build())\n .startupProbe(ServiceTemplateSpecContainerStartupProbeArgs.builder()\n .httpGet(ServiceTemplateSpecContainerStartupProbeHttpGetArgs.builder()\n .port(8081)\n .build())\n .build())\n .volumeMounts(ServiceTemplateSpecContainerVolumeMountArgs.builder()\n .name(\"shared-volume\")\n .mountPath(\"/mnt/shared\")\n .build())\n .build())\n .volumes(ServiceTemplateSpecVolumeArgs.builder()\n .name(\"shared-volume\")\n .emptyDir(ServiceTemplateSpecVolumeEmptyDirArgs.builder()\n .medium(\"Memory\")\n .sizeLimit(\"128Mi\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrun:Service\n properties:\n name: cloudrun-srv\n location: us-central1\n template:\n metadata:\n annotations:\n run.googleapis.com/container-dependencies:\n fn::toJSON:\n hello-1:\n - hello-2\n spec:\n containers:\n - name: hello-1\n ports:\n - containerPort: 8080\n image: us-docker.pkg.dev/cloudrun/container/hello\n volumeMounts:\n - name: shared-volume\n mountPath: /mnt/shared\n - name: hello-2\n image: us-docker.pkg.dev/cloudrun/container/hello\n envs:\n - name: PORT\n value: '8081'\n startupProbe:\n httpGet:\n port: 8081\n volumeMounts:\n - name: shared-volume\n mountPath: /mnt/shared\n volumes:\n - name: shared-volume\n emptyDir:\n medium: Memory\n sizeLimit: 128Mi\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nService can be imported using any of these accepted formats:\n\n* `locations/{{location}}/namespaces/{{project}}/services/{{name}}`\n\n* `{{location}}/{{project}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Service can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:cloudrun/service:Service default locations/{{location}}/namespaces/{{project}}/services/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudrun/service:Service default {{location}}/{{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudrun/service:Service default {{location}}/{{name}}\n```\n\n", + "description": "A Cloud Run service has a unique endpoint and autoscales containers.\n\n\nTo get more information about Service, see:\n\n* [API documentation](https://cloud.google.com/run/docs/reference/rest/v1/namespaces.services)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/run/docs/)\n\n\u003e **Warning:** We recommend using the `gcp.cloudrunv2.Service` resource which offers a better\ndeveloper experience and broader support of Cloud Run features.\n\n## Example Usage\n\n### Cloud Run Service Pubsub\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrun.Service(\"default\", {\n name: \"cloud_run_service_name\",\n location: \"us-central1\",\n template: {\n spec: {\n containers: [{\n image: \"gcr.io/cloudrun/hello\",\n }],\n },\n },\n traffics: [{\n percent: 100,\n latestRevision: true,\n }],\n});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"cloud-run-pubsub-invoker\",\n displayName: \"Cloud Run Pub/Sub Invoker\",\n});\nconst binding = new gcp.cloudrun.IamBinding(\"binding\", {\n location: _default.location,\n service: _default.name,\n role: \"roles/run.invoker\",\n members: [pulumi.interpolate`serviceAccount:${sa.email}`],\n});\nconst project = new gcp.projects.IAMBinding(\"project\", {\n role: \"roles/iam.serviceAccountTokenCreator\",\n members: [pulumi.interpolate`serviceAccount:${sa.email}`],\n});\nconst topic = new gcp.pubsub.Topic(\"topic\", {name: \"pubsub_topic\"});\nconst subscription = new gcp.pubsub.Subscription(\"subscription\", {\n name: \"pubsub_subscription\",\n topic: topic.name,\n pushConfig: {\n pushEndpoint: _default.statuses.apply(statuses =\u003e statuses[0].url),\n oidcToken: {\n serviceAccountEmail: sa.email,\n },\n attributes: {\n \"x-goog-version\": \"v1\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrun.Service(\"default\",\n name=\"cloud_run_service_name\",\n location=\"us-central1\",\n template={\n \"spec\": {\n \"containers\": [{\n \"image\": \"gcr.io/cloudrun/hello\",\n }],\n },\n },\n traffics=[{\n \"percent\": 100,\n \"latest_revision\": True,\n }])\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"cloud-run-pubsub-invoker\",\n display_name=\"Cloud Run Pub/Sub Invoker\")\nbinding = gcp.cloudrun.IamBinding(\"binding\",\n location=default.location,\n service=default.name,\n role=\"roles/run.invoker\",\n members=[sa.email.apply(lambda email: f\"serviceAccount:{email}\")])\nproject = gcp.projects.IAMBinding(\"project\",\n role=\"roles/iam.serviceAccountTokenCreator\",\n members=[sa.email.apply(lambda email: f\"serviceAccount:{email}\")])\ntopic = gcp.pubsub.Topic(\"topic\", name=\"pubsub_topic\")\nsubscription = gcp.pubsub.Subscription(\"subscription\",\n name=\"pubsub_subscription\",\n topic=topic.name,\n push_config={\n \"push_endpoint\": default.statuses[0].url,\n \"oidc_token\": {\n \"service_account_email\": sa.email,\n },\n \"attributes\": {\n \"x-goog-version\": \"v1\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRun.Service(\"default\", new()\n {\n Name = \"cloud_run_service_name\",\n Location = \"us-central1\",\n Template = new Gcp.CloudRun.Inputs.ServiceTemplateArgs\n {\n Spec = new Gcp.CloudRun.Inputs.ServiceTemplateSpecArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerArgs\n {\n Image = \"gcr.io/cloudrun/hello\",\n },\n },\n },\n },\n Traffics = new[]\n {\n new Gcp.CloudRun.Inputs.ServiceTrafficArgs\n {\n Percent = 100,\n LatestRevision = true,\n },\n },\n });\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"cloud-run-pubsub-invoker\",\n DisplayName = \"Cloud Run Pub/Sub Invoker\",\n });\n\n var binding = new Gcp.CloudRun.IamBinding(\"binding\", new()\n {\n Location = @default.Location,\n Service = @default.Name,\n Role = \"roles/run.invoker\",\n Members = new[]\n {\n sa.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n },\n });\n\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Role = \"roles/iam.serviceAccountTokenCreator\",\n Members = new[]\n {\n sa.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n },\n });\n\n var topic = new Gcp.PubSub.Topic(\"topic\", new()\n {\n Name = \"pubsub_topic\",\n });\n\n var subscription = new Gcp.PubSub.Subscription(\"subscription\", new()\n {\n Name = \"pubsub_subscription\",\n Topic = topic.Name,\n PushConfig = new Gcp.PubSub.Inputs.SubscriptionPushConfigArgs\n {\n PushEndpoint = @default.Statuses.Apply(statuses =\u003e statuses[0].Url),\n OidcToken = new Gcp.PubSub.Inputs.SubscriptionPushConfigOidcTokenArgs\n {\n ServiceAccountEmail = sa.Email,\n },\n Attributes = \n {\n { \"x-goog-version\", \"v1\" },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewService(ctx, \"default\", \u0026cloudrun.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloud_run_service_name\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTemplate: \u0026cloudrun.ServiceTemplateArgs{\n\t\t\t\tSpec: \u0026cloudrun.ServiceTemplateSpecArgs{\n\t\t\t\t\tContainers: cloudrun.ServiceTemplateSpecContainerArray{\n\t\t\t\t\t\t\u0026cloudrun.ServiceTemplateSpecContainerArgs{\n\t\t\t\t\t\t\tImage: pulumi.String(\"gcr.io/cloudrun/hello\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTraffics: cloudrun.ServiceTrafficArray{\n\t\t\t\t\u0026cloudrun.ServiceTrafficArgs{\n\t\t\t\t\tPercent: pulumi.Int(100),\n\t\t\t\t\tLatestRevision: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"cloud-run-pubsub-invoker\"),\n\t\t\tDisplayName: pulumi.String(\"Cloud Run Pub/Sub Invoker\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrun.NewIamBinding(ctx, \"binding\", \u0026cloudrun.IamBindingArgs{\n\t\t\tLocation: _default.Location,\n\t\t\tService: _default.Name,\n\t\t\tRole: pulumi.String(\"roles/run.invoker\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tsa.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountTokenCreator\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tsa.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttopic, err := pubsub.NewTopic(ctx, \"topic\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"pubsub_topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscription(ctx, \"subscription\", \u0026pubsub.SubscriptionArgs{\n\t\t\tName: pulumi.String(\"pubsub_subscription\"),\n\t\t\tTopic: topic.Name,\n\t\t\tPushConfig: \u0026pubsub.SubscriptionPushConfigArgs{\n\t\t\t\tPushEndpoint: _default.Statuses.ApplyT(func(statuses []cloudrun.ServiceStatus) (*string, error) {\n\t\t\t\t\treturn \u0026statuses[0].Url, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\tOidcToken: \u0026pubsub.SubscriptionPushConfigOidcTokenArgs{\n\t\t\t\t\tServiceAccountEmail: sa.Email,\n\t\t\t\t},\n\t\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\t\"x-goog-version\": pulumi.String(\"v1\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.Service;\nimport com.pulumi.gcp.cloudrun.ServiceArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTemplateArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTemplateSpecArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTrafficArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.cloudrun.IamBinding;\nimport com.pulumi.gcp.cloudrun.IamBindingArgs;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.pubsub.Subscription;\nimport com.pulumi.gcp.pubsub.SubscriptionArgs;\nimport com.pulumi.gcp.pubsub.inputs.SubscriptionPushConfigArgs;\nimport com.pulumi.gcp.pubsub.inputs.SubscriptionPushConfigOidcTokenArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloud_run_service_name\")\n .location(\"us-central1\")\n .template(ServiceTemplateArgs.builder()\n .spec(ServiceTemplateSpecArgs.builder()\n .containers(ServiceTemplateSpecContainerArgs.builder()\n .image(\"gcr.io/cloudrun/hello\")\n .build())\n .build())\n .build())\n .traffics(ServiceTrafficArgs.builder()\n .percent(100)\n .latestRevision(true)\n .build())\n .build());\n\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"cloud-run-pubsub-invoker\")\n .displayName(\"Cloud Run Pub/Sub Invoker\")\n .build());\n\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder()\n .location(default_.location())\n .service(default_.name())\n .role(\"roles/run.invoker\")\n .members(sa.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder()\n .role(\"roles/iam.serviceAccountTokenCreator\")\n .members(sa.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n var topic = new Topic(\"topic\", TopicArgs.builder()\n .name(\"pubsub_topic\")\n .build());\n\n var subscription = new Subscription(\"subscription\", SubscriptionArgs.builder()\n .name(\"pubsub_subscription\")\n .topic(topic.name())\n .pushConfig(SubscriptionPushConfigArgs.builder()\n .pushEndpoint(default_.statuses().applyValue(statuses -\u003e statuses[0].url()))\n .oidcToken(SubscriptionPushConfigOidcTokenArgs.builder()\n .serviceAccountEmail(sa.email())\n .build())\n .attributes(Map.of(\"x-goog-version\", \"v1\"))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrun:Service\n properties:\n name: cloud_run_service_name\n location: us-central1\n template:\n spec:\n containers:\n - image: gcr.io/cloudrun/hello\n traffics:\n - percent: 100\n latestRevision: true\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: cloud-run-pubsub-invoker\n displayName: Cloud Run Pub/Sub Invoker\n binding:\n type: gcp:cloudrun:IamBinding\n properties:\n location: ${default.location}\n service: ${default.name}\n role: roles/run.invoker\n members:\n - serviceAccount:${sa.email}\n project:\n type: gcp:projects:IAMBinding\n properties:\n role: roles/iam.serviceAccountTokenCreator\n members:\n - serviceAccount:${sa.email}\n topic:\n type: gcp:pubsub:Topic\n properties:\n name: pubsub_topic\n subscription:\n type: gcp:pubsub:Subscription\n properties:\n name: pubsub_subscription\n topic: ${topic.name}\n pushConfig:\n pushEndpoint: ${default.statuses[0].url}\n oidcToken:\n serviceAccountEmail: ${sa.email}\n attributes:\n x-goog-version: v1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Cloud Run Service Basic\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrun.Service(\"default\", {\n name: \"cloudrun-srv\",\n location: \"us-central1\",\n template: {\n spec: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n },\n },\n traffics: [{\n percent: 100,\n latestRevision: true,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrun.Service(\"default\",\n name=\"cloudrun-srv\",\n location=\"us-central1\",\n template={\n \"spec\": {\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n },\n },\n traffics=[{\n \"percent\": 100,\n \"latest_revision\": True,\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRun.Service(\"default\", new()\n {\n Name = \"cloudrun-srv\",\n Location = \"us-central1\",\n Template = new Gcp.CloudRun.Inputs.ServiceTemplateArgs\n {\n Spec = new Gcp.CloudRun.Inputs.ServiceTemplateSpecArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n },\n },\n },\n },\n Traffics = new[]\n {\n new Gcp.CloudRun.Inputs.ServiceTrafficArgs\n {\n Percent = 100,\n LatestRevision = true,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewService(ctx, \"default\", \u0026cloudrun.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-srv\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTemplate: \u0026cloudrun.ServiceTemplateArgs{\n\t\t\t\tSpec: \u0026cloudrun.ServiceTemplateSpecArgs{\n\t\t\t\t\tContainers: cloudrun.ServiceTemplateSpecContainerArray{\n\t\t\t\t\t\t\u0026cloudrun.ServiceTemplateSpecContainerArgs{\n\t\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTraffics: cloudrun.ServiceTrafficArray{\n\t\t\t\t\u0026cloudrun.ServiceTrafficArgs{\n\t\t\t\t\tPercent: pulumi.Int(100),\n\t\t\t\t\tLatestRevision: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.Service;\nimport com.pulumi.gcp.cloudrun.ServiceArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTemplateArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTemplateSpecArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTrafficArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-srv\")\n .location(\"us-central1\")\n .template(ServiceTemplateArgs.builder()\n .spec(ServiceTemplateSpecArgs.builder()\n .containers(ServiceTemplateSpecContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .build())\n .build())\n .build())\n .traffics(ServiceTrafficArgs.builder()\n .percent(100)\n .latestRevision(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrun:Service\n properties:\n name: cloudrun-srv\n location: us-central1\n template:\n spec:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/hello\n traffics:\n - percent: 100\n latestRevision: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloud Run Service Gpu\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrun.Service(\"default\", {\n name: \"cloudrun-srv\",\n location: \"us-central1\",\n metadata: {\n annotations: {\n \"run.googleapis.com/launch-stage\": \"BETA\",\n },\n },\n template: {\n metadata: {\n annotations: {\n \"autoscaling.knative.dev/maxScale\": \"1\",\n \"run.googleapis.com/cpu-throttling\": \"false\",\n },\n },\n spec: {\n containers: [{\n image: \"gcr.io/cloudrun/hello\",\n resources: {\n limits: {\n cpu: \"4\",\n memory: \"16Gi\",\n \"nvidia.com/gpu\": \"1\",\n },\n },\n }],\n nodeSelector: {\n \"run.googleapis.com/accelerator\": \"nvidia-l4\",\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrun.Service(\"default\",\n name=\"cloudrun-srv\",\n location=\"us-central1\",\n metadata={\n \"annotations\": {\n \"run.googleapis.com/launch-stage\": \"BETA\",\n },\n },\n template={\n \"metadata\": {\n \"annotations\": {\n \"autoscaling.knative.dev/maxScale\": \"1\",\n \"run.googleapis.com/cpu-throttling\": \"false\",\n },\n },\n \"spec\": {\n \"containers\": [{\n \"image\": \"gcr.io/cloudrun/hello\",\n \"resources\": {\n \"limits\": {\n \"cpu\": \"4\",\n \"memory\": \"16Gi\",\n \"nvidia.com/gpu\": \"1\",\n },\n },\n }],\n \"node_selector\": {\n \"run.googleapis.com/accelerator\": \"nvidia-l4\",\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRun.Service(\"default\", new()\n {\n Name = \"cloudrun-srv\",\n Location = \"us-central1\",\n Metadata = new Gcp.CloudRun.Inputs.ServiceMetadataArgs\n {\n Annotations = \n {\n { \"run.googleapis.com/launch-stage\", \"BETA\" },\n },\n },\n Template = new Gcp.CloudRun.Inputs.ServiceTemplateArgs\n {\n Metadata = new Gcp.CloudRun.Inputs.ServiceTemplateMetadataArgs\n {\n Annotations = \n {\n { \"autoscaling.knative.dev/maxScale\", \"1\" },\n { \"run.googleapis.com/cpu-throttling\", \"false\" },\n },\n },\n Spec = new Gcp.CloudRun.Inputs.ServiceTemplateSpecArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerArgs\n {\n Image = \"gcr.io/cloudrun/hello\",\n Resources = new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerResourcesArgs\n {\n Limits = \n {\n { \"cpu\", \"4\" },\n { \"memory\", \"16Gi\" },\n { \"nvidia.com/gpu\", \"1\" },\n },\n },\n },\n },\n NodeSelector = \n {\n { \"run.googleapis.com/accelerator\", \"nvidia-l4\" },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewService(ctx, \"default\", \u0026cloudrun.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-srv\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tMetadata: \u0026cloudrun.ServiceMetadataArgs{\n\t\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\t\"run.googleapis.com/launch-stage\": pulumi.String(\"BETA\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTemplate: \u0026cloudrun.ServiceTemplateArgs{\n\t\t\t\tMetadata: \u0026cloudrun.ServiceTemplateMetadataArgs{\n\t\t\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\t\t\"autoscaling.knative.dev/maxScale\": pulumi.String(\"1\"),\n\t\t\t\t\t\t\"run.googleapis.com/cpu-throttling\": pulumi.String(\"false\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tSpec: \u0026cloudrun.ServiceTemplateSpecArgs{\n\t\t\t\t\tContainers: cloudrun.ServiceTemplateSpecContainerArray{\n\t\t\t\t\t\t\u0026cloudrun.ServiceTemplateSpecContainerArgs{\n\t\t\t\t\t\t\tImage: pulumi.String(\"gcr.io/cloudrun/hello\"),\n\t\t\t\t\t\t\tResources: \u0026cloudrun.ServiceTemplateSpecContainerResourcesArgs{\n\t\t\t\t\t\t\t\tLimits: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\t\"cpu\": pulumi.String(\"4\"),\n\t\t\t\t\t\t\t\t\t\"memory\": pulumi.String(\"16Gi\"),\n\t\t\t\t\t\t\t\t\t\"nvidia.com/gpu\": pulumi.String(\"1\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tNodeSelector: pulumi.StringMap{\n\t\t\t\t\t\t\"run.googleapis.com/accelerator\": pulumi.String(\"nvidia-l4\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.Service;\nimport com.pulumi.gcp.cloudrun.ServiceArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceMetadataArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTemplateArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTemplateMetadataArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTemplateSpecArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-srv\")\n .location(\"us-central1\")\n .metadata(ServiceMetadataArgs.builder()\n .annotations(Map.of(\"run.googleapis.com/launch-stage\", \"BETA\"))\n .build())\n .template(ServiceTemplateArgs.builder()\n .metadata(ServiceTemplateMetadataArgs.builder()\n .annotations(Map.ofEntries(\n Map.entry(\"autoscaling.knative.dev/maxScale\", \"1\"),\n Map.entry(\"run.googleapis.com/cpu-throttling\", \"false\")\n ))\n .build())\n .spec(ServiceTemplateSpecArgs.builder()\n .containers(ServiceTemplateSpecContainerArgs.builder()\n .image(\"gcr.io/cloudrun/hello\")\n .resources(ServiceTemplateSpecContainerResourcesArgs.builder()\n .limits(Map.ofEntries(\n Map.entry(\"cpu\", \"4\"),\n Map.entry(\"memory\", \"16Gi\"),\n Map.entry(\"nvidia.com/gpu\", \"1\")\n ))\n .build())\n .build())\n .nodeSelector(Map.of(\"run.googleapis.com/accelerator\", \"nvidia-l4\"))\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrun:Service\n properties:\n name: cloudrun-srv\n location: us-central1\n metadata:\n annotations:\n run.googleapis.com/launch-stage: BETA\n template:\n metadata:\n annotations:\n autoscaling.knative.dev/maxScale: '1'\n run.googleapis.com/cpu-throttling: 'false'\n spec:\n containers:\n - image: gcr.io/cloudrun/hello\n resources:\n limits:\n cpu: '4'\n memory: 16Gi\n nvidia.com/gpu: '1'\n nodeSelector:\n run.googleapis.com/accelerator: nvidia-l4\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloud Run Service Sql\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.sql.DatabaseInstance(\"instance\", {\n name: \"cloudrun-sql\",\n region: \"us-east1\",\n databaseVersion: \"MYSQL_5_7\",\n settings: {\n tier: \"db-f1-micro\",\n },\n deletionProtection: true,\n});\nconst _default = new gcp.cloudrun.Service(\"default\", {\n name: \"cloudrun-srv\",\n location: \"us-central1\",\n template: {\n spec: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n },\n metadata: {\n annotations: {\n \"autoscaling.knative.dev/maxScale\": \"1000\",\n \"run.googleapis.com/cloudsql-instances\": instance.connectionName,\n \"run.googleapis.com/client-name\": \"demo\",\n },\n },\n },\n autogenerateRevisionName: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.sql.DatabaseInstance(\"instance\",\n name=\"cloudrun-sql\",\n region=\"us-east1\",\n database_version=\"MYSQL_5_7\",\n settings={\n \"tier\": \"db-f1-micro\",\n },\n deletion_protection=True)\ndefault = gcp.cloudrun.Service(\"default\",\n name=\"cloudrun-srv\",\n location=\"us-central1\",\n template={\n \"spec\": {\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n },\n \"metadata\": {\n \"annotations\": {\n \"autoscaling.knative.dev/maxScale\": \"1000\",\n \"run.googleapis.com/cloudsql-instances\": instance.connection_name,\n \"run.googleapis.com/client-name\": \"demo\",\n },\n },\n },\n autogenerate_revision_name=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Sql.DatabaseInstance(\"instance\", new()\n {\n Name = \"cloudrun-sql\",\n Region = \"us-east1\",\n DatabaseVersion = \"MYSQL_5_7\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n },\n DeletionProtection = true,\n });\n\n var @default = new Gcp.CloudRun.Service(\"default\", new()\n {\n Name = \"cloudrun-srv\",\n Location = \"us-central1\",\n Template = new Gcp.CloudRun.Inputs.ServiceTemplateArgs\n {\n Spec = new Gcp.CloudRun.Inputs.ServiceTemplateSpecArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n },\n },\n },\n Metadata = new Gcp.CloudRun.Inputs.ServiceTemplateMetadataArgs\n {\n Annotations = \n {\n { \"autoscaling.knative.dev/maxScale\", \"1000\" },\n { \"run.googleapis.com/cloudsql-instances\", instance.ConnectionName },\n { \"run.googleapis.com/client-name\", \"demo\" },\n },\n },\n },\n AutogenerateRevisionName = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinstance, err := sql.NewDatabaseInstance(ctx, \"instance\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-sql\"),\n\t\t\tRegion: pulumi.String(\"us-east1\"),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_5_7\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrun.NewService(ctx, \"default\", \u0026cloudrun.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-srv\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTemplate: \u0026cloudrun.ServiceTemplateArgs{\n\t\t\t\tSpec: \u0026cloudrun.ServiceTemplateSpecArgs{\n\t\t\t\t\tContainers: cloudrun.ServiceTemplateSpecContainerArray{\n\t\t\t\t\t\t\u0026cloudrun.ServiceTemplateSpecContainerArgs{\n\t\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tMetadata: \u0026cloudrun.ServiceTemplateMetadataArgs{\n\t\t\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\t\t\"autoscaling.knative.dev/maxScale\": pulumi.String(\"1000\"),\n\t\t\t\t\t\t\"run.googleapis.com/cloudsql-instances\": instance.ConnectionName,\n\t\t\t\t\t\t\"run.googleapis.com/client-name\": pulumi.String(\"demo\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAutogenerateRevisionName: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.cloudrun.Service;\nimport com.pulumi.gcp.cloudrun.ServiceArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTemplateArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTemplateSpecArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTemplateMetadataArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new DatabaseInstance(\"instance\", DatabaseInstanceArgs.builder()\n .name(\"cloudrun-sql\")\n .region(\"us-east1\")\n .databaseVersion(\"MYSQL_5_7\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .build())\n .deletionProtection(true)\n .build());\n\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-srv\")\n .location(\"us-central1\")\n .template(ServiceTemplateArgs.builder()\n .spec(ServiceTemplateSpecArgs.builder()\n .containers(ServiceTemplateSpecContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .build())\n .build())\n .metadata(ServiceTemplateMetadataArgs.builder()\n .annotations(Map.ofEntries(\n Map.entry(\"autoscaling.knative.dev/maxScale\", \"1000\"),\n Map.entry(\"run.googleapis.com/cloudsql-instances\", instance.connectionName()),\n Map.entry(\"run.googleapis.com/client-name\", \"demo\")\n ))\n .build())\n .build())\n .autogenerateRevisionName(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrun:Service\n properties:\n name: cloudrun-srv\n location: us-central1\n template:\n spec:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/hello\n metadata:\n annotations:\n autoscaling.knative.dev/maxScale: '1000'\n run.googleapis.com/cloudsql-instances: ${instance.connectionName}\n run.googleapis.com/client-name: demo\n autogenerateRevisionName: true\n instance:\n type: gcp:sql:DatabaseInstance\n properties:\n name: cloudrun-sql\n region: us-east1\n databaseVersion: MYSQL_5_7\n settings:\n tier: db-f1-micro\n deletionProtection: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloud Run Service Noauth\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrun.Service(\"default\", {\n name: \"cloudrun-srv\",\n location: \"us-central1\",\n template: {\n spec: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n },\n },\n});\nconst noauth = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/run.invoker\",\n members: [\"allUsers\"],\n }],\n});\nconst noauthIamPolicy = new gcp.cloudrun.IamPolicy(\"noauth\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n policyData: noauth.then(noauth =\u003e noauth.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrun.Service(\"default\",\n name=\"cloudrun-srv\",\n location=\"us-central1\",\n template={\n \"spec\": {\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n },\n })\nnoauth = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/run.invoker\",\n \"members\": [\"allUsers\"],\n}])\nnoauth_iam_policy = gcp.cloudrun.IamPolicy(\"noauth\",\n location=default.location,\n project=default.project,\n service=default.name,\n policy_data=noauth.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRun.Service(\"default\", new()\n {\n Name = \"cloudrun-srv\",\n Location = \"us-central1\",\n Template = new Gcp.CloudRun.Inputs.ServiceTemplateArgs\n {\n Spec = new Gcp.CloudRun.Inputs.ServiceTemplateSpecArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n },\n },\n },\n },\n });\n\n var noauth = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/run.invoker\",\n Members = new[]\n {\n \"allUsers\",\n },\n },\n },\n });\n\n var noauthIamPolicy = new Gcp.CloudRun.IamPolicy(\"noauth\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n PolicyData = noauth.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewService(ctx, \"default\", \u0026cloudrun.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-srv\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTemplate: \u0026cloudrun.ServiceTemplateArgs{\n\t\t\t\tSpec: \u0026cloudrun.ServiceTemplateSpecArgs{\n\t\t\t\t\tContainers: cloudrun.ServiceTemplateSpecContainerArray{\n\t\t\t\t\t\t\u0026cloudrun.ServiceTemplateSpecContainerArgs{\n\t\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnoauth, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/run.invoker\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"allUsers\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrun.NewIamPolicy(ctx, \"noauth\", \u0026cloudrun.IamPolicyArgs{\n\t\t\tLocation: _default.Location,\n\t\t\tProject: _default.Project,\n\t\t\tService: _default.Name,\n\t\t\tPolicyData: pulumi.String(noauth.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.Service;\nimport com.pulumi.gcp.cloudrun.ServiceArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTemplateArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTemplateSpecArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrun.IamPolicy;\nimport com.pulumi.gcp.cloudrun.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-srv\")\n .location(\"us-central1\")\n .template(ServiceTemplateArgs.builder()\n .spec(ServiceTemplateSpecArgs.builder()\n .containers(ServiceTemplateSpecContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .build())\n .build())\n .build())\n .build());\n\n final var noauth = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/run.invoker\")\n .members(\"allUsers\")\n .build())\n .build());\n\n var noauthIamPolicy = new IamPolicy(\"noauthIamPolicy\", IamPolicyArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .policyData(noauth.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrun:Service\n properties:\n name: cloudrun-srv\n location: us-central1\n template:\n spec:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/hello\n noauthIamPolicy:\n type: gcp:cloudrun:IamPolicy\n name: noauth\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n policyData: ${noauth.policyData}\nvariables:\n noauth:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/run.invoker\n members:\n - allUsers\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloud Run Service Probes\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrun.Service(\"default\", {\n name: \"cloudrun-srv\",\n location: \"us-central1\",\n template: {\n spec: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n startupProbe: {\n initialDelaySeconds: 0,\n timeoutSeconds: 1,\n periodSeconds: 3,\n failureThreshold: 1,\n tcpSocket: {\n port: 8080,\n },\n },\n livenessProbe: {\n httpGet: {\n path: \"/\",\n },\n },\n }],\n },\n },\n traffics: [{\n percent: 100,\n latestRevision: true,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrun.Service(\"default\",\n name=\"cloudrun-srv\",\n location=\"us-central1\",\n template={\n \"spec\": {\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n \"startup_probe\": {\n \"initial_delay_seconds\": 0,\n \"timeout_seconds\": 1,\n \"period_seconds\": 3,\n \"failure_threshold\": 1,\n \"tcp_socket\": {\n \"port\": 8080,\n },\n },\n \"liveness_probe\": {\n \"http_get\": {\n \"path\": \"/\",\n },\n },\n }],\n },\n },\n traffics=[{\n \"percent\": 100,\n \"latest_revision\": True,\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRun.Service(\"default\", new()\n {\n Name = \"cloudrun-srv\",\n Location = \"us-central1\",\n Template = new Gcp.CloudRun.Inputs.ServiceTemplateArgs\n {\n Spec = new Gcp.CloudRun.Inputs.ServiceTemplateSpecArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n StartupProbe = new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerStartupProbeArgs\n {\n InitialDelaySeconds = 0,\n TimeoutSeconds = 1,\n PeriodSeconds = 3,\n FailureThreshold = 1,\n TcpSocket = new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerStartupProbeTcpSocketArgs\n {\n Port = 8080,\n },\n },\n LivenessProbe = new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerLivenessProbeArgs\n {\n HttpGet = new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerLivenessProbeHttpGetArgs\n {\n Path = \"/\",\n },\n },\n },\n },\n },\n },\n Traffics = new[]\n {\n new Gcp.CloudRun.Inputs.ServiceTrafficArgs\n {\n Percent = 100,\n LatestRevision = true,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewService(ctx, \"default\", \u0026cloudrun.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-srv\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTemplate: \u0026cloudrun.ServiceTemplateArgs{\n\t\t\t\tSpec: \u0026cloudrun.ServiceTemplateSpecArgs{\n\t\t\t\t\tContainers: cloudrun.ServiceTemplateSpecContainerArray{\n\t\t\t\t\t\t\u0026cloudrun.ServiceTemplateSpecContainerArgs{\n\t\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t\t\tStartupProbe: \u0026cloudrun.ServiceTemplateSpecContainerStartupProbeArgs{\n\t\t\t\t\t\t\t\tInitialDelaySeconds: pulumi.Int(0),\n\t\t\t\t\t\t\t\tTimeoutSeconds: pulumi.Int(1),\n\t\t\t\t\t\t\t\tPeriodSeconds: pulumi.Int(3),\n\t\t\t\t\t\t\t\tFailureThreshold: pulumi.Int(1),\n\t\t\t\t\t\t\t\tTcpSocket: \u0026cloudrun.ServiceTemplateSpecContainerStartupProbeTcpSocketArgs{\n\t\t\t\t\t\t\t\t\tPort: pulumi.Int(8080),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tLivenessProbe: \u0026cloudrun.ServiceTemplateSpecContainerLivenessProbeArgs{\n\t\t\t\t\t\t\t\tHttpGet: \u0026cloudrun.ServiceTemplateSpecContainerLivenessProbeHttpGetArgs{\n\t\t\t\t\t\t\t\t\tPath: pulumi.String(\"/\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTraffics: cloudrun.ServiceTrafficArray{\n\t\t\t\t\u0026cloudrun.ServiceTrafficArgs{\n\t\t\t\t\tPercent: pulumi.Int(100),\n\t\t\t\t\tLatestRevision: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.Service;\nimport com.pulumi.gcp.cloudrun.ServiceArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTemplateArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTemplateSpecArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTrafficArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-srv\")\n .location(\"us-central1\")\n .template(ServiceTemplateArgs.builder()\n .spec(ServiceTemplateSpecArgs.builder()\n .containers(ServiceTemplateSpecContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .startupProbe(ServiceTemplateSpecContainerStartupProbeArgs.builder()\n .initialDelaySeconds(0)\n .timeoutSeconds(1)\n .periodSeconds(3)\n .failureThreshold(1)\n .tcpSocket(ServiceTemplateSpecContainerStartupProbeTcpSocketArgs.builder()\n .port(8080)\n .build())\n .build())\n .livenessProbe(ServiceTemplateSpecContainerLivenessProbeArgs.builder()\n .httpGet(ServiceTemplateSpecContainerLivenessProbeHttpGetArgs.builder()\n .path(\"/\")\n .build())\n .build())\n .build())\n .build())\n .build())\n .traffics(ServiceTrafficArgs.builder()\n .percent(100)\n .latestRevision(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrun:Service\n properties:\n name: cloudrun-srv\n location: us-central1\n template:\n spec:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/hello\n startupProbe:\n initialDelaySeconds: 0\n timeoutSeconds: 1\n periodSeconds: 3\n failureThreshold: 1\n tcpSocket:\n port: 8080\n livenessProbe:\n httpGet:\n path: /\n traffics:\n - percent: 100\n latestRevision: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloud Run Service Multicontainer\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrun.Service(\"default\", {\n name: \"cloudrun-srv\",\n location: \"us-central1\",\n template: {\n metadata: {\n annotations: {\n \"run.googleapis.com/container-dependencies\": JSON.stringify({\n \"hello-1\": [\"hello-2\"],\n }),\n },\n },\n spec: {\n containers: [\n {\n name: \"hello-1\",\n ports: [{\n containerPort: 8080,\n }],\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n volumeMounts: [{\n name: \"shared-volume\",\n mountPath: \"/mnt/shared\",\n }],\n },\n {\n name: \"hello-2\",\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n envs: [{\n name: \"PORT\",\n value: \"8081\",\n }],\n startupProbe: {\n httpGet: {\n port: 8081,\n },\n },\n volumeMounts: [{\n name: \"shared-volume\",\n mountPath: \"/mnt/shared\",\n }],\n },\n ],\n volumes: [{\n name: \"shared-volume\",\n emptyDir: {\n medium: \"Memory\",\n sizeLimit: \"128Mi\",\n },\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrun.Service(\"default\",\n name=\"cloudrun-srv\",\n location=\"us-central1\",\n template={\n \"metadata\": {\n \"annotations\": {\n \"run.googleapis.com/container-dependencies\": json.dumps({\n \"hello-1\": [\"hello-2\"],\n }),\n },\n },\n \"spec\": {\n \"containers\": [\n {\n \"name\": \"hello-1\",\n \"ports\": [{\n \"container_port\": 8080,\n }],\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n \"volume_mounts\": [{\n \"name\": \"shared-volume\",\n \"mount_path\": \"/mnt/shared\",\n }],\n },\n {\n \"name\": \"hello-2\",\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n \"envs\": [{\n \"name\": \"PORT\",\n \"value\": \"8081\",\n }],\n \"startup_probe\": {\n \"http_get\": {\n \"port\": 8081,\n },\n },\n \"volume_mounts\": [{\n \"name\": \"shared-volume\",\n \"mount_path\": \"/mnt/shared\",\n }],\n },\n ],\n \"volumes\": [{\n \"name\": \"shared-volume\",\n \"empty_dir\": {\n \"medium\": \"Memory\",\n \"size_limit\": \"128Mi\",\n },\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRun.Service(\"default\", new()\n {\n Name = \"cloudrun-srv\",\n Location = \"us-central1\",\n Template = new Gcp.CloudRun.Inputs.ServiceTemplateArgs\n {\n Metadata = new Gcp.CloudRun.Inputs.ServiceTemplateMetadataArgs\n {\n Annotations = \n {\n { \"run.googleapis.com/container-dependencies\", JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"hello-1\"] = new[]\n {\n \"hello-2\",\n },\n }) },\n },\n },\n Spec = new Gcp.CloudRun.Inputs.ServiceTemplateSpecArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerArgs\n {\n Name = \"hello-1\",\n Ports = new[]\n {\n new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerPortArgs\n {\n ContainerPort = 8080,\n },\n },\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n VolumeMounts = new[]\n {\n new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerVolumeMountArgs\n {\n Name = \"shared-volume\",\n MountPath = \"/mnt/shared\",\n },\n },\n },\n new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerArgs\n {\n Name = \"hello-2\",\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n Envs = new[]\n {\n new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerEnvArgs\n {\n Name = \"PORT\",\n Value = \"8081\",\n },\n },\n StartupProbe = new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerStartupProbeArgs\n {\n HttpGet = new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerStartupProbeHttpGetArgs\n {\n Port = 8081,\n },\n },\n VolumeMounts = new[]\n {\n new Gcp.CloudRun.Inputs.ServiceTemplateSpecContainerVolumeMountArgs\n {\n Name = \"shared-volume\",\n MountPath = \"/mnt/shared\",\n },\n },\n },\n },\n Volumes = new[]\n {\n new Gcp.CloudRun.Inputs.ServiceTemplateSpecVolumeArgs\n {\n Name = \"shared-volume\",\n EmptyDir = new Gcp.CloudRun.Inputs.ServiceTemplateSpecVolumeEmptyDirArgs\n {\n Medium = \"Memory\",\n SizeLimit = \"128Mi\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"hello-1\": []string{\n\t\t\t\t\"hello-2\",\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = cloudrun.NewService(ctx, \"default\", \u0026cloudrun.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-srv\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTemplate: \u0026cloudrun.ServiceTemplateArgs{\n\t\t\t\tMetadata: \u0026cloudrun.ServiceTemplateMetadataArgs{\n\t\t\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\t\t\"run.googleapis.com/container-dependencies\": pulumi.String(json0),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tSpec: \u0026cloudrun.ServiceTemplateSpecArgs{\n\t\t\t\t\tContainers: cloudrun.ServiceTemplateSpecContainerArray{\n\t\t\t\t\t\t\u0026cloudrun.ServiceTemplateSpecContainerArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"hello-1\"),\n\t\t\t\t\t\t\tPorts: cloudrun.ServiceTemplateSpecContainerPortArray{\n\t\t\t\t\t\t\t\t\u0026cloudrun.ServiceTemplateSpecContainerPortArgs{\n\t\t\t\t\t\t\t\t\tContainerPort: pulumi.Int(8080),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t\t\tVolumeMounts: cloudrun.ServiceTemplateSpecContainerVolumeMountArray{\n\t\t\t\t\t\t\t\t\u0026cloudrun.ServiceTemplateSpecContainerVolumeMountArgs{\n\t\t\t\t\t\t\t\t\tName: pulumi.String(\"shared-volume\"),\n\t\t\t\t\t\t\t\t\tMountPath: pulumi.String(\"/mnt/shared\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026cloudrun.ServiceTemplateSpecContainerArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"hello-2\"),\n\t\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t\t\tEnvs: cloudrun.ServiceTemplateSpecContainerEnvArray{\n\t\t\t\t\t\t\t\t\u0026cloudrun.ServiceTemplateSpecContainerEnvArgs{\n\t\t\t\t\t\t\t\t\tName: pulumi.String(\"PORT\"),\n\t\t\t\t\t\t\t\t\tValue: pulumi.String(\"8081\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tStartupProbe: \u0026cloudrun.ServiceTemplateSpecContainerStartupProbeArgs{\n\t\t\t\t\t\t\t\tHttpGet: \u0026cloudrun.ServiceTemplateSpecContainerStartupProbeHttpGetArgs{\n\t\t\t\t\t\t\t\t\tPort: pulumi.Int(8081),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tVolumeMounts: cloudrun.ServiceTemplateSpecContainerVolumeMountArray{\n\t\t\t\t\t\t\t\t\u0026cloudrun.ServiceTemplateSpecContainerVolumeMountArgs{\n\t\t\t\t\t\t\t\t\tName: pulumi.String(\"shared-volume\"),\n\t\t\t\t\t\t\t\t\tMountPath: pulumi.String(\"/mnt/shared\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVolumes: cloudrun.ServiceTemplateSpecVolumeArray{\n\t\t\t\t\t\t\u0026cloudrun.ServiceTemplateSpecVolumeArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"shared-volume\"),\n\t\t\t\t\t\t\tEmptyDir: \u0026cloudrun.ServiceTemplateSpecVolumeEmptyDirArgs{\n\t\t\t\t\t\t\t\tMedium: pulumi.String(\"Memory\"),\n\t\t\t\t\t\t\t\tSizeLimit: pulumi.String(\"128Mi\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.Service;\nimport com.pulumi.gcp.cloudrun.ServiceArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTemplateArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTemplateMetadataArgs;\nimport com.pulumi.gcp.cloudrun.inputs.ServiceTemplateSpecArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-srv\")\n .location(\"us-central1\")\n .template(ServiceTemplateArgs.builder()\n .metadata(ServiceTemplateMetadataArgs.builder()\n .annotations(Map.of(\"run.googleapis.com/container-dependencies\", serializeJson(\n jsonObject(\n jsonProperty(\"hello-1\", jsonArray(\"hello-2\"))\n ))))\n .build())\n .spec(ServiceTemplateSpecArgs.builder()\n .containers( \n ServiceTemplateSpecContainerArgs.builder()\n .name(\"hello-1\")\n .ports(ServiceTemplateSpecContainerPortArgs.builder()\n .containerPort(8080)\n .build())\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .volumeMounts(ServiceTemplateSpecContainerVolumeMountArgs.builder()\n .name(\"shared-volume\")\n .mountPath(\"/mnt/shared\")\n .build())\n .build(),\n ServiceTemplateSpecContainerArgs.builder()\n .name(\"hello-2\")\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .envs(ServiceTemplateSpecContainerEnvArgs.builder()\n .name(\"PORT\")\n .value(\"8081\")\n .build())\n .startupProbe(ServiceTemplateSpecContainerStartupProbeArgs.builder()\n .httpGet(ServiceTemplateSpecContainerStartupProbeHttpGetArgs.builder()\n .port(8081)\n .build())\n .build())\n .volumeMounts(ServiceTemplateSpecContainerVolumeMountArgs.builder()\n .name(\"shared-volume\")\n .mountPath(\"/mnt/shared\")\n .build())\n .build())\n .volumes(ServiceTemplateSpecVolumeArgs.builder()\n .name(\"shared-volume\")\n .emptyDir(ServiceTemplateSpecVolumeEmptyDirArgs.builder()\n .medium(\"Memory\")\n .sizeLimit(\"128Mi\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrun:Service\n properties:\n name: cloudrun-srv\n location: us-central1\n template:\n metadata:\n annotations:\n run.googleapis.com/container-dependencies:\n fn::toJSON:\n hello-1:\n - hello-2\n spec:\n containers:\n - name: hello-1\n ports:\n - containerPort: 8080\n image: us-docker.pkg.dev/cloudrun/container/hello\n volumeMounts:\n - name: shared-volume\n mountPath: /mnt/shared\n - name: hello-2\n image: us-docker.pkg.dev/cloudrun/container/hello\n envs:\n - name: PORT\n value: '8081'\n startupProbe:\n httpGet:\n port: 8081\n volumeMounts:\n - name: shared-volume\n mountPath: /mnt/shared\n volumes:\n - name: shared-volume\n emptyDir:\n medium: Memory\n sizeLimit: 128Mi\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nService can be imported using any of these accepted formats:\n\n* `locations/{{location}}/namespaces/{{project}}/services/{{name}}`\n\n* `{{location}}/{{project}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Service can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:cloudrun/service:Service default locations/{{location}}/namespaces/{{project}}/services/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudrun/service:Service default {{location}}/{{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudrun/service:Service default {{location}}/{{name}}\n```\n\n", "properties": { "autogenerateRevisionName": { "type": "boolean", @@ -155999,7 +155999,7 @@ } }, "gcp:cloudrunv2/job:Job": { - "description": "A Cloud Run Job resource that references a container image which is run to completion.\n\n\nTo get more information about Job, see:\n\n* [API documentation](https://cloud.google.com/run/docs/reference/rest/v2/projects.locations.jobs)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/run/docs/)\n\n## Example Usage\n\n### Cloudrunv2 Job Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrunv2.Job(\"default\", {\n name: \"cloudrun-job\",\n location: \"us-central1\",\n deletionProtection: false,\n template: {\n template: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/job\",\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrunv2.Job(\"default\",\n name=\"cloudrun-job\",\n location=\"us-central1\",\n deletion_protection=False,\n template={\n \"template\": {\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/job\",\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRunV2.Job(\"default\", new()\n {\n Name = \"cloudrun-job\",\n Location = \"us-central1\",\n DeletionProtection = false,\n Template = new Gcp.CloudRunV2.Inputs.JobTemplateArgs\n {\n Template = new Gcp.CloudRunV2.Inputs.JobTemplateTemplateArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/job\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJob(ctx, \"default\", \u0026cloudrunv2.JobArgs{\n\t\t\tName: pulumi.String(\"cloudrun-job\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tTemplate: \u0026cloudrunv2.JobTemplateArgs{\n\t\t\t\tTemplate: \u0026cloudrunv2.JobTemplateTemplateArgs{\n\t\t\t\t\tContainers: cloudrunv2.JobTemplateTemplateContainerArray{\n\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateContainerArgs{\n\t\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/job\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.Job;\nimport com.pulumi.gcp.cloudrunv2.JobArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Job(\"default\", JobArgs.builder()\n .name(\"cloudrun-job\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .template(JobTemplateArgs.builder()\n .template(JobTemplateTemplateArgs.builder()\n .containers(JobTemplateTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/job\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Job\n properties:\n name: cloudrun-job\n location: us-central1\n deletionProtection: false\n template:\n template:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/job\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Job Limits\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrunv2.Job(\"default\", {\n name: \"cloudrun-job\",\n location: \"us-central1\",\n deletionProtection: false,\n template: {\n template: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/job\",\n resources: {\n limits: {\n cpu: \"2\",\n memory: \"1024Mi\",\n },\n },\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrunv2.Job(\"default\",\n name=\"cloudrun-job\",\n location=\"us-central1\",\n deletion_protection=False,\n template={\n \"template\": {\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/job\",\n \"resources\": {\n \"limits\": {\n \"cpu\": \"2\",\n \"memory\": \"1024Mi\",\n },\n },\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRunV2.Job(\"default\", new()\n {\n Name = \"cloudrun-job\",\n Location = \"us-central1\",\n DeletionProtection = false,\n Template = new Gcp.CloudRunV2.Inputs.JobTemplateArgs\n {\n Template = new Gcp.CloudRunV2.Inputs.JobTemplateTemplateArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/job\",\n Resources = new Gcp.CloudRunV2.Inputs.JobTemplateTemplateContainerResourcesArgs\n {\n Limits = \n {\n { \"cpu\", \"2\" },\n { \"memory\", \"1024Mi\" },\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJob(ctx, \"default\", \u0026cloudrunv2.JobArgs{\n\t\t\tName: pulumi.String(\"cloudrun-job\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tTemplate: \u0026cloudrunv2.JobTemplateArgs{\n\t\t\t\tTemplate: \u0026cloudrunv2.JobTemplateTemplateArgs{\n\t\t\t\t\tContainers: cloudrunv2.JobTemplateTemplateContainerArray{\n\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateContainerArgs{\n\t\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/job\"),\n\t\t\t\t\t\t\tResources: \u0026cloudrunv2.JobTemplateTemplateContainerResourcesArgs{\n\t\t\t\t\t\t\t\tLimits: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\t\"cpu\": pulumi.String(\"2\"),\n\t\t\t\t\t\t\t\t\t\"memory\": pulumi.String(\"1024Mi\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.Job;\nimport com.pulumi.gcp.cloudrunv2.JobArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Job(\"default\", JobArgs.builder()\n .name(\"cloudrun-job\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .template(JobTemplateArgs.builder()\n .template(JobTemplateTemplateArgs.builder()\n .containers(JobTemplateTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/job\")\n .resources(JobTemplateTemplateContainerResourcesArgs.builder()\n .limits(Map.ofEntries(\n Map.entry(\"cpu\", \"2\"),\n Map.entry(\"memory\", \"1024Mi\")\n ))\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Job\n properties:\n name: cloudrun-job\n location: us-central1\n deletionProtection: false\n template:\n template:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/job\n resources:\n limits:\n cpu: '2'\n memory: 1024Mi\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Job Sql\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secret = new gcp.secretmanager.Secret(\"secret\", {\n secretId: \"secret\",\n replication: {\n auto: {},\n },\n});\nconst instance = new gcp.sql.DatabaseInstance(\"instance\", {\n name: \"cloudrun-sql\",\n region: \"us-central1\",\n databaseVersion: \"MYSQL_5_7\",\n settings: {\n tier: \"db-f1-micro\",\n },\n deletionProtection: true,\n});\nconst _default = new gcp.cloudrunv2.Job(\"default\", {\n name: \"cloudrun-job\",\n location: \"us-central1\",\n deletionProtection: false,\n template: {\n template: {\n volumes: [{\n name: \"cloudsql\",\n cloudSqlInstance: {\n instances: [instance.connectionName],\n },\n }],\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/job\",\n envs: [\n {\n name: \"FOO\",\n value: \"bar\",\n },\n {\n name: \"latestdclsecret\",\n valueSource: {\n secretKeyRef: {\n secret: secret.secretId,\n version: \"1\",\n },\n },\n },\n ],\n volumeMounts: [{\n name: \"cloudsql\",\n mountPath: \"/cloudsql\",\n }],\n }],\n },\n },\n});\nconst project = gcp.organizations.getProject({});\nconst secret_version_data = new gcp.secretmanager.SecretVersion(\"secret-version-data\", {\n secret: secret.name,\n secretData: \"secret-data\",\n});\nconst secret_access = new gcp.secretmanager.SecretIamMember(\"secret-access\", {\n secretId: secret.id,\n role: \"roles/secretmanager.secretAccessor\",\n member: project.then(project =\u003e `serviceAccount:${project.number}-compute@developer.gserviceaccount.com`),\n}, {\n dependsOn: [secret],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret = gcp.secretmanager.Secret(\"secret\",\n secret_id=\"secret\",\n replication={\n \"auto\": {},\n })\ninstance = gcp.sql.DatabaseInstance(\"instance\",\n name=\"cloudrun-sql\",\n region=\"us-central1\",\n database_version=\"MYSQL_5_7\",\n settings={\n \"tier\": \"db-f1-micro\",\n },\n deletion_protection=True)\ndefault = gcp.cloudrunv2.Job(\"default\",\n name=\"cloudrun-job\",\n location=\"us-central1\",\n deletion_protection=False,\n template={\n \"template\": {\n \"volumes\": [{\n \"name\": \"cloudsql\",\n \"cloud_sql_instance\": {\n \"instances\": [instance.connection_name],\n },\n }],\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/job\",\n \"envs\": [\n {\n \"name\": \"FOO\",\n \"value\": \"bar\",\n },\n {\n \"name\": \"latestdclsecret\",\n \"value_source\": {\n \"secret_key_ref\": {\n \"secret\": secret.secret_id,\n \"version\": \"1\",\n },\n },\n },\n ],\n \"volume_mounts\": [{\n \"name\": \"cloudsql\",\n \"mount_path\": \"/cloudsql\",\n }],\n }],\n },\n })\nproject = gcp.organizations.get_project()\nsecret_version_data = gcp.secretmanager.SecretVersion(\"secret-version-data\",\n secret=secret.name,\n secret_data=\"secret-data\")\nsecret_access = gcp.secretmanager.SecretIamMember(\"secret-access\",\n secret_id=secret.id,\n role=\"roles/secretmanager.secretAccessor\",\n member=f\"serviceAccount:{project.number}-compute@developer.gserviceaccount.com\",\n opts = pulumi.ResourceOptions(depends_on=[secret]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret = new Gcp.SecretManager.Secret(\"secret\", new()\n {\n SecretId = \"secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var instance = new Gcp.Sql.DatabaseInstance(\"instance\", new()\n {\n Name = \"cloudrun-sql\",\n Region = \"us-central1\",\n DatabaseVersion = \"MYSQL_5_7\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n },\n DeletionProtection = true,\n });\n\n var @default = new Gcp.CloudRunV2.Job(\"default\", new()\n {\n Name = \"cloudrun-job\",\n Location = \"us-central1\",\n DeletionProtection = false,\n Template = new Gcp.CloudRunV2.Inputs.JobTemplateArgs\n {\n Template = new Gcp.CloudRunV2.Inputs.JobTemplateTemplateArgs\n {\n Volumes = new[]\n {\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateVolumeArgs\n {\n Name = \"cloudsql\",\n CloudSqlInstance = new Gcp.CloudRunV2.Inputs.JobTemplateTemplateVolumeCloudSqlInstanceArgs\n {\n Instances = new[]\n {\n instance.ConnectionName,\n },\n },\n },\n },\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/job\",\n Envs = new[]\n {\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateContainerEnvArgs\n {\n Name = \"FOO\",\n Value = \"bar\",\n },\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateContainerEnvArgs\n {\n Name = \"latestdclsecret\",\n ValueSource = new Gcp.CloudRunV2.Inputs.JobTemplateTemplateContainerEnvValueSourceArgs\n {\n SecretKeyRef = new Gcp.CloudRunV2.Inputs.JobTemplateTemplateContainerEnvValueSourceSecretKeyRefArgs\n {\n Secret = secret.SecretId,\n Version = \"1\",\n },\n },\n },\n },\n VolumeMounts = new[]\n {\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateContainerVolumeMountArgs\n {\n Name = \"cloudsql\",\n MountPath = \"/cloudsql\",\n },\n },\n },\n },\n },\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var secret_version_data = new Gcp.SecretManager.SecretVersion(\"secret-version-data\", new()\n {\n Secret = secret.Name,\n SecretData = \"secret-data\",\n });\n\n var secret_access = new Gcp.SecretManager.SecretIamMember(\"secret-access\", new()\n {\n SecretId = secret.Id,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = $\"serviceAccount:{project.Apply(getProjectResult =\u003e getProjectResult.Number)}-compute@developer.gserviceaccount.com\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n secret,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsecret, err := secretmanager.NewSecret(ctx, \"secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstance, err := sql.NewDatabaseInstance(ctx, \"instance\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-sql\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_5_7\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewJob(ctx, \"default\", \u0026cloudrunv2.JobArgs{\n\t\t\tName: pulumi.String(\"cloudrun-job\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tTemplate: \u0026cloudrunv2.JobTemplateArgs{\n\t\t\t\tTemplate: \u0026cloudrunv2.JobTemplateTemplateArgs{\n\t\t\t\t\tVolumes: cloudrunv2.JobTemplateTemplateVolumeArray{\n\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateVolumeArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"cloudsql\"),\n\t\t\t\t\t\t\tCloudSqlInstance: \u0026cloudrunv2.JobTemplateTemplateVolumeCloudSqlInstanceArgs{\n\t\t\t\t\t\t\t\tInstances: pulumi.StringArray{\n\t\t\t\t\t\t\t\t\tinstance.ConnectionName,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tContainers: cloudrunv2.JobTemplateTemplateContainerArray{\n\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateContainerArgs{\n\t\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/job\"),\n\t\t\t\t\t\t\tEnvs: cloudrunv2.JobTemplateTemplateContainerEnvArray{\n\t\t\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateContainerEnvArgs{\n\t\t\t\t\t\t\t\t\tName: pulumi.String(\"FOO\"),\n\t\t\t\t\t\t\t\t\tValue: pulumi.String(\"bar\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateContainerEnvArgs{\n\t\t\t\t\t\t\t\t\tName: pulumi.String(\"latestdclsecret\"),\n\t\t\t\t\t\t\t\t\tValueSource: \u0026cloudrunv2.JobTemplateTemplateContainerEnvValueSourceArgs{\n\t\t\t\t\t\t\t\t\t\tSecretKeyRef: \u0026cloudrunv2.JobTemplateTemplateContainerEnvValueSourceSecretKeyRefArgs{\n\t\t\t\t\t\t\t\t\t\t\tSecret: secret.SecretId,\n\t\t\t\t\t\t\t\t\t\t\tVersion: pulumi.String(\"1\"),\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tVolumeMounts: cloudrunv2.JobTemplateTemplateContainerVolumeMountArray{\n\t\t\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateContainerVolumeMountArgs{\n\t\t\t\t\t\t\t\t\tName: pulumi.String(\"cloudsql\"),\n\t\t\t\t\t\t\t\t\tMountPath: pulumi.String(\"/cloudsql\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"secret-version-data\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: secret.Name,\n\t\t\tSecretData: pulumi.String(\"secret-data\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamMember(ctx, \"secret-access\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tSecretId: secret.ID(),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v-compute@developer.gserviceaccount.com\", project.Number),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsecret,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.cloudrunv2.Job;\nimport com.pulumi.gcp.cloudrunv2.JobArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateTemplateArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret = new Secret(\"secret\", SecretArgs.builder()\n .secretId(\"secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var instance = new DatabaseInstance(\"instance\", DatabaseInstanceArgs.builder()\n .name(\"cloudrun-sql\")\n .region(\"us-central1\")\n .databaseVersion(\"MYSQL_5_7\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .build())\n .deletionProtection(true)\n .build());\n\n var default_ = new Job(\"default\", JobArgs.builder()\n .name(\"cloudrun-job\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .template(JobTemplateArgs.builder()\n .template(JobTemplateTemplateArgs.builder()\n .volumes(JobTemplateTemplateVolumeArgs.builder()\n .name(\"cloudsql\")\n .cloudSqlInstance(JobTemplateTemplateVolumeCloudSqlInstanceArgs.builder()\n .instances(instance.connectionName())\n .build())\n .build())\n .containers(JobTemplateTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/job\")\n .envs( \n JobTemplateTemplateContainerEnvArgs.builder()\n .name(\"FOO\")\n .value(\"bar\")\n .build(),\n JobTemplateTemplateContainerEnvArgs.builder()\n .name(\"latestdclsecret\")\n .valueSource(JobTemplateTemplateContainerEnvValueSourceArgs.builder()\n .secretKeyRef(JobTemplateTemplateContainerEnvValueSourceSecretKeyRefArgs.builder()\n .secret(secret.secretId())\n .version(\"1\")\n .build())\n .build())\n .build())\n .volumeMounts(JobTemplateTemplateContainerVolumeMountArgs.builder()\n .name(\"cloudsql\")\n .mountPath(\"/cloudsql\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var secret_version_data = new SecretVersion(\"secret-version-data\", SecretVersionArgs.builder()\n .secret(secret.name())\n .secretData(\"secret-data\")\n .build());\n\n var secret_access = new SecretIamMember(\"secret-access\", SecretIamMemberArgs.builder()\n .secretId(secret.id())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(String.format(\"serviceAccount:%s-compute@developer.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build(), CustomResourceOptions.builder()\n .dependsOn(secret)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Job\n properties:\n name: cloudrun-job\n location: us-central1\n deletionProtection: false\n template:\n template:\n volumes:\n - name: cloudsql\n cloudSqlInstance:\n instances:\n - ${instance.connectionName}\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/job\n envs:\n - name: FOO\n value: bar\n - name: latestdclsecret\n valueSource:\n secretKeyRef:\n secret: ${secret.secretId}\n version: '1'\n volumeMounts:\n - name: cloudsql\n mountPath: /cloudsql\n secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: secret\n replication:\n auto: {}\n secret-version-data:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${secret.name}\n secretData: secret-data\n secret-access:\n type: gcp:secretmanager:SecretIamMember\n properties:\n secretId: ${secret.id}\n role: roles/secretmanager.secretAccessor\n member: serviceAccount:${project.number}-compute@developer.gserviceaccount.com\n options:\n dependson:\n - ${secret}\n instance:\n type: gcp:sql:DatabaseInstance\n properties:\n name: cloudrun-sql\n region: us-central1\n databaseVersion: MYSQL_5_7\n settings:\n tier: db-f1-micro\n deletionProtection: true\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Job Vpcaccess\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst customTestNetwork = new gcp.compute.Network(\"custom_test\", {\n name: \"run-network\",\n autoCreateSubnetworks: false,\n});\nconst customTest = new gcp.compute.Subnetwork(\"custom_test\", {\n name: \"run-subnetwork\",\n ipCidrRange: \"10.2.0.0/28\",\n region: \"us-central1\",\n network: customTestNetwork.id,\n});\nconst connector = new gcp.vpcaccess.Connector(\"connector\", {\n name: \"run-vpc\",\n subnet: {\n name: customTest.name,\n },\n machineType: \"e2-standard-4\",\n minInstances: 2,\n maxInstances: 3,\n region: \"us-central1\",\n});\nconst _default = new gcp.cloudrunv2.Job(\"default\", {\n name: \"cloudrun-job\",\n location: \"us-central1\",\n deletionProtection: false,\n template: {\n template: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/job\",\n }],\n vpcAccess: {\n connector: connector.id,\n egress: \"ALL_TRAFFIC\",\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncustom_test_network = gcp.compute.Network(\"custom_test\",\n name=\"run-network\",\n auto_create_subnetworks=False)\ncustom_test = gcp.compute.Subnetwork(\"custom_test\",\n name=\"run-subnetwork\",\n ip_cidr_range=\"10.2.0.0/28\",\n region=\"us-central1\",\n network=custom_test_network.id)\nconnector = gcp.vpcaccess.Connector(\"connector\",\n name=\"run-vpc\",\n subnet={\n \"name\": custom_test.name,\n },\n machine_type=\"e2-standard-4\",\n min_instances=2,\n max_instances=3,\n region=\"us-central1\")\ndefault = gcp.cloudrunv2.Job(\"default\",\n name=\"cloudrun-job\",\n location=\"us-central1\",\n deletion_protection=False,\n template={\n \"template\": {\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/job\",\n }],\n \"vpc_access\": {\n \"connector\": connector.id,\n \"egress\": \"ALL_TRAFFIC\",\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var customTestNetwork = new Gcp.Compute.Network(\"custom_test\", new()\n {\n Name = \"run-network\",\n AutoCreateSubnetworks = false,\n });\n\n var customTest = new Gcp.Compute.Subnetwork(\"custom_test\", new()\n {\n Name = \"run-subnetwork\",\n IpCidrRange = \"10.2.0.0/28\",\n Region = \"us-central1\",\n Network = customTestNetwork.Id,\n });\n\n var connector = new Gcp.VpcAccess.Connector(\"connector\", new()\n {\n Name = \"run-vpc\",\n Subnet = new Gcp.VpcAccess.Inputs.ConnectorSubnetArgs\n {\n Name = customTest.Name,\n },\n MachineType = \"e2-standard-4\",\n MinInstances = 2,\n MaxInstances = 3,\n Region = \"us-central1\",\n });\n\n var @default = new Gcp.CloudRunV2.Job(\"default\", new()\n {\n Name = \"cloudrun-job\",\n Location = \"us-central1\",\n DeletionProtection = false,\n Template = new Gcp.CloudRunV2.Inputs.JobTemplateArgs\n {\n Template = new Gcp.CloudRunV2.Inputs.JobTemplateTemplateArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/job\",\n },\n },\n VpcAccess = new Gcp.CloudRunV2.Inputs.JobTemplateTemplateVpcAccessArgs\n {\n Connector = connector.Id,\n Egress = \"ALL_TRAFFIC\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vpcaccess\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcustomTestNetwork, err := compute.NewNetwork(ctx, \"custom_test\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"run-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcustomTest, err := compute.NewSubnetwork(ctx, \"custom_test\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"run-subnetwork\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.2.0.0/28\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: customTestNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tconnector, err := vpcaccess.NewConnector(ctx, \"connector\", \u0026vpcaccess.ConnectorArgs{\n\t\t\tName: pulumi.String(\"run-vpc\"),\n\t\t\tSubnet: \u0026vpcaccess.ConnectorSubnetArgs{\n\t\t\t\tName: customTest.Name,\n\t\t\t},\n\t\t\tMachineType: pulumi.String(\"e2-standard-4\"),\n\t\t\tMinInstances: pulumi.Int(2),\n\t\t\tMaxInstances: pulumi.Int(3),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewJob(ctx, \"default\", \u0026cloudrunv2.JobArgs{\n\t\t\tName: pulumi.String(\"cloudrun-job\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tTemplate: \u0026cloudrunv2.JobTemplateArgs{\n\t\t\t\tTemplate: \u0026cloudrunv2.JobTemplateTemplateArgs{\n\t\t\t\t\tContainers: cloudrunv2.JobTemplateTemplateContainerArray{\n\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateContainerArgs{\n\t\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/job\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVpcAccess: \u0026cloudrunv2.JobTemplateTemplateVpcAccessArgs{\n\t\t\t\t\t\tConnector: connector.ID(),\n\t\t\t\t\t\tEgress: pulumi.String(\"ALL_TRAFFIC\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.vpcaccess.Connector;\nimport com.pulumi.gcp.vpcaccess.ConnectorArgs;\nimport com.pulumi.gcp.vpcaccess.inputs.ConnectorSubnetArgs;\nimport com.pulumi.gcp.cloudrunv2.Job;\nimport com.pulumi.gcp.cloudrunv2.JobArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateTemplateArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateTemplateVpcAccessArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var customTestNetwork = new Network(\"customTestNetwork\", NetworkArgs.builder()\n .name(\"run-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var customTest = new Subnetwork(\"customTest\", SubnetworkArgs.builder()\n .name(\"run-subnetwork\")\n .ipCidrRange(\"10.2.0.0/28\")\n .region(\"us-central1\")\n .network(customTestNetwork.id())\n .build());\n\n var connector = new Connector(\"connector\", ConnectorArgs.builder()\n .name(\"run-vpc\")\n .subnet(ConnectorSubnetArgs.builder()\n .name(customTest.name())\n .build())\n .machineType(\"e2-standard-4\")\n .minInstances(2)\n .maxInstances(3)\n .region(\"us-central1\")\n .build());\n\n var default_ = new Job(\"default\", JobArgs.builder()\n .name(\"cloudrun-job\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .template(JobTemplateArgs.builder()\n .template(JobTemplateTemplateArgs.builder()\n .containers(JobTemplateTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/job\")\n .build())\n .vpcAccess(JobTemplateTemplateVpcAccessArgs.builder()\n .connector(connector.id())\n .egress(\"ALL_TRAFFIC\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Job\n properties:\n name: cloudrun-job\n location: us-central1\n deletionProtection: false\n template:\n template:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/job\n vpcAccess:\n connector: ${connector.id}\n egress: ALL_TRAFFIC\n connector:\n type: gcp:vpcaccess:Connector\n properties:\n name: run-vpc\n subnet:\n name: ${customTest.name}\n machineType: e2-standard-4\n minInstances: 2\n maxInstances: 3\n region: us-central1\n customTest:\n type: gcp:compute:Subnetwork\n name: custom_test\n properties:\n name: run-subnetwork\n ipCidrRange: 10.2.0.0/28\n region: us-central1\n network: ${customTestNetwork.id}\n customTestNetwork:\n type: gcp:compute:Network\n name: custom_test\n properties:\n name: run-network\n autoCreateSubnetworks: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Job Directvpc\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrunv2.Job(\"default\", {\n name: \"cloudrun-job\",\n location: \"us-central1\",\n deletionProtection: false,\n launchStage: \"GA\",\n template: {\n template: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/job\",\n }],\n vpcAccess: {\n networkInterfaces: [{\n network: \"default\",\n subnetwork: \"default\",\n tags: [\n \"tag1\",\n \"tag2\",\n \"tag3\",\n ],\n }],\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrunv2.Job(\"default\",\n name=\"cloudrun-job\",\n location=\"us-central1\",\n deletion_protection=False,\n launch_stage=\"GA\",\n template={\n \"template\": {\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/job\",\n }],\n \"vpc_access\": {\n \"network_interfaces\": [{\n \"network\": \"default\",\n \"subnetwork\": \"default\",\n \"tags\": [\n \"tag1\",\n \"tag2\",\n \"tag3\",\n ],\n }],\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRunV2.Job(\"default\", new()\n {\n Name = \"cloudrun-job\",\n Location = \"us-central1\",\n DeletionProtection = false,\n LaunchStage = \"GA\",\n Template = new Gcp.CloudRunV2.Inputs.JobTemplateArgs\n {\n Template = new Gcp.CloudRunV2.Inputs.JobTemplateTemplateArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/job\",\n },\n },\n VpcAccess = new Gcp.CloudRunV2.Inputs.JobTemplateTemplateVpcAccessArgs\n {\n NetworkInterfaces = new[]\n {\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateVpcAccessNetworkInterfaceArgs\n {\n Network = \"default\",\n Subnetwork = \"default\",\n Tags = new[]\n {\n \"tag1\",\n \"tag2\",\n \"tag3\",\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJob(ctx, \"default\", \u0026cloudrunv2.JobArgs{\n\t\t\tName: pulumi.String(\"cloudrun-job\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tLaunchStage: pulumi.String(\"GA\"),\n\t\t\tTemplate: \u0026cloudrunv2.JobTemplateArgs{\n\t\t\t\tTemplate: \u0026cloudrunv2.JobTemplateTemplateArgs{\n\t\t\t\t\tContainers: cloudrunv2.JobTemplateTemplateContainerArray{\n\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateContainerArgs{\n\t\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/job\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVpcAccess: \u0026cloudrunv2.JobTemplateTemplateVpcAccessArgs{\n\t\t\t\t\t\tNetworkInterfaces: cloudrunv2.JobTemplateTemplateVpcAccessNetworkInterfaceArray{\n\t\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateVpcAccessNetworkInterfaceArgs{\n\t\t\t\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t\t\t\t\tSubnetwork: pulumi.String(\"default\"),\n\t\t\t\t\t\t\t\tTags: pulumi.StringArray{\n\t\t\t\t\t\t\t\t\tpulumi.String(\"tag1\"),\n\t\t\t\t\t\t\t\t\tpulumi.String(\"tag2\"),\n\t\t\t\t\t\t\t\t\tpulumi.String(\"tag3\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.Job;\nimport com.pulumi.gcp.cloudrunv2.JobArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateTemplateArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateTemplateVpcAccessArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Job(\"default\", JobArgs.builder()\n .name(\"cloudrun-job\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .launchStage(\"GA\")\n .template(JobTemplateArgs.builder()\n .template(JobTemplateTemplateArgs.builder()\n .containers(JobTemplateTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/job\")\n .build())\n .vpcAccess(JobTemplateTemplateVpcAccessArgs.builder()\n .networkInterfaces(JobTemplateTemplateVpcAccessNetworkInterfaceArgs.builder()\n .network(\"default\")\n .subnetwork(\"default\")\n .tags( \n \"tag1\",\n \"tag2\",\n \"tag3\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Job\n properties:\n name: cloudrun-job\n location: us-central1\n deletionProtection: false\n launchStage: GA\n template:\n template:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/job\n vpcAccess:\n networkInterfaces:\n - network: default\n subnetwork: default\n tags:\n - tag1\n - tag2\n - tag3\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Job Secret\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secret = new gcp.secretmanager.Secret(\"secret\", {\n secretId: \"secret\",\n replication: {\n auto: {},\n },\n});\nconst secret_version_data = new gcp.secretmanager.SecretVersion(\"secret-version-data\", {\n secret: secret.name,\n secretData: \"secret-data\",\n});\nconst project = gcp.organizations.getProject({});\nconst secret_access = new gcp.secretmanager.SecretIamMember(\"secret-access\", {\n secretId: secret.id,\n role: \"roles/secretmanager.secretAccessor\",\n member: project.then(project =\u003e `serviceAccount:${project.number}-compute@developer.gserviceaccount.com`),\n}, {\n dependsOn: [secret],\n});\nconst _default = new gcp.cloudrunv2.Job(\"default\", {\n name: \"cloudrun-job\",\n location: \"us-central1\",\n deletionProtection: false,\n template: {\n template: {\n volumes: [{\n name: \"a-volume\",\n secret: {\n secret: secret.secretId,\n defaultMode: 292,\n items: [{\n version: \"1\",\n path: \"my-secret\",\n mode: 256,\n }],\n },\n }],\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/job\",\n volumeMounts: [{\n name: \"a-volume\",\n mountPath: \"/secrets\",\n }],\n }],\n },\n },\n}, {\n dependsOn: [\n secret_version_data,\n secret_access,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret = gcp.secretmanager.Secret(\"secret\",\n secret_id=\"secret\",\n replication={\n \"auto\": {},\n })\nsecret_version_data = gcp.secretmanager.SecretVersion(\"secret-version-data\",\n secret=secret.name,\n secret_data=\"secret-data\")\nproject = gcp.organizations.get_project()\nsecret_access = gcp.secretmanager.SecretIamMember(\"secret-access\",\n secret_id=secret.id,\n role=\"roles/secretmanager.secretAccessor\",\n member=f\"serviceAccount:{project.number}-compute@developer.gserviceaccount.com\",\n opts = pulumi.ResourceOptions(depends_on=[secret]))\ndefault = gcp.cloudrunv2.Job(\"default\",\n name=\"cloudrun-job\",\n location=\"us-central1\",\n deletion_protection=False,\n template={\n \"template\": {\n \"volumes\": [{\n \"name\": \"a-volume\",\n \"secret\": {\n \"secret\": secret.secret_id,\n \"default_mode\": 292,\n \"items\": [{\n \"version\": \"1\",\n \"path\": \"my-secret\",\n \"mode\": 256,\n }],\n },\n }],\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/job\",\n \"volume_mounts\": [{\n \"name\": \"a-volume\",\n \"mount_path\": \"/secrets\",\n }],\n }],\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[\n secret_version_data,\n secret_access,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret = new Gcp.SecretManager.Secret(\"secret\", new()\n {\n SecretId = \"secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var secret_version_data = new Gcp.SecretManager.SecretVersion(\"secret-version-data\", new()\n {\n Secret = secret.Name,\n SecretData = \"secret-data\",\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var secret_access = new Gcp.SecretManager.SecretIamMember(\"secret-access\", new()\n {\n SecretId = secret.Id,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = $\"serviceAccount:{project.Apply(getProjectResult =\u003e getProjectResult.Number)}-compute@developer.gserviceaccount.com\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n secret,\n },\n });\n\n var @default = new Gcp.CloudRunV2.Job(\"default\", new()\n {\n Name = \"cloudrun-job\",\n Location = \"us-central1\",\n DeletionProtection = false,\n Template = new Gcp.CloudRunV2.Inputs.JobTemplateArgs\n {\n Template = new Gcp.CloudRunV2.Inputs.JobTemplateTemplateArgs\n {\n Volumes = new[]\n {\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateVolumeArgs\n {\n Name = \"a-volume\",\n Secret = new Gcp.CloudRunV2.Inputs.JobTemplateTemplateVolumeSecretArgs\n {\n Secret = secret.SecretId,\n DefaultMode = 292,\n Items = new[]\n {\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateVolumeSecretItemArgs\n {\n Version = \"1\",\n Path = \"my-secret\",\n Mode = 256,\n },\n },\n },\n },\n },\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/job\",\n VolumeMounts = new[]\n {\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateContainerVolumeMountArgs\n {\n Name = \"a-volume\",\n MountPath = \"/secrets\",\n },\n },\n },\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n secret_version_data,\n secret_access,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsecret, err := secretmanager.NewSecret(ctx, \"secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"secret-version-data\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: secret.Name,\n\t\t\tSecretData: pulumi.String(\"secret-data\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamMember(ctx, \"secret-access\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tSecretId: secret.ID(),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v-compute@developer.gserviceaccount.com\", project.Number),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsecret,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewJob(ctx, \"default\", \u0026cloudrunv2.JobArgs{\n\t\t\tName: pulumi.String(\"cloudrun-job\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tTemplate: \u0026cloudrunv2.JobTemplateArgs{\n\t\t\t\tTemplate: \u0026cloudrunv2.JobTemplateTemplateArgs{\n\t\t\t\t\tVolumes: cloudrunv2.JobTemplateTemplateVolumeArray{\n\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateVolumeArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"a-volume\"),\n\t\t\t\t\t\t\tSecret: \u0026cloudrunv2.JobTemplateTemplateVolumeSecretArgs{\n\t\t\t\t\t\t\t\tSecret: secret.SecretId,\n\t\t\t\t\t\t\t\tDefaultMode: pulumi.Int(292),\n\t\t\t\t\t\t\t\tItems: cloudrunv2.JobTemplateTemplateVolumeSecretItemArray{\n\t\t\t\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateVolumeSecretItemArgs{\n\t\t\t\t\t\t\t\t\t\tVersion: pulumi.String(\"1\"),\n\t\t\t\t\t\t\t\t\t\tPath: pulumi.String(\"my-secret\"),\n\t\t\t\t\t\t\t\t\t\tMode: pulumi.Int(256),\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tContainers: cloudrunv2.JobTemplateTemplateContainerArray{\n\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateContainerArgs{\n\t\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/job\"),\n\t\t\t\t\t\t\tVolumeMounts: cloudrunv2.JobTemplateTemplateContainerVolumeMountArray{\n\t\t\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateContainerVolumeMountArgs{\n\t\t\t\t\t\t\t\t\tName: pulumi.String(\"a-volume\"),\n\t\t\t\t\t\t\t\t\tMountPath: pulumi.String(\"/secrets\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsecret_version_data,\n\t\t\tsecret_access,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.cloudrunv2.Job;\nimport com.pulumi.gcp.cloudrunv2.JobArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateTemplateArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret = new Secret(\"secret\", SecretArgs.builder()\n .secretId(\"secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var secret_version_data = new SecretVersion(\"secret-version-data\", SecretVersionArgs.builder()\n .secret(secret.name())\n .secretData(\"secret-data\")\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var secret_access = new SecretIamMember(\"secret-access\", SecretIamMemberArgs.builder()\n .secretId(secret.id())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(String.format(\"serviceAccount:%s-compute@developer.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build(), CustomResourceOptions.builder()\n .dependsOn(secret)\n .build());\n\n var default_ = new Job(\"default\", JobArgs.builder()\n .name(\"cloudrun-job\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .template(JobTemplateArgs.builder()\n .template(JobTemplateTemplateArgs.builder()\n .volumes(JobTemplateTemplateVolumeArgs.builder()\n .name(\"a-volume\")\n .secret(JobTemplateTemplateVolumeSecretArgs.builder()\n .secret(secret.secretId())\n .defaultMode(292)\n .items(JobTemplateTemplateVolumeSecretItemArgs.builder()\n .version(\"1\")\n .path(\"my-secret\")\n .mode(256)\n .build())\n .build())\n .build())\n .containers(JobTemplateTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/job\")\n .volumeMounts(JobTemplateTemplateContainerVolumeMountArgs.builder()\n .name(\"a-volume\")\n .mountPath(\"/secrets\")\n .build())\n .build())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n secret_version_data,\n secret_access)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Job\n properties:\n name: cloudrun-job\n location: us-central1\n deletionProtection: false\n template:\n template:\n volumes:\n - name: a-volume\n secret:\n secret: ${secret.secretId}\n defaultMode: 292\n items:\n - version: '1'\n path: my-secret\n mode: 256\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/job\n volumeMounts:\n - name: a-volume\n mountPath: /secrets\n options:\n dependson:\n - ${[\"secret-version-data\"]}\n - ${[\"secret-access\"]}\n secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: secret\n replication:\n auto: {}\n secret-version-data:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${secret.name}\n secretData: secret-data\n secret-access:\n type: gcp:secretmanager:SecretIamMember\n properties:\n secretId: ${secret.id}\n role: roles/secretmanager.secretAccessor\n member: serviceAccount:${project.number}-compute@developer.gserviceaccount.com\n options:\n dependson:\n - ${secret}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Job Emptydir\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrunv2.Job(\"default\", {\n name: \"cloudrun-job\",\n location: \"us-central1\",\n deletionProtection: false,\n template: {\n template: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/job\",\n volumeMounts: [{\n name: \"empty-dir-volume\",\n mountPath: \"/mnt\",\n }],\n }],\n volumes: [{\n name: \"empty-dir-volume\",\n emptyDir: {\n medium: \"MEMORY\",\n sizeLimit: \"128Mi\",\n },\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrunv2.Job(\"default\",\n name=\"cloudrun-job\",\n location=\"us-central1\",\n deletion_protection=False,\n template={\n \"template\": {\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/job\",\n \"volume_mounts\": [{\n \"name\": \"empty-dir-volume\",\n \"mount_path\": \"/mnt\",\n }],\n }],\n \"volumes\": [{\n \"name\": \"empty-dir-volume\",\n \"empty_dir\": {\n \"medium\": \"MEMORY\",\n \"size_limit\": \"128Mi\",\n },\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRunV2.Job(\"default\", new()\n {\n Name = \"cloudrun-job\",\n Location = \"us-central1\",\n DeletionProtection = false,\n Template = new Gcp.CloudRunV2.Inputs.JobTemplateArgs\n {\n Template = new Gcp.CloudRunV2.Inputs.JobTemplateTemplateArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/job\",\n VolumeMounts = new[]\n {\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateContainerVolumeMountArgs\n {\n Name = \"empty-dir-volume\",\n MountPath = \"/mnt\",\n },\n },\n },\n },\n Volumes = new[]\n {\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateVolumeArgs\n {\n Name = \"empty-dir-volume\",\n EmptyDir = new Gcp.CloudRunV2.Inputs.JobTemplateTemplateVolumeEmptyDirArgs\n {\n Medium = \"MEMORY\",\n SizeLimit = \"128Mi\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJob(ctx, \"default\", \u0026cloudrunv2.JobArgs{\n\t\t\tName: pulumi.String(\"cloudrun-job\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tTemplate: \u0026cloudrunv2.JobTemplateArgs{\n\t\t\t\tTemplate: \u0026cloudrunv2.JobTemplateTemplateArgs{\n\t\t\t\t\tContainers: cloudrunv2.JobTemplateTemplateContainerArray{\n\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateContainerArgs{\n\t\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/job\"),\n\t\t\t\t\t\t\tVolumeMounts: cloudrunv2.JobTemplateTemplateContainerVolumeMountArray{\n\t\t\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateContainerVolumeMountArgs{\n\t\t\t\t\t\t\t\t\tName: pulumi.String(\"empty-dir-volume\"),\n\t\t\t\t\t\t\t\t\tMountPath: pulumi.String(\"/mnt\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVolumes: cloudrunv2.JobTemplateTemplateVolumeArray{\n\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateVolumeArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"empty-dir-volume\"),\n\t\t\t\t\t\t\tEmptyDir: \u0026cloudrunv2.JobTemplateTemplateVolumeEmptyDirArgs{\n\t\t\t\t\t\t\t\tMedium: pulumi.String(\"MEMORY\"),\n\t\t\t\t\t\t\t\tSizeLimit: pulumi.String(\"128Mi\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.Job;\nimport com.pulumi.gcp.cloudrunv2.JobArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Job(\"default\", JobArgs.builder()\n .name(\"cloudrun-job\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .template(JobTemplateArgs.builder()\n .template(JobTemplateTemplateArgs.builder()\n .containers(JobTemplateTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/job\")\n .volumeMounts(JobTemplateTemplateContainerVolumeMountArgs.builder()\n .name(\"empty-dir-volume\")\n .mountPath(\"/mnt\")\n .build())\n .build())\n .volumes(JobTemplateTemplateVolumeArgs.builder()\n .name(\"empty-dir-volume\")\n .emptyDir(JobTemplateTemplateVolumeEmptyDirArgs.builder()\n .medium(\"MEMORY\")\n .sizeLimit(\"128Mi\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Job\n properties:\n name: cloudrun-job\n location: us-central1\n deletionProtection: false\n template:\n template:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/job\n volumeMounts:\n - name: empty-dir-volume\n mountPath: /mnt\n volumes:\n - name: empty-dir-volume\n emptyDir:\n medium: MEMORY\n sizeLimit: 128Mi\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Job Run Job\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrunv2.Job(\"default\", {\n name: \"cloudrun-job\",\n location: \"us-central1\",\n deletionProtection: false,\n startExecutionToken: \"start-once-created\",\n template: {\n template: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/job\",\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrunv2.Job(\"default\",\n name=\"cloudrun-job\",\n location=\"us-central1\",\n deletion_protection=False,\n start_execution_token=\"start-once-created\",\n template={\n \"template\": {\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/job\",\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRunV2.Job(\"default\", new()\n {\n Name = \"cloudrun-job\",\n Location = \"us-central1\",\n DeletionProtection = false,\n StartExecutionToken = \"start-once-created\",\n Template = new Gcp.CloudRunV2.Inputs.JobTemplateArgs\n {\n Template = new Gcp.CloudRunV2.Inputs.JobTemplateTemplateArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/job\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJob(ctx, \"default\", \u0026cloudrunv2.JobArgs{\n\t\t\tName: pulumi.String(\"cloudrun-job\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tStartExecutionToken: pulumi.String(\"start-once-created\"),\n\t\t\tTemplate: \u0026cloudrunv2.JobTemplateArgs{\n\t\t\t\tTemplate: \u0026cloudrunv2.JobTemplateTemplateArgs{\n\t\t\t\t\tContainers: cloudrunv2.JobTemplateTemplateContainerArray{\n\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateContainerArgs{\n\t\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/job\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.Job;\nimport com.pulumi.gcp.cloudrunv2.JobArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Job(\"default\", JobArgs.builder()\n .name(\"cloudrun-job\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .startExecutionToken(\"start-once-created\")\n .template(JobTemplateArgs.builder()\n .template(JobTemplateTemplateArgs.builder()\n .containers(JobTemplateTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/job\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Job\n properties:\n name: cloudrun-job\n location: us-central1\n deletionProtection: false\n startExecutionToken: start-once-created\n template:\n template:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/job\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nJob can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/jobs/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Job can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:cloudrunv2/job:Job default projects/{{project}}/locations/{{location}}/jobs/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudrunv2/job:Job default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudrunv2/job:Job default {{location}}/{{name}}\n```\n\n", + "description": "A Cloud Run Job resource that references a container image which is run to completion.\n\n\nTo get more information about Job, see:\n\n* [API documentation](https://cloud.google.com/run/docs/reference/rest/v2/projects.locations.jobs)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/run/docs/)\n\n## Example Usage\n\n### Cloudrunv2 Job Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrunv2.Job(\"default\", {\n name: \"cloudrun-job\",\n location: \"us-central1\",\n deletionProtection: false,\n template: {\n template: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/job\",\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrunv2.Job(\"default\",\n name=\"cloudrun-job\",\n location=\"us-central1\",\n deletion_protection=False,\n template={\n \"template\": {\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/job\",\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRunV2.Job(\"default\", new()\n {\n Name = \"cloudrun-job\",\n Location = \"us-central1\",\n DeletionProtection = false,\n Template = new Gcp.CloudRunV2.Inputs.JobTemplateArgs\n {\n Template = new Gcp.CloudRunV2.Inputs.JobTemplateTemplateArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/job\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJob(ctx, \"default\", \u0026cloudrunv2.JobArgs{\n\t\t\tName: pulumi.String(\"cloudrun-job\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tTemplate: \u0026cloudrunv2.JobTemplateArgs{\n\t\t\t\tTemplate: \u0026cloudrunv2.JobTemplateTemplateArgs{\n\t\t\t\t\tContainers: cloudrunv2.JobTemplateTemplateContainerArray{\n\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateContainerArgs{\n\t\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/job\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.Job;\nimport com.pulumi.gcp.cloudrunv2.JobArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Job(\"default\", JobArgs.builder()\n .name(\"cloudrun-job\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .template(JobTemplateArgs.builder()\n .template(JobTemplateTemplateArgs.builder()\n .containers(JobTemplateTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/job\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Job\n properties:\n name: cloudrun-job\n location: us-central1\n deletionProtection: false\n template:\n template:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/job\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Job Limits\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrunv2.Job(\"default\", {\n name: \"cloudrun-job\",\n location: \"us-central1\",\n deletionProtection: false,\n template: {\n template: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/job\",\n resources: {\n limits: {\n cpu: \"2\",\n memory: \"1024Mi\",\n },\n },\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrunv2.Job(\"default\",\n name=\"cloudrun-job\",\n location=\"us-central1\",\n deletion_protection=False,\n template={\n \"template\": {\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/job\",\n \"resources\": {\n \"limits\": {\n \"cpu\": \"2\",\n \"memory\": \"1024Mi\",\n },\n },\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRunV2.Job(\"default\", new()\n {\n Name = \"cloudrun-job\",\n Location = \"us-central1\",\n DeletionProtection = false,\n Template = new Gcp.CloudRunV2.Inputs.JobTemplateArgs\n {\n Template = new Gcp.CloudRunV2.Inputs.JobTemplateTemplateArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/job\",\n Resources = new Gcp.CloudRunV2.Inputs.JobTemplateTemplateContainerResourcesArgs\n {\n Limits = \n {\n { \"cpu\", \"2\" },\n { \"memory\", \"1024Mi\" },\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJob(ctx, \"default\", \u0026cloudrunv2.JobArgs{\n\t\t\tName: pulumi.String(\"cloudrun-job\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tTemplate: \u0026cloudrunv2.JobTemplateArgs{\n\t\t\t\tTemplate: \u0026cloudrunv2.JobTemplateTemplateArgs{\n\t\t\t\t\tContainers: cloudrunv2.JobTemplateTemplateContainerArray{\n\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateContainerArgs{\n\t\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/job\"),\n\t\t\t\t\t\t\tResources: \u0026cloudrunv2.JobTemplateTemplateContainerResourcesArgs{\n\t\t\t\t\t\t\t\tLimits: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\t\"cpu\": pulumi.String(\"2\"),\n\t\t\t\t\t\t\t\t\t\"memory\": pulumi.String(\"1024Mi\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.Job;\nimport com.pulumi.gcp.cloudrunv2.JobArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Job(\"default\", JobArgs.builder()\n .name(\"cloudrun-job\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .template(JobTemplateArgs.builder()\n .template(JobTemplateTemplateArgs.builder()\n .containers(JobTemplateTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/job\")\n .resources(JobTemplateTemplateContainerResourcesArgs.builder()\n .limits(Map.ofEntries(\n Map.entry(\"cpu\", \"2\"),\n Map.entry(\"memory\", \"1024Mi\")\n ))\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Job\n properties:\n name: cloudrun-job\n location: us-central1\n deletionProtection: false\n template:\n template:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/job\n resources:\n limits:\n cpu: '2'\n memory: 1024Mi\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Job Sql\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secret = new gcp.secretmanager.Secret(\"secret\", {\n secretId: \"secret\",\n replication: {\n auto: {},\n },\n});\nconst instance = new gcp.sql.DatabaseInstance(\"instance\", {\n name: \"cloudrun-sql\",\n region: \"us-central1\",\n databaseVersion: \"MYSQL_5_7\",\n settings: {\n tier: \"db-f1-micro\",\n },\n deletionProtection: true,\n});\nconst _default = new gcp.cloudrunv2.Job(\"default\", {\n name: \"cloudrun-job\",\n location: \"us-central1\",\n deletionProtection: false,\n template: {\n template: {\n volumes: [{\n name: \"cloudsql\",\n cloudSqlInstance: {\n instances: [instance.connectionName],\n },\n }],\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/job\",\n envs: [\n {\n name: \"FOO\",\n value: \"bar\",\n },\n {\n name: \"latestdclsecret\",\n valueSource: {\n secretKeyRef: {\n secret: secret.secretId,\n version: \"1\",\n },\n },\n },\n ],\n volumeMounts: [{\n name: \"cloudsql\",\n mountPath: \"/cloudsql\",\n }],\n }],\n },\n },\n});\nconst project = gcp.organizations.getProject({});\nconst secret_version_data = new gcp.secretmanager.SecretVersion(\"secret-version-data\", {\n secret: secret.name,\n secretData: \"secret-data\",\n});\nconst secret_access = new gcp.secretmanager.SecretIamMember(\"secret-access\", {\n secretId: secret.id,\n role: \"roles/secretmanager.secretAccessor\",\n member: project.then(project =\u003e `serviceAccount:${project.number}-compute@developer.gserviceaccount.com`),\n}, {\n dependsOn: [secret],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret = gcp.secretmanager.Secret(\"secret\",\n secret_id=\"secret\",\n replication={\n \"auto\": {},\n })\ninstance = gcp.sql.DatabaseInstance(\"instance\",\n name=\"cloudrun-sql\",\n region=\"us-central1\",\n database_version=\"MYSQL_5_7\",\n settings={\n \"tier\": \"db-f1-micro\",\n },\n deletion_protection=True)\ndefault = gcp.cloudrunv2.Job(\"default\",\n name=\"cloudrun-job\",\n location=\"us-central1\",\n deletion_protection=False,\n template={\n \"template\": {\n \"volumes\": [{\n \"name\": \"cloudsql\",\n \"cloud_sql_instance\": {\n \"instances\": [instance.connection_name],\n },\n }],\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/job\",\n \"envs\": [\n {\n \"name\": \"FOO\",\n \"value\": \"bar\",\n },\n {\n \"name\": \"latestdclsecret\",\n \"value_source\": {\n \"secret_key_ref\": {\n \"secret\": secret.secret_id,\n \"version\": \"1\",\n },\n },\n },\n ],\n \"volume_mounts\": [{\n \"name\": \"cloudsql\",\n \"mount_path\": \"/cloudsql\",\n }],\n }],\n },\n })\nproject = gcp.organizations.get_project()\nsecret_version_data = gcp.secretmanager.SecretVersion(\"secret-version-data\",\n secret=secret.name,\n secret_data=\"secret-data\")\nsecret_access = gcp.secretmanager.SecretIamMember(\"secret-access\",\n secret_id=secret.id,\n role=\"roles/secretmanager.secretAccessor\",\n member=f\"serviceAccount:{project.number}-compute@developer.gserviceaccount.com\",\n opts = pulumi.ResourceOptions(depends_on=[secret]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret = new Gcp.SecretManager.Secret(\"secret\", new()\n {\n SecretId = \"secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var instance = new Gcp.Sql.DatabaseInstance(\"instance\", new()\n {\n Name = \"cloudrun-sql\",\n Region = \"us-central1\",\n DatabaseVersion = \"MYSQL_5_7\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n },\n DeletionProtection = true,\n });\n\n var @default = new Gcp.CloudRunV2.Job(\"default\", new()\n {\n Name = \"cloudrun-job\",\n Location = \"us-central1\",\n DeletionProtection = false,\n Template = new Gcp.CloudRunV2.Inputs.JobTemplateArgs\n {\n Template = new Gcp.CloudRunV2.Inputs.JobTemplateTemplateArgs\n {\n Volumes = new[]\n {\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateVolumeArgs\n {\n Name = \"cloudsql\",\n CloudSqlInstance = new Gcp.CloudRunV2.Inputs.JobTemplateTemplateVolumeCloudSqlInstanceArgs\n {\n Instances = new[]\n {\n instance.ConnectionName,\n },\n },\n },\n },\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/job\",\n Envs = new[]\n {\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateContainerEnvArgs\n {\n Name = \"FOO\",\n Value = \"bar\",\n },\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateContainerEnvArgs\n {\n Name = \"latestdclsecret\",\n ValueSource = new Gcp.CloudRunV2.Inputs.JobTemplateTemplateContainerEnvValueSourceArgs\n {\n SecretKeyRef = new Gcp.CloudRunV2.Inputs.JobTemplateTemplateContainerEnvValueSourceSecretKeyRefArgs\n {\n Secret = secret.SecretId,\n Version = \"1\",\n },\n },\n },\n },\n VolumeMounts = new[]\n {\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateContainerVolumeMountArgs\n {\n Name = \"cloudsql\",\n MountPath = \"/cloudsql\",\n },\n },\n },\n },\n },\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var secret_version_data = new Gcp.SecretManager.SecretVersion(\"secret-version-data\", new()\n {\n Secret = secret.Name,\n SecretData = \"secret-data\",\n });\n\n var secret_access = new Gcp.SecretManager.SecretIamMember(\"secret-access\", new()\n {\n SecretId = secret.Id,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = $\"serviceAccount:{project.Apply(getProjectResult =\u003e getProjectResult.Number)}-compute@developer.gserviceaccount.com\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n secret,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsecret, err := secretmanager.NewSecret(ctx, \"secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstance, err := sql.NewDatabaseInstance(ctx, \"instance\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-sql\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_5_7\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewJob(ctx, \"default\", \u0026cloudrunv2.JobArgs{\n\t\t\tName: pulumi.String(\"cloudrun-job\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tTemplate: \u0026cloudrunv2.JobTemplateArgs{\n\t\t\t\tTemplate: \u0026cloudrunv2.JobTemplateTemplateArgs{\n\t\t\t\t\tVolumes: cloudrunv2.JobTemplateTemplateVolumeArray{\n\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateVolumeArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"cloudsql\"),\n\t\t\t\t\t\t\tCloudSqlInstance: \u0026cloudrunv2.JobTemplateTemplateVolumeCloudSqlInstanceArgs{\n\t\t\t\t\t\t\t\tInstances: pulumi.StringArray{\n\t\t\t\t\t\t\t\t\tinstance.ConnectionName,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tContainers: cloudrunv2.JobTemplateTemplateContainerArray{\n\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateContainerArgs{\n\t\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/job\"),\n\t\t\t\t\t\t\tEnvs: cloudrunv2.JobTemplateTemplateContainerEnvArray{\n\t\t\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateContainerEnvArgs{\n\t\t\t\t\t\t\t\t\tName: pulumi.String(\"FOO\"),\n\t\t\t\t\t\t\t\t\tValue: pulumi.String(\"bar\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateContainerEnvArgs{\n\t\t\t\t\t\t\t\t\tName: pulumi.String(\"latestdclsecret\"),\n\t\t\t\t\t\t\t\t\tValueSource: \u0026cloudrunv2.JobTemplateTemplateContainerEnvValueSourceArgs{\n\t\t\t\t\t\t\t\t\t\tSecretKeyRef: \u0026cloudrunv2.JobTemplateTemplateContainerEnvValueSourceSecretKeyRefArgs{\n\t\t\t\t\t\t\t\t\t\t\tSecret: secret.SecretId,\n\t\t\t\t\t\t\t\t\t\t\tVersion: pulumi.String(\"1\"),\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tVolumeMounts: cloudrunv2.JobTemplateTemplateContainerVolumeMountArray{\n\t\t\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateContainerVolumeMountArgs{\n\t\t\t\t\t\t\t\t\tName: pulumi.String(\"cloudsql\"),\n\t\t\t\t\t\t\t\t\tMountPath: pulumi.String(\"/cloudsql\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"secret-version-data\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: secret.Name,\n\t\t\tSecretData: pulumi.String(\"secret-data\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamMember(ctx, \"secret-access\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tSecretId: secret.ID(),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v-compute@developer.gserviceaccount.com\", project.Number),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsecret,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.cloudrunv2.Job;\nimport com.pulumi.gcp.cloudrunv2.JobArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateTemplateArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret = new Secret(\"secret\", SecretArgs.builder()\n .secretId(\"secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var instance = new DatabaseInstance(\"instance\", DatabaseInstanceArgs.builder()\n .name(\"cloudrun-sql\")\n .region(\"us-central1\")\n .databaseVersion(\"MYSQL_5_7\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .build())\n .deletionProtection(true)\n .build());\n\n var default_ = new Job(\"default\", JobArgs.builder()\n .name(\"cloudrun-job\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .template(JobTemplateArgs.builder()\n .template(JobTemplateTemplateArgs.builder()\n .volumes(JobTemplateTemplateVolumeArgs.builder()\n .name(\"cloudsql\")\n .cloudSqlInstance(JobTemplateTemplateVolumeCloudSqlInstanceArgs.builder()\n .instances(instance.connectionName())\n .build())\n .build())\n .containers(JobTemplateTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/job\")\n .envs( \n JobTemplateTemplateContainerEnvArgs.builder()\n .name(\"FOO\")\n .value(\"bar\")\n .build(),\n JobTemplateTemplateContainerEnvArgs.builder()\n .name(\"latestdclsecret\")\n .valueSource(JobTemplateTemplateContainerEnvValueSourceArgs.builder()\n .secretKeyRef(JobTemplateTemplateContainerEnvValueSourceSecretKeyRefArgs.builder()\n .secret(secret.secretId())\n .version(\"1\")\n .build())\n .build())\n .build())\n .volumeMounts(JobTemplateTemplateContainerVolumeMountArgs.builder()\n .name(\"cloudsql\")\n .mountPath(\"/cloudsql\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var secret_version_data = new SecretVersion(\"secret-version-data\", SecretVersionArgs.builder()\n .secret(secret.name())\n .secretData(\"secret-data\")\n .build());\n\n var secret_access = new SecretIamMember(\"secret-access\", SecretIamMemberArgs.builder()\n .secretId(secret.id())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(String.format(\"serviceAccount:%s-compute@developer.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build(), CustomResourceOptions.builder()\n .dependsOn(secret)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Job\n properties:\n name: cloudrun-job\n location: us-central1\n deletionProtection: false\n template:\n template:\n volumes:\n - name: cloudsql\n cloudSqlInstance:\n instances:\n - ${instance.connectionName}\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/job\n envs:\n - name: FOO\n value: bar\n - name: latestdclsecret\n valueSource:\n secretKeyRef:\n secret: ${secret.secretId}\n version: '1'\n volumeMounts:\n - name: cloudsql\n mountPath: /cloudsql\n secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: secret\n replication:\n auto: {}\n secret-version-data:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${secret.name}\n secretData: secret-data\n secret-access:\n type: gcp:secretmanager:SecretIamMember\n properties:\n secretId: ${secret.id}\n role: roles/secretmanager.secretAccessor\n member: serviceAccount:${project.number}-compute@developer.gserviceaccount.com\n options:\n dependsOn:\n - ${secret}\n instance:\n type: gcp:sql:DatabaseInstance\n properties:\n name: cloudrun-sql\n region: us-central1\n databaseVersion: MYSQL_5_7\n settings:\n tier: db-f1-micro\n deletionProtection: true\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Job Vpcaccess\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst customTestNetwork = new gcp.compute.Network(\"custom_test\", {\n name: \"run-network\",\n autoCreateSubnetworks: false,\n});\nconst customTest = new gcp.compute.Subnetwork(\"custom_test\", {\n name: \"run-subnetwork\",\n ipCidrRange: \"10.2.0.0/28\",\n region: \"us-central1\",\n network: customTestNetwork.id,\n});\nconst connector = new gcp.vpcaccess.Connector(\"connector\", {\n name: \"run-vpc\",\n subnet: {\n name: customTest.name,\n },\n machineType: \"e2-standard-4\",\n minInstances: 2,\n maxInstances: 3,\n region: \"us-central1\",\n});\nconst _default = new gcp.cloudrunv2.Job(\"default\", {\n name: \"cloudrun-job\",\n location: \"us-central1\",\n deletionProtection: false,\n template: {\n template: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/job\",\n }],\n vpcAccess: {\n connector: connector.id,\n egress: \"ALL_TRAFFIC\",\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncustom_test_network = gcp.compute.Network(\"custom_test\",\n name=\"run-network\",\n auto_create_subnetworks=False)\ncustom_test = gcp.compute.Subnetwork(\"custom_test\",\n name=\"run-subnetwork\",\n ip_cidr_range=\"10.2.0.0/28\",\n region=\"us-central1\",\n network=custom_test_network.id)\nconnector = gcp.vpcaccess.Connector(\"connector\",\n name=\"run-vpc\",\n subnet={\n \"name\": custom_test.name,\n },\n machine_type=\"e2-standard-4\",\n min_instances=2,\n max_instances=3,\n region=\"us-central1\")\ndefault = gcp.cloudrunv2.Job(\"default\",\n name=\"cloudrun-job\",\n location=\"us-central1\",\n deletion_protection=False,\n template={\n \"template\": {\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/job\",\n }],\n \"vpc_access\": {\n \"connector\": connector.id,\n \"egress\": \"ALL_TRAFFIC\",\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var customTestNetwork = new Gcp.Compute.Network(\"custom_test\", new()\n {\n Name = \"run-network\",\n AutoCreateSubnetworks = false,\n });\n\n var customTest = new Gcp.Compute.Subnetwork(\"custom_test\", new()\n {\n Name = \"run-subnetwork\",\n IpCidrRange = \"10.2.0.0/28\",\n Region = \"us-central1\",\n Network = customTestNetwork.Id,\n });\n\n var connector = new Gcp.VpcAccess.Connector(\"connector\", new()\n {\n Name = \"run-vpc\",\n Subnet = new Gcp.VpcAccess.Inputs.ConnectorSubnetArgs\n {\n Name = customTest.Name,\n },\n MachineType = \"e2-standard-4\",\n MinInstances = 2,\n MaxInstances = 3,\n Region = \"us-central1\",\n });\n\n var @default = new Gcp.CloudRunV2.Job(\"default\", new()\n {\n Name = \"cloudrun-job\",\n Location = \"us-central1\",\n DeletionProtection = false,\n Template = new Gcp.CloudRunV2.Inputs.JobTemplateArgs\n {\n Template = new Gcp.CloudRunV2.Inputs.JobTemplateTemplateArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/job\",\n },\n },\n VpcAccess = new Gcp.CloudRunV2.Inputs.JobTemplateTemplateVpcAccessArgs\n {\n Connector = connector.Id,\n Egress = \"ALL_TRAFFIC\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vpcaccess\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcustomTestNetwork, err := compute.NewNetwork(ctx, \"custom_test\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"run-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcustomTest, err := compute.NewSubnetwork(ctx, \"custom_test\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"run-subnetwork\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.2.0.0/28\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: customTestNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tconnector, err := vpcaccess.NewConnector(ctx, \"connector\", \u0026vpcaccess.ConnectorArgs{\n\t\t\tName: pulumi.String(\"run-vpc\"),\n\t\t\tSubnet: \u0026vpcaccess.ConnectorSubnetArgs{\n\t\t\t\tName: customTest.Name,\n\t\t\t},\n\t\t\tMachineType: pulumi.String(\"e2-standard-4\"),\n\t\t\tMinInstances: pulumi.Int(2),\n\t\t\tMaxInstances: pulumi.Int(3),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewJob(ctx, \"default\", \u0026cloudrunv2.JobArgs{\n\t\t\tName: pulumi.String(\"cloudrun-job\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tTemplate: \u0026cloudrunv2.JobTemplateArgs{\n\t\t\t\tTemplate: \u0026cloudrunv2.JobTemplateTemplateArgs{\n\t\t\t\t\tContainers: cloudrunv2.JobTemplateTemplateContainerArray{\n\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateContainerArgs{\n\t\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/job\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVpcAccess: \u0026cloudrunv2.JobTemplateTemplateVpcAccessArgs{\n\t\t\t\t\t\tConnector: connector.ID(),\n\t\t\t\t\t\tEgress: pulumi.String(\"ALL_TRAFFIC\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.vpcaccess.Connector;\nimport com.pulumi.gcp.vpcaccess.ConnectorArgs;\nimport com.pulumi.gcp.vpcaccess.inputs.ConnectorSubnetArgs;\nimport com.pulumi.gcp.cloudrunv2.Job;\nimport com.pulumi.gcp.cloudrunv2.JobArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateTemplateArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateTemplateVpcAccessArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var customTestNetwork = new Network(\"customTestNetwork\", NetworkArgs.builder()\n .name(\"run-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var customTest = new Subnetwork(\"customTest\", SubnetworkArgs.builder()\n .name(\"run-subnetwork\")\n .ipCidrRange(\"10.2.0.0/28\")\n .region(\"us-central1\")\n .network(customTestNetwork.id())\n .build());\n\n var connector = new Connector(\"connector\", ConnectorArgs.builder()\n .name(\"run-vpc\")\n .subnet(ConnectorSubnetArgs.builder()\n .name(customTest.name())\n .build())\n .machineType(\"e2-standard-4\")\n .minInstances(2)\n .maxInstances(3)\n .region(\"us-central1\")\n .build());\n\n var default_ = new Job(\"default\", JobArgs.builder()\n .name(\"cloudrun-job\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .template(JobTemplateArgs.builder()\n .template(JobTemplateTemplateArgs.builder()\n .containers(JobTemplateTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/job\")\n .build())\n .vpcAccess(JobTemplateTemplateVpcAccessArgs.builder()\n .connector(connector.id())\n .egress(\"ALL_TRAFFIC\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Job\n properties:\n name: cloudrun-job\n location: us-central1\n deletionProtection: false\n template:\n template:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/job\n vpcAccess:\n connector: ${connector.id}\n egress: ALL_TRAFFIC\n connector:\n type: gcp:vpcaccess:Connector\n properties:\n name: run-vpc\n subnet:\n name: ${customTest.name}\n machineType: e2-standard-4\n minInstances: 2\n maxInstances: 3\n region: us-central1\n customTest:\n type: gcp:compute:Subnetwork\n name: custom_test\n properties:\n name: run-subnetwork\n ipCidrRange: 10.2.0.0/28\n region: us-central1\n network: ${customTestNetwork.id}\n customTestNetwork:\n type: gcp:compute:Network\n name: custom_test\n properties:\n name: run-network\n autoCreateSubnetworks: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Job Directvpc\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrunv2.Job(\"default\", {\n name: \"cloudrun-job\",\n location: \"us-central1\",\n deletionProtection: false,\n launchStage: \"GA\",\n template: {\n template: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/job\",\n }],\n vpcAccess: {\n networkInterfaces: [{\n network: \"default\",\n subnetwork: \"default\",\n tags: [\n \"tag1\",\n \"tag2\",\n \"tag3\",\n ],\n }],\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrunv2.Job(\"default\",\n name=\"cloudrun-job\",\n location=\"us-central1\",\n deletion_protection=False,\n launch_stage=\"GA\",\n template={\n \"template\": {\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/job\",\n }],\n \"vpc_access\": {\n \"network_interfaces\": [{\n \"network\": \"default\",\n \"subnetwork\": \"default\",\n \"tags\": [\n \"tag1\",\n \"tag2\",\n \"tag3\",\n ],\n }],\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRunV2.Job(\"default\", new()\n {\n Name = \"cloudrun-job\",\n Location = \"us-central1\",\n DeletionProtection = false,\n LaunchStage = \"GA\",\n Template = new Gcp.CloudRunV2.Inputs.JobTemplateArgs\n {\n Template = new Gcp.CloudRunV2.Inputs.JobTemplateTemplateArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/job\",\n },\n },\n VpcAccess = new Gcp.CloudRunV2.Inputs.JobTemplateTemplateVpcAccessArgs\n {\n NetworkInterfaces = new[]\n {\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateVpcAccessNetworkInterfaceArgs\n {\n Network = \"default\",\n Subnetwork = \"default\",\n Tags = new[]\n {\n \"tag1\",\n \"tag2\",\n \"tag3\",\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJob(ctx, \"default\", \u0026cloudrunv2.JobArgs{\n\t\t\tName: pulumi.String(\"cloudrun-job\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tLaunchStage: pulumi.String(\"GA\"),\n\t\t\tTemplate: \u0026cloudrunv2.JobTemplateArgs{\n\t\t\t\tTemplate: \u0026cloudrunv2.JobTemplateTemplateArgs{\n\t\t\t\t\tContainers: cloudrunv2.JobTemplateTemplateContainerArray{\n\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateContainerArgs{\n\t\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/job\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVpcAccess: \u0026cloudrunv2.JobTemplateTemplateVpcAccessArgs{\n\t\t\t\t\t\tNetworkInterfaces: cloudrunv2.JobTemplateTemplateVpcAccessNetworkInterfaceArray{\n\t\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateVpcAccessNetworkInterfaceArgs{\n\t\t\t\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t\t\t\t\tSubnetwork: pulumi.String(\"default\"),\n\t\t\t\t\t\t\t\tTags: pulumi.StringArray{\n\t\t\t\t\t\t\t\t\tpulumi.String(\"tag1\"),\n\t\t\t\t\t\t\t\t\tpulumi.String(\"tag2\"),\n\t\t\t\t\t\t\t\t\tpulumi.String(\"tag3\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.Job;\nimport com.pulumi.gcp.cloudrunv2.JobArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateTemplateArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateTemplateVpcAccessArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Job(\"default\", JobArgs.builder()\n .name(\"cloudrun-job\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .launchStage(\"GA\")\n .template(JobTemplateArgs.builder()\n .template(JobTemplateTemplateArgs.builder()\n .containers(JobTemplateTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/job\")\n .build())\n .vpcAccess(JobTemplateTemplateVpcAccessArgs.builder()\n .networkInterfaces(JobTemplateTemplateVpcAccessNetworkInterfaceArgs.builder()\n .network(\"default\")\n .subnetwork(\"default\")\n .tags( \n \"tag1\",\n \"tag2\",\n \"tag3\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Job\n properties:\n name: cloudrun-job\n location: us-central1\n deletionProtection: false\n launchStage: GA\n template:\n template:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/job\n vpcAccess:\n networkInterfaces:\n - network: default\n subnetwork: default\n tags:\n - tag1\n - tag2\n - tag3\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Job Secret\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secret = new gcp.secretmanager.Secret(\"secret\", {\n secretId: \"secret\",\n replication: {\n auto: {},\n },\n});\nconst secret_version_data = new gcp.secretmanager.SecretVersion(\"secret-version-data\", {\n secret: secret.name,\n secretData: \"secret-data\",\n});\nconst project = gcp.organizations.getProject({});\nconst secret_access = new gcp.secretmanager.SecretIamMember(\"secret-access\", {\n secretId: secret.id,\n role: \"roles/secretmanager.secretAccessor\",\n member: project.then(project =\u003e `serviceAccount:${project.number}-compute@developer.gserviceaccount.com`),\n}, {\n dependsOn: [secret],\n});\nconst _default = new gcp.cloudrunv2.Job(\"default\", {\n name: \"cloudrun-job\",\n location: \"us-central1\",\n deletionProtection: false,\n template: {\n template: {\n volumes: [{\n name: \"a-volume\",\n secret: {\n secret: secret.secretId,\n defaultMode: 292,\n items: [{\n version: \"1\",\n path: \"my-secret\",\n mode: 256,\n }],\n },\n }],\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/job\",\n volumeMounts: [{\n name: \"a-volume\",\n mountPath: \"/secrets\",\n }],\n }],\n },\n },\n}, {\n dependsOn: [\n secret_version_data,\n secret_access,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret = gcp.secretmanager.Secret(\"secret\",\n secret_id=\"secret\",\n replication={\n \"auto\": {},\n })\nsecret_version_data = gcp.secretmanager.SecretVersion(\"secret-version-data\",\n secret=secret.name,\n secret_data=\"secret-data\")\nproject = gcp.organizations.get_project()\nsecret_access = gcp.secretmanager.SecretIamMember(\"secret-access\",\n secret_id=secret.id,\n role=\"roles/secretmanager.secretAccessor\",\n member=f\"serviceAccount:{project.number}-compute@developer.gserviceaccount.com\",\n opts = pulumi.ResourceOptions(depends_on=[secret]))\ndefault = gcp.cloudrunv2.Job(\"default\",\n name=\"cloudrun-job\",\n location=\"us-central1\",\n deletion_protection=False,\n template={\n \"template\": {\n \"volumes\": [{\n \"name\": \"a-volume\",\n \"secret\": {\n \"secret\": secret.secret_id,\n \"default_mode\": 292,\n \"items\": [{\n \"version\": \"1\",\n \"path\": \"my-secret\",\n \"mode\": 256,\n }],\n },\n }],\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/job\",\n \"volume_mounts\": [{\n \"name\": \"a-volume\",\n \"mount_path\": \"/secrets\",\n }],\n }],\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[\n secret_version_data,\n secret_access,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret = new Gcp.SecretManager.Secret(\"secret\", new()\n {\n SecretId = \"secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var secret_version_data = new Gcp.SecretManager.SecretVersion(\"secret-version-data\", new()\n {\n Secret = secret.Name,\n SecretData = \"secret-data\",\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var secret_access = new Gcp.SecretManager.SecretIamMember(\"secret-access\", new()\n {\n SecretId = secret.Id,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = $\"serviceAccount:{project.Apply(getProjectResult =\u003e getProjectResult.Number)}-compute@developer.gserviceaccount.com\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n secret,\n },\n });\n\n var @default = new Gcp.CloudRunV2.Job(\"default\", new()\n {\n Name = \"cloudrun-job\",\n Location = \"us-central1\",\n DeletionProtection = false,\n Template = new Gcp.CloudRunV2.Inputs.JobTemplateArgs\n {\n Template = new Gcp.CloudRunV2.Inputs.JobTemplateTemplateArgs\n {\n Volumes = new[]\n {\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateVolumeArgs\n {\n Name = \"a-volume\",\n Secret = new Gcp.CloudRunV2.Inputs.JobTemplateTemplateVolumeSecretArgs\n {\n Secret = secret.SecretId,\n DefaultMode = 292,\n Items = new[]\n {\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateVolumeSecretItemArgs\n {\n Version = \"1\",\n Path = \"my-secret\",\n Mode = 256,\n },\n },\n },\n },\n },\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/job\",\n VolumeMounts = new[]\n {\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateContainerVolumeMountArgs\n {\n Name = \"a-volume\",\n MountPath = \"/secrets\",\n },\n },\n },\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n secret_version_data,\n secret_access,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsecret, err := secretmanager.NewSecret(ctx, \"secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"secret-version-data\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: secret.Name,\n\t\t\tSecretData: pulumi.String(\"secret-data\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamMember(ctx, \"secret-access\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tSecretId: secret.ID(),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v-compute@developer.gserviceaccount.com\", project.Number),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsecret,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewJob(ctx, \"default\", \u0026cloudrunv2.JobArgs{\n\t\t\tName: pulumi.String(\"cloudrun-job\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tTemplate: \u0026cloudrunv2.JobTemplateArgs{\n\t\t\t\tTemplate: \u0026cloudrunv2.JobTemplateTemplateArgs{\n\t\t\t\t\tVolumes: cloudrunv2.JobTemplateTemplateVolumeArray{\n\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateVolumeArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"a-volume\"),\n\t\t\t\t\t\t\tSecret: \u0026cloudrunv2.JobTemplateTemplateVolumeSecretArgs{\n\t\t\t\t\t\t\t\tSecret: secret.SecretId,\n\t\t\t\t\t\t\t\tDefaultMode: pulumi.Int(292),\n\t\t\t\t\t\t\t\tItems: cloudrunv2.JobTemplateTemplateVolumeSecretItemArray{\n\t\t\t\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateVolumeSecretItemArgs{\n\t\t\t\t\t\t\t\t\t\tVersion: pulumi.String(\"1\"),\n\t\t\t\t\t\t\t\t\t\tPath: pulumi.String(\"my-secret\"),\n\t\t\t\t\t\t\t\t\t\tMode: pulumi.Int(256),\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tContainers: cloudrunv2.JobTemplateTemplateContainerArray{\n\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateContainerArgs{\n\t\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/job\"),\n\t\t\t\t\t\t\tVolumeMounts: cloudrunv2.JobTemplateTemplateContainerVolumeMountArray{\n\t\t\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateContainerVolumeMountArgs{\n\t\t\t\t\t\t\t\t\tName: pulumi.String(\"a-volume\"),\n\t\t\t\t\t\t\t\t\tMountPath: pulumi.String(\"/secrets\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsecret_version_data,\n\t\t\tsecret_access,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.cloudrunv2.Job;\nimport com.pulumi.gcp.cloudrunv2.JobArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateTemplateArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret = new Secret(\"secret\", SecretArgs.builder()\n .secretId(\"secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var secret_version_data = new SecretVersion(\"secret-version-data\", SecretVersionArgs.builder()\n .secret(secret.name())\n .secretData(\"secret-data\")\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var secret_access = new SecretIamMember(\"secret-access\", SecretIamMemberArgs.builder()\n .secretId(secret.id())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(String.format(\"serviceAccount:%s-compute@developer.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build(), CustomResourceOptions.builder()\n .dependsOn(secret)\n .build());\n\n var default_ = new Job(\"default\", JobArgs.builder()\n .name(\"cloudrun-job\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .template(JobTemplateArgs.builder()\n .template(JobTemplateTemplateArgs.builder()\n .volumes(JobTemplateTemplateVolumeArgs.builder()\n .name(\"a-volume\")\n .secret(JobTemplateTemplateVolumeSecretArgs.builder()\n .secret(secret.secretId())\n .defaultMode(292)\n .items(JobTemplateTemplateVolumeSecretItemArgs.builder()\n .version(\"1\")\n .path(\"my-secret\")\n .mode(256)\n .build())\n .build())\n .build())\n .containers(JobTemplateTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/job\")\n .volumeMounts(JobTemplateTemplateContainerVolumeMountArgs.builder()\n .name(\"a-volume\")\n .mountPath(\"/secrets\")\n .build())\n .build())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n secret_version_data,\n secret_access)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Job\n properties:\n name: cloudrun-job\n location: us-central1\n deletionProtection: false\n template:\n template:\n volumes:\n - name: a-volume\n secret:\n secret: ${secret.secretId}\n defaultMode: 292\n items:\n - version: '1'\n path: my-secret\n mode: 256\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/job\n volumeMounts:\n - name: a-volume\n mountPath: /secrets\n options:\n dependsOn:\n - ${[\"secret-version-data\"]}\n - ${[\"secret-access\"]}\n secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: secret\n replication:\n auto: {}\n secret-version-data:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${secret.name}\n secretData: secret-data\n secret-access:\n type: gcp:secretmanager:SecretIamMember\n properties:\n secretId: ${secret.id}\n role: roles/secretmanager.secretAccessor\n member: serviceAccount:${project.number}-compute@developer.gserviceaccount.com\n options:\n dependsOn:\n - ${secret}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Job Emptydir\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrunv2.Job(\"default\", {\n name: \"cloudrun-job\",\n location: \"us-central1\",\n deletionProtection: false,\n template: {\n template: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/job\",\n volumeMounts: [{\n name: \"empty-dir-volume\",\n mountPath: \"/mnt\",\n }],\n }],\n volumes: [{\n name: \"empty-dir-volume\",\n emptyDir: {\n medium: \"MEMORY\",\n sizeLimit: \"128Mi\",\n },\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrunv2.Job(\"default\",\n name=\"cloudrun-job\",\n location=\"us-central1\",\n deletion_protection=False,\n template={\n \"template\": {\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/job\",\n \"volume_mounts\": [{\n \"name\": \"empty-dir-volume\",\n \"mount_path\": \"/mnt\",\n }],\n }],\n \"volumes\": [{\n \"name\": \"empty-dir-volume\",\n \"empty_dir\": {\n \"medium\": \"MEMORY\",\n \"size_limit\": \"128Mi\",\n },\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRunV2.Job(\"default\", new()\n {\n Name = \"cloudrun-job\",\n Location = \"us-central1\",\n DeletionProtection = false,\n Template = new Gcp.CloudRunV2.Inputs.JobTemplateArgs\n {\n Template = new Gcp.CloudRunV2.Inputs.JobTemplateTemplateArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/job\",\n VolumeMounts = new[]\n {\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateContainerVolumeMountArgs\n {\n Name = \"empty-dir-volume\",\n MountPath = \"/mnt\",\n },\n },\n },\n },\n Volumes = new[]\n {\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateVolumeArgs\n {\n Name = \"empty-dir-volume\",\n EmptyDir = new Gcp.CloudRunV2.Inputs.JobTemplateTemplateVolumeEmptyDirArgs\n {\n Medium = \"MEMORY\",\n SizeLimit = \"128Mi\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJob(ctx, \"default\", \u0026cloudrunv2.JobArgs{\n\t\t\tName: pulumi.String(\"cloudrun-job\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tTemplate: \u0026cloudrunv2.JobTemplateArgs{\n\t\t\t\tTemplate: \u0026cloudrunv2.JobTemplateTemplateArgs{\n\t\t\t\t\tContainers: cloudrunv2.JobTemplateTemplateContainerArray{\n\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateContainerArgs{\n\t\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/job\"),\n\t\t\t\t\t\t\tVolumeMounts: cloudrunv2.JobTemplateTemplateContainerVolumeMountArray{\n\t\t\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateContainerVolumeMountArgs{\n\t\t\t\t\t\t\t\t\tName: pulumi.String(\"empty-dir-volume\"),\n\t\t\t\t\t\t\t\t\tMountPath: pulumi.String(\"/mnt\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVolumes: cloudrunv2.JobTemplateTemplateVolumeArray{\n\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateVolumeArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"empty-dir-volume\"),\n\t\t\t\t\t\t\tEmptyDir: \u0026cloudrunv2.JobTemplateTemplateVolumeEmptyDirArgs{\n\t\t\t\t\t\t\t\tMedium: pulumi.String(\"MEMORY\"),\n\t\t\t\t\t\t\t\tSizeLimit: pulumi.String(\"128Mi\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.Job;\nimport com.pulumi.gcp.cloudrunv2.JobArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Job(\"default\", JobArgs.builder()\n .name(\"cloudrun-job\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .template(JobTemplateArgs.builder()\n .template(JobTemplateTemplateArgs.builder()\n .containers(JobTemplateTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/job\")\n .volumeMounts(JobTemplateTemplateContainerVolumeMountArgs.builder()\n .name(\"empty-dir-volume\")\n .mountPath(\"/mnt\")\n .build())\n .build())\n .volumes(JobTemplateTemplateVolumeArgs.builder()\n .name(\"empty-dir-volume\")\n .emptyDir(JobTemplateTemplateVolumeEmptyDirArgs.builder()\n .medium(\"MEMORY\")\n .sizeLimit(\"128Mi\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Job\n properties:\n name: cloudrun-job\n location: us-central1\n deletionProtection: false\n template:\n template:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/job\n volumeMounts:\n - name: empty-dir-volume\n mountPath: /mnt\n volumes:\n - name: empty-dir-volume\n emptyDir:\n medium: MEMORY\n sizeLimit: 128Mi\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Job Run Job\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrunv2.Job(\"default\", {\n name: \"cloudrun-job\",\n location: \"us-central1\",\n deletionProtection: false,\n startExecutionToken: \"start-once-created\",\n template: {\n template: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/job\",\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrunv2.Job(\"default\",\n name=\"cloudrun-job\",\n location=\"us-central1\",\n deletion_protection=False,\n start_execution_token=\"start-once-created\",\n template={\n \"template\": {\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/job\",\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRunV2.Job(\"default\", new()\n {\n Name = \"cloudrun-job\",\n Location = \"us-central1\",\n DeletionProtection = false,\n StartExecutionToken = \"start-once-created\",\n Template = new Gcp.CloudRunV2.Inputs.JobTemplateArgs\n {\n Template = new Gcp.CloudRunV2.Inputs.JobTemplateTemplateArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.JobTemplateTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/job\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJob(ctx, \"default\", \u0026cloudrunv2.JobArgs{\n\t\t\tName: pulumi.String(\"cloudrun-job\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tStartExecutionToken: pulumi.String(\"start-once-created\"),\n\t\t\tTemplate: \u0026cloudrunv2.JobTemplateArgs{\n\t\t\t\tTemplate: \u0026cloudrunv2.JobTemplateTemplateArgs{\n\t\t\t\t\tContainers: cloudrunv2.JobTemplateTemplateContainerArray{\n\t\t\t\t\t\t\u0026cloudrunv2.JobTemplateTemplateContainerArgs{\n\t\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/job\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.Job;\nimport com.pulumi.gcp.cloudrunv2.JobArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.JobTemplateTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Job(\"default\", JobArgs.builder()\n .name(\"cloudrun-job\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .startExecutionToken(\"start-once-created\")\n .template(JobTemplateArgs.builder()\n .template(JobTemplateTemplateArgs.builder()\n .containers(JobTemplateTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/job\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Job\n properties:\n name: cloudrun-job\n location: us-central1\n deletionProtection: false\n startExecutionToken: start-once-created\n template:\n template:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/job\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nJob can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/jobs/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Job can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:cloudrunv2/job:Job default projects/{{project}}/locations/{{location}}/jobs/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudrunv2/job:Job default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudrunv2/job:Job default {{location}}/{{name}}\n```\n\n", "properties": { "annotations": { "type": "object", @@ -156397,7 +156397,7 @@ } }, "gcp:cloudrunv2/jobIamBinding:JobIamBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud Run (v2 API) Job. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.JobIamPolicy`: Authoritative. Sets the IAM policy for the job and replaces any existing policy already attached.\n* `gcp.cloudrunv2.JobIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the job are preserved.\n* `gcp.cloudrunv2.JobIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the job are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.JobIamPolicy`: Retrieves the IAM policy for the job\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.JobIamBinding` and `gcp.cloudrunv2.JobIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.JobIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrunv2.JobIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.JobIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrunv2.JobIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.JobIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewJobIamPolicy(ctx, \"policy\", \u0026cloudrunv2.JobIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new JobIamPolicy(\"policy\", JobIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:JobIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.JobIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.JobIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.JobIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.JobIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamBinding(ctx, \"binding\", \u0026cloudrunv2.JobIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamBinding;\nimport com.pulumi.gcp.cloudrunv2.JobIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new JobIamBinding(\"binding\", JobIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:JobIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.JobIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.JobIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.JobIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.JobIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamMember(ctx, \"member\", \u0026cloudrunv2.JobIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamMember;\nimport com.pulumi.gcp.cloudrunv2.JobIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new JobIamMember(\"member\", JobIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:JobIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Run (v2 API) Job\nThree different resources help you manage your IAM policy for Cloud Run (v2 API) Job. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.JobIamPolicy`: Authoritative. Sets the IAM policy for the job and replaces any existing policy already attached.\n* `gcp.cloudrunv2.JobIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the job are preserved.\n* `gcp.cloudrunv2.JobIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the job are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.JobIamPolicy`: Retrieves the IAM policy for the job\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.JobIamBinding` and `gcp.cloudrunv2.JobIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.JobIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrunv2.JobIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.JobIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrunv2.JobIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.JobIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewJobIamPolicy(ctx, \"policy\", \u0026cloudrunv2.JobIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new JobIamPolicy(\"policy\", JobIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:JobIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.JobIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.JobIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.JobIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.JobIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamBinding(ctx, \"binding\", \u0026cloudrunv2.JobIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamBinding;\nimport com.pulumi.gcp.cloudrunv2.JobIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new JobIamBinding(\"binding\", JobIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:JobIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.JobIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.JobIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.JobIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.JobIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamMember(ctx, \"member\", \u0026cloudrunv2.JobIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamMember;\nimport com.pulumi.gcp.cloudrunv2.JobIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new JobIamMember(\"member\", JobIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:JobIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/jobs/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run (v2 API) job IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamBinding:JobIamBinding editor \"projects/{{project}}/locations/{{location}}/jobs/{{job}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamBinding:JobIamBinding editor \"projects/{{project}}/locations/{{location}}/jobs/{{job}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamBinding:JobIamBinding editor projects/{{project}}/locations/{{location}}/jobs/{{job}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Run (v2 API) Job. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.JobIamPolicy`: Authoritative. Sets the IAM policy for the job and replaces any existing policy already attached.\n* `gcp.cloudrunv2.JobIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the job are preserved.\n* `gcp.cloudrunv2.JobIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the job are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.JobIamPolicy`: Retrieves the IAM policy for the job\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.JobIamBinding` and `gcp.cloudrunv2.JobIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.JobIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrunv2.JobIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.JobIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrunv2.JobIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.JobIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewJobIamPolicy(ctx, \"policy\", \u0026cloudrunv2.JobIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new JobIamPolicy(\"policy\", JobIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:JobIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.JobIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.JobIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.JobIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.JobIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamBinding(ctx, \"binding\", \u0026cloudrunv2.JobIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamBinding;\nimport com.pulumi.gcp.cloudrunv2.JobIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new JobIamBinding(\"binding\", JobIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:JobIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.JobIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.JobIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.JobIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.JobIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamMember(ctx, \"member\", \u0026cloudrunv2.JobIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamMember;\nimport com.pulumi.gcp.cloudrunv2.JobIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new JobIamMember(\"member\", JobIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:JobIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Run (v2 API) Job\nThree different resources help you manage your IAM policy for Cloud Run (v2 API) Job. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.JobIamPolicy`: Authoritative. Sets the IAM policy for the job and replaces any existing policy already attached.\n* `gcp.cloudrunv2.JobIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the job are preserved.\n* `gcp.cloudrunv2.JobIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the job are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.JobIamPolicy`: Retrieves the IAM policy for the job\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.JobIamBinding` and `gcp.cloudrunv2.JobIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.JobIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrunv2.JobIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.JobIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrunv2.JobIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.JobIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewJobIamPolicy(ctx, \"policy\", \u0026cloudrunv2.JobIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new JobIamPolicy(\"policy\", JobIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:JobIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.JobIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.JobIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.JobIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.JobIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamBinding(ctx, \"binding\", \u0026cloudrunv2.JobIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamBinding;\nimport com.pulumi.gcp.cloudrunv2.JobIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new JobIamBinding(\"binding\", JobIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:JobIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.JobIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.JobIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.JobIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.JobIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamMember(ctx, \"member\", \u0026cloudrunv2.JobIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamMember;\nimport com.pulumi.gcp.cloudrunv2.JobIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new JobIamMember(\"member\", JobIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:JobIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/jobs/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run (v2 API) job IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamBinding:JobIamBinding editor \"projects/{{project}}/locations/{{location}}/jobs/{{job}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamBinding:JobIamBinding editor \"projects/{{project}}/locations/{{location}}/jobs/{{job}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamBinding:JobIamBinding editor projects/{{project}}/locations/{{location}}/jobs/{{job}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:cloudrunv2/JobIamBindingCondition:JobIamBindingCondition" @@ -156518,7 +156518,7 @@ } }, "gcp:cloudrunv2/jobIamMember:JobIamMember": { - "description": "Three different resources help you manage your IAM policy for Cloud Run (v2 API) Job. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.JobIamPolicy`: Authoritative. Sets the IAM policy for the job and replaces any existing policy already attached.\n* `gcp.cloudrunv2.JobIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the job are preserved.\n* `gcp.cloudrunv2.JobIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the job are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.JobIamPolicy`: Retrieves the IAM policy for the job\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.JobIamBinding` and `gcp.cloudrunv2.JobIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.JobIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrunv2.JobIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.JobIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrunv2.JobIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.JobIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewJobIamPolicy(ctx, \"policy\", \u0026cloudrunv2.JobIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new JobIamPolicy(\"policy\", JobIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:JobIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.JobIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.JobIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.JobIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.JobIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamBinding(ctx, \"binding\", \u0026cloudrunv2.JobIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamBinding;\nimport com.pulumi.gcp.cloudrunv2.JobIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new JobIamBinding(\"binding\", JobIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:JobIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.JobIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.JobIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.JobIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.JobIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamMember(ctx, \"member\", \u0026cloudrunv2.JobIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamMember;\nimport com.pulumi.gcp.cloudrunv2.JobIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new JobIamMember(\"member\", JobIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:JobIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Run (v2 API) Job\nThree different resources help you manage your IAM policy for Cloud Run (v2 API) Job. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.JobIamPolicy`: Authoritative. Sets the IAM policy for the job and replaces any existing policy already attached.\n* `gcp.cloudrunv2.JobIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the job are preserved.\n* `gcp.cloudrunv2.JobIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the job are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.JobIamPolicy`: Retrieves the IAM policy for the job\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.JobIamBinding` and `gcp.cloudrunv2.JobIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.JobIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrunv2.JobIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.JobIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrunv2.JobIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.JobIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewJobIamPolicy(ctx, \"policy\", \u0026cloudrunv2.JobIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new JobIamPolicy(\"policy\", JobIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:JobIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.JobIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.JobIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.JobIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.JobIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamBinding(ctx, \"binding\", \u0026cloudrunv2.JobIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamBinding;\nimport com.pulumi.gcp.cloudrunv2.JobIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new JobIamBinding(\"binding\", JobIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:JobIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.JobIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.JobIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.JobIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.JobIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamMember(ctx, \"member\", \u0026cloudrunv2.JobIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamMember;\nimport com.pulumi.gcp.cloudrunv2.JobIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new JobIamMember(\"member\", JobIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:JobIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/jobs/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run (v2 API) job IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamMember:JobIamMember editor \"projects/{{project}}/locations/{{location}}/jobs/{{job}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamMember:JobIamMember editor \"projects/{{project}}/locations/{{location}}/jobs/{{job}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamMember:JobIamMember editor projects/{{project}}/locations/{{location}}/jobs/{{job}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Run (v2 API) Job. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.JobIamPolicy`: Authoritative. Sets the IAM policy for the job and replaces any existing policy already attached.\n* `gcp.cloudrunv2.JobIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the job are preserved.\n* `gcp.cloudrunv2.JobIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the job are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.JobIamPolicy`: Retrieves the IAM policy for the job\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.JobIamBinding` and `gcp.cloudrunv2.JobIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.JobIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrunv2.JobIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.JobIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrunv2.JobIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.JobIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewJobIamPolicy(ctx, \"policy\", \u0026cloudrunv2.JobIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new JobIamPolicy(\"policy\", JobIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:JobIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.JobIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.JobIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.JobIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.JobIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamBinding(ctx, \"binding\", \u0026cloudrunv2.JobIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamBinding;\nimport com.pulumi.gcp.cloudrunv2.JobIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new JobIamBinding(\"binding\", JobIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:JobIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.JobIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.JobIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.JobIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.JobIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamMember(ctx, \"member\", \u0026cloudrunv2.JobIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamMember;\nimport com.pulumi.gcp.cloudrunv2.JobIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new JobIamMember(\"member\", JobIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:JobIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Run (v2 API) Job\nThree different resources help you manage your IAM policy for Cloud Run (v2 API) Job. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.JobIamPolicy`: Authoritative. Sets the IAM policy for the job and replaces any existing policy already attached.\n* `gcp.cloudrunv2.JobIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the job are preserved.\n* `gcp.cloudrunv2.JobIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the job are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.JobIamPolicy`: Retrieves the IAM policy for the job\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.JobIamBinding` and `gcp.cloudrunv2.JobIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.JobIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrunv2.JobIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.JobIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrunv2.JobIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.JobIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewJobIamPolicy(ctx, \"policy\", \u0026cloudrunv2.JobIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new JobIamPolicy(\"policy\", JobIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:JobIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.JobIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.JobIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.JobIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.JobIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamBinding(ctx, \"binding\", \u0026cloudrunv2.JobIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamBinding;\nimport com.pulumi.gcp.cloudrunv2.JobIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new JobIamBinding(\"binding\", JobIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:JobIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.JobIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.JobIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.JobIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.JobIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamMember(ctx, \"member\", \u0026cloudrunv2.JobIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamMember;\nimport com.pulumi.gcp.cloudrunv2.JobIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new JobIamMember(\"member\", JobIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:JobIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/jobs/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run (v2 API) job IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamMember:JobIamMember editor \"projects/{{project}}/locations/{{location}}/jobs/{{job}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamMember:JobIamMember editor \"projects/{{project}}/locations/{{location}}/jobs/{{job}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamMember:JobIamMember editor projects/{{project}}/locations/{{location}}/jobs/{{job}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:cloudrunv2/JobIamMemberCondition:JobIamMemberCondition" @@ -156632,7 +156632,7 @@ } }, "gcp:cloudrunv2/jobIamPolicy:JobIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud Run (v2 API) Job. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.JobIamPolicy`: Authoritative. Sets the IAM policy for the job and replaces any existing policy already attached.\n* `gcp.cloudrunv2.JobIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the job are preserved.\n* `gcp.cloudrunv2.JobIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the job are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.JobIamPolicy`: Retrieves the IAM policy for the job\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.JobIamBinding` and `gcp.cloudrunv2.JobIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.JobIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrunv2.JobIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.JobIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrunv2.JobIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.JobIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewJobIamPolicy(ctx, \"policy\", \u0026cloudrunv2.JobIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new JobIamPolicy(\"policy\", JobIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:JobIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.JobIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.JobIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.JobIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.JobIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamBinding(ctx, \"binding\", \u0026cloudrunv2.JobIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamBinding;\nimport com.pulumi.gcp.cloudrunv2.JobIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new JobIamBinding(\"binding\", JobIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:JobIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.JobIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.JobIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.JobIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.JobIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamMember(ctx, \"member\", \u0026cloudrunv2.JobIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamMember;\nimport com.pulumi.gcp.cloudrunv2.JobIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new JobIamMember(\"member\", JobIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:JobIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Run (v2 API) Job\nThree different resources help you manage your IAM policy for Cloud Run (v2 API) Job. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.JobIamPolicy`: Authoritative. Sets the IAM policy for the job and replaces any existing policy already attached.\n* `gcp.cloudrunv2.JobIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the job are preserved.\n* `gcp.cloudrunv2.JobIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the job are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.JobIamPolicy`: Retrieves the IAM policy for the job\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.JobIamBinding` and `gcp.cloudrunv2.JobIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.JobIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrunv2.JobIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.JobIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrunv2.JobIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.JobIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewJobIamPolicy(ctx, \"policy\", \u0026cloudrunv2.JobIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new JobIamPolicy(\"policy\", JobIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:JobIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.JobIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.JobIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.JobIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.JobIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamBinding(ctx, \"binding\", \u0026cloudrunv2.JobIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamBinding;\nimport com.pulumi.gcp.cloudrunv2.JobIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new JobIamBinding(\"binding\", JobIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:JobIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.JobIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.JobIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.JobIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.JobIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamMember(ctx, \"member\", \u0026cloudrunv2.JobIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamMember;\nimport com.pulumi.gcp.cloudrunv2.JobIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new JobIamMember(\"member\", JobIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:JobIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/jobs/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run (v2 API) job IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamPolicy:JobIamPolicy editor \"projects/{{project}}/locations/{{location}}/jobs/{{job}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamPolicy:JobIamPolicy editor \"projects/{{project}}/locations/{{location}}/jobs/{{job}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamPolicy:JobIamPolicy editor projects/{{project}}/locations/{{location}}/jobs/{{job}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Run (v2 API) Job. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.JobIamPolicy`: Authoritative. Sets the IAM policy for the job and replaces any existing policy already attached.\n* `gcp.cloudrunv2.JobIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the job are preserved.\n* `gcp.cloudrunv2.JobIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the job are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.JobIamPolicy`: Retrieves the IAM policy for the job\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.JobIamBinding` and `gcp.cloudrunv2.JobIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.JobIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrunv2.JobIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.JobIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrunv2.JobIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.JobIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewJobIamPolicy(ctx, \"policy\", \u0026cloudrunv2.JobIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new JobIamPolicy(\"policy\", JobIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:JobIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.JobIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.JobIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.JobIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.JobIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamBinding(ctx, \"binding\", \u0026cloudrunv2.JobIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamBinding;\nimport com.pulumi.gcp.cloudrunv2.JobIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new JobIamBinding(\"binding\", JobIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:JobIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.JobIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.JobIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.JobIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.JobIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamMember(ctx, \"member\", \u0026cloudrunv2.JobIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamMember;\nimport com.pulumi.gcp.cloudrunv2.JobIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new JobIamMember(\"member\", JobIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:JobIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Run (v2 API) Job\nThree different resources help you manage your IAM policy for Cloud Run (v2 API) Job. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.JobIamPolicy`: Authoritative. Sets the IAM policy for the job and replaces any existing policy already attached.\n* `gcp.cloudrunv2.JobIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the job are preserved.\n* `gcp.cloudrunv2.JobIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the job are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.JobIamPolicy`: Retrieves the IAM policy for the job\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.JobIamBinding` and `gcp.cloudrunv2.JobIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.JobIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrunv2.JobIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.JobIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrunv2.JobIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.JobIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewJobIamPolicy(ctx, \"policy\", \u0026cloudrunv2.JobIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new JobIamPolicy(\"policy\", JobIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:JobIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.JobIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.JobIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.JobIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.JobIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamBinding(ctx, \"binding\", \u0026cloudrunv2.JobIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamBinding;\nimport com.pulumi.gcp.cloudrunv2.JobIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new JobIamBinding(\"binding\", JobIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:JobIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.JobIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.JobIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.JobIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.JobIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamMember(ctx, \"member\", \u0026cloudrunv2.JobIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamMember;\nimport com.pulumi.gcp.cloudrunv2.JobIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new JobIamMember(\"member\", JobIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:JobIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/jobs/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run (v2 API) job IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamPolicy:JobIamPolicy editor \"projects/{{project}}/locations/{{location}}/jobs/{{job}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamPolicy:JobIamPolicy editor \"projects/{{project}}/locations/{{location}}/jobs/{{job}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamPolicy:JobIamPolicy editor projects/{{project}}/locations/{{location}}/jobs/{{job}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -156717,7 +156717,7 @@ } }, "gcp:cloudrunv2/service:Service": { - "description": "Service acts as a top-level container that manages a set of configurations and revision templates which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership.\n\n\nTo get more information about Service, see:\n\n* [API documentation](https://cloud.google.com/run/docs/reference/rest/v2/projects.locations.services)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/run/docs/)\n\n## Example Usage\n\n### Cloudrunv2 Service Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrunv2.Service(\"default\", {\n name: \"cloudrun-service\",\n location: \"us-central1\",\n deletionProtection: false,\n ingress: \"INGRESS_TRAFFIC_ALL\",\n template: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrunv2.Service(\"default\",\n name=\"cloudrun-service\",\n location=\"us-central1\",\n deletion_protection=False,\n ingress=\"INGRESS_TRAFFIC_ALL\",\n template={\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRunV2.Service(\"default\", new()\n {\n Name = \"cloudrun-service\",\n Location = \"us-central1\",\n DeletionProtection = false,\n Ingress = \"INGRESS_TRAFFIC_ALL\",\n Template = new Gcp.CloudRunV2.Inputs.ServiceTemplateArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewService(ctx, \"default\", \u0026cloudrunv2.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-service\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tIngress: pulumi.String(\"INGRESS_TRAFFIC_ALL\"),\n\t\t\tTemplate: \u0026cloudrunv2.ServiceTemplateArgs{\n\t\t\t\tContainers: cloudrunv2.ServiceTemplateContainerArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerArgs{\n\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.Service;\nimport com.pulumi.gcp.cloudrunv2.ServiceArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-service\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .ingress(\"INGRESS_TRAFFIC_ALL\")\n .template(ServiceTemplateArgs.builder()\n .containers(ServiceTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Service\n properties:\n name: cloudrun-service\n location: us-central1\n deletionProtection: false\n ingress: INGRESS_TRAFFIC_ALL\n template:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/hello\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Service Limits\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrunv2.Service(\"default\", {\n name: \"cloudrun-service\",\n location: \"us-central1\",\n deletionProtection: false,\n ingress: \"INGRESS_TRAFFIC_ALL\",\n template: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n resources: {\n limits: {\n cpu: \"2\",\n memory: \"1024Mi\",\n },\n },\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrunv2.Service(\"default\",\n name=\"cloudrun-service\",\n location=\"us-central1\",\n deletion_protection=False,\n ingress=\"INGRESS_TRAFFIC_ALL\",\n template={\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n \"resources\": {\n \"limits\": {\n \"cpu\": \"2\",\n \"memory\": \"1024Mi\",\n },\n },\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRunV2.Service(\"default\", new()\n {\n Name = \"cloudrun-service\",\n Location = \"us-central1\",\n DeletionProtection = false,\n Ingress = \"INGRESS_TRAFFIC_ALL\",\n Template = new Gcp.CloudRunV2.Inputs.ServiceTemplateArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n Resources = new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerResourcesArgs\n {\n Limits = \n {\n { \"cpu\", \"2\" },\n { \"memory\", \"1024Mi\" },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewService(ctx, \"default\", \u0026cloudrunv2.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-service\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tIngress: pulumi.String(\"INGRESS_TRAFFIC_ALL\"),\n\t\t\tTemplate: \u0026cloudrunv2.ServiceTemplateArgs{\n\t\t\t\tContainers: cloudrunv2.ServiceTemplateContainerArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerArgs{\n\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t\tResources: \u0026cloudrunv2.ServiceTemplateContainerResourcesArgs{\n\t\t\t\t\t\t\tLimits: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"cpu\": pulumi.String(\"2\"),\n\t\t\t\t\t\t\t\t\"memory\": pulumi.String(\"1024Mi\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.Service;\nimport com.pulumi.gcp.cloudrunv2.ServiceArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-service\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .ingress(\"INGRESS_TRAFFIC_ALL\")\n .template(ServiceTemplateArgs.builder()\n .containers(ServiceTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .resources(ServiceTemplateContainerResourcesArgs.builder()\n .limits(Map.ofEntries(\n Map.entry(\"cpu\", \"2\"),\n Map.entry(\"memory\", \"1024Mi\")\n ))\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Service\n properties:\n name: cloudrun-service\n location: us-central1\n deletionProtection: false\n ingress: INGRESS_TRAFFIC_ALL\n template:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/hello\n resources:\n limits:\n cpu: '2'\n memory: 1024Mi\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Service Sql\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secret = new gcp.secretmanager.Secret(\"secret\", {\n secretId: \"secret-1\",\n replication: {\n auto: {},\n },\n});\nconst secret_version_data = new gcp.secretmanager.SecretVersion(\"secret-version-data\", {\n secret: secret.name,\n secretData: \"secret-data\",\n});\nconst instance = new gcp.sql.DatabaseInstance(\"instance\", {\n name: \"cloudrun-sql\",\n region: \"us-central1\",\n databaseVersion: \"MYSQL_5_7\",\n settings: {\n tier: \"db-f1-micro\",\n },\n deletionProtection: true,\n});\nconst _default = new gcp.cloudrunv2.Service(\"default\", {\n name: \"cloudrun-service\",\n location: \"us-central1\",\n deletionProtection: false,\n ingress: \"INGRESS_TRAFFIC_ALL\",\n template: {\n scaling: {\n maxInstanceCount: 2,\n },\n volumes: [{\n name: \"cloudsql\",\n cloudSqlInstance: {\n instances: [instance.connectionName],\n },\n }],\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n envs: [\n {\n name: \"FOO\",\n value: \"bar\",\n },\n {\n name: \"SECRET_ENV_VAR\",\n valueSource: {\n secretKeyRef: {\n secret: secret.secretId,\n version: \"1\",\n },\n },\n },\n ],\n volumeMounts: [{\n name: \"cloudsql\",\n mountPath: \"/cloudsql\",\n }],\n }],\n },\n traffics: [{\n type: \"TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST\",\n percent: 100,\n }],\n}, {\n dependsOn: [secret_version_data],\n});\nconst project = gcp.organizations.getProject({});\nconst secret_access = new gcp.secretmanager.SecretIamMember(\"secret-access\", {\n secretId: secret.id,\n role: \"roles/secretmanager.secretAccessor\",\n member: project.then(project =\u003e `serviceAccount:${project.number}-compute@developer.gserviceaccount.com`),\n}, {\n dependsOn: [secret],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret = gcp.secretmanager.Secret(\"secret\",\n secret_id=\"secret-1\",\n replication={\n \"auto\": {},\n })\nsecret_version_data = gcp.secretmanager.SecretVersion(\"secret-version-data\",\n secret=secret.name,\n secret_data=\"secret-data\")\ninstance = gcp.sql.DatabaseInstance(\"instance\",\n name=\"cloudrun-sql\",\n region=\"us-central1\",\n database_version=\"MYSQL_5_7\",\n settings={\n \"tier\": \"db-f1-micro\",\n },\n deletion_protection=True)\ndefault = gcp.cloudrunv2.Service(\"default\",\n name=\"cloudrun-service\",\n location=\"us-central1\",\n deletion_protection=False,\n ingress=\"INGRESS_TRAFFIC_ALL\",\n template={\n \"scaling\": {\n \"max_instance_count\": 2,\n },\n \"volumes\": [{\n \"name\": \"cloudsql\",\n \"cloud_sql_instance\": {\n \"instances\": [instance.connection_name],\n },\n }],\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n \"envs\": [\n {\n \"name\": \"FOO\",\n \"value\": \"bar\",\n },\n {\n \"name\": \"SECRET_ENV_VAR\",\n \"value_source\": {\n \"secret_key_ref\": {\n \"secret\": secret.secret_id,\n \"version\": \"1\",\n },\n },\n },\n ],\n \"volume_mounts\": [{\n \"name\": \"cloudsql\",\n \"mount_path\": \"/cloudsql\",\n }],\n }],\n },\n traffics=[{\n \"type\": \"TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST\",\n \"percent\": 100,\n }],\n opts = pulumi.ResourceOptions(depends_on=[secret_version_data]))\nproject = gcp.organizations.get_project()\nsecret_access = gcp.secretmanager.SecretIamMember(\"secret-access\",\n secret_id=secret.id,\n role=\"roles/secretmanager.secretAccessor\",\n member=f\"serviceAccount:{project.number}-compute@developer.gserviceaccount.com\",\n opts = pulumi.ResourceOptions(depends_on=[secret]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret = new Gcp.SecretManager.Secret(\"secret\", new()\n {\n SecretId = \"secret-1\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var secret_version_data = new Gcp.SecretManager.SecretVersion(\"secret-version-data\", new()\n {\n Secret = secret.Name,\n SecretData = \"secret-data\",\n });\n\n var instance = new Gcp.Sql.DatabaseInstance(\"instance\", new()\n {\n Name = \"cloudrun-sql\",\n Region = \"us-central1\",\n DatabaseVersion = \"MYSQL_5_7\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n },\n DeletionProtection = true,\n });\n\n var @default = new Gcp.CloudRunV2.Service(\"default\", new()\n {\n Name = \"cloudrun-service\",\n Location = \"us-central1\",\n DeletionProtection = false,\n Ingress = \"INGRESS_TRAFFIC_ALL\",\n Template = new Gcp.CloudRunV2.Inputs.ServiceTemplateArgs\n {\n Scaling = new Gcp.CloudRunV2.Inputs.ServiceTemplateScalingArgs\n {\n MaxInstanceCount = 2,\n },\n Volumes = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateVolumeArgs\n {\n Name = \"cloudsql\",\n CloudSqlInstance = new Gcp.CloudRunV2.Inputs.ServiceTemplateVolumeCloudSqlInstanceArgs\n {\n Instances = new[]\n {\n instance.ConnectionName,\n },\n },\n },\n },\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n Envs = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerEnvArgs\n {\n Name = \"FOO\",\n Value = \"bar\",\n },\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerEnvArgs\n {\n Name = \"SECRET_ENV_VAR\",\n ValueSource = new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerEnvValueSourceArgs\n {\n SecretKeyRef = new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerEnvValueSourceSecretKeyRefArgs\n {\n Secret = secret.SecretId,\n Version = \"1\",\n },\n },\n },\n },\n VolumeMounts = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerVolumeMountArgs\n {\n Name = \"cloudsql\",\n MountPath = \"/cloudsql\",\n },\n },\n },\n },\n },\n Traffics = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTrafficArgs\n {\n Type = \"TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST\",\n Percent = 100,\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n secret_version_data,\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var secret_access = new Gcp.SecretManager.SecretIamMember(\"secret-access\", new()\n {\n SecretId = secret.Id,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = $\"serviceAccount:{project.Apply(getProjectResult =\u003e getProjectResult.Number)}-compute@developer.gserviceaccount.com\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n secret,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsecret, err := secretmanager.NewSecret(ctx, \"secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret-1\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"secret-version-data\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: secret.Name,\n\t\t\tSecretData: pulumi.String(\"secret-data\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstance, err := sql.NewDatabaseInstance(ctx, \"instance\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-sql\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_5_7\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewService(ctx, \"default\", \u0026cloudrunv2.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-service\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tIngress: pulumi.String(\"INGRESS_TRAFFIC_ALL\"),\n\t\t\tTemplate: \u0026cloudrunv2.ServiceTemplateArgs{\n\t\t\t\tScaling: \u0026cloudrunv2.ServiceTemplateScalingArgs{\n\t\t\t\t\tMaxInstanceCount: pulumi.Int(2),\n\t\t\t\t},\n\t\t\t\tVolumes: cloudrunv2.ServiceTemplateVolumeArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateVolumeArgs{\n\t\t\t\t\t\tName: pulumi.String(\"cloudsql\"),\n\t\t\t\t\t\tCloudSqlInstance: \u0026cloudrunv2.ServiceTemplateVolumeCloudSqlInstanceArgs{\n\t\t\t\t\t\t\tInstances: pulumi.StringArray{\n\t\t\t\t\t\t\t\tinstance.ConnectionName,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tContainers: cloudrunv2.ServiceTemplateContainerArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerArgs{\n\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t\tEnvs: cloudrunv2.ServiceTemplateContainerEnvArray{\n\t\t\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerEnvArgs{\n\t\t\t\t\t\t\t\tName: pulumi.String(\"FOO\"),\n\t\t\t\t\t\t\t\tValue: pulumi.String(\"bar\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerEnvArgs{\n\t\t\t\t\t\t\t\tName: pulumi.String(\"SECRET_ENV_VAR\"),\n\t\t\t\t\t\t\t\tValueSource: \u0026cloudrunv2.ServiceTemplateContainerEnvValueSourceArgs{\n\t\t\t\t\t\t\t\t\tSecretKeyRef: \u0026cloudrunv2.ServiceTemplateContainerEnvValueSourceSecretKeyRefArgs{\n\t\t\t\t\t\t\t\t\t\tSecret: secret.SecretId,\n\t\t\t\t\t\t\t\t\t\tVersion: pulumi.String(\"1\"),\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tVolumeMounts: cloudrunv2.ServiceTemplateContainerVolumeMountArray{\n\t\t\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerVolumeMountArgs{\n\t\t\t\t\t\t\t\tName: pulumi.String(\"cloudsql\"),\n\t\t\t\t\t\t\t\tMountPath: pulumi.String(\"/cloudsql\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTraffics: cloudrunv2.ServiceTrafficArray{\n\t\t\t\t\u0026cloudrunv2.ServiceTrafficArgs{\n\t\t\t\t\tType: pulumi.String(\"TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST\"),\n\t\t\t\t\tPercent: pulumi.Int(100),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsecret_version_data,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamMember(ctx, \"secret-access\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tSecretId: secret.ID(),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v-compute@developer.gserviceaccount.com\", project.Number),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsecret,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.cloudrunv2.Service;\nimport com.pulumi.gcp.cloudrunv2.ServiceArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateScalingArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTrafficArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret = new Secret(\"secret\", SecretArgs.builder()\n .secretId(\"secret-1\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var secret_version_data = new SecretVersion(\"secret-version-data\", SecretVersionArgs.builder()\n .secret(secret.name())\n .secretData(\"secret-data\")\n .build());\n\n var instance = new DatabaseInstance(\"instance\", DatabaseInstanceArgs.builder()\n .name(\"cloudrun-sql\")\n .region(\"us-central1\")\n .databaseVersion(\"MYSQL_5_7\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .build())\n .deletionProtection(true)\n .build());\n\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-service\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .ingress(\"INGRESS_TRAFFIC_ALL\")\n .template(ServiceTemplateArgs.builder()\n .scaling(ServiceTemplateScalingArgs.builder()\n .maxInstanceCount(2)\n .build())\n .volumes(ServiceTemplateVolumeArgs.builder()\n .name(\"cloudsql\")\n .cloudSqlInstance(ServiceTemplateVolumeCloudSqlInstanceArgs.builder()\n .instances(instance.connectionName())\n .build())\n .build())\n .containers(ServiceTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .envs( \n ServiceTemplateContainerEnvArgs.builder()\n .name(\"FOO\")\n .value(\"bar\")\n .build(),\n ServiceTemplateContainerEnvArgs.builder()\n .name(\"SECRET_ENV_VAR\")\n .valueSource(ServiceTemplateContainerEnvValueSourceArgs.builder()\n .secretKeyRef(ServiceTemplateContainerEnvValueSourceSecretKeyRefArgs.builder()\n .secret(secret.secretId())\n .version(\"1\")\n .build())\n .build())\n .build())\n .volumeMounts(ServiceTemplateContainerVolumeMountArgs.builder()\n .name(\"cloudsql\")\n .mountPath(\"/cloudsql\")\n .build())\n .build())\n .build())\n .traffics(ServiceTrafficArgs.builder()\n .type(\"TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST\")\n .percent(100)\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(secret_version_data)\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var secret_access = new SecretIamMember(\"secret-access\", SecretIamMemberArgs.builder()\n .secretId(secret.id())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(String.format(\"serviceAccount:%s-compute@developer.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build(), CustomResourceOptions.builder()\n .dependsOn(secret)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Service\n properties:\n name: cloudrun-service\n location: us-central1\n deletionProtection: false\n ingress: INGRESS_TRAFFIC_ALL\n template:\n scaling:\n maxInstanceCount: 2\n volumes:\n - name: cloudsql\n cloudSqlInstance:\n instances:\n - ${instance.connectionName}\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/hello\n envs:\n - name: FOO\n value: bar\n - name: SECRET_ENV_VAR\n valueSource:\n secretKeyRef:\n secret: ${secret.secretId}\n version: '1'\n volumeMounts:\n - name: cloudsql\n mountPath: /cloudsql\n traffics:\n - type: TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST\n percent: 100\n options:\n dependson:\n - ${[\"secret-version-data\"]}\n secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: secret-1\n replication:\n auto: {}\n secret-version-data:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${secret.name}\n secretData: secret-data\n secret-access:\n type: gcp:secretmanager:SecretIamMember\n properties:\n secretId: ${secret.id}\n role: roles/secretmanager.secretAccessor\n member: serviceAccount:${project.number}-compute@developer.gserviceaccount.com\n options:\n dependson:\n - ${secret}\n instance:\n type: gcp:sql:DatabaseInstance\n properties:\n name: cloudrun-sql\n region: us-central1\n databaseVersion: MYSQL_5_7\n settings:\n tier: db-f1-micro\n deletionProtection: true\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Service Vpcaccess\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst customTestNetwork = new gcp.compute.Network(\"custom_test\", {\n name: \"run-network\",\n autoCreateSubnetworks: false,\n});\nconst customTest = new gcp.compute.Subnetwork(\"custom_test\", {\n name: \"run-subnetwork\",\n ipCidrRange: \"10.2.0.0/28\",\n region: \"us-central1\",\n network: customTestNetwork.id,\n});\nconst connector = new gcp.vpcaccess.Connector(\"connector\", {\n name: \"run-vpc\",\n subnet: {\n name: customTest.name,\n },\n machineType: \"e2-standard-4\",\n minInstances: 2,\n maxInstances: 3,\n region: \"us-central1\",\n});\nconst _default = new gcp.cloudrunv2.Service(\"default\", {\n name: \"cloudrun-service\",\n location: \"us-central1\",\n deletionProtection: false,\n template: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n vpcAccess: {\n connector: connector.id,\n egress: \"ALL_TRAFFIC\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncustom_test_network = gcp.compute.Network(\"custom_test\",\n name=\"run-network\",\n auto_create_subnetworks=False)\ncustom_test = gcp.compute.Subnetwork(\"custom_test\",\n name=\"run-subnetwork\",\n ip_cidr_range=\"10.2.0.0/28\",\n region=\"us-central1\",\n network=custom_test_network.id)\nconnector = gcp.vpcaccess.Connector(\"connector\",\n name=\"run-vpc\",\n subnet={\n \"name\": custom_test.name,\n },\n machine_type=\"e2-standard-4\",\n min_instances=2,\n max_instances=3,\n region=\"us-central1\")\ndefault = gcp.cloudrunv2.Service(\"default\",\n name=\"cloudrun-service\",\n location=\"us-central1\",\n deletion_protection=False,\n template={\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n \"vpc_access\": {\n \"connector\": connector.id,\n \"egress\": \"ALL_TRAFFIC\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var customTestNetwork = new Gcp.Compute.Network(\"custom_test\", new()\n {\n Name = \"run-network\",\n AutoCreateSubnetworks = false,\n });\n\n var customTest = new Gcp.Compute.Subnetwork(\"custom_test\", new()\n {\n Name = \"run-subnetwork\",\n IpCidrRange = \"10.2.0.0/28\",\n Region = \"us-central1\",\n Network = customTestNetwork.Id,\n });\n\n var connector = new Gcp.VpcAccess.Connector(\"connector\", new()\n {\n Name = \"run-vpc\",\n Subnet = new Gcp.VpcAccess.Inputs.ConnectorSubnetArgs\n {\n Name = customTest.Name,\n },\n MachineType = \"e2-standard-4\",\n MinInstances = 2,\n MaxInstances = 3,\n Region = \"us-central1\",\n });\n\n var @default = new Gcp.CloudRunV2.Service(\"default\", new()\n {\n Name = \"cloudrun-service\",\n Location = \"us-central1\",\n DeletionProtection = false,\n Template = new Gcp.CloudRunV2.Inputs.ServiceTemplateArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n },\n },\n VpcAccess = new Gcp.CloudRunV2.Inputs.ServiceTemplateVpcAccessArgs\n {\n Connector = connector.Id,\n Egress = \"ALL_TRAFFIC\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vpcaccess\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcustomTestNetwork, err := compute.NewNetwork(ctx, \"custom_test\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"run-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcustomTest, err := compute.NewSubnetwork(ctx, \"custom_test\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"run-subnetwork\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.2.0.0/28\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: customTestNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tconnector, err := vpcaccess.NewConnector(ctx, \"connector\", \u0026vpcaccess.ConnectorArgs{\n\t\t\tName: pulumi.String(\"run-vpc\"),\n\t\t\tSubnet: \u0026vpcaccess.ConnectorSubnetArgs{\n\t\t\t\tName: customTest.Name,\n\t\t\t},\n\t\t\tMachineType: pulumi.String(\"e2-standard-4\"),\n\t\t\tMinInstances: pulumi.Int(2),\n\t\t\tMaxInstances: pulumi.Int(3),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewService(ctx, \"default\", \u0026cloudrunv2.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-service\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tTemplate: \u0026cloudrunv2.ServiceTemplateArgs{\n\t\t\t\tContainers: cloudrunv2.ServiceTemplateContainerArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerArgs{\n\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tVpcAccess: \u0026cloudrunv2.ServiceTemplateVpcAccessArgs{\n\t\t\t\t\tConnector: connector.ID(),\n\t\t\t\t\tEgress: pulumi.String(\"ALL_TRAFFIC\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.vpcaccess.Connector;\nimport com.pulumi.gcp.vpcaccess.ConnectorArgs;\nimport com.pulumi.gcp.vpcaccess.inputs.ConnectorSubnetArgs;\nimport com.pulumi.gcp.cloudrunv2.Service;\nimport com.pulumi.gcp.cloudrunv2.ServiceArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateVpcAccessArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var customTestNetwork = new Network(\"customTestNetwork\", NetworkArgs.builder()\n .name(\"run-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var customTest = new Subnetwork(\"customTest\", SubnetworkArgs.builder()\n .name(\"run-subnetwork\")\n .ipCidrRange(\"10.2.0.0/28\")\n .region(\"us-central1\")\n .network(customTestNetwork.id())\n .build());\n\n var connector = new Connector(\"connector\", ConnectorArgs.builder()\n .name(\"run-vpc\")\n .subnet(ConnectorSubnetArgs.builder()\n .name(customTest.name())\n .build())\n .machineType(\"e2-standard-4\")\n .minInstances(2)\n .maxInstances(3)\n .region(\"us-central1\")\n .build());\n\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-service\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .template(ServiceTemplateArgs.builder()\n .containers(ServiceTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .build())\n .vpcAccess(ServiceTemplateVpcAccessArgs.builder()\n .connector(connector.id())\n .egress(\"ALL_TRAFFIC\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Service\n properties:\n name: cloudrun-service\n location: us-central1\n deletionProtection: false\n template:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/hello\n vpcAccess:\n connector: ${connector.id}\n egress: ALL_TRAFFIC\n connector:\n type: gcp:vpcaccess:Connector\n properties:\n name: run-vpc\n subnet:\n name: ${customTest.name}\n machineType: e2-standard-4\n minInstances: 2\n maxInstances: 3\n region: us-central1\n customTest:\n type: gcp:compute:Subnetwork\n name: custom_test\n properties:\n name: run-subnetwork\n ipCidrRange: 10.2.0.0/28\n region: us-central1\n network: ${customTestNetwork.id}\n customTestNetwork:\n type: gcp:compute:Network\n name: custom_test\n properties:\n name: run-network\n autoCreateSubnetworks: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Service Directvpc\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrunv2.Service(\"default\", {\n name: \"cloudrun-service\",\n location: \"us-central1\",\n deletionProtection: false,\n launchStage: \"GA\",\n template: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n vpcAccess: {\n networkInterfaces: [{\n network: \"default\",\n subnetwork: \"default\",\n tags: [\n \"tag1\",\n \"tag2\",\n \"tag3\",\n ],\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrunv2.Service(\"default\",\n name=\"cloudrun-service\",\n location=\"us-central1\",\n deletion_protection=False,\n launch_stage=\"GA\",\n template={\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n \"vpc_access\": {\n \"network_interfaces\": [{\n \"network\": \"default\",\n \"subnetwork\": \"default\",\n \"tags\": [\n \"tag1\",\n \"tag2\",\n \"tag3\",\n ],\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRunV2.Service(\"default\", new()\n {\n Name = \"cloudrun-service\",\n Location = \"us-central1\",\n DeletionProtection = false,\n LaunchStage = \"GA\",\n Template = new Gcp.CloudRunV2.Inputs.ServiceTemplateArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n },\n },\n VpcAccess = new Gcp.CloudRunV2.Inputs.ServiceTemplateVpcAccessArgs\n {\n NetworkInterfaces = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateVpcAccessNetworkInterfaceArgs\n {\n Network = \"default\",\n Subnetwork = \"default\",\n Tags = new[]\n {\n \"tag1\",\n \"tag2\",\n \"tag3\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewService(ctx, \"default\", \u0026cloudrunv2.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-service\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tLaunchStage: pulumi.String(\"GA\"),\n\t\t\tTemplate: \u0026cloudrunv2.ServiceTemplateArgs{\n\t\t\t\tContainers: cloudrunv2.ServiceTemplateContainerArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerArgs{\n\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tVpcAccess: \u0026cloudrunv2.ServiceTemplateVpcAccessArgs{\n\t\t\t\t\tNetworkInterfaces: cloudrunv2.ServiceTemplateVpcAccessNetworkInterfaceArray{\n\t\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateVpcAccessNetworkInterfaceArgs{\n\t\t\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t\t\t\tSubnetwork: pulumi.String(\"default\"),\n\t\t\t\t\t\t\tTags: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"tag1\"),\n\t\t\t\t\t\t\t\tpulumi.String(\"tag2\"),\n\t\t\t\t\t\t\t\tpulumi.String(\"tag3\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.Service;\nimport com.pulumi.gcp.cloudrunv2.ServiceArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateVpcAccessArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-service\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .launchStage(\"GA\")\n .template(ServiceTemplateArgs.builder()\n .containers(ServiceTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .build())\n .vpcAccess(ServiceTemplateVpcAccessArgs.builder()\n .networkInterfaces(ServiceTemplateVpcAccessNetworkInterfaceArgs.builder()\n .network(\"default\")\n .subnetwork(\"default\")\n .tags( \n \"tag1\",\n \"tag2\",\n \"tag3\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Service\n properties:\n name: cloudrun-service\n location: us-central1\n deletionProtection: false\n launchStage: GA\n template:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/hello\n vpcAccess:\n networkInterfaces:\n - network: default\n subnetwork: default\n tags:\n - tag1\n - tag2\n - tag3\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Service Gpu\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrunv2.Service(\"default\", {\n name: \"cloudrun-service\",\n location: \"us-central1\",\n deletionProtection: false,\n ingress: \"INGRESS_TRAFFIC_ALL\",\n launchStage: \"BETA\",\n template: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n resources: {\n limits: {\n cpu: \"4\",\n memory: \"16Gi\",\n \"nvidia.com/gpu\": \"1\",\n },\n startupCpuBoost: true,\n },\n }],\n nodeSelector: {\n accelerator: \"nvidia-l4\",\n },\n scaling: {\n maxInstanceCount: 1,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrunv2.Service(\"default\",\n name=\"cloudrun-service\",\n location=\"us-central1\",\n deletion_protection=False,\n ingress=\"INGRESS_TRAFFIC_ALL\",\n launch_stage=\"BETA\",\n template={\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n \"resources\": {\n \"limits\": {\n \"cpu\": \"4\",\n \"memory\": \"16Gi\",\n \"nvidia.com/gpu\": \"1\",\n },\n \"startup_cpu_boost\": True,\n },\n }],\n \"node_selector\": {\n \"accelerator\": \"nvidia-l4\",\n },\n \"scaling\": {\n \"max_instance_count\": 1,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRunV2.Service(\"default\", new()\n {\n Name = \"cloudrun-service\",\n Location = \"us-central1\",\n DeletionProtection = false,\n Ingress = \"INGRESS_TRAFFIC_ALL\",\n LaunchStage = \"BETA\",\n Template = new Gcp.CloudRunV2.Inputs.ServiceTemplateArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n Resources = new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerResourcesArgs\n {\n Limits = \n {\n { \"cpu\", \"4\" },\n { \"memory\", \"16Gi\" },\n { \"nvidia.com/gpu\", \"1\" },\n },\n StartupCpuBoost = true,\n },\n },\n },\n NodeSelector = new Gcp.CloudRunV2.Inputs.ServiceTemplateNodeSelectorArgs\n {\n Accelerator = \"nvidia-l4\",\n },\n Scaling = new Gcp.CloudRunV2.Inputs.ServiceTemplateScalingArgs\n {\n MaxInstanceCount = 1,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewService(ctx, \"default\", \u0026cloudrunv2.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-service\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tIngress: pulumi.String(\"INGRESS_TRAFFIC_ALL\"),\n\t\t\tLaunchStage: pulumi.String(\"BETA\"),\n\t\t\tTemplate: \u0026cloudrunv2.ServiceTemplateArgs{\n\t\t\t\tContainers: cloudrunv2.ServiceTemplateContainerArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerArgs{\n\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t\tResources: \u0026cloudrunv2.ServiceTemplateContainerResourcesArgs{\n\t\t\t\t\t\t\tLimits: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"cpu\": pulumi.String(\"4\"),\n\t\t\t\t\t\t\t\t\"memory\": pulumi.String(\"16Gi\"),\n\t\t\t\t\t\t\t\t\"nvidia.com/gpu\": pulumi.String(\"1\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tStartupCpuBoost: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tNodeSelector: \u0026cloudrunv2.ServiceTemplateNodeSelectorArgs{\n\t\t\t\t\tAccelerator: pulumi.String(\"nvidia-l4\"),\n\t\t\t\t},\n\t\t\t\tScaling: \u0026cloudrunv2.ServiceTemplateScalingArgs{\n\t\t\t\t\tMaxInstanceCount: pulumi.Int(1),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.Service;\nimport com.pulumi.gcp.cloudrunv2.ServiceArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateNodeSelectorArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateScalingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-service\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .ingress(\"INGRESS_TRAFFIC_ALL\")\n .launchStage(\"BETA\")\n .template(ServiceTemplateArgs.builder()\n .containers(ServiceTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .resources(ServiceTemplateContainerResourcesArgs.builder()\n .limits(Map.ofEntries(\n Map.entry(\"cpu\", \"4\"),\n Map.entry(\"memory\", \"16Gi\"),\n Map.entry(\"nvidia.com/gpu\", \"1\")\n ))\n .startupCpuBoost(true)\n .build())\n .build())\n .nodeSelector(ServiceTemplateNodeSelectorArgs.builder()\n .accelerator(\"nvidia-l4\")\n .build())\n .scaling(ServiceTemplateScalingArgs.builder()\n .maxInstanceCount(1)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Service\n properties:\n name: cloudrun-service\n location: us-central1\n deletionProtection: false\n ingress: INGRESS_TRAFFIC_ALL\n launchStage: BETA\n template:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/hello\n resources:\n limits:\n cpu: '4'\n memory: 16Gi\n nvidia.com/gpu: '1'\n startupCpuBoost: true\n nodeSelector:\n accelerator: nvidia-l4\n scaling:\n maxInstanceCount: 1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Service Probes\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrunv2.Service(\"default\", {\n name: \"cloudrun-service\",\n location: \"us-central1\",\n deletionProtection: false,\n template: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n startupProbe: {\n initialDelaySeconds: 0,\n timeoutSeconds: 1,\n periodSeconds: 3,\n failureThreshold: 1,\n tcpSocket: {\n port: 8080,\n },\n },\n livenessProbe: {\n httpGet: {\n path: \"/\",\n },\n },\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrunv2.Service(\"default\",\n name=\"cloudrun-service\",\n location=\"us-central1\",\n deletion_protection=False,\n template={\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n \"startup_probe\": {\n \"initial_delay_seconds\": 0,\n \"timeout_seconds\": 1,\n \"period_seconds\": 3,\n \"failure_threshold\": 1,\n \"tcp_socket\": {\n \"port\": 8080,\n },\n },\n \"liveness_probe\": {\n \"http_get\": {\n \"path\": \"/\",\n },\n },\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRunV2.Service(\"default\", new()\n {\n Name = \"cloudrun-service\",\n Location = \"us-central1\",\n DeletionProtection = false,\n Template = new Gcp.CloudRunV2.Inputs.ServiceTemplateArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n StartupProbe = new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerStartupProbeArgs\n {\n InitialDelaySeconds = 0,\n TimeoutSeconds = 1,\n PeriodSeconds = 3,\n FailureThreshold = 1,\n TcpSocket = new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerStartupProbeTcpSocketArgs\n {\n Port = 8080,\n },\n },\n LivenessProbe = new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerLivenessProbeArgs\n {\n HttpGet = new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerLivenessProbeHttpGetArgs\n {\n Path = \"/\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewService(ctx, \"default\", \u0026cloudrunv2.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-service\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tTemplate: \u0026cloudrunv2.ServiceTemplateArgs{\n\t\t\t\tContainers: cloudrunv2.ServiceTemplateContainerArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerArgs{\n\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t\tStartupProbe: \u0026cloudrunv2.ServiceTemplateContainerStartupProbeArgs{\n\t\t\t\t\t\t\tInitialDelaySeconds: pulumi.Int(0),\n\t\t\t\t\t\t\tTimeoutSeconds: pulumi.Int(1),\n\t\t\t\t\t\t\tPeriodSeconds: pulumi.Int(3),\n\t\t\t\t\t\t\tFailureThreshold: pulumi.Int(1),\n\t\t\t\t\t\t\tTcpSocket: \u0026cloudrunv2.ServiceTemplateContainerStartupProbeTcpSocketArgs{\n\t\t\t\t\t\t\t\tPort: pulumi.Int(8080),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tLivenessProbe: \u0026cloudrunv2.ServiceTemplateContainerLivenessProbeArgs{\n\t\t\t\t\t\t\tHttpGet: \u0026cloudrunv2.ServiceTemplateContainerLivenessProbeHttpGetArgs{\n\t\t\t\t\t\t\t\tPath: pulumi.String(\"/\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.Service;\nimport com.pulumi.gcp.cloudrunv2.ServiceArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-service\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .template(ServiceTemplateArgs.builder()\n .containers(ServiceTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .startupProbe(ServiceTemplateContainerStartupProbeArgs.builder()\n .initialDelaySeconds(0)\n .timeoutSeconds(1)\n .periodSeconds(3)\n .failureThreshold(1)\n .tcpSocket(ServiceTemplateContainerStartupProbeTcpSocketArgs.builder()\n .port(8080)\n .build())\n .build())\n .livenessProbe(ServiceTemplateContainerLivenessProbeArgs.builder()\n .httpGet(ServiceTemplateContainerLivenessProbeHttpGetArgs.builder()\n .path(\"/\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Service\n properties:\n name: cloudrun-service\n location: us-central1\n deletionProtection: false\n template:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/hello\n startupProbe:\n initialDelaySeconds: 0\n timeoutSeconds: 1\n periodSeconds: 3\n failureThreshold: 1\n tcpSocket:\n port: 8080\n livenessProbe:\n httpGet:\n path: /\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Service Secret\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secret = new gcp.secretmanager.Secret(\"secret\", {\n secretId: \"secret-1\",\n replication: {\n auto: {},\n },\n});\nconst secret_version_data = new gcp.secretmanager.SecretVersion(\"secret-version-data\", {\n secret: secret.name,\n secretData: \"secret-data\",\n});\nconst _default = new gcp.cloudrunv2.Service(\"default\", {\n name: \"cloudrun-service\",\n location: \"us-central1\",\n deletionProtection: false,\n ingress: \"INGRESS_TRAFFIC_ALL\",\n template: {\n volumes: [{\n name: \"a-volume\",\n secret: {\n secret: secret.secretId,\n defaultMode: 292,\n items: [{\n version: \"1\",\n path: \"my-secret\",\n }],\n },\n }],\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n volumeMounts: [{\n name: \"a-volume\",\n mountPath: \"/secrets\",\n }],\n }],\n },\n}, {\n dependsOn: [secret_version_data],\n});\nconst project = gcp.organizations.getProject({});\nconst secret_access = new gcp.secretmanager.SecretIamMember(\"secret-access\", {\n secretId: secret.id,\n role: \"roles/secretmanager.secretAccessor\",\n member: project.then(project =\u003e `serviceAccount:${project.number}-compute@developer.gserviceaccount.com`),\n}, {\n dependsOn: [secret],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret = gcp.secretmanager.Secret(\"secret\",\n secret_id=\"secret-1\",\n replication={\n \"auto\": {},\n })\nsecret_version_data = gcp.secretmanager.SecretVersion(\"secret-version-data\",\n secret=secret.name,\n secret_data=\"secret-data\")\ndefault = gcp.cloudrunv2.Service(\"default\",\n name=\"cloudrun-service\",\n location=\"us-central1\",\n deletion_protection=False,\n ingress=\"INGRESS_TRAFFIC_ALL\",\n template={\n \"volumes\": [{\n \"name\": \"a-volume\",\n \"secret\": {\n \"secret\": secret.secret_id,\n \"default_mode\": 292,\n \"items\": [{\n \"version\": \"1\",\n \"path\": \"my-secret\",\n }],\n },\n }],\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n \"volume_mounts\": [{\n \"name\": \"a-volume\",\n \"mount_path\": \"/secrets\",\n }],\n }],\n },\n opts = pulumi.ResourceOptions(depends_on=[secret_version_data]))\nproject = gcp.organizations.get_project()\nsecret_access = gcp.secretmanager.SecretIamMember(\"secret-access\",\n secret_id=secret.id,\n role=\"roles/secretmanager.secretAccessor\",\n member=f\"serviceAccount:{project.number}-compute@developer.gserviceaccount.com\",\n opts = pulumi.ResourceOptions(depends_on=[secret]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret = new Gcp.SecretManager.Secret(\"secret\", new()\n {\n SecretId = \"secret-1\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var secret_version_data = new Gcp.SecretManager.SecretVersion(\"secret-version-data\", new()\n {\n Secret = secret.Name,\n SecretData = \"secret-data\",\n });\n\n var @default = new Gcp.CloudRunV2.Service(\"default\", new()\n {\n Name = \"cloudrun-service\",\n Location = \"us-central1\",\n DeletionProtection = false,\n Ingress = \"INGRESS_TRAFFIC_ALL\",\n Template = new Gcp.CloudRunV2.Inputs.ServiceTemplateArgs\n {\n Volumes = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateVolumeArgs\n {\n Name = \"a-volume\",\n Secret = new Gcp.CloudRunV2.Inputs.ServiceTemplateVolumeSecretArgs\n {\n Secret = secret.SecretId,\n DefaultMode = 292,\n Items = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateVolumeSecretItemArgs\n {\n Version = \"1\",\n Path = \"my-secret\",\n },\n },\n },\n },\n },\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n VolumeMounts = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerVolumeMountArgs\n {\n Name = \"a-volume\",\n MountPath = \"/secrets\",\n },\n },\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n secret_version_data,\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var secret_access = new Gcp.SecretManager.SecretIamMember(\"secret-access\", new()\n {\n SecretId = secret.Id,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = $\"serviceAccount:{project.Apply(getProjectResult =\u003e getProjectResult.Number)}-compute@developer.gserviceaccount.com\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n secret,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsecret, err := secretmanager.NewSecret(ctx, \"secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret-1\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"secret-version-data\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: secret.Name,\n\t\t\tSecretData: pulumi.String(\"secret-data\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewService(ctx, \"default\", \u0026cloudrunv2.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-service\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tIngress: pulumi.String(\"INGRESS_TRAFFIC_ALL\"),\n\t\t\tTemplate: \u0026cloudrunv2.ServiceTemplateArgs{\n\t\t\t\tVolumes: cloudrunv2.ServiceTemplateVolumeArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateVolumeArgs{\n\t\t\t\t\t\tName: pulumi.String(\"a-volume\"),\n\t\t\t\t\t\tSecret: \u0026cloudrunv2.ServiceTemplateVolumeSecretArgs{\n\t\t\t\t\t\t\tSecret: secret.SecretId,\n\t\t\t\t\t\t\tDefaultMode: pulumi.Int(292),\n\t\t\t\t\t\t\tItems: cloudrunv2.ServiceTemplateVolumeSecretItemArray{\n\t\t\t\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateVolumeSecretItemArgs{\n\t\t\t\t\t\t\t\t\tVersion: pulumi.String(\"1\"),\n\t\t\t\t\t\t\t\t\tPath: pulumi.String(\"my-secret\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tContainers: cloudrunv2.ServiceTemplateContainerArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerArgs{\n\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t\tVolumeMounts: cloudrunv2.ServiceTemplateContainerVolumeMountArray{\n\t\t\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerVolumeMountArgs{\n\t\t\t\t\t\t\t\tName: pulumi.String(\"a-volume\"),\n\t\t\t\t\t\t\t\tMountPath: pulumi.String(\"/secrets\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsecret_version_data,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamMember(ctx, \"secret-access\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tSecretId: secret.ID(),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v-compute@developer.gserviceaccount.com\", project.Number),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsecret,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.cloudrunv2.Service;\nimport com.pulumi.gcp.cloudrunv2.ServiceArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret = new Secret(\"secret\", SecretArgs.builder()\n .secretId(\"secret-1\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var secret_version_data = new SecretVersion(\"secret-version-data\", SecretVersionArgs.builder()\n .secret(secret.name())\n .secretData(\"secret-data\")\n .build());\n\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-service\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .ingress(\"INGRESS_TRAFFIC_ALL\")\n .template(ServiceTemplateArgs.builder()\n .volumes(ServiceTemplateVolumeArgs.builder()\n .name(\"a-volume\")\n .secret(ServiceTemplateVolumeSecretArgs.builder()\n .secret(secret.secretId())\n .defaultMode(292)\n .items(ServiceTemplateVolumeSecretItemArgs.builder()\n .version(\"1\")\n .path(\"my-secret\")\n .build())\n .build())\n .build())\n .containers(ServiceTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .volumeMounts(ServiceTemplateContainerVolumeMountArgs.builder()\n .name(\"a-volume\")\n .mountPath(\"/secrets\")\n .build())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(secret_version_data)\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var secret_access = new SecretIamMember(\"secret-access\", SecretIamMemberArgs.builder()\n .secretId(secret.id())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(String.format(\"serviceAccount:%s-compute@developer.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build(), CustomResourceOptions.builder()\n .dependsOn(secret)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Service\n properties:\n name: cloudrun-service\n location: us-central1\n deletionProtection: false\n ingress: INGRESS_TRAFFIC_ALL\n template:\n volumes:\n - name: a-volume\n secret:\n secret: ${secret.secretId}\n defaultMode: 292\n items:\n - version: '1'\n path: my-secret\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/hello\n volumeMounts:\n - name: a-volume\n mountPath: /secrets\n options:\n dependson:\n - ${[\"secret-version-data\"]}\n secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: secret-1\n replication:\n auto: {}\n secret-version-data:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${secret.name}\n secretData: secret-data\n secret-access:\n type: gcp:secretmanager:SecretIamMember\n properties:\n secretId: ${secret.id}\n role: roles/secretmanager.secretAccessor\n member: serviceAccount:${project.number}-compute@developer.gserviceaccount.com\n options:\n dependson:\n - ${secret}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Service Multicontainer\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrunv2.Service(\"default\", {\n name: \"cloudrun-service\",\n location: \"us-central1\",\n deletionProtection: false,\n ingress: \"INGRESS_TRAFFIC_ALL\",\n template: {\n containers: [\n {\n name: \"hello-1\",\n ports: {\n containerPort: 8080,\n },\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n dependsOns: [\"hello-2\"],\n volumeMounts: [{\n name: \"empty-dir-volume\",\n mountPath: \"/mnt\",\n }],\n },\n {\n name: \"hello-2\",\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n envs: [{\n name: \"PORT\",\n value: \"8081\",\n }],\n startupProbe: {\n httpGet: {\n port: 8081,\n },\n },\n },\n ],\n volumes: [{\n name: \"empty-dir-volume\",\n emptyDir: {\n medium: \"MEMORY\",\n sizeLimit: \"256Mi\",\n },\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrunv2.Service(\"default\",\n name=\"cloudrun-service\",\n location=\"us-central1\",\n deletion_protection=False,\n ingress=\"INGRESS_TRAFFIC_ALL\",\n template={\n \"containers\": [\n {\n \"name\": \"hello-1\",\n \"ports\": {\n \"container_port\": 8080,\n },\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n \"depends_ons\": [\"hello-2\"],\n \"volume_mounts\": [{\n \"name\": \"empty-dir-volume\",\n \"mount_path\": \"/mnt\",\n }],\n },\n {\n \"name\": \"hello-2\",\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n \"envs\": [{\n \"name\": \"PORT\",\n \"value\": \"8081\",\n }],\n \"startup_probe\": {\n \"http_get\": {\n \"port\": 8081,\n },\n },\n },\n ],\n \"volumes\": [{\n \"name\": \"empty-dir-volume\",\n \"empty_dir\": {\n \"medium\": \"MEMORY\",\n \"size_limit\": \"256Mi\",\n },\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRunV2.Service(\"default\", new()\n {\n Name = \"cloudrun-service\",\n Location = \"us-central1\",\n DeletionProtection = false,\n Ingress = \"INGRESS_TRAFFIC_ALL\",\n Template = new Gcp.CloudRunV2.Inputs.ServiceTemplateArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerArgs\n {\n Name = \"hello-1\",\n Ports = new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerPortsArgs\n {\n ContainerPort = 8080,\n },\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n DependsOns = new[]\n {\n \"hello-2\",\n },\n VolumeMounts = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerVolumeMountArgs\n {\n Name = \"empty-dir-volume\",\n MountPath = \"/mnt\",\n },\n },\n },\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerArgs\n {\n Name = \"hello-2\",\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n Envs = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerEnvArgs\n {\n Name = \"PORT\",\n Value = \"8081\",\n },\n },\n StartupProbe = new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerStartupProbeArgs\n {\n HttpGet = new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerStartupProbeHttpGetArgs\n {\n Port = 8081,\n },\n },\n },\n },\n Volumes = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateVolumeArgs\n {\n Name = \"empty-dir-volume\",\n EmptyDir = new Gcp.CloudRunV2.Inputs.ServiceTemplateVolumeEmptyDirArgs\n {\n Medium = \"MEMORY\",\n SizeLimit = \"256Mi\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewService(ctx, \"default\", \u0026cloudrunv2.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-service\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tIngress: pulumi.String(\"INGRESS_TRAFFIC_ALL\"),\n\t\t\tTemplate: \u0026cloudrunv2.ServiceTemplateArgs{\n\t\t\t\tContainers: cloudrunv2.ServiceTemplateContainerArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerArgs{\n\t\t\t\t\t\tName: pulumi.String(\"hello-1\"),\n\t\t\t\t\t\tPorts: \u0026cloudrunv2.ServiceTemplateContainerPortsArgs{\n\t\t\t\t\t\t\tContainerPort: pulumi.Int(8080),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t\tDependsOns: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"hello-2\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tVolumeMounts: cloudrunv2.ServiceTemplateContainerVolumeMountArray{\n\t\t\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerVolumeMountArgs{\n\t\t\t\t\t\t\t\tName: pulumi.String(\"empty-dir-volume\"),\n\t\t\t\t\t\t\t\tMountPath: pulumi.String(\"/mnt\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerArgs{\n\t\t\t\t\t\tName: pulumi.String(\"hello-2\"),\n\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t\tEnvs: cloudrunv2.ServiceTemplateContainerEnvArray{\n\t\t\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerEnvArgs{\n\t\t\t\t\t\t\t\tName: pulumi.String(\"PORT\"),\n\t\t\t\t\t\t\t\tValue: pulumi.String(\"8081\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tStartupProbe: \u0026cloudrunv2.ServiceTemplateContainerStartupProbeArgs{\n\t\t\t\t\t\t\tHttpGet: \u0026cloudrunv2.ServiceTemplateContainerStartupProbeHttpGetArgs{\n\t\t\t\t\t\t\t\tPort: pulumi.Int(8081),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tVolumes: cloudrunv2.ServiceTemplateVolumeArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateVolumeArgs{\n\t\t\t\t\t\tName: pulumi.String(\"empty-dir-volume\"),\n\t\t\t\t\t\tEmptyDir: \u0026cloudrunv2.ServiceTemplateVolumeEmptyDirArgs{\n\t\t\t\t\t\t\tMedium: pulumi.String(\"MEMORY\"),\n\t\t\t\t\t\t\tSizeLimit: pulumi.String(\"256Mi\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.Service;\nimport com.pulumi.gcp.cloudrunv2.ServiceArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-service\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .ingress(\"INGRESS_TRAFFIC_ALL\")\n .template(ServiceTemplateArgs.builder()\n .containers( \n ServiceTemplateContainerArgs.builder()\n .name(\"hello-1\")\n .ports(ServiceTemplateContainerPortsArgs.builder()\n .containerPort(8080)\n .build())\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .dependsOns(\"hello-2\")\n .volumeMounts(ServiceTemplateContainerVolumeMountArgs.builder()\n .name(\"empty-dir-volume\")\n .mountPath(\"/mnt\")\n .build())\n .build(),\n ServiceTemplateContainerArgs.builder()\n .name(\"hello-2\")\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .envs(ServiceTemplateContainerEnvArgs.builder()\n .name(\"PORT\")\n .value(\"8081\")\n .build())\n .startupProbe(ServiceTemplateContainerStartupProbeArgs.builder()\n .httpGet(ServiceTemplateContainerStartupProbeHttpGetArgs.builder()\n .port(8081)\n .build())\n .build())\n .build())\n .volumes(ServiceTemplateVolumeArgs.builder()\n .name(\"empty-dir-volume\")\n .emptyDir(ServiceTemplateVolumeEmptyDirArgs.builder()\n .medium(\"MEMORY\")\n .sizeLimit(\"256Mi\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Service\n properties:\n name: cloudrun-service\n location: us-central1\n deletionProtection: false\n ingress: INGRESS_TRAFFIC_ALL\n template:\n containers:\n - name: hello-1\n ports:\n containerPort: 8080\n image: us-docker.pkg.dev/cloudrun/container/hello\n dependsOns:\n - hello-2\n volumeMounts:\n - name: empty-dir-volume\n mountPath: /mnt\n - name: hello-2\n image: us-docker.pkg.dev/cloudrun/container/hello\n envs:\n - name: PORT\n value: '8081'\n startupProbe:\n httpGet:\n port: 8081\n volumes:\n - name: empty-dir-volume\n emptyDir:\n medium: MEMORY\n sizeLimit: 256Mi\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Service Mount Gcs\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultBucket = new gcp.storage.Bucket(\"default\", {\n name: \"cloudrun-service\",\n location: \"US\",\n});\nconst _default = new gcp.cloudrunv2.Service(\"default\", {\n name: \"cloudrun-service\",\n location: \"us-central1\",\n deletionProtection: false,\n template: {\n executionEnvironment: \"EXECUTION_ENVIRONMENT_GEN2\",\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n volumeMounts: [{\n name: \"bucket\",\n mountPath: \"/var/www\",\n }],\n }],\n volumes: [{\n name: \"bucket\",\n gcs: {\n bucket: defaultBucket.name,\n readOnly: false,\n },\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_bucket = gcp.storage.Bucket(\"default\",\n name=\"cloudrun-service\",\n location=\"US\")\ndefault = gcp.cloudrunv2.Service(\"default\",\n name=\"cloudrun-service\",\n location=\"us-central1\",\n deletion_protection=False,\n template={\n \"execution_environment\": \"EXECUTION_ENVIRONMENT_GEN2\",\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n \"volume_mounts\": [{\n \"name\": \"bucket\",\n \"mount_path\": \"/var/www\",\n }],\n }],\n \"volumes\": [{\n \"name\": \"bucket\",\n \"gcs\": {\n \"bucket\": default_bucket.name,\n \"read_only\": False,\n },\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultBucket = new Gcp.Storage.Bucket(\"default\", new()\n {\n Name = \"cloudrun-service\",\n Location = \"US\",\n });\n\n var @default = new Gcp.CloudRunV2.Service(\"default\", new()\n {\n Name = \"cloudrun-service\",\n Location = \"us-central1\",\n DeletionProtection = false,\n Template = new Gcp.CloudRunV2.Inputs.ServiceTemplateArgs\n {\n ExecutionEnvironment = \"EXECUTION_ENVIRONMENT_GEN2\",\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n VolumeMounts = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerVolumeMountArgs\n {\n Name = \"bucket\",\n MountPath = \"/var/www\",\n },\n },\n },\n },\n Volumes = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateVolumeArgs\n {\n Name = \"bucket\",\n Gcs = new Gcp.CloudRunV2.Inputs.ServiceTemplateVolumeGcsArgs\n {\n Bucket = defaultBucket.Name,\n ReadOnly = false,\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultBucket, err := storage.NewBucket(ctx, \"default\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"cloudrun-service\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewService(ctx, \"default\", \u0026cloudrunv2.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-service\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tTemplate: \u0026cloudrunv2.ServiceTemplateArgs{\n\t\t\t\tExecutionEnvironment: pulumi.String(\"EXECUTION_ENVIRONMENT_GEN2\"),\n\t\t\t\tContainers: cloudrunv2.ServiceTemplateContainerArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerArgs{\n\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t\tVolumeMounts: cloudrunv2.ServiceTemplateContainerVolumeMountArray{\n\t\t\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerVolumeMountArgs{\n\t\t\t\t\t\t\t\tName: pulumi.String(\"bucket\"),\n\t\t\t\t\t\t\t\tMountPath: pulumi.String(\"/var/www\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tVolumes: cloudrunv2.ServiceTemplateVolumeArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateVolumeArgs{\n\t\t\t\t\t\tName: pulumi.String(\"bucket\"),\n\t\t\t\t\t\tGcs: \u0026cloudrunv2.ServiceTemplateVolumeGcsArgs{\n\t\t\t\t\t\t\tBucket: defaultBucket.Name,\n\t\t\t\t\t\t\tReadOnly: pulumi.Bool(false),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.cloudrunv2.Service;\nimport com.pulumi.gcp.cloudrunv2.ServiceArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultBucket = new Bucket(\"defaultBucket\", BucketArgs.builder()\n .name(\"cloudrun-service\")\n .location(\"US\")\n .build());\n\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-service\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .template(ServiceTemplateArgs.builder()\n .executionEnvironment(\"EXECUTION_ENVIRONMENT_GEN2\")\n .containers(ServiceTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .volumeMounts(ServiceTemplateContainerVolumeMountArgs.builder()\n .name(\"bucket\")\n .mountPath(\"/var/www\")\n .build())\n .build())\n .volumes(ServiceTemplateVolumeArgs.builder()\n .name(\"bucket\")\n .gcs(ServiceTemplateVolumeGcsArgs.builder()\n .bucket(defaultBucket.name())\n .readOnly(false)\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Service\n properties:\n name: cloudrun-service\n location: us-central1\n deletionProtection: false\n template:\n executionEnvironment: EXECUTION_ENVIRONMENT_GEN2\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/hello\n volumeMounts:\n - name: bucket\n mountPath: /var/www\n volumes:\n - name: bucket\n gcs:\n bucket: ${defaultBucket.name}\n readOnly: false\n defaultBucket:\n type: gcp:storage:Bucket\n name: default\n properties:\n name: cloudrun-service\n location: US\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Service Mount Nfs\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultInstance = new gcp.filestore.Instance(\"default\", {\n name: \"cloudrun-service\",\n location: \"us-central1-b\",\n tier: \"BASIC_HDD\",\n fileShares: {\n capacityGb: 1024,\n name: \"share1\",\n },\n networks: [{\n network: \"default\",\n modes: [\"MODE_IPV4\"],\n }],\n});\nconst _default = new gcp.cloudrunv2.Service(\"default\", {\n name: \"cloudrun-service\",\n location: \"us-central1\",\n deletionProtection: false,\n ingress: \"INGRESS_TRAFFIC_ALL\",\n template: {\n executionEnvironment: \"EXECUTION_ENVIRONMENT_GEN2\",\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/hello:latest\",\n volumeMounts: [{\n name: \"nfs\",\n mountPath: \"/mnt/nfs/filestore\",\n }],\n }],\n vpcAccess: {\n networkInterfaces: [{\n network: \"default\",\n subnetwork: \"default\",\n }],\n },\n volumes: [{\n name: \"nfs\",\n nfs: {\n server: defaultInstance.networks.apply(networks =\u003e networks[0].ipAddresses?.[0]),\n path: \"/share1\",\n readOnly: false,\n },\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_instance = gcp.filestore.Instance(\"default\",\n name=\"cloudrun-service\",\n location=\"us-central1-b\",\n tier=\"BASIC_HDD\",\n file_shares={\n \"capacity_gb\": 1024,\n \"name\": \"share1\",\n },\n networks=[{\n \"network\": \"default\",\n \"modes\": [\"MODE_IPV4\"],\n }])\ndefault = gcp.cloudrunv2.Service(\"default\",\n name=\"cloudrun-service\",\n location=\"us-central1\",\n deletion_protection=False,\n ingress=\"INGRESS_TRAFFIC_ALL\",\n template={\n \"execution_environment\": \"EXECUTION_ENVIRONMENT_GEN2\",\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello:latest\",\n \"volume_mounts\": [{\n \"name\": \"nfs\",\n \"mount_path\": \"/mnt/nfs/filestore\",\n }],\n }],\n \"vpc_access\": {\n \"network_interfaces\": [{\n \"network\": \"default\",\n \"subnetwork\": \"default\",\n }],\n },\n \"volumes\": [{\n \"name\": \"nfs\",\n \"nfs\": {\n \"server\": default_instance.networks[0].ip_addresses[0],\n \"path\": \"/share1\",\n \"read_only\": False,\n },\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultInstance = new Gcp.Filestore.Instance(\"default\", new()\n {\n Name = \"cloudrun-service\",\n Location = \"us-central1-b\",\n Tier = \"BASIC_HDD\",\n FileShares = new Gcp.Filestore.Inputs.InstanceFileSharesArgs\n {\n CapacityGb = 1024,\n Name = \"share1\",\n },\n Networks = new[]\n {\n new Gcp.Filestore.Inputs.InstanceNetworkArgs\n {\n Network = \"default\",\n Modes = new[]\n {\n \"MODE_IPV4\",\n },\n },\n },\n });\n\n var @default = new Gcp.CloudRunV2.Service(\"default\", new()\n {\n Name = \"cloudrun-service\",\n Location = \"us-central1\",\n DeletionProtection = false,\n Ingress = \"INGRESS_TRAFFIC_ALL\",\n Template = new Gcp.CloudRunV2.Inputs.ServiceTemplateArgs\n {\n ExecutionEnvironment = \"EXECUTION_ENVIRONMENT_GEN2\",\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/hello:latest\",\n VolumeMounts = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerVolumeMountArgs\n {\n Name = \"nfs\",\n MountPath = \"/mnt/nfs/filestore\",\n },\n },\n },\n },\n VpcAccess = new Gcp.CloudRunV2.Inputs.ServiceTemplateVpcAccessArgs\n {\n NetworkInterfaces = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateVpcAccessNetworkInterfaceArgs\n {\n Network = \"default\",\n Subnetwork = \"default\",\n },\n },\n },\n Volumes = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateVolumeArgs\n {\n Name = \"nfs\",\n Nfs = new Gcp.CloudRunV2.Inputs.ServiceTemplateVolumeNfsArgs\n {\n Server = defaultInstance.Networks.Apply(networks =\u003e networks[0].IpAddresses[0]),\n Path = \"/share1\",\n ReadOnly = false,\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/filestore\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultInstance, err := filestore.NewInstance(ctx, \"default\", \u0026filestore.InstanceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-service\"),\n\t\t\tLocation: pulumi.String(\"us-central1-b\"),\n\t\t\tTier: pulumi.String(\"BASIC_HDD\"),\n\t\t\tFileShares: \u0026filestore.InstanceFileSharesArgs{\n\t\t\t\tCapacityGb: pulumi.Int(1024),\n\t\t\t\tName: pulumi.String(\"share1\"),\n\t\t\t},\n\t\t\tNetworks: filestore.InstanceNetworkArray{\n\t\t\t\t\u0026filestore.InstanceNetworkArgs{\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t\tModes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"MODE_IPV4\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewService(ctx, \"default\", \u0026cloudrunv2.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-service\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tIngress: pulumi.String(\"INGRESS_TRAFFIC_ALL\"),\n\t\t\tTemplate: \u0026cloudrunv2.ServiceTemplateArgs{\n\t\t\t\tExecutionEnvironment: pulumi.String(\"EXECUTION_ENVIRONMENT_GEN2\"),\n\t\t\t\tContainers: cloudrunv2.ServiceTemplateContainerArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerArgs{\n\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello:latest\"),\n\t\t\t\t\t\tVolumeMounts: cloudrunv2.ServiceTemplateContainerVolumeMountArray{\n\t\t\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerVolumeMountArgs{\n\t\t\t\t\t\t\t\tName: pulumi.String(\"nfs\"),\n\t\t\t\t\t\t\t\tMountPath: pulumi.String(\"/mnt/nfs/filestore\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tVpcAccess: \u0026cloudrunv2.ServiceTemplateVpcAccessArgs{\n\t\t\t\t\tNetworkInterfaces: cloudrunv2.ServiceTemplateVpcAccessNetworkInterfaceArray{\n\t\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateVpcAccessNetworkInterfaceArgs{\n\t\t\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t\t\t\tSubnetwork: pulumi.String(\"default\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tVolumes: cloudrunv2.ServiceTemplateVolumeArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateVolumeArgs{\n\t\t\t\t\t\tName: pulumi.String(\"nfs\"),\n\t\t\t\t\t\tNfs: \u0026cloudrunv2.ServiceTemplateVolumeNfsArgs{\n\t\t\t\t\t\t\tServer: defaultInstance.Networks.ApplyT(func(networks []filestore.InstanceNetwork) (*string, error) {\n\t\t\t\t\t\t\t\treturn \u0026networks[0].IpAddresses[0], nil\n\t\t\t\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\t\t\t\tPath: pulumi.String(\"/share1\"),\n\t\t\t\t\t\t\tReadOnly: pulumi.Bool(false),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.filestore.Instance;\nimport com.pulumi.gcp.filestore.InstanceArgs;\nimport com.pulumi.gcp.filestore.inputs.InstanceFileSharesArgs;\nimport com.pulumi.gcp.filestore.inputs.InstanceNetworkArgs;\nimport com.pulumi.gcp.cloudrunv2.Service;\nimport com.pulumi.gcp.cloudrunv2.ServiceArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateVpcAccessArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultInstance = new Instance(\"defaultInstance\", InstanceArgs.builder()\n .name(\"cloudrun-service\")\n .location(\"us-central1-b\")\n .tier(\"BASIC_HDD\")\n .fileShares(InstanceFileSharesArgs.builder()\n .capacityGb(1024)\n .name(\"share1\")\n .build())\n .networks(InstanceNetworkArgs.builder()\n .network(\"default\")\n .modes(\"MODE_IPV4\")\n .build())\n .build());\n\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-service\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .ingress(\"INGRESS_TRAFFIC_ALL\")\n .template(ServiceTemplateArgs.builder()\n .executionEnvironment(\"EXECUTION_ENVIRONMENT_GEN2\")\n .containers(ServiceTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/hello:latest\")\n .volumeMounts(ServiceTemplateContainerVolumeMountArgs.builder()\n .name(\"nfs\")\n .mountPath(\"/mnt/nfs/filestore\")\n .build())\n .build())\n .vpcAccess(ServiceTemplateVpcAccessArgs.builder()\n .networkInterfaces(ServiceTemplateVpcAccessNetworkInterfaceArgs.builder()\n .network(\"default\")\n .subnetwork(\"default\")\n .build())\n .build())\n .volumes(ServiceTemplateVolumeArgs.builder()\n .name(\"nfs\")\n .nfs(ServiceTemplateVolumeNfsArgs.builder()\n .server(defaultInstance.networks().applyValue(networks -\u003e networks[0].ipAddresses()[0]))\n .path(\"/share1\")\n .readOnly(false)\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Service\n properties:\n name: cloudrun-service\n location: us-central1\n deletionProtection: false\n ingress: INGRESS_TRAFFIC_ALL\n template:\n executionEnvironment: EXECUTION_ENVIRONMENT_GEN2\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/hello:latest\n volumeMounts:\n - name: nfs\n mountPath: /mnt/nfs/filestore\n vpcAccess:\n networkInterfaces:\n - network: default\n subnetwork: default\n volumes:\n - name: nfs\n nfs:\n server: ${defaultInstance.networks[0].ipAddresses[0]}\n path: /share1\n readOnly: false\n defaultInstance:\n type: gcp:filestore:Instance\n name: default\n properties:\n name: cloudrun-service\n location: us-central1-b\n tier: BASIC_HDD\n fileShares:\n capacityGb: 1024\n name: share1\n networks:\n - network: default\n modes:\n - MODE_IPV4\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Service Mesh\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst mesh = new gcp.networkservices.Mesh(\"mesh\", {name: \"network-services-mesh\"});\nconst waitForMesh = new time.index.Sleep(\"wait_for_mesh\", {createDuration: \"1m\"}, {\n dependsOn: [mesh],\n});\nconst _default = new gcp.cloudrunv2.Service(\"default\", {\n name: \"cloudrun-service\",\n deletionProtection: false,\n location: \"us-central1\",\n launchStage: \"BETA\",\n template: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n serviceMesh: {\n mesh: mesh.id,\n },\n },\n}, {\n dependsOn: [waitForMesh],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\nmesh = gcp.networkservices.Mesh(\"mesh\", name=\"network-services-mesh\")\nwait_for_mesh = time.index.Sleep(\"wait_for_mesh\", create_duration=1m,\nopts = pulumi.ResourceOptions(depends_on=[mesh]))\ndefault = gcp.cloudrunv2.Service(\"default\",\n name=\"cloudrun-service\",\n deletion_protection=False,\n location=\"us-central1\",\n launch_stage=\"BETA\",\n template={\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n \"service_mesh\": {\n \"mesh\": mesh.id,\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[wait_for_mesh]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var mesh = new Gcp.NetworkServices.Mesh(\"mesh\", new()\n {\n Name = \"network-services-mesh\",\n });\n\n var waitForMesh = new Time.Index.Sleep(\"wait_for_mesh\", new()\n {\n CreateDuration = \"1m\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n mesh,\n },\n });\n\n var @default = new Gcp.CloudRunV2.Service(\"default\", new()\n {\n Name = \"cloudrun-service\",\n DeletionProtection = false,\n Location = \"us-central1\",\n LaunchStage = \"BETA\",\n Template = new Gcp.CloudRunV2.Inputs.ServiceTemplateArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n },\n },\n ServiceMesh = new Gcp.CloudRunV2.Inputs.ServiceTemplateServiceMeshArgs\n {\n Mesh = mesh.Id,\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n waitForMesh,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkservices\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmesh, err := networkservices.NewMesh(ctx, \"mesh\", \u0026networkservices.MeshArgs{\n\t\t\tName: pulumi.String(\"network-services-mesh\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twaitForMesh, err := time.NewSleep(ctx, \"wait_for_mesh\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"1m\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tmesh,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewService(ctx, \"default\", \u0026cloudrunv2.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-service\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tLaunchStage: pulumi.String(\"BETA\"),\n\t\t\tTemplate: \u0026cloudrunv2.ServiceTemplateArgs{\n\t\t\t\tContainers: cloudrunv2.ServiceTemplateContainerArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerArgs{\n\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tServiceMesh: \u0026cloudrunv2.ServiceTemplateServiceMeshArgs{\n\t\t\t\t\tMesh: mesh.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twaitForMesh,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.networkservices.Mesh;\nimport com.pulumi.gcp.networkservices.MeshArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.cloudrunv2.Service;\nimport com.pulumi.gcp.cloudrunv2.ServiceArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateServiceMeshArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var mesh = new Mesh(\"mesh\", MeshArgs.builder()\n .name(\"network-services-mesh\")\n .build());\n\n var waitForMesh = new Sleep(\"waitForMesh\", SleepArgs.builder()\n .createDuration(\"1m\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(mesh)\n .build());\n\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-service\")\n .deletionProtection(false)\n .location(\"us-central1\")\n .launchStage(\"BETA\")\n .template(ServiceTemplateArgs.builder()\n .containers(ServiceTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .build())\n .serviceMesh(ServiceTemplateServiceMeshArgs.builder()\n .mesh(mesh.id())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(waitForMesh)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Service\n properties:\n name: cloudrun-service\n deletionProtection: false\n location: us-central1\n launchStage: BETA\n template:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/hello\n serviceMesh:\n mesh: ${mesh.id}\n options:\n dependson:\n - ${waitForMesh}\n waitForMesh:\n type: time:sleep\n name: wait_for_mesh\n properties:\n createDuration: 1m\n options:\n dependson:\n - ${mesh}\n mesh:\n type: gcp:networkservices:Mesh\n properties:\n name: network-services-mesh\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Service Invokeriam\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrunv2.Service(\"default\", {\n name: \"cloudrun-service\",\n location: \"us-central1\",\n deletionProtection: false,\n invokerIamDisabled: true,\n description: \"The serving URL of this service will not perform any IAM check when invoked\",\n ingress: \"INGRESS_TRAFFIC_ALL\",\n template: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrunv2.Service(\"default\",\n name=\"cloudrun-service\",\n location=\"us-central1\",\n deletion_protection=False,\n invoker_iam_disabled=True,\n description=\"The serving URL of this service will not perform any IAM check when invoked\",\n ingress=\"INGRESS_TRAFFIC_ALL\",\n template={\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRunV2.Service(\"default\", new()\n {\n Name = \"cloudrun-service\",\n Location = \"us-central1\",\n DeletionProtection = false,\n InvokerIamDisabled = true,\n Description = \"The serving URL of this service will not perform any IAM check when invoked\",\n Ingress = \"INGRESS_TRAFFIC_ALL\",\n Template = new Gcp.CloudRunV2.Inputs.ServiceTemplateArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewService(ctx, \"default\", \u0026cloudrunv2.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-service\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tInvokerIamDisabled: pulumi.Bool(true),\n\t\t\tDescription: pulumi.String(\"The serving URL of this service will not perform any IAM check when invoked\"),\n\t\t\tIngress: pulumi.String(\"INGRESS_TRAFFIC_ALL\"),\n\t\t\tTemplate: \u0026cloudrunv2.ServiceTemplateArgs{\n\t\t\t\tContainers: cloudrunv2.ServiceTemplateContainerArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerArgs{\n\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.Service;\nimport com.pulumi.gcp.cloudrunv2.ServiceArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-service\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .invokerIamDisabled(true)\n .description(\"The serving URL of this service will not perform any IAM check when invoked\")\n .ingress(\"INGRESS_TRAFFIC_ALL\")\n .template(ServiceTemplateArgs.builder()\n .containers(ServiceTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Service\n properties:\n name: cloudrun-service\n location: us-central1\n deletionProtection: false\n invokerIamDisabled: true\n description: The serving URL of this service will not perform any IAM check when invoked\n ingress: INGRESS_TRAFFIC_ALL\n template:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/hello\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nService can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/services/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Service can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:cloudrunv2/service:Service default projects/{{project}}/locations/{{location}}/services/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudrunv2/service:Service default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudrunv2/service:Service default {{location}}/{{name}}\n```\n\n", + "description": "Service acts as a top-level container that manages a set of configurations and revision templates which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership.\n\n\nTo get more information about Service, see:\n\n* [API documentation](https://cloud.google.com/run/docs/reference/rest/v2/projects.locations.services)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/run/docs/)\n\n## Example Usage\n\n### Cloudrunv2 Service Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrunv2.Service(\"default\", {\n name: \"cloudrun-service\",\n location: \"us-central1\",\n deletionProtection: false,\n ingress: \"INGRESS_TRAFFIC_ALL\",\n template: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrunv2.Service(\"default\",\n name=\"cloudrun-service\",\n location=\"us-central1\",\n deletion_protection=False,\n ingress=\"INGRESS_TRAFFIC_ALL\",\n template={\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRunV2.Service(\"default\", new()\n {\n Name = \"cloudrun-service\",\n Location = \"us-central1\",\n DeletionProtection = false,\n Ingress = \"INGRESS_TRAFFIC_ALL\",\n Template = new Gcp.CloudRunV2.Inputs.ServiceTemplateArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewService(ctx, \"default\", \u0026cloudrunv2.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-service\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tIngress: pulumi.String(\"INGRESS_TRAFFIC_ALL\"),\n\t\t\tTemplate: \u0026cloudrunv2.ServiceTemplateArgs{\n\t\t\t\tContainers: cloudrunv2.ServiceTemplateContainerArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerArgs{\n\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.Service;\nimport com.pulumi.gcp.cloudrunv2.ServiceArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-service\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .ingress(\"INGRESS_TRAFFIC_ALL\")\n .template(ServiceTemplateArgs.builder()\n .containers(ServiceTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Service\n properties:\n name: cloudrun-service\n location: us-central1\n deletionProtection: false\n ingress: INGRESS_TRAFFIC_ALL\n template:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/hello\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Service Limits\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrunv2.Service(\"default\", {\n name: \"cloudrun-service\",\n location: \"us-central1\",\n deletionProtection: false,\n ingress: \"INGRESS_TRAFFIC_ALL\",\n template: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n resources: {\n limits: {\n cpu: \"2\",\n memory: \"1024Mi\",\n },\n },\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrunv2.Service(\"default\",\n name=\"cloudrun-service\",\n location=\"us-central1\",\n deletion_protection=False,\n ingress=\"INGRESS_TRAFFIC_ALL\",\n template={\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n \"resources\": {\n \"limits\": {\n \"cpu\": \"2\",\n \"memory\": \"1024Mi\",\n },\n },\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRunV2.Service(\"default\", new()\n {\n Name = \"cloudrun-service\",\n Location = \"us-central1\",\n DeletionProtection = false,\n Ingress = \"INGRESS_TRAFFIC_ALL\",\n Template = new Gcp.CloudRunV2.Inputs.ServiceTemplateArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n Resources = new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerResourcesArgs\n {\n Limits = \n {\n { \"cpu\", \"2\" },\n { \"memory\", \"1024Mi\" },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewService(ctx, \"default\", \u0026cloudrunv2.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-service\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tIngress: pulumi.String(\"INGRESS_TRAFFIC_ALL\"),\n\t\t\tTemplate: \u0026cloudrunv2.ServiceTemplateArgs{\n\t\t\t\tContainers: cloudrunv2.ServiceTemplateContainerArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerArgs{\n\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t\tResources: \u0026cloudrunv2.ServiceTemplateContainerResourcesArgs{\n\t\t\t\t\t\t\tLimits: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"cpu\": pulumi.String(\"2\"),\n\t\t\t\t\t\t\t\t\"memory\": pulumi.String(\"1024Mi\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.Service;\nimport com.pulumi.gcp.cloudrunv2.ServiceArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-service\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .ingress(\"INGRESS_TRAFFIC_ALL\")\n .template(ServiceTemplateArgs.builder()\n .containers(ServiceTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .resources(ServiceTemplateContainerResourcesArgs.builder()\n .limits(Map.ofEntries(\n Map.entry(\"cpu\", \"2\"),\n Map.entry(\"memory\", \"1024Mi\")\n ))\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Service\n properties:\n name: cloudrun-service\n location: us-central1\n deletionProtection: false\n ingress: INGRESS_TRAFFIC_ALL\n template:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/hello\n resources:\n limits:\n cpu: '2'\n memory: 1024Mi\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Service Sql\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secret = new gcp.secretmanager.Secret(\"secret\", {\n secretId: \"secret-1\",\n replication: {\n auto: {},\n },\n});\nconst secret_version_data = new gcp.secretmanager.SecretVersion(\"secret-version-data\", {\n secret: secret.name,\n secretData: \"secret-data\",\n});\nconst instance = new gcp.sql.DatabaseInstance(\"instance\", {\n name: \"cloudrun-sql\",\n region: \"us-central1\",\n databaseVersion: \"MYSQL_5_7\",\n settings: {\n tier: \"db-f1-micro\",\n },\n deletionProtection: true,\n});\nconst _default = new gcp.cloudrunv2.Service(\"default\", {\n name: \"cloudrun-service\",\n location: \"us-central1\",\n deletionProtection: false,\n ingress: \"INGRESS_TRAFFIC_ALL\",\n template: {\n scaling: {\n maxInstanceCount: 2,\n },\n volumes: [{\n name: \"cloudsql\",\n cloudSqlInstance: {\n instances: [instance.connectionName],\n },\n }],\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n envs: [\n {\n name: \"FOO\",\n value: \"bar\",\n },\n {\n name: \"SECRET_ENV_VAR\",\n valueSource: {\n secretKeyRef: {\n secret: secret.secretId,\n version: \"1\",\n },\n },\n },\n ],\n volumeMounts: [{\n name: \"cloudsql\",\n mountPath: \"/cloudsql\",\n }],\n }],\n },\n traffics: [{\n type: \"TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST\",\n percent: 100,\n }],\n}, {\n dependsOn: [secret_version_data],\n});\nconst project = gcp.organizations.getProject({});\nconst secret_access = new gcp.secretmanager.SecretIamMember(\"secret-access\", {\n secretId: secret.id,\n role: \"roles/secretmanager.secretAccessor\",\n member: project.then(project =\u003e `serviceAccount:${project.number}-compute@developer.gserviceaccount.com`),\n}, {\n dependsOn: [secret],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret = gcp.secretmanager.Secret(\"secret\",\n secret_id=\"secret-1\",\n replication={\n \"auto\": {},\n })\nsecret_version_data = gcp.secretmanager.SecretVersion(\"secret-version-data\",\n secret=secret.name,\n secret_data=\"secret-data\")\ninstance = gcp.sql.DatabaseInstance(\"instance\",\n name=\"cloudrun-sql\",\n region=\"us-central1\",\n database_version=\"MYSQL_5_7\",\n settings={\n \"tier\": \"db-f1-micro\",\n },\n deletion_protection=True)\ndefault = gcp.cloudrunv2.Service(\"default\",\n name=\"cloudrun-service\",\n location=\"us-central1\",\n deletion_protection=False,\n ingress=\"INGRESS_TRAFFIC_ALL\",\n template={\n \"scaling\": {\n \"max_instance_count\": 2,\n },\n \"volumes\": [{\n \"name\": \"cloudsql\",\n \"cloud_sql_instance\": {\n \"instances\": [instance.connection_name],\n },\n }],\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n \"envs\": [\n {\n \"name\": \"FOO\",\n \"value\": \"bar\",\n },\n {\n \"name\": \"SECRET_ENV_VAR\",\n \"value_source\": {\n \"secret_key_ref\": {\n \"secret\": secret.secret_id,\n \"version\": \"1\",\n },\n },\n },\n ],\n \"volume_mounts\": [{\n \"name\": \"cloudsql\",\n \"mount_path\": \"/cloudsql\",\n }],\n }],\n },\n traffics=[{\n \"type\": \"TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST\",\n \"percent\": 100,\n }],\n opts = pulumi.ResourceOptions(depends_on=[secret_version_data]))\nproject = gcp.organizations.get_project()\nsecret_access = gcp.secretmanager.SecretIamMember(\"secret-access\",\n secret_id=secret.id,\n role=\"roles/secretmanager.secretAccessor\",\n member=f\"serviceAccount:{project.number}-compute@developer.gserviceaccount.com\",\n opts = pulumi.ResourceOptions(depends_on=[secret]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret = new Gcp.SecretManager.Secret(\"secret\", new()\n {\n SecretId = \"secret-1\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var secret_version_data = new Gcp.SecretManager.SecretVersion(\"secret-version-data\", new()\n {\n Secret = secret.Name,\n SecretData = \"secret-data\",\n });\n\n var instance = new Gcp.Sql.DatabaseInstance(\"instance\", new()\n {\n Name = \"cloudrun-sql\",\n Region = \"us-central1\",\n DatabaseVersion = \"MYSQL_5_7\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n },\n DeletionProtection = true,\n });\n\n var @default = new Gcp.CloudRunV2.Service(\"default\", new()\n {\n Name = \"cloudrun-service\",\n Location = \"us-central1\",\n DeletionProtection = false,\n Ingress = \"INGRESS_TRAFFIC_ALL\",\n Template = new Gcp.CloudRunV2.Inputs.ServiceTemplateArgs\n {\n Scaling = new Gcp.CloudRunV2.Inputs.ServiceTemplateScalingArgs\n {\n MaxInstanceCount = 2,\n },\n Volumes = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateVolumeArgs\n {\n Name = \"cloudsql\",\n CloudSqlInstance = new Gcp.CloudRunV2.Inputs.ServiceTemplateVolumeCloudSqlInstanceArgs\n {\n Instances = new[]\n {\n instance.ConnectionName,\n },\n },\n },\n },\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n Envs = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerEnvArgs\n {\n Name = \"FOO\",\n Value = \"bar\",\n },\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerEnvArgs\n {\n Name = \"SECRET_ENV_VAR\",\n ValueSource = new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerEnvValueSourceArgs\n {\n SecretKeyRef = new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerEnvValueSourceSecretKeyRefArgs\n {\n Secret = secret.SecretId,\n Version = \"1\",\n },\n },\n },\n },\n VolumeMounts = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerVolumeMountArgs\n {\n Name = \"cloudsql\",\n MountPath = \"/cloudsql\",\n },\n },\n },\n },\n },\n Traffics = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTrafficArgs\n {\n Type = \"TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST\",\n Percent = 100,\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n secret_version_data,\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var secret_access = new Gcp.SecretManager.SecretIamMember(\"secret-access\", new()\n {\n SecretId = secret.Id,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = $\"serviceAccount:{project.Apply(getProjectResult =\u003e getProjectResult.Number)}-compute@developer.gserviceaccount.com\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n secret,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsecret, err := secretmanager.NewSecret(ctx, \"secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret-1\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"secret-version-data\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: secret.Name,\n\t\t\tSecretData: pulumi.String(\"secret-data\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstance, err := sql.NewDatabaseInstance(ctx, \"instance\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-sql\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_5_7\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewService(ctx, \"default\", \u0026cloudrunv2.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-service\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tIngress: pulumi.String(\"INGRESS_TRAFFIC_ALL\"),\n\t\t\tTemplate: \u0026cloudrunv2.ServiceTemplateArgs{\n\t\t\t\tScaling: \u0026cloudrunv2.ServiceTemplateScalingArgs{\n\t\t\t\t\tMaxInstanceCount: pulumi.Int(2),\n\t\t\t\t},\n\t\t\t\tVolumes: cloudrunv2.ServiceTemplateVolumeArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateVolumeArgs{\n\t\t\t\t\t\tName: pulumi.String(\"cloudsql\"),\n\t\t\t\t\t\tCloudSqlInstance: \u0026cloudrunv2.ServiceTemplateVolumeCloudSqlInstanceArgs{\n\t\t\t\t\t\t\tInstances: pulumi.StringArray{\n\t\t\t\t\t\t\t\tinstance.ConnectionName,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tContainers: cloudrunv2.ServiceTemplateContainerArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerArgs{\n\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t\tEnvs: cloudrunv2.ServiceTemplateContainerEnvArray{\n\t\t\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerEnvArgs{\n\t\t\t\t\t\t\t\tName: pulumi.String(\"FOO\"),\n\t\t\t\t\t\t\t\tValue: pulumi.String(\"bar\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerEnvArgs{\n\t\t\t\t\t\t\t\tName: pulumi.String(\"SECRET_ENV_VAR\"),\n\t\t\t\t\t\t\t\tValueSource: \u0026cloudrunv2.ServiceTemplateContainerEnvValueSourceArgs{\n\t\t\t\t\t\t\t\t\tSecretKeyRef: \u0026cloudrunv2.ServiceTemplateContainerEnvValueSourceSecretKeyRefArgs{\n\t\t\t\t\t\t\t\t\t\tSecret: secret.SecretId,\n\t\t\t\t\t\t\t\t\t\tVersion: pulumi.String(\"1\"),\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tVolumeMounts: cloudrunv2.ServiceTemplateContainerVolumeMountArray{\n\t\t\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerVolumeMountArgs{\n\t\t\t\t\t\t\t\tName: pulumi.String(\"cloudsql\"),\n\t\t\t\t\t\t\t\tMountPath: pulumi.String(\"/cloudsql\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTraffics: cloudrunv2.ServiceTrafficArray{\n\t\t\t\t\u0026cloudrunv2.ServiceTrafficArgs{\n\t\t\t\t\tType: pulumi.String(\"TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST\"),\n\t\t\t\t\tPercent: pulumi.Int(100),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsecret_version_data,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamMember(ctx, \"secret-access\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tSecretId: secret.ID(),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v-compute@developer.gserviceaccount.com\", project.Number),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsecret,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.cloudrunv2.Service;\nimport com.pulumi.gcp.cloudrunv2.ServiceArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateScalingArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTrafficArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret = new Secret(\"secret\", SecretArgs.builder()\n .secretId(\"secret-1\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var secret_version_data = new SecretVersion(\"secret-version-data\", SecretVersionArgs.builder()\n .secret(secret.name())\n .secretData(\"secret-data\")\n .build());\n\n var instance = new DatabaseInstance(\"instance\", DatabaseInstanceArgs.builder()\n .name(\"cloudrun-sql\")\n .region(\"us-central1\")\n .databaseVersion(\"MYSQL_5_7\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .build())\n .deletionProtection(true)\n .build());\n\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-service\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .ingress(\"INGRESS_TRAFFIC_ALL\")\n .template(ServiceTemplateArgs.builder()\n .scaling(ServiceTemplateScalingArgs.builder()\n .maxInstanceCount(2)\n .build())\n .volumes(ServiceTemplateVolumeArgs.builder()\n .name(\"cloudsql\")\n .cloudSqlInstance(ServiceTemplateVolumeCloudSqlInstanceArgs.builder()\n .instances(instance.connectionName())\n .build())\n .build())\n .containers(ServiceTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .envs( \n ServiceTemplateContainerEnvArgs.builder()\n .name(\"FOO\")\n .value(\"bar\")\n .build(),\n ServiceTemplateContainerEnvArgs.builder()\n .name(\"SECRET_ENV_VAR\")\n .valueSource(ServiceTemplateContainerEnvValueSourceArgs.builder()\n .secretKeyRef(ServiceTemplateContainerEnvValueSourceSecretKeyRefArgs.builder()\n .secret(secret.secretId())\n .version(\"1\")\n .build())\n .build())\n .build())\n .volumeMounts(ServiceTemplateContainerVolumeMountArgs.builder()\n .name(\"cloudsql\")\n .mountPath(\"/cloudsql\")\n .build())\n .build())\n .build())\n .traffics(ServiceTrafficArgs.builder()\n .type(\"TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST\")\n .percent(100)\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(secret_version_data)\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var secret_access = new SecretIamMember(\"secret-access\", SecretIamMemberArgs.builder()\n .secretId(secret.id())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(String.format(\"serviceAccount:%s-compute@developer.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build(), CustomResourceOptions.builder()\n .dependsOn(secret)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Service\n properties:\n name: cloudrun-service\n location: us-central1\n deletionProtection: false\n ingress: INGRESS_TRAFFIC_ALL\n template:\n scaling:\n maxInstanceCount: 2\n volumes:\n - name: cloudsql\n cloudSqlInstance:\n instances:\n - ${instance.connectionName}\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/hello\n envs:\n - name: FOO\n value: bar\n - name: SECRET_ENV_VAR\n valueSource:\n secretKeyRef:\n secret: ${secret.secretId}\n version: '1'\n volumeMounts:\n - name: cloudsql\n mountPath: /cloudsql\n traffics:\n - type: TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST\n percent: 100\n options:\n dependsOn:\n - ${[\"secret-version-data\"]}\n secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: secret-1\n replication:\n auto: {}\n secret-version-data:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${secret.name}\n secretData: secret-data\n secret-access:\n type: gcp:secretmanager:SecretIamMember\n properties:\n secretId: ${secret.id}\n role: roles/secretmanager.secretAccessor\n member: serviceAccount:${project.number}-compute@developer.gserviceaccount.com\n options:\n dependsOn:\n - ${secret}\n instance:\n type: gcp:sql:DatabaseInstance\n properties:\n name: cloudrun-sql\n region: us-central1\n databaseVersion: MYSQL_5_7\n settings:\n tier: db-f1-micro\n deletionProtection: true\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Service Vpcaccess\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst customTestNetwork = new gcp.compute.Network(\"custom_test\", {\n name: \"run-network\",\n autoCreateSubnetworks: false,\n});\nconst customTest = new gcp.compute.Subnetwork(\"custom_test\", {\n name: \"run-subnetwork\",\n ipCidrRange: \"10.2.0.0/28\",\n region: \"us-central1\",\n network: customTestNetwork.id,\n});\nconst connector = new gcp.vpcaccess.Connector(\"connector\", {\n name: \"run-vpc\",\n subnet: {\n name: customTest.name,\n },\n machineType: \"e2-standard-4\",\n minInstances: 2,\n maxInstances: 3,\n region: \"us-central1\",\n});\nconst _default = new gcp.cloudrunv2.Service(\"default\", {\n name: \"cloudrun-service\",\n location: \"us-central1\",\n deletionProtection: false,\n template: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n vpcAccess: {\n connector: connector.id,\n egress: \"ALL_TRAFFIC\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncustom_test_network = gcp.compute.Network(\"custom_test\",\n name=\"run-network\",\n auto_create_subnetworks=False)\ncustom_test = gcp.compute.Subnetwork(\"custom_test\",\n name=\"run-subnetwork\",\n ip_cidr_range=\"10.2.0.0/28\",\n region=\"us-central1\",\n network=custom_test_network.id)\nconnector = gcp.vpcaccess.Connector(\"connector\",\n name=\"run-vpc\",\n subnet={\n \"name\": custom_test.name,\n },\n machine_type=\"e2-standard-4\",\n min_instances=2,\n max_instances=3,\n region=\"us-central1\")\ndefault = gcp.cloudrunv2.Service(\"default\",\n name=\"cloudrun-service\",\n location=\"us-central1\",\n deletion_protection=False,\n template={\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n \"vpc_access\": {\n \"connector\": connector.id,\n \"egress\": \"ALL_TRAFFIC\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var customTestNetwork = new Gcp.Compute.Network(\"custom_test\", new()\n {\n Name = \"run-network\",\n AutoCreateSubnetworks = false,\n });\n\n var customTest = new Gcp.Compute.Subnetwork(\"custom_test\", new()\n {\n Name = \"run-subnetwork\",\n IpCidrRange = \"10.2.0.0/28\",\n Region = \"us-central1\",\n Network = customTestNetwork.Id,\n });\n\n var connector = new Gcp.VpcAccess.Connector(\"connector\", new()\n {\n Name = \"run-vpc\",\n Subnet = new Gcp.VpcAccess.Inputs.ConnectorSubnetArgs\n {\n Name = customTest.Name,\n },\n MachineType = \"e2-standard-4\",\n MinInstances = 2,\n MaxInstances = 3,\n Region = \"us-central1\",\n });\n\n var @default = new Gcp.CloudRunV2.Service(\"default\", new()\n {\n Name = \"cloudrun-service\",\n Location = \"us-central1\",\n DeletionProtection = false,\n Template = new Gcp.CloudRunV2.Inputs.ServiceTemplateArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n },\n },\n VpcAccess = new Gcp.CloudRunV2.Inputs.ServiceTemplateVpcAccessArgs\n {\n Connector = connector.Id,\n Egress = \"ALL_TRAFFIC\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vpcaccess\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcustomTestNetwork, err := compute.NewNetwork(ctx, \"custom_test\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"run-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcustomTest, err := compute.NewSubnetwork(ctx, \"custom_test\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"run-subnetwork\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.2.0.0/28\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: customTestNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tconnector, err := vpcaccess.NewConnector(ctx, \"connector\", \u0026vpcaccess.ConnectorArgs{\n\t\t\tName: pulumi.String(\"run-vpc\"),\n\t\t\tSubnet: \u0026vpcaccess.ConnectorSubnetArgs{\n\t\t\t\tName: customTest.Name,\n\t\t\t},\n\t\t\tMachineType: pulumi.String(\"e2-standard-4\"),\n\t\t\tMinInstances: pulumi.Int(2),\n\t\t\tMaxInstances: pulumi.Int(3),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewService(ctx, \"default\", \u0026cloudrunv2.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-service\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tTemplate: \u0026cloudrunv2.ServiceTemplateArgs{\n\t\t\t\tContainers: cloudrunv2.ServiceTemplateContainerArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerArgs{\n\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tVpcAccess: \u0026cloudrunv2.ServiceTemplateVpcAccessArgs{\n\t\t\t\t\tConnector: connector.ID(),\n\t\t\t\t\tEgress: pulumi.String(\"ALL_TRAFFIC\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.vpcaccess.Connector;\nimport com.pulumi.gcp.vpcaccess.ConnectorArgs;\nimport com.pulumi.gcp.vpcaccess.inputs.ConnectorSubnetArgs;\nimport com.pulumi.gcp.cloudrunv2.Service;\nimport com.pulumi.gcp.cloudrunv2.ServiceArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateVpcAccessArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var customTestNetwork = new Network(\"customTestNetwork\", NetworkArgs.builder()\n .name(\"run-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var customTest = new Subnetwork(\"customTest\", SubnetworkArgs.builder()\n .name(\"run-subnetwork\")\n .ipCidrRange(\"10.2.0.0/28\")\n .region(\"us-central1\")\n .network(customTestNetwork.id())\n .build());\n\n var connector = new Connector(\"connector\", ConnectorArgs.builder()\n .name(\"run-vpc\")\n .subnet(ConnectorSubnetArgs.builder()\n .name(customTest.name())\n .build())\n .machineType(\"e2-standard-4\")\n .minInstances(2)\n .maxInstances(3)\n .region(\"us-central1\")\n .build());\n\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-service\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .template(ServiceTemplateArgs.builder()\n .containers(ServiceTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .build())\n .vpcAccess(ServiceTemplateVpcAccessArgs.builder()\n .connector(connector.id())\n .egress(\"ALL_TRAFFIC\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Service\n properties:\n name: cloudrun-service\n location: us-central1\n deletionProtection: false\n template:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/hello\n vpcAccess:\n connector: ${connector.id}\n egress: ALL_TRAFFIC\n connector:\n type: gcp:vpcaccess:Connector\n properties:\n name: run-vpc\n subnet:\n name: ${customTest.name}\n machineType: e2-standard-4\n minInstances: 2\n maxInstances: 3\n region: us-central1\n customTest:\n type: gcp:compute:Subnetwork\n name: custom_test\n properties:\n name: run-subnetwork\n ipCidrRange: 10.2.0.0/28\n region: us-central1\n network: ${customTestNetwork.id}\n customTestNetwork:\n type: gcp:compute:Network\n name: custom_test\n properties:\n name: run-network\n autoCreateSubnetworks: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Service Directvpc\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrunv2.Service(\"default\", {\n name: \"cloudrun-service\",\n location: \"us-central1\",\n deletionProtection: false,\n launchStage: \"GA\",\n template: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n vpcAccess: {\n networkInterfaces: [{\n network: \"default\",\n subnetwork: \"default\",\n tags: [\n \"tag1\",\n \"tag2\",\n \"tag3\",\n ],\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrunv2.Service(\"default\",\n name=\"cloudrun-service\",\n location=\"us-central1\",\n deletion_protection=False,\n launch_stage=\"GA\",\n template={\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n \"vpc_access\": {\n \"network_interfaces\": [{\n \"network\": \"default\",\n \"subnetwork\": \"default\",\n \"tags\": [\n \"tag1\",\n \"tag2\",\n \"tag3\",\n ],\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRunV2.Service(\"default\", new()\n {\n Name = \"cloudrun-service\",\n Location = \"us-central1\",\n DeletionProtection = false,\n LaunchStage = \"GA\",\n Template = new Gcp.CloudRunV2.Inputs.ServiceTemplateArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n },\n },\n VpcAccess = new Gcp.CloudRunV2.Inputs.ServiceTemplateVpcAccessArgs\n {\n NetworkInterfaces = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateVpcAccessNetworkInterfaceArgs\n {\n Network = \"default\",\n Subnetwork = \"default\",\n Tags = new[]\n {\n \"tag1\",\n \"tag2\",\n \"tag3\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewService(ctx, \"default\", \u0026cloudrunv2.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-service\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tLaunchStage: pulumi.String(\"GA\"),\n\t\t\tTemplate: \u0026cloudrunv2.ServiceTemplateArgs{\n\t\t\t\tContainers: cloudrunv2.ServiceTemplateContainerArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerArgs{\n\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tVpcAccess: \u0026cloudrunv2.ServiceTemplateVpcAccessArgs{\n\t\t\t\t\tNetworkInterfaces: cloudrunv2.ServiceTemplateVpcAccessNetworkInterfaceArray{\n\t\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateVpcAccessNetworkInterfaceArgs{\n\t\t\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t\t\t\tSubnetwork: pulumi.String(\"default\"),\n\t\t\t\t\t\t\tTags: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"tag1\"),\n\t\t\t\t\t\t\t\tpulumi.String(\"tag2\"),\n\t\t\t\t\t\t\t\tpulumi.String(\"tag3\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.Service;\nimport com.pulumi.gcp.cloudrunv2.ServiceArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateVpcAccessArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-service\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .launchStage(\"GA\")\n .template(ServiceTemplateArgs.builder()\n .containers(ServiceTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .build())\n .vpcAccess(ServiceTemplateVpcAccessArgs.builder()\n .networkInterfaces(ServiceTemplateVpcAccessNetworkInterfaceArgs.builder()\n .network(\"default\")\n .subnetwork(\"default\")\n .tags( \n \"tag1\",\n \"tag2\",\n \"tag3\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Service\n properties:\n name: cloudrun-service\n location: us-central1\n deletionProtection: false\n launchStage: GA\n template:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/hello\n vpcAccess:\n networkInterfaces:\n - network: default\n subnetwork: default\n tags:\n - tag1\n - tag2\n - tag3\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Service Gpu\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrunv2.Service(\"default\", {\n name: \"cloudrun-service\",\n location: \"us-central1\",\n deletionProtection: false,\n ingress: \"INGRESS_TRAFFIC_ALL\",\n launchStage: \"BETA\",\n template: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n resources: {\n limits: {\n cpu: \"4\",\n memory: \"16Gi\",\n \"nvidia.com/gpu\": \"1\",\n },\n startupCpuBoost: true,\n },\n }],\n nodeSelector: {\n accelerator: \"nvidia-l4\",\n },\n scaling: {\n maxInstanceCount: 1,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrunv2.Service(\"default\",\n name=\"cloudrun-service\",\n location=\"us-central1\",\n deletion_protection=False,\n ingress=\"INGRESS_TRAFFIC_ALL\",\n launch_stage=\"BETA\",\n template={\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n \"resources\": {\n \"limits\": {\n \"cpu\": \"4\",\n \"memory\": \"16Gi\",\n \"nvidia.com/gpu\": \"1\",\n },\n \"startup_cpu_boost\": True,\n },\n }],\n \"node_selector\": {\n \"accelerator\": \"nvidia-l4\",\n },\n \"scaling\": {\n \"max_instance_count\": 1,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRunV2.Service(\"default\", new()\n {\n Name = \"cloudrun-service\",\n Location = \"us-central1\",\n DeletionProtection = false,\n Ingress = \"INGRESS_TRAFFIC_ALL\",\n LaunchStage = \"BETA\",\n Template = new Gcp.CloudRunV2.Inputs.ServiceTemplateArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n Resources = new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerResourcesArgs\n {\n Limits = \n {\n { \"cpu\", \"4\" },\n { \"memory\", \"16Gi\" },\n { \"nvidia.com/gpu\", \"1\" },\n },\n StartupCpuBoost = true,\n },\n },\n },\n NodeSelector = new Gcp.CloudRunV2.Inputs.ServiceTemplateNodeSelectorArgs\n {\n Accelerator = \"nvidia-l4\",\n },\n Scaling = new Gcp.CloudRunV2.Inputs.ServiceTemplateScalingArgs\n {\n MaxInstanceCount = 1,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewService(ctx, \"default\", \u0026cloudrunv2.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-service\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tIngress: pulumi.String(\"INGRESS_TRAFFIC_ALL\"),\n\t\t\tLaunchStage: pulumi.String(\"BETA\"),\n\t\t\tTemplate: \u0026cloudrunv2.ServiceTemplateArgs{\n\t\t\t\tContainers: cloudrunv2.ServiceTemplateContainerArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerArgs{\n\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t\tResources: \u0026cloudrunv2.ServiceTemplateContainerResourcesArgs{\n\t\t\t\t\t\t\tLimits: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"cpu\": pulumi.String(\"4\"),\n\t\t\t\t\t\t\t\t\"memory\": pulumi.String(\"16Gi\"),\n\t\t\t\t\t\t\t\t\"nvidia.com/gpu\": pulumi.String(\"1\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tStartupCpuBoost: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tNodeSelector: \u0026cloudrunv2.ServiceTemplateNodeSelectorArgs{\n\t\t\t\t\tAccelerator: pulumi.String(\"nvidia-l4\"),\n\t\t\t\t},\n\t\t\t\tScaling: \u0026cloudrunv2.ServiceTemplateScalingArgs{\n\t\t\t\t\tMaxInstanceCount: pulumi.Int(1),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.Service;\nimport com.pulumi.gcp.cloudrunv2.ServiceArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateNodeSelectorArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateScalingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-service\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .ingress(\"INGRESS_TRAFFIC_ALL\")\n .launchStage(\"BETA\")\n .template(ServiceTemplateArgs.builder()\n .containers(ServiceTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .resources(ServiceTemplateContainerResourcesArgs.builder()\n .limits(Map.ofEntries(\n Map.entry(\"cpu\", \"4\"),\n Map.entry(\"memory\", \"16Gi\"),\n Map.entry(\"nvidia.com/gpu\", \"1\")\n ))\n .startupCpuBoost(true)\n .build())\n .build())\n .nodeSelector(ServiceTemplateNodeSelectorArgs.builder()\n .accelerator(\"nvidia-l4\")\n .build())\n .scaling(ServiceTemplateScalingArgs.builder()\n .maxInstanceCount(1)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Service\n properties:\n name: cloudrun-service\n location: us-central1\n deletionProtection: false\n ingress: INGRESS_TRAFFIC_ALL\n launchStage: BETA\n template:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/hello\n resources:\n limits:\n cpu: '4'\n memory: 16Gi\n nvidia.com/gpu: '1'\n startupCpuBoost: true\n nodeSelector:\n accelerator: nvidia-l4\n scaling:\n maxInstanceCount: 1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Service Probes\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrunv2.Service(\"default\", {\n name: \"cloudrun-service\",\n location: \"us-central1\",\n deletionProtection: false,\n template: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n startupProbe: {\n initialDelaySeconds: 0,\n timeoutSeconds: 1,\n periodSeconds: 3,\n failureThreshold: 1,\n tcpSocket: {\n port: 8080,\n },\n },\n livenessProbe: {\n httpGet: {\n path: \"/\",\n },\n },\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrunv2.Service(\"default\",\n name=\"cloudrun-service\",\n location=\"us-central1\",\n deletion_protection=False,\n template={\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n \"startup_probe\": {\n \"initial_delay_seconds\": 0,\n \"timeout_seconds\": 1,\n \"period_seconds\": 3,\n \"failure_threshold\": 1,\n \"tcp_socket\": {\n \"port\": 8080,\n },\n },\n \"liveness_probe\": {\n \"http_get\": {\n \"path\": \"/\",\n },\n },\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRunV2.Service(\"default\", new()\n {\n Name = \"cloudrun-service\",\n Location = \"us-central1\",\n DeletionProtection = false,\n Template = new Gcp.CloudRunV2.Inputs.ServiceTemplateArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n StartupProbe = new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerStartupProbeArgs\n {\n InitialDelaySeconds = 0,\n TimeoutSeconds = 1,\n PeriodSeconds = 3,\n FailureThreshold = 1,\n TcpSocket = new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerStartupProbeTcpSocketArgs\n {\n Port = 8080,\n },\n },\n LivenessProbe = new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerLivenessProbeArgs\n {\n HttpGet = new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerLivenessProbeHttpGetArgs\n {\n Path = \"/\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewService(ctx, \"default\", \u0026cloudrunv2.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-service\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tTemplate: \u0026cloudrunv2.ServiceTemplateArgs{\n\t\t\t\tContainers: cloudrunv2.ServiceTemplateContainerArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerArgs{\n\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t\tStartupProbe: \u0026cloudrunv2.ServiceTemplateContainerStartupProbeArgs{\n\t\t\t\t\t\t\tInitialDelaySeconds: pulumi.Int(0),\n\t\t\t\t\t\t\tTimeoutSeconds: pulumi.Int(1),\n\t\t\t\t\t\t\tPeriodSeconds: pulumi.Int(3),\n\t\t\t\t\t\t\tFailureThreshold: pulumi.Int(1),\n\t\t\t\t\t\t\tTcpSocket: \u0026cloudrunv2.ServiceTemplateContainerStartupProbeTcpSocketArgs{\n\t\t\t\t\t\t\t\tPort: pulumi.Int(8080),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tLivenessProbe: \u0026cloudrunv2.ServiceTemplateContainerLivenessProbeArgs{\n\t\t\t\t\t\t\tHttpGet: \u0026cloudrunv2.ServiceTemplateContainerLivenessProbeHttpGetArgs{\n\t\t\t\t\t\t\t\tPath: pulumi.String(\"/\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.Service;\nimport com.pulumi.gcp.cloudrunv2.ServiceArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-service\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .template(ServiceTemplateArgs.builder()\n .containers(ServiceTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .startupProbe(ServiceTemplateContainerStartupProbeArgs.builder()\n .initialDelaySeconds(0)\n .timeoutSeconds(1)\n .periodSeconds(3)\n .failureThreshold(1)\n .tcpSocket(ServiceTemplateContainerStartupProbeTcpSocketArgs.builder()\n .port(8080)\n .build())\n .build())\n .livenessProbe(ServiceTemplateContainerLivenessProbeArgs.builder()\n .httpGet(ServiceTemplateContainerLivenessProbeHttpGetArgs.builder()\n .path(\"/\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Service\n properties:\n name: cloudrun-service\n location: us-central1\n deletionProtection: false\n template:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/hello\n startupProbe:\n initialDelaySeconds: 0\n timeoutSeconds: 1\n periodSeconds: 3\n failureThreshold: 1\n tcpSocket:\n port: 8080\n livenessProbe:\n httpGet:\n path: /\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Service Secret\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secret = new gcp.secretmanager.Secret(\"secret\", {\n secretId: \"secret-1\",\n replication: {\n auto: {},\n },\n});\nconst secret_version_data = new gcp.secretmanager.SecretVersion(\"secret-version-data\", {\n secret: secret.name,\n secretData: \"secret-data\",\n});\nconst _default = new gcp.cloudrunv2.Service(\"default\", {\n name: \"cloudrun-service\",\n location: \"us-central1\",\n deletionProtection: false,\n ingress: \"INGRESS_TRAFFIC_ALL\",\n template: {\n volumes: [{\n name: \"a-volume\",\n secret: {\n secret: secret.secretId,\n defaultMode: 292,\n items: [{\n version: \"1\",\n path: \"my-secret\",\n }],\n },\n }],\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n volumeMounts: [{\n name: \"a-volume\",\n mountPath: \"/secrets\",\n }],\n }],\n },\n}, {\n dependsOn: [secret_version_data],\n});\nconst project = gcp.organizations.getProject({});\nconst secret_access = new gcp.secretmanager.SecretIamMember(\"secret-access\", {\n secretId: secret.id,\n role: \"roles/secretmanager.secretAccessor\",\n member: project.then(project =\u003e `serviceAccount:${project.number}-compute@developer.gserviceaccount.com`),\n}, {\n dependsOn: [secret],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret = gcp.secretmanager.Secret(\"secret\",\n secret_id=\"secret-1\",\n replication={\n \"auto\": {},\n })\nsecret_version_data = gcp.secretmanager.SecretVersion(\"secret-version-data\",\n secret=secret.name,\n secret_data=\"secret-data\")\ndefault = gcp.cloudrunv2.Service(\"default\",\n name=\"cloudrun-service\",\n location=\"us-central1\",\n deletion_protection=False,\n ingress=\"INGRESS_TRAFFIC_ALL\",\n template={\n \"volumes\": [{\n \"name\": \"a-volume\",\n \"secret\": {\n \"secret\": secret.secret_id,\n \"default_mode\": 292,\n \"items\": [{\n \"version\": \"1\",\n \"path\": \"my-secret\",\n }],\n },\n }],\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n \"volume_mounts\": [{\n \"name\": \"a-volume\",\n \"mount_path\": \"/secrets\",\n }],\n }],\n },\n opts = pulumi.ResourceOptions(depends_on=[secret_version_data]))\nproject = gcp.organizations.get_project()\nsecret_access = gcp.secretmanager.SecretIamMember(\"secret-access\",\n secret_id=secret.id,\n role=\"roles/secretmanager.secretAccessor\",\n member=f\"serviceAccount:{project.number}-compute@developer.gserviceaccount.com\",\n opts = pulumi.ResourceOptions(depends_on=[secret]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret = new Gcp.SecretManager.Secret(\"secret\", new()\n {\n SecretId = \"secret-1\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var secret_version_data = new Gcp.SecretManager.SecretVersion(\"secret-version-data\", new()\n {\n Secret = secret.Name,\n SecretData = \"secret-data\",\n });\n\n var @default = new Gcp.CloudRunV2.Service(\"default\", new()\n {\n Name = \"cloudrun-service\",\n Location = \"us-central1\",\n DeletionProtection = false,\n Ingress = \"INGRESS_TRAFFIC_ALL\",\n Template = new Gcp.CloudRunV2.Inputs.ServiceTemplateArgs\n {\n Volumes = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateVolumeArgs\n {\n Name = \"a-volume\",\n Secret = new Gcp.CloudRunV2.Inputs.ServiceTemplateVolumeSecretArgs\n {\n Secret = secret.SecretId,\n DefaultMode = 292,\n Items = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateVolumeSecretItemArgs\n {\n Version = \"1\",\n Path = \"my-secret\",\n },\n },\n },\n },\n },\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n VolumeMounts = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerVolumeMountArgs\n {\n Name = \"a-volume\",\n MountPath = \"/secrets\",\n },\n },\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n secret_version_data,\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var secret_access = new Gcp.SecretManager.SecretIamMember(\"secret-access\", new()\n {\n SecretId = secret.Id,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = $\"serviceAccount:{project.Apply(getProjectResult =\u003e getProjectResult.Number)}-compute@developer.gserviceaccount.com\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n secret,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsecret, err := secretmanager.NewSecret(ctx, \"secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret-1\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"secret-version-data\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: secret.Name,\n\t\t\tSecretData: pulumi.String(\"secret-data\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewService(ctx, \"default\", \u0026cloudrunv2.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-service\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tIngress: pulumi.String(\"INGRESS_TRAFFIC_ALL\"),\n\t\t\tTemplate: \u0026cloudrunv2.ServiceTemplateArgs{\n\t\t\t\tVolumes: cloudrunv2.ServiceTemplateVolumeArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateVolumeArgs{\n\t\t\t\t\t\tName: pulumi.String(\"a-volume\"),\n\t\t\t\t\t\tSecret: \u0026cloudrunv2.ServiceTemplateVolumeSecretArgs{\n\t\t\t\t\t\t\tSecret: secret.SecretId,\n\t\t\t\t\t\t\tDefaultMode: pulumi.Int(292),\n\t\t\t\t\t\t\tItems: cloudrunv2.ServiceTemplateVolumeSecretItemArray{\n\t\t\t\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateVolumeSecretItemArgs{\n\t\t\t\t\t\t\t\t\tVersion: pulumi.String(\"1\"),\n\t\t\t\t\t\t\t\t\tPath: pulumi.String(\"my-secret\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tContainers: cloudrunv2.ServiceTemplateContainerArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerArgs{\n\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t\tVolumeMounts: cloudrunv2.ServiceTemplateContainerVolumeMountArray{\n\t\t\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerVolumeMountArgs{\n\t\t\t\t\t\t\t\tName: pulumi.String(\"a-volume\"),\n\t\t\t\t\t\t\t\tMountPath: pulumi.String(\"/secrets\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsecret_version_data,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamMember(ctx, \"secret-access\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tSecretId: secret.ID(),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v-compute@developer.gserviceaccount.com\", project.Number),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsecret,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.cloudrunv2.Service;\nimport com.pulumi.gcp.cloudrunv2.ServiceArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret = new Secret(\"secret\", SecretArgs.builder()\n .secretId(\"secret-1\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var secret_version_data = new SecretVersion(\"secret-version-data\", SecretVersionArgs.builder()\n .secret(secret.name())\n .secretData(\"secret-data\")\n .build());\n\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-service\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .ingress(\"INGRESS_TRAFFIC_ALL\")\n .template(ServiceTemplateArgs.builder()\n .volumes(ServiceTemplateVolumeArgs.builder()\n .name(\"a-volume\")\n .secret(ServiceTemplateVolumeSecretArgs.builder()\n .secret(secret.secretId())\n .defaultMode(292)\n .items(ServiceTemplateVolumeSecretItemArgs.builder()\n .version(\"1\")\n .path(\"my-secret\")\n .build())\n .build())\n .build())\n .containers(ServiceTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .volumeMounts(ServiceTemplateContainerVolumeMountArgs.builder()\n .name(\"a-volume\")\n .mountPath(\"/secrets\")\n .build())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(secret_version_data)\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var secret_access = new SecretIamMember(\"secret-access\", SecretIamMemberArgs.builder()\n .secretId(secret.id())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(String.format(\"serviceAccount:%s-compute@developer.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build(), CustomResourceOptions.builder()\n .dependsOn(secret)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Service\n properties:\n name: cloudrun-service\n location: us-central1\n deletionProtection: false\n ingress: INGRESS_TRAFFIC_ALL\n template:\n volumes:\n - name: a-volume\n secret:\n secret: ${secret.secretId}\n defaultMode: 292\n items:\n - version: '1'\n path: my-secret\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/hello\n volumeMounts:\n - name: a-volume\n mountPath: /secrets\n options:\n dependsOn:\n - ${[\"secret-version-data\"]}\n secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: secret-1\n replication:\n auto: {}\n secret-version-data:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${secret.name}\n secretData: secret-data\n secret-access:\n type: gcp:secretmanager:SecretIamMember\n properties:\n secretId: ${secret.id}\n role: roles/secretmanager.secretAccessor\n member: serviceAccount:${project.number}-compute@developer.gserviceaccount.com\n options:\n dependsOn:\n - ${secret}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Service Multicontainer\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrunv2.Service(\"default\", {\n name: \"cloudrun-service\",\n location: \"us-central1\",\n deletionProtection: false,\n ingress: \"INGRESS_TRAFFIC_ALL\",\n template: {\n containers: [\n {\n name: \"hello-1\",\n ports: {\n containerPort: 8080,\n },\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n dependsOns: [\"hello-2\"],\n volumeMounts: [{\n name: \"empty-dir-volume\",\n mountPath: \"/mnt\",\n }],\n },\n {\n name: \"hello-2\",\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n envs: [{\n name: \"PORT\",\n value: \"8081\",\n }],\n startupProbe: {\n httpGet: {\n port: 8081,\n },\n },\n },\n ],\n volumes: [{\n name: \"empty-dir-volume\",\n emptyDir: {\n medium: \"MEMORY\",\n sizeLimit: \"256Mi\",\n },\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrunv2.Service(\"default\",\n name=\"cloudrun-service\",\n location=\"us-central1\",\n deletion_protection=False,\n ingress=\"INGRESS_TRAFFIC_ALL\",\n template={\n \"containers\": [\n {\n \"name\": \"hello-1\",\n \"ports\": {\n \"container_port\": 8080,\n },\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n \"depends_ons\": [\"hello-2\"],\n \"volume_mounts\": [{\n \"name\": \"empty-dir-volume\",\n \"mount_path\": \"/mnt\",\n }],\n },\n {\n \"name\": \"hello-2\",\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n \"envs\": [{\n \"name\": \"PORT\",\n \"value\": \"8081\",\n }],\n \"startup_probe\": {\n \"http_get\": {\n \"port\": 8081,\n },\n },\n },\n ],\n \"volumes\": [{\n \"name\": \"empty-dir-volume\",\n \"empty_dir\": {\n \"medium\": \"MEMORY\",\n \"size_limit\": \"256Mi\",\n },\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRunV2.Service(\"default\", new()\n {\n Name = \"cloudrun-service\",\n Location = \"us-central1\",\n DeletionProtection = false,\n Ingress = \"INGRESS_TRAFFIC_ALL\",\n Template = new Gcp.CloudRunV2.Inputs.ServiceTemplateArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerArgs\n {\n Name = \"hello-1\",\n Ports = new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerPortsArgs\n {\n ContainerPort = 8080,\n },\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n DependsOns = new[]\n {\n \"hello-2\",\n },\n VolumeMounts = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerVolumeMountArgs\n {\n Name = \"empty-dir-volume\",\n MountPath = \"/mnt\",\n },\n },\n },\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerArgs\n {\n Name = \"hello-2\",\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n Envs = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerEnvArgs\n {\n Name = \"PORT\",\n Value = \"8081\",\n },\n },\n StartupProbe = new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerStartupProbeArgs\n {\n HttpGet = new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerStartupProbeHttpGetArgs\n {\n Port = 8081,\n },\n },\n },\n },\n Volumes = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateVolumeArgs\n {\n Name = \"empty-dir-volume\",\n EmptyDir = new Gcp.CloudRunV2.Inputs.ServiceTemplateVolumeEmptyDirArgs\n {\n Medium = \"MEMORY\",\n SizeLimit = \"256Mi\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewService(ctx, \"default\", \u0026cloudrunv2.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-service\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tIngress: pulumi.String(\"INGRESS_TRAFFIC_ALL\"),\n\t\t\tTemplate: \u0026cloudrunv2.ServiceTemplateArgs{\n\t\t\t\tContainers: cloudrunv2.ServiceTemplateContainerArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerArgs{\n\t\t\t\t\t\tName: pulumi.String(\"hello-1\"),\n\t\t\t\t\t\tPorts: \u0026cloudrunv2.ServiceTemplateContainerPortsArgs{\n\t\t\t\t\t\t\tContainerPort: pulumi.Int(8080),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t\tDependsOns: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"hello-2\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tVolumeMounts: cloudrunv2.ServiceTemplateContainerVolumeMountArray{\n\t\t\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerVolumeMountArgs{\n\t\t\t\t\t\t\t\tName: pulumi.String(\"empty-dir-volume\"),\n\t\t\t\t\t\t\t\tMountPath: pulumi.String(\"/mnt\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerArgs{\n\t\t\t\t\t\tName: pulumi.String(\"hello-2\"),\n\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t\tEnvs: cloudrunv2.ServiceTemplateContainerEnvArray{\n\t\t\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerEnvArgs{\n\t\t\t\t\t\t\t\tName: pulumi.String(\"PORT\"),\n\t\t\t\t\t\t\t\tValue: pulumi.String(\"8081\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tStartupProbe: \u0026cloudrunv2.ServiceTemplateContainerStartupProbeArgs{\n\t\t\t\t\t\t\tHttpGet: \u0026cloudrunv2.ServiceTemplateContainerStartupProbeHttpGetArgs{\n\t\t\t\t\t\t\t\tPort: pulumi.Int(8081),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tVolumes: cloudrunv2.ServiceTemplateVolumeArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateVolumeArgs{\n\t\t\t\t\t\tName: pulumi.String(\"empty-dir-volume\"),\n\t\t\t\t\t\tEmptyDir: \u0026cloudrunv2.ServiceTemplateVolumeEmptyDirArgs{\n\t\t\t\t\t\t\tMedium: pulumi.String(\"MEMORY\"),\n\t\t\t\t\t\t\tSizeLimit: pulumi.String(\"256Mi\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.Service;\nimport com.pulumi.gcp.cloudrunv2.ServiceArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-service\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .ingress(\"INGRESS_TRAFFIC_ALL\")\n .template(ServiceTemplateArgs.builder()\n .containers( \n ServiceTemplateContainerArgs.builder()\n .name(\"hello-1\")\n .ports(ServiceTemplateContainerPortsArgs.builder()\n .containerPort(8080)\n .build())\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .dependsOns(\"hello-2\")\n .volumeMounts(ServiceTemplateContainerVolumeMountArgs.builder()\n .name(\"empty-dir-volume\")\n .mountPath(\"/mnt\")\n .build())\n .build(),\n ServiceTemplateContainerArgs.builder()\n .name(\"hello-2\")\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .envs(ServiceTemplateContainerEnvArgs.builder()\n .name(\"PORT\")\n .value(\"8081\")\n .build())\n .startupProbe(ServiceTemplateContainerStartupProbeArgs.builder()\n .httpGet(ServiceTemplateContainerStartupProbeHttpGetArgs.builder()\n .port(8081)\n .build())\n .build())\n .build())\n .volumes(ServiceTemplateVolumeArgs.builder()\n .name(\"empty-dir-volume\")\n .emptyDir(ServiceTemplateVolumeEmptyDirArgs.builder()\n .medium(\"MEMORY\")\n .sizeLimit(\"256Mi\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Service\n properties:\n name: cloudrun-service\n location: us-central1\n deletionProtection: false\n ingress: INGRESS_TRAFFIC_ALL\n template:\n containers:\n - name: hello-1\n ports:\n containerPort: 8080\n image: us-docker.pkg.dev/cloudrun/container/hello\n dependsOns:\n - hello-2\n volumeMounts:\n - name: empty-dir-volume\n mountPath: /mnt\n - name: hello-2\n image: us-docker.pkg.dev/cloudrun/container/hello\n envs:\n - name: PORT\n value: '8081'\n startupProbe:\n httpGet:\n port: 8081\n volumes:\n - name: empty-dir-volume\n emptyDir:\n medium: MEMORY\n sizeLimit: 256Mi\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Service Mount Gcs\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultBucket = new gcp.storage.Bucket(\"default\", {\n name: \"cloudrun-service\",\n location: \"US\",\n});\nconst _default = new gcp.cloudrunv2.Service(\"default\", {\n name: \"cloudrun-service\",\n location: \"us-central1\",\n deletionProtection: false,\n template: {\n executionEnvironment: \"EXECUTION_ENVIRONMENT_GEN2\",\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n volumeMounts: [{\n name: \"bucket\",\n mountPath: \"/var/www\",\n }],\n }],\n volumes: [{\n name: \"bucket\",\n gcs: {\n bucket: defaultBucket.name,\n readOnly: false,\n },\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_bucket = gcp.storage.Bucket(\"default\",\n name=\"cloudrun-service\",\n location=\"US\")\ndefault = gcp.cloudrunv2.Service(\"default\",\n name=\"cloudrun-service\",\n location=\"us-central1\",\n deletion_protection=False,\n template={\n \"execution_environment\": \"EXECUTION_ENVIRONMENT_GEN2\",\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n \"volume_mounts\": [{\n \"name\": \"bucket\",\n \"mount_path\": \"/var/www\",\n }],\n }],\n \"volumes\": [{\n \"name\": \"bucket\",\n \"gcs\": {\n \"bucket\": default_bucket.name,\n \"read_only\": False,\n },\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultBucket = new Gcp.Storage.Bucket(\"default\", new()\n {\n Name = \"cloudrun-service\",\n Location = \"US\",\n });\n\n var @default = new Gcp.CloudRunV2.Service(\"default\", new()\n {\n Name = \"cloudrun-service\",\n Location = \"us-central1\",\n DeletionProtection = false,\n Template = new Gcp.CloudRunV2.Inputs.ServiceTemplateArgs\n {\n ExecutionEnvironment = \"EXECUTION_ENVIRONMENT_GEN2\",\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n VolumeMounts = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerVolumeMountArgs\n {\n Name = \"bucket\",\n MountPath = \"/var/www\",\n },\n },\n },\n },\n Volumes = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateVolumeArgs\n {\n Name = \"bucket\",\n Gcs = new Gcp.CloudRunV2.Inputs.ServiceTemplateVolumeGcsArgs\n {\n Bucket = defaultBucket.Name,\n ReadOnly = false,\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultBucket, err := storage.NewBucket(ctx, \"default\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"cloudrun-service\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewService(ctx, \"default\", \u0026cloudrunv2.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-service\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tTemplate: \u0026cloudrunv2.ServiceTemplateArgs{\n\t\t\t\tExecutionEnvironment: pulumi.String(\"EXECUTION_ENVIRONMENT_GEN2\"),\n\t\t\t\tContainers: cloudrunv2.ServiceTemplateContainerArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerArgs{\n\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t\tVolumeMounts: cloudrunv2.ServiceTemplateContainerVolumeMountArray{\n\t\t\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerVolumeMountArgs{\n\t\t\t\t\t\t\t\tName: pulumi.String(\"bucket\"),\n\t\t\t\t\t\t\t\tMountPath: pulumi.String(\"/var/www\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tVolumes: cloudrunv2.ServiceTemplateVolumeArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateVolumeArgs{\n\t\t\t\t\t\tName: pulumi.String(\"bucket\"),\n\t\t\t\t\t\tGcs: \u0026cloudrunv2.ServiceTemplateVolumeGcsArgs{\n\t\t\t\t\t\t\tBucket: defaultBucket.Name,\n\t\t\t\t\t\t\tReadOnly: pulumi.Bool(false),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.cloudrunv2.Service;\nimport com.pulumi.gcp.cloudrunv2.ServiceArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultBucket = new Bucket(\"defaultBucket\", BucketArgs.builder()\n .name(\"cloudrun-service\")\n .location(\"US\")\n .build());\n\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-service\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .template(ServiceTemplateArgs.builder()\n .executionEnvironment(\"EXECUTION_ENVIRONMENT_GEN2\")\n .containers(ServiceTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .volumeMounts(ServiceTemplateContainerVolumeMountArgs.builder()\n .name(\"bucket\")\n .mountPath(\"/var/www\")\n .build())\n .build())\n .volumes(ServiceTemplateVolumeArgs.builder()\n .name(\"bucket\")\n .gcs(ServiceTemplateVolumeGcsArgs.builder()\n .bucket(defaultBucket.name())\n .readOnly(false)\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Service\n properties:\n name: cloudrun-service\n location: us-central1\n deletionProtection: false\n template:\n executionEnvironment: EXECUTION_ENVIRONMENT_GEN2\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/hello\n volumeMounts:\n - name: bucket\n mountPath: /var/www\n volumes:\n - name: bucket\n gcs:\n bucket: ${defaultBucket.name}\n readOnly: false\n defaultBucket:\n type: gcp:storage:Bucket\n name: default\n properties:\n name: cloudrun-service\n location: US\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Service Mount Nfs\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultInstance = new gcp.filestore.Instance(\"default\", {\n name: \"cloudrun-service\",\n location: \"us-central1-b\",\n tier: \"BASIC_HDD\",\n fileShares: {\n capacityGb: 1024,\n name: \"share1\",\n },\n networks: [{\n network: \"default\",\n modes: [\"MODE_IPV4\"],\n }],\n});\nconst _default = new gcp.cloudrunv2.Service(\"default\", {\n name: \"cloudrun-service\",\n location: \"us-central1\",\n deletionProtection: false,\n ingress: \"INGRESS_TRAFFIC_ALL\",\n template: {\n executionEnvironment: \"EXECUTION_ENVIRONMENT_GEN2\",\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/hello:latest\",\n volumeMounts: [{\n name: \"nfs\",\n mountPath: \"/mnt/nfs/filestore\",\n }],\n }],\n vpcAccess: {\n networkInterfaces: [{\n network: \"default\",\n subnetwork: \"default\",\n }],\n },\n volumes: [{\n name: \"nfs\",\n nfs: {\n server: defaultInstance.networks.apply(networks =\u003e networks[0].ipAddresses?.[0]),\n path: \"/share1\",\n readOnly: false,\n },\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_instance = gcp.filestore.Instance(\"default\",\n name=\"cloudrun-service\",\n location=\"us-central1-b\",\n tier=\"BASIC_HDD\",\n file_shares={\n \"capacity_gb\": 1024,\n \"name\": \"share1\",\n },\n networks=[{\n \"network\": \"default\",\n \"modes\": [\"MODE_IPV4\"],\n }])\ndefault = gcp.cloudrunv2.Service(\"default\",\n name=\"cloudrun-service\",\n location=\"us-central1\",\n deletion_protection=False,\n ingress=\"INGRESS_TRAFFIC_ALL\",\n template={\n \"execution_environment\": \"EXECUTION_ENVIRONMENT_GEN2\",\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello:latest\",\n \"volume_mounts\": [{\n \"name\": \"nfs\",\n \"mount_path\": \"/mnt/nfs/filestore\",\n }],\n }],\n \"vpc_access\": {\n \"network_interfaces\": [{\n \"network\": \"default\",\n \"subnetwork\": \"default\",\n }],\n },\n \"volumes\": [{\n \"name\": \"nfs\",\n \"nfs\": {\n \"server\": default_instance.networks[0].ip_addresses[0],\n \"path\": \"/share1\",\n \"read_only\": False,\n },\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultInstance = new Gcp.Filestore.Instance(\"default\", new()\n {\n Name = \"cloudrun-service\",\n Location = \"us-central1-b\",\n Tier = \"BASIC_HDD\",\n FileShares = new Gcp.Filestore.Inputs.InstanceFileSharesArgs\n {\n CapacityGb = 1024,\n Name = \"share1\",\n },\n Networks = new[]\n {\n new Gcp.Filestore.Inputs.InstanceNetworkArgs\n {\n Network = \"default\",\n Modes = new[]\n {\n \"MODE_IPV4\",\n },\n },\n },\n });\n\n var @default = new Gcp.CloudRunV2.Service(\"default\", new()\n {\n Name = \"cloudrun-service\",\n Location = \"us-central1\",\n DeletionProtection = false,\n Ingress = \"INGRESS_TRAFFIC_ALL\",\n Template = new Gcp.CloudRunV2.Inputs.ServiceTemplateArgs\n {\n ExecutionEnvironment = \"EXECUTION_ENVIRONMENT_GEN2\",\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/hello:latest\",\n VolumeMounts = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerVolumeMountArgs\n {\n Name = \"nfs\",\n MountPath = \"/mnt/nfs/filestore\",\n },\n },\n },\n },\n VpcAccess = new Gcp.CloudRunV2.Inputs.ServiceTemplateVpcAccessArgs\n {\n NetworkInterfaces = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateVpcAccessNetworkInterfaceArgs\n {\n Network = \"default\",\n Subnetwork = \"default\",\n },\n },\n },\n Volumes = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateVolumeArgs\n {\n Name = \"nfs\",\n Nfs = new Gcp.CloudRunV2.Inputs.ServiceTemplateVolumeNfsArgs\n {\n Server = defaultInstance.Networks.Apply(networks =\u003e networks[0].IpAddresses[0]),\n Path = \"/share1\",\n ReadOnly = false,\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/filestore\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultInstance, err := filestore.NewInstance(ctx, \"default\", \u0026filestore.InstanceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-service\"),\n\t\t\tLocation: pulumi.String(\"us-central1-b\"),\n\t\t\tTier: pulumi.String(\"BASIC_HDD\"),\n\t\t\tFileShares: \u0026filestore.InstanceFileSharesArgs{\n\t\t\t\tCapacityGb: pulumi.Int(1024),\n\t\t\t\tName: pulumi.String(\"share1\"),\n\t\t\t},\n\t\t\tNetworks: filestore.InstanceNetworkArray{\n\t\t\t\t\u0026filestore.InstanceNetworkArgs{\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t\tModes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"MODE_IPV4\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewService(ctx, \"default\", \u0026cloudrunv2.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-service\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tIngress: pulumi.String(\"INGRESS_TRAFFIC_ALL\"),\n\t\t\tTemplate: \u0026cloudrunv2.ServiceTemplateArgs{\n\t\t\t\tExecutionEnvironment: pulumi.String(\"EXECUTION_ENVIRONMENT_GEN2\"),\n\t\t\t\tContainers: cloudrunv2.ServiceTemplateContainerArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerArgs{\n\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello:latest\"),\n\t\t\t\t\t\tVolumeMounts: cloudrunv2.ServiceTemplateContainerVolumeMountArray{\n\t\t\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerVolumeMountArgs{\n\t\t\t\t\t\t\t\tName: pulumi.String(\"nfs\"),\n\t\t\t\t\t\t\t\tMountPath: pulumi.String(\"/mnt/nfs/filestore\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tVpcAccess: \u0026cloudrunv2.ServiceTemplateVpcAccessArgs{\n\t\t\t\t\tNetworkInterfaces: cloudrunv2.ServiceTemplateVpcAccessNetworkInterfaceArray{\n\t\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateVpcAccessNetworkInterfaceArgs{\n\t\t\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t\t\t\tSubnetwork: pulumi.String(\"default\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tVolumes: cloudrunv2.ServiceTemplateVolumeArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateVolumeArgs{\n\t\t\t\t\t\tName: pulumi.String(\"nfs\"),\n\t\t\t\t\t\tNfs: \u0026cloudrunv2.ServiceTemplateVolumeNfsArgs{\n\t\t\t\t\t\t\tServer: defaultInstance.Networks.ApplyT(func(networks []filestore.InstanceNetwork) (*string, error) {\n\t\t\t\t\t\t\t\treturn \u0026networks[0].IpAddresses[0], nil\n\t\t\t\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\t\t\t\tPath: pulumi.String(\"/share1\"),\n\t\t\t\t\t\t\tReadOnly: pulumi.Bool(false),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.filestore.Instance;\nimport com.pulumi.gcp.filestore.InstanceArgs;\nimport com.pulumi.gcp.filestore.inputs.InstanceFileSharesArgs;\nimport com.pulumi.gcp.filestore.inputs.InstanceNetworkArgs;\nimport com.pulumi.gcp.cloudrunv2.Service;\nimport com.pulumi.gcp.cloudrunv2.ServiceArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateVpcAccessArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultInstance = new Instance(\"defaultInstance\", InstanceArgs.builder()\n .name(\"cloudrun-service\")\n .location(\"us-central1-b\")\n .tier(\"BASIC_HDD\")\n .fileShares(InstanceFileSharesArgs.builder()\n .capacityGb(1024)\n .name(\"share1\")\n .build())\n .networks(InstanceNetworkArgs.builder()\n .network(\"default\")\n .modes(\"MODE_IPV4\")\n .build())\n .build());\n\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-service\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .ingress(\"INGRESS_TRAFFIC_ALL\")\n .template(ServiceTemplateArgs.builder()\n .executionEnvironment(\"EXECUTION_ENVIRONMENT_GEN2\")\n .containers(ServiceTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/hello:latest\")\n .volumeMounts(ServiceTemplateContainerVolumeMountArgs.builder()\n .name(\"nfs\")\n .mountPath(\"/mnt/nfs/filestore\")\n .build())\n .build())\n .vpcAccess(ServiceTemplateVpcAccessArgs.builder()\n .networkInterfaces(ServiceTemplateVpcAccessNetworkInterfaceArgs.builder()\n .network(\"default\")\n .subnetwork(\"default\")\n .build())\n .build())\n .volumes(ServiceTemplateVolumeArgs.builder()\n .name(\"nfs\")\n .nfs(ServiceTemplateVolumeNfsArgs.builder()\n .server(defaultInstance.networks().applyValue(networks -\u003e networks[0].ipAddresses()[0]))\n .path(\"/share1\")\n .readOnly(false)\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Service\n properties:\n name: cloudrun-service\n location: us-central1\n deletionProtection: false\n ingress: INGRESS_TRAFFIC_ALL\n template:\n executionEnvironment: EXECUTION_ENVIRONMENT_GEN2\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/hello:latest\n volumeMounts:\n - name: nfs\n mountPath: /mnt/nfs/filestore\n vpcAccess:\n networkInterfaces:\n - network: default\n subnetwork: default\n volumes:\n - name: nfs\n nfs:\n server: ${defaultInstance.networks[0].ipAddresses[0]}\n path: /share1\n readOnly: false\n defaultInstance:\n type: gcp:filestore:Instance\n name: default\n properties:\n name: cloudrun-service\n location: us-central1-b\n tier: BASIC_HDD\n fileShares:\n capacityGb: 1024\n name: share1\n networks:\n - network: default\n modes:\n - MODE_IPV4\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Service Mesh\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst mesh = new gcp.networkservices.Mesh(\"mesh\", {name: \"network-services-mesh\"});\nconst waitForMesh = new time.index.Sleep(\"wait_for_mesh\", {createDuration: \"1m\"}, {\n dependsOn: [mesh],\n});\nconst _default = new gcp.cloudrunv2.Service(\"default\", {\n name: \"cloudrun-service\",\n deletionProtection: false,\n location: \"us-central1\",\n launchStage: \"BETA\",\n template: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n serviceMesh: {\n mesh: mesh.id,\n },\n },\n}, {\n dependsOn: [waitForMesh],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\nmesh = gcp.networkservices.Mesh(\"mesh\", name=\"network-services-mesh\")\nwait_for_mesh = time.index.Sleep(\"wait_for_mesh\", create_duration=1m,\nopts = pulumi.ResourceOptions(depends_on=[mesh]))\ndefault = gcp.cloudrunv2.Service(\"default\",\n name=\"cloudrun-service\",\n deletion_protection=False,\n location=\"us-central1\",\n launch_stage=\"BETA\",\n template={\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n \"service_mesh\": {\n \"mesh\": mesh.id,\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[wait_for_mesh]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var mesh = new Gcp.NetworkServices.Mesh(\"mesh\", new()\n {\n Name = \"network-services-mesh\",\n });\n\n var waitForMesh = new Time.Index.Sleep(\"wait_for_mesh\", new()\n {\n CreateDuration = \"1m\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n mesh,\n },\n });\n\n var @default = new Gcp.CloudRunV2.Service(\"default\", new()\n {\n Name = \"cloudrun-service\",\n DeletionProtection = false,\n Location = \"us-central1\",\n LaunchStage = \"BETA\",\n Template = new Gcp.CloudRunV2.Inputs.ServiceTemplateArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n },\n },\n ServiceMesh = new Gcp.CloudRunV2.Inputs.ServiceTemplateServiceMeshArgs\n {\n Mesh = mesh.Id,\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n waitForMesh,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkservices\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmesh, err := networkservices.NewMesh(ctx, \"mesh\", \u0026networkservices.MeshArgs{\n\t\t\tName: pulumi.String(\"network-services-mesh\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twaitForMesh, err := time.NewSleep(ctx, \"wait_for_mesh\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"1m\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tmesh,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewService(ctx, \"default\", \u0026cloudrunv2.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-service\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tLaunchStage: pulumi.String(\"BETA\"),\n\t\t\tTemplate: \u0026cloudrunv2.ServiceTemplateArgs{\n\t\t\t\tContainers: cloudrunv2.ServiceTemplateContainerArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerArgs{\n\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tServiceMesh: \u0026cloudrunv2.ServiceTemplateServiceMeshArgs{\n\t\t\t\t\tMesh: mesh.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twaitForMesh,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.networkservices.Mesh;\nimport com.pulumi.gcp.networkservices.MeshArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.cloudrunv2.Service;\nimport com.pulumi.gcp.cloudrunv2.ServiceArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateServiceMeshArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var mesh = new Mesh(\"mesh\", MeshArgs.builder()\n .name(\"network-services-mesh\")\n .build());\n\n var waitForMesh = new Sleep(\"waitForMesh\", SleepArgs.builder()\n .createDuration(\"1m\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(mesh)\n .build());\n\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-service\")\n .deletionProtection(false)\n .location(\"us-central1\")\n .launchStage(\"BETA\")\n .template(ServiceTemplateArgs.builder()\n .containers(ServiceTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .build())\n .serviceMesh(ServiceTemplateServiceMeshArgs.builder()\n .mesh(mesh.id())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(waitForMesh)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Service\n properties:\n name: cloudrun-service\n deletionProtection: false\n location: us-central1\n launchStage: BETA\n template:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/hello\n serviceMesh:\n mesh: ${mesh.id}\n options:\n dependsOn:\n - ${waitForMesh}\n waitForMesh:\n type: time:sleep\n name: wait_for_mesh\n properties:\n createDuration: 1m\n options:\n dependsOn:\n - ${mesh}\n mesh:\n type: gcp:networkservices:Mesh\n properties:\n name: network-services-mesh\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Cloudrunv2 Service Invokeriam\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.cloudrunv2.Service(\"default\", {\n name: \"cloudrun-service\",\n location: \"us-central1\",\n deletionProtection: false,\n invokerIamDisabled: true,\n description: \"The serving URL of this service will not perform any IAM check when invoked\",\n ingress: \"INGRESS_TRAFFIC_ALL\",\n template: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.cloudrunv2.Service(\"default\",\n name=\"cloudrun-service\",\n location=\"us-central1\",\n deletion_protection=False,\n invoker_iam_disabled=True,\n description=\"The serving URL of this service will not perform any IAM check when invoked\",\n ingress=\"INGRESS_TRAFFIC_ALL\",\n template={\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CloudRunV2.Service(\"default\", new()\n {\n Name = \"cloudrun-service\",\n Location = \"us-central1\",\n DeletionProtection = false,\n InvokerIamDisabled = true,\n Description = \"The serving URL of this service will not perform any IAM check when invoked\",\n Ingress = \"INGRESS_TRAFFIC_ALL\",\n Template = new Gcp.CloudRunV2.Inputs.ServiceTemplateArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewService(ctx, \"default\", \u0026cloudrunv2.ServiceArgs{\n\t\t\tName: pulumi.String(\"cloudrun-service\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tInvokerIamDisabled: pulumi.Bool(true),\n\t\t\tDescription: pulumi.String(\"The serving URL of this service will not perform any IAM check when invoked\"),\n\t\t\tIngress: pulumi.String(\"INGRESS_TRAFFIC_ALL\"),\n\t\t\tTemplate: \u0026cloudrunv2.ServiceTemplateArgs{\n\t\t\t\tContainers: cloudrunv2.ServiceTemplateContainerArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerArgs{\n\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.Service;\nimport com.pulumi.gcp.cloudrunv2.ServiceArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .name(\"cloudrun-service\")\n .location(\"us-central1\")\n .deletionProtection(false)\n .invokerIamDisabled(true)\n .description(\"The serving URL of this service will not perform any IAM check when invoked\")\n .ingress(\"INGRESS_TRAFFIC_ALL\")\n .template(ServiceTemplateArgs.builder()\n .containers(ServiceTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:cloudrunv2:Service\n properties:\n name: cloudrun-service\n location: us-central1\n deletionProtection: false\n invokerIamDisabled: true\n description: The serving URL of this service will not perform any IAM check when invoked\n ingress: INGRESS_TRAFFIC_ALL\n template:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/hello\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nService can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/services/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Service can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:cloudrunv2/service:Service default projects/{{project}}/locations/{{location}}/services/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudrunv2/service:Service default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudrunv2/service:Service default {{location}}/{{name}}\n```\n\n", "properties": { "annotations": { "type": "object", @@ -157228,7 +157228,7 @@ } }, "gcp:cloudrunv2/serviceIamBinding:ServiceIamBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud Run (v2 API) Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrunv2.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrunv2.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.ServiceIamBinding` and `gcp.cloudrunv2.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrunv2.ServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.ServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrunv2.ServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.ServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewServiceIamPolicy(ctx, \"policy\", \u0026cloudrunv2.ServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:ServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.ServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.ServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.ServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamBinding(ctx, \"binding\", \u0026cloudrunv2.ServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBinding;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:ServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.ServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.ServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.ServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamMember(ctx, \"member\", \u0026cloudrunv2.ServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMember;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:ServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Run (v2 API) Service\nThree different resources help you manage your IAM policy for Cloud Run (v2 API) Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrunv2.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrunv2.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.ServiceIamBinding` and `gcp.cloudrunv2.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrunv2.ServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.ServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrunv2.ServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.ServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewServiceIamPolicy(ctx, \"policy\", \u0026cloudrunv2.ServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:ServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.ServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.ServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.ServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamBinding(ctx, \"binding\", \u0026cloudrunv2.ServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBinding;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:ServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.ServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.ServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.ServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamMember(ctx, \"member\", \u0026cloudrunv2.ServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMember;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:ServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run (v2 API) service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamBinding:ServiceIamBinding editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamBinding:ServiceIamBinding editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamBinding:ServiceIamBinding editor projects/{{project}}/locations/{{location}}/services/{{service}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Run (v2 API) Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrunv2.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrunv2.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.ServiceIamBinding` and `gcp.cloudrunv2.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrunv2.ServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.ServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrunv2.ServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.ServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewServiceIamPolicy(ctx, \"policy\", \u0026cloudrunv2.ServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:ServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.ServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.ServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.ServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamBinding(ctx, \"binding\", \u0026cloudrunv2.ServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBinding;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:ServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.ServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.ServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.ServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamMember(ctx, \"member\", \u0026cloudrunv2.ServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMember;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:ServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Run (v2 API) Service\nThree different resources help you manage your IAM policy for Cloud Run (v2 API) Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrunv2.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrunv2.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.ServiceIamBinding` and `gcp.cloudrunv2.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrunv2.ServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.ServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrunv2.ServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.ServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewServiceIamPolicy(ctx, \"policy\", \u0026cloudrunv2.ServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:ServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.ServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.ServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.ServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamBinding(ctx, \"binding\", \u0026cloudrunv2.ServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBinding;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:ServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.ServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.ServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.ServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamMember(ctx, \"member\", \u0026cloudrunv2.ServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMember;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:ServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run (v2 API) service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamBinding:ServiceIamBinding editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamBinding:ServiceIamBinding editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamBinding:ServiceIamBinding editor projects/{{project}}/locations/{{location}}/services/{{service}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:cloudrunv2/ServiceIamBindingCondition:ServiceIamBindingCondition" @@ -157349,7 +157349,7 @@ } }, "gcp:cloudrunv2/serviceIamMember:ServiceIamMember": { - "description": "Three different resources help you manage your IAM policy for Cloud Run (v2 API) Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrunv2.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrunv2.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.ServiceIamBinding` and `gcp.cloudrunv2.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrunv2.ServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.ServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrunv2.ServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.ServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewServiceIamPolicy(ctx, \"policy\", \u0026cloudrunv2.ServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:ServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.ServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.ServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.ServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamBinding(ctx, \"binding\", \u0026cloudrunv2.ServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBinding;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:ServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.ServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.ServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.ServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamMember(ctx, \"member\", \u0026cloudrunv2.ServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMember;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:ServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Run (v2 API) Service\nThree different resources help you manage your IAM policy for Cloud Run (v2 API) Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrunv2.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrunv2.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.ServiceIamBinding` and `gcp.cloudrunv2.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrunv2.ServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.ServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrunv2.ServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.ServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewServiceIamPolicy(ctx, \"policy\", \u0026cloudrunv2.ServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:ServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.ServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.ServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.ServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamBinding(ctx, \"binding\", \u0026cloudrunv2.ServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBinding;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:ServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.ServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.ServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.ServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamMember(ctx, \"member\", \u0026cloudrunv2.ServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMember;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:ServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run (v2 API) service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamMember:ServiceIamMember editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamMember:ServiceIamMember editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamMember:ServiceIamMember editor projects/{{project}}/locations/{{location}}/services/{{service}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Run (v2 API) Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrunv2.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrunv2.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.ServiceIamBinding` and `gcp.cloudrunv2.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrunv2.ServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.ServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrunv2.ServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.ServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewServiceIamPolicy(ctx, \"policy\", \u0026cloudrunv2.ServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:ServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.ServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.ServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.ServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamBinding(ctx, \"binding\", \u0026cloudrunv2.ServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBinding;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:ServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.ServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.ServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.ServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamMember(ctx, \"member\", \u0026cloudrunv2.ServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMember;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:ServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Run (v2 API) Service\nThree different resources help you manage your IAM policy for Cloud Run (v2 API) Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrunv2.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrunv2.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.ServiceIamBinding` and `gcp.cloudrunv2.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrunv2.ServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.ServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrunv2.ServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.ServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewServiceIamPolicy(ctx, \"policy\", \u0026cloudrunv2.ServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:ServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.ServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.ServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.ServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamBinding(ctx, \"binding\", \u0026cloudrunv2.ServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBinding;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:ServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.ServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.ServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.ServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamMember(ctx, \"member\", \u0026cloudrunv2.ServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMember;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:ServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run (v2 API) service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamMember:ServiceIamMember editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamMember:ServiceIamMember editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamMember:ServiceIamMember editor projects/{{project}}/locations/{{location}}/services/{{service}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:cloudrunv2/ServiceIamMemberCondition:ServiceIamMemberCondition" @@ -157463,7 +157463,7 @@ } }, "gcp:cloudrunv2/serviceIamPolicy:ServiceIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud Run (v2 API) Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrunv2.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrunv2.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.ServiceIamBinding` and `gcp.cloudrunv2.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrunv2.ServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.ServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrunv2.ServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.ServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewServiceIamPolicy(ctx, \"policy\", \u0026cloudrunv2.ServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:ServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.ServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.ServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.ServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamBinding(ctx, \"binding\", \u0026cloudrunv2.ServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBinding;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:ServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.ServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.ServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.ServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamMember(ctx, \"member\", \u0026cloudrunv2.ServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMember;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:ServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Run (v2 API) Service\nThree different resources help you manage your IAM policy for Cloud Run (v2 API) Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrunv2.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrunv2.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.ServiceIamBinding` and `gcp.cloudrunv2.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrunv2.ServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.ServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrunv2.ServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.ServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewServiceIamPolicy(ctx, \"policy\", \u0026cloudrunv2.ServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:ServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.ServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.ServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.ServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamBinding(ctx, \"binding\", \u0026cloudrunv2.ServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBinding;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:ServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.ServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.ServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.ServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamMember(ctx, \"member\", \u0026cloudrunv2.ServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMember;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:ServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run (v2 API) service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamPolicy:ServiceIamPolicy editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamPolicy:ServiceIamPolicy editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamPolicy:ServiceIamPolicy editor projects/{{project}}/locations/{{location}}/services/{{service}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Run (v2 API) Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrunv2.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrunv2.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.ServiceIamBinding` and `gcp.cloudrunv2.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrunv2.ServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.ServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrunv2.ServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.ServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewServiceIamPolicy(ctx, \"policy\", \u0026cloudrunv2.ServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:ServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.ServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.ServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.ServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamBinding(ctx, \"binding\", \u0026cloudrunv2.ServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBinding;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:ServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.ServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.ServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.ServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamMember(ctx, \"member\", \u0026cloudrunv2.ServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMember;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:ServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Run (v2 API) Service\nThree different resources help you manage your IAM policy for Cloud Run (v2 API) Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrunv2.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrunv2.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.ServiceIamBinding` and `gcp.cloudrunv2.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudrunv2.ServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.ServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudrunv2.ServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.ServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewServiceIamPolicy(ctx, \"policy\", \u0026cloudrunv2.ServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:ServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.ServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.ServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.ServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamBinding(ctx, \"binding\", \u0026cloudrunv2.ServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBinding;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:ServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudrunv2.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.ServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.ServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.ServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamMember(ctx, \"member\", \u0026cloudrunv2.ServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMember;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:ServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run (v2 API) service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamPolicy:ServiceIamPolicy editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamPolicy:ServiceIamPolicy editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamPolicy:ServiceIamPolicy editor projects/{{project}}/locations/{{location}}/services/{{service}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -157548,7 +157548,7 @@ } }, "gcp:cloudscheduler/job:Job": { - "description": "A scheduled job that can publish a PubSub message or an HTTP request\nevery X interval of time, using a crontab format string.\n\n\nTo get more information about Job, see:\n\n* [API documentation](https://cloud.google.com/scheduler/docs/reference/rest/)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/scheduler/)\n\n## Example Usage\n\n### Scheduler Job Pubsub\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst topic = new gcp.pubsub.Topic(\"topic\", {name: \"job-topic\"});\nconst job = new gcp.cloudscheduler.Job(\"job\", {\n name: \"test-job\",\n description: \"test job\",\n schedule: \"*/2 * * * *\",\n pubsubTarget: {\n topicName: topic.id,\n data: std.base64encode({\n input: \"test\",\n }).then(invoke =\u003e invoke.result),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ntopic = gcp.pubsub.Topic(\"topic\", name=\"job-topic\")\njob = gcp.cloudscheduler.Job(\"job\",\n name=\"test-job\",\n description=\"test job\",\n schedule=\"*/2 * * * *\",\n pubsub_target={\n \"topic_name\": topic.id,\n \"data\": std.base64encode(input=\"test\").result,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var topic = new Gcp.PubSub.Topic(\"topic\", new()\n {\n Name = \"job-topic\",\n });\n\n var job = new Gcp.CloudScheduler.Job(\"job\", new()\n {\n Name = \"test-job\",\n Description = \"test job\",\n Schedule = \"*/2 * * * *\",\n PubsubTarget = new Gcp.CloudScheduler.Inputs.JobPubsubTargetArgs\n {\n TopicName = topic.Id,\n Data = Std.Base64encode.Invoke(new()\n {\n Input = \"test\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudscheduler\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttopic, err := pubsub.NewTopic(ctx, \"topic\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"job-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeBase64encode, err := std.Base64encode(ctx, \u0026std.Base64encodeArgs{\n\t\t\tInput: \"test\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudscheduler.NewJob(ctx, \"job\", \u0026cloudscheduler.JobArgs{\n\t\t\tName: pulumi.String(\"test-job\"),\n\t\t\tDescription: pulumi.String(\"test job\"),\n\t\t\tSchedule: pulumi.String(\"*/2 * * * *\"),\n\t\t\tPubsubTarget: \u0026cloudscheduler.JobPubsubTargetArgs{\n\t\t\t\tTopicName: topic.ID(),\n\t\t\t\tData: pulumi.String(invokeBase64encode.Result),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.cloudscheduler.Job;\nimport com.pulumi.gcp.cloudscheduler.JobArgs;\nimport com.pulumi.gcp.cloudscheduler.inputs.JobPubsubTargetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var topic = new Topic(\"topic\", TopicArgs.builder()\n .name(\"job-topic\")\n .build());\n\n var job = new Job(\"job\", JobArgs.builder()\n .name(\"test-job\")\n .description(\"test job\")\n .schedule(\"*/2 * * * *\")\n .pubsubTarget(JobPubsubTargetArgs.builder()\n .topicName(topic.id())\n .data(StdFunctions.base64encode(Base64encodeArgs.builder()\n .input(\"test\")\n .build()).result())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n topic:\n type: gcp:pubsub:Topic\n properties:\n name: job-topic\n job:\n type: gcp:cloudscheduler:Job\n properties:\n name: test-job\n description: test job\n schedule: '*/2 * * * *'\n pubsubTarget:\n topicName: ${topic.id}\n data:\n fn::invoke:\n Function: std:base64encode\n Arguments:\n input: test\n Return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Scheduler Job Http\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst job = new gcp.cloudscheduler.Job(\"job\", {\n name: \"test-job\",\n description: \"test http job\",\n schedule: \"*/8 * * * *\",\n timeZone: \"America/New_York\",\n attemptDeadline: \"320s\",\n retryConfig: {\n retryCount: 1,\n },\n httpTarget: {\n httpMethod: \"POST\",\n uri: \"https://example.com/\",\n body: std.base64encode({\n input: \"{\\\"foo\\\":\\\"bar\\\"}\",\n }).then(invoke =\u003e invoke.result),\n headers: {\n \"Content-Type\": \"application/json\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\njob = gcp.cloudscheduler.Job(\"job\",\n name=\"test-job\",\n description=\"test http job\",\n schedule=\"*/8 * * * *\",\n time_zone=\"America/New_York\",\n attempt_deadline=\"320s\",\n retry_config={\n \"retry_count\": 1,\n },\n http_target={\n \"http_method\": \"POST\",\n \"uri\": \"https://example.com/\",\n \"body\": std.base64encode(input=\"{\\\"foo\\\":\\\"bar\\\"}\").result,\n \"headers\": {\n \"Content-Type\": \"application/json\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var job = new Gcp.CloudScheduler.Job(\"job\", new()\n {\n Name = \"test-job\",\n Description = \"test http job\",\n Schedule = \"*/8 * * * *\",\n TimeZone = \"America/New_York\",\n AttemptDeadline = \"320s\",\n RetryConfig = new Gcp.CloudScheduler.Inputs.JobRetryConfigArgs\n {\n RetryCount = 1,\n },\n HttpTarget = new Gcp.CloudScheduler.Inputs.JobHttpTargetArgs\n {\n HttpMethod = \"POST\",\n Uri = \"https://example.com/\",\n Body = Std.Base64encode.Invoke(new()\n {\n Input = \"{\\\"foo\\\":\\\"bar\\\"}\",\n }).Apply(invoke =\u003e invoke.Result),\n Headers = \n {\n { \"Content-Type\", \"application/json\" },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudscheduler\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeBase64encode, err := std.Base64encode(ctx, \u0026std.Base64encodeArgs{\n\t\t\tInput: \"{\\\"foo\\\":\\\"bar\\\"}\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudscheduler.NewJob(ctx, \"job\", \u0026cloudscheduler.JobArgs{\n\t\t\tName: pulumi.String(\"test-job\"),\n\t\t\tDescription: pulumi.String(\"test http job\"),\n\t\t\tSchedule: pulumi.String(\"*/8 * * * *\"),\n\t\t\tTimeZone: pulumi.String(\"America/New_York\"),\n\t\t\tAttemptDeadline: pulumi.String(\"320s\"),\n\t\t\tRetryConfig: \u0026cloudscheduler.JobRetryConfigArgs{\n\t\t\t\tRetryCount: pulumi.Int(1),\n\t\t\t},\n\t\t\tHttpTarget: \u0026cloudscheduler.JobHttpTargetArgs{\n\t\t\t\tHttpMethod: pulumi.String(\"POST\"),\n\t\t\t\tUri: pulumi.String(\"https://example.com/\"),\n\t\t\t\tBody: pulumi.String(invokeBase64encode.Result),\n\t\t\t\tHeaders: pulumi.StringMap{\n\t\t\t\t\t\"Content-Type\": pulumi.String(\"application/json\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudscheduler.Job;\nimport com.pulumi.gcp.cloudscheduler.JobArgs;\nimport com.pulumi.gcp.cloudscheduler.inputs.JobRetryConfigArgs;\nimport com.pulumi.gcp.cloudscheduler.inputs.JobHttpTargetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var job = new Job(\"job\", JobArgs.builder()\n .name(\"test-job\")\n .description(\"test http job\")\n .schedule(\"*/8 * * * *\")\n .timeZone(\"America/New_York\")\n .attemptDeadline(\"320s\")\n .retryConfig(JobRetryConfigArgs.builder()\n .retryCount(1)\n .build())\n .httpTarget(JobHttpTargetArgs.builder()\n .httpMethod(\"POST\")\n .uri(\"https://example.com/\")\n .body(StdFunctions.base64encode(Base64encodeArgs.builder()\n .input(\"{\\\"foo\\\":\\\"bar\\\"}\")\n .build()).result())\n .headers(Map.of(\"Content-Type\", \"application/json\"))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n job:\n type: gcp:cloudscheduler:Job\n properties:\n name: test-job\n description: test http job\n schedule: '*/8 * * * *'\n timeZone: America/New_York\n attemptDeadline: 320s\n retryConfig:\n retryCount: 1\n httpTarget:\n httpMethod: POST\n uri: https://example.com/\n body:\n fn::invoke:\n Function: std:base64encode\n Arguments:\n input: '{\"foo\":\"bar\"}'\n Return: result\n headers:\n Content-Type: application/json\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Scheduler Job Paused\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst job = new gcp.cloudscheduler.Job(\"job\", {\n paused: true,\n name: \"test-job\",\n description: \"test http job with updated fields\",\n schedule: \"*/8 * * * *\",\n timeZone: \"America/New_York\",\n attemptDeadline: \"320s\",\n retryConfig: {\n retryCount: 1,\n },\n httpTarget: {\n httpMethod: \"POST\",\n uri: \"https://example.com/ping\",\n body: std.base64encode({\n input: \"{\\\"foo\\\":\\\"bar\\\"}\",\n }).then(invoke =\u003e invoke.result),\n headers: {\n \"Content-Type\": \"application/json\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\njob = gcp.cloudscheduler.Job(\"job\",\n paused=True,\n name=\"test-job\",\n description=\"test http job with updated fields\",\n schedule=\"*/8 * * * *\",\n time_zone=\"America/New_York\",\n attempt_deadline=\"320s\",\n retry_config={\n \"retry_count\": 1,\n },\n http_target={\n \"http_method\": \"POST\",\n \"uri\": \"https://example.com/ping\",\n \"body\": std.base64encode(input=\"{\\\"foo\\\":\\\"bar\\\"}\").result,\n \"headers\": {\n \"Content-Type\": \"application/json\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var job = new Gcp.CloudScheduler.Job(\"job\", new()\n {\n Paused = true,\n Name = \"test-job\",\n Description = \"test http job with updated fields\",\n Schedule = \"*/8 * * * *\",\n TimeZone = \"America/New_York\",\n AttemptDeadline = \"320s\",\n RetryConfig = new Gcp.CloudScheduler.Inputs.JobRetryConfigArgs\n {\n RetryCount = 1,\n },\n HttpTarget = new Gcp.CloudScheduler.Inputs.JobHttpTargetArgs\n {\n HttpMethod = \"POST\",\n Uri = \"https://example.com/ping\",\n Body = Std.Base64encode.Invoke(new()\n {\n Input = \"{\\\"foo\\\":\\\"bar\\\"}\",\n }).Apply(invoke =\u003e invoke.Result),\n Headers = \n {\n { \"Content-Type\", \"application/json\" },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudscheduler\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeBase64encode, err := std.Base64encode(ctx, \u0026std.Base64encodeArgs{\n\t\t\tInput: \"{\\\"foo\\\":\\\"bar\\\"}\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudscheduler.NewJob(ctx, \"job\", \u0026cloudscheduler.JobArgs{\n\t\t\tPaused: pulumi.Bool(true),\n\t\t\tName: pulumi.String(\"test-job\"),\n\t\t\tDescription: pulumi.String(\"test http job with updated fields\"),\n\t\t\tSchedule: pulumi.String(\"*/8 * * * *\"),\n\t\t\tTimeZone: pulumi.String(\"America/New_York\"),\n\t\t\tAttemptDeadline: pulumi.String(\"320s\"),\n\t\t\tRetryConfig: \u0026cloudscheduler.JobRetryConfigArgs{\n\t\t\t\tRetryCount: pulumi.Int(1),\n\t\t\t},\n\t\t\tHttpTarget: \u0026cloudscheduler.JobHttpTargetArgs{\n\t\t\t\tHttpMethod: pulumi.String(\"POST\"),\n\t\t\t\tUri: pulumi.String(\"https://example.com/ping\"),\n\t\t\t\tBody: pulumi.String(invokeBase64encode.Result),\n\t\t\t\tHeaders: pulumi.StringMap{\n\t\t\t\t\t\"Content-Type\": pulumi.String(\"application/json\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudscheduler.Job;\nimport com.pulumi.gcp.cloudscheduler.JobArgs;\nimport com.pulumi.gcp.cloudscheduler.inputs.JobRetryConfigArgs;\nimport com.pulumi.gcp.cloudscheduler.inputs.JobHttpTargetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var job = new Job(\"job\", JobArgs.builder()\n .paused(true)\n .name(\"test-job\")\n .description(\"test http job with updated fields\")\n .schedule(\"*/8 * * * *\")\n .timeZone(\"America/New_York\")\n .attemptDeadline(\"320s\")\n .retryConfig(JobRetryConfigArgs.builder()\n .retryCount(1)\n .build())\n .httpTarget(JobHttpTargetArgs.builder()\n .httpMethod(\"POST\")\n .uri(\"https://example.com/ping\")\n .body(StdFunctions.base64encode(Base64encodeArgs.builder()\n .input(\"{\\\"foo\\\":\\\"bar\\\"}\")\n .build()).result())\n .headers(Map.of(\"Content-Type\", \"application/json\"))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n job:\n type: gcp:cloudscheduler:Job\n properties:\n paused: true\n name: test-job\n description: test http job with updated fields\n schedule: '*/8 * * * *'\n timeZone: America/New_York\n attemptDeadline: 320s\n retryConfig:\n retryCount: 1\n httpTarget:\n httpMethod: POST\n uri: https://example.com/ping\n body:\n fn::invoke:\n Function: std:base64encode\n Arguments:\n input: '{\"foo\":\"bar\"}'\n Return: result\n headers:\n Content-Type: application/json\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Scheduler Job App Engine\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst job = new gcp.cloudscheduler.Job(\"job\", {\n name: \"test-job\",\n schedule: \"*/4 * * * *\",\n description: \"test app engine job\",\n timeZone: \"Europe/London\",\n attemptDeadline: \"320s\",\n retryConfig: {\n minBackoffDuration: \"1s\",\n maxRetryDuration: \"10s\",\n maxDoublings: 2,\n retryCount: 3,\n },\n appEngineHttpTarget: {\n httpMethod: \"POST\",\n appEngineRouting: {\n service: \"web\",\n version: \"prod\",\n instance: \"my-instance-001\",\n },\n relativeUri: \"/ping\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\njob = gcp.cloudscheduler.Job(\"job\",\n name=\"test-job\",\n schedule=\"*/4 * * * *\",\n description=\"test app engine job\",\n time_zone=\"Europe/London\",\n attempt_deadline=\"320s\",\n retry_config={\n \"min_backoff_duration\": \"1s\",\n \"max_retry_duration\": \"10s\",\n \"max_doublings\": 2,\n \"retry_count\": 3,\n },\n app_engine_http_target={\n \"http_method\": \"POST\",\n \"app_engine_routing\": {\n \"service\": \"web\",\n \"version\": \"prod\",\n \"instance\": \"my-instance-001\",\n },\n \"relative_uri\": \"/ping\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var job = new Gcp.CloudScheduler.Job(\"job\", new()\n {\n Name = \"test-job\",\n Schedule = \"*/4 * * * *\",\n Description = \"test app engine job\",\n TimeZone = \"Europe/London\",\n AttemptDeadline = \"320s\",\n RetryConfig = new Gcp.CloudScheduler.Inputs.JobRetryConfigArgs\n {\n MinBackoffDuration = \"1s\",\n MaxRetryDuration = \"10s\",\n MaxDoublings = 2,\n RetryCount = 3,\n },\n AppEngineHttpTarget = new Gcp.CloudScheduler.Inputs.JobAppEngineHttpTargetArgs\n {\n HttpMethod = \"POST\",\n AppEngineRouting = new Gcp.CloudScheduler.Inputs.JobAppEngineHttpTargetAppEngineRoutingArgs\n {\n Service = \"web\",\n Version = \"prod\",\n Instance = \"my-instance-001\",\n },\n RelativeUri = \"/ping\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudscheduler\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudscheduler.NewJob(ctx, \"job\", \u0026cloudscheduler.JobArgs{\n\t\t\tName: pulumi.String(\"test-job\"),\n\t\t\tSchedule: pulumi.String(\"*/4 * * * *\"),\n\t\t\tDescription: pulumi.String(\"test app engine job\"),\n\t\t\tTimeZone: pulumi.String(\"Europe/London\"),\n\t\t\tAttemptDeadline: pulumi.String(\"320s\"),\n\t\t\tRetryConfig: \u0026cloudscheduler.JobRetryConfigArgs{\n\t\t\t\tMinBackoffDuration: pulumi.String(\"1s\"),\n\t\t\t\tMaxRetryDuration: pulumi.String(\"10s\"),\n\t\t\t\tMaxDoublings: pulumi.Int(2),\n\t\t\t\tRetryCount: pulumi.Int(3),\n\t\t\t},\n\t\t\tAppEngineHttpTarget: \u0026cloudscheduler.JobAppEngineHttpTargetArgs{\n\t\t\t\tHttpMethod: pulumi.String(\"POST\"),\n\t\t\t\tAppEngineRouting: \u0026cloudscheduler.JobAppEngineHttpTargetAppEngineRoutingArgs{\n\t\t\t\t\tService: pulumi.String(\"web\"),\n\t\t\t\t\tVersion: pulumi.String(\"prod\"),\n\t\t\t\t\tInstance: pulumi.String(\"my-instance-001\"),\n\t\t\t\t},\n\t\t\t\tRelativeUri: pulumi.String(\"/ping\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudscheduler.Job;\nimport com.pulumi.gcp.cloudscheduler.JobArgs;\nimport com.pulumi.gcp.cloudscheduler.inputs.JobRetryConfigArgs;\nimport com.pulumi.gcp.cloudscheduler.inputs.JobAppEngineHttpTargetArgs;\nimport com.pulumi.gcp.cloudscheduler.inputs.JobAppEngineHttpTargetAppEngineRoutingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var job = new Job(\"job\", JobArgs.builder()\n .name(\"test-job\")\n .schedule(\"*/4 * * * *\")\n .description(\"test app engine job\")\n .timeZone(\"Europe/London\")\n .attemptDeadline(\"320s\")\n .retryConfig(JobRetryConfigArgs.builder()\n .minBackoffDuration(\"1s\")\n .maxRetryDuration(\"10s\")\n .maxDoublings(2)\n .retryCount(3)\n .build())\n .appEngineHttpTarget(JobAppEngineHttpTargetArgs.builder()\n .httpMethod(\"POST\")\n .appEngineRouting(JobAppEngineHttpTargetAppEngineRoutingArgs.builder()\n .service(\"web\")\n .version(\"prod\")\n .instance(\"my-instance-001\")\n .build())\n .relativeUri(\"/ping\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n job:\n type: gcp:cloudscheduler:Job\n properties:\n name: test-job\n schedule: '*/4 * * * *'\n description: test app engine job\n timeZone: Europe/London\n attemptDeadline: 320s\n retryConfig:\n minBackoffDuration: 1s\n maxRetryDuration: 10s\n maxDoublings: 2\n retryCount: 3\n appEngineHttpTarget:\n httpMethod: POST\n appEngineRouting:\n service: web\n version: prod\n instance: my-instance-001\n relativeUri: /ping\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Scheduler Job Oauth\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getDefaultServiceAccount({});\nconst job = new gcp.cloudscheduler.Job(\"job\", {\n name: \"test-job\",\n description: \"test http job\",\n schedule: \"*/8 * * * *\",\n timeZone: \"America/New_York\",\n attemptDeadline: \"320s\",\n httpTarget: {\n httpMethod: \"GET\",\n uri: \"https://cloudscheduler.googleapis.com/v1/projects/my-project-name/locations/us-west1/jobs\",\n oauthToken: {\n serviceAccountEmail: _default.then(_default =\u003e _default.email),\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_default_service_account()\njob = gcp.cloudscheduler.Job(\"job\",\n name=\"test-job\",\n description=\"test http job\",\n schedule=\"*/8 * * * *\",\n time_zone=\"America/New_York\",\n attempt_deadline=\"320s\",\n http_target={\n \"http_method\": \"GET\",\n \"uri\": \"https://cloudscheduler.googleapis.com/v1/projects/my-project-name/locations/us-west1/jobs\",\n \"oauth_token\": {\n \"service_account_email\": default.email,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetDefaultServiceAccount.Invoke();\n\n var job = new Gcp.CloudScheduler.Job(\"job\", new()\n {\n Name = \"test-job\",\n Description = \"test http job\",\n Schedule = \"*/8 * * * *\",\n TimeZone = \"America/New_York\",\n AttemptDeadline = \"320s\",\n HttpTarget = new Gcp.CloudScheduler.Inputs.JobHttpTargetArgs\n {\n HttpMethod = \"GET\",\n Uri = \"https://cloudscheduler.googleapis.com/v1/projects/my-project-name/locations/us-west1/jobs\",\n OauthToken = new Gcp.CloudScheduler.Inputs.JobHttpTargetOauthTokenArgs\n {\n ServiceAccountEmail = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Email)),\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudscheduler\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.GetDefaultServiceAccount(ctx, \u0026compute.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudscheduler.NewJob(ctx, \"job\", \u0026cloudscheduler.JobArgs{\n\t\t\tName: pulumi.String(\"test-job\"),\n\t\t\tDescription: pulumi.String(\"test http job\"),\n\t\t\tSchedule: pulumi.String(\"*/8 * * * *\"),\n\t\t\tTimeZone: pulumi.String(\"America/New_York\"),\n\t\t\tAttemptDeadline: pulumi.String(\"320s\"),\n\t\t\tHttpTarget: \u0026cloudscheduler.JobHttpTargetArgs{\n\t\t\t\tHttpMethod: pulumi.String(\"GET\"),\n\t\t\t\tUri: pulumi.String(\"https://cloudscheduler.googleapis.com/v1/projects/my-project-name/locations/us-west1/jobs\"),\n\t\t\t\tOauthToken: \u0026cloudscheduler.JobHttpTargetOauthTokenArgs{\n\t\t\t\t\tServiceAccountEmail: pulumi.String(_default.Email),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.cloudscheduler.Job;\nimport com.pulumi.gcp.cloudscheduler.JobArgs;\nimport com.pulumi.gcp.cloudscheduler.inputs.JobHttpTargetArgs;\nimport com.pulumi.gcp.cloudscheduler.inputs.JobHttpTargetOauthTokenArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getDefaultServiceAccount();\n\n var job = new Job(\"job\", JobArgs.builder()\n .name(\"test-job\")\n .description(\"test http job\")\n .schedule(\"*/8 * * * *\")\n .timeZone(\"America/New_York\")\n .attemptDeadline(\"320s\")\n .httpTarget(JobHttpTargetArgs.builder()\n .httpMethod(\"GET\")\n .uri(\"https://cloudscheduler.googleapis.com/v1/projects/my-project-name/locations/us-west1/jobs\")\n .oauthToken(JobHttpTargetOauthTokenArgs.builder()\n .serviceAccountEmail(default_.email())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n job:\n type: gcp:cloudscheduler:Job\n properties:\n name: test-job\n description: test http job\n schedule: '*/8 * * * *'\n timeZone: America/New_York\n attemptDeadline: 320s\n httpTarget:\n httpMethod: GET\n uri: https://cloudscheduler.googleapis.com/v1/projects/my-project-name/locations/us-west1/jobs\n oauthToken:\n serviceAccountEmail: ${default.email}\nvariables:\n default:\n fn::invoke:\n Function: gcp:compute:getDefaultServiceAccount\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Scheduler Job Oidc\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getDefaultServiceAccount({});\nconst job = new gcp.cloudscheduler.Job(\"job\", {\n name: \"test-job\",\n description: \"test http job\",\n schedule: \"*/8 * * * *\",\n timeZone: \"America/New_York\",\n attemptDeadline: \"320s\",\n httpTarget: {\n httpMethod: \"GET\",\n uri: \"https://example.com/ping\",\n oidcToken: {\n serviceAccountEmail: _default.then(_default =\u003e _default.email),\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_default_service_account()\njob = gcp.cloudscheduler.Job(\"job\",\n name=\"test-job\",\n description=\"test http job\",\n schedule=\"*/8 * * * *\",\n time_zone=\"America/New_York\",\n attempt_deadline=\"320s\",\n http_target={\n \"http_method\": \"GET\",\n \"uri\": \"https://example.com/ping\",\n \"oidc_token\": {\n \"service_account_email\": default.email,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetDefaultServiceAccount.Invoke();\n\n var job = new Gcp.CloudScheduler.Job(\"job\", new()\n {\n Name = \"test-job\",\n Description = \"test http job\",\n Schedule = \"*/8 * * * *\",\n TimeZone = \"America/New_York\",\n AttemptDeadline = \"320s\",\n HttpTarget = new Gcp.CloudScheduler.Inputs.JobHttpTargetArgs\n {\n HttpMethod = \"GET\",\n Uri = \"https://example.com/ping\",\n OidcToken = new Gcp.CloudScheduler.Inputs.JobHttpTargetOidcTokenArgs\n {\n ServiceAccountEmail = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Email)),\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudscheduler\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.GetDefaultServiceAccount(ctx, \u0026compute.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudscheduler.NewJob(ctx, \"job\", \u0026cloudscheduler.JobArgs{\n\t\t\tName: pulumi.String(\"test-job\"),\n\t\t\tDescription: pulumi.String(\"test http job\"),\n\t\t\tSchedule: pulumi.String(\"*/8 * * * *\"),\n\t\t\tTimeZone: pulumi.String(\"America/New_York\"),\n\t\t\tAttemptDeadline: pulumi.String(\"320s\"),\n\t\t\tHttpTarget: \u0026cloudscheduler.JobHttpTargetArgs{\n\t\t\t\tHttpMethod: pulumi.String(\"GET\"),\n\t\t\t\tUri: pulumi.String(\"https://example.com/ping\"),\n\t\t\t\tOidcToken: \u0026cloudscheduler.JobHttpTargetOidcTokenArgs{\n\t\t\t\t\tServiceAccountEmail: pulumi.String(_default.Email),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.cloudscheduler.Job;\nimport com.pulumi.gcp.cloudscheduler.JobArgs;\nimport com.pulumi.gcp.cloudscheduler.inputs.JobHttpTargetArgs;\nimport com.pulumi.gcp.cloudscheduler.inputs.JobHttpTargetOidcTokenArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getDefaultServiceAccount();\n\n var job = new Job(\"job\", JobArgs.builder()\n .name(\"test-job\")\n .description(\"test http job\")\n .schedule(\"*/8 * * * *\")\n .timeZone(\"America/New_York\")\n .attemptDeadline(\"320s\")\n .httpTarget(JobHttpTargetArgs.builder()\n .httpMethod(\"GET\")\n .uri(\"https://example.com/ping\")\n .oidcToken(JobHttpTargetOidcTokenArgs.builder()\n .serviceAccountEmail(default_.email())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n job:\n type: gcp:cloudscheduler:Job\n properties:\n name: test-job\n description: test http job\n schedule: '*/8 * * * *'\n timeZone: America/New_York\n attemptDeadline: 320s\n httpTarget:\n httpMethod: GET\n uri: https://example.com/ping\n oidcToken:\n serviceAccountEmail: ${default.email}\nvariables:\n default:\n fn::invoke:\n Function: gcp:compute:getDefaultServiceAccount\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nJob can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/jobs/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Job can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:cloudscheduler/job:Job default projects/{{project}}/locations/{{region}}/jobs/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudscheduler/job:Job default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudscheduler/job:Job default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudscheduler/job:Job default {{name}}\n```\n\n", + "description": "A scheduled job that can publish a PubSub message or an HTTP request\nevery X interval of time, using a crontab format string.\n\n\nTo get more information about Job, see:\n\n* [API documentation](https://cloud.google.com/scheduler/docs/reference/rest/)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/scheduler/)\n\n## Example Usage\n\n### Scheduler Job Pubsub\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst topic = new gcp.pubsub.Topic(\"topic\", {name: \"job-topic\"});\nconst job = new gcp.cloudscheduler.Job(\"job\", {\n name: \"test-job\",\n description: \"test job\",\n schedule: \"*/2 * * * *\",\n pubsubTarget: {\n topicName: topic.id,\n data: std.base64encode({\n input: \"test\",\n }).then(invoke =\u003e invoke.result),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ntopic = gcp.pubsub.Topic(\"topic\", name=\"job-topic\")\njob = gcp.cloudscheduler.Job(\"job\",\n name=\"test-job\",\n description=\"test job\",\n schedule=\"*/2 * * * *\",\n pubsub_target={\n \"topic_name\": topic.id,\n \"data\": std.base64encode(input=\"test\").result,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var topic = new Gcp.PubSub.Topic(\"topic\", new()\n {\n Name = \"job-topic\",\n });\n\n var job = new Gcp.CloudScheduler.Job(\"job\", new()\n {\n Name = \"test-job\",\n Description = \"test job\",\n Schedule = \"*/2 * * * *\",\n PubsubTarget = new Gcp.CloudScheduler.Inputs.JobPubsubTargetArgs\n {\n TopicName = topic.Id,\n Data = Std.Base64encode.Invoke(new()\n {\n Input = \"test\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudscheduler\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttopic, err := pubsub.NewTopic(ctx, \"topic\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"job-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeBase64encode, err := std.Base64encode(ctx, \u0026std.Base64encodeArgs{\n\t\t\tInput: \"test\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudscheduler.NewJob(ctx, \"job\", \u0026cloudscheduler.JobArgs{\n\t\t\tName: pulumi.String(\"test-job\"),\n\t\t\tDescription: pulumi.String(\"test job\"),\n\t\t\tSchedule: pulumi.String(\"*/2 * * * *\"),\n\t\t\tPubsubTarget: \u0026cloudscheduler.JobPubsubTargetArgs{\n\t\t\t\tTopicName: topic.ID(),\n\t\t\t\tData: pulumi.String(invokeBase64encode.Result),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.cloudscheduler.Job;\nimport com.pulumi.gcp.cloudscheduler.JobArgs;\nimport com.pulumi.gcp.cloudscheduler.inputs.JobPubsubTargetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var topic = new Topic(\"topic\", TopicArgs.builder()\n .name(\"job-topic\")\n .build());\n\n var job = new Job(\"job\", JobArgs.builder()\n .name(\"test-job\")\n .description(\"test job\")\n .schedule(\"*/2 * * * *\")\n .pubsubTarget(JobPubsubTargetArgs.builder()\n .topicName(topic.id())\n .data(StdFunctions.base64encode(Base64encodeArgs.builder()\n .input(\"test\")\n .build()).result())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n topic:\n type: gcp:pubsub:Topic\n properties:\n name: job-topic\n job:\n type: gcp:cloudscheduler:Job\n properties:\n name: test-job\n description: test job\n schedule: '*/2 * * * *'\n pubsubTarget:\n topicName: ${topic.id}\n data:\n fn::invoke:\n function: std:base64encode\n arguments:\n input: test\n return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Scheduler Job Http\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst job = new gcp.cloudscheduler.Job(\"job\", {\n name: \"test-job\",\n description: \"test http job\",\n schedule: \"*/8 * * * *\",\n timeZone: \"America/New_York\",\n attemptDeadline: \"320s\",\n retryConfig: {\n retryCount: 1,\n },\n httpTarget: {\n httpMethod: \"POST\",\n uri: \"https://example.com/\",\n body: std.base64encode({\n input: \"{\\\"foo\\\":\\\"bar\\\"}\",\n }).then(invoke =\u003e invoke.result),\n headers: {\n \"Content-Type\": \"application/json\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\njob = gcp.cloudscheduler.Job(\"job\",\n name=\"test-job\",\n description=\"test http job\",\n schedule=\"*/8 * * * *\",\n time_zone=\"America/New_York\",\n attempt_deadline=\"320s\",\n retry_config={\n \"retry_count\": 1,\n },\n http_target={\n \"http_method\": \"POST\",\n \"uri\": \"https://example.com/\",\n \"body\": std.base64encode(input=\"{\\\"foo\\\":\\\"bar\\\"}\").result,\n \"headers\": {\n \"Content-Type\": \"application/json\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var job = new Gcp.CloudScheduler.Job(\"job\", new()\n {\n Name = \"test-job\",\n Description = \"test http job\",\n Schedule = \"*/8 * * * *\",\n TimeZone = \"America/New_York\",\n AttemptDeadline = \"320s\",\n RetryConfig = new Gcp.CloudScheduler.Inputs.JobRetryConfigArgs\n {\n RetryCount = 1,\n },\n HttpTarget = new Gcp.CloudScheduler.Inputs.JobHttpTargetArgs\n {\n HttpMethod = \"POST\",\n Uri = \"https://example.com/\",\n Body = Std.Base64encode.Invoke(new()\n {\n Input = \"{\\\"foo\\\":\\\"bar\\\"}\",\n }).Apply(invoke =\u003e invoke.Result),\n Headers = \n {\n { \"Content-Type\", \"application/json\" },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudscheduler\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeBase64encode, err := std.Base64encode(ctx, \u0026std.Base64encodeArgs{\n\t\t\tInput: \"{\\\"foo\\\":\\\"bar\\\"}\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudscheduler.NewJob(ctx, \"job\", \u0026cloudscheduler.JobArgs{\n\t\t\tName: pulumi.String(\"test-job\"),\n\t\t\tDescription: pulumi.String(\"test http job\"),\n\t\t\tSchedule: pulumi.String(\"*/8 * * * *\"),\n\t\t\tTimeZone: pulumi.String(\"America/New_York\"),\n\t\t\tAttemptDeadline: pulumi.String(\"320s\"),\n\t\t\tRetryConfig: \u0026cloudscheduler.JobRetryConfigArgs{\n\t\t\t\tRetryCount: pulumi.Int(1),\n\t\t\t},\n\t\t\tHttpTarget: \u0026cloudscheduler.JobHttpTargetArgs{\n\t\t\t\tHttpMethod: pulumi.String(\"POST\"),\n\t\t\t\tUri: pulumi.String(\"https://example.com/\"),\n\t\t\t\tBody: pulumi.String(invokeBase64encode.Result),\n\t\t\t\tHeaders: pulumi.StringMap{\n\t\t\t\t\t\"Content-Type\": pulumi.String(\"application/json\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudscheduler.Job;\nimport com.pulumi.gcp.cloudscheduler.JobArgs;\nimport com.pulumi.gcp.cloudscheduler.inputs.JobRetryConfigArgs;\nimport com.pulumi.gcp.cloudscheduler.inputs.JobHttpTargetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var job = new Job(\"job\", JobArgs.builder()\n .name(\"test-job\")\n .description(\"test http job\")\n .schedule(\"*/8 * * * *\")\n .timeZone(\"America/New_York\")\n .attemptDeadline(\"320s\")\n .retryConfig(JobRetryConfigArgs.builder()\n .retryCount(1)\n .build())\n .httpTarget(JobHttpTargetArgs.builder()\n .httpMethod(\"POST\")\n .uri(\"https://example.com/\")\n .body(StdFunctions.base64encode(Base64encodeArgs.builder()\n .input(\"{\\\"foo\\\":\\\"bar\\\"}\")\n .build()).result())\n .headers(Map.of(\"Content-Type\", \"application/json\"))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n job:\n type: gcp:cloudscheduler:Job\n properties:\n name: test-job\n description: test http job\n schedule: '*/8 * * * *'\n timeZone: America/New_York\n attemptDeadline: 320s\n retryConfig:\n retryCount: 1\n httpTarget:\n httpMethod: POST\n uri: https://example.com/\n body:\n fn::invoke:\n function: std:base64encode\n arguments:\n input: '{\"foo\":\"bar\"}'\n return: result\n headers:\n Content-Type: application/json\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Scheduler Job Paused\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst job = new gcp.cloudscheduler.Job(\"job\", {\n paused: true,\n name: \"test-job\",\n description: \"test http job with updated fields\",\n schedule: \"*/8 * * * *\",\n timeZone: \"America/New_York\",\n attemptDeadline: \"320s\",\n retryConfig: {\n retryCount: 1,\n },\n httpTarget: {\n httpMethod: \"POST\",\n uri: \"https://example.com/ping\",\n body: std.base64encode({\n input: \"{\\\"foo\\\":\\\"bar\\\"}\",\n }).then(invoke =\u003e invoke.result),\n headers: {\n \"Content-Type\": \"application/json\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\njob = gcp.cloudscheduler.Job(\"job\",\n paused=True,\n name=\"test-job\",\n description=\"test http job with updated fields\",\n schedule=\"*/8 * * * *\",\n time_zone=\"America/New_York\",\n attempt_deadline=\"320s\",\n retry_config={\n \"retry_count\": 1,\n },\n http_target={\n \"http_method\": \"POST\",\n \"uri\": \"https://example.com/ping\",\n \"body\": std.base64encode(input=\"{\\\"foo\\\":\\\"bar\\\"}\").result,\n \"headers\": {\n \"Content-Type\": \"application/json\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var job = new Gcp.CloudScheduler.Job(\"job\", new()\n {\n Paused = true,\n Name = \"test-job\",\n Description = \"test http job with updated fields\",\n Schedule = \"*/8 * * * *\",\n TimeZone = \"America/New_York\",\n AttemptDeadline = \"320s\",\n RetryConfig = new Gcp.CloudScheduler.Inputs.JobRetryConfigArgs\n {\n RetryCount = 1,\n },\n HttpTarget = new Gcp.CloudScheduler.Inputs.JobHttpTargetArgs\n {\n HttpMethod = \"POST\",\n Uri = \"https://example.com/ping\",\n Body = Std.Base64encode.Invoke(new()\n {\n Input = \"{\\\"foo\\\":\\\"bar\\\"}\",\n }).Apply(invoke =\u003e invoke.Result),\n Headers = \n {\n { \"Content-Type\", \"application/json\" },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudscheduler\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeBase64encode, err := std.Base64encode(ctx, \u0026std.Base64encodeArgs{\n\t\t\tInput: \"{\\\"foo\\\":\\\"bar\\\"}\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudscheduler.NewJob(ctx, \"job\", \u0026cloudscheduler.JobArgs{\n\t\t\tPaused: pulumi.Bool(true),\n\t\t\tName: pulumi.String(\"test-job\"),\n\t\t\tDescription: pulumi.String(\"test http job with updated fields\"),\n\t\t\tSchedule: pulumi.String(\"*/8 * * * *\"),\n\t\t\tTimeZone: pulumi.String(\"America/New_York\"),\n\t\t\tAttemptDeadline: pulumi.String(\"320s\"),\n\t\t\tRetryConfig: \u0026cloudscheduler.JobRetryConfigArgs{\n\t\t\t\tRetryCount: pulumi.Int(1),\n\t\t\t},\n\t\t\tHttpTarget: \u0026cloudscheduler.JobHttpTargetArgs{\n\t\t\t\tHttpMethod: pulumi.String(\"POST\"),\n\t\t\t\tUri: pulumi.String(\"https://example.com/ping\"),\n\t\t\t\tBody: pulumi.String(invokeBase64encode.Result),\n\t\t\t\tHeaders: pulumi.StringMap{\n\t\t\t\t\t\"Content-Type\": pulumi.String(\"application/json\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudscheduler.Job;\nimport com.pulumi.gcp.cloudscheduler.JobArgs;\nimport com.pulumi.gcp.cloudscheduler.inputs.JobRetryConfigArgs;\nimport com.pulumi.gcp.cloudscheduler.inputs.JobHttpTargetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var job = new Job(\"job\", JobArgs.builder()\n .paused(true)\n .name(\"test-job\")\n .description(\"test http job with updated fields\")\n .schedule(\"*/8 * * * *\")\n .timeZone(\"America/New_York\")\n .attemptDeadline(\"320s\")\n .retryConfig(JobRetryConfigArgs.builder()\n .retryCount(1)\n .build())\n .httpTarget(JobHttpTargetArgs.builder()\n .httpMethod(\"POST\")\n .uri(\"https://example.com/ping\")\n .body(StdFunctions.base64encode(Base64encodeArgs.builder()\n .input(\"{\\\"foo\\\":\\\"bar\\\"}\")\n .build()).result())\n .headers(Map.of(\"Content-Type\", \"application/json\"))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n job:\n type: gcp:cloudscheduler:Job\n properties:\n paused: true\n name: test-job\n description: test http job with updated fields\n schedule: '*/8 * * * *'\n timeZone: America/New_York\n attemptDeadline: 320s\n retryConfig:\n retryCount: 1\n httpTarget:\n httpMethod: POST\n uri: https://example.com/ping\n body:\n fn::invoke:\n function: std:base64encode\n arguments:\n input: '{\"foo\":\"bar\"}'\n return: result\n headers:\n Content-Type: application/json\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Scheduler Job App Engine\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst job = new gcp.cloudscheduler.Job(\"job\", {\n name: \"test-job\",\n schedule: \"*/4 * * * *\",\n description: \"test app engine job\",\n timeZone: \"Europe/London\",\n attemptDeadline: \"320s\",\n retryConfig: {\n minBackoffDuration: \"1s\",\n maxRetryDuration: \"10s\",\n maxDoublings: 2,\n retryCount: 3,\n },\n appEngineHttpTarget: {\n httpMethod: \"POST\",\n appEngineRouting: {\n service: \"web\",\n version: \"prod\",\n instance: \"my-instance-001\",\n },\n relativeUri: \"/ping\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\njob = gcp.cloudscheduler.Job(\"job\",\n name=\"test-job\",\n schedule=\"*/4 * * * *\",\n description=\"test app engine job\",\n time_zone=\"Europe/London\",\n attempt_deadline=\"320s\",\n retry_config={\n \"min_backoff_duration\": \"1s\",\n \"max_retry_duration\": \"10s\",\n \"max_doublings\": 2,\n \"retry_count\": 3,\n },\n app_engine_http_target={\n \"http_method\": \"POST\",\n \"app_engine_routing\": {\n \"service\": \"web\",\n \"version\": \"prod\",\n \"instance\": \"my-instance-001\",\n },\n \"relative_uri\": \"/ping\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var job = new Gcp.CloudScheduler.Job(\"job\", new()\n {\n Name = \"test-job\",\n Schedule = \"*/4 * * * *\",\n Description = \"test app engine job\",\n TimeZone = \"Europe/London\",\n AttemptDeadline = \"320s\",\n RetryConfig = new Gcp.CloudScheduler.Inputs.JobRetryConfigArgs\n {\n MinBackoffDuration = \"1s\",\n MaxRetryDuration = \"10s\",\n MaxDoublings = 2,\n RetryCount = 3,\n },\n AppEngineHttpTarget = new Gcp.CloudScheduler.Inputs.JobAppEngineHttpTargetArgs\n {\n HttpMethod = \"POST\",\n AppEngineRouting = new Gcp.CloudScheduler.Inputs.JobAppEngineHttpTargetAppEngineRoutingArgs\n {\n Service = \"web\",\n Version = \"prod\",\n Instance = \"my-instance-001\",\n },\n RelativeUri = \"/ping\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudscheduler\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudscheduler.NewJob(ctx, \"job\", \u0026cloudscheduler.JobArgs{\n\t\t\tName: pulumi.String(\"test-job\"),\n\t\t\tSchedule: pulumi.String(\"*/4 * * * *\"),\n\t\t\tDescription: pulumi.String(\"test app engine job\"),\n\t\t\tTimeZone: pulumi.String(\"Europe/London\"),\n\t\t\tAttemptDeadline: pulumi.String(\"320s\"),\n\t\t\tRetryConfig: \u0026cloudscheduler.JobRetryConfigArgs{\n\t\t\t\tMinBackoffDuration: pulumi.String(\"1s\"),\n\t\t\t\tMaxRetryDuration: pulumi.String(\"10s\"),\n\t\t\t\tMaxDoublings: pulumi.Int(2),\n\t\t\t\tRetryCount: pulumi.Int(3),\n\t\t\t},\n\t\t\tAppEngineHttpTarget: \u0026cloudscheduler.JobAppEngineHttpTargetArgs{\n\t\t\t\tHttpMethod: pulumi.String(\"POST\"),\n\t\t\t\tAppEngineRouting: \u0026cloudscheduler.JobAppEngineHttpTargetAppEngineRoutingArgs{\n\t\t\t\t\tService: pulumi.String(\"web\"),\n\t\t\t\t\tVersion: pulumi.String(\"prod\"),\n\t\t\t\t\tInstance: pulumi.String(\"my-instance-001\"),\n\t\t\t\t},\n\t\t\t\tRelativeUri: pulumi.String(\"/ping\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudscheduler.Job;\nimport com.pulumi.gcp.cloudscheduler.JobArgs;\nimport com.pulumi.gcp.cloudscheduler.inputs.JobRetryConfigArgs;\nimport com.pulumi.gcp.cloudscheduler.inputs.JobAppEngineHttpTargetArgs;\nimport com.pulumi.gcp.cloudscheduler.inputs.JobAppEngineHttpTargetAppEngineRoutingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var job = new Job(\"job\", JobArgs.builder()\n .name(\"test-job\")\n .schedule(\"*/4 * * * *\")\n .description(\"test app engine job\")\n .timeZone(\"Europe/London\")\n .attemptDeadline(\"320s\")\n .retryConfig(JobRetryConfigArgs.builder()\n .minBackoffDuration(\"1s\")\n .maxRetryDuration(\"10s\")\n .maxDoublings(2)\n .retryCount(3)\n .build())\n .appEngineHttpTarget(JobAppEngineHttpTargetArgs.builder()\n .httpMethod(\"POST\")\n .appEngineRouting(JobAppEngineHttpTargetAppEngineRoutingArgs.builder()\n .service(\"web\")\n .version(\"prod\")\n .instance(\"my-instance-001\")\n .build())\n .relativeUri(\"/ping\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n job:\n type: gcp:cloudscheduler:Job\n properties:\n name: test-job\n schedule: '*/4 * * * *'\n description: test app engine job\n timeZone: Europe/London\n attemptDeadline: 320s\n retryConfig:\n minBackoffDuration: 1s\n maxRetryDuration: 10s\n maxDoublings: 2\n retryCount: 3\n appEngineHttpTarget:\n httpMethod: POST\n appEngineRouting:\n service: web\n version: prod\n instance: my-instance-001\n relativeUri: /ping\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Scheduler Job Oauth\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getDefaultServiceAccount({});\nconst job = new gcp.cloudscheduler.Job(\"job\", {\n name: \"test-job\",\n description: \"test http job\",\n schedule: \"*/8 * * * *\",\n timeZone: \"America/New_York\",\n attemptDeadline: \"320s\",\n httpTarget: {\n httpMethod: \"GET\",\n uri: \"https://cloudscheduler.googleapis.com/v1/projects/my-project-name/locations/us-west1/jobs\",\n oauthToken: {\n serviceAccountEmail: _default.then(_default =\u003e _default.email),\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_default_service_account()\njob = gcp.cloudscheduler.Job(\"job\",\n name=\"test-job\",\n description=\"test http job\",\n schedule=\"*/8 * * * *\",\n time_zone=\"America/New_York\",\n attempt_deadline=\"320s\",\n http_target={\n \"http_method\": \"GET\",\n \"uri\": \"https://cloudscheduler.googleapis.com/v1/projects/my-project-name/locations/us-west1/jobs\",\n \"oauth_token\": {\n \"service_account_email\": default.email,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetDefaultServiceAccount.Invoke();\n\n var job = new Gcp.CloudScheduler.Job(\"job\", new()\n {\n Name = \"test-job\",\n Description = \"test http job\",\n Schedule = \"*/8 * * * *\",\n TimeZone = \"America/New_York\",\n AttemptDeadline = \"320s\",\n HttpTarget = new Gcp.CloudScheduler.Inputs.JobHttpTargetArgs\n {\n HttpMethod = \"GET\",\n Uri = \"https://cloudscheduler.googleapis.com/v1/projects/my-project-name/locations/us-west1/jobs\",\n OauthToken = new Gcp.CloudScheduler.Inputs.JobHttpTargetOauthTokenArgs\n {\n ServiceAccountEmail = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Email)),\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudscheduler\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.GetDefaultServiceAccount(ctx, \u0026compute.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudscheduler.NewJob(ctx, \"job\", \u0026cloudscheduler.JobArgs{\n\t\t\tName: pulumi.String(\"test-job\"),\n\t\t\tDescription: pulumi.String(\"test http job\"),\n\t\t\tSchedule: pulumi.String(\"*/8 * * * *\"),\n\t\t\tTimeZone: pulumi.String(\"America/New_York\"),\n\t\t\tAttemptDeadline: pulumi.String(\"320s\"),\n\t\t\tHttpTarget: \u0026cloudscheduler.JobHttpTargetArgs{\n\t\t\t\tHttpMethod: pulumi.String(\"GET\"),\n\t\t\t\tUri: pulumi.String(\"https://cloudscheduler.googleapis.com/v1/projects/my-project-name/locations/us-west1/jobs\"),\n\t\t\t\tOauthToken: \u0026cloudscheduler.JobHttpTargetOauthTokenArgs{\n\t\t\t\t\tServiceAccountEmail: pulumi.String(_default.Email),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.cloudscheduler.Job;\nimport com.pulumi.gcp.cloudscheduler.JobArgs;\nimport com.pulumi.gcp.cloudscheduler.inputs.JobHttpTargetArgs;\nimport com.pulumi.gcp.cloudscheduler.inputs.JobHttpTargetOauthTokenArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getDefaultServiceAccount();\n\n var job = new Job(\"job\", JobArgs.builder()\n .name(\"test-job\")\n .description(\"test http job\")\n .schedule(\"*/8 * * * *\")\n .timeZone(\"America/New_York\")\n .attemptDeadline(\"320s\")\n .httpTarget(JobHttpTargetArgs.builder()\n .httpMethod(\"GET\")\n .uri(\"https://cloudscheduler.googleapis.com/v1/projects/my-project-name/locations/us-west1/jobs\")\n .oauthToken(JobHttpTargetOauthTokenArgs.builder()\n .serviceAccountEmail(default_.email())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n job:\n type: gcp:cloudscheduler:Job\n properties:\n name: test-job\n description: test http job\n schedule: '*/8 * * * *'\n timeZone: America/New_York\n attemptDeadline: 320s\n httpTarget:\n httpMethod: GET\n uri: https://cloudscheduler.googleapis.com/v1/projects/my-project-name/locations/us-west1/jobs\n oauthToken:\n serviceAccountEmail: ${default.email}\nvariables:\n default:\n fn::invoke:\n function: gcp:compute:getDefaultServiceAccount\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Scheduler Job Oidc\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getDefaultServiceAccount({});\nconst job = new gcp.cloudscheduler.Job(\"job\", {\n name: \"test-job\",\n description: \"test http job\",\n schedule: \"*/8 * * * *\",\n timeZone: \"America/New_York\",\n attemptDeadline: \"320s\",\n httpTarget: {\n httpMethod: \"GET\",\n uri: \"https://example.com/ping\",\n oidcToken: {\n serviceAccountEmail: _default.then(_default =\u003e _default.email),\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_default_service_account()\njob = gcp.cloudscheduler.Job(\"job\",\n name=\"test-job\",\n description=\"test http job\",\n schedule=\"*/8 * * * *\",\n time_zone=\"America/New_York\",\n attempt_deadline=\"320s\",\n http_target={\n \"http_method\": \"GET\",\n \"uri\": \"https://example.com/ping\",\n \"oidc_token\": {\n \"service_account_email\": default.email,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetDefaultServiceAccount.Invoke();\n\n var job = new Gcp.CloudScheduler.Job(\"job\", new()\n {\n Name = \"test-job\",\n Description = \"test http job\",\n Schedule = \"*/8 * * * *\",\n TimeZone = \"America/New_York\",\n AttemptDeadline = \"320s\",\n HttpTarget = new Gcp.CloudScheduler.Inputs.JobHttpTargetArgs\n {\n HttpMethod = \"GET\",\n Uri = \"https://example.com/ping\",\n OidcToken = new Gcp.CloudScheduler.Inputs.JobHttpTargetOidcTokenArgs\n {\n ServiceAccountEmail = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Email)),\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudscheduler\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.GetDefaultServiceAccount(ctx, \u0026compute.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudscheduler.NewJob(ctx, \"job\", \u0026cloudscheduler.JobArgs{\n\t\t\tName: pulumi.String(\"test-job\"),\n\t\t\tDescription: pulumi.String(\"test http job\"),\n\t\t\tSchedule: pulumi.String(\"*/8 * * * *\"),\n\t\t\tTimeZone: pulumi.String(\"America/New_York\"),\n\t\t\tAttemptDeadline: pulumi.String(\"320s\"),\n\t\t\tHttpTarget: \u0026cloudscheduler.JobHttpTargetArgs{\n\t\t\t\tHttpMethod: pulumi.String(\"GET\"),\n\t\t\t\tUri: pulumi.String(\"https://example.com/ping\"),\n\t\t\t\tOidcToken: \u0026cloudscheduler.JobHttpTargetOidcTokenArgs{\n\t\t\t\t\tServiceAccountEmail: pulumi.String(_default.Email),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.cloudscheduler.Job;\nimport com.pulumi.gcp.cloudscheduler.JobArgs;\nimport com.pulumi.gcp.cloudscheduler.inputs.JobHttpTargetArgs;\nimport com.pulumi.gcp.cloudscheduler.inputs.JobHttpTargetOidcTokenArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getDefaultServiceAccount();\n\n var job = new Job(\"job\", JobArgs.builder()\n .name(\"test-job\")\n .description(\"test http job\")\n .schedule(\"*/8 * * * *\")\n .timeZone(\"America/New_York\")\n .attemptDeadline(\"320s\")\n .httpTarget(JobHttpTargetArgs.builder()\n .httpMethod(\"GET\")\n .uri(\"https://example.com/ping\")\n .oidcToken(JobHttpTargetOidcTokenArgs.builder()\n .serviceAccountEmail(default_.email())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n job:\n type: gcp:cloudscheduler:Job\n properties:\n name: test-job\n description: test http job\n schedule: '*/8 * * * *'\n timeZone: America/New_York\n attemptDeadline: 320s\n httpTarget:\n httpMethod: GET\n uri: https://example.com/ping\n oidcToken:\n serviceAccountEmail: ${default.email}\nvariables:\n default:\n fn::invoke:\n function: gcp:compute:getDefaultServiceAccount\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nJob can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/jobs/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Job can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:cloudscheduler/job:Job default projects/{{project}}/locations/{{region}}/jobs/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudscheduler/job:Job default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudscheduler/job:Job default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:cloudscheduler/job:Job default {{name}}\n```\n\n", "properties": { "appEngineHttpTarget": { "$ref": "#/types/gcp:cloudscheduler/JobAppEngineHttpTarget:JobAppEngineHttpTarget", @@ -157851,7 +157851,7 @@ } }, "gcp:cloudtasks/queueIamBinding:QueueIamBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud Tasks Queue. Each of these resources serves a different use case:\n\n* `gcp.cloudtasks.QueueIamPolicy`: Authoritative. Sets the IAM policy for the queue and replaces any existing policy already attached.\n* `gcp.cloudtasks.QueueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the queue are preserved.\n* `gcp.cloudtasks.QueueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the queue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudtasks.QueueIamPolicy`: Retrieves the IAM policy for the queue\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamPolicy` **cannot** be used in conjunction with `gcp.cloudtasks.QueueIamBinding` and `gcp.cloudtasks.QueueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamBinding` resources **can be** used in conjunction with `gcp.cloudtasks.QueueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudtasks.QueueIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudtasks.QueueIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudtasks.QueueIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudTasks.QueueIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtasks.NewQueueIamPolicy(ctx, \"policy\", \u0026cloudtasks.QueueIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicy;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new QueueIamPolicy(\"policy\", QueueIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudtasks:QueueIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudtasks.QueueIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudtasks.QueueIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudtasks.QueueIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudTasks.QueueIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamBinding(ctx, \"binding\", \u0026cloudtasks.QueueIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamBinding;\nimport com.pulumi.gcp.cloudtasks.QueueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new QueueIamBinding(\"binding\", QueueIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudtasks:QueueIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudtasks.QueueIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudtasks.QueueIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudtasks.QueueIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudTasks.QueueIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamMember(ctx, \"member\", \u0026cloudtasks.QueueIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamMember;\nimport com.pulumi.gcp.cloudtasks.QueueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new QueueIamMember(\"member\", QueueIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudtasks:QueueIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Tasks Queue\nThree different resources help you manage your IAM policy for Cloud Tasks Queue. Each of these resources serves a different use case:\n\n* `gcp.cloudtasks.QueueIamPolicy`: Authoritative. Sets the IAM policy for the queue and replaces any existing policy already attached.\n* `gcp.cloudtasks.QueueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the queue are preserved.\n* `gcp.cloudtasks.QueueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the queue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudtasks.QueueIamPolicy`: Retrieves the IAM policy for the queue\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamPolicy` **cannot** be used in conjunction with `gcp.cloudtasks.QueueIamBinding` and `gcp.cloudtasks.QueueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamBinding` resources **can be** used in conjunction with `gcp.cloudtasks.QueueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudtasks.QueueIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudtasks.QueueIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudtasks.QueueIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudTasks.QueueIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtasks.NewQueueIamPolicy(ctx, \"policy\", \u0026cloudtasks.QueueIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicy;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new QueueIamPolicy(\"policy\", QueueIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudtasks:QueueIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudtasks.QueueIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudtasks.QueueIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudtasks.QueueIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudTasks.QueueIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamBinding(ctx, \"binding\", \u0026cloudtasks.QueueIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamBinding;\nimport com.pulumi.gcp.cloudtasks.QueueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new QueueIamBinding(\"binding\", QueueIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudtasks:QueueIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudtasks.QueueIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudtasks.QueueIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudtasks.QueueIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudTasks.QueueIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamMember(ctx, \"member\", \u0026cloudtasks.QueueIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamMember;\nimport com.pulumi.gcp.cloudtasks.QueueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new QueueIamMember(\"member\", QueueIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudtasks:QueueIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/queues/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Tasks queue IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamBinding:QueueIamBinding editor \"projects/{{project}}/locations/{{location}}/queues/{{queue}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamBinding:QueueIamBinding editor \"projects/{{project}}/locations/{{location}}/queues/{{queue}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamBinding:QueueIamBinding editor projects/{{project}}/locations/{{location}}/queues/{{queue}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Tasks Queue. Each of these resources serves a different use case:\n\n* `gcp.cloudtasks.QueueIamPolicy`: Authoritative. Sets the IAM policy for the queue and replaces any existing policy already attached.\n* `gcp.cloudtasks.QueueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the queue are preserved.\n* `gcp.cloudtasks.QueueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the queue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudtasks.QueueIamPolicy`: Retrieves the IAM policy for the queue\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamPolicy` **cannot** be used in conjunction with `gcp.cloudtasks.QueueIamBinding` and `gcp.cloudtasks.QueueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamBinding` resources **can be** used in conjunction with `gcp.cloudtasks.QueueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudtasks.QueueIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudtasks.QueueIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudtasks.QueueIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudTasks.QueueIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtasks.NewQueueIamPolicy(ctx, \"policy\", \u0026cloudtasks.QueueIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicy;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new QueueIamPolicy(\"policy\", QueueIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudtasks:QueueIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudtasks.QueueIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudtasks.QueueIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudtasks.QueueIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudTasks.QueueIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamBinding(ctx, \"binding\", \u0026cloudtasks.QueueIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamBinding;\nimport com.pulumi.gcp.cloudtasks.QueueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new QueueIamBinding(\"binding\", QueueIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudtasks:QueueIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudtasks.QueueIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudtasks.QueueIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudtasks.QueueIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudTasks.QueueIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamMember(ctx, \"member\", \u0026cloudtasks.QueueIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamMember;\nimport com.pulumi.gcp.cloudtasks.QueueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new QueueIamMember(\"member\", QueueIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudtasks:QueueIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Tasks Queue\nThree different resources help you manage your IAM policy for Cloud Tasks Queue. Each of these resources serves a different use case:\n\n* `gcp.cloudtasks.QueueIamPolicy`: Authoritative. Sets the IAM policy for the queue and replaces any existing policy already attached.\n* `gcp.cloudtasks.QueueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the queue are preserved.\n* `gcp.cloudtasks.QueueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the queue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudtasks.QueueIamPolicy`: Retrieves the IAM policy for the queue\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamPolicy` **cannot** be used in conjunction with `gcp.cloudtasks.QueueIamBinding` and `gcp.cloudtasks.QueueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamBinding` resources **can be** used in conjunction with `gcp.cloudtasks.QueueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudtasks.QueueIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudtasks.QueueIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudtasks.QueueIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudTasks.QueueIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtasks.NewQueueIamPolicy(ctx, \"policy\", \u0026cloudtasks.QueueIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicy;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new QueueIamPolicy(\"policy\", QueueIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudtasks:QueueIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudtasks.QueueIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudtasks.QueueIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudtasks.QueueIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudTasks.QueueIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamBinding(ctx, \"binding\", \u0026cloudtasks.QueueIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamBinding;\nimport com.pulumi.gcp.cloudtasks.QueueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new QueueIamBinding(\"binding\", QueueIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudtasks:QueueIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudtasks.QueueIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudtasks.QueueIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudtasks.QueueIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudTasks.QueueIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamMember(ctx, \"member\", \u0026cloudtasks.QueueIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamMember;\nimport com.pulumi.gcp.cloudtasks.QueueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new QueueIamMember(\"member\", QueueIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudtasks:QueueIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/queues/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Tasks queue IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamBinding:QueueIamBinding editor \"projects/{{project}}/locations/{{location}}/queues/{{queue}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamBinding:QueueIamBinding editor \"projects/{{project}}/locations/{{location}}/queues/{{queue}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamBinding:QueueIamBinding editor projects/{{project}}/locations/{{location}}/queues/{{queue}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:cloudtasks/QueueIamBindingCondition:QueueIamBindingCondition" @@ -157972,7 +157972,7 @@ } }, "gcp:cloudtasks/queueIamMember:QueueIamMember": { - "description": "Three different resources help you manage your IAM policy for Cloud Tasks Queue. Each of these resources serves a different use case:\n\n* `gcp.cloudtasks.QueueIamPolicy`: Authoritative. Sets the IAM policy for the queue and replaces any existing policy already attached.\n* `gcp.cloudtasks.QueueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the queue are preserved.\n* `gcp.cloudtasks.QueueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the queue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudtasks.QueueIamPolicy`: Retrieves the IAM policy for the queue\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamPolicy` **cannot** be used in conjunction with `gcp.cloudtasks.QueueIamBinding` and `gcp.cloudtasks.QueueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamBinding` resources **can be** used in conjunction with `gcp.cloudtasks.QueueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudtasks.QueueIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudtasks.QueueIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudtasks.QueueIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudTasks.QueueIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtasks.NewQueueIamPolicy(ctx, \"policy\", \u0026cloudtasks.QueueIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicy;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new QueueIamPolicy(\"policy\", QueueIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudtasks:QueueIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudtasks.QueueIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudtasks.QueueIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudtasks.QueueIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudTasks.QueueIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamBinding(ctx, \"binding\", \u0026cloudtasks.QueueIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamBinding;\nimport com.pulumi.gcp.cloudtasks.QueueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new QueueIamBinding(\"binding\", QueueIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudtasks:QueueIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudtasks.QueueIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudtasks.QueueIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudtasks.QueueIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudTasks.QueueIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamMember(ctx, \"member\", \u0026cloudtasks.QueueIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamMember;\nimport com.pulumi.gcp.cloudtasks.QueueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new QueueIamMember(\"member\", QueueIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudtasks:QueueIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Tasks Queue\nThree different resources help you manage your IAM policy for Cloud Tasks Queue. Each of these resources serves a different use case:\n\n* `gcp.cloudtasks.QueueIamPolicy`: Authoritative. Sets the IAM policy for the queue and replaces any existing policy already attached.\n* `gcp.cloudtasks.QueueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the queue are preserved.\n* `gcp.cloudtasks.QueueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the queue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudtasks.QueueIamPolicy`: Retrieves the IAM policy for the queue\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamPolicy` **cannot** be used in conjunction with `gcp.cloudtasks.QueueIamBinding` and `gcp.cloudtasks.QueueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamBinding` resources **can be** used in conjunction with `gcp.cloudtasks.QueueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudtasks.QueueIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudtasks.QueueIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudtasks.QueueIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudTasks.QueueIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtasks.NewQueueIamPolicy(ctx, \"policy\", \u0026cloudtasks.QueueIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicy;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new QueueIamPolicy(\"policy\", QueueIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudtasks:QueueIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudtasks.QueueIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudtasks.QueueIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudtasks.QueueIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudTasks.QueueIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamBinding(ctx, \"binding\", \u0026cloudtasks.QueueIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamBinding;\nimport com.pulumi.gcp.cloudtasks.QueueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new QueueIamBinding(\"binding\", QueueIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudtasks:QueueIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudtasks.QueueIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudtasks.QueueIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudtasks.QueueIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudTasks.QueueIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamMember(ctx, \"member\", \u0026cloudtasks.QueueIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamMember;\nimport com.pulumi.gcp.cloudtasks.QueueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new QueueIamMember(\"member\", QueueIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudtasks:QueueIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/queues/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Tasks queue IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamMember:QueueIamMember editor \"projects/{{project}}/locations/{{location}}/queues/{{queue}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamMember:QueueIamMember editor \"projects/{{project}}/locations/{{location}}/queues/{{queue}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamMember:QueueIamMember editor projects/{{project}}/locations/{{location}}/queues/{{queue}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Tasks Queue. Each of these resources serves a different use case:\n\n* `gcp.cloudtasks.QueueIamPolicy`: Authoritative. Sets the IAM policy for the queue and replaces any existing policy already attached.\n* `gcp.cloudtasks.QueueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the queue are preserved.\n* `gcp.cloudtasks.QueueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the queue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudtasks.QueueIamPolicy`: Retrieves the IAM policy for the queue\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamPolicy` **cannot** be used in conjunction with `gcp.cloudtasks.QueueIamBinding` and `gcp.cloudtasks.QueueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamBinding` resources **can be** used in conjunction with `gcp.cloudtasks.QueueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudtasks.QueueIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudtasks.QueueIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudtasks.QueueIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudTasks.QueueIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtasks.NewQueueIamPolicy(ctx, \"policy\", \u0026cloudtasks.QueueIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicy;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new QueueIamPolicy(\"policy\", QueueIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudtasks:QueueIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudtasks.QueueIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudtasks.QueueIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudtasks.QueueIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudTasks.QueueIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamBinding(ctx, \"binding\", \u0026cloudtasks.QueueIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamBinding;\nimport com.pulumi.gcp.cloudtasks.QueueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new QueueIamBinding(\"binding\", QueueIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudtasks:QueueIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudtasks.QueueIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudtasks.QueueIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudtasks.QueueIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudTasks.QueueIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamMember(ctx, \"member\", \u0026cloudtasks.QueueIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamMember;\nimport com.pulumi.gcp.cloudtasks.QueueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new QueueIamMember(\"member\", QueueIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudtasks:QueueIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Tasks Queue\nThree different resources help you manage your IAM policy for Cloud Tasks Queue. Each of these resources serves a different use case:\n\n* `gcp.cloudtasks.QueueIamPolicy`: Authoritative. Sets the IAM policy for the queue and replaces any existing policy already attached.\n* `gcp.cloudtasks.QueueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the queue are preserved.\n* `gcp.cloudtasks.QueueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the queue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudtasks.QueueIamPolicy`: Retrieves the IAM policy for the queue\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamPolicy` **cannot** be used in conjunction with `gcp.cloudtasks.QueueIamBinding` and `gcp.cloudtasks.QueueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamBinding` resources **can be** used in conjunction with `gcp.cloudtasks.QueueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudtasks.QueueIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudtasks.QueueIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudtasks.QueueIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudTasks.QueueIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtasks.NewQueueIamPolicy(ctx, \"policy\", \u0026cloudtasks.QueueIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicy;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new QueueIamPolicy(\"policy\", QueueIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudtasks:QueueIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudtasks.QueueIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudtasks.QueueIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudtasks.QueueIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudTasks.QueueIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamBinding(ctx, \"binding\", \u0026cloudtasks.QueueIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamBinding;\nimport com.pulumi.gcp.cloudtasks.QueueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new QueueIamBinding(\"binding\", QueueIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudtasks:QueueIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudtasks.QueueIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudtasks.QueueIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudtasks.QueueIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudTasks.QueueIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamMember(ctx, \"member\", \u0026cloudtasks.QueueIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamMember;\nimport com.pulumi.gcp.cloudtasks.QueueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new QueueIamMember(\"member\", QueueIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudtasks:QueueIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/queues/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Tasks queue IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamMember:QueueIamMember editor \"projects/{{project}}/locations/{{location}}/queues/{{queue}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamMember:QueueIamMember editor \"projects/{{project}}/locations/{{location}}/queues/{{queue}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamMember:QueueIamMember editor projects/{{project}}/locations/{{location}}/queues/{{queue}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:cloudtasks/QueueIamMemberCondition:QueueIamMemberCondition" @@ -158086,7 +158086,7 @@ } }, "gcp:cloudtasks/queueIamPolicy:QueueIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud Tasks Queue. Each of these resources serves a different use case:\n\n* `gcp.cloudtasks.QueueIamPolicy`: Authoritative. Sets the IAM policy for the queue and replaces any existing policy already attached.\n* `gcp.cloudtasks.QueueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the queue are preserved.\n* `gcp.cloudtasks.QueueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the queue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudtasks.QueueIamPolicy`: Retrieves the IAM policy for the queue\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamPolicy` **cannot** be used in conjunction with `gcp.cloudtasks.QueueIamBinding` and `gcp.cloudtasks.QueueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamBinding` resources **can be** used in conjunction with `gcp.cloudtasks.QueueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudtasks.QueueIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudtasks.QueueIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudtasks.QueueIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudTasks.QueueIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtasks.NewQueueIamPolicy(ctx, \"policy\", \u0026cloudtasks.QueueIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicy;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new QueueIamPolicy(\"policy\", QueueIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudtasks:QueueIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudtasks.QueueIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudtasks.QueueIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudtasks.QueueIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudTasks.QueueIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamBinding(ctx, \"binding\", \u0026cloudtasks.QueueIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamBinding;\nimport com.pulumi.gcp.cloudtasks.QueueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new QueueIamBinding(\"binding\", QueueIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudtasks:QueueIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudtasks.QueueIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudtasks.QueueIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudtasks.QueueIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudTasks.QueueIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamMember(ctx, \"member\", \u0026cloudtasks.QueueIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamMember;\nimport com.pulumi.gcp.cloudtasks.QueueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new QueueIamMember(\"member\", QueueIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudtasks:QueueIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Tasks Queue\nThree different resources help you manage your IAM policy for Cloud Tasks Queue. Each of these resources serves a different use case:\n\n* `gcp.cloudtasks.QueueIamPolicy`: Authoritative. Sets the IAM policy for the queue and replaces any existing policy already attached.\n* `gcp.cloudtasks.QueueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the queue are preserved.\n* `gcp.cloudtasks.QueueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the queue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudtasks.QueueIamPolicy`: Retrieves the IAM policy for the queue\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamPolicy` **cannot** be used in conjunction with `gcp.cloudtasks.QueueIamBinding` and `gcp.cloudtasks.QueueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamBinding` resources **can be** used in conjunction with `gcp.cloudtasks.QueueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudtasks.QueueIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudtasks.QueueIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudtasks.QueueIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudTasks.QueueIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtasks.NewQueueIamPolicy(ctx, \"policy\", \u0026cloudtasks.QueueIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicy;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new QueueIamPolicy(\"policy\", QueueIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudtasks:QueueIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudtasks.QueueIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudtasks.QueueIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudtasks.QueueIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudTasks.QueueIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamBinding(ctx, \"binding\", \u0026cloudtasks.QueueIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamBinding;\nimport com.pulumi.gcp.cloudtasks.QueueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new QueueIamBinding(\"binding\", QueueIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudtasks:QueueIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudtasks.QueueIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudtasks.QueueIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudtasks.QueueIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudTasks.QueueIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamMember(ctx, \"member\", \u0026cloudtasks.QueueIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamMember;\nimport com.pulumi.gcp.cloudtasks.QueueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new QueueIamMember(\"member\", QueueIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudtasks:QueueIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/queues/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Tasks queue IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamPolicy:QueueIamPolicy editor \"projects/{{project}}/locations/{{location}}/queues/{{queue}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamPolicy:QueueIamPolicy editor \"projects/{{project}}/locations/{{location}}/queues/{{queue}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamPolicy:QueueIamPolicy editor projects/{{project}}/locations/{{location}}/queues/{{queue}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Tasks Queue. Each of these resources serves a different use case:\n\n* `gcp.cloudtasks.QueueIamPolicy`: Authoritative. Sets the IAM policy for the queue and replaces any existing policy already attached.\n* `gcp.cloudtasks.QueueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the queue are preserved.\n* `gcp.cloudtasks.QueueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the queue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudtasks.QueueIamPolicy`: Retrieves the IAM policy for the queue\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamPolicy` **cannot** be used in conjunction with `gcp.cloudtasks.QueueIamBinding` and `gcp.cloudtasks.QueueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamBinding` resources **can be** used in conjunction with `gcp.cloudtasks.QueueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudtasks.QueueIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudtasks.QueueIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudtasks.QueueIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudTasks.QueueIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtasks.NewQueueIamPolicy(ctx, \"policy\", \u0026cloudtasks.QueueIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicy;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new QueueIamPolicy(\"policy\", QueueIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudtasks:QueueIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudtasks.QueueIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudtasks.QueueIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudtasks.QueueIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudTasks.QueueIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamBinding(ctx, \"binding\", \u0026cloudtasks.QueueIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamBinding;\nimport com.pulumi.gcp.cloudtasks.QueueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new QueueIamBinding(\"binding\", QueueIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudtasks:QueueIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudtasks.QueueIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudtasks.QueueIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudtasks.QueueIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudTasks.QueueIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamMember(ctx, \"member\", \u0026cloudtasks.QueueIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamMember;\nimport com.pulumi.gcp.cloudtasks.QueueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new QueueIamMember(\"member\", QueueIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudtasks:QueueIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Tasks Queue\nThree different resources help you manage your IAM policy for Cloud Tasks Queue. Each of these resources serves a different use case:\n\n* `gcp.cloudtasks.QueueIamPolicy`: Authoritative. Sets the IAM policy for the queue and replaces any existing policy already attached.\n* `gcp.cloudtasks.QueueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the queue are preserved.\n* `gcp.cloudtasks.QueueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the queue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudtasks.QueueIamPolicy`: Retrieves the IAM policy for the queue\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamPolicy` **cannot** be used in conjunction with `gcp.cloudtasks.QueueIamBinding` and `gcp.cloudtasks.QueueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamBinding` resources **can be** used in conjunction with `gcp.cloudtasks.QueueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.cloudtasks.QueueIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudtasks.QueueIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.cloudtasks.QueueIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudTasks.QueueIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtasks.NewQueueIamPolicy(ctx, \"policy\", \u0026cloudtasks.QueueIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicy;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new QueueIamPolicy(\"policy\", QueueIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudtasks:QueueIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudtasks.QueueIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudtasks.QueueIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudtasks.QueueIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudTasks.QueueIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamBinding(ctx, \"binding\", \u0026cloudtasks.QueueIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamBinding;\nimport com.pulumi.gcp.cloudtasks.QueueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new QueueIamBinding(\"binding\", QueueIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudtasks:QueueIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.cloudtasks.QueueIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudtasks.QueueIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudtasks.QueueIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudTasks.QueueIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamMember(ctx, \"member\", \u0026cloudtasks.QueueIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamMember;\nimport com.pulumi.gcp.cloudtasks.QueueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new QueueIamMember(\"member\", QueueIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudtasks:QueueIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/queues/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Tasks queue IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamPolicy:QueueIamPolicy editor \"projects/{{project}}/locations/{{location}}/queues/{{queue}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamPolicy:QueueIamPolicy editor \"projects/{{project}}/locations/{{location}}/queues/{{queue}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamPolicy:QueueIamPolicy editor projects/{{project}}/locations/{{location}}/queues/{{queue}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -158409,7 +158409,7 @@ } }, "gcp:composer/userWorkloadsSecret:UserWorkloadsSecret": { - "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst example = new gcp.composer.Environment(\"example\", {\n name: \"example-environment\",\n project: \"example-project\",\n region: \"us-central1\",\n config: {\n softwareConfig: {\n imageVersion: \"example-image-version\",\n },\n },\n});\nconst exampleUserWorkloadsSecret = new gcp.composer.UserWorkloadsSecret(\"example\", {\n name: \"example-secret\",\n project: \"example-project\",\n region: \"us-central1\",\n environment: example.name,\n data: {\n email: std.base64encode({\n input: \"example-email\",\n }).then(invoke =\u003e invoke.result),\n password: std.base64encode({\n input: \"example-password\",\n }).then(invoke =\u003e invoke.result),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nexample = gcp.composer.Environment(\"example\",\n name=\"example-environment\",\n project=\"example-project\",\n region=\"us-central1\",\n config={\n \"software_config\": {\n \"image_version\": \"example-image-version\",\n },\n })\nexample_user_workloads_secret = gcp.composer.UserWorkloadsSecret(\"example\",\n name=\"example-secret\",\n project=\"example-project\",\n region=\"us-central1\",\n environment=example.name,\n data={\n \"email\": std.base64encode(input=\"example-email\").result,\n \"password\": std.base64encode(input=\"example-password\").result,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.Composer.Environment(\"example\", new()\n {\n Name = \"example-environment\",\n Project = \"example-project\",\n Region = \"us-central1\",\n Config = new Gcp.Composer.Inputs.EnvironmentConfigArgs\n {\n SoftwareConfig = new Gcp.Composer.Inputs.EnvironmentConfigSoftwareConfigArgs\n {\n ImageVersion = \"example-image-version\",\n },\n },\n });\n\n var exampleUserWorkloadsSecret = new Gcp.Composer.UserWorkloadsSecret(\"example\", new()\n {\n Name = \"example-secret\",\n Project = \"example-project\",\n Region = \"us-central1\",\n Environment = example.Name,\n Data = \n {\n { \"email\", Std.Base64encode.Invoke(new()\n {\n Input = \"example-email\",\n }).Apply(invoke =\u003e invoke.Result) },\n { \"password\", Std.Base64encode.Invoke(new()\n {\n Input = \"example-password\",\n }).Apply(invoke =\u003e invoke.Result) },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/composer\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := composer.NewEnvironment(ctx, \"example\", \u0026composer.EnvironmentArgs{\n\t\t\tName: pulumi.String(\"example-environment\"),\n\t\t\tProject: pulumi.String(\"example-project\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tConfig: \u0026composer.EnvironmentConfigArgs{\n\t\t\t\tSoftwareConfig: \u0026composer.EnvironmentConfigSoftwareConfigArgs{\n\t\t\t\t\tImageVersion: pulumi.String(\"example-image-version\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeBase64encode, err := std.Base64encode(ctx, \u0026std.Base64encodeArgs{\n\t\t\tInput: \"example-email\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeBase64encode1, err := std.Base64encode(ctx, \u0026std.Base64encodeArgs{\n\t\t\tInput: \"example-password\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = composer.NewUserWorkloadsSecret(ctx, \"example\", \u0026composer.UserWorkloadsSecretArgs{\n\t\t\tName: pulumi.String(\"example-secret\"),\n\t\t\tProject: pulumi.String(\"example-project\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tEnvironment: example.Name,\n\t\t\tData: pulumi.StringMap{\n\t\t\t\t\"email\": pulumi.String(invokeBase64encode.Result),\n\t\t\t\t\"password\": pulumi.String(invokeBase64encode1.Result),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.composer.Environment;\nimport com.pulumi.gcp.composer.EnvironmentArgs;\nimport com.pulumi.gcp.composer.inputs.EnvironmentConfigArgs;\nimport com.pulumi.gcp.composer.inputs.EnvironmentConfigSoftwareConfigArgs;\nimport com.pulumi.gcp.composer.UserWorkloadsSecret;\nimport com.pulumi.gcp.composer.UserWorkloadsSecretArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Environment(\"example\", EnvironmentArgs.builder()\n .name(\"example-environment\")\n .project(\"example-project\")\n .region(\"us-central1\")\n .config(EnvironmentConfigArgs.builder()\n .softwareConfig(EnvironmentConfigSoftwareConfigArgs.builder()\n .imageVersion(\"example-image-version\")\n .build())\n .build())\n .build());\n\n var exampleUserWorkloadsSecret = new UserWorkloadsSecret(\"exampleUserWorkloadsSecret\", UserWorkloadsSecretArgs.builder()\n .name(\"example-secret\")\n .project(\"example-project\")\n .region(\"us-central1\")\n .environment(example.name())\n .data(Map.ofEntries(\n Map.entry(\"email\", StdFunctions.base64encode(Base64encodeArgs.builder()\n .input(\"example-email\")\n .build()).result()),\n Map.entry(\"password\", StdFunctions.base64encode(Base64encodeArgs.builder()\n .input(\"example-password\")\n .build()).result())\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:composer:Environment\n properties:\n name: example-environment\n project: example-project\n region: us-central1\n config:\n softwareConfig:\n imageVersion: example-image-version\n exampleUserWorkloadsSecret:\n type: gcp:composer:UserWorkloadsSecret\n name: example\n properties:\n name: example-secret\n project: example-project\n region: us-central1\n environment: ${example.name}\n data:\n email:\n fn::invoke:\n Function: std:base64encode\n Arguments:\n input: example-email\n Return: result\n password:\n fn::invoke:\n Function: std:base64encode\n Arguments:\n input: example-password\n Return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nSecret can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/environments/{{environment}}/userWorkloadsSecrets/{{name}}`\n\n* `{{project}}/{{region}}/{{environment}}/{{name}}`\n\n* `{{environment}}/{{name}}`\n\nWhen using the `pulumi import` command, Environment can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:composer/userWorkloadsSecret:UserWorkloadsSecret example projects/{{project}}/locations/{{region}}/environments/{{environment}}/userWorkloadsSecrets/{{name}}\n```\n\n```sh\n$ pulumi import gcp:composer/userWorkloadsSecret:UserWorkloadsSecret example {{project}}/{{region}}/{{environment}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:composer/userWorkloadsSecret:UserWorkloadsSecret example {{environment}}/{{name}}\n```\n\n", + "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst example = new gcp.composer.Environment(\"example\", {\n name: \"example-environment\",\n project: \"example-project\",\n region: \"us-central1\",\n config: {\n softwareConfig: {\n imageVersion: \"example-image-version\",\n },\n },\n});\nconst exampleUserWorkloadsSecret = new gcp.composer.UserWorkloadsSecret(\"example\", {\n name: \"example-secret\",\n project: \"example-project\",\n region: \"us-central1\",\n environment: example.name,\n data: {\n email: std.base64encode({\n input: \"example-email\",\n }).then(invoke =\u003e invoke.result),\n password: std.base64encode({\n input: \"example-password\",\n }).then(invoke =\u003e invoke.result),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nexample = gcp.composer.Environment(\"example\",\n name=\"example-environment\",\n project=\"example-project\",\n region=\"us-central1\",\n config={\n \"software_config\": {\n \"image_version\": \"example-image-version\",\n },\n })\nexample_user_workloads_secret = gcp.composer.UserWorkloadsSecret(\"example\",\n name=\"example-secret\",\n project=\"example-project\",\n region=\"us-central1\",\n environment=example.name,\n data={\n \"email\": std.base64encode(input=\"example-email\").result,\n \"password\": std.base64encode(input=\"example-password\").result,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.Composer.Environment(\"example\", new()\n {\n Name = \"example-environment\",\n Project = \"example-project\",\n Region = \"us-central1\",\n Config = new Gcp.Composer.Inputs.EnvironmentConfigArgs\n {\n SoftwareConfig = new Gcp.Composer.Inputs.EnvironmentConfigSoftwareConfigArgs\n {\n ImageVersion = \"example-image-version\",\n },\n },\n });\n\n var exampleUserWorkloadsSecret = new Gcp.Composer.UserWorkloadsSecret(\"example\", new()\n {\n Name = \"example-secret\",\n Project = \"example-project\",\n Region = \"us-central1\",\n Environment = example.Name,\n Data = \n {\n { \"email\", Std.Base64encode.Invoke(new()\n {\n Input = \"example-email\",\n }).Apply(invoke =\u003e invoke.Result) },\n { \"password\", Std.Base64encode.Invoke(new()\n {\n Input = \"example-password\",\n }).Apply(invoke =\u003e invoke.Result) },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/composer\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := composer.NewEnvironment(ctx, \"example\", \u0026composer.EnvironmentArgs{\n\t\t\tName: pulumi.String(\"example-environment\"),\n\t\t\tProject: pulumi.String(\"example-project\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tConfig: \u0026composer.EnvironmentConfigArgs{\n\t\t\t\tSoftwareConfig: \u0026composer.EnvironmentConfigSoftwareConfigArgs{\n\t\t\t\t\tImageVersion: pulumi.String(\"example-image-version\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeBase64encode, err := std.Base64encode(ctx, \u0026std.Base64encodeArgs{\n\t\t\tInput: \"example-email\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeBase64encode1, err := std.Base64encode(ctx, \u0026std.Base64encodeArgs{\n\t\t\tInput: \"example-password\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = composer.NewUserWorkloadsSecret(ctx, \"example\", \u0026composer.UserWorkloadsSecretArgs{\n\t\t\tName: pulumi.String(\"example-secret\"),\n\t\t\tProject: pulumi.String(\"example-project\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tEnvironment: example.Name,\n\t\t\tData: pulumi.StringMap{\n\t\t\t\t\"email\": pulumi.String(invokeBase64encode.Result),\n\t\t\t\t\"password\": pulumi.String(invokeBase64encode1.Result),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.composer.Environment;\nimport com.pulumi.gcp.composer.EnvironmentArgs;\nimport com.pulumi.gcp.composer.inputs.EnvironmentConfigArgs;\nimport com.pulumi.gcp.composer.inputs.EnvironmentConfigSoftwareConfigArgs;\nimport com.pulumi.gcp.composer.UserWorkloadsSecret;\nimport com.pulumi.gcp.composer.UserWorkloadsSecretArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Environment(\"example\", EnvironmentArgs.builder()\n .name(\"example-environment\")\n .project(\"example-project\")\n .region(\"us-central1\")\n .config(EnvironmentConfigArgs.builder()\n .softwareConfig(EnvironmentConfigSoftwareConfigArgs.builder()\n .imageVersion(\"example-image-version\")\n .build())\n .build())\n .build());\n\n var exampleUserWorkloadsSecret = new UserWorkloadsSecret(\"exampleUserWorkloadsSecret\", UserWorkloadsSecretArgs.builder()\n .name(\"example-secret\")\n .project(\"example-project\")\n .region(\"us-central1\")\n .environment(example.name())\n .data(Map.ofEntries(\n Map.entry(\"email\", StdFunctions.base64encode(Base64encodeArgs.builder()\n .input(\"example-email\")\n .build()).result()),\n Map.entry(\"password\", StdFunctions.base64encode(Base64encodeArgs.builder()\n .input(\"example-password\")\n .build()).result())\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:composer:Environment\n properties:\n name: example-environment\n project: example-project\n region: us-central1\n config:\n softwareConfig:\n imageVersion: example-image-version\n exampleUserWorkloadsSecret:\n type: gcp:composer:UserWorkloadsSecret\n name: example\n properties:\n name: example-secret\n project: example-project\n region: us-central1\n environment: ${example.name}\n data:\n email:\n fn::invoke:\n function: std:base64encode\n arguments:\n input: example-email\n return: result\n password:\n fn::invoke:\n function: std:base64encode\n arguments:\n input: example-password\n return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nSecret can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/environments/{{environment}}/userWorkloadsSecrets/{{name}}`\n\n* `{{project}}/{{region}}/{{environment}}/{{name}}`\n\n* `{{environment}}/{{name}}`\n\nWhen using the `pulumi import` command, Environment can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:composer/userWorkloadsSecret:UserWorkloadsSecret example projects/{{project}}/locations/{{region}}/environments/{{environment}}/userWorkloadsSecrets/{{name}}\n```\n\n```sh\n$ pulumi import gcp:composer/userWorkloadsSecret:UserWorkloadsSecret example {{project}}/{{region}}/{{environment}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:composer/userWorkloadsSecret:UserWorkloadsSecret example {{environment}}/{{name}}\n```\n\n", "properties": { "data": { "type": "object", @@ -158511,7 +158511,7 @@ } }, "gcp:compute/address:Address": { - "description": "Represents an Address resource.\n\nEach virtual machine instance has an ephemeral internal IP address and,\noptionally, an external IP address. To communicate between instances on\nthe same network, you can use an instance's internal IP address. To\ncommunicate with the Internet and instances outside of the same network,\nyou must specify the instance's external IP address.\n\nInternal IP addresses are ephemeral and only belong to an instance for\nthe lifetime of the instance; if the instance is deleted and recreated,\nthe instance is assigned a new internal IP address, either by Compute\nEngine or by you. External IP addresses can be either ephemeral or\nstatic.\n\n\nTo get more information about Address, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/beta/addresses)\n* How-to Guides\n * [Reserving a Static External IP Address](https://cloud.google.com/compute/docs/instances-and-network)\n * [Reserving a Static Internal IP Address](https://cloud.google.com/compute/docs/ip-addresses/reserve-static-internal-ip-address)\n\n## Example Usage\n\n### Address Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst ipAddress = new gcp.compute.Address(\"ip_address\", {name: \"my-address\"});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nip_address = gcp.compute.Address(\"ip_address\", name=\"my-address\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ipAddress = new Gcp.Compute.Address(\"ip_address\", new()\n {\n Name = \"my-address\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewAddress(ctx, \"ip_address\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"my-address\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var ipAddress = new Address(\"ipAddress\", AddressArgs.builder()\n .name(\"my-address\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n ipAddress:\n type: gcp:compute:Address\n name: ip_address\n properties:\n name: my-address\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Address With Subnetwork\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.Network(\"default\", {name: \"my-network\"});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"my-subnet\",\n ipCidrRange: \"10.0.0.0/16\",\n region: \"us-central1\",\n network: _default.id,\n});\nconst internalWithSubnetAndAddress = new gcp.compute.Address(\"internal_with_subnet_and_address\", {\n name: \"my-internal-address\",\n subnetwork: defaultSubnetwork.id,\n addressType: \"INTERNAL\",\n address: \"10.0.42.42\",\n region: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.Network(\"default\", name=\"my-network\")\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"my-subnet\",\n ip_cidr_range=\"10.0.0.0/16\",\n region=\"us-central1\",\n network=default.id)\ninternal_with_subnet_and_address = gcp.compute.Address(\"internal_with_subnet_and_address\",\n name=\"my-internal-address\",\n subnetwork=default_subnetwork.id,\n address_type=\"INTERNAL\",\n address=\"10.0.42.42\",\n region=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"my-network\",\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"my-subnet\",\n IpCidrRange = \"10.0.0.0/16\",\n Region = \"us-central1\",\n Network = @default.Id,\n });\n\n var internalWithSubnetAndAddress = new Gcp.Compute.Address(\"internal_with_subnet_and_address\", new()\n {\n Name = \"my-internal-address\",\n Subnetwork = defaultSubnetwork.Id,\n AddressType = \"INTERNAL\",\n IPAddress = \"10.0.42.42\",\n Region = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"my-subnet\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewAddress(ctx, \"internal_with_subnet_and_address\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"my-internal-address\"),\n\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tAddress: pulumi.String(\"10.0.42.42\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"my-network\")\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"my-subnet\")\n .ipCidrRange(\"10.0.0.0/16\")\n .region(\"us-central1\")\n .network(default_.id())\n .build());\n\n var internalWithSubnetAndAddress = new Address(\"internalWithSubnetAndAddress\", AddressArgs.builder()\n .name(\"my-internal-address\")\n .subnetwork(defaultSubnetwork.id())\n .addressType(\"INTERNAL\")\n .address(\"10.0.42.42\")\n .region(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:Network\n properties:\n name: my-network\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: my-subnet\n ipCidrRange: 10.0.0.0/16\n region: us-central1\n network: ${default.id}\n internalWithSubnetAndAddress:\n type: gcp:compute:Address\n name: internal_with_subnet_and_address\n properties:\n name: my-internal-address\n subnetwork: ${defaultSubnetwork.id}\n addressType: INTERNAL\n address: 10.0.42.42\n region: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Address With Gce Endpoint\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst internalWithGceEndpoint = new gcp.compute.Address(\"internal_with_gce_endpoint\", {\n name: \"my-internal-address-\",\n addressType: \"INTERNAL\",\n purpose: \"GCE_ENDPOINT\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninternal_with_gce_endpoint = gcp.compute.Address(\"internal_with_gce_endpoint\",\n name=\"my-internal-address-\",\n address_type=\"INTERNAL\",\n purpose=\"GCE_ENDPOINT\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var internalWithGceEndpoint = new Gcp.Compute.Address(\"internal_with_gce_endpoint\", new()\n {\n Name = \"my-internal-address-\",\n AddressType = \"INTERNAL\",\n Purpose = \"GCE_ENDPOINT\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewAddress(ctx, \"internal_with_gce_endpoint\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"my-internal-address-\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"GCE_ENDPOINT\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var internalWithGceEndpoint = new Address(\"internalWithGceEndpoint\", AddressArgs.builder()\n .name(\"my-internal-address-\")\n .addressType(\"INTERNAL\")\n .purpose(\"GCE_ENDPOINT\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n internalWithGceEndpoint:\n type: gcp:compute:Address\n name: internal_with_gce_endpoint\n properties:\n name: my-internal-address-\n addressType: INTERNAL\n purpose: GCE_ENDPOINT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Instance With Ip\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst static = new gcp.compute.Address(\"static\", {name: \"ipv4-address\"});\nconst debianImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst instanceWithIp = new gcp.compute.Instance(\"instance_with_ip\", {\n name: \"vm-instance\",\n machineType: \"f1-micro\",\n zone: \"us-central1-a\",\n bootDisk: {\n initializeParams: {\n image: debianImage.then(debianImage =\u003e debianImage.selfLink),\n },\n },\n networkInterfaces: [{\n network: \"default\",\n accessConfigs: [{\n natIp: static.address,\n }],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nstatic = gcp.compute.Address(\"static\", name=\"ipv4-address\")\ndebian_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\ninstance_with_ip = gcp.compute.Instance(\"instance_with_ip\",\n name=\"vm-instance\",\n machine_type=\"f1-micro\",\n zone=\"us-central1-a\",\n boot_disk={\n \"initialize_params\": {\n \"image\": debian_image.self_link,\n },\n },\n network_interfaces=[{\n \"network\": \"default\",\n \"access_configs\": [{\n \"nat_ip\": static.address,\n }],\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @static = new Gcp.Compute.Address(\"static\", new()\n {\n Name = \"ipv4-address\",\n });\n\n var debianImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var instanceWithIp = new Gcp.Compute.Instance(\"instance_with_ip\", new()\n {\n Name = \"vm-instance\",\n MachineType = \"f1-micro\",\n Zone = \"us-central1-a\",\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = debianImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n },\n },\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs\n {\n Network = \"default\",\n AccessConfigs = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceAccessConfigArgs\n {\n NatIp = @static.IPAddress,\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tstatic, err := compute.NewAddress(ctx, \"static\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"ipv4-address\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdebianImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstance(ctx, \"instance_with_ip\", \u0026compute.InstanceArgs{\n\t\t\tName: pulumi.String(\"vm-instance\"),\n\t\t\tMachineType: pulumi.String(\"f1-micro\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\n\t\t\t\t\tImage: pulumi.String(debianImage.SelfLink),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworkInterfaces: compute.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t\tAccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{\n\t\t\t\t\t\t\u0026compute.InstanceNetworkInterfaceAccessConfigArgs{\n\t\t\t\t\t\t\tNatIp: static.Address,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var static_ = new Address(\"static\", AddressArgs.builder()\n .name(\"ipv4-address\")\n .build());\n\n final var debianImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var instanceWithIp = new Instance(\"instanceWithIp\", InstanceArgs.builder()\n .name(\"vm-instance\")\n .machineType(\"f1-micro\")\n .zone(\"us-central1-a\")\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(debianImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .build())\n .build())\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .network(\"default\")\n .accessConfigs(InstanceNetworkInterfaceAccessConfigArgs.builder()\n .natIp(static_.address())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n static:\n type: gcp:compute:Address\n properties:\n name: ipv4-address\n instanceWithIp:\n type: gcp:compute:Instance\n name: instance_with_ip\n properties:\n name: vm-instance\n machineType: f1-micro\n zone: us-central1-a\n bootDisk:\n initializeParams:\n image: ${debianImage.selfLink}\n networkInterfaces:\n - network: default\n accessConfigs:\n - natIp: ${static.address}\nvariables:\n debianImage:\n fn::invoke:\n Function: gcp:compute:getImage\n Arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Compute Address Ipsec Interconnect\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network = new gcp.compute.Network(\"network\", {\n name: \"test-network\",\n autoCreateSubnetworks: false,\n});\nconst ipsec_interconnect_address = new gcp.compute.Address(\"ipsec-interconnect-address\", {\n name: \"test-address\",\n addressType: \"INTERNAL\",\n purpose: \"IPSEC_INTERCONNECT\",\n address: \"192.168.1.0\",\n prefixLength: 29,\n network: network.selfLink,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork = gcp.compute.Network(\"network\",\n name=\"test-network\",\n auto_create_subnetworks=False)\nipsec_interconnect_address = gcp.compute.Address(\"ipsec-interconnect-address\",\n name=\"test-address\",\n address_type=\"INTERNAL\",\n purpose=\"IPSEC_INTERCONNECT\",\n address=\"192.168.1.0\",\n prefix_length=29,\n network=network.self_link)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"test-network\",\n AutoCreateSubnetworks = false,\n });\n\n var ipsec_interconnect_address = new Gcp.Compute.Address(\"ipsec-interconnect-address\", new()\n {\n Name = \"test-address\",\n AddressType = \"INTERNAL\",\n Purpose = \"IPSEC_INTERCONNECT\",\n IPAddress = \"192.168.1.0\",\n PrefixLength = 29,\n Network = network.SelfLink,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"test-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewAddress(ctx, \"ipsec-interconnect-address\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"test-address\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"IPSEC_INTERCONNECT\"),\n\t\t\tAddress: pulumi.String(\"192.168.1.0\"),\n\t\t\tPrefixLength: pulumi.Int(29),\n\t\t\tNetwork: network.SelfLink,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"test-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var ipsec_interconnect_address = new Address(\"ipsec-interconnect-address\", AddressArgs.builder()\n .name(\"test-address\")\n .addressType(\"INTERNAL\")\n .purpose(\"IPSEC_INTERCONNECT\")\n .address(\"192.168.1.0\")\n .prefixLength(29)\n .network(network.selfLink())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n ipsec-interconnect-address:\n type: gcp:compute:Address\n properties:\n name: test-address\n addressType: INTERNAL\n purpose: IPSEC_INTERCONNECT\n address: 192.168.1.0\n prefixLength: 29\n network: ${network.selfLink}\n network:\n type: gcp:compute:Network\n properties:\n name: test-network\n autoCreateSubnetworks: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAddress can be imported using any of these accepted formats:\n\n* `projects/{{project}}/regions/{{region}}/addresses/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Address can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/address:Address default projects/{{project}}/regions/{{region}}/addresses/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/address:Address default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/address:Address default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/address:Address default {{name}}\n```\n\n", + "description": "Represents an Address resource.\n\nEach virtual machine instance has an ephemeral internal IP address and,\noptionally, an external IP address. To communicate between instances on\nthe same network, you can use an instance's internal IP address. To\ncommunicate with the Internet and instances outside of the same network,\nyou must specify the instance's external IP address.\n\nInternal IP addresses are ephemeral and only belong to an instance for\nthe lifetime of the instance; if the instance is deleted and recreated,\nthe instance is assigned a new internal IP address, either by Compute\nEngine or by you. External IP addresses can be either ephemeral or\nstatic.\n\n\nTo get more information about Address, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/beta/addresses)\n* How-to Guides\n * [Reserving a Static External IP Address](https://cloud.google.com/compute/docs/instances-and-network)\n * [Reserving a Static Internal IP Address](https://cloud.google.com/compute/docs/ip-addresses/reserve-static-internal-ip-address)\n\n## Example Usage\n\n### Address Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst ipAddress = new gcp.compute.Address(\"ip_address\", {name: \"my-address\"});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nip_address = gcp.compute.Address(\"ip_address\", name=\"my-address\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ipAddress = new Gcp.Compute.Address(\"ip_address\", new()\n {\n Name = \"my-address\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewAddress(ctx, \"ip_address\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"my-address\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var ipAddress = new Address(\"ipAddress\", AddressArgs.builder()\n .name(\"my-address\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n ipAddress:\n type: gcp:compute:Address\n name: ip_address\n properties:\n name: my-address\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Address With Subnetwork\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.Network(\"default\", {name: \"my-network\"});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"my-subnet\",\n ipCidrRange: \"10.0.0.0/16\",\n region: \"us-central1\",\n network: _default.id,\n});\nconst internalWithSubnetAndAddress = new gcp.compute.Address(\"internal_with_subnet_and_address\", {\n name: \"my-internal-address\",\n subnetwork: defaultSubnetwork.id,\n addressType: \"INTERNAL\",\n address: \"10.0.42.42\",\n region: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.Network(\"default\", name=\"my-network\")\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"my-subnet\",\n ip_cidr_range=\"10.0.0.0/16\",\n region=\"us-central1\",\n network=default.id)\ninternal_with_subnet_and_address = gcp.compute.Address(\"internal_with_subnet_and_address\",\n name=\"my-internal-address\",\n subnetwork=default_subnetwork.id,\n address_type=\"INTERNAL\",\n address=\"10.0.42.42\",\n region=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"my-network\",\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"my-subnet\",\n IpCidrRange = \"10.0.0.0/16\",\n Region = \"us-central1\",\n Network = @default.Id,\n });\n\n var internalWithSubnetAndAddress = new Gcp.Compute.Address(\"internal_with_subnet_and_address\", new()\n {\n Name = \"my-internal-address\",\n Subnetwork = defaultSubnetwork.Id,\n AddressType = \"INTERNAL\",\n IPAddress = \"10.0.42.42\",\n Region = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"my-subnet\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewAddress(ctx, \"internal_with_subnet_and_address\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"my-internal-address\"),\n\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tAddress: pulumi.String(\"10.0.42.42\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"my-network\")\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"my-subnet\")\n .ipCidrRange(\"10.0.0.0/16\")\n .region(\"us-central1\")\n .network(default_.id())\n .build());\n\n var internalWithSubnetAndAddress = new Address(\"internalWithSubnetAndAddress\", AddressArgs.builder()\n .name(\"my-internal-address\")\n .subnetwork(defaultSubnetwork.id())\n .addressType(\"INTERNAL\")\n .address(\"10.0.42.42\")\n .region(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:Network\n properties:\n name: my-network\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: my-subnet\n ipCidrRange: 10.0.0.0/16\n region: us-central1\n network: ${default.id}\n internalWithSubnetAndAddress:\n type: gcp:compute:Address\n name: internal_with_subnet_and_address\n properties:\n name: my-internal-address\n subnetwork: ${defaultSubnetwork.id}\n addressType: INTERNAL\n address: 10.0.42.42\n region: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Address With Gce Endpoint\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst internalWithGceEndpoint = new gcp.compute.Address(\"internal_with_gce_endpoint\", {\n name: \"my-internal-address-\",\n addressType: \"INTERNAL\",\n purpose: \"GCE_ENDPOINT\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninternal_with_gce_endpoint = gcp.compute.Address(\"internal_with_gce_endpoint\",\n name=\"my-internal-address-\",\n address_type=\"INTERNAL\",\n purpose=\"GCE_ENDPOINT\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var internalWithGceEndpoint = new Gcp.Compute.Address(\"internal_with_gce_endpoint\", new()\n {\n Name = \"my-internal-address-\",\n AddressType = \"INTERNAL\",\n Purpose = \"GCE_ENDPOINT\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewAddress(ctx, \"internal_with_gce_endpoint\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"my-internal-address-\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"GCE_ENDPOINT\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var internalWithGceEndpoint = new Address(\"internalWithGceEndpoint\", AddressArgs.builder()\n .name(\"my-internal-address-\")\n .addressType(\"INTERNAL\")\n .purpose(\"GCE_ENDPOINT\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n internalWithGceEndpoint:\n type: gcp:compute:Address\n name: internal_with_gce_endpoint\n properties:\n name: my-internal-address-\n addressType: INTERNAL\n purpose: GCE_ENDPOINT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Instance With Ip\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst static = new gcp.compute.Address(\"static\", {name: \"ipv4-address\"});\nconst debianImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst instanceWithIp = new gcp.compute.Instance(\"instance_with_ip\", {\n name: \"vm-instance\",\n machineType: \"f1-micro\",\n zone: \"us-central1-a\",\n bootDisk: {\n initializeParams: {\n image: debianImage.then(debianImage =\u003e debianImage.selfLink),\n },\n },\n networkInterfaces: [{\n network: \"default\",\n accessConfigs: [{\n natIp: static.address,\n }],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nstatic = gcp.compute.Address(\"static\", name=\"ipv4-address\")\ndebian_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\ninstance_with_ip = gcp.compute.Instance(\"instance_with_ip\",\n name=\"vm-instance\",\n machine_type=\"f1-micro\",\n zone=\"us-central1-a\",\n boot_disk={\n \"initialize_params\": {\n \"image\": debian_image.self_link,\n },\n },\n network_interfaces=[{\n \"network\": \"default\",\n \"access_configs\": [{\n \"nat_ip\": static.address,\n }],\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @static = new Gcp.Compute.Address(\"static\", new()\n {\n Name = \"ipv4-address\",\n });\n\n var debianImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var instanceWithIp = new Gcp.Compute.Instance(\"instance_with_ip\", new()\n {\n Name = \"vm-instance\",\n MachineType = \"f1-micro\",\n Zone = \"us-central1-a\",\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = debianImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n },\n },\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs\n {\n Network = \"default\",\n AccessConfigs = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceAccessConfigArgs\n {\n NatIp = @static.IPAddress,\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tstatic, err := compute.NewAddress(ctx, \"static\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"ipv4-address\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdebianImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstance(ctx, \"instance_with_ip\", \u0026compute.InstanceArgs{\n\t\t\tName: pulumi.String(\"vm-instance\"),\n\t\t\tMachineType: pulumi.String(\"f1-micro\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\n\t\t\t\t\tImage: pulumi.String(debianImage.SelfLink),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworkInterfaces: compute.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t\tAccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{\n\t\t\t\t\t\t\u0026compute.InstanceNetworkInterfaceAccessConfigArgs{\n\t\t\t\t\t\t\tNatIp: static.Address,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var static_ = new Address(\"static\", AddressArgs.builder()\n .name(\"ipv4-address\")\n .build());\n\n final var debianImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var instanceWithIp = new Instance(\"instanceWithIp\", InstanceArgs.builder()\n .name(\"vm-instance\")\n .machineType(\"f1-micro\")\n .zone(\"us-central1-a\")\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(debianImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .build())\n .build())\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .network(\"default\")\n .accessConfigs(InstanceNetworkInterfaceAccessConfigArgs.builder()\n .natIp(static_.address())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n static:\n type: gcp:compute:Address\n properties:\n name: ipv4-address\n instanceWithIp:\n type: gcp:compute:Instance\n name: instance_with_ip\n properties:\n name: vm-instance\n machineType: f1-micro\n zone: us-central1-a\n bootDisk:\n initializeParams:\n image: ${debianImage.selfLink}\n networkInterfaces:\n - network: default\n accessConfigs:\n - natIp: ${static.address}\nvariables:\n debianImage:\n fn::invoke:\n function: gcp:compute:getImage\n arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Compute Address Ipsec Interconnect\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network = new gcp.compute.Network(\"network\", {\n name: \"test-network\",\n autoCreateSubnetworks: false,\n});\nconst ipsec_interconnect_address = new gcp.compute.Address(\"ipsec-interconnect-address\", {\n name: \"test-address\",\n addressType: \"INTERNAL\",\n purpose: \"IPSEC_INTERCONNECT\",\n address: \"192.168.1.0\",\n prefixLength: 29,\n network: network.selfLink,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork = gcp.compute.Network(\"network\",\n name=\"test-network\",\n auto_create_subnetworks=False)\nipsec_interconnect_address = gcp.compute.Address(\"ipsec-interconnect-address\",\n name=\"test-address\",\n address_type=\"INTERNAL\",\n purpose=\"IPSEC_INTERCONNECT\",\n address=\"192.168.1.0\",\n prefix_length=29,\n network=network.self_link)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"test-network\",\n AutoCreateSubnetworks = false,\n });\n\n var ipsec_interconnect_address = new Gcp.Compute.Address(\"ipsec-interconnect-address\", new()\n {\n Name = \"test-address\",\n AddressType = \"INTERNAL\",\n Purpose = \"IPSEC_INTERCONNECT\",\n IPAddress = \"192.168.1.0\",\n PrefixLength = 29,\n Network = network.SelfLink,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"test-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewAddress(ctx, \"ipsec-interconnect-address\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"test-address\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"IPSEC_INTERCONNECT\"),\n\t\t\tAddress: pulumi.String(\"192.168.1.0\"),\n\t\t\tPrefixLength: pulumi.Int(29),\n\t\t\tNetwork: network.SelfLink,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"test-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var ipsec_interconnect_address = new Address(\"ipsec-interconnect-address\", AddressArgs.builder()\n .name(\"test-address\")\n .addressType(\"INTERNAL\")\n .purpose(\"IPSEC_INTERCONNECT\")\n .address(\"192.168.1.0\")\n .prefixLength(29)\n .network(network.selfLink())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n ipsec-interconnect-address:\n type: gcp:compute:Address\n properties:\n name: test-address\n addressType: INTERNAL\n purpose: IPSEC_INTERCONNECT\n address: 192.168.1.0\n prefixLength: 29\n network: ${network.selfLink}\n network:\n type: gcp:compute:Network\n properties:\n name: test-network\n autoCreateSubnetworks: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAddress can be imported using any of these accepted formats:\n\n* `projects/{{project}}/regions/{{region}}/addresses/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Address can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/address:Address default projects/{{project}}/regions/{{region}}/addresses/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/address:Address default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/address:Address default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/address:Address default {{name}}\n```\n\n", "properties": { "address": { "type": "string", @@ -158950,7 +158950,7 @@ } }, "gcp:compute/autoscaler:Autoscaler": { - "description": "Represents an Autoscaler resource.\n\nAutoscalers allow you to automatically scale virtual machine instances in\nmanaged instance groups according to an autoscaling policy that you\ndefine.\n\n\nTo get more information about Autoscaler, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/autoscalers)\n* How-to Guides\n * [Autoscaling Groups of Instances](https://cloud.google.com/compute/docs/autoscaler/)\n\n## Example Usage\n\n### Autoscaler Single Instance\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst debian9 = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst defaultInstanceTemplate = new gcp.compute.InstanceTemplate(\"default\", {\n name: \"my-instance-template\",\n machineType: \"e2-medium\",\n canIpForward: false,\n tags: [\n \"foo\",\n \"bar\",\n ],\n disks: [{\n sourceImage: debian9.then(debian9 =\u003e debian9.id),\n }],\n networkInterfaces: [{\n network: \"default\",\n }],\n metadata: {\n foo: \"bar\",\n },\n serviceAccount: {\n scopes: [\n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\",\n ],\n },\n});\nconst defaultTargetPool = new gcp.compute.TargetPool(\"default\", {name: \"my-target-pool\"});\nconst defaultInstanceGroupManager = new gcp.compute.InstanceGroupManager(\"default\", {\n name: \"my-igm\",\n zone: \"us-central1-f\",\n versions: [{\n instanceTemplate: defaultInstanceTemplate.id,\n name: \"primary\",\n }],\n targetPools: [defaultTargetPool.id],\n baseInstanceName: \"autoscaler-sample\",\n});\nconst _default = new gcp.compute.Autoscaler(\"default\", {\n name: \"my-autoscaler\",\n zone: \"us-central1-f\",\n target: defaultInstanceGroupManager.id,\n autoscalingPolicy: {\n maxReplicas: 5,\n minReplicas: 1,\n cooldownPeriod: 60,\n metrics: [{\n name: \"pubsub.googleapis.com/subscription/num_undelivered_messages\",\n filter: \"resource.type = pubsub_subscription AND resource.label.subscription_id = our-subscription\",\n singleInstanceAssignment: 65535,\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndebian9 = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\ndefault_instance_template = gcp.compute.InstanceTemplate(\"default\",\n name=\"my-instance-template\",\n machine_type=\"e2-medium\",\n can_ip_forward=False,\n tags=[\n \"foo\",\n \"bar\",\n ],\n disks=[{\n \"source_image\": debian9.id,\n }],\n network_interfaces=[{\n \"network\": \"default\",\n }],\n metadata={\n \"foo\": \"bar\",\n },\n service_account={\n \"scopes\": [\n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\",\n ],\n })\ndefault_target_pool = gcp.compute.TargetPool(\"default\", name=\"my-target-pool\")\ndefault_instance_group_manager = gcp.compute.InstanceGroupManager(\"default\",\n name=\"my-igm\",\n zone=\"us-central1-f\",\n versions=[{\n \"instance_template\": default_instance_template.id,\n \"name\": \"primary\",\n }],\n target_pools=[default_target_pool.id],\n base_instance_name=\"autoscaler-sample\")\ndefault = gcp.compute.Autoscaler(\"default\",\n name=\"my-autoscaler\",\n zone=\"us-central1-f\",\n target=default_instance_group_manager.id,\n autoscaling_policy={\n \"max_replicas\": 5,\n \"min_replicas\": 1,\n \"cooldown_period\": 60,\n \"metrics\": [{\n \"name\": \"pubsub.googleapis.com/subscription/num_undelivered_messages\",\n \"filter\": \"resource.type = pubsub_subscription AND resource.label.subscription_id = our-subscription\",\n \"single_instance_assignment\": 65535,\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var debian9 = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var defaultInstanceTemplate = new Gcp.Compute.InstanceTemplate(\"default\", new()\n {\n Name = \"my-instance-template\",\n MachineType = \"e2-medium\",\n CanIpForward = false,\n Tags = new[]\n {\n \"foo\",\n \"bar\",\n },\n Disks = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateDiskArgs\n {\n SourceImage = debian9.Apply(getImageResult =\u003e getImageResult.Id),\n },\n },\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs\n {\n Network = \"default\",\n },\n },\n Metadata = \n {\n { \"foo\", \"bar\" },\n },\n ServiceAccount = new Gcp.Compute.Inputs.InstanceTemplateServiceAccountArgs\n {\n Scopes = new[]\n {\n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\",\n },\n },\n });\n\n var defaultTargetPool = new Gcp.Compute.TargetPool(\"default\", new()\n {\n Name = \"my-target-pool\",\n });\n\n var defaultInstanceGroupManager = new Gcp.Compute.InstanceGroupManager(\"default\", new()\n {\n Name = \"my-igm\",\n Zone = \"us-central1-f\",\n Versions = new[]\n {\n new Gcp.Compute.Inputs.InstanceGroupManagerVersionArgs\n {\n InstanceTemplate = defaultInstanceTemplate.Id,\n Name = \"primary\",\n },\n },\n TargetPools = new[]\n {\n defaultTargetPool.Id,\n },\n BaseInstanceName = \"autoscaler-sample\",\n });\n\n var @default = new Gcp.Compute.Autoscaler(\"default\", new()\n {\n Name = \"my-autoscaler\",\n Zone = \"us-central1-f\",\n Target = defaultInstanceGroupManager.Id,\n AutoscalingPolicy = new Gcp.Compute.Inputs.AutoscalerAutoscalingPolicyArgs\n {\n MaxReplicas = 5,\n MinReplicas = 1,\n CooldownPeriod = 60,\n Metrics = new[]\n {\n new Gcp.Compute.Inputs.AutoscalerAutoscalingPolicyMetricArgs\n {\n Name = \"pubsub.googleapis.com/subscription/num_undelivered_messages\",\n Filter = \"resource.type = pubsub_subscription AND resource.label.subscription_id = our-subscription\",\n SingleInstanceAssignment = 65535,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdebian9, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultInstanceTemplate, err := compute.NewInstanceTemplate(ctx, \"default\", \u0026compute.InstanceTemplateArgs{\n\t\t\tName: pulumi.String(\"my-instance-template\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tCanIpForward: pulumi.Bool(false),\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"foo\"),\n\t\t\t\tpulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tDisks: compute.InstanceTemplateDiskArray{\n\t\t\t\t\u0026compute.InstanceTemplateDiskArgs{\n\t\t\t\t\tSourceImage: pulumi.String(debian9.Id),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceTemplateNetworkInterfaceArgs{\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tMetadata: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tServiceAccount: \u0026compute.InstanceTemplateServiceAccountArgs{\n\t\t\t\tScopes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"userinfo-email\"),\n\t\t\t\t\tpulumi.String(\"compute-ro\"),\n\t\t\t\t\tpulumi.String(\"storage-ro\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTargetPool, err := compute.NewTargetPool(ctx, \"default\", \u0026compute.TargetPoolArgs{\n\t\t\tName: pulumi.String(\"my-target-pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultInstanceGroupManager, err := compute.NewInstanceGroupManager(ctx, \"default\", \u0026compute.InstanceGroupManagerArgs{\n\t\t\tName: pulumi.String(\"my-igm\"),\n\t\t\tZone: pulumi.String(\"us-central1-f\"),\n\t\t\tVersions: compute.InstanceGroupManagerVersionArray{\n\t\t\t\t\u0026compute.InstanceGroupManagerVersionArgs{\n\t\t\t\t\tInstanceTemplate: defaultInstanceTemplate.ID(),\n\t\t\t\t\tName: pulumi.String(\"primary\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTargetPools: pulumi.StringArray{\n\t\t\t\tdefaultTargetPool.ID(),\n\t\t\t},\n\t\t\tBaseInstanceName: pulumi.String(\"autoscaler-sample\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewAutoscaler(ctx, \"default\", \u0026compute.AutoscalerArgs{\n\t\t\tName: pulumi.String(\"my-autoscaler\"),\n\t\t\tZone: pulumi.String(\"us-central1-f\"),\n\t\t\tTarget: defaultInstanceGroupManager.ID(),\n\t\t\tAutoscalingPolicy: \u0026compute.AutoscalerAutoscalingPolicyArgs{\n\t\t\t\tMaxReplicas: pulumi.Int(5),\n\t\t\t\tMinReplicas: pulumi.Int(1),\n\t\t\t\tCooldownPeriod: pulumi.Int(60),\n\t\t\t\tMetrics: compute.AutoscalerAutoscalingPolicyMetricArray{\n\t\t\t\t\t\u0026compute.AutoscalerAutoscalingPolicyMetricArgs{\n\t\t\t\t\t\tName: pulumi.String(\"pubsub.googleapis.com/subscription/num_undelivered_messages\"),\n\t\t\t\t\t\tFilter: pulumi.String(\"resource.type = pubsub_subscription AND resource.label.subscription_id = our-subscription\"),\n\t\t\t\t\t\tSingleInstanceAssignment: pulumi.Float64(65535),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.InstanceTemplate;\nimport com.pulumi.gcp.compute.InstanceTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateServiceAccountArgs;\nimport com.pulumi.gcp.compute.TargetPool;\nimport com.pulumi.gcp.compute.TargetPoolArgs;\nimport com.pulumi.gcp.compute.InstanceGroupManager;\nimport com.pulumi.gcp.compute.InstanceGroupManagerArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceGroupManagerVersionArgs;\nimport com.pulumi.gcp.compute.Autoscaler;\nimport com.pulumi.gcp.compute.AutoscalerArgs;\nimport com.pulumi.gcp.compute.inputs.AutoscalerAutoscalingPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var debian9 = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var defaultInstanceTemplate = new InstanceTemplate(\"defaultInstanceTemplate\", InstanceTemplateArgs.builder()\n .name(\"my-instance-template\")\n .machineType(\"e2-medium\")\n .canIpForward(false)\n .tags( \n \"foo\",\n \"bar\")\n .disks(InstanceTemplateDiskArgs.builder()\n .sourceImage(debian9.applyValue(getImageResult -\u003e getImageResult.id()))\n .build())\n .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()\n .network(\"default\")\n .build())\n .metadata(Map.of(\"foo\", \"bar\"))\n .serviceAccount(InstanceTemplateServiceAccountArgs.builder()\n .scopes( \n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\")\n .build())\n .build());\n\n var defaultTargetPool = new TargetPool(\"defaultTargetPool\", TargetPoolArgs.builder()\n .name(\"my-target-pool\")\n .build());\n\n var defaultInstanceGroupManager = new InstanceGroupManager(\"defaultInstanceGroupManager\", InstanceGroupManagerArgs.builder()\n .name(\"my-igm\")\n .zone(\"us-central1-f\")\n .versions(InstanceGroupManagerVersionArgs.builder()\n .instanceTemplate(defaultInstanceTemplate.id())\n .name(\"primary\")\n .build())\n .targetPools(defaultTargetPool.id())\n .baseInstanceName(\"autoscaler-sample\")\n .build());\n\n var default_ = new Autoscaler(\"default\", AutoscalerArgs.builder()\n .name(\"my-autoscaler\")\n .zone(\"us-central1-f\")\n .target(defaultInstanceGroupManager.id())\n .autoscalingPolicy(AutoscalerAutoscalingPolicyArgs.builder()\n .maxReplicas(5)\n .minReplicas(1)\n .cooldownPeriod(60)\n .metrics(AutoscalerAutoscalingPolicyMetricArgs.builder()\n .name(\"pubsub.googleapis.com/subscription/num_undelivered_messages\")\n .filter(\"resource.type = pubsub_subscription AND resource.label.subscription_id = our-subscription\")\n .singleInstanceAssignment(65535)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:Autoscaler\n properties:\n name: my-autoscaler\n zone: us-central1-f\n target: ${defaultInstanceGroupManager.id}\n autoscalingPolicy:\n maxReplicas: 5\n minReplicas: 1\n cooldownPeriod: 60\n metrics:\n - name: pubsub.googleapis.com/subscription/num_undelivered_messages\n filter: resource.type = pubsub_subscription AND resource.label.subscription_id = our-subscription\n singleInstanceAssignment: 65535\n defaultInstanceTemplate:\n type: gcp:compute:InstanceTemplate\n name: default\n properties:\n name: my-instance-template\n machineType: e2-medium\n canIpForward: false\n tags:\n - foo\n - bar\n disks:\n - sourceImage: ${debian9.id}\n networkInterfaces:\n - network: default\n metadata:\n foo: bar\n serviceAccount:\n scopes:\n - userinfo-email\n - compute-ro\n - storage-ro\n defaultTargetPool:\n type: gcp:compute:TargetPool\n name: default\n properties:\n name: my-target-pool\n defaultInstanceGroupManager:\n type: gcp:compute:InstanceGroupManager\n name: default\n properties:\n name: my-igm\n zone: us-central1-f\n versions:\n - instanceTemplate: ${defaultInstanceTemplate.id}\n name: primary\n targetPools:\n - ${defaultTargetPool.id}\n baseInstanceName: autoscaler-sample\nvariables:\n debian9:\n fn::invoke:\n Function: gcp:compute:getImage\n Arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Autoscaler Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst debian9 = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst foobarInstanceTemplate = new gcp.compute.InstanceTemplate(\"foobar\", {\n name: \"my-instance-template\",\n machineType: \"e2-medium\",\n canIpForward: false,\n tags: [\n \"foo\",\n \"bar\",\n ],\n disks: [{\n sourceImage: debian9.then(debian9 =\u003e debian9.id),\n }],\n networkInterfaces: [{\n network: \"default\",\n }],\n metadata: {\n foo: \"bar\",\n },\n serviceAccount: {\n scopes: [\n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\",\n ],\n },\n});\nconst foobarTargetPool = new gcp.compute.TargetPool(\"foobar\", {name: \"my-target-pool\"});\nconst foobarInstanceGroupManager = new gcp.compute.InstanceGroupManager(\"foobar\", {\n name: \"my-igm\",\n zone: \"us-central1-f\",\n versions: [{\n instanceTemplate: foobarInstanceTemplate.id,\n name: \"primary\",\n }],\n targetPools: [foobarTargetPool.id],\n baseInstanceName: \"foobar\",\n});\nconst foobar = new gcp.compute.Autoscaler(\"foobar\", {\n name: \"my-autoscaler\",\n zone: \"us-central1-f\",\n target: foobarInstanceGroupManager.id,\n autoscalingPolicy: {\n maxReplicas: 5,\n minReplicas: 1,\n cooldownPeriod: 60,\n cpuUtilization: {\n target: 0.5,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndebian9 = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\nfoobar_instance_template = gcp.compute.InstanceTemplate(\"foobar\",\n name=\"my-instance-template\",\n machine_type=\"e2-medium\",\n can_ip_forward=False,\n tags=[\n \"foo\",\n \"bar\",\n ],\n disks=[{\n \"source_image\": debian9.id,\n }],\n network_interfaces=[{\n \"network\": \"default\",\n }],\n metadata={\n \"foo\": \"bar\",\n },\n service_account={\n \"scopes\": [\n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\",\n ],\n })\nfoobar_target_pool = gcp.compute.TargetPool(\"foobar\", name=\"my-target-pool\")\nfoobar_instance_group_manager = gcp.compute.InstanceGroupManager(\"foobar\",\n name=\"my-igm\",\n zone=\"us-central1-f\",\n versions=[{\n \"instance_template\": foobar_instance_template.id,\n \"name\": \"primary\",\n }],\n target_pools=[foobar_target_pool.id],\n base_instance_name=\"foobar\")\nfoobar = gcp.compute.Autoscaler(\"foobar\",\n name=\"my-autoscaler\",\n zone=\"us-central1-f\",\n target=foobar_instance_group_manager.id,\n autoscaling_policy={\n \"max_replicas\": 5,\n \"min_replicas\": 1,\n \"cooldown_period\": 60,\n \"cpu_utilization\": {\n \"target\": 0.5,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var debian9 = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var foobarInstanceTemplate = new Gcp.Compute.InstanceTemplate(\"foobar\", new()\n {\n Name = \"my-instance-template\",\n MachineType = \"e2-medium\",\n CanIpForward = false,\n Tags = new[]\n {\n \"foo\",\n \"bar\",\n },\n Disks = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateDiskArgs\n {\n SourceImage = debian9.Apply(getImageResult =\u003e getImageResult.Id),\n },\n },\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs\n {\n Network = \"default\",\n },\n },\n Metadata = \n {\n { \"foo\", \"bar\" },\n },\n ServiceAccount = new Gcp.Compute.Inputs.InstanceTemplateServiceAccountArgs\n {\n Scopes = new[]\n {\n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\",\n },\n },\n });\n\n var foobarTargetPool = new Gcp.Compute.TargetPool(\"foobar\", new()\n {\n Name = \"my-target-pool\",\n });\n\n var foobarInstanceGroupManager = new Gcp.Compute.InstanceGroupManager(\"foobar\", new()\n {\n Name = \"my-igm\",\n Zone = \"us-central1-f\",\n Versions = new[]\n {\n new Gcp.Compute.Inputs.InstanceGroupManagerVersionArgs\n {\n InstanceTemplate = foobarInstanceTemplate.Id,\n Name = \"primary\",\n },\n },\n TargetPools = new[]\n {\n foobarTargetPool.Id,\n },\n BaseInstanceName = \"foobar\",\n });\n\n var foobar = new Gcp.Compute.Autoscaler(\"foobar\", new()\n {\n Name = \"my-autoscaler\",\n Zone = \"us-central1-f\",\n Target = foobarInstanceGroupManager.Id,\n AutoscalingPolicy = new Gcp.Compute.Inputs.AutoscalerAutoscalingPolicyArgs\n {\n MaxReplicas = 5,\n MinReplicas = 1,\n CooldownPeriod = 60,\n CpuUtilization = new Gcp.Compute.Inputs.AutoscalerAutoscalingPolicyCpuUtilizationArgs\n {\n Target = 0.5,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdebian9, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoobarInstanceTemplate, err := compute.NewInstanceTemplate(ctx, \"foobar\", \u0026compute.InstanceTemplateArgs{\n\t\t\tName: pulumi.String(\"my-instance-template\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tCanIpForward: pulumi.Bool(false),\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"foo\"),\n\t\t\t\tpulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tDisks: compute.InstanceTemplateDiskArray{\n\t\t\t\t\u0026compute.InstanceTemplateDiskArgs{\n\t\t\t\t\tSourceImage: pulumi.String(debian9.Id),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceTemplateNetworkInterfaceArgs{\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tMetadata: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tServiceAccount: \u0026compute.InstanceTemplateServiceAccountArgs{\n\t\t\t\tScopes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"userinfo-email\"),\n\t\t\t\t\tpulumi.String(\"compute-ro\"),\n\t\t\t\t\tpulumi.String(\"storage-ro\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoobarTargetPool, err := compute.NewTargetPool(ctx, \"foobar\", \u0026compute.TargetPoolArgs{\n\t\t\tName: pulumi.String(\"my-target-pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoobarInstanceGroupManager, err := compute.NewInstanceGroupManager(ctx, \"foobar\", \u0026compute.InstanceGroupManagerArgs{\n\t\t\tName: pulumi.String(\"my-igm\"),\n\t\t\tZone: pulumi.String(\"us-central1-f\"),\n\t\t\tVersions: compute.InstanceGroupManagerVersionArray{\n\t\t\t\t\u0026compute.InstanceGroupManagerVersionArgs{\n\t\t\t\t\tInstanceTemplate: foobarInstanceTemplate.ID(),\n\t\t\t\t\tName: pulumi.String(\"primary\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTargetPools: pulumi.StringArray{\n\t\t\t\tfoobarTargetPool.ID(),\n\t\t\t},\n\t\t\tBaseInstanceName: pulumi.String(\"foobar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewAutoscaler(ctx, \"foobar\", \u0026compute.AutoscalerArgs{\n\t\t\tName: pulumi.String(\"my-autoscaler\"),\n\t\t\tZone: pulumi.String(\"us-central1-f\"),\n\t\t\tTarget: foobarInstanceGroupManager.ID(),\n\t\t\tAutoscalingPolicy: \u0026compute.AutoscalerAutoscalingPolicyArgs{\n\t\t\t\tMaxReplicas: pulumi.Int(5),\n\t\t\t\tMinReplicas: pulumi.Int(1),\n\t\t\t\tCooldownPeriod: pulumi.Int(60),\n\t\t\t\tCpuUtilization: \u0026compute.AutoscalerAutoscalingPolicyCpuUtilizationArgs{\n\t\t\t\t\tTarget: pulumi.Float64(0.5),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.InstanceTemplate;\nimport com.pulumi.gcp.compute.InstanceTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateServiceAccountArgs;\nimport com.pulumi.gcp.compute.TargetPool;\nimport com.pulumi.gcp.compute.TargetPoolArgs;\nimport com.pulumi.gcp.compute.InstanceGroupManager;\nimport com.pulumi.gcp.compute.InstanceGroupManagerArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceGroupManagerVersionArgs;\nimport com.pulumi.gcp.compute.Autoscaler;\nimport com.pulumi.gcp.compute.AutoscalerArgs;\nimport com.pulumi.gcp.compute.inputs.AutoscalerAutoscalingPolicyArgs;\nimport com.pulumi.gcp.compute.inputs.AutoscalerAutoscalingPolicyCpuUtilizationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var debian9 = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var foobarInstanceTemplate = new InstanceTemplate(\"foobarInstanceTemplate\", InstanceTemplateArgs.builder()\n .name(\"my-instance-template\")\n .machineType(\"e2-medium\")\n .canIpForward(false)\n .tags( \n \"foo\",\n \"bar\")\n .disks(InstanceTemplateDiskArgs.builder()\n .sourceImage(debian9.applyValue(getImageResult -\u003e getImageResult.id()))\n .build())\n .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()\n .network(\"default\")\n .build())\n .metadata(Map.of(\"foo\", \"bar\"))\n .serviceAccount(InstanceTemplateServiceAccountArgs.builder()\n .scopes( \n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\")\n .build())\n .build());\n\n var foobarTargetPool = new TargetPool(\"foobarTargetPool\", TargetPoolArgs.builder()\n .name(\"my-target-pool\")\n .build());\n\n var foobarInstanceGroupManager = new InstanceGroupManager(\"foobarInstanceGroupManager\", InstanceGroupManagerArgs.builder()\n .name(\"my-igm\")\n .zone(\"us-central1-f\")\n .versions(InstanceGroupManagerVersionArgs.builder()\n .instanceTemplate(foobarInstanceTemplate.id())\n .name(\"primary\")\n .build())\n .targetPools(foobarTargetPool.id())\n .baseInstanceName(\"foobar\")\n .build());\n\n var foobar = new Autoscaler(\"foobar\", AutoscalerArgs.builder()\n .name(\"my-autoscaler\")\n .zone(\"us-central1-f\")\n .target(foobarInstanceGroupManager.id())\n .autoscalingPolicy(AutoscalerAutoscalingPolicyArgs.builder()\n .maxReplicas(5)\n .minReplicas(1)\n .cooldownPeriod(60)\n .cpuUtilization(AutoscalerAutoscalingPolicyCpuUtilizationArgs.builder()\n .target(0.5)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foobar:\n type: gcp:compute:Autoscaler\n properties:\n name: my-autoscaler\n zone: us-central1-f\n target: ${foobarInstanceGroupManager.id}\n autoscalingPolicy:\n maxReplicas: 5\n minReplicas: 1\n cooldownPeriod: 60\n cpuUtilization:\n target: 0.5\n foobarInstanceTemplate:\n type: gcp:compute:InstanceTemplate\n name: foobar\n properties:\n name: my-instance-template\n machineType: e2-medium\n canIpForward: false\n tags:\n - foo\n - bar\n disks:\n - sourceImage: ${debian9.id}\n networkInterfaces:\n - network: default\n metadata:\n foo: bar\n serviceAccount:\n scopes:\n - userinfo-email\n - compute-ro\n - storage-ro\n foobarTargetPool:\n type: gcp:compute:TargetPool\n name: foobar\n properties:\n name: my-target-pool\n foobarInstanceGroupManager:\n type: gcp:compute:InstanceGroupManager\n name: foobar\n properties:\n name: my-igm\n zone: us-central1-f\n versions:\n - instanceTemplate: ${foobarInstanceTemplate.id}\n name: primary\n targetPools:\n - ${foobarTargetPool.id}\n baseInstanceName: foobar\nvariables:\n debian9:\n fn::invoke:\n Function: gcp:compute:getImage\n Arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAutoscaler can be imported using any of these accepted formats:\n\n* `projects/{{project}}/zones/{{zone}}/autoscalers/{{name}}`\n\n* `{{project}}/{{zone}}/{{name}}`\n\n* `{{zone}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Autoscaler can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/autoscaler:Autoscaler default projects/{{project}}/zones/{{zone}}/autoscalers/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/autoscaler:Autoscaler default {{project}}/{{zone}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/autoscaler:Autoscaler default {{zone}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/autoscaler:Autoscaler default {{name}}\n```\n\n", + "description": "Represents an Autoscaler resource.\n\nAutoscalers allow you to automatically scale virtual machine instances in\nmanaged instance groups according to an autoscaling policy that you\ndefine.\n\n\nTo get more information about Autoscaler, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/autoscalers)\n* How-to Guides\n * [Autoscaling Groups of Instances](https://cloud.google.com/compute/docs/autoscaler/)\n\n## Example Usage\n\n### Autoscaler Single Instance\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst debian9 = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst defaultInstanceTemplate = new gcp.compute.InstanceTemplate(\"default\", {\n name: \"my-instance-template\",\n machineType: \"e2-medium\",\n canIpForward: false,\n tags: [\n \"foo\",\n \"bar\",\n ],\n disks: [{\n sourceImage: debian9.then(debian9 =\u003e debian9.id),\n }],\n networkInterfaces: [{\n network: \"default\",\n }],\n metadata: {\n foo: \"bar\",\n },\n serviceAccount: {\n scopes: [\n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\",\n ],\n },\n});\nconst defaultTargetPool = new gcp.compute.TargetPool(\"default\", {name: \"my-target-pool\"});\nconst defaultInstanceGroupManager = new gcp.compute.InstanceGroupManager(\"default\", {\n name: \"my-igm\",\n zone: \"us-central1-f\",\n versions: [{\n instanceTemplate: defaultInstanceTemplate.id,\n name: \"primary\",\n }],\n targetPools: [defaultTargetPool.id],\n baseInstanceName: \"autoscaler-sample\",\n});\nconst _default = new gcp.compute.Autoscaler(\"default\", {\n name: \"my-autoscaler\",\n zone: \"us-central1-f\",\n target: defaultInstanceGroupManager.id,\n autoscalingPolicy: {\n maxReplicas: 5,\n minReplicas: 1,\n cooldownPeriod: 60,\n metrics: [{\n name: \"pubsub.googleapis.com/subscription/num_undelivered_messages\",\n filter: \"resource.type = pubsub_subscription AND resource.label.subscription_id = our-subscription\",\n singleInstanceAssignment: 65535,\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndebian9 = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\ndefault_instance_template = gcp.compute.InstanceTemplate(\"default\",\n name=\"my-instance-template\",\n machine_type=\"e2-medium\",\n can_ip_forward=False,\n tags=[\n \"foo\",\n \"bar\",\n ],\n disks=[{\n \"source_image\": debian9.id,\n }],\n network_interfaces=[{\n \"network\": \"default\",\n }],\n metadata={\n \"foo\": \"bar\",\n },\n service_account={\n \"scopes\": [\n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\",\n ],\n })\ndefault_target_pool = gcp.compute.TargetPool(\"default\", name=\"my-target-pool\")\ndefault_instance_group_manager = gcp.compute.InstanceGroupManager(\"default\",\n name=\"my-igm\",\n zone=\"us-central1-f\",\n versions=[{\n \"instance_template\": default_instance_template.id,\n \"name\": \"primary\",\n }],\n target_pools=[default_target_pool.id],\n base_instance_name=\"autoscaler-sample\")\ndefault = gcp.compute.Autoscaler(\"default\",\n name=\"my-autoscaler\",\n zone=\"us-central1-f\",\n target=default_instance_group_manager.id,\n autoscaling_policy={\n \"max_replicas\": 5,\n \"min_replicas\": 1,\n \"cooldown_period\": 60,\n \"metrics\": [{\n \"name\": \"pubsub.googleapis.com/subscription/num_undelivered_messages\",\n \"filter\": \"resource.type = pubsub_subscription AND resource.label.subscription_id = our-subscription\",\n \"single_instance_assignment\": 65535,\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var debian9 = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var defaultInstanceTemplate = new Gcp.Compute.InstanceTemplate(\"default\", new()\n {\n Name = \"my-instance-template\",\n MachineType = \"e2-medium\",\n CanIpForward = false,\n Tags = new[]\n {\n \"foo\",\n \"bar\",\n },\n Disks = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateDiskArgs\n {\n SourceImage = debian9.Apply(getImageResult =\u003e getImageResult.Id),\n },\n },\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs\n {\n Network = \"default\",\n },\n },\n Metadata = \n {\n { \"foo\", \"bar\" },\n },\n ServiceAccount = new Gcp.Compute.Inputs.InstanceTemplateServiceAccountArgs\n {\n Scopes = new[]\n {\n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\",\n },\n },\n });\n\n var defaultTargetPool = new Gcp.Compute.TargetPool(\"default\", new()\n {\n Name = \"my-target-pool\",\n });\n\n var defaultInstanceGroupManager = new Gcp.Compute.InstanceGroupManager(\"default\", new()\n {\n Name = \"my-igm\",\n Zone = \"us-central1-f\",\n Versions = new[]\n {\n new Gcp.Compute.Inputs.InstanceGroupManagerVersionArgs\n {\n InstanceTemplate = defaultInstanceTemplate.Id,\n Name = \"primary\",\n },\n },\n TargetPools = new[]\n {\n defaultTargetPool.Id,\n },\n BaseInstanceName = \"autoscaler-sample\",\n });\n\n var @default = new Gcp.Compute.Autoscaler(\"default\", new()\n {\n Name = \"my-autoscaler\",\n Zone = \"us-central1-f\",\n Target = defaultInstanceGroupManager.Id,\n AutoscalingPolicy = new Gcp.Compute.Inputs.AutoscalerAutoscalingPolicyArgs\n {\n MaxReplicas = 5,\n MinReplicas = 1,\n CooldownPeriod = 60,\n Metrics = new[]\n {\n new Gcp.Compute.Inputs.AutoscalerAutoscalingPolicyMetricArgs\n {\n Name = \"pubsub.googleapis.com/subscription/num_undelivered_messages\",\n Filter = \"resource.type = pubsub_subscription AND resource.label.subscription_id = our-subscription\",\n SingleInstanceAssignment = 65535,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdebian9, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultInstanceTemplate, err := compute.NewInstanceTemplate(ctx, \"default\", \u0026compute.InstanceTemplateArgs{\n\t\t\tName: pulumi.String(\"my-instance-template\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tCanIpForward: pulumi.Bool(false),\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"foo\"),\n\t\t\t\tpulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tDisks: compute.InstanceTemplateDiskArray{\n\t\t\t\t\u0026compute.InstanceTemplateDiskArgs{\n\t\t\t\t\tSourceImage: pulumi.String(debian9.Id),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceTemplateNetworkInterfaceArgs{\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tMetadata: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tServiceAccount: \u0026compute.InstanceTemplateServiceAccountArgs{\n\t\t\t\tScopes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"userinfo-email\"),\n\t\t\t\t\tpulumi.String(\"compute-ro\"),\n\t\t\t\t\tpulumi.String(\"storage-ro\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTargetPool, err := compute.NewTargetPool(ctx, \"default\", \u0026compute.TargetPoolArgs{\n\t\t\tName: pulumi.String(\"my-target-pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultInstanceGroupManager, err := compute.NewInstanceGroupManager(ctx, \"default\", \u0026compute.InstanceGroupManagerArgs{\n\t\t\tName: pulumi.String(\"my-igm\"),\n\t\t\tZone: pulumi.String(\"us-central1-f\"),\n\t\t\tVersions: compute.InstanceGroupManagerVersionArray{\n\t\t\t\t\u0026compute.InstanceGroupManagerVersionArgs{\n\t\t\t\t\tInstanceTemplate: defaultInstanceTemplate.ID(),\n\t\t\t\t\tName: pulumi.String(\"primary\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTargetPools: pulumi.StringArray{\n\t\t\t\tdefaultTargetPool.ID(),\n\t\t\t},\n\t\t\tBaseInstanceName: pulumi.String(\"autoscaler-sample\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewAutoscaler(ctx, \"default\", \u0026compute.AutoscalerArgs{\n\t\t\tName: pulumi.String(\"my-autoscaler\"),\n\t\t\tZone: pulumi.String(\"us-central1-f\"),\n\t\t\tTarget: defaultInstanceGroupManager.ID(),\n\t\t\tAutoscalingPolicy: \u0026compute.AutoscalerAutoscalingPolicyArgs{\n\t\t\t\tMaxReplicas: pulumi.Int(5),\n\t\t\t\tMinReplicas: pulumi.Int(1),\n\t\t\t\tCooldownPeriod: pulumi.Int(60),\n\t\t\t\tMetrics: compute.AutoscalerAutoscalingPolicyMetricArray{\n\t\t\t\t\t\u0026compute.AutoscalerAutoscalingPolicyMetricArgs{\n\t\t\t\t\t\tName: pulumi.String(\"pubsub.googleapis.com/subscription/num_undelivered_messages\"),\n\t\t\t\t\t\tFilter: pulumi.String(\"resource.type = pubsub_subscription AND resource.label.subscription_id = our-subscription\"),\n\t\t\t\t\t\tSingleInstanceAssignment: pulumi.Float64(65535),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.InstanceTemplate;\nimport com.pulumi.gcp.compute.InstanceTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateServiceAccountArgs;\nimport com.pulumi.gcp.compute.TargetPool;\nimport com.pulumi.gcp.compute.TargetPoolArgs;\nimport com.pulumi.gcp.compute.InstanceGroupManager;\nimport com.pulumi.gcp.compute.InstanceGroupManagerArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceGroupManagerVersionArgs;\nimport com.pulumi.gcp.compute.Autoscaler;\nimport com.pulumi.gcp.compute.AutoscalerArgs;\nimport com.pulumi.gcp.compute.inputs.AutoscalerAutoscalingPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var debian9 = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var defaultInstanceTemplate = new InstanceTemplate(\"defaultInstanceTemplate\", InstanceTemplateArgs.builder()\n .name(\"my-instance-template\")\n .machineType(\"e2-medium\")\n .canIpForward(false)\n .tags( \n \"foo\",\n \"bar\")\n .disks(InstanceTemplateDiskArgs.builder()\n .sourceImage(debian9.applyValue(getImageResult -\u003e getImageResult.id()))\n .build())\n .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()\n .network(\"default\")\n .build())\n .metadata(Map.of(\"foo\", \"bar\"))\n .serviceAccount(InstanceTemplateServiceAccountArgs.builder()\n .scopes( \n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\")\n .build())\n .build());\n\n var defaultTargetPool = new TargetPool(\"defaultTargetPool\", TargetPoolArgs.builder()\n .name(\"my-target-pool\")\n .build());\n\n var defaultInstanceGroupManager = new InstanceGroupManager(\"defaultInstanceGroupManager\", InstanceGroupManagerArgs.builder()\n .name(\"my-igm\")\n .zone(\"us-central1-f\")\n .versions(InstanceGroupManagerVersionArgs.builder()\n .instanceTemplate(defaultInstanceTemplate.id())\n .name(\"primary\")\n .build())\n .targetPools(defaultTargetPool.id())\n .baseInstanceName(\"autoscaler-sample\")\n .build());\n\n var default_ = new Autoscaler(\"default\", AutoscalerArgs.builder()\n .name(\"my-autoscaler\")\n .zone(\"us-central1-f\")\n .target(defaultInstanceGroupManager.id())\n .autoscalingPolicy(AutoscalerAutoscalingPolicyArgs.builder()\n .maxReplicas(5)\n .minReplicas(1)\n .cooldownPeriod(60)\n .metrics(AutoscalerAutoscalingPolicyMetricArgs.builder()\n .name(\"pubsub.googleapis.com/subscription/num_undelivered_messages\")\n .filter(\"resource.type = pubsub_subscription AND resource.label.subscription_id = our-subscription\")\n .singleInstanceAssignment(65535)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:Autoscaler\n properties:\n name: my-autoscaler\n zone: us-central1-f\n target: ${defaultInstanceGroupManager.id}\n autoscalingPolicy:\n maxReplicas: 5\n minReplicas: 1\n cooldownPeriod: 60\n metrics:\n - name: pubsub.googleapis.com/subscription/num_undelivered_messages\n filter: resource.type = pubsub_subscription AND resource.label.subscription_id = our-subscription\n singleInstanceAssignment: 65535\n defaultInstanceTemplate:\n type: gcp:compute:InstanceTemplate\n name: default\n properties:\n name: my-instance-template\n machineType: e2-medium\n canIpForward: false\n tags:\n - foo\n - bar\n disks:\n - sourceImage: ${debian9.id}\n networkInterfaces:\n - network: default\n metadata:\n foo: bar\n serviceAccount:\n scopes:\n - userinfo-email\n - compute-ro\n - storage-ro\n defaultTargetPool:\n type: gcp:compute:TargetPool\n name: default\n properties:\n name: my-target-pool\n defaultInstanceGroupManager:\n type: gcp:compute:InstanceGroupManager\n name: default\n properties:\n name: my-igm\n zone: us-central1-f\n versions:\n - instanceTemplate: ${defaultInstanceTemplate.id}\n name: primary\n targetPools:\n - ${defaultTargetPool.id}\n baseInstanceName: autoscaler-sample\nvariables:\n debian9:\n fn::invoke:\n function: gcp:compute:getImage\n arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Autoscaler Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst debian9 = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst foobarInstanceTemplate = new gcp.compute.InstanceTemplate(\"foobar\", {\n name: \"my-instance-template\",\n machineType: \"e2-medium\",\n canIpForward: false,\n tags: [\n \"foo\",\n \"bar\",\n ],\n disks: [{\n sourceImage: debian9.then(debian9 =\u003e debian9.id),\n }],\n networkInterfaces: [{\n network: \"default\",\n }],\n metadata: {\n foo: \"bar\",\n },\n serviceAccount: {\n scopes: [\n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\",\n ],\n },\n});\nconst foobarTargetPool = new gcp.compute.TargetPool(\"foobar\", {name: \"my-target-pool\"});\nconst foobarInstanceGroupManager = new gcp.compute.InstanceGroupManager(\"foobar\", {\n name: \"my-igm\",\n zone: \"us-central1-f\",\n versions: [{\n instanceTemplate: foobarInstanceTemplate.id,\n name: \"primary\",\n }],\n targetPools: [foobarTargetPool.id],\n baseInstanceName: \"foobar\",\n});\nconst foobar = new gcp.compute.Autoscaler(\"foobar\", {\n name: \"my-autoscaler\",\n zone: \"us-central1-f\",\n target: foobarInstanceGroupManager.id,\n autoscalingPolicy: {\n maxReplicas: 5,\n minReplicas: 1,\n cooldownPeriod: 60,\n cpuUtilization: {\n target: 0.5,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndebian9 = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\nfoobar_instance_template = gcp.compute.InstanceTemplate(\"foobar\",\n name=\"my-instance-template\",\n machine_type=\"e2-medium\",\n can_ip_forward=False,\n tags=[\n \"foo\",\n \"bar\",\n ],\n disks=[{\n \"source_image\": debian9.id,\n }],\n network_interfaces=[{\n \"network\": \"default\",\n }],\n metadata={\n \"foo\": \"bar\",\n },\n service_account={\n \"scopes\": [\n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\",\n ],\n })\nfoobar_target_pool = gcp.compute.TargetPool(\"foobar\", name=\"my-target-pool\")\nfoobar_instance_group_manager = gcp.compute.InstanceGroupManager(\"foobar\",\n name=\"my-igm\",\n zone=\"us-central1-f\",\n versions=[{\n \"instance_template\": foobar_instance_template.id,\n \"name\": \"primary\",\n }],\n target_pools=[foobar_target_pool.id],\n base_instance_name=\"foobar\")\nfoobar = gcp.compute.Autoscaler(\"foobar\",\n name=\"my-autoscaler\",\n zone=\"us-central1-f\",\n target=foobar_instance_group_manager.id,\n autoscaling_policy={\n \"max_replicas\": 5,\n \"min_replicas\": 1,\n \"cooldown_period\": 60,\n \"cpu_utilization\": {\n \"target\": 0.5,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var debian9 = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var foobarInstanceTemplate = new Gcp.Compute.InstanceTemplate(\"foobar\", new()\n {\n Name = \"my-instance-template\",\n MachineType = \"e2-medium\",\n CanIpForward = false,\n Tags = new[]\n {\n \"foo\",\n \"bar\",\n },\n Disks = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateDiskArgs\n {\n SourceImage = debian9.Apply(getImageResult =\u003e getImageResult.Id),\n },\n },\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs\n {\n Network = \"default\",\n },\n },\n Metadata = \n {\n { \"foo\", \"bar\" },\n },\n ServiceAccount = new Gcp.Compute.Inputs.InstanceTemplateServiceAccountArgs\n {\n Scopes = new[]\n {\n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\",\n },\n },\n });\n\n var foobarTargetPool = new Gcp.Compute.TargetPool(\"foobar\", new()\n {\n Name = \"my-target-pool\",\n });\n\n var foobarInstanceGroupManager = new Gcp.Compute.InstanceGroupManager(\"foobar\", new()\n {\n Name = \"my-igm\",\n Zone = \"us-central1-f\",\n Versions = new[]\n {\n new Gcp.Compute.Inputs.InstanceGroupManagerVersionArgs\n {\n InstanceTemplate = foobarInstanceTemplate.Id,\n Name = \"primary\",\n },\n },\n TargetPools = new[]\n {\n foobarTargetPool.Id,\n },\n BaseInstanceName = \"foobar\",\n });\n\n var foobar = new Gcp.Compute.Autoscaler(\"foobar\", new()\n {\n Name = \"my-autoscaler\",\n Zone = \"us-central1-f\",\n Target = foobarInstanceGroupManager.Id,\n AutoscalingPolicy = new Gcp.Compute.Inputs.AutoscalerAutoscalingPolicyArgs\n {\n MaxReplicas = 5,\n MinReplicas = 1,\n CooldownPeriod = 60,\n CpuUtilization = new Gcp.Compute.Inputs.AutoscalerAutoscalingPolicyCpuUtilizationArgs\n {\n Target = 0.5,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdebian9, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoobarInstanceTemplate, err := compute.NewInstanceTemplate(ctx, \"foobar\", \u0026compute.InstanceTemplateArgs{\n\t\t\tName: pulumi.String(\"my-instance-template\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tCanIpForward: pulumi.Bool(false),\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"foo\"),\n\t\t\t\tpulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tDisks: compute.InstanceTemplateDiskArray{\n\t\t\t\t\u0026compute.InstanceTemplateDiskArgs{\n\t\t\t\t\tSourceImage: pulumi.String(debian9.Id),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceTemplateNetworkInterfaceArgs{\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tMetadata: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tServiceAccount: \u0026compute.InstanceTemplateServiceAccountArgs{\n\t\t\t\tScopes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"userinfo-email\"),\n\t\t\t\t\tpulumi.String(\"compute-ro\"),\n\t\t\t\t\tpulumi.String(\"storage-ro\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoobarTargetPool, err := compute.NewTargetPool(ctx, \"foobar\", \u0026compute.TargetPoolArgs{\n\t\t\tName: pulumi.String(\"my-target-pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoobarInstanceGroupManager, err := compute.NewInstanceGroupManager(ctx, \"foobar\", \u0026compute.InstanceGroupManagerArgs{\n\t\t\tName: pulumi.String(\"my-igm\"),\n\t\t\tZone: pulumi.String(\"us-central1-f\"),\n\t\t\tVersions: compute.InstanceGroupManagerVersionArray{\n\t\t\t\t\u0026compute.InstanceGroupManagerVersionArgs{\n\t\t\t\t\tInstanceTemplate: foobarInstanceTemplate.ID(),\n\t\t\t\t\tName: pulumi.String(\"primary\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTargetPools: pulumi.StringArray{\n\t\t\t\tfoobarTargetPool.ID(),\n\t\t\t},\n\t\t\tBaseInstanceName: pulumi.String(\"foobar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewAutoscaler(ctx, \"foobar\", \u0026compute.AutoscalerArgs{\n\t\t\tName: pulumi.String(\"my-autoscaler\"),\n\t\t\tZone: pulumi.String(\"us-central1-f\"),\n\t\t\tTarget: foobarInstanceGroupManager.ID(),\n\t\t\tAutoscalingPolicy: \u0026compute.AutoscalerAutoscalingPolicyArgs{\n\t\t\t\tMaxReplicas: pulumi.Int(5),\n\t\t\t\tMinReplicas: pulumi.Int(1),\n\t\t\t\tCooldownPeriod: pulumi.Int(60),\n\t\t\t\tCpuUtilization: \u0026compute.AutoscalerAutoscalingPolicyCpuUtilizationArgs{\n\t\t\t\t\tTarget: pulumi.Float64(0.5),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.InstanceTemplate;\nimport com.pulumi.gcp.compute.InstanceTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateServiceAccountArgs;\nimport com.pulumi.gcp.compute.TargetPool;\nimport com.pulumi.gcp.compute.TargetPoolArgs;\nimport com.pulumi.gcp.compute.InstanceGroupManager;\nimport com.pulumi.gcp.compute.InstanceGroupManagerArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceGroupManagerVersionArgs;\nimport com.pulumi.gcp.compute.Autoscaler;\nimport com.pulumi.gcp.compute.AutoscalerArgs;\nimport com.pulumi.gcp.compute.inputs.AutoscalerAutoscalingPolicyArgs;\nimport com.pulumi.gcp.compute.inputs.AutoscalerAutoscalingPolicyCpuUtilizationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var debian9 = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var foobarInstanceTemplate = new InstanceTemplate(\"foobarInstanceTemplate\", InstanceTemplateArgs.builder()\n .name(\"my-instance-template\")\n .machineType(\"e2-medium\")\n .canIpForward(false)\n .tags( \n \"foo\",\n \"bar\")\n .disks(InstanceTemplateDiskArgs.builder()\n .sourceImage(debian9.applyValue(getImageResult -\u003e getImageResult.id()))\n .build())\n .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()\n .network(\"default\")\n .build())\n .metadata(Map.of(\"foo\", \"bar\"))\n .serviceAccount(InstanceTemplateServiceAccountArgs.builder()\n .scopes( \n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\")\n .build())\n .build());\n\n var foobarTargetPool = new TargetPool(\"foobarTargetPool\", TargetPoolArgs.builder()\n .name(\"my-target-pool\")\n .build());\n\n var foobarInstanceGroupManager = new InstanceGroupManager(\"foobarInstanceGroupManager\", InstanceGroupManagerArgs.builder()\n .name(\"my-igm\")\n .zone(\"us-central1-f\")\n .versions(InstanceGroupManagerVersionArgs.builder()\n .instanceTemplate(foobarInstanceTemplate.id())\n .name(\"primary\")\n .build())\n .targetPools(foobarTargetPool.id())\n .baseInstanceName(\"foobar\")\n .build());\n\n var foobar = new Autoscaler(\"foobar\", AutoscalerArgs.builder()\n .name(\"my-autoscaler\")\n .zone(\"us-central1-f\")\n .target(foobarInstanceGroupManager.id())\n .autoscalingPolicy(AutoscalerAutoscalingPolicyArgs.builder()\n .maxReplicas(5)\n .minReplicas(1)\n .cooldownPeriod(60)\n .cpuUtilization(AutoscalerAutoscalingPolicyCpuUtilizationArgs.builder()\n .target(0.5)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foobar:\n type: gcp:compute:Autoscaler\n properties:\n name: my-autoscaler\n zone: us-central1-f\n target: ${foobarInstanceGroupManager.id}\n autoscalingPolicy:\n maxReplicas: 5\n minReplicas: 1\n cooldownPeriod: 60\n cpuUtilization:\n target: 0.5\n foobarInstanceTemplate:\n type: gcp:compute:InstanceTemplate\n name: foobar\n properties:\n name: my-instance-template\n machineType: e2-medium\n canIpForward: false\n tags:\n - foo\n - bar\n disks:\n - sourceImage: ${debian9.id}\n networkInterfaces:\n - network: default\n metadata:\n foo: bar\n serviceAccount:\n scopes:\n - userinfo-email\n - compute-ro\n - storage-ro\n foobarTargetPool:\n type: gcp:compute:TargetPool\n name: foobar\n properties:\n name: my-target-pool\n foobarInstanceGroupManager:\n type: gcp:compute:InstanceGroupManager\n name: foobar\n properties:\n name: my-igm\n zone: us-central1-f\n versions:\n - instanceTemplate: ${foobarInstanceTemplate.id}\n name: primary\n targetPools:\n - ${foobarTargetPool.id}\n baseInstanceName: foobar\nvariables:\n debian9:\n fn::invoke:\n function: gcp:compute:getImage\n arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAutoscaler can be imported using any of these accepted formats:\n\n* `projects/{{project}}/zones/{{zone}}/autoscalers/{{name}}`\n\n* `{{project}}/{{zone}}/{{name}}`\n\n* `{{zone}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Autoscaler can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/autoscaler:Autoscaler default projects/{{project}}/zones/{{zone}}/autoscalers/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/autoscaler:Autoscaler default {{project}}/{{zone}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/autoscaler:Autoscaler default {{zone}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/autoscaler:Autoscaler default {{name}}\n```\n\n", "properties": { "autoscalingPolicy": { "$ref": "#/types/gcp:compute/AutoscalerAutoscalingPolicy:AutoscalerAutoscalingPolicy", @@ -161075,7 +161075,7 @@ } }, "gcp:compute/diskIamBinding:DiskIamBinding": { - "description": "Three different resources help you manage your IAM policy for Compute Engine Disk. Each of these resources serves a different use case:\n\n* `gcp.compute.DiskIamPolicy`: Authoritative. Sets the IAM policy for the disk and replaces any existing policy already attached.\n* `gcp.compute.DiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the disk are preserved.\n* `gcp.compute.DiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the disk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.DiskIamPolicy`: Retrieves the IAM policy for the disk\n\n\u003e **Note:** `gcp.compute.DiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.DiskIamBinding` and `gcp.compute.DiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.DiskIamBinding` resources **can be** used in conjunction with `gcp.compute.DiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.DiskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.DiskIamPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.DiskIamPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.DiskIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDiskIamPolicy(ctx, \"policy\", \u0026compute.DiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.DiskIamPolicy;\nimport com.pulumi.gcp.compute.DiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DiskIamPolicy(\"policy\", DiskIamPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:DiskIamPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.DiskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.DiskIamBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.DiskIamBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.DiskIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamBinding(ctx, \"binding\", \u0026compute.DiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamBinding;\nimport com.pulumi.gcp.compute.DiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DiskIamBinding(\"binding\", DiskIamBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:DiskIamBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.DiskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.DiskIamMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.DiskIamMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.DiskIamMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamMember(ctx, \"member\", \u0026compute.DiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamMember;\nimport com.pulumi.gcp.compute.DiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DiskIamMember(\"member\", DiskIamMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:DiskIamMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine Disk\nThree different resources help you manage your IAM policy for Compute Engine Disk. Each of these resources serves a different use case:\n\n* `gcp.compute.DiskIamPolicy`: Authoritative. Sets the IAM policy for the disk and replaces any existing policy already attached.\n* `gcp.compute.DiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the disk are preserved.\n* `gcp.compute.DiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the disk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.DiskIamPolicy`: Retrieves the IAM policy for the disk\n\n\u003e **Note:** `gcp.compute.DiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.DiskIamBinding` and `gcp.compute.DiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.DiskIamBinding` resources **can be** used in conjunction with `gcp.compute.DiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.DiskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.DiskIamPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.DiskIamPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.DiskIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDiskIamPolicy(ctx, \"policy\", \u0026compute.DiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.DiskIamPolicy;\nimport com.pulumi.gcp.compute.DiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DiskIamPolicy(\"policy\", DiskIamPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:DiskIamPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.DiskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.DiskIamBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.DiskIamBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.DiskIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamBinding(ctx, \"binding\", \u0026compute.DiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamBinding;\nimport com.pulumi.gcp.compute.DiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DiskIamBinding(\"binding\", DiskIamBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:DiskIamBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.DiskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.DiskIamMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.DiskIamMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.DiskIamMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamMember(ctx, \"member\", \u0026compute.DiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamMember;\nimport com.pulumi.gcp.compute.DiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DiskIamMember(\"member\", DiskIamMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:DiskIamMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/zones/{{zone}}/disks/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine disk IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamBinding:DiskIamBinding editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamBinding:DiskIamBinding editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamBinding:DiskIamBinding editor projects/{{project}}/zones/{{zone}}/disks/{{disk}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine Disk. Each of these resources serves a different use case:\n\n* `gcp.compute.DiskIamPolicy`: Authoritative. Sets the IAM policy for the disk and replaces any existing policy already attached.\n* `gcp.compute.DiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the disk are preserved.\n* `gcp.compute.DiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the disk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.DiskIamPolicy`: Retrieves the IAM policy for the disk\n\n\u003e **Note:** `gcp.compute.DiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.DiskIamBinding` and `gcp.compute.DiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.DiskIamBinding` resources **can be** used in conjunction with `gcp.compute.DiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.DiskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.DiskIamPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.DiskIamPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.DiskIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDiskIamPolicy(ctx, \"policy\", \u0026compute.DiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.DiskIamPolicy;\nimport com.pulumi.gcp.compute.DiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DiskIamPolicy(\"policy\", DiskIamPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:DiskIamPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.DiskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.DiskIamBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.DiskIamBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.DiskIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamBinding(ctx, \"binding\", \u0026compute.DiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamBinding;\nimport com.pulumi.gcp.compute.DiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DiskIamBinding(\"binding\", DiskIamBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:DiskIamBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.DiskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.DiskIamMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.DiskIamMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.DiskIamMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamMember(ctx, \"member\", \u0026compute.DiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamMember;\nimport com.pulumi.gcp.compute.DiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DiskIamMember(\"member\", DiskIamMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:DiskIamMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine Disk\nThree different resources help you manage your IAM policy for Compute Engine Disk. Each of these resources serves a different use case:\n\n* `gcp.compute.DiskIamPolicy`: Authoritative. Sets the IAM policy for the disk and replaces any existing policy already attached.\n* `gcp.compute.DiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the disk are preserved.\n* `gcp.compute.DiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the disk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.DiskIamPolicy`: Retrieves the IAM policy for the disk\n\n\u003e **Note:** `gcp.compute.DiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.DiskIamBinding` and `gcp.compute.DiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.DiskIamBinding` resources **can be** used in conjunction with `gcp.compute.DiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.DiskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.DiskIamPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.DiskIamPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.DiskIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDiskIamPolicy(ctx, \"policy\", \u0026compute.DiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.DiskIamPolicy;\nimport com.pulumi.gcp.compute.DiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DiskIamPolicy(\"policy\", DiskIamPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:DiskIamPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.DiskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.DiskIamBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.DiskIamBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.DiskIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamBinding(ctx, \"binding\", \u0026compute.DiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamBinding;\nimport com.pulumi.gcp.compute.DiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DiskIamBinding(\"binding\", DiskIamBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:DiskIamBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.DiskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.DiskIamMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.DiskIamMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.DiskIamMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamMember(ctx, \"member\", \u0026compute.DiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamMember;\nimport com.pulumi.gcp.compute.DiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DiskIamMember(\"member\", DiskIamMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:DiskIamMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/zones/{{zone}}/disks/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine disk IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamBinding:DiskIamBinding editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamBinding:DiskIamBinding editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamBinding:DiskIamBinding editor projects/{{project}}/zones/{{zone}}/disks/{{disk}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:compute/DiskIamBindingCondition:DiskIamBindingCondition" @@ -161196,7 +161196,7 @@ } }, "gcp:compute/diskIamMember:DiskIamMember": { - "description": "Three different resources help you manage your IAM policy for Compute Engine Disk. Each of these resources serves a different use case:\n\n* `gcp.compute.DiskIamPolicy`: Authoritative. Sets the IAM policy for the disk and replaces any existing policy already attached.\n* `gcp.compute.DiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the disk are preserved.\n* `gcp.compute.DiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the disk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.DiskIamPolicy`: Retrieves the IAM policy for the disk\n\n\u003e **Note:** `gcp.compute.DiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.DiskIamBinding` and `gcp.compute.DiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.DiskIamBinding` resources **can be** used in conjunction with `gcp.compute.DiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.DiskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.DiskIamPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.DiskIamPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.DiskIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDiskIamPolicy(ctx, \"policy\", \u0026compute.DiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.DiskIamPolicy;\nimport com.pulumi.gcp.compute.DiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DiskIamPolicy(\"policy\", DiskIamPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:DiskIamPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.DiskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.DiskIamBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.DiskIamBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.DiskIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamBinding(ctx, \"binding\", \u0026compute.DiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamBinding;\nimport com.pulumi.gcp.compute.DiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DiskIamBinding(\"binding\", DiskIamBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:DiskIamBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.DiskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.DiskIamMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.DiskIamMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.DiskIamMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamMember(ctx, \"member\", \u0026compute.DiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamMember;\nimport com.pulumi.gcp.compute.DiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DiskIamMember(\"member\", DiskIamMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:DiskIamMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine Disk\nThree different resources help you manage your IAM policy for Compute Engine Disk. Each of these resources serves a different use case:\n\n* `gcp.compute.DiskIamPolicy`: Authoritative. Sets the IAM policy for the disk and replaces any existing policy already attached.\n* `gcp.compute.DiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the disk are preserved.\n* `gcp.compute.DiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the disk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.DiskIamPolicy`: Retrieves the IAM policy for the disk\n\n\u003e **Note:** `gcp.compute.DiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.DiskIamBinding` and `gcp.compute.DiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.DiskIamBinding` resources **can be** used in conjunction with `gcp.compute.DiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.DiskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.DiskIamPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.DiskIamPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.DiskIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDiskIamPolicy(ctx, \"policy\", \u0026compute.DiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.DiskIamPolicy;\nimport com.pulumi.gcp.compute.DiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DiskIamPolicy(\"policy\", DiskIamPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:DiskIamPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.DiskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.DiskIamBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.DiskIamBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.DiskIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamBinding(ctx, \"binding\", \u0026compute.DiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamBinding;\nimport com.pulumi.gcp.compute.DiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DiskIamBinding(\"binding\", DiskIamBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:DiskIamBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.DiskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.DiskIamMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.DiskIamMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.DiskIamMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamMember(ctx, \"member\", \u0026compute.DiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamMember;\nimport com.pulumi.gcp.compute.DiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DiskIamMember(\"member\", DiskIamMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:DiskIamMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/zones/{{zone}}/disks/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine disk IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamMember:DiskIamMember editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamMember:DiskIamMember editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamMember:DiskIamMember editor projects/{{project}}/zones/{{zone}}/disks/{{disk}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine Disk. Each of these resources serves a different use case:\n\n* `gcp.compute.DiskIamPolicy`: Authoritative. Sets the IAM policy for the disk and replaces any existing policy already attached.\n* `gcp.compute.DiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the disk are preserved.\n* `gcp.compute.DiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the disk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.DiskIamPolicy`: Retrieves the IAM policy for the disk\n\n\u003e **Note:** `gcp.compute.DiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.DiskIamBinding` and `gcp.compute.DiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.DiskIamBinding` resources **can be** used in conjunction with `gcp.compute.DiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.DiskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.DiskIamPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.DiskIamPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.DiskIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDiskIamPolicy(ctx, \"policy\", \u0026compute.DiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.DiskIamPolicy;\nimport com.pulumi.gcp.compute.DiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DiskIamPolicy(\"policy\", DiskIamPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:DiskIamPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.DiskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.DiskIamBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.DiskIamBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.DiskIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamBinding(ctx, \"binding\", \u0026compute.DiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamBinding;\nimport com.pulumi.gcp.compute.DiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DiskIamBinding(\"binding\", DiskIamBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:DiskIamBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.DiskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.DiskIamMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.DiskIamMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.DiskIamMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamMember(ctx, \"member\", \u0026compute.DiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamMember;\nimport com.pulumi.gcp.compute.DiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DiskIamMember(\"member\", DiskIamMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:DiskIamMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine Disk\nThree different resources help you manage your IAM policy for Compute Engine Disk. Each of these resources serves a different use case:\n\n* `gcp.compute.DiskIamPolicy`: Authoritative. Sets the IAM policy for the disk and replaces any existing policy already attached.\n* `gcp.compute.DiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the disk are preserved.\n* `gcp.compute.DiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the disk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.DiskIamPolicy`: Retrieves the IAM policy for the disk\n\n\u003e **Note:** `gcp.compute.DiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.DiskIamBinding` and `gcp.compute.DiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.DiskIamBinding` resources **can be** used in conjunction with `gcp.compute.DiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.DiskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.DiskIamPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.DiskIamPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.DiskIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDiskIamPolicy(ctx, \"policy\", \u0026compute.DiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.DiskIamPolicy;\nimport com.pulumi.gcp.compute.DiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DiskIamPolicy(\"policy\", DiskIamPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:DiskIamPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.DiskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.DiskIamBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.DiskIamBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.DiskIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamBinding(ctx, \"binding\", \u0026compute.DiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamBinding;\nimport com.pulumi.gcp.compute.DiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DiskIamBinding(\"binding\", DiskIamBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:DiskIamBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.DiskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.DiskIamMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.DiskIamMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.DiskIamMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamMember(ctx, \"member\", \u0026compute.DiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamMember;\nimport com.pulumi.gcp.compute.DiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DiskIamMember(\"member\", DiskIamMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:DiskIamMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/zones/{{zone}}/disks/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine disk IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamMember:DiskIamMember editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamMember:DiskIamMember editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamMember:DiskIamMember editor projects/{{project}}/zones/{{zone}}/disks/{{disk}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:compute/DiskIamMemberCondition:DiskIamMemberCondition" @@ -161310,7 +161310,7 @@ } }, "gcp:compute/diskIamPolicy:DiskIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Compute Engine Disk. Each of these resources serves a different use case:\n\n* `gcp.compute.DiskIamPolicy`: Authoritative. Sets the IAM policy for the disk and replaces any existing policy already attached.\n* `gcp.compute.DiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the disk are preserved.\n* `gcp.compute.DiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the disk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.DiskIamPolicy`: Retrieves the IAM policy for the disk\n\n\u003e **Note:** `gcp.compute.DiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.DiskIamBinding` and `gcp.compute.DiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.DiskIamBinding` resources **can be** used in conjunction with `gcp.compute.DiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.DiskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.DiskIamPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.DiskIamPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.DiskIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDiskIamPolicy(ctx, \"policy\", \u0026compute.DiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.DiskIamPolicy;\nimport com.pulumi.gcp.compute.DiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DiskIamPolicy(\"policy\", DiskIamPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:DiskIamPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.DiskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.DiskIamBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.DiskIamBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.DiskIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamBinding(ctx, \"binding\", \u0026compute.DiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamBinding;\nimport com.pulumi.gcp.compute.DiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DiskIamBinding(\"binding\", DiskIamBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:DiskIamBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.DiskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.DiskIamMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.DiskIamMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.DiskIamMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamMember(ctx, \"member\", \u0026compute.DiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamMember;\nimport com.pulumi.gcp.compute.DiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DiskIamMember(\"member\", DiskIamMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:DiskIamMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine Disk\nThree different resources help you manage your IAM policy for Compute Engine Disk. Each of these resources serves a different use case:\n\n* `gcp.compute.DiskIamPolicy`: Authoritative. Sets the IAM policy for the disk and replaces any existing policy already attached.\n* `gcp.compute.DiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the disk are preserved.\n* `gcp.compute.DiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the disk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.DiskIamPolicy`: Retrieves the IAM policy for the disk\n\n\u003e **Note:** `gcp.compute.DiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.DiskIamBinding` and `gcp.compute.DiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.DiskIamBinding` resources **can be** used in conjunction with `gcp.compute.DiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.DiskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.DiskIamPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.DiskIamPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.DiskIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDiskIamPolicy(ctx, \"policy\", \u0026compute.DiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.DiskIamPolicy;\nimport com.pulumi.gcp.compute.DiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DiskIamPolicy(\"policy\", DiskIamPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:DiskIamPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.DiskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.DiskIamBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.DiskIamBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.DiskIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamBinding(ctx, \"binding\", \u0026compute.DiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamBinding;\nimport com.pulumi.gcp.compute.DiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DiskIamBinding(\"binding\", DiskIamBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:DiskIamBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.DiskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.DiskIamMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.DiskIamMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.DiskIamMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamMember(ctx, \"member\", \u0026compute.DiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamMember;\nimport com.pulumi.gcp.compute.DiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DiskIamMember(\"member\", DiskIamMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:DiskIamMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/zones/{{zone}}/disks/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine disk IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamPolicy:DiskIamPolicy editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamPolicy:DiskIamPolicy editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamPolicy:DiskIamPolicy editor projects/{{project}}/zones/{{zone}}/disks/{{disk}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine Disk. Each of these resources serves a different use case:\n\n* `gcp.compute.DiskIamPolicy`: Authoritative. Sets the IAM policy for the disk and replaces any existing policy already attached.\n* `gcp.compute.DiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the disk are preserved.\n* `gcp.compute.DiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the disk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.DiskIamPolicy`: Retrieves the IAM policy for the disk\n\n\u003e **Note:** `gcp.compute.DiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.DiskIamBinding` and `gcp.compute.DiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.DiskIamBinding` resources **can be** used in conjunction with `gcp.compute.DiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.DiskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.DiskIamPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.DiskIamPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.DiskIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDiskIamPolicy(ctx, \"policy\", \u0026compute.DiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.DiskIamPolicy;\nimport com.pulumi.gcp.compute.DiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DiskIamPolicy(\"policy\", DiskIamPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:DiskIamPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.DiskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.DiskIamBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.DiskIamBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.DiskIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamBinding(ctx, \"binding\", \u0026compute.DiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamBinding;\nimport com.pulumi.gcp.compute.DiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DiskIamBinding(\"binding\", DiskIamBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:DiskIamBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.DiskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.DiskIamMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.DiskIamMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.DiskIamMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamMember(ctx, \"member\", \u0026compute.DiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamMember;\nimport com.pulumi.gcp.compute.DiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DiskIamMember(\"member\", DiskIamMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:DiskIamMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine Disk\nThree different resources help you manage your IAM policy for Compute Engine Disk. Each of these resources serves a different use case:\n\n* `gcp.compute.DiskIamPolicy`: Authoritative. Sets the IAM policy for the disk and replaces any existing policy already attached.\n* `gcp.compute.DiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the disk are preserved.\n* `gcp.compute.DiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the disk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.DiskIamPolicy`: Retrieves the IAM policy for the disk\n\n\u003e **Note:** `gcp.compute.DiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.DiskIamBinding` and `gcp.compute.DiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.DiskIamBinding` resources **can be** used in conjunction with `gcp.compute.DiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.DiskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.DiskIamPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.DiskIamPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.DiskIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDiskIamPolicy(ctx, \"policy\", \u0026compute.DiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.DiskIamPolicy;\nimport com.pulumi.gcp.compute.DiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DiskIamPolicy(\"policy\", DiskIamPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:DiskIamPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.DiskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.DiskIamBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.DiskIamBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.DiskIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamBinding(ctx, \"binding\", \u0026compute.DiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamBinding;\nimport com.pulumi.gcp.compute.DiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DiskIamBinding(\"binding\", DiskIamBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:DiskIamBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.DiskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.DiskIamMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.DiskIamMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.DiskIamMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamMember(ctx, \"member\", \u0026compute.DiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamMember;\nimport com.pulumi.gcp.compute.DiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DiskIamMember(\"member\", DiskIamMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:DiskIamMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/zones/{{zone}}/disks/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine disk IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamPolicy:DiskIamPolicy editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamPolicy:DiskIamPolicy editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamPolicy:DiskIamPolicy editor projects/{{project}}/zones/{{zone}}/disks/{{disk}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -161395,7 +161395,7 @@ } }, "gcp:compute/diskResourcePolicyAttachment:DiskResourcePolicyAttachment": { - "description": "Adds existing resource policies to a disk. You can only add one policy\nwhich will be applied to this disk for scheduling snapshot creation.\n\n\u003e **Note:** This resource does not support regional disks (`gcp.compute.RegionDisk`). For regional disks, please refer to the `gcp.compute.RegionDiskResourcePolicyAttachment` resource.\n\n\n## Example Usage\n\n### Disk Resource Policy Attachment Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst ssd = new gcp.compute.Disk(\"ssd\", {\n name: \"my-disk\",\n image: myImage.then(myImage =\u003e myImage.selfLink),\n size: 50,\n type: \"pd-ssd\",\n zone: \"us-central1-a\",\n});\nconst policy = new gcp.compute.ResourcePolicy(\"policy\", {\n name: \"my-resource-policy\",\n region: \"us-central1\",\n snapshotSchedulePolicy: {\n schedule: {\n dailySchedule: {\n daysInCycle: 1,\n startTime: \"04:00\",\n },\n },\n },\n});\nconst attachment = new gcp.compute.DiskResourcePolicyAttachment(\"attachment\", {\n name: policy.name,\n disk: ssd.name,\n zone: \"us-central1-a\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\nssd = gcp.compute.Disk(\"ssd\",\n name=\"my-disk\",\n image=my_image.self_link,\n size=50,\n type=\"pd-ssd\",\n zone=\"us-central1-a\")\npolicy = gcp.compute.ResourcePolicy(\"policy\",\n name=\"my-resource-policy\",\n region=\"us-central1\",\n snapshot_schedule_policy={\n \"schedule\": {\n \"daily_schedule\": {\n \"days_in_cycle\": 1,\n \"start_time\": \"04:00\",\n },\n },\n })\nattachment = gcp.compute.DiskResourcePolicyAttachment(\"attachment\",\n name=policy.name,\n disk=ssd.name,\n zone=\"us-central1-a\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var ssd = new Gcp.Compute.Disk(\"ssd\", new()\n {\n Name = \"my-disk\",\n Image = myImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n Size = 50,\n Type = \"pd-ssd\",\n Zone = \"us-central1-a\",\n });\n\n var policy = new Gcp.Compute.ResourcePolicy(\"policy\", new()\n {\n Name = \"my-resource-policy\",\n Region = \"us-central1\",\n SnapshotSchedulePolicy = new Gcp.Compute.Inputs.ResourcePolicySnapshotSchedulePolicyArgs\n {\n Schedule = new Gcp.Compute.Inputs.ResourcePolicySnapshotSchedulePolicyScheduleArgs\n {\n DailySchedule = new Gcp.Compute.Inputs.ResourcePolicySnapshotSchedulePolicyScheduleDailyScheduleArgs\n {\n DaysInCycle = 1,\n StartTime = \"04:00\",\n },\n },\n },\n });\n\n var attachment = new Gcp.Compute.DiskResourcePolicyAttachment(\"attachment\", new()\n {\n Name = policy.Name,\n Disk = ssd.Name,\n Zone = \"us-central1-a\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tssd, err := compute.NewDisk(ctx, \"ssd\", \u0026compute.DiskArgs{\n\t\t\tName: pulumi.String(\"my-disk\"),\n\t\t\tImage: pulumi.String(myImage.SelfLink),\n\t\t\tSize: pulumi.Int(50),\n\t\t\tType: pulumi.String(\"pd-ssd\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpolicy, err := compute.NewResourcePolicy(ctx, \"policy\", \u0026compute.ResourcePolicyArgs{\n\t\t\tName: pulumi.String(\"my-resource-policy\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tSnapshotSchedulePolicy: \u0026compute.ResourcePolicySnapshotSchedulePolicyArgs{\n\t\t\t\tSchedule: \u0026compute.ResourcePolicySnapshotSchedulePolicyScheduleArgs{\n\t\t\t\t\tDailySchedule: \u0026compute.ResourcePolicySnapshotSchedulePolicyScheduleDailyScheduleArgs{\n\t\t\t\t\t\tDaysInCycle: pulumi.Int(1),\n\t\t\t\t\t\tStartTime: pulumi.String(\"04:00\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDiskResourcePolicyAttachment(ctx, \"attachment\", \u0026compute.DiskResourcePolicyAttachmentArgs{\n\t\t\tName: policy.Name,\n\t\t\tDisk: ssd.Name,\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Disk;\nimport com.pulumi.gcp.compute.DiskArgs;\nimport com.pulumi.gcp.compute.ResourcePolicy;\nimport com.pulumi.gcp.compute.ResourcePolicyArgs;\nimport com.pulumi.gcp.compute.inputs.ResourcePolicySnapshotSchedulePolicyArgs;\nimport com.pulumi.gcp.compute.inputs.ResourcePolicySnapshotSchedulePolicyScheduleArgs;\nimport com.pulumi.gcp.compute.inputs.ResourcePolicySnapshotSchedulePolicyScheduleDailyScheduleArgs;\nimport com.pulumi.gcp.compute.DiskResourcePolicyAttachment;\nimport com.pulumi.gcp.compute.DiskResourcePolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var ssd = new Disk(\"ssd\", DiskArgs.builder()\n .name(\"my-disk\")\n .image(myImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .size(50)\n .type(\"pd-ssd\")\n .zone(\"us-central1-a\")\n .build());\n\n var policy = new ResourcePolicy(\"policy\", ResourcePolicyArgs.builder()\n .name(\"my-resource-policy\")\n .region(\"us-central1\")\n .snapshotSchedulePolicy(ResourcePolicySnapshotSchedulePolicyArgs.builder()\n .schedule(ResourcePolicySnapshotSchedulePolicyScheduleArgs.builder()\n .dailySchedule(ResourcePolicySnapshotSchedulePolicyScheduleDailyScheduleArgs.builder()\n .daysInCycle(1)\n .startTime(\"04:00\")\n .build())\n .build())\n .build())\n .build());\n\n var attachment = new DiskResourcePolicyAttachment(\"attachment\", DiskResourcePolicyAttachmentArgs.builder()\n .name(policy.name())\n .disk(ssd.name())\n .zone(\"us-central1-a\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n attachment:\n type: gcp:compute:DiskResourcePolicyAttachment\n properties:\n name: ${policy.name}\n disk: ${ssd.name}\n zone: us-central1-a\n ssd:\n type: gcp:compute:Disk\n properties:\n name: my-disk\n image: ${myImage.selfLink}\n size: 50\n type: pd-ssd\n zone: us-central1-a\n policy:\n type: gcp:compute:ResourcePolicy\n properties:\n name: my-resource-policy\n region: us-central1\n snapshotSchedulePolicy:\n schedule:\n dailySchedule:\n daysInCycle: 1\n startTime: 04:00\nvariables:\n myImage:\n fn::invoke:\n Function: gcp:compute:getImage\n Arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nDiskResourcePolicyAttachment can be imported using any of these accepted formats:\n\n* `projects/{{project}}/zones/{{zone}}/disks/{{disk}}/{{name}}`\n\n* `{{project}}/{{zone}}/{{disk}}/{{name}}`\n\n* `{{zone}}/{{disk}}/{{name}}`\n\n* `{{disk}}/{{name}}`\n\nWhen using the `pulumi import` command, DiskResourcePolicyAttachment can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/diskResourcePolicyAttachment:DiskResourcePolicyAttachment default projects/{{project}}/zones/{{zone}}/disks/{{disk}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/diskResourcePolicyAttachment:DiskResourcePolicyAttachment default {{project}}/{{zone}}/{{disk}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/diskResourcePolicyAttachment:DiskResourcePolicyAttachment default {{zone}}/{{disk}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/diskResourcePolicyAttachment:DiskResourcePolicyAttachment default {{disk}}/{{name}}\n```\n\n", + "description": "Adds existing resource policies to a disk. You can only add one policy\nwhich will be applied to this disk for scheduling snapshot creation.\n\n\u003e **Note:** This resource does not support regional disks (`gcp.compute.RegionDisk`). For regional disks, please refer to the `gcp.compute.RegionDiskResourcePolicyAttachment` resource.\n\n\n## Example Usage\n\n### Disk Resource Policy Attachment Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst ssd = new gcp.compute.Disk(\"ssd\", {\n name: \"my-disk\",\n image: myImage.then(myImage =\u003e myImage.selfLink),\n size: 50,\n type: \"pd-ssd\",\n zone: \"us-central1-a\",\n});\nconst policy = new gcp.compute.ResourcePolicy(\"policy\", {\n name: \"my-resource-policy\",\n region: \"us-central1\",\n snapshotSchedulePolicy: {\n schedule: {\n dailySchedule: {\n daysInCycle: 1,\n startTime: \"04:00\",\n },\n },\n },\n});\nconst attachment = new gcp.compute.DiskResourcePolicyAttachment(\"attachment\", {\n name: policy.name,\n disk: ssd.name,\n zone: \"us-central1-a\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\nssd = gcp.compute.Disk(\"ssd\",\n name=\"my-disk\",\n image=my_image.self_link,\n size=50,\n type=\"pd-ssd\",\n zone=\"us-central1-a\")\npolicy = gcp.compute.ResourcePolicy(\"policy\",\n name=\"my-resource-policy\",\n region=\"us-central1\",\n snapshot_schedule_policy={\n \"schedule\": {\n \"daily_schedule\": {\n \"days_in_cycle\": 1,\n \"start_time\": \"04:00\",\n },\n },\n })\nattachment = gcp.compute.DiskResourcePolicyAttachment(\"attachment\",\n name=policy.name,\n disk=ssd.name,\n zone=\"us-central1-a\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var ssd = new Gcp.Compute.Disk(\"ssd\", new()\n {\n Name = \"my-disk\",\n Image = myImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n Size = 50,\n Type = \"pd-ssd\",\n Zone = \"us-central1-a\",\n });\n\n var policy = new Gcp.Compute.ResourcePolicy(\"policy\", new()\n {\n Name = \"my-resource-policy\",\n Region = \"us-central1\",\n SnapshotSchedulePolicy = new Gcp.Compute.Inputs.ResourcePolicySnapshotSchedulePolicyArgs\n {\n Schedule = new Gcp.Compute.Inputs.ResourcePolicySnapshotSchedulePolicyScheduleArgs\n {\n DailySchedule = new Gcp.Compute.Inputs.ResourcePolicySnapshotSchedulePolicyScheduleDailyScheduleArgs\n {\n DaysInCycle = 1,\n StartTime = \"04:00\",\n },\n },\n },\n });\n\n var attachment = new Gcp.Compute.DiskResourcePolicyAttachment(\"attachment\", new()\n {\n Name = policy.Name,\n Disk = ssd.Name,\n Zone = \"us-central1-a\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tssd, err := compute.NewDisk(ctx, \"ssd\", \u0026compute.DiskArgs{\n\t\t\tName: pulumi.String(\"my-disk\"),\n\t\t\tImage: pulumi.String(myImage.SelfLink),\n\t\t\tSize: pulumi.Int(50),\n\t\t\tType: pulumi.String(\"pd-ssd\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpolicy, err := compute.NewResourcePolicy(ctx, \"policy\", \u0026compute.ResourcePolicyArgs{\n\t\t\tName: pulumi.String(\"my-resource-policy\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tSnapshotSchedulePolicy: \u0026compute.ResourcePolicySnapshotSchedulePolicyArgs{\n\t\t\t\tSchedule: \u0026compute.ResourcePolicySnapshotSchedulePolicyScheduleArgs{\n\t\t\t\t\tDailySchedule: \u0026compute.ResourcePolicySnapshotSchedulePolicyScheduleDailyScheduleArgs{\n\t\t\t\t\t\tDaysInCycle: pulumi.Int(1),\n\t\t\t\t\t\tStartTime: pulumi.String(\"04:00\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDiskResourcePolicyAttachment(ctx, \"attachment\", \u0026compute.DiskResourcePolicyAttachmentArgs{\n\t\t\tName: policy.Name,\n\t\t\tDisk: ssd.Name,\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Disk;\nimport com.pulumi.gcp.compute.DiskArgs;\nimport com.pulumi.gcp.compute.ResourcePolicy;\nimport com.pulumi.gcp.compute.ResourcePolicyArgs;\nimport com.pulumi.gcp.compute.inputs.ResourcePolicySnapshotSchedulePolicyArgs;\nimport com.pulumi.gcp.compute.inputs.ResourcePolicySnapshotSchedulePolicyScheduleArgs;\nimport com.pulumi.gcp.compute.inputs.ResourcePolicySnapshotSchedulePolicyScheduleDailyScheduleArgs;\nimport com.pulumi.gcp.compute.DiskResourcePolicyAttachment;\nimport com.pulumi.gcp.compute.DiskResourcePolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var ssd = new Disk(\"ssd\", DiskArgs.builder()\n .name(\"my-disk\")\n .image(myImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .size(50)\n .type(\"pd-ssd\")\n .zone(\"us-central1-a\")\n .build());\n\n var policy = new ResourcePolicy(\"policy\", ResourcePolicyArgs.builder()\n .name(\"my-resource-policy\")\n .region(\"us-central1\")\n .snapshotSchedulePolicy(ResourcePolicySnapshotSchedulePolicyArgs.builder()\n .schedule(ResourcePolicySnapshotSchedulePolicyScheduleArgs.builder()\n .dailySchedule(ResourcePolicySnapshotSchedulePolicyScheduleDailyScheduleArgs.builder()\n .daysInCycle(1)\n .startTime(\"04:00\")\n .build())\n .build())\n .build())\n .build());\n\n var attachment = new DiskResourcePolicyAttachment(\"attachment\", DiskResourcePolicyAttachmentArgs.builder()\n .name(policy.name())\n .disk(ssd.name())\n .zone(\"us-central1-a\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n attachment:\n type: gcp:compute:DiskResourcePolicyAttachment\n properties:\n name: ${policy.name}\n disk: ${ssd.name}\n zone: us-central1-a\n ssd:\n type: gcp:compute:Disk\n properties:\n name: my-disk\n image: ${myImage.selfLink}\n size: 50\n type: pd-ssd\n zone: us-central1-a\n policy:\n type: gcp:compute:ResourcePolicy\n properties:\n name: my-resource-policy\n region: us-central1\n snapshotSchedulePolicy:\n schedule:\n dailySchedule:\n daysInCycle: 1\n startTime: 04:00\nvariables:\n myImage:\n fn::invoke:\n function: gcp:compute:getImage\n arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nDiskResourcePolicyAttachment can be imported using any of these accepted formats:\n\n* `projects/{{project}}/zones/{{zone}}/disks/{{disk}}/{{name}}`\n\n* `{{project}}/{{zone}}/{{disk}}/{{name}}`\n\n* `{{zone}}/{{disk}}/{{name}}`\n\n* `{{disk}}/{{name}}`\n\nWhen using the `pulumi import` command, DiskResourcePolicyAttachment can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/diskResourcePolicyAttachment:DiskResourcePolicyAttachment default projects/{{project}}/zones/{{zone}}/disks/{{disk}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/diskResourcePolicyAttachment:DiskResourcePolicyAttachment default {{project}}/{{zone}}/{{disk}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/diskResourcePolicyAttachment:DiskResourcePolicyAttachment default {{zone}}/{{disk}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/diskResourcePolicyAttachment:DiskResourcePolicyAttachment default {{disk}}/{{name}}\n```\n\n", "properties": { "disk": { "type": "string", @@ -162386,7 +162386,7 @@ } }, "gcp:compute/firewallPolicyWithRules:FirewallPolicyWithRules": { - "description": "## Example Usage\n\n### Compute Firewall Policy With Rules Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst addressGroup1 = new gcp.networksecurity.AddressGroup(\"address_group_1\", {\n name: \"tf-address-group\",\n parent: \"organizations/123456789\",\n description: \"Global address group\",\n location: \"global\",\n items: [\"208.80.154.224/32\"],\n type: \"IPV4\",\n capacity: 100,\n});\nconst securityProfile1 = new gcp.networksecurity.SecurityProfile(\"security_profile_1\", {\n name: \"tf-security-profile\",\n type: \"THREAT_PREVENTION\",\n parent: \"organizations/123456789\",\n location: \"global\",\n});\nconst securityProfileGroup1 = new gcp.networksecurity.SecurityProfileGroup(\"security_profile_group_1\", {\n name: \"tf-security-profile-group\",\n parent: \"organizations/123456789\",\n description: \"my description\",\n threatPreventionProfile: securityProfile1.id,\n});\nconst firewall_policy_with_rules = new gcp.compute.FirewallPolicyWithRules(\"firewall-policy-with-rules\", {\n shortName: \"tf-fw-org-policy-with-rules\",\n description: \"Terraform test\",\n parent: \"organizations/123456789\",\n rules: [\n {\n description: \"tcp rule\",\n priority: 1000,\n enableLogging: true,\n action: \"allow\",\n direction: \"EGRESS\",\n match: {\n layer4Configs: [{\n ipProtocol: \"tcp\",\n ports: [\n \"8080\",\n \"7070\",\n ],\n }],\n destIpRanges: [\"11.100.0.1/32\"],\n destFqdns: [\n \"www.yyy.com\",\n \"www.zzz.com\",\n ],\n destRegionCodes: [\n \"HK\",\n \"IN\",\n ],\n destThreatIntelligences: [\n \"iplist-search-engines-crawlers\",\n \"iplist-tor-exit-nodes\",\n ],\n destAddressGroups: [addressGroup1.id],\n },\n targetResources: [project.then(project =\u003e `https://www.googleapis.com/compute/beta/projects/${project.name}/global/networks/default`)],\n },\n {\n description: \"udp rule\",\n priority: 2000,\n enableLogging: false,\n action: \"deny\",\n direction: \"INGRESS\",\n match: {\n layer4Configs: [{\n ipProtocol: \"udp\",\n }],\n srcIpRanges: [\"0.0.0.0/0\"],\n srcFqdns: [\n \"www.abc.com\",\n \"www.def.com\",\n ],\n srcRegionCodes: [\n \"US\",\n \"CA\",\n ],\n srcThreatIntelligences: [\n \"iplist-known-malicious-ips\",\n \"iplist-public-clouds\",\n ],\n srcAddressGroups: [addressGroup1.id],\n },\n disabled: true,\n },\n {\n description: \"security profile group rule\",\n ruleName: \"tcp rule\",\n priority: 3000,\n enableLogging: false,\n action: \"apply_security_profile_group\",\n direction: \"INGRESS\",\n match: {\n layer4Configs: [{\n ipProtocol: \"tcp\",\n }],\n srcIpRanges: [\"0.0.0.0/0\"],\n },\n targetServiceAccounts: [\"test@google.com\"],\n securityProfileGroup: pulumi.interpolate`//networksecurity.googleapis.com/${securityProfileGroup1.id}`,\n tlsInspect: true,\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\naddress_group1 = gcp.networksecurity.AddressGroup(\"address_group_1\",\n name=\"tf-address-group\",\n parent=\"organizations/123456789\",\n description=\"Global address group\",\n location=\"global\",\n items=[\"208.80.154.224/32\"],\n type=\"IPV4\",\n capacity=100)\nsecurity_profile1 = gcp.networksecurity.SecurityProfile(\"security_profile_1\",\n name=\"tf-security-profile\",\n type=\"THREAT_PREVENTION\",\n parent=\"organizations/123456789\",\n location=\"global\")\nsecurity_profile_group1 = gcp.networksecurity.SecurityProfileGroup(\"security_profile_group_1\",\n name=\"tf-security-profile-group\",\n parent=\"organizations/123456789\",\n description=\"my description\",\n threat_prevention_profile=security_profile1.id)\nfirewall_policy_with_rules = gcp.compute.FirewallPolicyWithRules(\"firewall-policy-with-rules\",\n short_name=\"tf-fw-org-policy-with-rules\",\n description=\"Terraform test\",\n parent=\"organizations/123456789\",\n rules=[\n {\n \"description\": \"tcp rule\",\n \"priority\": 1000,\n \"enable_logging\": True,\n \"action\": \"allow\",\n \"direction\": \"EGRESS\",\n \"match\": {\n \"layer4_configs\": [{\n \"ip_protocol\": \"tcp\",\n \"ports\": [\n \"8080\",\n \"7070\",\n ],\n }],\n \"dest_ip_ranges\": [\"11.100.0.1/32\"],\n \"dest_fqdns\": [\n \"www.yyy.com\",\n \"www.zzz.com\",\n ],\n \"dest_region_codes\": [\n \"HK\",\n \"IN\",\n ],\n \"dest_threat_intelligences\": [\n \"iplist-search-engines-crawlers\",\n \"iplist-tor-exit-nodes\",\n ],\n \"dest_address_groups\": [address_group1.id],\n },\n \"target_resources\": [f\"https://www.googleapis.com/compute/beta/projects/{project.name}/global/networks/default\"],\n },\n {\n \"description\": \"udp rule\",\n \"priority\": 2000,\n \"enable_logging\": False,\n \"action\": \"deny\",\n \"direction\": \"INGRESS\",\n \"match\": {\n \"layer4_configs\": [{\n \"ip_protocol\": \"udp\",\n }],\n \"src_ip_ranges\": [\"0.0.0.0/0\"],\n \"src_fqdns\": [\n \"www.abc.com\",\n \"www.def.com\",\n ],\n \"src_region_codes\": [\n \"US\",\n \"CA\",\n ],\n \"src_threat_intelligences\": [\n \"iplist-known-malicious-ips\",\n \"iplist-public-clouds\",\n ],\n \"src_address_groups\": [address_group1.id],\n },\n \"disabled\": True,\n },\n {\n \"description\": \"security profile group rule\",\n \"rule_name\": \"tcp rule\",\n \"priority\": 3000,\n \"enable_logging\": False,\n \"action\": \"apply_security_profile_group\",\n \"direction\": \"INGRESS\",\n \"match\": {\n \"layer4_configs\": [{\n \"ip_protocol\": \"tcp\",\n }],\n \"src_ip_ranges\": [\"0.0.0.0/0\"],\n },\n \"target_service_accounts\": [\"test@google.com\"],\n \"security_profile_group\": security_profile_group1.id.apply(lambda id: f\"//networksecurity.googleapis.com/{id}\"),\n \"tls_inspect\": True,\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var addressGroup1 = new Gcp.NetworkSecurity.AddressGroup(\"address_group_1\", new()\n {\n Name = \"tf-address-group\",\n Parent = \"organizations/123456789\",\n Description = \"Global address group\",\n Location = \"global\",\n Items = new[]\n {\n \"208.80.154.224/32\",\n },\n Type = \"IPV4\",\n Capacity = 100,\n });\n\n var securityProfile1 = new Gcp.NetworkSecurity.SecurityProfile(\"security_profile_1\", new()\n {\n Name = \"tf-security-profile\",\n Type = \"THREAT_PREVENTION\",\n Parent = \"organizations/123456789\",\n Location = \"global\",\n });\n\n var securityProfileGroup1 = new Gcp.NetworkSecurity.SecurityProfileGroup(\"security_profile_group_1\", new()\n {\n Name = \"tf-security-profile-group\",\n Parent = \"organizations/123456789\",\n Description = \"my description\",\n ThreatPreventionProfile = securityProfile1.Id,\n });\n\n var firewall_policy_with_rules = new Gcp.Compute.FirewallPolicyWithRules(\"firewall-policy-with-rules\", new()\n {\n ShortName = \"tf-fw-org-policy-with-rules\",\n Description = \"Terraform test\",\n Parent = \"organizations/123456789\",\n Rules = new[]\n {\n new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleArgs\n {\n Description = \"tcp rule\",\n Priority = 1000,\n EnableLogging = true,\n Action = \"allow\",\n Direction = \"EGRESS\",\n Match = new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleMatchArgs\n {\n Layer4Configs = new[]\n {\n new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs\n {\n IpProtocol = \"tcp\",\n Ports = new[]\n {\n \"8080\",\n \"7070\",\n },\n },\n },\n DestIpRanges = new[]\n {\n \"11.100.0.1/32\",\n },\n DestFqdns = new[]\n {\n \"www.yyy.com\",\n \"www.zzz.com\",\n },\n DestRegionCodes = new[]\n {\n \"HK\",\n \"IN\",\n },\n DestThreatIntelligences = new[]\n {\n \"iplist-search-engines-crawlers\",\n \"iplist-tor-exit-nodes\",\n },\n DestAddressGroups = new[]\n {\n addressGroup1.Id,\n },\n },\n TargetResources = new[]\n {\n $\"https://www.googleapis.com/compute/beta/projects/{project.Apply(getProjectResult =\u003e getProjectResult.Name)}/global/networks/default\",\n },\n },\n new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleArgs\n {\n Description = \"udp rule\",\n Priority = 2000,\n EnableLogging = false,\n Action = \"deny\",\n Direction = \"INGRESS\",\n Match = new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleMatchArgs\n {\n Layer4Configs = new[]\n {\n new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs\n {\n IpProtocol = \"udp\",\n },\n },\n SrcIpRanges = new[]\n {\n \"0.0.0.0/0\",\n },\n SrcFqdns = new[]\n {\n \"www.abc.com\",\n \"www.def.com\",\n },\n SrcRegionCodes = new[]\n {\n \"US\",\n \"CA\",\n },\n SrcThreatIntelligences = new[]\n {\n \"iplist-known-malicious-ips\",\n \"iplist-public-clouds\",\n },\n SrcAddressGroups = new[]\n {\n addressGroup1.Id,\n },\n },\n Disabled = true,\n },\n new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleArgs\n {\n Description = \"security profile group rule\",\n RuleName = \"tcp rule\",\n Priority = 3000,\n EnableLogging = false,\n Action = \"apply_security_profile_group\",\n Direction = \"INGRESS\",\n Match = new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleMatchArgs\n {\n Layer4Configs = new[]\n {\n new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs\n {\n IpProtocol = \"tcp\",\n },\n },\n SrcIpRanges = new[]\n {\n \"0.0.0.0/0\",\n },\n },\n TargetServiceAccounts = new[]\n {\n \"test@google.com\",\n },\n SecurityProfileGroup = securityProfileGroup1.Id.Apply(id =\u003e $\"//networksecurity.googleapis.com/{id}\"),\n TlsInspect = true,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\taddressGroup1, err := networksecurity.NewAddressGroup(ctx, \"address_group_1\", \u0026networksecurity.AddressGroupArgs{\n\t\t\tName: pulumi.String(\"tf-address-group\"),\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tDescription: pulumi.String(\"Global address group\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tItems: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"208.80.154.224/32\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"IPV4\"),\n\t\t\tCapacity: pulumi.Int(100),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecurityProfile1, err := networksecurity.NewSecurityProfile(ctx, \"security_profile_1\", \u0026networksecurity.SecurityProfileArgs{\n\t\t\tName: pulumi.String(\"tf-security-profile\"),\n\t\t\tType: pulumi.String(\"THREAT_PREVENTION\"),\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecurityProfileGroup1, err := networksecurity.NewSecurityProfileGroup(ctx, \"security_profile_group_1\", \u0026networksecurity.SecurityProfileGroupArgs{\n\t\t\tName: pulumi.String(\"tf-security-profile-group\"),\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tDescription: pulumi.String(\"my description\"),\n\t\t\tThreatPreventionProfile: securityProfile1.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewFirewallPolicyWithRules(ctx, \"firewall-policy-with-rules\", \u0026compute.FirewallPolicyWithRulesArgs{\n\t\t\tShortName: pulumi.String(\"tf-fw-org-policy-with-rules\"),\n\t\t\tDescription: pulumi.String(\"Terraform test\"),\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tRules: compute.FirewallPolicyWithRulesRuleArray{\n\t\t\t\t\u0026compute.FirewallPolicyWithRulesRuleArgs{\n\t\t\t\t\tDescription: pulumi.String(\"tcp rule\"),\n\t\t\t\t\tPriority: pulumi.Int(1000),\n\t\t\t\t\tEnableLogging: pulumi.Bool(true),\n\t\t\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\t\t\tDirection: pulumi.String(\"EGRESS\"),\n\t\t\t\t\tMatch: \u0026compute.FirewallPolicyWithRulesRuleMatchArgs{\n\t\t\t\t\t\tLayer4Configs: compute.FirewallPolicyWithRulesRuleMatchLayer4ConfigArray{\n\t\t\t\t\t\t\t\u0026compute.FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs{\n\t\t\t\t\t\t\t\tIpProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\t\t\t\tPorts: pulumi.StringArray{\n\t\t\t\t\t\t\t\t\tpulumi.String(\"8080\"),\n\t\t\t\t\t\t\t\t\tpulumi.String(\"7070\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDestIpRanges: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"11.100.0.1/32\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDestFqdns: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"www.yyy.com\"),\n\t\t\t\t\t\t\tpulumi.String(\"www.zzz.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDestRegionCodes: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"HK\"),\n\t\t\t\t\t\t\tpulumi.String(\"IN\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDestThreatIntelligences: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"iplist-search-engines-crawlers\"),\n\t\t\t\t\t\t\tpulumi.String(\"iplist-tor-exit-nodes\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDestAddressGroups: pulumi.StringArray{\n\t\t\t\t\t\t\taddressGroup1.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tTargetResources: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.Sprintf(\"https://www.googleapis.com/compute/beta/projects/%v/global/networks/default\", project.Name),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026compute.FirewallPolicyWithRulesRuleArgs{\n\t\t\t\t\tDescription: pulumi.String(\"udp rule\"),\n\t\t\t\t\tPriority: pulumi.Int(2000),\n\t\t\t\t\tEnableLogging: pulumi.Bool(false),\n\t\t\t\t\tAction: pulumi.String(\"deny\"),\n\t\t\t\t\tDirection: pulumi.String(\"INGRESS\"),\n\t\t\t\t\tMatch: \u0026compute.FirewallPolicyWithRulesRuleMatchArgs{\n\t\t\t\t\t\tLayer4Configs: compute.FirewallPolicyWithRulesRuleMatchLayer4ConfigArray{\n\t\t\t\t\t\t\t\u0026compute.FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs{\n\t\t\t\t\t\t\t\tIpProtocol: pulumi.String(\"udp\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcIpRanges: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"0.0.0.0/0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcFqdns: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"www.abc.com\"),\n\t\t\t\t\t\t\tpulumi.String(\"www.def.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcRegionCodes: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t\t\t\tpulumi.String(\"CA\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcThreatIntelligences: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"iplist-known-malicious-ips\"),\n\t\t\t\t\t\t\tpulumi.String(\"iplist-public-clouds\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcAddressGroups: pulumi.StringArray{\n\t\t\t\t\t\t\taddressGroup1.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tDisabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\t\u0026compute.FirewallPolicyWithRulesRuleArgs{\n\t\t\t\t\tDescription: pulumi.String(\"security profile group rule\"),\n\t\t\t\t\tRuleName: pulumi.String(\"tcp rule\"),\n\t\t\t\t\tPriority: pulumi.Int(3000),\n\t\t\t\t\tEnableLogging: pulumi.Bool(false),\n\t\t\t\t\tAction: pulumi.String(\"apply_security_profile_group\"),\n\t\t\t\t\tDirection: pulumi.String(\"INGRESS\"),\n\t\t\t\t\tMatch: \u0026compute.FirewallPolicyWithRulesRuleMatchArgs{\n\t\t\t\t\t\tLayer4Configs: compute.FirewallPolicyWithRulesRuleMatchLayer4ConfigArray{\n\t\t\t\t\t\t\t\u0026compute.FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs{\n\t\t\t\t\t\t\t\tIpProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcIpRanges: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"0.0.0.0/0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tTargetServiceAccounts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"test@google.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tSecurityProfileGroup: securityProfileGroup1.ID().ApplyT(func(id string) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"//networksecurity.googleapis.com/%v\", id), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\tTlsInspect: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.networksecurity.AddressGroup;\nimport com.pulumi.gcp.networksecurity.AddressGroupArgs;\nimport com.pulumi.gcp.networksecurity.SecurityProfile;\nimport com.pulumi.gcp.networksecurity.SecurityProfileArgs;\nimport com.pulumi.gcp.networksecurity.SecurityProfileGroup;\nimport com.pulumi.gcp.networksecurity.SecurityProfileGroupArgs;\nimport com.pulumi.gcp.compute.FirewallPolicyWithRules;\nimport com.pulumi.gcp.compute.FirewallPolicyWithRulesArgs;\nimport com.pulumi.gcp.compute.inputs.FirewallPolicyWithRulesRuleArgs;\nimport com.pulumi.gcp.compute.inputs.FirewallPolicyWithRulesRuleMatchArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var addressGroup1 = new AddressGroup(\"addressGroup1\", AddressGroupArgs.builder()\n .name(\"tf-address-group\")\n .parent(\"organizations/123456789\")\n .description(\"Global address group\")\n .location(\"global\")\n .items(\"208.80.154.224/32\")\n .type(\"IPV4\")\n .capacity(100)\n .build());\n\n var securityProfile1 = new SecurityProfile(\"securityProfile1\", SecurityProfileArgs.builder()\n .name(\"tf-security-profile\")\n .type(\"THREAT_PREVENTION\")\n .parent(\"organizations/123456789\")\n .location(\"global\")\n .build());\n\n var securityProfileGroup1 = new SecurityProfileGroup(\"securityProfileGroup1\", SecurityProfileGroupArgs.builder()\n .name(\"tf-security-profile-group\")\n .parent(\"organizations/123456789\")\n .description(\"my description\")\n .threatPreventionProfile(securityProfile1.id())\n .build());\n\n var firewall_policy_with_rules = new FirewallPolicyWithRules(\"firewall-policy-with-rules\", FirewallPolicyWithRulesArgs.builder()\n .shortName(\"tf-fw-org-policy-with-rules\")\n .description(\"Terraform test\")\n .parent(\"organizations/123456789\")\n .rules( \n FirewallPolicyWithRulesRuleArgs.builder()\n .description(\"tcp rule\")\n .priority(1000)\n .enableLogging(true)\n .action(\"allow\")\n .direction(\"EGRESS\")\n .match(FirewallPolicyWithRulesRuleMatchArgs.builder()\n .layer4Configs(FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs.builder()\n .ipProtocol(\"tcp\")\n .ports( \n 8080,\n 7070)\n .build())\n .destIpRanges(\"11.100.0.1/32\")\n .destFqdns( \n \"www.yyy.com\",\n \"www.zzz.com\")\n .destRegionCodes( \n \"HK\",\n \"IN\")\n .destThreatIntelligences( \n \"iplist-search-engines-crawlers\",\n \"iplist-tor-exit-nodes\")\n .destAddressGroups(addressGroup1.id())\n .build())\n .targetResources(String.format(\"https://www.googleapis.com/compute/beta/projects/%s/global/networks/default\", project.applyValue(getProjectResult -\u003e getProjectResult.name())))\n .build(),\n FirewallPolicyWithRulesRuleArgs.builder()\n .description(\"udp rule\")\n .priority(2000)\n .enableLogging(false)\n .action(\"deny\")\n .direction(\"INGRESS\")\n .match(FirewallPolicyWithRulesRuleMatchArgs.builder()\n .layer4Configs(FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs.builder()\n .ipProtocol(\"udp\")\n .build())\n .srcIpRanges(\"0.0.0.0/0\")\n .srcFqdns( \n \"www.abc.com\",\n \"www.def.com\")\n .srcRegionCodes( \n \"US\",\n \"CA\")\n .srcThreatIntelligences( \n \"iplist-known-malicious-ips\",\n \"iplist-public-clouds\")\n .srcAddressGroups(addressGroup1.id())\n .build())\n .disabled(true)\n .build(),\n FirewallPolicyWithRulesRuleArgs.builder()\n .description(\"security profile group rule\")\n .ruleName(\"tcp rule\")\n .priority(3000)\n .enableLogging(false)\n .action(\"apply_security_profile_group\")\n .direction(\"INGRESS\")\n .match(FirewallPolicyWithRulesRuleMatchArgs.builder()\n .layer4Configs(FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs.builder()\n .ipProtocol(\"tcp\")\n .build())\n .srcIpRanges(\"0.0.0.0/0\")\n .build())\n .targetServiceAccounts(\"test@google.com\")\n .securityProfileGroup(securityProfileGroup1.id().applyValue(id -\u003e String.format(\"//networksecurity.googleapis.com/%s\", id)))\n .tlsInspect(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n firewall-policy-with-rules:\n type: gcp:compute:FirewallPolicyWithRules\n properties:\n shortName: tf-fw-org-policy-with-rules\n description: Terraform test\n parent: organizations/123456789\n rules:\n - description: tcp rule\n priority: 1000\n enableLogging: true\n action: allow\n direction: EGRESS\n match:\n layer4Configs:\n - ipProtocol: tcp\n ports:\n - 8080\n - 7070\n destIpRanges:\n - 11.100.0.1/32\n destFqdns:\n - www.yyy.com\n - www.zzz.com\n destRegionCodes:\n - HK\n - IN\n destThreatIntelligences:\n - iplist-search-engines-crawlers\n - iplist-tor-exit-nodes\n destAddressGroups:\n - ${addressGroup1.id}\n targetResources:\n - https://www.googleapis.com/compute/beta/projects/${project.name}/global/networks/default\n - description: udp rule\n priority: 2000\n enableLogging: false\n action: deny\n direction: INGRESS\n match:\n layer4Configs:\n - ipProtocol: udp\n srcIpRanges:\n - 0.0.0.0/0\n srcFqdns:\n - www.abc.com\n - www.def.com\n srcRegionCodes:\n - US\n - CA\n srcThreatIntelligences:\n - iplist-known-malicious-ips\n - iplist-public-clouds\n srcAddressGroups:\n - ${addressGroup1.id}\n disabled: true\n - description: security profile group rule\n ruleName: tcp rule\n priority: 3000\n enableLogging: false\n action: apply_security_profile_group\n direction: INGRESS\n match:\n layer4Configs:\n - ipProtocol: tcp\n srcIpRanges:\n - 0.0.0.0/0\n targetServiceAccounts:\n - test@google.com\n securityProfileGroup: //networksecurity.googleapis.com/${securityProfileGroup1.id}\n tlsInspect: true\n addressGroup1:\n type: gcp:networksecurity:AddressGroup\n name: address_group_1\n properties:\n name: tf-address-group\n parent: organizations/123456789\n description: Global address group\n location: global\n items:\n - 208.80.154.224/32\n type: IPV4\n capacity: 100\n securityProfileGroup1:\n type: gcp:networksecurity:SecurityProfileGroup\n name: security_profile_group_1\n properties:\n name: tf-security-profile-group\n parent: organizations/123456789\n description: my description\n threatPreventionProfile: ${securityProfile1.id}\n securityProfile1:\n type: gcp:networksecurity:SecurityProfile\n name: security_profile_1\n properties:\n name: tf-security-profile\n type: THREAT_PREVENTION\n parent: organizations/123456789\n location: global\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFirewallPolicyWithRules can be imported using any of these accepted formats:\n\n* `locations/global/firewallPolicies/{{policy_id}}`\n\n* `{{policy_id}}`\n\nWhen using the `pulumi import` command, FirewallPolicyWithRules can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/firewallPolicyWithRules:FirewallPolicyWithRules default locations/global/firewallPolicies/{{policy_id}}\n```\n\n```sh\n$ pulumi import gcp:compute/firewallPolicyWithRules:FirewallPolicyWithRules default {{policy_id}}\n```\n\n", + "description": "## Example Usage\n\n### Compute Firewall Policy With Rules Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst addressGroup1 = new gcp.networksecurity.AddressGroup(\"address_group_1\", {\n name: \"tf-address-group\",\n parent: \"organizations/123456789\",\n description: \"Global address group\",\n location: \"global\",\n items: [\"208.80.154.224/32\"],\n type: \"IPV4\",\n capacity: 100,\n});\nconst securityProfile1 = new gcp.networksecurity.SecurityProfile(\"security_profile_1\", {\n name: \"tf-security-profile\",\n type: \"THREAT_PREVENTION\",\n parent: \"organizations/123456789\",\n location: \"global\",\n});\nconst securityProfileGroup1 = new gcp.networksecurity.SecurityProfileGroup(\"security_profile_group_1\", {\n name: \"tf-security-profile-group\",\n parent: \"organizations/123456789\",\n description: \"my description\",\n threatPreventionProfile: securityProfile1.id,\n});\nconst firewall_policy_with_rules = new gcp.compute.FirewallPolicyWithRules(\"firewall-policy-with-rules\", {\n shortName: \"tf-fw-org-policy-with-rules\",\n description: \"Terraform test\",\n parent: \"organizations/123456789\",\n rules: [\n {\n description: \"tcp rule\",\n priority: 1000,\n enableLogging: true,\n action: \"allow\",\n direction: \"EGRESS\",\n match: {\n layer4Configs: [{\n ipProtocol: \"tcp\",\n ports: [\n \"8080\",\n \"7070\",\n ],\n }],\n destIpRanges: [\"11.100.0.1/32\"],\n destFqdns: [\n \"www.yyy.com\",\n \"www.zzz.com\",\n ],\n destRegionCodes: [\n \"HK\",\n \"IN\",\n ],\n destThreatIntelligences: [\n \"iplist-search-engines-crawlers\",\n \"iplist-tor-exit-nodes\",\n ],\n destAddressGroups: [addressGroup1.id],\n },\n targetResources: [project.then(project =\u003e `https://www.googleapis.com/compute/beta/projects/${project.name}/global/networks/default`)],\n },\n {\n description: \"udp rule\",\n priority: 2000,\n enableLogging: false,\n action: \"deny\",\n direction: \"INGRESS\",\n match: {\n layer4Configs: [{\n ipProtocol: \"udp\",\n }],\n srcIpRanges: [\"0.0.0.0/0\"],\n srcFqdns: [\n \"www.abc.com\",\n \"www.def.com\",\n ],\n srcRegionCodes: [\n \"US\",\n \"CA\",\n ],\n srcThreatIntelligences: [\n \"iplist-known-malicious-ips\",\n \"iplist-public-clouds\",\n ],\n srcAddressGroups: [addressGroup1.id],\n },\n disabled: true,\n },\n {\n description: \"security profile group rule\",\n ruleName: \"tcp rule\",\n priority: 3000,\n enableLogging: false,\n action: \"apply_security_profile_group\",\n direction: \"INGRESS\",\n match: {\n layer4Configs: [{\n ipProtocol: \"tcp\",\n }],\n srcIpRanges: [\"0.0.0.0/0\"],\n },\n targetServiceAccounts: [\"test@google.com\"],\n securityProfileGroup: pulumi.interpolate`//networksecurity.googleapis.com/${securityProfileGroup1.id}`,\n tlsInspect: true,\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\naddress_group1 = gcp.networksecurity.AddressGroup(\"address_group_1\",\n name=\"tf-address-group\",\n parent=\"organizations/123456789\",\n description=\"Global address group\",\n location=\"global\",\n items=[\"208.80.154.224/32\"],\n type=\"IPV4\",\n capacity=100)\nsecurity_profile1 = gcp.networksecurity.SecurityProfile(\"security_profile_1\",\n name=\"tf-security-profile\",\n type=\"THREAT_PREVENTION\",\n parent=\"organizations/123456789\",\n location=\"global\")\nsecurity_profile_group1 = gcp.networksecurity.SecurityProfileGroup(\"security_profile_group_1\",\n name=\"tf-security-profile-group\",\n parent=\"organizations/123456789\",\n description=\"my description\",\n threat_prevention_profile=security_profile1.id)\nfirewall_policy_with_rules = gcp.compute.FirewallPolicyWithRules(\"firewall-policy-with-rules\",\n short_name=\"tf-fw-org-policy-with-rules\",\n description=\"Terraform test\",\n parent=\"organizations/123456789\",\n rules=[\n {\n \"description\": \"tcp rule\",\n \"priority\": 1000,\n \"enable_logging\": True,\n \"action\": \"allow\",\n \"direction\": \"EGRESS\",\n \"match\": {\n \"layer4_configs\": [{\n \"ip_protocol\": \"tcp\",\n \"ports\": [\n \"8080\",\n \"7070\",\n ],\n }],\n \"dest_ip_ranges\": [\"11.100.0.1/32\"],\n \"dest_fqdns\": [\n \"www.yyy.com\",\n \"www.zzz.com\",\n ],\n \"dest_region_codes\": [\n \"HK\",\n \"IN\",\n ],\n \"dest_threat_intelligences\": [\n \"iplist-search-engines-crawlers\",\n \"iplist-tor-exit-nodes\",\n ],\n \"dest_address_groups\": [address_group1.id],\n },\n \"target_resources\": [f\"https://www.googleapis.com/compute/beta/projects/{project.name}/global/networks/default\"],\n },\n {\n \"description\": \"udp rule\",\n \"priority\": 2000,\n \"enable_logging\": False,\n \"action\": \"deny\",\n \"direction\": \"INGRESS\",\n \"match\": {\n \"layer4_configs\": [{\n \"ip_protocol\": \"udp\",\n }],\n \"src_ip_ranges\": [\"0.0.0.0/0\"],\n \"src_fqdns\": [\n \"www.abc.com\",\n \"www.def.com\",\n ],\n \"src_region_codes\": [\n \"US\",\n \"CA\",\n ],\n \"src_threat_intelligences\": [\n \"iplist-known-malicious-ips\",\n \"iplist-public-clouds\",\n ],\n \"src_address_groups\": [address_group1.id],\n },\n \"disabled\": True,\n },\n {\n \"description\": \"security profile group rule\",\n \"rule_name\": \"tcp rule\",\n \"priority\": 3000,\n \"enable_logging\": False,\n \"action\": \"apply_security_profile_group\",\n \"direction\": \"INGRESS\",\n \"match\": {\n \"layer4_configs\": [{\n \"ip_protocol\": \"tcp\",\n }],\n \"src_ip_ranges\": [\"0.0.0.0/0\"],\n },\n \"target_service_accounts\": [\"test@google.com\"],\n \"security_profile_group\": security_profile_group1.id.apply(lambda id: f\"//networksecurity.googleapis.com/{id}\"),\n \"tls_inspect\": True,\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var addressGroup1 = new Gcp.NetworkSecurity.AddressGroup(\"address_group_1\", new()\n {\n Name = \"tf-address-group\",\n Parent = \"organizations/123456789\",\n Description = \"Global address group\",\n Location = \"global\",\n Items = new[]\n {\n \"208.80.154.224/32\",\n },\n Type = \"IPV4\",\n Capacity = 100,\n });\n\n var securityProfile1 = new Gcp.NetworkSecurity.SecurityProfile(\"security_profile_1\", new()\n {\n Name = \"tf-security-profile\",\n Type = \"THREAT_PREVENTION\",\n Parent = \"organizations/123456789\",\n Location = \"global\",\n });\n\n var securityProfileGroup1 = new Gcp.NetworkSecurity.SecurityProfileGroup(\"security_profile_group_1\", new()\n {\n Name = \"tf-security-profile-group\",\n Parent = \"organizations/123456789\",\n Description = \"my description\",\n ThreatPreventionProfile = securityProfile1.Id,\n });\n\n var firewall_policy_with_rules = new Gcp.Compute.FirewallPolicyWithRules(\"firewall-policy-with-rules\", new()\n {\n ShortName = \"tf-fw-org-policy-with-rules\",\n Description = \"Terraform test\",\n Parent = \"organizations/123456789\",\n Rules = new[]\n {\n new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleArgs\n {\n Description = \"tcp rule\",\n Priority = 1000,\n EnableLogging = true,\n Action = \"allow\",\n Direction = \"EGRESS\",\n Match = new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleMatchArgs\n {\n Layer4Configs = new[]\n {\n new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs\n {\n IpProtocol = \"tcp\",\n Ports = new[]\n {\n \"8080\",\n \"7070\",\n },\n },\n },\n DestIpRanges = new[]\n {\n \"11.100.0.1/32\",\n },\n DestFqdns = new[]\n {\n \"www.yyy.com\",\n \"www.zzz.com\",\n },\n DestRegionCodes = new[]\n {\n \"HK\",\n \"IN\",\n },\n DestThreatIntelligences = new[]\n {\n \"iplist-search-engines-crawlers\",\n \"iplist-tor-exit-nodes\",\n },\n DestAddressGroups = new[]\n {\n addressGroup1.Id,\n },\n },\n TargetResources = new[]\n {\n $\"https://www.googleapis.com/compute/beta/projects/{project.Apply(getProjectResult =\u003e getProjectResult.Name)}/global/networks/default\",\n },\n },\n new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleArgs\n {\n Description = \"udp rule\",\n Priority = 2000,\n EnableLogging = false,\n Action = \"deny\",\n Direction = \"INGRESS\",\n Match = new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleMatchArgs\n {\n Layer4Configs = new[]\n {\n new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs\n {\n IpProtocol = \"udp\",\n },\n },\n SrcIpRanges = new[]\n {\n \"0.0.0.0/0\",\n },\n SrcFqdns = new[]\n {\n \"www.abc.com\",\n \"www.def.com\",\n },\n SrcRegionCodes = new[]\n {\n \"US\",\n \"CA\",\n },\n SrcThreatIntelligences = new[]\n {\n \"iplist-known-malicious-ips\",\n \"iplist-public-clouds\",\n },\n SrcAddressGroups = new[]\n {\n addressGroup1.Id,\n },\n },\n Disabled = true,\n },\n new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleArgs\n {\n Description = \"security profile group rule\",\n RuleName = \"tcp rule\",\n Priority = 3000,\n EnableLogging = false,\n Action = \"apply_security_profile_group\",\n Direction = \"INGRESS\",\n Match = new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleMatchArgs\n {\n Layer4Configs = new[]\n {\n new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs\n {\n IpProtocol = \"tcp\",\n },\n },\n SrcIpRanges = new[]\n {\n \"0.0.0.0/0\",\n },\n },\n TargetServiceAccounts = new[]\n {\n \"test@google.com\",\n },\n SecurityProfileGroup = securityProfileGroup1.Id.Apply(id =\u003e $\"//networksecurity.googleapis.com/{id}\"),\n TlsInspect = true,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\taddressGroup1, err := networksecurity.NewAddressGroup(ctx, \"address_group_1\", \u0026networksecurity.AddressGroupArgs{\n\t\t\tName: pulumi.String(\"tf-address-group\"),\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tDescription: pulumi.String(\"Global address group\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tItems: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"208.80.154.224/32\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"IPV4\"),\n\t\t\tCapacity: pulumi.Int(100),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecurityProfile1, err := networksecurity.NewSecurityProfile(ctx, \"security_profile_1\", \u0026networksecurity.SecurityProfileArgs{\n\t\t\tName: pulumi.String(\"tf-security-profile\"),\n\t\t\tType: pulumi.String(\"THREAT_PREVENTION\"),\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecurityProfileGroup1, err := networksecurity.NewSecurityProfileGroup(ctx, \"security_profile_group_1\", \u0026networksecurity.SecurityProfileGroupArgs{\n\t\t\tName: pulumi.String(\"tf-security-profile-group\"),\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tDescription: pulumi.String(\"my description\"),\n\t\t\tThreatPreventionProfile: securityProfile1.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewFirewallPolicyWithRules(ctx, \"firewall-policy-with-rules\", \u0026compute.FirewallPolicyWithRulesArgs{\n\t\t\tShortName: pulumi.String(\"tf-fw-org-policy-with-rules\"),\n\t\t\tDescription: pulumi.String(\"Terraform test\"),\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tRules: compute.FirewallPolicyWithRulesRuleArray{\n\t\t\t\t\u0026compute.FirewallPolicyWithRulesRuleArgs{\n\t\t\t\t\tDescription: pulumi.String(\"tcp rule\"),\n\t\t\t\t\tPriority: pulumi.Int(1000),\n\t\t\t\t\tEnableLogging: pulumi.Bool(true),\n\t\t\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\t\t\tDirection: pulumi.String(\"EGRESS\"),\n\t\t\t\t\tMatch: \u0026compute.FirewallPolicyWithRulesRuleMatchArgs{\n\t\t\t\t\t\tLayer4Configs: compute.FirewallPolicyWithRulesRuleMatchLayer4ConfigArray{\n\t\t\t\t\t\t\t\u0026compute.FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs{\n\t\t\t\t\t\t\t\tIpProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\t\t\t\tPorts: pulumi.StringArray{\n\t\t\t\t\t\t\t\t\tpulumi.String(\"8080\"),\n\t\t\t\t\t\t\t\t\tpulumi.String(\"7070\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDestIpRanges: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"11.100.0.1/32\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDestFqdns: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"www.yyy.com\"),\n\t\t\t\t\t\t\tpulumi.String(\"www.zzz.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDestRegionCodes: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"HK\"),\n\t\t\t\t\t\t\tpulumi.String(\"IN\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDestThreatIntelligences: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"iplist-search-engines-crawlers\"),\n\t\t\t\t\t\t\tpulumi.String(\"iplist-tor-exit-nodes\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDestAddressGroups: pulumi.StringArray{\n\t\t\t\t\t\t\taddressGroup1.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tTargetResources: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.Sprintf(\"https://www.googleapis.com/compute/beta/projects/%v/global/networks/default\", project.Name),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026compute.FirewallPolicyWithRulesRuleArgs{\n\t\t\t\t\tDescription: pulumi.String(\"udp rule\"),\n\t\t\t\t\tPriority: pulumi.Int(2000),\n\t\t\t\t\tEnableLogging: pulumi.Bool(false),\n\t\t\t\t\tAction: pulumi.String(\"deny\"),\n\t\t\t\t\tDirection: pulumi.String(\"INGRESS\"),\n\t\t\t\t\tMatch: \u0026compute.FirewallPolicyWithRulesRuleMatchArgs{\n\t\t\t\t\t\tLayer4Configs: compute.FirewallPolicyWithRulesRuleMatchLayer4ConfigArray{\n\t\t\t\t\t\t\t\u0026compute.FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs{\n\t\t\t\t\t\t\t\tIpProtocol: pulumi.String(\"udp\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcIpRanges: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"0.0.0.0/0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcFqdns: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"www.abc.com\"),\n\t\t\t\t\t\t\tpulumi.String(\"www.def.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcRegionCodes: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t\t\t\tpulumi.String(\"CA\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcThreatIntelligences: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"iplist-known-malicious-ips\"),\n\t\t\t\t\t\t\tpulumi.String(\"iplist-public-clouds\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcAddressGroups: pulumi.StringArray{\n\t\t\t\t\t\t\taddressGroup1.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tDisabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\t\u0026compute.FirewallPolicyWithRulesRuleArgs{\n\t\t\t\t\tDescription: pulumi.String(\"security profile group rule\"),\n\t\t\t\t\tRuleName: pulumi.String(\"tcp rule\"),\n\t\t\t\t\tPriority: pulumi.Int(3000),\n\t\t\t\t\tEnableLogging: pulumi.Bool(false),\n\t\t\t\t\tAction: pulumi.String(\"apply_security_profile_group\"),\n\t\t\t\t\tDirection: pulumi.String(\"INGRESS\"),\n\t\t\t\t\tMatch: \u0026compute.FirewallPolicyWithRulesRuleMatchArgs{\n\t\t\t\t\t\tLayer4Configs: compute.FirewallPolicyWithRulesRuleMatchLayer4ConfigArray{\n\t\t\t\t\t\t\t\u0026compute.FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs{\n\t\t\t\t\t\t\t\tIpProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcIpRanges: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"0.0.0.0/0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tTargetServiceAccounts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"test@google.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tSecurityProfileGroup: securityProfileGroup1.ID().ApplyT(func(id string) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"//networksecurity.googleapis.com/%v\", id), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\tTlsInspect: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.networksecurity.AddressGroup;\nimport com.pulumi.gcp.networksecurity.AddressGroupArgs;\nimport com.pulumi.gcp.networksecurity.SecurityProfile;\nimport com.pulumi.gcp.networksecurity.SecurityProfileArgs;\nimport com.pulumi.gcp.networksecurity.SecurityProfileGroup;\nimport com.pulumi.gcp.networksecurity.SecurityProfileGroupArgs;\nimport com.pulumi.gcp.compute.FirewallPolicyWithRules;\nimport com.pulumi.gcp.compute.FirewallPolicyWithRulesArgs;\nimport com.pulumi.gcp.compute.inputs.FirewallPolicyWithRulesRuleArgs;\nimport com.pulumi.gcp.compute.inputs.FirewallPolicyWithRulesRuleMatchArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var addressGroup1 = new AddressGroup(\"addressGroup1\", AddressGroupArgs.builder()\n .name(\"tf-address-group\")\n .parent(\"organizations/123456789\")\n .description(\"Global address group\")\n .location(\"global\")\n .items(\"208.80.154.224/32\")\n .type(\"IPV4\")\n .capacity(100)\n .build());\n\n var securityProfile1 = new SecurityProfile(\"securityProfile1\", SecurityProfileArgs.builder()\n .name(\"tf-security-profile\")\n .type(\"THREAT_PREVENTION\")\n .parent(\"organizations/123456789\")\n .location(\"global\")\n .build());\n\n var securityProfileGroup1 = new SecurityProfileGroup(\"securityProfileGroup1\", SecurityProfileGroupArgs.builder()\n .name(\"tf-security-profile-group\")\n .parent(\"organizations/123456789\")\n .description(\"my description\")\n .threatPreventionProfile(securityProfile1.id())\n .build());\n\n var firewall_policy_with_rules = new FirewallPolicyWithRules(\"firewall-policy-with-rules\", FirewallPolicyWithRulesArgs.builder()\n .shortName(\"tf-fw-org-policy-with-rules\")\n .description(\"Terraform test\")\n .parent(\"organizations/123456789\")\n .rules( \n FirewallPolicyWithRulesRuleArgs.builder()\n .description(\"tcp rule\")\n .priority(1000)\n .enableLogging(true)\n .action(\"allow\")\n .direction(\"EGRESS\")\n .match(FirewallPolicyWithRulesRuleMatchArgs.builder()\n .layer4Configs(FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs.builder()\n .ipProtocol(\"tcp\")\n .ports( \n 8080,\n 7070)\n .build())\n .destIpRanges(\"11.100.0.1/32\")\n .destFqdns( \n \"www.yyy.com\",\n \"www.zzz.com\")\n .destRegionCodes( \n \"HK\",\n \"IN\")\n .destThreatIntelligences( \n \"iplist-search-engines-crawlers\",\n \"iplist-tor-exit-nodes\")\n .destAddressGroups(addressGroup1.id())\n .build())\n .targetResources(String.format(\"https://www.googleapis.com/compute/beta/projects/%s/global/networks/default\", project.applyValue(getProjectResult -\u003e getProjectResult.name())))\n .build(),\n FirewallPolicyWithRulesRuleArgs.builder()\n .description(\"udp rule\")\n .priority(2000)\n .enableLogging(false)\n .action(\"deny\")\n .direction(\"INGRESS\")\n .match(FirewallPolicyWithRulesRuleMatchArgs.builder()\n .layer4Configs(FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs.builder()\n .ipProtocol(\"udp\")\n .build())\n .srcIpRanges(\"0.0.0.0/0\")\n .srcFqdns( \n \"www.abc.com\",\n \"www.def.com\")\n .srcRegionCodes( \n \"US\",\n \"CA\")\n .srcThreatIntelligences( \n \"iplist-known-malicious-ips\",\n \"iplist-public-clouds\")\n .srcAddressGroups(addressGroup1.id())\n .build())\n .disabled(true)\n .build(),\n FirewallPolicyWithRulesRuleArgs.builder()\n .description(\"security profile group rule\")\n .ruleName(\"tcp rule\")\n .priority(3000)\n .enableLogging(false)\n .action(\"apply_security_profile_group\")\n .direction(\"INGRESS\")\n .match(FirewallPolicyWithRulesRuleMatchArgs.builder()\n .layer4Configs(FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs.builder()\n .ipProtocol(\"tcp\")\n .build())\n .srcIpRanges(\"0.0.0.0/0\")\n .build())\n .targetServiceAccounts(\"test@google.com\")\n .securityProfileGroup(securityProfileGroup1.id().applyValue(id -\u003e String.format(\"//networksecurity.googleapis.com/%s\", id)))\n .tlsInspect(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n firewall-policy-with-rules:\n type: gcp:compute:FirewallPolicyWithRules\n properties:\n shortName: tf-fw-org-policy-with-rules\n description: Terraform test\n parent: organizations/123456789\n rules:\n - description: tcp rule\n priority: 1000\n enableLogging: true\n action: allow\n direction: EGRESS\n match:\n layer4Configs:\n - ipProtocol: tcp\n ports:\n - 8080\n - 7070\n destIpRanges:\n - 11.100.0.1/32\n destFqdns:\n - www.yyy.com\n - www.zzz.com\n destRegionCodes:\n - HK\n - IN\n destThreatIntelligences:\n - iplist-search-engines-crawlers\n - iplist-tor-exit-nodes\n destAddressGroups:\n - ${addressGroup1.id}\n targetResources:\n - https://www.googleapis.com/compute/beta/projects/${project.name}/global/networks/default\n - description: udp rule\n priority: 2000\n enableLogging: false\n action: deny\n direction: INGRESS\n match:\n layer4Configs:\n - ipProtocol: udp\n srcIpRanges:\n - 0.0.0.0/0\n srcFqdns:\n - www.abc.com\n - www.def.com\n srcRegionCodes:\n - US\n - CA\n srcThreatIntelligences:\n - iplist-known-malicious-ips\n - iplist-public-clouds\n srcAddressGroups:\n - ${addressGroup1.id}\n disabled: true\n - description: security profile group rule\n ruleName: tcp rule\n priority: 3000\n enableLogging: false\n action: apply_security_profile_group\n direction: INGRESS\n match:\n layer4Configs:\n - ipProtocol: tcp\n srcIpRanges:\n - 0.0.0.0/0\n targetServiceAccounts:\n - test@google.com\n securityProfileGroup: //networksecurity.googleapis.com/${securityProfileGroup1.id}\n tlsInspect: true\n addressGroup1:\n type: gcp:networksecurity:AddressGroup\n name: address_group_1\n properties:\n name: tf-address-group\n parent: organizations/123456789\n description: Global address group\n location: global\n items:\n - 208.80.154.224/32\n type: IPV4\n capacity: 100\n securityProfileGroup1:\n type: gcp:networksecurity:SecurityProfileGroup\n name: security_profile_group_1\n properties:\n name: tf-security-profile-group\n parent: organizations/123456789\n description: my description\n threatPreventionProfile: ${securityProfile1.id}\n securityProfile1:\n type: gcp:networksecurity:SecurityProfile\n name: security_profile_1\n properties:\n name: tf-security-profile\n type: THREAT_PREVENTION\n parent: organizations/123456789\n location: global\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFirewallPolicyWithRules can be imported using any of these accepted formats:\n\n* `locations/global/firewallPolicies/{{policy_id}}`\n\n* `{{policy_id}}`\n\nWhen using the `pulumi import` command, FirewallPolicyWithRules can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/firewallPolicyWithRules:FirewallPolicyWithRules default locations/global/firewallPolicies/{{policy_id}}\n```\n\n```sh\n$ pulumi import gcp:compute/firewallPolicyWithRules:FirewallPolicyWithRules default {{policy_id}}\n```\n\n", "properties": { "creationTimestamp": { "type": "string", @@ -162539,7 +162539,7 @@ } }, "gcp:compute/forwardingRule:ForwardingRule": { - "description": "A ForwardingRule resource. A ForwardingRule resource specifies which pool\nof target virtual machines to forward a packet to if it matches the given\n[IPAddress, IPProtocol, portRange] tuple.\n\n\nTo get more information about ForwardingRule, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/v1/forwardingRules)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/compute/docs/load-balancing/network/forwarding-rules)\n\n## Example Usage\n\n### Forwarding Rule Externallb\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hc = new gcp.compute.RegionHealthCheck(\"hc\", {\n name: \"check-website-backend\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n region: \"us-central1\",\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst backend = new gcp.compute.RegionBackendService(\"backend\", {\n name: \"website-backend\",\n region: \"us-central1\",\n loadBalancingScheme: \"EXTERNAL\",\n healthChecks: hc.id,\n});\n// Forwarding rule for External Network Load Balancing using Backend Services\nconst _default = new gcp.compute.ForwardingRule(\"default\", {\n name: \"website-forwarding-rule\",\n region: \"us-central1\",\n portRange: \"80\",\n backendService: backend.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhc = gcp.compute.RegionHealthCheck(\"hc\",\n name=\"check-website-backend\",\n check_interval_sec=1,\n timeout_sec=1,\n region=\"us-central1\",\n tcp_health_check={\n \"port\": 80,\n })\nbackend = gcp.compute.RegionBackendService(\"backend\",\n name=\"website-backend\",\n region=\"us-central1\",\n load_balancing_scheme=\"EXTERNAL\",\n health_checks=hc.id)\n# Forwarding rule for External Network Load Balancing using Backend Services\ndefault = gcp.compute.ForwardingRule(\"default\",\n name=\"website-forwarding-rule\",\n region=\"us-central1\",\n port_range=\"80\",\n backend_service=backend.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hc = new Gcp.Compute.RegionHealthCheck(\"hc\", new()\n {\n Name = \"check-website-backend\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n Region = \"us-central1\",\n TcpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var backend = new Gcp.Compute.RegionBackendService(\"backend\", new()\n {\n Name = \"website-backend\",\n Region = \"us-central1\",\n LoadBalancingScheme = \"EXTERNAL\",\n HealthChecks = hc.Id,\n });\n\n // Forwarding rule for External Network Load Balancing using Backend Services\n var @default = new Gcp.Compute.ForwardingRule(\"default\", new()\n {\n Name = \"website-forwarding-rule\",\n Region = \"us-central1\",\n PortRange = \"80\",\n BackendService = backend.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\thc, err := compute.NewRegionHealthCheck(ctx, \"hc\", \u0026compute.RegionHealthCheckArgs{\n\t\t\tName: pulumi.String(\"check-website-backend\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tTcpHealthCheck: \u0026compute.RegionHealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbackend, err := compute.NewRegionBackendService(ctx, \"backend\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"website-backend\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL\"),\n\t\t\tHealthChecks: hc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Forwarding rule for External Network Load Balancing using Backend Services\n\t\t_, err = compute.NewForwardingRule(ctx, \"default\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"website-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tPortRange: pulumi.String(\"80\"),\n\t\t\tBackendService: backend.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionHealthCheck;\nimport com.pulumi.gcp.compute.RegionHealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.RegionHealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hc = new RegionHealthCheck(\"hc\", RegionHealthCheckArgs.builder()\n .name(\"check-website-backend\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .region(\"us-central1\")\n .tcpHealthCheck(RegionHealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n var backend = new RegionBackendService(\"backend\", RegionBackendServiceArgs.builder()\n .name(\"website-backend\")\n .region(\"us-central1\")\n .loadBalancingScheme(\"EXTERNAL\")\n .healthChecks(hc.id())\n .build());\n\n // Forwarding rule for External Network Load Balancing using Backend Services\n var default_ = new ForwardingRule(\"default\", ForwardingRuleArgs.builder()\n .name(\"website-forwarding-rule\")\n .region(\"us-central1\")\n .portRange(80)\n .backendService(backend.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Forwarding rule for External Network Load Balancing using Backend Services\n default:\n type: gcp:compute:ForwardingRule\n properties:\n name: website-forwarding-rule\n region: us-central1\n portRange: 80\n backendService: ${backend.id}\n backend:\n type: gcp:compute:RegionBackendService\n properties:\n name: website-backend\n region: us-central1\n loadBalancingScheme: EXTERNAL\n healthChecks: ${hc.id}\n hc:\n type: gcp:compute:RegionHealthCheck\n properties:\n name: check-website-backend\n checkIntervalSec: 1\n timeoutSec: 1\n region: us-central1\n tcpHealthCheck:\n port: '80'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Forwarding Rule Global Internallb\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hc = new gcp.compute.HealthCheck(\"hc\", {\n name: \"check-website-backend\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst backend = new gcp.compute.RegionBackendService(\"backend\", {\n name: \"website-backend\",\n region: \"us-central1\",\n healthChecks: hc.id,\n});\nconst defaultNetwork = new gcp.compute.Network(\"default\", {\n name: \"website-net\",\n autoCreateSubnetworks: false,\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"website-net\",\n ipCidrRange: \"10.0.0.0/16\",\n region: \"us-central1\",\n network: defaultNetwork.id,\n});\n// Forwarding rule for Internal Load Balancing\nconst _default = new gcp.compute.ForwardingRule(\"default\", {\n name: \"website-forwarding-rule\",\n region: \"us-central1\",\n loadBalancingScheme: \"INTERNAL\",\n backendService: backend.id,\n allPorts: true,\n allowGlobalAccess: true,\n network: defaultNetwork.name,\n subnetwork: defaultSubnetwork.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhc = gcp.compute.HealthCheck(\"hc\",\n name=\"check-website-backend\",\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\nbackend = gcp.compute.RegionBackendService(\"backend\",\n name=\"website-backend\",\n region=\"us-central1\",\n health_checks=hc.id)\ndefault_network = gcp.compute.Network(\"default\",\n name=\"website-net\",\n auto_create_subnetworks=False)\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"website-net\",\n ip_cidr_range=\"10.0.0.0/16\",\n region=\"us-central1\",\n network=default_network.id)\n# Forwarding rule for Internal Load Balancing\ndefault = gcp.compute.ForwardingRule(\"default\",\n name=\"website-forwarding-rule\",\n region=\"us-central1\",\n load_balancing_scheme=\"INTERNAL\",\n backend_service=backend.id,\n all_ports=True,\n allow_global_access=True,\n network=default_network.name,\n subnetwork=default_subnetwork.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hc = new Gcp.Compute.HealthCheck(\"hc\", new()\n {\n Name = \"check-website-backend\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var backend = new Gcp.Compute.RegionBackendService(\"backend\", new()\n {\n Name = \"website-backend\",\n Region = \"us-central1\",\n HealthChecks = hc.Id,\n });\n\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"website-net\",\n AutoCreateSubnetworks = false,\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"website-net\",\n IpCidrRange = \"10.0.0.0/16\",\n Region = \"us-central1\",\n Network = defaultNetwork.Id,\n });\n\n // Forwarding rule for Internal Load Balancing\n var @default = new Gcp.Compute.ForwardingRule(\"default\", new()\n {\n Name = \"website-forwarding-rule\",\n Region = \"us-central1\",\n LoadBalancingScheme = \"INTERNAL\",\n BackendService = backend.Id,\n AllPorts = true,\n AllowGlobalAccess = true,\n Network = defaultNetwork.Name,\n Subnetwork = defaultSubnetwork.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\thc, err := compute.NewHealthCheck(ctx, \"hc\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"check-website-backend\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbackend, err := compute.NewRegionBackendService(ctx, \"backend\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"website-backend\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHealthChecks: hc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"website-net\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"website-net\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Forwarding rule for Internal Load Balancing\n\t\t_, err = compute.NewForwardingRule(ctx, \"default\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"website-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL\"),\n\t\t\tBackendService: backend.ID(),\n\t\t\tAllPorts: pulumi.Bool(true),\n\t\t\tAllowGlobalAccess: pulumi.Bool(true),\n\t\t\tNetwork: defaultNetwork.Name,\n\t\t\tSubnetwork: defaultSubnetwork.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hc = new HealthCheck(\"hc\", HealthCheckArgs.builder()\n .name(\"check-website-backend\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n var backend = new RegionBackendService(\"backend\", RegionBackendServiceArgs.builder()\n .name(\"website-backend\")\n .region(\"us-central1\")\n .healthChecks(hc.id())\n .build());\n\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"website-net\")\n .autoCreateSubnetworks(false)\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"website-net\")\n .ipCidrRange(\"10.0.0.0/16\")\n .region(\"us-central1\")\n .network(defaultNetwork.id())\n .build());\n\n // Forwarding rule for Internal Load Balancing\n var default_ = new ForwardingRule(\"default\", ForwardingRuleArgs.builder()\n .name(\"website-forwarding-rule\")\n .region(\"us-central1\")\n .loadBalancingScheme(\"INTERNAL\")\n .backendService(backend.id())\n .allPorts(true)\n .allowGlobalAccess(true)\n .network(defaultNetwork.name())\n .subnetwork(defaultSubnetwork.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Forwarding rule for Internal Load Balancing\n default:\n type: gcp:compute:ForwardingRule\n properties:\n name: website-forwarding-rule\n region: us-central1\n loadBalancingScheme: INTERNAL\n backendService: ${backend.id}\n allPorts: true\n allowGlobalAccess: true\n network: ${defaultNetwork.name}\n subnetwork: ${defaultSubnetwork.name}\n backend:\n type: gcp:compute:RegionBackendService\n properties:\n name: website-backend\n region: us-central1\n healthChecks: ${hc.id}\n hc:\n type: gcp:compute:HealthCheck\n properties:\n name: check-website-backend\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: website-net\n autoCreateSubnetworks: false\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: website-net\n ipCidrRange: 10.0.0.0/16\n region: us-central1\n network: ${defaultNetwork.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Forwarding Rule Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultTargetPool = new gcp.compute.TargetPool(\"default\", {name: \"website-target-pool\"});\nconst _default = new gcp.compute.ForwardingRule(\"default\", {\n name: \"website-forwarding-rule\",\n target: defaultTargetPool.id,\n portRange: \"80\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_target_pool = gcp.compute.TargetPool(\"default\", name=\"website-target-pool\")\ndefault = gcp.compute.ForwardingRule(\"default\",\n name=\"website-forwarding-rule\",\n target=default_target_pool.id,\n port_range=\"80\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultTargetPool = new Gcp.Compute.TargetPool(\"default\", new()\n {\n Name = \"website-target-pool\",\n });\n\n var @default = new Gcp.Compute.ForwardingRule(\"default\", new()\n {\n Name = \"website-forwarding-rule\",\n Target = defaultTargetPool.Id,\n PortRange = \"80\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultTargetPool, err := compute.NewTargetPool(ctx, \"default\", \u0026compute.TargetPoolArgs{\n\t\t\tName: pulumi.String(\"website-target-pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewForwardingRule(ctx, \"default\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"website-forwarding-rule\"),\n\t\t\tTarget: defaultTargetPool.ID(),\n\t\t\tPortRange: pulumi.String(\"80\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.TargetPool;\nimport com.pulumi.gcp.compute.TargetPoolArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultTargetPool = new TargetPool(\"defaultTargetPool\", TargetPoolArgs.builder()\n .name(\"website-target-pool\")\n .build());\n\n var default_ = new ForwardingRule(\"default\", ForwardingRuleArgs.builder()\n .name(\"website-forwarding-rule\")\n .target(defaultTargetPool.id())\n .portRange(\"80\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:ForwardingRule\n properties:\n name: website-forwarding-rule\n target: ${defaultTargetPool.id}\n portRange: '80'\n defaultTargetPool:\n type: gcp:compute:TargetPool\n name: default\n properties:\n name: website-target-pool\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Forwarding Rule L3 Default\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst healthCheck = new gcp.compute.RegionHealthCheck(\"health_check\", {\n name: \"health-check\",\n region: \"us-central1\",\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst service = new gcp.compute.RegionBackendService(\"service\", {\n region: \"us-central1\",\n name: \"service\",\n healthChecks: healthCheck.id,\n protocol: \"UNSPECIFIED\",\n loadBalancingScheme: \"EXTERNAL\",\n});\nconst fwdRule = new gcp.compute.ForwardingRule(\"fwd_rule\", {\n name: \"l3-forwarding-rule\",\n backendService: service.id,\n ipProtocol: \"L3_DEFAULT\",\n allPorts: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhealth_check = gcp.compute.RegionHealthCheck(\"health_check\",\n name=\"health-check\",\n region=\"us-central1\",\n tcp_health_check={\n \"port\": 80,\n })\nservice = gcp.compute.RegionBackendService(\"service\",\n region=\"us-central1\",\n name=\"service\",\n health_checks=health_check.id,\n protocol=\"UNSPECIFIED\",\n load_balancing_scheme=\"EXTERNAL\")\nfwd_rule = gcp.compute.ForwardingRule(\"fwd_rule\",\n name=\"l3-forwarding-rule\",\n backend_service=service.id,\n ip_protocol=\"L3_DEFAULT\",\n all_ports=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var healthCheck = new Gcp.Compute.RegionHealthCheck(\"health_check\", new()\n {\n Name = \"health-check\",\n Region = \"us-central1\",\n TcpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var service = new Gcp.Compute.RegionBackendService(\"service\", new()\n {\n Region = \"us-central1\",\n Name = \"service\",\n HealthChecks = healthCheck.Id,\n Protocol = \"UNSPECIFIED\",\n LoadBalancingScheme = \"EXTERNAL\",\n });\n\n var fwdRule = new Gcp.Compute.ForwardingRule(\"fwd_rule\", new()\n {\n Name = \"l3-forwarding-rule\",\n BackendService = service.Id,\n IpProtocol = \"L3_DEFAULT\",\n AllPorts = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\thealthCheck, err := compute.NewRegionHealthCheck(ctx, \"health_check\", \u0026compute.RegionHealthCheckArgs{\n\t\t\tName: pulumi.String(\"health-check\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tTcpHealthCheck: \u0026compute.RegionHealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tservice, err := compute.NewRegionBackendService(ctx, \"service\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"service\"),\n\t\t\tHealthChecks: healthCheck.ID(),\n\t\t\tProtocol: pulumi.String(\"UNSPECIFIED\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewForwardingRule(ctx, \"fwd_rule\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"l3-forwarding-rule\"),\n\t\t\tBackendService: service.ID(),\n\t\t\tIpProtocol: pulumi.String(\"L3_DEFAULT\"),\n\t\t\tAllPorts: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionHealthCheck;\nimport com.pulumi.gcp.compute.RegionHealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.RegionHealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var healthCheck = new RegionHealthCheck(\"healthCheck\", RegionHealthCheckArgs.builder()\n .name(\"health-check\")\n .region(\"us-central1\")\n .tcpHealthCheck(RegionHealthCheckTcpHealthCheckArgs.builder()\n .port(80)\n .build())\n .build());\n\n var service = new RegionBackendService(\"service\", RegionBackendServiceArgs.builder()\n .region(\"us-central1\")\n .name(\"service\")\n .healthChecks(healthCheck.id())\n .protocol(\"UNSPECIFIED\")\n .loadBalancingScheme(\"EXTERNAL\")\n .build());\n\n var fwdRule = new ForwardingRule(\"fwdRule\", ForwardingRuleArgs.builder()\n .name(\"l3-forwarding-rule\")\n .backendService(service.id())\n .ipProtocol(\"L3_DEFAULT\")\n .allPorts(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fwdRule:\n type: gcp:compute:ForwardingRule\n name: fwd_rule\n properties:\n name: l3-forwarding-rule\n backendService: ${service.id}\n ipProtocol: L3_DEFAULT\n allPorts: true\n service:\n type: gcp:compute:RegionBackendService\n properties:\n region: us-central1\n name: service\n healthChecks: ${healthCheck.id}\n protocol: UNSPECIFIED\n loadBalancingScheme: EXTERNAL\n healthCheck:\n type: gcp:compute:RegionHealthCheck\n name: health_check\n properties:\n name: health-check\n region: us-central1\n tcpHealthCheck:\n port: 80\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Forwarding Rule Internallb\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hc = new gcp.compute.HealthCheck(\"hc\", {\n name: \"check-website-backend\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst backend = new gcp.compute.RegionBackendService(\"backend\", {\n name: \"website-backend\",\n region: \"us-central1\",\n healthChecks: hc.id,\n});\nconst defaultNetwork = new gcp.compute.Network(\"default\", {\n name: \"website-net\",\n autoCreateSubnetworks: false,\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"website-net\",\n ipCidrRange: \"10.0.0.0/16\",\n region: \"us-central1\",\n network: defaultNetwork.id,\n});\n// Forwarding rule for Internal Load Balancing\nconst _default = new gcp.compute.ForwardingRule(\"default\", {\n name: \"website-forwarding-rule\",\n region: \"us-central1\",\n loadBalancingScheme: \"INTERNAL\",\n backendService: backend.id,\n allPorts: true,\n network: defaultNetwork.name,\n subnetwork: defaultSubnetwork.name,\n ipVersion: \"IPV4\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhc = gcp.compute.HealthCheck(\"hc\",\n name=\"check-website-backend\",\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\nbackend = gcp.compute.RegionBackendService(\"backend\",\n name=\"website-backend\",\n region=\"us-central1\",\n health_checks=hc.id)\ndefault_network = gcp.compute.Network(\"default\",\n name=\"website-net\",\n auto_create_subnetworks=False)\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"website-net\",\n ip_cidr_range=\"10.0.0.0/16\",\n region=\"us-central1\",\n network=default_network.id)\n# Forwarding rule for Internal Load Balancing\ndefault = gcp.compute.ForwardingRule(\"default\",\n name=\"website-forwarding-rule\",\n region=\"us-central1\",\n load_balancing_scheme=\"INTERNAL\",\n backend_service=backend.id,\n all_ports=True,\n network=default_network.name,\n subnetwork=default_subnetwork.name,\n ip_version=\"IPV4\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hc = new Gcp.Compute.HealthCheck(\"hc\", new()\n {\n Name = \"check-website-backend\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var backend = new Gcp.Compute.RegionBackendService(\"backend\", new()\n {\n Name = \"website-backend\",\n Region = \"us-central1\",\n HealthChecks = hc.Id,\n });\n\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"website-net\",\n AutoCreateSubnetworks = false,\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"website-net\",\n IpCidrRange = \"10.0.0.0/16\",\n Region = \"us-central1\",\n Network = defaultNetwork.Id,\n });\n\n // Forwarding rule for Internal Load Balancing\n var @default = new Gcp.Compute.ForwardingRule(\"default\", new()\n {\n Name = \"website-forwarding-rule\",\n Region = \"us-central1\",\n LoadBalancingScheme = \"INTERNAL\",\n BackendService = backend.Id,\n AllPorts = true,\n Network = defaultNetwork.Name,\n Subnetwork = defaultSubnetwork.Name,\n IpVersion = \"IPV4\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\thc, err := compute.NewHealthCheck(ctx, \"hc\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"check-website-backend\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbackend, err := compute.NewRegionBackendService(ctx, \"backend\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"website-backend\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHealthChecks: hc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"website-net\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"website-net\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Forwarding rule for Internal Load Balancing\n\t\t_, err = compute.NewForwardingRule(ctx, \"default\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"website-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL\"),\n\t\t\tBackendService: backend.ID(),\n\t\t\tAllPorts: pulumi.Bool(true),\n\t\t\tNetwork: defaultNetwork.Name,\n\t\t\tSubnetwork: defaultSubnetwork.Name,\n\t\t\tIpVersion: pulumi.String(\"IPV4\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hc = new HealthCheck(\"hc\", HealthCheckArgs.builder()\n .name(\"check-website-backend\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n var backend = new RegionBackendService(\"backend\", RegionBackendServiceArgs.builder()\n .name(\"website-backend\")\n .region(\"us-central1\")\n .healthChecks(hc.id())\n .build());\n\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"website-net\")\n .autoCreateSubnetworks(false)\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"website-net\")\n .ipCidrRange(\"10.0.0.0/16\")\n .region(\"us-central1\")\n .network(defaultNetwork.id())\n .build());\n\n // Forwarding rule for Internal Load Balancing\n var default_ = new ForwardingRule(\"default\", ForwardingRuleArgs.builder()\n .name(\"website-forwarding-rule\")\n .region(\"us-central1\")\n .loadBalancingScheme(\"INTERNAL\")\n .backendService(backend.id())\n .allPorts(true)\n .network(defaultNetwork.name())\n .subnetwork(defaultSubnetwork.name())\n .ipVersion(\"IPV4\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Forwarding rule for Internal Load Balancing\n default:\n type: gcp:compute:ForwardingRule\n properties:\n name: website-forwarding-rule\n region: us-central1\n loadBalancingScheme: INTERNAL\n backendService: ${backend.id}\n allPorts: true\n network: ${defaultNetwork.name}\n subnetwork: ${defaultSubnetwork.name}\n ipVersion: IPV4\n backend:\n type: gcp:compute:RegionBackendService\n properties:\n name: website-backend\n region: us-central1\n healthChecks: ${hc.id}\n hc:\n type: gcp:compute:HealthCheck\n properties:\n name: check-website-backend\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: website-net\n autoCreateSubnetworks: false\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: website-net\n ipCidrRange: 10.0.0.0/16\n region: us-central1\n network: ${defaultNetwork.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Forwarding Rule Http Lb\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst debianImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst defaultNetwork = new gcp.compute.Network(\"default\", {\n name: \"website-net\",\n autoCreateSubnetworks: false,\n routingMode: \"REGIONAL\",\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"website-net-default\",\n ipCidrRange: \"10.1.2.0/24\",\n region: \"us-central1\",\n network: defaultNetwork.id,\n});\nconst instanceTemplate = new gcp.compute.InstanceTemplate(\"instance_template\", {\n name: \"template-website-backend\",\n machineType: \"e2-medium\",\n networkInterfaces: [{\n network: defaultNetwork.id,\n subnetwork: defaultSubnetwork.id,\n }],\n disks: [{\n sourceImage: debianImage.then(debianImage =\u003e debianImage.selfLink),\n autoDelete: true,\n boot: true,\n }],\n tags: [\n \"allow-ssh\",\n \"load-balanced-backend\",\n ],\n});\nconst rigm = new gcp.compute.RegionInstanceGroupManager(\"rigm\", {\n region: \"us-central1\",\n name: \"website-rigm\",\n versions: [{\n instanceTemplate: instanceTemplate.id,\n name: \"primary\",\n }],\n baseInstanceName: \"internal-glb\",\n targetSize: 1,\n});\nconst fw1 = new gcp.compute.Firewall(\"fw1\", {\n name: \"website-fw-1\",\n network: defaultNetwork.id,\n sourceRanges: [\"10.1.2.0/24\"],\n allows: [\n {\n protocol: \"tcp\",\n },\n {\n protocol: \"udp\",\n },\n {\n protocol: \"icmp\",\n },\n ],\n direction: \"INGRESS\",\n});\nconst fw2 = new gcp.compute.Firewall(\"fw2\", {\n name: \"website-fw-2\",\n network: defaultNetwork.id,\n sourceRanges: [\"0.0.0.0/0\"],\n allows: [{\n protocol: \"tcp\",\n ports: [\"22\"],\n }],\n targetTags: [\"allow-ssh\"],\n direction: \"INGRESS\",\n}, {\n dependsOn: [fw1],\n});\nconst fw3 = new gcp.compute.Firewall(\"fw3\", {\n name: \"website-fw-3\",\n network: defaultNetwork.id,\n sourceRanges: [\n \"130.211.0.0/22\",\n \"35.191.0.0/16\",\n ],\n allows: [{\n protocol: \"tcp\",\n }],\n targetTags: [\"load-balanced-backend\"],\n direction: \"INGRESS\",\n}, {\n dependsOn: [fw2],\n});\nconst fw4 = new gcp.compute.Firewall(\"fw4\", {\n name: \"website-fw-4\",\n network: defaultNetwork.id,\n sourceRanges: [\"10.129.0.0/26\"],\n targetTags: [\"load-balanced-backend\"],\n allows: [\n {\n protocol: \"tcp\",\n ports: [\"80\"],\n },\n {\n protocol: \"tcp\",\n ports: [\"443\"],\n },\n {\n protocol: \"tcp\",\n ports: [\"8000\"],\n },\n ],\n direction: \"INGRESS\",\n}, {\n dependsOn: [fw3],\n});\nconst defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck(\"default\", {\n region: \"us-central1\",\n name: \"website-hc\",\n httpHealthCheck: {\n portSpecification: \"USE_SERVING_PORT\",\n },\n}, {\n dependsOn: [fw4],\n});\nconst defaultRegionBackendService = new gcp.compute.RegionBackendService(\"default\", {\n loadBalancingScheme: \"INTERNAL_MANAGED\",\n backends: [{\n group: rigm.instanceGroup,\n balancingMode: \"UTILIZATION\",\n capacityScaler: 1,\n }],\n region: \"us-central1\",\n name: \"website-backend\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n healthChecks: defaultRegionHealthCheck.id,\n});\nconst defaultRegionUrlMap = new gcp.compute.RegionUrlMap(\"default\", {\n region: \"us-central1\",\n name: \"website-map\",\n defaultService: defaultRegionBackendService.id,\n});\nconst defaultRegionTargetHttpProxy = new gcp.compute.RegionTargetHttpProxy(\"default\", {\n region: \"us-central1\",\n name: \"website-proxy\",\n urlMap: defaultRegionUrlMap.id,\n});\nconst proxy = new gcp.compute.Subnetwork(\"proxy\", {\n name: \"website-net-proxy\",\n ipCidrRange: \"10.129.0.0/26\",\n region: \"us-central1\",\n network: defaultNetwork.id,\n purpose: \"REGIONAL_MANAGED_PROXY\",\n role: \"ACTIVE\",\n});\n// Forwarding rule for Internal Load Balancing\nconst _default = new gcp.compute.ForwardingRule(\"default\", {\n name: \"website-forwarding-rule\",\n region: \"us-central1\",\n ipProtocol: \"TCP\",\n loadBalancingScheme: \"INTERNAL_MANAGED\",\n portRange: \"80\",\n target: defaultRegionTargetHttpProxy.id,\n network: defaultNetwork.id,\n subnetwork: defaultSubnetwork.id,\n networkTier: \"PREMIUM\",\n}, {\n dependsOn: [proxy],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndebian_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\ndefault_network = gcp.compute.Network(\"default\",\n name=\"website-net\",\n auto_create_subnetworks=False,\n routing_mode=\"REGIONAL\")\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"website-net-default\",\n ip_cidr_range=\"10.1.2.0/24\",\n region=\"us-central1\",\n network=default_network.id)\ninstance_template = gcp.compute.InstanceTemplate(\"instance_template\",\n name=\"template-website-backend\",\n machine_type=\"e2-medium\",\n network_interfaces=[{\n \"network\": default_network.id,\n \"subnetwork\": default_subnetwork.id,\n }],\n disks=[{\n \"source_image\": debian_image.self_link,\n \"auto_delete\": True,\n \"boot\": True,\n }],\n tags=[\n \"allow-ssh\",\n \"load-balanced-backend\",\n ])\nrigm = gcp.compute.RegionInstanceGroupManager(\"rigm\",\n region=\"us-central1\",\n name=\"website-rigm\",\n versions=[{\n \"instance_template\": instance_template.id,\n \"name\": \"primary\",\n }],\n base_instance_name=\"internal-glb\",\n target_size=1)\nfw1 = gcp.compute.Firewall(\"fw1\",\n name=\"website-fw-1\",\n network=default_network.id,\n source_ranges=[\"10.1.2.0/24\"],\n allows=[\n {\n \"protocol\": \"tcp\",\n },\n {\n \"protocol\": \"udp\",\n },\n {\n \"protocol\": \"icmp\",\n },\n ],\n direction=\"INGRESS\")\nfw2 = gcp.compute.Firewall(\"fw2\",\n name=\"website-fw-2\",\n network=default_network.id,\n source_ranges=[\"0.0.0.0/0\"],\n allows=[{\n \"protocol\": \"tcp\",\n \"ports\": [\"22\"],\n }],\n target_tags=[\"allow-ssh\"],\n direction=\"INGRESS\",\n opts = pulumi.ResourceOptions(depends_on=[fw1]))\nfw3 = gcp.compute.Firewall(\"fw3\",\n name=\"website-fw-3\",\n network=default_network.id,\n source_ranges=[\n \"130.211.0.0/22\",\n \"35.191.0.0/16\",\n ],\n allows=[{\n \"protocol\": \"tcp\",\n }],\n target_tags=[\"load-balanced-backend\"],\n direction=\"INGRESS\",\n opts = pulumi.ResourceOptions(depends_on=[fw2]))\nfw4 = gcp.compute.Firewall(\"fw4\",\n name=\"website-fw-4\",\n network=default_network.id,\n source_ranges=[\"10.129.0.0/26\"],\n target_tags=[\"load-balanced-backend\"],\n allows=[\n {\n \"protocol\": \"tcp\",\n \"ports\": [\"80\"],\n },\n {\n \"protocol\": \"tcp\",\n \"ports\": [\"443\"],\n },\n {\n \"protocol\": \"tcp\",\n \"ports\": [\"8000\"],\n },\n ],\n direction=\"INGRESS\",\n opts = pulumi.ResourceOptions(depends_on=[fw3]))\ndefault_region_health_check = gcp.compute.RegionHealthCheck(\"default\",\n region=\"us-central1\",\n name=\"website-hc\",\n http_health_check={\n \"port_specification\": \"USE_SERVING_PORT\",\n },\n opts = pulumi.ResourceOptions(depends_on=[fw4]))\ndefault_region_backend_service = gcp.compute.RegionBackendService(\"default\",\n load_balancing_scheme=\"INTERNAL_MANAGED\",\n backends=[{\n \"group\": rigm.instance_group,\n \"balancing_mode\": \"UTILIZATION\",\n \"capacity_scaler\": 1,\n }],\n region=\"us-central1\",\n name=\"website-backend\",\n protocol=\"HTTP\",\n timeout_sec=10,\n health_checks=default_region_health_check.id)\ndefault_region_url_map = gcp.compute.RegionUrlMap(\"default\",\n region=\"us-central1\",\n name=\"website-map\",\n default_service=default_region_backend_service.id)\ndefault_region_target_http_proxy = gcp.compute.RegionTargetHttpProxy(\"default\",\n region=\"us-central1\",\n name=\"website-proxy\",\n url_map=default_region_url_map.id)\nproxy = gcp.compute.Subnetwork(\"proxy\",\n name=\"website-net-proxy\",\n ip_cidr_range=\"10.129.0.0/26\",\n region=\"us-central1\",\n network=default_network.id,\n purpose=\"REGIONAL_MANAGED_PROXY\",\n role=\"ACTIVE\")\n# Forwarding rule for Internal Load Balancing\ndefault = gcp.compute.ForwardingRule(\"default\",\n name=\"website-forwarding-rule\",\n region=\"us-central1\",\n ip_protocol=\"TCP\",\n load_balancing_scheme=\"INTERNAL_MANAGED\",\n port_range=\"80\",\n target=default_region_target_http_proxy.id,\n network=default_network.id,\n subnetwork=default_subnetwork.id,\n network_tier=\"PREMIUM\",\n opts = pulumi.ResourceOptions(depends_on=[proxy]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var debianImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"website-net\",\n AutoCreateSubnetworks = false,\n RoutingMode = \"REGIONAL\",\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"website-net-default\",\n IpCidrRange = \"10.1.2.0/24\",\n Region = \"us-central1\",\n Network = defaultNetwork.Id,\n });\n\n var instanceTemplate = new Gcp.Compute.InstanceTemplate(\"instance_template\", new()\n {\n Name = \"template-website-backend\",\n MachineType = \"e2-medium\",\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs\n {\n Network = defaultNetwork.Id,\n Subnetwork = defaultSubnetwork.Id,\n },\n },\n Disks = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateDiskArgs\n {\n SourceImage = debianImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n AutoDelete = true,\n Boot = true,\n },\n },\n Tags = new[]\n {\n \"allow-ssh\",\n \"load-balanced-backend\",\n },\n });\n\n var rigm = new Gcp.Compute.RegionInstanceGroupManager(\"rigm\", new()\n {\n Region = \"us-central1\",\n Name = \"website-rigm\",\n Versions = new[]\n {\n new Gcp.Compute.Inputs.RegionInstanceGroupManagerVersionArgs\n {\n InstanceTemplate = instanceTemplate.Id,\n Name = \"primary\",\n },\n },\n BaseInstanceName = \"internal-glb\",\n TargetSize = 1,\n });\n\n var fw1 = new Gcp.Compute.Firewall(\"fw1\", new()\n {\n Name = \"website-fw-1\",\n Network = defaultNetwork.Id,\n SourceRanges = new[]\n {\n \"10.1.2.0/24\",\n },\n Allows = new[]\n {\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"tcp\",\n },\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"udp\",\n },\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"icmp\",\n },\n },\n Direction = \"INGRESS\",\n });\n\n var fw2 = new Gcp.Compute.Firewall(\"fw2\", new()\n {\n Name = \"website-fw-2\",\n Network = defaultNetwork.Id,\n SourceRanges = new[]\n {\n \"0.0.0.0/0\",\n },\n Allows = new[]\n {\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"tcp\",\n Ports = new[]\n {\n \"22\",\n },\n },\n },\n TargetTags = new[]\n {\n \"allow-ssh\",\n },\n Direction = \"INGRESS\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n fw1,\n },\n });\n\n var fw3 = new Gcp.Compute.Firewall(\"fw3\", new()\n {\n Name = \"website-fw-3\",\n Network = defaultNetwork.Id,\n SourceRanges = new[]\n {\n \"130.211.0.0/22\",\n \"35.191.0.0/16\",\n },\n Allows = new[]\n {\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"tcp\",\n },\n },\n TargetTags = new[]\n {\n \"load-balanced-backend\",\n },\n Direction = \"INGRESS\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n fw2,\n },\n });\n\n var fw4 = new Gcp.Compute.Firewall(\"fw4\", new()\n {\n Name = \"website-fw-4\",\n Network = defaultNetwork.Id,\n SourceRanges = new[]\n {\n \"10.129.0.0/26\",\n },\n TargetTags = new[]\n {\n \"load-balanced-backend\",\n },\n Allows = new[]\n {\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"tcp\",\n Ports = new[]\n {\n \"80\",\n },\n },\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"tcp\",\n Ports = new[]\n {\n \"443\",\n },\n },\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"tcp\",\n Ports = new[]\n {\n \"8000\",\n },\n },\n },\n Direction = \"INGRESS\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n fw3,\n },\n });\n\n var defaultRegionHealthCheck = new Gcp.Compute.RegionHealthCheck(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"website-hc\",\n HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs\n {\n PortSpecification = \"USE_SERVING_PORT\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n fw4,\n },\n });\n\n var defaultRegionBackendService = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n LoadBalancingScheme = \"INTERNAL_MANAGED\",\n Backends = new[]\n {\n new Gcp.Compute.Inputs.RegionBackendServiceBackendArgs\n {\n Group = rigm.InstanceGroup,\n BalancingMode = \"UTILIZATION\",\n CapacityScaler = 1,\n },\n },\n Region = \"us-central1\",\n Name = \"website-backend\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n HealthChecks = defaultRegionHealthCheck.Id,\n });\n\n var defaultRegionUrlMap = new Gcp.Compute.RegionUrlMap(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"website-map\",\n DefaultService = defaultRegionBackendService.Id,\n });\n\n var defaultRegionTargetHttpProxy = new Gcp.Compute.RegionTargetHttpProxy(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"website-proxy\",\n UrlMap = defaultRegionUrlMap.Id,\n });\n\n var proxy = new Gcp.Compute.Subnetwork(\"proxy\", new()\n {\n Name = \"website-net-proxy\",\n IpCidrRange = \"10.129.0.0/26\",\n Region = \"us-central1\",\n Network = defaultNetwork.Id,\n Purpose = \"REGIONAL_MANAGED_PROXY\",\n Role = \"ACTIVE\",\n });\n\n // Forwarding rule for Internal Load Balancing\n var @default = new Gcp.Compute.ForwardingRule(\"default\", new()\n {\n Name = \"website-forwarding-rule\",\n Region = \"us-central1\",\n IpProtocol = \"TCP\",\n LoadBalancingScheme = \"INTERNAL_MANAGED\",\n PortRange = \"80\",\n Target = defaultRegionTargetHttpProxy.Id,\n Network = defaultNetwork.Id,\n Subnetwork = defaultSubnetwork.Id,\n NetworkTier = \"PREMIUM\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n proxy,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdebianImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"website-net\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t\tRoutingMode: pulumi.String(\"REGIONAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"website-net-default\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.1.2.0/24\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstanceTemplate, err := compute.NewInstanceTemplate(ctx, \"instance_template\", \u0026compute.InstanceTemplateArgs{\n\t\t\tName: pulumi.String(\"template-website-backend\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tNetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceTemplateNetworkInterfaceArgs{\n\t\t\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDisks: compute.InstanceTemplateDiskArray{\n\t\t\t\t\u0026compute.InstanceTemplateDiskArgs{\n\t\t\t\t\tSourceImage: pulumi.String(debianImage.SelfLink),\n\t\t\t\t\tAutoDelete: pulumi.Bool(true),\n\t\t\t\t\tBoot: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"allow-ssh\"),\n\t\t\t\tpulumi.String(\"load-balanced-backend\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trigm, err := compute.NewRegionInstanceGroupManager(ctx, \"rigm\", \u0026compute.RegionInstanceGroupManagerArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"website-rigm\"),\n\t\t\tVersions: compute.RegionInstanceGroupManagerVersionArray{\n\t\t\t\t\u0026compute.RegionInstanceGroupManagerVersionArgs{\n\t\t\t\t\tInstanceTemplate: instanceTemplate.ID(),\n\t\t\t\t\tName: pulumi.String(\"primary\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tBaseInstanceName: pulumi.String(\"internal-glb\"),\n\t\t\tTargetSize: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfw1, err := compute.NewFirewall(ctx, \"fw1\", \u0026compute.FirewallArgs{\n\t\t\tName: pulumi.String(\"website-fw-1\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tSourceRanges: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"10.1.2.0/24\"),\n\t\t\t},\n\t\t\tAllows: compute.FirewallAllowArray{\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t},\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"udp\"),\n\t\t\t\t},\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"icmp\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDirection: pulumi.String(\"INGRESS\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfw2, err := compute.NewFirewall(ctx, \"fw2\", \u0026compute.FirewallArgs{\n\t\t\tName: pulumi.String(\"website-fw-2\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tSourceRanges: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"0.0.0.0/0\"),\n\t\t\t},\n\t\t\tAllows: compute.FirewallAllowArray{\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\tPorts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"22\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTargetTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"allow-ssh\"),\n\t\t\t},\n\t\t\tDirection: pulumi.String(\"INGRESS\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfw1,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfw3, err := compute.NewFirewall(ctx, \"fw3\", \u0026compute.FirewallArgs{\n\t\t\tName: pulumi.String(\"website-fw-3\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tSourceRanges: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"130.211.0.0/22\"),\n\t\t\t\tpulumi.String(\"35.191.0.0/16\"),\n\t\t\t},\n\t\t\tAllows: compute.FirewallAllowArray{\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTargetTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"load-balanced-backend\"),\n\t\t\t},\n\t\t\tDirection: pulumi.String(\"INGRESS\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfw2,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfw4, err := compute.NewFirewall(ctx, \"fw4\", \u0026compute.FirewallArgs{\n\t\t\tName: pulumi.String(\"website-fw-4\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tSourceRanges: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"10.129.0.0/26\"),\n\t\t\t},\n\t\t\tTargetTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"load-balanced-backend\"),\n\t\t\t},\n\t\t\tAllows: compute.FirewallAllowArray{\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\tPorts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"80\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\tPorts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"443\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\tPorts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"8000\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDirection: pulumi.String(\"INGRESS\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfw3,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionHealthCheck, err := compute.NewRegionHealthCheck(ctx, \"default\", \u0026compute.RegionHealthCheckArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"website-hc\"),\n\t\t\tHttpHealthCheck: \u0026compute.RegionHealthCheckHttpHealthCheckArgs{\n\t\t\t\tPortSpecification: pulumi.String(\"USE_SERVING_PORT\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfw4,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionBackendService, err := compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_MANAGED\"),\n\t\t\tBackends: compute.RegionBackendServiceBackendArray{\n\t\t\t\t\u0026compute.RegionBackendServiceBackendArgs{\n\t\t\t\t\tGroup: rigm.InstanceGroup,\n\t\t\t\t\tBalancingMode: pulumi.String(\"UTILIZATION\"),\n\t\t\t\t\tCapacityScaler: pulumi.Float64(1),\n\t\t\t\t},\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"website-backend\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tHealthChecks: defaultRegionHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionUrlMap, err := compute.NewRegionUrlMap(ctx, \"default\", \u0026compute.RegionUrlMapArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"website-map\"),\n\t\t\tDefaultService: defaultRegionBackendService.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionTargetHttpProxy, err := compute.NewRegionTargetHttpProxy(ctx, \"default\", \u0026compute.RegionTargetHttpProxyArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"website-proxy\"),\n\t\t\tUrlMap: defaultRegionUrlMap.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproxy, err := compute.NewSubnetwork(ctx, \"proxy\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"website-net-proxy\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.129.0.0/26\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tPurpose: pulumi.String(\"REGIONAL_MANAGED_PROXY\"),\n\t\t\tRole: pulumi.String(\"ACTIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Forwarding rule for Internal Load Balancing\n\t\t_, err = compute.NewForwardingRule(ctx, \"default\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"website-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tIpProtocol: pulumi.String(\"TCP\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_MANAGED\"),\n\t\t\tPortRange: pulumi.String(\"80\"),\n\t\t\tTarget: defaultRegionTargetHttpProxy.ID(),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\tNetworkTier: pulumi.String(\"PREMIUM\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tproxy,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.InstanceTemplate;\nimport com.pulumi.gcp.compute.InstanceTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;\nimport com.pulumi.gcp.compute.RegionInstanceGroupManager;\nimport com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;\nimport com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;\nimport com.pulumi.gcp.compute.Firewall;\nimport com.pulumi.gcp.compute.FirewallArgs;\nimport com.pulumi.gcp.compute.inputs.FirewallAllowArgs;\nimport com.pulumi.gcp.compute.RegionHealthCheck;\nimport com.pulumi.gcp.compute.RegionHealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs;\nimport com.pulumi.gcp.compute.RegionUrlMap;\nimport com.pulumi.gcp.compute.RegionUrlMapArgs;\nimport com.pulumi.gcp.compute.RegionTargetHttpProxy;\nimport com.pulumi.gcp.compute.RegionTargetHttpProxyArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var debianImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"website-net\")\n .autoCreateSubnetworks(false)\n .routingMode(\"REGIONAL\")\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"website-net-default\")\n .ipCidrRange(\"10.1.2.0/24\")\n .region(\"us-central1\")\n .network(defaultNetwork.id())\n .build());\n\n var instanceTemplate = new InstanceTemplate(\"instanceTemplate\", InstanceTemplateArgs.builder()\n .name(\"template-website-backend\")\n .machineType(\"e2-medium\")\n .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()\n .network(defaultNetwork.id())\n .subnetwork(defaultSubnetwork.id())\n .build())\n .disks(InstanceTemplateDiskArgs.builder()\n .sourceImage(debianImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .autoDelete(true)\n .boot(true)\n .build())\n .tags( \n \"allow-ssh\",\n \"load-balanced-backend\")\n .build());\n\n var rigm = new RegionInstanceGroupManager(\"rigm\", RegionInstanceGroupManagerArgs.builder()\n .region(\"us-central1\")\n .name(\"website-rigm\")\n .versions(RegionInstanceGroupManagerVersionArgs.builder()\n .instanceTemplate(instanceTemplate.id())\n .name(\"primary\")\n .build())\n .baseInstanceName(\"internal-glb\")\n .targetSize(1)\n .build());\n\n var fw1 = new Firewall(\"fw1\", FirewallArgs.builder()\n .name(\"website-fw-1\")\n .network(defaultNetwork.id())\n .sourceRanges(\"10.1.2.0/24\")\n .allows( \n FirewallAllowArgs.builder()\n .protocol(\"tcp\")\n .build(),\n FirewallAllowArgs.builder()\n .protocol(\"udp\")\n .build(),\n FirewallAllowArgs.builder()\n .protocol(\"icmp\")\n .build())\n .direction(\"INGRESS\")\n .build());\n\n var fw2 = new Firewall(\"fw2\", FirewallArgs.builder()\n .name(\"website-fw-2\")\n .network(defaultNetwork.id())\n .sourceRanges(\"0.0.0.0/0\")\n .allows(FirewallAllowArgs.builder()\n .protocol(\"tcp\")\n .ports(\"22\")\n .build())\n .targetTags(\"allow-ssh\")\n .direction(\"INGRESS\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(fw1)\n .build());\n\n var fw3 = new Firewall(\"fw3\", FirewallArgs.builder()\n .name(\"website-fw-3\")\n .network(defaultNetwork.id())\n .sourceRanges( \n \"130.211.0.0/22\",\n \"35.191.0.0/16\")\n .allows(FirewallAllowArgs.builder()\n .protocol(\"tcp\")\n .build())\n .targetTags(\"load-balanced-backend\")\n .direction(\"INGRESS\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(fw2)\n .build());\n\n var fw4 = new Firewall(\"fw4\", FirewallArgs.builder()\n .name(\"website-fw-4\")\n .network(defaultNetwork.id())\n .sourceRanges(\"10.129.0.0/26\")\n .targetTags(\"load-balanced-backend\")\n .allows( \n FirewallAllowArgs.builder()\n .protocol(\"tcp\")\n .ports(\"80\")\n .build(),\n FirewallAllowArgs.builder()\n .protocol(\"tcp\")\n .ports(\"443\")\n .build(),\n FirewallAllowArgs.builder()\n .protocol(\"tcp\")\n .ports(\"8000\")\n .build())\n .direction(\"INGRESS\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(fw3)\n .build());\n\n var defaultRegionHealthCheck = new RegionHealthCheck(\"defaultRegionHealthCheck\", RegionHealthCheckArgs.builder()\n .region(\"us-central1\")\n .name(\"website-hc\")\n .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()\n .portSpecification(\"USE_SERVING_PORT\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(fw4)\n .build());\n\n var defaultRegionBackendService = new RegionBackendService(\"defaultRegionBackendService\", RegionBackendServiceArgs.builder()\n .loadBalancingScheme(\"INTERNAL_MANAGED\")\n .backends(RegionBackendServiceBackendArgs.builder()\n .group(rigm.instanceGroup())\n .balancingMode(\"UTILIZATION\")\n .capacityScaler(1)\n .build())\n .region(\"us-central1\")\n .name(\"website-backend\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .healthChecks(defaultRegionHealthCheck.id())\n .build());\n\n var defaultRegionUrlMap = new RegionUrlMap(\"defaultRegionUrlMap\", RegionUrlMapArgs.builder()\n .region(\"us-central1\")\n .name(\"website-map\")\n .defaultService(defaultRegionBackendService.id())\n .build());\n\n var defaultRegionTargetHttpProxy = new RegionTargetHttpProxy(\"defaultRegionTargetHttpProxy\", RegionTargetHttpProxyArgs.builder()\n .region(\"us-central1\")\n .name(\"website-proxy\")\n .urlMap(defaultRegionUrlMap.id())\n .build());\n\n var proxy = new Subnetwork(\"proxy\", SubnetworkArgs.builder()\n .name(\"website-net-proxy\")\n .ipCidrRange(\"10.129.0.0/26\")\n .region(\"us-central1\")\n .network(defaultNetwork.id())\n .purpose(\"REGIONAL_MANAGED_PROXY\")\n .role(\"ACTIVE\")\n .build());\n\n // Forwarding rule for Internal Load Balancing\n var default_ = new ForwardingRule(\"default\", ForwardingRuleArgs.builder()\n .name(\"website-forwarding-rule\")\n .region(\"us-central1\")\n .ipProtocol(\"TCP\")\n .loadBalancingScheme(\"INTERNAL_MANAGED\")\n .portRange(\"80\")\n .target(defaultRegionTargetHttpProxy.id())\n .network(defaultNetwork.id())\n .subnetwork(defaultSubnetwork.id())\n .networkTier(\"PREMIUM\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(proxy)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Forwarding rule for Internal Load Balancing\n default:\n type: gcp:compute:ForwardingRule\n properties:\n name: website-forwarding-rule\n region: us-central1\n ipProtocol: TCP\n loadBalancingScheme: INTERNAL_MANAGED\n portRange: '80'\n target: ${defaultRegionTargetHttpProxy.id}\n network: ${defaultNetwork.id}\n subnetwork: ${defaultSubnetwork.id}\n networkTier: PREMIUM\n options:\n dependson:\n - ${proxy}\n defaultRegionTargetHttpProxy:\n type: gcp:compute:RegionTargetHttpProxy\n name: default\n properties:\n region: us-central1\n name: website-proxy\n urlMap: ${defaultRegionUrlMap.id}\n defaultRegionUrlMap:\n type: gcp:compute:RegionUrlMap\n name: default\n properties:\n region: us-central1\n name: website-map\n defaultService: ${defaultRegionBackendService.id}\n defaultRegionBackendService:\n type: gcp:compute:RegionBackendService\n name: default\n properties:\n loadBalancingScheme: INTERNAL_MANAGED\n backends:\n - group: ${rigm.instanceGroup}\n balancingMode: UTILIZATION\n capacityScaler: 1\n region: us-central1\n name: website-backend\n protocol: HTTP\n timeoutSec: 10\n healthChecks: ${defaultRegionHealthCheck.id}\n rigm:\n type: gcp:compute:RegionInstanceGroupManager\n properties:\n region: us-central1\n name: website-rigm\n versions:\n - instanceTemplate: ${instanceTemplate.id}\n name: primary\n baseInstanceName: internal-glb\n targetSize: 1\n instanceTemplate:\n type: gcp:compute:InstanceTemplate\n name: instance_template\n properties:\n name: template-website-backend\n machineType: e2-medium\n networkInterfaces:\n - network: ${defaultNetwork.id}\n subnetwork: ${defaultSubnetwork.id}\n disks:\n - sourceImage: ${debianImage.selfLink}\n autoDelete: true\n boot: true\n tags:\n - allow-ssh\n - load-balanced-backend\n defaultRegionHealthCheck:\n type: gcp:compute:RegionHealthCheck\n name: default\n properties:\n region: us-central1\n name: website-hc\n httpHealthCheck:\n portSpecification: USE_SERVING_PORT\n options:\n dependson:\n - ${fw4}\n fw1:\n type: gcp:compute:Firewall\n properties:\n name: website-fw-1\n network: ${defaultNetwork.id}\n sourceRanges:\n - 10.1.2.0/24\n allows:\n - protocol: tcp\n - protocol: udp\n - protocol: icmp\n direction: INGRESS\n fw2:\n type: gcp:compute:Firewall\n properties:\n name: website-fw-2\n network: ${defaultNetwork.id}\n sourceRanges:\n - 0.0.0.0/0\n allows:\n - protocol: tcp\n ports:\n - '22'\n targetTags:\n - allow-ssh\n direction: INGRESS\n options:\n dependson:\n - ${fw1}\n fw3:\n type: gcp:compute:Firewall\n properties:\n name: website-fw-3\n network: ${defaultNetwork.id}\n sourceRanges:\n - 130.211.0.0/22\n - 35.191.0.0/16\n allows:\n - protocol: tcp\n targetTags:\n - load-balanced-backend\n direction: INGRESS\n options:\n dependson:\n - ${fw2}\n fw4:\n type: gcp:compute:Firewall\n properties:\n name: website-fw-4\n network: ${defaultNetwork.id}\n sourceRanges:\n - 10.129.0.0/26\n targetTags:\n - load-balanced-backend\n allows:\n - protocol: tcp\n ports:\n - '80'\n - protocol: tcp\n ports:\n - '443'\n - protocol: tcp\n ports:\n - '8000'\n direction: INGRESS\n options:\n dependson:\n - ${fw3}\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: website-net\n autoCreateSubnetworks: false\n routingMode: REGIONAL\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: website-net-default\n ipCidrRange: 10.1.2.0/24\n region: us-central1\n network: ${defaultNetwork.id}\n proxy:\n type: gcp:compute:Subnetwork\n properties:\n name: website-net-proxy\n ipCidrRange: 10.129.0.0/26\n region: us-central1\n network: ${defaultNetwork.id}\n purpose: REGIONAL_MANAGED_PROXY\n role: ACTIVE\nvariables:\n debianImage:\n fn::invoke:\n Function: gcp:compute:getImage\n Arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Forwarding Rule Regional Http Xlb\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst debianImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst defaultNetwork = new gcp.compute.Network(\"default\", {\n name: \"website-net\",\n autoCreateSubnetworks: false,\n routingMode: \"REGIONAL\",\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"website-net-default\",\n ipCidrRange: \"10.1.2.0/24\",\n region: \"us-central1\",\n network: defaultNetwork.id,\n});\nconst instanceTemplate = new gcp.compute.InstanceTemplate(\"instance_template\", {\n name: \"template-website-backend\",\n machineType: \"e2-medium\",\n networkInterfaces: [{\n network: defaultNetwork.id,\n subnetwork: defaultSubnetwork.id,\n }],\n disks: [{\n sourceImage: debianImage.then(debianImage =\u003e debianImage.selfLink),\n autoDelete: true,\n boot: true,\n }],\n tags: [\n \"allow-ssh\",\n \"load-balanced-backend\",\n ],\n});\nconst rigm = new gcp.compute.RegionInstanceGroupManager(\"rigm\", {\n region: \"us-central1\",\n name: \"website-rigm\",\n versions: [{\n instanceTemplate: instanceTemplate.id,\n name: \"primary\",\n }],\n baseInstanceName: \"internal-glb\",\n targetSize: 1,\n});\nconst fw1 = new gcp.compute.Firewall(\"fw1\", {\n name: \"website-fw-1\",\n network: defaultNetwork.id,\n sourceRanges: [\"10.1.2.0/24\"],\n allows: [\n {\n protocol: \"tcp\",\n },\n {\n protocol: \"udp\",\n },\n {\n protocol: \"icmp\",\n },\n ],\n direction: \"INGRESS\",\n});\nconst fw2 = new gcp.compute.Firewall(\"fw2\", {\n name: \"website-fw-2\",\n network: defaultNetwork.id,\n sourceRanges: [\"0.0.0.0/0\"],\n allows: [{\n protocol: \"tcp\",\n ports: [\"22\"],\n }],\n targetTags: [\"allow-ssh\"],\n direction: \"INGRESS\",\n}, {\n dependsOn: [fw1],\n});\nconst fw3 = new gcp.compute.Firewall(\"fw3\", {\n name: \"website-fw-3\",\n network: defaultNetwork.id,\n sourceRanges: [\n \"130.211.0.0/22\",\n \"35.191.0.0/16\",\n ],\n allows: [{\n protocol: \"tcp\",\n }],\n targetTags: [\"load-balanced-backend\"],\n direction: \"INGRESS\",\n}, {\n dependsOn: [fw2],\n});\nconst fw4 = new gcp.compute.Firewall(\"fw4\", {\n name: \"website-fw-4\",\n network: defaultNetwork.id,\n sourceRanges: [\"10.129.0.0/26\"],\n targetTags: [\"load-balanced-backend\"],\n allows: [\n {\n protocol: \"tcp\",\n ports: [\"80\"],\n },\n {\n protocol: \"tcp\",\n ports: [\"443\"],\n },\n {\n protocol: \"tcp\",\n ports: [\"8000\"],\n },\n ],\n direction: \"INGRESS\",\n}, {\n dependsOn: [fw3],\n});\nconst defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck(\"default\", {\n region: \"us-central1\",\n name: \"website-hc\",\n httpHealthCheck: {\n portSpecification: \"USE_SERVING_PORT\",\n },\n}, {\n dependsOn: [fw4],\n});\nconst defaultRegionBackendService = new gcp.compute.RegionBackendService(\"default\", {\n loadBalancingScheme: \"EXTERNAL_MANAGED\",\n backends: [{\n group: rigm.instanceGroup,\n balancingMode: \"UTILIZATION\",\n capacityScaler: 1,\n }],\n region: \"us-central1\",\n name: \"website-backend\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n healthChecks: defaultRegionHealthCheck.id,\n});\nconst defaultRegionUrlMap = new gcp.compute.RegionUrlMap(\"default\", {\n region: \"us-central1\",\n name: \"website-map\",\n defaultService: defaultRegionBackendService.id,\n});\nconst defaultRegionTargetHttpProxy = new gcp.compute.RegionTargetHttpProxy(\"default\", {\n region: \"us-central1\",\n name: \"website-proxy\",\n urlMap: defaultRegionUrlMap.id,\n});\nconst defaultAddress = new gcp.compute.Address(\"default\", {\n name: \"website-ip-1\",\n region: \"us-central1\",\n networkTier: \"STANDARD\",\n});\nconst proxy = new gcp.compute.Subnetwork(\"proxy\", {\n name: \"website-net-proxy\",\n ipCidrRange: \"10.129.0.0/26\",\n region: \"us-central1\",\n network: defaultNetwork.id,\n purpose: \"REGIONAL_MANAGED_PROXY\",\n role: \"ACTIVE\",\n});\n// Forwarding rule for Regional External Load Balancing\nconst _default = new gcp.compute.ForwardingRule(\"default\", {\n name: \"website-forwarding-rule\",\n region: \"us-central1\",\n ipProtocol: \"TCP\",\n loadBalancingScheme: \"EXTERNAL_MANAGED\",\n portRange: \"80\",\n target: defaultRegionTargetHttpProxy.id,\n network: defaultNetwork.id,\n ipAddress: defaultAddress.address,\n networkTier: \"STANDARD\",\n}, {\n dependsOn: [proxy],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndebian_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\ndefault_network = gcp.compute.Network(\"default\",\n name=\"website-net\",\n auto_create_subnetworks=False,\n routing_mode=\"REGIONAL\")\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"website-net-default\",\n ip_cidr_range=\"10.1.2.0/24\",\n region=\"us-central1\",\n network=default_network.id)\ninstance_template = gcp.compute.InstanceTemplate(\"instance_template\",\n name=\"template-website-backend\",\n machine_type=\"e2-medium\",\n network_interfaces=[{\n \"network\": default_network.id,\n \"subnetwork\": default_subnetwork.id,\n }],\n disks=[{\n \"source_image\": debian_image.self_link,\n \"auto_delete\": True,\n \"boot\": True,\n }],\n tags=[\n \"allow-ssh\",\n \"load-balanced-backend\",\n ])\nrigm = gcp.compute.RegionInstanceGroupManager(\"rigm\",\n region=\"us-central1\",\n name=\"website-rigm\",\n versions=[{\n \"instance_template\": instance_template.id,\n \"name\": \"primary\",\n }],\n base_instance_name=\"internal-glb\",\n target_size=1)\nfw1 = gcp.compute.Firewall(\"fw1\",\n name=\"website-fw-1\",\n network=default_network.id,\n source_ranges=[\"10.1.2.0/24\"],\n allows=[\n {\n \"protocol\": \"tcp\",\n },\n {\n \"protocol\": \"udp\",\n },\n {\n \"protocol\": \"icmp\",\n },\n ],\n direction=\"INGRESS\")\nfw2 = gcp.compute.Firewall(\"fw2\",\n name=\"website-fw-2\",\n network=default_network.id,\n source_ranges=[\"0.0.0.0/0\"],\n allows=[{\n \"protocol\": \"tcp\",\n \"ports\": [\"22\"],\n }],\n target_tags=[\"allow-ssh\"],\n direction=\"INGRESS\",\n opts = pulumi.ResourceOptions(depends_on=[fw1]))\nfw3 = gcp.compute.Firewall(\"fw3\",\n name=\"website-fw-3\",\n network=default_network.id,\n source_ranges=[\n \"130.211.0.0/22\",\n \"35.191.0.0/16\",\n ],\n allows=[{\n \"protocol\": \"tcp\",\n }],\n target_tags=[\"load-balanced-backend\"],\n direction=\"INGRESS\",\n opts = pulumi.ResourceOptions(depends_on=[fw2]))\nfw4 = gcp.compute.Firewall(\"fw4\",\n name=\"website-fw-4\",\n network=default_network.id,\n source_ranges=[\"10.129.0.0/26\"],\n target_tags=[\"load-balanced-backend\"],\n allows=[\n {\n \"protocol\": \"tcp\",\n \"ports\": [\"80\"],\n },\n {\n \"protocol\": \"tcp\",\n \"ports\": [\"443\"],\n },\n {\n \"protocol\": \"tcp\",\n \"ports\": [\"8000\"],\n },\n ],\n direction=\"INGRESS\",\n opts = pulumi.ResourceOptions(depends_on=[fw3]))\ndefault_region_health_check = gcp.compute.RegionHealthCheck(\"default\",\n region=\"us-central1\",\n name=\"website-hc\",\n http_health_check={\n \"port_specification\": \"USE_SERVING_PORT\",\n },\n opts = pulumi.ResourceOptions(depends_on=[fw4]))\ndefault_region_backend_service = gcp.compute.RegionBackendService(\"default\",\n load_balancing_scheme=\"EXTERNAL_MANAGED\",\n backends=[{\n \"group\": rigm.instance_group,\n \"balancing_mode\": \"UTILIZATION\",\n \"capacity_scaler\": 1,\n }],\n region=\"us-central1\",\n name=\"website-backend\",\n protocol=\"HTTP\",\n timeout_sec=10,\n health_checks=default_region_health_check.id)\ndefault_region_url_map = gcp.compute.RegionUrlMap(\"default\",\n region=\"us-central1\",\n name=\"website-map\",\n default_service=default_region_backend_service.id)\ndefault_region_target_http_proxy = gcp.compute.RegionTargetHttpProxy(\"default\",\n region=\"us-central1\",\n name=\"website-proxy\",\n url_map=default_region_url_map.id)\ndefault_address = gcp.compute.Address(\"default\",\n name=\"website-ip-1\",\n region=\"us-central1\",\n network_tier=\"STANDARD\")\nproxy = gcp.compute.Subnetwork(\"proxy\",\n name=\"website-net-proxy\",\n ip_cidr_range=\"10.129.0.0/26\",\n region=\"us-central1\",\n network=default_network.id,\n purpose=\"REGIONAL_MANAGED_PROXY\",\n role=\"ACTIVE\")\n# Forwarding rule for Regional External Load Balancing\ndefault = gcp.compute.ForwardingRule(\"default\",\n name=\"website-forwarding-rule\",\n region=\"us-central1\",\n ip_protocol=\"TCP\",\n load_balancing_scheme=\"EXTERNAL_MANAGED\",\n port_range=\"80\",\n target=default_region_target_http_proxy.id,\n network=default_network.id,\n ip_address=default_address.address,\n network_tier=\"STANDARD\",\n opts = pulumi.ResourceOptions(depends_on=[proxy]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var debianImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"website-net\",\n AutoCreateSubnetworks = false,\n RoutingMode = \"REGIONAL\",\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"website-net-default\",\n IpCidrRange = \"10.1.2.0/24\",\n Region = \"us-central1\",\n Network = defaultNetwork.Id,\n });\n\n var instanceTemplate = new Gcp.Compute.InstanceTemplate(\"instance_template\", new()\n {\n Name = \"template-website-backend\",\n MachineType = \"e2-medium\",\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs\n {\n Network = defaultNetwork.Id,\n Subnetwork = defaultSubnetwork.Id,\n },\n },\n Disks = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateDiskArgs\n {\n SourceImage = debianImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n AutoDelete = true,\n Boot = true,\n },\n },\n Tags = new[]\n {\n \"allow-ssh\",\n \"load-balanced-backend\",\n },\n });\n\n var rigm = new Gcp.Compute.RegionInstanceGroupManager(\"rigm\", new()\n {\n Region = \"us-central1\",\n Name = \"website-rigm\",\n Versions = new[]\n {\n new Gcp.Compute.Inputs.RegionInstanceGroupManagerVersionArgs\n {\n InstanceTemplate = instanceTemplate.Id,\n Name = \"primary\",\n },\n },\n BaseInstanceName = \"internal-glb\",\n TargetSize = 1,\n });\n\n var fw1 = new Gcp.Compute.Firewall(\"fw1\", new()\n {\n Name = \"website-fw-1\",\n Network = defaultNetwork.Id,\n SourceRanges = new[]\n {\n \"10.1.2.0/24\",\n },\n Allows = new[]\n {\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"tcp\",\n },\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"udp\",\n },\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"icmp\",\n },\n },\n Direction = \"INGRESS\",\n });\n\n var fw2 = new Gcp.Compute.Firewall(\"fw2\", new()\n {\n Name = \"website-fw-2\",\n Network = defaultNetwork.Id,\n SourceRanges = new[]\n {\n \"0.0.0.0/0\",\n },\n Allows = new[]\n {\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"tcp\",\n Ports = new[]\n {\n \"22\",\n },\n },\n },\n TargetTags = new[]\n {\n \"allow-ssh\",\n },\n Direction = \"INGRESS\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n fw1,\n },\n });\n\n var fw3 = new Gcp.Compute.Firewall(\"fw3\", new()\n {\n Name = \"website-fw-3\",\n Network = defaultNetwork.Id,\n SourceRanges = new[]\n {\n \"130.211.0.0/22\",\n \"35.191.0.0/16\",\n },\n Allows = new[]\n {\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"tcp\",\n },\n },\n TargetTags = new[]\n {\n \"load-balanced-backend\",\n },\n Direction = \"INGRESS\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n fw2,\n },\n });\n\n var fw4 = new Gcp.Compute.Firewall(\"fw4\", new()\n {\n Name = \"website-fw-4\",\n Network = defaultNetwork.Id,\n SourceRanges = new[]\n {\n \"10.129.0.0/26\",\n },\n TargetTags = new[]\n {\n \"load-balanced-backend\",\n },\n Allows = new[]\n {\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"tcp\",\n Ports = new[]\n {\n \"80\",\n },\n },\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"tcp\",\n Ports = new[]\n {\n \"443\",\n },\n },\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"tcp\",\n Ports = new[]\n {\n \"8000\",\n },\n },\n },\n Direction = \"INGRESS\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n fw3,\n },\n });\n\n var defaultRegionHealthCheck = new Gcp.Compute.RegionHealthCheck(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"website-hc\",\n HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs\n {\n PortSpecification = \"USE_SERVING_PORT\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n fw4,\n },\n });\n\n var defaultRegionBackendService = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n LoadBalancingScheme = \"EXTERNAL_MANAGED\",\n Backends = new[]\n {\n new Gcp.Compute.Inputs.RegionBackendServiceBackendArgs\n {\n Group = rigm.InstanceGroup,\n BalancingMode = \"UTILIZATION\",\n CapacityScaler = 1,\n },\n },\n Region = \"us-central1\",\n Name = \"website-backend\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n HealthChecks = defaultRegionHealthCheck.Id,\n });\n\n var defaultRegionUrlMap = new Gcp.Compute.RegionUrlMap(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"website-map\",\n DefaultService = defaultRegionBackendService.Id,\n });\n\n var defaultRegionTargetHttpProxy = new Gcp.Compute.RegionTargetHttpProxy(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"website-proxy\",\n UrlMap = defaultRegionUrlMap.Id,\n });\n\n var defaultAddress = new Gcp.Compute.Address(\"default\", new()\n {\n Name = \"website-ip-1\",\n Region = \"us-central1\",\n NetworkTier = \"STANDARD\",\n });\n\n var proxy = new Gcp.Compute.Subnetwork(\"proxy\", new()\n {\n Name = \"website-net-proxy\",\n IpCidrRange = \"10.129.0.0/26\",\n Region = \"us-central1\",\n Network = defaultNetwork.Id,\n Purpose = \"REGIONAL_MANAGED_PROXY\",\n Role = \"ACTIVE\",\n });\n\n // Forwarding rule for Regional External Load Balancing\n var @default = new Gcp.Compute.ForwardingRule(\"default\", new()\n {\n Name = \"website-forwarding-rule\",\n Region = \"us-central1\",\n IpProtocol = \"TCP\",\n LoadBalancingScheme = \"EXTERNAL_MANAGED\",\n PortRange = \"80\",\n Target = defaultRegionTargetHttpProxy.Id,\n Network = defaultNetwork.Id,\n IpAddress = defaultAddress.IPAddress,\n NetworkTier = \"STANDARD\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n proxy,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdebianImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"website-net\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t\tRoutingMode: pulumi.String(\"REGIONAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"website-net-default\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.1.2.0/24\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstanceTemplate, err := compute.NewInstanceTemplate(ctx, \"instance_template\", \u0026compute.InstanceTemplateArgs{\n\t\t\tName: pulumi.String(\"template-website-backend\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tNetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceTemplateNetworkInterfaceArgs{\n\t\t\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDisks: compute.InstanceTemplateDiskArray{\n\t\t\t\t\u0026compute.InstanceTemplateDiskArgs{\n\t\t\t\t\tSourceImage: pulumi.String(debianImage.SelfLink),\n\t\t\t\t\tAutoDelete: pulumi.Bool(true),\n\t\t\t\t\tBoot: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"allow-ssh\"),\n\t\t\t\tpulumi.String(\"load-balanced-backend\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trigm, err := compute.NewRegionInstanceGroupManager(ctx, \"rigm\", \u0026compute.RegionInstanceGroupManagerArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"website-rigm\"),\n\t\t\tVersions: compute.RegionInstanceGroupManagerVersionArray{\n\t\t\t\t\u0026compute.RegionInstanceGroupManagerVersionArgs{\n\t\t\t\t\tInstanceTemplate: instanceTemplate.ID(),\n\t\t\t\t\tName: pulumi.String(\"primary\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tBaseInstanceName: pulumi.String(\"internal-glb\"),\n\t\t\tTargetSize: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfw1, err := compute.NewFirewall(ctx, \"fw1\", \u0026compute.FirewallArgs{\n\t\t\tName: pulumi.String(\"website-fw-1\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tSourceRanges: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"10.1.2.0/24\"),\n\t\t\t},\n\t\t\tAllows: compute.FirewallAllowArray{\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t},\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"udp\"),\n\t\t\t\t},\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"icmp\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDirection: pulumi.String(\"INGRESS\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfw2, err := compute.NewFirewall(ctx, \"fw2\", \u0026compute.FirewallArgs{\n\t\t\tName: pulumi.String(\"website-fw-2\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tSourceRanges: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"0.0.0.0/0\"),\n\t\t\t},\n\t\t\tAllows: compute.FirewallAllowArray{\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\tPorts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"22\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTargetTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"allow-ssh\"),\n\t\t\t},\n\t\t\tDirection: pulumi.String(\"INGRESS\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfw1,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfw3, err := compute.NewFirewall(ctx, \"fw3\", \u0026compute.FirewallArgs{\n\t\t\tName: pulumi.String(\"website-fw-3\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tSourceRanges: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"130.211.0.0/22\"),\n\t\t\t\tpulumi.String(\"35.191.0.0/16\"),\n\t\t\t},\n\t\t\tAllows: compute.FirewallAllowArray{\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTargetTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"load-balanced-backend\"),\n\t\t\t},\n\t\t\tDirection: pulumi.String(\"INGRESS\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfw2,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfw4, err := compute.NewFirewall(ctx, \"fw4\", \u0026compute.FirewallArgs{\n\t\t\tName: pulumi.String(\"website-fw-4\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tSourceRanges: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"10.129.0.0/26\"),\n\t\t\t},\n\t\t\tTargetTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"load-balanced-backend\"),\n\t\t\t},\n\t\t\tAllows: compute.FirewallAllowArray{\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\tPorts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"80\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\tPorts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"443\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\tPorts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"8000\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDirection: pulumi.String(\"INGRESS\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfw3,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionHealthCheck, err := compute.NewRegionHealthCheck(ctx, \"default\", \u0026compute.RegionHealthCheckArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"website-hc\"),\n\t\t\tHttpHealthCheck: \u0026compute.RegionHealthCheckHttpHealthCheckArgs{\n\t\t\t\tPortSpecification: pulumi.String(\"USE_SERVING_PORT\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfw4,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionBackendService, err := compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL_MANAGED\"),\n\t\t\tBackends: compute.RegionBackendServiceBackendArray{\n\t\t\t\t\u0026compute.RegionBackendServiceBackendArgs{\n\t\t\t\t\tGroup: rigm.InstanceGroup,\n\t\t\t\t\tBalancingMode: pulumi.String(\"UTILIZATION\"),\n\t\t\t\t\tCapacityScaler: pulumi.Float64(1),\n\t\t\t\t},\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"website-backend\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tHealthChecks: defaultRegionHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionUrlMap, err := compute.NewRegionUrlMap(ctx, \"default\", \u0026compute.RegionUrlMapArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"website-map\"),\n\t\t\tDefaultService: defaultRegionBackendService.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionTargetHttpProxy, err := compute.NewRegionTargetHttpProxy(ctx, \"default\", \u0026compute.RegionTargetHttpProxyArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"website-proxy\"),\n\t\t\tUrlMap: defaultRegionUrlMap.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultAddress, err := compute.NewAddress(ctx, \"default\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"website-ip-1\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetworkTier: pulumi.String(\"STANDARD\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproxy, err := compute.NewSubnetwork(ctx, \"proxy\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"website-net-proxy\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.129.0.0/26\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tPurpose: pulumi.String(\"REGIONAL_MANAGED_PROXY\"),\n\t\t\tRole: pulumi.String(\"ACTIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Forwarding rule for Regional External Load Balancing\n\t\t_, err = compute.NewForwardingRule(ctx, \"default\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"website-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tIpProtocol: pulumi.String(\"TCP\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL_MANAGED\"),\n\t\t\tPortRange: pulumi.String(\"80\"),\n\t\t\tTarget: defaultRegionTargetHttpProxy.ID(),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tIpAddress: defaultAddress.Address,\n\t\t\tNetworkTier: pulumi.String(\"STANDARD\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tproxy,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.InstanceTemplate;\nimport com.pulumi.gcp.compute.InstanceTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;\nimport com.pulumi.gcp.compute.RegionInstanceGroupManager;\nimport com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;\nimport com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;\nimport com.pulumi.gcp.compute.Firewall;\nimport com.pulumi.gcp.compute.FirewallArgs;\nimport com.pulumi.gcp.compute.inputs.FirewallAllowArgs;\nimport com.pulumi.gcp.compute.RegionHealthCheck;\nimport com.pulumi.gcp.compute.RegionHealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs;\nimport com.pulumi.gcp.compute.RegionUrlMap;\nimport com.pulumi.gcp.compute.RegionUrlMapArgs;\nimport com.pulumi.gcp.compute.RegionTargetHttpProxy;\nimport com.pulumi.gcp.compute.RegionTargetHttpProxyArgs;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var debianImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"website-net\")\n .autoCreateSubnetworks(false)\n .routingMode(\"REGIONAL\")\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"website-net-default\")\n .ipCidrRange(\"10.1.2.0/24\")\n .region(\"us-central1\")\n .network(defaultNetwork.id())\n .build());\n\n var instanceTemplate = new InstanceTemplate(\"instanceTemplate\", InstanceTemplateArgs.builder()\n .name(\"template-website-backend\")\n .machineType(\"e2-medium\")\n .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()\n .network(defaultNetwork.id())\n .subnetwork(defaultSubnetwork.id())\n .build())\n .disks(InstanceTemplateDiskArgs.builder()\n .sourceImage(debianImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .autoDelete(true)\n .boot(true)\n .build())\n .tags( \n \"allow-ssh\",\n \"load-balanced-backend\")\n .build());\n\n var rigm = new RegionInstanceGroupManager(\"rigm\", RegionInstanceGroupManagerArgs.builder()\n .region(\"us-central1\")\n .name(\"website-rigm\")\n .versions(RegionInstanceGroupManagerVersionArgs.builder()\n .instanceTemplate(instanceTemplate.id())\n .name(\"primary\")\n .build())\n .baseInstanceName(\"internal-glb\")\n .targetSize(1)\n .build());\n\n var fw1 = new Firewall(\"fw1\", FirewallArgs.builder()\n .name(\"website-fw-1\")\n .network(defaultNetwork.id())\n .sourceRanges(\"10.1.2.0/24\")\n .allows( \n FirewallAllowArgs.builder()\n .protocol(\"tcp\")\n .build(),\n FirewallAllowArgs.builder()\n .protocol(\"udp\")\n .build(),\n FirewallAllowArgs.builder()\n .protocol(\"icmp\")\n .build())\n .direction(\"INGRESS\")\n .build());\n\n var fw2 = new Firewall(\"fw2\", FirewallArgs.builder()\n .name(\"website-fw-2\")\n .network(defaultNetwork.id())\n .sourceRanges(\"0.0.0.0/0\")\n .allows(FirewallAllowArgs.builder()\n .protocol(\"tcp\")\n .ports(\"22\")\n .build())\n .targetTags(\"allow-ssh\")\n .direction(\"INGRESS\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(fw1)\n .build());\n\n var fw3 = new Firewall(\"fw3\", FirewallArgs.builder()\n .name(\"website-fw-3\")\n .network(defaultNetwork.id())\n .sourceRanges( \n \"130.211.0.0/22\",\n \"35.191.0.0/16\")\n .allows(FirewallAllowArgs.builder()\n .protocol(\"tcp\")\n .build())\n .targetTags(\"load-balanced-backend\")\n .direction(\"INGRESS\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(fw2)\n .build());\n\n var fw4 = new Firewall(\"fw4\", FirewallArgs.builder()\n .name(\"website-fw-4\")\n .network(defaultNetwork.id())\n .sourceRanges(\"10.129.0.0/26\")\n .targetTags(\"load-balanced-backend\")\n .allows( \n FirewallAllowArgs.builder()\n .protocol(\"tcp\")\n .ports(\"80\")\n .build(),\n FirewallAllowArgs.builder()\n .protocol(\"tcp\")\n .ports(\"443\")\n .build(),\n FirewallAllowArgs.builder()\n .protocol(\"tcp\")\n .ports(\"8000\")\n .build())\n .direction(\"INGRESS\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(fw3)\n .build());\n\n var defaultRegionHealthCheck = new RegionHealthCheck(\"defaultRegionHealthCheck\", RegionHealthCheckArgs.builder()\n .region(\"us-central1\")\n .name(\"website-hc\")\n .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()\n .portSpecification(\"USE_SERVING_PORT\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(fw4)\n .build());\n\n var defaultRegionBackendService = new RegionBackendService(\"defaultRegionBackendService\", RegionBackendServiceArgs.builder()\n .loadBalancingScheme(\"EXTERNAL_MANAGED\")\n .backends(RegionBackendServiceBackendArgs.builder()\n .group(rigm.instanceGroup())\n .balancingMode(\"UTILIZATION\")\n .capacityScaler(1)\n .build())\n .region(\"us-central1\")\n .name(\"website-backend\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .healthChecks(defaultRegionHealthCheck.id())\n .build());\n\n var defaultRegionUrlMap = new RegionUrlMap(\"defaultRegionUrlMap\", RegionUrlMapArgs.builder()\n .region(\"us-central1\")\n .name(\"website-map\")\n .defaultService(defaultRegionBackendService.id())\n .build());\n\n var defaultRegionTargetHttpProxy = new RegionTargetHttpProxy(\"defaultRegionTargetHttpProxy\", RegionTargetHttpProxyArgs.builder()\n .region(\"us-central1\")\n .name(\"website-proxy\")\n .urlMap(defaultRegionUrlMap.id())\n .build());\n\n var defaultAddress = new Address(\"defaultAddress\", AddressArgs.builder()\n .name(\"website-ip-1\")\n .region(\"us-central1\")\n .networkTier(\"STANDARD\")\n .build());\n\n var proxy = new Subnetwork(\"proxy\", SubnetworkArgs.builder()\n .name(\"website-net-proxy\")\n .ipCidrRange(\"10.129.0.0/26\")\n .region(\"us-central1\")\n .network(defaultNetwork.id())\n .purpose(\"REGIONAL_MANAGED_PROXY\")\n .role(\"ACTIVE\")\n .build());\n\n // Forwarding rule for Regional External Load Balancing\n var default_ = new ForwardingRule(\"default\", ForwardingRuleArgs.builder()\n .name(\"website-forwarding-rule\")\n .region(\"us-central1\")\n .ipProtocol(\"TCP\")\n .loadBalancingScheme(\"EXTERNAL_MANAGED\")\n .portRange(\"80\")\n .target(defaultRegionTargetHttpProxy.id())\n .network(defaultNetwork.id())\n .ipAddress(defaultAddress.address())\n .networkTier(\"STANDARD\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(proxy)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Forwarding rule for Regional External Load Balancing\n default:\n type: gcp:compute:ForwardingRule\n properties:\n name: website-forwarding-rule\n region: us-central1\n ipProtocol: TCP\n loadBalancingScheme: EXTERNAL_MANAGED\n portRange: '80'\n target: ${defaultRegionTargetHttpProxy.id}\n network: ${defaultNetwork.id}\n ipAddress: ${defaultAddress.address}\n networkTier: STANDARD\n options:\n dependson:\n - ${proxy}\n defaultRegionTargetHttpProxy:\n type: gcp:compute:RegionTargetHttpProxy\n name: default\n properties:\n region: us-central1\n name: website-proxy\n urlMap: ${defaultRegionUrlMap.id}\n defaultRegionUrlMap:\n type: gcp:compute:RegionUrlMap\n name: default\n properties:\n region: us-central1\n name: website-map\n defaultService: ${defaultRegionBackendService.id}\n defaultRegionBackendService:\n type: gcp:compute:RegionBackendService\n name: default\n properties:\n loadBalancingScheme: EXTERNAL_MANAGED\n backends:\n - group: ${rigm.instanceGroup}\n balancingMode: UTILIZATION\n capacityScaler: 1\n region: us-central1\n name: website-backend\n protocol: HTTP\n timeoutSec: 10\n healthChecks: ${defaultRegionHealthCheck.id}\n rigm:\n type: gcp:compute:RegionInstanceGroupManager\n properties:\n region: us-central1\n name: website-rigm\n versions:\n - instanceTemplate: ${instanceTemplate.id}\n name: primary\n baseInstanceName: internal-glb\n targetSize: 1\n instanceTemplate:\n type: gcp:compute:InstanceTemplate\n name: instance_template\n properties:\n name: template-website-backend\n machineType: e2-medium\n networkInterfaces:\n - network: ${defaultNetwork.id}\n subnetwork: ${defaultSubnetwork.id}\n disks:\n - sourceImage: ${debianImage.selfLink}\n autoDelete: true\n boot: true\n tags:\n - allow-ssh\n - load-balanced-backend\n defaultRegionHealthCheck:\n type: gcp:compute:RegionHealthCheck\n name: default\n properties:\n region: us-central1\n name: website-hc\n httpHealthCheck:\n portSpecification: USE_SERVING_PORT\n options:\n dependson:\n - ${fw4}\n defaultAddress:\n type: gcp:compute:Address\n name: default\n properties:\n name: website-ip-1\n region: us-central1\n networkTier: STANDARD\n fw1:\n type: gcp:compute:Firewall\n properties:\n name: website-fw-1\n network: ${defaultNetwork.id}\n sourceRanges:\n - 10.1.2.0/24\n allows:\n - protocol: tcp\n - protocol: udp\n - protocol: icmp\n direction: INGRESS\n fw2:\n type: gcp:compute:Firewall\n properties:\n name: website-fw-2\n network: ${defaultNetwork.id}\n sourceRanges:\n - 0.0.0.0/0\n allows:\n - protocol: tcp\n ports:\n - '22'\n targetTags:\n - allow-ssh\n direction: INGRESS\n options:\n dependson:\n - ${fw1}\n fw3:\n type: gcp:compute:Firewall\n properties:\n name: website-fw-3\n network: ${defaultNetwork.id}\n sourceRanges:\n - 130.211.0.0/22\n - 35.191.0.0/16\n allows:\n - protocol: tcp\n targetTags:\n - load-balanced-backend\n direction: INGRESS\n options:\n dependson:\n - ${fw2}\n fw4:\n type: gcp:compute:Firewall\n properties:\n name: website-fw-4\n network: ${defaultNetwork.id}\n sourceRanges:\n - 10.129.0.0/26\n targetTags:\n - load-balanced-backend\n allows:\n - protocol: tcp\n ports:\n - '80'\n - protocol: tcp\n ports:\n - '443'\n - protocol: tcp\n ports:\n - '8000'\n direction: INGRESS\n options:\n dependson:\n - ${fw3}\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: website-net\n autoCreateSubnetworks: false\n routingMode: REGIONAL\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: website-net-default\n ipCidrRange: 10.1.2.0/24\n region: us-central1\n network: ${defaultNetwork.id}\n proxy:\n type: gcp:compute:Subnetwork\n properties:\n name: website-net-proxy\n ipCidrRange: 10.129.0.0/26\n region: us-central1\n network: ${defaultNetwork.id}\n purpose: REGIONAL_MANAGED_PROXY\n role: ACTIVE\nvariables:\n debianImage:\n fn::invoke:\n Function: gcp:compute:getImage\n Arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Forwarding Rule Vpc Psc\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n// Consumer service endpoint\nconst consumerNet = new gcp.compute.Network(\"consumer_net\", {\n name: \"consumer-net\",\n autoCreateSubnetworks: false,\n});\nconst consumerSubnet = new gcp.compute.Subnetwork(\"consumer_subnet\", {\n name: \"consumer-net\",\n ipCidrRange: \"10.0.0.0/16\",\n region: \"us-central1\",\n network: consumerNet.id,\n});\nconst consumerAddress = new gcp.compute.Address(\"consumer_address\", {\n name: \"website-ip-1\",\n region: \"us-central1\",\n subnetwork: consumerSubnet.id,\n addressType: \"INTERNAL\",\n});\n// Producer service attachment\nconst producerNet = new gcp.compute.Network(\"producer_net\", {\n name: \"producer-net\",\n autoCreateSubnetworks: false,\n});\nconst pscProducerSubnet = new gcp.compute.Subnetwork(\"psc_producer_subnet\", {\n name: \"producer-psc-net\",\n ipCidrRange: \"10.1.0.0/16\",\n region: \"us-central1\",\n purpose: \"PRIVATE_SERVICE_CONNECT\",\n network: producerNet.id,\n});\nconst producerSubnet = new gcp.compute.Subnetwork(\"producer_subnet\", {\n name: \"producer-net\",\n ipCidrRange: \"10.0.0.0/16\",\n region: \"us-central1\",\n network: producerNet.id,\n});\nconst producerServiceHealthCheck = new gcp.compute.HealthCheck(\"producer_service_health_check\", {\n name: \"producer-service-health-check\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst producerServiceBackend = new gcp.compute.RegionBackendService(\"producer_service_backend\", {\n name: \"producer-service-backend\",\n region: \"us-central1\",\n healthChecks: producerServiceHealthCheck.id,\n});\nconst producerTargetService = new gcp.compute.ForwardingRule(\"producer_target_service\", {\n name: \"producer-forwarding-rule\",\n region: \"us-central1\",\n loadBalancingScheme: \"INTERNAL\",\n backendService: producerServiceBackend.id,\n allPorts: true,\n network: producerNet.name,\n subnetwork: producerSubnet.name,\n});\nconst producerServiceAttachment = new gcp.compute.ServiceAttachment(\"producer_service_attachment\", {\n name: \"producer-service\",\n region: \"us-central1\",\n description: \"A service attachment configured with Terraform\",\n enableProxyProtocol: true,\n connectionPreference: \"ACCEPT_AUTOMATIC\",\n natSubnets: [pscProducerSubnet.name],\n targetService: producerTargetService.id,\n});\n// Forwarding rule for VPC private service connect\nconst _default = new gcp.compute.ForwardingRule(\"default\", {\n name: \"psc-endpoint\",\n region: \"us-central1\",\n loadBalancingScheme: \"\",\n target: producerServiceAttachment.id,\n network: consumerNet.name,\n ipAddress: consumerAddress.id,\n allowPscGlobalAccess: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n# Consumer service endpoint\nconsumer_net = gcp.compute.Network(\"consumer_net\",\n name=\"consumer-net\",\n auto_create_subnetworks=False)\nconsumer_subnet = gcp.compute.Subnetwork(\"consumer_subnet\",\n name=\"consumer-net\",\n ip_cidr_range=\"10.0.0.0/16\",\n region=\"us-central1\",\n network=consumer_net.id)\nconsumer_address = gcp.compute.Address(\"consumer_address\",\n name=\"website-ip-1\",\n region=\"us-central1\",\n subnetwork=consumer_subnet.id,\n address_type=\"INTERNAL\")\n# Producer service attachment\nproducer_net = gcp.compute.Network(\"producer_net\",\n name=\"producer-net\",\n auto_create_subnetworks=False)\npsc_producer_subnet = gcp.compute.Subnetwork(\"psc_producer_subnet\",\n name=\"producer-psc-net\",\n ip_cidr_range=\"10.1.0.0/16\",\n region=\"us-central1\",\n purpose=\"PRIVATE_SERVICE_CONNECT\",\n network=producer_net.id)\nproducer_subnet = gcp.compute.Subnetwork(\"producer_subnet\",\n name=\"producer-net\",\n ip_cidr_range=\"10.0.0.0/16\",\n region=\"us-central1\",\n network=producer_net.id)\nproducer_service_health_check = gcp.compute.HealthCheck(\"producer_service_health_check\",\n name=\"producer-service-health-check\",\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\nproducer_service_backend = gcp.compute.RegionBackendService(\"producer_service_backend\",\n name=\"producer-service-backend\",\n region=\"us-central1\",\n health_checks=producer_service_health_check.id)\nproducer_target_service = gcp.compute.ForwardingRule(\"producer_target_service\",\n name=\"producer-forwarding-rule\",\n region=\"us-central1\",\n load_balancing_scheme=\"INTERNAL\",\n backend_service=producer_service_backend.id,\n all_ports=True,\n network=producer_net.name,\n subnetwork=producer_subnet.name)\nproducer_service_attachment = gcp.compute.ServiceAttachment(\"producer_service_attachment\",\n name=\"producer-service\",\n region=\"us-central1\",\n description=\"A service attachment configured with Terraform\",\n enable_proxy_protocol=True,\n connection_preference=\"ACCEPT_AUTOMATIC\",\n nat_subnets=[psc_producer_subnet.name],\n target_service=producer_target_service.id)\n# Forwarding rule for VPC private service connect\ndefault = gcp.compute.ForwardingRule(\"default\",\n name=\"psc-endpoint\",\n region=\"us-central1\",\n load_balancing_scheme=\"\",\n target=producer_service_attachment.id,\n network=consumer_net.name,\n ip_address=consumer_address.id,\n allow_psc_global_access=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Consumer service endpoint\n var consumerNet = new Gcp.Compute.Network(\"consumer_net\", new()\n {\n Name = \"consumer-net\",\n AutoCreateSubnetworks = false,\n });\n\n var consumerSubnet = new Gcp.Compute.Subnetwork(\"consumer_subnet\", new()\n {\n Name = \"consumer-net\",\n IpCidrRange = \"10.0.0.0/16\",\n Region = \"us-central1\",\n Network = consumerNet.Id,\n });\n\n var consumerAddress = new Gcp.Compute.Address(\"consumer_address\", new()\n {\n Name = \"website-ip-1\",\n Region = \"us-central1\",\n Subnetwork = consumerSubnet.Id,\n AddressType = \"INTERNAL\",\n });\n\n // Producer service attachment\n var producerNet = new Gcp.Compute.Network(\"producer_net\", new()\n {\n Name = \"producer-net\",\n AutoCreateSubnetworks = false,\n });\n\n var pscProducerSubnet = new Gcp.Compute.Subnetwork(\"psc_producer_subnet\", new()\n {\n Name = \"producer-psc-net\",\n IpCidrRange = \"10.1.0.0/16\",\n Region = \"us-central1\",\n Purpose = \"PRIVATE_SERVICE_CONNECT\",\n Network = producerNet.Id,\n });\n\n var producerSubnet = new Gcp.Compute.Subnetwork(\"producer_subnet\", new()\n {\n Name = \"producer-net\",\n IpCidrRange = \"10.0.0.0/16\",\n Region = \"us-central1\",\n Network = producerNet.Id,\n });\n\n var producerServiceHealthCheck = new Gcp.Compute.HealthCheck(\"producer_service_health_check\", new()\n {\n Name = \"producer-service-health-check\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var producerServiceBackend = new Gcp.Compute.RegionBackendService(\"producer_service_backend\", new()\n {\n Name = \"producer-service-backend\",\n Region = \"us-central1\",\n HealthChecks = producerServiceHealthCheck.Id,\n });\n\n var producerTargetService = new Gcp.Compute.ForwardingRule(\"producer_target_service\", new()\n {\n Name = \"producer-forwarding-rule\",\n Region = \"us-central1\",\n LoadBalancingScheme = \"INTERNAL\",\n BackendService = producerServiceBackend.Id,\n AllPorts = true,\n Network = producerNet.Name,\n Subnetwork = producerSubnet.Name,\n });\n\n var producerServiceAttachment = new Gcp.Compute.ServiceAttachment(\"producer_service_attachment\", new()\n {\n Name = \"producer-service\",\n Region = \"us-central1\",\n Description = \"A service attachment configured with Terraform\",\n EnableProxyProtocol = true,\n ConnectionPreference = \"ACCEPT_AUTOMATIC\",\n NatSubnets = new[]\n {\n pscProducerSubnet.Name,\n },\n TargetService = producerTargetService.Id,\n });\n\n // Forwarding rule for VPC private service connect\n var @default = new Gcp.Compute.ForwardingRule(\"default\", new()\n {\n Name = \"psc-endpoint\",\n Region = \"us-central1\",\n LoadBalancingScheme = \"\",\n Target = producerServiceAttachment.Id,\n Network = consumerNet.Name,\n IpAddress = consumerAddress.Id,\n AllowPscGlobalAccess = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Consumer service endpoint\n\t\tconsumerNet, err := compute.NewNetwork(ctx, \"consumer_net\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"consumer-net\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tconsumerSubnet, err := compute.NewSubnetwork(ctx, \"consumer_subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"consumer-net\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: consumerNet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tconsumerAddress, err := compute.NewAddress(ctx, \"consumer_address\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"website-ip-1\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tSubnetwork: consumerSubnet.ID(),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Producer service attachment\n\t\tproducerNet, err := compute.NewNetwork(ctx, \"producer_net\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"producer-net\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscProducerSubnet, err := compute.NewSubnetwork(ctx, \"psc_producer_subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"producer-psc-net\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.1.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tPurpose: pulumi.String(\"PRIVATE_SERVICE_CONNECT\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerSubnet, err := compute.NewSubnetwork(ctx, \"producer_subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"producer-net\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerServiceHealthCheck, err := compute.NewHealthCheck(ctx, \"producer_service_health_check\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"producer-service-health-check\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerServiceBackend, err := compute.NewRegionBackendService(ctx, \"producer_service_backend\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"producer-service-backend\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHealthChecks: producerServiceHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerTargetService, err := compute.NewForwardingRule(ctx, \"producer_target_service\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"producer-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL\"),\n\t\t\tBackendService: producerServiceBackend.ID(),\n\t\t\tAllPorts: pulumi.Bool(true),\n\t\t\tNetwork: producerNet.Name,\n\t\t\tSubnetwork: producerSubnet.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerServiceAttachment, err := compute.NewServiceAttachment(ctx, \"producer_service_attachment\", \u0026compute.ServiceAttachmentArgs{\n\t\t\tName: pulumi.String(\"producer-service\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"A service attachment configured with Terraform\"),\n\t\t\tEnableProxyProtocol: pulumi.Bool(true),\n\t\t\tConnectionPreference: pulumi.String(\"ACCEPT_AUTOMATIC\"),\n\t\t\tNatSubnets: pulumi.StringArray{\n\t\t\t\tpscProducerSubnet.Name,\n\t\t\t},\n\t\t\tTargetService: producerTargetService.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Forwarding rule for VPC private service connect\n\t\t_, err = compute.NewForwardingRule(ctx, \"default\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"psc-endpoint\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"\"),\n\t\t\tTarget: producerServiceAttachment.ID(),\n\t\t\tNetwork: consumerNet.Name,\n\t\t\tIpAddress: consumerAddress.ID(),\n\t\t\tAllowPscGlobalAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.compute.ServiceAttachment;\nimport com.pulumi.gcp.compute.ServiceAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Consumer service endpoint\n var consumerNet = new Network(\"consumerNet\", NetworkArgs.builder()\n .name(\"consumer-net\")\n .autoCreateSubnetworks(false)\n .build());\n\n var consumerSubnet = new Subnetwork(\"consumerSubnet\", SubnetworkArgs.builder()\n .name(\"consumer-net\")\n .ipCidrRange(\"10.0.0.0/16\")\n .region(\"us-central1\")\n .network(consumerNet.id())\n .build());\n\n var consumerAddress = new Address(\"consumerAddress\", AddressArgs.builder()\n .name(\"website-ip-1\")\n .region(\"us-central1\")\n .subnetwork(consumerSubnet.id())\n .addressType(\"INTERNAL\")\n .build());\n\n // Producer service attachment\n var producerNet = new Network(\"producerNet\", NetworkArgs.builder()\n .name(\"producer-net\")\n .autoCreateSubnetworks(false)\n .build());\n\n var pscProducerSubnet = new Subnetwork(\"pscProducerSubnet\", SubnetworkArgs.builder()\n .name(\"producer-psc-net\")\n .ipCidrRange(\"10.1.0.0/16\")\n .region(\"us-central1\")\n .purpose(\"PRIVATE_SERVICE_CONNECT\")\n .network(producerNet.id())\n .build());\n\n var producerSubnet = new Subnetwork(\"producerSubnet\", SubnetworkArgs.builder()\n .name(\"producer-net\")\n .ipCidrRange(\"10.0.0.0/16\")\n .region(\"us-central1\")\n .network(producerNet.id())\n .build());\n\n var producerServiceHealthCheck = new HealthCheck(\"producerServiceHealthCheck\", HealthCheckArgs.builder()\n .name(\"producer-service-health-check\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n var producerServiceBackend = new RegionBackendService(\"producerServiceBackend\", RegionBackendServiceArgs.builder()\n .name(\"producer-service-backend\")\n .region(\"us-central1\")\n .healthChecks(producerServiceHealthCheck.id())\n .build());\n\n var producerTargetService = new ForwardingRule(\"producerTargetService\", ForwardingRuleArgs.builder()\n .name(\"producer-forwarding-rule\")\n .region(\"us-central1\")\n .loadBalancingScheme(\"INTERNAL\")\n .backendService(producerServiceBackend.id())\n .allPorts(true)\n .network(producerNet.name())\n .subnetwork(producerSubnet.name())\n .build());\n\n var producerServiceAttachment = new ServiceAttachment(\"producerServiceAttachment\", ServiceAttachmentArgs.builder()\n .name(\"producer-service\")\n .region(\"us-central1\")\n .description(\"A service attachment configured with Terraform\")\n .enableProxyProtocol(true)\n .connectionPreference(\"ACCEPT_AUTOMATIC\")\n .natSubnets(pscProducerSubnet.name())\n .targetService(producerTargetService.id())\n .build());\n\n // Forwarding rule for VPC private service connect\n var default_ = new ForwardingRule(\"default\", ForwardingRuleArgs.builder()\n .name(\"psc-endpoint\")\n .region(\"us-central1\")\n .loadBalancingScheme(\"\")\n .target(producerServiceAttachment.id())\n .network(consumerNet.name())\n .ipAddress(consumerAddress.id())\n .allowPscGlobalAccess(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Forwarding rule for VPC private service connect\n default:\n type: gcp:compute:ForwardingRule\n properties:\n name: psc-endpoint\n region: us-central1\n loadBalancingScheme:\n target: ${producerServiceAttachment.id}\n network: ${consumerNet.name}\n ipAddress: ${consumerAddress.id}\n allowPscGlobalAccess: true\n # Consumer service endpoint\n consumerNet:\n type: gcp:compute:Network\n name: consumer_net\n properties:\n name: consumer-net\n autoCreateSubnetworks: false\n consumerSubnet:\n type: gcp:compute:Subnetwork\n name: consumer_subnet\n properties:\n name: consumer-net\n ipCidrRange: 10.0.0.0/16\n region: us-central1\n network: ${consumerNet.id}\n consumerAddress:\n type: gcp:compute:Address\n name: consumer_address\n properties:\n name: website-ip-1\n region: us-central1\n subnetwork: ${consumerSubnet.id}\n addressType: INTERNAL\n # Producer service attachment\n producerNet:\n type: gcp:compute:Network\n name: producer_net\n properties:\n name: producer-net\n autoCreateSubnetworks: false\n producerSubnet:\n type: gcp:compute:Subnetwork\n name: producer_subnet\n properties:\n name: producer-net\n ipCidrRange: 10.0.0.0/16\n region: us-central1\n network: ${producerNet.id}\n pscProducerSubnet:\n type: gcp:compute:Subnetwork\n name: psc_producer_subnet\n properties:\n name: producer-psc-net\n ipCidrRange: 10.1.0.0/16\n region: us-central1\n purpose: PRIVATE_SERVICE_CONNECT\n network: ${producerNet.id}\n producerServiceAttachment:\n type: gcp:compute:ServiceAttachment\n name: producer_service_attachment\n properties:\n name: producer-service\n region: us-central1\n description: A service attachment configured with Terraform\n enableProxyProtocol: true\n connectionPreference: ACCEPT_AUTOMATIC\n natSubnets:\n - ${pscProducerSubnet.name}\n targetService: ${producerTargetService.id}\n producerTargetService:\n type: gcp:compute:ForwardingRule\n name: producer_target_service\n properties:\n name: producer-forwarding-rule\n region: us-central1\n loadBalancingScheme: INTERNAL\n backendService: ${producerServiceBackend.id}\n allPorts: true\n network: ${producerNet.name}\n subnetwork: ${producerSubnet.name}\n producerServiceBackend:\n type: gcp:compute:RegionBackendService\n name: producer_service_backend\n properties:\n name: producer-service-backend\n region: us-central1\n healthChecks: ${producerServiceHealthCheck.id}\n producerServiceHealthCheck:\n type: gcp:compute:HealthCheck\n name: producer_service_health_check\n properties:\n name: producer-service-health-check\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Forwarding Rule Vpc Psc No Automate Dns\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst consumerNet = new gcp.compute.Network(\"consumer_net\", {\n name: \"consumer-net\",\n autoCreateSubnetworks: false,\n});\nconst consumerSubnet = new gcp.compute.Subnetwork(\"consumer_subnet\", {\n name: \"consumer-net\",\n ipCidrRange: \"10.0.0.0/16\",\n region: \"us-central1\",\n network: consumerNet.id,\n});\nconst consumerAddress = new gcp.compute.Address(\"consumer_address\", {\n name: \"website-ip-1\",\n region: \"us-central1\",\n subnetwork: consumerSubnet.id,\n addressType: \"INTERNAL\",\n});\nconst producerNet = new gcp.compute.Network(\"producer_net\", {\n name: \"producer-net\",\n autoCreateSubnetworks: false,\n});\nconst pscProducerSubnet = new gcp.compute.Subnetwork(\"psc_producer_subnet\", {\n name: \"producer-psc-net\",\n ipCidrRange: \"10.1.0.0/16\",\n region: \"us-central1\",\n purpose: \"PRIVATE_SERVICE_CONNECT\",\n network: producerNet.id,\n});\nconst producerSubnet = new gcp.compute.Subnetwork(\"producer_subnet\", {\n name: \"producer-net\",\n ipCidrRange: \"10.0.0.0/16\",\n region: \"us-central1\",\n network: producerNet.id,\n});\nconst producerServiceHealthCheck = new gcp.compute.HealthCheck(\"producer_service_health_check\", {\n name: \"producer-service-health-check\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst producerServiceBackend = new gcp.compute.RegionBackendService(\"producer_service_backend\", {\n name: \"producer-service-backend\",\n region: \"us-central1\",\n healthChecks: producerServiceHealthCheck.id,\n});\nconst producerTargetService = new gcp.compute.ForwardingRule(\"producer_target_service\", {\n name: \"producer-forwarding-rule\",\n region: \"us-central1\",\n loadBalancingScheme: \"INTERNAL\",\n backendService: producerServiceBackend.id,\n allPorts: true,\n network: producerNet.name,\n subnetwork: producerSubnet.name,\n});\nconst producerServiceAttachment = new gcp.compute.ServiceAttachment(\"producer_service_attachment\", {\n name: \"producer-service\",\n region: \"us-central1\",\n description: \"A service attachment configured with Terraform\",\n enableProxyProtocol: true,\n connectionPreference: \"ACCEPT_AUTOMATIC\",\n natSubnets: [pscProducerSubnet.name],\n targetService: producerTargetService.id,\n});\nconst _default = new gcp.compute.ForwardingRule(\"default\", {\n name: \"psc-endpoint\",\n region: \"us-central1\",\n loadBalancingScheme: \"\",\n target: producerServiceAttachment.id,\n network: consumerNet.name,\n ipAddress: consumerAddress.id,\n allowPscGlobalAccess: true,\n noAutomateDnsZone: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nconsumer_net = gcp.compute.Network(\"consumer_net\",\n name=\"consumer-net\",\n auto_create_subnetworks=False)\nconsumer_subnet = gcp.compute.Subnetwork(\"consumer_subnet\",\n name=\"consumer-net\",\n ip_cidr_range=\"10.0.0.0/16\",\n region=\"us-central1\",\n network=consumer_net.id)\nconsumer_address = gcp.compute.Address(\"consumer_address\",\n name=\"website-ip-1\",\n region=\"us-central1\",\n subnetwork=consumer_subnet.id,\n address_type=\"INTERNAL\")\nproducer_net = gcp.compute.Network(\"producer_net\",\n name=\"producer-net\",\n auto_create_subnetworks=False)\npsc_producer_subnet = gcp.compute.Subnetwork(\"psc_producer_subnet\",\n name=\"producer-psc-net\",\n ip_cidr_range=\"10.1.0.0/16\",\n region=\"us-central1\",\n purpose=\"PRIVATE_SERVICE_CONNECT\",\n network=producer_net.id)\nproducer_subnet = gcp.compute.Subnetwork(\"producer_subnet\",\n name=\"producer-net\",\n ip_cidr_range=\"10.0.0.0/16\",\n region=\"us-central1\",\n network=producer_net.id)\nproducer_service_health_check = gcp.compute.HealthCheck(\"producer_service_health_check\",\n name=\"producer-service-health-check\",\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\nproducer_service_backend = gcp.compute.RegionBackendService(\"producer_service_backend\",\n name=\"producer-service-backend\",\n region=\"us-central1\",\n health_checks=producer_service_health_check.id)\nproducer_target_service = gcp.compute.ForwardingRule(\"producer_target_service\",\n name=\"producer-forwarding-rule\",\n region=\"us-central1\",\n load_balancing_scheme=\"INTERNAL\",\n backend_service=producer_service_backend.id,\n all_ports=True,\n network=producer_net.name,\n subnetwork=producer_subnet.name)\nproducer_service_attachment = gcp.compute.ServiceAttachment(\"producer_service_attachment\",\n name=\"producer-service\",\n region=\"us-central1\",\n description=\"A service attachment configured with Terraform\",\n enable_proxy_protocol=True,\n connection_preference=\"ACCEPT_AUTOMATIC\",\n nat_subnets=[psc_producer_subnet.name],\n target_service=producer_target_service.id)\ndefault = gcp.compute.ForwardingRule(\"default\",\n name=\"psc-endpoint\",\n region=\"us-central1\",\n load_balancing_scheme=\"\",\n target=producer_service_attachment.id,\n network=consumer_net.name,\n ip_address=consumer_address.id,\n allow_psc_global_access=True,\n no_automate_dns_zone=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var consumerNet = new Gcp.Compute.Network(\"consumer_net\", new()\n {\n Name = \"consumer-net\",\n AutoCreateSubnetworks = false,\n });\n\n var consumerSubnet = new Gcp.Compute.Subnetwork(\"consumer_subnet\", new()\n {\n Name = \"consumer-net\",\n IpCidrRange = \"10.0.0.0/16\",\n Region = \"us-central1\",\n Network = consumerNet.Id,\n });\n\n var consumerAddress = new Gcp.Compute.Address(\"consumer_address\", new()\n {\n Name = \"website-ip-1\",\n Region = \"us-central1\",\n Subnetwork = consumerSubnet.Id,\n AddressType = \"INTERNAL\",\n });\n\n var producerNet = new Gcp.Compute.Network(\"producer_net\", new()\n {\n Name = \"producer-net\",\n AutoCreateSubnetworks = false,\n });\n\n var pscProducerSubnet = new Gcp.Compute.Subnetwork(\"psc_producer_subnet\", new()\n {\n Name = \"producer-psc-net\",\n IpCidrRange = \"10.1.0.0/16\",\n Region = \"us-central1\",\n Purpose = \"PRIVATE_SERVICE_CONNECT\",\n Network = producerNet.Id,\n });\n\n var producerSubnet = new Gcp.Compute.Subnetwork(\"producer_subnet\", new()\n {\n Name = \"producer-net\",\n IpCidrRange = \"10.0.0.0/16\",\n Region = \"us-central1\",\n Network = producerNet.Id,\n });\n\n var producerServiceHealthCheck = new Gcp.Compute.HealthCheck(\"producer_service_health_check\", new()\n {\n Name = \"producer-service-health-check\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var producerServiceBackend = new Gcp.Compute.RegionBackendService(\"producer_service_backend\", new()\n {\n Name = \"producer-service-backend\",\n Region = \"us-central1\",\n HealthChecks = producerServiceHealthCheck.Id,\n });\n\n var producerTargetService = new Gcp.Compute.ForwardingRule(\"producer_target_service\", new()\n {\n Name = \"producer-forwarding-rule\",\n Region = \"us-central1\",\n LoadBalancingScheme = \"INTERNAL\",\n BackendService = producerServiceBackend.Id,\n AllPorts = true,\n Network = producerNet.Name,\n Subnetwork = producerSubnet.Name,\n });\n\n var producerServiceAttachment = new Gcp.Compute.ServiceAttachment(\"producer_service_attachment\", new()\n {\n Name = \"producer-service\",\n Region = \"us-central1\",\n Description = \"A service attachment configured with Terraform\",\n EnableProxyProtocol = true,\n ConnectionPreference = \"ACCEPT_AUTOMATIC\",\n NatSubnets = new[]\n {\n pscProducerSubnet.Name,\n },\n TargetService = producerTargetService.Id,\n });\n\n var @default = new Gcp.Compute.ForwardingRule(\"default\", new()\n {\n Name = \"psc-endpoint\",\n Region = \"us-central1\",\n LoadBalancingScheme = \"\",\n Target = producerServiceAttachment.Id,\n Network = consumerNet.Name,\n IpAddress = consumerAddress.Id,\n AllowPscGlobalAccess = true,\n NoAutomateDnsZone = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tconsumerNet, err := compute.NewNetwork(ctx, \"consumer_net\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"consumer-net\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tconsumerSubnet, err := compute.NewSubnetwork(ctx, \"consumer_subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"consumer-net\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: consumerNet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tconsumerAddress, err := compute.NewAddress(ctx, \"consumer_address\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"website-ip-1\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tSubnetwork: consumerSubnet.ID(),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerNet, err := compute.NewNetwork(ctx, \"producer_net\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"producer-net\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscProducerSubnet, err := compute.NewSubnetwork(ctx, \"psc_producer_subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"producer-psc-net\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.1.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tPurpose: pulumi.String(\"PRIVATE_SERVICE_CONNECT\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerSubnet, err := compute.NewSubnetwork(ctx, \"producer_subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"producer-net\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerServiceHealthCheck, err := compute.NewHealthCheck(ctx, \"producer_service_health_check\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"producer-service-health-check\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerServiceBackend, err := compute.NewRegionBackendService(ctx, \"producer_service_backend\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"producer-service-backend\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHealthChecks: producerServiceHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerTargetService, err := compute.NewForwardingRule(ctx, \"producer_target_service\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"producer-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL\"),\n\t\t\tBackendService: producerServiceBackend.ID(),\n\t\t\tAllPorts: pulumi.Bool(true),\n\t\t\tNetwork: producerNet.Name,\n\t\t\tSubnetwork: producerSubnet.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerServiceAttachment, err := compute.NewServiceAttachment(ctx, \"producer_service_attachment\", \u0026compute.ServiceAttachmentArgs{\n\t\t\tName: pulumi.String(\"producer-service\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"A service attachment configured with Terraform\"),\n\t\t\tEnableProxyProtocol: pulumi.Bool(true),\n\t\t\tConnectionPreference: pulumi.String(\"ACCEPT_AUTOMATIC\"),\n\t\t\tNatSubnets: pulumi.StringArray{\n\t\t\t\tpscProducerSubnet.Name,\n\t\t\t},\n\t\t\tTargetService: producerTargetService.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewForwardingRule(ctx, \"default\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"psc-endpoint\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"\"),\n\t\t\tTarget: producerServiceAttachment.ID(),\n\t\t\tNetwork: consumerNet.Name,\n\t\t\tIpAddress: consumerAddress.ID(),\n\t\t\tAllowPscGlobalAccess: pulumi.Bool(true),\n\t\t\tNoAutomateDnsZone: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.compute.ServiceAttachment;\nimport com.pulumi.gcp.compute.ServiceAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var consumerNet = new Network(\"consumerNet\", NetworkArgs.builder()\n .name(\"consumer-net\")\n .autoCreateSubnetworks(false)\n .build());\n\n var consumerSubnet = new Subnetwork(\"consumerSubnet\", SubnetworkArgs.builder()\n .name(\"consumer-net\")\n .ipCidrRange(\"10.0.0.0/16\")\n .region(\"us-central1\")\n .network(consumerNet.id())\n .build());\n\n var consumerAddress = new Address(\"consumerAddress\", AddressArgs.builder()\n .name(\"website-ip-1\")\n .region(\"us-central1\")\n .subnetwork(consumerSubnet.id())\n .addressType(\"INTERNAL\")\n .build());\n\n var producerNet = new Network(\"producerNet\", NetworkArgs.builder()\n .name(\"producer-net\")\n .autoCreateSubnetworks(false)\n .build());\n\n var pscProducerSubnet = new Subnetwork(\"pscProducerSubnet\", SubnetworkArgs.builder()\n .name(\"producer-psc-net\")\n .ipCidrRange(\"10.1.0.0/16\")\n .region(\"us-central1\")\n .purpose(\"PRIVATE_SERVICE_CONNECT\")\n .network(producerNet.id())\n .build());\n\n var producerSubnet = new Subnetwork(\"producerSubnet\", SubnetworkArgs.builder()\n .name(\"producer-net\")\n .ipCidrRange(\"10.0.0.0/16\")\n .region(\"us-central1\")\n .network(producerNet.id())\n .build());\n\n var producerServiceHealthCheck = new HealthCheck(\"producerServiceHealthCheck\", HealthCheckArgs.builder()\n .name(\"producer-service-health-check\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n var producerServiceBackend = new RegionBackendService(\"producerServiceBackend\", RegionBackendServiceArgs.builder()\n .name(\"producer-service-backend\")\n .region(\"us-central1\")\n .healthChecks(producerServiceHealthCheck.id())\n .build());\n\n var producerTargetService = new ForwardingRule(\"producerTargetService\", ForwardingRuleArgs.builder()\n .name(\"producer-forwarding-rule\")\n .region(\"us-central1\")\n .loadBalancingScheme(\"INTERNAL\")\n .backendService(producerServiceBackend.id())\n .allPorts(true)\n .network(producerNet.name())\n .subnetwork(producerSubnet.name())\n .build());\n\n var producerServiceAttachment = new ServiceAttachment(\"producerServiceAttachment\", ServiceAttachmentArgs.builder()\n .name(\"producer-service\")\n .region(\"us-central1\")\n .description(\"A service attachment configured with Terraform\")\n .enableProxyProtocol(true)\n .connectionPreference(\"ACCEPT_AUTOMATIC\")\n .natSubnets(pscProducerSubnet.name())\n .targetService(producerTargetService.id())\n .build());\n\n var default_ = new ForwardingRule(\"default\", ForwardingRuleArgs.builder()\n .name(\"psc-endpoint\")\n .region(\"us-central1\")\n .loadBalancingScheme(\"\")\n .target(producerServiceAttachment.id())\n .network(consumerNet.name())\n .ipAddress(consumerAddress.id())\n .allowPscGlobalAccess(true)\n .noAutomateDnsZone(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:ForwardingRule\n properties:\n name: psc-endpoint\n region: us-central1\n loadBalancingScheme:\n target: ${producerServiceAttachment.id}\n network: ${consumerNet.name}\n ipAddress: ${consumerAddress.id}\n allowPscGlobalAccess: true\n noAutomateDnsZone: true\n consumerNet:\n type: gcp:compute:Network\n name: consumer_net\n properties:\n name: consumer-net\n autoCreateSubnetworks: false\n consumerSubnet:\n type: gcp:compute:Subnetwork\n name: consumer_subnet\n properties:\n name: consumer-net\n ipCidrRange: 10.0.0.0/16\n region: us-central1\n network: ${consumerNet.id}\n consumerAddress:\n type: gcp:compute:Address\n name: consumer_address\n properties:\n name: website-ip-1\n region: us-central1\n subnetwork: ${consumerSubnet.id}\n addressType: INTERNAL\n producerNet:\n type: gcp:compute:Network\n name: producer_net\n properties:\n name: producer-net\n autoCreateSubnetworks: false\n producerSubnet:\n type: gcp:compute:Subnetwork\n name: producer_subnet\n properties:\n name: producer-net\n ipCidrRange: 10.0.0.0/16\n region: us-central1\n network: ${producerNet.id}\n pscProducerSubnet:\n type: gcp:compute:Subnetwork\n name: psc_producer_subnet\n properties:\n name: producer-psc-net\n ipCidrRange: 10.1.0.0/16\n region: us-central1\n purpose: PRIVATE_SERVICE_CONNECT\n network: ${producerNet.id}\n producerServiceAttachment:\n type: gcp:compute:ServiceAttachment\n name: producer_service_attachment\n properties:\n name: producer-service\n region: us-central1\n description: A service attachment configured with Terraform\n enableProxyProtocol: true\n connectionPreference: ACCEPT_AUTOMATIC\n natSubnets:\n - ${pscProducerSubnet.name}\n targetService: ${producerTargetService.id}\n producerTargetService:\n type: gcp:compute:ForwardingRule\n name: producer_target_service\n properties:\n name: producer-forwarding-rule\n region: us-central1\n loadBalancingScheme: INTERNAL\n backendService: ${producerServiceBackend.id}\n allPorts: true\n network: ${producerNet.name}\n subnetwork: ${producerSubnet.name}\n producerServiceBackend:\n type: gcp:compute:RegionBackendService\n name: producer_service_backend\n properties:\n name: producer-service-backend\n region: us-central1\n healthChecks: ${producerServiceHealthCheck.id}\n producerServiceHealthCheck:\n type: gcp:compute:HealthCheck\n name: producer_service_health_check\n properties:\n name: producer-service-health-check\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Forwarding Rule Regional Steering\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = new gcp.compute.Address(\"basic\", {\n name: \"website-ip\",\n region: \"us-central1\",\n});\nconst external = new gcp.compute.RegionBackendService(\"external\", {\n name: \"service-backend\",\n region: \"us-central1\",\n loadBalancingScheme: \"EXTERNAL\",\n});\nconst externalForwardingRule = new gcp.compute.ForwardingRule(\"external\", {\n name: \"external-forwarding-rule\",\n region: \"us-central1\",\n ipAddress: basic.address,\n backendService: external.selfLink,\n loadBalancingScheme: \"EXTERNAL\",\n});\nconst steering = new gcp.compute.ForwardingRule(\"steering\", {\n name: \"steering-rule\",\n region: \"us-central1\",\n ipAddress: basic.address,\n backendService: external.selfLink,\n loadBalancingScheme: \"EXTERNAL\",\n sourceIpRanges: [\n \"34.121.88.0/24\",\n \"35.187.239.137\",\n ],\n}, {\n dependsOn: [externalForwardingRule],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic = gcp.compute.Address(\"basic\",\n name=\"website-ip\",\n region=\"us-central1\")\nexternal = gcp.compute.RegionBackendService(\"external\",\n name=\"service-backend\",\n region=\"us-central1\",\n load_balancing_scheme=\"EXTERNAL\")\nexternal_forwarding_rule = gcp.compute.ForwardingRule(\"external\",\n name=\"external-forwarding-rule\",\n region=\"us-central1\",\n ip_address=basic.address,\n backend_service=external.self_link,\n load_balancing_scheme=\"EXTERNAL\")\nsteering = gcp.compute.ForwardingRule(\"steering\",\n name=\"steering-rule\",\n region=\"us-central1\",\n ip_address=basic.address,\n backend_service=external.self_link,\n load_balancing_scheme=\"EXTERNAL\",\n source_ip_ranges=[\n \"34.121.88.0/24\",\n \"35.187.239.137\",\n ],\n opts = pulumi.ResourceOptions(depends_on=[external_forwarding_rule]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = new Gcp.Compute.Address(\"basic\", new()\n {\n Name = \"website-ip\",\n Region = \"us-central1\",\n });\n\n var external = new Gcp.Compute.RegionBackendService(\"external\", new()\n {\n Name = \"service-backend\",\n Region = \"us-central1\",\n LoadBalancingScheme = \"EXTERNAL\",\n });\n\n var externalForwardingRule = new Gcp.Compute.ForwardingRule(\"external\", new()\n {\n Name = \"external-forwarding-rule\",\n Region = \"us-central1\",\n IpAddress = basic.IPAddress,\n BackendService = external.SelfLink,\n LoadBalancingScheme = \"EXTERNAL\",\n });\n\n var steering = new Gcp.Compute.ForwardingRule(\"steering\", new()\n {\n Name = \"steering-rule\",\n Region = \"us-central1\",\n IpAddress = basic.IPAddress,\n BackendService = external.SelfLink,\n LoadBalancingScheme = \"EXTERNAL\",\n SourceIpRanges = new[]\n {\n \"34.121.88.0/24\",\n \"35.187.239.137\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n externalForwardingRule,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbasic, err := compute.NewAddress(ctx, \"basic\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"website-ip\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texternal, err := compute.NewRegionBackendService(ctx, \"external\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"service-backend\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texternalForwardingRule, err := compute.NewForwardingRule(ctx, \"external\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"external-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tIpAddress: basic.Address,\n\t\t\tBackendService: external.SelfLink,\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewForwardingRule(ctx, \"steering\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"steering-rule\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tIpAddress: basic.Address,\n\t\t\tBackendService: external.SelfLink,\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL\"),\n\t\t\tSourceIpRanges: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"34.121.88.0/24\"),\n\t\t\t\tpulumi.String(\"35.187.239.137\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texternalForwardingRule,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basic = new Address(\"basic\", AddressArgs.builder()\n .name(\"website-ip\")\n .region(\"us-central1\")\n .build());\n\n var external = new RegionBackendService(\"external\", RegionBackendServiceArgs.builder()\n .name(\"service-backend\")\n .region(\"us-central1\")\n .loadBalancingScheme(\"EXTERNAL\")\n .build());\n\n var externalForwardingRule = new ForwardingRule(\"externalForwardingRule\", ForwardingRuleArgs.builder()\n .name(\"external-forwarding-rule\")\n .region(\"us-central1\")\n .ipAddress(basic.address())\n .backendService(external.selfLink())\n .loadBalancingScheme(\"EXTERNAL\")\n .build());\n\n var steering = new ForwardingRule(\"steering\", ForwardingRuleArgs.builder()\n .name(\"steering-rule\")\n .region(\"us-central1\")\n .ipAddress(basic.address())\n .backendService(external.selfLink())\n .loadBalancingScheme(\"EXTERNAL\")\n .sourceIpRanges( \n \"34.121.88.0/24\",\n \"35.187.239.137\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(externalForwardingRule)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n steering:\n type: gcp:compute:ForwardingRule\n properties:\n name: steering-rule\n region: us-central1\n ipAddress: ${basic.address}\n backendService: ${external.selfLink}\n loadBalancingScheme: EXTERNAL\n sourceIpRanges:\n - 34.121.88.0/24\n - 35.187.239.137\n options:\n dependson:\n - ${externalForwardingRule}\n basic:\n type: gcp:compute:Address\n properties:\n name: website-ip\n region: us-central1\n external:\n type: gcp:compute:RegionBackendService\n properties:\n name: service-backend\n region: us-central1\n loadBalancingScheme: EXTERNAL\n externalForwardingRule:\n type: gcp:compute:ForwardingRule\n name: external\n properties:\n name: external-forwarding-rule\n region: us-central1\n ipAddress: ${basic.address}\n backendService: ${external.selfLink}\n loadBalancingScheme: EXTERNAL\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Forwarding Rule Internallb Ipv6\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hc = new gcp.compute.HealthCheck(\"hc\", {\n name: \"check-ilb-ipv6-backend\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst backend = new gcp.compute.RegionBackendService(\"backend\", {\n name: \"ilb-ipv6-backend\",\n region: \"us-central1\",\n healthChecks: hc.id,\n});\nconst defaultNetwork = new gcp.compute.Network(\"default\", {\n name: \"net-ipv6\",\n autoCreateSubnetworks: false,\n enableUlaInternalIpv6: true,\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"subnet-internal-ipv6\",\n ipCidrRange: \"10.0.0.0/16\",\n region: \"us-central1\",\n stackType: \"IPV4_IPV6\",\n ipv6AccessType: \"INTERNAL\",\n network: defaultNetwork.id,\n});\n// Forwarding rule for Internal Load Balancing\nconst _default = new gcp.compute.ForwardingRule(\"default\", {\n name: \"ilb-ipv6-forwarding-rule\",\n region: \"us-central1\",\n loadBalancingScheme: \"INTERNAL\",\n backendService: backend.id,\n allPorts: true,\n network: defaultNetwork.name,\n subnetwork: defaultSubnetwork.name,\n ipVersion: \"IPV6\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhc = gcp.compute.HealthCheck(\"hc\",\n name=\"check-ilb-ipv6-backend\",\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\nbackend = gcp.compute.RegionBackendService(\"backend\",\n name=\"ilb-ipv6-backend\",\n region=\"us-central1\",\n health_checks=hc.id)\ndefault_network = gcp.compute.Network(\"default\",\n name=\"net-ipv6\",\n auto_create_subnetworks=False,\n enable_ula_internal_ipv6=True)\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"subnet-internal-ipv6\",\n ip_cidr_range=\"10.0.0.0/16\",\n region=\"us-central1\",\n stack_type=\"IPV4_IPV6\",\n ipv6_access_type=\"INTERNAL\",\n network=default_network.id)\n# Forwarding rule for Internal Load Balancing\ndefault = gcp.compute.ForwardingRule(\"default\",\n name=\"ilb-ipv6-forwarding-rule\",\n region=\"us-central1\",\n load_balancing_scheme=\"INTERNAL\",\n backend_service=backend.id,\n all_ports=True,\n network=default_network.name,\n subnetwork=default_subnetwork.name,\n ip_version=\"IPV6\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hc = new Gcp.Compute.HealthCheck(\"hc\", new()\n {\n Name = \"check-ilb-ipv6-backend\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var backend = new Gcp.Compute.RegionBackendService(\"backend\", new()\n {\n Name = \"ilb-ipv6-backend\",\n Region = \"us-central1\",\n HealthChecks = hc.Id,\n });\n\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"net-ipv6\",\n AutoCreateSubnetworks = false,\n EnableUlaInternalIpv6 = true,\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"subnet-internal-ipv6\",\n IpCidrRange = \"10.0.0.0/16\",\n Region = \"us-central1\",\n StackType = \"IPV4_IPV6\",\n Ipv6AccessType = \"INTERNAL\",\n Network = defaultNetwork.Id,\n });\n\n // Forwarding rule for Internal Load Balancing\n var @default = new Gcp.Compute.ForwardingRule(\"default\", new()\n {\n Name = \"ilb-ipv6-forwarding-rule\",\n Region = \"us-central1\",\n LoadBalancingScheme = \"INTERNAL\",\n BackendService = backend.Id,\n AllPorts = true,\n Network = defaultNetwork.Name,\n Subnetwork = defaultSubnetwork.Name,\n IpVersion = \"IPV6\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\thc, err := compute.NewHealthCheck(ctx, \"hc\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"check-ilb-ipv6-backend\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbackend, err := compute.NewRegionBackendService(ctx, \"backend\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"ilb-ipv6-backend\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHealthChecks: hc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"net-ipv6\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t\tEnableUlaInternalIpv6: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"subnet-internal-ipv6\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tStackType: pulumi.String(\"IPV4_IPV6\"),\n\t\t\tIpv6AccessType: pulumi.String(\"INTERNAL\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Forwarding rule for Internal Load Balancing\n\t\t_, err = compute.NewForwardingRule(ctx, \"default\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"ilb-ipv6-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL\"),\n\t\t\tBackendService: backend.ID(),\n\t\t\tAllPorts: pulumi.Bool(true),\n\t\t\tNetwork: defaultNetwork.Name,\n\t\t\tSubnetwork: defaultSubnetwork.Name,\n\t\t\tIpVersion: pulumi.String(\"IPV6\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hc = new HealthCheck(\"hc\", HealthCheckArgs.builder()\n .name(\"check-ilb-ipv6-backend\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n var backend = new RegionBackendService(\"backend\", RegionBackendServiceArgs.builder()\n .name(\"ilb-ipv6-backend\")\n .region(\"us-central1\")\n .healthChecks(hc.id())\n .build());\n\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"net-ipv6\")\n .autoCreateSubnetworks(false)\n .enableUlaInternalIpv6(true)\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"subnet-internal-ipv6\")\n .ipCidrRange(\"10.0.0.0/16\")\n .region(\"us-central1\")\n .stackType(\"IPV4_IPV6\")\n .ipv6AccessType(\"INTERNAL\")\n .network(defaultNetwork.id())\n .build());\n\n // Forwarding rule for Internal Load Balancing\n var default_ = new ForwardingRule(\"default\", ForwardingRuleArgs.builder()\n .name(\"ilb-ipv6-forwarding-rule\")\n .region(\"us-central1\")\n .loadBalancingScheme(\"INTERNAL\")\n .backendService(backend.id())\n .allPorts(true)\n .network(defaultNetwork.name())\n .subnetwork(defaultSubnetwork.name())\n .ipVersion(\"IPV6\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Forwarding rule for Internal Load Balancing\n default:\n type: gcp:compute:ForwardingRule\n properties:\n name: ilb-ipv6-forwarding-rule\n region: us-central1\n loadBalancingScheme: INTERNAL\n backendService: ${backend.id}\n allPorts: true\n network: ${defaultNetwork.name}\n subnetwork: ${defaultSubnetwork.name}\n ipVersion: IPV6\n backend:\n type: gcp:compute:RegionBackendService\n properties:\n name: ilb-ipv6-backend\n region: us-central1\n healthChecks: ${hc.id}\n hc:\n type: gcp:compute:HealthCheck\n properties:\n name: check-ilb-ipv6-backend\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: net-ipv6\n autoCreateSubnetworks: false\n enableUlaInternalIpv6: true\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: subnet-internal-ipv6\n ipCidrRange: 10.0.0.0/16\n region: us-central1\n stackType: IPV4_IPV6\n ipv6AccessType: INTERNAL\n network: ${defaultNetwork.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nForwardingRule can be imported using any of these accepted formats:\n\n* `projects/{{project}}/regions/{{region}}/forwardingRules/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, ForwardingRule can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/forwardingRule:ForwardingRule default projects/{{project}}/regions/{{region}}/forwardingRules/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/forwardingRule:ForwardingRule default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/forwardingRule:ForwardingRule default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/forwardingRule:ForwardingRule default {{name}}\n```\n\n", + "description": "A ForwardingRule resource. A ForwardingRule resource specifies which pool\nof target virtual machines to forward a packet to if it matches the given\n[IPAddress, IPProtocol, portRange] tuple.\n\n\nTo get more information about ForwardingRule, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/v1/forwardingRules)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/compute/docs/load-balancing/network/forwarding-rules)\n\n## Example Usage\n\n### Forwarding Rule Externallb\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hc = new gcp.compute.RegionHealthCheck(\"hc\", {\n name: \"check-website-backend\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n region: \"us-central1\",\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst backend = new gcp.compute.RegionBackendService(\"backend\", {\n name: \"website-backend\",\n region: \"us-central1\",\n loadBalancingScheme: \"EXTERNAL\",\n healthChecks: hc.id,\n});\n// Forwarding rule for External Network Load Balancing using Backend Services\nconst _default = new gcp.compute.ForwardingRule(\"default\", {\n name: \"website-forwarding-rule\",\n region: \"us-central1\",\n portRange: \"80\",\n backendService: backend.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhc = gcp.compute.RegionHealthCheck(\"hc\",\n name=\"check-website-backend\",\n check_interval_sec=1,\n timeout_sec=1,\n region=\"us-central1\",\n tcp_health_check={\n \"port\": 80,\n })\nbackend = gcp.compute.RegionBackendService(\"backend\",\n name=\"website-backend\",\n region=\"us-central1\",\n load_balancing_scheme=\"EXTERNAL\",\n health_checks=hc.id)\n# Forwarding rule for External Network Load Balancing using Backend Services\ndefault = gcp.compute.ForwardingRule(\"default\",\n name=\"website-forwarding-rule\",\n region=\"us-central1\",\n port_range=\"80\",\n backend_service=backend.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hc = new Gcp.Compute.RegionHealthCheck(\"hc\", new()\n {\n Name = \"check-website-backend\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n Region = \"us-central1\",\n TcpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var backend = new Gcp.Compute.RegionBackendService(\"backend\", new()\n {\n Name = \"website-backend\",\n Region = \"us-central1\",\n LoadBalancingScheme = \"EXTERNAL\",\n HealthChecks = hc.Id,\n });\n\n // Forwarding rule for External Network Load Balancing using Backend Services\n var @default = new Gcp.Compute.ForwardingRule(\"default\", new()\n {\n Name = \"website-forwarding-rule\",\n Region = \"us-central1\",\n PortRange = \"80\",\n BackendService = backend.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\thc, err := compute.NewRegionHealthCheck(ctx, \"hc\", \u0026compute.RegionHealthCheckArgs{\n\t\t\tName: pulumi.String(\"check-website-backend\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tTcpHealthCheck: \u0026compute.RegionHealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbackend, err := compute.NewRegionBackendService(ctx, \"backend\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"website-backend\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL\"),\n\t\t\tHealthChecks: hc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Forwarding rule for External Network Load Balancing using Backend Services\n\t\t_, err = compute.NewForwardingRule(ctx, \"default\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"website-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tPortRange: pulumi.String(\"80\"),\n\t\t\tBackendService: backend.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionHealthCheck;\nimport com.pulumi.gcp.compute.RegionHealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.RegionHealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hc = new RegionHealthCheck(\"hc\", RegionHealthCheckArgs.builder()\n .name(\"check-website-backend\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .region(\"us-central1\")\n .tcpHealthCheck(RegionHealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n var backend = new RegionBackendService(\"backend\", RegionBackendServiceArgs.builder()\n .name(\"website-backend\")\n .region(\"us-central1\")\n .loadBalancingScheme(\"EXTERNAL\")\n .healthChecks(hc.id())\n .build());\n\n // Forwarding rule for External Network Load Balancing using Backend Services\n var default_ = new ForwardingRule(\"default\", ForwardingRuleArgs.builder()\n .name(\"website-forwarding-rule\")\n .region(\"us-central1\")\n .portRange(80)\n .backendService(backend.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Forwarding rule for External Network Load Balancing using Backend Services\n default:\n type: gcp:compute:ForwardingRule\n properties:\n name: website-forwarding-rule\n region: us-central1\n portRange: 80\n backendService: ${backend.id}\n backend:\n type: gcp:compute:RegionBackendService\n properties:\n name: website-backend\n region: us-central1\n loadBalancingScheme: EXTERNAL\n healthChecks: ${hc.id}\n hc:\n type: gcp:compute:RegionHealthCheck\n properties:\n name: check-website-backend\n checkIntervalSec: 1\n timeoutSec: 1\n region: us-central1\n tcpHealthCheck:\n port: '80'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Forwarding Rule Global Internallb\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hc = new gcp.compute.HealthCheck(\"hc\", {\n name: \"check-website-backend\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst backend = new gcp.compute.RegionBackendService(\"backend\", {\n name: \"website-backend\",\n region: \"us-central1\",\n healthChecks: hc.id,\n});\nconst defaultNetwork = new gcp.compute.Network(\"default\", {\n name: \"website-net\",\n autoCreateSubnetworks: false,\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"website-net\",\n ipCidrRange: \"10.0.0.0/16\",\n region: \"us-central1\",\n network: defaultNetwork.id,\n});\n// Forwarding rule for Internal Load Balancing\nconst _default = new gcp.compute.ForwardingRule(\"default\", {\n name: \"website-forwarding-rule\",\n region: \"us-central1\",\n loadBalancingScheme: \"INTERNAL\",\n backendService: backend.id,\n allPorts: true,\n allowGlobalAccess: true,\n network: defaultNetwork.name,\n subnetwork: defaultSubnetwork.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhc = gcp.compute.HealthCheck(\"hc\",\n name=\"check-website-backend\",\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\nbackend = gcp.compute.RegionBackendService(\"backend\",\n name=\"website-backend\",\n region=\"us-central1\",\n health_checks=hc.id)\ndefault_network = gcp.compute.Network(\"default\",\n name=\"website-net\",\n auto_create_subnetworks=False)\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"website-net\",\n ip_cidr_range=\"10.0.0.0/16\",\n region=\"us-central1\",\n network=default_network.id)\n# Forwarding rule for Internal Load Balancing\ndefault = gcp.compute.ForwardingRule(\"default\",\n name=\"website-forwarding-rule\",\n region=\"us-central1\",\n load_balancing_scheme=\"INTERNAL\",\n backend_service=backend.id,\n all_ports=True,\n allow_global_access=True,\n network=default_network.name,\n subnetwork=default_subnetwork.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hc = new Gcp.Compute.HealthCheck(\"hc\", new()\n {\n Name = \"check-website-backend\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var backend = new Gcp.Compute.RegionBackendService(\"backend\", new()\n {\n Name = \"website-backend\",\n Region = \"us-central1\",\n HealthChecks = hc.Id,\n });\n\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"website-net\",\n AutoCreateSubnetworks = false,\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"website-net\",\n IpCidrRange = \"10.0.0.0/16\",\n Region = \"us-central1\",\n Network = defaultNetwork.Id,\n });\n\n // Forwarding rule for Internal Load Balancing\n var @default = new Gcp.Compute.ForwardingRule(\"default\", new()\n {\n Name = \"website-forwarding-rule\",\n Region = \"us-central1\",\n LoadBalancingScheme = \"INTERNAL\",\n BackendService = backend.Id,\n AllPorts = true,\n AllowGlobalAccess = true,\n Network = defaultNetwork.Name,\n Subnetwork = defaultSubnetwork.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\thc, err := compute.NewHealthCheck(ctx, \"hc\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"check-website-backend\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbackend, err := compute.NewRegionBackendService(ctx, \"backend\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"website-backend\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHealthChecks: hc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"website-net\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"website-net\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Forwarding rule for Internal Load Balancing\n\t\t_, err = compute.NewForwardingRule(ctx, \"default\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"website-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL\"),\n\t\t\tBackendService: backend.ID(),\n\t\t\tAllPorts: pulumi.Bool(true),\n\t\t\tAllowGlobalAccess: pulumi.Bool(true),\n\t\t\tNetwork: defaultNetwork.Name,\n\t\t\tSubnetwork: defaultSubnetwork.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hc = new HealthCheck(\"hc\", HealthCheckArgs.builder()\n .name(\"check-website-backend\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n var backend = new RegionBackendService(\"backend\", RegionBackendServiceArgs.builder()\n .name(\"website-backend\")\n .region(\"us-central1\")\n .healthChecks(hc.id())\n .build());\n\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"website-net\")\n .autoCreateSubnetworks(false)\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"website-net\")\n .ipCidrRange(\"10.0.0.0/16\")\n .region(\"us-central1\")\n .network(defaultNetwork.id())\n .build());\n\n // Forwarding rule for Internal Load Balancing\n var default_ = new ForwardingRule(\"default\", ForwardingRuleArgs.builder()\n .name(\"website-forwarding-rule\")\n .region(\"us-central1\")\n .loadBalancingScheme(\"INTERNAL\")\n .backendService(backend.id())\n .allPorts(true)\n .allowGlobalAccess(true)\n .network(defaultNetwork.name())\n .subnetwork(defaultSubnetwork.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Forwarding rule for Internal Load Balancing\n default:\n type: gcp:compute:ForwardingRule\n properties:\n name: website-forwarding-rule\n region: us-central1\n loadBalancingScheme: INTERNAL\n backendService: ${backend.id}\n allPorts: true\n allowGlobalAccess: true\n network: ${defaultNetwork.name}\n subnetwork: ${defaultSubnetwork.name}\n backend:\n type: gcp:compute:RegionBackendService\n properties:\n name: website-backend\n region: us-central1\n healthChecks: ${hc.id}\n hc:\n type: gcp:compute:HealthCheck\n properties:\n name: check-website-backend\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: website-net\n autoCreateSubnetworks: false\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: website-net\n ipCidrRange: 10.0.0.0/16\n region: us-central1\n network: ${defaultNetwork.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Forwarding Rule Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultTargetPool = new gcp.compute.TargetPool(\"default\", {name: \"website-target-pool\"});\nconst _default = new gcp.compute.ForwardingRule(\"default\", {\n name: \"website-forwarding-rule\",\n target: defaultTargetPool.id,\n portRange: \"80\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_target_pool = gcp.compute.TargetPool(\"default\", name=\"website-target-pool\")\ndefault = gcp.compute.ForwardingRule(\"default\",\n name=\"website-forwarding-rule\",\n target=default_target_pool.id,\n port_range=\"80\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultTargetPool = new Gcp.Compute.TargetPool(\"default\", new()\n {\n Name = \"website-target-pool\",\n });\n\n var @default = new Gcp.Compute.ForwardingRule(\"default\", new()\n {\n Name = \"website-forwarding-rule\",\n Target = defaultTargetPool.Id,\n PortRange = \"80\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultTargetPool, err := compute.NewTargetPool(ctx, \"default\", \u0026compute.TargetPoolArgs{\n\t\t\tName: pulumi.String(\"website-target-pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewForwardingRule(ctx, \"default\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"website-forwarding-rule\"),\n\t\t\tTarget: defaultTargetPool.ID(),\n\t\t\tPortRange: pulumi.String(\"80\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.TargetPool;\nimport com.pulumi.gcp.compute.TargetPoolArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultTargetPool = new TargetPool(\"defaultTargetPool\", TargetPoolArgs.builder()\n .name(\"website-target-pool\")\n .build());\n\n var default_ = new ForwardingRule(\"default\", ForwardingRuleArgs.builder()\n .name(\"website-forwarding-rule\")\n .target(defaultTargetPool.id())\n .portRange(\"80\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:ForwardingRule\n properties:\n name: website-forwarding-rule\n target: ${defaultTargetPool.id}\n portRange: '80'\n defaultTargetPool:\n type: gcp:compute:TargetPool\n name: default\n properties:\n name: website-target-pool\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Forwarding Rule L3 Default\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst healthCheck = new gcp.compute.RegionHealthCheck(\"health_check\", {\n name: \"health-check\",\n region: \"us-central1\",\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst service = new gcp.compute.RegionBackendService(\"service\", {\n region: \"us-central1\",\n name: \"service\",\n healthChecks: healthCheck.id,\n protocol: \"UNSPECIFIED\",\n loadBalancingScheme: \"EXTERNAL\",\n});\nconst fwdRule = new gcp.compute.ForwardingRule(\"fwd_rule\", {\n name: \"l3-forwarding-rule\",\n backendService: service.id,\n ipProtocol: \"L3_DEFAULT\",\n allPorts: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhealth_check = gcp.compute.RegionHealthCheck(\"health_check\",\n name=\"health-check\",\n region=\"us-central1\",\n tcp_health_check={\n \"port\": 80,\n })\nservice = gcp.compute.RegionBackendService(\"service\",\n region=\"us-central1\",\n name=\"service\",\n health_checks=health_check.id,\n protocol=\"UNSPECIFIED\",\n load_balancing_scheme=\"EXTERNAL\")\nfwd_rule = gcp.compute.ForwardingRule(\"fwd_rule\",\n name=\"l3-forwarding-rule\",\n backend_service=service.id,\n ip_protocol=\"L3_DEFAULT\",\n all_ports=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var healthCheck = new Gcp.Compute.RegionHealthCheck(\"health_check\", new()\n {\n Name = \"health-check\",\n Region = \"us-central1\",\n TcpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var service = new Gcp.Compute.RegionBackendService(\"service\", new()\n {\n Region = \"us-central1\",\n Name = \"service\",\n HealthChecks = healthCheck.Id,\n Protocol = \"UNSPECIFIED\",\n LoadBalancingScheme = \"EXTERNAL\",\n });\n\n var fwdRule = new Gcp.Compute.ForwardingRule(\"fwd_rule\", new()\n {\n Name = \"l3-forwarding-rule\",\n BackendService = service.Id,\n IpProtocol = \"L3_DEFAULT\",\n AllPorts = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\thealthCheck, err := compute.NewRegionHealthCheck(ctx, \"health_check\", \u0026compute.RegionHealthCheckArgs{\n\t\t\tName: pulumi.String(\"health-check\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tTcpHealthCheck: \u0026compute.RegionHealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tservice, err := compute.NewRegionBackendService(ctx, \"service\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"service\"),\n\t\t\tHealthChecks: healthCheck.ID(),\n\t\t\tProtocol: pulumi.String(\"UNSPECIFIED\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewForwardingRule(ctx, \"fwd_rule\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"l3-forwarding-rule\"),\n\t\t\tBackendService: service.ID(),\n\t\t\tIpProtocol: pulumi.String(\"L3_DEFAULT\"),\n\t\t\tAllPorts: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionHealthCheck;\nimport com.pulumi.gcp.compute.RegionHealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.RegionHealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var healthCheck = new RegionHealthCheck(\"healthCheck\", RegionHealthCheckArgs.builder()\n .name(\"health-check\")\n .region(\"us-central1\")\n .tcpHealthCheck(RegionHealthCheckTcpHealthCheckArgs.builder()\n .port(80)\n .build())\n .build());\n\n var service = new RegionBackendService(\"service\", RegionBackendServiceArgs.builder()\n .region(\"us-central1\")\n .name(\"service\")\n .healthChecks(healthCheck.id())\n .protocol(\"UNSPECIFIED\")\n .loadBalancingScheme(\"EXTERNAL\")\n .build());\n\n var fwdRule = new ForwardingRule(\"fwdRule\", ForwardingRuleArgs.builder()\n .name(\"l3-forwarding-rule\")\n .backendService(service.id())\n .ipProtocol(\"L3_DEFAULT\")\n .allPorts(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fwdRule:\n type: gcp:compute:ForwardingRule\n name: fwd_rule\n properties:\n name: l3-forwarding-rule\n backendService: ${service.id}\n ipProtocol: L3_DEFAULT\n allPorts: true\n service:\n type: gcp:compute:RegionBackendService\n properties:\n region: us-central1\n name: service\n healthChecks: ${healthCheck.id}\n protocol: UNSPECIFIED\n loadBalancingScheme: EXTERNAL\n healthCheck:\n type: gcp:compute:RegionHealthCheck\n name: health_check\n properties:\n name: health-check\n region: us-central1\n tcpHealthCheck:\n port: 80\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Forwarding Rule Internallb\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hc = new gcp.compute.HealthCheck(\"hc\", {\n name: \"check-website-backend\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst backend = new gcp.compute.RegionBackendService(\"backend\", {\n name: \"website-backend\",\n region: \"us-central1\",\n healthChecks: hc.id,\n});\nconst defaultNetwork = new gcp.compute.Network(\"default\", {\n name: \"website-net\",\n autoCreateSubnetworks: false,\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"website-net\",\n ipCidrRange: \"10.0.0.0/16\",\n region: \"us-central1\",\n network: defaultNetwork.id,\n});\n// Forwarding rule for Internal Load Balancing\nconst _default = new gcp.compute.ForwardingRule(\"default\", {\n name: \"website-forwarding-rule\",\n region: \"us-central1\",\n loadBalancingScheme: \"INTERNAL\",\n backendService: backend.id,\n allPorts: true,\n network: defaultNetwork.name,\n subnetwork: defaultSubnetwork.name,\n ipVersion: \"IPV4\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhc = gcp.compute.HealthCheck(\"hc\",\n name=\"check-website-backend\",\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\nbackend = gcp.compute.RegionBackendService(\"backend\",\n name=\"website-backend\",\n region=\"us-central1\",\n health_checks=hc.id)\ndefault_network = gcp.compute.Network(\"default\",\n name=\"website-net\",\n auto_create_subnetworks=False)\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"website-net\",\n ip_cidr_range=\"10.0.0.0/16\",\n region=\"us-central1\",\n network=default_network.id)\n# Forwarding rule for Internal Load Balancing\ndefault = gcp.compute.ForwardingRule(\"default\",\n name=\"website-forwarding-rule\",\n region=\"us-central1\",\n load_balancing_scheme=\"INTERNAL\",\n backend_service=backend.id,\n all_ports=True,\n network=default_network.name,\n subnetwork=default_subnetwork.name,\n ip_version=\"IPV4\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hc = new Gcp.Compute.HealthCheck(\"hc\", new()\n {\n Name = \"check-website-backend\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var backend = new Gcp.Compute.RegionBackendService(\"backend\", new()\n {\n Name = \"website-backend\",\n Region = \"us-central1\",\n HealthChecks = hc.Id,\n });\n\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"website-net\",\n AutoCreateSubnetworks = false,\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"website-net\",\n IpCidrRange = \"10.0.0.0/16\",\n Region = \"us-central1\",\n Network = defaultNetwork.Id,\n });\n\n // Forwarding rule for Internal Load Balancing\n var @default = new Gcp.Compute.ForwardingRule(\"default\", new()\n {\n Name = \"website-forwarding-rule\",\n Region = \"us-central1\",\n LoadBalancingScheme = \"INTERNAL\",\n BackendService = backend.Id,\n AllPorts = true,\n Network = defaultNetwork.Name,\n Subnetwork = defaultSubnetwork.Name,\n IpVersion = \"IPV4\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\thc, err := compute.NewHealthCheck(ctx, \"hc\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"check-website-backend\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbackend, err := compute.NewRegionBackendService(ctx, \"backend\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"website-backend\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHealthChecks: hc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"website-net\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"website-net\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Forwarding rule for Internal Load Balancing\n\t\t_, err = compute.NewForwardingRule(ctx, \"default\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"website-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL\"),\n\t\t\tBackendService: backend.ID(),\n\t\t\tAllPorts: pulumi.Bool(true),\n\t\t\tNetwork: defaultNetwork.Name,\n\t\t\tSubnetwork: defaultSubnetwork.Name,\n\t\t\tIpVersion: pulumi.String(\"IPV4\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hc = new HealthCheck(\"hc\", HealthCheckArgs.builder()\n .name(\"check-website-backend\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n var backend = new RegionBackendService(\"backend\", RegionBackendServiceArgs.builder()\n .name(\"website-backend\")\n .region(\"us-central1\")\n .healthChecks(hc.id())\n .build());\n\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"website-net\")\n .autoCreateSubnetworks(false)\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"website-net\")\n .ipCidrRange(\"10.0.0.0/16\")\n .region(\"us-central1\")\n .network(defaultNetwork.id())\n .build());\n\n // Forwarding rule for Internal Load Balancing\n var default_ = new ForwardingRule(\"default\", ForwardingRuleArgs.builder()\n .name(\"website-forwarding-rule\")\n .region(\"us-central1\")\n .loadBalancingScheme(\"INTERNAL\")\n .backendService(backend.id())\n .allPorts(true)\n .network(defaultNetwork.name())\n .subnetwork(defaultSubnetwork.name())\n .ipVersion(\"IPV4\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Forwarding rule for Internal Load Balancing\n default:\n type: gcp:compute:ForwardingRule\n properties:\n name: website-forwarding-rule\n region: us-central1\n loadBalancingScheme: INTERNAL\n backendService: ${backend.id}\n allPorts: true\n network: ${defaultNetwork.name}\n subnetwork: ${defaultSubnetwork.name}\n ipVersion: IPV4\n backend:\n type: gcp:compute:RegionBackendService\n properties:\n name: website-backend\n region: us-central1\n healthChecks: ${hc.id}\n hc:\n type: gcp:compute:HealthCheck\n properties:\n name: check-website-backend\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: website-net\n autoCreateSubnetworks: false\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: website-net\n ipCidrRange: 10.0.0.0/16\n region: us-central1\n network: ${defaultNetwork.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Forwarding Rule Http Lb\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst debianImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst defaultNetwork = new gcp.compute.Network(\"default\", {\n name: \"website-net\",\n autoCreateSubnetworks: false,\n routingMode: \"REGIONAL\",\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"website-net-default\",\n ipCidrRange: \"10.1.2.0/24\",\n region: \"us-central1\",\n network: defaultNetwork.id,\n});\nconst instanceTemplate = new gcp.compute.InstanceTemplate(\"instance_template\", {\n name: \"template-website-backend\",\n machineType: \"e2-medium\",\n networkInterfaces: [{\n network: defaultNetwork.id,\n subnetwork: defaultSubnetwork.id,\n }],\n disks: [{\n sourceImage: debianImage.then(debianImage =\u003e debianImage.selfLink),\n autoDelete: true,\n boot: true,\n }],\n tags: [\n \"allow-ssh\",\n \"load-balanced-backend\",\n ],\n});\nconst rigm = new gcp.compute.RegionInstanceGroupManager(\"rigm\", {\n region: \"us-central1\",\n name: \"website-rigm\",\n versions: [{\n instanceTemplate: instanceTemplate.id,\n name: \"primary\",\n }],\n baseInstanceName: \"internal-glb\",\n targetSize: 1,\n});\nconst fw1 = new gcp.compute.Firewall(\"fw1\", {\n name: \"website-fw-1\",\n network: defaultNetwork.id,\n sourceRanges: [\"10.1.2.0/24\"],\n allows: [\n {\n protocol: \"tcp\",\n },\n {\n protocol: \"udp\",\n },\n {\n protocol: \"icmp\",\n },\n ],\n direction: \"INGRESS\",\n});\nconst fw2 = new gcp.compute.Firewall(\"fw2\", {\n name: \"website-fw-2\",\n network: defaultNetwork.id,\n sourceRanges: [\"0.0.0.0/0\"],\n allows: [{\n protocol: \"tcp\",\n ports: [\"22\"],\n }],\n targetTags: [\"allow-ssh\"],\n direction: \"INGRESS\",\n}, {\n dependsOn: [fw1],\n});\nconst fw3 = new gcp.compute.Firewall(\"fw3\", {\n name: \"website-fw-3\",\n network: defaultNetwork.id,\n sourceRanges: [\n \"130.211.0.0/22\",\n \"35.191.0.0/16\",\n ],\n allows: [{\n protocol: \"tcp\",\n }],\n targetTags: [\"load-balanced-backend\"],\n direction: \"INGRESS\",\n}, {\n dependsOn: [fw2],\n});\nconst fw4 = new gcp.compute.Firewall(\"fw4\", {\n name: \"website-fw-4\",\n network: defaultNetwork.id,\n sourceRanges: [\"10.129.0.0/26\"],\n targetTags: [\"load-balanced-backend\"],\n allows: [\n {\n protocol: \"tcp\",\n ports: [\"80\"],\n },\n {\n protocol: \"tcp\",\n ports: [\"443\"],\n },\n {\n protocol: \"tcp\",\n ports: [\"8000\"],\n },\n ],\n direction: \"INGRESS\",\n}, {\n dependsOn: [fw3],\n});\nconst defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck(\"default\", {\n region: \"us-central1\",\n name: \"website-hc\",\n httpHealthCheck: {\n portSpecification: \"USE_SERVING_PORT\",\n },\n}, {\n dependsOn: [fw4],\n});\nconst defaultRegionBackendService = new gcp.compute.RegionBackendService(\"default\", {\n loadBalancingScheme: \"INTERNAL_MANAGED\",\n backends: [{\n group: rigm.instanceGroup,\n balancingMode: \"UTILIZATION\",\n capacityScaler: 1,\n }],\n region: \"us-central1\",\n name: \"website-backend\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n healthChecks: defaultRegionHealthCheck.id,\n});\nconst defaultRegionUrlMap = new gcp.compute.RegionUrlMap(\"default\", {\n region: \"us-central1\",\n name: \"website-map\",\n defaultService: defaultRegionBackendService.id,\n});\nconst defaultRegionTargetHttpProxy = new gcp.compute.RegionTargetHttpProxy(\"default\", {\n region: \"us-central1\",\n name: \"website-proxy\",\n urlMap: defaultRegionUrlMap.id,\n});\nconst proxy = new gcp.compute.Subnetwork(\"proxy\", {\n name: \"website-net-proxy\",\n ipCidrRange: \"10.129.0.0/26\",\n region: \"us-central1\",\n network: defaultNetwork.id,\n purpose: \"REGIONAL_MANAGED_PROXY\",\n role: \"ACTIVE\",\n});\n// Forwarding rule for Internal Load Balancing\nconst _default = new gcp.compute.ForwardingRule(\"default\", {\n name: \"website-forwarding-rule\",\n region: \"us-central1\",\n ipProtocol: \"TCP\",\n loadBalancingScheme: \"INTERNAL_MANAGED\",\n portRange: \"80\",\n target: defaultRegionTargetHttpProxy.id,\n network: defaultNetwork.id,\n subnetwork: defaultSubnetwork.id,\n networkTier: \"PREMIUM\",\n}, {\n dependsOn: [proxy],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndebian_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\ndefault_network = gcp.compute.Network(\"default\",\n name=\"website-net\",\n auto_create_subnetworks=False,\n routing_mode=\"REGIONAL\")\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"website-net-default\",\n ip_cidr_range=\"10.1.2.0/24\",\n region=\"us-central1\",\n network=default_network.id)\ninstance_template = gcp.compute.InstanceTemplate(\"instance_template\",\n name=\"template-website-backend\",\n machine_type=\"e2-medium\",\n network_interfaces=[{\n \"network\": default_network.id,\n \"subnetwork\": default_subnetwork.id,\n }],\n disks=[{\n \"source_image\": debian_image.self_link,\n \"auto_delete\": True,\n \"boot\": True,\n }],\n tags=[\n \"allow-ssh\",\n \"load-balanced-backend\",\n ])\nrigm = gcp.compute.RegionInstanceGroupManager(\"rigm\",\n region=\"us-central1\",\n name=\"website-rigm\",\n versions=[{\n \"instance_template\": instance_template.id,\n \"name\": \"primary\",\n }],\n base_instance_name=\"internal-glb\",\n target_size=1)\nfw1 = gcp.compute.Firewall(\"fw1\",\n name=\"website-fw-1\",\n network=default_network.id,\n source_ranges=[\"10.1.2.0/24\"],\n allows=[\n {\n \"protocol\": \"tcp\",\n },\n {\n \"protocol\": \"udp\",\n },\n {\n \"protocol\": \"icmp\",\n },\n ],\n direction=\"INGRESS\")\nfw2 = gcp.compute.Firewall(\"fw2\",\n name=\"website-fw-2\",\n network=default_network.id,\n source_ranges=[\"0.0.0.0/0\"],\n allows=[{\n \"protocol\": \"tcp\",\n \"ports\": [\"22\"],\n }],\n target_tags=[\"allow-ssh\"],\n direction=\"INGRESS\",\n opts = pulumi.ResourceOptions(depends_on=[fw1]))\nfw3 = gcp.compute.Firewall(\"fw3\",\n name=\"website-fw-3\",\n network=default_network.id,\n source_ranges=[\n \"130.211.0.0/22\",\n \"35.191.0.0/16\",\n ],\n allows=[{\n \"protocol\": \"tcp\",\n }],\n target_tags=[\"load-balanced-backend\"],\n direction=\"INGRESS\",\n opts = pulumi.ResourceOptions(depends_on=[fw2]))\nfw4 = gcp.compute.Firewall(\"fw4\",\n name=\"website-fw-4\",\n network=default_network.id,\n source_ranges=[\"10.129.0.0/26\"],\n target_tags=[\"load-balanced-backend\"],\n allows=[\n {\n \"protocol\": \"tcp\",\n \"ports\": [\"80\"],\n },\n {\n \"protocol\": \"tcp\",\n \"ports\": [\"443\"],\n },\n {\n \"protocol\": \"tcp\",\n \"ports\": [\"8000\"],\n },\n ],\n direction=\"INGRESS\",\n opts = pulumi.ResourceOptions(depends_on=[fw3]))\ndefault_region_health_check = gcp.compute.RegionHealthCheck(\"default\",\n region=\"us-central1\",\n name=\"website-hc\",\n http_health_check={\n \"port_specification\": \"USE_SERVING_PORT\",\n },\n opts = pulumi.ResourceOptions(depends_on=[fw4]))\ndefault_region_backend_service = gcp.compute.RegionBackendService(\"default\",\n load_balancing_scheme=\"INTERNAL_MANAGED\",\n backends=[{\n \"group\": rigm.instance_group,\n \"balancing_mode\": \"UTILIZATION\",\n \"capacity_scaler\": 1,\n }],\n region=\"us-central1\",\n name=\"website-backend\",\n protocol=\"HTTP\",\n timeout_sec=10,\n health_checks=default_region_health_check.id)\ndefault_region_url_map = gcp.compute.RegionUrlMap(\"default\",\n region=\"us-central1\",\n name=\"website-map\",\n default_service=default_region_backend_service.id)\ndefault_region_target_http_proxy = gcp.compute.RegionTargetHttpProxy(\"default\",\n region=\"us-central1\",\n name=\"website-proxy\",\n url_map=default_region_url_map.id)\nproxy = gcp.compute.Subnetwork(\"proxy\",\n name=\"website-net-proxy\",\n ip_cidr_range=\"10.129.0.0/26\",\n region=\"us-central1\",\n network=default_network.id,\n purpose=\"REGIONAL_MANAGED_PROXY\",\n role=\"ACTIVE\")\n# Forwarding rule for Internal Load Balancing\ndefault = gcp.compute.ForwardingRule(\"default\",\n name=\"website-forwarding-rule\",\n region=\"us-central1\",\n ip_protocol=\"TCP\",\n load_balancing_scheme=\"INTERNAL_MANAGED\",\n port_range=\"80\",\n target=default_region_target_http_proxy.id,\n network=default_network.id,\n subnetwork=default_subnetwork.id,\n network_tier=\"PREMIUM\",\n opts = pulumi.ResourceOptions(depends_on=[proxy]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var debianImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"website-net\",\n AutoCreateSubnetworks = false,\n RoutingMode = \"REGIONAL\",\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"website-net-default\",\n IpCidrRange = \"10.1.2.0/24\",\n Region = \"us-central1\",\n Network = defaultNetwork.Id,\n });\n\n var instanceTemplate = new Gcp.Compute.InstanceTemplate(\"instance_template\", new()\n {\n Name = \"template-website-backend\",\n MachineType = \"e2-medium\",\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs\n {\n Network = defaultNetwork.Id,\n Subnetwork = defaultSubnetwork.Id,\n },\n },\n Disks = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateDiskArgs\n {\n SourceImage = debianImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n AutoDelete = true,\n Boot = true,\n },\n },\n Tags = new[]\n {\n \"allow-ssh\",\n \"load-balanced-backend\",\n },\n });\n\n var rigm = new Gcp.Compute.RegionInstanceGroupManager(\"rigm\", new()\n {\n Region = \"us-central1\",\n Name = \"website-rigm\",\n Versions = new[]\n {\n new Gcp.Compute.Inputs.RegionInstanceGroupManagerVersionArgs\n {\n InstanceTemplate = instanceTemplate.Id,\n Name = \"primary\",\n },\n },\n BaseInstanceName = \"internal-glb\",\n TargetSize = 1,\n });\n\n var fw1 = new Gcp.Compute.Firewall(\"fw1\", new()\n {\n Name = \"website-fw-1\",\n Network = defaultNetwork.Id,\n SourceRanges = new[]\n {\n \"10.1.2.0/24\",\n },\n Allows = new[]\n {\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"tcp\",\n },\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"udp\",\n },\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"icmp\",\n },\n },\n Direction = \"INGRESS\",\n });\n\n var fw2 = new Gcp.Compute.Firewall(\"fw2\", new()\n {\n Name = \"website-fw-2\",\n Network = defaultNetwork.Id,\n SourceRanges = new[]\n {\n \"0.0.0.0/0\",\n },\n Allows = new[]\n {\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"tcp\",\n Ports = new[]\n {\n \"22\",\n },\n },\n },\n TargetTags = new[]\n {\n \"allow-ssh\",\n },\n Direction = \"INGRESS\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n fw1,\n },\n });\n\n var fw3 = new Gcp.Compute.Firewall(\"fw3\", new()\n {\n Name = \"website-fw-3\",\n Network = defaultNetwork.Id,\n SourceRanges = new[]\n {\n \"130.211.0.0/22\",\n \"35.191.0.0/16\",\n },\n Allows = new[]\n {\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"tcp\",\n },\n },\n TargetTags = new[]\n {\n \"load-balanced-backend\",\n },\n Direction = \"INGRESS\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n fw2,\n },\n });\n\n var fw4 = new Gcp.Compute.Firewall(\"fw4\", new()\n {\n Name = \"website-fw-4\",\n Network = defaultNetwork.Id,\n SourceRanges = new[]\n {\n \"10.129.0.0/26\",\n },\n TargetTags = new[]\n {\n \"load-balanced-backend\",\n },\n Allows = new[]\n {\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"tcp\",\n Ports = new[]\n {\n \"80\",\n },\n },\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"tcp\",\n Ports = new[]\n {\n \"443\",\n },\n },\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"tcp\",\n Ports = new[]\n {\n \"8000\",\n },\n },\n },\n Direction = \"INGRESS\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n fw3,\n },\n });\n\n var defaultRegionHealthCheck = new Gcp.Compute.RegionHealthCheck(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"website-hc\",\n HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs\n {\n PortSpecification = \"USE_SERVING_PORT\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n fw4,\n },\n });\n\n var defaultRegionBackendService = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n LoadBalancingScheme = \"INTERNAL_MANAGED\",\n Backends = new[]\n {\n new Gcp.Compute.Inputs.RegionBackendServiceBackendArgs\n {\n Group = rigm.InstanceGroup,\n BalancingMode = \"UTILIZATION\",\n CapacityScaler = 1,\n },\n },\n Region = \"us-central1\",\n Name = \"website-backend\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n HealthChecks = defaultRegionHealthCheck.Id,\n });\n\n var defaultRegionUrlMap = new Gcp.Compute.RegionUrlMap(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"website-map\",\n DefaultService = defaultRegionBackendService.Id,\n });\n\n var defaultRegionTargetHttpProxy = new Gcp.Compute.RegionTargetHttpProxy(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"website-proxy\",\n UrlMap = defaultRegionUrlMap.Id,\n });\n\n var proxy = new Gcp.Compute.Subnetwork(\"proxy\", new()\n {\n Name = \"website-net-proxy\",\n IpCidrRange = \"10.129.0.0/26\",\n Region = \"us-central1\",\n Network = defaultNetwork.Id,\n Purpose = \"REGIONAL_MANAGED_PROXY\",\n Role = \"ACTIVE\",\n });\n\n // Forwarding rule for Internal Load Balancing\n var @default = new Gcp.Compute.ForwardingRule(\"default\", new()\n {\n Name = \"website-forwarding-rule\",\n Region = \"us-central1\",\n IpProtocol = \"TCP\",\n LoadBalancingScheme = \"INTERNAL_MANAGED\",\n PortRange = \"80\",\n Target = defaultRegionTargetHttpProxy.Id,\n Network = defaultNetwork.Id,\n Subnetwork = defaultSubnetwork.Id,\n NetworkTier = \"PREMIUM\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n proxy,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdebianImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"website-net\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t\tRoutingMode: pulumi.String(\"REGIONAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"website-net-default\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.1.2.0/24\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstanceTemplate, err := compute.NewInstanceTemplate(ctx, \"instance_template\", \u0026compute.InstanceTemplateArgs{\n\t\t\tName: pulumi.String(\"template-website-backend\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tNetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceTemplateNetworkInterfaceArgs{\n\t\t\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDisks: compute.InstanceTemplateDiskArray{\n\t\t\t\t\u0026compute.InstanceTemplateDiskArgs{\n\t\t\t\t\tSourceImage: pulumi.String(debianImage.SelfLink),\n\t\t\t\t\tAutoDelete: pulumi.Bool(true),\n\t\t\t\t\tBoot: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"allow-ssh\"),\n\t\t\t\tpulumi.String(\"load-balanced-backend\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trigm, err := compute.NewRegionInstanceGroupManager(ctx, \"rigm\", \u0026compute.RegionInstanceGroupManagerArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"website-rigm\"),\n\t\t\tVersions: compute.RegionInstanceGroupManagerVersionArray{\n\t\t\t\t\u0026compute.RegionInstanceGroupManagerVersionArgs{\n\t\t\t\t\tInstanceTemplate: instanceTemplate.ID(),\n\t\t\t\t\tName: pulumi.String(\"primary\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tBaseInstanceName: pulumi.String(\"internal-glb\"),\n\t\t\tTargetSize: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfw1, err := compute.NewFirewall(ctx, \"fw1\", \u0026compute.FirewallArgs{\n\t\t\tName: pulumi.String(\"website-fw-1\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tSourceRanges: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"10.1.2.0/24\"),\n\t\t\t},\n\t\t\tAllows: compute.FirewallAllowArray{\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t},\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"udp\"),\n\t\t\t\t},\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"icmp\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDirection: pulumi.String(\"INGRESS\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfw2, err := compute.NewFirewall(ctx, \"fw2\", \u0026compute.FirewallArgs{\n\t\t\tName: pulumi.String(\"website-fw-2\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tSourceRanges: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"0.0.0.0/0\"),\n\t\t\t},\n\t\t\tAllows: compute.FirewallAllowArray{\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\tPorts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"22\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTargetTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"allow-ssh\"),\n\t\t\t},\n\t\t\tDirection: pulumi.String(\"INGRESS\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfw1,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfw3, err := compute.NewFirewall(ctx, \"fw3\", \u0026compute.FirewallArgs{\n\t\t\tName: pulumi.String(\"website-fw-3\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tSourceRanges: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"130.211.0.0/22\"),\n\t\t\t\tpulumi.String(\"35.191.0.0/16\"),\n\t\t\t},\n\t\t\tAllows: compute.FirewallAllowArray{\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTargetTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"load-balanced-backend\"),\n\t\t\t},\n\t\t\tDirection: pulumi.String(\"INGRESS\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfw2,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfw4, err := compute.NewFirewall(ctx, \"fw4\", \u0026compute.FirewallArgs{\n\t\t\tName: pulumi.String(\"website-fw-4\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tSourceRanges: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"10.129.0.0/26\"),\n\t\t\t},\n\t\t\tTargetTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"load-balanced-backend\"),\n\t\t\t},\n\t\t\tAllows: compute.FirewallAllowArray{\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\tPorts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"80\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\tPorts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"443\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\tPorts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"8000\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDirection: pulumi.String(\"INGRESS\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfw3,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionHealthCheck, err := compute.NewRegionHealthCheck(ctx, \"default\", \u0026compute.RegionHealthCheckArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"website-hc\"),\n\t\t\tHttpHealthCheck: \u0026compute.RegionHealthCheckHttpHealthCheckArgs{\n\t\t\t\tPortSpecification: pulumi.String(\"USE_SERVING_PORT\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfw4,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionBackendService, err := compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_MANAGED\"),\n\t\t\tBackends: compute.RegionBackendServiceBackendArray{\n\t\t\t\t\u0026compute.RegionBackendServiceBackendArgs{\n\t\t\t\t\tGroup: rigm.InstanceGroup,\n\t\t\t\t\tBalancingMode: pulumi.String(\"UTILIZATION\"),\n\t\t\t\t\tCapacityScaler: pulumi.Float64(1),\n\t\t\t\t},\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"website-backend\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tHealthChecks: defaultRegionHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionUrlMap, err := compute.NewRegionUrlMap(ctx, \"default\", \u0026compute.RegionUrlMapArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"website-map\"),\n\t\t\tDefaultService: defaultRegionBackendService.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionTargetHttpProxy, err := compute.NewRegionTargetHttpProxy(ctx, \"default\", \u0026compute.RegionTargetHttpProxyArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"website-proxy\"),\n\t\t\tUrlMap: defaultRegionUrlMap.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproxy, err := compute.NewSubnetwork(ctx, \"proxy\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"website-net-proxy\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.129.0.0/26\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tPurpose: pulumi.String(\"REGIONAL_MANAGED_PROXY\"),\n\t\t\tRole: pulumi.String(\"ACTIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Forwarding rule for Internal Load Balancing\n\t\t_, err = compute.NewForwardingRule(ctx, \"default\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"website-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tIpProtocol: pulumi.String(\"TCP\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_MANAGED\"),\n\t\t\tPortRange: pulumi.String(\"80\"),\n\t\t\tTarget: defaultRegionTargetHttpProxy.ID(),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\tNetworkTier: pulumi.String(\"PREMIUM\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tproxy,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.InstanceTemplate;\nimport com.pulumi.gcp.compute.InstanceTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;\nimport com.pulumi.gcp.compute.RegionInstanceGroupManager;\nimport com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;\nimport com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;\nimport com.pulumi.gcp.compute.Firewall;\nimport com.pulumi.gcp.compute.FirewallArgs;\nimport com.pulumi.gcp.compute.inputs.FirewallAllowArgs;\nimport com.pulumi.gcp.compute.RegionHealthCheck;\nimport com.pulumi.gcp.compute.RegionHealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs;\nimport com.pulumi.gcp.compute.RegionUrlMap;\nimport com.pulumi.gcp.compute.RegionUrlMapArgs;\nimport com.pulumi.gcp.compute.RegionTargetHttpProxy;\nimport com.pulumi.gcp.compute.RegionTargetHttpProxyArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var debianImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"website-net\")\n .autoCreateSubnetworks(false)\n .routingMode(\"REGIONAL\")\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"website-net-default\")\n .ipCidrRange(\"10.1.2.0/24\")\n .region(\"us-central1\")\n .network(defaultNetwork.id())\n .build());\n\n var instanceTemplate = new InstanceTemplate(\"instanceTemplate\", InstanceTemplateArgs.builder()\n .name(\"template-website-backend\")\n .machineType(\"e2-medium\")\n .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()\n .network(defaultNetwork.id())\n .subnetwork(defaultSubnetwork.id())\n .build())\n .disks(InstanceTemplateDiskArgs.builder()\n .sourceImage(debianImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .autoDelete(true)\n .boot(true)\n .build())\n .tags( \n \"allow-ssh\",\n \"load-balanced-backend\")\n .build());\n\n var rigm = new RegionInstanceGroupManager(\"rigm\", RegionInstanceGroupManagerArgs.builder()\n .region(\"us-central1\")\n .name(\"website-rigm\")\n .versions(RegionInstanceGroupManagerVersionArgs.builder()\n .instanceTemplate(instanceTemplate.id())\n .name(\"primary\")\n .build())\n .baseInstanceName(\"internal-glb\")\n .targetSize(1)\n .build());\n\n var fw1 = new Firewall(\"fw1\", FirewallArgs.builder()\n .name(\"website-fw-1\")\n .network(defaultNetwork.id())\n .sourceRanges(\"10.1.2.0/24\")\n .allows( \n FirewallAllowArgs.builder()\n .protocol(\"tcp\")\n .build(),\n FirewallAllowArgs.builder()\n .protocol(\"udp\")\n .build(),\n FirewallAllowArgs.builder()\n .protocol(\"icmp\")\n .build())\n .direction(\"INGRESS\")\n .build());\n\n var fw2 = new Firewall(\"fw2\", FirewallArgs.builder()\n .name(\"website-fw-2\")\n .network(defaultNetwork.id())\n .sourceRanges(\"0.0.0.0/0\")\n .allows(FirewallAllowArgs.builder()\n .protocol(\"tcp\")\n .ports(\"22\")\n .build())\n .targetTags(\"allow-ssh\")\n .direction(\"INGRESS\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(fw1)\n .build());\n\n var fw3 = new Firewall(\"fw3\", FirewallArgs.builder()\n .name(\"website-fw-3\")\n .network(defaultNetwork.id())\n .sourceRanges( \n \"130.211.0.0/22\",\n \"35.191.0.0/16\")\n .allows(FirewallAllowArgs.builder()\n .protocol(\"tcp\")\n .build())\n .targetTags(\"load-balanced-backend\")\n .direction(\"INGRESS\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(fw2)\n .build());\n\n var fw4 = new Firewall(\"fw4\", FirewallArgs.builder()\n .name(\"website-fw-4\")\n .network(defaultNetwork.id())\n .sourceRanges(\"10.129.0.0/26\")\n .targetTags(\"load-balanced-backend\")\n .allows( \n FirewallAllowArgs.builder()\n .protocol(\"tcp\")\n .ports(\"80\")\n .build(),\n FirewallAllowArgs.builder()\n .protocol(\"tcp\")\n .ports(\"443\")\n .build(),\n FirewallAllowArgs.builder()\n .protocol(\"tcp\")\n .ports(\"8000\")\n .build())\n .direction(\"INGRESS\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(fw3)\n .build());\n\n var defaultRegionHealthCheck = new RegionHealthCheck(\"defaultRegionHealthCheck\", RegionHealthCheckArgs.builder()\n .region(\"us-central1\")\n .name(\"website-hc\")\n .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()\n .portSpecification(\"USE_SERVING_PORT\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(fw4)\n .build());\n\n var defaultRegionBackendService = new RegionBackendService(\"defaultRegionBackendService\", RegionBackendServiceArgs.builder()\n .loadBalancingScheme(\"INTERNAL_MANAGED\")\n .backends(RegionBackendServiceBackendArgs.builder()\n .group(rigm.instanceGroup())\n .balancingMode(\"UTILIZATION\")\n .capacityScaler(1)\n .build())\n .region(\"us-central1\")\n .name(\"website-backend\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .healthChecks(defaultRegionHealthCheck.id())\n .build());\n\n var defaultRegionUrlMap = new RegionUrlMap(\"defaultRegionUrlMap\", RegionUrlMapArgs.builder()\n .region(\"us-central1\")\n .name(\"website-map\")\n .defaultService(defaultRegionBackendService.id())\n .build());\n\n var defaultRegionTargetHttpProxy = new RegionTargetHttpProxy(\"defaultRegionTargetHttpProxy\", RegionTargetHttpProxyArgs.builder()\n .region(\"us-central1\")\n .name(\"website-proxy\")\n .urlMap(defaultRegionUrlMap.id())\n .build());\n\n var proxy = new Subnetwork(\"proxy\", SubnetworkArgs.builder()\n .name(\"website-net-proxy\")\n .ipCidrRange(\"10.129.0.0/26\")\n .region(\"us-central1\")\n .network(defaultNetwork.id())\n .purpose(\"REGIONAL_MANAGED_PROXY\")\n .role(\"ACTIVE\")\n .build());\n\n // Forwarding rule for Internal Load Balancing\n var default_ = new ForwardingRule(\"default\", ForwardingRuleArgs.builder()\n .name(\"website-forwarding-rule\")\n .region(\"us-central1\")\n .ipProtocol(\"TCP\")\n .loadBalancingScheme(\"INTERNAL_MANAGED\")\n .portRange(\"80\")\n .target(defaultRegionTargetHttpProxy.id())\n .network(defaultNetwork.id())\n .subnetwork(defaultSubnetwork.id())\n .networkTier(\"PREMIUM\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(proxy)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Forwarding rule for Internal Load Balancing\n default:\n type: gcp:compute:ForwardingRule\n properties:\n name: website-forwarding-rule\n region: us-central1\n ipProtocol: TCP\n loadBalancingScheme: INTERNAL_MANAGED\n portRange: '80'\n target: ${defaultRegionTargetHttpProxy.id}\n network: ${defaultNetwork.id}\n subnetwork: ${defaultSubnetwork.id}\n networkTier: PREMIUM\n options:\n dependsOn:\n - ${proxy}\n defaultRegionTargetHttpProxy:\n type: gcp:compute:RegionTargetHttpProxy\n name: default\n properties:\n region: us-central1\n name: website-proxy\n urlMap: ${defaultRegionUrlMap.id}\n defaultRegionUrlMap:\n type: gcp:compute:RegionUrlMap\n name: default\n properties:\n region: us-central1\n name: website-map\n defaultService: ${defaultRegionBackendService.id}\n defaultRegionBackendService:\n type: gcp:compute:RegionBackendService\n name: default\n properties:\n loadBalancingScheme: INTERNAL_MANAGED\n backends:\n - group: ${rigm.instanceGroup}\n balancingMode: UTILIZATION\n capacityScaler: 1\n region: us-central1\n name: website-backend\n protocol: HTTP\n timeoutSec: 10\n healthChecks: ${defaultRegionHealthCheck.id}\n rigm:\n type: gcp:compute:RegionInstanceGroupManager\n properties:\n region: us-central1\n name: website-rigm\n versions:\n - instanceTemplate: ${instanceTemplate.id}\n name: primary\n baseInstanceName: internal-glb\n targetSize: 1\n instanceTemplate:\n type: gcp:compute:InstanceTemplate\n name: instance_template\n properties:\n name: template-website-backend\n machineType: e2-medium\n networkInterfaces:\n - network: ${defaultNetwork.id}\n subnetwork: ${defaultSubnetwork.id}\n disks:\n - sourceImage: ${debianImage.selfLink}\n autoDelete: true\n boot: true\n tags:\n - allow-ssh\n - load-balanced-backend\n defaultRegionHealthCheck:\n type: gcp:compute:RegionHealthCheck\n name: default\n properties:\n region: us-central1\n name: website-hc\n httpHealthCheck:\n portSpecification: USE_SERVING_PORT\n options:\n dependsOn:\n - ${fw4}\n fw1:\n type: gcp:compute:Firewall\n properties:\n name: website-fw-1\n network: ${defaultNetwork.id}\n sourceRanges:\n - 10.1.2.0/24\n allows:\n - protocol: tcp\n - protocol: udp\n - protocol: icmp\n direction: INGRESS\n fw2:\n type: gcp:compute:Firewall\n properties:\n name: website-fw-2\n network: ${defaultNetwork.id}\n sourceRanges:\n - 0.0.0.0/0\n allows:\n - protocol: tcp\n ports:\n - '22'\n targetTags:\n - allow-ssh\n direction: INGRESS\n options:\n dependsOn:\n - ${fw1}\n fw3:\n type: gcp:compute:Firewall\n properties:\n name: website-fw-3\n network: ${defaultNetwork.id}\n sourceRanges:\n - 130.211.0.0/22\n - 35.191.0.0/16\n allows:\n - protocol: tcp\n targetTags:\n - load-balanced-backend\n direction: INGRESS\n options:\n dependsOn:\n - ${fw2}\n fw4:\n type: gcp:compute:Firewall\n properties:\n name: website-fw-4\n network: ${defaultNetwork.id}\n sourceRanges:\n - 10.129.0.0/26\n targetTags:\n - load-balanced-backend\n allows:\n - protocol: tcp\n ports:\n - '80'\n - protocol: tcp\n ports:\n - '443'\n - protocol: tcp\n ports:\n - '8000'\n direction: INGRESS\n options:\n dependsOn:\n - ${fw3}\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: website-net\n autoCreateSubnetworks: false\n routingMode: REGIONAL\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: website-net-default\n ipCidrRange: 10.1.2.0/24\n region: us-central1\n network: ${defaultNetwork.id}\n proxy:\n type: gcp:compute:Subnetwork\n properties:\n name: website-net-proxy\n ipCidrRange: 10.129.0.0/26\n region: us-central1\n network: ${defaultNetwork.id}\n purpose: REGIONAL_MANAGED_PROXY\n role: ACTIVE\nvariables:\n debianImage:\n fn::invoke:\n function: gcp:compute:getImage\n arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Forwarding Rule Regional Http Xlb\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst debianImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst defaultNetwork = new gcp.compute.Network(\"default\", {\n name: \"website-net\",\n autoCreateSubnetworks: false,\n routingMode: \"REGIONAL\",\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"website-net-default\",\n ipCidrRange: \"10.1.2.0/24\",\n region: \"us-central1\",\n network: defaultNetwork.id,\n});\nconst instanceTemplate = new gcp.compute.InstanceTemplate(\"instance_template\", {\n name: \"template-website-backend\",\n machineType: \"e2-medium\",\n networkInterfaces: [{\n network: defaultNetwork.id,\n subnetwork: defaultSubnetwork.id,\n }],\n disks: [{\n sourceImage: debianImage.then(debianImage =\u003e debianImage.selfLink),\n autoDelete: true,\n boot: true,\n }],\n tags: [\n \"allow-ssh\",\n \"load-balanced-backend\",\n ],\n});\nconst rigm = new gcp.compute.RegionInstanceGroupManager(\"rigm\", {\n region: \"us-central1\",\n name: \"website-rigm\",\n versions: [{\n instanceTemplate: instanceTemplate.id,\n name: \"primary\",\n }],\n baseInstanceName: \"internal-glb\",\n targetSize: 1,\n});\nconst fw1 = new gcp.compute.Firewall(\"fw1\", {\n name: \"website-fw-1\",\n network: defaultNetwork.id,\n sourceRanges: [\"10.1.2.0/24\"],\n allows: [\n {\n protocol: \"tcp\",\n },\n {\n protocol: \"udp\",\n },\n {\n protocol: \"icmp\",\n },\n ],\n direction: \"INGRESS\",\n});\nconst fw2 = new gcp.compute.Firewall(\"fw2\", {\n name: \"website-fw-2\",\n network: defaultNetwork.id,\n sourceRanges: [\"0.0.0.0/0\"],\n allows: [{\n protocol: \"tcp\",\n ports: [\"22\"],\n }],\n targetTags: [\"allow-ssh\"],\n direction: \"INGRESS\",\n}, {\n dependsOn: [fw1],\n});\nconst fw3 = new gcp.compute.Firewall(\"fw3\", {\n name: \"website-fw-3\",\n network: defaultNetwork.id,\n sourceRanges: [\n \"130.211.0.0/22\",\n \"35.191.0.0/16\",\n ],\n allows: [{\n protocol: \"tcp\",\n }],\n targetTags: [\"load-balanced-backend\"],\n direction: \"INGRESS\",\n}, {\n dependsOn: [fw2],\n});\nconst fw4 = new gcp.compute.Firewall(\"fw4\", {\n name: \"website-fw-4\",\n network: defaultNetwork.id,\n sourceRanges: [\"10.129.0.0/26\"],\n targetTags: [\"load-balanced-backend\"],\n allows: [\n {\n protocol: \"tcp\",\n ports: [\"80\"],\n },\n {\n protocol: \"tcp\",\n ports: [\"443\"],\n },\n {\n protocol: \"tcp\",\n ports: [\"8000\"],\n },\n ],\n direction: \"INGRESS\",\n}, {\n dependsOn: [fw3],\n});\nconst defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck(\"default\", {\n region: \"us-central1\",\n name: \"website-hc\",\n httpHealthCheck: {\n portSpecification: \"USE_SERVING_PORT\",\n },\n}, {\n dependsOn: [fw4],\n});\nconst defaultRegionBackendService = new gcp.compute.RegionBackendService(\"default\", {\n loadBalancingScheme: \"EXTERNAL_MANAGED\",\n backends: [{\n group: rigm.instanceGroup,\n balancingMode: \"UTILIZATION\",\n capacityScaler: 1,\n }],\n region: \"us-central1\",\n name: \"website-backend\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n healthChecks: defaultRegionHealthCheck.id,\n});\nconst defaultRegionUrlMap = new gcp.compute.RegionUrlMap(\"default\", {\n region: \"us-central1\",\n name: \"website-map\",\n defaultService: defaultRegionBackendService.id,\n});\nconst defaultRegionTargetHttpProxy = new gcp.compute.RegionTargetHttpProxy(\"default\", {\n region: \"us-central1\",\n name: \"website-proxy\",\n urlMap: defaultRegionUrlMap.id,\n});\nconst defaultAddress = new gcp.compute.Address(\"default\", {\n name: \"website-ip-1\",\n region: \"us-central1\",\n networkTier: \"STANDARD\",\n});\nconst proxy = new gcp.compute.Subnetwork(\"proxy\", {\n name: \"website-net-proxy\",\n ipCidrRange: \"10.129.0.0/26\",\n region: \"us-central1\",\n network: defaultNetwork.id,\n purpose: \"REGIONAL_MANAGED_PROXY\",\n role: \"ACTIVE\",\n});\n// Forwarding rule for Regional External Load Balancing\nconst _default = new gcp.compute.ForwardingRule(\"default\", {\n name: \"website-forwarding-rule\",\n region: \"us-central1\",\n ipProtocol: \"TCP\",\n loadBalancingScheme: \"EXTERNAL_MANAGED\",\n portRange: \"80\",\n target: defaultRegionTargetHttpProxy.id,\n network: defaultNetwork.id,\n ipAddress: defaultAddress.address,\n networkTier: \"STANDARD\",\n}, {\n dependsOn: [proxy],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndebian_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\ndefault_network = gcp.compute.Network(\"default\",\n name=\"website-net\",\n auto_create_subnetworks=False,\n routing_mode=\"REGIONAL\")\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"website-net-default\",\n ip_cidr_range=\"10.1.2.0/24\",\n region=\"us-central1\",\n network=default_network.id)\ninstance_template = gcp.compute.InstanceTemplate(\"instance_template\",\n name=\"template-website-backend\",\n machine_type=\"e2-medium\",\n network_interfaces=[{\n \"network\": default_network.id,\n \"subnetwork\": default_subnetwork.id,\n }],\n disks=[{\n \"source_image\": debian_image.self_link,\n \"auto_delete\": True,\n \"boot\": True,\n }],\n tags=[\n \"allow-ssh\",\n \"load-balanced-backend\",\n ])\nrigm = gcp.compute.RegionInstanceGroupManager(\"rigm\",\n region=\"us-central1\",\n name=\"website-rigm\",\n versions=[{\n \"instance_template\": instance_template.id,\n \"name\": \"primary\",\n }],\n base_instance_name=\"internal-glb\",\n target_size=1)\nfw1 = gcp.compute.Firewall(\"fw1\",\n name=\"website-fw-1\",\n network=default_network.id,\n source_ranges=[\"10.1.2.0/24\"],\n allows=[\n {\n \"protocol\": \"tcp\",\n },\n {\n \"protocol\": \"udp\",\n },\n {\n \"protocol\": \"icmp\",\n },\n ],\n direction=\"INGRESS\")\nfw2 = gcp.compute.Firewall(\"fw2\",\n name=\"website-fw-2\",\n network=default_network.id,\n source_ranges=[\"0.0.0.0/0\"],\n allows=[{\n \"protocol\": \"tcp\",\n \"ports\": [\"22\"],\n }],\n target_tags=[\"allow-ssh\"],\n direction=\"INGRESS\",\n opts = pulumi.ResourceOptions(depends_on=[fw1]))\nfw3 = gcp.compute.Firewall(\"fw3\",\n name=\"website-fw-3\",\n network=default_network.id,\n source_ranges=[\n \"130.211.0.0/22\",\n \"35.191.0.0/16\",\n ],\n allows=[{\n \"protocol\": \"tcp\",\n }],\n target_tags=[\"load-balanced-backend\"],\n direction=\"INGRESS\",\n opts = pulumi.ResourceOptions(depends_on=[fw2]))\nfw4 = gcp.compute.Firewall(\"fw4\",\n name=\"website-fw-4\",\n network=default_network.id,\n source_ranges=[\"10.129.0.0/26\"],\n target_tags=[\"load-balanced-backend\"],\n allows=[\n {\n \"protocol\": \"tcp\",\n \"ports\": [\"80\"],\n },\n {\n \"protocol\": \"tcp\",\n \"ports\": [\"443\"],\n },\n {\n \"protocol\": \"tcp\",\n \"ports\": [\"8000\"],\n },\n ],\n direction=\"INGRESS\",\n opts = pulumi.ResourceOptions(depends_on=[fw3]))\ndefault_region_health_check = gcp.compute.RegionHealthCheck(\"default\",\n region=\"us-central1\",\n name=\"website-hc\",\n http_health_check={\n \"port_specification\": \"USE_SERVING_PORT\",\n },\n opts = pulumi.ResourceOptions(depends_on=[fw4]))\ndefault_region_backend_service = gcp.compute.RegionBackendService(\"default\",\n load_balancing_scheme=\"EXTERNAL_MANAGED\",\n backends=[{\n \"group\": rigm.instance_group,\n \"balancing_mode\": \"UTILIZATION\",\n \"capacity_scaler\": 1,\n }],\n region=\"us-central1\",\n name=\"website-backend\",\n protocol=\"HTTP\",\n timeout_sec=10,\n health_checks=default_region_health_check.id)\ndefault_region_url_map = gcp.compute.RegionUrlMap(\"default\",\n region=\"us-central1\",\n name=\"website-map\",\n default_service=default_region_backend_service.id)\ndefault_region_target_http_proxy = gcp.compute.RegionTargetHttpProxy(\"default\",\n region=\"us-central1\",\n name=\"website-proxy\",\n url_map=default_region_url_map.id)\ndefault_address = gcp.compute.Address(\"default\",\n name=\"website-ip-1\",\n region=\"us-central1\",\n network_tier=\"STANDARD\")\nproxy = gcp.compute.Subnetwork(\"proxy\",\n name=\"website-net-proxy\",\n ip_cidr_range=\"10.129.0.0/26\",\n region=\"us-central1\",\n network=default_network.id,\n purpose=\"REGIONAL_MANAGED_PROXY\",\n role=\"ACTIVE\")\n# Forwarding rule for Regional External Load Balancing\ndefault = gcp.compute.ForwardingRule(\"default\",\n name=\"website-forwarding-rule\",\n region=\"us-central1\",\n ip_protocol=\"TCP\",\n load_balancing_scheme=\"EXTERNAL_MANAGED\",\n port_range=\"80\",\n target=default_region_target_http_proxy.id,\n network=default_network.id,\n ip_address=default_address.address,\n network_tier=\"STANDARD\",\n opts = pulumi.ResourceOptions(depends_on=[proxy]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var debianImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"website-net\",\n AutoCreateSubnetworks = false,\n RoutingMode = \"REGIONAL\",\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"website-net-default\",\n IpCidrRange = \"10.1.2.0/24\",\n Region = \"us-central1\",\n Network = defaultNetwork.Id,\n });\n\n var instanceTemplate = new Gcp.Compute.InstanceTemplate(\"instance_template\", new()\n {\n Name = \"template-website-backend\",\n MachineType = \"e2-medium\",\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs\n {\n Network = defaultNetwork.Id,\n Subnetwork = defaultSubnetwork.Id,\n },\n },\n Disks = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateDiskArgs\n {\n SourceImage = debianImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n AutoDelete = true,\n Boot = true,\n },\n },\n Tags = new[]\n {\n \"allow-ssh\",\n \"load-balanced-backend\",\n },\n });\n\n var rigm = new Gcp.Compute.RegionInstanceGroupManager(\"rigm\", new()\n {\n Region = \"us-central1\",\n Name = \"website-rigm\",\n Versions = new[]\n {\n new Gcp.Compute.Inputs.RegionInstanceGroupManagerVersionArgs\n {\n InstanceTemplate = instanceTemplate.Id,\n Name = \"primary\",\n },\n },\n BaseInstanceName = \"internal-glb\",\n TargetSize = 1,\n });\n\n var fw1 = new Gcp.Compute.Firewall(\"fw1\", new()\n {\n Name = \"website-fw-1\",\n Network = defaultNetwork.Id,\n SourceRanges = new[]\n {\n \"10.1.2.0/24\",\n },\n Allows = new[]\n {\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"tcp\",\n },\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"udp\",\n },\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"icmp\",\n },\n },\n Direction = \"INGRESS\",\n });\n\n var fw2 = new Gcp.Compute.Firewall(\"fw2\", new()\n {\n Name = \"website-fw-2\",\n Network = defaultNetwork.Id,\n SourceRanges = new[]\n {\n \"0.0.0.0/0\",\n },\n Allows = new[]\n {\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"tcp\",\n Ports = new[]\n {\n \"22\",\n },\n },\n },\n TargetTags = new[]\n {\n \"allow-ssh\",\n },\n Direction = \"INGRESS\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n fw1,\n },\n });\n\n var fw3 = new Gcp.Compute.Firewall(\"fw3\", new()\n {\n Name = \"website-fw-3\",\n Network = defaultNetwork.Id,\n SourceRanges = new[]\n {\n \"130.211.0.0/22\",\n \"35.191.0.0/16\",\n },\n Allows = new[]\n {\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"tcp\",\n },\n },\n TargetTags = new[]\n {\n \"load-balanced-backend\",\n },\n Direction = \"INGRESS\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n fw2,\n },\n });\n\n var fw4 = new Gcp.Compute.Firewall(\"fw4\", new()\n {\n Name = \"website-fw-4\",\n Network = defaultNetwork.Id,\n SourceRanges = new[]\n {\n \"10.129.0.0/26\",\n },\n TargetTags = new[]\n {\n \"load-balanced-backend\",\n },\n Allows = new[]\n {\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"tcp\",\n Ports = new[]\n {\n \"80\",\n },\n },\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"tcp\",\n Ports = new[]\n {\n \"443\",\n },\n },\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"tcp\",\n Ports = new[]\n {\n \"8000\",\n },\n },\n },\n Direction = \"INGRESS\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n fw3,\n },\n });\n\n var defaultRegionHealthCheck = new Gcp.Compute.RegionHealthCheck(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"website-hc\",\n HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs\n {\n PortSpecification = \"USE_SERVING_PORT\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n fw4,\n },\n });\n\n var defaultRegionBackendService = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n LoadBalancingScheme = \"EXTERNAL_MANAGED\",\n Backends = new[]\n {\n new Gcp.Compute.Inputs.RegionBackendServiceBackendArgs\n {\n Group = rigm.InstanceGroup,\n BalancingMode = \"UTILIZATION\",\n CapacityScaler = 1,\n },\n },\n Region = \"us-central1\",\n Name = \"website-backend\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n HealthChecks = defaultRegionHealthCheck.Id,\n });\n\n var defaultRegionUrlMap = new Gcp.Compute.RegionUrlMap(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"website-map\",\n DefaultService = defaultRegionBackendService.Id,\n });\n\n var defaultRegionTargetHttpProxy = new Gcp.Compute.RegionTargetHttpProxy(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"website-proxy\",\n UrlMap = defaultRegionUrlMap.Id,\n });\n\n var defaultAddress = new Gcp.Compute.Address(\"default\", new()\n {\n Name = \"website-ip-1\",\n Region = \"us-central1\",\n NetworkTier = \"STANDARD\",\n });\n\n var proxy = new Gcp.Compute.Subnetwork(\"proxy\", new()\n {\n Name = \"website-net-proxy\",\n IpCidrRange = \"10.129.0.0/26\",\n Region = \"us-central1\",\n Network = defaultNetwork.Id,\n Purpose = \"REGIONAL_MANAGED_PROXY\",\n Role = \"ACTIVE\",\n });\n\n // Forwarding rule for Regional External Load Balancing\n var @default = new Gcp.Compute.ForwardingRule(\"default\", new()\n {\n Name = \"website-forwarding-rule\",\n Region = \"us-central1\",\n IpProtocol = \"TCP\",\n LoadBalancingScheme = \"EXTERNAL_MANAGED\",\n PortRange = \"80\",\n Target = defaultRegionTargetHttpProxy.Id,\n Network = defaultNetwork.Id,\n IpAddress = defaultAddress.IPAddress,\n NetworkTier = \"STANDARD\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n proxy,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdebianImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"website-net\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t\tRoutingMode: pulumi.String(\"REGIONAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"website-net-default\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.1.2.0/24\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstanceTemplate, err := compute.NewInstanceTemplate(ctx, \"instance_template\", \u0026compute.InstanceTemplateArgs{\n\t\t\tName: pulumi.String(\"template-website-backend\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tNetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceTemplateNetworkInterfaceArgs{\n\t\t\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDisks: compute.InstanceTemplateDiskArray{\n\t\t\t\t\u0026compute.InstanceTemplateDiskArgs{\n\t\t\t\t\tSourceImage: pulumi.String(debianImage.SelfLink),\n\t\t\t\t\tAutoDelete: pulumi.Bool(true),\n\t\t\t\t\tBoot: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"allow-ssh\"),\n\t\t\t\tpulumi.String(\"load-balanced-backend\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trigm, err := compute.NewRegionInstanceGroupManager(ctx, \"rigm\", \u0026compute.RegionInstanceGroupManagerArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"website-rigm\"),\n\t\t\tVersions: compute.RegionInstanceGroupManagerVersionArray{\n\t\t\t\t\u0026compute.RegionInstanceGroupManagerVersionArgs{\n\t\t\t\t\tInstanceTemplate: instanceTemplate.ID(),\n\t\t\t\t\tName: pulumi.String(\"primary\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tBaseInstanceName: pulumi.String(\"internal-glb\"),\n\t\t\tTargetSize: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfw1, err := compute.NewFirewall(ctx, \"fw1\", \u0026compute.FirewallArgs{\n\t\t\tName: pulumi.String(\"website-fw-1\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tSourceRanges: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"10.1.2.0/24\"),\n\t\t\t},\n\t\t\tAllows: compute.FirewallAllowArray{\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t},\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"udp\"),\n\t\t\t\t},\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"icmp\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDirection: pulumi.String(\"INGRESS\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfw2, err := compute.NewFirewall(ctx, \"fw2\", \u0026compute.FirewallArgs{\n\t\t\tName: pulumi.String(\"website-fw-2\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tSourceRanges: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"0.0.0.0/0\"),\n\t\t\t},\n\t\t\tAllows: compute.FirewallAllowArray{\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\tPorts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"22\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTargetTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"allow-ssh\"),\n\t\t\t},\n\t\t\tDirection: pulumi.String(\"INGRESS\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfw1,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfw3, err := compute.NewFirewall(ctx, \"fw3\", \u0026compute.FirewallArgs{\n\t\t\tName: pulumi.String(\"website-fw-3\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tSourceRanges: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"130.211.0.0/22\"),\n\t\t\t\tpulumi.String(\"35.191.0.0/16\"),\n\t\t\t},\n\t\t\tAllows: compute.FirewallAllowArray{\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTargetTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"load-balanced-backend\"),\n\t\t\t},\n\t\t\tDirection: pulumi.String(\"INGRESS\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfw2,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfw4, err := compute.NewFirewall(ctx, \"fw4\", \u0026compute.FirewallArgs{\n\t\t\tName: pulumi.String(\"website-fw-4\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tSourceRanges: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"10.129.0.0/26\"),\n\t\t\t},\n\t\t\tTargetTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"load-balanced-backend\"),\n\t\t\t},\n\t\t\tAllows: compute.FirewallAllowArray{\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\tPorts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"80\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\tPorts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"443\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\tPorts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"8000\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDirection: pulumi.String(\"INGRESS\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfw3,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionHealthCheck, err := compute.NewRegionHealthCheck(ctx, \"default\", \u0026compute.RegionHealthCheckArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"website-hc\"),\n\t\t\tHttpHealthCheck: \u0026compute.RegionHealthCheckHttpHealthCheckArgs{\n\t\t\t\tPortSpecification: pulumi.String(\"USE_SERVING_PORT\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfw4,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionBackendService, err := compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL_MANAGED\"),\n\t\t\tBackends: compute.RegionBackendServiceBackendArray{\n\t\t\t\t\u0026compute.RegionBackendServiceBackendArgs{\n\t\t\t\t\tGroup: rigm.InstanceGroup,\n\t\t\t\t\tBalancingMode: pulumi.String(\"UTILIZATION\"),\n\t\t\t\t\tCapacityScaler: pulumi.Float64(1),\n\t\t\t\t},\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"website-backend\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tHealthChecks: defaultRegionHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionUrlMap, err := compute.NewRegionUrlMap(ctx, \"default\", \u0026compute.RegionUrlMapArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"website-map\"),\n\t\t\tDefaultService: defaultRegionBackendService.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionTargetHttpProxy, err := compute.NewRegionTargetHttpProxy(ctx, \"default\", \u0026compute.RegionTargetHttpProxyArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"website-proxy\"),\n\t\t\tUrlMap: defaultRegionUrlMap.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultAddress, err := compute.NewAddress(ctx, \"default\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"website-ip-1\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetworkTier: pulumi.String(\"STANDARD\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproxy, err := compute.NewSubnetwork(ctx, \"proxy\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"website-net-proxy\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.129.0.0/26\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tPurpose: pulumi.String(\"REGIONAL_MANAGED_PROXY\"),\n\t\t\tRole: pulumi.String(\"ACTIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Forwarding rule for Regional External Load Balancing\n\t\t_, err = compute.NewForwardingRule(ctx, \"default\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"website-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tIpProtocol: pulumi.String(\"TCP\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL_MANAGED\"),\n\t\t\tPortRange: pulumi.String(\"80\"),\n\t\t\tTarget: defaultRegionTargetHttpProxy.ID(),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tIpAddress: defaultAddress.Address,\n\t\t\tNetworkTier: pulumi.String(\"STANDARD\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tproxy,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.InstanceTemplate;\nimport com.pulumi.gcp.compute.InstanceTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;\nimport com.pulumi.gcp.compute.RegionInstanceGroupManager;\nimport com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;\nimport com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;\nimport com.pulumi.gcp.compute.Firewall;\nimport com.pulumi.gcp.compute.FirewallArgs;\nimport com.pulumi.gcp.compute.inputs.FirewallAllowArgs;\nimport com.pulumi.gcp.compute.RegionHealthCheck;\nimport com.pulumi.gcp.compute.RegionHealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs;\nimport com.pulumi.gcp.compute.RegionUrlMap;\nimport com.pulumi.gcp.compute.RegionUrlMapArgs;\nimport com.pulumi.gcp.compute.RegionTargetHttpProxy;\nimport com.pulumi.gcp.compute.RegionTargetHttpProxyArgs;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var debianImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"website-net\")\n .autoCreateSubnetworks(false)\n .routingMode(\"REGIONAL\")\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"website-net-default\")\n .ipCidrRange(\"10.1.2.0/24\")\n .region(\"us-central1\")\n .network(defaultNetwork.id())\n .build());\n\n var instanceTemplate = new InstanceTemplate(\"instanceTemplate\", InstanceTemplateArgs.builder()\n .name(\"template-website-backend\")\n .machineType(\"e2-medium\")\n .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()\n .network(defaultNetwork.id())\n .subnetwork(defaultSubnetwork.id())\n .build())\n .disks(InstanceTemplateDiskArgs.builder()\n .sourceImage(debianImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .autoDelete(true)\n .boot(true)\n .build())\n .tags( \n \"allow-ssh\",\n \"load-balanced-backend\")\n .build());\n\n var rigm = new RegionInstanceGroupManager(\"rigm\", RegionInstanceGroupManagerArgs.builder()\n .region(\"us-central1\")\n .name(\"website-rigm\")\n .versions(RegionInstanceGroupManagerVersionArgs.builder()\n .instanceTemplate(instanceTemplate.id())\n .name(\"primary\")\n .build())\n .baseInstanceName(\"internal-glb\")\n .targetSize(1)\n .build());\n\n var fw1 = new Firewall(\"fw1\", FirewallArgs.builder()\n .name(\"website-fw-1\")\n .network(defaultNetwork.id())\n .sourceRanges(\"10.1.2.0/24\")\n .allows( \n FirewallAllowArgs.builder()\n .protocol(\"tcp\")\n .build(),\n FirewallAllowArgs.builder()\n .protocol(\"udp\")\n .build(),\n FirewallAllowArgs.builder()\n .protocol(\"icmp\")\n .build())\n .direction(\"INGRESS\")\n .build());\n\n var fw2 = new Firewall(\"fw2\", FirewallArgs.builder()\n .name(\"website-fw-2\")\n .network(defaultNetwork.id())\n .sourceRanges(\"0.0.0.0/0\")\n .allows(FirewallAllowArgs.builder()\n .protocol(\"tcp\")\n .ports(\"22\")\n .build())\n .targetTags(\"allow-ssh\")\n .direction(\"INGRESS\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(fw1)\n .build());\n\n var fw3 = new Firewall(\"fw3\", FirewallArgs.builder()\n .name(\"website-fw-3\")\n .network(defaultNetwork.id())\n .sourceRanges( \n \"130.211.0.0/22\",\n \"35.191.0.0/16\")\n .allows(FirewallAllowArgs.builder()\n .protocol(\"tcp\")\n .build())\n .targetTags(\"load-balanced-backend\")\n .direction(\"INGRESS\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(fw2)\n .build());\n\n var fw4 = new Firewall(\"fw4\", FirewallArgs.builder()\n .name(\"website-fw-4\")\n .network(defaultNetwork.id())\n .sourceRanges(\"10.129.0.0/26\")\n .targetTags(\"load-balanced-backend\")\n .allows( \n FirewallAllowArgs.builder()\n .protocol(\"tcp\")\n .ports(\"80\")\n .build(),\n FirewallAllowArgs.builder()\n .protocol(\"tcp\")\n .ports(\"443\")\n .build(),\n FirewallAllowArgs.builder()\n .protocol(\"tcp\")\n .ports(\"8000\")\n .build())\n .direction(\"INGRESS\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(fw3)\n .build());\n\n var defaultRegionHealthCheck = new RegionHealthCheck(\"defaultRegionHealthCheck\", RegionHealthCheckArgs.builder()\n .region(\"us-central1\")\n .name(\"website-hc\")\n .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()\n .portSpecification(\"USE_SERVING_PORT\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(fw4)\n .build());\n\n var defaultRegionBackendService = new RegionBackendService(\"defaultRegionBackendService\", RegionBackendServiceArgs.builder()\n .loadBalancingScheme(\"EXTERNAL_MANAGED\")\n .backends(RegionBackendServiceBackendArgs.builder()\n .group(rigm.instanceGroup())\n .balancingMode(\"UTILIZATION\")\n .capacityScaler(1)\n .build())\n .region(\"us-central1\")\n .name(\"website-backend\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .healthChecks(defaultRegionHealthCheck.id())\n .build());\n\n var defaultRegionUrlMap = new RegionUrlMap(\"defaultRegionUrlMap\", RegionUrlMapArgs.builder()\n .region(\"us-central1\")\n .name(\"website-map\")\n .defaultService(defaultRegionBackendService.id())\n .build());\n\n var defaultRegionTargetHttpProxy = new RegionTargetHttpProxy(\"defaultRegionTargetHttpProxy\", RegionTargetHttpProxyArgs.builder()\n .region(\"us-central1\")\n .name(\"website-proxy\")\n .urlMap(defaultRegionUrlMap.id())\n .build());\n\n var defaultAddress = new Address(\"defaultAddress\", AddressArgs.builder()\n .name(\"website-ip-1\")\n .region(\"us-central1\")\n .networkTier(\"STANDARD\")\n .build());\n\n var proxy = new Subnetwork(\"proxy\", SubnetworkArgs.builder()\n .name(\"website-net-proxy\")\n .ipCidrRange(\"10.129.0.0/26\")\n .region(\"us-central1\")\n .network(defaultNetwork.id())\n .purpose(\"REGIONAL_MANAGED_PROXY\")\n .role(\"ACTIVE\")\n .build());\n\n // Forwarding rule for Regional External Load Balancing\n var default_ = new ForwardingRule(\"default\", ForwardingRuleArgs.builder()\n .name(\"website-forwarding-rule\")\n .region(\"us-central1\")\n .ipProtocol(\"TCP\")\n .loadBalancingScheme(\"EXTERNAL_MANAGED\")\n .portRange(\"80\")\n .target(defaultRegionTargetHttpProxy.id())\n .network(defaultNetwork.id())\n .ipAddress(defaultAddress.address())\n .networkTier(\"STANDARD\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(proxy)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Forwarding rule for Regional External Load Balancing\n default:\n type: gcp:compute:ForwardingRule\n properties:\n name: website-forwarding-rule\n region: us-central1\n ipProtocol: TCP\n loadBalancingScheme: EXTERNAL_MANAGED\n portRange: '80'\n target: ${defaultRegionTargetHttpProxy.id}\n network: ${defaultNetwork.id}\n ipAddress: ${defaultAddress.address}\n networkTier: STANDARD\n options:\n dependsOn:\n - ${proxy}\n defaultRegionTargetHttpProxy:\n type: gcp:compute:RegionTargetHttpProxy\n name: default\n properties:\n region: us-central1\n name: website-proxy\n urlMap: ${defaultRegionUrlMap.id}\n defaultRegionUrlMap:\n type: gcp:compute:RegionUrlMap\n name: default\n properties:\n region: us-central1\n name: website-map\n defaultService: ${defaultRegionBackendService.id}\n defaultRegionBackendService:\n type: gcp:compute:RegionBackendService\n name: default\n properties:\n loadBalancingScheme: EXTERNAL_MANAGED\n backends:\n - group: ${rigm.instanceGroup}\n balancingMode: UTILIZATION\n capacityScaler: 1\n region: us-central1\n name: website-backend\n protocol: HTTP\n timeoutSec: 10\n healthChecks: ${defaultRegionHealthCheck.id}\n rigm:\n type: gcp:compute:RegionInstanceGroupManager\n properties:\n region: us-central1\n name: website-rigm\n versions:\n - instanceTemplate: ${instanceTemplate.id}\n name: primary\n baseInstanceName: internal-glb\n targetSize: 1\n instanceTemplate:\n type: gcp:compute:InstanceTemplate\n name: instance_template\n properties:\n name: template-website-backend\n machineType: e2-medium\n networkInterfaces:\n - network: ${defaultNetwork.id}\n subnetwork: ${defaultSubnetwork.id}\n disks:\n - sourceImage: ${debianImage.selfLink}\n autoDelete: true\n boot: true\n tags:\n - allow-ssh\n - load-balanced-backend\n defaultRegionHealthCheck:\n type: gcp:compute:RegionHealthCheck\n name: default\n properties:\n region: us-central1\n name: website-hc\n httpHealthCheck:\n portSpecification: USE_SERVING_PORT\n options:\n dependsOn:\n - ${fw4}\n defaultAddress:\n type: gcp:compute:Address\n name: default\n properties:\n name: website-ip-1\n region: us-central1\n networkTier: STANDARD\n fw1:\n type: gcp:compute:Firewall\n properties:\n name: website-fw-1\n network: ${defaultNetwork.id}\n sourceRanges:\n - 10.1.2.0/24\n allows:\n - protocol: tcp\n - protocol: udp\n - protocol: icmp\n direction: INGRESS\n fw2:\n type: gcp:compute:Firewall\n properties:\n name: website-fw-2\n network: ${defaultNetwork.id}\n sourceRanges:\n - 0.0.0.0/0\n allows:\n - protocol: tcp\n ports:\n - '22'\n targetTags:\n - allow-ssh\n direction: INGRESS\n options:\n dependsOn:\n - ${fw1}\n fw3:\n type: gcp:compute:Firewall\n properties:\n name: website-fw-3\n network: ${defaultNetwork.id}\n sourceRanges:\n - 130.211.0.0/22\n - 35.191.0.0/16\n allows:\n - protocol: tcp\n targetTags:\n - load-balanced-backend\n direction: INGRESS\n options:\n dependsOn:\n - ${fw2}\n fw4:\n type: gcp:compute:Firewall\n properties:\n name: website-fw-4\n network: ${defaultNetwork.id}\n sourceRanges:\n - 10.129.0.0/26\n targetTags:\n - load-balanced-backend\n allows:\n - protocol: tcp\n ports:\n - '80'\n - protocol: tcp\n ports:\n - '443'\n - protocol: tcp\n ports:\n - '8000'\n direction: INGRESS\n options:\n dependsOn:\n - ${fw3}\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: website-net\n autoCreateSubnetworks: false\n routingMode: REGIONAL\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: website-net-default\n ipCidrRange: 10.1.2.0/24\n region: us-central1\n network: ${defaultNetwork.id}\n proxy:\n type: gcp:compute:Subnetwork\n properties:\n name: website-net-proxy\n ipCidrRange: 10.129.0.0/26\n region: us-central1\n network: ${defaultNetwork.id}\n purpose: REGIONAL_MANAGED_PROXY\n role: ACTIVE\nvariables:\n debianImage:\n fn::invoke:\n function: gcp:compute:getImage\n arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Forwarding Rule Vpc Psc\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n// Consumer service endpoint\nconst consumerNet = new gcp.compute.Network(\"consumer_net\", {\n name: \"consumer-net\",\n autoCreateSubnetworks: false,\n});\nconst consumerSubnet = new gcp.compute.Subnetwork(\"consumer_subnet\", {\n name: \"consumer-net\",\n ipCidrRange: \"10.0.0.0/16\",\n region: \"us-central1\",\n network: consumerNet.id,\n});\nconst consumerAddress = new gcp.compute.Address(\"consumer_address\", {\n name: \"website-ip-1\",\n region: \"us-central1\",\n subnetwork: consumerSubnet.id,\n addressType: \"INTERNAL\",\n});\n// Producer service attachment\nconst producerNet = new gcp.compute.Network(\"producer_net\", {\n name: \"producer-net\",\n autoCreateSubnetworks: false,\n});\nconst pscProducerSubnet = new gcp.compute.Subnetwork(\"psc_producer_subnet\", {\n name: \"producer-psc-net\",\n ipCidrRange: \"10.1.0.0/16\",\n region: \"us-central1\",\n purpose: \"PRIVATE_SERVICE_CONNECT\",\n network: producerNet.id,\n});\nconst producerSubnet = new gcp.compute.Subnetwork(\"producer_subnet\", {\n name: \"producer-net\",\n ipCidrRange: \"10.0.0.0/16\",\n region: \"us-central1\",\n network: producerNet.id,\n});\nconst producerServiceHealthCheck = new gcp.compute.HealthCheck(\"producer_service_health_check\", {\n name: \"producer-service-health-check\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst producerServiceBackend = new gcp.compute.RegionBackendService(\"producer_service_backend\", {\n name: \"producer-service-backend\",\n region: \"us-central1\",\n healthChecks: producerServiceHealthCheck.id,\n});\nconst producerTargetService = new gcp.compute.ForwardingRule(\"producer_target_service\", {\n name: \"producer-forwarding-rule\",\n region: \"us-central1\",\n loadBalancingScheme: \"INTERNAL\",\n backendService: producerServiceBackend.id,\n allPorts: true,\n network: producerNet.name,\n subnetwork: producerSubnet.name,\n});\nconst producerServiceAttachment = new gcp.compute.ServiceAttachment(\"producer_service_attachment\", {\n name: \"producer-service\",\n region: \"us-central1\",\n description: \"A service attachment configured with Terraform\",\n enableProxyProtocol: true,\n connectionPreference: \"ACCEPT_AUTOMATIC\",\n natSubnets: [pscProducerSubnet.name],\n targetService: producerTargetService.id,\n});\n// Forwarding rule for VPC private service connect\nconst _default = new gcp.compute.ForwardingRule(\"default\", {\n name: \"psc-endpoint\",\n region: \"us-central1\",\n loadBalancingScheme: \"\",\n target: producerServiceAttachment.id,\n network: consumerNet.name,\n ipAddress: consumerAddress.id,\n allowPscGlobalAccess: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n# Consumer service endpoint\nconsumer_net = gcp.compute.Network(\"consumer_net\",\n name=\"consumer-net\",\n auto_create_subnetworks=False)\nconsumer_subnet = gcp.compute.Subnetwork(\"consumer_subnet\",\n name=\"consumer-net\",\n ip_cidr_range=\"10.0.0.0/16\",\n region=\"us-central1\",\n network=consumer_net.id)\nconsumer_address = gcp.compute.Address(\"consumer_address\",\n name=\"website-ip-1\",\n region=\"us-central1\",\n subnetwork=consumer_subnet.id,\n address_type=\"INTERNAL\")\n# Producer service attachment\nproducer_net = gcp.compute.Network(\"producer_net\",\n name=\"producer-net\",\n auto_create_subnetworks=False)\npsc_producer_subnet = gcp.compute.Subnetwork(\"psc_producer_subnet\",\n name=\"producer-psc-net\",\n ip_cidr_range=\"10.1.0.0/16\",\n region=\"us-central1\",\n purpose=\"PRIVATE_SERVICE_CONNECT\",\n network=producer_net.id)\nproducer_subnet = gcp.compute.Subnetwork(\"producer_subnet\",\n name=\"producer-net\",\n ip_cidr_range=\"10.0.0.0/16\",\n region=\"us-central1\",\n network=producer_net.id)\nproducer_service_health_check = gcp.compute.HealthCheck(\"producer_service_health_check\",\n name=\"producer-service-health-check\",\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\nproducer_service_backend = gcp.compute.RegionBackendService(\"producer_service_backend\",\n name=\"producer-service-backend\",\n region=\"us-central1\",\n health_checks=producer_service_health_check.id)\nproducer_target_service = gcp.compute.ForwardingRule(\"producer_target_service\",\n name=\"producer-forwarding-rule\",\n region=\"us-central1\",\n load_balancing_scheme=\"INTERNAL\",\n backend_service=producer_service_backend.id,\n all_ports=True,\n network=producer_net.name,\n subnetwork=producer_subnet.name)\nproducer_service_attachment = gcp.compute.ServiceAttachment(\"producer_service_attachment\",\n name=\"producer-service\",\n region=\"us-central1\",\n description=\"A service attachment configured with Terraform\",\n enable_proxy_protocol=True,\n connection_preference=\"ACCEPT_AUTOMATIC\",\n nat_subnets=[psc_producer_subnet.name],\n target_service=producer_target_service.id)\n# Forwarding rule for VPC private service connect\ndefault = gcp.compute.ForwardingRule(\"default\",\n name=\"psc-endpoint\",\n region=\"us-central1\",\n load_balancing_scheme=\"\",\n target=producer_service_attachment.id,\n network=consumer_net.name,\n ip_address=consumer_address.id,\n allow_psc_global_access=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Consumer service endpoint\n var consumerNet = new Gcp.Compute.Network(\"consumer_net\", new()\n {\n Name = \"consumer-net\",\n AutoCreateSubnetworks = false,\n });\n\n var consumerSubnet = new Gcp.Compute.Subnetwork(\"consumer_subnet\", new()\n {\n Name = \"consumer-net\",\n IpCidrRange = \"10.0.0.0/16\",\n Region = \"us-central1\",\n Network = consumerNet.Id,\n });\n\n var consumerAddress = new Gcp.Compute.Address(\"consumer_address\", new()\n {\n Name = \"website-ip-1\",\n Region = \"us-central1\",\n Subnetwork = consumerSubnet.Id,\n AddressType = \"INTERNAL\",\n });\n\n // Producer service attachment\n var producerNet = new Gcp.Compute.Network(\"producer_net\", new()\n {\n Name = \"producer-net\",\n AutoCreateSubnetworks = false,\n });\n\n var pscProducerSubnet = new Gcp.Compute.Subnetwork(\"psc_producer_subnet\", new()\n {\n Name = \"producer-psc-net\",\n IpCidrRange = \"10.1.0.0/16\",\n Region = \"us-central1\",\n Purpose = \"PRIVATE_SERVICE_CONNECT\",\n Network = producerNet.Id,\n });\n\n var producerSubnet = new Gcp.Compute.Subnetwork(\"producer_subnet\", new()\n {\n Name = \"producer-net\",\n IpCidrRange = \"10.0.0.0/16\",\n Region = \"us-central1\",\n Network = producerNet.Id,\n });\n\n var producerServiceHealthCheck = new Gcp.Compute.HealthCheck(\"producer_service_health_check\", new()\n {\n Name = \"producer-service-health-check\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var producerServiceBackend = new Gcp.Compute.RegionBackendService(\"producer_service_backend\", new()\n {\n Name = \"producer-service-backend\",\n Region = \"us-central1\",\n HealthChecks = producerServiceHealthCheck.Id,\n });\n\n var producerTargetService = new Gcp.Compute.ForwardingRule(\"producer_target_service\", new()\n {\n Name = \"producer-forwarding-rule\",\n Region = \"us-central1\",\n LoadBalancingScheme = \"INTERNAL\",\n BackendService = producerServiceBackend.Id,\n AllPorts = true,\n Network = producerNet.Name,\n Subnetwork = producerSubnet.Name,\n });\n\n var producerServiceAttachment = new Gcp.Compute.ServiceAttachment(\"producer_service_attachment\", new()\n {\n Name = \"producer-service\",\n Region = \"us-central1\",\n Description = \"A service attachment configured with Terraform\",\n EnableProxyProtocol = true,\n ConnectionPreference = \"ACCEPT_AUTOMATIC\",\n NatSubnets = new[]\n {\n pscProducerSubnet.Name,\n },\n TargetService = producerTargetService.Id,\n });\n\n // Forwarding rule for VPC private service connect\n var @default = new Gcp.Compute.ForwardingRule(\"default\", new()\n {\n Name = \"psc-endpoint\",\n Region = \"us-central1\",\n LoadBalancingScheme = \"\",\n Target = producerServiceAttachment.Id,\n Network = consumerNet.Name,\n IpAddress = consumerAddress.Id,\n AllowPscGlobalAccess = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Consumer service endpoint\n\t\tconsumerNet, err := compute.NewNetwork(ctx, \"consumer_net\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"consumer-net\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tconsumerSubnet, err := compute.NewSubnetwork(ctx, \"consumer_subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"consumer-net\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: consumerNet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tconsumerAddress, err := compute.NewAddress(ctx, \"consumer_address\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"website-ip-1\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tSubnetwork: consumerSubnet.ID(),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Producer service attachment\n\t\tproducerNet, err := compute.NewNetwork(ctx, \"producer_net\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"producer-net\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscProducerSubnet, err := compute.NewSubnetwork(ctx, \"psc_producer_subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"producer-psc-net\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.1.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tPurpose: pulumi.String(\"PRIVATE_SERVICE_CONNECT\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerSubnet, err := compute.NewSubnetwork(ctx, \"producer_subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"producer-net\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerServiceHealthCheck, err := compute.NewHealthCheck(ctx, \"producer_service_health_check\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"producer-service-health-check\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerServiceBackend, err := compute.NewRegionBackendService(ctx, \"producer_service_backend\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"producer-service-backend\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHealthChecks: producerServiceHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerTargetService, err := compute.NewForwardingRule(ctx, \"producer_target_service\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"producer-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL\"),\n\t\t\tBackendService: producerServiceBackend.ID(),\n\t\t\tAllPorts: pulumi.Bool(true),\n\t\t\tNetwork: producerNet.Name,\n\t\t\tSubnetwork: producerSubnet.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerServiceAttachment, err := compute.NewServiceAttachment(ctx, \"producer_service_attachment\", \u0026compute.ServiceAttachmentArgs{\n\t\t\tName: pulumi.String(\"producer-service\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"A service attachment configured with Terraform\"),\n\t\t\tEnableProxyProtocol: pulumi.Bool(true),\n\t\t\tConnectionPreference: pulumi.String(\"ACCEPT_AUTOMATIC\"),\n\t\t\tNatSubnets: pulumi.StringArray{\n\t\t\t\tpscProducerSubnet.Name,\n\t\t\t},\n\t\t\tTargetService: producerTargetService.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Forwarding rule for VPC private service connect\n\t\t_, err = compute.NewForwardingRule(ctx, \"default\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"psc-endpoint\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"\"),\n\t\t\tTarget: producerServiceAttachment.ID(),\n\t\t\tNetwork: consumerNet.Name,\n\t\t\tIpAddress: consumerAddress.ID(),\n\t\t\tAllowPscGlobalAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.compute.ServiceAttachment;\nimport com.pulumi.gcp.compute.ServiceAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Consumer service endpoint\n var consumerNet = new Network(\"consumerNet\", NetworkArgs.builder()\n .name(\"consumer-net\")\n .autoCreateSubnetworks(false)\n .build());\n\n var consumerSubnet = new Subnetwork(\"consumerSubnet\", SubnetworkArgs.builder()\n .name(\"consumer-net\")\n .ipCidrRange(\"10.0.0.0/16\")\n .region(\"us-central1\")\n .network(consumerNet.id())\n .build());\n\n var consumerAddress = new Address(\"consumerAddress\", AddressArgs.builder()\n .name(\"website-ip-1\")\n .region(\"us-central1\")\n .subnetwork(consumerSubnet.id())\n .addressType(\"INTERNAL\")\n .build());\n\n // Producer service attachment\n var producerNet = new Network(\"producerNet\", NetworkArgs.builder()\n .name(\"producer-net\")\n .autoCreateSubnetworks(false)\n .build());\n\n var pscProducerSubnet = new Subnetwork(\"pscProducerSubnet\", SubnetworkArgs.builder()\n .name(\"producer-psc-net\")\n .ipCidrRange(\"10.1.0.0/16\")\n .region(\"us-central1\")\n .purpose(\"PRIVATE_SERVICE_CONNECT\")\n .network(producerNet.id())\n .build());\n\n var producerSubnet = new Subnetwork(\"producerSubnet\", SubnetworkArgs.builder()\n .name(\"producer-net\")\n .ipCidrRange(\"10.0.0.0/16\")\n .region(\"us-central1\")\n .network(producerNet.id())\n .build());\n\n var producerServiceHealthCheck = new HealthCheck(\"producerServiceHealthCheck\", HealthCheckArgs.builder()\n .name(\"producer-service-health-check\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n var producerServiceBackend = new RegionBackendService(\"producerServiceBackend\", RegionBackendServiceArgs.builder()\n .name(\"producer-service-backend\")\n .region(\"us-central1\")\n .healthChecks(producerServiceHealthCheck.id())\n .build());\n\n var producerTargetService = new ForwardingRule(\"producerTargetService\", ForwardingRuleArgs.builder()\n .name(\"producer-forwarding-rule\")\n .region(\"us-central1\")\n .loadBalancingScheme(\"INTERNAL\")\n .backendService(producerServiceBackend.id())\n .allPorts(true)\n .network(producerNet.name())\n .subnetwork(producerSubnet.name())\n .build());\n\n var producerServiceAttachment = new ServiceAttachment(\"producerServiceAttachment\", ServiceAttachmentArgs.builder()\n .name(\"producer-service\")\n .region(\"us-central1\")\n .description(\"A service attachment configured with Terraform\")\n .enableProxyProtocol(true)\n .connectionPreference(\"ACCEPT_AUTOMATIC\")\n .natSubnets(pscProducerSubnet.name())\n .targetService(producerTargetService.id())\n .build());\n\n // Forwarding rule for VPC private service connect\n var default_ = new ForwardingRule(\"default\", ForwardingRuleArgs.builder()\n .name(\"psc-endpoint\")\n .region(\"us-central1\")\n .loadBalancingScheme(\"\")\n .target(producerServiceAttachment.id())\n .network(consumerNet.name())\n .ipAddress(consumerAddress.id())\n .allowPscGlobalAccess(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Forwarding rule for VPC private service connect\n default:\n type: gcp:compute:ForwardingRule\n properties:\n name: psc-endpoint\n region: us-central1\n loadBalancingScheme: \"\"\n target: ${producerServiceAttachment.id}\n network: ${consumerNet.name}\n ipAddress: ${consumerAddress.id}\n allowPscGlobalAccess: true\n # Consumer service endpoint\n consumerNet:\n type: gcp:compute:Network\n name: consumer_net\n properties:\n name: consumer-net\n autoCreateSubnetworks: false\n consumerSubnet:\n type: gcp:compute:Subnetwork\n name: consumer_subnet\n properties:\n name: consumer-net\n ipCidrRange: 10.0.0.0/16\n region: us-central1\n network: ${consumerNet.id}\n consumerAddress:\n type: gcp:compute:Address\n name: consumer_address\n properties:\n name: website-ip-1\n region: us-central1\n subnetwork: ${consumerSubnet.id}\n addressType: INTERNAL\n # Producer service attachment\n producerNet:\n type: gcp:compute:Network\n name: producer_net\n properties:\n name: producer-net\n autoCreateSubnetworks: false\n producerSubnet:\n type: gcp:compute:Subnetwork\n name: producer_subnet\n properties:\n name: producer-net\n ipCidrRange: 10.0.0.0/16\n region: us-central1\n network: ${producerNet.id}\n pscProducerSubnet:\n type: gcp:compute:Subnetwork\n name: psc_producer_subnet\n properties:\n name: producer-psc-net\n ipCidrRange: 10.1.0.0/16\n region: us-central1\n purpose: PRIVATE_SERVICE_CONNECT\n network: ${producerNet.id}\n producerServiceAttachment:\n type: gcp:compute:ServiceAttachment\n name: producer_service_attachment\n properties:\n name: producer-service\n region: us-central1\n description: A service attachment configured with Terraform\n enableProxyProtocol: true\n connectionPreference: ACCEPT_AUTOMATIC\n natSubnets:\n - ${pscProducerSubnet.name}\n targetService: ${producerTargetService.id}\n producerTargetService:\n type: gcp:compute:ForwardingRule\n name: producer_target_service\n properties:\n name: producer-forwarding-rule\n region: us-central1\n loadBalancingScheme: INTERNAL\n backendService: ${producerServiceBackend.id}\n allPorts: true\n network: ${producerNet.name}\n subnetwork: ${producerSubnet.name}\n producerServiceBackend:\n type: gcp:compute:RegionBackendService\n name: producer_service_backend\n properties:\n name: producer-service-backend\n region: us-central1\n healthChecks: ${producerServiceHealthCheck.id}\n producerServiceHealthCheck:\n type: gcp:compute:HealthCheck\n name: producer_service_health_check\n properties:\n name: producer-service-health-check\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Forwarding Rule Vpc Psc No Automate Dns\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst consumerNet = new gcp.compute.Network(\"consumer_net\", {\n name: \"consumer-net\",\n autoCreateSubnetworks: false,\n});\nconst consumerSubnet = new gcp.compute.Subnetwork(\"consumer_subnet\", {\n name: \"consumer-net\",\n ipCidrRange: \"10.0.0.0/16\",\n region: \"us-central1\",\n network: consumerNet.id,\n});\nconst consumerAddress = new gcp.compute.Address(\"consumer_address\", {\n name: \"website-ip-1\",\n region: \"us-central1\",\n subnetwork: consumerSubnet.id,\n addressType: \"INTERNAL\",\n});\nconst producerNet = new gcp.compute.Network(\"producer_net\", {\n name: \"producer-net\",\n autoCreateSubnetworks: false,\n});\nconst pscProducerSubnet = new gcp.compute.Subnetwork(\"psc_producer_subnet\", {\n name: \"producer-psc-net\",\n ipCidrRange: \"10.1.0.0/16\",\n region: \"us-central1\",\n purpose: \"PRIVATE_SERVICE_CONNECT\",\n network: producerNet.id,\n});\nconst producerSubnet = new gcp.compute.Subnetwork(\"producer_subnet\", {\n name: \"producer-net\",\n ipCidrRange: \"10.0.0.0/16\",\n region: \"us-central1\",\n network: producerNet.id,\n});\nconst producerServiceHealthCheck = new gcp.compute.HealthCheck(\"producer_service_health_check\", {\n name: \"producer-service-health-check\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst producerServiceBackend = new gcp.compute.RegionBackendService(\"producer_service_backend\", {\n name: \"producer-service-backend\",\n region: \"us-central1\",\n healthChecks: producerServiceHealthCheck.id,\n});\nconst producerTargetService = new gcp.compute.ForwardingRule(\"producer_target_service\", {\n name: \"producer-forwarding-rule\",\n region: \"us-central1\",\n loadBalancingScheme: \"INTERNAL\",\n backendService: producerServiceBackend.id,\n allPorts: true,\n network: producerNet.name,\n subnetwork: producerSubnet.name,\n});\nconst producerServiceAttachment = new gcp.compute.ServiceAttachment(\"producer_service_attachment\", {\n name: \"producer-service\",\n region: \"us-central1\",\n description: \"A service attachment configured with Terraform\",\n enableProxyProtocol: true,\n connectionPreference: \"ACCEPT_AUTOMATIC\",\n natSubnets: [pscProducerSubnet.name],\n targetService: producerTargetService.id,\n});\nconst _default = new gcp.compute.ForwardingRule(\"default\", {\n name: \"psc-endpoint\",\n region: \"us-central1\",\n loadBalancingScheme: \"\",\n target: producerServiceAttachment.id,\n network: consumerNet.name,\n ipAddress: consumerAddress.id,\n allowPscGlobalAccess: true,\n noAutomateDnsZone: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nconsumer_net = gcp.compute.Network(\"consumer_net\",\n name=\"consumer-net\",\n auto_create_subnetworks=False)\nconsumer_subnet = gcp.compute.Subnetwork(\"consumer_subnet\",\n name=\"consumer-net\",\n ip_cidr_range=\"10.0.0.0/16\",\n region=\"us-central1\",\n network=consumer_net.id)\nconsumer_address = gcp.compute.Address(\"consumer_address\",\n name=\"website-ip-1\",\n region=\"us-central1\",\n subnetwork=consumer_subnet.id,\n address_type=\"INTERNAL\")\nproducer_net = gcp.compute.Network(\"producer_net\",\n name=\"producer-net\",\n auto_create_subnetworks=False)\npsc_producer_subnet = gcp.compute.Subnetwork(\"psc_producer_subnet\",\n name=\"producer-psc-net\",\n ip_cidr_range=\"10.1.0.0/16\",\n region=\"us-central1\",\n purpose=\"PRIVATE_SERVICE_CONNECT\",\n network=producer_net.id)\nproducer_subnet = gcp.compute.Subnetwork(\"producer_subnet\",\n name=\"producer-net\",\n ip_cidr_range=\"10.0.0.0/16\",\n region=\"us-central1\",\n network=producer_net.id)\nproducer_service_health_check = gcp.compute.HealthCheck(\"producer_service_health_check\",\n name=\"producer-service-health-check\",\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\nproducer_service_backend = gcp.compute.RegionBackendService(\"producer_service_backend\",\n name=\"producer-service-backend\",\n region=\"us-central1\",\n health_checks=producer_service_health_check.id)\nproducer_target_service = gcp.compute.ForwardingRule(\"producer_target_service\",\n name=\"producer-forwarding-rule\",\n region=\"us-central1\",\n load_balancing_scheme=\"INTERNAL\",\n backend_service=producer_service_backend.id,\n all_ports=True,\n network=producer_net.name,\n subnetwork=producer_subnet.name)\nproducer_service_attachment = gcp.compute.ServiceAttachment(\"producer_service_attachment\",\n name=\"producer-service\",\n region=\"us-central1\",\n description=\"A service attachment configured with Terraform\",\n enable_proxy_protocol=True,\n connection_preference=\"ACCEPT_AUTOMATIC\",\n nat_subnets=[psc_producer_subnet.name],\n target_service=producer_target_service.id)\ndefault = gcp.compute.ForwardingRule(\"default\",\n name=\"psc-endpoint\",\n region=\"us-central1\",\n load_balancing_scheme=\"\",\n target=producer_service_attachment.id,\n network=consumer_net.name,\n ip_address=consumer_address.id,\n allow_psc_global_access=True,\n no_automate_dns_zone=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var consumerNet = new Gcp.Compute.Network(\"consumer_net\", new()\n {\n Name = \"consumer-net\",\n AutoCreateSubnetworks = false,\n });\n\n var consumerSubnet = new Gcp.Compute.Subnetwork(\"consumer_subnet\", new()\n {\n Name = \"consumer-net\",\n IpCidrRange = \"10.0.0.0/16\",\n Region = \"us-central1\",\n Network = consumerNet.Id,\n });\n\n var consumerAddress = new Gcp.Compute.Address(\"consumer_address\", new()\n {\n Name = \"website-ip-1\",\n Region = \"us-central1\",\n Subnetwork = consumerSubnet.Id,\n AddressType = \"INTERNAL\",\n });\n\n var producerNet = new Gcp.Compute.Network(\"producer_net\", new()\n {\n Name = \"producer-net\",\n AutoCreateSubnetworks = false,\n });\n\n var pscProducerSubnet = new Gcp.Compute.Subnetwork(\"psc_producer_subnet\", new()\n {\n Name = \"producer-psc-net\",\n IpCidrRange = \"10.1.0.0/16\",\n Region = \"us-central1\",\n Purpose = \"PRIVATE_SERVICE_CONNECT\",\n Network = producerNet.Id,\n });\n\n var producerSubnet = new Gcp.Compute.Subnetwork(\"producer_subnet\", new()\n {\n Name = \"producer-net\",\n IpCidrRange = \"10.0.0.0/16\",\n Region = \"us-central1\",\n Network = producerNet.Id,\n });\n\n var producerServiceHealthCheck = new Gcp.Compute.HealthCheck(\"producer_service_health_check\", new()\n {\n Name = \"producer-service-health-check\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var producerServiceBackend = new Gcp.Compute.RegionBackendService(\"producer_service_backend\", new()\n {\n Name = \"producer-service-backend\",\n Region = \"us-central1\",\n HealthChecks = producerServiceHealthCheck.Id,\n });\n\n var producerTargetService = new Gcp.Compute.ForwardingRule(\"producer_target_service\", new()\n {\n Name = \"producer-forwarding-rule\",\n Region = \"us-central1\",\n LoadBalancingScheme = \"INTERNAL\",\n BackendService = producerServiceBackend.Id,\n AllPorts = true,\n Network = producerNet.Name,\n Subnetwork = producerSubnet.Name,\n });\n\n var producerServiceAttachment = new Gcp.Compute.ServiceAttachment(\"producer_service_attachment\", new()\n {\n Name = \"producer-service\",\n Region = \"us-central1\",\n Description = \"A service attachment configured with Terraform\",\n EnableProxyProtocol = true,\n ConnectionPreference = \"ACCEPT_AUTOMATIC\",\n NatSubnets = new[]\n {\n pscProducerSubnet.Name,\n },\n TargetService = producerTargetService.Id,\n });\n\n var @default = new Gcp.Compute.ForwardingRule(\"default\", new()\n {\n Name = \"psc-endpoint\",\n Region = \"us-central1\",\n LoadBalancingScheme = \"\",\n Target = producerServiceAttachment.Id,\n Network = consumerNet.Name,\n IpAddress = consumerAddress.Id,\n AllowPscGlobalAccess = true,\n NoAutomateDnsZone = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tconsumerNet, err := compute.NewNetwork(ctx, \"consumer_net\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"consumer-net\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tconsumerSubnet, err := compute.NewSubnetwork(ctx, \"consumer_subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"consumer-net\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: consumerNet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tconsumerAddress, err := compute.NewAddress(ctx, \"consumer_address\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"website-ip-1\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tSubnetwork: consumerSubnet.ID(),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerNet, err := compute.NewNetwork(ctx, \"producer_net\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"producer-net\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscProducerSubnet, err := compute.NewSubnetwork(ctx, \"psc_producer_subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"producer-psc-net\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.1.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tPurpose: pulumi.String(\"PRIVATE_SERVICE_CONNECT\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerSubnet, err := compute.NewSubnetwork(ctx, \"producer_subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"producer-net\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerServiceHealthCheck, err := compute.NewHealthCheck(ctx, \"producer_service_health_check\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"producer-service-health-check\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerServiceBackend, err := compute.NewRegionBackendService(ctx, \"producer_service_backend\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"producer-service-backend\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHealthChecks: producerServiceHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerTargetService, err := compute.NewForwardingRule(ctx, \"producer_target_service\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"producer-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL\"),\n\t\t\tBackendService: producerServiceBackend.ID(),\n\t\t\tAllPorts: pulumi.Bool(true),\n\t\t\tNetwork: producerNet.Name,\n\t\t\tSubnetwork: producerSubnet.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerServiceAttachment, err := compute.NewServiceAttachment(ctx, \"producer_service_attachment\", \u0026compute.ServiceAttachmentArgs{\n\t\t\tName: pulumi.String(\"producer-service\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"A service attachment configured with Terraform\"),\n\t\t\tEnableProxyProtocol: pulumi.Bool(true),\n\t\t\tConnectionPreference: pulumi.String(\"ACCEPT_AUTOMATIC\"),\n\t\t\tNatSubnets: pulumi.StringArray{\n\t\t\t\tpscProducerSubnet.Name,\n\t\t\t},\n\t\t\tTargetService: producerTargetService.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewForwardingRule(ctx, \"default\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"psc-endpoint\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"\"),\n\t\t\tTarget: producerServiceAttachment.ID(),\n\t\t\tNetwork: consumerNet.Name,\n\t\t\tIpAddress: consumerAddress.ID(),\n\t\t\tAllowPscGlobalAccess: pulumi.Bool(true),\n\t\t\tNoAutomateDnsZone: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.compute.ServiceAttachment;\nimport com.pulumi.gcp.compute.ServiceAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var consumerNet = new Network(\"consumerNet\", NetworkArgs.builder()\n .name(\"consumer-net\")\n .autoCreateSubnetworks(false)\n .build());\n\n var consumerSubnet = new Subnetwork(\"consumerSubnet\", SubnetworkArgs.builder()\n .name(\"consumer-net\")\n .ipCidrRange(\"10.0.0.0/16\")\n .region(\"us-central1\")\n .network(consumerNet.id())\n .build());\n\n var consumerAddress = new Address(\"consumerAddress\", AddressArgs.builder()\n .name(\"website-ip-1\")\n .region(\"us-central1\")\n .subnetwork(consumerSubnet.id())\n .addressType(\"INTERNAL\")\n .build());\n\n var producerNet = new Network(\"producerNet\", NetworkArgs.builder()\n .name(\"producer-net\")\n .autoCreateSubnetworks(false)\n .build());\n\n var pscProducerSubnet = new Subnetwork(\"pscProducerSubnet\", SubnetworkArgs.builder()\n .name(\"producer-psc-net\")\n .ipCidrRange(\"10.1.0.0/16\")\n .region(\"us-central1\")\n .purpose(\"PRIVATE_SERVICE_CONNECT\")\n .network(producerNet.id())\n .build());\n\n var producerSubnet = new Subnetwork(\"producerSubnet\", SubnetworkArgs.builder()\n .name(\"producer-net\")\n .ipCidrRange(\"10.0.0.0/16\")\n .region(\"us-central1\")\n .network(producerNet.id())\n .build());\n\n var producerServiceHealthCheck = new HealthCheck(\"producerServiceHealthCheck\", HealthCheckArgs.builder()\n .name(\"producer-service-health-check\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n var producerServiceBackend = new RegionBackendService(\"producerServiceBackend\", RegionBackendServiceArgs.builder()\n .name(\"producer-service-backend\")\n .region(\"us-central1\")\n .healthChecks(producerServiceHealthCheck.id())\n .build());\n\n var producerTargetService = new ForwardingRule(\"producerTargetService\", ForwardingRuleArgs.builder()\n .name(\"producer-forwarding-rule\")\n .region(\"us-central1\")\n .loadBalancingScheme(\"INTERNAL\")\n .backendService(producerServiceBackend.id())\n .allPorts(true)\n .network(producerNet.name())\n .subnetwork(producerSubnet.name())\n .build());\n\n var producerServiceAttachment = new ServiceAttachment(\"producerServiceAttachment\", ServiceAttachmentArgs.builder()\n .name(\"producer-service\")\n .region(\"us-central1\")\n .description(\"A service attachment configured with Terraform\")\n .enableProxyProtocol(true)\n .connectionPreference(\"ACCEPT_AUTOMATIC\")\n .natSubnets(pscProducerSubnet.name())\n .targetService(producerTargetService.id())\n .build());\n\n var default_ = new ForwardingRule(\"default\", ForwardingRuleArgs.builder()\n .name(\"psc-endpoint\")\n .region(\"us-central1\")\n .loadBalancingScheme(\"\")\n .target(producerServiceAttachment.id())\n .network(consumerNet.name())\n .ipAddress(consumerAddress.id())\n .allowPscGlobalAccess(true)\n .noAutomateDnsZone(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:ForwardingRule\n properties:\n name: psc-endpoint\n region: us-central1\n loadBalancingScheme: \"\"\n target: ${producerServiceAttachment.id}\n network: ${consumerNet.name}\n ipAddress: ${consumerAddress.id}\n allowPscGlobalAccess: true\n noAutomateDnsZone: true\n consumerNet:\n type: gcp:compute:Network\n name: consumer_net\n properties:\n name: consumer-net\n autoCreateSubnetworks: false\n consumerSubnet:\n type: gcp:compute:Subnetwork\n name: consumer_subnet\n properties:\n name: consumer-net\n ipCidrRange: 10.0.0.0/16\n region: us-central1\n network: ${consumerNet.id}\n consumerAddress:\n type: gcp:compute:Address\n name: consumer_address\n properties:\n name: website-ip-1\n region: us-central1\n subnetwork: ${consumerSubnet.id}\n addressType: INTERNAL\n producerNet:\n type: gcp:compute:Network\n name: producer_net\n properties:\n name: producer-net\n autoCreateSubnetworks: false\n producerSubnet:\n type: gcp:compute:Subnetwork\n name: producer_subnet\n properties:\n name: producer-net\n ipCidrRange: 10.0.0.0/16\n region: us-central1\n network: ${producerNet.id}\n pscProducerSubnet:\n type: gcp:compute:Subnetwork\n name: psc_producer_subnet\n properties:\n name: producer-psc-net\n ipCidrRange: 10.1.0.0/16\n region: us-central1\n purpose: PRIVATE_SERVICE_CONNECT\n network: ${producerNet.id}\n producerServiceAttachment:\n type: gcp:compute:ServiceAttachment\n name: producer_service_attachment\n properties:\n name: producer-service\n region: us-central1\n description: A service attachment configured with Terraform\n enableProxyProtocol: true\n connectionPreference: ACCEPT_AUTOMATIC\n natSubnets:\n - ${pscProducerSubnet.name}\n targetService: ${producerTargetService.id}\n producerTargetService:\n type: gcp:compute:ForwardingRule\n name: producer_target_service\n properties:\n name: producer-forwarding-rule\n region: us-central1\n loadBalancingScheme: INTERNAL\n backendService: ${producerServiceBackend.id}\n allPorts: true\n network: ${producerNet.name}\n subnetwork: ${producerSubnet.name}\n producerServiceBackend:\n type: gcp:compute:RegionBackendService\n name: producer_service_backend\n properties:\n name: producer-service-backend\n region: us-central1\n healthChecks: ${producerServiceHealthCheck.id}\n producerServiceHealthCheck:\n type: gcp:compute:HealthCheck\n name: producer_service_health_check\n properties:\n name: producer-service-health-check\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Forwarding Rule Regional Steering\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = new gcp.compute.Address(\"basic\", {\n name: \"website-ip\",\n region: \"us-central1\",\n});\nconst external = new gcp.compute.RegionBackendService(\"external\", {\n name: \"service-backend\",\n region: \"us-central1\",\n loadBalancingScheme: \"EXTERNAL\",\n});\nconst externalForwardingRule = new gcp.compute.ForwardingRule(\"external\", {\n name: \"external-forwarding-rule\",\n region: \"us-central1\",\n ipAddress: basic.address,\n backendService: external.selfLink,\n loadBalancingScheme: \"EXTERNAL\",\n});\nconst steering = new gcp.compute.ForwardingRule(\"steering\", {\n name: \"steering-rule\",\n region: \"us-central1\",\n ipAddress: basic.address,\n backendService: external.selfLink,\n loadBalancingScheme: \"EXTERNAL\",\n sourceIpRanges: [\n \"34.121.88.0/24\",\n \"35.187.239.137\",\n ],\n}, {\n dependsOn: [externalForwardingRule],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic = gcp.compute.Address(\"basic\",\n name=\"website-ip\",\n region=\"us-central1\")\nexternal = gcp.compute.RegionBackendService(\"external\",\n name=\"service-backend\",\n region=\"us-central1\",\n load_balancing_scheme=\"EXTERNAL\")\nexternal_forwarding_rule = gcp.compute.ForwardingRule(\"external\",\n name=\"external-forwarding-rule\",\n region=\"us-central1\",\n ip_address=basic.address,\n backend_service=external.self_link,\n load_balancing_scheme=\"EXTERNAL\")\nsteering = gcp.compute.ForwardingRule(\"steering\",\n name=\"steering-rule\",\n region=\"us-central1\",\n ip_address=basic.address,\n backend_service=external.self_link,\n load_balancing_scheme=\"EXTERNAL\",\n source_ip_ranges=[\n \"34.121.88.0/24\",\n \"35.187.239.137\",\n ],\n opts = pulumi.ResourceOptions(depends_on=[external_forwarding_rule]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = new Gcp.Compute.Address(\"basic\", new()\n {\n Name = \"website-ip\",\n Region = \"us-central1\",\n });\n\n var external = new Gcp.Compute.RegionBackendService(\"external\", new()\n {\n Name = \"service-backend\",\n Region = \"us-central1\",\n LoadBalancingScheme = \"EXTERNAL\",\n });\n\n var externalForwardingRule = new Gcp.Compute.ForwardingRule(\"external\", new()\n {\n Name = \"external-forwarding-rule\",\n Region = \"us-central1\",\n IpAddress = basic.IPAddress,\n BackendService = external.SelfLink,\n LoadBalancingScheme = \"EXTERNAL\",\n });\n\n var steering = new Gcp.Compute.ForwardingRule(\"steering\", new()\n {\n Name = \"steering-rule\",\n Region = \"us-central1\",\n IpAddress = basic.IPAddress,\n BackendService = external.SelfLink,\n LoadBalancingScheme = \"EXTERNAL\",\n SourceIpRanges = new[]\n {\n \"34.121.88.0/24\",\n \"35.187.239.137\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n externalForwardingRule,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbasic, err := compute.NewAddress(ctx, \"basic\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"website-ip\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texternal, err := compute.NewRegionBackendService(ctx, \"external\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"service-backend\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texternalForwardingRule, err := compute.NewForwardingRule(ctx, \"external\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"external-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tIpAddress: basic.Address,\n\t\t\tBackendService: external.SelfLink,\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewForwardingRule(ctx, \"steering\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"steering-rule\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tIpAddress: basic.Address,\n\t\t\tBackendService: external.SelfLink,\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL\"),\n\t\t\tSourceIpRanges: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"34.121.88.0/24\"),\n\t\t\t\tpulumi.String(\"35.187.239.137\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texternalForwardingRule,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basic = new Address(\"basic\", AddressArgs.builder()\n .name(\"website-ip\")\n .region(\"us-central1\")\n .build());\n\n var external = new RegionBackendService(\"external\", RegionBackendServiceArgs.builder()\n .name(\"service-backend\")\n .region(\"us-central1\")\n .loadBalancingScheme(\"EXTERNAL\")\n .build());\n\n var externalForwardingRule = new ForwardingRule(\"externalForwardingRule\", ForwardingRuleArgs.builder()\n .name(\"external-forwarding-rule\")\n .region(\"us-central1\")\n .ipAddress(basic.address())\n .backendService(external.selfLink())\n .loadBalancingScheme(\"EXTERNAL\")\n .build());\n\n var steering = new ForwardingRule(\"steering\", ForwardingRuleArgs.builder()\n .name(\"steering-rule\")\n .region(\"us-central1\")\n .ipAddress(basic.address())\n .backendService(external.selfLink())\n .loadBalancingScheme(\"EXTERNAL\")\n .sourceIpRanges( \n \"34.121.88.0/24\",\n \"35.187.239.137\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(externalForwardingRule)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n steering:\n type: gcp:compute:ForwardingRule\n properties:\n name: steering-rule\n region: us-central1\n ipAddress: ${basic.address}\n backendService: ${external.selfLink}\n loadBalancingScheme: EXTERNAL\n sourceIpRanges:\n - 34.121.88.0/24\n - 35.187.239.137\n options:\n dependsOn:\n - ${externalForwardingRule}\n basic:\n type: gcp:compute:Address\n properties:\n name: website-ip\n region: us-central1\n external:\n type: gcp:compute:RegionBackendService\n properties:\n name: service-backend\n region: us-central1\n loadBalancingScheme: EXTERNAL\n externalForwardingRule:\n type: gcp:compute:ForwardingRule\n name: external\n properties:\n name: external-forwarding-rule\n region: us-central1\n ipAddress: ${basic.address}\n backendService: ${external.selfLink}\n loadBalancingScheme: EXTERNAL\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Forwarding Rule Internallb Ipv6\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hc = new gcp.compute.HealthCheck(\"hc\", {\n name: \"check-ilb-ipv6-backend\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst backend = new gcp.compute.RegionBackendService(\"backend\", {\n name: \"ilb-ipv6-backend\",\n region: \"us-central1\",\n healthChecks: hc.id,\n});\nconst defaultNetwork = new gcp.compute.Network(\"default\", {\n name: \"net-ipv6\",\n autoCreateSubnetworks: false,\n enableUlaInternalIpv6: true,\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"subnet-internal-ipv6\",\n ipCidrRange: \"10.0.0.0/16\",\n region: \"us-central1\",\n stackType: \"IPV4_IPV6\",\n ipv6AccessType: \"INTERNAL\",\n network: defaultNetwork.id,\n});\n// Forwarding rule for Internal Load Balancing\nconst _default = new gcp.compute.ForwardingRule(\"default\", {\n name: \"ilb-ipv6-forwarding-rule\",\n region: \"us-central1\",\n loadBalancingScheme: \"INTERNAL\",\n backendService: backend.id,\n allPorts: true,\n network: defaultNetwork.name,\n subnetwork: defaultSubnetwork.name,\n ipVersion: \"IPV6\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhc = gcp.compute.HealthCheck(\"hc\",\n name=\"check-ilb-ipv6-backend\",\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\nbackend = gcp.compute.RegionBackendService(\"backend\",\n name=\"ilb-ipv6-backend\",\n region=\"us-central1\",\n health_checks=hc.id)\ndefault_network = gcp.compute.Network(\"default\",\n name=\"net-ipv6\",\n auto_create_subnetworks=False,\n enable_ula_internal_ipv6=True)\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"subnet-internal-ipv6\",\n ip_cidr_range=\"10.0.0.0/16\",\n region=\"us-central1\",\n stack_type=\"IPV4_IPV6\",\n ipv6_access_type=\"INTERNAL\",\n network=default_network.id)\n# Forwarding rule for Internal Load Balancing\ndefault = gcp.compute.ForwardingRule(\"default\",\n name=\"ilb-ipv6-forwarding-rule\",\n region=\"us-central1\",\n load_balancing_scheme=\"INTERNAL\",\n backend_service=backend.id,\n all_ports=True,\n network=default_network.name,\n subnetwork=default_subnetwork.name,\n ip_version=\"IPV6\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hc = new Gcp.Compute.HealthCheck(\"hc\", new()\n {\n Name = \"check-ilb-ipv6-backend\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var backend = new Gcp.Compute.RegionBackendService(\"backend\", new()\n {\n Name = \"ilb-ipv6-backend\",\n Region = \"us-central1\",\n HealthChecks = hc.Id,\n });\n\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"net-ipv6\",\n AutoCreateSubnetworks = false,\n EnableUlaInternalIpv6 = true,\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"subnet-internal-ipv6\",\n IpCidrRange = \"10.0.0.0/16\",\n Region = \"us-central1\",\n StackType = \"IPV4_IPV6\",\n Ipv6AccessType = \"INTERNAL\",\n Network = defaultNetwork.Id,\n });\n\n // Forwarding rule for Internal Load Balancing\n var @default = new Gcp.Compute.ForwardingRule(\"default\", new()\n {\n Name = \"ilb-ipv6-forwarding-rule\",\n Region = \"us-central1\",\n LoadBalancingScheme = \"INTERNAL\",\n BackendService = backend.Id,\n AllPorts = true,\n Network = defaultNetwork.Name,\n Subnetwork = defaultSubnetwork.Name,\n IpVersion = \"IPV6\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\thc, err := compute.NewHealthCheck(ctx, \"hc\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"check-ilb-ipv6-backend\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbackend, err := compute.NewRegionBackendService(ctx, \"backend\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"ilb-ipv6-backend\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHealthChecks: hc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"net-ipv6\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t\tEnableUlaInternalIpv6: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"subnet-internal-ipv6\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tStackType: pulumi.String(\"IPV4_IPV6\"),\n\t\t\tIpv6AccessType: pulumi.String(\"INTERNAL\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Forwarding rule for Internal Load Balancing\n\t\t_, err = compute.NewForwardingRule(ctx, \"default\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"ilb-ipv6-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL\"),\n\t\t\tBackendService: backend.ID(),\n\t\t\tAllPorts: pulumi.Bool(true),\n\t\t\tNetwork: defaultNetwork.Name,\n\t\t\tSubnetwork: defaultSubnetwork.Name,\n\t\t\tIpVersion: pulumi.String(\"IPV6\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hc = new HealthCheck(\"hc\", HealthCheckArgs.builder()\n .name(\"check-ilb-ipv6-backend\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n var backend = new RegionBackendService(\"backend\", RegionBackendServiceArgs.builder()\n .name(\"ilb-ipv6-backend\")\n .region(\"us-central1\")\n .healthChecks(hc.id())\n .build());\n\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"net-ipv6\")\n .autoCreateSubnetworks(false)\n .enableUlaInternalIpv6(true)\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"subnet-internal-ipv6\")\n .ipCidrRange(\"10.0.0.0/16\")\n .region(\"us-central1\")\n .stackType(\"IPV4_IPV6\")\n .ipv6AccessType(\"INTERNAL\")\n .network(defaultNetwork.id())\n .build());\n\n // Forwarding rule for Internal Load Balancing\n var default_ = new ForwardingRule(\"default\", ForwardingRuleArgs.builder()\n .name(\"ilb-ipv6-forwarding-rule\")\n .region(\"us-central1\")\n .loadBalancingScheme(\"INTERNAL\")\n .backendService(backend.id())\n .allPorts(true)\n .network(defaultNetwork.name())\n .subnetwork(defaultSubnetwork.name())\n .ipVersion(\"IPV6\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Forwarding rule for Internal Load Balancing\n default:\n type: gcp:compute:ForwardingRule\n properties:\n name: ilb-ipv6-forwarding-rule\n region: us-central1\n loadBalancingScheme: INTERNAL\n backendService: ${backend.id}\n allPorts: true\n network: ${defaultNetwork.name}\n subnetwork: ${defaultSubnetwork.name}\n ipVersion: IPV6\n backend:\n type: gcp:compute:RegionBackendService\n properties:\n name: ilb-ipv6-backend\n region: us-central1\n healthChecks: ${hc.id}\n hc:\n type: gcp:compute:HealthCheck\n properties:\n name: check-ilb-ipv6-backend\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: net-ipv6\n autoCreateSubnetworks: false\n enableUlaInternalIpv6: true\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: subnet-internal-ipv6\n ipCidrRange: 10.0.0.0/16\n region: us-central1\n stackType: IPV4_IPV6\n ipv6AccessType: INTERNAL\n network: ${defaultNetwork.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nForwardingRule can be imported using any of these accepted formats:\n\n* `projects/{{project}}/regions/{{region}}/forwardingRules/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, ForwardingRule can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/forwardingRule:ForwardingRule default projects/{{project}}/regions/{{region}}/forwardingRules/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/forwardingRule:ForwardingRule default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/forwardingRule:ForwardingRule default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/forwardingRule:ForwardingRule default {{name}}\n```\n\n", "properties": { "allPorts": { "type": "boolean", @@ -163262,7 +163262,7 @@ } }, "gcp:compute/globalForwardingRule:GlobalForwardingRule": { - "description": "Represents a GlobalForwardingRule resource. Global forwarding rules are\nused to forward traffic to the correct load balancer for HTTP load\nbalancing. Global forwarding rules can only be used for HTTP load\nbalancing.\n\nFor more information, see https://cloud.google.com/compute/docs/load-balancing/http/\n\n\n\n## Example Usage\n\n### Global Forwarding Rule Http\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultHttpHealthCheck = new gcp.compute.HttpHealthCheck(\"default\", {\n name: \"check-backend\",\n requestPath: \"/\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n});\nconst defaultBackendService = new gcp.compute.BackendService(\"default\", {\n name: \"backend\",\n portName: \"http\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n healthChecks: defaultHttpHealthCheck.id,\n});\nconst defaultURLMap = new gcp.compute.URLMap(\"default\", {\n name: \"url-map-target-proxy\",\n description: \"a description\",\n defaultService: defaultBackendService.id,\n hostRules: [{\n hosts: [\"mysite.com\"],\n pathMatcher: \"allpaths\",\n }],\n pathMatchers: [{\n name: \"allpaths\",\n defaultService: defaultBackendService.id,\n pathRules: [{\n paths: [\"/*\"],\n service: defaultBackendService.id,\n }],\n }],\n});\nconst defaultTargetHttpProxy = new gcp.compute.TargetHttpProxy(\"default\", {\n name: \"target-proxy\",\n description: \"a description\",\n urlMap: defaultURLMap.id,\n});\nconst _default = new gcp.compute.GlobalForwardingRule(\"default\", {\n name: \"global-rule\",\n target: defaultTargetHttpProxy.id,\n portRange: \"80\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_http_health_check = gcp.compute.HttpHealthCheck(\"default\",\n name=\"check-backend\",\n request_path=\"/\",\n check_interval_sec=1,\n timeout_sec=1)\ndefault_backend_service = gcp.compute.BackendService(\"default\",\n name=\"backend\",\n port_name=\"http\",\n protocol=\"HTTP\",\n timeout_sec=10,\n health_checks=default_http_health_check.id)\ndefault_url_map = gcp.compute.URLMap(\"default\",\n name=\"url-map-target-proxy\",\n description=\"a description\",\n default_service=default_backend_service.id,\n host_rules=[{\n \"hosts\": [\"mysite.com\"],\n \"path_matcher\": \"allpaths\",\n }],\n path_matchers=[{\n \"name\": \"allpaths\",\n \"default_service\": default_backend_service.id,\n \"path_rules\": [{\n \"paths\": [\"/*\"],\n \"service\": default_backend_service.id,\n }],\n }])\ndefault_target_http_proxy = gcp.compute.TargetHttpProxy(\"default\",\n name=\"target-proxy\",\n description=\"a description\",\n url_map=default_url_map.id)\ndefault = gcp.compute.GlobalForwardingRule(\"default\",\n name=\"global-rule\",\n target=default_target_http_proxy.id,\n port_range=\"80\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultHttpHealthCheck = new Gcp.Compute.HttpHealthCheck(\"default\", new()\n {\n Name = \"check-backend\",\n RequestPath = \"/\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n });\n\n var defaultBackendService = new Gcp.Compute.BackendService(\"default\", new()\n {\n Name = \"backend\",\n PortName = \"http\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n HealthChecks = defaultHttpHealthCheck.Id,\n });\n\n var defaultURLMap = new Gcp.Compute.URLMap(\"default\", new()\n {\n Name = \"url-map-target-proxy\",\n Description = \"a description\",\n DefaultService = defaultBackendService.Id,\n HostRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapHostRuleArgs\n {\n Hosts = new[]\n {\n \"mysite.com\",\n },\n PathMatcher = \"allpaths\",\n },\n },\n PathMatchers = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherArgs\n {\n Name = \"allpaths\",\n DefaultService = defaultBackendService.Id,\n PathRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs\n {\n Paths = new[]\n {\n \"/*\",\n },\n Service = defaultBackendService.Id,\n },\n },\n },\n },\n });\n\n var defaultTargetHttpProxy = new Gcp.Compute.TargetHttpProxy(\"default\", new()\n {\n Name = \"target-proxy\",\n Description = \"a description\",\n UrlMap = defaultURLMap.Id,\n });\n\n var @default = new Gcp.Compute.GlobalForwardingRule(\"default\", new()\n {\n Name = \"global-rule\",\n Target = defaultTargetHttpProxy.Id,\n PortRange = \"80\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultHttpHealthCheck, err := compute.NewHttpHealthCheck(ctx, \"default\", \u0026compute.HttpHealthCheckArgs{\n\t\t\tName: pulumi.String(\"check-backend\"),\n\t\t\tRequestPath: pulumi.String(\"/\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultBackendService, err := compute.NewBackendService(ctx, \"default\", \u0026compute.BackendServiceArgs{\n\t\t\tName: pulumi.String(\"backend\"),\n\t\t\tPortName: pulumi.String(\"http\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tHealthChecks: defaultHttpHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultURLMap, err := compute.NewURLMap(ctx, \"default\", \u0026compute.URLMapArgs{\n\t\t\tName: pulumi.String(\"url-map-target-proxy\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\tHostRules: compute.URLMapHostRuleArray{\n\t\t\t\t\u0026compute.URLMapHostRuleArgs{\n\t\t\t\t\tHosts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"mysite.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tPathMatcher: pulumi.String(\"allpaths\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPathMatchers: compute.URLMapPathMatcherArray{\n\t\t\t\t\u0026compute.URLMapPathMatcherArgs{\n\t\t\t\t\tName: pulumi.String(\"allpaths\"),\n\t\t\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\t\t\tPathRules: compute.URLMapPathMatcherPathRuleArray{\n\t\t\t\t\t\t\u0026compute.URLMapPathMatcherPathRuleArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"/*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tService: defaultBackendService.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTargetHttpProxy, err := compute.NewTargetHttpProxy(ctx, \"default\", \u0026compute.TargetHttpProxyArgs{\n\t\t\tName: pulumi.String(\"target-proxy\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tUrlMap: defaultURLMap.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewGlobalForwardingRule(ctx, \"default\", \u0026compute.GlobalForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"global-rule\"),\n\t\t\tTarget: defaultTargetHttpProxy.ID(),\n\t\t\tPortRange: pulumi.String(\"80\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.HttpHealthCheck;\nimport com.pulumi.gcp.compute.HttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.BackendService;\nimport com.pulumi.gcp.compute.BackendServiceArgs;\nimport com.pulumi.gcp.compute.URLMap;\nimport com.pulumi.gcp.compute.URLMapArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;\nimport com.pulumi.gcp.compute.TargetHttpProxy;\nimport com.pulumi.gcp.compute.TargetHttpProxyArgs;\nimport com.pulumi.gcp.compute.GlobalForwardingRule;\nimport com.pulumi.gcp.compute.GlobalForwardingRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultHttpHealthCheck = new HttpHealthCheck(\"defaultHttpHealthCheck\", HttpHealthCheckArgs.builder()\n .name(\"check-backend\")\n .requestPath(\"/\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .build());\n\n var defaultBackendService = new BackendService(\"defaultBackendService\", BackendServiceArgs.builder()\n .name(\"backend\")\n .portName(\"http\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .healthChecks(defaultHttpHealthCheck.id())\n .build());\n\n var defaultURLMap = new URLMap(\"defaultURLMap\", URLMapArgs.builder()\n .name(\"url-map-target-proxy\")\n .description(\"a description\")\n .defaultService(defaultBackendService.id())\n .hostRules(URLMapHostRuleArgs.builder()\n .hosts(\"mysite.com\")\n .pathMatcher(\"allpaths\")\n .build())\n .pathMatchers(URLMapPathMatcherArgs.builder()\n .name(\"allpaths\")\n .defaultService(defaultBackendService.id())\n .pathRules(URLMapPathMatcherPathRuleArgs.builder()\n .paths(\"/*\")\n .service(defaultBackendService.id())\n .build())\n .build())\n .build());\n\n var defaultTargetHttpProxy = new TargetHttpProxy(\"defaultTargetHttpProxy\", TargetHttpProxyArgs.builder()\n .name(\"target-proxy\")\n .description(\"a description\")\n .urlMap(defaultURLMap.id())\n .build());\n\n var default_ = new GlobalForwardingRule(\"default\", GlobalForwardingRuleArgs.builder()\n .name(\"global-rule\")\n .target(defaultTargetHttpProxy.id())\n .portRange(\"80\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:GlobalForwardingRule\n properties:\n name: global-rule\n target: ${defaultTargetHttpProxy.id}\n portRange: '80'\n defaultTargetHttpProxy:\n type: gcp:compute:TargetHttpProxy\n name: default\n properties:\n name: target-proxy\n description: a description\n urlMap: ${defaultURLMap.id}\n defaultURLMap:\n type: gcp:compute:URLMap\n name: default\n properties:\n name: url-map-target-proxy\n description: a description\n defaultService: ${defaultBackendService.id}\n hostRules:\n - hosts:\n - mysite.com\n pathMatcher: allpaths\n pathMatchers:\n - name: allpaths\n defaultService: ${defaultBackendService.id}\n pathRules:\n - paths:\n - /*\n service: ${defaultBackendService.id}\n defaultBackendService:\n type: gcp:compute:BackendService\n name: default\n properties:\n name: backend\n portName: http\n protocol: HTTP\n timeoutSec: 10\n healthChecks: ${defaultHttpHealthCheck.id}\n defaultHttpHealthCheck:\n type: gcp:compute:HttpHealthCheck\n name: default\n properties:\n name: check-backend\n requestPath: /\n checkIntervalSec: 1\n timeoutSec: 1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Global Forwarding Rule Internal\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst debianImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst instanceTemplate = new gcp.compute.InstanceTemplate(\"instance_template\", {\n name: \"template-backend\",\n machineType: \"e2-medium\",\n networkInterfaces: [{\n network: \"default\",\n }],\n disks: [{\n sourceImage: debianImage.then(debianImage =\u003e debianImage.selfLink),\n autoDelete: true,\n boot: true,\n }],\n});\nconst igm = new gcp.compute.InstanceGroupManager(\"igm\", {\n name: \"igm-internal\",\n versions: [{\n instanceTemplate: instanceTemplate.id,\n name: \"primary\",\n }],\n baseInstanceName: \"internal-glb\",\n zone: \"us-central1-f\",\n targetSize: 1,\n});\nconst defaultHealthCheck = new gcp.compute.HealthCheck(\"default\", {\n name: \"check-backend\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst defaultBackendService = new gcp.compute.BackendService(\"default\", {\n name: \"backend\",\n portName: \"http\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n loadBalancingScheme: \"INTERNAL_SELF_MANAGED\",\n backends: [{\n group: igm.instanceGroup,\n balancingMode: \"RATE\",\n capacityScaler: 0.4,\n maxRatePerInstance: 50,\n }],\n healthChecks: defaultHealthCheck.id,\n});\nconst defaultURLMap = new gcp.compute.URLMap(\"default\", {\n name: \"url-map-target-proxy\",\n description: \"a description\",\n defaultService: defaultBackendService.id,\n hostRules: [{\n hosts: [\"mysite.com\"],\n pathMatcher: \"allpaths\",\n }],\n pathMatchers: [{\n name: \"allpaths\",\n defaultService: defaultBackendService.id,\n pathRules: [{\n paths: [\"/*\"],\n service: defaultBackendService.id,\n }],\n }],\n});\nconst defaultTargetHttpProxy = new gcp.compute.TargetHttpProxy(\"default\", {\n name: \"target-proxy\",\n description: \"a description\",\n urlMap: defaultURLMap.id,\n});\nconst _default = new gcp.compute.GlobalForwardingRule(\"default\", {\n name: \"global-rule\",\n target: defaultTargetHttpProxy.id,\n portRange: \"80\",\n loadBalancingScheme: \"INTERNAL_SELF_MANAGED\",\n ipAddress: \"0.0.0.0\",\n metadataFilters: [{\n filterMatchCriteria: \"MATCH_ANY\",\n filterLabels: [{\n name: \"PLANET\",\n value: \"MARS\",\n }],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndebian_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\ninstance_template = gcp.compute.InstanceTemplate(\"instance_template\",\n name=\"template-backend\",\n machine_type=\"e2-medium\",\n network_interfaces=[{\n \"network\": \"default\",\n }],\n disks=[{\n \"source_image\": debian_image.self_link,\n \"auto_delete\": True,\n \"boot\": True,\n }])\nigm = gcp.compute.InstanceGroupManager(\"igm\",\n name=\"igm-internal\",\n versions=[{\n \"instance_template\": instance_template.id,\n \"name\": \"primary\",\n }],\n base_instance_name=\"internal-glb\",\n zone=\"us-central1-f\",\n target_size=1)\ndefault_health_check = gcp.compute.HealthCheck(\"default\",\n name=\"check-backend\",\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\ndefault_backend_service = gcp.compute.BackendService(\"default\",\n name=\"backend\",\n port_name=\"http\",\n protocol=\"HTTP\",\n timeout_sec=10,\n load_balancing_scheme=\"INTERNAL_SELF_MANAGED\",\n backends=[{\n \"group\": igm.instance_group,\n \"balancing_mode\": \"RATE\",\n \"capacity_scaler\": 0.4,\n \"max_rate_per_instance\": 50,\n }],\n health_checks=default_health_check.id)\ndefault_url_map = gcp.compute.URLMap(\"default\",\n name=\"url-map-target-proxy\",\n description=\"a description\",\n default_service=default_backend_service.id,\n host_rules=[{\n \"hosts\": [\"mysite.com\"],\n \"path_matcher\": \"allpaths\",\n }],\n path_matchers=[{\n \"name\": \"allpaths\",\n \"default_service\": default_backend_service.id,\n \"path_rules\": [{\n \"paths\": [\"/*\"],\n \"service\": default_backend_service.id,\n }],\n }])\ndefault_target_http_proxy = gcp.compute.TargetHttpProxy(\"default\",\n name=\"target-proxy\",\n description=\"a description\",\n url_map=default_url_map.id)\ndefault = gcp.compute.GlobalForwardingRule(\"default\",\n name=\"global-rule\",\n target=default_target_http_proxy.id,\n port_range=\"80\",\n load_balancing_scheme=\"INTERNAL_SELF_MANAGED\",\n ip_address=\"0.0.0.0\",\n metadata_filters=[{\n \"filter_match_criteria\": \"MATCH_ANY\",\n \"filter_labels\": [{\n \"name\": \"PLANET\",\n \"value\": \"MARS\",\n }],\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var debianImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var instanceTemplate = new Gcp.Compute.InstanceTemplate(\"instance_template\", new()\n {\n Name = \"template-backend\",\n MachineType = \"e2-medium\",\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs\n {\n Network = \"default\",\n },\n },\n Disks = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateDiskArgs\n {\n SourceImage = debianImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n AutoDelete = true,\n Boot = true,\n },\n },\n });\n\n var igm = new Gcp.Compute.InstanceGroupManager(\"igm\", new()\n {\n Name = \"igm-internal\",\n Versions = new[]\n {\n new Gcp.Compute.Inputs.InstanceGroupManagerVersionArgs\n {\n InstanceTemplate = instanceTemplate.Id,\n Name = \"primary\",\n },\n },\n BaseInstanceName = \"internal-glb\",\n Zone = \"us-central1-f\",\n TargetSize = 1,\n });\n\n var defaultHealthCheck = new Gcp.Compute.HealthCheck(\"default\", new()\n {\n Name = \"check-backend\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var defaultBackendService = new Gcp.Compute.BackendService(\"default\", new()\n {\n Name = \"backend\",\n PortName = \"http\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n LoadBalancingScheme = \"INTERNAL_SELF_MANAGED\",\n Backends = new[]\n {\n new Gcp.Compute.Inputs.BackendServiceBackendArgs\n {\n Group = igm.InstanceGroup,\n BalancingMode = \"RATE\",\n CapacityScaler = 0.4,\n MaxRatePerInstance = 50,\n },\n },\n HealthChecks = defaultHealthCheck.Id,\n });\n\n var defaultURLMap = new Gcp.Compute.URLMap(\"default\", new()\n {\n Name = \"url-map-target-proxy\",\n Description = \"a description\",\n DefaultService = defaultBackendService.Id,\n HostRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapHostRuleArgs\n {\n Hosts = new[]\n {\n \"mysite.com\",\n },\n PathMatcher = \"allpaths\",\n },\n },\n PathMatchers = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherArgs\n {\n Name = \"allpaths\",\n DefaultService = defaultBackendService.Id,\n PathRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs\n {\n Paths = new[]\n {\n \"/*\",\n },\n Service = defaultBackendService.Id,\n },\n },\n },\n },\n });\n\n var defaultTargetHttpProxy = new Gcp.Compute.TargetHttpProxy(\"default\", new()\n {\n Name = \"target-proxy\",\n Description = \"a description\",\n UrlMap = defaultURLMap.Id,\n });\n\n var @default = new Gcp.Compute.GlobalForwardingRule(\"default\", new()\n {\n Name = \"global-rule\",\n Target = defaultTargetHttpProxy.Id,\n PortRange = \"80\",\n LoadBalancingScheme = \"INTERNAL_SELF_MANAGED\",\n IpAddress = \"0.0.0.0\",\n MetadataFilters = new[]\n {\n new Gcp.Compute.Inputs.GlobalForwardingRuleMetadataFilterArgs\n {\n FilterMatchCriteria = \"MATCH_ANY\",\n FilterLabels = new[]\n {\n new Gcp.Compute.Inputs.GlobalForwardingRuleMetadataFilterFilterLabelArgs\n {\n Name = \"PLANET\",\n Value = \"MARS\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdebianImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstanceTemplate, err := compute.NewInstanceTemplate(ctx, \"instance_template\", \u0026compute.InstanceTemplateArgs{\n\t\t\tName: pulumi.String(\"template-backend\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tNetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceTemplateNetworkInterfaceArgs{\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDisks: compute.InstanceTemplateDiskArray{\n\t\t\t\t\u0026compute.InstanceTemplateDiskArgs{\n\t\t\t\t\tSourceImage: pulumi.String(debianImage.SelfLink),\n\t\t\t\t\tAutoDelete: pulumi.Bool(true),\n\t\t\t\t\tBoot: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tigm, err := compute.NewInstanceGroupManager(ctx, \"igm\", \u0026compute.InstanceGroupManagerArgs{\n\t\t\tName: pulumi.String(\"igm-internal\"),\n\t\t\tVersions: compute.InstanceGroupManagerVersionArray{\n\t\t\t\t\u0026compute.InstanceGroupManagerVersionArgs{\n\t\t\t\t\tInstanceTemplate: instanceTemplate.ID(),\n\t\t\t\t\tName: pulumi.String(\"primary\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tBaseInstanceName: pulumi.String(\"internal-glb\"),\n\t\t\tZone: pulumi.String(\"us-central1-f\"),\n\t\t\tTargetSize: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultHealthCheck, err := compute.NewHealthCheck(ctx, \"default\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"check-backend\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultBackendService, err := compute.NewBackendService(ctx, \"default\", \u0026compute.BackendServiceArgs{\n\t\t\tName: pulumi.String(\"backend\"),\n\t\t\tPortName: pulumi.String(\"http\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_SELF_MANAGED\"),\n\t\t\tBackends: compute.BackendServiceBackendArray{\n\t\t\t\t\u0026compute.BackendServiceBackendArgs{\n\t\t\t\t\tGroup: igm.InstanceGroup,\n\t\t\t\t\tBalancingMode: pulumi.String(\"RATE\"),\n\t\t\t\t\tCapacityScaler: pulumi.Float64(0.4),\n\t\t\t\t\tMaxRatePerInstance: pulumi.Float64(50),\n\t\t\t\t},\n\t\t\t},\n\t\t\tHealthChecks: defaultHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultURLMap, err := compute.NewURLMap(ctx, \"default\", \u0026compute.URLMapArgs{\n\t\t\tName: pulumi.String(\"url-map-target-proxy\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\tHostRules: compute.URLMapHostRuleArray{\n\t\t\t\t\u0026compute.URLMapHostRuleArgs{\n\t\t\t\t\tHosts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"mysite.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tPathMatcher: pulumi.String(\"allpaths\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPathMatchers: compute.URLMapPathMatcherArray{\n\t\t\t\t\u0026compute.URLMapPathMatcherArgs{\n\t\t\t\t\tName: pulumi.String(\"allpaths\"),\n\t\t\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\t\t\tPathRules: compute.URLMapPathMatcherPathRuleArray{\n\t\t\t\t\t\t\u0026compute.URLMapPathMatcherPathRuleArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"/*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tService: defaultBackendService.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTargetHttpProxy, err := compute.NewTargetHttpProxy(ctx, \"default\", \u0026compute.TargetHttpProxyArgs{\n\t\t\tName: pulumi.String(\"target-proxy\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tUrlMap: defaultURLMap.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewGlobalForwardingRule(ctx, \"default\", \u0026compute.GlobalForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"global-rule\"),\n\t\t\tTarget: defaultTargetHttpProxy.ID(),\n\t\t\tPortRange: pulumi.String(\"80\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_SELF_MANAGED\"),\n\t\t\tIpAddress: pulumi.String(\"0.0.0.0\"),\n\t\t\tMetadataFilters: compute.GlobalForwardingRuleMetadataFilterArray{\n\t\t\t\t\u0026compute.GlobalForwardingRuleMetadataFilterArgs{\n\t\t\t\t\tFilterMatchCriteria: pulumi.String(\"MATCH_ANY\"),\n\t\t\t\t\tFilterLabels: compute.GlobalForwardingRuleMetadataFilterFilterLabelArray{\n\t\t\t\t\t\t\u0026compute.GlobalForwardingRuleMetadataFilterFilterLabelArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"PLANET\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"MARS\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.InstanceTemplate;\nimport com.pulumi.gcp.compute.InstanceTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;\nimport com.pulumi.gcp.compute.InstanceGroupManager;\nimport com.pulumi.gcp.compute.InstanceGroupManagerArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceGroupManagerVersionArgs;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.BackendService;\nimport com.pulumi.gcp.compute.BackendServiceArgs;\nimport com.pulumi.gcp.compute.inputs.BackendServiceBackendArgs;\nimport com.pulumi.gcp.compute.URLMap;\nimport com.pulumi.gcp.compute.URLMapArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;\nimport com.pulumi.gcp.compute.TargetHttpProxy;\nimport com.pulumi.gcp.compute.TargetHttpProxyArgs;\nimport com.pulumi.gcp.compute.GlobalForwardingRule;\nimport com.pulumi.gcp.compute.GlobalForwardingRuleArgs;\nimport com.pulumi.gcp.compute.inputs.GlobalForwardingRuleMetadataFilterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var debianImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var instanceTemplate = new InstanceTemplate(\"instanceTemplate\", InstanceTemplateArgs.builder()\n .name(\"template-backend\")\n .machineType(\"e2-medium\")\n .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()\n .network(\"default\")\n .build())\n .disks(InstanceTemplateDiskArgs.builder()\n .sourceImage(debianImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .autoDelete(true)\n .boot(true)\n .build())\n .build());\n\n var igm = new InstanceGroupManager(\"igm\", InstanceGroupManagerArgs.builder()\n .name(\"igm-internal\")\n .versions(InstanceGroupManagerVersionArgs.builder()\n .instanceTemplate(instanceTemplate.id())\n .name(\"primary\")\n .build())\n .baseInstanceName(\"internal-glb\")\n .zone(\"us-central1-f\")\n .targetSize(1)\n .build());\n\n var defaultHealthCheck = new HealthCheck(\"defaultHealthCheck\", HealthCheckArgs.builder()\n .name(\"check-backend\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n var defaultBackendService = new BackendService(\"defaultBackendService\", BackendServiceArgs.builder()\n .name(\"backend\")\n .portName(\"http\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .loadBalancingScheme(\"INTERNAL_SELF_MANAGED\")\n .backends(BackendServiceBackendArgs.builder()\n .group(igm.instanceGroup())\n .balancingMode(\"RATE\")\n .capacityScaler(0.4)\n .maxRatePerInstance(50)\n .build())\n .healthChecks(defaultHealthCheck.id())\n .build());\n\n var defaultURLMap = new URLMap(\"defaultURLMap\", URLMapArgs.builder()\n .name(\"url-map-target-proxy\")\n .description(\"a description\")\n .defaultService(defaultBackendService.id())\n .hostRules(URLMapHostRuleArgs.builder()\n .hosts(\"mysite.com\")\n .pathMatcher(\"allpaths\")\n .build())\n .pathMatchers(URLMapPathMatcherArgs.builder()\n .name(\"allpaths\")\n .defaultService(defaultBackendService.id())\n .pathRules(URLMapPathMatcherPathRuleArgs.builder()\n .paths(\"/*\")\n .service(defaultBackendService.id())\n .build())\n .build())\n .build());\n\n var defaultTargetHttpProxy = new TargetHttpProxy(\"defaultTargetHttpProxy\", TargetHttpProxyArgs.builder()\n .name(\"target-proxy\")\n .description(\"a description\")\n .urlMap(defaultURLMap.id())\n .build());\n\n var default_ = new GlobalForwardingRule(\"default\", GlobalForwardingRuleArgs.builder()\n .name(\"global-rule\")\n .target(defaultTargetHttpProxy.id())\n .portRange(\"80\")\n .loadBalancingScheme(\"INTERNAL_SELF_MANAGED\")\n .ipAddress(\"0.0.0.0\")\n .metadataFilters(GlobalForwardingRuleMetadataFilterArgs.builder()\n .filterMatchCriteria(\"MATCH_ANY\")\n .filterLabels(GlobalForwardingRuleMetadataFilterFilterLabelArgs.builder()\n .name(\"PLANET\")\n .value(\"MARS\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:GlobalForwardingRule\n properties:\n name: global-rule\n target: ${defaultTargetHttpProxy.id}\n portRange: '80'\n loadBalancingScheme: INTERNAL_SELF_MANAGED\n ipAddress: 0.0.0.0\n metadataFilters:\n - filterMatchCriteria: MATCH_ANY\n filterLabels:\n - name: PLANET\n value: MARS\n defaultTargetHttpProxy:\n type: gcp:compute:TargetHttpProxy\n name: default\n properties:\n name: target-proxy\n description: a description\n urlMap: ${defaultURLMap.id}\n defaultURLMap:\n type: gcp:compute:URLMap\n name: default\n properties:\n name: url-map-target-proxy\n description: a description\n defaultService: ${defaultBackendService.id}\n hostRules:\n - hosts:\n - mysite.com\n pathMatcher: allpaths\n pathMatchers:\n - name: allpaths\n defaultService: ${defaultBackendService.id}\n pathRules:\n - paths:\n - /*\n service: ${defaultBackendService.id}\n defaultBackendService:\n type: gcp:compute:BackendService\n name: default\n properties:\n name: backend\n portName: http\n protocol: HTTP\n timeoutSec: 10\n loadBalancingScheme: INTERNAL_SELF_MANAGED\n backends:\n - group: ${igm.instanceGroup}\n balancingMode: RATE\n capacityScaler: 0.4\n maxRatePerInstance: 50\n healthChecks: ${defaultHealthCheck.id}\n igm:\n type: gcp:compute:InstanceGroupManager\n properties:\n name: igm-internal\n versions:\n - instanceTemplate: ${instanceTemplate.id}\n name: primary\n baseInstanceName: internal-glb\n zone: us-central1-f\n targetSize: 1\n instanceTemplate:\n type: gcp:compute:InstanceTemplate\n name: instance_template\n properties:\n name: template-backend\n machineType: e2-medium\n networkInterfaces:\n - network: default\n disks:\n - sourceImage: ${debianImage.selfLink}\n autoDelete: true\n boot: true\n defaultHealthCheck:\n type: gcp:compute:HealthCheck\n name: default\n properties:\n name: check-backend\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\nvariables:\n debianImage:\n fn::invoke:\n Function: gcp:compute:getImage\n Arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Global Forwarding Rule External Managed\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultBackendService = new gcp.compute.BackendService(\"default\", {\n name: \"backend\",\n portName: \"http\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n loadBalancingScheme: \"EXTERNAL_MANAGED\",\n});\nconst defaultURLMap = new gcp.compute.URLMap(\"default\", {\n name: \"url-map-target-proxy\",\n description: \"a description\",\n defaultService: defaultBackendService.id,\n hostRules: [{\n hosts: [\"mysite.com\"],\n pathMatcher: \"allpaths\",\n }],\n pathMatchers: [{\n name: \"allpaths\",\n defaultService: defaultBackendService.id,\n pathRules: [{\n paths: [\"/*\"],\n service: defaultBackendService.id,\n }],\n }],\n});\nconst defaultTargetHttpProxy = new gcp.compute.TargetHttpProxy(\"default\", {\n name: \"target-proxy\",\n description: \"a description\",\n urlMap: defaultURLMap.id,\n});\nconst _default = new gcp.compute.GlobalForwardingRule(\"default\", {\n name: \"global-rule\",\n target: defaultTargetHttpProxy.id,\n portRange: \"80\",\n loadBalancingScheme: \"EXTERNAL_MANAGED\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_backend_service = gcp.compute.BackendService(\"default\",\n name=\"backend\",\n port_name=\"http\",\n protocol=\"HTTP\",\n timeout_sec=10,\n load_balancing_scheme=\"EXTERNAL_MANAGED\")\ndefault_url_map = gcp.compute.URLMap(\"default\",\n name=\"url-map-target-proxy\",\n description=\"a description\",\n default_service=default_backend_service.id,\n host_rules=[{\n \"hosts\": [\"mysite.com\"],\n \"path_matcher\": \"allpaths\",\n }],\n path_matchers=[{\n \"name\": \"allpaths\",\n \"default_service\": default_backend_service.id,\n \"path_rules\": [{\n \"paths\": [\"/*\"],\n \"service\": default_backend_service.id,\n }],\n }])\ndefault_target_http_proxy = gcp.compute.TargetHttpProxy(\"default\",\n name=\"target-proxy\",\n description=\"a description\",\n url_map=default_url_map.id)\ndefault = gcp.compute.GlobalForwardingRule(\"default\",\n name=\"global-rule\",\n target=default_target_http_proxy.id,\n port_range=\"80\",\n load_balancing_scheme=\"EXTERNAL_MANAGED\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultBackendService = new Gcp.Compute.BackendService(\"default\", new()\n {\n Name = \"backend\",\n PortName = \"http\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n LoadBalancingScheme = \"EXTERNAL_MANAGED\",\n });\n\n var defaultURLMap = new Gcp.Compute.URLMap(\"default\", new()\n {\n Name = \"url-map-target-proxy\",\n Description = \"a description\",\n DefaultService = defaultBackendService.Id,\n HostRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapHostRuleArgs\n {\n Hosts = new[]\n {\n \"mysite.com\",\n },\n PathMatcher = \"allpaths\",\n },\n },\n PathMatchers = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherArgs\n {\n Name = \"allpaths\",\n DefaultService = defaultBackendService.Id,\n PathRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs\n {\n Paths = new[]\n {\n \"/*\",\n },\n Service = defaultBackendService.Id,\n },\n },\n },\n },\n });\n\n var defaultTargetHttpProxy = new Gcp.Compute.TargetHttpProxy(\"default\", new()\n {\n Name = \"target-proxy\",\n Description = \"a description\",\n UrlMap = defaultURLMap.Id,\n });\n\n var @default = new Gcp.Compute.GlobalForwardingRule(\"default\", new()\n {\n Name = \"global-rule\",\n Target = defaultTargetHttpProxy.Id,\n PortRange = \"80\",\n LoadBalancingScheme = \"EXTERNAL_MANAGED\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultBackendService, err := compute.NewBackendService(ctx, \"default\", \u0026compute.BackendServiceArgs{\n\t\t\tName: pulumi.String(\"backend\"),\n\t\t\tPortName: pulumi.String(\"http\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL_MANAGED\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultURLMap, err := compute.NewURLMap(ctx, \"default\", \u0026compute.URLMapArgs{\n\t\t\tName: pulumi.String(\"url-map-target-proxy\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\tHostRules: compute.URLMapHostRuleArray{\n\t\t\t\t\u0026compute.URLMapHostRuleArgs{\n\t\t\t\t\tHosts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"mysite.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tPathMatcher: pulumi.String(\"allpaths\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPathMatchers: compute.URLMapPathMatcherArray{\n\t\t\t\t\u0026compute.URLMapPathMatcherArgs{\n\t\t\t\t\tName: pulumi.String(\"allpaths\"),\n\t\t\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\t\t\tPathRules: compute.URLMapPathMatcherPathRuleArray{\n\t\t\t\t\t\t\u0026compute.URLMapPathMatcherPathRuleArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"/*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tService: defaultBackendService.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTargetHttpProxy, err := compute.NewTargetHttpProxy(ctx, \"default\", \u0026compute.TargetHttpProxyArgs{\n\t\t\tName: pulumi.String(\"target-proxy\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tUrlMap: defaultURLMap.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewGlobalForwardingRule(ctx, \"default\", \u0026compute.GlobalForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"global-rule\"),\n\t\t\tTarget: defaultTargetHttpProxy.ID(),\n\t\t\tPortRange: pulumi.String(\"80\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL_MANAGED\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.BackendService;\nimport com.pulumi.gcp.compute.BackendServiceArgs;\nimport com.pulumi.gcp.compute.URLMap;\nimport com.pulumi.gcp.compute.URLMapArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;\nimport com.pulumi.gcp.compute.TargetHttpProxy;\nimport com.pulumi.gcp.compute.TargetHttpProxyArgs;\nimport com.pulumi.gcp.compute.GlobalForwardingRule;\nimport com.pulumi.gcp.compute.GlobalForwardingRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultBackendService = new BackendService(\"defaultBackendService\", BackendServiceArgs.builder()\n .name(\"backend\")\n .portName(\"http\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .loadBalancingScheme(\"EXTERNAL_MANAGED\")\n .build());\n\n var defaultURLMap = new URLMap(\"defaultURLMap\", URLMapArgs.builder()\n .name(\"url-map-target-proxy\")\n .description(\"a description\")\n .defaultService(defaultBackendService.id())\n .hostRules(URLMapHostRuleArgs.builder()\n .hosts(\"mysite.com\")\n .pathMatcher(\"allpaths\")\n .build())\n .pathMatchers(URLMapPathMatcherArgs.builder()\n .name(\"allpaths\")\n .defaultService(defaultBackendService.id())\n .pathRules(URLMapPathMatcherPathRuleArgs.builder()\n .paths(\"/*\")\n .service(defaultBackendService.id())\n .build())\n .build())\n .build());\n\n var defaultTargetHttpProxy = new TargetHttpProxy(\"defaultTargetHttpProxy\", TargetHttpProxyArgs.builder()\n .name(\"target-proxy\")\n .description(\"a description\")\n .urlMap(defaultURLMap.id())\n .build());\n\n var default_ = new GlobalForwardingRule(\"default\", GlobalForwardingRuleArgs.builder()\n .name(\"global-rule\")\n .target(defaultTargetHttpProxy.id())\n .portRange(\"80\")\n .loadBalancingScheme(\"EXTERNAL_MANAGED\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:GlobalForwardingRule\n properties:\n name: global-rule\n target: ${defaultTargetHttpProxy.id}\n portRange: '80'\n loadBalancingScheme: EXTERNAL_MANAGED\n defaultTargetHttpProxy:\n type: gcp:compute:TargetHttpProxy\n name: default\n properties:\n name: target-proxy\n description: a description\n urlMap: ${defaultURLMap.id}\n defaultURLMap:\n type: gcp:compute:URLMap\n name: default\n properties:\n name: url-map-target-proxy\n description: a description\n defaultService: ${defaultBackendService.id}\n hostRules:\n - hosts:\n - mysite.com\n pathMatcher: allpaths\n pathMatchers:\n - name: allpaths\n defaultService: ${defaultBackendService.id}\n pathRules:\n - paths:\n - /*\n service: ${defaultBackendService.id}\n defaultBackendService:\n type: gcp:compute:BackendService\n name: default\n properties:\n name: backend\n portName: http\n protocol: HTTP\n timeoutSec: 10\n loadBalancingScheme: EXTERNAL_MANAGED\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Global Forwarding Rule Hybrid\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst config = new pulumi.Config();\nconst subnetworkCidr = config.get(\"subnetworkCidr\") || \"10.0.0.0/24\";\nconst _default = new gcp.compute.Network(\"default\", {name: \"my-network\"});\nconst internal = new gcp.compute.Network(\"internal\", {\n name: \"my-internal-network\",\n autoCreateSubnetworks: false,\n});\nconst internalSubnetwork = new gcp.compute.Subnetwork(\"internal\", {\n name: \"my-subnetwork\",\n network: internal.id,\n ipCidrRange: subnetworkCidr,\n region: \"us-central1\",\n privateIpGoogleAccess: true,\n});\n// Zonal NEG with GCE_VM_IP_PORT\nconst defaultNetworkEndpointGroup = new gcp.compute.NetworkEndpointGroup(\"default\", {\n name: \"default-neg\",\n network: _default.id,\n defaultPort: 90,\n zone: \"us-central1-a\",\n networkEndpointType: \"GCE_VM_IP_PORT\",\n});\n// Zonal NEG with GCE_VM_IP\nconst internalNetworkEndpointGroup = new gcp.compute.NetworkEndpointGroup(\"internal\", {\n name: \"internal-neg\",\n network: internal.id,\n subnetwork: internalSubnetwork.id,\n zone: \"us-central1-a\",\n networkEndpointType: \"GCE_VM_IP\",\n});\n// Hybrid connectivity NEG\nconst hybrid = new gcp.compute.NetworkEndpointGroup(\"hybrid\", {\n name: \"hybrid-neg\",\n network: _default.id,\n defaultPort: 90,\n zone: \"us-central1-a\",\n networkEndpointType: \"NON_GCP_PRIVATE_IP_PORT\",\n});\nconst hybrid_endpoint = new gcp.compute.NetworkEndpoint(\"hybrid-endpoint\", {\n networkEndpointGroup: hybrid.name,\n port: hybrid.defaultPort,\n ipAddress: \"127.0.0.1\",\n});\nconst defaultHealthCheck = new gcp.compute.HealthCheck(\"default\", {\n name: \"health-check\",\n timeoutSec: 1,\n checkIntervalSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\n// Backend service for Zonal NEG\nconst defaultBackendService = new gcp.compute.BackendService(\"default\", {\n name: \"backend-default\",\n portName: \"http\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n backends: [{\n group: defaultNetworkEndpointGroup.id,\n balancingMode: \"RATE\",\n maxRatePerEndpoint: 10,\n }],\n healthChecks: defaultHealthCheck.id,\n});\n// Backgend service for Hybrid NEG\nconst hybridBackendService = new gcp.compute.BackendService(\"hybrid\", {\n name: \"backend-hybrid\",\n portName: \"http\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n backends: [{\n group: hybrid.id,\n balancingMode: \"RATE\",\n maxRatePerEndpoint: 10,\n }],\n healthChecks: defaultHealthCheck.id,\n});\nconst defaultURLMap = new gcp.compute.URLMap(\"default\", {\n name: \"url-map-target-proxy\",\n description: \"a description\",\n defaultService: defaultBackendService.id,\n hostRules: [{\n hosts: [\"mysite.com\"],\n pathMatcher: \"allpaths\",\n }],\n pathMatchers: [{\n name: \"allpaths\",\n defaultService: defaultBackendService.id,\n pathRules: [\n {\n paths: [\"/*\"],\n service: defaultBackendService.id,\n },\n {\n paths: [\"/hybrid\"],\n service: hybridBackendService.id,\n },\n ],\n }],\n});\nconst defaultTargetHttpProxy = new gcp.compute.TargetHttpProxy(\"default\", {\n name: \"target-proxy\",\n description: \"a description\",\n urlMap: defaultURLMap.id,\n});\nconst defaultGlobalForwardingRule = new gcp.compute.GlobalForwardingRule(\"default\", {\n name: \"global-rule\",\n target: defaultTargetHttpProxy.id,\n portRange: \"80\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nconfig = pulumi.Config()\nsubnetwork_cidr = config.get(\"subnetworkCidr\")\nif subnetwork_cidr is None:\n subnetwork_cidr = \"10.0.0.0/24\"\ndefault = gcp.compute.Network(\"default\", name=\"my-network\")\ninternal = gcp.compute.Network(\"internal\",\n name=\"my-internal-network\",\n auto_create_subnetworks=False)\ninternal_subnetwork = gcp.compute.Subnetwork(\"internal\",\n name=\"my-subnetwork\",\n network=internal.id,\n ip_cidr_range=subnetwork_cidr,\n region=\"us-central1\",\n private_ip_google_access=True)\n# Zonal NEG with GCE_VM_IP_PORT\ndefault_network_endpoint_group = gcp.compute.NetworkEndpointGroup(\"default\",\n name=\"default-neg\",\n network=default.id,\n default_port=90,\n zone=\"us-central1-a\",\n network_endpoint_type=\"GCE_VM_IP_PORT\")\n# Zonal NEG with GCE_VM_IP\ninternal_network_endpoint_group = gcp.compute.NetworkEndpointGroup(\"internal\",\n name=\"internal-neg\",\n network=internal.id,\n subnetwork=internal_subnetwork.id,\n zone=\"us-central1-a\",\n network_endpoint_type=\"GCE_VM_IP\")\n# Hybrid connectivity NEG\nhybrid = gcp.compute.NetworkEndpointGroup(\"hybrid\",\n name=\"hybrid-neg\",\n network=default.id,\n default_port=90,\n zone=\"us-central1-a\",\n network_endpoint_type=\"NON_GCP_PRIVATE_IP_PORT\")\nhybrid_endpoint = gcp.compute.NetworkEndpoint(\"hybrid-endpoint\",\n network_endpoint_group=hybrid.name,\n port=hybrid.default_port,\n ip_address=\"127.0.0.1\")\ndefault_health_check = gcp.compute.HealthCheck(\"default\",\n name=\"health-check\",\n timeout_sec=1,\n check_interval_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\n# Backend service for Zonal NEG\ndefault_backend_service = gcp.compute.BackendService(\"default\",\n name=\"backend-default\",\n port_name=\"http\",\n protocol=\"HTTP\",\n timeout_sec=10,\n backends=[{\n \"group\": default_network_endpoint_group.id,\n \"balancing_mode\": \"RATE\",\n \"max_rate_per_endpoint\": 10,\n }],\n health_checks=default_health_check.id)\n# Backgend service for Hybrid NEG\nhybrid_backend_service = gcp.compute.BackendService(\"hybrid\",\n name=\"backend-hybrid\",\n port_name=\"http\",\n protocol=\"HTTP\",\n timeout_sec=10,\n backends=[{\n \"group\": hybrid.id,\n \"balancing_mode\": \"RATE\",\n \"max_rate_per_endpoint\": 10,\n }],\n health_checks=default_health_check.id)\ndefault_url_map = gcp.compute.URLMap(\"default\",\n name=\"url-map-target-proxy\",\n description=\"a description\",\n default_service=default_backend_service.id,\n host_rules=[{\n \"hosts\": [\"mysite.com\"],\n \"path_matcher\": \"allpaths\",\n }],\n path_matchers=[{\n \"name\": \"allpaths\",\n \"default_service\": default_backend_service.id,\n \"path_rules\": [\n {\n \"paths\": [\"/*\"],\n \"service\": default_backend_service.id,\n },\n {\n \"paths\": [\"/hybrid\"],\n \"service\": hybrid_backend_service.id,\n },\n ],\n }])\ndefault_target_http_proxy = gcp.compute.TargetHttpProxy(\"default\",\n name=\"target-proxy\",\n description=\"a description\",\n url_map=default_url_map.id)\ndefault_global_forwarding_rule = gcp.compute.GlobalForwardingRule(\"default\",\n name=\"global-rule\",\n target=default_target_http_proxy.id,\n port_range=\"80\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var subnetworkCidr = config.Get(\"subnetworkCidr\") ?? \"10.0.0.0/24\";\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"my-network\",\n });\n\n var @internal = new Gcp.Compute.Network(\"internal\", new()\n {\n Name = \"my-internal-network\",\n AutoCreateSubnetworks = false,\n });\n\n var internalSubnetwork = new Gcp.Compute.Subnetwork(\"internal\", new()\n {\n Name = \"my-subnetwork\",\n Network = @internal.Id,\n IpCidrRange = subnetworkCidr,\n Region = \"us-central1\",\n PrivateIpGoogleAccess = true,\n });\n\n // Zonal NEG with GCE_VM_IP_PORT\n var defaultNetworkEndpointGroup = new Gcp.Compute.NetworkEndpointGroup(\"default\", new()\n {\n Name = \"default-neg\",\n Network = @default.Id,\n DefaultPort = 90,\n Zone = \"us-central1-a\",\n NetworkEndpointType = \"GCE_VM_IP_PORT\",\n });\n\n // Zonal NEG with GCE_VM_IP\n var internalNetworkEndpointGroup = new Gcp.Compute.NetworkEndpointGroup(\"internal\", new()\n {\n Name = \"internal-neg\",\n Network = @internal.Id,\n Subnetwork = internalSubnetwork.Id,\n Zone = \"us-central1-a\",\n NetworkEndpointType = \"GCE_VM_IP\",\n });\n\n // Hybrid connectivity NEG\n var hybrid = new Gcp.Compute.NetworkEndpointGroup(\"hybrid\", new()\n {\n Name = \"hybrid-neg\",\n Network = @default.Id,\n DefaultPort = 90,\n Zone = \"us-central1-a\",\n NetworkEndpointType = \"NON_GCP_PRIVATE_IP_PORT\",\n });\n\n var hybrid_endpoint = new Gcp.Compute.NetworkEndpoint(\"hybrid-endpoint\", new()\n {\n NetworkEndpointGroup = hybrid.Name,\n Port = hybrid.DefaultPort,\n IpAddress = \"127.0.0.1\",\n });\n\n var defaultHealthCheck = new Gcp.Compute.HealthCheck(\"default\", new()\n {\n Name = \"health-check\",\n TimeoutSec = 1,\n CheckIntervalSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n // Backend service for Zonal NEG\n var defaultBackendService = new Gcp.Compute.BackendService(\"default\", new()\n {\n Name = \"backend-default\",\n PortName = \"http\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n Backends = new[]\n {\n new Gcp.Compute.Inputs.BackendServiceBackendArgs\n {\n Group = defaultNetworkEndpointGroup.Id,\n BalancingMode = \"RATE\",\n MaxRatePerEndpoint = 10,\n },\n },\n HealthChecks = defaultHealthCheck.Id,\n });\n\n // Backgend service for Hybrid NEG\n var hybridBackendService = new Gcp.Compute.BackendService(\"hybrid\", new()\n {\n Name = \"backend-hybrid\",\n PortName = \"http\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n Backends = new[]\n {\n new Gcp.Compute.Inputs.BackendServiceBackendArgs\n {\n Group = hybrid.Id,\n BalancingMode = \"RATE\",\n MaxRatePerEndpoint = 10,\n },\n },\n HealthChecks = defaultHealthCheck.Id,\n });\n\n var defaultURLMap = new Gcp.Compute.URLMap(\"default\", new()\n {\n Name = \"url-map-target-proxy\",\n Description = \"a description\",\n DefaultService = defaultBackendService.Id,\n HostRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapHostRuleArgs\n {\n Hosts = new[]\n {\n \"mysite.com\",\n },\n PathMatcher = \"allpaths\",\n },\n },\n PathMatchers = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherArgs\n {\n Name = \"allpaths\",\n DefaultService = defaultBackendService.Id,\n PathRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs\n {\n Paths = new[]\n {\n \"/*\",\n },\n Service = defaultBackendService.Id,\n },\n new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs\n {\n Paths = new[]\n {\n \"/hybrid\",\n },\n Service = hybridBackendService.Id,\n },\n },\n },\n },\n });\n\n var defaultTargetHttpProxy = new Gcp.Compute.TargetHttpProxy(\"default\", new()\n {\n Name = \"target-proxy\",\n Description = \"a description\",\n UrlMap = defaultURLMap.Id,\n });\n\n var defaultGlobalForwardingRule = new Gcp.Compute.GlobalForwardingRule(\"default\", new()\n {\n Name = \"global-rule\",\n Target = defaultTargetHttpProxy.Id,\n PortRange = \"80\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tsubnetworkCidr := \"10.0.0.0/24\"\n\t\tif param := cfg.Get(\"subnetworkCidr\"); param != \"\" {\n\t\t\tsubnetworkCidr = param\n\t\t}\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinternal, err := compute.NewNetwork(ctx, \"internal\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"my-internal-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinternalSubnetwork, err := compute.NewSubnetwork(ctx, \"internal\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"my-subnetwork\"),\n\t\t\tNetwork: internal.ID(),\n\t\t\tIpCidrRange: pulumi.String(subnetworkCidr),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tPrivateIpGoogleAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Zonal NEG with GCE_VM_IP_PORT\n\t\tdefaultNetworkEndpointGroup, err := compute.NewNetworkEndpointGroup(ctx, \"default\", \u0026compute.NetworkEndpointGroupArgs{\n\t\t\tName: pulumi.String(\"default-neg\"),\n\t\t\tNetwork: _default.ID(),\n\t\t\tDefaultPort: pulumi.Int(90),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tNetworkEndpointType: pulumi.String(\"GCE_VM_IP_PORT\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Zonal NEG with GCE_VM_IP\n\t\t_, err = compute.NewNetworkEndpointGroup(ctx, \"internal\", \u0026compute.NetworkEndpointGroupArgs{\n\t\t\tName: pulumi.String(\"internal-neg\"),\n\t\t\tNetwork: internal.ID(),\n\t\t\tSubnetwork: internalSubnetwork.ID(),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tNetworkEndpointType: pulumi.String(\"GCE_VM_IP\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Hybrid connectivity NEG\n\t\thybrid, err := compute.NewNetworkEndpointGroup(ctx, \"hybrid\", \u0026compute.NetworkEndpointGroupArgs{\n\t\t\tName: pulumi.String(\"hybrid-neg\"),\n\t\t\tNetwork: _default.ID(),\n\t\t\tDefaultPort: pulumi.Int(90),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tNetworkEndpointType: pulumi.String(\"NON_GCP_PRIVATE_IP_PORT\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNetworkEndpoint(ctx, \"hybrid-endpoint\", \u0026compute.NetworkEndpointArgs{\n\t\t\tNetworkEndpointGroup: hybrid.Name,\n\t\t\tPort: hybrid.DefaultPort,\n\t\t\tIpAddress: pulumi.String(\"127.0.0.1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultHealthCheck, err := compute.NewHealthCheck(ctx, \"default\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"health-check\"),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Backend service for Zonal NEG\n\t\tdefaultBackendService, err := compute.NewBackendService(ctx, \"default\", \u0026compute.BackendServiceArgs{\n\t\t\tName: pulumi.String(\"backend-default\"),\n\t\t\tPortName: pulumi.String(\"http\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tBackends: compute.BackendServiceBackendArray{\n\t\t\t\t\u0026compute.BackendServiceBackendArgs{\n\t\t\t\t\tGroup: defaultNetworkEndpointGroup.ID(),\n\t\t\t\t\tBalancingMode: pulumi.String(\"RATE\"),\n\t\t\t\t\tMaxRatePerEndpoint: pulumi.Float64(10),\n\t\t\t\t},\n\t\t\t},\n\t\t\tHealthChecks: defaultHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Backgend service for Hybrid NEG\n\t\thybridBackendService, err := compute.NewBackendService(ctx, \"hybrid\", \u0026compute.BackendServiceArgs{\n\t\t\tName: pulumi.String(\"backend-hybrid\"),\n\t\t\tPortName: pulumi.String(\"http\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tBackends: compute.BackendServiceBackendArray{\n\t\t\t\t\u0026compute.BackendServiceBackendArgs{\n\t\t\t\t\tGroup: hybrid.ID(),\n\t\t\t\t\tBalancingMode: pulumi.String(\"RATE\"),\n\t\t\t\t\tMaxRatePerEndpoint: pulumi.Float64(10),\n\t\t\t\t},\n\t\t\t},\n\t\t\tHealthChecks: defaultHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultURLMap, err := compute.NewURLMap(ctx, \"default\", \u0026compute.URLMapArgs{\n\t\t\tName: pulumi.String(\"url-map-target-proxy\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\tHostRules: compute.URLMapHostRuleArray{\n\t\t\t\t\u0026compute.URLMapHostRuleArgs{\n\t\t\t\t\tHosts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"mysite.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tPathMatcher: pulumi.String(\"allpaths\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPathMatchers: compute.URLMapPathMatcherArray{\n\t\t\t\t\u0026compute.URLMapPathMatcherArgs{\n\t\t\t\t\tName: pulumi.String(\"allpaths\"),\n\t\t\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\t\t\tPathRules: compute.URLMapPathMatcherPathRuleArray{\n\t\t\t\t\t\t\u0026compute.URLMapPathMatcherPathRuleArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"/*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tService: defaultBackendService.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026compute.URLMapPathMatcherPathRuleArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"/hybrid\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tService: hybridBackendService.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTargetHttpProxy, err := compute.NewTargetHttpProxy(ctx, \"default\", \u0026compute.TargetHttpProxyArgs{\n\t\t\tName: pulumi.String(\"target-proxy\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tUrlMap: defaultURLMap.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewGlobalForwardingRule(ctx, \"default\", \u0026compute.GlobalForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"global-rule\"),\n\t\t\tTarget: defaultTargetHttpProxy.ID(),\n\t\t\tPortRange: pulumi.String(\"80\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.NetworkEndpointGroup;\nimport com.pulumi.gcp.compute.NetworkEndpointGroupArgs;\nimport com.pulumi.gcp.compute.NetworkEndpoint;\nimport com.pulumi.gcp.compute.NetworkEndpointArgs;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.BackendService;\nimport com.pulumi.gcp.compute.BackendServiceArgs;\nimport com.pulumi.gcp.compute.inputs.BackendServiceBackendArgs;\nimport com.pulumi.gcp.compute.URLMap;\nimport com.pulumi.gcp.compute.URLMapArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;\nimport com.pulumi.gcp.compute.TargetHttpProxy;\nimport com.pulumi.gcp.compute.TargetHttpProxyArgs;\nimport com.pulumi.gcp.compute.GlobalForwardingRule;\nimport com.pulumi.gcp.compute.GlobalForwardingRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var subnetworkCidr = config.get(\"subnetworkCidr\").orElse(\"10.0.0.0/24\");\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"my-network\")\n .build());\n\n var internal = new Network(\"internal\", NetworkArgs.builder()\n .name(\"my-internal-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var internalSubnetwork = new Subnetwork(\"internalSubnetwork\", SubnetworkArgs.builder()\n .name(\"my-subnetwork\")\n .network(internal.id())\n .ipCidrRange(subnetworkCidr)\n .region(\"us-central1\")\n .privateIpGoogleAccess(true)\n .build());\n\n // Zonal NEG with GCE_VM_IP_PORT\n var defaultNetworkEndpointGroup = new NetworkEndpointGroup(\"defaultNetworkEndpointGroup\", NetworkEndpointGroupArgs.builder()\n .name(\"default-neg\")\n .network(default_.id())\n .defaultPort(\"90\")\n .zone(\"us-central1-a\")\n .networkEndpointType(\"GCE_VM_IP_PORT\")\n .build());\n\n // Zonal NEG with GCE_VM_IP\n var internalNetworkEndpointGroup = new NetworkEndpointGroup(\"internalNetworkEndpointGroup\", NetworkEndpointGroupArgs.builder()\n .name(\"internal-neg\")\n .network(internal.id())\n .subnetwork(internalSubnetwork.id())\n .zone(\"us-central1-a\")\n .networkEndpointType(\"GCE_VM_IP\")\n .build());\n\n // Hybrid connectivity NEG\n var hybrid = new NetworkEndpointGroup(\"hybrid\", NetworkEndpointGroupArgs.builder()\n .name(\"hybrid-neg\")\n .network(default_.id())\n .defaultPort(\"90\")\n .zone(\"us-central1-a\")\n .networkEndpointType(\"NON_GCP_PRIVATE_IP_PORT\")\n .build());\n\n var hybrid_endpoint = new NetworkEndpoint(\"hybrid-endpoint\", NetworkEndpointArgs.builder()\n .networkEndpointGroup(hybrid.name())\n .port(hybrid.defaultPort())\n .ipAddress(\"127.0.0.1\")\n .build());\n\n var defaultHealthCheck = new HealthCheck(\"defaultHealthCheck\", HealthCheckArgs.builder()\n .name(\"health-check\")\n .timeoutSec(1)\n .checkIntervalSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n // Backend service for Zonal NEG\n var defaultBackendService = new BackendService(\"defaultBackendService\", BackendServiceArgs.builder()\n .name(\"backend-default\")\n .portName(\"http\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .backends(BackendServiceBackendArgs.builder()\n .group(defaultNetworkEndpointGroup.id())\n .balancingMode(\"RATE\")\n .maxRatePerEndpoint(10)\n .build())\n .healthChecks(defaultHealthCheck.id())\n .build());\n\n // Backgend service for Hybrid NEG\n var hybridBackendService = new BackendService(\"hybridBackendService\", BackendServiceArgs.builder()\n .name(\"backend-hybrid\")\n .portName(\"http\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .backends(BackendServiceBackendArgs.builder()\n .group(hybrid.id())\n .balancingMode(\"RATE\")\n .maxRatePerEndpoint(10)\n .build())\n .healthChecks(defaultHealthCheck.id())\n .build());\n\n var defaultURLMap = new URLMap(\"defaultURLMap\", URLMapArgs.builder()\n .name(\"url-map-target-proxy\")\n .description(\"a description\")\n .defaultService(defaultBackendService.id())\n .hostRules(URLMapHostRuleArgs.builder()\n .hosts(\"mysite.com\")\n .pathMatcher(\"allpaths\")\n .build())\n .pathMatchers(URLMapPathMatcherArgs.builder()\n .name(\"allpaths\")\n .defaultService(defaultBackendService.id())\n .pathRules( \n URLMapPathMatcherPathRuleArgs.builder()\n .paths(\"/*\")\n .service(defaultBackendService.id())\n .build(),\n URLMapPathMatcherPathRuleArgs.builder()\n .paths(\"/hybrid\")\n .service(hybridBackendService.id())\n .build())\n .build())\n .build());\n\n var defaultTargetHttpProxy = new TargetHttpProxy(\"defaultTargetHttpProxy\", TargetHttpProxyArgs.builder()\n .name(\"target-proxy\")\n .description(\"a description\")\n .urlMap(defaultURLMap.id())\n .build());\n\n var defaultGlobalForwardingRule = new GlobalForwardingRule(\"defaultGlobalForwardingRule\", GlobalForwardingRuleArgs.builder()\n .name(\"global-rule\")\n .target(defaultTargetHttpProxy.id())\n .portRange(\"80\")\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n # Roughly mirrors https://cloud.google.com/load-balancing/docs/https/setting-up-ext-https-hybrid\n subnetworkCidr:\n type: string\n default: 10.0.0.0/24\nresources:\n default:\n type: gcp:compute:Network\n properties:\n name: my-network\n internal:\n type: gcp:compute:Network\n properties:\n name: my-internal-network\n autoCreateSubnetworks: false\n internalSubnetwork:\n type: gcp:compute:Subnetwork\n name: internal\n properties:\n name: my-subnetwork\n network: ${internal.id}\n ipCidrRange: ${subnetworkCidr}\n region: us-central1\n privateIpGoogleAccess: true\n # Zonal NEG with GCE_VM_IP_PORT\n defaultNetworkEndpointGroup:\n type: gcp:compute:NetworkEndpointGroup\n name: default\n properties:\n name: default-neg\n network: ${default.id}\n defaultPort: '90'\n zone: us-central1-a\n networkEndpointType: GCE_VM_IP_PORT\n # Zonal NEG with GCE_VM_IP\n internalNetworkEndpointGroup:\n type: gcp:compute:NetworkEndpointGroup\n name: internal\n properties:\n name: internal-neg\n network: ${internal.id}\n subnetwork: ${internalSubnetwork.id}\n zone: us-central1-a\n networkEndpointType: GCE_VM_IP\n # Hybrid connectivity NEG\n hybrid:\n type: gcp:compute:NetworkEndpointGroup\n properties:\n name: hybrid-neg\n network: ${default.id}\n defaultPort: '90'\n zone: us-central1-a\n networkEndpointType: NON_GCP_PRIVATE_IP_PORT\n hybrid-endpoint:\n type: gcp:compute:NetworkEndpoint\n properties:\n networkEndpointGroup: ${hybrid.name}\n port: ${hybrid.defaultPort}\n ipAddress: 127.0.0.1\n # Backend service for Zonal NEG\n defaultBackendService:\n type: gcp:compute:BackendService\n name: default\n properties:\n name: backend-default\n portName: http\n protocol: HTTP\n timeoutSec: 10\n backends:\n - group: ${defaultNetworkEndpointGroup.id}\n balancingMode: RATE\n maxRatePerEndpoint: 10\n healthChecks: ${defaultHealthCheck.id}\n # Backgend service for Hybrid NEG\n hybridBackendService:\n type: gcp:compute:BackendService\n name: hybrid\n properties:\n name: backend-hybrid\n portName: http\n protocol: HTTP\n timeoutSec: 10\n backends:\n - group: ${hybrid.id}\n balancingMode: RATE\n maxRatePerEndpoint: 10\n healthChecks: ${defaultHealthCheck.id}\n defaultHealthCheck:\n type: gcp:compute:HealthCheck\n name: default\n properties:\n name: health-check\n timeoutSec: 1\n checkIntervalSec: 1\n tcpHealthCheck:\n port: '80'\n defaultURLMap:\n type: gcp:compute:URLMap\n name: default\n properties:\n name: url-map-target-proxy\n description: a description\n defaultService: ${defaultBackendService.id}\n hostRules:\n - hosts:\n - mysite.com\n pathMatcher: allpaths\n pathMatchers:\n - name: allpaths\n defaultService: ${defaultBackendService.id}\n pathRules:\n - paths:\n - /*\n service: ${defaultBackendService.id}\n - paths:\n - /hybrid\n service: ${hybridBackendService.id}\n defaultTargetHttpProxy:\n type: gcp:compute:TargetHttpProxy\n name: default\n properties:\n name: target-proxy\n description: a description\n urlMap: ${defaultURLMap.id}\n defaultGlobalForwardingRule:\n type: gcp:compute:GlobalForwardingRule\n name: default\n properties:\n name: global-rule\n target: ${defaultTargetHttpProxy.id}\n portRange: '80'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Private Service Connect Google Apis\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network = new gcp.compute.Network(\"network\", {\n project: \"my-project-name\",\n name: \"my-network\",\n autoCreateSubnetworks: false,\n});\nconst vpcSubnetwork = new gcp.compute.Subnetwork(\"vpc_subnetwork\", {\n project: network.project,\n name: \"my-subnetwork\",\n ipCidrRange: \"10.2.0.0/16\",\n region: \"us-central1\",\n network: network.id,\n privateIpGoogleAccess: true,\n});\nconst _default = new gcp.compute.GlobalAddress(\"default\", {\n project: network.project,\n name: \"global-psconnect-ip\",\n addressType: \"INTERNAL\",\n purpose: \"PRIVATE_SERVICE_CONNECT\",\n network: network.id,\n address: \"100.100.100.106\",\n});\nconst defaultGlobalForwardingRule = new gcp.compute.GlobalForwardingRule(\"default\", {\n project: network.project,\n name: \"globalrule\",\n target: \"all-apis\",\n network: network.id,\n ipAddress: _default.id,\n loadBalancingScheme: \"\",\n serviceDirectoryRegistrations: {\n namespace: \"sd-namespace\",\n serviceDirectoryRegion: \"europe-west3\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork = gcp.compute.Network(\"network\",\n project=\"my-project-name\",\n name=\"my-network\",\n auto_create_subnetworks=False)\nvpc_subnetwork = gcp.compute.Subnetwork(\"vpc_subnetwork\",\n project=network.project,\n name=\"my-subnetwork\",\n ip_cidr_range=\"10.2.0.0/16\",\n region=\"us-central1\",\n network=network.id,\n private_ip_google_access=True)\ndefault = gcp.compute.GlobalAddress(\"default\",\n project=network.project,\n name=\"global-psconnect-ip\",\n address_type=\"INTERNAL\",\n purpose=\"PRIVATE_SERVICE_CONNECT\",\n network=network.id,\n address=\"100.100.100.106\")\ndefault_global_forwarding_rule = gcp.compute.GlobalForwardingRule(\"default\",\n project=network.project,\n name=\"globalrule\",\n target=\"all-apis\",\n network=network.id,\n ip_address=default.id,\n load_balancing_scheme=\"\",\n service_directory_registrations={\n \"namespace\": \"sd-namespace\",\n \"service_directory_region\": \"europe-west3\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Project = \"my-project-name\",\n Name = \"my-network\",\n AutoCreateSubnetworks = false,\n });\n\n var vpcSubnetwork = new Gcp.Compute.Subnetwork(\"vpc_subnetwork\", new()\n {\n Project = network.Project,\n Name = \"my-subnetwork\",\n IpCidrRange = \"10.2.0.0/16\",\n Region = \"us-central1\",\n Network = network.Id,\n PrivateIpGoogleAccess = true,\n });\n\n var @default = new Gcp.Compute.GlobalAddress(\"default\", new()\n {\n Project = network.Project,\n Name = \"global-psconnect-ip\",\n AddressType = \"INTERNAL\",\n Purpose = \"PRIVATE_SERVICE_CONNECT\",\n Network = network.Id,\n Address = \"100.100.100.106\",\n });\n\n var defaultGlobalForwardingRule = new Gcp.Compute.GlobalForwardingRule(\"default\", new()\n {\n Project = network.Project,\n Name = \"globalrule\",\n Target = \"all-apis\",\n Network = network.Id,\n IpAddress = @default.Id,\n LoadBalancingScheme = \"\",\n ServiceDirectoryRegistrations = new Gcp.Compute.Inputs.GlobalForwardingRuleServiceDirectoryRegistrationsArgs\n {\n Namespace = \"sd-namespace\",\n ServiceDirectoryRegion = \"europe-west3\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetwork(ctx, \"vpc_subnetwork\", \u0026compute.SubnetworkArgs{\n\t\t\tProject: network.Project,\n\t\t\tName: pulumi.String(\"my-subnetwork\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.2.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: network.ID(),\n\t\t\tPrivateIpGoogleAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewGlobalAddress(ctx, \"default\", \u0026compute.GlobalAddressArgs{\n\t\t\tProject: network.Project,\n\t\t\tName: pulumi.String(\"global-psconnect-ip\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"PRIVATE_SERVICE_CONNECT\"),\n\t\t\tNetwork: network.ID(),\n\t\t\tAddress: pulumi.String(\"100.100.100.106\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewGlobalForwardingRule(ctx, \"default\", \u0026compute.GlobalForwardingRuleArgs{\n\t\t\tProject: network.Project,\n\t\t\tName: pulumi.String(\"globalrule\"),\n\t\t\tTarget: pulumi.String(\"all-apis\"),\n\t\t\tNetwork: network.ID(),\n\t\t\tIpAddress: _default.ID(),\n\t\t\tLoadBalancingScheme: pulumi.String(\"\"),\n\t\t\tServiceDirectoryRegistrations: \u0026compute.GlobalForwardingRuleServiceDirectoryRegistrationsArgs{\n\t\t\t\tNamespace: pulumi.String(\"sd-namespace\"),\n\t\t\t\tServiceDirectoryRegion: pulumi.String(\"europe-west3\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.compute.GlobalForwardingRule;\nimport com.pulumi.gcp.compute.GlobalForwardingRuleArgs;\nimport com.pulumi.gcp.compute.inputs.GlobalForwardingRuleServiceDirectoryRegistrationsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network = new Network(\"network\", NetworkArgs.builder()\n .project(\"my-project-name\")\n .name(\"my-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var vpcSubnetwork = new Subnetwork(\"vpcSubnetwork\", SubnetworkArgs.builder()\n .project(network.project())\n .name(\"my-subnetwork\")\n .ipCidrRange(\"10.2.0.0/16\")\n .region(\"us-central1\")\n .network(network.id())\n .privateIpGoogleAccess(true)\n .build());\n\n var default_ = new GlobalAddress(\"default\", GlobalAddressArgs.builder()\n .project(network.project())\n .name(\"global-psconnect-ip\")\n .addressType(\"INTERNAL\")\n .purpose(\"PRIVATE_SERVICE_CONNECT\")\n .network(network.id())\n .address(\"100.100.100.106\")\n .build());\n\n var defaultGlobalForwardingRule = new GlobalForwardingRule(\"defaultGlobalForwardingRule\", GlobalForwardingRuleArgs.builder()\n .project(network.project())\n .name(\"globalrule\")\n .target(\"all-apis\")\n .network(network.id())\n .ipAddress(default_.id())\n .loadBalancingScheme(\"\")\n .serviceDirectoryRegistrations(GlobalForwardingRuleServiceDirectoryRegistrationsArgs.builder()\n .namespace(\"sd-namespace\")\n .serviceDirectoryRegion(\"europe-west3\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n network:\n type: gcp:compute:Network\n properties:\n project: my-project-name\n name: my-network\n autoCreateSubnetworks: false\n vpcSubnetwork:\n type: gcp:compute:Subnetwork\n name: vpc_subnetwork\n properties:\n project: ${network.project}\n name: my-subnetwork\n ipCidrRange: 10.2.0.0/16\n region: us-central1\n network: ${network.id}\n privateIpGoogleAccess: true\n default:\n type: gcp:compute:GlobalAddress\n properties:\n project: ${network.project}\n name: global-psconnect-ip\n addressType: INTERNAL\n purpose: PRIVATE_SERVICE_CONNECT\n network: ${network.id}\n address: 100.100.100.106\n defaultGlobalForwardingRule:\n type: gcp:compute:GlobalForwardingRule\n name: default\n properties:\n project: ${network.project}\n name: globalrule\n target: all-apis\n network: ${network.id}\n ipAddress: ${default.id}\n loadBalancingScheme:\n serviceDirectoryRegistrations:\n namespace: sd-namespace\n serviceDirectoryRegion: europe-west3\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Private Service Connect Google Apis No Automate Dns\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network = new gcp.compute.Network(\"network\", {\n project: \"my-project-name\",\n name: \"my-network\",\n autoCreateSubnetworks: false,\n});\nconst vpcSubnetwork = new gcp.compute.Subnetwork(\"vpc_subnetwork\", {\n project: network.project,\n name: \"my-subnetwork\",\n ipCidrRange: \"10.2.0.0/16\",\n region: \"us-central1\",\n network: network.id,\n privateIpGoogleAccess: true,\n});\nconst _default = new gcp.compute.GlobalAddress(\"default\", {\n project: network.project,\n name: \"global-psconnect-ip\",\n addressType: \"INTERNAL\",\n purpose: \"PRIVATE_SERVICE_CONNECT\",\n network: network.id,\n address: \"100.100.100.106\",\n});\nconst defaultGlobalForwardingRule = new gcp.compute.GlobalForwardingRule(\"default\", {\n project: network.project,\n name: \"globalrule\",\n target: \"all-apis\",\n network: network.id,\n ipAddress: _default.id,\n loadBalancingScheme: \"\",\n noAutomateDnsZone: false,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork = gcp.compute.Network(\"network\",\n project=\"my-project-name\",\n name=\"my-network\",\n auto_create_subnetworks=False)\nvpc_subnetwork = gcp.compute.Subnetwork(\"vpc_subnetwork\",\n project=network.project,\n name=\"my-subnetwork\",\n ip_cidr_range=\"10.2.0.0/16\",\n region=\"us-central1\",\n network=network.id,\n private_ip_google_access=True)\ndefault = gcp.compute.GlobalAddress(\"default\",\n project=network.project,\n name=\"global-psconnect-ip\",\n address_type=\"INTERNAL\",\n purpose=\"PRIVATE_SERVICE_CONNECT\",\n network=network.id,\n address=\"100.100.100.106\")\ndefault_global_forwarding_rule = gcp.compute.GlobalForwardingRule(\"default\",\n project=network.project,\n name=\"globalrule\",\n target=\"all-apis\",\n network=network.id,\n ip_address=default.id,\n load_balancing_scheme=\"\",\n no_automate_dns_zone=False)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Project = \"my-project-name\",\n Name = \"my-network\",\n AutoCreateSubnetworks = false,\n });\n\n var vpcSubnetwork = new Gcp.Compute.Subnetwork(\"vpc_subnetwork\", new()\n {\n Project = network.Project,\n Name = \"my-subnetwork\",\n IpCidrRange = \"10.2.0.0/16\",\n Region = \"us-central1\",\n Network = network.Id,\n PrivateIpGoogleAccess = true,\n });\n\n var @default = new Gcp.Compute.GlobalAddress(\"default\", new()\n {\n Project = network.Project,\n Name = \"global-psconnect-ip\",\n AddressType = \"INTERNAL\",\n Purpose = \"PRIVATE_SERVICE_CONNECT\",\n Network = network.Id,\n Address = \"100.100.100.106\",\n });\n\n var defaultGlobalForwardingRule = new Gcp.Compute.GlobalForwardingRule(\"default\", new()\n {\n Project = network.Project,\n Name = \"globalrule\",\n Target = \"all-apis\",\n Network = network.Id,\n IpAddress = @default.Id,\n LoadBalancingScheme = \"\",\n NoAutomateDnsZone = false,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetwork(ctx, \"vpc_subnetwork\", \u0026compute.SubnetworkArgs{\n\t\t\tProject: network.Project,\n\t\t\tName: pulumi.String(\"my-subnetwork\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.2.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: network.ID(),\n\t\t\tPrivateIpGoogleAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewGlobalAddress(ctx, \"default\", \u0026compute.GlobalAddressArgs{\n\t\t\tProject: network.Project,\n\t\t\tName: pulumi.String(\"global-psconnect-ip\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"PRIVATE_SERVICE_CONNECT\"),\n\t\t\tNetwork: network.ID(),\n\t\t\tAddress: pulumi.String(\"100.100.100.106\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewGlobalForwardingRule(ctx, \"default\", \u0026compute.GlobalForwardingRuleArgs{\n\t\t\tProject: network.Project,\n\t\t\tName: pulumi.String(\"globalrule\"),\n\t\t\tTarget: pulumi.String(\"all-apis\"),\n\t\t\tNetwork: network.ID(),\n\t\t\tIpAddress: _default.ID(),\n\t\t\tLoadBalancingScheme: pulumi.String(\"\"),\n\t\t\tNoAutomateDnsZone: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.compute.GlobalForwardingRule;\nimport com.pulumi.gcp.compute.GlobalForwardingRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network = new Network(\"network\", NetworkArgs.builder()\n .project(\"my-project-name\")\n .name(\"my-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var vpcSubnetwork = new Subnetwork(\"vpcSubnetwork\", SubnetworkArgs.builder()\n .project(network.project())\n .name(\"my-subnetwork\")\n .ipCidrRange(\"10.2.0.0/16\")\n .region(\"us-central1\")\n .network(network.id())\n .privateIpGoogleAccess(true)\n .build());\n\n var default_ = new GlobalAddress(\"default\", GlobalAddressArgs.builder()\n .project(network.project())\n .name(\"global-psconnect-ip\")\n .addressType(\"INTERNAL\")\n .purpose(\"PRIVATE_SERVICE_CONNECT\")\n .network(network.id())\n .address(\"100.100.100.106\")\n .build());\n\n var defaultGlobalForwardingRule = new GlobalForwardingRule(\"defaultGlobalForwardingRule\", GlobalForwardingRuleArgs.builder()\n .project(network.project())\n .name(\"globalrule\")\n .target(\"all-apis\")\n .network(network.id())\n .ipAddress(default_.id())\n .loadBalancingScheme(\"\")\n .noAutomateDnsZone(false)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n network:\n type: gcp:compute:Network\n properties:\n project: my-project-name\n name: my-network\n autoCreateSubnetworks: false\n vpcSubnetwork:\n type: gcp:compute:Subnetwork\n name: vpc_subnetwork\n properties:\n project: ${network.project}\n name: my-subnetwork\n ipCidrRange: 10.2.0.0/16\n region: us-central1\n network: ${network.id}\n privateIpGoogleAccess: true\n default:\n type: gcp:compute:GlobalAddress\n properties:\n project: ${network.project}\n name: global-psconnect-ip\n addressType: INTERNAL\n purpose: PRIVATE_SERVICE_CONNECT\n network: ${network.id}\n address: 100.100.100.106\n defaultGlobalForwardingRule:\n type: gcp:compute:GlobalForwardingRule\n name: default\n properties:\n project: ${network.project}\n name: globalrule\n target: all-apis\n network: ${network.id}\n ipAddress: ${default.id}\n loadBalancingScheme:\n noAutomateDnsZone: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGlobalForwardingRule can be imported using any of these accepted formats:\n\n* `projects/{{project}}/global/forwardingRules/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, GlobalForwardingRule can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/globalForwardingRule:GlobalForwardingRule default projects/{{project}}/global/forwardingRules/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/globalForwardingRule:GlobalForwardingRule default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/globalForwardingRule:GlobalForwardingRule default {{name}}\n```\n\n", + "description": "Represents a GlobalForwardingRule resource. Global forwarding rules are\nused to forward traffic to the correct load balancer for HTTP load\nbalancing. Global forwarding rules can only be used for HTTP load\nbalancing.\n\nFor more information, see https://cloud.google.com/compute/docs/load-balancing/http/\n\n\n\n## Example Usage\n\n### Global Forwarding Rule Http\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultHttpHealthCheck = new gcp.compute.HttpHealthCheck(\"default\", {\n name: \"check-backend\",\n requestPath: \"/\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n});\nconst defaultBackendService = new gcp.compute.BackendService(\"default\", {\n name: \"backend\",\n portName: \"http\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n healthChecks: defaultHttpHealthCheck.id,\n});\nconst defaultURLMap = new gcp.compute.URLMap(\"default\", {\n name: \"url-map-target-proxy\",\n description: \"a description\",\n defaultService: defaultBackendService.id,\n hostRules: [{\n hosts: [\"mysite.com\"],\n pathMatcher: \"allpaths\",\n }],\n pathMatchers: [{\n name: \"allpaths\",\n defaultService: defaultBackendService.id,\n pathRules: [{\n paths: [\"/*\"],\n service: defaultBackendService.id,\n }],\n }],\n});\nconst defaultTargetHttpProxy = new gcp.compute.TargetHttpProxy(\"default\", {\n name: \"target-proxy\",\n description: \"a description\",\n urlMap: defaultURLMap.id,\n});\nconst _default = new gcp.compute.GlobalForwardingRule(\"default\", {\n name: \"global-rule\",\n target: defaultTargetHttpProxy.id,\n portRange: \"80\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_http_health_check = gcp.compute.HttpHealthCheck(\"default\",\n name=\"check-backend\",\n request_path=\"/\",\n check_interval_sec=1,\n timeout_sec=1)\ndefault_backend_service = gcp.compute.BackendService(\"default\",\n name=\"backend\",\n port_name=\"http\",\n protocol=\"HTTP\",\n timeout_sec=10,\n health_checks=default_http_health_check.id)\ndefault_url_map = gcp.compute.URLMap(\"default\",\n name=\"url-map-target-proxy\",\n description=\"a description\",\n default_service=default_backend_service.id,\n host_rules=[{\n \"hosts\": [\"mysite.com\"],\n \"path_matcher\": \"allpaths\",\n }],\n path_matchers=[{\n \"name\": \"allpaths\",\n \"default_service\": default_backend_service.id,\n \"path_rules\": [{\n \"paths\": [\"/*\"],\n \"service\": default_backend_service.id,\n }],\n }])\ndefault_target_http_proxy = gcp.compute.TargetHttpProxy(\"default\",\n name=\"target-proxy\",\n description=\"a description\",\n url_map=default_url_map.id)\ndefault = gcp.compute.GlobalForwardingRule(\"default\",\n name=\"global-rule\",\n target=default_target_http_proxy.id,\n port_range=\"80\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultHttpHealthCheck = new Gcp.Compute.HttpHealthCheck(\"default\", new()\n {\n Name = \"check-backend\",\n RequestPath = \"/\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n });\n\n var defaultBackendService = new Gcp.Compute.BackendService(\"default\", new()\n {\n Name = \"backend\",\n PortName = \"http\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n HealthChecks = defaultHttpHealthCheck.Id,\n });\n\n var defaultURLMap = new Gcp.Compute.URLMap(\"default\", new()\n {\n Name = \"url-map-target-proxy\",\n Description = \"a description\",\n DefaultService = defaultBackendService.Id,\n HostRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapHostRuleArgs\n {\n Hosts = new[]\n {\n \"mysite.com\",\n },\n PathMatcher = \"allpaths\",\n },\n },\n PathMatchers = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherArgs\n {\n Name = \"allpaths\",\n DefaultService = defaultBackendService.Id,\n PathRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs\n {\n Paths = new[]\n {\n \"/*\",\n },\n Service = defaultBackendService.Id,\n },\n },\n },\n },\n });\n\n var defaultTargetHttpProxy = new Gcp.Compute.TargetHttpProxy(\"default\", new()\n {\n Name = \"target-proxy\",\n Description = \"a description\",\n UrlMap = defaultURLMap.Id,\n });\n\n var @default = new Gcp.Compute.GlobalForwardingRule(\"default\", new()\n {\n Name = \"global-rule\",\n Target = defaultTargetHttpProxy.Id,\n PortRange = \"80\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultHttpHealthCheck, err := compute.NewHttpHealthCheck(ctx, \"default\", \u0026compute.HttpHealthCheckArgs{\n\t\t\tName: pulumi.String(\"check-backend\"),\n\t\t\tRequestPath: pulumi.String(\"/\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultBackendService, err := compute.NewBackendService(ctx, \"default\", \u0026compute.BackendServiceArgs{\n\t\t\tName: pulumi.String(\"backend\"),\n\t\t\tPortName: pulumi.String(\"http\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tHealthChecks: defaultHttpHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultURLMap, err := compute.NewURLMap(ctx, \"default\", \u0026compute.URLMapArgs{\n\t\t\tName: pulumi.String(\"url-map-target-proxy\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\tHostRules: compute.URLMapHostRuleArray{\n\t\t\t\t\u0026compute.URLMapHostRuleArgs{\n\t\t\t\t\tHosts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"mysite.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tPathMatcher: pulumi.String(\"allpaths\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPathMatchers: compute.URLMapPathMatcherArray{\n\t\t\t\t\u0026compute.URLMapPathMatcherArgs{\n\t\t\t\t\tName: pulumi.String(\"allpaths\"),\n\t\t\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\t\t\tPathRules: compute.URLMapPathMatcherPathRuleArray{\n\t\t\t\t\t\t\u0026compute.URLMapPathMatcherPathRuleArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"/*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tService: defaultBackendService.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTargetHttpProxy, err := compute.NewTargetHttpProxy(ctx, \"default\", \u0026compute.TargetHttpProxyArgs{\n\t\t\tName: pulumi.String(\"target-proxy\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tUrlMap: defaultURLMap.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewGlobalForwardingRule(ctx, \"default\", \u0026compute.GlobalForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"global-rule\"),\n\t\t\tTarget: defaultTargetHttpProxy.ID(),\n\t\t\tPortRange: pulumi.String(\"80\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.HttpHealthCheck;\nimport com.pulumi.gcp.compute.HttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.BackendService;\nimport com.pulumi.gcp.compute.BackendServiceArgs;\nimport com.pulumi.gcp.compute.URLMap;\nimport com.pulumi.gcp.compute.URLMapArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;\nimport com.pulumi.gcp.compute.TargetHttpProxy;\nimport com.pulumi.gcp.compute.TargetHttpProxyArgs;\nimport com.pulumi.gcp.compute.GlobalForwardingRule;\nimport com.pulumi.gcp.compute.GlobalForwardingRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultHttpHealthCheck = new HttpHealthCheck(\"defaultHttpHealthCheck\", HttpHealthCheckArgs.builder()\n .name(\"check-backend\")\n .requestPath(\"/\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .build());\n\n var defaultBackendService = new BackendService(\"defaultBackendService\", BackendServiceArgs.builder()\n .name(\"backend\")\n .portName(\"http\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .healthChecks(defaultHttpHealthCheck.id())\n .build());\n\n var defaultURLMap = new URLMap(\"defaultURLMap\", URLMapArgs.builder()\n .name(\"url-map-target-proxy\")\n .description(\"a description\")\n .defaultService(defaultBackendService.id())\n .hostRules(URLMapHostRuleArgs.builder()\n .hosts(\"mysite.com\")\n .pathMatcher(\"allpaths\")\n .build())\n .pathMatchers(URLMapPathMatcherArgs.builder()\n .name(\"allpaths\")\n .defaultService(defaultBackendService.id())\n .pathRules(URLMapPathMatcherPathRuleArgs.builder()\n .paths(\"/*\")\n .service(defaultBackendService.id())\n .build())\n .build())\n .build());\n\n var defaultTargetHttpProxy = new TargetHttpProxy(\"defaultTargetHttpProxy\", TargetHttpProxyArgs.builder()\n .name(\"target-proxy\")\n .description(\"a description\")\n .urlMap(defaultURLMap.id())\n .build());\n\n var default_ = new GlobalForwardingRule(\"default\", GlobalForwardingRuleArgs.builder()\n .name(\"global-rule\")\n .target(defaultTargetHttpProxy.id())\n .portRange(\"80\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:GlobalForwardingRule\n properties:\n name: global-rule\n target: ${defaultTargetHttpProxy.id}\n portRange: '80'\n defaultTargetHttpProxy:\n type: gcp:compute:TargetHttpProxy\n name: default\n properties:\n name: target-proxy\n description: a description\n urlMap: ${defaultURLMap.id}\n defaultURLMap:\n type: gcp:compute:URLMap\n name: default\n properties:\n name: url-map-target-proxy\n description: a description\n defaultService: ${defaultBackendService.id}\n hostRules:\n - hosts:\n - mysite.com\n pathMatcher: allpaths\n pathMatchers:\n - name: allpaths\n defaultService: ${defaultBackendService.id}\n pathRules:\n - paths:\n - /*\n service: ${defaultBackendService.id}\n defaultBackendService:\n type: gcp:compute:BackendService\n name: default\n properties:\n name: backend\n portName: http\n protocol: HTTP\n timeoutSec: 10\n healthChecks: ${defaultHttpHealthCheck.id}\n defaultHttpHealthCheck:\n type: gcp:compute:HttpHealthCheck\n name: default\n properties:\n name: check-backend\n requestPath: /\n checkIntervalSec: 1\n timeoutSec: 1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Global Forwarding Rule Internal\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst debianImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst instanceTemplate = new gcp.compute.InstanceTemplate(\"instance_template\", {\n name: \"template-backend\",\n machineType: \"e2-medium\",\n networkInterfaces: [{\n network: \"default\",\n }],\n disks: [{\n sourceImage: debianImage.then(debianImage =\u003e debianImage.selfLink),\n autoDelete: true,\n boot: true,\n }],\n});\nconst igm = new gcp.compute.InstanceGroupManager(\"igm\", {\n name: \"igm-internal\",\n versions: [{\n instanceTemplate: instanceTemplate.id,\n name: \"primary\",\n }],\n baseInstanceName: \"internal-glb\",\n zone: \"us-central1-f\",\n targetSize: 1,\n});\nconst defaultHealthCheck = new gcp.compute.HealthCheck(\"default\", {\n name: \"check-backend\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst defaultBackendService = new gcp.compute.BackendService(\"default\", {\n name: \"backend\",\n portName: \"http\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n loadBalancingScheme: \"INTERNAL_SELF_MANAGED\",\n backends: [{\n group: igm.instanceGroup,\n balancingMode: \"RATE\",\n capacityScaler: 0.4,\n maxRatePerInstance: 50,\n }],\n healthChecks: defaultHealthCheck.id,\n});\nconst defaultURLMap = new gcp.compute.URLMap(\"default\", {\n name: \"url-map-target-proxy\",\n description: \"a description\",\n defaultService: defaultBackendService.id,\n hostRules: [{\n hosts: [\"mysite.com\"],\n pathMatcher: \"allpaths\",\n }],\n pathMatchers: [{\n name: \"allpaths\",\n defaultService: defaultBackendService.id,\n pathRules: [{\n paths: [\"/*\"],\n service: defaultBackendService.id,\n }],\n }],\n});\nconst defaultTargetHttpProxy = new gcp.compute.TargetHttpProxy(\"default\", {\n name: \"target-proxy\",\n description: \"a description\",\n urlMap: defaultURLMap.id,\n});\nconst _default = new gcp.compute.GlobalForwardingRule(\"default\", {\n name: \"global-rule\",\n target: defaultTargetHttpProxy.id,\n portRange: \"80\",\n loadBalancingScheme: \"INTERNAL_SELF_MANAGED\",\n ipAddress: \"0.0.0.0\",\n metadataFilters: [{\n filterMatchCriteria: \"MATCH_ANY\",\n filterLabels: [{\n name: \"PLANET\",\n value: \"MARS\",\n }],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndebian_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\ninstance_template = gcp.compute.InstanceTemplate(\"instance_template\",\n name=\"template-backend\",\n machine_type=\"e2-medium\",\n network_interfaces=[{\n \"network\": \"default\",\n }],\n disks=[{\n \"source_image\": debian_image.self_link,\n \"auto_delete\": True,\n \"boot\": True,\n }])\nigm = gcp.compute.InstanceGroupManager(\"igm\",\n name=\"igm-internal\",\n versions=[{\n \"instance_template\": instance_template.id,\n \"name\": \"primary\",\n }],\n base_instance_name=\"internal-glb\",\n zone=\"us-central1-f\",\n target_size=1)\ndefault_health_check = gcp.compute.HealthCheck(\"default\",\n name=\"check-backend\",\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\ndefault_backend_service = gcp.compute.BackendService(\"default\",\n name=\"backend\",\n port_name=\"http\",\n protocol=\"HTTP\",\n timeout_sec=10,\n load_balancing_scheme=\"INTERNAL_SELF_MANAGED\",\n backends=[{\n \"group\": igm.instance_group,\n \"balancing_mode\": \"RATE\",\n \"capacity_scaler\": 0.4,\n \"max_rate_per_instance\": 50,\n }],\n health_checks=default_health_check.id)\ndefault_url_map = gcp.compute.URLMap(\"default\",\n name=\"url-map-target-proxy\",\n description=\"a description\",\n default_service=default_backend_service.id,\n host_rules=[{\n \"hosts\": [\"mysite.com\"],\n \"path_matcher\": \"allpaths\",\n }],\n path_matchers=[{\n \"name\": \"allpaths\",\n \"default_service\": default_backend_service.id,\n \"path_rules\": [{\n \"paths\": [\"/*\"],\n \"service\": default_backend_service.id,\n }],\n }])\ndefault_target_http_proxy = gcp.compute.TargetHttpProxy(\"default\",\n name=\"target-proxy\",\n description=\"a description\",\n url_map=default_url_map.id)\ndefault = gcp.compute.GlobalForwardingRule(\"default\",\n name=\"global-rule\",\n target=default_target_http_proxy.id,\n port_range=\"80\",\n load_balancing_scheme=\"INTERNAL_SELF_MANAGED\",\n ip_address=\"0.0.0.0\",\n metadata_filters=[{\n \"filter_match_criteria\": \"MATCH_ANY\",\n \"filter_labels\": [{\n \"name\": \"PLANET\",\n \"value\": \"MARS\",\n }],\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var debianImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var instanceTemplate = new Gcp.Compute.InstanceTemplate(\"instance_template\", new()\n {\n Name = \"template-backend\",\n MachineType = \"e2-medium\",\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs\n {\n Network = \"default\",\n },\n },\n Disks = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateDiskArgs\n {\n SourceImage = debianImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n AutoDelete = true,\n Boot = true,\n },\n },\n });\n\n var igm = new Gcp.Compute.InstanceGroupManager(\"igm\", new()\n {\n Name = \"igm-internal\",\n Versions = new[]\n {\n new Gcp.Compute.Inputs.InstanceGroupManagerVersionArgs\n {\n InstanceTemplate = instanceTemplate.Id,\n Name = \"primary\",\n },\n },\n BaseInstanceName = \"internal-glb\",\n Zone = \"us-central1-f\",\n TargetSize = 1,\n });\n\n var defaultHealthCheck = new Gcp.Compute.HealthCheck(\"default\", new()\n {\n Name = \"check-backend\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var defaultBackendService = new Gcp.Compute.BackendService(\"default\", new()\n {\n Name = \"backend\",\n PortName = \"http\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n LoadBalancingScheme = \"INTERNAL_SELF_MANAGED\",\n Backends = new[]\n {\n new Gcp.Compute.Inputs.BackendServiceBackendArgs\n {\n Group = igm.InstanceGroup,\n BalancingMode = \"RATE\",\n CapacityScaler = 0.4,\n MaxRatePerInstance = 50,\n },\n },\n HealthChecks = defaultHealthCheck.Id,\n });\n\n var defaultURLMap = new Gcp.Compute.URLMap(\"default\", new()\n {\n Name = \"url-map-target-proxy\",\n Description = \"a description\",\n DefaultService = defaultBackendService.Id,\n HostRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapHostRuleArgs\n {\n Hosts = new[]\n {\n \"mysite.com\",\n },\n PathMatcher = \"allpaths\",\n },\n },\n PathMatchers = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherArgs\n {\n Name = \"allpaths\",\n DefaultService = defaultBackendService.Id,\n PathRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs\n {\n Paths = new[]\n {\n \"/*\",\n },\n Service = defaultBackendService.Id,\n },\n },\n },\n },\n });\n\n var defaultTargetHttpProxy = new Gcp.Compute.TargetHttpProxy(\"default\", new()\n {\n Name = \"target-proxy\",\n Description = \"a description\",\n UrlMap = defaultURLMap.Id,\n });\n\n var @default = new Gcp.Compute.GlobalForwardingRule(\"default\", new()\n {\n Name = \"global-rule\",\n Target = defaultTargetHttpProxy.Id,\n PortRange = \"80\",\n LoadBalancingScheme = \"INTERNAL_SELF_MANAGED\",\n IpAddress = \"0.0.0.0\",\n MetadataFilters = new[]\n {\n new Gcp.Compute.Inputs.GlobalForwardingRuleMetadataFilterArgs\n {\n FilterMatchCriteria = \"MATCH_ANY\",\n FilterLabels = new[]\n {\n new Gcp.Compute.Inputs.GlobalForwardingRuleMetadataFilterFilterLabelArgs\n {\n Name = \"PLANET\",\n Value = \"MARS\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdebianImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstanceTemplate, err := compute.NewInstanceTemplate(ctx, \"instance_template\", \u0026compute.InstanceTemplateArgs{\n\t\t\tName: pulumi.String(\"template-backend\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tNetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceTemplateNetworkInterfaceArgs{\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDisks: compute.InstanceTemplateDiskArray{\n\t\t\t\t\u0026compute.InstanceTemplateDiskArgs{\n\t\t\t\t\tSourceImage: pulumi.String(debianImage.SelfLink),\n\t\t\t\t\tAutoDelete: pulumi.Bool(true),\n\t\t\t\t\tBoot: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tigm, err := compute.NewInstanceGroupManager(ctx, \"igm\", \u0026compute.InstanceGroupManagerArgs{\n\t\t\tName: pulumi.String(\"igm-internal\"),\n\t\t\tVersions: compute.InstanceGroupManagerVersionArray{\n\t\t\t\t\u0026compute.InstanceGroupManagerVersionArgs{\n\t\t\t\t\tInstanceTemplate: instanceTemplate.ID(),\n\t\t\t\t\tName: pulumi.String(\"primary\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tBaseInstanceName: pulumi.String(\"internal-glb\"),\n\t\t\tZone: pulumi.String(\"us-central1-f\"),\n\t\t\tTargetSize: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultHealthCheck, err := compute.NewHealthCheck(ctx, \"default\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"check-backend\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultBackendService, err := compute.NewBackendService(ctx, \"default\", \u0026compute.BackendServiceArgs{\n\t\t\tName: pulumi.String(\"backend\"),\n\t\t\tPortName: pulumi.String(\"http\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_SELF_MANAGED\"),\n\t\t\tBackends: compute.BackendServiceBackendArray{\n\t\t\t\t\u0026compute.BackendServiceBackendArgs{\n\t\t\t\t\tGroup: igm.InstanceGroup,\n\t\t\t\t\tBalancingMode: pulumi.String(\"RATE\"),\n\t\t\t\t\tCapacityScaler: pulumi.Float64(0.4),\n\t\t\t\t\tMaxRatePerInstance: pulumi.Float64(50),\n\t\t\t\t},\n\t\t\t},\n\t\t\tHealthChecks: defaultHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultURLMap, err := compute.NewURLMap(ctx, \"default\", \u0026compute.URLMapArgs{\n\t\t\tName: pulumi.String(\"url-map-target-proxy\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\tHostRules: compute.URLMapHostRuleArray{\n\t\t\t\t\u0026compute.URLMapHostRuleArgs{\n\t\t\t\t\tHosts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"mysite.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tPathMatcher: pulumi.String(\"allpaths\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPathMatchers: compute.URLMapPathMatcherArray{\n\t\t\t\t\u0026compute.URLMapPathMatcherArgs{\n\t\t\t\t\tName: pulumi.String(\"allpaths\"),\n\t\t\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\t\t\tPathRules: compute.URLMapPathMatcherPathRuleArray{\n\t\t\t\t\t\t\u0026compute.URLMapPathMatcherPathRuleArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"/*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tService: defaultBackendService.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTargetHttpProxy, err := compute.NewTargetHttpProxy(ctx, \"default\", \u0026compute.TargetHttpProxyArgs{\n\t\t\tName: pulumi.String(\"target-proxy\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tUrlMap: defaultURLMap.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewGlobalForwardingRule(ctx, \"default\", \u0026compute.GlobalForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"global-rule\"),\n\t\t\tTarget: defaultTargetHttpProxy.ID(),\n\t\t\tPortRange: pulumi.String(\"80\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_SELF_MANAGED\"),\n\t\t\tIpAddress: pulumi.String(\"0.0.0.0\"),\n\t\t\tMetadataFilters: compute.GlobalForwardingRuleMetadataFilterArray{\n\t\t\t\t\u0026compute.GlobalForwardingRuleMetadataFilterArgs{\n\t\t\t\t\tFilterMatchCriteria: pulumi.String(\"MATCH_ANY\"),\n\t\t\t\t\tFilterLabels: compute.GlobalForwardingRuleMetadataFilterFilterLabelArray{\n\t\t\t\t\t\t\u0026compute.GlobalForwardingRuleMetadataFilterFilterLabelArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"PLANET\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"MARS\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.InstanceTemplate;\nimport com.pulumi.gcp.compute.InstanceTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;\nimport com.pulumi.gcp.compute.InstanceGroupManager;\nimport com.pulumi.gcp.compute.InstanceGroupManagerArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceGroupManagerVersionArgs;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.BackendService;\nimport com.pulumi.gcp.compute.BackendServiceArgs;\nimport com.pulumi.gcp.compute.inputs.BackendServiceBackendArgs;\nimport com.pulumi.gcp.compute.URLMap;\nimport com.pulumi.gcp.compute.URLMapArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;\nimport com.pulumi.gcp.compute.TargetHttpProxy;\nimport com.pulumi.gcp.compute.TargetHttpProxyArgs;\nimport com.pulumi.gcp.compute.GlobalForwardingRule;\nimport com.pulumi.gcp.compute.GlobalForwardingRuleArgs;\nimport com.pulumi.gcp.compute.inputs.GlobalForwardingRuleMetadataFilterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var debianImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var instanceTemplate = new InstanceTemplate(\"instanceTemplate\", InstanceTemplateArgs.builder()\n .name(\"template-backend\")\n .machineType(\"e2-medium\")\n .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()\n .network(\"default\")\n .build())\n .disks(InstanceTemplateDiskArgs.builder()\n .sourceImage(debianImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .autoDelete(true)\n .boot(true)\n .build())\n .build());\n\n var igm = new InstanceGroupManager(\"igm\", InstanceGroupManagerArgs.builder()\n .name(\"igm-internal\")\n .versions(InstanceGroupManagerVersionArgs.builder()\n .instanceTemplate(instanceTemplate.id())\n .name(\"primary\")\n .build())\n .baseInstanceName(\"internal-glb\")\n .zone(\"us-central1-f\")\n .targetSize(1)\n .build());\n\n var defaultHealthCheck = new HealthCheck(\"defaultHealthCheck\", HealthCheckArgs.builder()\n .name(\"check-backend\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n var defaultBackendService = new BackendService(\"defaultBackendService\", BackendServiceArgs.builder()\n .name(\"backend\")\n .portName(\"http\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .loadBalancingScheme(\"INTERNAL_SELF_MANAGED\")\n .backends(BackendServiceBackendArgs.builder()\n .group(igm.instanceGroup())\n .balancingMode(\"RATE\")\n .capacityScaler(0.4)\n .maxRatePerInstance(50)\n .build())\n .healthChecks(defaultHealthCheck.id())\n .build());\n\n var defaultURLMap = new URLMap(\"defaultURLMap\", URLMapArgs.builder()\n .name(\"url-map-target-proxy\")\n .description(\"a description\")\n .defaultService(defaultBackendService.id())\n .hostRules(URLMapHostRuleArgs.builder()\n .hosts(\"mysite.com\")\n .pathMatcher(\"allpaths\")\n .build())\n .pathMatchers(URLMapPathMatcherArgs.builder()\n .name(\"allpaths\")\n .defaultService(defaultBackendService.id())\n .pathRules(URLMapPathMatcherPathRuleArgs.builder()\n .paths(\"/*\")\n .service(defaultBackendService.id())\n .build())\n .build())\n .build());\n\n var defaultTargetHttpProxy = new TargetHttpProxy(\"defaultTargetHttpProxy\", TargetHttpProxyArgs.builder()\n .name(\"target-proxy\")\n .description(\"a description\")\n .urlMap(defaultURLMap.id())\n .build());\n\n var default_ = new GlobalForwardingRule(\"default\", GlobalForwardingRuleArgs.builder()\n .name(\"global-rule\")\n .target(defaultTargetHttpProxy.id())\n .portRange(\"80\")\n .loadBalancingScheme(\"INTERNAL_SELF_MANAGED\")\n .ipAddress(\"0.0.0.0\")\n .metadataFilters(GlobalForwardingRuleMetadataFilterArgs.builder()\n .filterMatchCriteria(\"MATCH_ANY\")\n .filterLabels(GlobalForwardingRuleMetadataFilterFilterLabelArgs.builder()\n .name(\"PLANET\")\n .value(\"MARS\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:GlobalForwardingRule\n properties:\n name: global-rule\n target: ${defaultTargetHttpProxy.id}\n portRange: '80'\n loadBalancingScheme: INTERNAL_SELF_MANAGED\n ipAddress: 0.0.0.0\n metadataFilters:\n - filterMatchCriteria: MATCH_ANY\n filterLabels:\n - name: PLANET\n value: MARS\n defaultTargetHttpProxy:\n type: gcp:compute:TargetHttpProxy\n name: default\n properties:\n name: target-proxy\n description: a description\n urlMap: ${defaultURLMap.id}\n defaultURLMap:\n type: gcp:compute:URLMap\n name: default\n properties:\n name: url-map-target-proxy\n description: a description\n defaultService: ${defaultBackendService.id}\n hostRules:\n - hosts:\n - mysite.com\n pathMatcher: allpaths\n pathMatchers:\n - name: allpaths\n defaultService: ${defaultBackendService.id}\n pathRules:\n - paths:\n - /*\n service: ${defaultBackendService.id}\n defaultBackendService:\n type: gcp:compute:BackendService\n name: default\n properties:\n name: backend\n portName: http\n protocol: HTTP\n timeoutSec: 10\n loadBalancingScheme: INTERNAL_SELF_MANAGED\n backends:\n - group: ${igm.instanceGroup}\n balancingMode: RATE\n capacityScaler: 0.4\n maxRatePerInstance: 50\n healthChecks: ${defaultHealthCheck.id}\n igm:\n type: gcp:compute:InstanceGroupManager\n properties:\n name: igm-internal\n versions:\n - instanceTemplate: ${instanceTemplate.id}\n name: primary\n baseInstanceName: internal-glb\n zone: us-central1-f\n targetSize: 1\n instanceTemplate:\n type: gcp:compute:InstanceTemplate\n name: instance_template\n properties:\n name: template-backend\n machineType: e2-medium\n networkInterfaces:\n - network: default\n disks:\n - sourceImage: ${debianImage.selfLink}\n autoDelete: true\n boot: true\n defaultHealthCheck:\n type: gcp:compute:HealthCheck\n name: default\n properties:\n name: check-backend\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\nvariables:\n debianImage:\n fn::invoke:\n function: gcp:compute:getImage\n arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Global Forwarding Rule External Managed\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultBackendService = new gcp.compute.BackendService(\"default\", {\n name: \"backend\",\n portName: \"http\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n loadBalancingScheme: \"EXTERNAL_MANAGED\",\n});\nconst defaultURLMap = new gcp.compute.URLMap(\"default\", {\n name: \"url-map-target-proxy\",\n description: \"a description\",\n defaultService: defaultBackendService.id,\n hostRules: [{\n hosts: [\"mysite.com\"],\n pathMatcher: \"allpaths\",\n }],\n pathMatchers: [{\n name: \"allpaths\",\n defaultService: defaultBackendService.id,\n pathRules: [{\n paths: [\"/*\"],\n service: defaultBackendService.id,\n }],\n }],\n});\nconst defaultTargetHttpProxy = new gcp.compute.TargetHttpProxy(\"default\", {\n name: \"target-proxy\",\n description: \"a description\",\n urlMap: defaultURLMap.id,\n});\nconst _default = new gcp.compute.GlobalForwardingRule(\"default\", {\n name: \"global-rule\",\n target: defaultTargetHttpProxy.id,\n portRange: \"80\",\n loadBalancingScheme: \"EXTERNAL_MANAGED\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_backend_service = gcp.compute.BackendService(\"default\",\n name=\"backend\",\n port_name=\"http\",\n protocol=\"HTTP\",\n timeout_sec=10,\n load_balancing_scheme=\"EXTERNAL_MANAGED\")\ndefault_url_map = gcp.compute.URLMap(\"default\",\n name=\"url-map-target-proxy\",\n description=\"a description\",\n default_service=default_backend_service.id,\n host_rules=[{\n \"hosts\": [\"mysite.com\"],\n \"path_matcher\": \"allpaths\",\n }],\n path_matchers=[{\n \"name\": \"allpaths\",\n \"default_service\": default_backend_service.id,\n \"path_rules\": [{\n \"paths\": [\"/*\"],\n \"service\": default_backend_service.id,\n }],\n }])\ndefault_target_http_proxy = gcp.compute.TargetHttpProxy(\"default\",\n name=\"target-proxy\",\n description=\"a description\",\n url_map=default_url_map.id)\ndefault = gcp.compute.GlobalForwardingRule(\"default\",\n name=\"global-rule\",\n target=default_target_http_proxy.id,\n port_range=\"80\",\n load_balancing_scheme=\"EXTERNAL_MANAGED\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultBackendService = new Gcp.Compute.BackendService(\"default\", new()\n {\n Name = \"backend\",\n PortName = \"http\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n LoadBalancingScheme = \"EXTERNAL_MANAGED\",\n });\n\n var defaultURLMap = new Gcp.Compute.URLMap(\"default\", new()\n {\n Name = \"url-map-target-proxy\",\n Description = \"a description\",\n DefaultService = defaultBackendService.Id,\n HostRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapHostRuleArgs\n {\n Hosts = new[]\n {\n \"mysite.com\",\n },\n PathMatcher = \"allpaths\",\n },\n },\n PathMatchers = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherArgs\n {\n Name = \"allpaths\",\n DefaultService = defaultBackendService.Id,\n PathRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs\n {\n Paths = new[]\n {\n \"/*\",\n },\n Service = defaultBackendService.Id,\n },\n },\n },\n },\n });\n\n var defaultTargetHttpProxy = new Gcp.Compute.TargetHttpProxy(\"default\", new()\n {\n Name = \"target-proxy\",\n Description = \"a description\",\n UrlMap = defaultURLMap.Id,\n });\n\n var @default = new Gcp.Compute.GlobalForwardingRule(\"default\", new()\n {\n Name = \"global-rule\",\n Target = defaultTargetHttpProxy.Id,\n PortRange = \"80\",\n LoadBalancingScheme = \"EXTERNAL_MANAGED\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultBackendService, err := compute.NewBackendService(ctx, \"default\", \u0026compute.BackendServiceArgs{\n\t\t\tName: pulumi.String(\"backend\"),\n\t\t\tPortName: pulumi.String(\"http\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL_MANAGED\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultURLMap, err := compute.NewURLMap(ctx, \"default\", \u0026compute.URLMapArgs{\n\t\t\tName: pulumi.String(\"url-map-target-proxy\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\tHostRules: compute.URLMapHostRuleArray{\n\t\t\t\t\u0026compute.URLMapHostRuleArgs{\n\t\t\t\t\tHosts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"mysite.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tPathMatcher: pulumi.String(\"allpaths\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPathMatchers: compute.URLMapPathMatcherArray{\n\t\t\t\t\u0026compute.URLMapPathMatcherArgs{\n\t\t\t\t\tName: pulumi.String(\"allpaths\"),\n\t\t\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\t\t\tPathRules: compute.URLMapPathMatcherPathRuleArray{\n\t\t\t\t\t\t\u0026compute.URLMapPathMatcherPathRuleArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"/*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tService: defaultBackendService.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTargetHttpProxy, err := compute.NewTargetHttpProxy(ctx, \"default\", \u0026compute.TargetHttpProxyArgs{\n\t\t\tName: pulumi.String(\"target-proxy\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tUrlMap: defaultURLMap.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewGlobalForwardingRule(ctx, \"default\", \u0026compute.GlobalForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"global-rule\"),\n\t\t\tTarget: defaultTargetHttpProxy.ID(),\n\t\t\tPortRange: pulumi.String(\"80\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL_MANAGED\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.BackendService;\nimport com.pulumi.gcp.compute.BackendServiceArgs;\nimport com.pulumi.gcp.compute.URLMap;\nimport com.pulumi.gcp.compute.URLMapArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;\nimport com.pulumi.gcp.compute.TargetHttpProxy;\nimport com.pulumi.gcp.compute.TargetHttpProxyArgs;\nimport com.pulumi.gcp.compute.GlobalForwardingRule;\nimport com.pulumi.gcp.compute.GlobalForwardingRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultBackendService = new BackendService(\"defaultBackendService\", BackendServiceArgs.builder()\n .name(\"backend\")\n .portName(\"http\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .loadBalancingScheme(\"EXTERNAL_MANAGED\")\n .build());\n\n var defaultURLMap = new URLMap(\"defaultURLMap\", URLMapArgs.builder()\n .name(\"url-map-target-proxy\")\n .description(\"a description\")\n .defaultService(defaultBackendService.id())\n .hostRules(URLMapHostRuleArgs.builder()\n .hosts(\"mysite.com\")\n .pathMatcher(\"allpaths\")\n .build())\n .pathMatchers(URLMapPathMatcherArgs.builder()\n .name(\"allpaths\")\n .defaultService(defaultBackendService.id())\n .pathRules(URLMapPathMatcherPathRuleArgs.builder()\n .paths(\"/*\")\n .service(defaultBackendService.id())\n .build())\n .build())\n .build());\n\n var defaultTargetHttpProxy = new TargetHttpProxy(\"defaultTargetHttpProxy\", TargetHttpProxyArgs.builder()\n .name(\"target-proxy\")\n .description(\"a description\")\n .urlMap(defaultURLMap.id())\n .build());\n\n var default_ = new GlobalForwardingRule(\"default\", GlobalForwardingRuleArgs.builder()\n .name(\"global-rule\")\n .target(defaultTargetHttpProxy.id())\n .portRange(\"80\")\n .loadBalancingScheme(\"EXTERNAL_MANAGED\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:GlobalForwardingRule\n properties:\n name: global-rule\n target: ${defaultTargetHttpProxy.id}\n portRange: '80'\n loadBalancingScheme: EXTERNAL_MANAGED\n defaultTargetHttpProxy:\n type: gcp:compute:TargetHttpProxy\n name: default\n properties:\n name: target-proxy\n description: a description\n urlMap: ${defaultURLMap.id}\n defaultURLMap:\n type: gcp:compute:URLMap\n name: default\n properties:\n name: url-map-target-proxy\n description: a description\n defaultService: ${defaultBackendService.id}\n hostRules:\n - hosts:\n - mysite.com\n pathMatcher: allpaths\n pathMatchers:\n - name: allpaths\n defaultService: ${defaultBackendService.id}\n pathRules:\n - paths:\n - /*\n service: ${defaultBackendService.id}\n defaultBackendService:\n type: gcp:compute:BackendService\n name: default\n properties:\n name: backend\n portName: http\n protocol: HTTP\n timeoutSec: 10\n loadBalancingScheme: EXTERNAL_MANAGED\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Global Forwarding Rule Hybrid\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst config = new pulumi.Config();\nconst subnetworkCidr = config.get(\"subnetworkCidr\") || \"10.0.0.0/24\";\nconst _default = new gcp.compute.Network(\"default\", {name: \"my-network\"});\nconst internal = new gcp.compute.Network(\"internal\", {\n name: \"my-internal-network\",\n autoCreateSubnetworks: false,\n});\nconst internalSubnetwork = new gcp.compute.Subnetwork(\"internal\", {\n name: \"my-subnetwork\",\n network: internal.id,\n ipCidrRange: subnetworkCidr,\n region: \"us-central1\",\n privateIpGoogleAccess: true,\n});\n// Zonal NEG with GCE_VM_IP_PORT\nconst defaultNetworkEndpointGroup = new gcp.compute.NetworkEndpointGroup(\"default\", {\n name: \"default-neg\",\n network: _default.id,\n defaultPort: 90,\n zone: \"us-central1-a\",\n networkEndpointType: \"GCE_VM_IP_PORT\",\n});\n// Zonal NEG with GCE_VM_IP\nconst internalNetworkEndpointGroup = new gcp.compute.NetworkEndpointGroup(\"internal\", {\n name: \"internal-neg\",\n network: internal.id,\n subnetwork: internalSubnetwork.id,\n zone: \"us-central1-a\",\n networkEndpointType: \"GCE_VM_IP\",\n});\n// Hybrid connectivity NEG\nconst hybrid = new gcp.compute.NetworkEndpointGroup(\"hybrid\", {\n name: \"hybrid-neg\",\n network: _default.id,\n defaultPort: 90,\n zone: \"us-central1-a\",\n networkEndpointType: \"NON_GCP_PRIVATE_IP_PORT\",\n});\nconst hybrid_endpoint = new gcp.compute.NetworkEndpoint(\"hybrid-endpoint\", {\n networkEndpointGroup: hybrid.name,\n port: hybrid.defaultPort,\n ipAddress: \"127.0.0.1\",\n});\nconst defaultHealthCheck = new gcp.compute.HealthCheck(\"default\", {\n name: \"health-check\",\n timeoutSec: 1,\n checkIntervalSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\n// Backend service for Zonal NEG\nconst defaultBackendService = new gcp.compute.BackendService(\"default\", {\n name: \"backend-default\",\n portName: \"http\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n backends: [{\n group: defaultNetworkEndpointGroup.id,\n balancingMode: \"RATE\",\n maxRatePerEndpoint: 10,\n }],\n healthChecks: defaultHealthCheck.id,\n});\n// Backgend service for Hybrid NEG\nconst hybridBackendService = new gcp.compute.BackendService(\"hybrid\", {\n name: \"backend-hybrid\",\n portName: \"http\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n backends: [{\n group: hybrid.id,\n balancingMode: \"RATE\",\n maxRatePerEndpoint: 10,\n }],\n healthChecks: defaultHealthCheck.id,\n});\nconst defaultURLMap = new gcp.compute.URLMap(\"default\", {\n name: \"url-map-target-proxy\",\n description: \"a description\",\n defaultService: defaultBackendService.id,\n hostRules: [{\n hosts: [\"mysite.com\"],\n pathMatcher: \"allpaths\",\n }],\n pathMatchers: [{\n name: \"allpaths\",\n defaultService: defaultBackendService.id,\n pathRules: [\n {\n paths: [\"/*\"],\n service: defaultBackendService.id,\n },\n {\n paths: [\"/hybrid\"],\n service: hybridBackendService.id,\n },\n ],\n }],\n});\nconst defaultTargetHttpProxy = new gcp.compute.TargetHttpProxy(\"default\", {\n name: \"target-proxy\",\n description: \"a description\",\n urlMap: defaultURLMap.id,\n});\nconst defaultGlobalForwardingRule = new gcp.compute.GlobalForwardingRule(\"default\", {\n name: \"global-rule\",\n target: defaultTargetHttpProxy.id,\n portRange: \"80\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nconfig = pulumi.Config()\nsubnetwork_cidr = config.get(\"subnetworkCidr\")\nif subnetwork_cidr is None:\n subnetwork_cidr = \"10.0.0.0/24\"\ndefault = gcp.compute.Network(\"default\", name=\"my-network\")\ninternal = gcp.compute.Network(\"internal\",\n name=\"my-internal-network\",\n auto_create_subnetworks=False)\ninternal_subnetwork = gcp.compute.Subnetwork(\"internal\",\n name=\"my-subnetwork\",\n network=internal.id,\n ip_cidr_range=subnetwork_cidr,\n region=\"us-central1\",\n private_ip_google_access=True)\n# Zonal NEG with GCE_VM_IP_PORT\ndefault_network_endpoint_group = gcp.compute.NetworkEndpointGroup(\"default\",\n name=\"default-neg\",\n network=default.id,\n default_port=90,\n zone=\"us-central1-a\",\n network_endpoint_type=\"GCE_VM_IP_PORT\")\n# Zonal NEG with GCE_VM_IP\ninternal_network_endpoint_group = gcp.compute.NetworkEndpointGroup(\"internal\",\n name=\"internal-neg\",\n network=internal.id,\n subnetwork=internal_subnetwork.id,\n zone=\"us-central1-a\",\n network_endpoint_type=\"GCE_VM_IP\")\n# Hybrid connectivity NEG\nhybrid = gcp.compute.NetworkEndpointGroup(\"hybrid\",\n name=\"hybrid-neg\",\n network=default.id,\n default_port=90,\n zone=\"us-central1-a\",\n network_endpoint_type=\"NON_GCP_PRIVATE_IP_PORT\")\nhybrid_endpoint = gcp.compute.NetworkEndpoint(\"hybrid-endpoint\",\n network_endpoint_group=hybrid.name,\n port=hybrid.default_port,\n ip_address=\"127.0.0.1\")\ndefault_health_check = gcp.compute.HealthCheck(\"default\",\n name=\"health-check\",\n timeout_sec=1,\n check_interval_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\n# Backend service for Zonal NEG\ndefault_backend_service = gcp.compute.BackendService(\"default\",\n name=\"backend-default\",\n port_name=\"http\",\n protocol=\"HTTP\",\n timeout_sec=10,\n backends=[{\n \"group\": default_network_endpoint_group.id,\n \"balancing_mode\": \"RATE\",\n \"max_rate_per_endpoint\": 10,\n }],\n health_checks=default_health_check.id)\n# Backgend service for Hybrid NEG\nhybrid_backend_service = gcp.compute.BackendService(\"hybrid\",\n name=\"backend-hybrid\",\n port_name=\"http\",\n protocol=\"HTTP\",\n timeout_sec=10,\n backends=[{\n \"group\": hybrid.id,\n \"balancing_mode\": \"RATE\",\n \"max_rate_per_endpoint\": 10,\n }],\n health_checks=default_health_check.id)\ndefault_url_map = gcp.compute.URLMap(\"default\",\n name=\"url-map-target-proxy\",\n description=\"a description\",\n default_service=default_backend_service.id,\n host_rules=[{\n \"hosts\": [\"mysite.com\"],\n \"path_matcher\": \"allpaths\",\n }],\n path_matchers=[{\n \"name\": \"allpaths\",\n \"default_service\": default_backend_service.id,\n \"path_rules\": [\n {\n \"paths\": [\"/*\"],\n \"service\": default_backend_service.id,\n },\n {\n \"paths\": [\"/hybrid\"],\n \"service\": hybrid_backend_service.id,\n },\n ],\n }])\ndefault_target_http_proxy = gcp.compute.TargetHttpProxy(\"default\",\n name=\"target-proxy\",\n description=\"a description\",\n url_map=default_url_map.id)\ndefault_global_forwarding_rule = gcp.compute.GlobalForwardingRule(\"default\",\n name=\"global-rule\",\n target=default_target_http_proxy.id,\n port_range=\"80\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var subnetworkCidr = config.Get(\"subnetworkCidr\") ?? \"10.0.0.0/24\";\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"my-network\",\n });\n\n var @internal = new Gcp.Compute.Network(\"internal\", new()\n {\n Name = \"my-internal-network\",\n AutoCreateSubnetworks = false,\n });\n\n var internalSubnetwork = new Gcp.Compute.Subnetwork(\"internal\", new()\n {\n Name = \"my-subnetwork\",\n Network = @internal.Id,\n IpCidrRange = subnetworkCidr,\n Region = \"us-central1\",\n PrivateIpGoogleAccess = true,\n });\n\n // Zonal NEG with GCE_VM_IP_PORT\n var defaultNetworkEndpointGroup = new Gcp.Compute.NetworkEndpointGroup(\"default\", new()\n {\n Name = \"default-neg\",\n Network = @default.Id,\n DefaultPort = 90,\n Zone = \"us-central1-a\",\n NetworkEndpointType = \"GCE_VM_IP_PORT\",\n });\n\n // Zonal NEG with GCE_VM_IP\n var internalNetworkEndpointGroup = new Gcp.Compute.NetworkEndpointGroup(\"internal\", new()\n {\n Name = \"internal-neg\",\n Network = @internal.Id,\n Subnetwork = internalSubnetwork.Id,\n Zone = \"us-central1-a\",\n NetworkEndpointType = \"GCE_VM_IP\",\n });\n\n // Hybrid connectivity NEG\n var hybrid = new Gcp.Compute.NetworkEndpointGroup(\"hybrid\", new()\n {\n Name = \"hybrid-neg\",\n Network = @default.Id,\n DefaultPort = 90,\n Zone = \"us-central1-a\",\n NetworkEndpointType = \"NON_GCP_PRIVATE_IP_PORT\",\n });\n\n var hybrid_endpoint = new Gcp.Compute.NetworkEndpoint(\"hybrid-endpoint\", new()\n {\n NetworkEndpointGroup = hybrid.Name,\n Port = hybrid.DefaultPort,\n IpAddress = \"127.0.0.1\",\n });\n\n var defaultHealthCheck = new Gcp.Compute.HealthCheck(\"default\", new()\n {\n Name = \"health-check\",\n TimeoutSec = 1,\n CheckIntervalSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n // Backend service for Zonal NEG\n var defaultBackendService = new Gcp.Compute.BackendService(\"default\", new()\n {\n Name = \"backend-default\",\n PortName = \"http\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n Backends = new[]\n {\n new Gcp.Compute.Inputs.BackendServiceBackendArgs\n {\n Group = defaultNetworkEndpointGroup.Id,\n BalancingMode = \"RATE\",\n MaxRatePerEndpoint = 10,\n },\n },\n HealthChecks = defaultHealthCheck.Id,\n });\n\n // Backgend service for Hybrid NEG\n var hybridBackendService = new Gcp.Compute.BackendService(\"hybrid\", new()\n {\n Name = \"backend-hybrid\",\n PortName = \"http\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n Backends = new[]\n {\n new Gcp.Compute.Inputs.BackendServiceBackendArgs\n {\n Group = hybrid.Id,\n BalancingMode = \"RATE\",\n MaxRatePerEndpoint = 10,\n },\n },\n HealthChecks = defaultHealthCheck.Id,\n });\n\n var defaultURLMap = new Gcp.Compute.URLMap(\"default\", new()\n {\n Name = \"url-map-target-proxy\",\n Description = \"a description\",\n DefaultService = defaultBackendService.Id,\n HostRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapHostRuleArgs\n {\n Hosts = new[]\n {\n \"mysite.com\",\n },\n PathMatcher = \"allpaths\",\n },\n },\n PathMatchers = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherArgs\n {\n Name = \"allpaths\",\n DefaultService = defaultBackendService.Id,\n PathRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs\n {\n Paths = new[]\n {\n \"/*\",\n },\n Service = defaultBackendService.Id,\n },\n new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs\n {\n Paths = new[]\n {\n \"/hybrid\",\n },\n Service = hybridBackendService.Id,\n },\n },\n },\n },\n });\n\n var defaultTargetHttpProxy = new Gcp.Compute.TargetHttpProxy(\"default\", new()\n {\n Name = \"target-proxy\",\n Description = \"a description\",\n UrlMap = defaultURLMap.Id,\n });\n\n var defaultGlobalForwardingRule = new Gcp.Compute.GlobalForwardingRule(\"default\", new()\n {\n Name = \"global-rule\",\n Target = defaultTargetHttpProxy.Id,\n PortRange = \"80\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tsubnetworkCidr := \"10.0.0.0/24\"\n\t\tif param := cfg.Get(\"subnetworkCidr\"); param != \"\" {\n\t\t\tsubnetworkCidr = param\n\t\t}\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinternal, err := compute.NewNetwork(ctx, \"internal\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"my-internal-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinternalSubnetwork, err := compute.NewSubnetwork(ctx, \"internal\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"my-subnetwork\"),\n\t\t\tNetwork: internal.ID(),\n\t\t\tIpCidrRange: pulumi.String(subnetworkCidr),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tPrivateIpGoogleAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Zonal NEG with GCE_VM_IP_PORT\n\t\tdefaultNetworkEndpointGroup, err := compute.NewNetworkEndpointGroup(ctx, \"default\", \u0026compute.NetworkEndpointGroupArgs{\n\t\t\tName: pulumi.String(\"default-neg\"),\n\t\t\tNetwork: _default.ID(),\n\t\t\tDefaultPort: pulumi.Int(90),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tNetworkEndpointType: pulumi.String(\"GCE_VM_IP_PORT\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Zonal NEG with GCE_VM_IP\n\t\t_, err = compute.NewNetworkEndpointGroup(ctx, \"internal\", \u0026compute.NetworkEndpointGroupArgs{\n\t\t\tName: pulumi.String(\"internal-neg\"),\n\t\t\tNetwork: internal.ID(),\n\t\t\tSubnetwork: internalSubnetwork.ID(),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tNetworkEndpointType: pulumi.String(\"GCE_VM_IP\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Hybrid connectivity NEG\n\t\thybrid, err := compute.NewNetworkEndpointGroup(ctx, \"hybrid\", \u0026compute.NetworkEndpointGroupArgs{\n\t\t\tName: pulumi.String(\"hybrid-neg\"),\n\t\t\tNetwork: _default.ID(),\n\t\t\tDefaultPort: pulumi.Int(90),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tNetworkEndpointType: pulumi.String(\"NON_GCP_PRIVATE_IP_PORT\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNetworkEndpoint(ctx, \"hybrid-endpoint\", \u0026compute.NetworkEndpointArgs{\n\t\t\tNetworkEndpointGroup: hybrid.Name,\n\t\t\tPort: hybrid.DefaultPort,\n\t\t\tIpAddress: pulumi.String(\"127.0.0.1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultHealthCheck, err := compute.NewHealthCheck(ctx, \"default\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"health-check\"),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Backend service for Zonal NEG\n\t\tdefaultBackendService, err := compute.NewBackendService(ctx, \"default\", \u0026compute.BackendServiceArgs{\n\t\t\tName: pulumi.String(\"backend-default\"),\n\t\t\tPortName: pulumi.String(\"http\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tBackends: compute.BackendServiceBackendArray{\n\t\t\t\t\u0026compute.BackendServiceBackendArgs{\n\t\t\t\t\tGroup: defaultNetworkEndpointGroup.ID(),\n\t\t\t\t\tBalancingMode: pulumi.String(\"RATE\"),\n\t\t\t\t\tMaxRatePerEndpoint: pulumi.Float64(10),\n\t\t\t\t},\n\t\t\t},\n\t\t\tHealthChecks: defaultHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Backgend service for Hybrid NEG\n\t\thybridBackendService, err := compute.NewBackendService(ctx, \"hybrid\", \u0026compute.BackendServiceArgs{\n\t\t\tName: pulumi.String(\"backend-hybrid\"),\n\t\t\tPortName: pulumi.String(\"http\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tBackends: compute.BackendServiceBackendArray{\n\t\t\t\t\u0026compute.BackendServiceBackendArgs{\n\t\t\t\t\tGroup: hybrid.ID(),\n\t\t\t\t\tBalancingMode: pulumi.String(\"RATE\"),\n\t\t\t\t\tMaxRatePerEndpoint: pulumi.Float64(10),\n\t\t\t\t},\n\t\t\t},\n\t\t\tHealthChecks: defaultHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultURLMap, err := compute.NewURLMap(ctx, \"default\", \u0026compute.URLMapArgs{\n\t\t\tName: pulumi.String(\"url-map-target-proxy\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\tHostRules: compute.URLMapHostRuleArray{\n\t\t\t\t\u0026compute.URLMapHostRuleArgs{\n\t\t\t\t\tHosts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"mysite.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tPathMatcher: pulumi.String(\"allpaths\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPathMatchers: compute.URLMapPathMatcherArray{\n\t\t\t\t\u0026compute.URLMapPathMatcherArgs{\n\t\t\t\t\tName: pulumi.String(\"allpaths\"),\n\t\t\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\t\t\tPathRules: compute.URLMapPathMatcherPathRuleArray{\n\t\t\t\t\t\t\u0026compute.URLMapPathMatcherPathRuleArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"/*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tService: defaultBackendService.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026compute.URLMapPathMatcherPathRuleArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"/hybrid\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tService: hybridBackendService.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTargetHttpProxy, err := compute.NewTargetHttpProxy(ctx, \"default\", \u0026compute.TargetHttpProxyArgs{\n\t\t\tName: pulumi.String(\"target-proxy\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tUrlMap: defaultURLMap.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewGlobalForwardingRule(ctx, \"default\", \u0026compute.GlobalForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"global-rule\"),\n\t\t\tTarget: defaultTargetHttpProxy.ID(),\n\t\t\tPortRange: pulumi.String(\"80\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.NetworkEndpointGroup;\nimport com.pulumi.gcp.compute.NetworkEndpointGroupArgs;\nimport com.pulumi.gcp.compute.NetworkEndpoint;\nimport com.pulumi.gcp.compute.NetworkEndpointArgs;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.BackendService;\nimport com.pulumi.gcp.compute.BackendServiceArgs;\nimport com.pulumi.gcp.compute.inputs.BackendServiceBackendArgs;\nimport com.pulumi.gcp.compute.URLMap;\nimport com.pulumi.gcp.compute.URLMapArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;\nimport com.pulumi.gcp.compute.TargetHttpProxy;\nimport com.pulumi.gcp.compute.TargetHttpProxyArgs;\nimport com.pulumi.gcp.compute.GlobalForwardingRule;\nimport com.pulumi.gcp.compute.GlobalForwardingRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var subnetworkCidr = config.get(\"subnetworkCidr\").orElse(\"10.0.0.0/24\");\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"my-network\")\n .build());\n\n var internal = new Network(\"internal\", NetworkArgs.builder()\n .name(\"my-internal-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var internalSubnetwork = new Subnetwork(\"internalSubnetwork\", SubnetworkArgs.builder()\n .name(\"my-subnetwork\")\n .network(internal.id())\n .ipCidrRange(subnetworkCidr)\n .region(\"us-central1\")\n .privateIpGoogleAccess(true)\n .build());\n\n // Zonal NEG with GCE_VM_IP_PORT\n var defaultNetworkEndpointGroup = new NetworkEndpointGroup(\"defaultNetworkEndpointGroup\", NetworkEndpointGroupArgs.builder()\n .name(\"default-neg\")\n .network(default_.id())\n .defaultPort(\"90\")\n .zone(\"us-central1-a\")\n .networkEndpointType(\"GCE_VM_IP_PORT\")\n .build());\n\n // Zonal NEG with GCE_VM_IP\n var internalNetworkEndpointGroup = new NetworkEndpointGroup(\"internalNetworkEndpointGroup\", NetworkEndpointGroupArgs.builder()\n .name(\"internal-neg\")\n .network(internal.id())\n .subnetwork(internalSubnetwork.id())\n .zone(\"us-central1-a\")\n .networkEndpointType(\"GCE_VM_IP\")\n .build());\n\n // Hybrid connectivity NEG\n var hybrid = new NetworkEndpointGroup(\"hybrid\", NetworkEndpointGroupArgs.builder()\n .name(\"hybrid-neg\")\n .network(default_.id())\n .defaultPort(\"90\")\n .zone(\"us-central1-a\")\n .networkEndpointType(\"NON_GCP_PRIVATE_IP_PORT\")\n .build());\n\n var hybrid_endpoint = new NetworkEndpoint(\"hybrid-endpoint\", NetworkEndpointArgs.builder()\n .networkEndpointGroup(hybrid.name())\n .port(hybrid.defaultPort())\n .ipAddress(\"127.0.0.1\")\n .build());\n\n var defaultHealthCheck = new HealthCheck(\"defaultHealthCheck\", HealthCheckArgs.builder()\n .name(\"health-check\")\n .timeoutSec(1)\n .checkIntervalSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n // Backend service for Zonal NEG\n var defaultBackendService = new BackendService(\"defaultBackendService\", BackendServiceArgs.builder()\n .name(\"backend-default\")\n .portName(\"http\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .backends(BackendServiceBackendArgs.builder()\n .group(defaultNetworkEndpointGroup.id())\n .balancingMode(\"RATE\")\n .maxRatePerEndpoint(10)\n .build())\n .healthChecks(defaultHealthCheck.id())\n .build());\n\n // Backgend service for Hybrid NEG\n var hybridBackendService = new BackendService(\"hybridBackendService\", BackendServiceArgs.builder()\n .name(\"backend-hybrid\")\n .portName(\"http\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .backends(BackendServiceBackendArgs.builder()\n .group(hybrid.id())\n .balancingMode(\"RATE\")\n .maxRatePerEndpoint(10)\n .build())\n .healthChecks(defaultHealthCheck.id())\n .build());\n\n var defaultURLMap = new URLMap(\"defaultURLMap\", URLMapArgs.builder()\n .name(\"url-map-target-proxy\")\n .description(\"a description\")\n .defaultService(defaultBackendService.id())\n .hostRules(URLMapHostRuleArgs.builder()\n .hosts(\"mysite.com\")\n .pathMatcher(\"allpaths\")\n .build())\n .pathMatchers(URLMapPathMatcherArgs.builder()\n .name(\"allpaths\")\n .defaultService(defaultBackendService.id())\n .pathRules( \n URLMapPathMatcherPathRuleArgs.builder()\n .paths(\"/*\")\n .service(defaultBackendService.id())\n .build(),\n URLMapPathMatcherPathRuleArgs.builder()\n .paths(\"/hybrid\")\n .service(hybridBackendService.id())\n .build())\n .build())\n .build());\n\n var defaultTargetHttpProxy = new TargetHttpProxy(\"defaultTargetHttpProxy\", TargetHttpProxyArgs.builder()\n .name(\"target-proxy\")\n .description(\"a description\")\n .urlMap(defaultURLMap.id())\n .build());\n\n var defaultGlobalForwardingRule = new GlobalForwardingRule(\"defaultGlobalForwardingRule\", GlobalForwardingRuleArgs.builder()\n .name(\"global-rule\")\n .target(defaultTargetHttpProxy.id())\n .portRange(\"80\")\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n # Roughly mirrors https://cloud.google.com/load-balancing/docs/https/setting-up-ext-https-hybrid\n subnetworkCidr:\n type: string\n default: 10.0.0.0/24\nresources:\n default:\n type: gcp:compute:Network\n properties:\n name: my-network\n internal:\n type: gcp:compute:Network\n properties:\n name: my-internal-network\n autoCreateSubnetworks: false\n internalSubnetwork:\n type: gcp:compute:Subnetwork\n name: internal\n properties:\n name: my-subnetwork\n network: ${internal.id}\n ipCidrRange: ${subnetworkCidr}\n region: us-central1\n privateIpGoogleAccess: true\n # Zonal NEG with GCE_VM_IP_PORT\n defaultNetworkEndpointGroup:\n type: gcp:compute:NetworkEndpointGroup\n name: default\n properties:\n name: default-neg\n network: ${default.id}\n defaultPort: '90'\n zone: us-central1-a\n networkEndpointType: GCE_VM_IP_PORT\n # Zonal NEG with GCE_VM_IP\n internalNetworkEndpointGroup:\n type: gcp:compute:NetworkEndpointGroup\n name: internal\n properties:\n name: internal-neg\n network: ${internal.id}\n subnetwork: ${internalSubnetwork.id}\n zone: us-central1-a\n networkEndpointType: GCE_VM_IP\n # Hybrid connectivity NEG\n hybrid:\n type: gcp:compute:NetworkEndpointGroup\n properties:\n name: hybrid-neg\n network: ${default.id}\n defaultPort: '90'\n zone: us-central1-a\n networkEndpointType: NON_GCP_PRIVATE_IP_PORT\n hybrid-endpoint:\n type: gcp:compute:NetworkEndpoint\n properties:\n networkEndpointGroup: ${hybrid.name}\n port: ${hybrid.defaultPort}\n ipAddress: 127.0.0.1\n # Backend service for Zonal NEG\n defaultBackendService:\n type: gcp:compute:BackendService\n name: default\n properties:\n name: backend-default\n portName: http\n protocol: HTTP\n timeoutSec: 10\n backends:\n - group: ${defaultNetworkEndpointGroup.id}\n balancingMode: RATE\n maxRatePerEndpoint: 10\n healthChecks: ${defaultHealthCheck.id}\n # Backgend service for Hybrid NEG\n hybridBackendService:\n type: gcp:compute:BackendService\n name: hybrid\n properties:\n name: backend-hybrid\n portName: http\n protocol: HTTP\n timeoutSec: 10\n backends:\n - group: ${hybrid.id}\n balancingMode: RATE\n maxRatePerEndpoint: 10\n healthChecks: ${defaultHealthCheck.id}\n defaultHealthCheck:\n type: gcp:compute:HealthCheck\n name: default\n properties:\n name: health-check\n timeoutSec: 1\n checkIntervalSec: 1\n tcpHealthCheck:\n port: '80'\n defaultURLMap:\n type: gcp:compute:URLMap\n name: default\n properties:\n name: url-map-target-proxy\n description: a description\n defaultService: ${defaultBackendService.id}\n hostRules:\n - hosts:\n - mysite.com\n pathMatcher: allpaths\n pathMatchers:\n - name: allpaths\n defaultService: ${defaultBackendService.id}\n pathRules:\n - paths:\n - /*\n service: ${defaultBackendService.id}\n - paths:\n - /hybrid\n service: ${hybridBackendService.id}\n defaultTargetHttpProxy:\n type: gcp:compute:TargetHttpProxy\n name: default\n properties:\n name: target-proxy\n description: a description\n urlMap: ${defaultURLMap.id}\n defaultGlobalForwardingRule:\n type: gcp:compute:GlobalForwardingRule\n name: default\n properties:\n name: global-rule\n target: ${defaultTargetHttpProxy.id}\n portRange: '80'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Private Service Connect Google Apis\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network = new gcp.compute.Network(\"network\", {\n project: \"my-project-name\",\n name: \"my-network\",\n autoCreateSubnetworks: false,\n});\nconst vpcSubnetwork = new gcp.compute.Subnetwork(\"vpc_subnetwork\", {\n project: network.project,\n name: \"my-subnetwork\",\n ipCidrRange: \"10.2.0.0/16\",\n region: \"us-central1\",\n network: network.id,\n privateIpGoogleAccess: true,\n});\nconst _default = new gcp.compute.GlobalAddress(\"default\", {\n project: network.project,\n name: \"global-psconnect-ip\",\n addressType: \"INTERNAL\",\n purpose: \"PRIVATE_SERVICE_CONNECT\",\n network: network.id,\n address: \"100.100.100.106\",\n});\nconst defaultGlobalForwardingRule = new gcp.compute.GlobalForwardingRule(\"default\", {\n project: network.project,\n name: \"globalrule\",\n target: \"all-apis\",\n network: network.id,\n ipAddress: _default.id,\n loadBalancingScheme: \"\",\n serviceDirectoryRegistrations: {\n namespace: \"sd-namespace\",\n serviceDirectoryRegion: \"europe-west3\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork = gcp.compute.Network(\"network\",\n project=\"my-project-name\",\n name=\"my-network\",\n auto_create_subnetworks=False)\nvpc_subnetwork = gcp.compute.Subnetwork(\"vpc_subnetwork\",\n project=network.project,\n name=\"my-subnetwork\",\n ip_cidr_range=\"10.2.0.0/16\",\n region=\"us-central1\",\n network=network.id,\n private_ip_google_access=True)\ndefault = gcp.compute.GlobalAddress(\"default\",\n project=network.project,\n name=\"global-psconnect-ip\",\n address_type=\"INTERNAL\",\n purpose=\"PRIVATE_SERVICE_CONNECT\",\n network=network.id,\n address=\"100.100.100.106\")\ndefault_global_forwarding_rule = gcp.compute.GlobalForwardingRule(\"default\",\n project=network.project,\n name=\"globalrule\",\n target=\"all-apis\",\n network=network.id,\n ip_address=default.id,\n load_balancing_scheme=\"\",\n service_directory_registrations={\n \"namespace\": \"sd-namespace\",\n \"service_directory_region\": \"europe-west3\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Project = \"my-project-name\",\n Name = \"my-network\",\n AutoCreateSubnetworks = false,\n });\n\n var vpcSubnetwork = new Gcp.Compute.Subnetwork(\"vpc_subnetwork\", new()\n {\n Project = network.Project,\n Name = \"my-subnetwork\",\n IpCidrRange = \"10.2.0.0/16\",\n Region = \"us-central1\",\n Network = network.Id,\n PrivateIpGoogleAccess = true,\n });\n\n var @default = new Gcp.Compute.GlobalAddress(\"default\", new()\n {\n Project = network.Project,\n Name = \"global-psconnect-ip\",\n AddressType = \"INTERNAL\",\n Purpose = \"PRIVATE_SERVICE_CONNECT\",\n Network = network.Id,\n Address = \"100.100.100.106\",\n });\n\n var defaultGlobalForwardingRule = new Gcp.Compute.GlobalForwardingRule(\"default\", new()\n {\n Project = network.Project,\n Name = \"globalrule\",\n Target = \"all-apis\",\n Network = network.Id,\n IpAddress = @default.Id,\n LoadBalancingScheme = \"\",\n ServiceDirectoryRegistrations = new Gcp.Compute.Inputs.GlobalForwardingRuleServiceDirectoryRegistrationsArgs\n {\n Namespace = \"sd-namespace\",\n ServiceDirectoryRegion = \"europe-west3\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetwork(ctx, \"vpc_subnetwork\", \u0026compute.SubnetworkArgs{\n\t\t\tProject: network.Project,\n\t\t\tName: pulumi.String(\"my-subnetwork\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.2.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: network.ID(),\n\t\t\tPrivateIpGoogleAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewGlobalAddress(ctx, \"default\", \u0026compute.GlobalAddressArgs{\n\t\t\tProject: network.Project,\n\t\t\tName: pulumi.String(\"global-psconnect-ip\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"PRIVATE_SERVICE_CONNECT\"),\n\t\t\tNetwork: network.ID(),\n\t\t\tAddress: pulumi.String(\"100.100.100.106\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewGlobalForwardingRule(ctx, \"default\", \u0026compute.GlobalForwardingRuleArgs{\n\t\t\tProject: network.Project,\n\t\t\tName: pulumi.String(\"globalrule\"),\n\t\t\tTarget: pulumi.String(\"all-apis\"),\n\t\t\tNetwork: network.ID(),\n\t\t\tIpAddress: _default.ID(),\n\t\t\tLoadBalancingScheme: pulumi.String(\"\"),\n\t\t\tServiceDirectoryRegistrations: \u0026compute.GlobalForwardingRuleServiceDirectoryRegistrationsArgs{\n\t\t\t\tNamespace: pulumi.String(\"sd-namespace\"),\n\t\t\t\tServiceDirectoryRegion: pulumi.String(\"europe-west3\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.compute.GlobalForwardingRule;\nimport com.pulumi.gcp.compute.GlobalForwardingRuleArgs;\nimport com.pulumi.gcp.compute.inputs.GlobalForwardingRuleServiceDirectoryRegistrationsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network = new Network(\"network\", NetworkArgs.builder()\n .project(\"my-project-name\")\n .name(\"my-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var vpcSubnetwork = new Subnetwork(\"vpcSubnetwork\", SubnetworkArgs.builder()\n .project(network.project())\n .name(\"my-subnetwork\")\n .ipCidrRange(\"10.2.0.0/16\")\n .region(\"us-central1\")\n .network(network.id())\n .privateIpGoogleAccess(true)\n .build());\n\n var default_ = new GlobalAddress(\"default\", GlobalAddressArgs.builder()\n .project(network.project())\n .name(\"global-psconnect-ip\")\n .addressType(\"INTERNAL\")\n .purpose(\"PRIVATE_SERVICE_CONNECT\")\n .network(network.id())\n .address(\"100.100.100.106\")\n .build());\n\n var defaultGlobalForwardingRule = new GlobalForwardingRule(\"defaultGlobalForwardingRule\", GlobalForwardingRuleArgs.builder()\n .project(network.project())\n .name(\"globalrule\")\n .target(\"all-apis\")\n .network(network.id())\n .ipAddress(default_.id())\n .loadBalancingScheme(\"\")\n .serviceDirectoryRegistrations(GlobalForwardingRuleServiceDirectoryRegistrationsArgs.builder()\n .namespace(\"sd-namespace\")\n .serviceDirectoryRegion(\"europe-west3\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n network:\n type: gcp:compute:Network\n properties:\n project: my-project-name\n name: my-network\n autoCreateSubnetworks: false\n vpcSubnetwork:\n type: gcp:compute:Subnetwork\n name: vpc_subnetwork\n properties:\n project: ${network.project}\n name: my-subnetwork\n ipCidrRange: 10.2.0.0/16\n region: us-central1\n network: ${network.id}\n privateIpGoogleAccess: true\n default:\n type: gcp:compute:GlobalAddress\n properties:\n project: ${network.project}\n name: global-psconnect-ip\n addressType: INTERNAL\n purpose: PRIVATE_SERVICE_CONNECT\n network: ${network.id}\n address: 100.100.100.106\n defaultGlobalForwardingRule:\n type: gcp:compute:GlobalForwardingRule\n name: default\n properties:\n project: ${network.project}\n name: globalrule\n target: all-apis\n network: ${network.id}\n ipAddress: ${default.id}\n loadBalancingScheme: \"\"\n serviceDirectoryRegistrations:\n namespace: sd-namespace\n serviceDirectoryRegion: europe-west3\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Private Service Connect Google Apis No Automate Dns\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network = new gcp.compute.Network(\"network\", {\n project: \"my-project-name\",\n name: \"my-network\",\n autoCreateSubnetworks: false,\n});\nconst vpcSubnetwork = new gcp.compute.Subnetwork(\"vpc_subnetwork\", {\n project: network.project,\n name: \"my-subnetwork\",\n ipCidrRange: \"10.2.0.0/16\",\n region: \"us-central1\",\n network: network.id,\n privateIpGoogleAccess: true,\n});\nconst _default = new gcp.compute.GlobalAddress(\"default\", {\n project: network.project,\n name: \"global-psconnect-ip\",\n addressType: \"INTERNAL\",\n purpose: \"PRIVATE_SERVICE_CONNECT\",\n network: network.id,\n address: \"100.100.100.106\",\n});\nconst defaultGlobalForwardingRule = new gcp.compute.GlobalForwardingRule(\"default\", {\n project: network.project,\n name: \"globalrule\",\n target: \"all-apis\",\n network: network.id,\n ipAddress: _default.id,\n loadBalancingScheme: \"\",\n noAutomateDnsZone: false,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork = gcp.compute.Network(\"network\",\n project=\"my-project-name\",\n name=\"my-network\",\n auto_create_subnetworks=False)\nvpc_subnetwork = gcp.compute.Subnetwork(\"vpc_subnetwork\",\n project=network.project,\n name=\"my-subnetwork\",\n ip_cidr_range=\"10.2.0.0/16\",\n region=\"us-central1\",\n network=network.id,\n private_ip_google_access=True)\ndefault = gcp.compute.GlobalAddress(\"default\",\n project=network.project,\n name=\"global-psconnect-ip\",\n address_type=\"INTERNAL\",\n purpose=\"PRIVATE_SERVICE_CONNECT\",\n network=network.id,\n address=\"100.100.100.106\")\ndefault_global_forwarding_rule = gcp.compute.GlobalForwardingRule(\"default\",\n project=network.project,\n name=\"globalrule\",\n target=\"all-apis\",\n network=network.id,\n ip_address=default.id,\n load_balancing_scheme=\"\",\n no_automate_dns_zone=False)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Project = \"my-project-name\",\n Name = \"my-network\",\n AutoCreateSubnetworks = false,\n });\n\n var vpcSubnetwork = new Gcp.Compute.Subnetwork(\"vpc_subnetwork\", new()\n {\n Project = network.Project,\n Name = \"my-subnetwork\",\n IpCidrRange = \"10.2.0.0/16\",\n Region = \"us-central1\",\n Network = network.Id,\n PrivateIpGoogleAccess = true,\n });\n\n var @default = new Gcp.Compute.GlobalAddress(\"default\", new()\n {\n Project = network.Project,\n Name = \"global-psconnect-ip\",\n AddressType = \"INTERNAL\",\n Purpose = \"PRIVATE_SERVICE_CONNECT\",\n Network = network.Id,\n Address = \"100.100.100.106\",\n });\n\n var defaultGlobalForwardingRule = new Gcp.Compute.GlobalForwardingRule(\"default\", new()\n {\n Project = network.Project,\n Name = \"globalrule\",\n Target = \"all-apis\",\n Network = network.Id,\n IpAddress = @default.Id,\n LoadBalancingScheme = \"\",\n NoAutomateDnsZone = false,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetwork(ctx, \"vpc_subnetwork\", \u0026compute.SubnetworkArgs{\n\t\t\tProject: network.Project,\n\t\t\tName: pulumi.String(\"my-subnetwork\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.2.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: network.ID(),\n\t\t\tPrivateIpGoogleAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewGlobalAddress(ctx, \"default\", \u0026compute.GlobalAddressArgs{\n\t\t\tProject: network.Project,\n\t\t\tName: pulumi.String(\"global-psconnect-ip\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"PRIVATE_SERVICE_CONNECT\"),\n\t\t\tNetwork: network.ID(),\n\t\t\tAddress: pulumi.String(\"100.100.100.106\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewGlobalForwardingRule(ctx, \"default\", \u0026compute.GlobalForwardingRuleArgs{\n\t\t\tProject: network.Project,\n\t\t\tName: pulumi.String(\"globalrule\"),\n\t\t\tTarget: pulumi.String(\"all-apis\"),\n\t\t\tNetwork: network.ID(),\n\t\t\tIpAddress: _default.ID(),\n\t\t\tLoadBalancingScheme: pulumi.String(\"\"),\n\t\t\tNoAutomateDnsZone: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.compute.GlobalForwardingRule;\nimport com.pulumi.gcp.compute.GlobalForwardingRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network = new Network(\"network\", NetworkArgs.builder()\n .project(\"my-project-name\")\n .name(\"my-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var vpcSubnetwork = new Subnetwork(\"vpcSubnetwork\", SubnetworkArgs.builder()\n .project(network.project())\n .name(\"my-subnetwork\")\n .ipCidrRange(\"10.2.0.0/16\")\n .region(\"us-central1\")\n .network(network.id())\n .privateIpGoogleAccess(true)\n .build());\n\n var default_ = new GlobalAddress(\"default\", GlobalAddressArgs.builder()\n .project(network.project())\n .name(\"global-psconnect-ip\")\n .addressType(\"INTERNAL\")\n .purpose(\"PRIVATE_SERVICE_CONNECT\")\n .network(network.id())\n .address(\"100.100.100.106\")\n .build());\n\n var defaultGlobalForwardingRule = new GlobalForwardingRule(\"defaultGlobalForwardingRule\", GlobalForwardingRuleArgs.builder()\n .project(network.project())\n .name(\"globalrule\")\n .target(\"all-apis\")\n .network(network.id())\n .ipAddress(default_.id())\n .loadBalancingScheme(\"\")\n .noAutomateDnsZone(false)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n network:\n type: gcp:compute:Network\n properties:\n project: my-project-name\n name: my-network\n autoCreateSubnetworks: false\n vpcSubnetwork:\n type: gcp:compute:Subnetwork\n name: vpc_subnetwork\n properties:\n project: ${network.project}\n name: my-subnetwork\n ipCidrRange: 10.2.0.0/16\n region: us-central1\n network: ${network.id}\n privateIpGoogleAccess: true\n default:\n type: gcp:compute:GlobalAddress\n properties:\n project: ${network.project}\n name: global-psconnect-ip\n addressType: INTERNAL\n purpose: PRIVATE_SERVICE_CONNECT\n network: ${network.id}\n address: 100.100.100.106\n defaultGlobalForwardingRule:\n type: gcp:compute:GlobalForwardingRule\n name: default\n properties:\n project: ${network.project}\n name: globalrule\n target: all-apis\n network: ${network.id}\n ipAddress: ${default.id}\n loadBalancingScheme: \"\"\n noAutomateDnsZone: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGlobalForwardingRule can be imported using any of these accepted formats:\n\n* `projects/{{project}}/global/forwardingRules/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, GlobalForwardingRule can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/globalForwardingRule:GlobalForwardingRule default projects/{{project}}/global/forwardingRules/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/globalForwardingRule:GlobalForwardingRule default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/globalForwardingRule:GlobalForwardingRule default {{name}}\n```\n\n", "properties": { "allowPscGlobalAccess": { "type": "boolean", @@ -164529,7 +164529,7 @@ } }, "gcp:compute/image:Image": { - "description": "Represents an Image resource.\n\nGoogle Compute Engine uses operating system images to create the root\npersistent disks for your instances. You specify an image when you create\nan instance. Images contain a boot loader, an operating system, and a\nroot file system. Linux operating system images are also capable of\nrunning containers on Compute Engine.\n\nImages can be either public or custom.\n\nPublic images are provided and maintained by Google, open-source\ncommunities, and third-party vendors. By default, all projects have\naccess to these images and can use them to create instances. Custom\nimages are available only to your project. You can create a custom image\nfrom root persistent disks and other images. Then, use the custom image\nto create an instance.\n\n\nTo get more information about Image, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/v1/images)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/compute/docs/images)\n\n## Example Usage\n\n### Image Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst debian = gcp.compute.getImage({\n family: \"debian-12\",\n project: \"debian-cloud\",\n});\nconst persistent = new gcp.compute.Disk(\"persistent\", {\n name: \"example-disk\",\n image: debian.then(debian =\u003e debian.selfLink),\n size: 10,\n type: \"pd-ssd\",\n zone: \"us-central1-a\",\n});\nconst example = new gcp.compute.Image(\"example\", {\n name: \"example-image\",\n sourceDisk: persistent.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndebian = gcp.compute.get_image(family=\"debian-12\",\n project=\"debian-cloud\")\npersistent = gcp.compute.Disk(\"persistent\",\n name=\"example-disk\",\n image=debian.self_link,\n size=10,\n type=\"pd-ssd\",\n zone=\"us-central1-a\")\nexample = gcp.compute.Image(\"example\",\n name=\"example-image\",\n source_disk=persistent.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var debian = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-12\",\n Project = \"debian-cloud\",\n });\n\n var persistent = new Gcp.Compute.Disk(\"persistent\", new()\n {\n Name = \"example-disk\",\n Image = debian.Apply(getImageResult =\u003e getImageResult.SelfLink),\n Size = 10,\n Type = \"pd-ssd\",\n Zone = \"us-central1-a\",\n });\n\n var example = new Gcp.Compute.Image(\"example\", new()\n {\n Name = \"example-image\",\n SourceDisk = persistent.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdebian, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-12\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpersistent, err := compute.NewDisk(ctx, \"persistent\", \u0026compute.DiskArgs{\n\t\t\tName: pulumi.String(\"example-disk\"),\n\t\t\tImage: pulumi.String(debian.SelfLink),\n\t\t\tSize: pulumi.Int(10),\n\t\t\tType: pulumi.String(\"pd-ssd\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImage(ctx, \"example\", \u0026compute.ImageArgs{\n\t\t\tName: pulumi.String(\"example-image\"),\n\t\t\tSourceDisk: persistent.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Disk;\nimport com.pulumi.gcp.compute.DiskArgs;\nimport com.pulumi.gcp.compute.Image;\nimport com.pulumi.gcp.compute.ImageArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var debian = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-12\")\n .project(\"debian-cloud\")\n .build());\n\n var persistent = new Disk(\"persistent\", DiskArgs.builder()\n .name(\"example-disk\")\n .image(debian.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .size(10)\n .type(\"pd-ssd\")\n .zone(\"us-central1-a\")\n .build());\n\n var example = new Image(\"example\", ImageArgs.builder()\n .name(\"example-image\")\n .sourceDisk(persistent.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n persistent:\n type: gcp:compute:Disk\n properties:\n name: example-disk\n image: ${debian.selfLink}\n size: 10\n type: pd-ssd\n zone: us-central1-a\n example:\n type: gcp:compute:Image\n properties:\n name: example-image\n sourceDisk: ${persistent.id}\nvariables:\n debian:\n fn::invoke:\n Function: gcp:compute:getImage\n Arguments:\n family: debian-12\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Image Guest Os\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst debian = gcp.compute.getImage({\n family: \"debian-12\",\n project: \"debian-cloud\",\n});\nconst persistent = new gcp.compute.Disk(\"persistent\", {\n name: \"example-disk\",\n image: debian.then(debian =\u003e debian.selfLink),\n size: 10,\n type: \"pd-ssd\",\n zone: \"us-central1-a\",\n});\nconst example = new gcp.compute.Image(\"example\", {\n name: \"example-image\",\n sourceDisk: persistent.id,\n guestOsFeatures: [\n {\n type: \"UEFI_COMPATIBLE\",\n },\n {\n type: \"VIRTIO_SCSI_MULTIQUEUE\",\n },\n {\n type: \"GVNIC\",\n },\n {\n type: \"SEV_CAPABLE\",\n },\n {\n type: \"SEV_LIVE_MIGRATABLE_V2\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndebian = gcp.compute.get_image(family=\"debian-12\",\n project=\"debian-cloud\")\npersistent = gcp.compute.Disk(\"persistent\",\n name=\"example-disk\",\n image=debian.self_link,\n size=10,\n type=\"pd-ssd\",\n zone=\"us-central1-a\")\nexample = gcp.compute.Image(\"example\",\n name=\"example-image\",\n source_disk=persistent.id,\n guest_os_features=[\n {\n \"type\": \"UEFI_COMPATIBLE\",\n },\n {\n \"type\": \"VIRTIO_SCSI_MULTIQUEUE\",\n },\n {\n \"type\": \"GVNIC\",\n },\n {\n \"type\": \"SEV_CAPABLE\",\n },\n {\n \"type\": \"SEV_LIVE_MIGRATABLE_V2\",\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var debian = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-12\",\n Project = \"debian-cloud\",\n });\n\n var persistent = new Gcp.Compute.Disk(\"persistent\", new()\n {\n Name = \"example-disk\",\n Image = debian.Apply(getImageResult =\u003e getImageResult.SelfLink),\n Size = 10,\n Type = \"pd-ssd\",\n Zone = \"us-central1-a\",\n });\n\n var example = new Gcp.Compute.Image(\"example\", new()\n {\n Name = \"example-image\",\n SourceDisk = persistent.Id,\n GuestOsFeatures = new[]\n {\n new Gcp.Compute.Inputs.ImageGuestOsFeatureArgs\n {\n Type = \"UEFI_COMPATIBLE\",\n },\n new Gcp.Compute.Inputs.ImageGuestOsFeatureArgs\n {\n Type = \"VIRTIO_SCSI_MULTIQUEUE\",\n },\n new Gcp.Compute.Inputs.ImageGuestOsFeatureArgs\n {\n Type = \"GVNIC\",\n },\n new Gcp.Compute.Inputs.ImageGuestOsFeatureArgs\n {\n Type = \"SEV_CAPABLE\",\n },\n new Gcp.Compute.Inputs.ImageGuestOsFeatureArgs\n {\n Type = \"SEV_LIVE_MIGRATABLE_V2\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdebian, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-12\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpersistent, err := compute.NewDisk(ctx, \"persistent\", \u0026compute.DiskArgs{\n\t\t\tName: pulumi.String(\"example-disk\"),\n\t\t\tImage: pulumi.String(debian.SelfLink),\n\t\t\tSize: pulumi.Int(10),\n\t\t\tType: pulumi.String(\"pd-ssd\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImage(ctx, \"example\", \u0026compute.ImageArgs{\n\t\t\tName: pulumi.String(\"example-image\"),\n\t\t\tSourceDisk: persistent.ID(),\n\t\t\tGuestOsFeatures: compute.ImageGuestOsFeatureArray{\n\t\t\t\t\u0026compute.ImageGuestOsFeatureArgs{\n\t\t\t\t\tType: pulumi.String(\"UEFI_COMPATIBLE\"),\n\t\t\t\t},\n\t\t\t\t\u0026compute.ImageGuestOsFeatureArgs{\n\t\t\t\t\tType: pulumi.String(\"VIRTIO_SCSI_MULTIQUEUE\"),\n\t\t\t\t},\n\t\t\t\t\u0026compute.ImageGuestOsFeatureArgs{\n\t\t\t\t\tType: pulumi.String(\"GVNIC\"),\n\t\t\t\t},\n\t\t\t\t\u0026compute.ImageGuestOsFeatureArgs{\n\t\t\t\t\tType: pulumi.String(\"SEV_CAPABLE\"),\n\t\t\t\t},\n\t\t\t\t\u0026compute.ImageGuestOsFeatureArgs{\n\t\t\t\t\tType: pulumi.String(\"SEV_LIVE_MIGRATABLE_V2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Disk;\nimport com.pulumi.gcp.compute.DiskArgs;\nimport com.pulumi.gcp.compute.Image;\nimport com.pulumi.gcp.compute.ImageArgs;\nimport com.pulumi.gcp.compute.inputs.ImageGuestOsFeatureArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var debian = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-12\")\n .project(\"debian-cloud\")\n .build());\n\n var persistent = new Disk(\"persistent\", DiskArgs.builder()\n .name(\"example-disk\")\n .image(debian.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .size(10)\n .type(\"pd-ssd\")\n .zone(\"us-central1-a\")\n .build());\n\n var example = new Image(\"example\", ImageArgs.builder()\n .name(\"example-image\")\n .sourceDisk(persistent.id())\n .guestOsFeatures( \n ImageGuestOsFeatureArgs.builder()\n .type(\"UEFI_COMPATIBLE\")\n .build(),\n ImageGuestOsFeatureArgs.builder()\n .type(\"VIRTIO_SCSI_MULTIQUEUE\")\n .build(),\n ImageGuestOsFeatureArgs.builder()\n .type(\"GVNIC\")\n .build(),\n ImageGuestOsFeatureArgs.builder()\n .type(\"SEV_CAPABLE\")\n .build(),\n ImageGuestOsFeatureArgs.builder()\n .type(\"SEV_LIVE_MIGRATABLE_V2\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n persistent:\n type: gcp:compute:Disk\n properties:\n name: example-disk\n image: ${debian.selfLink}\n size: 10\n type: pd-ssd\n zone: us-central1-a\n example:\n type: gcp:compute:Image\n properties:\n name: example-image\n sourceDisk: ${persistent.id}\n guestOsFeatures:\n - type: UEFI_COMPATIBLE\n - type: VIRTIO_SCSI_MULTIQUEUE\n - type: GVNIC\n - type: SEV_CAPABLE\n - type: SEV_LIVE_MIGRATABLE_V2\nvariables:\n debian:\n fn::invoke:\n Function: gcp:compute:getImage\n Arguments:\n family: debian-12\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Image Basic Storage Location\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst debian = gcp.compute.getImage({\n family: \"debian-12\",\n project: \"debian-cloud\",\n});\nconst persistent = new gcp.compute.Disk(\"persistent\", {\n name: \"example-disk\",\n image: debian.then(debian =\u003e debian.selfLink),\n size: 10,\n type: \"pd-ssd\",\n zone: \"us-central1-a\",\n});\nconst example = new gcp.compute.Image(\"example\", {\n name: \"example-sl-image\",\n sourceDisk: persistent.id,\n storageLocations: [\"us-central1\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndebian = gcp.compute.get_image(family=\"debian-12\",\n project=\"debian-cloud\")\npersistent = gcp.compute.Disk(\"persistent\",\n name=\"example-disk\",\n image=debian.self_link,\n size=10,\n type=\"pd-ssd\",\n zone=\"us-central1-a\")\nexample = gcp.compute.Image(\"example\",\n name=\"example-sl-image\",\n source_disk=persistent.id,\n storage_locations=[\"us-central1\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var debian = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-12\",\n Project = \"debian-cloud\",\n });\n\n var persistent = new Gcp.Compute.Disk(\"persistent\", new()\n {\n Name = \"example-disk\",\n Image = debian.Apply(getImageResult =\u003e getImageResult.SelfLink),\n Size = 10,\n Type = \"pd-ssd\",\n Zone = \"us-central1-a\",\n });\n\n var example = new Gcp.Compute.Image(\"example\", new()\n {\n Name = \"example-sl-image\",\n SourceDisk = persistent.Id,\n StorageLocations = new[]\n {\n \"us-central1\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdebian, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-12\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpersistent, err := compute.NewDisk(ctx, \"persistent\", \u0026compute.DiskArgs{\n\t\t\tName: pulumi.String(\"example-disk\"),\n\t\t\tImage: pulumi.String(debian.SelfLink),\n\t\t\tSize: pulumi.Int(10),\n\t\t\tType: pulumi.String(\"pd-ssd\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImage(ctx, \"example\", \u0026compute.ImageArgs{\n\t\t\tName: pulumi.String(\"example-sl-image\"),\n\t\t\tSourceDisk: persistent.ID(),\n\t\t\tStorageLocations: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-central1\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Disk;\nimport com.pulumi.gcp.compute.DiskArgs;\nimport com.pulumi.gcp.compute.Image;\nimport com.pulumi.gcp.compute.ImageArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var debian = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-12\")\n .project(\"debian-cloud\")\n .build());\n\n var persistent = new Disk(\"persistent\", DiskArgs.builder()\n .name(\"example-disk\")\n .image(debian.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .size(10)\n .type(\"pd-ssd\")\n .zone(\"us-central1-a\")\n .build());\n\n var example = new Image(\"example\", ImageArgs.builder()\n .name(\"example-sl-image\")\n .sourceDisk(persistent.id())\n .storageLocations(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n persistent:\n type: gcp:compute:Disk\n properties:\n name: example-disk\n image: ${debian.selfLink}\n size: 10\n type: pd-ssd\n zone: us-central1-a\n example:\n type: gcp:compute:Image\n properties:\n name: example-sl-image\n sourceDisk: ${persistent.id}\n storageLocations:\n - us-central1\nvariables:\n debian:\n fn::invoke:\n Function: gcp:compute:getImage\n Arguments:\n family: debian-12\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nImage can be imported using any of these accepted formats:\n\n* `projects/{{project}}/global/images/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Image can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/image:Image default projects/{{project}}/global/images/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/image:Image default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/image:Image default {{name}}\n```\n\n", + "description": "Represents an Image resource.\n\nGoogle Compute Engine uses operating system images to create the root\npersistent disks for your instances. You specify an image when you create\nan instance. Images contain a boot loader, an operating system, and a\nroot file system. Linux operating system images are also capable of\nrunning containers on Compute Engine.\n\nImages can be either public or custom.\n\nPublic images are provided and maintained by Google, open-source\ncommunities, and third-party vendors. By default, all projects have\naccess to these images and can use them to create instances. Custom\nimages are available only to your project. You can create a custom image\nfrom root persistent disks and other images. Then, use the custom image\nto create an instance.\n\n\nTo get more information about Image, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/v1/images)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/compute/docs/images)\n\n## Example Usage\n\n### Image Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst debian = gcp.compute.getImage({\n family: \"debian-12\",\n project: \"debian-cloud\",\n});\nconst persistent = new gcp.compute.Disk(\"persistent\", {\n name: \"example-disk\",\n image: debian.then(debian =\u003e debian.selfLink),\n size: 10,\n type: \"pd-ssd\",\n zone: \"us-central1-a\",\n});\nconst example = new gcp.compute.Image(\"example\", {\n name: \"example-image\",\n sourceDisk: persistent.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndebian = gcp.compute.get_image(family=\"debian-12\",\n project=\"debian-cloud\")\npersistent = gcp.compute.Disk(\"persistent\",\n name=\"example-disk\",\n image=debian.self_link,\n size=10,\n type=\"pd-ssd\",\n zone=\"us-central1-a\")\nexample = gcp.compute.Image(\"example\",\n name=\"example-image\",\n source_disk=persistent.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var debian = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-12\",\n Project = \"debian-cloud\",\n });\n\n var persistent = new Gcp.Compute.Disk(\"persistent\", new()\n {\n Name = \"example-disk\",\n Image = debian.Apply(getImageResult =\u003e getImageResult.SelfLink),\n Size = 10,\n Type = \"pd-ssd\",\n Zone = \"us-central1-a\",\n });\n\n var example = new Gcp.Compute.Image(\"example\", new()\n {\n Name = \"example-image\",\n SourceDisk = persistent.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdebian, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-12\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpersistent, err := compute.NewDisk(ctx, \"persistent\", \u0026compute.DiskArgs{\n\t\t\tName: pulumi.String(\"example-disk\"),\n\t\t\tImage: pulumi.String(debian.SelfLink),\n\t\t\tSize: pulumi.Int(10),\n\t\t\tType: pulumi.String(\"pd-ssd\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImage(ctx, \"example\", \u0026compute.ImageArgs{\n\t\t\tName: pulumi.String(\"example-image\"),\n\t\t\tSourceDisk: persistent.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Disk;\nimport com.pulumi.gcp.compute.DiskArgs;\nimport com.pulumi.gcp.compute.Image;\nimport com.pulumi.gcp.compute.ImageArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var debian = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-12\")\n .project(\"debian-cloud\")\n .build());\n\n var persistent = new Disk(\"persistent\", DiskArgs.builder()\n .name(\"example-disk\")\n .image(debian.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .size(10)\n .type(\"pd-ssd\")\n .zone(\"us-central1-a\")\n .build());\n\n var example = new Image(\"example\", ImageArgs.builder()\n .name(\"example-image\")\n .sourceDisk(persistent.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n persistent:\n type: gcp:compute:Disk\n properties:\n name: example-disk\n image: ${debian.selfLink}\n size: 10\n type: pd-ssd\n zone: us-central1-a\n example:\n type: gcp:compute:Image\n properties:\n name: example-image\n sourceDisk: ${persistent.id}\nvariables:\n debian:\n fn::invoke:\n function: gcp:compute:getImage\n arguments:\n family: debian-12\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Image Guest Os\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst debian = gcp.compute.getImage({\n family: \"debian-12\",\n project: \"debian-cloud\",\n});\nconst persistent = new gcp.compute.Disk(\"persistent\", {\n name: \"example-disk\",\n image: debian.then(debian =\u003e debian.selfLink),\n size: 10,\n type: \"pd-ssd\",\n zone: \"us-central1-a\",\n});\nconst example = new gcp.compute.Image(\"example\", {\n name: \"example-image\",\n sourceDisk: persistent.id,\n guestOsFeatures: [\n {\n type: \"UEFI_COMPATIBLE\",\n },\n {\n type: \"VIRTIO_SCSI_MULTIQUEUE\",\n },\n {\n type: \"GVNIC\",\n },\n {\n type: \"SEV_CAPABLE\",\n },\n {\n type: \"SEV_LIVE_MIGRATABLE_V2\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndebian = gcp.compute.get_image(family=\"debian-12\",\n project=\"debian-cloud\")\npersistent = gcp.compute.Disk(\"persistent\",\n name=\"example-disk\",\n image=debian.self_link,\n size=10,\n type=\"pd-ssd\",\n zone=\"us-central1-a\")\nexample = gcp.compute.Image(\"example\",\n name=\"example-image\",\n source_disk=persistent.id,\n guest_os_features=[\n {\n \"type\": \"UEFI_COMPATIBLE\",\n },\n {\n \"type\": \"VIRTIO_SCSI_MULTIQUEUE\",\n },\n {\n \"type\": \"GVNIC\",\n },\n {\n \"type\": \"SEV_CAPABLE\",\n },\n {\n \"type\": \"SEV_LIVE_MIGRATABLE_V2\",\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var debian = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-12\",\n Project = \"debian-cloud\",\n });\n\n var persistent = new Gcp.Compute.Disk(\"persistent\", new()\n {\n Name = \"example-disk\",\n Image = debian.Apply(getImageResult =\u003e getImageResult.SelfLink),\n Size = 10,\n Type = \"pd-ssd\",\n Zone = \"us-central1-a\",\n });\n\n var example = new Gcp.Compute.Image(\"example\", new()\n {\n Name = \"example-image\",\n SourceDisk = persistent.Id,\n GuestOsFeatures = new[]\n {\n new Gcp.Compute.Inputs.ImageGuestOsFeatureArgs\n {\n Type = \"UEFI_COMPATIBLE\",\n },\n new Gcp.Compute.Inputs.ImageGuestOsFeatureArgs\n {\n Type = \"VIRTIO_SCSI_MULTIQUEUE\",\n },\n new Gcp.Compute.Inputs.ImageGuestOsFeatureArgs\n {\n Type = \"GVNIC\",\n },\n new Gcp.Compute.Inputs.ImageGuestOsFeatureArgs\n {\n Type = \"SEV_CAPABLE\",\n },\n new Gcp.Compute.Inputs.ImageGuestOsFeatureArgs\n {\n Type = \"SEV_LIVE_MIGRATABLE_V2\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdebian, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-12\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpersistent, err := compute.NewDisk(ctx, \"persistent\", \u0026compute.DiskArgs{\n\t\t\tName: pulumi.String(\"example-disk\"),\n\t\t\tImage: pulumi.String(debian.SelfLink),\n\t\t\tSize: pulumi.Int(10),\n\t\t\tType: pulumi.String(\"pd-ssd\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImage(ctx, \"example\", \u0026compute.ImageArgs{\n\t\t\tName: pulumi.String(\"example-image\"),\n\t\t\tSourceDisk: persistent.ID(),\n\t\t\tGuestOsFeatures: compute.ImageGuestOsFeatureArray{\n\t\t\t\t\u0026compute.ImageGuestOsFeatureArgs{\n\t\t\t\t\tType: pulumi.String(\"UEFI_COMPATIBLE\"),\n\t\t\t\t},\n\t\t\t\t\u0026compute.ImageGuestOsFeatureArgs{\n\t\t\t\t\tType: pulumi.String(\"VIRTIO_SCSI_MULTIQUEUE\"),\n\t\t\t\t},\n\t\t\t\t\u0026compute.ImageGuestOsFeatureArgs{\n\t\t\t\t\tType: pulumi.String(\"GVNIC\"),\n\t\t\t\t},\n\t\t\t\t\u0026compute.ImageGuestOsFeatureArgs{\n\t\t\t\t\tType: pulumi.String(\"SEV_CAPABLE\"),\n\t\t\t\t},\n\t\t\t\t\u0026compute.ImageGuestOsFeatureArgs{\n\t\t\t\t\tType: pulumi.String(\"SEV_LIVE_MIGRATABLE_V2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Disk;\nimport com.pulumi.gcp.compute.DiskArgs;\nimport com.pulumi.gcp.compute.Image;\nimport com.pulumi.gcp.compute.ImageArgs;\nimport com.pulumi.gcp.compute.inputs.ImageGuestOsFeatureArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var debian = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-12\")\n .project(\"debian-cloud\")\n .build());\n\n var persistent = new Disk(\"persistent\", DiskArgs.builder()\n .name(\"example-disk\")\n .image(debian.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .size(10)\n .type(\"pd-ssd\")\n .zone(\"us-central1-a\")\n .build());\n\n var example = new Image(\"example\", ImageArgs.builder()\n .name(\"example-image\")\n .sourceDisk(persistent.id())\n .guestOsFeatures( \n ImageGuestOsFeatureArgs.builder()\n .type(\"UEFI_COMPATIBLE\")\n .build(),\n ImageGuestOsFeatureArgs.builder()\n .type(\"VIRTIO_SCSI_MULTIQUEUE\")\n .build(),\n ImageGuestOsFeatureArgs.builder()\n .type(\"GVNIC\")\n .build(),\n ImageGuestOsFeatureArgs.builder()\n .type(\"SEV_CAPABLE\")\n .build(),\n ImageGuestOsFeatureArgs.builder()\n .type(\"SEV_LIVE_MIGRATABLE_V2\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n persistent:\n type: gcp:compute:Disk\n properties:\n name: example-disk\n image: ${debian.selfLink}\n size: 10\n type: pd-ssd\n zone: us-central1-a\n example:\n type: gcp:compute:Image\n properties:\n name: example-image\n sourceDisk: ${persistent.id}\n guestOsFeatures:\n - type: UEFI_COMPATIBLE\n - type: VIRTIO_SCSI_MULTIQUEUE\n - type: GVNIC\n - type: SEV_CAPABLE\n - type: SEV_LIVE_MIGRATABLE_V2\nvariables:\n debian:\n fn::invoke:\n function: gcp:compute:getImage\n arguments:\n family: debian-12\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Image Basic Storage Location\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst debian = gcp.compute.getImage({\n family: \"debian-12\",\n project: \"debian-cloud\",\n});\nconst persistent = new gcp.compute.Disk(\"persistent\", {\n name: \"example-disk\",\n image: debian.then(debian =\u003e debian.selfLink),\n size: 10,\n type: \"pd-ssd\",\n zone: \"us-central1-a\",\n});\nconst example = new gcp.compute.Image(\"example\", {\n name: \"example-sl-image\",\n sourceDisk: persistent.id,\n storageLocations: [\"us-central1\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndebian = gcp.compute.get_image(family=\"debian-12\",\n project=\"debian-cloud\")\npersistent = gcp.compute.Disk(\"persistent\",\n name=\"example-disk\",\n image=debian.self_link,\n size=10,\n type=\"pd-ssd\",\n zone=\"us-central1-a\")\nexample = gcp.compute.Image(\"example\",\n name=\"example-sl-image\",\n source_disk=persistent.id,\n storage_locations=[\"us-central1\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var debian = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-12\",\n Project = \"debian-cloud\",\n });\n\n var persistent = new Gcp.Compute.Disk(\"persistent\", new()\n {\n Name = \"example-disk\",\n Image = debian.Apply(getImageResult =\u003e getImageResult.SelfLink),\n Size = 10,\n Type = \"pd-ssd\",\n Zone = \"us-central1-a\",\n });\n\n var example = new Gcp.Compute.Image(\"example\", new()\n {\n Name = \"example-sl-image\",\n SourceDisk = persistent.Id,\n StorageLocations = new[]\n {\n \"us-central1\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdebian, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-12\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpersistent, err := compute.NewDisk(ctx, \"persistent\", \u0026compute.DiskArgs{\n\t\t\tName: pulumi.String(\"example-disk\"),\n\t\t\tImage: pulumi.String(debian.SelfLink),\n\t\t\tSize: pulumi.Int(10),\n\t\t\tType: pulumi.String(\"pd-ssd\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImage(ctx, \"example\", \u0026compute.ImageArgs{\n\t\t\tName: pulumi.String(\"example-sl-image\"),\n\t\t\tSourceDisk: persistent.ID(),\n\t\t\tStorageLocations: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-central1\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Disk;\nimport com.pulumi.gcp.compute.DiskArgs;\nimport com.pulumi.gcp.compute.Image;\nimport com.pulumi.gcp.compute.ImageArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var debian = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-12\")\n .project(\"debian-cloud\")\n .build());\n\n var persistent = new Disk(\"persistent\", DiskArgs.builder()\n .name(\"example-disk\")\n .image(debian.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .size(10)\n .type(\"pd-ssd\")\n .zone(\"us-central1-a\")\n .build());\n\n var example = new Image(\"example\", ImageArgs.builder()\n .name(\"example-sl-image\")\n .sourceDisk(persistent.id())\n .storageLocations(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n persistent:\n type: gcp:compute:Disk\n properties:\n name: example-disk\n image: ${debian.selfLink}\n size: 10\n type: pd-ssd\n zone: us-central1-a\n example:\n type: gcp:compute:Image\n properties:\n name: example-sl-image\n sourceDisk: ${persistent.id}\n storageLocations:\n - us-central1\nvariables:\n debian:\n fn::invoke:\n function: gcp:compute:getImage\n arguments:\n family: debian-12\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nImage can be imported using any of these accepted formats:\n\n* `projects/{{project}}/global/images/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Image can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/image:Image default projects/{{project}}/global/images/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/image:Image default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/image:Image default {{name}}\n```\n\n", "properties": { "archiveSizeBytes": { "type": "integer", @@ -164850,7 +164850,7 @@ } }, "gcp:compute/imageIamBinding:ImageIamBinding": { - "description": "Three different resources help you manage your IAM policy for Compute Engine Image. Each of these resources serves a different use case:\n\n* `gcp.compute.ImageIamPolicy`: Authoritative. Sets the IAM policy for the image and replaces any existing policy already attached.\n* `gcp.compute.ImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the image are preserved.\n* `gcp.compute.ImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the image are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.ImageIamPolicy`: Retrieves the IAM policy for the image\n\n\u003e **Note:** `gcp.compute.ImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.ImageIamBinding` and `gcp.compute.ImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.ImageIamBinding` resources **can be** used in conjunction with `gcp.compute.ImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.ImageIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.imageUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder()\n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.imageUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder()\n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.ImageIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.ImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.ImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(ImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.ImageIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.ImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.ImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .condition(ImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine Image\nThree different resources help you manage your IAM policy for Compute Engine Image. Each of these resources serves a different use case:\n\n* `gcp.compute.ImageIamPolicy`: Authoritative. Sets the IAM policy for the image and replaces any existing policy already attached.\n* `gcp.compute.ImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the image are preserved.\n* `gcp.compute.ImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the image are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.ImageIamPolicy`: Retrieves the IAM policy for the image\n\n\u003e **Note:** `gcp.compute.ImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.ImageIamBinding` and `gcp.compute.ImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.ImageIamBinding` resources **can be** used in conjunction with `gcp.compute.ImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.ImageIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.imageUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder()\n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.imageUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder()\n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.ImageIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.ImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.ImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(ImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.ImageIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.ImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.ImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .condition(ImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/images/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine image IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamBinding:ImageIamBinding editor \"projects/{{project}}/global/images/{{image}} roles/compute.imageUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamBinding:ImageIamBinding editor \"projects/{{project}}/global/images/{{image}} roles/compute.imageUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamBinding:ImageIamBinding editor projects/{{project}}/global/images/{{image}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine Image. Each of these resources serves a different use case:\n\n* `gcp.compute.ImageIamPolicy`: Authoritative. Sets the IAM policy for the image and replaces any existing policy already attached.\n* `gcp.compute.ImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the image are preserved.\n* `gcp.compute.ImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the image are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.ImageIamPolicy`: Retrieves the IAM policy for the image\n\n\u003e **Note:** `gcp.compute.ImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.ImageIamBinding` and `gcp.compute.ImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.ImageIamBinding` resources **can be** used in conjunction with `gcp.compute.ImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.ImageIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.imageUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder()\n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.imageUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder()\n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.ImageIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.ImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.ImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(ImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.ImageIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.ImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.ImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .condition(ImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine Image\nThree different resources help you manage your IAM policy for Compute Engine Image. Each of these resources serves a different use case:\n\n* `gcp.compute.ImageIamPolicy`: Authoritative. Sets the IAM policy for the image and replaces any existing policy already attached.\n* `gcp.compute.ImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the image are preserved.\n* `gcp.compute.ImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the image are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.ImageIamPolicy`: Retrieves the IAM policy for the image\n\n\u003e **Note:** `gcp.compute.ImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.ImageIamBinding` and `gcp.compute.ImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.ImageIamBinding` resources **can be** used in conjunction with `gcp.compute.ImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.ImageIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.imageUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder()\n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.imageUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder()\n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.ImageIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.ImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.ImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(ImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.ImageIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.ImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.ImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .condition(ImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/images/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine image IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamBinding:ImageIamBinding editor \"projects/{{project}}/global/images/{{image}} roles/compute.imageUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamBinding:ImageIamBinding editor \"projects/{{project}}/global/images/{{image}} roles/compute.imageUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamBinding:ImageIamBinding editor projects/{{project}}/global/images/{{image}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:compute/ImageIamBindingCondition:ImageIamBindingCondition", @@ -164960,7 +164960,7 @@ } }, "gcp:compute/imageIamMember:ImageIamMember": { - "description": "Three different resources help you manage your IAM policy for Compute Engine Image. Each of these resources serves a different use case:\n\n* `gcp.compute.ImageIamPolicy`: Authoritative. Sets the IAM policy for the image and replaces any existing policy already attached.\n* `gcp.compute.ImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the image are preserved.\n* `gcp.compute.ImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the image are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.ImageIamPolicy`: Retrieves the IAM policy for the image\n\n\u003e **Note:** `gcp.compute.ImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.ImageIamBinding` and `gcp.compute.ImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.ImageIamBinding` resources **can be** used in conjunction with `gcp.compute.ImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.ImageIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.imageUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder()\n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.imageUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder()\n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.ImageIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.ImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.ImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(ImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.ImageIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.ImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.ImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .condition(ImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine Image\nThree different resources help you manage your IAM policy for Compute Engine Image. Each of these resources serves a different use case:\n\n* `gcp.compute.ImageIamPolicy`: Authoritative. Sets the IAM policy for the image and replaces any existing policy already attached.\n* `gcp.compute.ImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the image are preserved.\n* `gcp.compute.ImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the image are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.ImageIamPolicy`: Retrieves the IAM policy for the image\n\n\u003e **Note:** `gcp.compute.ImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.ImageIamBinding` and `gcp.compute.ImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.ImageIamBinding` resources **can be** used in conjunction with `gcp.compute.ImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.ImageIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.imageUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder()\n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.imageUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder()\n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.ImageIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.ImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.ImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(ImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.ImageIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.ImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.ImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .condition(ImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/images/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine image IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamMember:ImageIamMember editor \"projects/{{project}}/global/images/{{image}} roles/compute.imageUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamMember:ImageIamMember editor \"projects/{{project}}/global/images/{{image}} roles/compute.imageUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamMember:ImageIamMember editor projects/{{project}}/global/images/{{image}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine Image. Each of these resources serves a different use case:\n\n* `gcp.compute.ImageIamPolicy`: Authoritative. Sets the IAM policy for the image and replaces any existing policy already attached.\n* `gcp.compute.ImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the image are preserved.\n* `gcp.compute.ImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the image are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.ImageIamPolicy`: Retrieves the IAM policy for the image\n\n\u003e **Note:** `gcp.compute.ImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.ImageIamBinding` and `gcp.compute.ImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.ImageIamBinding` resources **can be** used in conjunction with `gcp.compute.ImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.ImageIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.imageUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder()\n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.imageUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder()\n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.ImageIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.ImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.ImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(ImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.ImageIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.ImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.ImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .condition(ImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine Image\nThree different resources help you manage your IAM policy for Compute Engine Image. Each of these resources serves a different use case:\n\n* `gcp.compute.ImageIamPolicy`: Authoritative. Sets the IAM policy for the image and replaces any existing policy already attached.\n* `gcp.compute.ImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the image are preserved.\n* `gcp.compute.ImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the image are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.ImageIamPolicy`: Retrieves the IAM policy for the image\n\n\u003e **Note:** `gcp.compute.ImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.ImageIamBinding` and `gcp.compute.ImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.ImageIamBinding` resources **can be** used in conjunction with `gcp.compute.ImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.ImageIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.imageUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder()\n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.imageUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder()\n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.ImageIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.ImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.ImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(ImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.ImageIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.ImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.ImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .condition(ImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/images/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine image IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamMember:ImageIamMember editor \"projects/{{project}}/global/images/{{image}} roles/compute.imageUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamMember:ImageIamMember editor \"projects/{{project}}/global/images/{{image}} roles/compute.imageUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamMember:ImageIamMember editor projects/{{project}}/global/images/{{image}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:compute/ImageIamMemberCondition:ImageIamMemberCondition", @@ -165063,7 +165063,7 @@ } }, "gcp:compute/imageIamPolicy:ImageIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Compute Engine Image. Each of these resources serves a different use case:\n\n* `gcp.compute.ImageIamPolicy`: Authoritative. Sets the IAM policy for the image and replaces any existing policy already attached.\n* `gcp.compute.ImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the image are preserved.\n* `gcp.compute.ImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the image are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.ImageIamPolicy`: Retrieves the IAM policy for the image\n\n\u003e **Note:** `gcp.compute.ImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.ImageIamBinding` and `gcp.compute.ImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.ImageIamBinding` resources **can be** used in conjunction with `gcp.compute.ImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.ImageIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.imageUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder()\n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.imageUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder()\n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.ImageIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.ImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.ImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(ImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.ImageIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.ImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.ImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .condition(ImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine Image\nThree different resources help you manage your IAM policy for Compute Engine Image. Each of these resources serves a different use case:\n\n* `gcp.compute.ImageIamPolicy`: Authoritative. Sets the IAM policy for the image and replaces any existing policy already attached.\n* `gcp.compute.ImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the image are preserved.\n* `gcp.compute.ImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the image are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.ImageIamPolicy`: Retrieves the IAM policy for the image\n\n\u003e **Note:** `gcp.compute.ImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.ImageIamBinding` and `gcp.compute.ImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.ImageIamBinding` resources **can be** used in conjunction with `gcp.compute.ImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.ImageIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.imageUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder()\n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.imageUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder()\n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.ImageIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.ImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.ImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(ImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.ImageIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.ImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.ImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .condition(ImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/images/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine image IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamPolicy:ImageIamPolicy editor \"projects/{{project}}/global/images/{{image}} roles/compute.imageUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamPolicy:ImageIamPolicy editor \"projects/{{project}}/global/images/{{image}} roles/compute.imageUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamPolicy:ImageIamPolicy editor projects/{{project}}/global/images/{{image}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine Image. Each of these resources serves a different use case:\n\n* `gcp.compute.ImageIamPolicy`: Authoritative. Sets the IAM policy for the image and replaces any existing policy already attached.\n* `gcp.compute.ImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the image are preserved.\n* `gcp.compute.ImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the image are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.ImageIamPolicy`: Retrieves the IAM policy for the image\n\n\u003e **Note:** `gcp.compute.ImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.ImageIamBinding` and `gcp.compute.ImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.ImageIamBinding` resources **can be** used in conjunction with `gcp.compute.ImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.ImageIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.imageUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder()\n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.imageUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder()\n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.ImageIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.ImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.ImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(ImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.ImageIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.ImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.ImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .condition(ImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine Image\nThree different resources help you manage your IAM policy for Compute Engine Image. Each of these resources serves a different use case:\n\n* `gcp.compute.ImageIamPolicy`: Authoritative. Sets the IAM policy for the image and replaces any existing policy already attached.\n* `gcp.compute.ImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the image are preserved.\n* `gcp.compute.ImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the image are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.ImageIamPolicy`: Retrieves the IAM policy for the image\n\n\u003e **Note:** `gcp.compute.ImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.ImageIamBinding` and `gcp.compute.ImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.ImageIamBinding` resources **can be** used in conjunction with `gcp.compute.ImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.ImageIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.imageUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder()\n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.imageUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder()\n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.ImageIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.ImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.ImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(ImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.ImageIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.ImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.ImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder()\n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .condition(ImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/images/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine image IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamPolicy:ImageIamPolicy editor \"projects/{{project}}/global/images/{{image}} roles/compute.imageUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamPolicy:ImageIamPolicy editor \"projects/{{project}}/global/images/{{image}} roles/compute.imageUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamPolicy:ImageIamPolicy editor projects/{{project}}/global/images/{{image}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -167792,7 +167792,7 @@ } }, "gcp:compute/instanceIAMBinding:InstanceIAMBinding": { - "description": "Three different resources help you manage your IAM policy for Compute Engine Instance. Each of these resources serves a different use case:\n\n* `gcp.compute.InstanceIAMPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.compute.InstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.compute.InstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.InstanceIAMPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.compute.InstanceIAMPolicy` **cannot** be used in conjunction with `gcp.compute.InstanceIAMBinding` and `gcp.compute.InstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.InstanceIAMBinding` resources **can be** used in conjunction with `gcp.compute.InstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.InstanceIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.osLogin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.osLogin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.InstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.InstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.InstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(InstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.InstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.InstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.InstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .condition(InstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine Instance\nThree different resources help you manage your IAM policy for Compute Engine Instance. Each of these resources serves a different use case:\n\n* `gcp.compute.InstanceIAMPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.compute.InstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.compute.InstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.InstanceIAMPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.compute.InstanceIAMPolicy` **cannot** be used in conjunction with `gcp.compute.InstanceIAMBinding` and `gcp.compute.InstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.InstanceIAMBinding` resources **can be** used in conjunction with `gcp.compute.InstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.InstanceIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.osLogin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.osLogin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.InstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.InstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.InstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(InstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.InstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.InstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.InstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .condition(InstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/zones/{{zone}}/instances/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine instance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMBinding:InstanceIAMBinding editor \"projects/{{project}}/zones/{{zone}}/instances/{{instance}} roles/compute.osLogin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMBinding:InstanceIAMBinding editor \"projects/{{project}}/zones/{{zone}}/instances/{{instance}} roles/compute.osLogin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMBinding:InstanceIAMBinding editor projects/{{project}}/zones/{{zone}}/instances/{{instance}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine Instance. Each of these resources serves a different use case:\n\n* `gcp.compute.InstanceIAMPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.compute.InstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.compute.InstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.InstanceIAMPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.compute.InstanceIAMPolicy` **cannot** be used in conjunction with `gcp.compute.InstanceIAMBinding` and `gcp.compute.InstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.InstanceIAMBinding` resources **can be** used in conjunction with `gcp.compute.InstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.InstanceIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.osLogin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.osLogin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.InstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.InstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.InstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(InstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.InstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.InstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.InstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .condition(InstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine Instance\nThree different resources help you manage your IAM policy for Compute Engine Instance. Each of these resources serves a different use case:\n\n* `gcp.compute.InstanceIAMPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.compute.InstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.compute.InstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.InstanceIAMPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.compute.InstanceIAMPolicy` **cannot** be used in conjunction with `gcp.compute.InstanceIAMBinding` and `gcp.compute.InstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.InstanceIAMBinding` resources **can be** used in conjunction with `gcp.compute.InstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.InstanceIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.osLogin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.osLogin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.InstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.InstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.InstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(InstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.InstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.InstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.InstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .condition(InstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/zones/{{zone}}/instances/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine instance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMBinding:InstanceIAMBinding editor \"projects/{{project}}/zones/{{zone}}/instances/{{instance}} roles/compute.osLogin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMBinding:InstanceIAMBinding editor \"projects/{{project}}/zones/{{zone}}/instances/{{instance}} roles/compute.osLogin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMBinding:InstanceIAMBinding editor projects/{{project}}/zones/{{zone}}/instances/{{instance}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:compute/InstanceIAMBindingCondition:InstanceIAMBindingCondition", @@ -167917,7 +167917,7 @@ } }, "gcp:compute/instanceIAMMember:InstanceIAMMember": { - "description": "Three different resources help you manage your IAM policy for Compute Engine Instance. Each of these resources serves a different use case:\n\n* `gcp.compute.InstanceIAMPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.compute.InstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.compute.InstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.InstanceIAMPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.compute.InstanceIAMPolicy` **cannot** be used in conjunction with `gcp.compute.InstanceIAMBinding` and `gcp.compute.InstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.InstanceIAMBinding` resources **can be** used in conjunction with `gcp.compute.InstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.InstanceIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.osLogin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.osLogin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.InstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.InstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.InstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(InstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.InstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.InstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.InstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .condition(InstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine Instance\nThree different resources help you manage your IAM policy for Compute Engine Instance. Each of these resources serves a different use case:\n\n* `gcp.compute.InstanceIAMPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.compute.InstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.compute.InstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.InstanceIAMPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.compute.InstanceIAMPolicy` **cannot** be used in conjunction with `gcp.compute.InstanceIAMBinding` and `gcp.compute.InstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.InstanceIAMBinding` resources **can be** used in conjunction with `gcp.compute.InstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.InstanceIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.osLogin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.osLogin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.InstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.InstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.InstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(InstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.InstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.InstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.InstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .condition(InstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/zones/{{zone}}/instances/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine instance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMMember:InstanceIAMMember editor \"projects/{{project}}/zones/{{zone}}/instances/{{instance}} roles/compute.osLogin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMMember:InstanceIAMMember editor \"projects/{{project}}/zones/{{zone}}/instances/{{instance}} roles/compute.osLogin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMMember:InstanceIAMMember editor projects/{{project}}/zones/{{zone}}/instances/{{instance}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine Instance. Each of these resources serves a different use case:\n\n* `gcp.compute.InstanceIAMPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.compute.InstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.compute.InstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.InstanceIAMPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.compute.InstanceIAMPolicy` **cannot** be used in conjunction with `gcp.compute.InstanceIAMBinding` and `gcp.compute.InstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.InstanceIAMBinding` resources **can be** used in conjunction with `gcp.compute.InstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.InstanceIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.osLogin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.osLogin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.InstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.InstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.InstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(InstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.InstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.InstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.InstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .condition(InstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine Instance\nThree different resources help you manage your IAM policy for Compute Engine Instance. Each of these resources serves a different use case:\n\n* `gcp.compute.InstanceIAMPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.compute.InstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.compute.InstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.InstanceIAMPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.compute.InstanceIAMPolicy` **cannot** be used in conjunction with `gcp.compute.InstanceIAMBinding` and `gcp.compute.InstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.InstanceIAMBinding` resources **can be** used in conjunction with `gcp.compute.InstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.InstanceIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.osLogin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.osLogin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.InstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.InstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.InstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(InstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.InstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.InstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.InstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .condition(InstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/zones/{{zone}}/instances/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine instance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMMember:InstanceIAMMember editor \"projects/{{project}}/zones/{{zone}}/instances/{{instance}} roles/compute.osLogin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMMember:InstanceIAMMember editor \"projects/{{project}}/zones/{{zone}}/instances/{{instance}} roles/compute.osLogin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMMember:InstanceIAMMember editor projects/{{project}}/zones/{{zone}}/instances/{{instance}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:compute/InstanceIAMMemberCondition:InstanceIAMMemberCondition", @@ -168035,7 +168035,7 @@ } }, "gcp:compute/instanceIAMPolicy:InstanceIAMPolicy": { - "description": "Three different resources help you manage your IAM policy for Compute Engine Instance. Each of these resources serves a different use case:\n\n* `gcp.compute.InstanceIAMPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.compute.InstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.compute.InstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.InstanceIAMPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.compute.InstanceIAMPolicy` **cannot** be used in conjunction with `gcp.compute.InstanceIAMBinding` and `gcp.compute.InstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.InstanceIAMBinding` resources **can be** used in conjunction with `gcp.compute.InstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.InstanceIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.osLogin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.osLogin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.InstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.InstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.InstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(InstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.InstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.InstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.InstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .condition(InstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine Instance\nThree different resources help you manage your IAM policy for Compute Engine Instance. Each of these resources serves a different use case:\n\n* `gcp.compute.InstanceIAMPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.compute.InstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.compute.InstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.InstanceIAMPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.compute.InstanceIAMPolicy` **cannot** be used in conjunction with `gcp.compute.InstanceIAMBinding` and `gcp.compute.InstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.InstanceIAMBinding` resources **can be** used in conjunction with `gcp.compute.InstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.InstanceIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.osLogin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.osLogin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.InstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.InstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.InstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(InstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.InstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.InstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.InstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .condition(InstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/zones/{{zone}}/instances/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine instance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMPolicy:InstanceIAMPolicy editor \"projects/{{project}}/zones/{{zone}}/instances/{{instance}} roles/compute.osLogin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMPolicy:InstanceIAMPolicy editor \"projects/{{project}}/zones/{{zone}}/instances/{{instance}} roles/compute.osLogin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMPolicy:InstanceIAMPolicy editor projects/{{project}}/zones/{{zone}}/instances/{{instance}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine Instance. Each of these resources serves a different use case:\n\n* `gcp.compute.InstanceIAMPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.compute.InstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.compute.InstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.InstanceIAMPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.compute.InstanceIAMPolicy` **cannot** be used in conjunction with `gcp.compute.InstanceIAMBinding` and `gcp.compute.InstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.InstanceIAMBinding` resources **can be** used in conjunction with `gcp.compute.InstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.InstanceIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.osLogin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.osLogin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.InstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.InstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.InstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(InstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.InstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.InstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.InstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .condition(InstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine Instance\nThree different resources help you manage your IAM policy for Compute Engine Instance. Each of these resources serves a different use case:\n\n* `gcp.compute.InstanceIAMPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.compute.InstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.compute.InstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.InstanceIAMPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.compute.InstanceIAMPolicy` **cannot** be used in conjunction with `gcp.compute.InstanceIAMBinding` and `gcp.compute.InstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.InstanceIAMBinding` resources **can be** used in conjunction with `gcp.compute.InstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.InstanceIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.osLogin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.osLogin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.InstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.InstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.InstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(InstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.InstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.InstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.InstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .condition(InstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/zones/{{zone}}/instances/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine instance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMPolicy:InstanceIAMPolicy editor \"projects/{{project}}/zones/{{zone}}/instances/{{instance}} roles/compute.osLogin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMPolicy:InstanceIAMPolicy editor \"projects/{{project}}/zones/{{zone}}/instances/{{instance}} roles/compute.osLogin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMPolicy:InstanceIAMPolicy editor projects/{{project}}/zones/{{zone}}/instances/{{instance}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -168188,7 +168188,7 @@ } }, "gcp:compute/instanceTemplate:InstanceTemplate": { - "description": "\u003e **Note**: Global instance templates can be used in any region. To lower the impact of outages outside your region and gain data residency within your region, use google_compute_region_instance_template.\n\nManages a VM instance template resource within GCE. For more information see\n[the official documentation](https://cloud.google.com/compute/docs/instance-templates)\nand\n[API](https://cloud.google.com/compute/docs/reference/latest/instanceTemplates).\n\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.serviceaccount.Account(\"default\", {\n accountId: \"service-account-id\",\n displayName: \"Service Account\",\n});\nconst myImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst foobar = new gcp.compute.Disk(\"foobar\", {\n name: \"existing-disk\",\n image: myImage.then(myImage =\u003e myImage.selfLink),\n size: 10,\n type: \"pd-ssd\",\n zone: \"us-central1-a\",\n});\nconst dailyBackup = new gcp.compute.ResourcePolicy(\"daily_backup\", {\n name: \"every-day-4am\",\n region: \"us-central1\",\n snapshotSchedulePolicy: {\n schedule: {\n dailySchedule: {\n daysInCycle: 1,\n startTime: \"04:00\",\n },\n },\n },\n});\nconst defaultInstanceTemplate = new gcp.compute.InstanceTemplate(\"default\", {\n name: \"appserver-template\",\n description: \"This template is used to create app server instances.\",\n tags: [\n \"foo\",\n \"bar\",\n ],\n labels: {\n environment: \"dev\",\n },\n instanceDescription: \"description assigned to instances\",\n machineType: \"e2-medium\",\n canIpForward: false,\n scheduling: {\n automaticRestart: true,\n onHostMaintenance: \"MIGRATE\",\n },\n disks: [\n {\n sourceImage: \"debian-cloud/debian-11\",\n autoDelete: true,\n boot: true,\n resourcePolicies: dailyBackup.id,\n },\n {\n source: foobar.name,\n autoDelete: false,\n boot: false,\n },\n ],\n networkInterfaces: [{\n network: \"default\",\n }],\n metadata: {\n foo: \"bar\",\n },\n serviceAccount: {\n email: _default.email,\n scopes: [\"cloud-platform\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.serviceaccount.Account(\"default\",\n account_id=\"service-account-id\",\n display_name=\"Service Account\")\nmy_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\nfoobar = gcp.compute.Disk(\"foobar\",\n name=\"existing-disk\",\n image=my_image.self_link,\n size=10,\n type=\"pd-ssd\",\n zone=\"us-central1-a\")\ndaily_backup = gcp.compute.ResourcePolicy(\"daily_backup\",\n name=\"every-day-4am\",\n region=\"us-central1\",\n snapshot_schedule_policy={\n \"schedule\": {\n \"daily_schedule\": {\n \"days_in_cycle\": 1,\n \"start_time\": \"04:00\",\n },\n },\n })\ndefault_instance_template = gcp.compute.InstanceTemplate(\"default\",\n name=\"appserver-template\",\n description=\"This template is used to create app server instances.\",\n tags=[\n \"foo\",\n \"bar\",\n ],\n labels={\n \"environment\": \"dev\",\n },\n instance_description=\"description assigned to instances\",\n machine_type=\"e2-medium\",\n can_ip_forward=False,\n scheduling={\n \"automatic_restart\": True,\n \"on_host_maintenance\": \"MIGRATE\",\n },\n disks=[\n {\n \"source_image\": \"debian-cloud/debian-11\",\n \"auto_delete\": True,\n \"boot\": True,\n \"resource_policies\": daily_backup.id,\n },\n {\n \"source\": foobar.name,\n \"auto_delete\": False,\n \"boot\": False,\n },\n ],\n network_interfaces=[{\n \"network\": \"default\",\n }],\n metadata={\n \"foo\": \"bar\",\n },\n service_account={\n \"email\": default.email,\n \"scopes\": [\"cloud-platform\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.ServiceAccount.Account(\"default\", new()\n {\n AccountId = \"service-account-id\",\n DisplayName = \"Service Account\",\n });\n\n var myImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var foobar = new Gcp.Compute.Disk(\"foobar\", new()\n {\n Name = \"existing-disk\",\n Image = myImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n Size = 10,\n Type = \"pd-ssd\",\n Zone = \"us-central1-a\",\n });\n\n var dailyBackup = new Gcp.Compute.ResourcePolicy(\"daily_backup\", new()\n {\n Name = \"every-day-4am\",\n Region = \"us-central1\",\n SnapshotSchedulePolicy = new Gcp.Compute.Inputs.ResourcePolicySnapshotSchedulePolicyArgs\n {\n Schedule = new Gcp.Compute.Inputs.ResourcePolicySnapshotSchedulePolicyScheduleArgs\n {\n DailySchedule = new Gcp.Compute.Inputs.ResourcePolicySnapshotSchedulePolicyScheduleDailyScheduleArgs\n {\n DaysInCycle = 1,\n StartTime = \"04:00\",\n },\n },\n },\n });\n\n var defaultInstanceTemplate = new Gcp.Compute.InstanceTemplate(\"default\", new()\n {\n Name = \"appserver-template\",\n Description = \"This template is used to create app server instances.\",\n Tags = new[]\n {\n \"foo\",\n \"bar\",\n },\n Labels = \n {\n { \"environment\", \"dev\" },\n },\n InstanceDescription = \"description assigned to instances\",\n MachineType = \"e2-medium\",\n CanIpForward = false,\n Scheduling = new Gcp.Compute.Inputs.InstanceTemplateSchedulingArgs\n {\n AutomaticRestart = true,\n OnHostMaintenance = \"MIGRATE\",\n },\n Disks = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateDiskArgs\n {\n SourceImage = \"debian-cloud/debian-11\",\n AutoDelete = true,\n Boot = true,\n ResourcePolicies = dailyBackup.Id,\n },\n new Gcp.Compute.Inputs.InstanceTemplateDiskArgs\n {\n Source = foobar.Name,\n AutoDelete = false,\n Boot = false,\n },\n },\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs\n {\n Network = \"default\",\n },\n },\n Metadata = \n {\n { \"foo\", \"bar\" },\n },\n ServiceAccount = new Gcp.Compute.Inputs.InstanceTemplateServiceAccountArgs\n {\n Email = @default.Email,\n Scopes = new[]\n {\n \"cloud-platform\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := serviceaccount.NewAccount(ctx, \"default\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"service-account-id\"),\n\t\t\tDisplayName: pulumi.String(\"Service Account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoobar, err := compute.NewDisk(ctx, \"foobar\", \u0026compute.DiskArgs{\n\t\t\tName: pulumi.String(\"existing-disk\"),\n\t\t\tImage: pulumi.String(myImage.SelfLink),\n\t\t\tSize: pulumi.Int(10),\n\t\t\tType: pulumi.String(\"pd-ssd\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdailyBackup, err := compute.NewResourcePolicy(ctx, \"daily_backup\", \u0026compute.ResourcePolicyArgs{\n\t\t\tName: pulumi.String(\"every-day-4am\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tSnapshotSchedulePolicy: \u0026compute.ResourcePolicySnapshotSchedulePolicyArgs{\n\t\t\t\tSchedule: \u0026compute.ResourcePolicySnapshotSchedulePolicyScheduleArgs{\n\t\t\t\t\tDailySchedule: \u0026compute.ResourcePolicySnapshotSchedulePolicyScheduleDailyScheduleArgs{\n\t\t\t\t\t\tDaysInCycle: pulumi.Int(1),\n\t\t\t\t\t\tStartTime: pulumi.String(\"04:00\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceTemplate(ctx, \"default\", \u0026compute.InstanceTemplateArgs{\n\t\t\tName: pulumi.String(\"appserver-template\"),\n\t\t\tDescription: pulumi.String(\"This template is used to create app server instances.\"),\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"foo\"),\n\t\t\t\tpulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"environment\": pulumi.String(\"dev\"),\n\t\t\t},\n\t\t\tInstanceDescription: pulumi.String(\"description assigned to instances\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tCanIpForward: pulumi.Bool(false),\n\t\t\tScheduling: \u0026compute.InstanceTemplateSchedulingArgs{\n\t\t\t\tAutomaticRestart: pulumi.Bool(true),\n\t\t\t\tOnHostMaintenance: pulumi.String(\"MIGRATE\"),\n\t\t\t},\n\t\t\tDisks: compute.InstanceTemplateDiskArray{\n\t\t\t\t\u0026compute.InstanceTemplateDiskArgs{\n\t\t\t\t\tSourceImage: pulumi.String(\"debian-cloud/debian-11\"),\n\t\t\t\t\tAutoDelete: pulumi.Bool(true),\n\t\t\t\t\tBoot: pulumi.Bool(true),\n\t\t\t\t\tResourcePolicies: dailyBackup.ID(),\n\t\t\t\t},\n\t\t\t\t\u0026compute.InstanceTemplateDiskArgs{\n\t\t\t\t\tSource: foobar.Name,\n\t\t\t\t\tAutoDelete: pulumi.Bool(false),\n\t\t\t\t\tBoot: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceTemplateNetworkInterfaceArgs{\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tMetadata: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tServiceAccount: \u0026compute.InstanceTemplateServiceAccountArgs{\n\t\t\t\tEmail: _default.Email,\n\t\t\t\tScopes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"cloud-platform\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Disk;\nimport com.pulumi.gcp.compute.DiskArgs;\nimport com.pulumi.gcp.compute.ResourcePolicy;\nimport com.pulumi.gcp.compute.ResourcePolicyArgs;\nimport com.pulumi.gcp.compute.inputs.ResourcePolicySnapshotSchedulePolicyArgs;\nimport com.pulumi.gcp.compute.inputs.ResourcePolicySnapshotSchedulePolicyScheduleArgs;\nimport com.pulumi.gcp.compute.inputs.ResourcePolicySnapshotSchedulePolicyScheduleDailyScheduleArgs;\nimport com.pulumi.gcp.compute.InstanceTemplate;\nimport com.pulumi.gcp.compute.InstanceTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateSchedulingArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateServiceAccountArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Account(\"default\", AccountArgs.builder()\n .accountId(\"service-account-id\")\n .displayName(\"Service Account\")\n .build());\n\n final var myImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var foobar = new Disk(\"foobar\", DiskArgs.builder()\n .name(\"existing-disk\")\n .image(myImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .size(10)\n .type(\"pd-ssd\")\n .zone(\"us-central1-a\")\n .build());\n\n var dailyBackup = new ResourcePolicy(\"dailyBackup\", ResourcePolicyArgs.builder()\n .name(\"every-day-4am\")\n .region(\"us-central1\")\n .snapshotSchedulePolicy(ResourcePolicySnapshotSchedulePolicyArgs.builder()\n .schedule(ResourcePolicySnapshotSchedulePolicyScheduleArgs.builder()\n .dailySchedule(ResourcePolicySnapshotSchedulePolicyScheduleDailyScheduleArgs.builder()\n .daysInCycle(1)\n .startTime(\"04:00\")\n .build())\n .build())\n .build())\n .build());\n\n var defaultInstanceTemplate = new InstanceTemplate(\"defaultInstanceTemplate\", InstanceTemplateArgs.builder()\n .name(\"appserver-template\")\n .description(\"This template is used to create app server instances.\")\n .tags( \n \"foo\",\n \"bar\")\n .labels(Map.of(\"environment\", \"dev\"))\n .instanceDescription(\"description assigned to instances\")\n .machineType(\"e2-medium\")\n .canIpForward(false)\n .scheduling(InstanceTemplateSchedulingArgs.builder()\n .automaticRestart(true)\n .onHostMaintenance(\"MIGRATE\")\n .build())\n .disks( \n InstanceTemplateDiskArgs.builder()\n .sourceImage(\"debian-cloud/debian-11\")\n .autoDelete(true)\n .boot(true)\n .resourcePolicies(dailyBackup.id())\n .build(),\n InstanceTemplateDiskArgs.builder()\n .source(foobar.name())\n .autoDelete(false)\n .boot(false)\n .build())\n .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()\n .network(\"default\")\n .build())\n .metadata(Map.of(\"foo\", \"bar\"))\n .serviceAccount(InstanceTemplateServiceAccountArgs.builder()\n .email(default_.email())\n .scopes(\"cloud-platform\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:serviceaccount:Account\n properties:\n accountId: service-account-id\n displayName: Service Account\n defaultInstanceTemplate:\n type: gcp:compute:InstanceTemplate\n name: default\n properties:\n name: appserver-template\n description: This template is used to create app server instances.\n tags:\n - foo\n - bar\n labels:\n environment: dev\n instanceDescription: description assigned to instances\n machineType: e2-medium\n canIpForward: false\n scheduling:\n automaticRestart: true\n onHostMaintenance: MIGRATE\n disks:\n - sourceImage: debian-cloud/debian-11\n autoDelete: true\n boot: true\n resourcePolicies: ${dailyBackup.id}\n - source: ${foobar.name}\n autoDelete: false\n boot: false\n networkInterfaces:\n - network: default\n metadata:\n foo: bar\n serviceAccount:\n email: ${default.email}\n scopes:\n - cloud-platform\n foobar:\n type: gcp:compute:Disk\n properties:\n name: existing-disk\n image: ${myImage.selfLink}\n size: 10\n type: pd-ssd\n zone: us-central1-a\n dailyBackup:\n type: gcp:compute:ResourcePolicy\n name: daily_backup\n properties:\n name: every-day-4am\n region: us-central1\n snapshotSchedulePolicy:\n schedule:\n dailySchedule:\n daysInCycle: 1\n startTime: 04:00\nvariables:\n myImage:\n fn::invoke:\n Function: gcp:compute:getImage\n Arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Automatic Envoy Deployment\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getDefaultServiceAccount({});\nconst myImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst foobar = new gcp.compute.InstanceTemplate(\"foobar\", {\n name: \"appserver-template\",\n machineType: \"e2-medium\",\n canIpForward: false,\n tags: [\n \"foo\",\n \"bar\",\n ],\n disks: [{\n sourceImage: myImage.then(myImage =\u003e myImage.selfLink),\n autoDelete: true,\n boot: true,\n }],\n networkInterfaces: [{\n network: \"default\",\n }],\n scheduling: {\n preemptible: false,\n automaticRestart: true,\n },\n metadata: {\n \"gce-software-declaration\": `{\n \"softwareRecipes\": [{\n \"name\": \"install-gce-service-proxy-agent\",\n \"desired_state\": \"INSTALLED\",\n \"installSteps\": [{\n \"scriptRun\": {\n \"script\": \"#! /bin/bash\\\\nZONE=(curl --silent http://metadata.google.internal/computeMetadata/v1/instance/zone -H Metadata-Flavor:Google | cut -d/ -f4 )\\\\nexport SERVICE_PROXY_AGENT_DIRECTORY=(mktemp -d)\\\\nsudo gsutil cp gs://gce-service-proxy-\"ZONE\"/service-proxy-agent/releases/service-proxy-agent-0.2.tgz \"SERVICE_PROXY_AGENT_DIRECTORY\" || sudo gsutil cp gs://gce-service-proxy/service-proxy-agent/releases/service-proxy-agent-0.2.tgz \"SERVICE_PROXY_AGENT_DIRECTORY\"\\\\nsudo tar -xzf \"SERVICE_PROXY_AGENT_DIRECTORY\"/service-proxy-agent-0.2.tgz -C \"SERVICE_PROXY_AGENT_DIRECTORY\"\\\\n\"SERVICE_PROXY_AGENT_DIRECTORY\"/service-proxy-agent/service-proxy-agent-bootstrap.sh\"\n }\n }]\n }]\n}\n`,\n \"gce-service-proxy\": `{\n \"api-version\": \"0.2\",\n \"proxy-spec\": {\n \"proxy-port\": 15001,\n \"network\": \"my-network\",\n \"tracing\": \"ON\",\n \"access-log\": \"/var/log/envoy/access.log\"\n }\n \"service\": {\n \"serving-ports\": [80, 81]\n },\n \"labels\": {\n \"app_name\": \"bookserver_app\",\n \"app_version\": \"STABLE\"\n }\n}\n`,\n \"enable-guest-attributes\": \"true\",\n \"enable-osconfig\": \"true\",\n },\n serviceAccount: {\n email: _default.then(_default =\u003e _default.email),\n scopes: [\"cloud-platform\"],\n },\n labels: {\n \"gce-service-proxy\": \"on\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_default_service_account()\nmy_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\nfoobar = gcp.compute.InstanceTemplate(\"foobar\",\n name=\"appserver-template\",\n machine_type=\"e2-medium\",\n can_ip_forward=False,\n tags=[\n \"foo\",\n \"bar\",\n ],\n disks=[{\n \"source_image\": my_image.self_link,\n \"auto_delete\": True,\n \"boot\": True,\n }],\n network_interfaces=[{\n \"network\": \"default\",\n }],\n scheduling={\n \"preemptible\": False,\n \"automatic_restart\": True,\n },\n metadata={\n \"gce-software-declaration\": \"\"\"{\n \"softwareRecipes\": [{\n \"name\": \"install-gce-service-proxy-agent\",\n \"desired_state\": \"INSTALLED\",\n \"installSteps\": [{\n \"scriptRun\": {\n \"script\": \"#! /bin/bash\\nZONE=$(curl --silent http://metadata.google.internal/computeMetadata/v1/instance/zone -H Metadata-Flavor:Google | cut -d/ -f4 )\\nexport SERVICE_PROXY_AGENT_DIRECTORY=$(mktemp -d)\\nsudo gsutil cp gs://gce-service-proxy-\"$ZONE\"/service-proxy-agent/releases/service-proxy-agent-0.2.tgz \"$SERVICE_PROXY_AGENT_DIRECTORY\" || sudo gsutil cp gs://gce-service-proxy/service-proxy-agent/releases/service-proxy-agent-0.2.tgz \"$SERVICE_PROXY_AGENT_DIRECTORY\"\\nsudo tar -xzf \"$SERVICE_PROXY_AGENT_DIRECTORY\"/service-proxy-agent-0.2.tgz -C \"$SERVICE_PROXY_AGENT_DIRECTORY\"\\n\"$SERVICE_PROXY_AGENT_DIRECTORY\"/service-proxy-agent/service-proxy-agent-bootstrap.sh\"\n }\n }]\n }]\n}\n\"\"\",\n \"gce-service-proxy\": \"\"\"{\n \"api-version\": \"0.2\",\n \"proxy-spec\": {\n \"proxy-port\": 15001,\n \"network\": \"my-network\",\n \"tracing\": \"ON\",\n \"access-log\": \"/var/log/envoy/access.log\"\n }\n \"service\": {\n \"serving-ports\": [80, 81]\n },\n \"labels\": {\n \"app_name\": \"bookserver_app\",\n \"app_version\": \"STABLE\"\n }\n}\n\"\"\",\n \"enable-guest-attributes\": \"true\",\n \"enable-osconfig\": \"true\",\n },\n service_account={\n \"email\": default.email,\n \"scopes\": [\"cloud-platform\"],\n },\n labels={\n \"gce-service-proxy\": \"on\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetDefaultServiceAccount.Invoke();\n\n var myImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var foobar = new Gcp.Compute.InstanceTemplate(\"foobar\", new()\n {\n Name = \"appserver-template\",\n MachineType = \"e2-medium\",\n CanIpForward = false,\n Tags = new[]\n {\n \"foo\",\n \"bar\",\n },\n Disks = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateDiskArgs\n {\n SourceImage = myImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n AutoDelete = true,\n Boot = true,\n },\n },\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs\n {\n Network = \"default\",\n },\n },\n Scheduling = new Gcp.Compute.Inputs.InstanceTemplateSchedulingArgs\n {\n Preemptible = false,\n AutomaticRestart = true,\n },\n Metadata = \n {\n { \"gce-software-declaration\", @\"{\n \"\"softwareRecipes\"\": [{\n \"\"name\"\": \"\"install-gce-service-proxy-agent\"\",\n \"\"desired_state\"\": \"\"INSTALLED\"\",\n \"\"installSteps\"\": [{\n \"\"scriptRun\"\": {\n \"\"script\"\": \"\"#! /bin/bash\\nZONE=$(curl --silent http://metadata.google.internal/computeMetadata/v1/instance/zone -H Metadata-Flavor:Google | cut -d/ -f4 )\\nexport SERVICE_PROXY_AGENT_DIRECTORY=$(mktemp -d)\\nsudo gsutil cp gs://gce-service-proxy-\"\"$ZONE\"\"/service-proxy-agent/releases/service-proxy-agent-0.2.tgz \"\"$SERVICE_PROXY_AGENT_DIRECTORY\"\" || sudo gsutil cp gs://gce-service-proxy/service-proxy-agent/releases/service-proxy-agent-0.2.tgz \"\"$SERVICE_PROXY_AGENT_DIRECTORY\"\"\\nsudo tar -xzf \"\"$SERVICE_PROXY_AGENT_DIRECTORY\"\"/service-proxy-agent-0.2.tgz -C \"\"$SERVICE_PROXY_AGENT_DIRECTORY\"\"\\n\"\"$SERVICE_PROXY_AGENT_DIRECTORY\"\"/service-proxy-agent/service-proxy-agent-bootstrap.sh\"\"\n }\n }]\n }]\n}\n\" },\n { \"gce-service-proxy\", @\"{\n \"\"api-version\"\": \"\"0.2\"\",\n \"\"proxy-spec\"\": {\n \"\"proxy-port\"\": 15001,\n \"\"network\"\": \"\"my-network\"\",\n \"\"tracing\"\": \"\"ON\"\",\n \"\"access-log\"\": \"\"/var/log/envoy/access.log\"\"\n }\n \"\"service\"\": {\n \"\"serving-ports\"\": [80, 81]\n },\n \"\"labels\"\": {\n \"\"app_name\"\": \"\"bookserver_app\"\",\n \"\"app_version\"\": \"\"STABLE\"\"\n }\n}\n\" },\n { \"enable-guest-attributes\", \"true\" },\n { \"enable-osconfig\", \"true\" },\n },\n ServiceAccount = new Gcp.Compute.Inputs.InstanceTemplateServiceAccountArgs\n {\n Email = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Email)),\n Scopes = new[]\n {\n \"cloud-platform\",\n },\n },\n Labels = \n {\n { \"gce-service-proxy\", \"on\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.GetDefaultServiceAccount(ctx, \u0026compute.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceTemplate(ctx, \"foobar\", \u0026compute.InstanceTemplateArgs{\n\t\t\tName: pulumi.String(\"appserver-template\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tCanIpForward: pulumi.Bool(false),\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"foo\"),\n\t\t\t\tpulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tDisks: compute.InstanceTemplateDiskArray{\n\t\t\t\t\u0026compute.InstanceTemplateDiskArgs{\n\t\t\t\t\tSourceImage: pulumi.String(myImage.SelfLink),\n\t\t\t\t\tAutoDelete: pulumi.Bool(true),\n\t\t\t\t\tBoot: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceTemplateNetworkInterfaceArgs{\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tScheduling: \u0026compute.InstanceTemplateSchedulingArgs{\n\t\t\t\tPreemptible: pulumi.Bool(false),\n\t\t\t\tAutomaticRestart: pulumi.Bool(true),\n\t\t\t},\n\t\t\tMetadata: pulumi.StringMap{\n\t\t\t\t\"gce-software-declaration\": pulumi.String(`{\n \"softwareRecipes\": [{\n \"name\": \"install-gce-service-proxy-agent\",\n \"desired_state\": \"INSTALLED\",\n \"installSteps\": [{\n \"scriptRun\": {\n \"script\": \"#! /bin/bash\\nZONE=$(curl --silent http://metadata.google.internal/computeMetadata/v1/instance/zone -H Metadata-Flavor:Google | cut -d/ -f4 )\\nexport SERVICE_PROXY_AGENT_DIRECTORY=$(mktemp -d)\\nsudo gsutil cp gs://gce-service-proxy-\"$ZONE\"/service-proxy-agent/releases/service-proxy-agent-0.2.tgz \"$SERVICE_PROXY_AGENT_DIRECTORY\" || sudo gsutil cp gs://gce-service-proxy/service-proxy-agent/releases/service-proxy-agent-0.2.tgz \"$SERVICE_PROXY_AGENT_DIRECTORY\"\\nsudo tar -xzf \"$SERVICE_PROXY_AGENT_DIRECTORY\"/service-proxy-agent-0.2.tgz -C \"$SERVICE_PROXY_AGENT_DIRECTORY\"\\n\"$SERVICE_PROXY_AGENT_DIRECTORY\"/service-proxy-agent/service-proxy-agent-bootstrap.sh\"\n }\n }]\n }]\n}\n`),\n\t\t\t\t\"gce-service-proxy\": pulumi.String(`{\n \"api-version\": \"0.2\",\n \"proxy-spec\": {\n \"proxy-port\": 15001,\n \"network\": \"my-network\",\n \"tracing\": \"ON\",\n \"access-log\": \"/var/log/envoy/access.log\"\n }\n \"service\": {\n \"serving-ports\": [80, 81]\n },\n \"labels\": {\n \"app_name\": \"bookserver_app\",\n \"app_version\": \"STABLE\"\n }\n}\n`),\n\t\t\t\t\"enable-guest-attributes\": pulumi.String(\"true\"),\n\t\t\t\t\"enable-osconfig\": pulumi.String(\"true\"),\n\t\t\t},\n\t\t\tServiceAccount: \u0026compute.InstanceTemplateServiceAccountArgs{\n\t\t\t\tEmail: pulumi.String(_default.Email),\n\t\t\t\tScopes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"cloud-platform\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"gce-service-proxy\": pulumi.String(\"on\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.InstanceTemplate;\nimport com.pulumi.gcp.compute.InstanceTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateSchedulingArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateServiceAccountArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getDefaultServiceAccount();\n\n final var myImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var foobar = new InstanceTemplate(\"foobar\", InstanceTemplateArgs.builder()\n .name(\"appserver-template\")\n .machineType(\"e2-medium\")\n .canIpForward(false)\n .tags( \n \"foo\",\n \"bar\")\n .disks(InstanceTemplateDiskArgs.builder()\n .sourceImage(myImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .autoDelete(true)\n .boot(true)\n .build())\n .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()\n .network(\"default\")\n .build())\n .scheduling(InstanceTemplateSchedulingArgs.builder()\n .preemptible(false)\n .automaticRestart(true)\n .build())\n .metadata(Map.ofEntries(\n Map.entry(\"gce-software-declaration\", \"\"\"\n{\n \"softwareRecipes\": [{\n \"name\": \"install-gce-service-proxy-agent\",\n \"desired_state\": \"INSTALLED\",\n \"installSteps\": [{\n \"scriptRun\": {\n \"script\": \"#! /bin/bash\\nZONE=$(curl --silent http://metadata.google.internal/computeMetadata/v1/instance/zone -H Metadata-Flavor:Google | cut -d/ -f4 )\\nexport SERVICE_PROXY_AGENT_DIRECTORY=$(mktemp -d)\\nsudo gsutil cp gs://gce-service-proxy-\"$ZONE\"/service-proxy-agent/releases/service-proxy-agent-0.2.tgz \"$SERVICE_PROXY_AGENT_DIRECTORY\" || sudo gsutil cp gs://gce-service-proxy/service-proxy-agent/releases/service-proxy-agent-0.2.tgz \"$SERVICE_PROXY_AGENT_DIRECTORY\"\\nsudo tar -xzf \"$SERVICE_PROXY_AGENT_DIRECTORY\"/service-proxy-agent-0.2.tgz -C \"$SERVICE_PROXY_AGENT_DIRECTORY\"\\n\"$SERVICE_PROXY_AGENT_DIRECTORY\"/service-proxy-agent/service-proxy-agent-bootstrap.sh\"\n }\n }]\n }]\n}\n \"\"\"),\n Map.entry(\"gce-service-proxy\", \"\"\"\n{\n \"api-version\": \"0.2\",\n \"proxy-spec\": {\n \"proxy-port\": 15001,\n \"network\": \"my-network\",\n \"tracing\": \"ON\",\n \"access-log\": \"/var/log/envoy/access.log\"\n }\n \"service\": {\n \"serving-ports\": [80, 81]\n },\n \"labels\": {\n \"app_name\": \"bookserver_app\",\n \"app_version\": \"STABLE\"\n }\n}\n \"\"\"),\n Map.entry(\"enable-guest-attributes\", \"true\"),\n Map.entry(\"enable-osconfig\", \"true\")\n ))\n .serviceAccount(InstanceTemplateServiceAccountArgs.builder()\n .email(default_.email())\n .scopes(\"cloud-platform\")\n .build())\n .labels(Map.of(\"gce-service-proxy\", \"on\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foobar:\n type: gcp:compute:InstanceTemplate\n properties:\n name: appserver-template\n machineType: e2-medium\n canIpForward: false\n tags:\n - foo\n - bar\n disks:\n - sourceImage: ${myImage.selfLink}\n autoDelete: true\n boot: true\n networkInterfaces:\n - network: default\n scheduling:\n preemptible: false\n automaticRestart: true\n metadata:\n gce-software-declaration: |\n {\n \"softwareRecipes\": [{\n \"name\": \"install-gce-service-proxy-agent\",\n \"desired_state\": \"INSTALLED\",\n \"installSteps\": [{\n \"scriptRun\": {\n \"script\": \"#! /bin/bash\\nZONE=$(curl --silent http://metadata.google.internal/computeMetadata/v1/instance/zone -H Metadata-Flavor:Google | cut -d/ -f4 )\\nexport SERVICE_PROXY_AGENT_DIRECTORY=$(mktemp -d)\\nsudo gsutil cp gs://gce-service-proxy-\"$ZONE\"/service-proxy-agent/releases/service-proxy-agent-0.2.tgz \"$SERVICE_PROXY_AGENT_DIRECTORY\" || sudo gsutil cp gs://gce-service-proxy/service-proxy-agent/releases/service-proxy-agent-0.2.tgz \"$SERVICE_PROXY_AGENT_DIRECTORY\"\\nsudo tar -xzf \"$SERVICE_PROXY_AGENT_DIRECTORY\"/service-proxy-agent-0.2.tgz -C \"$SERVICE_PROXY_AGENT_DIRECTORY\"\\n\"$SERVICE_PROXY_AGENT_DIRECTORY\"/service-proxy-agent/service-proxy-agent-bootstrap.sh\"\n }\n }]\n }]\n }\n gce-service-proxy: |\n {\n \"api-version\": \"0.2\",\n \"proxy-spec\": {\n \"proxy-port\": 15001,\n \"network\": \"my-network\",\n \"tracing\": \"ON\",\n \"access-log\": \"/var/log/envoy/access.log\"\n }\n \"service\": {\n \"serving-ports\": [80, 81]\n },\n \"labels\": {\n \"app_name\": \"bookserver_app\",\n \"app_version\": \"STABLE\"\n }\n }\n enable-guest-attributes: 'true'\n enable-osconfig: 'true'\n serviceAccount:\n email: ${default.email}\n scopes:\n - cloud-platform\n labels:\n gce-service-proxy: on\nvariables:\n default:\n fn::invoke:\n Function: gcp:compute:getDefaultServiceAccount\n Arguments: {}\n myImage:\n fn::invoke:\n Function: gcp:compute:getImage\n Arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Confidential Computing\n\nExample with [Confidential Mode](https://cloud.google.com/confidential-computing/confidential-vm/docs/confidential-vm-overview) activated.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.serviceaccount.Account(\"default\", {\n accountId: \"my-custom-sa\",\n displayName: \"Custom SA for VM Instance\",\n});\nconst confidentialInstanceTemplate = new gcp.compute.InstanceTemplate(\"confidential_instance_template\", {\n networkInterfaces: [{\n accessConfigs: [{}],\n network: \"default\",\n }],\n name: \"my-confidential-instance-template\",\n region: \"us-central1\",\n machineType: \"n2d-standard-2\",\n minCpuPlatform: \"AMD Milan\",\n confidentialInstanceConfig: {\n enableConfidentialCompute: true,\n confidentialInstanceType: \"SEV\",\n },\n disks: [{\n sourceImage: \"ubuntu-os-cloud/ubuntu-2004-lts\",\n }],\n serviceAccount: {\n email: _default.email,\n scopes: [\"cloud-platform\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.serviceaccount.Account(\"default\",\n account_id=\"my-custom-sa\",\n display_name=\"Custom SA for VM Instance\")\nconfidential_instance_template = gcp.compute.InstanceTemplate(\"confidential_instance_template\",\n network_interfaces=[{\n \"access_configs\": [{}],\n \"network\": \"default\",\n }],\n name=\"my-confidential-instance-template\",\n region=\"us-central1\",\n machine_type=\"n2d-standard-2\",\n min_cpu_platform=\"AMD Milan\",\n confidential_instance_config={\n \"enable_confidential_compute\": True,\n \"confidential_instance_type\": \"SEV\",\n },\n disks=[{\n \"source_image\": \"ubuntu-os-cloud/ubuntu-2004-lts\",\n }],\n service_account={\n \"email\": default.email,\n \"scopes\": [\"cloud-platform\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.ServiceAccount.Account(\"default\", new()\n {\n AccountId = \"my-custom-sa\",\n DisplayName = \"Custom SA for VM Instance\",\n });\n\n var confidentialInstanceTemplate = new Gcp.Compute.InstanceTemplate(\"confidential_instance_template\", new()\n {\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs\n {\n AccessConfigs = new[]\n {\n null,\n },\n Network = \"default\",\n },\n },\n Name = \"my-confidential-instance-template\",\n Region = \"us-central1\",\n MachineType = \"n2d-standard-2\",\n MinCpuPlatform = \"AMD Milan\",\n ConfidentialInstanceConfig = new Gcp.Compute.Inputs.InstanceTemplateConfidentialInstanceConfigArgs\n {\n EnableConfidentialCompute = true,\n ConfidentialInstanceType = \"SEV\",\n },\n Disks = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateDiskArgs\n {\n SourceImage = \"ubuntu-os-cloud/ubuntu-2004-lts\",\n },\n },\n ServiceAccount = new Gcp.Compute.Inputs.InstanceTemplateServiceAccountArgs\n {\n Email = @default.Email,\n Scopes = new[]\n {\n \"cloud-platform\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := serviceaccount.NewAccount(ctx, \"default\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-custom-sa\"),\n\t\t\tDisplayName: pulumi.String(\"Custom SA for VM Instance\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceTemplate(ctx, \"confidential_instance_template\", \u0026compute.InstanceTemplateArgs{\n\t\t\tNetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceTemplateNetworkInterfaceArgs{\n\t\t\t\t\tAccessConfigs: compute.InstanceTemplateNetworkInterfaceAccessConfigArray{\n\t\t\t\t\t\t\u0026compute.InstanceTemplateNetworkInterfaceAccessConfigArgs{},\n\t\t\t\t\t},\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tName: pulumi.String(\"my-confidential-instance-template\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tMachineType: pulumi.String(\"n2d-standard-2\"),\n\t\t\tMinCpuPlatform: pulumi.String(\"AMD Milan\"),\n\t\t\tConfidentialInstanceConfig: \u0026compute.InstanceTemplateConfidentialInstanceConfigArgs{\n\t\t\t\tEnableConfidentialCompute: pulumi.Bool(true),\n\t\t\t\tConfidentialInstanceType: pulumi.String(\"SEV\"),\n\t\t\t},\n\t\t\tDisks: compute.InstanceTemplateDiskArray{\n\t\t\t\t\u0026compute.InstanceTemplateDiskArgs{\n\t\t\t\t\tSourceImage: pulumi.String(\"ubuntu-os-cloud/ubuntu-2004-lts\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tServiceAccount: \u0026compute.InstanceTemplateServiceAccountArgs{\n\t\t\t\tEmail: _default.Email,\n\t\t\t\tScopes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"cloud-platform\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.compute.InstanceTemplate;\nimport com.pulumi.gcp.compute.InstanceTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateConfidentialInstanceConfigArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateServiceAccountArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Account(\"default\", AccountArgs.builder()\n .accountId(\"my-custom-sa\")\n .displayName(\"Custom SA for VM Instance\")\n .build());\n\n var confidentialInstanceTemplate = new InstanceTemplate(\"confidentialInstanceTemplate\", InstanceTemplateArgs.builder()\n .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()\n .accessConfigs()\n .network(\"default\")\n .build())\n .name(\"my-confidential-instance-template\")\n .region(\"us-central1\")\n .machineType(\"n2d-standard-2\")\n .minCpuPlatform(\"AMD Milan\")\n .confidentialInstanceConfig(InstanceTemplateConfidentialInstanceConfigArgs.builder()\n .enableConfidentialCompute(true)\n .confidentialInstanceType(\"SEV\")\n .build())\n .disks(InstanceTemplateDiskArgs.builder()\n .sourceImage(\"ubuntu-os-cloud/ubuntu-2004-lts\")\n .build())\n .serviceAccount(InstanceTemplateServiceAccountArgs.builder()\n .email(default_.email())\n .scopes(\"cloud-platform\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-custom-sa\n displayName: Custom SA for VM Instance\n confidentialInstanceTemplate:\n type: gcp:compute:InstanceTemplate\n name: confidential_instance_template\n properties:\n networkInterfaces:\n - accessConfigs:\n - {}\n network: default\n name: my-confidential-instance-template\n region: us-central1\n machineType: n2d-standard-2\n minCpuPlatform: AMD Milan\n confidentialInstanceConfig:\n enableConfidentialCompute: true\n confidentialInstanceType: SEV\n disks:\n - sourceImage: ubuntu-os-cloud/ubuntu-2004-lts\n serviceAccount:\n email: ${default.email}\n scopes:\n - cloud-platform\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Deploying the Latest Image\n\nA common way to use instance templates and managed instance groups is to deploy the\nlatest image in a family, usually the latest build of your application. There are two\nways to do this in the provider, and they have their pros and cons. The difference ends\nup being in how \"latest\" is interpreted. You can either deploy the latest image available\nwhen the provider runs, or you can have each instance check what the latest image is when\nit's being created, either as part of a scaling event or being rebuilt by the instance\ngroup manager.\n\nIf you're not sure, we recommend deploying the latest image available when the provider runs,\nbecause this means all the instances in your group will be based on the same image, always,\nand means that no upgrades or changes to your instances happen outside of a `pulumi up`.\nYou can achieve this by using the `gcp.compute.Image`\ndata source, which will retrieve the latest image on every `pulumi apply`, and will update\nthe template to use that specific image:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst instanceTemplate = new gcp.compute.InstanceTemplate(\"instance_template\", {\n namePrefix: \"instance-template-\",\n machineType: \"e2-medium\",\n region: \"us-central1\",\n disks: [{\n sourceImage: myImage.then(myImage =\u003e myImage.selfLink),\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\ninstance_template = gcp.compute.InstanceTemplate(\"instance_template\",\n name_prefix=\"instance-template-\",\n machine_type=\"e2-medium\",\n region=\"us-central1\",\n disks=[{\n \"source_image\": my_image.self_link,\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var instanceTemplate = new Gcp.Compute.InstanceTemplate(\"instance_template\", new()\n {\n NamePrefix = \"instance-template-\",\n MachineType = \"e2-medium\",\n Region = \"us-central1\",\n Disks = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateDiskArgs\n {\n SourceImage = myImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceTemplate(ctx, \"instance_template\", \u0026compute.InstanceTemplateArgs{\n\t\t\tNamePrefix: pulumi.String(\"instance-template-\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tDisks: compute.InstanceTemplateDiskArray{\n\t\t\t\t\u0026compute.InstanceTemplateDiskArgs{\n\t\t\t\t\tSourceImage: pulumi.String(myImage.SelfLink),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.InstanceTemplate;\nimport com.pulumi.gcp.compute.InstanceTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var instanceTemplate = new InstanceTemplate(\"instanceTemplate\", InstanceTemplateArgs.builder()\n .namePrefix(\"instance-template-\")\n .machineType(\"e2-medium\")\n .region(\"us-central1\")\n .disks(InstanceTemplateDiskArgs.builder()\n .sourceImage(myImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instanceTemplate:\n type: gcp:compute:InstanceTemplate\n name: instance_template\n properties:\n namePrefix: instance-template-\n machineType: e2-medium\n region: us-central1\n disks:\n - sourceImage: ${myImage.selfLink}\nvariables:\n myImage:\n fn::invoke:\n Function: gcp:compute:getImage\n Arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nTo have instances update to the latest on every scaling event or instance re-creation,\nuse the family as the image for the disk, and it will use GCP's default behavior, setting\nthe image for the template to the family:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instanceTemplate = new gcp.compute.InstanceTemplate(\"instance_template\", {\n namePrefix: \"instance-template-\",\n machineType: \"e2-medium\",\n region: \"us-central1\",\n disks: [{\n sourceImage: \"debian-cloud/debian-11\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance_template = gcp.compute.InstanceTemplate(\"instance_template\",\n name_prefix=\"instance-template-\",\n machine_type=\"e2-medium\",\n region=\"us-central1\",\n disks=[{\n \"source_image\": \"debian-cloud/debian-11\",\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instanceTemplate = new Gcp.Compute.InstanceTemplate(\"instance_template\", new()\n {\n NamePrefix = \"instance-template-\",\n MachineType = \"e2-medium\",\n Region = \"us-central1\",\n Disks = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateDiskArgs\n {\n SourceImage = \"debian-cloud/debian-11\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceTemplate(ctx, \"instance_template\", \u0026compute.InstanceTemplateArgs{\n\t\t\tNamePrefix: pulumi.String(\"instance-template-\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tDisks: compute.InstanceTemplateDiskArray{\n\t\t\t\t\u0026compute.InstanceTemplateDiskArgs{\n\t\t\t\t\tSourceImage: pulumi.String(\"debian-cloud/debian-11\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceTemplate;\nimport com.pulumi.gcp.compute.InstanceTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instanceTemplate = new InstanceTemplate(\"instanceTemplate\", InstanceTemplateArgs.builder()\n .namePrefix(\"instance-template-\")\n .machineType(\"e2-medium\")\n .region(\"us-central1\")\n .disks(InstanceTemplateDiskArgs.builder()\n .sourceImage(\"debian-cloud/debian-11\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instanceTemplate:\n type: gcp:compute:InstanceTemplate\n name: instance_template\n properties:\n namePrefix: instance-template-\n machineType: e2-medium\n region: us-central1\n disks:\n - sourceImage: debian-cloud/debian-11\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInstance templates can be imported using any of these accepted formats:\n\n* `projects/{{project}}/global/instanceTemplates/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, instance templates can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/instanceTemplate:InstanceTemplate default projects/{{project}}/global/instanceTemplates/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/instanceTemplate:InstanceTemplate default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/instanceTemplate:InstanceTemplate default {{name}}\n```\n\n", + "description": "\u003e **Note**: Global instance templates can be used in any region. To lower the impact of outages outside your region and gain data residency within your region, use google_compute_region_instance_template.\n\nManages a VM instance template resource within GCE. For more information see\n[the official documentation](https://cloud.google.com/compute/docs/instance-templates)\nand\n[API](https://cloud.google.com/compute/docs/reference/latest/instanceTemplates).\n\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.serviceaccount.Account(\"default\", {\n accountId: \"service-account-id\",\n displayName: \"Service Account\",\n});\nconst myImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst foobar = new gcp.compute.Disk(\"foobar\", {\n name: \"existing-disk\",\n image: myImage.then(myImage =\u003e myImage.selfLink),\n size: 10,\n type: \"pd-ssd\",\n zone: \"us-central1-a\",\n});\nconst dailyBackup = new gcp.compute.ResourcePolicy(\"daily_backup\", {\n name: \"every-day-4am\",\n region: \"us-central1\",\n snapshotSchedulePolicy: {\n schedule: {\n dailySchedule: {\n daysInCycle: 1,\n startTime: \"04:00\",\n },\n },\n },\n});\nconst defaultInstanceTemplate = new gcp.compute.InstanceTemplate(\"default\", {\n name: \"appserver-template\",\n description: \"This template is used to create app server instances.\",\n tags: [\n \"foo\",\n \"bar\",\n ],\n labels: {\n environment: \"dev\",\n },\n instanceDescription: \"description assigned to instances\",\n machineType: \"e2-medium\",\n canIpForward: false,\n scheduling: {\n automaticRestart: true,\n onHostMaintenance: \"MIGRATE\",\n },\n disks: [\n {\n sourceImage: \"debian-cloud/debian-11\",\n autoDelete: true,\n boot: true,\n resourcePolicies: dailyBackup.id,\n },\n {\n source: foobar.name,\n autoDelete: false,\n boot: false,\n },\n ],\n networkInterfaces: [{\n network: \"default\",\n }],\n metadata: {\n foo: \"bar\",\n },\n serviceAccount: {\n email: _default.email,\n scopes: [\"cloud-platform\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.serviceaccount.Account(\"default\",\n account_id=\"service-account-id\",\n display_name=\"Service Account\")\nmy_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\nfoobar = gcp.compute.Disk(\"foobar\",\n name=\"existing-disk\",\n image=my_image.self_link,\n size=10,\n type=\"pd-ssd\",\n zone=\"us-central1-a\")\ndaily_backup = gcp.compute.ResourcePolicy(\"daily_backup\",\n name=\"every-day-4am\",\n region=\"us-central1\",\n snapshot_schedule_policy={\n \"schedule\": {\n \"daily_schedule\": {\n \"days_in_cycle\": 1,\n \"start_time\": \"04:00\",\n },\n },\n })\ndefault_instance_template = gcp.compute.InstanceTemplate(\"default\",\n name=\"appserver-template\",\n description=\"This template is used to create app server instances.\",\n tags=[\n \"foo\",\n \"bar\",\n ],\n labels={\n \"environment\": \"dev\",\n },\n instance_description=\"description assigned to instances\",\n machine_type=\"e2-medium\",\n can_ip_forward=False,\n scheduling={\n \"automatic_restart\": True,\n \"on_host_maintenance\": \"MIGRATE\",\n },\n disks=[\n {\n \"source_image\": \"debian-cloud/debian-11\",\n \"auto_delete\": True,\n \"boot\": True,\n \"resource_policies\": daily_backup.id,\n },\n {\n \"source\": foobar.name,\n \"auto_delete\": False,\n \"boot\": False,\n },\n ],\n network_interfaces=[{\n \"network\": \"default\",\n }],\n metadata={\n \"foo\": \"bar\",\n },\n service_account={\n \"email\": default.email,\n \"scopes\": [\"cloud-platform\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.ServiceAccount.Account(\"default\", new()\n {\n AccountId = \"service-account-id\",\n DisplayName = \"Service Account\",\n });\n\n var myImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var foobar = new Gcp.Compute.Disk(\"foobar\", new()\n {\n Name = \"existing-disk\",\n Image = myImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n Size = 10,\n Type = \"pd-ssd\",\n Zone = \"us-central1-a\",\n });\n\n var dailyBackup = new Gcp.Compute.ResourcePolicy(\"daily_backup\", new()\n {\n Name = \"every-day-4am\",\n Region = \"us-central1\",\n SnapshotSchedulePolicy = new Gcp.Compute.Inputs.ResourcePolicySnapshotSchedulePolicyArgs\n {\n Schedule = new Gcp.Compute.Inputs.ResourcePolicySnapshotSchedulePolicyScheduleArgs\n {\n DailySchedule = new Gcp.Compute.Inputs.ResourcePolicySnapshotSchedulePolicyScheduleDailyScheduleArgs\n {\n DaysInCycle = 1,\n StartTime = \"04:00\",\n },\n },\n },\n });\n\n var defaultInstanceTemplate = new Gcp.Compute.InstanceTemplate(\"default\", new()\n {\n Name = \"appserver-template\",\n Description = \"This template is used to create app server instances.\",\n Tags = new[]\n {\n \"foo\",\n \"bar\",\n },\n Labels = \n {\n { \"environment\", \"dev\" },\n },\n InstanceDescription = \"description assigned to instances\",\n MachineType = \"e2-medium\",\n CanIpForward = false,\n Scheduling = new Gcp.Compute.Inputs.InstanceTemplateSchedulingArgs\n {\n AutomaticRestart = true,\n OnHostMaintenance = \"MIGRATE\",\n },\n Disks = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateDiskArgs\n {\n SourceImage = \"debian-cloud/debian-11\",\n AutoDelete = true,\n Boot = true,\n ResourcePolicies = dailyBackup.Id,\n },\n new Gcp.Compute.Inputs.InstanceTemplateDiskArgs\n {\n Source = foobar.Name,\n AutoDelete = false,\n Boot = false,\n },\n },\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs\n {\n Network = \"default\",\n },\n },\n Metadata = \n {\n { \"foo\", \"bar\" },\n },\n ServiceAccount = new Gcp.Compute.Inputs.InstanceTemplateServiceAccountArgs\n {\n Email = @default.Email,\n Scopes = new[]\n {\n \"cloud-platform\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := serviceaccount.NewAccount(ctx, \"default\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"service-account-id\"),\n\t\t\tDisplayName: pulumi.String(\"Service Account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoobar, err := compute.NewDisk(ctx, \"foobar\", \u0026compute.DiskArgs{\n\t\t\tName: pulumi.String(\"existing-disk\"),\n\t\t\tImage: pulumi.String(myImage.SelfLink),\n\t\t\tSize: pulumi.Int(10),\n\t\t\tType: pulumi.String(\"pd-ssd\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdailyBackup, err := compute.NewResourcePolicy(ctx, \"daily_backup\", \u0026compute.ResourcePolicyArgs{\n\t\t\tName: pulumi.String(\"every-day-4am\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tSnapshotSchedulePolicy: \u0026compute.ResourcePolicySnapshotSchedulePolicyArgs{\n\t\t\t\tSchedule: \u0026compute.ResourcePolicySnapshotSchedulePolicyScheduleArgs{\n\t\t\t\t\tDailySchedule: \u0026compute.ResourcePolicySnapshotSchedulePolicyScheduleDailyScheduleArgs{\n\t\t\t\t\t\tDaysInCycle: pulumi.Int(1),\n\t\t\t\t\t\tStartTime: pulumi.String(\"04:00\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceTemplate(ctx, \"default\", \u0026compute.InstanceTemplateArgs{\n\t\t\tName: pulumi.String(\"appserver-template\"),\n\t\t\tDescription: pulumi.String(\"This template is used to create app server instances.\"),\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"foo\"),\n\t\t\t\tpulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"environment\": pulumi.String(\"dev\"),\n\t\t\t},\n\t\t\tInstanceDescription: pulumi.String(\"description assigned to instances\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tCanIpForward: pulumi.Bool(false),\n\t\t\tScheduling: \u0026compute.InstanceTemplateSchedulingArgs{\n\t\t\t\tAutomaticRestart: pulumi.Bool(true),\n\t\t\t\tOnHostMaintenance: pulumi.String(\"MIGRATE\"),\n\t\t\t},\n\t\t\tDisks: compute.InstanceTemplateDiskArray{\n\t\t\t\t\u0026compute.InstanceTemplateDiskArgs{\n\t\t\t\t\tSourceImage: pulumi.String(\"debian-cloud/debian-11\"),\n\t\t\t\t\tAutoDelete: pulumi.Bool(true),\n\t\t\t\t\tBoot: pulumi.Bool(true),\n\t\t\t\t\tResourcePolicies: dailyBackup.ID(),\n\t\t\t\t},\n\t\t\t\t\u0026compute.InstanceTemplateDiskArgs{\n\t\t\t\t\tSource: foobar.Name,\n\t\t\t\t\tAutoDelete: pulumi.Bool(false),\n\t\t\t\t\tBoot: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceTemplateNetworkInterfaceArgs{\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tMetadata: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tServiceAccount: \u0026compute.InstanceTemplateServiceAccountArgs{\n\t\t\t\tEmail: _default.Email,\n\t\t\t\tScopes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"cloud-platform\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Disk;\nimport com.pulumi.gcp.compute.DiskArgs;\nimport com.pulumi.gcp.compute.ResourcePolicy;\nimport com.pulumi.gcp.compute.ResourcePolicyArgs;\nimport com.pulumi.gcp.compute.inputs.ResourcePolicySnapshotSchedulePolicyArgs;\nimport com.pulumi.gcp.compute.inputs.ResourcePolicySnapshotSchedulePolicyScheduleArgs;\nimport com.pulumi.gcp.compute.inputs.ResourcePolicySnapshotSchedulePolicyScheduleDailyScheduleArgs;\nimport com.pulumi.gcp.compute.InstanceTemplate;\nimport com.pulumi.gcp.compute.InstanceTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateSchedulingArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateServiceAccountArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Account(\"default\", AccountArgs.builder()\n .accountId(\"service-account-id\")\n .displayName(\"Service Account\")\n .build());\n\n final var myImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var foobar = new Disk(\"foobar\", DiskArgs.builder()\n .name(\"existing-disk\")\n .image(myImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .size(10)\n .type(\"pd-ssd\")\n .zone(\"us-central1-a\")\n .build());\n\n var dailyBackup = new ResourcePolicy(\"dailyBackup\", ResourcePolicyArgs.builder()\n .name(\"every-day-4am\")\n .region(\"us-central1\")\n .snapshotSchedulePolicy(ResourcePolicySnapshotSchedulePolicyArgs.builder()\n .schedule(ResourcePolicySnapshotSchedulePolicyScheduleArgs.builder()\n .dailySchedule(ResourcePolicySnapshotSchedulePolicyScheduleDailyScheduleArgs.builder()\n .daysInCycle(1)\n .startTime(\"04:00\")\n .build())\n .build())\n .build())\n .build());\n\n var defaultInstanceTemplate = new InstanceTemplate(\"defaultInstanceTemplate\", InstanceTemplateArgs.builder()\n .name(\"appserver-template\")\n .description(\"This template is used to create app server instances.\")\n .tags( \n \"foo\",\n \"bar\")\n .labels(Map.of(\"environment\", \"dev\"))\n .instanceDescription(\"description assigned to instances\")\n .machineType(\"e2-medium\")\n .canIpForward(false)\n .scheduling(InstanceTemplateSchedulingArgs.builder()\n .automaticRestart(true)\n .onHostMaintenance(\"MIGRATE\")\n .build())\n .disks( \n InstanceTemplateDiskArgs.builder()\n .sourceImage(\"debian-cloud/debian-11\")\n .autoDelete(true)\n .boot(true)\n .resourcePolicies(dailyBackup.id())\n .build(),\n InstanceTemplateDiskArgs.builder()\n .source(foobar.name())\n .autoDelete(false)\n .boot(false)\n .build())\n .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()\n .network(\"default\")\n .build())\n .metadata(Map.of(\"foo\", \"bar\"))\n .serviceAccount(InstanceTemplateServiceAccountArgs.builder()\n .email(default_.email())\n .scopes(\"cloud-platform\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:serviceaccount:Account\n properties:\n accountId: service-account-id\n displayName: Service Account\n defaultInstanceTemplate:\n type: gcp:compute:InstanceTemplate\n name: default\n properties:\n name: appserver-template\n description: This template is used to create app server instances.\n tags:\n - foo\n - bar\n labels:\n environment: dev\n instanceDescription: description assigned to instances\n machineType: e2-medium\n canIpForward: false\n scheduling:\n automaticRestart: true\n onHostMaintenance: MIGRATE\n disks:\n - sourceImage: debian-cloud/debian-11\n autoDelete: true\n boot: true\n resourcePolicies: ${dailyBackup.id}\n - source: ${foobar.name}\n autoDelete: false\n boot: false\n networkInterfaces:\n - network: default\n metadata:\n foo: bar\n serviceAccount:\n email: ${default.email}\n scopes:\n - cloud-platform\n foobar:\n type: gcp:compute:Disk\n properties:\n name: existing-disk\n image: ${myImage.selfLink}\n size: 10\n type: pd-ssd\n zone: us-central1-a\n dailyBackup:\n type: gcp:compute:ResourcePolicy\n name: daily_backup\n properties:\n name: every-day-4am\n region: us-central1\n snapshotSchedulePolicy:\n schedule:\n dailySchedule:\n daysInCycle: 1\n startTime: 04:00\nvariables:\n myImage:\n fn::invoke:\n function: gcp:compute:getImage\n arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Automatic Envoy Deployment\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getDefaultServiceAccount({});\nconst myImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst foobar = new gcp.compute.InstanceTemplate(\"foobar\", {\n name: \"appserver-template\",\n machineType: \"e2-medium\",\n canIpForward: false,\n tags: [\n \"foo\",\n \"bar\",\n ],\n disks: [{\n sourceImage: myImage.then(myImage =\u003e myImage.selfLink),\n autoDelete: true,\n boot: true,\n }],\n networkInterfaces: [{\n network: \"default\",\n }],\n scheduling: {\n preemptible: false,\n automaticRestart: true,\n },\n metadata: {\n \"gce-software-declaration\": `{\n \"softwareRecipes\": [{\n \"name\": \"install-gce-service-proxy-agent\",\n \"desired_state\": \"INSTALLED\",\n \"installSteps\": [{\n \"scriptRun\": {\n \"script\": \"#! /bin/bash\\\\nZONE=(curl --silent http://metadata.google.internal/computeMetadata/v1/instance/zone -H Metadata-Flavor:Google | cut -d/ -f4 )\\\\nexport SERVICE_PROXY_AGENT_DIRECTORY=(mktemp -d)\\\\nsudo gsutil cp gs://gce-service-proxy-\"ZONE\"/service-proxy-agent/releases/service-proxy-agent-0.2.tgz \"SERVICE_PROXY_AGENT_DIRECTORY\" || sudo gsutil cp gs://gce-service-proxy/service-proxy-agent/releases/service-proxy-agent-0.2.tgz \"SERVICE_PROXY_AGENT_DIRECTORY\"\\\\nsudo tar -xzf \"SERVICE_PROXY_AGENT_DIRECTORY\"/service-proxy-agent-0.2.tgz -C \"SERVICE_PROXY_AGENT_DIRECTORY\"\\\\n\"SERVICE_PROXY_AGENT_DIRECTORY\"/service-proxy-agent/service-proxy-agent-bootstrap.sh\"\n }\n }]\n }]\n}\n`,\n \"gce-service-proxy\": `{\n \"api-version\": \"0.2\",\n \"proxy-spec\": {\n \"proxy-port\": 15001,\n \"network\": \"my-network\",\n \"tracing\": \"ON\",\n \"access-log\": \"/var/log/envoy/access.log\"\n }\n \"service\": {\n \"serving-ports\": [80, 81]\n },\n \"labels\": {\n \"app_name\": \"bookserver_app\",\n \"app_version\": \"STABLE\"\n }\n}\n`,\n \"enable-guest-attributes\": \"true\",\n \"enable-osconfig\": \"true\",\n },\n serviceAccount: {\n email: _default.then(_default =\u003e _default.email),\n scopes: [\"cloud-platform\"],\n },\n labels: {\n \"gce-service-proxy\": \"on\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_default_service_account()\nmy_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\nfoobar = gcp.compute.InstanceTemplate(\"foobar\",\n name=\"appserver-template\",\n machine_type=\"e2-medium\",\n can_ip_forward=False,\n tags=[\n \"foo\",\n \"bar\",\n ],\n disks=[{\n \"source_image\": my_image.self_link,\n \"auto_delete\": True,\n \"boot\": True,\n }],\n network_interfaces=[{\n \"network\": \"default\",\n }],\n scheduling={\n \"preemptible\": False,\n \"automatic_restart\": True,\n },\n metadata={\n \"gce-software-declaration\": \"\"\"{\n \"softwareRecipes\": [{\n \"name\": \"install-gce-service-proxy-agent\",\n \"desired_state\": \"INSTALLED\",\n \"installSteps\": [{\n \"scriptRun\": {\n \"script\": \"#! /bin/bash\\nZONE=$(curl --silent http://metadata.google.internal/computeMetadata/v1/instance/zone -H Metadata-Flavor:Google | cut -d/ -f4 )\\nexport SERVICE_PROXY_AGENT_DIRECTORY=$(mktemp -d)\\nsudo gsutil cp gs://gce-service-proxy-\"$ZONE\"/service-proxy-agent/releases/service-proxy-agent-0.2.tgz \"$SERVICE_PROXY_AGENT_DIRECTORY\" || sudo gsutil cp gs://gce-service-proxy/service-proxy-agent/releases/service-proxy-agent-0.2.tgz \"$SERVICE_PROXY_AGENT_DIRECTORY\"\\nsudo tar -xzf \"$SERVICE_PROXY_AGENT_DIRECTORY\"/service-proxy-agent-0.2.tgz -C \"$SERVICE_PROXY_AGENT_DIRECTORY\"\\n\"$SERVICE_PROXY_AGENT_DIRECTORY\"/service-proxy-agent/service-proxy-agent-bootstrap.sh\"\n }\n }]\n }]\n}\n\"\"\",\n \"gce-service-proxy\": \"\"\"{\n \"api-version\": \"0.2\",\n \"proxy-spec\": {\n \"proxy-port\": 15001,\n \"network\": \"my-network\",\n \"tracing\": \"ON\",\n \"access-log\": \"/var/log/envoy/access.log\"\n }\n \"service\": {\n \"serving-ports\": [80, 81]\n },\n \"labels\": {\n \"app_name\": \"bookserver_app\",\n \"app_version\": \"STABLE\"\n }\n}\n\"\"\",\n \"enable-guest-attributes\": \"true\",\n \"enable-osconfig\": \"true\",\n },\n service_account={\n \"email\": default.email,\n \"scopes\": [\"cloud-platform\"],\n },\n labels={\n \"gce-service-proxy\": \"on\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetDefaultServiceAccount.Invoke();\n\n var myImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var foobar = new Gcp.Compute.InstanceTemplate(\"foobar\", new()\n {\n Name = \"appserver-template\",\n MachineType = \"e2-medium\",\n CanIpForward = false,\n Tags = new[]\n {\n \"foo\",\n \"bar\",\n },\n Disks = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateDiskArgs\n {\n SourceImage = myImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n AutoDelete = true,\n Boot = true,\n },\n },\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs\n {\n Network = \"default\",\n },\n },\n Scheduling = new Gcp.Compute.Inputs.InstanceTemplateSchedulingArgs\n {\n Preemptible = false,\n AutomaticRestart = true,\n },\n Metadata = \n {\n { \"gce-software-declaration\", @\"{\n \"\"softwareRecipes\"\": [{\n \"\"name\"\": \"\"install-gce-service-proxy-agent\"\",\n \"\"desired_state\"\": \"\"INSTALLED\"\",\n \"\"installSteps\"\": [{\n \"\"scriptRun\"\": {\n \"\"script\"\": \"\"#! /bin/bash\\nZONE=$(curl --silent http://metadata.google.internal/computeMetadata/v1/instance/zone -H Metadata-Flavor:Google | cut -d/ -f4 )\\nexport SERVICE_PROXY_AGENT_DIRECTORY=$(mktemp -d)\\nsudo gsutil cp gs://gce-service-proxy-\"\"$ZONE\"\"/service-proxy-agent/releases/service-proxy-agent-0.2.tgz \"\"$SERVICE_PROXY_AGENT_DIRECTORY\"\" || sudo gsutil cp gs://gce-service-proxy/service-proxy-agent/releases/service-proxy-agent-0.2.tgz \"\"$SERVICE_PROXY_AGENT_DIRECTORY\"\"\\nsudo tar -xzf \"\"$SERVICE_PROXY_AGENT_DIRECTORY\"\"/service-proxy-agent-0.2.tgz -C \"\"$SERVICE_PROXY_AGENT_DIRECTORY\"\"\\n\"\"$SERVICE_PROXY_AGENT_DIRECTORY\"\"/service-proxy-agent/service-proxy-agent-bootstrap.sh\"\"\n }\n }]\n }]\n}\n\" },\n { \"gce-service-proxy\", @\"{\n \"\"api-version\"\": \"\"0.2\"\",\n \"\"proxy-spec\"\": {\n \"\"proxy-port\"\": 15001,\n \"\"network\"\": \"\"my-network\"\",\n \"\"tracing\"\": \"\"ON\"\",\n \"\"access-log\"\": \"\"/var/log/envoy/access.log\"\"\n }\n \"\"service\"\": {\n \"\"serving-ports\"\": [80, 81]\n },\n \"\"labels\"\": {\n \"\"app_name\"\": \"\"bookserver_app\"\",\n \"\"app_version\"\": \"\"STABLE\"\"\n }\n}\n\" },\n { \"enable-guest-attributes\", \"true\" },\n { \"enable-osconfig\", \"true\" },\n },\n ServiceAccount = new Gcp.Compute.Inputs.InstanceTemplateServiceAccountArgs\n {\n Email = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Email)),\n Scopes = new[]\n {\n \"cloud-platform\",\n },\n },\n Labels = \n {\n { \"gce-service-proxy\", \"on\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.GetDefaultServiceAccount(ctx, \u0026compute.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceTemplate(ctx, \"foobar\", \u0026compute.InstanceTemplateArgs{\n\t\t\tName: pulumi.String(\"appserver-template\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tCanIpForward: pulumi.Bool(false),\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"foo\"),\n\t\t\t\tpulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tDisks: compute.InstanceTemplateDiskArray{\n\t\t\t\t\u0026compute.InstanceTemplateDiskArgs{\n\t\t\t\t\tSourceImage: pulumi.String(myImage.SelfLink),\n\t\t\t\t\tAutoDelete: pulumi.Bool(true),\n\t\t\t\t\tBoot: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceTemplateNetworkInterfaceArgs{\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tScheduling: \u0026compute.InstanceTemplateSchedulingArgs{\n\t\t\t\tPreemptible: pulumi.Bool(false),\n\t\t\t\tAutomaticRestart: pulumi.Bool(true),\n\t\t\t},\n\t\t\tMetadata: pulumi.StringMap{\n\t\t\t\t\"gce-software-declaration\": pulumi.String(`{\n \"softwareRecipes\": [{\n \"name\": \"install-gce-service-proxy-agent\",\n \"desired_state\": \"INSTALLED\",\n \"installSteps\": [{\n \"scriptRun\": {\n \"script\": \"#! /bin/bash\\nZONE=$(curl --silent http://metadata.google.internal/computeMetadata/v1/instance/zone -H Metadata-Flavor:Google | cut -d/ -f4 )\\nexport SERVICE_PROXY_AGENT_DIRECTORY=$(mktemp -d)\\nsudo gsutil cp gs://gce-service-proxy-\"$ZONE\"/service-proxy-agent/releases/service-proxy-agent-0.2.tgz \"$SERVICE_PROXY_AGENT_DIRECTORY\" || sudo gsutil cp gs://gce-service-proxy/service-proxy-agent/releases/service-proxy-agent-0.2.tgz \"$SERVICE_PROXY_AGENT_DIRECTORY\"\\nsudo tar -xzf \"$SERVICE_PROXY_AGENT_DIRECTORY\"/service-proxy-agent-0.2.tgz -C \"$SERVICE_PROXY_AGENT_DIRECTORY\"\\n\"$SERVICE_PROXY_AGENT_DIRECTORY\"/service-proxy-agent/service-proxy-agent-bootstrap.sh\"\n }\n }]\n }]\n}\n`),\n\t\t\t\t\"gce-service-proxy\": pulumi.String(`{\n \"api-version\": \"0.2\",\n \"proxy-spec\": {\n \"proxy-port\": 15001,\n \"network\": \"my-network\",\n \"tracing\": \"ON\",\n \"access-log\": \"/var/log/envoy/access.log\"\n }\n \"service\": {\n \"serving-ports\": [80, 81]\n },\n \"labels\": {\n \"app_name\": \"bookserver_app\",\n \"app_version\": \"STABLE\"\n }\n}\n`),\n\t\t\t\t\"enable-guest-attributes\": pulumi.String(\"true\"),\n\t\t\t\t\"enable-osconfig\": pulumi.String(\"true\"),\n\t\t\t},\n\t\t\tServiceAccount: \u0026compute.InstanceTemplateServiceAccountArgs{\n\t\t\t\tEmail: pulumi.String(_default.Email),\n\t\t\t\tScopes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"cloud-platform\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"gce-service-proxy\": pulumi.String(\"on\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.InstanceTemplate;\nimport com.pulumi.gcp.compute.InstanceTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateSchedulingArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateServiceAccountArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getDefaultServiceAccount();\n\n final var myImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var foobar = new InstanceTemplate(\"foobar\", InstanceTemplateArgs.builder()\n .name(\"appserver-template\")\n .machineType(\"e2-medium\")\n .canIpForward(false)\n .tags( \n \"foo\",\n \"bar\")\n .disks(InstanceTemplateDiskArgs.builder()\n .sourceImage(myImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .autoDelete(true)\n .boot(true)\n .build())\n .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()\n .network(\"default\")\n .build())\n .scheduling(InstanceTemplateSchedulingArgs.builder()\n .preemptible(false)\n .automaticRestart(true)\n .build())\n .metadata(Map.ofEntries(\n Map.entry(\"gce-software-declaration\", \"\"\"\n{\n \"softwareRecipes\": [{\n \"name\": \"install-gce-service-proxy-agent\",\n \"desired_state\": \"INSTALLED\",\n \"installSteps\": [{\n \"scriptRun\": {\n \"script\": \"#! /bin/bash\\nZONE=$(curl --silent http://metadata.google.internal/computeMetadata/v1/instance/zone -H Metadata-Flavor:Google | cut -d/ -f4 )\\nexport SERVICE_PROXY_AGENT_DIRECTORY=$(mktemp -d)\\nsudo gsutil cp gs://gce-service-proxy-\"$ZONE\"/service-proxy-agent/releases/service-proxy-agent-0.2.tgz \"$SERVICE_PROXY_AGENT_DIRECTORY\" || sudo gsutil cp gs://gce-service-proxy/service-proxy-agent/releases/service-proxy-agent-0.2.tgz \"$SERVICE_PROXY_AGENT_DIRECTORY\"\\nsudo tar -xzf \"$SERVICE_PROXY_AGENT_DIRECTORY\"/service-proxy-agent-0.2.tgz -C \"$SERVICE_PROXY_AGENT_DIRECTORY\"\\n\"$SERVICE_PROXY_AGENT_DIRECTORY\"/service-proxy-agent/service-proxy-agent-bootstrap.sh\"\n }\n }]\n }]\n}\n \"\"\"),\n Map.entry(\"gce-service-proxy\", \"\"\"\n{\n \"api-version\": \"0.2\",\n \"proxy-spec\": {\n \"proxy-port\": 15001,\n \"network\": \"my-network\",\n \"tracing\": \"ON\",\n \"access-log\": \"/var/log/envoy/access.log\"\n }\n \"service\": {\n \"serving-ports\": [80, 81]\n },\n \"labels\": {\n \"app_name\": \"bookserver_app\",\n \"app_version\": \"STABLE\"\n }\n}\n \"\"\"),\n Map.entry(\"enable-guest-attributes\", \"true\"),\n Map.entry(\"enable-osconfig\", \"true\")\n ))\n .serviceAccount(InstanceTemplateServiceAccountArgs.builder()\n .email(default_.email())\n .scopes(\"cloud-platform\")\n .build())\n .labels(Map.of(\"gce-service-proxy\", \"on\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foobar:\n type: gcp:compute:InstanceTemplate\n properties:\n name: appserver-template\n machineType: e2-medium\n canIpForward: false\n tags:\n - foo\n - bar\n disks:\n - sourceImage: ${myImage.selfLink}\n autoDelete: true\n boot: true\n networkInterfaces:\n - network: default\n scheduling:\n preemptible: false\n automaticRestart: true\n metadata:\n gce-software-declaration: |\n {\n \"softwareRecipes\": [{\n \"name\": \"install-gce-service-proxy-agent\",\n \"desired_state\": \"INSTALLED\",\n \"installSteps\": [{\n \"scriptRun\": {\n \"script\": \"#! /bin/bash\\nZONE=$(curl --silent http://metadata.google.internal/computeMetadata/v1/instance/zone -H Metadata-Flavor:Google | cut -d/ -f4 )\\nexport SERVICE_PROXY_AGENT_DIRECTORY=$(mktemp -d)\\nsudo gsutil cp gs://gce-service-proxy-\"$ZONE\"/service-proxy-agent/releases/service-proxy-agent-0.2.tgz \"$SERVICE_PROXY_AGENT_DIRECTORY\" || sudo gsutil cp gs://gce-service-proxy/service-proxy-agent/releases/service-proxy-agent-0.2.tgz \"$SERVICE_PROXY_AGENT_DIRECTORY\"\\nsudo tar -xzf \"$SERVICE_PROXY_AGENT_DIRECTORY\"/service-proxy-agent-0.2.tgz -C \"$SERVICE_PROXY_AGENT_DIRECTORY\"\\n\"$SERVICE_PROXY_AGENT_DIRECTORY\"/service-proxy-agent/service-proxy-agent-bootstrap.sh\"\n }\n }]\n }]\n }\n gce-service-proxy: |\n {\n \"api-version\": \"0.2\",\n \"proxy-spec\": {\n \"proxy-port\": 15001,\n \"network\": \"my-network\",\n \"tracing\": \"ON\",\n \"access-log\": \"/var/log/envoy/access.log\"\n }\n \"service\": {\n \"serving-ports\": [80, 81]\n },\n \"labels\": {\n \"app_name\": \"bookserver_app\",\n \"app_version\": \"STABLE\"\n }\n }\n enable-guest-attributes: 'true'\n enable-osconfig: 'true'\n serviceAccount:\n email: ${default.email}\n scopes:\n - cloud-platform\n labels:\n gce-service-proxy: on\nvariables:\n default:\n fn::invoke:\n function: gcp:compute:getDefaultServiceAccount\n arguments: {}\n myImage:\n fn::invoke:\n function: gcp:compute:getImage\n arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Confidential Computing\n\nExample with [Confidential Mode](https://cloud.google.com/confidential-computing/confidential-vm/docs/confidential-vm-overview) activated.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.serviceaccount.Account(\"default\", {\n accountId: \"my-custom-sa\",\n displayName: \"Custom SA for VM Instance\",\n});\nconst confidentialInstanceTemplate = new gcp.compute.InstanceTemplate(\"confidential_instance_template\", {\n networkInterfaces: [{\n accessConfigs: [{}],\n network: \"default\",\n }],\n name: \"my-confidential-instance-template\",\n region: \"us-central1\",\n machineType: \"n2d-standard-2\",\n minCpuPlatform: \"AMD Milan\",\n confidentialInstanceConfig: {\n enableConfidentialCompute: true,\n confidentialInstanceType: \"SEV\",\n },\n disks: [{\n sourceImage: \"ubuntu-os-cloud/ubuntu-2004-lts\",\n }],\n serviceAccount: {\n email: _default.email,\n scopes: [\"cloud-platform\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.serviceaccount.Account(\"default\",\n account_id=\"my-custom-sa\",\n display_name=\"Custom SA for VM Instance\")\nconfidential_instance_template = gcp.compute.InstanceTemplate(\"confidential_instance_template\",\n network_interfaces=[{\n \"access_configs\": [{}],\n \"network\": \"default\",\n }],\n name=\"my-confidential-instance-template\",\n region=\"us-central1\",\n machine_type=\"n2d-standard-2\",\n min_cpu_platform=\"AMD Milan\",\n confidential_instance_config={\n \"enable_confidential_compute\": True,\n \"confidential_instance_type\": \"SEV\",\n },\n disks=[{\n \"source_image\": \"ubuntu-os-cloud/ubuntu-2004-lts\",\n }],\n service_account={\n \"email\": default.email,\n \"scopes\": [\"cloud-platform\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.ServiceAccount.Account(\"default\", new()\n {\n AccountId = \"my-custom-sa\",\n DisplayName = \"Custom SA for VM Instance\",\n });\n\n var confidentialInstanceTemplate = new Gcp.Compute.InstanceTemplate(\"confidential_instance_template\", new()\n {\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs\n {\n AccessConfigs = new[]\n {\n null,\n },\n Network = \"default\",\n },\n },\n Name = \"my-confidential-instance-template\",\n Region = \"us-central1\",\n MachineType = \"n2d-standard-2\",\n MinCpuPlatform = \"AMD Milan\",\n ConfidentialInstanceConfig = new Gcp.Compute.Inputs.InstanceTemplateConfidentialInstanceConfigArgs\n {\n EnableConfidentialCompute = true,\n ConfidentialInstanceType = \"SEV\",\n },\n Disks = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateDiskArgs\n {\n SourceImage = \"ubuntu-os-cloud/ubuntu-2004-lts\",\n },\n },\n ServiceAccount = new Gcp.Compute.Inputs.InstanceTemplateServiceAccountArgs\n {\n Email = @default.Email,\n Scopes = new[]\n {\n \"cloud-platform\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := serviceaccount.NewAccount(ctx, \"default\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-custom-sa\"),\n\t\t\tDisplayName: pulumi.String(\"Custom SA for VM Instance\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceTemplate(ctx, \"confidential_instance_template\", \u0026compute.InstanceTemplateArgs{\n\t\t\tNetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceTemplateNetworkInterfaceArgs{\n\t\t\t\t\tAccessConfigs: compute.InstanceTemplateNetworkInterfaceAccessConfigArray{\n\t\t\t\t\t\t\u0026compute.InstanceTemplateNetworkInterfaceAccessConfigArgs{},\n\t\t\t\t\t},\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tName: pulumi.String(\"my-confidential-instance-template\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tMachineType: pulumi.String(\"n2d-standard-2\"),\n\t\t\tMinCpuPlatform: pulumi.String(\"AMD Milan\"),\n\t\t\tConfidentialInstanceConfig: \u0026compute.InstanceTemplateConfidentialInstanceConfigArgs{\n\t\t\t\tEnableConfidentialCompute: pulumi.Bool(true),\n\t\t\t\tConfidentialInstanceType: pulumi.String(\"SEV\"),\n\t\t\t},\n\t\t\tDisks: compute.InstanceTemplateDiskArray{\n\t\t\t\t\u0026compute.InstanceTemplateDiskArgs{\n\t\t\t\t\tSourceImage: pulumi.String(\"ubuntu-os-cloud/ubuntu-2004-lts\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tServiceAccount: \u0026compute.InstanceTemplateServiceAccountArgs{\n\t\t\t\tEmail: _default.Email,\n\t\t\t\tScopes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"cloud-platform\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.compute.InstanceTemplate;\nimport com.pulumi.gcp.compute.InstanceTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateConfidentialInstanceConfigArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateServiceAccountArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Account(\"default\", AccountArgs.builder()\n .accountId(\"my-custom-sa\")\n .displayName(\"Custom SA for VM Instance\")\n .build());\n\n var confidentialInstanceTemplate = new InstanceTemplate(\"confidentialInstanceTemplate\", InstanceTemplateArgs.builder()\n .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()\n .accessConfigs()\n .network(\"default\")\n .build())\n .name(\"my-confidential-instance-template\")\n .region(\"us-central1\")\n .machineType(\"n2d-standard-2\")\n .minCpuPlatform(\"AMD Milan\")\n .confidentialInstanceConfig(InstanceTemplateConfidentialInstanceConfigArgs.builder()\n .enableConfidentialCompute(true)\n .confidentialInstanceType(\"SEV\")\n .build())\n .disks(InstanceTemplateDiskArgs.builder()\n .sourceImage(\"ubuntu-os-cloud/ubuntu-2004-lts\")\n .build())\n .serviceAccount(InstanceTemplateServiceAccountArgs.builder()\n .email(default_.email())\n .scopes(\"cloud-platform\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-custom-sa\n displayName: Custom SA for VM Instance\n confidentialInstanceTemplate:\n type: gcp:compute:InstanceTemplate\n name: confidential_instance_template\n properties:\n networkInterfaces:\n - accessConfigs:\n - {}\n network: default\n name: my-confidential-instance-template\n region: us-central1\n machineType: n2d-standard-2\n minCpuPlatform: AMD Milan\n confidentialInstanceConfig:\n enableConfidentialCompute: true\n confidentialInstanceType: SEV\n disks:\n - sourceImage: ubuntu-os-cloud/ubuntu-2004-lts\n serviceAccount:\n email: ${default.email}\n scopes:\n - cloud-platform\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Deploying the Latest Image\n\nA common way to use instance templates and managed instance groups is to deploy the\nlatest image in a family, usually the latest build of your application. There are two\nways to do this in the provider, and they have their pros and cons. The difference ends\nup being in how \"latest\" is interpreted. You can either deploy the latest image available\nwhen the provider runs, or you can have each instance check what the latest image is when\nit's being created, either as part of a scaling event or being rebuilt by the instance\ngroup manager.\n\nIf you're not sure, we recommend deploying the latest image available when the provider runs,\nbecause this means all the instances in your group will be based on the same image, always,\nand means that no upgrades or changes to your instances happen outside of a `pulumi up`.\nYou can achieve this by using the `gcp.compute.Image`\ndata source, which will retrieve the latest image on every `pulumi apply`, and will update\nthe template to use that specific image:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst instanceTemplate = new gcp.compute.InstanceTemplate(\"instance_template\", {\n namePrefix: \"instance-template-\",\n machineType: \"e2-medium\",\n region: \"us-central1\",\n disks: [{\n sourceImage: myImage.then(myImage =\u003e myImage.selfLink),\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\ninstance_template = gcp.compute.InstanceTemplate(\"instance_template\",\n name_prefix=\"instance-template-\",\n machine_type=\"e2-medium\",\n region=\"us-central1\",\n disks=[{\n \"source_image\": my_image.self_link,\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var instanceTemplate = new Gcp.Compute.InstanceTemplate(\"instance_template\", new()\n {\n NamePrefix = \"instance-template-\",\n MachineType = \"e2-medium\",\n Region = \"us-central1\",\n Disks = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateDiskArgs\n {\n SourceImage = myImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceTemplate(ctx, \"instance_template\", \u0026compute.InstanceTemplateArgs{\n\t\t\tNamePrefix: pulumi.String(\"instance-template-\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tDisks: compute.InstanceTemplateDiskArray{\n\t\t\t\t\u0026compute.InstanceTemplateDiskArgs{\n\t\t\t\t\tSourceImage: pulumi.String(myImage.SelfLink),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.InstanceTemplate;\nimport com.pulumi.gcp.compute.InstanceTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var instanceTemplate = new InstanceTemplate(\"instanceTemplate\", InstanceTemplateArgs.builder()\n .namePrefix(\"instance-template-\")\n .machineType(\"e2-medium\")\n .region(\"us-central1\")\n .disks(InstanceTemplateDiskArgs.builder()\n .sourceImage(myImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instanceTemplate:\n type: gcp:compute:InstanceTemplate\n name: instance_template\n properties:\n namePrefix: instance-template-\n machineType: e2-medium\n region: us-central1\n disks:\n - sourceImage: ${myImage.selfLink}\nvariables:\n myImage:\n fn::invoke:\n function: gcp:compute:getImage\n arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nTo have instances update to the latest on every scaling event or instance re-creation,\nuse the family as the image for the disk, and it will use GCP's default behavior, setting\nthe image for the template to the family:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instanceTemplate = new gcp.compute.InstanceTemplate(\"instance_template\", {\n namePrefix: \"instance-template-\",\n machineType: \"e2-medium\",\n region: \"us-central1\",\n disks: [{\n sourceImage: \"debian-cloud/debian-11\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance_template = gcp.compute.InstanceTemplate(\"instance_template\",\n name_prefix=\"instance-template-\",\n machine_type=\"e2-medium\",\n region=\"us-central1\",\n disks=[{\n \"source_image\": \"debian-cloud/debian-11\",\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instanceTemplate = new Gcp.Compute.InstanceTemplate(\"instance_template\", new()\n {\n NamePrefix = \"instance-template-\",\n MachineType = \"e2-medium\",\n Region = \"us-central1\",\n Disks = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateDiskArgs\n {\n SourceImage = \"debian-cloud/debian-11\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceTemplate(ctx, \"instance_template\", \u0026compute.InstanceTemplateArgs{\n\t\t\tNamePrefix: pulumi.String(\"instance-template-\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tDisks: compute.InstanceTemplateDiskArray{\n\t\t\t\t\u0026compute.InstanceTemplateDiskArgs{\n\t\t\t\t\tSourceImage: pulumi.String(\"debian-cloud/debian-11\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceTemplate;\nimport com.pulumi.gcp.compute.InstanceTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instanceTemplate = new InstanceTemplate(\"instanceTemplate\", InstanceTemplateArgs.builder()\n .namePrefix(\"instance-template-\")\n .machineType(\"e2-medium\")\n .region(\"us-central1\")\n .disks(InstanceTemplateDiskArgs.builder()\n .sourceImage(\"debian-cloud/debian-11\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instanceTemplate:\n type: gcp:compute:InstanceTemplate\n name: instance_template\n properties:\n namePrefix: instance-template-\n machineType: e2-medium\n region: us-central1\n disks:\n - sourceImage: debian-cloud/debian-11\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInstance templates can be imported using any of these accepted formats:\n\n* `projects/{{project}}/global/instanceTemplates/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, instance templates can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/instanceTemplate:InstanceTemplate default projects/{{project}}/global/instanceTemplates/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/instanceTemplate:InstanceTemplate default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/instanceTemplate:InstanceTemplate default {{name}}\n```\n\n", "properties": { "advancedMachineFeatures": { "$ref": "#/types/gcp:compute/InstanceTemplateAdvancedMachineFeatures:InstanceTemplateAdvancedMachineFeatures", @@ -168761,7 +168761,7 @@ } }, "gcp:compute/interconnect:Interconnect": { - "description": "Represents an Interconnect resource. The Interconnect resource is a dedicated connection between\nGoogle's network and your on-premises network.\n\n\nTo get more information about Interconnect, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/interconnects)\n* How-to Guides\n * [Create a Dedicated Interconnect](https://cloud.google.com/network-connectivity/docs/interconnect/concepts/dedicated-overview)\n\n## Example Usage\n\n### Compute Interconnect Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example_interconnect = new gcp.compute.Interconnect(\"example-interconnect\", {\n name: \"example-interconnect\",\n customerName: \"example_customer\",\n interconnectType: \"DEDICATED\",\n linkType: \"LINK_TYPE_ETHERNET_10G_LR\",\n location: project.then(project =\u003e `https://www.googleapis.com/compute/v1/projects/${project.name}/global/interconnectLocations/iad-zone1-1`),\n requestedLinkCount: 1,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample_interconnect = gcp.compute.Interconnect(\"example-interconnect\",\n name=\"example-interconnect\",\n customer_name=\"example_customer\",\n interconnect_type=\"DEDICATED\",\n link_type=\"LINK_TYPE_ETHERNET_10G_LR\",\n location=f\"https://www.googleapis.com/compute/v1/projects/{project.name}/global/interconnectLocations/iad-zone1-1\",\n requested_link_count=1)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example_interconnect = new Gcp.Compute.Interconnect(\"example-interconnect\", new()\n {\n Name = \"example-interconnect\",\n CustomerName = \"example_customer\",\n InterconnectType = \"DEDICATED\",\n LinkType = \"LINK_TYPE_ETHERNET_10G_LR\",\n Location = $\"https://www.googleapis.com/compute/v1/projects/{project.Apply(getProjectResult =\u003e getProjectResult.Name)}/global/interconnectLocations/iad-zone1-1\",\n RequestedLinkCount = 1,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInterconnect(ctx, \"example-interconnect\", \u0026compute.InterconnectArgs{\n\t\t\tName: pulumi.String(\"example-interconnect\"),\n\t\t\tCustomerName: pulumi.String(\"example_customer\"),\n\t\t\tInterconnectType: pulumi.String(\"DEDICATED\"),\n\t\t\tLinkType: pulumi.String(\"LINK_TYPE_ETHERNET_10G_LR\"),\n\t\t\tLocation: pulumi.Sprintf(\"https://www.googleapis.com/compute/v1/projects/%v/global/interconnectLocations/iad-zone1-1\", project.Name),\n\t\t\tRequestedLinkCount: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.compute.Interconnect;\nimport com.pulumi.gcp.compute.InterconnectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example_interconnect = new Interconnect(\"example-interconnect\", InterconnectArgs.builder()\n .name(\"example-interconnect\")\n .customerName(\"example_customer\")\n .interconnectType(\"DEDICATED\")\n .linkType(\"LINK_TYPE_ETHERNET_10G_LR\")\n .location(String.format(\"https://www.googleapis.com/compute/v1/projects/%s/global/interconnectLocations/iad-zone1-1\", project.applyValue(getProjectResult -\u003e getProjectResult.name())))\n .requestedLinkCount(1)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-interconnect:\n type: gcp:compute:Interconnect\n properties:\n name: example-interconnect\n customerName: example_customer\n interconnectType: DEDICATED\n linkType: LINK_TYPE_ETHERNET_10G_LR\n location: https://www.googleapis.com/compute/v1/projects/${project.name}/global/interconnectLocations/iad-zone1-1\n requestedLinkCount: 1\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInterconnect can be imported using any of these accepted formats:\n\n* `projects/{{project}}/global/interconnects/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Interconnect can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/interconnect:Interconnect default projects/{{project}}/global/interconnects/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/interconnect:Interconnect default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/interconnect:Interconnect default {{name}}\n```\n\n", + "description": "Represents an Interconnect resource. The Interconnect resource is a dedicated connection between\nGoogle's network and your on-premises network.\n\n\nTo get more information about Interconnect, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/interconnects)\n* How-to Guides\n * [Create a Dedicated Interconnect](https://cloud.google.com/network-connectivity/docs/interconnect/concepts/dedicated-overview)\n\n## Example Usage\n\n### Compute Interconnect Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example_interconnect = new gcp.compute.Interconnect(\"example-interconnect\", {\n name: \"example-interconnect\",\n customerName: \"example_customer\",\n interconnectType: \"DEDICATED\",\n linkType: \"LINK_TYPE_ETHERNET_10G_LR\",\n location: project.then(project =\u003e `https://www.googleapis.com/compute/v1/projects/${project.name}/global/interconnectLocations/iad-zone1-1`),\n requestedLinkCount: 1,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample_interconnect = gcp.compute.Interconnect(\"example-interconnect\",\n name=\"example-interconnect\",\n customer_name=\"example_customer\",\n interconnect_type=\"DEDICATED\",\n link_type=\"LINK_TYPE_ETHERNET_10G_LR\",\n location=f\"https://www.googleapis.com/compute/v1/projects/{project.name}/global/interconnectLocations/iad-zone1-1\",\n requested_link_count=1)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example_interconnect = new Gcp.Compute.Interconnect(\"example-interconnect\", new()\n {\n Name = \"example-interconnect\",\n CustomerName = \"example_customer\",\n InterconnectType = \"DEDICATED\",\n LinkType = \"LINK_TYPE_ETHERNET_10G_LR\",\n Location = $\"https://www.googleapis.com/compute/v1/projects/{project.Apply(getProjectResult =\u003e getProjectResult.Name)}/global/interconnectLocations/iad-zone1-1\",\n RequestedLinkCount = 1,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInterconnect(ctx, \"example-interconnect\", \u0026compute.InterconnectArgs{\n\t\t\tName: pulumi.String(\"example-interconnect\"),\n\t\t\tCustomerName: pulumi.String(\"example_customer\"),\n\t\t\tInterconnectType: pulumi.String(\"DEDICATED\"),\n\t\t\tLinkType: pulumi.String(\"LINK_TYPE_ETHERNET_10G_LR\"),\n\t\t\tLocation: pulumi.Sprintf(\"https://www.googleapis.com/compute/v1/projects/%v/global/interconnectLocations/iad-zone1-1\", project.Name),\n\t\t\tRequestedLinkCount: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.compute.Interconnect;\nimport com.pulumi.gcp.compute.InterconnectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example_interconnect = new Interconnect(\"example-interconnect\", InterconnectArgs.builder()\n .name(\"example-interconnect\")\n .customerName(\"example_customer\")\n .interconnectType(\"DEDICATED\")\n .linkType(\"LINK_TYPE_ETHERNET_10G_LR\")\n .location(String.format(\"https://www.googleapis.com/compute/v1/projects/%s/global/interconnectLocations/iad-zone1-1\", project.applyValue(getProjectResult -\u003e getProjectResult.name())))\n .requestedLinkCount(1)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-interconnect:\n type: gcp:compute:Interconnect\n properties:\n name: example-interconnect\n customerName: example_customer\n interconnectType: DEDICATED\n linkType: LINK_TYPE_ETHERNET_10G_LR\n location: https://www.googleapis.com/compute/v1/projects/${project.name}/global/interconnectLocations/iad-zone1-1\n requestedLinkCount: 1\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInterconnect can be imported using any of these accepted formats:\n\n* `projects/{{project}}/global/interconnects/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Interconnect can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/interconnect:Interconnect default projects/{{project}}/global/interconnects/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/interconnect:Interconnect default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/interconnect:Interconnect default {{name}}\n```\n\n", "properties": { "adminEnabled": { "type": "boolean", @@ -169683,7 +169683,7 @@ } }, "gcp:compute/machineImageIamBinding:MachineImageIamBinding": { - "description": "Three different resources help you manage your IAM policy for Compute Engine MachineImage. Each of these resources serves a different use case:\n\n* `gcp.compute.MachineImageIamPolicy`: Authoritative. Sets the IAM policy for the machineimage and replaces any existing policy already attached.\n* `gcp.compute.MachineImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the machineimage are preserved.\n* `gcp.compute.MachineImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the machineimage are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.MachineImageIamPolicy`: Retrieves the IAM policy for the machineimage\n\n\u003e **Note:** `gcp.compute.MachineImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.MachineImageIamBinding` and `gcp.compute.MachineImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.MachineImageIamBinding` resources **can be** used in conjunction with `gcp.compute.MachineImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n## google\\_compute\\_machine\\_image\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.MachineImageIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.MachineImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.MachineImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(MachineImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.MachineImageIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.MachineImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.MachineImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .condition(MachineImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine MachineImage\nThree different resources help you manage your IAM policy for Compute Engine MachineImage. Each of these resources serves a different use case:\n\n* `gcp.compute.MachineImageIamPolicy`: Authoritative. Sets the IAM policy for the machineimage and replaces any existing policy already attached.\n* `gcp.compute.MachineImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the machineimage are preserved.\n* `gcp.compute.MachineImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the machineimage are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.MachineImageIamPolicy`: Retrieves the IAM policy for the machineimage\n\n\u003e **Note:** `gcp.compute.MachineImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.MachineImageIamBinding` and `gcp.compute.MachineImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.MachineImageIamBinding` resources **can be** used in conjunction with `gcp.compute.MachineImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n## google\\_compute\\_machine\\_image\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.MachineImageIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.MachineImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.MachineImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(MachineImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.MachineImageIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.MachineImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.MachineImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .condition(MachineImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/machineImages/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine machineimage IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamBinding:MachineImageIamBinding editor \"projects/{{project}}/global/machineImages/{{machine_image}} roles/compute.admin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamBinding:MachineImageIamBinding editor \"projects/{{project}}/global/machineImages/{{machine_image}} roles/compute.admin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamBinding:MachineImageIamBinding editor projects/{{project}}/global/machineImages/{{machine_image}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine MachineImage. Each of these resources serves a different use case:\n\n* `gcp.compute.MachineImageIamPolicy`: Authoritative. Sets the IAM policy for the machineimage and replaces any existing policy already attached.\n* `gcp.compute.MachineImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the machineimage are preserved.\n* `gcp.compute.MachineImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the machineimage are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.MachineImageIamPolicy`: Retrieves the IAM policy for the machineimage\n\n\u003e **Note:** `gcp.compute.MachineImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.MachineImageIamBinding` and `gcp.compute.MachineImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.MachineImageIamBinding` resources **can be** used in conjunction with `gcp.compute.MachineImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n## google\\_compute\\_machine\\_image\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.MachineImageIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.MachineImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.MachineImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(MachineImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.MachineImageIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.MachineImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.MachineImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .condition(MachineImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine MachineImage\nThree different resources help you manage your IAM policy for Compute Engine MachineImage. Each of these resources serves a different use case:\n\n* `gcp.compute.MachineImageIamPolicy`: Authoritative. Sets the IAM policy for the machineimage and replaces any existing policy already attached.\n* `gcp.compute.MachineImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the machineimage are preserved.\n* `gcp.compute.MachineImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the machineimage are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.MachineImageIamPolicy`: Retrieves the IAM policy for the machineimage\n\n\u003e **Note:** `gcp.compute.MachineImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.MachineImageIamBinding` and `gcp.compute.MachineImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.MachineImageIamBinding` resources **can be** used in conjunction with `gcp.compute.MachineImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n## google\\_compute\\_machine\\_image\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.MachineImageIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.MachineImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.MachineImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(MachineImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.MachineImageIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.MachineImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.MachineImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .condition(MachineImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/machineImages/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine machineimage IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamBinding:MachineImageIamBinding editor \"projects/{{project}}/global/machineImages/{{machine_image}} roles/compute.admin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamBinding:MachineImageIamBinding editor \"projects/{{project}}/global/machineImages/{{machine_image}} roles/compute.admin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamBinding:MachineImageIamBinding editor projects/{{project}}/global/machineImages/{{machine_image}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:compute/MachineImageIamBindingCondition:MachineImageIamBindingCondition", @@ -169793,7 +169793,7 @@ } }, "gcp:compute/machineImageIamMember:MachineImageIamMember": { - "description": "Three different resources help you manage your IAM policy for Compute Engine MachineImage. Each of these resources serves a different use case:\n\n* `gcp.compute.MachineImageIamPolicy`: Authoritative. Sets the IAM policy for the machineimage and replaces any existing policy already attached.\n* `gcp.compute.MachineImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the machineimage are preserved.\n* `gcp.compute.MachineImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the machineimage are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.MachineImageIamPolicy`: Retrieves the IAM policy for the machineimage\n\n\u003e **Note:** `gcp.compute.MachineImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.MachineImageIamBinding` and `gcp.compute.MachineImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.MachineImageIamBinding` resources **can be** used in conjunction with `gcp.compute.MachineImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n## google\\_compute\\_machine\\_image\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.MachineImageIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.MachineImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.MachineImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(MachineImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.MachineImageIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.MachineImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.MachineImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .condition(MachineImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine MachineImage\nThree different resources help you manage your IAM policy for Compute Engine MachineImage. Each of these resources serves a different use case:\n\n* `gcp.compute.MachineImageIamPolicy`: Authoritative. Sets the IAM policy for the machineimage and replaces any existing policy already attached.\n* `gcp.compute.MachineImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the machineimage are preserved.\n* `gcp.compute.MachineImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the machineimage are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.MachineImageIamPolicy`: Retrieves the IAM policy for the machineimage\n\n\u003e **Note:** `gcp.compute.MachineImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.MachineImageIamBinding` and `gcp.compute.MachineImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.MachineImageIamBinding` resources **can be** used in conjunction with `gcp.compute.MachineImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n## google\\_compute\\_machine\\_image\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.MachineImageIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.MachineImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.MachineImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(MachineImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.MachineImageIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.MachineImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.MachineImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .condition(MachineImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/machineImages/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine machineimage IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamMember:MachineImageIamMember editor \"projects/{{project}}/global/machineImages/{{machine_image}} roles/compute.admin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamMember:MachineImageIamMember editor \"projects/{{project}}/global/machineImages/{{machine_image}} roles/compute.admin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamMember:MachineImageIamMember editor projects/{{project}}/global/machineImages/{{machine_image}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine MachineImage. Each of these resources serves a different use case:\n\n* `gcp.compute.MachineImageIamPolicy`: Authoritative. Sets the IAM policy for the machineimage and replaces any existing policy already attached.\n* `gcp.compute.MachineImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the machineimage are preserved.\n* `gcp.compute.MachineImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the machineimage are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.MachineImageIamPolicy`: Retrieves the IAM policy for the machineimage\n\n\u003e **Note:** `gcp.compute.MachineImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.MachineImageIamBinding` and `gcp.compute.MachineImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.MachineImageIamBinding` resources **can be** used in conjunction with `gcp.compute.MachineImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n## google\\_compute\\_machine\\_image\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.MachineImageIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.MachineImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.MachineImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(MachineImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.MachineImageIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.MachineImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.MachineImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .condition(MachineImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine MachineImage\nThree different resources help you manage your IAM policy for Compute Engine MachineImage. Each of these resources serves a different use case:\n\n* `gcp.compute.MachineImageIamPolicy`: Authoritative. Sets the IAM policy for the machineimage and replaces any existing policy already attached.\n* `gcp.compute.MachineImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the machineimage are preserved.\n* `gcp.compute.MachineImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the machineimage are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.MachineImageIamPolicy`: Retrieves the IAM policy for the machineimage\n\n\u003e **Note:** `gcp.compute.MachineImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.MachineImageIamBinding` and `gcp.compute.MachineImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.MachineImageIamBinding` resources **can be** used in conjunction with `gcp.compute.MachineImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n## google\\_compute\\_machine\\_image\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.MachineImageIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.MachineImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.MachineImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(MachineImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.MachineImageIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.MachineImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.MachineImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .condition(MachineImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/machineImages/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine machineimage IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamMember:MachineImageIamMember editor \"projects/{{project}}/global/machineImages/{{machine_image}} roles/compute.admin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamMember:MachineImageIamMember editor \"projects/{{project}}/global/machineImages/{{machine_image}} roles/compute.admin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamMember:MachineImageIamMember editor projects/{{project}}/global/machineImages/{{machine_image}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:compute/MachineImageIamMemberCondition:MachineImageIamMemberCondition", @@ -169896,7 +169896,7 @@ } }, "gcp:compute/machineImageIamPolicy:MachineImageIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Compute Engine MachineImage. Each of these resources serves a different use case:\n\n* `gcp.compute.MachineImageIamPolicy`: Authoritative. Sets the IAM policy for the machineimage and replaces any existing policy already attached.\n* `gcp.compute.MachineImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the machineimage are preserved.\n* `gcp.compute.MachineImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the machineimage are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.MachineImageIamPolicy`: Retrieves the IAM policy for the machineimage\n\n\u003e **Note:** `gcp.compute.MachineImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.MachineImageIamBinding` and `gcp.compute.MachineImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.MachineImageIamBinding` resources **can be** used in conjunction with `gcp.compute.MachineImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n## google\\_compute\\_machine\\_image\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.MachineImageIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.MachineImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.MachineImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(MachineImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.MachineImageIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.MachineImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.MachineImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .condition(MachineImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine MachineImage\nThree different resources help you manage your IAM policy for Compute Engine MachineImage. Each of these resources serves a different use case:\n\n* `gcp.compute.MachineImageIamPolicy`: Authoritative. Sets the IAM policy for the machineimage and replaces any existing policy already attached.\n* `gcp.compute.MachineImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the machineimage are preserved.\n* `gcp.compute.MachineImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the machineimage are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.MachineImageIamPolicy`: Retrieves the IAM policy for the machineimage\n\n\u003e **Note:** `gcp.compute.MachineImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.MachineImageIamBinding` and `gcp.compute.MachineImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.MachineImageIamBinding` resources **can be** used in conjunction with `gcp.compute.MachineImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n## google\\_compute\\_machine\\_image\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.MachineImageIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.MachineImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.MachineImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(MachineImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.MachineImageIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.MachineImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.MachineImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .condition(MachineImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/machineImages/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine machineimage IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamPolicy:MachineImageIamPolicy editor \"projects/{{project}}/global/machineImages/{{machine_image}} roles/compute.admin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamPolicy:MachineImageIamPolicy editor \"projects/{{project}}/global/machineImages/{{machine_image}} roles/compute.admin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamPolicy:MachineImageIamPolicy editor projects/{{project}}/global/machineImages/{{machine_image}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine MachineImage. Each of these resources serves a different use case:\n\n* `gcp.compute.MachineImageIamPolicy`: Authoritative. Sets the IAM policy for the machineimage and replaces any existing policy already attached.\n* `gcp.compute.MachineImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the machineimage are preserved.\n* `gcp.compute.MachineImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the machineimage are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.MachineImageIamPolicy`: Retrieves the IAM policy for the machineimage\n\n\u003e **Note:** `gcp.compute.MachineImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.MachineImageIamBinding` and `gcp.compute.MachineImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.MachineImageIamBinding` resources **can be** used in conjunction with `gcp.compute.MachineImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n## google\\_compute\\_machine\\_image\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.MachineImageIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.MachineImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.MachineImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(MachineImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.MachineImageIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.MachineImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.MachineImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .condition(MachineImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine MachineImage\nThree different resources help you manage your IAM policy for Compute Engine MachineImage. Each of these resources serves a different use case:\n\n* `gcp.compute.MachineImageIamPolicy`: Authoritative. Sets the IAM policy for the machineimage and replaces any existing policy already attached.\n* `gcp.compute.MachineImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the machineimage are preserved.\n* `gcp.compute.MachineImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the machineimage are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.MachineImageIamPolicy`: Retrieves the IAM policy for the machineimage\n\n\u003e **Note:** `gcp.compute.MachineImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.MachineImageIamBinding` and `gcp.compute.MachineImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.MachineImageIamBinding` resources **can be** used in conjunction with `gcp.compute.MachineImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n## google\\_compute\\_machine\\_image\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.MachineImageIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.MachineImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.MachineImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(MachineImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.MachineImageIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.MachineImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.MachineImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder()\n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .condition(MachineImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/machineImages/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine machineimage IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamPolicy:MachineImageIamPolicy editor \"projects/{{project}}/global/machineImages/{{machine_image}} roles/compute.admin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamPolicy:MachineImageIamPolicy editor \"projects/{{project}}/global/machineImages/{{machine_image}} roles/compute.admin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamPolicy:MachineImageIamPolicy editor projects/{{project}}/global/machineImages/{{machine_image}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -170829,7 +170829,7 @@ } }, "gcp:compute/networkEndpoint:NetworkEndpoint": { - "description": "A Network endpoint represents a IP address and port combination that is\npart of a specific network endpoint group (NEG). NEGs are zonal\ncollections of these endpoints for GCP resources within a\nsingle subnet. **NOTE**: Network endpoints cannot be created outside of a\nnetwork endpoint group.\n\n\u003e **NOTE** In case the Endpoint's Instance is recreated, it's needed to\nperform `apply` twice. To avoid situations like this, please use this resource\nwith the lifecycle `replace_triggered_by` method, with the passed Instance's ID.\n\n\nTo get more information about NetworkEndpoint, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/beta/networkEndpointGroups)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/load-balancing/docs/negs/)\n\n## Example Usage\n\n### Network Endpoint\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst _default = new gcp.compute.Network(\"default\", {\n name: \"neg-network\",\n autoCreateSubnetworks: false,\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"neg-subnetwork\",\n ipCidrRange: \"10.0.0.1/16\",\n region: \"us-central1\",\n network: _default.id,\n});\nconst endpoint_instance = new gcp.compute.Instance(\"endpoint-instance\", {\n networkInterfaces: [{\n accessConfigs: [{}],\n subnetwork: defaultSubnetwork.id,\n }],\n name: \"endpoint-instance\",\n machineType: \"e2-medium\",\n bootDisk: {\n initializeParams: {\n image: myImage.then(myImage =\u003e myImage.selfLink),\n },\n },\n});\nconst default_endpoint = new gcp.compute.NetworkEndpoint(\"default-endpoint\", {\n networkEndpointGroup: neg.name,\n instance: endpoint_instance.name,\n port: neg.defaultPort,\n ipAddress: endpoint_instance.networkInterfaces.apply(networkInterfaces =\u003e networkInterfaces[0].networkIp),\n});\nconst group = new gcp.compute.NetworkEndpointGroup(\"group\", {\n name: \"my-lb-neg\",\n network: _default.id,\n subnetwork: defaultSubnetwork.id,\n defaultPort: 90,\n zone: \"us-central1-a\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\ndefault = gcp.compute.Network(\"default\",\n name=\"neg-network\",\n auto_create_subnetworks=False)\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"neg-subnetwork\",\n ip_cidr_range=\"10.0.0.1/16\",\n region=\"us-central1\",\n network=default.id)\nendpoint_instance = gcp.compute.Instance(\"endpoint-instance\",\n network_interfaces=[{\n \"access_configs\": [{}],\n \"subnetwork\": default_subnetwork.id,\n }],\n name=\"endpoint-instance\",\n machine_type=\"e2-medium\",\n boot_disk={\n \"initialize_params\": {\n \"image\": my_image.self_link,\n },\n })\ndefault_endpoint = gcp.compute.NetworkEndpoint(\"default-endpoint\",\n network_endpoint_group=neg[\"name\"],\n instance=endpoint_instance.name,\n port=neg[\"defaultPort\"],\n ip_address=endpoint_instance.network_interfaces[0].network_ip)\ngroup = gcp.compute.NetworkEndpointGroup(\"group\",\n name=\"my-lb-neg\",\n network=default.id,\n subnetwork=default_subnetwork.id,\n default_port=90,\n zone=\"us-central1-a\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"neg-network\",\n AutoCreateSubnetworks = false,\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"neg-subnetwork\",\n IpCidrRange = \"10.0.0.1/16\",\n Region = \"us-central1\",\n Network = @default.Id,\n });\n\n var endpoint_instance = new Gcp.Compute.Instance(\"endpoint-instance\", new()\n {\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs\n {\n AccessConfigs = new[]\n {\n null,\n },\n Subnetwork = defaultSubnetwork.Id,\n },\n },\n Name = \"endpoint-instance\",\n MachineType = \"e2-medium\",\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = myImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n },\n },\n });\n\n var default_endpoint = new Gcp.Compute.NetworkEndpoint(\"default-endpoint\", new()\n {\n NetworkEndpointGroup = neg.Name,\n Instance = endpoint_instance.Name,\n Port = neg.DefaultPort,\n IpAddress = endpoint_instance.NetworkInterfaces.Apply(networkInterfaces =\u003e networkInterfaces[0].NetworkIp),\n });\n\n var @group = new Gcp.Compute.NetworkEndpointGroup(\"group\", new()\n {\n Name = \"my-lb-neg\",\n Network = @default.Id,\n Subnetwork = defaultSubnetwork.Id,\n DefaultPort = 90,\n Zone = \"us-central1-a\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"neg-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"neg-subnetwork\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.1/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstance(ctx, \"endpoint-instance\", \u0026compute.InstanceArgs{\n\t\t\tNetworkInterfaces: compute.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tAccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{\n\t\t\t\t\t\t\u0026compute.InstanceNetworkInterfaceAccessConfigArgs{},\n\t\t\t\t\t},\n\t\t\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tName: pulumi.String(\"endpoint-instance\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\n\t\t\t\t\tImage: pulumi.String(myImage.SelfLink),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNetworkEndpoint(ctx, \"default-endpoint\", \u0026compute.NetworkEndpointArgs{\n\t\t\tNetworkEndpointGroup: pulumi.Any(neg.Name),\n\t\t\tInstance: endpoint_instance.Name,\n\t\t\tPort: pulumi.Any(neg.DefaultPort),\n\t\t\tIpAddress: pulumi.String(endpoint_instance.NetworkInterfaces.ApplyT(func(networkInterfaces []compute.InstanceNetworkInterface) (*string, error) {\n\t\t\t\treturn \u0026networkInterfaces[0].NetworkIp, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNetworkEndpointGroup(ctx, \"group\", \u0026compute.NetworkEndpointGroupArgs{\n\t\t\tName: pulumi.String(\"my-lb-neg\"),\n\t\t\tNetwork: _default.ID(),\n\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\tDefaultPort: pulumi.Int(90),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;\nimport com.pulumi.gcp.compute.NetworkEndpoint;\nimport com.pulumi.gcp.compute.NetworkEndpointArgs;\nimport com.pulumi.gcp.compute.NetworkEndpointGroup;\nimport com.pulumi.gcp.compute.NetworkEndpointGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"neg-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"neg-subnetwork\")\n .ipCidrRange(\"10.0.0.1/16\")\n .region(\"us-central1\")\n .network(default_.id())\n .build());\n\n var endpoint_instance = new Instance(\"endpoint-instance\", InstanceArgs.builder()\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .accessConfigs()\n .subnetwork(defaultSubnetwork.id())\n .build())\n .name(\"endpoint-instance\")\n .machineType(\"e2-medium\")\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(myImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .build())\n .build())\n .build());\n\n var default_endpoint = new NetworkEndpoint(\"default-endpoint\", NetworkEndpointArgs.builder()\n .networkEndpointGroup(neg.name())\n .instance(endpoint_instance.name())\n .port(neg.defaultPort())\n .ipAddress(endpoint_instance.networkInterfaces().applyValue(networkInterfaces -\u003e networkInterfaces[0].networkIp()))\n .build());\n\n var group = new NetworkEndpointGroup(\"group\", NetworkEndpointGroupArgs.builder()\n .name(\"my-lb-neg\")\n .network(default_.id())\n .subnetwork(defaultSubnetwork.id())\n .defaultPort(\"90\")\n .zone(\"us-central1-a\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default-endpoint:\n type: gcp:compute:NetworkEndpoint\n properties:\n networkEndpointGroup: ${neg.name}\n instance: ${[\"endpoint-instance\"].name}\n port: ${neg.defaultPort}\n ipAddress: ${[\"endpoint-instance\"].networkInterfaces[0].networkIp}\n endpoint-instance:\n type: gcp:compute:Instance\n properties:\n networkInterfaces:\n - accessConfigs:\n - {}\n subnetwork: ${defaultSubnetwork.id}\n name: endpoint-instance\n machineType: e2-medium\n bootDisk:\n initializeParams:\n image: ${myImage.selfLink}\n group:\n type: gcp:compute:NetworkEndpointGroup\n properties:\n name: my-lb-neg\n network: ${default.id}\n subnetwork: ${defaultSubnetwork.id}\n defaultPort: '90'\n zone: us-central1-a\n default:\n type: gcp:compute:Network\n properties:\n name: neg-network\n autoCreateSubnetworks: false\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: neg-subnetwork\n ipCidrRange: 10.0.0.1/16\n region: us-central1\n network: ${default.id}\nvariables:\n myImage:\n fn::invoke:\n Function: gcp:compute:getImage\n Arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nNetworkEndpoint can be imported using any of these accepted formats:\n\n* `projects/{{project}}/zones/{{zone}}/networkEndpointGroups/{{network_endpoint_group}}/{{instance}}/{{ip_address}}/{{port}}`\n\n* `{{project}}/{{zone}}/{{network_endpoint_group}}/{{instance}}/{{ip_address}}/{{port}}`\n\n* `{{zone}}/{{network_endpoint_group}}/{{instance}}/{{ip_address}}/{{port}}`\n\n* `{{network_endpoint_group}}/{{instance}}/{{ip_address}}/{{port}}`\n\nWhen using the `pulumi import` command, NetworkEndpoint can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/networkEndpoint:NetworkEndpoint default projects/{{project}}/zones/{{zone}}/networkEndpointGroups/{{network_endpoint_group}}/{{instance}}/{{ip_address}}/{{port}}\n```\n\n```sh\n$ pulumi import gcp:compute/networkEndpoint:NetworkEndpoint default {{project}}/{{zone}}/{{network_endpoint_group}}/{{instance}}/{{ip_address}}/{{port}}\n```\n\n```sh\n$ pulumi import gcp:compute/networkEndpoint:NetworkEndpoint default {{zone}}/{{network_endpoint_group}}/{{instance}}/{{ip_address}}/{{port}}\n```\n\n```sh\n$ pulumi import gcp:compute/networkEndpoint:NetworkEndpoint default {{network_endpoint_group}}/{{instance}}/{{ip_address}}/{{port}}\n```\n\n", + "description": "A Network endpoint represents a IP address and port combination that is\npart of a specific network endpoint group (NEG). NEGs are zonal\ncollections of these endpoints for GCP resources within a\nsingle subnet. **NOTE**: Network endpoints cannot be created outside of a\nnetwork endpoint group.\n\n\u003e **NOTE** In case the Endpoint's Instance is recreated, it's needed to\nperform `apply` twice. To avoid situations like this, please use this resource\nwith the lifecycle `replace_triggered_by` method, with the passed Instance's ID.\n\n\nTo get more information about NetworkEndpoint, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/beta/networkEndpointGroups)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/load-balancing/docs/negs/)\n\n## Example Usage\n\n### Network Endpoint\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst _default = new gcp.compute.Network(\"default\", {\n name: \"neg-network\",\n autoCreateSubnetworks: false,\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"neg-subnetwork\",\n ipCidrRange: \"10.0.0.1/16\",\n region: \"us-central1\",\n network: _default.id,\n});\nconst endpoint_instance = new gcp.compute.Instance(\"endpoint-instance\", {\n networkInterfaces: [{\n accessConfigs: [{}],\n subnetwork: defaultSubnetwork.id,\n }],\n name: \"endpoint-instance\",\n machineType: \"e2-medium\",\n bootDisk: {\n initializeParams: {\n image: myImage.then(myImage =\u003e myImage.selfLink),\n },\n },\n});\nconst default_endpoint = new gcp.compute.NetworkEndpoint(\"default-endpoint\", {\n networkEndpointGroup: neg.name,\n instance: endpoint_instance.name,\n port: neg.defaultPort,\n ipAddress: endpoint_instance.networkInterfaces.apply(networkInterfaces =\u003e networkInterfaces[0].networkIp),\n});\nconst group = new gcp.compute.NetworkEndpointGroup(\"group\", {\n name: \"my-lb-neg\",\n network: _default.id,\n subnetwork: defaultSubnetwork.id,\n defaultPort: 90,\n zone: \"us-central1-a\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\ndefault = gcp.compute.Network(\"default\",\n name=\"neg-network\",\n auto_create_subnetworks=False)\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"neg-subnetwork\",\n ip_cidr_range=\"10.0.0.1/16\",\n region=\"us-central1\",\n network=default.id)\nendpoint_instance = gcp.compute.Instance(\"endpoint-instance\",\n network_interfaces=[{\n \"access_configs\": [{}],\n \"subnetwork\": default_subnetwork.id,\n }],\n name=\"endpoint-instance\",\n machine_type=\"e2-medium\",\n boot_disk={\n \"initialize_params\": {\n \"image\": my_image.self_link,\n },\n })\ndefault_endpoint = gcp.compute.NetworkEndpoint(\"default-endpoint\",\n network_endpoint_group=neg[\"name\"],\n instance=endpoint_instance.name,\n port=neg[\"defaultPort\"],\n ip_address=endpoint_instance.network_interfaces[0].network_ip)\ngroup = gcp.compute.NetworkEndpointGroup(\"group\",\n name=\"my-lb-neg\",\n network=default.id,\n subnetwork=default_subnetwork.id,\n default_port=90,\n zone=\"us-central1-a\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"neg-network\",\n AutoCreateSubnetworks = false,\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"neg-subnetwork\",\n IpCidrRange = \"10.0.0.1/16\",\n Region = \"us-central1\",\n Network = @default.Id,\n });\n\n var endpoint_instance = new Gcp.Compute.Instance(\"endpoint-instance\", new()\n {\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs\n {\n AccessConfigs = new[]\n {\n null,\n },\n Subnetwork = defaultSubnetwork.Id,\n },\n },\n Name = \"endpoint-instance\",\n MachineType = \"e2-medium\",\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = myImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n },\n },\n });\n\n var default_endpoint = new Gcp.Compute.NetworkEndpoint(\"default-endpoint\", new()\n {\n NetworkEndpointGroup = neg.Name,\n Instance = endpoint_instance.Name,\n Port = neg.DefaultPort,\n IpAddress = endpoint_instance.NetworkInterfaces.Apply(networkInterfaces =\u003e networkInterfaces[0].NetworkIp),\n });\n\n var @group = new Gcp.Compute.NetworkEndpointGroup(\"group\", new()\n {\n Name = \"my-lb-neg\",\n Network = @default.Id,\n Subnetwork = defaultSubnetwork.Id,\n DefaultPort = 90,\n Zone = \"us-central1-a\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"neg-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"neg-subnetwork\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.1/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstance(ctx, \"endpoint-instance\", \u0026compute.InstanceArgs{\n\t\t\tNetworkInterfaces: compute.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tAccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{\n\t\t\t\t\t\t\u0026compute.InstanceNetworkInterfaceAccessConfigArgs{},\n\t\t\t\t\t},\n\t\t\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tName: pulumi.String(\"endpoint-instance\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\n\t\t\t\t\tImage: pulumi.String(myImage.SelfLink),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNetworkEndpoint(ctx, \"default-endpoint\", \u0026compute.NetworkEndpointArgs{\n\t\t\tNetworkEndpointGroup: pulumi.Any(neg.Name),\n\t\t\tInstance: endpoint_instance.Name,\n\t\t\tPort: pulumi.Any(neg.DefaultPort),\n\t\t\tIpAddress: pulumi.String(endpoint_instance.NetworkInterfaces.ApplyT(func(networkInterfaces []compute.InstanceNetworkInterface) (*string, error) {\n\t\t\t\treturn \u0026networkInterfaces[0].NetworkIp, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNetworkEndpointGroup(ctx, \"group\", \u0026compute.NetworkEndpointGroupArgs{\n\t\t\tName: pulumi.String(\"my-lb-neg\"),\n\t\t\tNetwork: _default.ID(),\n\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\tDefaultPort: pulumi.Int(90),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;\nimport com.pulumi.gcp.compute.NetworkEndpoint;\nimport com.pulumi.gcp.compute.NetworkEndpointArgs;\nimport com.pulumi.gcp.compute.NetworkEndpointGroup;\nimport com.pulumi.gcp.compute.NetworkEndpointGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"neg-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"neg-subnetwork\")\n .ipCidrRange(\"10.0.0.1/16\")\n .region(\"us-central1\")\n .network(default_.id())\n .build());\n\n var endpoint_instance = new Instance(\"endpoint-instance\", InstanceArgs.builder()\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .accessConfigs()\n .subnetwork(defaultSubnetwork.id())\n .build())\n .name(\"endpoint-instance\")\n .machineType(\"e2-medium\")\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(myImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .build())\n .build())\n .build());\n\n var default_endpoint = new NetworkEndpoint(\"default-endpoint\", NetworkEndpointArgs.builder()\n .networkEndpointGroup(neg.name())\n .instance(endpoint_instance.name())\n .port(neg.defaultPort())\n .ipAddress(endpoint_instance.networkInterfaces().applyValue(networkInterfaces -\u003e networkInterfaces[0].networkIp()))\n .build());\n\n var group = new NetworkEndpointGroup(\"group\", NetworkEndpointGroupArgs.builder()\n .name(\"my-lb-neg\")\n .network(default_.id())\n .subnetwork(defaultSubnetwork.id())\n .defaultPort(\"90\")\n .zone(\"us-central1-a\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default-endpoint:\n type: gcp:compute:NetworkEndpoint\n properties:\n networkEndpointGroup: ${neg.name}\n instance: ${[\"endpoint-instance\"].name}\n port: ${neg.defaultPort}\n ipAddress: ${[\"endpoint-instance\"].networkInterfaces[0].networkIp}\n endpoint-instance:\n type: gcp:compute:Instance\n properties:\n networkInterfaces:\n - accessConfigs:\n - {}\n subnetwork: ${defaultSubnetwork.id}\n name: endpoint-instance\n machineType: e2-medium\n bootDisk:\n initializeParams:\n image: ${myImage.selfLink}\n group:\n type: gcp:compute:NetworkEndpointGroup\n properties:\n name: my-lb-neg\n network: ${default.id}\n subnetwork: ${defaultSubnetwork.id}\n defaultPort: '90'\n zone: us-central1-a\n default:\n type: gcp:compute:Network\n properties:\n name: neg-network\n autoCreateSubnetworks: false\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: neg-subnetwork\n ipCidrRange: 10.0.0.1/16\n region: us-central1\n network: ${default.id}\nvariables:\n myImage:\n fn::invoke:\n function: gcp:compute:getImage\n arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nNetworkEndpoint can be imported using any of these accepted formats:\n\n* `projects/{{project}}/zones/{{zone}}/networkEndpointGroups/{{network_endpoint_group}}/{{instance}}/{{ip_address}}/{{port}}`\n\n* `{{project}}/{{zone}}/{{network_endpoint_group}}/{{instance}}/{{ip_address}}/{{port}}`\n\n* `{{zone}}/{{network_endpoint_group}}/{{instance}}/{{ip_address}}/{{port}}`\n\n* `{{network_endpoint_group}}/{{instance}}/{{ip_address}}/{{port}}`\n\nWhen using the `pulumi import` command, NetworkEndpoint can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/networkEndpoint:NetworkEndpoint default projects/{{project}}/zones/{{zone}}/networkEndpointGroups/{{network_endpoint_group}}/{{instance}}/{{ip_address}}/{{port}}\n```\n\n```sh\n$ pulumi import gcp:compute/networkEndpoint:NetworkEndpoint default {{project}}/{{zone}}/{{network_endpoint_group}}/{{instance}}/{{ip_address}}/{{port}}\n```\n\n```sh\n$ pulumi import gcp:compute/networkEndpoint:NetworkEndpoint default {{zone}}/{{network_endpoint_group}}/{{instance}}/{{ip_address}}/{{port}}\n```\n\n```sh\n$ pulumi import gcp:compute/networkEndpoint:NetworkEndpoint default {{network_endpoint_group}}/{{instance}}/{{ip_address}}/{{port}}\n```\n\n", "properties": { "instance": { "type": "string", @@ -171088,7 +171088,7 @@ } }, "gcp:compute/networkEndpointList:NetworkEndpointList": { - "description": "A set of network endpoints belonging to a network endpoint group (NEG). A\nsingle network endpoint represents a IP address and port combination that is\npart of a specific network endpoint group (NEG). NEGs are zonal collections\nof these endpoints for GCP resources within a single subnet. **NOTE**:\nNetwork endpoints cannot be created outside of a network endpoint group.\n\nThis resource is authoritative for a single NEG. Any endpoints not specified\nby this resource will be deleted when the resource configuration is applied.\n\n\u003e **NOTE** In case the Endpoint's Instance is recreated, it's needed to\nperform `apply` twice. To avoid situations like this, please use this resource\nwith the lifecycle `replace_triggered_by` method, with the passed Instance's ID.\n\n\nTo get more information about NetworkEndpoints, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/beta/networkEndpointGroups)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/load-balancing/docs/negs/)\n\n## Example Usage\n\n### Network Endpoints\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst _default = new gcp.compute.Network(\"default\", {\n name: \"neg-network\",\n autoCreateSubnetworks: false,\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"neg-subnetwork\",\n ipCidrRange: \"10.0.0.1/16\",\n region: \"us-central1\",\n network: _default.id,\n});\nconst endpoint_instance1 = new gcp.compute.Instance(\"endpoint-instance1\", {\n networkInterfaces: [{\n accessConfigs: [{}],\n subnetwork: defaultSubnetwork.id,\n }],\n name: \"endpoint-instance1\",\n machineType: \"e2-medium\",\n bootDisk: {\n initializeParams: {\n image: myImage.then(myImage =\u003e myImage.selfLink),\n },\n },\n});\nconst endpoint_instance2 = new gcp.compute.Instance(\"endpoint-instance2\", {\n networkInterfaces: [{\n accessConfigs: [{}],\n subnetwork: defaultSubnetwork.id,\n }],\n name: \"endpoint-instance2\",\n machineType: \"e2-medium\",\n bootDisk: {\n initializeParams: {\n image: myImage.then(myImage =\u003e myImage.selfLink),\n },\n },\n});\nconst default_endpoints = new gcp.compute.NetworkEndpointList(\"default-endpoints\", {\n networkEndpointGroup: neg.name,\n networkEndpoints: [\n {\n instance: endpoint_instance1.name,\n port: neg.defaultPort,\n ipAddress: endpoint_instance1.networkInterfaces.apply(networkInterfaces =\u003e networkInterfaces[0].networkIp),\n },\n {\n instance: endpoint_instance2.name,\n port: neg.defaultPort,\n ipAddress: endpoint_instance2.networkInterfaces.apply(networkInterfaces =\u003e networkInterfaces[0].networkIp),\n },\n ],\n});\nconst group = new gcp.compute.NetworkEndpointGroup(\"group\", {\n name: \"my-lb-neg\",\n network: _default.id,\n subnetwork: defaultSubnetwork.id,\n defaultPort: 90,\n zone: \"us-central1-a\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\ndefault = gcp.compute.Network(\"default\",\n name=\"neg-network\",\n auto_create_subnetworks=False)\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"neg-subnetwork\",\n ip_cidr_range=\"10.0.0.1/16\",\n region=\"us-central1\",\n network=default.id)\nendpoint_instance1 = gcp.compute.Instance(\"endpoint-instance1\",\n network_interfaces=[{\n \"access_configs\": [{}],\n \"subnetwork\": default_subnetwork.id,\n }],\n name=\"endpoint-instance1\",\n machine_type=\"e2-medium\",\n boot_disk={\n \"initialize_params\": {\n \"image\": my_image.self_link,\n },\n })\nendpoint_instance2 = gcp.compute.Instance(\"endpoint-instance2\",\n network_interfaces=[{\n \"access_configs\": [{}],\n \"subnetwork\": default_subnetwork.id,\n }],\n name=\"endpoint-instance2\",\n machine_type=\"e2-medium\",\n boot_disk={\n \"initialize_params\": {\n \"image\": my_image.self_link,\n },\n })\ndefault_endpoints = gcp.compute.NetworkEndpointList(\"default-endpoints\",\n network_endpoint_group=neg[\"name\"],\n network_endpoints=[\n {\n \"instance\": endpoint_instance1.name,\n \"port\": neg[\"defaultPort\"],\n \"ip_address\": endpoint_instance1.network_interfaces[0].network_ip,\n },\n {\n \"instance\": endpoint_instance2.name,\n \"port\": neg[\"defaultPort\"],\n \"ip_address\": endpoint_instance2.network_interfaces[0].network_ip,\n },\n ])\ngroup = gcp.compute.NetworkEndpointGroup(\"group\",\n name=\"my-lb-neg\",\n network=default.id,\n subnetwork=default_subnetwork.id,\n default_port=90,\n zone=\"us-central1-a\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"neg-network\",\n AutoCreateSubnetworks = false,\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"neg-subnetwork\",\n IpCidrRange = \"10.0.0.1/16\",\n Region = \"us-central1\",\n Network = @default.Id,\n });\n\n var endpoint_instance1 = new Gcp.Compute.Instance(\"endpoint-instance1\", new()\n {\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs\n {\n AccessConfigs = new[]\n {\n null,\n },\n Subnetwork = defaultSubnetwork.Id,\n },\n },\n Name = \"endpoint-instance1\",\n MachineType = \"e2-medium\",\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = myImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n },\n },\n });\n\n var endpoint_instance2 = new Gcp.Compute.Instance(\"endpoint-instance2\", new()\n {\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs\n {\n AccessConfigs = new[]\n {\n null,\n },\n Subnetwork = defaultSubnetwork.Id,\n },\n },\n Name = \"endpoint-instance2\",\n MachineType = \"e2-medium\",\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = myImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n },\n },\n });\n\n var default_endpoints = new Gcp.Compute.NetworkEndpointList(\"default-endpoints\", new()\n {\n NetworkEndpointGroup = neg.Name,\n NetworkEndpoints = new[]\n {\n new Gcp.Compute.Inputs.NetworkEndpointListNetworkEndpointArgs\n {\n Instance = endpoint_instance1.Name,\n Port = neg.DefaultPort,\n IpAddress = endpoint_instance1.NetworkInterfaces.Apply(networkInterfaces =\u003e networkInterfaces[0].NetworkIp),\n },\n new Gcp.Compute.Inputs.NetworkEndpointListNetworkEndpointArgs\n {\n Instance = endpoint_instance2.Name,\n Port = neg.DefaultPort,\n IpAddress = endpoint_instance2.NetworkInterfaces.Apply(networkInterfaces =\u003e networkInterfaces[0].NetworkIp),\n },\n },\n });\n\n var @group = new Gcp.Compute.NetworkEndpointGroup(\"group\", new()\n {\n Name = \"my-lb-neg\",\n Network = @default.Id,\n Subnetwork = defaultSubnetwork.Id,\n DefaultPort = 90,\n Zone = \"us-central1-a\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"neg-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"neg-subnetwork\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.1/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstance(ctx, \"endpoint-instance1\", \u0026compute.InstanceArgs{\n\t\t\tNetworkInterfaces: compute.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tAccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{\n\t\t\t\t\t\t\u0026compute.InstanceNetworkInterfaceAccessConfigArgs{},\n\t\t\t\t\t},\n\t\t\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tName: pulumi.String(\"endpoint-instance1\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\n\t\t\t\t\tImage: pulumi.String(myImage.SelfLink),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstance(ctx, \"endpoint-instance2\", \u0026compute.InstanceArgs{\n\t\t\tNetworkInterfaces: compute.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tAccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{\n\t\t\t\t\t\t\u0026compute.InstanceNetworkInterfaceAccessConfigArgs{},\n\t\t\t\t\t},\n\t\t\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tName: pulumi.String(\"endpoint-instance2\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\n\t\t\t\t\tImage: pulumi.String(myImage.SelfLink),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNetworkEndpointList(ctx, \"default-endpoints\", \u0026compute.NetworkEndpointListArgs{\n\t\t\tNetworkEndpointGroup: pulumi.Any(neg.Name),\n\t\t\tNetworkEndpoints: compute.NetworkEndpointListNetworkEndpointArray{\n\t\t\t\t\u0026compute.NetworkEndpointListNetworkEndpointArgs{\n\t\t\t\t\tInstance: endpoint_instance1.Name,\n\t\t\t\t\tPort: pulumi.Any(neg.DefaultPort),\n\t\t\t\t\tIpAddress: endpoint_instance1.NetworkInterfaces.ApplyT(func(networkInterfaces []compute.InstanceNetworkInterface) (*string, error) {\n\t\t\t\t\t\treturn \u0026networkInterfaces[0].NetworkIp, nil\n\t\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\t},\n\t\t\t\t\u0026compute.NetworkEndpointListNetworkEndpointArgs{\n\t\t\t\t\tInstance: endpoint_instance2.Name,\n\t\t\t\t\tPort: pulumi.Any(neg.DefaultPort),\n\t\t\t\t\tIpAddress: endpoint_instance2.NetworkInterfaces.ApplyT(func(networkInterfaces []compute.InstanceNetworkInterface) (*string, error) {\n\t\t\t\t\t\treturn \u0026networkInterfaces[0].NetworkIp, nil\n\t\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNetworkEndpointGroup(ctx, \"group\", \u0026compute.NetworkEndpointGroupArgs{\n\t\t\tName: pulumi.String(\"my-lb-neg\"),\n\t\t\tNetwork: _default.ID(),\n\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\tDefaultPort: pulumi.Int(90),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;\nimport com.pulumi.gcp.compute.NetworkEndpointList;\nimport com.pulumi.gcp.compute.NetworkEndpointListArgs;\nimport com.pulumi.gcp.compute.inputs.NetworkEndpointListNetworkEndpointArgs;\nimport com.pulumi.gcp.compute.NetworkEndpointGroup;\nimport com.pulumi.gcp.compute.NetworkEndpointGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"neg-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"neg-subnetwork\")\n .ipCidrRange(\"10.0.0.1/16\")\n .region(\"us-central1\")\n .network(default_.id())\n .build());\n\n var endpoint_instance1 = new Instance(\"endpoint-instance1\", InstanceArgs.builder()\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .accessConfigs()\n .subnetwork(defaultSubnetwork.id())\n .build())\n .name(\"endpoint-instance1\")\n .machineType(\"e2-medium\")\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(myImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .build())\n .build())\n .build());\n\n var endpoint_instance2 = new Instance(\"endpoint-instance2\", InstanceArgs.builder()\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .accessConfigs()\n .subnetwork(defaultSubnetwork.id())\n .build())\n .name(\"endpoint-instance2\")\n .machineType(\"e2-medium\")\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(myImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .build())\n .build())\n .build());\n\n var default_endpoints = new NetworkEndpointList(\"default-endpoints\", NetworkEndpointListArgs.builder()\n .networkEndpointGroup(neg.name())\n .networkEndpoints( \n NetworkEndpointListNetworkEndpointArgs.builder()\n .instance(endpoint_instance1.name())\n .port(neg.defaultPort())\n .ipAddress(endpoint_instance1.networkInterfaces().applyValue(networkInterfaces -\u003e networkInterfaces[0].networkIp()))\n .build(),\n NetworkEndpointListNetworkEndpointArgs.builder()\n .instance(endpoint_instance2.name())\n .port(neg.defaultPort())\n .ipAddress(endpoint_instance2.networkInterfaces().applyValue(networkInterfaces -\u003e networkInterfaces[0].networkIp()))\n .build())\n .build());\n\n var group = new NetworkEndpointGroup(\"group\", NetworkEndpointGroupArgs.builder()\n .name(\"my-lb-neg\")\n .network(default_.id())\n .subnetwork(defaultSubnetwork.id())\n .defaultPort(\"90\")\n .zone(\"us-central1-a\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default-endpoints:\n type: gcp:compute:NetworkEndpointList\n properties:\n networkEndpointGroup: ${neg.name}\n networkEndpoints:\n - instance: ${[\"endpoint-instance1\"].name}\n port: ${neg.defaultPort}\n ipAddress: ${[\"endpoint-instance1\"].networkInterfaces[0].networkIp}\n - instance: ${[\"endpoint-instance2\"].name}\n port: ${neg.defaultPort}\n ipAddress: ${[\"endpoint-instance2\"].networkInterfaces[0].networkIp}\n endpoint-instance1:\n type: gcp:compute:Instance\n properties:\n networkInterfaces:\n - accessConfigs:\n - {}\n subnetwork: ${defaultSubnetwork.id}\n name: endpoint-instance1\n machineType: e2-medium\n bootDisk:\n initializeParams:\n image: ${myImage.selfLink}\n endpoint-instance2:\n type: gcp:compute:Instance\n properties:\n networkInterfaces:\n - accessConfigs:\n - {}\n subnetwork: ${defaultSubnetwork.id}\n name: endpoint-instance2\n machineType: e2-medium\n bootDisk:\n initializeParams:\n image: ${myImage.selfLink}\n group:\n type: gcp:compute:NetworkEndpointGroup\n properties:\n name: my-lb-neg\n network: ${default.id}\n subnetwork: ${defaultSubnetwork.id}\n defaultPort: '90'\n zone: us-central1-a\n default:\n type: gcp:compute:Network\n properties:\n name: neg-network\n autoCreateSubnetworks: false\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: neg-subnetwork\n ipCidrRange: 10.0.0.1/16\n region: us-central1\n network: ${default.id}\nvariables:\n myImage:\n fn::invoke:\n Function: gcp:compute:getImage\n Arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nNetworkEndpoints can be imported using any of these accepted formats:\n\n* `projects/{{project}}/zones/{{zone}}/networkEndpointGroups/{{network_endpoint_group}}`\n\n* `{{project}}/{{zone}}/{{network_endpoint_group}}`\n\n* `{{zone}}/{{network_endpoint_group}}`\n\n* `{{network_endpoint_group}}`\n\nWhen using the `pulumi import` command, NetworkEndpoints can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/networkEndpointList:NetworkEndpointList default projects/{{project}}/zones/{{zone}}/networkEndpointGroups/{{network_endpoint_group}}\n```\n\n```sh\n$ pulumi import gcp:compute/networkEndpointList:NetworkEndpointList default {{project}}/{{zone}}/{{network_endpoint_group}}\n```\n\n```sh\n$ pulumi import gcp:compute/networkEndpointList:NetworkEndpointList default {{zone}}/{{network_endpoint_group}}\n```\n\n```sh\n$ pulumi import gcp:compute/networkEndpointList:NetworkEndpointList default {{network_endpoint_group}}\n```\n\n", + "description": "A set of network endpoints belonging to a network endpoint group (NEG). A\nsingle network endpoint represents a IP address and port combination that is\npart of a specific network endpoint group (NEG). NEGs are zonal collections\nof these endpoints for GCP resources within a single subnet. **NOTE**:\nNetwork endpoints cannot be created outside of a network endpoint group.\n\nThis resource is authoritative for a single NEG. Any endpoints not specified\nby this resource will be deleted when the resource configuration is applied.\n\n\u003e **NOTE** In case the Endpoint's Instance is recreated, it's needed to\nperform `apply` twice. To avoid situations like this, please use this resource\nwith the lifecycle `replace_triggered_by` method, with the passed Instance's ID.\n\n\nTo get more information about NetworkEndpoints, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/beta/networkEndpointGroups)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/load-balancing/docs/negs/)\n\n## Example Usage\n\n### Network Endpoints\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst _default = new gcp.compute.Network(\"default\", {\n name: \"neg-network\",\n autoCreateSubnetworks: false,\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"neg-subnetwork\",\n ipCidrRange: \"10.0.0.1/16\",\n region: \"us-central1\",\n network: _default.id,\n});\nconst endpoint_instance1 = new gcp.compute.Instance(\"endpoint-instance1\", {\n networkInterfaces: [{\n accessConfigs: [{}],\n subnetwork: defaultSubnetwork.id,\n }],\n name: \"endpoint-instance1\",\n machineType: \"e2-medium\",\n bootDisk: {\n initializeParams: {\n image: myImage.then(myImage =\u003e myImage.selfLink),\n },\n },\n});\nconst endpoint_instance2 = new gcp.compute.Instance(\"endpoint-instance2\", {\n networkInterfaces: [{\n accessConfigs: [{}],\n subnetwork: defaultSubnetwork.id,\n }],\n name: \"endpoint-instance2\",\n machineType: \"e2-medium\",\n bootDisk: {\n initializeParams: {\n image: myImage.then(myImage =\u003e myImage.selfLink),\n },\n },\n});\nconst default_endpoints = new gcp.compute.NetworkEndpointList(\"default-endpoints\", {\n networkEndpointGroup: neg.name,\n networkEndpoints: [\n {\n instance: endpoint_instance1.name,\n port: neg.defaultPort,\n ipAddress: endpoint_instance1.networkInterfaces.apply(networkInterfaces =\u003e networkInterfaces[0].networkIp),\n },\n {\n instance: endpoint_instance2.name,\n port: neg.defaultPort,\n ipAddress: endpoint_instance2.networkInterfaces.apply(networkInterfaces =\u003e networkInterfaces[0].networkIp),\n },\n ],\n});\nconst group = new gcp.compute.NetworkEndpointGroup(\"group\", {\n name: \"my-lb-neg\",\n network: _default.id,\n subnetwork: defaultSubnetwork.id,\n defaultPort: 90,\n zone: \"us-central1-a\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\ndefault = gcp.compute.Network(\"default\",\n name=\"neg-network\",\n auto_create_subnetworks=False)\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"neg-subnetwork\",\n ip_cidr_range=\"10.0.0.1/16\",\n region=\"us-central1\",\n network=default.id)\nendpoint_instance1 = gcp.compute.Instance(\"endpoint-instance1\",\n network_interfaces=[{\n \"access_configs\": [{}],\n \"subnetwork\": default_subnetwork.id,\n }],\n name=\"endpoint-instance1\",\n machine_type=\"e2-medium\",\n boot_disk={\n \"initialize_params\": {\n \"image\": my_image.self_link,\n },\n })\nendpoint_instance2 = gcp.compute.Instance(\"endpoint-instance2\",\n network_interfaces=[{\n \"access_configs\": [{}],\n \"subnetwork\": default_subnetwork.id,\n }],\n name=\"endpoint-instance2\",\n machine_type=\"e2-medium\",\n boot_disk={\n \"initialize_params\": {\n \"image\": my_image.self_link,\n },\n })\ndefault_endpoints = gcp.compute.NetworkEndpointList(\"default-endpoints\",\n network_endpoint_group=neg[\"name\"],\n network_endpoints=[\n {\n \"instance\": endpoint_instance1.name,\n \"port\": neg[\"defaultPort\"],\n \"ip_address\": endpoint_instance1.network_interfaces[0].network_ip,\n },\n {\n \"instance\": endpoint_instance2.name,\n \"port\": neg[\"defaultPort\"],\n \"ip_address\": endpoint_instance2.network_interfaces[0].network_ip,\n },\n ])\ngroup = gcp.compute.NetworkEndpointGroup(\"group\",\n name=\"my-lb-neg\",\n network=default.id,\n subnetwork=default_subnetwork.id,\n default_port=90,\n zone=\"us-central1-a\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"neg-network\",\n AutoCreateSubnetworks = false,\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"neg-subnetwork\",\n IpCidrRange = \"10.0.0.1/16\",\n Region = \"us-central1\",\n Network = @default.Id,\n });\n\n var endpoint_instance1 = new Gcp.Compute.Instance(\"endpoint-instance1\", new()\n {\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs\n {\n AccessConfigs = new[]\n {\n null,\n },\n Subnetwork = defaultSubnetwork.Id,\n },\n },\n Name = \"endpoint-instance1\",\n MachineType = \"e2-medium\",\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = myImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n },\n },\n });\n\n var endpoint_instance2 = new Gcp.Compute.Instance(\"endpoint-instance2\", new()\n {\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs\n {\n AccessConfigs = new[]\n {\n null,\n },\n Subnetwork = defaultSubnetwork.Id,\n },\n },\n Name = \"endpoint-instance2\",\n MachineType = \"e2-medium\",\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = myImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n },\n },\n });\n\n var default_endpoints = new Gcp.Compute.NetworkEndpointList(\"default-endpoints\", new()\n {\n NetworkEndpointGroup = neg.Name,\n NetworkEndpoints = new[]\n {\n new Gcp.Compute.Inputs.NetworkEndpointListNetworkEndpointArgs\n {\n Instance = endpoint_instance1.Name,\n Port = neg.DefaultPort,\n IpAddress = endpoint_instance1.NetworkInterfaces.Apply(networkInterfaces =\u003e networkInterfaces[0].NetworkIp),\n },\n new Gcp.Compute.Inputs.NetworkEndpointListNetworkEndpointArgs\n {\n Instance = endpoint_instance2.Name,\n Port = neg.DefaultPort,\n IpAddress = endpoint_instance2.NetworkInterfaces.Apply(networkInterfaces =\u003e networkInterfaces[0].NetworkIp),\n },\n },\n });\n\n var @group = new Gcp.Compute.NetworkEndpointGroup(\"group\", new()\n {\n Name = \"my-lb-neg\",\n Network = @default.Id,\n Subnetwork = defaultSubnetwork.Id,\n DefaultPort = 90,\n Zone = \"us-central1-a\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"neg-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"neg-subnetwork\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.1/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstance(ctx, \"endpoint-instance1\", \u0026compute.InstanceArgs{\n\t\t\tNetworkInterfaces: compute.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tAccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{\n\t\t\t\t\t\t\u0026compute.InstanceNetworkInterfaceAccessConfigArgs{},\n\t\t\t\t\t},\n\t\t\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tName: pulumi.String(\"endpoint-instance1\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\n\t\t\t\t\tImage: pulumi.String(myImage.SelfLink),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstance(ctx, \"endpoint-instance2\", \u0026compute.InstanceArgs{\n\t\t\tNetworkInterfaces: compute.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tAccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{\n\t\t\t\t\t\t\u0026compute.InstanceNetworkInterfaceAccessConfigArgs{},\n\t\t\t\t\t},\n\t\t\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tName: pulumi.String(\"endpoint-instance2\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\n\t\t\t\t\tImage: pulumi.String(myImage.SelfLink),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNetworkEndpointList(ctx, \"default-endpoints\", \u0026compute.NetworkEndpointListArgs{\n\t\t\tNetworkEndpointGroup: pulumi.Any(neg.Name),\n\t\t\tNetworkEndpoints: compute.NetworkEndpointListNetworkEndpointArray{\n\t\t\t\t\u0026compute.NetworkEndpointListNetworkEndpointArgs{\n\t\t\t\t\tInstance: endpoint_instance1.Name,\n\t\t\t\t\tPort: pulumi.Any(neg.DefaultPort),\n\t\t\t\t\tIpAddress: endpoint_instance1.NetworkInterfaces.ApplyT(func(networkInterfaces []compute.InstanceNetworkInterface) (*string, error) {\n\t\t\t\t\t\treturn \u0026networkInterfaces[0].NetworkIp, nil\n\t\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\t},\n\t\t\t\t\u0026compute.NetworkEndpointListNetworkEndpointArgs{\n\t\t\t\t\tInstance: endpoint_instance2.Name,\n\t\t\t\t\tPort: pulumi.Any(neg.DefaultPort),\n\t\t\t\t\tIpAddress: endpoint_instance2.NetworkInterfaces.ApplyT(func(networkInterfaces []compute.InstanceNetworkInterface) (*string, error) {\n\t\t\t\t\t\treturn \u0026networkInterfaces[0].NetworkIp, nil\n\t\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNetworkEndpointGroup(ctx, \"group\", \u0026compute.NetworkEndpointGroupArgs{\n\t\t\tName: pulumi.String(\"my-lb-neg\"),\n\t\t\tNetwork: _default.ID(),\n\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\tDefaultPort: pulumi.Int(90),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;\nimport com.pulumi.gcp.compute.NetworkEndpointList;\nimport com.pulumi.gcp.compute.NetworkEndpointListArgs;\nimport com.pulumi.gcp.compute.inputs.NetworkEndpointListNetworkEndpointArgs;\nimport com.pulumi.gcp.compute.NetworkEndpointGroup;\nimport com.pulumi.gcp.compute.NetworkEndpointGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"neg-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"neg-subnetwork\")\n .ipCidrRange(\"10.0.0.1/16\")\n .region(\"us-central1\")\n .network(default_.id())\n .build());\n\n var endpoint_instance1 = new Instance(\"endpoint-instance1\", InstanceArgs.builder()\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .accessConfigs()\n .subnetwork(defaultSubnetwork.id())\n .build())\n .name(\"endpoint-instance1\")\n .machineType(\"e2-medium\")\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(myImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .build())\n .build())\n .build());\n\n var endpoint_instance2 = new Instance(\"endpoint-instance2\", InstanceArgs.builder()\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .accessConfigs()\n .subnetwork(defaultSubnetwork.id())\n .build())\n .name(\"endpoint-instance2\")\n .machineType(\"e2-medium\")\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(myImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .build())\n .build())\n .build());\n\n var default_endpoints = new NetworkEndpointList(\"default-endpoints\", NetworkEndpointListArgs.builder()\n .networkEndpointGroup(neg.name())\n .networkEndpoints( \n NetworkEndpointListNetworkEndpointArgs.builder()\n .instance(endpoint_instance1.name())\n .port(neg.defaultPort())\n .ipAddress(endpoint_instance1.networkInterfaces().applyValue(networkInterfaces -\u003e networkInterfaces[0].networkIp()))\n .build(),\n NetworkEndpointListNetworkEndpointArgs.builder()\n .instance(endpoint_instance2.name())\n .port(neg.defaultPort())\n .ipAddress(endpoint_instance2.networkInterfaces().applyValue(networkInterfaces -\u003e networkInterfaces[0].networkIp()))\n .build())\n .build());\n\n var group = new NetworkEndpointGroup(\"group\", NetworkEndpointGroupArgs.builder()\n .name(\"my-lb-neg\")\n .network(default_.id())\n .subnetwork(defaultSubnetwork.id())\n .defaultPort(\"90\")\n .zone(\"us-central1-a\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default-endpoints:\n type: gcp:compute:NetworkEndpointList\n properties:\n networkEndpointGroup: ${neg.name}\n networkEndpoints:\n - instance: ${[\"endpoint-instance1\"].name}\n port: ${neg.defaultPort}\n ipAddress: ${[\"endpoint-instance1\"].networkInterfaces[0].networkIp}\n - instance: ${[\"endpoint-instance2\"].name}\n port: ${neg.defaultPort}\n ipAddress: ${[\"endpoint-instance2\"].networkInterfaces[0].networkIp}\n endpoint-instance1:\n type: gcp:compute:Instance\n properties:\n networkInterfaces:\n - accessConfigs:\n - {}\n subnetwork: ${defaultSubnetwork.id}\n name: endpoint-instance1\n machineType: e2-medium\n bootDisk:\n initializeParams:\n image: ${myImage.selfLink}\n endpoint-instance2:\n type: gcp:compute:Instance\n properties:\n networkInterfaces:\n - accessConfigs:\n - {}\n subnetwork: ${defaultSubnetwork.id}\n name: endpoint-instance2\n machineType: e2-medium\n bootDisk:\n initializeParams:\n image: ${myImage.selfLink}\n group:\n type: gcp:compute:NetworkEndpointGroup\n properties:\n name: my-lb-neg\n network: ${default.id}\n subnetwork: ${defaultSubnetwork.id}\n defaultPort: '90'\n zone: us-central1-a\n default:\n type: gcp:compute:Network\n properties:\n name: neg-network\n autoCreateSubnetworks: false\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: neg-subnetwork\n ipCidrRange: 10.0.0.1/16\n region: us-central1\n network: ${default.id}\nvariables:\n myImage:\n fn::invoke:\n function: gcp:compute:getImage\n arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nNetworkEndpoints can be imported using any of these accepted formats:\n\n* `projects/{{project}}/zones/{{zone}}/networkEndpointGroups/{{network_endpoint_group}}`\n\n* `{{project}}/{{zone}}/{{network_endpoint_group}}`\n\n* `{{zone}}/{{network_endpoint_group}}`\n\n* `{{network_endpoint_group}}`\n\nWhen using the `pulumi import` command, NetworkEndpoints can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/networkEndpointList:NetworkEndpointList default projects/{{project}}/zones/{{zone}}/networkEndpointGroups/{{network_endpoint_group}}\n```\n\n```sh\n$ pulumi import gcp:compute/networkEndpointList:NetworkEndpointList default {{project}}/{{zone}}/{{network_endpoint_group}}\n```\n\n```sh\n$ pulumi import gcp:compute/networkEndpointList:NetworkEndpointList default {{zone}}/{{network_endpoint_group}}\n```\n\n```sh\n$ pulumi import gcp:compute/networkEndpointList:NetworkEndpointList default {{network_endpoint_group}}\n```\n\n", "properties": { "networkEndpointGroup": { "type": "string", @@ -171611,7 +171611,7 @@ } }, "gcp:compute/networkFirewallPolicyWithRules:NetworkFirewallPolicyWithRules": { - "description": "## Example Usage\n\n### Compute Network Firewall Policy With Rules Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst addressGroup1 = new gcp.networksecurity.AddressGroup(\"address_group_1\", {\n name: \"tf-address-group\",\n parent: project.then(project =\u003e project.id),\n description: \"Global address group\",\n location: \"global\",\n items: [\"208.80.154.224/32\"],\n type: \"IPV4\",\n capacity: 100,\n});\nconst secureTagKey1 = new gcp.tags.TagKey(\"secure_tag_key_1\", {\n description: \"Tag key\",\n parent: project.then(project =\u003e project.id),\n purpose: \"GCE_FIREWALL\",\n shortName: \"tf-tag-key\",\n purposeData: {\n network: project.then(project =\u003e `${project.name}/default`),\n },\n});\nconst secureTagValue1 = new gcp.tags.TagValue(\"secure_tag_value_1\", {\n description: \"Tag value\",\n parent: secureTagKey1.id,\n shortName: \"tf-tag-value\",\n});\nconst securityProfile1 = new gcp.networksecurity.SecurityProfile(\"security_profile_1\", {\n name: \"tf-security-profile\",\n type: \"THREAT_PREVENTION\",\n parent: \"organizations/123456789\",\n location: \"global\",\n});\nconst securityProfileGroup1 = new gcp.networksecurity.SecurityProfileGroup(\"security_profile_group_1\", {\n name: \"tf-security-profile-group\",\n parent: \"organizations/123456789\",\n description: \"my description\",\n threatPreventionProfile: securityProfile1.id,\n});\nconst network_firewall_policy_with_rules = new gcp.compute.NetworkFirewallPolicyWithRules(\"network-firewall-policy-with-rules\", {\n name: \"tf-fw-policy-with-rules\",\n description: \"Terraform test\",\n rules: [\n {\n description: \"tcp rule\",\n priority: 1000,\n enableLogging: true,\n action: \"allow\",\n direction: \"EGRESS\",\n match: {\n layer4Configs: [{\n ipProtocol: \"tcp\",\n ports: [\n \"8080\",\n \"7070\",\n ],\n }],\n destIpRanges: [\"11.100.0.1/32\"],\n destFqdns: [\n \"www.yyy.com\",\n \"www.zzz.com\",\n ],\n destRegionCodes: [\n \"HK\",\n \"IN\",\n ],\n destThreatIntelligences: [\n \"iplist-search-engines-crawlers\",\n \"iplist-tor-exit-nodes\",\n ],\n destAddressGroups: [addressGroup1.id],\n },\n targetSecureTags: [{\n name: secureTagValue1.id,\n }],\n },\n {\n description: \"udp rule\",\n priority: 2000,\n enableLogging: false,\n action: \"deny\",\n direction: \"INGRESS\",\n match: {\n layer4Configs: [{\n ipProtocol: \"udp\",\n }],\n srcIpRanges: [\"0.0.0.0/0\"],\n srcFqdns: [\n \"www.abc.com\",\n \"www.def.com\",\n ],\n srcRegionCodes: [\n \"US\",\n \"CA\",\n ],\n srcThreatIntelligences: [\n \"iplist-known-malicious-ips\",\n \"iplist-public-clouds\",\n ],\n srcAddressGroups: [addressGroup1.id],\n srcSecureTags: [{\n name: secureTagValue1.id,\n }],\n },\n disabled: true,\n },\n {\n description: \"security profile group rule\",\n ruleName: \"tcp rule\",\n priority: 3000,\n enableLogging: false,\n action: \"apply_security_profile_group\",\n direction: \"INGRESS\",\n match: {\n layer4Configs: [{\n ipProtocol: \"tcp\",\n }],\n srcIpRanges: [\"0.0.0.0/0\"],\n },\n targetServiceAccounts: [\"test@google.com\"],\n securityProfileGroup: pulumi.interpolate`//networksecurity.googleapis.com/${securityProfileGroup1.id}`,\n tlsInspect: true,\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\naddress_group1 = gcp.networksecurity.AddressGroup(\"address_group_1\",\n name=\"tf-address-group\",\n parent=project.id,\n description=\"Global address group\",\n location=\"global\",\n items=[\"208.80.154.224/32\"],\n type=\"IPV4\",\n capacity=100)\nsecure_tag_key1 = gcp.tags.TagKey(\"secure_tag_key_1\",\n description=\"Tag key\",\n parent=project.id,\n purpose=\"GCE_FIREWALL\",\n short_name=\"tf-tag-key\",\n purpose_data={\n \"network\": f\"{project.name}/default\",\n })\nsecure_tag_value1 = gcp.tags.TagValue(\"secure_tag_value_1\",\n description=\"Tag value\",\n parent=secure_tag_key1.id,\n short_name=\"tf-tag-value\")\nsecurity_profile1 = gcp.networksecurity.SecurityProfile(\"security_profile_1\",\n name=\"tf-security-profile\",\n type=\"THREAT_PREVENTION\",\n parent=\"organizations/123456789\",\n location=\"global\")\nsecurity_profile_group1 = gcp.networksecurity.SecurityProfileGroup(\"security_profile_group_1\",\n name=\"tf-security-profile-group\",\n parent=\"organizations/123456789\",\n description=\"my description\",\n threat_prevention_profile=security_profile1.id)\nnetwork_firewall_policy_with_rules = gcp.compute.NetworkFirewallPolicyWithRules(\"network-firewall-policy-with-rules\",\n name=\"tf-fw-policy-with-rules\",\n description=\"Terraform test\",\n rules=[\n {\n \"description\": \"tcp rule\",\n \"priority\": 1000,\n \"enable_logging\": True,\n \"action\": \"allow\",\n \"direction\": \"EGRESS\",\n \"match\": {\n \"layer4_configs\": [{\n \"ip_protocol\": \"tcp\",\n \"ports\": [\n \"8080\",\n \"7070\",\n ],\n }],\n \"dest_ip_ranges\": [\"11.100.0.1/32\"],\n \"dest_fqdns\": [\n \"www.yyy.com\",\n \"www.zzz.com\",\n ],\n \"dest_region_codes\": [\n \"HK\",\n \"IN\",\n ],\n \"dest_threat_intelligences\": [\n \"iplist-search-engines-crawlers\",\n \"iplist-tor-exit-nodes\",\n ],\n \"dest_address_groups\": [address_group1.id],\n },\n \"target_secure_tags\": [{\n \"name\": secure_tag_value1.id,\n }],\n },\n {\n \"description\": \"udp rule\",\n \"priority\": 2000,\n \"enable_logging\": False,\n \"action\": \"deny\",\n \"direction\": \"INGRESS\",\n \"match\": {\n \"layer4_configs\": [{\n \"ip_protocol\": \"udp\",\n }],\n \"src_ip_ranges\": [\"0.0.0.0/0\"],\n \"src_fqdns\": [\n \"www.abc.com\",\n \"www.def.com\",\n ],\n \"src_region_codes\": [\n \"US\",\n \"CA\",\n ],\n \"src_threat_intelligences\": [\n \"iplist-known-malicious-ips\",\n \"iplist-public-clouds\",\n ],\n \"src_address_groups\": [address_group1.id],\n \"src_secure_tags\": [{\n \"name\": secure_tag_value1.id,\n }],\n },\n \"disabled\": True,\n },\n {\n \"description\": \"security profile group rule\",\n \"rule_name\": \"tcp rule\",\n \"priority\": 3000,\n \"enable_logging\": False,\n \"action\": \"apply_security_profile_group\",\n \"direction\": \"INGRESS\",\n \"match\": {\n \"layer4_configs\": [{\n \"ip_protocol\": \"tcp\",\n }],\n \"src_ip_ranges\": [\"0.0.0.0/0\"],\n },\n \"target_service_accounts\": [\"test@google.com\"],\n \"security_profile_group\": security_profile_group1.id.apply(lambda id: f\"//networksecurity.googleapis.com/{id}\"),\n \"tls_inspect\": True,\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var addressGroup1 = new Gcp.NetworkSecurity.AddressGroup(\"address_group_1\", new()\n {\n Name = \"tf-address-group\",\n Parent = project.Apply(getProjectResult =\u003e getProjectResult.Id),\n Description = \"Global address group\",\n Location = \"global\",\n Items = new[]\n {\n \"208.80.154.224/32\",\n },\n Type = \"IPV4\",\n Capacity = 100,\n });\n\n var secureTagKey1 = new Gcp.Tags.TagKey(\"secure_tag_key_1\", new()\n {\n Description = \"Tag key\",\n Parent = project.Apply(getProjectResult =\u003e getProjectResult.Id),\n Purpose = \"GCE_FIREWALL\",\n ShortName = \"tf-tag-key\",\n PurposeData = \n {\n { \"network\", $\"{project.Apply(getProjectResult =\u003e getProjectResult.Name)}/default\" },\n },\n });\n\n var secureTagValue1 = new Gcp.Tags.TagValue(\"secure_tag_value_1\", new()\n {\n Description = \"Tag value\",\n Parent = secureTagKey1.Id,\n ShortName = \"tf-tag-value\",\n });\n\n var securityProfile1 = new Gcp.NetworkSecurity.SecurityProfile(\"security_profile_1\", new()\n {\n Name = \"tf-security-profile\",\n Type = \"THREAT_PREVENTION\",\n Parent = \"organizations/123456789\",\n Location = \"global\",\n });\n\n var securityProfileGroup1 = new Gcp.NetworkSecurity.SecurityProfileGroup(\"security_profile_group_1\", new()\n {\n Name = \"tf-security-profile-group\",\n Parent = \"organizations/123456789\",\n Description = \"my description\",\n ThreatPreventionProfile = securityProfile1.Id,\n });\n\n var network_firewall_policy_with_rules = new Gcp.Compute.NetworkFirewallPolicyWithRules(\"network-firewall-policy-with-rules\", new()\n {\n Name = \"tf-fw-policy-with-rules\",\n Description = \"Terraform test\",\n Rules = new[]\n {\n new Gcp.Compute.Inputs.NetworkFirewallPolicyWithRulesRuleArgs\n {\n Description = \"tcp rule\",\n Priority = 1000,\n EnableLogging = true,\n Action = \"allow\",\n Direction = \"EGRESS\",\n Match = new Gcp.Compute.Inputs.NetworkFirewallPolicyWithRulesRuleMatchArgs\n {\n Layer4Configs = new[]\n {\n new Gcp.Compute.Inputs.NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs\n {\n IpProtocol = \"tcp\",\n Ports = new[]\n {\n \"8080\",\n \"7070\",\n },\n },\n },\n DestIpRanges = new[]\n {\n \"11.100.0.1/32\",\n },\n DestFqdns = new[]\n {\n \"www.yyy.com\",\n \"www.zzz.com\",\n },\n DestRegionCodes = new[]\n {\n \"HK\",\n \"IN\",\n },\n DestThreatIntelligences = new[]\n {\n \"iplist-search-engines-crawlers\",\n \"iplist-tor-exit-nodes\",\n },\n DestAddressGroups = new[]\n {\n addressGroup1.Id,\n },\n },\n TargetSecureTags = new[]\n {\n new Gcp.Compute.Inputs.NetworkFirewallPolicyWithRulesRuleTargetSecureTagArgs\n {\n Name = secureTagValue1.Id,\n },\n },\n },\n new Gcp.Compute.Inputs.NetworkFirewallPolicyWithRulesRuleArgs\n {\n Description = \"udp rule\",\n Priority = 2000,\n EnableLogging = false,\n Action = \"deny\",\n Direction = \"INGRESS\",\n Match = new Gcp.Compute.Inputs.NetworkFirewallPolicyWithRulesRuleMatchArgs\n {\n Layer4Configs = new[]\n {\n new Gcp.Compute.Inputs.NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs\n {\n IpProtocol = \"udp\",\n },\n },\n SrcIpRanges = new[]\n {\n \"0.0.0.0/0\",\n },\n SrcFqdns = new[]\n {\n \"www.abc.com\",\n \"www.def.com\",\n },\n SrcRegionCodes = new[]\n {\n \"US\",\n \"CA\",\n },\n SrcThreatIntelligences = new[]\n {\n \"iplist-known-malicious-ips\",\n \"iplist-public-clouds\",\n },\n SrcAddressGroups = new[]\n {\n addressGroup1.Id,\n },\n SrcSecureTags = new[]\n {\n new Gcp.Compute.Inputs.NetworkFirewallPolicyWithRulesRuleMatchSrcSecureTagArgs\n {\n Name = secureTagValue1.Id,\n },\n },\n },\n Disabled = true,\n },\n new Gcp.Compute.Inputs.NetworkFirewallPolicyWithRulesRuleArgs\n {\n Description = \"security profile group rule\",\n RuleName = \"tcp rule\",\n Priority = 3000,\n EnableLogging = false,\n Action = \"apply_security_profile_group\",\n Direction = \"INGRESS\",\n Match = new Gcp.Compute.Inputs.NetworkFirewallPolicyWithRulesRuleMatchArgs\n {\n Layer4Configs = new[]\n {\n new Gcp.Compute.Inputs.NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs\n {\n IpProtocol = \"tcp\",\n },\n },\n SrcIpRanges = new[]\n {\n \"0.0.0.0/0\",\n },\n },\n TargetServiceAccounts = new[]\n {\n \"test@google.com\",\n },\n SecurityProfileGroup = securityProfileGroup1.Id.Apply(id =\u003e $\"//networksecurity.googleapis.com/{id}\"),\n TlsInspect = true,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\taddressGroup1, err := networksecurity.NewAddressGroup(ctx, \"address_group_1\", \u0026networksecurity.AddressGroupArgs{\n\t\t\tName: pulumi.String(\"tf-address-group\"),\n\t\t\tParent: pulumi.String(project.Id),\n\t\t\tDescription: pulumi.String(\"Global address group\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tItems: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"208.80.154.224/32\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"IPV4\"),\n\t\t\tCapacity: pulumi.Int(100),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecureTagKey1, err := tags.NewTagKey(ctx, \"secure_tag_key_1\", \u0026tags.TagKeyArgs{\n\t\t\tDescription: pulumi.String(\"Tag key\"),\n\t\t\tParent: pulumi.String(project.Id),\n\t\t\tPurpose: pulumi.String(\"GCE_FIREWALL\"),\n\t\t\tShortName: pulumi.String(\"tf-tag-key\"),\n\t\t\tPurposeData: pulumi.StringMap{\n\t\t\t\t\"network\": pulumi.Sprintf(\"%v/default\", project.Name),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecureTagValue1, err := tags.NewTagValue(ctx, \"secure_tag_value_1\", \u0026tags.TagValueArgs{\n\t\t\tDescription: pulumi.String(\"Tag value\"),\n\t\t\tParent: secureTagKey1.ID(),\n\t\t\tShortName: pulumi.String(\"tf-tag-value\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecurityProfile1, err := networksecurity.NewSecurityProfile(ctx, \"security_profile_1\", \u0026networksecurity.SecurityProfileArgs{\n\t\t\tName: pulumi.String(\"tf-security-profile\"),\n\t\t\tType: pulumi.String(\"THREAT_PREVENTION\"),\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecurityProfileGroup1, err := networksecurity.NewSecurityProfileGroup(ctx, \"security_profile_group_1\", \u0026networksecurity.SecurityProfileGroupArgs{\n\t\t\tName: pulumi.String(\"tf-security-profile-group\"),\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tDescription: pulumi.String(\"my description\"),\n\t\t\tThreatPreventionProfile: securityProfile1.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNetworkFirewallPolicyWithRules(ctx, \"network-firewall-policy-with-rules\", \u0026compute.NetworkFirewallPolicyWithRulesArgs{\n\t\t\tName: pulumi.String(\"tf-fw-policy-with-rules\"),\n\t\t\tDescription: pulumi.String(\"Terraform test\"),\n\t\t\tRules: compute.NetworkFirewallPolicyWithRulesRuleArray{\n\t\t\t\t\u0026compute.NetworkFirewallPolicyWithRulesRuleArgs{\n\t\t\t\t\tDescription: pulumi.String(\"tcp rule\"),\n\t\t\t\t\tPriority: pulumi.Int(1000),\n\t\t\t\t\tEnableLogging: pulumi.Bool(true),\n\t\t\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\t\t\tDirection: pulumi.String(\"EGRESS\"),\n\t\t\t\t\tMatch: \u0026compute.NetworkFirewallPolicyWithRulesRuleMatchArgs{\n\t\t\t\t\t\tLayer4Configs: compute.NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArray{\n\t\t\t\t\t\t\t\u0026compute.NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs{\n\t\t\t\t\t\t\t\tIpProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\t\t\t\tPorts: pulumi.StringArray{\n\t\t\t\t\t\t\t\t\tpulumi.String(\"8080\"),\n\t\t\t\t\t\t\t\t\tpulumi.String(\"7070\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDestIpRanges: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"11.100.0.1/32\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDestFqdns: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"www.yyy.com\"),\n\t\t\t\t\t\t\tpulumi.String(\"www.zzz.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDestRegionCodes: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"HK\"),\n\t\t\t\t\t\t\tpulumi.String(\"IN\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDestThreatIntelligences: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"iplist-search-engines-crawlers\"),\n\t\t\t\t\t\t\tpulumi.String(\"iplist-tor-exit-nodes\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDestAddressGroups: pulumi.StringArray{\n\t\t\t\t\t\t\taddressGroup1.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tTargetSecureTags: compute.NetworkFirewallPolicyWithRulesRuleTargetSecureTagArray{\n\t\t\t\t\t\t\u0026compute.NetworkFirewallPolicyWithRulesRuleTargetSecureTagArgs{\n\t\t\t\t\t\t\tName: secureTagValue1.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026compute.NetworkFirewallPolicyWithRulesRuleArgs{\n\t\t\t\t\tDescription: pulumi.String(\"udp rule\"),\n\t\t\t\t\tPriority: pulumi.Int(2000),\n\t\t\t\t\tEnableLogging: pulumi.Bool(false),\n\t\t\t\t\tAction: pulumi.String(\"deny\"),\n\t\t\t\t\tDirection: pulumi.String(\"INGRESS\"),\n\t\t\t\t\tMatch: \u0026compute.NetworkFirewallPolicyWithRulesRuleMatchArgs{\n\t\t\t\t\t\tLayer4Configs: compute.NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArray{\n\t\t\t\t\t\t\t\u0026compute.NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs{\n\t\t\t\t\t\t\t\tIpProtocol: pulumi.String(\"udp\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcIpRanges: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"0.0.0.0/0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcFqdns: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"www.abc.com\"),\n\t\t\t\t\t\t\tpulumi.String(\"www.def.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcRegionCodes: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t\t\t\tpulumi.String(\"CA\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcThreatIntelligences: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"iplist-known-malicious-ips\"),\n\t\t\t\t\t\t\tpulumi.String(\"iplist-public-clouds\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcAddressGroups: pulumi.StringArray{\n\t\t\t\t\t\t\taddressGroup1.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcSecureTags: compute.NetworkFirewallPolicyWithRulesRuleMatchSrcSecureTagArray{\n\t\t\t\t\t\t\t\u0026compute.NetworkFirewallPolicyWithRulesRuleMatchSrcSecureTagArgs{\n\t\t\t\t\t\t\t\tName: secureTagValue1.ID(),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tDisabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\t\u0026compute.NetworkFirewallPolicyWithRulesRuleArgs{\n\t\t\t\t\tDescription: pulumi.String(\"security profile group rule\"),\n\t\t\t\t\tRuleName: pulumi.String(\"tcp rule\"),\n\t\t\t\t\tPriority: pulumi.Int(3000),\n\t\t\t\t\tEnableLogging: pulumi.Bool(false),\n\t\t\t\t\tAction: pulumi.String(\"apply_security_profile_group\"),\n\t\t\t\t\tDirection: pulumi.String(\"INGRESS\"),\n\t\t\t\t\tMatch: \u0026compute.NetworkFirewallPolicyWithRulesRuleMatchArgs{\n\t\t\t\t\t\tLayer4Configs: compute.NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArray{\n\t\t\t\t\t\t\t\u0026compute.NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs{\n\t\t\t\t\t\t\t\tIpProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcIpRanges: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"0.0.0.0/0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tTargetServiceAccounts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"test@google.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tSecurityProfileGroup: securityProfileGroup1.ID().ApplyT(func(id string) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"//networksecurity.googleapis.com/%v\", id), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\tTlsInspect: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.networksecurity.AddressGroup;\nimport com.pulumi.gcp.networksecurity.AddressGroupArgs;\nimport com.pulumi.gcp.tags.TagKey;\nimport com.pulumi.gcp.tags.TagKeyArgs;\nimport com.pulumi.gcp.tags.TagValue;\nimport com.pulumi.gcp.tags.TagValueArgs;\nimport com.pulumi.gcp.networksecurity.SecurityProfile;\nimport com.pulumi.gcp.networksecurity.SecurityProfileArgs;\nimport com.pulumi.gcp.networksecurity.SecurityProfileGroup;\nimport com.pulumi.gcp.networksecurity.SecurityProfileGroupArgs;\nimport com.pulumi.gcp.compute.NetworkFirewallPolicyWithRules;\nimport com.pulumi.gcp.compute.NetworkFirewallPolicyWithRulesArgs;\nimport com.pulumi.gcp.compute.inputs.NetworkFirewallPolicyWithRulesRuleArgs;\nimport com.pulumi.gcp.compute.inputs.NetworkFirewallPolicyWithRulesRuleMatchArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var addressGroup1 = new AddressGroup(\"addressGroup1\", AddressGroupArgs.builder()\n .name(\"tf-address-group\")\n .parent(project.applyValue(getProjectResult -\u003e getProjectResult.id()))\n .description(\"Global address group\")\n .location(\"global\")\n .items(\"208.80.154.224/32\")\n .type(\"IPV4\")\n .capacity(100)\n .build());\n\n var secureTagKey1 = new TagKey(\"secureTagKey1\", TagKeyArgs.builder()\n .description(\"Tag key\")\n .parent(project.applyValue(getProjectResult -\u003e getProjectResult.id()))\n .purpose(\"GCE_FIREWALL\")\n .shortName(\"tf-tag-key\")\n .purposeData(Map.of(\"network\", String.format(\"%s/default\", project.applyValue(getProjectResult -\u003e getProjectResult.name()))))\n .build());\n\n var secureTagValue1 = new TagValue(\"secureTagValue1\", TagValueArgs.builder()\n .description(\"Tag value\")\n .parent(secureTagKey1.id())\n .shortName(\"tf-tag-value\")\n .build());\n\n var securityProfile1 = new SecurityProfile(\"securityProfile1\", SecurityProfileArgs.builder()\n .name(\"tf-security-profile\")\n .type(\"THREAT_PREVENTION\")\n .parent(\"organizations/123456789\")\n .location(\"global\")\n .build());\n\n var securityProfileGroup1 = new SecurityProfileGroup(\"securityProfileGroup1\", SecurityProfileGroupArgs.builder()\n .name(\"tf-security-profile-group\")\n .parent(\"organizations/123456789\")\n .description(\"my description\")\n .threatPreventionProfile(securityProfile1.id())\n .build());\n\n var network_firewall_policy_with_rules = new NetworkFirewallPolicyWithRules(\"network-firewall-policy-with-rules\", NetworkFirewallPolicyWithRulesArgs.builder()\n .name(\"tf-fw-policy-with-rules\")\n .description(\"Terraform test\")\n .rules( \n NetworkFirewallPolicyWithRulesRuleArgs.builder()\n .description(\"tcp rule\")\n .priority(1000)\n .enableLogging(true)\n .action(\"allow\")\n .direction(\"EGRESS\")\n .match(NetworkFirewallPolicyWithRulesRuleMatchArgs.builder()\n .layer4Configs(NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs.builder()\n .ipProtocol(\"tcp\")\n .ports( \n 8080,\n 7070)\n .build())\n .destIpRanges(\"11.100.0.1/32\")\n .destFqdns( \n \"www.yyy.com\",\n \"www.zzz.com\")\n .destRegionCodes( \n \"HK\",\n \"IN\")\n .destThreatIntelligences( \n \"iplist-search-engines-crawlers\",\n \"iplist-tor-exit-nodes\")\n .destAddressGroups(addressGroup1.id())\n .build())\n .targetSecureTags(NetworkFirewallPolicyWithRulesRuleTargetSecureTagArgs.builder()\n .name(secureTagValue1.id())\n .build())\n .build(),\n NetworkFirewallPolicyWithRulesRuleArgs.builder()\n .description(\"udp rule\")\n .priority(2000)\n .enableLogging(false)\n .action(\"deny\")\n .direction(\"INGRESS\")\n .match(NetworkFirewallPolicyWithRulesRuleMatchArgs.builder()\n .layer4Configs(NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs.builder()\n .ipProtocol(\"udp\")\n .build())\n .srcIpRanges(\"0.0.0.0/0\")\n .srcFqdns( \n \"www.abc.com\",\n \"www.def.com\")\n .srcRegionCodes( \n \"US\",\n \"CA\")\n .srcThreatIntelligences( \n \"iplist-known-malicious-ips\",\n \"iplist-public-clouds\")\n .srcAddressGroups(addressGroup1.id())\n .srcSecureTags(NetworkFirewallPolicyWithRulesRuleMatchSrcSecureTagArgs.builder()\n .name(secureTagValue1.id())\n .build())\n .build())\n .disabled(true)\n .build(),\n NetworkFirewallPolicyWithRulesRuleArgs.builder()\n .description(\"security profile group rule\")\n .ruleName(\"tcp rule\")\n .priority(3000)\n .enableLogging(false)\n .action(\"apply_security_profile_group\")\n .direction(\"INGRESS\")\n .match(NetworkFirewallPolicyWithRulesRuleMatchArgs.builder()\n .layer4Configs(NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs.builder()\n .ipProtocol(\"tcp\")\n .build())\n .srcIpRanges(\"0.0.0.0/0\")\n .build())\n .targetServiceAccounts(\"test@google.com\")\n .securityProfileGroup(securityProfileGroup1.id().applyValue(id -\u003e String.format(\"//networksecurity.googleapis.com/%s\", id)))\n .tlsInspect(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n network-firewall-policy-with-rules:\n type: gcp:compute:NetworkFirewallPolicyWithRules\n properties:\n name: tf-fw-policy-with-rules\n description: Terraform test\n rules:\n - description: tcp rule\n priority: 1000\n enableLogging: true\n action: allow\n direction: EGRESS\n match:\n layer4Configs:\n - ipProtocol: tcp\n ports:\n - 8080\n - 7070\n destIpRanges:\n - 11.100.0.1/32\n destFqdns:\n - www.yyy.com\n - www.zzz.com\n destRegionCodes:\n - HK\n - IN\n destThreatIntelligences:\n - iplist-search-engines-crawlers\n - iplist-tor-exit-nodes\n destAddressGroups:\n - ${addressGroup1.id}\n targetSecureTags:\n - name: ${secureTagValue1.id}\n - description: udp rule\n priority: 2000\n enableLogging: false\n action: deny\n direction: INGRESS\n match:\n layer4Configs:\n - ipProtocol: udp\n srcIpRanges:\n - 0.0.0.0/0\n srcFqdns:\n - www.abc.com\n - www.def.com\n srcRegionCodes:\n - US\n - CA\n srcThreatIntelligences:\n - iplist-known-malicious-ips\n - iplist-public-clouds\n srcAddressGroups:\n - ${addressGroup1.id}\n srcSecureTags:\n - name: ${secureTagValue1.id}\n disabled: true\n - description: security profile group rule\n ruleName: tcp rule\n priority: 3000\n enableLogging: false\n action: apply_security_profile_group\n direction: INGRESS\n match:\n layer4Configs:\n - ipProtocol: tcp\n srcIpRanges:\n - 0.0.0.0/0\n targetServiceAccounts:\n - test@google.com\n securityProfileGroup: //networksecurity.googleapis.com/${securityProfileGroup1.id}\n tlsInspect: true\n addressGroup1:\n type: gcp:networksecurity:AddressGroup\n name: address_group_1\n properties:\n name: tf-address-group\n parent: ${project.id}\n description: Global address group\n location: global\n items:\n - 208.80.154.224/32\n type: IPV4\n capacity: 100\n secureTagKey1:\n type: gcp:tags:TagKey\n name: secure_tag_key_1\n properties:\n description: Tag key\n parent: ${project.id}\n purpose: GCE_FIREWALL\n shortName: tf-tag-key\n purposeData:\n network: ${project.name}/default\n secureTagValue1:\n type: gcp:tags:TagValue\n name: secure_tag_value_1\n properties:\n description: Tag value\n parent: ${secureTagKey1.id}\n shortName: tf-tag-value\n securityProfileGroup1:\n type: gcp:networksecurity:SecurityProfileGroup\n name: security_profile_group_1\n properties:\n name: tf-security-profile-group\n parent: organizations/123456789\n description: my description\n threatPreventionProfile: ${securityProfile1.id}\n securityProfile1:\n type: gcp:networksecurity:SecurityProfile\n name: security_profile_1\n properties:\n name: tf-security-profile\n type: THREAT_PREVENTION\n parent: organizations/123456789\n location: global\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nNetworkFirewallPolicyWithRules can be imported using any of these accepted formats:\n\n* `projects/{{project}}/global/firewallPolicies/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, NetworkFirewallPolicyWithRules can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/networkFirewallPolicyWithRules:NetworkFirewallPolicyWithRules default projects/{{project}}/global/firewallPolicies/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/networkFirewallPolicyWithRules:NetworkFirewallPolicyWithRules default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/networkFirewallPolicyWithRules:NetworkFirewallPolicyWithRules default {{name}}\n```\n\n", + "description": "## Example Usage\n\n### Compute Network Firewall Policy With Rules Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst addressGroup1 = new gcp.networksecurity.AddressGroup(\"address_group_1\", {\n name: \"tf-address-group\",\n parent: project.then(project =\u003e project.id),\n description: \"Global address group\",\n location: \"global\",\n items: [\"208.80.154.224/32\"],\n type: \"IPV4\",\n capacity: 100,\n});\nconst secureTagKey1 = new gcp.tags.TagKey(\"secure_tag_key_1\", {\n description: \"Tag key\",\n parent: project.then(project =\u003e project.id),\n purpose: \"GCE_FIREWALL\",\n shortName: \"tf-tag-key\",\n purposeData: {\n network: project.then(project =\u003e `${project.name}/default`),\n },\n});\nconst secureTagValue1 = new gcp.tags.TagValue(\"secure_tag_value_1\", {\n description: \"Tag value\",\n parent: secureTagKey1.id,\n shortName: \"tf-tag-value\",\n});\nconst securityProfile1 = new gcp.networksecurity.SecurityProfile(\"security_profile_1\", {\n name: \"tf-security-profile\",\n type: \"THREAT_PREVENTION\",\n parent: \"organizations/123456789\",\n location: \"global\",\n});\nconst securityProfileGroup1 = new gcp.networksecurity.SecurityProfileGroup(\"security_profile_group_1\", {\n name: \"tf-security-profile-group\",\n parent: \"organizations/123456789\",\n description: \"my description\",\n threatPreventionProfile: securityProfile1.id,\n});\nconst network_firewall_policy_with_rules = new gcp.compute.NetworkFirewallPolicyWithRules(\"network-firewall-policy-with-rules\", {\n name: \"tf-fw-policy-with-rules\",\n description: \"Terraform test\",\n rules: [\n {\n description: \"tcp rule\",\n priority: 1000,\n enableLogging: true,\n action: \"allow\",\n direction: \"EGRESS\",\n match: {\n layer4Configs: [{\n ipProtocol: \"tcp\",\n ports: [\n \"8080\",\n \"7070\",\n ],\n }],\n destIpRanges: [\"11.100.0.1/32\"],\n destFqdns: [\n \"www.yyy.com\",\n \"www.zzz.com\",\n ],\n destRegionCodes: [\n \"HK\",\n \"IN\",\n ],\n destThreatIntelligences: [\n \"iplist-search-engines-crawlers\",\n \"iplist-tor-exit-nodes\",\n ],\n destAddressGroups: [addressGroup1.id],\n },\n targetSecureTags: [{\n name: secureTagValue1.id,\n }],\n },\n {\n description: \"udp rule\",\n priority: 2000,\n enableLogging: false,\n action: \"deny\",\n direction: \"INGRESS\",\n match: {\n layer4Configs: [{\n ipProtocol: \"udp\",\n }],\n srcIpRanges: [\"0.0.0.0/0\"],\n srcFqdns: [\n \"www.abc.com\",\n \"www.def.com\",\n ],\n srcRegionCodes: [\n \"US\",\n \"CA\",\n ],\n srcThreatIntelligences: [\n \"iplist-known-malicious-ips\",\n \"iplist-public-clouds\",\n ],\n srcAddressGroups: [addressGroup1.id],\n srcSecureTags: [{\n name: secureTagValue1.id,\n }],\n },\n disabled: true,\n },\n {\n description: \"security profile group rule\",\n ruleName: \"tcp rule\",\n priority: 3000,\n enableLogging: false,\n action: \"apply_security_profile_group\",\n direction: \"INGRESS\",\n match: {\n layer4Configs: [{\n ipProtocol: \"tcp\",\n }],\n srcIpRanges: [\"0.0.0.0/0\"],\n },\n targetServiceAccounts: [\"test@google.com\"],\n securityProfileGroup: pulumi.interpolate`//networksecurity.googleapis.com/${securityProfileGroup1.id}`,\n tlsInspect: true,\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\naddress_group1 = gcp.networksecurity.AddressGroup(\"address_group_1\",\n name=\"tf-address-group\",\n parent=project.id,\n description=\"Global address group\",\n location=\"global\",\n items=[\"208.80.154.224/32\"],\n type=\"IPV4\",\n capacity=100)\nsecure_tag_key1 = gcp.tags.TagKey(\"secure_tag_key_1\",\n description=\"Tag key\",\n parent=project.id,\n purpose=\"GCE_FIREWALL\",\n short_name=\"tf-tag-key\",\n purpose_data={\n \"network\": f\"{project.name}/default\",\n })\nsecure_tag_value1 = gcp.tags.TagValue(\"secure_tag_value_1\",\n description=\"Tag value\",\n parent=secure_tag_key1.id,\n short_name=\"tf-tag-value\")\nsecurity_profile1 = gcp.networksecurity.SecurityProfile(\"security_profile_1\",\n name=\"tf-security-profile\",\n type=\"THREAT_PREVENTION\",\n parent=\"organizations/123456789\",\n location=\"global\")\nsecurity_profile_group1 = gcp.networksecurity.SecurityProfileGroup(\"security_profile_group_1\",\n name=\"tf-security-profile-group\",\n parent=\"organizations/123456789\",\n description=\"my description\",\n threat_prevention_profile=security_profile1.id)\nnetwork_firewall_policy_with_rules = gcp.compute.NetworkFirewallPolicyWithRules(\"network-firewall-policy-with-rules\",\n name=\"tf-fw-policy-with-rules\",\n description=\"Terraform test\",\n rules=[\n {\n \"description\": \"tcp rule\",\n \"priority\": 1000,\n \"enable_logging\": True,\n \"action\": \"allow\",\n \"direction\": \"EGRESS\",\n \"match\": {\n \"layer4_configs\": [{\n \"ip_protocol\": \"tcp\",\n \"ports\": [\n \"8080\",\n \"7070\",\n ],\n }],\n \"dest_ip_ranges\": [\"11.100.0.1/32\"],\n \"dest_fqdns\": [\n \"www.yyy.com\",\n \"www.zzz.com\",\n ],\n \"dest_region_codes\": [\n \"HK\",\n \"IN\",\n ],\n \"dest_threat_intelligences\": [\n \"iplist-search-engines-crawlers\",\n \"iplist-tor-exit-nodes\",\n ],\n \"dest_address_groups\": [address_group1.id],\n },\n \"target_secure_tags\": [{\n \"name\": secure_tag_value1.id,\n }],\n },\n {\n \"description\": \"udp rule\",\n \"priority\": 2000,\n \"enable_logging\": False,\n \"action\": \"deny\",\n \"direction\": \"INGRESS\",\n \"match\": {\n \"layer4_configs\": [{\n \"ip_protocol\": \"udp\",\n }],\n \"src_ip_ranges\": [\"0.0.0.0/0\"],\n \"src_fqdns\": [\n \"www.abc.com\",\n \"www.def.com\",\n ],\n \"src_region_codes\": [\n \"US\",\n \"CA\",\n ],\n \"src_threat_intelligences\": [\n \"iplist-known-malicious-ips\",\n \"iplist-public-clouds\",\n ],\n \"src_address_groups\": [address_group1.id],\n \"src_secure_tags\": [{\n \"name\": secure_tag_value1.id,\n }],\n },\n \"disabled\": True,\n },\n {\n \"description\": \"security profile group rule\",\n \"rule_name\": \"tcp rule\",\n \"priority\": 3000,\n \"enable_logging\": False,\n \"action\": \"apply_security_profile_group\",\n \"direction\": \"INGRESS\",\n \"match\": {\n \"layer4_configs\": [{\n \"ip_protocol\": \"tcp\",\n }],\n \"src_ip_ranges\": [\"0.0.0.0/0\"],\n },\n \"target_service_accounts\": [\"test@google.com\"],\n \"security_profile_group\": security_profile_group1.id.apply(lambda id: f\"//networksecurity.googleapis.com/{id}\"),\n \"tls_inspect\": True,\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var addressGroup1 = new Gcp.NetworkSecurity.AddressGroup(\"address_group_1\", new()\n {\n Name = \"tf-address-group\",\n Parent = project.Apply(getProjectResult =\u003e getProjectResult.Id),\n Description = \"Global address group\",\n Location = \"global\",\n Items = new[]\n {\n \"208.80.154.224/32\",\n },\n Type = \"IPV4\",\n Capacity = 100,\n });\n\n var secureTagKey1 = new Gcp.Tags.TagKey(\"secure_tag_key_1\", new()\n {\n Description = \"Tag key\",\n Parent = project.Apply(getProjectResult =\u003e getProjectResult.Id),\n Purpose = \"GCE_FIREWALL\",\n ShortName = \"tf-tag-key\",\n PurposeData = \n {\n { \"network\", $\"{project.Apply(getProjectResult =\u003e getProjectResult.Name)}/default\" },\n },\n });\n\n var secureTagValue1 = new Gcp.Tags.TagValue(\"secure_tag_value_1\", new()\n {\n Description = \"Tag value\",\n Parent = secureTagKey1.Id,\n ShortName = \"tf-tag-value\",\n });\n\n var securityProfile1 = new Gcp.NetworkSecurity.SecurityProfile(\"security_profile_1\", new()\n {\n Name = \"tf-security-profile\",\n Type = \"THREAT_PREVENTION\",\n Parent = \"organizations/123456789\",\n Location = \"global\",\n });\n\n var securityProfileGroup1 = new Gcp.NetworkSecurity.SecurityProfileGroup(\"security_profile_group_1\", new()\n {\n Name = \"tf-security-profile-group\",\n Parent = \"organizations/123456789\",\n Description = \"my description\",\n ThreatPreventionProfile = securityProfile1.Id,\n });\n\n var network_firewall_policy_with_rules = new Gcp.Compute.NetworkFirewallPolicyWithRules(\"network-firewall-policy-with-rules\", new()\n {\n Name = \"tf-fw-policy-with-rules\",\n Description = \"Terraform test\",\n Rules = new[]\n {\n new Gcp.Compute.Inputs.NetworkFirewallPolicyWithRulesRuleArgs\n {\n Description = \"tcp rule\",\n Priority = 1000,\n EnableLogging = true,\n Action = \"allow\",\n Direction = \"EGRESS\",\n Match = new Gcp.Compute.Inputs.NetworkFirewallPolicyWithRulesRuleMatchArgs\n {\n Layer4Configs = new[]\n {\n new Gcp.Compute.Inputs.NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs\n {\n IpProtocol = \"tcp\",\n Ports = new[]\n {\n \"8080\",\n \"7070\",\n },\n },\n },\n DestIpRanges = new[]\n {\n \"11.100.0.1/32\",\n },\n DestFqdns = new[]\n {\n \"www.yyy.com\",\n \"www.zzz.com\",\n },\n DestRegionCodes = new[]\n {\n \"HK\",\n \"IN\",\n },\n DestThreatIntelligences = new[]\n {\n \"iplist-search-engines-crawlers\",\n \"iplist-tor-exit-nodes\",\n },\n DestAddressGroups = new[]\n {\n addressGroup1.Id,\n },\n },\n TargetSecureTags = new[]\n {\n new Gcp.Compute.Inputs.NetworkFirewallPolicyWithRulesRuleTargetSecureTagArgs\n {\n Name = secureTagValue1.Id,\n },\n },\n },\n new Gcp.Compute.Inputs.NetworkFirewallPolicyWithRulesRuleArgs\n {\n Description = \"udp rule\",\n Priority = 2000,\n EnableLogging = false,\n Action = \"deny\",\n Direction = \"INGRESS\",\n Match = new Gcp.Compute.Inputs.NetworkFirewallPolicyWithRulesRuleMatchArgs\n {\n Layer4Configs = new[]\n {\n new Gcp.Compute.Inputs.NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs\n {\n IpProtocol = \"udp\",\n },\n },\n SrcIpRanges = new[]\n {\n \"0.0.0.0/0\",\n },\n SrcFqdns = new[]\n {\n \"www.abc.com\",\n \"www.def.com\",\n },\n SrcRegionCodes = new[]\n {\n \"US\",\n \"CA\",\n },\n SrcThreatIntelligences = new[]\n {\n \"iplist-known-malicious-ips\",\n \"iplist-public-clouds\",\n },\n SrcAddressGroups = new[]\n {\n addressGroup1.Id,\n },\n SrcSecureTags = new[]\n {\n new Gcp.Compute.Inputs.NetworkFirewallPolicyWithRulesRuleMatchSrcSecureTagArgs\n {\n Name = secureTagValue1.Id,\n },\n },\n },\n Disabled = true,\n },\n new Gcp.Compute.Inputs.NetworkFirewallPolicyWithRulesRuleArgs\n {\n Description = \"security profile group rule\",\n RuleName = \"tcp rule\",\n Priority = 3000,\n EnableLogging = false,\n Action = \"apply_security_profile_group\",\n Direction = \"INGRESS\",\n Match = new Gcp.Compute.Inputs.NetworkFirewallPolicyWithRulesRuleMatchArgs\n {\n Layer4Configs = new[]\n {\n new Gcp.Compute.Inputs.NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs\n {\n IpProtocol = \"tcp\",\n },\n },\n SrcIpRanges = new[]\n {\n \"0.0.0.0/0\",\n },\n },\n TargetServiceAccounts = new[]\n {\n \"test@google.com\",\n },\n SecurityProfileGroup = securityProfileGroup1.Id.Apply(id =\u003e $\"//networksecurity.googleapis.com/{id}\"),\n TlsInspect = true,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\taddressGroup1, err := networksecurity.NewAddressGroup(ctx, \"address_group_1\", \u0026networksecurity.AddressGroupArgs{\n\t\t\tName: pulumi.String(\"tf-address-group\"),\n\t\t\tParent: pulumi.String(project.Id),\n\t\t\tDescription: pulumi.String(\"Global address group\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tItems: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"208.80.154.224/32\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"IPV4\"),\n\t\t\tCapacity: pulumi.Int(100),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecureTagKey1, err := tags.NewTagKey(ctx, \"secure_tag_key_1\", \u0026tags.TagKeyArgs{\n\t\t\tDescription: pulumi.String(\"Tag key\"),\n\t\t\tParent: pulumi.String(project.Id),\n\t\t\tPurpose: pulumi.String(\"GCE_FIREWALL\"),\n\t\t\tShortName: pulumi.String(\"tf-tag-key\"),\n\t\t\tPurposeData: pulumi.StringMap{\n\t\t\t\t\"network\": pulumi.Sprintf(\"%v/default\", project.Name),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecureTagValue1, err := tags.NewTagValue(ctx, \"secure_tag_value_1\", \u0026tags.TagValueArgs{\n\t\t\tDescription: pulumi.String(\"Tag value\"),\n\t\t\tParent: secureTagKey1.ID(),\n\t\t\tShortName: pulumi.String(\"tf-tag-value\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecurityProfile1, err := networksecurity.NewSecurityProfile(ctx, \"security_profile_1\", \u0026networksecurity.SecurityProfileArgs{\n\t\t\tName: pulumi.String(\"tf-security-profile\"),\n\t\t\tType: pulumi.String(\"THREAT_PREVENTION\"),\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecurityProfileGroup1, err := networksecurity.NewSecurityProfileGroup(ctx, \"security_profile_group_1\", \u0026networksecurity.SecurityProfileGroupArgs{\n\t\t\tName: pulumi.String(\"tf-security-profile-group\"),\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tDescription: pulumi.String(\"my description\"),\n\t\t\tThreatPreventionProfile: securityProfile1.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNetworkFirewallPolicyWithRules(ctx, \"network-firewall-policy-with-rules\", \u0026compute.NetworkFirewallPolicyWithRulesArgs{\n\t\t\tName: pulumi.String(\"tf-fw-policy-with-rules\"),\n\t\t\tDescription: pulumi.String(\"Terraform test\"),\n\t\t\tRules: compute.NetworkFirewallPolicyWithRulesRuleArray{\n\t\t\t\t\u0026compute.NetworkFirewallPolicyWithRulesRuleArgs{\n\t\t\t\t\tDescription: pulumi.String(\"tcp rule\"),\n\t\t\t\t\tPriority: pulumi.Int(1000),\n\t\t\t\t\tEnableLogging: pulumi.Bool(true),\n\t\t\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\t\t\tDirection: pulumi.String(\"EGRESS\"),\n\t\t\t\t\tMatch: \u0026compute.NetworkFirewallPolicyWithRulesRuleMatchArgs{\n\t\t\t\t\t\tLayer4Configs: compute.NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArray{\n\t\t\t\t\t\t\t\u0026compute.NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs{\n\t\t\t\t\t\t\t\tIpProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\t\t\t\tPorts: pulumi.StringArray{\n\t\t\t\t\t\t\t\t\tpulumi.String(\"8080\"),\n\t\t\t\t\t\t\t\t\tpulumi.String(\"7070\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDestIpRanges: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"11.100.0.1/32\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDestFqdns: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"www.yyy.com\"),\n\t\t\t\t\t\t\tpulumi.String(\"www.zzz.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDestRegionCodes: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"HK\"),\n\t\t\t\t\t\t\tpulumi.String(\"IN\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDestThreatIntelligences: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"iplist-search-engines-crawlers\"),\n\t\t\t\t\t\t\tpulumi.String(\"iplist-tor-exit-nodes\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDestAddressGroups: pulumi.StringArray{\n\t\t\t\t\t\t\taddressGroup1.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tTargetSecureTags: compute.NetworkFirewallPolicyWithRulesRuleTargetSecureTagArray{\n\t\t\t\t\t\t\u0026compute.NetworkFirewallPolicyWithRulesRuleTargetSecureTagArgs{\n\t\t\t\t\t\t\tName: secureTagValue1.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026compute.NetworkFirewallPolicyWithRulesRuleArgs{\n\t\t\t\t\tDescription: pulumi.String(\"udp rule\"),\n\t\t\t\t\tPriority: pulumi.Int(2000),\n\t\t\t\t\tEnableLogging: pulumi.Bool(false),\n\t\t\t\t\tAction: pulumi.String(\"deny\"),\n\t\t\t\t\tDirection: pulumi.String(\"INGRESS\"),\n\t\t\t\t\tMatch: \u0026compute.NetworkFirewallPolicyWithRulesRuleMatchArgs{\n\t\t\t\t\t\tLayer4Configs: compute.NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArray{\n\t\t\t\t\t\t\t\u0026compute.NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs{\n\t\t\t\t\t\t\t\tIpProtocol: pulumi.String(\"udp\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcIpRanges: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"0.0.0.0/0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcFqdns: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"www.abc.com\"),\n\t\t\t\t\t\t\tpulumi.String(\"www.def.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcRegionCodes: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t\t\t\tpulumi.String(\"CA\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcThreatIntelligences: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"iplist-known-malicious-ips\"),\n\t\t\t\t\t\t\tpulumi.String(\"iplist-public-clouds\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcAddressGroups: pulumi.StringArray{\n\t\t\t\t\t\t\taddressGroup1.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcSecureTags: compute.NetworkFirewallPolicyWithRulesRuleMatchSrcSecureTagArray{\n\t\t\t\t\t\t\t\u0026compute.NetworkFirewallPolicyWithRulesRuleMatchSrcSecureTagArgs{\n\t\t\t\t\t\t\t\tName: secureTagValue1.ID(),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tDisabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\t\u0026compute.NetworkFirewallPolicyWithRulesRuleArgs{\n\t\t\t\t\tDescription: pulumi.String(\"security profile group rule\"),\n\t\t\t\t\tRuleName: pulumi.String(\"tcp rule\"),\n\t\t\t\t\tPriority: pulumi.Int(3000),\n\t\t\t\t\tEnableLogging: pulumi.Bool(false),\n\t\t\t\t\tAction: pulumi.String(\"apply_security_profile_group\"),\n\t\t\t\t\tDirection: pulumi.String(\"INGRESS\"),\n\t\t\t\t\tMatch: \u0026compute.NetworkFirewallPolicyWithRulesRuleMatchArgs{\n\t\t\t\t\t\tLayer4Configs: compute.NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArray{\n\t\t\t\t\t\t\t\u0026compute.NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs{\n\t\t\t\t\t\t\t\tIpProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcIpRanges: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"0.0.0.0/0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tTargetServiceAccounts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"test@google.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tSecurityProfileGroup: securityProfileGroup1.ID().ApplyT(func(id string) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"//networksecurity.googleapis.com/%v\", id), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\tTlsInspect: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.networksecurity.AddressGroup;\nimport com.pulumi.gcp.networksecurity.AddressGroupArgs;\nimport com.pulumi.gcp.tags.TagKey;\nimport com.pulumi.gcp.tags.TagKeyArgs;\nimport com.pulumi.gcp.tags.TagValue;\nimport com.pulumi.gcp.tags.TagValueArgs;\nimport com.pulumi.gcp.networksecurity.SecurityProfile;\nimport com.pulumi.gcp.networksecurity.SecurityProfileArgs;\nimport com.pulumi.gcp.networksecurity.SecurityProfileGroup;\nimport com.pulumi.gcp.networksecurity.SecurityProfileGroupArgs;\nimport com.pulumi.gcp.compute.NetworkFirewallPolicyWithRules;\nimport com.pulumi.gcp.compute.NetworkFirewallPolicyWithRulesArgs;\nimport com.pulumi.gcp.compute.inputs.NetworkFirewallPolicyWithRulesRuleArgs;\nimport com.pulumi.gcp.compute.inputs.NetworkFirewallPolicyWithRulesRuleMatchArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var addressGroup1 = new AddressGroup(\"addressGroup1\", AddressGroupArgs.builder()\n .name(\"tf-address-group\")\n .parent(project.applyValue(getProjectResult -\u003e getProjectResult.id()))\n .description(\"Global address group\")\n .location(\"global\")\n .items(\"208.80.154.224/32\")\n .type(\"IPV4\")\n .capacity(100)\n .build());\n\n var secureTagKey1 = new TagKey(\"secureTagKey1\", TagKeyArgs.builder()\n .description(\"Tag key\")\n .parent(project.applyValue(getProjectResult -\u003e getProjectResult.id()))\n .purpose(\"GCE_FIREWALL\")\n .shortName(\"tf-tag-key\")\n .purposeData(Map.of(\"network\", String.format(\"%s/default\", project.applyValue(getProjectResult -\u003e getProjectResult.name()))))\n .build());\n\n var secureTagValue1 = new TagValue(\"secureTagValue1\", TagValueArgs.builder()\n .description(\"Tag value\")\n .parent(secureTagKey1.id())\n .shortName(\"tf-tag-value\")\n .build());\n\n var securityProfile1 = new SecurityProfile(\"securityProfile1\", SecurityProfileArgs.builder()\n .name(\"tf-security-profile\")\n .type(\"THREAT_PREVENTION\")\n .parent(\"organizations/123456789\")\n .location(\"global\")\n .build());\n\n var securityProfileGroup1 = new SecurityProfileGroup(\"securityProfileGroup1\", SecurityProfileGroupArgs.builder()\n .name(\"tf-security-profile-group\")\n .parent(\"organizations/123456789\")\n .description(\"my description\")\n .threatPreventionProfile(securityProfile1.id())\n .build());\n\n var network_firewall_policy_with_rules = new NetworkFirewallPolicyWithRules(\"network-firewall-policy-with-rules\", NetworkFirewallPolicyWithRulesArgs.builder()\n .name(\"tf-fw-policy-with-rules\")\n .description(\"Terraform test\")\n .rules( \n NetworkFirewallPolicyWithRulesRuleArgs.builder()\n .description(\"tcp rule\")\n .priority(1000)\n .enableLogging(true)\n .action(\"allow\")\n .direction(\"EGRESS\")\n .match(NetworkFirewallPolicyWithRulesRuleMatchArgs.builder()\n .layer4Configs(NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs.builder()\n .ipProtocol(\"tcp\")\n .ports( \n 8080,\n 7070)\n .build())\n .destIpRanges(\"11.100.0.1/32\")\n .destFqdns( \n \"www.yyy.com\",\n \"www.zzz.com\")\n .destRegionCodes( \n \"HK\",\n \"IN\")\n .destThreatIntelligences( \n \"iplist-search-engines-crawlers\",\n \"iplist-tor-exit-nodes\")\n .destAddressGroups(addressGroup1.id())\n .build())\n .targetSecureTags(NetworkFirewallPolicyWithRulesRuleTargetSecureTagArgs.builder()\n .name(secureTagValue1.id())\n .build())\n .build(),\n NetworkFirewallPolicyWithRulesRuleArgs.builder()\n .description(\"udp rule\")\n .priority(2000)\n .enableLogging(false)\n .action(\"deny\")\n .direction(\"INGRESS\")\n .match(NetworkFirewallPolicyWithRulesRuleMatchArgs.builder()\n .layer4Configs(NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs.builder()\n .ipProtocol(\"udp\")\n .build())\n .srcIpRanges(\"0.0.0.0/0\")\n .srcFqdns( \n \"www.abc.com\",\n \"www.def.com\")\n .srcRegionCodes( \n \"US\",\n \"CA\")\n .srcThreatIntelligences( \n \"iplist-known-malicious-ips\",\n \"iplist-public-clouds\")\n .srcAddressGroups(addressGroup1.id())\n .srcSecureTags(NetworkFirewallPolicyWithRulesRuleMatchSrcSecureTagArgs.builder()\n .name(secureTagValue1.id())\n .build())\n .build())\n .disabled(true)\n .build(),\n NetworkFirewallPolicyWithRulesRuleArgs.builder()\n .description(\"security profile group rule\")\n .ruleName(\"tcp rule\")\n .priority(3000)\n .enableLogging(false)\n .action(\"apply_security_profile_group\")\n .direction(\"INGRESS\")\n .match(NetworkFirewallPolicyWithRulesRuleMatchArgs.builder()\n .layer4Configs(NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs.builder()\n .ipProtocol(\"tcp\")\n .build())\n .srcIpRanges(\"0.0.0.0/0\")\n .build())\n .targetServiceAccounts(\"test@google.com\")\n .securityProfileGroup(securityProfileGroup1.id().applyValue(id -\u003e String.format(\"//networksecurity.googleapis.com/%s\", id)))\n .tlsInspect(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n network-firewall-policy-with-rules:\n type: gcp:compute:NetworkFirewallPolicyWithRules\n properties:\n name: tf-fw-policy-with-rules\n description: Terraform test\n rules:\n - description: tcp rule\n priority: 1000\n enableLogging: true\n action: allow\n direction: EGRESS\n match:\n layer4Configs:\n - ipProtocol: tcp\n ports:\n - 8080\n - 7070\n destIpRanges:\n - 11.100.0.1/32\n destFqdns:\n - www.yyy.com\n - www.zzz.com\n destRegionCodes:\n - HK\n - IN\n destThreatIntelligences:\n - iplist-search-engines-crawlers\n - iplist-tor-exit-nodes\n destAddressGroups:\n - ${addressGroup1.id}\n targetSecureTags:\n - name: ${secureTagValue1.id}\n - description: udp rule\n priority: 2000\n enableLogging: false\n action: deny\n direction: INGRESS\n match:\n layer4Configs:\n - ipProtocol: udp\n srcIpRanges:\n - 0.0.0.0/0\n srcFqdns:\n - www.abc.com\n - www.def.com\n srcRegionCodes:\n - US\n - CA\n srcThreatIntelligences:\n - iplist-known-malicious-ips\n - iplist-public-clouds\n srcAddressGroups:\n - ${addressGroup1.id}\n srcSecureTags:\n - name: ${secureTagValue1.id}\n disabled: true\n - description: security profile group rule\n ruleName: tcp rule\n priority: 3000\n enableLogging: false\n action: apply_security_profile_group\n direction: INGRESS\n match:\n layer4Configs:\n - ipProtocol: tcp\n srcIpRanges:\n - 0.0.0.0/0\n targetServiceAccounts:\n - test@google.com\n securityProfileGroup: //networksecurity.googleapis.com/${securityProfileGroup1.id}\n tlsInspect: true\n addressGroup1:\n type: gcp:networksecurity:AddressGroup\n name: address_group_1\n properties:\n name: tf-address-group\n parent: ${project.id}\n description: Global address group\n location: global\n items:\n - 208.80.154.224/32\n type: IPV4\n capacity: 100\n secureTagKey1:\n type: gcp:tags:TagKey\n name: secure_tag_key_1\n properties:\n description: Tag key\n parent: ${project.id}\n purpose: GCE_FIREWALL\n shortName: tf-tag-key\n purposeData:\n network: ${project.name}/default\n secureTagValue1:\n type: gcp:tags:TagValue\n name: secure_tag_value_1\n properties:\n description: Tag value\n parent: ${secureTagKey1.id}\n shortName: tf-tag-value\n securityProfileGroup1:\n type: gcp:networksecurity:SecurityProfileGroup\n name: security_profile_group_1\n properties:\n name: tf-security-profile-group\n parent: organizations/123456789\n description: my description\n threatPreventionProfile: ${securityProfile1.id}\n securityProfile1:\n type: gcp:networksecurity:SecurityProfile\n name: security_profile_1\n properties:\n name: tf-security-profile\n type: THREAT_PREVENTION\n parent: organizations/123456789\n location: global\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nNetworkFirewallPolicyWithRules can be imported using any of these accepted formats:\n\n* `projects/{{project}}/global/firewallPolicies/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, NetworkFirewallPolicyWithRules can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/networkFirewallPolicyWithRules:NetworkFirewallPolicyWithRules default projects/{{project}}/global/firewallPolicies/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/networkFirewallPolicyWithRules:NetworkFirewallPolicyWithRules default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/networkFirewallPolicyWithRules:NetworkFirewallPolicyWithRules default {{name}}\n```\n\n", "properties": { "creationTimestamp": { "type": "string", @@ -172179,7 +172179,7 @@ } }, "gcp:compute/nodeTemplate:NodeTemplate": { - "description": "Represents a NodeTemplate resource. Node templates specify properties\nfor creating sole-tenant nodes, such as node type, vCPU and memory\nrequirements, node affinity labels, and region.\n\n\nTo get more information about NodeTemplate, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/nodeTemplates)\n* How-to Guides\n * [Sole-Tenant Nodes](https://cloud.google.com/compute/docs/nodes/)\n\n## Example Usage\n\n### Node Template Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst template = new gcp.compute.NodeTemplate(\"template\", {\n name: \"soletenant-tmpl\",\n region: \"us-central1\",\n nodeType: \"n1-node-96-624\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntemplate = gcp.compute.NodeTemplate(\"template\",\n name=\"soletenant-tmpl\",\n region=\"us-central1\",\n node_type=\"n1-node-96-624\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var template = new Gcp.Compute.NodeTemplate(\"template\", new()\n {\n Name = \"soletenant-tmpl\",\n Region = \"us-central1\",\n NodeType = \"n1-node-96-624\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewNodeTemplate(ctx, \"template\", \u0026compute.NodeTemplateArgs{\n\t\t\tName: pulumi.String(\"soletenant-tmpl\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNodeType: pulumi.String(\"n1-node-96-624\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.NodeTemplate;\nimport com.pulumi.gcp.compute.NodeTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var template = new NodeTemplate(\"template\", NodeTemplateArgs.builder()\n .name(\"soletenant-tmpl\")\n .region(\"us-central1\")\n .nodeType(\"n1-node-96-624\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n template:\n type: gcp:compute:NodeTemplate\n properties:\n name: soletenant-tmpl\n region: us-central1\n nodeType: n1-node-96-624\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Node Template Server Binding\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst central1a = gcp.compute.getNodeTypes({\n zone: \"us-central1-a\",\n});\nconst template = new gcp.compute.NodeTemplate(\"template\", {\n name: \"soletenant-with-licenses\",\n region: \"us-central1\",\n nodeType: \"n1-node-96-624\",\n nodeAffinityLabels: {\n foo: \"baz\",\n },\n serverBinding: {\n type: \"RESTART_NODE_ON_MINIMAL_SERVERS\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncentral1a = gcp.compute.get_node_types(zone=\"us-central1-a\")\ntemplate = gcp.compute.NodeTemplate(\"template\",\n name=\"soletenant-with-licenses\",\n region=\"us-central1\",\n node_type=\"n1-node-96-624\",\n node_affinity_labels={\n \"foo\": \"baz\",\n },\n server_binding={\n \"type\": \"RESTART_NODE_ON_MINIMAL_SERVERS\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var central1a = Gcp.Compute.GetNodeTypes.Invoke(new()\n {\n Zone = \"us-central1-a\",\n });\n\n var template = new Gcp.Compute.NodeTemplate(\"template\", new()\n {\n Name = \"soletenant-with-licenses\",\n Region = \"us-central1\",\n NodeType = \"n1-node-96-624\",\n NodeAffinityLabels = \n {\n { \"foo\", \"baz\" },\n },\n ServerBinding = new Gcp.Compute.Inputs.NodeTemplateServerBindingArgs\n {\n Type = \"RESTART_NODE_ON_MINIMAL_SERVERS\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.GetNodeTypes(ctx, \u0026compute.GetNodeTypesArgs{\n\t\t\tZone: pulumi.StringRef(\"us-central1-a\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNodeTemplate(ctx, \"template\", \u0026compute.NodeTemplateArgs{\n\t\t\tName: pulumi.String(\"soletenant-with-licenses\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNodeType: pulumi.String(\"n1-node-96-624\"),\n\t\t\tNodeAffinityLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"baz\"),\n\t\t\t},\n\t\t\tServerBinding: \u0026compute.NodeTemplateServerBindingArgs{\n\t\t\t\tType: pulumi.String(\"RESTART_NODE_ON_MINIMAL_SERVERS\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNodeTypesArgs;\nimport com.pulumi.gcp.compute.NodeTemplate;\nimport com.pulumi.gcp.compute.NodeTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.NodeTemplateServerBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var central1a = ComputeFunctions.getNodeTypes(GetNodeTypesArgs.builder()\n .zone(\"us-central1-a\")\n .build());\n\n var template = new NodeTemplate(\"template\", NodeTemplateArgs.builder()\n .name(\"soletenant-with-licenses\")\n .region(\"us-central1\")\n .nodeType(\"n1-node-96-624\")\n .nodeAffinityLabels(Map.of(\"foo\", \"baz\"))\n .serverBinding(NodeTemplateServerBindingArgs.builder()\n .type(\"RESTART_NODE_ON_MINIMAL_SERVERS\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n template:\n type: gcp:compute:NodeTemplate\n properties:\n name: soletenant-with-licenses\n region: us-central1\n nodeType: n1-node-96-624\n nodeAffinityLabels:\n foo: baz\n serverBinding:\n type: RESTART_NODE_ON_MINIMAL_SERVERS\nvariables:\n central1a:\n fn::invoke:\n Function: gcp:compute:getNodeTypes\n Arguments:\n zone: us-central1-a\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Node Template Accelerators\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst central1a = gcp.compute.getNodeTypes({\n zone: \"us-central1-a\",\n});\nconst template = new gcp.compute.NodeTemplate(\"template\", {\n name: \"soletenant-with-accelerators\",\n region: \"us-central1\",\n nodeType: \"n1-node-96-624\",\n accelerators: [{\n acceleratorType: \"nvidia-tesla-t4\",\n acceleratorCount: 4,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncentral1a = gcp.compute.get_node_types(zone=\"us-central1-a\")\ntemplate = gcp.compute.NodeTemplate(\"template\",\n name=\"soletenant-with-accelerators\",\n region=\"us-central1\",\n node_type=\"n1-node-96-624\",\n accelerators=[{\n \"accelerator_type\": \"nvidia-tesla-t4\",\n \"accelerator_count\": 4,\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var central1a = Gcp.Compute.GetNodeTypes.Invoke(new()\n {\n Zone = \"us-central1-a\",\n });\n\n var template = new Gcp.Compute.NodeTemplate(\"template\", new()\n {\n Name = \"soletenant-with-accelerators\",\n Region = \"us-central1\",\n NodeType = \"n1-node-96-624\",\n Accelerators = new[]\n {\n new Gcp.Compute.Inputs.NodeTemplateAcceleratorArgs\n {\n AcceleratorType = \"nvidia-tesla-t4\",\n AcceleratorCount = 4,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.GetNodeTypes(ctx, \u0026compute.GetNodeTypesArgs{\n\t\t\tZone: pulumi.StringRef(\"us-central1-a\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNodeTemplate(ctx, \"template\", \u0026compute.NodeTemplateArgs{\n\t\t\tName: pulumi.String(\"soletenant-with-accelerators\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNodeType: pulumi.String(\"n1-node-96-624\"),\n\t\t\tAccelerators: compute.NodeTemplateAcceleratorArray{\n\t\t\t\t\u0026compute.NodeTemplateAcceleratorArgs{\n\t\t\t\t\tAcceleratorType: pulumi.String(\"nvidia-tesla-t4\"),\n\t\t\t\t\tAcceleratorCount: pulumi.Int(4),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNodeTypesArgs;\nimport com.pulumi.gcp.compute.NodeTemplate;\nimport com.pulumi.gcp.compute.NodeTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.NodeTemplateAcceleratorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var central1a = ComputeFunctions.getNodeTypes(GetNodeTypesArgs.builder()\n .zone(\"us-central1-a\")\n .build());\n\n var template = new NodeTemplate(\"template\", NodeTemplateArgs.builder()\n .name(\"soletenant-with-accelerators\")\n .region(\"us-central1\")\n .nodeType(\"n1-node-96-624\")\n .accelerators(NodeTemplateAcceleratorArgs.builder()\n .acceleratorType(\"nvidia-tesla-t4\")\n .acceleratorCount(4)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n template:\n type: gcp:compute:NodeTemplate\n properties:\n name: soletenant-with-accelerators\n region: us-central1\n nodeType: n1-node-96-624\n accelerators:\n - acceleratorType: nvidia-tesla-t4\n acceleratorCount: 4\nvariables:\n central1a:\n fn::invoke:\n Function: gcp:compute:getNodeTypes\n Arguments:\n zone: us-central1-a\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Node Template Disks\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst central1a = gcp.compute.getNodeTypes({\n zone: \"us-central1-a\",\n});\nconst template = new gcp.compute.NodeTemplate(\"template\", {\n name: \"soletenant-with-disks\",\n region: \"us-central1\",\n nodeType: \"n2-node-80-640\",\n disks: [{\n diskCount: 16,\n diskSizeGb: 375,\n diskType: \"local-ssd\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncentral1a = gcp.compute.get_node_types(zone=\"us-central1-a\")\ntemplate = gcp.compute.NodeTemplate(\"template\",\n name=\"soletenant-with-disks\",\n region=\"us-central1\",\n node_type=\"n2-node-80-640\",\n disks=[{\n \"disk_count\": 16,\n \"disk_size_gb\": 375,\n \"disk_type\": \"local-ssd\",\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var central1a = Gcp.Compute.GetNodeTypes.Invoke(new()\n {\n Zone = \"us-central1-a\",\n });\n\n var template = new Gcp.Compute.NodeTemplate(\"template\", new()\n {\n Name = \"soletenant-with-disks\",\n Region = \"us-central1\",\n NodeType = \"n2-node-80-640\",\n Disks = new[]\n {\n new Gcp.Compute.Inputs.NodeTemplateDiskArgs\n {\n DiskCount = 16,\n DiskSizeGb = 375,\n DiskType = \"local-ssd\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.GetNodeTypes(ctx, \u0026compute.GetNodeTypesArgs{\n\t\t\tZone: pulumi.StringRef(\"us-central1-a\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNodeTemplate(ctx, \"template\", \u0026compute.NodeTemplateArgs{\n\t\t\tName: pulumi.String(\"soletenant-with-disks\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNodeType: pulumi.String(\"n2-node-80-640\"),\n\t\t\tDisks: compute.NodeTemplateDiskArray{\n\t\t\t\t\u0026compute.NodeTemplateDiskArgs{\n\t\t\t\t\tDiskCount: pulumi.Int(16),\n\t\t\t\t\tDiskSizeGb: pulumi.Int(375),\n\t\t\t\t\tDiskType: pulumi.String(\"local-ssd\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNodeTypesArgs;\nimport com.pulumi.gcp.compute.NodeTemplate;\nimport com.pulumi.gcp.compute.NodeTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.NodeTemplateDiskArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var central1a = ComputeFunctions.getNodeTypes(GetNodeTypesArgs.builder()\n .zone(\"us-central1-a\")\n .build());\n\n var template = new NodeTemplate(\"template\", NodeTemplateArgs.builder()\n .name(\"soletenant-with-disks\")\n .region(\"us-central1\")\n .nodeType(\"n2-node-80-640\")\n .disks(NodeTemplateDiskArgs.builder()\n .diskCount(16)\n .diskSizeGb(375)\n .diskType(\"local-ssd\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n template:\n type: gcp:compute:NodeTemplate\n properties:\n name: soletenant-with-disks\n region: us-central1\n nodeType: n2-node-80-640\n disks:\n - diskCount: 16\n diskSizeGb: 375\n diskType: local-ssd\nvariables:\n central1a:\n fn::invoke:\n Function: gcp:compute:getNodeTypes\n Arguments:\n zone: us-central1-a\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nNodeTemplate can be imported using any of these accepted formats:\n\n* `projects/{{project}}/regions/{{region}}/nodeTemplates/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, NodeTemplate can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/nodeTemplate:NodeTemplate default projects/{{project}}/regions/{{region}}/nodeTemplates/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/nodeTemplate:NodeTemplate default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/nodeTemplate:NodeTemplate default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/nodeTemplate:NodeTemplate default {{name}}\n```\n\n", + "description": "Represents a NodeTemplate resource. Node templates specify properties\nfor creating sole-tenant nodes, such as node type, vCPU and memory\nrequirements, node affinity labels, and region.\n\n\nTo get more information about NodeTemplate, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/nodeTemplates)\n* How-to Guides\n * [Sole-Tenant Nodes](https://cloud.google.com/compute/docs/nodes/)\n\n## Example Usage\n\n### Node Template Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst template = new gcp.compute.NodeTemplate(\"template\", {\n name: \"soletenant-tmpl\",\n region: \"us-central1\",\n nodeType: \"n1-node-96-624\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntemplate = gcp.compute.NodeTemplate(\"template\",\n name=\"soletenant-tmpl\",\n region=\"us-central1\",\n node_type=\"n1-node-96-624\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var template = new Gcp.Compute.NodeTemplate(\"template\", new()\n {\n Name = \"soletenant-tmpl\",\n Region = \"us-central1\",\n NodeType = \"n1-node-96-624\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewNodeTemplate(ctx, \"template\", \u0026compute.NodeTemplateArgs{\n\t\t\tName: pulumi.String(\"soletenant-tmpl\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNodeType: pulumi.String(\"n1-node-96-624\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.NodeTemplate;\nimport com.pulumi.gcp.compute.NodeTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var template = new NodeTemplate(\"template\", NodeTemplateArgs.builder()\n .name(\"soletenant-tmpl\")\n .region(\"us-central1\")\n .nodeType(\"n1-node-96-624\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n template:\n type: gcp:compute:NodeTemplate\n properties:\n name: soletenant-tmpl\n region: us-central1\n nodeType: n1-node-96-624\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Node Template Server Binding\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst central1a = gcp.compute.getNodeTypes({\n zone: \"us-central1-a\",\n});\nconst template = new gcp.compute.NodeTemplate(\"template\", {\n name: \"soletenant-with-licenses\",\n region: \"us-central1\",\n nodeType: \"n1-node-96-624\",\n nodeAffinityLabels: {\n foo: \"baz\",\n },\n serverBinding: {\n type: \"RESTART_NODE_ON_MINIMAL_SERVERS\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncentral1a = gcp.compute.get_node_types(zone=\"us-central1-a\")\ntemplate = gcp.compute.NodeTemplate(\"template\",\n name=\"soletenant-with-licenses\",\n region=\"us-central1\",\n node_type=\"n1-node-96-624\",\n node_affinity_labels={\n \"foo\": \"baz\",\n },\n server_binding={\n \"type\": \"RESTART_NODE_ON_MINIMAL_SERVERS\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var central1a = Gcp.Compute.GetNodeTypes.Invoke(new()\n {\n Zone = \"us-central1-a\",\n });\n\n var template = new Gcp.Compute.NodeTemplate(\"template\", new()\n {\n Name = \"soletenant-with-licenses\",\n Region = \"us-central1\",\n NodeType = \"n1-node-96-624\",\n NodeAffinityLabels = \n {\n { \"foo\", \"baz\" },\n },\n ServerBinding = new Gcp.Compute.Inputs.NodeTemplateServerBindingArgs\n {\n Type = \"RESTART_NODE_ON_MINIMAL_SERVERS\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.GetNodeTypes(ctx, \u0026compute.GetNodeTypesArgs{\n\t\t\tZone: pulumi.StringRef(\"us-central1-a\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNodeTemplate(ctx, \"template\", \u0026compute.NodeTemplateArgs{\n\t\t\tName: pulumi.String(\"soletenant-with-licenses\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNodeType: pulumi.String(\"n1-node-96-624\"),\n\t\t\tNodeAffinityLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"baz\"),\n\t\t\t},\n\t\t\tServerBinding: \u0026compute.NodeTemplateServerBindingArgs{\n\t\t\t\tType: pulumi.String(\"RESTART_NODE_ON_MINIMAL_SERVERS\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNodeTypesArgs;\nimport com.pulumi.gcp.compute.NodeTemplate;\nimport com.pulumi.gcp.compute.NodeTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.NodeTemplateServerBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var central1a = ComputeFunctions.getNodeTypes(GetNodeTypesArgs.builder()\n .zone(\"us-central1-a\")\n .build());\n\n var template = new NodeTemplate(\"template\", NodeTemplateArgs.builder()\n .name(\"soletenant-with-licenses\")\n .region(\"us-central1\")\n .nodeType(\"n1-node-96-624\")\n .nodeAffinityLabels(Map.of(\"foo\", \"baz\"))\n .serverBinding(NodeTemplateServerBindingArgs.builder()\n .type(\"RESTART_NODE_ON_MINIMAL_SERVERS\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n template:\n type: gcp:compute:NodeTemplate\n properties:\n name: soletenant-with-licenses\n region: us-central1\n nodeType: n1-node-96-624\n nodeAffinityLabels:\n foo: baz\n serverBinding:\n type: RESTART_NODE_ON_MINIMAL_SERVERS\nvariables:\n central1a:\n fn::invoke:\n function: gcp:compute:getNodeTypes\n arguments:\n zone: us-central1-a\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Node Template Accelerators\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst central1a = gcp.compute.getNodeTypes({\n zone: \"us-central1-a\",\n});\nconst template = new gcp.compute.NodeTemplate(\"template\", {\n name: \"soletenant-with-accelerators\",\n region: \"us-central1\",\n nodeType: \"n1-node-96-624\",\n accelerators: [{\n acceleratorType: \"nvidia-tesla-t4\",\n acceleratorCount: 4,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncentral1a = gcp.compute.get_node_types(zone=\"us-central1-a\")\ntemplate = gcp.compute.NodeTemplate(\"template\",\n name=\"soletenant-with-accelerators\",\n region=\"us-central1\",\n node_type=\"n1-node-96-624\",\n accelerators=[{\n \"accelerator_type\": \"nvidia-tesla-t4\",\n \"accelerator_count\": 4,\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var central1a = Gcp.Compute.GetNodeTypes.Invoke(new()\n {\n Zone = \"us-central1-a\",\n });\n\n var template = new Gcp.Compute.NodeTemplate(\"template\", new()\n {\n Name = \"soletenant-with-accelerators\",\n Region = \"us-central1\",\n NodeType = \"n1-node-96-624\",\n Accelerators = new[]\n {\n new Gcp.Compute.Inputs.NodeTemplateAcceleratorArgs\n {\n AcceleratorType = \"nvidia-tesla-t4\",\n AcceleratorCount = 4,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.GetNodeTypes(ctx, \u0026compute.GetNodeTypesArgs{\n\t\t\tZone: pulumi.StringRef(\"us-central1-a\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNodeTemplate(ctx, \"template\", \u0026compute.NodeTemplateArgs{\n\t\t\tName: pulumi.String(\"soletenant-with-accelerators\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNodeType: pulumi.String(\"n1-node-96-624\"),\n\t\t\tAccelerators: compute.NodeTemplateAcceleratorArray{\n\t\t\t\t\u0026compute.NodeTemplateAcceleratorArgs{\n\t\t\t\t\tAcceleratorType: pulumi.String(\"nvidia-tesla-t4\"),\n\t\t\t\t\tAcceleratorCount: pulumi.Int(4),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNodeTypesArgs;\nimport com.pulumi.gcp.compute.NodeTemplate;\nimport com.pulumi.gcp.compute.NodeTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.NodeTemplateAcceleratorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var central1a = ComputeFunctions.getNodeTypes(GetNodeTypesArgs.builder()\n .zone(\"us-central1-a\")\n .build());\n\n var template = new NodeTemplate(\"template\", NodeTemplateArgs.builder()\n .name(\"soletenant-with-accelerators\")\n .region(\"us-central1\")\n .nodeType(\"n1-node-96-624\")\n .accelerators(NodeTemplateAcceleratorArgs.builder()\n .acceleratorType(\"nvidia-tesla-t4\")\n .acceleratorCount(4)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n template:\n type: gcp:compute:NodeTemplate\n properties:\n name: soletenant-with-accelerators\n region: us-central1\n nodeType: n1-node-96-624\n accelerators:\n - acceleratorType: nvidia-tesla-t4\n acceleratorCount: 4\nvariables:\n central1a:\n fn::invoke:\n function: gcp:compute:getNodeTypes\n arguments:\n zone: us-central1-a\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Node Template Disks\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst central1a = gcp.compute.getNodeTypes({\n zone: \"us-central1-a\",\n});\nconst template = new gcp.compute.NodeTemplate(\"template\", {\n name: \"soletenant-with-disks\",\n region: \"us-central1\",\n nodeType: \"n2-node-80-640\",\n disks: [{\n diskCount: 16,\n diskSizeGb: 375,\n diskType: \"local-ssd\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncentral1a = gcp.compute.get_node_types(zone=\"us-central1-a\")\ntemplate = gcp.compute.NodeTemplate(\"template\",\n name=\"soletenant-with-disks\",\n region=\"us-central1\",\n node_type=\"n2-node-80-640\",\n disks=[{\n \"disk_count\": 16,\n \"disk_size_gb\": 375,\n \"disk_type\": \"local-ssd\",\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var central1a = Gcp.Compute.GetNodeTypes.Invoke(new()\n {\n Zone = \"us-central1-a\",\n });\n\n var template = new Gcp.Compute.NodeTemplate(\"template\", new()\n {\n Name = \"soletenant-with-disks\",\n Region = \"us-central1\",\n NodeType = \"n2-node-80-640\",\n Disks = new[]\n {\n new Gcp.Compute.Inputs.NodeTemplateDiskArgs\n {\n DiskCount = 16,\n DiskSizeGb = 375,\n DiskType = \"local-ssd\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.GetNodeTypes(ctx, \u0026compute.GetNodeTypesArgs{\n\t\t\tZone: pulumi.StringRef(\"us-central1-a\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNodeTemplate(ctx, \"template\", \u0026compute.NodeTemplateArgs{\n\t\t\tName: pulumi.String(\"soletenant-with-disks\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNodeType: pulumi.String(\"n2-node-80-640\"),\n\t\t\tDisks: compute.NodeTemplateDiskArray{\n\t\t\t\t\u0026compute.NodeTemplateDiskArgs{\n\t\t\t\t\tDiskCount: pulumi.Int(16),\n\t\t\t\t\tDiskSizeGb: pulumi.Int(375),\n\t\t\t\t\tDiskType: pulumi.String(\"local-ssd\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNodeTypesArgs;\nimport com.pulumi.gcp.compute.NodeTemplate;\nimport com.pulumi.gcp.compute.NodeTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.NodeTemplateDiskArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var central1a = ComputeFunctions.getNodeTypes(GetNodeTypesArgs.builder()\n .zone(\"us-central1-a\")\n .build());\n\n var template = new NodeTemplate(\"template\", NodeTemplateArgs.builder()\n .name(\"soletenant-with-disks\")\n .region(\"us-central1\")\n .nodeType(\"n2-node-80-640\")\n .disks(NodeTemplateDiskArgs.builder()\n .diskCount(16)\n .diskSizeGb(375)\n .diskType(\"local-ssd\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n template:\n type: gcp:compute:NodeTemplate\n properties:\n name: soletenant-with-disks\n region: us-central1\n nodeType: n2-node-80-640\n disks:\n - diskCount: 16\n diskSizeGb: 375\n diskType: local-ssd\nvariables:\n central1a:\n fn::invoke:\n function: gcp:compute:getNodeTypes\n arguments:\n zone: us-central1-a\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nNodeTemplate can be imported using any of these accepted formats:\n\n* `projects/{{project}}/regions/{{region}}/nodeTemplates/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, NodeTemplate can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/nodeTemplate:NodeTemplate default projects/{{project}}/regions/{{region}}/nodeTemplates/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/nodeTemplate:NodeTemplate default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/nodeTemplate:NodeTemplate default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/nodeTemplate:NodeTemplate default {{name}}\n```\n\n", "properties": { "accelerators": { "type": "array", @@ -172730,7 +172730,7 @@ } }, "gcp:compute/packetMirroring:PacketMirroring": { - "description": "Packet Mirroring mirrors traffic to and from particular VM instances.\nYou can use the collected traffic to help you detect security threats\nand monitor application performance.\n\n\nTo get more information about PacketMirroring, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/packetMirrorings)\n* How-to Guides\n * [Using Packet Mirroring](https://cloud.google.com/vpc/docs/using-packet-mirroring#creating)\n\n## Example Usage\n\n### Compute Packet Mirroring Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.Network(\"default\", {name: \"my-network\"});\nconst mirror = new gcp.compute.Instance(\"mirror\", {\n networkInterfaces: [{\n accessConfigs: [{}],\n network: _default.id,\n }],\n name: \"my-instance\",\n machineType: \"e2-medium\",\n bootDisk: {\n initializeParams: {\n image: \"debian-cloud/debian-11\",\n },\n },\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"my-subnetwork\",\n network: _default.id,\n ipCidrRange: \"10.2.0.0/16\",\n});\nconst defaultHealthCheck = new gcp.compute.HealthCheck(\"default\", {\n name: \"my-healthcheck\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst defaultRegionBackendService = new gcp.compute.RegionBackendService(\"default\", {\n name: \"my-service\",\n healthChecks: defaultHealthCheck.id,\n});\nconst defaultForwardingRule = new gcp.compute.ForwardingRule(\"default\", {\n name: \"my-ilb\",\n isMirroringCollector: true,\n ipProtocol: \"TCP\",\n loadBalancingScheme: \"INTERNAL\",\n backendService: defaultRegionBackendService.id,\n allPorts: true,\n network: _default.id,\n subnetwork: defaultSubnetwork.id,\n networkTier: \"PREMIUM\",\n}, {\n dependsOn: [defaultSubnetwork],\n});\nconst foobar = new gcp.compute.PacketMirroring(\"foobar\", {\n name: \"my-mirroring\",\n description: \"bar\",\n network: {\n url: _default.id,\n },\n collectorIlb: {\n url: defaultForwardingRule.id,\n },\n mirroredResources: {\n tags: [\"foo\"],\n instances: [{\n url: mirror.id,\n }],\n },\n filter: {\n ipProtocols: [\"tcp\"],\n cidrRanges: [\"0.0.0.0/0\"],\n direction: \"BOTH\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.Network(\"default\", name=\"my-network\")\nmirror = gcp.compute.Instance(\"mirror\",\n network_interfaces=[{\n \"access_configs\": [{}],\n \"network\": default.id,\n }],\n name=\"my-instance\",\n machine_type=\"e2-medium\",\n boot_disk={\n \"initialize_params\": {\n \"image\": \"debian-cloud/debian-11\",\n },\n })\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"my-subnetwork\",\n network=default.id,\n ip_cidr_range=\"10.2.0.0/16\")\ndefault_health_check = gcp.compute.HealthCheck(\"default\",\n name=\"my-healthcheck\",\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\ndefault_region_backend_service = gcp.compute.RegionBackendService(\"default\",\n name=\"my-service\",\n health_checks=default_health_check.id)\ndefault_forwarding_rule = gcp.compute.ForwardingRule(\"default\",\n name=\"my-ilb\",\n is_mirroring_collector=True,\n ip_protocol=\"TCP\",\n load_balancing_scheme=\"INTERNAL\",\n backend_service=default_region_backend_service.id,\n all_ports=True,\n network=default.id,\n subnetwork=default_subnetwork.id,\n network_tier=\"PREMIUM\",\n opts = pulumi.ResourceOptions(depends_on=[default_subnetwork]))\nfoobar = gcp.compute.PacketMirroring(\"foobar\",\n name=\"my-mirroring\",\n description=\"bar\",\n network={\n \"url\": default.id,\n },\n collector_ilb={\n \"url\": default_forwarding_rule.id,\n },\n mirrored_resources={\n \"tags\": [\"foo\"],\n \"instances\": [{\n \"url\": mirror.id,\n }],\n },\n filter={\n \"ip_protocols\": [\"tcp\"],\n \"cidr_ranges\": [\"0.0.0.0/0\"],\n \"direction\": \"BOTH\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"my-network\",\n });\n\n var mirror = new Gcp.Compute.Instance(\"mirror\", new()\n {\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs\n {\n AccessConfigs = new[]\n {\n null,\n },\n Network = @default.Id,\n },\n },\n Name = \"my-instance\",\n MachineType = \"e2-medium\",\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = \"debian-cloud/debian-11\",\n },\n },\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"my-subnetwork\",\n Network = @default.Id,\n IpCidrRange = \"10.2.0.0/16\",\n });\n\n var defaultHealthCheck = new Gcp.Compute.HealthCheck(\"default\", new()\n {\n Name = \"my-healthcheck\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var defaultRegionBackendService = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n Name = \"my-service\",\n HealthChecks = defaultHealthCheck.Id,\n });\n\n var defaultForwardingRule = new Gcp.Compute.ForwardingRule(\"default\", new()\n {\n Name = \"my-ilb\",\n IsMirroringCollector = true,\n IpProtocol = \"TCP\",\n LoadBalancingScheme = \"INTERNAL\",\n BackendService = defaultRegionBackendService.Id,\n AllPorts = true,\n Network = @default.Id,\n Subnetwork = defaultSubnetwork.Id,\n NetworkTier = \"PREMIUM\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n defaultSubnetwork,\n },\n });\n\n var foobar = new Gcp.Compute.PacketMirroring(\"foobar\", new()\n {\n Name = \"my-mirroring\",\n Description = \"bar\",\n Network = new Gcp.Compute.Inputs.PacketMirroringNetworkArgs\n {\n Url = @default.Id,\n },\n CollectorIlb = new Gcp.Compute.Inputs.PacketMirroringCollectorIlbArgs\n {\n Url = defaultForwardingRule.Id,\n },\n MirroredResources = new Gcp.Compute.Inputs.PacketMirroringMirroredResourcesArgs\n {\n Tags = new[]\n {\n \"foo\",\n },\n Instances = new[]\n {\n new Gcp.Compute.Inputs.PacketMirroringMirroredResourcesInstanceArgs\n {\n Url = mirror.Id,\n },\n },\n },\n Filter = new Gcp.Compute.Inputs.PacketMirroringFilterArgs\n {\n IpProtocols = new[]\n {\n \"tcp\",\n },\n CidrRanges = new[]\n {\n \"0.0.0.0/0\",\n },\n Direction = \"BOTH\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmirror, err := compute.NewInstance(ctx, \"mirror\", \u0026compute.InstanceArgs{\n\t\t\tNetworkInterfaces: compute.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tAccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{\n\t\t\t\t\t\t\u0026compute.InstanceNetworkInterfaceAccessConfigArgs{},\n\t\t\t\t\t},\n\t\t\t\t\tNetwork: _default.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\n\t\t\t\t\tImage: pulumi.String(\"debian-cloud/debian-11\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"my-subnetwork\"),\n\t\t\tNetwork: _default.ID(),\n\t\t\tIpCidrRange: pulumi.String(\"10.2.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultHealthCheck, err := compute.NewHealthCheck(ctx, \"default\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"my-healthcheck\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionBackendService, err := compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"my-service\"),\n\t\t\tHealthChecks: defaultHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultForwardingRule, err := compute.NewForwardingRule(ctx, \"default\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"my-ilb\"),\n\t\t\tIsMirroringCollector: pulumi.Bool(true),\n\t\t\tIpProtocol: pulumi.String(\"TCP\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL\"),\n\t\t\tBackendService: defaultRegionBackendService.ID(),\n\t\t\tAllPorts: pulumi.Bool(true),\n\t\t\tNetwork: _default.ID(),\n\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\tNetworkTier: pulumi.String(\"PREMIUM\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdefaultSubnetwork,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewPacketMirroring(ctx, \"foobar\", \u0026compute.PacketMirroringArgs{\n\t\t\tName: pulumi.String(\"my-mirroring\"),\n\t\t\tDescription: pulumi.String(\"bar\"),\n\t\t\tNetwork: \u0026compute.PacketMirroringNetworkArgs{\n\t\t\t\tUrl: _default.ID(),\n\t\t\t},\n\t\t\tCollectorIlb: \u0026compute.PacketMirroringCollectorIlbArgs{\n\t\t\t\tUrl: defaultForwardingRule.ID(),\n\t\t\t},\n\t\t\tMirroredResources: \u0026compute.PacketMirroringMirroredResourcesArgs{\n\t\t\t\tTags: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"foo\"),\n\t\t\t\t},\n\t\t\t\tInstances: compute.PacketMirroringMirroredResourcesInstanceArray{\n\t\t\t\t\t\u0026compute.PacketMirroringMirroredResourcesInstanceArgs{\n\t\t\t\t\t\tUrl: mirror.ID(),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tFilter: \u0026compute.PacketMirroringFilterArgs{\n\t\t\t\tIpProtocols: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"tcp\"),\n\t\t\t\t},\n\t\t\t\tCidrRanges: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"0.0.0.0/0\"),\n\t\t\t\t},\n\t\t\t\tDirection: pulumi.String(\"BOTH\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.compute.PacketMirroring;\nimport com.pulumi.gcp.compute.PacketMirroringArgs;\nimport com.pulumi.gcp.compute.inputs.PacketMirroringNetworkArgs;\nimport com.pulumi.gcp.compute.inputs.PacketMirroringCollectorIlbArgs;\nimport com.pulumi.gcp.compute.inputs.PacketMirroringMirroredResourcesArgs;\nimport com.pulumi.gcp.compute.inputs.PacketMirroringFilterArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"my-network\")\n .build());\n\n var mirror = new Instance(\"mirror\", InstanceArgs.builder()\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .accessConfigs()\n .network(default_.id())\n .build())\n .name(\"my-instance\")\n .machineType(\"e2-medium\")\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(\"debian-cloud/debian-11\")\n .build())\n .build())\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"my-subnetwork\")\n .network(default_.id())\n .ipCidrRange(\"10.2.0.0/16\")\n .build());\n\n var defaultHealthCheck = new HealthCheck(\"defaultHealthCheck\", HealthCheckArgs.builder()\n .name(\"my-healthcheck\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n var defaultRegionBackendService = new RegionBackendService(\"defaultRegionBackendService\", RegionBackendServiceArgs.builder()\n .name(\"my-service\")\n .healthChecks(defaultHealthCheck.id())\n .build());\n\n var defaultForwardingRule = new ForwardingRule(\"defaultForwardingRule\", ForwardingRuleArgs.builder()\n .name(\"my-ilb\")\n .isMirroringCollector(true)\n .ipProtocol(\"TCP\")\n .loadBalancingScheme(\"INTERNAL\")\n .backendService(defaultRegionBackendService.id())\n .allPorts(true)\n .network(default_.id())\n .subnetwork(defaultSubnetwork.id())\n .networkTier(\"PREMIUM\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(defaultSubnetwork)\n .build());\n\n var foobar = new PacketMirroring(\"foobar\", PacketMirroringArgs.builder()\n .name(\"my-mirroring\")\n .description(\"bar\")\n .network(PacketMirroringNetworkArgs.builder()\n .url(default_.id())\n .build())\n .collectorIlb(PacketMirroringCollectorIlbArgs.builder()\n .url(defaultForwardingRule.id())\n .build())\n .mirroredResources(PacketMirroringMirroredResourcesArgs.builder()\n .tags(\"foo\")\n .instances(PacketMirroringMirroredResourcesInstanceArgs.builder()\n .url(mirror.id())\n .build())\n .build())\n .filter(PacketMirroringFilterArgs.builder()\n .ipProtocols(\"tcp\")\n .cidrRanges(\"0.0.0.0/0\")\n .direction(\"BOTH\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n mirror:\n type: gcp:compute:Instance\n properties:\n networkInterfaces:\n - accessConfigs:\n - {}\n network: ${default.id}\n name: my-instance\n machineType: e2-medium\n bootDisk:\n initializeParams:\n image: debian-cloud/debian-11\n default:\n type: gcp:compute:Network\n properties:\n name: my-network\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: my-subnetwork\n network: ${default.id}\n ipCidrRange: 10.2.0.0/16\n defaultRegionBackendService:\n type: gcp:compute:RegionBackendService\n name: default\n properties:\n name: my-service\n healthChecks: ${defaultHealthCheck.id}\n defaultHealthCheck:\n type: gcp:compute:HealthCheck\n name: default\n properties:\n name: my-healthcheck\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\n defaultForwardingRule:\n type: gcp:compute:ForwardingRule\n name: default\n properties:\n name: my-ilb\n isMirroringCollector: true\n ipProtocol: TCP\n loadBalancingScheme: INTERNAL\n backendService: ${defaultRegionBackendService.id}\n allPorts: true\n network: ${default.id}\n subnetwork: ${defaultSubnetwork.id}\n networkTier: PREMIUM\n options:\n dependson:\n - ${defaultSubnetwork}\n foobar:\n type: gcp:compute:PacketMirroring\n properties:\n name: my-mirroring\n description: bar\n network:\n url: ${default.id}\n collectorIlb:\n url: ${defaultForwardingRule.id}\n mirroredResources:\n tags:\n - foo\n instances:\n - url: ${mirror.id}\n filter:\n ipProtocols:\n - tcp\n cidrRanges:\n - 0.0.0.0/0\n direction: BOTH\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nPacketMirroring can be imported using any of these accepted formats:\n\n* `projects/{{project}}/regions/{{region}}/packetMirrorings/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, PacketMirroring can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/packetMirroring:PacketMirroring default projects/{{project}}/regions/{{region}}/packetMirrorings/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/packetMirroring:PacketMirroring default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/packetMirroring:PacketMirroring default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/packetMirroring:PacketMirroring default {{name}}\n```\n\n", + "description": "Packet Mirroring mirrors traffic to and from particular VM instances.\nYou can use the collected traffic to help you detect security threats\nand monitor application performance.\n\n\nTo get more information about PacketMirroring, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/packetMirrorings)\n* How-to Guides\n * [Using Packet Mirroring](https://cloud.google.com/vpc/docs/using-packet-mirroring#creating)\n\n## Example Usage\n\n### Compute Packet Mirroring Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.Network(\"default\", {name: \"my-network\"});\nconst mirror = new gcp.compute.Instance(\"mirror\", {\n networkInterfaces: [{\n accessConfigs: [{}],\n network: _default.id,\n }],\n name: \"my-instance\",\n machineType: \"e2-medium\",\n bootDisk: {\n initializeParams: {\n image: \"debian-cloud/debian-11\",\n },\n },\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"my-subnetwork\",\n network: _default.id,\n ipCidrRange: \"10.2.0.0/16\",\n});\nconst defaultHealthCheck = new gcp.compute.HealthCheck(\"default\", {\n name: \"my-healthcheck\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst defaultRegionBackendService = new gcp.compute.RegionBackendService(\"default\", {\n name: \"my-service\",\n healthChecks: defaultHealthCheck.id,\n});\nconst defaultForwardingRule = new gcp.compute.ForwardingRule(\"default\", {\n name: \"my-ilb\",\n isMirroringCollector: true,\n ipProtocol: \"TCP\",\n loadBalancingScheme: \"INTERNAL\",\n backendService: defaultRegionBackendService.id,\n allPorts: true,\n network: _default.id,\n subnetwork: defaultSubnetwork.id,\n networkTier: \"PREMIUM\",\n}, {\n dependsOn: [defaultSubnetwork],\n});\nconst foobar = new gcp.compute.PacketMirroring(\"foobar\", {\n name: \"my-mirroring\",\n description: \"bar\",\n network: {\n url: _default.id,\n },\n collectorIlb: {\n url: defaultForwardingRule.id,\n },\n mirroredResources: {\n tags: [\"foo\"],\n instances: [{\n url: mirror.id,\n }],\n },\n filter: {\n ipProtocols: [\"tcp\"],\n cidrRanges: [\"0.0.0.0/0\"],\n direction: \"BOTH\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.Network(\"default\", name=\"my-network\")\nmirror = gcp.compute.Instance(\"mirror\",\n network_interfaces=[{\n \"access_configs\": [{}],\n \"network\": default.id,\n }],\n name=\"my-instance\",\n machine_type=\"e2-medium\",\n boot_disk={\n \"initialize_params\": {\n \"image\": \"debian-cloud/debian-11\",\n },\n })\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"my-subnetwork\",\n network=default.id,\n ip_cidr_range=\"10.2.0.0/16\")\ndefault_health_check = gcp.compute.HealthCheck(\"default\",\n name=\"my-healthcheck\",\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\ndefault_region_backend_service = gcp.compute.RegionBackendService(\"default\",\n name=\"my-service\",\n health_checks=default_health_check.id)\ndefault_forwarding_rule = gcp.compute.ForwardingRule(\"default\",\n name=\"my-ilb\",\n is_mirroring_collector=True,\n ip_protocol=\"TCP\",\n load_balancing_scheme=\"INTERNAL\",\n backend_service=default_region_backend_service.id,\n all_ports=True,\n network=default.id,\n subnetwork=default_subnetwork.id,\n network_tier=\"PREMIUM\",\n opts = pulumi.ResourceOptions(depends_on=[default_subnetwork]))\nfoobar = gcp.compute.PacketMirroring(\"foobar\",\n name=\"my-mirroring\",\n description=\"bar\",\n network={\n \"url\": default.id,\n },\n collector_ilb={\n \"url\": default_forwarding_rule.id,\n },\n mirrored_resources={\n \"tags\": [\"foo\"],\n \"instances\": [{\n \"url\": mirror.id,\n }],\n },\n filter={\n \"ip_protocols\": [\"tcp\"],\n \"cidr_ranges\": [\"0.0.0.0/0\"],\n \"direction\": \"BOTH\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"my-network\",\n });\n\n var mirror = new Gcp.Compute.Instance(\"mirror\", new()\n {\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs\n {\n AccessConfigs = new[]\n {\n null,\n },\n Network = @default.Id,\n },\n },\n Name = \"my-instance\",\n MachineType = \"e2-medium\",\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = \"debian-cloud/debian-11\",\n },\n },\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"my-subnetwork\",\n Network = @default.Id,\n IpCidrRange = \"10.2.0.0/16\",\n });\n\n var defaultHealthCheck = new Gcp.Compute.HealthCheck(\"default\", new()\n {\n Name = \"my-healthcheck\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var defaultRegionBackendService = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n Name = \"my-service\",\n HealthChecks = defaultHealthCheck.Id,\n });\n\n var defaultForwardingRule = new Gcp.Compute.ForwardingRule(\"default\", new()\n {\n Name = \"my-ilb\",\n IsMirroringCollector = true,\n IpProtocol = \"TCP\",\n LoadBalancingScheme = \"INTERNAL\",\n BackendService = defaultRegionBackendService.Id,\n AllPorts = true,\n Network = @default.Id,\n Subnetwork = defaultSubnetwork.Id,\n NetworkTier = \"PREMIUM\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n defaultSubnetwork,\n },\n });\n\n var foobar = new Gcp.Compute.PacketMirroring(\"foobar\", new()\n {\n Name = \"my-mirroring\",\n Description = \"bar\",\n Network = new Gcp.Compute.Inputs.PacketMirroringNetworkArgs\n {\n Url = @default.Id,\n },\n CollectorIlb = new Gcp.Compute.Inputs.PacketMirroringCollectorIlbArgs\n {\n Url = defaultForwardingRule.Id,\n },\n MirroredResources = new Gcp.Compute.Inputs.PacketMirroringMirroredResourcesArgs\n {\n Tags = new[]\n {\n \"foo\",\n },\n Instances = new[]\n {\n new Gcp.Compute.Inputs.PacketMirroringMirroredResourcesInstanceArgs\n {\n Url = mirror.Id,\n },\n },\n },\n Filter = new Gcp.Compute.Inputs.PacketMirroringFilterArgs\n {\n IpProtocols = new[]\n {\n \"tcp\",\n },\n CidrRanges = new[]\n {\n \"0.0.0.0/0\",\n },\n Direction = \"BOTH\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmirror, err := compute.NewInstance(ctx, \"mirror\", \u0026compute.InstanceArgs{\n\t\t\tNetworkInterfaces: compute.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tAccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{\n\t\t\t\t\t\t\u0026compute.InstanceNetworkInterfaceAccessConfigArgs{},\n\t\t\t\t\t},\n\t\t\t\t\tNetwork: _default.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\n\t\t\t\t\tImage: pulumi.String(\"debian-cloud/debian-11\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"my-subnetwork\"),\n\t\t\tNetwork: _default.ID(),\n\t\t\tIpCidrRange: pulumi.String(\"10.2.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultHealthCheck, err := compute.NewHealthCheck(ctx, \"default\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"my-healthcheck\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionBackendService, err := compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"my-service\"),\n\t\t\tHealthChecks: defaultHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultForwardingRule, err := compute.NewForwardingRule(ctx, \"default\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"my-ilb\"),\n\t\t\tIsMirroringCollector: pulumi.Bool(true),\n\t\t\tIpProtocol: pulumi.String(\"TCP\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL\"),\n\t\t\tBackendService: defaultRegionBackendService.ID(),\n\t\t\tAllPorts: pulumi.Bool(true),\n\t\t\tNetwork: _default.ID(),\n\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\tNetworkTier: pulumi.String(\"PREMIUM\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdefaultSubnetwork,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewPacketMirroring(ctx, \"foobar\", \u0026compute.PacketMirroringArgs{\n\t\t\tName: pulumi.String(\"my-mirroring\"),\n\t\t\tDescription: pulumi.String(\"bar\"),\n\t\t\tNetwork: \u0026compute.PacketMirroringNetworkArgs{\n\t\t\t\tUrl: _default.ID(),\n\t\t\t},\n\t\t\tCollectorIlb: \u0026compute.PacketMirroringCollectorIlbArgs{\n\t\t\t\tUrl: defaultForwardingRule.ID(),\n\t\t\t},\n\t\t\tMirroredResources: \u0026compute.PacketMirroringMirroredResourcesArgs{\n\t\t\t\tTags: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"foo\"),\n\t\t\t\t},\n\t\t\t\tInstances: compute.PacketMirroringMirroredResourcesInstanceArray{\n\t\t\t\t\t\u0026compute.PacketMirroringMirroredResourcesInstanceArgs{\n\t\t\t\t\t\tUrl: mirror.ID(),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tFilter: \u0026compute.PacketMirroringFilterArgs{\n\t\t\t\tIpProtocols: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"tcp\"),\n\t\t\t\t},\n\t\t\t\tCidrRanges: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"0.0.0.0/0\"),\n\t\t\t\t},\n\t\t\t\tDirection: pulumi.String(\"BOTH\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.compute.PacketMirroring;\nimport com.pulumi.gcp.compute.PacketMirroringArgs;\nimport com.pulumi.gcp.compute.inputs.PacketMirroringNetworkArgs;\nimport com.pulumi.gcp.compute.inputs.PacketMirroringCollectorIlbArgs;\nimport com.pulumi.gcp.compute.inputs.PacketMirroringMirroredResourcesArgs;\nimport com.pulumi.gcp.compute.inputs.PacketMirroringFilterArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"my-network\")\n .build());\n\n var mirror = new Instance(\"mirror\", InstanceArgs.builder()\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .accessConfigs()\n .network(default_.id())\n .build())\n .name(\"my-instance\")\n .machineType(\"e2-medium\")\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(\"debian-cloud/debian-11\")\n .build())\n .build())\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"my-subnetwork\")\n .network(default_.id())\n .ipCidrRange(\"10.2.0.0/16\")\n .build());\n\n var defaultHealthCheck = new HealthCheck(\"defaultHealthCheck\", HealthCheckArgs.builder()\n .name(\"my-healthcheck\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n var defaultRegionBackendService = new RegionBackendService(\"defaultRegionBackendService\", RegionBackendServiceArgs.builder()\n .name(\"my-service\")\n .healthChecks(defaultHealthCheck.id())\n .build());\n\n var defaultForwardingRule = new ForwardingRule(\"defaultForwardingRule\", ForwardingRuleArgs.builder()\n .name(\"my-ilb\")\n .isMirroringCollector(true)\n .ipProtocol(\"TCP\")\n .loadBalancingScheme(\"INTERNAL\")\n .backendService(defaultRegionBackendService.id())\n .allPorts(true)\n .network(default_.id())\n .subnetwork(defaultSubnetwork.id())\n .networkTier(\"PREMIUM\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(defaultSubnetwork)\n .build());\n\n var foobar = new PacketMirroring(\"foobar\", PacketMirroringArgs.builder()\n .name(\"my-mirroring\")\n .description(\"bar\")\n .network(PacketMirroringNetworkArgs.builder()\n .url(default_.id())\n .build())\n .collectorIlb(PacketMirroringCollectorIlbArgs.builder()\n .url(defaultForwardingRule.id())\n .build())\n .mirroredResources(PacketMirroringMirroredResourcesArgs.builder()\n .tags(\"foo\")\n .instances(PacketMirroringMirroredResourcesInstanceArgs.builder()\n .url(mirror.id())\n .build())\n .build())\n .filter(PacketMirroringFilterArgs.builder()\n .ipProtocols(\"tcp\")\n .cidrRanges(\"0.0.0.0/0\")\n .direction(\"BOTH\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n mirror:\n type: gcp:compute:Instance\n properties:\n networkInterfaces:\n - accessConfigs:\n - {}\n network: ${default.id}\n name: my-instance\n machineType: e2-medium\n bootDisk:\n initializeParams:\n image: debian-cloud/debian-11\n default:\n type: gcp:compute:Network\n properties:\n name: my-network\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: my-subnetwork\n network: ${default.id}\n ipCidrRange: 10.2.0.0/16\n defaultRegionBackendService:\n type: gcp:compute:RegionBackendService\n name: default\n properties:\n name: my-service\n healthChecks: ${defaultHealthCheck.id}\n defaultHealthCheck:\n type: gcp:compute:HealthCheck\n name: default\n properties:\n name: my-healthcheck\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\n defaultForwardingRule:\n type: gcp:compute:ForwardingRule\n name: default\n properties:\n name: my-ilb\n isMirroringCollector: true\n ipProtocol: TCP\n loadBalancingScheme: INTERNAL\n backendService: ${defaultRegionBackendService.id}\n allPorts: true\n network: ${default.id}\n subnetwork: ${defaultSubnetwork.id}\n networkTier: PREMIUM\n options:\n dependsOn:\n - ${defaultSubnetwork}\n foobar:\n type: gcp:compute:PacketMirroring\n properties:\n name: my-mirroring\n description: bar\n network:\n url: ${default.id}\n collectorIlb:\n url: ${defaultForwardingRule.id}\n mirroredResources:\n tags:\n - foo\n instances:\n - url: ${mirror.id}\n filter:\n ipProtocols:\n - tcp\n cidrRanges:\n - 0.0.0.0/0\n direction: BOTH\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nPacketMirroring can be imported using any of these accepted formats:\n\n* `projects/{{project}}/regions/{{region}}/packetMirrorings/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, PacketMirroring can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/packetMirroring:PacketMirroring default projects/{{project}}/regions/{{region}}/packetMirrorings/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/packetMirroring:PacketMirroring default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/packetMirroring:PacketMirroring default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/packetMirroring:PacketMirroring default {{name}}\n```\n\n", "properties": { "collectorIlb": { "$ref": "#/types/gcp:compute/PacketMirroringCollectorIlb:PacketMirroringCollectorIlb", @@ -172868,7 +172868,7 @@ } }, "gcp:compute/perInstanceConfig:PerInstanceConfig": { - "description": "A config defined for a single managed instance that belongs to an instance group manager. It preserves the instance name\nacross instance group manager operations and can define stateful disks or metadata that are unique to the instance.\n\n\nTo get more information about PerInstanceConfig, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/instanceGroupManagers)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/compute/docs/instance-groups/stateful-migs#per-instance_configs)\n\n## Example Usage\n\n### Stateful Igm\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst igm_basic = new gcp.compute.InstanceTemplate(\"igm-basic\", {\n name: \"my-template\",\n machineType: \"e2-medium\",\n canIpForward: false,\n tags: [\n \"foo\",\n \"bar\",\n ],\n disks: [{\n sourceImage: myImage.then(myImage =\u003e myImage.selfLink),\n autoDelete: true,\n boot: true,\n }],\n networkInterfaces: [{\n network: \"default\",\n }],\n serviceAccount: {\n scopes: [\n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\",\n ],\n },\n});\nconst igm_no_tp = new gcp.compute.InstanceGroupManager(\"igm-no-tp\", {\n description: \"Test instance group manager\",\n name: \"my-igm\",\n versions: [{\n name: \"prod\",\n instanceTemplate: igm_basic.selfLink,\n }],\n baseInstanceName: \"igm-no-tp\",\n zone: \"us-central1-c\",\n targetSize: 2,\n});\nconst _default = new gcp.compute.Disk(\"default\", {\n name: \"my-disk-name\",\n type: \"pd-ssd\",\n zone: igm.zone,\n image: \"debian-11-bullseye-v20220719\",\n physicalBlockSizeBytes: 4096,\n});\nconst withDisk = new gcp.compute.PerInstanceConfig(\"with_disk\", {\n zone: igm.zone,\n instanceGroupManager: igm.name,\n name: \"instance-1\",\n preservedState: {\n metadata: {\n foo: \"bar\",\n instance_template: igm_basic.selfLink,\n },\n disks: [{\n deviceName: \"my-stateful-disk\",\n source: _default.id,\n mode: \"READ_ONLY\",\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\nigm_basic = gcp.compute.InstanceTemplate(\"igm-basic\",\n name=\"my-template\",\n machine_type=\"e2-medium\",\n can_ip_forward=False,\n tags=[\n \"foo\",\n \"bar\",\n ],\n disks=[{\n \"source_image\": my_image.self_link,\n \"auto_delete\": True,\n \"boot\": True,\n }],\n network_interfaces=[{\n \"network\": \"default\",\n }],\n service_account={\n \"scopes\": [\n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\",\n ],\n })\nigm_no_tp = gcp.compute.InstanceGroupManager(\"igm-no-tp\",\n description=\"Test instance group manager\",\n name=\"my-igm\",\n versions=[{\n \"name\": \"prod\",\n \"instance_template\": igm_basic.self_link,\n }],\n base_instance_name=\"igm-no-tp\",\n zone=\"us-central1-c\",\n target_size=2)\ndefault = gcp.compute.Disk(\"default\",\n name=\"my-disk-name\",\n type=\"pd-ssd\",\n zone=igm[\"zone\"],\n image=\"debian-11-bullseye-v20220719\",\n physical_block_size_bytes=4096)\nwith_disk = gcp.compute.PerInstanceConfig(\"with_disk\",\n zone=igm[\"zone\"],\n instance_group_manager=igm[\"name\"],\n name=\"instance-1\",\n preserved_state={\n \"metadata\": {\n \"foo\": \"bar\",\n \"instance_template\": igm_basic.self_link,\n },\n \"disks\": [{\n \"device_name\": \"my-stateful-disk\",\n \"source\": default.id,\n \"mode\": \"READ_ONLY\",\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var igm_basic = new Gcp.Compute.InstanceTemplate(\"igm-basic\", new()\n {\n Name = \"my-template\",\n MachineType = \"e2-medium\",\n CanIpForward = false,\n Tags = new[]\n {\n \"foo\",\n \"bar\",\n },\n Disks = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateDiskArgs\n {\n SourceImage = myImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n AutoDelete = true,\n Boot = true,\n },\n },\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs\n {\n Network = \"default\",\n },\n },\n ServiceAccount = new Gcp.Compute.Inputs.InstanceTemplateServiceAccountArgs\n {\n Scopes = new[]\n {\n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\",\n },\n },\n });\n\n var igm_no_tp = new Gcp.Compute.InstanceGroupManager(\"igm-no-tp\", new()\n {\n Description = \"Test instance group manager\",\n Name = \"my-igm\",\n Versions = new[]\n {\n new Gcp.Compute.Inputs.InstanceGroupManagerVersionArgs\n {\n Name = \"prod\",\n InstanceTemplate = igm_basic.SelfLink,\n },\n },\n BaseInstanceName = \"igm-no-tp\",\n Zone = \"us-central1-c\",\n TargetSize = 2,\n });\n\n var @default = new Gcp.Compute.Disk(\"default\", new()\n {\n Name = \"my-disk-name\",\n Type = \"pd-ssd\",\n Zone = igm.Zone,\n Image = \"debian-11-bullseye-v20220719\",\n PhysicalBlockSizeBytes = 4096,\n });\n\n var withDisk = new Gcp.Compute.PerInstanceConfig(\"with_disk\", new()\n {\n Zone = igm.Zone,\n InstanceGroupManager = igm.Name,\n Name = \"instance-1\",\n PreservedState = new Gcp.Compute.Inputs.PerInstanceConfigPreservedStateArgs\n {\n Metadata = \n {\n { \"foo\", \"bar\" },\n { \"instance_template\", igm_basic.SelfLink },\n },\n Disks = new[]\n {\n new Gcp.Compute.Inputs.PerInstanceConfigPreservedStateDiskArgs\n {\n DeviceName = \"my-stateful-disk\",\n Source = @default.Id,\n Mode = \"READ_ONLY\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceTemplate(ctx, \"igm-basic\", \u0026compute.InstanceTemplateArgs{\n\t\t\tName: pulumi.String(\"my-template\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tCanIpForward: pulumi.Bool(false),\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"foo\"),\n\t\t\t\tpulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tDisks: compute.InstanceTemplateDiskArray{\n\t\t\t\t\u0026compute.InstanceTemplateDiskArgs{\n\t\t\t\t\tSourceImage: pulumi.String(myImage.SelfLink),\n\t\t\t\t\tAutoDelete: pulumi.Bool(true),\n\t\t\t\t\tBoot: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceTemplateNetworkInterfaceArgs{\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tServiceAccount: \u0026compute.InstanceTemplateServiceAccountArgs{\n\t\t\t\tScopes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"userinfo-email\"),\n\t\t\t\t\tpulumi.String(\"compute-ro\"),\n\t\t\t\t\tpulumi.String(\"storage-ro\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceGroupManager(ctx, \"igm-no-tp\", \u0026compute.InstanceGroupManagerArgs{\n\t\t\tDescription: pulumi.String(\"Test instance group manager\"),\n\t\t\tName: pulumi.String(\"my-igm\"),\n\t\t\tVersions: compute.InstanceGroupManagerVersionArray{\n\t\t\t\t\u0026compute.InstanceGroupManagerVersionArgs{\n\t\t\t\t\tName: pulumi.String(\"prod\"),\n\t\t\t\t\tInstanceTemplate: igm_basic.SelfLink,\n\t\t\t\t},\n\t\t\t},\n\t\t\tBaseInstanceName: pulumi.String(\"igm-no-tp\"),\n\t\t\tZone: pulumi.String(\"us-central1-c\"),\n\t\t\tTargetSize: pulumi.Int(2),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDisk(ctx, \"default\", \u0026compute.DiskArgs{\n\t\t\tName: pulumi.String(\"my-disk-name\"),\n\t\t\tType: pulumi.String(\"pd-ssd\"),\n\t\t\tZone: pulumi.Any(igm.Zone),\n\t\t\tImage: pulumi.String(\"debian-11-bullseye-v20220719\"),\n\t\t\tPhysicalBlockSizeBytes: pulumi.Int(4096),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewPerInstanceConfig(ctx, \"with_disk\", \u0026compute.PerInstanceConfigArgs{\n\t\t\tZone: pulumi.Any(igm.Zone),\n\t\t\tInstanceGroupManager: pulumi.Any(igm.Name),\n\t\t\tName: pulumi.String(\"instance-1\"),\n\t\t\tPreservedState: \u0026compute.PerInstanceConfigPreservedStateArgs{\n\t\t\t\tMetadata: pulumi.StringMap{\n\t\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t\t\t\"instance_template\": igm_basic.SelfLink,\n\t\t\t\t},\n\t\t\t\tDisks: compute.PerInstanceConfigPreservedStateDiskArray{\n\t\t\t\t\t\u0026compute.PerInstanceConfigPreservedStateDiskArgs{\n\t\t\t\t\t\tDeviceName: pulumi.String(\"my-stateful-disk\"),\n\t\t\t\t\t\tSource: _default.ID(),\n\t\t\t\t\t\tMode: pulumi.String(\"READ_ONLY\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.InstanceTemplate;\nimport com.pulumi.gcp.compute.InstanceTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateServiceAccountArgs;\nimport com.pulumi.gcp.compute.InstanceGroupManager;\nimport com.pulumi.gcp.compute.InstanceGroupManagerArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceGroupManagerVersionArgs;\nimport com.pulumi.gcp.compute.Disk;\nimport com.pulumi.gcp.compute.DiskArgs;\nimport com.pulumi.gcp.compute.PerInstanceConfig;\nimport com.pulumi.gcp.compute.PerInstanceConfigArgs;\nimport com.pulumi.gcp.compute.inputs.PerInstanceConfigPreservedStateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var igm_basic = new InstanceTemplate(\"igm-basic\", InstanceTemplateArgs.builder()\n .name(\"my-template\")\n .machineType(\"e2-medium\")\n .canIpForward(false)\n .tags( \n \"foo\",\n \"bar\")\n .disks(InstanceTemplateDiskArgs.builder()\n .sourceImage(myImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .autoDelete(true)\n .boot(true)\n .build())\n .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()\n .network(\"default\")\n .build())\n .serviceAccount(InstanceTemplateServiceAccountArgs.builder()\n .scopes( \n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\")\n .build())\n .build());\n\n var igm_no_tp = new InstanceGroupManager(\"igm-no-tp\", InstanceGroupManagerArgs.builder()\n .description(\"Test instance group manager\")\n .name(\"my-igm\")\n .versions(InstanceGroupManagerVersionArgs.builder()\n .name(\"prod\")\n .instanceTemplate(igm_basic.selfLink())\n .build())\n .baseInstanceName(\"igm-no-tp\")\n .zone(\"us-central1-c\")\n .targetSize(2)\n .build());\n\n var default_ = new Disk(\"default\", DiskArgs.builder()\n .name(\"my-disk-name\")\n .type(\"pd-ssd\")\n .zone(igm.zone())\n .image(\"debian-11-bullseye-v20220719\")\n .physicalBlockSizeBytes(4096)\n .build());\n\n var withDisk = new PerInstanceConfig(\"withDisk\", PerInstanceConfigArgs.builder()\n .zone(igm.zone())\n .instanceGroupManager(igm.name())\n .name(\"instance-1\")\n .preservedState(PerInstanceConfigPreservedStateArgs.builder()\n .metadata(Map.ofEntries(\n Map.entry(\"foo\", \"bar\"),\n Map.entry(\"instance_template\", igm_basic.selfLink())\n ))\n .disks(PerInstanceConfigPreservedStateDiskArgs.builder()\n .deviceName(\"my-stateful-disk\")\n .source(default_.id())\n .mode(\"READ_ONLY\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n igm-basic:\n type: gcp:compute:InstanceTemplate\n properties:\n name: my-template\n machineType: e2-medium\n canIpForward: false\n tags:\n - foo\n - bar\n disks:\n - sourceImage: ${myImage.selfLink}\n autoDelete: true\n boot: true\n networkInterfaces:\n - network: default\n serviceAccount:\n scopes:\n - userinfo-email\n - compute-ro\n - storage-ro\n igm-no-tp:\n type: gcp:compute:InstanceGroupManager\n properties:\n description: Test instance group manager\n name: my-igm\n versions:\n - name: prod\n instanceTemplate: ${[\"igm-basic\"].selfLink}\n baseInstanceName: igm-no-tp\n zone: us-central1-c\n targetSize: 2\n default:\n type: gcp:compute:Disk\n properties:\n name: my-disk-name\n type: pd-ssd\n zone: ${igm.zone}\n image: debian-11-bullseye-v20220719\n physicalBlockSizeBytes: 4096\n withDisk:\n type: gcp:compute:PerInstanceConfig\n name: with_disk\n properties:\n zone: ${igm.zone}\n instanceGroupManager: ${igm.name}\n name: instance-1\n preservedState:\n metadata:\n foo: bar\n instance_template: ${[\"igm-basic\"].selfLink}\n disks:\n - deviceName: my-stateful-disk\n source: ${default.id}\n mode: READ_ONLY\nvariables:\n myImage:\n fn::invoke:\n Function: gcp:compute:getImage\n Arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nPerInstanceConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/zones/{{zone}}/instanceGroupManagers/{{instance_group_manager}}/{{name}}`\n\n* `{{project}}/{{zone}}/{{instance_group_manager}}/{{name}}`\n\n* `{{zone}}/{{instance_group_manager}}/{{name}}`\n\n* `{{instance_group_manager}}/{{name}}`\n\nWhen using the `pulumi import` command, PerInstanceConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/perInstanceConfig:PerInstanceConfig default projects/{{project}}/zones/{{zone}}/instanceGroupManagers/{{instance_group_manager}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/perInstanceConfig:PerInstanceConfig default {{project}}/{{zone}}/{{instance_group_manager}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/perInstanceConfig:PerInstanceConfig default {{zone}}/{{instance_group_manager}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/perInstanceConfig:PerInstanceConfig default {{instance_group_manager}}/{{name}}\n```\n\n", + "description": "A config defined for a single managed instance that belongs to an instance group manager. It preserves the instance name\nacross instance group manager operations and can define stateful disks or metadata that are unique to the instance.\n\n\nTo get more information about PerInstanceConfig, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/instanceGroupManagers)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/compute/docs/instance-groups/stateful-migs#per-instance_configs)\n\n## Example Usage\n\n### Stateful Igm\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst igm_basic = new gcp.compute.InstanceTemplate(\"igm-basic\", {\n name: \"my-template\",\n machineType: \"e2-medium\",\n canIpForward: false,\n tags: [\n \"foo\",\n \"bar\",\n ],\n disks: [{\n sourceImage: myImage.then(myImage =\u003e myImage.selfLink),\n autoDelete: true,\n boot: true,\n }],\n networkInterfaces: [{\n network: \"default\",\n }],\n serviceAccount: {\n scopes: [\n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\",\n ],\n },\n});\nconst igm_no_tp = new gcp.compute.InstanceGroupManager(\"igm-no-tp\", {\n description: \"Test instance group manager\",\n name: \"my-igm\",\n versions: [{\n name: \"prod\",\n instanceTemplate: igm_basic.selfLink,\n }],\n baseInstanceName: \"igm-no-tp\",\n zone: \"us-central1-c\",\n targetSize: 2,\n});\nconst _default = new gcp.compute.Disk(\"default\", {\n name: \"my-disk-name\",\n type: \"pd-ssd\",\n zone: igm.zone,\n image: \"debian-11-bullseye-v20220719\",\n physicalBlockSizeBytes: 4096,\n});\nconst withDisk = new gcp.compute.PerInstanceConfig(\"with_disk\", {\n zone: igm.zone,\n instanceGroupManager: igm.name,\n name: \"instance-1\",\n preservedState: {\n metadata: {\n foo: \"bar\",\n instance_template: igm_basic.selfLink,\n },\n disks: [{\n deviceName: \"my-stateful-disk\",\n source: _default.id,\n mode: \"READ_ONLY\",\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\nigm_basic = gcp.compute.InstanceTemplate(\"igm-basic\",\n name=\"my-template\",\n machine_type=\"e2-medium\",\n can_ip_forward=False,\n tags=[\n \"foo\",\n \"bar\",\n ],\n disks=[{\n \"source_image\": my_image.self_link,\n \"auto_delete\": True,\n \"boot\": True,\n }],\n network_interfaces=[{\n \"network\": \"default\",\n }],\n service_account={\n \"scopes\": [\n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\",\n ],\n })\nigm_no_tp = gcp.compute.InstanceGroupManager(\"igm-no-tp\",\n description=\"Test instance group manager\",\n name=\"my-igm\",\n versions=[{\n \"name\": \"prod\",\n \"instance_template\": igm_basic.self_link,\n }],\n base_instance_name=\"igm-no-tp\",\n zone=\"us-central1-c\",\n target_size=2)\ndefault = gcp.compute.Disk(\"default\",\n name=\"my-disk-name\",\n type=\"pd-ssd\",\n zone=igm[\"zone\"],\n image=\"debian-11-bullseye-v20220719\",\n physical_block_size_bytes=4096)\nwith_disk = gcp.compute.PerInstanceConfig(\"with_disk\",\n zone=igm[\"zone\"],\n instance_group_manager=igm[\"name\"],\n name=\"instance-1\",\n preserved_state={\n \"metadata\": {\n \"foo\": \"bar\",\n \"instance_template\": igm_basic.self_link,\n },\n \"disks\": [{\n \"device_name\": \"my-stateful-disk\",\n \"source\": default.id,\n \"mode\": \"READ_ONLY\",\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var igm_basic = new Gcp.Compute.InstanceTemplate(\"igm-basic\", new()\n {\n Name = \"my-template\",\n MachineType = \"e2-medium\",\n CanIpForward = false,\n Tags = new[]\n {\n \"foo\",\n \"bar\",\n },\n Disks = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateDiskArgs\n {\n SourceImage = myImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n AutoDelete = true,\n Boot = true,\n },\n },\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs\n {\n Network = \"default\",\n },\n },\n ServiceAccount = new Gcp.Compute.Inputs.InstanceTemplateServiceAccountArgs\n {\n Scopes = new[]\n {\n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\",\n },\n },\n });\n\n var igm_no_tp = new Gcp.Compute.InstanceGroupManager(\"igm-no-tp\", new()\n {\n Description = \"Test instance group manager\",\n Name = \"my-igm\",\n Versions = new[]\n {\n new Gcp.Compute.Inputs.InstanceGroupManagerVersionArgs\n {\n Name = \"prod\",\n InstanceTemplate = igm_basic.SelfLink,\n },\n },\n BaseInstanceName = \"igm-no-tp\",\n Zone = \"us-central1-c\",\n TargetSize = 2,\n });\n\n var @default = new Gcp.Compute.Disk(\"default\", new()\n {\n Name = \"my-disk-name\",\n Type = \"pd-ssd\",\n Zone = igm.Zone,\n Image = \"debian-11-bullseye-v20220719\",\n PhysicalBlockSizeBytes = 4096,\n });\n\n var withDisk = new Gcp.Compute.PerInstanceConfig(\"with_disk\", new()\n {\n Zone = igm.Zone,\n InstanceGroupManager = igm.Name,\n Name = \"instance-1\",\n PreservedState = new Gcp.Compute.Inputs.PerInstanceConfigPreservedStateArgs\n {\n Metadata = \n {\n { \"foo\", \"bar\" },\n { \"instance_template\", igm_basic.SelfLink },\n },\n Disks = new[]\n {\n new Gcp.Compute.Inputs.PerInstanceConfigPreservedStateDiskArgs\n {\n DeviceName = \"my-stateful-disk\",\n Source = @default.Id,\n Mode = \"READ_ONLY\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceTemplate(ctx, \"igm-basic\", \u0026compute.InstanceTemplateArgs{\n\t\t\tName: pulumi.String(\"my-template\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tCanIpForward: pulumi.Bool(false),\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"foo\"),\n\t\t\t\tpulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tDisks: compute.InstanceTemplateDiskArray{\n\t\t\t\t\u0026compute.InstanceTemplateDiskArgs{\n\t\t\t\t\tSourceImage: pulumi.String(myImage.SelfLink),\n\t\t\t\t\tAutoDelete: pulumi.Bool(true),\n\t\t\t\t\tBoot: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceTemplateNetworkInterfaceArgs{\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tServiceAccount: \u0026compute.InstanceTemplateServiceAccountArgs{\n\t\t\t\tScopes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"userinfo-email\"),\n\t\t\t\t\tpulumi.String(\"compute-ro\"),\n\t\t\t\t\tpulumi.String(\"storage-ro\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceGroupManager(ctx, \"igm-no-tp\", \u0026compute.InstanceGroupManagerArgs{\n\t\t\tDescription: pulumi.String(\"Test instance group manager\"),\n\t\t\tName: pulumi.String(\"my-igm\"),\n\t\t\tVersions: compute.InstanceGroupManagerVersionArray{\n\t\t\t\t\u0026compute.InstanceGroupManagerVersionArgs{\n\t\t\t\t\tName: pulumi.String(\"prod\"),\n\t\t\t\t\tInstanceTemplate: igm_basic.SelfLink,\n\t\t\t\t},\n\t\t\t},\n\t\t\tBaseInstanceName: pulumi.String(\"igm-no-tp\"),\n\t\t\tZone: pulumi.String(\"us-central1-c\"),\n\t\t\tTargetSize: pulumi.Int(2),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDisk(ctx, \"default\", \u0026compute.DiskArgs{\n\t\t\tName: pulumi.String(\"my-disk-name\"),\n\t\t\tType: pulumi.String(\"pd-ssd\"),\n\t\t\tZone: pulumi.Any(igm.Zone),\n\t\t\tImage: pulumi.String(\"debian-11-bullseye-v20220719\"),\n\t\t\tPhysicalBlockSizeBytes: pulumi.Int(4096),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewPerInstanceConfig(ctx, \"with_disk\", \u0026compute.PerInstanceConfigArgs{\n\t\t\tZone: pulumi.Any(igm.Zone),\n\t\t\tInstanceGroupManager: pulumi.Any(igm.Name),\n\t\t\tName: pulumi.String(\"instance-1\"),\n\t\t\tPreservedState: \u0026compute.PerInstanceConfigPreservedStateArgs{\n\t\t\t\tMetadata: pulumi.StringMap{\n\t\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t\t\t\"instance_template\": igm_basic.SelfLink,\n\t\t\t\t},\n\t\t\t\tDisks: compute.PerInstanceConfigPreservedStateDiskArray{\n\t\t\t\t\t\u0026compute.PerInstanceConfigPreservedStateDiskArgs{\n\t\t\t\t\t\tDeviceName: pulumi.String(\"my-stateful-disk\"),\n\t\t\t\t\t\tSource: _default.ID(),\n\t\t\t\t\t\tMode: pulumi.String(\"READ_ONLY\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.InstanceTemplate;\nimport com.pulumi.gcp.compute.InstanceTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateServiceAccountArgs;\nimport com.pulumi.gcp.compute.InstanceGroupManager;\nimport com.pulumi.gcp.compute.InstanceGroupManagerArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceGroupManagerVersionArgs;\nimport com.pulumi.gcp.compute.Disk;\nimport com.pulumi.gcp.compute.DiskArgs;\nimport com.pulumi.gcp.compute.PerInstanceConfig;\nimport com.pulumi.gcp.compute.PerInstanceConfigArgs;\nimport com.pulumi.gcp.compute.inputs.PerInstanceConfigPreservedStateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var igm_basic = new InstanceTemplate(\"igm-basic\", InstanceTemplateArgs.builder()\n .name(\"my-template\")\n .machineType(\"e2-medium\")\n .canIpForward(false)\n .tags( \n \"foo\",\n \"bar\")\n .disks(InstanceTemplateDiskArgs.builder()\n .sourceImage(myImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .autoDelete(true)\n .boot(true)\n .build())\n .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()\n .network(\"default\")\n .build())\n .serviceAccount(InstanceTemplateServiceAccountArgs.builder()\n .scopes( \n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\")\n .build())\n .build());\n\n var igm_no_tp = new InstanceGroupManager(\"igm-no-tp\", InstanceGroupManagerArgs.builder()\n .description(\"Test instance group manager\")\n .name(\"my-igm\")\n .versions(InstanceGroupManagerVersionArgs.builder()\n .name(\"prod\")\n .instanceTemplate(igm_basic.selfLink())\n .build())\n .baseInstanceName(\"igm-no-tp\")\n .zone(\"us-central1-c\")\n .targetSize(2)\n .build());\n\n var default_ = new Disk(\"default\", DiskArgs.builder()\n .name(\"my-disk-name\")\n .type(\"pd-ssd\")\n .zone(igm.zone())\n .image(\"debian-11-bullseye-v20220719\")\n .physicalBlockSizeBytes(4096)\n .build());\n\n var withDisk = new PerInstanceConfig(\"withDisk\", PerInstanceConfigArgs.builder()\n .zone(igm.zone())\n .instanceGroupManager(igm.name())\n .name(\"instance-1\")\n .preservedState(PerInstanceConfigPreservedStateArgs.builder()\n .metadata(Map.ofEntries(\n Map.entry(\"foo\", \"bar\"),\n Map.entry(\"instance_template\", igm_basic.selfLink())\n ))\n .disks(PerInstanceConfigPreservedStateDiskArgs.builder()\n .deviceName(\"my-stateful-disk\")\n .source(default_.id())\n .mode(\"READ_ONLY\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n igm-basic:\n type: gcp:compute:InstanceTemplate\n properties:\n name: my-template\n machineType: e2-medium\n canIpForward: false\n tags:\n - foo\n - bar\n disks:\n - sourceImage: ${myImage.selfLink}\n autoDelete: true\n boot: true\n networkInterfaces:\n - network: default\n serviceAccount:\n scopes:\n - userinfo-email\n - compute-ro\n - storage-ro\n igm-no-tp:\n type: gcp:compute:InstanceGroupManager\n properties:\n description: Test instance group manager\n name: my-igm\n versions:\n - name: prod\n instanceTemplate: ${[\"igm-basic\"].selfLink}\n baseInstanceName: igm-no-tp\n zone: us-central1-c\n targetSize: 2\n default:\n type: gcp:compute:Disk\n properties:\n name: my-disk-name\n type: pd-ssd\n zone: ${igm.zone}\n image: debian-11-bullseye-v20220719\n physicalBlockSizeBytes: 4096\n withDisk:\n type: gcp:compute:PerInstanceConfig\n name: with_disk\n properties:\n zone: ${igm.zone}\n instanceGroupManager: ${igm.name}\n name: instance-1\n preservedState:\n metadata:\n foo: bar\n instance_template: ${[\"igm-basic\"].selfLink}\n disks:\n - deviceName: my-stateful-disk\n source: ${default.id}\n mode: READ_ONLY\nvariables:\n myImage:\n fn::invoke:\n function: gcp:compute:getImage\n arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nPerInstanceConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/zones/{{zone}}/instanceGroupManagers/{{instance_group_manager}}/{{name}}`\n\n* `{{project}}/{{zone}}/{{instance_group_manager}}/{{name}}`\n\n* `{{zone}}/{{instance_group_manager}}/{{name}}`\n\n* `{{instance_group_manager}}/{{name}}`\n\nWhen using the `pulumi import` command, PerInstanceConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/perInstanceConfig:PerInstanceConfig default projects/{{project}}/zones/{{zone}}/instanceGroupManagers/{{instance_group_manager}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/perInstanceConfig:PerInstanceConfig default {{project}}/{{zone}}/{{instance_group_manager}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/perInstanceConfig:PerInstanceConfig default {{zone}}/{{instance_group_manager}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/perInstanceConfig:PerInstanceConfig default {{instance_group_manager}}/{{name}}\n```\n\n", "properties": { "instanceGroupManager": { "type": "string", @@ -173006,7 +173006,7 @@ } }, "gcp:compute/projectCloudArmorTier:ProjectCloudArmorTier": { - "description": "Sets the Cloud Armor tier of the project.\n\n\nTo get more information about ProjectCloudArmorTier, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/projects/setCloudArmorTier)\n* How-to Guides\n * [Subscribing to Cloud Armor Enterprise](https://cloud.google.com/armor/docs/managed-protection-overview#subscribing_to_plus)\n\n## Example Usage\n\n### Compute Project Cloud Armor Tier Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cloudArmorTierConfig = new gcp.compute.ProjectCloudArmorTier(\"cloud_armor_tier_config\", {cloudArmorTier: \"CA_STANDARD\"});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncloud_armor_tier_config = gcp.compute.ProjectCloudArmorTier(\"cloud_armor_tier_config\", cloud_armor_tier=\"CA_STANDARD\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cloudArmorTierConfig = new Gcp.Compute.ProjectCloudArmorTier(\"cloud_armor_tier_config\", new()\n {\n CloudArmorTier = \"CA_STANDARD\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewProjectCloudArmorTier(ctx, \"cloud_armor_tier_config\", \u0026compute.ProjectCloudArmorTierArgs{\n\t\t\tCloudArmorTier: pulumi.String(\"CA_STANDARD\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ProjectCloudArmorTier;\nimport com.pulumi.gcp.compute.ProjectCloudArmorTierArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cloudArmorTierConfig = new ProjectCloudArmorTier(\"cloudArmorTierConfig\", ProjectCloudArmorTierArgs.builder()\n .cloudArmorTier(\"CA_STANDARD\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cloudArmorTierConfig:\n type: gcp:compute:ProjectCloudArmorTier\n name: cloud_armor_tier_config\n properties:\n cloudArmorTier: CA_STANDARD\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Compute Project Cloud Armor Tier Project Set\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.organizations.Project(\"project\", {\n projectId: \"your_project_id\",\n name: \"your_project_id\",\n orgId: \"123456789\",\n billingAccount: \"000000-0000000-0000000-000000\",\n deletionPolicy: \"DELETE\",\n});\nconst compute = new gcp.projects.Service(\"compute\", {\n project: project.projectId,\n service: \"compute.googleapis.com\",\n});\nconst cloudArmorTierConfig = new gcp.compute.ProjectCloudArmorTier(\"cloud_armor_tier_config\", {\n project: project.projectId,\n cloudArmorTier: \"CA_STANDARD\",\n}, {\n dependsOn: [compute],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.Project(\"project\",\n project_id=\"your_project_id\",\n name=\"your_project_id\",\n org_id=\"123456789\",\n billing_account=\"000000-0000000-0000000-000000\",\n deletion_policy=\"DELETE\")\ncompute = gcp.projects.Service(\"compute\",\n project=project.project_id,\n service=\"compute.googleapis.com\")\ncloud_armor_tier_config = gcp.compute.ProjectCloudArmorTier(\"cloud_armor_tier_config\",\n project=project.project_id,\n cloud_armor_tier=\"CA_STANDARD\",\n opts = pulumi.ResourceOptions(depends_on=[compute]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Organizations.Project(\"project\", new()\n {\n ProjectId = \"your_project_id\",\n Name = \"your_project_id\",\n OrgId = \"123456789\",\n BillingAccount = \"000000-0000000-0000000-000000\",\n DeletionPolicy = \"DELETE\",\n });\n\n var compute = new Gcp.Projects.Service(\"compute\", new()\n {\n Project = project.ProjectId,\n ServiceName = \"compute.googleapis.com\",\n });\n\n var cloudArmorTierConfig = new Gcp.Compute.ProjectCloudArmorTier(\"cloud_armor_tier_config\", new()\n {\n Project = project.ProjectId,\n CloudArmorTier = \"CA_STANDARD\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n compute,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.NewProject(ctx, \"project\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"your_project_id\"),\n\t\t\tName: pulumi.String(\"your_project_id\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tBillingAccount: pulumi.String(\"000000-0000000-0000000-000000\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcompute, err := projects.NewService(ctx, \"compute\", \u0026projects.ServiceArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tService: pulumi.String(\"compute.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewProjectCloudArmorTier(ctx, \"cloud_armor_tier_config\", \u0026compute.ProjectCloudArmorTierArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tCloudArmorTier: pulumi.String(\"CA_STANDARD\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcompute,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.compute.ProjectCloudArmorTier;\nimport com.pulumi.gcp.compute.ProjectCloudArmorTierArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new Project(\"project\", ProjectArgs.builder()\n .projectId(\"your_project_id\")\n .name(\"your_project_id\")\n .orgId(\"123456789\")\n .billingAccount(\"000000-0000000-0000000-000000\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var compute = new Service(\"compute\", ServiceArgs.builder()\n .project(project.projectId())\n .service(\"compute.googleapis.com\")\n .build());\n\n var cloudArmorTierConfig = new ProjectCloudArmorTier(\"cloudArmorTierConfig\", ProjectCloudArmorTierArgs.builder()\n .project(project.projectId())\n .cloudArmorTier(\"CA_STANDARD\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(compute)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:organizations:Project\n properties:\n projectId: your_project_id\n name: your_project_id\n orgId: '123456789'\n billingAccount: 000000-0000000-0000000-000000\n deletionPolicy: DELETE\n compute:\n type: gcp:projects:Service\n properties:\n project: ${project.projectId}\n service: compute.googleapis.com\n cloudArmorTierConfig:\n type: gcp:compute:ProjectCloudArmorTier\n name: cloud_armor_tier_config\n properties:\n project: ${project.projectId}\n cloudArmorTier: CA_STANDARD\n options:\n dependson:\n - ${compute}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProjectCloudArmorTier can be imported using any of these accepted formats:\n\n* `projects/{{project}}`\n\n* `{{project}}`\n\nWhen using the `pulumi import` command, ProjectCloudArmorTier can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/projectCloudArmorTier:ProjectCloudArmorTier default projects/{{project}}\n```\n\n```sh\n$ pulumi import gcp:compute/projectCloudArmorTier:ProjectCloudArmorTier default {{project}}\n```\n\n", + "description": "Sets the Cloud Armor tier of the project.\n\n\nTo get more information about ProjectCloudArmorTier, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/projects/setCloudArmorTier)\n* How-to Guides\n * [Subscribing to Cloud Armor Enterprise](https://cloud.google.com/armor/docs/managed-protection-overview#subscribing_to_plus)\n\n## Example Usage\n\n### Compute Project Cloud Armor Tier Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cloudArmorTierConfig = new gcp.compute.ProjectCloudArmorTier(\"cloud_armor_tier_config\", {cloudArmorTier: \"CA_STANDARD\"});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncloud_armor_tier_config = gcp.compute.ProjectCloudArmorTier(\"cloud_armor_tier_config\", cloud_armor_tier=\"CA_STANDARD\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cloudArmorTierConfig = new Gcp.Compute.ProjectCloudArmorTier(\"cloud_armor_tier_config\", new()\n {\n CloudArmorTier = \"CA_STANDARD\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewProjectCloudArmorTier(ctx, \"cloud_armor_tier_config\", \u0026compute.ProjectCloudArmorTierArgs{\n\t\t\tCloudArmorTier: pulumi.String(\"CA_STANDARD\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ProjectCloudArmorTier;\nimport com.pulumi.gcp.compute.ProjectCloudArmorTierArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cloudArmorTierConfig = new ProjectCloudArmorTier(\"cloudArmorTierConfig\", ProjectCloudArmorTierArgs.builder()\n .cloudArmorTier(\"CA_STANDARD\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cloudArmorTierConfig:\n type: gcp:compute:ProjectCloudArmorTier\n name: cloud_armor_tier_config\n properties:\n cloudArmorTier: CA_STANDARD\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Compute Project Cloud Armor Tier Project Set\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.organizations.Project(\"project\", {\n projectId: \"your_project_id\",\n name: \"your_project_id\",\n orgId: \"123456789\",\n billingAccount: \"000000-0000000-0000000-000000\",\n deletionPolicy: \"DELETE\",\n});\nconst compute = new gcp.projects.Service(\"compute\", {\n project: project.projectId,\n service: \"compute.googleapis.com\",\n});\nconst cloudArmorTierConfig = new gcp.compute.ProjectCloudArmorTier(\"cloud_armor_tier_config\", {\n project: project.projectId,\n cloudArmorTier: \"CA_STANDARD\",\n}, {\n dependsOn: [compute],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.Project(\"project\",\n project_id=\"your_project_id\",\n name=\"your_project_id\",\n org_id=\"123456789\",\n billing_account=\"000000-0000000-0000000-000000\",\n deletion_policy=\"DELETE\")\ncompute = gcp.projects.Service(\"compute\",\n project=project.project_id,\n service=\"compute.googleapis.com\")\ncloud_armor_tier_config = gcp.compute.ProjectCloudArmorTier(\"cloud_armor_tier_config\",\n project=project.project_id,\n cloud_armor_tier=\"CA_STANDARD\",\n opts = pulumi.ResourceOptions(depends_on=[compute]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Organizations.Project(\"project\", new()\n {\n ProjectId = \"your_project_id\",\n Name = \"your_project_id\",\n OrgId = \"123456789\",\n BillingAccount = \"000000-0000000-0000000-000000\",\n DeletionPolicy = \"DELETE\",\n });\n\n var compute = new Gcp.Projects.Service(\"compute\", new()\n {\n Project = project.ProjectId,\n ServiceName = \"compute.googleapis.com\",\n });\n\n var cloudArmorTierConfig = new Gcp.Compute.ProjectCloudArmorTier(\"cloud_armor_tier_config\", new()\n {\n Project = project.ProjectId,\n CloudArmorTier = \"CA_STANDARD\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n compute,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.NewProject(ctx, \"project\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"your_project_id\"),\n\t\t\tName: pulumi.String(\"your_project_id\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tBillingAccount: pulumi.String(\"000000-0000000-0000000-000000\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcompute, err := projects.NewService(ctx, \"compute\", \u0026projects.ServiceArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tService: pulumi.String(\"compute.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewProjectCloudArmorTier(ctx, \"cloud_armor_tier_config\", \u0026compute.ProjectCloudArmorTierArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tCloudArmorTier: pulumi.String(\"CA_STANDARD\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcompute,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.compute.ProjectCloudArmorTier;\nimport com.pulumi.gcp.compute.ProjectCloudArmorTierArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new Project(\"project\", ProjectArgs.builder()\n .projectId(\"your_project_id\")\n .name(\"your_project_id\")\n .orgId(\"123456789\")\n .billingAccount(\"000000-0000000-0000000-000000\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var compute = new Service(\"compute\", ServiceArgs.builder()\n .project(project.projectId())\n .service(\"compute.googleapis.com\")\n .build());\n\n var cloudArmorTierConfig = new ProjectCloudArmorTier(\"cloudArmorTierConfig\", ProjectCloudArmorTierArgs.builder()\n .project(project.projectId())\n .cloudArmorTier(\"CA_STANDARD\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(compute)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:organizations:Project\n properties:\n projectId: your_project_id\n name: your_project_id\n orgId: '123456789'\n billingAccount: 000000-0000000-0000000-000000\n deletionPolicy: DELETE\n compute:\n type: gcp:projects:Service\n properties:\n project: ${project.projectId}\n service: compute.googleapis.com\n cloudArmorTierConfig:\n type: gcp:compute:ProjectCloudArmorTier\n name: cloud_armor_tier_config\n properties:\n project: ${project.projectId}\n cloudArmorTier: CA_STANDARD\n options:\n dependsOn:\n - ${compute}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProjectCloudArmorTier can be imported using any of these accepted formats:\n\n* `projects/{{project}}`\n\n* `{{project}}`\n\nWhen using the `pulumi import` command, ProjectCloudArmorTier can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/projectCloudArmorTier:ProjectCloudArmorTier default projects/{{project}}\n```\n\n```sh\n$ pulumi import gcp:compute/projectCloudArmorTier:ProjectCloudArmorTier default {{project}}\n```\n\n", "properties": { "cloudArmorTier": { "type": "string", @@ -173458,7 +173458,7 @@ } }, "gcp:compute/regionAutoscaler:RegionAutoscaler": { - "description": "Represents an Autoscaler resource.\n\nAutoscalers allow you to automatically scale virtual machine instances in\nmanaged instance groups according to an autoscaling policy that you\ndefine.\n\n\nTo get more information about RegionAutoscaler, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/regionAutoscalers)\n* How-to Guides\n * [Autoscaling Groups of Instances](https://cloud.google.com/compute/docs/autoscaler/)\n\n## Example Usage\n\n### Region Autoscaler Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foobarInstanceTemplate = new gcp.compute.InstanceTemplate(\"foobar\", {\n name: \"my-instance-template\",\n machineType: \"e2-standard-4\",\n disks: [{\n sourceImage: \"debian-cloud/debian-11\",\n diskSizeGb: 250,\n }],\n networkInterfaces: [{\n network: \"default\",\n accessConfigs: [{\n networkTier: \"PREMIUM\",\n }],\n }],\n serviceAccount: {\n scopes: [\n \"https://www.googleapis.com/auth/devstorage.read_only\",\n \"https://www.googleapis.com/auth/logging.write\",\n \"https://www.googleapis.com/auth/monitoring.write\",\n \"https://www.googleapis.com/auth/pubsub\",\n \"https://www.googleapis.com/auth/service.management.readonly\",\n \"https://www.googleapis.com/auth/servicecontrol\",\n \"https://www.googleapis.com/auth/trace.append\",\n ],\n },\n});\nconst foobarTargetPool = new gcp.compute.TargetPool(\"foobar\", {name: \"my-target-pool\"});\nconst foobarRegionInstanceGroupManager = new gcp.compute.RegionInstanceGroupManager(\"foobar\", {\n name: \"my-region-igm\",\n region: \"us-central1\",\n versions: [{\n instanceTemplate: foobarInstanceTemplate.id,\n name: \"primary\",\n }],\n targetPools: [foobarTargetPool.id],\n baseInstanceName: \"foobar\",\n});\nconst foobar = new gcp.compute.RegionAutoscaler(\"foobar\", {\n name: \"my-region-autoscaler\",\n region: \"us-central1\",\n target: foobarRegionInstanceGroupManager.id,\n autoscalingPolicy: {\n maxReplicas: 5,\n minReplicas: 1,\n cooldownPeriod: 60,\n cpuUtilization: {\n target: 0.5,\n },\n },\n});\nconst debian9 = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoobar_instance_template = gcp.compute.InstanceTemplate(\"foobar\",\n name=\"my-instance-template\",\n machine_type=\"e2-standard-4\",\n disks=[{\n \"source_image\": \"debian-cloud/debian-11\",\n \"disk_size_gb\": 250,\n }],\n network_interfaces=[{\n \"network\": \"default\",\n \"access_configs\": [{\n \"network_tier\": \"PREMIUM\",\n }],\n }],\n service_account={\n \"scopes\": [\n \"https://www.googleapis.com/auth/devstorage.read_only\",\n \"https://www.googleapis.com/auth/logging.write\",\n \"https://www.googleapis.com/auth/monitoring.write\",\n \"https://www.googleapis.com/auth/pubsub\",\n \"https://www.googleapis.com/auth/service.management.readonly\",\n \"https://www.googleapis.com/auth/servicecontrol\",\n \"https://www.googleapis.com/auth/trace.append\",\n ],\n })\nfoobar_target_pool = gcp.compute.TargetPool(\"foobar\", name=\"my-target-pool\")\nfoobar_region_instance_group_manager = gcp.compute.RegionInstanceGroupManager(\"foobar\",\n name=\"my-region-igm\",\n region=\"us-central1\",\n versions=[{\n \"instance_template\": foobar_instance_template.id,\n \"name\": \"primary\",\n }],\n target_pools=[foobar_target_pool.id],\n base_instance_name=\"foobar\")\nfoobar = gcp.compute.RegionAutoscaler(\"foobar\",\n name=\"my-region-autoscaler\",\n region=\"us-central1\",\n target=foobar_region_instance_group_manager.id,\n autoscaling_policy={\n \"max_replicas\": 5,\n \"min_replicas\": 1,\n \"cooldown_period\": 60,\n \"cpu_utilization\": {\n \"target\": 0.5,\n },\n })\ndebian9 = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foobarInstanceTemplate = new Gcp.Compute.InstanceTemplate(\"foobar\", new()\n {\n Name = \"my-instance-template\",\n MachineType = \"e2-standard-4\",\n Disks = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateDiskArgs\n {\n SourceImage = \"debian-cloud/debian-11\",\n DiskSizeGb = 250,\n },\n },\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs\n {\n Network = \"default\",\n AccessConfigs = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceAccessConfigArgs\n {\n NetworkTier = \"PREMIUM\",\n },\n },\n },\n },\n ServiceAccount = new Gcp.Compute.Inputs.InstanceTemplateServiceAccountArgs\n {\n Scopes = new[]\n {\n \"https://www.googleapis.com/auth/devstorage.read_only\",\n \"https://www.googleapis.com/auth/logging.write\",\n \"https://www.googleapis.com/auth/monitoring.write\",\n \"https://www.googleapis.com/auth/pubsub\",\n \"https://www.googleapis.com/auth/service.management.readonly\",\n \"https://www.googleapis.com/auth/servicecontrol\",\n \"https://www.googleapis.com/auth/trace.append\",\n },\n },\n });\n\n var foobarTargetPool = new Gcp.Compute.TargetPool(\"foobar\", new()\n {\n Name = \"my-target-pool\",\n });\n\n var foobarRegionInstanceGroupManager = new Gcp.Compute.RegionInstanceGroupManager(\"foobar\", new()\n {\n Name = \"my-region-igm\",\n Region = \"us-central1\",\n Versions = new[]\n {\n new Gcp.Compute.Inputs.RegionInstanceGroupManagerVersionArgs\n {\n InstanceTemplate = foobarInstanceTemplate.Id,\n Name = \"primary\",\n },\n },\n TargetPools = new[]\n {\n foobarTargetPool.Id,\n },\n BaseInstanceName = \"foobar\",\n });\n\n var foobar = new Gcp.Compute.RegionAutoscaler(\"foobar\", new()\n {\n Name = \"my-region-autoscaler\",\n Region = \"us-central1\",\n Target = foobarRegionInstanceGroupManager.Id,\n AutoscalingPolicy = new Gcp.Compute.Inputs.RegionAutoscalerAutoscalingPolicyArgs\n {\n MaxReplicas = 5,\n MinReplicas = 1,\n CooldownPeriod = 60,\n CpuUtilization = new Gcp.Compute.Inputs.RegionAutoscalerAutoscalingPolicyCpuUtilizationArgs\n {\n Target = 0.5,\n },\n },\n });\n\n var debian9 = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfoobarInstanceTemplate, err := compute.NewInstanceTemplate(ctx, \"foobar\", \u0026compute.InstanceTemplateArgs{\n\t\t\tName: pulumi.String(\"my-instance-template\"),\n\t\t\tMachineType: pulumi.String(\"e2-standard-4\"),\n\t\t\tDisks: compute.InstanceTemplateDiskArray{\n\t\t\t\t\u0026compute.InstanceTemplateDiskArgs{\n\t\t\t\t\tSourceImage: pulumi.String(\"debian-cloud/debian-11\"),\n\t\t\t\t\tDiskSizeGb: pulumi.Int(250),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceTemplateNetworkInterfaceArgs{\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t\tAccessConfigs: compute.InstanceTemplateNetworkInterfaceAccessConfigArray{\n\t\t\t\t\t\t\u0026compute.InstanceTemplateNetworkInterfaceAccessConfigArgs{\n\t\t\t\t\t\t\tNetworkTier: pulumi.String(\"PREMIUM\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tServiceAccount: \u0026compute.InstanceTemplateServiceAccountArgs{\n\t\t\t\tScopes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"https://www.googleapis.com/auth/devstorage.read_only\"),\n\t\t\t\t\tpulumi.String(\"https://www.googleapis.com/auth/logging.write\"),\n\t\t\t\t\tpulumi.String(\"https://www.googleapis.com/auth/monitoring.write\"),\n\t\t\t\t\tpulumi.String(\"https://www.googleapis.com/auth/pubsub\"),\n\t\t\t\t\tpulumi.String(\"https://www.googleapis.com/auth/service.management.readonly\"),\n\t\t\t\t\tpulumi.String(\"https://www.googleapis.com/auth/servicecontrol\"),\n\t\t\t\t\tpulumi.String(\"https://www.googleapis.com/auth/trace.append\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoobarTargetPool, err := compute.NewTargetPool(ctx, \"foobar\", \u0026compute.TargetPoolArgs{\n\t\t\tName: pulumi.String(\"my-target-pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoobarRegionInstanceGroupManager, err := compute.NewRegionInstanceGroupManager(ctx, \"foobar\", \u0026compute.RegionInstanceGroupManagerArgs{\n\t\t\tName: pulumi.String(\"my-region-igm\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tVersions: compute.RegionInstanceGroupManagerVersionArray{\n\t\t\t\t\u0026compute.RegionInstanceGroupManagerVersionArgs{\n\t\t\t\t\tInstanceTemplate: foobarInstanceTemplate.ID(),\n\t\t\t\t\tName: pulumi.String(\"primary\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTargetPools: pulumi.StringArray{\n\t\t\t\tfoobarTargetPool.ID(),\n\t\t\t},\n\t\t\tBaseInstanceName: pulumi.String(\"foobar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionAutoscaler(ctx, \"foobar\", \u0026compute.RegionAutoscalerArgs{\n\t\t\tName: pulumi.String(\"my-region-autoscaler\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tTarget: foobarRegionInstanceGroupManager.ID(),\n\t\t\tAutoscalingPolicy: \u0026compute.RegionAutoscalerAutoscalingPolicyArgs{\n\t\t\t\tMaxReplicas: pulumi.Int(5),\n\t\t\t\tMinReplicas: pulumi.Int(1),\n\t\t\t\tCooldownPeriod: pulumi.Int(60),\n\t\t\t\tCpuUtilization: \u0026compute.RegionAutoscalerAutoscalingPolicyCpuUtilizationArgs{\n\t\t\t\t\tTarget: pulumi.Float64(0.5),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceTemplate;\nimport com.pulumi.gcp.compute.InstanceTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateServiceAccountArgs;\nimport com.pulumi.gcp.compute.TargetPool;\nimport com.pulumi.gcp.compute.TargetPoolArgs;\nimport com.pulumi.gcp.compute.RegionInstanceGroupManager;\nimport com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;\nimport com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;\nimport com.pulumi.gcp.compute.RegionAutoscaler;\nimport com.pulumi.gcp.compute.RegionAutoscalerArgs;\nimport com.pulumi.gcp.compute.inputs.RegionAutoscalerAutoscalingPolicyArgs;\nimport com.pulumi.gcp.compute.inputs.RegionAutoscalerAutoscalingPolicyCpuUtilizationArgs;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foobarInstanceTemplate = new InstanceTemplate(\"foobarInstanceTemplate\", InstanceTemplateArgs.builder()\n .name(\"my-instance-template\")\n .machineType(\"e2-standard-4\")\n .disks(InstanceTemplateDiskArgs.builder()\n .sourceImage(\"debian-cloud/debian-11\")\n .diskSizeGb(250)\n .build())\n .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()\n .network(\"default\")\n .accessConfigs(InstanceTemplateNetworkInterfaceAccessConfigArgs.builder()\n .networkTier(\"PREMIUM\")\n .build())\n .build())\n .serviceAccount(InstanceTemplateServiceAccountArgs.builder()\n .scopes( \n \"https://www.googleapis.com/auth/devstorage.read_only\",\n \"https://www.googleapis.com/auth/logging.write\",\n \"https://www.googleapis.com/auth/monitoring.write\",\n \"https://www.googleapis.com/auth/pubsub\",\n \"https://www.googleapis.com/auth/service.management.readonly\",\n \"https://www.googleapis.com/auth/servicecontrol\",\n \"https://www.googleapis.com/auth/trace.append\")\n .build())\n .build());\n\n var foobarTargetPool = new TargetPool(\"foobarTargetPool\", TargetPoolArgs.builder()\n .name(\"my-target-pool\")\n .build());\n\n var foobarRegionInstanceGroupManager = new RegionInstanceGroupManager(\"foobarRegionInstanceGroupManager\", RegionInstanceGroupManagerArgs.builder()\n .name(\"my-region-igm\")\n .region(\"us-central1\")\n .versions(RegionInstanceGroupManagerVersionArgs.builder()\n .instanceTemplate(foobarInstanceTemplate.id())\n .name(\"primary\")\n .build())\n .targetPools(foobarTargetPool.id())\n .baseInstanceName(\"foobar\")\n .build());\n\n var foobar = new RegionAutoscaler(\"foobar\", RegionAutoscalerArgs.builder()\n .name(\"my-region-autoscaler\")\n .region(\"us-central1\")\n .target(foobarRegionInstanceGroupManager.id())\n .autoscalingPolicy(RegionAutoscalerAutoscalingPolicyArgs.builder()\n .maxReplicas(5)\n .minReplicas(1)\n .cooldownPeriod(60)\n .cpuUtilization(RegionAutoscalerAutoscalingPolicyCpuUtilizationArgs.builder()\n .target(0.5)\n .build())\n .build())\n .build());\n\n final var debian9 = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foobar:\n type: gcp:compute:RegionAutoscaler\n properties:\n name: my-region-autoscaler\n region: us-central1\n target: ${foobarRegionInstanceGroupManager.id}\n autoscalingPolicy:\n maxReplicas: 5\n minReplicas: 1\n cooldownPeriod: 60\n cpuUtilization:\n target: 0.5\n foobarInstanceTemplate:\n type: gcp:compute:InstanceTemplate\n name: foobar\n properties:\n name: my-instance-template\n machineType: e2-standard-4\n disks:\n - sourceImage: debian-cloud/debian-11\n diskSizeGb: 250\n networkInterfaces:\n - network: default\n accessConfigs:\n - networkTier: PREMIUM\n serviceAccount:\n scopes:\n - https://www.googleapis.com/auth/devstorage.read_only\n - https://www.googleapis.com/auth/logging.write\n - https://www.googleapis.com/auth/monitoring.write\n - https://www.googleapis.com/auth/pubsub\n - https://www.googleapis.com/auth/service.management.readonly\n - https://www.googleapis.com/auth/servicecontrol\n - https://www.googleapis.com/auth/trace.append\n foobarTargetPool:\n type: gcp:compute:TargetPool\n name: foobar\n properties:\n name: my-target-pool\n foobarRegionInstanceGroupManager:\n type: gcp:compute:RegionInstanceGroupManager\n name: foobar\n properties:\n name: my-region-igm\n region: us-central1\n versions:\n - instanceTemplate: ${foobarInstanceTemplate.id}\n name: primary\n targetPools:\n - ${foobarTargetPool.id}\n baseInstanceName: foobar\nvariables:\n debian9:\n fn::invoke:\n Function: gcp:compute:getImage\n Arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRegionAutoscaler can be imported using any of these accepted formats:\n\n* `projects/{{project}}/regions/{{region}}/autoscalers/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, RegionAutoscaler can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/regionAutoscaler:RegionAutoscaler default projects/{{project}}/regions/{{region}}/autoscalers/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionAutoscaler:RegionAutoscaler default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionAutoscaler:RegionAutoscaler default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionAutoscaler:RegionAutoscaler default {{name}}\n```\n\n", + "description": "Represents an Autoscaler resource.\n\nAutoscalers allow you to automatically scale virtual machine instances in\nmanaged instance groups according to an autoscaling policy that you\ndefine.\n\n\nTo get more information about RegionAutoscaler, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/regionAutoscalers)\n* How-to Guides\n * [Autoscaling Groups of Instances](https://cloud.google.com/compute/docs/autoscaler/)\n\n## Example Usage\n\n### Region Autoscaler Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foobarInstanceTemplate = new gcp.compute.InstanceTemplate(\"foobar\", {\n name: \"my-instance-template\",\n machineType: \"e2-standard-4\",\n disks: [{\n sourceImage: \"debian-cloud/debian-11\",\n diskSizeGb: 250,\n }],\n networkInterfaces: [{\n network: \"default\",\n accessConfigs: [{\n networkTier: \"PREMIUM\",\n }],\n }],\n serviceAccount: {\n scopes: [\n \"https://www.googleapis.com/auth/devstorage.read_only\",\n \"https://www.googleapis.com/auth/logging.write\",\n \"https://www.googleapis.com/auth/monitoring.write\",\n \"https://www.googleapis.com/auth/pubsub\",\n \"https://www.googleapis.com/auth/service.management.readonly\",\n \"https://www.googleapis.com/auth/servicecontrol\",\n \"https://www.googleapis.com/auth/trace.append\",\n ],\n },\n});\nconst foobarTargetPool = new gcp.compute.TargetPool(\"foobar\", {name: \"my-target-pool\"});\nconst foobarRegionInstanceGroupManager = new gcp.compute.RegionInstanceGroupManager(\"foobar\", {\n name: \"my-region-igm\",\n region: \"us-central1\",\n versions: [{\n instanceTemplate: foobarInstanceTemplate.id,\n name: \"primary\",\n }],\n targetPools: [foobarTargetPool.id],\n baseInstanceName: \"foobar\",\n});\nconst foobar = new gcp.compute.RegionAutoscaler(\"foobar\", {\n name: \"my-region-autoscaler\",\n region: \"us-central1\",\n target: foobarRegionInstanceGroupManager.id,\n autoscalingPolicy: {\n maxReplicas: 5,\n minReplicas: 1,\n cooldownPeriod: 60,\n cpuUtilization: {\n target: 0.5,\n },\n },\n});\nconst debian9 = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoobar_instance_template = gcp.compute.InstanceTemplate(\"foobar\",\n name=\"my-instance-template\",\n machine_type=\"e2-standard-4\",\n disks=[{\n \"source_image\": \"debian-cloud/debian-11\",\n \"disk_size_gb\": 250,\n }],\n network_interfaces=[{\n \"network\": \"default\",\n \"access_configs\": [{\n \"network_tier\": \"PREMIUM\",\n }],\n }],\n service_account={\n \"scopes\": [\n \"https://www.googleapis.com/auth/devstorage.read_only\",\n \"https://www.googleapis.com/auth/logging.write\",\n \"https://www.googleapis.com/auth/monitoring.write\",\n \"https://www.googleapis.com/auth/pubsub\",\n \"https://www.googleapis.com/auth/service.management.readonly\",\n \"https://www.googleapis.com/auth/servicecontrol\",\n \"https://www.googleapis.com/auth/trace.append\",\n ],\n })\nfoobar_target_pool = gcp.compute.TargetPool(\"foobar\", name=\"my-target-pool\")\nfoobar_region_instance_group_manager = gcp.compute.RegionInstanceGroupManager(\"foobar\",\n name=\"my-region-igm\",\n region=\"us-central1\",\n versions=[{\n \"instance_template\": foobar_instance_template.id,\n \"name\": \"primary\",\n }],\n target_pools=[foobar_target_pool.id],\n base_instance_name=\"foobar\")\nfoobar = gcp.compute.RegionAutoscaler(\"foobar\",\n name=\"my-region-autoscaler\",\n region=\"us-central1\",\n target=foobar_region_instance_group_manager.id,\n autoscaling_policy={\n \"max_replicas\": 5,\n \"min_replicas\": 1,\n \"cooldown_period\": 60,\n \"cpu_utilization\": {\n \"target\": 0.5,\n },\n })\ndebian9 = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foobarInstanceTemplate = new Gcp.Compute.InstanceTemplate(\"foobar\", new()\n {\n Name = \"my-instance-template\",\n MachineType = \"e2-standard-4\",\n Disks = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateDiskArgs\n {\n SourceImage = \"debian-cloud/debian-11\",\n DiskSizeGb = 250,\n },\n },\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs\n {\n Network = \"default\",\n AccessConfigs = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceAccessConfigArgs\n {\n NetworkTier = \"PREMIUM\",\n },\n },\n },\n },\n ServiceAccount = new Gcp.Compute.Inputs.InstanceTemplateServiceAccountArgs\n {\n Scopes = new[]\n {\n \"https://www.googleapis.com/auth/devstorage.read_only\",\n \"https://www.googleapis.com/auth/logging.write\",\n \"https://www.googleapis.com/auth/monitoring.write\",\n \"https://www.googleapis.com/auth/pubsub\",\n \"https://www.googleapis.com/auth/service.management.readonly\",\n \"https://www.googleapis.com/auth/servicecontrol\",\n \"https://www.googleapis.com/auth/trace.append\",\n },\n },\n });\n\n var foobarTargetPool = new Gcp.Compute.TargetPool(\"foobar\", new()\n {\n Name = \"my-target-pool\",\n });\n\n var foobarRegionInstanceGroupManager = new Gcp.Compute.RegionInstanceGroupManager(\"foobar\", new()\n {\n Name = \"my-region-igm\",\n Region = \"us-central1\",\n Versions = new[]\n {\n new Gcp.Compute.Inputs.RegionInstanceGroupManagerVersionArgs\n {\n InstanceTemplate = foobarInstanceTemplate.Id,\n Name = \"primary\",\n },\n },\n TargetPools = new[]\n {\n foobarTargetPool.Id,\n },\n BaseInstanceName = \"foobar\",\n });\n\n var foobar = new Gcp.Compute.RegionAutoscaler(\"foobar\", new()\n {\n Name = \"my-region-autoscaler\",\n Region = \"us-central1\",\n Target = foobarRegionInstanceGroupManager.Id,\n AutoscalingPolicy = new Gcp.Compute.Inputs.RegionAutoscalerAutoscalingPolicyArgs\n {\n MaxReplicas = 5,\n MinReplicas = 1,\n CooldownPeriod = 60,\n CpuUtilization = new Gcp.Compute.Inputs.RegionAutoscalerAutoscalingPolicyCpuUtilizationArgs\n {\n Target = 0.5,\n },\n },\n });\n\n var debian9 = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfoobarInstanceTemplate, err := compute.NewInstanceTemplate(ctx, \"foobar\", \u0026compute.InstanceTemplateArgs{\n\t\t\tName: pulumi.String(\"my-instance-template\"),\n\t\t\tMachineType: pulumi.String(\"e2-standard-4\"),\n\t\t\tDisks: compute.InstanceTemplateDiskArray{\n\t\t\t\t\u0026compute.InstanceTemplateDiskArgs{\n\t\t\t\t\tSourceImage: pulumi.String(\"debian-cloud/debian-11\"),\n\t\t\t\t\tDiskSizeGb: pulumi.Int(250),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceTemplateNetworkInterfaceArgs{\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t\tAccessConfigs: compute.InstanceTemplateNetworkInterfaceAccessConfigArray{\n\t\t\t\t\t\t\u0026compute.InstanceTemplateNetworkInterfaceAccessConfigArgs{\n\t\t\t\t\t\t\tNetworkTier: pulumi.String(\"PREMIUM\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tServiceAccount: \u0026compute.InstanceTemplateServiceAccountArgs{\n\t\t\t\tScopes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"https://www.googleapis.com/auth/devstorage.read_only\"),\n\t\t\t\t\tpulumi.String(\"https://www.googleapis.com/auth/logging.write\"),\n\t\t\t\t\tpulumi.String(\"https://www.googleapis.com/auth/monitoring.write\"),\n\t\t\t\t\tpulumi.String(\"https://www.googleapis.com/auth/pubsub\"),\n\t\t\t\t\tpulumi.String(\"https://www.googleapis.com/auth/service.management.readonly\"),\n\t\t\t\t\tpulumi.String(\"https://www.googleapis.com/auth/servicecontrol\"),\n\t\t\t\t\tpulumi.String(\"https://www.googleapis.com/auth/trace.append\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoobarTargetPool, err := compute.NewTargetPool(ctx, \"foobar\", \u0026compute.TargetPoolArgs{\n\t\t\tName: pulumi.String(\"my-target-pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoobarRegionInstanceGroupManager, err := compute.NewRegionInstanceGroupManager(ctx, \"foobar\", \u0026compute.RegionInstanceGroupManagerArgs{\n\t\t\tName: pulumi.String(\"my-region-igm\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tVersions: compute.RegionInstanceGroupManagerVersionArray{\n\t\t\t\t\u0026compute.RegionInstanceGroupManagerVersionArgs{\n\t\t\t\t\tInstanceTemplate: foobarInstanceTemplate.ID(),\n\t\t\t\t\tName: pulumi.String(\"primary\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTargetPools: pulumi.StringArray{\n\t\t\t\tfoobarTargetPool.ID(),\n\t\t\t},\n\t\t\tBaseInstanceName: pulumi.String(\"foobar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionAutoscaler(ctx, \"foobar\", \u0026compute.RegionAutoscalerArgs{\n\t\t\tName: pulumi.String(\"my-region-autoscaler\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tTarget: foobarRegionInstanceGroupManager.ID(),\n\t\t\tAutoscalingPolicy: \u0026compute.RegionAutoscalerAutoscalingPolicyArgs{\n\t\t\t\tMaxReplicas: pulumi.Int(5),\n\t\t\t\tMinReplicas: pulumi.Int(1),\n\t\t\t\tCooldownPeriod: pulumi.Int(60),\n\t\t\t\tCpuUtilization: \u0026compute.RegionAutoscalerAutoscalingPolicyCpuUtilizationArgs{\n\t\t\t\t\tTarget: pulumi.Float64(0.5),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceTemplate;\nimport com.pulumi.gcp.compute.InstanceTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateServiceAccountArgs;\nimport com.pulumi.gcp.compute.TargetPool;\nimport com.pulumi.gcp.compute.TargetPoolArgs;\nimport com.pulumi.gcp.compute.RegionInstanceGroupManager;\nimport com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;\nimport com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;\nimport com.pulumi.gcp.compute.RegionAutoscaler;\nimport com.pulumi.gcp.compute.RegionAutoscalerArgs;\nimport com.pulumi.gcp.compute.inputs.RegionAutoscalerAutoscalingPolicyArgs;\nimport com.pulumi.gcp.compute.inputs.RegionAutoscalerAutoscalingPolicyCpuUtilizationArgs;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foobarInstanceTemplate = new InstanceTemplate(\"foobarInstanceTemplate\", InstanceTemplateArgs.builder()\n .name(\"my-instance-template\")\n .machineType(\"e2-standard-4\")\n .disks(InstanceTemplateDiskArgs.builder()\n .sourceImage(\"debian-cloud/debian-11\")\n .diskSizeGb(250)\n .build())\n .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()\n .network(\"default\")\n .accessConfigs(InstanceTemplateNetworkInterfaceAccessConfigArgs.builder()\n .networkTier(\"PREMIUM\")\n .build())\n .build())\n .serviceAccount(InstanceTemplateServiceAccountArgs.builder()\n .scopes( \n \"https://www.googleapis.com/auth/devstorage.read_only\",\n \"https://www.googleapis.com/auth/logging.write\",\n \"https://www.googleapis.com/auth/monitoring.write\",\n \"https://www.googleapis.com/auth/pubsub\",\n \"https://www.googleapis.com/auth/service.management.readonly\",\n \"https://www.googleapis.com/auth/servicecontrol\",\n \"https://www.googleapis.com/auth/trace.append\")\n .build())\n .build());\n\n var foobarTargetPool = new TargetPool(\"foobarTargetPool\", TargetPoolArgs.builder()\n .name(\"my-target-pool\")\n .build());\n\n var foobarRegionInstanceGroupManager = new RegionInstanceGroupManager(\"foobarRegionInstanceGroupManager\", RegionInstanceGroupManagerArgs.builder()\n .name(\"my-region-igm\")\n .region(\"us-central1\")\n .versions(RegionInstanceGroupManagerVersionArgs.builder()\n .instanceTemplate(foobarInstanceTemplate.id())\n .name(\"primary\")\n .build())\n .targetPools(foobarTargetPool.id())\n .baseInstanceName(\"foobar\")\n .build());\n\n var foobar = new RegionAutoscaler(\"foobar\", RegionAutoscalerArgs.builder()\n .name(\"my-region-autoscaler\")\n .region(\"us-central1\")\n .target(foobarRegionInstanceGroupManager.id())\n .autoscalingPolicy(RegionAutoscalerAutoscalingPolicyArgs.builder()\n .maxReplicas(5)\n .minReplicas(1)\n .cooldownPeriod(60)\n .cpuUtilization(RegionAutoscalerAutoscalingPolicyCpuUtilizationArgs.builder()\n .target(0.5)\n .build())\n .build())\n .build());\n\n final var debian9 = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foobar:\n type: gcp:compute:RegionAutoscaler\n properties:\n name: my-region-autoscaler\n region: us-central1\n target: ${foobarRegionInstanceGroupManager.id}\n autoscalingPolicy:\n maxReplicas: 5\n minReplicas: 1\n cooldownPeriod: 60\n cpuUtilization:\n target: 0.5\n foobarInstanceTemplate:\n type: gcp:compute:InstanceTemplate\n name: foobar\n properties:\n name: my-instance-template\n machineType: e2-standard-4\n disks:\n - sourceImage: debian-cloud/debian-11\n diskSizeGb: 250\n networkInterfaces:\n - network: default\n accessConfigs:\n - networkTier: PREMIUM\n serviceAccount:\n scopes:\n - https://www.googleapis.com/auth/devstorage.read_only\n - https://www.googleapis.com/auth/logging.write\n - https://www.googleapis.com/auth/monitoring.write\n - https://www.googleapis.com/auth/pubsub\n - https://www.googleapis.com/auth/service.management.readonly\n - https://www.googleapis.com/auth/servicecontrol\n - https://www.googleapis.com/auth/trace.append\n foobarTargetPool:\n type: gcp:compute:TargetPool\n name: foobar\n properties:\n name: my-target-pool\n foobarRegionInstanceGroupManager:\n type: gcp:compute:RegionInstanceGroupManager\n name: foobar\n properties:\n name: my-region-igm\n region: us-central1\n versions:\n - instanceTemplate: ${foobarInstanceTemplate.id}\n name: primary\n targetPools:\n - ${foobarTargetPool.id}\n baseInstanceName: foobar\nvariables:\n debian9:\n fn::invoke:\n function: gcp:compute:getImage\n arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRegionAutoscaler can be imported using any of these accepted formats:\n\n* `projects/{{project}}/regions/{{region}}/autoscalers/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, RegionAutoscaler can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/regionAutoscaler:RegionAutoscaler default projects/{{project}}/regions/{{region}}/autoscalers/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionAutoscaler:RegionAutoscaler default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionAutoscaler:RegionAutoscaler default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionAutoscaler:RegionAutoscaler default {{name}}\n```\n\n", "properties": { "autoscalingPolicy": { "$ref": "#/types/gcp:compute/RegionAutoscalerAutoscalingPolicy:RegionAutoscalerAutoscalingPolicy", @@ -173575,7 +173575,7 @@ } }, "gcp:compute/regionBackendService:RegionBackendService": { - "description": "A Region Backend Service defines a regionally-scoped group of virtual\nmachines that will serve traffic for load balancing.\n\n\nTo get more information about RegionBackendService, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/latest/regionBackendServices)\n* How-to Guides\n * [Internal TCP/UDP Load Balancing](https://cloud.google.com/compute/docs/load-balancing/internal/)\n\n\n\n## Example Usage\n\n### Region Backend Service Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultHealthCheck = new gcp.compute.HealthCheck(\"default\", {\n name: \"rbs-health-check\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst _default = new gcp.compute.RegionBackendService(\"default\", {\n name: \"region-service\",\n region: \"us-central1\",\n healthChecks: defaultHealthCheck.id,\n connectionDrainingTimeoutSec: 10,\n sessionAffinity: \"CLIENT_IP\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_health_check = gcp.compute.HealthCheck(\"default\",\n name=\"rbs-health-check\",\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\ndefault = gcp.compute.RegionBackendService(\"default\",\n name=\"region-service\",\n region=\"us-central1\",\n health_checks=default_health_check.id,\n connection_draining_timeout_sec=10,\n session_affinity=\"CLIENT_IP\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultHealthCheck = new Gcp.Compute.HealthCheck(\"default\", new()\n {\n Name = \"rbs-health-check\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var @default = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n Name = \"region-service\",\n Region = \"us-central1\",\n HealthChecks = defaultHealthCheck.Id,\n ConnectionDrainingTimeoutSec = 10,\n SessionAffinity = \"CLIENT_IP\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultHealthCheck, err := compute.NewHealthCheck(ctx, \"default\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"rbs-health-check\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"region-service\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHealthChecks: defaultHealthCheck.ID(),\n\t\t\tConnectionDrainingTimeoutSec: pulumi.Int(10),\n\t\t\tSessionAffinity: pulumi.String(\"CLIENT_IP\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultHealthCheck = new HealthCheck(\"defaultHealthCheck\", HealthCheckArgs.builder()\n .name(\"rbs-health-check\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n var default_ = new RegionBackendService(\"default\", RegionBackendServiceArgs.builder()\n .name(\"region-service\")\n .region(\"us-central1\")\n .healthChecks(defaultHealthCheck.id())\n .connectionDrainingTimeoutSec(10)\n .sessionAffinity(\"CLIENT_IP\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionBackendService\n properties:\n name: region-service\n region: us-central1\n healthChecks: ${defaultHealthCheck.id}\n connectionDrainingTimeoutSec: 10\n sessionAffinity: CLIENT_IP\n defaultHealthCheck:\n type: gcp:compute:HealthCheck\n name: default\n properties:\n name: rbs-health-check\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Backend Service External Iap\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.RegionBackendService(\"default\", {\n name: \"tf-test-region-service-external\",\n region: \"us-central1\",\n protocol: \"HTTP\",\n loadBalancingScheme: \"EXTERNAL\",\n iap: {\n enabled: true,\n oauth2ClientId: \"abc\",\n oauth2ClientSecret: \"xyz\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.RegionBackendService(\"default\",\n name=\"tf-test-region-service-external\",\n region=\"us-central1\",\n protocol=\"HTTP\",\n load_balancing_scheme=\"EXTERNAL\",\n iap={\n \"enabled\": True,\n \"oauth2_client_id\": \"abc\",\n \"oauth2_client_secret\": \"xyz\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n Name = \"tf-test-region-service-external\",\n Region = \"us-central1\",\n Protocol = \"HTTP\",\n LoadBalancingScheme = \"EXTERNAL\",\n Iap = new Gcp.Compute.Inputs.RegionBackendServiceIapArgs\n {\n Enabled = true,\n Oauth2ClientId = \"abc\",\n Oauth2ClientSecret = \"xyz\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"tf-test-region-service-external\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL\"),\n\t\t\tIap: \u0026compute.RegionBackendServiceIapArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tOauth2ClientId: pulumi.String(\"abc\"),\n\t\t\t\tOauth2ClientSecret: pulumi.String(\"xyz\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.inputs.RegionBackendServiceIapArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new RegionBackendService(\"default\", RegionBackendServiceArgs.builder()\n .name(\"tf-test-region-service-external\")\n .region(\"us-central1\")\n .protocol(\"HTTP\")\n .loadBalancingScheme(\"EXTERNAL\")\n .iap(RegionBackendServiceIapArgs.builder()\n .enabled(true)\n .oauth2ClientId(\"abc\")\n .oauth2ClientSecret(\"xyz\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionBackendService\n properties:\n name: tf-test-region-service-external\n region: us-central1\n protocol: HTTP\n loadBalancingScheme: EXTERNAL\n iap:\n enabled: true\n oauth2ClientId: abc\n oauth2ClientSecret: xyz\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Backend Service Cache\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck(\"default\", {\n name: \"rbs-health-check\",\n region: \"us-central1\",\n httpHealthCheck: {\n port: 80,\n },\n});\nconst _default = new gcp.compute.RegionBackendService(\"default\", {\n name: \"region-service\",\n region: \"us-central1\",\n healthChecks: defaultRegionHealthCheck.id,\n enableCdn: true,\n cdnPolicy: {\n cacheMode: \"CACHE_ALL_STATIC\",\n defaultTtl: 3600,\n clientTtl: 7200,\n maxTtl: 10800,\n negativeCaching: true,\n signedUrlCacheMaxAgeSec: 7200,\n },\n loadBalancingScheme: \"EXTERNAL\",\n protocol: \"HTTP\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_region_health_check = gcp.compute.RegionHealthCheck(\"default\",\n name=\"rbs-health-check\",\n region=\"us-central1\",\n http_health_check={\n \"port\": 80,\n })\ndefault = gcp.compute.RegionBackendService(\"default\",\n name=\"region-service\",\n region=\"us-central1\",\n health_checks=default_region_health_check.id,\n enable_cdn=True,\n cdn_policy={\n \"cache_mode\": \"CACHE_ALL_STATIC\",\n \"default_ttl\": 3600,\n \"client_ttl\": 7200,\n \"max_ttl\": 10800,\n \"negative_caching\": True,\n \"signed_url_cache_max_age_sec\": 7200,\n },\n load_balancing_scheme=\"EXTERNAL\",\n protocol=\"HTTP\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultRegionHealthCheck = new Gcp.Compute.RegionHealthCheck(\"default\", new()\n {\n Name = \"rbs-health-check\",\n Region = \"us-central1\",\n HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var @default = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n Name = \"region-service\",\n Region = \"us-central1\",\n HealthChecks = defaultRegionHealthCheck.Id,\n EnableCdn = true,\n CdnPolicy = new Gcp.Compute.Inputs.RegionBackendServiceCdnPolicyArgs\n {\n CacheMode = \"CACHE_ALL_STATIC\",\n DefaultTtl = 3600,\n ClientTtl = 7200,\n MaxTtl = 10800,\n NegativeCaching = true,\n SignedUrlCacheMaxAgeSec = 7200,\n },\n LoadBalancingScheme = \"EXTERNAL\",\n Protocol = \"HTTP\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultRegionHealthCheck, err := compute.NewRegionHealthCheck(ctx, \"default\", \u0026compute.RegionHealthCheckArgs{\n\t\t\tName: pulumi.String(\"rbs-health-check\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHttpHealthCheck: \u0026compute.RegionHealthCheckHttpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"region-service\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHealthChecks: defaultRegionHealthCheck.ID(),\n\t\t\tEnableCdn: pulumi.Bool(true),\n\t\t\tCdnPolicy: \u0026compute.RegionBackendServiceCdnPolicyArgs{\n\t\t\t\tCacheMode: pulumi.String(\"CACHE_ALL_STATIC\"),\n\t\t\t\tDefaultTtl: pulumi.Int(3600),\n\t\t\t\tClientTtl: pulumi.Int(7200),\n\t\t\t\tMaxTtl: pulumi.Int(10800),\n\t\t\t\tNegativeCaching: pulumi.Bool(true),\n\t\t\t\tSignedUrlCacheMaxAgeSec: pulumi.Int(7200),\n\t\t\t},\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionHealthCheck;\nimport com.pulumi.gcp.compute.RegionHealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.inputs.RegionBackendServiceCdnPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultRegionHealthCheck = new RegionHealthCheck(\"defaultRegionHealthCheck\", RegionHealthCheckArgs.builder()\n .name(\"rbs-health-check\")\n .region(\"us-central1\")\n .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()\n .port(80)\n .build())\n .build());\n\n var default_ = new RegionBackendService(\"default\", RegionBackendServiceArgs.builder()\n .name(\"region-service\")\n .region(\"us-central1\")\n .healthChecks(defaultRegionHealthCheck.id())\n .enableCdn(true)\n .cdnPolicy(RegionBackendServiceCdnPolicyArgs.builder()\n .cacheMode(\"CACHE_ALL_STATIC\")\n .defaultTtl(3600)\n .clientTtl(7200)\n .maxTtl(10800)\n .negativeCaching(true)\n .signedUrlCacheMaxAgeSec(7200)\n .build())\n .loadBalancingScheme(\"EXTERNAL\")\n .protocol(\"HTTP\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionBackendService\n properties:\n name: region-service\n region: us-central1\n healthChecks: ${defaultRegionHealthCheck.id}\n enableCdn: true\n cdnPolicy:\n cacheMode: CACHE_ALL_STATIC\n defaultTtl: 3600\n clientTtl: 7200\n maxTtl: 10800\n negativeCaching: true\n signedUrlCacheMaxAgeSec: 7200\n loadBalancingScheme: EXTERNAL\n protocol: HTTP\n defaultRegionHealthCheck:\n type: gcp:compute:RegionHealthCheck\n name: default\n properties:\n name: rbs-health-check\n region: us-central1\n httpHealthCheck:\n port: 80\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Backend Service Ilb Round Robin\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst healthCheck = new gcp.compute.HealthCheck(\"health_check\", {\n name: \"rbs-health-check\",\n httpHealthCheck: {\n port: 80,\n },\n});\nconst _default = new gcp.compute.RegionBackendService(\"default\", {\n region: \"us-central1\",\n name: \"region-service\",\n healthChecks: healthCheck.id,\n protocol: \"HTTP\",\n loadBalancingScheme: \"INTERNAL_MANAGED\",\n localityLbPolicy: \"ROUND_ROBIN\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhealth_check = gcp.compute.HealthCheck(\"health_check\",\n name=\"rbs-health-check\",\n http_health_check={\n \"port\": 80,\n })\ndefault = gcp.compute.RegionBackendService(\"default\",\n region=\"us-central1\",\n name=\"region-service\",\n health_checks=health_check.id,\n protocol=\"HTTP\",\n load_balancing_scheme=\"INTERNAL_MANAGED\",\n locality_lb_policy=\"ROUND_ROBIN\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var healthCheck = new Gcp.Compute.HealthCheck(\"health_check\", new()\n {\n Name = \"rbs-health-check\",\n HttpHealthCheck = new Gcp.Compute.Inputs.HealthCheckHttpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var @default = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"region-service\",\n HealthChecks = healthCheck.Id,\n Protocol = \"HTTP\",\n LoadBalancingScheme = \"INTERNAL_MANAGED\",\n LocalityLbPolicy = \"ROUND_ROBIN\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\thealthCheck, err := compute.NewHealthCheck(ctx, \"health_check\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"rbs-health-check\"),\n\t\t\tHttpHealthCheck: \u0026compute.HealthCheckHttpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"region-service\"),\n\t\t\tHealthChecks: healthCheck.ID(),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_MANAGED\"),\n\t\t\tLocalityLbPolicy: pulumi.String(\"ROUND_ROBIN\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckHttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var healthCheck = new HealthCheck(\"healthCheck\", HealthCheckArgs.builder()\n .name(\"rbs-health-check\")\n .httpHealthCheck(HealthCheckHttpHealthCheckArgs.builder()\n .port(80)\n .build())\n .build());\n\n var default_ = new RegionBackendService(\"default\", RegionBackendServiceArgs.builder()\n .region(\"us-central1\")\n .name(\"region-service\")\n .healthChecks(healthCheck.id())\n .protocol(\"HTTP\")\n .loadBalancingScheme(\"INTERNAL_MANAGED\")\n .localityLbPolicy(\"ROUND_ROBIN\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionBackendService\n properties:\n region: us-central1\n name: region-service\n healthChecks: ${healthCheck.id}\n protocol: HTTP\n loadBalancingScheme: INTERNAL_MANAGED\n localityLbPolicy: ROUND_ROBIN\n healthCheck:\n type: gcp:compute:HealthCheck\n name: health_check\n properties:\n name: rbs-health-check\n httpHealthCheck:\n port: 80\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Backend Service External\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst healthCheck = new gcp.compute.RegionHealthCheck(\"health_check\", {\n name: \"rbs-health-check\",\n region: \"us-central1\",\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst _default = new gcp.compute.RegionBackendService(\"default\", {\n region: \"us-central1\",\n name: \"region-service\",\n healthChecks: healthCheck.id,\n protocol: \"TCP\",\n loadBalancingScheme: \"EXTERNAL\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhealth_check = gcp.compute.RegionHealthCheck(\"health_check\",\n name=\"rbs-health-check\",\n region=\"us-central1\",\n tcp_health_check={\n \"port\": 80,\n })\ndefault = gcp.compute.RegionBackendService(\"default\",\n region=\"us-central1\",\n name=\"region-service\",\n health_checks=health_check.id,\n protocol=\"TCP\",\n load_balancing_scheme=\"EXTERNAL\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var healthCheck = new Gcp.Compute.RegionHealthCheck(\"health_check\", new()\n {\n Name = \"rbs-health-check\",\n Region = \"us-central1\",\n TcpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var @default = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"region-service\",\n HealthChecks = healthCheck.Id,\n Protocol = \"TCP\",\n LoadBalancingScheme = \"EXTERNAL\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\thealthCheck, err := compute.NewRegionHealthCheck(ctx, \"health_check\", \u0026compute.RegionHealthCheckArgs{\n\t\t\tName: pulumi.String(\"rbs-health-check\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tTcpHealthCheck: \u0026compute.RegionHealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"region-service\"),\n\t\t\tHealthChecks: healthCheck.ID(),\n\t\t\tProtocol: pulumi.String(\"TCP\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionHealthCheck;\nimport com.pulumi.gcp.compute.RegionHealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.RegionHealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var healthCheck = new RegionHealthCheck(\"healthCheck\", RegionHealthCheckArgs.builder()\n .name(\"rbs-health-check\")\n .region(\"us-central1\")\n .tcpHealthCheck(RegionHealthCheckTcpHealthCheckArgs.builder()\n .port(80)\n .build())\n .build());\n\n var default_ = new RegionBackendService(\"default\", RegionBackendServiceArgs.builder()\n .region(\"us-central1\")\n .name(\"region-service\")\n .healthChecks(healthCheck.id())\n .protocol(\"TCP\")\n .loadBalancingScheme(\"EXTERNAL\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionBackendService\n properties:\n region: us-central1\n name: region-service\n healthChecks: ${healthCheck.id}\n protocol: TCP\n loadBalancingScheme: EXTERNAL\n healthCheck:\n type: gcp:compute:RegionHealthCheck\n name: health_check\n properties:\n name: rbs-health-check\n region: us-central1\n tcpHealthCheck:\n port: 80\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Backend Service External Weighted\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst healthCheck = new gcp.compute.RegionHealthCheck(\"health_check\", {\n name: \"rbs-health-check\",\n region: \"us-central1\",\n httpHealthCheck: {\n port: 80,\n },\n});\nconst _default = new gcp.compute.RegionBackendService(\"default\", {\n region: \"us-central1\",\n name: \"region-service\",\n healthChecks: healthCheck.id,\n protocol: \"TCP\",\n loadBalancingScheme: \"EXTERNAL\",\n localityLbPolicy: \"WEIGHTED_MAGLEV\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhealth_check = gcp.compute.RegionHealthCheck(\"health_check\",\n name=\"rbs-health-check\",\n region=\"us-central1\",\n http_health_check={\n \"port\": 80,\n })\ndefault = gcp.compute.RegionBackendService(\"default\",\n region=\"us-central1\",\n name=\"region-service\",\n health_checks=health_check.id,\n protocol=\"TCP\",\n load_balancing_scheme=\"EXTERNAL\",\n locality_lb_policy=\"WEIGHTED_MAGLEV\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var healthCheck = new Gcp.Compute.RegionHealthCheck(\"health_check\", new()\n {\n Name = \"rbs-health-check\",\n Region = \"us-central1\",\n HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var @default = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"region-service\",\n HealthChecks = healthCheck.Id,\n Protocol = \"TCP\",\n LoadBalancingScheme = \"EXTERNAL\",\n LocalityLbPolicy = \"WEIGHTED_MAGLEV\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\thealthCheck, err := compute.NewRegionHealthCheck(ctx, \"health_check\", \u0026compute.RegionHealthCheckArgs{\n\t\t\tName: pulumi.String(\"rbs-health-check\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHttpHealthCheck: \u0026compute.RegionHealthCheckHttpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"region-service\"),\n\t\t\tHealthChecks: healthCheck.ID(),\n\t\t\tProtocol: pulumi.String(\"TCP\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL\"),\n\t\t\tLocalityLbPolicy: pulumi.String(\"WEIGHTED_MAGLEV\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionHealthCheck;\nimport com.pulumi.gcp.compute.RegionHealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var healthCheck = new RegionHealthCheck(\"healthCheck\", RegionHealthCheckArgs.builder()\n .name(\"rbs-health-check\")\n .region(\"us-central1\")\n .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()\n .port(80)\n .build())\n .build());\n\n var default_ = new RegionBackendService(\"default\", RegionBackendServiceArgs.builder()\n .region(\"us-central1\")\n .name(\"region-service\")\n .healthChecks(healthCheck.id())\n .protocol(\"TCP\")\n .loadBalancingScheme(\"EXTERNAL\")\n .localityLbPolicy(\"WEIGHTED_MAGLEV\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionBackendService\n properties:\n region: us-central1\n name: region-service\n healthChecks: ${healthCheck.id}\n protocol: TCP\n loadBalancingScheme: EXTERNAL\n localityLbPolicy: WEIGHTED_MAGLEV\n healthCheck:\n type: gcp:compute:RegionHealthCheck\n name: health_check\n properties:\n name: rbs-health-check\n region: us-central1\n httpHealthCheck:\n port: 80\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Backend Service Ilb Ring Hash\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst healthCheck = new gcp.compute.HealthCheck(\"health_check\", {\n name: \"rbs-health-check\",\n httpHealthCheck: {\n port: 80,\n },\n});\nconst _default = new gcp.compute.RegionBackendService(\"default\", {\n region: \"us-central1\",\n name: \"region-service\",\n healthChecks: healthCheck.id,\n loadBalancingScheme: \"INTERNAL_MANAGED\",\n localityLbPolicy: \"RING_HASH\",\n sessionAffinity: \"HTTP_COOKIE\",\n protocol: \"HTTP\",\n circuitBreakers: {\n maxConnections: 10,\n },\n consistentHash: {\n httpCookie: {\n ttl: {\n seconds: 11,\n nanos: 1111,\n },\n name: \"mycookie\",\n },\n },\n outlierDetection: {\n consecutiveErrors: 2,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhealth_check = gcp.compute.HealthCheck(\"health_check\",\n name=\"rbs-health-check\",\n http_health_check={\n \"port\": 80,\n })\ndefault = gcp.compute.RegionBackendService(\"default\",\n region=\"us-central1\",\n name=\"region-service\",\n health_checks=health_check.id,\n load_balancing_scheme=\"INTERNAL_MANAGED\",\n locality_lb_policy=\"RING_HASH\",\n session_affinity=\"HTTP_COOKIE\",\n protocol=\"HTTP\",\n circuit_breakers={\n \"max_connections\": 10,\n },\n consistent_hash={\n \"http_cookie\": {\n \"ttl\": {\n \"seconds\": 11,\n \"nanos\": 1111,\n },\n \"name\": \"mycookie\",\n },\n },\n outlier_detection={\n \"consecutive_errors\": 2,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var healthCheck = new Gcp.Compute.HealthCheck(\"health_check\", new()\n {\n Name = \"rbs-health-check\",\n HttpHealthCheck = new Gcp.Compute.Inputs.HealthCheckHttpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var @default = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"region-service\",\n HealthChecks = healthCheck.Id,\n LoadBalancingScheme = \"INTERNAL_MANAGED\",\n LocalityLbPolicy = \"RING_HASH\",\n SessionAffinity = \"HTTP_COOKIE\",\n Protocol = \"HTTP\",\n CircuitBreakers = new Gcp.Compute.Inputs.RegionBackendServiceCircuitBreakersArgs\n {\n MaxConnections = 10,\n },\n ConsistentHash = new Gcp.Compute.Inputs.RegionBackendServiceConsistentHashArgs\n {\n HttpCookie = new Gcp.Compute.Inputs.RegionBackendServiceConsistentHashHttpCookieArgs\n {\n Ttl = new Gcp.Compute.Inputs.RegionBackendServiceConsistentHashHttpCookieTtlArgs\n {\n Seconds = 11,\n Nanos = 1111,\n },\n Name = \"mycookie\",\n },\n },\n OutlierDetection = new Gcp.Compute.Inputs.RegionBackendServiceOutlierDetectionArgs\n {\n ConsecutiveErrors = 2,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\thealthCheck, err := compute.NewHealthCheck(ctx, \"health_check\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"rbs-health-check\"),\n\t\t\tHttpHealthCheck: \u0026compute.HealthCheckHttpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"region-service\"),\n\t\t\tHealthChecks: healthCheck.ID(),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_MANAGED\"),\n\t\t\tLocalityLbPolicy: pulumi.String(\"RING_HASH\"),\n\t\t\tSessionAffinity: pulumi.String(\"HTTP_COOKIE\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tCircuitBreakers: \u0026compute.RegionBackendServiceCircuitBreakersArgs{\n\t\t\t\tMaxConnections: pulumi.Int(10),\n\t\t\t},\n\t\t\tConsistentHash: \u0026compute.RegionBackendServiceConsistentHashArgs{\n\t\t\t\tHttpCookie: \u0026compute.RegionBackendServiceConsistentHashHttpCookieArgs{\n\t\t\t\t\tTtl: \u0026compute.RegionBackendServiceConsistentHashHttpCookieTtlArgs{\n\t\t\t\t\t\tSeconds: pulumi.Int(11),\n\t\t\t\t\t\tNanos: pulumi.Int(1111),\n\t\t\t\t\t},\n\t\t\t\t\tName: pulumi.String(\"mycookie\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tOutlierDetection: \u0026compute.RegionBackendServiceOutlierDetectionArgs{\n\t\t\t\tConsecutiveErrors: pulumi.Int(2),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckHttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.inputs.RegionBackendServiceCircuitBreakersArgs;\nimport com.pulumi.gcp.compute.inputs.RegionBackendServiceConsistentHashArgs;\nimport com.pulumi.gcp.compute.inputs.RegionBackendServiceConsistentHashHttpCookieArgs;\nimport com.pulumi.gcp.compute.inputs.RegionBackendServiceConsistentHashHttpCookieTtlArgs;\nimport com.pulumi.gcp.compute.inputs.RegionBackendServiceOutlierDetectionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var healthCheck = new HealthCheck(\"healthCheck\", HealthCheckArgs.builder()\n .name(\"rbs-health-check\")\n .httpHealthCheck(HealthCheckHttpHealthCheckArgs.builder()\n .port(80)\n .build())\n .build());\n\n var default_ = new RegionBackendService(\"default\", RegionBackendServiceArgs.builder()\n .region(\"us-central1\")\n .name(\"region-service\")\n .healthChecks(healthCheck.id())\n .loadBalancingScheme(\"INTERNAL_MANAGED\")\n .localityLbPolicy(\"RING_HASH\")\n .sessionAffinity(\"HTTP_COOKIE\")\n .protocol(\"HTTP\")\n .circuitBreakers(RegionBackendServiceCircuitBreakersArgs.builder()\n .maxConnections(10)\n .build())\n .consistentHash(RegionBackendServiceConsistentHashArgs.builder()\n .httpCookie(RegionBackendServiceConsistentHashHttpCookieArgs.builder()\n .ttl(RegionBackendServiceConsistentHashHttpCookieTtlArgs.builder()\n .seconds(11)\n .nanos(1111)\n .build())\n .name(\"mycookie\")\n .build())\n .build())\n .outlierDetection(RegionBackendServiceOutlierDetectionArgs.builder()\n .consecutiveErrors(2)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionBackendService\n properties:\n region: us-central1\n name: region-service\n healthChecks: ${healthCheck.id}\n loadBalancingScheme: INTERNAL_MANAGED\n localityLbPolicy: RING_HASH\n sessionAffinity: HTTP_COOKIE\n protocol: HTTP\n circuitBreakers:\n maxConnections: 10\n consistentHash:\n httpCookie:\n ttl:\n seconds: 11\n nanos: 1111\n name: mycookie\n outlierDetection:\n consecutiveErrors: 2\n healthCheck:\n type: gcp:compute:HealthCheck\n name: health_check\n properties:\n name: rbs-health-check\n httpHealthCheck:\n port: 80\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Backend Service Ilb Stateful Session Affinity\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst healthCheck = new gcp.compute.HealthCheck(\"health_check\", {\n name: \"rbs-health-check\",\n httpHealthCheck: {\n port: 80,\n },\n});\nconst _default = new gcp.compute.RegionBackendService(\"default\", {\n region: \"us-central1\",\n name: \"region-service\",\n healthChecks: healthCheck.id,\n loadBalancingScheme: \"INTERNAL_MANAGED\",\n localityLbPolicy: \"RING_HASH\",\n sessionAffinity: \"STRONG_COOKIE_AFFINITY\",\n protocol: \"HTTP\",\n strongSessionAffinityCookie: {\n ttl: {\n seconds: 11,\n nanos: 1111,\n },\n name: \"mycookie\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhealth_check = gcp.compute.HealthCheck(\"health_check\",\n name=\"rbs-health-check\",\n http_health_check={\n \"port\": 80,\n })\ndefault = gcp.compute.RegionBackendService(\"default\",\n region=\"us-central1\",\n name=\"region-service\",\n health_checks=health_check.id,\n load_balancing_scheme=\"INTERNAL_MANAGED\",\n locality_lb_policy=\"RING_HASH\",\n session_affinity=\"STRONG_COOKIE_AFFINITY\",\n protocol=\"HTTP\",\n strong_session_affinity_cookie={\n \"ttl\": {\n \"seconds\": 11,\n \"nanos\": 1111,\n },\n \"name\": \"mycookie\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var healthCheck = new Gcp.Compute.HealthCheck(\"health_check\", new()\n {\n Name = \"rbs-health-check\",\n HttpHealthCheck = new Gcp.Compute.Inputs.HealthCheckHttpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var @default = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"region-service\",\n HealthChecks = healthCheck.Id,\n LoadBalancingScheme = \"INTERNAL_MANAGED\",\n LocalityLbPolicy = \"RING_HASH\",\n SessionAffinity = \"STRONG_COOKIE_AFFINITY\",\n Protocol = \"HTTP\",\n StrongSessionAffinityCookie = new Gcp.Compute.Inputs.RegionBackendServiceStrongSessionAffinityCookieArgs\n {\n Ttl = new Gcp.Compute.Inputs.RegionBackendServiceStrongSessionAffinityCookieTtlArgs\n {\n Seconds = 11,\n Nanos = 1111,\n },\n Name = \"mycookie\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\thealthCheck, err := compute.NewHealthCheck(ctx, \"health_check\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"rbs-health-check\"),\n\t\t\tHttpHealthCheck: \u0026compute.HealthCheckHttpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"region-service\"),\n\t\t\tHealthChecks: healthCheck.ID(),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_MANAGED\"),\n\t\t\tLocalityLbPolicy: pulumi.String(\"RING_HASH\"),\n\t\t\tSessionAffinity: pulumi.String(\"STRONG_COOKIE_AFFINITY\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tStrongSessionAffinityCookie: \u0026compute.RegionBackendServiceStrongSessionAffinityCookieArgs{\n\t\t\t\tTtl: \u0026compute.RegionBackendServiceStrongSessionAffinityCookieTtlArgs{\n\t\t\t\t\tSeconds: pulumi.Int(11),\n\t\t\t\t\tNanos: pulumi.Int(1111),\n\t\t\t\t},\n\t\t\t\tName: pulumi.String(\"mycookie\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckHttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.inputs.RegionBackendServiceStrongSessionAffinityCookieArgs;\nimport com.pulumi.gcp.compute.inputs.RegionBackendServiceStrongSessionAffinityCookieTtlArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var healthCheck = new HealthCheck(\"healthCheck\", HealthCheckArgs.builder()\n .name(\"rbs-health-check\")\n .httpHealthCheck(HealthCheckHttpHealthCheckArgs.builder()\n .port(80)\n .build())\n .build());\n\n var default_ = new RegionBackendService(\"default\", RegionBackendServiceArgs.builder()\n .region(\"us-central1\")\n .name(\"region-service\")\n .healthChecks(healthCheck.id())\n .loadBalancingScheme(\"INTERNAL_MANAGED\")\n .localityLbPolicy(\"RING_HASH\")\n .sessionAffinity(\"STRONG_COOKIE_AFFINITY\")\n .protocol(\"HTTP\")\n .strongSessionAffinityCookie(RegionBackendServiceStrongSessionAffinityCookieArgs.builder()\n .ttl(RegionBackendServiceStrongSessionAffinityCookieTtlArgs.builder()\n .seconds(11)\n .nanos(1111)\n .build())\n .name(\"mycookie\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionBackendService\n properties:\n region: us-central1\n name: region-service\n healthChecks: ${healthCheck.id}\n loadBalancingScheme: INTERNAL_MANAGED\n localityLbPolicy: RING_HASH\n sessionAffinity: STRONG_COOKIE_AFFINITY\n protocol: HTTP\n strongSessionAffinityCookie:\n ttl:\n seconds: 11\n nanos: 1111\n name: mycookie\n healthCheck:\n type: gcp:compute:HealthCheck\n name: health_check\n properties:\n name: rbs-health-check\n httpHealthCheck:\n port: 80\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Backend Service Balancing Mode\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst debianImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst defaultNetwork = new gcp.compute.Network(\"default\", {\n name: \"rbs-net\",\n autoCreateSubnetworks: false,\n routingMode: \"REGIONAL\",\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"rbs-net-default\",\n ipCidrRange: \"10.1.2.0/24\",\n region: \"us-central1\",\n network: defaultNetwork.id,\n});\nconst instanceTemplate = new gcp.compute.InstanceTemplate(\"instance_template\", {\n name: \"template-region-service\",\n machineType: \"e2-medium\",\n networkInterfaces: [{\n network: defaultNetwork.id,\n subnetwork: defaultSubnetwork.id,\n }],\n disks: [{\n sourceImage: debianImage.then(debianImage =\u003e debianImage.selfLink),\n autoDelete: true,\n boot: true,\n }],\n tags: [\n \"allow-ssh\",\n \"load-balanced-backend\",\n ],\n});\nconst rigm = new gcp.compute.RegionInstanceGroupManager(\"rigm\", {\n region: \"us-central1\",\n name: \"rbs-rigm\",\n versions: [{\n instanceTemplate: instanceTemplate.id,\n name: \"primary\",\n }],\n baseInstanceName: \"internal-glb\",\n targetSize: 1,\n});\nconst defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck(\"default\", {\n region: \"us-central1\",\n name: \"rbs-health-check\",\n httpHealthCheck: {\n portSpecification: \"USE_SERVING_PORT\",\n },\n});\nconst _default = new gcp.compute.RegionBackendService(\"default\", {\n loadBalancingScheme: \"INTERNAL_MANAGED\",\n backends: [{\n group: rigm.instanceGroup,\n balancingMode: \"UTILIZATION\",\n capacityScaler: 1,\n }],\n region: \"us-central1\",\n name: \"region-service\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n healthChecks: defaultRegionHealthCheck.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndebian_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\ndefault_network = gcp.compute.Network(\"default\",\n name=\"rbs-net\",\n auto_create_subnetworks=False,\n routing_mode=\"REGIONAL\")\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"rbs-net-default\",\n ip_cidr_range=\"10.1.2.0/24\",\n region=\"us-central1\",\n network=default_network.id)\ninstance_template = gcp.compute.InstanceTemplate(\"instance_template\",\n name=\"template-region-service\",\n machine_type=\"e2-medium\",\n network_interfaces=[{\n \"network\": default_network.id,\n \"subnetwork\": default_subnetwork.id,\n }],\n disks=[{\n \"source_image\": debian_image.self_link,\n \"auto_delete\": True,\n \"boot\": True,\n }],\n tags=[\n \"allow-ssh\",\n \"load-balanced-backend\",\n ])\nrigm = gcp.compute.RegionInstanceGroupManager(\"rigm\",\n region=\"us-central1\",\n name=\"rbs-rigm\",\n versions=[{\n \"instance_template\": instance_template.id,\n \"name\": \"primary\",\n }],\n base_instance_name=\"internal-glb\",\n target_size=1)\ndefault_region_health_check = gcp.compute.RegionHealthCheck(\"default\",\n region=\"us-central1\",\n name=\"rbs-health-check\",\n http_health_check={\n \"port_specification\": \"USE_SERVING_PORT\",\n })\ndefault = gcp.compute.RegionBackendService(\"default\",\n load_balancing_scheme=\"INTERNAL_MANAGED\",\n backends=[{\n \"group\": rigm.instance_group,\n \"balancing_mode\": \"UTILIZATION\",\n \"capacity_scaler\": 1,\n }],\n region=\"us-central1\",\n name=\"region-service\",\n protocol=\"HTTP\",\n timeout_sec=10,\n health_checks=default_region_health_check.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var debianImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"rbs-net\",\n AutoCreateSubnetworks = false,\n RoutingMode = \"REGIONAL\",\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"rbs-net-default\",\n IpCidrRange = \"10.1.2.0/24\",\n Region = \"us-central1\",\n Network = defaultNetwork.Id,\n });\n\n var instanceTemplate = new Gcp.Compute.InstanceTemplate(\"instance_template\", new()\n {\n Name = \"template-region-service\",\n MachineType = \"e2-medium\",\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs\n {\n Network = defaultNetwork.Id,\n Subnetwork = defaultSubnetwork.Id,\n },\n },\n Disks = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateDiskArgs\n {\n SourceImage = debianImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n AutoDelete = true,\n Boot = true,\n },\n },\n Tags = new[]\n {\n \"allow-ssh\",\n \"load-balanced-backend\",\n },\n });\n\n var rigm = new Gcp.Compute.RegionInstanceGroupManager(\"rigm\", new()\n {\n Region = \"us-central1\",\n Name = \"rbs-rigm\",\n Versions = new[]\n {\n new Gcp.Compute.Inputs.RegionInstanceGroupManagerVersionArgs\n {\n InstanceTemplate = instanceTemplate.Id,\n Name = \"primary\",\n },\n },\n BaseInstanceName = \"internal-glb\",\n TargetSize = 1,\n });\n\n var defaultRegionHealthCheck = new Gcp.Compute.RegionHealthCheck(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"rbs-health-check\",\n HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs\n {\n PortSpecification = \"USE_SERVING_PORT\",\n },\n });\n\n var @default = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n LoadBalancingScheme = \"INTERNAL_MANAGED\",\n Backends = new[]\n {\n new Gcp.Compute.Inputs.RegionBackendServiceBackendArgs\n {\n Group = rigm.InstanceGroup,\n BalancingMode = \"UTILIZATION\",\n CapacityScaler = 1,\n },\n },\n Region = \"us-central1\",\n Name = \"region-service\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n HealthChecks = defaultRegionHealthCheck.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdebianImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"rbs-net\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t\tRoutingMode: pulumi.String(\"REGIONAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"rbs-net-default\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.1.2.0/24\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstanceTemplate, err := compute.NewInstanceTemplate(ctx, \"instance_template\", \u0026compute.InstanceTemplateArgs{\n\t\t\tName: pulumi.String(\"template-region-service\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tNetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceTemplateNetworkInterfaceArgs{\n\t\t\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDisks: compute.InstanceTemplateDiskArray{\n\t\t\t\t\u0026compute.InstanceTemplateDiskArgs{\n\t\t\t\t\tSourceImage: pulumi.String(debianImage.SelfLink),\n\t\t\t\t\tAutoDelete: pulumi.Bool(true),\n\t\t\t\t\tBoot: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"allow-ssh\"),\n\t\t\t\tpulumi.String(\"load-balanced-backend\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trigm, err := compute.NewRegionInstanceGroupManager(ctx, \"rigm\", \u0026compute.RegionInstanceGroupManagerArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"rbs-rigm\"),\n\t\t\tVersions: compute.RegionInstanceGroupManagerVersionArray{\n\t\t\t\t\u0026compute.RegionInstanceGroupManagerVersionArgs{\n\t\t\t\t\tInstanceTemplate: instanceTemplate.ID(),\n\t\t\t\t\tName: pulumi.String(\"primary\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tBaseInstanceName: pulumi.String(\"internal-glb\"),\n\t\t\tTargetSize: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionHealthCheck, err := compute.NewRegionHealthCheck(ctx, \"default\", \u0026compute.RegionHealthCheckArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"rbs-health-check\"),\n\t\t\tHttpHealthCheck: \u0026compute.RegionHealthCheckHttpHealthCheckArgs{\n\t\t\t\tPortSpecification: pulumi.String(\"USE_SERVING_PORT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_MANAGED\"),\n\t\t\tBackends: compute.RegionBackendServiceBackendArray{\n\t\t\t\t\u0026compute.RegionBackendServiceBackendArgs{\n\t\t\t\t\tGroup: rigm.InstanceGroup,\n\t\t\t\t\tBalancingMode: pulumi.String(\"UTILIZATION\"),\n\t\t\t\t\tCapacityScaler: pulumi.Float64(1),\n\t\t\t\t},\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"region-service\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tHealthChecks: defaultRegionHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.InstanceTemplate;\nimport com.pulumi.gcp.compute.InstanceTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;\nimport com.pulumi.gcp.compute.RegionInstanceGroupManager;\nimport com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;\nimport com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;\nimport com.pulumi.gcp.compute.RegionHealthCheck;\nimport com.pulumi.gcp.compute.RegionHealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var debianImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"rbs-net\")\n .autoCreateSubnetworks(false)\n .routingMode(\"REGIONAL\")\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"rbs-net-default\")\n .ipCidrRange(\"10.1.2.0/24\")\n .region(\"us-central1\")\n .network(defaultNetwork.id())\n .build());\n\n var instanceTemplate = new InstanceTemplate(\"instanceTemplate\", InstanceTemplateArgs.builder()\n .name(\"template-region-service\")\n .machineType(\"e2-medium\")\n .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()\n .network(defaultNetwork.id())\n .subnetwork(defaultSubnetwork.id())\n .build())\n .disks(InstanceTemplateDiskArgs.builder()\n .sourceImage(debianImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .autoDelete(true)\n .boot(true)\n .build())\n .tags( \n \"allow-ssh\",\n \"load-balanced-backend\")\n .build());\n\n var rigm = new RegionInstanceGroupManager(\"rigm\", RegionInstanceGroupManagerArgs.builder()\n .region(\"us-central1\")\n .name(\"rbs-rigm\")\n .versions(RegionInstanceGroupManagerVersionArgs.builder()\n .instanceTemplate(instanceTemplate.id())\n .name(\"primary\")\n .build())\n .baseInstanceName(\"internal-glb\")\n .targetSize(1)\n .build());\n\n var defaultRegionHealthCheck = new RegionHealthCheck(\"defaultRegionHealthCheck\", RegionHealthCheckArgs.builder()\n .region(\"us-central1\")\n .name(\"rbs-health-check\")\n .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()\n .portSpecification(\"USE_SERVING_PORT\")\n .build())\n .build());\n\n var default_ = new RegionBackendService(\"default\", RegionBackendServiceArgs.builder()\n .loadBalancingScheme(\"INTERNAL_MANAGED\")\n .backends(RegionBackendServiceBackendArgs.builder()\n .group(rigm.instanceGroup())\n .balancingMode(\"UTILIZATION\")\n .capacityScaler(1)\n .build())\n .region(\"us-central1\")\n .name(\"region-service\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .healthChecks(defaultRegionHealthCheck.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionBackendService\n properties:\n loadBalancingScheme: INTERNAL_MANAGED\n backends:\n - group: ${rigm.instanceGroup}\n balancingMode: UTILIZATION\n capacityScaler: 1\n region: us-central1\n name: region-service\n protocol: HTTP\n timeoutSec: 10\n healthChecks: ${defaultRegionHealthCheck.id}\n rigm:\n type: gcp:compute:RegionInstanceGroupManager\n properties:\n region: us-central1\n name: rbs-rigm\n versions:\n - instanceTemplate: ${instanceTemplate.id}\n name: primary\n baseInstanceName: internal-glb\n targetSize: 1\n instanceTemplate:\n type: gcp:compute:InstanceTemplate\n name: instance_template\n properties:\n name: template-region-service\n machineType: e2-medium\n networkInterfaces:\n - network: ${defaultNetwork.id}\n subnetwork: ${defaultSubnetwork.id}\n disks:\n - sourceImage: ${debianImage.selfLink}\n autoDelete: true\n boot: true\n tags:\n - allow-ssh\n - load-balanced-backend\n defaultRegionHealthCheck:\n type: gcp:compute:RegionHealthCheck\n name: default\n properties:\n region: us-central1\n name: rbs-health-check\n httpHealthCheck:\n portSpecification: USE_SERVING_PORT\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: rbs-net\n autoCreateSubnetworks: false\n routingMode: REGIONAL\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: rbs-net-default\n ipCidrRange: 10.1.2.0/24\n region: us-central1\n network: ${defaultNetwork.id}\nvariables:\n debianImage:\n fn::invoke:\n Function: gcp:compute:getImage\n Arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Backend Service Connection Tracking\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst healthCheck = new gcp.compute.RegionHealthCheck(\"health_check\", {\n name: \"rbs-health-check\",\n region: \"us-central1\",\n tcpHealthCheck: {\n port: 22,\n },\n});\nconst _default = new gcp.compute.RegionBackendService(\"default\", {\n name: \"region-service\",\n region: \"us-central1\",\n healthChecks: healthCheck.id,\n connectionDrainingTimeoutSec: 10,\n sessionAffinity: \"CLIENT_IP\",\n protocol: \"TCP\",\n loadBalancingScheme: \"EXTERNAL\",\n connectionTrackingPolicy: {\n trackingMode: \"PER_SESSION\",\n connectionPersistenceOnUnhealthyBackends: \"NEVER_PERSIST\",\n idleTimeoutSec: 60,\n enableStrongAffinity: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhealth_check = gcp.compute.RegionHealthCheck(\"health_check\",\n name=\"rbs-health-check\",\n region=\"us-central1\",\n tcp_health_check={\n \"port\": 22,\n })\ndefault = gcp.compute.RegionBackendService(\"default\",\n name=\"region-service\",\n region=\"us-central1\",\n health_checks=health_check.id,\n connection_draining_timeout_sec=10,\n session_affinity=\"CLIENT_IP\",\n protocol=\"TCP\",\n load_balancing_scheme=\"EXTERNAL\",\n connection_tracking_policy={\n \"tracking_mode\": \"PER_SESSION\",\n \"connection_persistence_on_unhealthy_backends\": \"NEVER_PERSIST\",\n \"idle_timeout_sec\": 60,\n \"enable_strong_affinity\": True,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var healthCheck = new Gcp.Compute.RegionHealthCheck(\"health_check\", new()\n {\n Name = \"rbs-health-check\",\n Region = \"us-central1\",\n TcpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckTcpHealthCheckArgs\n {\n Port = 22,\n },\n });\n\n var @default = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n Name = \"region-service\",\n Region = \"us-central1\",\n HealthChecks = healthCheck.Id,\n ConnectionDrainingTimeoutSec = 10,\n SessionAffinity = \"CLIENT_IP\",\n Protocol = \"TCP\",\n LoadBalancingScheme = \"EXTERNAL\",\n ConnectionTrackingPolicy = new Gcp.Compute.Inputs.RegionBackendServiceConnectionTrackingPolicyArgs\n {\n TrackingMode = \"PER_SESSION\",\n ConnectionPersistenceOnUnhealthyBackends = \"NEVER_PERSIST\",\n IdleTimeoutSec = 60,\n EnableStrongAffinity = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\thealthCheck, err := compute.NewRegionHealthCheck(ctx, \"health_check\", \u0026compute.RegionHealthCheckArgs{\n\t\t\tName: pulumi.String(\"rbs-health-check\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tTcpHealthCheck: \u0026compute.RegionHealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(22),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"region-service\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHealthChecks: healthCheck.ID(),\n\t\t\tConnectionDrainingTimeoutSec: pulumi.Int(10),\n\t\t\tSessionAffinity: pulumi.String(\"CLIENT_IP\"),\n\t\t\tProtocol: pulumi.String(\"TCP\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL\"),\n\t\t\tConnectionTrackingPolicy: \u0026compute.RegionBackendServiceConnectionTrackingPolicyArgs{\n\t\t\t\tTrackingMode: pulumi.String(\"PER_SESSION\"),\n\t\t\t\tConnectionPersistenceOnUnhealthyBackends: pulumi.String(\"NEVER_PERSIST\"),\n\t\t\t\tIdleTimeoutSec: pulumi.Int(60),\n\t\t\t\tEnableStrongAffinity: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionHealthCheck;\nimport com.pulumi.gcp.compute.RegionHealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.RegionHealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.inputs.RegionBackendServiceConnectionTrackingPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var healthCheck = new RegionHealthCheck(\"healthCheck\", RegionHealthCheckArgs.builder()\n .name(\"rbs-health-check\")\n .region(\"us-central1\")\n .tcpHealthCheck(RegionHealthCheckTcpHealthCheckArgs.builder()\n .port(22)\n .build())\n .build());\n\n var default_ = new RegionBackendService(\"default\", RegionBackendServiceArgs.builder()\n .name(\"region-service\")\n .region(\"us-central1\")\n .healthChecks(healthCheck.id())\n .connectionDrainingTimeoutSec(10)\n .sessionAffinity(\"CLIENT_IP\")\n .protocol(\"TCP\")\n .loadBalancingScheme(\"EXTERNAL\")\n .connectionTrackingPolicy(RegionBackendServiceConnectionTrackingPolicyArgs.builder()\n .trackingMode(\"PER_SESSION\")\n .connectionPersistenceOnUnhealthyBackends(\"NEVER_PERSIST\")\n .idleTimeoutSec(60)\n .enableStrongAffinity(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionBackendService\n properties:\n name: region-service\n region: us-central1\n healthChecks: ${healthCheck.id}\n connectionDrainingTimeoutSec: 10\n sessionAffinity: CLIENT_IP\n protocol: TCP\n loadBalancingScheme: EXTERNAL\n connectionTrackingPolicy:\n trackingMode: PER_SESSION\n connectionPersistenceOnUnhealthyBackends: NEVER_PERSIST\n idleTimeoutSec: 60\n enableStrongAffinity: true\n healthCheck:\n type: gcp:compute:RegionHealthCheck\n name: health_check\n properties:\n name: rbs-health-check\n region: us-central1\n tcpHealthCheck:\n port: 22\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Backend Service Ip Address Selection Policy\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst healthCheck = new gcp.compute.RegionHealthCheck(\"health_check\", {\n name: \"rbs-health-check\",\n region: \"us-central1\",\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst _default = new gcp.compute.RegionBackendService(\"default\", {\n name: \"region-service\",\n region: \"us-central1\",\n healthChecks: healthCheck.id,\n loadBalancingScheme: \"EXTERNAL_MANAGED\",\n protocol: \"HTTP\",\n ipAddressSelectionPolicy: \"IPV6_ONLY\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhealth_check = gcp.compute.RegionHealthCheck(\"health_check\",\n name=\"rbs-health-check\",\n region=\"us-central1\",\n tcp_health_check={\n \"port\": 80,\n })\ndefault = gcp.compute.RegionBackendService(\"default\",\n name=\"region-service\",\n region=\"us-central1\",\n health_checks=health_check.id,\n load_balancing_scheme=\"EXTERNAL_MANAGED\",\n protocol=\"HTTP\",\n ip_address_selection_policy=\"IPV6_ONLY\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var healthCheck = new Gcp.Compute.RegionHealthCheck(\"health_check\", new()\n {\n Name = \"rbs-health-check\",\n Region = \"us-central1\",\n TcpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var @default = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n Name = \"region-service\",\n Region = \"us-central1\",\n HealthChecks = healthCheck.Id,\n LoadBalancingScheme = \"EXTERNAL_MANAGED\",\n Protocol = \"HTTP\",\n IpAddressSelectionPolicy = \"IPV6_ONLY\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\thealthCheck, err := compute.NewRegionHealthCheck(ctx, \"health_check\", \u0026compute.RegionHealthCheckArgs{\n\t\t\tName: pulumi.String(\"rbs-health-check\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tTcpHealthCheck: \u0026compute.RegionHealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"region-service\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHealthChecks: healthCheck.ID(),\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL_MANAGED\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tIpAddressSelectionPolicy: pulumi.String(\"IPV6_ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionHealthCheck;\nimport com.pulumi.gcp.compute.RegionHealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.RegionHealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var healthCheck = new RegionHealthCheck(\"healthCheck\", RegionHealthCheckArgs.builder()\n .name(\"rbs-health-check\")\n .region(\"us-central1\")\n .tcpHealthCheck(RegionHealthCheckTcpHealthCheckArgs.builder()\n .port(80)\n .build())\n .build());\n\n var default_ = new RegionBackendService(\"default\", RegionBackendServiceArgs.builder()\n .name(\"region-service\")\n .region(\"us-central1\")\n .healthChecks(healthCheck.id())\n .loadBalancingScheme(\"EXTERNAL_MANAGED\")\n .protocol(\"HTTP\")\n .ipAddressSelectionPolicy(\"IPV6_ONLY\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionBackendService\n properties:\n name: region-service\n region: us-central1\n healthChecks: ${healthCheck.id}\n loadBalancingScheme: EXTERNAL_MANAGED\n protocol: HTTP\n ipAddressSelectionPolicy: IPV6_ONLY\n healthCheck:\n type: gcp:compute:RegionHealthCheck\n name: health_check\n properties:\n name: rbs-health-check\n region: us-central1\n tcpHealthCheck:\n port: 80\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRegionBackendService can be imported using any of these accepted formats:\n\n* `projects/{{project}}/regions/{{region}}/backendServices/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, RegionBackendService can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/regionBackendService:RegionBackendService default projects/{{project}}/regions/{{region}}/backendServices/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionBackendService:RegionBackendService default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionBackendService:RegionBackendService default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionBackendService:RegionBackendService default {{name}}\n```\n\n", + "description": "A Region Backend Service defines a regionally-scoped group of virtual\nmachines that will serve traffic for load balancing.\n\n\nTo get more information about RegionBackendService, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/latest/regionBackendServices)\n* How-to Guides\n * [Internal TCP/UDP Load Balancing](https://cloud.google.com/compute/docs/load-balancing/internal/)\n\n\n\n## Example Usage\n\n### Region Backend Service Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultHealthCheck = new gcp.compute.HealthCheck(\"default\", {\n name: \"rbs-health-check\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst _default = new gcp.compute.RegionBackendService(\"default\", {\n name: \"region-service\",\n region: \"us-central1\",\n healthChecks: defaultHealthCheck.id,\n connectionDrainingTimeoutSec: 10,\n sessionAffinity: \"CLIENT_IP\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_health_check = gcp.compute.HealthCheck(\"default\",\n name=\"rbs-health-check\",\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\ndefault = gcp.compute.RegionBackendService(\"default\",\n name=\"region-service\",\n region=\"us-central1\",\n health_checks=default_health_check.id,\n connection_draining_timeout_sec=10,\n session_affinity=\"CLIENT_IP\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultHealthCheck = new Gcp.Compute.HealthCheck(\"default\", new()\n {\n Name = \"rbs-health-check\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var @default = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n Name = \"region-service\",\n Region = \"us-central1\",\n HealthChecks = defaultHealthCheck.Id,\n ConnectionDrainingTimeoutSec = 10,\n SessionAffinity = \"CLIENT_IP\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultHealthCheck, err := compute.NewHealthCheck(ctx, \"default\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"rbs-health-check\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"region-service\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHealthChecks: defaultHealthCheck.ID(),\n\t\t\tConnectionDrainingTimeoutSec: pulumi.Int(10),\n\t\t\tSessionAffinity: pulumi.String(\"CLIENT_IP\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultHealthCheck = new HealthCheck(\"defaultHealthCheck\", HealthCheckArgs.builder()\n .name(\"rbs-health-check\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n var default_ = new RegionBackendService(\"default\", RegionBackendServiceArgs.builder()\n .name(\"region-service\")\n .region(\"us-central1\")\n .healthChecks(defaultHealthCheck.id())\n .connectionDrainingTimeoutSec(10)\n .sessionAffinity(\"CLIENT_IP\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionBackendService\n properties:\n name: region-service\n region: us-central1\n healthChecks: ${defaultHealthCheck.id}\n connectionDrainingTimeoutSec: 10\n sessionAffinity: CLIENT_IP\n defaultHealthCheck:\n type: gcp:compute:HealthCheck\n name: default\n properties:\n name: rbs-health-check\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Backend Service External Iap\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.RegionBackendService(\"default\", {\n name: \"tf-test-region-service-external\",\n region: \"us-central1\",\n protocol: \"HTTP\",\n loadBalancingScheme: \"EXTERNAL\",\n iap: {\n enabled: true,\n oauth2ClientId: \"abc\",\n oauth2ClientSecret: \"xyz\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.RegionBackendService(\"default\",\n name=\"tf-test-region-service-external\",\n region=\"us-central1\",\n protocol=\"HTTP\",\n load_balancing_scheme=\"EXTERNAL\",\n iap={\n \"enabled\": True,\n \"oauth2_client_id\": \"abc\",\n \"oauth2_client_secret\": \"xyz\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n Name = \"tf-test-region-service-external\",\n Region = \"us-central1\",\n Protocol = \"HTTP\",\n LoadBalancingScheme = \"EXTERNAL\",\n Iap = new Gcp.Compute.Inputs.RegionBackendServiceIapArgs\n {\n Enabled = true,\n Oauth2ClientId = \"abc\",\n Oauth2ClientSecret = \"xyz\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"tf-test-region-service-external\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL\"),\n\t\t\tIap: \u0026compute.RegionBackendServiceIapArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tOauth2ClientId: pulumi.String(\"abc\"),\n\t\t\t\tOauth2ClientSecret: pulumi.String(\"xyz\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.inputs.RegionBackendServiceIapArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new RegionBackendService(\"default\", RegionBackendServiceArgs.builder()\n .name(\"tf-test-region-service-external\")\n .region(\"us-central1\")\n .protocol(\"HTTP\")\n .loadBalancingScheme(\"EXTERNAL\")\n .iap(RegionBackendServiceIapArgs.builder()\n .enabled(true)\n .oauth2ClientId(\"abc\")\n .oauth2ClientSecret(\"xyz\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionBackendService\n properties:\n name: tf-test-region-service-external\n region: us-central1\n protocol: HTTP\n loadBalancingScheme: EXTERNAL\n iap:\n enabled: true\n oauth2ClientId: abc\n oauth2ClientSecret: xyz\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Backend Service Cache\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck(\"default\", {\n name: \"rbs-health-check\",\n region: \"us-central1\",\n httpHealthCheck: {\n port: 80,\n },\n});\nconst _default = new gcp.compute.RegionBackendService(\"default\", {\n name: \"region-service\",\n region: \"us-central1\",\n healthChecks: defaultRegionHealthCheck.id,\n enableCdn: true,\n cdnPolicy: {\n cacheMode: \"CACHE_ALL_STATIC\",\n defaultTtl: 3600,\n clientTtl: 7200,\n maxTtl: 10800,\n negativeCaching: true,\n signedUrlCacheMaxAgeSec: 7200,\n },\n loadBalancingScheme: \"EXTERNAL\",\n protocol: \"HTTP\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_region_health_check = gcp.compute.RegionHealthCheck(\"default\",\n name=\"rbs-health-check\",\n region=\"us-central1\",\n http_health_check={\n \"port\": 80,\n })\ndefault = gcp.compute.RegionBackendService(\"default\",\n name=\"region-service\",\n region=\"us-central1\",\n health_checks=default_region_health_check.id,\n enable_cdn=True,\n cdn_policy={\n \"cache_mode\": \"CACHE_ALL_STATIC\",\n \"default_ttl\": 3600,\n \"client_ttl\": 7200,\n \"max_ttl\": 10800,\n \"negative_caching\": True,\n \"signed_url_cache_max_age_sec\": 7200,\n },\n load_balancing_scheme=\"EXTERNAL\",\n protocol=\"HTTP\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultRegionHealthCheck = new Gcp.Compute.RegionHealthCheck(\"default\", new()\n {\n Name = \"rbs-health-check\",\n Region = \"us-central1\",\n HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var @default = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n Name = \"region-service\",\n Region = \"us-central1\",\n HealthChecks = defaultRegionHealthCheck.Id,\n EnableCdn = true,\n CdnPolicy = new Gcp.Compute.Inputs.RegionBackendServiceCdnPolicyArgs\n {\n CacheMode = \"CACHE_ALL_STATIC\",\n DefaultTtl = 3600,\n ClientTtl = 7200,\n MaxTtl = 10800,\n NegativeCaching = true,\n SignedUrlCacheMaxAgeSec = 7200,\n },\n LoadBalancingScheme = \"EXTERNAL\",\n Protocol = \"HTTP\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultRegionHealthCheck, err := compute.NewRegionHealthCheck(ctx, \"default\", \u0026compute.RegionHealthCheckArgs{\n\t\t\tName: pulumi.String(\"rbs-health-check\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHttpHealthCheck: \u0026compute.RegionHealthCheckHttpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"region-service\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHealthChecks: defaultRegionHealthCheck.ID(),\n\t\t\tEnableCdn: pulumi.Bool(true),\n\t\t\tCdnPolicy: \u0026compute.RegionBackendServiceCdnPolicyArgs{\n\t\t\t\tCacheMode: pulumi.String(\"CACHE_ALL_STATIC\"),\n\t\t\t\tDefaultTtl: pulumi.Int(3600),\n\t\t\t\tClientTtl: pulumi.Int(7200),\n\t\t\t\tMaxTtl: pulumi.Int(10800),\n\t\t\t\tNegativeCaching: pulumi.Bool(true),\n\t\t\t\tSignedUrlCacheMaxAgeSec: pulumi.Int(7200),\n\t\t\t},\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionHealthCheck;\nimport com.pulumi.gcp.compute.RegionHealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.inputs.RegionBackendServiceCdnPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultRegionHealthCheck = new RegionHealthCheck(\"defaultRegionHealthCheck\", RegionHealthCheckArgs.builder()\n .name(\"rbs-health-check\")\n .region(\"us-central1\")\n .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()\n .port(80)\n .build())\n .build());\n\n var default_ = new RegionBackendService(\"default\", RegionBackendServiceArgs.builder()\n .name(\"region-service\")\n .region(\"us-central1\")\n .healthChecks(defaultRegionHealthCheck.id())\n .enableCdn(true)\n .cdnPolicy(RegionBackendServiceCdnPolicyArgs.builder()\n .cacheMode(\"CACHE_ALL_STATIC\")\n .defaultTtl(3600)\n .clientTtl(7200)\n .maxTtl(10800)\n .negativeCaching(true)\n .signedUrlCacheMaxAgeSec(7200)\n .build())\n .loadBalancingScheme(\"EXTERNAL\")\n .protocol(\"HTTP\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionBackendService\n properties:\n name: region-service\n region: us-central1\n healthChecks: ${defaultRegionHealthCheck.id}\n enableCdn: true\n cdnPolicy:\n cacheMode: CACHE_ALL_STATIC\n defaultTtl: 3600\n clientTtl: 7200\n maxTtl: 10800\n negativeCaching: true\n signedUrlCacheMaxAgeSec: 7200\n loadBalancingScheme: EXTERNAL\n protocol: HTTP\n defaultRegionHealthCheck:\n type: gcp:compute:RegionHealthCheck\n name: default\n properties:\n name: rbs-health-check\n region: us-central1\n httpHealthCheck:\n port: 80\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Backend Service Ilb Round Robin\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst healthCheck = new gcp.compute.HealthCheck(\"health_check\", {\n name: \"rbs-health-check\",\n httpHealthCheck: {\n port: 80,\n },\n});\nconst _default = new gcp.compute.RegionBackendService(\"default\", {\n region: \"us-central1\",\n name: \"region-service\",\n healthChecks: healthCheck.id,\n protocol: \"HTTP\",\n loadBalancingScheme: \"INTERNAL_MANAGED\",\n localityLbPolicy: \"ROUND_ROBIN\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhealth_check = gcp.compute.HealthCheck(\"health_check\",\n name=\"rbs-health-check\",\n http_health_check={\n \"port\": 80,\n })\ndefault = gcp.compute.RegionBackendService(\"default\",\n region=\"us-central1\",\n name=\"region-service\",\n health_checks=health_check.id,\n protocol=\"HTTP\",\n load_balancing_scheme=\"INTERNAL_MANAGED\",\n locality_lb_policy=\"ROUND_ROBIN\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var healthCheck = new Gcp.Compute.HealthCheck(\"health_check\", new()\n {\n Name = \"rbs-health-check\",\n HttpHealthCheck = new Gcp.Compute.Inputs.HealthCheckHttpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var @default = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"region-service\",\n HealthChecks = healthCheck.Id,\n Protocol = \"HTTP\",\n LoadBalancingScheme = \"INTERNAL_MANAGED\",\n LocalityLbPolicy = \"ROUND_ROBIN\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\thealthCheck, err := compute.NewHealthCheck(ctx, \"health_check\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"rbs-health-check\"),\n\t\t\tHttpHealthCheck: \u0026compute.HealthCheckHttpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"region-service\"),\n\t\t\tHealthChecks: healthCheck.ID(),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_MANAGED\"),\n\t\t\tLocalityLbPolicy: pulumi.String(\"ROUND_ROBIN\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckHttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var healthCheck = new HealthCheck(\"healthCheck\", HealthCheckArgs.builder()\n .name(\"rbs-health-check\")\n .httpHealthCheck(HealthCheckHttpHealthCheckArgs.builder()\n .port(80)\n .build())\n .build());\n\n var default_ = new RegionBackendService(\"default\", RegionBackendServiceArgs.builder()\n .region(\"us-central1\")\n .name(\"region-service\")\n .healthChecks(healthCheck.id())\n .protocol(\"HTTP\")\n .loadBalancingScheme(\"INTERNAL_MANAGED\")\n .localityLbPolicy(\"ROUND_ROBIN\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionBackendService\n properties:\n region: us-central1\n name: region-service\n healthChecks: ${healthCheck.id}\n protocol: HTTP\n loadBalancingScheme: INTERNAL_MANAGED\n localityLbPolicy: ROUND_ROBIN\n healthCheck:\n type: gcp:compute:HealthCheck\n name: health_check\n properties:\n name: rbs-health-check\n httpHealthCheck:\n port: 80\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Backend Service External\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst healthCheck = new gcp.compute.RegionHealthCheck(\"health_check\", {\n name: \"rbs-health-check\",\n region: \"us-central1\",\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst _default = new gcp.compute.RegionBackendService(\"default\", {\n region: \"us-central1\",\n name: \"region-service\",\n healthChecks: healthCheck.id,\n protocol: \"TCP\",\n loadBalancingScheme: \"EXTERNAL\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhealth_check = gcp.compute.RegionHealthCheck(\"health_check\",\n name=\"rbs-health-check\",\n region=\"us-central1\",\n tcp_health_check={\n \"port\": 80,\n })\ndefault = gcp.compute.RegionBackendService(\"default\",\n region=\"us-central1\",\n name=\"region-service\",\n health_checks=health_check.id,\n protocol=\"TCP\",\n load_balancing_scheme=\"EXTERNAL\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var healthCheck = new Gcp.Compute.RegionHealthCheck(\"health_check\", new()\n {\n Name = \"rbs-health-check\",\n Region = \"us-central1\",\n TcpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var @default = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"region-service\",\n HealthChecks = healthCheck.Id,\n Protocol = \"TCP\",\n LoadBalancingScheme = \"EXTERNAL\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\thealthCheck, err := compute.NewRegionHealthCheck(ctx, \"health_check\", \u0026compute.RegionHealthCheckArgs{\n\t\t\tName: pulumi.String(\"rbs-health-check\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tTcpHealthCheck: \u0026compute.RegionHealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"region-service\"),\n\t\t\tHealthChecks: healthCheck.ID(),\n\t\t\tProtocol: pulumi.String(\"TCP\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionHealthCheck;\nimport com.pulumi.gcp.compute.RegionHealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.RegionHealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var healthCheck = new RegionHealthCheck(\"healthCheck\", RegionHealthCheckArgs.builder()\n .name(\"rbs-health-check\")\n .region(\"us-central1\")\n .tcpHealthCheck(RegionHealthCheckTcpHealthCheckArgs.builder()\n .port(80)\n .build())\n .build());\n\n var default_ = new RegionBackendService(\"default\", RegionBackendServiceArgs.builder()\n .region(\"us-central1\")\n .name(\"region-service\")\n .healthChecks(healthCheck.id())\n .protocol(\"TCP\")\n .loadBalancingScheme(\"EXTERNAL\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionBackendService\n properties:\n region: us-central1\n name: region-service\n healthChecks: ${healthCheck.id}\n protocol: TCP\n loadBalancingScheme: EXTERNAL\n healthCheck:\n type: gcp:compute:RegionHealthCheck\n name: health_check\n properties:\n name: rbs-health-check\n region: us-central1\n tcpHealthCheck:\n port: 80\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Backend Service External Weighted\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst healthCheck = new gcp.compute.RegionHealthCheck(\"health_check\", {\n name: \"rbs-health-check\",\n region: \"us-central1\",\n httpHealthCheck: {\n port: 80,\n },\n});\nconst _default = new gcp.compute.RegionBackendService(\"default\", {\n region: \"us-central1\",\n name: \"region-service\",\n healthChecks: healthCheck.id,\n protocol: \"TCP\",\n loadBalancingScheme: \"EXTERNAL\",\n localityLbPolicy: \"WEIGHTED_MAGLEV\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhealth_check = gcp.compute.RegionHealthCheck(\"health_check\",\n name=\"rbs-health-check\",\n region=\"us-central1\",\n http_health_check={\n \"port\": 80,\n })\ndefault = gcp.compute.RegionBackendService(\"default\",\n region=\"us-central1\",\n name=\"region-service\",\n health_checks=health_check.id,\n protocol=\"TCP\",\n load_balancing_scheme=\"EXTERNAL\",\n locality_lb_policy=\"WEIGHTED_MAGLEV\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var healthCheck = new Gcp.Compute.RegionHealthCheck(\"health_check\", new()\n {\n Name = \"rbs-health-check\",\n Region = \"us-central1\",\n HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var @default = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"region-service\",\n HealthChecks = healthCheck.Id,\n Protocol = \"TCP\",\n LoadBalancingScheme = \"EXTERNAL\",\n LocalityLbPolicy = \"WEIGHTED_MAGLEV\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\thealthCheck, err := compute.NewRegionHealthCheck(ctx, \"health_check\", \u0026compute.RegionHealthCheckArgs{\n\t\t\tName: pulumi.String(\"rbs-health-check\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHttpHealthCheck: \u0026compute.RegionHealthCheckHttpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"region-service\"),\n\t\t\tHealthChecks: healthCheck.ID(),\n\t\t\tProtocol: pulumi.String(\"TCP\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL\"),\n\t\t\tLocalityLbPolicy: pulumi.String(\"WEIGHTED_MAGLEV\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionHealthCheck;\nimport com.pulumi.gcp.compute.RegionHealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var healthCheck = new RegionHealthCheck(\"healthCheck\", RegionHealthCheckArgs.builder()\n .name(\"rbs-health-check\")\n .region(\"us-central1\")\n .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()\n .port(80)\n .build())\n .build());\n\n var default_ = new RegionBackendService(\"default\", RegionBackendServiceArgs.builder()\n .region(\"us-central1\")\n .name(\"region-service\")\n .healthChecks(healthCheck.id())\n .protocol(\"TCP\")\n .loadBalancingScheme(\"EXTERNAL\")\n .localityLbPolicy(\"WEIGHTED_MAGLEV\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionBackendService\n properties:\n region: us-central1\n name: region-service\n healthChecks: ${healthCheck.id}\n protocol: TCP\n loadBalancingScheme: EXTERNAL\n localityLbPolicy: WEIGHTED_MAGLEV\n healthCheck:\n type: gcp:compute:RegionHealthCheck\n name: health_check\n properties:\n name: rbs-health-check\n region: us-central1\n httpHealthCheck:\n port: 80\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Backend Service Ilb Ring Hash\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst healthCheck = new gcp.compute.HealthCheck(\"health_check\", {\n name: \"rbs-health-check\",\n httpHealthCheck: {\n port: 80,\n },\n});\nconst _default = new gcp.compute.RegionBackendService(\"default\", {\n region: \"us-central1\",\n name: \"region-service\",\n healthChecks: healthCheck.id,\n loadBalancingScheme: \"INTERNAL_MANAGED\",\n localityLbPolicy: \"RING_HASH\",\n sessionAffinity: \"HTTP_COOKIE\",\n protocol: \"HTTP\",\n circuitBreakers: {\n maxConnections: 10,\n },\n consistentHash: {\n httpCookie: {\n ttl: {\n seconds: 11,\n nanos: 1111,\n },\n name: \"mycookie\",\n },\n },\n outlierDetection: {\n consecutiveErrors: 2,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhealth_check = gcp.compute.HealthCheck(\"health_check\",\n name=\"rbs-health-check\",\n http_health_check={\n \"port\": 80,\n })\ndefault = gcp.compute.RegionBackendService(\"default\",\n region=\"us-central1\",\n name=\"region-service\",\n health_checks=health_check.id,\n load_balancing_scheme=\"INTERNAL_MANAGED\",\n locality_lb_policy=\"RING_HASH\",\n session_affinity=\"HTTP_COOKIE\",\n protocol=\"HTTP\",\n circuit_breakers={\n \"max_connections\": 10,\n },\n consistent_hash={\n \"http_cookie\": {\n \"ttl\": {\n \"seconds\": 11,\n \"nanos\": 1111,\n },\n \"name\": \"mycookie\",\n },\n },\n outlier_detection={\n \"consecutive_errors\": 2,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var healthCheck = new Gcp.Compute.HealthCheck(\"health_check\", new()\n {\n Name = \"rbs-health-check\",\n HttpHealthCheck = new Gcp.Compute.Inputs.HealthCheckHttpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var @default = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"region-service\",\n HealthChecks = healthCheck.Id,\n LoadBalancingScheme = \"INTERNAL_MANAGED\",\n LocalityLbPolicy = \"RING_HASH\",\n SessionAffinity = \"HTTP_COOKIE\",\n Protocol = \"HTTP\",\n CircuitBreakers = new Gcp.Compute.Inputs.RegionBackendServiceCircuitBreakersArgs\n {\n MaxConnections = 10,\n },\n ConsistentHash = new Gcp.Compute.Inputs.RegionBackendServiceConsistentHashArgs\n {\n HttpCookie = new Gcp.Compute.Inputs.RegionBackendServiceConsistentHashHttpCookieArgs\n {\n Ttl = new Gcp.Compute.Inputs.RegionBackendServiceConsistentHashHttpCookieTtlArgs\n {\n Seconds = 11,\n Nanos = 1111,\n },\n Name = \"mycookie\",\n },\n },\n OutlierDetection = new Gcp.Compute.Inputs.RegionBackendServiceOutlierDetectionArgs\n {\n ConsecutiveErrors = 2,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\thealthCheck, err := compute.NewHealthCheck(ctx, \"health_check\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"rbs-health-check\"),\n\t\t\tHttpHealthCheck: \u0026compute.HealthCheckHttpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"region-service\"),\n\t\t\tHealthChecks: healthCheck.ID(),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_MANAGED\"),\n\t\t\tLocalityLbPolicy: pulumi.String(\"RING_HASH\"),\n\t\t\tSessionAffinity: pulumi.String(\"HTTP_COOKIE\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tCircuitBreakers: \u0026compute.RegionBackendServiceCircuitBreakersArgs{\n\t\t\t\tMaxConnections: pulumi.Int(10),\n\t\t\t},\n\t\t\tConsistentHash: \u0026compute.RegionBackendServiceConsistentHashArgs{\n\t\t\t\tHttpCookie: \u0026compute.RegionBackendServiceConsistentHashHttpCookieArgs{\n\t\t\t\t\tTtl: \u0026compute.RegionBackendServiceConsistentHashHttpCookieTtlArgs{\n\t\t\t\t\t\tSeconds: pulumi.Int(11),\n\t\t\t\t\t\tNanos: pulumi.Int(1111),\n\t\t\t\t\t},\n\t\t\t\t\tName: pulumi.String(\"mycookie\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tOutlierDetection: \u0026compute.RegionBackendServiceOutlierDetectionArgs{\n\t\t\t\tConsecutiveErrors: pulumi.Int(2),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckHttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.inputs.RegionBackendServiceCircuitBreakersArgs;\nimport com.pulumi.gcp.compute.inputs.RegionBackendServiceConsistentHashArgs;\nimport com.pulumi.gcp.compute.inputs.RegionBackendServiceConsistentHashHttpCookieArgs;\nimport com.pulumi.gcp.compute.inputs.RegionBackendServiceConsistentHashHttpCookieTtlArgs;\nimport com.pulumi.gcp.compute.inputs.RegionBackendServiceOutlierDetectionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var healthCheck = new HealthCheck(\"healthCheck\", HealthCheckArgs.builder()\n .name(\"rbs-health-check\")\n .httpHealthCheck(HealthCheckHttpHealthCheckArgs.builder()\n .port(80)\n .build())\n .build());\n\n var default_ = new RegionBackendService(\"default\", RegionBackendServiceArgs.builder()\n .region(\"us-central1\")\n .name(\"region-service\")\n .healthChecks(healthCheck.id())\n .loadBalancingScheme(\"INTERNAL_MANAGED\")\n .localityLbPolicy(\"RING_HASH\")\n .sessionAffinity(\"HTTP_COOKIE\")\n .protocol(\"HTTP\")\n .circuitBreakers(RegionBackendServiceCircuitBreakersArgs.builder()\n .maxConnections(10)\n .build())\n .consistentHash(RegionBackendServiceConsistentHashArgs.builder()\n .httpCookie(RegionBackendServiceConsistentHashHttpCookieArgs.builder()\n .ttl(RegionBackendServiceConsistentHashHttpCookieTtlArgs.builder()\n .seconds(11)\n .nanos(1111)\n .build())\n .name(\"mycookie\")\n .build())\n .build())\n .outlierDetection(RegionBackendServiceOutlierDetectionArgs.builder()\n .consecutiveErrors(2)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionBackendService\n properties:\n region: us-central1\n name: region-service\n healthChecks: ${healthCheck.id}\n loadBalancingScheme: INTERNAL_MANAGED\n localityLbPolicy: RING_HASH\n sessionAffinity: HTTP_COOKIE\n protocol: HTTP\n circuitBreakers:\n maxConnections: 10\n consistentHash:\n httpCookie:\n ttl:\n seconds: 11\n nanos: 1111\n name: mycookie\n outlierDetection:\n consecutiveErrors: 2\n healthCheck:\n type: gcp:compute:HealthCheck\n name: health_check\n properties:\n name: rbs-health-check\n httpHealthCheck:\n port: 80\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Backend Service Ilb Stateful Session Affinity\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst healthCheck = new gcp.compute.HealthCheck(\"health_check\", {\n name: \"rbs-health-check\",\n httpHealthCheck: {\n port: 80,\n },\n});\nconst _default = new gcp.compute.RegionBackendService(\"default\", {\n region: \"us-central1\",\n name: \"region-service\",\n healthChecks: healthCheck.id,\n loadBalancingScheme: \"INTERNAL_MANAGED\",\n localityLbPolicy: \"RING_HASH\",\n sessionAffinity: \"STRONG_COOKIE_AFFINITY\",\n protocol: \"HTTP\",\n strongSessionAffinityCookie: {\n ttl: {\n seconds: 11,\n nanos: 1111,\n },\n name: \"mycookie\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhealth_check = gcp.compute.HealthCheck(\"health_check\",\n name=\"rbs-health-check\",\n http_health_check={\n \"port\": 80,\n })\ndefault = gcp.compute.RegionBackendService(\"default\",\n region=\"us-central1\",\n name=\"region-service\",\n health_checks=health_check.id,\n load_balancing_scheme=\"INTERNAL_MANAGED\",\n locality_lb_policy=\"RING_HASH\",\n session_affinity=\"STRONG_COOKIE_AFFINITY\",\n protocol=\"HTTP\",\n strong_session_affinity_cookie={\n \"ttl\": {\n \"seconds\": 11,\n \"nanos\": 1111,\n },\n \"name\": \"mycookie\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var healthCheck = new Gcp.Compute.HealthCheck(\"health_check\", new()\n {\n Name = \"rbs-health-check\",\n HttpHealthCheck = new Gcp.Compute.Inputs.HealthCheckHttpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var @default = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"region-service\",\n HealthChecks = healthCheck.Id,\n LoadBalancingScheme = \"INTERNAL_MANAGED\",\n LocalityLbPolicy = \"RING_HASH\",\n SessionAffinity = \"STRONG_COOKIE_AFFINITY\",\n Protocol = \"HTTP\",\n StrongSessionAffinityCookie = new Gcp.Compute.Inputs.RegionBackendServiceStrongSessionAffinityCookieArgs\n {\n Ttl = new Gcp.Compute.Inputs.RegionBackendServiceStrongSessionAffinityCookieTtlArgs\n {\n Seconds = 11,\n Nanos = 1111,\n },\n Name = \"mycookie\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\thealthCheck, err := compute.NewHealthCheck(ctx, \"health_check\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"rbs-health-check\"),\n\t\t\tHttpHealthCheck: \u0026compute.HealthCheckHttpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"region-service\"),\n\t\t\tHealthChecks: healthCheck.ID(),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_MANAGED\"),\n\t\t\tLocalityLbPolicy: pulumi.String(\"RING_HASH\"),\n\t\t\tSessionAffinity: pulumi.String(\"STRONG_COOKIE_AFFINITY\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tStrongSessionAffinityCookie: \u0026compute.RegionBackendServiceStrongSessionAffinityCookieArgs{\n\t\t\t\tTtl: \u0026compute.RegionBackendServiceStrongSessionAffinityCookieTtlArgs{\n\t\t\t\t\tSeconds: pulumi.Int(11),\n\t\t\t\t\tNanos: pulumi.Int(1111),\n\t\t\t\t},\n\t\t\t\tName: pulumi.String(\"mycookie\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckHttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.inputs.RegionBackendServiceStrongSessionAffinityCookieArgs;\nimport com.pulumi.gcp.compute.inputs.RegionBackendServiceStrongSessionAffinityCookieTtlArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var healthCheck = new HealthCheck(\"healthCheck\", HealthCheckArgs.builder()\n .name(\"rbs-health-check\")\n .httpHealthCheck(HealthCheckHttpHealthCheckArgs.builder()\n .port(80)\n .build())\n .build());\n\n var default_ = new RegionBackendService(\"default\", RegionBackendServiceArgs.builder()\n .region(\"us-central1\")\n .name(\"region-service\")\n .healthChecks(healthCheck.id())\n .loadBalancingScheme(\"INTERNAL_MANAGED\")\n .localityLbPolicy(\"RING_HASH\")\n .sessionAffinity(\"STRONG_COOKIE_AFFINITY\")\n .protocol(\"HTTP\")\n .strongSessionAffinityCookie(RegionBackendServiceStrongSessionAffinityCookieArgs.builder()\n .ttl(RegionBackendServiceStrongSessionAffinityCookieTtlArgs.builder()\n .seconds(11)\n .nanos(1111)\n .build())\n .name(\"mycookie\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionBackendService\n properties:\n region: us-central1\n name: region-service\n healthChecks: ${healthCheck.id}\n loadBalancingScheme: INTERNAL_MANAGED\n localityLbPolicy: RING_HASH\n sessionAffinity: STRONG_COOKIE_AFFINITY\n protocol: HTTP\n strongSessionAffinityCookie:\n ttl:\n seconds: 11\n nanos: 1111\n name: mycookie\n healthCheck:\n type: gcp:compute:HealthCheck\n name: health_check\n properties:\n name: rbs-health-check\n httpHealthCheck:\n port: 80\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Backend Service Balancing Mode\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst debianImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst defaultNetwork = new gcp.compute.Network(\"default\", {\n name: \"rbs-net\",\n autoCreateSubnetworks: false,\n routingMode: \"REGIONAL\",\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"rbs-net-default\",\n ipCidrRange: \"10.1.2.0/24\",\n region: \"us-central1\",\n network: defaultNetwork.id,\n});\nconst instanceTemplate = new gcp.compute.InstanceTemplate(\"instance_template\", {\n name: \"template-region-service\",\n machineType: \"e2-medium\",\n networkInterfaces: [{\n network: defaultNetwork.id,\n subnetwork: defaultSubnetwork.id,\n }],\n disks: [{\n sourceImage: debianImage.then(debianImage =\u003e debianImage.selfLink),\n autoDelete: true,\n boot: true,\n }],\n tags: [\n \"allow-ssh\",\n \"load-balanced-backend\",\n ],\n});\nconst rigm = new gcp.compute.RegionInstanceGroupManager(\"rigm\", {\n region: \"us-central1\",\n name: \"rbs-rigm\",\n versions: [{\n instanceTemplate: instanceTemplate.id,\n name: \"primary\",\n }],\n baseInstanceName: \"internal-glb\",\n targetSize: 1,\n});\nconst defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck(\"default\", {\n region: \"us-central1\",\n name: \"rbs-health-check\",\n httpHealthCheck: {\n portSpecification: \"USE_SERVING_PORT\",\n },\n});\nconst _default = new gcp.compute.RegionBackendService(\"default\", {\n loadBalancingScheme: \"INTERNAL_MANAGED\",\n backends: [{\n group: rigm.instanceGroup,\n balancingMode: \"UTILIZATION\",\n capacityScaler: 1,\n }],\n region: \"us-central1\",\n name: \"region-service\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n healthChecks: defaultRegionHealthCheck.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndebian_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\ndefault_network = gcp.compute.Network(\"default\",\n name=\"rbs-net\",\n auto_create_subnetworks=False,\n routing_mode=\"REGIONAL\")\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"rbs-net-default\",\n ip_cidr_range=\"10.1.2.0/24\",\n region=\"us-central1\",\n network=default_network.id)\ninstance_template = gcp.compute.InstanceTemplate(\"instance_template\",\n name=\"template-region-service\",\n machine_type=\"e2-medium\",\n network_interfaces=[{\n \"network\": default_network.id,\n \"subnetwork\": default_subnetwork.id,\n }],\n disks=[{\n \"source_image\": debian_image.self_link,\n \"auto_delete\": True,\n \"boot\": True,\n }],\n tags=[\n \"allow-ssh\",\n \"load-balanced-backend\",\n ])\nrigm = gcp.compute.RegionInstanceGroupManager(\"rigm\",\n region=\"us-central1\",\n name=\"rbs-rigm\",\n versions=[{\n \"instance_template\": instance_template.id,\n \"name\": \"primary\",\n }],\n base_instance_name=\"internal-glb\",\n target_size=1)\ndefault_region_health_check = gcp.compute.RegionHealthCheck(\"default\",\n region=\"us-central1\",\n name=\"rbs-health-check\",\n http_health_check={\n \"port_specification\": \"USE_SERVING_PORT\",\n })\ndefault = gcp.compute.RegionBackendService(\"default\",\n load_balancing_scheme=\"INTERNAL_MANAGED\",\n backends=[{\n \"group\": rigm.instance_group,\n \"balancing_mode\": \"UTILIZATION\",\n \"capacity_scaler\": 1,\n }],\n region=\"us-central1\",\n name=\"region-service\",\n protocol=\"HTTP\",\n timeout_sec=10,\n health_checks=default_region_health_check.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var debianImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"rbs-net\",\n AutoCreateSubnetworks = false,\n RoutingMode = \"REGIONAL\",\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"rbs-net-default\",\n IpCidrRange = \"10.1.2.0/24\",\n Region = \"us-central1\",\n Network = defaultNetwork.Id,\n });\n\n var instanceTemplate = new Gcp.Compute.InstanceTemplate(\"instance_template\", new()\n {\n Name = \"template-region-service\",\n MachineType = \"e2-medium\",\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs\n {\n Network = defaultNetwork.Id,\n Subnetwork = defaultSubnetwork.Id,\n },\n },\n Disks = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateDiskArgs\n {\n SourceImage = debianImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n AutoDelete = true,\n Boot = true,\n },\n },\n Tags = new[]\n {\n \"allow-ssh\",\n \"load-balanced-backend\",\n },\n });\n\n var rigm = new Gcp.Compute.RegionInstanceGroupManager(\"rigm\", new()\n {\n Region = \"us-central1\",\n Name = \"rbs-rigm\",\n Versions = new[]\n {\n new Gcp.Compute.Inputs.RegionInstanceGroupManagerVersionArgs\n {\n InstanceTemplate = instanceTemplate.Id,\n Name = \"primary\",\n },\n },\n BaseInstanceName = \"internal-glb\",\n TargetSize = 1,\n });\n\n var defaultRegionHealthCheck = new Gcp.Compute.RegionHealthCheck(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"rbs-health-check\",\n HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs\n {\n PortSpecification = \"USE_SERVING_PORT\",\n },\n });\n\n var @default = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n LoadBalancingScheme = \"INTERNAL_MANAGED\",\n Backends = new[]\n {\n new Gcp.Compute.Inputs.RegionBackendServiceBackendArgs\n {\n Group = rigm.InstanceGroup,\n BalancingMode = \"UTILIZATION\",\n CapacityScaler = 1,\n },\n },\n Region = \"us-central1\",\n Name = \"region-service\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n HealthChecks = defaultRegionHealthCheck.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdebianImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"rbs-net\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t\tRoutingMode: pulumi.String(\"REGIONAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"rbs-net-default\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.1.2.0/24\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstanceTemplate, err := compute.NewInstanceTemplate(ctx, \"instance_template\", \u0026compute.InstanceTemplateArgs{\n\t\t\tName: pulumi.String(\"template-region-service\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tNetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceTemplateNetworkInterfaceArgs{\n\t\t\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDisks: compute.InstanceTemplateDiskArray{\n\t\t\t\t\u0026compute.InstanceTemplateDiskArgs{\n\t\t\t\t\tSourceImage: pulumi.String(debianImage.SelfLink),\n\t\t\t\t\tAutoDelete: pulumi.Bool(true),\n\t\t\t\t\tBoot: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"allow-ssh\"),\n\t\t\t\tpulumi.String(\"load-balanced-backend\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trigm, err := compute.NewRegionInstanceGroupManager(ctx, \"rigm\", \u0026compute.RegionInstanceGroupManagerArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"rbs-rigm\"),\n\t\t\tVersions: compute.RegionInstanceGroupManagerVersionArray{\n\t\t\t\t\u0026compute.RegionInstanceGroupManagerVersionArgs{\n\t\t\t\t\tInstanceTemplate: instanceTemplate.ID(),\n\t\t\t\t\tName: pulumi.String(\"primary\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tBaseInstanceName: pulumi.String(\"internal-glb\"),\n\t\t\tTargetSize: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionHealthCheck, err := compute.NewRegionHealthCheck(ctx, \"default\", \u0026compute.RegionHealthCheckArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"rbs-health-check\"),\n\t\t\tHttpHealthCheck: \u0026compute.RegionHealthCheckHttpHealthCheckArgs{\n\t\t\t\tPortSpecification: pulumi.String(\"USE_SERVING_PORT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_MANAGED\"),\n\t\t\tBackends: compute.RegionBackendServiceBackendArray{\n\t\t\t\t\u0026compute.RegionBackendServiceBackendArgs{\n\t\t\t\t\tGroup: rigm.InstanceGroup,\n\t\t\t\t\tBalancingMode: pulumi.String(\"UTILIZATION\"),\n\t\t\t\t\tCapacityScaler: pulumi.Float64(1),\n\t\t\t\t},\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"region-service\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tHealthChecks: defaultRegionHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.InstanceTemplate;\nimport com.pulumi.gcp.compute.InstanceTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;\nimport com.pulumi.gcp.compute.RegionInstanceGroupManager;\nimport com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;\nimport com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;\nimport com.pulumi.gcp.compute.RegionHealthCheck;\nimport com.pulumi.gcp.compute.RegionHealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var debianImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"rbs-net\")\n .autoCreateSubnetworks(false)\n .routingMode(\"REGIONAL\")\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"rbs-net-default\")\n .ipCidrRange(\"10.1.2.0/24\")\n .region(\"us-central1\")\n .network(defaultNetwork.id())\n .build());\n\n var instanceTemplate = new InstanceTemplate(\"instanceTemplate\", InstanceTemplateArgs.builder()\n .name(\"template-region-service\")\n .machineType(\"e2-medium\")\n .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()\n .network(defaultNetwork.id())\n .subnetwork(defaultSubnetwork.id())\n .build())\n .disks(InstanceTemplateDiskArgs.builder()\n .sourceImage(debianImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .autoDelete(true)\n .boot(true)\n .build())\n .tags( \n \"allow-ssh\",\n \"load-balanced-backend\")\n .build());\n\n var rigm = new RegionInstanceGroupManager(\"rigm\", RegionInstanceGroupManagerArgs.builder()\n .region(\"us-central1\")\n .name(\"rbs-rigm\")\n .versions(RegionInstanceGroupManagerVersionArgs.builder()\n .instanceTemplate(instanceTemplate.id())\n .name(\"primary\")\n .build())\n .baseInstanceName(\"internal-glb\")\n .targetSize(1)\n .build());\n\n var defaultRegionHealthCheck = new RegionHealthCheck(\"defaultRegionHealthCheck\", RegionHealthCheckArgs.builder()\n .region(\"us-central1\")\n .name(\"rbs-health-check\")\n .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()\n .portSpecification(\"USE_SERVING_PORT\")\n .build())\n .build());\n\n var default_ = new RegionBackendService(\"default\", RegionBackendServiceArgs.builder()\n .loadBalancingScheme(\"INTERNAL_MANAGED\")\n .backends(RegionBackendServiceBackendArgs.builder()\n .group(rigm.instanceGroup())\n .balancingMode(\"UTILIZATION\")\n .capacityScaler(1)\n .build())\n .region(\"us-central1\")\n .name(\"region-service\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .healthChecks(defaultRegionHealthCheck.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionBackendService\n properties:\n loadBalancingScheme: INTERNAL_MANAGED\n backends:\n - group: ${rigm.instanceGroup}\n balancingMode: UTILIZATION\n capacityScaler: 1\n region: us-central1\n name: region-service\n protocol: HTTP\n timeoutSec: 10\n healthChecks: ${defaultRegionHealthCheck.id}\n rigm:\n type: gcp:compute:RegionInstanceGroupManager\n properties:\n region: us-central1\n name: rbs-rigm\n versions:\n - instanceTemplate: ${instanceTemplate.id}\n name: primary\n baseInstanceName: internal-glb\n targetSize: 1\n instanceTemplate:\n type: gcp:compute:InstanceTemplate\n name: instance_template\n properties:\n name: template-region-service\n machineType: e2-medium\n networkInterfaces:\n - network: ${defaultNetwork.id}\n subnetwork: ${defaultSubnetwork.id}\n disks:\n - sourceImage: ${debianImage.selfLink}\n autoDelete: true\n boot: true\n tags:\n - allow-ssh\n - load-balanced-backend\n defaultRegionHealthCheck:\n type: gcp:compute:RegionHealthCheck\n name: default\n properties:\n region: us-central1\n name: rbs-health-check\n httpHealthCheck:\n portSpecification: USE_SERVING_PORT\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: rbs-net\n autoCreateSubnetworks: false\n routingMode: REGIONAL\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: rbs-net-default\n ipCidrRange: 10.1.2.0/24\n region: us-central1\n network: ${defaultNetwork.id}\nvariables:\n debianImage:\n fn::invoke:\n function: gcp:compute:getImage\n arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Backend Service Connection Tracking\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst healthCheck = new gcp.compute.RegionHealthCheck(\"health_check\", {\n name: \"rbs-health-check\",\n region: \"us-central1\",\n tcpHealthCheck: {\n port: 22,\n },\n});\nconst _default = new gcp.compute.RegionBackendService(\"default\", {\n name: \"region-service\",\n region: \"us-central1\",\n healthChecks: healthCheck.id,\n connectionDrainingTimeoutSec: 10,\n sessionAffinity: \"CLIENT_IP\",\n protocol: \"TCP\",\n loadBalancingScheme: \"EXTERNAL\",\n connectionTrackingPolicy: {\n trackingMode: \"PER_SESSION\",\n connectionPersistenceOnUnhealthyBackends: \"NEVER_PERSIST\",\n idleTimeoutSec: 60,\n enableStrongAffinity: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhealth_check = gcp.compute.RegionHealthCheck(\"health_check\",\n name=\"rbs-health-check\",\n region=\"us-central1\",\n tcp_health_check={\n \"port\": 22,\n })\ndefault = gcp.compute.RegionBackendService(\"default\",\n name=\"region-service\",\n region=\"us-central1\",\n health_checks=health_check.id,\n connection_draining_timeout_sec=10,\n session_affinity=\"CLIENT_IP\",\n protocol=\"TCP\",\n load_balancing_scheme=\"EXTERNAL\",\n connection_tracking_policy={\n \"tracking_mode\": \"PER_SESSION\",\n \"connection_persistence_on_unhealthy_backends\": \"NEVER_PERSIST\",\n \"idle_timeout_sec\": 60,\n \"enable_strong_affinity\": True,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var healthCheck = new Gcp.Compute.RegionHealthCheck(\"health_check\", new()\n {\n Name = \"rbs-health-check\",\n Region = \"us-central1\",\n TcpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckTcpHealthCheckArgs\n {\n Port = 22,\n },\n });\n\n var @default = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n Name = \"region-service\",\n Region = \"us-central1\",\n HealthChecks = healthCheck.Id,\n ConnectionDrainingTimeoutSec = 10,\n SessionAffinity = \"CLIENT_IP\",\n Protocol = \"TCP\",\n LoadBalancingScheme = \"EXTERNAL\",\n ConnectionTrackingPolicy = new Gcp.Compute.Inputs.RegionBackendServiceConnectionTrackingPolicyArgs\n {\n TrackingMode = \"PER_SESSION\",\n ConnectionPersistenceOnUnhealthyBackends = \"NEVER_PERSIST\",\n IdleTimeoutSec = 60,\n EnableStrongAffinity = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\thealthCheck, err := compute.NewRegionHealthCheck(ctx, \"health_check\", \u0026compute.RegionHealthCheckArgs{\n\t\t\tName: pulumi.String(\"rbs-health-check\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tTcpHealthCheck: \u0026compute.RegionHealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(22),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"region-service\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHealthChecks: healthCheck.ID(),\n\t\t\tConnectionDrainingTimeoutSec: pulumi.Int(10),\n\t\t\tSessionAffinity: pulumi.String(\"CLIENT_IP\"),\n\t\t\tProtocol: pulumi.String(\"TCP\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL\"),\n\t\t\tConnectionTrackingPolicy: \u0026compute.RegionBackendServiceConnectionTrackingPolicyArgs{\n\t\t\t\tTrackingMode: pulumi.String(\"PER_SESSION\"),\n\t\t\t\tConnectionPersistenceOnUnhealthyBackends: pulumi.String(\"NEVER_PERSIST\"),\n\t\t\t\tIdleTimeoutSec: pulumi.Int(60),\n\t\t\t\tEnableStrongAffinity: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionHealthCheck;\nimport com.pulumi.gcp.compute.RegionHealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.RegionHealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.inputs.RegionBackendServiceConnectionTrackingPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var healthCheck = new RegionHealthCheck(\"healthCheck\", RegionHealthCheckArgs.builder()\n .name(\"rbs-health-check\")\n .region(\"us-central1\")\n .tcpHealthCheck(RegionHealthCheckTcpHealthCheckArgs.builder()\n .port(22)\n .build())\n .build());\n\n var default_ = new RegionBackendService(\"default\", RegionBackendServiceArgs.builder()\n .name(\"region-service\")\n .region(\"us-central1\")\n .healthChecks(healthCheck.id())\n .connectionDrainingTimeoutSec(10)\n .sessionAffinity(\"CLIENT_IP\")\n .protocol(\"TCP\")\n .loadBalancingScheme(\"EXTERNAL\")\n .connectionTrackingPolicy(RegionBackendServiceConnectionTrackingPolicyArgs.builder()\n .trackingMode(\"PER_SESSION\")\n .connectionPersistenceOnUnhealthyBackends(\"NEVER_PERSIST\")\n .idleTimeoutSec(60)\n .enableStrongAffinity(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionBackendService\n properties:\n name: region-service\n region: us-central1\n healthChecks: ${healthCheck.id}\n connectionDrainingTimeoutSec: 10\n sessionAffinity: CLIENT_IP\n protocol: TCP\n loadBalancingScheme: EXTERNAL\n connectionTrackingPolicy:\n trackingMode: PER_SESSION\n connectionPersistenceOnUnhealthyBackends: NEVER_PERSIST\n idleTimeoutSec: 60\n enableStrongAffinity: true\n healthCheck:\n type: gcp:compute:RegionHealthCheck\n name: health_check\n properties:\n name: rbs-health-check\n region: us-central1\n tcpHealthCheck:\n port: 22\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Backend Service Ip Address Selection Policy\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst healthCheck = new gcp.compute.RegionHealthCheck(\"health_check\", {\n name: \"rbs-health-check\",\n region: \"us-central1\",\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst _default = new gcp.compute.RegionBackendService(\"default\", {\n name: \"region-service\",\n region: \"us-central1\",\n healthChecks: healthCheck.id,\n loadBalancingScheme: \"EXTERNAL_MANAGED\",\n protocol: \"HTTP\",\n ipAddressSelectionPolicy: \"IPV6_ONLY\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhealth_check = gcp.compute.RegionHealthCheck(\"health_check\",\n name=\"rbs-health-check\",\n region=\"us-central1\",\n tcp_health_check={\n \"port\": 80,\n })\ndefault = gcp.compute.RegionBackendService(\"default\",\n name=\"region-service\",\n region=\"us-central1\",\n health_checks=health_check.id,\n load_balancing_scheme=\"EXTERNAL_MANAGED\",\n protocol=\"HTTP\",\n ip_address_selection_policy=\"IPV6_ONLY\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var healthCheck = new Gcp.Compute.RegionHealthCheck(\"health_check\", new()\n {\n Name = \"rbs-health-check\",\n Region = \"us-central1\",\n TcpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var @default = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n Name = \"region-service\",\n Region = \"us-central1\",\n HealthChecks = healthCheck.Id,\n LoadBalancingScheme = \"EXTERNAL_MANAGED\",\n Protocol = \"HTTP\",\n IpAddressSelectionPolicy = \"IPV6_ONLY\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\thealthCheck, err := compute.NewRegionHealthCheck(ctx, \"health_check\", \u0026compute.RegionHealthCheckArgs{\n\t\t\tName: pulumi.String(\"rbs-health-check\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tTcpHealthCheck: \u0026compute.RegionHealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"region-service\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHealthChecks: healthCheck.ID(),\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL_MANAGED\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tIpAddressSelectionPolicy: pulumi.String(\"IPV6_ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionHealthCheck;\nimport com.pulumi.gcp.compute.RegionHealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.RegionHealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var healthCheck = new RegionHealthCheck(\"healthCheck\", RegionHealthCheckArgs.builder()\n .name(\"rbs-health-check\")\n .region(\"us-central1\")\n .tcpHealthCheck(RegionHealthCheckTcpHealthCheckArgs.builder()\n .port(80)\n .build())\n .build());\n\n var default_ = new RegionBackendService(\"default\", RegionBackendServiceArgs.builder()\n .name(\"region-service\")\n .region(\"us-central1\")\n .healthChecks(healthCheck.id())\n .loadBalancingScheme(\"EXTERNAL_MANAGED\")\n .protocol(\"HTTP\")\n .ipAddressSelectionPolicy(\"IPV6_ONLY\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionBackendService\n properties:\n name: region-service\n region: us-central1\n healthChecks: ${healthCheck.id}\n loadBalancingScheme: EXTERNAL_MANAGED\n protocol: HTTP\n ipAddressSelectionPolicy: IPV6_ONLY\n healthCheck:\n type: gcp:compute:RegionHealthCheck\n name: health_check\n properties:\n name: rbs-health-check\n region: us-central1\n tcpHealthCheck:\n port: 80\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRegionBackendService can be imported using any of these accepted formats:\n\n* `projects/{{project}}/regions/{{region}}/backendServices/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, RegionBackendService can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/regionBackendService:RegionBackendService default projects/{{project}}/regions/{{region}}/backendServices/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionBackendService:RegionBackendService default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionBackendService:RegionBackendService default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionBackendService:RegionBackendService default {{name}}\n```\n\n", "properties": { "affinityCookieTtlSec": { "type": "integer", @@ -174976,7 +174976,7 @@ } }, "gcp:compute/regionDiskIamBinding:RegionDiskIamBinding": { - "description": "Three different resources help you manage your IAM policy for Compute Engine RegionDisk. Each of these resources serves a different use case:\n\n* `gcp.compute.RegionDiskIamPolicy`: Authoritative. Sets the IAM policy for the regiondisk and replaces any existing policy already attached.\n* `gcp.compute.RegionDiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the regiondisk are preserved.\n* `gcp.compute.RegionDiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the regiondisk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.RegionDiskIamPolicy`: Retrieves the IAM policy for the regiondisk\n\n\u003e **Note:** `gcp.compute.RegionDiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.RegionDiskIamBinding` and `gcp.compute.RegionDiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.RegionDiskIamBinding` resources **can be** used in conjunction with `gcp.compute.RegionDiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.RegionDiskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.RegionDiskIamPolicy(\"policy\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.RegionDiskIamPolicy(\"policy\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.RegionDiskIamPolicy(\"policy\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionDiskIamPolicy(ctx, \"policy\", \u0026compute.RegionDiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.RegionDiskIamPolicy;\nimport com.pulumi.gcp.compute.RegionDiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RegionDiskIamPolicy(\"policy\", RegionDiskIamPolicyArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:RegionDiskIamPolicy\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.RegionDiskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.RegionDiskIamBinding(\"binding\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.RegionDiskIamBinding(\"binding\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.RegionDiskIamBinding(\"binding\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionDiskIamBinding(ctx, \"binding\", \u0026compute.RegionDiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionDiskIamBinding;\nimport com.pulumi.gcp.compute.RegionDiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionDiskIamBinding(\"binding\", RegionDiskIamBindingArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:RegionDiskIamBinding\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.RegionDiskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.RegionDiskIamMember(\"member\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.RegionDiskIamMember(\"member\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.RegionDiskIamMember(\"member\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionDiskIamMember(ctx, \"member\", \u0026compute.RegionDiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionDiskIamMember;\nimport com.pulumi.gcp.compute.RegionDiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionDiskIamMember(\"member\", RegionDiskIamMemberArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:RegionDiskIamMember\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine RegionDisk\nThree different resources help you manage your IAM policy for Compute Engine RegionDisk. Each of these resources serves a different use case:\n\n* `gcp.compute.RegionDiskIamPolicy`: Authoritative. Sets the IAM policy for the regiondisk and replaces any existing policy already attached.\n* `gcp.compute.RegionDiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the regiondisk are preserved.\n* `gcp.compute.RegionDiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the regiondisk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.RegionDiskIamPolicy`: Retrieves the IAM policy for the regiondisk\n\n\u003e **Note:** `gcp.compute.RegionDiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.RegionDiskIamBinding` and `gcp.compute.RegionDiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.RegionDiskIamBinding` resources **can be** used in conjunction with `gcp.compute.RegionDiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.RegionDiskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.RegionDiskIamPolicy(\"policy\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.RegionDiskIamPolicy(\"policy\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.RegionDiskIamPolicy(\"policy\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionDiskIamPolicy(ctx, \"policy\", \u0026compute.RegionDiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.RegionDiskIamPolicy;\nimport com.pulumi.gcp.compute.RegionDiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RegionDiskIamPolicy(\"policy\", RegionDiskIamPolicyArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:RegionDiskIamPolicy\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.RegionDiskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.RegionDiskIamBinding(\"binding\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.RegionDiskIamBinding(\"binding\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.RegionDiskIamBinding(\"binding\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionDiskIamBinding(ctx, \"binding\", \u0026compute.RegionDiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionDiskIamBinding;\nimport com.pulumi.gcp.compute.RegionDiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionDiskIamBinding(\"binding\", RegionDiskIamBindingArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:RegionDiskIamBinding\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.RegionDiskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.RegionDiskIamMember(\"member\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.RegionDiskIamMember(\"member\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.RegionDiskIamMember(\"member\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionDiskIamMember(ctx, \"member\", \u0026compute.RegionDiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionDiskIamMember;\nimport com.pulumi.gcp.compute.RegionDiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionDiskIamMember(\"member\", RegionDiskIamMemberArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:RegionDiskIamMember\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/regions/{{region}}/disks/{{name}}\n\n* {{project}}/{{region}}/{{name}}\n\n* {{region}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine regiondisk IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamBinding:RegionDiskIamBinding editor \"projects/{{project}}/regions/{{region}}/disks/{{region_disk}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamBinding:RegionDiskIamBinding editor \"projects/{{project}}/regions/{{region}}/disks/{{region_disk}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamBinding:RegionDiskIamBinding editor projects/{{project}}/regions/{{region}}/disks/{{region_disk}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine RegionDisk. Each of these resources serves a different use case:\n\n* `gcp.compute.RegionDiskIamPolicy`: Authoritative. Sets the IAM policy for the regiondisk and replaces any existing policy already attached.\n* `gcp.compute.RegionDiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the regiondisk are preserved.\n* `gcp.compute.RegionDiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the regiondisk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.RegionDiskIamPolicy`: Retrieves the IAM policy for the regiondisk\n\n\u003e **Note:** `gcp.compute.RegionDiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.RegionDiskIamBinding` and `gcp.compute.RegionDiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.RegionDiskIamBinding` resources **can be** used in conjunction with `gcp.compute.RegionDiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.RegionDiskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.RegionDiskIamPolicy(\"policy\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.RegionDiskIamPolicy(\"policy\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.RegionDiskIamPolicy(\"policy\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionDiskIamPolicy(ctx, \"policy\", \u0026compute.RegionDiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.RegionDiskIamPolicy;\nimport com.pulumi.gcp.compute.RegionDiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RegionDiskIamPolicy(\"policy\", RegionDiskIamPolicyArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:RegionDiskIamPolicy\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.RegionDiskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.RegionDiskIamBinding(\"binding\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.RegionDiskIamBinding(\"binding\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.RegionDiskIamBinding(\"binding\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionDiskIamBinding(ctx, \"binding\", \u0026compute.RegionDiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionDiskIamBinding;\nimport com.pulumi.gcp.compute.RegionDiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionDiskIamBinding(\"binding\", RegionDiskIamBindingArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:RegionDiskIamBinding\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.RegionDiskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.RegionDiskIamMember(\"member\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.RegionDiskIamMember(\"member\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.RegionDiskIamMember(\"member\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionDiskIamMember(ctx, \"member\", \u0026compute.RegionDiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionDiskIamMember;\nimport com.pulumi.gcp.compute.RegionDiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionDiskIamMember(\"member\", RegionDiskIamMemberArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:RegionDiskIamMember\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine RegionDisk\nThree different resources help you manage your IAM policy for Compute Engine RegionDisk. Each of these resources serves a different use case:\n\n* `gcp.compute.RegionDiskIamPolicy`: Authoritative. Sets the IAM policy for the regiondisk and replaces any existing policy already attached.\n* `gcp.compute.RegionDiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the regiondisk are preserved.\n* `gcp.compute.RegionDiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the regiondisk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.RegionDiskIamPolicy`: Retrieves the IAM policy for the regiondisk\n\n\u003e **Note:** `gcp.compute.RegionDiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.RegionDiskIamBinding` and `gcp.compute.RegionDiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.RegionDiskIamBinding` resources **can be** used in conjunction with `gcp.compute.RegionDiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.RegionDiskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.RegionDiskIamPolicy(\"policy\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.RegionDiskIamPolicy(\"policy\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.RegionDiskIamPolicy(\"policy\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionDiskIamPolicy(ctx, \"policy\", \u0026compute.RegionDiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.RegionDiskIamPolicy;\nimport com.pulumi.gcp.compute.RegionDiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RegionDiskIamPolicy(\"policy\", RegionDiskIamPolicyArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:RegionDiskIamPolicy\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.RegionDiskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.RegionDiskIamBinding(\"binding\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.RegionDiskIamBinding(\"binding\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.RegionDiskIamBinding(\"binding\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionDiskIamBinding(ctx, \"binding\", \u0026compute.RegionDiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionDiskIamBinding;\nimport com.pulumi.gcp.compute.RegionDiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionDiskIamBinding(\"binding\", RegionDiskIamBindingArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:RegionDiskIamBinding\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.RegionDiskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.RegionDiskIamMember(\"member\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.RegionDiskIamMember(\"member\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.RegionDiskIamMember(\"member\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionDiskIamMember(ctx, \"member\", \u0026compute.RegionDiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionDiskIamMember;\nimport com.pulumi.gcp.compute.RegionDiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionDiskIamMember(\"member\", RegionDiskIamMemberArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:RegionDiskIamMember\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/regions/{{region}}/disks/{{name}}\n\n* {{project}}/{{region}}/{{name}}\n\n* {{region}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine regiondisk IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamBinding:RegionDiskIamBinding editor \"projects/{{project}}/regions/{{region}}/disks/{{region_disk}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamBinding:RegionDiskIamBinding editor \"projects/{{project}}/regions/{{region}}/disks/{{region_disk}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamBinding:RegionDiskIamBinding editor projects/{{project}}/regions/{{region}}/disks/{{region_disk}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:compute/RegionDiskIamBindingCondition:RegionDiskIamBindingCondition" @@ -175097,7 +175097,7 @@ } }, "gcp:compute/regionDiskIamMember:RegionDiskIamMember": { - "description": "Three different resources help you manage your IAM policy for Compute Engine RegionDisk. Each of these resources serves a different use case:\n\n* `gcp.compute.RegionDiskIamPolicy`: Authoritative. Sets the IAM policy for the regiondisk and replaces any existing policy already attached.\n* `gcp.compute.RegionDiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the regiondisk are preserved.\n* `gcp.compute.RegionDiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the regiondisk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.RegionDiskIamPolicy`: Retrieves the IAM policy for the regiondisk\n\n\u003e **Note:** `gcp.compute.RegionDiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.RegionDiskIamBinding` and `gcp.compute.RegionDiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.RegionDiskIamBinding` resources **can be** used in conjunction with `gcp.compute.RegionDiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.RegionDiskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.RegionDiskIamPolicy(\"policy\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.RegionDiskIamPolicy(\"policy\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.RegionDiskIamPolicy(\"policy\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionDiskIamPolicy(ctx, \"policy\", \u0026compute.RegionDiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.RegionDiskIamPolicy;\nimport com.pulumi.gcp.compute.RegionDiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RegionDiskIamPolicy(\"policy\", RegionDiskIamPolicyArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:RegionDiskIamPolicy\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.RegionDiskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.RegionDiskIamBinding(\"binding\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.RegionDiskIamBinding(\"binding\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.RegionDiskIamBinding(\"binding\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionDiskIamBinding(ctx, \"binding\", \u0026compute.RegionDiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionDiskIamBinding;\nimport com.pulumi.gcp.compute.RegionDiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionDiskIamBinding(\"binding\", RegionDiskIamBindingArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:RegionDiskIamBinding\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.RegionDiskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.RegionDiskIamMember(\"member\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.RegionDiskIamMember(\"member\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.RegionDiskIamMember(\"member\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionDiskIamMember(ctx, \"member\", \u0026compute.RegionDiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionDiskIamMember;\nimport com.pulumi.gcp.compute.RegionDiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionDiskIamMember(\"member\", RegionDiskIamMemberArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:RegionDiskIamMember\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine RegionDisk\nThree different resources help you manage your IAM policy for Compute Engine RegionDisk. Each of these resources serves a different use case:\n\n* `gcp.compute.RegionDiskIamPolicy`: Authoritative. Sets the IAM policy for the regiondisk and replaces any existing policy already attached.\n* `gcp.compute.RegionDiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the regiondisk are preserved.\n* `gcp.compute.RegionDiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the regiondisk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.RegionDiskIamPolicy`: Retrieves the IAM policy for the regiondisk\n\n\u003e **Note:** `gcp.compute.RegionDiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.RegionDiskIamBinding` and `gcp.compute.RegionDiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.RegionDiskIamBinding` resources **can be** used in conjunction with `gcp.compute.RegionDiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.RegionDiskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.RegionDiskIamPolicy(\"policy\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.RegionDiskIamPolicy(\"policy\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.RegionDiskIamPolicy(\"policy\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionDiskIamPolicy(ctx, \"policy\", \u0026compute.RegionDiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.RegionDiskIamPolicy;\nimport com.pulumi.gcp.compute.RegionDiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RegionDiskIamPolicy(\"policy\", RegionDiskIamPolicyArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:RegionDiskIamPolicy\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.RegionDiskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.RegionDiskIamBinding(\"binding\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.RegionDiskIamBinding(\"binding\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.RegionDiskIamBinding(\"binding\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionDiskIamBinding(ctx, \"binding\", \u0026compute.RegionDiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionDiskIamBinding;\nimport com.pulumi.gcp.compute.RegionDiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionDiskIamBinding(\"binding\", RegionDiskIamBindingArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:RegionDiskIamBinding\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.RegionDiskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.RegionDiskIamMember(\"member\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.RegionDiskIamMember(\"member\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.RegionDiskIamMember(\"member\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionDiskIamMember(ctx, \"member\", \u0026compute.RegionDiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionDiskIamMember;\nimport com.pulumi.gcp.compute.RegionDiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionDiskIamMember(\"member\", RegionDiskIamMemberArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:RegionDiskIamMember\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/regions/{{region}}/disks/{{name}}\n\n* {{project}}/{{region}}/{{name}}\n\n* {{region}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine regiondisk IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamMember:RegionDiskIamMember editor \"projects/{{project}}/regions/{{region}}/disks/{{region_disk}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamMember:RegionDiskIamMember editor \"projects/{{project}}/regions/{{region}}/disks/{{region_disk}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamMember:RegionDiskIamMember editor projects/{{project}}/regions/{{region}}/disks/{{region_disk}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine RegionDisk. Each of these resources serves a different use case:\n\n* `gcp.compute.RegionDiskIamPolicy`: Authoritative. Sets the IAM policy for the regiondisk and replaces any existing policy already attached.\n* `gcp.compute.RegionDiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the regiondisk are preserved.\n* `gcp.compute.RegionDiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the regiondisk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.RegionDiskIamPolicy`: Retrieves the IAM policy for the regiondisk\n\n\u003e **Note:** `gcp.compute.RegionDiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.RegionDiskIamBinding` and `gcp.compute.RegionDiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.RegionDiskIamBinding` resources **can be** used in conjunction with `gcp.compute.RegionDiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.RegionDiskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.RegionDiskIamPolicy(\"policy\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.RegionDiskIamPolicy(\"policy\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.RegionDiskIamPolicy(\"policy\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionDiskIamPolicy(ctx, \"policy\", \u0026compute.RegionDiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.RegionDiskIamPolicy;\nimport com.pulumi.gcp.compute.RegionDiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RegionDiskIamPolicy(\"policy\", RegionDiskIamPolicyArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:RegionDiskIamPolicy\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.RegionDiskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.RegionDiskIamBinding(\"binding\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.RegionDiskIamBinding(\"binding\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.RegionDiskIamBinding(\"binding\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionDiskIamBinding(ctx, \"binding\", \u0026compute.RegionDiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionDiskIamBinding;\nimport com.pulumi.gcp.compute.RegionDiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionDiskIamBinding(\"binding\", RegionDiskIamBindingArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:RegionDiskIamBinding\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.RegionDiskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.RegionDiskIamMember(\"member\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.RegionDiskIamMember(\"member\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.RegionDiskIamMember(\"member\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionDiskIamMember(ctx, \"member\", \u0026compute.RegionDiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionDiskIamMember;\nimport com.pulumi.gcp.compute.RegionDiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionDiskIamMember(\"member\", RegionDiskIamMemberArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:RegionDiskIamMember\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine RegionDisk\nThree different resources help you manage your IAM policy for Compute Engine RegionDisk. Each of these resources serves a different use case:\n\n* `gcp.compute.RegionDiskIamPolicy`: Authoritative. Sets the IAM policy for the regiondisk and replaces any existing policy already attached.\n* `gcp.compute.RegionDiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the regiondisk are preserved.\n* `gcp.compute.RegionDiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the regiondisk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.RegionDiskIamPolicy`: Retrieves the IAM policy for the regiondisk\n\n\u003e **Note:** `gcp.compute.RegionDiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.RegionDiskIamBinding` and `gcp.compute.RegionDiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.RegionDiskIamBinding` resources **can be** used in conjunction with `gcp.compute.RegionDiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.RegionDiskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.RegionDiskIamPolicy(\"policy\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.RegionDiskIamPolicy(\"policy\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.RegionDiskIamPolicy(\"policy\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionDiskIamPolicy(ctx, \"policy\", \u0026compute.RegionDiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.RegionDiskIamPolicy;\nimport com.pulumi.gcp.compute.RegionDiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RegionDiskIamPolicy(\"policy\", RegionDiskIamPolicyArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:RegionDiskIamPolicy\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.RegionDiskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.RegionDiskIamBinding(\"binding\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.RegionDiskIamBinding(\"binding\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.RegionDiskIamBinding(\"binding\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionDiskIamBinding(ctx, \"binding\", \u0026compute.RegionDiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionDiskIamBinding;\nimport com.pulumi.gcp.compute.RegionDiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionDiskIamBinding(\"binding\", RegionDiskIamBindingArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:RegionDiskIamBinding\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.RegionDiskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.RegionDiskIamMember(\"member\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.RegionDiskIamMember(\"member\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.RegionDiskIamMember(\"member\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionDiskIamMember(ctx, \"member\", \u0026compute.RegionDiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionDiskIamMember;\nimport com.pulumi.gcp.compute.RegionDiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionDiskIamMember(\"member\", RegionDiskIamMemberArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:RegionDiskIamMember\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/regions/{{region}}/disks/{{name}}\n\n* {{project}}/{{region}}/{{name}}\n\n* {{region}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine regiondisk IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamMember:RegionDiskIamMember editor \"projects/{{project}}/regions/{{region}}/disks/{{region_disk}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamMember:RegionDiskIamMember editor \"projects/{{project}}/regions/{{region}}/disks/{{region_disk}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamMember:RegionDiskIamMember editor projects/{{project}}/regions/{{region}}/disks/{{region_disk}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:compute/RegionDiskIamMemberCondition:RegionDiskIamMemberCondition" @@ -175211,7 +175211,7 @@ } }, "gcp:compute/regionDiskIamPolicy:RegionDiskIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Compute Engine RegionDisk. Each of these resources serves a different use case:\n\n* `gcp.compute.RegionDiskIamPolicy`: Authoritative. Sets the IAM policy for the regiondisk and replaces any existing policy already attached.\n* `gcp.compute.RegionDiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the regiondisk are preserved.\n* `gcp.compute.RegionDiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the regiondisk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.RegionDiskIamPolicy`: Retrieves the IAM policy for the regiondisk\n\n\u003e **Note:** `gcp.compute.RegionDiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.RegionDiskIamBinding` and `gcp.compute.RegionDiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.RegionDiskIamBinding` resources **can be** used in conjunction with `gcp.compute.RegionDiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.RegionDiskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.RegionDiskIamPolicy(\"policy\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.RegionDiskIamPolicy(\"policy\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.RegionDiskIamPolicy(\"policy\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionDiskIamPolicy(ctx, \"policy\", \u0026compute.RegionDiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.RegionDiskIamPolicy;\nimport com.pulumi.gcp.compute.RegionDiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RegionDiskIamPolicy(\"policy\", RegionDiskIamPolicyArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:RegionDiskIamPolicy\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.RegionDiskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.RegionDiskIamBinding(\"binding\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.RegionDiskIamBinding(\"binding\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.RegionDiskIamBinding(\"binding\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionDiskIamBinding(ctx, \"binding\", \u0026compute.RegionDiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionDiskIamBinding;\nimport com.pulumi.gcp.compute.RegionDiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionDiskIamBinding(\"binding\", RegionDiskIamBindingArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:RegionDiskIamBinding\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.RegionDiskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.RegionDiskIamMember(\"member\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.RegionDiskIamMember(\"member\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.RegionDiskIamMember(\"member\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionDiskIamMember(ctx, \"member\", \u0026compute.RegionDiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionDiskIamMember;\nimport com.pulumi.gcp.compute.RegionDiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionDiskIamMember(\"member\", RegionDiskIamMemberArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:RegionDiskIamMember\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine RegionDisk\nThree different resources help you manage your IAM policy for Compute Engine RegionDisk. Each of these resources serves a different use case:\n\n* `gcp.compute.RegionDiskIamPolicy`: Authoritative. Sets the IAM policy for the regiondisk and replaces any existing policy already attached.\n* `gcp.compute.RegionDiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the regiondisk are preserved.\n* `gcp.compute.RegionDiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the regiondisk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.RegionDiskIamPolicy`: Retrieves the IAM policy for the regiondisk\n\n\u003e **Note:** `gcp.compute.RegionDiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.RegionDiskIamBinding` and `gcp.compute.RegionDiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.RegionDiskIamBinding` resources **can be** used in conjunction with `gcp.compute.RegionDiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.RegionDiskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.RegionDiskIamPolicy(\"policy\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.RegionDiskIamPolicy(\"policy\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.RegionDiskIamPolicy(\"policy\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionDiskIamPolicy(ctx, \"policy\", \u0026compute.RegionDiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.RegionDiskIamPolicy;\nimport com.pulumi.gcp.compute.RegionDiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RegionDiskIamPolicy(\"policy\", RegionDiskIamPolicyArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:RegionDiskIamPolicy\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.RegionDiskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.RegionDiskIamBinding(\"binding\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.RegionDiskIamBinding(\"binding\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.RegionDiskIamBinding(\"binding\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionDiskIamBinding(ctx, \"binding\", \u0026compute.RegionDiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionDiskIamBinding;\nimport com.pulumi.gcp.compute.RegionDiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionDiskIamBinding(\"binding\", RegionDiskIamBindingArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:RegionDiskIamBinding\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.RegionDiskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.RegionDiskIamMember(\"member\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.RegionDiskIamMember(\"member\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.RegionDiskIamMember(\"member\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionDiskIamMember(ctx, \"member\", \u0026compute.RegionDiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionDiskIamMember;\nimport com.pulumi.gcp.compute.RegionDiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionDiskIamMember(\"member\", RegionDiskIamMemberArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:RegionDiskIamMember\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/regions/{{region}}/disks/{{name}}\n\n* {{project}}/{{region}}/{{name}}\n\n* {{region}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine regiondisk IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamPolicy:RegionDiskIamPolicy editor \"projects/{{project}}/regions/{{region}}/disks/{{region_disk}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamPolicy:RegionDiskIamPolicy editor \"projects/{{project}}/regions/{{region}}/disks/{{region_disk}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamPolicy:RegionDiskIamPolicy editor projects/{{project}}/regions/{{region}}/disks/{{region_disk}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine RegionDisk. Each of these resources serves a different use case:\n\n* `gcp.compute.RegionDiskIamPolicy`: Authoritative. Sets the IAM policy for the regiondisk and replaces any existing policy already attached.\n* `gcp.compute.RegionDiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the regiondisk are preserved.\n* `gcp.compute.RegionDiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the regiondisk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.RegionDiskIamPolicy`: Retrieves the IAM policy for the regiondisk\n\n\u003e **Note:** `gcp.compute.RegionDiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.RegionDiskIamBinding` and `gcp.compute.RegionDiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.RegionDiskIamBinding` resources **can be** used in conjunction with `gcp.compute.RegionDiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.RegionDiskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.RegionDiskIamPolicy(\"policy\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.RegionDiskIamPolicy(\"policy\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.RegionDiskIamPolicy(\"policy\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionDiskIamPolicy(ctx, \"policy\", \u0026compute.RegionDiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.RegionDiskIamPolicy;\nimport com.pulumi.gcp.compute.RegionDiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RegionDiskIamPolicy(\"policy\", RegionDiskIamPolicyArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:RegionDiskIamPolicy\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.RegionDiskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.RegionDiskIamBinding(\"binding\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.RegionDiskIamBinding(\"binding\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.RegionDiskIamBinding(\"binding\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionDiskIamBinding(ctx, \"binding\", \u0026compute.RegionDiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionDiskIamBinding;\nimport com.pulumi.gcp.compute.RegionDiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionDiskIamBinding(\"binding\", RegionDiskIamBindingArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:RegionDiskIamBinding\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.RegionDiskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.RegionDiskIamMember(\"member\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.RegionDiskIamMember(\"member\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.RegionDiskIamMember(\"member\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionDiskIamMember(ctx, \"member\", \u0026compute.RegionDiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionDiskIamMember;\nimport com.pulumi.gcp.compute.RegionDiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionDiskIamMember(\"member\", RegionDiskIamMemberArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:RegionDiskIamMember\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine RegionDisk\nThree different resources help you manage your IAM policy for Compute Engine RegionDisk. Each of these resources serves a different use case:\n\n* `gcp.compute.RegionDiskIamPolicy`: Authoritative. Sets the IAM policy for the regiondisk and replaces any existing policy already attached.\n* `gcp.compute.RegionDiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the regiondisk are preserved.\n* `gcp.compute.RegionDiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the regiondisk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.RegionDiskIamPolicy`: Retrieves the IAM policy for the regiondisk\n\n\u003e **Note:** `gcp.compute.RegionDiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.RegionDiskIamBinding` and `gcp.compute.RegionDiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.RegionDiskIamBinding` resources **can be** used in conjunction with `gcp.compute.RegionDiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.RegionDiskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.RegionDiskIamPolicy(\"policy\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.RegionDiskIamPolicy(\"policy\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.RegionDiskIamPolicy(\"policy\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionDiskIamPolicy(ctx, \"policy\", \u0026compute.RegionDiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.RegionDiskIamPolicy;\nimport com.pulumi.gcp.compute.RegionDiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RegionDiskIamPolicy(\"policy\", RegionDiskIamPolicyArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:RegionDiskIamPolicy\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.RegionDiskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.RegionDiskIamBinding(\"binding\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.RegionDiskIamBinding(\"binding\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.RegionDiskIamBinding(\"binding\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionDiskIamBinding(ctx, \"binding\", \u0026compute.RegionDiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionDiskIamBinding;\nimport com.pulumi.gcp.compute.RegionDiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionDiskIamBinding(\"binding\", RegionDiskIamBindingArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:RegionDiskIamBinding\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.RegionDiskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.RegionDiskIamMember(\"member\", {\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.RegionDiskIamMember(\"member\",\n project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.RegionDiskIamMember(\"member\", new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionDiskIamMember(ctx, \"member\", \u0026compute.RegionDiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(regiondisk.Project),\n\t\t\tRegion: pulumi.Any(regiondisk.Region),\n\t\t\tName: pulumi.Any(regiondisk.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionDiskIamMember;\nimport com.pulumi.gcp.compute.RegionDiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionDiskIamMember(\"member\", RegionDiskIamMemberArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:RegionDiskIamMember\n properties:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/regions/{{region}}/disks/{{name}}\n\n* {{project}}/{{region}}/{{name}}\n\n* {{region}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine regiondisk IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamPolicy:RegionDiskIamPolicy editor \"projects/{{project}}/regions/{{region}}/disks/{{region_disk}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamPolicy:RegionDiskIamPolicy editor \"projects/{{project}}/regions/{{region}}/disks/{{region_disk}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamPolicy:RegionDiskIamPolicy editor projects/{{project}}/regions/{{region}}/disks/{{region_disk}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -175296,7 +175296,7 @@ } }, "gcp:compute/regionDiskResourcePolicyAttachment:RegionDiskResourcePolicyAttachment": { - "description": "Adds existing resource policies to a disk. You can only add one policy\nwhich will be applied to this disk for scheduling snapshot creation.\n\n\u003e **Note:** This resource does not support zonal disks (`gcp.compute.Disk`). For zonal disks, please refer to the `gcp.compute.DiskResourcePolicyAttachment` resource.\n\n\n\n\n## Example Usage\n\n### Region Disk Resource Policy Attachment Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst disk = new gcp.compute.Disk(\"disk\", {\n name: \"my-base-disk\",\n image: \"debian-cloud/debian-11\",\n size: 50,\n type: \"pd-ssd\",\n zone: \"us-central1-a\",\n});\nconst snapdisk = new gcp.compute.Snapshot(\"snapdisk\", {\n name: \"my-snapshot\",\n sourceDisk: disk.name,\n zone: \"us-central1-a\",\n});\nconst ssd = new gcp.compute.RegionDisk(\"ssd\", {\n name: \"my-disk\",\n replicaZones: [\n \"us-central1-a\",\n \"us-central1-f\",\n ],\n snapshot: snapdisk.id,\n size: 50,\n type: \"pd-ssd\",\n region: \"us-central1\",\n});\nconst policy = new gcp.compute.ResourcePolicy(\"policy\", {\n name: \"my-resource-policy\",\n region: \"us-central1\",\n snapshotSchedulePolicy: {\n schedule: {\n dailySchedule: {\n daysInCycle: 1,\n startTime: \"04:00\",\n },\n },\n },\n});\nconst attachment = new gcp.compute.RegionDiskResourcePolicyAttachment(\"attachment\", {\n name: policy.name,\n disk: ssd.name,\n region: \"us-central1\",\n});\nconst myImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndisk = gcp.compute.Disk(\"disk\",\n name=\"my-base-disk\",\n image=\"debian-cloud/debian-11\",\n size=50,\n type=\"pd-ssd\",\n zone=\"us-central1-a\")\nsnapdisk = gcp.compute.Snapshot(\"snapdisk\",\n name=\"my-snapshot\",\n source_disk=disk.name,\n zone=\"us-central1-a\")\nssd = gcp.compute.RegionDisk(\"ssd\",\n name=\"my-disk\",\n replica_zones=[\n \"us-central1-a\",\n \"us-central1-f\",\n ],\n snapshot=snapdisk.id,\n size=50,\n type=\"pd-ssd\",\n region=\"us-central1\")\npolicy = gcp.compute.ResourcePolicy(\"policy\",\n name=\"my-resource-policy\",\n region=\"us-central1\",\n snapshot_schedule_policy={\n \"schedule\": {\n \"daily_schedule\": {\n \"days_in_cycle\": 1,\n \"start_time\": \"04:00\",\n },\n },\n })\nattachment = gcp.compute.RegionDiskResourcePolicyAttachment(\"attachment\",\n name=policy.name,\n disk=ssd.name,\n region=\"us-central1\")\nmy_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var disk = new Gcp.Compute.Disk(\"disk\", new()\n {\n Name = \"my-base-disk\",\n Image = \"debian-cloud/debian-11\",\n Size = 50,\n Type = \"pd-ssd\",\n Zone = \"us-central1-a\",\n });\n\n var snapdisk = new Gcp.Compute.Snapshot(\"snapdisk\", new()\n {\n Name = \"my-snapshot\",\n SourceDisk = disk.Name,\n Zone = \"us-central1-a\",\n });\n\n var ssd = new Gcp.Compute.RegionDisk(\"ssd\", new()\n {\n Name = \"my-disk\",\n ReplicaZones = new[]\n {\n \"us-central1-a\",\n \"us-central1-f\",\n },\n Snapshot = snapdisk.Id,\n Size = 50,\n Type = \"pd-ssd\",\n Region = \"us-central1\",\n });\n\n var policy = new Gcp.Compute.ResourcePolicy(\"policy\", new()\n {\n Name = \"my-resource-policy\",\n Region = \"us-central1\",\n SnapshotSchedulePolicy = new Gcp.Compute.Inputs.ResourcePolicySnapshotSchedulePolicyArgs\n {\n Schedule = new Gcp.Compute.Inputs.ResourcePolicySnapshotSchedulePolicyScheduleArgs\n {\n DailySchedule = new Gcp.Compute.Inputs.ResourcePolicySnapshotSchedulePolicyScheduleDailyScheduleArgs\n {\n DaysInCycle = 1,\n StartTime = \"04:00\",\n },\n },\n },\n });\n\n var attachment = new Gcp.Compute.RegionDiskResourcePolicyAttachment(\"attachment\", new()\n {\n Name = policy.Name,\n Disk = ssd.Name,\n Region = \"us-central1\",\n });\n\n var myImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdisk, err := compute.NewDisk(ctx, \"disk\", \u0026compute.DiskArgs{\n\t\t\tName: pulumi.String(\"my-base-disk\"),\n\t\t\tImage: pulumi.String(\"debian-cloud/debian-11\"),\n\t\t\tSize: pulumi.Int(50),\n\t\t\tType: pulumi.String(\"pd-ssd\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsnapdisk, err := compute.NewSnapshot(ctx, \"snapdisk\", \u0026compute.SnapshotArgs{\n\t\t\tName: pulumi.String(\"my-snapshot\"),\n\t\t\tSourceDisk: disk.Name,\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tssd, err := compute.NewRegionDisk(ctx, \"ssd\", \u0026compute.RegionDiskArgs{\n\t\t\tName: pulumi.String(\"my-disk\"),\n\t\t\tReplicaZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-central1-a\"),\n\t\t\t\tpulumi.String(\"us-central1-f\"),\n\t\t\t},\n\t\t\tSnapshot: snapdisk.ID(),\n\t\t\tSize: pulumi.Int(50),\n\t\t\tType: pulumi.String(\"pd-ssd\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpolicy, err := compute.NewResourcePolicy(ctx, \"policy\", \u0026compute.ResourcePolicyArgs{\n\t\t\tName: pulumi.String(\"my-resource-policy\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tSnapshotSchedulePolicy: \u0026compute.ResourcePolicySnapshotSchedulePolicyArgs{\n\t\t\t\tSchedule: \u0026compute.ResourcePolicySnapshotSchedulePolicyScheduleArgs{\n\t\t\t\t\tDailySchedule: \u0026compute.ResourcePolicySnapshotSchedulePolicyScheduleDailyScheduleArgs{\n\t\t\t\t\t\tDaysInCycle: pulumi.Int(1),\n\t\t\t\t\t\tStartTime: pulumi.String(\"04:00\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionDiskResourcePolicyAttachment(ctx, \"attachment\", \u0026compute.RegionDiskResourcePolicyAttachmentArgs{\n\t\t\tName: policy.Name,\n\t\t\tDisk: ssd.Name,\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Disk;\nimport com.pulumi.gcp.compute.DiskArgs;\nimport com.pulumi.gcp.compute.Snapshot;\nimport com.pulumi.gcp.compute.SnapshotArgs;\nimport com.pulumi.gcp.compute.RegionDisk;\nimport com.pulumi.gcp.compute.RegionDiskArgs;\nimport com.pulumi.gcp.compute.ResourcePolicy;\nimport com.pulumi.gcp.compute.ResourcePolicyArgs;\nimport com.pulumi.gcp.compute.inputs.ResourcePolicySnapshotSchedulePolicyArgs;\nimport com.pulumi.gcp.compute.inputs.ResourcePolicySnapshotSchedulePolicyScheduleArgs;\nimport com.pulumi.gcp.compute.inputs.ResourcePolicySnapshotSchedulePolicyScheduleDailyScheduleArgs;\nimport com.pulumi.gcp.compute.RegionDiskResourcePolicyAttachment;\nimport com.pulumi.gcp.compute.RegionDiskResourcePolicyAttachmentArgs;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var disk = new Disk(\"disk\", DiskArgs.builder()\n .name(\"my-base-disk\")\n .image(\"debian-cloud/debian-11\")\n .size(50)\n .type(\"pd-ssd\")\n .zone(\"us-central1-a\")\n .build());\n\n var snapdisk = new Snapshot(\"snapdisk\", SnapshotArgs.builder()\n .name(\"my-snapshot\")\n .sourceDisk(disk.name())\n .zone(\"us-central1-a\")\n .build());\n\n var ssd = new RegionDisk(\"ssd\", RegionDiskArgs.builder()\n .name(\"my-disk\")\n .replicaZones( \n \"us-central1-a\",\n \"us-central1-f\")\n .snapshot(snapdisk.id())\n .size(50)\n .type(\"pd-ssd\")\n .region(\"us-central1\")\n .build());\n\n var policy = new ResourcePolicy(\"policy\", ResourcePolicyArgs.builder()\n .name(\"my-resource-policy\")\n .region(\"us-central1\")\n .snapshotSchedulePolicy(ResourcePolicySnapshotSchedulePolicyArgs.builder()\n .schedule(ResourcePolicySnapshotSchedulePolicyScheduleArgs.builder()\n .dailySchedule(ResourcePolicySnapshotSchedulePolicyScheduleDailyScheduleArgs.builder()\n .daysInCycle(1)\n .startTime(\"04:00\")\n .build())\n .build())\n .build())\n .build());\n\n var attachment = new RegionDiskResourcePolicyAttachment(\"attachment\", RegionDiskResourcePolicyAttachmentArgs.builder()\n .name(policy.name())\n .disk(ssd.name())\n .region(\"us-central1\")\n .build());\n\n final var myImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n attachment:\n type: gcp:compute:RegionDiskResourcePolicyAttachment\n properties:\n name: ${policy.name}\n disk: ${ssd.name}\n region: us-central1\n disk:\n type: gcp:compute:Disk\n properties:\n name: my-base-disk\n image: debian-cloud/debian-11\n size: 50\n type: pd-ssd\n zone: us-central1-a\n snapdisk:\n type: gcp:compute:Snapshot\n properties:\n name: my-snapshot\n sourceDisk: ${disk.name}\n zone: us-central1-a\n ssd:\n type: gcp:compute:RegionDisk\n properties:\n name: my-disk\n replicaZones:\n - us-central1-a\n - us-central1-f\n snapshot: ${snapdisk.id}\n size: 50\n type: pd-ssd\n region: us-central1\n policy:\n type: gcp:compute:ResourcePolicy\n properties:\n name: my-resource-policy\n region: us-central1\n snapshotSchedulePolicy:\n schedule:\n dailySchedule:\n daysInCycle: 1\n startTime: 04:00\nvariables:\n myImage:\n fn::invoke:\n Function: gcp:compute:getImage\n Arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRegionDiskResourcePolicyAttachment can be imported using any of these accepted formats:\n\n* `projects/{{project}}/regions/{{region}}/disks/{{disk}}/{{name}}`\n\n* `{{project}}/{{region}}/{{disk}}/{{name}}`\n\n* `{{region}}/{{disk}}/{{name}}`\n\n* `{{disk}}/{{name}}`\n\nWhen using the `pulumi import` command, RegionDiskResourcePolicyAttachment can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/regionDiskResourcePolicyAttachment:RegionDiskResourcePolicyAttachment default projects/{{project}}/regions/{{region}}/disks/{{disk}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionDiskResourcePolicyAttachment:RegionDiskResourcePolicyAttachment default {{project}}/{{region}}/{{disk}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionDiskResourcePolicyAttachment:RegionDiskResourcePolicyAttachment default {{region}}/{{disk}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionDiskResourcePolicyAttachment:RegionDiskResourcePolicyAttachment default {{disk}}/{{name}}\n```\n\n", + "description": "Adds existing resource policies to a disk. You can only add one policy\nwhich will be applied to this disk for scheduling snapshot creation.\n\n\u003e **Note:** This resource does not support zonal disks (`gcp.compute.Disk`). For zonal disks, please refer to the `gcp.compute.DiskResourcePolicyAttachment` resource.\n\n\n\n\n## Example Usage\n\n### Region Disk Resource Policy Attachment Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst disk = new gcp.compute.Disk(\"disk\", {\n name: \"my-base-disk\",\n image: \"debian-cloud/debian-11\",\n size: 50,\n type: \"pd-ssd\",\n zone: \"us-central1-a\",\n});\nconst snapdisk = new gcp.compute.Snapshot(\"snapdisk\", {\n name: \"my-snapshot\",\n sourceDisk: disk.name,\n zone: \"us-central1-a\",\n});\nconst ssd = new gcp.compute.RegionDisk(\"ssd\", {\n name: \"my-disk\",\n replicaZones: [\n \"us-central1-a\",\n \"us-central1-f\",\n ],\n snapshot: snapdisk.id,\n size: 50,\n type: \"pd-ssd\",\n region: \"us-central1\",\n});\nconst policy = new gcp.compute.ResourcePolicy(\"policy\", {\n name: \"my-resource-policy\",\n region: \"us-central1\",\n snapshotSchedulePolicy: {\n schedule: {\n dailySchedule: {\n daysInCycle: 1,\n startTime: \"04:00\",\n },\n },\n },\n});\nconst attachment = new gcp.compute.RegionDiskResourcePolicyAttachment(\"attachment\", {\n name: policy.name,\n disk: ssd.name,\n region: \"us-central1\",\n});\nconst myImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndisk = gcp.compute.Disk(\"disk\",\n name=\"my-base-disk\",\n image=\"debian-cloud/debian-11\",\n size=50,\n type=\"pd-ssd\",\n zone=\"us-central1-a\")\nsnapdisk = gcp.compute.Snapshot(\"snapdisk\",\n name=\"my-snapshot\",\n source_disk=disk.name,\n zone=\"us-central1-a\")\nssd = gcp.compute.RegionDisk(\"ssd\",\n name=\"my-disk\",\n replica_zones=[\n \"us-central1-a\",\n \"us-central1-f\",\n ],\n snapshot=snapdisk.id,\n size=50,\n type=\"pd-ssd\",\n region=\"us-central1\")\npolicy = gcp.compute.ResourcePolicy(\"policy\",\n name=\"my-resource-policy\",\n region=\"us-central1\",\n snapshot_schedule_policy={\n \"schedule\": {\n \"daily_schedule\": {\n \"days_in_cycle\": 1,\n \"start_time\": \"04:00\",\n },\n },\n })\nattachment = gcp.compute.RegionDiskResourcePolicyAttachment(\"attachment\",\n name=policy.name,\n disk=ssd.name,\n region=\"us-central1\")\nmy_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var disk = new Gcp.Compute.Disk(\"disk\", new()\n {\n Name = \"my-base-disk\",\n Image = \"debian-cloud/debian-11\",\n Size = 50,\n Type = \"pd-ssd\",\n Zone = \"us-central1-a\",\n });\n\n var snapdisk = new Gcp.Compute.Snapshot(\"snapdisk\", new()\n {\n Name = \"my-snapshot\",\n SourceDisk = disk.Name,\n Zone = \"us-central1-a\",\n });\n\n var ssd = new Gcp.Compute.RegionDisk(\"ssd\", new()\n {\n Name = \"my-disk\",\n ReplicaZones = new[]\n {\n \"us-central1-a\",\n \"us-central1-f\",\n },\n Snapshot = snapdisk.Id,\n Size = 50,\n Type = \"pd-ssd\",\n Region = \"us-central1\",\n });\n\n var policy = new Gcp.Compute.ResourcePolicy(\"policy\", new()\n {\n Name = \"my-resource-policy\",\n Region = \"us-central1\",\n SnapshotSchedulePolicy = new Gcp.Compute.Inputs.ResourcePolicySnapshotSchedulePolicyArgs\n {\n Schedule = new Gcp.Compute.Inputs.ResourcePolicySnapshotSchedulePolicyScheduleArgs\n {\n DailySchedule = new Gcp.Compute.Inputs.ResourcePolicySnapshotSchedulePolicyScheduleDailyScheduleArgs\n {\n DaysInCycle = 1,\n StartTime = \"04:00\",\n },\n },\n },\n });\n\n var attachment = new Gcp.Compute.RegionDiskResourcePolicyAttachment(\"attachment\", new()\n {\n Name = policy.Name,\n Disk = ssd.Name,\n Region = \"us-central1\",\n });\n\n var myImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdisk, err := compute.NewDisk(ctx, \"disk\", \u0026compute.DiskArgs{\n\t\t\tName: pulumi.String(\"my-base-disk\"),\n\t\t\tImage: pulumi.String(\"debian-cloud/debian-11\"),\n\t\t\tSize: pulumi.Int(50),\n\t\t\tType: pulumi.String(\"pd-ssd\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsnapdisk, err := compute.NewSnapshot(ctx, \"snapdisk\", \u0026compute.SnapshotArgs{\n\t\t\tName: pulumi.String(\"my-snapshot\"),\n\t\t\tSourceDisk: disk.Name,\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tssd, err := compute.NewRegionDisk(ctx, \"ssd\", \u0026compute.RegionDiskArgs{\n\t\t\tName: pulumi.String(\"my-disk\"),\n\t\t\tReplicaZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-central1-a\"),\n\t\t\t\tpulumi.String(\"us-central1-f\"),\n\t\t\t},\n\t\t\tSnapshot: snapdisk.ID(),\n\t\t\tSize: pulumi.Int(50),\n\t\t\tType: pulumi.String(\"pd-ssd\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpolicy, err := compute.NewResourcePolicy(ctx, \"policy\", \u0026compute.ResourcePolicyArgs{\n\t\t\tName: pulumi.String(\"my-resource-policy\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tSnapshotSchedulePolicy: \u0026compute.ResourcePolicySnapshotSchedulePolicyArgs{\n\t\t\t\tSchedule: \u0026compute.ResourcePolicySnapshotSchedulePolicyScheduleArgs{\n\t\t\t\t\tDailySchedule: \u0026compute.ResourcePolicySnapshotSchedulePolicyScheduleDailyScheduleArgs{\n\t\t\t\t\t\tDaysInCycle: pulumi.Int(1),\n\t\t\t\t\t\tStartTime: pulumi.String(\"04:00\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionDiskResourcePolicyAttachment(ctx, \"attachment\", \u0026compute.RegionDiskResourcePolicyAttachmentArgs{\n\t\t\tName: policy.Name,\n\t\t\tDisk: ssd.Name,\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Disk;\nimport com.pulumi.gcp.compute.DiskArgs;\nimport com.pulumi.gcp.compute.Snapshot;\nimport com.pulumi.gcp.compute.SnapshotArgs;\nimport com.pulumi.gcp.compute.RegionDisk;\nimport com.pulumi.gcp.compute.RegionDiskArgs;\nimport com.pulumi.gcp.compute.ResourcePolicy;\nimport com.pulumi.gcp.compute.ResourcePolicyArgs;\nimport com.pulumi.gcp.compute.inputs.ResourcePolicySnapshotSchedulePolicyArgs;\nimport com.pulumi.gcp.compute.inputs.ResourcePolicySnapshotSchedulePolicyScheduleArgs;\nimport com.pulumi.gcp.compute.inputs.ResourcePolicySnapshotSchedulePolicyScheduleDailyScheduleArgs;\nimport com.pulumi.gcp.compute.RegionDiskResourcePolicyAttachment;\nimport com.pulumi.gcp.compute.RegionDiskResourcePolicyAttachmentArgs;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var disk = new Disk(\"disk\", DiskArgs.builder()\n .name(\"my-base-disk\")\n .image(\"debian-cloud/debian-11\")\n .size(50)\n .type(\"pd-ssd\")\n .zone(\"us-central1-a\")\n .build());\n\n var snapdisk = new Snapshot(\"snapdisk\", SnapshotArgs.builder()\n .name(\"my-snapshot\")\n .sourceDisk(disk.name())\n .zone(\"us-central1-a\")\n .build());\n\n var ssd = new RegionDisk(\"ssd\", RegionDiskArgs.builder()\n .name(\"my-disk\")\n .replicaZones( \n \"us-central1-a\",\n \"us-central1-f\")\n .snapshot(snapdisk.id())\n .size(50)\n .type(\"pd-ssd\")\n .region(\"us-central1\")\n .build());\n\n var policy = new ResourcePolicy(\"policy\", ResourcePolicyArgs.builder()\n .name(\"my-resource-policy\")\n .region(\"us-central1\")\n .snapshotSchedulePolicy(ResourcePolicySnapshotSchedulePolicyArgs.builder()\n .schedule(ResourcePolicySnapshotSchedulePolicyScheduleArgs.builder()\n .dailySchedule(ResourcePolicySnapshotSchedulePolicyScheduleDailyScheduleArgs.builder()\n .daysInCycle(1)\n .startTime(\"04:00\")\n .build())\n .build())\n .build())\n .build());\n\n var attachment = new RegionDiskResourcePolicyAttachment(\"attachment\", RegionDiskResourcePolicyAttachmentArgs.builder()\n .name(policy.name())\n .disk(ssd.name())\n .region(\"us-central1\")\n .build());\n\n final var myImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n attachment:\n type: gcp:compute:RegionDiskResourcePolicyAttachment\n properties:\n name: ${policy.name}\n disk: ${ssd.name}\n region: us-central1\n disk:\n type: gcp:compute:Disk\n properties:\n name: my-base-disk\n image: debian-cloud/debian-11\n size: 50\n type: pd-ssd\n zone: us-central1-a\n snapdisk:\n type: gcp:compute:Snapshot\n properties:\n name: my-snapshot\n sourceDisk: ${disk.name}\n zone: us-central1-a\n ssd:\n type: gcp:compute:RegionDisk\n properties:\n name: my-disk\n replicaZones:\n - us-central1-a\n - us-central1-f\n snapshot: ${snapdisk.id}\n size: 50\n type: pd-ssd\n region: us-central1\n policy:\n type: gcp:compute:ResourcePolicy\n properties:\n name: my-resource-policy\n region: us-central1\n snapshotSchedulePolicy:\n schedule:\n dailySchedule:\n daysInCycle: 1\n startTime: 04:00\nvariables:\n myImage:\n fn::invoke:\n function: gcp:compute:getImage\n arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRegionDiskResourcePolicyAttachment can be imported using any of these accepted formats:\n\n* `projects/{{project}}/regions/{{region}}/disks/{{disk}}/{{name}}`\n\n* `{{project}}/{{region}}/{{disk}}/{{name}}`\n\n* `{{region}}/{{disk}}/{{name}}`\n\n* `{{disk}}/{{name}}`\n\nWhen using the `pulumi import` command, RegionDiskResourcePolicyAttachment can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/regionDiskResourcePolicyAttachment:RegionDiskResourcePolicyAttachment default projects/{{project}}/regions/{{region}}/disks/{{disk}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionDiskResourcePolicyAttachment:RegionDiskResourcePolicyAttachment default {{project}}/{{region}}/{{disk}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionDiskResourcePolicyAttachment:RegionDiskResourcePolicyAttachment default {{region}}/{{disk}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionDiskResourcePolicyAttachment:RegionDiskResourcePolicyAttachment default {{disk}}/{{name}}\n```\n\n", "properties": { "disk": { "type": "string", @@ -176638,7 +176638,7 @@ } }, "gcp:compute/regionNetworkEndpoint:RegionNetworkEndpoint": { - "description": "A Region network endpoint represents a IP address/FQDN and port combination that is\npart of a specific network endpoint group (NEG).\n\n\u003e **NOTE**: Network endpoints cannot be created outside of a network endpoint group.\n\n\nTo get more information about RegionNetworkEndpoint, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/beta/regionNetworkEndpointGroups)\n* How-to Guides\n * [Internet NEGs Official Documentation](https://cloud.google.com/load-balancing/docs/negs/internet-neg-concepts)\n * [Official Documentation](https://cloud.google.com/load-balancing/docs/negs/)\n\n## Example Usage\n\n### Region Network Endpoint Internet Ip Port\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.Network(\"default\", {\n name: \"network\",\n autoCreateSubnetworks: false,\n});\nconst group = new gcp.compute.RegionNetworkEndpointGroup(\"group\", {\n name: \"ip-port-neg\",\n network: _default.id,\n region: \"us-central1\",\n networkEndpointType: \"INTERNET_IP_PORT\",\n});\nconst region_internet_ip_port_endpoint = new gcp.compute.RegionNetworkEndpoint(\"region-internet-ip-port-endpoint\", {\n regionNetworkEndpointGroup: group.name,\n region: \"us-central1\",\n ipAddress: \"8.8.8.8\",\n port: 443,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.Network(\"default\",\n name=\"network\",\n auto_create_subnetworks=False)\ngroup = gcp.compute.RegionNetworkEndpointGroup(\"group\",\n name=\"ip-port-neg\",\n network=default.id,\n region=\"us-central1\",\n network_endpoint_type=\"INTERNET_IP_PORT\")\nregion_internet_ip_port_endpoint = gcp.compute.RegionNetworkEndpoint(\"region-internet-ip-port-endpoint\",\n region_network_endpoint_group=group.name,\n region=\"us-central1\",\n ip_address=\"8.8.8.8\",\n port=443)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"network\",\n AutoCreateSubnetworks = false,\n });\n\n var @group = new Gcp.Compute.RegionNetworkEndpointGroup(\"group\", new()\n {\n Name = \"ip-port-neg\",\n Network = @default.Id,\n Region = \"us-central1\",\n NetworkEndpointType = \"INTERNET_IP_PORT\",\n });\n\n var region_internet_ip_port_endpoint = new Gcp.Compute.RegionNetworkEndpoint(\"region-internet-ip-port-endpoint\", new()\n {\n RegionNetworkEndpointGroup = @group.Name,\n Region = \"us-central1\",\n IpAddress = \"8.8.8.8\",\n Port = 443,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup, err := compute.NewRegionNetworkEndpointGroup(ctx, \"group\", \u0026compute.RegionNetworkEndpointGroupArgs{\n\t\t\tName: pulumi.String(\"ip-port-neg\"),\n\t\t\tNetwork: _default.ID(),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetworkEndpointType: pulumi.String(\"INTERNET_IP_PORT\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionNetworkEndpoint(ctx, \"region-internet-ip-port-endpoint\", \u0026compute.RegionNetworkEndpointArgs{\n\t\t\tRegionNetworkEndpointGroup: group.Name,\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tIpAddress: pulumi.String(\"8.8.8.8\"),\n\t\t\tPort: pulumi.Int(443),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.RegionNetworkEndpointGroup;\nimport com.pulumi.gcp.compute.RegionNetworkEndpointGroupArgs;\nimport com.pulumi.gcp.compute.RegionNetworkEndpoint;\nimport com.pulumi.gcp.compute.RegionNetworkEndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var group = new RegionNetworkEndpointGroup(\"group\", RegionNetworkEndpointGroupArgs.builder()\n .name(\"ip-port-neg\")\n .network(default_.id())\n .region(\"us-central1\")\n .networkEndpointType(\"INTERNET_IP_PORT\")\n .build());\n\n var region_internet_ip_port_endpoint = new RegionNetworkEndpoint(\"region-internet-ip-port-endpoint\", RegionNetworkEndpointArgs.builder()\n .regionNetworkEndpointGroup(group.name())\n .region(\"us-central1\")\n .ipAddress(\"8.8.8.8\")\n .port(443)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n region-internet-ip-port-endpoint:\n type: gcp:compute:RegionNetworkEndpoint\n properties:\n regionNetworkEndpointGroup: ${group.name}\n region: us-central1\n ipAddress: 8.8.8.8\n port: 443\n group:\n type: gcp:compute:RegionNetworkEndpointGroup\n properties:\n name: ip-port-neg\n network: ${default.id}\n region: us-central1\n networkEndpointType: INTERNET_IP_PORT\n default:\n type: gcp:compute:Network\n properties:\n name: network\n autoCreateSubnetworks: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Network Endpoint Internet Fqdn Port\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.Network(\"default\", {\n name: \"network\",\n autoCreateSubnetworks: false,\n});\nconst group = new gcp.compute.RegionNetworkEndpointGroup(\"group\", {\n name: \"fqdn-port-neg\",\n network: _default.id,\n region: \"us-central1\",\n networkEndpointType: \"INTERNET_FQDN_PORT\",\n});\nconst region_internet_fqdn_port_endpoint = new gcp.compute.RegionNetworkEndpoint(\"region-internet-fqdn-port-endpoint\", {\n regionNetworkEndpointGroup: group.name,\n region: \"us-central1\",\n fqdn: \"backend.example.com\",\n port: 443,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.Network(\"default\",\n name=\"network\",\n auto_create_subnetworks=False)\ngroup = gcp.compute.RegionNetworkEndpointGroup(\"group\",\n name=\"fqdn-port-neg\",\n network=default.id,\n region=\"us-central1\",\n network_endpoint_type=\"INTERNET_FQDN_PORT\")\nregion_internet_fqdn_port_endpoint = gcp.compute.RegionNetworkEndpoint(\"region-internet-fqdn-port-endpoint\",\n region_network_endpoint_group=group.name,\n region=\"us-central1\",\n fqdn=\"backend.example.com\",\n port=443)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"network\",\n AutoCreateSubnetworks = false,\n });\n\n var @group = new Gcp.Compute.RegionNetworkEndpointGroup(\"group\", new()\n {\n Name = \"fqdn-port-neg\",\n Network = @default.Id,\n Region = \"us-central1\",\n NetworkEndpointType = \"INTERNET_FQDN_PORT\",\n });\n\n var region_internet_fqdn_port_endpoint = new Gcp.Compute.RegionNetworkEndpoint(\"region-internet-fqdn-port-endpoint\", new()\n {\n RegionNetworkEndpointGroup = @group.Name,\n Region = \"us-central1\",\n Fqdn = \"backend.example.com\",\n Port = 443,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup, err := compute.NewRegionNetworkEndpointGroup(ctx, \"group\", \u0026compute.RegionNetworkEndpointGroupArgs{\n\t\t\tName: pulumi.String(\"fqdn-port-neg\"),\n\t\t\tNetwork: _default.ID(),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetworkEndpointType: pulumi.String(\"INTERNET_FQDN_PORT\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionNetworkEndpoint(ctx, \"region-internet-fqdn-port-endpoint\", \u0026compute.RegionNetworkEndpointArgs{\n\t\t\tRegionNetworkEndpointGroup: group.Name,\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tFqdn: pulumi.String(\"backend.example.com\"),\n\t\t\tPort: pulumi.Int(443),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.RegionNetworkEndpointGroup;\nimport com.pulumi.gcp.compute.RegionNetworkEndpointGroupArgs;\nimport com.pulumi.gcp.compute.RegionNetworkEndpoint;\nimport com.pulumi.gcp.compute.RegionNetworkEndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var group = new RegionNetworkEndpointGroup(\"group\", RegionNetworkEndpointGroupArgs.builder()\n .name(\"fqdn-port-neg\")\n .network(default_.id())\n .region(\"us-central1\")\n .networkEndpointType(\"INTERNET_FQDN_PORT\")\n .build());\n\n var region_internet_fqdn_port_endpoint = new RegionNetworkEndpoint(\"region-internet-fqdn-port-endpoint\", RegionNetworkEndpointArgs.builder()\n .regionNetworkEndpointGroup(group.name())\n .region(\"us-central1\")\n .fqdn(\"backend.example.com\")\n .port(443)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n region-internet-fqdn-port-endpoint:\n type: gcp:compute:RegionNetworkEndpoint\n properties:\n regionNetworkEndpointGroup: ${group.name}\n region: us-central1\n fqdn: backend.example.com\n port: 443\n group:\n type: gcp:compute:RegionNetworkEndpointGroup\n properties:\n name: fqdn-port-neg\n network: ${default.id}\n region: us-central1\n networkEndpointType: INTERNET_FQDN_PORT\n default:\n type: gcp:compute:Network\n properties:\n name: network\n autoCreateSubnetworks: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Network Endpoint Portmap\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.Network(\"default\", {\n name: \"network\",\n autoCreateSubnetworks: false,\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"subnetwork\",\n ipCidrRange: \"10.0.0.0/16\",\n region: \"us-central1\",\n network: _default.id,\n});\nconst defaultRegionNetworkEndpointGroup = new gcp.compute.RegionNetworkEndpointGroup(\"default\", {\n name: \"portmap-neg\",\n region: \"us-central1\",\n network: _default.id,\n subnetwork: defaultSubnetwork.id,\n networkEndpointType: \"GCE_VM_IP_PORTMAP\",\n});\nconst myImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst defaultInstance = new gcp.compute.Instance(\"default\", {\n networkInterfaces: [{\n accessConfigs: [{}],\n subnetwork: defaultSubnetwork.id,\n }],\n name: \"instance\",\n machineType: \"e2-medium\",\n zone: \"us-central1-a\",\n bootDisk: {\n initializeParams: {\n image: myImage.then(myImage =\u003e myImage.selfLink),\n },\n },\n});\nconst regionNetworkEndpointPortmap = new gcp.compute.RegionNetworkEndpoint(\"region_network_endpoint_portmap\", {\n regionNetworkEndpointGroup: defaultRegionNetworkEndpointGroup.name,\n region: \"us-central1\",\n instance: defaultInstance.selfLink,\n port: 80,\n ipAddress: defaultInstance.networkInterfaces.apply(networkInterfaces =\u003e networkInterfaces[0].networkIp),\n clientDestinationPort: 8080,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.Network(\"default\",\n name=\"network\",\n auto_create_subnetworks=False)\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"subnetwork\",\n ip_cidr_range=\"10.0.0.0/16\",\n region=\"us-central1\",\n network=default.id)\ndefault_region_network_endpoint_group = gcp.compute.RegionNetworkEndpointGroup(\"default\",\n name=\"portmap-neg\",\n region=\"us-central1\",\n network=default.id,\n subnetwork=default_subnetwork.id,\n network_endpoint_type=\"GCE_VM_IP_PORTMAP\")\nmy_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\ndefault_instance = gcp.compute.Instance(\"default\",\n network_interfaces=[{\n \"access_configs\": [{}],\n \"subnetwork\": default_subnetwork.id,\n }],\n name=\"instance\",\n machine_type=\"e2-medium\",\n zone=\"us-central1-a\",\n boot_disk={\n \"initialize_params\": {\n \"image\": my_image.self_link,\n },\n })\nregion_network_endpoint_portmap = gcp.compute.RegionNetworkEndpoint(\"region_network_endpoint_portmap\",\n region_network_endpoint_group=default_region_network_endpoint_group.name,\n region=\"us-central1\",\n instance=default_instance.self_link,\n port=80,\n ip_address=default_instance.network_interfaces[0].network_ip,\n client_destination_port=8080)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"network\",\n AutoCreateSubnetworks = false,\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"subnetwork\",\n IpCidrRange = \"10.0.0.0/16\",\n Region = \"us-central1\",\n Network = @default.Id,\n });\n\n var defaultRegionNetworkEndpointGroup = new Gcp.Compute.RegionNetworkEndpointGroup(\"default\", new()\n {\n Name = \"portmap-neg\",\n Region = \"us-central1\",\n Network = @default.Id,\n Subnetwork = defaultSubnetwork.Id,\n NetworkEndpointType = \"GCE_VM_IP_PORTMAP\",\n });\n\n var myImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var defaultInstance = new Gcp.Compute.Instance(\"default\", new()\n {\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs\n {\n AccessConfigs = new[]\n {\n null,\n },\n Subnetwork = defaultSubnetwork.Id,\n },\n },\n Name = \"instance\",\n MachineType = \"e2-medium\",\n Zone = \"us-central1-a\",\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = myImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n },\n },\n });\n\n var regionNetworkEndpointPortmap = new Gcp.Compute.RegionNetworkEndpoint(\"region_network_endpoint_portmap\", new()\n {\n RegionNetworkEndpointGroup = defaultRegionNetworkEndpointGroup.Name,\n Region = \"us-central1\",\n Instance = defaultInstance.SelfLink,\n Port = 80,\n IpAddress = defaultInstance.NetworkInterfaces.Apply(networkInterfaces =\u003e networkInterfaces[0].NetworkIp),\n ClientDestinationPort = 8080,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"subnetwork\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionNetworkEndpointGroup, err := compute.NewRegionNetworkEndpointGroup(ctx, \"default\", \u0026compute.RegionNetworkEndpointGroupArgs{\n\t\t\tName: pulumi.String(\"portmap-neg\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: _default.ID(),\n\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\tNetworkEndpointType: pulumi.String(\"GCE_VM_IP_PORTMAP\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultInstance, err := compute.NewInstance(ctx, \"default\", \u0026compute.InstanceArgs{\n\t\t\tNetworkInterfaces: compute.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tAccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{\n\t\t\t\t\t\t\u0026compute.InstanceNetworkInterfaceAccessConfigArgs{},\n\t\t\t\t\t},\n\t\t\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tName: pulumi.String(\"instance\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\n\t\t\t\t\tImage: pulumi.String(myImage.SelfLink),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionNetworkEndpoint(ctx, \"region_network_endpoint_portmap\", \u0026compute.RegionNetworkEndpointArgs{\n\t\t\tRegionNetworkEndpointGroup: defaultRegionNetworkEndpointGroup.Name,\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tInstance: defaultInstance.SelfLink,\n\t\t\tPort: pulumi.Int(80),\n\t\t\tIpAddress: pulumi.String(defaultInstance.NetworkInterfaces.ApplyT(func(networkInterfaces []compute.InstanceNetworkInterface) (*string, error) {\n\t\t\t\treturn \u0026networkInterfaces[0].NetworkIp, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\tClientDestinationPort: pulumi.Int(8080),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.RegionNetworkEndpointGroup;\nimport com.pulumi.gcp.compute.RegionNetworkEndpointGroupArgs;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;\nimport com.pulumi.gcp.compute.RegionNetworkEndpoint;\nimport com.pulumi.gcp.compute.RegionNetworkEndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"subnetwork\")\n .ipCidrRange(\"10.0.0.0/16\")\n .region(\"us-central1\")\n .network(default_.id())\n .build());\n\n var defaultRegionNetworkEndpointGroup = new RegionNetworkEndpointGroup(\"defaultRegionNetworkEndpointGroup\", RegionNetworkEndpointGroupArgs.builder()\n .name(\"portmap-neg\")\n .region(\"us-central1\")\n .network(default_.id())\n .subnetwork(defaultSubnetwork.id())\n .networkEndpointType(\"GCE_VM_IP_PORTMAP\")\n .build());\n\n final var myImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var defaultInstance = new Instance(\"defaultInstance\", InstanceArgs.builder()\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .accessConfigs()\n .subnetwork(defaultSubnetwork.id())\n .build())\n .name(\"instance\")\n .machineType(\"e2-medium\")\n .zone(\"us-central1-a\")\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(myImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .build())\n .build())\n .build());\n\n var regionNetworkEndpointPortmap = new RegionNetworkEndpoint(\"regionNetworkEndpointPortmap\", RegionNetworkEndpointArgs.builder()\n .regionNetworkEndpointGroup(defaultRegionNetworkEndpointGroup.name())\n .region(\"us-central1\")\n .instance(defaultInstance.selfLink())\n .port(80)\n .ipAddress(defaultInstance.networkInterfaces().applyValue(networkInterfaces -\u003e networkInterfaces[0].networkIp()))\n .clientDestinationPort(8080)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:Network\n properties:\n name: network\n autoCreateSubnetworks: false\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: subnetwork\n ipCidrRange: 10.0.0.0/16\n region: us-central1\n network: ${default.id}\n defaultRegionNetworkEndpointGroup:\n type: gcp:compute:RegionNetworkEndpointGroup\n name: default\n properties:\n name: portmap-neg\n region: us-central1\n network: ${default.id}\n subnetwork: ${defaultSubnetwork.id}\n networkEndpointType: GCE_VM_IP_PORTMAP\n regionNetworkEndpointPortmap:\n type: gcp:compute:RegionNetworkEndpoint\n name: region_network_endpoint_portmap\n properties:\n regionNetworkEndpointGroup: ${defaultRegionNetworkEndpointGroup.name}\n region: us-central1\n instance: ${defaultInstance.selfLink}\n port: 80\n ipAddress: ${defaultInstance.networkInterfaces[0].networkIp}\n clientDestinationPort: 8080\n defaultInstance:\n type: gcp:compute:Instance\n name: default\n properties:\n networkInterfaces:\n - accessConfigs:\n - {}\n subnetwork: ${defaultSubnetwork.id}\n name: instance\n machineType: e2-medium\n zone: us-central1-a\n bootDisk:\n initializeParams:\n image: ${myImage.selfLink}\nvariables:\n myImage:\n fn::invoke:\n Function: gcp:compute:getImage\n Arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRegionNetworkEndpoint can be imported using any of these accepted formats:\n\n* `projects/{{project}}/regions/{{region}}/networkEndpointGroups/{{region_network_endpoint_group}}/{{ip_address}}/{{fqdn}}/{{port}}`\n\n* `{{project}}/{{region}}/{{region_network_endpoint_group}}/{{ip_address}}/{{fqdn}}/{{port}}`\n\n* `{{region}}/{{region_network_endpoint_group}}/{{ip_address}}/{{fqdn}}/{{port}}`\n\n* `{{region_network_endpoint_group}}/{{ip_address}}/{{fqdn}}/{{port}}`\n\nWhen using the `pulumi import` command, RegionNetworkEndpoint can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/regionNetworkEndpoint:RegionNetworkEndpoint default projects/{{project}}/regions/{{region}}/networkEndpointGroups/{{region_network_endpoint_group}}/{{ip_address}}/{{fqdn}}/{{port}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionNetworkEndpoint:RegionNetworkEndpoint default {{project}}/{{region}}/{{region_network_endpoint_group}}/{{ip_address}}/{{fqdn}}/{{port}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionNetworkEndpoint:RegionNetworkEndpoint default {{region}}/{{region_network_endpoint_group}}/{{ip_address}}/{{fqdn}}/{{port}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionNetworkEndpoint:RegionNetworkEndpoint default {{region_network_endpoint_group}}/{{ip_address}}/{{fqdn}}/{{port}}\n```\n\n", + "description": "A Region network endpoint represents a IP address/FQDN and port combination that is\npart of a specific network endpoint group (NEG).\n\n\u003e **NOTE**: Network endpoints cannot be created outside of a network endpoint group.\n\n\nTo get more information about RegionNetworkEndpoint, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/beta/regionNetworkEndpointGroups)\n* How-to Guides\n * [Internet NEGs Official Documentation](https://cloud.google.com/load-balancing/docs/negs/internet-neg-concepts)\n * [Official Documentation](https://cloud.google.com/load-balancing/docs/negs/)\n\n## Example Usage\n\n### Region Network Endpoint Internet Ip Port\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.Network(\"default\", {\n name: \"network\",\n autoCreateSubnetworks: false,\n});\nconst group = new gcp.compute.RegionNetworkEndpointGroup(\"group\", {\n name: \"ip-port-neg\",\n network: _default.id,\n region: \"us-central1\",\n networkEndpointType: \"INTERNET_IP_PORT\",\n});\nconst region_internet_ip_port_endpoint = new gcp.compute.RegionNetworkEndpoint(\"region-internet-ip-port-endpoint\", {\n regionNetworkEndpointGroup: group.name,\n region: \"us-central1\",\n ipAddress: \"8.8.8.8\",\n port: 443,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.Network(\"default\",\n name=\"network\",\n auto_create_subnetworks=False)\ngroup = gcp.compute.RegionNetworkEndpointGroup(\"group\",\n name=\"ip-port-neg\",\n network=default.id,\n region=\"us-central1\",\n network_endpoint_type=\"INTERNET_IP_PORT\")\nregion_internet_ip_port_endpoint = gcp.compute.RegionNetworkEndpoint(\"region-internet-ip-port-endpoint\",\n region_network_endpoint_group=group.name,\n region=\"us-central1\",\n ip_address=\"8.8.8.8\",\n port=443)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"network\",\n AutoCreateSubnetworks = false,\n });\n\n var @group = new Gcp.Compute.RegionNetworkEndpointGroup(\"group\", new()\n {\n Name = \"ip-port-neg\",\n Network = @default.Id,\n Region = \"us-central1\",\n NetworkEndpointType = \"INTERNET_IP_PORT\",\n });\n\n var region_internet_ip_port_endpoint = new Gcp.Compute.RegionNetworkEndpoint(\"region-internet-ip-port-endpoint\", new()\n {\n RegionNetworkEndpointGroup = @group.Name,\n Region = \"us-central1\",\n IpAddress = \"8.8.8.8\",\n Port = 443,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup, err := compute.NewRegionNetworkEndpointGroup(ctx, \"group\", \u0026compute.RegionNetworkEndpointGroupArgs{\n\t\t\tName: pulumi.String(\"ip-port-neg\"),\n\t\t\tNetwork: _default.ID(),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetworkEndpointType: pulumi.String(\"INTERNET_IP_PORT\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionNetworkEndpoint(ctx, \"region-internet-ip-port-endpoint\", \u0026compute.RegionNetworkEndpointArgs{\n\t\t\tRegionNetworkEndpointGroup: group.Name,\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tIpAddress: pulumi.String(\"8.8.8.8\"),\n\t\t\tPort: pulumi.Int(443),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.RegionNetworkEndpointGroup;\nimport com.pulumi.gcp.compute.RegionNetworkEndpointGroupArgs;\nimport com.pulumi.gcp.compute.RegionNetworkEndpoint;\nimport com.pulumi.gcp.compute.RegionNetworkEndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var group = new RegionNetworkEndpointGroup(\"group\", RegionNetworkEndpointGroupArgs.builder()\n .name(\"ip-port-neg\")\n .network(default_.id())\n .region(\"us-central1\")\n .networkEndpointType(\"INTERNET_IP_PORT\")\n .build());\n\n var region_internet_ip_port_endpoint = new RegionNetworkEndpoint(\"region-internet-ip-port-endpoint\", RegionNetworkEndpointArgs.builder()\n .regionNetworkEndpointGroup(group.name())\n .region(\"us-central1\")\n .ipAddress(\"8.8.8.8\")\n .port(443)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n region-internet-ip-port-endpoint:\n type: gcp:compute:RegionNetworkEndpoint\n properties:\n regionNetworkEndpointGroup: ${group.name}\n region: us-central1\n ipAddress: 8.8.8.8\n port: 443\n group:\n type: gcp:compute:RegionNetworkEndpointGroup\n properties:\n name: ip-port-neg\n network: ${default.id}\n region: us-central1\n networkEndpointType: INTERNET_IP_PORT\n default:\n type: gcp:compute:Network\n properties:\n name: network\n autoCreateSubnetworks: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Network Endpoint Internet Fqdn Port\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.Network(\"default\", {\n name: \"network\",\n autoCreateSubnetworks: false,\n});\nconst group = new gcp.compute.RegionNetworkEndpointGroup(\"group\", {\n name: \"fqdn-port-neg\",\n network: _default.id,\n region: \"us-central1\",\n networkEndpointType: \"INTERNET_FQDN_PORT\",\n});\nconst region_internet_fqdn_port_endpoint = new gcp.compute.RegionNetworkEndpoint(\"region-internet-fqdn-port-endpoint\", {\n regionNetworkEndpointGroup: group.name,\n region: \"us-central1\",\n fqdn: \"backend.example.com\",\n port: 443,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.Network(\"default\",\n name=\"network\",\n auto_create_subnetworks=False)\ngroup = gcp.compute.RegionNetworkEndpointGroup(\"group\",\n name=\"fqdn-port-neg\",\n network=default.id,\n region=\"us-central1\",\n network_endpoint_type=\"INTERNET_FQDN_PORT\")\nregion_internet_fqdn_port_endpoint = gcp.compute.RegionNetworkEndpoint(\"region-internet-fqdn-port-endpoint\",\n region_network_endpoint_group=group.name,\n region=\"us-central1\",\n fqdn=\"backend.example.com\",\n port=443)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"network\",\n AutoCreateSubnetworks = false,\n });\n\n var @group = new Gcp.Compute.RegionNetworkEndpointGroup(\"group\", new()\n {\n Name = \"fqdn-port-neg\",\n Network = @default.Id,\n Region = \"us-central1\",\n NetworkEndpointType = \"INTERNET_FQDN_PORT\",\n });\n\n var region_internet_fqdn_port_endpoint = new Gcp.Compute.RegionNetworkEndpoint(\"region-internet-fqdn-port-endpoint\", new()\n {\n RegionNetworkEndpointGroup = @group.Name,\n Region = \"us-central1\",\n Fqdn = \"backend.example.com\",\n Port = 443,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup, err := compute.NewRegionNetworkEndpointGroup(ctx, \"group\", \u0026compute.RegionNetworkEndpointGroupArgs{\n\t\t\tName: pulumi.String(\"fqdn-port-neg\"),\n\t\t\tNetwork: _default.ID(),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetworkEndpointType: pulumi.String(\"INTERNET_FQDN_PORT\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionNetworkEndpoint(ctx, \"region-internet-fqdn-port-endpoint\", \u0026compute.RegionNetworkEndpointArgs{\n\t\t\tRegionNetworkEndpointGroup: group.Name,\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tFqdn: pulumi.String(\"backend.example.com\"),\n\t\t\tPort: pulumi.Int(443),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.RegionNetworkEndpointGroup;\nimport com.pulumi.gcp.compute.RegionNetworkEndpointGroupArgs;\nimport com.pulumi.gcp.compute.RegionNetworkEndpoint;\nimport com.pulumi.gcp.compute.RegionNetworkEndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var group = new RegionNetworkEndpointGroup(\"group\", RegionNetworkEndpointGroupArgs.builder()\n .name(\"fqdn-port-neg\")\n .network(default_.id())\n .region(\"us-central1\")\n .networkEndpointType(\"INTERNET_FQDN_PORT\")\n .build());\n\n var region_internet_fqdn_port_endpoint = new RegionNetworkEndpoint(\"region-internet-fqdn-port-endpoint\", RegionNetworkEndpointArgs.builder()\n .regionNetworkEndpointGroup(group.name())\n .region(\"us-central1\")\n .fqdn(\"backend.example.com\")\n .port(443)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n region-internet-fqdn-port-endpoint:\n type: gcp:compute:RegionNetworkEndpoint\n properties:\n regionNetworkEndpointGroup: ${group.name}\n region: us-central1\n fqdn: backend.example.com\n port: 443\n group:\n type: gcp:compute:RegionNetworkEndpointGroup\n properties:\n name: fqdn-port-neg\n network: ${default.id}\n region: us-central1\n networkEndpointType: INTERNET_FQDN_PORT\n default:\n type: gcp:compute:Network\n properties:\n name: network\n autoCreateSubnetworks: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Network Endpoint Portmap\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.Network(\"default\", {\n name: \"network\",\n autoCreateSubnetworks: false,\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"subnetwork\",\n ipCidrRange: \"10.0.0.0/16\",\n region: \"us-central1\",\n network: _default.id,\n});\nconst defaultRegionNetworkEndpointGroup = new gcp.compute.RegionNetworkEndpointGroup(\"default\", {\n name: \"portmap-neg\",\n region: \"us-central1\",\n network: _default.id,\n subnetwork: defaultSubnetwork.id,\n networkEndpointType: \"GCE_VM_IP_PORTMAP\",\n});\nconst myImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst defaultInstance = new gcp.compute.Instance(\"default\", {\n networkInterfaces: [{\n accessConfigs: [{}],\n subnetwork: defaultSubnetwork.id,\n }],\n name: \"instance\",\n machineType: \"e2-medium\",\n zone: \"us-central1-a\",\n bootDisk: {\n initializeParams: {\n image: myImage.then(myImage =\u003e myImage.selfLink),\n },\n },\n});\nconst regionNetworkEndpointPortmap = new gcp.compute.RegionNetworkEndpoint(\"region_network_endpoint_portmap\", {\n regionNetworkEndpointGroup: defaultRegionNetworkEndpointGroup.name,\n region: \"us-central1\",\n instance: defaultInstance.selfLink,\n port: 80,\n ipAddress: defaultInstance.networkInterfaces.apply(networkInterfaces =\u003e networkInterfaces[0].networkIp),\n clientDestinationPort: 8080,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.Network(\"default\",\n name=\"network\",\n auto_create_subnetworks=False)\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"subnetwork\",\n ip_cidr_range=\"10.0.0.0/16\",\n region=\"us-central1\",\n network=default.id)\ndefault_region_network_endpoint_group = gcp.compute.RegionNetworkEndpointGroup(\"default\",\n name=\"portmap-neg\",\n region=\"us-central1\",\n network=default.id,\n subnetwork=default_subnetwork.id,\n network_endpoint_type=\"GCE_VM_IP_PORTMAP\")\nmy_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\ndefault_instance = gcp.compute.Instance(\"default\",\n network_interfaces=[{\n \"access_configs\": [{}],\n \"subnetwork\": default_subnetwork.id,\n }],\n name=\"instance\",\n machine_type=\"e2-medium\",\n zone=\"us-central1-a\",\n boot_disk={\n \"initialize_params\": {\n \"image\": my_image.self_link,\n },\n })\nregion_network_endpoint_portmap = gcp.compute.RegionNetworkEndpoint(\"region_network_endpoint_portmap\",\n region_network_endpoint_group=default_region_network_endpoint_group.name,\n region=\"us-central1\",\n instance=default_instance.self_link,\n port=80,\n ip_address=default_instance.network_interfaces[0].network_ip,\n client_destination_port=8080)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"network\",\n AutoCreateSubnetworks = false,\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"subnetwork\",\n IpCidrRange = \"10.0.0.0/16\",\n Region = \"us-central1\",\n Network = @default.Id,\n });\n\n var defaultRegionNetworkEndpointGroup = new Gcp.Compute.RegionNetworkEndpointGroup(\"default\", new()\n {\n Name = \"portmap-neg\",\n Region = \"us-central1\",\n Network = @default.Id,\n Subnetwork = defaultSubnetwork.Id,\n NetworkEndpointType = \"GCE_VM_IP_PORTMAP\",\n });\n\n var myImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var defaultInstance = new Gcp.Compute.Instance(\"default\", new()\n {\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs\n {\n AccessConfigs = new[]\n {\n null,\n },\n Subnetwork = defaultSubnetwork.Id,\n },\n },\n Name = \"instance\",\n MachineType = \"e2-medium\",\n Zone = \"us-central1-a\",\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = myImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n },\n },\n });\n\n var regionNetworkEndpointPortmap = new Gcp.Compute.RegionNetworkEndpoint(\"region_network_endpoint_portmap\", new()\n {\n RegionNetworkEndpointGroup = defaultRegionNetworkEndpointGroup.Name,\n Region = \"us-central1\",\n Instance = defaultInstance.SelfLink,\n Port = 80,\n IpAddress = defaultInstance.NetworkInterfaces.Apply(networkInterfaces =\u003e networkInterfaces[0].NetworkIp),\n ClientDestinationPort = 8080,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"subnetwork\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionNetworkEndpointGroup, err := compute.NewRegionNetworkEndpointGroup(ctx, \"default\", \u0026compute.RegionNetworkEndpointGroupArgs{\n\t\t\tName: pulumi.String(\"portmap-neg\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: _default.ID(),\n\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\tNetworkEndpointType: pulumi.String(\"GCE_VM_IP_PORTMAP\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultInstance, err := compute.NewInstance(ctx, \"default\", \u0026compute.InstanceArgs{\n\t\t\tNetworkInterfaces: compute.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tAccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{\n\t\t\t\t\t\t\u0026compute.InstanceNetworkInterfaceAccessConfigArgs{},\n\t\t\t\t\t},\n\t\t\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tName: pulumi.String(\"instance\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\n\t\t\t\t\tImage: pulumi.String(myImage.SelfLink),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionNetworkEndpoint(ctx, \"region_network_endpoint_portmap\", \u0026compute.RegionNetworkEndpointArgs{\n\t\t\tRegionNetworkEndpointGroup: defaultRegionNetworkEndpointGroup.Name,\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tInstance: defaultInstance.SelfLink,\n\t\t\tPort: pulumi.Int(80),\n\t\t\tIpAddress: pulumi.String(defaultInstance.NetworkInterfaces.ApplyT(func(networkInterfaces []compute.InstanceNetworkInterface) (*string, error) {\n\t\t\t\treturn \u0026networkInterfaces[0].NetworkIp, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\tClientDestinationPort: pulumi.Int(8080),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.RegionNetworkEndpointGroup;\nimport com.pulumi.gcp.compute.RegionNetworkEndpointGroupArgs;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;\nimport com.pulumi.gcp.compute.RegionNetworkEndpoint;\nimport com.pulumi.gcp.compute.RegionNetworkEndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"subnetwork\")\n .ipCidrRange(\"10.0.0.0/16\")\n .region(\"us-central1\")\n .network(default_.id())\n .build());\n\n var defaultRegionNetworkEndpointGroup = new RegionNetworkEndpointGroup(\"defaultRegionNetworkEndpointGroup\", RegionNetworkEndpointGroupArgs.builder()\n .name(\"portmap-neg\")\n .region(\"us-central1\")\n .network(default_.id())\n .subnetwork(defaultSubnetwork.id())\n .networkEndpointType(\"GCE_VM_IP_PORTMAP\")\n .build());\n\n final var myImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var defaultInstance = new Instance(\"defaultInstance\", InstanceArgs.builder()\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .accessConfigs()\n .subnetwork(defaultSubnetwork.id())\n .build())\n .name(\"instance\")\n .machineType(\"e2-medium\")\n .zone(\"us-central1-a\")\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(myImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .build())\n .build())\n .build());\n\n var regionNetworkEndpointPortmap = new RegionNetworkEndpoint(\"regionNetworkEndpointPortmap\", RegionNetworkEndpointArgs.builder()\n .regionNetworkEndpointGroup(defaultRegionNetworkEndpointGroup.name())\n .region(\"us-central1\")\n .instance(defaultInstance.selfLink())\n .port(80)\n .ipAddress(defaultInstance.networkInterfaces().applyValue(networkInterfaces -\u003e networkInterfaces[0].networkIp()))\n .clientDestinationPort(8080)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:Network\n properties:\n name: network\n autoCreateSubnetworks: false\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: subnetwork\n ipCidrRange: 10.0.0.0/16\n region: us-central1\n network: ${default.id}\n defaultRegionNetworkEndpointGroup:\n type: gcp:compute:RegionNetworkEndpointGroup\n name: default\n properties:\n name: portmap-neg\n region: us-central1\n network: ${default.id}\n subnetwork: ${defaultSubnetwork.id}\n networkEndpointType: GCE_VM_IP_PORTMAP\n regionNetworkEndpointPortmap:\n type: gcp:compute:RegionNetworkEndpoint\n name: region_network_endpoint_portmap\n properties:\n regionNetworkEndpointGroup: ${defaultRegionNetworkEndpointGroup.name}\n region: us-central1\n instance: ${defaultInstance.selfLink}\n port: 80\n ipAddress: ${defaultInstance.networkInterfaces[0].networkIp}\n clientDestinationPort: 8080\n defaultInstance:\n type: gcp:compute:Instance\n name: default\n properties:\n networkInterfaces:\n - accessConfigs:\n - {}\n subnetwork: ${defaultSubnetwork.id}\n name: instance\n machineType: e2-medium\n zone: us-central1-a\n bootDisk:\n initializeParams:\n image: ${myImage.selfLink}\nvariables:\n myImage:\n fn::invoke:\n function: gcp:compute:getImage\n arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRegionNetworkEndpoint can be imported using any of these accepted formats:\n\n* `projects/{{project}}/regions/{{region}}/networkEndpointGroups/{{region_network_endpoint_group}}/{{ip_address}}/{{fqdn}}/{{port}}`\n\n* `{{project}}/{{region}}/{{region_network_endpoint_group}}/{{ip_address}}/{{fqdn}}/{{port}}`\n\n* `{{region}}/{{region_network_endpoint_group}}/{{ip_address}}/{{fqdn}}/{{port}}`\n\n* `{{region_network_endpoint_group}}/{{ip_address}}/{{fqdn}}/{{port}}`\n\nWhen using the `pulumi import` command, RegionNetworkEndpoint can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/regionNetworkEndpoint:RegionNetworkEndpoint default projects/{{project}}/regions/{{region}}/networkEndpointGroups/{{region_network_endpoint_group}}/{{ip_address}}/{{fqdn}}/{{port}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionNetworkEndpoint:RegionNetworkEndpoint default {{project}}/{{region}}/{{region_network_endpoint_group}}/{{ip_address}}/{{fqdn}}/{{port}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionNetworkEndpoint:RegionNetworkEndpoint default {{region}}/{{region_network_endpoint_group}}/{{ip_address}}/{{fqdn}}/{{port}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionNetworkEndpoint:RegionNetworkEndpoint default {{region_network_endpoint_group}}/{{ip_address}}/{{fqdn}}/{{port}}\n```\n\n", "properties": { "clientDestinationPort": { "type": "integer", @@ -177459,7 +177459,7 @@ } }, "gcp:compute/regionNetworkFirewallPolicyWithRules:RegionNetworkFirewallPolicyWithRules": { - "description": "## Example Usage\n\n### Compute Region Network Firewall Policy With Rules Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst addressGroup1 = new gcp.networksecurity.AddressGroup(\"address_group_1\", {\n name: \"tf-address-group\",\n parent: project.then(project =\u003e project.id),\n description: \"Regional address group\",\n location: \"us-west2\",\n items: [\"208.80.154.224/32\"],\n type: \"IPV4\",\n capacity: 100,\n});\nconst secureTagKey1 = new gcp.tags.TagKey(\"secure_tag_key_1\", {\n description: \"Tag key\",\n parent: project.then(project =\u003e project.id),\n purpose: \"GCE_FIREWALL\",\n shortName: \"tf-tag-key\",\n purposeData: {\n network: project.then(project =\u003e `${project.name}/default`),\n },\n});\nconst secureTagValue1 = new gcp.tags.TagValue(\"secure_tag_value_1\", {\n description: \"Tag value\",\n parent: secureTagKey1.id,\n shortName: \"tf-tag-value\",\n});\nconst region_network_firewall_policy_with_rules = new gcp.compute.RegionNetworkFirewallPolicyWithRules(\"region-network-firewall-policy-with-rules\", {\n name: \"tf-region-fw-policy-with-rules\",\n region: \"us-west2\",\n description: \"Terraform test\",\n rules: [\n {\n description: \"tcp rule\",\n priority: 1000,\n enableLogging: true,\n action: \"allow\",\n direction: \"EGRESS\",\n match: {\n layer4Configs: [{\n ipProtocol: \"tcp\",\n ports: [\n \"8080\",\n \"7070\",\n ],\n }],\n destIpRanges: [\"11.100.0.1/32\"],\n destFqdns: [\n \"www.yyy.com\",\n \"www.zzz.com\",\n ],\n destRegionCodes: [\n \"HK\",\n \"IN\",\n ],\n destThreatIntelligences: [\n \"iplist-search-engines-crawlers\",\n \"iplist-tor-exit-nodes\",\n ],\n destAddressGroups: [addressGroup1.id],\n },\n targetSecureTags: [{\n name: secureTagValue1.id,\n }],\n },\n {\n description: \"udp rule\",\n ruleName: \"test-rule\",\n priority: 2000,\n enableLogging: false,\n action: \"deny\",\n direction: \"INGRESS\",\n match: {\n layer4Configs: [{\n ipProtocol: \"udp\",\n }],\n srcIpRanges: [\"0.0.0.0/0\"],\n srcFqdns: [\n \"www.abc.com\",\n \"www.def.com\",\n ],\n srcRegionCodes: [\n \"US\",\n \"CA\",\n ],\n srcThreatIntelligences: [\n \"iplist-known-malicious-ips\",\n \"iplist-public-clouds\",\n ],\n srcAddressGroups: [addressGroup1.id],\n srcSecureTags: [{\n name: secureTagValue1.id,\n }],\n },\n disabled: true,\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\naddress_group1 = gcp.networksecurity.AddressGroup(\"address_group_1\",\n name=\"tf-address-group\",\n parent=project.id,\n description=\"Regional address group\",\n location=\"us-west2\",\n items=[\"208.80.154.224/32\"],\n type=\"IPV4\",\n capacity=100)\nsecure_tag_key1 = gcp.tags.TagKey(\"secure_tag_key_1\",\n description=\"Tag key\",\n parent=project.id,\n purpose=\"GCE_FIREWALL\",\n short_name=\"tf-tag-key\",\n purpose_data={\n \"network\": f\"{project.name}/default\",\n })\nsecure_tag_value1 = gcp.tags.TagValue(\"secure_tag_value_1\",\n description=\"Tag value\",\n parent=secure_tag_key1.id,\n short_name=\"tf-tag-value\")\nregion_network_firewall_policy_with_rules = gcp.compute.RegionNetworkFirewallPolicyWithRules(\"region-network-firewall-policy-with-rules\",\n name=\"tf-region-fw-policy-with-rules\",\n region=\"us-west2\",\n description=\"Terraform test\",\n rules=[\n {\n \"description\": \"tcp rule\",\n \"priority\": 1000,\n \"enable_logging\": True,\n \"action\": \"allow\",\n \"direction\": \"EGRESS\",\n \"match\": {\n \"layer4_configs\": [{\n \"ip_protocol\": \"tcp\",\n \"ports\": [\n \"8080\",\n \"7070\",\n ],\n }],\n \"dest_ip_ranges\": [\"11.100.0.1/32\"],\n \"dest_fqdns\": [\n \"www.yyy.com\",\n \"www.zzz.com\",\n ],\n \"dest_region_codes\": [\n \"HK\",\n \"IN\",\n ],\n \"dest_threat_intelligences\": [\n \"iplist-search-engines-crawlers\",\n \"iplist-tor-exit-nodes\",\n ],\n \"dest_address_groups\": [address_group1.id],\n },\n \"target_secure_tags\": [{\n \"name\": secure_tag_value1.id,\n }],\n },\n {\n \"description\": \"udp rule\",\n \"rule_name\": \"test-rule\",\n \"priority\": 2000,\n \"enable_logging\": False,\n \"action\": \"deny\",\n \"direction\": \"INGRESS\",\n \"match\": {\n \"layer4_configs\": [{\n \"ip_protocol\": \"udp\",\n }],\n \"src_ip_ranges\": [\"0.0.0.0/0\"],\n \"src_fqdns\": [\n \"www.abc.com\",\n \"www.def.com\",\n ],\n \"src_region_codes\": [\n \"US\",\n \"CA\",\n ],\n \"src_threat_intelligences\": [\n \"iplist-known-malicious-ips\",\n \"iplist-public-clouds\",\n ],\n \"src_address_groups\": [address_group1.id],\n \"src_secure_tags\": [{\n \"name\": secure_tag_value1.id,\n }],\n },\n \"disabled\": True,\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var addressGroup1 = new Gcp.NetworkSecurity.AddressGroup(\"address_group_1\", new()\n {\n Name = \"tf-address-group\",\n Parent = project.Apply(getProjectResult =\u003e getProjectResult.Id),\n Description = \"Regional address group\",\n Location = \"us-west2\",\n Items = new[]\n {\n \"208.80.154.224/32\",\n },\n Type = \"IPV4\",\n Capacity = 100,\n });\n\n var secureTagKey1 = new Gcp.Tags.TagKey(\"secure_tag_key_1\", new()\n {\n Description = \"Tag key\",\n Parent = project.Apply(getProjectResult =\u003e getProjectResult.Id),\n Purpose = \"GCE_FIREWALL\",\n ShortName = \"tf-tag-key\",\n PurposeData = \n {\n { \"network\", $\"{project.Apply(getProjectResult =\u003e getProjectResult.Name)}/default\" },\n },\n });\n\n var secureTagValue1 = new Gcp.Tags.TagValue(\"secure_tag_value_1\", new()\n {\n Description = \"Tag value\",\n Parent = secureTagKey1.Id,\n ShortName = \"tf-tag-value\",\n });\n\n var region_network_firewall_policy_with_rules = new Gcp.Compute.RegionNetworkFirewallPolicyWithRules(\"region-network-firewall-policy-with-rules\", new()\n {\n Name = \"tf-region-fw-policy-with-rules\",\n Region = \"us-west2\",\n Description = \"Terraform test\",\n Rules = new[]\n {\n new Gcp.Compute.Inputs.RegionNetworkFirewallPolicyWithRulesRuleArgs\n {\n Description = \"tcp rule\",\n Priority = 1000,\n EnableLogging = true,\n Action = \"allow\",\n Direction = \"EGRESS\",\n Match = new Gcp.Compute.Inputs.RegionNetworkFirewallPolicyWithRulesRuleMatchArgs\n {\n Layer4Configs = new[]\n {\n new Gcp.Compute.Inputs.RegionNetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs\n {\n IpProtocol = \"tcp\",\n Ports = new[]\n {\n \"8080\",\n \"7070\",\n },\n },\n },\n DestIpRanges = new[]\n {\n \"11.100.0.1/32\",\n },\n DestFqdns = new[]\n {\n \"www.yyy.com\",\n \"www.zzz.com\",\n },\n DestRegionCodes = new[]\n {\n \"HK\",\n \"IN\",\n },\n DestThreatIntelligences = new[]\n {\n \"iplist-search-engines-crawlers\",\n \"iplist-tor-exit-nodes\",\n },\n DestAddressGroups = new[]\n {\n addressGroup1.Id,\n },\n },\n TargetSecureTags = new[]\n {\n new Gcp.Compute.Inputs.RegionNetworkFirewallPolicyWithRulesRuleTargetSecureTagArgs\n {\n Name = secureTagValue1.Id,\n },\n },\n },\n new Gcp.Compute.Inputs.RegionNetworkFirewallPolicyWithRulesRuleArgs\n {\n Description = \"udp rule\",\n RuleName = \"test-rule\",\n Priority = 2000,\n EnableLogging = false,\n Action = \"deny\",\n Direction = \"INGRESS\",\n Match = new Gcp.Compute.Inputs.RegionNetworkFirewallPolicyWithRulesRuleMatchArgs\n {\n Layer4Configs = new[]\n {\n new Gcp.Compute.Inputs.RegionNetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs\n {\n IpProtocol = \"udp\",\n },\n },\n SrcIpRanges = new[]\n {\n \"0.0.0.0/0\",\n },\n SrcFqdns = new[]\n {\n \"www.abc.com\",\n \"www.def.com\",\n },\n SrcRegionCodes = new[]\n {\n \"US\",\n \"CA\",\n },\n SrcThreatIntelligences = new[]\n {\n \"iplist-known-malicious-ips\",\n \"iplist-public-clouds\",\n },\n SrcAddressGroups = new[]\n {\n addressGroup1.Id,\n },\n SrcSecureTags = new[]\n {\n new Gcp.Compute.Inputs.RegionNetworkFirewallPolicyWithRulesRuleMatchSrcSecureTagArgs\n {\n Name = secureTagValue1.Id,\n },\n },\n },\n Disabled = true,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\taddressGroup1, err := networksecurity.NewAddressGroup(ctx, \"address_group_1\", \u0026networksecurity.AddressGroupArgs{\n\t\t\tName: pulumi.String(\"tf-address-group\"),\n\t\t\tParent: pulumi.String(project.Id),\n\t\t\tDescription: pulumi.String(\"Regional address group\"),\n\t\t\tLocation: pulumi.String(\"us-west2\"),\n\t\t\tItems: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"208.80.154.224/32\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"IPV4\"),\n\t\t\tCapacity: pulumi.Int(100),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecureTagKey1, err := tags.NewTagKey(ctx, \"secure_tag_key_1\", \u0026tags.TagKeyArgs{\n\t\t\tDescription: pulumi.String(\"Tag key\"),\n\t\t\tParent: pulumi.String(project.Id),\n\t\t\tPurpose: pulumi.String(\"GCE_FIREWALL\"),\n\t\t\tShortName: pulumi.String(\"tf-tag-key\"),\n\t\t\tPurposeData: pulumi.StringMap{\n\t\t\t\t\"network\": pulumi.Sprintf(\"%v/default\", project.Name),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecureTagValue1, err := tags.NewTagValue(ctx, \"secure_tag_value_1\", \u0026tags.TagValueArgs{\n\t\t\tDescription: pulumi.String(\"Tag value\"),\n\t\t\tParent: secureTagKey1.ID(),\n\t\t\tShortName: pulumi.String(\"tf-tag-value\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionNetworkFirewallPolicyWithRules(ctx, \"region-network-firewall-policy-with-rules\", \u0026compute.RegionNetworkFirewallPolicyWithRulesArgs{\n\t\t\tName: pulumi.String(\"tf-region-fw-policy-with-rules\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tDescription: pulumi.String(\"Terraform test\"),\n\t\t\tRules: compute.RegionNetworkFirewallPolicyWithRulesRuleArray{\n\t\t\t\t\u0026compute.RegionNetworkFirewallPolicyWithRulesRuleArgs{\n\t\t\t\t\tDescription: pulumi.String(\"tcp rule\"),\n\t\t\t\t\tPriority: pulumi.Int(1000),\n\t\t\t\t\tEnableLogging: pulumi.Bool(true),\n\t\t\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\t\t\tDirection: pulumi.String(\"EGRESS\"),\n\t\t\t\t\tMatch: \u0026compute.RegionNetworkFirewallPolicyWithRulesRuleMatchArgs{\n\t\t\t\t\t\tLayer4Configs: compute.RegionNetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArray{\n\t\t\t\t\t\t\t\u0026compute.RegionNetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs{\n\t\t\t\t\t\t\t\tIpProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\t\t\t\tPorts: pulumi.StringArray{\n\t\t\t\t\t\t\t\t\tpulumi.String(\"8080\"),\n\t\t\t\t\t\t\t\t\tpulumi.String(\"7070\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDestIpRanges: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"11.100.0.1/32\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDestFqdns: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"www.yyy.com\"),\n\t\t\t\t\t\t\tpulumi.String(\"www.zzz.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDestRegionCodes: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"HK\"),\n\t\t\t\t\t\t\tpulumi.String(\"IN\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDestThreatIntelligences: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"iplist-search-engines-crawlers\"),\n\t\t\t\t\t\t\tpulumi.String(\"iplist-tor-exit-nodes\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDestAddressGroups: pulumi.StringArray{\n\t\t\t\t\t\t\taddressGroup1.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tTargetSecureTags: compute.RegionNetworkFirewallPolicyWithRulesRuleTargetSecureTagArray{\n\t\t\t\t\t\t\u0026compute.RegionNetworkFirewallPolicyWithRulesRuleTargetSecureTagArgs{\n\t\t\t\t\t\t\tName: secureTagValue1.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026compute.RegionNetworkFirewallPolicyWithRulesRuleArgs{\n\t\t\t\t\tDescription: pulumi.String(\"udp rule\"),\n\t\t\t\t\tRuleName: pulumi.String(\"test-rule\"),\n\t\t\t\t\tPriority: pulumi.Int(2000),\n\t\t\t\t\tEnableLogging: pulumi.Bool(false),\n\t\t\t\t\tAction: pulumi.String(\"deny\"),\n\t\t\t\t\tDirection: pulumi.String(\"INGRESS\"),\n\t\t\t\t\tMatch: \u0026compute.RegionNetworkFirewallPolicyWithRulesRuleMatchArgs{\n\t\t\t\t\t\tLayer4Configs: compute.RegionNetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArray{\n\t\t\t\t\t\t\t\u0026compute.RegionNetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs{\n\t\t\t\t\t\t\t\tIpProtocol: pulumi.String(\"udp\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcIpRanges: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"0.0.0.0/0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcFqdns: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"www.abc.com\"),\n\t\t\t\t\t\t\tpulumi.String(\"www.def.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcRegionCodes: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t\t\t\tpulumi.String(\"CA\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcThreatIntelligences: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"iplist-known-malicious-ips\"),\n\t\t\t\t\t\t\tpulumi.String(\"iplist-public-clouds\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcAddressGroups: pulumi.StringArray{\n\t\t\t\t\t\t\taddressGroup1.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcSecureTags: compute.RegionNetworkFirewallPolicyWithRulesRuleMatchSrcSecureTagArray{\n\t\t\t\t\t\t\t\u0026compute.RegionNetworkFirewallPolicyWithRulesRuleMatchSrcSecureTagArgs{\n\t\t\t\t\t\t\t\tName: secureTagValue1.ID(),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tDisabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.networksecurity.AddressGroup;\nimport com.pulumi.gcp.networksecurity.AddressGroupArgs;\nimport com.pulumi.gcp.tags.TagKey;\nimport com.pulumi.gcp.tags.TagKeyArgs;\nimport com.pulumi.gcp.tags.TagValue;\nimport com.pulumi.gcp.tags.TagValueArgs;\nimport com.pulumi.gcp.compute.RegionNetworkFirewallPolicyWithRules;\nimport com.pulumi.gcp.compute.RegionNetworkFirewallPolicyWithRulesArgs;\nimport com.pulumi.gcp.compute.inputs.RegionNetworkFirewallPolicyWithRulesRuleArgs;\nimport com.pulumi.gcp.compute.inputs.RegionNetworkFirewallPolicyWithRulesRuleMatchArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var addressGroup1 = new AddressGroup(\"addressGroup1\", AddressGroupArgs.builder()\n .name(\"tf-address-group\")\n .parent(project.applyValue(getProjectResult -\u003e getProjectResult.id()))\n .description(\"Regional address group\")\n .location(\"us-west2\")\n .items(\"208.80.154.224/32\")\n .type(\"IPV4\")\n .capacity(100)\n .build());\n\n var secureTagKey1 = new TagKey(\"secureTagKey1\", TagKeyArgs.builder()\n .description(\"Tag key\")\n .parent(project.applyValue(getProjectResult -\u003e getProjectResult.id()))\n .purpose(\"GCE_FIREWALL\")\n .shortName(\"tf-tag-key\")\n .purposeData(Map.of(\"network\", String.format(\"%s/default\", project.applyValue(getProjectResult -\u003e getProjectResult.name()))))\n .build());\n\n var secureTagValue1 = new TagValue(\"secureTagValue1\", TagValueArgs.builder()\n .description(\"Tag value\")\n .parent(secureTagKey1.id())\n .shortName(\"tf-tag-value\")\n .build());\n\n var region_network_firewall_policy_with_rules = new RegionNetworkFirewallPolicyWithRules(\"region-network-firewall-policy-with-rules\", RegionNetworkFirewallPolicyWithRulesArgs.builder()\n .name(\"tf-region-fw-policy-with-rules\")\n .region(\"us-west2\")\n .description(\"Terraform test\")\n .rules( \n RegionNetworkFirewallPolicyWithRulesRuleArgs.builder()\n .description(\"tcp rule\")\n .priority(1000)\n .enableLogging(true)\n .action(\"allow\")\n .direction(\"EGRESS\")\n .match(RegionNetworkFirewallPolicyWithRulesRuleMatchArgs.builder()\n .layer4Configs(RegionNetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs.builder()\n .ipProtocol(\"tcp\")\n .ports( \n 8080,\n 7070)\n .build())\n .destIpRanges(\"11.100.0.1/32\")\n .destFqdns( \n \"www.yyy.com\",\n \"www.zzz.com\")\n .destRegionCodes( \n \"HK\",\n \"IN\")\n .destThreatIntelligences( \n \"iplist-search-engines-crawlers\",\n \"iplist-tor-exit-nodes\")\n .destAddressGroups(addressGroup1.id())\n .build())\n .targetSecureTags(RegionNetworkFirewallPolicyWithRulesRuleTargetSecureTagArgs.builder()\n .name(secureTagValue1.id())\n .build())\n .build(),\n RegionNetworkFirewallPolicyWithRulesRuleArgs.builder()\n .description(\"udp rule\")\n .ruleName(\"test-rule\")\n .priority(2000)\n .enableLogging(false)\n .action(\"deny\")\n .direction(\"INGRESS\")\n .match(RegionNetworkFirewallPolicyWithRulesRuleMatchArgs.builder()\n .layer4Configs(RegionNetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs.builder()\n .ipProtocol(\"udp\")\n .build())\n .srcIpRanges(\"0.0.0.0/0\")\n .srcFqdns( \n \"www.abc.com\",\n \"www.def.com\")\n .srcRegionCodes( \n \"US\",\n \"CA\")\n .srcThreatIntelligences( \n \"iplist-known-malicious-ips\",\n \"iplist-public-clouds\")\n .srcAddressGroups(addressGroup1.id())\n .srcSecureTags(RegionNetworkFirewallPolicyWithRulesRuleMatchSrcSecureTagArgs.builder()\n .name(secureTagValue1.id())\n .build())\n .build())\n .disabled(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n region-network-firewall-policy-with-rules:\n type: gcp:compute:RegionNetworkFirewallPolicyWithRules\n properties:\n name: tf-region-fw-policy-with-rules\n region: us-west2\n description: Terraform test\n rules:\n - description: tcp rule\n priority: 1000\n enableLogging: true\n action: allow\n direction: EGRESS\n match:\n layer4Configs:\n - ipProtocol: tcp\n ports:\n - 8080\n - 7070\n destIpRanges:\n - 11.100.0.1/32\n destFqdns:\n - www.yyy.com\n - www.zzz.com\n destRegionCodes:\n - HK\n - IN\n destThreatIntelligences:\n - iplist-search-engines-crawlers\n - iplist-tor-exit-nodes\n destAddressGroups:\n - ${addressGroup1.id}\n targetSecureTags:\n - name: ${secureTagValue1.id}\n - description: udp rule\n ruleName: test-rule\n priority: 2000\n enableLogging: false\n action: deny\n direction: INGRESS\n match:\n layer4Configs:\n - ipProtocol: udp\n srcIpRanges:\n - 0.0.0.0/0\n srcFqdns:\n - www.abc.com\n - www.def.com\n srcRegionCodes:\n - US\n - CA\n srcThreatIntelligences:\n - iplist-known-malicious-ips\n - iplist-public-clouds\n srcAddressGroups:\n - ${addressGroup1.id}\n srcSecureTags:\n - name: ${secureTagValue1.id}\n disabled: true\n addressGroup1:\n type: gcp:networksecurity:AddressGroup\n name: address_group_1\n properties:\n name: tf-address-group\n parent: ${project.id}\n description: Regional address group\n location: us-west2\n items:\n - 208.80.154.224/32\n type: IPV4\n capacity: 100\n secureTagKey1:\n type: gcp:tags:TagKey\n name: secure_tag_key_1\n properties:\n description: Tag key\n parent: ${project.id}\n purpose: GCE_FIREWALL\n shortName: tf-tag-key\n purposeData:\n network: ${project.name}/default\n secureTagValue1:\n type: gcp:tags:TagValue\n name: secure_tag_value_1\n properties:\n description: Tag value\n parent: ${secureTagKey1.id}\n shortName: tf-tag-value\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRegionNetworkFirewallPolicyWithRules can be imported using any of these accepted formats:\n\n* `projects/{{project}}/regions/{{region}}/firewallPolicies/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, RegionNetworkFirewallPolicyWithRules can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/regionNetworkFirewallPolicyWithRules:RegionNetworkFirewallPolicyWithRules default projects/{{project}}/regions/{{region}}/firewallPolicies/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionNetworkFirewallPolicyWithRules:RegionNetworkFirewallPolicyWithRules default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionNetworkFirewallPolicyWithRules:RegionNetworkFirewallPolicyWithRules default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionNetworkFirewallPolicyWithRules:RegionNetworkFirewallPolicyWithRules default {{name}}\n```\n\n", + "description": "## Example Usage\n\n### Compute Region Network Firewall Policy With Rules Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst addressGroup1 = new gcp.networksecurity.AddressGroup(\"address_group_1\", {\n name: \"tf-address-group\",\n parent: project.then(project =\u003e project.id),\n description: \"Regional address group\",\n location: \"us-west2\",\n items: [\"208.80.154.224/32\"],\n type: \"IPV4\",\n capacity: 100,\n});\nconst secureTagKey1 = new gcp.tags.TagKey(\"secure_tag_key_1\", {\n description: \"Tag key\",\n parent: project.then(project =\u003e project.id),\n purpose: \"GCE_FIREWALL\",\n shortName: \"tf-tag-key\",\n purposeData: {\n network: project.then(project =\u003e `${project.name}/default`),\n },\n});\nconst secureTagValue1 = new gcp.tags.TagValue(\"secure_tag_value_1\", {\n description: \"Tag value\",\n parent: secureTagKey1.id,\n shortName: \"tf-tag-value\",\n});\nconst region_network_firewall_policy_with_rules = new gcp.compute.RegionNetworkFirewallPolicyWithRules(\"region-network-firewall-policy-with-rules\", {\n name: \"tf-region-fw-policy-with-rules\",\n region: \"us-west2\",\n description: \"Terraform test\",\n rules: [\n {\n description: \"tcp rule\",\n priority: 1000,\n enableLogging: true,\n action: \"allow\",\n direction: \"EGRESS\",\n match: {\n layer4Configs: [{\n ipProtocol: \"tcp\",\n ports: [\n \"8080\",\n \"7070\",\n ],\n }],\n destIpRanges: [\"11.100.0.1/32\"],\n destFqdns: [\n \"www.yyy.com\",\n \"www.zzz.com\",\n ],\n destRegionCodes: [\n \"HK\",\n \"IN\",\n ],\n destThreatIntelligences: [\n \"iplist-search-engines-crawlers\",\n \"iplist-tor-exit-nodes\",\n ],\n destAddressGroups: [addressGroup1.id],\n },\n targetSecureTags: [{\n name: secureTagValue1.id,\n }],\n },\n {\n description: \"udp rule\",\n ruleName: \"test-rule\",\n priority: 2000,\n enableLogging: false,\n action: \"deny\",\n direction: \"INGRESS\",\n match: {\n layer4Configs: [{\n ipProtocol: \"udp\",\n }],\n srcIpRanges: [\"0.0.0.0/0\"],\n srcFqdns: [\n \"www.abc.com\",\n \"www.def.com\",\n ],\n srcRegionCodes: [\n \"US\",\n \"CA\",\n ],\n srcThreatIntelligences: [\n \"iplist-known-malicious-ips\",\n \"iplist-public-clouds\",\n ],\n srcAddressGroups: [addressGroup1.id],\n srcSecureTags: [{\n name: secureTagValue1.id,\n }],\n },\n disabled: true,\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\naddress_group1 = gcp.networksecurity.AddressGroup(\"address_group_1\",\n name=\"tf-address-group\",\n parent=project.id,\n description=\"Regional address group\",\n location=\"us-west2\",\n items=[\"208.80.154.224/32\"],\n type=\"IPV4\",\n capacity=100)\nsecure_tag_key1 = gcp.tags.TagKey(\"secure_tag_key_1\",\n description=\"Tag key\",\n parent=project.id,\n purpose=\"GCE_FIREWALL\",\n short_name=\"tf-tag-key\",\n purpose_data={\n \"network\": f\"{project.name}/default\",\n })\nsecure_tag_value1 = gcp.tags.TagValue(\"secure_tag_value_1\",\n description=\"Tag value\",\n parent=secure_tag_key1.id,\n short_name=\"tf-tag-value\")\nregion_network_firewall_policy_with_rules = gcp.compute.RegionNetworkFirewallPolicyWithRules(\"region-network-firewall-policy-with-rules\",\n name=\"tf-region-fw-policy-with-rules\",\n region=\"us-west2\",\n description=\"Terraform test\",\n rules=[\n {\n \"description\": \"tcp rule\",\n \"priority\": 1000,\n \"enable_logging\": True,\n \"action\": \"allow\",\n \"direction\": \"EGRESS\",\n \"match\": {\n \"layer4_configs\": [{\n \"ip_protocol\": \"tcp\",\n \"ports\": [\n \"8080\",\n \"7070\",\n ],\n }],\n \"dest_ip_ranges\": [\"11.100.0.1/32\"],\n \"dest_fqdns\": [\n \"www.yyy.com\",\n \"www.zzz.com\",\n ],\n \"dest_region_codes\": [\n \"HK\",\n \"IN\",\n ],\n \"dest_threat_intelligences\": [\n \"iplist-search-engines-crawlers\",\n \"iplist-tor-exit-nodes\",\n ],\n \"dest_address_groups\": [address_group1.id],\n },\n \"target_secure_tags\": [{\n \"name\": secure_tag_value1.id,\n }],\n },\n {\n \"description\": \"udp rule\",\n \"rule_name\": \"test-rule\",\n \"priority\": 2000,\n \"enable_logging\": False,\n \"action\": \"deny\",\n \"direction\": \"INGRESS\",\n \"match\": {\n \"layer4_configs\": [{\n \"ip_protocol\": \"udp\",\n }],\n \"src_ip_ranges\": [\"0.0.0.0/0\"],\n \"src_fqdns\": [\n \"www.abc.com\",\n \"www.def.com\",\n ],\n \"src_region_codes\": [\n \"US\",\n \"CA\",\n ],\n \"src_threat_intelligences\": [\n \"iplist-known-malicious-ips\",\n \"iplist-public-clouds\",\n ],\n \"src_address_groups\": [address_group1.id],\n \"src_secure_tags\": [{\n \"name\": secure_tag_value1.id,\n }],\n },\n \"disabled\": True,\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var addressGroup1 = new Gcp.NetworkSecurity.AddressGroup(\"address_group_1\", new()\n {\n Name = \"tf-address-group\",\n Parent = project.Apply(getProjectResult =\u003e getProjectResult.Id),\n Description = \"Regional address group\",\n Location = \"us-west2\",\n Items = new[]\n {\n \"208.80.154.224/32\",\n },\n Type = \"IPV4\",\n Capacity = 100,\n });\n\n var secureTagKey1 = new Gcp.Tags.TagKey(\"secure_tag_key_1\", new()\n {\n Description = \"Tag key\",\n Parent = project.Apply(getProjectResult =\u003e getProjectResult.Id),\n Purpose = \"GCE_FIREWALL\",\n ShortName = \"tf-tag-key\",\n PurposeData = \n {\n { \"network\", $\"{project.Apply(getProjectResult =\u003e getProjectResult.Name)}/default\" },\n },\n });\n\n var secureTagValue1 = new Gcp.Tags.TagValue(\"secure_tag_value_1\", new()\n {\n Description = \"Tag value\",\n Parent = secureTagKey1.Id,\n ShortName = \"tf-tag-value\",\n });\n\n var region_network_firewall_policy_with_rules = new Gcp.Compute.RegionNetworkFirewallPolicyWithRules(\"region-network-firewall-policy-with-rules\", new()\n {\n Name = \"tf-region-fw-policy-with-rules\",\n Region = \"us-west2\",\n Description = \"Terraform test\",\n Rules = new[]\n {\n new Gcp.Compute.Inputs.RegionNetworkFirewallPolicyWithRulesRuleArgs\n {\n Description = \"tcp rule\",\n Priority = 1000,\n EnableLogging = true,\n Action = \"allow\",\n Direction = \"EGRESS\",\n Match = new Gcp.Compute.Inputs.RegionNetworkFirewallPolicyWithRulesRuleMatchArgs\n {\n Layer4Configs = new[]\n {\n new Gcp.Compute.Inputs.RegionNetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs\n {\n IpProtocol = \"tcp\",\n Ports = new[]\n {\n \"8080\",\n \"7070\",\n },\n },\n },\n DestIpRanges = new[]\n {\n \"11.100.0.1/32\",\n },\n DestFqdns = new[]\n {\n \"www.yyy.com\",\n \"www.zzz.com\",\n },\n DestRegionCodes = new[]\n {\n \"HK\",\n \"IN\",\n },\n DestThreatIntelligences = new[]\n {\n \"iplist-search-engines-crawlers\",\n \"iplist-tor-exit-nodes\",\n },\n DestAddressGroups = new[]\n {\n addressGroup1.Id,\n },\n },\n TargetSecureTags = new[]\n {\n new Gcp.Compute.Inputs.RegionNetworkFirewallPolicyWithRulesRuleTargetSecureTagArgs\n {\n Name = secureTagValue1.Id,\n },\n },\n },\n new Gcp.Compute.Inputs.RegionNetworkFirewallPolicyWithRulesRuleArgs\n {\n Description = \"udp rule\",\n RuleName = \"test-rule\",\n Priority = 2000,\n EnableLogging = false,\n Action = \"deny\",\n Direction = \"INGRESS\",\n Match = new Gcp.Compute.Inputs.RegionNetworkFirewallPolicyWithRulesRuleMatchArgs\n {\n Layer4Configs = new[]\n {\n new Gcp.Compute.Inputs.RegionNetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs\n {\n IpProtocol = \"udp\",\n },\n },\n SrcIpRanges = new[]\n {\n \"0.0.0.0/0\",\n },\n SrcFqdns = new[]\n {\n \"www.abc.com\",\n \"www.def.com\",\n },\n SrcRegionCodes = new[]\n {\n \"US\",\n \"CA\",\n },\n SrcThreatIntelligences = new[]\n {\n \"iplist-known-malicious-ips\",\n \"iplist-public-clouds\",\n },\n SrcAddressGroups = new[]\n {\n addressGroup1.Id,\n },\n SrcSecureTags = new[]\n {\n new Gcp.Compute.Inputs.RegionNetworkFirewallPolicyWithRulesRuleMatchSrcSecureTagArgs\n {\n Name = secureTagValue1.Id,\n },\n },\n },\n Disabled = true,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\taddressGroup1, err := networksecurity.NewAddressGroup(ctx, \"address_group_1\", \u0026networksecurity.AddressGroupArgs{\n\t\t\tName: pulumi.String(\"tf-address-group\"),\n\t\t\tParent: pulumi.String(project.Id),\n\t\t\tDescription: pulumi.String(\"Regional address group\"),\n\t\t\tLocation: pulumi.String(\"us-west2\"),\n\t\t\tItems: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"208.80.154.224/32\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"IPV4\"),\n\t\t\tCapacity: pulumi.Int(100),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecureTagKey1, err := tags.NewTagKey(ctx, \"secure_tag_key_1\", \u0026tags.TagKeyArgs{\n\t\t\tDescription: pulumi.String(\"Tag key\"),\n\t\t\tParent: pulumi.String(project.Id),\n\t\t\tPurpose: pulumi.String(\"GCE_FIREWALL\"),\n\t\t\tShortName: pulumi.String(\"tf-tag-key\"),\n\t\t\tPurposeData: pulumi.StringMap{\n\t\t\t\t\"network\": pulumi.Sprintf(\"%v/default\", project.Name),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecureTagValue1, err := tags.NewTagValue(ctx, \"secure_tag_value_1\", \u0026tags.TagValueArgs{\n\t\t\tDescription: pulumi.String(\"Tag value\"),\n\t\t\tParent: secureTagKey1.ID(),\n\t\t\tShortName: pulumi.String(\"tf-tag-value\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionNetworkFirewallPolicyWithRules(ctx, \"region-network-firewall-policy-with-rules\", \u0026compute.RegionNetworkFirewallPolicyWithRulesArgs{\n\t\t\tName: pulumi.String(\"tf-region-fw-policy-with-rules\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tDescription: pulumi.String(\"Terraform test\"),\n\t\t\tRules: compute.RegionNetworkFirewallPolicyWithRulesRuleArray{\n\t\t\t\t\u0026compute.RegionNetworkFirewallPolicyWithRulesRuleArgs{\n\t\t\t\t\tDescription: pulumi.String(\"tcp rule\"),\n\t\t\t\t\tPriority: pulumi.Int(1000),\n\t\t\t\t\tEnableLogging: pulumi.Bool(true),\n\t\t\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\t\t\tDirection: pulumi.String(\"EGRESS\"),\n\t\t\t\t\tMatch: \u0026compute.RegionNetworkFirewallPolicyWithRulesRuleMatchArgs{\n\t\t\t\t\t\tLayer4Configs: compute.RegionNetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArray{\n\t\t\t\t\t\t\t\u0026compute.RegionNetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs{\n\t\t\t\t\t\t\t\tIpProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\t\t\t\tPorts: pulumi.StringArray{\n\t\t\t\t\t\t\t\t\tpulumi.String(\"8080\"),\n\t\t\t\t\t\t\t\t\tpulumi.String(\"7070\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDestIpRanges: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"11.100.0.1/32\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDestFqdns: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"www.yyy.com\"),\n\t\t\t\t\t\t\tpulumi.String(\"www.zzz.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDestRegionCodes: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"HK\"),\n\t\t\t\t\t\t\tpulumi.String(\"IN\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDestThreatIntelligences: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"iplist-search-engines-crawlers\"),\n\t\t\t\t\t\t\tpulumi.String(\"iplist-tor-exit-nodes\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDestAddressGroups: pulumi.StringArray{\n\t\t\t\t\t\t\taddressGroup1.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tTargetSecureTags: compute.RegionNetworkFirewallPolicyWithRulesRuleTargetSecureTagArray{\n\t\t\t\t\t\t\u0026compute.RegionNetworkFirewallPolicyWithRulesRuleTargetSecureTagArgs{\n\t\t\t\t\t\t\tName: secureTagValue1.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026compute.RegionNetworkFirewallPolicyWithRulesRuleArgs{\n\t\t\t\t\tDescription: pulumi.String(\"udp rule\"),\n\t\t\t\t\tRuleName: pulumi.String(\"test-rule\"),\n\t\t\t\t\tPriority: pulumi.Int(2000),\n\t\t\t\t\tEnableLogging: pulumi.Bool(false),\n\t\t\t\t\tAction: pulumi.String(\"deny\"),\n\t\t\t\t\tDirection: pulumi.String(\"INGRESS\"),\n\t\t\t\t\tMatch: \u0026compute.RegionNetworkFirewallPolicyWithRulesRuleMatchArgs{\n\t\t\t\t\t\tLayer4Configs: compute.RegionNetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArray{\n\t\t\t\t\t\t\t\u0026compute.RegionNetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs{\n\t\t\t\t\t\t\t\tIpProtocol: pulumi.String(\"udp\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcIpRanges: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"0.0.0.0/0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcFqdns: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"www.abc.com\"),\n\t\t\t\t\t\t\tpulumi.String(\"www.def.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcRegionCodes: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t\t\t\tpulumi.String(\"CA\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcThreatIntelligences: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"iplist-known-malicious-ips\"),\n\t\t\t\t\t\t\tpulumi.String(\"iplist-public-clouds\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcAddressGroups: pulumi.StringArray{\n\t\t\t\t\t\t\taddressGroup1.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSrcSecureTags: compute.RegionNetworkFirewallPolicyWithRulesRuleMatchSrcSecureTagArray{\n\t\t\t\t\t\t\t\u0026compute.RegionNetworkFirewallPolicyWithRulesRuleMatchSrcSecureTagArgs{\n\t\t\t\t\t\t\t\tName: secureTagValue1.ID(),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tDisabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.networksecurity.AddressGroup;\nimport com.pulumi.gcp.networksecurity.AddressGroupArgs;\nimport com.pulumi.gcp.tags.TagKey;\nimport com.pulumi.gcp.tags.TagKeyArgs;\nimport com.pulumi.gcp.tags.TagValue;\nimport com.pulumi.gcp.tags.TagValueArgs;\nimport com.pulumi.gcp.compute.RegionNetworkFirewallPolicyWithRules;\nimport com.pulumi.gcp.compute.RegionNetworkFirewallPolicyWithRulesArgs;\nimport com.pulumi.gcp.compute.inputs.RegionNetworkFirewallPolicyWithRulesRuleArgs;\nimport com.pulumi.gcp.compute.inputs.RegionNetworkFirewallPolicyWithRulesRuleMatchArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var addressGroup1 = new AddressGroup(\"addressGroup1\", AddressGroupArgs.builder()\n .name(\"tf-address-group\")\n .parent(project.applyValue(getProjectResult -\u003e getProjectResult.id()))\n .description(\"Regional address group\")\n .location(\"us-west2\")\n .items(\"208.80.154.224/32\")\n .type(\"IPV4\")\n .capacity(100)\n .build());\n\n var secureTagKey1 = new TagKey(\"secureTagKey1\", TagKeyArgs.builder()\n .description(\"Tag key\")\n .parent(project.applyValue(getProjectResult -\u003e getProjectResult.id()))\n .purpose(\"GCE_FIREWALL\")\n .shortName(\"tf-tag-key\")\n .purposeData(Map.of(\"network\", String.format(\"%s/default\", project.applyValue(getProjectResult -\u003e getProjectResult.name()))))\n .build());\n\n var secureTagValue1 = new TagValue(\"secureTagValue1\", TagValueArgs.builder()\n .description(\"Tag value\")\n .parent(secureTagKey1.id())\n .shortName(\"tf-tag-value\")\n .build());\n\n var region_network_firewall_policy_with_rules = new RegionNetworkFirewallPolicyWithRules(\"region-network-firewall-policy-with-rules\", RegionNetworkFirewallPolicyWithRulesArgs.builder()\n .name(\"tf-region-fw-policy-with-rules\")\n .region(\"us-west2\")\n .description(\"Terraform test\")\n .rules( \n RegionNetworkFirewallPolicyWithRulesRuleArgs.builder()\n .description(\"tcp rule\")\n .priority(1000)\n .enableLogging(true)\n .action(\"allow\")\n .direction(\"EGRESS\")\n .match(RegionNetworkFirewallPolicyWithRulesRuleMatchArgs.builder()\n .layer4Configs(RegionNetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs.builder()\n .ipProtocol(\"tcp\")\n .ports( \n 8080,\n 7070)\n .build())\n .destIpRanges(\"11.100.0.1/32\")\n .destFqdns( \n \"www.yyy.com\",\n \"www.zzz.com\")\n .destRegionCodes( \n \"HK\",\n \"IN\")\n .destThreatIntelligences( \n \"iplist-search-engines-crawlers\",\n \"iplist-tor-exit-nodes\")\n .destAddressGroups(addressGroup1.id())\n .build())\n .targetSecureTags(RegionNetworkFirewallPolicyWithRulesRuleTargetSecureTagArgs.builder()\n .name(secureTagValue1.id())\n .build())\n .build(),\n RegionNetworkFirewallPolicyWithRulesRuleArgs.builder()\n .description(\"udp rule\")\n .ruleName(\"test-rule\")\n .priority(2000)\n .enableLogging(false)\n .action(\"deny\")\n .direction(\"INGRESS\")\n .match(RegionNetworkFirewallPolicyWithRulesRuleMatchArgs.builder()\n .layer4Configs(RegionNetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs.builder()\n .ipProtocol(\"udp\")\n .build())\n .srcIpRanges(\"0.0.0.0/0\")\n .srcFqdns( \n \"www.abc.com\",\n \"www.def.com\")\n .srcRegionCodes( \n \"US\",\n \"CA\")\n .srcThreatIntelligences( \n \"iplist-known-malicious-ips\",\n \"iplist-public-clouds\")\n .srcAddressGroups(addressGroup1.id())\n .srcSecureTags(RegionNetworkFirewallPolicyWithRulesRuleMatchSrcSecureTagArgs.builder()\n .name(secureTagValue1.id())\n .build())\n .build())\n .disabled(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n region-network-firewall-policy-with-rules:\n type: gcp:compute:RegionNetworkFirewallPolicyWithRules\n properties:\n name: tf-region-fw-policy-with-rules\n region: us-west2\n description: Terraform test\n rules:\n - description: tcp rule\n priority: 1000\n enableLogging: true\n action: allow\n direction: EGRESS\n match:\n layer4Configs:\n - ipProtocol: tcp\n ports:\n - 8080\n - 7070\n destIpRanges:\n - 11.100.0.1/32\n destFqdns:\n - www.yyy.com\n - www.zzz.com\n destRegionCodes:\n - HK\n - IN\n destThreatIntelligences:\n - iplist-search-engines-crawlers\n - iplist-tor-exit-nodes\n destAddressGroups:\n - ${addressGroup1.id}\n targetSecureTags:\n - name: ${secureTagValue1.id}\n - description: udp rule\n ruleName: test-rule\n priority: 2000\n enableLogging: false\n action: deny\n direction: INGRESS\n match:\n layer4Configs:\n - ipProtocol: udp\n srcIpRanges:\n - 0.0.0.0/0\n srcFqdns:\n - www.abc.com\n - www.def.com\n srcRegionCodes:\n - US\n - CA\n srcThreatIntelligences:\n - iplist-known-malicious-ips\n - iplist-public-clouds\n srcAddressGroups:\n - ${addressGroup1.id}\n srcSecureTags:\n - name: ${secureTagValue1.id}\n disabled: true\n addressGroup1:\n type: gcp:networksecurity:AddressGroup\n name: address_group_1\n properties:\n name: tf-address-group\n parent: ${project.id}\n description: Regional address group\n location: us-west2\n items:\n - 208.80.154.224/32\n type: IPV4\n capacity: 100\n secureTagKey1:\n type: gcp:tags:TagKey\n name: secure_tag_key_1\n properties:\n description: Tag key\n parent: ${project.id}\n purpose: GCE_FIREWALL\n shortName: tf-tag-key\n purposeData:\n network: ${project.name}/default\n secureTagValue1:\n type: gcp:tags:TagValue\n name: secure_tag_value_1\n properties:\n description: Tag value\n parent: ${secureTagKey1.id}\n shortName: tf-tag-value\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRegionNetworkFirewallPolicyWithRules can be imported using any of these accepted formats:\n\n* `projects/{{project}}/regions/{{region}}/firewallPolicies/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, RegionNetworkFirewallPolicyWithRules can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/regionNetworkFirewallPolicyWithRules:RegionNetworkFirewallPolicyWithRules default projects/{{project}}/regions/{{region}}/firewallPolicies/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionNetworkFirewallPolicyWithRules:RegionNetworkFirewallPolicyWithRules default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionNetworkFirewallPolicyWithRules:RegionNetworkFirewallPolicyWithRules default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionNetworkFirewallPolicyWithRules:RegionNetworkFirewallPolicyWithRules default {{name}}\n```\n\n", "properties": { "creationTimestamp": { "type": "string", @@ -177622,7 +177622,7 @@ } }, "gcp:compute/regionPerInstanceConfig:RegionPerInstanceConfig": { - "description": "A config defined for a single managed instance that belongs to an instance group manager. It preserves the instance name\nacross instance group manager operations and can define stateful disks or metadata that are unique to the instance.\nThis resource works with regional instance group managers.\n\n\nTo get more information about RegionPerInstanceConfig, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/instanceGroupManagers)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/compute/docs/instance-groups/stateful-migs#per-instance_configs)\n\n## Example Usage\n\n### Stateful Rigm\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst igm_basic = new gcp.compute.InstanceTemplate(\"igm-basic\", {\n name: \"my-template\",\n machineType: \"e2-medium\",\n canIpForward: false,\n tags: [\n \"foo\",\n \"bar\",\n ],\n disks: [{\n sourceImage: myImage.then(myImage =\u003e myImage.selfLink),\n autoDelete: true,\n boot: true,\n }],\n networkInterfaces: [{\n network: \"default\",\n }],\n serviceAccount: {\n scopes: [\n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\",\n ],\n },\n});\nconst rigm = new gcp.compute.RegionInstanceGroupManager(\"rigm\", {\n description: \"Demo test instance group manager\",\n name: \"my-rigm\",\n versions: [{\n name: \"prod\",\n instanceTemplate: igm_basic.selfLink,\n }],\n updatePolicy: {\n type: \"OPPORTUNISTIC\",\n instanceRedistributionType: \"NONE\",\n minimalAction: \"RESTART\",\n },\n baseInstanceName: \"rigm\",\n region: \"us-central1\",\n targetSize: 2,\n});\nconst _default = new gcp.compute.Disk(\"default\", {\n name: \"my-disk-name\",\n type: \"pd-ssd\",\n zone: \"us-central1-a\",\n image: \"debian-11-bullseye-v20220719\",\n physicalBlockSizeBytes: 4096,\n});\nconst withDisk = new gcp.compute.RegionPerInstanceConfig(\"with_disk\", {\n region: igm.region,\n regionInstanceGroupManager: rigm.name,\n name: \"instance-1\",\n preservedState: {\n metadata: {\n foo: \"bar\",\n instance_template: igm_basic.selfLink,\n },\n disks: [{\n deviceName: \"my-stateful-disk\",\n source: _default.id,\n mode: \"READ_ONLY\",\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\nigm_basic = gcp.compute.InstanceTemplate(\"igm-basic\",\n name=\"my-template\",\n machine_type=\"e2-medium\",\n can_ip_forward=False,\n tags=[\n \"foo\",\n \"bar\",\n ],\n disks=[{\n \"source_image\": my_image.self_link,\n \"auto_delete\": True,\n \"boot\": True,\n }],\n network_interfaces=[{\n \"network\": \"default\",\n }],\n service_account={\n \"scopes\": [\n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\",\n ],\n })\nrigm = gcp.compute.RegionInstanceGroupManager(\"rigm\",\n description=\"Demo test instance group manager\",\n name=\"my-rigm\",\n versions=[{\n \"name\": \"prod\",\n \"instance_template\": igm_basic.self_link,\n }],\n update_policy={\n \"type\": \"OPPORTUNISTIC\",\n \"instance_redistribution_type\": \"NONE\",\n \"minimal_action\": \"RESTART\",\n },\n base_instance_name=\"rigm\",\n region=\"us-central1\",\n target_size=2)\ndefault = gcp.compute.Disk(\"default\",\n name=\"my-disk-name\",\n type=\"pd-ssd\",\n zone=\"us-central1-a\",\n image=\"debian-11-bullseye-v20220719\",\n physical_block_size_bytes=4096)\nwith_disk = gcp.compute.RegionPerInstanceConfig(\"with_disk\",\n region=igm[\"region\"],\n region_instance_group_manager=rigm.name,\n name=\"instance-1\",\n preserved_state={\n \"metadata\": {\n \"foo\": \"bar\",\n \"instance_template\": igm_basic.self_link,\n },\n \"disks\": [{\n \"device_name\": \"my-stateful-disk\",\n \"source\": default.id,\n \"mode\": \"READ_ONLY\",\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var igm_basic = new Gcp.Compute.InstanceTemplate(\"igm-basic\", new()\n {\n Name = \"my-template\",\n MachineType = \"e2-medium\",\n CanIpForward = false,\n Tags = new[]\n {\n \"foo\",\n \"bar\",\n },\n Disks = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateDiskArgs\n {\n SourceImage = myImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n AutoDelete = true,\n Boot = true,\n },\n },\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs\n {\n Network = \"default\",\n },\n },\n ServiceAccount = new Gcp.Compute.Inputs.InstanceTemplateServiceAccountArgs\n {\n Scopes = new[]\n {\n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\",\n },\n },\n });\n\n var rigm = new Gcp.Compute.RegionInstanceGroupManager(\"rigm\", new()\n {\n Description = \"Demo test instance group manager\",\n Name = \"my-rigm\",\n Versions = new[]\n {\n new Gcp.Compute.Inputs.RegionInstanceGroupManagerVersionArgs\n {\n Name = \"prod\",\n InstanceTemplate = igm_basic.SelfLink,\n },\n },\n UpdatePolicy = new Gcp.Compute.Inputs.RegionInstanceGroupManagerUpdatePolicyArgs\n {\n Type = \"OPPORTUNISTIC\",\n InstanceRedistributionType = \"NONE\",\n MinimalAction = \"RESTART\",\n },\n BaseInstanceName = \"rigm\",\n Region = \"us-central1\",\n TargetSize = 2,\n });\n\n var @default = new Gcp.Compute.Disk(\"default\", new()\n {\n Name = \"my-disk-name\",\n Type = \"pd-ssd\",\n Zone = \"us-central1-a\",\n Image = \"debian-11-bullseye-v20220719\",\n PhysicalBlockSizeBytes = 4096,\n });\n\n var withDisk = new Gcp.Compute.RegionPerInstanceConfig(\"with_disk\", new()\n {\n Region = igm.Region,\n RegionInstanceGroupManager = rigm.Name,\n Name = \"instance-1\",\n PreservedState = new Gcp.Compute.Inputs.RegionPerInstanceConfigPreservedStateArgs\n {\n Metadata = \n {\n { \"foo\", \"bar\" },\n { \"instance_template\", igm_basic.SelfLink },\n },\n Disks = new[]\n {\n new Gcp.Compute.Inputs.RegionPerInstanceConfigPreservedStateDiskArgs\n {\n DeviceName = \"my-stateful-disk\",\n Source = @default.Id,\n Mode = \"READ_ONLY\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceTemplate(ctx, \"igm-basic\", \u0026compute.InstanceTemplateArgs{\n\t\t\tName: pulumi.String(\"my-template\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tCanIpForward: pulumi.Bool(false),\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"foo\"),\n\t\t\t\tpulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tDisks: compute.InstanceTemplateDiskArray{\n\t\t\t\t\u0026compute.InstanceTemplateDiskArgs{\n\t\t\t\t\tSourceImage: pulumi.String(myImage.SelfLink),\n\t\t\t\t\tAutoDelete: pulumi.Bool(true),\n\t\t\t\t\tBoot: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceTemplateNetworkInterfaceArgs{\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tServiceAccount: \u0026compute.InstanceTemplateServiceAccountArgs{\n\t\t\t\tScopes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"userinfo-email\"),\n\t\t\t\t\tpulumi.String(\"compute-ro\"),\n\t\t\t\t\tpulumi.String(\"storage-ro\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trigm, err := compute.NewRegionInstanceGroupManager(ctx, \"rigm\", \u0026compute.RegionInstanceGroupManagerArgs{\n\t\t\tDescription: pulumi.String(\"Demo test instance group manager\"),\n\t\t\tName: pulumi.String(\"my-rigm\"),\n\t\t\tVersions: compute.RegionInstanceGroupManagerVersionArray{\n\t\t\t\t\u0026compute.RegionInstanceGroupManagerVersionArgs{\n\t\t\t\t\tName: pulumi.String(\"prod\"),\n\t\t\t\t\tInstanceTemplate: igm_basic.SelfLink,\n\t\t\t\t},\n\t\t\t},\n\t\t\tUpdatePolicy: \u0026compute.RegionInstanceGroupManagerUpdatePolicyArgs{\n\t\t\t\tType: pulumi.String(\"OPPORTUNISTIC\"),\n\t\t\t\tInstanceRedistributionType: pulumi.String(\"NONE\"),\n\t\t\t\tMinimalAction: pulumi.String(\"RESTART\"),\n\t\t\t},\n\t\t\tBaseInstanceName: pulumi.String(\"rigm\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tTargetSize: pulumi.Int(2),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDisk(ctx, \"default\", \u0026compute.DiskArgs{\n\t\t\tName: pulumi.String(\"my-disk-name\"),\n\t\t\tType: pulumi.String(\"pd-ssd\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tImage: pulumi.String(\"debian-11-bullseye-v20220719\"),\n\t\t\tPhysicalBlockSizeBytes: pulumi.Int(4096),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionPerInstanceConfig(ctx, \"with_disk\", \u0026compute.RegionPerInstanceConfigArgs{\n\t\t\tRegion: pulumi.Any(igm.Region),\n\t\t\tRegionInstanceGroupManager: rigm.Name,\n\t\t\tName: pulumi.String(\"instance-1\"),\n\t\t\tPreservedState: \u0026compute.RegionPerInstanceConfigPreservedStateArgs{\n\t\t\t\tMetadata: pulumi.StringMap{\n\t\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t\t\t\"instance_template\": igm_basic.SelfLink,\n\t\t\t\t},\n\t\t\t\tDisks: compute.RegionPerInstanceConfigPreservedStateDiskArray{\n\t\t\t\t\t\u0026compute.RegionPerInstanceConfigPreservedStateDiskArgs{\n\t\t\t\t\t\tDeviceName: pulumi.String(\"my-stateful-disk\"),\n\t\t\t\t\t\tSource: _default.ID(),\n\t\t\t\t\t\tMode: pulumi.String(\"READ_ONLY\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.InstanceTemplate;\nimport com.pulumi.gcp.compute.InstanceTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateServiceAccountArgs;\nimport com.pulumi.gcp.compute.RegionInstanceGroupManager;\nimport com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;\nimport com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;\nimport com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerUpdatePolicyArgs;\nimport com.pulumi.gcp.compute.Disk;\nimport com.pulumi.gcp.compute.DiskArgs;\nimport com.pulumi.gcp.compute.RegionPerInstanceConfig;\nimport com.pulumi.gcp.compute.RegionPerInstanceConfigArgs;\nimport com.pulumi.gcp.compute.inputs.RegionPerInstanceConfigPreservedStateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var igm_basic = new InstanceTemplate(\"igm-basic\", InstanceTemplateArgs.builder()\n .name(\"my-template\")\n .machineType(\"e2-medium\")\n .canIpForward(false)\n .tags( \n \"foo\",\n \"bar\")\n .disks(InstanceTemplateDiskArgs.builder()\n .sourceImage(myImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .autoDelete(true)\n .boot(true)\n .build())\n .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()\n .network(\"default\")\n .build())\n .serviceAccount(InstanceTemplateServiceAccountArgs.builder()\n .scopes( \n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\")\n .build())\n .build());\n\n var rigm = new RegionInstanceGroupManager(\"rigm\", RegionInstanceGroupManagerArgs.builder()\n .description(\"Demo test instance group manager\")\n .name(\"my-rigm\")\n .versions(RegionInstanceGroupManagerVersionArgs.builder()\n .name(\"prod\")\n .instanceTemplate(igm_basic.selfLink())\n .build())\n .updatePolicy(RegionInstanceGroupManagerUpdatePolicyArgs.builder()\n .type(\"OPPORTUNISTIC\")\n .instanceRedistributionType(\"NONE\")\n .minimalAction(\"RESTART\")\n .build())\n .baseInstanceName(\"rigm\")\n .region(\"us-central1\")\n .targetSize(2)\n .build());\n\n var default_ = new Disk(\"default\", DiskArgs.builder()\n .name(\"my-disk-name\")\n .type(\"pd-ssd\")\n .zone(\"us-central1-a\")\n .image(\"debian-11-bullseye-v20220719\")\n .physicalBlockSizeBytes(4096)\n .build());\n\n var withDisk = new RegionPerInstanceConfig(\"withDisk\", RegionPerInstanceConfigArgs.builder()\n .region(igm.region())\n .regionInstanceGroupManager(rigm.name())\n .name(\"instance-1\")\n .preservedState(RegionPerInstanceConfigPreservedStateArgs.builder()\n .metadata(Map.ofEntries(\n Map.entry(\"foo\", \"bar\"),\n Map.entry(\"instance_template\", igm_basic.selfLink())\n ))\n .disks(RegionPerInstanceConfigPreservedStateDiskArgs.builder()\n .deviceName(\"my-stateful-disk\")\n .source(default_.id())\n .mode(\"READ_ONLY\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n igm-basic:\n type: gcp:compute:InstanceTemplate\n properties:\n name: my-template\n machineType: e2-medium\n canIpForward: false\n tags:\n - foo\n - bar\n disks:\n - sourceImage: ${myImage.selfLink}\n autoDelete: true\n boot: true\n networkInterfaces:\n - network: default\n serviceAccount:\n scopes:\n - userinfo-email\n - compute-ro\n - storage-ro\n rigm:\n type: gcp:compute:RegionInstanceGroupManager\n properties:\n description: Demo test instance group manager\n name: my-rigm\n versions:\n - name: prod\n instanceTemplate: ${[\"igm-basic\"].selfLink}\n updatePolicy:\n type: OPPORTUNISTIC\n instanceRedistributionType: NONE\n minimalAction: RESTART\n baseInstanceName: rigm\n region: us-central1\n targetSize: 2\n default:\n type: gcp:compute:Disk\n properties:\n name: my-disk-name\n type: pd-ssd\n zone: us-central1-a\n image: debian-11-bullseye-v20220719\n physicalBlockSizeBytes: 4096\n withDisk:\n type: gcp:compute:RegionPerInstanceConfig\n name: with_disk\n properties:\n region: ${igm.region}\n regionInstanceGroupManager: ${rigm.name}\n name: instance-1\n preservedState:\n metadata:\n foo: bar\n instance_template: ${[\"igm-basic\"].selfLink}\n disks:\n - deviceName: my-stateful-disk\n source: ${default.id}\n mode: READ_ONLY\nvariables:\n myImage:\n fn::invoke:\n Function: gcp:compute:getImage\n Arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRegionPerInstanceConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/regions/{{region}}/instanceGroupManagers/{{region_instance_group_manager}}/{{name}}`\n\n* `{{project}}/{{region}}/{{region_instance_group_manager}}/{{name}}`\n\n* `{{region}}/{{region_instance_group_manager}}/{{name}}`\n\n* `{{region_instance_group_manager}}/{{name}}`\n\nWhen using the `pulumi import` command, RegionPerInstanceConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/regionPerInstanceConfig:RegionPerInstanceConfig default projects/{{project}}/regions/{{region}}/instanceGroupManagers/{{region_instance_group_manager}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionPerInstanceConfig:RegionPerInstanceConfig default {{project}}/{{region}}/{{region_instance_group_manager}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionPerInstanceConfig:RegionPerInstanceConfig default {{region}}/{{region_instance_group_manager}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionPerInstanceConfig:RegionPerInstanceConfig default {{region_instance_group_manager}}/{{name}}\n```\n\n", + "description": "A config defined for a single managed instance that belongs to an instance group manager. It preserves the instance name\nacross instance group manager operations and can define stateful disks or metadata that are unique to the instance.\nThis resource works with regional instance group managers.\n\n\nTo get more information about RegionPerInstanceConfig, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/instanceGroupManagers)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/compute/docs/instance-groups/stateful-migs#per-instance_configs)\n\n## Example Usage\n\n### Stateful Rigm\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst igm_basic = new gcp.compute.InstanceTemplate(\"igm-basic\", {\n name: \"my-template\",\n machineType: \"e2-medium\",\n canIpForward: false,\n tags: [\n \"foo\",\n \"bar\",\n ],\n disks: [{\n sourceImage: myImage.then(myImage =\u003e myImage.selfLink),\n autoDelete: true,\n boot: true,\n }],\n networkInterfaces: [{\n network: \"default\",\n }],\n serviceAccount: {\n scopes: [\n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\",\n ],\n },\n});\nconst rigm = new gcp.compute.RegionInstanceGroupManager(\"rigm\", {\n description: \"Demo test instance group manager\",\n name: \"my-rigm\",\n versions: [{\n name: \"prod\",\n instanceTemplate: igm_basic.selfLink,\n }],\n updatePolicy: {\n type: \"OPPORTUNISTIC\",\n instanceRedistributionType: \"NONE\",\n minimalAction: \"RESTART\",\n },\n baseInstanceName: \"rigm\",\n region: \"us-central1\",\n targetSize: 2,\n});\nconst _default = new gcp.compute.Disk(\"default\", {\n name: \"my-disk-name\",\n type: \"pd-ssd\",\n zone: \"us-central1-a\",\n image: \"debian-11-bullseye-v20220719\",\n physicalBlockSizeBytes: 4096,\n});\nconst withDisk = new gcp.compute.RegionPerInstanceConfig(\"with_disk\", {\n region: igm.region,\n regionInstanceGroupManager: rigm.name,\n name: \"instance-1\",\n preservedState: {\n metadata: {\n foo: \"bar\",\n instance_template: igm_basic.selfLink,\n },\n disks: [{\n deviceName: \"my-stateful-disk\",\n source: _default.id,\n mode: \"READ_ONLY\",\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\nigm_basic = gcp.compute.InstanceTemplate(\"igm-basic\",\n name=\"my-template\",\n machine_type=\"e2-medium\",\n can_ip_forward=False,\n tags=[\n \"foo\",\n \"bar\",\n ],\n disks=[{\n \"source_image\": my_image.self_link,\n \"auto_delete\": True,\n \"boot\": True,\n }],\n network_interfaces=[{\n \"network\": \"default\",\n }],\n service_account={\n \"scopes\": [\n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\",\n ],\n })\nrigm = gcp.compute.RegionInstanceGroupManager(\"rigm\",\n description=\"Demo test instance group manager\",\n name=\"my-rigm\",\n versions=[{\n \"name\": \"prod\",\n \"instance_template\": igm_basic.self_link,\n }],\n update_policy={\n \"type\": \"OPPORTUNISTIC\",\n \"instance_redistribution_type\": \"NONE\",\n \"minimal_action\": \"RESTART\",\n },\n base_instance_name=\"rigm\",\n region=\"us-central1\",\n target_size=2)\ndefault = gcp.compute.Disk(\"default\",\n name=\"my-disk-name\",\n type=\"pd-ssd\",\n zone=\"us-central1-a\",\n image=\"debian-11-bullseye-v20220719\",\n physical_block_size_bytes=4096)\nwith_disk = gcp.compute.RegionPerInstanceConfig(\"with_disk\",\n region=igm[\"region\"],\n region_instance_group_manager=rigm.name,\n name=\"instance-1\",\n preserved_state={\n \"metadata\": {\n \"foo\": \"bar\",\n \"instance_template\": igm_basic.self_link,\n },\n \"disks\": [{\n \"device_name\": \"my-stateful-disk\",\n \"source\": default.id,\n \"mode\": \"READ_ONLY\",\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var igm_basic = new Gcp.Compute.InstanceTemplate(\"igm-basic\", new()\n {\n Name = \"my-template\",\n MachineType = \"e2-medium\",\n CanIpForward = false,\n Tags = new[]\n {\n \"foo\",\n \"bar\",\n },\n Disks = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateDiskArgs\n {\n SourceImage = myImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n AutoDelete = true,\n Boot = true,\n },\n },\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs\n {\n Network = \"default\",\n },\n },\n ServiceAccount = new Gcp.Compute.Inputs.InstanceTemplateServiceAccountArgs\n {\n Scopes = new[]\n {\n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\",\n },\n },\n });\n\n var rigm = new Gcp.Compute.RegionInstanceGroupManager(\"rigm\", new()\n {\n Description = \"Demo test instance group manager\",\n Name = \"my-rigm\",\n Versions = new[]\n {\n new Gcp.Compute.Inputs.RegionInstanceGroupManagerVersionArgs\n {\n Name = \"prod\",\n InstanceTemplate = igm_basic.SelfLink,\n },\n },\n UpdatePolicy = new Gcp.Compute.Inputs.RegionInstanceGroupManagerUpdatePolicyArgs\n {\n Type = \"OPPORTUNISTIC\",\n InstanceRedistributionType = \"NONE\",\n MinimalAction = \"RESTART\",\n },\n BaseInstanceName = \"rigm\",\n Region = \"us-central1\",\n TargetSize = 2,\n });\n\n var @default = new Gcp.Compute.Disk(\"default\", new()\n {\n Name = \"my-disk-name\",\n Type = \"pd-ssd\",\n Zone = \"us-central1-a\",\n Image = \"debian-11-bullseye-v20220719\",\n PhysicalBlockSizeBytes = 4096,\n });\n\n var withDisk = new Gcp.Compute.RegionPerInstanceConfig(\"with_disk\", new()\n {\n Region = igm.Region,\n RegionInstanceGroupManager = rigm.Name,\n Name = \"instance-1\",\n PreservedState = new Gcp.Compute.Inputs.RegionPerInstanceConfigPreservedStateArgs\n {\n Metadata = \n {\n { \"foo\", \"bar\" },\n { \"instance_template\", igm_basic.SelfLink },\n },\n Disks = new[]\n {\n new Gcp.Compute.Inputs.RegionPerInstanceConfigPreservedStateDiskArgs\n {\n DeviceName = \"my-stateful-disk\",\n Source = @default.Id,\n Mode = \"READ_ONLY\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceTemplate(ctx, \"igm-basic\", \u0026compute.InstanceTemplateArgs{\n\t\t\tName: pulumi.String(\"my-template\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tCanIpForward: pulumi.Bool(false),\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"foo\"),\n\t\t\t\tpulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tDisks: compute.InstanceTemplateDiskArray{\n\t\t\t\t\u0026compute.InstanceTemplateDiskArgs{\n\t\t\t\t\tSourceImage: pulumi.String(myImage.SelfLink),\n\t\t\t\t\tAutoDelete: pulumi.Bool(true),\n\t\t\t\t\tBoot: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceTemplateNetworkInterfaceArgs{\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tServiceAccount: \u0026compute.InstanceTemplateServiceAccountArgs{\n\t\t\t\tScopes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"userinfo-email\"),\n\t\t\t\t\tpulumi.String(\"compute-ro\"),\n\t\t\t\t\tpulumi.String(\"storage-ro\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trigm, err := compute.NewRegionInstanceGroupManager(ctx, \"rigm\", \u0026compute.RegionInstanceGroupManagerArgs{\n\t\t\tDescription: pulumi.String(\"Demo test instance group manager\"),\n\t\t\tName: pulumi.String(\"my-rigm\"),\n\t\t\tVersions: compute.RegionInstanceGroupManagerVersionArray{\n\t\t\t\t\u0026compute.RegionInstanceGroupManagerVersionArgs{\n\t\t\t\t\tName: pulumi.String(\"prod\"),\n\t\t\t\t\tInstanceTemplate: igm_basic.SelfLink,\n\t\t\t\t},\n\t\t\t},\n\t\t\tUpdatePolicy: \u0026compute.RegionInstanceGroupManagerUpdatePolicyArgs{\n\t\t\t\tType: pulumi.String(\"OPPORTUNISTIC\"),\n\t\t\t\tInstanceRedistributionType: pulumi.String(\"NONE\"),\n\t\t\t\tMinimalAction: pulumi.String(\"RESTART\"),\n\t\t\t},\n\t\t\tBaseInstanceName: pulumi.String(\"rigm\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tTargetSize: pulumi.Int(2),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDisk(ctx, \"default\", \u0026compute.DiskArgs{\n\t\t\tName: pulumi.String(\"my-disk-name\"),\n\t\t\tType: pulumi.String(\"pd-ssd\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tImage: pulumi.String(\"debian-11-bullseye-v20220719\"),\n\t\t\tPhysicalBlockSizeBytes: pulumi.Int(4096),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionPerInstanceConfig(ctx, \"with_disk\", \u0026compute.RegionPerInstanceConfigArgs{\n\t\t\tRegion: pulumi.Any(igm.Region),\n\t\t\tRegionInstanceGroupManager: rigm.Name,\n\t\t\tName: pulumi.String(\"instance-1\"),\n\t\t\tPreservedState: \u0026compute.RegionPerInstanceConfigPreservedStateArgs{\n\t\t\t\tMetadata: pulumi.StringMap{\n\t\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t\t\t\"instance_template\": igm_basic.SelfLink,\n\t\t\t\t},\n\t\t\t\tDisks: compute.RegionPerInstanceConfigPreservedStateDiskArray{\n\t\t\t\t\t\u0026compute.RegionPerInstanceConfigPreservedStateDiskArgs{\n\t\t\t\t\t\tDeviceName: pulumi.String(\"my-stateful-disk\"),\n\t\t\t\t\t\tSource: _default.ID(),\n\t\t\t\t\t\tMode: pulumi.String(\"READ_ONLY\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.InstanceTemplate;\nimport com.pulumi.gcp.compute.InstanceTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateServiceAccountArgs;\nimport com.pulumi.gcp.compute.RegionInstanceGroupManager;\nimport com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;\nimport com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;\nimport com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerUpdatePolicyArgs;\nimport com.pulumi.gcp.compute.Disk;\nimport com.pulumi.gcp.compute.DiskArgs;\nimport com.pulumi.gcp.compute.RegionPerInstanceConfig;\nimport com.pulumi.gcp.compute.RegionPerInstanceConfigArgs;\nimport com.pulumi.gcp.compute.inputs.RegionPerInstanceConfigPreservedStateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var igm_basic = new InstanceTemplate(\"igm-basic\", InstanceTemplateArgs.builder()\n .name(\"my-template\")\n .machineType(\"e2-medium\")\n .canIpForward(false)\n .tags( \n \"foo\",\n \"bar\")\n .disks(InstanceTemplateDiskArgs.builder()\n .sourceImage(myImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .autoDelete(true)\n .boot(true)\n .build())\n .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()\n .network(\"default\")\n .build())\n .serviceAccount(InstanceTemplateServiceAccountArgs.builder()\n .scopes( \n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\")\n .build())\n .build());\n\n var rigm = new RegionInstanceGroupManager(\"rigm\", RegionInstanceGroupManagerArgs.builder()\n .description(\"Demo test instance group manager\")\n .name(\"my-rigm\")\n .versions(RegionInstanceGroupManagerVersionArgs.builder()\n .name(\"prod\")\n .instanceTemplate(igm_basic.selfLink())\n .build())\n .updatePolicy(RegionInstanceGroupManagerUpdatePolicyArgs.builder()\n .type(\"OPPORTUNISTIC\")\n .instanceRedistributionType(\"NONE\")\n .minimalAction(\"RESTART\")\n .build())\n .baseInstanceName(\"rigm\")\n .region(\"us-central1\")\n .targetSize(2)\n .build());\n\n var default_ = new Disk(\"default\", DiskArgs.builder()\n .name(\"my-disk-name\")\n .type(\"pd-ssd\")\n .zone(\"us-central1-a\")\n .image(\"debian-11-bullseye-v20220719\")\n .physicalBlockSizeBytes(4096)\n .build());\n\n var withDisk = new RegionPerInstanceConfig(\"withDisk\", RegionPerInstanceConfigArgs.builder()\n .region(igm.region())\n .regionInstanceGroupManager(rigm.name())\n .name(\"instance-1\")\n .preservedState(RegionPerInstanceConfigPreservedStateArgs.builder()\n .metadata(Map.ofEntries(\n Map.entry(\"foo\", \"bar\"),\n Map.entry(\"instance_template\", igm_basic.selfLink())\n ))\n .disks(RegionPerInstanceConfigPreservedStateDiskArgs.builder()\n .deviceName(\"my-stateful-disk\")\n .source(default_.id())\n .mode(\"READ_ONLY\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n igm-basic:\n type: gcp:compute:InstanceTemplate\n properties:\n name: my-template\n machineType: e2-medium\n canIpForward: false\n tags:\n - foo\n - bar\n disks:\n - sourceImage: ${myImage.selfLink}\n autoDelete: true\n boot: true\n networkInterfaces:\n - network: default\n serviceAccount:\n scopes:\n - userinfo-email\n - compute-ro\n - storage-ro\n rigm:\n type: gcp:compute:RegionInstanceGroupManager\n properties:\n description: Demo test instance group manager\n name: my-rigm\n versions:\n - name: prod\n instanceTemplate: ${[\"igm-basic\"].selfLink}\n updatePolicy:\n type: OPPORTUNISTIC\n instanceRedistributionType: NONE\n minimalAction: RESTART\n baseInstanceName: rigm\n region: us-central1\n targetSize: 2\n default:\n type: gcp:compute:Disk\n properties:\n name: my-disk-name\n type: pd-ssd\n zone: us-central1-a\n image: debian-11-bullseye-v20220719\n physicalBlockSizeBytes: 4096\n withDisk:\n type: gcp:compute:RegionPerInstanceConfig\n name: with_disk\n properties:\n region: ${igm.region}\n regionInstanceGroupManager: ${rigm.name}\n name: instance-1\n preservedState:\n metadata:\n foo: bar\n instance_template: ${[\"igm-basic\"].selfLink}\n disks:\n - deviceName: my-stateful-disk\n source: ${default.id}\n mode: READ_ONLY\nvariables:\n myImage:\n fn::invoke:\n function: gcp:compute:getImage\n arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRegionPerInstanceConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/regions/{{region}}/instanceGroupManagers/{{region_instance_group_manager}}/{{name}}`\n\n* `{{project}}/{{region}}/{{region_instance_group_manager}}/{{name}}`\n\n* `{{region}}/{{region_instance_group_manager}}/{{name}}`\n\n* `{{region_instance_group_manager}}/{{name}}`\n\nWhen using the `pulumi import` command, RegionPerInstanceConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/regionPerInstanceConfig:RegionPerInstanceConfig default projects/{{project}}/regions/{{region}}/instanceGroupManagers/{{region_instance_group_manager}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionPerInstanceConfig:RegionPerInstanceConfig default {{project}}/{{region}}/{{region_instance_group_manager}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionPerInstanceConfig:RegionPerInstanceConfig default {{region}}/{{region_instance_group_manager}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionPerInstanceConfig:RegionPerInstanceConfig default {{region_instance_group_manager}}/{{name}}\n```\n\n", "properties": { "minimalAction": { "type": "string", @@ -178093,7 +178093,7 @@ } }, "gcp:compute/regionSecurityPolicyRule:RegionSecurityPolicyRule": { - "description": "## Example Usage\n\n### Region Security Policy Rule Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.RegionSecurityPolicy(\"default\", {\n region: \"us-west2\",\n name: \"policyruletest\",\n description: \"basic region security policy\",\n type: \"CLOUD_ARMOR\",\n});\nconst policyRule = new gcp.compute.RegionSecurityPolicyRule(\"policy_rule\", {\n region: \"us-west2\",\n securityPolicy: _default.name,\n description: \"new rule\",\n priority: 100,\n match: {\n versionedExpr: \"SRC_IPS_V1\",\n config: {\n srcIpRanges: [\"10.10.0.0/16\"],\n },\n },\n action: \"allow\",\n preview: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.RegionSecurityPolicy(\"default\",\n region=\"us-west2\",\n name=\"policyruletest\",\n description=\"basic region security policy\",\n type=\"CLOUD_ARMOR\")\npolicy_rule = gcp.compute.RegionSecurityPolicyRule(\"policy_rule\",\n region=\"us-west2\",\n security_policy=default.name,\n description=\"new rule\",\n priority=100,\n match={\n \"versioned_expr\": \"SRC_IPS_V1\",\n \"config\": {\n \"src_ip_ranges\": [\"10.10.0.0/16\"],\n },\n },\n action=\"allow\",\n preview=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.RegionSecurityPolicy(\"default\", new()\n {\n Region = \"us-west2\",\n Name = \"policyruletest\",\n Description = \"basic region security policy\",\n Type = \"CLOUD_ARMOR\",\n });\n\n var policyRule = new Gcp.Compute.RegionSecurityPolicyRule(\"policy_rule\", new()\n {\n Region = \"us-west2\",\n SecurityPolicy = @default.Name,\n Description = \"new rule\",\n Priority = 100,\n Match = new Gcp.Compute.Inputs.RegionSecurityPolicyRuleMatchArgs\n {\n VersionedExpr = \"SRC_IPS_V1\",\n Config = new Gcp.Compute.Inputs.RegionSecurityPolicyRuleMatchConfigArgs\n {\n SrcIpRanges = new[]\n {\n \"10.10.0.0/16\",\n },\n },\n },\n Action = \"allow\",\n Preview = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionSecurityPolicy(ctx, \"default\", \u0026compute.RegionSecurityPolicyArgs{\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tName: pulumi.String(\"policyruletest\"),\n\t\t\tDescription: pulumi.String(\"basic region security policy\"),\n\t\t\tType: pulumi.String(\"CLOUD_ARMOR\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionSecurityPolicyRule(ctx, \"policy_rule\", \u0026compute.RegionSecurityPolicyRuleArgs{\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tSecurityPolicy: _default.Name,\n\t\t\tDescription: pulumi.String(\"new rule\"),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tMatch: \u0026compute.RegionSecurityPolicyRuleMatchArgs{\n\t\t\t\tVersionedExpr: pulumi.String(\"SRC_IPS_V1\"),\n\t\t\t\tConfig: \u0026compute.RegionSecurityPolicyRuleMatchConfigArgs{\n\t\t\t\t\tSrcIpRanges: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"10.10.0.0/16\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\tPreview: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionSecurityPolicy;\nimport com.pulumi.gcp.compute.RegionSecurityPolicyArgs;\nimport com.pulumi.gcp.compute.RegionSecurityPolicyRule;\nimport com.pulumi.gcp.compute.RegionSecurityPolicyRuleArgs;\nimport com.pulumi.gcp.compute.inputs.RegionSecurityPolicyRuleMatchArgs;\nimport com.pulumi.gcp.compute.inputs.RegionSecurityPolicyRuleMatchConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new RegionSecurityPolicy(\"default\", RegionSecurityPolicyArgs.builder()\n .region(\"us-west2\")\n .name(\"policyruletest\")\n .description(\"basic region security policy\")\n .type(\"CLOUD_ARMOR\")\n .build());\n\n var policyRule = new RegionSecurityPolicyRule(\"policyRule\", RegionSecurityPolicyRuleArgs.builder()\n .region(\"us-west2\")\n .securityPolicy(default_.name())\n .description(\"new rule\")\n .priority(100)\n .match(RegionSecurityPolicyRuleMatchArgs.builder()\n .versionedExpr(\"SRC_IPS_V1\")\n .config(RegionSecurityPolicyRuleMatchConfigArgs.builder()\n .srcIpRanges(\"10.10.0.0/16\")\n .build())\n .build())\n .action(\"allow\")\n .preview(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionSecurityPolicy\n properties:\n region: us-west2\n name: policyruletest\n description: basic region security policy\n type: CLOUD_ARMOR\n policyRule:\n type: gcp:compute:RegionSecurityPolicyRule\n name: policy_rule\n properties:\n region: us-west2\n securityPolicy: ${default.name}\n description: new rule\n priority: 100\n match:\n versionedExpr: SRC_IPS_V1\n config:\n srcIpRanges:\n - 10.10.0.0/16\n action: allow\n preview: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Security Policy Rule Multiple Rules\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.RegionSecurityPolicy(\"default\", {\n region: \"us-west2\",\n name: \"policywithmultiplerules\",\n description: \"basic region security policy\",\n type: \"CLOUD_ARMOR\",\n});\nconst policyRuleOne = new gcp.compute.RegionSecurityPolicyRule(\"policy_rule_one\", {\n region: \"us-west2\",\n securityPolicy: _default.name,\n description: \"new rule one\",\n priority: 100,\n match: {\n versionedExpr: \"SRC_IPS_V1\",\n config: {\n srcIpRanges: [\"10.10.0.0/16\"],\n },\n },\n action: \"allow\",\n preview: true,\n});\nconst policyRuleTwo = new gcp.compute.RegionSecurityPolicyRule(\"policy_rule_two\", {\n region: \"us-west2\",\n securityPolicy: _default.name,\n description: \"new rule two\",\n priority: 101,\n match: {\n versionedExpr: \"SRC_IPS_V1\",\n config: {\n srcIpRanges: [\n \"192.168.0.0/16\",\n \"10.0.0.0/8\",\n ],\n },\n },\n action: \"allow\",\n preview: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.RegionSecurityPolicy(\"default\",\n region=\"us-west2\",\n name=\"policywithmultiplerules\",\n description=\"basic region security policy\",\n type=\"CLOUD_ARMOR\")\npolicy_rule_one = gcp.compute.RegionSecurityPolicyRule(\"policy_rule_one\",\n region=\"us-west2\",\n security_policy=default.name,\n description=\"new rule one\",\n priority=100,\n match={\n \"versioned_expr\": \"SRC_IPS_V1\",\n \"config\": {\n \"src_ip_ranges\": [\"10.10.0.0/16\"],\n },\n },\n action=\"allow\",\n preview=True)\npolicy_rule_two = gcp.compute.RegionSecurityPolicyRule(\"policy_rule_two\",\n region=\"us-west2\",\n security_policy=default.name,\n description=\"new rule two\",\n priority=101,\n match={\n \"versioned_expr\": \"SRC_IPS_V1\",\n \"config\": {\n \"src_ip_ranges\": [\n \"192.168.0.0/16\",\n \"10.0.0.0/8\",\n ],\n },\n },\n action=\"allow\",\n preview=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.RegionSecurityPolicy(\"default\", new()\n {\n Region = \"us-west2\",\n Name = \"policywithmultiplerules\",\n Description = \"basic region security policy\",\n Type = \"CLOUD_ARMOR\",\n });\n\n var policyRuleOne = new Gcp.Compute.RegionSecurityPolicyRule(\"policy_rule_one\", new()\n {\n Region = \"us-west2\",\n SecurityPolicy = @default.Name,\n Description = \"new rule one\",\n Priority = 100,\n Match = new Gcp.Compute.Inputs.RegionSecurityPolicyRuleMatchArgs\n {\n VersionedExpr = \"SRC_IPS_V1\",\n Config = new Gcp.Compute.Inputs.RegionSecurityPolicyRuleMatchConfigArgs\n {\n SrcIpRanges = new[]\n {\n \"10.10.0.0/16\",\n },\n },\n },\n Action = \"allow\",\n Preview = true,\n });\n\n var policyRuleTwo = new Gcp.Compute.RegionSecurityPolicyRule(\"policy_rule_two\", new()\n {\n Region = \"us-west2\",\n SecurityPolicy = @default.Name,\n Description = \"new rule two\",\n Priority = 101,\n Match = new Gcp.Compute.Inputs.RegionSecurityPolicyRuleMatchArgs\n {\n VersionedExpr = \"SRC_IPS_V1\",\n Config = new Gcp.Compute.Inputs.RegionSecurityPolicyRuleMatchConfigArgs\n {\n SrcIpRanges = new[]\n {\n \"192.168.0.0/16\",\n \"10.0.0.0/8\",\n },\n },\n },\n Action = \"allow\",\n Preview = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionSecurityPolicy(ctx, \"default\", \u0026compute.RegionSecurityPolicyArgs{\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tName: pulumi.String(\"policywithmultiplerules\"),\n\t\t\tDescription: pulumi.String(\"basic region security policy\"),\n\t\t\tType: pulumi.String(\"CLOUD_ARMOR\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionSecurityPolicyRule(ctx, \"policy_rule_one\", \u0026compute.RegionSecurityPolicyRuleArgs{\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tSecurityPolicy: _default.Name,\n\t\t\tDescription: pulumi.String(\"new rule one\"),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tMatch: \u0026compute.RegionSecurityPolicyRuleMatchArgs{\n\t\t\t\tVersionedExpr: pulumi.String(\"SRC_IPS_V1\"),\n\t\t\t\tConfig: \u0026compute.RegionSecurityPolicyRuleMatchConfigArgs{\n\t\t\t\t\tSrcIpRanges: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"10.10.0.0/16\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\tPreview: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionSecurityPolicyRule(ctx, \"policy_rule_two\", \u0026compute.RegionSecurityPolicyRuleArgs{\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tSecurityPolicy: _default.Name,\n\t\t\tDescription: pulumi.String(\"new rule two\"),\n\t\t\tPriority: pulumi.Int(101),\n\t\t\tMatch: \u0026compute.RegionSecurityPolicyRuleMatchArgs{\n\t\t\t\tVersionedExpr: pulumi.String(\"SRC_IPS_V1\"),\n\t\t\t\tConfig: \u0026compute.RegionSecurityPolicyRuleMatchConfigArgs{\n\t\t\t\t\tSrcIpRanges: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"192.168.0.0/16\"),\n\t\t\t\t\t\tpulumi.String(\"10.0.0.0/8\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\tPreview: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionSecurityPolicy;\nimport com.pulumi.gcp.compute.RegionSecurityPolicyArgs;\nimport com.pulumi.gcp.compute.RegionSecurityPolicyRule;\nimport com.pulumi.gcp.compute.RegionSecurityPolicyRuleArgs;\nimport com.pulumi.gcp.compute.inputs.RegionSecurityPolicyRuleMatchArgs;\nimport com.pulumi.gcp.compute.inputs.RegionSecurityPolicyRuleMatchConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new RegionSecurityPolicy(\"default\", RegionSecurityPolicyArgs.builder()\n .region(\"us-west2\")\n .name(\"policywithmultiplerules\")\n .description(\"basic region security policy\")\n .type(\"CLOUD_ARMOR\")\n .build());\n\n var policyRuleOne = new RegionSecurityPolicyRule(\"policyRuleOne\", RegionSecurityPolicyRuleArgs.builder()\n .region(\"us-west2\")\n .securityPolicy(default_.name())\n .description(\"new rule one\")\n .priority(100)\n .match(RegionSecurityPolicyRuleMatchArgs.builder()\n .versionedExpr(\"SRC_IPS_V1\")\n .config(RegionSecurityPolicyRuleMatchConfigArgs.builder()\n .srcIpRanges(\"10.10.0.0/16\")\n .build())\n .build())\n .action(\"allow\")\n .preview(true)\n .build());\n\n var policyRuleTwo = new RegionSecurityPolicyRule(\"policyRuleTwo\", RegionSecurityPolicyRuleArgs.builder()\n .region(\"us-west2\")\n .securityPolicy(default_.name())\n .description(\"new rule two\")\n .priority(101)\n .match(RegionSecurityPolicyRuleMatchArgs.builder()\n .versionedExpr(\"SRC_IPS_V1\")\n .config(RegionSecurityPolicyRuleMatchConfigArgs.builder()\n .srcIpRanges( \n \"192.168.0.0/16\",\n \"10.0.0.0/8\")\n .build())\n .build())\n .action(\"allow\")\n .preview(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionSecurityPolicy\n properties:\n region: us-west2\n name: policywithmultiplerules\n description: basic region security policy\n type: CLOUD_ARMOR\n policyRuleOne:\n type: gcp:compute:RegionSecurityPolicyRule\n name: policy_rule_one\n properties:\n region: us-west2\n securityPolicy: ${default.name}\n description: new rule one\n priority: 100\n match:\n versionedExpr: SRC_IPS_V1\n config:\n srcIpRanges:\n - 10.10.0.0/16\n action: allow\n preview: true\n policyRuleTwo:\n type: gcp:compute:RegionSecurityPolicyRule\n name: policy_rule_two\n properties:\n region: us-west2\n securityPolicy: ${default.name}\n description: new rule two\n priority: 101\n match:\n versionedExpr: SRC_IPS_V1\n config:\n srcIpRanges:\n - 192.168.0.0/16\n - 10.0.0.0/8\n action: allow\n preview: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Security Policy Rule Default Rule\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.RegionSecurityPolicy(\"default\", {\n region: \"us-west2\",\n name: \"policywithdefaultrule\",\n description: \"basic region security policy\",\n type: \"CLOUD_ARMOR\",\n});\nconst defaultRule = new gcp.compute.RegionSecurityPolicyRule(\"default_rule\", {\n region: \"us-west2\",\n securityPolicy: _default.name,\n description: \"new rule\",\n action: \"deny\",\n priority: 2147483647,\n match: {\n versionedExpr: \"SRC_IPS_V1\",\n config: {\n srcIpRanges: [\"*\"],\n },\n },\n});\nconst policyRule = new gcp.compute.RegionSecurityPolicyRule(\"policy_rule\", {\n region: \"us-west2\",\n securityPolicy: _default.name,\n description: \"new rule\",\n priority: 100,\n match: {\n versionedExpr: \"SRC_IPS_V1\",\n config: {\n srcIpRanges: [\"10.10.0.0/16\"],\n },\n },\n action: \"allow\",\n preview: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.RegionSecurityPolicy(\"default\",\n region=\"us-west2\",\n name=\"policywithdefaultrule\",\n description=\"basic region security policy\",\n type=\"CLOUD_ARMOR\")\ndefault_rule = gcp.compute.RegionSecurityPolicyRule(\"default_rule\",\n region=\"us-west2\",\n security_policy=default.name,\n description=\"new rule\",\n action=\"deny\",\n priority=2147483647,\n match={\n \"versioned_expr\": \"SRC_IPS_V1\",\n \"config\": {\n \"src_ip_ranges\": [\"*\"],\n },\n })\npolicy_rule = gcp.compute.RegionSecurityPolicyRule(\"policy_rule\",\n region=\"us-west2\",\n security_policy=default.name,\n description=\"new rule\",\n priority=100,\n match={\n \"versioned_expr\": \"SRC_IPS_V1\",\n \"config\": {\n \"src_ip_ranges\": [\"10.10.0.0/16\"],\n },\n },\n action=\"allow\",\n preview=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.RegionSecurityPolicy(\"default\", new()\n {\n Region = \"us-west2\",\n Name = \"policywithdefaultrule\",\n Description = \"basic region security policy\",\n Type = \"CLOUD_ARMOR\",\n });\n\n var defaultRule = new Gcp.Compute.RegionSecurityPolicyRule(\"default_rule\", new()\n {\n Region = \"us-west2\",\n SecurityPolicy = @default.Name,\n Description = \"new rule\",\n Action = \"deny\",\n Priority = 2147483647,\n Match = new Gcp.Compute.Inputs.RegionSecurityPolicyRuleMatchArgs\n {\n VersionedExpr = \"SRC_IPS_V1\",\n Config = new Gcp.Compute.Inputs.RegionSecurityPolicyRuleMatchConfigArgs\n {\n SrcIpRanges = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var policyRule = new Gcp.Compute.RegionSecurityPolicyRule(\"policy_rule\", new()\n {\n Region = \"us-west2\",\n SecurityPolicy = @default.Name,\n Description = \"new rule\",\n Priority = 100,\n Match = new Gcp.Compute.Inputs.RegionSecurityPolicyRuleMatchArgs\n {\n VersionedExpr = \"SRC_IPS_V1\",\n Config = new Gcp.Compute.Inputs.RegionSecurityPolicyRuleMatchConfigArgs\n {\n SrcIpRanges = new[]\n {\n \"10.10.0.0/16\",\n },\n },\n },\n Action = \"allow\",\n Preview = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionSecurityPolicy(ctx, \"default\", \u0026compute.RegionSecurityPolicyArgs{\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tName: pulumi.String(\"policywithdefaultrule\"),\n\t\t\tDescription: pulumi.String(\"basic region security policy\"),\n\t\t\tType: pulumi.String(\"CLOUD_ARMOR\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionSecurityPolicyRule(ctx, \"default_rule\", \u0026compute.RegionSecurityPolicyRuleArgs{\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tSecurityPolicy: _default.Name,\n\t\t\tDescription: pulumi.String(\"new rule\"),\n\t\t\tAction: pulumi.String(\"deny\"),\n\t\t\tPriority: pulumi.Int(2147483647),\n\t\t\tMatch: \u0026compute.RegionSecurityPolicyRuleMatchArgs{\n\t\t\t\tVersionedExpr: pulumi.String(\"SRC_IPS_V1\"),\n\t\t\t\tConfig: \u0026compute.RegionSecurityPolicyRuleMatchConfigArgs{\n\t\t\t\t\tSrcIpRanges: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"*\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionSecurityPolicyRule(ctx, \"policy_rule\", \u0026compute.RegionSecurityPolicyRuleArgs{\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tSecurityPolicy: _default.Name,\n\t\t\tDescription: pulumi.String(\"new rule\"),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tMatch: \u0026compute.RegionSecurityPolicyRuleMatchArgs{\n\t\t\t\tVersionedExpr: pulumi.String(\"SRC_IPS_V1\"),\n\t\t\t\tConfig: \u0026compute.RegionSecurityPolicyRuleMatchConfigArgs{\n\t\t\t\t\tSrcIpRanges: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"10.10.0.0/16\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\tPreview: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionSecurityPolicy;\nimport com.pulumi.gcp.compute.RegionSecurityPolicyArgs;\nimport com.pulumi.gcp.compute.RegionSecurityPolicyRule;\nimport com.pulumi.gcp.compute.RegionSecurityPolicyRuleArgs;\nimport com.pulumi.gcp.compute.inputs.RegionSecurityPolicyRuleMatchArgs;\nimport com.pulumi.gcp.compute.inputs.RegionSecurityPolicyRuleMatchConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new RegionSecurityPolicy(\"default\", RegionSecurityPolicyArgs.builder()\n .region(\"us-west2\")\n .name(\"policywithdefaultrule\")\n .description(\"basic region security policy\")\n .type(\"CLOUD_ARMOR\")\n .build());\n\n var defaultRule = new RegionSecurityPolicyRule(\"defaultRule\", RegionSecurityPolicyRuleArgs.builder()\n .region(\"us-west2\")\n .securityPolicy(default_.name())\n .description(\"new rule\")\n .action(\"deny\")\n .priority(\"2147483647\")\n .match(RegionSecurityPolicyRuleMatchArgs.builder()\n .versionedExpr(\"SRC_IPS_V1\")\n .config(RegionSecurityPolicyRuleMatchConfigArgs.builder()\n .srcIpRanges(\"*\")\n .build())\n .build())\n .build());\n\n var policyRule = new RegionSecurityPolicyRule(\"policyRule\", RegionSecurityPolicyRuleArgs.builder()\n .region(\"us-west2\")\n .securityPolicy(default_.name())\n .description(\"new rule\")\n .priority(100)\n .match(RegionSecurityPolicyRuleMatchArgs.builder()\n .versionedExpr(\"SRC_IPS_V1\")\n .config(RegionSecurityPolicyRuleMatchConfigArgs.builder()\n .srcIpRanges(\"10.10.0.0/16\")\n .build())\n .build())\n .action(\"allow\")\n .preview(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionSecurityPolicy\n properties:\n region: us-west2\n name: policywithdefaultrule\n description: basic region security policy\n type: CLOUD_ARMOR\n defaultRule:\n type: gcp:compute:RegionSecurityPolicyRule\n name: default_rule\n properties:\n region: us-west2\n securityPolicy: ${default.name}\n description: new rule\n action: deny\n priority: '2147483647'\n match:\n versionedExpr: SRC_IPS_V1\n config:\n srcIpRanges:\n - '*'\n policyRule:\n type: gcp:compute:RegionSecurityPolicyRule\n name: policy_rule\n properties:\n region: us-west2\n securityPolicy: ${default.name}\n description: new rule\n priority: 100\n match:\n versionedExpr: SRC_IPS_V1\n config:\n srcIpRanges:\n - 10.10.0.0/16\n action: allow\n preview: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Security Policy Rule With Preconfigured Waf Config\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.RegionSecurityPolicy(\"default\", {\n region: \"asia-southeast1\",\n name: \"policyruletest\",\n description: \"basic region security policy\",\n type: \"CLOUD_ARMOR\",\n});\nconst policyRule = new gcp.compute.RegionSecurityPolicyRule(\"policy_rule\", {\n region: \"asia-southeast1\",\n securityPolicy: _default.name,\n description: \"new rule\",\n priority: 100,\n match: {\n versionedExpr: \"SRC_IPS_V1\",\n config: {\n srcIpRanges: [\"10.10.0.0/16\"],\n },\n },\n preconfiguredWafConfig: {\n exclusions: [\n {\n requestUris: [{\n operator: \"STARTS_WITH\",\n value: \"/admin\",\n }],\n targetRuleSet: \"rce-stable\",\n },\n {\n requestQueryParams: [\n {\n operator: \"CONTAINS\",\n value: \"password\",\n },\n {\n operator: \"STARTS_WITH\",\n value: \"freeform\",\n },\n {\n operator: \"EQUALS\",\n value: \"description\",\n },\n ],\n targetRuleSet: \"xss-stable\",\n targetRuleIds: [\n \"owasp-crs-v030001-id941330-xss\",\n \"owasp-crs-v030001-id941340-xss\",\n ],\n },\n ],\n },\n action: \"allow\",\n preview: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.RegionSecurityPolicy(\"default\",\n region=\"asia-southeast1\",\n name=\"policyruletest\",\n description=\"basic region security policy\",\n type=\"CLOUD_ARMOR\")\npolicy_rule = gcp.compute.RegionSecurityPolicyRule(\"policy_rule\",\n region=\"asia-southeast1\",\n security_policy=default.name,\n description=\"new rule\",\n priority=100,\n match={\n \"versioned_expr\": \"SRC_IPS_V1\",\n \"config\": {\n \"src_ip_ranges\": [\"10.10.0.0/16\"],\n },\n },\n preconfigured_waf_config={\n \"exclusions\": [\n {\n \"request_uris\": [{\n \"operator\": \"STARTS_WITH\",\n \"value\": \"/admin\",\n }],\n \"target_rule_set\": \"rce-stable\",\n },\n {\n \"request_query_params\": [\n {\n \"operator\": \"CONTAINS\",\n \"value\": \"password\",\n },\n {\n \"operator\": \"STARTS_WITH\",\n \"value\": \"freeform\",\n },\n {\n \"operator\": \"EQUALS\",\n \"value\": \"description\",\n },\n ],\n \"target_rule_set\": \"xss-stable\",\n \"target_rule_ids\": [\n \"owasp-crs-v030001-id941330-xss\",\n \"owasp-crs-v030001-id941340-xss\",\n ],\n },\n ],\n },\n action=\"allow\",\n preview=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.RegionSecurityPolicy(\"default\", new()\n {\n Region = \"asia-southeast1\",\n Name = \"policyruletest\",\n Description = \"basic region security policy\",\n Type = \"CLOUD_ARMOR\",\n });\n\n var policyRule = new Gcp.Compute.RegionSecurityPolicyRule(\"policy_rule\", new()\n {\n Region = \"asia-southeast1\",\n SecurityPolicy = @default.Name,\n Description = \"new rule\",\n Priority = 100,\n Match = new Gcp.Compute.Inputs.RegionSecurityPolicyRuleMatchArgs\n {\n VersionedExpr = \"SRC_IPS_V1\",\n Config = new Gcp.Compute.Inputs.RegionSecurityPolicyRuleMatchConfigArgs\n {\n SrcIpRanges = new[]\n {\n \"10.10.0.0/16\",\n },\n },\n },\n PreconfiguredWafConfig = new Gcp.Compute.Inputs.RegionSecurityPolicyRulePreconfiguredWafConfigArgs\n {\n Exclusions = new[]\n {\n new Gcp.Compute.Inputs.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionArgs\n {\n RequestUris = new[]\n {\n new Gcp.Compute.Inputs.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUriArgs\n {\n Operator = \"STARTS_WITH\",\n Value = \"/admin\",\n },\n },\n TargetRuleSet = \"rce-stable\",\n },\n new Gcp.Compute.Inputs.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionArgs\n {\n RequestQueryParams = new[]\n {\n new Gcp.Compute.Inputs.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArgs\n {\n Operator = \"CONTAINS\",\n Value = \"password\",\n },\n new Gcp.Compute.Inputs.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArgs\n {\n Operator = \"STARTS_WITH\",\n Value = \"freeform\",\n },\n new Gcp.Compute.Inputs.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArgs\n {\n Operator = \"EQUALS\",\n Value = \"description\",\n },\n },\n TargetRuleSet = \"xss-stable\",\n TargetRuleIds = new[]\n {\n \"owasp-crs-v030001-id941330-xss\",\n \"owasp-crs-v030001-id941340-xss\",\n },\n },\n },\n },\n Action = \"allow\",\n Preview = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionSecurityPolicy(ctx, \"default\", \u0026compute.RegionSecurityPolicyArgs{\n\t\t\tRegion: pulumi.String(\"asia-southeast1\"),\n\t\t\tName: pulumi.String(\"policyruletest\"),\n\t\t\tDescription: pulumi.String(\"basic region security policy\"),\n\t\t\tType: pulumi.String(\"CLOUD_ARMOR\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionSecurityPolicyRule(ctx, \"policy_rule\", \u0026compute.RegionSecurityPolicyRuleArgs{\n\t\t\tRegion: pulumi.String(\"asia-southeast1\"),\n\t\t\tSecurityPolicy: _default.Name,\n\t\t\tDescription: pulumi.String(\"new rule\"),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tMatch: \u0026compute.RegionSecurityPolicyRuleMatchArgs{\n\t\t\t\tVersionedExpr: pulumi.String(\"SRC_IPS_V1\"),\n\t\t\t\tConfig: \u0026compute.RegionSecurityPolicyRuleMatchConfigArgs{\n\t\t\t\t\tSrcIpRanges: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"10.10.0.0/16\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tPreconfiguredWafConfig: \u0026compute.RegionSecurityPolicyRulePreconfiguredWafConfigArgs{\n\t\t\t\tExclusions: compute.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionArray{\n\t\t\t\t\t\u0026compute.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionArgs{\n\t\t\t\t\t\tRequestUris: compute.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUriArray{\n\t\t\t\t\t\t\t\u0026compute.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUriArgs{\n\t\t\t\t\t\t\t\tOperator: pulumi.String(\"STARTS_WITH\"),\n\t\t\t\t\t\t\t\tValue: pulumi.String(\"/admin\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tTargetRuleSet: pulumi.String(\"rce-stable\"),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026compute.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionArgs{\n\t\t\t\t\t\tRequestQueryParams: compute.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArray{\n\t\t\t\t\t\t\t\u0026compute.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArgs{\n\t\t\t\t\t\t\t\tOperator: pulumi.String(\"CONTAINS\"),\n\t\t\t\t\t\t\t\tValue: pulumi.String(\"password\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\u0026compute.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArgs{\n\t\t\t\t\t\t\t\tOperator: pulumi.String(\"STARTS_WITH\"),\n\t\t\t\t\t\t\t\tValue: pulumi.String(\"freeform\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\u0026compute.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArgs{\n\t\t\t\t\t\t\t\tOperator: pulumi.String(\"EQUALS\"),\n\t\t\t\t\t\t\t\tValue: pulumi.String(\"description\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tTargetRuleSet: pulumi.String(\"xss-stable\"),\n\t\t\t\t\t\tTargetRuleIds: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"owasp-crs-v030001-id941330-xss\"),\n\t\t\t\t\t\t\tpulumi.String(\"owasp-crs-v030001-id941340-xss\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\tPreview: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionSecurityPolicy;\nimport com.pulumi.gcp.compute.RegionSecurityPolicyArgs;\nimport com.pulumi.gcp.compute.RegionSecurityPolicyRule;\nimport com.pulumi.gcp.compute.RegionSecurityPolicyRuleArgs;\nimport com.pulumi.gcp.compute.inputs.RegionSecurityPolicyRuleMatchArgs;\nimport com.pulumi.gcp.compute.inputs.RegionSecurityPolicyRuleMatchConfigArgs;\nimport com.pulumi.gcp.compute.inputs.RegionSecurityPolicyRulePreconfiguredWafConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new RegionSecurityPolicy(\"default\", RegionSecurityPolicyArgs.builder()\n .region(\"asia-southeast1\")\n .name(\"policyruletest\")\n .description(\"basic region security policy\")\n .type(\"CLOUD_ARMOR\")\n .build());\n\n var policyRule = new RegionSecurityPolicyRule(\"policyRule\", RegionSecurityPolicyRuleArgs.builder()\n .region(\"asia-southeast1\")\n .securityPolicy(default_.name())\n .description(\"new rule\")\n .priority(100)\n .match(RegionSecurityPolicyRuleMatchArgs.builder()\n .versionedExpr(\"SRC_IPS_V1\")\n .config(RegionSecurityPolicyRuleMatchConfigArgs.builder()\n .srcIpRanges(\"10.10.0.0/16\")\n .build())\n .build())\n .preconfiguredWafConfig(RegionSecurityPolicyRulePreconfiguredWafConfigArgs.builder()\n .exclusions( \n RegionSecurityPolicyRulePreconfiguredWafConfigExclusionArgs.builder()\n .requestUris(RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUriArgs.builder()\n .operator(\"STARTS_WITH\")\n .value(\"/admin\")\n .build())\n .targetRuleSet(\"rce-stable\")\n .build(),\n RegionSecurityPolicyRulePreconfiguredWafConfigExclusionArgs.builder()\n .requestQueryParams( \n RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArgs.builder()\n .operator(\"CONTAINS\")\n .value(\"password\")\n .build(),\n RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArgs.builder()\n .operator(\"STARTS_WITH\")\n .value(\"freeform\")\n .build(),\n RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArgs.builder()\n .operator(\"EQUALS\")\n .value(\"description\")\n .build())\n .targetRuleSet(\"xss-stable\")\n .targetRuleIds( \n \"owasp-crs-v030001-id941330-xss\",\n \"owasp-crs-v030001-id941340-xss\")\n .build())\n .build())\n .action(\"allow\")\n .preview(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionSecurityPolicy\n properties:\n region: asia-southeast1\n name: policyruletest\n description: basic region security policy\n type: CLOUD_ARMOR\n policyRule:\n type: gcp:compute:RegionSecurityPolicyRule\n name: policy_rule\n properties:\n region: asia-southeast1\n securityPolicy: ${default.name}\n description: new rule\n priority: 100\n match:\n versionedExpr: SRC_IPS_V1\n config:\n srcIpRanges:\n - 10.10.0.0/16\n preconfiguredWafConfig:\n exclusions:\n - requestUris:\n - operator: STARTS_WITH\n value: /admin\n targetRuleSet: rce-stable\n - requestQueryParams:\n - operator: CONTAINS\n value: password\n - operator: STARTS_WITH\n value: freeform\n - operator: EQUALS\n value: description\n targetRuleSet: xss-stable\n targetRuleIds:\n - owasp-crs-v030001-id941330-xss\n - owasp-crs-v030001-id941340-xss\n action: allow\n preview: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Security Policy Rule With Network Match\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n// First activate advanced network DDoS protection for the desired region\nconst policyddosprotection = new gcp.compute.RegionSecurityPolicy(\"policyddosprotection\", {\n region: \"us-west2\",\n name: \"policyddosprotection\",\n description: \"policy for activating network DDoS protection for the desired region\",\n type: \"CLOUD_ARMOR_NETWORK\",\n ddosProtectionConfig: {\n ddosProtection: \"ADVANCED_PREVIEW\",\n },\n});\nconst edgeSecService = new gcp.compute.NetworkEdgeSecurityService(\"edge_sec_service\", {\n region: \"us-west2\",\n name: \"edgesecservice\",\n description: \"linking policy to edge security service\",\n securityPolicy: policyddosprotection.selfLink,\n});\n// Add the desired policy and custom rule.\nconst policynetworkmatch = new gcp.compute.RegionSecurityPolicy(\"policynetworkmatch\", {\n region: \"us-west2\",\n name: \"policyfornetworkmatch\",\n description: \"region security policy for network match\",\n type: \"CLOUD_ARMOR_NETWORK\",\n userDefinedFields: [{\n name: \"SIG1_AT_0\",\n base: \"TCP\",\n offset: 8,\n size: 2,\n mask: \"0x8F00\",\n }],\n}, {\n dependsOn: [edgeSecService],\n});\nconst policyRuleNetworkMatch = new gcp.compute.RegionSecurityPolicyRule(\"policy_rule_network_match\", {\n region: \"us-west2\",\n securityPolicy: policynetworkmatch.name,\n description: \"custom rule for network match\",\n priority: 100,\n networkMatch: {\n srcIpRanges: [\"10.10.0.0/16\"],\n userDefinedFields: [{\n name: \"SIG1_AT_0\",\n values: [\"0x8F00\"],\n }],\n },\n action: \"allow\",\n preview: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n# First activate advanced network DDoS protection for the desired region\npolicyddosprotection = gcp.compute.RegionSecurityPolicy(\"policyddosprotection\",\n region=\"us-west2\",\n name=\"policyddosprotection\",\n description=\"policy for activating network DDoS protection for the desired region\",\n type=\"CLOUD_ARMOR_NETWORK\",\n ddos_protection_config={\n \"ddos_protection\": \"ADVANCED_PREVIEW\",\n })\nedge_sec_service = gcp.compute.NetworkEdgeSecurityService(\"edge_sec_service\",\n region=\"us-west2\",\n name=\"edgesecservice\",\n description=\"linking policy to edge security service\",\n security_policy=policyddosprotection.self_link)\n# Add the desired policy and custom rule.\npolicynetworkmatch = gcp.compute.RegionSecurityPolicy(\"policynetworkmatch\",\n region=\"us-west2\",\n name=\"policyfornetworkmatch\",\n description=\"region security policy for network match\",\n type=\"CLOUD_ARMOR_NETWORK\",\n user_defined_fields=[{\n \"name\": \"SIG1_AT_0\",\n \"base\": \"TCP\",\n \"offset\": 8,\n \"size\": 2,\n \"mask\": \"0x8F00\",\n }],\n opts = pulumi.ResourceOptions(depends_on=[edge_sec_service]))\npolicy_rule_network_match = gcp.compute.RegionSecurityPolicyRule(\"policy_rule_network_match\",\n region=\"us-west2\",\n security_policy=policynetworkmatch.name,\n description=\"custom rule for network match\",\n priority=100,\n network_match={\n \"src_ip_ranges\": [\"10.10.0.0/16\"],\n \"user_defined_fields\": [{\n \"name\": \"SIG1_AT_0\",\n \"values\": [\"0x8F00\"],\n }],\n },\n action=\"allow\",\n preview=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // First activate advanced network DDoS protection for the desired region\n var policyddosprotection = new Gcp.Compute.RegionSecurityPolicy(\"policyddosprotection\", new()\n {\n Region = \"us-west2\",\n Name = \"policyddosprotection\",\n Description = \"policy for activating network DDoS protection for the desired region\",\n Type = \"CLOUD_ARMOR_NETWORK\",\n DdosProtectionConfig = new Gcp.Compute.Inputs.RegionSecurityPolicyDdosProtectionConfigArgs\n {\n DdosProtection = \"ADVANCED_PREVIEW\",\n },\n });\n\n var edgeSecService = new Gcp.Compute.NetworkEdgeSecurityService(\"edge_sec_service\", new()\n {\n Region = \"us-west2\",\n Name = \"edgesecservice\",\n Description = \"linking policy to edge security service\",\n SecurityPolicy = policyddosprotection.SelfLink,\n });\n\n // Add the desired policy and custom rule.\n var policynetworkmatch = new Gcp.Compute.RegionSecurityPolicy(\"policynetworkmatch\", new()\n {\n Region = \"us-west2\",\n Name = \"policyfornetworkmatch\",\n Description = \"region security policy for network match\",\n Type = \"CLOUD_ARMOR_NETWORK\",\n UserDefinedFields = new[]\n {\n new Gcp.Compute.Inputs.RegionSecurityPolicyUserDefinedFieldArgs\n {\n Name = \"SIG1_AT_0\",\n Base = \"TCP\",\n Offset = 8,\n Size = 2,\n Mask = \"0x8F00\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n edgeSecService,\n },\n });\n\n var policyRuleNetworkMatch = new Gcp.Compute.RegionSecurityPolicyRule(\"policy_rule_network_match\", new()\n {\n Region = \"us-west2\",\n SecurityPolicy = policynetworkmatch.Name,\n Description = \"custom rule for network match\",\n Priority = 100,\n NetworkMatch = new Gcp.Compute.Inputs.RegionSecurityPolicyRuleNetworkMatchArgs\n {\n SrcIpRanges = new[]\n {\n \"10.10.0.0/16\",\n },\n UserDefinedFields = new[]\n {\n new Gcp.Compute.Inputs.RegionSecurityPolicyRuleNetworkMatchUserDefinedFieldArgs\n {\n Name = \"SIG1_AT_0\",\n Values = new[]\n {\n \"0x8F00\",\n },\n },\n },\n },\n Action = \"allow\",\n Preview = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// First activate advanced network DDoS protection for the desired region\n\t\tpolicyddosprotection, err := compute.NewRegionSecurityPolicy(ctx, \"policyddosprotection\", \u0026compute.RegionSecurityPolicyArgs{\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tName: pulumi.String(\"policyddosprotection\"),\n\t\t\tDescription: pulumi.String(\"policy for activating network DDoS protection for the desired region\"),\n\t\t\tType: pulumi.String(\"CLOUD_ARMOR_NETWORK\"),\n\t\t\tDdosProtectionConfig: \u0026compute.RegionSecurityPolicyDdosProtectionConfigArgs{\n\t\t\t\tDdosProtection: pulumi.String(\"ADVANCED_PREVIEW\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tedgeSecService, err := compute.NewNetworkEdgeSecurityService(ctx, \"edge_sec_service\", \u0026compute.NetworkEdgeSecurityServiceArgs{\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tName: pulumi.String(\"edgesecservice\"),\n\t\t\tDescription: pulumi.String(\"linking policy to edge security service\"),\n\t\t\tSecurityPolicy: policyddosprotection.SelfLink,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Add the desired policy and custom rule.\n\t\tpolicynetworkmatch, err := compute.NewRegionSecurityPolicy(ctx, \"policynetworkmatch\", \u0026compute.RegionSecurityPolicyArgs{\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tName: pulumi.String(\"policyfornetworkmatch\"),\n\t\t\tDescription: pulumi.String(\"region security policy for network match\"),\n\t\t\tType: pulumi.String(\"CLOUD_ARMOR_NETWORK\"),\n\t\t\tUserDefinedFields: compute.RegionSecurityPolicyUserDefinedFieldArray{\n\t\t\t\t\u0026compute.RegionSecurityPolicyUserDefinedFieldArgs{\n\t\t\t\t\tName: pulumi.String(\"SIG1_AT_0\"),\n\t\t\t\t\tBase: pulumi.String(\"TCP\"),\n\t\t\t\t\tOffset: pulumi.Int(8),\n\t\t\t\t\tSize: pulumi.Int(2),\n\t\t\t\t\tMask: pulumi.String(\"0x8F00\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tedgeSecService,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionSecurityPolicyRule(ctx, \"policy_rule_network_match\", \u0026compute.RegionSecurityPolicyRuleArgs{\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tSecurityPolicy: policynetworkmatch.Name,\n\t\t\tDescription: pulumi.String(\"custom rule for network match\"),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tNetworkMatch: \u0026compute.RegionSecurityPolicyRuleNetworkMatchArgs{\n\t\t\t\tSrcIpRanges: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.10.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tUserDefinedFields: compute.RegionSecurityPolicyRuleNetworkMatchUserDefinedFieldArray{\n\t\t\t\t\t\u0026compute.RegionSecurityPolicyRuleNetworkMatchUserDefinedFieldArgs{\n\t\t\t\t\t\tName: pulumi.String(\"SIG1_AT_0\"),\n\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"0x8F00\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\tPreview: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionSecurityPolicy;\nimport com.pulumi.gcp.compute.RegionSecurityPolicyArgs;\nimport com.pulumi.gcp.compute.inputs.RegionSecurityPolicyDdosProtectionConfigArgs;\nimport com.pulumi.gcp.compute.NetworkEdgeSecurityService;\nimport com.pulumi.gcp.compute.NetworkEdgeSecurityServiceArgs;\nimport com.pulumi.gcp.compute.inputs.RegionSecurityPolicyUserDefinedFieldArgs;\nimport com.pulumi.gcp.compute.RegionSecurityPolicyRule;\nimport com.pulumi.gcp.compute.RegionSecurityPolicyRuleArgs;\nimport com.pulumi.gcp.compute.inputs.RegionSecurityPolicyRuleNetworkMatchArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // First activate advanced network DDoS protection for the desired region\n var policyddosprotection = new RegionSecurityPolicy(\"policyddosprotection\", RegionSecurityPolicyArgs.builder()\n .region(\"us-west2\")\n .name(\"policyddosprotection\")\n .description(\"policy for activating network DDoS protection for the desired region\")\n .type(\"CLOUD_ARMOR_NETWORK\")\n .ddosProtectionConfig(RegionSecurityPolicyDdosProtectionConfigArgs.builder()\n .ddosProtection(\"ADVANCED_PREVIEW\")\n .build())\n .build());\n\n var edgeSecService = new NetworkEdgeSecurityService(\"edgeSecService\", NetworkEdgeSecurityServiceArgs.builder()\n .region(\"us-west2\")\n .name(\"edgesecservice\")\n .description(\"linking policy to edge security service\")\n .securityPolicy(policyddosprotection.selfLink())\n .build());\n\n // Add the desired policy and custom rule.\n var policynetworkmatch = new RegionSecurityPolicy(\"policynetworkmatch\", RegionSecurityPolicyArgs.builder()\n .region(\"us-west2\")\n .name(\"policyfornetworkmatch\")\n .description(\"region security policy for network match\")\n .type(\"CLOUD_ARMOR_NETWORK\")\n .userDefinedFields(RegionSecurityPolicyUserDefinedFieldArgs.builder()\n .name(\"SIG1_AT_0\")\n .base(\"TCP\")\n .offset(8)\n .size(2)\n .mask(\"0x8F00\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(edgeSecService)\n .build());\n\n var policyRuleNetworkMatch = new RegionSecurityPolicyRule(\"policyRuleNetworkMatch\", RegionSecurityPolicyRuleArgs.builder()\n .region(\"us-west2\")\n .securityPolicy(policynetworkmatch.name())\n .description(\"custom rule for network match\")\n .priority(100)\n .networkMatch(RegionSecurityPolicyRuleNetworkMatchArgs.builder()\n .srcIpRanges(\"10.10.0.0/16\")\n .userDefinedFields(RegionSecurityPolicyRuleNetworkMatchUserDefinedFieldArgs.builder()\n .name(\"SIG1_AT_0\")\n .values(\"0x8F00\")\n .build())\n .build())\n .action(\"allow\")\n .preview(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # First activate advanced network DDoS protection for the desired region\n policyddosprotection:\n type: gcp:compute:RegionSecurityPolicy\n properties:\n region: us-west2\n name: policyddosprotection\n description: policy for activating network DDoS protection for the desired region\n type: CLOUD_ARMOR_NETWORK\n ddosProtectionConfig:\n ddosProtection: ADVANCED_PREVIEW\n edgeSecService:\n type: gcp:compute:NetworkEdgeSecurityService\n name: edge_sec_service\n properties:\n region: us-west2\n name: edgesecservice\n description: linking policy to edge security service\n securityPolicy: ${policyddosprotection.selfLink}\n # Add the desired policy and custom rule.\n policynetworkmatch:\n type: gcp:compute:RegionSecurityPolicy\n properties:\n region: us-west2\n name: policyfornetworkmatch\n description: region security policy for network match\n type: CLOUD_ARMOR_NETWORK\n userDefinedFields:\n - name: SIG1_AT_0\n base: TCP\n offset: 8\n size: 2\n mask: 0x8F00\n options:\n dependson:\n - ${edgeSecService}\n policyRuleNetworkMatch:\n type: gcp:compute:RegionSecurityPolicyRule\n name: policy_rule_network_match\n properties:\n region: us-west2\n securityPolicy: ${policynetworkmatch.name}\n description: custom rule for network match\n priority: 100\n networkMatch:\n srcIpRanges:\n - 10.10.0.0/16\n userDefinedFields:\n - name: SIG1_AT_0\n values:\n - 0x8F00\n action: allow\n preview: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRegionSecurityPolicyRule can be imported using any of these accepted formats:\n\n* `projects/{{project}}/regions/{{region}}/securityPolicies/{{security_policy}}/priority/{{priority}}`\n\n* `{{project}}/{{region}}/{{security_policy}}/{{priority}}`\n\n* `{{region}}/{{security_policy}}/{{priority}}`\n\n* `{{security_policy}}/{{priority}}`\n\nWhen using the `pulumi import` command, RegionSecurityPolicyRule can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/regionSecurityPolicyRule:RegionSecurityPolicyRule default projects/{{project}}/regions/{{region}}/securityPolicies/{{security_policy}}/priority/{{priority}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionSecurityPolicyRule:RegionSecurityPolicyRule default {{project}}/{{region}}/{{security_policy}}/{{priority}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionSecurityPolicyRule:RegionSecurityPolicyRule default {{region}}/{{security_policy}}/{{priority}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionSecurityPolicyRule:RegionSecurityPolicyRule default {{security_policy}}/{{priority}}\n```\n\n", + "description": "## Example Usage\n\n### Region Security Policy Rule Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.RegionSecurityPolicy(\"default\", {\n region: \"us-west2\",\n name: \"policyruletest\",\n description: \"basic region security policy\",\n type: \"CLOUD_ARMOR\",\n});\nconst policyRule = new gcp.compute.RegionSecurityPolicyRule(\"policy_rule\", {\n region: \"us-west2\",\n securityPolicy: _default.name,\n description: \"new rule\",\n priority: 100,\n match: {\n versionedExpr: \"SRC_IPS_V1\",\n config: {\n srcIpRanges: [\"10.10.0.0/16\"],\n },\n },\n action: \"allow\",\n preview: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.RegionSecurityPolicy(\"default\",\n region=\"us-west2\",\n name=\"policyruletest\",\n description=\"basic region security policy\",\n type=\"CLOUD_ARMOR\")\npolicy_rule = gcp.compute.RegionSecurityPolicyRule(\"policy_rule\",\n region=\"us-west2\",\n security_policy=default.name,\n description=\"new rule\",\n priority=100,\n match={\n \"versioned_expr\": \"SRC_IPS_V1\",\n \"config\": {\n \"src_ip_ranges\": [\"10.10.0.0/16\"],\n },\n },\n action=\"allow\",\n preview=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.RegionSecurityPolicy(\"default\", new()\n {\n Region = \"us-west2\",\n Name = \"policyruletest\",\n Description = \"basic region security policy\",\n Type = \"CLOUD_ARMOR\",\n });\n\n var policyRule = new Gcp.Compute.RegionSecurityPolicyRule(\"policy_rule\", new()\n {\n Region = \"us-west2\",\n SecurityPolicy = @default.Name,\n Description = \"new rule\",\n Priority = 100,\n Match = new Gcp.Compute.Inputs.RegionSecurityPolicyRuleMatchArgs\n {\n VersionedExpr = \"SRC_IPS_V1\",\n Config = new Gcp.Compute.Inputs.RegionSecurityPolicyRuleMatchConfigArgs\n {\n SrcIpRanges = new[]\n {\n \"10.10.0.0/16\",\n },\n },\n },\n Action = \"allow\",\n Preview = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionSecurityPolicy(ctx, \"default\", \u0026compute.RegionSecurityPolicyArgs{\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tName: pulumi.String(\"policyruletest\"),\n\t\t\tDescription: pulumi.String(\"basic region security policy\"),\n\t\t\tType: pulumi.String(\"CLOUD_ARMOR\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionSecurityPolicyRule(ctx, \"policy_rule\", \u0026compute.RegionSecurityPolicyRuleArgs{\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tSecurityPolicy: _default.Name,\n\t\t\tDescription: pulumi.String(\"new rule\"),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tMatch: \u0026compute.RegionSecurityPolicyRuleMatchArgs{\n\t\t\t\tVersionedExpr: pulumi.String(\"SRC_IPS_V1\"),\n\t\t\t\tConfig: \u0026compute.RegionSecurityPolicyRuleMatchConfigArgs{\n\t\t\t\t\tSrcIpRanges: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"10.10.0.0/16\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\tPreview: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionSecurityPolicy;\nimport com.pulumi.gcp.compute.RegionSecurityPolicyArgs;\nimport com.pulumi.gcp.compute.RegionSecurityPolicyRule;\nimport com.pulumi.gcp.compute.RegionSecurityPolicyRuleArgs;\nimport com.pulumi.gcp.compute.inputs.RegionSecurityPolicyRuleMatchArgs;\nimport com.pulumi.gcp.compute.inputs.RegionSecurityPolicyRuleMatchConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new RegionSecurityPolicy(\"default\", RegionSecurityPolicyArgs.builder()\n .region(\"us-west2\")\n .name(\"policyruletest\")\n .description(\"basic region security policy\")\n .type(\"CLOUD_ARMOR\")\n .build());\n\n var policyRule = new RegionSecurityPolicyRule(\"policyRule\", RegionSecurityPolicyRuleArgs.builder()\n .region(\"us-west2\")\n .securityPolicy(default_.name())\n .description(\"new rule\")\n .priority(100)\n .match(RegionSecurityPolicyRuleMatchArgs.builder()\n .versionedExpr(\"SRC_IPS_V1\")\n .config(RegionSecurityPolicyRuleMatchConfigArgs.builder()\n .srcIpRanges(\"10.10.0.0/16\")\n .build())\n .build())\n .action(\"allow\")\n .preview(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionSecurityPolicy\n properties:\n region: us-west2\n name: policyruletest\n description: basic region security policy\n type: CLOUD_ARMOR\n policyRule:\n type: gcp:compute:RegionSecurityPolicyRule\n name: policy_rule\n properties:\n region: us-west2\n securityPolicy: ${default.name}\n description: new rule\n priority: 100\n match:\n versionedExpr: SRC_IPS_V1\n config:\n srcIpRanges:\n - 10.10.0.0/16\n action: allow\n preview: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Security Policy Rule Multiple Rules\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.RegionSecurityPolicy(\"default\", {\n region: \"us-west2\",\n name: \"policywithmultiplerules\",\n description: \"basic region security policy\",\n type: \"CLOUD_ARMOR\",\n});\nconst policyRuleOne = new gcp.compute.RegionSecurityPolicyRule(\"policy_rule_one\", {\n region: \"us-west2\",\n securityPolicy: _default.name,\n description: \"new rule one\",\n priority: 100,\n match: {\n versionedExpr: \"SRC_IPS_V1\",\n config: {\n srcIpRanges: [\"10.10.0.0/16\"],\n },\n },\n action: \"allow\",\n preview: true,\n});\nconst policyRuleTwo = new gcp.compute.RegionSecurityPolicyRule(\"policy_rule_two\", {\n region: \"us-west2\",\n securityPolicy: _default.name,\n description: \"new rule two\",\n priority: 101,\n match: {\n versionedExpr: \"SRC_IPS_V1\",\n config: {\n srcIpRanges: [\n \"192.168.0.0/16\",\n \"10.0.0.0/8\",\n ],\n },\n },\n action: \"allow\",\n preview: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.RegionSecurityPolicy(\"default\",\n region=\"us-west2\",\n name=\"policywithmultiplerules\",\n description=\"basic region security policy\",\n type=\"CLOUD_ARMOR\")\npolicy_rule_one = gcp.compute.RegionSecurityPolicyRule(\"policy_rule_one\",\n region=\"us-west2\",\n security_policy=default.name,\n description=\"new rule one\",\n priority=100,\n match={\n \"versioned_expr\": \"SRC_IPS_V1\",\n \"config\": {\n \"src_ip_ranges\": [\"10.10.0.0/16\"],\n },\n },\n action=\"allow\",\n preview=True)\npolicy_rule_two = gcp.compute.RegionSecurityPolicyRule(\"policy_rule_two\",\n region=\"us-west2\",\n security_policy=default.name,\n description=\"new rule two\",\n priority=101,\n match={\n \"versioned_expr\": \"SRC_IPS_V1\",\n \"config\": {\n \"src_ip_ranges\": [\n \"192.168.0.0/16\",\n \"10.0.0.0/8\",\n ],\n },\n },\n action=\"allow\",\n preview=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.RegionSecurityPolicy(\"default\", new()\n {\n Region = \"us-west2\",\n Name = \"policywithmultiplerules\",\n Description = \"basic region security policy\",\n Type = \"CLOUD_ARMOR\",\n });\n\n var policyRuleOne = new Gcp.Compute.RegionSecurityPolicyRule(\"policy_rule_one\", new()\n {\n Region = \"us-west2\",\n SecurityPolicy = @default.Name,\n Description = \"new rule one\",\n Priority = 100,\n Match = new Gcp.Compute.Inputs.RegionSecurityPolicyRuleMatchArgs\n {\n VersionedExpr = \"SRC_IPS_V1\",\n Config = new Gcp.Compute.Inputs.RegionSecurityPolicyRuleMatchConfigArgs\n {\n SrcIpRanges = new[]\n {\n \"10.10.0.0/16\",\n },\n },\n },\n Action = \"allow\",\n Preview = true,\n });\n\n var policyRuleTwo = new Gcp.Compute.RegionSecurityPolicyRule(\"policy_rule_two\", new()\n {\n Region = \"us-west2\",\n SecurityPolicy = @default.Name,\n Description = \"new rule two\",\n Priority = 101,\n Match = new Gcp.Compute.Inputs.RegionSecurityPolicyRuleMatchArgs\n {\n VersionedExpr = \"SRC_IPS_V1\",\n Config = new Gcp.Compute.Inputs.RegionSecurityPolicyRuleMatchConfigArgs\n {\n SrcIpRanges = new[]\n {\n \"192.168.0.0/16\",\n \"10.0.0.0/8\",\n },\n },\n },\n Action = \"allow\",\n Preview = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionSecurityPolicy(ctx, \"default\", \u0026compute.RegionSecurityPolicyArgs{\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tName: pulumi.String(\"policywithmultiplerules\"),\n\t\t\tDescription: pulumi.String(\"basic region security policy\"),\n\t\t\tType: pulumi.String(\"CLOUD_ARMOR\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionSecurityPolicyRule(ctx, \"policy_rule_one\", \u0026compute.RegionSecurityPolicyRuleArgs{\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tSecurityPolicy: _default.Name,\n\t\t\tDescription: pulumi.String(\"new rule one\"),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tMatch: \u0026compute.RegionSecurityPolicyRuleMatchArgs{\n\t\t\t\tVersionedExpr: pulumi.String(\"SRC_IPS_V1\"),\n\t\t\t\tConfig: \u0026compute.RegionSecurityPolicyRuleMatchConfigArgs{\n\t\t\t\t\tSrcIpRanges: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"10.10.0.0/16\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\tPreview: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionSecurityPolicyRule(ctx, \"policy_rule_two\", \u0026compute.RegionSecurityPolicyRuleArgs{\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tSecurityPolicy: _default.Name,\n\t\t\tDescription: pulumi.String(\"new rule two\"),\n\t\t\tPriority: pulumi.Int(101),\n\t\t\tMatch: \u0026compute.RegionSecurityPolicyRuleMatchArgs{\n\t\t\t\tVersionedExpr: pulumi.String(\"SRC_IPS_V1\"),\n\t\t\t\tConfig: \u0026compute.RegionSecurityPolicyRuleMatchConfigArgs{\n\t\t\t\t\tSrcIpRanges: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"192.168.0.0/16\"),\n\t\t\t\t\t\tpulumi.String(\"10.0.0.0/8\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\tPreview: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionSecurityPolicy;\nimport com.pulumi.gcp.compute.RegionSecurityPolicyArgs;\nimport com.pulumi.gcp.compute.RegionSecurityPolicyRule;\nimport com.pulumi.gcp.compute.RegionSecurityPolicyRuleArgs;\nimport com.pulumi.gcp.compute.inputs.RegionSecurityPolicyRuleMatchArgs;\nimport com.pulumi.gcp.compute.inputs.RegionSecurityPolicyRuleMatchConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new RegionSecurityPolicy(\"default\", RegionSecurityPolicyArgs.builder()\n .region(\"us-west2\")\n .name(\"policywithmultiplerules\")\n .description(\"basic region security policy\")\n .type(\"CLOUD_ARMOR\")\n .build());\n\n var policyRuleOne = new RegionSecurityPolicyRule(\"policyRuleOne\", RegionSecurityPolicyRuleArgs.builder()\n .region(\"us-west2\")\n .securityPolicy(default_.name())\n .description(\"new rule one\")\n .priority(100)\n .match(RegionSecurityPolicyRuleMatchArgs.builder()\n .versionedExpr(\"SRC_IPS_V1\")\n .config(RegionSecurityPolicyRuleMatchConfigArgs.builder()\n .srcIpRanges(\"10.10.0.0/16\")\n .build())\n .build())\n .action(\"allow\")\n .preview(true)\n .build());\n\n var policyRuleTwo = new RegionSecurityPolicyRule(\"policyRuleTwo\", RegionSecurityPolicyRuleArgs.builder()\n .region(\"us-west2\")\n .securityPolicy(default_.name())\n .description(\"new rule two\")\n .priority(101)\n .match(RegionSecurityPolicyRuleMatchArgs.builder()\n .versionedExpr(\"SRC_IPS_V1\")\n .config(RegionSecurityPolicyRuleMatchConfigArgs.builder()\n .srcIpRanges( \n \"192.168.0.0/16\",\n \"10.0.0.0/8\")\n .build())\n .build())\n .action(\"allow\")\n .preview(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionSecurityPolicy\n properties:\n region: us-west2\n name: policywithmultiplerules\n description: basic region security policy\n type: CLOUD_ARMOR\n policyRuleOne:\n type: gcp:compute:RegionSecurityPolicyRule\n name: policy_rule_one\n properties:\n region: us-west2\n securityPolicy: ${default.name}\n description: new rule one\n priority: 100\n match:\n versionedExpr: SRC_IPS_V1\n config:\n srcIpRanges:\n - 10.10.0.0/16\n action: allow\n preview: true\n policyRuleTwo:\n type: gcp:compute:RegionSecurityPolicyRule\n name: policy_rule_two\n properties:\n region: us-west2\n securityPolicy: ${default.name}\n description: new rule two\n priority: 101\n match:\n versionedExpr: SRC_IPS_V1\n config:\n srcIpRanges:\n - 192.168.0.0/16\n - 10.0.0.0/8\n action: allow\n preview: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Security Policy Rule Default Rule\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.RegionSecurityPolicy(\"default\", {\n region: \"us-west2\",\n name: \"policywithdefaultrule\",\n description: \"basic region security policy\",\n type: \"CLOUD_ARMOR\",\n});\nconst defaultRule = new gcp.compute.RegionSecurityPolicyRule(\"default_rule\", {\n region: \"us-west2\",\n securityPolicy: _default.name,\n description: \"new rule\",\n action: \"deny\",\n priority: 2147483647,\n match: {\n versionedExpr: \"SRC_IPS_V1\",\n config: {\n srcIpRanges: [\"*\"],\n },\n },\n});\nconst policyRule = new gcp.compute.RegionSecurityPolicyRule(\"policy_rule\", {\n region: \"us-west2\",\n securityPolicy: _default.name,\n description: \"new rule\",\n priority: 100,\n match: {\n versionedExpr: \"SRC_IPS_V1\",\n config: {\n srcIpRanges: [\"10.10.0.0/16\"],\n },\n },\n action: \"allow\",\n preview: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.RegionSecurityPolicy(\"default\",\n region=\"us-west2\",\n name=\"policywithdefaultrule\",\n description=\"basic region security policy\",\n type=\"CLOUD_ARMOR\")\ndefault_rule = gcp.compute.RegionSecurityPolicyRule(\"default_rule\",\n region=\"us-west2\",\n security_policy=default.name,\n description=\"new rule\",\n action=\"deny\",\n priority=2147483647,\n match={\n \"versioned_expr\": \"SRC_IPS_V1\",\n \"config\": {\n \"src_ip_ranges\": [\"*\"],\n },\n })\npolicy_rule = gcp.compute.RegionSecurityPolicyRule(\"policy_rule\",\n region=\"us-west2\",\n security_policy=default.name,\n description=\"new rule\",\n priority=100,\n match={\n \"versioned_expr\": \"SRC_IPS_V1\",\n \"config\": {\n \"src_ip_ranges\": [\"10.10.0.0/16\"],\n },\n },\n action=\"allow\",\n preview=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.RegionSecurityPolicy(\"default\", new()\n {\n Region = \"us-west2\",\n Name = \"policywithdefaultrule\",\n Description = \"basic region security policy\",\n Type = \"CLOUD_ARMOR\",\n });\n\n var defaultRule = new Gcp.Compute.RegionSecurityPolicyRule(\"default_rule\", new()\n {\n Region = \"us-west2\",\n SecurityPolicy = @default.Name,\n Description = \"new rule\",\n Action = \"deny\",\n Priority = 2147483647,\n Match = new Gcp.Compute.Inputs.RegionSecurityPolicyRuleMatchArgs\n {\n VersionedExpr = \"SRC_IPS_V1\",\n Config = new Gcp.Compute.Inputs.RegionSecurityPolicyRuleMatchConfigArgs\n {\n SrcIpRanges = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var policyRule = new Gcp.Compute.RegionSecurityPolicyRule(\"policy_rule\", new()\n {\n Region = \"us-west2\",\n SecurityPolicy = @default.Name,\n Description = \"new rule\",\n Priority = 100,\n Match = new Gcp.Compute.Inputs.RegionSecurityPolicyRuleMatchArgs\n {\n VersionedExpr = \"SRC_IPS_V1\",\n Config = new Gcp.Compute.Inputs.RegionSecurityPolicyRuleMatchConfigArgs\n {\n SrcIpRanges = new[]\n {\n \"10.10.0.0/16\",\n },\n },\n },\n Action = \"allow\",\n Preview = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionSecurityPolicy(ctx, \"default\", \u0026compute.RegionSecurityPolicyArgs{\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tName: pulumi.String(\"policywithdefaultrule\"),\n\t\t\tDescription: pulumi.String(\"basic region security policy\"),\n\t\t\tType: pulumi.String(\"CLOUD_ARMOR\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionSecurityPolicyRule(ctx, \"default_rule\", \u0026compute.RegionSecurityPolicyRuleArgs{\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tSecurityPolicy: _default.Name,\n\t\t\tDescription: pulumi.String(\"new rule\"),\n\t\t\tAction: pulumi.String(\"deny\"),\n\t\t\tPriority: pulumi.Int(2147483647),\n\t\t\tMatch: \u0026compute.RegionSecurityPolicyRuleMatchArgs{\n\t\t\t\tVersionedExpr: pulumi.String(\"SRC_IPS_V1\"),\n\t\t\t\tConfig: \u0026compute.RegionSecurityPolicyRuleMatchConfigArgs{\n\t\t\t\t\tSrcIpRanges: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"*\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionSecurityPolicyRule(ctx, \"policy_rule\", \u0026compute.RegionSecurityPolicyRuleArgs{\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tSecurityPolicy: _default.Name,\n\t\t\tDescription: pulumi.String(\"new rule\"),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tMatch: \u0026compute.RegionSecurityPolicyRuleMatchArgs{\n\t\t\t\tVersionedExpr: pulumi.String(\"SRC_IPS_V1\"),\n\t\t\t\tConfig: \u0026compute.RegionSecurityPolicyRuleMatchConfigArgs{\n\t\t\t\t\tSrcIpRanges: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"10.10.0.0/16\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\tPreview: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionSecurityPolicy;\nimport com.pulumi.gcp.compute.RegionSecurityPolicyArgs;\nimport com.pulumi.gcp.compute.RegionSecurityPolicyRule;\nimport com.pulumi.gcp.compute.RegionSecurityPolicyRuleArgs;\nimport com.pulumi.gcp.compute.inputs.RegionSecurityPolicyRuleMatchArgs;\nimport com.pulumi.gcp.compute.inputs.RegionSecurityPolicyRuleMatchConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new RegionSecurityPolicy(\"default\", RegionSecurityPolicyArgs.builder()\n .region(\"us-west2\")\n .name(\"policywithdefaultrule\")\n .description(\"basic region security policy\")\n .type(\"CLOUD_ARMOR\")\n .build());\n\n var defaultRule = new RegionSecurityPolicyRule(\"defaultRule\", RegionSecurityPolicyRuleArgs.builder()\n .region(\"us-west2\")\n .securityPolicy(default_.name())\n .description(\"new rule\")\n .action(\"deny\")\n .priority(\"2147483647\")\n .match(RegionSecurityPolicyRuleMatchArgs.builder()\n .versionedExpr(\"SRC_IPS_V1\")\n .config(RegionSecurityPolicyRuleMatchConfigArgs.builder()\n .srcIpRanges(\"*\")\n .build())\n .build())\n .build());\n\n var policyRule = new RegionSecurityPolicyRule(\"policyRule\", RegionSecurityPolicyRuleArgs.builder()\n .region(\"us-west2\")\n .securityPolicy(default_.name())\n .description(\"new rule\")\n .priority(100)\n .match(RegionSecurityPolicyRuleMatchArgs.builder()\n .versionedExpr(\"SRC_IPS_V1\")\n .config(RegionSecurityPolicyRuleMatchConfigArgs.builder()\n .srcIpRanges(\"10.10.0.0/16\")\n .build())\n .build())\n .action(\"allow\")\n .preview(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionSecurityPolicy\n properties:\n region: us-west2\n name: policywithdefaultrule\n description: basic region security policy\n type: CLOUD_ARMOR\n defaultRule:\n type: gcp:compute:RegionSecurityPolicyRule\n name: default_rule\n properties:\n region: us-west2\n securityPolicy: ${default.name}\n description: new rule\n action: deny\n priority: '2147483647'\n match:\n versionedExpr: SRC_IPS_V1\n config:\n srcIpRanges:\n - '*'\n policyRule:\n type: gcp:compute:RegionSecurityPolicyRule\n name: policy_rule\n properties:\n region: us-west2\n securityPolicy: ${default.name}\n description: new rule\n priority: 100\n match:\n versionedExpr: SRC_IPS_V1\n config:\n srcIpRanges:\n - 10.10.0.0/16\n action: allow\n preview: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Security Policy Rule With Preconfigured Waf Config\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.RegionSecurityPolicy(\"default\", {\n region: \"asia-southeast1\",\n name: \"policyruletest\",\n description: \"basic region security policy\",\n type: \"CLOUD_ARMOR\",\n});\nconst policyRule = new gcp.compute.RegionSecurityPolicyRule(\"policy_rule\", {\n region: \"asia-southeast1\",\n securityPolicy: _default.name,\n description: \"new rule\",\n priority: 100,\n match: {\n versionedExpr: \"SRC_IPS_V1\",\n config: {\n srcIpRanges: [\"10.10.0.0/16\"],\n },\n },\n preconfiguredWafConfig: {\n exclusions: [\n {\n requestUris: [{\n operator: \"STARTS_WITH\",\n value: \"/admin\",\n }],\n targetRuleSet: \"rce-stable\",\n },\n {\n requestQueryParams: [\n {\n operator: \"CONTAINS\",\n value: \"password\",\n },\n {\n operator: \"STARTS_WITH\",\n value: \"freeform\",\n },\n {\n operator: \"EQUALS\",\n value: \"description\",\n },\n ],\n targetRuleSet: \"xss-stable\",\n targetRuleIds: [\n \"owasp-crs-v030001-id941330-xss\",\n \"owasp-crs-v030001-id941340-xss\",\n ],\n },\n ],\n },\n action: \"allow\",\n preview: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.RegionSecurityPolicy(\"default\",\n region=\"asia-southeast1\",\n name=\"policyruletest\",\n description=\"basic region security policy\",\n type=\"CLOUD_ARMOR\")\npolicy_rule = gcp.compute.RegionSecurityPolicyRule(\"policy_rule\",\n region=\"asia-southeast1\",\n security_policy=default.name,\n description=\"new rule\",\n priority=100,\n match={\n \"versioned_expr\": \"SRC_IPS_V1\",\n \"config\": {\n \"src_ip_ranges\": [\"10.10.0.0/16\"],\n },\n },\n preconfigured_waf_config={\n \"exclusions\": [\n {\n \"request_uris\": [{\n \"operator\": \"STARTS_WITH\",\n \"value\": \"/admin\",\n }],\n \"target_rule_set\": \"rce-stable\",\n },\n {\n \"request_query_params\": [\n {\n \"operator\": \"CONTAINS\",\n \"value\": \"password\",\n },\n {\n \"operator\": \"STARTS_WITH\",\n \"value\": \"freeform\",\n },\n {\n \"operator\": \"EQUALS\",\n \"value\": \"description\",\n },\n ],\n \"target_rule_set\": \"xss-stable\",\n \"target_rule_ids\": [\n \"owasp-crs-v030001-id941330-xss\",\n \"owasp-crs-v030001-id941340-xss\",\n ],\n },\n ],\n },\n action=\"allow\",\n preview=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.RegionSecurityPolicy(\"default\", new()\n {\n Region = \"asia-southeast1\",\n Name = \"policyruletest\",\n Description = \"basic region security policy\",\n Type = \"CLOUD_ARMOR\",\n });\n\n var policyRule = new Gcp.Compute.RegionSecurityPolicyRule(\"policy_rule\", new()\n {\n Region = \"asia-southeast1\",\n SecurityPolicy = @default.Name,\n Description = \"new rule\",\n Priority = 100,\n Match = new Gcp.Compute.Inputs.RegionSecurityPolicyRuleMatchArgs\n {\n VersionedExpr = \"SRC_IPS_V1\",\n Config = new Gcp.Compute.Inputs.RegionSecurityPolicyRuleMatchConfigArgs\n {\n SrcIpRanges = new[]\n {\n \"10.10.0.0/16\",\n },\n },\n },\n PreconfiguredWafConfig = new Gcp.Compute.Inputs.RegionSecurityPolicyRulePreconfiguredWafConfigArgs\n {\n Exclusions = new[]\n {\n new Gcp.Compute.Inputs.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionArgs\n {\n RequestUris = new[]\n {\n new Gcp.Compute.Inputs.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUriArgs\n {\n Operator = \"STARTS_WITH\",\n Value = \"/admin\",\n },\n },\n TargetRuleSet = \"rce-stable\",\n },\n new Gcp.Compute.Inputs.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionArgs\n {\n RequestQueryParams = new[]\n {\n new Gcp.Compute.Inputs.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArgs\n {\n Operator = \"CONTAINS\",\n Value = \"password\",\n },\n new Gcp.Compute.Inputs.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArgs\n {\n Operator = \"STARTS_WITH\",\n Value = \"freeform\",\n },\n new Gcp.Compute.Inputs.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArgs\n {\n Operator = \"EQUALS\",\n Value = \"description\",\n },\n },\n TargetRuleSet = \"xss-stable\",\n TargetRuleIds = new[]\n {\n \"owasp-crs-v030001-id941330-xss\",\n \"owasp-crs-v030001-id941340-xss\",\n },\n },\n },\n },\n Action = \"allow\",\n Preview = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionSecurityPolicy(ctx, \"default\", \u0026compute.RegionSecurityPolicyArgs{\n\t\t\tRegion: pulumi.String(\"asia-southeast1\"),\n\t\t\tName: pulumi.String(\"policyruletest\"),\n\t\t\tDescription: pulumi.String(\"basic region security policy\"),\n\t\t\tType: pulumi.String(\"CLOUD_ARMOR\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionSecurityPolicyRule(ctx, \"policy_rule\", \u0026compute.RegionSecurityPolicyRuleArgs{\n\t\t\tRegion: pulumi.String(\"asia-southeast1\"),\n\t\t\tSecurityPolicy: _default.Name,\n\t\t\tDescription: pulumi.String(\"new rule\"),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tMatch: \u0026compute.RegionSecurityPolicyRuleMatchArgs{\n\t\t\t\tVersionedExpr: pulumi.String(\"SRC_IPS_V1\"),\n\t\t\t\tConfig: \u0026compute.RegionSecurityPolicyRuleMatchConfigArgs{\n\t\t\t\t\tSrcIpRanges: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"10.10.0.0/16\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tPreconfiguredWafConfig: \u0026compute.RegionSecurityPolicyRulePreconfiguredWafConfigArgs{\n\t\t\t\tExclusions: compute.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionArray{\n\t\t\t\t\t\u0026compute.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionArgs{\n\t\t\t\t\t\tRequestUris: compute.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUriArray{\n\t\t\t\t\t\t\t\u0026compute.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUriArgs{\n\t\t\t\t\t\t\t\tOperator: pulumi.String(\"STARTS_WITH\"),\n\t\t\t\t\t\t\t\tValue: pulumi.String(\"/admin\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tTargetRuleSet: pulumi.String(\"rce-stable\"),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026compute.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionArgs{\n\t\t\t\t\t\tRequestQueryParams: compute.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArray{\n\t\t\t\t\t\t\t\u0026compute.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArgs{\n\t\t\t\t\t\t\t\tOperator: pulumi.String(\"CONTAINS\"),\n\t\t\t\t\t\t\t\tValue: pulumi.String(\"password\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\u0026compute.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArgs{\n\t\t\t\t\t\t\t\tOperator: pulumi.String(\"STARTS_WITH\"),\n\t\t\t\t\t\t\t\tValue: pulumi.String(\"freeform\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\u0026compute.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArgs{\n\t\t\t\t\t\t\t\tOperator: pulumi.String(\"EQUALS\"),\n\t\t\t\t\t\t\t\tValue: pulumi.String(\"description\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tTargetRuleSet: pulumi.String(\"xss-stable\"),\n\t\t\t\t\t\tTargetRuleIds: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"owasp-crs-v030001-id941330-xss\"),\n\t\t\t\t\t\t\tpulumi.String(\"owasp-crs-v030001-id941340-xss\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\tPreview: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionSecurityPolicy;\nimport com.pulumi.gcp.compute.RegionSecurityPolicyArgs;\nimport com.pulumi.gcp.compute.RegionSecurityPolicyRule;\nimport com.pulumi.gcp.compute.RegionSecurityPolicyRuleArgs;\nimport com.pulumi.gcp.compute.inputs.RegionSecurityPolicyRuleMatchArgs;\nimport com.pulumi.gcp.compute.inputs.RegionSecurityPolicyRuleMatchConfigArgs;\nimport com.pulumi.gcp.compute.inputs.RegionSecurityPolicyRulePreconfiguredWafConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new RegionSecurityPolicy(\"default\", RegionSecurityPolicyArgs.builder()\n .region(\"asia-southeast1\")\n .name(\"policyruletest\")\n .description(\"basic region security policy\")\n .type(\"CLOUD_ARMOR\")\n .build());\n\n var policyRule = new RegionSecurityPolicyRule(\"policyRule\", RegionSecurityPolicyRuleArgs.builder()\n .region(\"asia-southeast1\")\n .securityPolicy(default_.name())\n .description(\"new rule\")\n .priority(100)\n .match(RegionSecurityPolicyRuleMatchArgs.builder()\n .versionedExpr(\"SRC_IPS_V1\")\n .config(RegionSecurityPolicyRuleMatchConfigArgs.builder()\n .srcIpRanges(\"10.10.0.0/16\")\n .build())\n .build())\n .preconfiguredWafConfig(RegionSecurityPolicyRulePreconfiguredWafConfigArgs.builder()\n .exclusions( \n RegionSecurityPolicyRulePreconfiguredWafConfigExclusionArgs.builder()\n .requestUris(RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUriArgs.builder()\n .operator(\"STARTS_WITH\")\n .value(\"/admin\")\n .build())\n .targetRuleSet(\"rce-stable\")\n .build(),\n RegionSecurityPolicyRulePreconfiguredWafConfigExclusionArgs.builder()\n .requestQueryParams( \n RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArgs.builder()\n .operator(\"CONTAINS\")\n .value(\"password\")\n .build(),\n RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArgs.builder()\n .operator(\"STARTS_WITH\")\n .value(\"freeform\")\n .build(),\n RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArgs.builder()\n .operator(\"EQUALS\")\n .value(\"description\")\n .build())\n .targetRuleSet(\"xss-stable\")\n .targetRuleIds( \n \"owasp-crs-v030001-id941330-xss\",\n \"owasp-crs-v030001-id941340-xss\")\n .build())\n .build())\n .action(\"allow\")\n .preview(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionSecurityPolicy\n properties:\n region: asia-southeast1\n name: policyruletest\n description: basic region security policy\n type: CLOUD_ARMOR\n policyRule:\n type: gcp:compute:RegionSecurityPolicyRule\n name: policy_rule\n properties:\n region: asia-southeast1\n securityPolicy: ${default.name}\n description: new rule\n priority: 100\n match:\n versionedExpr: SRC_IPS_V1\n config:\n srcIpRanges:\n - 10.10.0.0/16\n preconfiguredWafConfig:\n exclusions:\n - requestUris:\n - operator: STARTS_WITH\n value: /admin\n targetRuleSet: rce-stable\n - requestQueryParams:\n - operator: CONTAINS\n value: password\n - operator: STARTS_WITH\n value: freeform\n - operator: EQUALS\n value: description\n targetRuleSet: xss-stable\n targetRuleIds:\n - owasp-crs-v030001-id941330-xss\n - owasp-crs-v030001-id941340-xss\n action: allow\n preview: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Security Policy Rule With Network Match\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n// First activate advanced network DDoS protection for the desired region\nconst policyddosprotection = new gcp.compute.RegionSecurityPolicy(\"policyddosprotection\", {\n region: \"us-west2\",\n name: \"policyddosprotection\",\n description: \"policy for activating network DDoS protection for the desired region\",\n type: \"CLOUD_ARMOR_NETWORK\",\n ddosProtectionConfig: {\n ddosProtection: \"ADVANCED_PREVIEW\",\n },\n});\nconst edgeSecService = new gcp.compute.NetworkEdgeSecurityService(\"edge_sec_service\", {\n region: \"us-west2\",\n name: \"edgesecservice\",\n description: \"linking policy to edge security service\",\n securityPolicy: policyddosprotection.selfLink,\n});\n// Add the desired policy and custom rule.\nconst policynetworkmatch = new gcp.compute.RegionSecurityPolicy(\"policynetworkmatch\", {\n region: \"us-west2\",\n name: \"policyfornetworkmatch\",\n description: \"region security policy for network match\",\n type: \"CLOUD_ARMOR_NETWORK\",\n userDefinedFields: [{\n name: \"SIG1_AT_0\",\n base: \"TCP\",\n offset: 8,\n size: 2,\n mask: \"0x8F00\",\n }],\n}, {\n dependsOn: [edgeSecService],\n});\nconst policyRuleNetworkMatch = new gcp.compute.RegionSecurityPolicyRule(\"policy_rule_network_match\", {\n region: \"us-west2\",\n securityPolicy: policynetworkmatch.name,\n description: \"custom rule for network match\",\n priority: 100,\n networkMatch: {\n srcIpRanges: [\"10.10.0.0/16\"],\n userDefinedFields: [{\n name: \"SIG1_AT_0\",\n values: [\"0x8F00\"],\n }],\n },\n action: \"allow\",\n preview: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n# First activate advanced network DDoS protection for the desired region\npolicyddosprotection = gcp.compute.RegionSecurityPolicy(\"policyddosprotection\",\n region=\"us-west2\",\n name=\"policyddosprotection\",\n description=\"policy for activating network DDoS protection for the desired region\",\n type=\"CLOUD_ARMOR_NETWORK\",\n ddos_protection_config={\n \"ddos_protection\": \"ADVANCED_PREVIEW\",\n })\nedge_sec_service = gcp.compute.NetworkEdgeSecurityService(\"edge_sec_service\",\n region=\"us-west2\",\n name=\"edgesecservice\",\n description=\"linking policy to edge security service\",\n security_policy=policyddosprotection.self_link)\n# Add the desired policy and custom rule.\npolicynetworkmatch = gcp.compute.RegionSecurityPolicy(\"policynetworkmatch\",\n region=\"us-west2\",\n name=\"policyfornetworkmatch\",\n description=\"region security policy for network match\",\n type=\"CLOUD_ARMOR_NETWORK\",\n user_defined_fields=[{\n \"name\": \"SIG1_AT_0\",\n \"base\": \"TCP\",\n \"offset\": 8,\n \"size\": 2,\n \"mask\": \"0x8F00\",\n }],\n opts = pulumi.ResourceOptions(depends_on=[edge_sec_service]))\npolicy_rule_network_match = gcp.compute.RegionSecurityPolicyRule(\"policy_rule_network_match\",\n region=\"us-west2\",\n security_policy=policynetworkmatch.name,\n description=\"custom rule for network match\",\n priority=100,\n network_match={\n \"src_ip_ranges\": [\"10.10.0.0/16\"],\n \"user_defined_fields\": [{\n \"name\": \"SIG1_AT_0\",\n \"values\": [\"0x8F00\"],\n }],\n },\n action=\"allow\",\n preview=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // First activate advanced network DDoS protection for the desired region\n var policyddosprotection = new Gcp.Compute.RegionSecurityPolicy(\"policyddosprotection\", new()\n {\n Region = \"us-west2\",\n Name = \"policyddosprotection\",\n Description = \"policy for activating network DDoS protection for the desired region\",\n Type = \"CLOUD_ARMOR_NETWORK\",\n DdosProtectionConfig = new Gcp.Compute.Inputs.RegionSecurityPolicyDdosProtectionConfigArgs\n {\n DdosProtection = \"ADVANCED_PREVIEW\",\n },\n });\n\n var edgeSecService = new Gcp.Compute.NetworkEdgeSecurityService(\"edge_sec_service\", new()\n {\n Region = \"us-west2\",\n Name = \"edgesecservice\",\n Description = \"linking policy to edge security service\",\n SecurityPolicy = policyddosprotection.SelfLink,\n });\n\n // Add the desired policy and custom rule.\n var policynetworkmatch = new Gcp.Compute.RegionSecurityPolicy(\"policynetworkmatch\", new()\n {\n Region = \"us-west2\",\n Name = \"policyfornetworkmatch\",\n Description = \"region security policy for network match\",\n Type = \"CLOUD_ARMOR_NETWORK\",\n UserDefinedFields = new[]\n {\n new Gcp.Compute.Inputs.RegionSecurityPolicyUserDefinedFieldArgs\n {\n Name = \"SIG1_AT_0\",\n Base = \"TCP\",\n Offset = 8,\n Size = 2,\n Mask = \"0x8F00\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n edgeSecService,\n },\n });\n\n var policyRuleNetworkMatch = new Gcp.Compute.RegionSecurityPolicyRule(\"policy_rule_network_match\", new()\n {\n Region = \"us-west2\",\n SecurityPolicy = policynetworkmatch.Name,\n Description = \"custom rule for network match\",\n Priority = 100,\n NetworkMatch = new Gcp.Compute.Inputs.RegionSecurityPolicyRuleNetworkMatchArgs\n {\n SrcIpRanges = new[]\n {\n \"10.10.0.0/16\",\n },\n UserDefinedFields = new[]\n {\n new Gcp.Compute.Inputs.RegionSecurityPolicyRuleNetworkMatchUserDefinedFieldArgs\n {\n Name = \"SIG1_AT_0\",\n Values = new[]\n {\n \"0x8F00\",\n },\n },\n },\n },\n Action = \"allow\",\n Preview = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// First activate advanced network DDoS protection for the desired region\n\t\tpolicyddosprotection, err := compute.NewRegionSecurityPolicy(ctx, \"policyddosprotection\", \u0026compute.RegionSecurityPolicyArgs{\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tName: pulumi.String(\"policyddosprotection\"),\n\t\t\tDescription: pulumi.String(\"policy for activating network DDoS protection for the desired region\"),\n\t\t\tType: pulumi.String(\"CLOUD_ARMOR_NETWORK\"),\n\t\t\tDdosProtectionConfig: \u0026compute.RegionSecurityPolicyDdosProtectionConfigArgs{\n\t\t\t\tDdosProtection: pulumi.String(\"ADVANCED_PREVIEW\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tedgeSecService, err := compute.NewNetworkEdgeSecurityService(ctx, \"edge_sec_service\", \u0026compute.NetworkEdgeSecurityServiceArgs{\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tName: pulumi.String(\"edgesecservice\"),\n\t\t\tDescription: pulumi.String(\"linking policy to edge security service\"),\n\t\t\tSecurityPolicy: policyddosprotection.SelfLink,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Add the desired policy and custom rule.\n\t\tpolicynetworkmatch, err := compute.NewRegionSecurityPolicy(ctx, \"policynetworkmatch\", \u0026compute.RegionSecurityPolicyArgs{\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tName: pulumi.String(\"policyfornetworkmatch\"),\n\t\t\tDescription: pulumi.String(\"region security policy for network match\"),\n\t\t\tType: pulumi.String(\"CLOUD_ARMOR_NETWORK\"),\n\t\t\tUserDefinedFields: compute.RegionSecurityPolicyUserDefinedFieldArray{\n\t\t\t\t\u0026compute.RegionSecurityPolicyUserDefinedFieldArgs{\n\t\t\t\t\tName: pulumi.String(\"SIG1_AT_0\"),\n\t\t\t\t\tBase: pulumi.String(\"TCP\"),\n\t\t\t\t\tOffset: pulumi.Int(8),\n\t\t\t\t\tSize: pulumi.Int(2),\n\t\t\t\t\tMask: pulumi.String(\"0x8F00\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tedgeSecService,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionSecurityPolicyRule(ctx, \"policy_rule_network_match\", \u0026compute.RegionSecurityPolicyRuleArgs{\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tSecurityPolicy: policynetworkmatch.Name,\n\t\t\tDescription: pulumi.String(\"custom rule for network match\"),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tNetworkMatch: \u0026compute.RegionSecurityPolicyRuleNetworkMatchArgs{\n\t\t\t\tSrcIpRanges: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.10.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tUserDefinedFields: compute.RegionSecurityPolicyRuleNetworkMatchUserDefinedFieldArray{\n\t\t\t\t\t\u0026compute.RegionSecurityPolicyRuleNetworkMatchUserDefinedFieldArgs{\n\t\t\t\t\t\tName: pulumi.String(\"SIG1_AT_0\"),\n\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"0x8F00\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\tPreview: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionSecurityPolicy;\nimport com.pulumi.gcp.compute.RegionSecurityPolicyArgs;\nimport com.pulumi.gcp.compute.inputs.RegionSecurityPolicyDdosProtectionConfigArgs;\nimport com.pulumi.gcp.compute.NetworkEdgeSecurityService;\nimport com.pulumi.gcp.compute.NetworkEdgeSecurityServiceArgs;\nimport com.pulumi.gcp.compute.inputs.RegionSecurityPolicyUserDefinedFieldArgs;\nimport com.pulumi.gcp.compute.RegionSecurityPolicyRule;\nimport com.pulumi.gcp.compute.RegionSecurityPolicyRuleArgs;\nimport com.pulumi.gcp.compute.inputs.RegionSecurityPolicyRuleNetworkMatchArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // First activate advanced network DDoS protection for the desired region\n var policyddosprotection = new RegionSecurityPolicy(\"policyddosprotection\", RegionSecurityPolicyArgs.builder()\n .region(\"us-west2\")\n .name(\"policyddosprotection\")\n .description(\"policy for activating network DDoS protection for the desired region\")\n .type(\"CLOUD_ARMOR_NETWORK\")\n .ddosProtectionConfig(RegionSecurityPolicyDdosProtectionConfigArgs.builder()\n .ddosProtection(\"ADVANCED_PREVIEW\")\n .build())\n .build());\n\n var edgeSecService = new NetworkEdgeSecurityService(\"edgeSecService\", NetworkEdgeSecurityServiceArgs.builder()\n .region(\"us-west2\")\n .name(\"edgesecservice\")\n .description(\"linking policy to edge security service\")\n .securityPolicy(policyddosprotection.selfLink())\n .build());\n\n // Add the desired policy and custom rule.\n var policynetworkmatch = new RegionSecurityPolicy(\"policynetworkmatch\", RegionSecurityPolicyArgs.builder()\n .region(\"us-west2\")\n .name(\"policyfornetworkmatch\")\n .description(\"region security policy for network match\")\n .type(\"CLOUD_ARMOR_NETWORK\")\n .userDefinedFields(RegionSecurityPolicyUserDefinedFieldArgs.builder()\n .name(\"SIG1_AT_0\")\n .base(\"TCP\")\n .offset(8)\n .size(2)\n .mask(\"0x8F00\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(edgeSecService)\n .build());\n\n var policyRuleNetworkMatch = new RegionSecurityPolicyRule(\"policyRuleNetworkMatch\", RegionSecurityPolicyRuleArgs.builder()\n .region(\"us-west2\")\n .securityPolicy(policynetworkmatch.name())\n .description(\"custom rule for network match\")\n .priority(100)\n .networkMatch(RegionSecurityPolicyRuleNetworkMatchArgs.builder()\n .srcIpRanges(\"10.10.0.0/16\")\n .userDefinedFields(RegionSecurityPolicyRuleNetworkMatchUserDefinedFieldArgs.builder()\n .name(\"SIG1_AT_0\")\n .values(\"0x8F00\")\n .build())\n .build())\n .action(\"allow\")\n .preview(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # First activate advanced network DDoS protection for the desired region\n policyddosprotection:\n type: gcp:compute:RegionSecurityPolicy\n properties:\n region: us-west2\n name: policyddosprotection\n description: policy for activating network DDoS protection for the desired region\n type: CLOUD_ARMOR_NETWORK\n ddosProtectionConfig:\n ddosProtection: ADVANCED_PREVIEW\n edgeSecService:\n type: gcp:compute:NetworkEdgeSecurityService\n name: edge_sec_service\n properties:\n region: us-west2\n name: edgesecservice\n description: linking policy to edge security service\n securityPolicy: ${policyddosprotection.selfLink}\n # Add the desired policy and custom rule.\n policynetworkmatch:\n type: gcp:compute:RegionSecurityPolicy\n properties:\n region: us-west2\n name: policyfornetworkmatch\n description: region security policy for network match\n type: CLOUD_ARMOR_NETWORK\n userDefinedFields:\n - name: SIG1_AT_0\n base: TCP\n offset: 8\n size: 2\n mask: 0x8F00\n options:\n dependsOn:\n - ${edgeSecService}\n policyRuleNetworkMatch:\n type: gcp:compute:RegionSecurityPolicyRule\n name: policy_rule_network_match\n properties:\n region: us-west2\n securityPolicy: ${policynetworkmatch.name}\n description: custom rule for network match\n priority: 100\n networkMatch:\n srcIpRanges:\n - 10.10.0.0/16\n userDefinedFields:\n - name: SIG1_AT_0\n values:\n - 0x8F00\n action: allow\n preview: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRegionSecurityPolicyRule can be imported using any of these accepted formats:\n\n* `projects/{{project}}/regions/{{region}}/securityPolicies/{{security_policy}}/priority/{{priority}}`\n\n* `{{project}}/{{region}}/{{security_policy}}/{{priority}}`\n\n* `{{region}}/{{security_policy}}/{{priority}}`\n\n* `{{security_policy}}/{{priority}}`\n\nWhen using the `pulumi import` command, RegionSecurityPolicyRule can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/regionSecurityPolicyRule:RegionSecurityPolicyRule default projects/{{project}}/regions/{{region}}/securityPolicies/{{security_policy}}/priority/{{priority}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionSecurityPolicyRule:RegionSecurityPolicyRule default {{project}}/{{region}}/{{security_policy}}/{{priority}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionSecurityPolicyRule:RegionSecurityPolicyRule default {{region}}/{{security_policy}}/{{priority}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionSecurityPolicyRule:RegionSecurityPolicyRule default {{security_policy}}/{{priority}}\n```\n\n", "properties": { "action": { "type": "string", @@ -178716,7 +178716,7 @@ } }, "gcp:compute/regionTargetHttpsProxy:RegionTargetHttpsProxy": { - "description": "Represents a RegionTargetHttpsProxy resource, which is used by one or more\nforwarding rules to route incoming HTTPS requests to a URL map.\n\n\nTo get more information about RegionTargetHttpsProxy, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/regionTargetHttpsProxies)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/compute/docs/load-balancing/http/target-proxies)\n\n## Example Usage\n\n### Region Target Https Proxy Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst defaultRegionSslCertificate = new gcp.compute.RegionSslCertificate(\"default\", {\n region: \"us-central1\",\n name: \"my-certificate\",\n privateKey: std.file({\n input: \"path/to/private.key\",\n }).then(invoke =\u003e invoke.result),\n certificate: std.file({\n input: \"path/to/certificate.crt\",\n }).then(invoke =\u003e invoke.result),\n});\nconst defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck(\"default\", {\n region: \"us-central1\",\n name: \"http-health-check\",\n httpHealthCheck: {\n port: 80,\n },\n});\nconst defaultRegionBackendService = new gcp.compute.RegionBackendService(\"default\", {\n region: \"us-central1\",\n name: \"backend-service\",\n protocol: \"HTTP\",\n loadBalancingScheme: \"INTERNAL_MANAGED\",\n timeoutSec: 10,\n healthChecks: defaultRegionHealthCheck.id,\n});\nconst defaultRegionUrlMap = new gcp.compute.RegionUrlMap(\"default\", {\n region: \"us-central1\",\n name: \"url-map\",\n description: \"a description\",\n defaultService: defaultRegionBackendService.id,\n hostRules: [{\n hosts: [\"mysite.com\"],\n pathMatcher: \"allpaths\",\n }],\n pathMatchers: [{\n name: \"allpaths\",\n defaultService: defaultRegionBackendService.id,\n pathRules: [{\n paths: [\"/*\"],\n service: defaultRegionBackendService.id,\n }],\n }],\n});\nconst _default = new gcp.compute.RegionTargetHttpsProxy(\"default\", {\n region: \"us-central1\",\n name: \"test-proxy\",\n urlMap: defaultRegionUrlMap.id,\n sslCertificates: [defaultRegionSslCertificate.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndefault_region_ssl_certificate = gcp.compute.RegionSslCertificate(\"default\",\n region=\"us-central1\",\n name=\"my-certificate\",\n private_key=std.file(input=\"path/to/private.key\").result,\n certificate=std.file(input=\"path/to/certificate.crt\").result)\ndefault_region_health_check = gcp.compute.RegionHealthCheck(\"default\",\n region=\"us-central1\",\n name=\"http-health-check\",\n http_health_check={\n \"port\": 80,\n })\ndefault_region_backend_service = gcp.compute.RegionBackendService(\"default\",\n region=\"us-central1\",\n name=\"backend-service\",\n protocol=\"HTTP\",\n load_balancing_scheme=\"INTERNAL_MANAGED\",\n timeout_sec=10,\n health_checks=default_region_health_check.id)\ndefault_region_url_map = gcp.compute.RegionUrlMap(\"default\",\n region=\"us-central1\",\n name=\"url-map\",\n description=\"a description\",\n default_service=default_region_backend_service.id,\n host_rules=[{\n \"hosts\": [\"mysite.com\"],\n \"path_matcher\": \"allpaths\",\n }],\n path_matchers=[{\n \"name\": \"allpaths\",\n \"default_service\": default_region_backend_service.id,\n \"path_rules\": [{\n \"paths\": [\"/*\"],\n \"service\": default_region_backend_service.id,\n }],\n }])\ndefault = gcp.compute.RegionTargetHttpsProxy(\"default\",\n region=\"us-central1\",\n name=\"test-proxy\",\n url_map=default_region_url_map.id,\n ssl_certificates=[default_region_ssl_certificate.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultRegionSslCertificate = new Gcp.Compute.RegionSslCertificate(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"my-certificate\",\n PrivateKey = Std.File.Invoke(new()\n {\n Input = \"path/to/private.key\",\n }).Apply(invoke =\u003e invoke.Result),\n Certificate = Std.File.Invoke(new()\n {\n Input = \"path/to/certificate.crt\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n var defaultRegionHealthCheck = new Gcp.Compute.RegionHealthCheck(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"http-health-check\",\n HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var defaultRegionBackendService = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"backend-service\",\n Protocol = \"HTTP\",\n LoadBalancingScheme = \"INTERNAL_MANAGED\",\n TimeoutSec = 10,\n HealthChecks = defaultRegionHealthCheck.Id,\n });\n\n var defaultRegionUrlMap = new Gcp.Compute.RegionUrlMap(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"url-map\",\n Description = \"a description\",\n DefaultService = defaultRegionBackendService.Id,\n HostRules = new[]\n {\n new Gcp.Compute.Inputs.RegionUrlMapHostRuleArgs\n {\n Hosts = new[]\n {\n \"mysite.com\",\n },\n PathMatcher = \"allpaths\",\n },\n },\n PathMatchers = new[]\n {\n new Gcp.Compute.Inputs.RegionUrlMapPathMatcherArgs\n {\n Name = \"allpaths\",\n DefaultService = defaultRegionBackendService.Id,\n PathRules = new[]\n {\n new Gcp.Compute.Inputs.RegionUrlMapPathMatcherPathRuleArgs\n {\n Paths = new[]\n {\n \"/*\",\n },\n Service = defaultRegionBackendService.Id,\n },\n },\n },\n },\n });\n\n var @default = new Gcp.Compute.RegionTargetHttpsProxy(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"test-proxy\",\n UrlMap = defaultRegionUrlMap.Id,\n SslCertificates = new[]\n {\n defaultRegionSslCertificate.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"path/to/private.key\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"path/to/certificate.crt\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionSslCertificate, err := compute.NewRegionSslCertificate(ctx, \"default\", \u0026compute.RegionSslCertificateArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"my-certificate\"),\n\t\t\tPrivateKey: pulumi.String(invokeFile.Result),\n\t\t\tCertificate: pulumi.String(invokeFile1.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionHealthCheck, err := compute.NewRegionHealthCheck(ctx, \"default\", \u0026compute.RegionHealthCheckArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"http-health-check\"),\n\t\t\tHttpHealthCheck: \u0026compute.RegionHealthCheckHttpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionBackendService, err := compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"backend-service\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_MANAGED\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tHealthChecks: defaultRegionHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionUrlMap, err := compute.NewRegionUrlMap(ctx, \"default\", \u0026compute.RegionUrlMapArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"url-map\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tDefaultService: defaultRegionBackendService.ID(),\n\t\t\tHostRules: compute.RegionUrlMapHostRuleArray{\n\t\t\t\t\u0026compute.RegionUrlMapHostRuleArgs{\n\t\t\t\t\tHosts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"mysite.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tPathMatcher: pulumi.String(\"allpaths\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPathMatchers: compute.RegionUrlMapPathMatcherArray{\n\t\t\t\t\u0026compute.RegionUrlMapPathMatcherArgs{\n\t\t\t\t\tName: pulumi.String(\"allpaths\"),\n\t\t\t\t\tDefaultService: defaultRegionBackendService.ID(),\n\t\t\t\t\tPathRules: compute.RegionUrlMapPathMatcherPathRuleArray{\n\t\t\t\t\t\t\u0026compute.RegionUrlMapPathMatcherPathRuleArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"/*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tService: defaultRegionBackendService.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionTargetHttpsProxy(ctx, \"default\", \u0026compute.RegionTargetHttpsProxyArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"test-proxy\"),\n\t\t\tUrlMap: defaultRegionUrlMap.ID(),\n\t\t\tSslCertificates: pulumi.StringArray{\n\t\t\t\tdefaultRegionSslCertificate.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionSslCertificate;\nimport com.pulumi.gcp.compute.RegionSslCertificateArgs;\nimport com.pulumi.gcp.compute.RegionHealthCheck;\nimport com.pulumi.gcp.compute.RegionHealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.RegionUrlMap;\nimport com.pulumi.gcp.compute.RegionUrlMapArgs;\nimport com.pulumi.gcp.compute.inputs.RegionUrlMapHostRuleArgs;\nimport com.pulumi.gcp.compute.inputs.RegionUrlMapPathMatcherArgs;\nimport com.pulumi.gcp.compute.RegionTargetHttpsProxy;\nimport com.pulumi.gcp.compute.RegionTargetHttpsProxyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultRegionSslCertificate = new RegionSslCertificate(\"defaultRegionSslCertificate\", RegionSslCertificateArgs.builder()\n .region(\"us-central1\")\n .name(\"my-certificate\")\n .privateKey(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/private.key\")\n .build()).result())\n .certificate(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/certificate.crt\")\n .build()).result())\n .build());\n\n var defaultRegionHealthCheck = new RegionHealthCheck(\"defaultRegionHealthCheck\", RegionHealthCheckArgs.builder()\n .region(\"us-central1\")\n .name(\"http-health-check\")\n .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()\n .port(80)\n .build())\n .build());\n\n var defaultRegionBackendService = new RegionBackendService(\"defaultRegionBackendService\", RegionBackendServiceArgs.builder()\n .region(\"us-central1\")\n .name(\"backend-service\")\n .protocol(\"HTTP\")\n .loadBalancingScheme(\"INTERNAL_MANAGED\")\n .timeoutSec(10)\n .healthChecks(defaultRegionHealthCheck.id())\n .build());\n\n var defaultRegionUrlMap = new RegionUrlMap(\"defaultRegionUrlMap\", RegionUrlMapArgs.builder()\n .region(\"us-central1\")\n .name(\"url-map\")\n .description(\"a description\")\n .defaultService(defaultRegionBackendService.id())\n .hostRules(RegionUrlMapHostRuleArgs.builder()\n .hosts(\"mysite.com\")\n .pathMatcher(\"allpaths\")\n .build())\n .pathMatchers(RegionUrlMapPathMatcherArgs.builder()\n .name(\"allpaths\")\n .defaultService(defaultRegionBackendService.id())\n .pathRules(RegionUrlMapPathMatcherPathRuleArgs.builder()\n .paths(\"/*\")\n .service(defaultRegionBackendService.id())\n .build())\n .build())\n .build());\n\n var default_ = new RegionTargetHttpsProxy(\"default\", RegionTargetHttpsProxyArgs.builder()\n .region(\"us-central1\")\n .name(\"test-proxy\")\n .urlMap(defaultRegionUrlMap.id())\n .sslCertificates(defaultRegionSslCertificate.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionTargetHttpsProxy\n properties:\n region: us-central1\n name: test-proxy\n urlMap: ${defaultRegionUrlMap.id}\n sslCertificates:\n - ${defaultRegionSslCertificate.id}\n defaultRegionSslCertificate:\n type: gcp:compute:RegionSslCertificate\n name: default\n properties:\n region: us-central1\n name: my-certificate\n privateKey:\n fn::invoke:\n Function: std:file\n Arguments:\n input: path/to/private.key\n Return: result\n certificate:\n fn::invoke:\n Function: std:file\n Arguments:\n input: path/to/certificate.crt\n Return: result\n defaultRegionUrlMap:\n type: gcp:compute:RegionUrlMap\n name: default\n properties:\n region: us-central1\n name: url-map\n description: a description\n defaultService: ${defaultRegionBackendService.id}\n hostRules:\n - hosts:\n - mysite.com\n pathMatcher: allpaths\n pathMatchers:\n - name: allpaths\n defaultService: ${defaultRegionBackendService.id}\n pathRules:\n - paths:\n - /*\n service: ${defaultRegionBackendService.id}\n defaultRegionBackendService:\n type: gcp:compute:RegionBackendService\n name: default\n properties:\n region: us-central1\n name: backend-service\n protocol: HTTP\n loadBalancingScheme: INTERNAL_MANAGED\n timeoutSec: 10\n healthChecks: ${defaultRegionHealthCheck.id}\n defaultRegionHealthCheck:\n type: gcp:compute:RegionHealthCheck\n name: default\n properties:\n region: us-central1\n name: http-health-check\n httpHealthCheck:\n port: 80\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Target Https Proxy Http Keep Alive Timeout\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst defaultRegionSslCertificate = new gcp.compute.RegionSslCertificate(\"default\", {\n region: \"us-central1\",\n name: \"my-certificate\",\n privateKey: std.file({\n input: \"path/to/private.key\",\n }).then(invoke =\u003e invoke.result),\n certificate: std.file({\n input: \"path/to/certificate.crt\",\n }).then(invoke =\u003e invoke.result),\n});\nconst defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck(\"default\", {\n region: \"us-central1\",\n name: \"http-health-check\",\n httpHealthCheck: {\n port: 80,\n },\n});\nconst defaultRegionBackendService = new gcp.compute.RegionBackendService(\"default\", {\n region: \"us-central1\",\n name: \"backend-service\",\n portName: \"http\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n loadBalancingScheme: \"INTERNAL_MANAGED\",\n healthChecks: defaultRegionHealthCheck.id,\n});\nconst defaultRegionUrlMap = new gcp.compute.RegionUrlMap(\"default\", {\n region: \"us-central1\",\n name: \"url-map\",\n description: \"a description\",\n defaultService: defaultRegionBackendService.id,\n hostRules: [{\n hosts: [\"mysite.com\"],\n pathMatcher: \"allpaths\",\n }],\n pathMatchers: [{\n name: \"allpaths\",\n defaultService: defaultRegionBackendService.id,\n pathRules: [{\n paths: [\"/*\"],\n service: defaultRegionBackendService.id,\n }],\n }],\n});\nconst _default = new gcp.compute.RegionTargetHttpsProxy(\"default\", {\n region: \"us-central1\",\n name: \"test-http-keep-alive-timeout-proxy\",\n httpKeepAliveTimeoutSec: 600,\n urlMap: defaultRegionUrlMap.id,\n sslCertificates: [defaultRegionSslCertificate.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndefault_region_ssl_certificate = gcp.compute.RegionSslCertificate(\"default\",\n region=\"us-central1\",\n name=\"my-certificate\",\n private_key=std.file(input=\"path/to/private.key\").result,\n certificate=std.file(input=\"path/to/certificate.crt\").result)\ndefault_region_health_check = gcp.compute.RegionHealthCheck(\"default\",\n region=\"us-central1\",\n name=\"http-health-check\",\n http_health_check={\n \"port\": 80,\n })\ndefault_region_backend_service = gcp.compute.RegionBackendService(\"default\",\n region=\"us-central1\",\n name=\"backend-service\",\n port_name=\"http\",\n protocol=\"HTTP\",\n timeout_sec=10,\n load_balancing_scheme=\"INTERNAL_MANAGED\",\n health_checks=default_region_health_check.id)\ndefault_region_url_map = gcp.compute.RegionUrlMap(\"default\",\n region=\"us-central1\",\n name=\"url-map\",\n description=\"a description\",\n default_service=default_region_backend_service.id,\n host_rules=[{\n \"hosts\": [\"mysite.com\"],\n \"path_matcher\": \"allpaths\",\n }],\n path_matchers=[{\n \"name\": \"allpaths\",\n \"default_service\": default_region_backend_service.id,\n \"path_rules\": [{\n \"paths\": [\"/*\"],\n \"service\": default_region_backend_service.id,\n }],\n }])\ndefault = gcp.compute.RegionTargetHttpsProxy(\"default\",\n region=\"us-central1\",\n name=\"test-http-keep-alive-timeout-proxy\",\n http_keep_alive_timeout_sec=600,\n url_map=default_region_url_map.id,\n ssl_certificates=[default_region_ssl_certificate.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultRegionSslCertificate = new Gcp.Compute.RegionSslCertificate(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"my-certificate\",\n PrivateKey = Std.File.Invoke(new()\n {\n Input = \"path/to/private.key\",\n }).Apply(invoke =\u003e invoke.Result),\n Certificate = Std.File.Invoke(new()\n {\n Input = \"path/to/certificate.crt\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n var defaultRegionHealthCheck = new Gcp.Compute.RegionHealthCheck(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"http-health-check\",\n HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var defaultRegionBackendService = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"backend-service\",\n PortName = \"http\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n LoadBalancingScheme = \"INTERNAL_MANAGED\",\n HealthChecks = defaultRegionHealthCheck.Id,\n });\n\n var defaultRegionUrlMap = new Gcp.Compute.RegionUrlMap(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"url-map\",\n Description = \"a description\",\n DefaultService = defaultRegionBackendService.Id,\n HostRules = new[]\n {\n new Gcp.Compute.Inputs.RegionUrlMapHostRuleArgs\n {\n Hosts = new[]\n {\n \"mysite.com\",\n },\n PathMatcher = \"allpaths\",\n },\n },\n PathMatchers = new[]\n {\n new Gcp.Compute.Inputs.RegionUrlMapPathMatcherArgs\n {\n Name = \"allpaths\",\n DefaultService = defaultRegionBackendService.Id,\n PathRules = new[]\n {\n new Gcp.Compute.Inputs.RegionUrlMapPathMatcherPathRuleArgs\n {\n Paths = new[]\n {\n \"/*\",\n },\n Service = defaultRegionBackendService.Id,\n },\n },\n },\n },\n });\n\n var @default = new Gcp.Compute.RegionTargetHttpsProxy(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"test-http-keep-alive-timeout-proxy\",\n HttpKeepAliveTimeoutSec = 600,\n UrlMap = defaultRegionUrlMap.Id,\n SslCertificates = new[]\n {\n defaultRegionSslCertificate.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"path/to/private.key\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"path/to/certificate.crt\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionSslCertificate, err := compute.NewRegionSslCertificate(ctx, \"default\", \u0026compute.RegionSslCertificateArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"my-certificate\"),\n\t\t\tPrivateKey: pulumi.String(invokeFile.Result),\n\t\t\tCertificate: pulumi.String(invokeFile1.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionHealthCheck, err := compute.NewRegionHealthCheck(ctx, \"default\", \u0026compute.RegionHealthCheckArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"http-health-check\"),\n\t\t\tHttpHealthCheck: \u0026compute.RegionHealthCheckHttpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionBackendService, err := compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"backend-service\"),\n\t\t\tPortName: pulumi.String(\"http\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_MANAGED\"),\n\t\t\tHealthChecks: defaultRegionHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionUrlMap, err := compute.NewRegionUrlMap(ctx, \"default\", \u0026compute.RegionUrlMapArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"url-map\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tDefaultService: defaultRegionBackendService.ID(),\n\t\t\tHostRules: compute.RegionUrlMapHostRuleArray{\n\t\t\t\t\u0026compute.RegionUrlMapHostRuleArgs{\n\t\t\t\t\tHosts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"mysite.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tPathMatcher: pulumi.String(\"allpaths\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPathMatchers: compute.RegionUrlMapPathMatcherArray{\n\t\t\t\t\u0026compute.RegionUrlMapPathMatcherArgs{\n\t\t\t\t\tName: pulumi.String(\"allpaths\"),\n\t\t\t\t\tDefaultService: defaultRegionBackendService.ID(),\n\t\t\t\t\tPathRules: compute.RegionUrlMapPathMatcherPathRuleArray{\n\t\t\t\t\t\t\u0026compute.RegionUrlMapPathMatcherPathRuleArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"/*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tService: defaultRegionBackendService.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionTargetHttpsProxy(ctx, \"default\", \u0026compute.RegionTargetHttpsProxyArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"test-http-keep-alive-timeout-proxy\"),\n\t\t\tHttpKeepAliveTimeoutSec: pulumi.Int(600),\n\t\t\tUrlMap: defaultRegionUrlMap.ID(),\n\t\t\tSslCertificates: pulumi.StringArray{\n\t\t\t\tdefaultRegionSslCertificate.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionSslCertificate;\nimport com.pulumi.gcp.compute.RegionSslCertificateArgs;\nimport com.pulumi.gcp.compute.RegionHealthCheck;\nimport com.pulumi.gcp.compute.RegionHealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.RegionUrlMap;\nimport com.pulumi.gcp.compute.RegionUrlMapArgs;\nimport com.pulumi.gcp.compute.inputs.RegionUrlMapHostRuleArgs;\nimport com.pulumi.gcp.compute.inputs.RegionUrlMapPathMatcherArgs;\nimport com.pulumi.gcp.compute.RegionTargetHttpsProxy;\nimport com.pulumi.gcp.compute.RegionTargetHttpsProxyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultRegionSslCertificate = new RegionSslCertificate(\"defaultRegionSslCertificate\", RegionSslCertificateArgs.builder()\n .region(\"us-central1\")\n .name(\"my-certificate\")\n .privateKey(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/private.key\")\n .build()).result())\n .certificate(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/certificate.crt\")\n .build()).result())\n .build());\n\n var defaultRegionHealthCheck = new RegionHealthCheck(\"defaultRegionHealthCheck\", RegionHealthCheckArgs.builder()\n .region(\"us-central1\")\n .name(\"http-health-check\")\n .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()\n .port(80)\n .build())\n .build());\n\n var defaultRegionBackendService = new RegionBackendService(\"defaultRegionBackendService\", RegionBackendServiceArgs.builder()\n .region(\"us-central1\")\n .name(\"backend-service\")\n .portName(\"http\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .loadBalancingScheme(\"INTERNAL_MANAGED\")\n .healthChecks(defaultRegionHealthCheck.id())\n .build());\n\n var defaultRegionUrlMap = new RegionUrlMap(\"defaultRegionUrlMap\", RegionUrlMapArgs.builder()\n .region(\"us-central1\")\n .name(\"url-map\")\n .description(\"a description\")\n .defaultService(defaultRegionBackendService.id())\n .hostRules(RegionUrlMapHostRuleArgs.builder()\n .hosts(\"mysite.com\")\n .pathMatcher(\"allpaths\")\n .build())\n .pathMatchers(RegionUrlMapPathMatcherArgs.builder()\n .name(\"allpaths\")\n .defaultService(defaultRegionBackendService.id())\n .pathRules(RegionUrlMapPathMatcherPathRuleArgs.builder()\n .paths(\"/*\")\n .service(defaultRegionBackendService.id())\n .build())\n .build())\n .build());\n\n var default_ = new RegionTargetHttpsProxy(\"default\", RegionTargetHttpsProxyArgs.builder()\n .region(\"us-central1\")\n .name(\"test-http-keep-alive-timeout-proxy\")\n .httpKeepAliveTimeoutSec(600)\n .urlMap(defaultRegionUrlMap.id())\n .sslCertificates(defaultRegionSslCertificate.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionTargetHttpsProxy\n properties:\n region: us-central1\n name: test-http-keep-alive-timeout-proxy\n httpKeepAliveTimeoutSec: 600\n urlMap: ${defaultRegionUrlMap.id}\n sslCertificates:\n - ${defaultRegionSslCertificate.id}\n defaultRegionSslCertificate:\n type: gcp:compute:RegionSslCertificate\n name: default\n properties:\n region: us-central1\n name: my-certificate\n privateKey:\n fn::invoke:\n Function: std:file\n Arguments:\n input: path/to/private.key\n Return: result\n certificate:\n fn::invoke:\n Function: std:file\n Arguments:\n input: path/to/certificate.crt\n Return: result\n defaultRegionUrlMap:\n type: gcp:compute:RegionUrlMap\n name: default\n properties:\n region: us-central1\n name: url-map\n description: a description\n defaultService: ${defaultRegionBackendService.id}\n hostRules:\n - hosts:\n - mysite.com\n pathMatcher: allpaths\n pathMatchers:\n - name: allpaths\n defaultService: ${defaultRegionBackendService.id}\n pathRules:\n - paths:\n - /*\n service: ${defaultRegionBackendService.id}\n defaultRegionBackendService:\n type: gcp:compute:RegionBackendService\n name: default\n properties:\n region: us-central1\n name: backend-service\n portName: http\n protocol: HTTP\n timeoutSec: 10\n loadBalancingScheme: INTERNAL_MANAGED\n healthChecks: ${defaultRegionHealthCheck.id}\n defaultRegionHealthCheck:\n type: gcp:compute:RegionHealthCheck\n name: default\n properties:\n region: us-central1\n name: http-health-check\n httpHealthCheck:\n port: 80\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Target Https Proxy Mtls\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst project = gcp.organizations.getProject({});\nconst defaultTrustConfig = new gcp.certificatemanager.TrustConfig(\"default\", {\n location: \"us-central1\",\n name: \"my-trust-config\",\n description: \"sample description for trust config\",\n trustStores: [{\n trustAnchors: [{\n pemCertificate: std.file({\n input: \"test-fixtures/ca_cert.pem\",\n }).then(invoke =\u003e invoke.result),\n }],\n intermediateCas: [{\n pemCertificate: std.file({\n input: \"test-fixtures/ca_cert.pem\",\n }).then(invoke =\u003e invoke.result),\n }],\n }],\n labels: {\n foo: \"bar\",\n },\n});\nconst defaultServerTlsPolicy = new gcp.networksecurity.ServerTlsPolicy(\"default\", {\n location: \"us-central1\",\n name: \"my-tls-policy\",\n description: \"my description\",\n allowOpen: false,\n mtlsPolicy: {\n clientValidationMode: \"REJECT_INVALID\",\n clientValidationTrustConfig: pulumi.all([project, defaultTrustConfig.name]).apply(([project, name]) =\u003e `projects/${project.number}/locations/us-central1/trustConfigs/${name}`),\n },\n});\nconst defaultRegionSslCertificate = new gcp.compute.RegionSslCertificate(\"default\", {\n region: \"us-central1\",\n name: \"my-certificate\",\n privateKey: std.file({\n input: \"path/to/private.key\",\n }).then(invoke =\u003e invoke.result),\n certificate: std.file({\n input: \"path/to/certificate.crt\",\n }).then(invoke =\u003e invoke.result),\n});\nconst defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck(\"default\", {\n region: \"us-central1\",\n name: \"http-health-check\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n httpHealthCheck: {\n port: 80,\n },\n});\nconst defaultRegionBackendService = new gcp.compute.RegionBackendService(\"default\", {\n region: \"us-central1\",\n name: \"backend-service\",\n portName: \"http\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n loadBalancingScheme: \"INTERNAL_MANAGED\",\n healthChecks: defaultRegionHealthCheck.id,\n});\nconst defaultRegionUrlMap = new gcp.compute.RegionUrlMap(\"default\", {\n region: \"us-central1\",\n name: \"url-map\",\n description: \"a description\",\n defaultService: defaultRegionBackendService.id,\n hostRules: [{\n hosts: [\"mysite.com\"],\n pathMatcher: \"allpaths\",\n }],\n pathMatchers: [{\n name: \"allpaths\",\n defaultService: defaultRegionBackendService.id,\n pathRules: [{\n paths: [\"/*\"],\n service: defaultRegionBackendService.id,\n }],\n }],\n});\nconst _default = new gcp.compute.RegionTargetHttpsProxy(\"default\", {\n region: \"us-central1\",\n name: \"test-mtls-proxy\",\n urlMap: defaultRegionUrlMap.id,\n sslCertificates: [defaultRegionSslCertificate.id],\n serverTlsPolicy: defaultServerTlsPolicy.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nproject = gcp.organizations.get_project()\ndefault_trust_config = gcp.certificatemanager.TrustConfig(\"default\",\n location=\"us-central1\",\n name=\"my-trust-config\",\n description=\"sample description for trust config\",\n trust_stores=[{\n \"trust_anchors\": [{\n \"pem_certificate\": std.file(input=\"test-fixtures/ca_cert.pem\").result,\n }],\n \"intermediate_cas\": [{\n \"pem_certificate\": std.file(input=\"test-fixtures/ca_cert.pem\").result,\n }],\n }],\n labels={\n \"foo\": \"bar\",\n })\ndefault_server_tls_policy = gcp.networksecurity.ServerTlsPolicy(\"default\",\n location=\"us-central1\",\n name=\"my-tls-policy\",\n description=\"my description\",\n allow_open=False,\n mtls_policy={\n \"client_validation_mode\": \"REJECT_INVALID\",\n \"client_validation_trust_config\": default_trust_config.name.apply(lambda name: f\"projects/{project.number}/locations/us-central1/trustConfigs/{name}\"),\n })\ndefault_region_ssl_certificate = gcp.compute.RegionSslCertificate(\"default\",\n region=\"us-central1\",\n name=\"my-certificate\",\n private_key=std.file(input=\"path/to/private.key\").result,\n certificate=std.file(input=\"path/to/certificate.crt\").result)\ndefault_region_health_check = gcp.compute.RegionHealthCheck(\"default\",\n region=\"us-central1\",\n name=\"http-health-check\",\n check_interval_sec=1,\n timeout_sec=1,\n http_health_check={\n \"port\": 80,\n })\ndefault_region_backend_service = gcp.compute.RegionBackendService(\"default\",\n region=\"us-central1\",\n name=\"backend-service\",\n port_name=\"http\",\n protocol=\"HTTP\",\n timeout_sec=10,\n load_balancing_scheme=\"INTERNAL_MANAGED\",\n health_checks=default_region_health_check.id)\ndefault_region_url_map = gcp.compute.RegionUrlMap(\"default\",\n region=\"us-central1\",\n name=\"url-map\",\n description=\"a description\",\n default_service=default_region_backend_service.id,\n host_rules=[{\n \"hosts\": [\"mysite.com\"],\n \"path_matcher\": \"allpaths\",\n }],\n path_matchers=[{\n \"name\": \"allpaths\",\n \"default_service\": default_region_backend_service.id,\n \"path_rules\": [{\n \"paths\": [\"/*\"],\n \"service\": default_region_backend_service.id,\n }],\n }])\ndefault = gcp.compute.RegionTargetHttpsProxy(\"default\",\n region=\"us-central1\",\n name=\"test-mtls-proxy\",\n url_map=default_region_url_map.id,\n ssl_certificates=[default_region_ssl_certificate.id],\n server_tls_policy=default_server_tls_policy.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var defaultTrustConfig = new Gcp.CertificateManager.TrustConfig(\"default\", new()\n {\n Location = \"us-central1\",\n Name = \"my-trust-config\",\n Description = \"sample description for trust config\",\n TrustStores = new[]\n {\n new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreArgs\n {\n TrustAnchors = new[]\n {\n new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreTrustAnchorArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/ca_cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n IntermediateCas = new[]\n {\n new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreIntermediateCaArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/ca_cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n },\n },\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n var defaultServerTlsPolicy = new Gcp.NetworkSecurity.ServerTlsPolicy(\"default\", new()\n {\n Location = \"us-central1\",\n Name = \"my-tls-policy\",\n Description = \"my description\",\n AllowOpen = false,\n MtlsPolicy = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyArgs\n {\n ClientValidationMode = \"REJECT_INVALID\",\n ClientValidationTrustConfig = Output.Tuple(project, defaultTrustConfig.Name).Apply(values =\u003e\n {\n var project = values.Item1;\n var name = values.Item2;\n return $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/locations/us-central1/trustConfigs/{name}\";\n }),\n },\n });\n\n var defaultRegionSslCertificate = new Gcp.Compute.RegionSslCertificate(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"my-certificate\",\n PrivateKey = Std.File.Invoke(new()\n {\n Input = \"path/to/private.key\",\n }).Apply(invoke =\u003e invoke.Result),\n Certificate = Std.File.Invoke(new()\n {\n Input = \"path/to/certificate.crt\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n var defaultRegionHealthCheck = new Gcp.Compute.RegionHealthCheck(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"http-health-check\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var defaultRegionBackendService = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"backend-service\",\n PortName = \"http\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n LoadBalancingScheme = \"INTERNAL_MANAGED\",\n HealthChecks = defaultRegionHealthCheck.Id,\n });\n\n var defaultRegionUrlMap = new Gcp.Compute.RegionUrlMap(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"url-map\",\n Description = \"a description\",\n DefaultService = defaultRegionBackendService.Id,\n HostRules = new[]\n {\n new Gcp.Compute.Inputs.RegionUrlMapHostRuleArgs\n {\n Hosts = new[]\n {\n \"mysite.com\",\n },\n PathMatcher = \"allpaths\",\n },\n },\n PathMatchers = new[]\n {\n new Gcp.Compute.Inputs.RegionUrlMapPathMatcherArgs\n {\n Name = \"allpaths\",\n DefaultService = defaultRegionBackendService.Id,\n PathRules = new[]\n {\n new Gcp.Compute.Inputs.RegionUrlMapPathMatcherPathRuleArgs\n {\n Paths = new[]\n {\n \"/*\",\n },\n Service = defaultRegionBackendService.Id,\n },\n },\n },\n },\n });\n\n var @default = new Gcp.Compute.RegionTargetHttpsProxy(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"test-mtls-proxy\",\n UrlMap = defaultRegionUrlMap.Id,\n SslCertificates = new[]\n {\n defaultRegionSslCertificate.Id,\n },\n ServerTlsPolicy = defaultServerTlsPolicy.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/ca_cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/ca_cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTrustConfig, err := certificatemanager.NewTrustConfig(ctx, \"default\", \u0026certificatemanager.TrustConfigArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"my-trust-config\"),\n\t\t\tDescription: pulumi.String(\"sample description for trust config\"),\n\t\t\tTrustStores: certificatemanager.TrustConfigTrustStoreArray{\n\t\t\t\t\u0026certificatemanager.TrustConfigTrustStoreArgs{\n\t\t\t\t\tTrustAnchors: certificatemanager.TrustConfigTrustStoreTrustAnchorArray{\n\t\t\t\t\t\t\u0026certificatemanager.TrustConfigTrustStoreTrustAnchorArgs{\n\t\t\t\t\t\t\tPemCertificate: pulumi.String(invokeFile.Result),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tIntermediateCas: certificatemanager.TrustConfigTrustStoreIntermediateCaArray{\n\t\t\t\t\t\t\u0026certificatemanager.TrustConfigTrustStoreIntermediateCaArgs{\n\t\t\t\t\t\t\tPemCertificate: pulumi.String(invokeFile1.Result),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultServerTlsPolicy, err := networksecurity.NewServerTlsPolicy(ctx, \"default\", \u0026networksecurity.ServerTlsPolicyArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"my-tls-policy\"),\n\t\t\tDescription: pulumi.String(\"my description\"),\n\t\t\tAllowOpen: pulumi.Bool(false),\n\t\t\tMtlsPolicy: \u0026networksecurity.ServerTlsPolicyMtlsPolicyArgs{\n\t\t\t\tClientValidationMode: pulumi.String(\"REJECT_INVALID\"),\n\t\t\t\tClientValidationTrustConfig: defaultTrustConfig.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"projects/%v/locations/us-central1/trustConfigs/%v\", project.Number, name), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile2, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"path/to/private.key\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile3, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"path/to/certificate.crt\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionSslCertificate, err := compute.NewRegionSslCertificate(ctx, \"default\", \u0026compute.RegionSslCertificateArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"my-certificate\"),\n\t\t\tPrivateKey: pulumi.String(invokeFile2.Result),\n\t\t\tCertificate: pulumi.String(invokeFile3.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionHealthCheck, err := compute.NewRegionHealthCheck(ctx, \"default\", \u0026compute.RegionHealthCheckArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"http-health-check\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tHttpHealthCheck: \u0026compute.RegionHealthCheckHttpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionBackendService, err := compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"backend-service\"),\n\t\t\tPortName: pulumi.String(\"http\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_MANAGED\"),\n\t\t\tHealthChecks: defaultRegionHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionUrlMap, err := compute.NewRegionUrlMap(ctx, \"default\", \u0026compute.RegionUrlMapArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"url-map\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tDefaultService: defaultRegionBackendService.ID(),\n\t\t\tHostRules: compute.RegionUrlMapHostRuleArray{\n\t\t\t\t\u0026compute.RegionUrlMapHostRuleArgs{\n\t\t\t\t\tHosts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"mysite.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tPathMatcher: pulumi.String(\"allpaths\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPathMatchers: compute.RegionUrlMapPathMatcherArray{\n\t\t\t\t\u0026compute.RegionUrlMapPathMatcherArgs{\n\t\t\t\t\tName: pulumi.String(\"allpaths\"),\n\t\t\t\t\tDefaultService: defaultRegionBackendService.ID(),\n\t\t\t\t\tPathRules: compute.RegionUrlMapPathMatcherPathRuleArray{\n\t\t\t\t\t\t\u0026compute.RegionUrlMapPathMatcherPathRuleArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"/*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tService: defaultRegionBackendService.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionTargetHttpsProxy(ctx, \"default\", \u0026compute.RegionTargetHttpsProxyArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"test-mtls-proxy\"),\n\t\t\tUrlMap: defaultRegionUrlMap.ID(),\n\t\t\tSslCertificates: pulumi.StringArray{\n\t\t\t\tdefaultRegionSslCertificate.ID(),\n\t\t\t},\n\t\t\tServerTlsPolicy: defaultServerTlsPolicy.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.certificatemanager.TrustConfig;\nimport com.pulumi.gcp.certificatemanager.TrustConfigArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.TrustConfigTrustStoreArgs;\nimport com.pulumi.gcp.networksecurity.ServerTlsPolicy;\nimport com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;\nimport com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyMtlsPolicyArgs;\nimport com.pulumi.gcp.compute.RegionSslCertificate;\nimport com.pulumi.gcp.compute.RegionSslCertificateArgs;\nimport com.pulumi.gcp.compute.RegionHealthCheck;\nimport com.pulumi.gcp.compute.RegionHealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.RegionUrlMap;\nimport com.pulumi.gcp.compute.RegionUrlMapArgs;\nimport com.pulumi.gcp.compute.inputs.RegionUrlMapHostRuleArgs;\nimport com.pulumi.gcp.compute.inputs.RegionUrlMapPathMatcherArgs;\nimport com.pulumi.gcp.compute.RegionTargetHttpsProxy;\nimport com.pulumi.gcp.compute.RegionTargetHttpsProxyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var defaultTrustConfig = new TrustConfig(\"defaultTrustConfig\", TrustConfigArgs.builder()\n .location(\"us-central1\")\n .name(\"my-trust-config\")\n .description(\"sample description for trust config\")\n .trustStores(TrustConfigTrustStoreArgs.builder()\n .trustAnchors(TrustConfigTrustStoreTrustAnchorArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/ca_cert.pem\")\n .build()).result())\n .build())\n .intermediateCas(TrustConfigTrustStoreIntermediateCaArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/ca_cert.pem\")\n .build()).result())\n .build())\n .build())\n .labels(Map.of(\"foo\", \"bar\"))\n .build());\n\n var defaultServerTlsPolicy = new ServerTlsPolicy(\"defaultServerTlsPolicy\", ServerTlsPolicyArgs.builder()\n .location(\"us-central1\")\n .name(\"my-tls-policy\")\n .description(\"my description\")\n .allowOpen(\"false\")\n .mtlsPolicy(ServerTlsPolicyMtlsPolicyArgs.builder()\n .clientValidationMode(\"REJECT_INVALID\")\n .clientValidationTrustConfig(defaultTrustConfig.name().applyValue(name -\u003e String.format(\"projects/%s/locations/us-central1/trustConfigs/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number()),name)))\n .build())\n .build());\n\n var defaultRegionSslCertificate = new RegionSslCertificate(\"defaultRegionSslCertificate\", RegionSslCertificateArgs.builder()\n .region(\"us-central1\")\n .name(\"my-certificate\")\n .privateKey(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/private.key\")\n .build()).result())\n .certificate(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/certificate.crt\")\n .build()).result())\n .build());\n\n var defaultRegionHealthCheck = new RegionHealthCheck(\"defaultRegionHealthCheck\", RegionHealthCheckArgs.builder()\n .region(\"us-central1\")\n .name(\"http-health-check\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()\n .port(80)\n .build())\n .build());\n\n var defaultRegionBackendService = new RegionBackendService(\"defaultRegionBackendService\", RegionBackendServiceArgs.builder()\n .region(\"us-central1\")\n .name(\"backend-service\")\n .portName(\"http\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .loadBalancingScheme(\"INTERNAL_MANAGED\")\n .healthChecks(defaultRegionHealthCheck.id())\n .build());\n\n var defaultRegionUrlMap = new RegionUrlMap(\"defaultRegionUrlMap\", RegionUrlMapArgs.builder()\n .region(\"us-central1\")\n .name(\"url-map\")\n .description(\"a description\")\n .defaultService(defaultRegionBackendService.id())\n .hostRules(RegionUrlMapHostRuleArgs.builder()\n .hosts(\"mysite.com\")\n .pathMatcher(\"allpaths\")\n .build())\n .pathMatchers(RegionUrlMapPathMatcherArgs.builder()\n .name(\"allpaths\")\n .defaultService(defaultRegionBackendService.id())\n .pathRules(RegionUrlMapPathMatcherPathRuleArgs.builder()\n .paths(\"/*\")\n .service(defaultRegionBackendService.id())\n .build())\n .build())\n .build());\n\n var default_ = new RegionTargetHttpsProxy(\"default\", RegionTargetHttpsProxyArgs.builder()\n .region(\"us-central1\")\n .name(\"test-mtls-proxy\")\n .urlMap(defaultRegionUrlMap.id())\n .sslCertificates(defaultRegionSslCertificate.id())\n .serverTlsPolicy(defaultServerTlsPolicy.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionTargetHttpsProxy\n properties:\n region: us-central1\n name: test-mtls-proxy\n urlMap: ${defaultRegionUrlMap.id}\n sslCertificates:\n - ${defaultRegionSslCertificate.id}\n serverTlsPolicy: ${defaultServerTlsPolicy.id}\n defaultTrustConfig:\n type: gcp:certificatemanager:TrustConfig\n name: default\n properties:\n location: us-central1\n name: my-trust-config\n description: sample description for trust config\n trustStores:\n - trustAnchors:\n - pemCertificate:\n fn::invoke:\n Function: std:file\n Arguments:\n input: test-fixtures/ca_cert.pem\n Return: result\n intermediateCas:\n - pemCertificate:\n fn::invoke:\n Function: std:file\n Arguments:\n input: test-fixtures/ca_cert.pem\n Return: result\n labels:\n foo: bar\n defaultServerTlsPolicy:\n type: gcp:networksecurity:ServerTlsPolicy\n name: default\n properties:\n location: us-central1\n name: my-tls-policy\n description: my description\n allowOpen: 'false'\n mtlsPolicy:\n clientValidationMode: REJECT_INVALID\n clientValidationTrustConfig: projects/${project.number}/locations/us-central1/trustConfigs/${defaultTrustConfig.name}\n defaultRegionSslCertificate:\n type: gcp:compute:RegionSslCertificate\n name: default\n properties:\n region: us-central1\n name: my-certificate\n privateKey:\n fn::invoke:\n Function: std:file\n Arguments:\n input: path/to/private.key\n Return: result\n certificate:\n fn::invoke:\n Function: std:file\n Arguments:\n input: path/to/certificate.crt\n Return: result\n defaultRegionUrlMap:\n type: gcp:compute:RegionUrlMap\n name: default\n properties:\n region: us-central1\n name: url-map\n description: a description\n defaultService: ${defaultRegionBackendService.id}\n hostRules:\n - hosts:\n - mysite.com\n pathMatcher: allpaths\n pathMatchers:\n - name: allpaths\n defaultService: ${defaultRegionBackendService.id}\n pathRules:\n - paths:\n - /*\n service: ${defaultRegionBackendService.id}\n defaultRegionBackendService:\n type: gcp:compute:RegionBackendService\n name: default\n properties:\n region: us-central1\n name: backend-service\n portName: http\n protocol: HTTP\n timeoutSec: 10\n loadBalancingScheme: INTERNAL_MANAGED\n healthChecks: ${defaultRegionHealthCheck.id}\n defaultRegionHealthCheck:\n type: gcp:compute:RegionHealthCheck\n name: default\n properties:\n region: us-central1\n name: http-health-check\n checkIntervalSec: 1\n timeoutSec: 1\n httpHealthCheck:\n port: 80\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Target Https Proxy Certificate Manager Certificate\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst defaultCertificate = new gcp.certificatemanager.Certificate(\"default\", {\n name: \"my-certificate\",\n location: \"us-central1\",\n selfManaged: {\n pemCertificate: std.file({\n input: \"test-fixtures/cert.pem\",\n }).then(invoke =\u003e invoke.result),\n pemPrivateKey: std.file({\n input: \"test-fixtures/private-key.pem\",\n }).then(invoke =\u003e invoke.result),\n },\n});\nconst defaultRegionBackendService = new gcp.compute.RegionBackendService(\"default\", {\n name: \"backend-service\",\n region: \"us-central1\",\n protocol: \"HTTPS\",\n timeoutSec: 30,\n loadBalancingScheme: \"INTERNAL_MANAGED\",\n});\nconst defaultRegionUrlMap = new gcp.compute.RegionUrlMap(\"default\", {\n name: \"url-map\",\n defaultService: defaultRegionBackendService.id,\n region: \"us-central1\",\n});\nconst _default = new gcp.compute.RegionTargetHttpsProxy(\"default\", {\n name: \"target-http-proxy\",\n urlMap: defaultRegionUrlMap.id,\n certificateManagerCertificates: [pulumi.interpolate`//certificatemanager.googleapis.com/${defaultCertificate.id}`],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndefault_certificate = gcp.certificatemanager.Certificate(\"default\",\n name=\"my-certificate\",\n location=\"us-central1\",\n self_managed={\n \"pem_certificate\": std.file(input=\"test-fixtures/cert.pem\").result,\n \"pem_private_key\": std.file(input=\"test-fixtures/private-key.pem\").result,\n })\ndefault_region_backend_service = gcp.compute.RegionBackendService(\"default\",\n name=\"backend-service\",\n region=\"us-central1\",\n protocol=\"HTTPS\",\n timeout_sec=30,\n load_balancing_scheme=\"INTERNAL_MANAGED\")\ndefault_region_url_map = gcp.compute.RegionUrlMap(\"default\",\n name=\"url-map\",\n default_service=default_region_backend_service.id,\n region=\"us-central1\")\ndefault = gcp.compute.RegionTargetHttpsProxy(\"default\",\n name=\"target-http-proxy\",\n url_map=default_region_url_map.id,\n certificate_manager_certificates=[default_certificate.id.apply(lambda id: f\"//certificatemanager.googleapis.com/{id}\")])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultCertificate = new Gcp.CertificateManager.Certificate(\"default\", new()\n {\n Name = \"my-certificate\",\n Location = \"us-central1\",\n SelfManaged = new Gcp.CertificateManager.Inputs.CertificateSelfManagedArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n PemPrivateKey = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/private-key.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n });\n\n var defaultRegionBackendService = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n Name = \"backend-service\",\n Region = \"us-central1\",\n Protocol = \"HTTPS\",\n TimeoutSec = 30,\n LoadBalancingScheme = \"INTERNAL_MANAGED\",\n });\n\n var defaultRegionUrlMap = new Gcp.Compute.RegionUrlMap(\"default\", new()\n {\n Name = \"url-map\",\n DefaultService = defaultRegionBackendService.Id,\n Region = \"us-central1\",\n });\n\n var @default = new Gcp.Compute.RegionTargetHttpsProxy(\"default\", new()\n {\n Name = \"target-http-proxy\",\n UrlMap = defaultRegionUrlMap.Id,\n CertificateManagerCertificates = new[]\n {\n defaultCertificate.Id.Apply(id =\u003e $\"//certificatemanager.googleapis.com/{id}\"),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/private-key.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultCertificate, err := certificatemanager.NewCertificate(ctx, \"default\", \u0026certificatemanager.CertificateArgs{\n\t\t\tName: pulumi.String(\"my-certificate\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tSelfManaged: \u0026certificatemanager.CertificateSelfManagedArgs{\n\t\t\t\tPemCertificate: pulumi.String(invokeFile.Result),\n\t\t\t\tPemPrivateKey: pulumi.String(invokeFile1.Result),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionBackendService, err := compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"backend-service\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tProtocol: pulumi.String(\"HTTPS\"),\n\t\t\tTimeoutSec: pulumi.Int(30),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_MANAGED\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionUrlMap, err := compute.NewRegionUrlMap(ctx, \"default\", \u0026compute.RegionUrlMapArgs{\n\t\t\tName: pulumi.String(\"url-map\"),\n\t\t\tDefaultService: defaultRegionBackendService.ID(),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionTargetHttpsProxy(ctx, \"default\", \u0026compute.RegionTargetHttpsProxyArgs{\n\t\t\tName: pulumi.String(\"target-http-proxy\"),\n\t\t\tUrlMap: defaultRegionUrlMap.ID(),\n\t\t\tCertificateManagerCertificates: pulumi.StringArray{\n\t\t\t\tdefaultCertificate.ID().ApplyT(func(id string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"//certificatemanager.googleapis.com/%v\", id), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificatemanager.Certificate;\nimport com.pulumi.gcp.certificatemanager.CertificateArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.CertificateSelfManagedArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.RegionUrlMap;\nimport com.pulumi.gcp.compute.RegionUrlMapArgs;\nimport com.pulumi.gcp.compute.RegionTargetHttpsProxy;\nimport com.pulumi.gcp.compute.RegionTargetHttpsProxyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultCertificate = new Certificate(\"defaultCertificate\", CertificateArgs.builder()\n .name(\"my-certificate\")\n .location(\"us-central1\")\n .selfManaged(CertificateSelfManagedArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/cert.pem\")\n .build()).result())\n .pemPrivateKey(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/private-key.pem\")\n .build()).result())\n .build())\n .build());\n\n var defaultRegionBackendService = new RegionBackendService(\"defaultRegionBackendService\", RegionBackendServiceArgs.builder()\n .name(\"backend-service\")\n .region(\"us-central1\")\n .protocol(\"HTTPS\")\n .timeoutSec(30)\n .loadBalancingScheme(\"INTERNAL_MANAGED\")\n .build());\n\n var defaultRegionUrlMap = new RegionUrlMap(\"defaultRegionUrlMap\", RegionUrlMapArgs.builder()\n .name(\"url-map\")\n .defaultService(defaultRegionBackendService.id())\n .region(\"us-central1\")\n .build());\n\n var default_ = new RegionTargetHttpsProxy(\"default\", RegionTargetHttpsProxyArgs.builder()\n .name(\"target-http-proxy\")\n .urlMap(defaultRegionUrlMap.id())\n .certificateManagerCertificates(defaultCertificate.id().applyValue(id -\u003e String.format(\"//certificatemanager.googleapis.com/%s\", id)))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionTargetHttpsProxy\n properties:\n name: target-http-proxy\n urlMap: ${defaultRegionUrlMap.id}\n certificateManagerCertificates: # [google_certificate_manager_certificate.default.id] is also acceptable\n - //certificatemanager.googleapis.com/${defaultCertificate.id}\n defaultCertificate:\n type: gcp:certificatemanager:Certificate\n name: default\n properties:\n name: my-certificate\n location: us-central1\n selfManaged:\n pemCertificate:\n fn::invoke:\n Function: std:file\n Arguments:\n input: test-fixtures/cert.pem\n Return: result\n pemPrivateKey:\n fn::invoke:\n Function: std:file\n Arguments:\n input: test-fixtures/private-key.pem\n Return: result\n defaultRegionUrlMap:\n type: gcp:compute:RegionUrlMap\n name: default\n properties:\n name: url-map\n defaultService: ${defaultRegionBackendService.id}\n region: us-central1\n defaultRegionBackendService:\n type: gcp:compute:RegionBackendService\n name: default\n properties:\n name: backend-service\n region: us-central1\n protocol: HTTPS\n timeoutSec: 30\n loadBalancingScheme: INTERNAL_MANAGED\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRegionTargetHttpsProxy can be imported using any of these accepted formats:\n\n* `projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, RegionTargetHttpsProxy can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/regionTargetHttpsProxy:RegionTargetHttpsProxy default projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionTargetHttpsProxy:RegionTargetHttpsProxy default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionTargetHttpsProxy:RegionTargetHttpsProxy default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionTargetHttpsProxy:RegionTargetHttpsProxy default {{name}}\n```\n\n", + "description": "Represents a RegionTargetHttpsProxy resource, which is used by one or more\nforwarding rules to route incoming HTTPS requests to a URL map.\n\n\nTo get more information about RegionTargetHttpsProxy, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/regionTargetHttpsProxies)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/compute/docs/load-balancing/http/target-proxies)\n\n## Example Usage\n\n### Region Target Https Proxy Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst defaultRegionSslCertificate = new gcp.compute.RegionSslCertificate(\"default\", {\n region: \"us-central1\",\n name: \"my-certificate\",\n privateKey: std.file({\n input: \"path/to/private.key\",\n }).then(invoke =\u003e invoke.result),\n certificate: std.file({\n input: \"path/to/certificate.crt\",\n }).then(invoke =\u003e invoke.result),\n});\nconst defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck(\"default\", {\n region: \"us-central1\",\n name: \"http-health-check\",\n httpHealthCheck: {\n port: 80,\n },\n});\nconst defaultRegionBackendService = new gcp.compute.RegionBackendService(\"default\", {\n region: \"us-central1\",\n name: \"backend-service\",\n protocol: \"HTTP\",\n loadBalancingScheme: \"INTERNAL_MANAGED\",\n timeoutSec: 10,\n healthChecks: defaultRegionHealthCheck.id,\n});\nconst defaultRegionUrlMap = new gcp.compute.RegionUrlMap(\"default\", {\n region: \"us-central1\",\n name: \"url-map\",\n description: \"a description\",\n defaultService: defaultRegionBackendService.id,\n hostRules: [{\n hosts: [\"mysite.com\"],\n pathMatcher: \"allpaths\",\n }],\n pathMatchers: [{\n name: \"allpaths\",\n defaultService: defaultRegionBackendService.id,\n pathRules: [{\n paths: [\"/*\"],\n service: defaultRegionBackendService.id,\n }],\n }],\n});\nconst _default = new gcp.compute.RegionTargetHttpsProxy(\"default\", {\n region: \"us-central1\",\n name: \"test-proxy\",\n urlMap: defaultRegionUrlMap.id,\n sslCertificates: [defaultRegionSslCertificate.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndefault_region_ssl_certificate = gcp.compute.RegionSslCertificate(\"default\",\n region=\"us-central1\",\n name=\"my-certificate\",\n private_key=std.file(input=\"path/to/private.key\").result,\n certificate=std.file(input=\"path/to/certificate.crt\").result)\ndefault_region_health_check = gcp.compute.RegionHealthCheck(\"default\",\n region=\"us-central1\",\n name=\"http-health-check\",\n http_health_check={\n \"port\": 80,\n })\ndefault_region_backend_service = gcp.compute.RegionBackendService(\"default\",\n region=\"us-central1\",\n name=\"backend-service\",\n protocol=\"HTTP\",\n load_balancing_scheme=\"INTERNAL_MANAGED\",\n timeout_sec=10,\n health_checks=default_region_health_check.id)\ndefault_region_url_map = gcp.compute.RegionUrlMap(\"default\",\n region=\"us-central1\",\n name=\"url-map\",\n description=\"a description\",\n default_service=default_region_backend_service.id,\n host_rules=[{\n \"hosts\": [\"mysite.com\"],\n \"path_matcher\": \"allpaths\",\n }],\n path_matchers=[{\n \"name\": \"allpaths\",\n \"default_service\": default_region_backend_service.id,\n \"path_rules\": [{\n \"paths\": [\"/*\"],\n \"service\": default_region_backend_service.id,\n }],\n }])\ndefault = gcp.compute.RegionTargetHttpsProxy(\"default\",\n region=\"us-central1\",\n name=\"test-proxy\",\n url_map=default_region_url_map.id,\n ssl_certificates=[default_region_ssl_certificate.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultRegionSslCertificate = new Gcp.Compute.RegionSslCertificate(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"my-certificate\",\n PrivateKey = Std.File.Invoke(new()\n {\n Input = \"path/to/private.key\",\n }).Apply(invoke =\u003e invoke.Result),\n Certificate = Std.File.Invoke(new()\n {\n Input = \"path/to/certificate.crt\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n var defaultRegionHealthCheck = new Gcp.Compute.RegionHealthCheck(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"http-health-check\",\n HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var defaultRegionBackendService = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"backend-service\",\n Protocol = \"HTTP\",\n LoadBalancingScheme = \"INTERNAL_MANAGED\",\n TimeoutSec = 10,\n HealthChecks = defaultRegionHealthCheck.Id,\n });\n\n var defaultRegionUrlMap = new Gcp.Compute.RegionUrlMap(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"url-map\",\n Description = \"a description\",\n DefaultService = defaultRegionBackendService.Id,\n HostRules = new[]\n {\n new Gcp.Compute.Inputs.RegionUrlMapHostRuleArgs\n {\n Hosts = new[]\n {\n \"mysite.com\",\n },\n PathMatcher = \"allpaths\",\n },\n },\n PathMatchers = new[]\n {\n new Gcp.Compute.Inputs.RegionUrlMapPathMatcherArgs\n {\n Name = \"allpaths\",\n DefaultService = defaultRegionBackendService.Id,\n PathRules = new[]\n {\n new Gcp.Compute.Inputs.RegionUrlMapPathMatcherPathRuleArgs\n {\n Paths = new[]\n {\n \"/*\",\n },\n Service = defaultRegionBackendService.Id,\n },\n },\n },\n },\n });\n\n var @default = new Gcp.Compute.RegionTargetHttpsProxy(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"test-proxy\",\n UrlMap = defaultRegionUrlMap.Id,\n SslCertificates = new[]\n {\n defaultRegionSslCertificate.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"path/to/private.key\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"path/to/certificate.crt\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionSslCertificate, err := compute.NewRegionSslCertificate(ctx, \"default\", \u0026compute.RegionSslCertificateArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"my-certificate\"),\n\t\t\tPrivateKey: pulumi.String(invokeFile.Result),\n\t\t\tCertificate: pulumi.String(invokeFile1.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionHealthCheck, err := compute.NewRegionHealthCheck(ctx, \"default\", \u0026compute.RegionHealthCheckArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"http-health-check\"),\n\t\t\tHttpHealthCheck: \u0026compute.RegionHealthCheckHttpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionBackendService, err := compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"backend-service\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_MANAGED\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tHealthChecks: defaultRegionHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionUrlMap, err := compute.NewRegionUrlMap(ctx, \"default\", \u0026compute.RegionUrlMapArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"url-map\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tDefaultService: defaultRegionBackendService.ID(),\n\t\t\tHostRules: compute.RegionUrlMapHostRuleArray{\n\t\t\t\t\u0026compute.RegionUrlMapHostRuleArgs{\n\t\t\t\t\tHosts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"mysite.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tPathMatcher: pulumi.String(\"allpaths\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPathMatchers: compute.RegionUrlMapPathMatcherArray{\n\t\t\t\t\u0026compute.RegionUrlMapPathMatcherArgs{\n\t\t\t\t\tName: pulumi.String(\"allpaths\"),\n\t\t\t\t\tDefaultService: defaultRegionBackendService.ID(),\n\t\t\t\t\tPathRules: compute.RegionUrlMapPathMatcherPathRuleArray{\n\t\t\t\t\t\t\u0026compute.RegionUrlMapPathMatcherPathRuleArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"/*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tService: defaultRegionBackendService.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionTargetHttpsProxy(ctx, \"default\", \u0026compute.RegionTargetHttpsProxyArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"test-proxy\"),\n\t\t\tUrlMap: defaultRegionUrlMap.ID(),\n\t\t\tSslCertificates: pulumi.StringArray{\n\t\t\t\tdefaultRegionSslCertificate.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionSslCertificate;\nimport com.pulumi.gcp.compute.RegionSslCertificateArgs;\nimport com.pulumi.gcp.compute.RegionHealthCheck;\nimport com.pulumi.gcp.compute.RegionHealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.RegionUrlMap;\nimport com.pulumi.gcp.compute.RegionUrlMapArgs;\nimport com.pulumi.gcp.compute.inputs.RegionUrlMapHostRuleArgs;\nimport com.pulumi.gcp.compute.inputs.RegionUrlMapPathMatcherArgs;\nimport com.pulumi.gcp.compute.RegionTargetHttpsProxy;\nimport com.pulumi.gcp.compute.RegionTargetHttpsProxyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultRegionSslCertificate = new RegionSslCertificate(\"defaultRegionSslCertificate\", RegionSslCertificateArgs.builder()\n .region(\"us-central1\")\n .name(\"my-certificate\")\n .privateKey(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/private.key\")\n .build()).result())\n .certificate(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/certificate.crt\")\n .build()).result())\n .build());\n\n var defaultRegionHealthCheck = new RegionHealthCheck(\"defaultRegionHealthCheck\", RegionHealthCheckArgs.builder()\n .region(\"us-central1\")\n .name(\"http-health-check\")\n .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()\n .port(80)\n .build())\n .build());\n\n var defaultRegionBackendService = new RegionBackendService(\"defaultRegionBackendService\", RegionBackendServiceArgs.builder()\n .region(\"us-central1\")\n .name(\"backend-service\")\n .protocol(\"HTTP\")\n .loadBalancingScheme(\"INTERNAL_MANAGED\")\n .timeoutSec(10)\n .healthChecks(defaultRegionHealthCheck.id())\n .build());\n\n var defaultRegionUrlMap = new RegionUrlMap(\"defaultRegionUrlMap\", RegionUrlMapArgs.builder()\n .region(\"us-central1\")\n .name(\"url-map\")\n .description(\"a description\")\n .defaultService(defaultRegionBackendService.id())\n .hostRules(RegionUrlMapHostRuleArgs.builder()\n .hosts(\"mysite.com\")\n .pathMatcher(\"allpaths\")\n .build())\n .pathMatchers(RegionUrlMapPathMatcherArgs.builder()\n .name(\"allpaths\")\n .defaultService(defaultRegionBackendService.id())\n .pathRules(RegionUrlMapPathMatcherPathRuleArgs.builder()\n .paths(\"/*\")\n .service(defaultRegionBackendService.id())\n .build())\n .build())\n .build());\n\n var default_ = new RegionTargetHttpsProxy(\"default\", RegionTargetHttpsProxyArgs.builder()\n .region(\"us-central1\")\n .name(\"test-proxy\")\n .urlMap(defaultRegionUrlMap.id())\n .sslCertificates(defaultRegionSslCertificate.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionTargetHttpsProxy\n properties:\n region: us-central1\n name: test-proxy\n urlMap: ${defaultRegionUrlMap.id}\n sslCertificates:\n - ${defaultRegionSslCertificate.id}\n defaultRegionSslCertificate:\n type: gcp:compute:RegionSslCertificate\n name: default\n properties:\n region: us-central1\n name: my-certificate\n privateKey:\n fn::invoke:\n function: std:file\n arguments:\n input: path/to/private.key\n return: result\n certificate:\n fn::invoke:\n function: std:file\n arguments:\n input: path/to/certificate.crt\n return: result\n defaultRegionUrlMap:\n type: gcp:compute:RegionUrlMap\n name: default\n properties:\n region: us-central1\n name: url-map\n description: a description\n defaultService: ${defaultRegionBackendService.id}\n hostRules:\n - hosts:\n - mysite.com\n pathMatcher: allpaths\n pathMatchers:\n - name: allpaths\n defaultService: ${defaultRegionBackendService.id}\n pathRules:\n - paths:\n - /*\n service: ${defaultRegionBackendService.id}\n defaultRegionBackendService:\n type: gcp:compute:RegionBackendService\n name: default\n properties:\n region: us-central1\n name: backend-service\n protocol: HTTP\n loadBalancingScheme: INTERNAL_MANAGED\n timeoutSec: 10\n healthChecks: ${defaultRegionHealthCheck.id}\n defaultRegionHealthCheck:\n type: gcp:compute:RegionHealthCheck\n name: default\n properties:\n region: us-central1\n name: http-health-check\n httpHealthCheck:\n port: 80\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Target Https Proxy Http Keep Alive Timeout\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst defaultRegionSslCertificate = new gcp.compute.RegionSslCertificate(\"default\", {\n region: \"us-central1\",\n name: \"my-certificate\",\n privateKey: std.file({\n input: \"path/to/private.key\",\n }).then(invoke =\u003e invoke.result),\n certificate: std.file({\n input: \"path/to/certificate.crt\",\n }).then(invoke =\u003e invoke.result),\n});\nconst defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck(\"default\", {\n region: \"us-central1\",\n name: \"http-health-check\",\n httpHealthCheck: {\n port: 80,\n },\n});\nconst defaultRegionBackendService = new gcp.compute.RegionBackendService(\"default\", {\n region: \"us-central1\",\n name: \"backend-service\",\n portName: \"http\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n loadBalancingScheme: \"INTERNAL_MANAGED\",\n healthChecks: defaultRegionHealthCheck.id,\n});\nconst defaultRegionUrlMap = new gcp.compute.RegionUrlMap(\"default\", {\n region: \"us-central1\",\n name: \"url-map\",\n description: \"a description\",\n defaultService: defaultRegionBackendService.id,\n hostRules: [{\n hosts: [\"mysite.com\"],\n pathMatcher: \"allpaths\",\n }],\n pathMatchers: [{\n name: \"allpaths\",\n defaultService: defaultRegionBackendService.id,\n pathRules: [{\n paths: [\"/*\"],\n service: defaultRegionBackendService.id,\n }],\n }],\n});\nconst _default = new gcp.compute.RegionTargetHttpsProxy(\"default\", {\n region: \"us-central1\",\n name: \"test-http-keep-alive-timeout-proxy\",\n httpKeepAliveTimeoutSec: 600,\n urlMap: defaultRegionUrlMap.id,\n sslCertificates: [defaultRegionSslCertificate.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndefault_region_ssl_certificate = gcp.compute.RegionSslCertificate(\"default\",\n region=\"us-central1\",\n name=\"my-certificate\",\n private_key=std.file(input=\"path/to/private.key\").result,\n certificate=std.file(input=\"path/to/certificate.crt\").result)\ndefault_region_health_check = gcp.compute.RegionHealthCheck(\"default\",\n region=\"us-central1\",\n name=\"http-health-check\",\n http_health_check={\n \"port\": 80,\n })\ndefault_region_backend_service = gcp.compute.RegionBackendService(\"default\",\n region=\"us-central1\",\n name=\"backend-service\",\n port_name=\"http\",\n protocol=\"HTTP\",\n timeout_sec=10,\n load_balancing_scheme=\"INTERNAL_MANAGED\",\n health_checks=default_region_health_check.id)\ndefault_region_url_map = gcp.compute.RegionUrlMap(\"default\",\n region=\"us-central1\",\n name=\"url-map\",\n description=\"a description\",\n default_service=default_region_backend_service.id,\n host_rules=[{\n \"hosts\": [\"mysite.com\"],\n \"path_matcher\": \"allpaths\",\n }],\n path_matchers=[{\n \"name\": \"allpaths\",\n \"default_service\": default_region_backend_service.id,\n \"path_rules\": [{\n \"paths\": [\"/*\"],\n \"service\": default_region_backend_service.id,\n }],\n }])\ndefault = gcp.compute.RegionTargetHttpsProxy(\"default\",\n region=\"us-central1\",\n name=\"test-http-keep-alive-timeout-proxy\",\n http_keep_alive_timeout_sec=600,\n url_map=default_region_url_map.id,\n ssl_certificates=[default_region_ssl_certificate.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultRegionSslCertificate = new Gcp.Compute.RegionSslCertificate(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"my-certificate\",\n PrivateKey = Std.File.Invoke(new()\n {\n Input = \"path/to/private.key\",\n }).Apply(invoke =\u003e invoke.Result),\n Certificate = Std.File.Invoke(new()\n {\n Input = \"path/to/certificate.crt\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n var defaultRegionHealthCheck = new Gcp.Compute.RegionHealthCheck(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"http-health-check\",\n HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var defaultRegionBackendService = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"backend-service\",\n PortName = \"http\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n LoadBalancingScheme = \"INTERNAL_MANAGED\",\n HealthChecks = defaultRegionHealthCheck.Id,\n });\n\n var defaultRegionUrlMap = new Gcp.Compute.RegionUrlMap(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"url-map\",\n Description = \"a description\",\n DefaultService = defaultRegionBackendService.Id,\n HostRules = new[]\n {\n new Gcp.Compute.Inputs.RegionUrlMapHostRuleArgs\n {\n Hosts = new[]\n {\n \"mysite.com\",\n },\n PathMatcher = \"allpaths\",\n },\n },\n PathMatchers = new[]\n {\n new Gcp.Compute.Inputs.RegionUrlMapPathMatcherArgs\n {\n Name = \"allpaths\",\n DefaultService = defaultRegionBackendService.Id,\n PathRules = new[]\n {\n new Gcp.Compute.Inputs.RegionUrlMapPathMatcherPathRuleArgs\n {\n Paths = new[]\n {\n \"/*\",\n },\n Service = defaultRegionBackendService.Id,\n },\n },\n },\n },\n });\n\n var @default = new Gcp.Compute.RegionTargetHttpsProxy(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"test-http-keep-alive-timeout-proxy\",\n HttpKeepAliveTimeoutSec = 600,\n UrlMap = defaultRegionUrlMap.Id,\n SslCertificates = new[]\n {\n defaultRegionSslCertificate.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"path/to/private.key\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"path/to/certificate.crt\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionSslCertificate, err := compute.NewRegionSslCertificate(ctx, \"default\", \u0026compute.RegionSslCertificateArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"my-certificate\"),\n\t\t\tPrivateKey: pulumi.String(invokeFile.Result),\n\t\t\tCertificate: pulumi.String(invokeFile1.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionHealthCheck, err := compute.NewRegionHealthCheck(ctx, \"default\", \u0026compute.RegionHealthCheckArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"http-health-check\"),\n\t\t\tHttpHealthCheck: \u0026compute.RegionHealthCheckHttpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionBackendService, err := compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"backend-service\"),\n\t\t\tPortName: pulumi.String(\"http\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_MANAGED\"),\n\t\t\tHealthChecks: defaultRegionHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionUrlMap, err := compute.NewRegionUrlMap(ctx, \"default\", \u0026compute.RegionUrlMapArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"url-map\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tDefaultService: defaultRegionBackendService.ID(),\n\t\t\tHostRules: compute.RegionUrlMapHostRuleArray{\n\t\t\t\t\u0026compute.RegionUrlMapHostRuleArgs{\n\t\t\t\t\tHosts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"mysite.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tPathMatcher: pulumi.String(\"allpaths\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPathMatchers: compute.RegionUrlMapPathMatcherArray{\n\t\t\t\t\u0026compute.RegionUrlMapPathMatcherArgs{\n\t\t\t\t\tName: pulumi.String(\"allpaths\"),\n\t\t\t\t\tDefaultService: defaultRegionBackendService.ID(),\n\t\t\t\t\tPathRules: compute.RegionUrlMapPathMatcherPathRuleArray{\n\t\t\t\t\t\t\u0026compute.RegionUrlMapPathMatcherPathRuleArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"/*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tService: defaultRegionBackendService.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionTargetHttpsProxy(ctx, \"default\", \u0026compute.RegionTargetHttpsProxyArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"test-http-keep-alive-timeout-proxy\"),\n\t\t\tHttpKeepAliveTimeoutSec: pulumi.Int(600),\n\t\t\tUrlMap: defaultRegionUrlMap.ID(),\n\t\t\tSslCertificates: pulumi.StringArray{\n\t\t\t\tdefaultRegionSslCertificate.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionSslCertificate;\nimport com.pulumi.gcp.compute.RegionSslCertificateArgs;\nimport com.pulumi.gcp.compute.RegionHealthCheck;\nimport com.pulumi.gcp.compute.RegionHealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.RegionUrlMap;\nimport com.pulumi.gcp.compute.RegionUrlMapArgs;\nimport com.pulumi.gcp.compute.inputs.RegionUrlMapHostRuleArgs;\nimport com.pulumi.gcp.compute.inputs.RegionUrlMapPathMatcherArgs;\nimport com.pulumi.gcp.compute.RegionTargetHttpsProxy;\nimport com.pulumi.gcp.compute.RegionTargetHttpsProxyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultRegionSslCertificate = new RegionSslCertificate(\"defaultRegionSslCertificate\", RegionSslCertificateArgs.builder()\n .region(\"us-central1\")\n .name(\"my-certificate\")\n .privateKey(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/private.key\")\n .build()).result())\n .certificate(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/certificate.crt\")\n .build()).result())\n .build());\n\n var defaultRegionHealthCheck = new RegionHealthCheck(\"defaultRegionHealthCheck\", RegionHealthCheckArgs.builder()\n .region(\"us-central1\")\n .name(\"http-health-check\")\n .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()\n .port(80)\n .build())\n .build());\n\n var defaultRegionBackendService = new RegionBackendService(\"defaultRegionBackendService\", RegionBackendServiceArgs.builder()\n .region(\"us-central1\")\n .name(\"backend-service\")\n .portName(\"http\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .loadBalancingScheme(\"INTERNAL_MANAGED\")\n .healthChecks(defaultRegionHealthCheck.id())\n .build());\n\n var defaultRegionUrlMap = new RegionUrlMap(\"defaultRegionUrlMap\", RegionUrlMapArgs.builder()\n .region(\"us-central1\")\n .name(\"url-map\")\n .description(\"a description\")\n .defaultService(defaultRegionBackendService.id())\n .hostRules(RegionUrlMapHostRuleArgs.builder()\n .hosts(\"mysite.com\")\n .pathMatcher(\"allpaths\")\n .build())\n .pathMatchers(RegionUrlMapPathMatcherArgs.builder()\n .name(\"allpaths\")\n .defaultService(defaultRegionBackendService.id())\n .pathRules(RegionUrlMapPathMatcherPathRuleArgs.builder()\n .paths(\"/*\")\n .service(defaultRegionBackendService.id())\n .build())\n .build())\n .build());\n\n var default_ = new RegionTargetHttpsProxy(\"default\", RegionTargetHttpsProxyArgs.builder()\n .region(\"us-central1\")\n .name(\"test-http-keep-alive-timeout-proxy\")\n .httpKeepAliveTimeoutSec(600)\n .urlMap(defaultRegionUrlMap.id())\n .sslCertificates(defaultRegionSslCertificate.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionTargetHttpsProxy\n properties:\n region: us-central1\n name: test-http-keep-alive-timeout-proxy\n httpKeepAliveTimeoutSec: 600\n urlMap: ${defaultRegionUrlMap.id}\n sslCertificates:\n - ${defaultRegionSslCertificate.id}\n defaultRegionSslCertificate:\n type: gcp:compute:RegionSslCertificate\n name: default\n properties:\n region: us-central1\n name: my-certificate\n privateKey:\n fn::invoke:\n function: std:file\n arguments:\n input: path/to/private.key\n return: result\n certificate:\n fn::invoke:\n function: std:file\n arguments:\n input: path/to/certificate.crt\n return: result\n defaultRegionUrlMap:\n type: gcp:compute:RegionUrlMap\n name: default\n properties:\n region: us-central1\n name: url-map\n description: a description\n defaultService: ${defaultRegionBackendService.id}\n hostRules:\n - hosts:\n - mysite.com\n pathMatcher: allpaths\n pathMatchers:\n - name: allpaths\n defaultService: ${defaultRegionBackendService.id}\n pathRules:\n - paths:\n - /*\n service: ${defaultRegionBackendService.id}\n defaultRegionBackendService:\n type: gcp:compute:RegionBackendService\n name: default\n properties:\n region: us-central1\n name: backend-service\n portName: http\n protocol: HTTP\n timeoutSec: 10\n loadBalancingScheme: INTERNAL_MANAGED\n healthChecks: ${defaultRegionHealthCheck.id}\n defaultRegionHealthCheck:\n type: gcp:compute:RegionHealthCheck\n name: default\n properties:\n region: us-central1\n name: http-health-check\n httpHealthCheck:\n port: 80\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Target Https Proxy Mtls\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst project = gcp.organizations.getProject({});\nconst defaultTrustConfig = new gcp.certificatemanager.TrustConfig(\"default\", {\n location: \"us-central1\",\n name: \"my-trust-config\",\n description: \"sample description for trust config\",\n trustStores: [{\n trustAnchors: [{\n pemCertificate: std.file({\n input: \"test-fixtures/ca_cert.pem\",\n }).then(invoke =\u003e invoke.result),\n }],\n intermediateCas: [{\n pemCertificate: std.file({\n input: \"test-fixtures/ca_cert.pem\",\n }).then(invoke =\u003e invoke.result),\n }],\n }],\n labels: {\n foo: \"bar\",\n },\n});\nconst defaultServerTlsPolicy = new gcp.networksecurity.ServerTlsPolicy(\"default\", {\n location: \"us-central1\",\n name: \"my-tls-policy\",\n description: \"my description\",\n allowOpen: false,\n mtlsPolicy: {\n clientValidationMode: \"REJECT_INVALID\",\n clientValidationTrustConfig: pulumi.all([project, defaultTrustConfig.name]).apply(([project, name]) =\u003e `projects/${project.number}/locations/us-central1/trustConfigs/${name}`),\n },\n});\nconst defaultRegionSslCertificate = new gcp.compute.RegionSslCertificate(\"default\", {\n region: \"us-central1\",\n name: \"my-certificate\",\n privateKey: std.file({\n input: \"path/to/private.key\",\n }).then(invoke =\u003e invoke.result),\n certificate: std.file({\n input: \"path/to/certificate.crt\",\n }).then(invoke =\u003e invoke.result),\n});\nconst defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck(\"default\", {\n region: \"us-central1\",\n name: \"http-health-check\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n httpHealthCheck: {\n port: 80,\n },\n});\nconst defaultRegionBackendService = new gcp.compute.RegionBackendService(\"default\", {\n region: \"us-central1\",\n name: \"backend-service\",\n portName: \"http\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n loadBalancingScheme: \"INTERNAL_MANAGED\",\n healthChecks: defaultRegionHealthCheck.id,\n});\nconst defaultRegionUrlMap = new gcp.compute.RegionUrlMap(\"default\", {\n region: \"us-central1\",\n name: \"url-map\",\n description: \"a description\",\n defaultService: defaultRegionBackendService.id,\n hostRules: [{\n hosts: [\"mysite.com\"],\n pathMatcher: \"allpaths\",\n }],\n pathMatchers: [{\n name: \"allpaths\",\n defaultService: defaultRegionBackendService.id,\n pathRules: [{\n paths: [\"/*\"],\n service: defaultRegionBackendService.id,\n }],\n }],\n});\nconst _default = new gcp.compute.RegionTargetHttpsProxy(\"default\", {\n region: \"us-central1\",\n name: \"test-mtls-proxy\",\n urlMap: defaultRegionUrlMap.id,\n sslCertificates: [defaultRegionSslCertificate.id],\n serverTlsPolicy: defaultServerTlsPolicy.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nproject = gcp.organizations.get_project()\ndefault_trust_config = gcp.certificatemanager.TrustConfig(\"default\",\n location=\"us-central1\",\n name=\"my-trust-config\",\n description=\"sample description for trust config\",\n trust_stores=[{\n \"trust_anchors\": [{\n \"pem_certificate\": std.file(input=\"test-fixtures/ca_cert.pem\").result,\n }],\n \"intermediate_cas\": [{\n \"pem_certificate\": std.file(input=\"test-fixtures/ca_cert.pem\").result,\n }],\n }],\n labels={\n \"foo\": \"bar\",\n })\ndefault_server_tls_policy = gcp.networksecurity.ServerTlsPolicy(\"default\",\n location=\"us-central1\",\n name=\"my-tls-policy\",\n description=\"my description\",\n allow_open=False,\n mtls_policy={\n \"client_validation_mode\": \"REJECT_INVALID\",\n \"client_validation_trust_config\": default_trust_config.name.apply(lambda name: f\"projects/{project.number}/locations/us-central1/trustConfigs/{name}\"),\n })\ndefault_region_ssl_certificate = gcp.compute.RegionSslCertificate(\"default\",\n region=\"us-central1\",\n name=\"my-certificate\",\n private_key=std.file(input=\"path/to/private.key\").result,\n certificate=std.file(input=\"path/to/certificate.crt\").result)\ndefault_region_health_check = gcp.compute.RegionHealthCheck(\"default\",\n region=\"us-central1\",\n name=\"http-health-check\",\n check_interval_sec=1,\n timeout_sec=1,\n http_health_check={\n \"port\": 80,\n })\ndefault_region_backend_service = gcp.compute.RegionBackendService(\"default\",\n region=\"us-central1\",\n name=\"backend-service\",\n port_name=\"http\",\n protocol=\"HTTP\",\n timeout_sec=10,\n load_balancing_scheme=\"INTERNAL_MANAGED\",\n health_checks=default_region_health_check.id)\ndefault_region_url_map = gcp.compute.RegionUrlMap(\"default\",\n region=\"us-central1\",\n name=\"url-map\",\n description=\"a description\",\n default_service=default_region_backend_service.id,\n host_rules=[{\n \"hosts\": [\"mysite.com\"],\n \"path_matcher\": \"allpaths\",\n }],\n path_matchers=[{\n \"name\": \"allpaths\",\n \"default_service\": default_region_backend_service.id,\n \"path_rules\": [{\n \"paths\": [\"/*\"],\n \"service\": default_region_backend_service.id,\n }],\n }])\ndefault = gcp.compute.RegionTargetHttpsProxy(\"default\",\n region=\"us-central1\",\n name=\"test-mtls-proxy\",\n url_map=default_region_url_map.id,\n ssl_certificates=[default_region_ssl_certificate.id],\n server_tls_policy=default_server_tls_policy.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var defaultTrustConfig = new Gcp.CertificateManager.TrustConfig(\"default\", new()\n {\n Location = \"us-central1\",\n Name = \"my-trust-config\",\n Description = \"sample description for trust config\",\n TrustStores = new[]\n {\n new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreArgs\n {\n TrustAnchors = new[]\n {\n new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreTrustAnchorArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/ca_cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n IntermediateCas = new[]\n {\n new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreIntermediateCaArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/ca_cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n },\n },\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n var defaultServerTlsPolicy = new Gcp.NetworkSecurity.ServerTlsPolicy(\"default\", new()\n {\n Location = \"us-central1\",\n Name = \"my-tls-policy\",\n Description = \"my description\",\n AllowOpen = false,\n MtlsPolicy = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyArgs\n {\n ClientValidationMode = \"REJECT_INVALID\",\n ClientValidationTrustConfig = Output.Tuple(project, defaultTrustConfig.Name).Apply(values =\u003e\n {\n var project = values.Item1;\n var name = values.Item2;\n return $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/locations/us-central1/trustConfigs/{name}\";\n }),\n },\n });\n\n var defaultRegionSslCertificate = new Gcp.Compute.RegionSslCertificate(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"my-certificate\",\n PrivateKey = Std.File.Invoke(new()\n {\n Input = \"path/to/private.key\",\n }).Apply(invoke =\u003e invoke.Result),\n Certificate = Std.File.Invoke(new()\n {\n Input = \"path/to/certificate.crt\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n var defaultRegionHealthCheck = new Gcp.Compute.RegionHealthCheck(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"http-health-check\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var defaultRegionBackendService = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"backend-service\",\n PortName = \"http\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n LoadBalancingScheme = \"INTERNAL_MANAGED\",\n HealthChecks = defaultRegionHealthCheck.Id,\n });\n\n var defaultRegionUrlMap = new Gcp.Compute.RegionUrlMap(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"url-map\",\n Description = \"a description\",\n DefaultService = defaultRegionBackendService.Id,\n HostRules = new[]\n {\n new Gcp.Compute.Inputs.RegionUrlMapHostRuleArgs\n {\n Hosts = new[]\n {\n \"mysite.com\",\n },\n PathMatcher = \"allpaths\",\n },\n },\n PathMatchers = new[]\n {\n new Gcp.Compute.Inputs.RegionUrlMapPathMatcherArgs\n {\n Name = \"allpaths\",\n DefaultService = defaultRegionBackendService.Id,\n PathRules = new[]\n {\n new Gcp.Compute.Inputs.RegionUrlMapPathMatcherPathRuleArgs\n {\n Paths = new[]\n {\n \"/*\",\n },\n Service = defaultRegionBackendService.Id,\n },\n },\n },\n },\n });\n\n var @default = new Gcp.Compute.RegionTargetHttpsProxy(\"default\", new()\n {\n Region = \"us-central1\",\n Name = \"test-mtls-proxy\",\n UrlMap = defaultRegionUrlMap.Id,\n SslCertificates = new[]\n {\n defaultRegionSslCertificate.Id,\n },\n ServerTlsPolicy = defaultServerTlsPolicy.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/ca_cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/ca_cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTrustConfig, err := certificatemanager.NewTrustConfig(ctx, \"default\", \u0026certificatemanager.TrustConfigArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"my-trust-config\"),\n\t\t\tDescription: pulumi.String(\"sample description for trust config\"),\n\t\t\tTrustStores: certificatemanager.TrustConfigTrustStoreArray{\n\t\t\t\t\u0026certificatemanager.TrustConfigTrustStoreArgs{\n\t\t\t\t\tTrustAnchors: certificatemanager.TrustConfigTrustStoreTrustAnchorArray{\n\t\t\t\t\t\t\u0026certificatemanager.TrustConfigTrustStoreTrustAnchorArgs{\n\t\t\t\t\t\t\tPemCertificate: pulumi.String(invokeFile.Result),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tIntermediateCas: certificatemanager.TrustConfigTrustStoreIntermediateCaArray{\n\t\t\t\t\t\t\u0026certificatemanager.TrustConfigTrustStoreIntermediateCaArgs{\n\t\t\t\t\t\t\tPemCertificate: pulumi.String(invokeFile1.Result),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultServerTlsPolicy, err := networksecurity.NewServerTlsPolicy(ctx, \"default\", \u0026networksecurity.ServerTlsPolicyArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"my-tls-policy\"),\n\t\t\tDescription: pulumi.String(\"my description\"),\n\t\t\tAllowOpen: pulumi.Bool(false),\n\t\t\tMtlsPolicy: \u0026networksecurity.ServerTlsPolicyMtlsPolicyArgs{\n\t\t\t\tClientValidationMode: pulumi.String(\"REJECT_INVALID\"),\n\t\t\t\tClientValidationTrustConfig: defaultTrustConfig.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"projects/%v/locations/us-central1/trustConfigs/%v\", project.Number, name), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile2, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"path/to/private.key\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile3, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"path/to/certificate.crt\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionSslCertificate, err := compute.NewRegionSslCertificate(ctx, \"default\", \u0026compute.RegionSslCertificateArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"my-certificate\"),\n\t\t\tPrivateKey: pulumi.String(invokeFile2.Result),\n\t\t\tCertificate: pulumi.String(invokeFile3.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionHealthCheck, err := compute.NewRegionHealthCheck(ctx, \"default\", \u0026compute.RegionHealthCheckArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"http-health-check\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tHttpHealthCheck: \u0026compute.RegionHealthCheckHttpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionBackendService, err := compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"backend-service\"),\n\t\t\tPortName: pulumi.String(\"http\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_MANAGED\"),\n\t\t\tHealthChecks: defaultRegionHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionUrlMap, err := compute.NewRegionUrlMap(ctx, \"default\", \u0026compute.RegionUrlMapArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"url-map\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tDefaultService: defaultRegionBackendService.ID(),\n\t\t\tHostRules: compute.RegionUrlMapHostRuleArray{\n\t\t\t\t\u0026compute.RegionUrlMapHostRuleArgs{\n\t\t\t\t\tHosts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"mysite.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tPathMatcher: pulumi.String(\"allpaths\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPathMatchers: compute.RegionUrlMapPathMatcherArray{\n\t\t\t\t\u0026compute.RegionUrlMapPathMatcherArgs{\n\t\t\t\t\tName: pulumi.String(\"allpaths\"),\n\t\t\t\t\tDefaultService: defaultRegionBackendService.ID(),\n\t\t\t\t\tPathRules: compute.RegionUrlMapPathMatcherPathRuleArray{\n\t\t\t\t\t\t\u0026compute.RegionUrlMapPathMatcherPathRuleArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"/*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tService: defaultRegionBackendService.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionTargetHttpsProxy(ctx, \"default\", \u0026compute.RegionTargetHttpsProxyArgs{\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tName: pulumi.String(\"test-mtls-proxy\"),\n\t\t\tUrlMap: defaultRegionUrlMap.ID(),\n\t\t\tSslCertificates: pulumi.StringArray{\n\t\t\t\tdefaultRegionSslCertificate.ID(),\n\t\t\t},\n\t\t\tServerTlsPolicy: defaultServerTlsPolicy.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.certificatemanager.TrustConfig;\nimport com.pulumi.gcp.certificatemanager.TrustConfigArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.TrustConfigTrustStoreArgs;\nimport com.pulumi.gcp.networksecurity.ServerTlsPolicy;\nimport com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;\nimport com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyMtlsPolicyArgs;\nimport com.pulumi.gcp.compute.RegionSslCertificate;\nimport com.pulumi.gcp.compute.RegionSslCertificateArgs;\nimport com.pulumi.gcp.compute.RegionHealthCheck;\nimport com.pulumi.gcp.compute.RegionHealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.RegionUrlMap;\nimport com.pulumi.gcp.compute.RegionUrlMapArgs;\nimport com.pulumi.gcp.compute.inputs.RegionUrlMapHostRuleArgs;\nimport com.pulumi.gcp.compute.inputs.RegionUrlMapPathMatcherArgs;\nimport com.pulumi.gcp.compute.RegionTargetHttpsProxy;\nimport com.pulumi.gcp.compute.RegionTargetHttpsProxyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var defaultTrustConfig = new TrustConfig(\"defaultTrustConfig\", TrustConfigArgs.builder()\n .location(\"us-central1\")\n .name(\"my-trust-config\")\n .description(\"sample description for trust config\")\n .trustStores(TrustConfigTrustStoreArgs.builder()\n .trustAnchors(TrustConfigTrustStoreTrustAnchorArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/ca_cert.pem\")\n .build()).result())\n .build())\n .intermediateCas(TrustConfigTrustStoreIntermediateCaArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/ca_cert.pem\")\n .build()).result())\n .build())\n .build())\n .labels(Map.of(\"foo\", \"bar\"))\n .build());\n\n var defaultServerTlsPolicy = new ServerTlsPolicy(\"defaultServerTlsPolicy\", ServerTlsPolicyArgs.builder()\n .location(\"us-central1\")\n .name(\"my-tls-policy\")\n .description(\"my description\")\n .allowOpen(\"false\")\n .mtlsPolicy(ServerTlsPolicyMtlsPolicyArgs.builder()\n .clientValidationMode(\"REJECT_INVALID\")\n .clientValidationTrustConfig(defaultTrustConfig.name().applyValue(name -\u003e String.format(\"projects/%s/locations/us-central1/trustConfigs/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number()),name)))\n .build())\n .build());\n\n var defaultRegionSslCertificate = new RegionSslCertificate(\"defaultRegionSslCertificate\", RegionSslCertificateArgs.builder()\n .region(\"us-central1\")\n .name(\"my-certificate\")\n .privateKey(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/private.key\")\n .build()).result())\n .certificate(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/certificate.crt\")\n .build()).result())\n .build());\n\n var defaultRegionHealthCheck = new RegionHealthCheck(\"defaultRegionHealthCheck\", RegionHealthCheckArgs.builder()\n .region(\"us-central1\")\n .name(\"http-health-check\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()\n .port(80)\n .build())\n .build());\n\n var defaultRegionBackendService = new RegionBackendService(\"defaultRegionBackendService\", RegionBackendServiceArgs.builder()\n .region(\"us-central1\")\n .name(\"backend-service\")\n .portName(\"http\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .loadBalancingScheme(\"INTERNAL_MANAGED\")\n .healthChecks(defaultRegionHealthCheck.id())\n .build());\n\n var defaultRegionUrlMap = new RegionUrlMap(\"defaultRegionUrlMap\", RegionUrlMapArgs.builder()\n .region(\"us-central1\")\n .name(\"url-map\")\n .description(\"a description\")\n .defaultService(defaultRegionBackendService.id())\n .hostRules(RegionUrlMapHostRuleArgs.builder()\n .hosts(\"mysite.com\")\n .pathMatcher(\"allpaths\")\n .build())\n .pathMatchers(RegionUrlMapPathMatcherArgs.builder()\n .name(\"allpaths\")\n .defaultService(defaultRegionBackendService.id())\n .pathRules(RegionUrlMapPathMatcherPathRuleArgs.builder()\n .paths(\"/*\")\n .service(defaultRegionBackendService.id())\n .build())\n .build())\n .build());\n\n var default_ = new RegionTargetHttpsProxy(\"default\", RegionTargetHttpsProxyArgs.builder()\n .region(\"us-central1\")\n .name(\"test-mtls-proxy\")\n .urlMap(defaultRegionUrlMap.id())\n .sslCertificates(defaultRegionSslCertificate.id())\n .serverTlsPolicy(defaultServerTlsPolicy.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionTargetHttpsProxy\n properties:\n region: us-central1\n name: test-mtls-proxy\n urlMap: ${defaultRegionUrlMap.id}\n sslCertificates:\n - ${defaultRegionSslCertificate.id}\n serverTlsPolicy: ${defaultServerTlsPolicy.id}\n defaultTrustConfig:\n type: gcp:certificatemanager:TrustConfig\n name: default\n properties:\n location: us-central1\n name: my-trust-config\n description: sample description for trust config\n trustStores:\n - trustAnchors:\n - pemCertificate:\n fn::invoke:\n function: std:file\n arguments:\n input: test-fixtures/ca_cert.pem\n return: result\n intermediateCas:\n - pemCertificate:\n fn::invoke:\n function: std:file\n arguments:\n input: test-fixtures/ca_cert.pem\n return: result\n labels:\n foo: bar\n defaultServerTlsPolicy:\n type: gcp:networksecurity:ServerTlsPolicy\n name: default\n properties:\n location: us-central1\n name: my-tls-policy\n description: my description\n allowOpen: 'false'\n mtlsPolicy:\n clientValidationMode: REJECT_INVALID\n clientValidationTrustConfig: projects/${project.number}/locations/us-central1/trustConfigs/${defaultTrustConfig.name}\n defaultRegionSslCertificate:\n type: gcp:compute:RegionSslCertificate\n name: default\n properties:\n region: us-central1\n name: my-certificate\n privateKey:\n fn::invoke:\n function: std:file\n arguments:\n input: path/to/private.key\n return: result\n certificate:\n fn::invoke:\n function: std:file\n arguments:\n input: path/to/certificate.crt\n return: result\n defaultRegionUrlMap:\n type: gcp:compute:RegionUrlMap\n name: default\n properties:\n region: us-central1\n name: url-map\n description: a description\n defaultService: ${defaultRegionBackendService.id}\n hostRules:\n - hosts:\n - mysite.com\n pathMatcher: allpaths\n pathMatchers:\n - name: allpaths\n defaultService: ${defaultRegionBackendService.id}\n pathRules:\n - paths:\n - /*\n service: ${defaultRegionBackendService.id}\n defaultRegionBackendService:\n type: gcp:compute:RegionBackendService\n name: default\n properties:\n region: us-central1\n name: backend-service\n portName: http\n protocol: HTTP\n timeoutSec: 10\n loadBalancingScheme: INTERNAL_MANAGED\n healthChecks: ${defaultRegionHealthCheck.id}\n defaultRegionHealthCheck:\n type: gcp:compute:RegionHealthCheck\n name: default\n properties:\n region: us-central1\n name: http-health-check\n checkIntervalSec: 1\n timeoutSec: 1\n httpHealthCheck:\n port: 80\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Target Https Proxy Certificate Manager Certificate\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst defaultCertificate = new gcp.certificatemanager.Certificate(\"default\", {\n name: \"my-certificate\",\n location: \"us-central1\",\n selfManaged: {\n pemCertificate: std.file({\n input: \"test-fixtures/cert.pem\",\n }).then(invoke =\u003e invoke.result),\n pemPrivateKey: std.file({\n input: \"test-fixtures/private-key.pem\",\n }).then(invoke =\u003e invoke.result),\n },\n});\nconst defaultRegionBackendService = new gcp.compute.RegionBackendService(\"default\", {\n name: \"backend-service\",\n region: \"us-central1\",\n protocol: \"HTTPS\",\n timeoutSec: 30,\n loadBalancingScheme: \"INTERNAL_MANAGED\",\n});\nconst defaultRegionUrlMap = new gcp.compute.RegionUrlMap(\"default\", {\n name: \"url-map\",\n defaultService: defaultRegionBackendService.id,\n region: \"us-central1\",\n});\nconst _default = new gcp.compute.RegionTargetHttpsProxy(\"default\", {\n name: \"target-http-proxy\",\n urlMap: defaultRegionUrlMap.id,\n certificateManagerCertificates: [pulumi.interpolate`//certificatemanager.googleapis.com/${defaultCertificate.id}`],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndefault_certificate = gcp.certificatemanager.Certificate(\"default\",\n name=\"my-certificate\",\n location=\"us-central1\",\n self_managed={\n \"pem_certificate\": std.file(input=\"test-fixtures/cert.pem\").result,\n \"pem_private_key\": std.file(input=\"test-fixtures/private-key.pem\").result,\n })\ndefault_region_backend_service = gcp.compute.RegionBackendService(\"default\",\n name=\"backend-service\",\n region=\"us-central1\",\n protocol=\"HTTPS\",\n timeout_sec=30,\n load_balancing_scheme=\"INTERNAL_MANAGED\")\ndefault_region_url_map = gcp.compute.RegionUrlMap(\"default\",\n name=\"url-map\",\n default_service=default_region_backend_service.id,\n region=\"us-central1\")\ndefault = gcp.compute.RegionTargetHttpsProxy(\"default\",\n name=\"target-http-proxy\",\n url_map=default_region_url_map.id,\n certificate_manager_certificates=[default_certificate.id.apply(lambda id: f\"//certificatemanager.googleapis.com/{id}\")])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultCertificate = new Gcp.CertificateManager.Certificate(\"default\", new()\n {\n Name = \"my-certificate\",\n Location = \"us-central1\",\n SelfManaged = new Gcp.CertificateManager.Inputs.CertificateSelfManagedArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n PemPrivateKey = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/private-key.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n });\n\n var defaultRegionBackendService = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n Name = \"backend-service\",\n Region = \"us-central1\",\n Protocol = \"HTTPS\",\n TimeoutSec = 30,\n LoadBalancingScheme = \"INTERNAL_MANAGED\",\n });\n\n var defaultRegionUrlMap = new Gcp.Compute.RegionUrlMap(\"default\", new()\n {\n Name = \"url-map\",\n DefaultService = defaultRegionBackendService.Id,\n Region = \"us-central1\",\n });\n\n var @default = new Gcp.Compute.RegionTargetHttpsProxy(\"default\", new()\n {\n Name = \"target-http-proxy\",\n UrlMap = defaultRegionUrlMap.Id,\n CertificateManagerCertificates = new[]\n {\n defaultCertificate.Id.Apply(id =\u003e $\"//certificatemanager.googleapis.com/{id}\"),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/private-key.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultCertificate, err := certificatemanager.NewCertificate(ctx, \"default\", \u0026certificatemanager.CertificateArgs{\n\t\t\tName: pulumi.String(\"my-certificate\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tSelfManaged: \u0026certificatemanager.CertificateSelfManagedArgs{\n\t\t\t\tPemCertificate: pulumi.String(invokeFile.Result),\n\t\t\t\tPemPrivateKey: pulumi.String(invokeFile1.Result),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionBackendService, err := compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"backend-service\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tProtocol: pulumi.String(\"HTTPS\"),\n\t\t\tTimeoutSec: pulumi.Int(30),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_MANAGED\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionUrlMap, err := compute.NewRegionUrlMap(ctx, \"default\", \u0026compute.RegionUrlMapArgs{\n\t\t\tName: pulumi.String(\"url-map\"),\n\t\t\tDefaultService: defaultRegionBackendService.ID(),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionTargetHttpsProxy(ctx, \"default\", \u0026compute.RegionTargetHttpsProxyArgs{\n\t\t\tName: pulumi.String(\"target-http-proxy\"),\n\t\t\tUrlMap: defaultRegionUrlMap.ID(),\n\t\t\tCertificateManagerCertificates: pulumi.StringArray{\n\t\t\t\tdefaultCertificate.ID().ApplyT(func(id string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"//certificatemanager.googleapis.com/%v\", id), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificatemanager.Certificate;\nimport com.pulumi.gcp.certificatemanager.CertificateArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.CertificateSelfManagedArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.RegionUrlMap;\nimport com.pulumi.gcp.compute.RegionUrlMapArgs;\nimport com.pulumi.gcp.compute.RegionTargetHttpsProxy;\nimport com.pulumi.gcp.compute.RegionTargetHttpsProxyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultCertificate = new Certificate(\"defaultCertificate\", CertificateArgs.builder()\n .name(\"my-certificate\")\n .location(\"us-central1\")\n .selfManaged(CertificateSelfManagedArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/cert.pem\")\n .build()).result())\n .pemPrivateKey(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/private-key.pem\")\n .build()).result())\n .build())\n .build());\n\n var defaultRegionBackendService = new RegionBackendService(\"defaultRegionBackendService\", RegionBackendServiceArgs.builder()\n .name(\"backend-service\")\n .region(\"us-central1\")\n .protocol(\"HTTPS\")\n .timeoutSec(30)\n .loadBalancingScheme(\"INTERNAL_MANAGED\")\n .build());\n\n var defaultRegionUrlMap = new RegionUrlMap(\"defaultRegionUrlMap\", RegionUrlMapArgs.builder()\n .name(\"url-map\")\n .defaultService(defaultRegionBackendService.id())\n .region(\"us-central1\")\n .build());\n\n var default_ = new RegionTargetHttpsProxy(\"default\", RegionTargetHttpsProxyArgs.builder()\n .name(\"target-http-proxy\")\n .urlMap(defaultRegionUrlMap.id())\n .certificateManagerCertificates(defaultCertificate.id().applyValue(id -\u003e String.format(\"//certificatemanager.googleapis.com/%s\", id)))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionTargetHttpsProxy\n properties:\n name: target-http-proxy\n urlMap: ${defaultRegionUrlMap.id}\n certificateManagerCertificates: # [google_certificate_manager_certificate.default.id] is also acceptable\n - //certificatemanager.googleapis.com/${defaultCertificate.id}\n defaultCertificate:\n type: gcp:certificatemanager:Certificate\n name: default\n properties:\n name: my-certificate\n location: us-central1\n selfManaged:\n pemCertificate:\n fn::invoke:\n function: std:file\n arguments:\n input: test-fixtures/cert.pem\n return: result\n pemPrivateKey:\n fn::invoke:\n function: std:file\n arguments:\n input: test-fixtures/private-key.pem\n return: result\n defaultRegionUrlMap:\n type: gcp:compute:RegionUrlMap\n name: default\n properties:\n name: url-map\n defaultService: ${defaultRegionBackendService.id}\n region: us-central1\n defaultRegionBackendService:\n type: gcp:compute:RegionBackendService\n name: default\n properties:\n name: backend-service\n region: us-central1\n protocol: HTTPS\n timeoutSec: 30\n loadBalancingScheme: INTERNAL_MANAGED\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRegionTargetHttpsProxy can be imported using any of these accepted formats:\n\n* `projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, RegionTargetHttpsProxy can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/regionTargetHttpsProxy:RegionTargetHttpsProxy default projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionTargetHttpsProxy:RegionTargetHttpsProxy default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionTargetHttpsProxy:RegionTargetHttpsProxy default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/regionTargetHttpsProxy:RegionTargetHttpsProxy default {{name}}\n```\n\n", "properties": { "certificateManagerCertificates": { "type": "array", @@ -179700,7 +179700,7 @@ } }, "gcp:compute/route:Route": { - "description": "Represents a Route resource.\n\nA route is a rule that specifies how certain packets should be handled by\nthe virtual network. Routes are associated with virtual machines by tag,\nand the set of routes for a particular virtual machine is called its\nrouting table. For each packet leaving a virtual machine, the system\nsearches that virtual machine's routing table for a single best matching\nroute.\n\nRoutes match packets by destination IP address, preferring smaller or more\nspecific ranges over larger ones. If there is a tie, the system selects\nthe route with the smallest priority value. If there is still a tie, it\nuses the layer three and four packet headers to select just one of the\nremaining matching routes. The packet is then forwarded as specified by\nthe next_hop field of the winning route -- either to another virtual\nmachine destination, a virtual machine gateway or a Compute\nEngine-operated gateway. Packets that do not match any route in the\nsending virtual machine's routing table will be dropped.\n\nA Route resource must have exactly one specification of either\nnextHopGateway, nextHopInstance, nextHopIp, nextHopVpnTunnel, or\nnextHopIlb.\n\n\nTo get more information about Route, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/routes)\n* How-to Guides\n * [Using Routes](https://cloud.google.com/vpc/docs/using-routes)\n\n## Example Usage\n\n### Route Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultNetwork = new gcp.compute.Network(\"default\", {name: \"compute-network\"});\nconst _default = new gcp.compute.Route(\"default\", {\n name: \"network-route\",\n destRange: \"15.0.0.0/24\",\n network: defaultNetwork.name,\n nextHopIp: \"10.132.1.5\",\n priority: 100,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_network = gcp.compute.Network(\"default\", name=\"compute-network\")\ndefault = gcp.compute.Route(\"default\",\n name=\"network-route\",\n dest_range=\"15.0.0.0/24\",\n network=default_network.name,\n next_hop_ip=\"10.132.1.5\",\n priority=100)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"compute-network\",\n });\n\n var @default = new Gcp.Compute.Route(\"default\", new()\n {\n Name = \"network-route\",\n DestRange = \"15.0.0.0/24\",\n Network = defaultNetwork.Name,\n NextHopIp = \"10.132.1.5\",\n Priority = 100,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"compute-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRoute(ctx, \"default\", \u0026compute.RouteArgs{\n\t\t\tName: pulumi.String(\"network-route\"),\n\t\t\tDestRange: pulumi.String(\"15.0.0.0/24\"),\n\t\t\tNetwork: defaultNetwork.Name,\n\t\t\tNextHopIp: pulumi.String(\"10.132.1.5\"),\n\t\t\tPriority: pulumi.Int(100),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Route;\nimport com.pulumi.gcp.compute.RouteArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"compute-network\")\n .build());\n\n var default_ = new Route(\"default\", RouteArgs.builder()\n .name(\"network-route\")\n .destRange(\"15.0.0.0/24\")\n .network(defaultNetwork.name())\n .nextHopIp(\"10.132.1.5\")\n .priority(100)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:Route\n properties:\n name: network-route\n destRange: 15.0.0.0/24\n network: ${defaultNetwork.name}\n nextHopIp: 10.132.1.5\n priority: 100\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: compute-network\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Route Ilb\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.Network(\"default\", {\n name: \"compute-network\",\n autoCreateSubnetworks: false,\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"compute-subnet\",\n ipCidrRange: \"10.0.1.0/24\",\n region: \"us-central1\",\n network: _default.id,\n});\nconst hc = new gcp.compute.HealthCheck(\"hc\", {\n name: \"proxy-health-check\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst backend = new gcp.compute.RegionBackendService(\"backend\", {\n name: \"compute-backend\",\n region: \"us-central1\",\n healthChecks: hc.id,\n});\nconst defaultForwardingRule = new gcp.compute.ForwardingRule(\"default\", {\n name: \"compute-forwarding-rule\",\n region: \"us-central1\",\n loadBalancingScheme: \"INTERNAL\",\n backendService: backend.id,\n allPorts: true,\n network: _default.name,\n subnetwork: defaultSubnetwork.name,\n});\nconst route_ilb = new gcp.compute.Route(\"route-ilb\", {\n name: \"route-ilb\",\n destRange: \"0.0.0.0/0\",\n network: _default.name,\n nextHopIlb: defaultForwardingRule.id,\n priority: 2000,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.Network(\"default\",\n name=\"compute-network\",\n auto_create_subnetworks=False)\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"compute-subnet\",\n ip_cidr_range=\"10.0.1.0/24\",\n region=\"us-central1\",\n network=default.id)\nhc = gcp.compute.HealthCheck(\"hc\",\n name=\"proxy-health-check\",\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\nbackend = gcp.compute.RegionBackendService(\"backend\",\n name=\"compute-backend\",\n region=\"us-central1\",\n health_checks=hc.id)\ndefault_forwarding_rule = gcp.compute.ForwardingRule(\"default\",\n name=\"compute-forwarding-rule\",\n region=\"us-central1\",\n load_balancing_scheme=\"INTERNAL\",\n backend_service=backend.id,\n all_ports=True,\n network=default.name,\n subnetwork=default_subnetwork.name)\nroute_ilb = gcp.compute.Route(\"route-ilb\",\n name=\"route-ilb\",\n dest_range=\"0.0.0.0/0\",\n network=default.name,\n next_hop_ilb=default_forwarding_rule.id,\n priority=2000)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"compute-network\",\n AutoCreateSubnetworks = false,\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"compute-subnet\",\n IpCidrRange = \"10.0.1.0/24\",\n Region = \"us-central1\",\n Network = @default.Id,\n });\n\n var hc = new Gcp.Compute.HealthCheck(\"hc\", new()\n {\n Name = \"proxy-health-check\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var backend = new Gcp.Compute.RegionBackendService(\"backend\", new()\n {\n Name = \"compute-backend\",\n Region = \"us-central1\",\n HealthChecks = hc.Id,\n });\n\n var defaultForwardingRule = new Gcp.Compute.ForwardingRule(\"default\", new()\n {\n Name = \"compute-forwarding-rule\",\n Region = \"us-central1\",\n LoadBalancingScheme = \"INTERNAL\",\n BackendService = backend.Id,\n AllPorts = true,\n Network = @default.Name,\n Subnetwork = defaultSubnetwork.Name,\n });\n\n var route_ilb = new Gcp.Compute.Route(\"route-ilb\", new()\n {\n Name = \"route-ilb\",\n DestRange = \"0.0.0.0/0\",\n Network = @default.Name,\n NextHopIlb = defaultForwardingRule.Id,\n Priority = 2000,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"compute-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"compute-subnet\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.1.0/24\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\thc, err := compute.NewHealthCheck(ctx, \"hc\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"proxy-health-check\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbackend, err := compute.NewRegionBackendService(ctx, \"backend\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"compute-backend\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHealthChecks: hc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultForwardingRule, err := compute.NewForwardingRule(ctx, \"default\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"compute-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL\"),\n\t\t\tBackendService: backend.ID(),\n\t\t\tAllPorts: pulumi.Bool(true),\n\t\t\tNetwork: _default.Name,\n\t\t\tSubnetwork: defaultSubnetwork.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRoute(ctx, \"route-ilb\", \u0026compute.RouteArgs{\n\t\t\tName: pulumi.String(\"route-ilb\"),\n\t\t\tDestRange: pulumi.String(\"0.0.0.0/0\"),\n\t\t\tNetwork: _default.Name,\n\t\t\tNextHopIlb: defaultForwardingRule.ID(),\n\t\t\tPriority: pulumi.Int(2000),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.compute.Route;\nimport com.pulumi.gcp.compute.RouteArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"compute-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"compute-subnet\")\n .ipCidrRange(\"10.0.1.0/24\")\n .region(\"us-central1\")\n .network(default_.id())\n .build());\n\n var hc = new HealthCheck(\"hc\", HealthCheckArgs.builder()\n .name(\"proxy-health-check\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n var backend = new RegionBackendService(\"backend\", RegionBackendServiceArgs.builder()\n .name(\"compute-backend\")\n .region(\"us-central1\")\n .healthChecks(hc.id())\n .build());\n\n var defaultForwardingRule = new ForwardingRule(\"defaultForwardingRule\", ForwardingRuleArgs.builder()\n .name(\"compute-forwarding-rule\")\n .region(\"us-central1\")\n .loadBalancingScheme(\"INTERNAL\")\n .backendService(backend.id())\n .allPorts(true)\n .network(default_.name())\n .subnetwork(defaultSubnetwork.name())\n .build());\n\n var route_ilb = new Route(\"route-ilb\", RouteArgs.builder()\n .name(\"route-ilb\")\n .destRange(\"0.0.0.0/0\")\n .network(default_.name())\n .nextHopIlb(defaultForwardingRule.id())\n .priority(2000)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:Network\n properties:\n name: compute-network\n autoCreateSubnetworks: false\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: compute-subnet\n ipCidrRange: 10.0.1.0/24\n region: us-central1\n network: ${default.id}\n hc:\n type: gcp:compute:HealthCheck\n properties:\n name: proxy-health-check\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\n backend:\n type: gcp:compute:RegionBackendService\n properties:\n name: compute-backend\n region: us-central1\n healthChecks: ${hc.id}\n defaultForwardingRule:\n type: gcp:compute:ForwardingRule\n name: default\n properties:\n name: compute-forwarding-rule\n region: us-central1\n loadBalancingScheme: INTERNAL\n backendService: ${backend.id}\n allPorts: true\n network: ${default.name}\n subnetwork: ${defaultSubnetwork.name}\n route-ilb:\n type: gcp:compute:Route\n properties:\n name: route-ilb\n destRange: 0.0.0.0/0\n network: ${default.name}\n nextHopIlb: ${defaultForwardingRule.id}\n priority: 2000\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Route Ilb Vip\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst producer = new gcp.compute.Network(\"producer\", {\n name: \"producer-vpc\",\n autoCreateSubnetworks: false,\n});\nconst producerSubnetwork = new gcp.compute.Subnetwork(\"producer\", {\n name: \"producer-subnet\",\n ipCidrRange: \"10.0.1.0/24\",\n region: \"us-central1\",\n network: producer.id,\n});\nconst consumer = new gcp.compute.Network(\"consumer\", {\n name: \"consumer-vpc\",\n autoCreateSubnetworks: false,\n});\nconst consumerSubnetwork = new gcp.compute.Subnetwork(\"consumer\", {\n name: \"consumer-subnet\",\n ipCidrRange: \"10.0.2.0/24\",\n region: \"us-central1\",\n network: consumer.id,\n});\nconst peering1 = new gcp.compute.NetworkPeering(\"peering1\", {\n name: \"peering-producer-to-consumer\",\n network: consumer.id,\n peerNetwork: producer.id,\n});\nconst peering2 = new gcp.compute.NetworkPeering(\"peering2\", {\n name: \"peering-consumer-to-producer\",\n network: producer.id,\n peerNetwork: consumer.id,\n});\nconst hc = new gcp.compute.HealthCheck(\"hc\", {\n name: \"proxy-health-check\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst backend = new gcp.compute.RegionBackendService(\"backend\", {\n name: \"compute-backend\",\n region: \"us-central1\",\n healthChecks: hc.id,\n});\nconst _default = new gcp.compute.ForwardingRule(\"default\", {\n name: \"compute-forwarding-rule\",\n region: \"us-central1\",\n loadBalancingScheme: \"INTERNAL\",\n backendService: backend.id,\n allPorts: true,\n network: producer.name,\n subnetwork: producerSubnetwork.name,\n});\nconst route_ilb = new gcp.compute.Route(\"route-ilb\", {\n name: \"route-ilb\",\n destRange: \"0.0.0.0/0\",\n network: consumer.name,\n nextHopIlb: _default.ipAddress,\n priority: 2000,\n tags: [\n \"tag1\",\n \"tag2\",\n ],\n}, {\n dependsOn: [\n peering1,\n peering2,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproducer = gcp.compute.Network(\"producer\",\n name=\"producer-vpc\",\n auto_create_subnetworks=False)\nproducer_subnetwork = gcp.compute.Subnetwork(\"producer\",\n name=\"producer-subnet\",\n ip_cidr_range=\"10.0.1.0/24\",\n region=\"us-central1\",\n network=producer.id)\nconsumer = gcp.compute.Network(\"consumer\",\n name=\"consumer-vpc\",\n auto_create_subnetworks=False)\nconsumer_subnetwork = gcp.compute.Subnetwork(\"consumer\",\n name=\"consumer-subnet\",\n ip_cidr_range=\"10.0.2.0/24\",\n region=\"us-central1\",\n network=consumer.id)\npeering1 = gcp.compute.NetworkPeering(\"peering1\",\n name=\"peering-producer-to-consumer\",\n network=consumer.id,\n peer_network=producer.id)\npeering2 = gcp.compute.NetworkPeering(\"peering2\",\n name=\"peering-consumer-to-producer\",\n network=producer.id,\n peer_network=consumer.id)\nhc = gcp.compute.HealthCheck(\"hc\",\n name=\"proxy-health-check\",\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\nbackend = gcp.compute.RegionBackendService(\"backend\",\n name=\"compute-backend\",\n region=\"us-central1\",\n health_checks=hc.id)\ndefault = gcp.compute.ForwardingRule(\"default\",\n name=\"compute-forwarding-rule\",\n region=\"us-central1\",\n load_balancing_scheme=\"INTERNAL\",\n backend_service=backend.id,\n all_ports=True,\n network=producer.name,\n subnetwork=producer_subnetwork.name)\nroute_ilb = gcp.compute.Route(\"route-ilb\",\n name=\"route-ilb\",\n dest_range=\"0.0.0.0/0\",\n network=consumer.name,\n next_hop_ilb=default.ip_address,\n priority=2000,\n tags=[\n \"tag1\",\n \"tag2\",\n ],\n opts = pulumi.ResourceOptions(depends_on=[\n peering1,\n peering2,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var producer = new Gcp.Compute.Network(\"producer\", new()\n {\n Name = \"producer-vpc\",\n AutoCreateSubnetworks = false,\n });\n\n var producerSubnetwork = new Gcp.Compute.Subnetwork(\"producer\", new()\n {\n Name = \"producer-subnet\",\n IpCidrRange = \"10.0.1.0/24\",\n Region = \"us-central1\",\n Network = producer.Id,\n });\n\n var consumer = new Gcp.Compute.Network(\"consumer\", new()\n {\n Name = \"consumer-vpc\",\n AutoCreateSubnetworks = false,\n });\n\n var consumerSubnetwork = new Gcp.Compute.Subnetwork(\"consumer\", new()\n {\n Name = \"consumer-subnet\",\n IpCidrRange = \"10.0.2.0/24\",\n Region = \"us-central1\",\n Network = consumer.Id,\n });\n\n var peering1 = new Gcp.Compute.NetworkPeering(\"peering1\", new()\n {\n Name = \"peering-producer-to-consumer\",\n Network = consumer.Id,\n PeerNetwork = producer.Id,\n });\n\n var peering2 = new Gcp.Compute.NetworkPeering(\"peering2\", new()\n {\n Name = \"peering-consumer-to-producer\",\n Network = producer.Id,\n PeerNetwork = consumer.Id,\n });\n\n var hc = new Gcp.Compute.HealthCheck(\"hc\", new()\n {\n Name = \"proxy-health-check\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var backend = new Gcp.Compute.RegionBackendService(\"backend\", new()\n {\n Name = \"compute-backend\",\n Region = \"us-central1\",\n HealthChecks = hc.Id,\n });\n\n var @default = new Gcp.Compute.ForwardingRule(\"default\", new()\n {\n Name = \"compute-forwarding-rule\",\n Region = \"us-central1\",\n LoadBalancingScheme = \"INTERNAL\",\n BackendService = backend.Id,\n AllPorts = true,\n Network = producer.Name,\n Subnetwork = producerSubnetwork.Name,\n });\n\n var route_ilb = new Gcp.Compute.Route(\"route-ilb\", new()\n {\n Name = \"route-ilb\",\n DestRange = \"0.0.0.0/0\",\n Network = consumer.Name,\n NextHopIlb = @default.IpAddress,\n Priority = 2000,\n Tags = new[]\n {\n \"tag1\",\n \"tag2\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n peering1,\n peering2,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproducer, err := compute.NewNetwork(ctx, \"producer\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"producer-vpc\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerSubnetwork, err := compute.NewSubnetwork(ctx, \"producer\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"producer-subnet\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.1.0/24\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: producer.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tconsumer, err := compute.NewNetwork(ctx, \"consumer\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"consumer-vpc\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetwork(ctx, \"consumer\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"consumer-subnet\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.2.0/24\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: consumer.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeering1, err := compute.NewNetworkPeering(ctx, \"peering1\", \u0026compute.NetworkPeeringArgs{\n\t\t\tName: pulumi.String(\"peering-producer-to-consumer\"),\n\t\t\tNetwork: consumer.ID(),\n\t\t\tPeerNetwork: producer.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeering2, err := compute.NewNetworkPeering(ctx, \"peering2\", \u0026compute.NetworkPeeringArgs{\n\t\t\tName: pulumi.String(\"peering-consumer-to-producer\"),\n\t\t\tNetwork: producer.ID(),\n\t\t\tPeerNetwork: consumer.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\thc, err := compute.NewHealthCheck(ctx, \"hc\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"proxy-health-check\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbackend, err := compute.NewRegionBackendService(ctx, \"backend\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"compute-backend\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHealthChecks: hc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewForwardingRule(ctx, \"default\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"compute-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL\"),\n\t\t\tBackendService: backend.ID(),\n\t\t\tAllPorts: pulumi.Bool(true),\n\t\t\tNetwork: producer.Name,\n\t\t\tSubnetwork: producerSubnetwork.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRoute(ctx, \"route-ilb\", \u0026compute.RouteArgs{\n\t\t\tName: pulumi.String(\"route-ilb\"),\n\t\t\tDestRange: pulumi.String(\"0.0.0.0/0\"),\n\t\t\tNetwork: consumer.Name,\n\t\t\tNextHopIlb: _default.IpAddress,\n\t\t\tPriority: pulumi.Int(2000),\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"tag1\"),\n\t\t\t\tpulumi.String(\"tag2\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tpeering1,\n\t\t\tpeering2,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.NetworkPeering;\nimport com.pulumi.gcp.compute.NetworkPeeringArgs;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.compute.Route;\nimport com.pulumi.gcp.compute.RouteArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var producer = new Network(\"producer\", NetworkArgs.builder()\n .name(\"producer-vpc\")\n .autoCreateSubnetworks(false)\n .build());\n\n var producerSubnetwork = new Subnetwork(\"producerSubnetwork\", SubnetworkArgs.builder()\n .name(\"producer-subnet\")\n .ipCidrRange(\"10.0.1.0/24\")\n .region(\"us-central1\")\n .network(producer.id())\n .build());\n\n var consumer = new Network(\"consumer\", NetworkArgs.builder()\n .name(\"consumer-vpc\")\n .autoCreateSubnetworks(false)\n .build());\n\n var consumerSubnetwork = new Subnetwork(\"consumerSubnetwork\", SubnetworkArgs.builder()\n .name(\"consumer-subnet\")\n .ipCidrRange(\"10.0.2.0/24\")\n .region(\"us-central1\")\n .network(consumer.id())\n .build());\n\n var peering1 = new NetworkPeering(\"peering1\", NetworkPeeringArgs.builder()\n .name(\"peering-producer-to-consumer\")\n .network(consumer.id())\n .peerNetwork(producer.id())\n .build());\n\n var peering2 = new NetworkPeering(\"peering2\", NetworkPeeringArgs.builder()\n .name(\"peering-consumer-to-producer\")\n .network(producer.id())\n .peerNetwork(consumer.id())\n .build());\n\n var hc = new HealthCheck(\"hc\", HealthCheckArgs.builder()\n .name(\"proxy-health-check\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n var backend = new RegionBackendService(\"backend\", RegionBackendServiceArgs.builder()\n .name(\"compute-backend\")\n .region(\"us-central1\")\n .healthChecks(hc.id())\n .build());\n\n var default_ = new ForwardingRule(\"default\", ForwardingRuleArgs.builder()\n .name(\"compute-forwarding-rule\")\n .region(\"us-central1\")\n .loadBalancingScheme(\"INTERNAL\")\n .backendService(backend.id())\n .allPorts(true)\n .network(producer.name())\n .subnetwork(producerSubnetwork.name())\n .build());\n\n var route_ilb = new Route(\"route-ilb\", RouteArgs.builder()\n .name(\"route-ilb\")\n .destRange(\"0.0.0.0/0\")\n .network(consumer.name())\n .nextHopIlb(default_.ipAddress())\n .priority(2000)\n .tags( \n \"tag1\",\n \"tag2\")\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n peering1,\n peering2)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n producer:\n type: gcp:compute:Network\n properties:\n name: producer-vpc\n autoCreateSubnetworks: false\n producerSubnetwork:\n type: gcp:compute:Subnetwork\n name: producer\n properties:\n name: producer-subnet\n ipCidrRange: 10.0.1.0/24\n region: us-central1\n network: ${producer.id}\n consumer:\n type: gcp:compute:Network\n properties:\n name: consumer-vpc\n autoCreateSubnetworks: false\n consumerSubnetwork:\n type: gcp:compute:Subnetwork\n name: consumer\n properties:\n name: consumer-subnet\n ipCidrRange: 10.0.2.0/24\n region: us-central1\n network: ${consumer.id}\n peering1:\n type: gcp:compute:NetworkPeering\n properties:\n name: peering-producer-to-consumer\n network: ${consumer.id}\n peerNetwork: ${producer.id}\n peering2:\n type: gcp:compute:NetworkPeering\n properties:\n name: peering-consumer-to-producer\n network: ${producer.id}\n peerNetwork: ${consumer.id}\n hc:\n type: gcp:compute:HealthCheck\n properties:\n name: proxy-health-check\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\n backend:\n type: gcp:compute:RegionBackendService\n properties:\n name: compute-backend\n region: us-central1\n healthChecks: ${hc.id}\n default:\n type: gcp:compute:ForwardingRule\n properties:\n name: compute-forwarding-rule\n region: us-central1\n loadBalancingScheme: INTERNAL\n backendService: ${backend.id}\n allPorts: true\n network: ${producer.name}\n subnetwork: ${producerSubnetwork.name}\n route-ilb:\n type: gcp:compute:Route\n properties:\n name: route-ilb\n destRange: 0.0.0.0/0\n network: ${consumer.name}\n nextHopIlb: ${default.ipAddress}\n priority: 2000\n tags:\n - tag1\n - tag2\n options:\n dependson:\n - ${peering1}\n - ${peering2}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRoute can be imported using any of these accepted formats:\n\n* `projects/{{project}}/global/routes/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Route can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/route:Route default projects/{{project}}/global/routes/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/route:Route default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/route:Route default {{name}}\n```\n\n", + "description": "Represents a Route resource.\n\nA route is a rule that specifies how certain packets should be handled by\nthe virtual network. Routes are associated with virtual machines by tag,\nand the set of routes for a particular virtual machine is called its\nrouting table. For each packet leaving a virtual machine, the system\nsearches that virtual machine's routing table for a single best matching\nroute.\n\nRoutes match packets by destination IP address, preferring smaller or more\nspecific ranges over larger ones. If there is a tie, the system selects\nthe route with the smallest priority value. If there is still a tie, it\nuses the layer three and four packet headers to select just one of the\nremaining matching routes. The packet is then forwarded as specified by\nthe next_hop field of the winning route -- either to another virtual\nmachine destination, a virtual machine gateway or a Compute\nEngine-operated gateway. Packets that do not match any route in the\nsending virtual machine's routing table will be dropped.\n\nA Route resource must have exactly one specification of either\nnextHopGateway, nextHopInstance, nextHopIp, nextHopVpnTunnel, or\nnextHopIlb.\n\n\nTo get more information about Route, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/routes)\n* How-to Guides\n * [Using Routes](https://cloud.google.com/vpc/docs/using-routes)\n\n## Example Usage\n\n### Route Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultNetwork = new gcp.compute.Network(\"default\", {name: \"compute-network\"});\nconst _default = new gcp.compute.Route(\"default\", {\n name: \"network-route\",\n destRange: \"15.0.0.0/24\",\n network: defaultNetwork.name,\n nextHopIp: \"10.132.1.5\",\n priority: 100,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_network = gcp.compute.Network(\"default\", name=\"compute-network\")\ndefault = gcp.compute.Route(\"default\",\n name=\"network-route\",\n dest_range=\"15.0.0.0/24\",\n network=default_network.name,\n next_hop_ip=\"10.132.1.5\",\n priority=100)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"compute-network\",\n });\n\n var @default = new Gcp.Compute.Route(\"default\", new()\n {\n Name = \"network-route\",\n DestRange = \"15.0.0.0/24\",\n Network = defaultNetwork.Name,\n NextHopIp = \"10.132.1.5\",\n Priority = 100,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"compute-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRoute(ctx, \"default\", \u0026compute.RouteArgs{\n\t\t\tName: pulumi.String(\"network-route\"),\n\t\t\tDestRange: pulumi.String(\"15.0.0.0/24\"),\n\t\t\tNetwork: defaultNetwork.Name,\n\t\t\tNextHopIp: pulumi.String(\"10.132.1.5\"),\n\t\t\tPriority: pulumi.Int(100),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Route;\nimport com.pulumi.gcp.compute.RouteArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"compute-network\")\n .build());\n\n var default_ = new Route(\"default\", RouteArgs.builder()\n .name(\"network-route\")\n .destRange(\"15.0.0.0/24\")\n .network(defaultNetwork.name())\n .nextHopIp(\"10.132.1.5\")\n .priority(100)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:Route\n properties:\n name: network-route\n destRange: 15.0.0.0/24\n network: ${defaultNetwork.name}\n nextHopIp: 10.132.1.5\n priority: 100\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: compute-network\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Route Ilb\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.Network(\"default\", {\n name: \"compute-network\",\n autoCreateSubnetworks: false,\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"compute-subnet\",\n ipCidrRange: \"10.0.1.0/24\",\n region: \"us-central1\",\n network: _default.id,\n});\nconst hc = new gcp.compute.HealthCheck(\"hc\", {\n name: \"proxy-health-check\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst backend = new gcp.compute.RegionBackendService(\"backend\", {\n name: \"compute-backend\",\n region: \"us-central1\",\n healthChecks: hc.id,\n});\nconst defaultForwardingRule = new gcp.compute.ForwardingRule(\"default\", {\n name: \"compute-forwarding-rule\",\n region: \"us-central1\",\n loadBalancingScheme: \"INTERNAL\",\n backendService: backend.id,\n allPorts: true,\n network: _default.name,\n subnetwork: defaultSubnetwork.name,\n});\nconst route_ilb = new gcp.compute.Route(\"route-ilb\", {\n name: \"route-ilb\",\n destRange: \"0.0.0.0/0\",\n network: _default.name,\n nextHopIlb: defaultForwardingRule.id,\n priority: 2000,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.Network(\"default\",\n name=\"compute-network\",\n auto_create_subnetworks=False)\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"compute-subnet\",\n ip_cidr_range=\"10.0.1.0/24\",\n region=\"us-central1\",\n network=default.id)\nhc = gcp.compute.HealthCheck(\"hc\",\n name=\"proxy-health-check\",\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\nbackend = gcp.compute.RegionBackendService(\"backend\",\n name=\"compute-backend\",\n region=\"us-central1\",\n health_checks=hc.id)\ndefault_forwarding_rule = gcp.compute.ForwardingRule(\"default\",\n name=\"compute-forwarding-rule\",\n region=\"us-central1\",\n load_balancing_scheme=\"INTERNAL\",\n backend_service=backend.id,\n all_ports=True,\n network=default.name,\n subnetwork=default_subnetwork.name)\nroute_ilb = gcp.compute.Route(\"route-ilb\",\n name=\"route-ilb\",\n dest_range=\"0.0.0.0/0\",\n network=default.name,\n next_hop_ilb=default_forwarding_rule.id,\n priority=2000)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"compute-network\",\n AutoCreateSubnetworks = false,\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"compute-subnet\",\n IpCidrRange = \"10.0.1.0/24\",\n Region = \"us-central1\",\n Network = @default.Id,\n });\n\n var hc = new Gcp.Compute.HealthCheck(\"hc\", new()\n {\n Name = \"proxy-health-check\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var backend = new Gcp.Compute.RegionBackendService(\"backend\", new()\n {\n Name = \"compute-backend\",\n Region = \"us-central1\",\n HealthChecks = hc.Id,\n });\n\n var defaultForwardingRule = new Gcp.Compute.ForwardingRule(\"default\", new()\n {\n Name = \"compute-forwarding-rule\",\n Region = \"us-central1\",\n LoadBalancingScheme = \"INTERNAL\",\n BackendService = backend.Id,\n AllPorts = true,\n Network = @default.Name,\n Subnetwork = defaultSubnetwork.Name,\n });\n\n var route_ilb = new Gcp.Compute.Route(\"route-ilb\", new()\n {\n Name = \"route-ilb\",\n DestRange = \"0.0.0.0/0\",\n Network = @default.Name,\n NextHopIlb = defaultForwardingRule.Id,\n Priority = 2000,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"compute-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"compute-subnet\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.1.0/24\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\thc, err := compute.NewHealthCheck(ctx, \"hc\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"proxy-health-check\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbackend, err := compute.NewRegionBackendService(ctx, \"backend\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"compute-backend\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHealthChecks: hc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultForwardingRule, err := compute.NewForwardingRule(ctx, \"default\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"compute-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL\"),\n\t\t\tBackendService: backend.ID(),\n\t\t\tAllPorts: pulumi.Bool(true),\n\t\t\tNetwork: _default.Name,\n\t\t\tSubnetwork: defaultSubnetwork.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRoute(ctx, \"route-ilb\", \u0026compute.RouteArgs{\n\t\t\tName: pulumi.String(\"route-ilb\"),\n\t\t\tDestRange: pulumi.String(\"0.0.0.0/0\"),\n\t\t\tNetwork: _default.Name,\n\t\t\tNextHopIlb: defaultForwardingRule.ID(),\n\t\t\tPriority: pulumi.Int(2000),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.compute.Route;\nimport com.pulumi.gcp.compute.RouteArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"compute-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"compute-subnet\")\n .ipCidrRange(\"10.0.1.0/24\")\n .region(\"us-central1\")\n .network(default_.id())\n .build());\n\n var hc = new HealthCheck(\"hc\", HealthCheckArgs.builder()\n .name(\"proxy-health-check\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n var backend = new RegionBackendService(\"backend\", RegionBackendServiceArgs.builder()\n .name(\"compute-backend\")\n .region(\"us-central1\")\n .healthChecks(hc.id())\n .build());\n\n var defaultForwardingRule = new ForwardingRule(\"defaultForwardingRule\", ForwardingRuleArgs.builder()\n .name(\"compute-forwarding-rule\")\n .region(\"us-central1\")\n .loadBalancingScheme(\"INTERNAL\")\n .backendService(backend.id())\n .allPorts(true)\n .network(default_.name())\n .subnetwork(defaultSubnetwork.name())\n .build());\n\n var route_ilb = new Route(\"route-ilb\", RouteArgs.builder()\n .name(\"route-ilb\")\n .destRange(\"0.0.0.0/0\")\n .network(default_.name())\n .nextHopIlb(defaultForwardingRule.id())\n .priority(2000)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:Network\n properties:\n name: compute-network\n autoCreateSubnetworks: false\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: compute-subnet\n ipCidrRange: 10.0.1.0/24\n region: us-central1\n network: ${default.id}\n hc:\n type: gcp:compute:HealthCheck\n properties:\n name: proxy-health-check\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\n backend:\n type: gcp:compute:RegionBackendService\n properties:\n name: compute-backend\n region: us-central1\n healthChecks: ${hc.id}\n defaultForwardingRule:\n type: gcp:compute:ForwardingRule\n name: default\n properties:\n name: compute-forwarding-rule\n region: us-central1\n loadBalancingScheme: INTERNAL\n backendService: ${backend.id}\n allPorts: true\n network: ${default.name}\n subnetwork: ${defaultSubnetwork.name}\n route-ilb:\n type: gcp:compute:Route\n properties:\n name: route-ilb\n destRange: 0.0.0.0/0\n network: ${default.name}\n nextHopIlb: ${defaultForwardingRule.id}\n priority: 2000\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Route Ilb Vip\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst producer = new gcp.compute.Network(\"producer\", {\n name: \"producer-vpc\",\n autoCreateSubnetworks: false,\n});\nconst producerSubnetwork = new gcp.compute.Subnetwork(\"producer\", {\n name: \"producer-subnet\",\n ipCidrRange: \"10.0.1.0/24\",\n region: \"us-central1\",\n network: producer.id,\n});\nconst consumer = new gcp.compute.Network(\"consumer\", {\n name: \"consumer-vpc\",\n autoCreateSubnetworks: false,\n});\nconst consumerSubnetwork = new gcp.compute.Subnetwork(\"consumer\", {\n name: \"consumer-subnet\",\n ipCidrRange: \"10.0.2.0/24\",\n region: \"us-central1\",\n network: consumer.id,\n});\nconst peering1 = new gcp.compute.NetworkPeering(\"peering1\", {\n name: \"peering-producer-to-consumer\",\n network: consumer.id,\n peerNetwork: producer.id,\n});\nconst peering2 = new gcp.compute.NetworkPeering(\"peering2\", {\n name: \"peering-consumer-to-producer\",\n network: producer.id,\n peerNetwork: consumer.id,\n});\nconst hc = new gcp.compute.HealthCheck(\"hc\", {\n name: \"proxy-health-check\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst backend = new gcp.compute.RegionBackendService(\"backend\", {\n name: \"compute-backend\",\n region: \"us-central1\",\n healthChecks: hc.id,\n});\nconst _default = new gcp.compute.ForwardingRule(\"default\", {\n name: \"compute-forwarding-rule\",\n region: \"us-central1\",\n loadBalancingScheme: \"INTERNAL\",\n backendService: backend.id,\n allPorts: true,\n network: producer.name,\n subnetwork: producerSubnetwork.name,\n});\nconst route_ilb = new gcp.compute.Route(\"route-ilb\", {\n name: \"route-ilb\",\n destRange: \"0.0.0.0/0\",\n network: consumer.name,\n nextHopIlb: _default.ipAddress,\n priority: 2000,\n tags: [\n \"tag1\",\n \"tag2\",\n ],\n}, {\n dependsOn: [\n peering1,\n peering2,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproducer = gcp.compute.Network(\"producer\",\n name=\"producer-vpc\",\n auto_create_subnetworks=False)\nproducer_subnetwork = gcp.compute.Subnetwork(\"producer\",\n name=\"producer-subnet\",\n ip_cidr_range=\"10.0.1.0/24\",\n region=\"us-central1\",\n network=producer.id)\nconsumer = gcp.compute.Network(\"consumer\",\n name=\"consumer-vpc\",\n auto_create_subnetworks=False)\nconsumer_subnetwork = gcp.compute.Subnetwork(\"consumer\",\n name=\"consumer-subnet\",\n ip_cidr_range=\"10.0.2.0/24\",\n region=\"us-central1\",\n network=consumer.id)\npeering1 = gcp.compute.NetworkPeering(\"peering1\",\n name=\"peering-producer-to-consumer\",\n network=consumer.id,\n peer_network=producer.id)\npeering2 = gcp.compute.NetworkPeering(\"peering2\",\n name=\"peering-consumer-to-producer\",\n network=producer.id,\n peer_network=consumer.id)\nhc = gcp.compute.HealthCheck(\"hc\",\n name=\"proxy-health-check\",\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\nbackend = gcp.compute.RegionBackendService(\"backend\",\n name=\"compute-backend\",\n region=\"us-central1\",\n health_checks=hc.id)\ndefault = gcp.compute.ForwardingRule(\"default\",\n name=\"compute-forwarding-rule\",\n region=\"us-central1\",\n load_balancing_scheme=\"INTERNAL\",\n backend_service=backend.id,\n all_ports=True,\n network=producer.name,\n subnetwork=producer_subnetwork.name)\nroute_ilb = gcp.compute.Route(\"route-ilb\",\n name=\"route-ilb\",\n dest_range=\"0.0.0.0/0\",\n network=consumer.name,\n next_hop_ilb=default.ip_address,\n priority=2000,\n tags=[\n \"tag1\",\n \"tag2\",\n ],\n opts = pulumi.ResourceOptions(depends_on=[\n peering1,\n peering2,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var producer = new Gcp.Compute.Network(\"producer\", new()\n {\n Name = \"producer-vpc\",\n AutoCreateSubnetworks = false,\n });\n\n var producerSubnetwork = new Gcp.Compute.Subnetwork(\"producer\", new()\n {\n Name = \"producer-subnet\",\n IpCidrRange = \"10.0.1.0/24\",\n Region = \"us-central1\",\n Network = producer.Id,\n });\n\n var consumer = new Gcp.Compute.Network(\"consumer\", new()\n {\n Name = \"consumer-vpc\",\n AutoCreateSubnetworks = false,\n });\n\n var consumerSubnetwork = new Gcp.Compute.Subnetwork(\"consumer\", new()\n {\n Name = \"consumer-subnet\",\n IpCidrRange = \"10.0.2.0/24\",\n Region = \"us-central1\",\n Network = consumer.Id,\n });\n\n var peering1 = new Gcp.Compute.NetworkPeering(\"peering1\", new()\n {\n Name = \"peering-producer-to-consumer\",\n Network = consumer.Id,\n PeerNetwork = producer.Id,\n });\n\n var peering2 = new Gcp.Compute.NetworkPeering(\"peering2\", new()\n {\n Name = \"peering-consumer-to-producer\",\n Network = producer.Id,\n PeerNetwork = consumer.Id,\n });\n\n var hc = new Gcp.Compute.HealthCheck(\"hc\", new()\n {\n Name = \"proxy-health-check\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var backend = new Gcp.Compute.RegionBackendService(\"backend\", new()\n {\n Name = \"compute-backend\",\n Region = \"us-central1\",\n HealthChecks = hc.Id,\n });\n\n var @default = new Gcp.Compute.ForwardingRule(\"default\", new()\n {\n Name = \"compute-forwarding-rule\",\n Region = \"us-central1\",\n LoadBalancingScheme = \"INTERNAL\",\n BackendService = backend.Id,\n AllPorts = true,\n Network = producer.Name,\n Subnetwork = producerSubnetwork.Name,\n });\n\n var route_ilb = new Gcp.Compute.Route(\"route-ilb\", new()\n {\n Name = \"route-ilb\",\n DestRange = \"0.0.0.0/0\",\n Network = consumer.Name,\n NextHopIlb = @default.IpAddress,\n Priority = 2000,\n Tags = new[]\n {\n \"tag1\",\n \"tag2\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n peering1,\n peering2,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproducer, err := compute.NewNetwork(ctx, \"producer\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"producer-vpc\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerSubnetwork, err := compute.NewSubnetwork(ctx, \"producer\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"producer-subnet\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.1.0/24\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: producer.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tconsumer, err := compute.NewNetwork(ctx, \"consumer\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"consumer-vpc\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetwork(ctx, \"consumer\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"consumer-subnet\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.2.0/24\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: consumer.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeering1, err := compute.NewNetworkPeering(ctx, \"peering1\", \u0026compute.NetworkPeeringArgs{\n\t\t\tName: pulumi.String(\"peering-producer-to-consumer\"),\n\t\t\tNetwork: consumer.ID(),\n\t\t\tPeerNetwork: producer.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeering2, err := compute.NewNetworkPeering(ctx, \"peering2\", \u0026compute.NetworkPeeringArgs{\n\t\t\tName: pulumi.String(\"peering-consumer-to-producer\"),\n\t\t\tNetwork: producer.ID(),\n\t\t\tPeerNetwork: consumer.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\thc, err := compute.NewHealthCheck(ctx, \"hc\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"proxy-health-check\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbackend, err := compute.NewRegionBackendService(ctx, \"backend\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"compute-backend\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHealthChecks: hc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewForwardingRule(ctx, \"default\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"compute-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL\"),\n\t\t\tBackendService: backend.ID(),\n\t\t\tAllPorts: pulumi.Bool(true),\n\t\t\tNetwork: producer.Name,\n\t\t\tSubnetwork: producerSubnetwork.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRoute(ctx, \"route-ilb\", \u0026compute.RouteArgs{\n\t\t\tName: pulumi.String(\"route-ilb\"),\n\t\t\tDestRange: pulumi.String(\"0.0.0.0/0\"),\n\t\t\tNetwork: consumer.Name,\n\t\t\tNextHopIlb: _default.IpAddress,\n\t\t\tPriority: pulumi.Int(2000),\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"tag1\"),\n\t\t\t\tpulumi.String(\"tag2\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tpeering1,\n\t\t\tpeering2,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.NetworkPeering;\nimport com.pulumi.gcp.compute.NetworkPeeringArgs;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.compute.Route;\nimport com.pulumi.gcp.compute.RouteArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var producer = new Network(\"producer\", NetworkArgs.builder()\n .name(\"producer-vpc\")\n .autoCreateSubnetworks(false)\n .build());\n\n var producerSubnetwork = new Subnetwork(\"producerSubnetwork\", SubnetworkArgs.builder()\n .name(\"producer-subnet\")\n .ipCidrRange(\"10.0.1.0/24\")\n .region(\"us-central1\")\n .network(producer.id())\n .build());\n\n var consumer = new Network(\"consumer\", NetworkArgs.builder()\n .name(\"consumer-vpc\")\n .autoCreateSubnetworks(false)\n .build());\n\n var consumerSubnetwork = new Subnetwork(\"consumerSubnetwork\", SubnetworkArgs.builder()\n .name(\"consumer-subnet\")\n .ipCidrRange(\"10.0.2.0/24\")\n .region(\"us-central1\")\n .network(consumer.id())\n .build());\n\n var peering1 = new NetworkPeering(\"peering1\", NetworkPeeringArgs.builder()\n .name(\"peering-producer-to-consumer\")\n .network(consumer.id())\n .peerNetwork(producer.id())\n .build());\n\n var peering2 = new NetworkPeering(\"peering2\", NetworkPeeringArgs.builder()\n .name(\"peering-consumer-to-producer\")\n .network(producer.id())\n .peerNetwork(consumer.id())\n .build());\n\n var hc = new HealthCheck(\"hc\", HealthCheckArgs.builder()\n .name(\"proxy-health-check\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n var backend = new RegionBackendService(\"backend\", RegionBackendServiceArgs.builder()\n .name(\"compute-backend\")\n .region(\"us-central1\")\n .healthChecks(hc.id())\n .build());\n\n var default_ = new ForwardingRule(\"default\", ForwardingRuleArgs.builder()\n .name(\"compute-forwarding-rule\")\n .region(\"us-central1\")\n .loadBalancingScheme(\"INTERNAL\")\n .backendService(backend.id())\n .allPorts(true)\n .network(producer.name())\n .subnetwork(producerSubnetwork.name())\n .build());\n\n var route_ilb = new Route(\"route-ilb\", RouteArgs.builder()\n .name(\"route-ilb\")\n .destRange(\"0.0.0.0/0\")\n .network(consumer.name())\n .nextHopIlb(default_.ipAddress())\n .priority(2000)\n .tags( \n \"tag1\",\n \"tag2\")\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n peering1,\n peering2)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n producer:\n type: gcp:compute:Network\n properties:\n name: producer-vpc\n autoCreateSubnetworks: false\n producerSubnetwork:\n type: gcp:compute:Subnetwork\n name: producer\n properties:\n name: producer-subnet\n ipCidrRange: 10.0.1.0/24\n region: us-central1\n network: ${producer.id}\n consumer:\n type: gcp:compute:Network\n properties:\n name: consumer-vpc\n autoCreateSubnetworks: false\n consumerSubnetwork:\n type: gcp:compute:Subnetwork\n name: consumer\n properties:\n name: consumer-subnet\n ipCidrRange: 10.0.2.0/24\n region: us-central1\n network: ${consumer.id}\n peering1:\n type: gcp:compute:NetworkPeering\n properties:\n name: peering-producer-to-consumer\n network: ${consumer.id}\n peerNetwork: ${producer.id}\n peering2:\n type: gcp:compute:NetworkPeering\n properties:\n name: peering-consumer-to-producer\n network: ${producer.id}\n peerNetwork: ${consumer.id}\n hc:\n type: gcp:compute:HealthCheck\n properties:\n name: proxy-health-check\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\n backend:\n type: gcp:compute:RegionBackendService\n properties:\n name: compute-backend\n region: us-central1\n healthChecks: ${hc.id}\n default:\n type: gcp:compute:ForwardingRule\n properties:\n name: compute-forwarding-rule\n region: us-central1\n loadBalancingScheme: INTERNAL\n backendService: ${backend.id}\n allPorts: true\n network: ${producer.name}\n subnetwork: ${producerSubnetwork.name}\n route-ilb:\n type: gcp:compute:Route\n properties:\n name: route-ilb\n destRange: 0.0.0.0/0\n network: ${consumer.name}\n nextHopIlb: ${default.ipAddress}\n priority: 2000\n tags:\n - tag1\n - tag2\n options:\n dependsOn:\n - ${peering1}\n - ${peering2}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRoute can be imported using any of these accepted formats:\n\n* `projects/{{project}}/global/routes/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Route can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/route:Route default projects/{{project}}/global/routes/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/route:Route default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/route:Route default {{name}}\n```\n\n", "properties": { "description": { "type": "string", @@ -180784,7 +180784,7 @@ } }, "gcp:compute/routerPeer:RouterPeer": { - "description": "BGP information that must be configured into the routing stack to\nestablish BGP peering. This information must specify the peer ASN\nand either the interface name, IP address, or peer IP address.\nPlease refer to RFC4273.\n\n\nTo get more information about RouterBgpPeer, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/routers)\n* How-to Guides\n * [Google Cloud Router](https://cloud.google.com/router/docs/)\n\n## Example Usage\n\n### Router Peer Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst peer = new gcp.compute.RouterPeer(\"peer\", {\n name: \"my-router-peer\",\n router: \"my-router\",\n region: \"us-central1\",\n peerAsn: 65513,\n advertisedRoutePriority: 100,\n \"interface\": \"interface-1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npeer = gcp.compute.RouterPeer(\"peer\",\n name=\"my-router-peer\",\n router=\"my-router\",\n region=\"us-central1\",\n peer_asn=65513,\n advertised_route_priority=100,\n interface=\"interface-1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var peer = new Gcp.Compute.RouterPeer(\"peer\", new()\n {\n Name = \"my-router-peer\",\n Router = \"my-router\",\n Region = \"us-central1\",\n PeerAsn = 65513,\n AdvertisedRoutePriority = 100,\n Interface = \"interface-1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRouterPeer(ctx, \"peer\", \u0026compute.RouterPeerArgs{\n\t\t\tName: pulumi.String(\"my-router-peer\"),\n\t\t\tRouter: pulumi.String(\"my-router\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tPeerAsn: pulumi.Int(65513),\n\t\t\tAdvertisedRoutePriority: pulumi.Int(100),\n\t\t\tInterface: pulumi.String(\"interface-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RouterPeer;\nimport com.pulumi.gcp.compute.RouterPeerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var peer = new RouterPeer(\"peer\", RouterPeerArgs.builder()\n .name(\"my-router-peer\")\n .router(\"my-router\")\n .region(\"us-central1\")\n .peerAsn(65513)\n .advertisedRoutePriority(100)\n .interface_(\"interface-1\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n peer:\n type: gcp:compute:RouterPeer\n properties:\n name: my-router-peer\n router: my-router\n region: us-central1\n peerAsn: 65513\n advertisedRoutePriority: 100\n interface: interface-1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Router Peer Disabled\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst peer = new gcp.compute.RouterPeer(\"peer\", {\n name: \"my-router-peer\",\n router: \"my-router\",\n region: \"us-central1\",\n peerIpAddress: \"169.254.1.2\",\n peerAsn: 65513,\n advertisedRoutePriority: 100,\n \"interface\": \"interface-1\",\n enable: false,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npeer = gcp.compute.RouterPeer(\"peer\",\n name=\"my-router-peer\",\n router=\"my-router\",\n region=\"us-central1\",\n peer_ip_address=\"169.254.1.2\",\n peer_asn=65513,\n advertised_route_priority=100,\n interface=\"interface-1\",\n enable=False)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var peer = new Gcp.Compute.RouterPeer(\"peer\", new()\n {\n Name = \"my-router-peer\",\n Router = \"my-router\",\n Region = \"us-central1\",\n PeerIpAddress = \"169.254.1.2\",\n PeerAsn = 65513,\n AdvertisedRoutePriority = 100,\n Interface = \"interface-1\",\n Enable = false,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRouterPeer(ctx, \"peer\", \u0026compute.RouterPeerArgs{\n\t\t\tName: pulumi.String(\"my-router-peer\"),\n\t\t\tRouter: pulumi.String(\"my-router\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tPeerIpAddress: pulumi.String(\"169.254.1.2\"),\n\t\t\tPeerAsn: pulumi.Int(65513),\n\t\t\tAdvertisedRoutePriority: pulumi.Int(100),\n\t\t\tInterface: pulumi.String(\"interface-1\"),\n\t\t\tEnable: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RouterPeer;\nimport com.pulumi.gcp.compute.RouterPeerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var peer = new RouterPeer(\"peer\", RouterPeerArgs.builder()\n .name(\"my-router-peer\")\n .router(\"my-router\")\n .region(\"us-central1\")\n .peerIpAddress(\"169.254.1.2\")\n .peerAsn(65513)\n .advertisedRoutePriority(100)\n .interface_(\"interface-1\")\n .enable(false)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n peer:\n type: gcp:compute:RouterPeer\n properties:\n name: my-router-peer\n router: my-router\n region: us-central1\n peerIpAddress: 169.254.1.2\n peerAsn: 65513\n advertisedRoutePriority: 100\n interface: interface-1\n enable: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Router Peer Bfd\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst peer = new gcp.compute.RouterPeer(\"peer\", {\n name: \"my-router-peer\",\n router: \"my-router\",\n region: \"us-central1\",\n peerIpAddress: \"169.254.1.2\",\n peerAsn: 65513,\n advertisedRoutePriority: 100,\n \"interface\": \"interface-1\",\n bfd: {\n minReceiveInterval: 1000,\n minTransmitInterval: 1000,\n multiplier: 5,\n sessionInitializationMode: \"ACTIVE\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npeer = gcp.compute.RouterPeer(\"peer\",\n name=\"my-router-peer\",\n router=\"my-router\",\n region=\"us-central1\",\n peer_ip_address=\"169.254.1.2\",\n peer_asn=65513,\n advertised_route_priority=100,\n interface=\"interface-1\",\n bfd={\n \"min_receive_interval\": 1000,\n \"min_transmit_interval\": 1000,\n \"multiplier\": 5,\n \"session_initialization_mode\": \"ACTIVE\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var peer = new Gcp.Compute.RouterPeer(\"peer\", new()\n {\n Name = \"my-router-peer\",\n Router = \"my-router\",\n Region = \"us-central1\",\n PeerIpAddress = \"169.254.1.2\",\n PeerAsn = 65513,\n AdvertisedRoutePriority = 100,\n Interface = \"interface-1\",\n Bfd = new Gcp.Compute.Inputs.RouterPeerBfdArgs\n {\n MinReceiveInterval = 1000,\n MinTransmitInterval = 1000,\n Multiplier = 5,\n SessionInitializationMode = \"ACTIVE\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRouterPeer(ctx, \"peer\", \u0026compute.RouterPeerArgs{\n\t\t\tName: pulumi.String(\"my-router-peer\"),\n\t\t\tRouter: pulumi.String(\"my-router\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tPeerIpAddress: pulumi.String(\"169.254.1.2\"),\n\t\t\tPeerAsn: pulumi.Int(65513),\n\t\t\tAdvertisedRoutePriority: pulumi.Int(100),\n\t\t\tInterface: pulumi.String(\"interface-1\"),\n\t\t\tBfd: \u0026compute.RouterPeerBfdArgs{\n\t\t\t\tMinReceiveInterval: pulumi.Int(1000),\n\t\t\t\tMinTransmitInterval: pulumi.Int(1000),\n\t\t\t\tMultiplier: pulumi.Int(5),\n\t\t\t\tSessionInitializationMode: pulumi.String(\"ACTIVE\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RouterPeer;\nimport com.pulumi.gcp.compute.RouterPeerArgs;\nimport com.pulumi.gcp.compute.inputs.RouterPeerBfdArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var peer = new RouterPeer(\"peer\", RouterPeerArgs.builder()\n .name(\"my-router-peer\")\n .router(\"my-router\")\n .region(\"us-central1\")\n .peerIpAddress(\"169.254.1.2\")\n .peerAsn(65513)\n .advertisedRoutePriority(100)\n .interface_(\"interface-1\")\n .bfd(RouterPeerBfdArgs.builder()\n .minReceiveInterval(1000)\n .minTransmitInterval(1000)\n .multiplier(5)\n .sessionInitializationMode(\"ACTIVE\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n peer:\n type: gcp:compute:RouterPeer\n properties:\n name: my-router-peer\n router: my-router\n region: us-central1\n peerIpAddress: 169.254.1.2\n peerAsn: 65513\n advertisedRoutePriority: 100\n interface: interface-1\n bfd:\n minReceiveInterval: 1000\n minTransmitInterval: 1000\n multiplier: 5\n sessionInitializationMode: ACTIVE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Router Peer Router Appliance\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network = new gcp.compute.Network(\"network\", {\n name: \"my-router-net\",\n autoCreateSubnetworks: false,\n});\nconst subnetwork = new gcp.compute.Subnetwork(\"subnetwork\", {\n name: \"my-router-sub\",\n network: network.selfLink,\n ipCidrRange: \"10.0.0.0/16\",\n region: \"us-central1\",\n});\nconst addrIntf = new gcp.compute.Address(\"addr_intf\", {\n name: \"my-router-addr-intf\",\n region: subnetwork.region,\n subnetwork: subnetwork.id,\n addressType: \"INTERNAL\",\n});\nconst addrIntfRedundant = new gcp.compute.Address(\"addr_intf_redundant\", {\n name: \"my-router-addr-intf-red\",\n region: subnetwork.region,\n subnetwork: subnetwork.id,\n addressType: \"INTERNAL\",\n});\nconst addrPeer = new gcp.compute.Address(\"addr_peer\", {\n name: \"my-router-addr-peer\",\n region: subnetwork.region,\n subnetwork: subnetwork.id,\n addressType: \"INTERNAL\",\n});\nconst instance = new gcp.compute.Instance(\"instance\", {\n name: \"router-appliance\",\n zone: \"us-central1-a\",\n machineType: \"e2-medium\",\n canIpForward: true,\n bootDisk: {\n initializeParams: {\n image: \"debian-cloud/debian-11\",\n },\n },\n networkInterfaces: [{\n networkIp: addrPeer.address,\n subnetwork: subnetwork.selfLink,\n }],\n});\nconst hub = new gcp.networkconnectivity.Hub(\"hub\", {name: \"my-router-hub\"});\nconst spoke = new gcp.networkconnectivity.Spoke(\"spoke\", {\n name: \"my-router-spoke\",\n location: subnetwork.region,\n hub: hub.id,\n linkedRouterApplianceInstances: {\n instances: [{\n virtualMachine: instance.selfLink,\n ipAddress: addrPeer.address,\n }],\n siteToSiteDataTransfer: false,\n },\n});\nconst router = new gcp.compute.Router(\"router\", {\n name: \"my-router-router\",\n region: subnetwork.region,\n network: network.selfLink,\n bgp: {\n asn: 64514,\n },\n});\nconst interfaceRedundant = new gcp.compute.RouterInterface(\"interface_redundant\", {\n name: \"my-router-intf-red\",\n region: router.region,\n router: router.name,\n subnetwork: subnetwork.selfLink,\n privateIpAddress: addrIntfRedundant.address,\n});\nconst _interface = new gcp.compute.RouterInterface(\"interface\", {\n name: \"my-router-intf\",\n region: router.region,\n router: router.name,\n subnetwork: subnetwork.selfLink,\n privateIpAddress: addrIntf.address,\n redundantInterface: interfaceRedundant.name,\n});\nconst peer = new gcp.compute.RouterPeer(\"peer\", {\n name: \"my-router-peer\",\n router: router.name,\n region: router.region,\n \"interface\": _interface.name,\n routerApplianceInstance: instance.selfLink,\n peerAsn: 65513,\n peerIpAddress: addrPeer.address,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork = gcp.compute.Network(\"network\",\n name=\"my-router-net\",\n auto_create_subnetworks=False)\nsubnetwork = gcp.compute.Subnetwork(\"subnetwork\",\n name=\"my-router-sub\",\n network=network.self_link,\n ip_cidr_range=\"10.0.0.0/16\",\n region=\"us-central1\")\naddr_intf = gcp.compute.Address(\"addr_intf\",\n name=\"my-router-addr-intf\",\n region=subnetwork.region,\n subnetwork=subnetwork.id,\n address_type=\"INTERNAL\")\naddr_intf_redundant = gcp.compute.Address(\"addr_intf_redundant\",\n name=\"my-router-addr-intf-red\",\n region=subnetwork.region,\n subnetwork=subnetwork.id,\n address_type=\"INTERNAL\")\naddr_peer = gcp.compute.Address(\"addr_peer\",\n name=\"my-router-addr-peer\",\n region=subnetwork.region,\n subnetwork=subnetwork.id,\n address_type=\"INTERNAL\")\ninstance = gcp.compute.Instance(\"instance\",\n name=\"router-appliance\",\n zone=\"us-central1-a\",\n machine_type=\"e2-medium\",\n can_ip_forward=True,\n boot_disk={\n \"initialize_params\": {\n \"image\": \"debian-cloud/debian-11\",\n },\n },\n network_interfaces=[{\n \"network_ip\": addr_peer.address,\n \"subnetwork\": subnetwork.self_link,\n }])\nhub = gcp.networkconnectivity.Hub(\"hub\", name=\"my-router-hub\")\nspoke = gcp.networkconnectivity.Spoke(\"spoke\",\n name=\"my-router-spoke\",\n location=subnetwork.region,\n hub=hub.id,\n linked_router_appliance_instances={\n \"instances\": [{\n \"virtual_machine\": instance.self_link,\n \"ip_address\": addr_peer.address,\n }],\n \"site_to_site_data_transfer\": False,\n })\nrouter = gcp.compute.Router(\"router\",\n name=\"my-router-router\",\n region=subnetwork.region,\n network=network.self_link,\n bgp={\n \"asn\": 64514,\n })\ninterface_redundant = gcp.compute.RouterInterface(\"interface_redundant\",\n name=\"my-router-intf-red\",\n region=router.region,\n router=router.name,\n subnetwork=subnetwork.self_link,\n private_ip_address=addr_intf_redundant.address)\ninterface = gcp.compute.RouterInterface(\"interface\",\n name=\"my-router-intf\",\n region=router.region,\n router=router.name,\n subnetwork=subnetwork.self_link,\n private_ip_address=addr_intf.address,\n redundant_interface=interface_redundant.name)\npeer = gcp.compute.RouterPeer(\"peer\",\n name=\"my-router-peer\",\n router=router.name,\n region=router.region,\n interface=interface.name,\n router_appliance_instance=instance.self_link,\n peer_asn=65513,\n peer_ip_address=addr_peer.address)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"my-router-net\",\n AutoCreateSubnetworks = false,\n });\n\n var subnetwork = new Gcp.Compute.Subnetwork(\"subnetwork\", new()\n {\n Name = \"my-router-sub\",\n Network = network.SelfLink,\n IpCidrRange = \"10.0.0.0/16\",\n Region = \"us-central1\",\n });\n\n var addrIntf = new Gcp.Compute.Address(\"addr_intf\", new()\n {\n Name = \"my-router-addr-intf\",\n Region = subnetwork.Region,\n Subnetwork = subnetwork.Id,\n AddressType = \"INTERNAL\",\n });\n\n var addrIntfRedundant = new Gcp.Compute.Address(\"addr_intf_redundant\", new()\n {\n Name = \"my-router-addr-intf-red\",\n Region = subnetwork.Region,\n Subnetwork = subnetwork.Id,\n AddressType = \"INTERNAL\",\n });\n\n var addrPeer = new Gcp.Compute.Address(\"addr_peer\", new()\n {\n Name = \"my-router-addr-peer\",\n Region = subnetwork.Region,\n Subnetwork = subnetwork.Id,\n AddressType = \"INTERNAL\",\n });\n\n var instance = new Gcp.Compute.Instance(\"instance\", new()\n {\n Name = \"router-appliance\",\n Zone = \"us-central1-a\",\n MachineType = \"e2-medium\",\n CanIpForward = true,\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = \"debian-cloud/debian-11\",\n },\n },\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs\n {\n NetworkIp = addrPeer.IPAddress,\n Subnetwork = subnetwork.SelfLink,\n },\n },\n });\n\n var hub = new Gcp.NetworkConnectivity.Hub(\"hub\", new()\n {\n Name = \"my-router-hub\",\n });\n\n var spoke = new Gcp.NetworkConnectivity.Spoke(\"spoke\", new()\n {\n Name = \"my-router-spoke\",\n Location = subnetwork.Region,\n Hub = hub.Id,\n LinkedRouterApplianceInstances = new Gcp.NetworkConnectivity.Inputs.SpokeLinkedRouterApplianceInstancesArgs\n {\n Instances = new[]\n {\n new Gcp.NetworkConnectivity.Inputs.SpokeLinkedRouterApplianceInstancesInstanceArgs\n {\n VirtualMachine = instance.SelfLink,\n IpAddress = addrPeer.IPAddress,\n },\n },\n SiteToSiteDataTransfer = false,\n },\n });\n\n var router = new Gcp.Compute.Router(\"router\", new()\n {\n Name = \"my-router-router\",\n Region = subnetwork.Region,\n Network = network.SelfLink,\n Bgp = new Gcp.Compute.Inputs.RouterBgpArgs\n {\n Asn = 64514,\n },\n });\n\n var interfaceRedundant = new Gcp.Compute.RouterInterface(\"interface_redundant\", new()\n {\n Name = \"my-router-intf-red\",\n Region = router.Region,\n Router = router.Name,\n Subnetwork = subnetwork.SelfLink,\n PrivateIpAddress = addrIntfRedundant.IPAddress,\n });\n\n var @interface = new Gcp.Compute.RouterInterface(\"interface\", new()\n {\n Name = \"my-router-intf\",\n Region = router.Region,\n Router = router.Name,\n Subnetwork = subnetwork.SelfLink,\n PrivateIpAddress = addrIntf.IPAddress,\n RedundantInterface = interfaceRedundant.Name,\n });\n\n var peer = new Gcp.Compute.RouterPeer(\"peer\", new()\n {\n Name = \"my-router-peer\",\n Router = router.Name,\n Region = router.Region,\n Interface = @interface.Name,\n RouterApplianceInstance = instance.SelfLink,\n PeerAsn = 65513,\n PeerIpAddress = addrPeer.IPAddress,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\nName: pulumi.String(\"my-router-net\"),\nAutoCreateSubnetworks: pulumi.Bool(false),\n})\nif err != nil {\nreturn err\n}\nsubnetwork, err := compute.NewSubnetwork(ctx, \"subnetwork\", \u0026compute.SubnetworkArgs{\nName: pulumi.String(\"my-router-sub\"),\nNetwork: network.SelfLink,\nIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\nRegion: pulumi.String(\"us-central1\"),\n})\nif err != nil {\nreturn err\n}\naddrIntf, err := compute.NewAddress(ctx, \"addr_intf\", \u0026compute.AddressArgs{\nName: pulumi.String(\"my-router-addr-intf\"),\nRegion: subnetwork.Region,\nSubnetwork: subnetwork.ID(),\nAddressType: pulumi.String(\"INTERNAL\"),\n})\nif err != nil {\nreturn err\n}\naddrIntfRedundant, err := compute.NewAddress(ctx, \"addr_intf_redundant\", \u0026compute.AddressArgs{\nName: pulumi.String(\"my-router-addr-intf-red\"),\nRegion: subnetwork.Region,\nSubnetwork: subnetwork.ID(),\nAddressType: pulumi.String(\"INTERNAL\"),\n})\nif err != nil {\nreturn err\n}\naddrPeer, err := compute.NewAddress(ctx, \"addr_peer\", \u0026compute.AddressArgs{\nName: pulumi.String(\"my-router-addr-peer\"),\nRegion: subnetwork.Region,\nSubnetwork: subnetwork.ID(),\nAddressType: pulumi.String(\"INTERNAL\"),\n})\nif err != nil {\nreturn err\n}\ninstance, err := compute.NewInstance(ctx, \"instance\", \u0026compute.InstanceArgs{\nName: pulumi.String(\"router-appliance\"),\nZone: pulumi.String(\"us-central1-a\"),\nMachineType: pulumi.String(\"e2-medium\"),\nCanIpForward: pulumi.Bool(true),\nBootDisk: \u0026compute.InstanceBootDiskArgs{\nInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\nImage: pulumi.String(\"debian-cloud/debian-11\"),\n},\n},\nNetworkInterfaces: compute.InstanceNetworkInterfaceArray{\n\u0026compute.InstanceNetworkInterfaceArgs{\nNetworkIp: addrPeer.Address,\nSubnetwork: subnetwork.SelfLink,\n},\n},\n})\nif err != nil {\nreturn err\n}\nhub, err := networkconnectivity.NewHub(ctx, \"hub\", \u0026networkconnectivity.HubArgs{\nName: pulumi.String(\"my-router-hub\"),\n})\nif err != nil {\nreturn err\n}\n_, err = networkconnectivity.NewSpoke(ctx, \"spoke\", \u0026networkconnectivity.SpokeArgs{\nName: pulumi.String(\"my-router-spoke\"),\nLocation: subnetwork.Region,\nHub: hub.ID(),\nLinkedRouterApplianceInstances: \u0026networkconnectivity.SpokeLinkedRouterApplianceInstancesArgs{\nInstances: networkconnectivity.SpokeLinkedRouterApplianceInstancesInstanceArray{\n\u0026networkconnectivity.SpokeLinkedRouterApplianceInstancesInstanceArgs{\nVirtualMachine: instance.SelfLink,\nIpAddress: addrPeer.Address,\n},\n},\nSiteToSiteDataTransfer: pulumi.Bool(false),\n},\n})\nif err != nil {\nreturn err\n}\nrouter, err := compute.NewRouter(ctx, \"router\", \u0026compute.RouterArgs{\nName: pulumi.String(\"my-router-router\"),\nRegion: subnetwork.Region,\nNetwork: network.SelfLink,\nBgp: \u0026compute.RouterBgpArgs{\nAsn: pulumi.Int(64514),\n},\n})\nif err != nil {\nreturn err\n}\ninterfaceRedundant, err := compute.NewRouterInterface(ctx, \"interface_redundant\", \u0026compute.RouterInterfaceArgs{\nName: pulumi.String(\"my-router-intf-red\"),\nRegion: router.Region,\nRouter: router.Name,\nSubnetwork: subnetwork.SelfLink,\nPrivateIpAddress: addrIntfRedundant.Address,\n})\nif err != nil {\nreturn err\n}\ninterface, err := compute.NewRouterInterface(ctx, \"interface\", \u0026compute.RouterInterfaceArgs{\nName: pulumi.String(\"my-router-intf\"),\nRegion: router.Region,\nRouter: router.Name,\nSubnetwork: subnetwork.SelfLink,\nPrivateIpAddress: addrIntf.Address,\nRedundantInterface: interfaceRedundant.Name,\n})\nif err != nil {\nreturn err\n}\n_, err = compute.NewRouterPeer(ctx, \"peer\", \u0026compute.RouterPeerArgs{\nName: pulumi.String(\"my-router-peer\"),\nRouter: router.Name,\nRegion: router.Region,\nInterface: interface.Name,\nRouterApplianceInstance: instance.SelfLink,\nPeerAsn: pulumi.Int(65513),\nPeerIpAddress: addrPeer.Address,\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;\nimport com.pulumi.gcp.networkconnectivity.Hub;\nimport com.pulumi.gcp.networkconnectivity.HubArgs;\nimport com.pulumi.gcp.networkconnectivity.Spoke;\nimport com.pulumi.gcp.networkconnectivity.SpokeArgs;\nimport com.pulumi.gcp.networkconnectivity.inputs.SpokeLinkedRouterApplianceInstancesArgs;\nimport com.pulumi.gcp.compute.Router;\nimport com.pulumi.gcp.compute.RouterArgs;\nimport com.pulumi.gcp.compute.inputs.RouterBgpArgs;\nimport com.pulumi.gcp.compute.RouterInterface;\nimport com.pulumi.gcp.compute.RouterInterfaceArgs;\nimport com.pulumi.gcp.compute.RouterPeer;\nimport com.pulumi.gcp.compute.RouterPeerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"my-router-net\")\n .autoCreateSubnetworks(false)\n .build());\n\n var subnetwork = new Subnetwork(\"subnetwork\", SubnetworkArgs.builder()\n .name(\"my-router-sub\")\n .network(network.selfLink())\n .ipCidrRange(\"10.0.0.0/16\")\n .region(\"us-central1\")\n .build());\n\n var addrIntf = new Address(\"addrIntf\", AddressArgs.builder()\n .name(\"my-router-addr-intf\")\n .region(subnetwork.region())\n .subnetwork(subnetwork.id())\n .addressType(\"INTERNAL\")\n .build());\n\n var addrIntfRedundant = new Address(\"addrIntfRedundant\", AddressArgs.builder()\n .name(\"my-router-addr-intf-red\")\n .region(subnetwork.region())\n .subnetwork(subnetwork.id())\n .addressType(\"INTERNAL\")\n .build());\n\n var addrPeer = new Address(\"addrPeer\", AddressArgs.builder()\n .name(\"my-router-addr-peer\")\n .region(subnetwork.region())\n .subnetwork(subnetwork.id())\n .addressType(\"INTERNAL\")\n .build());\n\n var instance = new Instance(\"instance\", InstanceArgs.builder()\n .name(\"router-appliance\")\n .zone(\"us-central1-a\")\n .machineType(\"e2-medium\")\n .canIpForward(true)\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(\"debian-cloud/debian-11\")\n .build())\n .build())\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .networkIp(addrPeer.address())\n .subnetwork(subnetwork.selfLink())\n .build())\n .build());\n\n var hub = new Hub(\"hub\", HubArgs.builder()\n .name(\"my-router-hub\")\n .build());\n\n var spoke = new Spoke(\"spoke\", SpokeArgs.builder()\n .name(\"my-router-spoke\")\n .location(subnetwork.region())\n .hub(hub.id())\n .linkedRouterApplianceInstances(SpokeLinkedRouterApplianceInstancesArgs.builder()\n .instances(SpokeLinkedRouterApplianceInstancesInstanceArgs.builder()\n .virtualMachine(instance.selfLink())\n .ipAddress(addrPeer.address())\n .build())\n .siteToSiteDataTransfer(false)\n .build())\n .build());\n\n var router = new Router(\"router\", RouterArgs.builder()\n .name(\"my-router-router\")\n .region(subnetwork.region())\n .network(network.selfLink())\n .bgp(RouterBgpArgs.builder()\n .asn(64514)\n .build())\n .build());\n\n var interfaceRedundant = new RouterInterface(\"interfaceRedundant\", RouterInterfaceArgs.builder()\n .name(\"my-router-intf-red\")\n .region(router.region())\n .router(router.name())\n .subnetwork(subnetwork.selfLink())\n .privateIpAddress(addrIntfRedundant.address())\n .build());\n\n var interface_ = new RouterInterface(\"interface\", RouterInterfaceArgs.builder()\n .name(\"my-router-intf\")\n .region(router.region())\n .router(router.name())\n .subnetwork(subnetwork.selfLink())\n .privateIpAddress(addrIntf.address())\n .redundantInterface(interfaceRedundant.name())\n .build());\n\n var peer = new RouterPeer(\"peer\", RouterPeerArgs.builder()\n .name(\"my-router-peer\")\n .router(router.name())\n .region(router.region())\n .interface_(interface_.name())\n .routerApplianceInstance(instance.selfLink())\n .peerAsn(65513)\n .peerIpAddress(addrPeer.address())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n network:\n type: gcp:compute:Network\n properties:\n name: my-router-net\n autoCreateSubnetworks: false\n subnetwork:\n type: gcp:compute:Subnetwork\n properties:\n name: my-router-sub\n network: ${network.selfLink}\n ipCidrRange: 10.0.0.0/16\n region: us-central1\n addrIntf:\n type: gcp:compute:Address\n name: addr_intf\n properties:\n name: my-router-addr-intf\n region: ${subnetwork.region}\n subnetwork: ${subnetwork.id}\n addressType: INTERNAL\n addrIntfRedundant:\n type: gcp:compute:Address\n name: addr_intf_redundant\n properties:\n name: my-router-addr-intf-red\n region: ${subnetwork.region}\n subnetwork: ${subnetwork.id}\n addressType: INTERNAL\n addrPeer:\n type: gcp:compute:Address\n name: addr_peer\n properties:\n name: my-router-addr-peer\n region: ${subnetwork.region}\n subnetwork: ${subnetwork.id}\n addressType: INTERNAL\n instance:\n type: gcp:compute:Instance\n properties:\n name: router-appliance\n zone: us-central1-a\n machineType: e2-medium\n canIpForward: true\n bootDisk:\n initializeParams:\n image: debian-cloud/debian-11\n networkInterfaces:\n - networkIp: ${addrPeer.address}\n subnetwork: ${subnetwork.selfLink}\n hub:\n type: gcp:networkconnectivity:Hub\n properties:\n name: my-router-hub\n spoke:\n type: gcp:networkconnectivity:Spoke\n properties:\n name: my-router-spoke\n location: ${subnetwork.region}\n hub: ${hub.id}\n linkedRouterApplianceInstances:\n instances:\n - virtualMachine: ${instance.selfLink}\n ipAddress: ${addrPeer.address}\n siteToSiteDataTransfer: false\n router:\n type: gcp:compute:Router\n properties:\n name: my-router-router\n region: ${subnetwork.region}\n network: ${network.selfLink}\n bgp:\n asn: 64514\n interfaceRedundant:\n type: gcp:compute:RouterInterface\n name: interface_redundant\n properties:\n name: my-router-intf-red\n region: ${router.region}\n router: ${router.name}\n subnetwork: ${subnetwork.selfLink}\n privateIpAddress: ${addrIntfRedundant.address}\n interface:\n type: gcp:compute:RouterInterface\n properties:\n name: my-router-intf\n region: ${router.region}\n router: ${router.name}\n subnetwork: ${subnetwork.selfLink}\n privateIpAddress: ${addrIntf.address}\n redundantInterface: ${interfaceRedundant.name}\n peer:\n type: gcp:compute:RouterPeer\n properties:\n name: my-router-peer\n router: ${router.name}\n region: ${router.region}\n interface: ${interface.name}\n routerApplianceInstance: ${instance.selfLink}\n peerAsn: 65513\n peerIpAddress: ${addrPeer.address}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Router Peer Md5 Authentication Key\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foobar = new gcp.compute.RouterPeer(\"foobar\", {\n name: \"%s-peer\",\n router: foobarGoogleComputeRouter.name,\n region: foobarGoogleComputeRouter.region,\n peerAsn: 65515,\n advertisedRoutePriority: 100,\n \"interface\": foobarGoogleComputeRouterInterface.name,\n peerIpAddress: \"169.254.3.2\",\n md5AuthenticationKey: {\n name: \"%s-peer-key\",\n key: \"%s-peer-key-value\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoobar = gcp.compute.RouterPeer(\"foobar\",\n name=\"%s-peer\",\n router=foobar_google_compute_router[\"name\"],\n region=foobar_google_compute_router[\"region\"],\n peer_asn=65515,\n advertised_route_priority=100,\n interface=foobar_google_compute_router_interface[\"name\"],\n peer_ip_address=\"169.254.3.2\",\n md5_authentication_key={\n \"name\": \"%s-peer-key\",\n \"key\": \"%s-peer-key-value\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foobar = new Gcp.Compute.RouterPeer(\"foobar\", new()\n {\n Name = \"%s-peer\",\n Router = foobarGoogleComputeRouter.Name,\n Region = foobarGoogleComputeRouter.Region,\n PeerAsn = 65515,\n AdvertisedRoutePriority = 100,\n Interface = foobarGoogleComputeRouterInterface.Name,\n PeerIpAddress = \"169.254.3.2\",\n Md5AuthenticationKey = new Gcp.Compute.Inputs.RouterPeerMd5AuthenticationKeyArgs\n {\n Name = \"%s-peer-key\",\n Key = \"%s-peer-key-value\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRouterPeer(ctx, \"foobar\", \u0026compute.RouterPeerArgs{\n\t\t\tName: pulumi.String(\"%s-peer\"),\n\t\t\tRouter: pulumi.Any(foobarGoogleComputeRouter.Name),\n\t\t\tRegion: pulumi.Any(foobarGoogleComputeRouter.Region),\n\t\t\tPeerAsn: pulumi.Int(65515),\n\t\t\tAdvertisedRoutePriority: pulumi.Int(100),\n\t\t\tInterface: pulumi.Any(foobarGoogleComputeRouterInterface.Name),\n\t\t\tPeerIpAddress: pulumi.String(\"169.254.3.2\"),\n\t\t\tMd5AuthenticationKey: \u0026compute.RouterPeerMd5AuthenticationKeyArgs{\n\t\t\t\tName: pulumi.String(\"%s-peer-key\"),\n\t\t\t\tKey: pulumi.String(\"%s-peer-key-value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RouterPeer;\nimport com.pulumi.gcp.compute.RouterPeerArgs;\nimport com.pulumi.gcp.compute.inputs.RouterPeerMd5AuthenticationKeyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foobar = new RouterPeer(\"foobar\", RouterPeerArgs.builder()\n .name(\"%s-peer\")\n .router(foobarGoogleComputeRouter.name())\n .region(foobarGoogleComputeRouter.region())\n .peerAsn(65515)\n .advertisedRoutePriority(100)\n .interface_(foobarGoogleComputeRouterInterface.name())\n .peerIpAddress(\"169.254.3.2\")\n .md5AuthenticationKey(RouterPeerMd5AuthenticationKeyArgs.builder()\n .name(\"%s-peer-key\")\n .key(\"%s-peer-key-value\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foobar:\n type: gcp:compute:RouterPeer\n properties:\n name: '%s-peer'\n router: ${foobarGoogleComputeRouter.name}\n region: ${foobarGoogleComputeRouter.region}\n peerAsn: 65515\n advertisedRoutePriority: 100\n interface: ${foobarGoogleComputeRouterInterface.name}\n peerIpAddress: 169.254.3.2\n md5AuthenticationKey:\n name: '%s-peer-key'\n key: '%s-peer-key-value'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Router Peer Export And Import Policies\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network = new gcp.compute.Network(\"network\", {\n name: \"my-router-net\",\n autoCreateSubnetworks: false,\n});\nconst subnetwork = new gcp.compute.Subnetwork(\"subnetwork\", {\n name: \"my-router-subnet\",\n network: network.selfLink,\n ipCidrRange: \"10.0.0.0/16\",\n region: \"us-central1\",\n});\nconst address = new gcp.compute.Address(\"address\", {\n name: \"my-router\",\n region: subnetwork.region,\n});\nconst vpnGateway = new gcp.compute.HaVpnGateway(\"vpn_gateway\", {\n name: \"my-router-gateway\",\n network: network.selfLink,\n region: subnetwork.region,\n});\nconst externalGateway = new gcp.compute.ExternalVpnGateway(\"external_gateway\", {\n name: \"my-router-external-gateway\",\n redundancyType: \"SINGLE_IP_INTERNALLY_REDUNDANT\",\n description: \"An externally managed VPN gateway\",\n interfaces: [{\n id: 0,\n ipAddress: \"8.8.8.8\",\n }],\n});\nconst router = new gcp.compute.Router(\"router\", {\n name: \"my-router\",\n region: subnetwork.region,\n network: network.selfLink,\n bgp: {\n asn: 64514,\n },\n});\nconst vpnTunnel = new gcp.compute.VPNTunnel(\"vpn_tunnel\", {\n name: \"my-router\",\n region: subnetwork.region,\n vpnGateway: vpnGateway.id,\n peerExternalGateway: externalGateway.id,\n peerExternalGatewayInterface: 0,\n sharedSecret: \"unguessable\",\n router: router.name,\n vpnGatewayInterface: 0,\n});\nconst routerInterface = new gcp.compute.RouterInterface(\"router_interface\", {\n name: \"my-router\",\n router: router.name,\n region: router.region,\n vpnTunnel: vpnTunnel.name,\n});\nconst rp_export = new gcp.compute.RouterRoutePolicy(\"rp-export\", {\n name: \"my-router-rp-export\",\n router: router.name,\n region: router.region,\n type: \"ROUTE_POLICY_TYPE_EXPORT\",\n terms: [{\n priority: 2,\n match: {\n expression: \"destination == '10.0.0.0/12'\",\n title: \"export_expression\",\n description: \"acceptance expression for export\",\n },\n actions: [{\n expression: \"accept()\",\n }],\n }],\n}, {\n dependsOn: [routerInterface],\n});\nconst rp_import = new gcp.compute.RouterRoutePolicy(\"rp-import\", {\n name: \"my-router-rp-import\",\n router: router.name,\n region: router.region,\n type: \"ROUTE_POLICY_TYPE_IMPORT\",\n terms: [{\n priority: 1,\n match: {\n expression: \"destination == '10.0.0.0/12'\",\n title: \"import_expression\",\n description: \"acceptance expression for import\",\n },\n actions: [{\n expression: \"accept()\",\n }],\n }],\n}, {\n dependsOn: [\n routerInterface,\n rp_export,\n ],\n});\nconst routerPeer = new gcp.compute.RouterPeer(\"router_peer\", {\n name: \"my-router-peer\",\n router: router.name,\n region: router.region,\n peerAsn: 65515,\n advertisedRoutePriority: 100,\n \"interface\": routerInterface.name,\n md5AuthenticationKey: {\n name: \"my-router-peer-key\",\n key: \"my-router-peer-key-value\",\n },\n importPolicies: [rp_import.name],\n exportPolicies: [rp_export.name],\n}, {\n dependsOn: [\n rp_export,\n rp_import,\n routerInterface,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork = gcp.compute.Network(\"network\",\n name=\"my-router-net\",\n auto_create_subnetworks=False)\nsubnetwork = gcp.compute.Subnetwork(\"subnetwork\",\n name=\"my-router-subnet\",\n network=network.self_link,\n ip_cidr_range=\"10.0.0.0/16\",\n region=\"us-central1\")\naddress = gcp.compute.Address(\"address\",\n name=\"my-router\",\n region=subnetwork.region)\nvpn_gateway = gcp.compute.HaVpnGateway(\"vpn_gateway\",\n name=\"my-router-gateway\",\n network=network.self_link,\n region=subnetwork.region)\nexternal_gateway = gcp.compute.ExternalVpnGateway(\"external_gateway\",\n name=\"my-router-external-gateway\",\n redundancy_type=\"SINGLE_IP_INTERNALLY_REDUNDANT\",\n description=\"An externally managed VPN gateway\",\n interfaces=[{\n \"id\": 0,\n \"ip_address\": \"8.8.8.8\",\n }])\nrouter = gcp.compute.Router(\"router\",\n name=\"my-router\",\n region=subnetwork.region,\n network=network.self_link,\n bgp={\n \"asn\": 64514,\n })\nvpn_tunnel = gcp.compute.VPNTunnel(\"vpn_tunnel\",\n name=\"my-router\",\n region=subnetwork.region,\n vpn_gateway=vpn_gateway.id,\n peer_external_gateway=external_gateway.id,\n peer_external_gateway_interface=0,\n shared_secret=\"unguessable\",\n router=router.name,\n vpn_gateway_interface=0)\nrouter_interface = gcp.compute.RouterInterface(\"router_interface\",\n name=\"my-router\",\n router=router.name,\n region=router.region,\n vpn_tunnel=vpn_tunnel.name)\nrp_export = gcp.compute.RouterRoutePolicy(\"rp-export\",\n name=\"my-router-rp-export\",\n router=router.name,\n region=router.region,\n type=\"ROUTE_POLICY_TYPE_EXPORT\",\n terms=[{\n \"priority\": 2,\n \"match\": {\n \"expression\": \"destination == '10.0.0.0/12'\",\n \"title\": \"export_expression\",\n \"description\": \"acceptance expression for export\",\n },\n \"actions\": [{\n \"expression\": \"accept()\",\n }],\n }],\n opts = pulumi.ResourceOptions(depends_on=[router_interface]))\nrp_import = gcp.compute.RouterRoutePolicy(\"rp-import\",\n name=\"my-router-rp-import\",\n router=router.name,\n region=router.region,\n type=\"ROUTE_POLICY_TYPE_IMPORT\",\n terms=[{\n \"priority\": 1,\n \"match\": {\n \"expression\": \"destination == '10.0.0.0/12'\",\n \"title\": \"import_expression\",\n \"description\": \"acceptance expression for import\",\n },\n \"actions\": [{\n \"expression\": \"accept()\",\n }],\n }],\n opts = pulumi.ResourceOptions(depends_on=[\n router_interface,\n rp_export,\n ]))\nrouter_peer = gcp.compute.RouterPeer(\"router_peer\",\n name=\"my-router-peer\",\n router=router.name,\n region=router.region,\n peer_asn=65515,\n advertised_route_priority=100,\n interface=router_interface.name,\n md5_authentication_key={\n \"name\": \"my-router-peer-key\",\n \"key\": \"my-router-peer-key-value\",\n },\n import_policies=[rp_import.name],\n export_policies=[rp_export.name],\n opts = pulumi.ResourceOptions(depends_on=[\n rp_export,\n rp_import,\n router_interface,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"my-router-net\",\n AutoCreateSubnetworks = false,\n });\n\n var subnetwork = new Gcp.Compute.Subnetwork(\"subnetwork\", new()\n {\n Name = \"my-router-subnet\",\n Network = network.SelfLink,\n IpCidrRange = \"10.0.0.0/16\",\n Region = \"us-central1\",\n });\n\n var address = new Gcp.Compute.Address(\"address\", new()\n {\n Name = \"my-router\",\n Region = subnetwork.Region,\n });\n\n var vpnGateway = new Gcp.Compute.HaVpnGateway(\"vpn_gateway\", new()\n {\n Name = \"my-router-gateway\",\n Network = network.SelfLink,\n Region = subnetwork.Region,\n });\n\n var externalGateway = new Gcp.Compute.ExternalVpnGateway(\"external_gateway\", new()\n {\n Name = \"my-router-external-gateway\",\n RedundancyType = \"SINGLE_IP_INTERNALLY_REDUNDANT\",\n Description = \"An externally managed VPN gateway\",\n Interfaces = new[]\n {\n new Gcp.Compute.Inputs.ExternalVpnGatewayInterfaceArgs\n {\n Id = 0,\n IpAddress = \"8.8.8.8\",\n },\n },\n });\n\n var router = new Gcp.Compute.Router(\"router\", new()\n {\n Name = \"my-router\",\n Region = subnetwork.Region,\n Network = network.SelfLink,\n Bgp = new Gcp.Compute.Inputs.RouterBgpArgs\n {\n Asn = 64514,\n },\n });\n\n var vpnTunnel = new Gcp.Compute.VPNTunnel(\"vpn_tunnel\", new()\n {\n Name = \"my-router\",\n Region = subnetwork.Region,\n VpnGateway = vpnGateway.Id,\n PeerExternalGateway = externalGateway.Id,\n PeerExternalGatewayInterface = 0,\n SharedSecret = \"unguessable\",\n Router = router.Name,\n VpnGatewayInterface = 0,\n });\n\n var routerInterface = new Gcp.Compute.RouterInterface(\"router_interface\", new()\n {\n Name = \"my-router\",\n Router = router.Name,\n Region = router.Region,\n VpnTunnel = vpnTunnel.Name,\n });\n\n var rp_export = new Gcp.Compute.RouterRoutePolicy(\"rp-export\", new()\n {\n Name = \"my-router-rp-export\",\n Router = router.Name,\n Region = router.Region,\n Type = \"ROUTE_POLICY_TYPE_EXPORT\",\n Terms = new[]\n {\n new Gcp.Compute.Inputs.RouterRoutePolicyTermArgs\n {\n Priority = 2,\n Match = new Gcp.Compute.Inputs.RouterRoutePolicyTermMatchArgs\n {\n Expression = \"destination == '10.0.0.0/12'\",\n Title = \"export_expression\",\n Description = \"acceptance expression for export\",\n },\n Actions = new[]\n {\n new Gcp.Compute.Inputs.RouterRoutePolicyTermActionArgs\n {\n Expression = \"accept()\",\n },\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n routerInterface,\n },\n });\n\n var rp_import = new Gcp.Compute.RouterRoutePolicy(\"rp-import\", new()\n {\n Name = \"my-router-rp-import\",\n Router = router.Name,\n Region = router.Region,\n Type = \"ROUTE_POLICY_TYPE_IMPORT\",\n Terms = new[]\n {\n new Gcp.Compute.Inputs.RouterRoutePolicyTermArgs\n {\n Priority = 1,\n Match = new Gcp.Compute.Inputs.RouterRoutePolicyTermMatchArgs\n {\n Expression = \"destination == '10.0.0.0/12'\",\n Title = \"import_expression\",\n Description = \"acceptance expression for import\",\n },\n Actions = new[]\n {\n new Gcp.Compute.Inputs.RouterRoutePolicyTermActionArgs\n {\n Expression = \"accept()\",\n },\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n routerInterface,\n rp_export,\n },\n });\n\n var routerPeer = new Gcp.Compute.RouterPeer(\"router_peer\", new()\n {\n Name = \"my-router-peer\",\n Router = router.Name,\n Region = router.Region,\n PeerAsn = 65515,\n AdvertisedRoutePriority = 100,\n Interface = routerInterface.Name,\n Md5AuthenticationKey = new Gcp.Compute.Inputs.RouterPeerMd5AuthenticationKeyArgs\n {\n Name = \"my-router-peer-key\",\n Key = \"my-router-peer-key-value\",\n },\n ImportPolicies = new[]\n {\n rp_import.Name,\n },\n ExportPolicies = new[]\n {\n rp_export.Name,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n rp_export,\n rp_import,\n routerInterface,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"my-router-net\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubnetwork, err := compute.NewSubnetwork(ctx, \"subnetwork\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"my-router-subnet\"),\n\t\t\tNetwork: network.SelfLink,\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewAddress(ctx, \"address\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"my-router\"),\n\t\t\tRegion: subnetwork.Region,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpnGateway, err := compute.NewHaVpnGateway(ctx, \"vpn_gateway\", \u0026compute.HaVpnGatewayArgs{\n\t\t\tName: pulumi.String(\"my-router-gateway\"),\n\t\t\tNetwork: network.SelfLink,\n\t\t\tRegion: subnetwork.Region,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texternalGateway, err := compute.NewExternalVpnGateway(ctx, \"external_gateway\", \u0026compute.ExternalVpnGatewayArgs{\n\t\t\tName: pulumi.String(\"my-router-external-gateway\"),\n\t\t\tRedundancyType: pulumi.String(\"SINGLE_IP_INTERNALLY_REDUNDANT\"),\n\t\t\tDescription: pulumi.String(\"An externally managed VPN gateway\"),\n\t\t\tInterfaces: compute.ExternalVpnGatewayInterfaceArray{\n\t\t\t\t\u0026compute.ExternalVpnGatewayInterfaceArgs{\n\t\t\t\t\tId: pulumi.Int(0),\n\t\t\t\t\tIpAddress: pulumi.String(\"8.8.8.8\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trouter, err := compute.NewRouter(ctx, \"router\", \u0026compute.RouterArgs{\n\t\t\tName: pulumi.String(\"my-router\"),\n\t\t\tRegion: subnetwork.Region,\n\t\t\tNetwork: network.SelfLink,\n\t\t\tBgp: \u0026compute.RouterBgpArgs{\n\t\t\t\tAsn: pulumi.Int(64514),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpnTunnel, err := compute.NewVPNTunnel(ctx, \"vpn_tunnel\", \u0026compute.VPNTunnelArgs{\n\t\t\tName: pulumi.String(\"my-router\"),\n\t\t\tRegion: subnetwork.Region,\n\t\t\tVpnGateway: vpnGateway.ID(),\n\t\t\tPeerExternalGateway: externalGateway.ID(),\n\t\t\tPeerExternalGatewayInterface: pulumi.Int(0),\n\t\t\tSharedSecret: pulumi.String(\"unguessable\"),\n\t\t\tRouter: router.Name,\n\t\t\tVpnGatewayInterface: pulumi.Int(0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trouterInterface, err := compute.NewRouterInterface(ctx, \"router_interface\", \u0026compute.RouterInterfaceArgs{\n\t\t\tName: pulumi.String(\"my-router\"),\n\t\t\tRouter: router.Name,\n\t\t\tRegion: router.Region,\n\t\t\tVpnTunnel: vpnTunnel.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRouterRoutePolicy(ctx, \"rp-export\", \u0026compute.RouterRoutePolicyArgs{\n\t\t\tName: pulumi.String(\"my-router-rp-export\"),\n\t\t\tRouter: router.Name,\n\t\t\tRegion: router.Region,\n\t\t\tType: pulumi.String(\"ROUTE_POLICY_TYPE_EXPORT\"),\n\t\t\tTerms: compute.RouterRoutePolicyTermArray{\n\t\t\t\t\u0026compute.RouterRoutePolicyTermArgs{\n\t\t\t\t\tPriority: pulumi.Int(2),\n\t\t\t\t\tMatch: \u0026compute.RouterRoutePolicyTermMatchArgs{\n\t\t\t\t\t\tExpression: pulumi.String(\"destination == '10.0.0.0/12'\"),\n\t\t\t\t\t\tTitle: pulumi.String(\"export_expression\"),\n\t\t\t\t\t\tDescription: pulumi.String(\"acceptance expression for export\"),\n\t\t\t\t\t},\n\t\t\t\t\tActions: compute.RouterRoutePolicyTermActionArray{\n\t\t\t\t\t\t\u0026compute.RouterRoutePolicyTermActionArgs{\n\t\t\t\t\t\t\tExpression: pulumi.String(\"accept()\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\trouterInterface,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRouterRoutePolicy(ctx, \"rp-import\", \u0026compute.RouterRoutePolicyArgs{\n\t\t\tName: pulumi.String(\"my-router-rp-import\"),\n\t\t\tRouter: router.Name,\n\t\t\tRegion: router.Region,\n\t\t\tType: pulumi.String(\"ROUTE_POLICY_TYPE_IMPORT\"),\n\t\t\tTerms: compute.RouterRoutePolicyTermArray{\n\t\t\t\t\u0026compute.RouterRoutePolicyTermArgs{\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tMatch: \u0026compute.RouterRoutePolicyTermMatchArgs{\n\t\t\t\t\t\tExpression: pulumi.String(\"destination == '10.0.0.0/12'\"),\n\t\t\t\t\t\tTitle: pulumi.String(\"import_expression\"),\n\t\t\t\t\t\tDescription: pulumi.String(\"acceptance expression for import\"),\n\t\t\t\t\t},\n\t\t\t\t\tActions: compute.RouterRoutePolicyTermActionArray{\n\t\t\t\t\t\t\u0026compute.RouterRoutePolicyTermActionArgs{\n\t\t\t\t\t\t\tExpression: pulumi.String(\"accept()\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\trouterInterface,\n\t\t\trp_export,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRouterPeer(ctx, \"router_peer\", \u0026compute.RouterPeerArgs{\n\t\t\tName: pulumi.String(\"my-router-peer\"),\n\t\t\tRouter: router.Name,\n\t\t\tRegion: router.Region,\n\t\t\tPeerAsn: pulumi.Int(65515),\n\t\t\tAdvertisedRoutePriority: pulumi.Int(100),\n\t\t\tInterface: routerInterface.Name,\n\t\t\tMd5AuthenticationKey: \u0026compute.RouterPeerMd5AuthenticationKeyArgs{\n\t\t\t\tName: pulumi.String(\"my-router-peer-key\"),\n\t\t\t\tKey: pulumi.String(\"my-router-peer-key-value\"),\n\t\t\t},\n\t\t\tImportPolicies: pulumi.StringArray{\n\t\t\t\trp_import.Name,\n\t\t\t},\n\t\t\tExportPolicies: pulumi.StringArray{\n\t\t\t\trp_export.Name,\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\trp_export,\n\t\t\trp_import,\n\t\t\trouterInterface,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport com.pulumi.gcp.compute.HaVpnGateway;\nimport com.pulumi.gcp.compute.HaVpnGatewayArgs;\nimport com.pulumi.gcp.compute.ExternalVpnGateway;\nimport com.pulumi.gcp.compute.ExternalVpnGatewayArgs;\nimport com.pulumi.gcp.compute.inputs.ExternalVpnGatewayInterfaceArgs;\nimport com.pulumi.gcp.compute.Router;\nimport com.pulumi.gcp.compute.RouterArgs;\nimport com.pulumi.gcp.compute.inputs.RouterBgpArgs;\nimport com.pulumi.gcp.compute.VPNTunnel;\nimport com.pulumi.gcp.compute.VPNTunnelArgs;\nimport com.pulumi.gcp.compute.RouterInterface;\nimport com.pulumi.gcp.compute.RouterInterfaceArgs;\nimport com.pulumi.gcp.compute.RouterRoutePolicy;\nimport com.pulumi.gcp.compute.RouterRoutePolicyArgs;\nimport com.pulumi.gcp.compute.inputs.RouterRoutePolicyTermArgs;\nimport com.pulumi.gcp.compute.inputs.RouterRoutePolicyTermMatchArgs;\nimport com.pulumi.gcp.compute.RouterPeer;\nimport com.pulumi.gcp.compute.RouterPeerArgs;\nimport com.pulumi.gcp.compute.inputs.RouterPeerMd5AuthenticationKeyArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"my-router-net\")\n .autoCreateSubnetworks(false)\n .build());\n\n var subnetwork = new Subnetwork(\"subnetwork\", SubnetworkArgs.builder()\n .name(\"my-router-subnet\")\n .network(network.selfLink())\n .ipCidrRange(\"10.0.0.0/16\")\n .region(\"us-central1\")\n .build());\n\n var address = new Address(\"address\", AddressArgs.builder()\n .name(\"my-router\")\n .region(subnetwork.region())\n .build());\n\n var vpnGateway = new HaVpnGateway(\"vpnGateway\", HaVpnGatewayArgs.builder()\n .name(\"my-router-gateway\")\n .network(network.selfLink())\n .region(subnetwork.region())\n .build());\n\n var externalGateway = new ExternalVpnGateway(\"externalGateway\", ExternalVpnGatewayArgs.builder()\n .name(\"my-router-external-gateway\")\n .redundancyType(\"SINGLE_IP_INTERNALLY_REDUNDANT\")\n .description(\"An externally managed VPN gateway\")\n .interfaces(ExternalVpnGatewayInterfaceArgs.builder()\n .id(0)\n .ipAddress(\"8.8.8.8\")\n .build())\n .build());\n\n var router = new Router(\"router\", RouterArgs.builder()\n .name(\"my-router\")\n .region(subnetwork.region())\n .network(network.selfLink())\n .bgp(RouterBgpArgs.builder()\n .asn(64514)\n .build())\n .build());\n\n var vpnTunnel = new VPNTunnel(\"vpnTunnel\", VPNTunnelArgs.builder()\n .name(\"my-router\")\n .region(subnetwork.region())\n .vpnGateway(vpnGateway.id())\n .peerExternalGateway(externalGateway.id())\n .peerExternalGatewayInterface(0)\n .sharedSecret(\"unguessable\")\n .router(router.name())\n .vpnGatewayInterface(0)\n .build());\n\n var routerInterface = new RouterInterface(\"routerInterface\", RouterInterfaceArgs.builder()\n .name(\"my-router\")\n .router(router.name())\n .region(router.region())\n .vpnTunnel(vpnTunnel.name())\n .build());\n\n var rp_export = new RouterRoutePolicy(\"rp-export\", RouterRoutePolicyArgs.builder()\n .name(\"my-router-rp-export\")\n .router(router.name())\n .region(router.region())\n .type(\"ROUTE_POLICY_TYPE_EXPORT\")\n .terms(RouterRoutePolicyTermArgs.builder()\n .priority(2)\n .match(RouterRoutePolicyTermMatchArgs.builder()\n .expression(\"destination == '10.0.0.0/12'\")\n .title(\"export_expression\")\n .description(\"acceptance expression for export\")\n .build())\n .actions(RouterRoutePolicyTermActionArgs.builder()\n .expression(\"accept()\")\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(routerInterface)\n .build());\n\n var rp_import = new RouterRoutePolicy(\"rp-import\", RouterRoutePolicyArgs.builder()\n .name(\"my-router-rp-import\")\n .router(router.name())\n .region(router.region())\n .type(\"ROUTE_POLICY_TYPE_IMPORT\")\n .terms(RouterRoutePolicyTermArgs.builder()\n .priority(1)\n .match(RouterRoutePolicyTermMatchArgs.builder()\n .expression(\"destination == '10.0.0.0/12'\")\n .title(\"import_expression\")\n .description(\"acceptance expression for import\")\n .build())\n .actions(RouterRoutePolicyTermActionArgs.builder()\n .expression(\"accept()\")\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n routerInterface,\n rp_export)\n .build());\n\n var routerPeer = new RouterPeer(\"routerPeer\", RouterPeerArgs.builder()\n .name(\"my-router-peer\")\n .router(router.name())\n .region(router.region())\n .peerAsn(65515)\n .advertisedRoutePriority(100)\n .interface_(routerInterface.name())\n .md5AuthenticationKey(RouterPeerMd5AuthenticationKeyArgs.builder()\n .name(\"my-router-peer-key\")\n .key(\"my-router-peer-key-value\")\n .build())\n .importPolicies(rp_import.name())\n .exportPolicies(rp_export.name())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n rp_export,\n rp_import,\n routerInterface)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n network:\n type: gcp:compute:Network\n properties:\n name: my-router-net\n autoCreateSubnetworks: false\n subnetwork:\n type: gcp:compute:Subnetwork\n properties:\n name: my-router-subnet\n network: ${network.selfLink}\n ipCidrRange: 10.0.0.0/16\n region: us-central1\n address:\n type: gcp:compute:Address\n properties:\n name: my-router\n region: ${subnetwork.region}\n vpnGateway:\n type: gcp:compute:HaVpnGateway\n name: vpn_gateway\n properties:\n name: my-router-gateway\n network: ${network.selfLink}\n region: ${subnetwork.region}\n externalGateway:\n type: gcp:compute:ExternalVpnGateway\n name: external_gateway\n properties:\n name: my-router-external-gateway\n redundancyType: SINGLE_IP_INTERNALLY_REDUNDANT\n description: An externally managed VPN gateway\n interfaces:\n - id: 0\n ipAddress: 8.8.8.8\n router:\n type: gcp:compute:Router\n properties:\n name: my-router\n region: ${subnetwork.region}\n network: ${network.selfLink}\n bgp:\n asn: 64514\n vpnTunnel:\n type: gcp:compute:VPNTunnel\n name: vpn_tunnel\n properties:\n name: my-router\n region: ${subnetwork.region}\n vpnGateway: ${vpnGateway.id}\n peerExternalGateway: ${externalGateway.id}\n peerExternalGatewayInterface: 0\n sharedSecret: unguessable\n router: ${router.name}\n vpnGatewayInterface: 0\n routerInterface:\n type: gcp:compute:RouterInterface\n name: router_interface\n properties:\n name: my-router\n router: ${router.name}\n region: ${router.region}\n vpnTunnel: ${vpnTunnel.name}\n rp-export:\n type: gcp:compute:RouterRoutePolicy\n properties:\n name: my-router-rp-export\n router: ${router.name}\n region: ${router.region}\n type: ROUTE_POLICY_TYPE_EXPORT\n terms:\n - priority: 2\n match:\n expression: destination == '10.0.0.0/12'\n title: export_expression\n description: acceptance expression for export\n actions:\n - expression: accept()\n options:\n dependson:\n - ${routerInterface}\n rp-import:\n type: gcp:compute:RouterRoutePolicy\n properties:\n name: my-router-rp-import\n router: ${router.name}\n region: ${router.region}\n type: ROUTE_POLICY_TYPE_IMPORT\n terms:\n - priority: 1\n match:\n expression: destination == '10.0.0.0/12'\n title: import_expression\n description: acceptance expression for import\n actions:\n - expression: accept()\n options:\n dependson:\n - ${routerInterface}\n - ${[\"rp-export\"]}\n routerPeer:\n type: gcp:compute:RouterPeer\n name: router_peer\n properties:\n name: my-router-peer\n router: ${router.name}\n region: ${router.region}\n peerAsn: 65515\n advertisedRoutePriority: 100\n interface: ${routerInterface.name}\n md5AuthenticationKey:\n name: my-router-peer-key\n key: my-router-peer-key-value\n importPolicies:\n - ${[\"rp-import\"].name}\n exportPolicies:\n - ${[\"rp-export\"].name}\n options:\n dependson:\n - ${[\"rp-export\"]}\n - ${[\"rp-import\"]}\n - ${routerInterface}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRouterBgpPeer can be imported using any of these accepted formats:\n\n* `projects/{{project}}/regions/{{region}}/routers/{{router}}/{{name}}`\n\n* `{{project}}/{{region}}/{{router}}/{{name}}`\n\n* `{{region}}/{{router}}/{{name}}`\n\n* `{{router}}/{{name}}`\n\nWhen using the `pulumi import` command, RouterBgpPeer can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/routerPeer:RouterPeer default projects/{{project}}/regions/{{region}}/routers/{{router}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/routerPeer:RouterPeer default {{project}}/{{region}}/{{router}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/routerPeer:RouterPeer default {{region}}/{{router}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/routerPeer:RouterPeer default {{router}}/{{name}}\n```\n\n", + "description": "BGP information that must be configured into the routing stack to\nestablish BGP peering. This information must specify the peer ASN\nand either the interface name, IP address, or peer IP address.\nPlease refer to RFC4273.\n\n\nTo get more information about RouterBgpPeer, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/routers)\n* How-to Guides\n * [Google Cloud Router](https://cloud.google.com/router/docs/)\n\n## Example Usage\n\n### Router Peer Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst peer = new gcp.compute.RouterPeer(\"peer\", {\n name: \"my-router-peer\",\n router: \"my-router\",\n region: \"us-central1\",\n peerAsn: 65513,\n advertisedRoutePriority: 100,\n \"interface\": \"interface-1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npeer = gcp.compute.RouterPeer(\"peer\",\n name=\"my-router-peer\",\n router=\"my-router\",\n region=\"us-central1\",\n peer_asn=65513,\n advertised_route_priority=100,\n interface=\"interface-1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var peer = new Gcp.Compute.RouterPeer(\"peer\", new()\n {\n Name = \"my-router-peer\",\n Router = \"my-router\",\n Region = \"us-central1\",\n PeerAsn = 65513,\n AdvertisedRoutePriority = 100,\n Interface = \"interface-1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRouterPeer(ctx, \"peer\", \u0026compute.RouterPeerArgs{\n\t\t\tName: pulumi.String(\"my-router-peer\"),\n\t\t\tRouter: pulumi.String(\"my-router\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tPeerAsn: pulumi.Int(65513),\n\t\t\tAdvertisedRoutePriority: pulumi.Int(100),\n\t\t\tInterface: pulumi.String(\"interface-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RouterPeer;\nimport com.pulumi.gcp.compute.RouterPeerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var peer = new RouterPeer(\"peer\", RouterPeerArgs.builder()\n .name(\"my-router-peer\")\n .router(\"my-router\")\n .region(\"us-central1\")\n .peerAsn(65513)\n .advertisedRoutePriority(100)\n .interface_(\"interface-1\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n peer:\n type: gcp:compute:RouterPeer\n properties:\n name: my-router-peer\n router: my-router\n region: us-central1\n peerAsn: 65513\n advertisedRoutePriority: 100\n interface: interface-1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Router Peer Disabled\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst peer = new gcp.compute.RouterPeer(\"peer\", {\n name: \"my-router-peer\",\n router: \"my-router\",\n region: \"us-central1\",\n peerIpAddress: \"169.254.1.2\",\n peerAsn: 65513,\n advertisedRoutePriority: 100,\n \"interface\": \"interface-1\",\n enable: false,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npeer = gcp.compute.RouterPeer(\"peer\",\n name=\"my-router-peer\",\n router=\"my-router\",\n region=\"us-central1\",\n peer_ip_address=\"169.254.1.2\",\n peer_asn=65513,\n advertised_route_priority=100,\n interface=\"interface-1\",\n enable=False)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var peer = new Gcp.Compute.RouterPeer(\"peer\", new()\n {\n Name = \"my-router-peer\",\n Router = \"my-router\",\n Region = \"us-central1\",\n PeerIpAddress = \"169.254.1.2\",\n PeerAsn = 65513,\n AdvertisedRoutePriority = 100,\n Interface = \"interface-1\",\n Enable = false,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRouterPeer(ctx, \"peer\", \u0026compute.RouterPeerArgs{\n\t\t\tName: pulumi.String(\"my-router-peer\"),\n\t\t\tRouter: pulumi.String(\"my-router\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tPeerIpAddress: pulumi.String(\"169.254.1.2\"),\n\t\t\tPeerAsn: pulumi.Int(65513),\n\t\t\tAdvertisedRoutePriority: pulumi.Int(100),\n\t\t\tInterface: pulumi.String(\"interface-1\"),\n\t\t\tEnable: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RouterPeer;\nimport com.pulumi.gcp.compute.RouterPeerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var peer = new RouterPeer(\"peer\", RouterPeerArgs.builder()\n .name(\"my-router-peer\")\n .router(\"my-router\")\n .region(\"us-central1\")\n .peerIpAddress(\"169.254.1.2\")\n .peerAsn(65513)\n .advertisedRoutePriority(100)\n .interface_(\"interface-1\")\n .enable(false)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n peer:\n type: gcp:compute:RouterPeer\n properties:\n name: my-router-peer\n router: my-router\n region: us-central1\n peerIpAddress: 169.254.1.2\n peerAsn: 65513\n advertisedRoutePriority: 100\n interface: interface-1\n enable: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Router Peer Bfd\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst peer = new gcp.compute.RouterPeer(\"peer\", {\n name: \"my-router-peer\",\n router: \"my-router\",\n region: \"us-central1\",\n peerIpAddress: \"169.254.1.2\",\n peerAsn: 65513,\n advertisedRoutePriority: 100,\n \"interface\": \"interface-1\",\n bfd: {\n minReceiveInterval: 1000,\n minTransmitInterval: 1000,\n multiplier: 5,\n sessionInitializationMode: \"ACTIVE\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npeer = gcp.compute.RouterPeer(\"peer\",\n name=\"my-router-peer\",\n router=\"my-router\",\n region=\"us-central1\",\n peer_ip_address=\"169.254.1.2\",\n peer_asn=65513,\n advertised_route_priority=100,\n interface=\"interface-1\",\n bfd={\n \"min_receive_interval\": 1000,\n \"min_transmit_interval\": 1000,\n \"multiplier\": 5,\n \"session_initialization_mode\": \"ACTIVE\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var peer = new Gcp.Compute.RouterPeer(\"peer\", new()\n {\n Name = \"my-router-peer\",\n Router = \"my-router\",\n Region = \"us-central1\",\n PeerIpAddress = \"169.254.1.2\",\n PeerAsn = 65513,\n AdvertisedRoutePriority = 100,\n Interface = \"interface-1\",\n Bfd = new Gcp.Compute.Inputs.RouterPeerBfdArgs\n {\n MinReceiveInterval = 1000,\n MinTransmitInterval = 1000,\n Multiplier = 5,\n SessionInitializationMode = \"ACTIVE\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRouterPeer(ctx, \"peer\", \u0026compute.RouterPeerArgs{\n\t\t\tName: pulumi.String(\"my-router-peer\"),\n\t\t\tRouter: pulumi.String(\"my-router\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tPeerIpAddress: pulumi.String(\"169.254.1.2\"),\n\t\t\tPeerAsn: pulumi.Int(65513),\n\t\t\tAdvertisedRoutePriority: pulumi.Int(100),\n\t\t\tInterface: pulumi.String(\"interface-1\"),\n\t\t\tBfd: \u0026compute.RouterPeerBfdArgs{\n\t\t\t\tMinReceiveInterval: pulumi.Int(1000),\n\t\t\t\tMinTransmitInterval: pulumi.Int(1000),\n\t\t\t\tMultiplier: pulumi.Int(5),\n\t\t\t\tSessionInitializationMode: pulumi.String(\"ACTIVE\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RouterPeer;\nimport com.pulumi.gcp.compute.RouterPeerArgs;\nimport com.pulumi.gcp.compute.inputs.RouterPeerBfdArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var peer = new RouterPeer(\"peer\", RouterPeerArgs.builder()\n .name(\"my-router-peer\")\n .router(\"my-router\")\n .region(\"us-central1\")\n .peerIpAddress(\"169.254.1.2\")\n .peerAsn(65513)\n .advertisedRoutePriority(100)\n .interface_(\"interface-1\")\n .bfd(RouterPeerBfdArgs.builder()\n .minReceiveInterval(1000)\n .minTransmitInterval(1000)\n .multiplier(5)\n .sessionInitializationMode(\"ACTIVE\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n peer:\n type: gcp:compute:RouterPeer\n properties:\n name: my-router-peer\n router: my-router\n region: us-central1\n peerIpAddress: 169.254.1.2\n peerAsn: 65513\n advertisedRoutePriority: 100\n interface: interface-1\n bfd:\n minReceiveInterval: 1000\n minTransmitInterval: 1000\n multiplier: 5\n sessionInitializationMode: ACTIVE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Router Peer Router Appliance\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network = new gcp.compute.Network(\"network\", {\n name: \"my-router-net\",\n autoCreateSubnetworks: false,\n});\nconst subnetwork = new gcp.compute.Subnetwork(\"subnetwork\", {\n name: \"my-router-sub\",\n network: network.selfLink,\n ipCidrRange: \"10.0.0.0/16\",\n region: \"us-central1\",\n});\nconst addrIntf = new gcp.compute.Address(\"addr_intf\", {\n name: \"my-router-addr-intf\",\n region: subnetwork.region,\n subnetwork: subnetwork.id,\n addressType: \"INTERNAL\",\n});\nconst addrIntfRedundant = new gcp.compute.Address(\"addr_intf_redundant\", {\n name: \"my-router-addr-intf-red\",\n region: subnetwork.region,\n subnetwork: subnetwork.id,\n addressType: \"INTERNAL\",\n});\nconst addrPeer = new gcp.compute.Address(\"addr_peer\", {\n name: \"my-router-addr-peer\",\n region: subnetwork.region,\n subnetwork: subnetwork.id,\n addressType: \"INTERNAL\",\n});\nconst instance = new gcp.compute.Instance(\"instance\", {\n name: \"router-appliance\",\n zone: \"us-central1-a\",\n machineType: \"e2-medium\",\n canIpForward: true,\n bootDisk: {\n initializeParams: {\n image: \"debian-cloud/debian-11\",\n },\n },\n networkInterfaces: [{\n networkIp: addrPeer.address,\n subnetwork: subnetwork.selfLink,\n }],\n});\nconst hub = new gcp.networkconnectivity.Hub(\"hub\", {name: \"my-router-hub\"});\nconst spoke = new gcp.networkconnectivity.Spoke(\"spoke\", {\n name: \"my-router-spoke\",\n location: subnetwork.region,\n hub: hub.id,\n linkedRouterApplianceInstances: {\n instances: [{\n virtualMachine: instance.selfLink,\n ipAddress: addrPeer.address,\n }],\n siteToSiteDataTransfer: false,\n },\n});\nconst router = new gcp.compute.Router(\"router\", {\n name: \"my-router-router\",\n region: subnetwork.region,\n network: network.selfLink,\n bgp: {\n asn: 64514,\n },\n});\nconst interfaceRedundant = new gcp.compute.RouterInterface(\"interface_redundant\", {\n name: \"my-router-intf-red\",\n region: router.region,\n router: router.name,\n subnetwork: subnetwork.selfLink,\n privateIpAddress: addrIntfRedundant.address,\n});\nconst _interface = new gcp.compute.RouterInterface(\"interface\", {\n name: \"my-router-intf\",\n region: router.region,\n router: router.name,\n subnetwork: subnetwork.selfLink,\n privateIpAddress: addrIntf.address,\n redundantInterface: interfaceRedundant.name,\n});\nconst peer = new gcp.compute.RouterPeer(\"peer\", {\n name: \"my-router-peer\",\n router: router.name,\n region: router.region,\n \"interface\": _interface.name,\n routerApplianceInstance: instance.selfLink,\n peerAsn: 65513,\n peerIpAddress: addrPeer.address,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork = gcp.compute.Network(\"network\",\n name=\"my-router-net\",\n auto_create_subnetworks=False)\nsubnetwork = gcp.compute.Subnetwork(\"subnetwork\",\n name=\"my-router-sub\",\n network=network.self_link,\n ip_cidr_range=\"10.0.0.0/16\",\n region=\"us-central1\")\naddr_intf = gcp.compute.Address(\"addr_intf\",\n name=\"my-router-addr-intf\",\n region=subnetwork.region,\n subnetwork=subnetwork.id,\n address_type=\"INTERNAL\")\naddr_intf_redundant = gcp.compute.Address(\"addr_intf_redundant\",\n name=\"my-router-addr-intf-red\",\n region=subnetwork.region,\n subnetwork=subnetwork.id,\n address_type=\"INTERNAL\")\naddr_peer = gcp.compute.Address(\"addr_peer\",\n name=\"my-router-addr-peer\",\n region=subnetwork.region,\n subnetwork=subnetwork.id,\n address_type=\"INTERNAL\")\ninstance = gcp.compute.Instance(\"instance\",\n name=\"router-appliance\",\n zone=\"us-central1-a\",\n machine_type=\"e2-medium\",\n can_ip_forward=True,\n boot_disk={\n \"initialize_params\": {\n \"image\": \"debian-cloud/debian-11\",\n },\n },\n network_interfaces=[{\n \"network_ip\": addr_peer.address,\n \"subnetwork\": subnetwork.self_link,\n }])\nhub = gcp.networkconnectivity.Hub(\"hub\", name=\"my-router-hub\")\nspoke = gcp.networkconnectivity.Spoke(\"spoke\",\n name=\"my-router-spoke\",\n location=subnetwork.region,\n hub=hub.id,\n linked_router_appliance_instances={\n \"instances\": [{\n \"virtual_machine\": instance.self_link,\n \"ip_address\": addr_peer.address,\n }],\n \"site_to_site_data_transfer\": False,\n })\nrouter = gcp.compute.Router(\"router\",\n name=\"my-router-router\",\n region=subnetwork.region,\n network=network.self_link,\n bgp={\n \"asn\": 64514,\n })\ninterface_redundant = gcp.compute.RouterInterface(\"interface_redundant\",\n name=\"my-router-intf-red\",\n region=router.region,\n router=router.name,\n subnetwork=subnetwork.self_link,\n private_ip_address=addr_intf_redundant.address)\ninterface = gcp.compute.RouterInterface(\"interface\",\n name=\"my-router-intf\",\n region=router.region,\n router=router.name,\n subnetwork=subnetwork.self_link,\n private_ip_address=addr_intf.address,\n redundant_interface=interface_redundant.name)\npeer = gcp.compute.RouterPeer(\"peer\",\n name=\"my-router-peer\",\n router=router.name,\n region=router.region,\n interface=interface.name,\n router_appliance_instance=instance.self_link,\n peer_asn=65513,\n peer_ip_address=addr_peer.address)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"my-router-net\",\n AutoCreateSubnetworks = false,\n });\n\n var subnetwork = new Gcp.Compute.Subnetwork(\"subnetwork\", new()\n {\n Name = \"my-router-sub\",\n Network = network.SelfLink,\n IpCidrRange = \"10.0.0.0/16\",\n Region = \"us-central1\",\n });\n\n var addrIntf = new Gcp.Compute.Address(\"addr_intf\", new()\n {\n Name = \"my-router-addr-intf\",\n Region = subnetwork.Region,\n Subnetwork = subnetwork.Id,\n AddressType = \"INTERNAL\",\n });\n\n var addrIntfRedundant = new Gcp.Compute.Address(\"addr_intf_redundant\", new()\n {\n Name = \"my-router-addr-intf-red\",\n Region = subnetwork.Region,\n Subnetwork = subnetwork.Id,\n AddressType = \"INTERNAL\",\n });\n\n var addrPeer = new Gcp.Compute.Address(\"addr_peer\", new()\n {\n Name = \"my-router-addr-peer\",\n Region = subnetwork.Region,\n Subnetwork = subnetwork.Id,\n AddressType = \"INTERNAL\",\n });\n\n var instance = new Gcp.Compute.Instance(\"instance\", new()\n {\n Name = \"router-appliance\",\n Zone = \"us-central1-a\",\n MachineType = \"e2-medium\",\n CanIpForward = true,\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = \"debian-cloud/debian-11\",\n },\n },\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs\n {\n NetworkIp = addrPeer.IPAddress,\n Subnetwork = subnetwork.SelfLink,\n },\n },\n });\n\n var hub = new Gcp.NetworkConnectivity.Hub(\"hub\", new()\n {\n Name = \"my-router-hub\",\n });\n\n var spoke = new Gcp.NetworkConnectivity.Spoke(\"spoke\", new()\n {\n Name = \"my-router-spoke\",\n Location = subnetwork.Region,\n Hub = hub.Id,\n LinkedRouterApplianceInstances = new Gcp.NetworkConnectivity.Inputs.SpokeLinkedRouterApplianceInstancesArgs\n {\n Instances = new[]\n {\n new Gcp.NetworkConnectivity.Inputs.SpokeLinkedRouterApplianceInstancesInstanceArgs\n {\n VirtualMachine = instance.SelfLink,\n IpAddress = addrPeer.IPAddress,\n },\n },\n SiteToSiteDataTransfer = false,\n },\n });\n\n var router = new Gcp.Compute.Router(\"router\", new()\n {\n Name = \"my-router-router\",\n Region = subnetwork.Region,\n Network = network.SelfLink,\n Bgp = new Gcp.Compute.Inputs.RouterBgpArgs\n {\n Asn = 64514,\n },\n });\n\n var interfaceRedundant = new Gcp.Compute.RouterInterface(\"interface_redundant\", new()\n {\n Name = \"my-router-intf-red\",\n Region = router.Region,\n Router = router.Name,\n Subnetwork = subnetwork.SelfLink,\n PrivateIpAddress = addrIntfRedundant.IPAddress,\n });\n\n var @interface = new Gcp.Compute.RouterInterface(\"interface\", new()\n {\n Name = \"my-router-intf\",\n Region = router.Region,\n Router = router.Name,\n Subnetwork = subnetwork.SelfLink,\n PrivateIpAddress = addrIntf.IPAddress,\n RedundantInterface = interfaceRedundant.Name,\n });\n\n var peer = new Gcp.Compute.RouterPeer(\"peer\", new()\n {\n Name = \"my-router-peer\",\n Router = router.Name,\n Region = router.Region,\n Interface = @interface.Name,\n RouterApplianceInstance = instance.SelfLink,\n PeerAsn = 65513,\n PeerIpAddress = addrPeer.IPAddress,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\nName: pulumi.String(\"my-router-net\"),\nAutoCreateSubnetworks: pulumi.Bool(false),\n})\nif err != nil {\nreturn err\n}\nsubnetwork, err := compute.NewSubnetwork(ctx, \"subnetwork\", \u0026compute.SubnetworkArgs{\nName: pulumi.String(\"my-router-sub\"),\nNetwork: network.SelfLink,\nIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\nRegion: pulumi.String(\"us-central1\"),\n})\nif err != nil {\nreturn err\n}\naddrIntf, err := compute.NewAddress(ctx, \"addr_intf\", \u0026compute.AddressArgs{\nName: pulumi.String(\"my-router-addr-intf\"),\nRegion: subnetwork.Region,\nSubnetwork: subnetwork.ID(),\nAddressType: pulumi.String(\"INTERNAL\"),\n})\nif err != nil {\nreturn err\n}\naddrIntfRedundant, err := compute.NewAddress(ctx, \"addr_intf_redundant\", \u0026compute.AddressArgs{\nName: pulumi.String(\"my-router-addr-intf-red\"),\nRegion: subnetwork.Region,\nSubnetwork: subnetwork.ID(),\nAddressType: pulumi.String(\"INTERNAL\"),\n})\nif err != nil {\nreturn err\n}\naddrPeer, err := compute.NewAddress(ctx, \"addr_peer\", \u0026compute.AddressArgs{\nName: pulumi.String(\"my-router-addr-peer\"),\nRegion: subnetwork.Region,\nSubnetwork: subnetwork.ID(),\nAddressType: pulumi.String(\"INTERNAL\"),\n})\nif err != nil {\nreturn err\n}\ninstance, err := compute.NewInstance(ctx, \"instance\", \u0026compute.InstanceArgs{\nName: pulumi.String(\"router-appliance\"),\nZone: pulumi.String(\"us-central1-a\"),\nMachineType: pulumi.String(\"e2-medium\"),\nCanIpForward: pulumi.Bool(true),\nBootDisk: \u0026compute.InstanceBootDiskArgs{\nInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\nImage: pulumi.String(\"debian-cloud/debian-11\"),\n},\n},\nNetworkInterfaces: compute.InstanceNetworkInterfaceArray{\n\u0026compute.InstanceNetworkInterfaceArgs{\nNetworkIp: addrPeer.Address,\nSubnetwork: subnetwork.SelfLink,\n},\n},\n})\nif err != nil {\nreturn err\n}\nhub, err := networkconnectivity.NewHub(ctx, \"hub\", \u0026networkconnectivity.HubArgs{\nName: pulumi.String(\"my-router-hub\"),\n})\nif err != nil {\nreturn err\n}\n_, err = networkconnectivity.NewSpoke(ctx, \"spoke\", \u0026networkconnectivity.SpokeArgs{\nName: pulumi.String(\"my-router-spoke\"),\nLocation: subnetwork.Region,\nHub: hub.ID(),\nLinkedRouterApplianceInstances: \u0026networkconnectivity.SpokeLinkedRouterApplianceInstancesArgs{\nInstances: networkconnectivity.SpokeLinkedRouterApplianceInstancesInstanceArray{\n\u0026networkconnectivity.SpokeLinkedRouterApplianceInstancesInstanceArgs{\nVirtualMachine: instance.SelfLink,\nIpAddress: addrPeer.Address,\n},\n},\nSiteToSiteDataTransfer: pulumi.Bool(false),\n},\n})\nif err != nil {\nreturn err\n}\nrouter, err := compute.NewRouter(ctx, \"router\", \u0026compute.RouterArgs{\nName: pulumi.String(\"my-router-router\"),\nRegion: subnetwork.Region,\nNetwork: network.SelfLink,\nBgp: \u0026compute.RouterBgpArgs{\nAsn: pulumi.Int(64514),\n},\n})\nif err != nil {\nreturn err\n}\ninterfaceRedundant, err := compute.NewRouterInterface(ctx, \"interface_redundant\", \u0026compute.RouterInterfaceArgs{\nName: pulumi.String(\"my-router-intf-red\"),\nRegion: router.Region,\nRouter: router.Name,\nSubnetwork: subnetwork.SelfLink,\nPrivateIpAddress: addrIntfRedundant.Address,\n})\nif err != nil {\nreturn err\n}\ninterface, err := compute.NewRouterInterface(ctx, \"interface\", \u0026compute.RouterInterfaceArgs{\nName: pulumi.String(\"my-router-intf\"),\nRegion: router.Region,\nRouter: router.Name,\nSubnetwork: subnetwork.SelfLink,\nPrivateIpAddress: addrIntf.Address,\nRedundantInterface: interfaceRedundant.Name,\n})\nif err != nil {\nreturn err\n}\n_, err = compute.NewRouterPeer(ctx, \"peer\", \u0026compute.RouterPeerArgs{\nName: pulumi.String(\"my-router-peer\"),\nRouter: router.Name,\nRegion: router.Region,\nInterface: interface.Name,\nRouterApplianceInstance: instance.SelfLink,\nPeerAsn: pulumi.Int(65513),\nPeerIpAddress: addrPeer.Address,\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;\nimport com.pulumi.gcp.networkconnectivity.Hub;\nimport com.pulumi.gcp.networkconnectivity.HubArgs;\nimport com.pulumi.gcp.networkconnectivity.Spoke;\nimport com.pulumi.gcp.networkconnectivity.SpokeArgs;\nimport com.pulumi.gcp.networkconnectivity.inputs.SpokeLinkedRouterApplianceInstancesArgs;\nimport com.pulumi.gcp.compute.Router;\nimport com.pulumi.gcp.compute.RouterArgs;\nimport com.pulumi.gcp.compute.inputs.RouterBgpArgs;\nimport com.pulumi.gcp.compute.RouterInterface;\nimport com.pulumi.gcp.compute.RouterInterfaceArgs;\nimport com.pulumi.gcp.compute.RouterPeer;\nimport com.pulumi.gcp.compute.RouterPeerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"my-router-net\")\n .autoCreateSubnetworks(false)\n .build());\n\n var subnetwork = new Subnetwork(\"subnetwork\", SubnetworkArgs.builder()\n .name(\"my-router-sub\")\n .network(network.selfLink())\n .ipCidrRange(\"10.0.0.0/16\")\n .region(\"us-central1\")\n .build());\n\n var addrIntf = new Address(\"addrIntf\", AddressArgs.builder()\n .name(\"my-router-addr-intf\")\n .region(subnetwork.region())\n .subnetwork(subnetwork.id())\n .addressType(\"INTERNAL\")\n .build());\n\n var addrIntfRedundant = new Address(\"addrIntfRedundant\", AddressArgs.builder()\n .name(\"my-router-addr-intf-red\")\n .region(subnetwork.region())\n .subnetwork(subnetwork.id())\n .addressType(\"INTERNAL\")\n .build());\n\n var addrPeer = new Address(\"addrPeer\", AddressArgs.builder()\n .name(\"my-router-addr-peer\")\n .region(subnetwork.region())\n .subnetwork(subnetwork.id())\n .addressType(\"INTERNAL\")\n .build());\n\n var instance = new Instance(\"instance\", InstanceArgs.builder()\n .name(\"router-appliance\")\n .zone(\"us-central1-a\")\n .machineType(\"e2-medium\")\n .canIpForward(true)\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(\"debian-cloud/debian-11\")\n .build())\n .build())\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .networkIp(addrPeer.address())\n .subnetwork(subnetwork.selfLink())\n .build())\n .build());\n\n var hub = new Hub(\"hub\", HubArgs.builder()\n .name(\"my-router-hub\")\n .build());\n\n var spoke = new Spoke(\"spoke\", SpokeArgs.builder()\n .name(\"my-router-spoke\")\n .location(subnetwork.region())\n .hub(hub.id())\n .linkedRouterApplianceInstances(SpokeLinkedRouterApplianceInstancesArgs.builder()\n .instances(SpokeLinkedRouterApplianceInstancesInstanceArgs.builder()\n .virtualMachine(instance.selfLink())\n .ipAddress(addrPeer.address())\n .build())\n .siteToSiteDataTransfer(false)\n .build())\n .build());\n\n var router = new Router(\"router\", RouterArgs.builder()\n .name(\"my-router-router\")\n .region(subnetwork.region())\n .network(network.selfLink())\n .bgp(RouterBgpArgs.builder()\n .asn(64514)\n .build())\n .build());\n\n var interfaceRedundant = new RouterInterface(\"interfaceRedundant\", RouterInterfaceArgs.builder()\n .name(\"my-router-intf-red\")\n .region(router.region())\n .router(router.name())\n .subnetwork(subnetwork.selfLink())\n .privateIpAddress(addrIntfRedundant.address())\n .build());\n\n var interface_ = new RouterInterface(\"interface\", RouterInterfaceArgs.builder()\n .name(\"my-router-intf\")\n .region(router.region())\n .router(router.name())\n .subnetwork(subnetwork.selfLink())\n .privateIpAddress(addrIntf.address())\n .redundantInterface(interfaceRedundant.name())\n .build());\n\n var peer = new RouterPeer(\"peer\", RouterPeerArgs.builder()\n .name(\"my-router-peer\")\n .router(router.name())\n .region(router.region())\n .interface_(interface_.name())\n .routerApplianceInstance(instance.selfLink())\n .peerAsn(65513)\n .peerIpAddress(addrPeer.address())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n network:\n type: gcp:compute:Network\n properties:\n name: my-router-net\n autoCreateSubnetworks: false\n subnetwork:\n type: gcp:compute:Subnetwork\n properties:\n name: my-router-sub\n network: ${network.selfLink}\n ipCidrRange: 10.0.0.0/16\n region: us-central1\n addrIntf:\n type: gcp:compute:Address\n name: addr_intf\n properties:\n name: my-router-addr-intf\n region: ${subnetwork.region}\n subnetwork: ${subnetwork.id}\n addressType: INTERNAL\n addrIntfRedundant:\n type: gcp:compute:Address\n name: addr_intf_redundant\n properties:\n name: my-router-addr-intf-red\n region: ${subnetwork.region}\n subnetwork: ${subnetwork.id}\n addressType: INTERNAL\n addrPeer:\n type: gcp:compute:Address\n name: addr_peer\n properties:\n name: my-router-addr-peer\n region: ${subnetwork.region}\n subnetwork: ${subnetwork.id}\n addressType: INTERNAL\n instance:\n type: gcp:compute:Instance\n properties:\n name: router-appliance\n zone: us-central1-a\n machineType: e2-medium\n canIpForward: true\n bootDisk:\n initializeParams:\n image: debian-cloud/debian-11\n networkInterfaces:\n - networkIp: ${addrPeer.address}\n subnetwork: ${subnetwork.selfLink}\n hub:\n type: gcp:networkconnectivity:Hub\n properties:\n name: my-router-hub\n spoke:\n type: gcp:networkconnectivity:Spoke\n properties:\n name: my-router-spoke\n location: ${subnetwork.region}\n hub: ${hub.id}\n linkedRouterApplianceInstances:\n instances:\n - virtualMachine: ${instance.selfLink}\n ipAddress: ${addrPeer.address}\n siteToSiteDataTransfer: false\n router:\n type: gcp:compute:Router\n properties:\n name: my-router-router\n region: ${subnetwork.region}\n network: ${network.selfLink}\n bgp:\n asn: 64514\n interfaceRedundant:\n type: gcp:compute:RouterInterface\n name: interface_redundant\n properties:\n name: my-router-intf-red\n region: ${router.region}\n router: ${router.name}\n subnetwork: ${subnetwork.selfLink}\n privateIpAddress: ${addrIntfRedundant.address}\n interface:\n type: gcp:compute:RouterInterface\n properties:\n name: my-router-intf\n region: ${router.region}\n router: ${router.name}\n subnetwork: ${subnetwork.selfLink}\n privateIpAddress: ${addrIntf.address}\n redundantInterface: ${interfaceRedundant.name}\n peer:\n type: gcp:compute:RouterPeer\n properties:\n name: my-router-peer\n router: ${router.name}\n region: ${router.region}\n interface: ${interface.name}\n routerApplianceInstance: ${instance.selfLink}\n peerAsn: 65513\n peerIpAddress: ${addrPeer.address}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Router Peer Md5 Authentication Key\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foobar = new gcp.compute.RouterPeer(\"foobar\", {\n name: \"%s-peer\",\n router: foobarGoogleComputeRouter.name,\n region: foobarGoogleComputeRouter.region,\n peerAsn: 65515,\n advertisedRoutePriority: 100,\n \"interface\": foobarGoogleComputeRouterInterface.name,\n peerIpAddress: \"169.254.3.2\",\n md5AuthenticationKey: {\n name: \"%s-peer-key\",\n key: \"%s-peer-key-value\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoobar = gcp.compute.RouterPeer(\"foobar\",\n name=\"%s-peer\",\n router=foobar_google_compute_router[\"name\"],\n region=foobar_google_compute_router[\"region\"],\n peer_asn=65515,\n advertised_route_priority=100,\n interface=foobar_google_compute_router_interface[\"name\"],\n peer_ip_address=\"169.254.3.2\",\n md5_authentication_key={\n \"name\": \"%s-peer-key\",\n \"key\": \"%s-peer-key-value\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foobar = new Gcp.Compute.RouterPeer(\"foobar\", new()\n {\n Name = \"%s-peer\",\n Router = foobarGoogleComputeRouter.Name,\n Region = foobarGoogleComputeRouter.Region,\n PeerAsn = 65515,\n AdvertisedRoutePriority = 100,\n Interface = foobarGoogleComputeRouterInterface.Name,\n PeerIpAddress = \"169.254.3.2\",\n Md5AuthenticationKey = new Gcp.Compute.Inputs.RouterPeerMd5AuthenticationKeyArgs\n {\n Name = \"%s-peer-key\",\n Key = \"%s-peer-key-value\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRouterPeer(ctx, \"foobar\", \u0026compute.RouterPeerArgs{\n\t\t\tName: pulumi.String(\"%s-peer\"),\n\t\t\tRouter: pulumi.Any(foobarGoogleComputeRouter.Name),\n\t\t\tRegion: pulumi.Any(foobarGoogleComputeRouter.Region),\n\t\t\tPeerAsn: pulumi.Int(65515),\n\t\t\tAdvertisedRoutePriority: pulumi.Int(100),\n\t\t\tInterface: pulumi.Any(foobarGoogleComputeRouterInterface.Name),\n\t\t\tPeerIpAddress: pulumi.String(\"169.254.3.2\"),\n\t\t\tMd5AuthenticationKey: \u0026compute.RouterPeerMd5AuthenticationKeyArgs{\n\t\t\t\tName: pulumi.String(\"%s-peer-key\"),\n\t\t\t\tKey: pulumi.String(\"%s-peer-key-value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RouterPeer;\nimport com.pulumi.gcp.compute.RouterPeerArgs;\nimport com.pulumi.gcp.compute.inputs.RouterPeerMd5AuthenticationKeyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foobar = new RouterPeer(\"foobar\", RouterPeerArgs.builder()\n .name(\"%s-peer\")\n .router(foobarGoogleComputeRouter.name())\n .region(foobarGoogleComputeRouter.region())\n .peerAsn(65515)\n .advertisedRoutePriority(100)\n .interface_(foobarGoogleComputeRouterInterface.name())\n .peerIpAddress(\"169.254.3.2\")\n .md5AuthenticationKey(RouterPeerMd5AuthenticationKeyArgs.builder()\n .name(\"%s-peer-key\")\n .key(\"%s-peer-key-value\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foobar:\n type: gcp:compute:RouterPeer\n properties:\n name: '%s-peer'\n router: ${foobarGoogleComputeRouter.name}\n region: ${foobarGoogleComputeRouter.region}\n peerAsn: 65515\n advertisedRoutePriority: 100\n interface: ${foobarGoogleComputeRouterInterface.name}\n peerIpAddress: 169.254.3.2\n md5AuthenticationKey:\n name: '%s-peer-key'\n key: '%s-peer-key-value'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Router Peer Export And Import Policies\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network = new gcp.compute.Network(\"network\", {\n name: \"my-router-net\",\n autoCreateSubnetworks: false,\n});\nconst subnetwork = new gcp.compute.Subnetwork(\"subnetwork\", {\n name: \"my-router-subnet\",\n network: network.selfLink,\n ipCidrRange: \"10.0.0.0/16\",\n region: \"us-central1\",\n});\nconst address = new gcp.compute.Address(\"address\", {\n name: \"my-router\",\n region: subnetwork.region,\n});\nconst vpnGateway = new gcp.compute.HaVpnGateway(\"vpn_gateway\", {\n name: \"my-router-gateway\",\n network: network.selfLink,\n region: subnetwork.region,\n});\nconst externalGateway = new gcp.compute.ExternalVpnGateway(\"external_gateway\", {\n name: \"my-router-external-gateway\",\n redundancyType: \"SINGLE_IP_INTERNALLY_REDUNDANT\",\n description: \"An externally managed VPN gateway\",\n interfaces: [{\n id: 0,\n ipAddress: \"8.8.8.8\",\n }],\n});\nconst router = new gcp.compute.Router(\"router\", {\n name: \"my-router\",\n region: subnetwork.region,\n network: network.selfLink,\n bgp: {\n asn: 64514,\n },\n});\nconst vpnTunnel = new gcp.compute.VPNTunnel(\"vpn_tunnel\", {\n name: \"my-router\",\n region: subnetwork.region,\n vpnGateway: vpnGateway.id,\n peerExternalGateway: externalGateway.id,\n peerExternalGatewayInterface: 0,\n sharedSecret: \"unguessable\",\n router: router.name,\n vpnGatewayInterface: 0,\n});\nconst routerInterface = new gcp.compute.RouterInterface(\"router_interface\", {\n name: \"my-router\",\n router: router.name,\n region: router.region,\n vpnTunnel: vpnTunnel.name,\n});\nconst rp_export = new gcp.compute.RouterRoutePolicy(\"rp-export\", {\n name: \"my-router-rp-export\",\n router: router.name,\n region: router.region,\n type: \"ROUTE_POLICY_TYPE_EXPORT\",\n terms: [{\n priority: 2,\n match: {\n expression: \"destination == '10.0.0.0/12'\",\n title: \"export_expression\",\n description: \"acceptance expression for export\",\n },\n actions: [{\n expression: \"accept()\",\n }],\n }],\n}, {\n dependsOn: [routerInterface],\n});\nconst rp_import = new gcp.compute.RouterRoutePolicy(\"rp-import\", {\n name: \"my-router-rp-import\",\n router: router.name,\n region: router.region,\n type: \"ROUTE_POLICY_TYPE_IMPORT\",\n terms: [{\n priority: 1,\n match: {\n expression: \"destination == '10.0.0.0/12'\",\n title: \"import_expression\",\n description: \"acceptance expression for import\",\n },\n actions: [{\n expression: \"accept()\",\n }],\n }],\n}, {\n dependsOn: [\n routerInterface,\n rp_export,\n ],\n});\nconst routerPeer = new gcp.compute.RouterPeer(\"router_peer\", {\n name: \"my-router-peer\",\n router: router.name,\n region: router.region,\n peerAsn: 65515,\n advertisedRoutePriority: 100,\n \"interface\": routerInterface.name,\n md5AuthenticationKey: {\n name: \"my-router-peer-key\",\n key: \"my-router-peer-key-value\",\n },\n importPolicies: [rp_import.name],\n exportPolicies: [rp_export.name],\n}, {\n dependsOn: [\n rp_export,\n rp_import,\n routerInterface,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork = gcp.compute.Network(\"network\",\n name=\"my-router-net\",\n auto_create_subnetworks=False)\nsubnetwork = gcp.compute.Subnetwork(\"subnetwork\",\n name=\"my-router-subnet\",\n network=network.self_link,\n ip_cidr_range=\"10.0.0.0/16\",\n region=\"us-central1\")\naddress = gcp.compute.Address(\"address\",\n name=\"my-router\",\n region=subnetwork.region)\nvpn_gateway = gcp.compute.HaVpnGateway(\"vpn_gateway\",\n name=\"my-router-gateway\",\n network=network.self_link,\n region=subnetwork.region)\nexternal_gateway = gcp.compute.ExternalVpnGateway(\"external_gateway\",\n name=\"my-router-external-gateway\",\n redundancy_type=\"SINGLE_IP_INTERNALLY_REDUNDANT\",\n description=\"An externally managed VPN gateway\",\n interfaces=[{\n \"id\": 0,\n \"ip_address\": \"8.8.8.8\",\n }])\nrouter = gcp.compute.Router(\"router\",\n name=\"my-router\",\n region=subnetwork.region,\n network=network.self_link,\n bgp={\n \"asn\": 64514,\n })\nvpn_tunnel = gcp.compute.VPNTunnel(\"vpn_tunnel\",\n name=\"my-router\",\n region=subnetwork.region,\n vpn_gateway=vpn_gateway.id,\n peer_external_gateway=external_gateway.id,\n peer_external_gateway_interface=0,\n shared_secret=\"unguessable\",\n router=router.name,\n vpn_gateway_interface=0)\nrouter_interface = gcp.compute.RouterInterface(\"router_interface\",\n name=\"my-router\",\n router=router.name,\n region=router.region,\n vpn_tunnel=vpn_tunnel.name)\nrp_export = gcp.compute.RouterRoutePolicy(\"rp-export\",\n name=\"my-router-rp-export\",\n router=router.name,\n region=router.region,\n type=\"ROUTE_POLICY_TYPE_EXPORT\",\n terms=[{\n \"priority\": 2,\n \"match\": {\n \"expression\": \"destination == '10.0.0.0/12'\",\n \"title\": \"export_expression\",\n \"description\": \"acceptance expression for export\",\n },\n \"actions\": [{\n \"expression\": \"accept()\",\n }],\n }],\n opts = pulumi.ResourceOptions(depends_on=[router_interface]))\nrp_import = gcp.compute.RouterRoutePolicy(\"rp-import\",\n name=\"my-router-rp-import\",\n router=router.name,\n region=router.region,\n type=\"ROUTE_POLICY_TYPE_IMPORT\",\n terms=[{\n \"priority\": 1,\n \"match\": {\n \"expression\": \"destination == '10.0.0.0/12'\",\n \"title\": \"import_expression\",\n \"description\": \"acceptance expression for import\",\n },\n \"actions\": [{\n \"expression\": \"accept()\",\n }],\n }],\n opts = pulumi.ResourceOptions(depends_on=[\n router_interface,\n rp_export,\n ]))\nrouter_peer = gcp.compute.RouterPeer(\"router_peer\",\n name=\"my-router-peer\",\n router=router.name,\n region=router.region,\n peer_asn=65515,\n advertised_route_priority=100,\n interface=router_interface.name,\n md5_authentication_key={\n \"name\": \"my-router-peer-key\",\n \"key\": \"my-router-peer-key-value\",\n },\n import_policies=[rp_import.name],\n export_policies=[rp_export.name],\n opts = pulumi.ResourceOptions(depends_on=[\n rp_export,\n rp_import,\n router_interface,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"my-router-net\",\n AutoCreateSubnetworks = false,\n });\n\n var subnetwork = new Gcp.Compute.Subnetwork(\"subnetwork\", new()\n {\n Name = \"my-router-subnet\",\n Network = network.SelfLink,\n IpCidrRange = \"10.0.0.0/16\",\n Region = \"us-central1\",\n });\n\n var address = new Gcp.Compute.Address(\"address\", new()\n {\n Name = \"my-router\",\n Region = subnetwork.Region,\n });\n\n var vpnGateway = new Gcp.Compute.HaVpnGateway(\"vpn_gateway\", new()\n {\n Name = \"my-router-gateway\",\n Network = network.SelfLink,\n Region = subnetwork.Region,\n });\n\n var externalGateway = new Gcp.Compute.ExternalVpnGateway(\"external_gateway\", new()\n {\n Name = \"my-router-external-gateway\",\n RedundancyType = \"SINGLE_IP_INTERNALLY_REDUNDANT\",\n Description = \"An externally managed VPN gateway\",\n Interfaces = new[]\n {\n new Gcp.Compute.Inputs.ExternalVpnGatewayInterfaceArgs\n {\n Id = 0,\n IpAddress = \"8.8.8.8\",\n },\n },\n });\n\n var router = new Gcp.Compute.Router(\"router\", new()\n {\n Name = \"my-router\",\n Region = subnetwork.Region,\n Network = network.SelfLink,\n Bgp = new Gcp.Compute.Inputs.RouterBgpArgs\n {\n Asn = 64514,\n },\n });\n\n var vpnTunnel = new Gcp.Compute.VPNTunnel(\"vpn_tunnel\", new()\n {\n Name = \"my-router\",\n Region = subnetwork.Region,\n VpnGateway = vpnGateway.Id,\n PeerExternalGateway = externalGateway.Id,\n PeerExternalGatewayInterface = 0,\n SharedSecret = \"unguessable\",\n Router = router.Name,\n VpnGatewayInterface = 0,\n });\n\n var routerInterface = new Gcp.Compute.RouterInterface(\"router_interface\", new()\n {\n Name = \"my-router\",\n Router = router.Name,\n Region = router.Region,\n VpnTunnel = vpnTunnel.Name,\n });\n\n var rp_export = new Gcp.Compute.RouterRoutePolicy(\"rp-export\", new()\n {\n Name = \"my-router-rp-export\",\n Router = router.Name,\n Region = router.Region,\n Type = \"ROUTE_POLICY_TYPE_EXPORT\",\n Terms = new[]\n {\n new Gcp.Compute.Inputs.RouterRoutePolicyTermArgs\n {\n Priority = 2,\n Match = new Gcp.Compute.Inputs.RouterRoutePolicyTermMatchArgs\n {\n Expression = \"destination == '10.0.0.0/12'\",\n Title = \"export_expression\",\n Description = \"acceptance expression for export\",\n },\n Actions = new[]\n {\n new Gcp.Compute.Inputs.RouterRoutePolicyTermActionArgs\n {\n Expression = \"accept()\",\n },\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n routerInterface,\n },\n });\n\n var rp_import = new Gcp.Compute.RouterRoutePolicy(\"rp-import\", new()\n {\n Name = \"my-router-rp-import\",\n Router = router.Name,\n Region = router.Region,\n Type = \"ROUTE_POLICY_TYPE_IMPORT\",\n Terms = new[]\n {\n new Gcp.Compute.Inputs.RouterRoutePolicyTermArgs\n {\n Priority = 1,\n Match = new Gcp.Compute.Inputs.RouterRoutePolicyTermMatchArgs\n {\n Expression = \"destination == '10.0.0.0/12'\",\n Title = \"import_expression\",\n Description = \"acceptance expression for import\",\n },\n Actions = new[]\n {\n new Gcp.Compute.Inputs.RouterRoutePolicyTermActionArgs\n {\n Expression = \"accept()\",\n },\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n routerInterface,\n rp_export,\n },\n });\n\n var routerPeer = new Gcp.Compute.RouterPeer(\"router_peer\", new()\n {\n Name = \"my-router-peer\",\n Router = router.Name,\n Region = router.Region,\n PeerAsn = 65515,\n AdvertisedRoutePriority = 100,\n Interface = routerInterface.Name,\n Md5AuthenticationKey = new Gcp.Compute.Inputs.RouterPeerMd5AuthenticationKeyArgs\n {\n Name = \"my-router-peer-key\",\n Key = \"my-router-peer-key-value\",\n },\n ImportPolicies = new[]\n {\n rp_import.Name,\n },\n ExportPolicies = new[]\n {\n rp_export.Name,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n rp_export,\n rp_import,\n routerInterface,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"my-router-net\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubnetwork, err := compute.NewSubnetwork(ctx, \"subnetwork\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"my-router-subnet\"),\n\t\t\tNetwork: network.SelfLink,\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewAddress(ctx, \"address\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"my-router\"),\n\t\t\tRegion: subnetwork.Region,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpnGateway, err := compute.NewHaVpnGateway(ctx, \"vpn_gateway\", \u0026compute.HaVpnGatewayArgs{\n\t\t\tName: pulumi.String(\"my-router-gateway\"),\n\t\t\tNetwork: network.SelfLink,\n\t\t\tRegion: subnetwork.Region,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texternalGateway, err := compute.NewExternalVpnGateway(ctx, \"external_gateway\", \u0026compute.ExternalVpnGatewayArgs{\n\t\t\tName: pulumi.String(\"my-router-external-gateway\"),\n\t\t\tRedundancyType: pulumi.String(\"SINGLE_IP_INTERNALLY_REDUNDANT\"),\n\t\t\tDescription: pulumi.String(\"An externally managed VPN gateway\"),\n\t\t\tInterfaces: compute.ExternalVpnGatewayInterfaceArray{\n\t\t\t\t\u0026compute.ExternalVpnGatewayInterfaceArgs{\n\t\t\t\t\tId: pulumi.Int(0),\n\t\t\t\t\tIpAddress: pulumi.String(\"8.8.8.8\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trouter, err := compute.NewRouter(ctx, \"router\", \u0026compute.RouterArgs{\n\t\t\tName: pulumi.String(\"my-router\"),\n\t\t\tRegion: subnetwork.Region,\n\t\t\tNetwork: network.SelfLink,\n\t\t\tBgp: \u0026compute.RouterBgpArgs{\n\t\t\t\tAsn: pulumi.Int(64514),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpnTunnel, err := compute.NewVPNTunnel(ctx, \"vpn_tunnel\", \u0026compute.VPNTunnelArgs{\n\t\t\tName: pulumi.String(\"my-router\"),\n\t\t\tRegion: subnetwork.Region,\n\t\t\tVpnGateway: vpnGateway.ID(),\n\t\t\tPeerExternalGateway: externalGateway.ID(),\n\t\t\tPeerExternalGatewayInterface: pulumi.Int(0),\n\t\t\tSharedSecret: pulumi.String(\"unguessable\"),\n\t\t\tRouter: router.Name,\n\t\t\tVpnGatewayInterface: pulumi.Int(0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trouterInterface, err := compute.NewRouterInterface(ctx, \"router_interface\", \u0026compute.RouterInterfaceArgs{\n\t\t\tName: pulumi.String(\"my-router\"),\n\t\t\tRouter: router.Name,\n\t\t\tRegion: router.Region,\n\t\t\tVpnTunnel: vpnTunnel.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRouterRoutePolicy(ctx, \"rp-export\", \u0026compute.RouterRoutePolicyArgs{\n\t\t\tName: pulumi.String(\"my-router-rp-export\"),\n\t\t\tRouter: router.Name,\n\t\t\tRegion: router.Region,\n\t\t\tType: pulumi.String(\"ROUTE_POLICY_TYPE_EXPORT\"),\n\t\t\tTerms: compute.RouterRoutePolicyTermArray{\n\t\t\t\t\u0026compute.RouterRoutePolicyTermArgs{\n\t\t\t\t\tPriority: pulumi.Int(2),\n\t\t\t\t\tMatch: \u0026compute.RouterRoutePolicyTermMatchArgs{\n\t\t\t\t\t\tExpression: pulumi.String(\"destination == '10.0.0.0/12'\"),\n\t\t\t\t\t\tTitle: pulumi.String(\"export_expression\"),\n\t\t\t\t\t\tDescription: pulumi.String(\"acceptance expression for export\"),\n\t\t\t\t\t},\n\t\t\t\t\tActions: compute.RouterRoutePolicyTermActionArray{\n\t\t\t\t\t\t\u0026compute.RouterRoutePolicyTermActionArgs{\n\t\t\t\t\t\t\tExpression: pulumi.String(\"accept()\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\trouterInterface,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRouterRoutePolicy(ctx, \"rp-import\", \u0026compute.RouterRoutePolicyArgs{\n\t\t\tName: pulumi.String(\"my-router-rp-import\"),\n\t\t\tRouter: router.Name,\n\t\t\tRegion: router.Region,\n\t\t\tType: pulumi.String(\"ROUTE_POLICY_TYPE_IMPORT\"),\n\t\t\tTerms: compute.RouterRoutePolicyTermArray{\n\t\t\t\t\u0026compute.RouterRoutePolicyTermArgs{\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tMatch: \u0026compute.RouterRoutePolicyTermMatchArgs{\n\t\t\t\t\t\tExpression: pulumi.String(\"destination == '10.0.0.0/12'\"),\n\t\t\t\t\t\tTitle: pulumi.String(\"import_expression\"),\n\t\t\t\t\t\tDescription: pulumi.String(\"acceptance expression for import\"),\n\t\t\t\t\t},\n\t\t\t\t\tActions: compute.RouterRoutePolicyTermActionArray{\n\t\t\t\t\t\t\u0026compute.RouterRoutePolicyTermActionArgs{\n\t\t\t\t\t\t\tExpression: pulumi.String(\"accept()\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\trouterInterface,\n\t\t\trp_export,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRouterPeer(ctx, \"router_peer\", \u0026compute.RouterPeerArgs{\n\t\t\tName: pulumi.String(\"my-router-peer\"),\n\t\t\tRouter: router.Name,\n\t\t\tRegion: router.Region,\n\t\t\tPeerAsn: pulumi.Int(65515),\n\t\t\tAdvertisedRoutePriority: pulumi.Int(100),\n\t\t\tInterface: routerInterface.Name,\n\t\t\tMd5AuthenticationKey: \u0026compute.RouterPeerMd5AuthenticationKeyArgs{\n\t\t\t\tName: pulumi.String(\"my-router-peer-key\"),\n\t\t\t\tKey: pulumi.String(\"my-router-peer-key-value\"),\n\t\t\t},\n\t\t\tImportPolicies: pulumi.StringArray{\n\t\t\t\trp_import.Name,\n\t\t\t},\n\t\t\tExportPolicies: pulumi.StringArray{\n\t\t\t\trp_export.Name,\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\trp_export,\n\t\t\trp_import,\n\t\t\trouterInterface,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport com.pulumi.gcp.compute.HaVpnGateway;\nimport com.pulumi.gcp.compute.HaVpnGatewayArgs;\nimport com.pulumi.gcp.compute.ExternalVpnGateway;\nimport com.pulumi.gcp.compute.ExternalVpnGatewayArgs;\nimport com.pulumi.gcp.compute.inputs.ExternalVpnGatewayInterfaceArgs;\nimport com.pulumi.gcp.compute.Router;\nimport com.pulumi.gcp.compute.RouterArgs;\nimport com.pulumi.gcp.compute.inputs.RouterBgpArgs;\nimport com.pulumi.gcp.compute.VPNTunnel;\nimport com.pulumi.gcp.compute.VPNTunnelArgs;\nimport com.pulumi.gcp.compute.RouterInterface;\nimport com.pulumi.gcp.compute.RouterInterfaceArgs;\nimport com.pulumi.gcp.compute.RouterRoutePolicy;\nimport com.pulumi.gcp.compute.RouterRoutePolicyArgs;\nimport com.pulumi.gcp.compute.inputs.RouterRoutePolicyTermArgs;\nimport com.pulumi.gcp.compute.inputs.RouterRoutePolicyTermMatchArgs;\nimport com.pulumi.gcp.compute.RouterPeer;\nimport com.pulumi.gcp.compute.RouterPeerArgs;\nimport com.pulumi.gcp.compute.inputs.RouterPeerMd5AuthenticationKeyArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"my-router-net\")\n .autoCreateSubnetworks(false)\n .build());\n\n var subnetwork = new Subnetwork(\"subnetwork\", SubnetworkArgs.builder()\n .name(\"my-router-subnet\")\n .network(network.selfLink())\n .ipCidrRange(\"10.0.0.0/16\")\n .region(\"us-central1\")\n .build());\n\n var address = new Address(\"address\", AddressArgs.builder()\n .name(\"my-router\")\n .region(subnetwork.region())\n .build());\n\n var vpnGateway = new HaVpnGateway(\"vpnGateway\", HaVpnGatewayArgs.builder()\n .name(\"my-router-gateway\")\n .network(network.selfLink())\n .region(subnetwork.region())\n .build());\n\n var externalGateway = new ExternalVpnGateway(\"externalGateway\", ExternalVpnGatewayArgs.builder()\n .name(\"my-router-external-gateway\")\n .redundancyType(\"SINGLE_IP_INTERNALLY_REDUNDANT\")\n .description(\"An externally managed VPN gateway\")\n .interfaces(ExternalVpnGatewayInterfaceArgs.builder()\n .id(0)\n .ipAddress(\"8.8.8.8\")\n .build())\n .build());\n\n var router = new Router(\"router\", RouterArgs.builder()\n .name(\"my-router\")\n .region(subnetwork.region())\n .network(network.selfLink())\n .bgp(RouterBgpArgs.builder()\n .asn(64514)\n .build())\n .build());\n\n var vpnTunnel = new VPNTunnel(\"vpnTunnel\", VPNTunnelArgs.builder()\n .name(\"my-router\")\n .region(subnetwork.region())\n .vpnGateway(vpnGateway.id())\n .peerExternalGateway(externalGateway.id())\n .peerExternalGatewayInterface(0)\n .sharedSecret(\"unguessable\")\n .router(router.name())\n .vpnGatewayInterface(0)\n .build());\n\n var routerInterface = new RouterInterface(\"routerInterface\", RouterInterfaceArgs.builder()\n .name(\"my-router\")\n .router(router.name())\n .region(router.region())\n .vpnTunnel(vpnTunnel.name())\n .build());\n\n var rp_export = new RouterRoutePolicy(\"rp-export\", RouterRoutePolicyArgs.builder()\n .name(\"my-router-rp-export\")\n .router(router.name())\n .region(router.region())\n .type(\"ROUTE_POLICY_TYPE_EXPORT\")\n .terms(RouterRoutePolicyTermArgs.builder()\n .priority(2)\n .match(RouterRoutePolicyTermMatchArgs.builder()\n .expression(\"destination == '10.0.0.0/12'\")\n .title(\"export_expression\")\n .description(\"acceptance expression for export\")\n .build())\n .actions(RouterRoutePolicyTermActionArgs.builder()\n .expression(\"accept()\")\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(routerInterface)\n .build());\n\n var rp_import = new RouterRoutePolicy(\"rp-import\", RouterRoutePolicyArgs.builder()\n .name(\"my-router-rp-import\")\n .router(router.name())\n .region(router.region())\n .type(\"ROUTE_POLICY_TYPE_IMPORT\")\n .terms(RouterRoutePolicyTermArgs.builder()\n .priority(1)\n .match(RouterRoutePolicyTermMatchArgs.builder()\n .expression(\"destination == '10.0.0.0/12'\")\n .title(\"import_expression\")\n .description(\"acceptance expression for import\")\n .build())\n .actions(RouterRoutePolicyTermActionArgs.builder()\n .expression(\"accept()\")\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n routerInterface,\n rp_export)\n .build());\n\n var routerPeer = new RouterPeer(\"routerPeer\", RouterPeerArgs.builder()\n .name(\"my-router-peer\")\n .router(router.name())\n .region(router.region())\n .peerAsn(65515)\n .advertisedRoutePriority(100)\n .interface_(routerInterface.name())\n .md5AuthenticationKey(RouterPeerMd5AuthenticationKeyArgs.builder()\n .name(\"my-router-peer-key\")\n .key(\"my-router-peer-key-value\")\n .build())\n .importPolicies(rp_import.name())\n .exportPolicies(rp_export.name())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n rp_export,\n rp_import,\n routerInterface)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n network:\n type: gcp:compute:Network\n properties:\n name: my-router-net\n autoCreateSubnetworks: false\n subnetwork:\n type: gcp:compute:Subnetwork\n properties:\n name: my-router-subnet\n network: ${network.selfLink}\n ipCidrRange: 10.0.0.0/16\n region: us-central1\n address:\n type: gcp:compute:Address\n properties:\n name: my-router\n region: ${subnetwork.region}\n vpnGateway:\n type: gcp:compute:HaVpnGateway\n name: vpn_gateway\n properties:\n name: my-router-gateway\n network: ${network.selfLink}\n region: ${subnetwork.region}\n externalGateway:\n type: gcp:compute:ExternalVpnGateway\n name: external_gateway\n properties:\n name: my-router-external-gateway\n redundancyType: SINGLE_IP_INTERNALLY_REDUNDANT\n description: An externally managed VPN gateway\n interfaces:\n - id: 0\n ipAddress: 8.8.8.8\n router:\n type: gcp:compute:Router\n properties:\n name: my-router\n region: ${subnetwork.region}\n network: ${network.selfLink}\n bgp:\n asn: 64514\n vpnTunnel:\n type: gcp:compute:VPNTunnel\n name: vpn_tunnel\n properties:\n name: my-router\n region: ${subnetwork.region}\n vpnGateway: ${vpnGateway.id}\n peerExternalGateway: ${externalGateway.id}\n peerExternalGatewayInterface: 0\n sharedSecret: unguessable\n router: ${router.name}\n vpnGatewayInterface: 0\n routerInterface:\n type: gcp:compute:RouterInterface\n name: router_interface\n properties:\n name: my-router\n router: ${router.name}\n region: ${router.region}\n vpnTunnel: ${vpnTunnel.name}\n rp-export:\n type: gcp:compute:RouterRoutePolicy\n properties:\n name: my-router-rp-export\n router: ${router.name}\n region: ${router.region}\n type: ROUTE_POLICY_TYPE_EXPORT\n terms:\n - priority: 2\n match:\n expression: destination == '10.0.0.0/12'\n title: export_expression\n description: acceptance expression for export\n actions:\n - expression: accept()\n options:\n dependsOn:\n - ${routerInterface}\n rp-import:\n type: gcp:compute:RouterRoutePolicy\n properties:\n name: my-router-rp-import\n router: ${router.name}\n region: ${router.region}\n type: ROUTE_POLICY_TYPE_IMPORT\n terms:\n - priority: 1\n match:\n expression: destination == '10.0.0.0/12'\n title: import_expression\n description: acceptance expression for import\n actions:\n - expression: accept()\n options:\n dependsOn:\n - ${routerInterface}\n - ${[\"rp-export\"]}\n routerPeer:\n type: gcp:compute:RouterPeer\n name: router_peer\n properties:\n name: my-router-peer\n router: ${router.name}\n region: ${router.region}\n peerAsn: 65515\n advertisedRoutePriority: 100\n interface: ${routerInterface.name}\n md5AuthenticationKey:\n name: my-router-peer-key\n key: my-router-peer-key-value\n importPolicies:\n - ${[\"rp-import\"].name}\n exportPolicies:\n - ${[\"rp-export\"].name}\n options:\n dependsOn:\n - ${[\"rp-export\"]}\n - ${[\"rp-import\"]}\n - ${routerInterface}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRouterBgpPeer can be imported using any of these accepted formats:\n\n* `projects/{{project}}/regions/{{region}}/routers/{{router}}/{{name}}`\n\n* `{{project}}/{{region}}/{{router}}/{{name}}`\n\n* `{{region}}/{{router}}/{{name}}`\n\n* `{{router}}/{{name}}`\n\nWhen using the `pulumi import` command, RouterBgpPeer can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/routerPeer:RouterPeer default projects/{{project}}/regions/{{region}}/routers/{{router}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/routerPeer:RouterPeer default {{project}}/{{region}}/{{router}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/routerPeer:RouterPeer default {{region}}/{{router}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/routerPeer:RouterPeer default {{router}}/{{name}}\n```\n\n", "properties": { "advertiseMode": { "type": "string", @@ -181611,7 +181611,7 @@ } }, "gcp:compute/securityPolicy:SecurityPolicy": { - "description": "A Security Policy defines an IP blacklist or whitelist that protects load balanced Google Cloud services by denying or permitting traffic from specified IP ranges. For more information\nsee the [official documentation](https://cloud.google.com/armor/docs/configure-security-policies)\nand the [API](https://cloud.google.com/compute/docs/reference/rest/beta/securityPolicies).\n\nSecurity Policy is used by google_compute_backend_service.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = new gcp.compute.SecurityPolicy(\"policy\", {\n name: \"my-policy\",\n rules: [\n {\n action: \"deny(403)\",\n priority: 1000,\n match: {\n versionedExpr: \"SRC_IPS_V1\",\n config: {\n srcIpRanges: [\"9.9.9.0/24\"],\n },\n },\n description: \"Deny access to IPs in 9.9.9.0/24\",\n },\n {\n action: \"allow\",\n priority: 2147483647,\n match: {\n versionedExpr: \"SRC_IPS_V1\",\n config: {\n srcIpRanges: [\"*\"],\n },\n },\n description: \"default rule\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.compute.SecurityPolicy(\"policy\",\n name=\"my-policy\",\n rules=[\n {\n \"action\": \"deny(403)\",\n \"priority\": 1000,\n \"match\": {\n \"versioned_expr\": \"SRC_IPS_V1\",\n \"config\": {\n \"src_ip_ranges\": [\"9.9.9.0/24\"],\n },\n },\n \"description\": \"Deny access to IPs in 9.9.9.0/24\",\n },\n {\n \"action\": \"allow\",\n \"priority\": 2147483647,\n \"match\": {\n \"versioned_expr\": \"SRC_IPS_V1\",\n \"config\": {\n \"src_ip_ranges\": [\"*\"],\n },\n },\n \"description\": \"default rule\",\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = new Gcp.Compute.SecurityPolicy(\"policy\", new()\n {\n Name = \"my-policy\",\n Rules = new[]\n {\n new Gcp.Compute.Inputs.SecurityPolicyRuleArgs\n {\n Action = \"deny(403)\",\n Priority = 1000,\n Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs\n {\n VersionedExpr = \"SRC_IPS_V1\",\n Config = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchConfigArgs\n {\n SrcIpRanges = new[]\n {\n \"9.9.9.0/24\",\n },\n },\n },\n Description = \"Deny access to IPs in 9.9.9.0/24\",\n },\n new Gcp.Compute.Inputs.SecurityPolicyRuleArgs\n {\n Action = \"allow\",\n Priority = 2147483647,\n Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs\n {\n VersionedExpr = \"SRC_IPS_V1\",\n Config = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchConfigArgs\n {\n SrcIpRanges = new[]\n {\n \"*\",\n },\n },\n },\n Description = \"default rule\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSecurityPolicy(ctx, \"policy\", \u0026compute.SecurityPolicyArgs{\n\t\t\tName: pulumi.String(\"my-policy\"),\n\t\t\tRules: compute.SecurityPolicyRuleTypeArray{\n\t\t\t\t\u0026compute.SecurityPolicyRuleTypeArgs{\n\t\t\t\t\tAction: pulumi.String(\"deny(403)\"),\n\t\t\t\t\tPriority: pulumi.Int(1000),\n\t\t\t\t\tMatch: \u0026compute.SecurityPolicyRuleMatchArgs{\n\t\t\t\t\t\tVersionedExpr: pulumi.String(\"SRC_IPS_V1\"),\n\t\t\t\t\t\tConfig: \u0026compute.SecurityPolicyRuleMatchConfigArgs{\n\t\t\t\t\t\t\tSrcIpRanges: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"9.9.9.0/24\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tDescription: pulumi.String(\"Deny access to IPs in 9.9.9.0/24\"),\n\t\t\t\t},\n\t\t\t\t\u0026compute.SecurityPolicyRuleTypeArgs{\n\t\t\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\t\t\tPriority: pulumi.Int(2147483647),\n\t\t\t\t\tMatch: \u0026compute.SecurityPolicyRuleMatchArgs{\n\t\t\t\t\t\tVersionedExpr: pulumi.String(\"SRC_IPS_V1\"),\n\t\t\t\t\t\tConfig: \u0026compute.SecurityPolicyRuleMatchConfigArgs{\n\t\t\t\t\t\t\tSrcIpRanges: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tDescription: pulumi.String(\"default rule\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SecurityPolicy;\nimport com.pulumi.gcp.compute.SecurityPolicyArgs;\nimport com.pulumi.gcp.compute.inputs.SecurityPolicyRuleArgs;\nimport com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchArgs;\nimport com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var policy = new SecurityPolicy(\"policy\", SecurityPolicyArgs.builder()\n .name(\"my-policy\")\n .rules( \n SecurityPolicyRuleArgs.builder()\n .action(\"deny(403)\")\n .priority(\"1000\")\n .match(SecurityPolicyRuleMatchArgs.builder()\n .versionedExpr(\"SRC_IPS_V1\")\n .config(SecurityPolicyRuleMatchConfigArgs.builder()\n .srcIpRanges(\"9.9.9.0/24\")\n .build())\n .build())\n .description(\"Deny access to IPs in 9.9.9.0/24\")\n .build(),\n SecurityPolicyRuleArgs.builder()\n .action(\"allow\")\n .priority(\"2147483647\")\n .match(SecurityPolicyRuleMatchArgs.builder()\n .versionedExpr(\"SRC_IPS_V1\")\n .config(SecurityPolicyRuleMatchConfigArgs.builder()\n .srcIpRanges(\"*\")\n .build())\n .build())\n .description(\"default rule\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SecurityPolicy\n properties:\n name: my-policy\n rules:\n - action: deny(403)\n priority: '1000'\n match:\n versionedExpr: SRC_IPS_V1\n config:\n srcIpRanges:\n - 9.9.9.0/24\n description: Deny access to IPs in 9.9.9.0/24\n - action: allow\n priority: '2147483647'\n match:\n versionedExpr: SRC_IPS_V1\n config:\n srcIpRanges:\n - '*'\n description: default rule\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With ReCAPTCHA Configuration Options\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst primary = new gcp.recaptcha.EnterpriseKey(\"primary\", {\n displayName: \"display-name\",\n labels: {\n \"label-one\": \"value-one\",\n },\n project: \"my-project-name\",\n webSettings: {\n integrationType: \"INVISIBLE\",\n allowAllDomains: true,\n allowedDomains: [\"localhost\"],\n },\n});\nconst policy = new gcp.compute.SecurityPolicy(\"policy\", {\n name: \"my-policy\",\n description: \"basic security policy\",\n type: \"CLOUD_ARMOR\",\n recaptchaOptionsConfig: {\n redirectSiteKey: primary.name,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprimary = gcp.recaptcha.EnterpriseKey(\"primary\",\n display_name=\"display-name\",\n labels={\n \"label-one\": \"value-one\",\n },\n project=\"my-project-name\",\n web_settings={\n \"integration_type\": \"INVISIBLE\",\n \"allow_all_domains\": True,\n \"allowed_domains\": [\"localhost\"],\n })\npolicy = gcp.compute.SecurityPolicy(\"policy\",\n name=\"my-policy\",\n description=\"basic security policy\",\n type=\"CLOUD_ARMOR\",\n recaptcha_options_config={\n \"redirect_site_key\": primary.name,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Gcp.Recaptcha.EnterpriseKey(\"primary\", new()\n {\n DisplayName = \"display-name\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n Project = \"my-project-name\",\n WebSettings = new Gcp.Recaptcha.Inputs.EnterpriseKeyWebSettingsArgs\n {\n IntegrationType = \"INVISIBLE\",\n AllowAllDomains = true,\n AllowedDomains = new[]\n {\n \"localhost\",\n },\n },\n });\n\n var policy = new Gcp.Compute.SecurityPolicy(\"policy\", new()\n {\n Name = \"my-policy\",\n Description = \"basic security policy\",\n Type = \"CLOUD_ARMOR\",\n RecaptchaOptionsConfig = new Gcp.Compute.Inputs.SecurityPolicyRecaptchaOptionsConfigArgs\n {\n RedirectSiteKey = primary.Name,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/recaptcha\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprimary, err := recaptcha.NewEnterpriseKey(ctx, \"primary\", \u0026recaptcha.EnterpriseKeyArgs{\n\t\t\tDisplayName: pulumi.String(\"display-name\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tWebSettings: \u0026recaptcha.EnterpriseKeyWebSettingsArgs{\n\t\t\t\tIntegrationType: pulumi.String(\"INVISIBLE\"),\n\t\t\t\tAllowAllDomains: pulumi.Bool(true),\n\t\t\t\tAllowedDomains: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"localhost\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSecurityPolicy(ctx, \"policy\", \u0026compute.SecurityPolicyArgs{\n\t\t\tName: pulumi.String(\"my-policy\"),\n\t\t\tDescription: pulumi.String(\"basic security policy\"),\n\t\t\tType: pulumi.String(\"CLOUD_ARMOR\"),\n\t\t\tRecaptchaOptionsConfig: \u0026compute.SecurityPolicyRecaptchaOptionsConfigArgs{\n\t\t\t\tRedirectSiteKey: primary.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.recaptcha.EnterpriseKey;\nimport com.pulumi.gcp.recaptcha.EnterpriseKeyArgs;\nimport com.pulumi.gcp.recaptcha.inputs.EnterpriseKeyWebSettingsArgs;\nimport com.pulumi.gcp.compute.SecurityPolicy;\nimport com.pulumi.gcp.compute.SecurityPolicyArgs;\nimport com.pulumi.gcp.compute.inputs.SecurityPolicyRecaptchaOptionsConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new EnterpriseKey(\"primary\", EnterpriseKeyArgs.builder()\n .displayName(\"display-name\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .project(\"my-project-name\")\n .webSettings(EnterpriseKeyWebSettingsArgs.builder()\n .integrationType(\"INVISIBLE\")\n .allowAllDomains(true)\n .allowedDomains(\"localhost\")\n .build())\n .build());\n\n var policy = new SecurityPolicy(\"policy\", SecurityPolicyArgs.builder()\n .name(\"my-policy\")\n .description(\"basic security policy\")\n .type(\"CLOUD_ARMOR\")\n .recaptchaOptionsConfig(SecurityPolicyRecaptchaOptionsConfigArgs.builder()\n .redirectSiteKey(primary.name())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:recaptcha:EnterpriseKey\n properties:\n displayName: display-name\n labels:\n label-one: value-one\n project: my-project-name\n webSettings:\n integrationType: INVISIBLE\n allowAllDomains: true\n allowedDomains:\n - localhost\n policy:\n type: gcp:compute:SecurityPolicy\n properties:\n name: my-policy\n description: basic security policy\n type: CLOUD_ARMOR\n recaptchaOptionsConfig:\n redirectSiteKey: ${primary.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With Header Actions\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = new gcp.compute.SecurityPolicy(\"policy\", {\n name: \"my-policy\",\n rules: [\n {\n action: \"allow\",\n priority: 2147483647,\n match: {\n versionedExpr: \"SRC_IPS_V1\",\n config: {\n srcIpRanges: [\"*\"],\n },\n },\n description: \"default rule\",\n },\n {\n action: \"allow\",\n priority: 1000,\n match: {\n expr: {\n expression: \"request.path.matches(\\\"/login.html\\\") \u0026\u0026 token.recaptcha_session.score \u003c 0.2\",\n },\n },\n headerAction: {\n requestHeadersToAdds: [\n {\n headerName: \"reCAPTCHA-Warning\",\n headerValue: \"high\",\n },\n {\n headerName: \"X-Resource\",\n headerValue: \"test\",\n },\n ],\n },\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.compute.SecurityPolicy(\"policy\",\n name=\"my-policy\",\n rules=[\n {\n \"action\": \"allow\",\n \"priority\": 2147483647,\n \"match\": {\n \"versioned_expr\": \"SRC_IPS_V1\",\n \"config\": {\n \"src_ip_ranges\": [\"*\"],\n },\n },\n \"description\": \"default rule\",\n },\n {\n \"action\": \"allow\",\n \"priority\": 1000,\n \"match\": {\n \"expr\": {\n \"expression\": \"request.path.matches(\\\"/login.html\\\") \u0026\u0026 token.recaptcha_session.score \u003c 0.2\",\n },\n },\n \"header_action\": {\n \"request_headers_to_adds\": [\n {\n \"header_name\": \"reCAPTCHA-Warning\",\n \"header_value\": \"high\",\n },\n {\n \"header_name\": \"X-Resource\",\n \"header_value\": \"test\",\n },\n ],\n },\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = new Gcp.Compute.SecurityPolicy(\"policy\", new()\n {\n Name = \"my-policy\",\n Rules = new[]\n {\n new Gcp.Compute.Inputs.SecurityPolicyRuleArgs\n {\n Action = \"allow\",\n Priority = 2147483647,\n Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs\n {\n VersionedExpr = \"SRC_IPS_V1\",\n Config = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchConfigArgs\n {\n SrcIpRanges = new[]\n {\n \"*\",\n },\n },\n },\n Description = \"default rule\",\n },\n new Gcp.Compute.Inputs.SecurityPolicyRuleArgs\n {\n Action = \"allow\",\n Priority = 1000,\n Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs\n {\n Expr = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchExprArgs\n {\n Expression = \"request.path.matches(\\\"/login.html\\\") \u0026\u0026 token.recaptcha_session.score \u003c 0.2\",\n },\n },\n HeaderAction = new Gcp.Compute.Inputs.SecurityPolicyRuleHeaderActionArgs\n {\n RequestHeadersToAdds = new[]\n {\n new Gcp.Compute.Inputs.SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs\n {\n HeaderName = \"reCAPTCHA-Warning\",\n HeaderValue = \"high\",\n },\n new Gcp.Compute.Inputs.SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs\n {\n HeaderName = \"X-Resource\",\n HeaderValue = \"test\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSecurityPolicy(ctx, \"policy\", \u0026compute.SecurityPolicyArgs{\n\t\t\tName: pulumi.String(\"my-policy\"),\n\t\t\tRules: compute.SecurityPolicyRuleTypeArray{\n\t\t\t\t\u0026compute.SecurityPolicyRuleTypeArgs{\n\t\t\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\t\t\tPriority: pulumi.Int(2147483647),\n\t\t\t\t\tMatch: \u0026compute.SecurityPolicyRuleMatchArgs{\n\t\t\t\t\t\tVersionedExpr: pulumi.String(\"SRC_IPS_V1\"),\n\t\t\t\t\t\tConfig: \u0026compute.SecurityPolicyRuleMatchConfigArgs{\n\t\t\t\t\t\t\tSrcIpRanges: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tDescription: pulumi.String(\"default rule\"),\n\t\t\t\t},\n\t\t\t\t\u0026compute.SecurityPolicyRuleTypeArgs{\n\t\t\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\t\t\tPriority: pulumi.Int(1000),\n\t\t\t\t\tMatch: \u0026compute.SecurityPolicyRuleMatchArgs{\n\t\t\t\t\t\tExpr: \u0026compute.SecurityPolicyRuleMatchExprArgs{\n\t\t\t\t\t\t\tExpression: pulumi.String(\"request.path.matches(\\\"/login.html\\\") \u0026\u0026 token.recaptcha_session.score \u003c 0.2\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tHeaderAction: \u0026compute.SecurityPolicyRuleHeaderActionArgs{\n\t\t\t\t\t\tRequestHeadersToAdds: compute.SecurityPolicyRuleHeaderActionRequestHeadersToAddArray{\n\t\t\t\t\t\t\t\u0026compute.SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs{\n\t\t\t\t\t\t\t\tHeaderName: pulumi.String(\"reCAPTCHA-Warning\"),\n\t\t\t\t\t\t\t\tHeaderValue: pulumi.String(\"high\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\u0026compute.SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs{\n\t\t\t\t\t\t\t\tHeaderName: pulumi.String(\"X-Resource\"),\n\t\t\t\t\t\t\t\tHeaderValue: pulumi.String(\"test\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SecurityPolicy;\nimport com.pulumi.gcp.compute.SecurityPolicyArgs;\nimport com.pulumi.gcp.compute.inputs.SecurityPolicyRuleArgs;\nimport com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchArgs;\nimport com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchConfigArgs;\nimport com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchExprArgs;\nimport com.pulumi.gcp.compute.inputs.SecurityPolicyRuleHeaderActionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var policy = new SecurityPolicy(\"policy\", SecurityPolicyArgs.builder()\n .name(\"my-policy\")\n .rules( \n SecurityPolicyRuleArgs.builder()\n .action(\"allow\")\n .priority(\"2147483647\")\n .match(SecurityPolicyRuleMatchArgs.builder()\n .versionedExpr(\"SRC_IPS_V1\")\n .config(SecurityPolicyRuleMatchConfigArgs.builder()\n .srcIpRanges(\"*\")\n .build())\n .build())\n .description(\"default rule\")\n .build(),\n SecurityPolicyRuleArgs.builder()\n .action(\"allow\")\n .priority(\"1000\")\n .match(SecurityPolicyRuleMatchArgs.builder()\n .expr(SecurityPolicyRuleMatchExprArgs.builder()\n .expression(\"request.path.matches(\\\"/login.html\\\") \u0026\u0026 token.recaptcha_session.score \u003c 0.2\")\n .build())\n .build())\n .headerAction(SecurityPolicyRuleHeaderActionArgs.builder()\n .requestHeadersToAdds( \n SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs.builder()\n .headerName(\"reCAPTCHA-Warning\")\n .headerValue(\"high\")\n .build(),\n SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs.builder()\n .headerName(\"X-Resource\")\n .headerValue(\"test\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SecurityPolicy\n properties:\n name: my-policy\n rules:\n - action: allow\n priority: '2147483647'\n match:\n versionedExpr: SRC_IPS_V1\n config:\n srcIpRanges:\n - '*'\n description: default rule\n - action: allow\n priority: '1000'\n match:\n expr:\n expression: request.path.matches(\"/login.html\") \u0026\u0026 token.recaptcha_session.score \u003c 0.2\n headerAction:\n requestHeadersToAdds:\n - headerName: reCAPTCHA-Warning\n headerValue: high\n - headerName: X-Resource\n headerValue: test\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With EnforceOnKey Value As Empty String\nA scenario example that won't cause any conflict between `enforce_on_key` and `enforce_on_key_configs`, because `enforce_on_key` was specified as an empty string:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = new gcp.compute.SecurityPolicy(\"policy\", {\n name: \"%s\",\n description: \"throttle rule with enforce_on_key_configs\",\n rules: [{\n action: \"throttle\",\n priority: 2147483647,\n match: {\n versionedExpr: \"SRC_IPS_V1\",\n config: {\n srcIpRanges: [\"*\"],\n },\n },\n description: \"default rule\",\n rateLimitOptions: {\n conformAction: \"allow\",\n exceedAction: \"redirect\",\n enforceOnKey: \"\",\n enforceOnKeyConfigs: [{\n enforceOnKeyType: \"IP\",\n }],\n exceedRedirectOptions: {\n type: \"EXTERNAL_302\",\n target: \"\u003chttps://www.example.com\u003e\",\n },\n rateLimitThreshold: {\n count: 10,\n intervalSec: 60,\n },\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.compute.SecurityPolicy(\"policy\",\n name=\"%s\",\n description=\"throttle rule with enforce_on_key_configs\",\n rules=[{\n \"action\": \"throttle\",\n \"priority\": 2147483647,\n \"match\": {\n \"versioned_expr\": \"SRC_IPS_V1\",\n \"config\": {\n \"src_ip_ranges\": [\"*\"],\n },\n },\n \"description\": \"default rule\",\n \"rate_limit_options\": {\n \"conform_action\": \"allow\",\n \"exceed_action\": \"redirect\",\n \"enforce_on_key\": \"\",\n \"enforce_on_key_configs\": [{\n \"enforce_on_key_type\": \"IP\",\n }],\n \"exceed_redirect_options\": {\n \"type\": \"EXTERNAL_302\",\n \"target\": \"\u003chttps://www.example.com\u003e\",\n },\n \"rate_limit_threshold\": {\n \"count\": 10,\n \"interval_sec\": 60,\n },\n },\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = new Gcp.Compute.SecurityPolicy(\"policy\", new()\n {\n Name = \"%s\",\n Description = \"throttle rule with enforce_on_key_configs\",\n Rules = new[]\n {\n new Gcp.Compute.Inputs.SecurityPolicyRuleArgs\n {\n Action = \"throttle\",\n Priority = 2147483647,\n Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs\n {\n VersionedExpr = \"SRC_IPS_V1\",\n Config = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchConfigArgs\n {\n SrcIpRanges = new[]\n {\n \"*\",\n },\n },\n },\n Description = \"default rule\",\n RateLimitOptions = new Gcp.Compute.Inputs.SecurityPolicyRuleRateLimitOptionsArgs\n {\n ConformAction = \"allow\",\n ExceedAction = \"redirect\",\n EnforceOnKey = \"\",\n EnforceOnKeyConfigs = new[]\n {\n new Gcp.Compute.Inputs.SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigArgs\n {\n EnforceOnKeyType = \"IP\",\n },\n },\n ExceedRedirectOptions = new Gcp.Compute.Inputs.SecurityPolicyRuleRateLimitOptionsExceedRedirectOptionsArgs\n {\n Type = \"EXTERNAL_302\",\n Target = \"\u003chttps://www.example.com\u003e\",\n },\n RateLimitThreshold = new Gcp.Compute.Inputs.SecurityPolicyRuleRateLimitOptionsRateLimitThresholdArgs\n {\n Count = 10,\n IntervalSec = 60,\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSecurityPolicy(ctx, \"policy\", \u0026compute.SecurityPolicyArgs{\n\t\t\tName: pulumi.String(\"%s\"),\n\t\t\tDescription: pulumi.String(\"throttle rule with enforce_on_key_configs\"),\n\t\t\tRules: compute.SecurityPolicyRuleTypeArray{\n\t\t\t\t\u0026compute.SecurityPolicyRuleTypeArgs{\n\t\t\t\t\tAction: pulumi.String(\"throttle\"),\n\t\t\t\t\tPriority: pulumi.Int(2147483647),\n\t\t\t\t\tMatch: \u0026compute.SecurityPolicyRuleMatchArgs{\n\t\t\t\t\t\tVersionedExpr: pulumi.String(\"SRC_IPS_V1\"),\n\t\t\t\t\t\tConfig: \u0026compute.SecurityPolicyRuleMatchConfigArgs{\n\t\t\t\t\t\t\tSrcIpRanges: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tDescription: pulumi.String(\"default rule\"),\n\t\t\t\t\tRateLimitOptions: \u0026compute.SecurityPolicyRuleRateLimitOptionsArgs{\n\t\t\t\t\t\tConformAction: pulumi.String(\"allow\"),\n\t\t\t\t\t\tExceedAction: pulumi.String(\"redirect\"),\n\t\t\t\t\t\tEnforceOnKey: pulumi.String(\"\"),\n\t\t\t\t\t\tEnforceOnKeyConfigs: compute.SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigArray{\n\t\t\t\t\t\t\t\u0026compute.SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigArgs{\n\t\t\t\t\t\t\t\tEnforceOnKeyType: pulumi.String(\"IP\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExceedRedirectOptions: \u0026compute.SecurityPolicyRuleRateLimitOptionsExceedRedirectOptionsArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"EXTERNAL_302\"),\n\t\t\t\t\t\t\tTarget: pulumi.String(\"\u003chttps://www.example.com\u003e\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tRateLimitThreshold: \u0026compute.SecurityPolicyRuleRateLimitOptionsRateLimitThresholdArgs{\n\t\t\t\t\t\t\tCount: pulumi.Int(10),\n\t\t\t\t\t\t\tIntervalSec: pulumi.Int(60),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SecurityPolicy;\nimport com.pulumi.gcp.compute.SecurityPolicyArgs;\nimport com.pulumi.gcp.compute.inputs.SecurityPolicyRuleArgs;\nimport com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchArgs;\nimport com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchConfigArgs;\nimport com.pulumi.gcp.compute.inputs.SecurityPolicyRuleRateLimitOptionsArgs;\nimport com.pulumi.gcp.compute.inputs.SecurityPolicyRuleRateLimitOptionsExceedRedirectOptionsArgs;\nimport com.pulumi.gcp.compute.inputs.SecurityPolicyRuleRateLimitOptionsRateLimitThresholdArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var policy = new SecurityPolicy(\"policy\", SecurityPolicyArgs.builder()\n .name(\"%s\")\n .description(\"throttle rule with enforce_on_key_configs\")\n .rules(SecurityPolicyRuleArgs.builder()\n .action(\"throttle\")\n .priority(\"2147483647\")\n .match(SecurityPolicyRuleMatchArgs.builder()\n .versionedExpr(\"SRC_IPS_V1\")\n .config(SecurityPolicyRuleMatchConfigArgs.builder()\n .srcIpRanges(\"*\")\n .build())\n .build())\n .description(\"default rule\")\n .rateLimitOptions(SecurityPolicyRuleRateLimitOptionsArgs.builder()\n .conformAction(\"allow\")\n .exceedAction(\"redirect\")\n .enforceOnKey(\"\")\n .enforceOnKeyConfigs(SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigArgs.builder()\n .enforceOnKeyType(\"IP\")\n .build())\n .exceedRedirectOptions(SecurityPolicyRuleRateLimitOptionsExceedRedirectOptionsArgs.builder()\n .type(\"EXTERNAL_302\")\n .target(\"\u003chttps://www.example.com\u003e\")\n .build())\n .rateLimitThreshold(SecurityPolicyRuleRateLimitOptionsRateLimitThresholdArgs.builder()\n .count(10)\n .intervalSec(60)\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SecurityPolicy\n properties:\n name: '%s'\n description: throttle rule with enforce_on_key_configs\n rules:\n - action: throttle\n priority: '2147483647'\n match:\n versionedExpr: SRC_IPS_V1\n config:\n srcIpRanges:\n - '*'\n description: default rule\n rateLimitOptions:\n conformAction: allow\n exceedAction: redirect\n enforceOnKey:\n enforceOnKeyConfigs:\n - enforceOnKeyType: IP\n exceedRedirectOptions:\n type: EXTERNAL_302\n target: \u003chttps://www.example.com\u003e\n rateLimitThreshold:\n count: 10\n intervalSec: 60\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nSecurity policies can be imported using any of these accepted formats:\n\n* `projects/{{project}}/global/securityPolicies/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, security policies can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/securityPolicy:SecurityPolicy default projects/{{project}}/global/securityPolicies/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/securityPolicy:SecurityPolicy default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/securityPolicy:SecurityPolicy default {{name}}\n```\n\n", + "description": "A Security Policy defines an IP blacklist or whitelist that protects load balanced Google Cloud services by denying or permitting traffic from specified IP ranges. For more information\nsee the [official documentation](https://cloud.google.com/armor/docs/configure-security-policies)\nand the [API](https://cloud.google.com/compute/docs/reference/rest/beta/securityPolicies).\n\nSecurity Policy is used by google_compute_backend_service.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = new gcp.compute.SecurityPolicy(\"policy\", {\n name: \"my-policy\",\n rules: [\n {\n action: \"deny(403)\",\n priority: 1000,\n match: {\n versionedExpr: \"SRC_IPS_V1\",\n config: {\n srcIpRanges: [\"9.9.9.0/24\"],\n },\n },\n description: \"Deny access to IPs in 9.9.9.0/24\",\n },\n {\n action: \"allow\",\n priority: 2147483647,\n match: {\n versionedExpr: \"SRC_IPS_V1\",\n config: {\n srcIpRanges: [\"*\"],\n },\n },\n description: \"default rule\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.compute.SecurityPolicy(\"policy\",\n name=\"my-policy\",\n rules=[\n {\n \"action\": \"deny(403)\",\n \"priority\": 1000,\n \"match\": {\n \"versioned_expr\": \"SRC_IPS_V1\",\n \"config\": {\n \"src_ip_ranges\": [\"9.9.9.0/24\"],\n },\n },\n \"description\": \"Deny access to IPs in 9.9.9.0/24\",\n },\n {\n \"action\": \"allow\",\n \"priority\": 2147483647,\n \"match\": {\n \"versioned_expr\": \"SRC_IPS_V1\",\n \"config\": {\n \"src_ip_ranges\": [\"*\"],\n },\n },\n \"description\": \"default rule\",\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = new Gcp.Compute.SecurityPolicy(\"policy\", new()\n {\n Name = \"my-policy\",\n Rules = new[]\n {\n new Gcp.Compute.Inputs.SecurityPolicyRuleArgs\n {\n Action = \"deny(403)\",\n Priority = 1000,\n Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs\n {\n VersionedExpr = \"SRC_IPS_V1\",\n Config = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchConfigArgs\n {\n SrcIpRanges = new[]\n {\n \"9.9.9.0/24\",\n },\n },\n },\n Description = \"Deny access to IPs in 9.9.9.0/24\",\n },\n new Gcp.Compute.Inputs.SecurityPolicyRuleArgs\n {\n Action = \"allow\",\n Priority = 2147483647,\n Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs\n {\n VersionedExpr = \"SRC_IPS_V1\",\n Config = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchConfigArgs\n {\n SrcIpRanges = new[]\n {\n \"*\",\n },\n },\n },\n Description = \"default rule\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSecurityPolicy(ctx, \"policy\", \u0026compute.SecurityPolicyArgs{\n\t\t\tName: pulumi.String(\"my-policy\"),\n\t\t\tRules: compute.SecurityPolicyRuleTypeArray{\n\t\t\t\t\u0026compute.SecurityPolicyRuleTypeArgs{\n\t\t\t\t\tAction: pulumi.String(\"deny(403)\"),\n\t\t\t\t\tPriority: pulumi.Int(1000),\n\t\t\t\t\tMatch: \u0026compute.SecurityPolicyRuleMatchArgs{\n\t\t\t\t\t\tVersionedExpr: pulumi.String(\"SRC_IPS_V1\"),\n\t\t\t\t\t\tConfig: \u0026compute.SecurityPolicyRuleMatchConfigArgs{\n\t\t\t\t\t\t\tSrcIpRanges: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"9.9.9.0/24\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tDescription: pulumi.String(\"Deny access to IPs in 9.9.9.0/24\"),\n\t\t\t\t},\n\t\t\t\t\u0026compute.SecurityPolicyRuleTypeArgs{\n\t\t\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\t\t\tPriority: pulumi.Int(2147483647),\n\t\t\t\t\tMatch: \u0026compute.SecurityPolicyRuleMatchArgs{\n\t\t\t\t\t\tVersionedExpr: pulumi.String(\"SRC_IPS_V1\"),\n\t\t\t\t\t\tConfig: \u0026compute.SecurityPolicyRuleMatchConfigArgs{\n\t\t\t\t\t\t\tSrcIpRanges: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tDescription: pulumi.String(\"default rule\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SecurityPolicy;\nimport com.pulumi.gcp.compute.SecurityPolicyArgs;\nimport com.pulumi.gcp.compute.inputs.SecurityPolicyRuleArgs;\nimport com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchArgs;\nimport com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var policy = new SecurityPolicy(\"policy\", SecurityPolicyArgs.builder()\n .name(\"my-policy\")\n .rules( \n SecurityPolicyRuleArgs.builder()\n .action(\"deny(403)\")\n .priority(\"1000\")\n .match(SecurityPolicyRuleMatchArgs.builder()\n .versionedExpr(\"SRC_IPS_V1\")\n .config(SecurityPolicyRuleMatchConfigArgs.builder()\n .srcIpRanges(\"9.9.9.0/24\")\n .build())\n .build())\n .description(\"Deny access to IPs in 9.9.9.0/24\")\n .build(),\n SecurityPolicyRuleArgs.builder()\n .action(\"allow\")\n .priority(\"2147483647\")\n .match(SecurityPolicyRuleMatchArgs.builder()\n .versionedExpr(\"SRC_IPS_V1\")\n .config(SecurityPolicyRuleMatchConfigArgs.builder()\n .srcIpRanges(\"*\")\n .build())\n .build())\n .description(\"default rule\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SecurityPolicy\n properties:\n name: my-policy\n rules:\n - action: deny(403)\n priority: '1000'\n match:\n versionedExpr: SRC_IPS_V1\n config:\n srcIpRanges:\n - 9.9.9.0/24\n description: Deny access to IPs in 9.9.9.0/24\n - action: allow\n priority: '2147483647'\n match:\n versionedExpr: SRC_IPS_V1\n config:\n srcIpRanges:\n - '*'\n description: default rule\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With ReCAPTCHA Configuration Options\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst primary = new gcp.recaptcha.EnterpriseKey(\"primary\", {\n displayName: \"display-name\",\n labels: {\n \"label-one\": \"value-one\",\n },\n project: \"my-project-name\",\n webSettings: {\n integrationType: \"INVISIBLE\",\n allowAllDomains: true,\n allowedDomains: [\"localhost\"],\n },\n});\nconst policy = new gcp.compute.SecurityPolicy(\"policy\", {\n name: \"my-policy\",\n description: \"basic security policy\",\n type: \"CLOUD_ARMOR\",\n recaptchaOptionsConfig: {\n redirectSiteKey: primary.name,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprimary = gcp.recaptcha.EnterpriseKey(\"primary\",\n display_name=\"display-name\",\n labels={\n \"label-one\": \"value-one\",\n },\n project=\"my-project-name\",\n web_settings={\n \"integration_type\": \"INVISIBLE\",\n \"allow_all_domains\": True,\n \"allowed_domains\": [\"localhost\"],\n })\npolicy = gcp.compute.SecurityPolicy(\"policy\",\n name=\"my-policy\",\n description=\"basic security policy\",\n type=\"CLOUD_ARMOR\",\n recaptcha_options_config={\n \"redirect_site_key\": primary.name,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Gcp.Recaptcha.EnterpriseKey(\"primary\", new()\n {\n DisplayName = \"display-name\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n Project = \"my-project-name\",\n WebSettings = new Gcp.Recaptcha.Inputs.EnterpriseKeyWebSettingsArgs\n {\n IntegrationType = \"INVISIBLE\",\n AllowAllDomains = true,\n AllowedDomains = new[]\n {\n \"localhost\",\n },\n },\n });\n\n var policy = new Gcp.Compute.SecurityPolicy(\"policy\", new()\n {\n Name = \"my-policy\",\n Description = \"basic security policy\",\n Type = \"CLOUD_ARMOR\",\n RecaptchaOptionsConfig = new Gcp.Compute.Inputs.SecurityPolicyRecaptchaOptionsConfigArgs\n {\n RedirectSiteKey = primary.Name,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/recaptcha\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprimary, err := recaptcha.NewEnterpriseKey(ctx, \"primary\", \u0026recaptcha.EnterpriseKeyArgs{\n\t\t\tDisplayName: pulumi.String(\"display-name\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tWebSettings: \u0026recaptcha.EnterpriseKeyWebSettingsArgs{\n\t\t\t\tIntegrationType: pulumi.String(\"INVISIBLE\"),\n\t\t\t\tAllowAllDomains: pulumi.Bool(true),\n\t\t\t\tAllowedDomains: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"localhost\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSecurityPolicy(ctx, \"policy\", \u0026compute.SecurityPolicyArgs{\n\t\t\tName: pulumi.String(\"my-policy\"),\n\t\t\tDescription: pulumi.String(\"basic security policy\"),\n\t\t\tType: pulumi.String(\"CLOUD_ARMOR\"),\n\t\t\tRecaptchaOptionsConfig: \u0026compute.SecurityPolicyRecaptchaOptionsConfigArgs{\n\t\t\t\tRedirectSiteKey: primary.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.recaptcha.EnterpriseKey;\nimport com.pulumi.gcp.recaptcha.EnterpriseKeyArgs;\nimport com.pulumi.gcp.recaptcha.inputs.EnterpriseKeyWebSettingsArgs;\nimport com.pulumi.gcp.compute.SecurityPolicy;\nimport com.pulumi.gcp.compute.SecurityPolicyArgs;\nimport com.pulumi.gcp.compute.inputs.SecurityPolicyRecaptchaOptionsConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new EnterpriseKey(\"primary\", EnterpriseKeyArgs.builder()\n .displayName(\"display-name\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .project(\"my-project-name\")\n .webSettings(EnterpriseKeyWebSettingsArgs.builder()\n .integrationType(\"INVISIBLE\")\n .allowAllDomains(true)\n .allowedDomains(\"localhost\")\n .build())\n .build());\n\n var policy = new SecurityPolicy(\"policy\", SecurityPolicyArgs.builder()\n .name(\"my-policy\")\n .description(\"basic security policy\")\n .type(\"CLOUD_ARMOR\")\n .recaptchaOptionsConfig(SecurityPolicyRecaptchaOptionsConfigArgs.builder()\n .redirectSiteKey(primary.name())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:recaptcha:EnterpriseKey\n properties:\n displayName: display-name\n labels:\n label-one: value-one\n project: my-project-name\n webSettings:\n integrationType: INVISIBLE\n allowAllDomains: true\n allowedDomains:\n - localhost\n policy:\n type: gcp:compute:SecurityPolicy\n properties:\n name: my-policy\n description: basic security policy\n type: CLOUD_ARMOR\n recaptchaOptionsConfig:\n redirectSiteKey: ${primary.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With Header Actions\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = new gcp.compute.SecurityPolicy(\"policy\", {\n name: \"my-policy\",\n rules: [\n {\n action: \"allow\",\n priority: 2147483647,\n match: {\n versionedExpr: \"SRC_IPS_V1\",\n config: {\n srcIpRanges: [\"*\"],\n },\n },\n description: \"default rule\",\n },\n {\n action: \"allow\",\n priority: 1000,\n match: {\n expr: {\n expression: \"request.path.matches(\\\"/login.html\\\") \u0026\u0026 token.recaptcha_session.score \u003c 0.2\",\n },\n },\n headerAction: {\n requestHeadersToAdds: [\n {\n headerName: \"reCAPTCHA-Warning\",\n headerValue: \"high\",\n },\n {\n headerName: \"X-Resource\",\n headerValue: \"test\",\n },\n ],\n },\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.compute.SecurityPolicy(\"policy\",\n name=\"my-policy\",\n rules=[\n {\n \"action\": \"allow\",\n \"priority\": 2147483647,\n \"match\": {\n \"versioned_expr\": \"SRC_IPS_V1\",\n \"config\": {\n \"src_ip_ranges\": [\"*\"],\n },\n },\n \"description\": \"default rule\",\n },\n {\n \"action\": \"allow\",\n \"priority\": 1000,\n \"match\": {\n \"expr\": {\n \"expression\": \"request.path.matches(\\\"/login.html\\\") \u0026\u0026 token.recaptcha_session.score \u003c 0.2\",\n },\n },\n \"header_action\": {\n \"request_headers_to_adds\": [\n {\n \"header_name\": \"reCAPTCHA-Warning\",\n \"header_value\": \"high\",\n },\n {\n \"header_name\": \"X-Resource\",\n \"header_value\": \"test\",\n },\n ],\n },\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = new Gcp.Compute.SecurityPolicy(\"policy\", new()\n {\n Name = \"my-policy\",\n Rules = new[]\n {\n new Gcp.Compute.Inputs.SecurityPolicyRuleArgs\n {\n Action = \"allow\",\n Priority = 2147483647,\n Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs\n {\n VersionedExpr = \"SRC_IPS_V1\",\n Config = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchConfigArgs\n {\n SrcIpRanges = new[]\n {\n \"*\",\n },\n },\n },\n Description = \"default rule\",\n },\n new Gcp.Compute.Inputs.SecurityPolicyRuleArgs\n {\n Action = \"allow\",\n Priority = 1000,\n Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs\n {\n Expr = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchExprArgs\n {\n Expression = \"request.path.matches(\\\"/login.html\\\") \u0026\u0026 token.recaptcha_session.score \u003c 0.2\",\n },\n },\n HeaderAction = new Gcp.Compute.Inputs.SecurityPolicyRuleHeaderActionArgs\n {\n RequestHeadersToAdds = new[]\n {\n new Gcp.Compute.Inputs.SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs\n {\n HeaderName = \"reCAPTCHA-Warning\",\n HeaderValue = \"high\",\n },\n new Gcp.Compute.Inputs.SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs\n {\n HeaderName = \"X-Resource\",\n HeaderValue = \"test\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSecurityPolicy(ctx, \"policy\", \u0026compute.SecurityPolicyArgs{\n\t\t\tName: pulumi.String(\"my-policy\"),\n\t\t\tRules: compute.SecurityPolicyRuleTypeArray{\n\t\t\t\t\u0026compute.SecurityPolicyRuleTypeArgs{\n\t\t\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\t\t\tPriority: pulumi.Int(2147483647),\n\t\t\t\t\tMatch: \u0026compute.SecurityPolicyRuleMatchArgs{\n\t\t\t\t\t\tVersionedExpr: pulumi.String(\"SRC_IPS_V1\"),\n\t\t\t\t\t\tConfig: \u0026compute.SecurityPolicyRuleMatchConfigArgs{\n\t\t\t\t\t\t\tSrcIpRanges: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tDescription: pulumi.String(\"default rule\"),\n\t\t\t\t},\n\t\t\t\t\u0026compute.SecurityPolicyRuleTypeArgs{\n\t\t\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\t\t\tPriority: pulumi.Int(1000),\n\t\t\t\t\tMatch: \u0026compute.SecurityPolicyRuleMatchArgs{\n\t\t\t\t\t\tExpr: \u0026compute.SecurityPolicyRuleMatchExprArgs{\n\t\t\t\t\t\t\tExpression: pulumi.String(\"request.path.matches(\\\"/login.html\\\") \u0026\u0026 token.recaptcha_session.score \u003c 0.2\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tHeaderAction: \u0026compute.SecurityPolicyRuleHeaderActionArgs{\n\t\t\t\t\t\tRequestHeadersToAdds: compute.SecurityPolicyRuleHeaderActionRequestHeadersToAddArray{\n\t\t\t\t\t\t\t\u0026compute.SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs{\n\t\t\t\t\t\t\t\tHeaderName: pulumi.String(\"reCAPTCHA-Warning\"),\n\t\t\t\t\t\t\t\tHeaderValue: pulumi.String(\"high\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\u0026compute.SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs{\n\t\t\t\t\t\t\t\tHeaderName: pulumi.String(\"X-Resource\"),\n\t\t\t\t\t\t\t\tHeaderValue: pulumi.String(\"test\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SecurityPolicy;\nimport com.pulumi.gcp.compute.SecurityPolicyArgs;\nimport com.pulumi.gcp.compute.inputs.SecurityPolicyRuleArgs;\nimport com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchArgs;\nimport com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchConfigArgs;\nimport com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchExprArgs;\nimport com.pulumi.gcp.compute.inputs.SecurityPolicyRuleHeaderActionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var policy = new SecurityPolicy(\"policy\", SecurityPolicyArgs.builder()\n .name(\"my-policy\")\n .rules( \n SecurityPolicyRuleArgs.builder()\n .action(\"allow\")\n .priority(\"2147483647\")\n .match(SecurityPolicyRuleMatchArgs.builder()\n .versionedExpr(\"SRC_IPS_V1\")\n .config(SecurityPolicyRuleMatchConfigArgs.builder()\n .srcIpRanges(\"*\")\n .build())\n .build())\n .description(\"default rule\")\n .build(),\n SecurityPolicyRuleArgs.builder()\n .action(\"allow\")\n .priority(\"1000\")\n .match(SecurityPolicyRuleMatchArgs.builder()\n .expr(SecurityPolicyRuleMatchExprArgs.builder()\n .expression(\"request.path.matches(\\\"/login.html\\\") \u0026\u0026 token.recaptcha_session.score \u003c 0.2\")\n .build())\n .build())\n .headerAction(SecurityPolicyRuleHeaderActionArgs.builder()\n .requestHeadersToAdds( \n SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs.builder()\n .headerName(\"reCAPTCHA-Warning\")\n .headerValue(\"high\")\n .build(),\n SecurityPolicyRuleHeaderActionRequestHeadersToAddArgs.builder()\n .headerName(\"X-Resource\")\n .headerValue(\"test\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SecurityPolicy\n properties:\n name: my-policy\n rules:\n - action: allow\n priority: '2147483647'\n match:\n versionedExpr: SRC_IPS_V1\n config:\n srcIpRanges:\n - '*'\n description: default rule\n - action: allow\n priority: '1000'\n match:\n expr:\n expression: request.path.matches(\"/login.html\") \u0026\u0026 token.recaptcha_session.score \u003c 0.2\n headerAction:\n requestHeadersToAdds:\n - headerName: reCAPTCHA-Warning\n headerValue: high\n - headerName: X-Resource\n headerValue: test\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With EnforceOnKey Value As Empty String\nA scenario example that won't cause any conflict between `enforce_on_key` and `enforce_on_key_configs`, because `enforce_on_key` was specified as an empty string:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = new gcp.compute.SecurityPolicy(\"policy\", {\n name: \"%s\",\n description: \"throttle rule with enforce_on_key_configs\",\n rules: [{\n action: \"throttle\",\n priority: 2147483647,\n match: {\n versionedExpr: \"SRC_IPS_V1\",\n config: {\n srcIpRanges: [\"*\"],\n },\n },\n description: \"default rule\",\n rateLimitOptions: {\n conformAction: \"allow\",\n exceedAction: \"redirect\",\n enforceOnKey: \"\",\n enforceOnKeyConfigs: [{\n enforceOnKeyType: \"IP\",\n }],\n exceedRedirectOptions: {\n type: \"EXTERNAL_302\",\n target: \"\u003chttps://www.example.com\u003e\",\n },\n rateLimitThreshold: {\n count: 10,\n intervalSec: 60,\n },\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.compute.SecurityPolicy(\"policy\",\n name=\"%s\",\n description=\"throttle rule with enforce_on_key_configs\",\n rules=[{\n \"action\": \"throttle\",\n \"priority\": 2147483647,\n \"match\": {\n \"versioned_expr\": \"SRC_IPS_V1\",\n \"config\": {\n \"src_ip_ranges\": [\"*\"],\n },\n },\n \"description\": \"default rule\",\n \"rate_limit_options\": {\n \"conform_action\": \"allow\",\n \"exceed_action\": \"redirect\",\n \"enforce_on_key\": \"\",\n \"enforce_on_key_configs\": [{\n \"enforce_on_key_type\": \"IP\",\n }],\n \"exceed_redirect_options\": {\n \"type\": \"EXTERNAL_302\",\n \"target\": \"\u003chttps://www.example.com\u003e\",\n },\n \"rate_limit_threshold\": {\n \"count\": 10,\n \"interval_sec\": 60,\n },\n },\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = new Gcp.Compute.SecurityPolicy(\"policy\", new()\n {\n Name = \"%s\",\n Description = \"throttle rule with enforce_on_key_configs\",\n Rules = new[]\n {\n new Gcp.Compute.Inputs.SecurityPolicyRuleArgs\n {\n Action = \"throttle\",\n Priority = 2147483647,\n Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs\n {\n VersionedExpr = \"SRC_IPS_V1\",\n Config = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchConfigArgs\n {\n SrcIpRanges = new[]\n {\n \"*\",\n },\n },\n },\n Description = \"default rule\",\n RateLimitOptions = new Gcp.Compute.Inputs.SecurityPolicyRuleRateLimitOptionsArgs\n {\n ConformAction = \"allow\",\n ExceedAction = \"redirect\",\n EnforceOnKey = \"\",\n EnforceOnKeyConfigs = new[]\n {\n new Gcp.Compute.Inputs.SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigArgs\n {\n EnforceOnKeyType = \"IP\",\n },\n },\n ExceedRedirectOptions = new Gcp.Compute.Inputs.SecurityPolicyRuleRateLimitOptionsExceedRedirectOptionsArgs\n {\n Type = \"EXTERNAL_302\",\n Target = \"\u003chttps://www.example.com\u003e\",\n },\n RateLimitThreshold = new Gcp.Compute.Inputs.SecurityPolicyRuleRateLimitOptionsRateLimitThresholdArgs\n {\n Count = 10,\n IntervalSec = 60,\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSecurityPolicy(ctx, \"policy\", \u0026compute.SecurityPolicyArgs{\n\t\t\tName: pulumi.String(\"%s\"),\n\t\t\tDescription: pulumi.String(\"throttle rule with enforce_on_key_configs\"),\n\t\t\tRules: compute.SecurityPolicyRuleTypeArray{\n\t\t\t\t\u0026compute.SecurityPolicyRuleTypeArgs{\n\t\t\t\t\tAction: pulumi.String(\"throttle\"),\n\t\t\t\t\tPriority: pulumi.Int(2147483647),\n\t\t\t\t\tMatch: \u0026compute.SecurityPolicyRuleMatchArgs{\n\t\t\t\t\t\tVersionedExpr: pulumi.String(\"SRC_IPS_V1\"),\n\t\t\t\t\t\tConfig: \u0026compute.SecurityPolicyRuleMatchConfigArgs{\n\t\t\t\t\t\t\tSrcIpRanges: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tDescription: pulumi.String(\"default rule\"),\n\t\t\t\t\tRateLimitOptions: \u0026compute.SecurityPolicyRuleRateLimitOptionsArgs{\n\t\t\t\t\t\tConformAction: pulumi.String(\"allow\"),\n\t\t\t\t\t\tExceedAction: pulumi.String(\"redirect\"),\n\t\t\t\t\t\tEnforceOnKey: pulumi.String(\"\"),\n\t\t\t\t\t\tEnforceOnKeyConfigs: compute.SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigArray{\n\t\t\t\t\t\t\t\u0026compute.SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigArgs{\n\t\t\t\t\t\t\t\tEnforceOnKeyType: pulumi.String(\"IP\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExceedRedirectOptions: \u0026compute.SecurityPolicyRuleRateLimitOptionsExceedRedirectOptionsArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"EXTERNAL_302\"),\n\t\t\t\t\t\t\tTarget: pulumi.String(\"\u003chttps://www.example.com\u003e\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tRateLimitThreshold: \u0026compute.SecurityPolicyRuleRateLimitOptionsRateLimitThresholdArgs{\n\t\t\t\t\t\t\tCount: pulumi.Int(10),\n\t\t\t\t\t\t\tIntervalSec: pulumi.Int(60),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SecurityPolicy;\nimport com.pulumi.gcp.compute.SecurityPolicyArgs;\nimport com.pulumi.gcp.compute.inputs.SecurityPolicyRuleArgs;\nimport com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchArgs;\nimport com.pulumi.gcp.compute.inputs.SecurityPolicyRuleMatchConfigArgs;\nimport com.pulumi.gcp.compute.inputs.SecurityPolicyRuleRateLimitOptionsArgs;\nimport com.pulumi.gcp.compute.inputs.SecurityPolicyRuleRateLimitOptionsExceedRedirectOptionsArgs;\nimport com.pulumi.gcp.compute.inputs.SecurityPolicyRuleRateLimitOptionsRateLimitThresholdArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var policy = new SecurityPolicy(\"policy\", SecurityPolicyArgs.builder()\n .name(\"%s\")\n .description(\"throttle rule with enforce_on_key_configs\")\n .rules(SecurityPolicyRuleArgs.builder()\n .action(\"throttle\")\n .priority(\"2147483647\")\n .match(SecurityPolicyRuleMatchArgs.builder()\n .versionedExpr(\"SRC_IPS_V1\")\n .config(SecurityPolicyRuleMatchConfigArgs.builder()\n .srcIpRanges(\"*\")\n .build())\n .build())\n .description(\"default rule\")\n .rateLimitOptions(SecurityPolicyRuleRateLimitOptionsArgs.builder()\n .conformAction(\"allow\")\n .exceedAction(\"redirect\")\n .enforceOnKey(\"\")\n .enforceOnKeyConfigs(SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigArgs.builder()\n .enforceOnKeyType(\"IP\")\n .build())\n .exceedRedirectOptions(SecurityPolicyRuleRateLimitOptionsExceedRedirectOptionsArgs.builder()\n .type(\"EXTERNAL_302\")\n .target(\"\u003chttps://www.example.com\u003e\")\n .build())\n .rateLimitThreshold(SecurityPolicyRuleRateLimitOptionsRateLimitThresholdArgs.builder()\n .count(10)\n .intervalSec(60)\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SecurityPolicy\n properties:\n name: '%s'\n description: throttle rule with enforce_on_key_configs\n rules:\n - action: throttle\n priority: '2147483647'\n match:\n versionedExpr: SRC_IPS_V1\n config:\n srcIpRanges:\n - '*'\n description: default rule\n rateLimitOptions:\n conformAction: allow\n exceedAction: redirect\n enforceOnKey: \"\"\n enforceOnKeyConfigs:\n - enforceOnKeyType: IP\n exceedRedirectOptions:\n type: EXTERNAL_302\n target: \u003chttps://www.example.com\u003e\n rateLimitThreshold:\n count: 10\n intervalSec: 60\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nSecurity policies can be imported using any of these accepted formats:\n\n* `projects/{{project}}/global/securityPolicies/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, security policies can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/securityPolicy:SecurityPolicy default projects/{{project}}/global/securityPolicies/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/securityPolicy:SecurityPolicy default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/securityPolicy:SecurityPolicy default {{name}}\n```\n\n", "properties": { "adaptiveProtectionConfig": { "$ref": "#/types/gcp:compute/SecurityPolicyAdaptiveProtectionConfig:SecurityPolicyAdaptiveProtectionConfig", @@ -182102,7 +182102,7 @@ } }, "gcp:compute/serviceAttachment:ServiceAttachment": { - "description": "Represents a ServiceAttachment resource.\n\n\nTo get more information about ServiceAttachment, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/beta/serviceAttachments)\n* How-to Guides\n * [Configuring Private Service Connect to access services](https://cloud.google.com/vpc/docs/configure-private-service-connect-services)\n\n## Example Usage\n\n### Service Attachment Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst producerServiceHealthCheck = new gcp.compute.HealthCheck(\"producer_service_health_check\", {\n name: \"producer-service-health-check\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst producerServiceBackend = new gcp.compute.RegionBackendService(\"producer_service_backend\", {\n name: \"producer-service\",\n region: \"us-west2\",\n healthChecks: producerServiceHealthCheck.id,\n});\nconst pscIlbNetwork = new gcp.compute.Network(\"psc_ilb_network\", {\n name: \"psc-ilb-network\",\n autoCreateSubnetworks: false,\n});\nconst pscIlbProducerSubnetwork = new gcp.compute.Subnetwork(\"psc_ilb_producer_subnetwork\", {\n name: \"psc-ilb-producer-subnetwork\",\n region: \"us-west2\",\n network: pscIlbNetwork.id,\n ipCidrRange: \"10.0.0.0/16\",\n});\nconst pscIlbTargetService = new gcp.compute.ForwardingRule(\"psc_ilb_target_service\", {\n name: \"producer-forwarding-rule\",\n region: \"us-west2\",\n loadBalancingScheme: \"INTERNAL\",\n backendService: producerServiceBackend.id,\n allPorts: true,\n network: pscIlbNetwork.name,\n subnetwork: pscIlbProducerSubnetwork.name,\n});\nconst pscIlbNat = new gcp.compute.Subnetwork(\"psc_ilb_nat\", {\n name: \"psc-ilb-nat\",\n region: \"us-west2\",\n network: pscIlbNetwork.id,\n purpose: \"PRIVATE_SERVICE_CONNECT\",\n ipCidrRange: \"10.1.0.0/16\",\n});\nconst pscIlbServiceAttachment = new gcp.compute.ServiceAttachment(\"psc_ilb_service_attachment\", {\n name: \"my-psc-ilb\",\n region: \"us-west2\",\n description: \"A service attachment configured with Terraform\",\n domainNames: [\"gcp.tfacc.hashicorptest.com.\"],\n enableProxyProtocol: true,\n connectionPreference: \"ACCEPT_AUTOMATIC\",\n natSubnets: [pscIlbNat.id],\n targetService: pscIlbTargetService.id,\n});\nconst pscIlbConsumerAddress = new gcp.compute.Address(\"psc_ilb_consumer_address\", {\n name: \"psc-ilb-consumer-address\",\n region: \"us-west2\",\n subnetwork: \"default\",\n addressType: \"INTERNAL\",\n});\nconst pscIlbConsumer = new gcp.compute.ForwardingRule(\"psc_ilb_consumer\", {\n name: \"psc-ilb-consumer-forwarding-rule\",\n region: \"us-west2\",\n target: pscIlbServiceAttachment.id,\n loadBalancingScheme: \"\",\n network: \"default\",\n ipAddress: pscIlbConsumerAddress.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproducer_service_health_check = gcp.compute.HealthCheck(\"producer_service_health_check\",\n name=\"producer-service-health-check\",\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\nproducer_service_backend = gcp.compute.RegionBackendService(\"producer_service_backend\",\n name=\"producer-service\",\n region=\"us-west2\",\n health_checks=producer_service_health_check.id)\npsc_ilb_network = gcp.compute.Network(\"psc_ilb_network\",\n name=\"psc-ilb-network\",\n auto_create_subnetworks=False)\npsc_ilb_producer_subnetwork = gcp.compute.Subnetwork(\"psc_ilb_producer_subnetwork\",\n name=\"psc-ilb-producer-subnetwork\",\n region=\"us-west2\",\n network=psc_ilb_network.id,\n ip_cidr_range=\"10.0.0.0/16\")\npsc_ilb_target_service = gcp.compute.ForwardingRule(\"psc_ilb_target_service\",\n name=\"producer-forwarding-rule\",\n region=\"us-west2\",\n load_balancing_scheme=\"INTERNAL\",\n backend_service=producer_service_backend.id,\n all_ports=True,\n network=psc_ilb_network.name,\n subnetwork=psc_ilb_producer_subnetwork.name)\npsc_ilb_nat = gcp.compute.Subnetwork(\"psc_ilb_nat\",\n name=\"psc-ilb-nat\",\n region=\"us-west2\",\n network=psc_ilb_network.id,\n purpose=\"PRIVATE_SERVICE_CONNECT\",\n ip_cidr_range=\"10.1.0.0/16\")\npsc_ilb_service_attachment = gcp.compute.ServiceAttachment(\"psc_ilb_service_attachment\",\n name=\"my-psc-ilb\",\n region=\"us-west2\",\n description=\"A service attachment configured with Terraform\",\n domain_names=[\"gcp.tfacc.hashicorptest.com.\"],\n enable_proxy_protocol=True,\n connection_preference=\"ACCEPT_AUTOMATIC\",\n nat_subnets=[psc_ilb_nat.id],\n target_service=psc_ilb_target_service.id)\npsc_ilb_consumer_address = gcp.compute.Address(\"psc_ilb_consumer_address\",\n name=\"psc-ilb-consumer-address\",\n region=\"us-west2\",\n subnetwork=\"default\",\n address_type=\"INTERNAL\")\npsc_ilb_consumer = gcp.compute.ForwardingRule(\"psc_ilb_consumer\",\n name=\"psc-ilb-consumer-forwarding-rule\",\n region=\"us-west2\",\n target=psc_ilb_service_attachment.id,\n load_balancing_scheme=\"\",\n network=\"default\",\n ip_address=psc_ilb_consumer_address.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var producerServiceHealthCheck = new Gcp.Compute.HealthCheck(\"producer_service_health_check\", new()\n {\n Name = \"producer-service-health-check\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var producerServiceBackend = new Gcp.Compute.RegionBackendService(\"producer_service_backend\", new()\n {\n Name = \"producer-service\",\n Region = \"us-west2\",\n HealthChecks = producerServiceHealthCheck.Id,\n });\n\n var pscIlbNetwork = new Gcp.Compute.Network(\"psc_ilb_network\", new()\n {\n Name = \"psc-ilb-network\",\n AutoCreateSubnetworks = false,\n });\n\n var pscIlbProducerSubnetwork = new Gcp.Compute.Subnetwork(\"psc_ilb_producer_subnetwork\", new()\n {\n Name = \"psc-ilb-producer-subnetwork\",\n Region = \"us-west2\",\n Network = pscIlbNetwork.Id,\n IpCidrRange = \"10.0.0.0/16\",\n });\n\n var pscIlbTargetService = new Gcp.Compute.ForwardingRule(\"psc_ilb_target_service\", new()\n {\n Name = \"producer-forwarding-rule\",\n Region = \"us-west2\",\n LoadBalancingScheme = \"INTERNAL\",\n BackendService = producerServiceBackend.Id,\n AllPorts = true,\n Network = pscIlbNetwork.Name,\n Subnetwork = pscIlbProducerSubnetwork.Name,\n });\n\n var pscIlbNat = new Gcp.Compute.Subnetwork(\"psc_ilb_nat\", new()\n {\n Name = \"psc-ilb-nat\",\n Region = \"us-west2\",\n Network = pscIlbNetwork.Id,\n Purpose = \"PRIVATE_SERVICE_CONNECT\",\n IpCidrRange = \"10.1.0.0/16\",\n });\n\n var pscIlbServiceAttachment = new Gcp.Compute.ServiceAttachment(\"psc_ilb_service_attachment\", new()\n {\n Name = \"my-psc-ilb\",\n Region = \"us-west2\",\n Description = \"A service attachment configured with Terraform\",\n DomainNames = new[]\n {\n \"gcp.tfacc.hashicorptest.com.\",\n },\n EnableProxyProtocol = true,\n ConnectionPreference = \"ACCEPT_AUTOMATIC\",\n NatSubnets = new[]\n {\n pscIlbNat.Id,\n },\n TargetService = pscIlbTargetService.Id,\n });\n\n var pscIlbConsumerAddress = new Gcp.Compute.Address(\"psc_ilb_consumer_address\", new()\n {\n Name = \"psc-ilb-consumer-address\",\n Region = \"us-west2\",\n Subnetwork = \"default\",\n AddressType = \"INTERNAL\",\n });\n\n var pscIlbConsumer = new Gcp.Compute.ForwardingRule(\"psc_ilb_consumer\", new()\n {\n Name = \"psc-ilb-consumer-forwarding-rule\",\n Region = \"us-west2\",\n Target = pscIlbServiceAttachment.Id,\n LoadBalancingScheme = \"\",\n Network = \"default\",\n IpAddress = pscIlbConsumerAddress.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproducerServiceHealthCheck, err := compute.NewHealthCheck(ctx, \"producer_service_health_check\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"producer-service-health-check\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerServiceBackend, err := compute.NewRegionBackendService(ctx, \"producer_service_backend\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"producer-service\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tHealthChecks: producerServiceHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbNetwork, err := compute.NewNetwork(ctx, \"psc_ilb_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbProducerSubnetwork, err := compute.NewSubnetwork(ctx, \"psc_ilb_producer_subnetwork\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-producer-subnetwork\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tNetwork: pscIlbNetwork.ID(),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbTargetService, err := compute.NewForwardingRule(ctx, \"psc_ilb_target_service\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"producer-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL\"),\n\t\t\tBackendService: producerServiceBackend.ID(),\n\t\t\tAllPorts: pulumi.Bool(true),\n\t\t\tNetwork: pscIlbNetwork.Name,\n\t\t\tSubnetwork: pscIlbProducerSubnetwork.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbNat, err := compute.NewSubnetwork(ctx, \"psc_ilb_nat\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-nat\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tNetwork: pscIlbNetwork.ID(),\n\t\t\tPurpose: pulumi.String(\"PRIVATE_SERVICE_CONNECT\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbServiceAttachment, err := compute.NewServiceAttachment(ctx, \"psc_ilb_service_attachment\", \u0026compute.ServiceAttachmentArgs{\n\t\t\tName: pulumi.String(\"my-psc-ilb\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tDescription: pulumi.String(\"A service attachment configured with Terraform\"),\n\t\t\tDomainNames: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"gcp.tfacc.hashicorptest.com.\"),\n\t\t\t},\n\t\t\tEnableProxyProtocol: pulumi.Bool(true),\n\t\t\tConnectionPreference: pulumi.String(\"ACCEPT_AUTOMATIC\"),\n\t\t\tNatSubnets: pulumi.StringArray{\n\t\t\t\tpscIlbNat.ID(),\n\t\t\t},\n\t\t\tTargetService: pscIlbTargetService.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbConsumerAddress, err := compute.NewAddress(ctx, \"psc_ilb_consumer_address\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-consumer-address\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tSubnetwork: pulumi.String(\"default\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewForwardingRule(ctx, \"psc_ilb_consumer\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-consumer-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tTarget: pscIlbServiceAttachment.ID(),\n\t\t\tLoadBalancingScheme: pulumi.String(\"\"),\n\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\tIpAddress: pscIlbConsumerAddress.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.compute.ServiceAttachment;\nimport com.pulumi.gcp.compute.ServiceAttachmentArgs;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var producerServiceHealthCheck = new HealthCheck(\"producerServiceHealthCheck\", HealthCheckArgs.builder()\n .name(\"producer-service-health-check\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n var producerServiceBackend = new RegionBackendService(\"producerServiceBackend\", RegionBackendServiceArgs.builder()\n .name(\"producer-service\")\n .region(\"us-west2\")\n .healthChecks(producerServiceHealthCheck.id())\n .build());\n\n var pscIlbNetwork = new Network(\"pscIlbNetwork\", NetworkArgs.builder()\n .name(\"psc-ilb-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var pscIlbProducerSubnetwork = new Subnetwork(\"pscIlbProducerSubnetwork\", SubnetworkArgs.builder()\n .name(\"psc-ilb-producer-subnetwork\")\n .region(\"us-west2\")\n .network(pscIlbNetwork.id())\n .ipCidrRange(\"10.0.0.0/16\")\n .build());\n\n var pscIlbTargetService = new ForwardingRule(\"pscIlbTargetService\", ForwardingRuleArgs.builder()\n .name(\"producer-forwarding-rule\")\n .region(\"us-west2\")\n .loadBalancingScheme(\"INTERNAL\")\n .backendService(producerServiceBackend.id())\n .allPorts(true)\n .network(pscIlbNetwork.name())\n .subnetwork(pscIlbProducerSubnetwork.name())\n .build());\n\n var pscIlbNat = new Subnetwork(\"pscIlbNat\", SubnetworkArgs.builder()\n .name(\"psc-ilb-nat\")\n .region(\"us-west2\")\n .network(pscIlbNetwork.id())\n .purpose(\"PRIVATE_SERVICE_CONNECT\")\n .ipCidrRange(\"10.1.0.0/16\")\n .build());\n\n var pscIlbServiceAttachment = new ServiceAttachment(\"pscIlbServiceAttachment\", ServiceAttachmentArgs.builder()\n .name(\"my-psc-ilb\")\n .region(\"us-west2\")\n .description(\"A service attachment configured with Terraform\")\n .domainNames(\"gcp.tfacc.hashicorptest.com.\")\n .enableProxyProtocol(true)\n .connectionPreference(\"ACCEPT_AUTOMATIC\")\n .natSubnets(pscIlbNat.id())\n .targetService(pscIlbTargetService.id())\n .build());\n\n var pscIlbConsumerAddress = new Address(\"pscIlbConsumerAddress\", AddressArgs.builder()\n .name(\"psc-ilb-consumer-address\")\n .region(\"us-west2\")\n .subnetwork(\"default\")\n .addressType(\"INTERNAL\")\n .build());\n\n var pscIlbConsumer = new ForwardingRule(\"pscIlbConsumer\", ForwardingRuleArgs.builder()\n .name(\"psc-ilb-consumer-forwarding-rule\")\n .region(\"us-west2\")\n .target(pscIlbServiceAttachment.id())\n .loadBalancingScheme(\"\")\n .network(\"default\")\n .ipAddress(pscIlbConsumerAddress.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pscIlbServiceAttachment:\n type: gcp:compute:ServiceAttachment\n name: psc_ilb_service_attachment\n properties:\n name: my-psc-ilb\n region: us-west2\n description: A service attachment configured with Terraform\n domainNames:\n - gcp.tfacc.hashicorptest.com.\n enableProxyProtocol: true\n connectionPreference: ACCEPT_AUTOMATIC\n natSubnets:\n - ${pscIlbNat.id}\n targetService: ${pscIlbTargetService.id}\n pscIlbConsumerAddress:\n type: gcp:compute:Address\n name: psc_ilb_consumer_address\n properties:\n name: psc-ilb-consumer-address\n region: us-west2\n subnetwork: default\n addressType: INTERNAL\n pscIlbConsumer:\n type: gcp:compute:ForwardingRule\n name: psc_ilb_consumer\n properties:\n name: psc-ilb-consumer-forwarding-rule\n region: us-west2\n target: ${pscIlbServiceAttachment.id}\n loadBalancingScheme:\n network: default\n ipAddress: ${pscIlbConsumerAddress.id}\n pscIlbTargetService:\n type: gcp:compute:ForwardingRule\n name: psc_ilb_target_service\n properties:\n name: producer-forwarding-rule\n region: us-west2\n loadBalancingScheme: INTERNAL\n backendService: ${producerServiceBackend.id}\n allPorts: true\n network: ${pscIlbNetwork.name}\n subnetwork: ${pscIlbProducerSubnetwork.name}\n producerServiceBackend:\n type: gcp:compute:RegionBackendService\n name: producer_service_backend\n properties:\n name: producer-service\n region: us-west2\n healthChecks: ${producerServiceHealthCheck.id}\n producerServiceHealthCheck:\n type: gcp:compute:HealthCheck\n name: producer_service_health_check\n properties:\n name: producer-service-health-check\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\n pscIlbNetwork:\n type: gcp:compute:Network\n name: psc_ilb_network\n properties:\n name: psc-ilb-network\n autoCreateSubnetworks: false\n pscIlbProducerSubnetwork:\n type: gcp:compute:Subnetwork\n name: psc_ilb_producer_subnetwork\n properties:\n name: psc-ilb-producer-subnetwork\n region: us-west2\n network: ${pscIlbNetwork.id}\n ipCidrRange: 10.0.0.0/16\n pscIlbNat:\n type: gcp:compute:Subnetwork\n name: psc_ilb_nat\n properties:\n name: psc-ilb-nat\n region: us-west2\n network: ${pscIlbNetwork.id}\n purpose: PRIVATE_SERVICE_CONNECT\n ipCidrRange: 10.1.0.0/16\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Service Attachment Explicit Projects\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst producerServiceHealthCheck = new gcp.compute.HealthCheck(\"producer_service_health_check\", {\n name: \"producer-service-health-check\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst producerServiceBackend = new gcp.compute.RegionBackendService(\"producer_service_backend\", {\n name: \"producer-service\",\n region: \"us-west2\",\n healthChecks: producerServiceHealthCheck.id,\n});\nconst pscIlbNetwork = new gcp.compute.Network(\"psc_ilb_network\", {\n name: \"psc-ilb-network\",\n autoCreateSubnetworks: false,\n});\nconst pscIlbProducerSubnetwork = new gcp.compute.Subnetwork(\"psc_ilb_producer_subnetwork\", {\n name: \"psc-ilb-producer-subnetwork\",\n region: \"us-west2\",\n network: pscIlbNetwork.id,\n ipCidrRange: \"10.0.0.0/16\",\n});\nconst pscIlbTargetService = new gcp.compute.ForwardingRule(\"psc_ilb_target_service\", {\n name: \"producer-forwarding-rule\",\n region: \"us-west2\",\n loadBalancingScheme: \"INTERNAL\",\n backendService: producerServiceBackend.id,\n allPorts: true,\n network: pscIlbNetwork.name,\n subnetwork: pscIlbProducerSubnetwork.name,\n});\nconst pscIlbNat = new gcp.compute.Subnetwork(\"psc_ilb_nat\", {\n name: \"psc-ilb-nat\",\n region: \"us-west2\",\n network: pscIlbNetwork.id,\n purpose: \"PRIVATE_SERVICE_CONNECT\",\n ipCidrRange: \"10.1.0.0/16\",\n});\nconst pscIlbServiceAttachment = new gcp.compute.ServiceAttachment(\"psc_ilb_service_attachment\", {\n name: \"my-psc-ilb\",\n region: \"us-west2\",\n description: \"A service attachment configured with Terraform\",\n domainNames: [\"gcp.tfacc.hashicorptest.com.\"],\n enableProxyProtocol: true,\n connectionPreference: \"ACCEPT_MANUAL\",\n natSubnets: [pscIlbNat.id],\n targetService: pscIlbTargetService.id,\n consumerRejectLists: [\n \"673497134629\",\n \"482878270665\",\n ],\n consumerAcceptLists: [{\n projectIdOrNum: \"658859330310\",\n connectionLimit: 4,\n }],\n});\nconst pscIlbConsumerAddress = new gcp.compute.Address(\"psc_ilb_consumer_address\", {\n name: \"psc-ilb-consumer-address\",\n region: \"us-west2\",\n subnetwork: \"default\",\n addressType: \"INTERNAL\",\n});\nconst pscIlbConsumer = new gcp.compute.ForwardingRule(\"psc_ilb_consumer\", {\n name: \"psc-ilb-consumer-forwarding-rule\",\n region: \"us-west2\",\n target: pscIlbServiceAttachment.id,\n loadBalancingScheme: \"\",\n network: \"default\",\n ipAddress: pscIlbConsumerAddress.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproducer_service_health_check = gcp.compute.HealthCheck(\"producer_service_health_check\",\n name=\"producer-service-health-check\",\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\nproducer_service_backend = gcp.compute.RegionBackendService(\"producer_service_backend\",\n name=\"producer-service\",\n region=\"us-west2\",\n health_checks=producer_service_health_check.id)\npsc_ilb_network = gcp.compute.Network(\"psc_ilb_network\",\n name=\"psc-ilb-network\",\n auto_create_subnetworks=False)\npsc_ilb_producer_subnetwork = gcp.compute.Subnetwork(\"psc_ilb_producer_subnetwork\",\n name=\"psc-ilb-producer-subnetwork\",\n region=\"us-west2\",\n network=psc_ilb_network.id,\n ip_cidr_range=\"10.0.0.0/16\")\npsc_ilb_target_service = gcp.compute.ForwardingRule(\"psc_ilb_target_service\",\n name=\"producer-forwarding-rule\",\n region=\"us-west2\",\n load_balancing_scheme=\"INTERNAL\",\n backend_service=producer_service_backend.id,\n all_ports=True,\n network=psc_ilb_network.name,\n subnetwork=psc_ilb_producer_subnetwork.name)\npsc_ilb_nat = gcp.compute.Subnetwork(\"psc_ilb_nat\",\n name=\"psc-ilb-nat\",\n region=\"us-west2\",\n network=psc_ilb_network.id,\n purpose=\"PRIVATE_SERVICE_CONNECT\",\n ip_cidr_range=\"10.1.0.0/16\")\npsc_ilb_service_attachment = gcp.compute.ServiceAttachment(\"psc_ilb_service_attachment\",\n name=\"my-psc-ilb\",\n region=\"us-west2\",\n description=\"A service attachment configured with Terraform\",\n domain_names=[\"gcp.tfacc.hashicorptest.com.\"],\n enable_proxy_protocol=True,\n connection_preference=\"ACCEPT_MANUAL\",\n nat_subnets=[psc_ilb_nat.id],\n target_service=psc_ilb_target_service.id,\n consumer_reject_lists=[\n \"673497134629\",\n \"482878270665\",\n ],\n consumer_accept_lists=[{\n \"project_id_or_num\": \"658859330310\",\n \"connection_limit\": 4,\n }])\npsc_ilb_consumer_address = gcp.compute.Address(\"psc_ilb_consumer_address\",\n name=\"psc-ilb-consumer-address\",\n region=\"us-west2\",\n subnetwork=\"default\",\n address_type=\"INTERNAL\")\npsc_ilb_consumer = gcp.compute.ForwardingRule(\"psc_ilb_consumer\",\n name=\"psc-ilb-consumer-forwarding-rule\",\n region=\"us-west2\",\n target=psc_ilb_service_attachment.id,\n load_balancing_scheme=\"\",\n network=\"default\",\n ip_address=psc_ilb_consumer_address.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var producerServiceHealthCheck = new Gcp.Compute.HealthCheck(\"producer_service_health_check\", new()\n {\n Name = \"producer-service-health-check\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var producerServiceBackend = new Gcp.Compute.RegionBackendService(\"producer_service_backend\", new()\n {\n Name = \"producer-service\",\n Region = \"us-west2\",\n HealthChecks = producerServiceHealthCheck.Id,\n });\n\n var pscIlbNetwork = new Gcp.Compute.Network(\"psc_ilb_network\", new()\n {\n Name = \"psc-ilb-network\",\n AutoCreateSubnetworks = false,\n });\n\n var pscIlbProducerSubnetwork = new Gcp.Compute.Subnetwork(\"psc_ilb_producer_subnetwork\", new()\n {\n Name = \"psc-ilb-producer-subnetwork\",\n Region = \"us-west2\",\n Network = pscIlbNetwork.Id,\n IpCidrRange = \"10.0.0.0/16\",\n });\n\n var pscIlbTargetService = new Gcp.Compute.ForwardingRule(\"psc_ilb_target_service\", new()\n {\n Name = \"producer-forwarding-rule\",\n Region = \"us-west2\",\n LoadBalancingScheme = \"INTERNAL\",\n BackendService = producerServiceBackend.Id,\n AllPorts = true,\n Network = pscIlbNetwork.Name,\n Subnetwork = pscIlbProducerSubnetwork.Name,\n });\n\n var pscIlbNat = new Gcp.Compute.Subnetwork(\"psc_ilb_nat\", new()\n {\n Name = \"psc-ilb-nat\",\n Region = \"us-west2\",\n Network = pscIlbNetwork.Id,\n Purpose = \"PRIVATE_SERVICE_CONNECT\",\n IpCidrRange = \"10.1.0.0/16\",\n });\n\n var pscIlbServiceAttachment = new Gcp.Compute.ServiceAttachment(\"psc_ilb_service_attachment\", new()\n {\n Name = \"my-psc-ilb\",\n Region = \"us-west2\",\n Description = \"A service attachment configured with Terraform\",\n DomainNames = new[]\n {\n \"gcp.tfacc.hashicorptest.com.\",\n },\n EnableProxyProtocol = true,\n ConnectionPreference = \"ACCEPT_MANUAL\",\n NatSubnets = new[]\n {\n pscIlbNat.Id,\n },\n TargetService = pscIlbTargetService.Id,\n ConsumerRejectLists = new[]\n {\n \"673497134629\",\n \"482878270665\",\n },\n ConsumerAcceptLists = new[]\n {\n new Gcp.Compute.Inputs.ServiceAttachmentConsumerAcceptListArgs\n {\n ProjectIdOrNum = \"658859330310\",\n ConnectionLimit = 4,\n },\n },\n });\n\n var pscIlbConsumerAddress = new Gcp.Compute.Address(\"psc_ilb_consumer_address\", new()\n {\n Name = \"psc-ilb-consumer-address\",\n Region = \"us-west2\",\n Subnetwork = \"default\",\n AddressType = \"INTERNAL\",\n });\n\n var pscIlbConsumer = new Gcp.Compute.ForwardingRule(\"psc_ilb_consumer\", new()\n {\n Name = \"psc-ilb-consumer-forwarding-rule\",\n Region = \"us-west2\",\n Target = pscIlbServiceAttachment.Id,\n LoadBalancingScheme = \"\",\n Network = \"default\",\n IpAddress = pscIlbConsumerAddress.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproducerServiceHealthCheck, err := compute.NewHealthCheck(ctx, \"producer_service_health_check\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"producer-service-health-check\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerServiceBackend, err := compute.NewRegionBackendService(ctx, \"producer_service_backend\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"producer-service\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tHealthChecks: producerServiceHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbNetwork, err := compute.NewNetwork(ctx, \"psc_ilb_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbProducerSubnetwork, err := compute.NewSubnetwork(ctx, \"psc_ilb_producer_subnetwork\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-producer-subnetwork\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tNetwork: pscIlbNetwork.ID(),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbTargetService, err := compute.NewForwardingRule(ctx, \"psc_ilb_target_service\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"producer-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL\"),\n\t\t\tBackendService: producerServiceBackend.ID(),\n\t\t\tAllPorts: pulumi.Bool(true),\n\t\t\tNetwork: pscIlbNetwork.Name,\n\t\t\tSubnetwork: pscIlbProducerSubnetwork.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbNat, err := compute.NewSubnetwork(ctx, \"psc_ilb_nat\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-nat\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tNetwork: pscIlbNetwork.ID(),\n\t\t\tPurpose: pulumi.String(\"PRIVATE_SERVICE_CONNECT\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbServiceAttachment, err := compute.NewServiceAttachment(ctx, \"psc_ilb_service_attachment\", \u0026compute.ServiceAttachmentArgs{\n\t\t\tName: pulumi.String(\"my-psc-ilb\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tDescription: pulumi.String(\"A service attachment configured with Terraform\"),\n\t\t\tDomainNames: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"gcp.tfacc.hashicorptest.com.\"),\n\t\t\t},\n\t\t\tEnableProxyProtocol: pulumi.Bool(true),\n\t\t\tConnectionPreference: pulumi.String(\"ACCEPT_MANUAL\"),\n\t\t\tNatSubnets: pulumi.StringArray{\n\t\t\t\tpscIlbNat.ID(),\n\t\t\t},\n\t\t\tTargetService: pscIlbTargetService.ID(),\n\t\t\tConsumerRejectLists: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"673497134629\"),\n\t\t\t\tpulumi.String(\"482878270665\"),\n\t\t\t},\n\t\t\tConsumerAcceptLists: compute.ServiceAttachmentConsumerAcceptListArray{\n\t\t\t\t\u0026compute.ServiceAttachmentConsumerAcceptListArgs{\n\t\t\t\t\tProjectIdOrNum: pulumi.String(\"658859330310\"),\n\t\t\t\t\tConnectionLimit: pulumi.Int(4),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbConsumerAddress, err := compute.NewAddress(ctx, \"psc_ilb_consumer_address\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-consumer-address\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tSubnetwork: pulumi.String(\"default\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewForwardingRule(ctx, \"psc_ilb_consumer\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-consumer-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tTarget: pscIlbServiceAttachment.ID(),\n\t\t\tLoadBalancingScheme: pulumi.String(\"\"),\n\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\tIpAddress: pscIlbConsumerAddress.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.compute.ServiceAttachment;\nimport com.pulumi.gcp.compute.ServiceAttachmentArgs;\nimport com.pulumi.gcp.compute.inputs.ServiceAttachmentConsumerAcceptListArgs;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var producerServiceHealthCheck = new HealthCheck(\"producerServiceHealthCheck\", HealthCheckArgs.builder()\n .name(\"producer-service-health-check\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n var producerServiceBackend = new RegionBackendService(\"producerServiceBackend\", RegionBackendServiceArgs.builder()\n .name(\"producer-service\")\n .region(\"us-west2\")\n .healthChecks(producerServiceHealthCheck.id())\n .build());\n\n var pscIlbNetwork = new Network(\"pscIlbNetwork\", NetworkArgs.builder()\n .name(\"psc-ilb-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var pscIlbProducerSubnetwork = new Subnetwork(\"pscIlbProducerSubnetwork\", SubnetworkArgs.builder()\n .name(\"psc-ilb-producer-subnetwork\")\n .region(\"us-west2\")\n .network(pscIlbNetwork.id())\n .ipCidrRange(\"10.0.0.0/16\")\n .build());\n\n var pscIlbTargetService = new ForwardingRule(\"pscIlbTargetService\", ForwardingRuleArgs.builder()\n .name(\"producer-forwarding-rule\")\n .region(\"us-west2\")\n .loadBalancingScheme(\"INTERNAL\")\n .backendService(producerServiceBackend.id())\n .allPorts(true)\n .network(pscIlbNetwork.name())\n .subnetwork(pscIlbProducerSubnetwork.name())\n .build());\n\n var pscIlbNat = new Subnetwork(\"pscIlbNat\", SubnetworkArgs.builder()\n .name(\"psc-ilb-nat\")\n .region(\"us-west2\")\n .network(pscIlbNetwork.id())\n .purpose(\"PRIVATE_SERVICE_CONNECT\")\n .ipCidrRange(\"10.1.0.0/16\")\n .build());\n\n var pscIlbServiceAttachment = new ServiceAttachment(\"pscIlbServiceAttachment\", ServiceAttachmentArgs.builder()\n .name(\"my-psc-ilb\")\n .region(\"us-west2\")\n .description(\"A service attachment configured with Terraform\")\n .domainNames(\"gcp.tfacc.hashicorptest.com.\")\n .enableProxyProtocol(true)\n .connectionPreference(\"ACCEPT_MANUAL\")\n .natSubnets(pscIlbNat.id())\n .targetService(pscIlbTargetService.id())\n .consumerRejectLists( \n \"673497134629\",\n \"482878270665\")\n .consumerAcceptLists(ServiceAttachmentConsumerAcceptListArgs.builder()\n .projectIdOrNum(\"658859330310\")\n .connectionLimit(4)\n .build())\n .build());\n\n var pscIlbConsumerAddress = new Address(\"pscIlbConsumerAddress\", AddressArgs.builder()\n .name(\"psc-ilb-consumer-address\")\n .region(\"us-west2\")\n .subnetwork(\"default\")\n .addressType(\"INTERNAL\")\n .build());\n\n var pscIlbConsumer = new ForwardingRule(\"pscIlbConsumer\", ForwardingRuleArgs.builder()\n .name(\"psc-ilb-consumer-forwarding-rule\")\n .region(\"us-west2\")\n .target(pscIlbServiceAttachment.id())\n .loadBalancingScheme(\"\")\n .network(\"default\")\n .ipAddress(pscIlbConsumerAddress.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pscIlbServiceAttachment:\n type: gcp:compute:ServiceAttachment\n name: psc_ilb_service_attachment\n properties:\n name: my-psc-ilb\n region: us-west2\n description: A service attachment configured with Terraform\n domainNames:\n - gcp.tfacc.hashicorptest.com.\n enableProxyProtocol: true\n connectionPreference: ACCEPT_MANUAL\n natSubnets:\n - ${pscIlbNat.id}\n targetService: ${pscIlbTargetService.id}\n consumerRejectLists:\n - '673497134629'\n - '482878270665'\n consumerAcceptLists:\n - projectIdOrNum: '658859330310'\n connectionLimit: 4\n pscIlbConsumerAddress:\n type: gcp:compute:Address\n name: psc_ilb_consumer_address\n properties:\n name: psc-ilb-consumer-address\n region: us-west2\n subnetwork: default\n addressType: INTERNAL\n pscIlbConsumer:\n type: gcp:compute:ForwardingRule\n name: psc_ilb_consumer\n properties:\n name: psc-ilb-consumer-forwarding-rule\n region: us-west2\n target: ${pscIlbServiceAttachment.id}\n loadBalancingScheme:\n network: default\n ipAddress: ${pscIlbConsumerAddress.id}\n pscIlbTargetService:\n type: gcp:compute:ForwardingRule\n name: psc_ilb_target_service\n properties:\n name: producer-forwarding-rule\n region: us-west2\n loadBalancingScheme: INTERNAL\n backendService: ${producerServiceBackend.id}\n allPorts: true\n network: ${pscIlbNetwork.name}\n subnetwork: ${pscIlbProducerSubnetwork.name}\n producerServiceBackend:\n type: gcp:compute:RegionBackendService\n name: producer_service_backend\n properties:\n name: producer-service\n region: us-west2\n healthChecks: ${producerServiceHealthCheck.id}\n producerServiceHealthCheck:\n type: gcp:compute:HealthCheck\n name: producer_service_health_check\n properties:\n name: producer-service-health-check\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\n pscIlbNetwork:\n type: gcp:compute:Network\n name: psc_ilb_network\n properties:\n name: psc-ilb-network\n autoCreateSubnetworks: false\n pscIlbProducerSubnetwork:\n type: gcp:compute:Subnetwork\n name: psc_ilb_producer_subnetwork\n properties:\n name: psc-ilb-producer-subnetwork\n region: us-west2\n network: ${pscIlbNetwork.id}\n ipCidrRange: 10.0.0.0/16\n pscIlbNat:\n type: gcp:compute:Subnetwork\n name: psc_ilb_nat\n properties:\n name: psc-ilb-nat\n region: us-west2\n network: ${pscIlbNetwork.id}\n purpose: PRIVATE_SERVICE_CONNECT\n ipCidrRange: 10.1.0.0/16\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Service Attachment Explicit Networks\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst pscIlbConsumerNetwork = new gcp.compute.Network(\"psc_ilb_consumer_network\", {\n name: \"psc-ilb-consumer-network\",\n autoCreateSubnetworks: false,\n});\nconst producerServiceHealthCheck = new gcp.compute.HealthCheck(\"producer_service_health_check\", {\n name: \"producer-service-health-check\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst producerServiceBackend = new gcp.compute.RegionBackendService(\"producer_service_backend\", {\n name: \"producer-service\",\n region: \"us-west2\",\n healthChecks: producerServiceHealthCheck.id,\n});\nconst pscIlbNetwork = new gcp.compute.Network(\"psc_ilb_network\", {\n name: \"psc-ilb-network\",\n autoCreateSubnetworks: false,\n});\nconst pscIlbProducerSubnetwork = new gcp.compute.Subnetwork(\"psc_ilb_producer_subnetwork\", {\n name: \"psc-ilb-producer-subnetwork\",\n region: \"us-west2\",\n network: pscIlbNetwork.id,\n ipCidrRange: \"10.0.0.0/16\",\n});\nconst pscIlbTargetService = new gcp.compute.ForwardingRule(\"psc_ilb_target_service\", {\n name: \"producer-forwarding-rule\",\n region: \"us-west2\",\n loadBalancingScheme: \"INTERNAL\",\n backendService: producerServiceBackend.id,\n allPorts: true,\n network: pscIlbNetwork.name,\n subnetwork: pscIlbProducerSubnetwork.name,\n});\nconst pscIlbNat = new gcp.compute.Subnetwork(\"psc_ilb_nat\", {\n name: \"psc-ilb-nat\",\n region: \"us-west2\",\n network: pscIlbNetwork.id,\n purpose: \"PRIVATE_SERVICE_CONNECT\",\n ipCidrRange: \"10.1.0.0/16\",\n});\nconst pscIlbServiceAttachment = new gcp.compute.ServiceAttachment(\"psc_ilb_service_attachment\", {\n name: \"my-psc-ilb\",\n region: \"us-west2\",\n description: \"A service attachment configured with Terraform\",\n enableProxyProtocol: false,\n connectionPreference: \"ACCEPT_MANUAL\",\n natSubnets: [pscIlbNat.id],\n targetService: pscIlbTargetService.id,\n consumerAcceptLists: [{\n networkUrl: pscIlbConsumerNetwork.selfLink,\n connectionLimit: 1,\n }],\n});\nconst pscIlbConsumerSubnetwork = new gcp.compute.Subnetwork(\"psc_ilb_consumer_subnetwork\", {\n name: \"psc-ilb-consumer-network\",\n ipCidrRange: \"10.0.0.0/16\",\n region: \"us-west2\",\n network: pscIlbConsumerNetwork.id,\n});\nconst pscIlbConsumerAddress = new gcp.compute.Address(\"psc_ilb_consumer_address\", {\n name: \"psc-ilb-consumer-address\",\n region: \"us-west2\",\n subnetwork: pscIlbConsumerSubnetwork.id,\n addressType: \"INTERNAL\",\n});\nconst pscIlbConsumer = new gcp.compute.ForwardingRule(\"psc_ilb_consumer\", {\n name: \"psc-ilb-consumer-forwarding-rule\",\n region: \"us-west2\",\n target: pscIlbServiceAttachment.id,\n loadBalancingScheme: \"\",\n network: pscIlbConsumerNetwork.id,\n subnetwork: pscIlbConsumerSubnetwork.id,\n ipAddress: pscIlbConsumerAddress.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npsc_ilb_consumer_network = gcp.compute.Network(\"psc_ilb_consumer_network\",\n name=\"psc-ilb-consumer-network\",\n auto_create_subnetworks=False)\nproducer_service_health_check = gcp.compute.HealthCheck(\"producer_service_health_check\",\n name=\"producer-service-health-check\",\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\nproducer_service_backend = gcp.compute.RegionBackendService(\"producer_service_backend\",\n name=\"producer-service\",\n region=\"us-west2\",\n health_checks=producer_service_health_check.id)\npsc_ilb_network = gcp.compute.Network(\"psc_ilb_network\",\n name=\"psc-ilb-network\",\n auto_create_subnetworks=False)\npsc_ilb_producer_subnetwork = gcp.compute.Subnetwork(\"psc_ilb_producer_subnetwork\",\n name=\"psc-ilb-producer-subnetwork\",\n region=\"us-west2\",\n network=psc_ilb_network.id,\n ip_cidr_range=\"10.0.0.0/16\")\npsc_ilb_target_service = gcp.compute.ForwardingRule(\"psc_ilb_target_service\",\n name=\"producer-forwarding-rule\",\n region=\"us-west2\",\n load_balancing_scheme=\"INTERNAL\",\n backend_service=producer_service_backend.id,\n all_ports=True,\n network=psc_ilb_network.name,\n subnetwork=psc_ilb_producer_subnetwork.name)\npsc_ilb_nat = gcp.compute.Subnetwork(\"psc_ilb_nat\",\n name=\"psc-ilb-nat\",\n region=\"us-west2\",\n network=psc_ilb_network.id,\n purpose=\"PRIVATE_SERVICE_CONNECT\",\n ip_cidr_range=\"10.1.0.0/16\")\npsc_ilb_service_attachment = gcp.compute.ServiceAttachment(\"psc_ilb_service_attachment\",\n name=\"my-psc-ilb\",\n region=\"us-west2\",\n description=\"A service attachment configured with Terraform\",\n enable_proxy_protocol=False,\n connection_preference=\"ACCEPT_MANUAL\",\n nat_subnets=[psc_ilb_nat.id],\n target_service=psc_ilb_target_service.id,\n consumer_accept_lists=[{\n \"network_url\": psc_ilb_consumer_network.self_link,\n \"connection_limit\": 1,\n }])\npsc_ilb_consumer_subnetwork = gcp.compute.Subnetwork(\"psc_ilb_consumer_subnetwork\",\n name=\"psc-ilb-consumer-network\",\n ip_cidr_range=\"10.0.0.0/16\",\n region=\"us-west2\",\n network=psc_ilb_consumer_network.id)\npsc_ilb_consumer_address = gcp.compute.Address(\"psc_ilb_consumer_address\",\n name=\"psc-ilb-consumer-address\",\n region=\"us-west2\",\n subnetwork=psc_ilb_consumer_subnetwork.id,\n address_type=\"INTERNAL\")\npsc_ilb_consumer = gcp.compute.ForwardingRule(\"psc_ilb_consumer\",\n name=\"psc-ilb-consumer-forwarding-rule\",\n region=\"us-west2\",\n target=psc_ilb_service_attachment.id,\n load_balancing_scheme=\"\",\n network=psc_ilb_consumer_network.id,\n subnetwork=psc_ilb_consumer_subnetwork.id,\n ip_address=psc_ilb_consumer_address.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pscIlbConsumerNetwork = new Gcp.Compute.Network(\"psc_ilb_consumer_network\", new()\n {\n Name = \"psc-ilb-consumer-network\",\n AutoCreateSubnetworks = false,\n });\n\n var producerServiceHealthCheck = new Gcp.Compute.HealthCheck(\"producer_service_health_check\", new()\n {\n Name = \"producer-service-health-check\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var producerServiceBackend = new Gcp.Compute.RegionBackendService(\"producer_service_backend\", new()\n {\n Name = \"producer-service\",\n Region = \"us-west2\",\n HealthChecks = producerServiceHealthCheck.Id,\n });\n\n var pscIlbNetwork = new Gcp.Compute.Network(\"psc_ilb_network\", new()\n {\n Name = \"psc-ilb-network\",\n AutoCreateSubnetworks = false,\n });\n\n var pscIlbProducerSubnetwork = new Gcp.Compute.Subnetwork(\"psc_ilb_producer_subnetwork\", new()\n {\n Name = \"psc-ilb-producer-subnetwork\",\n Region = \"us-west2\",\n Network = pscIlbNetwork.Id,\n IpCidrRange = \"10.0.0.0/16\",\n });\n\n var pscIlbTargetService = new Gcp.Compute.ForwardingRule(\"psc_ilb_target_service\", new()\n {\n Name = \"producer-forwarding-rule\",\n Region = \"us-west2\",\n LoadBalancingScheme = \"INTERNAL\",\n BackendService = producerServiceBackend.Id,\n AllPorts = true,\n Network = pscIlbNetwork.Name,\n Subnetwork = pscIlbProducerSubnetwork.Name,\n });\n\n var pscIlbNat = new Gcp.Compute.Subnetwork(\"psc_ilb_nat\", new()\n {\n Name = \"psc-ilb-nat\",\n Region = \"us-west2\",\n Network = pscIlbNetwork.Id,\n Purpose = \"PRIVATE_SERVICE_CONNECT\",\n IpCidrRange = \"10.1.0.0/16\",\n });\n\n var pscIlbServiceAttachment = new Gcp.Compute.ServiceAttachment(\"psc_ilb_service_attachment\", new()\n {\n Name = \"my-psc-ilb\",\n Region = \"us-west2\",\n Description = \"A service attachment configured with Terraform\",\n EnableProxyProtocol = false,\n ConnectionPreference = \"ACCEPT_MANUAL\",\n NatSubnets = new[]\n {\n pscIlbNat.Id,\n },\n TargetService = pscIlbTargetService.Id,\n ConsumerAcceptLists = new[]\n {\n new Gcp.Compute.Inputs.ServiceAttachmentConsumerAcceptListArgs\n {\n NetworkUrl = pscIlbConsumerNetwork.SelfLink,\n ConnectionLimit = 1,\n },\n },\n });\n\n var pscIlbConsumerSubnetwork = new Gcp.Compute.Subnetwork(\"psc_ilb_consumer_subnetwork\", new()\n {\n Name = \"psc-ilb-consumer-network\",\n IpCidrRange = \"10.0.0.0/16\",\n Region = \"us-west2\",\n Network = pscIlbConsumerNetwork.Id,\n });\n\n var pscIlbConsumerAddress = new Gcp.Compute.Address(\"psc_ilb_consumer_address\", new()\n {\n Name = \"psc-ilb-consumer-address\",\n Region = \"us-west2\",\n Subnetwork = pscIlbConsumerSubnetwork.Id,\n AddressType = \"INTERNAL\",\n });\n\n var pscIlbConsumer = new Gcp.Compute.ForwardingRule(\"psc_ilb_consumer\", new()\n {\n Name = \"psc-ilb-consumer-forwarding-rule\",\n Region = \"us-west2\",\n Target = pscIlbServiceAttachment.Id,\n LoadBalancingScheme = \"\",\n Network = pscIlbConsumerNetwork.Id,\n Subnetwork = pscIlbConsumerSubnetwork.Id,\n IpAddress = pscIlbConsumerAddress.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpscIlbConsumerNetwork, err := compute.NewNetwork(ctx, \"psc_ilb_consumer_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-consumer-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerServiceHealthCheck, err := compute.NewHealthCheck(ctx, \"producer_service_health_check\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"producer-service-health-check\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerServiceBackend, err := compute.NewRegionBackendService(ctx, \"producer_service_backend\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"producer-service\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tHealthChecks: producerServiceHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbNetwork, err := compute.NewNetwork(ctx, \"psc_ilb_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbProducerSubnetwork, err := compute.NewSubnetwork(ctx, \"psc_ilb_producer_subnetwork\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-producer-subnetwork\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tNetwork: pscIlbNetwork.ID(),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbTargetService, err := compute.NewForwardingRule(ctx, \"psc_ilb_target_service\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"producer-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL\"),\n\t\t\tBackendService: producerServiceBackend.ID(),\n\t\t\tAllPorts: pulumi.Bool(true),\n\t\t\tNetwork: pscIlbNetwork.Name,\n\t\t\tSubnetwork: pscIlbProducerSubnetwork.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbNat, err := compute.NewSubnetwork(ctx, \"psc_ilb_nat\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-nat\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tNetwork: pscIlbNetwork.ID(),\n\t\t\tPurpose: pulumi.String(\"PRIVATE_SERVICE_CONNECT\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbServiceAttachment, err := compute.NewServiceAttachment(ctx, \"psc_ilb_service_attachment\", \u0026compute.ServiceAttachmentArgs{\n\t\t\tName: pulumi.String(\"my-psc-ilb\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tDescription: pulumi.String(\"A service attachment configured with Terraform\"),\n\t\t\tEnableProxyProtocol: pulumi.Bool(false),\n\t\t\tConnectionPreference: pulumi.String(\"ACCEPT_MANUAL\"),\n\t\t\tNatSubnets: pulumi.StringArray{\n\t\t\t\tpscIlbNat.ID(),\n\t\t\t},\n\t\t\tTargetService: pscIlbTargetService.ID(),\n\t\t\tConsumerAcceptLists: compute.ServiceAttachmentConsumerAcceptListArray{\n\t\t\t\t\u0026compute.ServiceAttachmentConsumerAcceptListArgs{\n\t\t\t\t\tNetworkUrl: pscIlbConsumerNetwork.SelfLink,\n\t\t\t\t\tConnectionLimit: pulumi.Int(1),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbConsumerSubnetwork, err := compute.NewSubnetwork(ctx, \"psc_ilb_consumer_subnetwork\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-consumer-network\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tNetwork: pscIlbConsumerNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbConsumerAddress, err := compute.NewAddress(ctx, \"psc_ilb_consumer_address\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-consumer-address\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tSubnetwork: pscIlbConsumerSubnetwork.ID(),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewForwardingRule(ctx, \"psc_ilb_consumer\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-consumer-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tTarget: pscIlbServiceAttachment.ID(),\n\t\t\tLoadBalancingScheme: pulumi.String(\"\"),\n\t\t\tNetwork: pscIlbConsumerNetwork.ID(),\n\t\t\tSubnetwork: pscIlbConsumerSubnetwork.ID(),\n\t\t\tIpAddress: pscIlbConsumerAddress.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.compute.ServiceAttachment;\nimport com.pulumi.gcp.compute.ServiceAttachmentArgs;\nimport com.pulumi.gcp.compute.inputs.ServiceAttachmentConsumerAcceptListArgs;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pscIlbConsumerNetwork = new Network(\"pscIlbConsumerNetwork\", NetworkArgs.builder()\n .name(\"psc-ilb-consumer-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var producerServiceHealthCheck = new HealthCheck(\"producerServiceHealthCheck\", HealthCheckArgs.builder()\n .name(\"producer-service-health-check\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n var producerServiceBackend = new RegionBackendService(\"producerServiceBackend\", RegionBackendServiceArgs.builder()\n .name(\"producer-service\")\n .region(\"us-west2\")\n .healthChecks(producerServiceHealthCheck.id())\n .build());\n\n var pscIlbNetwork = new Network(\"pscIlbNetwork\", NetworkArgs.builder()\n .name(\"psc-ilb-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var pscIlbProducerSubnetwork = new Subnetwork(\"pscIlbProducerSubnetwork\", SubnetworkArgs.builder()\n .name(\"psc-ilb-producer-subnetwork\")\n .region(\"us-west2\")\n .network(pscIlbNetwork.id())\n .ipCidrRange(\"10.0.0.0/16\")\n .build());\n\n var pscIlbTargetService = new ForwardingRule(\"pscIlbTargetService\", ForwardingRuleArgs.builder()\n .name(\"producer-forwarding-rule\")\n .region(\"us-west2\")\n .loadBalancingScheme(\"INTERNAL\")\n .backendService(producerServiceBackend.id())\n .allPorts(true)\n .network(pscIlbNetwork.name())\n .subnetwork(pscIlbProducerSubnetwork.name())\n .build());\n\n var pscIlbNat = new Subnetwork(\"pscIlbNat\", SubnetworkArgs.builder()\n .name(\"psc-ilb-nat\")\n .region(\"us-west2\")\n .network(pscIlbNetwork.id())\n .purpose(\"PRIVATE_SERVICE_CONNECT\")\n .ipCidrRange(\"10.1.0.0/16\")\n .build());\n\n var pscIlbServiceAttachment = new ServiceAttachment(\"pscIlbServiceAttachment\", ServiceAttachmentArgs.builder()\n .name(\"my-psc-ilb\")\n .region(\"us-west2\")\n .description(\"A service attachment configured with Terraform\")\n .enableProxyProtocol(false)\n .connectionPreference(\"ACCEPT_MANUAL\")\n .natSubnets(pscIlbNat.id())\n .targetService(pscIlbTargetService.id())\n .consumerAcceptLists(ServiceAttachmentConsumerAcceptListArgs.builder()\n .networkUrl(pscIlbConsumerNetwork.selfLink())\n .connectionLimit(1)\n .build())\n .build());\n\n var pscIlbConsumerSubnetwork = new Subnetwork(\"pscIlbConsumerSubnetwork\", SubnetworkArgs.builder()\n .name(\"psc-ilb-consumer-network\")\n .ipCidrRange(\"10.0.0.0/16\")\n .region(\"us-west2\")\n .network(pscIlbConsumerNetwork.id())\n .build());\n\n var pscIlbConsumerAddress = new Address(\"pscIlbConsumerAddress\", AddressArgs.builder()\n .name(\"psc-ilb-consumer-address\")\n .region(\"us-west2\")\n .subnetwork(pscIlbConsumerSubnetwork.id())\n .addressType(\"INTERNAL\")\n .build());\n\n var pscIlbConsumer = new ForwardingRule(\"pscIlbConsumer\", ForwardingRuleArgs.builder()\n .name(\"psc-ilb-consumer-forwarding-rule\")\n .region(\"us-west2\")\n .target(pscIlbServiceAttachment.id())\n .loadBalancingScheme(\"\")\n .network(pscIlbConsumerNetwork.id())\n .subnetwork(pscIlbConsumerSubnetwork.id())\n .ipAddress(pscIlbConsumerAddress.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pscIlbServiceAttachment:\n type: gcp:compute:ServiceAttachment\n name: psc_ilb_service_attachment\n properties:\n name: my-psc-ilb\n region: us-west2\n description: A service attachment configured with Terraform\n enableProxyProtocol: false\n connectionPreference: ACCEPT_MANUAL\n natSubnets:\n - ${pscIlbNat.id}\n targetService: ${pscIlbTargetService.id}\n consumerAcceptLists:\n - networkUrl: ${pscIlbConsumerNetwork.selfLink}\n connectionLimit: 1\n pscIlbConsumerNetwork:\n type: gcp:compute:Network\n name: psc_ilb_consumer_network\n properties:\n name: psc-ilb-consumer-network\n autoCreateSubnetworks: false\n pscIlbConsumerSubnetwork:\n type: gcp:compute:Subnetwork\n name: psc_ilb_consumer_subnetwork\n properties:\n name: psc-ilb-consumer-network\n ipCidrRange: 10.0.0.0/16\n region: us-west2\n network: ${pscIlbConsumerNetwork.id}\n pscIlbConsumerAddress:\n type: gcp:compute:Address\n name: psc_ilb_consumer_address\n properties:\n name: psc-ilb-consumer-address\n region: us-west2\n subnetwork: ${pscIlbConsumerSubnetwork.id}\n addressType: INTERNAL\n pscIlbConsumer:\n type: gcp:compute:ForwardingRule\n name: psc_ilb_consumer\n properties:\n name: psc-ilb-consumer-forwarding-rule\n region: us-west2\n target: ${pscIlbServiceAttachment.id}\n loadBalancingScheme:\n network: ${pscIlbConsumerNetwork.id}\n subnetwork: ${pscIlbConsumerSubnetwork.id}\n ipAddress: ${pscIlbConsumerAddress.id}\n pscIlbTargetService:\n type: gcp:compute:ForwardingRule\n name: psc_ilb_target_service\n properties:\n name: producer-forwarding-rule\n region: us-west2\n loadBalancingScheme: INTERNAL\n backendService: ${producerServiceBackend.id}\n allPorts: true\n network: ${pscIlbNetwork.name}\n subnetwork: ${pscIlbProducerSubnetwork.name}\n producerServiceBackend:\n type: gcp:compute:RegionBackendService\n name: producer_service_backend\n properties:\n name: producer-service\n region: us-west2\n healthChecks: ${producerServiceHealthCheck.id}\n producerServiceHealthCheck:\n type: gcp:compute:HealthCheck\n name: producer_service_health_check\n properties:\n name: producer-service-health-check\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\n pscIlbNetwork:\n type: gcp:compute:Network\n name: psc_ilb_network\n properties:\n name: psc-ilb-network\n autoCreateSubnetworks: false\n pscIlbProducerSubnetwork:\n type: gcp:compute:Subnetwork\n name: psc_ilb_producer_subnetwork\n properties:\n name: psc-ilb-producer-subnetwork\n region: us-west2\n network: ${pscIlbNetwork.id}\n ipCidrRange: 10.0.0.0/16\n pscIlbNat:\n type: gcp:compute:Subnetwork\n name: psc_ilb_nat\n properties:\n name: psc-ilb-nat\n region: us-west2\n network: ${pscIlbNetwork.id}\n purpose: PRIVATE_SERVICE_CONNECT\n ipCidrRange: 10.1.0.0/16\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Service Attachment Reconcile Connections\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst producerServiceHealthCheck = new gcp.compute.HealthCheck(\"producer_service_health_check\", {\n name: \"producer-service-health-check\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst producerServiceBackend = new gcp.compute.RegionBackendService(\"producer_service_backend\", {\n name: \"producer-service\",\n region: \"us-west2\",\n healthChecks: producerServiceHealthCheck.id,\n});\nconst pscIlbNetwork = new gcp.compute.Network(\"psc_ilb_network\", {\n name: \"psc-ilb-network\",\n autoCreateSubnetworks: false,\n});\nconst pscIlbProducerSubnetwork = new gcp.compute.Subnetwork(\"psc_ilb_producer_subnetwork\", {\n name: \"psc-ilb-producer-subnetwork\",\n region: \"us-west2\",\n network: pscIlbNetwork.id,\n ipCidrRange: \"10.0.0.0/16\",\n});\nconst pscIlbTargetService = new gcp.compute.ForwardingRule(\"psc_ilb_target_service\", {\n name: \"producer-forwarding-rule\",\n region: \"us-west2\",\n loadBalancingScheme: \"INTERNAL\",\n backendService: producerServiceBackend.id,\n allPorts: true,\n network: pscIlbNetwork.name,\n subnetwork: pscIlbProducerSubnetwork.name,\n});\nconst pscIlbNat = new gcp.compute.Subnetwork(\"psc_ilb_nat\", {\n name: \"psc-ilb-nat\",\n region: \"us-west2\",\n network: pscIlbNetwork.id,\n purpose: \"PRIVATE_SERVICE_CONNECT\",\n ipCidrRange: \"10.1.0.0/16\",\n});\nconst pscIlbServiceAttachment = new gcp.compute.ServiceAttachment(\"psc_ilb_service_attachment\", {\n name: \"my-psc-ilb\",\n region: \"us-west2\",\n description: \"A service attachment configured with Terraform\",\n domainNames: [\"gcp.tfacc.hashicorptest.com.\"],\n enableProxyProtocol: true,\n connectionPreference: \"ACCEPT_MANUAL\",\n natSubnets: [pscIlbNat.id],\n targetService: pscIlbTargetService.id,\n consumerRejectLists: [\n \"673497134629\",\n \"482878270665\",\n ],\n consumerAcceptLists: [{\n projectIdOrNum: \"658859330310\",\n connectionLimit: 4,\n }],\n reconcileConnections: false,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproducer_service_health_check = gcp.compute.HealthCheck(\"producer_service_health_check\",\n name=\"producer-service-health-check\",\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\nproducer_service_backend = gcp.compute.RegionBackendService(\"producer_service_backend\",\n name=\"producer-service\",\n region=\"us-west2\",\n health_checks=producer_service_health_check.id)\npsc_ilb_network = gcp.compute.Network(\"psc_ilb_network\",\n name=\"psc-ilb-network\",\n auto_create_subnetworks=False)\npsc_ilb_producer_subnetwork = gcp.compute.Subnetwork(\"psc_ilb_producer_subnetwork\",\n name=\"psc-ilb-producer-subnetwork\",\n region=\"us-west2\",\n network=psc_ilb_network.id,\n ip_cidr_range=\"10.0.0.0/16\")\npsc_ilb_target_service = gcp.compute.ForwardingRule(\"psc_ilb_target_service\",\n name=\"producer-forwarding-rule\",\n region=\"us-west2\",\n load_balancing_scheme=\"INTERNAL\",\n backend_service=producer_service_backend.id,\n all_ports=True,\n network=psc_ilb_network.name,\n subnetwork=psc_ilb_producer_subnetwork.name)\npsc_ilb_nat = gcp.compute.Subnetwork(\"psc_ilb_nat\",\n name=\"psc-ilb-nat\",\n region=\"us-west2\",\n network=psc_ilb_network.id,\n purpose=\"PRIVATE_SERVICE_CONNECT\",\n ip_cidr_range=\"10.1.0.0/16\")\npsc_ilb_service_attachment = gcp.compute.ServiceAttachment(\"psc_ilb_service_attachment\",\n name=\"my-psc-ilb\",\n region=\"us-west2\",\n description=\"A service attachment configured with Terraform\",\n domain_names=[\"gcp.tfacc.hashicorptest.com.\"],\n enable_proxy_protocol=True,\n connection_preference=\"ACCEPT_MANUAL\",\n nat_subnets=[psc_ilb_nat.id],\n target_service=psc_ilb_target_service.id,\n consumer_reject_lists=[\n \"673497134629\",\n \"482878270665\",\n ],\n consumer_accept_lists=[{\n \"project_id_or_num\": \"658859330310\",\n \"connection_limit\": 4,\n }],\n reconcile_connections=False)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var producerServiceHealthCheck = new Gcp.Compute.HealthCheck(\"producer_service_health_check\", new()\n {\n Name = \"producer-service-health-check\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var producerServiceBackend = new Gcp.Compute.RegionBackendService(\"producer_service_backend\", new()\n {\n Name = \"producer-service\",\n Region = \"us-west2\",\n HealthChecks = producerServiceHealthCheck.Id,\n });\n\n var pscIlbNetwork = new Gcp.Compute.Network(\"psc_ilb_network\", new()\n {\n Name = \"psc-ilb-network\",\n AutoCreateSubnetworks = false,\n });\n\n var pscIlbProducerSubnetwork = new Gcp.Compute.Subnetwork(\"psc_ilb_producer_subnetwork\", new()\n {\n Name = \"psc-ilb-producer-subnetwork\",\n Region = \"us-west2\",\n Network = pscIlbNetwork.Id,\n IpCidrRange = \"10.0.0.0/16\",\n });\n\n var pscIlbTargetService = new Gcp.Compute.ForwardingRule(\"psc_ilb_target_service\", new()\n {\n Name = \"producer-forwarding-rule\",\n Region = \"us-west2\",\n LoadBalancingScheme = \"INTERNAL\",\n BackendService = producerServiceBackend.Id,\n AllPorts = true,\n Network = pscIlbNetwork.Name,\n Subnetwork = pscIlbProducerSubnetwork.Name,\n });\n\n var pscIlbNat = new Gcp.Compute.Subnetwork(\"psc_ilb_nat\", new()\n {\n Name = \"psc-ilb-nat\",\n Region = \"us-west2\",\n Network = pscIlbNetwork.Id,\n Purpose = \"PRIVATE_SERVICE_CONNECT\",\n IpCidrRange = \"10.1.0.0/16\",\n });\n\n var pscIlbServiceAttachment = new Gcp.Compute.ServiceAttachment(\"psc_ilb_service_attachment\", new()\n {\n Name = \"my-psc-ilb\",\n Region = \"us-west2\",\n Description = \"A service attachment configured with Terraform\",\n DomainNames = new[]\n {\n \"gcp.tfacc.hashicorptest.com.\",\n },\n EnableProxyProtocol = true,\n ConnectionPreference = \"ACCEPT_MANUAL\",\n NatSubnets = new[]\n {\n pscIlbNat.Id,\n },\n TargetService = pscIlbTargetService.Id,\n ConsumerRejectLists = new[]\n {\n \"673497134629\",\n \"482878270665\",\n },\n ConsumerAcceptLists = new[]\n {\n new Gcp.Compute.Inputs.ServiceAttachmentConsumerAcceptListArgs\n {\n ProjectIdOrNum = \"658859330310\",\n ConnectionLimit = 4,\n },\n },\n ReconcileConnections = false,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproducerServiceHealthCheck, err := compute.NewHealthCheck(ctx, \"producer_service_health_check\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"producer-service-health-check\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerServiceBackend, err := compute.NewRegionBackendService(ctx, \"producer_service_backend\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"producer-service\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tHealthChecks: producerServiceHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbNetwork, err := compute.NewNetwork(ctx, \"psc_ilb_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbProducerSubnetwork, err := compute.NewSubnetwork(ctx, \"psc_ilb_producer_subnetwork\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-producer-subnetwork\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tNetwork: pscIlbNetwork.ID(),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbTargetService, err := compute.NewForwardingRule(ctx, \"psc_ilb_target_service\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"producer-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL\"),\n\t\t\tBackendService: producerServiceBackend.ID(),\n\t\t\tAllPorts: pulumi.Bool(true),\n\t\t\tNetwork: pscIlbNetwork.Name,\n\t\t\tSubnetwork: pscIlbProducerSubnetwork.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbNat, err := compute.NewSubnetwork(ctx, \"psc_ilb_nat\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-nat\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tNetwork: pscIlbNetwork.ID(),\n\t\t\tPurpose: pulumi.String(\"PRIVATE_SERVICE_CONNECT\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewServiceAttachment(ctx, \"psc_ilb_service_attachment\", \u0026compute.ServiceAttachmentArgs{\n\t\t\tName: pulumi.String(\"my-psc-ilb\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tDescription: pulumi.String(\"A service attachment configured with Terraform\"),\n\t\t\tDomainNames: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"gcp.tfacc.hashicorptest.com.\"),\n\t\t\t},\n\t\t\tEnableProxyProtocol: pulumi.Bool(true),\n\t\t\tConnectionPreference: pulumi.String(\"ACCEPT_MANUAL\"),\n\t\t\tNatSubnets: pulumi.StringArray{\n\t\t\t\tpscIlbNat.ID(),\n\t\t\t},\n\t\t\tTargetService: pscIlbTargetService.ID(),\n\t\t\tConsumerRejectLists: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"673497134629\"),\n\t\t\t\tpulumi.String(\"482878270665\"),\n\t\t\t},\n\t\t\tConsumerAcceptLists: compute.ServiceAttachmentConsumerAcceptListArray{\n\t\t\t\t\u0026compute.ServiceAttachmentConsumerAcceptListArgs{\n\t\t\t\t\tProjectIdOrNum: pulumi.String(\"658859330310\"),\n\t\t\t\t\tConnectionLimit: pulumi.Int(4),\n\t\t\t\t},\n\t\t\t},\n\t\t\tReconcileConnections: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.compute.ServiceAttachment;\nimport com.pulumi.gcp.compute.ServiceAttachmentArgs;\nimport com.pulumi.gcp.compute.inputs.ServiceAttachmentConsumerAcceptListArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var producerServiceHealthCheck = new HealthCheck(\"producerServiceHealthCheck\", HealthCheckArgs.builder()\n .name(\"producer-service-health-check\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n var producerServiceBackend = new RegionBackendService(\"producerServiceBackend\", RegionBackendServiceArgs.builder()\n .name(\"producer-service\")\n .region(\"us-west2\")\n .healthChecks(producerServiceHealthCheck.id())\n .build());\n\n var pscIlbNetwork = new Network(\"pscIlbNetwork\", NetworkArgs.builder()\n .name(\"psc-ilb-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var pscIlbProducerSubnetwork = new Subnetwork(\"pscIlbProducerSubnetwork\", SubnetworkArgs.builder()\n .name(\"psc-ilb-producer-subnetwork\")\n .region(\"us-west2\")\n .network(pscIlbNetwork.id())\n .ipCidrRange(\"10.0.0.0/16\")\n .build());\n\n var pscIlbTargetService = new ForwardingRule(\"pscIlbTargetService\", ForwardingRuleArgs.builder()\n .name(\"producer-forwarding-rule\")\n .region(\"us-west2\")\n .loadBalancingScheme(\"INTERNAL\")\n .backendService(producerServiceBackend.id())\n .allPorts(true)\n .network(pscIlbNetwork.name())\n .subnetwork(pscIlbProducerSubnetwork.name())\n .build());\n\n var pscIlbNat = new Subnetwork(\"pscIlbNat\", SubnetworkArgs.builder()\n .name(\"psc-ilb-nat\")\n .region(\"us-west2\")\n .network(pscIlbNetwork.id())\n .purpose(\"PRIVATE_SERVICE_CONNECT\")\n .ipCidrRange(\"10.1.0.0/16\")\n .build());\n\n var pscIlbServiceAttachment = new ServiceAttachment(\"pscIlbServiceAttachment\", ServiceAttachmentArgs.builder()\n .name(\"my-psc-ilb\")\n .region(\"us-west2\")\n .description(\"A service attachment configured with Terraform\")\n .domainNames(\"gcp.tfacc.hashicorptest.com.\")\n .enableProxyProtocol(true)\n .connectionPreference(\"ACCEPT_MANUAL\")\n .natSubnets(pscIlbNat.id())\n .targetService(pscIlbTargetService.id())\n .consumerRejectLists( \n \"673497134629\",\n \"482878270665\")\n .consumerAcceptLists(ServiceAttachmentConsumerAcceptListArgs.builder()\n .projectIdOrNum(\"658859330310\")\n .connectionLimit(4)\n .build())\n .reconcileConnections(false)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pscIlbServiceAttachment:\n type: gcp:compute:ServiceAttachment\n name: psc_ilb_service_attachment\n properties:\n name: my-psc-ilb\n region: us-west2\n description: A service attachment configured with Terraform\n domainNames:\n - gcp.tfacc.hashicorptest.com.\n enableProxyProtocol: true\n connectionPreference: ACCEPT_MANUAL\n natSubnets:\n - ${pscIlbNat.id}\n targetService: ${pscIlbTargetService.id}\n consumerRejectLists:\n - '673497134629'\n - '482878270665'\n consumerAcceptLists:\n - projectIdOrNum: '658859330310'\n connectionLimit: 4\n reconcileConnections: false\n pscIlbTargetService:\n type: gcp:compute:ForwardingRule\n name: psc_ilb_target_service\n properties:\n name: producer-forwarding-rule\n region: us-west2\n loadBalancingScheme: INTERNAL\n backendService: ${producerServiceBackend.id}\n allPorts: true\n network: ${pscIlbNetwork.name}\n subnetwork: ${pscIlbProducerSubnetwork.name}\n producerServiceBackend:\n type: gcp:compute:RegionBackendService\n name: producer_service_backend\n properties:\n name: producer-service\n region: us-west2\n healthChecks: ${producerServiceHealthCheck.id}\n producerServiceHealthCheck:\n type: gcp:compute:HealthCheck\n name: producer_service_health_check\n properties:\n name: producer-service-health-check\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\n pscIlbNetwork:\n type: gcp:compute:Network\n name: psc_ilb_network\n properties:\n name: psc-ilb-network\n autoCreateSubnetworks: false\n pscIlbProducerSubnetwork:\n type: gcp:compute:Subnetwork\n name: psc_ilb_producer_subnetwork\n properties:\n name: psc-ilb-producer-subnetwork\n region: us-west2\n network: ${pscIlbNetwork.id}\n ipCidrRange: 10.0.0.0/16\n pscIlbNat:\n type: gcp:compute:Subnetwork\n name: psc_ilb_nat\n properties:\n name: psc-ilb-nat\n region: us-west2\n network: ${pscIlbNetwork.id}\n purpose: PRIVATE_SERVICE_CONNECT\n ipCidrRange: 10.1.0.0/16\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nServiceAttachment can be imported using any of these accepted formats:\n\n* `projects/{{project}}/regions/{{region}}/serviceAttachments/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, ServiceAttachment can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/serviceAttachment:ServiceAttachment default projects/{{project}}/regions/{{region}}/serviceAttachments/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/serviceAttachment:ServiceAttachment default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/serviceAttachment:ServiceAttachment default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/serviceAttachment:ServiceAttachment default {{name}}\n```\n\n", + "description": "Represents a ServiceAttachment resource.\n\n\nTo get more information about ServiceAttachment, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/beta/serviceAttachments)\n* How-to Guides\n * [Configuring Private Service Connect to access services](https://cloud.google.com/vpc/docs/configure-private-service-connect-services)\n\n## Example Usage\n\n### Service Attachment Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst producerServiceHealthCheck = new gcp.compute.HealthCheck(\"producer_service_health_check\", {\n name: \"producer-service-health-check\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst producerServiceBackend = new gcp.compute.RegionBackendService(\"producer_service_backend\", {\n name: \"producer-service\",\n region: \"us-west2\",\n healthChecks: producerServiceHealthCheck.id,\n});\nconst pscIlbNetwork = new gcp.compute.Network(\"psc_ilb_network\", {\n name: \"psc-ilb-network\",\n autoCreateSubnetworks: false,\n});\nconst pscIlbProducerSubnetwork = new gcp.compute.Subnetwork(\"psc_ilb_producer_subnetwork\", {\n name: \"psc-ilb-producer-subnetwork\",\n region: \"us-west2\",\n network: pscIlbNetwork.id,\n ipCidrRange: \"10.0.0.0/16\",\n});\nconst pscIlbTargetService = new gcp.compute.ForwardingRule(\"psc_ilb_target_service\", {\n name: \"producer-forwarding-rule\",\n region: \"us-west2\",\n loadBalancingScheme: \"INTERNAL\",\n backendService: producerServiceBackend.id,\n allPorts: true,\n network: pscIlbNetwork.name,\n subnetwork: pscIlbProducerSubnetwork.name,\n});\nconst pscIlbNat = new gcp.compute.Subnetwork(\"psc_ilb_nat\", {\n name: \"psc-ilb-nat\",\n region: \"us-west2\",\n network: pscIlbNetwork.id,\n purpose: \"PRIVATE_SERVICE_CONNECT\",\n ipCidrRange: \"10.1.0.0/16\",\n});\nconst pscIlbServiceAttachment = new gcp.compute.ServiceAttachment(\"psc_ilb_service_attachment\", {\n name: \"my-psc-ilb\",\n region: \"us-west2\",\n description: \"A service attachment configured with Terraform\",\n domainNames: [\"gcp.tfacc.hashicorptest.com.\"],\n enableProxyProtocol: true,\n connectionPreference: \"ACCEPT_AUTOMATIC\",\n natSubnets: [pscIlbNat.id],\n targetService: pscIlbTargetService.id,\n});\nconst pscIlbConsumerAddress = new gcp.compute.Address(\"psc_ilb_consumer_address\", {\n name: \"psc-ilb-consumer-address\",\n region: \"us-west2\",\n subnetwork: \"default\",\n addressType: \"INTERNAL\",\n});\nconst pscIlbConsumer = new gcp.compute.ForwardingRule(\"psc_ilb_consumer\", {\n name: \"psc-ilb-consumer-forwarding-rule\",\n region: \"us-west2\",\n target: pscIlbServiceAttachment.id,\n loadBalancingScheme: \"\",\n network: \"default\",\n ipAddress: pscIlbConsumerAddress.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproducer_service_health_check = gcp.compute.HealthCheck(\"producer_service_health_check\",\n name=\"producer-service-health-check\",\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\nproducer_service_backend = gcp.compute.RegionBackendService(\"producer_service_backend\",\n name=\"producer-service\",\n region=\"us-west2\",\n health_checks=producer_service_health_check.id)\npsc_ilb_network = gcp.compute.Network(\"psc_ilb_network\",\n name=\"psc-ilb-network\",\n auto_create_subnetworks=False)\npsc_ilb_producer_subnetwork = gcp.compute.Subnetwork(\"psc_ilb_producer_subnetwork\",\n name=\"psc-ilb-producer-subnetwork\",\n region=\"us-west2\",\n network=psc_ilb_network.id,\n ip_cidr_range=\"10.0.0.0/16\")\npsc_ilb_target_service = gcp.compute.ForwardingRule(\"psc_ilb_target_service\",\n name=\"producer-forwarding-rule\",\n region=\"us-west2\",\n load_balancing_scheme=\"INTERNAL\",\n backend_service=producer_service_backend.id,\n all_ports=True,\n network=psc_ilb_network.name,\n subnetwork=psc_ilb_producer_subnetwork.name)\npsc_ilb_nat = gcp.compute.Subnetwork(\"psc_ilb_nat\",\n name=\"psc-ilb-nat\",\n region=\"us-west2\",\n network=psc_ilb_network.id,\n purpose=\"PRIVATE_SERVICE_CONNECT\",\n ip_cidr_range=\"10.1.0.0/16\")\npsc_ilb_service_attachment = gcp.compute.ServiceAttachment(\"psc_ilb_service_attachment\",\n name=\"my-psc-ilb\",\n region=\"us-west2\",\n description=\"A service attachment configured with Terraform\",\n domain_names=[\"gcp.tfacc.hashicorptest.com.\"],\n enable_proxy_protocol=True,\n connection_preference=\"ACCEPT_AUTOMATIC\",\n nat_subnets=[psc_ilb_nat.id],\n target_service=psc_ilb_target_service.id)\npsc_ilb_consumer_address = gcp.compute.Address(\"psc_ilb_consumer_address\",\n name=\"psc-ilb-consumer-address\",\n region=\"us-west2\",\n subnetwork=\"default\",\n address_type=\"INTERNAL\")\npsc_ilb_consumer = gcp.compute.ForwardingRule(\"psc_ilb_consumer\",\n name=\"psc-ilb-consumer-forwarding-rule\",\n region=\"us-west2\",\n target=psc_ilb_service_attachment.id,\n load_balancing_scheme=\"\",\n network=\"default\",\n ip_address=psc_ilb_consumer_address.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var producerServiceHealthCheck = new Gcp.Compute.HealthCheck(\"producer_service_health_check\", new()\n {\n Name = \"producer-service-health-check\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var producerServiceBackend = new Gcp.Compute.RegionBackendService(\"producer_service_backend\", new()\n {\n Name = \"producer-service\",\n Region = \"us-west2\",\n HealthChecks = producerServiceHealthCheck.Id,\n });\n\n var pscIlbNetwork = new Gcp.Compute.Network(\"psc_ilb_network\", new()\n {\n Name = \"psc-ilb-network\",\n AutoCreateSubnetworks = false,\n });\n\n var pscIlbProducerSubnetwork = new Gcp.Compute.Subnetwork(\"psc_ilb_producer_subnetwork\", new()\n {\n Name = \"psc-ilb-producer-subnetwork\",\n Region = \"us-west2\",\n Network = pscIlbNetwork.Id,\n IpCidrRange = \"10.0.0.0/16\",\n });\n\n var pscIlbTargetService = new Gcp.Compute.ForwardingRule(\"psc_ilb_target_service\", new()\n {\n Name = \"producer-forwarding-rule\",\n Region = \"us-west2\",\n LoadBalancingScheme = \"INTERNAL\",\n BackendService = producerServiceBackend.Id,\n AllPorts = true,\n Network = pscIlbNetwork.Name,\n Subnetwork = pscIlbProducerSubnetwork.Name,\n });\n\n var pscIlbNat = new Gcp.Compute.Subnetwork(\"psc_ilb_nat\", new()\n {\n Name = \"psc-ilb-nat\",\n Region = \"us-west2\",\n Network = pscIlbNetwork.Id,\n Purpose = \"PRIVATE_SERVICE_CONNECT\",\n IpCidrRange = \"10.1.0.0/16\",\n });\n\n var pscIlbServiceAttachment = new Gcp.Compute.ServiceAttachment(\"psc_ilb_service_attachment\", new()\n {\n Name = \"my-psc-ilb\",\n Region = \"us-west2\",\n Description = \"A service attachment configured with Terraform\",\n DomainNames = new[]\n {\n \"gcp.tfacc.hashicorptest.com.\",\n },\n EnableProxyProtocol = true,\n ConnectionPreference = \"ACCEPT_AUTOMATIC\",\n NatSubnets = new[]\n {\n pscIlbNat.Id,\n },\n TargetService = pscIlbTargetService.Id,\n });\n\n var pscIlbConsumerAddress = new Gcp.Compute.Address(\"psc_ilb_consumer_address\", new()\n {\n Name = \"psc-ilb-consumer-address\",\n Region = \"us-west2\",\n Subnetwork = \"default\",\n AddressType = \"INTERNAL\",\n });\n\n var pscIlbConsumer = new Gcp.Compute.ForwardingRule(\"psc_ilb_consumer\", new()\n {\n Name = \"psc-ilb-consumer-forwarding-rule\",\n Region = \"us-west2\",\n Target = pscIlbServiceAttachment.Id,\n LoadBalancingScheme = \"\",\n Network = \"default\",\n IpAddress = pscIlbConsumerAddress.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproducerServiceHealthCheck, err := compute.NewHealthCheck(ctx, \"producer_service_health_check\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"producer-service-health-check\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerServiceBackend, err := compute.NewRegionBackendService(ctx, \"producer_service_backend\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"producer-service\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tHealthChecks: producerServiceHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbNetwork, err := compute.NewNetwork(ctx, \"psc_ilb_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbProducerSubnetwork, err := compute.NewSubnetwork(ctx, \"psc_ilb_producer_subnetwork\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-producer-subnetwork\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tNetwork: pscIlbNetwork.ID(),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbTargetService, err := compute.NewForwardingRule(ctx, \"psc_ilb_target_service\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"producer-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL\"),\n\t\t\tBackendService: producerServiceBackend.ID(),\n\t\t\tAllPorts: pulumi.Bool(true),\n\t\t\tNetwork: pscIlbNetwork.Name,\n\t\t\tSubnetwork: pscIlbProducerSubnetwork.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbNat, err := compute.NewSubnetwork(ctx, \"psc_ilb_nat\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-nat\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tNetwork: pscIlbNetwork.ID(),\n\t\t\tPurpose: pulumi.String(\"PRIVATE_SERVICE_CONNECT\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbServiceAttachment, err := compute.NewServiceAttachment(ctx, \"psc_ilb_service_attachment\", \u0026compute.ServiceAttachmentArgs{\n\t\t\tName: pulumi.String(\"my-psc-ilb\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tDescription: pulumi.String(\"A service attachment configured with Terraform\"),\n\t\t\tDomainNames: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"gcp.tfacc.hashicorptest.com.\"),\n\t\t\t},\n\t\t\tEnableProxyProtocol: pulumi.Bool(true),\n\t\t\tConnectionPreference: pulumi.String(\"ACCEPT_AUTOMATIC\"),\n\t\t\tNatSubnets: pulumi.StringArray{\n\t\t\t\tpscIlbNat.ID(),\n\t\t\t},\n\t\t\tTargetService: pscIlbTargetService.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbConsumerAddress, err := compute.NewAddress(ctx, \"psc_ilb_consumer_address\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-consumer-address\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tSubnetwork: pulumi.String(\"default\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewForwardingRule(ctx, \"psc_ilb_consumer\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-consumer-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tTarget: pscIlbServiceAttachment.ID(),\n\t\t\tLoadBalancingScheme: pulumi.String(\"\"),\n\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\tIpAddress: pscIlbConsumerAddress.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.compute.ServiceAttachment;\nimport com.pulumi.gcp.compute.ServiceAttachmentArgs;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var producerServiceHealthCheck = new HealthCheck(\"producerServiceHealthCheck\", HealthCheckArgs.builder()\n .name(\"producer-service-health-check\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n var producerServiceBackend = new RegionBackendService(\"producerServiceBackend\", RegionBackendServiceArgs.builder()\n .name(\"producer-service\")\n .region(\"us-west2\")\n .healthChecks(producerServiceHealthCheck.id())\n .build());\n\n var pscIlbNetwork = new Network(\"pscIlbNetwork\", NetworkArgs.builder()\n .name(\"psc-ilb-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var pscIlbProducerSubnetwork = new Subnetwork(\"pscIlbProducerSubnetwork\", SubnetworkArgs.builder()\n .name(\"psc-ilb-producer-subnetwork\")\n .region(\"us-west2\")\n .network(pscIlbNetwork.id())\n .ipCidrRange(\"10.0.0.0/16\")\n .build());\n\n var pscIlbTargetService = new ForwardingRule(\"pscIlbTargetService\", ForwardingRuleArgs.builder()\n .name(\"producer-forwarding-rule\")\n .region(\"us-west2\")\n .loadBalancingScheme(\"INTERNAL\")\n .backendService(producerServiceBackend.id())\n .allPorts(true)\n .network(pscIlbNetwork.name())\n .subnetwork(pscIlbProducerSubnetwork.name())\n .build());\n\n var pscIlbNat = new Subnetwork(\"pscIlbNat\", SubnetworkArgs.builder()\n .name(\"psc-ilb-nat\")\n .region(\"us-west2\")\n .network(pscIlbNetwork.id())\n .purpose(\"PRIVATE_SERVICE_CONNECT\")\n .ipCidrRange(\"10.1.0.0/16\")\n .build());\n\n var pscIlbServiceAttachment = new ServiceAttachment(\"pscIlbServiceAttachment\", ServiceAttachmentArgs.builder()\n .name(\"my-psc-ilb\")\n .region(\"us-west2\")\n .description(\"A service attachment configured with Terraform\")\n .domainNames(\"gcp.tfacc.hashicorptest.com.\")\n .enableProxyProtocol(true)\n .connectionPreference(\"ACCEPT_AUTOMATIC\")\n .natSubnets(pscIlbNat.id())\n .targetService(pscIlbTargetService.id())\n .build());\n\n var pscIlbConsumerAddress = new Address(\"pscIlbConsumerAddress\", AddressArgs.builder()\n .name(\"psc-ilb-consumer-address\")\n .region(\"us-west2\")\n .subnetwork(\"default\")\n .addressType(\"INTERNAL\")\n .build());\n\n var pscIlbConsumer = new ForwardingRule(\"pscIlbConsumer\", ForwardingRuleArgs.builder()\n .name(\"psc-ilb-consumer-forwarding-rule\")\n .region(\"us-west2\")\n .target(pscIlbServiceAttachment.id())\n .loadBalancingScheme(\"\")\n .network(\"default\")\n .ipAddress(pscIlbConsumerAddress.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pscIlbServiceAttachment:\n type: gcp:compute:ServiceAttachment\n name: psc_ilb_service_attachment\n properties:\n name: my-psc-ilb\n region: us-west2\n description: A service attachment configured with Terraform\n domainNames:\n - gcp.tfacc.hashicorptest.com.\n enableProxyProtocol: true\n connectionPreference: ACCEPT_AUTOMATIC\n natSubnets:\n - ${pscIlbNat.id}\n targetService: ${pscIlbTargetService.id}\n pscIlbConsumerAddress:\n type: gcp:compute:Address\n name: psc_ilb_consumer_address\n properties:\n name: psc-ilb-consumer-address\n region: us-west2\n subnetwork: default\n addressType: INTERNAL\n pscIlbConsumer:\n type: gcp:compute:ForwardingRule\n name: psc_ilb_consumer\n properties:\n name: psc-ilb-consumer-forwarding-rule\n region: us-west2\n target: ${pscIlbServiceAttachment.id}\n loadBalancingScheme: \"\"\n network: default\n ipAddress: ${pscIlbConsumerAddress.id}\n pscIlbTargetService:\n type: gcp:compute:ForwardingRule\n name: psc_ilb_target_service\n properties:\n name: producer-forwarding-rule\n region: us-west2\n loadBalancingScheme: INTERNAL\n backendService: ${producerServiceBackend.id}\n allPorts: true\n network: ${pscIlbNetwork.name}\n subnetwork: ${pscIlbProducerSubnetwork.name}\n producerServiceBackend:\n type: gcp:compute:RegionBackendService\n name: producer_service_backend\n properties:\n name: producer-service\n region: us-west2\n healthChecks: ${producerServiceHealthCheck.id}\n producerServiceHealthCheck:\n type: gcp:compute:HealthCheck\n name: producer_service_health_check\n properties:\n name: producer-service-health-check\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\n pscIlbNetwork:\n type: gcp:compute:Network\n name: psc_ilb_network\n properties:\n name: psc-ilb-network\n autoCreateSubnetworks: false\n pscIlbProducerSubnetwork:\n type: gcp:compute:Subnetwork\n name: psc_ilb_producer_subnetwork\n properties:\n name: psc-ilb-producer-subnetwork\n region: us-west2\n network: ${pscIlbNetwork.id}\n ipCidrRange: 10.0.0.0/16\n pscIlbNat:\n type: gcp:compute:Subnetwork\n name: psc_ilb_nat\n properties:\n name: psc-ilb-nat\n region: us-west2\n network: ${pscIlbNetwork.id}\n purpose: PRIVATE_SERVICE_CONNECT\n ipCidrRange: 10.1.0.0/16\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Service Attachment Explicit Projects\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst producerServiceHealthCheck = new gcp.compute.HealthCheck(\"producer_service_health_check\", {\n name: \"producer-service-health-check\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst producerServiceBackend = new gcp.compute.RegionBackendService(\"producer_service_backend\", {\n name: \"producer-service\",\n region: \"us-west2\",\n healthChecks: producerServiceHealthCheck.id,\n});\nconst pscIlbNetwork = new gcp.compute.Network(\"psc_ilb_network\", {\n name: \"psc-ilb-network\",\n autoCreateSubnetworks: false,\n});\nconst pscIlbProducerSubnetwork = new gcp.compute.Subnetwork(\"psc_ilb_producer_subnetwork\", {\n name: \"psc-ilb-producer-subnetwork\",\n region: \"us-west2\",\n network: pscIlbNetwork.id,\n ipCidrRange: \"10.0.0.0/16\",\n});\nconst pscIlbTargetService = new gcp.compute.ForwardingRule(\"psc_ilb_target_service\", {\n name: \"producer-forwarding-rule\",\n region: \"us-west2\",\n loadBalancingScheme: \"INTERNAL\",\n backendService: producerServiceBackend.id,\n allPorts: true,\n network: pscIlbNetwork.name,\n subnetwork: pscIlbProducerSubnetwork.name,\n});\nconst pscIlbNat = new gcp.compute.Subnetwork(\"psc_ilb_nat\", {\n name: \"psc-ilb-nat\",\n region: \"us-west2\",\n network: pscIlbNetwork.id,\n purpose: \"PRIVATE_SERVICE_CONNECT\",\n ipCidrRange: \"10.1.0.0/16\",\n});\nconst pscIlbServiceAttachment = new gcp.compute.ServiceAttachment(\"psc_ilb_service_attachment\", {\n name: \"my-psc-ilb\",\n region: \"us-west2\",\n description: \"A service attachment configured with Terraform\",\n domainNames: [\"gcp.tfacc.hashicorptest.com.\"],\n enableProxyProtocol: true,\n connectionPreference: \"ACCEPT_MANUAL\",\n natSubnets: [pscIlbNat.id],\n targetService: pscIlbTargetService.id,\n consumerRejectLists: [\n \"673497134629\",\n \"482878270665\",\n ],\n consumerAcceptLists: [{\n projectIdOrNum: \"658859330310\",\n connectionLimit: 4,\n }],\n});\nconst pscIlbConsumerAddress = new gcp.compute.Address(\"psc_ilb_consumer_address\", {\n name: \"psc-ilb-consumer-address\",\n region: \"us-west2\",\n subnetwork: \"default\",\n addressType: \"INTERNAL\",\n});\nconst pscIlbConsumer = new gcp.compute.ForwardingRule(\"psc_ilb_consumer\", {\n name: \"psc-ilb-consumer-forwarding-rule\",\n region: \"us-west2\",\n target: pscIlbServiceAttachment.id,\n loadBalancingScheme: \"\",\n network: \"default\",\n ipAddress: pscIlbConsumerAddress.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproducer_service_health_check = gcp.compute.HealthCheck(\"producer_service_health_check\",\n name=\"producer-service-health-check\",\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\nproducer_service_backend = gcp.compute.RegionBackendService(\"producer_service_backend\",\n name=\"producer-service\",\n region=\"us-west2\",\n health_checks=producer_service_health_check.id)\npsc_ilb_network = gcp.compute.Network(\"psc_ilb_network\",\n name=\"psc-ilb-network\",\n auto_create_subnetworks=False)\npsc_ilb_producer_subnetwork = gcp.compute.Subnetwork(\"psc_ilb_producer_subnetwork\",\n name=\"psc-ilb-producer-subnetwork\",\n region=\"us-west2\",\n network=psc_ilb_network.id,\n ip_cidr_range=\"10.0.0.0/16\")\npsc_ilb_target_service = gcp.compute.ForwardingRule(\"psc_ilb_target_service\",\n name=\"producer-forwarding-rule\",\n region=\"us-west2\",\n load_balancing_scheme=\"INTERNAL\",\n backend_service=producer_service_backend.id,\n all_ports=True,\n network=psc_ilb_network.name,\n subnetwork=psc_ilb_producer_subnetwork.name)\npsc_ilb_nat = gcp.compute.Subnetwork(\"psc_ilb_nat\",\n name=\"psc-ilb-nat\",\n region=\"us-west2\",\n network=psc_ilb_network.id,\n purpose=\"PRIVATE_SERVICE_CONNECT\",\n ip_cidr_range=\"10.1.0.0/16\")\npsc_ilb_service_attachment = gcp.compute.ServiceAttachment(\"psc_ilb_service_attachment\",\n name=\"my-psc-ilb\",\n region=\"us-west2\",\n description=\"A service attachment configured with Terraform\",\n domain_names=[\"gcp.tfacc.hashicorptest.com.\"],\n enable_proxy_protocol=True,\n connection_preference=\"ACCEPT_MANUAL\",\n nat_subnets=[psc_ilb_nat.id],\n target_service=psc_ilb_target_service.id,\n consumer_reject_lists=[\n \"673497134629\",\n \"482878270665\",\n ],\n consumer_accept_lists=[{\n \"project_id_or_num\": \"658859330310\",\n \"connection_limit\": 4,\n }])\npsc_ilb_consumer_address = gcp.compute.Address(\"psc_ilb_consumer_address\",\n name=\"psc-ilb-consumer-address\",\n region=\"us-west2\",\n subnetwork=\"default\",\n address_type=\"INTERNAL\")\npsc_ilb_consumer = gcp.compute.ForwardingRule(\"psc_ilb_consumer\",\n name=\"psc-ilb-consumer-forwarding-rule\",\n region=\"us-west2\",\n target=psc_ilb_service_attachment.id,\n load_balancing_scheme=\"\",\n network=\"default\",\n ip_address=psc_ilb_consumer_address.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var producerServiceHealthCheck = new Gcp.Compute.HealthCheck(\"producer_service_health_check\", new()\n {\n Name = \"producer-service-health-check\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var producerServiceBackend = new Gcp.Compute.RegionBackendService(\"producer_service_backend\", new()\n {\n Name = \"producer-service\",\n Region = \"us-west2\",\n HealthChecks = producerServiceHealthCheck.Id,\n });\n\n var pscIlbNetwork = new Gcp.Compute.Network(\"psc_ilb_network\", new()\n {\n Name = \"psc-ilb-network\",\n AutoCreateSubnetworks = false,\n });\n\n var pscIlbProducerSubnetwork = new Gcp.Compute.Subnetwork(\"psc_ilb_producer_subnetwork\", new()\n {\n Name = \"psc-ilb-producer-subnetwork\",\n Region = \"us-west2\",\n Network = pscIlbNetwork.Id,\n IpCidrRange = \"10.0.0.0/16\",\n });\n\n var pscIlbTargetService = new Gcp.Compute.ForwardingRule(\"psc_ilb_target_service\", new()\n {\n Name = \"producer-forwarding-rule\",\n Region = \"us-west2\",\n LoadBalancingScheme = \"INTERNAL\",\n BackendService = producerServiceBackend.Id,\n AllPorts = true,\n Network = pscIlbNetwork.Name,\n Subnetwork = pscIlbProducerSubnetwork.Name,\n });\n\n var pscIlbNat = new Gcp.Compute.Subnetwork(\"psc_ilb_nat\", new()\n {\n Name = \"psc-ilb-nat\",\n Region = \"us-west2\",\n Network = pscIlbNetwork.Id,\n Purpose = \"PRIVATE_SERVICE_CONNECT\",\n IpCidrRange = \"10.1.0.0/16\",\n });\n\n var pscIlbServiceAttachment = new Gcp.Compute.ServiceAttachment(\"psc_ilb_service_attachment\", new()\n {\n Name = \"my-psc-ilb\",\n Region = \"us-west2\",\n Description = \"A service attachment configured with Terraform\",\n DomainNames = new[]\n {\n \"gcp.tfacc.hashicorptest.com.\",\n },\n EnableProxyProtocol = true,\n ConnectionPreference = \"ACCEPT_MANUAL\",\n NatSubnets = new[]\n {\n pscIlbNat.Id,\n },\n TargetService = pscIlbTargetService.Id,\n ConsumerRejectLists = new[]\n {\n \"673497134629\",\n \"482878270665\",\n },\n ConsumerAcceptLists = new[]\n {\n new Gcp.Compute.Inputs.ServiceAttachmentConsumerAcceptListArgs\n {\n ProjectIdOrNum = \"658859330310\",\n ConnectionLimit = 4,\n },\n },\n });\n\n var pscIlbConsumerAddress = new Gcp.Compute.Address(\"psc_ilb_consumer_address\", new()\n {\n Name = \"psc-ilb-consumer-address\",\n Region = \"us-west2\",\n Subnetwork = \"default\",\n AddressType = \"INTERNAL\",\n });\n\n var pscIlbConsumer = new Gcp.Compute.ForwardingRule(\"psc_ilb_consumer\", new()\n {\n Name = \"psc-ilb-consumer-forwarding-rule\",\n Region = \"us-west2\",\n Target = pscIlbServiceAttachment.Id,\n LoadBalancingScheme = \"\",\n Network = \"default\",\n IpAddress = pscIlbConsumerAddress.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproducerServiceHealthCheck, err := compute.NewHealthCheck(ctx, \"producer_service_health_check\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"producer-service-health-check\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerServiceBackend, err := compute.NewRegionBackendService(ctx, \"producer_service_backend\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"producer-service\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tHealthChecks: producerServiceHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbNetwork, err := compute.NewNetwork(ctx, \"psc_ilb_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbProducerSubnetwork, err := compute.NewSubnetwork(ctx, \"psc_ilb_producer_subnetwork\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-producer-subnetwork\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tNetwork: pscIlbNetwork.ID(),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbTargetService, err := compute.NewForwardingRule(ctx, \"psc_ilb_target_service\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"producer-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL\"),\n\t\t\tBackendService: producerServiceBackend.ID(),\n\t\t\tAllPorts: pulumi.Bool(true),\n\t\t\tNetwork: pscIlbNetwork.Name,\n\t\t\tSubnetwork: pscIlbProducerSubnetwork.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbNat, err := compute.NewSubnetwork(ctx, \"psc_ilb_nat\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-nat\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tNetwork: pscIlbNetwork.ID(),\n\t\t\tPurpose: pulumi.String(\"PRIVATE_SERVICE_CONNECT\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbServiceAttachment, err := compute.NewServiceAttachment(ctx, \"psc_ilb_service_attachment\", \u0026compute.ServiceAttachmentArgs{\n\t\t\tName: pulumi.String(\"my-psc-ilb\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tDescription: pulumi.String(\"A service attachment configured with Terraform\"),\n\t\t\tDomainNames: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"gcp.tfacc.hashicorptest.com.\"),\n\t\t\t},\n\t\t\tEnableProxyProtocol: pulumi.Bool(true),\n\t\t\tConnectionPreference: pulumi.String(\"ACCEPT_MANUAL\"),\n\t\t\tNatSubnets: pulumi.StringArray{\n\t\t\t\tpscIlbNat.ID(),\n\t\t\t},\n\t\t\tTargetService: pscIlbTargetService.ID(),\n\t\t\tConsumerRejectLists: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"673497134629\"),\n\t\t\t\tpulumi.String(\"482878270665\"),\n\t\t\t},\n\t\t\tConsumerAcceptLists: compute.ServiceAttachmentConsumerAcceptListArray{\n\t\t\t\t\u0026compute.ServiceAttachmentConsumerAcceptListArgs{\n\t\t\t\t\tProjectIdOrNum: pulumi.String(\"658859330310\"),\n\t\t\t\t\tConnectionLimit: pulumi.Int(4),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbConsumerAddress, err := compute.NewAddress(ctx, \"psc_ilb_consumer_address\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-consumer-address\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tSubnetwork: pulumi.String(\"default\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewForwardingRule(ctx, \"psc_ilb_consumer\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-consumer-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tTarget: pscIlbServiceAttachment.ID(),\n\t\t\tLoadBalancingScheme: pulumi.String(\"\"),\n\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\tIpAddress: pscIlbConsumerAddress.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.compute.ServiceAttachment;\nimport com.pulumi.gcp.compute.ServiceAttachmentArgs;\nimport com.pulumi.gcp.compute.inputs.ServiceAttachmentConsumerAcceptListArgs;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var producerServiceHealthCheck = new HealthCheck(\"producerServiceHealthCheck\", HealthCheckArgs.builder()\n .name(\"producer-service-health-check\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n var producerServiceBackend = new RegionBackendService(\"producerServiceBackend\", RegionBackendServiceArgs.builder()\n .name(\"producer-service\")\n .region(\"us-west2\")\n .healthChecks(producerServiceHealthCheck.id())\n .build());\n\n var pscIlbNetwork = new Network(\"pscIlbNetwork\", NetworkArgs.builder()\n .name(\"psc-ilb-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var pscIlbProducerSubnetwork = new Subnetwork(\"pscIlbProducerSubnetwork\", SubnetworkArgs.builder()\n .name(\"psc-ilb-producer-subnetwork\")\n .region(\"us-west2\")\n .network(pscIlbNetwork.id())\n .ipCidrRange(\"10.0.0.0/16\")\n .build());\n\n var pscIlbTargetService = new ForwardingRule(\"pscIlbTargetService\", ForwardingRuleArgs.builder()\n .name(\"producer-forwarding-rule\")\n .region(\"us-west2\")\n .loadBalancingScheme(\"INTERNAL\")\n .backendService(producerServiceBackend.id())\n .allPorts(true)\n .network(pscIlbNetwork.name())\n .subnetwork(pscIlbProducerSubnetwork.name())\n .build());\n\n var pscIlbNat = new Subnetwork(\"pscIlbNat\", SubnetworkArgs.builder()\n .name(\"psc-ilb-nat\")\n .region(\"us-west2\")\n .network(pscIlbNetwork.id())\n .purpose(\"PRIVATE_SERVICE_CONNECT\")\n .ipCidrRange(\"10.1.0.0/16\")\n .build());\n\n var pscIlbServiceAttachment = new ServiceAttachment(\"pscIlbServiceAttachment\", ServiceAttachmentArgs.builder()\n .name(\"my-psc-ilb\")\n .region(\"us-west2\")\n .description(\"A service attachment configured with Terraform\")\n .domainNames(\"gcp.tfacc.hashicorptest.com.\")\n .enableProxyProtocol(true)\n .connectionPreference(\"ACCEPT_MANUAL\")\n .natSubnets(pscIlbNat.id())\n .targetService(pscIlbTargetService.id())\n .consumerRejectLists( \n \"673497134629\",\n \"482878270665\")\n .consumerAcceptLists(ServiceAttachmentConsumerAcceptListArgs.builder()\n .projectIdOrNum(\"658859330310\")\n .connectionLimit(4)\n .build())\n .build());\n\n var pscIlbConsumerAddress = new Address(\"pscIlbConsumerAddress\", AddressArgs.builder()\n .name(\"psc-ilb-consumer-address\")\n .region(\"us-west2\")\n .subnetwork(\"default\")\n .addressType(\"INTERNAL\")\n .build());\n\n var pscIlbConsumer = new ForwardingRule(\"pscIlbConsumer\", ForwardingRuleArgs.builder()\n .name(\"psc-ilb-consumer-forwarding-rule\")\n .region(\"us-west2\")\n .target(pscIlbServiceAttachment.id())\n .loadBalancingScheme(\"\")\n .network(\"default\")\n .ipAddress(pscIlbConsumerAddress.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pscIlbServiceAttachment:\n type: gcp:compute:ServiceAttachment\n name: psc_ilb_service_attachment\n properties:\n name: my-psc-ilb\n region: us-west2\n description: A service attachment configured with Terraform\n domainNames:\n - gcp.tfacc.hashicorptest.com.\n enableProxyProtocol: true\n connectionPreference: ACCEPT_MANUAL\n natSubnets:\n - ${pscIlbNat.id}\n targetService: ${pscIlbTargetService.id}\n consumerRejectLists:\n - '673497134629'\n - '482878270665'\n consumerAcceptLists:\n - projectIdOrNum: '658859330310'\n connectionLimit: 4\n pscIlbConsumerAddress:\n type: gcp:compute:Address\n name: psc_ilb_consumer_address\n properties:\n name: psc-ilb-consumer-address\n region: us-west2\n subnetwork: default\n addressType: INTERNAL\n pscIlbConsumer:\n type: gcp:compute:ForwardingRule\n name: psc_ilb_consumer\n properties:\n name: psc-ilb-consumer-forwarding-rule\n region: us-west2\n target: ${pscIlbServiceAttachment.id}\n loadBalancingScheme: \"\"\n network: default\n ipAddress: ${pscIlbConsumerAddress.id}\n pscIlbTargetService:\n type: gcp:compute:ForwardingRule\n name: psc_ilb_target_service\n properties:\n name: producer-forwarding-rule\n region: us-west2\n loadBalancingScheme: INTERNAL\n backendService: ${producerServiceBackend.id}\n allPorts: true\n network: ${pscIlbNetwork.name}\n subnetwork: ${pscIlbProducerSubnetwork.name}\n producerServiceBackend:\n type: gcp:compute:RegionBackendService\n name: producer_service_backend\n properties:\n name: producer-service\n region: us-west2\n healthChecks: ${producerServiceHealthCheck.id}\n producerServiceHealthCheck:\n type: gcp:compute:HealthCheck\n name: producer_service_health_check\n properties:\n name: producer-service-health-check\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\n pscIlbNetwork:\n type: gcp:compute:Network\n name: psc_ilb_network\n properties:\n name: psc-ilb-network\n autoCreateSubnetworks: false\n pscIlbProducerSubnetwork:\n type: gcp:compute:Subnetwork\n name: psc_ilb_producer_subnetwork\n properties:\n name: psc-ilb-producer-subnetwork\n region: us-west2\n network: ${pscIlbNetwork.id}\n ipCidrRange: 10.0.0.0/16\n pscIlbNat:\n type: gcp:compute:Subnetwork\n name: psc_ilb_nat\n properties:\n name: psc-ilb-nat\n region: us-west2\n network: ${pscIlbNetwork.id}\n purpose: PRIVATE_SERVICE_CONNECT\n ipCidrRange: 10.1.0.0/16\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Service Attachment Explicit Networks\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst pscIlbConsumerNetwork = new gcp.compute.Network(\"psc_ilb_consumer_network\", {\n name: \"psc-ilb-consumer-network\",\n autoCreateSubnetworks: false,\n});\nconst producerServiceHealthCheck = new gcp.compute.HealthCheck(\"producer_service_health_check\", {\n name: \"producer-service-health-check\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst producerServiceBackend = new gcp.compute.RegionBackendService(\"producer_service_backend\", {\n name: \"producer-service\",\n region: \"us-west2\",\n healthChecks: producerServiceHealthCheck.id,\n});\nconst pscIlbNetwork = new gcp.compute.Network(\"psc_ilb_network\", {\n name: \"psc-ilb-network\",\n autoCreateSubnetworks: false,\n});\nconst pscIlbProducerSubnetwork = new gcp.compute.Subnetwork(\"psc_ilb_producer_subnetwork\", {\n name: \"psc-ilb-producer-subnetwork\",\n region: \"us-west2\",\n network: pscIlbNetwork.id,\n ipCidrRange: \"10.0.0.0/16\",\n});\nconst pscIlbTargetService = new gcp.compute.ForwardingRule(\"psc_ilb_target_service\", {\n name: \"producer-forwarding-rule\",\n region: \"us-west2\",\n loadBalancingScheme: \"INTERNAL\",\n backendService: producerServiceBackend.id,\n allPorts: true,\n network: pscIlbNetwork.name,\n subnetwork: pscIlbProducerSubnetwork.name,\n});\nconst pscIlbNat = new gcp.compute.Subnetwork(\"psc_ilb_nat\", {\n name: \"psc-ilb-nat\",\n region: \"us-west2\",\n network: pscIlbNetwork.id,\n purpose: \"PRIVATE_SERVICE_CONNECT\",\n ipCidrRange: \"10.1.0.0/16\",\n});\nconst pscIlbServiceAttachment = new gcp.compute.ServiceAttachment(\"psc_ilb_service_attachment\", {\n name: \"my-psc-ilb\",\n region: \"us-west2\",\n description: \"A service attachment configured with Terraform\",\n enableProxyProtocol: false,\n connectionPreference: \"ACCEPT_MANUAL\",\n natSubnets: [pscIlbNat.id],\n targetService: pscIlbTargetService.id,\n consumerAcceptLists: [{\n networkUrl: pscIlbConsumerNetwork.selfLink,\n connectionLimit: 1,\n }],\n});\nconst pscIlbConsumerSubnetwork = new gcp.compute.Subnetwork(\"psc_ilb_consumer_subnetwork\", {\n name: \"psc-ilb-consumer-network\",\n ipCidrRange: \"10.0.0.0/16\",\n region: \"us-west2\",\n network: pscIlbConsumerNetwork.id,\n});\nconst pscIlbConsumerAddress = new gcp.compute.Address(\"psc_ilb_consumer_address\", {\n name: \"psc-ilb-consumer-address\",\n region: \"us-west2\",\n subnetwork: pscIlbConsumerSubnetwork.id,\n addressType: \"INTERNAL\",\n});\nconst pscIlbConsumer = new gcp.compute.ForwardingRule(\"psc_ilb_consumer\", {\n name: \"psc-ilb-consumer-forwarding-rule\",\n region: \"us-west2\",\n target: pscIlbServiceAttachment.id,\n loadBalancingScheme: \"\",\n network: pscIlbConsumerNetwork.id,\n subnetwork: pscIlbConsumerSubnetwork.id,\n ipAddress: pscIlbConsumerAddress.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npsc_ilb_consumer_network = gcp.compute.Network(\"psc_ilb_consumer_network\",\n name=\"psc-ilb-consumer-network\",\n auto_create_subnetworks=False)\nproducer_service_health_check = gcp.compute.HealthCheck(\"producer_service_health_check\",\n name=\"producer-service-health-check\",\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\nproducer_service_backend = gcp.compute.RegionBackendService(\"producer_service_backend\",\n name=\"producer-service\",\n region=\"us-west2\",\n health_checks=producer_service_health_check.id)\npsc_ilb_network = gcp.compute.Network(\"psc_ilb_network\",\n name=\"psc-ilb-network\",\n auto_create_subnetworks=False)\npsc_ilb_producer_subnetwork = gcp.compute.Subnetwork(\"psc_ilb_producer_subnetwork\",\n name=\"psc-ilb-producer-subnetwork\",\n region=\"us-west2\",\n network=psc_ilb_network.id,\n ip_cidr_range=\"10.0.0.0/16\")\npsc_ilb_target_service = gcp.compute.ForwardingRule(\"psc_ilb_target_service\",\n name=\"producer-forwarding-rule\",\n region=\"us-west2\",\n load_balancing_scheme=\"INTERNAL\",\n backend_service=producer_service_backend.id,\n all_ports=True,\n network=psc_ilb_network.name,\n subnetwork=psc_ilb_producer_subnetwork.name)\npsc_ilb_nat = gcp.compute.Subnetwork(\"psc_ilb_nat\",\n name=\"psc-ilb-nat\",\n region=\"us-west2\",\n network=psc_ilb_network.id,\n purpose=\"PRIVATE_SERVICE_CONNECT\",\n ip_cidr_range=\"10.1.0.0/16\")\npsc_ilb_service_attachment = gcp.compute.ServiceAttachment(\"psc_ilb_service_attachment\",\n name=\"my-psc-ilb\",\n region=\"us-west2\",\n description=\"A service attachment configured with Terraform\",\n enable_proxy_protocol=False,\n connection_preference=\"ACCEPT_MANUAL\",\n nat_subnets=[psc_ilb_nat.id],\n target_service=psc_ilb_target_service.id,\n consumer_accept_lists=[{\n \"network_url\": psc_ilb_consumer_network.self_link,\n \"connection_limit\": 1,\n }])\npsc_ilb_consumer_subnetwork = gcp.compute.Subnetwork(\"psc_ilb_consumer_subnetwork\",\n name=\"psc-ilb-consumer-network\",\n ip_cidr_range=\"10.0.0.0/16\",\n region=\"us-west2\",\n network=psc_ilb_consumer_network.id)\npsc_ilb_consumer_address = gcp.compute.Address(\"psc_ilb_consumer_address\",\n name=\"psc-ilb-consumer-address\",\n region=\"us-west2\",\n subnetwork=psc_ilb_consumer_subnetwork.id,\n address_type=\"INTERNAL\")\npsc_ilb_consumer = gcp.compute.ForwardingRule(\"psc_ilb_consumer\",\n name=\"psc-ilb-consumer-forwarding-rule\",\n region=\"us-west2\",\n target=psc_ilb_service_attachment.id,\n load_balancing_scheme=\"\",\n network=psc_ilb_consumer_network.id,\n subnetwork=psc_ilb_consumer_subnetwork.id,\n ip_address=psc_ilb_consumer_address.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pscIlbConsumerNetwork = new Gcp.Compute.Network(\"psc_ilb_consumer_network\", new()\n {\n Name = \"psc-ilb-consumer-network\",\n AutoCreateSubnetworks = false,\n });\n\n var producerServiceHealthCheck = new Gcp.Compute.HealthCheck(\"producer_service_health_check\", new()\n {\n Name = \"producer-service-health-check\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var producerServiceBackend = new Gcp.Compute.RegionBackendService(\"producer_service_backend\", new()\n {\n Name = \"producer-service\",\n Region = \"us-west2\",\n HealthChecks = producerServiceHealthCheck.Id,\n });\n\n var pscIlbNetwork = new Gcp.Compute.Network(\"psc_ilb_network\", new()\n {\n Name = \"psc-ilb-network\",\n AutoCreateSubnetworks = false,\n });\n\n var pscIlbProducerSubnetwork = new Gcp.Compute.Subnetwork(\"psc_ilb_producer_subnetwork\", new()\n {\n Name = \"psc-ilb-producer-subnetwork\",\n Region = \"us-west2\",\n Network = pscIlbNetwork.Id,\n IpCidrRange = \"10.0.0.0/16\",\n });\n\n var pscIlbTargetService = new Gcp.Compute.ForwardingRule(\"psc_ilb_target_service\", new()\n {\n Name = \"producer-forwarding-rule\",\n Region = \"us-west2\",\n LoadBalancingScheme = \"INTERNAL\",\n BackendService = producerServiceBackend.Id,\n AllPorts = true,\n Network = pscIlbNetwork.Name,\n Subnetwork = pscIlbProducerSubnetwork.Name,\n });\n\n var pscIlbNat = new Gcp.Compute.Subnetwork(\"psc_ilb_nat\", new()\n {\n Name = \"psc-ilb-nat\",\n Region = \"us-west2\",\n Network = pscIlbNetwork.Id,\n Purpose = \"PRIVATE_SERVICE_CONNECT\",\n IpCidrRange = \"10.1.0.0/16\",\n });\n\n var pscIlbServiceAttachment = new Gcp.Compute.ServiceAttachment(\"psc_ilb_service_attachment\", new()\n {\n Name = \"my-psc-ilb\",\n Region = \"us-west2\",\n Description = \"A service attachment configured with Terraform\",\n EnableProxyProtocol = false,\n ConnectionPreference = \"ACCEPT_MANUAL\",\n NatSubnets = new[]\n {\n pscIlbNat.Id,\n },\n TargetService = pscIlbTargetService.Id,\n ConsumerAcceptLists = new[]\n {\n new Gcp.Compute.Inputs.ServiceAttachmentConsumerAcceptListArgs\n {\n NetworkUrl = pscIlbConsumerNetwork.SelfLink,\n ConnectionLimit = 1,\n },\n },\n });\n\n var pscIlbConsumerSubnetwork = new Gcp.Compute.Subnetwork(\"psc_ilb_consumer_subnetwork\", new()\n {\n Name = \"psc-ilb-consumer-network\",\n IpCidrRange = \"10.0.0.0/16\",\n Region = \"us-west2\",\n Network = pscIlbConsumerNetwork.Id,\n });\n\n var pscIlbConsumerAddress = new Gcp.Compute.Address(\"psc_ilb_consumer_address\", new()\n {\n Name = \"psc-ilb-consumer-address\",\n Region = \"us-west2\",\n Subnetwork = pscIlbConsumerSubnetwork.Id,\n AddressType = \"INTERNAL\",\n });\n\n var pscIlbConsumer = new Gcp.Compute.ForwardingRule(\"psc_ilb_consumer\", new()\n {\n Name = \"psc-ilb-consumer-forwarding-rule\",\n Region = \"us-west2\",\n Target = pscIlbServiceAttachment.Id,\n LoadBalancingScheme = \"\",\n Network = pscIlbConsumerNetwork.Id,\n Subnetwork = pscIlbConsumerSubnetwork.Id,\n IpAddress = pscIlbConsumerAddress.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpscIlbConsumerNetwork, err := compute.NewNetwork(ctx, \"psc_ilb_consumer_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-consumer-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerServiceHealthCheck, err := compute.NewHealthCheck(ctx, \"producer_service_health_check\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"producer-service-health-check\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerServiceBackend, err := compute.NewRegionBackendService(ctx, \"producer_service_backend\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"producer-service\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tHealthChecks: producerServiceHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbNetwork, err := compute.NewNetwork(ctx, \"psc_ilb_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbProducerSubnetwork, err := compute.NewSubnetwork(ctx, \"psc_ilb_producer_subnetwork\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-producer-subnetwork\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tNetwork: pscIlbNetwork.ID(),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbTargetService, err := compute.NewForwardingRule(ctx, \"psc_ilb_target_service\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"producer-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL\"),\n\t\t\tBackendService: producerServiceBackend.ID(),\n\t\t\tAllPorts: pulumi.Bool(true),\n\t\t\tNetwork: pscIlbNetwork.Name,\n\t\t\tSubnetwork: pscIlbProducerSubnetwork.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbNat, err := compute.NewSubnetwork(ctx, \"psc_ilb_nat\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-nat\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tNetwork: pscIlbNetwork.ID(),\n\t\t\tPurpose: pulumi.String(\"PRIVATE_SERVICE_CONNECT\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbServiceAttachment, err := compute.NewServiceAttachment(ctx, \"psc_ilb_service_attachment\", \u0026compute.ServiceAttachmentArgs{\n\t\t\tName: pulumi.String(\"my-psc-ilb\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tDescription: pulumi.String(\"A service attachment configured with Terraform\"),\n\t\t\tEnableProxyProtocol: pulumi.Bool(false),\n\t\t\tConnectionPreference: pulumi.String(\"ACCEPT_MANUAL\"),\n\t\t\tNatSubnets: pulumi.StringArray{\n\t\t\t\tpscIlbNat.ID(),\n\t\t\t},\n\t\t\tTargetService: pscIlbTargetService.ID(),\n\t\t\tConsumerAcceptLists: compute.ServiceAttachmentConsumerAcceptListArray{\n\t\t\t\t\u0026compute.ServiceAttachmentConsumerAcceptListArgs{\n\t\t\t\t\tNetworkUrl: pscIlbConsumerNetwork.SelfLink,\n\t\t\t\t\tConnectionLimit: pulumi.Int(1),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbConsumerSubnetwork, err := compute.NewSubnetwork(ctx, \"psc_ilb_consumer_subnetwork\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-consumer-network\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tNetwork: pscIlbConsumerNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbConsumerAddress, err := compute.NewAddress(ctx, \"psc_ilb_consumer_address\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-consumer-address\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tSubnetwork: pscIlbConsumerSubnetwork.ID(),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewForwardingRule(ctx, \"psc_ilb_consumer\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-consumer-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tTarget: pscIlbServiceAttachment.ID(),\n\t\t\tLoadBalancingScheme: pulumi.String(\"\"),\n\t\t\tNetwork: pscIlbConsumerNetwork.ID(),\n\t\t\tSubnetwork: pscIlbConsumerSubnetwork.ID(),\n\t\t\tIpAddress: pscIlbConsumerAddress.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.compute.ServiceAttachment;\nimport com.pulumi.gcp.compute.ServiceAttachmentArgs;\nimport com.pulumi.gcp.compute.inputs.ServiceAttachmentConsumerAcceptListArgs;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pscIlbConsumerNetwork = new Network(\"pscIlbConsumerNetwork\", NetworkArgs.builder()\n .name(\"psc-ilb-consumer-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var producerServiceHealthCheck = new HealthCheck(\"producerServiceHealthCheck\", HealthCheckArgs.builder()\n .name(\"producer-service-health-check\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n var producerServiceBackend = new RegionBackendService(\"producerServiceBackend\", RegionBackendServiceArgs.builder()\n .name(\"producer-service\")\n .region(\"us-west2\")\n .healthChecks(producerServiceHealthCheck.id())\n .build());\n\n var pscIlbNetwork = new Network(\"pscIlbNetwork\", NetworkArgs.builder()\n .name(\"psc-ilb-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var pscIlbProducerSubnetwork = new Subnetwork(\"pscIlbProducerSubnetwork\", SubnetworkArgs.builder()\n .name(\"psc-ilb-producer-subnetwork\")\n .region(\"us-west2\")\n .network(pscIlbNetwork.id())\n .ipCidrRange(\"10.0.0.0/16\")\n .build());\n\n var pscIlbTargetService = new ForwardingRule(\"pscIlbTargetService\", ForwardingRuleArgs.builder()\n .name(\"producer-forwarding-rule\")\n .region(\"us-west2\")\n .loadBalancingScheme(\"INTERNAL\")\n .backendService(producerServiceBackend.id())\n .allPorts(true)\n .network(pscIlbNetwork.name())\n .subnetwork(pscIlbProducerSubnetwork.name())\n .build());\n\n var pscIlbNat = new Subnetwork(\"pscIlbNat\", SubnetworkArgs.builder()\n .name(\"psc-ilb-nat\")\n .region(\"us-west2\")\n .network(pscIlbNetwork.id())\n .purpose(\"PRIVATE_SERVICE_CONNECT\")\n .ipCidrRange(\"10.1.0.0/16\")\n .build());\n\n var pscIlbServiceAttachment = new ServiceAttachment(\"pscIlbServiceAttachment\", ServiceAttachmentArgs.builder()\n .name(\"my-psc-ilb\")\n .region(\"us-west2\")\n .description(\"A service attachment configured with Terraform\")\n .enableProxyProtocol(false)\n .connectionPreference(\"ACCEPT_MANUAL\")\n .natSubnets(pscIlbNat.id())\n .targetService(pscIlbTargetService.id())\n .consumerAcceptLists(ServiceAttachmentConsumerAcceptListArgs.builder()\n .networkUrl(pscIlbConsumerNetwork.selfLink())\n .connectionLimit(1)\n .build())\n .build());\n\n var pscIlbConsumerSubnetwork = new Subnetwork(\"pscIlbConsumerSubnetwork\", SubnetworkArgs.builder()\n .name(\"psc-ilb-consumer-network\")\n .ipCidrRange(\"10.0.0.0/16\")\n .region(\"us-west2\")\n .network(pscIlbConsumerNetwork.id())\n .build());\n\n var pscIlbConsumerAddress = new Address(\"pscIlbConsumerAddress\", AddressArgs.builder()\n .name(\"psc-ilb-consumer-address\")\n .region(\"us-west2\")\n .subnetwork(pscIlbConsumerSubnetwork.id())\n .addressType(\"INTERNAL\")\n .build());\n\n var pscIlbConsumer = new ForwardingRule(\"pscIlbConsumer\", ForwardingRuleArgs.builder()\n .name(\"psc-ilb-consumer-forwarding-rule\")\n .region(\"us-west2\")\n .target(pscIlbServiceAttachment.id())\n .loadBalancingScheme(\"\")\n .network(pscIlbConsumerNetwork.id())\n .subnetwork(pscIlbConsumerSubnetwork.id())\n .ipAddress(pscIlbConsumerAddress.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pscIlbServiceAttachment:\n type: gcp:compute:ServiceAttachment\n name: psc_ilb_service_attachment\n properties:\n name: my-psc-ilb\n region: us-west2\n description: A service attachment configured with Terraform\n enableProxyProtocol: false\n connectionPreference: ACCEPT_MANUAL\n natSubnets:\n - ${pscIlbNat.id}\n targetService: ${pscIlbTargetService.id}\n consumerAcceptLists:\n - networkUrl: ${pscIlbConsumerNetwork.selfLink}\n connectionLimit: 1\n pscIlbConsumerNetwork:\n type: gcp:compute:Network\n name: psc_ilb_consumer_network\n properties:\n name: psc-ilb-consumer-network\n autoCreateSubnetworks: false\n pscIlbConsumerSubnetwork:\n type: gcp:compute:Subnetwork\n name: psc_ilb_consumer_subnetwork\n properties:\n name: psc-ilb-consumer-network\n ipCidrRange: 10.0.0.0/16\n region: us-west2\n network: ${pscIlbConsumerNetwork.id}\n pscIlbConsumerAddress:\n type: gcp:compute:Address\n name: psc_ilb_consumer_address\n properties:\n name: psc-ilb-consumer-address\n region: us-west2\n subnetwork: ${pscIlbConsumerSubnetwork.id}\n addressType: INTERNAL\n pscIlbConsumer:\n type: gcp:compute:ForwardingRule\n name: psc_ilb_consumer\n properties:\n name: psc-ilb-consumer-forwarding-rule\n region: us-west2\n target: ${pscIlbServiceAttachment.id}\n loadBalancingScheme: \"\"\n network: ${pscIlbConsumerNetwork.id}\n subnetwork: ${pscIlbConsumerSubnetwork.id}\n ipAddress: ${pscIlbConsumerAddress.id}\n pscIlbTargetService:\n type: gcp:compute:ForwardingRule\n name: psc_ilb_target_service\n properties:\n name: producer-forwarding-rule\n region: us-west2\n loadBalancingScheme: INTERNAL\n backendService: ${producerServiceBackend.id}\n allPorts: true\n network: ${pscIlbNetwork.name}\n subnetwork: ${pscIlbProducerSubnetwork.name}\n producerServiceBackend:\n type: gcp:compute:RegionBackendService\n name: producer_service_backend\n properties:\n name: producer-service\n region: us-west2\n healthChecks: ${producerServiceHealthCheck.id}\n producerServiceHealthCheck:\n type: gcp:compute:HealthCheck\n name: producer_service_health_check\n properties:\n name: producer-service-health-check\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\n pscIlbNetwork:\n type: gcp:compute:Network\n name: psc_ilb_network\n properties:\n name: psc-ilb-network\n autoCreateSubnetworks: false\n pscIlbProducerSubnetwork:\n type: gcp:compute:Subnetwork\n name: psc_ilb_producer_subnetwork\n properties:\n name: psc-ilb-producer-subnetwork\n region: us-west2\n network: ${pscIlbNetwork.id}\n ipCidrRange: 10.0.0.0/16\n pscIlbNat:\n type: gcp:compute:Subnetwork\n name: psc_ilb_nat\n properties:\n name: psc-ilb-nat\n region: us-west2\n network: ${pscIlbNetwork.id}\n purpose: PRIVATE_SERVICE_CONNECT\n ipCidrRange: 10.1.0.0/16\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Service Attachment Reconcile Connections\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst producerServiceHealthCheck = new gcp.compute.HealthCheck(\"producer_service_health_check\", {\n name: \"producer-service-health-check\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst producerServiceBackend = new gcp.compute.RegionBackendService(\"producer_service_backend\", {\n name: \"producer-service\",\n region: \"us-west2\",\n healthChecks: producerServiceHealthCheck.id,\n});\nconst pscIlbNetwork = new gcp.compute.Network(\"psc_ilb_network\", {\n name: \"psc-ilb-network\",\n autoCreateSubnetworks: false,\n});\nconst pscIlbProducerSubnetwork = new gcp.compute.Subnetwork(\"psc_ilb_producer_subnetwork\", {\n name: \"psc-ilb-producer-subnetwork\",\n region: \"us-west2\",\n network: pscIlbNetwork.id,\n ipCidrRange: \"10.0.0.0/16\",\n});\nconst pscIlbTargetService = new gcp.compute.ForwardingRule(\"psc_ilb_target_service\", {\n name: \"producer-forwarding-rule\",\n region: \"us-west2\",\n loadBalancingScheme: \"INTERNAL\",\n backendService: producerServiceBackend.id,\n allPorts: true,\n network: pscIlbNetwork.name,\n subnetwork: pscIlbProducerSubnetwork.name,\n});\nconst pscIlbNat = new gcp.compute.Subnetwork(\"psc_ilb_nat\", {\n name: \"psc-ilb-nat\",\n region: \"us-west2\",\n network: pscIlbNetwork.id,\n purpose: \"PRIVATE_SERVICE_CONNECT\",\n ipCidrRange: \"10.1.0.0/16\",\n});\nconst pscIlbServiceAttachment = new gcp.compute.ServiceAttachment(\"psc_ilb_service_attachment\", {\n name: \"my-psc-ilb\",\n region: \"us-west2\",\n description: \"A service attachment configured with Terraform\",\n domainNames: [\"gcp.tfacc.hashicorptest.com.\"],\n enableProxyProtocol: true,\n connectionPreference: \"ACCEPT_MANUAL\",\n natSubnets: [pscIlbNat.id],\n targetService: pscIlbTargetService.id,\n consumerRejectLists: [\n \"673497134629\",\n \"482878270665\",\n ],\n consumerAcceptLists: [{\n projectIdOrNum: \"658859330310\",\n connectionLimit: 4,\n }],\n reconcileConnections: false,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproducer_service_health_check = gcp.compute.HealthCheck(\"producer_service_health_check\",\n name=\"producer-service-health-check\",\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\nproducer_service_backend = gcp.compute.RegionBackendService(\"producer_service_backend\",\n name=\"producer-service\",\n region=\"us-west2\",\n health_checks=producer_service_health_check.id)\npsc_ilb_network = gcp.compute.Network(\"psc_ilb_network\",\n name=\"psc-ilb-network\",\n auto_create_subnetworks=False)\npsc_ilb_producer_subnetwork = gcp.compute.Subnetwork(\"psc_ilb_producer_subnetwork\",\n name=\"psc-ilb-producer-subnetwork\",\n region=\"us-west2\",\n network=psc_ilb_network.id,\n ip_cidr_range=\"10.0.0.0/16\")\npsc_ilb_target_service = gcp.compute.ForwardingRule(\"psc_ilb_target_service\",\n name=\"producer-forwarding-rule\",\n region=\"us-west2\",\n load_balancing_scheme=\"INTERNAL\",\n backend_service=producer_service_backend.id,\n all_ports=True,\n network=psc_ilb_network.name,\n subnetwork=psc_ilb_producer_subnetwork.name)\npsc_ilb_nat = gcp.compute.Subnetwork(\"psc_ilb_nat\",\n name=\"psc-ilb-nat\",\n region=\"us-west2\",\n network=psc_ilb_network.id,\n purpose=\"PRIVATE_SERVICE_CONNECT\",\n ip_cidr_range=\"10.1.0.0/16\")\npsc_ilb_service_attachment = gcp.compute.ServiceAttachment(\"psc_ilb_service_attachment\",\n name=\"my-psc-ilb\",\n region=\"us-west2\",\n description=\"A service attachment configured with Terraform\",\n domain_names=[\"gcp.tfacc.hashicorptest.com.\"],\n enable_proxy_protocol=True,\n connection_preference=\"ACCEPT_MANUAL\",\n nat_subnets=[psc_ilb_nat.id],\n target_service=psc_ilb_target_service.id,\n consumer_reject_lists=[\n \"673497134629\",\n \"482878270665\",\n ],\n consumer_accept_lists=[{\n \"project_id_or_num\": \"658859330310\",\n \"connection_limit\": 4,\n }],\n reconcile_connections=False)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var producerServiceHealthCheck = new Gcp.Compute.HealthCheck(\"producer_service_health_check\", new()\n {\n Name = \"producer-service-health-check\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var producerServiceBackend = new Gcp.Compute.RegionBackendService(\"producer_service_backend\", new()\n {\n Name = \"producer-service\",\n Region = \"us-west2\",\n HealthChecks = producerServiceHealthCheck.Id,\n });\n\n var pscIlbNetwork = new Gcp.Compute.Network(\"psc_ilb_network\", new()\n {\n Name = \"psc-ilb-network\",\n AutoCreateSubnetworks = false,\n });\n\n var pscIlbProducerSubnetwork = new Gcp.Compute.Subnetwork(\"psc_ilb_producer_subnetwork\", new()\n {\n Name = \"psc-ilb-producer-subnetwork\",\n Region = \"us-west2\",\n Network = pscIlbNetwork.Id,\n IpCidrRange = \"10.0.0.0/16\",\n });\n\n var pscIlbTargetService = new Gcp.Compute.ForwardingRule(\"psc_ilb_target_service\", new()\n {\n Name = \"producer-forwarding-rule\",\n Region = \"us-west2\",\n LoadBalancingScheme = \"INTERNAL\",\n BackendService = producerServiceBackend.Id,\n AllPorts = true,\n Network = pscIlbNetwork.Name,\n Subnetwork = pscIlbProducerSubnetwork.Name,\n });\n\n var pscIlbNat = new Gcp.Compute.Subnetwork(\"psc_ilb_nat\", new()\n {\n Name = \"psc-ilb-nat\",\n Region = \"us-west2\",\n Network = pscIlbNetwork.Id,\n Purpose = \"PRIVATE_SERVICE_CONNECT\",\n IpCidrRange = \"10.1.0.0/16\",\n });\n\n var pscIlbServiceAttachment = new Gcp.Compute.ServiceAttachment(\"psc_ilb_service_attachment\", new()\n {\n Name = \"my-psc-ilb\",\n Region = \"us-west2\",\n Description = \"A service attachment configured with Terraform\",\n DomainNames = new[]\n {\n \"gcp.tfacc.hashicorptest.com.\",\n },\n EnableProxyProtocol = true,\n ConnectionPreference = \"ACCEPT_MANUAL\",\n NatSubnets = new[]\n {\n pscIlbNat.Id,\n },\n TargetService = pscIlbTargetService.Id,\n ConsumerRejectLists = new[]\n {\n \"673497134629\",\n \"482878270665\",\n },\n ConsumerAcceptLists = new[]\n {\n new Gcp.Compute.Inputs.ServiceAttachmentConsumerAcceptListArgs\n {\n ProjectIdOrNum = \"658859330310\",\n ConnectionLimit = 4,\n },\n },\n ReconcileConnections = false,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproducerServiceHealthCheck, err := compute.NewHealthCheck(ctx, \"producer_service_health_check\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"producer-service-health-check\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerServiceBackend, err := compute.NewRegionBackendService(ctx, \"producer_service_backend\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"producer-service\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tHealthChecks: producerServiceHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbNetwork, err := compute.NewNetwork(ctx, \"psc_ilb_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbProducerSubnetwork, err := compute.NewSubnetwork(ctx, \"psc_ilb_producer_subnetwork\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-producer-subnetwork\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tNetwork: pscIlbNetwork.ID(),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbTargetService, err := compute.NewForwardingRule(ctx, \"psc_ilb_target_service\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"producer-forwarding-rule\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL\"),\n\t\t\tBackendService: producerServiceBackend.ID(),\n\t\t\tAllPorts: pulumi.Bool(true),\n\t\t\tNetwork: pscIlbNetwork.Name,\n\t\t\tSubnetwork: pscIlbProducerSubnetwork.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscIlbNat, err := compute.NewSubnetwork(ctx, \"psc_ilb_nat\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"psc-ilb-nat\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tNetwork: pscIlbNetwork.ID(),\n\t\t\tPurpose: pulumi.String(\"PRIVATE_SERVICE_CONNECT\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewServiceAttachment(ctx, \"psc_ilb_service_attachment\", \u0026compute.ServiceAttachmentArgs{\n\t\t\tName: pulumi.String(\"my-psc-ilb\"),\n\t\t\tRegion: pulumi.String(\"us-west2\"),\n\t\t\tDescription: pulumi.String(\"A service attachment configured with Terraform\"),\n\t\t\tDomainNames: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"gcp.tfacc.hashicorptest.com.\"),\n\t\t\t},\n\t\t\tEnableProxyProtocol: pulumi.Bool(true),\n\t\t\tConnectionPreference: pulumi.String(\"ACCEPT_MANUAL\"),\n\t\t\tNatSubnets: pulumi.StringArray{\n\t\t\t\tpscIlbNat.ID(),\n\t\t\t},\n\t\t\tTargetService: pscIlbTargetService.ID(),\n\t\t\tConsumerRejectLists: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"673497134629\"),\n\t\t\t\tpulumi.String(\"482878270665\"),\n\t\t\t},\n\t\t\tConsumerAcceptLists: compute.ServiceAttachmentConsumerAcceptListArray{\n\t\t\t\t\u0026compute.ServiceAttachmentConsumerAcceptListArgs{\n\t\t\t\t\tProjectIdOrNum: pulumi.String(\"658859330310\"),\n\t\t\t\t\tConnectionLimit: pulumi.Int(4),\n\t\t\t\t},\n\t\t\t},\n\t\t\tReconcileConnections: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.compute.ServiceAttachment;\nimport com.pulumi.gcp.compute.ServiceAttachmentArgs;\nimport com.pulumi.gcp.compute.inputs.ServiceAttachmentConsumerAcceptListArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var producerServiceHealthCheck = new HealthCheck(\"producerServiceHealthCheck\", HealthCheckArgs.builder()\n .name(\"producer-service-health-check\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n var producerServiceBackend = new RegionBackendService(\"producerServiceBackend\", RegionBackendServiceArgs.builder()\n .name(\"producer-service\")\n .region(\"us-west2\")\n .healthChecks(producerServiceHealthCheck.id())\n .build());\n\n var pscIlbNetwork = new Network(\"pscIlbNetwork\", NetworkArgs.builder()\n .name(\"psc-ilb-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var pscIlbProducerSubnetwork = new Subnetwork(\"pscIlbProducerSubnetwork\", SubnetworkArgs.builder()\n .name(\"psc-ilb-producer-subnetwork\")\n .region(\"us-west2\")\n .network(pscIlbNetwork.id())\n .ipCidrRange(\"10.0.0.0/16\")\n .build());\n\n var pscIlbTargetService = new ForwardingRule(\"pscIlbTargetService\", ForwardingRuleArgs.builder()\n .name(\"producer-forwarding-rule\")\n .region(\"us-west2\")\n .loadBalancingScheme(\"INTERNAL\")\n .backendService(producerServiceBackend.id())\n .allPorts(true)\n .network(pscIlbNetwork.name())\n .subnetwork(pscIlbProducerSubnetwork.name())\n .build());\n\n var pscIlbNat = new Subnetwork(\"pscIlbNat\", SubnetworkArgs.builder()\n .name(\"psc-ilb-nat\")\n .region(\"us-west2\")\n .network(pscIlbNetwork.id())\n .purpose(\"PRIVATE_SERVICE_CONNECT\")\n .ipCidrRange(\"10.1.0.0/16\")\n .build());\n\n var pscIlbServiceAttachment = new ServiceAttachment(\"pscIlbServiceAttachment\", ServiceAttachmentArgs.builder()\n .name(\"my-psc-ilb\")\n .region(\"us-west2\")\n .description(\"A service attachment configured with Terraform\")\n .domainNames(\"gcp.tfacc.hashicorptest.com.\")\n .enableProxyProtocol(true)\n .connectionPreference(\"ACCEPT_MANUAL\")\n .natSubnets(pscIlbNat.id())\n .targetService(pscIlbTargetService.id())\n .consumerRejectLists( \n \"673497134629\",\n \"482878270665\")\n .consumerAcceptLists(ServiceAttachmentConsumerAcceptListArgs.builder()\n .projectIdOrNum(\"658859330310\")\n .connectionLimit(4)\n .build())\n .reconcileConnections(false)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pscIlbServiceAttachment:\n type: gcp:compute:ServiceAttachment\n name: psc_ilb_service_attachment\n properties:\n name: my-psc-ilb\n region: us-west2\n description: A service attachment configured with Terraform\n domainNames:\n - gcp.tfacc.hashicorptest.com.\n enableProxyProtocol: true\n connectionPreference: ACCEPT_MANUAL\n natSubnets:\n - ${pscIlbNat.id}\n targetService: ${pscIlbTargetService.id}\n consumerRejectLists:\n - '673497134629'\n - '482878270665'\n consumerAcceptLists:\n - projectIdOrNum: '658859330310'\n connectionLimit: 4\n reconcileConnections: false\n pscIlbTargetService:\n type: gcp:compute:ForwardingRule\n name: psc_ilb_target_service\n properties:\n name: producer-forwarding-rule\n region: us-west2\n loadBalancingScheme: INTERNAL\n backendService: ${producerServiceBackend.id}\n allPorts: true\n network: ${pscIlbNetwork.name}\n subnetwork: ${pscIlbProducerSubnetwork.name}\n producerServiceBackend:\n type: gcp:compute:RegionBackendService\n name: producer_service_backend\n properties:\n name: producer-service\n region: us-west2\n healthChecks: ${producerServiceHealthCheck.id}\n producerServiceHealthCheck:\n type: gcp:compute:HealthCheck\n name: producer_service_health_check\n properties:\n name: producer-service-health-check\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\n pscIlbNetwork:\n type: gcp:compute:Network\n name: psc_ilb_network\n properties:\n name: psc-ilb-network\n autoCreateSubnetworks: false\n pscIlbProducerSubnetwork:\n type: gcp:compute:Subnetwork\n name: psc_ilb_producer_subnetwork\n properties:\n name: psc-ilb-producer-subnetwork\n region: us-west2\n network: ${pscIlbNetwork.id}\n ipCidrRange: 10.0.0.0/16\n pscIlbNat:\n type: gcp:compute:Subnetwork\n name: psc_ilb_nat\n properties:\n name: psc-ilb-nat\n region: us-west2\n network: ${pscIlbNetwork.id}\n purpose: PRIVATE_SERVICE_CONNECT\n ipCidrRange: 10.1.0.0/16\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nServiceAttachment can be imported using any of these accepted formats:\n\n* `projects/{{project}}/regions/{{region}}/serviceAttachments/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, ServiceAttachment can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/serviceAttachment:ServiceAttachment default projects/{{project}}/regions/{{region}}/serviceAttachments/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/serviceAttachment:ServiceAttachment default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/serviceAttachment:ServiceAttachment default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/serviceAttachment:ServiceAttachment default {{name}}\n```\n\n", "properties": { "connectedEndpoints": { "type": "array", @@ -182461,7 +182461,7 @@ } }, "gcp:compute/snapshot:Snapshot": { - "description": "Represents a Persistent Disk Snapshot resource.\n\nUse snapshots to back up data from your persistent disks. Snapshots are\ndifferent from public images and custom images, which are used primarily\nto create instances or configure instance templates. Snapshots are useful\nfor periodic backup of the data on your persistent disks. You can create\nsnapshots from persistent disks even while they are attached to running\ninstances.\n\nSnapshots are incremental, so you can create regular snapshots on a\npersistent disk faster and at a much lower cost than if you regularly\ncreated a full image of the disk.\n\n\nTo get more information about Snapshot, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/snapshots)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/compute/docs/disks/create-snapshots)\n\n\n\n## Example Usage\n\n### Snapshot Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst debian = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst persistent = new gcp.compute.Disk(\"persistent\", {\n name: \"debian-disk\",\n image: debian.then(debian =\u003e debian.selfLink),\n size: 10,\n type: \"pd-ssd\",\n zone: \"us-central1-a\",\n});\nconst snapshot = new gcp.compute.Snapshot(\"snapshot\", {\n name: \"my-snapshot\",\n sourceDisk: persistent.id,\n zone: \"us-central1-a\",\n labels: {\n my_label: \"value\",\n },\n storageLocations: [\"us-central1\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndebian = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\npersistent = gcp.compute.Disk(\"persistent\",\n name=\"debian-disk\",\n image=debian.self_link,\n size=10,\n type=\"pd-ssd\",\n zone=\"us-central1-a\")\nsnapshot = gcp.compute.Snapshot(\"snapshot\",\n name=\"my-snapshot\",\n source_disk=persistent.id,\n zone=\"us-central1-a\",\n labels={\n \"my_label\": \"value\",\n },\n storage_locations=[\"us-central1\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var debian = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var persistent = new Gcp.Compute.Disk(\"persistent\", new()\n {\n Name = \"debian-disk\",\n Image = debian.Apply(getImageResult =\u003e getImageResult.SelfLink),\n Size = 10,\n Type = \"pd-ssd\",\n Zone = \"us-central1-a\",\n });\n\n var snapshot = new Gcp.Compute.Snapshot(\"snapshot\", new()\n {\n Name = \"my-snapshot\",\n SourceDisk = persistent.Id,\n Zone = \"us-central1-a\",\n Labels = \n {\n { \"my_label\", \"value\" },\n },\n StorageLocations = new[]\n {\n \"us-central1\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdebian, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpersistent, err := compute.NewDisk(ctx, \"persistent\", \u0026compute.DiskArgs{\n\t\t\tName: pulumi.String(\"debian-disk\"),\n\t\t\tImage: pulumi.String(debian.SelfLink),\n\t\t\tSize: pulumi.Int(10),\n\t\t\tType: pulumi.String(\"pd-ssd\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSnapshot(ctx, \"snapshot\", \u0026compute.SnapshotArgs{\n\t\t\tName: pulumi.String(\"my-snapshot\"),\n\t\t\tSourceDisk: persistent.ID(),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"my_label\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t\tStorageLocations: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-central1\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Disk;\nimport com.pulumi.gcp.compute.DiskArgs;\nimport com.pulumi.gcp.compute.Snapshot;\nimport com.pulumi.gcp.compute.SnapshotArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var debian = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var persistent = new Disk(\"persistent\", DiskArgs.builder()\n .name(\"debian-disk\")\n .image(debian.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .size(10)\n .type(\"pd-ssd\")\n .zone(\"us-central1-a\")\n .build());\n\n var snapshot = new Snapshot(\"snapshot\", SnapshotArgs.builder()\n .name(\"my-snapshot\")\n .sourceDisk(persistent.id())\n .zone(\"us-central1-a\")\n .labels(Map.of(\"my_label\", \"value\"))\n .storageLocations(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n snapshot:\n type: gcp:compute:Snapshot\n properties:\n name: my-snapshot\n sourceDisk: ${persistent.id}\n zone: us-central1-a\n labels:\n my_label: value\n storageLocations:\n - us-central1\n persistent:\n type: gcp:compute:Disk\n properties:\n name: debian-disk\n image: ${debian.selfLink}\n size: 10\n type: pd-ssd\n zone: us-central1-a\nvariables:\n debian:\n fn::invoke:\n Function: gcp:compute:getImage\n Arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Snapshot Chainname\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst debian = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst persistent = new gcp.compute.Disk(\"persistent\", {\n name: \"debian-disk\",\n image: debian.then(debian =\u003e debian.selfLink),\n size: 10,\n type: \"pd-ssd\",\n zone: \"us-central1-a\",\n});\nconst snapshot = new gcp.compute.Snapshot(\"snapshot\", {\n name: \"my-snapshot\",\n sourceDisk: persistent.id,\n zone: \"us-central1-a\",\n chainName: \"snapshot-chain\",\n labels: {\n my_label: \"value\",\n },\n storageLocations: [\"us-central1\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndebian = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\npersistent = gcp.compute.Disk(\"persistent\",\n name=\"debian-disk\",\n image=debian.self_link,\n size=10,\n type=\"pd-ssd\",\n zone=\"us-central1-a\")\nsnapshot = gcp.compute.Snapshot(\"snapshot\",\n name=\"my-snapshot\",\n source_disk=persistent.id,\n zone=\"us-central1-a\",\n chain_name=\"snapshot-chain\",\n labels={\n \"my_label\": \"value\",\n },\n storage_locations=[\"us-central1\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var debian = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var persistent = new Gcp.Compute.Disk(\"persistent\", new()\n {\n Name = \"debian-disk\",\n Image = debian.Apply(getImageResult =\u003e getImageResult.SelfLink),\n Size = 10,\n Type = \"pd-ssd\",\n Zone = \"us-central1-a\",\n });\n\n var snapshot = new Gcp.Compute.Snapshot(\"snapshot\", new()\n {\n Name = \"my-snapshot\",\n SourceDisk = persistent.Id,\n Zone = \"us-central1-a\",\n ChainName = \"snapshot-chain\",\n Labels = \n {\n { \"my_label\", \"value\" },\n },\n StorageLocations = new[]\n {\n \"us-central1\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdebian, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpersistent, err := compute.NewDisk(ctx, \"persistent\", \u0026compute.DiskArgs{\n\t\t\tName: pulumi.String(\"debian-disk\"),\n\t\t\tImage: pulumi.String(debian.SelfLink),\n\t\t\tSize: pulumi.Int(10),\n\t\t\tType: pulumi.String(\"pd-ssd\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSnapshot(ctx, \"snapshot\", \u0026compute.SnapshotArgs{\n\t\t\tName: pulumi.String(\"my-snapshot\"),\n\t\t\tSourceDisk: persistent.ID(),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tChainName: pulumi.String(\"snapshot-chain\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"my_label\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t\tStorageLocations: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-central1\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Disk;\nimport com.pulumi.gcp.compute.DiskArgs;\nimport com.pulumi.gcp.compute.Snapshot;\nimport com.pulumi.gcp.compute.SnapshotArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var debian = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var persistent = new Disk(\"persistent\", DiskArgs.builder()\n .name(\"debian-disk\")\n .image(debian.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .size(10)\n .type(\"pd-ssd\")\n .zone(\"us-central1-a\")\n .build());\n\n var snapshot = new Snapshot(\"snapshot\", SnapshotArgs.builder()\n .name(\"my-snapshot\")\n .sourceDisk(persistent.id())\n .zone(\"us-central1-a\")\n .chainName(\"snapshot-chain\")\n .labels(Map.of(\"my_label\", \"value\"))\n .storageLocations(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n snapshot:\n type: gcp:compute:Snapshot\n properties:\n name: my-snapshot\n sourceDisk: ${persistent.id}\n zone: us-central1-a\n chainName: snapshot-chain\n labels:\n my_label: value\n storageLocations:\n - us-central1\n persistent:\n type: gcp:compute:Disk\n properties:\n name: debian-disk\n image: ${debian.selfLink}\n size: 10\n type: pd-ssd\n zone: us-central1-a\nvariables:\n debian:\n fn::invoke:\n Function: gcp:compute:getImage\n Arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nSnapshot can be imported using any of these accepted formats:\n\n* `projects/{{project}}/global/snapshots/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Snapshot can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/snapshot:Snapshot default projects/{{project}}/global/snapshots/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/snapshot:Snapshot default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/snapshot:Snapshot default {{name}}\n```\n\n", + "description": "Represents a Persistent Disk Snapshot resource.\n\nUse snapshots to back up data from your persistent disks. Snapshots are\ndifferent from public images and custom images, which are used primarily\nto create instances or configure instance templates. Snapshots are useful\nfor periodic backup of the data on your persistent disks. You can create\nsnapshots from persistent disks even while they are attached to running\ninstances.\n\nSnapshots are incremental, so you can create regular snapshots on a\npersistent disk faster and at a much lower cost than if you regularly\ncreated a full image of the disk.\n\n\nTo get more information about Snapshot, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/snapshots)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/compute/docs/disks/create-snapshots)\n\n\n\n## Example Usage\n\n### Snapshot Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst debian = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst persistent = new gcp.compute.Disk(\"persistent\", {\n name: \"debian-disk\",\n image: debian.then(debian =\u003e debian.selfLink),\n size: 10,\n type: \"pd-ssd\",\n zone: \"us-central1-a\",\n});\nconst snapshot = new gcp.compute.Snapshot(\"snapshot\", {\n name: \"my-snapshot\",\n sourceDisk: persistent.id,\n zone: \"us-central1-a\",\n labels: {\n my_label: \"value\",\n },\n storageLocations: [\"us-central1\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndebian = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\npersistent = gcp.compute.Disk(\"persistent\",\n name=\"debian-disk\",\n image=debian.self_link,\n size=10,\n type=\"pd-ssd\",\n zone=\"us-central1-a\")\nsnapshot = gcp.compute.Snapshot(\"snapshot\",\n name=\"my-snapshot\",\n source_disk=persistent.id,\n zone=\"us-central1-a\",\n labels={\n \"my_label\": \"value\",\n },\n storage_locations=[\"us-central1\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var debian = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var persistent = new Gcp.Compute.Disk(\"persistent\", new()\n {\n Name = \"debian-disk\",\n Image = debian.Apply(getImageResult =\u003e getImageResult.SelfLink),\n Size = 10,\n Type = \"pd-ssd\",\n Zone = \"us-central1-a\",\n });\n\n var snapshot = new Gcp.Compute.Snapshot(\"snapshot\", new()\n {\n Name = \"my-snapshot\",\n SourceDisk = persistent.Id,\n Zone = \"us-central1-a\",\n Labels = \n {\n { \"my_label\", \"value\" },\n },\n StorageLocations = new[]\n {\n \"us-central1\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdebian, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpersistent, err := compute.NewDisk(ctx, \"persistent\", \u0026compute.DiskArgs{\n\t\t\tName: pulumi.String(\"debian-disk\"),\n\t\t\tImage: pulumi.String(debian.SelfLink),\n\t\t\tSize: pulumi.Int(10),\n\t\t\tType: pulumi.String(\"pd-ssd\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSnapshot(ctx, \"snapshot\", \u0026compute.SnapshotArgs{\n\t\t\tName: pulumi.String(\"my-snapshot\"),\n\t\t\tSourceDisk: persistent.ID(),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"my_label\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t\tStorageLocations: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-central1\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Disk;\nimport com.pulumi.gcp.compute.DiskArgs;\nimport com.pulumi.gcp.compute.Snapshot;\nimport com.pulumi.gcp.compute.SnapshotArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var debian = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var persistent = new Disk(\"persistent\", DiskArgs.builder()\n .name(\"debian-disk\")\n .image(debian.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .size(10)\n .type(\"pd-ssd\")\n .zone(\"us-central1-a\")\n .build());\n\n var snapshot = new Snapshot(\"snapshot\", SnapshotArgs.builder()\n .name(\"my-snapshot\")\n .sourceDisk(persistent.id())\n .zone(\"us-central1-a\")\n .labels(Map.of(\"my_label\", \"value\"))\n .storageLocations(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n snapshot:\n type: gcp:compute:Snapshot\n properties:\n name: my-snapshot\n sourceDisk: ${persistent.id}\n zone: us-central1-a\n labels:\n my_label: value\n storageLocations:\n - us-central1\n persistent:\n type: gcp:compute:Disk\n properties:\n name: debian-disk\n image: ${debian.selfLink}\n size: 10\n type: pd-ssd\n zone: us-central1-a\nvariables:\n debian:\n fn::invoke:\n function: gcp:compute:getImage\n arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Snapshot Chainname\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst debian = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst persistent = new gcp.compute.Disk(\"persistent\", {\n name: \"debian-disk\",\n image: debian.then(debian =\u003e debian.selfLink),\n size: 10,\n type: \"pd-ssd\",\n zone: \"us-central1-a\",\n});\nconst snapshot = new gcp.compute.Snapshot(\"snapshot\", {\n name: \"my-snapshot\",\n sourceDisk: persistent.id,\n zone: \"us-central1-a\",\n chainName: \"snapshot-chain\",\n labels: {\n my_label: \"value\",\n },\n storageLocations: [\"us-central1\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndebian = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\npersistent = gcp.compute.Disk(\"persistent\",\n name=\"debian-disk\",\n image=debian.self_link,\n size=10,\n type=\"pd-ssd\",\n zone=\"us-central1-a\")\nsnapshot = gcp.compute.Snapshot(\"snapshot\",\n name=\"my-snapshot\",\n source_disk=persistent.id,\n zone=\"us-central1-a\",\n chain_name=\"snapshot-chain\",\n labels={\n \"my_label\": \"value\",\n },\n storage_locations=[\"us-central1\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var debian = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var persistent = new Gcp.Compute.Disk(\"persistent\", new()\n {\n Name = \"debian-disk\",\n Image = debian.Apply(getImageResult =\u003e getImageResult.SelfLink),\n Size = 10,\n Type = \"pd-ssd\",\n Zone = \"us-central1-a\",\n });\n\n var snapshot = new Gcp.Compute.Snapshot(\"snapshot\", new()\n {\n Name = \"my-snapshot\",\n SourceDisk = persistent.Id,\n Zone = \"us-central1-a\",\n ChainName = \"snapshot-chain\",\n Labels = \n {\n { \"my_label\", \"value\" },\n },\n StorageLocations = new[]\n {\n \"us-central1\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdebian, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpersistent, err := compute.NewDisk(ctx, \"persistent\", \u0026compute.DiskArgs{\n\t\t\tName: pulumi.String(\"debian-disk\"),\n\t\t\tImage: pulumi.String(debian.SelfLink),\n\t\t\tSize: pulumi.Int(10),\n\t\t\tType: pulumi.String(\"pd-ssd\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSnapshot(ctx, \"snapshot\", \u0026compute.SnapshotArgs{\n\t\t\tName: pulumi.String(\"my-snapshot\"),\n\t\t\tSourceDisk: persistent.ID(),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tChainName: pulumi.String(\"snapshot-chain\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"my_label\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t\tStorageLocations: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-central1\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Disk;\nimport com.pulumi.gcp.compute.DiskArgs;\nimport com.pulumi.gcp.compute.Snapshot;\nimport com.pulumi.gcp.compute.SnapshotArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var debian = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var persistent = new Disk(\"persistent\", DiskArgs.builder()\n .name(\"debian-disk\")\n .image(debian.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .size(10)\n .type(\"pd-ssd\")\n .zone(\"us-central1-a\")\n .build());\n\n var snapshot = new Snapshot(\"snapshot\", SnapshotArgs.builder()\n .name(\"my-snapshot\")\n .sourceDisk(persistent.id())\n .zone(\"us-central1-a\")\n .chainName(\"snapshot-chain\")\n .labels(Map.of(\"my_label\", \"value\"))\n .storageLocations(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n snapshot:\n type: gcp:compute:Snapshot\n properties:\n name: my-snapshot\n sourceDisk: ${persistent.id}\n zone: us-central1-a\n chainName: snapshot-chain\n labels:\n my_label: value\n storageLocations:\n - us-central1\n persistent:\n type: gcp:compute:Disk\n properties:\n name: debian-disk\n image: ${debian.selfLink}\n size: 10\n type: pd-ssd\n zone: us-central1-a\nvariables:\n debian:\n fn::invoke:\n function: gcp:compute:getImage\n arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nSnapshot can be imported using any of these accepted formats:\n\n* `projects/{{project}}/global/snapshots/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Snapshot can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/snapshot:Snapshot default projects/{{project}}/global/snapshots/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/snapshot:Snapshot default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/snapshot:Snapshot default {{name}}\n```\n\n", "properties": { "chainName": { "type": "string", @@ -182743,7 +182743,7 @@ } }, "gcp:compute/snapshotIamBinding:SnapshotIamBinding": { - "description": "Three different resources help you manage your IAM policy for Compute Engine Snapshot. Each of these resources serves a different use case:\n\n* `gcp.compute.SnapshotIamPolicy`: Authoritative. Sets the IAM policy for the snapshot and replaces any existing policy already attached.\n* `gcp.compute.SnapshotIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the snapshot are preserved.\n* `gcp.compute.SnapshotIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the snapshot are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SnapshotIamPolicy`: Retrieves the IAM policy for the snapshot\n\n\u003e **Note:** `gcp.compute.SnapshotIamPolicy` **cannot** be used in conjunction with `gcp.compute.SnapshotIamBinding` and `gcp.compute.SnapshotIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SnapshotIamBinding` resources **can be** used in conjunction with `gcp.compute.SnapshotIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.SnapshotIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SnapshotIamPolicy(\"policy\", {\n project: snapshot.project,\n name: snapshot.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.SnapshotIamPolicy(\"policy\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SnapshotIamPolicy(\"policy\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSnapshotIamPolicy(ctx, \"policy\", \u0026compute.SnapshotIamPolicyArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SnapshotIamPolicy;\nimport com.pulumi.gcp.compute.SnapshotIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SnapshotIamPolicy(\"policy\", SnapshotIamPolicyArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SnapshotIamPolicy\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.SnapshotIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SnapshotIamBinding(\"binding\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SnapshotIamBinding(\"binding\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SnapshotIamBinding(\"binding\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamBinding(ctx, \"binding\", \u0026compute.SnapshotIamBindingArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamBinding;\nimport com.pulumi.gcp.compute.SnapshotIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SnapshotIamBinding(\"binding\", SnapshotIamBindingArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SnapshotIamBinding\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.SnapshotIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SnapshotIamMember(\"member\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SnapshotIamMember(\"member\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SnapshotIamMember(\"member\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamMember(ctx, \"member\", \u0026compute.SnapshotIamMemberArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamMember;\nimport com.pulumi.gcp.compute.SnapshotIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SnapshotIamMember(\"member\", SnapshotIamMemberArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SnapshotIamMember\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine Snapshot\nThree different resources help you manage your IAM policy for Compute Engine Snapshot. Each of these resources serves a different use case:\n\n* `gcp.compute.SnapshotIamPolicy`: Authoritative. Sets the IAM policy for the snapshot and replaces any existing policy already attached.\n* `gcp.compute.SnapshotIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the snapshot are preserved.\n* `gcp.compute.SnapshotIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the snapshot are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SnapshotIamPolicy`: Retrieves the IAM policy for the snapshot\n\n\u003e **Note:** `gcp.compute.SnapshotIamPolicy` **cannot** be used in conjunction with `gcp.compute.SnapshotIamBinding` and `gcp.compute.SnapshotIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SnapshotIamBinding` resources **can be** used in conjunction with `gcp.compute.SnapshotIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.SnapshotIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SnapshotIamPolicy(\"policy\", {\n project: snapshot.project,\n name: snapshot.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.SnapshotIamPolicy(\"policy\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SnapshotIamPolicy(\"policy\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSnapshotIamPolicy(ctx, \"policy\", \u0026compute.SnapshotIamPolicyArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SnapshotIamPolicy;\nimport com.pulumi.gcp.compute.SnapshotIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SnapshotIamPolicy(\"policy\", SnapshotIamPolicyArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SnapshotIamPolicy\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.SnapshotIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SnapshotIamBinding(\"binding\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SnapshotIamBinding(\"binding\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SnapshotIamBinding(\"binding\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamBinding(ctx, \"binding\", \u0026compute.SnapshotIamBindingArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamBinding;\nimport com.pulumi.gcp.compute.SnapshotIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SnapshotIamBinding(\"binding\", SnapshotIamBindingArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SnapshotIamBinding\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.SnapshotIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SnapshotIamMember(\"member\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SnapshotIamMember(\"member\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SnapshotIamMember(\"member\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamMember(ctx, \"member\", \u0026compute.SnapshotIamMemberArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamMember;\nimport com.pulumi.gcp.compute.SnapshotIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SnapshotIamMember(\"member\", SnapshotIamMemberArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SnapshotIamMember\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/snapshots/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine snapshot IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamBinding:SnapshotIamBinding editor \"projects/{{project}}/global/snapshots/{{snapshot}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamBinding:SnapshotIamBinding editor \"projects/{{project}}/global/snapshots/{{snapshot}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamBinding:SnapshotIamBinding editor projects/{{project}}/global/snapshots/{{snapshot}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine Snapshot. Each of these resources serves a different use case:\n\n* `gcp.compute.SnapshotIamPolicy`: Authoritative. Sets the IAM policy for the snapshot and replaces any existing policy already attached.\n* `gcp.compute.SnapshotIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the snapshot are preserved.\n* `gcp.compute.SnapshotIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the snapshot are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SnapshotIamPolicy`: Retrieves the IAM policy for the snapshot\n\n\u003e **Note:** `gcp.compute.SnapshotIamPolicy` **cannot** be used in conjunction with `gcp.compute.SnapshotIamBinding` and `gcp.compute.SnapshotIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SnapshotIamBinding` resources **can be** used in conjunction with `gcp.compute.SnapshotIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.SnapshotIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SnapshotIamPolicy(\"policy\", {\n project: snapshot.project,\n name: snapshot.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.SnapshotIamPolicy(\"policy\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SnapshotIamPolicy(\"policy\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSnapshotIamPolicy(ctx, \"policy\", \u0026compute.SnapshotIamPolicyArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SnapshotIamPolicy;\nimport com.pulumi.gcp.compute.SnapshotIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SnapshotIamPolicy(\"policy\", SnapshotIamPolicyArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SnapshotIamPolicy\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.SnapshotIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SnapshotIamBinding(\"binding\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SnapshotIamBinding(\"binding\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SnapshotIamBinding(\"binding\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamBinding(ctx, \"binding\", \u0026compute.SnapshotIamBindingArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamBinding;\nimport com.pulumi.gcp.compute.SnapshotIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SnapshotIamBinding(\"binding\", SnapshotIamBindingArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SnapshotIamBinding\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.SnapshotIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SnapshotIamMember(\"member\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SnapshotIamMember(\"member\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SnapshotIamMember(\"member\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamMember(ctx, \"member\", \u0026compute.SnapshotIamMemberArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamMember;\nimport com.pulumi.gcp.compute.SnapshotIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SnapshotIamMember(\"member\", SnapshotIamMemberArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SnapshotIamMember\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine Snapshot\nThree different resources help you manage your IAM policy for Compute Engine Snapshot. Each of these resources serves a different use case:\n\n* `gcp.compute.SnapshotIamPolicy`: Authoritative. Sets the IAM policy for the snapshot and replaces any existing policy already attached.\n* `gcp.compute.SnapshotIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the snapshot are preserved.\n* `gcp.compute.SnapshotIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the snapshot are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SnapshotIamPolicy`: Retrieves the IAM policy for the snapshot\n\n\u003e **Note:** `gcp.compute.SnapshotIamPolicy` **cannot** be used in conjunction with `gcp.compute.SnapshotIamBinding` and `gcp.compute.SnapshotIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SnapshotIamBinding` resources **can be** used in conjunction with `gcp.compute.SnapshotIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.SnapshotIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SnapshotIamPolicy(\"policy\", {\n project: snapshot.project,\n name: snapshot.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.SnapshotIamPolicy(\"policy\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SnapshotIamPolicy(\"policy\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSnapshotIamPolicy(ctx, \"policy\", \u0026compute.SnapshotIamPolicyArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SnapshotIamPolicy;\nimport com.pulumi.gcp.compute.SnapshotIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SnapshotIamPolicy(\"policy\", SnapshotIamPolicyArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SnapshotIamPolicy\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.SnapshotIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SnapshotIamBinding(\"binding\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SnapshotIamBinding(\"binding\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SnapshotIamBinding(\"binding\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamBinding(ctx, \"binding\", \u0026compute.SnapshotIamBindingArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamBinding;\nimport com.pulumi.gcp.compute.SnapshotIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SnapshotIamBinding(\"binding\", SnapshotIamBindingArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SnapshotIamBinding\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.SnapshotIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SnapshotIamMember(\"member\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SnapshotIamMember(\"member\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SnapshotIamMember(\"member\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamMember(ctx, \"member\", \u0026compute.SnapshotIamMemberArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamMember;\nimport com.pulumi.gcp.compute.SnapshotIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SnapshotIamMember(\"member\", SnapshotIamMemberArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SnapshotIamMember\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/snapshots/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine snapshot IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamBinding:SnapshotIamBinding editor \"projects/{{project}}/global/snapshots/{{snapshot}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamBinding:SnapshotIamBinding editor \"projects/{{project}}/global/snapshots/{{snapshot}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamBinding:SnapshotIamBinding editor projects/{{project}}/global/snapshots/{{snapshot}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:compute/SnapshotIamBindingCondition:SnapshotIamBindingCondition" @@ -182849,7 +182849,7 @@ } }, "gcp:compute/snapshotIamMember:SnapshotIamMember": { - "description": "Three different resources help you manage your IAM policy for Compute Engine Snapshot. Each of these resources serves a different use case:\n\n* `gcp.compute.SnapshotIamPolicy`: Authoritative. Sets the IAM policy for the snapshot and replaces any existing policy already attached.\n* `gcp.compute.SnapshotIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the snapshot are preserved.\n* `gcp.compute.SnapshotIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the snapshot are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SnapshotIamPolicy`: Retrieves the IAM policy for the snapshot\n\n\u003e **Note:** `gcp.compute.SnapshotIamPolicy` **cannot** be used in conjunction with `gcp.compute.SnapshotIamBinding` and `gcp.compute.SnapshotIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SnapshotIamBinding` resources **can be** used in conjunction with `gcp.compute.SnapshotIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.SnapshotIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SnapshotIamPolicy(\"policy\", {\n project: snapshot.project,\n name: snapshot.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.SnapshotIamPolicy(\"policy\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SnapshotIamPolicy(\"policy\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSnapshotIamPolicy(ctx, \"policy\", \u0026compute.SnapshotIamPolicyArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SnapshotIamPolicy;\nimport com.pulumi.gcp.compute.SnapshotIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SnapshotIamPolicy(\"policy\", SnapshotIamPolicyArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SnapshotIamPolicy\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.SnapshotIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SnapshotIamBinding(\"binding\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SnapshotIamBinding(\"binding\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SnapshotIamBinding(\"binding\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamBinding(ctx, \"binding\", \u0026compute.SnapshotIamBindingArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamBinding;\nimport com.pulumi.gcp.compute.SnapshotIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SnapshotIamBinding(\"binding\", SnapshotIamBindingArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SnapshotIamBinding\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.SnapshotIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SnapshotIamMember(\"member\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SnapshotIamMember(\"member\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SnapshotIamMember(\"member\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamMember(ctx, \"member\", \u0026compute.SnapshotIamMemberArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamMember;\nimport com.pulumi.gcp.compute.SnapshotIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SnapshotIamMember(\"member\", SnapshotIamMemberArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SnapshotIamMember\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine Snapshot\nThree different resources help you manage your IAM policy for Compute Engine Snapshot. Each of these resources serves a different use case:\n\n* `gcp.compute.SnapshotIamPolicy`: Authoritative. Sets the IAM policy for the snapshot and replaces any existing policy already attached.\n* `gcp.compute.SnapshotIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the snapshot are preserved.\n* `gcp.compute.SnapshotIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the snapshot are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SnapshotIamPolicy`: Retrieves the IAM policy for the snapshot\n\n\u003e **Note:** `gcp.compute.SnapshotIamPolicy` **cannot** be used in conjunction with `gcp.compute.SnapshotIamBinding` and `gcp.compute.SnapshotIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SnapshotIamBinding` resources **can be** used in conjunction with `gcp.compute.SnapshotIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.SnapshotIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SnapshotIamPolicy(\"policy\", {\n project: snapshot.project,\n name: snapshot.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.SnapshotIamPolicy(\"policy\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SnapshotIamPolicy(\"policy\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSnapshotIamPolicy(ctx, \"policy\", \u0026compute.SnapshotIamPolicyArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SnapshotIamPolicy;\nimport com.pulumi.gcp.compute.SnapshotIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SnapshotIamPolicy(\"policy\", SnapshotIamPolicyArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SnapshotIamPolicy\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.SnapshotIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SnapshotIamBinding(\"binding\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SnapshotIamBinding(\"binding\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SnapshotIamBinding(\"binding\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamBinding(ctx, \"binding\", \u0026compute.SnapshotIamBindingArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamBinding;\nimport com.pulumi.gcp.compute.SnapshotIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SnapshotIamBinding(\"binding\", SnapshotIamBindingArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SnapshotIamBinding\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.SnapshotIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SnapshotIamMember(\"member\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SnapshotIamMember(\"member\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SnapshotIamMember(\"member\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamMember(ctx, \"member\", \u0026compute.SnapshotIamMemberArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamMember;\nimport com.pulumi.gcp.compute.SnapshotIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SnapshotIamMember(\"member\", SnapshotIamMemberArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SnapshotIamMember\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/snapshots/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine snapshot IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamMember:SnapshotIamMember editor \"projects/{{project}}/global/snapshots/{{snapshot}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamMember:SnapshotIamMember editor \"projects/{{project}}/global/snapshots/{{snapshot}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamMember:SnapshotIamMember editor projects/{{project}}/global/snapshots/{{snapshot}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine Snapshot. Each of these resources serves a different use case:\n\n* `gcp.compute.SnapshotIamPolicy`: Authoritative. Sets the IAM policy for the snapshot and replaces any existing policy already attached.\n* `gcp.compute.SnapshotIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the snapshot are preserved.\n* `gcp.compute.SnapshotIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the snapshot are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SnapshotIamPolicy`: Retrieves the IAM policy for the snapshot\n\n\u003e **Note:** `gcp.compute.SnapshotIamPolicy` **cannot** be used in conjunction with `gcp.compute.SnapshotIamBinding` and `gcp.compute.SnapshotIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SnapshotIamBinding` resources **can be** used in conjunction with `gcp.compute.SnapshotIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.SnapshotIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SnapshotIamPolicy(\"policy\", {\n project: snapshot.project,\n name: snapshot.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.SnapshotIamPolicy(\"policy\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SnapshotIamPolicy(\"policy\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSnapshotIamPolicy(ctx, \"policy\", \u0026compute.SnapshotIamPolicyArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SnapshotIamPolicy;\nimport com.pulumi.gcp.compute.SnapshotIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SnapshotIamPolicy(\"policy\", SnapshotIamPolicyArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SnapshotIamPolicy\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.SnapshotIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SnapshotIamBinding(\"binding\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SnapshotIamBinding(\"binding\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SnapshotIamBinding(\"binding\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamBinding(ctx, \"binding\", \u0026compute.SnapshotIamBindingArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamBinding;\nimport com.pulumi.gcp.compute.SnapshotIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SnapshotIamBinding(\"binding\", SnapshotIamBindingArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SnapshotIamBinding\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.SnapshotIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SnapshotIamMember(\"member\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SnapshotIamMember(\"member\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SnapshotIamMember(\"member\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamMember(ctx, \"member\", \u0026compute.SnapshotIamMemberArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamMember;\nimport com.pulumi.gcp.compute.SnapshotIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SnapshotIamMember(\"member\", SnapshotIamMemberArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SnapshotIamMember\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine Snapshot\nThree different resources help you manage your IAM policy for Compute Engine Snapshot. Each of these resources serves a different use case:\n\n* `gcp.compute.SnapshotIamPolicy`: Authoritative. Sets the IAM policy for the snapshot and replaces any existing policy already attached.\n* `gcp.compute.SnapshotIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the snapshot are preserved.\n* `gcp.compute.SnapshotIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the snapshot are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SnapshotIamPolicy`: Retrieves the IAM policy for the snapshot\n\n\u003e **Note:** `gcp.compute.SnapshotIamPolicy` **cannot** be used in conjunction with `gcp.compute.SnapshotIamBinding` and `gcp.compute.SnapshotIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SnapshotIamBinding` resources **can be** used in conjunction with `gcp.compute.SnapshotIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.SnapshotIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SnapshotIamPolicy(\"policy\", {\n project: snapshot.project,\n name: snapshot.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.SnapshotIamPolicy(\"policy\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SnapshotIamPolicy(\"policy\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSnapshotIamPolicy(ctx, \"policy\", \u0026compute.SnapshotIamPolicyArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SnapshotIamPolicy;\nimport com.pulumi.gcp.compute.SnapshotIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SnapshotIamPolicy(\"policy\", SnapshotIamPolicyArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SnapshotIamPolicy\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.SnapshotIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SnapshotIamBinding(\"binding\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SnapshotIamBinding(\"binding\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SnapshotIamBinding(\"binding\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamBinding(ctx, \"binding\", \u0026compute.SnapshotIamBindingArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamBinding;\nimport com.pulumi.gcp.compute.SnapshotIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SnapshotIamBinding(\"binding\", SnapshotIamBindingArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SnapshotIamBinding\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.SnapshotIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SnapshotIamMember(\"member\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SnapshotIamMember(\"member\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SnapshotIamMember(\"member\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamMember(ctx, \"member\", \u0026compute.SnapshotIamMemberArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamMember;\nimport com.pulumi.gcp.compute.SnapshotIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SnapshotIamMember(\"member\", SnapshotIamMemberArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SnapshotIamMember\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/snapshots/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine snapshot IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamMember:SnapshotIamMember editor \"projects/{{project}}/global/snapshots/{{snapshot}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamMember:SnapshotIamMember editor \"projects/{{project}}/global/snapshots/{{snapshot}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamMember:SnapshotIamMember editor projects/{{project}}/global/snapshots/{{snapshot}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:compute/SnapshotIamMemberCondition:SnapshotIamMemberCondition" @@ -182948,7 +182948,7 @@ } }, "gcp:compute/snapshotIamPolicy:SnapshotIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Compute Engine Snapshot. Each of these resources serves a different use case:\n\n* `gcp.compute.SnapshotIamPolicy`: Authoritative. Sets the IAM policy for the snapshot and replaces any existing policy already attached.\n* `gcp.compute.SnapshotIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the snapshot are preserved.\n* `gcp.compute.SnapshotIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the snapshot are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SnapshotIamPolicy`: Retrieves the IAM policy for the snapshot\n\n\u003e **Note:** `gcp.compute.SnapshotIamPolicy` **cannot** be used in conjunction with `gcp.compute.SnapshotIamBinding` and `gcp.compute.SnapshotIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SnapshotIamBinding` resources **can be** used in conjunction with `gcp.compute.SnapshotIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.SnapshotIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SnapshotIamPolicy(\"policy\", {\n project: snapshot.project,\n name: snapshot.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.SnapshotIamPolicy(\"policy\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SnapshotIamPolicy(\"policy\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSnapshotIamPolicy(ctx, \"policy\", \u0026compute.SnapshotIamPolicyArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SnapshotIamPolicy;\nimport com.pulumi.gcp.compute.SnapshotIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SnapshotIamPolicy(\"policy\", SnapshotIamPolicyArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SnapshotIamPolicy\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.SnapshotIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SnapshotIamBinding(\"binding\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SnapshotIamBinding(\"binding\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SnapshotIamBinding(\"binding\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamBinding(ctx, \"binding\", \u0026compute.SnapshotIamBindingArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamBinding;\nimport com.pulumi.gcp.compute.SnapshotIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SnapshotIamBinding(\"binding\", SnapshotIamBindingArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SnapshotIamBinding\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.SnapshotIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SnapshotIamMember(\"member\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SnapshotIamMember(\"member\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SnapshotIamMember(\"member\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamMember(ctx, \"member\", \u0026compute.SnapshotIamMemberArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamMember;\nimport com.pulumi.gcp.compute.SnapshotIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SnapshotIamMember(\"member\", SnapshotIamMemberArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SnapshotIamMember\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine Snapshot\nThree different resources help you manage your IAM policy for Compute Engine Snapshot. Each of these resources serves a different use case:\n\n* `gcp.compute.SnapshotIamPolicy`: Authoritative. Sets the IAM policy for the snapshot and replaces any existing policy already attached.\n* `gcp.compute.SnapshotIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the snapshot are preserved.\n* `gcp.compute.SnapshotIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the snapshot are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SnapshotIamPolicy`: Retrieves the IAM policy for the snapshot\n\n\u003e **Note:** `gcp.compute.SnapshotIamPolicy` **cannot** be used in conjunction with `gcp.compute.SnapshotIamBinding` and `gcp.compute.SnapshotIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SnapshotIamBinding` resources **can be** used in conjunction with `gcp.compute.SnapshotIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.SnapshotIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SnapshotIamPolicy(\"policy\", {\n project: snapshot.project,\n name: snapshot.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.SnapshotIamPolicy(\"policy\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SnapshotIamPolicy(\"policy\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSnapshotIamPolicy(ctx, \"policy\", \u0026compute.SnapshotIamPolicyArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SnapshotIamPolicy;\nimport com.pulumi.gcp.compute.SnapshotIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SnapshotIamPolicy(\"policy\", SnapshotIamPolicyArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SnapshotIamPolicy\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.SnapshotIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SnapshotIamBinding(\"binding\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SnapshotIamBinding(\"binding\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SnapshotIamBinding(\"binding\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamBinding(ctx, \"binding\", \u0026compute.SnapshotIamBindingArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamBinding;\nimport com.pulumi.gcp.compute.SnapshotIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SnapshotIamBinding(\"binding\", SnapshotIamBindingArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SnapshotIamBinding\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.SnapshotIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SnapshotIamMember(\"member\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SnapshotIamMember(\"member\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SnapshotIamMember(\"member\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamMember(ctx, \"member\", \u0026compute.SnapshotIamMemberArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamMember;\nimport com.pulumi.gcp.compute.SnapshotIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SnapshotIamMember(\"member\", SnapshotIamMemberArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SnapshotIamMember\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/snapshots/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine snapshot IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamPolicy:SnapshotIamPolicy editor \"projects/{{project}}/global/snapshots/{{snapshot}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamPolicy:SnapshotIamPolicy editor \"projects/{{project}}/global/snapshots/{{snapshot}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamPolicy:SnapshotIamPolicy editor projects/{{project}}/global/snapshots/{{snapshot}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine Snapshot. Each of these resources serves a different use case:\n\n* `gcp.compute.SnapshotIamPolicy`: Authoritative. Sets the IAM policy for the snapshot and replaces any existing policy already attached.\n* `gcp.compute.SnapshotIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the snapshot are preserved.\n* `gcp.compute.SnapshotIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the snapshot are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SnapshotIamPolicy`: Retrieves the IAM policy for the snapshot\n\n\u003e **Note:** `gcp.compute.SnapshotIamPolicy` **cannot** be used in conjunction with `gcp.compute.SnapshotIamBinding` and `gcp.compute.SnapshotIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SnapshotIamBinding` resources **can be** used in conjunction with `gcp.compute.SnapshotIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.SnapshotIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SnapshotIamPolicy(\"policy\", {\n project: snapshot.project,\n name: snapshot.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.SnapshotIamPolicy(\"policy\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SnapshotIamPolicy(\"policy\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSnapshotIamPolicy(ctx, \"policy\", \u0026compute.SnapshotIamPolicyArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SnapshotIamPolicy;\nimport com.pulumi.gcp.compute.SnapshotIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SnapshotIamPolicy(\"policy\", SnapshotIamPolicyArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SnapshotIamPolicy\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.SnapshotIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SnapshotIamBinding(\"binding\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SnapshotIamBinding(\"binding\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SnapshotIamBinding(\"binding\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamBinding(ctx, \"binding\", \u0026compute.SnapshotIamBindingArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamBinding;\nimport com.pulumi.gcp.compute.SnapshotIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SnapshotIamBinding(\"binding\", SnapshotIamBindingArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SnapshotIamBinding\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.SnapshotIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SnapshotIamMember(\"member\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SnapshotIamMember(\"member\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SnapshotIamMember(\"member\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamMember(ctx, \"member\", \u0026compute.SnapshotIamMemberArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamMember;\nimport com.pulumi.gcp.compute.SnapshotIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SnapshotIamMember(\"member\", SnapshotIamMemberArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SnapshotIamMember\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine Snapshot\nThree different resources help you manage your IAM policy for Compute Engine Snapshot. Each of these resources serves a different use case:\n\n* `gcp.compute.SnapshotIamPolicy`: Authoritative. Sets the IAM policy for the snapshot and replaces any existing policy already attached.\n* `gcp.compute.SnapshotIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the snapshot are preserved.\n* `gcp.compute.SnapshotIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the snapshot are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SnapshotIamPolicy`: Retrieves the IAM policy for the snapshot\n\n\u003e **Note:** `gcp.compute.SnapshotIamPolicy` **cannot** be used in conjunction with `gcp.compute.SnapshotIamBinding` and `gcp.compute.SnapshotIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SnapshotIamBinding` resources **can be** used in conjunction with `gcp.compute.SnapshotIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.compute.SnapshotIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SnapshotIamPolicy(\"policy\", {\n project: snapshot.project,\n name: snapshot.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.SnapshotIamPolicy(\"policy\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SnapshotIamPolicy(\"policy\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSnapshotIamPolicy(ctx, \"policy\", \u0026compute.SnapshotIamPolicyArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SnapshotIamPolicy;\nimport com.pulumi.gcp.compute.SnapshotIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SnapshotIamPolicy(\"policy\", SnapshotIamPolicyArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SnapshotIamPolicy\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.SnapshotIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SnapshotIamBinding(\"binding\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SnapshotIamBinding(\"binding\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SnapshotIamBinding(\"binding\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamBinding(ctx, \"binding\", \u0026compute.SnapshotIamBindingArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamBinding;\nimport com.pulumi.gcp.compute.SnapshotIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SnapshotIamBinding(\"binding\", SnapshotIamBindingArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SnapshotIamBinding\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.compute.SnapshotIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SnapshotIamMember(\"member\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SnapshotIamMember(\"member\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SnapshotIamMember(\"member\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamMember(ctx, \"member\", \u0026compute.SnapshotIamMemberArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamMember;\nimport com.pulumi.gcp.compute.SnapshotIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SnapshotIamMember(\"member\", SnapshotIamMemberArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SnapshotIamMember\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/snapshots/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine snapshot IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamPolicy:SnapshotIamPolicy editor \"projects/{{project}}/global/snapshots/{{snapshot}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamPolicy:SnapshotIamPolicy editor \"projects/{{project}}/global/snapshots/{{snapshot}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamPolicy:SnapshotIamPolicy editor projects/{{project}}/global/snapshots/{{snapshot}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -183345,7 +183345,7 @@ } }, "gcp:compute/subnetworkIAMBinding:SubnetworkIAMBinding": { - "description": "Three different resources help you manage your IAM policy for Compute Engine Subnetwork. Each of these resources serves a different use case:\n\n* `gcp.compute.SubnetworkIAMPolicy`: Authoritative. Sets the IAM policy for the subnetwork and replaces any existing policy already attached.\n* `gcp.compute.SubnetworkIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the subnetwork are preserved.\n* `gcp.compute.SubnetworkIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the subnetwork are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SubnetworkIAMPolicy`: Retrieves the IAM policy for the subnetwork\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMPolicy` **cannot** be used in conjunction with `gcp.compute.SubnetworkIAMBinding` and `gcp.compute.SubnetworkIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMBinding` resources **can be** used in conjunction with `gcp.compute.SubnetworkIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.SubnetworkIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.networkUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.networkUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.SubnetworkIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.SubnetworkIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(SubnetworkIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.SubnetworkIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.SubnetworkIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(SubnetworkIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine Subnetwork\nThree different resources help you manage your IAM policy for Compute Engine Subnetwork. Each of these resources serves a different use case:\n\n* `gcp.compute.SubnetworkIAMPolicy`: Authoritative. Sets the IAM policy for the subnetwork and replaces any existing policy already attached.\n* `gcp.compute.SubnetworkIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the subnetwork are preserved.\n* `gcp.compute.SubnetworkIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the subnetwork are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SubnetworkIAMPolicy`: Retrieves the IAM policy for the subnetwork\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMPolicy` **cannot** be used in conjunction with `gcp.compute.SubnetworkIAMBinding` and `gcp.compute.SubnetworkIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMBinding` resources **can be** used in conjunction with `gcp.compute.SubnetworkIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.SubnetworkIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.networkUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.networkUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.SubnetworkIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.SubnetworkIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(SubnetworkIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.SubnetworkIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.SubnetworkIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(SubnetworkIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/regions/{{region}}/subnetworks/{{name}}\n\n* {{project}}/{{region}}/{{name}}\n\n* {{region}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine subnetwork IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMBinding:SubnetworkIAMBinding editor \"projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}} roles/compute.networkUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMBinding:SubnetworkIAMBinding editor \"projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}} roles/compute.networkUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMBinding:SubnetworkIAMBinding editor projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine Subnetwork. Each of these resources serves a different use case:\n\n* `gcp.compute.SubnetworkIAMPolicy`: Authoritative. Sets the IAM policy for the subnetwork and replaces any existing policy already attached.\n* `gcp.compute.SubnetworkIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the subnetwork are preserved.\n* `gcp.compute.SubnetworkIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the subnetwork are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SubnetworkIAMPolicy`: Retrieves the IAM policy for the subnetwork\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMPolicy` **cannot** be used in conjunction with `gcp.compute.SubnetworkIAMBinding` and `gcp.compute.SubnetworkIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMBinding` resources **can be** used in conjunction with `gcp.compute.SubnetworkIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.SubnetworkIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.networkUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.networkUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.SubnetworkIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.SubnetworkIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(SubnetworkIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.SubnetworkIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.SubnetworkIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(SubnetworkIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine Subnetwork\nThree different resources help you manage your IAM policy for Compute Engine Subnetwork. Each of these resources serves a different use case:\n\n* `gcp.compute.SubnetworkIAMPolicy`: Authoritative. Sets the IAM policy for the subnetwork and replaces any existing policy already attached.\n* `gcp.compute.SubnetworkIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the subnetwork are preserved.\n* `gcp.compute.SubnetworkIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the subnetwork are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SubnetworkIAMPolicy`: Retrieves the IAM policy for the subnetwork\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMPolicy` **cannot** be used in conjunction with `gcp.compute.SubnetworkIAMBinding` and `gcp.compute.SubnetworkIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMBinding` resources **can be** used in conjunction with `gcp.compute.SubnetworkIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.SubnetworkIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.networkUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.networkUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.SubnetworkIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.SubnetworkIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(SubnetworkIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.SubnetworkIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.SubnetworkIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(SubnetworkIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/regions/{{region}}/subnetworks/{{name}}\n\n* {{project}}/{{region}}/{{name}}\n\n* {{region}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine subnetwork IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMBinding:SubnetworkIAMBinding editor \"projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}} roles/compute.networkUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMBinding:SubnetworkIAMBinding editor \"projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}} roles/compute.networkUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMBinding:SubnetworkIAMBinding editor projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:compute/SubnetworkIAMBindingCondition:SubnetworkIAMBindingCondition", @@ -183470,7 +183470,7 @@ } }, "gcp:compute/subnetworkIAMMember:SubnetworkIAMMember": { - "description": "Three different resources help you manage your IAM policy for Compute Engine Subnetwork. Each of these resources serves a different use case:\n\n* `gcp.compute.SubnetworkIAMPolicy`: Authoritative. Sets the IAM policy for the subnetwork and replaces any existing policy already attached.\n* `gcp.compute.SubnetworkIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the subnetwork are preserved.\n* `gcp.compute.SubnetworkIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the subnetwork are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SubnetworkIAMPolicy`: Retrieves the IAM policy for the subnetwork\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMPolicy` **cannot** be used in conjunction with `gcp.compute.SubnetworkIAMBinding` and `gcp.compute.SubnetworkIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMBinding` resources **can be** used in conjunction with `gcp.compute.SubnetworkIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.SubnetworkIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.networkUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.networkUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.SubnetworkIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.SubnetworkIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(SubnetworkIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.SubnetworkIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.SubnetworkIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(SubnetworkIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine Subnetwork\nThree different resources help you manage your IAM policy for Compute Engine Subnetwork. Each of these resources serves a different use case:\n\n* `gcp.compute.SubnetworkIAMPolicy`: Authoritative. Sets the IAM policy for the subnetwork and replaces any existing policy already attached.\n* `gcp.compute.SubnetworkIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the subnetwork are preserved.\n* `gcp.compute.SubnetworkIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the subnetwork are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SubnetworkIAMPolicy`: Retrieves the IAM policy for the subnetwork\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMPolicy` **cannot** be used in conjunction with `gcp.compute.SubnetworkIAMBinding` and `gcp.compute.SubnetworkIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMBinding` resources **can be** used in conjunction with `gcp.compute.SubnetworkIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.SubnetworkIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.networkUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.networkUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.SubnetworkIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.SubnetworkIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(SubnetworkIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.SubnetworkIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.SubnetworkIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(SubnetworkIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/regions/{{region}}/subnetworks/{{name}}\n\n* {{project}}/{{region}}/{{name}}\n\n* {{region}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine subnetwork IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMMember:SubnetworkIAMMember editor \"projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}} roles/compute.networkUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMMember:SubnetworkIAMMember editor \"projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}} roles/compute.networkUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMMember:SubnetworkIAMMember editor projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine Subnetwork. Each of these resources serves a different use case:\n\n* `gcp.compute.SubnetworkIAMPolicy`: Authoritative. Sets the IAM policy for the subnetwork and replaces any existing policy already attached.\n* `gcp.compute.SubnetworkIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the subnetwork are preserved.\n* `gcp.compute.SubnetworkIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the subnetwork are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SubnetworkIAMPolicy`: Retrieves the IAM policy for the subnetwork\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMPolicy` **cannot** be used in conjunction with `gcp.compute.SubnetworkIAMBinding` and `gcp.compute.SubnetworkIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMBinding` resources **can be** used in conjunction with `gcp.compute.SubnetworkIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.SubnetworkIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.networkUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.networkUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.SubnetworkIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.SubnetworkIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(SubnetworkIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.SubnetworkIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.SubnetworkIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(SubnetworkIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine Subnetwork\nThree different resources help you manage your IAM policy for Compute Engine Subnetwork. Each of these resources serves a different use case:\n\n* `gcp.compute.SubnetworkIAMPolicy`: Authoritative. Sets the IAM policy for the subnetwork and replaces any existing policy already attached.\n* `gcp.compute.SubnetworkIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the subnetwork are preserved.\n* `gcp.compute.SubnetworkIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the subnetwork are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SubnetworkIAMPolicy`: Retrieves the IAM policy for the subnetwork\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMPolicy` **cannot** be used in conjunction with `gcp.compute.SubnetworkIAMBinding` and `gcp.compute.SubnetworkIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMBinding` resources **can be** used in conjunction with `gcp.compute.SubnetworkIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.SubnetworkIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.networkUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.networkUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.SubnetworkIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.SubnetworkIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(SubnetworkIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.SubnetworkIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.SubnetworkIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(SubnetworkIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/regions/{{region}}/subnetworks/{{name}}\n\n* {{project}}/{{region}}/{{name}}\n\n* {{region}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine subnetwork IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMMember:SubnetworkIAMMember editor \"projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}} roles/compute.networkUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMMember:SubnetworkIAMMember editor \"projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}} roles/compute.networkUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMMember:SubnetworkIAMMember editor projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:compute/SubnetworkIAMMemberCondition:SubnetworkIAMMemberCondition", @@ -183588,7 +183588,7 @@ } }, "gcp:compute/subnetworkIAMPolicy:SubnetworkIAMPolicy": { - "description": "Three different resources help you manage your IAM policy for Compute Engine Subnetwork. Each of these resources serves a different use case:\n\n* `gcp.compute.SubnetworkIAMPolicy`: Authoritative. Sets the IAM policy for the subnetwork and replaces any existing policy already attached.\n* `gcp.compute.SubnetworkIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the subnetwork are preserved.\n* `gcp.compute.SubnetworkIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the subnetwork are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SubnetworkIAMPolicy`: Retrieves the IAM policy for the subnetwork\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMPolicy` **cannot** be used in conjunction with `gcp.compute.SubnetworkIAMBinding` and `gcp.compute.SubnetworkIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMBinding` resources **can be** used in conjunction with `gcp.compute.SubnetworkIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.SubnetworkIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.networkUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.networkUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.SubnetworkIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.SubnetworkIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(SubnetworkIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.SubnetworkIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.SubnetworkIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(SubnetworkIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine Subnetwork\nThree different resources help you manage your IAM policy for Compute Engine Subnetwork. Each of these resources serves a different use case:\n\n* `gcp.compute.SubnetworkIAMPolicy`: Authoritative. Sets the IAM policy for the subnetwork and replaces any existing policy already attached.\n* `gcp.compute.SubnetworkIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the subnetwork are preserved.\n* `gcp.compute.SubnetworkIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the subnetwork are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SubnetworkIAMPolicy`: Retrieves the IAM policy for the subnetwork\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMPolicy` **cannot** be used in conjunction with `gcp.compute.SubnetworkIAMBinding` and `gcp.compute.SubnetworkIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMBinding` resources **can be** used in conjunction with `gcp.compute.SubnetworkIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.SubnetworkIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.networkUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.networkUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.SubnetworkIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.SubnetworkIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(SubnetworkIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.SubnetworkIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.SubnetworkIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(SubnetworkIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/regions/{{region}}/subnetworks/{{name}}\n\n* {{project}}/{{region}}/{{name}}\n\n* {{region}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine subnetwork IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMPolicy:SubnetworkIAMPolicy editor \"projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}} roles/compute.networkUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMPolicy:SubnetworkIAMPolicy editor \"projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}} roles/compute.networkUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMPolicy:SubnetworkIAMPolicy editor projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine Subnetwork. Each of these resources serves a different use case:\n\n* `gcp.compute.SubnetworkIAMPolicy`: Authoritative. Sets the IAM policy for the subnetwork and replaces any existing policy already attached.\n* `gcp.compute.SubnetworkIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the subnetwork are preserved.\n* `gcp.compute.SubnetworkIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the subnetwork are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SubnetworkIAMPolicy`: Retrieves the IAM policy for the subnetwork\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMPolicy` **cannot** be used in conjunction with `gcp.compute.SubnetworkIAMBinding` and `gcp.compute.SubnetworkIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMBinding` resources **can be** used in conjunction with `gcp.compute.SubnetworkIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.SubnetworkIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.networkUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.networkUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.SubnetworkIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.SubnetworkIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(SubnetworkIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.SubnetworkIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.SubnetworkIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(SubnetworkIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Compute Engine Subnetwork\nThree different resources help you manage your IAM policy for Compute Engine Subnetwork. Each of these resources serves a different use case:\n\n* `gcp.compute.SubnetworkIAMPolicy`: Authoritative. Sets the IAM policy for the subnetwork and replaces any existing policy already attached.\n* `gcp.compute.SubnetworkIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the subnetwork are preserved.\n* `gcp.compute.SubnetworkIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the subnetwork are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SubnetworkIAMPolicy`: Retrieves the IAM policy for the subnetwork\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMPolicy` **cannot** be used in conjunction with `gcp.compute.SubnetworkIAMBinding` and `gcp.compute.SubnetworkIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMBinding` resources **can be** used in conjunction with `gcp.compute.SubnetworkIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.compute.SubnetworkIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.networkUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.networkUser\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.SubnetworkIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.SubnetworkIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(SubnetworkIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.compute.SubnetworkIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.SubnetworkIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(SubnetworkIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/regions/{{region}}/subnetworks/{{name}}\n\n* {{project}}/{{region}}/{{name}}\n\n* {{region}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine subnetwork IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMPolicy:SubnetworkIAMPolicy editor \"projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}} roles/compute.networkUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMPolicy:SubnetworkIAMPolicy editor \"projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}} roles/compute.networkUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMPolicy:SubnetworkIAMPolicy editor projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -183926,7 +183926,7 @@ } }, "gcp:compute/targetHttpsProxy:TargetHttpsProxy": { - "description": "Represents a TargetHttpsProxy resource, which is used by one or more\nglobal forwarding rule to route incoming HTTPS requests to a URL map.\n\n\nTo get more information about TargetHttpsProxy, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/v1/targetHttpsProxies)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/compute/docs/load-balancing/http/target-proxies)\n\n## Example Usage\n\n### Target Https Proxy Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst defaultSSLCertificate = new gcp.compute.SSLCertificate(\"default\", {\n name: \"my-certificate\",\n privateKey: std.file({\n input: \"path/to/private.key\",\n }).then(invoke =\u003e invoke.result),\n certificate: std.file({\n input: \"path/to/certificate.crt\",\n }).then(invoke =\u003e invoke.result),\n});\nconst defaultHttpHealthCheck = new gcp.compute.HttpHealthCheck(\"default\", {\n name: \"http-health-check\",\n requestPath: \"/\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n});\nconst defaultBackendService = new gcp.compute.BackendService(\"default\", {\n name: \"backend-service\",\n portName: \"http\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n healthChecks: defaultHttpHealthCheck.id,\n});\nconst defaultURLMap = new gcp.compute.URLMap(\"default\", {\n name: \"url-map\",\n description: \"a description\",\n defaultService: defaultBackendService.id,\n hostRules: [{\n hosts: [\"mysite.com\"],\n pathMatcher: \"allpaths\",\n }],\n pathMatchers: [{\n name: \"allpaths\",\n defaultService: defaultBackendService.id,\n pathRules: [{\n paths: [\"/*\"],\n service: defaultBackendService.id,\n }],\n }],\n});\nconst _default = new gcp.compute.TargetHttpsProxy(\"default\", {\n name: \"test-proxy\",\n urlMap: defaultURLMap.id,\n sslCertificates: [defaultSSLCertificate.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndefault_ssl_certificate = gcp.compute.SSLCertificate(\"default\",\n name=\"my-certificate\",\n private_key=std.file(input=\"path/to/private.key\").result,\n certificate=std.file(input=\"path/to/certificate.crt\").result)\ndefault_http_health_check = gcp.compute.HttpHealthCheck(\"default\",\n name=\"http-health-check\",\n request_path=\"/\",\n check_interval_sec=1,\n timeout_sec=1)\ndefault_backend_service = gcp.compute.BackendService(\"default\",\n name=\"backend-service\",\n port_name=\"http\",\n protocol=\"HTTP\",\n timeout_sec=10,\n health_checks=default_http_health_check.id)\ndefault_url_map = gcp.compute.URLMap(\"default\",\n name=\"url-map\",\n description=\"a description\",\n default_service=default_backend_service.id,\n host_rules=[{\n \"hosts\": [\"mysite.com\"],\n \"path_matcher\": \"allpaths\",\n }],\n path_matchers=[{\n \"name\": \"allpaths\",\n \"default_service\": default_backend_service.id,\n \"path_rules\": [{\n \"paths\": [\"/*\"],\n \"service\": default_backend_service.id,\n }],\n }])\ndefault = gcp.compute.TargetHttpsProxy(\"default\",\n name=\"test-proxy\",\n url_map=default_url_map.id,\n ssl_certificates=[default_ssl_certificate.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultSSLCertificate = new Gcp.Compute.SSLCertificate(\"default\", new()\n {\n Name = \"my-certificate\",\n PrivateKey = Std.File.Invoke(new()\n {\n Input = \"path/to/private.key\",\n }).Apply(invoke =\u003e invoke.Result),\n Certificate = Std.File.Invoke(new()\n {\n Input = \"path/to/certificate.crt\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n var defaultHttpHealthCheck = new Gcp.Compute.HttpHealthCheck(\"default\", new()\n {\n Name = \"http-health-check\",\n RequestPath = \"/\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n });\n\n var defaultBackendService = new Gcp.Compute.BackendService(\"default\", new()\n {\n Name = \"backend-service\",\n PortName = \"http\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n HealthChecks = defaultHttpHealthCheck.Id,\n });\n\n var defaultURLMap = new Gcp.Compute.URLMap(\"default\", new()\n {\n Name = \"url-map\",\n Description = \"a description\",\n DefaultService = defaultBackendService.Id,\n HostRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapHostRuleArgs\n {\n Hosts = new[]\n {\n \"mysite.com\",\n },\n PathMatcher = \"allpaths\",\n },\n },\n PathMatchers = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherArgs\n {\n Name = \"allpaths\",\n DefaultService = defaultBackendService.Id,\n PathRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs\n {\n Paths = new[]\n {\n \"/*\",\n },\n Service = defaultBackendService.Id,\n },\n },\n },\n },\n });\n\n var @default = new Gcp.Compute.TargetHttpsProxy(\"default\", new()\n {\n Name = \"test-proxy\",\n UrlMap = defaultURLMap.Id,\n SslCertificates = new[]\n {\n defaultSSLCertificate.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"path/to/private.key\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"path/to/certificate.crt\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSSLCertificate, err := compute.NewSSLCertificate(ctx, \"default\", \u0026compute.SSLCertificateArgs{\n\t\t\tName: pulumi.String(\"my-certificate\"),\n\t\t\tPrivateKey: pulumi.String(invokeFile.Result),\n\t\t\tCertificate: pulumi.String(invokeFile1.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultHttpHealthCheck, err := compute.NewHttpHealthCheck(ctx, \"default\", \u0026compute.HttpHealthCheckArgs{\n\t\t\tName: pulumi.String(\"http-health-check\"),\n\t\t\tRequestPath: pulumi.String(\"/\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultBackendService, err := compute.NewBackendService(ctx, \"default\", \u0026compute.BackendServiceArgs{\n\t\t\tName: pulumi.String(\"backend-service\"),\n\t\t\tPortName: pulumi.String(\"http\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tHealthChecks: defaultHttpHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultURLMap, err := compute.NewURLMap(ctx, \"default\", \u0026compute.URLMapArgs{\n\t\t\tName: pulumi.String(\"url-map\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\tHostRules: compute.URLMapHostRuleArray{\n\t\t\t\t\u0026compute.URLMapHostRuleArgs{\n\t\t\t\t\tHosts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"mysite.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tPathMatcher: pulumi.String(\"allpaths\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPathMatchers: compute.URLMapPathMatcherArray{\n\t\t\t\t\u0026compute.URLMapPathMatcherArgs{\n\t\t\t\t\tName: pulumi.String(\"allpaths\"),\n\t\t\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\t\t\tPathRules: compute.URLMapPathMatcherPathRuleArray{\n\t\t\t\t\t\t\u0026compute.URLMapPathMatcherPathRuleArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"/*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tService: defaultBackendService.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewTargetHttpsProxy(ctx, \"default\", \u0026compute.TargetHttpsProxyArgs{\n\t\t\tName: pulumi.String(\"test-proxy\"),\n\t\t\tUrlMap: defaultURLMap.ID(),\n\t\t\tSslCertificates: pulumi.StringArray{\n\t\t\t\tdefaultSSLCertificate.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SSLCertificate;\nimport com.pulumi.gcp.compute.SSLCertificateArgs;\nimport com.pulumi.gcp.compute.HttpHealthCheck;\nimport com.pulumi.gcp.compute.HttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.BackendService;\nimport com.pulumi.gcp.compute.BackendServiceArgs;\nimport com.pulumi.gcp.compute.URLMap;\nimport com.pulumi.gcp.compute.URLMapArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;\nimport com.pulumi.gcp.compute.TargetHttpsProxy;\nimport com.pulumi.gcp.compute.TargetHttpsProxyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultSSLCertificate = new SSLCertificate(\"defaultSSLCertificate\", SSLCertificateArgs.builder()\n .name(\"my-certificate\")\n .privateKey(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/private.key\")\n .build()).result())\n .certificate(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/certificate.crt\")\n .build()).result())\n .build());\n\n var defaultHttpHealthCheck = new HttpHealthCheck(\"defaultHttpHealthCheck\", HttpHealthCheckArgs.builder()\n .name(\"http-health-check\")\n .requestPath(\"/\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .build());\n\n var defaultBackendService = new BackendService(\"defaultBackendService\", BackendServiceArgs.builder()\n .name(\"backend-service\")\n .portName(\"http\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .healthChecks(defaultHttpHealthCheck.id())\n .build());\n\n var defaultURLMap = new URLMap(\"defaultURLMap\", URLMapArgs.builder()\n .name(\"url-map\")\n .description(\"a description\")\n .defaultService(defaultBackendService.id())\n .hostRules(URLMapHostRuleArgs.builder()\n .hosts(\"mysite.com\")\n .pathMatcher(\"allpaths\")\n .build())\n .pathMatchers(URLMapPathMatcherArgs.builder()\n .name(\"allpaths\")\n .defaultService(defaultBackendService.id())\n .pathRules(URLMapPathMatcherPathRuleArgs.builder()\n .paths(\"/*\")\n .service(defaultBackendService.id())\n .build())\n .build())\n .build());\n\n var default_ = new TargetHttpsProxy(\"default\", TargetHttpsProxyArgs.builder()\n .name(\"test-proxy\")\n .urlMap(defaultURLMap.id())\n .sslCertificates(defaultSSLCertificate.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:TargetHttpsProxy\n properties:\n name: test-proxy\n urlMap: ${defaultURLMap.id}\n sslCertificates:\n - ${defaultSSLCertificate.id}\n defaultSSLCertificate:\n type: gcp:compute:SSLCertificate\n name: default\n properties:\n name: my-certificate\n privateKey:\n fn::invoke:\n Function: std:file\n Arguments:\n input: path/to/private.key\n Return: result\n certificate:\n fn::invoke:\n Function: std:file\n Arguments:\n input: path/to/certificate.crt\n Return: result\n defaultURLMap:\n type: gcp:compute:URLMap\n name: default\n properties:\n name: url-map\n description: a description\n defaultService: ${defaultBackendService.id}\n hostRules:\n - hosts:\n - mysite.com\n pathMatcher: allpaths\n pathMatchers:\n - name: allpaths\n defaultService: ${defaultBackendService.id}\n pathRules:\n - paths:\n - /*\n service: ${defaultBackendService.id}\n defaultBackendService:\n type: gcp:compute:BackendService\n name: default\n properties:\n name: backend-service\n portName: http\n protocol: HTTP\n timeoutSec: 10\n healthChecks: ${defaultHttpHealthCheck.id}\n defaultHttpHealthCheck:\n type: gcp:compute:HttpHealthCheck\n name: default\n properties:\n name: http-health-check\n requestPath: /\n checkIntervalSec: 1\n timeoutSec: 1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Target Https Proxy Http Keep Alive Timeout\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst defaultSSLCertificate = new gcp.compute.SSLCertificate(\"default\", {\n name: \"my-certificate\",\n privateKey: std.file({\n input: \"path/to/private.key\",\n }).then(invoke =\u003e invoke.result),\n certificate: std.file({\n input: \"path/to/certificate.crt\",\n }).then(invoke =\u003e invoke.result),\n});\nconst defaultHttpHealthCheck = new gcp.compute.HttpHealthCheck(\"default\", {\n name: \"http-health-check\",\n requestPath: \"/\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n});\nconst defaultBackendService = new gcp.compute.BackendService(\"default\", {\n name: \"backend-service\",\n portName: \"http\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n loadBalancingScheme: \"EXTERNAL_MANAGED\",\n healthChecks: defaultHttpHealthCheck.id,\n});\nconst defaultURLMap = new gcp.compute.URLMap(\"default\", {\n name: \"url-map\",\n description: \"a description\",\n defaultService: defaultBackendService.id,\n hostRules: [{\n hosts: [\"mysite.com\"],\n pathMatcher: \"allpaths\",\n }],\n pathMatchers: [{\n name: \"allpaths\",\n defaultService: defaultBackendService.id,\n pathRules: [{\n paths: [\"/*\"],\n service: defaultBackendService.id,\n }],\n }],\n});\nconst _default = new gcp.compute.TargetHttpsProxy(\"default\", {\n name: \"test-http-keep-alive-timeout-proxy\",\n httpKeepAliveTimeoutSec: 610,\n urlMap: defaultURLMap.id,\n sslCertificates: [defaultSSLCertificate.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndefault_ssl_certificate = gcp.compute.SSLCertificate(\"default\",\n name=\"my-certificate\",\n private_key=std.file(input=\"path/to/private.key\").result,\n certificate=std.file(input=\"path/to/certificate.crt\").result)\ndefault_http_health_check = gcp.compute.HttpHealthCheck(\"default\",\n name=\"http-health-check\",\n request_path=\"/\",\n check_interval_sec=1,\n timeout_sec=1)\ndefault_backend_service = gcp.compute.BackendService(\"default\",\n name=\"backend-service\",\n port_name=\"http\",\n protocol=\"HTTP\",\n timeout_sec=10,\n load_balancing_scheme=\"EXTERNAL_MANAGED\",\n health_checks=default_http_health_check.id)\ndefault_url_map = gcp.compute.URLMap(\"default\",\n name=\"url-map\",\n description=\"a description\",\n default_service=default_backend_service.id,\n host_rules=[{\n \"hosts\": [\"mysite.com\"],\n \"path_matcher\": \"allpaths\",\n }],\n path_matchers=[{\n \"name\": \"allpaths\",\n \"default_service\": default_backend_service.id,\n \"path_rules\": [{\n \"paths\": [\"/*\"],\n \"service\": default_backend_service.id,\n }],\n }])\ndefault = gcp.compute.TargetHttpsProxy(\"default\",\n name=\"test-http-keep-alive-timeout-proxy\",\n http_keep_alive_timeout_sec=610,\n url_map=default_url_map.id,\n ssl_certificates=[default_ssl_certificate.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultSSLCertificate = new Gcp.Compute.SSLCertificate(\"default\", new()\n {\n Name = \"my-certificate\",\n PrivateKey = Std.File.Invoke(new()\n {\n Input = \"path/to/private.key\",\n }).Apply(invoke =\u003e invoke.Result),\n Certificate = Std.File.Invoke(new()\n {\n Input = \"path/to/certificate.crt\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n var defaultHttpHealthCheck = new Gcp.Compute.HttpHealthCheck(\"default\", new()\n {\n Name = \"http-health-check\",\n RequestPath = \"/\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n });\n\n var defaultBackendService = new Gcp.Compute.BackendService(\"default\", new()\n {\n Name = \"backend-service\",\n PortName = \"http\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n LoadBalancingScheme = \"EXTERNAL_MANAGED\",\n HealthChecks = defaultHttpHealthCheck.Id,\n });\n\n var defaultURLMap = new Gcp.Compute.URLMap(\"default\", new()\n {\n Name = \"url-map\",\n Description = \"a description\",\n DefaultService = defaultBackendService.Id,\n HostRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapHostRuleArgs\n {\n Hosts = new[]\n {\n \"mysite.com\",\n },\n PathMatcher = \"allpaths\",\n },\n },\n PathMatchers = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherArgs\n {\n Name = \"allpaths\",\n DefaultService = defaultBackendService.Id,\n PathRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs\n {\n Paths = new[]\n {\n \"/*\",\n },\n Service = defaultBackendService.Id,\n },\n },\n },\n },\n });\n\n var @default = new Gcp.Compute.TargetHttpsProxy(\"default\", new()\n {\n Name = \"test-http-keep-alive-timeout-proxy\",\n HttpKeepAliveTimeoutSec = 610,\n UrlMap = defaultURLMap.Id,\n SslCertificates = new[]\n {\n defaultSSLCertificate.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"path/to/private.key\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"path/to/certificate.crt\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSSLCertificate, err := compute.NewSSLCertificate(ctx, \"default\", \u0026compute.SSLCertificateArgs{\n\t\t\tName: pulumi.String(\"my-certificate\"),\n\t\t\tPrivateKey: pulumi.String(invokeFile.Result),\n\t\t\tCertificate: pulumi.String(invokeFile1.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultHttpHealthCheck, err := compute.NewHttpHealthCheck(ctx, \"default\", \u0026compute.HttpHealthCheckArgs{\n\t\t\tName: pulumi.String(\"http-health-check\"),\n\t\t\tRequestPath: pulumi.String(\"/\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultBackendService, err := compute.NewBackendService(ctx, \"default\", \u0026compute.BackendServiceArgs{\n\t\t\tName: pulumi.String(\"backend-service\"),\n\t\t\tPortName: pulumi.String(\"http\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL_MANAGED\"),\n\t\t\tHealthChecks: defaultHttpHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultURLMap, err := compute.NewURLMap(ctx, \"default\", \u0026compute.URLMapArgs{\n\t\t\tName: pulumi.String(\"url-map\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\tHostRules: compute.URLMapHostRuleArray{\n\t\t\t\t\u0026compute.URLMapHostRuleArgs{\n\t\t\t\t\tHosts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"mysite.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tPathMatcher: pulumi.String(\"allpaths\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPathMatchers: compute.URLMapPathMatcherArray{\n\t\t\t\t\u0026compute.URLMapPathMatcherArgs{\n\t\t\t\t\tName: pulumi.String(\"allpaths\"),\n\t\t\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\t\t\tPathRules: compute.URLMapPathMatcherPathRuleArray{\n\t\t\t\t\t\t\u0026compute.URLMapPathMatcherPathRuleArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"/*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tService: defaultBackendService.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewTargetHttpsProxy(ctx, \"default\", \u0026compute.TargetHttpsProxyArgs{\n\t\t\tName: pulumi.String(\"test-http-keep-alive-timeout-proxy\"),\n\t\t\tHttpKeepAliveTimeoutSec: pulumi.Int(610),\n\t\t\tUrlMap: defaultURLMap.ID(),\n\t\t\tSslCertificates: pulumi.StringArray{\n\t\t\t\tdefaultSSLCertificate.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SSLCertificate;\nimport com.pulumi.gcp.compute.SSLCertificateArgs;\nimport com.pulumi.gcp.compute.HttpHealthCheck;\nimport com.pulumi.gcp.compute.HttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.BackendService;\nimport com.pulumi.gcp.compute.BackendServiceArgs;\nimport com.pulumi.gcp.compute.URLMap;\nimport com.pulumi.gcp.compute.URLMapArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;\nimport com.pulumi.gcp.compute.TargetHttpsProxy;\nimport com.pulumi.gcp.compute.TargetHttpsProxyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultSSLCertificate = new SSLCertificate(\"defaultSSLCertificate\", SSLCertificateArgs.builder()\n .name(\"my-certificate\")\n .privateKey(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/private.key\")\n .build()).result())\n .certificate(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/certificate.crt\")\n .build()).result())\n .build());\n\n var defaultHttpHealthCheck = new HttpHealthCheck(\"defaultHttpHealthCheck\", HttpHealthCheckArgs.builder()\n .name(\"http-health-check\")\n .requestPath(\"/\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .build());\n\n var defaultBackendService = new BackendService(\"defaultBackendService\", BackendServiceArgs.builder()\n .name(\"backend-service\")\n .portName(\"http\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .loadBalancingScheme(\"EXTERNAL_MANAGED\")\n .healthChecks(defaultHttpHealthCheck.id())\n .build());\n\n var defaultURLMap = new URLMap(\"defaultURLMap\", URLMapArgs.builder()\n .name(\"url-map\")\n .description(\"a description\")\n .defaultService(defaultBackendService.id())\n .hostRules(URLMapHostRuleArgs.builder()\n .hosts(\"mysite.com\")\n .pathMatcher(\"allpaths\")\n .build())\n .pathMatchers(URLMapPathMatcherArgs.builder()\n .name(\"allpaths\")\n .defaultService(defaultBackendService.id())\n .pathRules(URLMapPathMatcherPathRuleArgs.builder()\n .paths(\"/*\")\n .service(defaultBackendService.id())\n .build())\n .build())\n .build());\n\n var default_ = new TargetHttpsProxy(\"default\", TargetHttpsProxyArgs.builder()\n .name(\"test-http-keep-alive-timeout-proxy\")\n .httpKeepAliveTimeoutSec(610)\n .urlMap(defaultURLMap.id())\n .sslCertificates(defaultSSLCertificate.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:TargetHttpsProxy\n properties:\n name: test-http-keep-alive-timeout-proxy\n httpKeepAliveTimeoutSec: 610\n urlMap: ${defaultURLMap.id}\n sslCertificates:\n - ${defaultSSLCertificate.id}\n defaultSSLCertificate:\n type: gcp:compute:SSLCertificate\n name: default\n properties:\n name: my-certificate\n privateKey:\n fn::invoke:\n Function: std:file\n Arguments:\n input: path/to/private.key\n Return: result\n certificate:\n fn::invoke:\n Function: std:file\n Arguments:\n input: path/to/certificate.crt\n Return: result\n defaultURLMap:\n type: gcp:compute:URLMap\n name: default\n properties:\n name: url-map\n description: a description\n defaultService: ${defaultBackendService.id}\n hostRules:\n - hosts:\n - mysite.com\n pathMatcher: allpaths\n pathMatchers:\n - name: allpaths\n defaultService: ${defaultBackendService.id}\n pathRules:\n - paths:\n - /*\n service: ${defaultBackendService.id}\n defaultBackendService:\n type: gcp:compute:BackendService\n name: default\n properties:\n name: backend-service\n portName: http\n protocol: HTTP\n timeoutSec: 10\n loadBalancingScheme: EXTERNAL_MANAGED\n healthChecks: ${defaultHttpHealthCheck.id}\n defaultHttpHealthCheck:\n type: gcp:compute:HttpHealthCheck\n name: default\n properties:\n name: http-health-check\n requestPath: /\n checkIntervalSec: 1\n timeoutSec: 1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Target Https Proxy Mtls\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst project = gcp.organizations.getProject({});\nconst defaultTrustConfig = new gcp.certificatemanager.TrustConfig(\"default\", {\n name: \"my-trust-config\",\n description: \"sample description for the trust config\",\n location: \"global\",\n trustStores: [{\n trustAnchors: [{\n pemCertificate: std.file({\n input: \"test-fixtures/ca_cert.pem\",\n }).then(invoke =\u003e invoke.result),\n }],\n intermediateCas: [{\n pemCertificate: std.file({\n input: \"test-fixtures/ca_cert.pem\",\n }).then(invoke =\u003e invoke.result),\n }],\n }],\n labels: {\n foo: \"bar\",\n },\n});\nconst defaultServerTlsPolicy = new gcp.networksecurity.ServerTlsPolicy(\"default\", {\n name: \"my-tls-policy\",\n description: \"my description\",\n location: \"global\",\n allowOpen: false,\n mtlsPolicy: {\n clientValidationMode: \"ALLOW_INVALID_OR_MISSING_CLIENT_CERT\",\n clientValidationTrustConfig: pulumi.all([project, defaultTrustConfig.name]).apply(([project, name]) =\u003e `projects/${project.number}/locations/global/trustConfigs/${name}`),\n },\n});\nconst defaultSSLCertificate = new gcp.compute.SSLCertificate(\"default\", {\n name: \"my-certificate\",\n privateKey: std.file({\n input: \"path/to/private.key\",\n }).then(invoke =\u003e invoke.result),\n certificate: std.file({\n input: \"path/to/certificate.crt\",\n }).then(invoke =\u003e invoke.result),\n});\nconst defaultHttpHealthCheck = new gcp.compute.HttpHealthCheck(\"default\", {\n name: \"http-health-check\",\n requestPath: \"/\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n});\nconst defaultBackendService = new gcp.compute.BackendService(\"default\", {\n name: \"backend-service\",\n portName: \"http\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n healthChecks: defaultHttpHealthCheck.id,\n});\nconst defaultURLMap = new gcp.compute.URLMap(\"default\", {\n name: \"url-map\",\n description: \"a description\",\n defaultService: defaultBackendService.id,\n hostRules: [{\n hosts: [\"mysite.com\"],\n pathMatcher: \"allpaths\",\n }],\n pathMatchers: [{\n name: \"allpaths\",\n defaultService: defaultBackendService.id,\n pathRules: [{\n paths: [\"/*\"],\n service: defaultBackendService.id,\n }],\n }],\n});\nconst _default = new gcp.compute.TargetHttpsProxy(\"default\", {\n name: \"test-mtls-proxy\",\n urlMap: defaultURLMap.id,\n sslCertificates: [defaultSSLCertificate.id],\n serverTlsPolicy: defaultServerTlsPolicy.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nproject = gcp.organizations.get_project()\ndefault_trust_config = gcp.certificatemanager.TrustConfig(\"default\",\n name=\"my-trust-config\",\n description=\"sample description for the trust config\",\n location=\"global\",\n trust_stores=[{\n \"trust_anchors\": [{\n \"pem_certificate\": std.file(input=\"test-fixtures/ca_cert.pem\").result,\n }],\n \"intermediate_cas\": [{\n \"pem_certificate\": std.file(input=\"test-fixtures/ca_cert.pem\").result,\n }],\n }],\n labels={\n \"foo\": \"bar\",\n })\ndefault_server_tls_policy = gcp.networksecurity.ServerTlsPolicy(\"default\",\n name=\"my-tls-policy\",\n description=\"my description\",\n location=\"global\",\n allow_open=False,\n mtls_policy={\n \"client_validation_mode\": \"ALLOW_INVALID_OR_MISSING_CLIENT_CERT\",\n \"client_validation_trust_config\": default_trust_config.name.apply(lambda name: f\"projects/{project.number}/locations/global/trustConfigs/{name}\"),\n })\ndefault_ssl_certificate = gcp.compute.SSLCertificate(\"default\",\n name=\"my-certificate\",\n private_key=std.file(input=\"path/to/private.key\").result,\n certificate=std.file(input=\"path/to/certificate.crt\").result)\ndefault_http_health_check = gcp.compute.HttpHealthCheck(\"default\",\n name=\"http-health-check\",\n request_path=\"/\",\n check_interval_sec=1,\n timeout_sec=1)\ndefault_backend_service = gcp.compute.BackendService(\"default\",\n name=\"backend-service\",\n port_name=\"http\",\n protocol=\"HTTP\",\n timeout_sec=10,\n health_checks=default_http_health_check.id)\ndefault_url_map = gcp.compute.URLMap(\"default\",\n name=\"url-map\",\n description=\"a description\",\n default_service=default_backend_service.id,\n host_rules=[{\n \"hosts\": [\"mysite.com\"],\n \"path_matcher\": \"allpaths\",\n }],\n path_matchers=[{\n \"name\": \"allpaths\",\n \"default_service\": default_backend_service.id,\n \"path_rules\": [{\n \"paths\": [\"/*\"],\n \"service\": default_backend_service.id,\n }],\n }])\ndefault = gcp.compute.TargetHttpsProxy(\"default\",\n name=\"test-mtls-proxy\",\n url_map=default_url_map.id,\n ssl_certificates=[default_ssl_certificate.id],\n server_tls_policy=default_server_tls_policy.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var defaultTrustConfig = new Gcp.CertificateManager.TrustConfig(\"default\", new()\n {\n Name = \"my-trust-config\",\n Description = \"sample description for the trust config\",\n Location = \"global\",\n TrustStores = new[]\n {\n new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreArgs\n {\n TrustAnchors = new[]\n {\n new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreTrustAnchorArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/ca_cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n IntermediateCas = new[]\n {\n new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreIntermediateCaArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/ca_cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n },\n },\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n var defaultServerTlsPolicy = new Gcp.NetworkSecurity.ServerTlsPolicy(\"default\", new()\n {\n Name = \"my-tls-policy\",\n Description = \"my description\",\n Location = \"global\",\n AllowOpen = false,\n MtlsPolicy = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyArgs\n {\n ClientValidationMode = \"ALLOW_INVALID_OR_MISSING_CLIENT_CERT\",\n ClientValidationTrustConfig = Output.Tuple(project, defaultTrustConfig.Name).Apply(values =\u003e\n {\n var project = values.Item1;\n var name = values.Item2;\n return $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/locations/global/trustConfigs/{name}\";\n }),\n },\n });\n\n var defaultSSLCertificate = new Gcp.Compute.SSLCertificate(\"default\", new()\n {\n Name = \"my-certificate\",\n PrivateKey = Std.File.Invoke(new()\n {\n Input = \"path/to/private.key\",\n }).Apply(invoke =\u003e invoke.Result),\n Certificate = Std.File.Invoke(new()\n {\n Input = \"path/to/certificate.crt\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n var defaultHttpHealthCheck = new Gcp.Compute.HttpHealthCheck(\"default\", new()\n {\n Name = \"http-health-check\",\n RequestPath = \"/\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n });\n\n var defaultBackendService = new Gcp.Compute.BackendService(\"default\", new()\n {\n Name = \"backend-service\",\n PortName = \"http\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n HealthChecks = defaultHttpHealthCheck.Id,\n });\n\n var defaultURLMap = new Gcp.Compute.URLMap(\"default\", new()\n {\n Name = \"url-map\",\n Description = \"a description\",\n DefaultService = defaultBackendService.Id,\n HostRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapHostRuleArgs\n {\n Hosts = new[]\n {\n \"mysite.com\",\n },\n PathMatcher = \"allpaths\",\n },\n },\n PathMatchers = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherArgs\n {\n Name = \"allpaths\",\n DefaultService = defaultBackendService.Id,\n PathRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs\n {\n Paths = new[]\n {\n \"/*\",\n },\n Service = defaultBackendService.Id,\n },\n },\n },\n },\n });\n\n var @default = new Gcp.Compute.TargetHttpsProxy(\"default\", new()\n {\n Name = \"test-mtls-proxy\",\n UrlMap = defaultURLMap.Id,\n SslCertificates = new[]\n {\n defaultSSLCertificate.Id,\n },\n ServerTlsPolicy = defaultServerTlsPolicy.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/ca_cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/ca_cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTrustConfig, err := certificatemanager.NewTrustConfig(ctx, \"default\", \u0026certificatemanager.TrustConfigArgs{\n\t\t\tName: pulumi.String(\"my-trust-config\"),\n\t\t\tDescription: pulumi.String(\"sample description for the trust config\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tTrustStores: certificatemanager.TrustConfigTrustStoreArray{\n\t\t\t\t\u0026certificatemanager.TrustConfigTrustStoreArgs{\n\t\t\t\t\tTrustAnchors: certificatemanager.TrustConfigTrustStoreTrustAnchorArray{\n\t\t\t\t\t\t\u0026certificatemanager.TrustConfigTrustStoreTrustAnchorArgs{\n\t\t\t\t\t\t\tPemCertificate: pulumi.String(invokeFile.Result),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tIntermediateCas: certificatemanager.TrustConfigTrustStoreIntermediateCaArray{\n\t\t\t\t\t\t\u0026certificatemanager.TrustConfigTrustStoreIntermediateCaArgs{\n\t\t\t\t\t\t\tPemCertificate: pulumi.String(invokeFile1.Result),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultServerTlsPolicy, err := networksecurity.NewServerTlsPolicy(ctx, \"default\", \u0026networksecurity.ServerTlsPolicyArgs{\n\t\t\tName: pulumi.String(\"my-tls-policy\"),\n\t\t\tDescription: pulumi.String(\"my description\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tAllowOpen: pulumi.Bool(false),\n\t\t\tMtlsPolicy: \u0026networksecurity.ServerTlsPolicyMtlsPolicyArgs{\n\t\t\t\tClientValidationMode: pulumi.String(\"ALLOW_INVALID_OR_MISSING_CLIENT_CERT\"),\n\t\t\t\tClientValidationTrustConfig: defaultTrustConfig.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"projects/%v/locations/global/trustConfigs/%v\", project.Number, name), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile2, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"path/to/private.key\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile3, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"path/to/certificate.crt\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSSLCertificate, err := compute.NewSSLCertificate(ctx, \"default\", \u0026compute.SSLCertificateArgs{\n\t\t\tName: pulumi.String(\"my-certificate\"),\n\t\t\tPrivateKey: pulumi.String(invokeFile2.Result),\n\t\t\tCertificate: pulumi.String(invokeFile3.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultHttpHealthCheck, err := compute.NewHttpHealthCheck(ctx, \"default\", \u0026compute.HttpHealthCheckArgs{\n\t\t\tName: pulumi.String(\"http-health-check\"),\n\t\t\tRequestPath: pulumi.String(\"/\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultBackendService, err := compute.NewBackendService(ctx, \"default\", \u0026compute.BackendServiceArgs{\n\t\t\tName: pulumi.String(\"backend-service\"),\n\t\t\tPortName: pulumi.String(\"http\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tHealthChecks: defaultHttpHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultURLMap, err := compute.NewURLMap(ctx, \"default\", \u0026compute.URLMapArgs{\n\t\t\tName: pulumi.String(\"url-map\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\tHostRules: compute.URLMapHostRuleArray{\n\t\t\t\t\u0026compute.URLMapHostRuleArgs{\n\t\t\t\t\tHosts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"mysite.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tPathMatcher: pulumi.String(\"allpaths\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPathMatchers: compute.URLMapPathMatcherArray{\n\t\t\t\t\u0026compute.URLMapPathMatcherArgs{\n\t\t\t\t\tName: pulumi.String(\"allpaths\"),\n\t\t\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\t\t\tPathRules: compute.URLMapPathMatcherPathRuleArray{\n\t\t\t\t\t\t\u0026compute.URLMapPathMatcherPathRuleArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"/*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tService: defaultBackendService.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewTargetHttpsProxy(ctx, \"default\", \u0026compute.TargetHttpsProxyArgs{\n\t\t\tName: pulumi.String(\"test-mtls-proxy\"),\n\t\t\tUrlMap: defaultURLMap.ID(),\n\t\t\tSslCertificates: pulumi.StringArray{\n\t\t\t\tdefaultSSLCertificate.ID(),\n\t\t\t},\n\t\t\tServerTlsPolicy: defaultServerTlsPolicy.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.certificatemanager.TrustConfig;\nimport com.pulumi.gcp.certificatemanager.TrustConfigArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.TrustConfigTrustStoreArgs;\nimport com.pulumi.gcp.networksecurity.ServerTlsPolicy;\nimport com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;\nimport com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyMtlsPolicyArgs;\nimport com.pulumi.gcp.compute.SSLCertificate;\nimport com.pulumi.gcp.compute.SSLCertificateArgs;\nimport com.pulumi.gcp.compute.HttpHealthCheck;\nimport com.pulumi.gcp.compute.HttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.BackendService;\nimport com.pulumi.gcp.compute.BackendServiceArgs;\nimport com.pulumi.gcp.compute.URLMap;\nimport com.pulumi.gcp.compute.URLMapArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;\nimport com.pulumi.gcp.compute.TargetHttpsProxy;\nimport com.pulumi.gcp.compute.TargetHttpsProxyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var defaultTrustConfig = new TrustConfig(\"defaultTrustConfig\", TrustConfigArgs.builder()\n .name(\"my-trust-config\")\n .description(\"sample description for the trust config\")\n .location(\"global\")\n .trustStores(TrustConfigTrustStoreArgs.builder()\n .trustAnchors(TrustConfigTrustStoreTrustAnchorArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/ca_cert.pem\")\n .build()).result())\n .build())\n .intermediateCas(TrustConfigTrustStoreIntermediateCaArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/ca_cert.pem\")\n .build()).result())\n .build())\n .build())\n .labels(Map.of(\"foo\", \"bar\"))\n .build());\n\n var defaultServerTlsPolicy = new ServerTlsPolicy(\"defaultServerTlsPolicy\", ServerTlsPolicyArgs.builder()\n .name(\"my-tls-policy\")\n .description(\"my description\")\n .location(\"global\")\n .allowOpen(\"false\")\n .mtlsPolicy(ServerTlsPolicyMtlsPolicyArgs.builder()\n .clientValidationMode(\"ALLOW_INVALID_OR_MISSING_CLIENT_CERT\")\n .clientValidationTrustConfig(defaultTrustConfig.name().applyValue(name -\u003e String.format(\"projects/%s/locations/global/trustConfigs/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number()),name)))\n .build())\n .build());\n\n var defaultSSLCertificate = new SSLCertificate(\"defaultSSLCertificate\", SSLCertificateArgs.builder()\n .name(\"my-certificate\")\n .privateKey(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/private.key\")\n .build()).result())\n .certificate(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/certificate.crt\")\n .build()).result())\n .build());\n\n var defaultHttpHealthCheck = new HttpHealthCheck(\"defaultHttpHealthCheck\", HttpHealthCheckArgs.builder()\n .name(\"http-health-check\")\n .requestPath(\"/\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .build());\n\n var defaultBackendService = new BackendService(\"defaultBackendService\", BackendServiceArgs.builder()\n .name(\"backend-service\")\n .portName(\"http\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .healthChecks(defaultHttpHealthCheck.id())\n .build());\n\n var defaultURLMap = new URLMap(\"defaultURLMap\", URLMapArgs.builder()\n .name(\"url-map\")\n .description(\"a description\")\n .defaultService(defaultBackendService.id())\n .hostRules(URLMapHostRuleArgs.builder()\n .hosts(\"mysite.com\")\n .pathMatcher(\"allpaths\")\n .build())\n .pathMatchers(URLMapPathMatcherArgs.builder()\n .name(\"allpaths\")\n .defaultService(defaultBackendService.id())\n .pathRules(URLMapPathMatcherPathRuleArgs.builder()\n .paths(\"/*\")\n .service(defaultBackendService.id())\n .build())\n .build())\n .build());\n\n var default_ = new TargetHttpsProxy(\"default\", TargetHttpsProxyArgs.builder()\n .name(\"test-mtls-proxy\")\n .urlMap(defaultURLMap.id())\n .sslCertificates(defaultSSLCertificate.id())\n .serverTlsPolicy(defaultServerTlsPolicy.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:TargetHttpsProxy\n properties:\n name: test-mtls-proxy\n urlMap: ${defaultURLMap.id}\n sslCertificates:\n - ${defaultSSLCertificate.id}\n serverTlsPolicy: ${defaultServerTlsPolicy.id}\n defaultTrustConfig:\n type: gcp:certificatemanager:TrustConfig\n name: default\n properties:\n name: my-trust-config\n description: sample description for the trust config\n location: global\n trustStores:\n - trustAnchors:\n - pemCertificate:\n fn::invoke:\n Function: std:file\n Arguments:\n input: test-fixtures/ca_cert.pem\n Return: result\n intermediateCas:\n - pemCertificate:\n fn::invoke:\n Function: std:file\n Arguments:\n input: test-fixtures/ca_cert.pem\n Return: result\n labels:\n foo: bar\n defaultServerTlsPolicy:\n type: gcp:networksecurity:ServerTlsPolicy\n name: default\n properties:\n name: my-tls-policy\n description: my description\n location: global\n allowOpen: 'false'\n mtlsPolicy:\n clientValidationMode: ALLOW_INVALID_OR_MISSING_CLIENT_CERT\n clientValidationTrustConfig: projects/${project.number}/locations/global/trustConfigs/${defaultTrustConfig.name}\n defaultSSLCertificate:\n type: gcp:compute:SSLCertificate\n name: default\n properties:\n name: my-certificate\n privateKey:\n fn::invoke:\n Function: std:file\n Arguments:\n input: path/to/private.key\n Return: result\n certificate:\n fn::invoke:\n Function: std:file\n Arguments:\n input: path/to/certificate.crt\n Return: result\n defaultURLMap:\n type: gcp:compute:URLMap\n name: default\n properties:\n name: url-map\n description: a description\n defaultService: ${defaultBackendService.id}\n hostRules:\n - hosts:\n - mysite.com\n pathMatcher: allpaths\n pathMatchers:\n - name: allpaths\n defaultService: ${defaultBackendService.id}\n pathRules:\n - paths:\n - /*\n service: ${defaultBackendService.id}\n defaultBackendService:\n type: gcp:compute:BackendService\n name: default\n properties:\n name: backend-service\n portName: http\n protocol: HTTP\n timeoutSec: 10\n healthChecks: ${defaultHttpHealthCheck.id}\n defaultHttpHealthCheck:\n type: gcp:compute:HttpHealthCheck\n name: default\n properties:\n name: http-health-check\n requestPath: /\n checkIntervalSec: 1\n timeoutSec: 1\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Target Https Proxy Certificate Manager Certificate\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst defaultCertificate = new gcp.certificatemanager.Certificate(\"default\", {\n name: \"my-certificate\",\n scope: \"ALL_REGIONS\",\n selfManaged: {\n pemCertificate: std.file({\n input: \"test-fixtures/cert.pem\",\n }).then(invoke =\u003e invoke.result),\n pemPrivateKey: std.file({\n input: \"test-fixtures/private-key.pem\",\n }).then(invoke =\u003e invoke.result),\n },\n});\nconst defaultBackendService = new gcp.compute.BackendService(\"default\", {\n name: \"backend-service\",\n portName: \"http\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n loadBalancingScheme: \"INTERNAL_MANAGED\",\n});\nconst defaultURLMap = new gcp.compute.URLMap(\"default\", {\n name: \"url-map\",\n description: \"a description\",\n defaultService: defaultBackendService.id,\n hostRules: [{\n hosts: [\"mysite.com\"],\n pathMatcher: \"allpaths\",\n }],\n pathMatchers: [{\n name: \"allpaths\",\n defaultService: defaultBackendService.id,\n pathRules: [{\n paths: [\"/*\"],\n service: defaultBackendService.id,\n }],\n }],\n});\nconst _default = new gcp.compute.TargetHttpsProxy(\"default\", {\n name: \"target-http-proxy\",\n urlMap: defaultURLMap.id,\n certificateManagerCertificates: [pulumi.interpolate`//certificatemanager.googleapis.com/${defaultCertificate.id}`],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndefault_certificate = gcp.certificatemanager.Certificate(\"default\",\n name=\"my-certificate\",\n scope=\"ALL_REGIONS\",\n self_managed={\n \"pem_certificate\": std.file(input=\"test-fixtures/cert.pem\").result,\n \"pem_private_key\": std.file(input=\"test-fixtures/private-key.pem\").result,\n })\ndefault_backend_service = gcp.compute.BackendService(\"default\",\n name=\"backend-service\",\n port_name=\"http\",\n protocol=\"HTTP\",\n timeout_sec=10,\n load_balancing_scheme=\"INTERNAL_MANAGED\")\ndefault_url_map = gcp.compute.URLMap(\"default\",\n name=\"url-map\",\n description=\"a description\",\n default_service=default_backend_service.id,\n host_rules=[{\n \"hosts\": [\"mysite.com\"],\n \"path_matcher\": \"allpaths\",\n }],\n path_matchers=[{\n \"name\": \"allpaths\",\n \"default_service\": default_backend_service.id,\n \"path_rules\": [{\n \"paths\": [\"/*\"],\n \"service\": default_backend_service.id,\n }],\n }])\ndefault = gcp.compute.TargetHttpsProxy(\"default\",\n name=\"target-http-proxy\",\n url_map=default_url_map.id,\n certificate_manager_certificates=[default_certificate.id.apply(lambda id: f\"//certificatemanager.googleapis.com/{id}\")])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultCertificate = new Gcp.CertificateManager.Certificate(\"default\", new()\n {\n Name = \"my-certificate\",\n Scope = \"ALL_REGIONS\",\n SelfManaged = new Gcp.CertificateManager.Inputs.CertificateSelfManagedArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n PemPrivateKey = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/private-key.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n });\n\n var defaultBackendService = new Gcp.Compute.BackendService(\"default\", new()\n {\n Name = \"backend-service\",\n PortName = \"http\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n LoadBalancingScheme = \"INTERNAL_MANAGED\",\n });\n\n var defaultURLMap = new Gcp.Compute.URLMap(\"default\", new()\n {\n Name = \"url-map\",\n Description = \"a description\",\n DefaultService = defaultBackendService.Id,\n HostRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapHostRuleArgs\n {\n Hosts = new[]\n {\n \"mysite.com\",\n },\n PathMatcher = \"allpaths\",\n },\n },\n PathMatchers = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherArgs\n {\n Name = \"allpaths\",\n DefaultService = defaultBackendService.Id,\n PathRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs\n {\n Paths = new[]\n {\n \"/*\",\n },\n Service = defaultBackendService.Id,\n },\n },\n },\n },\n });\n\n var @default = new Gcp.Compute.TargetHttpsProxy(\"default\", new()\n {\n Name = \"target-http-proxy\",\n UrlMap = defaultURLMap.Id,\n CertificateManagerCertificates = new[]\n {\n defaultCertificate.Id.Apply(id =\u003e $\"//certificatemanager.googleapis.com/{id}\"),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/private-key.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultCertificate, err := certificatemanager.NewCertificate(ctx, \"default\", \u0026certificatemanager.CertificateArgs{\n\t\t\tName: pulumi.String(\"my-certificate\"),\n\t\t\tScope: pulumi.String(\"ALL_REGIONS\"),\n\t\t\tSelfManaged: \u0026certificatemanager.CertificateSelfManagedArgs{\n\t\t\t\tPemCertificate: pulumi.String(invokeFile.Result),\n\t\t\t\tPemPrivateKey: pulumi.String(invokeFile1.Result),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultBackendService, err := compute.NewBackendService(ctx, \"default\", \u0026compute.BackendServiceArgs{\n\t\t\tName: pulumi.String(\"backend-service\"),\n\t\t\tPortName: pulumi.String(\"http\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_MANAGED\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultURLMap, err := compute.NewURLMap(ctx, \"default\", \u0026compute.URLMapArgs{\n\t\t\tName: pulumi.String(\"url-map\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\tHostRules: compute.URLMapHostRuleArray{\n\t\t\t\t\u0026compute.URLMapHostRuleArgs{\n\t\t\t\t\tHosts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"mysite.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tPathMatcher: pulumi.String(\"allpaths\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPathMatchers: compute.URLMapPathMatcherArray{\n\t\t\t\t\u0026compute.URLMapPathMatcherArgs{\n\t\t\t\t\tName: pulumi.String(\"allpaths\"),\n\t\t\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\t\t\tPathRules: compute.URLMapPathMatcherPathRuleArray{\n\t\t\t\t\t\t\u0026compute.URLMapPathMatcherPathRuleArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"/*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tService: defaultBackendService.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewTargetHttpsProxy(ctx, \"default\", \u0026compute.TargetHttpsProxyArgs{\n\t\t\tName: pulumi.String(\"target-http-proxy\"),\n\t\t\tUrlMap: defaultURLMap.ID(),\n\t\t\tCertificateManagerCertificates: pulumi.StringArray{\n\t\t\t\tdefaultCertificate.ID().ApplyT(func(id string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"//certificatemanager.googleapis.com/%v\", id), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificatemanager.Certificate;\nimport com.pulumi.gcp.certificatemanager.CertificateArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.CertificateSelfManagedArgs;\nimport com.pulumi.gcp.compute.BackendService;\nimport com.pulumi.gcp.compute.BackendServiceArgs;\nimport com.pulumi.gcp.compute.URLMap;\nimport com.pulumi.gcp.compute.URLMapArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;\nimport com.pulumi.gcp.compute.TargetHttpsProxy;\nimport com.pulumi.gcp.compute.TargetHttpsProxyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultCertificate = new Certificate(\"defaultCertificate\", CertificateArgs.builder()\n .name(\"my-certificate\")\n .scope(\"ALL_REGIONS\")\n .selfManaged(CertificateSelfManagedArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/cert.pem\")\n .build()).result())\n .pemPrivateKey(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/private-key.pem\")\n .build()).result())\n .build())\n .build());\n\n var defaultBackendService = new BackendService(\"defaultBackendService\", BackendServiceArgs.builder()\n .name(\"backend-service\")\n .portName(\"http\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .loadBalancingScheme(\"INTERNAL_MANAGED\")\n .build());\n\n var defaultURLMap = new URLMap(\"defaultURLMap\", URLMapArgs.builder()\n .name(\"url-map\")\n .description(\"a description\")\n .defaultService(defaultBackendService.id())\n .hostRules(URLMapHostRuleArgs.builder()\n .hosts(\"mysite.com\")\n .pathMatcher(\"allpaths\")\n .build())\n .pathMatchers(URLMapPathMatcherArgs.builder()\n .name(\"allpaths\")\n .defaultService(defaultBackendService.id())\n .pathRules(URLMapPathMatcherPathRuleArgs.builder()\n .paths(\"/*\")\n .service(defaultBackendService.id())\n .build())\n .build())\n .build());\n\n var default_ = new TargetHttpsProxy(\"default\", TargetHttpsProxyArgs.builder()\n .name(\"target-http-proxy\")\n .urlMap(defaultURLMap.id())\n .certificateManagerCertificates(defaultCertificate.id().applyValue(id -\u003e String.format(\"//certificatemanager.googleapis.com/%s\", id)))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:TargetHttpsProxy\n properties:\n name: target-http-proxy\n urlMap: ${defaultURLMap.id}\n certificateManagerCertificates: # [google_certificate_manager_certificate.default.id] is also acceptable\n - //certificatemanager.googleapis.com/${defaultCertificate.id}\n defaultCertificate:\n type: gcp:certificatemanager:Certificate\n name: default\n properties:\n name: my-certificate\n scope: ALL_REGIONS\n selfManaged:\n pemCertificate:\n fn::invoke:\n Function: std:file\n Arguments:\n input: test-fixtures/cert.pem\n Return: result\n pemPrivateKey:\n fn::invoke:\n Function: std:file\n Arguments:\n input: test-fixtures/private-key.pem\n Return: result\n defaultURLMap:\n type: gcp:compute:URLMap\n name: default\n properties:\n name: url-map\n description: a description\n defaultService: ${defaultBackendService.id}\n hostRules:\n - hosts:\n - mysite.com\n pathMatcher: allpaths\n pathMatchers:\n - name: allpaths\n defaultService: ${defaultBackendService.id}\n pathRules:\n - paths:\n - /*\n service: ${defaultBackendService.id}\n defaultBackendService:\n type: gcp:compute:BackendService\n name: default\n properties:\n name: backend-service\n portName: http\n protocol: HTTP\n timeoutSec: 10\n loadBalancingScheme: INTERNAL_MANAGED\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nTargetHttpsProxy can be imported using any of these accepted formats:\n\n* `projects/{{project}}/global/targetHttpsProxies/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, TargetHttpsProxy can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/targetHttpsProxy:TargetHttpsProxy default projects/{{project}}/global/targetHttpsProxies/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/targetHttpsProxy:TargetHttpsProxy default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/targetHttpsProxy:TargetHttpsProxy default {{name}}\n```\n\n", + "description": "Represents a TargetHttpsProxy resource, which is used by one or more\nglobal forwarding rule to route incoming HTTPS requests to a URL map.\n\n\nTo get more information about TargetHttpsProxy, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/v1/targetHttpsProxies)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/compute/docs/load-balancing/http/target-proxies)\n\n## Example Usage\n\n### Target Https Proxy Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst defaultSSLCertificate = new gcp.compute.SSLCertificate(\"default\", {\n name: \"my-certificate\",\n privateKey: std.file({\n input: \"path/to/private.key\",\n }).then(invoke =\u003e invoke.result),\n certificate: std.file({\n input: \"path/to/certificate.crt\",\n }).then(invoke =\u003e invoke.result),\n});\nconst defaultHttpHealthCheck = new gcp.compute.HttpHealthCheck(\"default\", {\n name: \"http-health-check\",\n requestPath: \"/\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n});\nconst defaultBackendService = new gcp.compute.BackendService(\"default\", {\n name: \"backend-service\",\n portName: \"http\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n healthChecks: defaultHttpHealthCheck.id,\n});\nconst defaultURLMap = new gcp.compute.URLMap(\"default\", {\n name: \"url-map\",\n description: \"a description\",\n defaultService: defaultBackendService.id,\n hostRules: [{\n hosts: [\"mysite.com\"],\n pathMatcher: \"allpaths\",\n }],\n pathMatchers: [{\n name: \"allpaths\",\n defaultService: defaultBackendService.id,\n pathRules: [{\n paths: [\"/*\"],\n service: defaultBackendService.id,\n }],\n }],\n});\nconst _default = new gcp.compute.TargetHttpsProxy(\"default\", {\n name: \"test-proxy\",\n urlMap: defaultURLMap.id,\n sslCertificates: [defaultSSLCertificate.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndefault_ssl_certificate = gcp.compute.SSLCertificate(\"default\",\n name=\"my-certificate\",\n private_key=std.file(input=\"path/to/private.key\").result,\n certificate=std.file(input=\"path/to/certificate.crt\").result)\ndefault_http_health_check = gcp.compute.HttpHealthCheck(\"default\",\n name=\"http-health-check\",\n request_path=\"/\",\n check_interval_sec=1,\n timeout_sec=1)\ndefault_backend_service = gcp.compute.BackendService(\"default\",\n name=\"backend-service\",\n port_name=\"http\",\n protocol=\"HTTP\",\n timeout_sec=10,\n health_checks=default_http_health_check.id)\ndefault_url_map = gcp.compute.URLMap(\"default\",\n name=\"url-map\",\n description=\"a description\",\n default_service=default_backend_service.id,\n host_rules=[{\n \"hosts\": [\"mysite.com\"],\n \"path_matcher\": \"allpaths\",\n }],\n path_matchers=[{\n \"name\": \"allpaths\",\n \"default_service\": default_backend_service.id,\n \"path_rules\": [{\n \"paths\": [\"/*\"],\n \"service\": default_backend_service.id,\n }],\n }])\ndefault = gcp.compute.TargetHttpsProxy(\"default\",\n name=\"test-proxy\",\n url_map=default_url_map.id,\n ssl_certificates=[default_ssl_certificate.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultSSLCertificate = new Gcp.Compute.SSLCertificate(\"default\", new()\n {\n Name = \"my-certificate\",\n PrivateKey = Std.File.Invoke(new()\n {\n Input = \"path/to/private.key\",\n }).Apply(invoke =\u003e invoke.Result),\n Certificate = Std.File.Invoke(new()\n {\n Input = \"path/to/certificate.crt\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n var defaultHttpHealthCheck = new Gcp.Compute.HttpHealthCheck(\"default\", new()\n {\n Name = \"http-health-check\",\n RequestPath = \"/\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n });\n\n var defaultBackendService = new Gcp.Compute.BackendService(\"default\", new()\n {\n Name = \"backend-service\",\n PortName = \"http\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n HealthChecks = defaultHttpHealthCheck.Id,\n });\n\n var defaultURLMap = new Gcp.Compute.URLMap(\"default\", new()\n {\n Name = \"url-map\",\n Description = \"a description\",\n DefaultService = defaultBackendService.Id,\n HostRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapHostRuleArgs\n {\n Hosts = new[]\n {\n \"mysite.com\",\n },\n PathMatcher = \"allpaths\",\n },\n },\n PathMatchers = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherArgs\n {\n Name = \"allpaths\",\n DefaultService = defaultBackendService.Id,\n PathRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs\n {\n Paths = new[]\n {\n \"/*\",\n },\n Service = defaultBackendService.Id,\n },\n },\n },\n },\n });\n\n var @default = new Gcp.Compute.TargetHttpsProxy(\"default\", new()\n {\n Name = \"test-proxy\",\n UrlMap = defaultURLMap.Id,\n SslCertificates = new[]\n {\n defaultSSLCertificate.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"path/to/private.key\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"path/to/certificate.crt\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSSLCertificate, err := compute.NewSSLCertificate(ctx, \"default\", \u0026compute.SSLCertificateArgs{\n\t\t\tName: pulumi.String(\"my-certificate\"),\n\t\t\tPrivateKey: pulumi.String(invokeFile.Result),\n\t\t\tCertificate: pulumi.String(invokeFile1.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultHttpHealthCheck, err := compute.NewHttpHealthCheck(ctx, \"default\", \u0026compute.HttpHealthCheckArgs{\n\t\t\tName: pulumi.String(\"http-health-check\"),\n\t\t\tRequestPath: pulumi.String(\"/\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultBackendService, err := compute.NewBackendService(ctx, \"default\", \u0026compute.BackendServiceArgs{\n\t\t\tName: pulumi.String(\"backend-service\"),\n\t\t\tPortName: pulumi.String(\"http\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tHealthChecks: defaultHttpHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultURLMap, err := compute.NewURLMap(ctx, \"default\", \u0026compute.URLMapArgs{\n\t\t\tName: pulumi.String(\"url-map\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\tHostRules: compute.URLMapHostRuleArray{\n\t\t\t\t\u0026compute.URLMapHostRuleArgs{\n\t\t\t\t\tHosts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"mysite.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tPathMatcher: pulumi.String(\"allpaths\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPathMatchers: compute.URLMapPathMatcherArray{\n\t\t\t\t\u0026compute.URLMapPathMatcherArgs{\n\t\t\t\t\tName: pulumi.String(\"allpaths\"),\n\t\t\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\t\t\tPathRules: compute.URLMapPathMatcherPathRuleArray{\n\t\t\t\t\t\t\u0026compute.URLMapPathMatcherPathRuleArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"/*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tService: defaultBackendService.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewTargetHttpsProxy(ctx, \"default\", \u0026compute.TargetHttpsProxyArgs{\n\t\t\tName: pulumi.String(\"test-proxy\"),\n\t\t\tUrlMap: defaultURLMap.ID(),\n\t\t\tSslCertificates: pulumi.StringArray{\n\t\t\t\tdefaultSSLCertificate.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SSLCertificate;\nimport com.pulumi.gcp.compute.SSLCertificateArgs;\nimport com.pulumi.gcp.compute.HttpHealthCheck;\nimport com.pulumi.gcp.compute.HttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.BackendService;\nimport com.pulumi.gcp.compute.BackendServiceArgs;\nimport com.pulumi.gcp.compute.URLMap;\nimport com.pulumi.gcp.compute.URLMapArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;\nimport com.pulumi.gcp.compute.TargetHttpsProxy;\nimport com.pulumi.gcp.compute.TargetHttpsProxyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultSSLCertificate = new SSLCertificate(\"defaultSSLCertificate\", SSLCertificateArgs.builder()\n .name(\"my-certificate\")\n .privateKey(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/private.key\")\n .build()).result())\n .certificate(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/certificate.crt\")\n .build()).result())\n .build());\n\n var defaultHttpHealthCheck = new HttpHealthCheck(\"defaultHttpHealthCheck\", HttpHealthCheckArgs.builder()\n .name(\"http-health-check\")\n .requestPath(\"/\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .build());\n\n var defaultBackendService = new BackendService(\"defaultBackendService\", BackendServiceArgs.builder()\n .name(\"backend-service\")\n .portName(\"http\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .healthChecks(defaultHttpHealthCheck.id())\n .build());\n\n var defaultURLMap = new URLMap(\"defaultURLMap\", URLMapArgs.builder()\n .name(\"url-map\")\n .description(\"a description\")\n .defaultService(defaultBackendService.id())\n .hostRules(URLMapHostRuleArgs.builder()\n .hosts(\"mysite.com\")\n .pathMatcher(\"allpaths\")\n .build())\n .pathMatchers(URLMapPathMatcherArgs.builder()\n .name(\"allpaths\")\n .defaultService(defaultBackendService.id())\n .pathRules(URLMapPathMatcherPathRuleArgs.builder()\n .paths(\"/*\")\n .service(defaultBackendService.id())\n .build())\n .build())\n .build());\n\n var default_ = new TargetHttpsProxy(\"default\", TargetHttpsProxyArgs.builder()\n .name(\"test-proxy\")\n .urlMap(defaultURLMap.id())\n .sslCertificates(defaultSSLCertificate.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:TargetHttpsProxy\n properties:\n name: test-proxy\n urlMap: ${defaultURLMap.id}\n sslCertificates:\n - ${defaultSSLCertificate.id}\n defaultSSLCertificate:\n type: gcp:compute:SSLCertificate\n name: default\n properties:\n name: my-certificate\n privateKey:\n fn::invoke:\n function: std:file\n arguments:\n input: path/to/private.key\n return: result\n certificate:\n fn::invoke:\n function: std:file\n arguments:\n input: path/to/certificate.crt\n return: result\n defaultURLMap:\n type: gcp:compute:URLMap\n name: default\n properties:\n name: url-map\n description: a description\n defaultService: ${defaultBackendService.id}\n hostRules:\n - hosts:\n - mysite.com\n pathMatcher: allpaths\n pathMatchers:\n - name: allpaths\n defaultService: ${defaultBackendService.id}\n pathRules:\n - paths:\n - /*\n service: ${defaultBackendService.id}\n defaultBackendService:\n type: gcp:compute:BackendService\n name: default\n properties:\n name: backend-service\n portName: http\n protocol: HTTP\n timeoutSec: 10\n healthChecks: ${defaultHttpHealthCheck.id}\n defaultHttpHealthCheck:\n type: gcp:compute:HttpHealthCheck\n name: default\n properties:\n name: http-health-check\n requestPath: /\n checkIntervalSec: 1\n timeoutSec: 1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Target Https Proxy Http Keep Alive Timeout\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst defaultSSLCertificate = new gcp.compute.SSLCertificate(\"default\", {\n name: \"my-certificate\",\n privateKey: std.file({\n input: \"path/to/private.key\",\n }).then(invoke =\u003e invoke.result),\n certificate: std.file({\n input: \"path/to/certificate.crt\",\n }).then(invoke =\u003e invoke.result),\n});\nconst defaultHttpHealthCheck = new gcp.compute.HttpHealthCheck(\"default\", {\n name: \"http-health-check\",\n requestPath: \"/\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n});\nconst defaultBackendService = new gcp.compute.BackendService(\"default\", {\n name: \"backend-service\",\n portName: \"http\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n loadBalancingScheme: \"EXTERNAL_MANAGED\",\n healthChecks: defaultHttpHealthCheck.id,\n});\nconst defaultURLMap = new gcp.compute.URLMap(\"default\", {\n name: \"url-map\",\n description: \"a description\",\n defaultService: defaultBackendService.id,\n hostRules: [{\n hosts: [\"mysite.com\"],\n pathMatcher: \"allpaths\",\n }],\n pathMatchers: [{\n name: \"allpaths\",\n defaultService: defaultBackendService.id,\n pathRules: [{\n paths: [\"/*\"],\n service: defaultBackendService.id,\n }],\n }],\n});\nconst _default = new gcp.compute.TargetHttpsProxy(\"default\", {\n name: \"test-http-keep-alive-timeout-proxy\",\n httpKeepAliveTimeoutSec: 610,\n urlMap: defaultURLMap.id,\n sslCertificates: [defaultSSLCertificate.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndefault_ssl_certificate = gcp.compute.SSLCertificate(\"default\",\n name=\"my-certificate\",\n private_key=std.file(input=\"path/to/private.key\").result,\n certificate=std.file(input=\"path/to/certificate.crt\").result)\ndefault_http_health_check = gcp.compute.HttpHealthCheck(\"default\",\n name=\"http-health-check\",\n request_path=\"/\",\n check_interval_sec=1,\n timeout_sec=1)\ndefault_backend_service = gcp.compute.BackendService(\"default\",\n name=\"backend-service\",\n port_name=\"http\",\n protocol=\"HTTP\",\n timeout_sec=10,\n load_balancing_scheme=\"EXTERNAL_MANAGED\",\n health_checks=default_http_health_check.id)\ndefault_url_map = gcp.compute.URLMap(\"default\",\n name=\"url-map\",\n description=\"a description\",\n default_service=default_backend_service.id,\n host_rules=[{\n \"hosts\": [\"mysite.com\"],\n \"path_matcher\": \"allpaths\",\n }],\n path_matchers=[{\n \"name\": \"allpaths\",\n \"default_service\": default_backend_service.id,\n \"path_rules\": [{\n \"paths\": [\"/*\"],\n \"service\": default_backend_service.id,\n }],\n }])\ndefault = gcp.compute.TargetHttpsProxy(\"default\",\n name=\"test-http-keep-alive-timeout-proxy\",\n http_keep_alive_timeout_sec=610,\n url_map=default_url_map.id,\n ssl_certificates=[default_ssl_certificate.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultSSLCertificate = new Gcp.Compute.SSLCertificate(\"default\", new()\n {\n Name = \"my-certificate\",\n PrivateKey = Std.File.Invoke(new()\n {\n Input = \"path/to/private.key\",\n }).Apply(invoke =\u003e invoke.Result),\n Certificate = Std.File.Invoke(new()\n {\n Input = \"path/to/certificate.crt\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n var defaultHttpHealthCheck = new Gcp.Compute.HttpHealthCheck(\"default\", new()\n {\n Name = \"http-health-check\",\n RequestPath = \"/\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n });\n\n var defaultBackendService = new Gcp.Compute.BackendService(\"default\", new()\n {\n Name = \"backend-service\",\n PortName = \"http\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n LoadBalancingScheme = \"EXTERNAL_MANAGED\",\n HealthChecks = defaultHttpHealthCheck.Id,\n });\n\n var defaultURLMap = new Gcp.Compute.URLMap(\"default\", new()\n {\n Name = \"url-map\",\n Description = \"a description\",\n DefaultService = defaultBackendService.Id,\n HostRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapHostRuleArgs\n {\n Hosts = new[]\n {\n \"mysite.com\",\n },\n PathMatcher = \"allpaths\",\n },\n },\n PathMatchers = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherArgs\n {\n Name = \"allpaths\",\n DefaultService = defaultBackendService.Id,\n PathRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs\n {\n Paths = new[]\n {\n \"/*\",\n },\n Service = defaultBackendService.Id,\n },\n },\n },\n },\n });\n\n var @default = new Gcp.Compute.TargetHttpsProxy(\"default\", new()\n {\n Name = \"test-http-keep-alive-timeout-proxy\",\n HttpKeepAliveTimeoutSec = 610,\n UrlMap = defaultURLMap.Id,\n SslCertificates = new[]\n {\n defaultSSLCertificate.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"path/to/private.key\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"path/to/certificate.crt\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSSLCertificate, err := compute.NewSSLCertificate(ctx, \"default\", \u0026compute.SSLCertificateArgs{\n\t\t\tName: pulumi.String(\"my-certificate\"),\n\t\t\tPrivateKey: pulumi.String(invokeFile.Result),\n\t\t\tCertificate: pulumi.String(invokeFile1.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultHttpHealthCheck, err := compute.NewHttpHealthCheck(ctx, \"default\", \u0026compute.HttpHealthCheckArgs{\n\t\t\tName: pulumi.String(\"http-health-check\"),\n\t\t\tRequestPath: pulumi.String(\"/\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultBackendService, err := compute.NewBackendService(ctx, \"default\", \u0026compute.BackendServiceArgs{\n\t\t\tName: pulumi.String(\"backend-service\"),\n\t\t\tPortName: pulumi.String(\"http\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL_MANAGED\"),\n\t\t\tHealthChecks: defaultHttpHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultURLMap, err := compute.NewURLMap(ctx, \"default\", \u0026compute.URLMapArgs{\n\t\t\tName: pulumi.String(\"url-map\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\tHostRules: compute.URLMapHostRuleArray{\n\t\t\t\t\u0026compute.URLMapHostRuleArgs{\n\t\t\t\t\tHosts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"mysite.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tPathMatcher: pulumi.String(\"allpaths\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPathMatchers: compute.URLMapPathMatcherArray{\n\t\t\t\t\u0026compute.URLMapPathMatcherArgs{\n\t\t\t\t\tName: pulumi.String(\"allpaths\"),\n\t\t\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\t\t\tPathRules: compute.URLMapPathMatcherPathRuleArray{\n\t\t\t\t\t\t\u0026compute.URLMapPathMatcherPathRuleArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"/*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tService: defaultBackendService.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewTargetHttpsProxy(ctx, \"default\", \u0026compute.TargetHttpsProxyArgs{\n\t\t\tName: pulumi.String(\"test-http-keep-alive-timeout-proxy\"),\n\t\t\tHttpKeepAliveTimeoutSec: pulumi.Int(610),\n\t\t\tUrlMap: defaultURLMap.ID(),\n\t\t\tSslCertificates: pulumi.StringArray{\n\t\t\t\tdefaultSSLCertificate.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SSLCertificate;\nimport com.pulumi.gcp.compute.SSLCertificateArgs;\nimport com.pulumi.gcp.compute.HttpHealthCheck;\nimport com.pulumi.gcp.compute.HttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.BackendService;\nimport com.pulumi.gcp.compute.BackendServiceArgs;\nimport com.pulumi.gcp.compute.URLMap;\nimport com.pulumi.gcp.compute.URLMapArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;\nimport com.pulumi.gcp.compute.TargetHttpsProxy;\nimport com.pulumi.gcp.compute.TargetHttpsProxyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultSSLCertificate = new SSLCertificate(\"defaultSSLCertificate\", SSLCertificateArgs.builder()\n .name(\"my-certificate\")\n .privateKey(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/private.key\")\n .build()).result())\n .certificate(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/certificate.crt\")\n .build()).result())\n .build());\n\n var defaultHttpHealthCheck = new HttpHealthCheck(\"defaultHttpHealthCheck\", HttpHealthCheckArgs.builder()\n .name(\"http-health-check\")\n .requestPath(\"/\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .build());\n\n var defaultBackendService = new BackendService(\"defaultBackendService\", BackendServiceArgs.builder()\n .name(\"backend-service\")\n .portName(\"http\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .loadBalancingScheme(\"EXTERNAL_MANAGED\")\n .healthChecks(defaultHttpHealthCheck.id())\n .build());\n\n var defaultURLMap = new URLMap(\"defaultURLMap\", URLMapArgs.builder()\n .name(\"url-map\")\n .description(\"a description\")\n .defaultService(defaultBackendService.id())\n .hostRules(URLMapHostRuleArgs.builder()\n .hosts(\"mysite.com\")\n .pathMatcher(\"allpaths\")\n .build())\n .pathMatchers(URLMapPathMatcherArgs.builder()\n .name(\"allpaths\")\n .defaultService(defaultBackendService.id())\n .pathRules(URLMapPathMatcherPathRuleArgs.builder()\n .paths(\"/*\")\n .service(defaultBackendService.id())\n .build())\n .build())\n .build());\n\n var default_ = new TargetHttpsProxy(\"default\", TargetHttpsProxyArgs.builder()\n .name(\"test-http-keep-alive-timeout-proxy\")\n .httpKeepAliveTimeoutSec(610)\n .urlMap(defaultURLMap.id())\n .sslCertificates(defaultSSLCertificate.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:TargetHttpsProxy\n properties:\n name: test-http-keep-alive-timeout-proxy\n httpKeepAliveTimeoutSec: 610\n urlMap: ${defaultURLMap.id}\n sslCertificates:\n - ${defaultSSLCertificate.id}\n defaultSSLCertificate:\n type: gcp:compute:SSLCertificate\n name: default\n properties:\n name: my-certificate\n privateKey:\n fn::invoke:\n function: std:file\n arguments:\n input: path/to/private.key\n return: result\n certificate:\n fn::invoke:\n function: std:file\n arguments:\n input: path/to/certificate.crt\n return: result\n defaultURLMap:\n type: gcp:compute:URLMap\n name: default\n properties:\n name: url-map\n description: a description\n defaultService: ${defaultBackendService.id}\n hostRules:\n - hosts:\n - mysite.com\n pathMatcher: allpaths\n pathMatchers:\n - name: allpaths\n defaultService: ${defaultBackendService.id}\n pathRules:\n - paths:\n - /*\n service: ${defaultBackendService.id}\n defaultBackendService:\n type: gcp:compute:BackendService\n name: default\n properties:\n name: backend-service\n portName: http\n protocol: HTTP\n timeoutSec: 10\n loadBalancingScheme: EXTERNAL_MANAGED\n healthChecks: ${defaultHttpHealthCheck.id}\n defaultHttpHealthCheck:\n type: gcp:compute:HttpHealthCheck\n name: default\n properties:\n name: http-health-check\n requestPath: /\n checkIntervalSec: 1\n timeoutSec: 1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Target Https Proxy Mtls\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst project = gcp.organizations.getProject({});\nconst defaultTrustConfig = new gcp.certificatemanager.TrustConfig(\"default\", {\n name: \"my-trust-config\",\n description: \"sample description for the trust config\",\n location: \"global\",\n trustStores: [{\n trustAnchors: [{\n pemCertificate: std.file({\n input: \"test-fixtures/ca_cert.pem\",\n }).then(invoke =\u003e invoke.result),\n }],\n intermediateCas: [{\n pemCertificate: std.file({\n input: \"test-fixtures/ca_cert.pem\",\n }).then(invoke =\u003e invoke.result),\n }],\n }],\n labels: {\n foo: \"bar\",\n },\n});\nconst defaultServerTlsPolicy = new gcp.networksecurity.ServerTlsPolicy(\"default\", {\n name: \"my-tls-policy\",\n description: \"my description\",\n location: \"global\",\n allowOpen: false,\n mtlsPolicy: {\n clientValidationMode: \"ALLOW_INVALID_OR_MISSING_CLIENT_CERT\",\n clientValidationTrustConfig: pulumi.all([project, defaultTrustConfig.name]).apply(([project, name]) =\u003e `projects/${project.number}/locations/global/trustConfigs/${name}`),\n },\n});\nconst defaultSSLCertificate = new gcp.compute.SSLCertificate(\"default\", {\n name: \"my-certificate\",\n privateKey: std.file({\n input: \"path/to/private.key\",\n }).then(invoke =\u003e invoke.result),\n certificate: std.file({\n input: \"path/to/certificate.crt\",\n }).then(invoke =\u003e invoke.result),\n});\nconst defaultHttpHealthCheck = new gcp.compute.HttpHealthCheck(\"default\", {\n name: \"http-health-check\",\n requestPath: \"/\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n});\nconst defaultBackendService = new gcp.compute.BackendService(\"default\", {\n name: \"backend-service\",\n portName: \"http\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n healthChecks: defaultHttpHealthCheck.id,\n});\nconst defaultURLMap = new gcp.compute.URLMap(\"default\", {\n name: \"url-map\",\n description: \"a description\",\n defaultService: defaultBackendService.id,\n hostRules: [{\n hosts: [\"mysite.com\"],\n pathMatcher: \"allpaths\",\n }],\n pathMatchers: [{\n name: \"allpaths\",\n defaultService: defaultBackendService.id,\n pathRules: [{\n paths: [\"/*\"],\n service: defaultBackendService.id,\n }],\n }],\n});\nconst _default = new gcp.compute.TargetHttpsProxy(\"default\", {\n name: \"test-mtls-proxy\",\n urlMap: defaultURLMap.id,\n sslCertificates: [defaultSSLCertificate.id],\n serverTlsPolicy: defaultServerTlsPolicy.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nproject = gcp.organizations.get_project()\ndefault_trust_config = gcp.certificatemanager.TrustConfig(\"default\",\n name=\"my-trust-config\",\n description=\"sample description for the trust config\",\n location=\"global\",\n trust_stores=[{\n \"trust_anchors\": [{\n \"pem_certificate\": std.file(input=\"test-fixtures/ca_cert.pem\").result,\n }],\n \"intermediate_cas\": [{\n \"pem_certificate\": std.file(input=\"test-fixtures/ca_cert.pem\").result,\n }],\n }],\n labels={\n \"foo\": \"bar\",\n })\ndefault_server_tls_policy = gcp.networksecurity.ServerTlsPolicy(\"default\",\n name=\"my-tls-policy\",\n description=\"my description\",\n location=\"global\",\n allow_open=False,\n mtls_policy={\n \"client_validation_mode\": \"ALLOW_INVALID_OR_MISSING_CLIENT_CERT\",\n \"client_validation_trust_config\": default_trust_config.name.apply(lambda name: f\"projects/{project.number}/locations/global/trustConfigs/{name}\"),\n })\ndefault_ssl_certificate = gcp.compute.SSLCertificate(\"default\",\n name=\"my-certificate\",\n private_key=std.file(input=\"path/to/private.key\").result,\n certificate=std.file(input=\"path/to/certificate.crt\").result)\ndefault_http_health_check = gcp.compute.HttpHealthCheck(\"default\",\n name=\"http-health-check\",\n request_path=\"/\",\n check_interval_sec=1,\n timeout_sec=1)\ndefault_backend_service = gcp.compute.BackendService(\"default\",\n name=\"backend-service\",\n port_name=\"http\",\n protocol=\"HTTP\",\n timeout_sec=10,\n health_checks=default_http_health_check.id)\ndefault_url_map = gcp.compute.URLMap(\"default\",\n name=\"url-map\",\n description=\"a description\",\n default_service=default_backend_service.id,\n host_rules=[{\n \"hosts\": [\"mysite.com\"],\n \"path_matcher\": \"allpaths\",\n }],\n path_matchers=[{\n \"name\": \"allpaths\",\n \"default_service\": default_backend_service.id,\n \"path_rules\": [{\n \"paths\": [\"/*\"],\n \"service\": default_backend_service.id,\n }],\n }])\ndefault = gcp.compute.TargetHttpsProxy(\"default\",\n name=\"test-mtls-proxy\",\n url_map=default_url_map.id,\n ssl_certificates=[default_ssl_certificate.id],\n server_tls_policy=default_server_tls_policy.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var defaultTrustConfig = new Gcp.CertificateManager.TrustConfig(\"default\", new()\n {\n Name = \"my-trust-config\",\n Description = \"sample description for the trust config\",\n Location = \"global\",\n TrustStores = new[]\n {\n new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreArgs\n {\n TrustAnchors = new[]\n {\n new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreTrustAnchorArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/ca_cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n IntermediateCas = new[]\n {\n new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreIntermediateCaArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/ca_cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n },\n },\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n var defaultServerTlsPolicy = new Gcp.NetworkSecurity.ServerTlsPolicy(\"default\", new()\n {\n Name = \"my-tls-policy\",\n Description = \"my description\",\n Location = \"global\",\n AllowOpen = false,\n MtlsPolicy = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyArgs\n {\n ClientValidationMode = \"ALLOW_INVALID_OR_MISSING_CLIENT_CERT\",\n ClientValidationTrustConfig = Output.Tuple(project, defaultTrustConfig.Name).Apply(values =\u003e\n {\n var project = values.Item1;\n var name = values.Item2;\n return $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/locations/global/trustConfigs/{name}\";\n }),\n },\n });\n\n var defaultSSLCertificate = new Gcp.Compute.SSLCertificate(\"default\", new()\n {\n Name = \"my-certificate\",\n PrivateKey = Std.File.Invoke(new()\n {\n Input = \"path/to/private.key\",\n }).Apply(invoke =\u003e invoke.Result),\n Certificate = Std.File.Invoke(new()\n {\n Input = \"path/to/certificate.crt\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n var defaultHttpHealthCheck = new Gcp.Compute.HttpHealthCheck(\"default\", new()\n {\n Name = \"http-health-check\",\n RequestPath = \"/\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n });\n\n var defaultBackendService = new Gcp.Compute.BackendService(\"default\", new()\n {\n Name = \"backend-service\",\n PortName = \"http\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n HealthChecks = defaultHttpHealthCheck.Id,\n });\n\n var defaultURLMap = new Gcp.Compute.URLMap(\"default\", new()\n {\n Name = \"url-map\",\n Description = \"a description\",\n DefaultService = defaultBackendService.Id,\n HostRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapHostRuleArgs\n {\n Hosts = new[]\n {\n \"mysite.com\",\n },\n PathMatcher = \"allpaths\",\n },\n },\n PathMatchers = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherArgs\n {\n Name = \"allpaths\",\n DefaultService = defaultBackendService.Id,\n PathRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs\n {\n Paths = new[]\n {\n \"/*\",\n },\n Service = defaultBackendService.Id,\n },\n },\n },\n },\n });\n\n var @default = new Gcp.Compute.TargetHttpsProxy(\"default\", new()\n {\n Name = \"test-mtls-proxy\",\n UrlMap = defaultURLMap.Id,\n SslCertificates = new[]\n {\n defaultSSLCertificate.Id,\n },\n ServerTlsPolicy = defaultServerTlsPolicy.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/ca_cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/ca_cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTrustConfig, err := certificatemanager.NewTrustConfig(ctx, \"default\", \u0026certificatemanager.TrustConfigArgs{\n\t\t\tName: pulumi.String(\"my-trust-config\"),\n\t\t\tDescription: pulumi.String(\"sample description for the trust config\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tTrustStores: certificatemanager.TrustConfigTrustStoreArray{\n\t\t\t\t\u0026certificatemanager.TrustConfigTrustStoreArgs{\n\t\t\t\t\tTrustAnchors: certificatemanager.TrustConfigTrustStoreTrustAnchorArray{\n\t\t\t\t\t\t\u0026certificatemanager.TrustConfigTrustStoreTrustAnchorArgs{\n\t\t\t\t\t\t\tPemCertificate: pulumi.String(invokeFile.Result),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tIntermediateCas: certificatemanager.TrustConfigTrustStoreIntermediateCaArray{\n\t\t\t\t\t\t\u0026certificatemanager.TrustConfigTrustStoreIntermediateCaArgs{\n\t\t\t\t\t\t\tPemCertificate: pulumi.String(invokeFile1.Result),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultServerTlsPolicy, err := networksecurity.NewServerTlsPolicy(ctx, \"default\", \u0026networksecurity.ServerTlsPolicyArgs{\n\t\t\tName: pulumi.String(\"my-tls-policy\"),\n\t\t\tDescription: pulumi.String(\"my description\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tAllowOpen: pulumi.Bool(false),\n\t\t\tMtlsPolicy: \u0026networksecurity.ServerTlsPolicyMtlsPolicyArgs{\n\t\t\t\tClientValidationMode: pulumi.String(\"ALLOW_INVALID_OR_MISSING_CLIENT_CERT\"),\n\t\t\t\tClientValidationTrustConfig: defaultTrustConfig.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"projects/%v/locations/global/trustConfigs/%v\", project.Number, name), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile2, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"path/to/private.key\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile3, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"path/to/certificate.crt\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSSLCertificate, err := compute.NewSSLCertificate(ctx, \"default\", \u0026compute.SSLCertificateArgs{\n\t\t\tName: pulumi.String(\"my-certificate\"),\n\t\t\tPrivateKey: pulumi.String(invokeFile2.Result),\n\t\t\tCertificate: pulumi.String(invokeFile3.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultHttpHealthCheck, err := compute.NewHttpHealthCheck(ctx, \"default\", \u0026compute.HttpHealthCheckArgs{\n\t\t\tName: pulumi.String(\"http-health-check\"),\n\t\t\tRequestPath: pulumi.String(\"/\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultBackendService, err := compute.NewBackendService(ctx, \"default\", \u0026compute.BackendServiceArgs{\n\t\t\tName: pulumi.String(\"backend-service\"),\n\t\t\tPortName: pulumi.String(\"http\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tHealthChecks: defaultHttpHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultURLMap, err := compute.NewURLMap(ctx, \"default\", \u0026compute.URLMapArgs{\n\t\t\tName: pulumi.String(\"url-map\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\tHostRules: compute.URLMapHostRuleArray{\n\t\t\t\t\u0026compute.URLMapHostRuleArgs{\n\t\t\t\t\tHosts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"mysite.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tPathMatcher: pulumi.String(\"allpaths\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPathMatchers: compute.URLMapPathMatcherArray{\n\t\t\t\t\u0026compute.URLMapPathMatcherArgs{\n\t\t\t\t\tName: pulumi.String(\"allpaths\"),\n\t\t\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\t\t\tPathRules: compute.URLMapPathMatcherPathRuleArray{\n\t\t\t\t\t\t\u0026compute.URLMapPathMatcherPathRuleArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"/*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tService: defaultBackendService.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewTargetHttpsProxy(ctx, \"default\", \u0026compute.TargetHttpsProxyArgs{\n\t\t\tName: pulumi.String(\"test-mtls-proxy\"),\n\t\t\tUrlMap: defaultURLMap.ID(),\n\t\t\tSslCertificates: pulumi.StringArray{\n\t\t\t\tdefaultSSLCertificate.ID(),\n\t\t\t},\n\t\t\tServerTlsPolicy: defaultServerTlsPolicy.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.certificatemanager.TrustConfig;\nimport com.pulumi.gcp.certificatemanager.TrustConfigArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.TrustConfigTrustStoreArgs;\nimport com.pulumi.gcp.networksecurity.ServerTlsPolicy;\nimport com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;\nimport com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyMtlsPolicyArgs;\nimport com.pulumi.gcp.compute.SSLCertificate;\nimport com.pulumi.gcp.compute.SSLCertificateArgs;\nimport com.pulumi.gcp.compute.HttpHealthCheck;\nimport com.pulumi.gcp.compute.HttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.BackendService;\nimport com.pulumi.gcp.compute.BackendServiceArgs;\nimport com.pulumi.gcp.compute.URLMap;\nimport com.pulumi.gcp.compute.URLMapArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;\nimport com.pulumi.gcp.compute.TargetHttpsProxy;\nimport com.pulumi.gcp.compute.TargetHttpsProxyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var defaultTrustConfig = new TrustConfig(\"defaultTrustConfig\", TrustConfigArgs.builder()\n .name(\"my-trust-config\")\n .description(\"sample description for the trust config\")\n .location(\"global\")\n .trustStores(TrustConfigTrustStoreArgs.builder()\n .trustAnchors(TrustConfigTrustStoreTrustAnchorArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/ca_cert.pem\")\n .build()).result())\n .build())\n .intermediateCas(TrustConfigTrustStoreIntermediateCaArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/ca_cert.pem\")\n .build()).result())\n .build())\n .build())\n .labels(Map.of(\"foo\", \"bar\"))\n .build());\n\n var defaultServerTlsPolicy = new ServerTlsPolicy(\"defaultServerTlsPolicy\", ServerTlsPolicyArgs.builder()\n .name(\"my-tls-policy\")\n .description(\"my description\")\n .location(\"global\")\n .allowOpen(\"false\")\n .mtlsPolicy(ServerTlsPolicyMtlsPolicyArgs.builder()\n .clientValidationMode(\"ALLOW_INVALID_OR_MISSING_CLIENT_CERT\")\n .clientValidationTrustConfig(defaultTrustConfig.name().applyValue(name -\u003e String.format(\"projects/%s/locations/global/trustConfigs/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number()),name)))\n .build())\n .build());\n\n var defaultSSLCertificate = new SSLCertificate(\"defaultSSLCertificate\", SSLCertificateArgs.builder()\n .name(\"my-certificate\")\n .privateKey(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/private.key\")\n .build()).result())\n .certificate(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/certificate.crt\")\n .build()).result())\n .build());\n\n var defaultHttpHealthCheck = new HttpHealthCheck(\"defaultHttpHealthCheck\", HttpHealthCheckArgs.builder()\n .name(\"http-health-check\")\n .requestPath(\"/\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .build());\n\n var defaultBackendService = new BackendService(\"defaultBackendService\", BackendServiceArgs.builder()\n .name(\"backend-service\")\n .portName(\"http\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .healthChecks(defaultHttpHealthCheck.id())\n .build());\n\n var defaultURLMap = new URLMap(\"defaultURLMap\", URLMapArgs.builder()\n .name(\"url-map\")\n .description(\"a description\")\n .defaultService(defaultBackendService.id())\n .hostRules(URLMapHostRuleArgs.builder()\n .hosts(\"mysite.com\")\n .pathMatcher(\"allpaths\")\n .build())\n .pathMatchers(URLMapPathMatcherArgs.builder()\n .name(\"allpaths\")\n .defaultService(defaultBackendService.id())\n .pathRules(URLMapPathMatcherPathRuleArgs.builder()\n .paths(\"/*\")\n .service(defaultBackendService.id())\n .build())\n .build())\n .build());\n\n var default_ = new TargetHttpsProxy(\"default\", TargetHttpsProxyArgs.builder()\n .name(\"test-mtls-proxy\")\n .urlMap(defaultURLMap.id())\n .sslCertificates(defaultSSLCertificate.id())\n .serverTlsPolicy(defaultServerTlsPolicy.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:TargetHttpsProxy\n properties:\n name: test-mtls-proxy\n urlMap: ${defaultURLMap.id}\n sslCertificates:\n - ${defaultSSLCertificate.id}\n serverTlsPolicy: ${defaultServerTlsPolicy.id}\n defaultTrustConfig:\n type: gcp:certificatemanager:TrustConfig\n name: default\n properties:\n name: my-trust-config\n description: sample description for the trust config\n location: global\n trustStores:\n - trustAnchors:\n - pemCertificate:\n fn::invoke:\n function: std:file\n arguments:\n input: test-fixtures/ca_cert.pem\n return: result\n intermediateCas:\n - pemCertificate:\n fn::invoke:\n function: std:file\n arguments:\n input: test-fixtures/ca_cert.pem\n return: result\n labels:\n foo: bar\n defaultServerTlsPolicy:\n type: gcp:networksecurity:ServerTlsPolicy\n name: default\n properties:\n name: my-tls-policy\n description: my description\n location: global\n allowOpen: 'false'\n mtlsPolicy:\n clientValidationMode: ALLOW_INVALID_OR_MISSING_CLIENT_CERT\n clientValidationTrustConfig: projects/${project.number}/locations/global/trustConfigs/${defaultTrustConfig.name}\n defaultSSLCertificate:\n type: gcp:compute:SSLCertificate\n name: default\n properties:\n name: my-certificate\n privateKey:\n fn::invoke:\n function: std:file\n arguments:\n input: path/to/private.key\n return: result\n certificate:\n fn::invoke:\n function: std:file\n arguments:\n input: path/to/certificate.crt\n return: result\n defaultURLMap:\n type: gcp:compute:URLMap\n name: default\n properties:\n name: url-map\n description: a description\n defaultService: ${defaultBackendService.id}\n hostRules:\n - hosts:\n - mysite.com\n pathMatcher: allpaths\n pathMatchers:\n - name: allpaths\n defaultService: ${defaultBackendService.id}\n pathRules:\n - paths:\n - /*\n service: ${defaultBackendService.id}\n defaultBackendService:\n type: gcp:compute:BackendService\n name: default\n properties:\n name: backend-service\n portName: http\n protocol: HTTP\n timeoutSec: 10\n healthChecks: ${defaultHttpHealthCheck.id}\n defaultHttpHealthCheck:\n type: gcp:compute:HttpHealthCheck\n name: default\n properties:\n name: http-health-check\n requestPath: /\n checkIntervalSec: 1\n timeoutSec: 1\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Target Https Proxy Certificate Manager Certificate\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst defaultCertificate = new gcp.certificatemanager.Certificate(\"default\", {\n name: \"my-certificate\",\n scope: \"ALL_REGIONS\",\n selfManaged: {\n pemCertificate: std.file({\n input: \"test-fixtures/cert.pem\",\n }).then(invoke =\u003e invoke.result),\n pemPrivateKey: std.file({\n input: \"test-fixtures/private-key.pem\",\n }).then(invoke =\u003e invoke.result),\n },\n});\nconst defaultBackendService = new gcp.compute.BackendService(\"default\", {\n name: \"backend-service\",\n portName: \"http\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n loadBalancingScheme: \"INTERNAL_MANAGED\",\n});\nconst defaultURLMap = new gcp.compute.URLMap(\"default\", {\n name: \"url-map\",\n description: \"a description\",\n defaultService: defaultBackendService.id,\n hostRules: [{\n hosts: [\"mysite.com\"],\n pathMatcher: \"allpaths\",\n }],\n pathMatchers: [{\n name: \"allpaths\",\n defaultService: defaultBackendService.id,\n pathRules: [{\n paths: [\"/*\"],\n service: defaultBackendService.id,\n }],\n }],\n});\nconst _default = new gcp.compute.TargetHttpsProxy(\"default\", {\n name: \"target-http-proxy\",\n urlMap: defaultURLMap.id,\n certificateManagerCertificates: [pulumi.interpolate`//certificatemanager.googleapis.com/${defaultCertificate.id}`],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndefault_certificate = gcp.certificatemanager.Certificate(\"default\",\n name=\"my-certificate\",\n scope=\"ALL_REGIONS\",\n self_managed={\n \"pem_certificate\": std.file(input=\"test-fixtures/cert.pem\").result,\n \"pem_private_key\": std.file(input=\"test-fixtures/private-key.pem\").result,\n })\ndefault_backend_service = gcp.compute.BackendService(\"default\",\n name=\"backend-service\",\n port_name=\"http\",\n protocol=\"HTTP\",\n timeout_sec=10,\n load_balancing_scheme=\"INTERNAL_MANAGED\")\ndefault_url_map = gcp.compute.URLMap(\"default\",\n name=\"url-map\",\n description=\"a description\",\n default_service=default_backend_service.id,\n host_rules=[{\n \"hosts\": [\"mysite.com\"],\n \"path_matcher\": \"allpaths\",\n }],\n path_matchers=[{\n \"name\": \"allpaths\",\n \"default_service\": default_backend_service.id,\n \"path_rules\": [{\n \"paths\": [\"/*\"],\n \"service\": default_backend_service.id,\n }],\n }])\ndefault = gcp.compute.TargetHttpsProxy(\"default\",\n name=\"target-http-proxy\",\n url_map=default_url_map.id,\n certificate_manager_certificates=[default_certificate.id.apply(lambda id: f\"//certificatemanager.googleapis.com/{id}\")])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultCertificate = new Gcp.CertificateManager.Certificate(\"default\", new()\n {\n Name = \"my-certificate\",\n Scope = \"ALL_REGIONS\",\n SelfManaged = new Gcp.CertificateManager.Inputs.CertificateSelfManagedArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n PemPrivateKey = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/private-key.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n });\n\n var defaultBackendService = new Gcp.Compute.BackendService(\"default\", new()\n {\n Name = \"backend-service\",\n PortName = \"http\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n LoadBalancingScheme = \"INTERNAL_MANAGED\",\n });\n\n var defaultURLMap = new Gcp.Compute.URLMap(\"default\", new()\n {\n Name = \"url-map\",\n Description = \"a description\",\n DefaultService = defaultBackendService.Id,\n HostRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapHostRuleArgs\n {\n Hosts = new[]\n {\n \"mysite.com\",\n },\n PathMatcher = \"allpaths\",\n },\n },\n PathMatchers = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherArgs\n {\n Name = \"allpaths\",\n DefaultService = defaultBackendService.Id,\n PathRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs\n {\n Paths = new[]\n {\n \"/*\",\n },\n Service = defaultBackendService.Id,\n },\n },\n },\n },\n });\n\n var @default = new Gcp.Compute.TargetHttpsProxy(\"default\", new()\n {\n Name = \"target-http-proxy\",\n UrlMap = defaultURLMap.Id,\n CertificateManagerCertificates = new[]\n {\n defaultCertificate.Id.Apply(id =\u003e $\"//certificatemanager.googleapis.com/{id}\"),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/private-key.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultCertificate, err := certificatemanager.NewCertificate(ctx, \"default\", \u0026certificatemanager.CertificateArgs{\n\t\t\tName: pulumi.String(\"my-certificate\"),\n\t\t\tScope: pulumi.String(\"ALL_REGIONS\"),\n\t\t\tSelfManaged: \u0026certificatemanager.CertificateSelfManagedArgs{\n\t\t\t\tPemCertificate: pulumi.String(invokeFile.Result),\n\t\t\t\tPemPrivateKey: pulumi.String(invokeFile1.Result),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultBackendService, err := compute.NewBackendService(ctx, \"default\", \u0026compute.BackendServiceArgs{\n\t\t\tName: pulumi.String(\"backend-service\"),\n\t\t\tPortName: pulumi.String(\"http\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_MANAGED\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultURLMap, err := compute.NewURLMap(ctx, \"default\", \u0026compute.URLMapArgs{\n\t\t\tName: pulumi.String(\"url-map\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\tHostRules: compute.URLMapHostRuleArray{\n\t\t\t\t\u0026compute.URLMapHostRuleArgs{\n\t\t\t\t\tHosts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"mysite.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tPathMatcher: pulumi.String(\"allpaths\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPathMatchers: compute.URLMapPathMatcherArray{\n\t\t\t\t\u0026compute.URLMapPathMatcherArgs{\n\t\t\t\t\tName: pulumi.String(\"allpaths\"),\n\t\t\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\t\t\tPathRules: compute.URLMapPathMatcherPathRuleArray{\n\t\t\t\t\t\t\u0026compute.URLMapPathMatcherPathRuleArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"/*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tService: defaultBackendService.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewTargetHttpsProxy(ctx, \"default\", \u0026compute.TargetHttpsProxyArgs{\n\t\t\tName: pulumi.String(\"target-http-proxy\"),\n\t\t\tUrlMap: defaultURLMap.ID(),\n\t\t\tCertificateManagerCertificates: pulumi.StringArray{\n\t\t\t\tdefaultCertificate.ID().ApplyT(func(id string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"//certificatemanager.googleapis.com/%v\", id), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificatemanager.Certificate;\nimport com.pulumi.gcp.certificatemanager.CertificateArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.CertificateSelfManagedArgs;\nimport com.pulumi.gcp.compute.BackendService;\nimport com.pulumi.gcp.compute.BackendServiceArgs;\nimport com.pulumi.gcp.compute.URLMap;\nimport com.pulumi.gcp.compute.URLMapArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;\nimport com.pulumi.gcp.compute.TargetHttpsProxy;\nimport com.pulumi.gcp.compute.TargetHttpsProxyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultCertificate = new Certificate(\"defaultCertificate\", CertificateArgs.builder()\n .name(\"my-certificate\")\n .scope(\"ALL_REGIONS\")\n .selfManaged(CertificateSelfManagedArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/cert.pem\")\n .build()).result())\n .pemPrivateKey(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/private-key.pem\")\n .build()).result())\n .build())\n .build());\n\n var defaultBackendService = new BackendService(\"defaultBackendService\", BackendServiceArgs.builder()\n .name(\"backend-service\")\n .portName(\"http\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .loadBalancingScheme(\"INTERNAL_MANAGED\")\n .build());\n\n var defaultURLMap = new URLMap(\"defaultURLMap\", URLMapArgs.builder()\n .name(\"url-map\")\n .description(\"a description\")\n .defaultService(defaultBackendService.id())\n .hostRules(URLMapHostRuleArgs.builder()\n .hosts(\"mysite.com\")\n .pathMatcher(\"allpaths\")\n .build())\n .pathMatchers(URLMapPathMatcherArgs.builder()\n .name(\"allpaths\")\n .defaultService(defaultBackendService.id())\n .pathRules(URLMapPathMatcherPathRuleArgs.builder()\n .paths(\"/*\")\n .service(defaultBackendService.id())\n .build())\n .build())\n .build());\n\n var default_ = new TargetHttpsProxy(\"default\", TargetHttpsProxyArgs.builder()\n .name(\"target-http-proxy\")\n .urlMap(defaultURLMap.id())\n .certificateManagerCertificates(defaultCertificate.id().applyValue(id -\u003e String.format(\"//certificatemanager.googleapis.com/%s\", id)))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:TargetHttpsProxy\n properties:\n name: target-http-proxy\n urlMap: ${defaultURLMap.id}\n certificateManagerCertificates: # [google_certificate_manager_certificate.default.id] is also acceptable\n - //certificatemanager.googleapis.com/${defaultCertificate.id}\n defaultCertificate:\n type: gcp:certificatemanager:Certificate\n name: default\n properties:\n name: my-certificate\n scope: ALL_REGIONS\n selfManaged:\n pemCertificate:\n fn::invoke:\n function: std:file\n arguments:\n input: test-fixtures/cert.pem\n return: result\n pemPrivateKey:\n fn::invoke:\n function: std:file\n arguments:\n input: test-fixtures/private-key.pem\n return: result\n defaultURLMap:\n type: gcp:compute:URLMap\n name: default\n properties:\n name: url-map\n description: a description\n defaultService: ${defaultBackendService.id}\n hostRules:\n - hosts:\n - mysite.com\n pathMatcher: allpaths\n pathMatchers:\n - name: allpaths\n defaultService: ${defaultBackendService.id}\n pathRules:\n - paths:\n - /*\n service: ${defaultBackendService.id}\n defaultBackendService:\n type: gcp:compute:BackendService\n name: default\n properties:\n name: backend-service\n portName: http\n protocol: HTTP\n timeoutSec: 10\n loadBalancingScheme: INTERNAL_MANAGED\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nTargetHttpsProxy can be imported using any of these accepted formats:\n\n* `projects/{{project}}/global/targetHttpsProxies/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, TargetHttpsProxy can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/targetHttpsProxy:TargetHttpsProxy default projects/{{project}}/global/targetHttpsProxies/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/targetHttpsProxy:TargetHttpsProxy default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/targetHttpsProxy:TargetHttpsProxy default {{name}}\n```\n\n", "properties": { "certificateManagerCertificates": { "type": "array", @@ -184162,7 +184162,7 @@ } }, "gcp:compute/targetInstance:TargetInstance": { - "description": "Represents a TargetInstance resource which defines an endpoint instance\nthat terminates traffic of certain protocols. In particular, they are used\nin Protocol Forwarding, where forwarding rules can send packets to a\nnon-NAT'ed target instance. Each target instance contains a single\nvirtual machine instance that receives and handles traffic from the\ncorresponding forwarding rules.\n\n\nTo get more information about TargetInstance, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/v1/targetInstances)\n* How-to Guides\n * [Using Protocol Forwarding](https://cloud.google.com/compute/docs/protocol-forwarding)\n\n## Example Usage\n\n### Target Instance Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst vmimage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst target_vm = new gcp.compute.Instance(\"target-vm\", {\n name: \"target-vm\",\n machineType: \"e2-medium\",\n zone: \"us-central1-a\",\n bootDisk: {\n initializeParams: {\n image: vmimage.then(vmimage =\u003e vmimage.selfLink),\n },\n },\n networkInterfaces: [{\n network: \"default\",\n }],\n});\nconst _default = new gcp.compute.TargetInstance(\"default\", {\n name: \"target\",\n instance: target_vm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nvmimage = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\ntarget_vm = gcp.compute.Instance(\"target-vm\",\n name=\"target-vm\",\n machine_type=\"e2-medium\",\n zone=\"us-central1-a\",\n boot_disk={\n \"initialize_params\": {\n \"image\": vmimage.self_link,\n },\n },\n network_interfaces=[{\n \"network\": \"default\",\n }])\ndefault = gcp.compute.TargetInstance(\"default\",\n name=\"target\",\n instance=target_vm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var vmimage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var target_vm = new Gcp.Compute.Instance(\"target-vm\", new()\n {\n Name = \"target-vm\",\n MachineType = \"e2-medium\",\n Zone = \"us-central1-a\",\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = vmimage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n },\n },\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs\n {\n Network = \"default\",\n },\n },\n });\n\n var @default = new Gcp.Compute.TargetInstance(\"default\", new()\n {\n Name = \"target\",\n Instance = target_vm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tvmimage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstance(ctx, \"target-vm\", \u0026compute.InstanceArgs{\n\t\t\tName: pulumi.String(\"target-vm\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\n\t\t\t\t\tImage: pulumi.String(vmimage.SelfLink),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworkInterfaces: compute.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewTargetInstance(ctx, \"default\", \u0026compute.TargetInstanceArgs{\n\t\t\tName: pulumi.String(\"target\"),\n\t\t\tInstance: target_vm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.TargetInstance;\nimport com.pulumi.gcp.compute.TargetInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var vmimage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var target_vm = new Instance(\"target-vm\", InstanceArgs.builder()\n .name(\"target-vm\")\n .machineType(\"e2-medium\")\n .zone(\"us-central1-a\")\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(vmimage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .build())\n .build())\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .network(\"default\")\n .build())\n .build());\n\n var default_ = new TargetInstance(\"default\", TargetInstanceArgs.builder()\n .name(\"target\")\n .instance(target_vm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:TargetInstance\n properties:\n name: target\n instance: ${[\"target-vm\"].id}\n target-vm:\n type: gcp:compute:Instance\n properties:\n name: target-vm\n machineType: e2-medium\n zone: us-central1-a\n bootDisk:\n initializeParams:\n image: ${vmimage.selfLink}\n networkInterfaces:\n - network: default\nvariables:\n vmimage:\n fn::invoke:\n Function: gcp:compute:getImage\n Arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Target Instance Custom Network\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst target-vm = gcp.compute.getNetwork({\n name: \"default\",\n});\nconst vmimage = gcp.compute.getImage({\n family: \"debian-12\",\n project: \"debian-cloud\",\n});\nconst target_vmInstance = new gcp.compute.Instance(\"target-vm\", {\n name: \"custom-network-target-vm\",\n machineType: \"e2-medium\",\n zone: \"us-central1-a\",\n bootDisk: {\n initializeParams: {\n image: vmimage.then(vmimage =\u003e vmimage.selfLink),\n },\n },\n networkInterfaces: [{\n network: \"default\",\n }],\n});\nconst customNetwork = new gcp.compute.TargetInstance(\"custom_network\", {\n name: \"custom-network\",\n instance: target_vmInstance.id,\n network: target_vm.then(target_vm =\u003e target_vm.selfLink),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntarget_vm = gcp.compute.get_network(name=\"default\")\nvmimage = gcp.compute.get_image(family=\"debian-12\",\n project=\"debian-cloud\")\ntarget_vm_instance = gcp.compute.Instance(\"target-vm\",\n name=\"custom-network-target-vm\",\n machine_type=\"e2-medium\",\n zone=\"us-central1-a\",\n boot_disk={\n \"initialize_params\": {\n \"image\": vmimage.self_link,\n },\n },\n network_interfaces=[{\n \"network\": \"default\",\n }])\ncustom_network = gcp.compute.TargetInstance(\"custom_network\",\n name=\"custom-network\",\n instance=target_vm_instance.id,\n network=target_vm.self_link)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var target_vm = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"default\",\n });\n\n var vmimage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-12\",\n Project = \"debian-cloud\",\n });\n\n var target_vmInstance = new Gcp.Compute.Instance(\"target-vm\", new()\n {\n Name = \"custom-network-target-vm\",\n MachineType = \"e2-medium\",\n Zone = \"us-central1-a\",\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = vmimage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n },\n },\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs\n {\n Network = \"default\",\n },\n },\n });\n\n var customNetwork = new Gcp.Compute.TargetInstance(\"custom_network\", new()\n {\n Name = \"custom-network\",\n Instance = target_vmInstance.Id,\n Network = target_vm.Apply(target_vm =\u003e target_vm.Apply(getNetworkResult =\u003e getNetworkResult.SelfLink)),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttarget_vm, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"default\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvmimage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-12\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstance(ctx, \"target-vm\", \u0026compute.InstanceArgs{\n\t\t\tName: pulumi.String(\"custom-network-target-vm\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\n\t\t\t\t\tImage: pulumi.String(vmimage.SelfLink),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworkInterfaces: compute.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewTargetInstance(ctx, \"custom_network\", \u0026compute.TargetInstanceArgs{\n\t\t\tName: pulumi.String(\"custom-network\"),\n\t\t\tInstance: target_vmInstance.ID(),\n\t\t\tNetwork: pulumi.String(target_vm.SelfLink),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.TargetInstance;\nimport com.pulumi.gcp.compute.TargetInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var target-vm = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"default\")\n .build());\n\n final var vmimage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-12\")\n .project(\"debian-cloud\")\n .build());\n\n var target_vmInstance = new Instance(\"target-vmInstance\", InstanceArgs.builder()\n .name(\"custom-network-target-vm\")\n .machineType(\"e2-medium\")\n .zone(\"us-central1-a\")\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(vmimage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .build())\n .build())\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .network(\"default\")\n .build())\n .build());\n\n var customNetwork = new TargetInstance(\"customNetwork\", TargetInstanceArgs.builder()\n .name(\"custom-network\")\n .instance(target_vmInstance.id())\n .network(target_vm.selfLink())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n customNetwork:\n type: gcp:compute:TargetInstance\n name: custom_network\n properties:\n name: custom-network\n instance: ${[\"target-vmInstance\"].id}\n network: ${[\"target-vm\"].selfLink}\n target-vmInstance:\n type: gcp:compute:Instance\n name: target-vm\n properties:\n name: custom-network-target-vm\n machineType: e2-medium\n zone: us-central1-a\n bootDisk:\n initializeParams:\n image: ${vmimage.selfLink}\n networkInterfaces:\n - network: default\nvariables:\n target-vm:\n fn::invoke:\n Function: gcp:compute:getNetwork\n Arguments:\n name: default\n vmimage:\n fn::invoke:\n Function: gcp:compute:getImage\n Arguments:\n family: debian-12\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Target Instance With Security Policy\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.Network(\"default\", {\n name: \"custom-default-network\",\n autoCreateSubnetworks: false,\n routingMode: \"REGIONAL\",\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"custom-default-subnet\",\n ipCidrRange: \"10.1.2.0/24\",\n network: _default.id,\n privateIpv6GoogleAccess: \"DISABLE_GOOGLE_ACCESS\",\n purpose: \"PRIVATE\",\n region: \"southamerica-west1\",\n stackType: \"IPV4_ONLY\",\n});\nconst vmimage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst target_vm = new gcp.compute.Instance(\"target-vm\", {\n networkInterfaces: [{\n accessConfigs: [{}],\n network: _default.selfLink,\n subnetwork: defaultSubnetwork.selfLink,\n }],\n name: \"target-vm\",\n machineType: \"e2-medium\",\n zone: \"southamerica-west1-a\",\n bootDisk: {\n initializeParams: {\n image: vmimage.then(vmimage =\u003e vmimage.selfLink),\n },\n },\n});\nconst policyddosprotection = new gcp.compute.RegionSecurityPolicy(\"policyddosprotection\", {\n region: \"southamerica-west1\",\n name: \"tf-test-policyddos_85794\",\n description: \"ddos protection security policy to set target instance\",\n type: \"CLOUD_ARMOR_NETWORK\",\n ddosProtectionConfig: {\n ddosProtection: \"ADVANCED_PREVIEW\",\n },\n});\nconst edgeSecService = new gcp.compute.NetworkEdgeSecurityService(\"edge_sec_service\", {\n region: \"southamerica-west1\",\n name: \"tf-test-edgesec_21197\",\n securityPolicy: policyddosprotection.selfLink,\n});\nconst regionsecuritypolicy = new gcp.compute.RegionSecurityPolicy(\"regionsecuritypolicy\", {\n name: \"region-secpolicy\",\n region: \"southamerica-west1\",\n description: \"basic security policy for target instance\",\n type: \"CLOUD_ARMOR_NETWORK\",\n}, {\n dependsOn: [edgeSecService],\n});\nconst defaultTargetInstance = new gcp.compute.TargetInstance(\"default\", {\n name: \"target-instance\",\n zone: \"southamerica-west1-a\",\n instance: target_vm.id,\n securityPolicy: regionsecuritypolicy.selfLink,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.Network(\"default\",\n name=\"custom-default-network\",\n auto_create_subnetworks=False,\n routing_mode=\"REGIONAL\")\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"custom-default-subnet\",\n ip_cidr_range=\"10.1.2.0/24\",\n network=default.id,\n private_ipv6_google_access=\"DISABLE_GOOGLE_ACCESS\",\n purpose=\"PRIVATE\",\n region=\"southamerica-west1\",\n stack_type=\"IPV4_ONLY\")\nvmimage = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\ntarget_vm = gcp.compute.Instance(\"target-vm\",\n network_interfaces=[{\n \"access_configs\": [{}],\n \"network\": default.self_link,\n \"subnetwork\": default_subnetwork.self_link,\n }],\n name=\"target-vm\",\n machine_type=\"e2-medium\",\n zone=\"southamerica-west1-a\",\n boot_disk={\n \"initialize_params\": {\n \"image\": vmimage.self_link,\n },\n })\npolicyddosprotection = gcp.compute.RegionSecurityPolicy(\"policyddosprotection\",\n region=\"southamerica-west1\",\n name=\"tf-test-policyddos_85794\",\n description=\"ddos protection security policy to set target instance\",\n type=\"CLOUD_ARMOR_NETWORK\",\n ddos_protection_config={\n \"ddos_protection\": \"ADVANCED_PREVIEW\",\n })\nedge_sec_service = gcp.compute.NetworkEdgeSecurityService(\"edge_sec_service\",\n region=\"southamerica-west1\",\n name=\"tf-test-edgesec_21197\",\n security_policy=policyddosprotection.self_link)\nregionsecuritypolicy = gcp.compute.RegionSecurityPolicy(\"regionsecuritypolicy\",\n name=\"region-secpolicy\",\n region=\"southamerica-west1\",\n description=\"basic security policy for target instance\",\n type=\"CLOUD_ARMOR_NETWORK\",\n opts = pulumi.ResourceOptions(depends_on=[edge_sec_service]))\ndefault_target_instance = gcp.compute.TargetInstance(\"default\",\n name=\"target-instance\",\n zone=\"southamerica-west1-a\",\n instance=target_vm.id,\n security_policy=regionsecuritypolicy.self_link)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"custom-default-network\",\n AutoCreateSubnetworks = false,\n RoutingMode = \"REGIONAL\",\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"custom-default-subnet\",\n IpCidrRange = \"10.1.2.0/24\",\n Network = @default.Id,\n PrivateIpv6GoogleAccess = \"DISABLE_GOOGLE_ACCESS\",\n Purpose = \"PRIVATE\",\n Region = \"southamerica-west1\",\n StackType = \"IPV4_ONLY\",\n });\n\n var vmimage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var target_vm = new Gcp.Compute.Instance(\"target-vm\", new()\n {\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs\n {\n AccessConfigs = new[]\n {\n null,\n },\n Network = @default.SelfLink,\n Subnetwork = defaultSubnetwork.SelfLink,\n },\n },\n Name = \"target-vm\",\n MachineType = \"e2-medium\",\n Zone = \"southamerica-west1-a\",\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = vmimage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n },\n },\n });\n\n var policyddosprotection = new Gcp.Compute.RegionSecurityPolicy(\"policyddosprotection\", new()\n {\n Region = \"southamerica-west1\",\n Name = \"tf-test-policyddos_85794\",\n Description = \"ddos protection security policy to set target instance\",\n Type = \"CLOUD_ARMOR_NETWORK\",\n DdosProtectionConfig = new Gcp.Compute.Inputs.RegionSecurityPolicyDdosProtectionConfigArgs\n {\n DdosProtection = \"ADVANCED_PREVIEW\",\n },\n });\n\n var edgeSecService = new Gcp.Compute.NetworkEdgeSecurityService(\"edge_sec_service\", new()\n {\n Region = \"southamerica-west1\",\n Name = \"tf-test-edgesec_21197\",\n SecurityPolicy = policyddosprotection.SelfLink,\n });\n\n var regionsecuritypolicy = new Gcp.Compute.RegionSecurityPolicy(\"regionsecuritypolicy\", new()\n {\n Name = \"region-secpolicy\",\n Region = \"southamerica-west1\",\n Description = \"basic security policy for target instance\",\n Type = \"CLOUD_ARMOR_NETWORK\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n edgeSecService,\n },\n });\n\n var defaultTargetInstance = new Gcp.Compute.TargetInstance(\"default\", new()\n {\n Name = \"target-instance\",\n Zone = \"southamerica-west1-a\",\n Instance = target_vm.Id,\n SecurityPolicy = regionsecuritypolicy.SelfLink,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"custom-default-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t\tRoutingMode: pulumi.String(\"REGIONAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"custom-default-subnet\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.1.2.0/24\"),\n\t\t\tNetwork: _default.ID(),\n\t\t\tPrivateIpv6GoogleAccess: pulumi.String(\"DISABLE_GOOGLE_ACCESS\"),\n\t\t\tPurpose: pulumi.String(\"PRIVATE\"),\n\t\t\tRegion: pulumi.String(\"southamerica-west1\"),\n\t\t\tStackType: pulumi.String(\"IPV4_ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvmimage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstance(ctx, \"target-vm\", \u0026compute.InstanceArgs{\n\t\t\tNetworkInterfaces: compute.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tAccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{\n\t\t\t\t\t\t\u0026compute.InstanceNetworkInterfaceAccessConfigArgs{},\n\t\t\t\t\t},\n\t\t\t\t\tNetwork: _default.SelfLink,\n\t\t\t\t\tSubnetwork: defaultSubnetwork.SelfLink,\n\t\t\t\t},\n\t\t\t},\n\t\t\tName: pulumi.String(\"target-vm\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tZone: pulumi.String(\"southamerica-west1-a\"),\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\n\t\t\t\t\tImage: pulumi.String(vmimage.SelfLink),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpolicyddosprotection, err := compute.NewRegionSecurityPolicy(ctx, \"policyddosprotection\", \u0026compute.RegionSecurityPolicyArgs{\n\t\t\tRegion: pulumi.String(\"southamerica-west1\"),\n\t\t\tName: pulumi.String(\"tf-test-policyddos_85794\"),\n\t\t\tDescription: pulumi.String(\"ddos protection security policy to set target instance\"),\n\t\t\tType: pulumi.String(\"CLOUD_ARMOR_NETWORK\"),\n\t\t\tDdosProtectionConfig: \u0026compute.RegionSecurityPolicyDdosProtectionConfigArgs{\n\t\t\t\tDdosProtection: pulumi.String(\"ADVANCED_PREVIEW\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tedgeSecService, err := compute.NewNetworkEdgeSecurityService(ctx, \"edge_sec_service\", \u0026compute.NetworkEdgeSecurityServiceArgs{\n\t\t\tRegion: pulumi.String(\"southamerica-west1\"),\n\t\t\tName: pulumi.String(\"tf-test-edgesec_21197\"),\n\t\t\tSecurityPolicy: policyddosprotection.SelfLink,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tregionsecuritypolicy, err := compute.NewRegionSecurityPolicy(ctx, \"regionsecuritypolicy\", \u0026compute.RegionSecurityPolicyArgs{\n\t\t\tName: pulumi.String(\"region-secpolicy\"),\n\t\t\tRegion: pulumi.String(\"southamerica-west1\"),\n\t\t\tDescription: pulumi.String(\"basic security policy for target instance\"),\n\t\t\tType: pulumi.String(\"CLOUD_ARMOR_NETWORK\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tedgeSecService,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewTargetInstance(ctx, \"default\", \u0026compute.TargetInstanceArgs{\n\t\t\tName: pulumi.String(\"target-instance\"),\n\t\t\tZone: pulumi.String(\"southamerica-west1-a\"),\n\t\t\tInstance: target_vm.ID(),\n\t\t\tSecurityPolicy: regionsecuritypolicy.SelfLink,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;\nimport com.pulumi.gcp.compute.RegionSecurityPolicy;\nimport com.pulumi.gcp.compute.RegionSecurityPolicyArgs;\nimport com.pulumi.gcp.compute.inputs.RegionSecurityPolicyDdosProtectionConfigArgs;\nimport com.pulumi.gcp.compute.NetworkEdgeSecurityService;\nimport com.pulumi.gcp.compute.NetworkEdgeSecurityServiceArgs;\nimport com.pulumi.gcp.compute.TargetInstance;\nimport com.pulumi.gcp.compute.TargetInstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"custom-default-network\")\n .autoCreateSubnetworks(false)\n .routingMode(\"REGIONAL\")\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"custom-default-subnet\")\n .ipCidrRange(\"10.1.2.0/24\")\n .network(default_.id())\n .privateIpv6GoogleAccess(\"DISABLE_GOOGLE_ACCESS\")\n .purpose(\"PRIVATE\")\n .region(\"southamerica-west1\")\n .stackType(\"IPV4_ONLY\")\n .build());\n\n final var vmimage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var target_vm = new Instance(\"target-vm\", InstanceArgs.builder()\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .accessConfigs()\n .network(default_.selfLink())\n .subnetwork(defaultSubnetwork.selfLink())\n .build())\n .name(\"target-vm\")\n .machineType(\"e2-medium\")\n .zone(\"southamerica-west1-a\")\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(vmimage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .build())\n .build())\n .build());\n\n var policyddosprotection = new RegionSecurityPolicy(\"policyddosprotection\", RegionSecurityPolicyArgs.builder()\n .region(\"southamerica-west1\")\n .name(\"tf-test-policyddos_85794\")\n .description(\"ddos protection security policy to set target instance\")\n .type(\"CLOUD_ARMOR_NETWORK\")\n .ddosProtectionConfig(RegionSecurityPolicyDdosProtectionConfigArgs.builder()\n .ddosProtection(\"ADVANCED_PREVIEW\")\n .build())\n .build());\n\n var edgeSecService = new NetworkEdgeSecurityService(\"edgeSecService\", NetworkEdgeSecurityServiceArgs.builder()\n .region(\"southamerica-west1\")\n .name(\"tf-test-edgesec_21197\")\n .securityPolicy(policyddosprotection.selfLink())\n .build());\n\n var regionsecuritypolicy = new RegionSecurityPolicy(\"regionsecuritypolicy\", RegionSecurityPolicyArgs.builder()\n .name(\"region-secpolicy\")\n .region(\"southamerica-west1\")\n .description(\"basic security policy for target instance\")\n .type(\"CLOUD_ARMOR_NETWORK\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(edgeSecService)\n .build());\n\n var defaultTargetInstance = new TargetInstance(\"defaultTargetInstance\", TargetInstanceArgs.builder()\n .name(\"target-instance\")\n .zone(\"southamerica-west1-a\")\n .instance(target_vm.id())\n .securityPolicy(regionsecuritypolicy.selfLink())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:Network\n properties:\n name: custom-default-network\n autoCreateSubnetworks: false\n routingMode: REGIONAL\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: custom-default-subnet\n ipCidrRange: 10.1.2.0/24\n network: ${default.id}\n privateIpv6GoogleAccess: DISABLE_GOOGLE_ACCESS\n purpose: PRIVATE\n region: southamerica-west1\n stackType: IPV4_ONLY\n target-vm:\n type: gcp:compute:Instance\n properties:\n networkInterfaces:\n - accessConfigs:\n - {}\n network: ${default.selfLink}\n subnetwork: ${defaultSubnetwork.selfLink}\n name: target-vm\n machineType: e2-medium\n zone: southamerica-west1-a\n bootDisk:\n initializeParams:\n image: ${vmimage.selfLink}\n policyddosprotection:\n type: gcp:compute:RegionSecurityPolicy\n properties:\n region: southamerica-west1\n name: tf-test-policyddos_85794\n description: ddos protection security policy to set target instance\n type: CLOUD_ARMOR_NETWORK\n ddosProtectionConfig:\n ddosProtection: ADVANCED_PREVIEW\n edgeSecService:\n type: gcp:compute:NetworkEdgeSecurityService\n name: edge_sec_service\n properties:\n region: southamerica-west1\n name: tf-test-edgesec_21197\n securityPolicy: ${policyddosprotection.selfLink}\n regionsecuritypolicy:\n type: gcp:compute:RegionSecurityPolicy\n properties:\n name: region-secpolicy\n region: southamerica-west1\n description: basic security policy for target instance\n type: CLOUD_ARMOR_NETWORK\n options:\n dependson:\n - ${edgeSecService}\n defaultTargetInstance:\n type: gcp:compute:TargetInstance\n name: default\n properties:\n name: target-instance\n zone: southamerica-west1-a\n instance: ${[\"target-vm\"].id}\n securityPolicy: ${regionsecuritypolicy.selfLink}\nvariables:\n vmimage:\n fn::invoke:\n Function: gcp:compute:getImage\n Arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nTargetInstance can be imported using any of these accepted formats:\n\n* `projects/{{project}}/zones/{{zone}}/targetInstances/{{name}}`\n\n* `{{project}}/{{zone}}/{{name}}`\n\n* `{{zone}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, TargetInstance can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/targetInstance:TargetInstance default projects/{{project}}/zones/{{zone}}/targetInstances/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/targetInstance:TargetInstance default {{project}}/{{zone}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/targetInstance:TargetInstance default {{zone}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/targetInstance:TargetInstance default {{name}}\n```\n\n", + "description": "Represents a TargetInstance resource which defines an endpoint instance\nthat terminates traffic of certain protocols. In particular, they are used\nin Protocol Forwarding, where forwarding rules can send packets to a\nnon-NAT'ed target instance. Each target instance contains a single\nvirtual machine instance that receives and handles traffic from the\ncorresponding forwarding rules.\n\n\nTo get more information about TargetInstance, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/v1/targetInstances)\n* How-to Guides\n * [Using Protocol Forwarding](https://cloud.google.com/compute/docs/protocol-forwarding)\n\n## Example Usage\n\n### Target Instance Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst vmimage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst target_vm = new gcp.compute.Instance(\"target-vm\", {\n name: \"target-vm\",\n machineType: \"e2-medium\",\n zone: \"us-central1-a\",\n bootDisk: {\n initializeParams: {\n image: vmimage.then(vmimage =\u003e vmimage.selfLink),\n },\n },\n networkInterfaces: [{\n network: \"default\",\n }],\n});\nconst _default = new gcp.compute.TargetInstance(\"default\", {\n name: \"target\",\n instance: target_vm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nvmimage = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\ntarget_vm = gcp.compute.Instance(\"target-vm\",\n name=\"target-vm\",\n machine_type=\"e2-medium\",\n zone=\"us-central1-a\",\n boot_disk={\n \"initialize_params\": {\n \"image\": vmimage.self_link,\n },\n },\n network_interfaces=[{\n \"network\": \"default\",\n }])\ndefault = gcp.compute.TargetInstance(\"default\",\n name=\"target\",\n instance=target_vm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var vmimage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var target_vm = new Gcp.Compute.Instance(\"target-vm\", new()\n {\n Name = \"target-vm\",\n MachineType = \"e2-medium\",\n Zone = \"us-central1-a\",\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = vmimage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n },\n },\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs\n {\n Network = \"default\",\n },\n },\n });\n\n var @default = new Gcp.Compute.TargetInstance(\"default\", new()\n {\n Name = \"target\",\n Instance = target_vm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tvmimage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstance(ctx, \"target-vm\", \u0026compute.InstanceArgs{\n\t\t\tName: pulumi.String(\"target-vm\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\n\t\t\t\t\tImage: pulumi.String(vmimage.SelfLink),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworkInterfaces: compute.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewTargetInstance(ctx, \"default\", \u0026compute.TargetInstanceArgs{\n\t\t\tName: pulumi.String(\"target\"),\n\t\t\tInstance: target_vm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.TargetInstance;\nimport com.pulumi.gcp.compute.TargetInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var vmimage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var target_vm = new Instance(\"target-vm\", InstanceArgs.builder()\n .name(\"target-vm\")\n .machineType(\"e2-medium\")\n .zone(\"us-central1-a\")\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(vmimage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .build())\n .build())\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .network(\"default\")\n .build())\n .build());\n\n var default_ = new TargetInstance(\"default\", TargetInstanceArgs.builder()\n .name(\"target\")\n .instance(target_vm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:TargetInstance\n properties:\n name: target\n instance: ${[\"target-vm\"].id}\n target-vm:\n type: gcp:compute:Instance\n properties:\n name: target-vm\n machineType: e2-medium\n zone: us-central1-a\n bootDisk:\n initializeParams:\n image: ${vmimage.selfLink}\n networkInterfaces:\n - network: default\nvariables:\n vmimage:\n fn::invoke:\n function: gcp:compute:getImage\n arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Target Instance Custom Network\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst target-vm = gcp.compute.getNetwork({\n name: \"default\",\n});\nconst vmimage = gcp.compute.getImage({\n family: \"debian-12\",\n project: \"debian-cloud\",\n});\nconst target_vmInstance = new gcp.compute.Instance(\"target-vm\", {\n name: \"custom-network-target-vm\",\n machineType: \"e2-medium\",\n zone: \"us-central1-a\",\n bootDisk: {\n initializeParams: {\n image: vmimage.then(vmimage =\u003e vmimage.selfLink),\n },\n },\n networkInterfaces: [{\n network: \"default\",\n }],\n});\nconst customNetwork = new gcp.compute.TargetInstance(\"custom_network\", {\n name: \"custom-network\",\n instance: target_vmInstance.id,\n network: target_vm.then(target_vm =\u003e target_vm.selfLink),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntarget_vm = gcp.compute.get_network(name=\"default\")\nvmimage = gcp.compute.get_image(family=\"debian-12\",\n project=\"debian-cloud\")\ntarget_vm_instance = gcp.compute.Instance(\"target-vm\",\n name=\"custom-network-target-vm\",\n machine_type=\"e2-medium\",\n zone=\"us-central1-a\",\n boot_disk={\n \"initialize_params\": {\n \"image\": vmimage.self_link,\n },\n },\n network_interfaces=[{\n \"network\": \"default\",\n }])\ncustom_network = gcp.compute.TargetInstance(\"custom_network\",\n name=\"custom-network\",\n instance=target_vm_instance.id,\n network=target_vm.self_link)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var target_vm = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"default\",\n });\n\n var vmimage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-12\",\n Project = \"debian-cloud\",\n });\n\n var target_vmInstance = new Gcp.Compute.Instance(\"target-vm\", new()\n {\n Name = \"custom-network-target-vm\",\n MachineType = \"e2-medium\",\n Zone = \"us-central1-a\",\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = vmimage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n },\n },\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs\n {\n Network = \"default\",\n },\n },\n });\n\n var customNetwork = new Gcp.Compute.TargetInstance(\"custom_network\", new()\n {\n Name = \"custom-network\",\n Instance = target_vmInstance.Id,\n Network = target_vm.Apply(target_vm =\u003e target_vm.Apply(getNetworkResult =\u003e getNetworkResult.SelfLink)),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttarget_vm, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"default\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvmimage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-12\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstance(ctx, \"target-vm\", \u0026compute.InstanceArgs{\n\t\t\tName: pulumi.String(\"custom-network-target-vm\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\n\t\t\t\t\tImage: pulumi.String(vmimage.SelfLink),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworkInterfaces: compute.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewTargetInstance(ctx, \"custom_network\", \u0026compute.TargetInstanceArgs{\n\t\t\tName: pulumi.String(\"custom-network\"),\n\t\t\tInstance: target_vmInstance.ID(),\n\t\t\tNetwork: pulumi.String(target_vm.SelfLink),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.TargetInstance;\nimport com.pulumi.gcp.compute.TargetInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var target-vm = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"default\")\n .build());\n\n final var vmimage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-12\")\n .project(\"debian-cloud\")\n .build());\n\n var target_vmInstance = new Instance(\"target-vmInstance\", InstanceArgs.builder()\n .name(\"custom-network-target-vm\")\n .machineType(\"e2-medium\")\n .zone(\"us-central1-a\")\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(vmimage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .build())\n .build())\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .network(\"default\")\n .build())\n .build());\n\n var customNetwork = new TargetInstance(\"customNetwork\", TargetInstanceArgs.builder()\n .name(\"custom-network\")\n .instance(target_vmInstance.id())\n .network(target_vm.selfLink())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n customNetwork:\n type: gcp:compute:TargetInstance\n name: custom_network\n properties:\n name: custom-network\n instance: ${[\"target-vmInstance\"].id}\n network: ${[\"target-vm\"].selfLink}\n target-vmInstance:\n type: gcp:compute:Instance\n name: target-vm\n properties:\n name: custom-network-target-vm\n machineType: e2-medium\n zone: us-central1-a\n bootDisk:\n initializeParams:\n image: ${vmimage.selfLink}\n networkInterfaces:\n - network: default\nvariables:\n target-vm:\n fn::invoke:\n function: gcp:compute:getNetwork\n arguments:\n name: default\n vmimage:\n fn::invoke:\n function: gcp:compute:getImage\n arguments:\n family: debian-12\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Target Instance With Security Policy\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.Network(\"default\", {\n name: \"custom-default-network\",\n autoCreateSubnetworks: false,\n routingMode: \"REGIONAL\",\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"custom-default-subnet\",\n ipCidrRange: \"10.1.2.0/24\",\n network: _default.id,\n privateIpv6GoogleAccess: \"DISABLE_GOOGLE_ACCESS\",\n purpose: \"PRIVATE\",\n region: \"southamerica-west1\",\n stackType: \"IPV4_ONLY\",\n});\nconst vmimage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst target_vm = new gcp.compute.Instance(\"target-vm\", {\n networkInterfaces: [{\n accessConfigs: [{}],\n network: _default.selfLink,\n subnetwork: defaultSubnetwork.selfLink,\n }],\n name: \"target-vm\",\n machineType: \"e2-medium\",\n zone: \"southamerica-west1-a\",\n bootDisk: {\n initializeParams: {\n image: vmimage.then(vmimage =\u003e vmimage.selfLink),\n },\n },\n});\nconst policyddosprotection = new gcp.compute.RegionSecurityPolicy(\"policyddosprotection\", {\n region: \"southamerica-west1\",\n name: \"tf-test-policyddos_85794\",\n description: \"ddos protection security policy to set target instance\",\n type: \"CLOUD_ARMOR_NETWORK\",\n ddosProtectionConfig: {\n ddosProtection: \"ADVANCED_PREVIEW\",\n },\n});\nconst edgeSecService = new gcp.compute.NetworkEdgeSecurityService(\"edge_sec_service\", {\n region: \"southamerica-west1\",\n name: \"tf-test-edgesec_21197\",\n securityPolicy: policyddosprotection.selfLink,\n});\nconst regionsecuritypolicy = new gcp.compute.RegionSecurityPolicy(\"regionsecuritypolicy\", {\n name: \"region-secpolicy\",\n region: \"southamerica-west1\",\n description: \"basic security policy for target instance\",\n type: \"CLOUD_ARMOR_NETWORK\",\n}, {\n dependsOn: [edgeSecService],\n});\nconst defaultTargetInstance = new gcp.compute.TargetInstance(\"default\", {\n name: \"target-instance\",\n zone: \"southamerica-west1-a\",\n instance: target_vm.id,\n securityPolicy: regionsecuritypolicy.selfLink,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.Network(\"default\",\n name=\"custom-default-network\",\n auto_create_subnetworks=False,\n routing_mode=\"REGIONAL\")\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"custom-default-subnet\",\n ip_cidr_range=\"10.1.2.0/24\",\n network=default.id,\n private_ipv6_google_access=\"DISABLE_GOOGLE_ACCESS\",\n purpose=\"PRIVATE\",\n region=\"southamerica-west1\",\n stack_type=\"IPV4_ONLY\")\nvmimage = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\ntarget_vm = gcp.compute.Instance(\"target-vm\",\n network_interfaces=[{\n \"access_configs\": [{}],\n \"network\": default.self_link,\n \"subnetwork\": default_subnetwork.self_link,\n }],\n name=\"target-vm\",\n machine_type=\"e2-medium\",\n zone=\"southamerica-west1-a\",\n boot_disk={\n \"initialize_params\": {\n \"image\": vmimage.self_link,\n },\n })\npolicyddosprotection = gcp.compute.RegionSecurityPolicy(\"policyddosprotection\",\n region=\"southamerica-west1\",\n name=\"tf-test-policyddos_85794\",\n description=\"ddos protection security policy to set target instance\",\n type=\"CLOUD_ARMOR_NETWORK\",\n ddos_protection_config={\n \"ddos_protection\": \"ADVANCED_PREVIEW\",\n })\nedge_sec_service = gcp.compute.NetworkEdgeSecurityService(\"edge_sec_service\",\n region=\"southamerica-west1\",\n name=\"tf-test-edgesec_21197\",\n security_policy=policyddosprotection.self_link)\nregionsecuritypolicy = gcp.compute.RegionSecurityPolicy(\"regionsecuritypolicy\",\n name=\"region-secpolicy\",\n region=\"southamerica-west1\",\n description=\"basic security policy for target instance\",\n type=\"CLOUD_ARMOR_NETWORK\",\n opts = pulumi.ResourceOptions(depends_on=[edge_sec_service]))\ndefault_target_instance = gcp.compute.TargetInstance(\"default\",\n name=\"target-instance\",\n zone=\"southamerica-west1-a\",\n instance=target_vm.id,\n security_policy=regionsecuritypolicy.self_link)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"custom-default-network\",\n AutoCreateSubnetworks = false,\n RoutingMode = \"REGIONAL\",\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"custom-default-subnet\",\n IpCidrRange = \"10.1.2.0/24\",\n Network = @default.Id,\n PrivateIpv6GoogleAccess = \"DISABLE_GOOGLE_ACCESS\",\n Purpose = \"PRIVATE\",\n Region = \"southamerica-west1\",\n StackType = \"IPV4_ONLY\",\n });\n\n var vmimage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var target_vm = new Gcp.Compute.Instance(\"target-vm\", new()\n {\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs\n {\n AccessConfigs = new[]\n {\n null,\n },\n Network = @default.SelfLink,\n Subnetwork = defaultSubnetwork.SelfLink,\n },\n },\n Name = \"target-vm\",\n MachineType = \"e2-medium\",\n Zone = \"southamerica-west1-a\",\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = vmimage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n },\n },\n });\n\n var policyddosprotection = new Gcp.Compute.RegionSecurityPolicy(\"policyddosprotection\", new()\n {\n Region = \"southamerica-west1\",\n Name = \"tf-test-policyddos_85794\",\n Description = \"ddos protection security policy to set target instance\",\n Type = \"CLOUD_ARMOR_NETWORK\",\n DdosProtectionConfig = new Gcp.Compute.Inputs.RegionSecurityPolicyDdosProtectionConfigArgs\n {\n DdosProtection = \"ADVANCED_PREVIEW\",\n },\n });\n\n var edgeSecService = new Gcp.Compute.NetworkEdgeSecurityService(\"edge_sec_service\", new()\n {\n Region = \"southamerica-west1\",\n Name = \"tf-test-edgesec_21197\",\n SecurityPolicy = policyddosprotection.SelfLink,\n });\n\n var regionsecuritypolicy = new Gcp.Compute.RegionSecurityPolicy(\"regionsecuritypolicy\", new()\n {\n Name = \"region-secpolicy\",\n Region = \"southamerica-west1\",\n Description = \"basic security policy for target instance\",\n Type = \"CLOUD_ARMOR_NETWORK\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n edgeSecService,\n },\n });\n\n var defaultTargetInstance = new Gcp.Compute.TargetInstance(\"default\", new()\n {\n Name = \"target-instance\",\n Zone = \"southamerica-west1-a\",\n Instance = target_vm.Id,\n SecurityPolicy = regionsecuritypolicy.SelfLink,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"custom-default-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t\tRoutingMode: pulumi.String(\"REGIONAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"custom-default-subnet\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.1.2.0/24\"),\n\t\t\tNetwork: _default.ID(),\n\t\t\tPrivateIpv6GoogleAccess: pulumi.String(\"DISABLE_GOOGLE_ACCESS\"),\n\t\t\tPurpose: pulumi.String(\"PRIVATE\"),\n\t\t\tRegion: pulumi.String(\"southamerica-west1\"),\n\t\t\tStackType: pulumi.String(\"IPV4_ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvmimage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstance(ctx, \"target-vm\", \u0026compute.InstanceArgs{\n\t\t\tNetworkInterfaces: compute.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tAccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{\n\t\t\t\t\t\t\u0026compute.InstanceNetworkInterfaceAccessConfigArgs{},\n\t\t\t\t\t},\n\t\t\t\t\tNetwork: _default.SelfLink,\n\t\t\t\t\tSubnetwork: defaultSubnetwork.SelfLink,\n\t\t\t\t},\n\t\t\t},\n\t\t\tName: pulumi.String(\"target-vm\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tZone: pulumi.String(\"southamerica-west1-a\"),\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\n\t\t\t\t\tImage: pulumi.String(vmimage.SelfLink),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpolicyddosprotection, err := compute.NewRegionSecurityPolicy(ctx, \"policyddosprotection\", \u0026compute.RegionSecurityPolicyArgs{\n\t\t\tRegion: pulumi.String(\"southamerica-west1\"),\n\t\t\tName: pulumi.String(\"tf-test-policyddos_85794\"),\n\t\t\tDescription: pulumi.String(\"ddos protection security policy to set target instance\"),\n\t\t\tType: pulumi.String(\"CLOUD_ARMOR_NETWORK\"),\n\t\t\tDdosProtectionConfig: \u0026compute.RegionSecurityPolicyDdosProtectionConfigArgs{\n\t\t\t\tDdosProtection: pulumi.String(\"ADVANCED_PREVIEW\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tedgeSecService, err := compute.NewNetworkEdgeSecurityService(ctx, \"edge_sec_service\", \u0026compute.NetworkEdgeSecurityServiceArgs{\n\t\t\tRegion: pulumi.String(\"southamerica-west1\"),\n\t\t\tName: pulumi.String(\"tf-test-edgesec_21197\"),\n\t\t\tSecurityPolicy: policyddosprotection.SelfLink,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tregionsecuritypolicy, err := compute.NewRegionSecurityPolicy(ctx, \"regionsecuritypolicy\", \u0026compute.RegionSecurityPolicyArgs{\n\t\t\tName: pulumi.String(\"region-secpolicy\"),\n\t\t\tRegion: pulumi.String(\"southamerica-west1\"),\n\t\t\tDescription: pulumi.String(\"basic security policy for target instance\"),\n\t\t\tType: pulumi.String(\"CLOUD_ARMOR_NETWORK\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tedgeSecService,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewTargetInstance(ctx, \"default\", \u0026compute.TargetInstanceArgs{\n\t\t\tName: pulumi.String(\"target-instance\"),\n\t\t\tZone: pulumi.String(\"southamerica-west1-a\"),\n\t\t\tInstance: target_vm.ID(),\n\t\t\tSecurityPolicy: regionsecuritypolicy.SelfLink,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;\nimport com.pulumi.gcp.compute.RegionSecurityPolicy;\nimport com.pulumi.gcp.compute.RegionSecurityPolicyArgs;\nimport com.pulumi.gcp.compute.inputs.RegionSecurityPolicyDdosProtectionConfigArgs;\nimport com.pulumi.gcp.compute.NetworkEdgeSecurityService;\nimport com.pulumi.gcp.compute.NetworkEdgeSecurityServiceArgs;\nimport com.pulumi.gcp.compute.TargetInstance;\nimport com.pulumi.gcp.compute.TargetInstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"custom-default-network\")\n .autoCreateSubnetworks(false)\n .routingMode(\"REGIONAL\")\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"custom-default-subnet\")\n .ipCidrRange(\"10.1.2.0/24\")\n .network(default_.id())\n .privateIpv6GoogleAccess(\"DISABLE_GOOGLE_ACCESS\")\n .purpose(\"PRIVATE\")\n .region(\"southamerica-west1\")\n .stackType(\"IPV4_ONLY\")\n .build());\n\n final var vmimage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var target_vm = new Instance(\"target-vm\", InstanceArgs.builder()\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .accessConfigs()\n .network(default_.selfLink())\n .subnetwork(defaultSubnetwork.selfLink())\n .build())\n .name(\"target-vm\")\n .machineType(\"e2-medium\")\n .zone(\"southamerica-west1-a\")\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(vmimage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .build())\n .build())\n .build());\n\n var policyddosprotection = new RegionSecurityPolicy(\"policyddosprotection\", RegionSecurityPolicyArgs.builder()\n .region(\"southamerica-west1\")\n .name(\"tf-test-policyddos_85794\")\n .description(\"ddos protection security policy to set target instance\")\n .type(\"CLOUD_ARMOR_NETWORK\")\n .ddosProtectionConfig(RegionSecurityPolicyDdosProtectionConfigArgs.builder()\n .ddosProtection(\"ADVANCED_PREVIEW\")\n .build())\n .build());\n\n var edgeSecService = new NetworkEdgeSecurityService(\"edgeSecService\", NetworkEdgeSecurityServiceArgs.builder()\n .region(\"southamerica-west1\")\n .name(\"tf-test-edgesec_21197\")\n .securityPolicy(policyddosprotection.selfLink())\n .build());\n\n var regionsecuritypolicy = new RegionSecurityPolicy(\"regionsecuritypolicy\", RegionSecurityPolicyArgs.builder()\n .name(\"region-secpolicy\")\n .region(\"southamerica-west1\")\n .description(\"basic security policy for target instance\")\n .type(\"CLOUD_ARMOR_NETWORK\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(edgeSecService)\n .build());\n\n var defaultTargetInstance = new TargetInstance(\"defaultTargetInstance\", TargetInstanceArgs.builder()\n .name(\"target-instance\")\n .zone(\"southamerica-west1-a\")\n .instance(target_vm.id())\n .securityPolicy(regionsecuritypolicy.selfLink())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:Network\n properties:\n name: custom-default-network\n autoCreateSubnetworks: false\n routingMode: REGIONAL\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: custom-default-subnet\n ipCidrRange: 10.1.2.0/24\n network: ${default.id}\n privateIpv6GoogleAccess: DISABLE_GOOGLE_ACCESS\n purpose: PRIVATE\n region: southamerica-west1\n stackType: IPV4_ONLY\n target-vm:\n type: gcp:compute:Instance\n properties:\n networkInterfaces:\n - accessConfigs:\n - {}\n network: ${default.selfLink}\n subnetwork: ${defaultSubnetwork.selfLink}\n name: target-vm\n machineType: e2-medium\n zone: southamerica-west1-a\n bootDisk:\n initializeParams:\n image: ${vmimage.selfLink}\n policyddosprotection:\n type: gcp:compute:RegionSecurityPolicy\n properties:\n region: southamerica-west1\n name: tf-test-policyddos_85794\n description: ddos protection security policy to set target instance\n type: CLOUD_ARMOR_NETWORK\n ddosProtectionConfig:\n ddosProtection: ADVANCED_PREVIEW\n edgeSecService:\n type: gcp:compute:NetworkEdgeSecurityService\n name: edge_sec_service\n properties:\n region: southamerica-west1\n name: tf-test-edgesec_21197\n securityPolicy: ${policyddosprotection.selfLink}\n regionsecuritypolicy:\n type: gcp:compute:RegionSecurityPolicy\n properties:\n name: region-secpolicy\n region: southamerica-west1\n description: basic security policy for target instance\n type: CLOUD_ARMOR_NETWORK\n options:\n dependsOn:\n - ${edgeSecService}\n defaultTargetInstance:\n type: gcp:compute:TargetInstance\n name: default\n properties:\n name: target-instance\n zone: southamerica-west1-a\n instance: ${[\"target-vm\"].id}\n securityPolicy: ${regionsecuritypolicy.selfLink}\nvariables:\n vmimage:\n fn::invoke:\n function: gcp:compute:getImage\n arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nTargetInstance can be imported using any of these accepted formats:\n\n* `projects/{{project}}/zones/{{zone}}/targetInstances/{{name}}`\n\n* `{{project}}/{{zone}}/{{name}}`\n\n* `{{zone}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, TargetInstance can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/targetInstance:TargetInstance default projects/{{project}}/zones/{{zone}}/targetInstances/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/targetInstance:TargetInstance default {{project}}/{{zone}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/targetInstance:TargetInstance default {{zone}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/targetInstance:TargetInstance default {{name}}\n```\n\n", "properties": { "creationTimestamp": { "type": "string", @@ -184481,7 +184481,7 @@ } }, "gcp:compute/targetSSLProxy:TargetSSLProxy": { - "description": "Represents a TargetSslProxy resource, which is used by one or more\nglobal forwarding rule to route incoming SSL requests to a backend\nservice.\n\n\nTo get more information about TargetSslProxy, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/v1/targetSslProxies)\n* How-to Guides\n * [Setting Up SSL proxy for Google Cloud Load Balancing](https://cloud.google.com/compute/docs/load-balancing/tcp-ssl/)\n\n## Example Usage\n\n### Target Ssl Proxy Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst defaultSSLCertificate = new gcp.compute.SSLCertificate(\"default\", {\n name: \"default-cert\",\n privateKey: std.file({\n input: \"path/to/private.key\",\n }).then(invoke =\u003e invoke.result),\n certificate: std.file({\n input: \"path/to/certificate.crt\",\n }).then(invoke =\u003e invoke.result),\n});\nconst defaultHealthCheck = new gcp.compute.HealthCheck(\"default\", {\n name: \"health-check\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 443,\n },\n});\nconst defaultBackendService = new gcp.compute.BackendService(\"default\", {\n name: \"backend-service\",\n protocol: \"SSL\",\n healthChecks: defaultHealthCheck.id,\n});\nconst _default = new gcp.compute.TargetSSLProxy(\"default\", {\n name: \"test-proxy\",\n backendService: defaultBackendService.id,\n sslCertificates: [defaultSSLCertificate.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndefault_ssl_certificate = gcp.compute.SSLCertificate(\"default\",\n name=\"default-cert\",\n private_key=std.file(input=\"path/to/private.key\").result,\n certificate=std.file(input=\"path/to/certificate.crt\").result)\ndefault_health_check = gcp.compute.HealthCheck(\"default\",\n name=\"health-check\",\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 443,\n })\ndefault_backend_service = gcp.compute.BackendService(\"default\",\n name=\"backend-service\",\n protocol=\"SSL\",\n health_checks=default_health_check.id)\ndefault = gcp.compute.TargetSSLProxy(\"default\",\n name=\"test-proxy\",\n backend_service=default_backend_service.id,\n ssl_certificates=[default_ssl_certificate.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultSSLCertificate = new Gcp.Compute.SSLCertificate(\"default\", new()\n {\n Name = \"default-cert\",\n PrivateKey = Std.File.Invoke(new()\n {\n Input = \"path/to/private.key\",\n }).Apply(invoke =\u003e invoke.Result),\n Certificate = Std.File.Invoke(new()\n {\n Input = \"path/to/certificate.crt\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n var defaultHealthCheck = new Gcp.Compute.HealthCheck(\"default\", new()\n {\n Name = \"health-check\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 443,\n },\n });\n\n var defaultBackendService = new Gcp.Compute.BackendService(\"default\", new()\n {\n Name = \"backend-service\",\n Protocol = \"SSL\",\n HealthChecks = defaultHealthCheck.Id,\n });\n\n var @default = new Gcp.Compute.TargetSSLProxy(\"default\", new()\n {\n Name = \"test-proxy\",\n BackendService = defaultBackendService.Id,\n SslCertificates = new[]\n {\n defaultSSLCertificate.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"path/to/private.key\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"path/to/certificate.crt\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSSLCertificate, err := compute.NewSSLCertificate(ctx, \"default\", \u0026compute.SSLCertificateArgs{\n\t\t\tName: pulumi.String(\"default-cert\"),\n\t\t\tPrivateKey: pulumi.String(invokeFile.Result),\n\t\t\tCertificate: pulumi.String(invokeFile1.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultHealthCheck, err := compute.NewHealthCheck(ctx, \"default\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"health-check\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(443),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultBackendService, err := compute.NewBackendService(ctx, \"default\", \u0026compute.BackendServiceArgs{\n\t\t\tName: pulumi.String(\"backend-service\"),\n\t\t\tProtocol: pulumi.String(\"SSL\"),\n\t\t\tHealthChecks: defaultHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewTargetSSLProxy(ctx, \"default\", \u0026compute.TargetSSLProxyArgs{\n\t\t\tName: pulumi.String(\"test-proxy\"),\n\t\t\tBackendService: defaultBackendService.ID(),\n\t\t\tSslCertificates: pulumi.StringArray{\n\t\t\t\tdefaultSSLCertificate.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SSLCertificate;\nimport com.pulumi.gcp.compute.SSLCertificateArgs;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.BackendService;\nimport com.pulumi.gcp.compute.BackendServiceArgs;\nimport com.pulumi.gcp.compute.TargetSSLProxy;\nimport com.pulumi.gcp.compute.TargetSSLProxyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultSSLCertificate = new SSLCertificate(\"defaultSSLCertificate\", SSLCertificateArgs.builder()\n .name(\"default-cert\")\n .privateKey(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/private.key\")\n .build()).result())\n .certificate(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/certificate.crt\")\n .build()).result())\n .build());\n\n var defaultHealthCheck = new HealthCheck(\"defaultHealthCheck\", HealthCheckArgs.builder()\n .name(\"health-check\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"443\")\n .build())\n .build());\n\n var defaultBackendService = new BackendService(\"defaultBackendService\", BackendServiceArgs.builder()\n .name(\"backend-service\")\n .protocol(\"SSL\")\n .healthChecks(defaultHealthCheck.id())\n .build());\n\n var default_ = new TargetSSLProxy(\"default\", TargetSSLProxyArgs.builder()\n .name(\"test-proxy\")\n .backendService(defaultBackendService.id())\n .sslCertificates(defaultSSLCertificate.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:TargetSSLProxy\n properties:\n name: test-proxy\n backendService: ${defaultBackendService.id}\n sslCertificates:\n - ${defaultSSLCertificate.id}\n defaultSSLCertificate:\n type: gcp:compute:SSLCertificate\n name: default\n properties:\n name: default-cert\n privateKey:\n fn::invoke:\n Function: std:file\n Arguments:\n input: path/to/private.key\n Return: result\n certificate:\n fn::invoke:\n Function: std:file\n Arguments:\n input: path/to/certificate.crt\n Return: result\n defaultBackendService:\n type: gcp:compute:BackendService\n name: default\n properties:\n name: backend-service\n protocol: SSL\n healthChecks: ${defaultHealthCheck.id}\n defaultHealthCheck:\n type: gcp:compute:HealthCheck\n name: default\n properties:\n name: health-check\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '443'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nTargetSslProxy can be imported using any of these accepted formats:\n\n* `projects/{{project}}/global/targetSslProxies/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, TargetSslProxy can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/targetSSLProxy:TargetSSLProxy default projects/{{project}}/global/targetSslProxies/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/targetSSLProxy:TargetSSLProxy default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/targetSSLProxy:TargetSSLProxy default {{name}}\n```\n\n", + "description": "Represents a TargetSslProxy resource, which is used by one or more\nglobal forwarding rule to route incoming SSL requests to a backend\nservice.\n\n\nTo get more information about TargetSslProxy, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/v1/targetSslProxies)\n* How-to Guides\n * [Setting Up SSL proxy for Google Cloud Load Balancing](https://cloud.google.com/compute/docs/load-balancing/tcp-ssl/)\n\n## Example Usage\n\n### Target Ssl Proxy Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst defaultSSLCertificate = new gcp.compute.SSLCertificate(\"default\", {\n name: \"default-cert\",\n privateKey: std.file({\n input: \"path/to/private.key\",\n }).then(invoke =\u003e invoke.result),\n certificate: std.file({\n input: \"path/to/certificate.crt\",\n }).then(invoke =\u003e invoke.result),\n});\nconst defaultHealthCheck = new gcp.compute.HealthCheck(\"default\", {\n name: \"health-check\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 443,\n },\n});\nconst defaultBackendService = new gcp.compute.BackendService(\"default\", {\n name: \"backend-service\",\n protocol: \"SSL\",\n healthChecks: defaultHealthCheck.id,\n});\nconst _default = new gcp.compute.TargetSSLProxy(\"default\", {\n name: \"test-proxy\",\n backendService: defaultBackendService.id,\n sslCertificates: [defaultSSLCertificate.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndefault_ssl_certificate = gcp.compute.SSLCertificate(\"default\",\n name=\"default-cert\",\n private_key=std.file(input=\"path/to/private.key\").result,\n certificate=std.file(input=\"path/to/certificate.crt\").result)\ndefault_health_check = gcp.compute.HealthCheck(\"default\",\n name=\"health-check\",\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 443,\n })\ndefault_backend_service = gcp.compute.BackendService(\"default\",\n name=\"backend-service\",\n protocol=\"SSL\",\n health_checks=default_health_check.id)\ndefault = gcp.compute.TargetSSLProxy(\"default\",\n name=\"test-proxy\",\n backend_service=default_backend_service.id,\n ssl_certificates=[default_ssl_certificate.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultSSLCertificate = new Gcp.Compute.SSLCertificate(\"default\", new()\n {\n Name = \"default-cert\",\n PrivateKey = Std.File.Invoke(new()\n {\n Input = \"path/to/private.key\",\n }).Apply(invoke =\u003e invoke.Result),\n Certificate = Std.File.Invoke(new()\n {\n Input = \"path/to/certificate.crt\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n var defaultHealthCheck = new Gcp.Compute.HealthCheck(\"default\", new()\n {\n Name = \"health-check\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 443,\n },\n });\n\n var defaultBackendService = new Gcp.Compute.BackendService(\"default\", new()\n {\n Name = \"backend-service\",\n Protocol = \"SSL\",\n HealthChecks = defaultHealthCheck.Id,\n });\n\n var @default = new Gcp.Compute.TargetSSLProxy(\"default\", new()\n {\n Name = \"test-proxy\",\n BackendService = defaultBackendService.Id,\n SslCertificates = new[]\n {\n defaultSSLCertificate.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"path/to/private.key\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"path/to/certificate.crt\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSSLCertificate, err := compute.NewSSLCertificate(ctx, \"default\", \u0026compute.SSLCertificateArgs{\n\t\t\tName: pulumi.String(\"default-cert\"),\n\t\t\tPrivateKey: pulumi.String(invokeFile.Result),\n\t\t\tCertificate: pulumi.String(invokeFile1.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultHealthCheck, err := compute.NewHealthCheck(ctx, \"default\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"health-check\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(443),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultBackendService, err := compute.NewBackendService(ctx, \"default\", \u0026compute.BackendServiceArgs{\n\t\t\tName: pulumi.String(\"backend-service\"),\n\t\t\tProtocol: pulumi.String(\"SSL\"),\n\t\t\tHealthChecks: defaultHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewTargetSSLProxy(ctx, \"default\", \u0026compute.TargetSSLProxyArgs{\n\t\t\tName: pulumi.String(\"test-proxy\"),\n\t\t\tBackendService: defaultBackendService.ID(),\n\t\t\tSslCertificates: pulumi.StringArray{\n\t\t\t\tdefaultSSLCertificate.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SSLCertificate;\nimport com.pulumi.gcp.compute.SSLCertificateArgs;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.BackendService;\nimport com.pulumi.gcp.compute.BackendServiceArgs;\nimport com.pulumi.gcp.compute.TargetSSLProxy;\nimport com.pulumi.gcp.compute.TargetSSLProxyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultSSLCertificate = new SSLCertificate(\"defaultSSLCertificate\", SSLCertificateArgs.builder()\n .name(\"default-cert\")\n .privateKey(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/private.key\")\n .build()).result())\n .certificate(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/certificate.crt\")\n .build()).result())\n .build());\n\n var defaultHealthCheck = new HealthCheck(\"defaultHealthCheck\", HealthCheckArgs.builder()\n .name(\"health-check\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"443\")\n .build())\n .build());\n\n var defaultBackendService = new BackendService(\"defaultBackendService\", BackendServiceArgs.builder()\n .name(\"backend-service\")\n .protocol(\"SSL\")\n .healthChecks(defaultHealthCheck.id())\n .build());\n\n var default_ = new TargetSSLProxy(\"default\", TargetSSLProxyArgs.builder()\n .name(\"test-proxy\")\n .backendService(defaultBackendService.id())\n .sslCertificates(defaultSSLCertificate.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:TargetSSLProxy\n properties:\n name: test-proxy\n backendService: ${defaultBackendService.id}\n sslCertificates:\n - ${defaultSSLCertificate.id}\n defaultSSLCertificate:\n type: gcp:compute:SSLCertificate\n name: default\n properties:\n name: default-cert\n privateKey:\n fn::invoke:\n function: std:file\n arguments:\n input: path/to/private.key\n return: result\n certificate:\n fn::invoke:\n function: std:file\n arguments:\n input: path/to/certificate.crt\n return: result\n defaultBackendService:\n type: gcp:compute:BackendService\n name: default\n properties:\n name: backend-service\n protocol: SSL\n healthChecks: ${defaultHealthCheck.id}\n defaultHealthCheck:\n type: gcp:compute:HealthCheck\n name: default\n properties:\n name: health-check\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '443'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nTargetSslProxy can be imported using any of these accepted formats:\n\n* `projects/{{project}}/global/targetSslProxies/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, TargetSslProxy can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/targetSSLProxy:TargetSSLProxy default projects/{{project}}/global/targetSslProxies/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/targetSSLProxy:TargetSSLProxy default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/targetSSLProxy:TargetSSLProxy default {{name}}\n```\n\n", "properties": { "backendService": { "type": "string", @@ -184985,7 +184985,7 @@ } }, "gcp:compute/vPNGateway:VPNGateway": { - "description": "Represents a VPN gateway running in GCP. This virtual device is managed\nby Google, but used only by you.\n\n\nTo get more information about VpnGateway, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/targetVpnGateways)\n\n\u003e **Warning:** Classic VPN is deprecating certain functionality on October 31, 2021. For more information,\nsee the [Classic VPN partial deprecation page](https://cloud.google.com/network-connectivity/docs/vpn/deprecations/classic-vpn-deprecation).\n\n## Example Usage\n\n### Target Vpn Gateway Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network1 = new gcp.compute.Network(\"network1\", {name: \"network-1\"});\nconst targetGateway = new gcp.compute.VPNGateway(\"target_gateway\", {\n name: \"vpn-1\",\n network: network1.id,\n});\nconst vpnStaticIp = new gcp.compute.Address(\"vpn_static_ip\", {name: \"vpn-static-ip\"});\nconst frEsp = new gcp.compute.ForwardingRule(\"fr_esp\", {\n name: \"fr-esp\",\n ipProtocol: \"ESP\",\n ipAddress: vpnStaticIp.address,\n target: targetGateway.id,\n});\nconst frUdp500 = new gcp.compute.ForwardingRule(\"fr_udp500\", {\n name: \"fr-udp500\",\n ipProtocol: \"UDP\",\n portRange: \"500\",\n ipAddress: vpnStaticIp.address,\n target: targetGateway.id,\n});\nconst frUdp4500 = new gcp.compute.ForwardingRule(\"fr_udp4500\", {\n name: \"fr-udp4500\",\n ipProtocol: \"UDP\",\n portRange: \"4500\",\n ipAddress: vpnStaticIp.address,\n target: targetGateway.id,\n});\nconst tunnel1 = new gcp.compute.VPNTunnel(\"tunnel1\", {\n name: \"tunnel1\",\n peerIp: \"15.0.0.120\",\n sharedSecret: \"a secret message\",\n targetVpnGateway: targetGateway.id,\n}, {\n dependsOn: [\n frEsp,\n frUdp500,\n frUdp4500,\n ],\n});\nconst route1 = new gcp.compute.Route(\"route1\", {\n name: \"route1\",\n network: network1.name,\n destRange: \"15.0.0.0/24\",\n priority: 1000,\n nextHopVpnTunnel: tunnel1.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork1 = gcp.compute.Network(\"network1\", name=\"network-1\")\ntarget_gateway = gcp.compute.VPNGateway(\"target_gateway\",\n name=\"vpn-1\",\n network=network1.id)\nvpn_static_ip = gcp.compute.Address(\"vpn_static_ip\", name=\"vpn-static-ip\")\nfr_esp = gcp.compute.ForwardingRule(\"fr_esp\",\n name=\"fr-esp\",\n ip_protocol=\"ESP\",\n ip_address=vpn_static_ip.address,\n target=target_gateway.id)\nfr_udp500 = gcp.compute.ForwardingRule(\"fr_udp500\",\n name=\"fr-udp500\",\n ip_protocol=\"UDP\",\n port_range=\"500\",\n ip_address=vpn_static_ip.address,\n target=target_gateway.id)\nfr_udp4500 = gcp.compute.ForwardingRule(\"fr_udp4500\",\n name=\"fr-udp4500\",\n ip_protocol=\"UDP\",\n port_range=\"4500\",\n ip_address=vpn_static_ip.address,\n target=target_gateway.id)\ntunnel1 = gcp.compute.VPNTunnel(\"tunnel1\",\n name=\"tunnel1\",\n peer_ip=\"15.0.0.120\",\n shared_secret=\"a secret message\",\n target_vpn_gateway=target_gateway.id,\n opts = pulumi.ResourceOptions(depends_on=[\n fr_esp,\n fr_udp500,\n fr_udp4500,\n ]))\nroute1 = gcp.compute.Route(\"route1\",\n name=\"route1\",\n network=network1.name,\n dest_range=\"15.0.0.0/24\",\n priority=1000,\n next_hop_vpn_tunnel=tunnel1.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network1 = new Gcp.Compute.Network(\"network1\", new()\n {\n Name = \"network-1\",\n });\n\n var targetGateway = new Gcp.Compute.VPNGateway(\"target_gateway\", new()\n {\n Name = \"vpn-1\",\n Network = network1.Id,\n });\n\n var vpnStaticIp = new Gcp.Compute.Address(\"vpn_static_ip\", new()\n {\n Name = \"vpn-static-ip\",\n });\n\n var frEsp = new Gcp.Compute.ForwardingRule(\"fr_esp\", new()\n {\n Name = \"fr-esp\",\n IpProtocol = \"ESP\",\n IpAddress = vpnStaticIp.IPAddress,\n Target = targetGateway.Id,\n });\n\n var frUdp500 = new Gcp.Compute.ForwardingRule(\"fr_udp500\", new()\n {\n Name = \"fr-udp500\",\n IpProtocol = \"UDP\",\n PortRange = \"500\",\n IpAddress = vpnStaticIp.IPAddress,\n Target = targetGateway.Id,\n });\n\n var frUdp4500 = new Gcp.Compute.ForwardingRule(\"fr_udp4500\", new()\n {\n Name = \"fr-udp4500\",\n IpProtocol = \"UDP\",\n PortRange = \"4500\",\n IpAddress = vpnStaticIp.IPAddress,\n Target = targetGateway.Id,\n });\n\n var tunnel1 = new Gcp.Compute.VPNTunnel(\"tunnel1\", new()\n {\n Name = \"tunnel1\",\n PeerIp = \"15.0.0.120\",\n SharedSecret = \"a secret message\",\n TargetVpnGateway = targetGateway.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n frEsp,\n frUdp500,\n frUdp4500,\n },\n });\n\n var route1 = new Gcp.Compute.Route(\"route1\", new()\n {\n Name = \"route1\",\n Network = network1.Name,\n DestRange = \"15.0.0.0/24\",\n Priority = 1000,\n NextHopVpnTunnel = tunnel1.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetwork1, err := compute.NewNetwork(ctx, \"network1\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"network-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttargetGateway, err := compute.NewVPNGateway(ctx, \"target_gateway\", \u0026compute.VPNGatewayArgs{\n\t\t\tName: pulumi.String(\"vpn-1\"),\n\t\t\tNetwork: network1.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpnStaticIp, err := compute.NewAddress(ctx, \"vpn_static_ip\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"vpn-static-ip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrEsp, err := compute.NewForwardingRule(ctx, \"fr_esp\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"fr-esp\"),\n\t\t\tIpProtocol: pulumi.String(\"ESP\"),\n\t\t\tIpAddress: vpnStaticIp.Address,\n\t\t\tTarget: targetGateway.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrUdp500, err := compute.NewForwardingRule(ctx, \"fr_udp500\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"fr-udp500\"),\n\t\t\tIpProtocol: pulumi.String(\"UDP\"),\n\t\t\tPortRange: pulumi.String(\"500\"),\n\t\t\tIpAddress: vpnStaticIp.Address,\n\t\t\tTarget: targetGateway.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrUdp4500, err := compute.NewForwardingRule(ctx, \"fr_udp4500\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"fr-udp4500\"),\n\t\t\tIpProtocol: pulumi.String(\"UDP\"),\n\t\t\tPortRange: pulumi.String(\"4500\"),\n\t\t\tIpAddress: vpnStaticIp.Address,\n\t\t\tTarget: targetGateway.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttunnel1, err := compute.NewVPNTunnel(ctx, \"tunnel1\", \u0026compute.VPNTunnelArgs{\n\t\t\tName: pulumi.String(\"tunnel1\"),\n\t\t\tPeerIp: pulumi.String(\"15.0.0.120\"),\n\t\t\tSharedSecret: pulumi.String(\"a secret message\"),\n\t\t\tTargetVpnGateway: targetGateway.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfrEsp,\n\t\t\tfrUdp500,\n\t\t\tfrUdp4500,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRoute(ctx, \"route1\", \u0026compute.RouteArgs{\n\t\t\tName: pulumi.String(\"route1\"),\n\t\t\tNetwork: network1.Name,\n\t\t\tDestRange: pulumi.String(\"15.0.0.0/24\"),\n\t\t\tPriority: pulumi.Int(1000),\n\t\t\tNextHopVpnTunnel: tunnel1.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.VPNGateway;\nimport com.pulumi.gcp.compute.VPNGatewayArgs;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.compute.VPNTunnel;\nimport com.pulumi.gcp.compute.VPNTunnelArgs;\nimport com.pulumi.gcp.compute.Route;\nimport com.pulumi.gcp.compute.RouteArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network1 = new Network(\"network1\", NetworkArgs.builder()\n .name(\"network-1\")\n .build());\n\n var targetGateway = new VPNGateway(\"targetGateway\", VPNGatewayArgs.builder()\n .name(\"vpn-1\")\n .network(network1.id())\n .build());\n\n var vpnStaticIp = new Address(\"vpnStaticIp\", AddressArgs.builder()\n .name(\"vpn-static-ip\")\n .build());\n\n var frEsp = new ForwardingRule(\"frEsp\", ForwardingRuleArgs.builder()\n .name(\"fr-esp\")\n .ipProtocol(\"ESP\")\n .ipAddress(vpnStaticIp.address())\n .target(targetGateway.id())\n .build());\n\n var frUdp500 = new ForwardingRule(\"frUdp500\", ForwardingRuleArgs.builder()\n .name(\"fr-udp500\")\n .ipProtocol(\"UDP\")\n .portRange(\"500\")\n .ipAddress(vpnStaticIp.address())\n .target(targetGateway.id())\n .build());\n\n var frUdp4500 = new ForwardingRule(\"frUdp4500\", ForwardingRuleArgs.builder()\n .name(\"fr-udp4500\")\n .ipProtocol(\"UDP\")\n .portRange(\"4500\")\n .ipAddress(vpnStaticIp.address())\n .target(targetGateway.id())\n .build());\n\n var tunnel1 = new VPNTunnel(\"tunnel1\", VPNTunnelArgs.builder()\n .name(\"tunnel1\")\n .peerIp(\"15.0.0.120\")\n .sharedSecret(\"a secret message\")\n .targetVpnGateway(targetGateway.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n frEsp,\n frUdp500,\n frUdp4500)\n .build());\n\n var route1 = new Route(\"route1\", RouteArgs.builder()\n .name(\"route1\")\n .network(network1.name())\n .destRange(\"15.0.0.0/24\")\n .priority(1000)\n .nextHopVpnTunnel(tunnel1.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n targetGateway:\n type: gcp:compute:VPNGateway\n name: target_gateway\n properties:\n name: vpn-1\n network: ${network1.id}\n network1:\n type: gcp:compute:Network\n properties:\n name: network-1\n vpnStaticIp:\n type: gcp:compute:Address\n name: vpn_static_ip\n properties:\n name: vpn-static-ip\n frEsp:\n type: gcp:compute:ForwardingRule\n name: fr_esp\n properties:\n name: fr-esp\n ipProtocol: ESP\n ipAddress: ${vpnStaticIp.address}\n target: ${targetGateway.id}\n frUdp500:\n type: gcp:compute:ForwardingRule\n name: fr_udp500\n properties:\n name: fr-udp500\n ipProtocol: UDP\n portRange: '500'\n ipAddress: ${vpnStaticIp.address}\n target: ${targetGateway.id}\n frUdp4500:\n type: gcp:compute:ForwardingRule\n name: fr_udp4500\n properties:\n name: fr-udp4500\n ipProtocol: UDP\n portRange: '4500'\n ipAddress: ${vpnStaticIp.address}\n target: ${targetGateway.id}\n tunnel1:\n type: gcp:compute:VPNTunnel\n properties:\n name: tunnel1\n peerIp: 15.0.0.120\n sharedSecret: a secret message\n targetVpnGateway: ${targetGateway.id}\n options:\n dependson:\n - ${frEsp}\n - ${frUdp500}\n - ${frUdp4500}\n route1:\n type: gcp:compute:Route\n properties:\n name: route1\n network: ${network1.name}\n destRange: 15.0.0.0/24\n priority: 1000\n nextHopVpnTunnel: ${tunnel1.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nVpnGateway can be imported using any of these accepted formats:\n\n* `projects/{{project}}/regions/{{region}}/targetVpnGateways/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, VpnGateway can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/vPNGateway:VPNGateway default projects/{{project}}/regions/{{region}}/targetVpnGateways/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/vPNGateway:VPNGateway default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/vPNGateway:VPNGateway default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/vPNGateway:VPNGateway default {{name}}\n```\n\n", + "description": "Represents a VPN gateway running in GCP. This virtual device is managed\nby Google, but used only by you.\n\n\nTo get more information about VpnGateway, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/targetVpnGateways)\n\n\u003e **Warning:** Classic VPN is deprecating certain functionality on October 31, 2021. For more information,\nsee the [Classic VPN partial deprecation page](https://cloud.google.com/network-connectivity/docs/vpn/deprecations/classic-vpn-deprecation).\n\n## Example Usage\n\n### Target Vpn Gateway Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network1 = new gcp.compute.Network(\"network1\", {name: \"network-1\"});\nconst targetGateway = new gcp.compute.VPNGateway(\"target_gateway\", {\n name: \"vpn-1\",\n network: network1.id,\n});\nconst vpnStaticIp = new gcp.compute.Address(\"vpn_static_ip\", {name: \"vpn-static-ip\"});\nconst frEsp = new gcp.compute.ForwardingRule(\"fr_esp\", {\n name: \"fr-esp\",\n ipProtocol: \"ESP\",\n ipAddress: vpnStaticIp.address,\n target: targetGateway.id,\n});\nconst frUdp500 = new gcp.compute.ForwardingRule(\"fr_udp500\", {\n name: \"fr-udp500\",\n ipProtocol: \"UDP\",\n portRange: \"500\",\n ipAddress: vpnStaticIp.address,\n target: targetGateway.id,\n});\nconst frUdp4500 = new gcp.compute.ForwardingRule(\"fr_udp4500\", {\n name: \"fr-udp4500\",\n ipProtocol: \"UDP\",\n portRange: \"4500\",\n ipAddress: vpnStaticIp.address,\n target: targetGateway.id,\n});\nconst tunnel1 = new gcp.compute.VPNTunnel(\"tunnel1\", {\n name: \"tunnel1\",\n peerIp: \"15.0.0.120\",\n sharedSecret: \"a secret message\",\n targetVpnGateway: targetGateway.id,\n}, {\n dependsOn: [\n frEsp,\n frUdp500,\n frUdp4500,\n ],\n});\nconst route1 = new gcp.compute.Route(\"route1\", {\n name: \"route1\",\n network: network1.name,\n destRange: \"15.0.0.0/24\",\n priority: 1000,\n nextHopVpnTunnel: tunnel1.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork1 = gcp.compute.Network(\"network1\", name=\"network-1\")\ntarget_gateway = gcp.compute.VPNGateway(\"target_gateway\",\n name=\"vpn-1\",\n network=network1.id)\nvpn_static_ip = gcp.compute.Address(\"vpn_static_ip\", name=\"vpn-static-ip\")\nfr_esp = gcp.compute.ForwardingRule(\"fr_esp\",\n name=\"fr-esp\",\n ip_protocol=\"ESP\",\n ip_address=vpn_static_ip.address,\n target=target_gateway.id)\nfr_udp500 = gcp.compute.ForwardingRule(\"fr_udp500\",\n name=\"fr-udp500\",\n ip_protocol=\"UDP\",\n port_range=\"500\",\n ip_address=vpn_static_ip.address,\n target=target_gateway.id)\nfr_udp4500 = gcp.compute.ForwardingRule(\"fr_udp4500\",\n name=\"fr-udp4500\",\n ip_protocol=\"UDP\",\n port_range=\"4500\",\n ip_address=vpn_static_ip.address,\n target=target_gateway.id)\ntunnel1 = gcp.compute.VPNTunnel(\"tunnel1\",\n name=\"tunnel1\",\n peer_ip=\"15.0.0.120\",\n shared_secret=\"a secret message\",\n target_vpn_gateway=target_gateway.id,\n opts = pulumi.ResourceOptions(depends_on=[\n fr_esp,\n fr_udp500,\n fr_udp4500,\n ]))\nroute1 = gcp.compute.Route(\"route1\",\n name=\"route1\",\n network=network1.name,\n dest_range=\"15.0.0.0/24\",\n priority=1000,\n next_hop_vpn_tunnel=tunnel1.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network1 = new Gcp.Compute.Network(\"network1\", new()\n {\n Name = \"network-1\",\n });\n\n var targetGateway = new Gcp.Compute.VPNGateway(\"target_gateway\", new()\n {\n Name = \"vpn-1\",\n Network = network1.Id,\n });\n\n var vpnStaticIp = new Gcp.Compute.Address(\"vpn_static_ip\", new()\n {\n Name = \"vpn-static-ip\",\n });\n\n var frEsp = new Gcp.Compute.ForwardingRule(\"fr_esp\", new()\n {\n Name = \"fr-esp\",\n IpProtocol = \"ESP\",\n IpAddress = vpnStaticIp.IPAddress,\n Target = targetGateway.Id,\n });\n\n var frUdp500 = new Gcp.Compute.ForwardingRule(\"fr_udp500\", new()\n {\n Name = \"fr-udp500\",\n IpProtocol = \"UDP\",\n PortRange = \"500\",\n IpAddress = vpnStaticIp.IPAddress,\n Target = targetGateway.Id,\n });\n\n var frUdp4500 = new Gcp.Compute.ForwardingRule(\"fr_udp4500\", new()\n {\n Name = \"fr-udp4500\",\n IpProtocol = \"UDP\",\n PortRange = \"4500\",\n IpAddress = vpnStaticIp.IPAddress,\n Target = targetGateway.Id,\n });\n\n var tunnel1 = new Gcp.Compute.VPNTunnel(\"tunnel1\", new()\n {\n Name = \"tunnel1\",\n PeerIp = \"15.0.0.120\",\n SharedSecret = \"a secret message\",\n TargetVpnGateway = targetGateway.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n frEsp,\n frUdp500,\n frUdp4500,\n },\n });\n\n var route1 = new Gcp.Compute.Route(\"route1\", new()\n {\n Name = \"route1\",\n Network = network1.Name,\n DestRange = \"15.0.0.0/24\",\n Priority = 1000,\n NextHopVpnTunnel = tunnel1.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetwork1, err := compute.NewNetwork(ctx, \"network1\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"network-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttargetGateway, err := compute.NewVPNGateway(ctx, \"target_gateway\", \u0026compute.VPNGatewayArgs{\n\t\t\tName: pulumi.String(\"vpn-1\"),\n\t\t\tNetwork: network1.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpnStaticIp, err := compute.NewAddress(ctx, \"vpn_static_ip\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"vpn-static-ip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrEsp, err := compute.NewForwardingRule(ctx, \"fr_esp\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"fr-esp\"),\n\t\t\tIpProtocol: pulumi.String(\"ESP\"),\n\t\t\tIpAddress: vpnStaticIp.Address,\n\t\t\tTarget: targetGateway.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrUdp500, err := compute.NewForwardingRule(ctx, \"fr_udp500\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"fr-udp500\"),\n\t\t\tIpProtocol: pulumi.String(\"UDP\"),\n\t\t\tPortRange: pulumi.String(\"500\"),\n\t\t\tIpAddress: vpnStaticIp.Address,\n\t\t\tTarget: targetGateway.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrUdp4500, err := compute.NewForwardingRule(ctx, \"fr_udp4500\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"fr-udp4500\"),\n\t\t\tIpProtocol: pulumi.String(\"UDP\"),\n\t\t\tPortRange: pulumi.String(\"4500\"),\n\t\t\tIpAddress: vpnStaticIp.Address,\n\t\t\tTarget: targetGateway.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttunnel1, err := compute.NewVPNTunnel(ctx, \"tunnel1\", \u0026compute.VPNTunnelArgs{\n\t\t\tName: pulumi.String(\"tunnel1\"),\n\t\t\tPeerIp: pulumi.String(\"15.0.0.120\"),\n\t\t\tSharedSecret: pulumi.String(\"a secret message\"),\n\t\t\tTargetVpnGateway: targetGateway.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfrEsp,\n\t\t\tfrUdp500,\n\t\t\tfrUdp4500,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRoute(ctx, \"route1\", \u0026compute.RouteArgs{\n\t\t\tName: pulumi.String(\"route1\"),\n\t\t\tNetwork: network1.Name,\n\t\t\tDestRange: pulumi.String(\"15.0.0.0/24\"),\n\t\t\tPriority: pulumi.Int(1000),\n\t\t\tNextHopVpnTunnel: tunnel1.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.VPNGateway;\nimport com.pulumi.gcp.compute.VPNGatewayArgs;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.compute.VPNTunnel;\nimport com.pulumi.gcp.compute.VPNTunnelArgs;\nimport com.pulumi.gcp.compute.Route;\nimport com.pulumi.gcp.compute.RouteArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network1 = new Network(\"network1\", NetworkArgs.builder()\n .name(\"network-1\")\n .build());\n\n var targetGateway = new VPNGateway(\"targetGateway\", VPNGatewayArgs.builder()\n .name(\"vpn-1\")\n .network(network1.id())\n .build());\n\n var vpnStaticIp = new Address(\"vpnStaticIp\", AddressArgs.builder()\n .name(\"vpn-static-ip\")\n .build());\n\n var frEsp = new ForwardingRule(\"frEsp\", ForwardingRuleArgs.builder()\n .name(\"fr-esp\")\n .ipProtocol(\"ESP\")\n .ipAddress(vpnStaticIp.address())\n .target(targetGateway.id())\n .build());\n\n var frUdp500 = new ForwardingRule(\"frUdp500\", ForwardingRuleArgs.builder()\n .name(\"fr-udp500\")\n .ipProtocol(\"UDP\")\n .portRange(\"500\")\n .ipAddress(vpnStaticIp.address())\n .target(targetGateway.id())\n .build());\n\n var frUdp4500 = new ForwardingRule(\"frUdp4500\", ForwardingRuleArgs.builder()\n .name(\"fr-udp4500\")\n .ipProtocol(\"UDP\")\n .portRange(\"4500\")\n .ipAddress(vpnStaticIp.address())\n .target(targetGateway.id())\n .build());\n\n var tunnel1 = new VPNTunnel(\"tunnel1\", VPNTunnelArgs.builder()\n .name(\"tunnel1\")\n .peerIp(\"15.0.0.120\")\n .sharedSecret(\"a secret message\")\n .targetVpnGateway(targetGateway.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n frEsp,\n frUdp500,\n frUdp4500)\n .build());\n\n var route1 = new Route(\"route1\", RouteArgs.builder()\n .name(\"route1\")\n .network(network1.name())\n .destRange(\"15.0.0.0/24\")\n .priority(1000)\n .nextHopVpnTunnel(tunnel1.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n targetGateway:\n type: gcp:compute:VPNGateway\n name: target_gateway\n properties:\n name: vpn-1\n network: ${network1.id}\n network1:\n type: gcp:compute:Network\n properties:\n name: network-1\n vpnStaticIp:\n type: gcp:compute:Address\n name: vpn_static_ip\n properties:\n name: vpn-static-ip\n frEsp:\n type: gcp:compute:ForwardingRule\n name: fr_esp\n properties:\n name: fr-esp\n ipProtocol: ESP\n ipAddress: ${vpnStaticIp.address}\n target: ${targetGateway.id}\n frUdp500:\n type: gcp:compute:ForwardingRule\n name: fr_udp500\n properties:\n name: fr-udp500\n ipProtocol: UDP\n portRange: '500'\n ipAddress: ${vpnStaticIp.address}\n target: ${targetGateway.id}\n frUdp4500:\n type: gcp:compute:ForwardingRule\n name: fr_udp4500\n properties:\n name: fr-udp4500\n ipProtocol: UDP\n portRange: '4500'\n ipAddress: ${vpnStaticIp.address}\n target: ${targetGateway.id}\n tunnel1:\n type: gcp:compute:VPNTunnel\n properties:\n name: tunnel1\n peerIp: 15.0.0.120\n sharedSecret: a secret message\n targetVpnGateway: ${targetGateway.id}\n options:\n dependsOn:\n - ${frEsp}\n - ${frUdp500}\n - ${frUdp4500}\n route1:\n type: gcp:compute:Route\n properties:\n name: route1\n network: ${network1.name}\n destRange: 15.0.0.0/24\n priority: 1000\n nextHopVpnTunnel: ${tunnel1.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nVpnGateway can be imported using any of these accepted formats:\n\n* `projects/{{project}}/regions/{{region}}/targetVpnGateways/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, VpnGateway can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/vPNGateway:VPNGateway default projects/{{project}}/regions/{{region}}/targetVpnGateways/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/vPNGateway:VPNGateway default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/vPNGateway:VPNGateway default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/vPNGateway:VPNGateway default {{name}}\n```\n\n", "properties": { "creationTimestamp": { "type": "string", @@ -185104,7 +185104,7 @@ } }, "gcp:compute/vPNTunnel:VPNTunnel": { - "description": "VPN tunnel resource.\n\n\nTo get more information about VpnTunnel, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/vpnTunnels)\n* How-to Guides\n * [Cloud VPN Overview](https://cloud.google.com/vpn/docs/concepts/overview)\n * [Networks and Tunnel Routing](https://cloud.google.com/vpn/docs/concepts/choosing-networks-routing)\n\n\n\n## Example Usage\n\n### Vpn Tunnel Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network1 = new gcp.compute.Network(\"network1\", {name: \"network-1\"});\nconst targetGateway = new gcp.compute.VPNGateway(\"target_gateway\", {\n name: \"vpn-1\",\n network: network1.id,\n});\nconst vpnStaticIp = new gcp.compute.Address(\"vpn_static_ip\", {name: \"vpn-static-ip\"});\nconst frEsp = new gcp.compute.ForwardingRule(\"fr_esp\", {\n name: \"fr-esp\",\n ipProtocol: \"ESP\",\n ipAddress: vpnStaticIp.address,\n target: targetGateway.id,\n});\nconst frUdp500 = new gcp.compute.ForwardingRule(\"fr_udp500\", {\n name: \"fr-udp500\",\n ipProtocol: \"UDP\",\n portRange: \"500\",\n ipAddress: vpnStaticIp.address,\n target: targetGateway.id,\n});\nconst frUdp4500 = new gcp.compute.ForwardingRule(\"fr_udp4500\", {\n name: \"fr-udp4500\",\n ipProtocol: \"UDP\",\n portRange: \"4500\",\n ipAddress: vpnStaticIp.address,\n target: targetGateway.id,\n});\nconst tunnel1 = new gcp.compute.VPNTunnel(\"tunnel1\", {\n name: \"tunnel-1\",\n peerIp: \"15.0.0.120\",\n sharedSecret: \"a secret message\",\n targetVpnGateway: targetGateway.id,\n labels: {\n foo: \"bar\",\n },\n}, {\n dependsOn: [\n frEsp,\n frUdp500,\n frUdp4500,\n ],\n});\nconst route1 = new gcp.compute.Route(\"route1\", {\n name: \"route1\",\n network: network1.name,\n destRange: \"15.0.0.0/24\",\n priority: 1000,\n nextHopVpnTunnel: tunnel1.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork1 = gcp.compute.Network(\"network1\", name=\"network-1\")\ntarget_gateway = gcp.compute.VPNGateway(\"target_gateway\",\n name=\"vpn-1\",\n network=network1.id)\nvpn_static_ip = gcp.compute.Address(\"vpn_static_ip\", name=\"vpn-static-ip\")\nfr_esp = gcp.compute.ForwardingRule(\"fr_esp\",\n name=\"fr-esp\",\n ip_protocol=\"ESP\",\n ip_address=vpn_static_ip.address,\n target=target_gateway.id)\nfr_udp500 = gcp.compute.ForwardingRule(\"fr_udp500\",\n name=\"fr-udp500\",\n ip_protocol=\"UDP\",\n port_range=\"500\",\n ip_address=vpn_static_ip.address,\n target=target_gateway.id)\nfr_udp4500 = gcp.compute.ForwardingRule(\"fr_udp4500\",\n name=\"fr-udp4500\",\n ip_protocol=\"UDP\",\n port_range=\"4500\",\n ip_address=vpn_static_ip.address,\n target=target_gateway.id)\ntunnel1 = gcp.compute.VPNTunnel(\"tunnel1\",\n name=\"tunnel-1\",\n peer_ip=\"15.0.0.120\",\n shared_secret=\"a secret message\",\n target_vpn_gateway=target_gateway.id,\n labels={\n \"foo\": \"bar\",\n },\n opts = pulumi.ResourceOptions(depends_on=[\n fr_esp,\n fr_udp500,\n fr_udp4500,\n ]))\nroute1 = gcp.compute.Route(\"route1\",\n name=\"route1\",\n network=network1.name,\n dest_range=\"15.0.0.0/24\",\n priority=1000,\n next_hop_vpn_tunnel=tunnel1.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network1 = new Gcp.Compute.Network(\"network1\", new()\n {\n Name = \"network-1\",\n });\n\n var targetGateway = new Gcp.Compute.VPNGateway(\"target_gateway\", new()\n {\n Name = \"vpn-1\",\n Network = network1.Id,\n });\n\n var vpnStaticIp = new Gcp.Compute.Address(\"vpn_static_ip\", new()\n {\n Name = \"vpn-static-ip\",\n });\n\n var frEsp = new Gcp.Compute.ForwardingRule(\"fr_esp\", new()\n {\n Name = \"fr-esp\",\n IpProtocol = \"ESP\",\n IpAddress = vpnStaticIp.IPAddress,\n Target = targetGateway.Id,\n });\n\n var frUdp500 = new Gcp.Compute.ForwardingRule(\"fr_udp500\", new()\n {\n Name = \"fr-udp500\",\n IpProtocol = \"UDP\",\n PortRange = \"500\",\n IpAddress = vpnStaticIp.IPAddress,\n Target = targetGateway.Id,\n });\n\n var frUdp4500 = new Gcp.Compute.ForwardingRule(\"fr_udp4500\", new()\n {\n Name = \"fr-udp4500\",\n IpProtocol = \"UDP\",\n PortRange = \"4500\",\n IpAddress = vpnStaticIp.IPAddress,\n Target = targetGateway.Id,\n });\n\n var tunnel1 = new Gcp.Compute.VPNTunnel(\"tunnel1\", new()\n {\n Name = \"tunnel-1\",\n PeerIp = \"15.0.0.120\",\n SharedSecret = \"a secret message\",\n TargetVpnGateway = targetGateway.Id,\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n frEsp,\n frUdp500,\n frUdp4500,\n },\n });\n\n var route1 = new Gcp.Compute.Route(\"route1\", new()\n {\n Name = \"route1\",\n Network = network1.Name,\n DestRange = \"15.0.0.0/24\",\n Priority = 1000,\n NextHopVpnTunnel = tunnel1.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetwork1, err := compute.NewNetwork(ctx, \"network1\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"network-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttargetGateway, err := compute.NewVPNGateway(ctx, \"target_gateway\", \u0026compute.VPNGatewayArgs{\n\t\t\tName: pulumi.String(\"vpn-1\"),\n\t\t\tNetwork: network1.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpnStaticIp, err := compute.NewAddress(ctx, \"vpn_static_ip\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"vpn-static-ip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrEsp, err := compute.NewForwardingRule(ctx, \"fr_esp\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"fr-esp\"),\n\t\t\tIpProtocol: pulumi.String(\"ESP\"),\n\t\t\tIpAddress: vpnStaticIp.Address,\n\t\t\tTarget: targetGateway.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrUdp500, err := compute.NewForwardingRule(ctx, \"fr_udp500\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"fr-udp500\"),\n\t\t\tIpProtocol: pulumi.String(\"UDP\"),\n\t\t\tPortRange: pulumi.String(\"500\"),\n\t\t\tIpAddress: vpnStaticIp.Address,\n\t\t\tTarget: targetGateway.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrUdp4500, err := compute.NewForwardingRule(ctx, \"fr_udp4500\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"fr-udp4500\"),\n\t\t\tIpProtocol: pulumi.String(\"UDP\"),\n\t\t\tPortRange: pulumi.String(\"4500\"),\n\t\t\tIpAddress: vpnStaticIp.Address,\n\t\t\tTarget: targetGateway.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttunnel1, err := compute.NewVPNTunnel(ctx, \"tunnel1\", \u0026compute.VPNTunnelArgs{\n\t\t\tName: pulumi.String(\"tunnel-1\"),\n\t\t\tPeerIp: pulumi.String(\"15.0.0.120\"),\n\t\t\tSharedSecret: pulumi.String(\"a secret message\"),\n\t\t\tTargetVpnGateway: targetGateway.ID(),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfrEsp,\n\t\t\tfrUdp500,\n\t\t\tfrUdp4500,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRoute(ctx, \"route1\", \u0026compute.RouteArgs{\n\t\t\tName: pulumi.String(\"route1\"),\n\t\t\tNetwork: network1.Name,\n\t\t\tDestRange: pulumi.String(\"15.0.0.0/24\"),\n\t\t\tPriority: pulumi.Int(1000),\n\t\t\tNextHopVpnTunnel: tunnel1.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.VPNGateway;\nimport com.pulumi.gcp.compute.VPNGatewayArgs;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.compute.VPNTunnel;\nimport com.pulumi.gcp.compute.VPNTunnelArgs;\nimport com.pulumi.gcp.compute.Route;\nimport com.pulumi.gcp.compute.RouteArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network1 = new Network(\"network1\", NetworkArgs.builder()\n .name(\"network-1\")\n .build());\n\n var targetGateway = new VPNGateway(\"targetGateway\", VPNGatewayArgs.builder()\n .name(\"vpn-1\")\n .network(network1.id())\n .build());\n\n var vpnStaticIp = new Address(\"vpnStaticIp\", AddressArgs.builder()\n .name(\"vpn-static-ip\")\n .build());\n\n var frEsp = new ForwardingRule(\"frEsp\", ForwardingRuleArgs.builder()\n .name(\"fr-esp\")\n .ipProtocol(\"ESP\")\n .ipAddress(vpnStaticIp.address())\n .target(targetGateway.id())\n .build());\n\n var frUdp500 = new ForwardingRule(\"frUdp500\", ForwardingRuleArgs.builder()\n .name(\"fr-udp500\")\n .ipProtocol(\"UDP\")\n .portRange(\"500\")\n .ipAddress(vpnStaticIp.address())\n .target(targetGateway.id())\n .build());\n\n var frUdp4500 = new ForwardingRule(\"frUdp4500\", ForwardingRuleArgs.builder()\n .name(\"fr-udp4500\")\n .ipProtocol(\"UDP\")\n .portRange(\"4500\")\n .ipAddress(vpnStaticIp.address())\n .target(targetGateway.id())\n .build());\n\n var tunnel1 = new VPNTunnel(\"tunnel1\", VPNTunnelArgs.builder()\n .name(\"tunnel-1\")\n .peerIp(\"15.0.0.120\")\n .sharedSecret(\"a secret message\")\n .targetVpnGateway(targetGateway.id())\n .labels(Map.of(\"foo\", \"bar\"))\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n frEsp,\n frUdp500,\n frUdp4500)\n .build());\n\n var route1 = new Route(\"route1\", RouteArgs.builder()\n .name(\"route1\")\n .network(network1.name())\n .destRange(\"15.0.0.0/24\")\n .priority(1000)\n .nextHopVpnTunnel(tunnel1.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tunnel1:\n type: gcp:compute:VPNTunnel\n properties:\n name: tunnel-1\n peerIp: 15.0.0.120\n sharedSecret: a secret message\n targetVpnGateway: ${targetGateway.id}\n labels:\n foo: bar\n options:\n dependson:\n - ${frEsp}\n - ${frUdp500}\n - ${frUdp4500}\n targetGateway:\n type: gcp:compute:VPNGateway\n name: target_gateway\n properties:\n name: vpn-1\n network: ${network1.id}\n network1:\n type: gcp:compute:Network\n properties:\n name: network-1\n vpnStaticIp:\n type: gcp:compute:Address\n name: vpn_static_ip\n properties:\n name: vpn-static-ip\n frEsp:\n type: gcp:compute:ForwardingRule\n name: fr_esp\n properties:\n name: fr-esp\n ipProtocol: ESP\n ipAddress: ${vpnStaticIp.address}\n target: ${targetGateway.id}\n frUdp500:\n type: gcp:compute:ForwardingRule\n name: fr_udp500\n properties:\n name: fr-udp500\n ipProtocol: UDP\n portRange: '500'\n ipAddress: ${vpnStaticIp.address}\n target: ${targetGateway.id}\n frUdp4500:\n type: gcp:compute:ForwardingRule\n name: fr_udp4500\n properties:\n name: fr-udp4500\n ipProtocol: UDP\n portRange: '4500'\n ipAddress: ${vpnStaticIp.address}\n target: ${targetGateway.id}\n route1:\n type: gcp:compute:Route\n properties:\n name: route1\n network: ${network1.name}\n destRange: 15.0.0.0/24\n priority: 1000\n nextHopVpnTunnel: ${tunnel1.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nVpnTunnel can be imported using any of these accepted formats:\n\n* `projects/{{project}}/regions/{{region}}/vpnTunnels/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, VpnTunnel can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/vPNTunnel:VPNTunnel default projects/{{project}}/regions/{{region}}/vpnTunnels/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/vPNTunnel:VPNTunnel default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/vPNTunnel:VPNTunnel default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/vPNTunnel:VPNTunnel default {{name}}\n```\n\n", + "description": "VPN tunnel resource.\n\n\nTo get more information about VpnTunnel, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/vpnTunnels)\n* How-to Guides\n * [Cloud VPN Overview](https://cloud.google.com/vpn/docs/concepts/overview)\n * [Networks and Tunnel Routing](https://cloud.google.com/vpn/docs/concepts/choosing-networks-routing)\n\n\n\n## Example Usage\n\n### Vpn Tunnel Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network1 = new gcp.compute.Network(\"network1\", {name: \"network-1\"});\nconst targetGateway = new gcp.compute.VPNGateway(\"target_gateway\", {\n name: \"vpn-1\",\n network: network1.id,\n});\nconst vpnStaticIp = new gcp.compute.Address(\"vpn_static_ip\", {name: \"vpn-static-ip\"});\nconst frEsp = new gcp.compute.ForwardingRule(\"fr_esp\", {\n name: \"fr-esp\",\n ipProtocol: \"ESP\",\n ipAddress: vpnStaticIp.address,\n target: targetGateway.id,\n});\nconst frUdp500 = new gcp.compute.ForwardingRule(\"fr_udp500\", {\n name: \"fr-udp500\",\n ipProtocol: \"UDP\",\n portRange: \"500\",\n ipAddress: vpnStaticIp.address,\n target: targetGateway.id,\n});\nconst frUdp4500 = new gcp.compute.ForwardingRule(\"fr_udp4500\", {\n name: \"fr-udp4500\",\n ipProtocol: \"UDP\",\n portRange: \"4500\",\n ipAddress: vpnStaticIp.address,\n target: targetGateway.id,\n});\nconst tunnel1 = new gcp.compute.VPNTunnel(\"tunnel1\", {\n name: \"tunnel-1\",\n peerIp: \"15.0.0.120\",\n sharedSecret: \"a secret message\",\n targetVpnGateway: targetGateway.id,\n labels: {\n foo: \"bar\",\n },\n}, {\n dependsOn: [\n frEsp,\n frUdp500,\n frUdp4500,\n ],\n});\nconst route1 = new gcp.compute.Route(\"route1\", {\n name: \"route1\",\n network: network1.name,\n destRange: \"15.0.0.0/24\",\n priority: 1000,\n nextHopVpnTunnel: tunnel1.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork1 = gcp.compute.Network(\"network1\", name=\"network-1\")\ntarget_gateway = gcp.compute.VPNGateway(\"target_gateway\",\n name=\"vpn-1\",\n network=network1.id)\nvpn_static_ip = gcp.compute.Address(\"vpn_static_ip\", name=\"vpn-static-ip\")\nfr_esp = gcp.compute.ForwardingRule(\"fr_esp\",\n name=\"fr-esp\",\n ip_protocol=\"ESP\",\n ip_address=vpn_static_ip.address,\n target=target_gateway.id)\nfr_udp500 = gcp.compute.ForwardingRule(\"fr_udp500\",\n name=\"fr-udp500\",\n ip_protocol=\"UDP\",\n port_range=\"500\",\n ip_address=vpn_static_ip.address,\n target=target_gateway.id)\nfr_udp4500 = gcp.compute.ForwardingRule(\"fr_udp4500\",\n name=\"fr-udp4500\",\n ip_protocol=\"UDP\",\n port_range=\"4500\",\n ip_address=vpn_static_ip.address,\n target=target_gateway.id)\ntunnel1 = gcp.compute.VPNTunnel(\"tunnel1\",\n name=\"tunnel-1\",\n peer_ip=\"15.0.0.120\",\n shared_secret=\"a secret message\",\n target_vpn_gateway=target_gateway.id,\n labels={\n \"foo\": \"bar\",\n },\n opts = pulumi.ResourceOptions(depends_on=[\n fr_esp,\n fr_udp500,\n fr_udp4500,\n ]))\nroute1 = gcp.compute.Route(\"route1\",\n name=\"route1\",\n network=network1.name,\n dest_range=\"15.0.0.0/24\",\n priority=1000,\n next_hop_vpn_tunnel=tunnel1.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network1 = new Gcp.Compute.Network(\"network1\", new()\n {\n Name = \"network-1\",\n });\n\n var targetGateway = new Gcp.Compute.VPNGateway(\"target_gateway\", new()\n {\n Name = \"vpn-1\",\n Network = network1.Id,\n });\n\n var vpnStaticIp = new Gcp.Compute.Address(\"vpn_static_ip\", new()\n {\n Name = \"vpn-static-ip\",\n });\n\n var frEsp = new Gcp.Compute.ForwardingRule(\"fr_esp\", new()\n {\n Name = \"fr-esp\",\n IpProtocol = \"ESP\",\n IpAddress = vpnStaticIp.IPAddress,\n Target = targetGateway.Id,\n });\n\n var frUdp500 = new Gcp.Compute.ForwardingRule(\"fr_udp500\", new()\n {\n Name = \"fr-udp500\",\n IpProtocol = \"UDP\",\n PortRange = \"500\",\n IpAddress = vpnStaticIp.IPAddress,\n Target = targetGateway.Id,\n });\n\n var frUdp4500 = new Gcp.Compute.ForwardingRule(\"fr_udp4500\", new()\n {\n Name = \"fr-udp4500\",\n IpProtocol = \"UDP\",\n PortRange = \"4500\",\n IpAddress = vpnStaticIp.IPAddress,\n Target = targetGateway.Id,\n });\n\n var tunnel1 = new Gcp.Compute.VPNTunnel(\"tunnel1\", new()\n {\n Name = \"tunnel-1\",\n PeerIp = \"15.0.0.120\",\n SharedSecret = \"a secret message\",\n TargetVpnGateway = targetGateway.Id,\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n frEsp,\n frUdp500,\n frUdp4500,\n },\n });\n\n var route1 = new Gcp.Compute.Route(\"route1\", new()\n {\n Name = \"route1\",\n Network = network1.Name,\n DestRange = \"15.0.0.0/24\",\n Priority = 1000,\n NextHopVpnTunnel = tunnel1.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetwork1, err := compute.NewNetwork(ctx, \"network1\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"network-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttargetGateway, err := compute.NewVPNGateway(ctx, \"target_gateway\", \u0026compute.VPNGatewayArgs{\n\t\t\tName: pulumi.String(\"vpn-1\"),\n\t\t\tNetwork: network1.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpnStaticIp, err := compute.NewAddress(ctx, \"vpn_static_ip\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"vpn-static-ip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrEsp, err := compute.NewForwardingRule(ctx, \"fr_esp\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"fr-esp\"),\n\t\t\tIpProtocol: pulumi.String(\"ESP\"),\n\t\t\tIpAddress: vpnStaticIp.Address,\n\t\t\tTarget: targetGateway.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrUdp500, err := compute.NewForwardingRule(ctx, \"fr_udp500\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"fr-udp500\"),\n\t\t\tIpProtocol: pulumi.String(\"UDP\"),\n\t\t\tPortRange: pulumi.String(\"500\"),\n\t\t\tIpAddress: vpnStaticIp.Address,\n\t\t\tTarget: targetGateway.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrUdp4500, err := compute.NewForwardingRule(ctx, \"fr_udp4500\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"fr-udp4500\"),\n\t\t\tIpProtocol: pulumi.String(\"UDP\"),\n\t\t\tPortRange: pulumi.String(\"4500\"),\n\t\t\tIpAddress: vpnStaticIp.Address,\n\t\t\tTarget: targetGateway.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttunnel1, err := compute.NewVPNTunnel(ctx, \"tunnel1\", \u0026compute.VPNTunnelArgs{\n\t\t\tName: pulumi.String(\"tunnel-1\"),\n\t\t\tPeerIp: pulumi.String(\"15.0.0.120\"),\n\t\t\tSharedSecret: pulumi.String(\"a secret message\"),\n\t\t\tTargetVpnGateway: targetGateway.ID(),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfrEsp,\n\t\t\tfrUdp500,\n\t\t\tfrUdp4500,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRoute(ctx, \"route1\", \u0026compute.RouteArgs{\n\t\t\tName: pulumi.String(\"route1\"),\n\t\t\tNetwork: network1.Name,\n\t\t\tDestRange: pulumi.String(\"15.0.0.0/24\"),\n\t\t\tPriority: pulumi.Int(1000),\n\t\t\tNextHopVpnTunnel: tunnel1.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.VPNGateway;\nimport com.pulumi.gcp.compute.VPNGatewayArgs;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.compute.VPNTunnel;\nimport com.pulumi.gcp.compute.VPNTunnelArgs;\nimport com.pulumi.gcp.compute.Route;\nimport com.pulumi.gcp.compute.RouteArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network1 = new Network(\"network1\", NetworkArgs.builder()\n .name(\"network-1\")\n .build());\n\n var targetGateway = new VPNGateway(\"targetGateway\", VPNGatewayArgs.builder()\n .name(\"vpn-1\")\n .network(network1.id())\n .build());\n\n var vpnStaticIp = new Address(\"vpnStaticIp\", AddressArgs.builder()\n .name(\"vpn-static-ip\")\n .build());\n\n var frEsp = new ForwardingRule(\"frEsp\", ForwardingRuleArgs.builder()\n .name(\"fr-esp\")\n .ipProtocol(\"ESP\")\n .ipAddress(vpnStaticIp.address())\n .target(targetGateway.id())\n .build());\n\n var frUdp500 = new ForwardingRule(\"frUdp500\", ForwardingRuleArgs.builder()\n .name(\"fr-udp500\")\n .ipProtocol(\"UDP\")\n .portRange(\"500\")\n .ipAddress(vpnStaticIp.address())\n .target(targetGateway.id())\n .build());\n\n var frUdp4500 = new ForwardingRule(\"frUdp4500\", ForwardingRuleArgs.builder()\n .name(\"fr-udp4500\")\n .ipProtocol(\"UDP\")\n .portRange(\"4500\")\n .ipAddress(vpnStaticIp.address())\n .target(targetGateway.id())\n .build());\n\n var tunnel1 = new VPNTunnel(\"tunnel1\", VPNTunnelArgs.builder()\n .name(\"tunnel-1\")\n .peerIp(\"15.0.0.120\")\n .sharedSecret(\"a secret message\")\n .targetVpnGateway(targetGateway.id())\n .labels(Map.of(\"foo\", \"bar\"))\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n frEsp,\n frUdp500,\n frUdp4500)\n .build());\n\n var route1 = new Route(\"route1\", RouteArgs.builder()\n .name(\"route1\")\n .network(network1.name())\n .destRange(\"15.0.0.0/24\")\n .priority(1000)\n .nextHopVpnTunnel(tunnel1.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tunnel1:\n type: gcp:compute:VPNTunnel\n properties:\n name: tunnel-1\n peerIp: 15.0.0.120\n sharedSecret: a secret message\n targetVpnGateway: ${targetGateway.id}\n labels:\n foo: bar\n options:\n dependsOn:\n - ${frEsp}\n - ${frUdp500}\n - ${frUdp4500}\n targetGateway:\n type: gcp:compute:VPNGateway\n name: target_gateway\n properties:\n name: vpn-1\n network: ${network1.id}\n network1:\n type: gcp:compute:Network\n properties:\n name: network-1\n vpnStaticIp:\n type: gcp:compute:Address\n name: vpn_static_ip\n properties:\n name: vpn-static-ip\n frEsp:\n type: gcp:compute:ForwardingRule\n name: fr_esp\n properties:\n name: fr-esp\n ipProtocol: ESP\n ipAddress: ${vpnStaticIp.address}\n target: ${targetGateway.id}\n frUdp500:\n type: gcp:compute:ForwardingRule\n name: fr_udp500\n properties:\n name: fr-udp500\n ipProtocol: UDP\n portRange: '500'\n ipAddress: ${vpnStaticIp.address}\n target: ${targetGateway.id}\n frUdp4500:\n type: gcp:compute:ForwardingRule\n name: fr_udp4500\n properties:\n name: fr-udp4500\n ipProtocol: UDP\n portRange: '4500'\n ipAddress: ${vpnStaticIp.address}\n target: ${targetGateway.id}\n route1:\n type: gcp:compute:Route\n properties:\n name: route1\n network: ${network1.name}\n destRange: 15.0.0.0/24\n priority: 1000\n nextHopVpnTunnel: ${tunnel1.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nVpnTunnel can be imported using any of these accepted formats:\n\n* `projects/{{project}}/regions/{{region}}/vpnTunnels/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, VpnTunnel can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/vPNTunnel:VPNTunnel default projects/{{project}}/regions/{{region}}/vpnTunnels/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/vPNTunnel:VPNTunnel default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/vPNTunnel:VPNTunnel default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/vPNTunnel:VPNTunnel default {{name}}\n```\n\n", "properties": { "creationTimestamp": { "type": "string", @@ -185483,7 +185483,7 @@ } }, "gcp:container/attachedCluster:AttachedCluster": { - "description": "An Anthos cluster running on customer owned infrastructure.\n\n\nTo get more information about Cluster, see:\n\n* [API documentation](https://cloud.google.com/anthos/clusters/docs/multi-cloud/reference/rest)\n* How-to Guides\n * [API reference](https://cloud.google.com/anthos/clusters/docs/multi-cloud/reference/rest/v1/projects.locations.attachedClusters)\n * [Multicloud overview](https://cloud.google.com/anthos/clusters/docs/multi-cloud)\n\n## Example Usage\n\n### Container Attached Cluster Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst versions = project.then(project =\u003e gcp.container.getAttachedVersions({\n location: \"us-west1\",\n project: project.projectId,\n}));\nconst primary = new gcp.container.AttachedCluster(\"primary\", {\n name: \"basic\",\n location: \"us-west1\",\n project: project.then(project =\u003e project.projectId),\n description: \"Test cluster\",\n distribution: \"aks\",\n oidcConfig: {\n issuerUrl: \"https://oidc.issuer.url\",\n },\n platformVersion: versions.then(versions =\u003e versions.validVersions?.[0]),\n fleet: {\n project: project.then(project =\u003e `projects/${project.number}`),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nversions = gcp.container.get_attached_versions(location=\"us-west1\",\n project=project.project_id)\nprimary = gcp.container.AttachedCluster(\"primary\",\n name=\"basic\",\n location=\"us-west1\",\n project=project.project_id,\n description=\"Test cluster\",\n distribution=\"aks\",\n oidc_config={\n \"issuer_url\": \"https://oidc.issuer.url\",\n },\n platform_version=versions.valid_versions[0],\n fleet={\n \"project\": f\"projects/{project.number}\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var versions = Gcp.Container.GetAttachedVersions.Invoke(new()\n {\n Location = \"us-west1\",\n Project = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n });\n\n var primary = new Gcp.Container.AttachedCluster(\"primary\", new()\n {\n Name = \"basic\",\n Location = \"us-west1\",\n Project = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n Description = \"Test cluster\",\n Distribution = \"aks\",\n OidcConfig = new Gcp.Container.Inputs.AttachedClusterOidcConfigArgs\n {\n IssuerUrl = \"https://oidc.issuer.url\",\n },\n PlatformVersion = versions.Apply(getAttachedVersionsResult =\u003e getAttachedVersionsResult.ValidVersions[0]),\n Fleet = new Gcp.Container.Inputs.AttachedClusterFleetArgs\n {\n Project = $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tversions, err := container.GetAttachedVersions(ctx, \u0026container.GetAttachedVersionsArgs{\n\t\t\tLocation: \"us-west1\",\n\t\t\tProject: project.ProjectId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = container.NewAttachedCluster(ctx, \"primary\", \u0026container.AttachedClusterArgs{\n\t\t\tName: pulumi.String(\"basic\"),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tProject: pulumi.String(project.ProjectId),\n\t\t\tDescription: pulumi.String(\"Test cluster\"),\n\t\t\tDistribution: pulumi.String(\"aks\"),\n\t\t\tOidcConfig: \u0026container.AttachedClusterOidcConfigArgs{\n\t\t\t\tIssuerUrl: pulumi.String(\"https://oidc.issuer.url\"),\n\t\t\t},\n\t\t\tPlatformVersion: pulumi.String(versions.ValidVersions[0]),\n\t\t\tFleet: \u0026container.AttachedClusterFleetArgs{\n\t\t\t\tProject: pulumi.Sprintf(\"projects/%v\", project.Number),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetAttachedVersionsArgs;\nimport com.pulumi.gcp.container.AttachedCluster;\nimport com.pulumi.gcp.container.AttachedClusterArgs;\nimport com.pulumi.gcp.container.inputs.AttachedClusterOidcConfigArgs;\nimport com.pulumi.gcp.container.inputs.AttachedClusterFleetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n final var versions = ContainerFunctions.getAttachedVersions(GetAttachedVersionsArgs.builder()\n .location(\"us-west1\")\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .build());\n\n var primary = new AttachedCluster(\"primary\", AttachedClusterArgs.builder()\n .name(\"basic\")\n .location(\"us-west1\")\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .description(\"Test cluster\")\n .distribution(\"aks\")\n .oidcConfig(AttachedClusterOidcConfigArgs.builder()\n .issuerUrl(\"https://oidc.issuer.url\")\n .build())\n .platformVersion(versions.applyValue(getAttachedVersionsResult -\u003e getAttachedVersionsResult.validVersions()[0]))\n .fleet(AttachedClusterFleetArgs.builder()\n .project(String.format(\"projects/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:AttachedCluster\n properties:\n name: basic\n location: us-west1\n project: ${project.projectId}\n description: Test cluster\n distribution: aks\n oidcConfig:\n issuerUrl: https://oidc.issuer.url\n platformVersion: ${versions.validVersions[0]}\n fleet:\n project: projects/${project.number}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n versions:\n fn::invoke:\n Function: gcp:container:getAttachedVersions\n Arguments:\n location: us-west1\n project: ${project.projectId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Container Attached Cluster Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst project = gcp.organizations.getProject({});\nconst versions = project.then(project =\u003e gcp.container.getAttachedVersions({\n location: \"us-west1\",\n project: project.projectId,\n}));\nconst primary = new gcp.container.AttachedCluster(\"primary\", {\n name: \"basic\",\n project: project.then(project =\u003e project.projectId),\n location: \"us-west1\",\n description: \"Test cluster\",\n distribution: \"aks\",\n annotations: {\n \"label-one\": \"value-one\",\n },\n authorization: {\n adminUsers: [\n \"user1@example.com\",\n \"user2@example.com\",\n ],\n adminGroups: [\n \"group1@example.com\",\n \"group2@example.com\",\n ],\n },\n oidcConfig: {\n issuerUrl: \"https://oidc.issuer.url\",\n jwks: std.base64encode({\n input: \"{\\\"keys\\\":[{\\\"use\\\":\\\"sig\\\",\\\"kty\\\":\\\"RSA\\\",\\\"kid\\\":\\\"testid\\\",\\\"alg\\\":\\\"RS256\\\",\\\"n\\\":\\\"somedata\\\",\\\"e\\\":\\\"AQAB\\\"}]}\",\n }).then(invoke =\u003e invoke.result),\n },\n platformVersion: versions.then(versions =\u003e versions.validVersions?.[0]),\n fleet: {\n project: project.then(project =\u003e `projects/${project.number}`),\n },\n loggingConfig: {\n componentConfig: {\n enableComponents: [\n \"SYSTEM_COMPONENTS\",\n \"WORKLOADS\",\n ],\n },\n },\n monitoringConfig: {\n managedPrometheusConfig: {\n enabled: true,\n },\n },\n binaryAuthorization: {\n evaluationMode: \"PROJECT_SINGLETON_POLICY_ENFORCE\",\n },\n proxyConfig: {\n kubernetesSecret: {\n name: \"proxy-config\",\n namespace: \"default\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nproject = gcp.organizations.get_project()\nversions = gcp.container.get_attached_versions(location=\"us-west1\",\n project=project.project_id)\nprimary = gcp.container.AttachedCluster(\"primary\",\n name=\"basic\",\n project=project.project_id,\n location=\"us-west1\",\n description=\"Test cluster\",\n distribution=\"aks\",\n annotations={\n \"label-one\": \"value-one\",\n },\n authorization={\n \"admin_users\": [\n \"user1@example.com\",\n \"user2@example.com\",\n ],\n \"admin_groups\": [\n \"group1@example.com\",\n \"group2@example.com\",\n ],\n },\n oidc_config={\n \"issuer_url\": \"https://oidc.issuer.url\",\n \"jwks\": std.base64encode(input=\"{\\\"keys\\\":[{\\\"use\\\":\\\"sig\\\",\\\"kty\\\":\\\"RSA\\\",\\\"kid\\\":\\\"testid\\\",\\\"alg\\\":\\\"RS256\\\",\\\"n\\\":\\\"somedata\\\",\\\"e\\\":\\\"AQAB\\\"}]}\").result,\n },\n platform_version=versions.valid_versions[0],\n fleet={\n \"project\": f\"projects/{project.number}\",\n },\n logging_config={\n \"component_config\": {\n \"enable_components\": [\n \"SYSTEM_COMPONENTS\",\n \"WORKLOADS\",\n ],\n },\n },\n monitoring_config={\n \"managed_prometheus_config\": {\n \"enabled\": True,\n },\n },\n binary_authorization={\n \"evaluation_mode\": \"PROJECT_SINGLETON_POLICY_ENFORCE\",\n },\n proxy_config={\n \"kubernetes_secret\": {\n \"name\": \"proxy-config\",\n \"namespace\": \"default\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var versions = Gcp.Container.GetAttachedVersions.Invoke(new()\n {\n Location = \"us-west1\",\n Project = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n });\n\n var primary = new Gcp.Container.AttachedCluster(\"primary\", new()\n {\n Name = \"basic\",\n Project = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n Location = \"us-west1\",\n Description = \"Test cluster\",\n Distribution = \"aks\",\n Annotations = \n {\n { \"label-one\", \"value-one\" },\n },\n Authorization = new Gcp.Container.Inputs.AttachedClusterAuthorizationArgs\n {\n AdminUsers = new[]\n {\n \"user1@example.com\",\n \"user2@example.com\",\n },\n AdminGroups = new[]\n {\n \"group1@example.com\",\n \"group2@example.com\",\n },\n },\n OidcConfig = new Gcp.Container.Inputs.AttachedClusterOidcConfigArgs\n {\n IssuerUrl = \"https://oidc.issuer.url\",\n Jwks = Std.Base64encode.Invoke(new()\n {\n Input = \"{\\\"keys\\\":[{\\\"use\\\":\\\"sig\\\",\\\"kty\\\":\\\"RSA\\\",\\\"kid\\\":\\\"testid\\\",\\\"alg\\\":\\\"RS256\\\",\\\"n\\\":\\\"somedata\\\",\\\"e\\\":\\\"AQAB\\\"}]}\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n PlatformVersion = versions.Apply(getAttachedVersionsResult =\u003e getAttachedVersionsResult.ValidVersions[0]),\n Fleet = new Gcp.Container.Inputs.AttachedClusterFleetArgs\n {\n Project = $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}\",\n },\n LoggingConfig = new Gcp.Container.Inputs.AttachedClusterLoggingConfigArgs\n {\n ComponentConfig = new Gcp.Container.Inputs.AttachedClusterLoggingConfigComponentConfigArgs\n {\n EnableComponents = new[]\n {\n \"SYSTEM_COMPONENTS\",\n \"WORKLOADS\",\n },\n },\n },\n MonitoringConfig = new Gcp.Container.Inputs.AttachedClusterMonitoringConfigArgs\n {\n ManagedPrometheusConfig = new Gcp.Container.Inputs.AttachedClusterMonitoringConfigManagedPrometheusConfigArgs\n {\n Enabled = true,\n },\n },\n BinaryAuthorization = new Gcp.Container.Inputs.AttachedClusterBinaryAuthorizationArgs\n {\n EvaluationMode = \"PROJECT_SINGLETON_POLICY_ENFORCE\",\n },\n ProxyConfig = new Gcp.Container.Inputs.AttachedClusterProxyConfigArgs\n {\n KubernetesSecret = new Gcp.Container.Inputs.AttachedClusterProxyConfigKubernetesSecretArgs\n {\n Name = \"proxy-config\",\n Namespace = \"default\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tversions, err := container.GetAttachedVersions(ctx, \u0026container.GetAttachedVersionsArgs{\n\t\t\tLocation: \"us-west1\",\n\t\t\tProject: project.ProjectId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeBase64encode, err := std.Base64encode(ctx, \u0026std.Base64encodeArgs{\n\t\t\tInput: \"{\\\"keys\\\":[{\\\"use\\\":\\\"sig\\\",\\\"kty\\\":\\\"RSA\\\",\\\"kid\\\":\\\"testid\\\",\\\"alg\\\":\\\"RS256\\\",\\\"n\\\":\\\"somedata\\\",\\\"e\\\":\\\"AQAB\\\"}]}\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = container.NewAttachedCluster(ctx, \"primary\", \u0026container.AttachedClusterArgs{\n\t\t\tName: pulumi.String(\"basic\"),\n\t\t\tProject: pulumi.String(project.ProjectId),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tDescription: pulumi.String(\"Test cluster\"),\n\t\t\tDistribution: pulumi.String(\"aks\"),\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tAuthorization: \u0026container.AttachedClusterAuthorizationArgs{\n\t\t\t\tAdminUsers: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"user1@example.com\"),\n\t\t\t\t\tpulumi.String(\"user2@example.com\"),\n\t\t\t\t},\n\t\t\t\tAdminGroups: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"group1@example.com\"),\n\t\t\t\t\tpulumi.String(\"group2@example.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tOidcConfig: \u0026container.AttachedClusterOidcConfigArgs{\n\t\t\t\tIssuerUrl: pulumi.String(\"https://oidc.issuer.url\"),\n\t\t\t\tJwks: pulumi.String(invokeBase64encode.Result),\n\t\t\t},\n\t\t\tPlatformVersion: pulumi.String(versions.ValidVersions[0]),\n\t\t\tFleet: \u0026container.AttachedClusterFleetArgs{\n\t\t\t\tProject: pulumi.Sprintf(\"projects/%v\", project.Number),\n\t\t\t},\n\t\t\tLoggingConfig: \u0026container.AttachedClusterLoggingConfigArgs{\n\t\t\t\tComponentConfig: \u0026container.AttachedClusterLoggingConfigComponentConfigArgs{\n\t\t\t\t\tEnableComponents: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"SYSTEM_COMPONENTS\"),\n\t\t\t\t\t\tpulumi.String(\"WORKLOADS\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tMonitoringConfig: \u0026container.AttachedClusterMonitoringConfigArgs{\n\t\t\t\tManagedPrometheusConfig: \u0026container.AttachedClusterMonitoringConfigManagedPrometheusConfigArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tBinaryAuthorization: \u0026container.AttachedClusterBinaryAuthorizationArgs{\n\t\t\t\tEvaluationMode: pulumi.String(\"PROJECT_SINGLETON_POLICY_ENFORCE\"),\n\t\t\t},\n\t\t\tProxyConfig: \u0026container.AttachedClusterProxyConfigArgs{\n\t\t\t\tKubernetesSecret: \u0026container.AttachedClusterProxyConfigKubernetesSecretArgs{\n\t\t\t\t\tName: pulumi.String(\"proxy-config\"),\n\t\t\t\t\tNamespace: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetAttachedVersionsArgs;\nimport com.pulumi.gcp.container.AttachedCluster;\nimport com.pulumi.gcp.container.AttachedClusterArgs;\nimport com.pulumi.gcp.container.inputs.AttachedClusterAuthorizationArgs;\nimport com.pulumi.gcp.container.inputs.AttachedClusterOidcConfigArgs;\nimport com.pulumi.gcp.container.inputs.AttachedClusterFleetArgs;\nimport com.pulumi.gcp.container.inputs.AttachedClusterLoggingConfigArgs;\nimport com.pulumi.gcp.container.inputs.AttachedClusterLoggingConfigComponentConfigArgs;\nimport com.pulumi.gcp.container.inputs.AttachedClusterMonitoringConfigArgs;\nimport com.pulumi.gcp.container.inputs.AttachedClusterMonitoringConfigManagedPrometheusConfigArgs;\nimport com.pulumi.gcp.container.inputs.AttachedClusterBinaryAuthorizationArgs;\nimport com.pulumi.gcp.container.inputs.AttachedClusterProxyConfigArgs;\nimport com.pulumi.gcp.container.inputs.AttachedClusterProxyConfigKubernetesSecretArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n final var versions = ContainerFunctions.getAttachedVersions(GetAttachedVersionsArgs.builder()\n .location(\"us-west1\")\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .build());\n\n var primary = new AttachedCluster(\"primary\", AttachedClusterArgs.builder()\n .name(\"basic\")\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .location(\"us-west1\")\n .description(\"Test cluster\")\n .distribution(\"aks\")\n .annotations(Map.of(\"label-one\", \"value-one\"))\n .authorization(AttachedClusterAuthorizationArgs.builder()\n .adminUsers( \n \"user1@example.com\",\n \"user2@example.com\")\n .adminGroups( \n \"group1@example.com\",\n \"group2@example.com\")\n .build())\n .oidcConfig(AttachedClusterOidcConfigArgs.builder()\n .issuerUrl(\"https://oidc.issuer.url\")\n .jwks(StdFunctions.base64encode(Base64encodeArgs.builder()\n .input(\"{\\\"keys\\\":[{\\\"use\\\":\\\"sig\\\",\\\"kty\\\":\\\"RSA\\\",\\\"kid\\\":\\\"testid\\\",\\\"alg\\\":\\\"RS256\\\",\\\"n\\\":\\\"somedata\\\",\\\"e\\\":\\\"AQAB\\\"}]}\")\n .build()).result())\n .build())\n .platformVersion(versions.applyValue(getAttachedVersionsResult -\u003e getAttachedVersionsResult.validVersions()[0]))\n .fleet(AttachedClusterFleetArgs.builder()\n .project(String.format(\"projects/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build())\n .loggingConfig(AttachedClusterLoggingConfigArgs.builder()\n .componentConfig(AttachedClusterLoggingConfigComponentConfigArgs.builder()\n .enableComponents( \n \"SYSTEM_COMPONENTS\",\n \"WORKLOADS\")\n .build())\n .build())\n .monitoringConfig(AttachedClusterMonitoringConfigArgs.builder()\n .managedPrometheusConfig(AttachedClusterMonitoringConfigManagedPrometheusConfigArgs.builder()\n .enabled(true)\n .build())\n .build())\n .binaryAuthorization(AttachedClusterBinaryAuthorizationArgs.builder()\n .evaluationMode(\"PROJECT_SINGLETON_POLICY_ENFORCE\")\n .build())\n .proxyConfig(AttachedClusterProxyConfigArgs.builder()\n .kubernetesSecret(AttachedClusterProxyConfigKubernetesSecretArgs.builder()\n .name(\"proxy-config\")\n .namespace(\"default\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:AttachedCluster\n properties:\n name: basic\n project: ${project.projectId}\n location: us-west1\n description: Test cluster\n distribution: aks\n annotations:\n label-one: value-one\n authorization:\n adminUsers:\n - user1@example.com\n - user2@example.com\n adminGroups:\n - group1@example.com\n - group2@example.com\n oidcConfig:\n issuerUrl: https://oidc.issuer.url\n jwks:\n fn::invoke:\n Function: std:base64encode\n Arguments:\n input: '{\"keys\":[{\"use\":\"sig\",\"kty\":\"RSA\",\"kid\":\"testid\",\"alg\":\"RS256\",\"n\":\"somedata\",\"e\":\"AQAB\"}]}'\n Return: result\n platformVersion: ${versions.validVersions[0]}\n fleet:\n project: projects/${project.number}\n loggingConfig:\n componentConfig:\n enableComponents:\n - SYSTEM_COMPONENTS\n - WORKLOADS\n monitoringConfig:\n managedPrometheusConfig:\n enabled: true\n binaryAuthorization:\n evaluationMode: PROJECT_SINGLETON_POLICY_ENFORCE\n proxyConfig:\n kubernetesSecret:\n name: proxy-config\n namespace: default\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n versions:\n fn::invoke:\n Function: gcp:container:getAttachedVersions\n Arguments:\n location: us-west1\n project: ${project.projectId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Container Attached Cluster Ignore Errors\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst versions = project.then(project =\u003e gcp.container.getAttachedVersions({\n location: \"us-west1\",\n project: project.projectId,\n}));\nconst primary = new gcp.container.AttachedCluster(\"primary\", {\n name: \"basic\",\n location: \"us-west1\",\n project: project.then(project =\u003e project.projectId),\n description: \"Test cluster\",\n distribution: \"aks\",\n oidcConfig: {\n issuerUrl: \"https://oidc.issuer.url\",\n },\n platformVersion: versions.then(versions =\u003e versions.validVersions?.[0]),\n fleet: {\n project: project.then(project =\u003e `projects/${project.number}`),\n },\n deletionPolicy: \"DELETE_IGNORE_ERRORS\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nversions = gcp.container.get_attached_versions(location=\"us-west1\",\n project=project.project_id)\nprimary = gcp.container.AttachedCluster(\"primary\",\n name=\"basic\",\n location=\"us-west1\",\n project=project.project_id,\n description=\"Test cluster\",\n distribution=\"aks\",\n oidc_config={\n \"issuer_url\": \"https://oidc.issuer.url\",\n },\n platform_version=versions.valid_versions[0],\n fleet={\n \"project\": f\"projects/{project.number}\",\n },\n deletion_policy=\"DELETE_IGNORE_ERRORS\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var versions = Gcp.Container.GetAttachedVersions.Invoke(new()\n {\n Location = \"us-west1\",\n Project = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n });\n\n var primary = new Gcp.Container.AttachedCluster(\"primary\", new()\n {\n Name = \"basic\",\n Location = \"us-west1\",\n Project = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n Description = \"Test cluster\",\n Distribution = \"aks\",\n OidcConfig = new Gcp.Container.Inputs.AttachedClusterOidcConfigArgs\n {\n IssuerUrl = \"https://oidc.issuer.url\",\n },\n PlatformVersion = versions.Apply(getAttachedVersionsResult =\u003e getAttachedVersionsResult.ValidVersions[0]),\n Fleet = new Gcp.Container.Inputs.AttachedClusterFleetArgs\n {\n Project = $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}\",\n },\n DeletionPolicy = \"DELETE_IGNORE_ERRORS\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tversions, err := container.GetAttachedVersions(ctx, \u0026container.GetAttachedVersionsArgs{\n\t\t\tLocation: \"us-west1\",\n\t\t\tProject: project.ProjectId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = container.NewAttachedCluster(ctx, \"primary\", \u0026container.AttachedClusterArgs{\n\t\t\tName: pulumi.String(\"basic\"),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tProject: pulumi.String(project.ProjectId),\n\t\t\tDescription: pulumi.String(\"Test cluster\"),\n\t\t\tDistribution: pulumi.String(\"aks\"),\n\t\t\tOidcConfig: \u0026container.AttachedClusterOidcConfigArgs{\n\t\t\t\tIssuerUrl: pulumi.String(\"https://oidc.issuer.url\"),\n\t\t\t},\n\t\t\tPlatformVersion: pulumi.String(versions.ValidVersions[0]),\n\t\t\tFleet: \u0026container.AttachedClusterFleetArgs{\n\t\t\t\tProject: pulumi.Sprintf(\"projects/%v\", project.Number),\n\t\t\t},\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE_IGNORE_ERRORS\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetAttachedVersionsArgs;\nimport com.pulumi.gcp.container.AttachedCluster;\nimport com.pulumi.gcp.container.AttachedClusterArgs;\nimport com.pulumi.gcp.container.inputs.AttachedClusterOidcConfigArgs;\nimport com.pulumi.gcp.container.inputs.AttachedClusterFleetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n final var versions = ContainerFunctions.getAttachedVersions(GetAttachedVersionsArgs.builder()\n .location(\"us-west1\")\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .build());\n\n var primary = new AttachedCluster(\"primary\", AttachedClusterArgs.builder()\n .name(\"basic\")\n .location(\"us-west1\")\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .description(\"Test cluster\")\n .distribution(\"aks\")\n .oidcConfig(AttachedClusterOidcConfigArgs.builder()\n .issuerUrl(\"https://oidc.issuer.url\")\n .build())\n .platformVersion(versions.applyValue(getAttachedVersionsResult -\u003e getAttachedVersionsResult.validVersions()[0]))\n .fleet(AttachedClusterFleetArgs.builder()\n .project(String.format(\"projects/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build())\n .deletionPolicy(\"DELETE_IGNORE_ERRORS\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:AttachedCluster\n properties:\n name: basic\n location: us-west1\n project: ${project.projectId}\n description: Test cluster\n distribution: aks\n oidcConfig:\n issuerUrl: https://oidc.issuer.url\n platformVersion: ${versions.validVersions[0]}\n fleet:\n project: projects/${project.number}\n deletionPolicy: DELETE_IGNORE_ERRORS\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n versions:\n fn::invoke:\n Function: gcp:container:getAttachedVersions\n Arguments:\n location: us-west1\n project: ${project.projectId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nCluster can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/attachedClusters/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Cluster can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:container/attachedCluster:AttachedCluster default projects/{{project}}/locations/{{location}}/attachedClusters/{{name}}\n```\n\n```sh\n$ pulumi import gcp:container/attachedCluster:AttachedCluster default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:container/attachedCluster:AttachedCluster default {{location}}/{{name}}\n```\n\n", + "description": "An Anthos cluster running on customer owned infrastructure.\n\n\nTo get more information about Cluster, see:\n\n* [API documentation](https://cloud.google.com/anthos/clusters/docs/multi-cloud/reference/rest)\n* How-to Guides\n * [API reference](https://cloud.google.com/anthos/clusters/docs/multi-cloud/reference/rest/v1/projects.locations.attachedClusters)\n * [Multicloud overview](https://cloud.google.com/anthos/clusters/docs/multi-cloud)\n\n## Example Usage\n\n### Container Attached Cluster Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst versions = project.then(project =\u003e gcp.container.getAttachedVersions({\n location: \"us-west1\",\n project: project.projectId,\n}));\nconst primary = new gcp.container.AttachedCluster(\"primary\", {\n name: \"basic\",\n location: \"us-west1\",\n project: project.then(project =\u003e project.projectId),\n description: \"Test cluster\",\n distribution: \"aks\",\n oidcConfig: {\n issuerUrl: \"https://oidc.issuer.url\",\n },\n platformVersion: versions.then(versions =\u003e versions.validVersions?.[0]),\n fleet: {\n project: project.then(project =\u003e `projects/${project.number}`),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nversions = gcp.container.get_attached_versions(location=\"us-west1\",\n project=project.project_id)\nprimary = gcp.container.AttachedCluster(\"primary\",\n name=\"basic\",\n location=\"us-west1\",\n project=project.project_id,\n description=\"Test cluster\",\n distribution=\"aks\",\n oidc_config={\n \"issuer_url\": \"https://oidc.issuer.url\",\n },\n platform_version=versions.valid_versions[0],\n fleet={\n \"project\": f\"projects/{project.number}\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var versions = Gcp.Container.GetAttachedVersions.Invoke(new()\n {\n Location = \"us-west1\",\n Project = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n });\n\n var primary = new Gcp.Container.AttachedCluster(\"primary\", new()\n {\n Name = \"basic\",\n Location = \"us-west1\",\n Project = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n Description = \"Test cluster\",\n Distribution = \"aks\",\n OidcConfig = new Gcp.Container.Inputs.AttachedClusterOidcConfigArgs\n {\n IssuerUrl = \"https://oidc.issuer.url\",\n },\n PlatformVersion = versions.Apply(getAttachedVersionsResult =\u003e getAttachedVersionsResult.ValidVersions[0]),\n Fleet = new Gcp.Container.Inputs.AttachedClusterFleetArgs\n {\n Project = $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tversions, err := container.GetAttachedVersions(ctx, \u0026container.GetAttachedVersionsArgs{\n\t\t\tLocation: \"us-west1\",\n\t\t\tProject: project.ProjectId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = container.NewAttachedCluster(ctx, \"primary\", \u0026container.AttachedClusterArgs{\n\t\t\tName: pulumi.String(\"basic\"),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tProject: pulumi.String(project.ProjectId),\n\t\t\tDescription: pulumi.String(\"Test cluster\"),\n\t\t\tDistribution: pulumi.String(\"aks\"),\n\t\t\tOidcConfig: \u0026container.AttachedClusterOidcConfigArgs{\n\t\t\t\tIssuerUrl: pulumi.String(\"https://oidc.issuer.url\"),\n\t\t\t},\n\t\t\tPlatformVersion: pulumi.String(versions.ValidVersions[0]),\n\t\t\tFleet: \u0026container.AttachedClusterFleetArgs{\n\t\t\t\tProject: pulumi.Sprintf(\"projects/%v\", project.Number),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetAttachedVersionsArgs;\nimport com.pulumi.gcp.container.AttachedCluster;\nimport com.pulumi.gcp.container.AttachedClusterArgs;\nimport com.pulumi.gcp.container.inputs.AttachedClusterOidcConfigArgs;\nimport com.pulumi.gcp.container.inputs.AttachedClusterFleetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n final var versions = ContainerFunctions.getAttachedVersions(GetAttachedVersionsArgs.builder()\n .location(\"us-west1\")\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .build());\n\n var primary = new AttachedCluster(\"primary\", AttachedClusterArgs.builder()\n .name(\"basic\")\n .location(\"us-west1\")\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .description(\"Test cluster\")\n .distribution(\"aks\")\n .oidcConfig(AttachedClusterOidcConfigArgs.builder()\n .issuerUrl(\"https://oidc.issuer.url\")\n .build())\n .platformVersion(versions.applyValue(getAttachedVersionsResult -\u003e getAttachedVersionsResult.validVersions()[0]))\n .fleet(AttachedClusterFleetArgs.builder()\n .project(String.format(\"projects/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:AttachedCluster\n properties:\n name: basic\n location: us-west1\n project: ${project.projectId}\n description: Test cluster\n distribution: aks\n oidcConfig:\n issuerUrl: https://oidc.issuer.url\n platformVersion: ${versions.validVersions[0]}\n fleet:\n project: projects/${project.number}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n versions:\n fn::invoke:\n function: gcp:container:getAttachedVersions\n arguments:\n location: us-west1\n project: ${project.projectId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Container Attached Cluster Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst project = gcp.organizations.getProject({});\nconst versions = project.then(project =\u003e gcp.container.getAttachedVersions({\n location: \"us-west1\",\n project: project.projectId,\n}));\nconst primary = new gcp.container.AttachedCluster(\"primary\", {\n name: \"basic\",\n project: project.then(project =\u003e project.projectId),\n location: \"us-west1\",\n description: \"Test cluster\",\n distribution: \"aks\",\n annotations: {\n \"label-one\": \"value-one\",\n },\n authorization: {\n adminUsers: [\n \"user1@example.com\",\n \"user2@example.com\",\n ],\n adminGroups: [\n \"group1@example.com\",\n \"group2@example.com\",\n ],\n },\n oidcConfig: {\n issuerUrl: \"https://oidc.issuer.url\",\n jwks: std.base64encode({\n input: \"{\\\"keys\\\":[{\\\"use\\\":\\\"sig\\\",\\\"kty\\\":\\\"RSA\\\",\\\"kid\\\":\\\"testid\\\",\\\"alg\\\":\\\"RS256\\\",\\\"n\\\":\\\"somedata\\\",\\\"e\\\":\\\"AQAB\\\"}]}\",\n }).then(invoke =\u003e invoke.result),\n },\n platformVersion: versions.then(versions =\u003e versions.validVersions?.[0]),\n fleet: {\n project: project.then(project =\u003e `projects/${project.number}`),\n },\n loggingConfig: {\n componentConfig: {\n enableComponents: [\n \"SYSTEM_COMPONENTS\",\n \"WORKLOADS\",\n ],\n },\n },\n monitoringConfig: {\n managedPrometheusConfig: {\n enabled: true,\n },\n },\n binaryAuthorization: {\n evaluationMode: \"PROJECT_SINGLETON_POLICY_ENFORCE\",\n },\n proxyConfig: {\n kubernetesSecret: {\n name: \"proxy-config\",\n namespace: \"default\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nproject = gcp.organizations.get_project()\nversions = gcp.container.get_attached_versions(location=\"us-west1\",\n project=project.project_id)\nprimary = gcp.container.AttachedCluster(\"primary\",\n name=\"basic\",\n project=project.project_id,\n location=\"us-west1\",\n description=\"Test cluster\",\n distribution=\"aks\",\n annotations={\n \"label-one\": \"value-one\",\n },\n authorization={\n \"admin_users\": [\n \"user1@example.com\",\n \"user2@example.com\",\n ],\n \"admin_groups\": [\n \"group1@example.com\",\n \"group2@example.com\",\n ],\n },\n oidc_config={\n \"issuer_url\": \"https://oidc.issuer.url\",\n \"jwks\": std.base64encode(input=\"{\\\"keys\\\":[{\\\"use\\\":\\\"sig\\\",\\\"kty\\\":\\\"RSA\\\",\\\"kid\\\":\\\"testid\\\",\\\"alg\\\":\\\"RS256\\\",\\\"n\\\":\\\"somedata\\\",\\\"e\\\":\\\"AQAB\\\"}]}\").result,\n },\n platform_version=versions.valid_versions[0],\n fleet={\n \"project\": f\"projects/{project.number}\",\n },\n logging_config={\n \"component_config\": {\n \"enable_components\": [\n \"SYSTEM_COMPONENTS\",\n \"WORKLOADS\",\n ],\n },\n },\n monitoring_config={\n \"managed_prometheus_config\": {\n \"enabled\": True,\n },\n },\n binary_authorization={\n \"evaluation_mode\": \"PROJECT_SINGLETON_POLICY_ENFORCE\",\n },\n proxy_config={\n \"kubernetes_secret\": {\n \"name\": \"proxy-config\",\n \"namespace\": \"default\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var versions = Gcp.Container.GetAttachedVersions.Invoke(new()\n {\n Location = \"us-west1\",\n Project = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n });\n\n var primary = new Gcp.Container.AttachedCluster(\"primary\", new()\n {\n Name = \"basic\",\n Project = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n Location = \"us-west1\",\n Description = \"Test cluster\",\n Distribution = \"aks\",\n Annotations = \n {\n { \"label-one\", \"value-one\" },\n },\n Authorization = new Gcp.Container.Inputs.AttachedClusterAuthorizationArgs\n {\n AdminUsers = new[]\n {\n \"user1@example.com\",\n \"user2@example.com\",\n },\n AdminGroups = new[]\n {\n \"group1@example.com\",\n \"group2@example.com\",\n },\n },\n OidcConfig = new Gcp.Container.Inputs.AttachedClusterOidcConfigArgs\n {\n IssuerUrl = \"https://oidc.issuer.url\",\n Jwks = Std.Base64encode.Invoke(new()\n {\n Input = \"{\\\"keys\\\":[{\\\"use\\\":\\\"sig\\\",\\\"kty\\\":\\\"RSA\\\",\\\"kid\\\":\\\"testid\\\",\\\"alg\\\":\\\"RS256\\\",\\\"n\\\":\\\"somedata\\\",\\\"e\\\":\\\"AQAB\\\"}]}\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n PlatformVersion = versions.Apply(getAttachedVersionsResult =\u003e getAttachedVersionsResult.ValidVersions[0]),\n Fleet = new Gcp.Container.Inputs.AttachedClusterFleetArgs\n {\n Project = $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}\",\n },\n LoggingConfig = new Gcp.Container.Inputs.AttachedClusterLoggingConfigArgs\n {\n ComponentConfig = new Gcp.Container.Inputs.AttachedClusterLoggingConfigComponentConfigArgs\n {\n EnableComponents = new[]\n {\n \"SYSTEM_COMPONENTS\",\n \"WORKLOADS\",\n },\n },\n },\n MonitoringConfig = new Gcp.Container.Inputs.AttachedClusterMonitoringConfigArgs\n {\n ManagedPrometheusConfig = new Gcp.Container.Inputs.AttachedClusterMonitoringConfigManagedPrometheusConfigArgs\n {\n Enabled = true,\n },\n },\n BinaryAuthorization = new Gcp.Container.Inputs.AttachedClusterBinaryAuthorizationArgs\n {\n EvaluationMode = \"PROJECT_SINGLETON_POLICY_ENFORCE\",\n },\n ProxyConfig = new Gcp.Container.Inputs.AttachedClusterProxyConfigArgs\n {\n KubernetesSecret = new Gcp.Container.Inputs.AttachedClusterProxyConfigKubernetesSecretArgs\n {\n Name = \"proxy-config\",\n Namespace = \"default\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tversions, err := container.GetAttachedVersions(ctx, \u0026container.GetAttachedVersionsArgs{\n\t\t\tLocation: \"us-west1\",\n\t\t\tProject: project.ProjectId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeBase64encode, err := std.Base64encode(ctx, \u0026std.Base64encodeArgs{\n\t\t\tInput: \"{\\\"keys\\\":[{\\\"use\\\":\\\"sig\\\",\\\"kty\\\":\\\"RSA\\\",\\\"kid\\\":\\\"testid\\\",\\\"alg\\\":\\\"RS256\\\",\\\"n\\\":\\\"somedata\\\",\\\"e\\\":\\\"AQAB\\\"}]}\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = container.NewAttachedCluster(ctx, \"primary\", \u0026container.AttachedClusterArgs{\n\t\t\tName: pulumi.String(\"basic\"),\n\t\t\tProject: pulumi.String(project.ProjectId),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tDescription: pulumi.String(\"Test cluster\"),\n\t\t\tDistribution: pulumi.String(\"aks\"),\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tAuthorization: \u0026container.AttachedClusterAuthorizationArgs{\n\t\t\t\tAdminUsers: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"user1@example.com\"),\n\t\t\t\t\tpulumi.String(\"user2@example.com\"),\n\t\t\t\t},\n\t\t\t\tAdminGroups: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"group1@example.com\"),\n\t\t\t\t\tpulumi.String(\"group2@example.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tOidcConfig: \u0026container.AttachedClusterOidcConfigArgs{\n\t\t\t\tIssuerUrl: pulumi.String(\"https://oidc.issuer.url\"),\n\t\t\t\tJwks: pulumi.String(invokeBase64encode.Result),\n\t\t\t},\n\t\t\tPlatformVersion: pulumi.String(versions.ValidVersions[0]),\n\t\t\tFleet: \u0026container.AttachedClusterFleetArgs{\n\t\t\t\tProject: pulumi.Sprintf(\"projects/%v\", project.Number),\n\t\t\t},\n\t\t\tLoggingConfig: \u0026container.AttachedClusterLoggingConfigArgs{\n\t\t\t\tComponentConfig: \u0026container.AttachedClusterLoggingConfigComponentConfigArgs{\n\t\t\t\t\tEnableComponents: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"SYSTEM_COMPONENTS\"),\n\t\t\t\t\t\tpulumi.String(\"WORKLOADS\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tMonitoringConfig: \u0026container.AttachedClusterMonitoringConfigArgs{\n\t\t\t\tManagedPrometheusConfig: \u0026container.AttachedClusterMonitoringConfigManagedPrometheusConfigArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tBinaryAuthorization: \u0026container.AttachedClusterBinaryAuthorizationArgs{\n\t\t\t\tEvaluationMode: pulumi.String(\"PROJECT_SINGLETON_POLICY_ENFORCE\"),\n\t\t\t},\n\t\t\tProxyConfig: \u0026container.AttachedClusterProxyConfigArgs{\n\t\t\t\tKubernetesSecret: \u0026container.AttachedClusterProxyConfigKubernetesSecretArgs{\n\t\t\t\t\tName: pulumi.String(\"proxy-config\"),\n\t\t\t\t\tNamespace: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetAttachedVersionsArgs;\nimport com.pulumi.gcp.container.AttachedCluster;\nimport com.pulumi.gcp.container.AttachedClusterArgs;\nimport com.pulumi.gcp.container.inputs.AttachedClusterAuthorizationArgs;\nimport com.pulumi.gcp.container.inputs.AttachedClusterOidcConfigArgs;\nimport com.pulumi.gcp.container.inputs.AttachedClusterFleetArgs;\nimport com.pulumi.gcp.container.inputs.AttachedClusterLoggingConfigArgs;\nimport com.pulumi.gcp.container.inputs.AttachedClusterLoggingConfigComponentConfigArgs;\nimport com.pulumi.gcp.container.inputs.AttachedClusterMonitoringConfigArgs;\nimport com.pulumi.gcp.container.inputs.AttachedClusterMonitoringConfigManagedPrometheusConfigArgs;\nimport com.pulumi.gcp.container.inputs.AttachedClusterBinaryAuthorizationArgs;\nimport com.pulumi.gcp.container.inputs.AttachedClusterProxyConfigArgs;\nimport com.pulumi.gcp.container.inputs.AttachedClusterProxyConfigKubernetesSecretArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n final var versions = ContainerFunctions.getAttachedVersions(GetAttachedVersionsArgs.builder()\n .location(\"us-west1\")\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .build());\n\n var primary = new AttachedCluster(\"primary\", AttachedClusterArgs.builder()\n .name(\"basic\")\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .location(\"us-west1\")\n .description(\"Test cluster\")\n .distribution(\"aks\")\n .annotations(Map.of(\"label-one\", \"value-one\"))\n .authorization(AttachedClusterAuthorizationArgs.builder()\n .adminUsers( \n \"user1@example.com\",\n \"user2@example.com\")\n .adminGroups( \n \"group1@example.com\",\n \"group2@example.com\")\n .build())\n .oidcConfig(AttachedClusterOidcConfigArgs.builder()\n .issuerUrl(\"https://oidc.issuer.url\")\n .jwks(StdFunctions.base64encode(Base64encodeArgs.builder()\n .input(\"{\\\"keys\\\":[{\\\"use\\\":\\\"sig\\\",\\\"kty\\\":\\\"RSA\\\",\\\"kid\\\":\\\"testid\\\",\\\"alg\\\":\\\"RS256\\\",\\\"n\\\":\\\"somedata\\\",\\\"e\\\":\\\"AQAB\\\"}]}\")\n .build()).result())\n .build())\n .platformVersion(versions.applyValue(getAttachedVersionsResult -\u003e getAttachedVersionsResult.validVersions()[0]))\n .fleet(AttachedClusterFleetArgs.builder()\n .project(String.format(\"projects/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build())\n .loggingConfig(AttachedClusterLoggingConfigArgs.builder()\n .componentConfig(AttachedClusterLoggingConfigComponentConfigArgs.builder()\n .enableComponents( \n \"SYSTEM_COMPONENTS\",\n \"WORKLOADS\")\n .build())\n .build())\n .monitoringConfig(AttachedClusterMonitoringConfigArgs.builder()\n .managedPrometheusConfig(AttachedClusterMonitoringConfigManagedPrometheusConfigArgs.builder()\n .enabled(true)\n .build())\n .build())\n .binaryAuthorization(AttachedClusterBinaryAuthorizationArgs.builder()\n .evaluationMode(\"PROJECT_SINGLETON_POLICY_ENFORCE\")\n .build())\n .proxyConfig(AttachedClusterProxyConfigArgs.builder()\n .kubernetesSecret(AttachedClusterProxyConfigKubernetesSecretArgs.builder()\n .name(\"proxy-config\")\n .namespace(\"default\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:AttachedCluster\n properties:\n name: basic\n project: ${project.projectId}\n location: us-west1\n description: Test cluster\n distribution: aks\n annotations:\n label-one: value-one\n authorization:\n adminUsers:\n - user1@example.com\n - user2@example.com\n adminGroups:\n - group1@example.com\n - group2@example.com\n oidcConfig:\n issuerUrl: https://oidc.issuer.url\n jwks:\n fn::invoke:\n function: std:base64encode\n arguments:\n input: '{\"keys\":[{\"use\":\"sig\",\"kty\":\"RSA\",\"kid\":\"testid\",\"alg\":\"RS256\",\"n\":\"somedata\",\"e\":\"AQAB\"}]}'\n return: result\n platformVersion: ${versions.validVersions[0]}\n fleet:\n project: projects/${project.number}\n loggingConfig:\n componentConfig:\n enableComponents:\n - SYSTEM_COMPONENTS\n - WORKLOADS\n monitoringConfig:\n managedPrometheusConfig:\n enabled: true\n binaryAuthorization:\n evaluationMode: PROJECT_SINGLETON_POLICY_ENFORCE\n proxyConfig:\n kubernetesSecret:\n name: proxy-config\n namespace: default\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n versions:\n fn::invoke:\n function: gcp:container:getAttachedVersions\n arguments:\n location: us-west1\n project: ${project.projectId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Container Attached Cluster Ignore Errors\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst versions = project.then(project =\u003e gcp.container.getAttachedVersions({\n location: \"us-west1\",\n project: project.projectId,\n}));\nconst primary = new gcp.container.AttachedCluster(\"primary\", {\n name: \"basic\",\n location: \"us-west1\",\n project: project.then(project =\u003e project.projectId),\n description: \"Test cluster\",\n distribution: \"aks\",\n oidcConfig: {\n issuerUrl: \"https://oidc.issuer.url\",\n },\n platformVersion: versions.then(versions =\u003e versions.validVersions?.[0]),\n fleet: {\n project: project.then(project =\u003e `projects/${project.number}`),\n },\n deletionPolicy: \"DELETE_IGNORE_ERRORS\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nversions = gcp.container.get_attached_versions(location=\"us-west1\",\n project=project.project_id)\nprimary = gcp.container.AttachedCluster(\"primary\",\n name=\"basic\",\n location=\"us-west1\",\n project=project.project_id,\n description=\"Test cluster\",\n distribution=\"aks\",\n oidc_config={\n \"issuer_url\": \"https://oidc.issuer.url\",\n },\n platform_version=versions.valid_versions[0],\n fleet={\n \"project\": f\"projects/{project.number}\",\n },\n deletion_policy=\"DELETE_IGNORE_ERRORS\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var versions = Gcp.Container.GetAttachedVersions.Invoke(new()\n {\n Location = \"us-west1\",\n Project = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n });\n\n var primary = new Gcp.Container.AttachedCluster(\"primary\", new()\n {\n Name = \"basic\",\n Location = \"us-west1\",\n Project = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n Description = \"Test cluster\",\n Distribution = \"aks\",\n OidcConfig = new Gcp.Container.Inputs.AttachedClusterOidcConfigArgs\n {\n IssuerUrl = \"https://oidc.issuer.url\",\n },\n PlatformVersion = versions.Apply(getAttachedVersionsResult =\u003e getAttachedVersionsResult.ValidVersions[0]),\n Fleet = new Gcp.Container.Inputs.AttachedClusterFleetArgs\n {\n Project = $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}\",\n },\n DeletionPolicy = \"DELETE_IGNORE_ERRORS\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tversions, err := container.GetAttachedVersions(ctx, \u0026container.GetAttachedVersionsArgs{\n\t\t\tLocation: \"us-west1\",\n\t\t\tProject: project.ProjectId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = container.NewAttachedCluster(ctx, \"primary\", \u0026container.AttachedClusterArgs{\n\t\t\tName: pulumi.String(\"basic\"),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tProject: pulumi.String(project.ProjectId),\n\t\t\tDescription: pulumi.String(\"Test cluster\"),\n\t\t\tDistribution: pulumi.String(\"aks\"),\n\t\t\tOidcConfig: \u0026container.AttachedClusterOidcConfigArgs{\n\t\t\t\tIssuerUrl: pulumi.String(\"https://oidc.issuer.url\"),\n\t\t\t},\n\t\t\tPlatformVersion: pulumi.String(versions.ValidVersions[0]),\n\t\t\tFleet: \u0026container.AttachedClusterFleetArgs{\n\t\t\t\tProject: pulumi.Sprintf(\"projects/%v\", project.Number),\n\t\t\t},\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE_IGNORE_ERRORS\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetAttachedVersionsArgs;\nimport com.pulumi.gcp.container.AttachedCluster;\nimport com.pulumi.gcp.container.AttachedClusterArgs;\nimport com.pulumi.gcp.container.inputs.AttachedClusterOidcConfigArgs;\nimport com.pulumi.gcp.container.inputs.AttachedClusterFleetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n final var versions = ContainerFunctions.getAttachedVersions(GetAttachedVersionsArgs.builder()\n .location(\"us-west1\")\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .build());\n\n var primary = new AttachedCluster(\"primary\", AttachedClusterArgs.builder()\n .name(\"basic\")\n .location(\"us-west1\")\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .description(\"Test cluster\")\n .distribution(\"aks\")\n .oidcConfig(AttachedClusterOidcConfigArgs.builder()\n .issuerUrl(\"https://oidc.issuer.url\")\n .build())\n .platformVersion(versions.applyValue(getAttachedVersionsResult -\u003e getAttachedVersionsResult.validVersions()[0]))\n .fleet(AttachedClusterFleetArgs.builder()\n .project(String.format(\"projects/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build())\n .deletionPolicy(\"DELETE_IGNORE_ERRORS\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:AttachedCluster\n properties:\n name: basic\n location: us-west1\n project: ${project.projectId}\n description: Test cluster\n distribution: aks\n oidcConfig:\n issuerUrl: https://oidc.issuer.url\n platformVersion: ${versions.validVersions[0]}\n fleet:\n project: projects/${project.number}\n deletionPolicy: DELETE_IGNORE_ERRORS\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n versions:\n fn::invoke:\n function: gcp:container:getAttachedVersions\n arguments:\n location: us-west1\n project: ${project.projectId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nCluster can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/attachedClusters/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Cluster can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:container/attachedCluster:AttachedCluster default projects/{{project}}/locations/{{location}}/attachedClusters/{{name}}\n```\n\n```sh\n$ pulumi import gcp:container/attachedCluster:AttachedCluster default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:container/attachedCluster:AttachedCluster default {{location}}/{{name}}\n```\n\n", "properties": { "annotations": { "type": "object", @@ -185830,7 +185830,7 @@ } }, "gcp:container/awsCluster:AwsCluster": { - "description": "An Anthos cluster running on AWS.\n\nFor more information, see:\n* [Multicloud overview](https://cloud.google.com/kubernetes-engine/multi-cloud/docs)\n## Example Usage\n\n### Basic_aws_cluster\nA basic example of a containeraws cluster\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst versions = gcp.container.getAwsVersions({\n project: \"my-project-name\",\n location: \"us-west1\",\n});\nconst primary = new gcp.container.AwsCluster(\"primary\", {\n authorization: {\n adminUsers: [{\n username: \"my@service-account.com\",\n }],\n adminGroups: [{\n group: \"group@domain.com\",\n }],\n },\n awsRegion: \"my-aws-region\",\n controlPlane: {\n awsServicesAuthentication: {\n roleArn: \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n roleSessionName: \"my--1p-dev-session\",\n },\n configEncryption: {\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n databaseEncryption: {\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n iamInstanceProfile: \"my--1p-dev-controlplane\",\n subnetIds: [\"subnet-00000000000000000\"],\n version: versions.then(versions =\u003e versions.validVersions?.[0]),\n instanceType: \"t3.medium\",\n mainVolume: {\n iops: 3000,\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n sizeGib: 10,\n volumeType: \"GP3\",\n },\n proxyConfig: {\n secretArn: \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n secretVersion: \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n rootVolume: {\n iops: 3000,\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n sizeGib: 10,\n volumeType: \"GP3\",\n },\n securityGroupIds: [\"sg-00000000000000000\"],\n sshConfig: {\n ec2KeyPair: \"my--1p-dev-ssh\",\n },\n tags: {\n owner: \"my@service-account.com\",\n },\n },\n fleet: {\n project: \"my-project-number\",\n },\n location: \"us-west1\",\n name: \"name\",\n networking: {\n podAddressCidrBlocks: [\"10.2.0.0/16\"],\n serviceAddressCidrBlocks: [\"10.1.0.0/16\"],\n vpcId: \"vpc-00000000000000000\",\n },\n annotations: {\n \"label-one\": \"value-one\",\n },\n description: \"A sample aws cluster\",\n project: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nversions = gcp.container.get_aws_versions(project=\"my-project-name\",\n location=\"us-west1\")\nprimary = gcp.container.AwsCluster(\"primary\",\n authorization={\n \"admin_users\": [{\n \"username\": \"my@service-account.com\",\n }],\n \"admin_groups\": [{\n \"group\": \"group@domain.com\",\n }],\n },\n aws_region=\"my-aws-region\",\n control_plane={\n \"aws_services_authentication\": {\n \"role_arn\": \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n \"role_session_name\": \"my--1p-dev-session\",\n },\n \"config_encryption\": {\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n \"database_encryption\": {\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n \"iam_instance_profile\": \"my--1p-dev-controlplane\",\n \"subnet_ids\": [\"subnet-00000000000000000\"],\n \"version\": versions.valid_versions[0],\n \"instance_type\": \"t3.medium\",\n \"main_volume\": {\n \"iops\": 3000,\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n \"size_gib\": 10,\n \"volume_type\": \"GP3\",\n },\n \"proxy_config\": {\n \"secret_arn\": \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n \"secret_version\": \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n \"root_volume\": {\n \"iops\": 3000,\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n \"size_gib\": 10,\n \"volume_type\": \"GP3\",\n },\n \"security_group_ids\": [\"sg-00000000000000000\"],\n \"ssh_config\": {\n \"ec2_key_pair\": \"my--1p-dev-ssh\",\n },\n \"tags\": {\n \"owner\": \"my@service-account.com\",\n },\n },\n fleet={\n \"project\": \"my-project-number\",\n },\n location=\"us-west1\",\n name=\"name\",\n networking={\n \"pod_address_cidr_blocks\": [\"10.2.0.0/16\"],\n \"service_address_cidr_blocks\": [\"10.1.0.0/16\"],\n \"vpc_id\": \"vpc-00000000000000000\",\n },\n annotations={\n \"label-one\": \"value-one\",\n },\n description=\"A sample aws cluster\",\n project=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var versions = Gcp.Container.GetAwsVersions.Invoke(new()\n {\n Project = \"my-project-name\",\n Location = \"us-west1\",\n });\n\n var primary = new Gcp.Container.AwsCluster(\"primary\", new()\n {\n Authorization = new Gcp.Container.Inputs.AwsClusterAuthorizationArgs\n {\n AdminUsers = new[]\n {\n new Gcp.Container.Inputs.AwsClusterAuthorizationAdminUserArgs\n {\n Username = \"my@service-account.com\",\n },\n },\n AdminGroups = new[]\n {\n new Gcp.Container.Inputs.AwsClusterAuthorizationAdminGroupArgs\n {\n Group = \"group@domain.com\",\n },\n },\n },\n AwsRegion = \"my-aws-region\",\n ControlPlane = new Gcp.Container.Inputs.AwsClusterControlPlaneArgs\n {\n AwsServicesAuthentication = new Gcp.Container.Inputs.AwsClusterControlPlaneAwsServicesAuthenticationArgs\n {\n RoleArn = \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n RoleSessionName = \"my--1p-dev-session\",\n },\n ConfigEncryption = new Gcp.Container.Inputs.AwsClusterControlPlaneConfigEncryptionArgs\n {\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n DatabaseEncryption = new Gcp.Container.Inputs.AwsClusterControlPlaneDatabaseEncryptionArgs\n {\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n IamInstanceProfile = \"my--1p-dev-controlplane\",\n SubnetIds = new[]\n {\n \"subnet-00000000000000000\",\n },\n Version = versions.Apply(getAwsVersionsResult =\u003e getAwsVersionsResult.ValidVersions[0]),\n InstanceType = \"t3.medium\",\n MainVolume = new Gcp.Container.Inputs.AwsClusterControlPlaneMainVolumeArgs\n {\n Iops = 3000,\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n SizeGib = 10,\n VolumeType = \"GP3\",\n },\n ProxyConfig = new Gcp.Container.Inputs.AwsClusterControlPlaneProxyConfigArgs\n {\n SecretArn = \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n SecretVersion = \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n RootVolume = new Gcp.Container.Inputs.AwsClusterControlPlaneRootVolumeArgs\n {\n Iops = 3000,\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n SizeGib = 10,\n VolumeType = \"GP3\",\n },\n SecurityGroupIds = new[]\n {\n \"sg-00000000000000000\",\n },\n SshConfig = new Gcp.Container.Inputs.AwsClusterControlPlaneSshConfigArgs\n {\n Ec2KeyPair = \"my--1p-dev-ssh\",\n },\n Tags = \n {\n { \"owner\", \"my@service-account.com\" },\n },\n },\n Fleet = new Gcp.Container.Inputs.AwsClusterFleetArgs\n {\n Project = \"my-project-number\",\n },\n Location = \"us-west1\",\n Name = \"name\",\n Networking = new Gcp.Container.Inputs.AwsClusterNetworkingArgs\n {\n PodAddressCidrBlocks = new[]\n {\n \"10.2.0.0/16\",\n },\n ServiceAddressCidrBlocks = new[]\n {\n \"10.1.0.0/16\",\n },\n VpcId = \"vpc-00000000000000000\",\n },\n Annotations = \n {\n { \"label-one\", \"value-one\" },\n },\n Description = \"A sample aws cluster\",\n Project = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tversions, err := container.GetAwsVersions(ctx, \u0026container.GetAwsVersionsArgs{\n\t\t\tProject: pulumi.StringRef(\"my-project-name\"),\n\t\t\tLocation: pulumi.StringRef(\"us-west1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = container.NewAwsCluster(ctx, \"primary\", \u0026container.AwsClusterArgs{\n\t\t\tAuthorization: \u0026container.AwsClusterAuthorizationArgs{\n\t\t\t\tAdminUsers: container.AwsClusterAuthorizationAdminUserArray{\n\t\t\t\t\t\u0026container.AwsClusterAuthorizationAdminUserArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"my@service-account.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tAdminGroups: container.AwsClusterAuthorizationAdminGroupArray{\n\t\t\t\t\t\u0026container.AwsClusterAuthorizationAdminGroupArgs{\n\t\t\t\t\t\tGroup: pulumi.String(\"group@domain.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAwsRegion: pulumi.String(\"my-aws-region\"),\n\t\t\tControlPlane: \u0026container.AwsClusterControlPlaneArgs{\n\t\t\t\tAwsServicesAuthentication: \u0026container.AwsClusterControlPlaneAwsServicesAuthenticationArgs{\n\t\t\t\t\tRoleArn: pulumi.String(\"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\"),\n\t\t\t\t\tRoleSessionName: pulumi.String(\"my--1p-dev-session\"),\n\t\t\t\t},\n\t\t\t\tConfigEncryption: \u0026container.AwsClusterControlPlaneConfigEncryptionArgs{\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t},\n\t\t\t\tDatabaseEncryption: \u0026container.AwsClusterControlPlaneDatabaseEncryptionArgs{\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t},\n\t\t\t\tIamInstanceProfile: pulumi.String(\"my--1p-dev-controlplane\"),\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"subnet-00000000000000000\"),\n\t\t\t\t},\n\t\t\t\tVersion: pulumi.String(versions.ValidVersions[0]),\n\t\t\t\tInstanceType: pulumi.String(\"t3.medium\"),\n\t\t\t\tMainVolume: \u0026container.AwsClusterControlPlaneMainVolumeArgs{\n\t\t\t\t\tIops: pulumi.Int(3000),\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t\tSizeGib: pulumi.Int(10),\n\t\t\t\t\tVolumeType: pulumi.String(\"GP3\"),\n\t\t\t\t},\n\t\t\t\tProxyConfig: \u0026container.AwsClusterControlPlaneProxyConfigArgs{\n\t\t\t\t\tSecretArn: pulumi.String(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\"),\n\t\t\t\t\tSecretVersion: pulumi.String(\"12345678-ABCD-EFGH-IJKL-987654321098\"),\n\t\t\t\t},\n\t\t\t\tRootVolume: \u0026container.AwsClusterControlPlaneRootVolumeArgs{\n\t\t\t\t\tIops: pulumi.Int(3000),\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t\tSizeGib: pulumi.Int(10),\n\t\t\t\t\tVolumeType: pulumi.String(\"GP3\"),\n\t\t\t\t},\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"sg-00000000000000000\"),\n\t\t\t\t},\n\t\t\t\tSshConfig: \u0026container.AwsClusterControlPlaneSshConfigArgs{\n\t\t\t\t\tEc2KeyPair: pulumi.String(\"my--1p-dev-ssh\"),\n\t\t\t\t},\n\t\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\t\"owner\": pulumi.String(\"my@service-account.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tFleet: \u0026container.AwsClusterFleetArgs{\n\t\t\t\tProject: pulumi.String(\"my-project-number\"),\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tName: pulumi.String(\"name\"),\n\t\t\tNetworking: \u0026container.AwsClusterNetworkingArgs{\n\t\t\t\tPodAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.2.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tServiceAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.1.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tVpcId: pulumi.String(\"vpc-00000000000000000\"),\n\t\t\t},\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"A sample aws cluster\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetAwsVersionsArgs;\nimport com.pulumi.gcp.container.AwsCluster;\nimport com.pulumi.gcp.container.AwsClusterArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterAuthorizationArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneAwsServicesAuthenticationArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneConfigEncryptionArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneDatabaseEncryptionArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneMainVolumeArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneProxyConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneRootVolumeArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneSshConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterFleetArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterNetworkingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var versions = ContainerFunctions.getAwsVersions(GetAwsVersionsArgs.builder()\n .project(\"my-project-name\")\n .location(\"us-west1\")\n .build());\n\n var primary = new AwsCluster(\"primary\", AwsClusterArgs.builder()\n .authorization(AwsClusterAuthorizationArgs.builder()\n .adminUsers(AwsClusterAuthorizationAdminUserArgs.builder()\n .username(\"my@service-account.com\")\n .build())\n .adminGroups(AwsClusterAuthorizationAdminGroupArgs.builder()\n .group(\"group@domain.com\")\n .build())\n .build())\n .awsRegion(\"my-aws-region\")\n .controlPlane(AwsClusterControlPlaneArgs.builder()\n .awsServicesAuthentication(AwsClusterControlPlaneAwsServicesAuthenticationArgs.builder()\n .roleArn(\"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\")\n .roleSessionName(\"my--1p-dev-session\")\n .build())\n .configEncryption(AwsClusterControlPlaneConfigEncryptionArgs.builder()\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .build())\n .databaseEncryption(AwsClusterControlPlaneDatabaseEncryptionArgs.builder()\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .build())\n .iamInstanceProfile(\"my--1p-dev-controlplane\")\n .subnetIds(\"subnet-00000000000000000\")\n .version(versions.applyValue(getAwsVersionsResult -\u003e getAwsVersionsResult.validVersions()[0]))\n .instanceType(\"t3.medium\")\n .mainVolume(AwsClusterControlPlaneMainVolumeArgs.builder()\n .iops(3000)\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .sizeGib(10)\n .volumeType(\"GP3\")\n .build())\n .proxyConfig(AwsClusterControlPlaneProxyConfigArgs.builder()\n .secretArn(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\")\n .secretVersion(\"12345678-ABCD-EFGH-IJKL-987654321098\")\n .build())\n .rootVolume(AwsClusterControlPlaneRootVolumeArgs.builder()\n .iops(3000)\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .sizeGib(10)\n .volumeType(\"GP3\")\n .build())\n .securityGroupIds(\"sg-00000000000000000\")\n .sshConfig(AwsClusterControlPlaneSshConfigArgs.builder()\n .ec2KeyPair(\"my--1p-dev-ssh\")\n .build())\n .tags(Map.of(\"owner\", \"my@service-account.com\"))\n .build())\n .fleet(AwsClusterFleetArgs.builder()\n .project(\"my-project-number\")\n .build())\n .location(\"us-west1\")\n .name(\"name\")\n .networking(AwsClusterNetworkingArgs.builder()\n .podAddressCidrBlocks(\"10.2.0.0/16\")\n .serviceAddressCidrBlocks(\"10.1.0.0/16\")\n .vpcId(\"vpc-00000000000000000\")\n .build())\n .annotations(Map.of(\"label-one\", \"value-one\"))\n .description(\"A sample aws cluster\")\n .project(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:AwsCluster\n properties:\n authorization:\n adminUsers:\n - username: my@service-account.com\n adminGroups:\n - group: group@domain.com\n awsRegion: my-aws-region\n controlPlane:\n awsServicesAuthentication:\n roleArn: arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\n roleSessionName: my--1p-dev-session\n configEncryption:\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n databaseEncryption:\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n iamInstanceProfile: my--1p-dev-controlplane\n subnetIds:\n - subnet-00000000000000000\n version: ${versions.validVersions[0]}\n instanceType: t3.medium\n mainVolume:\n iops: 3000\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n sizeGib: 10\n volumeType: GP3\n proxyConfig:\n secretArn: arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\n secretVersion: 12345678-ABCD-EFGH-IJKL-987654321098\n rootVolume:\n iops: 3000\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n sizeGib: 10\n volumeType: GP3\n securityGroupIds:\n - sg-00000000000000000\n sshConfig:\n ec2KeyPair: my--1p-dev-ssh\n tags:\n owner: my@service-account.com\n fleet:\n project: my-project-number\n location: us-west1\n name: name\n networking:\n podAddressCidrBlocks:\n - 10.2.0.0/16\n serviceAddressCidrBlocks:\n - 10.1.0.0/16\n vpcId: vpc-00000000000000000\n annotations:\n label-one: value-one\n description: A sample aws cluster\n project: my-project-name\nvariables:\n versions:\n fn::invoke:\n Function: gcp:container:getAwsVersions\n Arguments:\n project: my-project-name\n location: us-west1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Basic_enum_aws_cluster\nA basic example of a containeraws cluster with lowercase enums\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst versions = gcp.container.getAwsVersions({\n project: \"my-project-name\",\n location: \"us-west1\",\n});\nconst primary = new gcp.container.AwsCluster(\"primary\", {\n authorization: {\n adminUsers: [{\n username: \"my@service-account.com\",\n }],\n },\n awsRegion: \"my-aws-region\",\n controlPlane: {\n awsServicesAuthentication: {\n roleArn: \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n roleSessionName: \"my--1p-dev-session\",\n },\n configEncryption: {\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n databaseEncryption: {\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n iamInstanceProfile: \"my--1p-dev-controlplane\",\n subnetIds: [\"subnet-00000000000000000\"],\n version: versions.then(versions =\u003e versions.validVersions?.[0]),\n instanceType: \"t3.medium\",\n mainVolume: {\n iops: 3000,\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n sizeGib: 10,\n volumeType: \"gp3\",\n },\n proxyConfig: {\n secretArn: \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n secretVersion: \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n rootVolume: {\n iops: 3000,\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n sizeGib: 10,\n volumeType: \"gp3\",\n },\n securityGroupIds: [\"sg-00000000000000000\"],\n sshConfig: {\n ec2KeyPair: \"my--1p-dev-ssh\",\n },\n tags: {\n owner: \"my@service-account.com\",\n },\n },\n fleet: {\n project: \"my-project-number\",\n },\n location: \"us-west1\",\n name: \"name\",\n networking: {\n podAddressCidrBlocks: [\"10.2.0.0/16\"],\n serviceAddressCidrBlocks: [\"10.1.0.0/16\"],\n vpcId: \"vpc-00000000000000000\",\n },\n annotations: {\n \"label-one\": \"value-one\",\n },\n description: \"A sample aws cluster\",\n project: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nversions = gcp.container.get_aws_versions(project=\"my-project-name\",\n location=\"us-west1\")\nprimary = gcp.container.AwsCluster(\"primary\",\n authorization={\n \"admin_users\": [{\n \"username\": \"my@service-account.com\",\n }],\n },\n aws_region=\"my-aws-region\",\n control_plane={\n \"aws_services_authentication\": {\n \"role_arn\": \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n \"role_session_name\": \"my--1p-dev-session\",\n },\n \"config_encryption\": {\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n \"database_encryption\": {\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n \"iam_instance_profile\": \"my--1p-dev-controlplane\",\n \"subnet_ids\": [\"subnet-00000000000000000\"],\n \"version\": versions.valid_versions[0],\n \"instance_type\": \"t3.medium\",\n \"main_volume\": {\n \"iops\": 3000,\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n \"size_gib\": 10,\n \"volume_type\": \"gp3\",\n },\n \"proxy_config\": {\n \"secret_arn\": \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n \"secret_version\": \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n \"root_volume\": {\n \"iops\": 3000,\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n \"size_gib\": 10,\n \"volume_type\": \"gp3\",\n },\n \"security_group_ids\": [\"sg-00000000000000000\"],\n \"ssh_config\": {\n \"ec2_key_pair\": \"my--1p-dev-ssh\",\n },\n \"tags\": {\n \"owner\": \"my@service-account.com\",\n },\n },\n fleet={\n \"project\": \"my-project-number\",\n },\n location=\"us-west1\",\n name=\"name\",\n networking={\n \"pod_address_cidr_blocks\": [\"10.2.0.0/16\"],\n \"service_address_cidr_blocks\": [\"10.1.0.0/16\"],\n \"vpc_id\": \"vpc-00000000000000000\",\n },\n annotations={\n \"label-one\": \"value-one\",\n },\n description=\"A sample aws cluster\",\n project=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var versions = Gcp.Container.GetAwsVersions.Invoke(new()\n {\n Project = \"my-project-name\",\n Location = \"us-west1\",\n });\n\n var primary = new Gcp.Container.AwsCluster(\"primary\", new()\n {\n Authorization = new Gcp.Container.Inputs.AwsClusterAuthorizationArgs\n {\n AdminUsers = new[]\n {\n new Gcp.Container.Inputs.AwsClusterAuthorizationAdminUserArgs\n {\n Username = \"my@service-account.com\",\n },\n },\n },\n AwsRegion = \"my-aws-region\",\n ControlPlane = new Gcp.Container.Inputs.AwsClusterControlPlaneArgs\n {\n AwsServicesAuthentication = new Gcp.Container.Inputs.AwsClusterControlPlaneAwsServicesAuthenticationArgs\n {\n RoleArn = \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n RoleSessionName = \"my--1p-dev-session\",\n },\n ConfigEncryption = new Gcp.Container.Inputs.AwsClusterControlPlaneConfigEncryptionArgs\n {\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n DatabaseEncryption = new Gcp.Container.Inputs.AwsClusterControlPlaneDatabaseEncryptionArgs\n {\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n IamInstanceProfile = \"my--1p-dev-controlplane\",\n SubnetIds = new[]\n {\n \"subnet-00000000000000000\",\n },\n Version = versions.Apply(getAwsVersionsResult =\u003e getAwsVersionsResult.ValidVersions[0]),\n InstanceType = \"t3.medium\",\n MainVolume = new Gcp.Container.Inputs.AwsClusterControlPlaneMainVolumeArgs\n {\n Iops = 3000,\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n SizeGib = 10,\n VolumeType = \"gp3\",\n },\n ProxyConfig = new Gcp.Container.Inputs.AwsClusterControlPlaneProxyConfigArgs\n {\n SecretArn = \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n SecretVersion = \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n RootVolume = new Gcp.Container.Inputs.AwsClusterControlPlaneRootVolumeArgs\n {\n Iops = 3000,\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n SizeGib = 10,\n VolumeType = \"gp3\",\n },\n SecurityGroupIds = new[]\n {\n \"sg-00000000000000000\",\n },\n SshConfig = new Gcp.Container.Inputs.AwsClusterControlPlaneSshConfigArgs\n {\n Ec2KeyPair = \"my--1p-dev-ssh\",\n },\n Tags = \n {\n { \"owner\", \"my@service-account.com\" },\n },\n },\n Fleet = new Gcp.Container.Inputs.AwsClusterFleetArgs\n {\n Project = \"my-project-number\",\n },\n Location = \"us-west1\",\n Name = \"name\",\n Networking = new Gcp.Container.Inputs.AwsClusterNetworkingArgs\n {\n PodAddressCidrBlocks = new[]\n {\n \"10.2.0.0/16\",\n },\n ServiceAddressCidrBlocks = new[]\n {\n \"10.1.0.0/16\",\n },\n VpcId = \"vpc-00000000000000000\",\n },\n Annotations = \n {\n { \"label-one\", \"value-one\" },\n },\n Description = \"A sample aws cluster\",\n Project = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tversions, err := container.GetAwsVersions(ctx, \u0026container.GetAwsVersionsArgs{\n\t\t\tProject: pulumi.StringRef(\"my-project-name\"),\n\t\t\tLocation: pulumi.StringRef(\"us-west1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = container.NewAwsCluster(ctx, \"primary\", \u0026container.AwsClusterArgs{\n\t\t\tAuthorization: \u0026container.AwsClusterAuthorizationArgs{\n\t\t\t\tAdminUsers: container.AwsClusterAuthorizationAdminUserArray{\n\t\t\t\t\t\u0026container.AwsClusterAuthorizationAdminUserArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"my@service-account.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAwsRegion: pulumi.String(\"my-aws-region\"),\n\t\t\tControlPlane: \u0026container.AwsClusterControlPlaneArgs{\n\t\t\t\tAwsServicesAuthentication: \u0026container.AwsClusterControlPlaneAwsServicesAuthenticationArgs{\n\t\t\t\t\tRoleArn: pulumi.String(\"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\"),\n\t\t\t\t\tRoleSessionName: pulumi.String(\"my--1p-dev-session\"),\n\t\t\t\t},\n\t\t\t\tConfigEncryption: \u0026container.AwsClusterControlPlaneConfigEncryptionArgs{\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t},\n\t\t\t\tDatabaseEncryption: \u0026container.AwsClusterControlPlaneDatabaseEncryptionArgs{\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t},\n\t\t\t\tIamInstanceProfile: pulumi.String(\"my--1p-dev-controlplane\"),\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"subnet-00000000000000000\"),\n\t\t\t\t},\n\t\t\t\tVersion: pulumi.String(versions.ValidVersions[0]),\n\t\t\t\tInstanceType: pulumi.String(\"t3.medium\"),\n\t\t\t\tMainVolume: \u0026container.AwsClusterControlPlaneMainVolumeArgs{\n\t\t\t\t\tIops: pulumi.Int(3000),\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t\tSizeGib: pulumi.Int(10),\n\t\t\t\t\tVolumeType: pulumi.String(\"gp3\"),\n\t\t\t\t},\n\t\t\t\tProxyConfig: \u0026container.AwsClusterControlPlaneProxyConfigArgs{\n\t\t\t\t\tSecretArn: pulumi.String(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\"),\n\t\t\t\t\tSecretVersion: pulumi.String(\"12345678-ABCD-EFGH-IJKL-987654321098\"),\n\t\t\t\t},\n\t\t\t\tRootVolume: \u0026container.AwsClusterControlPlaneRootVolumeArgs{\n\t\t\t\t\tIops: pulumi.Int(3000),\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t\tSizeGib: pulumi.Int(10),\n\t\t\t\t\tVolumeType: pulumi.String(\"gp3\"),\n\t\t\t\t},\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"sg-00000000000000000\"),\n\t\t\t\t},\n\t\t\t\tSshConfig: \u0026container.AwsClusterControlPlaneSshConfigArgs{\n\t\t\t\t\tEc2KeyPair: pulumi.String(\"my--1p-dev-ssh\"),\n\t\t\t\t},\n\t\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\t\"owner\": pulumi.String(\"my@service-account.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tFleet: \u0026container.AwsClusterFleetArgs{\n\t\t\t\tProject: pulumi.String(\"my-project-number\"),\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tName: pulumi.String(\"name\"),\n\t\t\tNetworking: \u0026container.AwsClusterNetworkingArgs{\n\t\t\t\tPodAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.2.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tServiceAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.1.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tVpcId: pulumi.String(\"vpc-00000000000000000\"),\n\t\t\t},\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"A sample aws cluster\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetAwsVersionsArgs;\nimport com.pulumi.gcp.container.AwsCluster;\nimport com.pulumi.gcp.container.AwsClusterArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterAuthorizationArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneAwsServicesAuthenticationArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneConfigEncryptionArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneDatabaseEncryptionArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneMainVolumeArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneProxyConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneRootVolumeArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneSshConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterFleetArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterNetworkingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var versions = ContainerFunctions.getAwsVersions(GetAwsVersionsArgs.builder()\n .project(\"my-project-name\")\n .location(\"us-west1\")\n .build());\n\n var primary = new AwsCluster(\"primary\", AwsClusterArgs.builder()\n .authorization(AwsClusterAuthorizationArgs.builder()\n .adminUsers(AwsClusterAuthorizationAdminUserArgs.builder()\n .username(\"my@service-account.com\")\n .build())\n .build())\n .awsRegion(\"my-aws-region\")\n .controlPlane(AwsClusterControlPlaneArgs.builder()\n .awsServicesAuthentication(AwsClusterControlPlaneAwsServicesAuthenticationArgs.builder()\n .roleArn(\"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\")\n .roleSessionName(\"my--1p-dev-session\")\n .build())\n .configEncryption(AwsClusterControlPlaneConfigEncryptionArgs.builder()\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .build())\n .databaseEncryption(AwsClusterControlPlaneDatabaseEncryptionArgs.builder()\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .build())\n .iamInstanceProfile(\"my--1p-dev-controlplane\")\n .subnetIds(\"subnet-00000000000000000\")\n .version(versions.applyValue(getAwsVersionsResult -\u003e getAwsVersionsResult.validVersions()[0]))\n .instanceType(\"t3.medium\")\n .mainVolume(AwsClusterControlPlaneMainVolumeArgs.builder()\n .iops(3000)\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .sizeGib(10)\n .volumeType(\"gp3\")\n .build())\n .proxyConfig(AwsClusterControlPlaneProxyConfigArgs.builder()\n .secretArn(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\")\n .secretVersion(\"12345678-ABCD-EFGH-IJKL-987654321098\")\n .build())\n .rootVolume(AwsClusterControlPlaneRootVolumeArgs.builder()\n .iops(3000)\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .sizeGib(10)\n .volumeType(\"gp3\")\n .build())\n .securityGroupIds(\"sg-00000000000000000\")\n .sshConfig(AwsClusterControlPlaneSshConfigArgs.builder()\n .ec2KeyPair(\"my--1p-dev-ssh\")\n .build())\n .tags(Map.of(\"owner\", \"my@service-account.com\"))\n .build())\n .fleet(AwsClusterFleetArgs.builder()\n .project(\"my-project-number\")\n .build())\n .location(\"us-west1\")\n .name(\"name\")\n .networking(AwsClusterNetworkingArgs.builder()\n .podAddressCidrBlocks(\"10.2.0.0/16\")\n .serviceAddressCidrBlocks(\"10.1.0.0/16\")\n .vpcId(\"vpc-00000000000000000\")\n .build())\n .annotations(Map.of(\"label-one\", \"value-one\"))\n .description(\"A sample aws cluster\")\n .project(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:AwsCluster\n properties:\n authorization:\n adminUsers:\n - username: my@service-account.com\n awsRegion: my-aws-region\n controlPlane:\n awsServicesAuthentication:\n roleArn: arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\n roleSessionName: my--1p-dev-session\n configEncryption:\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n databaseEncryption:\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n iamInstanceProfile: my--1p-dev-controlplane\n subnetIds:\n - subnet-00000000000000000\n version: ${versions.validVersions[0]}\n instanceType: t3.medium\n mainVolume:\n iops: 3000\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n sizeGib: 10\n volumeType: gp3\n proxyConfig:\n secretArn: arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\n secretVersion: 12345678-ABCD-EFGH-IJKL-987654321098\n rootVolume:\n iops: 3000\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n sizeGib: 10\n volumeType: gp3\n securityGroupIds:\n - sg-00000000000000000\n sshConfig:\n ec2KeyPair: my--1p-dev-ssh\n tags:\n owner: my@service-account.com\n fleet:\n project: my-project-number\n location: us-west1\n name: name\n networking:\n podAddressCidrBlocks:\n - 10.2.0.0/16\n serviceAddressCidrBlocks:\n - 10.1.0.0/16\n vpcId: vpc-00000000000000000\n annotations:\n label-one: value-one\n description: A sample aws cluster\n project: my-project-name\nvariables:\n versions:\n fn::invoke:\n Function: gcp:container:getAwsVersions\n Arguments:\n project: my-project-name\n location: us-west1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Beta_basic_enum_aws_cluster\nA basic example of a containeraws cluster with lowercase enums (beta)\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst versions = gcp.container.getAwsVersions({\n project: \"my-project-name\",\n location: \"us-west1\",\n});\nconst primary = new gcp.container.AwsCluster(\"primary\", {\n authorization: {\n adminUsers: [{\n username: \"my@service-account.com\",\n }],\n },\n awsRegion: \"my-aws-region\",\n controlPlane: {\n awsServicesAuthentication: {\n roleArn: \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n roleSessionName: \"my--1p-dev-session\",\n },\n configEncryption: {\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n databaseEncryption: {\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n iamInstanceProfile: \"my--1p-dev-controlplane\",\n subnetIds: [\"subnet-00000000000000000\"],\n version: versions.then(versions =\u003e versions.validVersions?.[0]),\n instanceType: \"t3.medium\",\n mainVolume: {\n iops: 3000,\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n sizeGib: 10,\n volumeType: \"gp3\",\n },\n proxyConfig: {\n secretArn: \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n secretVersion: \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n rootVolume: {\n iops: 3000,\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n sizeGib: 10,\n volumeType: \"gp3\",\n },\n securityGroupIds: [\"sg-00000000000000000\"],\n sshConfig: {\n ec2KeyPair: \"my--1p-dev-ssh\",\n },\n tags: {\n owner: \"my@service-account.com\",\n },\n instancePlacement: {\n tenancy: \"dedicated\",\n },\n },\n fleet: {\n project: \"my-project-number\",\n },\n location: \"us-west1\",\n name: \"name\",\n networking: {\n podAddressCidrBlocks: [\"10.2.0.0/16\"],\n serviceAddressCidrBlocks: [\"10.1.0.0/16\"],\n vpcId: \"vpc-00000000000000000\",\n },\n annotations: {\n \"label-one\": \"value-one\",\n },\n description: \"A sample aws cluster\",\n project: \"my-project-name\",\n loggingConfig: {\n componentConfig: {\n enableComponents: [\n \"system_components\",\n \"workloads\",\n ],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nversions = gcp.container.get_aws_versions(project=\"my-project-name\",\n location=\"us-west1\")\nprimary = gcp.container.AwsCluster(\"primary\",\n authorization={\n \"admin_users\": [{\n \"username\": \"my@service-account.com\",\n }],\n },\n aws_region=\"my-aws-region\",\n control_plane={\n \"aws_services_authentication\": {\n \"role_arn\": \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n \"role_session_name\": \"my--1p-dev-session\",\n },\n \"config_encryption\": {\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n \"database_encryption\": {\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n \"iam_instance_profile\": \"my--1p-dev-controlplane\",\n \"subnet_ids\": [\"subnet-00000000000000000\"],\n \"version\": versions.valid_versions[0],\n \"instance_type\": \"t3.medium\",\n \"main_volume\": {\n \"iops\": 3000,\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n \"size_gib\": 10,\n \"volume_type\": \"gp3\",\n },\n \"proxy_config\": {\n \"secret_arn\": \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n \"secret_version\": \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n \"root_volume\": {\n \"iops\": 3000,\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n \"size_gib\": 10,\n \"volume_type\": \"gp3\",\n },\n \"security_group_ids\": [\"sg-00000000000000000\"],\n \"ssh_config\": {\n \"ec2_key_pair\": \"my--1p-dev-ssh\",\n },\n \"tags\": {\n \"owner\": \"my@service-account.com\",\n },\n \"instance_placement\": {\n \"tenancy\": \"dedicated\",\n },\n },\n fleet={\n \"project\": \"my-project-number\",\n },\n location=\"us-west1\",\n name=\"name\",\n networking={\n \"pod_address_cidr_blocks\": [\"10.2.0.0/16\"],\n \"service_address_cidr_blocks\": [\"10.1.0.0/16\"],\n \"vpc_id\": \"vpc-00000000000000000\",\n },\n annotations={\n \"label-one\": \"value-one\",\n },\n description=\"A sample aws cluster\",\n project=\"my-project-name\",\n logging_config={\n \"component_config\": {\n \"enable_components\": [\n \"system_components\",\n \"workloads\",\n ],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var versions = Gcp.Container.GetAwsVersions.Invoke(new()\n {\n Project = \"my-project-name\",\n Location = \"us-west1\",\n });\n\n var primary = new Gcp.Container.AwsCluster(\"primary\", new()\n {\n Authorization = new Gcp.Container.Inputs.AwsClusterAuthorizationArgs\n {\n AdminUsers = new[]\n {\n new Gcp.Container.Inputs.AwsClusterAuthorizationAdminUserArgs\n {\n Username = \"my@service-account.com\",\n },\n },\n },\n AwsRegion = \"my-aws-region\",\n ControlPlane = new Gcp.Container.Inputs.AwsClusterControlPlaneArgs\n {\n AwsServicesAuthentication = new Gcp.Container.Inputs.AwsClusterControlPlaneAwsServicesAuthenticationArgs\n {\n RoleArn = \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n RoleSessionName = \"my--1p-dev-session\",\n },\n ConfigEncryption = new Gcp.Container.Inputs.AwsClusterControlPlaneConfigEncryptionArgs\n {\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n DatabaseEncryption = new Gcp.Container.Inputs.AwsClusterControlPlaneDatabaseEncryptionArgs\n {\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n IamInstanceProfile = \"my--1p-dev-controlplane\",\n SubnetIds = new[]\n {\n \"subnet-00000000000000000\",\n },\n Version = versions.Apply(getAwsVersionsResult =\u003e getAwsVersionsResult.ValidVersions[0]),\n InstanceType = \"t3.medium\",\n MainVolume = new Gcp.Container.Inputs.AwsClusterControlPlaneMainVolumeArgs\n {\n Iops = 3000,\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n SizeGib = 10,\n VolumeType = \"gp3\",\n },\n ProxyConfig = new Gcp.Container.Inputs.AwsClusterControlPlaneProxyConfigArgs\n {\n SecretArn = \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n SecretVersion = \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n RootVolume = new Gcp.Container.Inputs.AwsClusterControlPlaneRootVolumeArgs\n {\n Iops = 3000,\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n SizeGib = 10,\n VolumeType = \"gp3\",\n },\n SecurityGroupIds = new[]\n {\n \"sg-00000000000000000\",\n },\n SshConfig = new Gcp.Container.Inputs.AwsClusterControlPlaneSshConfigArgs\n {\n Ec2KeyPair = \"my--1p-dev-ssh\",\n },\n Tags = \n {\n { \"owner\", \"my@service-account.com\" },\n },\n InstancePlacement = new Gcp.Container.Inputs.AwsClusterControlPlaneInstancePlacementArgs\n {\n Tenancy = \"dedicated\",\n },\n },\n Fleet = new Gcp.Container.Inputs.AwsClusterFleetArgs\n {\n Project = \"my-project-number\",\n },\n Location = \"us-west1\",\n Name = \"name\",\n Networking = new Gcp.Container.Inputs.AwsClusterNetworkingArgs\n {\n PodAddressCidrBlocks = new[]\n {\n \"10.2.0.0/16\",\n },\n ServiceAddressCidrBlocks = new[]\n {\n \"10.1.0.0/16\",\n },\n VpcId = \"vpc-00000000000000000\",\n },\n Annotations = \n {\n { \"label-one\", \"value-one\" },\n },\n Description = \"A sample aws cluster\",\n Project = \"my-project-name\",\n LoggingConfig = new Gcp.Container.Inputs.AwsClusterLoggingConfigArgs\n {\n ComponentConfig = new Gcp.Container.Inputs.AwsClusterLoggingConfigComponentConfigArgs\n {\n EnableComponents = new[]\n {\n \"system_components\",\n \"workloads\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tversions, err := container.GetAwsVersions(ctx, \u0026container.GetAwsVersionsArgs{\n\t\t\tProject: pulumi.StringRef(\"my-project-name\"),\n\t\t\tLocation: pulumi.StringRef(\"us-west1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = container.NewAwsCluster(ctx, \"primary\", \u0026container.AwsClusterArgs{\n\t\t\tAuthorization: \u0026container.AwsClusterAuthorizationArgs{\n\t\t\t\tAdminUsers: container.AwsClusterAuthorizationAdminUserArray{\n\t\t\t\t\t\u0026container.AwsClusterAuthorizationAdminUserArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"my@service-account.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAwsRegion: pulumi.String(\"my-aws-region\"),\n\t\t\tControlPlane: \u0026container.AwsClusterControlPlaneArgs{\n\t\t\t\tAwsServicesAuthentication: \u0026container.AwsClusterControlPlaneAwsServicesAuthenticationArgs{\n\t\t\t\t\tRoleArn: pulumi.String(\"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\"),\n\t\t\t\t\tRoleSessionName: pulumi.String(\"my--1p-dev-session\"),\n\t\t\t\t},\n\t\t\t\tConfigEncryption: \u0026container.AwsClusterControlPlaneConfigEncryptionArgs{\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t},\n\t\t\t\tDatabaseEncryption: \u0026container.AwsClusterControlPlaneDatabaseEncryptionArgs{\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t},\n\t\t\t\tIamInstanceProfile: pulumi.String(\"my--1p-dev-controlplane\"),\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"subnet-00000000000000000\"),\n\t\t\t\t},\n\t\t\t\tVersion: pulumi.String(versions.ValidVersions[0]),\n\t\t\t\tInstanceType: pulumi.String(\"t3.medium\"),\n\t\t\t\tMainVolume: \u0026container.AwsClusterControlPlaneMainVolumeArgs{\n\t\t\t\t\tIops: pulumi.Int(3000),\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t\tSizeGib: pulumi.Int(10),\n\t\t\t\t\tVolumeType: pulumi.String(\"gp3\"),\n\t\t\t\t},\n\t\t\t\tProxyConfig: \u0026container.AwsClusterControlPlaneProxyConfigArgs{\n\t\t\t\t\tSecretArn: pulumi.String(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\"),\n\t\t\t\t\tSecretVersion: pulumi.String(\"12345678-ABCD-EFGH-IJKL-987654321098\"),\n\t\t\t\t},\n\t\t\t\tRootVolume: \u0026container.AwsClusterControlPlaneRootVolumeArgs{\n\t\t\t\t\tIops: pulumi.Int(3000),\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t\tSizeGib: pulumi.Int(10),\n\t\t\t\t\tVolumeType: pulumi.String(\"gp3\"),\n\t\t\t\t},\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"sg-00000000000000000\"),\n\t\t\t\t},\n\t\t\t\tSshConfig: \u0026container.AwsClusterControlPlaneSshConfigArgs{\n\t\t\t\t\tEc2KeyPair: pulumi.String(\"my--1p-dev-ssh\"),\n\t\t\t\t},\n\t\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\t\"owner\": pulumi.String(\"my@service-account.com\"),\n\t\t\t\t},\n\t\t\t\tInstancePlacement: \u0026container.AwsClusterControlPlaneInstancePlacementArgs{\n\t\t\t\t\tTenancy: pulumi.String(\"dedicated\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tFleet: \u0026container.AwsClusterFleetArgs{\n\t\t\t\tProject: pulumi.String(\"my-project-number\"),\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tName: pulumi.String(\"name\"),\n\t\t\tNetworking: \u0026container.AwsClusterNetworkingArgs{\n\t\t\t\tPodAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.2.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tServiceAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.1.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tVpcId: pulumi.String(\"vpc-00000000000000000\"),\n\t\t\t},\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"A sample aws cluster\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tLoggingConfig: \u0026container.AwsClusterLoggingConfigArgs{\n\t\t\t\tComponentConfig: \u0026container.AwsClusterLoggingConfigComponentConfigArgs{\n\t\t\t\t\tEnableComponents: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"system_components\"),\n\t\t\t\t\t\tpulumi.String(\"workloads\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetAwsVersionsArgs;\nimport com.pulumi.gcp.container.AwsCluster;\nimport com.pulumi.gcp.container.AwsClusterArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterAuthorizationArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneAwsServicesAuthenticationArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneConfigEncryptionArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneDatabaseEncryptionArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneMainVolumeArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneProxyConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneRootVolumeArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneSshConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneInstancePlacementArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterFleetArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterNetworkingArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterLoggingConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterLoggingConfigComponentConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var versions = ContainerFunctions.getAwsVersions(GetAwsVersionsArgs.builder()\n .project(\"my-project-name\")\n .location(\"us-west1\")\n .build());\n\n var primary = new AwsCluster(\"primary\", AwsClusterArgs.builder()\n .authorization(AwsClusterAuthorizationArgs.builder()\n .adminUsers(AwsClusterAuthorizationAdminUserArgs.builder()\n .username(\"my@service-account.com\")\n .build())\n .build())\n .awsRegion(\"my-aws-region\")\n .controlPlane(AwsClusterControlPlaneArgs.builder()\n .awsServicesAuthentication(AwsClusterControlPlaneAwsServicesAuthenticationArgs.builder()\n .roleArn(\"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\")\n .roleSessionName(\"my--1p-dev-session\")\n .build())\n .configEncryption(AwsClusterControlPlaneConfigEncryptionArgs.builder()\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .build())\n .databaseEncryption(AwsClusterControlPlaneDatabaseEncryptionArgs.builder()\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .build())\n .iamInstanceProfile(\"my--1p-dev-controlplane\")\n .subnetIds(\"subnet-00000000000000000\")\n .version(versions.applyValue(getAwsVersionsResult -\u003e getAwsVersionsResult.validVersions()[0]))\n .instanceType(\"t3.medium\")\n .mainVolume(AwsClusterControlPlaneMainVolumeArgs.builder()\n .iops(3000)\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .sizeGib(10)\n .volumeType(\"gp3\")\n .build())\n .proxyConfig(AwsClusterControlPlaneProxyConfigArgs.builder()\n .secretArn(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\")\n .secretVersion(\"12345678-ABCD-EFGH-IJKL-987654321098\")\n .build())\n .rootVolume(AwsClusterControlPlaneRootVolumeArgs.builder()\n .iops(3000)\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .sizeGib(10)\n .volumeType(\"gp3\")\n .build())\n .securityGroupIds(\"sg-00000000000000000\")\n .sshConfig(AwsClusterControlPlaneSshConfigArgs.builder()\n .ec2KeyPair(\"my--1p-dev-ssh\")\n .build())\n .tags(Map.of(\"owner\", \"my@service-account.com\"))\n .instancePlacement(AwsClusterControlPlaneInstancePlacementArgs.builder()\n .tenancy(\"dedicated\")\n .build())\n .build())\n .fleet(AwsClusterFleetArgs.builder()\n .project(\"my-project-number\")\n .build())\n .location(\"us-west1\")\n .name(\"name\")\n .networking(AwsClusterNetworkingArgs.builder()\n .podAddressCidrBlocks(\"10.2.0.0/16\")\n .serviceAddressCidrBlocks(\"10.1.0.0/16\")\n .vpcId(\"vpc-00000000000000000\")\n .build())\n .annotations(Map.of(\"label-one\", \"value-one\"))\n .description(\"A sample aws cluster\")\n .project(\"my-project-name\")\n .loggingConfig(AwsClusterLoggingConfigArgs.builder()\n .componentConfig(AwsClusterLoggingConfigComponentConfigArgs.builder()\n .enableComponents( \n \"system_components\",\n \"workloads\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:AwsCluster\n properties:\n authorization:\n adminUsers:\n - username: my@service-account.com\n awsRegion: my-aws-region\n controlPlane:\n awsServicesAuthentication:\n roleArn: arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\n roleSessionName: my--1p-dev-session\n configEncryption:\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n databaseEncryption:\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n iamInstanceProfile: my--1p-dev-controlplane\n subnetIds:\n - subnet-00000000000000000\n version: ${versions.validVersions[0]}\n instanceType: t3.medium\n mainVolume:\n iops: 3000\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n sizeGib: 10\n volumeType: gp3\n proxyConfig:\n secretArn: arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\n secretVersion: 12345678-ABCD-EFGH-IJKL-987654321098\n rootVolume:\n iops: 3000\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n sizeGib: 10\n volumeType: gp3\n securityGroupIds:\n - sg-00000000000000000\n sshConfig:\n ec2KeyPair: my--1p-dev-ssh\n tags:\n owner: my@service-account.com\n instancePlacement:\n tenancy: dedicated\n fleet:\n project: my-project-number\n location: us-west1\n name: name\n networking:\n podAddressCidrBlocks:\n - 10.2.0.0/16\n serviceAddressCidrBlocks:\n - 10.1.0.0/16\n vpcId: vpc-00000000000000000\n annotations:\n label-one: value-one\n description: A sample aws cluster\n project: my-project-name\n loggingConfig:\n componentConfig:\n enableComponents:\n - system_components\n - workloads\nvariables:\n versions:\n fn::invoke:\n Function: gcp:container:getAwsVersions\n Arguments:\n project: my-project-name\n location: us-west1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nCluster can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/awsClusters/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Cluster can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:container/awsCluster:AwsCluster default projects/{{project}}/locations/{{location}}/awsClusters/{{name}}\n```\n\n```sh\n$ pulumi import gcp:container/awsCluster:AwsCluster default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:container/awsCluster:AwsCluster default {{location}}/{{name}}\n```\n\n", + "description": "An Anthos cluster running on AWS.\n\nFor more information, see:\n* [Multicloud overview](https://cloud.google.com/kubernetes-engine/multi-cloud/docs)\n## Example Usage\n\n### Basic_aws_cluster\nA basic example of a containeraws cluster\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst versions = gcp.container.getAwsVersions({\n project: \"my-project-name\",\n location: \"us-west1\",\n});\nconst primary = new gcp.container.AwsCluster(\"primary\", {\n authorization: {\n adminUsers: [{\n username: \"my@service-account.com\",\n }],\n adminGroups: [{\n group: \"group@domain.com\",\n }],\n },\n awsRegion: \"my-aws-region\",\n controlPlane: {\n awsServicesAuthentication: {\n roleArn: \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n roleSessionName: \"my--1p-dev-session\",\n },\n configEncryption: {\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n databaseEncryption: {\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n iamInstanceProfile: \"my--1p-dev-controlplane\",\n subnetIds: [\"subnet-00000000000000000\"],\n version: versions.then(versions =\u003e versions.validVersions?.[0]),\n instanceType: \"t3.medium\",\n mainVolume: {\n iops: 3000,\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n sizeGib: 10,\n volumeType: \"GP3\",\n },\n proxyConfig: {\n secretArn: \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n secretVersion: \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n rootVolume: {\n iops: 3000,\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n sizeGib: 10,\n volumeType: \"GP3\",\n },\n securityGroupIds: [\"sg-00000000000000000\"],\n sshConfig: {\n ec2KeyPair: \"my--1p-dev-ssh\",\n },\n tags: {\n owner: \"my@service-account.com\",\n },\n },\n fleet: {\n project: \"my-project-number\",\n },\n location: \"us-west1\",\n name: \"name\",\n networking: {\n podAddressCidrBlocks: [\"10.2.0.0/16\"],\n serviceAddressCidrBlocks: [\"10.1.0.0/16\"],\n vpcId: \"vpc-00000000000000000\",\n },\n annotations: {\n \"label-one\": \"value-one\",\n },\n description: \"A sample aws cluster\",\n project: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nversions = gcp.container.get_aws_versions(project=\"my-project-name\",\n location=\"us-west1\")\nprimary = gcp.container.AwsCluster(\"primary\",\n authorization={\n \"admin_users\": [{\n \"username\": \"my@service-account.com\",\n }],\n \"admin_groups\": [{\n \"group\": \"group@domain.com\",\n }],\n },\n aws_region=\"my-aws-region\",\n control_plane={\n \"aws_services_authentication\": {\n \"role_arn\": \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n \"role_session_name\": \"my--1p-dev-session\",\n },\n \"config_encryption\": {\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n \"database_encryption\": {\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n \"iam_instance_profile\": \"my--1p-dev-controlplane\",\n \"subnet_ids\": [\"subnet-00000000000000000\"],\n \"version\": versions.valid_versions[0],\n \"instance_type\": \"t3.medium\",\n \"main_volume\": {\n \"iops\": 3000,\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n \"size_gib\": 10,\n \"volume_type\": \"GP3\",\n },\n \"proxy_config\": {\n \"secret_arn\": \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n \"secret_version\": \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n \"root_volume\": {\n \"iops\": 3000,\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n \"size_gib\": 10,\n \"volume_type\": \"GP3\",\n },\n \"security_group_ids\": [\"sg-00000000000000000\"],\n \"ssh_config\": {\n \"ec2_key_pair\": \"my--1p-dev-ssh\",\n },\n \"tags\": {\n \"owner\": \"my@service-account.com\",\n },\n },\n fleet={\n \"project\": \"my-project-number\",\n },\n location=\"us-west1\",\n name=\"name\",\n networking={\n \"pod_address_cidr_blocks\": [\"10.2.0.0/16\"],\n \"service_address_cidr_blocks\": [\"10.1.0.0/16\"],\n \"vpc_id\": \"vpc-00000000000000000\",\n },\n annotations={\n \"label-one\": \"value-one\",\n },\n description=\"A sample aws cluster\",\n project=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var versions = Gcp.Container.GetAwsVersions.Invoke(new()\n {\n Project = \"my-project-name\",\n Location = \"us-west1\",\n });\n\n var primary = new Gcp.Container.AwsCluster(\"primary\", new()\n {\n Authorization = new Gcp.Container.Inputs.AwsClusterAuthorizationArgs\n {\n AdminUsers = new[]\n {\n new Gcp.Container.Inputs.AwsClusterAuthorizationAdminUserArgs\n {\n Username = \"my@service-account.com\",\n },\n },\n AdminGroups = new[]\n {\n new Gcp.Container.Inputs.AwsClusterAuthorizationAdminGroupArgs\n {\n Group = \"group@domain.com\",\n },\n },\n },\n AwsRegion = \"my-aws-region\",\n ControlPlane = new Gcp.Container.Inputs.AwsClusterControlPlaneArgs\n {\n AwsServicesAuthentication = new Gcp.Container.Inputs.AwsClusterControlPlaneAwsServicesAuthenticationArgs\n {\n RoleArn = \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n RoleSessionName = \"my--1p-dev-session\",\n },\n ConfigEncryption = new Gcp.Container.Inputs.AwsClusterControlPlaneConfigEncryptionArgs\n {\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n DatabaseEncryption = new Gcp.Container.Inputs.AwsClusterControlPlaneDatabaseEncryptionArgs\n {\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n IamInstanceProfile = \"my--1p-dev-controlplane\",\n SubnetIds = new[]\n {\n \"subnet-00000000000000000\",\n },\n Version = versions.Apply(getAwsVersionsResult =\u003e getAwsVersionsResult.ValidVersions[0]),\n InstanceType = \"t3.medium\",\n MainVolume = new Gcp.Container.Inputs.AwsClusterControlPlaneMainVolumeArgs\n {\n Iops = 3000,\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n SizeGib = 10,\n VolumeType = \"GP3\",\n },\n ProxyConfig = new Gcp.Container.Inputs.AwsClusterControlPlaneProxyConfigArgs\n {\n SecretArn = \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n SecretVersion = \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n RootVolume = new Gcp.Container.Inputs.AwsClusterControlPlaneRootVolumeArgs\n {\n Iops = 3000,\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n SizeGib = 10,\n VolumeType = \"GP3\",\n },\n SecurityGroupIds = new[]\n {\n \"sg-00000000000000000\",\n },\n SshConfig = new Gcp.Container.Inputs.AwsClusterControlPlaneSshConfigArgs\n {\n Ec2KeyPair = \"my--1p-dev-ssh\",\n },\n Tags = \n {\n { \"owner\", \"my@service-account.com\" },\n },\n },\n Fleet = new Gcp.Container.Inputs.AwsClusterFleetArgs\n {\n Project = \"my-project-number\",\n },\n Location = \"us-west1\",\n Name = \"name\",\n Networking = new Gcp.Container.Inputs.AwsClusterNetworkingArgs\n {\n PodAddressCidrBlocks = new[]\n {\n \"10.2.0.0/16\",\n },\n ServiceAddressCidrBlocks = new[]\n {\n \"10.1.0.0/16\",\n },\n VpcId = \"vpc-00000000000000000\",\n },\n Annotations = \n {\n { \"label-one\", \"value-one\" },\n },\n Description = \"A sample aws cluster\",\n Project = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tversions, err := container.GetAwsVersions(ctx, \u0026container.GetAwsVersionsArgs{\n\t\t\tProject: pulumi.StringRef(\"my-project-name\"),\n\t\t\tLocation: pulumi.StringRef(\"us-west1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = container.NewAwsCluster(ctx, \"primary\", \u0026container.AwsClusterArgs{\n\t\t\tAuthorization: \u0026container.AwsClusterAuthorizationArgs{\n\t\t\t\tAdminUsers: container.AwsClusterAuthorizationAdminUserArray{\n\t\t\t\t\t\u0026container.AwsClusterAuthorizationAdminUserArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"my@service-account.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tAdminGroups: container.AwsClusterAuthorizationAdminGroupArray{\n\t\t\t\t\t\u0026container.AwsClusterAuthorizationAdminGroupArgs{\n\t\t\t\t\t\tGroup: pulumi.String(\"group@domain.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAwsRegion: pulumi.String(\"my-aws-region\"),\n\t\t\tControlPlane: \u0026container.AwsClusterControlPlaneArgs{\n\t\t\t\tAwsServicesAuthentication: \u0026container.AwsClusterControlPlaneAwsServicesAuthenticationArgs{\n\t\t\t\t\tRoleArn: pulumi.String(\"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\"),\n\t\t\t\t\tRoleSessionName: pulumi.String(\"my--1p-dev-session\"),\n\t\t\t\t},\n\t\t\t\tConfigEncryption: \u0026container.AwsClusterControlPlaneConfigEncryptionArgs{\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t},\n\t\t\t\tDatabaseEncryption: \u0026container.AwsClusterControlPlaneDatabaseEncryptionArgs{\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t},\n\t\t\t\tIamInstanceProfile: pulumi.String(\"my--1p-dev-controlplane\"),\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"subnet-00000000000000000\"),\n\t\t\t\t},\n\t\t\t\tVersion: pulumi.String(versions.ValidVersions[0]),\n\t\t\t\tInstanceType: pulumi.String(\"t3.medium\"),\n\t\t\t\tMainVolume: \u0026container.AwsClusterControlPlaneMainVolumeArgs{\n\t\t\t\t\tIops: pulumi.Int(3000),\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t\tSizeGib: pulumi.Int(10),\n\t\t\t\t\tVolumeType: pulumi.String(\"GP3\"),\n\t\t\t\t},\n\t\t\t\tProxyConfig: \u0026container.AwsClusterControlPlaneProxyConfigArgs{\n\t\t\t\t\tSecretArn: pulumi.String(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\"),\n\t\t\t\t\tSecretVersion: pulumi.String(\"12345678-ABCD-EFGH-IJKL-987654321098\"),\n\t\t\t\t},\n\t\t\t\tRootVolume: \u0026container.AwsClusterControlPlaneRootVolumeArgs{\n\t\t\t\t\tIops: pulumi.Int(3000),\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t\tSizeGib: pulumi.Int(10),\n\t\t\t\t\tVolumeType: pulumi.String(\"GP3\"),\n\t\t\t\t},\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"sg-00000000000000000\"),\n\t\t\t\t},\n\t\t\t\tSshConfig: \u0026container.AwsClusterControlPlaneSshConfigArgs{\n\t\t\t\t\tEc2KeyPair: pulumi.String(\"my--1p-dev-ssh\"),\n\t\t\t\t},\n\t\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\t\"owner\": pulumi.String(\"my@service-account.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tFleet: \u0026container.AwsClusterFleetArgs{\n\t\t\t\tProject: pulumi.String(\"my-project-number\"),\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tName: pulumi.String(\"name\"),\n\t\t\tNetworking: \u0026container.AwsClusterNetworkingArgs{\n\t\t\t\tPodAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.2.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tServiceAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.1.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tVpcId: pulumi.String(\"vpc-00000000000000000\"),\n\t\t\t},\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"A sample aws cluster\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetAwsVersionsArgs;\nimport com.pulumi.gcp.container.AwsCluster;\nimport com.pulumi.gcp.container.AwsClusterArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterAuthorizationArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneAwsServicesAuthenticationArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneConfigEncryptionArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneDatabaseEncryptionArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneMainVolumeArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneProxyConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneRootVolumeArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneSshConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterFleetArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterNetworkingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var versions = ContainerFunctions.getAwsVersions(GetAwsVersionsArgs.builder()\n .project(\"my-project-name\")\n .location(\"us-west1\")\n .build());\n\n var primary = new AwsCluster(\"primary\", AwsClusterArgs.builder()\n .authorization(AwsClusterAuthorizationArgs.builder()\n .adminUsers(AwsClusterAuthorizationAdminUserArgs.builder()\n .username(\"my@service-account.com\")\n .build())\n .adminGroups(AwsClusterAuthorizationAdminGroupArgs.builder()\n .group(\"group@domain.com\")\n .build())\n .build())\n .awsRegion(\"my-aws-region\")\n .controlPlane(AwsClusterControlPlaneArgs.builder()\n .awsServicesAuthentication(AwsClusterControlPlaneAwsServicesAuthenticationArgs.builder()\n .roleArn(\"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\")\n .roleSessionName(\"my--1p-dev-session\")\n .build())\n .configEncryption(AwsClusterControlPlaneConfigEncryptionArgs.builder()\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .build())\n .databaseEncryption(AwsClusterControlPlaneDatabaseEncryptionArgs.builder()\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .build())\n .iamInstanceProfile(\"my--1p-dev-controlplane\")\n .subnetIds(\"subnet-00000000000000000\")\n .version(versions.applyValue(getAwsVersionsResult -\u003e getAwsVersionsResult.validVersions()[0]))\n .instanceType(\"t3.medium\")\n .mainVolume(AwsClusterControlPlaneMainVolumeArgs.builder()\n .iops(3000)\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .sizeGib(10)\n .volumeType(\"GP3\")\n .build())\n .proxyConfig(AwsClusterControlPlaneProxyConfigArgs.builder()\n .secretArn(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\")\n .secretVersion(\"12345678-ABCD-EFGH-IJKL-987654321098\")\n .build())\n .rootVolume(AwsClusterControlPlaneRootVolumeArgs.builder()\n .iops(3000)\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .sizeGib(10)\n .volumeType(\"GP3\")\n .build())\n .securityGroupIds(\"sg-00000000000000000\")\n .sshConfig(AwsClusterControlPlaneSshConfigArgs.builder()\n .ec2KeyPair(\"my--1p-dev-ssh\")\n .build())\n .tags(Map.of(\"owner\", \"my@service-account.com\"))\n .build())\n .fleet(AwsClusterFleetArgs.builder()\n .project(\"my-project-number\")\n .build())\n .location(\"us-west1\")\n .name(\"name\")\n .networking(AwsClusterNetworkingArgs.builder()\n .podAddressCidrBlocks(\"10.2.0.0/16\")\n .serviceAddressCidrBlocks(\"10.1.0.0/16\")\n .vpcId(\"vpc-00000000000000000\")\n .build())\n .annotations(Map.of(\"label-one\", \"value-one\"))\n .description(\"A sample aws cluster\")\n .project(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:AwsCluster\n properties:\n authorization:\n adminUsers:\n - username: my@service-account.com\n adminGroups:\n - group: group@domain.com\n awsRegion: my-aws-region\n controlPlane:\n awsServicesAuthentication:\n roleArn: arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\n roleSessionName: my--1p-dev-session\n configEncryption:\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n databaseEncryption:\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n iamInstanceProfile: my--1p-dev-controlplane\n subnetIds:\n - subnet-00000000000000000\n version: ${versions.validVersions[0]}\n instanceType: t3.medium\n mainVolume:\n iops: 3000\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n sizeGib: 10\n volumeType: GP3\n proxyConfig:\n secretArn: arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\n secretVersion: 12345678-ABCD-EFGH-IJKL-987654321098\n rootVolume:\n iops: 3000\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n sizeGib: 10\n volumeType: GP3\n securityGroupIds:\n - sg-00000000000000000\n sshConfig:\n ec2KeyPair: my--1p-dev-ssh\n tags:\n owner: my@service-account.com\n fleet:\n project: my-project-number\n location: us-west1\n name: name\n networking:\n podAddressCidrBlocks:\n - 10.2.0.0/16\n serviceAddressCidrBlocks:\n - 10.1.0.0/16\n vpcId: vpc-00000000000000000\n annotations:\n label-one: value-one\n description: A sample aws cluster\n project: my-project-name\nvariables:\n versions:\n fn::invoke:\n function: gcp:container:getAwsVersions\n arguments:\n project: my-project-name\n location: us-west1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Basic_enum_aws_cluster\nA basic example of a containeraws cluster with lowercase enums\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst versions = gcp.container.getAwsVersions({\n project: \"my-project-name\",\n location: \"us-west1\",\n});\nconst primary = new gcp.container.AwsCluster(\"primary\", {\n authorization: {\n adminUsers: [{\n username: \"my@service-account.com\",\n }],\n },\n awsRegion: \"my-aws-region\",\n controlPlane: {\n awsServicesAuthentication: {\n roleArn: \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n roleSessionName: \"my--1p-dev-session\",\n },\n configEncryption: {\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n databaseEncryption: {\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n iamInstanceProfile: \"my--1p-dev-controlplane\",\n subnetIds: [\"subnet-00000000000000000\"],\n version: versions.then(versions =\u003e versions.validVersions?.[0]),\n instanceType: \"t3.medium\",\n mainVolume: {\n iops: 3000,\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n sizeGib: 10,\n volumeType: \"gp3\",\n },\n proxyConfig: {\n secretArn: \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n secretVersion: \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n rootVolume: {\n iops: 3000,\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n sizeGib: 10,\n volumeType: \"gp3\",\n },\n securityGroupIds: [\"sg-00000000000000000\"],\n sshConfig: {\n ec2KeyPair: \"my--1p-dev-ssh\",\n },\n tags: {\n owner: \"my@service-account.com\",\n },\n },\n fleet: {\n project: \"my-project-number\",\n },\n location: \"us-west1\",\n name: \"name\",\n networking: {\n podAddressCidrBlocks: [\"10.2.0.0/16\"],\n serviceAddressCidrBlocks: [\"10.1.0.0/16\"],\n vpcId: \"vpc-00000000000000000\",\n },\n annotations: {\n \"label-one\": \"value-one\",\n },\n description: \"A sample aws cluster\",\n project: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nversions = gcp.container.get_aws_versions(project=\"my-project-name\",\n location=\"us-west1\")\nprimary = gcp.container.AwsCluster(\"primary\",\n authorization={\n \"admin_users\": [{\n \"username\": \"my@service-account.com\",\n }],\n },\n aws_region=\"my-aws-region\",\n control_plane={\n \"aws_services_authentication\": {\n \"role_arn\": \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n \"role_session_name\": \"my--1p-dev-session\",\n },\n \"config_encryption\": {\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n \"database_encryption\": {\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n \"iam_instance_profile\": \"my--1p-dev-controlplane\",\n \"subnet_ids\": [\"subnet-00000000000000000\"],\n \"version\": versions.valid_versions[0],\n \"instance_type\": \"t3.medium\",\n \"main_volume\": {\n \"iops\": 3000,\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n \"size_gib\": 10,\n \"volume_type\": \"gp3\",\n },\n \"proxy_config\": {\n \"secret_arn\": \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n \"secret_version\": \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n \"root_volume\": {\n \"iops\": 3000,\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n \"size_gib\": 10,\n \"volume_type\": \"gp3\",\n },\n \"security_group_ids\": [\"sg-00000000000000000\"],\n \"ssh_config\": {\n \"ec2_key_pair\": \"my--1p-dev-ssh\",\n },\n \"tags\": {\n \"owner\": \"my@service-account.com\",\n },\n },\n fleet={\n \"project\": \"my-project-number\",\n },\n location=\"us-west1\",\n name=\"name\",\n networking={\n \"pod_address_cidr_blocks\": [\"10.2.0.0/16\"],\n \"service_address_cidr_blocks\": [\"10.1.0.0/16\"],\n \"vpc_id\": \"vpc-00000000000000000\",\n },\n annotations={\n \"label-one\": \"value-one\",\n },\n description=\"A sample aws cluster\",\n project=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var versions = Gcp.Container.GetAwsVersions.Invoke(new()\n {\n Project = \"my-project-name\",\n Location = \"us-west1\",\n });\n\n var primary = new Gcp.Container.AwsCluster(\"primary\", new()\n {\n Authorization = new Gcp.Container.Inputs.AwsClusterAuthorizationArgs\n {\n AdminUsers = new[]\n {\n new Gcp.Container.Inputs.AwsClusterAuthorizationAdminUserArgs\n {\n Username = \"my@service-account.com\",\n },\n },\n },\n AwsRegion = \"my-aws-region\",\n ControlPlane = new Gcp.Container.Inputs.AwsClusterControlPlaneArgs\n {\n AwsServicesAuthentication = new Gcp.Container.Inputs.AwsClusterControlPlaneAwsServicesAuthenticationArgs\n {\n RoleArn = \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n RoleSessionName = \"my--1p-dev-session\",\n },\n ConfigEncryption = new Gcp.Container.Inputs.AwsClusterControlPlaneConfigEncryptionArgs\n {\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n DatabaseEncryption = new Gcp.Container.Inputs.AwsClusterControlPlaneDatabaseEncryptionArgs\n {\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n IamInstanceProfile = \"my--1p-dev-controlplane\",\n SubnetIds = new[]\n {\n \"subnet-00000000000000000\",\n },\n Version = versions.Apply(getAwsVersionsResult =\u003e getAwsVersionsResult.ValidVersions[0]),\n InstanceType = \"t3.medium\",\n MainVolume = new Gcp.Container.Inputs.AwsClusterControlPlaneMainVolumeArgs\n {\n Iops = 3000,\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n SizeGib = 10,\n VolumeType = \"gp3\",\n },\n ProxyConfig = new Gcp.Container.Inputs.AwsClusterControlPlaneProxyConfigArgs\n {\n SecretArn = \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n SecretVersion = \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n RootVolume = new Gcp.Container.Inputs.AwsClusterControlPlaneRootVolumeArgs\n {\n Iops = 3000,\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n SizeGib = 10,\n VolumeType = \"gp3\",\n },\n SecurityGroupIds = new[]\n {\n \"sg-00000000000000000\",\n },\n SshConfig = new Gcp.Container.Inputs.AwsClusterControlPlaneSshConfigArgs\n {\n Ec2KeyPair = \"my--1p-dev-ssh\",\n },\n Tags = \n {\n { \"owner\", \"my@service-account.com\" },\n },\n },\n Fleet = new Gcp.Container.Inputs.AwsClusterFleetArgs\n {\n Project = \"my-project-number\",\n },\n Location = \"us-west1\",\n Name = \"name\",\n Networking = new Gcp.Container.Inputs.AwsClusterNetworkingArgs\n {\n PodAddressCidrBlocks = new[]\n {\n \"10.2.0.0/16\",\n },\n ServiceAddressCidrBlocks = new[]\n {\n \"10.1.0.0/16\",\n },\n VpcId = \"vpc-00000000000000000\",\n },\n Annotations = \n {\n { \"label-one\", \"value-one\" },\n },\n Description = \"A sample aws cluster\",\n Project = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tversions, err := container.GetAwsVersions(ctx, \u0026container.GetAwsVersionsArgs{\n\t\t\tProject: pulumi.StringRef(\"my-project-name\"),\n\t\t\tLocation: pulumi.StringRef(\"us-west1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = container.NewAwsCluster(ctx, \"primary\", \u0026container.AwsClusterArgs{\n\t\t\tAuthorization: \u0026container.AwsClusterAuthorizationArgs{\n\t\t\t\tAdminUsers: container.AwsClusterAuthorizationAdminUserArray{\n\t\t\t\t\t\u0026container.AwsClusterAuthorizationAdminUserArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"my@service-account.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAwsRegion: pulumi.String(\"my-aws-region\"),\n\t\t\tControlPlane: \u0026container.AwsClusterControlPlaneArgs{\n\t\t\t\tAwsServicesAuthentication: \u0026container.AwsClusterControlPlaneAwsServicesAuthenticationArgs{\n\t\t\t\t\tRoleArn: pulumi.String(\"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\"),\n\t\t\t\t\tRoleSessionName: pulumi.String(\"my--1p-dev-session\"),\n\t\t\t\t},\n\t\t\t\tConfigEncryption: \u0026container.AwsClusterControlPlaneConfigEncryptionArgs{\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t},\n\t\t\t\tDatabaseEncryption: \u0026container.AwsClusterControlPlaneDatabaseEncryptionArgs{\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t},\n\t\t\t\tIamInstanceProfile: pulumi.String(\"my--1p-dev-controlplane\"),\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"subnet-00000000000000000\"),\n\t\t\t\t},\n\t\t\t\tVersion: pulumi.String(versions.ValidVersions[0]),\n\t\t\t\tInstanceType: pulumi.String(\"t3.medium\"),\n\t\t\t\tMainVolume: \u0026container.AwsClusterControlPlaneMainVolumeArgs{\n\t\t\t\t\tIops: pulumi.Int(3000),\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t\tSizeGib: pulumi.Int(10),\n\t\t\t\t\tVolumeType: pulumi.String(\"gp3\"),\n\t\t\t\t},\n\t\t\t\tProxyConfig: \u0026container.AwsClusterControlPlaneProxyConfigArgs{\n\t\t\t\t\tSecretArn: pulumi.String(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\"),\n\t\t\t\t\tSecretVersion: pulumi.String(\"12345678-ABCD-EFGH-IJKL-987654321098\"),\n\t\t\t\t},\n\t\t\t\tRootVolume: \u0026container.AwsClusterControlPlaneRootVolumeArgs{\n\t\t\t\t\tIops: pulumi.Int(3000),\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t\tSizeGib: pulumi.Int(10),\n\t\t\t\t\tVolumeType: pulumi.String(\"gp3\"),\n\t\t\t\t},\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"sg-00000000000000000\"),\n\t\t\t\t},\n\t\t\t\tSshConfig: \u0026container.AwsClusterControlPlaneSshConfigArgs{\n\t\t\t\t\tEc2KeyPair: pulumi.String(\"my--1p-dev-ssh\"),\n\t\t\t\t},\n\t\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\t\"owner\": pulumi.String(\"my@service-account.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tFleet: \u0026container.AwsClusterFleetArgs{\n\t\t\t\tProject: pulumi.String(\"my-project-number\"),\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tName: pulumi.String(\"name\"),\n\t\t\tNetworking: \u0026container.AwsClusterNetworkingArgs{\n\t\t\t\tPodAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.2.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tServiceAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.1.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tVpcId: pulumi.String(\"vpc-00000000000000000\"),\n\t\t\t},\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"A sample aws cluster\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetAwsVersionsArgs;\nimport com.pulumi.gcp.container.AwsCluster;\nimport com.pulumi.gcp.container.AwsClusterArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterAuthorizationArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneAwsServicesAuthenticationArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneConfigEncryptionArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneDatabaseEncryptionArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneMainVolumeArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneProxyConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneRootVolumeArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneSshConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterFleetArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterNetworkingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var versions = ContainerFunctions.getAwsVersions(GetAwsVersionsArgs.builder()\n .project(\"my-project-name\")\n .location(\"us-west1\")\n .build());\n\n var primary = new AwsCluster(\"primary\", AwsClusterArgs.builder()\n .authorization(AwsClusterAuthorizationArgs.builder()\n .adminUsers(AwsClusterAuthorizationAdminUserArgs.builder()\n .username(\"my@service-account.com\")\n .build())\n .build())\n .awsRegion(\"my-aws-region\")\n .controlPlane(AwsClusterControlPlaneArgs.builder()\n .awsServicesAuthentication(AwsClusterControlPlaneAwsServicesAuthenticationArgs.builder()\n .roleArn(\"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\")\n .roleSessionName(\"my--1p-dev-session\")\n .build())\n .configEncryption(AwsClusterControlPlaneConfigEncryptionArgs.builder()\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .build())\n .databaseEncryption(AwsClusterControlPlaneDatabaseEncryptionArgs.builder()\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .build())\n .iamInstanceProfile(\"my--1p-dev-controlplane\")\n .subnetIds(\"subnet-00000000000000000\")\n .version(versions.applyValue(getAwsVersionsResult -\u003e getAwsVersionsResult.validVersions()[0]))\n .instanceType(\"t3.medium\")\n .mainVolume(AwsClusterControlPlaneMainVolumeArgs.builder()\n .iops(3000)\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .sizeGib(10)\n .volumeType(\"gp3\")\n .build())\n .proxyConfig(AwsClusterControlPlaneProxyConfigArgs.builder()\n .secretArn(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\")\n .secretVersion(\"12345678-ABCD-EFGH-IJKL-987654321098\")\n .build())\n .rootVolume(AwsClusterControlPlaneRootVolumeArgs.builder()\n .iops(3000)\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .sizeGib(10)\n .volumeType(\"gp3\")\n .build())\n .securityGroupIds(\"sg-00000000000000000\")\n .sshConfig(AwsClusterControlPlaneSshConfigArgs.builder()\n .ec2KeyPair(\"my--1p-dev-ssh\")\n .build())\n .tags(Map.of(\"owner\", \"my@service-account.com\"))\n .build())\n .fleet(AwsClusterFleetArgs.builder()\n .project(\"my-project-number\")\n .build())\n .location(\"us-west1\")\n .name(\"name\")\n .networking(AwsClusterNetworkingArgs.builder()\n .podAddressCidrBlocks(\"10.2.0.0/16\")\n .serviceAddressCidrBlocks(\"10.1.0.0/16\")\n .vpcId(\"vpc-00000000000000000\")\n .build())\n .annotations(Map.of(\"label-one\", \"value-one\"))\n .description(\"A sample aws cluster\")\n .project(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:AwsCluster\n properties:\n authorization:\n adminUsers:\n - username: my@service-account.com\n awsRegion: my-aws-region\n controlPlane:\n awsServicesAuthentication:\n roleArn: arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\n roleSessionName: my--1p-dev-session\n configEncryption:\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n databaseEncryption:\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n iamInstanceProfile: my--1p-dev-controlplane\n subnetIds:\n - subnet-00000000000000000\n version: ${versions.validVersions[0]}\n instanceType: t3.medium\n mainVolume:\n iops: 3000\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n sizeGib: 10\n volumeType: gp3\n proxyConfig:\n secretArn: arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\n secretVersion: 12345678-ABCD-EFGH-IJKL-987654321098\n rootVolume:\n iops: 3000\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n sizeGib: 10\n volumeType: gp3\n securityGroupIds:\n - sg-00000000000000000\n sshConfig:\n ec2KeyPair: my--1p-dev-ssh\n tags:\n owner: my@service-account.com\n fleet:\n project: my-project-number\n location: us-west1\n name: name\n networking:\n podAddressCidrBlocks:\n - 10.2.0.0/16\n serviceAddressCidrBlocks:\n - 10.1.0.0/16\n vpcId: vpc-00000000000000000\n annotations:\n label-one: value-one\n description: A sample aws cluster\n project: my-project-name\nvariables:\n versions:\n fn::invoke:\n function: gcp:container:getAwsVersions\n arguments:\n project: my-project-name\n location: us-west1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Beta_basic_enum_aws_cluster\nA basic example of a containeraws cluster with lowercase enums (beta)\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst versions = gcp.container.getAwsVersions({\n project: \"my-project-name\",\n location: \"us-west1\",\n});\nconst primary = new gcp.container.AwsCluster(\"primary\", {\n authorization: {\n adminUsers: [{\n username: \"my@service-account.com\",\n }],\n },\n awsRegion: \"my-aws-region\",\n controlPlane: {\n awsServicesAuthentication: {\n roleArn: \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n roleSessionName: \"my--1p-dev-session\",\n },\n configEncryption: {\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n databaseEncryption: {\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n iamInstanceProfile: \"my--1p-dev-controlplane\",\n subnetIds: [\"subnet-00000000000000000\"],\n version: versions.then(versions =\u003e versions.validVersions?.[0]),\n instanceType: \"t3.medium\",\n mainVolume: {\n iops: 3000,\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n sizeGib: 10,\n volumeType: \"gp3\",\n },\n proxyConfig: {\n secretArn: \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n secretVersion: \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n rootVolume: {\n iops: 3000,\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n sizeGib: 10,\n volumeType: \"gp3\",\n },\n securityGroupIds: [\"sg-00000000000000000\"],\n sshConfig: {\n ec2KeyPair: \"my--1p-dev-ssh\",\n },\n tags: {\n owner: \"my@service-account.com\",\n },\n instancePlacement: {\n tenancy: \"dedicated\",\n },\n },\n fleet: {\n project: \"my-project-number\",\n },\n location: \"us-west1\",\n name: \"name\",\n networking: {\n podAddressCidrBlocks: [\"10.2.0.0/16\"],\n serviceAddressCidrBlocks: [\"10.1.0.0/16\"],\n vpcId: \"vpc-00000000000000000\",\n },\n annotations: {\n \"label-one\": \"value-one\",\n },\n description: \"A sample aws cluster\",\n project: \"my-project-name\",\n loggingConfig: {\n componentConfig: {\n enableComponents: [\n \"system_components\",\n \"workloads\",\n ],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nversions = gcp.container.get_aws_versions(project=\"my-project-name\",\n location=\"us-west1\")\nprimary = gcp.container.AwsCluster(\"primary\",\n authorization={\n \"admin_users\": [{\n \"username\": \"my@service-account.com\",\n }],\n },\n aws_region=\"my-aws-region\",\n control_plane={\n \"aws_services_authentication\": {\n \"role_arn\": \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n \"role_session_name\": \"my--1p-dev-session\",\n },\n \"config_encryption\": {\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n \"database_encryption\": {\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n \"iam_instance_profile\": \"my--1p-dev-controlplane\",\n \"subnet_ids\": [\"subnet-00000000000000000\"],\n \"version\": versions.valid_versions[0],\n \"instance_type\": \"t3.medium\",\n \"main_volume\": {\n \"iops\": 3000,\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n \"size_gib\": 10,\n \"volume_type\": \"gp3\",\n },\n \"proxy_config\": {\n \"secret_arn\": \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n \"secret_version\": \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n \"root_volume\": {\n \"iops\": 3000,\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n \"size_gib\": 10,\n \"volume_type\": \"gp3\",\n },\n \"security_group_ids\": [\"sg-00000000000000000\"],\n \"ssh_config\": {\n \"ec2_key_pair\": \"my--1p-dev-ssh\",\n },\n \"tags\": {\n \"owner\": \"my@service-account.com\",\n },\n \"instance_placement\": {\n \"tenancy\": \"dedicated\",\n },\n },\n fleet={\n \"project\": \"my-project-number\",\n },\n location=\"us-west1\",\n name=\"name\",\n networking={\n \"pod_address_cidr_blocks\": [\"10.2.0.0/16\"],\n \"service_address_cidr_blocks\": [\"10.1.0.0/16\"],\n \"vpc_id\": \"vpc-00000000000000000\",\n },\n annotations={\n \"label-one\": \"value-one\",\n },\n description=\"A sample aws cluster\",\n project=\"my-project-name\",\n logging_config={\n \"component_config\": {\n \"enable_components\": [\n \"system_components\",\n \"workloads\",\n ],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var versions = Gcp.Container.GetAwsVersions.Invoke(new()\n {\n Project = \"my-project-name\",\n Location = \"us-west1\",\n });\n\n var primary = new Gcp.Container.AwsCluster(\"primary\", new()\n {\n Authorization = new Gcp.Container.Inputs.AwsClusterAuthorizationArgs\n {\n AdminUsers = new[]\n {\n new Gcp.Container.Inputs.AwsClusterAuthorizationAdminUserArgs\n {\n Username = \"my@service-account.com\",\n },\n },\n },\n AwsRegion = \"my-aws-region\",\n ControlPlane = new Gcp.Container.Inputs.AwsClusterControlPlaneArgs\n {\n AwsServicesAuthentication = new Gcp.Container.Inputs.AwsClusterControlPlaneAwsServicesAuthenticationArgs\n {\n RoleArn = \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n RoleSessionName = \"my--1p-dev-session\",\n },\n ConfigEncryption = new Gcp.Container.Inputs.AwsClusterControlPlaneConfigEncryptionArgs\n {\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n DatabaseEncryption = new Gcp.Container.Inputs.AwsClusterControlPlaneDatabaseEncryptionArgs\n {\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n IamInstanceProfile = \"my--1p-dev-controlplane\",\n SubnetIds = new[]\n {\n \"subnet-00000000000000000\",\n },\n Version = versions.Apply(getAwsVersionsResult =\u003e getAwsVersionsResult.ValidVersions[0]),\n InstanceType = \"t3.medium\",\n MainVolume = new Gcp.Container.Inputs.AwsClusterControlPlaneMainVolumeArgs\n {\n Iops = 3000,\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n SizeGib = 10,\n VolumeType = \"gp3\",\n },\n ProxyConfig = new Gcp.Container.Inputs.AwsClusterControlPlaneProxyConfigArgs\n {\n SecretArn = \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n SecretVersion = \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n RootVolume = new Gcp.Container.Inputs.AwsClusterControlPlaneRootVolumeArgs\n {\n Iops = 3000,\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n SizeGib = 10,\n VolumeType = \"gp3\",\n },\n SecurityGroupIds = new[]\n {\n \"sg-00000000000000000\",\n },\n SshConfig = new Gcp.Container.Inputs.AwsClusterControlPlaneSshConfigArgs\n {\n Ec2KeyPair = \"my--1p-dev-ssh\",\n },\n Tags = \n {\n { \"owner\", \"my@service-account.com\" },\n },\n InstancePlacement = new Gcp.Container.Inputs.AwsClusterControlPlaneInstancePlacementArgs\n {\n Tenancy = \"dedicated\",\n },\n },\n Fleet = new Gcp.Container.Inputs.AwsClusterFleetArgs\n {\n Project = \"my-project-number\",\n },\n Location = \"us-west1\",\n Name = \"name\",\n Networking = new Gcp.Container.Inputs.AwsClusterNetworkingArgs\n {\n PodAddressCidrBlocks = new[]\n {\n \"10.2.0.0/16\",\n },\n ServiceAddressCidrBlocks = new[]\n {\n \"10.1.0.0/16\",\n },\n VpcId = \"vpc-00000000000000000\",\n },\n Annotations = \n {\n { \"label-one\", \"value-one\" },\n },\n Description = \"A sample aws cluster\",\n Project = \"my-project-name\",\n LoggingConfig = new Gcp.Container.Inputs.AwsClusterLoggingConfigArgs\n {\n ComponentConfig = new Gcp.Container.Inputs.AwsClusterLoggingConfigComponentConfigArgs\n {\n EnableComponents = new[]\n {\n \"system_components\",\n \"workloads\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tversions, err := container.GetAwsVersions(ctx, \u0026container.GetAwsVersionsArgs{\n\t\t\tProject: pulumi.StringRef(\"my-project-name\"),\n\t\t\tLocation: pulumi.StringRef(\"us-west1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = container.NewAwsCluster(ctx, \"primary\", \u0026container.AwsClusterArgs{\n\t\t\tAuthorization: \u0026container.AwsClusterAuthorizationArgs{\n\t\t\t\tAdminUsers: container.AwsClusterAuthorizationAdminUserArray{\n\t\t\t\t\t\u0026container.AwsClusterAuthorizationAdminUserArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"my@service-account.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAwsRegion: pulumi.String(\"my-aws-region\"),\n\t\t\tControlPlane: \u0026container.AwsClusterControlPlaneArgs{\n\t\t\t\tAwsServicesAuthentication: \u0026container.AwsClusterControlPlaneAwsServicesAuthenticationArgs{\n\t\t\t\t\tRoleArn: pulumi.String(\"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\"),\n\t\t\t\t\tRoleSessionName: pulumi.String(\"my--1p-dev-session\"),\n\t\t\t\t},\n\t\t\t\tConfigEncryption: \u0026container.AwsClusterControlPlaneConfigEncryptionArgs{\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t},\n\t\t\t\tDatabaseEncryption: \u0026container.AwsClusterControlPlaneDatabaseEncryptionArgs{\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t},\n\t\t\t\tIamInstanceProfile: pulumi.String(\"my--1p-dev-controlplane\"),\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"subnet-00000000000000000\"),\n\t\t\t\t},\n\t\t\t\tVersion: pulumi.String(versions.ValidVersions[0]),\n\t\t\t\tInstanceType: pulumi.String(\"t3.medium\"),\n\t\t\t\tMainVolume: \u0026container.AwsClusterControlPlaneMainVolumeArgs{\n\t\t\t\t\tIops: pulumi.Int(3000),\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t\tSizeGib: pulumi.Int(10),\n\t\t\t\t\tVolumeType: pulumi.String(\"gp3\"),\n\t\t\t\t},\n\t\t\t\tProxyConfig: \u0026container.AwsClusterControlPlaneProxyConfigArgs{\n\t\t\t\t\tSecretArn: pulumi.String(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\"),\n\t\t\t\t\tSecretVersion: pulumi.String(\"12345678-ABCD-EFGH-IJKL-987654321098\"),\n\t\t\t\t},\n\t\t\t\tRootVolume: \u0026container.AwsClusterControlPlaneRootVolumeArgs{\n\t\t\t\t\tIops: pulumi.Int(3000),\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t\tSizeGib: pulumi.Int(10),\n\t\t\t\t\tVolumeType: pulumi.String(\"gp3\"),\n\t\t\t\t},\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"sg-00000000000000000\"),\n\t\t\t\t},\n\t\t\t\tSshConfig: \u0026container.AwsClusterControlPlaneSshConfigArgs{\n\t\t\t\t\tEc2KeyPair: pulumi.String(\"my--1p-dev-ssh\"),\n\t\t\t\t},\n\t\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\t\"owner\": pulumi.String(\"my@service-account.com\"),\n\t\t\t\t},\n\t\t\t\tInstancePlacement: \u0026container.AwsClusterControlPlaneInstancePlacementArgs{\n\t\t\t\t\tTenancy: pulumi.String(\"dedicated\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tFleet: \u0026container.AwsClusterFleetArgs{\n\t\t\t\tProject: pulumi.String(\"my-project-number\"),\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tName: pulumi.String(\"name\"),\n\t\t\tNetworking: \u0026container.AwsClusterNetworkingArgs{\n\t\t\t\tPodAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.2.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tServiceAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.1.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tVpcId: pulumi.String(\"vpc-00000000000000000\"),\n\t\t\t},\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"A sample aws cluster\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tLoggingConfig: \u0026container.AwsClusterLoggingConfigArgs{\n\t\t\t\tComponentConfig: \u0026container.AwsClusterLoggingConfigComponentConfigArgs{\n\t\t\t\t\tEnableComponents: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"system_components\"),\n\t\t\t\t\t\tpulumi.String(\"workloads\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetAwsVersionsArgs;\nimport com.pulumi.gcp.container.AwsCluster;\nimport com.pulumi.gcp.container.AwsClusterArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterAuthorizationArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneAwsServicesAuthenticationArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneConfigEncryptionArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneDatabaseEncryptionArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneMainVolumeArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneProxyConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneRootVolumeArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneSshConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneInstancePlacementArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterFleetArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterNetworkingArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterLoggingConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterLoggingConfigComponentConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var versions = ContainerFunctions.getAwsVersions(GetAwsVersionsArgs.builder()\n .project(\"my-project-name\")\n .location(\"us-west1\")\n .build());\n\n var primary = new AwsCluster(\"primary\", AwsClusterArgs.builder()\n .authorization(AwsClusterAuthorizationArgs.builder()\n .adminUsers(AwsClusterAuthorizationAdminUserArgs.builder()\n .username(\"my@service-account.com\")\n .build())\n .build())\n .awsRegion(\"my-aws-region\")\n .controlPlane(AwsClusterControlPlaneArgs.builder()\n .awsServicesAuthentication(AwsClusterControlPlaneAwsServicesAuthenticationArgs.builder()\n .roleArn(\"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\")\n .roleSessionName(\"my--1p-dev-session\")\n .build())\n .configEncryption(AwsClusterControlPlaneConfigEncryptionArgs.builder()\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .build())\n .databaseEncryption(AwsClusterControlPlaneDatabaseEncryptionArgs.builder()\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .build())\n .iamInstanceProfile(\"my--1p-dev-controlplane\")\n .subnetIds(\"subnet-00000000000000000\")\n .version(versions.applyValue(getAwsVersionsResult -\u003e getAwsVersionsResult.validVersions()[0]))\n .instanceType(\"t3.medium\")\n .mainVolume(AwsClusterControlPlaneMainVolumeArgs.builder()\n .iops(3000)\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .sizeGib(10)\n .volumeType(\"gp3\")\n .build())\n .proxyConfig(AwsClusterControlPlaneProxyConfigArgs.builder()\n .secretArn(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\")\n .secretVersion(\"12345678-ABCD-EFGH-IJKL-987654321098\")\n .build())\n .rootVolume(AwsClusterControlPlaneRootVolumeArgs.builder()\n .iops(3000)\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .sizeGib(10)\n .volumeType(\"gp3\")\n .build())\n .securityGroupIds(\"sg-00000000000000000\")\n .sshConfig(AwsClusterControlPlaneSshConfigArgs.builder()\n .ec2KeyPair(\"my--1p-dev-ssh\")\n .build())\n .tags(Map.of(\"owner\", \"my@service-account.com\"))\n .instancePlacement(AwsClusterControlPlaneInstancePlacementArgs.builder()\n .tenancy(\"dedicated\")\n .build())\n .build())\n .fleet(AwsClusterFleetArgs.builder()\n .project(\"my-project-number\")\n .build())\n .location(\"us-west1\")\n .name(\"name\")\n .networking(AwsClusterNetworkingArgs.builder()\n .podAddressCidrBlocks(\"10.2.0.0/16\")\n .serviceAddressCidrBlocks(\"10.1.0.0/16\")\n .vpcId(\"vpc-00000000000000000\")\n .build())\n .annotations(Map.of(\"label-one\", \"value-one\"))\n .description(\"A sample aws cluster\")\n .project(\"my-project-name\")\n .loggingConfig(AwsClusterLoggingConfigArgs.builder()\n .componentConfig(AwsClusterLoggingConfigComponentConfigArgs.builder()\n .enableComponents( \n \"system_components\",\n \"workloads\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:AwsCluster\n properties:\n authorization:\n adminUsers:\n - username: my@service-account.com\n awsRegion: my-aws-region\n controlPlane:\n awsServicesAuthentication:\n roleArn: arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\n roleSessionName: my--1p-dev-session\n configEncryption:\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n databaseEncryption:\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n iamInstanceProfile: my--1p-dev-controlplane\n subnetIds:\n - subnet-00000000000000000\n version: ${versions.validVersions[0]}\n instanceType: t3.medium\n mainVolume:\n iops: 3000\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n sizeGib: 10\n volumeType: gp3\n proxyConfig:\n secretArn: arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\n secretVersion: 12345678-ABCD-EFGH-IJKL-987654321098\n rootVolume:\n iops: 3000\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n sizeGib: 10\n volumeType: gp3\n securityGroupIds:\n - sg-00000000000000000\n sshConfig:\n ec2KeyPair: my--1p-dev-ssh\n tags:\n owner: my@service-account.com\n instancePlacement:\n tenancy: dedicated\n fleet:\n project: my-project-number\n location: us-west1\n name: name\n networking:\n podAddressCidrBlocks:\n - 10.2.0.0/16\n serviceAddressCidrBlocks:\n - 10.1.0.0/16\n vpcId: vpc-00000000000000000\n annotations:\n label-one: value-one\n description: A sample aws cluster\n project: my-project-name\n loggingConfig:\n componentConfig:\n enableComponents:\n - system_components\n - workloads\nvariables:\n versions:\n fn::invoke:\n function: gcp:container:getAwsVersions\n arguments:\n project: my-project-name\n location: us-west1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nCluster can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/awsClusters/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Cluster can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:container/awsCluster:AwsCluster default projects/{{project}}/locations/{{location}}/awsClusters/{{name}}\n```\n\n```sh\n$ pulumi import gcp:container/awsCluster:AwsCluster default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:container/awsCluster:AwsCluster default {{location}}/{{name}}\n```\n\n", "properties": { "annotations": { "type": "object", @@ -186117,7 +186117,7 @@ } }, "gcp:container/awsNodePool:AwsNodePool": { - "description": "An Anthos node pool running on AWS.\n\nFor more information, see:\n* [Multicloud overview](https://cloud.google.com/kubernetes-engine/multi-cloud/docs)\n## Example Usage\n\n### Basic_aws_cluster\nA basic example of a containeraws node pool\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst versions = gcp.container.getAwsVersions({\n project: \"my-project-name\",\n location: \"us-west1\",\n});\nconst primary = new gcp.container.AwsCluster(\"primary\", {\n authorization: {\n adminUsers: [{\n username: \"my@service-account.com\",\n }],\n },\n awsRegion: \"my-aws-region\",\n controlPlane: {\n awsServicesAuthentication: {\n roleArn: \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n roleSessionName: \"my--1p-dev-session\",\n },\n configEncryption: {\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n databaseEncryption: {\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n iamInstanceProfile: \"my--1p-dev-controlplane\",\n subnetIds: [\"subnet-00000000000000000\"],\n version: versions.then(versions =\u003e versions.validVersions?.[0]),\n instanceType: \"t3.medium\",\n mainVolume: {\n iops: 3000,\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n sizeGib: 10,\n volumeType: \"GP3\",\n },\n proxyConfig: {\n secretArn: \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n secretVersion: \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n rootVolume: {\n iops: 3000,\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n sizeGib: 10,\n volumeType: \"GP3\",\n },\n securityGroupIds: [\"sg-00000000000000000\"],\n sshConfig: {\n ec2KeyPair: \"my--1p-dev-ssh\",\n },\n tags: {\n owner: \"my@service-account.com\",\n },\n },\n fleet: {\n project: \"my-project-number\",\n },\n location: \"us-west1\",\n name: \"name\",\n networking: {\n podAddressCidrBlocks: [\"10.2.0.0/16\"],\n serviceAddressCidrBlocks: [\"10.1.0.0/16\"],\n vpcId: \"vpc-00000000000000000\",\n },\n annotations: {\n \"label-one\": \"value-one\",\n },\n description: \"A sample aws cluster\",\n project: \"my-project-name\",\n});\nconst primaryAwsNodePool = new gcp.container.AwsNodePool(\"primary\", {\n autoscaling: {\n maxNodeCount: 5,\n minNodeCount: 1,\n },\n cluster: primary.name,\n config: {\n configEncryption: {\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n iamInstanceProfile: \"my--1p-dev-nodepool\",\n instanceType: \"t3.medium\",\n labels: {\n \"label-one\": \"value-one\",\n },\n rootVolume: {\n iops: 3000,\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n sizeGib: 10,\n volumeType: \"GP3\",\n },\n securityGroupIds: [\"sg-00000000000000000\"],\n proxyConfig: {\n secretArn: \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n secretVersion: \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n sshConfig: {\n ec2KeyPair: \"my--1p-dev-ssh\",\n },\n tags: {\n \"tag-one\": \"value-one\",\n },\n taints: [{\n effect: \"PREFER_NO_SCHEDULE\",\n key: \"taint-key\",\n value: \"taint-value\",\n }],\n },\n location: \"us-west1\",\n maxPodsConstraint: {\n maxPodsPerNode: 110,\n },\n name: \"node-pool-name\",\n subnetId: \"subnet-00000000000000000\",\n version: versions.then(versions =\u003e versions.validVersions?.[0]),\n annotations: {\n \"label-one\": \"value-one\",\n },\n management: {\n autoRepair: true,\n },\n kubeletConfig: {\n cpuManagerPolicy: \"none\",\n cpuCfsQuota: true,\n cpuCfsQuotaPeriod: \"100ms\",\n podPidsLimit: 1024,\n },\n project: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nversions = gcp.container.get_aws_versions(project=\"my-project-name\",\n location=\"us-west1\")\nprimary = gcp.container.AwsCluster(\"primary\",\n authorization={\n \"admin_users\": [{\n \"username\": \"my@service-account.com\",\n }],\n },\n aws_region=\"my-aws-region\",\n control_plane={\n \"aws_services_authentication\": {\n \"role_arn\": \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n \"role_session_name\": \"my--1p-dev-session\",\n },\n \"config_encryption\": {\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n \"database_encryption\": {\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n \"iam_instance_profile\": \"my--1p-dev-controlplane\",\n \"subnet_ids\": [\"subnet-00000000000000000\"],\n \"version\": versions.valid_versions[0],\n \"instance_type\": \"t3.medium\",\n \"main_volume\": {\n \"iops\": 3000,\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n \"size_gib\": 10,\n \"volume_type\": \"GP3\",\n },\n \"proxy_config\": {\n \"secret_arn\": \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n \"secret_version\": \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n \"root_volume\": {\n \"iops\": 3000,\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n \"size_gib\": 10,\n \"volume_type\": \"GP3\",\n },\n \"security_group_ids\": [\"sg-00000000000000000\"],\n \"ssh_config\": {\n \"ec2_key_pair\": \"my--1p-dev-ssh\",\n },\n \"tags\": {\n \"owner\": \"my@service-account.com\",\n },\n },\n fleet={\n \"project\": \"my-project-number\",\n },\n location=\"us-west1\",\n name=\"name\",\n networking={\n \"pod_address_cidr_blocks\": [\"10.2.0.0/16\"],\n \"service_address_cidr_blocks\": [\"10.1.0.0/16\"],\n \"vpc_id\": \"vpc-00000000000000000\",\n },\n annotations={\n \"label-one\": \"value-one\",\n },\n description=\"A sample aws cluster\",\n project=\"my-project-name\")\nprimary_aws_node_pool = gcp.container.AwsNodePool(\"primary\",\n autoscaling={\n \"max_node_count\": 5,\n \"min_node_count\": 1,\n },\n cluster=primary.name,\n config={\n \"config_encryption\": {\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n \"iam_instance_profile\": \"my--1p-dev-nodepool\",\n \"instance_type\": \"t3.medium\",\n \"labels\": {\n \"label-one\": \"value-one\",\n },\n \"root_volume\": {\n \"iops\": 3000,\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n \"size_gib\": 10,\n \"volume_type\": \"GP3\",\n },\n \"security_group_ids\": [\"sg-00000000000000000\"],\n \"proxy_config\": {\n \"secret_arn\": \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n \"secret_version\": \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n \"ssh_config\": {\n \"ec2_key_pair\": \"my--1p-dev-ssh\",\n },\n \"tags\": {\n \"tag-one\": \"value-one\",\n },\n \"taints\": [{\n \"effect\": \"PREFER_NO_SCHEDULE\",\n \"key\": \"taint-key\",\n \"value\": \"taint-value\",\n }],\n },\n location=\"us-west1\",\n max_pods_constraint={\n \"max_pods_per_node\": 110,\n },\n name=\"node-pool-name\",\n subnet_id=\"subnet-00000000000000000\",\n version=versions.valid_versions[0],\n annotations={\n \"label-one\": \"value-one\",\n },\n management={\n \"auto_repair\": True,\n },\n kubelet_config={\n \"cpu_manager_policy\": \"none\",\n \"cpu_cfs_quota\": True,\n \"cpu_cfs_quota_period\": \"100ms\",\n \"pod_pids_limit\": 1024,\n },\n project=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var versions = Gcp.Container.GetAwsVersions.Invoke(new()\n {\n Project = \"my-project-name\",\n Location = \"us-west1\",\n });\n\n var primary = new Gcp.Container.AwsCluster(\"primary\", new()\n {\n Authorization = new Gcp.Container.Inputs.AwsClusterAuthorizationArgs\n {\n AdminUsers = new[]\n {\n new Gcp.Container.Inputs.AwsClusterAuthorizationAdminUserArgs\n {\n Username = \"my@service-account.com\",\n },\n },\n },\n AwsRegion = \"my-aws-region\",\n ControlPlane = new Gcp.Container.Inputs.AwsClusterControlPlaneArgs\n {\n AwsServicesAuthentication = new Gcp.Container.Inputs.AwsClusterControlPlaneAwsServicesAuthenticationArgs\n {\n RoleArn = \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n RoleSessionName = \"my--1p-dev-session\",\n },\n ConfigEncryption = new Gcp.Container.Inputs.AwsClusterControlPlaneConfigEncryptionArgs\n {\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n DatabaseEncryption = new Gcp.Container.Inputs.AwsClusterControlPlaneDatabaseEncryptionArgs\n {\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n IamInstanceProfile = \"my--1p-dev-controlplane\",\n SubnetIds = new[]\n {\n \"subnet-00000000000000000\",\n },\n Version = versions.Apply(getAwsVersionsResult =\u003e getAwsVersionsResult.ValidVersions[0]),\n InstanceType = \"t3.medium\",\n MainVolume = new Gcp.Container.Inputs.AwsClusterControlPlaneMainVolumeArgs\n {\n Iops = 3000,\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n SizeGib = 10,\n VolumeType = \"GP3\",\n },\n ProxyConfig = new Gcp.Container.Inputs.AwsClusterControlPlaneProxyConfigArgs\n {\n SecretArn = \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n SecretVersion = \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n RootVolume = new Gcp.Container.Inputs.AwsClusterControlPlaneRootVolumeArgs\n {\n Iops = 3000,\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n SizeGib = 10,\n VolumeType = \"GP3\",\n },\n SecurityGroupIds = new[]\n {\n \"sg-00000000000000000\",\n },\n SshConfig = new Gcp.Container.Inputs.AwsClusterControlPlaneSshConfigArgs\n {\n Ec2KeyPair = \"my--1p-dev-ssh\",\n },\n Tags = \n {\n { \"owner\", \"my@service-account.com\" },\n },\n },\n Fleet = new Gcp.Container.Inputs.AwsClusterFleetArgs\n {\n Project = \"my-project-number\",\n },\n Location = \"us-west1\",\n Name = \"name\",\n Networking = new Gcp.Container.Inputs.AwsClusterNetworkingArgs\n {\n PodAddressCidrBlocks = new[]\n {\n \"10.2.0.0/16\",\n },\n ServiceAddressCidrBlocks = new[]\n {\n \"10.1.0.0/16\",\n },\n VpcId = \"vpc-00000000000000000\",\n },\n Annotations = \n {\n { \"label-one\", \"value-one\" },\n },\n Description = \"A sample aws cluster\",\n Project = \"my-project-name\",\n });\n\n var primaryAwsNodePool = new Gcp.Container.AwsNodePool(\"primary\", new()\n {\n Autoscaling = new Gcp.Container.Inputs.AwsNodePoolAutoscalingArgs\n {\n MaxNodeCount = 5,\n MinNodeCount = 1,\n },\n Cluster = primary.Name,\n Config = new Gcp.Container.Inputs.AwsNodePoolConfigArgs\n {\n ConfigEncryption = new Gcp.Container.Inputs.AwsNodePoolConfigConfigEncryptionArgs\n {\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n IamInstanceProfile = \"my--1p-dev-nodepool\",\n InstanceType = \"t3.medium\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n RootVolume = new Gcp.Container.Inputs.AwsNodePoolConfigRootVolumeArgs\n {\n Iops = 3000,\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n SizeGib = 10,\n VolumeType = \"GP3\",\n },\n SecurityGroupIds = new[]\n {\n \"sg-00000000000000000\",\n },\n ProxyConfig = new Gcp.Container.Inputs.AwsNodePoolConfigProxyConfigArgs\n {\n SecretArn = \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n SecretVersion = \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n SshConfig = new Gcp.Container.Inputs.AwsNodePoolConfigSshConfigArgs\n {\n Ec2KeyPair = \"my--1p-dev-ssh\",\n },\n Tags = \n {\n { \"tag-one\", \"value-one\" },\n },\n Taints = new[]\n {\n new Gcp.Container.Inputs.AwsNodePoolConfigTaintArgs\n {\n Effect = \"PREFER_NO_SCHEDULE\",\n Key = \"taint-key\",\n Value = \"taint-value\",\n },\n },\n },\n Location = \"us-west1\",\n MaxPodsConstraint = new Gcp.Container.Inputs.AwsNodePoolMaxPodsConstraintArgs\n {\n MaxPodsPerNode = 110,\n },\n Name = \"node-pool-name\",\n SubnetId = \"subnet-00000000000000000\",\n Version = versions.Apply(getAwsVersionsResult =\u003e getAwsVersionsResult.ValidVersions[0]),\n Annotations = \n {\n { \"label-one\", \"value-one\" },\n },\n Management = new Gcp.Container.Inputs.AwsNodePoolManagementArgs\n {\n AutoRepair = true,\n },\n KubeletConfig = new Gcp.Container.Inputs.AwsNodePoolKubeletConfigArgs\n {\n CpuManagerPolicy = \"none\",\n CpuCfsQuota = true,\n CpuCfsQuotaPeriod = \"100ms\",\n PodPidsLimit = 1024,\n },\n Project = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tversions, err := container.GetAwsVersions(ctx, \u0026container.GetAwsVersionsArgs{\n\t\t\tProject: pulumi.StringRef(\"my-project-name\"),\n\t\t\tLocation: pulumi.StringRef(\"us-west1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimary, err := container.NewAwsCluster(ctx, \"primary\", \u0026container.AwsClusterArgs{\n\t\t\tAuthorization: \u0026container.AwsClusterAuthorizationArgs{\n\t\t\t\tAdminUsers: container.AwsClusterAuthorizationAdminUserArray{\n\t\t\t\t\t\u0026container.AwsClusterAuthorizationAdminUserArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"my@service-account.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAwsRegion: pulumi.String(\"my-aws-region\"),\n\t\t\tControlPlane: \u0026container.AwsClusterControlPlaneArgs{\n\t\t\t\tAwsServicesAuthentication: \u0026container.AwsClusterControlPlaneAwsServicesAuthenticationArgs{\n\t\t\t\t\tRoleArn: pulumi.String(\"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\"),\n\t\t\t\t\tRoleSessionName: pulumi.String(\"my--1p-dev-session\"),\n\t\t\t\t},\n\t\t\t\tConfigEncryption: \u0026container.AwsClusterControlPlaneConfigEncryptionArgs{\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t},\n\t\t\t\tDatabaseEncryption: \u0026container.AwsClusterControlPlaneDatabaseEncryptionArgs{\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t},\n\t\t\t\tIamInstanceProfile: pulumi.String(\"my--1p-dev-controlplane\"),\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"subnet-00000000000000000\"),\n\t\t\t\t},\n\t\t\t\tVersion: pulumi.String(versions.ValidVersions[0]),\n\t\t\t\tInstanceType: pulumi.String(\"t3.medium\"),\n\t\t\t\tMainVolume: \u0026container.AwsClusterControlPlaneMainVolumeArgs{\n\t\t\t\t\tIops: pulumi.Int(3000),\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t\tSizeGib: pulumi.Int(10),\n\t\t\t\t\tVolumeType: pulumi.String(\"GP3\"),\n\t\t\t\t},\n\t\t\t\tProxyConfig: \u0026container.AwsClusterControlPlaneProxyConfigArgs{\n\t\t\t\t\tSecretArn: pulumi.String(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\"),\n\t\t\t\t\tSecretVersion: pulumi.String(\"12345678-ABCD-EFGH-IJKL-987654321098\"),\n\t\t\t\t},\n\t\t\t\tRootVolume: \u0026container.AwsClusterControlPlaneRootVolumeArgs{\n\t\t\t\t\tIops: pulumi.Int(3000),\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t\tSizeGib: pulumi.Int(10),\n\t\t\t\t\tVolumeType: pulumi.String(\"GP3\"),\n\t\t\t\t},\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"sg-00000000000000000\"),\n\t\t\t\t},\n\t\t\t\tSshConfig: \u0026container.AwsClusterControlPlaneSshConfigArgs{\n\t\t\t\t\tEc2KeyPair: pulumi.String(\"my--1p-dev-ssh\"),\n\t\t\t\t},\n\t\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\t\"owner\": pulumi.String(\"my@service-account.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tFleet: \u0026container.AwsClusterFleetArgs{\n\t\t\t\tProject: pulumi.String(\"my-project-number\"),\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tName: pulumi.String(\"name\"),\n\t\t\tNetworking: \u0026container.AwsClusterNetworkingArgs{\n\t\t\t\tPodAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.2.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tServiceAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.1.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tVpcId: pulumi.String(\"vpc-00000000000000000\"),\n\t\t\t},\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"A sample aws cluster\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = container.NewAwsNodePool(ctx, \"primary\", \u0026container.AwsNodePoolArgs{\n\t\t\tAutoscaling: \u0026container.AwsNodePoolAutoscalingArgs{\n\t\t\t\tMaxNodeCount: pulumi.Int(5),\n\t\t\t\tMinNodeCount: pulumi.Int(1),\n\t\t\t},\n\t\t\tCluster: primary.Name,\n\t\t\tConfig: \u0026container.AwsNodePoolConfigArgs{\n\t\t\t\tConfigEncryption: \u0026container.AwsNodePoolConfigConfigEncryptionArgs{\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t},\n\t\t\t\tIamInstanceProfile: pulumi.String(\"my--1p-dev-nodepool\"),\n\t\t\t\tInstanceType: pulumi.String(\"t3.medium\"),\n\t\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t\t},\n\t\t\t\tRootVolume: \u0026container.AwsNodePoolConfigRootVolumeArgs{\n\t\t\t\t\tIops: pulumi.Int(3000),\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t\tSizeGib: pulumi.Int(10),\n\t\t\t\t\tVolumeType: pulumi.String(\"GP3\"),\n\t\t\t\t},\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"sg-00000000000000000\"),\n\t\t\t\t},\n\t\t\t\tProxyConfig: \u0026container.AwsNodePoolConfigProxyConfigArgs{\n\t\t\t\t\tSecretArn: pulumi.String(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\"),\n\t\t\t\t\tSecretVersion: pulumi.String(\"12345678-ABCD-EFGH-IJKL-987654321098\"),\n\t\t\t\t},\n\t\t\t\tSshConfig: \u0026container.AwsNodePoolConfigSshConfigArgs{\n\t\t\t\t\tEc2KeyPair: pulumi.String(\"my--1p-dev-ssh\"),\n\t\t\t\t},\n\t\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\t\"tag-one\": pulumi.String(\"value-one\"),\n\t\t\t\t},\n\t\t\t\tTaints: container.AwsNodePoolConfigTaintArray{\n\t\t\t\t\t\u0026container.AwsNodePoolConfigTaintArgs{\n\t\t\t\t\t\tEffect: pulumi.String(\"PREFER_NO_SCHEDULE\"),\n\t\t\t\t\t\tKey: pulumi.String(\"taint-key\"),\n\t\t\t\t\t\tValue: pulumi.String(\"taint-value\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tMaxPodsConstraint: \u0026container.AwsNodePoolMaxPodsConstraintArgs{\n\t\t\t\tMaxPodsPerNode: pulumi.Int(110),\n\t\t\t},\n\t\t\tName: pulumi.String(\"node-pool-name\"),\n\t\t\tSubnetId: pulumi.String(\"subnet-00000000000000000\"),\n\t\t\tVersion: pulumi.String(versions.ValidVersions[0]),\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tManagement: \u0026container.AwsNodePoolManagementArgs{\n\t\t\t\tAutoRepair: pulumi.Bool(true),\n\t\t\t},\n\t\t\tKubeletConfig: \u0026container.AwsNodePoolKubeletConfigArgs{\n\t\t\t\tCpuManagerPolicy: pulumi.String(\"none\"),\n\t\t\t\tCpuCfsQuota: pulumi.Bool(true),\n\t\t\t\tCpuCfsQuotaPeriod: pulumi.String(\"100ms\"),\n\t\t\t\tPodPidsLimit: pulumi.Int(1024),\n\t\t\t},\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetAwsVersionsArgs;\nimport com.pulumi.gcp.container.AwsCluster;\nimport com.pulumi.gcp.container.AwsClusterArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterAuthorizationArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneAwsServicesAuthenticationArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneConfigEncryptionArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneDatabaseEncryptionArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneMainVolumeArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneProxyConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneRootVolumeArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneSshConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterFleetArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterNetworkingArgs;\nimport com.pulumi.gcp.container.AwsNodePool;\nimport com.pulumi.gcp.container.AwsNodePoolArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolAutoscalingArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolConfigConfigEncryptionArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolConfigRootVolumeArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolConfigProxyConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolConfigSshConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolMaxPodsConstraintArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolManagementArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolKubeletConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var versions = ContainerFunctions.getAwsVersions(GetAwsVersionsArgs.builder()\n .project(\"my-project-name\")\n .location(\"us-west1\")\n .build());\n\n var primary = new AwsCluster(\"primary\", AwsClusterArgs.builder()\n .authorization(AwsClusterAuthorizationArgs.builder()\n .adminUsers(AwsClusterAuthorizationAdminUserArgs.builder()\n .username(\"my@service-account.com\")\n .build())\n .build())\n .awsRegion(\"my-aws-region\")\n .controlPlane(AwsClusterControlPlaneArgs.builder()\n .awsServicesAuthentication(AwsClusterControlPlaneAwsServicesAuthenticationArgs.builder()\n .roleArn(\"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\")\n .roleSessionName(\"my--1p-dev-session\")\n .build())\n .configEncryption(AwsClusterControlPlaneConfigEncryptionArgs.builder()\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .build())\n .databaseEncryption(AwsClusterControlPlaneDatabaseEncryptionArgs.builder()\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .build())\n .iamInstanceProfile(\"my--1p-dev-controlplane\")\n .subnetIds(\"subnet-00000000000000000\")\n .version(versions.applyValue(getAwsVersionsResult -\u003e getAwsVersionsResult.validVersions()[0]))\n .instanceType(\"t3.medium\")\n .mainVolume(AwsClusterControlPlaneMainVolumeArgs.builder()\n .iops(3000)\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .sizeGib(10)\n .volumeType(\"GP3\")\n .build())\n .proxyConfig(AwsClusterControlPlaneProxyConfigArgs.builder()\n .secretArn(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\")\n .secretVersion(\"12345678-ABCD-EFGH-IJKL-987654321098\")\n .build())\n .rootVolume(AwsClusterControlPlaneRootVolumeArgs.builder()\n .iops(3000)\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .sizeGib(10)\n .volumeType(\"GP3\")\n .build())\n .securityGroupIds(\"sg-00000000000000000\")\n .sshConfig(AwsClusterControlPlaneSshConfigArgs.builder()\n .ec2KeyPair(\"my--1p-dev-ssh\")\n .build())\n .tags(Map.of(\"owner\", \"my@service-account.com\"))\n .build())\n .fleet(AwsClusterFleetArgs.builder()\n .project(\"my-project-number\")\n .build())\n .location(\"us-west1\")\n .name(\"name\")\n .networking(AwsClusterNetworkingArgs.builder()\n .podAddressCidrBlocks(\"10.2.0.0/16\")\n .serviceAddressCidrBlocks(\"10.1.0.0/16\")\n .vpcId(\"vpc-00000000000000000\")\n .build())\n .annotations(Map.of(\"label-one\", \"value-one\"))\n .description(\"A sample aws cluster\")\n .project(\"my-project-name\")\n .build());\n\n var primaryAwsNodePool = new AwsNodePool(\"primaryAwsNodePool\", AwsNodePoolArgs.builder()\n .autoscaling(AwsNodePoolAutoscalingArgs.builder()\n .maxNodeCount(5)\n .minNodeCount(1)\n .build())\n .cluster(primary.name())\n .config(AwsNodePoolConfigArgs.builder()\n .configEncryption(AwsNodePoolConfigConfigEncryptionArgs.builder()\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .build())\n .iamInstanceProfile(\"my--1p-dev-nodepool\")\n .instanceType(\"t3.medium\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .rootVolume(AwsNodePoolConfigRootVolumeArgs.builder()\n .iops(3000)\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .sizeGib(10)\n .volumeType(\"GP3\")\n .build())\n .securityGroupIds(\"sg-00000000000000000\")\n .proxyConfig(AwsNodePoolConfigProxyConfigArgs.builder()\n .secretArn(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\")\n .secretVersion(\"12345678-ABCD-EFGH-IJKL-987654321098\")\n .build())\n .sshConfig(AwsNodePoolConfigSshConfigArgs.builder()\n .ec2KeyPair(\"my--1p-dev-ssh\")\n .build())\n .tags(Map.of(\"tag-one\", \"value-one\"))\n .taints(AwsNodePoolConfigTaintArgs.builder()\n .effect(\"PREFER_NO_SCHEDULE\")\n .key(\"taint-key\")\n .value(\"taint-value\")\n .build())\n .build())\n .location(\"us-west1\")\n .maxPodsConstraint(AwsNodePoolMaxPodsConstraintArgs.builder()\n .maxPodsPerNode(110)\n .build())\n .name(\"node-pool-name\")\n .subnetId(\"subnet-00000000000000000\")\n .version(versions.applyValue(getAwsVersionsResult -\u003e getAwsVersionsResult.validVersions()[0]))\n .annotations(Map.of(\"label-one\", \"value-one\"))\n .management(AwsNodePoolManagementArgs.builder()\n .autoRepair(true)\n .build())\n .kubeletConfig(AwsNodePoolKubeletConfigArgs.builder()\n .cpuManagerPolicy(\"none\")\n .cpuCfsQuota(true)\n .cpuCfsQuotaPeriod(\"100ms\")\n .podPidsLimit(1024)\n .build())\n .project(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:AwsCluster\n properties:\n authorization:\n adminUsers:\n - username: my@service-account.com\n awsRegion: my-aws-region\n controlPlane:\n awsServicesAuthentication:\n roleArn: arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\n roleSessionName: my--1p-dev-session\n configEncryption:\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n databaseEncryption:\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n iamInstanceProfile: my--1p-dev-controlplane\n subnetIds:\n - subnet-00000000000000000\n version: ${versions.validVersions[0]}\n instanceType: t3.medium\n mainVolume:\n iops: 3000\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n sizeGib: 10\n volumeType: GP3\n proxyConfig:\n secretArn: arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\n secretVersion: 12345678-ABCD-EFGH-IJKL-987654321098\n rootVolume:\n iops: 3000\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n sizeGib: 10\n volumeType: GP3\n securityGroupIds:\n - sg-00000000000000000\n sshConfig:\n ec2KeyPair: my--1p-dev-ssh\n tags:\n owner: my@service-account.com\n fleet:\n project: my-project-number\n location: us-west1\n name: name\n networking:\n podAddressCidrBlocks:\n - 10.2.0.0/16\n serviceAddressCidrBlocks:\n - 10.1.0.0/16\n vpcId: vpc-00000000000000000\n annotations:\n label-one: value-one\n description: A sample aws cluster\n project: my-project-name\n primaryAwsNodePool:\n type: gcp:container:AwsNodePool\n name: primary\n properties:\n autoscaling:\n maxNodeCount: 5\n minNodeCount: 1\n cluster: ${primary.name}\n config:\n configEncryption:\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n iamInstanceProfile: my--1p-dev-nodepool\n instanceType: t3.medium\n labels:\n label-one: value-one\n rootVolume:\n iops: 3000\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n sizeGib: 10\n volumeType: GP3\n securityGroupIds:\n - sg-00000000000000000\n proxyConfig:\n secretArn: arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\n secretVersion: 12345678-ABCD-EFGH-IJKL-987654321098\n sshConfig:\n ec2KeyPair: my--1p-dev-ssh\n tags:\n tag-one: value-one\n taints:\n - effect: PREFER_NO_SCHEDULE\n key: taint-key\n value: taint-value\n location: us-west1\n maxPodsConstraint:\n maxPodsPerNode: 110\n name: node-pool-name\n subnetId: subnet-00000000000000000\n version: ${versions.validVersions[0]}\n annotations:\n label-one: value-one\n management:\n autoRepair: true\n kubeletConfig:\n cpuManagerPolicy: none\n cpuCfsQuota: true\n cpuCfsQuotaPeriod: 100ms\n podPidsLimit: 1024\n project: my-project-name\nvariables:\n versions:\n fn::invoke:\n Function: gcp:container:getAwsVersions\n Arguments:\n project: my-project-name\n location: us-west1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Basic_enum_aws_cluster\nA basic example of a containeraws node pool with lowercase enums\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst versions = gcp.container.getAwsVersions({\n project: \"my-project-name\",\n location: \"us-west1\",\n});\nconst primary = new gcp.container.AwsCluster(\"primary\", {\n authorization: {\n adminUsers: [{\n username: \"my@service-account.com\",\n }],\n },\n awsRegion: \"my-aws-region\",\n controlPlane: {\n awsServicesAuthentication: {\n roleArn: \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n roleSessionName: \"my--1p-dev-session\",\n },\n configEncryption: {\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n databaseEncryption: {\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n iamInstanceProfile: \"my--1p-dev-controlplane\",\n subnetIds: [\"subnet-00000000000000000\"],\n version: versions.then(versions =\u003e versions.validVersions?.[0]),\n instanceType: \"t3.medium\",\n mainVolume: {\n iops: 3000,\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n sizeGib: 10,\n volumeType: \"GP3\",\n },\n proxyConfig: {\n secretArn: \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n secretVersion: \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n rootVolume: {\n iops: 3000,\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n sizeGib: 10,\n volumeType: \"GP3\",\n },\n securityGroupIds: [\"sg-00000000000000000\"],\n sshConfig: {\n ec2KeyPair: \"my--1p-dev-ssh\",\n },\n tags: {\n owner: \"my@service-account.com\",\n },\n },\n fleet: {\n project: \"my-project-number\",\n },\n location: \"us-west1\",\n name: \"name\",\n networking: {\n podAddressCidrBlocks: [\"10.2.0.0/16\"],\n serviceAddressCidrBlocks: [\"10.1.0.0/16\"],\n vpcId: \"vpc-00000000000000000\",\n },\n annotations: {\n \"label-one\": \"value-one\",\n },\n description: \"A sample aws cluster\",\n project: \"my-project-name\",\n});\nconst primaryAwsNodePool = new gcp.container.AwsNodePool(\"primary\", {\n autoscaling: {\n maxNodeCount: 5,\n minNodeCount: 1,\n },\n cluster: primary.name,\n config: {\n configEncryption: {\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n iamInstanceProfile: \"my--1p-dev-nodepool\",\n instanceType: \"t3.medium\",\n labels: {\n \"label-one\": \"value-one\",\n },\n rootVolume: {\n iops: 3000,\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n sizeGib: 10,\n volumeType: \"gp3\",\n },\n securityGroupIds: [\"sg-00000000000000000\"],\n proxyConfig: {\n secretArn: \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n secretVersion: \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n sshConfig: {\n ec2KeyPair: \"my--1p-dev-ssh\",\n },\n tags: {\n \"tag-one\": \"value-one\",\n },\n taints: [{\n effect: \"prefer_no_schedule\",\n key: \"taint-key\",\n value: \"taint-value\",\n }],\n },\n location: \"us-west1\",\n maxPodsConstraint: {\n maxPodsPerNode: 110,\n },\n name: \"node-pool-name\",\n subnetId: \"subnet-00000000000000000\",\n version: versions.then(versions =\u003e versions.validVersions?.[0]),\n annotations: {\n \"label-one\": \"value-one\",\n },\n project: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nversions = gcp.container.get_aws_versions(project=\"my-project-name\",\n location=\"us-west1\")\nprimary = gcp.container.AwsCluster(\"primary\",\n authorization={\n \"admin_users\": [{\n \"username\": \"my@service-account.com\",\n }],\n },\n aws_region=\"my-aws-region\",\n control_plane={\n \"aws_services_authentication\": {\n \"role_arn\": \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n \"role_session_name\": \"my--1p-dev-session\",\n },\n \"config_encryption\": {\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n \"database_encryption\": {\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n \"iam_instance_profile\": \"my--1p-dev-controlplane\",\n \"subnet_ids\": [\"subnet-00000000000000000\"],\n \"version\": versions.valid_versions[0],\n \"instance_type\": \"t3.medium\",\n \"main_volume\": {\n \"iops\": 3000,\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n \"size_gib\": 10,\n \"volume_type\": \"GP3\",\n },\n \"proxy_config\": {\n \"secret_arn\": \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n \"secret_version\": \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n \"root_volume\": {\n \"iops\": 3000,\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n \"size_gib\": 10,\n \"volume_type\": \"GP3\",\n },\n \"security_group_ids\": [\"sg-00000000000000000\"],\n \"ssh_config\": {\n \"ec2_key_pair\": \"my--1p-dev-ssh\",\n },\n \"tags\": {\n \"owner\": \"my@service-account.com\",\n },\n },\n fleet={\n \"project\": \"my-project-number\",\n },\n location=\"us-west1\",\n name=\"name\",\n networking={\n \"pod_address_cidr_blocks\": [\"10.2.0.0/16\"],\n \"service_address_cidr_blocks\": [\"10.1.0.0/16\"],\n \"vpc_id\": \"vpc-00000000000000000\",\n },\n annotations={\n \"label-one\": \"value-one\",\n },\n description=\"A sample aws cluster\",\n project=\"my-project-name\")\nprimary_aws_node_pool = gcp.container.AwsNodePool(\"primary\",\n autoscaling={\n \"max_node_count\": 5,\n \"min_node_count\": 1,\n },\n cluster=primary.name,\n config={\n \"config_encryption\": {\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n \"iam_instance_profile\": \"my--1p-dev-nodepool\",\n \"instance_type\": \"t3.medium\",\n \"labels\": {\n \"label-one\": \"value-one\",\n },\n \"root_volume\": {\n \"iops\": 3000,\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n \"size_gib\": 10,\n \"volume_type\": \"gp3\",\n },\n \"security_group_ids\": [\"sg-00000000000000000\"],\n \"proxy_config\": {\n \"secret_arn\": \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n \"secret_version\": \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n \"ssh_config\": {\n \"ec2_key_pair\": \"my--1p-dev-ssh\",\n },\n \"tags\": {\n \"tag-one\": \"value-one\",\n },\n \"taints\": [{\n \"effect\": \"prefer_no_schedule\",\n \"key\": \"taint-key\",\n \"value\": \"taint-value\",\n }],\n },\n location=\"us-west1\",\n max_pods_constraint={\n \"max_pods_per_node\": 110,\n },\n name=\"node-pool-name\",\n subnet_id=\"subnet-00000000000000000\",\n version=versions.valid_versions[0],\n annotations={\n \"label-one\": \"value-one\",\n },\n project=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var versions = Gcp.Container.GetAwsVersions.Invoke(new()\n {\n Project = \"my-project-name\",\n Location = \"us-west1\",\n });\n\n var primary = new Gcp.Container.AwsCluster(\"primary\", new()\n {\n Authorization = new Gcp.Container.Inputs.AwsClusterAuthorizationArgs\n {\n AdminUsers = new[]\n {\n new Gcp.Container.Inputs.AwsClusterAuthorizationAdminUserArgs\n {\n Username = \"my@service-account.com\",\n },\n },\n },\n AwsRegion = \"my-aws-region\",\n ControlPlane = new Gcp.Container.Inputs.AwsClusterControlPlaneArgs\n {\n AwsServicesAuthentication = new Gcp.Container.Inputs.AwsClusterControlPlaneAwsServicesAuthenticationArgs\n {\n RoleArn = \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n RoleSessionName = \"my--1p-dev-session\",\n },\n ConfigEncryption = new Gcp.Container.Inputs.AwsClusterControlPlaneConfigEncryptionArgs\n {\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n DatabaseEncryption = new Gcp.Container.Inputs.AwsClusterControlPlaneDatabaseEncryptionArgs\n {\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n IamInstanceProfile = \"my--1p-dev-controlplane\",\n SubnetIds = new[]\n {\n \"subnet-00000000000000000\",\n },\n Version = versions.Apply(getAwsVersionsResult =\u003e getAwsVersionsResult.ValidVersions[0]),\n InstanceType = \"t3.medium\",\n MainVolume = new Gcp.Container.Inputs.AwsClusterControlPlaneMainVolumeArgs\n {\n Iops = 3000,\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n SizeGib = 10,\n VolumeType = \"GP3\",\n },\n ProxyConfig = new Gcp.Container.Inputs.AwsClusterControlPlaneProxyConfigArgs\n {\n SecretArn = \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n SecretVersion = \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n RootVolume = new Gcp.Container.Inputs.AwsClusterControlPlaneRootVolumeArgs\n {\n Iops = 3000,\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n SizeGib = 10,\n VolumeType = \"GP3\",\n },\n SecurityGroupIds = new[]\n {\n \"sg-00000000000000000\",\n },\n SshConfig = new Gcp.Container.Inputs.AwsClusterControlPlaneSshConfigArgs\n {\n Ec2KeyPair = \"my--1p-dev-ssh\",\n },\n Tags = \n {\n { \"owner\", \"my@service-account.com\" },\n },\n },\n Fleet = new Gcp.Container.Inputs.AwsClusterFleetArgs\n {\n Project = \"my-project-number\",\n },\n Location = \"us-west1\",\n Name = \"name\",\n Networking = new Gcp.Container.Inputs.AwsClusterNetworkingArgs\n {\n PodAddressCidrBlocks = new[]\n {\n \"10.2.0.0/16\",\n },\n ServiceAddressCidrBlocks = new[]\n {\n \"10.1.0.0/16\",\n },\n VpcId = \"vpc-00000000000000000\",\n },\n Annotations = \n {\n { \"label-one\", \"value-one\" },\n },\n Description = \"A sample aws cluster\",\n Project = \"my-project-name\",\n });\n\n var primaryAwsNodePool = new Gcp.Container.AwsNodePool(\"primary\", new()\n {\n Autoscaling = new Gcp.Container.Inputs.AwsNodePoolAutoscalingArgs\n {\n MaxNodeCount = 5,\n MinNodeCount = 1,\n },\n Cluster = primary.Name,\n Config = new Gcp.Container.Inputs.AwsNodePoolConfigArgs\n {\n ConfigEncryption = new Gcp.Container.Inputs.AwsNodePoolConfigConfigEncryptionArgs\n {\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n IamInstanceProfile = \"my--1p-dev-nodepool\",\n InstanceType = \"t3.medium\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n RootVolume = new Gcp.Container.Inputs.AwsNodePoolConfigRootVolumeArgs\n {\n Iops = 3000,\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n SizeGib = 10,\n VolumeType = \"gp3\",\n },\n SecurityGroupIds = new[]\n {\n \"sg-00000000000000000\",\n },\n ProxyConfig = new Gcp.Container.Inputs.AwsNodePoolConfigProxyConfigArgs\n {\n SecretArn = \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n SecretVersion = \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n SshConfig = new Gcp.Container.Inputs.AwsNodePoolConfigSshConfigArgs\n {\n Ec2KeyPair = \"my--1p-dev-ssh\",\n },\n Tags = \n {\n { \"tag-one\", \"value-one\" },\n },\n Taints = new[]\n {\n new Gcp.Container.Inputs.AwsNodePoolConfigTaintArgs\n {\n Effect = \"prefer_no_schedule\",\n Key = \"taint-key\",\n Value = \"taint-value\",\n },\n },\n },\n Location = \"us-west1\",\n MaxPodsConstraint = new Gcp.Container.Inputs.AwsNodePoolMaxPodsConstraintArgs\n {\n MaxPodsPerNode = 110,\n },\n Name = \"node-pool-name\",\n SubnetId = \"subnet-00000000000000000\",\n Version = versions.Apply(getAwsVersionsResult =\u003e getAwsVersionsResult.ValidVersions[0]),\n Annotations = \n {\n { \"label-one\", \"value-one\" },\n },\n Project = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tversions, err := container.GetAwsVersions(ctx, \u0026container.GetAwsVersionsArgs{\n\t\t\tProject: pulumi.StringRef(\"my-project-name\"),\n\t\t\tLocation: pulumi.StringRef(\"us-west1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimary, err := container.NewAwsCluster(ctx, \"primary\", \u0026container.AwsClusterArgs{\n\t\t\tAuthorization: \u0026container.AwsClusterAuthorizationArgs{\n\t\t\t\tAdminUsers: container.AwsClusterAuthorizationAdminUserArray{\n\t\t\t\t\t\u0026container.AwsClusterAuthorizationAdminUserArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"my@service-account.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAwsRegion: pulumi.String(\"my-aws-region\"),\n\t\t\tControlPlane: \u0026container.AwsClusterControlPlaneArgs{\n\t\t\t\tAwsServicesAuthentication: \u0026container.AwsClusterControlPlaneAwsServicesAuthenticationArgs{\n\t\t\t\t\tRoleArn: pulumi.String(\"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\"),\n\t\t\t\t\tRoleSessionName: pulumi.String(\"my--1p-dev-session\"),\n\t\t\t\t},\n\t\t\t\tConfigEncryption: \u0026container.AwsClusterControlPlaneConfigEncryptionArgs{\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t},\n\t\t\t\tDatabaseEncryption: \u0026container.AwsClusterControlPlaneDatabaseEncryptionArgs{\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t},\n\t\t\t\tIamInstanceProfile: pulumi.String(\"my--1p-dev-controlplane\"),\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"subnet-00000000000000000\"),\n\t\t\t\t},\n\t\t\t\tVersion: pulumi.String(versions.ValidVersions[0]),\n\t\t\t\tInstanceType: pulumi.String(\"t3.medium\"),\n\t\t\t\tMainVolume: \u0026container.AwsClusterControlPlaneMainVolumeArgs{\n\t\t\t\t\tIops: pulumi.Int(3000),\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t\tSizeGib: pulumi.Int(10),\n\t\t\t\t\tVolumeType: pulumi.String(\"GP3\"),\n\t\t\t\t},\n\t\t\t\tProxyConfig: \u0026container.AwsClusterControlPlaneProxyConfigArgs{\n\t\t\t\t\tSecretArn: pulumi.String(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\"),\n\t\t\t\t\tSecretVersion: pulumi.String(\"12345678-ABCD-EFGH-IJKL-987654321098\"),\n\t\t\t\t},\n\t\t\t\tRootVolume: \u0026container.AwsClusterControlPlaneRootVolumeArgs{\n\t\t\t\t\tIops: pulumi.Int(3000),\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t\tSizeGib: pulumi.Int(10),\n\t\t\t\t\tVolumeType: pulumi.String(\"GP3\"),\n\t\t\t\t},\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"sg-00000000000000000\"),\n\t\t\t\t},\n\t\t\t\tSshConfig: \u0026container.AwsClusterControlPlaneSshConfigArgs{\n\t\t\t\t\tEc2KeyPair: pulumi.String(\"my--1p-dev-ssh\"),\n\t\t\t\t},\n\t\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\t\"owner\": pulumi.String(\"my@service-account.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tFleet: \u0026container.AwsClusterFleetArgs{\n\t\t\t\tProject: pulumi.String(\"my-project-number\"),\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tName: pulumi.String(\"name\"),\n\t\t\tNetworking: \u0026container.AwsClusterNetworkingArgs{\n\t\t\t\tPodAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.2.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tServiceAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.1.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tVpcId: pulumi.String(\"vpc-00000000000000000\"),\n\t\t\t},\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"A sample aws cluster\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = container.NewAwsNodePool(ctx, \"primary\", \u0026container.AwsNodePoolArgs{\n\t\t\tAutoscaling: \u0026container.AwsNodePoolAutoscalingArgs{\n\t\t\t\tMaxNodeCount: pulumi.Int(5),\n\t\t\t\tMinNodeCount: pulumi.Int(1),\n\t\t\t},\n\t\t\tCluster: primary.Name,\n\t\t\tConfig: \u0026container.AwsNodePoolConfigArgs{\n\t\t\t\tConfigEncryption: \u0026container.AwsNodePoolConfigConfigEncryptionArgs{\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t},\n\t\t\t\tIamInstanceProfile: pulumi.String(\"my--1p-dev-nodepool\"),\n\t\t\t\tInstanceType: pulumi.String(\"t3.medium\"),\n\t\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t\t},\n\t\t\t\tRootVolume: \u0026container.AwsNodePoolConfigRootVolumeArgs{\n\t\t\t\t\tIops: pulumi.Int(3000),\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t\tSizeGib: pulumi.Int(10),\n\t\t\t\t\tVolumeType: pulumi.String(\"gp3\"),\n\t\t\t\t},\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"sg-00000000000000000\"),\n\t\t\t\t},\n\t\t\t\tProxyConfig: \u0026container.AwsNodePoolConfigProxyConfigArgs{\n\t\t\t\t\tSecretArn: pulumi.String(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\"),\n\t\t\t\t\tSecretVersion: pulumi.String(\"12345678-ABCD-EFGH-IJKL-987654321098\"),\n\t\t\t\t},\n\t\t\t\tSshConfig: \u0026container.AwsNodePoolConfigSshConfigArgs{\n\t\t\t\t\tEc2KeyPair: pulumi.String(\"my--1p-dev-ssh\"),\n\t\t\t\t},\n\t\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\t\"tag-one\": pulumi.String(\"value-one\"),\n\t\t\t\t},\n\t\t\t\tTaints: container.AwsNodePoolConfigTaintArray{\n\t\t\t\t\t\u0026container.AwsNodePoolConfigTaintArgs{\n\t\t\t\t\t\tEffect: pulumi.String(\"prefer_no_schedule\"),\n\t\t\t\t\t\tKey: pulumi.String(\"taint-key\"),\n\t\t\t\t\t\tValue: pulumi.String(\"taint-value\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tMaxPodsConstraint: \u0026container.AwsNodePoolMaxPodsConstraintArgs{\n\t\t\t\tMaxPodsPerNode: pulumi.Int(110),\n\t\t\t},\n\t\t\tName: pulumi.String(\"node-pool-name\"),\n\t\t\tSubnetId: pulumi.String(\"subnet-00000000000000000\"),\n\t\t\tVersion: pulumi.String(versions.ValidVersions[0]),\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetAwsVersionsArgs;\nimport com.pulumi.gcp.container.AwsCluster;\nimport com.pulumi.gcp.container.AwsClusterArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterAuthorizationArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneAwsServicesAuthenticationArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneConfigEncryptionArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneDatabaseEncryptionArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneMainVolumeArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneProxyConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneRootVolumeArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneSshConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterFleetArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterNetworkingArgs;\nimport com.pulumi.gcp.container.AwsNodePool;\nimport com.pulumi.gcp.container.AwsNodePoolArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolAutoscalingArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolConfigConfigEncryptionArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolConfigRootVolumeArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolConfigProxyConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolConfigSshConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolMaxPodsConstraintArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var versions = ContainerFunctions.getAwsVersions(GetAwsVersionsArgs.builder()\n .project(\"my-project-name\")\n .location(\"us-west1\")\n .build());\n\n var primary = new AwsCluster(\"primary\", AwsClusterArgs.builder()\n .authorization(AwsClusterAuthorizationArgs.builder()\n .adminUsers(AwsClusterAuthorizationAdminUserArgs.builder()\n .username(\"my@service-account.com\")\n .build())\n .build())\n .awsRegion(\"my-aws-region\")\n .controlPlane(AwsClusterControlPlaneArgs.builder()\n .awsServicesAuthentication(AwsClusterControlPlaneAwsServicesAuthenticationArgs.builder()\n .roleArn(\"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\")\n .roleSessionName(\"my--1p-dev-session\")\n .build())\n .configEncryption(AwsClusterControlPlaneConfigEncryptionArgs.builder()\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .build())\n .databaseEncryption(AwsClusterControlPlaneDatabaseEncryptionArgs.builder()\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .build())\n .iamInstanceProfile(\"my--1p-dev-controlplane\")\n .subnetIds(\"subnet-00000000000000000\")\n .version(versions.applyValue(getAwsVersionsResult -\u003e getAwsVersionsResult.validVersions()[0]))\n .instanceType(\"t3.medium\")\n .mainVolume(AwsClusterControlPlaneMainVolumeArgs.builder()\n .iops(3000)\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .sizeGib(10)\n .volumeType(\"GP3\")\n .build())\n .proxyConfig(AwsClusterControlPlaneProxyConfigArgs.builder()\n .secretArn(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\")\n .secretVersion(\"12345678-ABCD-EFGH-IJKL-987654321098\")\n .build())\n .rootVolume(AwsClusterControlPlaneRootVolumeArgs.builder()\n .iops(3000)\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .sizeGib(10)\n .volumeType(\"GP3\")\n .build())\n .securityGroupIds(\"sg-00000000000000000\")\n .sshConfig(AwsClusterControlPlaneSshConfigArgs.builder()\n .ec2KeyPair(\"my--1p-dev-ssh\")\n .build())\n .tags(Map.of(\"owner\", \"my@service-account.com\"))\n .build())\n .fleet(AwsClusterFleetArgs.builder()\n .project(\"my-project-number\")\n .build())\n .location(\"us-west1\")\n .name(\"name\")\n .networking(AwsClusterNetworkingArgs.builder()\n .podAddressCidrBlocks(\"10.2.0.0/16\")\n .serviceAddressCidrBlocks(\"10.1.0.0/16\")\n .vpcId(\"vpc-00000000000000000\")\n .build())\n .annotations(Map.of(\"label-one\", \"value-one\"))\n .description(\"A sample aws cluster\")\n .project(\"my-project-name\")\n .build());\n\n var primaryAwsNodePool = new AwsNodePool(\"primaryAwsNodePool\", AwsNodePoolArgs.builder()\n .autoscaling(AwsNodePoolAutoscalingArgs.builder()\n .maxNodeCount(5)\n .minNodeCount(1)\n .build())\n .cluster(primary.name())\n .config(AwsNodePoolConfigArgs.builder()\n .configEncryption(AwsNodePoolConfigConfigEncryptionArgs.builder()\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .build())\n .iamInstanceProfile(\"my--1p-dev-nodepool\")\n .instanceType(\"t3.medium\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .rootVolume(AwsNodePoolConfigRootVolumeArgs.builder()\n .iops(3000)\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .sizeGib(10)\n .volumeType(\"gp3\")\n .build())\n .securityGroupIds(\"sg-00000000000000000\")\n .proxyConfig(AwsNodePoolConfigProxyConfigArgs.builder()\n .secretArn(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\")\n .secretVersion(\"12345678-ABCD-EFGH-IJKL-987654321098\")\n .build())\n .sshConfig(AwsNodePoolConfigSshConfigArgs.builder()\n .ec2KeyPair(\"my--1p-dev-ssh\")\n .build())\n .tags(Map.of(\"tag-one\", \"value-one\"))\n .taints(AwsNodePoolConfigTaintArgs.builder()\n .effect(\"prefer_no_schedule\")\n .key(\"taint-key\")\n .value(\"taint-value\")\n .build())\n .build())\n .location(\"us-west1\")\n .maxPodsConstraint(AwsNodePoolMaxPodsConstraintArgs.builder()\n .maxPodsPerNode(110)\n .build())\n .name(\"node-pool-name\")\n .subnetId(\"subnet-00000000000000000\")\n .version(versions.applyValue(getAwsVersionsResult -\u003e getAwsVersionsResult.validVersions()[0]))\n .annotations(Map.of(\"label-one\", \"value-one\"))\n .project(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:AwsCluster\n properties:\n authorization:\n adminUsers:\n - username: my@service-account.com\n awsRegion: my-aws-region\n controlPlane:\n awsServicesAuthentication:\n roleArn: arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\n roleSessionName: my--1p-dev-session\n configEncryption:\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n databaseEncryption:\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n iamInstanceProfile: my--1p-dev-controlplane\n subnetIds:\n - subnet-00000000000000000\n version: ${versions.validVersions[0]}\n instanceType: t3.medium\n mainVolume:\n iops: 3000\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n sizeGib: 10\n volumeType: GP3\n proxyConfig:\n secretArn: arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\n secretVersion: 12345678-ABCD-EFGH-IJKL-987654321098\n rootVolume:\n iops: 3000\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n sizeGib: 10\n volumeType: GP3\n securityGroupIds:\n - sg-00000000000000000\n sshConfig:\n ec2KeyPair: my--1p-dev-ssh\n tags:\n owner: my@service-account.com\n fleet:\n project: my-project-number\n location: us-west1\n name: name\n networking:\n podAddressCidrBlocks:\n - 10.2.0.0/16\n serviceAddressCidrBlocks:\n - 10.1.0.0/16\n vpcId: vpc-00000000000000000\n annotations:\n label-one: value-one\n description: A sample aws cluster\n project: my-project-name\n primaryAwsNodePool:\n type: gcp:container:AwsNodePool\n name: primary\n properties:\n autoscaling:\n maxNodeCount: 5\n minNodeCount: 1\n cluster: ${primary.name}\n config:\n configEncryption:\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n iamInstanceProfile: my--1p-dev-nodepool\n instanceType: t3.medium\n labels:\n label-one: value-one\n rootVolume:\n iops: 3000\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n sizeGib: 10\n volumeType: gp3\n securityGroupIds:\n - sg-00000000000000000\n proxyConfig:\n secretArn: arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\n secretVersion: 12345678-ABCD-EFGH-IJKL-987654321098\n sshConfig:\n ec2KeyPair: my--1p-dev-ssh\n tags:\n tag-one: value-one\n taints:\n - effect: prefer_no_schedule\n key: taint-key\n value: taint-value\n location: us-west1\n maxPodsConstraint:\n maxPodsPerNode: 110\n name: node-pool-name\n subnetId: subnet-00000000000000000\n version: ${versions.validVersions[0]}\n annotations:\n label-one: value-one\n project: my-project-name\nvariables:\n versions:\n fn::invoke:\n Function: gcp:container:getAwsVersions\n Arguments:\n project: my-project-name\n location: us-west1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Beta_basic_enum_aws_cluster\nA basic example of a containeraws node pool with lowercase enums (beta)\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst versions = gcp.container.getAwsVersions({\n project: \"my-project-name\",\n location: \"us-west1\",\n});\nconst primary = new gcp.container.AwsCluster(\"primary\", {\n authorization: {\n adminUsers: [{\n username: \"my@service-account.com\",\n }],\n },\n awsRegion: \"my-aws-region\",\n controlPlane: {\n awsServicesAuthentication: {\n roleArn: \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n roleSessionName: \"my--1p-dev-session\",\n },\n configEncryption: {\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n databaseEncryption: {\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n iamInstanceProfile: \"my--1p-dev-controlplane\",\n subnetIds: [\"subnet-00000000000000000\"],\n version: versions.then(versions =\u003e versions.validVersions?.[0]),\n instanceType: \"t3.medium\",\n mainVolume: {\n iops: 3000,\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n sizeGib: 10,\n volumeType: \"GP3\",\n },\n proxyConfig: {\n secretArn: \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n secretVersion: \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n rootVolume: {\n iops: 3000,\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n sizeGib: 10,\n volumeType: \"GP3\",\n },\n securityGroupIds: [\"sg-00000000000000000\"],\n sshConfig: {\n ec2KeyPair: \"my--1p-dev-ssh\",\n },\n tags: {\n owner: \"my@service-account.com\",\n },\n },\n fleet: {\n project: \"my-project-number\",\n },\n location: \"us-west1\",\n name: \"name\",\n networking: {\n podAddressCidrBlocks: [\"10.2.0.0/16\"],\n serviceAddressCidrBlocks: [\"10.1.0.0/16\"],\n vpcId: \"vpc-00000000000000000\",\n },\n annotations: {\n \"label-one\": \"value-one\",\n },\n description: \"A sample aws cluster\",\n project: \"my-project-name\",\n});\nconst primaryAwsNodePool = new gcp.container.AwsNodePool(\"primary\", {\n autoscaling: {\n maxNodeCount: 5,\n minNodeCount: 1,\n },\n cluster: primary.name,\n config: {\n configEncryption: {\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n iamInstanceProfile: \"my--1p-dev-nodepool\",\n instanceType: \"t3.medium\",\n labels: {\n \"label-one\": \"value-one\",\n },\n rootVolume: {\n iops: 3000,\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n sizeGib: 10,\n volumeType: \"gp3\",\n },\n securityGroupIds: [\"sg-00000000000000000\"],\n proxyConfig: {\n secretArn: \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n secretVersion: \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n sshConfig: {\n ec2KeyPair: \"my--1p-dev-ssh\",\n },\n tags: {\n \"tag-one\": \"value-one\",\n },\n taints: [{\n effect: \"prefer_no_schedule\",\n key: \"taint-key\",\n value: \"taint-value\",\n }],\n instancePlacement: {\n tenancy: \"dedicated\",\n },\n imageType: \"ubuntu\",\n },\n location: \"us-west1\",\n maxPodsConstraint: {\n maxPodsPerNode: 110,\n },\n name: \"node-pool-name\",\n subnetId: \"subnet-00000000000000000\",\n version: versions.then(versions =\u003e versions.validVersions?.[0]),\n annotations: {\n \"label-one\": \"value-one\",\n },\n project: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nversions = gcp.container.get_aws_versions(project=\"my-project-name\",\n location=\"us-west1\")\nprimary = gcp.container.AwsCluster(\"primary\",\n authorization={\n \"admin_users\": [{\n \"username\": \"my@service-account.com\",\n }],\n },\n aws_region=\"my-aws-region\",\n control_plane={\n \"aws_services_authentication\": {\n \"role_arn\": \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n \"role_session_name\": \"my--1p-dev-session\",\n },\n \"config_encryption\": {\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n \"database_encryption\": {\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n \"iam_instance_profile\": \"my--1p-dev-controlplane\",\n \"subnet_ids\": [\"subnet-00000000000000000\"],\n \"version\": versions.valid_versions[0],\n \"instance_type\": \"t3.medium\",\n \"main_volume\": {\n \"iops\": 3000,\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n \"size_gib\": 10,\n \"volume_type\": \"GP3\",\n },\n \"proxy_config\": {\n \"secret_arn\": \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n \"secret_version\": \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n \"root_volume\": {\n \"iops\": 3000,\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n \"size_gib\": 10,\n \"volume_type\": \"GP3\",\n },\n \"security_group_ids\": [\"sg-00000000000000000\"],\n \"ssh_config\": {\n \"ec2_key_pair\": \"my--1p-dev-ssh\",\n },\n \"tags\": {\n \"owner\": \"my@service-account.com\",\n },\n },\n fleet={\n \"project\": \"my-project-number\",\n },\n location=\"us-west1\",\n name=\"name\",\n networking={\n \"pod_address_cidr_blocks\": [\"10.2.0.0/16\"],\n \"service_address_cidr_blocks\": [\"10.1.0.0/16\"],\n \"vpc_id\": \"vpc-00000000000000000\",\n },\n annotations={\n \"label-one\": \"value-one\",\n },\n description=\"A sample aws cluster\",\n project=\"my-project-name\")\nprimary_aws_node_pool = gcp.container.AwsNodePool(\"primary\",\n autoscaling={\n \"max_node_count\": 5,\n \"min_node_count\": 1,\n },\n cluster=primary.name,\n config={\n \"config_encryption\": {\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n \"iam_instance_profile\": \"my--1p-dev-nodepool\",\n \"instance_type\": \"t3.medium\",\n \"labels\": {\n \"label-one\": \"value-one\",\n },\n \"root_volume\": {\n \"iops\": 3000,\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n \"size_gib\": 10,\n \"volume_type\": \"gp3\",\n },\n \"security_group_ids\": [\"sg-00000000000000000\"],\n \"proxy_config\": {\n \"secret_arn\": \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n \"secret_version\": \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n \"ssh_config\": {\n \"ec2_key_pair\": \"my--1p-dev-ssh\",\n },\n \"tags\": {\n \"tag-one\": \"value-one\",\n },\n \"taints\": [{\n \"effect\": \"prefer_no_schedule\",\n \"key\": \"taint-key\",\n \"value\": \"taint-value\",\n }],\n \"instance_placement\": {\n \"tenancy\": \"dedicated\",\n },\n \"image_type\": \"ubuntu\",\n },\n location=\"us-west1\",\n max_pods_constraint={\n \"max_pods_per_node\": 110,\n },\n name=\"node-pool-name\",\n subnet_id=\"subnet-00000000000000000\",\n version=versions.valid_versions[0],\n annotations={\n \"label-one\": \"value-one\",\n },\n project=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var versions = Gcp.Container.GetAwsVersions.Invoke(new()\n {\n Project = \"my-project-name\",\n Location = \"us-west1\",\n });\n\n var primary = new Gcp.Container.AwsCluster(\"primary\", new()\n {\n Authorization = new Gcp.Container.Inputs.AwsClusterAuthorizationArgs\n {\n AdminUsers = new[]\n {\n new Gcp.Container.Inputs.AwsClusterAuthorizationAdminUserArgs\n {\n Username = \"my@service-account.com\",\n },\n },\n },\n AwsRegion = \"my-aws-region\",\n ControlPlane = new Gcp.Container.Inputs.AwsClusterControlPlaneArgs\n {\n AwsServicesAuthentication = new Gcp.Container.Inputs.AwsClusterControlPlaneAwsServicesAuthenticationArgs\n {\n RoleArn = \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n RoleSessionName = \"my--1p-dev-session\",\n },\n ConfigEncryption = new Gcp.Container.Inputs.AwsClusterControlPlaneConfigEncryptionArgs\n {\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n DatabaseEncryption = new Gcp.Container.Inputs.AwsClusterControlPlaneDatabaseEncryptionArgs\n {\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n IamInstanceProfile = \"my--1p-dev-controlplane\",\n SubnetIds = new[]\n {\n \"subnet-00000000000000000\",\n },\n Version = versions.Apply(getAwsVersionsResult =\u003e getAwsVersionsResult.ValidVersions[0]),\n InstanceType = \"t3.medium\",\n MainVolume = new Gcp.Container.Inputs.AwsClusterControlPlaneMainVolumeArgs\n {\n Iops = 3000,\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n SizeGib = 10,\n VolumeType = \"GP3\",\n },\n ProxyConfig = new Gcp.Container.Inputs.AwsClusterControlPlaneProxyConfigArgs\n {\n SecretArn = \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n SecretVersion = \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n RootVolume = new Gcp.Container.Inputs.AwsClusterControlPlaneRootVolumeArgs\n {\n Iops = 3000,\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n SizeGib = 10,\n VolumeType = \"GP3\",\n },\n SecurityGroupIds = new[]\n {\n \"sg-00000000000000000\",\n },\n SshConfig = new Gcp.Container.Inputs.AwsClusterControlPlaneSshConfigArgs\n {\n Ec2KeyPair = \"my--1p-dev-ssh\",\n },\n Tags = \n {\n { \"owner\", \"my@service-account.com\" },\n },\n },\n Fleet = new Gcp.Container.Inputs.AwsClusterFleetArgs\n {\n Project = \"my-project-number\",\n },\n Location = \"us-west1\",\n Name = \"name\",\n Networking = new Gcp.Container.Inputs.AwsClusterNetworkingArgs\n {\n PodAddressCidrBlocks = new[]\n {\n \"10.2.0.0/16\",\n },\n ServiceAddressCidrBlocks = new[]\n {\n \"10.1.0.0/16\",\n },\n VpcId = \"vpc-00000000000000000\",\n },\n Annotations = \n {\n { \"label-one\", \"value-one\" },\n },\n Description = \"A sample aws cluster\",\n Project = \"my-project-name\",\n });\n\n var primaryAwsNodePool = new Gcp.Container.AwsNodePool(\"primary\", new()\n {\n Autoscaling = new Gcp.Container.Inputs.AwsNodePoolAutoscalingArgs\n {\n MaxNodeCount = 5,\n MinNodeCount = 1,\n },\n Cluster = primary.Name,\n Config = new Gcp.Container.Inputs.AwsNodePoolConfigArgs\n {\n ConfigEncryption = new Gcp.Container.Inputs.AwsNodePoolConfigConfigEncryptionArgs\n {\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n IamInstanceProfile = \"my--1p-dev-nodepool\",\n InstanceType = \"t3.medium\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n RootVolume = new Gcp.Container.Inputs.AwsNodePoolConfigRootVolumeArgs\n {\n Iops = 3000,\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n SizeGib = 10,\n VolumeType = \"gp3\",\n },\n SecurityGroupIds = new[]\n {\n \"sg-00000000000000000\",\n },\n ProxyConfig = new Gcp.Container.Inputs.AwsNodePoolConfigProxyConfigArgs\n {\n SecretArn = \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n SecretVersion = \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n SshConfig = new Gcp.Container.Inputs.AwsNodePoolConfigSshConfigArgs\n {\n Ec2KeyPair = \"my--1p-dev-ssh\",\n },\n Tags = \n {\n { \"tag-one\", \"value-one\" },\n },\n Taints = new[]\n {\n new Gcp.Container.Inputs.AwsNodePoolConfigTaintArgs\n {\n Effect = \"prefer_no_schedule\",\n Key = \"taint-key\",\n Value = \"taint-value\",\n },\n },\n InstancePlacement = new Gcp.Container.Inputs.AwsNodePoolConfigInstancePlacementArgs\n {\n Tenancy = \"dedicated\",\n },\n ImageType = \"ubuntu\",\n },\n Location = \"us-west1\",\n MaxPodsConstraint = new Gcp.Container.Inputs.AwsNodePoolMaxPodsConstraintArgs\n {\n MaxPodsPerNode = 110,\n },\n Name = \"node-pool-name\",\n SubnetId = \"subnet-00000000000000000\",\n Version = versions.Apply(getAwsVersionsResult =\u003e getAwsVersionsResult.ValidVersions[0]),\n Annotations = \n {\n { \"label-one\", \"value-one\" },\n },\n Project = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tversions, err := container.GetAwsVersions(ctx, \u0026container.GetAwsVersionsArgs{\n\t\t\tProject: pulumi.StringRef(\"my-project-name\"),\n\t\t\tLocation: pulumi.StringRef(\"us-west1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimary, err := container.NewAwsCluster(ctx, \"primary\", \u0026container.AwsClusterArgs{\n\t\t\tAuthorization: \u0026container.AwsClusterAuthorizationArgs{\n\t\t\t\tAdminUsers: container.AwsClusterAuthorizationAdminUserArray{\n\t\t\t\t\t\u0026container.AwsClusterAuthorizationAdminUserArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"my@service-account.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAwsRegion: pulumi.String(\"my-aws-region\"),\n\t\t\tControlPlane: \u0026container.AwsClusterControlPlaneArgs{\n\t\t\t\tAwsServicesAuthentication: \u0026container.AwsClusterControlPlaneAwsServicesAuthenticationArgs{\n\t\t\t\t\tRoleArn: pulumi.String(\"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\"),\n\t\t\t\t\tRoleSessionName: pulumi.String(\"my--1p-dev-session\"),\n\t\t\t\t},\n\t\t\t\tConfigEncryption: \u0026container.AwsClusterControlPlaneConfigEncryptionArgs{\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t},\n\t\t\t\tDatabaseEncryption: \u0026container.AwsClusterControlPlaneDatabaseEncryptionArgs{\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t},\n\t\t\t\tIamInstanceProfile: pulumi.String(\"my--1p-dev-controlplane\"),\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"subnet-00000000000000000\"),\n\t\t\t\t},\n\t\t\t\tVersion: pulumi.String(versions.ValidVersions[0]),\n\t\t\t\tInstanceType: pulumi.String(\"t3.medium\"),\n\t\t\t\tMainVolume: \u0026container.AwsClusterControlPlaneMainVolumeArgs{\n\t\t\t\t\tIops: pulumi.Int(3000),\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t\tSizeGib: pulumi.Int(10),\n\t\t\t\t\tVolumeType: pulumi.String(\"GP3\"),\n\t\t\t\t},\n\t\t\t\tProxyConfig: \u0026container.AwsClusterControlPlaneProxyConfigArgs{\n\t\t\t\t\tSecretArn: pulumi.String(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\"),\n\t\t\t\t\tSecretVersion: pulumi.String(\"12345678-ABCD-EFGH-IJKL-987654321098\"),\n\t\t\t\t},\n\t\t\t\tRootVolume: \u0026container.AwsClusterControlPlaneRootVolumeArgs{\n\t\t\t\t\tIops: pulumi.Int(3000),\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t\tSizeGib: pulumi.Int(10),\n\t\t\t\t\tVolumeType: pulumi.String(\"GP3\"),\n\t\t\t\t},\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"sg-00000000000000000\"),\n\t\t\t\t},\n\t\t\t\tSshConfig: \u0026container.AwsClusterControlPlaneSshConfigArgs{\n\t\t\t\t\tEc2KeyPair: pulumi.String(\"my--1p-dev-ssh\"),\n\t\t\t\t},\n\t\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\t\"owner\": pulumi.String(\"my@service-account.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tFleet: \u0026container.AwsClusterFleetArgs{\n\t\t\t\tProject: pulumi.String(\"my-project-number\"),\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tName: pulumi.String(\"name\"),\n\t\t\tNetworking: \u0026container.AwsClusterNetworkingArgs{\n\t\t\t\tPodAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.2.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tServiceAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.1.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tVpcId: pulumi.String(\"vpc-00000000000000000\"),\n\t\t\t},\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"A sample aws cluster\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = container.NewAwsNodePool(ctx, \"primary\", \u0026container.AwsNodePoolArgs{\n\t\t\tAutoscaling: \u0026container.AwsNodePoolAutoscalingArgs{\n\t\t\t\tMaxNodeCount: pulumi.Int(5),\n\t\t\t\tMinNodeCount: pulumi.Int(1),\n\t\t\t},\n\t\t\tCluster: primary.Name,\n\t\t\tConfig: \u0026container.AwsNodePoolConfigArgs{\n\t\t\t\tConfigEncryption: \u0026container.AwsNodePoolConfigConfigEncryptionArgs{\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t},\n\t\t\t\tIamInstanceProfile: pulumi.String(\"my--1p-dev-nodepool\"),\n\t\t\t\tInstanceType: pulumi.String(\"t3.medium\"),\n\t\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t\t},\n\t\t\t\tRootVolume: \u0026container.AwsNodePoolConfigRootVolumeArgs{\n\t\t\t\t\tIops: pulumi.Int(3000),\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t\tSizeGib: pulumi.Int(10),\n\t\t\t\t\tVolumeType: pulumi.String(\"gp3\"),\n\t\t\t\t},\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"sg-00000000000000000\"),\n\t\t\t\t},\n\t\t\t\tProxyConfig: \u0026container.AwsNodePoolConfigProxyConfigArgs{\n\t\t\t\t\tSecretArn: pulumi.String(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\"),\n\t\t\t\t\tSecretVersion: pulumi.String(\"12345678-ABCD-EFGH-IJKL-987654321098\"),\n\t\t\t\t},\n\t\t\t\tSshConfig: \u0026container.AwsNodePoolConfigSshConfigArgs{\n\t\t\t\t\tEc2KeyPair: pulumi.String(\"my--1p-dev-ssh\"),\n\t\t\t\t},\n\t\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\t\"tag-one\": pulumi.String(\"value-one\"),\n\t\t\t\t},\n\t\t\t\tTaints: container.AwsNodePoolConfigTaintArray{\n\t\t\t\t\t\u0026container.AwsNodePoolConfigTaintArgs{\n\t\t\t\t\t\tEffect: pulumi.String(\"prefer_no_schedule\"),\n\t\t\t\t\t\tKey: pulumi.String(\"taint-key\"),\n\t\t\t\t\t\tValue: pulumi.String(\"taint-value\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tInstancePlacement: \u0026container.AwsNodePoolConfigInstancePlacementArgs{\n\t\t\t\t\tTenancy: pulumi.String(\"dedicated\"),\n\t\t\t\t},\n\t\t\t\tImageType: pulumi.String(\"ubuntu\"),\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tMaxPodsConstraint: \u0026container.AwsNodePoolMaxPodsConstraintArgs{\n\t\t\t\tMaxPodsPerNode: pulumi.Int(110),\n\t\t\t},\n\t\t\tName: pulumi.String(\"node-pool-name\"),\n\t\t\tSubnetId: pulumi.String(\"subnet-00000000000000000\"),\n\t\t\tVersion: pulumi.String(versions.ValidVersions[0]),\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetAwsVersionsArgs;\nimport com.pulumi.gcp.container.AwsCluster;\nimport com.pulumi.gcp.container.AwsClusterArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterAuthorizationArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneAwsServicesAuthenticationArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneConfigEncryptionArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneDatabaseEncryptionArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneMainVolumeArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneProxyConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneRootVolumeArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneSshConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterFleetArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterNetworkingArgs;\nimport com.pulumi.gcp.container.AwsNodePool;\nimport com.pulumi.gcp.container.AwsNodePoolArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolAutoscalingArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolConfigConfigEncryptionArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolConfigRootVolumeArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolConfigProxyConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolConfigSshConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolConfigInstancePlacementArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolMaxPodsConstraintArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var versions = ContainerFunctions.getAwsVersions(GetAwsVersionsArgs.builder()\n .project(\"my-project-name\")\n .location(\"us-west1\")\n .build());\n\n var primary = new AwsCluster(\"primary\", AwsClusterArgs.builder()\n .authorization(AwsClusterAuthorizationArgs.builder()\n .adminUsers(AwsClusterAuthorizationAdminUserArgs.builder()\n .username(\"my@service-account.com\")\n .build())\n .build())\n .awsRegion(\"my-aws-region\")\n .controlPlane(AwsClusterControlPlaneArgs.builder()\n .awsServicesAuthentication(AwsClusterControlPlaneAwsServicesAuthenticationArgs.builder()\n .roleArn(\"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\")\n .roleSessionName(\"my--1p-dev-session\")\n .build())\n .configEncryption(AwsClusterControlPlaneConfigEncryptionArgs.builder()\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .build())\n .databaseEncryption(AwsClusterControlPlaneDatabaseEncryptionArgs.builder()\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .build())\n .iamInstanceProfile(\"my--1p-dev-controlplane\")\n .subnetIds(\"subnet-00000000000000000\")\n .version(versions.applyValue(getAwsVersionsResult -\u003e getAwsVersionsResult.validVersions()[0]))\n .instanceType(\"t3.medium\")\n .mainVolume(AwsClusterControlPlaneMainVolumeArgs.builder()\n .iops(3000)\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .sizeGib(10)\n .volumeType(\"GP3\")\n .build())\n .proxyConfig(AwsClusterControlPlaneProxyConfigArgs.builder()\n .secretArn(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\")\n .secretVersion(\"12345678-ABCD-EFGH-IJKL-987654321098\")\n .build())\n .rootVolume(AwsClusterControlPlaneRootVolumeArgs.builder()\n .iops(3000)\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .sizeGib(10)\n .volumeType(\"GP3\")\n .build())\n .securityGroupIds(\"sg-00000000000000000\")\n .sshConfig(AwsClusterControlPlaneSshConfigArgs.builder()\n .ec2KeyPair(\"my--1p-dev-ssh\")\n .build())\n .tags(Map.of(\"owner\", \"my@service-account.com\"))\n .build())\n .fleet(AwsClusterFleetArgs.builder()\n .project(\"my-project-number\")\n .build())\n .location(\"us-west1\")\n .name(\"name\")\n .networking(AwsClusterNetworkingArgs.builder()\n .podAddressCidrBlocks(\"10.2.0.0/16\")\n .serviceAddressCidrBlocks(\"10.1.0.0/16\")\n .vpcId(\"vpc-00000000000000000\")\n .build())\n .annotations(Map.of(\"label-one\", \"value-one\"))\n .description(\"A sample aws cluster\")\n .project(\"my-project-name\")\n .build());\n\n var primaryAwsNodePool = new AwsNodePool(\"primaryAwsNodePool\", AwsNodePoolArgs.builder()\n .autoscaling(AwsNodePoolAutoscalingArgs.builder()\n .maxNodeCount(5)\n .minNodeCount(1)\n .build())\n .cluster(primary.name())\n .config(AwsNodePoolConfigArgs.builder()\n .configEncryption(AwsNodePoolConfigConfigEncryptionArgs.builder()\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .build())\n .iamInstanceProfile(\"my--1p-dev-nodepool\")\n .instanceType(\"t3.medium\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .rootVolume(AwsNodePoolConfigRootVolumeArgs.builder()\n .iops(3000)\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .sizeGib(10)\n .volumeType(\"gp3\")\n .build())\n .securityGroupIds(\"sg-00000000000000000\")\n .proxyConfig(AwsNodePoolConfigProxyConfigArgs.builder()\n .secretArn(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\")\n .secretVersion(\"12345678-ABCD-EFGH-IJKL-987654321098\")\n .build())\n .sshConfig(AwsNodePoolConfigSshConfigArgs.builder()\n .ec2KeyPair(\"my--1p-dev-ssh\")\n .build())\n .tags(Map.of(\"tag-one\", \"value-one\"))\n .taints(AwsNodePoolConfigTaintArgs.builder()\n .effect(\"prefer_no_schedule\")\n .key(\"taint-key\")\n .value(\"taint-value\")\n .build())\n .instancePlacement(AwsNodePoolConfigInstancePlacementArgs.builder()\n .tenancy(\"dedicated\")\n .build())\n .imageType(\"ubuntu\")\n .build())\n .location(\"us-west1\")\n .maxPodsConstraint(AwsNodePoolMaxPodsConstraintArgs.builder()\n .maxPodsPerNode(110)\n .build())\n .name(\"node-pool-name\")\n .subnetId(\"subnet-00000000000000000\")\n .version(versions.applyValue(getAwsVersionsResult -\u003e getAwsVersionsResult.validVersions()[0]))\n .annotations(Map.of(\"label-one\", \"value-one\"))\n .project(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:AwsCluster\n properties:\n authorization:\n adminUsers:\n - username: my@service-account.com\n awsRegion: my-aws-region\n controlPlane:\n awsServicesAuthentication:\n roleArn: arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\n roleSessionName: my--1p-dev-session\n configEncryption:\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n databaseEncryption:\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n iamInstanceProfile: my--1p-dev-controlplane\n subnetIds:\n - subnet-00000000000000000\n version: ${versions.validVersions[0]}\n instanceType: t3.medium\n mainVolume:\n iops: 3000\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n sizeGib: 10\n volumeType: GP3\n proxyConfig:\n secretArn: arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\n secretVersion: 12345678-ABCD-EFGH-IJKL-987654321098\n rootVolume:\n iops: 3000\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n sizeGib: 10\n volumeType: GP3\n securityGroupIds:\n - sg-00000000000000000\n sshConfig:\n ec2KeyPair: my--1p-dev-ssh\n tags:\n owner: my@service-account.com\n fleet:\n project: my-project-number\n location: us-west1\n name: name\n networking:\n podAddressCidrBlocks:\n - 10.2.0.0/16\n serviceAddressCidrBlocks:\n - 10.1.0.0/16\n vpcId: vpc-00000000000000000\n annotations:\n label-one: value-one\n description: A sample aws cluster\n project: my-project-name\n primaryAwsNodePool:\n type: gcp:container:AwsNodePool\n name: primary\n properties:\n autoscaling:\n maxNodeCount: 5\n minNodeCount: 1\n cluster: ${primary.name}\n config:\n configEncryption:\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n iamInstanceProfile: my--1p-dev-nodepool\n instanceType: t3.medium\n labels:\n label-one: value-one\n rootVolume:\n iops: 3000\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n sizeGib: 10\n volumeType: gp3\n securityGroupIds:\n - sg-00000000000000000\n proxyConfig:\n secretArn: arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\n secretVersion: 12345678-ABCD-EFGH-IJKL-987654321098\n sshConfig:\n ec2KeyPair: my--1p-dev-ssh\n tags:\n tag-one: value-one\n taints:\n - effect: prefer_no_schedule\n key: taint-key\n value: taint-value\n instancePlacement:\n tenancy: dedicated\n imageType: ubuntu\n location: us-west1\n maxPodsConstraint:\n maxPodsPerNode: 110\n name: node-pool-name\n subnetId: subnet-00000000000000000\n version: ${versions.validVersions[0]}\n annotations:\n label-one: value-one\n project: my-project-name\nvariables:\n versions:\n fn::invoke:\n Function: gcp:container:getAwsVersions\n Arguments:\n project: my-project-name\n location: us-west1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nNodePool can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/awsClusters/{{cluster}}/awsNodePools/{{name}}`\n\n* `{{project}}/{{location}}/{{cluster}}/{{name}}`\n\n* `{{location}}/{{cluster}}/{{name}}`\n\nWhen using the `pulumi import` command, NodePool can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:container/awsNodePool:AwsNodePool default projects/{{project}}/locations/{{location}}/awsClusters/{{cluster}}/awsNodePools/{{name}}\n```\n\n```sh\n$ pulumi import gcp:container/awsNodePool:AwsNodePool default {{project}}/{{location}}/{{cluster}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:container/awsNodePool:AwsNodePool default {{location}}/{{cluster}}/{{name}}\n```\n\n", + "description": "An Anthos node pool running on AWS.\n\nFor more information, see:\n* [Multicloud overview](https://cloud.google.com/kubernetes-engine/multi-cloud/docs)\n## Example Usage\n\n### Basic_aws_cluster\nA basic example of a containeraws node pool\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst versions = gcp.container.getAwsVersions({\n project: \"my-project-name\",\n location: \"us-west1\",\n});\nconst primary = new gcp.container.AwsCluster(\"primary\", {\n authorization: {\n adminUsers: [{\n username: \"my@service-account.com\",\n }],\n },\n awsRegion: \"my-aws-region\",\n controlPlane: {\n awsServicesAuthentication: {\n roleArn: \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n roleSessionName: \"my--1p-dev-session\",\n },\n configEncryption: {\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n databaseEncryption: {\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n iamInstanceProfile: \"my--1p-dev-controlplane\",\n subnetIds: [\"subnet-00000000000000000\"],\n version: versions.then(versions =\u003e versions.validVersions?.[0]),\n instanceType: \"t3.medium\",\n mainVolume: {\n iops: 3000,\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n sizeGib: 10,\n volumeType: \"GP3\",\n },\n proxyConfig: {\n secretArn: \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n secretVersion: \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n rootVolume: {\n iops: 3000,\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n sizeGib: 10,\n volumeType: \"GP3\",\n },\n securityGroupIds: [\"sg-00000000000000000\"],\n sshConfig: {\n ec2KeyPair: \"my--1p-dev-ssh\",\n },\n tags: {\n owner: \"my@service-account.com\",\n },\n },\n fleet: {\n project: \"my-project-number\",\n },\n location: \"us-west1\",\n name: \"name\",\n networking: {\n podAddressCidrBlocks: [\"10.2.0.0/16\"],\n serviceAddressCidrBlocks: [\"10.1.0.0/16\"],\n vpcId: \"vpc-00000000000000000\",\n },\n annotations: {\n \"label-one\": \"value-one\",\n },\n description: \"A sample aws cluster\",\n project: \"my-project-name\",\n});\nconst primaryAwsNodePool = new gcp.container.AwsNodePool(\"primary\", {\n autoscaling: {\n maxNodeCount: 5,\n minNodeCount: 1,\n },\n cluster: primary.name,\n config: {\n configEncryption: {\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n iamInstanceProfile: \"my--1p-dev-nodepool\",\n instanceType: \"t3.medium\",\n labels: {\n \"label-one\": \"value-one\",\n },\n rootVolume: {\n iops: 3000,\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n sizeGib: 10,\n volumeType: \"GP3\",\n },\n securityGroupIds: [\"sg-00000000000000000\"],\n proxyConfig: {\n secretArn: \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n secretVersion: \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n sshConfig: {\n ec2KeyPair: \"my--1p-dev-ssh\",\n },\n tags: {\n \"tag-one\": \"value-one\",\n },\n taints: [{\n effect: \"PREFER_NO_SCHEDULE\",\n key: \"taint-key\",\n value: \"taint-value\",\n }],\n },\n location: \"us-west1\",\n maxPodsConstraint: {\n maxPodsPerNode: 110,\n },\n name: \"node-pool-name\",\n subnetId: \"subnet-00000000000000000\",\n version: versions.then(versions =\u003e versions.validVersions?.[0]),\n annotations: {\n \"label-one\": \"value-one\",\n },\n management: {\n autoRepair: true,\n },\n kubeletConfig: {\n cpuManagerPolicy: \"none\",\n cpuCfsQuota: true,\n cpuCfsQuotaPeriod: \"100ms\",\n podPidsLimit: 1024,\n },\n project: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nversions = gcp.container.get_aws_versions(project=\"my-project-name\",\n location=\"us-west1\")\nprimary = gcp.container.AwsCluster(\"primary\",\n authorization={\n \"admin_users\": [{\n \"username\": \"my@service-account.com\",\n }],\n },\n aws_region=\"my-aws-region\",\n control_plane={\n \"aws_services_authentication\": {\n \"role_arn\": \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n \"role_session_name\": \"my--1p-dev-session\",\n },\n \"config_encryption\": {\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n \"database_encryption\": {\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n \"iam_instance_profile\": \"my--1p-dev-controlplane\",\n \"subnet_ids\": [\"subnet-00000000000000000\"],\n \"version\": versions.valid_versions[0],\n \"instance_type\": \"t3.medium\",\n \"main_volume\": {\n \"iops\": 3000,\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n \"size_gib\": 10,\n \"volume_type\": \"GP3\",\n },\n \"proxy_config\": {\n \"secret_arn\": \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n \"secret_version\": \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n \"root_volume\": {\n \"iops\": 3000,\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n \"size_gib\": 10,\n \"volume_type\": \"GP3\",\n },\n \"security_group_ids\": [\"sg-00000000000000000\"],\n \"ssh_config\": {\n \"ec2_key_pair\": \"my--1p-dev-ssh\",\n },\n \"tags\": {\n \"owner\": \"my@service-account.com\",\n },\n },\n fleet={\n \"project\": \"my-project-number\",\n },\n location=\"us-west1\",\n name=\"name\",\n networking={\n \"pod_address_cidr_blocks\": [\"10.2.0.0/16\"],\n \"service_address_cidr_blocks\": [\"10.1.0.0/16\"],\n \"vpc_id\": \"vpc-00000000000000000\",\n },\n annotations={\n \"label-one\": \"value-one\",\n },\n description=\"A sample aws cluster\",\n project=\"my-project-name\")\nprimary_aws_node_pool = gcp.container.AwsNodePool(\"primary\",\n autoscaling={\n \"max_node_count\": 5,\n \"min_node_count\": 1,\n },\n cluster=primary.name,\n config={\n \"config_encryption\": {\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n \"iam_instance_profile\": \"my--1p-dev-nodepool\",\n \"instance_type\": \"t3.medium\",\n \"labels\": {\n \"label-one\": \"value-one\",\n },\n \"root_volume\": {\n \"iops\": 3000,\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n \"size_gib\": 10,\n \"volume_type\": \"GP3\",\n },\n \"security_group_ids\": [\"sg-00000000000000000\"],\n \"proxy_config\": {\n \"secret_arn\": \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n \"secret_version\": \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n \"ssh_config\": {\n \"ec2_key_pair\": \"my--1p-dev-ssh\",\n },\n \"tags\": {\n \"tag-one\": \"value-one\",\n },\n \"taints\": [{\n \"effect\": \"PREFER_NO_SCHEDULE\",\n \"key\": \"taint-key\",\n \"value\": \"taint-value\",\n }],\n },\n location=\"us-west1\",\n max_pods_constraint={\n \"max_pods_per_node\": 110,\n },\n name=\"node-pool-name\",\n subnet_id=\"subnet-00000000000000000\",\n version=versions.valid_versions[0],\n annotations={\n \"label-one\": \"value-one\",\n },\n management={\n \"auto_repair\": True,\n },\n kubelet_config={\n \"cpu_manager_policy\": \"none\",\n \"cpu_cfs_quota\": True,\n \"cpu_cfs_quota_period\": \"100ms\",\n \"pod_pids_limit\": 1024,\n },\n project=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var versions = Gcp.Container.GetAwsVersions.Invoke(new()\n {\n Project = \"my-project-name\",\n Location = \"us-west1\",\n });\n\n var primary = new Gcp.Container.AwsCluster(\"primary\", new()\n {\n Authorization = new Gcp.Container.Inputs.AwsClusterAuthorizationArgs\n {\n AdminUsers = new[]\n {\n new Gcp.Container.Inputs.AwsClusterAuthorizationAdminUserArgs\n {\n Username = \"my@service-account.com\",\n },\n },\n },\n AwsRegion = \"my-aws-region\",\n ControlPlane = new Gcp.Container.Inputs.AwsClusterControlPlaneArgs\n {\n AwsServicesAuthentication = new Gcp.Container.Inputs.AwsClusterControlPlaneAwsServicesAuthenticationArgs\n {\n RoleArn = \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n RoleSessionName = \"my--1p-dev-session\",\n },\n ConfigEncryption = new Gcp.Container.Inputs.AwsClusterControlPlaneConfigEncryptionArgs\n {\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n DatabaseEncryption = new Gcp.Container.Inputs.AwsClusterControlPlaneDatabaseEncryptionArgs\n {\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n IamInstanceProfile = \"my--1p-dev-controlplane\",\n SubnetIds = new[]\n {\n \"subnet-00000000000000000\",\n },\n Version = versions.Apply(getAwsVersionsResult =\u003e getAwsVersionsResult.ValidVersions[0]),\n InstanceType = \"t3.medium\",\n MainVolume = new Gcp.Container.Inputs.AwsClusterControlPlaneMainVolumeArgs\n {\n Iops = 3000,\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n SizeGib = 10,\n VolumeType = \"GP3\",\n },\n ProxyConfig = new Gcp.Container.Inputs.AwsClusterControlPlaneProxyConfigArgs\n {\n SecretArn = \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n SecretVersion = \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n RootVolume = new Gcp.Container.Inputs.AwsClusterControlPlaneRootVolumeArgs\n {\n Iops = 3000,\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n SizeGib = 10,\n VolumeType = \"GP3\",\n },\n SecurityGroupIds = new[]\n {\n \"sg-00000000000000000\",\n },\n SshConfig = new Gcp.Container.Inputs.AwsClusterControlPlaneSshConfigArgs\n {\n Ec2KeyPair = \"my--1p-dev-ssh\",\n },\n Tags = \n {\n { \"owner\", \"my@service-account.com\" },\n },\n },\n Fleet = new Gcp.Container.Inputs.AwsClusterFleetArgs\n {\n Project = \"my-project-number\",\n },\n Location = \"us-west1\",\n Name = \"name\",\n Networking = new Gcp.Container.Inputs.AwsClusterNetworkingArgs\n {\n PodAddressCidrBlocks = new[]\n {\n \"10.2.0.0/16\",\n },\n ServiceAddressCidrBlocks = new[]\n {\n \"10.1.0.0/16\",\n },\n VpcId = \"vpc-00000000000000000\",\n },\n Annotations = \n {\n { \"label-one\", \"value-one\" },\n },\n Description = \"A sample aws cluster\",\n Project = \"my-project-name\",\n });\n\n var primaryAwsNodePool = new Gcp.Container.AwsNodePool(\"primary\", new()\n {\n Autoscaling = new Gcp.Container.Inputs.AwsNodePoolAutoscalingArgs\n {\n MaxNodeCount = 5,\n MinNodeCount = 1,\n },\n Cluster = primary.Name,\n Config = new Gcp.Container.Inputs.AwsNodePoolConfigArgs\n {\n ConfigEncryption = new Gcp.Container.Inputs.AwsNodePoolConfigConfigEncryptionArgs\n {\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n IamInstanceProfile = \"my--1p-dev-nodepool\",\n InstanceType = \"t3.medium\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n RootVolume = new Gcp.Container.Inputs.AwsNodePoolConfigRootVolumeArgs\n {\n Iops = 3000,\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n SizeGib = 10,\n VolumeType = \"GP3\",\n },\n SecurityGroupIds = new[]\n {\n \"sg-00000000000000000\",\n },\n ProxyConfig = new Gcp.Container.Inputs.AwsNodePoolConfigProxyConfigArgs\n {\n SecretArn = \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n SecretVersion = \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n SshConfig = new Gcp.Container.Inputs.AwsNodePoolConfigSshConfigArgs\n {\n Ec2KeyPair = \"my--1p-dev-ssh\",\n },\n Tags = \n {\n { \"tag-one\", \"value-one\" },\n },\n Taints = new[]\n {\n new Gcp.Container.Inputs.AwsNodePoolConfigTaintArgs\n {\n Effect = \"PREFER_NO_SCHEDULE\",\n Key = \"taint-key\",\n Value = \"taint-value\",\n },\n },\n },\n Location = \"us-west1\",\n MaxPodsConstraint = new Gcp.Container.Inputs.AwsNodePoolMaxPodsConstraintArgs\n {\n MaxPodsPerNode = 110,\n },\n Name = \"node-pool-name\",\n SubnetId = \"subnet-00000000000000000\",\n Version = versions.Apply(getAwsVersionsResult =\u003e getAwsVersionsResult.ValidVersions[0]),\n Annotations = \n {\n { \"label-one\", \"value-one\" },\n },\n Management = new Gcp.Container.Inputs.AwsNodePoolManagementArgs\n {\n AutoRepair = true,\n },\n KubeletConfig = new Gcp.Container.Inputs.AwsNodePoolKubeletConfigArgs\n {\n CpuManagerPolicy = \"none\",\n CpuCfsQuota = true,\n CpuCfsQuotaPeriod = \"100ms\",\n PodPidsLimit = 1024,\n },\n Project = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tversions, err := container.GetAwsVersions(ctx, \u0026container.GetAwsVersionsArgs{\n\t\t\tProject: pulumi.StringRef(\"my-project-name\"),\n\t\t\tLocation: pulumi.StringRef(\"us-west1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimary, err := container.NewAwsCluster(ctx, \"primary\", \u0026container.AwsClusterArgs{\n\t\t\tAuthorization: \u0026container.AwsClusterAuthorizationArgs{\n\t\t\t\tAdminUsers: container.AwsClusterAuthorizationAdminUserArray{\n\t\t\t\t\t\u0026container.AwsClusterAuthorizationAdminUserArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"my@service-account.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAwsRegion: pulumi.String(\"my-aws-region\"),\n\t\t\tControlPlane: \u0026container.AwsClusterControlPlaneArgs{\n\t\t\t\tAwsServicesAuthentication: \u0026container.AwsClusterControlPlaneAwsServicesAuthenticationArgs{\n\t\t\t\t\tRoleArn: pulumi.String(\"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\"),\n\t\t\t\t\tRoleSessionName: pulumi.String(\"my--1p-dev-session\"),\n\t\t\t\t},\n\t\t\t\tConfigEncryption: \u0026container.AwsClusterControlPlaneConfigEncryptionArgs{\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t},\n\t\t\t\tDatabaseEncryption: \u0026container.AwsClusterControlPlaneDatabaseEncryptionArgs{\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t},\n\t\t\t\tIamInstanceProfile: pulumi.String(\"my--1p-dev-controlplane\"),\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"subnet-00000000000000000\"),\n\t\t\t\t},\n\t\t\t\tVersion: pulumi.String(versions.ValidVersions[0]),\n\t\t\t\tInstanceType: pulumi.String(\"t3.medium\"),\n\t\t\t\tMainVolume: \u0026container.AwsClusterControlPlaneMainVolumeArgs{\n\t\t\t\t\tIops: pulumi.Int(3000),\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t\tSizeGib: pulumi.Int(10),\n\t\t\t\t\tVolumeType: pulumi.String(\"GP3\"),\n\t\t\t\t},\n\t\t\t\tProxyConfig: \u0026container.AwsClusterControlPlaneProxyConfigArgs{\n\t\t\t\t\tSecretArn: pulumi.String(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\"),\n\t\t\t\t\tSecretVersion: pulumi.String(\"12345678-ABCD-EFGH-IJKL-987654321098\"),\n\t\t\t\t},\n\t\t\t\tRootVolume: \u0026container.AwsClusterControlPlaneRootVolumeArgs{\n\t\t\t\t\tIops: pulumi.Int(3000),\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t\tSizeGib: pulumi.Int(10),\n\t\t\t\t\tVolumeType: pulumi.String(\"GP3\"),\n\t\t\t\t},\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"sg-00000000000000000\"),\n\t\t\t\t},\n\t\t\t\tSshConfig: \u0026container.AwsClusterControlPlaneSshConfigArgs{\n\t\t\t\t\tEc2KeyPair: pulumi.String(\"my--1p-dev-ssh\"),\n\t\t\t\t},\n\t\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\t\"owner\": pulumi.String(\"my@service-account.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tFleet: \u0026container.AwsClusterFleetArgs{\n\t\t\t\tProject: pulumi.String(\"my-project-number\"),\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tName: pulumi.String(\"name\"),\n\t\t\tNetworking: \u0026container.AwsClusterNetworkingArgs{\n\t\t\t\tPodAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.2.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tServiceAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.1.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tVpcId: pulumi.String(\"vpc-00000000000000000\"),\n\t\t\t},\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"A sample aws cluster\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = container.NewAwsNodePool(ctx, \"primary\", \u0026container.AwsNodePoolArgs{\n\t\t\tAutoscaling: \u0026container.AwsNodePoolAutoscalingArgs{\n\t\t\t\tMaxNodeCount: pulumi.Int(5),\n\t\t\t\tMinNodeCount: pulumi.Int(1),\n\t\t\t},\n\t\t\tCluster: primary.Name,\n\t\t\tConfig: \u0026container.AwsNodePoolConfigArgs{\n\t\t\t\tConfigEncryption: \u0026container.AwsNodePoolConfigConfigEncryptionArgs{\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t},\n\t\t\t\tIamInstanceProfile: pulumi.String(\"my--1p-dev-nodepool\"),\n\t\t\t\tInstanceType: pulumi.String(\"t3.medium\"),\n\t\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t\t},\n\t\t\t\tRootVolume: \u0026container.AwsNodePoolConfigRootVolumeArgs{\n\t\t\t\t\tIops: pulumi.Int(3000),\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t\tSizeGib: pulumi.Int(10),\n\t\t\t\t\tVolumeType: pulumi.String(\"GP3\"),\n\t\t\t\t},\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"sg-00000000000000000\"),\n\t\t\t\t},\n\t\t\t\tProxyConfig: \u0026container.AwsNodePoolConfigProxyConfigArgs{\n\t\t\t\t\tSecretArn: pulumi.String(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\"),\n\t\t\t\t\tSecretVersion: pulumi.String(\"12345678-ABCD-EFGH-IJKL-987654321098\"),\n\t\t\t\t},\n\t\t\t\tSshConfig: \u0026container.AwsNodePoolConfigSshConfigArgs{\n\t\t\t\t\tEc2KeyPair: pulumi.String(\"my--1p-dev-ssh\"),\n\t\t\t\t},\n\t\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\t\"tag-one\": pulumi.String(\"value-one\"),\n\t\t\t\t},\n\t\t\t\tTaints: container.AwsNodePoolConfigTaintArray{\n\t\t\t\t\t\u0026container.AwsNodePoolConfigTaintArgs{\n\t\t\t\t\t\tEffect: pulumi.String(\"PREFER_NO_SCHEDULE\"),\n\t\t\t\t\t\tKey: pulumi.String(\"taint-key\"),\n\t\t\t\t\t\tValue: pulumi.String(\"taint-value\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tMaxPodsConstraint: \u0026container.AwsNodePoolMaxPodsConstraintArgs{\n\t\t\t\tMaxPodsPerNode: pulumi.Int(110),\n\t\t\t},\n\t\t\tName: pulumi.String(\"node-pool-name\"),\n\t\t\tSubnetId: pulumi.String(\"subnet-00000000000000000\"),\n\t\t\tVersion: pulumi.String(versions.ValidVersions[0]),\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tManagement: \u0026container.AwsNodePoolManagementArgs{\n\t\t\t\tAutoRepair: pulumi.Bool(true),\n\t\t\t},\n\t\t\tKubeletConfig: \u0026container.AwsNodePoolKubeletConfigArgs{\n\t\t\t\tCpuManagerPolicy: pulumi.String(\"none\"),\n\t\t\t\tCpuCfsQuota: pulumi.Bool(true),\n\t\t\t\tCpuCfsQuotaPeriod: pulumi.String(\"100ms\"),\n\t\t\t\tPodPidsLimit: pulumi.Int(1024),\n\t\t\t},\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetAwsVersionsArgs;\nimport com.pulumi.gcp.container.AwsCluster;\nimport com.pulumi.gcp.container.AwsClusterArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterAuthorizationArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneAwsServicesAuthenticationArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneConfigEncryptionArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneDatabaseEncryptionArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneMainVolumeArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneProxyConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneRootVolumeArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneSshConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterFleetArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterNetworkingArgs;\nimport com.pulumi.gcp.container.AwsNodePool;\nimport com.pulumi.gcp.container.AwsNodePoolArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolAutoscalingArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolConfigConfigEncryptionArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolConfigRootVolumeArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolConfigProxyConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolConfigSshConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolMaxPodsConstraintArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolManagementArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolKubeletConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var versions = ContainerFunctions.getAwsVersions(GetAwsVersionsArgs.builder()\n .project(\"my-project-name\")\n .location(\"us-west1\")\n .build());\n\n var primary = new AwsCluster(\"primary\", AwsClusterArgs.builder()\n .authorization(AwsClusterAuthorizationArgs.builder()\n .adminUsers(AwsClusterAuthorizationAdminUserArgs.builder()\n .username(\"my@service-account.com\")\n .build())\n .build())\n .awsRegion(\"my-aws-region\")\n .controlPlane(AwsClusterControlPlaneArgs.builder()\n .awsServicesAuthentication(AwsClusterControlPlaneAwsServicesAuthenticationArgs.builder()\n .roleArn(\"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\")\n .roleSessionName(\"my--1p-dev-session\")\n .build())\n .configEncryption(AwsClusterControlPlaneConfigEncryptionArgs.builder()\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .build())\n .databaseEncryption(AwsClusterControlPlaneDatabaseEncryptionArgs.builder()\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .build())\n .iamInstanceProfile(\"my--1p-dev-controlplane\")\n .subnetIds(\"subnet-00000000000000000\")\n .version(versions.applyValue(getAwsVersionsResult -\u003e getAwsVersionsResult.validVersions()[0]))\n .instanceType(\"t3.medium\")\n .mainVolume(AwsClusterControlPlaneMainVolumeArgs.builder()\n .iops(3000)\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .sizeGib(10)\n .volumeType(\"GP3\")\n .build())\n .proxyConfig(AwsClusterControlPlaneProxyConfigArgs.builder()\n .secretArn(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\")\n .secretVersion(\"12345678-ABCD-EFGH-IJKL-987654321098\")\n .build())\n .rootVolume(AwsClusterControlPlaneRootVolumeArgs.builder()\n .iops(3000)\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .sizeGib(10)\n .volumeType(\"GP3\")\n .build())\n .securityGroupIds(\"sg-00000000000000000\")\n .sshConfig(AwsClusterControlPlaneSshConfigArgs.builder()\n .ec2KeyPair(\"my--1p-dev-ssh\")\n .build())\n .tags(Map.of(\"owner\", \"my@service-account.com\"))\n .build())\n .fleet(AwsClusterFleetArgs.builder()\n .project(\"my-project-number\")\n .build())\n .location(\"us-west1\")\n .name(\"name\")\n .networking(AwsClusterNetworkingArgs.builder()\n .podAddressCidrBlocks(\"10.2.0.0/16\")\n .serviceAddressCidrBlocks(\"10.1.0.0/16\")\n .vpcId(\"vpc-00000000000000000\")\n .build())\n .annotations(Map.of(\"label-one\", \"value-one\"))\n .description(\"A sample aws cluster\")\n .project(\"my-project-name\")\n .build());\n\n var primaryAwsNodePool = new AwsNodePool(\"primaryAwsNodePool\", AwsNodePoolArgs.builder()\n .autoscaling(AwsNodePoolAutoscalingArgs.builder()\n .maxNodeCount(5)\n .minNodeCount(1)\n .build())\n .cluster(primary.name())\n .config(AwsNodePoolConfigArgs.builder()\n .configEncryption(AwsNodePoolConfigConfigEncryptionArgs.builder()\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .build())\n .iamInstanceProfile(\"my--1p-dev-nodepool\")\n .instanceType(\"t3.medium\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .rootVolume(AwsNodePoolConfigRootVolumeArgs.builder()\n .iops(3000)\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .sizeGib(10)\n .volumeType(\"GP3\")\n .build())\n .securityGroupIds(\"sg-00000000000000000\")\n .proxyConfig(AwsNodePoolConfigProxyConfigArgs.builder()\n .secretArn(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\")\n .secretVersion(\"12345678-ABCD-EFGH-IJKL-987654321098\")\n .build())\n .sshConfig(AwsNodePoolConfigSshConfigArgs.builder()\n .ec2KeyPair(\"my--1p-dev-ssh\")\n .build())\n .tags(Map.of(\"tag-one\", \"value-one\"))\n .taints(AwsNodePoolConfigTaintArgs.builder()\n .effect(\"PREFER_NO_SCHEDULE\")\n .key(\"taint-key\")\n .value(\"taint-value\")\n .build())\n .build())\n .location(\"us-west1\")\n .maxPodsConstraint(AwsNodePoolMaxPodsConstraintArgs.builder()\n .maxPodsPerNode(110)\n .build())\n .name(\"node-pool-name\")\n .subnetId(\"subnet-00000000000000000\")\n .version(versions.applyValue(getAwsVersionsResult -\u003e getAwsVersionsResult.validVersions()[0]))\n .annotations(Map.of(\"label-one\", \"value-one\"))\n .management(AwsNodePoolManagementArgs.builder()\n .autoRepair(true)\n .build())\n .kubeletConfig(AwsNodePoolKubeletConfigArgs.builder()\n .cpuManagerPolicy(\"none\")\n .cpuCfsQuota(true)\n .cpuCfsQuotaPeriod(\"100ms\")\n .podPidsLimit(1024)\n .build())\n .project(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:AwsCluster\n properties:\n authorization:\n adminUsers:\n - username: my@service-account.com\n awsRegion: my-aws-region\n controlPlane:\n awsServicesAuthentication:\n roleArn: arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\n roleSessionName: my--1p-dev-session\n configEncryption:\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n databaseEncryption:\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n iamInstanceProfile: my--1p-dev-controlplane\n subnetIds:\n - subnet-00000000000000000\n version: ${versions.validVersions[0]}\n instanceType: t3.medium\n mainVolume:\n iops: 3000\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n sizeGib: 10\n volumeType: GP3\n proxyConfig:\n secretArn: arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\n secretVersion: 12345678-ABCD-EFGH-IJKL-987654321098\n rootVolume:\n iops: 3000\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n sizeGib: 10\n volumeType: GP3\n securityGroupIds:\n - sg-00000000000000000\n sshConfig:\n ec2KeyPair: my--1p-dev-ssh\n tags:\n owner: my@service-account.com\n fleet:\n project: my-project-number\n location: us-west1\n name: name\n networking:\n podAddressCidrBlocks:\n - 10.2.0.0/16\n serviceAddressCidrBlocks:\n - 10.1.0.0/16\n vpcId: vpc-00000000000000000\n annotations:\n label-one: value-one\n description: A sample aws cluster\n project: my-project-name\n primaryAwsNodePool:\n type: gcp:container:AwsNodePool\n name: primary\n properties:\n autoscaling:\n maxNodeCount: 5\n minNodeCount: 1\n cluster: ${primary.name}\n config:\n configEncryption:\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n iamInstanceProfile: my--1p-dev-nodepool\n instanceType: t3.medium\n labels:\n label-one: value-one\n rootVolume:\n iops: 3000\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n sizeGib: 10\n volumeType: GP3\n securityGroupIds:\n - sg-00000000000000000\n proxyConfig:\n secretArn: arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\n secretVersion: 12345678-ABCD-EFGH-IJKL-987654321098\n sshConfig:\n ec2KeyPair: my--1p-dev-ssh\n tags:\n tag-one: value-one\n taints:\n - effect: PREFER_NO_SCHEDULE\n key: taint-key\n value: taint-value\n location: us-west1\n maxPodsConstraint:\n maxPodsPerNode: 110\n name: node-pool-name\n subnetId: subnet-00000000000000000\n version: ${versions.validVersions[0]}\n annotations:\n label-one: value-one\n management:\n autoRepair: true\n kubeletConfig:\n cpuManagerPolicy: none\n cpuCfsQuota: true\n cpuCfsQuotaPeriod: 100ms\n podPidsLimit: 1024\n project: my-project-name\nvariables:\n versions:\n fn::invoke:\n function: gcp:container:getAwsVersions\n arguments:\n project: my-project-name\n location: us-west1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Basic_enum_aws_cluster\nA basic example of a containeraws node pool with lowercase enums\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst versions = gcp.container.getAwsVersions({\n project: \"my-project-name\",\n location: \"us-west1\",\n});\nconst primary = new gcp.container.AwsCluster(\"primary\", {\n authorization: {\n adminUsers: [{\n username: \"my@service-account.com\",\n }],\n },\n awsRegion: \"my-aws-region\",\n controlPlane: {\n awsServicesAuthentication: {\n roleArn: \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n roleSessionName: \"my--1p-dev-session\",\n },\n configEncryption: {\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n databaseEncryption: {\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n iamInstanceProfile: \"my--1p-dev-controlplane\",\n subnetIds: [\"subnet-00000000000000000\"],\n version: versions.then(versions =\u003e versions.validVersions?.[0]),\n instanceType: \"t3.medium\",\n mainVolume: {\n iops: 3000,\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n sizeGib: 10,\n volumeType: \"GP3\",\n },\n proxyConfig: {\n secretArn: \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n secretVersion: \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n rootVolume: {\n iops: 3000,\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n sizeGib: 10,\n volumeType: \"GP3\",\n },\n securityGroupIds: [\"sg-00000000000000000\"],\n sshConfig: {\n ec2KeyPair: \"my--1p-dev-ssh\",\n },\n tags: {\n owner: \"my@service-account.com\",\n },\n },\n fleet: {\n project: \"my-project-number\",\n },\n location: \"us-west1\",\n name: \"name\",\n networking: {\n podAddressCidrBlocks: [\"10.2.0.0/16\"],\n serviceAddressCidrBlocks: [\"10.1.0.0/16\"],\n vpcId: \"vpc-00000000000000000\",\n },\n annotations: {\n \"label-one\": \"value-one\",\n },\n description: \"A sample aws cluster\",\n project: \"my-project-name\",\n});\nconst primaryAwsNodePool = new gcp.container.AwsNodePool(\"primary\", {\n autoscaling: {\n maxNodeCount: 5,\n minNodeCount: 1,\n },\n cluster: primary.name,\n config: {\n configEncryption: {\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n iamInstanceProfile: \"my--1p-dev-nodepool\",\n instanceType: \"t3.medium\",\n labels: {\n \"label-one\": \"value-one\",\n },\n rootVolume: {\n iops: 3000,\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n sizeGib: 10,\n volumeType: \"gp3\",\n },\n securityGroupIds: [\"sg-00000000000000000\"],\n proxyConfig: {\n secretArn: \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n secretVersion: \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n sshConfig: {\n ec2KeyPair: \"my--1p-dev-ssh\",\n },\n tags: {\n \"tag-one\": \"value-one\",\n },\n taints: [{\n effect: \"prefer_no_schedule\",\n key: \"taint-key\",\n value: \"taint-value\",\n }],\n },\n location: \"us-west1\",\n maxPodsConstraint: {\n maxPodsPerNode: 110,\n },\n name: \"node-pool-name\",\n subnetId: \"subnet-00000000000000000\",\n version: versions.then(versions =\u003e versions.validVersions?.[0]),\n annotations: {\n \"label-one\": \"value-one\",\n },\n project: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nversions = gcp.container.get_aws_versions(project=\"my-project-name\",\n location=\"us-west1\")\nprimary = gcp.container.AwsCluster(\"primary\",\n authorization={\n \"admin_users\": [{\n \"username\": \"my@service-account.com\",\n }],\n },\n aws_region=\"my-aws-region\",\n control_plane={\n \"aws_services_authentication\": {\n \"role_arn\": \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n \"role_session_name\": \"my--1p-dev-session\",\n },\n \"config_encryption\": {\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n \"database_encryption\": {\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n \"iam_instance_profile\": \"my--1p-dev-controlplane\",\n \"subnet_ids\": [\"subnet-00000000000000000\"],\n \"version\": versions.valid_versions[0],\n \"instance_type\": \"t3.medium\",\n \"main_volume\": {\n \"iops\": 3000,\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n \"size_gib\": 10,\n \"volume_type\": \"GP3\",\n },\n \"proxy_config\": {\n \"secret_arn\": \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n \"secret_version\": \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n \"root_volume\": {\n \"iops\": 3000,\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n \"size_gib\": 10,\n \"volume_type\": \"GP3\",\n },\n \"security_group_ids\": [\"sg-00000000000000000\"],\n \"ssh_config\": {\n \"ec2_key_pair\": \"my--1p-dev-ssh\",\n },\n \"tags\": {\n \"owner\": \"my@service-account.com\",\n },\n },\n fleet={\n \"project\": \"my-project-number\",\n },\n location=\"us-west1\",\n name=\"name\",\n networking={\n \"pod_address_cidr_blocks\": [\"10.2.0.0/16\"],\n \"service_address_cidr_blocks\": [\"10.1.0.0/16\"],\n \"vpc_id\": \"vpc-00000000000000000\",\n },\n annotations={\n \"label-one\": \"value-one\",\n },\n description=\"A sample aws cluster\",\n project=\"my-project-name\")\nprimary_aws_node_pool = gcp.container.AwsNodePool(\"primary\",\n autoscaling={\n \"max_node_count\": 5,\n \"min_node_count\": 1,\n },\n cluster=primary.name,\n config={\n \"config_encryption\": {\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n \"iam_instance_profile\": \"my--1p-dev-nodepool\",\n \"instance_type\": \"t3.medium\",\n \"labels\": {\n \"label-one\": \"value-one\",\n },\n \"root_volume\": {\n \"iops\": 3000,\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n \"size_gib\": 10,\n \"volume_type\": \"gp3\",\n },\n \"security_group_ids\": [\"sg-00000000000000000\"],\n \"proxy_config\": {\n \"secret_arn\": \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n \"secret_version\": \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n \"ssh_config\": {\n \"ec2_key_pair\": \"my--1p-dev-ssh\",\n },\n \"tags\": {\n \"tag-one\": \"value-one\",\n },\n \"taints\": [{\n \"effect\": \"prefer_no_schedule\",\n \"key\": \"taint-key\",\n \"value\": \"taint-value\",\n }],\n },\n location=\"us-west1\",\n max_pods_constraint={\n \"max_pods_per_node\": 110,\n },\n name=\"node-pool-name\",\n subnet_id=\"subnet-00000000000000000\",\n version=versions.valid_versions[0],\n annotations={\n \"label-one\": \"value-one\",\n },\n project=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var versions = Gcp.Container.GetAwsVersions.Invoke(new()\n {\n Project = \"my-project-name\",\n Location = \"us-west1\",\n });\n\n var primary = new Gcp.Container.AwsCluster(\"primary\", new()\n {\n Authorization = new Gcp.Container.Inputs.AwsClusterAuthorizationArgs\n {\n AdminUsers = new[]\n {\n new Gcp.Container.Inputs.AwsClusterAuthorizationAdminUserArgs\n {\n Username = \"my@service-account.com\",\n },\n },\n },\n AwsRegion = \"my-aws-region\",\n ControlPlane = new Gcp.Container.Inputs.AwsClusterControlPlaneArgs\n {\n AwsServicesAuthentication = new Gcp.Container.Inputs.AwsClusterControlPlaneAwsServicesAuthenticationArgs\n {\n RoleArn = \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n RoleSessionName = \"my--1p-dev-session\",\n },\n ConfigEncryption = new Gcp.Container.Inputs.AwsClusterControlPlaneConfigEncryptionArgs\n {\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n DatabaseEncryption = new Gcp.Container.Inputs.AwsClusterControlPlaneDatabaseEncryptionArgs\n {\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n IamInstanceProfile = \"my--1p-dev-controlplane\",\n SubnetIds = new[]\n {\n \"subnet-00000000000000000\",\n },\n Version = versions.Apply(getAwsVersionsResult =\u003e getAwsVersionsResult.ValidVersions[0]),\n InstanceType = \"t3.medium\",\n MainVolume = new Gcp.Container.Inputs.AwsClusterControlPlaneMainVolumeArgs\n {\n Iops = 3000,\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n SizeGib = 10,\n VolumeType = \"GP3\",\n },\n ProxyConfig = new Gcp.Container.Inputs.AwsClusterControlPlaneProxyConfigArgs\n {\n SecretArn = \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n SecretVersion = \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n RootVolume = new Gcp.Container.Inputs.AwsClusterControlPlaneRootVolumeArgs\n {\n Iops = 3000,\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n SizeGib = 10,\n VolumeType = \"GP3\",\n },\n SecurityGroupIds = new[]\n {\n \"sg-00000000000000000\",\n },\n SshConfig = new Gcp.Container.Inputs.AwsClusterControlPlaneSshConfigArgs\n {\n Ec2KeyPair = \"my--1p-dev-ssh\",\n },\n Tags = \n {\n { \"owner\", \"my@service-account.com\" },\n },\n },\n Fleet = new Gcp.Container.Inputs.AwsClusterFleetArgs\n {\n Project = \"my-project-number\",\n },\n Location = \"us-west1\",\n Name = \"name\",\n Networking = new Gcp.Container.Inputs.AwsClusterNetworkingArgs\n {\n PodAddressCidrBlocks = new[]\n {\n \"10.2.0.0/16\",\n },\n ServiceAddressCidrBlocks = new[]\n {\n \"10.1.0.0/16\",\n },\n VpcId = \"vpc-00000000000000000\",\n },\n Annotations = \n {\n { \"label-one\", \"value-one\" },\n },\n Description = \"A sample aws cluster\",\n Project = \"my-project-name\",\n });\n\n var primaryAwsNodePool = new Gcp.Container.AwsNodePool(\"primary\", new()\n {\n Autoscaling = new Gcp.Container.Inputs.AwsNodePoolAutoscalingArgs\n {\n MaxNodeCount = 5,\n MinNodeCount = 1,\n },\n Cluster = primary.Name,\n Config = new Gcp.Container.Inputs.AwsNodePoolConfigArgs\n {\n ConfigEncryption = new Gcp.Container.Inputs.AwsNodePoolConfigConfigEncryptionArgs\n {\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n IamInstanceProfile = \"my--1p-dev-nodepool\",\n InstanceType = \"t3.medium\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n RootVolume = new Gcp.Container.Inputs.AwsNodePoolConfigRootVolumeArgs\n {\n Iops = 3000,\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n SizeGib = 10,\n VolumeType = \"gp3\",\n },\n SecurityGroupIds = new[]\n {\n \"sg-00000000000000000\",\n },\n ProxyConfig = new Gcp.Container.Inputs.AwsNodePoolConfigProxyConfigArgs\n {\n SecretArn = \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n SecretVersion = \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n SshConfig = new Gcp.Container.Inputs.AwsNodePoolConfigSshConfigArgs\n {\n Ec2KeyPair = \"my--1p-dev-ssh\",\n },\n Tags = \n {\n { \"tag-one\", \"value-one\" },\n },\n Taints = new[]\n {\n new Gcp.Container.Inputs.AwsNodePoolConfigTaintArgs\n {\n Effect = \"prefer_no_schedule\",\n Key = \"taint-key\",\n Value = \"taint-value\",\n },\n },\n },\n Location = \"us-west1\",\n MaxPodsConstraint = new Gcp.Container.Inputs.AwsNodePoolMaxPodsConstraintArgs\n {\n MaxPodsPerNode = 110,\n },\n Name = \"node-pool-name\",\n SubnetId = \"subnet-00000000000000000\",\n Version = versions.Apply(getAwsVersionsResult =\u003e getAwsVersionsResult.ValidVersions[0]),\n Annotations = \n {\n { \"label-one\", \"value-one\" },\n },\n Project = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tversions, err := container.GetAwsVersions(ctx, \u0026container.GetAwsVersionsArgs{\n\t\t\tProject: pulumi.StringRef(\"my-project-name\"),\n\t\t\tLocation: pulumi.StringRef(\"us-west1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimary, err := container.NewAwsCluster(ctx, \"primary\", \u0026container.AwsClusterArgs{\n\t\t\tAuthorization: \u0026container.AwsClusterAuthorizationArgs{\n\t\t\t\tAdminUsers: container.AwsClusterAuthorizationAdminUserArray{\n\t\t\t\t\t\u0026container.AwsClusterAuthorizationAdminUserArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"my@service-account.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAwsRegion: pulumi.String(\"my-aws-region\"),\n\t\t\tControlPlane: \u0026container.AwsClusterControlPlaneArgs{\n\t\t\t\tAwsServicesAuthentication: \u0026container.AwsClusterControlPlaneAwsServicesAuthenticationArgs{\n\t\t\t\t\tRoleArn: pulumi.String(\"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\"),\n\t\t\t\t\tRoleSessionName: pulumi.String(\"my--1p-dev-session\"),\n\t\t\t\t},\n\t\t\t\tConfigEncryption: \u0026container.AwsClusterControlPlaneConfigEncryptionArgs{\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t},\n\t\t\t\tDatabaseEncryption: \u0026container.AwsClusterControlPlaneDatabaseEncryptionArgs{\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t},\n\t\t\t\tIamInstanceProfile: pulumi.String(\"my--1p-dev-controlplane\"),\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"subnet-00000000000000000\"),\n\t\t\t\t},\n\t\t\t\tVersion: pulumi.String(versions.ValidVersions[0]),\n\t\t\t\tInstanceType: pulumi.String(\"t3.medium\"),\n\t\t\t\tMainVolume: \u0026container.AwsClusterControlPlaneMainVolumeArgs{\n\t\t\t\t\tIops: pulumi.Int(3000),\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t\tSizeGib: pulumi.Int(10),\n\t\t\t\t\tVolumeType: pulumi.String(\"GP3\"),\n\t\t\t\t},\n\t\t\t\tProxyConfig: \u0026container.AwsClusterControlPlaneProxyConfigArgs{\n\t\t\t\t\tSecretArn: pulumi.String(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\"),\n\t\t\t\t\tSecretVersion: pulumi.String(\"12345678-ABCD-EFGH-IJKL-987654321098\"),\n\t\t\t\t},\n\t\t\t\tRootVolume: \u0026container.AwsClusterControlPlaneRootVolumeArgs{\n\t\t\t\t\tIops: pulumi.Int(3000),\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t\tSizeGib: pulumi.Int(10),\n\t\t\t\t\tVolumeType: pulumi.String(\"GP3\"),\n\t\t\t\t},\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"sg-00000000000000000\"),\n\t\t\t\t},\n\t\t\t\tSshConfig: \u0026container.AwsClusterControlPlaneSshConfigArgs{\n\t\t\t\t\tEc2KeyPair: pulumi.String(\"my--1p-dev-ssh\"),\n\t\t\t\t},\n\t\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\t\"owner\": pulumi.String(\"my@service-account.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tFleet: \u0026container.AwsClusterFleetArgs{\n\t\t\t\tProject: pulumi.String(\"my-project-number\"),\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tName: pulumi.String(\"name\"),\n\t\t\tNetworking: \u0026container.AwsClusterNetworkingArgs{\n\t\t\t\tPodAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.2.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tServiceAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.1.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tVpcId: pulumi.String(\"vpc-00000000000000000\"),\n\t\t\t},\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"A sample aws cluster\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = container.NewAwsNodePool(ctx, \"primary\", \u0026container.AwsNodePoolArgs{\n\t\t\tAutoscaling: \u0026container.AwsNodePoolAutoscalingArgs{\n\t\t\t\tMaxNodeCount: pulumi.Int(5),\n\t\t\t\tMinNodeCount: pulumi.Int(1),\n\t\t\t},\n\t\t\tCluster: primary.Name,\n\t\t\tConfig: \u0026container.AwsNodePoolConfigArgs{\n\t\t\t\tConfigEncryption: \u0026container.AwsNodePoolConfigConfigEncryptionArgs{\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t},\n\t\t\t\tIamInstanceProfile: pulumi.String(\"my--1p-dev-nodepool\"),\n\t\t\t\tInstanceType: pulumi.String(\"t3.medium\"),\n\t\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t\t},\n\t\t\t\tRootVolume: \u0026container.AwsNodePoolConfigRootVolumeArgs{\n\t\t\t\t\tIops: pulumi.Int(3000),\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t\tSizeGib: pulumi.Int(10),\n\t\t\t\t\tVolumeType: pulumi.String(\"gp3\"),\n\t\t\t\t},\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"sg-00000000000000000\"),\n\t\t\t\t},\n\t\t\t\tProxyConfig: \u0026container.AwsNodePoolConfigProxyConfigArgs{\n\t\t\t\t\tSecretArn: pulumi.String(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\"),\n\t\t\t\t\tSecretVersion: pulumi.String(\"12345678-ABCD-EFGH-IJKL-987654321098\"),\n\t\t\t\t},\n\t\t\t\tSshConfig: \u0026container.AwsNodePoolConfigSshConfigArgs{\n\t\t\t\t\tEc2KeyPair: pulumi.String(\"my--1p-dev-ssh\"),\n\t\t\t\t},\n\t\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\t\"tag-one\": pulumi.String(\"value-one\"),\n\t\t\t\t},\n\t\t\t\tTaints: container.AwsNodePoolConfigTaintArray{\n\t\t\t\t\t\u0026container.AwsNodePoolConfigTaintArgs{\n\t\t\t\t\t\tEffect: pulumi.String(\"prefer_no_schedule\"),\n\t\t\t\t\t\tKey: pulumi.String(\"taint-key\"),\n\t\t\t\t\t\tValue: pulumi.String(\"taint-value\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tMaxPodsConstraint: \u0026container.AwsNodePoolMaxPodsConstraintArgs{\n\t\t\t\tMaxPodsPerNode: pulumi.Int(110),\n\t\t\t},\n\t\t\tName: pulumi.String(\"node-pool-name\"),\n\t\t\tSubnetId: pulumi.String(\"subnet-00000000000000000\"),\n\t\t\tVersion: pulumi.String(versions.ValidVersions[0]),\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetAwsVersionsArgs;\nimport com.pulumi.gcp.container.AwsCluster;\nimport com.pulumi.gcp.container.AwsClusterArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterAuthorizationArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneAwsServicesAuthenticationArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneConfigEncryptionArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneDatabaseEncryptionArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneMainVolumeArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneProxyConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneRootVolumeArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneSshConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterFleetArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterNetworkingArgs;\nimport com.pulumi.gcp.container.AwsNodePool;\nimport com.pulumi.gcp.container.AwsNodePoolArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolAutoscalingArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolConfigConfigEncryptionArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolConfigRootVolumeArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolConfigProxyConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolConfigSshConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolMaxPodsConstraintArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var versions = ContainerFunctions.getAwsVersions(GetAwsVersionsArgs.builder()\n .project(\"my-project-name\")\n .location(\"us-west1\")\n .build());\n\n var primary = new AwsCluster(\"primary\", AwsClusterArgs.builder()\n .authorization(AwsClusterAuthorizationArgs.builder()\n .adminUsers(AwsClusterAuthorizationAdminUserArgs.builder()\n .username(\"my@service-account.com\")\n .build())\n .build())\n .awsRegion(\"my-aws-region\")\n .controlPlane(AwsClusterControlPlaneArgs.builder()\n .awsServicesAuthentication(AwsClusterControlPlaneAwsServicesAuthenticationArgs.builder()\n .roleArn(\"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\")\n .roleSessionName(\"my--1p-dev-session\")\n .build())\n .configEncryption(AwsClusterControlPlaneConfigEncryptionArgs.builder()\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .build())\n .databaseEncryption(AwsClusterControlPlaneDatabaseEncryptionArgs.builder()\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .build())\n .iamInstanceProfile(\"my--1p-dev-controlplane\")\n .subnetIds(\"subnet-00000000000000000\")\n .version(versions.applyValue(getAwsVersionsResult -\u003e getAwsVersionsResult.validVersions()[0]))\n .instanceType(\"t3.medium\")\n .mainVolume(AwsClusterControlPlaneMainVolumeArgs.builder()\n .iops(3000)\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .sizeGib(10)\n .volumeType(\"GP3\")\n .build())\n .proxyConfig(AwsClusterControlPlaneProxyConfigArgs.builder()\n .secretArn(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\")\n .secretVersion(\"12345678-ABCD-EFGH-IJKL-987654321098\")\n .build())\n .rootVolume(AwsClusterControlPlaneRootVolumeArgs.builder()\n .iops(3000)\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .sizeGib(10)\n .volumeType(\"GP3\")\n .build())\n .securityGroupIds(\"sg-00000000000000000\")\n .sshConfig(AwsClusterControlPlaneSshConfigArgs.builder()\n .ec2KeyPair(\"my--1p-dev-ssh\")\n .build())\n .tags(Map.of(\"owner\", \"my@service-account.com\"))\n .build())\n .fleet(AwsClusterFleetArgs.builder()\n .project(\"my-project-number\")\n .build())\n .location(\"us-west1\")\n .name(\"name\")\n .networking(AwsClusterNetworkingArgs.builder()\n .podAddressCidrBlocks(\"10.2.0.0/16\")\n .serviceAddressCidrBlocks(\"10.1.0.0/16\")\n .vpcId(\"vpc-00000000000000000\")\n .build())\n .annotations(Map.of(\"label-one\", \"value-one\"))\n .description(\"A sample aws cluster\")\n .project(\"my-project-name\")\n .build());\n\n var primaryAwsNodePool = new AwsNodePool(\"primaryAwsNodePool\", AwsNodePoolArgs.builder()\n .autoscaling(AwsNodePoolAutoscalingArgs.builder()\n .maxNodeCount(5)\n .minNodeCount(1)\n .build())\n .cluster(primary.name())\n .config(AwsNodePoolConfigArgs.builder()\n .configEncryption(AwsNodePoolConfigConfigEncryptionArgs.builder()\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .build())\n .iamInstanceProfile(\"my--1p-dev-nodepool\")\n .instanceType(\"t3.medium\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .rootVolume(AwsNodePoolConfigRootVolumeArgs.builder()\n .iops(3000)\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .sizeGib(10)\n .volumeType(\"gp3\")\n .build())\n .securityGroupIds(\"sg-00000000000000000\")\n .proxyConfig(AwsNodePoolConfigProxyConfigArgs.builder()\n .secretArn(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\")\n .secretVersion(\"12345678-ABCD-EFGH-IJKL-987654321098\")\n .build())\n .sshConfig(AwsNodePoolConfigSshConfigArgs.builder()\n .ec2KeyPair(\"my--1p-dev-ssh\")\n .build())\n .tags(Map.of(\"tag-one\", \"value-one\"))\n .taints(AwsNodePoolConfigTaintArgs.builder()\n .effect(\"prefer_no_schedule\")\n .key(\"taint-key\")\n .value(\"taint-value\")\n .build())\n .build())\n .location(\"us-west1\")\n .maxPodsConstraint(AwsNodePoolMaxPodsConstraintArgs.builder()\n .maxPodsPerNode(110)\n .build())\n .name(\"node-pool-name\")\n .subnetId(\"subnet-00000000000000000\")\n .version(versions.applyValue(getAwsVersionsResult -\u003e getAwsVersionsResult.validVersions()[0]))\n .annotations(Map.of(\"label-one\", \"value-one\"))\n .project(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:AwsCluster\n properties:\n authorization:\n adminUsers:\n - username: my@service-account.com\n awsRegion: my-aws-region\n controlPlane:\n awsServicesAuthentication:\n roleArn: arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\n roleSessionName: my--1p-dev-session\n configEncryption:\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n databaseEncryption:\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n iamInstanceProfile: my--1p-dev-controlplane\n subnetIds:\n - subnet-00000000000000000\n version: ${versions.validVersions[0]}\n instanceType: t3.medium\n mainVolume:\n iops: 3000\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n sizeGib: 10\n volumeType: GP3\n proxyConfig:\n secretArn: arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\n secretVersion: 12345678-ABCD-EFGH-IJKL-987654321098\n rootVolume:\n iops: 3000\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n sizeGib: 10\n volumeType: GP3\n securityGroupIds:\n - sg-00000000000000000\n sshConfig:\n ec2KeyPair: my--1p-dev-ssh\n tags:\n owner: my@service-account.com\n fleet:\n project: my-project-number\n location: us-west1\n name: name\n networking:\n podAddressCidrBlocks:\n - 10.2.0.0/16\n serviceAddressCidrBlocks:\n - 10.1.0.0/16\n vpcId: vpc-00000000000000000\n annotations:\n label-one: value-one\n description: A sample aws cluster\n project: my-project-name\n primaryAwsNodePool:\n type: gcp:container:AwsNodePool\n name: primary\n properties:\n autoscaling:\n maxNodeCount: 5\n minNodeCount: 1\n cluster: ${primary.name}\n config:\n configEncryption:\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n iamInstanceProfile: my--1p-dev-nodepool\n instanceType: t3.medium\n labels:\n label-one: value-one\n rootVolume:\n iops: 3000\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n sizeGib: 10\n volumeType: gp3\n securityGroupIds:\n - sg-00000000000000000\n proxyConfig:\n secretArn: arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\n secretVersion: 12345678-ABCD-EFGH-IJKL-987654321098\n sshConfig:\n ec2KeyPair: my--1p-dev-ssh\n tags:\n tag-one: value-one\n taints:\n - effect: prefer_no_schedule\n key: taint-key\n value: taint-value\n location: us-west1\n maxPodsConstraint:\n maxPodsPerNode: 110\n name: node-pool-name\n subnetId: subnet-00000000000000000\n version: ${versions.validVersions[0]}\n annotations:\n label-one: value-one\n project: my-project-name\nvariables:\n versions:\n fn::invoke:\n function: gcp:container:getAwsVersions\n arguments:\n project: my-project-name\n location: us-west1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Beta_basic_enum_aws_cluster\nA basic example of a containeraws node pool with lowercase enums (beta)\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst versions = gcp.container.getAwsVersions({\n project: \"my-project-name\",\n location: \"us-west1\",\n});\nconst primary = new gcp.container.AwsCluster(\"primary\", {\n authorization: {\n adminUsers: [{\n username: \"my@service-account.com\",\n }],\n },\n awsRegion: \"my-aws-region\",\n controlPlane: {\n awsServicesAuthentication: {\n roleArn: \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n roleSessionName: \"my--1p-dev-session\",\n },\n configEncryption: {\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n databaseEncryption: {\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n iamInstanceProfile: \"my--1p-dev-controlplane\",\n subnetIds: [\"subnet-00000000000000000\"],\n version: versions.then(versions =\u003e versions.validVersions?.[0]),\n instanceType: \"t3.medium\",\n mainVolume: {\n iops: 3000,\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n sizeGib: 10,\n volumeType: \"GP3\",\n },\n proxyConfig: {\n secretArn: \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n secretVersion: \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n rootVolume: {\n iops: 3000,\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n sizeGib: 10,\n volumeType: \"GP3\",\n },\n securityGroupIds: [\"sg-00000000000000000\"],\n sshConfig: {\n ec2KeyPair: \"my--1p-dev-ssh\",\n },\n tags: {\n owner: \"my@service-account.com\",\n },\n },\n fleet: {\n project: \"my-project-number\",\n },\n location: \"us-west1\",\n name: \"name\",\n networking: {\n podAddressCidrBlocks: [\"10.2.0.0/16\"],\n serviceAddressCidrBlocks: [\"10.1.0.0/16\"],\n vpcId: \"vpc-00000000000000000\",\n },\n annotations: {\n \"label-one\": \"value-one\",\n },\n description: \"A sample aws cluster\",\n project: \"my-project-name\",\n});\nconst primaryAwsNodePool = new gcp.container.AwsNodePool(\"primary\", {\n autoscaling: {\n maxNodeCount: 5,\n minNodeCount: 1,\n },\n cluster: primary.name,\n config: {\n configEncryption: {\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n iamInstanceProfile: \"my--1p-dev-nodepool\",\n instanceType: \"t3.medium\",\n labels: {\n \"label-one\": \"value-one\",\n },\n rootVolume: {\n iops: 3000,\n kmsKeyArn: \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n sizeGib: 10,\n volumeType: \"gp3\",\n },\n securityGroupIds: [\"sg-00000000000000000\"],\n proxyConfig: {\n secretArn: \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n secretVersion: \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n sshConfig: {\n ec2KeyPair: \"my--1p-dev-ssh\",\n },\n tags: {\n \"tag-one\": \"value-one\",\n },\n taints: [{\n effect: \"prefer_no_schedule\",\n key: \"taint-key\",\n value: \"taint-value\",\n }],\n instancePlacement: {\n tenancy: \"dedicated\",\n },\n imageType: \"ubuntu\",\n },\n location: \"us-west1\",\n maxPodsConstraint: {\n maxPodsPerNode: 110,\n },\n name: \"node-pool-name\",\n subnetId: \"subnet-00000000000000000\",\n version: versions.then(versions =\u003e versions.validVersions?.[0]),\n annotations: {\n \"label-one\": \"value-one\",\n },\n project: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nversions = gcp.container.get_aws_versions(project=\"my-project-name\",\n location=\"us-west1\")\nprimary = gcp.container.AwsCluster(\"primary\",\n authorization={\n \"admin_users\": [{\n \"username\": \"my@service-account.com\",\n }],\n },\n aws_region=\"my-aws-region\",\n control_plane={\n \"aws_services_authentication\": {\n \"role_arn\": \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n \"role_session_name\": \"my--1p-dev-session\",\n },\n \"config_encryption\": {\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n \"database_encryption\": {\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n \"iam_instance_profile\": \"my--1p-dev-controlplane\",\n \"subnet_ids\": [\"subnet-00000000000000000\"],\n \"version\": versions.valid_versions[0],\n \"instance_type\": \"t3.medium\",\n \"main_volume\": {\n \"iops\": 3000,\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n \"size_gib\": 10,\n \"volume_type\": \"GP3\",\n },\n \"proxy_config\": {\n \"secret_arn\": \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n \"secret_version\": \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n \"root_volume\": {\n \"iops\": 3000,\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n \"size_gib\": 10,\n \"volume_type\": \"GP3\",\n },\n \"security_group_ids\": [\"sg-00000000000000000\"],\n \"ssh_config\": {\n \"ec2_key_pair\": \"my--1p-dev-ssh\",\n },\n \"tags\": {\n \"owner\": \"my@service-account.com\",\n },\n },\n fleet={\n \"project\": \"my-project-number\",\n },\n location=\"us-west1\",\n name=\"name\",\n networking={\n \"pod_address_cidr_blocks\": [\"10.2.0.0/16\"],\n \"service_address_cidr_blocks\": [\"10.1.0.0/16\"],\n \"vpc_id\": \"vpc-00000000000000000\",\n },\n annotations={\n \"label-one\": \"value-one\",\n },\n description=\"A sample aws cluster\",\n project=\"my-project-name\")\nprimary_aws_node_pool = gcp.container.AwsNodePool(\"primary\",\n autoscaling={\n \"max_node_count\": 5,\n \"min_node_count\": 1,\n },\n cluster=primary.name,\n config={\n \"config_encryption\": {\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n \"iam_instance_profile\": \"my--1p-dev-nodepool\",\n \"instance_type\": \"t3.medium\",\n \"labels\": {\n \"label-one\": \"value-one\",\n },\n \"root_volume\": {\n \"iops\": 3000,\n \"kms_key_arn\": \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n \"size_gib\": 10,\n \"volume_type\": \"gp3\",\n },\n \"security_group_ids\": [\"sg-00000000000000000\"],\n \"proxy_config\": {\n \"secret_arn\": \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n \"secret_version\": \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n \"ssh_config\": {\n \"ec2_key_pair\": \"my--1p-dev-ssh\",\n },\n \"tags\": {\n \"tag-one\": \"value-one\",\n },\n \"taints\": [{\n \"effect\": \"prefer_no_schedule\",\n \"key\": \"taint-key\",\n \"value\": \"taint-value\",\n }],\n \"instance_placement\": {\n \"tenancy\": \"dedicated\",\n },\n \"image_type\": \"ubuntu\",\n },\n location=\"us-west1\",\n max_pods_constraint={\n \"max_pods_per_node\": 110,\n },\n name=\"node-pool-name\",\n subnet_id=\"subnet-00000000000000000\",\n version=versions.valid_versions[0],\n annotations={\n \"label-one\": \"value-one\",\n },\n project=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var versions = Gcp.Container.GetAwsVersions.Invoke(new()\n {\n Project = \"my-project-name\",\n Location = \"us-west1\",\n });\n\n var primary = new Gcp.Container.AwsCluster(\"primary\", new()\n {\n Authorization = new Gcp.Container.Inputs.AwsClusterAuthorizationArgs\n {\n AdminUsers = new[]\n {\n new Gcp.Container.Inputs.AwsClusterAuthorizationAdminUserArgs\n {\n Username = \"my@service-account.com\",\n },\n },\n },\n AwsRegion = \"my-aws-region\",\n ControlPlane = new Gcp.Container.Inputs.AwsClusterControlPlaneArgs\n {\n AwsServicesAuthentication = new Gcp.Container.Inputs.AwsClusterControlPlaneAwsServicesAuthenticationArgs\n {\n RoleArn = \"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\",\n RoleSessionName = \"my--1p-dev-session\",\n },\n ConfigEncryption = new Gcp.Container.Inputs.AwsClusterControlPlaneConfigEncryptionArgs\n {\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n DatabaseEncryption = new Gcp.Container.Inputs.AwsClusterControlPlaneDatabaseEncryptionArgs\n {\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n IamInstanceProfile = \"my--1p-dev-controlplane\",\n SubnetIds = new[]\n {\n \"subnet-00000000000000000\",\n },\n Version = versions.Apply(getAwsVersionsResult =\u003e getAwsVersionsResult.ValidVersions[0]),\n InstanceType = \"t3.medium\",\n MainVolume = new Gcp.Container.Inputs.AwsClusterControlPlaneMainVolumeArgs\n {\n Iops = 3000,\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n SizeGib = 10,\n VolumeType = \"GP3\",\n },\n ProxyConfig = new Gcp.Container.Inputs.AwsClusterControlPlaneProxyConfigArgs\n {\n SecretArn = \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n SecretVersion = \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n RootVolume = new Gcp.Container.Inputs.AwsClusterControlPlaneRootVolumeArgs\n {\n Iops = 3000,\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n SizeGib = 10,\n VolumeType = \"GP3\",\n },\n SecurityGroupIds = new[]\n {\n \"sg-00000000000000000\",\n },\n SshConfig = new Gcp.Container.Inputs.AwsClusterControlPlaneSshConfigArgs\n {\n Ec2KeyPair = \"my--1p-dev-ssh\",\n },\n Tags = \n {\n { \"owner\", \"my@service-account.com\" },\n },\n },\n Fleet = new Gcp.Container.Inputs.AwsClusterFleetArgs\n {\n Project = \"my-project-number\",\n },\n Location = \"us-west1\",\n Name = \"name\",\n Networking = new Gcp.Container.Inputs.AwsClusterNetworkingArgs\n {\n PodAddressCidrBlocks = new[]\n {\n \"10.2.0.0/16\",\n },\n ServiceAddressCidrBlocks = new[]\n {\n \"10.1.0.0/16\",\n },\n VpcId = \"vpc-00000000000000000\",\n },\n Annotations = \n {\n { \"label-one\", \"value-one\" },\n },\n Description = \"A sample aws cluster\",\n Project = \"my-project-name\",\n });\n\n var primaryAwsNodePool = new Gcp.Container.AwsNodePool(\"primary\", new()\n {\n Autoscaling = new Gcp.Container.Inputs.AwsNodePoolAutoscalingArgs\n {\n MaxNodeCount = 5,\n MinNodeCount = 1,\n },\n Cluster = primary.Name,\n Config = new Gcp.Container.Inputs.AwsNodePoolConfigArgs\n {\n ConfigEncryption = new Gcp.Container.Inputs.AwsNodePoolConfigConfigEncryptionArgs\n {\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n },\n IamInstanceProfile = \"my--1p-dev-nodepool\",\n InstanceType = \"t3.medium\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n RootVolume = new Gcp.Container.Inputs.AwsNodePoolConfigRootVolumeArgs\n {\n Iops = 3000,\n KmsKeyArn = \"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\",\n SizeGib = 10,\n VolumeType = \"gp3\",\n },\n SecurityGroupIds = new[]\n {\n \"sg-00000000000000000\",\n },\n ProxyConfig = new Gcp.Container.Inputs.AwsNodePoolConfigProxyConfigArgs\n {\n SecretArn = \"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\",\n SecretVersion = \"12345678-ABCD-EFGH-IJKL-987654321098\",\n },\n SshConfig = new Gcp.Container.Inputs.AwsNodePoolConfigSshConfigArgs\n {\n Ec2KeyPair = \"my--1p-dev-ssh\",\n },\n Tags = \n {\n { \"tag-one\", \"value-one\" },\n },\n Taints = new[]\n {\n new Gcp.Container.Inputs.AwsNodePoolConfigTaintArgs\n {\n Effect = \"prefer_no_schedule\",\n Key = \"taint-key\",\n Value = \"taint-value\",\n },\n },\n InstancePlacement = new Gcp.Container.Inputs.AwsNodePoolConfigInstancePlacementArgs\n {\n Tenancy = \"dedicated\",\n },\n ImageType = \"ubuntu\",\n },\n Location = \"us-west1\",\n MaxPodsConstraint = new Gcp.Container.Inputs.AwsNodePoolMaxPodsConstraintArgs\n {\n MaxPodsPerNode = 110,\n },\n Name = \"node-pool-name\",\n SubnetId = \"subnet-00000000000000000\",\n Version = versions.Apply(getAwsVersionsResult =\u003e getAwsVersionsResult.ValidVersions[0]),\n Annotations = \n {\n { \"label-one\", \"value-one\" },\n },\n Project = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tversions, err := container.GetAwsVersions(ctx, \u0026container.GetAwsVersionsArgs{\n\t\t\tProject: pulumi.StringRef(\"my-project-name\"),\n\t\t\tLocation: pulumi.StringRef(\"us-west1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimary, err := container.NewAwsCluster(ctx, \"primary\", \u0026container.AwsClusterArgs{\n\t\t\tAuthorization: \u0026container.AwsClusterAuthorizationArgs{\n\t\t\t\tAdminUsers: container.AwsClusterAuthorizationAdminUserArray{\n\t\t\t\t\t\u0026container.AwsClusterAuthorizationAdminUserArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"my@service-account.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAwsRegion: pulumi.String(\"my-aws-region\"),\n\t\t\tControlPlane: \u0026container.AwsClusterControlPlaneArgs{\n\t\t\t\tAwsServicesAuthentication: \u0026container.AwsClusterControlPlaneAwsServicesAuthenticationArgs{\n\t\t\t\t\tRoleArn: pulumi.String(\"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\"),\n\t\t\t\t\tRoleSessionName: pulumi.String(\"my--1p-dev-session\"),\n\t\t\t\t},\n\t\t\t\tConfigEncryption: \u0026container.AwsClusterControlPlaneConfigEncryptionArgs{\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t},\n\t\t\t\tDatabaseEncryption: \u0026container.AwsClusterControlPlaneDatabaseEncryptionArgs{\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t},\n\t\t\t\tIamInstanceProfile: pulumi.String(\"my--1p-dev-controlplane\"),\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"subnet-00000000000000000\"),\n\t\t\t\t},\n\t\t\t\tVersion: pulumi.String(versions.ValidVersions[0]),\n\t\t\t\tInstanceType: pulumi.String(\"t3.medium\"),\n\t\t\t\tMainVolume: \u0026container.AwsClusterControlPlaneMainVolumeArgs{\n\t\t\t\t\tIops: pulumi.Int(3000),\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t\tSizeGib: pulumi.Int(10),\n\t\t\t\t\tVolumeType: pulumi.String(\"GP3\"),\n\t\t\t\t},\n\t\t\t\tProxyConfig: \u0026container.AwsClusterControlPlaneProxyConfigArgs{\n\t\t\t\t\tSecretArn: pulumi.String(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\"),\n\t\t\t\t\tSecretVersion: pulumi.String(\"12345678-ABCD-EFGH-IJKL-987654321098\"),\n\t\t\t\t},\n\t\t\t\tRootVolume: \u0026container.AwsClusterControlPlaneRootVolumeArgs{\n\t\t\t\t\tIops: pulumi.Int(3000),\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t\tSizeGib: pulumi.Int(10),\n\t\t\t\t\tVolumeType: pulumi.String(\"GP3\"),\n\t\t\t\t},\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"sg-00000000000000000\"),\n\t\t\t\t},\n\t\t\t\tSshConfig: \u0026container.AwsClusterControlPlaneSshConfigArgs{\n\t\t\t\t\tEc2KeyPair: pulumi.String(\"my--1p-dev-ssh\"),\n\t\t\t\t},\n\t\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\t\"owner\": pulumi.String(\"my@service-account.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tFleet: \u0026container.AwsClusterFleetArgs{\n\t\t\t\tProject: pulumi.String(\"my-project-number\"),\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tName: pulumi.String(\"name\"),\n\t\t\tNetworking: \u0026container.AwsClusterNetworkingArgs{\n\t\t\t\tPodAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.2.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tServiceAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.1.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tVpcId: pulumi.String(\"vpc-00000000000000000\"),\n\t\t\t},\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"A sample aws cluster\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = container.NewAwsNodePool(ctx, \"primary\", \u0026container.AwsNodePoolArgs{\n\t\t\tAutoscaling: \u0026container.AwsNodePoolAutoscalingArgs{\n\t\t\t\tMaxNodeCount: pulumi.Int(5),\n\t\t\t\tMinNodeCount: pulumi.Int(1),\n\t\t\t},\n\t\t\tCluster: primary.Name,\n\t\t\tConfig: \u0026container.AwsNodePoolConfigArgs{\n\t\t\t\tConfigEncryption: \u0026container.AwsNodePoolConfigConfigEncryptionArgs{\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t},\n\t\t\t\tIamInstanceProfile: pulumi.String(\"my--1p-dev-nodepool\"),\n\t\t\t\tInstanceType: pulumi.String(\"t3.medium\"),\n\t\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t\t},\n\t\t\t\tRootVolume: \u0026container.AwsNodePoolConfigRootVolumeArgs{\n\t\t\t\t\tIops: pulumi.Int(3000),\n\t\t\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\"),\n\t\t\t\t\tSizeGib: pulumi.Int(10),\n\t\t\t\t\tVolumeType: pulumi.String(\"gp3\"),\n\t\t\t\t},\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"sg-00000000000000000\"),\n\t\t\t\t},\n\t\t\t\tProxyConfig: \u0026container.AwsNodePoolConfigProxyConfigArgs{\n\t\t\t\t\tSecretArn: pulumi.String(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\"),\n\t\t\t\t\tSecretVersion: pulumi.String(\"12345678-ABCD-EFGH-IJKL-987654321098\"),\n\t\t\t\t},\n\t\t\t\tSshConfig: \u0026container.AwsNodePoolConfigSshConfigArgs{\n\t\t\t\t\tEc2KeyPair: pulumi.String(\"my--1p-dev-ssh\"),\n\t\t\t\t},\n\t\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\t\"tag-one\": pulumi.String(\"value-one\"),\n\t\t\t\t},\n\t\t\t\tTaints: container.AwsNodePoolConfigTaintArray{\n\t\t\t\t\t\u0026container.AwsNodePoolConfigTaintArgs{\n\t\t\t\t\t\tEffect: pulumi.String(\"prefer_no_schedule\"),\n\t\t\t\t\t\tKey: pulumi.String(\"taint-key\"),\n\t\t\t\t\t\tValue: pulumi.String(\"taint-value\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tInstancePlacement: \u0026container.AwsNodePoolConfigInstancePlacementArgs{\n\t\t\t\t\tTenancy: pulumi.String(\"dedicated\"),\n\t\t\t\t},\n\t\t\t\tImageType: pulumi.String(\"ubuntu\"),\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tMaxPodsConstraint: \u0026container.AwsNodePoolMaxPodsConstraintArgs{\n\t\t\t\tMaxPodsPerNode: pulumi.Int(110),\n\t\t\t},\n\t\t\tName: pulumi.String(\"node-pool-name\"),\n\t\t\tSubnetId: pulumi.String(\"subnet-00000000000000000\"),\n\t\t\tVersion: pulumi.String(versions.ValidVersions[0]),\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetAwsVersionsArgs;\nimport com.pulumi.gcp.container.AwsCluster;\nimport com.pulumi.gcp.container.AwsClusterArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterAuthorizationArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneAwsServicesAuthenticationArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneConfigEncryptionArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneDatabaseEncryptionArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneMainVolumeArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneProxyConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneRootVolumeArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterControlPlaneSshConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterFleetArgs;\nimport com.pulumi.gcp.container.inputs.AwsClusterNetworkingArgs;\nimport com.pulumi.gcp.container.AwsNodePool;\nimport com.pulumi.gcp.container.AwsNodePoolArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolAutoscalingArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolConfigConfigEncryptionArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolConfigRootVolumeArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolConfigProxyConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolConfigSshConfigArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolConfigInstancePlacementArgs;\nimport com.pulumi.gcp.container.inputs.AwsNodePoolMaxPodsConstraintArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var versions = ContainerFunctions.getAwsVersions(GetAwsVersionsArgs.builder()\n .project(\"my-project-name\")\n .location(\"us-west1\")\n .build());\n\n var primary = new AwsCluster(\"primary\", AwsClusterArgs.builder()\n .authorization(AwsClusterAuthorizationArgs.builder()\n .adminUsers(AwsClusterAuthorizationAdminUserArgs.builder()\n .username(\"my@service-account.com\")\n .build())\n .build())\n .awsRegion(\"my-aws-region\")\n .controlPlane(AwsClusterControlPlaneArgs.builder()\n .awsServicesAuthentication(AwsClusterControlPlaneAwsServicesAuthenticationArgs.builder()\n .roleArn(\"arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\")\n .roleSessionName(\"my--1p-dev-session\")\n .build())\n .configEncryption(AwsClusterControlPlaneConfigEncryptionArgs.builder()\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .build())\n .databaseEncryption(AwsClusterControlPlaneDatabaseEncryptionArgs.builder()\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .build())\n .iamInstanceProfile(\"my--1p-dev-controlplane\")\n .subnetIds(\"subnet-00000000000000000\")\n .version(versions.applyValue(getAwsVersionsResult -\u003e getAwsVersionsResult.validVersions()[0]))\n .instanceType(\"t3.medium\")\n .mainVolume(AwsClusterControlPlaneMainVolumeArgs.builder()\n .iops(3000)\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .sizeGib(10)\n .volumeType(\"GP3\")\n .build())\n .proxyConfig(AwsClusterControlPlaneProxyConfigArgs.builder()\n .secretArn(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\")\n .secretVersion(\"12345678-ABCD-EFGH-IJKL-987654321098\")\n .build())\n .rootVolume(AwsClusterControlPlaneRootVolumeArgs.builder()\n .iops(3000)\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .sizeGib(10)\n .volumeType(\"GP3\")\n .build())\n .securityGroupIds(\"sg-00000000000000000\")\n .sshConfig(AwsClusterControlPlaneSshConfigArgs.builder()\n .ec2KeyPair(\"my--1p-dev-ssh\")\n .build())\n .tags(Map.of(\"owner\", \"my@service-account.com\"))\n .build())\n .fleet(AwsClusterFleetArgs.builder()\n .project(\"my-project-number\")\n .build())\n .location(\"us-west1\")\n .name(\"name\")\n .networking(AwsClusterNetworkingArgs.builder()\n .podAddressCidrBlocks(\"10.2.0.0/16\")\n .serviceAddressCidrBlocks(\"10.1.0.0/16\")\n .vpcId(\"vpc-00000000000000000\")\n .build())\n .annotations(Map.of(\"label-one\", \"value-one\"))\n .description(\"A sample aws cluster\")\n .project(\"my-project-name\")\n .build());\n\n var primaryAwsNodePool = new AwsNodePool(\"primaryAwsNodePool\", AwsNodePoolArgs.builder()\n .autoscaling(AwsNodePoolAutoscalingArgs.builder()\n .maxNodeCount(5)\n .minNodeCount(1)\n .build())\n .cluster(primary.name())\n .config(AwsNodePoolConfigArgs.builder()\n .configEncryption(AwsNodePoolConfigConfigEncryptionArgs.builder()\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .build())\n .iamInstanceProfile(\"my--1p-dev-nodepool\")\n .instanceType(\"t3.medium\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .rootVolume(AwsNodePoolConfigRootVolumeArgs.builder()\n .iops(3000)\n .kmsKeyArn(\"arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\")\n .sizeGib(10)\n .volumeType(\"gp3\")\n .build())\n .securityGroupIds(\"sg-00000000000000000\")\n .proxyConfig(AwsNodePoolConfigProxyConfigArgs.builder()\n .secretArn(\"arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\")\n .secretVersion(\"12345678-ABCD-EFGH-IJKL-987654321098\")\n .build())\n .sshConfig(AwsNodePoolConfigSshConfigArgs.builder()\n .ec2KeyPair(\"my--1p-dev-ssh\")\n .build())\n .tags(Map.of(\"tag-one\", \"value-one\"))\n .taints(AwsNodePoolConfigTaintArgs.builder()\n .effect(\"prefer_no_schedule\")\n .key(\"taint-key\")\n .value(\"taint-value\")\n .build())\n .instancePlacement(AwsNodePoolConfigInstancePlacementArgs.builder()\n .tenancy(\"dedicated\")\n .build())\n .imageType(\"ubuntu\")\n .build())\n .location(\"us-west1\")\n .maxPodsConstraint(AwsNodePoolMaxPodsConstraintArgs.builder()\n .maxPodsPerNode(110)\n .build())\n .name(\"node-pool-name\")\n .subnetId(\"subnet-00000000000000000\")\n .version(versions.applyValue(getAwsVersionsResult -\u003e getAwsVersionsResult.validVersions()[0]))\n .annotations(Map.of(\"label-one\", \"value-one\"))\n .project(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:AwsCluster\n properties:\n authorization:\n adminUsers:\n - username: my@service-account.com\n awsRegion: my-aws-region\n controlPlane:\n awsServicesAuthentication:\n roleArn: arn:aws:iam::012345678910:role/my--1p-dev-oneplatform\n roleSessionName: my--1p-dev-session\n configEncryption:\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n databaseEncryption:\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n iamInstanceProfile: my--1p-dev-controlplane\n subnetIds:\n - subnet-00000000000000000\n version: ${versions.validVersions[0]}\n instanceType: t3.medium\n mainVolume:\n iops: 3000\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n sizeGib: 10\n volumeType: GP3\n proxyConfig:\n secretArn: arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\n secretVersion: 12345678-ABCD-EFGH-IJKL-987654321098\n rootVolume:\n iops: 3000\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n sizeGib: 10\n volumeType: GP3\n securityGroupIds:\n - sg-00000000000000000\n sshConfig:\n ec2KeyPair: my--1p-dev-ssh\n tags:\n owner: my@service-account.com\n fleet:\n project: my-project-number\n location: us-west1\n name: name\n networking:\n podAddressCidrBlocks:\n - 10.2.0.0/16\n serviceAddressCidrBlocks:\n - 10.1.0.0/16\n vpcId: vpc-00000000000000000\n annotations:\n label-one: value-one\n description: A sample aws cluster\n project: my-project-name\n primaryAwsNodePool:\n type: gcp:container:AwsNodePool\n name: primary\n properties:\n autoscaling:\n maxNodeCount: 5\n minNodeCount: 1\n cluster: ${primary.name}\n config:\n configEncryption:\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n iamInstanceProfile: my--1p-dev-nodepool\n instanceType: t3.medium\n labels:\n label-one: value-one\n rootVolume:\n iops: 3000\n kmsKeyArn: arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111\n sizeGib: 10\n volumeType: gp3\n securityGroupIds:\n - sg-00000000000000000\n proxyConfig:\n secretArn: arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF\n secretVersion: 12345678-ABCD-EFGH-IJKL-987654321098\n sshConfig:\n ec2KeyPair: my--1p-dev-ssh\n tags:\n tag-one: value-one\n taints:\n - effect: prefer_no_schedule\n key: taint-key\n value: taint-value\n instancePlacement:\n tenancy: dedicated\n imageType: ubuntu\n location: us-west1\n maxPodsConstraint:\n maxPodsPerNode: 110\n name: node-pool-name\n subnetId: subnet-00000000000000000\n version: ${versions.validVersions[0]}\n annotations:\n label-one: value-one\n project: my-project-name\nvariables:\n versions:\n fn::invoke:\n function: gcp:container:getAwsVersions\n arguments:\n project: my-project-name\n location: us-west1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nNodePool can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/awsClusters/{{cluster}}/awsNodePools/{{name}}`\n\n* `{{project}}/{{location}}/{{cluster}}/{{name}}`\n\n* `{{location}}/{{cluster}}/{{name}}`\n\nWhen using the `pulumi import` command, NodePool can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:container/awsNodePool:AwsNodePool default projects/{{project}}/locations/{{location}}/awsClusters/{{cluster}}/awsNodePools/{{name}}\n```\n\n```sh\n$ pulumi import gcp:container/awsNodePool:AwsNodePool default {{project}}/{{location}}/{{cluster}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:container/awsNodePool:AwsNodePool default {{location}}/{{cluster}}/{{name}}\n```\n\n", "properties": { "annotations": { "type": "object", @@ -186521,7 +186521,7 @@ } }, "gcp:container/azureCluster:AzureCluster": { - "description": "An Anthos cluster running on Azure.\n\nFor more information, see:\n* [Multicloud overview](https://cloud.google.com/kubernetes-engine/multi-cloud/docs)\n## Example Usage\n\n### Basic_azure_cluster\nA basic example of a containerazure azure cluster\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst versions = gcp.container.getAzureVersions({\n project: \"my-project-name\",\n location: \"us-west1\",\n});\nconst basic = new gcp.container.AzureClient(\"basic\", {\n applicationId: \"12345678-1234-1234-1234-123456789111\",\n location: \"us-west1\",\n name: \"client-name\",\n tenantId: \"12345678-1234-1234-1234-123456789111\",\n project: \"my-project-name\",\n});\nconst primary = new gcp.container.AzureCluster(\"primary\", {\n authorization: {\n adminUsers: [{\n username: \"mmv2@google.com\",\n }],\n adminGroups: [{\n group: \"group@domain.com\",\n }],\n },\n azureRegion: \"westus2\",\n client: pulumi.interpolate`projects/my-project-number/locations/us-west1/azureClients/${basic.name}`,\n controlPlane: {\n sshConfig: {\n authorizedKey: \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\",\n },\n subnetId: \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\",\n version: versions.then(versions =\u003e versions.validVersions?.[0]),\n },\n fleet: {\n project: \"my-project-number\",\n },\n location: \"us-west1\",\n name: \"name\",\n networking: {\n podAddressCidrBlocks: [\"10.200.0.0/16\"],\n serviceAddressCidrBlocks: [\"10.32.0.0/24\"],\n virtualNetworkId: \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\",\n },\n resourceGroupId: \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\",\n project: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nversions = gcp.container.get_azure_versions(project=\"my-project-name\",\n location=\"us-west1\")\nbasic = gcp.container.AzureClient(\"basic\",\n application_id=\"12345678-1234-1234-1234-123456789111\",\n location=\"us-west1\",\n name=\"client-name\",\n tenant_id=\"12345678-1234-1234-1234-123456789111\",\n project=\"my-project-name\")\nprimary = gcp.container.AzureCluster(\"primary\",\n authorization={\n \"admin_users\": [{\n \"username\": \"mmv2@google.com\",\n }],\n \"admin_groups\": [{\n \"group\": \"group@domain.com\",\n }],\n },\n azure_region=\"westus2\",\n client=basic.name.apply(lambda name: f\"projects/my-project-number/locations/us-west1/azureClients/{name}\"),\n control_plane={\n \"ssh_config\": {\n \"authorized_key\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\",\n },\n \"subnet_id\": \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\",\n \"version\": versions.valid_versions[0],\n },\n fleet={\n \"project\": \"my-project-number\",\n },\n location=\"us-west1\",\n name=\"name\",\n networking={\n \"pod_address_cidr_blocks\": [\"10.200.0.0/16\"],\n \"service_address_cidr_blocks\": [\"10.32.0.0/24\"],\n \"virtual_network_id\": \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\",\n },\n resource_group_id=\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\",\n project=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var versions = Gcp.Container.GetAzureVersions.Invoke(new()\n {\n Project = \"my-project-name\",\n Location = \"us-west1\",\n });\n\n var basic = new Gcp.Container.AzureClient(\"basic\", new()\n {\n ApplicationId = \"12345678-1234-1234-1234-123456789111\",\n Location = \"us-west1\",\n Name = \"client-name\",\n TenantId = \"12345678-1234-1234-1234-123456789111\",\n Project = \"my-project-name\",\n });\n\n var primary = new Gcp.Container.AzureCluster(\"primary\", new()\n {\n Authorization = new Gcp.Container.Inputs.AzureClusterAuthorizationArgs\n {\n AdminUsers = new[]\n {\n new Gcp.Container.Inputs.AzureClusterAuthorizationAdminUserArgs\n {\n Username = \"mmv2@google.com\",\n },\n },\n AdminGroups = new[]\n {\n new Gcp.Container.Inputs.AzureClusterAuthorizationAdminGroupArgs\n {\n Group = \"group@domain.com\",\n },\n },\n },\n AzureRegion = \"westus2\",\n Client = basic.Name.Apply(name =\u003e $\"projects/my-project-number/locations/us-west1/azureClients/{name}\"),\n ControlPlane = new Gcp.Container.Inputs.AzureClusterControlPlaneArgs\n {\n SshConfig = new Gcp.Container.Inputs.AzureClusterControlPlaneSshConfigArgs\n {\n AuthorizedKey = \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\",\n },\n SubnetId = \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\",\n Version = versions.Apply(getAzureVersionsResult =\u003e getAzureVersionsResult.ValidVersions[0]),\n },\n Fleet = new Gcp.Container.Inputs.AzureClusterFleetArgs\n {\n Project = \"my-project-number\",\n },\n Location = \"us-west1\",\n Name = \"name\",\n Networking = new Gcp.Container.Inputs.AzureClusterNetworkingArgs\n {\n PodAddressCidrBlocks = new[]\n {\n \"10.200.0.0/16\",\n },\n ServiceAddressCidrBlocks = new[]\n {\n \"10.32.0.0/24\",\n },\n VirtualNetworkId = \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\",\n },\n ResourceGroupId = \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\",\n Project = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tversions, err := container.GetAzureVersions(ctx, \u0026container.GetAzureVersionsArgs{\n\t\t\tProject: pulumi.StringRef(\"my-project-name\"),\n\t\t\tLocation: pulumi.StringRef(\"us-west1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasic, err := container.NewAzureClient(ctx, \"basic\", \u0026container.AzureClientArgs{\n\t\t\tApplicationId: pulumi.String(\"12345678-1234-1234-1234-123456789111\"),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tName: pulumi.String(\"client-name\"),\n\t\t\tTenantId: pulumi.String(\"12345678-1234-1234-1234-123456789111\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = container.NewAzureCluster(ctx, \"primary\", \u0026container.AzureClusterArgs{\n\t\t\tAuthorization: \u0026container.AzureClusterAuthorizationArgs{\n\t\t\t\tAdminUsers: container.AzureClusterAuthorizationAdminUserArray{\n\t\t\t\t\t\u0026container.AzureClusterAuthorizationAdminUserArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"mmv2@google.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tAdminGroups: container.AzureClusterAuthorizationAdminGroupArray{\n\t\t\t\t\t\u0026container.AzureClusterAuthorizationAdminGroupArgs{\n\t\t\t\t\t\tGroup: pulumi.String(\"group@domain.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAzureRegion: pulumi.String(\"westus2\"),\n\t\t\tClient: basic.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/my-project-number/locations/us-west1/azureClients/%v\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tControlPlane: \u0026container.AzureClusterControlPlaneArgs{\n\t\t\t\tSshConfig: \u0026container.AzureClusterControlPlaneSshConfigArgs{\n\t\t\t\t\tAuthorizedKey: pulumi.String(\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\"),\n\t\t\t\t},\n\t\t\t\tSubnetId: pulumi.String(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\"),\n\t\t\t\tVersion: pulumi.String(versions.ValidVersions[0]),\n\t\t\t},\n\t\t\tFleet: \u0026container.AzureClusterFleetArgs{\n\t\t\t\tProject: pulumi.String(\"my-project-number\"),\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tName: pulumi.String(\"name\"),\n\t\t\tNetworking: \u0026container.AzureClusterNetworkingArgs{\n\t\t\t\tPodAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.200.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tServiceAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.32.0.0/24\"),\n\t\t\t\t},\n\t\t\t\tVirtualNetworkId: pulumi.String(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\"),\n\t\t\t},\n\t\t\tResourceGroupId: pulumi.String(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetAzureVersionsArgs;\nimport com.pulumi.gcp.container.AzureClient;\nimport com.pulumi.gcp.container.AzureClientArgs;\nimport com.pulumi.gcp.container.AzureCluster;\nimport com.pulumi.gcp.container.AzureClusterArgs;\nimport com.pulumi.gcp.container.inputs.AzureClusterAuthorizationArgs;\nimport com.pulumi.gcp.container.inputs.AzureClusterControlPlaneArgs;\nimport com.pulumi.gcp.container.inputs.AzureClusterControlPlaneSshConfigArgs;\nimport com.pulumi.gcp.container.inputs.AzureClusterFleetArgs;\nimport com.pulumi.gcp.container.inputs.AzureClusterNetworkingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var versions = ContainerFunctions.getAzureVersions(GetAzureVersionsArgs.builder()\n .project(\"my-project-name\")\n .location(\"us-west1\")\n .build());\n\n var basic = new AzureClient(\"basic\", AzureClientArgs.builder()\n .applicationId(\"12345678-1234-1234-1234-123456789111\")\n .location(\"us-west1\")\n .name(\"client-name\")\n .tenantId(\"12345678-1234-1234-1234-123456789111\")\n .project(\"my-project-name\")\n .build());\n\n var primary = new AzureCluster(\"primary\", AzureClusterArgs.builder()\n .authorization(AzureClusterAuthorizationArgs.builder()\n .adminUsers(AzureClusterAuthorizationAdminUserArgs.builder()\n .username(\"mmv2@google.com\")\n .build())\n .adminGroups(AzureClusterAuthorizationAdminGroupArgs.builder()\n .group(\"group@domain.com\")\n .build())\n .build())\n .azureRegion(\"westus2\")\n .client(basic.name().applyValue(name -\u003e String.format(\"projects/my-project-number/locations/us-west1/azureClients/%s\", name)))\n .controlPlane(AzureClusterControlPlaneArgs.builder()\n .sshConfig(AzureClusterControlPlaneSshConfigArgs.builder()\n .authorizedKey(\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\")\n .build())\n .subnetId(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\")\n .version(versions.applyValue(getAzureVersionsResult -\u003e getAzureVersionsResult.validVersions()[0]))\n .build())\n .fleet(AzureClusterFleetArgs.builder()\n .project(\"my-project-number\")\n .build())\n .location(\"us-west1\")\n .name(\"name\")\n .networking(AzureClusterNetworkingArgs.builder()\n .podAddressCidrBlocks(\"10.200.0.0/16\")\n .serviceAddressCidrBlocks(\"10.32.0.0/24\")\n .virtualNetworkId(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\")\n .build())\n .resourceGroupId(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\")\n .project(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:AzureCluster\n properties:\n authorization:\n adminUsers:\n - username: mmv2@google.com\n adminGroups:\n - group: group@domain.com\n azureRegion: westus2\n client: projects/my-project-number/locations/us-west1/azureClients/${basic.name}\n controlPlane:\n sshConfig:\n authorizedKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\n subnetId: /subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\n version: ${versions.validVersions[0]}\n fleet:\n project: my-project-number\n location: us-west1\n name: name\n networking:\n podAddressCidrBlocks:\n - 10.200.0.0/16\n serviceAddressCidrBlocks:\n - 10.32.0.0/24\n virtualNetworkId: /subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\n resourceGroupId: /subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\n project: my-project-name\n basic:\n type: gcp:container:AzureClient\n properties:\n applicationId: 12345678-1234-1234-1234-123456789111\n location: us-west1\n name: client-name\n tenantId: 12345678-1234-1234-1234-123456789111\n project: my-project-name\nvariables:\n versions:\n fn::invoke:\n Function: gcp:container:getAzureVersions\n Arguments:\n project: my-project-name\n location: us-west1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Beta_basic_enum_azure_cluster\nA basic example of a containerazure azure cluster with lowercase enums (beta)\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst versions = gcp.container.getAzureVersions({\n project: \"my-project-name\",\n location: \"us-west1\",\n});\nconst basic = new gcp.container.AzureClient(\"basic\", {\n applicationId: \"12345678-1234-1234-1234-123456789111\",\n location: \"us-west1\",\n name: \"client-name\",\n tenantId: \"12345678-1234-1234-1234-123456789111\",\n project: \"my-project-name\",\n});\nconst primary = new gcp.container.AzureCluster(\"primary\", {\n authorization: {\n adminUsers: [{\n username: \"mmv2@google.com\",\n }],\n },\n azureRegion: \"westus2\",\n client: pulumi.interpolate`projects/my-project-number/locations/us-west1/azureClients/${basic.name}`,\n controlPlane: {\n sshConfig: {\n authorizedKey: \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\",\n },\n subnetId: \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\",\n version: versions.then(versions =\u003e versions.validVersions?.[0]),\n },\n fleet: {\n project: \"my-project-number\",\n },\n location: \"us-west1\",\n name: \"name\",\n networking: {\n podAddressCidrBlocks: [\"10.200.0.0/16\"],\n serviceAddressCidrBlocks: [\"10.32.0.0/24\"],\n virtualNetworkId: \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\",\n },\n resourceGroupId: \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\",\n project: \"my-project-name\",\n loggingConfig: {\n componentConfig: {\n enableComponents: [\n \"system_components\",\n \"workloads\",\n ],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nversions = gcp.container.get_azure_versions(project=\"my-project-name\",\n location=\"us-west1\")\nbasic = gcp.container.AzureClient(\"basic\",\n application_id=\"12345678-1234-1234-1234-123456789111\",\n location=\"us-west1\",\n name=\"client-name\",\n tenant_id=\"12345678-1234-1234-1234-123456789111\",\n project=\"my-project-name\")\nprimary = gcp.container.AzureCluster(\"primary\",\n authorization={\n \"admin_users\": [{\n \"username\": \"mmv2@google.com\",\n }],\n },\n azure_region=\"westus2\",\n client=basic.name.apply(lambda name: f\"projects/my-project-number/locations/us-west1/azureClients/{name}\"),\n control_plane={\n \"ssh_config\": {\n \"authorized_key\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\",\n },\n \"subnet_id\": \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\",\n \"version\": versions.valid_versions[0],\n },\n fleet={\n \"project\": \"my-project-number\",\n },\n location=\"us-west1\",\n name=\"name\",\n networking={\n \"pod_address_cidr_blocks\": [\"10.200.0.0/16\"],\n \"service_address_cidr_blocks\": [\"10.32.0.0/24\"],\n \"virtual_network_id\": \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\",\n },\n resource_group_id=\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\",\n project=\"my-project-name\",\n logging_config={\n \"component_config\": {\n \"enable_components\": [\n \"system_components\",\n \"workloads\",\n ],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var versions = Gcp.Container.GetAzureVersions.Invoke(new()\n {\n Project = \"my-project-name\",\n Location = \"us-west1\",\n });\n\n var basic = new Gcp.Container.AzureClient(\"basic\", new()\n {\n ApplicationId = \"12345678-1234-1234-1234-123456789111\",\n Location = \"us-west1\",\n Name = \"client-name\",\n TenantId = \"12345678-1234-1234-1234-123456789111\",\n Project = \"my-project-name\",\n });\n\n var primary = new Gcp.Container.AzureCluster(\"primary\", new()\n {\n Authorization = new Gcp.Container.Inputs.AzureClusterAuthorizationArgs\n {\n AdminUsers = new[]\n {\n new Gcp.Container.Inputs.AzureClusterAuthorizationAdminUserArgs\n {\n Username = \"mmv2@google.com\",\n },\n },\n },\n AzureRegion = \"westus2\",\n Client = basic.Name.Apply(name =\u003e $\"projects/my-project-number/locations/us-west1/azureClients/{name}\"),\n ControlPlane = new Gcp.Container.Inputs.AzureClusterControlPlaneArgs\n {\n SshConfig = new Gcp.Container.Inputs.AzureClusterControlPlaneSshConfigArgs\n {\n AuthorizedKey = \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\",\n },\n SubnetId = \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\",\n Version = versions.Apply(getAzureVersionsResult =\u003e getAzureVersionsResult.ValidVersions[0]),\n },\n Fleet = new Gcp.Container.Inputs.AzureClusterFleetArgs\n {\n Project = \"my-project-number\",\n },\n Location = \"us-west1\",\n Name = \"name\",\n Networking = new Gcp.Container.Inputs.AzureClusterNetworkingArgs\n {\n PodAddressCidrBlocks = new[]\n {\n \"10.200.0.0/16\",\n },\n ServiceAddressCidrBlocks = new[]\n {\n \"10.32.0.0/24\",\n },\n VirtualNetworkId = \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\",\n },\n ResourceGroupId = \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\",\n Project = \"my-project-name\",\n LoggingConfig = new Gcp.Container.Inputs.AzureClusterLoggingConfigArgs\n {\n ComponentConfig = new Gcp.Container.Inputs.AzureClusterLoggingConfigComponentConfigArgs\n {\n EnableComponents = new[]\n {\n \"system_components\",\n \"workloads\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tversions, err := container.GetAzureVersions(ctx, \u0026container.GetAzureVersionsArgs{\n\t\t\tProject: pulumi.StringRef(\"my-project-name\"),\n\t\t\tLocation: pulumi.StringRef(\"us-west1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasic, err := container.NewAzureClient(ctx, \"basic\", \u0026container.AzureClientArgs{\n\t\t\tApplicationId: pulumi.String(\"12345678-1234-1234-1234-123456789111\"),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tName: pulumi.String(\"client-name\"),\n\t\t\tTenantId: pulumi.String(\"12345678-1234-1234-1234-123456789111\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = container.NewAzureCluster(ctx, \"primary\", \u0026container.AzureClusterArgs{\n\t\t\tAuthorization: \u0026container.AzureClusterAuthorizationArgs{\n\t\t\t\tAdminUsers: container.AzureClusterAuthorizationAdminUserArray{\n\t\t\t\t\t\u0026container.AzureClusterAuthorizationAdminUserArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"mmv2@google.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAzureRegion: pulumi.String(\"westus2\"),\n\t\t\tClient: basic.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/my-project-number/locations/us-west1/azureClients/%v\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tControlPlane: \u0026container.AzureClusterControlPlaneArgs{\n\t\t\t\tSshConfig: \u0026container.AzureClusterControlPlaneSshConfigArgs{\n\t\t\t\t\tAuthorizedKey: pulumi.String(\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\"),\n\t\t\t\t},\n\t\t\t\tSubnetId: pulumi.String(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\"),\n\t\t\t\tVersion: pulumi.String(versions.ValidVersions[0]),\n\t\t\t},\n\t\t\tFleet: \u0026container.AzureClusterFleetArgs{\n\t\t\t\tProject: pulumi.String(\"my-project-number\"),\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tName: pulumi.String(\"name\"),\n\t\t\tNetworking: \u0026container.AzureClusterNetworkingArgs{\n\t\t\t\tPodAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.200.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tServiceAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.32.0.0/24\"),\n\t\t\t\t},\n\t\t\t\tVirtualNetworkId: pulumi.String(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\"),\n\t\t\t},\n\t\t\tResourceGroupId: pulumi.String(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tLoggingConfig: \u0026container.AzureClusterLoggingConfigArgs{\n\t\t\t\tComponentConfig: \u0026container.AzureClusterLoggingConfigComponentConfigArgs{\n\t\t\t\t\tEnableComponents: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"system_components\"),\n\t\t\t\t\t\tpulumi.String(\"workloads\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetAzureVersionsArgs;\nimport com.pulumi.gcp.container.AzureClient;\nimport com.pulumi.gcp.container.AzureClientArgs;\nimport com.pulumi.gcp.container.AzureCluster;\nimport com.pulumi.gcp.container.AzureClusterArgs;\nimport com.pulumi.gcp.container.inputs.AzureClusterAuthorizationArgs;\nimport com.pulumi.gcp.container.inputs.AzureClusterControlPlaneArgs;\nimport com.pulumi.gcp.container.inputs.AzureClusterControlPlaneSshConfigArgs;\nimport com.pulumi.gcp.container.inputs.AzureClusterFleetArgs;\nimport com.pulumi.gcp.container.inputs.AzureClusterNetworkingArgs;\nimport com.pulumi.gcp.container.inputs.AzureClusterLoggingConfigArgs;\nimport com.pulumi.gcp.container.inputs.AzureClusterLoggingConfigComponentConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var versions = ContainerFunctions.getAzureVersions(GetAzureVersionsArgs.builder()\n .project(\"my-project-name\")\n .location(\"us-west1\")\n .build());\n\n var basic = new AzureClient(\"basic\", AzureClientArgs.builder()\n .applicationId(\"12345678-1234-1234-1234-123456789111\")\n .location(\"us-west1\")\n .name(\"client-name\")\n .tenantId(\"12345678-1234-1234-1234-123456789111\")\n .project(\"my-project-name\")\n .build());\n\n var primary = new AzureCluster(\"primary\", AzureClusterArgs.builder()\n .authorization(AzureClusterAuthorizationArgs.builder()\n .adminUsers(AzureClusterAuthorizationAdminUserArgs.builder()\n .username(\"mmv2@google.com\")\n .build())\n .build())\n .azureRegion(\"westus2\")\n .client(basic.name().applyValue(name -\u003e String.format(\"projects/my-project-number/locations/us-west1/azureClients/%s\", name)))\n .controlPlane(AzureClusterControlPlaneArgs.builder()\n .sshConfig(AzureClusterControlPlaneSshConfigArgs.builder()\n .authorizedKey(\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\")\n .build())\n .subnetId(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\")\n .version(versions.applyValue(getAzureVersionsResult -\u003e getAzureVersionsResult.validVersions()[0]))\n .build())\n .fleet(AzureClusterFleetArgs.builder()\n .project(\"my-project-number\")\n .build())\n .location(\"us-west1\")\n .name(\"name\")\n .networking(AzureClusterNetworkingArgs.builder()\n .podAddressCidrBlocks(\"10.200.0.0/16\")\n .serviceAddressCidrBlocks(\"10.32.0.0/24\")\n .virtualNetworkId(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\")\n .build())\n .resourceGroupId(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\")\n .project(\"my-project-name\")\n .loggingConfig(AzureClusterLoggingConfigArgs.builder()\n .componentConfig(AzureClusterLoggingConfigComponentConfigArgs.builder()\n .enableComponents( \n \"system_components\",\n \"workloads\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:AzureCluster\n properties:\n authorization:\n adminUsers:\n - username: mmv2@google.com\n azureRegion: westus2\n client: projects/my-project-number/locations/us-west1/azureClients/${basic.name}\n controlPlane:\n sshConfig:\n authorizedKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\n subnetId: /subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\n version: ${versions.validVersions[0]}\n fleet:\n project: my-project-number\n location: us-west1\n name: name\n networking:\n podAddressCidrBlocks:\n - 10.200.0.0/16\n serviceAddressCidrBlocks:\n - 10.32.0.0/24\n virtualNetworkId: /subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\n resourceGroupId: /subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\n project: my-project-name\n loggingConfig:\n componentConfig:\n enableComponents:\n - system_components\n - workloads\n basic:\n type: gcp:container:AzureClient\n properties:\n applicationId: 12345678-1234-1234-1234-123456789111\n location: us-west1\n name: client-name\n tenantId: 12345678-1234-1234-1234-123456789111\n project: my-project-name\nvariables:\n versions:\n fn::invoke:\n Function: gcp:container:getAzureVersions\n Arguments:\n project: my-project-name\n location: us-west1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nCluster can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/azureClusters/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Cluster can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:container/azureCluster:AzureCluster default projects/{{project}}/locations/{{location}}/azureClusters/{{name}}\n```\n\n```sh\n$ pulumi import gcp:container/azureCluster:AzureCluster default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:container/azureCluster:AzureCluster default {{location}}/{{name}}\n```\n\n", + "description": "An Anthos cluster running on Azure.\n\nFor more information, see:\n* [Multicloud overview](https://cloud.google.com/kubernetes-engine/multi-cloud/docs)\n## Example Usage\n\n### Basic_azure_cluster\nA basic example of a containerazure azure cluster\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst versions = gcp.container.getAzureVersions({\n project: \"my-project-name\",\n location: \"us-west1\",\n});\nconst basic = new gcp.container.AzureClient(\"basic\", {\n applicationId: \"12345678-1234-1234-1234-123456789111\",\n location: \"us-west1\",\n name: \"client-name\",\n tenantId: \"12345678-1234-1234-1234-123456789111\",\n project: \"my-project-name\",\n});\nconst primary = new gcp.container.AzureCluster(\"primary\", {\n authorization: {\n adminUsers: [{\n username: \"mmv2@google.com\",\n }],\n adminGroups: [{\n group: \"group@domain.com\",\n }],\n },\n azureRegion: \"westus2\",\n client: pulumi.interpolate`projects/my-project-number/locations/us-west1/azureClients/${basic.name}`,\n controlPlane: {\n sshConfig: {\n authorizedKey: \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\",\n },\n subnetId: \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\",\n version: versions.then(versions =\u003e versions.validVersions?.[0]),\n },\n fleet: {\n project: \"my-project-number\",\n },\n location: \"us-west1\",\n name: \"name\",\n networking: {\n podAddressCidrBlocks: [\"10.200.0.0/16\"],\n serviceAddressCidrBlocks: [\"10.32.0.0/24\"],\n virtualNetworkId: \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\",\n },\n resourceGroupId: \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\",\n project: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nversions = gcp.container.get_azure_versions(project=\"my-project-name\",\n location=\"us-west1\")\nbasic = gcp.container.AzureClient(\"basic\",\n application_id=\"12345678-1234-1234-1234-123456789111\",\n location=\"us-west1\",\n name=\"client-name\",\n tenant_id=\"12345678-1234-1234-1234-123456789111\",\n project=\"my-project-name\")\nprimary = gcp.container.AzureCluster(\"primary\",\n authorization={\n \"admin_users\": [{\n \"username\": \"mmv2@google.com\",\n }],\n \"admin_groups\": [{\n \"group\": \"group@domain.com\",\n }],\n },\n azure_region=\"westus2\",\n client=basic.name.apply(lambda name: f\"projects/my-project-number/locations/us-west1/azureClients/{name}\"),\n control_plane={\n \"ssh_config\": {\n \"authorized_key\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\",\n },\n \"subnet_id\": \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\",\n \"version\": versions.valid_versions[0],\n },\n fleet={\n \"project\": \"my-project-number\",\n },\n location=\"us-west1\",\n name=\"name\",\n networking={\n \"pod_address_cidr_blocks\": [\"10.200.0.0/16\"],\n \"service_address_cidr_blocks\": [\"10.32.0.0/24\"],\n \"virtual_network_id\": \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\",\n },\n resource_group_id=\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\",\n project=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var versions = Gcp.Container.GetAzureVersions.Invoke(new()\n {\n Project = \"my-project-name\",\n Location = \"us-west1\",\n });\n\n var basic = new Gcp.Container.AzureClient(\"basic\", new()\n {\n ApplicationId = \"12345678-1234-1234-1234-123456789111\",\n Location = \"us-west1\",\n Name = \"client-name\",\n TenantId = \"12345678-1234-1234-1234-123456789111\",\n Project = \"my-project-name\",\n });\n\n var primary = new Gcp.Container.AzureCluster(\"primary\", new()\n {\n Authorization = new Gcp.Container.Inputs.AzureClusterAuthorizationArgs\n {\n AdminUsers = new[]\n {\n new Gcp.Container.Inputs.AzureClusterAuthorizationAdminUserArgs\n {\n Username = \"mmv2@google.com\",\n },\n },\n AdminGroups = new[]\n {\n new Gcp.Container.Inputs.AzureClusterAuthorizationAdminGroupArgs\n {\n Group = \"group@domain.com\",\n },\n },\n },\n AzureRegion = \"westus2\",\n Client = basic.Name.Apply(name =\u003e $\"projects/my-project-number/locations/us-west1/azureClients/{name}\"),\n ControlPlane = new Gcp.Container.Inputs.AzureClusterControlPlaneArgs\n {\n SshConfig = new Gcp.Container.Inputs.AzureClusterControlPlaneSshConfigArgs\n {\n AuthorizedKey = \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\",\n },\n SubnetId = \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\",\n Version = versions.Apply(getAzureVersionsResult =\u003e getAzureVersionsResult.ValidVersions[0]),\n },\n Fleet = new Gcp.Container.Inputs.AzureClusterFleetArgs\n {\n Project = \"my-project-number\",\n },\n Location = \"us-west1\",\n Name = \"name\",\n Networking = new Gcp.Container.Inputs.AzureClusterNetworkingArgs\n {\n PodAddressCidrBlocks = new[]\n {\n \"10.200.0.0/16\",\n },\n ServiceAddressCidrBlocks = new[]\n {\n \"10.32.0.0/24\",\n },\n VirtualNetworkId = \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\",\n },\n ResourceGroupId = \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\",\n Project = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tversions, err := container.GetAzureVersions(ctx, \u0026container.GetAzureVersionsArgs{\n\t\t\tProject: pulumi.StringRef(\"my-project-name\"),\n\t\t\tLocation: pulumi.StringRef(\"us-west1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasic, err := container.NewAzureClient(ctx, \"basic\", \u0026container.AzureClientArgs{\n\t\t\tApplicationId: pulumi.String(\"12345678-1234-1234-1234-123456789111\"),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tName: pulumi.String(\"client-name\"),\n\t\t\tTenantId: pulumi.String(\"12345678-1234-1234-1234-123456789111\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = container.NewAzureCluster(ctx, \"primary\", \u0026container.AzureClusterArgs{\n\t\t\tAuthorization: \u0026container.AzureClusterAuthorizationArgs{\n\t\t\t\tAdminUsers: container.AzureClusterAuthorizationAdminUserArray{\n\t\t\t\t\t\u0026container.AzureClusterAuthorizationAdminUserArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"mmv2@google.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tAdminGroups: container.AzureClusterAuthorizationAdminGroupArray{\n\t\t\t\t\t\u0026container.AzureClusterAuthorizationAdminGroupArgs{\n\t\t\t\t\t\tGroup: pulumi.String(\"group@domain.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAzureRegion: pulumi.String(\"westus2\"),\n\t\t\tClient: basic.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/my-project-number/locations/us-west1/azureClients/%v\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tControlPlane: \u0026container.AzureClusterControlPlaneArgs{\n\t\t\t\tSshConfig: \u0026container.AzureClusterControlPlaneSshConfigArgs{\n\t\t\t\t\tAuthorizedKey: pulumi.String(\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\"),\n\t\t\t\t},\n\t\t\t\tSubnetId: pulumi.String(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\"),\n\t\t\t\tVersion: pulumi.String(versions.ValidVersions[0]),\n\t\t\t},\n\t\t\tFleet: \u0026container.AzureClusterFleetArgs{\n\t\t\t\tProject: pulumi.String(\"my-project-number\"),\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tName: pulumi.String(\"name\"),\n\t\t\tNetworking: \u0026container.AzureClusterNetworkingArgs{\n\t\t\t\tPodAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.200.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tServiceAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.32.0.0/24\"),\n\t\t\t\t},\n\t\t\t\tVirtualNetworkId: pulumi.String(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\"),\n\t\t\t},\n\t\t\tResourceGroupId: pulumi.String(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetAzureVersionsArgs;\nimport com.pulumi.gcp.container.AzureClient;\nimport com.pulumi.gcp.container.AzureClientArgs;\nimport com.pulumi.gcp.container.AzureCluster;\nimport com.pulumi.gcp.container.AzureClusterArgs;\nimport com.pulumi.gcp.container.inputs.AzureClusterAuthorizationArgs;\nimport com.pulumi.gcp.container.inputs.AzureClusterControlPlaneArgs;\nimport com.pulumi.gcp.container.inputs.AzureClusterControlPlaneSshConfigArgs;\nimport com.pulumi.gcp.container.inputs.AzureClusterFleetArgs;\nimport com.pulumi.gcp.container.inputs.AzureClusterNetworkingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var versions = ContainerFunctions.getAzureVersions(GetAzureVersionsArgs.builder()\n .project(\"my-project-name\")\n .location(\"us-west1\")\n .build());\n\n var basic = new AzureClient(\"basic\", AzureClientArgs.builder()\n .applicationId(\"12345678-1234-1234-1234-123456789111\")\n .location(\"us-west1\")\n .name(\"client-name\")\n .tenantId(\"12345678-1234-1234-1234-123456789111\")\n .project(\"my-project-name\")\n .build());\n\n var primary = new AzureCluster(\"primary\", AzureClusterArgs.builder()\n .authorization(AzureClusterAuthorizationArgs.builder()\n .adminUsers(AzureClusterAuthorizationAdminUserArgs.builder()\n .username(\"mmv2@google.com\")\n .build())\n .adminGroups(AzureClusterAuthorizationAdminGroupArgs.builder()\n .group(\"group@domain.com\")\n .build())\n .build())\n .azureRegion(\"westus2\")\n .client(basic.name().applyValue(name -\u003e String.format(\"projects/my-project-number/locations/us-west1/azureClients/%s\", name)))\n .controlPlane(AzureClusterControlPlaneArgs.builder()\n .sshConfig(AzureClusterControlPlaneSshConfigArgs.builder()\n .authorizedKey(\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\")\n .build())\n .subnetId(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\")\n .version(versions.applyValue(getAzureVersionsResult -\u003e getAzureVersionsResult.validVersions()[0]))\n .build())\n .fleet(AzureClusterFleetArgs.builder()\n .project(\"my-project-number\")\n .build())\n .location(\"us-west1\")\n .name(\"name\")\n .networking(AzureClusterNetworkingArgs.builder()\n .podAddressCidrBlocks(\"10.200.0.0/16\")\n .serviceAddressCidrBlocks(\"10.32.0.0/24\")\n .virtualNetworkId(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\")\n .build())\n .resourceGroupId(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\")\n .project(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:AzureCluster\n properties:\n authorization:\n adminUsers:\n - username: mmv2@google.com\n adminGroups:\n - group: group@domain.com\n azureRegion: westus2\n client: projects/my-project-number/locations/us-west1/azureClients/${basic.name}\n controlPlane:\n sshConfig:\n authorizedKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\n subnetId: /subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\n version: ${versions.validVersions[0]}\n fleet:\n project: my-project-number\n location: us-west1\n name: name\n networking:\n podAddressCidrBlocks:\n - 10.200.0.0/16\n serviceAddressCidrBlocks:\n - 10.32.0.0/24\n virtualNetworkId: /subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\n resourceGroupId: /subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\n project: my-project-name\n basic:\n type: gcp:container:AzureClient\n properties:\n applicationId: 12345678-1234-1234-1234-123456789111\n location: us-west1\n name: client-name\n tenantId: 12345678-1234-1234-1234-123456789111\n project: my-project-name\nvariables:\n versions:\n fn::invoke:\n function: gcp:container:getAzureVersions\n arguments:\n project: my-project-name\n location: us-west1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Beta_basic_enum_azure_cluster\nA basic example of a containerazure azure cluster with lowercase enums (beta)\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst versions = gcp.container.getAzureVersions({\n project: \"my-project-name\",\n location: \"us-west1\",\n});\nconst basic = new gcp.container.AzureClient(\"basic\", {\n applicationId: \"12345678-1234-1234-1234-123456789111\",\n location: \"us-west1\",\n name: \"client-name\",\n tenantId: \"12345678-1234-1234-1234-123456789111\",\n project: \"my-project-name\",\n});\nconst primary = new gcp.container.AzureCluster(\"primary\", {\n authorization: {\n adminUsers: [{\n username: \"mmv2@google.com\",\n }],\n },\n azureRegion: \"westus2\",\n client: pulumi.interpolate`projects/my-project-number/locations/us-west1/azureClients/${basic.name}`,\n controlPlane: {\n sshConfig: {\n authorizedKey: \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\",\n },\n subnetId: \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\",\n version: versions.then(versions =\u003e versions.validVersions?.[0]),\n },\n fleet: {\n project: \"my-project-number\",\n },\n location: \"us-west1\",\n name: \"name\",\n networking: {\n podAddressCidrBlocks: [\"10.200.0.0/16\"],\n serviceAddressCidrBlocks: [\"10.32.0.0/24\"],\n virtualNetworkId: \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\",\n },\n resourceGroupId: \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\",\n project: \"my-project-name\",\n loggingConfig: {\n componentConfig: {\n enableComponents: [\n \"system_components\",\n \"workloads\",\n ],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nversions = gcp.container.get_azure_versions(project=\"my-project-name\",\n location=\"us-west1\")\nbasic = gcp.container.AzureClient(\"basic\",\n application_id=\"12345678-1234-1234-1234-123456789111\",\n location=\"us-west1\",\n name=\"client-name\",\n tenant_id=\"12345678-1234-1234-1234-123456789111\",\n project=\"my-project-name\")\nprimary = gcp.container.AzureCluster(\"primary\",\n authorization={\n \"admin_users\": [{\n \"username\": \"mmv2@google.com\",\n }],\n },\n azure_region=\"westus2\",\n client=basic.name.apply(lambda name: f\"projects/my-project-number/locations/us-west1/azureClients/{name}\"),\n control_plane={\n \"ssh_config\": {\n \"authorized_key\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\",\n },\n \"subnet_id\": \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\",\n \"version\": versions.valid_versions[0],\n },\n fleet={\n \"project\": \"my-project-number\",\n },\n location=\"us-west1\",\n name=\"name\",\n networking={\n \"pod_address_cidr_blocks\": [\"10.200.0.0/16\"],\n \"service_address_cidr_blocks\": [\"10.32.0.0/24\"],\n \"virtual_network_id\": \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\",\n },\n resource_group_id=\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\",\n project=\"my-project-name\",\n logging_config={\n \"component_config\": {\n \"enable_components\": [\n \"system_components\",\n \"workloads\",\n ],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var versions = Gcp.Container.GetAzureVersions.Invoke(new()\n {\n Project = \"my-project-name\",\n Location = \"us-west1\",\n });\n\n var basic = new Gcp.Container.AzureClient(\"basic\", new()\n {\n ApplicationId = \"12345678-1234-1234-1234-123456789111\",\n Location = \"us-west1\",\n Name = \"client-name\",\n TenantId = \"12345678-1234-1234-1234-123456789111\",\n Project = \"my-project-name\",\n });\n\n var primary = new Gcp.Container.AzureCluster(\"primary\", new()\n {\n Authorization = new Gcp.Container.Inputs.AzureClusterAuthorizationArgs\n {\n AdminUsers = new[]\n {\n new Gcp.Container.Inputs.AzureClusterAuthorizationAdminUserArgs\n {\n Username = \"mmv2@google.com\",\n },\n },\n },\n AzureRegion = \"westus2\",\n Client = basic.Name.Apply(name =\u003e $\"projects/my-project-number/locations/us-west1/azureClients/{name}\"),\n ControlPlane = new Gcp.Container.Inputs.AzureClusterControlPlaneArgs\n {\n SshConfig = new Gcp.Container.Inputs.AzureClusterControlPlaneSshConfigArgs\n {\n AuthorizedKey = \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\",\n },\n SubnetId = \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\",\n Version = versions.Apply(getAzureVersionsResult =\u003e getAzureVersionsResult.ValidVersions[0]),\n },\n Fleet = new Gcp.Container.Inputs.AzureClusterFleetArgs\n {\n Project = \"my-project-number\",\n },\n Location = \"us-west1\",\n Name = \"name\",\n Networking = new Gcp.Container.Inputs.AzureClusterNetworkingArgs\n {\n PodAddressCidrBlocks = new[]\n {\n \"10.200.0.0/16\",\n },\n ServiceAddressCidrBlocks = new[]\n {\n \"10.32.0.0/24\",\n },\n VirtualNetworkId = \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\",\n },\n ResourceGroupId = \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\",\n Project = \"my-project-name\",\n LoggingConfig = new Gcp.Container.Inputs.AzureClusterLoggingConfigArgs\n {\n ComponentConfig = new Gcp.Container.Inputs.AzureClusterLoggingConfigComponentConfigArgs\n {\n EnableComponents = new[]\n {\n \"system_components\",\n \"workloads\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tversions, err := container.GetAzureVersions(ctx, \u0026container.GetAzureVersionsArgs{\n\t\t\tProject: pulumi.StringRef(\"my-project-name\"),\n\t\t\tLocation: pulumi.StringRef(\"us-west1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasic, err := container.NewAzureClient(ctx, \"basic\", \u0026container.AzureClientArgs{\n\t\t\tApplicationId: pulumi.String(\"12345678-1234-1234-1234-123456789111\"),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tName: pulumi.String(\"client-name\"),\n\t\t\tTenantId: pulumi.String(\"12345678-1234-1234-1234-123456789111\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = container.NewAzureCluster(ctx, \"primary\", \u0026container.AzureClusterArgs{\n\t\t\tAuthorization: \u0026container.AzureClusterAuthorizationArgs{\n\t\t\t\tAdminUsers: container.AzureClusterAuthorizationAdminUserArray{\n\t\t\t\t\t\u0026container.AzureClusterAuthorizationAdminUserArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"mmv2@google.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAzureRegion: pulumi.String(\"westus2\"),\n\t\t\tClient: basic.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/my-project-number/locations/us-west1/azureClients/%v\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tControlPlane: \u0026container.AzureClusterControlPlaneArgs{\n\t\t\t\tSshConfig: \u0026container.AzureClusterControlPlaneSshConfigArgs{\n\t\t\t\t\tAuthorizedKey: pulumi.String(\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\"),\n\t\t\t\t},\n\t\t\t\tSubnetId: pulumi.String(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\"),\n\t\t\t\tVersion: pulumi.String(versions.ValidVersions[0]),\n\t\t\t},\n\t\t\tFleet: \u0026container.AzureClusterFleetArgs{\n\t\t\t\tProject: pulumi.String(\"my-project-number\"),\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tName: pulumi.String(\"name\"),\n\t\t\tNetworking: \u0026container.AzureClusterNetworkingArgs{\n\t\t\t\tPodAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.200.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tServiceAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.32.0.0/24\"),\n\t\t\t\t},\n\t\t\t\tVirtualNetworkId: pulumi.String(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\"),\n\t\t\t},\n\t\t\tResourceGroupId: pulumi.String(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tLoggingConfig: \u0026container.AzureClusterLoggingConfigArgs{\n\t\t\t\tComponentConfig: \u0026container.AzureClusterLoggingConfigComponentConfigArgs{\n\t\t\t\t\tEnableComponents: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"system_components\"),\n\t\t\t\t\t\tpulumi.String(\"workloads\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetAzureVersionsArgs;\nimport com.pulumi.gcp.container.AzureClient;\nimport com.pulumi.gcp.container.AzureClientArgs;\nimport com.pulumi.gcp.container.AzureCluster;\nimport com.pulumi.gcp.container.AzureClusterArgs;\nimport com.pulumi.gcp.container.inputs.AzureClusterAuthorizationArgs;\nimport com.pulumi.gcp.container.inputs.AzureClusterControlPlaneArgs;\nimport com.pulumi.gcp.container.inputs.AzureClusterControlPlaneSshConfigArgs;\nimport com.pulumi.gcp.container.inputs.AzureClusterFleetArgs;\nimport com.pulumi.gcp.container.inputs.AzureClusterNetworkingArgs;\nimport com.pulumi.gcp.container.inputs.AzureClusterLoggingConfigArgs;\nimport com.pulumi.gcp.container.inputs.AzureClusterLoggingConfigComponentConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var versions = ContainerFunctions.getAzureVersions(GetAzureVersionsArgs.builder()\n .project(\"my-project-name\")\n .location(\"us-west1\")\n .build());\n\n var basic = new AzureClient(\"basic\", AzureClientArgs.builder()\n .applicationId(\"12345678-1234-1234-1234-123456789111\")\n .location(\"us-west1\")\n .name(\"client-name\")\n .tenantId(\"12345678-1234-1234-1234-123456789111\")\n .project(\"my-project-name\")\n .build());\n\n var primary = new AzureCluster(\"primary\", AzureClusterArgs.builder()\n .authorization(AzureClusterAuthorizationArgs.builder()\n .adminUsers(AzureClusterAuthorizationAdminUserArgs.builder()\n .username(\"mmv2@google.com\")\n .build())\n .build())\n .azureRegion(\"westus2\")\n .client(basic.name().applyValue(name -\u003e String.format(\"projects/my-project-number/locations/us-west1/azureClients/%s\", name)))\n .controlPlane(AzureClusterControlPlaneArgs.builder()\n .sshConfig(AzureClusterControlPlaneSshConfigArgs.builder()\n .authorizedKey(\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\")\n .build())\n .subnetId(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\")\n .version(versions.applyValue(getAzureVersionsResult -\u003e getAzureVersionsResult.validVersions()[0]))\n .build())\n .fleet(AzureClusterFleetArgs.builder()\n .project(\"my-project-number\")\n .build())\n .location(\"us-west1\")\n .name(\"name\")\n .networking(AzureClusterNetworkingArgs.builder()\n .podAddressCidrBlocks(\"10.200.0.0/16\")\n .serviceAddressCidrBlocks(\"10.32.0.0/24\")\n .virtualNetworkId(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\")\n .build())\n .resourceGroupId(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\")\n .project(\"my-project-name\")\n .loggingConfig(AzureClusterLoggingConfigArgs.builder()\n .componentConfig(AzureClusterLoggingConfigComponentConfigArgs.builder()\n .enableComponents( \n \"system_components\",\n \"workloads\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:AzureCluster\n properties:\n authorization:\n adminUsers:\n - username: mmv2@google.com\n azureRegion: westus2\n client: projects/my-project-number/locations/us-west1/azureClients/${basic.name}\n controlPlane:\n sshConfig:\n authorizedKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\n subnetId: /subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\n version: ${versions.validVersions[0]}\n fleet:\n project: my-project-number\n location: us-west1\n name: name\n networking:\n podAddressCidrBlocks:\n - 10.200.0.0/16\n serviceAddressCidrBlocks:\n - 10.32.0.0/24\n virtualNetworkId: /subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\n resourceGroupId: /subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\n project: my-project-name\n loggingConfig:\n componentConfig:\n enableComponents:\n - system_components\n - workloads\n basic:\n type: gcp:container:AzureClient\n properties:\n applicationId: 12345678-1234-1234-1234-123456789111\n location: us-west1\n name: client-name\n tenantId: 12345678-1234-1234-1234-123456789111\n project: my-project-name\nvariables:\n versions:\n fn::invoke:\n function: gcp:container:getAzureVersions\n arguments:\n project: my-project-name\n location: us-west1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nCluster can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/azureClusters/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Cluster can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:container/azureCluster:AzureCluster default projects/{{project}}/locations/{{location}}/azureClusters/{{name}}\n```\n\n```sh\n$ pulumi import gcp:container/azureCluster:AzureCluster default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:container/azureCluster:AzureCluster default {{location}}/{{name}}\n```\n\n", "properties": { "annotations": { "type": "object", @@ -186840,7 +186840,7 @@ } }, "gcp:container/azureNodePool:AzureNodePool": { - "description": "An Anthos node pool running on Azure.\n\nFor more information, see:\n* [Multicloud overview](https://cloud.google.com/kubernetes-engine/multi-cloud/docs)\n## Example Usage\n\n### Basic_azure_node_pool\nA basic example of a containerazure azure node pool\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst versions = gcp.container.getAzureVersions({\n project: \"my-project-name\",\n location: \"us-west1\",\n});\nconst basic = new gcp.container.AzureClient(\"basic\", {\n applicationId: \"12345678-1234-1234-1234-123456789111\",\n location: \"us-west1\",\n name: \"client-name\",\n tenantId: \"12345678-1234-1234-1234-123456789111\",\n project: \"my-project-name\",\n});\nconst primary = new gcp.container.AzureCluster(\"primary\", {\n authorization: {\n adminUsers: [{\n username: \"mmv2@google.com\",\n }],\n },\n azureRegion: \"westus2\",\n client: pulumi.interpolate`projects/my-project-number/locations/us-west1/azureClients/${basic.name}`,\n controlPlane: {\n sshConfig: {\n authorizedKey: \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\",\n },\n subnetId: \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\",\n version: versions.then(versions =\u003e versions.validVersions?.[0]),\n },\n fleet: {\n project: \"my-project-number\",\n },\n location: \"us-west1\",\n name: \"name\",\n networking: {\n podAddressCidrBlocks: [\"10.200.0.0/16\"],\n serviceAddressCidrBlocks: [\"10.32.0.0/24\"],\n virtualNetworkId: \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\",\n },\n resourceGroupId: \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\",\n project: \"my-project-name\",\n});\nconst primaryAzureNodePool = new gcp.container.AzureNodePool(\"primary\", {\n autoscaling: {\n maxNodeCount: 3,\n minNodeCount: 2,\n },\n cluster: primary.name,\n config: {\n sshConfig: {\n authorizedKey: \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\",\n },\n proxyConfig: {\n resourceGroupId: \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\",\n secretId: \"https://my--dev-keyvault.vault.azure.net/secrets/my--dev-secret/0000000000000000000000000000000000\",\n },\n rootVolume: {\n sizeGib: 32,\n },\n tags: {\n owner: \"mmv2\",\n },\n labels: {\n key_one: \"label_one\",\n },\n vmSize: \"Standard_DS2_v2\",\n },\n location: \"us-west1\",\n maxPodsConstraint: {\n maxPodsPerNode: 110,\n },\n name: \"node-pool-name\",\n subnetId: \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\",\n version: versions.then(versions =\u003e versions.validVersions?.[0]),\n annotations: {\n \"annotation-one\": \"value-one\",\n },\n management: {\n autoRepair: true,\n },\n project: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nversions = gcp.container.get_azure_versions(project=\"my-project-name\",\n location=\"us-west1\")\nbasic = gcp.container.AzureClient(\"basic\",\n application_id=\"12345678-1234-1234-1234-123456789111\",\n location=\"us-west1\",\n name=\"client-name\",\n tenant_id=\"12345678-1234-1234-1234-123456789111\",\n project=\"my-project-name\")\nprimary = gcp.container.AzureCluster(\"primary\",\n authorization={\n \"admin_users\": [{\n \"username\": \"mmv2@google.com\",\n }],\n },\n azure_region=\"westus2\",\n client=basic.name.apply(lambda name: f\"projects/my-project-number/locations/us-west1/azureClients/{name}\"),\n control_plane={\n \"ssh_config\": {\n \"authorized_key\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\",\n },\n \"subnet_id\": \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\",\n \"version\": versions.valid_versions[0],\n },\n fleet={\n \"project\": \"my-project-number\",\n },\n location=\"us-west1\",\n name=\"name\",\n networking={\n \"pod_address_cidr_blocks\": [\"10.200.0.0/16\"],\n \"service_address_cidr_blocks\": [\"10.32.0.0/24\"],\n \"virtual_network_id\": \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\",\n },\n resource_group_id=\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\",\n project=\"my-project-name\")\nprimary_azure_node_pool = gcp.container.AzureNodePool(\"primary\",\n autoscaling={\n \"max_node_count\": 3,\n \"min_node_count\": 2,\n },\n cluster=primary.name,\n config={\n \"ssh_config\": {\n \"authorized_key\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\",\n },\n \"proxy_config\": {\n \"resource_group_id\": \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\",\n \"secret_id\": \"https://my--dev-keyvault.vault.azure.net/secrets/my--dev-secret/0000000000000000000000000000000000\",\n },\n \"root_volume\": {\n \"size_gib\": 32,\n },\n \"tags\": {\n \"owner\": \"mmv2\",\n },\n \"labels\": {\n \"key_one\": \"label_one\",\n },\n \"vm_size\": \"Standard_DS2_v2\",\n },\n location=\"us-west1\",\n max_pods_constraint={\n \"max_pods_per_node\": 110,\n },\n name=\"node-pool-name\",\n subnet_id=\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\",\n version=versions.valid_versions[0],\n annotations={\n \"annotation-one\": \"value-one\",\n },\n management={\n \"auto_repair\": True,\n },\n project=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var versions = Gcp.Container.GetAzureVersions.Invoke(new()\n {\n Project = \"my-project-name\",\n Location = \"us-west1\",\n });\n\n var basic = new Gcp.Container.AzureClient(\"basic\", new()\n {\n ApplicationId = \"12345678-1234-1234-1234-123456789111\",\n Location = \"us-west1\",\n Name = \"client-name\",\n TenantId = \"12345678-1234-1234-1234-123456789111\",\n Project = \"my-project-name\",\n });\n\n var primary = new Gcp.Container.AzureCluster(\"primary\", new()\n {\n Authorization = new Gcp.Container.Inputs.AzureClusterAuthorizationArgs\n {\n AdminUsers = new[]\n {\n new Gcp.Container.Inputs.AzureClusterAuthorizationAdminUserArgs\n {\n Username = \"mmv2@google.com\",\n },\n },\n },\n AzureRegion = \"westus2\",\n Client = basic.Name.Apply(name =\u003e $\"projects/my-project-number/locations/us-west1/azureClients/{name}\"),\n ControlPlane = new Gcp.Container.Inputs.AzureClusterControlPlaneArgs\n {\n SshConfig = new Gcp.Container.Inputs.AzureClusterControlPlaneSshConfigArgs\n {\n AuthorizedKey = \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\",\n },\n SubnetId = \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\",\n Version = versions.Apply(getAzureVersionsResult =\u003e getAzureVersionsResult.ValidVersions[0]),\n },\n Fleet = new Gcp.Container.Inputs.AzureClusterFleetArgs\n {\n Project = \"my-project-number\",\n },\n Location = \"us-west1\",\n Name = \"name\",\n Networking = new Gcp.Container.Inputs.AzureClusterNetworkingArgs\n {\n PodAddressCidrBlocks = new[]\n {\n \"10.200.0.0/16\",\n },\n ServiceAddressCidrBlocks = new[]\n {\n \"10.32.0.0/24\",\n },\n VirtualNetworkId = \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\",\n },\n ResourceGroupId = \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\",\n Project = \"my-project-name\",\n });\n\n var primaryAzureNodePool = new Gcp.Container.AzureNodePool(\"primary\", new()\n {\n Autoscaling = new Gcp.Container.Inputs.AzureNodePoolAutoscalingArgs\n {\n MaxNodeCount = 3,\n MinNodeCount = 2,\n },\n Cluster = primary.Name,\n Config = new Gcp.Container.Inputs.AzureNodePoolConfigArgs\n {\n SshConfig = new Gcp.Container.Inputs.AzureNodePoolConfigSshConfigArgs\n {\n AuthorizedKey = \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\",\n },\n ProxyConfig = new Gcp.Container.Inputs.AzureNodePoolConfigProxyConfigArgs\n {\n ResourceGroupId = \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\",\n SecretId = \"https://my--dev-keyvault.vault.azure.net/secrets/my--dev-secret/0000000000000000000000000000000000\",\n },\n RootVolume = new Gcp.Container.Inputs.AzureNodePoolConfigRootVolumeArgs\n {\n SizeGib = 32,\n },\n Tags = \n {\n { \"owner\", \"mmv2\" },\n },\n Labels = \n {\n { \"key_one\", \"label_one\" },\n },\n VmSize = \"Standard_DS2_v2\",\n },\n Location = \"us-west1\",\n MaxPodsConstraint = new Gcp.Container.Inputs.AzureNodePoolMaxPodsConstraintArgs\n {\n MaxPodsPerNode = 110,\n },\n Name = \"node-pool-name\",\n SubnetId = \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\",\n Version = versions.Apply(getAzureVersionsResult =\u003e getAzureVersionsResult.ValidVersions[0]),\n Annotations = \n {\n { \"annotation-one\", \"value-one\" },\n },\n Management = new Gcp.Container.Inputs.AzureNodePoolManagementArgs\n {\n AutoRepair = true,\n },\n Project = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tversions, err := container.GetAzureVersions(ctx, \u0026container.GetAzureVersionsArgs{\n\t\t\tProject: pulumi.StringRef(\"my-project-name\"),\n\t\t\tLocation: pulumi.StringRef(\"us-west1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasic, err := container.NewAzureClient(ctx, \"basic\", \u0026container.AzureClientArgs{\n\t\t\tApplicationId: pulumi.String(\"12345678-1234-1234-1234-123456789111\"),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tName: pulumi.String(\"client-name\"),\n\t\t\tTenantId: pulumi.String(\"12345678-1234-1234-1234-123456789111\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimary, err := container.NewAzureCluster(ctx, \"primary\", \u0026container.AzureClusterArgs{\n\t\t\tAuthorization: \u0026container.AzureClusterAuthorizationArgs{\n\t\t\t\tAdminUsers: container.AzureClusterAuthorizationAdminUserArray{\n\t\t\t\t\t\u0026container.AzureClusterAuthorizationAdminUserArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"mmv2@google.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAzureRegion: pulumi.String(\"westus2\"),\n\t\t\tClient: basic.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/my-project-number/locations/us-west1/azureClients/%v\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tControlPlane: \u0026container.AzureClusterControlPlaneArgs{\n\t\t\t\tSshConfig: \u0026container.AzureClusterControlPlaneSshConfigArgs{\n\t\t\t\t\tAuthorizedKey: pulumi.String(\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\"),\n\t\t\t\t},\n\t\t\t\tSubnetId: pulumi.String(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\"),\n\t\t\t\tVersion: pulumi.String(versions.ValidVersions[0]),\n\t\t\t},\n\t\t\tFleet: \u0026container.AzureClusterFleetArgs{\n\t\t\t\tProject: pulumi.String(\"my-project-number\"),\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tName: pulumi.String(\"name\"),\n\t\t\tNetworking: \u0026container.AzureClusterNetworkingArgs{\n\t\t\t\tPodAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.200.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tServiceAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.32.0.0/24\"),\n\t\t\t\t},\n\t\t\t\tVirtualNetworkId: pulumi.String(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\"),\n\t\t\t},\n\t\t\tResourceGroupId: pulumi.String(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = container.NewAzureNodePool(ctx, \"primary\", \u0026container.AzureNodePoolArgs{\n\t\t\tAutoscaling: \u0026container.AzureNodePoolAutoscalingArgs{\n\t\t\t\tMaxNodeCount: pulumi.Int(3),\n\t\t\t\tMinNodeCount: pulumi.Int(2),\n\t\t\t},\n\t\t\tCluster: primary.Name,\n\t\t\tConfig: \u0026container.AzureNodePoolConfigArgs{\n\t\t\t\tSshConfig: \u0026container.AzureNodePoolConfigSshConfigArgs{\n\t\t\t\t\tAuthorizedKey: pulumi.String(\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\"),\n\t\t\t\t},\n\t\t\t\tProxyConfig: \u0026container.AzureNodePoolConfigProxyConfigArgs{\n\t\t\t\t\tResourceGroupId: pulumi.String(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\"),\n\t\t\t\t\tSecretId: pulumi.String(\"https://my--dev-keyvault.vault.azure.net/secrets/my--dev-secret/0000000000000000000000000000000000\"),\n\t\t\t\t},\n\t\t\t\tRootVolume: \u0026container.AzureNodePoolConfigRootVolumeArgs{\n\t\t\t\t\tSizeGib: pulumi.Int(32),\n\t\t\t\t},\n\t\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\t\"owner\": pulumi.String(\"mmv2\"),\n\t\t\t\t},\n\t\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\t\"key_one\": pulumi.String(\"label_one\"),\n\t\t\t\t},\n\t\t\t\tVmSize: pulumi.String(\"Standard_DS2_v2\"),\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tMaxPodsConstraint: \u0026container.AzureNodePoolMaxPodsConstraintArgs{\n\t\t\t\tMaxPodsPerNode: pulumi.Int(110),\n\t\t\t},\n\t\t\tName: pulumi.String(\"node-pool-name\"),\n\t\t\tSubnetId: pulumi.String(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\"),\n\t\t\tVersion: pulumi.String(versions.ValidVersions[0]),\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"annotation-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tManagement: \u0026container.AzureNodePoolManagementArgs{\n\t\t\t\tAutoRepair: pulumi.Bool(true),\n\t\t\t},\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetAzureVersionsArgs;\nimport com.pulumi.gcp.container.AzureClient;\nimport com.pulumi.gcp.container.AzureClientArgs;\nimport com.pulumi.gcp.container.AzureCluster;\nimport com.pulumi.gcp.container.AzureClusterArgs;\nimport com.pulumi.gcp.container.inputs.AzureClusterAuthorizationArgs;\nimport com.pulumi.gcp.container.inputs.AzureClusterControlPlaneArgs;\nimport com.pulumi.gcp.container.inputs.AzureClusterControlPlaneSshConfigArgs;\nimport com.pulumi.gcp.container.inputs.AzureClusterFleetArgs;\nimport com.pulumi.gcp.container.inputs.AzureClusterNetworkingArgs;\nimport com.pulumi.gcp.container.AzureNodePool;\nimport com.pulumi.gcp.container.AzureNodePoolArgs;\nimport com.pulumi.gcp.container.inputs.AzureNodePoolAutoscalingArgs;\nimport com.pulumi.gcp.container.inputs.AzureNodePoolConfigArgs;\nimport com.pulumi.gcp.container.inputs.AzureNodePoolConfigSshConfigArgs;\nimport com.pulumi.gcp.container.inputs.AzureNodePoolConfigProxyConfigArgs;\nimport com.pulumi.gcp.container.inputs.AzureNodePoolConfigRootVolumeArgs;\nimport com.pulumi.gcp.container.inputs.AzureNodePoolMaxPodsConstraintArgs;\nimport com.pulumi.gcp.container.inputs.AzureNodePoolManagementArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var versions = ContainerFunctions.getAzureVersions(GetAzureVersionsArgs.builder()\n .project(\"my-project-name\")\n .location(\"us-west1\")\n .build());\n\n var basic = new AzureClient(\"basic\", AzureClientArgs.builder()\n .applicationId(\"12345678-1234-1234-1234-123456789111\")\n .location(\"us-west1\")\n .name(\"client-name\")\n .tenantId(\"12345678-1234-1234-1234-123456789111\")\n .project(\"my-project-name\")\n .build());\n\n var primary = new AzureCluster(\"primary\", AzureClusterArgs.builder()\n .authorization(AzureClusterAuthorizationArgs.builder()\n .adminUsers(AzureClusterAuthorizationAdminUserArgs.builder()\n .username(\"mmv2@google.com\")\n .build())\n .build())\n .azureRegion(\"westus2\")\n .client(basic.name().applyValue(name -\u003e String.format(\"projects/my-project-number/locations/us-west1/azureClients/%s\", name)))\n .controlPlane(AzureClusterControlPlaneArgs.builder()\n .sshConfig(AzureClusterControlPlaneSshConfigArgs.builder()\n .authorizedKey(\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\")\n .build())\n .subnetId(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\")\n .version(versions.applyValue(getAzureVersionsResult -\u003e getAzureVersionsResult.validVersions()[0]))\n .build())\n .fleet(AzureClusterFleetArgs.builder()\n .project(\"my-project-number\")\n .build())\n .location(\"us-west1\")\n .name(\"name\")\n .networking(AzureClusterNetworkingArgs.builder()\n .podAddressCidrBlocks(\"10.200.0.0/16\")\n .serviceAddressCidrBlocks(\"10.32.0.0/24\")\n .virtualNetworkId(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\")\n .build())\n .resourceGroupId(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\")\n .project(\"my-project-name\")\n .build());\n\n var primaryAzureNodePool = new AzureNodePool(\"primaryAzureNodePool\", AzureNodePoolArgs.builder()\n .autoscaling(AzureNodePoolAutoscalingArgs.builder()\n .maxNodeCount(3)\n .minNodeCount(2)\n .build())\n .cluster(primary.name())\n .config(AzureNodePoolConfigArgs.builder()\n .sshConfig(AzureNodePoolConfigSshConfigArgs.builder()\n .authorizedKey(\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\")\n .build())\n .proxyConfig(AzureNodePoolConfigProxyConfigArgs.builder()\n .resourceGroupId(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\")\n .secretId(\"https://my--dev-keyvault.vault.azure.net/secrets/my--dev-secret/0000000000000000000000000000000000\")\n .build())\n .rootVolume(AzureNodePoolConfigRootVolumeArgs.builder()\n .sizeGib(32)\n .build())\n .tags(Map.of(\"owner\", \"mmv2\"))\n .labels(Map.of(\"key_one\", \"label_one\"))\n .vmSize(\"Standard_DS2_v2\")\n .build())\n .location(\"us-west1\")\n .maxPodsConstraint(AzureNodePoolMaxPodsConstraintArgs.builder()\n .maxPodsPerNode(110)\n .build())\n .name(\"node-pool-name\")\n .subnetId(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\")\n .version(versions.applyValue(getAzureVersionsResult -\u003e getAzureVersionsResult.validVersions()[0]))\n .annotations(Map.of(\"annotation-one\", \"value-one\"))\n .management(AzureNodePoolManagementArgs.builder()\n .autoRepair(true)\n .build())\n .project(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:AzureCluster\n properties:\n authorization:\n adminUsers:\n - username: mmv2@google.com\n azureRegion: westus2\n client: projects/my-project-number/locations/us-west1/azureClients/${basic.name}\n controlPlane:\n sshConfig:\n authorizedKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\n subnetId: /subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\n version: ${versions.validVersions[0]}\n fleet:\n project: my-project-number\n location: us-west1\n name: name\n networking:\n podAddressCidrBlocks:\n - 10.200.0.0/16\n serviceAddressCidrBlocks:\n - 10.32.0.0/24\n virtualNetworkId: /subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\n resourceGroupId: /subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\n project: my-project-name\n basic:\n type: gcp:container:AzureClient\n properties:\n applicationId: 12345678-1234-1234-1234-123456789111\n location: us-west1\n name: client-name\n tenantId: 12345678-1234-1234-1234-123456789111\n project: my-project-name\n primaryAzureNodePool:\n type: gcp:container:AzureNodePool\n name: primary\n properties:\n autoscaling:\n maxNodeCount: 3\n minNodeCount: 2\n cluster: ${primary.name}\n config:\n sshConfig:\n authorizedKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\n proxyConfig:\n resourceGroupId: /subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\n secretId: https://my--dev-keyvault.vault.azure.net/secrets/my--dev-secret/0000000000000000000000000000000000\n rootVolume:\n sizeGib: 32\n tags:\n owner: mmv2\n labels:\n key_one: label_one\n vmSize: Standard_DS2_v2\n location: us-west1\n maxPodsConstraint:\n maxPodsPerNode: 110\n name: node-pool-name\n subnetId: /subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\n version: ${versions.validVersions[0]}\n annotations:\n annotation-one: value-one\n management:\n autoRepair: true\n project: my-project-name\nvariables:\n versions:\n fn::invoke:\n Function: gcp:container:getAzureVersions\n Arguments:\n project: my-project-name\n location: us-west1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nNodePool can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/azureClusters/{{cluster}}/azureNodePools/{{name}}`\n\n* `{{project}}/{{location}}/{{cluster}}/{{name}}`\n\n* `{{location}}/{{cluster}}/{{name}}`\n\nWhen using the `pulumi import` command, NodePool can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:container/azureNodePool:AzureNodePool default projects/{{project}}/locations/{{location}}/azureClusters/{{cluster}}/azureNodePools/{{name}}\n```\n\n```sh\n$ pulumi import gcp:container/azureNodePool:AzureNodePool default {{project}}/{{location}}/{{cluster}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:container/azureNodePool:AzureNodePool default {{location}}/{{cluster}}/{{name}}\n```\n\n", + "description": "An Anthos node pool running on Azure.\n\nFor more information, see:\n* [Multicloud overview](https://cloud.google.com/kubernetes-engine/multi-cloud/docs)\n## Example Usage\n\n### Basic_azure_node_pool\nA basic example of a containerazure azure node pool\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst versions = gcp.container.getAzureVersions({\n project: \"my-project-name\",\n location: \"us-west1\",\n});\nconst basic = new gcp.container.AzureClient(\"basic\", {\n applicationId: \"12345678-1234-1234-1234-123456789111\",\n location: \"us-west1\",\n name: \"client-name\",\n tenantId: \"12345678-1234-1234-1234-123456789111\",\n project: \"my-project-name\",\n});\nconst primary = new gcp.container.AzureCluster(\"primary\", {\n authorization: {\n adminUsers: [{\n username: \"mmv2@google.com\",\n }],\n },\n azureRegion: \"westus2\",\n client: pulumi.interpolate`projects/my-project-number/locations/us-west1/azureClients/${basic.name}`,\n controlPlane: {\n sshConfig: {\n authorizedKey: \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\",\n },\n subnetId: \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\",\n version: versions.then(versions =\u003e versions.validVersions?.[0]),\n },\n fleet: {\n project: \"my-project-number\",\n },\n location: \"us-west1\",\n name: \"name\",\n networking: {\n podAddressCidrBlocks: [\"10.200.0.0/16\"],\n serviceAddressCidrBlocks: [\"10.32.0.0/24\"],\n virtualNetworkId: \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\",\n },\n resourceGroupId: \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\",\n project: \"my-project-name\",\n});\nconst primaryAzureNodePool = new gcp.container.AzureNodePool(\"primary\", {\n autoscaling: {\n maxNodeCount: 3,\n minNodeCount: 2,\n },\n cluster: primary.name,\n config: {\n sshConfig: {\n authorizedKey: \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\",\n },\n proxyConfig: {\n resourceGroupId: \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\",\n secretId: \"https://my--dev-keyvault.vault.azure.net/secrets/my--dev-secret/0000000000000000000000000000000000\",\n },\n rootVolume: {\n sizeGib: 32,\n },\n tags: {\n owner: \"mmv2\",\n },\n labels: {\n key_one: \"label_one\",\n },\n vmSize: \"Standard_DS2_v2\",\n },\n location: \"us-west1\",\n maxPodsConstraint: {\n maxPodsPerNode: 110,\n },\n name: \"node-pool-name\",\n subnetId: \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\",\n version: versions.then(versions =\u003e versions.validVersions?.[0]),\n annotations: {\n \"annotation-one\": \"value-one\",\n },\n management: {\n autoRepair: true,\n },\n project: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nversions = gcp.container.get_azure_versions(project=\"my-project-name\",\n location=\"us-west1\")\nbasic = gcp.container.AzureClient(\"basic\",\n application_id=\"12345678-1234-1234-1234-123456789111\",\n location=\"us-west1\",\n name=\"client-name\",\n tenant_id=\"12345678-1234-1234-1234-123456789111\",\n project=\"my-project-name\")\nprimary = gcp.container.AzureCluster(\"primary\",\n authorization={\n \"admin_users\": [{\n \"username\": \"mmv2@google.com\",\n }],\n },\n azure_region=\"westus2\",\n client=basic.name.apply(lambda name: f\"projects/my-project-number/locations/us-west1/azureClients/{name}\"),\n control_plane={\n \"ssh_config\": {\n \"authorized_key\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\",\n },\n \"subnet_id\": \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\",\n \"version\": versions.valid_versions[0],\n },\n fleet={\n \"project\": \"my-project-number\",\n },\n location=\"us-west1\",\n name=\"name\",\n networking={\n \"pod_address_cidr_blocks\": [\"10.200.0.0/16\"],\n \"service_address_cidr_blocks\": [\"10.32.0.0/24\"],\n \"virtual_network_id\": \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\",\n },\n resource_group_id=\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\",\n project=\"my-project-name\")\nprimary_azure_node_pool = gcp.container.AzureNodePool(\"primary\",\n autoscaling={\n \"max_node_count\": 3,\n \"min_node_count\": 2,\n },\n cluster=primary.name,\n config={\n \"ssh_config\": {\n \"authorized_key\": \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\",\n },\n \"proxy_config\": {\n \"resource_group_id\": \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\",\n \"secret_id\": \"https://my--dev-keyvault.vault.azure.net/secrets/my--dev-secret/0000000000000000000000000000000000\",\n },\n \"root_volume\": {\n \"size_gib\": 32,\n },\n \"tags\": {\n \"owner\": \"mmv2\",\n },\n \"labels\": {\n \"key_one\": \"label_one\",\n },\n \"vm_size\": \"Standard_DS2_v2\",\n },\n location=\"us-west1\",\n max_pods_constraint={\n \"max_pods_per_node\": 110,\n },\n name=\"node-pool-name\",\n subnet_id=\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\",\n version=versions.valid_versions[0],\n annotations={\n \"annotation-one\": \"value-one\",\n },\n management={\n \"auto_repair\": True,\n },\n project=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var versions = Gcp.Container.GetAzureVersions.Invoke(new()\n {\n Project = \"my-project-name\",\n Location = \"us-west1\",\n });\n\n var basic = new Gcp.Container.AzureClient(\"basic\", new()\n {\n ApplicationId = \"12345678-1234-1234-1234-123456789111\",\n Location = \"us-west1\",\n Name = \"client-name\",\n TenantId = \"12345678-1234-1234-1234-123456789111\",\n Project = \"my-project-name\",\n });\n\n var primary = new Gcp.Container.AzureCluster(\"primary\", new()\n {\n Authorization = new Gcp.Container.Inputs.AzureClusterAuthorizationArgs\n {\n AdminUsers = new[]\n {\n new Gcp.Container.Inputs.AzureClusterAuthorizationAdminUserArgs\n {\n Username = \"mmv2@google.com\",\n },\n },\n },\n AzureRegion = \"westus2\",\n Client = basic.Name.Apply(name =\u003e $\"projects/my-project-number/locations/us-west1/azureClients/{name}\"),\n ControlPlane = new Gcp.Container.Inputs.AzureClusterControlPlaneArgs\n {\n SshConfig = new Gcp.Container.Inputs.AzureClusterControlPlaneSshConfigArgs\n {\n AuthorizedKey = \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\",\n },\n SubnetId = \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\",\n Version = versions.Apply(getAzureVersionsResult =\u003e getAzureVersionsResult.ValidVersions[0]),\n },\n Fleet = new Gcp.Container.Inputs.AzureClusterFleetArgs\n {\n Project = \"my-project-number\",\n },\n Location = \"us-west1\",\n Name = \"name\",\n Networking = new Gcp.Container.Inputs.AzureClusterNetworkingArgs\n {\n PodAddressCidrBlocks = new[]\n {\n \"10.200.0.0/16\",\n },\n ServiceAddressCidrBlocks = new[]\n {\n \"10.32.0.0/24\",\n },\n VirtualNetworkId = \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\",\n },\n ResourceGroupId = \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\",\n Project = \"my-project-name\",\n });\n\n var primaryAzureNodePool = new Gcp.Container.AzureNodePool(\"primary\", new()\n {\n Autoscaling = new Gcp.Container.Inputs.AzureNodePoolAutoscalingArgs\n {\n MaxNodeCount = 3,\n MinNodeCount = 2,\n },\n Cluster = primary.Name,\n Config = new Gcp.Container.Inputs.AzureNodePoolConfigArgs\n {\n SshConfig = new Gcp.Container.Inputs.AzureNodePoolConfigSshConfigArgs\n {\n AuthorizedKey = \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\",\n },\n ProxyConfig = new Gcp.Container.Inputs.AzureNodePoolConfigProxyConfigArgs\n {\n ResourceGroupId = \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\",\n SecretId = \"https://my--dev-keyvault.vault.azure.net/secrets/my--dev-secret/0000000000000000000000000000000000\",\n },\n RootVolume = new Gcp.Container.Inputs.AzureNodePoolConfigRootVolumeArgs\n {\n SizeGib = 32,\n },\n Tags = \n {\n { \"owner\", \"mmv2\" },\n },\n Labels = \n {\n { \"key_one\", \"label_one\" },\n },\n VmSize = \"Standard_DS2_v2\",\n },\n Location = \"us-west1\",\n MaxPodsConstraint = new Gcp.Container.Inputs.AzureNodePoolMaxPodsConstraintArgs\n {\n MaxPodsPerNode = 110,\n },\n Name = \"node-pool-name\",\n SubnetId = \"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\",\n Version = versions.Apply(getAzureVersionsResult =\u003e getAzureVersionsResult.ValidVersions[0]),\n Annotations = \n {\n { \"annotation-one\", \"value-one\" },\n },\n Management = new Gcp.Container.Inputs.AzureNodePoolManagementArgs\n {\n AutoRepair = true,\n },\n Project = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tversions, err := container.GetAzureVersions(ctx, \u0026container.GetAzureVersionsArgs{\n\t\t\tProject: pulumi.StringRef(\"my-project-name\"),\n\t\t\tLocation: pulumi.StringRef(\"us-west1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasic, err := container.NewAzureClient(ctx, \"basic\", \u0026container.AzureClientArgs{\n\t\t\tApplicationId: pulumi.String(\"12345678-1234-1234-1234-123456789111\"),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tName: pulumi.String(\"client-name\"),\n\t\t\tTenantId: pulumi.String(\"12345678-1234-1234-1234-123456789111\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimary, err := container.NewAzureCluster(ctx, \"primary\", \u0026container.AzureClusterArgs{\n\t\t\tAuthorization: \u0026container.AzureClusterAuthorizationArgs{\n\t\t\t\tAdminUsers: container.AzureClusterAuthorizationAdminUserArray{\n\t\t\t\t\t\u0026container.AzureClusterAuthorizationAdminUserArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"mmv2@google.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAzureRegion: pulumi.String(\"westus2\"),\n\t\t\tClient: basic.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/my-project-number/locations/us-west1/azureClients/%v\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tControlPlane: \u0026container.AzureClusterControlPlaneArgs{\n\t\t\t\tSshConfig: \u0026container.AzureClusterControlPlaneSshConfigArgs{\n\t\t\t\t\tAuthorizedKey: pulumi.String(\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\"),\n\t\t\t\t},\n\t\t\t\tSubnetId: pulumi.String(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\"),\n\t\t\t\tVersion: pulumi.String(versions.ValidVersions[0]),\n\t\t\t},\n\t\t\tFleet: \u0026container.AzureClusterFleetArgs{\n\t\t\t\tProject: pulumi.String(\"my-project-number\"),\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tName: pulumi.String(\"name\"),\n\t\t\tNetworking: \u0026container.AzureClusterNetworkingArgs{\n\t\t\t\tPodAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.200.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tServiceAddressCidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.32.0.0/24\"),\n\t\t\t\t},\n\t\t\t\tVirtualNetworkId: pulumi.String(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\"),\n\t\t\t},\n\t\t\tResourceGroupId: pulumi.String(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = container.NewAzureNodePool(ctx, \"primary\", \u0026container.AzureNodePoolArgs{\n\t\t\tAutoscaling: \u0026container.AzureNodePoolAutoscalingArgs{\n\t\t\t\tMaxNodeCount: pulumi.Int(3),\n\t\t\t\tMinNodeCount: pulumi.Int(2),\n\t\t\t},\n\t\t\tCluster: primary.Name,\n\t\t\tConfig: \u0026container.AzureNodePoolConfigArgs{\n\t\t\t\tSshConfig: \u0026container.AzureNodePoolConfigSshConfigArgs{\n\t\t\t\t\tAuthorizedKey: pulumi.String(\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\"),\n\t\t\t\t},\n\t\t\t\tProxyConfig: \u0026container.AzureNodePoolConfigProxyConfigArgs{\n\t\t\t\t\tResourceGroupId: pulumi.String(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\"),\n\t\t\t\t\tSecretId: pulumi.String(\"https://my--dev-keyvault.vault.azure.net/secrets/my--dev-secret/0000000000000000000000000000000000\"),\n\t\t\t\t},\n\t\t\t\tRootVolume: \u0026container.AzureNodePoolConfigRootVolumeArgs{\n\t\t\t\t\tSizeGib: pulumi.Int(32),\n\t\t\t\t},\n\t\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\t\"owner\": pulumi.String(\"mmv2\"),\n\t\t\t\t},\n\t\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\t\"key_one\": pulumi.String(\"label_one\"),\n\t\t\t\t},\n\t\t\t\tVmSize: pulumi.String(\"Standard_DS2_v2\"),\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tMaxPodsConstraint: \u0026container.AzureNodePoolMaxPodsConstraintArgs{\n\t\t\t\tMaxPodsPerNode: pulumi.Int(110),\n\t\t\t},\n\t\t\tName: pulumi.String(\"node-pool-name\"),\n\t\t\tSubnetId: pulumi.String(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\"),\n\t\t\tVersion: pulumi.String(versions.ValidVersions[0]),\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"annotation-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tManagement: \u0026container.AzureNodePoolManagementArgs{\n\t\t\t\tAutoRepair: pulumi.Bool(true),\n\t\t\t},\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetAzureVersionsArgs;\nimport com.pulumi.gcp.container.AzureClient;\nimport com.pulumi.gcp.container.AzureClientArgs;\nimport com.pulumi.gcp.container.AzureCluster;\nimport com.pulumi.gcp.container.AzureClusterArgs;\nimport com.pulumi.gcp.container.inputs.AzureClusterAuthorizationArgs;\nimport com.pulumi.gcp.container.inputs.AzureClusterControlPlaneArgs;\nimport com.pulumi.gcp.container.inputs.AzureClusterControlPlaneSshConfigArgs;\nimport com.pulumi.gcp.container.inputs.AzureClusterFleetArgs;\nimport com.pulumi.gcp.container.inputs.AzureClusterNetworkingArgs;\nimport com.pulumi.gcp.container.AzureNodePool;\nimport com.pulumi.gcp.container.AzureNodePoolArgs;\nimport com.pulumi.gcp.container.inputs.AzureNodePoolAutoscalingArgs;\nimport com.pulumi.gcp.container.inputs.AzureNodePoolConfigArgs;\nimport com.pulumi.gcp.container.inputs.AzureNodePoolConfigSshConfigArgs;\nimport com.pulumi.gcp.container.inputs.AzureNodePoolConfigProxyConfigArgs;\nimport com.pulumi.gcp.container.inputs.AzureNodePoolConfigRootVolumeArgs;\nimport com.pulumi.gcp.container.inputs.AzureNodePoolMaxPodsConstraintArgs;\nimport com.pulumi.gcp.container.inputs.AzureNodePoolManagementArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var versions = ContainerFunctions.getAzureVersions(GetAzureVersionsArgs.builder()\n .project(\"my-project-name\")\n .location(\"us-west1\")\n .build());\n\n var basic = new AzureClient(\"basic\", AzureClientArgs.builder()\n .applicationId(\"12345678-1234-1234-1234-123456789111\")\n .location(\"us-west1\")\n .name(\"client-name\")\n .tenantId(\"12345678-1234-1234-1234-123456789111\")\n .project(\"my-project-name\")\n .build());\n\n var primary = new AzureCluster(\"primary\", AzureClusterArgs.builder()\n .authorization(AzureClusterAuthorizationArgs.builder()\n .adminUsers(AzureClusterAuthorizationAdminUserArgs.builder()\n .username(\"mmv2@google.com\")\n .build())\n .build())\n .azureRegion(\"westus2\")\n .client(basic.name().applyValue(name -\u003e String.format(\"projects/my-project-number/locations/us-west1/azureClients/%s\", name)))\n .controlPlane(AzureClusterControlPlaneArgs.builder()\n .sshConfig(AzureClusterControlPlaneSshConfigArgs.builder()\n .authorizedKey(\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\")\n .build())\n .subnetId(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\")\n .version(versions.applyValue(getAzureVersionsResult -\u003e getAzureVersionsResult.validVersions()[0]))\n .build())\n .fleet(AzureClusterFleetArgs.builder()\n .project(\"my-project-number\")\n .build())\n .location(\"us-west1\")\n .name(\"name\")\n .networking(AzureClusterNetworkingArgs.builder()\n .podAddressCidrBlocks(\"10.200.0.0/16\")\n .serviceAddressCidrBlocks(\"10.32.0.0/24\")\n .virtualNetworkId(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\")\n .build())\n .resourceGroupId(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\")\n .project(\"my-project-name\")\n .build());\n\n var primaryAzureNodePool = new AzureNodePool(\"primaryAzureNodePool\", AzureNodePoolArgs.builder()\n .autoscaling(AzureNodePoolAutoscalingArgs.builder()\n .maxNodeCount(3)\n .minNodeCount(2)\n .build())\n .cluster(primary.name())\n .config(AzureNodePoolConfigArgs.builder()\n .sshConfig(AzureNodePoolConfigSshConfigArgs.builder()\n .authorizedKey(\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\")\n .build())\n .proxyConfig(AzureNodePoolConfigProxyConfigArgs.builder()\n .resourceGroupId(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\")\n .secretId(\"https://my--dev-keyvault.vault.azure.net/secrets/my--dev-secret/0000000000000000000000000000000000\")\n .build())\n .rootVolume(AzureNodePoolConfigRootVolumeArgs.builder()\n .sizeGib(32)\n .build())\n .tags(Map.of(\"owner\", \"mmv2\"))\n .labels(Map.of(\"key_one\", \"label_one\"))\n .vmSize(\"Standard_DS2_v2\")\n .build())\n .location(\"us-west1\")\n .maxPodsConstraint(AzureNodePoolMaxPodsConstraintArgs.builder()\n .maxPodsPerNode(110)\n .build())\n .name(\"node-pool-name\")\n .subnetId(\"/subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\")\n .version(versions.applyValue(getAzureVersionsResult -\u003e getAzureVersionsResult.validVersions()[0]))\n .annotations(Map.of(\"annotation-one\", \"value-one\"))\n .management(AzureNodePoolManagementArgs.builder()\n .autoRepair(true)\n .build())\n .project(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:AzureCluster\n properties:\n authorization:\n adminUsers:\n - username: mmv2@google.com\n azureRegion: westus2\n client: projects/my-project-number/locations/us-west1/azureClients/${basic.name}\n controlPlane:\n sshConfig:\n authorizedKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\n subnetId: /subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\n version: ${versions.validVersions[0]}\n fleet:\n project: my-project-number\n location: us-west1\n name: name\n networking:\n podAddressCidrBlocks:\n - 10.200.0.0/16\n serviceAddressCidrBlocks:\n - 10.32.0.0/24\n virtualNetworkId: /subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet\n resourceGroupId: /subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\n project: my-project-name\n basic:\n type: gcp:container:AzureClient\n properties:\n applicationId: 12345678-1234-1234-1234-123456789111\n location: us-west1\n name: client-name\n tenantId: 12345678-1234-1234-1234-123456789111\n project: my-project-name\n primaryAzureNodePool:\n type: gcp:container:AzureNodePool\n name: primary\n properties:\n autoscaling:\n maxNodeCount: 3\n minNodeCount: 2\n cluster: ${primary.name}\n config:\n sshConfig:\n authorizedKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers\n proxyConfig:\n resourceGroupId: /subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-cluster\n secretId: https://my--dev-keyvault.vault.azure.net/secrets/my--dev-secret/0000000000000000000000000000000000\n rootVolume:\n sizeGib: 32\n tags:\n owner: mmv2\n labels:\n key_one: label_one\n vmSize: Standard_DS2_v2\n location: us-west1\n maxPodsConstraint:\n maxPodsPerNode: 110\n name: node-pool-name\n subnetId: /subscriptions/12345678-1234-1234-1234-123456789111/resourceGroups/my--dev-byo/providers/Microsoft.Network/virtualNetworks/my--dev-vnet/subnets/default\n version: ${versions.validVersions[0]}\n annotations:\n annotation-one: value-one\n management:\n autoRepair: true\n project: my-project-name\nvariables:\n versions:\n fn::invoke:\n function: gcp:container:getAzureVersions\n arguments:\n project: my-project-name\n location: us-west1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nNodePool can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/azureClusters/{{cluster}}/azureNodePools/{{name}}`\n\n* `{{project}}/{{location}}/{{cluster}}/{{name}}`\n\n* `{{location}}/{{cluster}}/{{name}}`\n\nWhen using the `pulumi import` command, NodePool can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:container/azureNodePool:AzureNodePool default projects/{{project}}/locations/{{location}}/azureClusters/{{cluster}}/azureNodePools/{{name}}\n```\n\n```sh\n$ pulumi import gcp:container/azureNodePool:AzureNodePool default {{project}}/{{location}}/{{cluster}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:container/azureNodePool:AzureNodePool default {{location}}/{{cluster}}/{{name}}\n```\n\n", "properties": { "annotations": { "type": "object", @@ -188711,7 +188711,7 @@ } }, "gcp:containeranalysis/noteIamBinding:NoteIamBinding": { - "description": "Three different resources help you manage your IAM policy for Container Registry Note. Each of these resources serves a different use case:\n\n* `gcp.containeranalysis.NoteIamPolicy`: Authoritative. Sets the IAM policy for the note and replaces any existing policy already attached.\n* `gcp.containeranalysis.NoteIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the note are preserved.\n* `gcp.containeranalysis.NoteIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the note are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.containeranalysis.NoteIamPolicy`: Retrieves the IAM policy for the note\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamPolicy` **cannot** be used in conjunction with `gcp.containeranalysis.NoteIamBinding` and `gcp.containeranalysis.NoteIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamBinding` resources **can be** used in conjunction with `gcp.containeranalysis.NoteIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.containeranalysis.NoteIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.containeranalysis.NoteIamPolicy(\"policy\", {\n project: note.project,\n note: note.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/containeranalysis.notes.occurrences.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.containeranalysis.NoteIamPolicy(\"policy\",\n project=note[\"project\"],\n note=note[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ContainerAnalysis.NoteIamPolicy(\"policy\", new()\n {\n Project = note.Project,\n Note = note.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/containeranalysis.notes.occurrences.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = containeranalysis.NewNoteIamPolicy(ctx, \"policy\", \u0026containeranalysis.NoteIamPolicyArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicy;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NoteIamPolicy(\"policy\", NoteIamPolicyArgs.builder()\n .project(note.project())\n .note(note.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:containeranalysis:NoteIamPolicy\n properties:\n project: ${note.project}\n note: ${note.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.containeranalysis.NoteIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.containeranalysis.NoteIamBinding(\"binding\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.containeranalysis.NoteIamBinding(\"binding\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ContainerAnalysis.NoteIamBinding(\"binding\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamBinding(ctx, \"binding\", \u0026containeranalysis.NoteIamBindingArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamBinding;\nimport com.pulumi.gcp.containeranalysis.NoteIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NoteIamBinding(\"binding\", NoteIamBindingArgs.builder()\n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:containeranalysis:NoteIamBinding\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.containeranalysis.NoteIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.containeranalysis.NoteIamMember(\"member\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.containeranalysis.NoteIamMember(\"member\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ContainerAnalysis.NoteIamMember(\"member\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamMember(ctx, \"member\", \u0026containeranalysis.NoteIamMemberArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamMember;\nimport com.pulumi.gcp.containeranalysis.NoteIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NoteIamMember(\"member\", NoteIamMemberArgs.builder()\n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:containeranalysis:NoteIamMember\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Container Registry Note\nThree different resources help you manage your IAM policy for Container Registry Note. Each of these resources serves a different use case:\n\n* `gcp.containeranalysis.NoteIamPolicy`: Authoritative. Sets the IAM policy for the note and replaces any existing policy already attached.\n* `gcp.containeranalysis.NoteIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the note are preserved.\n* `gcp.containeranalysis.NoteIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the note are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.containeranalysis.NoteIamPolicy`: Retrieves the IAM policy for the note\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamPolicy` **cannot** be used in conjunction with `gcp.containeranalysis.NoteIamBinding` and `gcp.containeranalysis.NoteIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamBinding` resources **can be** used in conjunction with `gcp.containeranalysis.NoteIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.containeranalysis.NoteIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.containeranalysis.NoteIamPolicy(\"policy\", {\n project: note.project,\n note: note.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/containeranalysis.notes.occurrences.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.containeranalysis.NoteIamPolicy(\"policy\",\n project=note[\"project\"],\n note=note[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ContainerAnalysis.NoteIamPolicy(\"policy\", new()\n {\n Project = note.Project,\n Note = note.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/containeranalysis.notes.occurrences.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = containeranalysis.NewNoteIamPolicy(ctx, \"policy\", \u0026containeranalysis.NoteIamPolicyArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicy;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NoteIamPolicy(\"policy\", NoteIamPolicyArgs.builder()\n .project(note.project())\n .note(note.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:containeranalysis:NoteIamPolicy\n properties:\n project: ${note.project}\n note: ${note.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.containeranalysis.NoteIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.containeranalysis.NoteIamBinding(\"binding\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.containeranalysis.NoteIamBinding(\"binding\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ContainerAnalysis.NoteIamBinding(\"binding\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamBinding(ctx, \"binding\", \u0026containeranalysis.NoteIamBindingArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamBinding;\nimport com.pulumi.gcp.containeranalysis.NoteIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NoteIamBinding(\"binding\", NoteIamBindingArgs.builder()\n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:containeranalysis:NoteIamBinding\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.containeranalysis.NoteIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.containeranalysis.NoteIamMember(\"member\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.containeranalysis.NoteIamMember(\"member\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ContainerAnalysis.NoteIamMember(\"member\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamMember(ctx, \"member\", \u0026containeranalysis.NoteIamMemberArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamMember;\nimport com.pulumi.gcp.containeranalysis.NoteIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NoteIamMember(\"member\", NoteIamMemberArgs.builder()\n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:containeranalysis:NoteIamMember\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/notes/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nContainer Registry note IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamBinding:NoteIamBinding editor \"projects/{{project}}/notes/{{note}} roles/containeranalysis.notes.occurrences.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamBinding:NoteIamBinding editor \"projects/{{project}}/notes/{{note}} roles/containeranalysis.notes.occurrences.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamBinding:NoteIamBinding editor projects/{{project}}/notes/{{note}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Container Registry Note. Each of these resources serves a different use case:\n\n* `gcp.containeranalysis.NoteIamPolicy`: Authoritative. Sets the IAM policy for the note and replaces any existing policy already attached.\n* `gcp.containeranalysis.NoteIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the note are preserved.\n* `gcp.containeranalysis.NoteIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the note are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.containeranalysis.NoteIamPolicy`: Retrieves the IAM policy for the note\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamPolicy` **cannot** be used in conjunction with `gcp.containeranalysis.NoteIamBinding` and `gcp.containeranalysis.NoteIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamBinding` resources **can be** used in conjunction with `gcp.containeranalysis.NoteIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.containeranalysis.NoteIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.containeranalysis.NoteIamPolicy(\"policy\", {\n project: note.project,\n note: note.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/containeranalysis.notes.occurrences.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.containeranalysis.NoteIamPolicy(\"policy\",\n project=note[\"project\"],\n note=note[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ContainerAnalysis.NoteIamPolicy(\"policy\", new()\n {\n Project = note.Project,\n Note = note.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/containeranalysis.notes.occurrences.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = containeranalysis.NewNoteIamPolicy(ctx, \"policy\", \u0026containeranalysis.NoteIamPolicyArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicy;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NoteIamPolicy(\"policy\", NoteIamPolicyArgs.builder()\n .project(note.project())\n .note(note.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:containeranalysis:NoteIamPolicy\n properties:\n project: ${note.project}\n note: ${note.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.containeranalysis.NoteIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.containeranalysis.NoteIamBinding(\"binding\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.containeranalysis.NoteIamBinding(\"binding\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ContainerAnalysis.NoteIamBinding(\"binding\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamBinding(ctx, \"binding\", \u0026containeranalysis.NoteIamBindingArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamBinding;\nimport com.pulumi.gcp.containeranalysis.NoteIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NoteIamBinding(\"binding\", NoteIamBindingArgs.builder()\n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:containeranalysis:NoteIamBinding\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.containeranalysis.NoteIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.containeranalysis.NoteIamMember(\"member\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.containeranalysis.NoteIamMember(\"member\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ContainerAnalysis.NoteIamMember(\"member\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamMember(ctx, \"member\", \u0026containeranalysis.NoteIamMemberArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamMember;\nimport com.pulumi.gcp.containeranalysis.NoteIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NoteIamMember(\"member\", NoteIamMemberArgs.builder()\n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:containeranalysis:NoteIamMember\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Container Registry Note\nThree different resources help you manage your IAM policy for Container Registry Note. Each of these resources serves a different use case:\n\n* `gcp.containeranalysis.NoteIamPolicy`: Authoritative. Sets the IAM policy for the note and replaces any existing policy already attached.\n* `gcp.containeranalysis.NoteIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the note are preserved.\n* `gcp.containeranalysis.NoteIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the note are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.containeranalysis.NoteIamPolicy`: Retrieves the IAM policy for the note\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamPolicy` **cannot** be used in conjunction with `gcp.containeranalysis.NoteIamBinding` and `gcp.containeranalysis.NoteIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamBinding` resources **can be** used in conjunction with `gcp.containeranalysis.NoteIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.containeranalysis.NoteIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.containeranalysis.NoteIamPolicy(\"policy\", {\n project: note.project,\n note: note.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/containeranalysis.notes.occurrences.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.containeranalysis.NoteIamPolicy(\"policy\",\n project=note[\"project\"],\n note=note[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ContainerAnalysis.NoteIamPolicy(\"policy\", new()\n {\n Project = note.Project,\n Note = note.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/containeranalysis.notes.occurrences.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = containeranalysis.NewNoteIamPolicy(ctx, \"policy\", \u0026containeranalysis.NoteIamPolicyArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicy;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NoteIamPolicy(\"policy\", NoteIamPolicyArgs.builder()\n .project(note.project())\n .note(note.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:containeranalysis:NoteIamPolicy\n properties:\n project: ${note.project}\n note: ${note.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.containeranalysis.NoteIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.containeranalysis.NoteIamBinding(\"binding\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.containeranalysis.NoteIamBinding(\"binding\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ContainerAnalysis.NoteIamBinding(\"binding\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamBinding(ctx, \"binding\", \u0026containeranalysis.NoteIamBindingArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamBinding;\nimport com.pulumi.gcp.containeranalysis.NoteIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NoteIamBinding(\"binding\", NoteIamBindingArgs.builder()\n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:containeranalysis:NoteIamBinding\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.containeranalysis.NoteIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.containeranalysis.NoteIamMember(\"member\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.containeranalysis.NoteIamMember(\"member\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ContainerAnalysis.NoteIamMember(\"member\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamMember(ctx, \"member\", \u0026containeranalysis.NoteIamMemberArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamMember;\nimport com.pulumi.gcp.containeranalysis.NoteIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NoteIamMember(\"member\", NoteIamMemberArgs.builder()\n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:containeranalysis:NoteIamMember\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/notes/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nContainer Registry note IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamBinding:NoteIamBinding editor \"projects/{{project}}/notes/{{note}} roles/containeranalysis.notes.occurrences.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamBinding:NoteIamBinding editor \"projects/{{project}}/notes/{{note}} roles/containeranalysis.notes.occurrences.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamBinding:NoteIamBinding editor projects/{{project}}/notes/{{note}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:containeranalysis/NoteIamBindingCondition:NoteIamBindingCondition" @@ -188818,7 +188818,7 @@ } }, "gcp:containeranalysis/noteIamMember:NoteIamMember": { - "description": "Three different resources help you manage your IAM policy for Container Registry Note. Each of these resources serves a different use case:\n\n* `gcp.containeranalysis.NoteIamPolicy`: Authoritative. Sets the IAM policy for the note and replaces any existing policy already attached.\n* `gcp.containeranalysis.NoteIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the note are preserved.\n* `gcp.containeranalysis.NoteIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the note are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.containeranalysis.NoteIamPolicy`: Retrieves the IAM policy for the note\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamPolicy` **cannot** be used in conjunction with `gcp.containeranalysis.NoteIamBinding` and `gcp.containeranalysis.NoteIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamBinding` resources **can be** used in conjunction with `gcp.containeranalysis.NoteIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.containeranalysis.NoteIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.containeranalysis.NoteIamPolicy(\"policy\", {\n project: note.project,\n note: note.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/containeranalysis.notes.occurrences.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.containeranalysis.NoteIamPolicy(\"policy\",\n project=note[\"project\"],\n note=note[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ContainerAnalysis.NoteIamPolicy(\"policy\", new()\n {\n Project = note.Project,\n Note = note.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/containeranalysis.notes.occurrences.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = containeranalysis.NewNoteIamPolicy(ctx, \"policy\", \u0026containeranalysis.NoteIamPolicyArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicy;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NoteIamPolicy(\"policy\", NoteIamPolicyArgs.builder()\n .project(note.project())\n .note(note.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:containeranalysis:NoteIamPolicy\n properties:\n project: ${note.project}\n note: ${note.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.containeranalysis.NoteIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.containeranalysis.NoteIamBinding(\"binding\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.containeranalysis.NoteIamBinding(\"binding\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ContainerAnalysis.NoteIamBinding(\"binding\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamBinding(ctx, \"binding\", \u0026containeranalysis.NoteIamBindingArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamBinding;\nimport com.pulumi.gcp.containeranalysis.NoteIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NoteIamBinding(\"binding\", NoteIamBindingArgs.builder()\n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:containeranalysis:NoteIamBinding\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.containeranalysis.NoteIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.containeranalysis.NoteIamMember(\"member\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.containeranalysis.NoteIamMember(\"member\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ContainerAnalysis.NoteIamMember(\"member\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamMember(ctx, \"member\", \u0026containeranalysis.NoteIamMemberArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamMember;\nimport com.pulumi.gcp.containeranalysis.NoteIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NoteIamMember(\"member\", NoteIamMemberArgs.builder()\n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:containeranalysis:NoteIamMember\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Container Registry Note\nThree different resources help you manage your IAM policy for Container Registry Note. Each of these resources serves a different use case:\n\n* `gcp.containeranalysis.NoteIamPolicy`: Authoritative. Sets the IAM policy for the note and replaces any existing policy already attached.\n* `gcp.containeranalysis.NoteIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the note are preserved.\n* `gcp.containeranalysis.NoteIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the note are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.containeranalysis.NoteIamPolicy`: Retrieves the IAM policy for the note\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamPolicy` **cannot** be used in conjunction with `gcp.containeranalysis.NoteIamBinding` and `gcp.containeranalysis.NoteIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamBinding` resources **can be** used in conjunction with `gcp.containeranalysis.NoteIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.containeranalysis.NoteIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.containeranalysis.NoteIamPolicy(\"policy\", {\n project: note.project,\n note: note.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/containeranalysis.notes.occurrences.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.containeranalysis.NoteIamPolicy(\"policy\",\n project=note[\"project\"],\n note=note[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ContainerAnalysis.NoteIamPolicy(\"policy\", new()\n {\n Project = note.Project,\n Note = note.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/containeranalysis.notes.occurrences.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = containeranalysis.NewNoteIamPolicy(ctx, \"policy\", \u0026containeranalysis.NoteIamPolicyArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicy;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NoteIamPolicy(\"policy\", NoteIamPolicyArgs.builder()\n .project(note.project())\n .note(note.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:containeranalysis:NoteIamPolicy\n properties:\n project: ${note.project}\n note: ${note.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.containeranalysis.NoteIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.containeranalysis.NoteIamBinding(\"binding\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.containeranalysis.NoteIamBinding(\"binding\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ContainerAnalysis.NoteIamBinding(\"binding\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamBinding(ctx, \"binding\", \u0026containeranalysis.NoteIamBindingArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamBinding;\nimport com.pulumi.gcp.containeranalysis.NoteIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NoteIamBinding(\"binding\", NoteIamBindingArgs.builder()\n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:containeranalysis:NoteIamBinding\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.containeranalysis.NoteIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.containeranalysis.NoteIamMember(\"member\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.containeranalysis.NoteIamMember(\"member\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ContainerAnalysis.NoteIamMember(\"member\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamMember(ctx, \"member\", \u0026containeranalysis.NoteIamMemberArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamMember;\nimport com.pulumi.gcp.containeranalysis.NoteIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NoteIamMember(\"member\", NoteIamMemberArgs.builder()\n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:containeranalysis:NoteIamMember\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/notes/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nContainer Registry note IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamMember:NoteIamMember editor \"projects/{{project}}/notes/{{note}} roles/containeranalysis.notes.occurrences.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamMember:NoteIamMember editor \"projects/{{project}}/notes/{{note}} roles/containeranalysis.notes.occurrences.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamMember:NoteIamMember editor projects/{{project}}/notes/{{note}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Container Registry Note. Each of these resources serves a different use case:\n\n* `gcp.containeranalysis.NoteIamPolicy`: Authoritative. Sets the IAM policy for the note and replaces any existing policy already attached.\n* `gcp.containeranalysis.NoteIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the note are preserved.\n* `gcp.containeranalysis.NoteIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the note are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.containeranalysis.NoteIamPolicy`: Retrieves the IAM policy for the note\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamPolicy` **cannot** be used in conjunction with `gcp.containeranalysis.NoteIamBinding` and `gcp.containeranalysis.NoteIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamBinding` resources **can be** used in conjunction with `gcp.containeranalysis.NoteIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.containeranalysis.NoteIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.containeranalysis.NoteIamPolicy(\"policy\", {\n project: note.project,\n note: note.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/containeranalysis.notes.occurrences.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.containeranalysis.NoteIamPolicy(\"policy\",\n project=note[\"project\"],\n note=note[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ContainerAnalysis.NoteIamPolicy(\"policy\", new()\n {\n Project = note.Project,\n Note = note.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/containeranalysis.notes.occurrences.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = containeranalysis.NewNoteIamPolicy(ctx, \"policy\", \u0026containeranalysis.NoteIamPolicyArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicy;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NoteIamPolicy(\"policy\", NoteIamPolicyArgs.builder()\n .project(note.project())\n .note(note.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:containeranalysis:NoteIamPolicy\n properties:\n project: ${note.project}\n note: ${note.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.containeranalysis.NoteIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.containeranalysis.NoteIamBinding(\"binding\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.containeranalysis.NoteIamBinding(\"binding\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ContainerAnalysis.NoteIamBinding(\"binding\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamBinding(ctx, \"binding\", \u0026containeranalysis.NoteIamBindingArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamBinding;\nimport com.pulumi.gcp.containeranalysis.NoteIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NoteIamBinding(\"binding\", NoteIamBindingArgs.builder()\n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:containeranalysis:NoteIamBinding\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.containeranalysis.NoteIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.containeranalysis.NoteIamMember(\"member\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.containeranalysis.NoteIamMember(\"member\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ContainerAnalysis.NoteIamMember(\"member\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamMember(ctx, \"member\", \u0026containeranalysis.NoteIamMemberArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamMember;\nimport com.pulumi.gcp.containeranalysis.NoteIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NoteIamMember(\"member\", NoteIamMemberArgs.builder()\n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:containeranalysis:NoteIamMember\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Container Registry Note\nThree different resources help you manage your IAM policy for Container Registry Note. Each of these resources serves a different use case:\n\n* `gcp.containeranalysis.NoteIamPolicy`: Authoritative. Sets the IAM policy for the note and replaces any existing policy already attached.\n* `gcp.containeranalysis.NoteIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the note are preserved.\n* `gcp.containeranalysis.NoteIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the note are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.containeranalysis.NoteIamPolicy`: Retrieves the IAM policy for the note\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamPolicy` **cannot** be used in conjunction with `gcp.containeranalysis.NoteIamBinding` and `gcp.containeranalysis.NoteIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamBinding` resources **can be** used in conjunction with `gcp.containeranalysis.NoteIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.containeranalysis.NoteIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.containeranalysis.NoteIamPolicy(\"policy\", {\n project: note.project,\n note: note.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/containeranalysis.notes.occurrences.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.containeranalysis.NoteIamPolicy(\"policy\",\n project=note[\"project\"],\n note=note[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ContainerAnalysis.NoteIamPolicy(\"policy\", new()\n {\n Project = note.Project,\n Note = note.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/containeranalysis.notes.occurrences.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = containeranalysis.NewNoteIamPolicy(ctx, \"policy\", \u0026containeranalysis.NoteIamPolicyArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicy;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NoteIamPolicy(\"policy\", NoteIamPolicyArgs.builder()\n .project(note.project())\n .note(note.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:containeranalysis:NoteIamPolicy\n properties:\n project: ${note.project}\n note: ${note.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.containeranalysis.NoteIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.containeranalysis.NoteIamBinding(\"binding\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.containeranalysis.NoteIamBinding(\"binding\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ContainerAnalysis.NoteIamBinding(\"binding\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamBinding(ctx, \"binding\", \u0026containeranalysis.NoteIamBindingArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamBinding;\nimport com.pulumi.gcp.containeranalysis.NoteIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NoteIamBinding(\"binding\", NoteIamBindingArgs.builder()\n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:containeranalysis:NoteIamBinding\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.containeranalysis.NoteIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.containeranalysis.NoteIamMember(\"member\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.containeranalysis.NoteIamMember(\"member\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ContainerAnalysis.NoteIamMember(\"member\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamMember(ctx, \"member\", \u0026containeranalysis.NoteIamMemberArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamMember;\nimport com.pulumi.gcp.containeranalysis.NoteIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NoteIamMember(\"member\", NoteIamMemberArgs.builder()\n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:containeranalysis:NoteIamMember\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/notes/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nContainer Registry note IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamMember:NoteIamMember editor \"projects/{{project}}/notes/{{note}} roles/containeranalysis.notes.occurrences.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamMember:NoteIamMember editor \"projects/{{project}}/notes/{{note}} roles/containeranalysis.notes.occurrences.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamMember:NoteIamMember editor projects/{{project}}/notes/{{note}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:containeranalysis/NoteIamMemberCondition:NoteIamMemberCondition" @@ -188918,7 +188918,7 @@ } }, "gcp:containeranalysis/noteIamPolicy:NoteIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Container Registry Note. Each of these resources serves a different use case:\n\n* `gcp.containeranalysis.NoteIamPolicy`: Authoritative. Sets the IAM policy for the note and replaces any existing policy already attached.\n* `gcp.containeranalysis.NoteIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the note are preserved.\n* `gcp.containeranalysis.NoteIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the note are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.containeranalysis.NoteIamPolicy`: Retrieves the IAM policy for the note\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamPolicy` **cannot** be used in conjunction with `gcp.containeranalysis.NoteIamBinding` and `gcp.containeranalysis.NoteIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamBinding` resources **can be** used in conjunction with `gcp.containeranalysis.NoteIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.containeranalysis.NoteIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.containeranalysis.NoteIamPolicy(\"policy\", {\n project: note.project,\n note: note.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/containeranalysis.notes.occurrences.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.containeranalysis.NoteIamPolicy(\"policy\",\n project=note[\"project\"],\n note=note[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ContainerAnalysis.NoteIamPolicy(\"policy\", new()\n {\n Project = note.Project,\n Note = note.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/containeranalysis.notes.occurrences.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = containeranalysis.NewNoteIamPolicy(ctx, \"policy\", \u0026containeranalysis.NoteIamPolicyArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicy;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NoteIamPolicy(\"policy\", NoteIamPolicyArgs.builder()\n .project(note.project())\n .note(note.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:containeranalysis:NoteIamPolicy\n properties:\n project: ${note.project}\n note: ${note.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.containeranalysis.NoteIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.containeranalysis.NoteIamBinding(\"binding\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.containeranalysis.NoteIamBinding(\"binding\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ContainerAnalysis.NoteIamBinding(\"binding\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamBinding(ctx, \"binding\", \u0026containeranalysis.NoteIamBindingArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamBinding;\nimport com.pulumi.gcp.containeranalysis.NoteIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NoteIamBinding(\"binding\", NoteIamBindingArgs.builder()\n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:containeranalysis:NoteIamBinding\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.containeranalysis.NoteIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.containeranalysis.NoteIamMember(\"member\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.containeranalysis.NoteIamMember(\"member\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ContainerAnalysis.NoteIamMember(\"member\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamMember(ctx, \"member\", \u0026containeranalysis.NoteIamMemberArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamMember;\nimport com.pulumi.gcp.containeranalysis.NoteIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NoteIamMember(\"member\", NoteIamMemberArgs.builder()\n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:containeranalysis:NoteIamMember\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Container Registry Note\nThree different resources help you manage your IAM policy for Container Registry Note. Each of these resources serves a different use case:\n\n* `gcp.containeranalysis.NoteIamPolicy`: Authoritative. Sets the IAM policy for the note and replaces any existing policy already attached.\n* `gcp.containeranalysis.NoteIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the note are preserved.\n* `gcp.containeranalysis.NoteIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the note are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.containeranalysis.NoteIamPolicy`: Retrieves the IAM policy for the note\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamPolicy` **cannot** be used in conjunction with `gcp.containeranalysis.NoteIamBinding` and `gcp.containeranalysis.NoteIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamBinding` resources **can be** used in conjunction with `gcp.containeranalysis.NoteIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.containeranalysis.NoteIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.containeranalysis.NoteIamPolicy(\"policy\", {\n project: note.project,\n note: note.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/containeranalysis.notes.occurrences.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.containeranalysis.NoteIamPolicy(\"policy\",\n project=note[\"project\"],\n note=note[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ContainerAnalysis.NoteIamPolicy(\"policy\", new()\n {\n Project = note.Project,\n Note = note.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/containeranalysis.notes.occurrences.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = containeranalysis.NewNoteIamPolicy(ctx, \"policy\", \u0026containeranalysis.NoteIamPolicyArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicy;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NoteIamPolicy(\"policy\", NoteIamPolicyArgs.builder()\n .project(note.project())\n .note(note.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:containeranalysis:NoteIamPolicy\n properties:\n project: ${note.project}\n note: ${note.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.containeranalysis.NoteIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.containeranalysis.NoteIamBinding(\"binding\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.containeranalysis.NoteIamBinding(\"binding\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ContainerAnalysis.NoteIamBinding(\"binding\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamBinding(ctx, \"binding\", \u0026containeranalysis.NoteIamBindingArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamBinding;\nimport com.pulumi.gcp.containeranalysis.NoteIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NoteIamBinding(\"binding\", NoteIamBindingArgs.builder()\n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:containeranalysis:NoteIamBinding\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.containeranalysis.NoteIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.containeranalysis.NoteIamMember(\"member\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.containeranalysis.NoteIamMember(\"member\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ContainerAnalysis.NoteIamMember(\"member\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamMember(ctx, \"member\", \u0026containeranalysis.NoteIamMemberArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamMember;\nimport com.pulumi.gcp.containeranalysis.NoteIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NoteIamMember(\"member\", NoteIamMemberArgs.builder()\n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:containeranalysis:NoteIamMember\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/notes/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nContainer Registry note IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamPolicy:NoteIamPolicy editor \"projects/{{project}}/notes/{{note}} roles/containeranalysis.notes.occurrences.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamPolicy:NoteIamPolicy editor \"projects/{{project}}/notes/{{note}} roles/containeranalysis.notes.occurrences.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamPolicy:NoteIamPolicy editor projects/{{project}}/notes/{{note}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Container Registry Note. Each of these resources serves a different use case:\n\n* `gcp.containeranalysis.NoteIamPolicy`: Authoritative. Sets the IAM policy for the note and replaces any existing policy already attached.\n* `gcp.containeranalysis.NoteIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the note are preserved.\n* `gcp.containeranalysis.NoteIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the note are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.containeranalysis.NoteIamPolicy`: Retrieves the IAM policy for the note\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamPolicy` **cannot** be used in conjunction with `gcp.containeranalysis.NoteIamBinding` and `gcp.containeranalysis.NoteIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamBinding` resources **can be** used in conjunction with `gcp.containeranalysis.NoteIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.containeranalysis.NoteIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.containeranalysis.NoteIamPolicy(\"policy\", {\n project: note.project,\n note: note.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/containeranalysis.notes.occurrences.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.containeranalysis.NoteIamPolicy(\"policy\",\n project=note[\"project\"],\n note=note[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ContainerAnalysis.NoteIamPolicy(\"policy\", new()\n {\n Project = note.Project,\n Note = note.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/containeranalysis.notes.occurrences.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = containeranalysis.NewNoteIamPolicy(ctx, \"policy\", \u0026containeranalysis.NoteIamPolicyArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicy;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NoteIamPolicy(\"policy\", NoteIamPolicyArgs.builder()\n .project(note.project())\n .note(note.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:containeranalysis:NoteIamPolicy\n properties:\n project: ${note.project}\n note: ${note.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.containeranalysis.NoteIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.containeranalysis.NoteIamBinding(\"binding\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.containeranalysis.NoteIamBinding(\"binding\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ContainerAnalysis.NoteIamBinding(\"binding\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamBinding(ctx, \"binding\", \u0026containeranalysis.NoteIamBindingArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamBinding;\nimport com.pulumi.gcp.containeranalysis.NoteIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NoteIamBinding(\"binding\", NoteIamBindingArgs.builder()\n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:containeranalysis:NoteIamBinding\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.containeranalysis.NoteIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.containeranalysis.NoteIamMember(\"member\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.containeranalysis.NoteIamMember(\"member\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ContainerAnalysis.NoteIamMember(\"member\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamMember(ctx, \"member\", \u0026containeranalysis.NoteIamMemberArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamMember;\nimport com.pulumi.gcp.containeranalysis.NoteIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NoteIamMember(\"member\", NoteIamMemberArgs.builder()\n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:containeranalysis:NoteIamMember\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Container Registry Note\nThree different resources help you manage your IAM policy for Container Registry Note. Each of these resources serves a different use case:\n\n* `gcp.containeranalysis.NoteIamPolicy`: Authoritative. Sets the IAM policy for the note and replaces any existing policy already attached.\n* `gcp.containeranalysis.NoteIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the note are preserved.\n* `gcp.containeranalysis.NoteIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the note are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.containeranalysis.NoteIamPolicy`: Retrieves the IAM policy for the note\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamPolicy` **cannot** be used in conjunction with `gcp.containeranalysis.NoteIamBinding` and `gcp.containeranalysis.NoteIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamBinding` resources **can be** used in conjunction with `gcp.containeranalysis.NoteIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.containeranalysis.NoteIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.containeranalysis.NoteIamPolicy(\"policy\", {\n project: note.project,\n note: note.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/containeranalysis.notes.occurrences.viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.containeranalysis.NoteIamPolicy(\"policy\",\n project=note[\"project\"],\n note=note[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ContainerAnalysis.NoteIamPolicy(\"policy\", new()\n {\n Project = note.Project,\n Note = note.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/containeranalysis.notes.occurrences.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = containeranalysis.NewNoteIamPolicy(ctx, \"policy\", \u0026containeranalysis.NoteIamPolicyArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicy;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NoteIamPolicy(\"policy\", NoteIamPolicyArgs.builder()\n .project(note.project())\n .note(note.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:containeranalysis:NoteIamPolicy\n properties:\n project: ${note.project}\n note: ${note.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.containeranalysis.NoteIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.containeranalysis.NoteIamBinding(\"binding\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.containeranalysis.NoteIamBinding(\"binding\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ContainerAnalysis.NoteIamBinding(\"binding\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamBinding(ctx, \"binding\", \u0026containeranalysis.NoteIamBindingArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamBinding;\nimport com.pulumi.gcp.containeranalysis.NoteIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NoteIamBinding(\"binding\", NoteIamBindingArgs.builder()\n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:containeranalysis:NoteIamBinding\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.containeranalysis.NoteIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.containeranalysis.NoteIamMember(\"member\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.containeranalysis.NoteIamMember(\"member\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ContainerAnalysis.NoteIamMember(\"member\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamMember(ctx, \"member\", \u0026containeranalysis.NoteIamMemberArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamMember;\nimport com.pulumi.gcp.containeranalysis.NoteIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NoteIamMember(\"member\", NoteIamMemberArgs.builder()\n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:containeranalysis:NoteIamMember\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/notes/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nContainer Registry note IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamPolicy:NoteIamPolicy editor \"projects/{{project}}/notes/{{note}} roles/containeranalysis.notes.occurrences.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamPolicy:NoteIamPolicy editor \"projects/{{project}}/notes/{{note}} roles/containeranalysis.notes.occurrences.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamPolicy:NoteIamPolicy editor projects/{{project}}/notes/{{note}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -188989,7 +188989,7 @@ } }, "gcp:containeranalysis/occurence:Occurence": { - "description": "An occurrence is an instance of a Note, or type of analysis that\ncan be done for a resource.\n\n\nTo get more information about Occurrence, see:\n\n* [API documentation](https://cloud.google.com/container-analysis/api/reference/rest/)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/container-analysis/)\n\n## Example Usage\n\n### Container Analysis Occurrence Kms\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.Note;\nimport com.pulumi.gcp.containeranalysis.NoteArgs;\nimport com.pulumi.gcp.containeranalysis.inputs.NoteAttestationAuthorityArgs;\nimport com.pulumi.gcp.containeranalysis.inputs.NoteAttestationAuthorityHintArgs;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetKMSKeyRingArgs;\nimport com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyArgs;\nimport com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyVersionArgs;\nimport com.pulumi.gcp.binaryauthorization.Attestor;\nimport com.pulumi.gcp.binaryauthorization.AttestorArgs;\nimport com.pulumi.gcp.binaryauthorization.inputs.AttestorAttestationAuthorityNoteArgs;\nimport com.pulumi.gcp.containeranalysis.Occurence;\nimport com.pulumi.gcp.containeranalysis.OccurenceArgs;\nimport com.pulumi.gcp.containeranalysis.inputs.OccurenceAttestationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var note = new Note(\"note\", NoteArgs.builder()\n .name(\"attestation-note\")\n .attestationAuthority(NoteAttestationAuthorityArgs.builder()\n .hint(NoteAttestationAuthorityHintArgs.builder()\n .humanReadableName(\"Attestor Note\")\n .build())\n .build())\n .build());\n\n final var keyring = KmsFunctions.getKMSKeyRing(GetKMSKeyRingArgs.builder()\n .name(\"my-key-ring\")\n .location(\"global\")\n .build());\n\n final var crypto-key = KmsFunctions.getKMSCryptoKey(GetKMSCryptoKeyArgs.builder()\n .name(\"my-key\")\n .keyRing(keyring.applyValue(getKMSKeyRingResult -\u003e getKMSKeyRingResult.id()))\n .build());\n\n final var version = KmsFunctions.getKMSCryptoKeyVersion(GetKMSCryptoKeyVersionArgs.builder()\n .cryptoKey(crypto_key.id())\n .build());\n\n var attestor = new Attestor(\"attestor\", AttestorArgs.builder()\n .name(\"attestor\")\n .attestationAuthorityNote(AttestorAttestationAuthorityNoteArgs.builder()\n .noteReference(note.name())\n .publicKeys(AttestorAttestationAuthorityNotePublicKeyArgs.builder()\n .id(version.applyValue(getKMSCryptoKeyVersionResult -\u003e getKMSCryptoKeyVersionResult.id()))\n .pkixPublicKey(AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs.builder()\n .publicKeyPem(version.applyValue(getKMSCryptoKeyVersionResult -\u003e getKMSCryptoKeyVersionResult.publicKeys()[0].pem()))\n .signatureAlgorithm(version.applyValue(getKMSCryptoKeyVersionResult -\u003e getKMSCryptoKeyVersionResult.publicKeys()[0].algorithm()))\n .build())\n .build())\n .build())\n .build());\n\n var occurrence = new Occurence(\"occurrence\", OccurenceArgs.builder()\n .resourceUri(\"gcr.io/my-project/my-image\")\n .noteName(note.id())\n .attestation(OccurenceAttestationArgs.builder()\n .serializedPayload(StdFunctions.filebase64(Filebase64Args.builder()\n .input(\"path/to/my/payload.json\")\n .build()).result())\n .signatures(OccurenceAttestationSignatureArgs.builder()\n .publicKeyId(version.applyValue(getKMSCryptoKeyVersionResult -\u003e getKMSCryptoKeyVersionResult.id()))\n .serializedPayload(StdFunctions.filebase64(Filebase64Args.builder()\n .input(\"path/to/my/payload.json.sig\")\n .build()).result())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n attestor:\n type: gcp:binaryauthorization:Attestor\n properties:\n name: attestor\n attestationAuthorityNote:\n noteReference: ${note.name}\n publicKeys:\n - id: ${version.id}\n pkixPublicKey:\n publicKeyPem: ${version.publicKeys[0].pem}\n signatureAlgorithm: ${version.publicKeys[0].algorithm}\n note:\n type: gcp:containeranalysis:Note\n properties:\n name: attestation-note\n attestationAuthority:\n hint:\n humanReadableName: Attestor Note\n occurrence:\n type: gcp:containeranalysis:Occurence\n properties:\n resourceUri: gcr.io/my-project/my-image\n noteName: ${note.id}\n attestation:\n serializedPayload:\n fn::invoke:\n Function: std:filebase64\n Arguments:\n input: path/to/my/payload.json\n Return: result\n signatures:\n - publicKeyId: ${version.id}\n serializedPayload:\n fn::invoke:\n Function: std:filebase64\n Arguments:\n input: path/to/my/payload.json.sig\n Return: result\nvariables:\n keyring:\n fn::invoke:\n Function: gcp:kms:getKMSKeyRing\n Arguments:\n name: my-key-ring\n location: global\n crypto-key:\n fn::invoke:\n Function: gcp:kms:getKMSCryptoKey\n Arguments:\n name: my-key\n keyRing: ${keyring.id}\n version:\n fn::invoke:\n Function: gcp:kms:getKMSCryptoKeyVersion\n Arguments:\n cryptoKey: ${[\"crypto-key\"].id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nOccurrence can be imported using any of these accepted formats:\n\n* `projects/{{project}}/occurrences/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Occurrence can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:containeranalysis/occurence:Occurence default projects/{{project}}/occurrences/{{name}}\n```\n\n```sh\n$ pulumi import gcp:containeranalysis/occurence:Occurence default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:containeranalysis/occurence:Occurence default {{name}}\n```\n\n", + "description": "An occurrence is an instance of a Note, or type of analysis that\ncan be done for a resource.\n\n\nTo get more information about Occurrence, see:\n\n* [API documentation](https://cloud.google.com/container-analysis/api/reference/rest/)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/container-analysis/)\n\n## Example Usage\n\n### Container Analysis Occurrence Kms\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.Note;\nimport com.pulumi.gcp.containeranalysis.NoteArgs;\nimport com.pulumi.gcp.containeranalysis.inputs.NoteAttestationAuthorityArgs;\nimport com.pulumi.gcp.containeranalysis.inputs.NoteAttestationAuthorityHintArgs;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetKMSKeyRingArgs;\nimport com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyArgs;\nimport com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyVersionArgs;\nimport com.pulumi.gcp.binaryauthorization.Attestor;\nimport com.pulumi.gcp.binaryauthorization.AttestorArgs;\nimport com.pulumi.gcp.binaryauthorization.inputs.AttestorAttestationAuthorityNoteArgs;\nimport com.pulumi.gcp.containeranalysis.Occurence;\nimport com.pulumi.gcp.containeranalysis.OccurenceArgs;\nimport com.pulumi.gcp.containeranalysis.inputs.OccurenceAttestationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var note = new Note(\"note\", NoteArgs.builder()\n .name(\"attestation-note\")\n .attestationAuthority(NoteAttestationAuthorityArgs.builder()\n .hint(NoteAttestationAuthorityHintArgs.builder()\n .humanReadableName(\"Attestor Note\")\n .build())\n .build())\n .build());\n\n final var keyring = KmsFunctions.getKMSKeyRing(GetKMSKeyRingArgs.builder()\n .name(\"my-key-ring\")\n .location(\"global\")\n .build());\n\n final var crypto-key = KmsFunctions.getKMSCryptoKey(GetKMSCryptoKeyArgs.builder()\n .name(\"my-key\")\n .keyRing(keyring.applyValue(getKMSKeyRingResult -\u003e getKMSKeyRingResult.id()))\n .build());\n\n final var version = KmsFunctions.getKMSCryptoKeyVersion(GetKMSCryptoKeyVersionArgs.builder()\n .cryptoKey(crypto_key.id())\n .build());\n\n var attestor = new Attestor(\"attestor\", AttestorArgs.builder()\n .name(\"attestor\")\n .attestationAuthorityNote(AttestorAttestationAuthorityNoteArgs.builder()\n .noteReference(note.name())\n .publicKeys(AttestorAttestationAuthorityNotePublicKeyArgs.builder()\n .id(version.applyValue(getKMSCryptoKeyVersionResult -\u003e getKMSCryptoKeyVersionResult.id()))\n .pkixPublicKey(AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs.builder()\n .publicKeyPem(version.applyValue(getKMSCryptoKeyVersionResult -\u003e getKMSCryptoKeyVersionResult.publicKeys()[0].pem()))\n .signatureAlgorithm(version.applyValue(getKMSCryptoKeyVersionResult -\u003e getKMSCryptoKeyVersionResult.publicKeys()[0].algorithm()))\n .build())\n .build())\n .build())\n .build());\n\n var occurrence = new Occurence(\"occurrence\", OccurenceArgs.builder()\n .resourceUri(\"gcr.io/my-project/my-image\")\n .noteName(note.id())\n .attestation(OccurenceAttestationArgs.builder()\n .serializedPayload(StdFunctions.filebase64(Filebase64Args.builder()\n .input(\"path/to/my/payload.json\")\n .build()).result())\n .signatures(OccurenceAttestationSignatureArgs.builder()\n .publicKeyId(version.applyValue(getKMSCryptoKeyVersionResult -\u003e getKMSCryptoKeyVersionResult.id()))\n .serializedPayload(StdFunctions.filebase64(Filebase64Args.builder()\n .input(\"path/to/my/payload.json.sig\")\n .build()).result())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n attestor:\n type: gcp:binaryauthorization:Attestor\n properties:\n name: attestor\n attestationAuthorityNote:\n noteReference: ${note.name}\n publicKeys:\n - id: ${version.id}\n pkixPublicKey:\n publicKeyPem: ${version.publicKeys[0].pem}\n signatureAlgorithm: ${version.publicKeys[0].algorithm}\n note:\n type: gcp:containeranalysis:Note\n properties:\n name: attestation-note\n attestationAuthority:\n hint:\n humanReadableName: Attestor Note\n occurrence:\n type: gcp:containeranalysis:Occurence\n properties:\n resourceUri: gcr.io/my-project/my-image\n noteName: ${note.id}\n attestation:\n serializedPayload:\n fn::invoke:\n function: std:filebase64\n arguments:\n input: path/to/my/payload.json\n return: result\n signatures:\n - publicKeyId: ${version.id}\n serializedPayload:\n fn::invoke:\n function: std:filebase64\n arguments:\n input: path/to/my/payload.json.sig\n return: result\nvariables:\n keyring:\n fn::invoke:\n function: gcp:kms:getKMSKeyRing\n arguments:\n name: my-key-ring\n location: global\n crypto-key:\n fn::invoke:\n function: gcp:kms:getKMSCryptoKey\n arguments:\n name: my-key\n keyRing: ${keyring.id}\n version:\n fn::invoke:\n function: gcp:kms:getKMSCryptoKeyVersion\n arguments:\n cryptoKey: ${[\"crypto-key\"].id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nOccurrence can be imported using any of these accepted formats:\n\n* `projects/{{project}}/occurrences/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Occurrence can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:containeranalysis/occurence:Occurence default projects/{{project}}/occurrences/{{name}}\n```\n\n```sh\n$ pulumi import gcp:containeranalysis/occurence:Occurence default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:containeranalysis/occurence:Occurence default {{name}}\n```\n\n", "properties": { "attestation": { "$ref": "#/types/gcp:containeranalysis/OccurenceAttestation:OccurenceAttestation", @@ -189112,7 +189112,7 @@ } }, "gcp:databasemigrationservice/connectionProfile:ConnectionProfile": { - "description": "A connection profile definition.\n\n\nTo get more information about ConnectionProfile, see:\n\n* [API documentation](https://cloud.google.com/database-migration/docs/reference/rest/v1/projects.locations.connectionProfiles/create)\n* How-to Guides\n * [Database Migration](https://cloud.google.com/database-migration/docs/)\n\n\n\n## Example Usage\n\n### Database Migration Service Connection Profile Cloudsql\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst cloudsqldb = new gcp.sql.DatabaseInstance(\"cloudsqldb\", {\n name: \"my-database\",\n databaseVersion: \"MYSQL_5_7\",\n settings: {\n tier: \"db-n1-standard-1\",\n deletionProtectionEnabled: false,\n },\n deletionProtection: false,\n});\nconst sqlClientCert = new gcp.sql.SslCert(\"sql_client_cert\", {\n commonName: \"my-cert\",\n instance: cloudsqldb.name,\n}, {\n dependsOn: [cloudsqldb],\n});\nconst sqldbUser = new gcp.sql.User(\"sqldb_user\", {\n name: \"my-username\",\n instance: cloudsqldb.name,\n password: \"my-password\",\n}, {\n dependsOn: [sqlClientCert],\n});\nconst cloudsqlprofile = new gcp.databasemigrationservice.ConnectionProfile(\"cloudsqlprofile\", {\n location: \"us-central1\",\n connectionProfileId: \"my-fromprofileid\",\n displayName: \"my-fromprofileid_display\",\n labels: {\n foo: \"bar\",\n },\n mysql: {\n host: cloudsqldb.ipAddresses.apply(ipAddresses =\u003e ipAddresses[0].ipAddress),\n port: 3306,\n username: sqldbUser.name,\n password: sqldbUser.password,\n ssl: {\n clientKey: sqlClientCert.privateKey,\n clientCertificate: sqlClientCert.cert,\n caCertificate: sqlClientCert.serverCaCert,\n },\n cloudSqlId: \"my-database\",\n },\n}, {\n dependsOn: [sqldbUser],\n});\nconst cloudsqlprofileDestination = new gcp.databasemigrationservice.ConnectionProfile(\"cloudsqlprofile_destination\", {\n location: \"us-central1\",\n connectionProfileId: \"my-toprofileid\",\n displayName: \"my-toprofileid_displayname\",\n labels: {\n foo: \"bar\",\n },\n cloudsql: {\n settings: {\n databaseVersion: \"MYSQL_5_7\",\n userLabels: {\n cloudfoo: \"cloudbar\",\n },\n tier: \"db-n1-standard-1\",\n edition: \"ENTERPRISE\",\n storageAutoResizeLimit: \"0\",\n activationPolicy: \"ALWAYS\",\n ipConfig: {\n enableIpv4: true,\n requireSsl: true,\n },\n autoStorageIncrease: true,\n dataDiskType: \"PD_HDD\",\n dataDiskSizeGb: \"11\",\n zone: \"us-central1-b\",\n sourceId: project.then(project =\u003e `projects/${project.projectId}/locations/us-central1/connectionProfiles/my-fromprofileid`),\n rootPassword: \"testpasscloudsql\",\n },\n },\n}, {\n dependsOn: [cloudsqlprofile],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ncloudsqldb = gcp.sql.DatabaseInstance(\"cloudsqldb\",\n name=\"my-database\",\n database_version=\"MYSQL_5_7\",\n settings={\n \"tier\": \"db-n1-standard-1\",\n \"deletion_protection_enabled\": False,\n },\n deletion_protection=False)\nsql_client_cert = gcp.sql.SslCert(\"sql_client_cert\",\n common_name=\"my-cert\",\n instance=cloudsqldb.name,\n opts = pulumi.ResourceOptions(depends_on=[cloudsqldb]))\nsqldb_user = gcp.sql.User(\"sqldb_user\",\n name=\"my-username\",\n instance=cloudsqldb.name,\n password=\"my-password\",\n opts = pulumi.ResourceOptions(depends_on=[sql_client_cert]))\ncloudsqlprofile = gcp.databasemigrationservice.ConnectionProfile(\"cloudsqlprofile\",\n location=\"us-central1\",\n connection_profile_id=\"my-fromprofileid\",\n display_name=\"my-fromprofileid_display\",\n labels={\n \"foo\": \"bar\",\n },\n mysql={\n \"host\": cloudsqldb.ip_addresses[0].ip_address,\n \"port\": 3306,\n \"username\": sqldb_user.name,\n \"password\": sqldb_user.password,\n \"ssl\": {\n \"client_key\": sql_client_cert.private_key,\n \"client_certificate\": sql_client_cert.cert,\n \"ca_certificate\": sql_client_cert.server_ca_cert,\n },\n \"cloud_sql_id\": \"my-database\",\n },\n opts = pulumi.ResourceOptions(depends_on=[sqldb_user]))\ncloudsqlprofile_destination = gcp.databasemigrationservice.ConnectionProfile(\"cloudsqlprofile_destination\",\n location=\"us-central1\",\n connection_profile_id=\"my-toprofileid\",\n display_name=\"my-toprofileid_displayname\",\n labels={\n \"foo\": \"bar\",\n },\n cloudsql={\n \"settings\": {\n \"database_version\": \"MYSQL_5_7\",\n \"user_labels\": {\n \"cloudfoo\": \"cloudbar\",\n },\n \"tier\": \"db-n1-standard-1\",\n \"edition\": \"ENTERPRISE\",\n \"storage_auto_resize_limit\": \"0\",\n \"activation_policy\": \"ALWAYS\",\n \"ip_config\": {\n \"enable_ipv4\": True,\n \"require_ssl\": True,\n },\n \"auto_storage_increase\": True,\n \"data_disk_type\": \"PD_HDD\",\n \"data_disk_size_gb\": \"11\",\n \"zone\": \"us-central1-b\",\n \"source_id\": f\"projects/{project.project_id}/locations/us-central1/connectionProfiles/my-fromprofileid\",\n \"root_password\": \"testpasscloudsql\",\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[cloudsqlprofile]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var cloudsqldb = new Gcp.Sql.DatabaseInstance(\"cloudsqldb\", new()\n {\n Name = \"my-database\",\n DatabaseVersion = \"MYSQL_5_7\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-n1-standard-1\",\n DeletionProtectionEnabled = false,\n },\n DeletionProtection = false,\n });\n\n var sqlClientCert = new Gcp.Sql.SslCert(\"sql_client_cert\", new()\n {\n CommonName = \"my-cert\",\n Instance = cloudsqldb.Name,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n cloudsqldb,\n },\n });\n\n var sqldbUser = new Gcp.Sql.User(\"sqldb_user\", new()\n {\n Name = \"my-username\",\n Instance = cloudsqldb.Name,\n Password = \"my-password\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n sqlClientCert,\n },\n });\n\n var cloudsqlprofile = new Gcp.DatabaseMigrationService.ConnectionProfile(\"cloudsqlprofile\", new()\n {\n Location = \"us-central1\",\n ConnectionProfileId = \"my-fromprofileid\",\n DisplayName = \"my-fromprofileid_display\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Mysql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileMysqlArgs\n {\n Host = cloudsqldb.IpAddresses.Apply(ipAddresses =\u003e ipAddresses[0].IpAddress),\n Port = 3306,\n Username = sqldbUser.Name,\n Password = sqldbUser.Password,\n Ssl = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileMysqlSslArgs\n {\n ClientKey = sqlClientCert.PrivateKey,\n ClientCertificate = sqlClientCert.Cert,\n CaCertificate = sqlClientCert.ServerCaCert,\n },\n CloudSqlId = \"my-database\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n sqldbUser,\n },\n });\n\n var cloudsqlprofileDestination = new Gcp.DatabaseMigrationService.ConnectionProfile(\"cloudsqlprofile_destination\", new()\n {\n Location = \"us-central1\",\n ConnectionProfileId = \"my-toprofileid\",\n DisplayName = \"my-toprofileid_displayname\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Cloudsql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileCloudsqlArgs\n {\n Settings = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileCloudsqlSettingsArgs\n {\n DatabaseVersion = \"MYSQL_5_7\",\n UserLabels = \n {\n { \"cloudfoo\", \"cloudbar\" },\n },\n Tier = \"db-n1-standard-1\",\n Edition = \"ENTERPRISE\",\n StorageAutoResizeLimit = \"0\",\n ActivationPolicy = \"ALWAYS\",\n IpConfig = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileCloudsqlSettingsIpConfigArgs\n {\n EnableIpv4 = true,\n RequireSsl = true,\n },\n AutoStorageIncrease = true,\n DataDiskType = \"PD_HDD\",\n DataDiskSizeGb = \"11\",\n Zone = \"us-central1-b\",\n SourceId = $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.ProjectId)}/locations/us-central1/connectionProfiles/my-fromprofileid\",\n RootPassword = \"testpasscloudsql\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n cloudsqlprofile,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/databasemigrationservice\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcloudsqldb, err := sql.NewDatabaseInstance(ctx, \"cloudsqldb\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"my-database\"),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_5_7\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-n1-standard-1\"),\n\t\t\t\tDeletionProtectionEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsqlClientCert, err := sql.NewSslCert(ctx, \"sql_client_cert\", \u0026sql.SslCertArgs{\n\t\t\tCommonName: pulumi.String(\"my-cert\"),\n\t\t\tInstance: cloudsqldb.Name,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcloudsqldb,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsqldbUser, err := sql.NewUser(ctx, \"sqldb_user\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"my-username\"),\n\t\t\tInstance: cloudsqldb.Name,\n\t\t\tPassword: pulumi.String(\"my-password\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsqlClientCert,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcloudsqlprofile, err := databasemigrationservice.NewConnectionProfile(ctx, \"cloudsqlprofile\", \u0026databasemigrationservice.ConnectionProfileArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"my-fromprofileid\"),\n\t\t\tDisplayName: pulumi.String(\"my-fromprofileid_display\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tMysql: \u0026databasemigrationservice.ConnectionProfileMysqlArgs{\n\t\t\t\tHost: cloudsqldb.IpAddresses.ApplyT(func(ipAddresses []sql.DatabaseInstanceIpAddress) (*string, error) {\n\t\t\t\t\treturn \u0026ipAddresses[0].IpAddress, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\tPort: pulumi.Int(3306),\n\t\t\t\tUsername: sqldbUser.Name,\n\t\t\t\tPassword: sqldbUser.Password,\n\t\t\t\tSsl: \u0026databasemigrationservice.ConnectionProfileMysqlSslArgs{\n\t\t\t\t\tClientKey: sqlClientCert.PrivateKey,\n\t\t\t\t\tClientCertificate: sqlClientCert.Cert,\n\t\t\t\t\tCaCertificate: sqlClientCert.ServerCaCert,\n\t\t\t\t},\n\t\t\t\tCloudSqlId: pulumi.String(\"my-database\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsqldbUser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = databasemigrationservice.NewConnectionProfile(ctx, \"cloudsqlprofile_destination\", \u0026databasemigrationservice.ConnectionProfileArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"my-toprofileid\"),\n\t\t\tDisplayName: pulumi.String(\"my-toprofileid_displayname\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tCloudsql: \u0026databasemigrationservice.ConnectionProfileCloudsqlArgs{\n\t\t\t\tSettings: \u0026databasemigrationservice.ConnectionProfileCloudsqlSettingsArgs{\n\t\t\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_5_7\"),\n\t\t\t\t\tUserLabels: pulumi.StringMap{\n\t\t\t\t\t\t\"cloudfoo\": pulumi.String(\"cloudbar\"),\n\t\t\t\t\t},\n\t\t\t\t\tTier: pulumi.String(\"db-n1-standard-1\"),\n\t\t\t\t\tEdition: pulumi.String(\"ENTERPRISE\"),\n\t\t\t\t\tStorageAutoResizeLimit: pulumi.String(\"0\"),\n\t\t\t\t\tActivationPolicy: pulumi.String(\"ALWAYS\"),\n\t\t\t\t\tIpConfig: \u0026databasemigrationservice.ConnectionProfileCloudsqlSettingsIpConfigArgs{\n\t\t\t\t\t\tEnableIpv4: pulumi.Bool(true),\n\t\t\t\t\t\tRequireSsl: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tAutoStorageIncrease: pulumi.Bool(true),\n\t\t\t\t\tDataDiskType: pulumi.String(\"PD_HDD\"),\n\t\t\t\t\tDataDiskSizeGb: pulumi.String(\"11\"),\n\t\t\t\t\tZone: pulumi.String(\"us-central1-b\"),\n\t\t\t\t\tSourceId: pulumi.Sprintf(\"projects/%v/locations/us-central1/connectionProfiles/my-fromprofileid\", project.ProjectId),\n\t\t\t\t\tRootPassword: pulumi.String(\"testpasscloudsql\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcloudsqlprofile,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.SslCert;\nimport com.pulumi.gcp.sql.SslCertArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfile;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfileArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileMysqlArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileMysqlSslArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileCloudsqlArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileCloudsqlSettingsArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileCloudsqlSettingsIpConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var cloudsqldb = new DatabaseInstance(\"cloudsqldb\", DatabaseInstanceArgs.builder()\n .name(\"my-database\")\n .databaseVersion(\"MYSQL_5_7\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-n1-standard-1\")\n .deletionProtectionEnabled(false)\n .build())\n .deletionProtection(false)\n .build());\n\n var sqlClientCert = new SslCert(\"sqlClientCert\", SslCertArgs.builder()\n .commonName(\"my-cert\")\n .instance(cloudsqldb.name())\n .build(), CustomResourceOptions.builder()\n .dependsOn(cloudsqldb)\n .build());\n\n var sqldbUser = new User(\"sqldbUser\", UserArgs.builder()\n .name(\"my-username\")\n .instance(cloudsqldb.name())\n .password(\"my-password\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(sqlClientCert)\n .build());\n\n var cloudsqlprofile = new ConnectionProfile(\"cloudsqlprofile\", ConnectionProfileArgs.builder()\n .location(\"us-central1\")\n .connectionProfileId(\"my-fromprofileid\")\n .displayName(\"my-fromprofileid_display\")\n .labels(Map.of(\"foo\", \"bar\"))\n .mysql(ConnectionProfileMysqlArgs.builder()\n .host(cloudsqldb.ipAddresses().applyValue(ipAddresses -\u003e ipAddresses[0].ipAddress()))\n .port(3306)\n .username(sqldbUser.name())\n .password(sqldbUser.password())\n .ssl(ConnectionProfileMysqlSslArgs.builder()\n .clientKey(sqlClientCert.privateKey())\n .clientCertificate(sqlClientCert.cert())\n .caCertificate(sqlClientCert.serverCaCert())\n .build())\n .cloudSqlId(\"my-database\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(sqldbUser)\n .build());\n\n var cloudsqlprofileDestination = new ConnectionProfile(\"cloudsqlprofileDestination\", ConnectionProfileArgs.builder()\n .location(\"us-central1\")\n .connectionProfileId(\"my-toprofileid\")\n .displayName(\"my-toprofileid_displayname\")\n .labels(Map.of(\"foo\", \"bar\"))\n .cloudsql(ConnectionProfileCloudsqlArgs.builder()\n .settings(ConnectionProfileCloudsqlSettingsArgs.builder()\n .databaseVersion(\"MYSQL_5_7\")\n .userLabels(Map.of(\"cloudfoo\", \"cloudbar\"))\n .tier(\"db-n1-standard-1\")\n .edition(\"ENTERPRISE\")\n .storageAutoResizeLimit(\"0\")\n .activationPolicy(\"ALWAYS\")\n .ipConfig(ConnectionProfileCloudsqlSettingsIpConfigArgs.builder()\n .enableIpv4(true)\n .requireSsl(true)\n .build())\n .autoStorageIncrease(true)\n .dataDiskType(\"PD_HDD\")\n .dataDiskSizeGb(\"11\")\n .zone(\"us-central1-b\")\n .sourceId(String.format(\"projects/%s/locations/us-central1/connectionProfiles/my-fromprofileid\", project.applyValue(getProjectResult -\u003e getProjectResult.projectId())))\n .rootPassword(\"testpasscloudsql\")\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(cloudsqlprofile)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cloudsqldb:\n type: gcp:sql:DatabaseInstance\n properties:\n name: my-database\n databaseVersion: MYSQL_5_7\n settings:\n tier: db-n1-standard-1\n deletionProtectionEnabled: false\n deletionProtection: false\n sqlClientCert:\n type: gcp:sql:SslCert\n name: sql_client_cert\n properties:\n commonName: my-cert\n instance: ${cloudsqldb.name}\n options:\n dependson:\n - ${cloudsqldb}\n sqldbUser:\n type: gcp:sql:User\n name: sqldb_user\n properties:\n name: my-username\n instance: ${cloudsqldb.name}\n password: my-password\n options:\n dependson:\n - ${sqlClientCert}\n cloudsqlprofile:\n type: gcp:databasemigrationservice:ConnectionProfile\n properties:\n location: us-central1\n connectionProfileId: my-fromprofileid\n displayName: my-fromprofileid_display\n labels:\n foo: bar\n mysql:\n host: ${cloudsqldb.ipAddresses[0].ipAddress}\n port: 3306\n username: ${sqldbUser.name}\n password: ${sqldbUser.password}\n ssl:\n clientKey: ${sqlClientCert.privateKey}\n clientCertificate: ${sqlClientCert.cert}\n caCertificate: ${sqlClientCert.serverCaCert}\n cloudSqlId: my-database\n options:\n dependson:\n - ${sqldbUser}\n cloudsqlprofileDestination:\n type: gcp:databasemigrationservice:ConnectionProfile\n name: cloudsqlprofile_destination\n properties:\n location: us-central1\n connectionProfileId: my-toprofileid\n displayName: my-toprofileid_displayname\n labels:\n foo: bar\n cloudsql:\n settings:\n databaseVersion: MYSQL_5_7\n userLabels:\n cloudfoo: cloudbar\n tier: db-n1-standard-1\n edition: ENTERPRISE\n storageAutoResizeLimit: '0'\n activationPolicy: ALWAYS\n ipConfig:\n enableIpv4: true\n requireSsl: true\n autoStorageIncrease: true\n dataDiskType: PD_HDD\n dataDiskSizeGb: '11'\n zone: us-central1-b\n sourceId: projects/${project.projectId}/locations/us-central1/connectionProfiles/my-fromprofileid\n rootPassword: testpasscloudsql\n options:\n dependson:\n - ${cloudsqlprofile}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Database Migration Service Connection Profile Postgres\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst postgresqldb = new gcp.sql.DatabaseInstance(\"postgresqldb\", {\n name: \"my-database\",\n databaseVersion: \"POSTGRES_12\",\n settings: {\n tier: \"db-custom-2-13312\",\n },\n deletionProtection: false,\n});\nconst sqlClientCert = new gcp.sql.SslCert(\"sql_client_cert\", {\n commonName: \"my-cert\",\n instance: postgresqldb.name,\n}, {\n dependsOn: [postgresqldb],\n});\nconst sqldbUser = new gcp.sql.User(\"sqldb_user\", {\n name: \"my-username\",\n instance: postgresqldb.name,\n password: \"my-password\",\n}, {\n dependsOn: [sqlClientCert],\n});\nconst postgresprofile = new gcp.databasemigrationservice.ConnectionProfile(\"postgresprofile\", {\n location: \"us-central1\",\n connectionProfileId: \"my-profileid\",\n displayName: \"my-profileid_display\",\n labels: {\n foo: \"bar\",\n },\n postgresql: {\n host: postgresqldb.ipAddresses.apply(ipAddresses =\u003e ipAddresses[0].ipAddress),\n port: 5432,\n username: sqldbUser.name,\n password: sqldbUser.password,\n ssl: {\n clientKey: sqlClientCert.privateKey,\n clientCertificate: sqlClientCert.cert,\n caCertificate: sqlClientCert.serverCaCert,\n },\n cloudSqlId: \"my-database\",\n },\n}, {\n dependsOn: [sqldbUser],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npostgresqldb = gcp.sql.DatabaseInstance(\"postgresqldb\",\n name=\"my-database\",\n database_version=\"POSTGRES_12\",\n settings={\n \"tier\": \"db-custom-2-13312\",\n },\n deletion_protection=False)\nsql_client_cert = gcp.sql.SslCert(\"sql_client_cert\",\n common_name=\"my-cert\",\n instance=postgresqldb.name,\n opts = pulumi.ResourceOptions(depends_on=[postgresqldb]))\nsqldb_user = gcp.sql.User(\"sqldb_user\",\n name=\"my-username\",\n instance=postgresqldb.name,\n password=\"my-password\",\n opts = pulumi.ResourceOptions(depends_on=[sql_client_cert]))\npostgresprofile = gcp.databasemigrationservice.ConnectionProfile(\"postgresprofile\",\n location=\"us-central1\",\n connection_profile_id=\"my-profileid\",\n display_name=\"my-profileid_display\",\n labels={\n \"foo\": \"bar\",\n },\n postgresql={\n \"host\": postgresqldb.ip_addresses[0].ip_address,\n \"port\": 5432,\n \"username\": sqldb_user.name,\n \"password\": sqldb_user.password,\n \"ssl\": {\n \"client_key\": sql_client_cert.private_key,\n \"client_certificate\": sql_client_cert.cert,\n \"ca_certificate\": sql_client_cert.server_ca_cert,\n },\n \"cloud_sql_id\": \"my-database\",\n },\n opts = pulumi.ResourceOptions(depends_on=[sqldb_user]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var postgresqldb = new Gcp.Sql.DatabaseInstance(\"postgresqldb\", new()\n {\n Name = \"my-database\",\n DatabaseVersion = \"POSTGRES_12\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-custom-2-13312\",\n },\n DeletionProtection = false,\n });\n\n var sqlClientCert = new Gcp.Sql.SslCert(\"sql_client_cert\", new()\n {\n CommonName = \"my-cert\",\n Instance = postgresqldb.Name,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n postgresqldb,\n },\n });\n\n var sqldbUser = new Gcp.Sql.User(\"sqldb_user\", new()\n {\n Name = \"my-username\",\n Instance = postgresqldb.Name,\n Password = \"my-password\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n sqlClientCert,\n },\n });\n\n var postgresprofile = new Gcp.DatabaseMigrationService.ConnectionProfile(\"postgresprofile\", new()\n {\n Location = \"us-central1\",\n ConnectionProfileId = \"my-profileid\",\n DisplayName = \"my-profileid_display\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Postgresql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfilePostgresqlArgs\n {\n Host = postgresqldb.IpAddresses.Apply(ipAddresses =\u003e ipAddresses[0].IpAddress),\n Port = 5432,\n Username = sqldbUser.Name,\n Password = sqldbUser.Password,\n Ssl = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfilePostgresqlSslArgs\n {\n ClientKey = sqlClientCert.PrivateKey,\n ClientCertificate = sqlClientCert.Cert,\n CaCertificate = sqlClientCert.ServerCaCert,\n },\n CloudSqlId = \"my-database\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n sqldbUser,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/databasemigrationservice\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpostgresqldb, err := sql.NewDatabaseInstance(ctx, \"postgresqldb\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"my-database\"),\n\t\t\tDatabaseVersion: pulumi.String(\"POSTGRES_12\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-custom-2-13312\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsqlClientCert, err := sql.NewSslCert(ctx, \"sql_client_cert\", \u0026sql.SslCertArgs{\n\t\t\tCommonName: pulumi.String(\"my-cert\"),\n\t\t\tInstance: postgresqldb.Name,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tpostgresqldb,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsqldbUser, err := sql.NewUser(ctx, \"sqldb_user\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"my-username\"),\n\t\t\tInstance: postgresqldb.Name,\n\t\t\tPassword: pulumi.String(\"my-password\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsqlClientCert,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = databasemigrationservice.NewConnectionProfile(ctx, \"postgresprofile\", \u0026databasemigrationservice.ConnectionProfileArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"my-profileid\"),\n\t\t\tDisplayName: pulumi.String(\"my-profileid_display\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tPostgresql: \u0026databasemigrationservice.ConnectionProfilePostgresqlArgs{\n\t\t\t\tHost: postgresqldb.IpAddresses.ApplyT(func(ipAddresses []sql.DatabaseInstanceIpAddress) (*string, error) {\n\t\t\t\t\treturn \u0026ipAddresses[0].IpAddress, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\tPort: pulumi.Int(5432),\n\t\t\t\tUsername: sqldbUser.Name,\n\t\t\t\tPassword: sqldbUser.Password,\n\t\t\t\tSsl: \u0026databasemigrationservice.ConnectionProfilePostgresqlSslArgs{\n\t\t\t\t\tClientKey: sqlClientCert.PrivateKey,\n\t\t\t\t\tClientCertificate: sqlClientCert.Cert,\n\t\t\t\t\tCaCertificate: sqlClientCert.ServerCaCert,\n\t\t\t\t},\n\t\t\t\tCloudSqlId: pulumi.String(\"my-database\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsqldbUser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.SslCert;\nimport com.pulumi.gcp.sql.SslCertArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfile;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfileArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfilePostgresqlArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfilePostgresqlSslArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var postgresqldb = new DatabaseInstance(\"postgresqldb\", DatabaseInstanceArgs.builder()\n .name(\"my-database\")\n .databaseVersion(\"POSTGRES_12\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-custom-2-13312\")\n .build())\n .deletionProtection(false)\n .build());\n\n var sqlClientCert = new SslCert(\"sqlClientCert\", SslCertArgs.builder()\n .commonName(\"my-cert\")\n .instance(postgresqldb.name())\n .build(), CustomResourceOptions.builder()\n .dependsOn(postgresqldb)\n .build());\n\n var sqldbUser = new User(\"sqldbUser\", UserArgs.builder()\n .name(\"my-username\")\n .instance(postgresqldb.name())\n .password(\"my-password\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(sqlClientCert)\n .build());\n\n var postgresprofile = new ConnectionProfile(\"postgresprofile\", ConnectionProfileArgs.builder()\n .location(\"us-central1\")\n .connectionProfileId(\"my-profileid\")\n .displayName(\"my-profileid_display\")\n .labels(Map.of(\"foo\", \"bar\"))\n .postgresql(ConnectionProfilePostgresqlArgs.builder()\n .host(postgresqldb.ipAddresses().applyValue(ipAddresses -\u003e ipAddresses[0].ipAddress()))\n .port(5432)\n .username(sqldbUser.name())\n .password(sqldbUser.password())\n .ssl(ConnectionProfilePostgresqlSslArgs.builder()\n .clientKey(sqlClientCert.privateKey())\n .clientCertificate(sqlClientCert.cert())\n .caCertificate(sqlClientCert.serverCaCert())\n .build())\n .cloudSqlId(\"my-database\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(sqldbUser)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n postgresqldb:\n type: gcp:sql:DatabaseInstance\n properties:\n name: my-database\n databaseVersion: POSTGRES_12\n settings:\n tier: db-custom-2-13312\n deletionProtection: false\n sqlClientCert:\n type: gcp:sql:SslCert\n name: sql_client_cert\n properties:\n commonName: my-cert\n instance: ${postgresqldb.name}\n options:\n dependson:\n - ${postgresqldb}\n sqldbUser:\n type: gcp:sql:User\n name: sqldb_user\n properties:\n name: my-username\n instance: ${postgresqldb.name}\n password: my-password\n options:\n dependson:\n - ${sqlClientCert}\n postgresprofile:\n type: gcp:databasemigrationservice:ConnectionProfile\n properties:\n location: us-central1\n connectionProfileId: my-profileid\n displayName: my-profileid_display\n labels:\n foo: bar\n postgresql:\n host: ${postgresqldb.ipAddresses[0].ipAddress}\n port: 5432\n username: ${sqldbUser.name}\n password: ${sqldbUser.password}\n ssl:\n clientKey: ${sqlClientCert.privateKey}\n clientCertificate: ${sqlClientCert.cert}\n caCertificate: ${sqlClientCert.serverCaCert}\n cloudSqlId: my-database\n options:\n dependson:\n - ${sqldbUser}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Database Migration Service Connection Profile Oracle\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst oracleprofile = new gcp.databasemigrationservice.ConnectionProfile(\"oracleprofile\", {\n location: \"us-central1\",\n connectionProfileId: \"my-profileid\",\n displayName: \"my-profileid_display\",\n labels: {\n foo: \"bar\",\n },\n oracle: {\n host: \"host\",\n port: 1521,\n username: \"username\",\n password: \"password\",\n databaseService: \"dbprovider\",\n staticServiceIpConnectivity: {},\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\noracleprofile = gcp.databasemigrationservice.ConnectionProfile(\"oracleprofile\",\n location=\"us-central1\",\n connection_profile_id=\"my-profileid\",\n display_name=\"my-profileid_display\",\n labels={\n \"foo\": \"bar\",\n },\n oracle={\n \"host\": \"host\",\n \"port\": 1521,\n \"username\": \"username\",\n \"password\": \"password\",\n \"database_service\": \"dbprovider\",\n \"static_service_ip_connectivity\": {},\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var oracleprofile = new Gcp.DatabaseMigrationService.ConnectionProfile(\"oracleprofile\", new()\n {\n Location = \"us-central1\",\n ConnectionProfileId = \"my-profileid\",\n DisplayName = \"my-profileid_display\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Oracle = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileOracleArgs\n {\n Host = \"host\",\n Port = 1521,\n Username = \"username\",\n Password = \"password\",\n DatabaseService = \"dbprovider\",\n StaticServiceIpConnectivity = null,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/databasemigrationservice\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := databasemigrationservice.NewConnectionProfile(ctx, \"oracleprofile\", \u0026databasemigrationservice.ConnectionProfileArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"my-profileid\"),\n\t\t\tDisplayName: pulumi.String(\"my-profileid_display\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tOracle: \u0026databasemigrationservice.ConnectionProfileOracleArgs{\n\t\t\t\tHost: pulumi.String(\"host\"),\n\t\t\t\tPort: pulumi.Int(1521),\n\t\t\t\tUsername: pulumi.String(\"username\"),\n\t\t\t\tPassword: pulumi.String(\"password\"),\n\t\t\t\tDatabaseService: pulumi.String(\"dbprovider\"),\n\t\t\t\tStaticServiceIpConnectivity: \u0026databasemigrationservice.ConnectionProfileOracleStaticServiceIpConnectivityArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfile;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfileArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileOracleArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileOracleStaticServiceIpConnectivityArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var oracleprofile = new ConnectionProfile(\"oracleprofile\", ConnectionProfileArgs.builder()\n .location(\"us-central1\")\n .connectionProfileId(\"my-profileid\")\n .displayName(\"my-profileid_display\")\n .labels(Map.of(\"foo\", \"bar\"))\n .oracle(ConnectionProfileOracleArgs.builder()\n .host(\"host\")\n .port(1521)\n .username(\"username\")\n .password(\"password\")\n .databaseService(\"dbprovider\")\n .staticServiceIpConnectivity()\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n oracleprofile:\n type: gcp:databasemigrationservice:ConnectionProfile\n properties:\n location: us-central1\n connectionProfileId: my-profileid\n displayName: my-profileid_display\n labels:\n foo: bar\n oracle:\n host: host\n port: 1521\n username: username\n password: password\n databaseService: dbprovider\n staticServiceIpConnectivity: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Database Migration Service Connection Profile Alloydb\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst _default = new gcp.compute.Network(\"default\", {name: \"vpc-network\"});\nconst privateIpAlloc = new gcp.compute.GlobalAddress(\"private_ip_alloc\", {\n name: \"private-ip-alloc\",\n addressType: \"INTERNAL\",\n purpose: \"VPC_PEERING\",\n prefixLength: 16,\n network: _default.id,\n});\nconst vpcConnection = new gcp.servicenetworking.Connection(\"vpc_connection\", {\n network: _default.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [privateIpAlloc.name],\n});\nconst alloydbprofile = new gcp.databasemigrationservice.ConnectionProfile(\"alloydbprofile\", {\n location: \"us-central1\",\n connectionProfileId: \"my-profileid\",\n displayName: \"my-profileid_display\",\n labels: {\n foo: \"bar\",\n },\n alloydb: {\n clusterId: \"tf-test-dbmsalloycluster_52865\",\n settings: {\n initialUser: {\n user: \"alloyuser_85840\",\n password: \"alloypass_60302\",\n },\n vpcNetwork: _default.id,\n labels: {\n alloyfoo: \"alloybar\",\n },\n primaryInstanceSettings: {\n id: \"priminstid\",\n machineConfig: {\n cpuCount: 2,\n },\n databaseFlags: {},\n labels: {\n alloysinstfoo: \"allowinstbar\",\n },\n },\n },\n },\n}, {\n dependsOn: [vpcConnection],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ndefault = gcp.compute.Network(\"default\", name=\"vpc-network\")\nprivate_ip_alloc = gcp.compute.GlobalAddress(\"private_ip_alloc\",\n name=\"private-ip-alloc\",\n address_type=\"INTERNAL\",\n purpose=\"VPC_PEERING\",\n prefix_length=16,\n network=default.id)\nvpc_connection = gcp.servicenetworking.Connection(\"vpc_connection\",\n network=default.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[private_ip_alloc.name])\nalloydbprofile = gcp.databasemigrationservice.ConnectionProfile(\"alloydbprofile\",\n location=\"us-central1\",\n connection_profile_id=\"my-profileid\",\n display_name=\"my-profileid_display\",\n labels={\n \"foo\": \"bar\",\n },\n alloydb={\n \"cluster_id\": \"tf-test-dbmsalloycluster_52865\",\n \"settings\": {\n \"initial_user\": {\n \"user\": \"alloyuser_85840\",\n \"password\": \"alloypass_60302\",\n },\n \"vpc_network\": default.id,\n \"labels\": {\n \"alloyfoo\": \"alloybar\",\n },\n \"primary_instance_settings\": {\n \"id\": \"priminstid\",\n \"machine_config\": {\n \"cpu_count\": 2,\n },\n \"database_flags\": {},\n \"labels\": {\n \"alloysinstfoo\": \"allowinstbar\",\n },\n },\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[vpc_connection]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"vpc-network\",\n });\n\n var privateIpAlloc = new Gcp.Compute.GlobalAddress(\"private_ip_alloc\", new()\n {\n Name = \"private-ip-alloc\",\n AddressType = \"INTERNAL\",\n Purpose = \"VPC_PEERING\",\n PrefixLength = 16,\n Network = @default.Id,\n });\n\n var vpcConnection = new Gcp.ServiceNetworking.Connection(\"vpc_connection\", new()\n {\n Network = @default.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n privateIpAlloc.Name,\n },\n });\n\n var alloydbprofile = new Gcp.DatabaseMigrationService.ConnectionProfile(\"alloydbprofile\", new()\n {\n Location = \"us-central1\",\n ConnectionProfileId = \"my-profileid\",\n DisplayName = \"my-profileid_display\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Alloydb = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileAlloydbArgs\n {\n ClusterId = \"tf-test-dbmsalloycluster_52865\",\n Settings = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileAlloydbSettingsArgs\n {\n InitialUser = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileAlloydbSettingsInitialUserArgs\n {\n User = \"alloyuser_85840\",\n Password = \"alloypass_60302\",\n },\n VpcNetwork = @default.Id,\n Labels = \n {\n { \"alloyfoo\", \"alloybar\" },\n },\n PrimaryInstanceSettings = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileAlloydbSettingsPrimaryInstanceSettingsArgs\n {\n Id = \"priminstid\",\n MachineConfig = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileAlloydbSettingsPrimaryInstanceSettingsMachineConfigArgs\n {\n CpuCount = 2,\n },\n DatabaseFlags = null,\n Labels = \n {\n { \"alloysinstfoo\", \"allowinstbar\" },\n },\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n vpcConnection,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/databasemigrationservice\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"vpc-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateIpAlloc, err := compute.NewGlobalAddress(ctx, \"private_ip_alloc\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"private-ip-alloc\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpcConnection, err := servicenetworking.NewConnection(ctx, \"vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: _default.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tprivateIpAlloc.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = databasemigrationservice.NewConnectionProfile(ctx, \"alloydbprofile\", \u0026databasemigrationservice.ConnectionProfileArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"my-profileid\"),\n\t\t\tDisplayName: pulumi.String(\"my-profileid_display\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tAlloydb: \u0026databasemigrationservice.ConnectionProfileAlloydbArgs{\n\t\t\t\tClusterId: pulumi.String(\"tf-test-dbmsalloycluster_52865\"),\n\t\t\t\tSettings: \u0026databasemigrationservice.ConnectionProfileAlloydbSettingsArgs{\n\t\t\t\t\tInitialUser: \u0026databasemigrationservice.ConnectionProfileAlloydbSettingsInitialUserArgs{\n\t\t\t\t\t\tUser: pulumi.String(\"alloyuser_85840\"),\n\t\t\t\t\t\tPassword: pulumi.String(\"alloypass_60302\"),\n\t\t\t\t\t},\n\t\t\t\t\tVpcNetwork: _default.ID(),\n\t\t\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\t\t\"alloyfoo\": pulumi.String(\"alloybar\"),\n\t\t\t\t\t},\n\t\t\t\t\tPrimaryInstanceSettings: \u0026databasemigrationservice.ConnectionProfileAlloydbSettingsPrimaryInstanceSettingsArgs{\n\t\t\t\t\t\tId: pulumi.String(\"priminstid\"),\n\t\t\t\t\t\tMachineConfig: \u0026databasemigrationservice.ConnectionProfileAlloydbSettingsPrimaryInstanceSettingsMachineConfigArgs{\n\t\t\t\t\t\t\tCpuCount: pulumi.Int(2),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDatabaseFlags: pulumi.StringMap{},\n\t\t\t\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\t\t\t\"alloysinstfoo\": pulumi.String(\"allowinstbar\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfile;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfileArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileAlloydbArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileAlloydbSettingsArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileAlloydbSettingsInitialUserArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileAlloydbSettingsPrimaryInstanceSettingsArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileAlloydbSettingsPrimaryInstanceSettingsMachineConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"vpc-network\")\n .build());\n\n var privateIpAlloc = new GlobalAddress(\"privateIpAlloc\", GlobalAddressArgs.builder()\n .name(\"private-ip-alloc\")\n .addressType(\"INTERNAL\")\n .purpose(\"VPC_PEERING\")\n .prefixLength(16)\n .network(default_.id())\n .build());\n\n var vpcConnection = new Connection(\"vpcConnection\", ConnectionArgs.builder()\n .network(default_.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(privateIpAlloc.name())\n .build());\n\n var alloydbprofile = new ConnectionProfile(\"alloydbprofile\", ConnectionProfileArgs.builder()\n .location(\"us-central1\")\n .connectionProfileId(\"my-profileid\")\n .displayName(\"my-profileid_display\")\n .labels(Map.of(\"foo\", \"bar\"))\n .alloydb(ConnectionProfileAlloydbArgs.builder()\n .clusterId(\"tf-test-dbmsalloycluster_52865\")\n .settings(ConnectionProfileAlloydbSettingsArgs.builder()\n .initialUser(ConnectionProfileAlloydbSettingsInitialUserArgs.builder()\n .user(\"alloyuser_85840\")\n .password(\"alloypass_60302\")\n .build())\n .vpcNetwork(default_.id())\n .labels(Map.of(\"alloyfoo\", \"alloybar\"))\n .primaryInstanceSettings(ConnectionProfileAlloydbSettingsPrimaryInstanceSettingsArgs.builder()\n .id(\"priminstid\")\n .machineConfig(ConnectionProfileAlloydbSettingsPrimaryInstanceSettingsMachineConfigArgs.builder()\n .cpuCount(2)\n .build())\n .databaseFlags()\n .labels(Map.of(\"alloysinstfoo\", \"allowinstbar\"))\n .build())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(vpcConnection)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:Network\n properties:\n name: vpc-network\n privateIpAlloc:\n type: gcp:compute:GlobalAddress\n name: private_ip_alloc\n properties:\n name: private-ip-alloc\n addressType: INTERNAL\n purpose: VPC_PEERING\n prefixLength: 16\n network: ${default.id}\n vpcConnection:\n type: gcp:servicenetworking:Connection\n name: vpc_connection\n properties:\n network: ${default.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${privateIpAlloc.name}\n alloydbprofile:\n type: gcp:databasemigrationservice:ConnectionProfile\n properties:\n location: us-central1\n connectionProfileId: my-profileid\n displayName: my-profileid_display\n labels:\n foo: bar\n alloydb:\n clusterId: tf-test-dbmsalloycluster_52865\n settings:\n initialUser:\n user: alloyuser_85840\n password: alloypass_60302\n vpcNetwork: ${default.id}\n labels:\n alloyfoo: alloybar\n primaryInstanceSettings:\n id: priminstid\n machineConfig:\n cpuCount: 2\n databaseFlags: {}\n labels:\n alloysinstfoo: allowinstbar\n options:\n dependson:\n - ${vpcConnection}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Database Migration Service Connection Profile Existing Mysql\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst destinationCsql = new gcp.sql.DatabaseInstance(\"destination_csql\", {\n name: \"destination-csql\",\n databaseVersion: \"MYSQL_5_7\",\n settings: {\n tier: \"db-n1-standard-1\",\n deletionProtectionEnabled: false,\n },\n deletionProtection: false,\n});\nconst existing_mysql = new gcp.databasemigrationservice.ConnectionProfile(\"existing-mysql\", {\n location: \"us-central1\",\n connectionProfileId: \"destination-cp\",\n displayName: \"destination-cp_display\",\n labels: {\n foo: \"bar\",\n },\n mysql: {\n cloudSqlId: \"destination-csql\",\n },\n}, {\n dependsOn: [destinationCsql],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ndestination_csql = gcp.sql.DatabaseInstance(\"destination_csql\",\n name=\"destination-csql\",\n database_version=\"MYSQL_5_7\",\n settings={\n \"tier\": \"db-n1-standard-1\",\n \"deletion_protection_enabled\": False,\n },\n deletion_protection=False)\nexisting_mysql = gcp.databasemigrationservice.ConnectionProfile(\"existing-mysql\",\n location=\"us-central1\",\n connection_profile_id=\"destination-cp\",\n display_name=\"destination-cp_display\",\n labels={\n \"foo\": \"bar\",\n },\n mysql={\n \"cloud_sql_id\": \"destination-csql\",\n },\n opts = pulumi.ResourceOptions(depends_on=[destination_csql]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var destinationCsql = new Gcp.Sql.DatabaseInstance(\"destination_csql\", new()\n {\n Name = \"destination-csql\",\n DatabaseVersion = \"MYSQL_5_7\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-n1-standard-1\",\n DeletionProtectionEnabled = false,\n },\n DeletionProtection = false,\n });\n\n var existing_mysql = new Gcp.DatabaseMigrationService.ConnectionProfile(\"existing-mysql\", new()\n {\n Location = \"us-central1\",\n ConnectionProfileId = \"destination-cp\",\n DisplayName = \"destination-cp_display\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Mysql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileMysqlArgs\n {\n CloudSqlId = \"destination-csql\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n destinationCsql,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/databasemigrationservice\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestinationCsql, err := sql.NewDatabaseInstance(ctx, \"destination_csql\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"destination-csql\"),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_5_7\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-n1-standard-1\"),\n\t\t\t\tDeletionProtectionEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = databasemigrationservice.NewConnectionProfile(ctx, \"existing-mysql\", \u0026databasemigrationservice.ConnectionProfileArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"destination-cp\"),\n\t\t\tDisplayName: pulumi.String(\"destination-cp_display\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tMysql: \u0026databasemigrationservice.ConnectionProfileMysqlArgs{\n\t\t\t\tCloudSqlId: pulumi.String(\"destination-csql\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdestinationCsql,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfile;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfileArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileMysqlArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var destinationCsql = new DatabaseInstance(\"destinationCsql\", DatabaseInstanceArgs.builder()\n .name(\"destination-csql\")\n .databaseVersion(\"MYSQL_5_7\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-n1-standard-1\")\n .deletionProtectionEnabled(false)\n .build())\n .deletionProtection(false)\n .build());\n\n var existing_mysql = new ConnectionProfile(\"existing-mysql\", ConnectionProfileArgs.builder()\n .location(\"us-central1\")\n .connectionProfileId(\"destination-cp\")\n .displayName(\"destination-cp_display\")\n .labels(Map.of(\"foo\", \"bar\"))\n .mysql(ConnectionProfileMysqlArgs.builder()\n .cloudSqlId(\"destination-csql\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(destinationCsql)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n destinationCsql:\n type: gcp:sql:DatabaseInstance\n name: destination_csql\n properties:\n name: destination-csql\n databaseVersion: MYSQL_5_7\n settings:\n tier: db-n1-standard-1\n deletionProtectionEnabled: false\n deletionProtection: false\n existing-mysql:\n type: gcp:databasemigrationservice:ConnectionProfile\n properties:\n location: us-central1\n connectionProfileId: destination-cp\n displayName: destination-cp_display\n labels:\n foo: bar\n mysql:\n cloudSqlId: destination-csql\n options:\n dependson:\n - ${destinationCsql}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Database Migration Service Connection Profile Existing Postgres\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst destinationCsql = new gcp.sql.DatabaseInstance(\"destination_csql\", {\n name: \"destination-csql\",\n databaseVersion: \"POSTGRES_15\",\n settings: {\n tier: \"db-custom-2-13312\",\n deletionProtectionEnabled: false,\n },\n deletionProtection: false,\n});\nconst existing_psql = new gcp.databasemigrationservice.ConnectionProfile(\"existing-psql\", {\n location: \"us-central1\",\n connectionProfileId: \"destination-cp\",\n displayName: \"destination-cp_display\",\n labels: {\n foo: \"bar\",\n },\n postgresql: {\n cloudSqlId: \"destination-csql\",\n },\n}, {\n dependsOn: [destinationCsql],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ndestination_csql = gcp.sql.DatabaseInstance(\"destination_csql\",\n name=\"destination-csql\",\n database_version=\"POSTGRES_15\",\n settings={\n \"tier\": \"db-custom-2-13312\",\n \"deletion_protection_enabled\": False,\n },\n deletion_protection=False)\nexisting_psql = gcp.databasemigrationservice.ConnectionProfile(\"existing-psql\",\n location=\"us-central1\",\n connection_profile_id=\"destination-cp\",\n display_name=\"destination-cp_display\",\n labels={\n \"foo\": \"bar\",\n },\n postgresql={\n \"cloud_sql_id\": \"destination-csql\",\n },\n opts = pulumi.ResourceOptions(depends_on=[destination_csql]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var destinationCsql = new Gcp.Sql.DatabaseInstance(\"destination_csql\", new()\n {\n Name = \"destination-csql\",\n DatabaseVersion = \"POSTGRES_15\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-custom-2-13312\",\n DeletionProtectionEnabled = false,\n },\n DeletionProtection = false,\n });\n\n var existing_psql = new Gcp.DatabaseMigrationService.ConnectionProfile(\"existing-psql\", new()\n {\n Location = \"us-central1\",\n ConnectionProfileId = \"destination-cp\",\n DisplayName = \"destination-cp_display\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Postgresql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfilePostgresqlArgs\n {\n CloudSqlId = \"destination-csql\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n destinationCsql,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/databasemigrationservice\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestinationCsql, err := sql.NewDatabaseInstance(ctx, \"destination_csql\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"destination-csql\"),\n\t\t\tDatabaseVersion: pulumi.String(\"POSTGRES_15\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-custom-2-13312\"),\n\t\t\t\tDeletionProtectionEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = databasemigrationservice.NewConnectionProfile(ctx, \"existing-psql\", \u0026databasemigrationservice.ConnectionProfileArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"destination-cp\"),\n\t\t\tDisplayName: pulumi.String(\"destination-cp_display\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tPostgresql: \u0026databasemigrationservice.ConnectionProfilePostgresqlArgs{\n\t\t\t\tCloudSqlId: pulumi.String(\"destination-csql\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdestinationCsql,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfile;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfileArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfilePostgresqlArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var destinationCsql = new DatabaseInstance(\"destinationCsql\", DatabaseInstanceArgs.builder()\n .name(\"destination-csql\")\n .databaseVersion(\"POSTGRES_15\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-custom-2-13312\")\n .deletionProtectionEnabled(false)\n .build())\n .deletionProtection(false)\n .build());\n\n var existing_psql = new ConnectionProfile(\"existing-psql\", ConnectionProfileArgs.builder()\n .location(\"us-central1\")\n .connectionProfileId(\"destination-cp\")\n .displayName(\"destination-cp_display\")\n .labels(Map.of(\"foo\", \"bar\"))\n .postgresql(ConnectionProfilePostgresqlArgs.builder()\n .cloudSqlId(\"destination-csql\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(destinationCsql)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n destinationCsql:\n type: gcp:sql:DatabaseInstance\n name: destination_csql\n properties:\n name: destination-csql\n databaseVersion: POSTGRES_15\n settings:\n tier: db-custom-2-13312\n deletionProtectionEnabled: false\n deletionProtection: false\n existing-psql:\n type: gcp:databasemigrationservice:ConnectionProfile\n properties:\n location: us-central1\n connectionProfileId: destination-cp\n displayName: destination-cp_display\n labels:\n foo: bar\n postgresql:\n cloudSqlId: destination-csql\n options:\n dependson:\n - ${destinationCsql}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Database Migration Service Connection Profile Existing Alloydb\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst _default = new gcp.compute.Network(\"default\", {name: \"destination-alloydb\"});\nconst destinationAlloydb = new gcp.alloydb.Cluster(\"destination_alloydb\", {\n clusterId: \"destination-alloydb\",\n location: \"us-central1\",\n networkConfig: {\n network: _default.id,\n },\n databaseVersion: \"POSTGRES_15\",\n initialUser: {\n user: \"destination-alloydb\",\n password: \"destination-alloydb\",\n },\n});\nconst privateIpAlloc = new gcp.compute.GlobalAddress(\"private_ip_alloc\", {\n name: \"destination-alloydb\",\n addressType: \"INTERNAL\",\n purpose: \"VPC_PEERING\",\n prefixLength: 16,\n network: _default.id,\n});\nconst vpcConnection = new gcp.servicenetworking.Connection(\"vpc_connection\", {\n network: _default.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [privateIpAlloc.name],\n});\nconst destinationAlloydbPrimary = new gcp.alloydb.Instance(\"destination_alloydb_primary\", {\n cluster: destinationAlloydb.name,\n instanceId: \"destination-alloydb-primary\",\n instanceType: \"PRIMARY\",\n}, {\n dependsOn: [vpcConnection],\n});\nconst existing_alloydb = new gcp.databasemigrationservice.ConnectionProfile(\"existing-alloydb\", {\n location: \"us-central1\",\n connectionProfileId: \"destination-cp\",\n displayName: \"destination-cp_display\",\n labels: {\n foo: \"bar\",\n },\n postgresql: {\n alloydbClusterId: \"destination-alloydb\",\n },\n}, {\n dependsOn: [\n destinationAlloydb,\n destinationAlloydbPrimary,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ndefault = gcp.compute.Network(\"default\", name=\"destination-alloydb\")\ndestination_alloydb = gcp.alloydb.Cluster(\"destination_alloydb\",\n cluster_id=\"destination-alloydb\",\n location=\"us-central1\",\n network_config={\n \"network\": default.id,\n },\n database_version=\"POSTGRES_15\",\n initial_user={\n \"user\": \"destination-alloydb\",\n \"password\": \"destination-alloydb\",\n })\nprivate_ip_alloc = gcp.compute.GlobalAddress(\"private_ip_alloc\",\n name=\"destination-alloydb\",\n address_type=\"INTERNAL\",\n purpose=\"VPC_PEERING\",\n prefix_length=16,\n network=default.id)\nvpc_connection = gcp.servicenetworking.Connection(\"vpc_connection\",\n network=default.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[private_ip_alloc.name])\ndestination_alloydb_primary = gcp.alloydb.Instance(\"destination_alloydb_primary\",\n cluster=destination_alloydb.name,\n instance_id=\"destination-alloydb-primary\",\n instance_type=\"PRIMARY\",\n opts = pulumi.ResourceOptions(depends_on=[vpc_connection]))\nexisting_alloydb = gcp.databasemigrationservice.ConnectionProfile(\"existing-alloydb\",\n location=\"us-central1\",\n connection_profile_id=\"destination-cp\",\n display_name=\"destination-cp_display\",\n labels={\n \"foo\": \"bar\",\n },\n postgresql={\n \"alloydb_cluster_id\": \"destination-alloydb\",\n },\n opts = pulumi.ResourceOptions(depends_on=[\n destination_alloydb,\n destination_alloydb_primary,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"destination-alloydb\",\n });\n\n var destinationAlloydb = new Gcp.Alloydb.Cluster(\"destination_alloydb\", new()\n {\n ClusterId = \"destination-alloydb\",\n Location = \"us-central1\",\n NetworkConfig = new Gcp.Alloydb.Inputs.ClusterNetworkConfigArgs\n {\n Network = @default.Id,\n },\n DatabaseVersion = \"POSTGRES_15\",\n InitialUser = new Gcp.Alloydb.Inputs.ClusterInitialUserArgs\n {\n User = \"destination-alloydb\",\n Password = \"destination-alloydb\",\n },\n });\n\n var privateIpAlloc = new Gcp.Compute.GlobalAddress(\"private_ip_alloc\", new()\n {\n Name = \"destination-alloydb\",\n AddressType = \"INTERNAL\",\n Purpose = \"VPC_PEERING\",\n PrefixLength = 16,\n Network = @default.Id,\n });\n\n var vpcConnection = new Gcp.ServiceNetworking.Connection(\"vpc_connection\", new()\n {\n Network = @default.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n privateIpAlloc.Name,\n },\n });\n\n var destinationAlloydbPrimary = new Gcp.Alloydb.Instance(\"destination_alloydb_primary\", new()\n {\n Cluster = destinationAlloydb.Name,\n InstanceId = \"destination-alloydb-primary\",\n InstanceType = \"PRIMARY\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n vpcConnection,\n },\n });\n\n var existing_alloydb = new Gcp.DatabaseMigrationService.ConnectionProfile(\"existing-alloydb\", new()\n {\n Location = \"us-central1\",\n ConnectionProfileId = \"destination-cp\",\n DisplayName = \"destination-cp_display\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Postgresql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfilePostgresqlArgs\n {\n AlloydbClusterId = \"destination-alloydb\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n destinationAlloydb,\n destinationAlloydbPrimary,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/alloydb\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/databasemigrationservice\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"destination-alloydb\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestinationAlloydb, err := alloydb.NewCluster(ctx, \"destination_alloydb\", \u0026alloydb.ClusterArgs{\n\t\t\tClusterId: pulumi.String(\"destination-alloydb\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tNetworkConfig: \u0026alloydb.ClusterNetworkConfigArgs{\n\t\t\t\tNetwork: _default.ID(),\n\t\t\t},\n\t\t\tDatabaseVersion: pulumi.String(\"POSTGRES_15\"),\n\t\t\tInitialUser: \u0026alloydb.ClusterInitialUserArgs{\n\t\t\t\tUser: pulumi.String(\"destination-alloydb\"),\n\t\t\t\tPassword: pulumi.String(\"destination-alloydb\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateIpAlloc, err := compute.NewGlobalAddress(ctx, \"private_ip_alloc\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"destination-alloydb\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpcConnection, err := servicenetworking.NewConnection(ctx, \"vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: _default.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tprivateIpAlloc.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestinationAlloydbPrimary, err := alloydb.NewInstance(ctx, \"destination_alloydb_primary\", \u0026alloydb.InstanceArgs{\n\t\t\tCluster: destinationAlloydb.Name,\n\t\t\tInstanceId: pulumi.String(\"destination-alloydb-primary\"),\n\t\t\tInstanceType: pulumi.String(\"PRIMARY\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = databasemigrationservice.NewConnectionProfile(ctx, \"existing-alloydb\", \u0026databasemigrationservice.ConnectionProfileArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"destination-cp\"),\n\t\t\tDisplayName: pulumi.String(\"destination-cp_display\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tPostgresql: \u0026databasemigrationservice.ConnectionProfilePostgresqlArgs{\n\t\t\t\tAlloydbClusterId: pulumi.String(\"destination-alloydb\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdestinationAlloydb,\n\t\t\tdestinationAlloydbPrimary,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.alloydb.Cluster;\nimport com.pulumi.gcp.alloydb.ClusterArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterNetworkConfigArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterInitialUserArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.alloydb.Instance;\nimport com.pulumi.gcp.alloydb.InstanceArgs;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfile;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfileArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfilePostgresqlArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"destination-alloydb\")\n .build());\n\n var destinationAlloydb = new Cluster(\"destinationAlloydb\", ClusterArgs.builder()\n .clusterId(\"destination-alloydb\")\n .location(\"us-central1\")\n .networkConfig(ClusterNetworkConfigArgs.builder()\n .network(default_.id())\n .build())\n .databaseVersion(\"POSTGRES_15\")\n .initialUser(ClusterInitialUserArgs.builder()\n .user(\"destination-alloydb\")\n .password(\"destination-alloydb\")\n .build())\n .build());\n\n var privateIpAlloc = new GlobalAddress(\"privateIpAlloc\", GlobalAddressArgs.builder()\n .name(\"destination-alloydb\")\n .addressType(\"INTERNAL\")\n .purpose(\"VPC_PEERING\")\n .prefixLength(16)\n .network(default_.id())\n .build());\n\n var vpcConnection = new Connection(\"vpcConnection\", ConnectionArgs.builder()\n .network(default_.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(privateIpAlloc.name())\n .build());\n\n var destinationAlloydbPrimary = new Instance(\"destinationAlloydbPrimary\", InstanceArgs.builder()\n .cluster(destinationAlloydb.name())\n .instanceId(\"destination-alloydb-primary\")\n .instanceType(\"PRIMARY\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(vpcConnection)\n .build());\n\n var existing_alloydb = new ConnectionProfile(\"existing-alloydb\", ConnectionProfileArgs.builder()\n .location(\"us-central1\")\n .connectionProfileId(\"destination-cp\")\n .displayName(\"destination-cp_display\")\n .labels(Map.of(\"foo\", \"bar\"))\n .postgresql(ConnectionProfilePostgresqlArgs.builder()\n .alloydbClusterId(\"destination-alloydb\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n destinationAlloydb,\n destinationAlloydbPrimary)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n destinationAlloydb:\n type: gcp:alloydb:Cluster\n name: destination_alloydb\n properties:\n clusterId: destination-alloydb\n location: us-central1\n networkConfig:\n network: ${default.id}\n databaseVersion: POSTGRES_15\n initialUser:\n user: destination-alloydb\n password: destination-alloydb\n destinationAlloydbPrimary:\n type: gcp:alloydb:Instance\n name: destination_alloydb_primary\n properties:\n cluster: ${destinationAlloydb.name}\n instanceId: destination-alloydb-primary\n instanceType: PRIMARY\n options:\n dependson:\n - ${vpcConnection}\n privateIpAlloc:\n type: gcp:compute:GlobalAddress\n name: private_ip_alloc\n properties:\n name: destination-alloydb\n addressType: INTERNAL\n purpose: VPC_PEERING\n prefixLength: 16\n network: ${default.id}\n vpcConnection:\n type: gcp:servicenetworking:Connection\n name: vpc_connection\n properties:\n network: ${default.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${privateIpAlloc.name}\n default:\n type: gcp:compute:Network\n properties:\n name: destination-alloydb\n existing-alloydb:\n type: gcp:databasemigrationservice:ConnectionProfile\n properties:\n location: us-central1\n connectionProfileId: destination-cp\n displayName: destination-cp_display\n labels:\n foo: bar\n postgresql:\n alloydbClusterId: destination-alloydb\n options:\n dependson:\n - ${destinationAlloydb}\n - ${destinationAlloydbPrimary}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nConnectionProfile can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/connectionProfiles/{{connection_profile_id}}`\n\n* `{{project}}/{{location}}/{{connection_profile_id}}`\n\n* `{{location}}/{{connection_profile_id}}`\n\nWhen using the `pulumi import` command, ConnectionProfile can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:databasemigrationservice/connectionProfile:ConnectionProfile default projects/{{project}}/locations/{{location}}/connectionProfiles/{{connection_profile_id}}\n```\n\n```sh\n$ pulumi import gcp:databasemigrationservice/connectionProfile:ConnectionProfile default {{project}}/{{location}}/{{connection_profile_id}}\n```\n\n```sh\n$ pulumi import gcp:databasemigrationservice/connectionProfile:ConnectionProfile default {{location}}/{{connection_profile_id}}\n```\n\n", + "description": "A connection profile definition.\n\n\nTo get more information about ConnectionProfile, see:\n\n* [API documentation](https://cloud.google.com/database-migration/docs/reference/rest/v1/projects.locations.connectionProfiles/create)\n* How-to Guides\n * [Database Migration](https://cloud.google.com/database-migration/docs/)\n\n\n\n## Example Usage\n\n### Database Migration Service Connection Profile Cloudsql\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst cloudsqldb = new gcp.sql.DatabaseInstance(\"cloudsqldb\", {\n name: \"my-database\",\n databaseVersion: \"MYSQL_5_7\",\n settings: {\n tier: \"db-n1-standard-1\",\n deletionProtectionEnabled: false,\n },\n deletionProtection: false,\n});\nconst sqlClientCert = new gcp.sql.SslCert(\"sql_client_cert\", {\n commonName: \"my-cert\",\n instance: cloudsqldb.name,\n}, {\n dependsOn: [cloudsqldb],\n});\nconst sqldbUser = new gcp.sql.User(\"sqldb_user\", {\n name: \"my-username\",\n instance: cloudsqldb.name,\n password: \"my-password\",\n}, {\n dependsOn: [sqlClientCert],\n});\nconst cloudsqlprofile = new gcp.databasemigrationservice.ConnectionProfile(\"cloudsqlprofile\", {\n location: \"us-central1\",\n connectionProfileId: \"my-fromprofileid\",\n displayName: \"my-fromprofileid_display\",\n labels: {\n foo: \"bar\",\n },\n mysql: {\n host: cloudsqldb.ipAddresses.apply(ipAddresses =\u003e ipAddresses[0].ipAddress),\n port: 3306,\n username: sqldbUser.name,\n password: sqldbUser.password,\n ssl: {\n clientKey: sqlClientCert.privateKey,\n clientCertificate: sqlClientCert.cert,\n caCertificate: sqlClientCert.serverCaCert,\n },\n cloudSqlId: \"my-database\",\n },\n}, {\n dependsOn: [sqldbUser],\n});\nconst cloudsqlprofileDestination = new gcp.databasemigrationservice.ConnectionProfile(\"cloudsqlprofile_destination\", {\n location: \"us-central1\",\n connectionProfileId: \"my-toprofileid\",\n displayName: \"my-toprofileid_displayname\",\n labels: {\n foo: \"bar\",\n },\n cloudsql: {\n settings: {\n databaseVersion: \"MYSQL_5_7\",\n userLabels: {\n cloudfoo: \"cloudbar\",\n },\n tier: \"db-n1-standard-1\",\n edition: \"ENTERPRISE\",\n storageAutoResizeLimit: \"0\",\n activationPolicy: \"ALWAYS\",\n ipConfig: {\n enableIpv4: true,\n requireSsl: true,\n },\n autoStorageIncrease: true,\n dataDiskType: \"PD_HDD\",\n dataDiskSizeGb: \"11\",\n zone: \"us-central1-b\",\n sourceId: project.then(project =\u003e `projects/${project.projectId}/locations/us-central1/connectionProfiles/my-fromprofileid`),\n rootPassword: \"testpasscloudsql\",\n },\n },\n}, {\n dependsOn: [cloudsqlprofile],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ncloudsqldb = gcp.sql.DatabaseInstance(\"cloudsqldb\",\n name=\"my-database\",\n database_version=\"MYSQL_5_7\",\n settings={\n \"tier\": \"db-n1-standard-1\",\n \"deletion_protection_enabled\": False,\n },\n deletion_protection=False)\nsql_client_cert = gcp.sql.SslCert(\"sql_client_cert\",\n common_name=\"my-cert\",\n instance=cloudsqldb.name,\n opts = pulumi.ResourceOptions(depends_on=[cloudsqldb]))\nsqldb_user = gcp.sql.User(\"sqldb_user\",\n name=\"my-username\",\n instance=cloudsqldb.name,\n password=\"my-password\",\n opts = pulumi.ResourceOptions(depends_on=[sql_client_cert]))\ncloudsqlprofile = gcp.databasemigrationservice.ConnectionProfile(\"cloudsqlprofile\",\n location=\"us-central1\",\n connection_profile_id=\"my-fromprofileid\",\n display_name=\"my-fromprofileid_display\",\n labels={\n \"foo\": \"bar\",\n },\n mysql={\n \"host\": cloudsqldb.ip_addresses[0].ip_address,\n \"port\": 3306,\n \"username\": sqldb_user.name,\n \"password\": sqldb_user.password,\n \"ssl\": {\n \"client_key\": sql_client_cert.private_key,\n \"client_certificate\": sql_client_cert.cert,\n \"ca_certificate\": sql_client_cert.server_ca_cert,\n },\n \"cloud_sql_id\": \"my-database\",\n },\n opts = pulumi.ResourceOptions(depends_on=[sqldb_user]))\ncloudsqlprofile_destination = gcp.databasemigrationservice.ConnectionProfile(\"cloudsqlprofile_destination\",\n location=\"us-central1\",\n connection_profile_id=\"my-toprofileid\",\n display_name=\"my-toprofileid_displayname\",\n labels={\n \"foo\": \"bar\",\n },\n cloudsql={\n \"settings\": {\n \"database_version\": \"MYSQL_5_7\",\n \"user_labels\": {\n \"cloudfoo\": \"cloudbar\",\n },\n \"tier\": \"db-n1-standard-1\",\n \"edition\": \"ENTERPRISE\",\n \"storage_auto_resize_limit\": \"0\",\n \"activation_policy\": \"ALWAYS\",\n \"ip_config\": {\n \"enable_ipv4\": True,\n \"require_ssl\": True,\n },\n \"auto_storage_increase\": True,\n \"data_disk_type\": \"PD_HDD\",\n \"data_disk_size_gb\": \"11\",\n \"zone\": \"us-central1-b\",\n \"source_id\": f\"projects/{project.project_id}/locations/us-central1/connectionProfiles/my-fromprofileid\",\n \"root_password\": \"testpasscloudsql\",\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[cloudsqlprofile]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var cloudsqldb = new Gcp.Sql.DatabaseInstance(\"cloudsqldb\", new()\n {\n Name = \"my-database\",\n DatabaseVersion = \"MYSQL_5_7\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-n1-standard-1\",\n DeletionProtectionEnabled = false,\n },\n DeletionProtection = false,\n });\n\n var sqlClientCert = new Gcp.Sql.SslCert(\"sql_client_cert\", new()\n {\n CommonName = \"my-cert\",\n Instance = cloudsqldb.Name,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n cloudsqldb,\n },\n });\n\n var sqldbUser = new Gcp.Sql.User(\"sqldb_user\", new()\n {\n Name = \"my-username\",\n Instance = cloudsqldb.Name,\n Password = \"my-password\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n sqlClientCert,\n },\n });\n\n var cloudsqlprofile = new Gcp.DatabaseMigrationService.ConnectionProfile(\"cloudsqlprofile\", new()\n {\n Location = \"us-central1\",\n ConnectionProfileId = \"my-fromprofileid\",\n DisplayName = \"my-fromprofileid_display\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Mysql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileMysqlArgs\n {\n Host = cloudsqldb.IpAddresses.Apply(ipAddresses =\u003e ipAddresses[0].IpAddress),\n Port = 3306,\n Username = sqldbUser.Name,\n Password = sqldbUser.Password,\n Ssl = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileMysqlSslArgs\n {\n ClientKey = sqlClientCert.PrivateKey,\n ClientCertificate = sqlClientCert.Cert,\n CaCertificate = sqlClientCert.ServerCaCert,\n },\n CloudSqlId = \"my-database\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n sqldbUser,\n },\n });\n\n var cloudsqlprofileDestination = new Gcp.DatabaseMigrationService.ConnectionProfile(\"cloudsqlprofile_destination\", new()\n {\n Location = \"us-central1\",\n ConnectionProfileId = \"my-toprofileid\",\n DisplayName = \"my-toprofileid_displayname\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Cloudsql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileCloudsqlArgs\n {\n Settings = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileCloudsqlSettingsArgs\n {\n DatabaseVersion = \"MYSQL_5_7\",\n UserLabels = \n {\n { \"cloudfoo\", \"cloudbar\" },\n },\n Tier = \"db-n1-standard-1\",\n Edition = \"ENTERPRISE\",\n StorageAutoResizeLimit = \"0\",\n ActivationPolicy = \"ALWAYS\",\n IpConfig = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileCloudsqlSettingsIpConfigArgs\n {\n EnableIpv4 = true,\n RequireSsl = true,\n },\n AutoStorageIncrease = true,\n DataDiskType = \"PD_HDD\",\n DataDiskSizeGb = \"11\",\n Zone = \"us-central1-b\",\n SourceId = $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.ProjectId)}/locations/us-central1/connectionProfiles/my-fromprofileid\",\n RootPassword = \"testpasscloudsql\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n cloudsqlprofile,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/databasemigrationservice\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcloudsqldb, err := sql.NewDatabaseInstance(ctx, \"cloudsqldb\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"my-database\"),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_5_7\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-n1-standard-1\"),\n\t\t\t\tDeletionProtectionEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsqlClientCert, err := sql.NewSslCert(ctx, \"sql_client_cert\", \u0026sql.SslCertArgs{\n\t\t\tCommonName: pulumi.String(\"my-cert\"),\n\t\t\tInstance: cloudsqldb.Name,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcloudsqldb,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsqldbUser, err := sql.NewUser(ctx, \"sqldb_user\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"my-username\"),\n\t\t\tInstance: cloudsqldb.Name,\n\t\t\tPassword: pulumi.String(\"my-password\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsqlClientCert,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcloudsqlprofile, err := databasemigrationservice.NewConnectionProfile(ctx, \"cloudsqlprofile\", \u0026databasemigrationservice.ConnectionProfileArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"my-fromprofileid\"),\n\t\t\tDisplayName: pulumi.String(\"my-fromprofileid_display\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tMysql: \u0026databasemigrationservice.ConnectionProfileMysqlArgs{\n\t\t\t\tHost: cloudsqldb.IpAddresses.ApplyT(func(ipAddresses []sql.DatabaseInstanceIpAddress) (*string, error) {\n\t\t\t\t\treturn \u0026ipAddresses[0].IpAddress, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\tPort: pulumi.Int(3306),\n\t\t\t\tUsername: sqldbUser.Name,\n\t\t\t\tPassword: sqldbUser.Password,\n\t\t\t\tSsl: \u0026databasemigrationservice.ConnectionProfileMysqlSslArgs{\n\t\t\t\t\tClientKey: sqlClientCert.PrivateKey,\n\t\t\t\t\tClientCertificate: sqlClientCert.Cert,\n\t\t\t\t\tCaCertificate: sqlClientCert.ServerCaCert,\n\t\t\t\t},\n\t\t\t\tCloudSqlId: pulumi.String(\"my-database\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsqldbUser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = databasemigrationservice.NewConnectionProfile(ctx, \"cloudsqlprofile_destination\", \u0026databasemigrationservice.ConnectionProfileArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"my-toprofileid\"),\n\t\t\tDisplayName: pulumi.String(\"my-toprofileid_displayname\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tCloudsql: \u0026databasemigrationservice.ConnectionProfileCloudsqlArgs{\n\t\t\t\tSettings: \u0026databasemigrationservice.ConnectionProfileCloudsqlSettingsArgs{\n\t\t\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_5_7\"),\n\t\t\t\t\tUserLabels: pulumi.StringMap{\n\t\t\t\t\t\t\"cloudfoo\": pulumi.String(\"cloudbar\"),\n\t\t\t\t\t},\n\t\t\t\t\tTier: pulumi.String(\"db-n1-standard-1\"),\n\t\t\t\t\tEdition: pulumi.String(\"ENTERPRISE\"),\n\t\t\t\t\tStorageAutoResizeLimit: pulumi.String(\"0\"),\n\t\t\t\t\tActivationPolicy: pulumi.String(\"ALWAYS\"),\n\t\t\t\t\tIpConfig: \u0026databasemigrationservice.ConnectionProfileCloudsqlSettingsIpConfigArgs{\n\t\t\t\t\t\tEnableIpv4: pulumi.Bool(true),\n\t\t\t\t\t\tRequireSsl: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tAutoStorageIncrease: pulumi.Bool(true),\n\t\t\t\t\tDataDiskType: pulumi.String(\"PD_HDD\"),\n\t\t\t\t\tDataDiskSizeGb: pulumi.String(\"11\"),\n\t\t\t\t\tZone: pulumi.String(\"us-central1-b\"),\n\t\t\t\t\tSourceId: pulumi.Sprintf(\"projects/%v/locations/us-central1/connectionProfiles/my-fromprofileid\", project.ProjectId),\n\t\t\t\t\tRootPassword: pulumi.String(\"testpasscloudsql\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcloudsqlprofile,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.SslCert;\nimport com.pulumi.gcp.sql.SslCertArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfile;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfileArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileMysqlArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileMysqlSslArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileCloudsqlArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileCloudsqlSettingsArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileCloudsqlSettingsIpConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var cloudsqldb = new DatabaseInstance(\"cloudsqldb\", DatabaseInstanceArgs.builder()\n .name(\"my-database\")\n .databaseVersion(\"MYSQL_5_7\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-n1-standard-1\")\n .deletionProtectionEnabled(false)\n .build())\n .deletionProtection(false)\n .build());\n\n var sqlClientCert = new SslCert(\"sqlClientCert\", SslCertArgs.builder()\n .commonName(\"my-cert\")\n .instance(cloudsqldb.name())\n .build(), CustomResourceOptions.builder()\n .dependsOn(cloudsqldb)\n .build());\n\n var sqldbUser = new User(\"sqldbUser\", UserArgs.builder()\n .name(\"my-username\")\n .instance(cloudsqldb.name())\n .password(\"my-password\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(sqlClientCert)\n .build());\n\n var cloudsqlprofile = new ConnectionProfile(\"cloudsqlprofile\", ConnectionProfileArgs.builder()\n .location(\"us-central1\")\n .connectionProfileId(\"my-fromprofileid\")\n .displayName(\"my-fromprofileid_display\")\n .labels(Map.of(\"foo\", \"bar\"))\n .mysql(ConnectionProfileMysqlArgs.builder()\n .host(cloudsqldb.ipAddresses().applyValue(ipAddresses -\u003e ipAddresses[0].ipAddress()))\n .port(3306)\n .username(sqldbUser.name())\n .password(sqldbUser.password())\n .ssl(ConnectionProfileMysqlSslArgs.builder()\n .clientKey(sqlClientCert.privateKey())\n .clientCertificate(sqlClientCert.cert())\n .caCertificate(sqlClientCert.serverCaCert())\n .build())\n .cloudSqlId(\"my-database\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(sqldbUser)\n .build());\n\n var cloudsqlprofileDestination = new ConnectionProfile(\"cloudsqlprofileDestination\", ConnectionProfileArgs.builder()\n .location(\"us-central1\")\n .connectionProfileId(\"my-toprofileid\")\n .displayName(\"my-toprofileid_displayname\")\n .labels(Map.of(\"foo\", \"bar\"))\n .cloudsql(ConnectionProfileCloudsqlArgs.builder()\n .settings(ConnectionProfileCloudsqlSettingsArgs.builder()\n .databaseVersion(\"MYSQL_5_7\")\n .userLabels(Map.of(\"cloudfoo\", \"cloudbar\"))\n .tier(\"db-n1-standard-1\")\n .edition(\"ENTERPRISE\")\n .storageAutoResizeLimit(\"0\")\n .activationPolicy(\"ALWAYS\")\n .ipConfig(ConnectionProfileCloudsqlSettingsIpConfigArgs.builder()\n .enableIpv4(true)\n .requireSsl(true)\n .build())\n .autoStorageIncrease(true)\n .dataDiskType(\"PD_HDD\")\n .dataDiskSizeGb(\"11\")\n .zone(\"us-central1-b\")\n .sourceId(String.format(\"projects/%s/locations/us-central1/connectionProfiles/my-fromprofileid\", project.applyValue(getProjectResult -\u003e getProjectResult.projectId())))\n .rootPassword(\"testpasscloudsql\")\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(cloudsqlprofile)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cloudsqldb:\n type: gcp:sql:DatabaseInstance\n properties:\n name: my-database\n databaseVersion: MYSQL_5_7\n settings:\n tier: db-n1-standard-1\n deletionProtectionEnabled: false\n deletionProtection: false\n sqlClientCert:\n type: gcp:sql:SslCert\n name: sql_client_cert\n properties:\n commonName: my-cert\n instance: ${cloudsqldb.name}\n options:\n dependsOn:\n - ${cloudsqldb}\n sqldbUser:\n type: gcp:sql:User\n name: sqldb_user\n properties:\n name: my-username\n instance: ${cloudsqldb.name}\n password: my-password\n options:\n dependsOn:\n - ${sqlClientCert}\n cloudsqlprofile:\n type: gcp:databasemigrationservice:ConnectionProfile\n properties:\n location: us-central1\n connectionProfileId: my-fromprofileid\n displayName: my-fromprofileid_display\n labels:\n foo: bar\n mysql:\n host: ${cloudsqldb.ipAddresses[0].ipAddress}\n port: 3306\n username: ${sqldbUser.name}\n password: ${sqldbUser.password}\n ssl:\n clientKey: ${sqlClientCert.privateKey}\n clientCertificate: ${sqlClientCert.cert}\n caCertificate: ${sqlClientCert.serverCaCert}\n cloudSqlId: my-database\n options:\n dependsOn:\n - ${sqldbUser}\n cloudsqlprofileDestination:\n type: gcp:databasemigrationservice:ConnectionProfile\n name: cloudsqlprofile_destination\n properties:\n location: us-central1\n connectionProfileId: my-toprofileid\n displayName: my-toprofileid_displayname\n labels:\n foo: bar\n cloudsql:\n settings:\n databaseVersion: MYSQL_5_7\n userLabels:\n cloudfoo: cloudbar\n tier: db-n1-standard-1\n edition: ENTERPRISE\n storageAutoResizeLimit: '0'\n activationPolicy: ALWAYS\n ipConfig:\n enableIpv4: true\n requireSsl: true\n autoStorageIncrease: true\n dataDiskType: PD_HDD\n dataDiskSizeGb: '11'\n zone: us-central1-b\n sourceId: projects/${project.projectId}/locations/us-central1/connectionProfiles/my-fromprofileid\n rootPassword: testpasscloudsql\n options:\n dependsOn:\n - ${cloudsqlprofile}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Database Migration Service Connection Profile Postgres\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst postgresqldb = new gcp.sql.DatabaseInstance(\"postgresqldb\", {\n name: \"my-database\",\n databaseVersion: \"POSTGRES_12\",\n settings: {\n tier: \"db-custom-2-13312\",\n },\n deletionProtection: false,\n});\nconst sqlClientCert = new gcp.sql.SslCert(\"sql_client_cert\", {\n commonName: \"my-cert\",\n instance: postgresqldb.name,\n}, {\n dependsOn: [postgresqldb],\n});\nconst sqldbUser = new gcp.sql.User(\"sqldb_user\", {\n name: \"my-username\",\n instance: postgresqldb.name,\n password: \"my-password\",\n}, {\n dependsOn: [sqlClientCert],\n});\nconst postgresprofile = new gcp.databasemigrationservice.ConnectionProfile(\"postgresprofile\", {\n location: \"us-central1\",\n connectionProfileId: \"my-profileid\",\n displayName: \"my-profileid_display\",\n labels: {\n foo: \"bar\",\n },\n postgresql: {\n host: postgresqldb.ipAddresses.apply(ipAddresses =\u003e ipAddresses[0].ipAddress),\n port: 5432,\n username: sqldbUser.name,\n password: sqldbUser.password,\n ssl: {\n clientKey: sqlClientCert.privateKey,\n clientCertificate: sqlClientCert.cert,\n caCertificate: sqlClientCert.serverCaCert,\n },\n cloudSqlId: \"my-database\",\n },\n}, {\n dependsOn: [sqldbUser],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npostgresqldb = gcp.sql.DatabaseInstance(\"postgresqldb\",\n name=\"my-database\",\n database_version=\"POSTGRES_12\",\n settings={\n \"tier\": \"db-custom-2-13312\",\n },\n deletion_protection=False)\nsql_client_cert = gcp.sql.SslCert(\"sql_client_cert\",\n common_name=\"my-cert\",\n instance=postgresqldb.name,\n opts = pulumi.ResourceOptions(depends_on=[postgresqldb]))\nsqldb_user = gcp.sql.User(\"sqldb_user\",\n name=\"my-username\",\n instance=postgresqldb.name,\n password=\"my-password\",\n opts = pulumi.ResourceOptions(depends_on=[sql_client_cert]))\npostgresprofile = gcp.databasemigrationservice.ConnectionProfile(\"postgresprofile\",\n location=\"us-central1\",\n connection_profile_id=\"my-profileid\",\n display_name=\"my-profileid_display\",\n labels={\n \"foo\": \"bar\",\n },\n postgresql={\n \"host\": postgresqldb.ip_addresses[0].ip_address,\n \"port\": 5432,\n \"username\": sqldb_user.name,\n \"password\": sqldb_user.password,\n \"ssl\": {\n \"client_key\": sql_client_cert.private_key,\n \"client_certificate\": sql_client_cert.cert,\n \"ca_certificate\": sql_client_cert.server_ca_cert,\n },\n \"cloud_sql_id\": \"my-database\",\n },\n opts = pulumi.ResourceOptions(depends_on=[sqldb_user]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var postgresqldb = new Gcp.Sql.DatabaseInstance(\"postgresqldb\", new()\n {\n Name = \"my-database\",\n DatabaseVersion = \"POSTGRES_12\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-custom-2-13312\",\n },\n DeletionProtection = false,\n });\n\n var sqlClientCert = new Gcp.Sql.SslCert(\"sql_client_cert\", new()\n {\n CommonName = \"my-cert\",\n Instance = postgresqldb.Name,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n postgresqldb,\n },\n });\n\n var sqldbUser = new Gcp.Sql.User(\"sqldb_user\", new()\n {\n Name = \"my-username\",\n Instance = postgresqldb.Name,\n Password = \"my-password\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n sqlClientCert,\n },\n });\n\n var postgresprofile = new Gcp.DatabaseMigrationService.ConnectionProfile(\"postgresprofile\", new()\n {\n Location = \"us-central1\",\n ConnectionProfileId = \"my-profileid\",\n DisplayName = \"my-profileid_display\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Postgresql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfilePostgresqlArgs\n {\n Host = postgresqldb.IpAddresses.Apply(ipAddresses =\u003e ipAddresses[0].IpAddress),\n Port = 5432,\n Username = sqldbUser.Name,\n Password = sqldbUser.Password,\n Ssl = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfilePostgresqlSslArgs\n {\n ClientKey = sqlClientCert.PrivateKey,\n ClientCertificate = sqlClientCert.Cert,\n CaCertificate = sqlClientCert.ServerCaCert,\n },\n CloudSqlId = \"my-database\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n sqldbUser,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/databasemigrationservice\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpostgresqldb, err := sql.NewDatabaseInstance(ctx, \"postgresqldb\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"my-database\"),\n\t\t\tDatabaseVersion: pulumi.String(\"POSTGRES_12\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-custom-2-13312\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsqlClientCert, err := sql.NewSslCert(ctx, \"sql_client_cert\", \u0026sql.SslCertArgs{\n\t\t\tCommonName: pulumi.String(\"my-cert\"),\n\t\t\tInstance: postgresqldb.Name,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tpostgresqldb,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsqldbUser, err := sql.NewUser(ctx, \"sqldb_user\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"my-username\"),\n\t\t\tInstance: postgresqldb.Name,\n\t\t\tPassword: pulumi.String(\"my-password\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsqlClientCert,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = databasemigrationservice.NewConnectionProfile(ctx, \"postgresprofile\", \u0026databasemigrationservice.ConnectionProfileArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"my-profileid\"),\n\t\t\tDisplayName: pulumi.String(\"my-profileid_display\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tPostgresql: \u0026databasemigrationservice.ConnectionProfilePostgresqlArgs{\n\t\t\t\tHost: postgresqldb.IpAddresses.ApplyT(func(ipAddresses []sql.DatabaseInstanceIpAddress) (*string, error) {\n\t\t\t\t\treturn \u0026ipAddresses[0].IpAddress, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\tPort: pulumi.Int(5432),\n\t\t\t\tUsername: sqldbUser.Name,\n\t\t\t\tPassword: sqldbUser.Password,\n\t\t\t\tSsl: \u0026databasemigrationservice.ConnectionProfilePostgresqlSslArgs{\n\t\t\t\t\tClientKey: sqlClientCert.PrivateKey,\n\t\t\t\t\tClientCertificate: sqlClientCert.Cert,\n\t\t\t\t\tCaCertificate: sqlClientCert.ServerCaCert,\n\t\t\t\t},\n\t\t\t\tCloudSqlId: pulumi.String(\"my-database\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsqldbUser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.SslCert;\nimport com.pulumi.gcp.sql.SslCertArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfile;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfileArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfilePostgresqlArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfilePostgresqlSslArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var postgresqldb = new DatabaseInstance(\"postgresqldb\", DatabaseInstanceArgs.builder()\n .name(\"my-database\")\n .databaseVersion(\"POSTGRES_12\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-custom-2-13312\")\n .build())\n .deletionProtection(false)\n .build());\n\n var sqlClientCert = new SslCert(\"sqlClientCert\", SslCertArgs.builder()\n .commonName(\"my-cert\")\n .instance(postgresqldb.name())\n .build(), CustomResourceOptions.builder()\n .dependsOn(postgresqldb)\n .build());\n\n var sqldbUser = new User(\"sqldbUser\", UserArgs.builder()\n .name(\"my-username\")\n .instance(postgresqldb.name())\n .password(\"my-password\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(sqlClientCert)\n .build());\n\n var postgresprofile = new ConnectionProfile(\"postgresprofile\", ConnectionProfileArgs.builder()\n .location(\"us-central1\")\n .connectionProfileId(\"my-profileid\")\n .displayName(\"my-profileid_display\")\n .labels(Map.of(\"foo\", \"bar\"))\n .postgresql(ConnectionProfilePostgresqlArgs.builder()\n .host(postgresqldb.ipAddresses().applyValue(ipAddresses -\u003e ipAddresses[0].ipAddress()))\n .port(5432)\n .username(sqldbUser.name())\n .password(sqldbUser.password())\n .ssl(ConnectionProfilePostgresqlSslArgs.builder()\n .clientKey(sqlClientCert.privateKey())\n .clientCertificate(sqlClientCert.cert())\n .caCertificate(sqlClientCert.serverCaCert())\n .build())\n .cloudSqlId(\"my-database\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(sqldbUser)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n postgresqldb:\n type: gcp:sql:DatabaseInstance\n properties:\n name: my-database\n databaseVersion: POSTGRES_12\n settings:\n tier: db-custom-2-13312\n deletionProtection: false\n sqlClientCert:\n type: gcp:sql:SslCert\n name: sql_client_cert\n properties:\n commonName: my-cert\n instance: ${postgresqldb.name}\n options:\n dependsOn:\n - ${postgresqldb}\n sqldbUser:\n type: gcp:sql:User\n name: sqldb_user\n properties:\n name: my-username\n instance: ${postgresqldb.name}\n password: my-password\n options:\n dependsOn:\n - ${sqlClientCert}\n postgresprofile:\n type: gcp:databasemigrationservice:ConnectionProfile\n properties:\n location: us-central1\n connectionProfileId: my-profileid\n displayName: my-profileid_display\n labels:\n foo: bar\n postgresql:\n host: ${postgresqldb.ipAddresses[0].ipAddress}\n port: 5432\n username: ${sqldbUser.name}\n password: ${sqldbUser.password}\n ssl:\n clientKey: ${sqlClientCert.privateKey}\n clientCertificate: ${sqlClientCert.cert}\n caCertificate: ${sqlClientCert.serverCaCert}\n cloudSqlId: my-database\n options:\n dependsOn:\n - ${sqldbUser}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Database Migration Service Connection Profile Oracle\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst oracleprofile = new gcp.databasemigrationservice.ConnectionProfile(\"oracleprofile\", {\n location: \"us-central1\",\n connectionProfileId: \"my-profileid\",\n displayName: \"my-profileid_display\",\n labels: {\n foo: \"bar\",\n },\n oracle: {\n host: \"host\",\n port: 1521,\n username: \"username\",\n password: \"password\",\n databaseService: \"dbprovider\",\n staticServiceIpConnectivity: {},\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\noracleprofile = gcp.databasemigrationservice.ConnectionProfile(\"oracleprofile\",\n location=\"us-central1\",\n connection_profile_id=\"my-profileid\",\n display_name=\"my-profileid_display\",\n labels={\n \"foo\": \"bar\",\n },\n oracle={\n \"host\": \"host\",\n \"port\": 1521,\n \"username\": \"username\",\n \"password\": \"password\",\n \"database_service\": \"dbprovider\",\n \"static_service_ip_connectivity\": {},\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var oracleprofile = new Gcp.DatabaseMigrationService.ConnectionProfile(\"oracleprofile\", new()\n {\n Location = \"us-central1\",\n ConnectionProfileId = \"my-profileid\",\n DisplayName = \"my-profileid_display\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Oracle = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileOracleArgs\n {\n Host = \"host\",\n Port = 1521,\n Username = \"username\",\n Password = \"password\",\n DatabaseService = \"dbprovider\",\n StaticServiceIpConnectivity = null,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/databasemigrationservice\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := databasemigrationservice.NewConnectionProfile(ctx, \"oracleprofile\", \u0026databasemigrationservice.ConnectionProfileArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"my-profileid\"),\n\t\t\tDisplayName: pulumi.String(\"my-profileid_display\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tOracle: \u0026databasemigrationservice.ConnectionProfileOracleArgs{\n\t\t\t\tHost: pulumi.String(\"host\"),\n\t\t\t\tPort: pulumi.Int(1521),\n\t\t\t\tUsername: pulumi.String(\"username\"),\n\t\t\t\tPassword: pulumi.String(\"password\"),\n\t\t\t\tDatabaseService: pulumi.String(\"dbprovider\"),\n\t\t\t\tStaticServiceIpConnectivity: \u0026databasemigrationservice.ConnectionProfileOracleStaticServiceIpConnectivityArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfile;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfileArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileOracleArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileOracleStaticServiceIpConnectivityArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var oracleprofile = new ConnectionProfile(\"oracleprofile\", ConnectionProfileArgs.builder()\n .location(\"us-central1\")\n .connectionProfileId(\"my-profileid\")\n .displayName(\"my-profileid_display\")\n .labels(Map.of(\"foo\", \"bar\"))\n .oracle(ConnectionProfileOracleArgs.builder()\n .host(\"host\")\n .port(1521)\n .username(\"username\")\n .password(\"password\")\n .databaseService(\"dbprovider\")\n .staticServiceIpConnectivity()\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n oracleprofile:\n type: gcp:databasemigrationservice:ConnectionProfile\n properties:\n location: us-central1\n connectionProfileId: my-profileid\n displayName: my-profileid_display\n labels:\n foo: bar\n oracle:\n host: host\n port: 1521\n username: username\n password: password\n databaseService: dbprovider\n staticServiceIpConnectivity: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Database Migration Service Connection Profile Alloydb\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst _default = new gcp.compute.Network(\"default\", {name: \"vpc-network\"});\nconst privateIpAlloc = new gcp.compute.GlobalAddress(\"private_ip_alloc\", {\n name: \"private-ip-alloc\",\n addressType: \"INTERNAL\",\n purpose: \"VPC_PEERING\",\n prefixLength: 16,\n network: _default.id,\n});\nconst vpcConnection = new gcp.servicenetworking.Connection(\"vpc_connection\", {\n network: _default.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [privateIpAlloc.name],\n});\nconst alloydbprofile = new gcp.databasemigrationservice.ConnectionProfile(\"alloydbprofile\", {\n location: \"us-central1\",\n connectionProfileId: \"my-profileid\",\n displayName: \"my-profileid_display\",\n labels: {\n foo: \"bar\",\n },\n alloydb: {\n clusterId: \"tf-test-dbmsalloycluster_52865\",\n settings: {\n initialUser: {\n user: \"alloyuser_85840\",\n password: \"alloypass_60302\",\n },\n vpcNetwork: _default.id,\n labels: {\n alloyfoo: \"alloybar\",\n },\n primaryInstanceSettings: {\n id: \"priminstid\",\n machineConfig: {\n cpuCount: 2,\n },\n databaseFlags: {},\n labels: {\n alloysinstfoo: \"allowinstbar\",\n },\n },\n },\n },\n}, {\n dependsOn: [vpcConnection],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ndefault = gcp.compute.Network(\"default\", name=\"vpc-network\")\nprivate_ip_alloc = gcp.compute.GlobalAddress(\"private_ip_alloc\",\n name=\"private-ip-alloc\",\n address_type=\"INTERNAL\",\n purpose=\"VPC_PEERING\",\n prefix_length=16,\n network=default.id)\nvpc_connection = gcp.servicenetworking.Connection(\"vpc_connection\",\n network=default.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[private_ip_alloc.name])\nalloydbprofile = gcp.databasemigrationservice.ConnectionProfile(\"alloydbprofile\",\n location=\"us-central1\",\n connection_profile_id=\"my-profileid\",\n display_name=\"my-profileid_display\",\n labels={\n \"foo\": \"bar\",\n },\n alloydb={\n \"cluster_id\": \"tf-test-dbmsalloycluster_52865\",\n \"settings\": {\n \"initial_user\": {\n \"user\": \"alloyuser_85840\",\n \"password\": \"alloypass_60302\",\n },\n \"vpc_network\": default.id,\n \"labels\": {\n \"alloyfoo\": \"alloybar\",\n },\n \"primary_instance_settings\": {\n \"id\": \"priminstid\",\n \"machine_config\": {\n \"cpu_count\": 2,\n },\n \"database_flags\": {},\n \"labels\": {\n \"alloysinstfoo\": \"allowinstbar\",\n },\n },\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[vpc_connection]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"vpc-network\",\n });\n\n var privateIpAlloc = new Gcp.Compute.GlobalAddress(\"private_ip_alloc\", new()\n {\n Name = \"private-ip-alloc\",\n AddressType = \"INTERNAL\",\n Purpose = \"VPC_PEERING\",\n PrefixLength = 16,\n Network = @default.Id,\n });\n\n var vpcConnection = new Gcp.ServiceNetworking.Connection(\"vpc_connection\", new()\n {\n Network = @default.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n privateIpAlloc.Name,\n },\n });\n\n var alloydbprofile = new Gcp.DatabaseMigrationService.ConnectionProfile(\"alloydbprofile\", new()\n {\n Location = \"us-central1\",\n ConnectionProfileId = \"my-profileid\",\n DisplayName = \"my-profileid_display\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Alloydb = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileAlloydbArgs\n {\n ClusterId = \"tf-test-dbmsalloycluster_52865\",\n Settings = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileAlloydbSettingsArgs\n {\n InitialUser = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileAlloydbSettingsInitialUserArgs\n {\n User = \"alloyuser_85840\",\n Password = \"alloypass_60302\",\n },\n VpcNetwork = @default.Id,\n Labels = \n {\n { \"alloyfoo\", \"alloybar\" },\n },\n PrimaryInstanceSettings = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileAlloydbSettingsPrimaryInstanceSettingsArgs\n {\n Id = \"priminstid\",\n MachineConfig = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileAlloydbSettingsPrimaryInstanceSettingsMachineConfigArgs\n {\n CpuCount = 2,\n },\n DatabaseFlags = null,\n Labels = \n {\n { \"alloysinstfoo\", \"allowinstbar\" },\n },\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n vpcConnection,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/databasemigrationservice\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"vpc-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateIpAlloc, err := compute.NewGlobalAddress(ctx, \"private_ip_alloc\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"private-ip-alloc\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpcConnection, err := servicenetworking.NewConnection(ctx, \"vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: _default.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tprivateIpAlloc.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = databasemigrationservice.NewConnectionProfile(ctx, \"alloydbprofile\", \u0026databasemigrationservice.ConnectionProfileArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"my-profileid\"),\n\t\t\tDisplayName: pulumi.String(\"my-profileid_display\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tAlloydb: \u0026databasemigrationservice.ConnectionProfileAlloydbArgs{\n\t\t\t\tClusterId: pulumi.String(\"tf-test-dbmsalloycluster_52865\"),\n\t\t\t\tSettings: \u0026databasemigrationservice.ConnectionProfileAlloydbSettingsArgs{\n\t\t\t\t\tInitialUser: \u0026databasemigrationservice.ConnectionProfileAlloydbSettingsInitialUserArgs{\n\t\t\t\t\t\tUser: pulumi.String(\"alloyuser_85840\"),\n\t\t\t\t\t\tPassword: pulumi.String(\"alloypass_60302\"),\n\t\t\t\t\t},\n\t\t\t\t\tVpcNetwork: _default.ID(),\n\t\t\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\t\t\"alloyfoo\": pulumi.String(\"alloybar\"),\n\t\t\t\t\t},\n\t\t\t\t\tPrimaryInstanceSettings: \u0026databasemigrationservice.ConnectionProfileAlloydbSettingsPrimaryInstanceSettingsArgs{\n\t\t\t\t\t\tId: pulumi.String(\"priminstid\"),\n\t\t\t\t\t\tMachineConfig: \u0026databasemigrationservice.ConnectionProfileAlloydbSettingsPrimaryInstanceSettingsMachineConfigArgs{\n\t\t\t\t\t\t\tCpuCount: pulumi.Int(2),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDatabaseFlags: pulumi.StringMap{},\n\t\t\t\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\t\t\t\"alloysinstfoo\": pulumi.String(\"allowinstbar\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfile;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfileArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileAlloydbArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileAlloydbSettingsArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileAlloydbSettingsInitialUserArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileAlloydbSettingsPrimaryInstanceSettingsArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileAlloydbSettingsPrimaryInstanceSettingsMachineConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"vpc-network\")\n .build());\n\n var privateIpAlloc = new GlobalAddress(\"privateIpAlloc\", GlobalAddressArgs.builder()\n .name(\"private-ip-alloc\")\n .addressType(\"INTERNAL\")\n .purpose(\"VPC_PEERING\")\n .prefixLength(16)\n .network(default_.id())\n .build());\n\n var vpcConnection = new Connection(\"vpcConnection\", ConnectionArgs.builder()\n .network(default_.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(privateIpAlloc.name())\n .build());\n\n var alloydbprofile = new ConnectionProfile(\"alloydbprofile\", ConnectionProfileArgs.builder()\n .location(\"us-central1\")\n .connectionProfileId(\"my-profileid\")\n .displayName(\"my-profileid_display\")\n .labels(Map.of(\"foo\", \"bar\"))\n .alloydb(ConnectionProfileAlloydbArgs.builder()\n .clusterId(\"tf-test-dbmsalloycluster_52865\")\n .settings(ConnectionProfileAlloydbSettingsArgs.builder()\n .initialUser(ConnectionProfileAlloydbSettingsInitialUserArgs.builder()\n .user(\"alloyuser_85840\")\n .password(\"alloypass_60302\")\n .build())\n .vpcNetwork(default_.id())\n .labels(Map.of(\"alloyfoo\", \"alloybar\"))\n .primaryInstanceSettings(ConnectionProfileAlloydbSettingsPrimaryInstanceSettingsArgs.builder()\n .id(\"priminstid\")\n .machineConfig(ConnectionProfileAlloydbSettingsPrimaryInstanceSettingsMachineConfigArgs.builder()\n .cpuCount(2)\n .build())\n .databaseFlags()\n .labels(Map.of(\"alloysinstfoo\", \"allowinstbar\"))\n .build())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(vpcConnection)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:Network\n properties:\n name: vpc-network\n privateIpAlloc:\n type: gcp:compute:GlobalAddress\n name: private_ip_alloc\n properties:\n name: private-ip-alloc\n addressType: INTERNAL\n purpose: VPC_PEERING\n prefixLength: 16\n network: ${default.id}\n vpcConnection:\n type: gcp:servicenetworking:Connection\n name: vpc_connection\n properties:\n network: ${default.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${privateIpAlloc.name}\n alloydbprofile:\n type: gcp:databasemigrationservice:ConnectionProfile\n properties:\n location: us-central1\n connectionProfileId: my-profileid\n displayName: my-profileid_display\n labels:\n foo: bar\n alloydb:\n clusterId: tf-test-dbmsalloycluster_52865\n settings:\n initialUser:\n user: alloyuser_85840\n password: alloypass_60302\n vpcNetwork: ${default.id}\n labels:\n alloyfoo: alloybar\n primaryInstanceSettings:\n id: priminstid\n machineConfig:\n cpuCount: 2\n databaseFlags: {}\n labels:\n alloysinstfoo: allowinstbar\n options:\n dependsOn:\n - ${vpcConnection}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Database Migration Service Connection Profile Existing Mysql\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst destinationCsql = new gcp.sql.DatabaseInstance(\"destination_csql\", {\n name: \"destination-csql\",\n databaseVersion: \"MYSQL_5_7\",\n settings: {\n tier: \"db-n1-standard-1\",\n deletionProtectionEnabled: false,\n },\n deletionProtection: false,\n});\nconst existing_mysql = new gcp.databasemigrationservice.ConnectionProfile(\"existing-mysql\", {\n location: \"us-central1\",\n connectionProfileId: \"destination-cp\",\n displayName: \"destination-cp_display\",\n labels: {\n foo: \"bar\",\n },\n mysql: {\n cloudSqlId: \"destination-csql\",\n },\n}, {\n dependsOn: [destinationCsql],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ndestination_csql = gcp.sql.DatabaseInstance(\"destination_csql\",\n name=\"destination-csql\",\n database_version=\"MYSQL_5_7\",\n settings={\n \"tier\": \"db-n1-standard-1\",\n \"deletion_protection_enabled\": False,\n },\n deletion_protection=False)\nexisting_mysql = gcp.databasemigrationservice.ConnectionProfile(\"existing-mysql\",\n location=\"us-central1\",\n connection_profile_id=\"destination-cp\",\n display_name=\"destination-cp_display\",\n labels={\n \"foo\": \"bar\",\n },\n mysql={\n \"cloud_sql_id\": \"destination-csql\",\n },\n opts = pulumi.ResourceOptions(depends_on=[destination_csql]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var destinationCsql = new Gcp.Sql.DatabaseInstance(\"destination_csql\", new()\n {\n Name = \"destination-csql\",\n DatabaseVersion = \"MYSQL_5_7\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-n1-standard-1\",\n DeletionProtectionEnabled = false,\n },\n DeletionProtection = false,\n });\n\n var existing_mysql = new Gcp.DatabaseMigrationService.ConnectionProfile(\"existing-mysql\", new()\n {\n Location = \"us-central1\",\n ConnectionProfileId = \"destination-cp\",\n DisplayName = \"destination-cp_display\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Mysql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileMysqlArgs\n {\n CloudSqlId = \"destination-csql\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n destinationCsql,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/databasemigrationservice\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestinationCsql, err := sql.NewDatabaseInstance(ctx, \"destination_csql\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"destination-csql\"),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_5_7\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-n1-standard-1\"),\n\t\t\t\tDeletionProtectionEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = databasemigrationservice.NewConnectionProfile(ctx, \"existing-mysql\", \u0026databasemigrationservice.ConnectionProfileArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"destination-cp\"),\n\t\t\tDisplayName: pulumi.String(\"destination-cp_display\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tMysql: \u0026databasemigrationservice.ConnectionProfileMysqlArgs{\n\t\t\t\tCloudSqlId: pulumi.String(\"destination-csql\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdestinationCsql,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfile;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfileArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileMysqlArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var destinationCsql = new DatabaseInstance(\"destinationCsql\", DatabaseInstanceArgs.builder()\n .name(\"destination-csql\")\n .databaseVersion(\"MYSQL_5_7\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-n1-standard-1\")\n .deletionProtectionEnabled(false)\n .build())\n .deletionProtection(false)\n .build());\n\n var existing_mysql = new ConnectionProfile(\"existing-mysql\", ConnectionProfileArgs.builder()\n .location(\"us-central1\")\n .connectionProfileId(\"destination-cp\")\n .displayName(\"destination-cp_display\")\n .labels(Map.of(\"foo\", \"bar\"))\n .mysql(ConnectionProfileMysqlArgs.builder()\n .cloudSqlId(\"destination-csql\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(destinationCsql)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n destinationCsql:\n type: gcp:sql:DatabaseInstance\n name: destination_csql\n properties:\n name: destination-csql\n databaseVersion: MYSQL_5_7\n settings:\n tier: db-n1-standard-1\n deletionProtectionEnabled: false\n deletionProtection: false\n existing-mysql:\n type: gcp:databasemigrationservice:ConnectionProfile\n properties:\n location: us-central1\n connectionProfileId: destination-cp\n displayName: destination-cp_display\n labels:\n foo: bar\n mysql:\n cloudSqlId: destination-csql\n options:\n dependsOn:\n - ${destinationCsql}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Database Migration Service Connection Profile Existing Postgres\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst destinationCsql = new gcp.sql.DatabaseInstance(\"destination_csql\", {\n name: \"destination-csql\",\n databaseVersion: \"POSTGRES_15\",\n settings: {\n tier: \"db-custom-2-13312\",\n deletionProtectionEnabled: false,\n },\n deletionProtection: false,\n});\nconst existing_psql = new gcp.databasemigrationservice.ConnectionProfile(\"existing-psql\", {\n location: \"us-central1\",\n connectionProfileId: \"destination-cp\",\n displayName: \"destination-cp_display\",\n labels: {\n foo: \"bar\",\n },\n postgresql: {\n cloudSqlId: \"destination-csql\",\n },\n}, {\n dependsOn: [destinationCsql],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ndestination_csql = gcp.sql.DatabaseInstance(\"destination_csql\",\n name=\"destination-csql\",\n database_version=\"POSTGRES_15\",\n settings={\n \"tier\": \"db-custom-2-13312\",\n \"deletion_protection_enabled\": False,\n },\n deletion_protection=False)\nexisting_psql = gcp.databasemigrationservice.ConnectionProfile(\"existing-psql\",\n location=\"us-central1\",\n connection_profile_id=\"destination-cp\",\n display_name=\"destination-cp_display\",\n labels={\n \"foo\": \"bar\",\n },\n postgresql={\n \"cloud_sql_id\": \"destination-csql\",\n },\n opts = pulumi.ResourceOptions(depends_on=[destination_csql]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var destinationCsql = new Gcp.Sql.DatabaseInstance(\"destination_csql\", new()\n {\n Name = \"destination-csql\",\n DatabaseVersion = \"POSTGRES_15\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-custom-2-13312\",\n DeletionProtectionEnabled = false,\n },\n DeletionProtection = false,\n });\n\n var existing_psql = new Gcp.DatabaseMigrationService.ConnectionProfile(\"existing-psql\", new()\n {\n Location = \"us-central1\",\n ConnectionProfileId = \"destination-cp\",\n DisplayName = \"destination-cp_display\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Postgresql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfilePostgresqlArgs\n {\n CloudSqlId = \"destination-csql\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n destinationCsql,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/databasemigrationservice\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestinationCsql, err := sql.NewDatabaseInstance(ctx, \"destination_csql\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"destination-csql\"),\n\t\t\tDatabaseVersion: pulumi.String(\"POSTGRES_15\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-custom-2-13312\"),\n\t\t\t\tDeletionProtectionEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = databasemigrationservice.NewConnectionProfile(ctx, \"existing-psql\", \u0026databasemigrationservice.ConnectionProfileArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"destination-cp\"),\n\t\t\tDisplayName: pulumi.String(\"destination-cp_display\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tPostgresql: \u0026databasemigrationservice.ConnectionProfilePostgresqlArgs{\n\t\t\t\tCloudSqlId: pulumi.String(\"destination-csql\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdestinationCsql,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfile;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfileArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfilePostgresqlArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var destinationCsql = new DatabaseInstance(\"destinationCsql\", DatabaseInstanceArgs.builder()\n .name(\"destination-csql\")\n .databaseVersion(\"POSTGRES_15\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-custom-2-13312\")\n .deletionProtectionEnabled(false)\n .build())\n .deletionProtection(false)\n .build());\n\n var existing_psql = new ConnectionProfile(\"existing-psql\", ConnectionProfileArgs.builder()\n .location(\"us-central1\")\n .connectionProfileId(\"destination-cp\")\n .displayName(\"destination-cp_display\")\n .labels(Map.of(\"foo\", \"bar\"))\n .postgresql(ConnectionProfilePostgresqlArgs.builder()\n .cloudSqlId(\"destination-csql\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(destinationCsql)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n destinationCsql:\n type: gcp:sql:DatabaseInstance\n name: destination_csql\n properties:\n name: destination-csql\n databaseVersion: POSTGRES_15\n settings:\n tier: db-custom-2-13312\n deletionProtectionEnabled: false\n deletionProtection: false\n existing-psql:\n type: gcp:databasemigrationservice:ConnectionProfile\n properties:\n location: us-central1\n connectionProfileId: destination-cp\n displayName: destination-cp_display\n labels:\n foo: bar\n postgresql:\n cloudSqlId: destination-csql\n options:\n dependsOn:\n - ${destinationCsql}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Database Migration Service Connection Profile Existing Alloydb\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst _default = new gcp.compute.Network(\"default\", {name: \"destination-alloydb\"});\nconst destinationAlloydb = new gcp.alloydb.Cluster(\"destination_alloydb\", {\n clusterId: \"destination-alloydb\",\n location: \"us-central1\",\n networkConfig: {\n network: _default.id,\n },\n databaseVersion: \"POSTGRES_15\",\n initialUser: {\n user: \"destination-alloydb\",\n password: \"destination-alloydb\",\n },\n});\nconst privateIpAlloc = new gcp.compute.GlobalAddress(\"private_ip_alloc\", {\n name: \"destination-alloydb\",\n addressType: \"INTERNAL\",\n purpose: \"VPC_PEERING\",\n prefixLength: 16,\n network: _default.id,\n});\nconst vpcConnection = new gcp.servicenetworking.Connection(\"vpc_connection\", {\n network: _default.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [privateIpAlloc.name],\n});\nconst destinationAlloydbPrimary = new gcp.alloydb.Instance(\"destination_alloydb_primary\", {\n cluster: destinationAlloydb.name,\n instanceId: \"destination-alloydb-primary\",\n instanceType: \"PRIMARY\",\n}, {\n dependsOn: [vpcConnection],\n});\nconst existing_alloydb = new gcp.databasemigrationservice.ConnectionProfile(\"existing-alloydb\", {\n location: \"us-central1\",\n connectionProfileId: \"destination-cp\",\n displayName: \"destination-cp_display\",\n labels: {\n foo: \"bar\",\n },\n postgresql: {\n alloydbClusterId: \"destination-alloydb\",\n },\n}, {\n dependsOn: [\n destinationAlloydb,\n destinationAlloydbPrimary,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ndefault = gcp.compute.Network(\"default\", name=\"destination-alloydb\")\ndestination_alloydb = gcp.alloydb.Cluster(\"destination_alloydb\",\n cluster_id=\"destination-alloydb\",\n location=\"us-central1\",\n network_config={\n \"network\": default.id,\n },\n database_version=\"POSTGRES_15\",\n initial_user={\n \"user\": \"destination-alloydb\",\n \"password\": \"destination-alloydb\",\n })\nprivate_ip_alloc = gcp.compute.GlobalAddress(\"private_ip_alloc\",\n name=\"destination-alloydb\",\n address_type=\"INTERNAL\",\n purpose=\"VPC_PEERING\",\n prefix_length=16,\n network=default.id)\nvpc_connection = gcp.servicenetworking.Connection(\"vpc_connection\",\n network=default.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[private_ip_alloc.name])\ndestination_alloydb_primary = gcp.alloydb.Instance(\"destination_alloydb_primary\",\n cluster=destination_alloydb.name,\n instance_id=\"destination-alloydb-primary\",\n instance_type=\"PRIMARY\",\n opts = pulumi.ResourceOptions(depends_on=[vpc_connection]))\nexisting_alloydb = gcp.databasemigrationservice.ConnectionProfile(\"existing-alloydb\",\n location=\"us-central1\",\n connection_profile_id=\"destination-cp\",\n display_name=\"destination-cp_display\",\n labels={\n \"foo\": \"bar\",\n },\n postgresql={\n \"alloydb_cluster_id\": \"destination-alloydb\",\n },\n opts = pulumi.ResourceOptions(depends_on=[\n destination_alloydb,\n destination_alloydb_primary,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"destination-alloydb\",\n });\n\n var destinationAlloydb = new Gcp.Alloydb.Cluster(\"destination_alloydb\", new()\n {\n ClusterId = \"destination-alloydb\",\n Location = \"us-central1\",\n NetworkConfig = new Gcp.Alloydb.Inputs.ClusterNetworkConfigArgs\n {\n Network = @default.Id,\n },\n DatabaseVersion = \"POSTGRES_15\",\n InitialUser = new Gcp.Alloydb.Inputs.ClusterInitialUserArgs\n {\n User = \"destination-alloydb\",\n Password = \"destination-alloydb\",\n },\n });\n\n var privateIpAlloc = new Gcp.Compute.GlobalAddress(\"private_ip_alloc\", new()\n {\n Name = \"destination-alloydb\",\n AddressType = \"INTERNAL\",\n Purpose = \"VPC_PEERING\",\n PrefixLength = 16,\n Network = @default.Id,\n });\n\n var vpcConnection = new Gcp.ServiceNetworking.Connection(\"vpc_connection\", new()\n {\n Network = @default.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n privateIpAlloc.Name,\n },\n });\n\n var destinationAlloydbPrimary = new Gcp.Alloydb.Instance(\"destination_alloydb_primary\", new()\n {\n Cluster = destinationAlloydb.Name,\n InstanceId = \"destination-alloydb-primary\",\n InstanceType = \"PRIMARY\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n vpcConnection,\n },\n });\n\n var existing_alloydb = new Gcp.DatabaseMigrationService.ConnectionProfile(\"existing-alloydb\", new()\n {\n Location = \"us-central1\",\n ConnectionProfileId = \"destination-cp\",\n DisplayName = \"destination-cp_display\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Postgresql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfilePostgresqlArgs\n {\n AlloydbClusterId = \"destination-alloydb\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n destinationAlloydb,\n destinationAlloydbPrimary,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/alloydb\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/databasemigrationservice\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"destination-alloydb\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestinationAlloydb, err := alloydb.NewCluster(ctx, \"destination_alloydb\", \u0026alloydb.ClusterArgs{\n\t\t\tClusterId: pulumi.String(\"destination-alloydb\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tNetworkConfig: \u0026alloydb.ClusterNetworkConfigArgs{\n\t\t\t\tNetwork: _default.ID(),\n\t\t\t},\n\t\t\tDatabaseVersion: pulumi.String(\"POSTGRES_15\"),\n\t\t\tInitialUser: \u0026alloydb.ClusterInitialUserArgs{\n\t\t\t\tUser: pulumi.String(\"destination-alloydb\"),\n\t\t\t\tPassword: pulumi.String(\"destination-alloydb\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateIpAlloc, err := compute.NewGlobalAddress(ctx, \"private_ip_alloc\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"destination-alloydb\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpcConnection, err := servicenetworking.NewConnection(ctx, \"vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: _default.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tprivateIpAlloc.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestinationAlloydbPrimary, err := alloydb.NewInstance(ctx, \"destination_alloydb_primary\", \u0026alloydb.InstanceArgs{\n\t\t\tCluster: destinationAlloydb.Name,\n\t\t\tInstanceId: pulumi.String(\"destination-alloydb-primary\"),\n\t\t\tInstanceType: pulumi.String(\"PRIMARY\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = databasemigrationservice.NewConnectionProfile(ctx, \"existing-alloydb\", \u0026databasemigrationservice.ConnectionProfileArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"destination-cp\"),\n\t\t\tDisplayName: pulumi.String(\"destination-cp_display\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tPostgresql: \u0026databasemigrationservice.ConnectionProfilePostgresqlArgs{\n\t\t\t\tAlloydbClusterId: pulumi.String(\"destination-alloydb\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdestinationAlloydb,\n\t\t\tdestinationAlloydbPrimary,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.alloydb.Cluster;\nimport com.pulumi.gcp.alloydb.ClusterArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterNetworkConfigArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterInitialUserArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.alloydb.Instance;\nimport com.pulumi.gcp.alloydb.InstanceArgs;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfile;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfileArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfilePostgresqlArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"destination-alloydb\")\n .build());\n\n var destinationAlloydb = new Cluster(\"destinationAlloydb\", ClusterArgs.builder()\n .clusterId(\"destination-alloydb\")\n .location(\"us-central1\")\n .networkConfig(ClusterNetworkConfigArgs.builder()\n .network(default_.id())\n .build())\n .databaseVersion(\"POSTGRES_15\")\n .initialUser(ClusterInitialUserArgs.builder()\n .user(\"destination-alloydb\")\n .password(\"destination-alloydb\")\n .build())\n .build());\n\n var privateIpAlloc = new GlobalAddress(\"privateIpAlloc\", GlobalAddressArgs.builder()\n .name(\"destination-alloydb\")\n .addressType(\"INTERNAL\")\n .purpose(\"VPC_PEERING\")\n .prefixLength(16)\n .network(default_.id())\n .build());\n\n var vpcConnection = new Connection(\"vpcConnection\", ConnectionArgs.builder()\n .network(default_.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(privateIpAlloc.name())\n .build());\n\n var destinationAlloydbPrimary = new Instance(\"destinationAlloydbPrimary\", InstanceArgs.builder()\n .cluster(destinationAlloydb.name())\n .instanceId(\"destination-alloydb-primary\")\n .instanceType(\"PRIMARY\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(vpcConnection)\n .build());\n\n var existing_alloydb = new ConnectionProfile(\"existing-alloydb\", ConnectionProfileArgs.builder()\n .location(\"us-central1\")\n .connectionProfileId(\"destination-cp\")\n .displayName(\"destination-cp_display\")\n .labels(Map.of(\"foo\", \"bar\"))\n .postgresql(ConnectionProfilePostgresqlArgs.builder()\n .alloydbClusterId(\"destination-alloydb\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n destinationAlloydb,\n destinationAlloydbPrimary)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n destinationAlloydb:\n type: gcp:alloydb:Cluster\n name: destination_alloydb\n properties:\n clusterId: destination-alloydb\n location: us-central1\n networkConfig:\n network: ${default.id}\n databaseVersion: POSTGRES_15\n initialUser:\n user: destination-alloydb\n password: destination-alloydb\n destinationAlloydbPrimary:\n type: gcp:alloydb:Instance\n name: destination_alloydb_primary\n properties:\n cluster: ${destinationAlloydb.name}\n instanceId: destination-alloydb-primary\n instanceType: PRIMARY\n options:\n dependsOn:\n - ${vpcConnection}\n privateIpAlloc:\n type: gcp:compute:GlobalAddress\n name: private_ip_alloc\n properties:\n name: destination-alloydb\n addressType: INTERNAL\n purpose: VPC_PEERING\n prefixLength: 16\n network: ${default.id}\n vpcConnection:\n type: gcp:servicenetworking:Connection\n name: vpc_connection\n properties:\n network: ${default.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${privateIpAlloc.name}\n default:\n type: gcp:compute:Network\n properties:\n name: destination-alloydb\n existing-alloydb:\n type: gcp:databasemigrationservice:ConnectionProfile\n properties:\n location: us-central1\n connectionProfileId: destination-cp\n displayName: destination-cp_display\n labels:\n foo: bar\n postgresql:\n alloydbClusterId: destination-alloydb\n options:\n dependsOn:\n - ${destinationAlloydb}\n - ${destinationAlloydbPrimary}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nConnectionProfile can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/connectionProfiles/{{connection_profile_id}}`\n\n* `{{project}}/{{location}}/{{connection_profile_id}}`\n\n* `{{location}}/{{connection_profile_id}}`\n\nWhen using the `pulumi import` command, ConnectionProfile can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:databasemigrationservice/connectionProfile:ConnectionProfile default projects/{{project}}/locations/{{location}}/connectionProfiles/{{connection_profile_id}}\n```\n\n```sh\n$ pulumi import gcp:databasemigrationservice/connectionProfile:ConnectionProfile default {{project}}/{{location}}/{{connection_profile_id}}\n```\n\n```sh\n$ pulumi import gcp:databasemigrationservice/connectionProfile:ConnectionProfile default {{location}}/{{connection_profile_id}}\n```\n\n", "properties": { "alloydb": { "$ref": "#/types/gcp:databasemigrationservice/ConnectionProfileAlloydb:ConnectionProfileAlloydb", @@ -189352,7 +189352,7 @@ } }, "gcp:databasemigrationservice/migrationJob:MigrationJob": { - "description": "A migration job definition.\n\n\nTo get more information about MigrationJob, see:\n\n* [API documentation](https://cloud.google.com/database-migration/docs/reference/rest/v1/projects.locations.migrationJobs/create)\n* How-to Guides\n * [Database Migration](https://cloud.google.com/database-migration/docs/)\n\n## Example Usage\n\n### Database Migration Service Migration Job Mysql To Mysql\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst sourceCsql = new gcp.sql.DatabaseInstance(\"source_csql\", {\n name: \"source-csql\",\n databaseVersion: \"MYSQL_5_7\",\n settings: {\n tier: \"db-n1-standard-1\",\n deletionProtectionEnabled: false,\n },\n deletionProtection: false,\n});\nconst sourceSqlClientCert = new gcp.sql.SslCert(\"source_sql_client_cert\", {\n commonName: \"cert\",\n instance: sourceCsql.name,\n}, {\n dependsOn: [sourceCsql],\n});\nconst sourceSqldbUser = new gcp.sql.User(\"source_sqldb_user\", {\n name: \"username\",\n instance: sourceCsql.name,\n password: \"password\",\n}, {\n dependsOn: [sourceSqlClientCert],\n});\nconst sourceCp = new gcp.databasemigrationservice.ConnectionProfile(\"source_cp\", {\n location: \"us-central1\",\n connectionProfileId: \"source-cp\",\n displayName: \"source-cp_display\",\n labels: {\n foo: \"bar\",\n },\n mysql: {\n host: sourceCsql.ipAddresses.apply(ipAddresses =\u003e ipAddresses[0].ipAddress),\n port: 3306,\n username: sourceSqldbUser.name,\n password: sourceSqldbUser.password,\n ssl: {\n clientKey: sourceSqlClientCert.privateKey,\n clientCertificate: sourceSqlClientCert.cert,\n caCertificate: sourceSqlClientCert.serverCaCert,\n },\n cloudSqlId: \"source-csql\",\n },\n}, {\n dependsOn: [sourceSqldbUser],\n});\nconst destinationCsql = new gcp.sql.DatabaseInstance(\"destination_csql\", {\n name: \"destination-csql\",\n databaseVersion: \"MYSQL_5_7\",\n settings: {\n tier: \"db-n1-standard-1\",\n deletionProtectionEnabled: false,\n },\n deletionProtection: false,\n});\nconst destinationCp = new gcp.databasemigrationservice.ConnectionProfile(\"destination_cp\", {\n location: \"us-central1\",\n connectionProfileId: \"destination-cp\",\n displayName: \"destination-cp_display\",\n labels: {\n foo: \"bar\",\n },\n mysql: {\n cloudSqlId: \"destination-csql\",\n },\n}, {\n dependsOn: [destinationCsql],\n});\nconst _default = new gcp.compute.Network(\"default\", {name: \"destination-csql\"});\nconst mysqltomysql = new gcp.databasemigrationservice.MigrationJob(\"mysqltomysql\", {\n location: \"us-central1\",\n migrationJobId: \"my-migrationid\",\n displayName: \"my-migrationid_display\",\n labels: {\n foo: \"bar\",\n },\n performanceConfig: {\n dumpParallelLevel: \"MAX\",\n },\n vpcPeeringConnectivity: {\n vpc: _default.id,\n },\n dumpType: \"LOGICAL\",\n dumpFlags: {\n dumpFlags: [{\n name: \"max-allowed-packet\",\n value: \"1073741824\",\n }],\n },\n source: sourceCp.name,\n destination: destinationCp.name,\n type: \"CONTINUOUS\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nsource_csql = gcp.sql.DatabaseInstance(\"source_csql\",\n name=\"source-csql\",\n database_version=\"MYSQL_5_7\",\n settings={\n \"tier\": \"db-n1-standard-1\",\n \"deletion_protection_enabled\": False,\n },\n deletion_protection=False)\nsource_sql_client_cert = gcp.sql.SslCert(\"source_sql_client_cert\",\n common_name=\"cert\",\n instance=source_csql.name,\n opts = pulumi.ResourceOptions(depends_on=[source_csql]))\nsource_sqldb_user = gcp.sql.User(\"source_sqldb_user\",\n name=\"username\",\n instance=source_csql.name,\n password=\"password\",\n opts = pulumi.ResourceOptions(depends_on=[source_sql_client_cert]))\nsource_cp = gcp.databasemigrationservice.ConnectionProfile(\"source_cp\",\n location=\"us-central1\",\n connection_profile_id=\"source-cp\",\n display_name=\"source-cp_display\",\n labels={\n \"foo\": \"bar\",\n },\n mysql={\n \"host\": source_csql.ip_addresses[0].ip_address,\n \"port\": 3306,\n \"username\": source_sqldb_user.name,\n \"password\": source_sqldb_user.password,\n \"ssl\": {\n \"client_key\": source_sql_client_cert.private_key,\n \"client_certificate\": source_sql_client_cert.cert,\n \"ca_certificate\": source_sql_client_cert.server_ca_cert,\n },\n \"cloud_sql_id\": \"source-csql\",\n },\n opts = pulumi.ResourceOptions(depends_on=[source_sqldb_user]))\ndestination_csql = gcp.sql.DatabaseInstance(\"destination_csql\",\n name=\"destination-csql\",\n database_version=\"MYSQL_5_7\",\n settings={\n \"tier\": \"db-n1-standard-1\",\n \"deletion_protection_enabled\": False,\n },\n deletion_protection=False)\ndestination_cp = gcp.databasemigrationservice.ConnectionProfile(\"destination_cp\",\n location=\"us-central1\",\n connection_profile_id=\"destination-cp\",\n display_name=\"destination-cp_display\",\n labels={\n \"foo\": \"bar\",\n },\n mysql={\n \"cloud_sql_id\": \"destination-csql\",\n },\n opts = pulumi.ResourceOptions(depends_on=[destination_csql]))\ndefault = gcp.compute.Network(\"default\", name=\"destination-csql\")\nmysqltomysql = gcp.databasemigrationservice.MigrationJob(\"mysqltomysql\",\n location=\"us-central1\",\n migration_job_id=\"my-migrationid\",\n display_name=\"my-migrationid_display\",\n labels={\n \"foo\": \"bar\",\n },\n performance_config={\n \"dump_parallel_level\": \"MAX\",\n },\n vpc_peering_connectivity={\n \"vpc\": default.id,\n },\n dump_type=\"LOGICAL\",\n dump_flags={\n \"dump_flags\": [{\n \"name\": \"max-allowed-packet\",\n \"value\": \"1073741824\",\n }],\n },\n source=source_cp.name,\n destination=destination_cp.name,\n type=\"CONTINUOUS\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var sourceCsql = new Gcp.Sql.DatabaseInstance(\"source_csql\", new()\n {\n Name = \"source-csql\",\n DatabaseVersion = \"MYSQL_5_7\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-n1-standard-1\",\n DeletionProtectionEnabled = false,\n },\n DeletionProtection = false,\n });\n\n var sourceSqlClientCert = new Gcp.Sql.SslCert(\"source_sql_client_cert\", new()\n {\n CommonName = \"cert\",\n Instance = sourceCsql.Name,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n sourceCsql,\n },\n });\n\n var sourceSqldbUser = new Gcp.Sql.User(\"source_sqldb_user\", new()\n {\n Name = \"username\",\n Instance = sourceCsql.Name,\n Password = \"password\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n sourceSqlClientCert,\n },\n });\n\n var sourceCp = new Gcp.DatabaseMigrationService.ConnectionProfile(\"source_cp\", new()\n {\n Location = \"us-central1\",\n ConnectionProfileId = \"source-cp\",\n DisplayName = \"source-cp_display\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Mysql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileMysqlArgs\n {\n Host = sourceCsql.IpAddresses.Apply(ipAddresses =\u003e ipAddresses[0].IpAddress),\n Port = 3306,\n Username = sourceSqldbUser.Name,\n Password = sourceSqldbUser.Password,\n Ssl = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileMysqlSslArgs\n {\n ClientKey = sourceSqlClientCert.PrivateKey,\n ClientCertificate = sourceSqlClientCert.Cert,\n CaCertificate = sourceSqlClientCert.ServerCaCert,\n },\n CloudSqlId = \"source-csql\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n sourceSqldbUser,\n },\n });\n\n var destinationCsql = new Gcp.Sql.DatabaseInstance(\"destination_csql\", new()\n {\n Name = \"destination-csql\",\n DatabaseVersion = \"MYSQL_5_7\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-n1-standard-1\",\n DeletionProtectionEnabled = false,\n },\n DeletionProtection = false,\n });\n\n var destinationCp = new Gcp.DatabaseMigrationService.ConnectionProfile(\"destination_cp\", new()\n {\n Location = \"us-central1\",\n ConnectionProfileId = \"destination-cp\",\n DisplayName = \"destination-cp_display\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Mysql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileMysqlArgs\n {\n CloudSqlId = \"destination-csql\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n destinationCsql,\n },\n });\n\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"destination-csql\",\n });\n\n var mysqltomysql = new Gcp.DatabaseMigrationService.MigrationJob(\"mysqltomysql\", new()\n {\n Location = \"us-central1\",\n MigrationJobId = \"my-migrationid\",\n DisplayName = \"my-migrationid_display\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n PerformanceConfig = new Gcp.DatabaseMigrationService.Inputs.MigrationJobPerformanceConfigArgs\n {\n DumpParallelLevel = \"MAX\",\n },\n VpcPeeringConnectivity = new Gcp.DatabaseMigrationService.Inputs.MigrationJobVpcPeeringConnectivityArgs\n {\n Vpc = @default.Id,\n },\n DumpType = \"LOGICAL\",\n DumpFlags = new Gcp.DatabaseMigrationService.Inputs.MigrationJobDumpFlagsArgs\n {\n DumpFlags = new[]\n {\n new Gcp.DatabaseMigrationService.Inputs.MigrationJobDumpFlagsDumpFlagArgs\n {\n Name = \"max-allowed-packet\",\n Value = \"1073741824\",\n },\n },\n },\n Source = sourceCp.Name,\n Destination = destinationCp.Name,\n Type = \"CONTINUOUS\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/databasemigrationservice\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceCsql, err := sql.NewDatabaseInstance(ctx, \"source_csql\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"source-csql\"),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_5_7\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-n1-standard-1\"),\n\t\t\t\tDeletionProtectionEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceSqlClientCert, err := sql.NewSslCert(ctx, \"source_sql_client_cert\", \u0026sql.SslCertArgs{\n\t\t\tCommonName: pulumi.String(\"cert\"),\n\t\t\tInstance: sourceCsql.Name,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsourceCsql,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceSqldbUser, err := sql.NewUser(ctx, \"source_sqldb_user\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"username\"),\n\t\t\tInstance: sourceCsql.Name,\n\t\t\tPassword: pulumi.String(\"password\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsourceSqlClientCert,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceCp, err := databasemigrationservice.NewConnectionProfile(ctx, \"source_cp\", \u0026databasemigrationservice.ConnectionProfileArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"source-cp\"),\n\t\t\tDisplayName: pulumi.String(\"source-cp_display\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tMysql: \u0026databasemigrationservice.ConnectionProfileMysqlArgs{\n\t\t\t\tHost: sourceCsql.IpAddresses.ApplyT(func(ipAddresses []sql.DatabaseInstanceIpAddress) (*string, error) {\n\t\t\t\t\treturn \u0026ipAddresses[0].IpAddress, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\tPort: pulumi.Int(3306),\n\t\t\t\tUsername: sourceSqldbUser.Name,\n\t\t\t\tPassword: sourceSqldbUser.Password,\n\t\t\t\tSsl: \u0026databasemigrationservice.ConnectionProfileMysqlSslArgs{\n\t\t\t\t\tClientKey: sourceSqlClientCert.PrivateKey,\n\t\t\t\t\tClientCertificate: sourceSqlClientCert.Cert,\n\t\t\t\t\tCaCertificate: sourceSqlClientCert.ServerCaCert,\n\t\t\t\t},\n\t\t\t\tCloudSqlId: pulumi.String(\"source-csql\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsourceSqldbUser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestinationCsql, err := sql.NewDatabaseInstance(ctx, \"destination_csql\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"destination-csql\"),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_5_7\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-n1-standard-1\"),\n\t\t\t\tDeletionProtectionEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestinationCp, err := databasemigrationservice.NewConnectionProfile(ctx, \"destination_cp\", \u0026databasemigrationservice.ConnectionProfileArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"destination-cp\"),\n\t\t\tDisplayName: pulumi.String(\"destination-cp_display\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tMysql: \u0026databasemigrationservice.ConnectionProfileMysqlArgs{\n\t\t\t\tCloudSqlId: pulumi.String(\"destination-csql\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdestinationCsql,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"destination-csql\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = databasemigrationservice.NewMigrationJob(ctx, \"mysqltomysql\", \u0026databasemigrationservice.MigrationJobArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tMigrationJobId: pulumi.String(\"my-migrationid\"),\n\t\t\tDisplayName: pulumi.String(\"my-migrationid_display\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tPerformanceConfig: \u0026databasemigrationservice.MigrationJobPerformanceConfigArgs{\n\t\t\t\tDumpParallelLevel: pulumi.String(\"MAX\"),\n\t\t\t},\n\t\t\tVpcPeeringConnectivity: \u0026databasemigrationservice.MigrationJobVpcPeeringConnectivityArgs{\n\t\t\t\tVpc: _default.ID(),\n\t\t\t},\n\t\t\tDumpType: pulumi.String(\"LOGICAL\"),\n\t\t\tDumpFlags: \u0026databasemigrationservice.MigrationJobDumpFlagsArgs{\n\t\t\t\tDumpFlags: databasemigrationservice.MigrationJobDumpFlagsDumpFlagArray{\n\t\t\t\t\t\u0026databasemigrationservice.MigrationJobDumpFlagsDumpFlagArgs{\n\t\t\t\t\t\tName: pulumi.String(\"max-allowed-packet\"),\n\t\t\t\t\t\tValue: pulumi.String(\"1073741824\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tSource: sourceCp.Name,\n\t\t\tDestination: destinationCp.Name,\n\t\t\tType: pulumi.String(\"CONTINUOUS\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.SslCert;\nimport com.pulumi.gcp.sql.SslCertArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfile;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfileArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileMysqlArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileMysqlSslArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.databasemigrationservice.MigrationJob;\nimport com.pulumi.gcp.databasemigrationservice.MigrationJobArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.MigrationJobPerformanceConfigArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.MigrationJobVpcPeeringConnectivityArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.MigrationJobDumpFlagsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var sourceCsql = new DatabaseInstance(\"sourceCsql\", DatabaseInstanceArgs.builder()\n .name(\"source-csql\")\n .databaseVersion(\"MYSQL_5_7\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-n1-standard-1\")\n .deletionProtectionEnabled(false)\n .build())\n .deletionProtection(false)\n .build());\n\n var sourceSqlClientCert = new SslCert(\"sourceSqlClientCert\", SslCertArgs.builder()\n .commonName(\"cert\")\n .instance(sourceCsql.name())\n .build(), CustomResourceOptions.builder()\n .dependsOn(sourceCsql)\n .build());\n\n var sourceSqldbUser = new User(\"sourceSqldbUser\", UserArgs.builder()\n .name(\"username\")\n .instance(sourceCsql.name())\n .password(\"password\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(sourceSqlClientCert)\n .build());\n\n var sourceCp = new ConnectionProfile(\"sourceCp\", ConnectionProfileArgs.builder()\n .location(\"us-central1\")\n .connectionProfileId(\"source-cp\")\n .displayName(\"source-cp_display\")\n .labels(Map.of(\"foo\", \"bar\"))\n .mysql(ConnectionProfileMysqlArgs.builder()\n .host(sourceCsql.ipAddresses().applyValue(ipAddresses -\u003e ipAddresses[0].ipAddress()))\n .port(3306)\n .username(sourceSqldbUser.name())\n .password(sourceSqldbUser.password())\n .ssl(ConnectionProfileMysqlSslArgs.builder()\n .clientKey(sourceSqlClientCert.privateKey())\n .clientCertificate(sourceSqlClientCert.cert())\n .caCertificate(sourceSqlClientCert.serverCaCert())\n .build())\n .cloudSqlId(\"source-csql\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(sourceSqldbUser)\n .build());\n\n var destinationCsql = new DatabaseInstance(\"destinationCsql\", DatabaseInstanceArgs.builder()\n .name(\"destination-csql\")\n .databaseVersion(\"MYSQL_5_7\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-n1-standard-1\")\n .deletionProtectionEnabled(false)\n .build())\n .deletionProtection(false)\n .build());\n\n var destinationCp = new ConnectionProfile(\"destinationCp\", ConnectionProfileArgs.builder()\n .location(\"us-central1\")\n .connectionProfileId(\"destination-cp\")\n .displayName(\"destination-cp_display\")\n .labels(Map.of(\"foo\", \"bar\"))\n .mysql(ConnectionProfileMysqlArgs.builder()\n .cloudSqlId(\"destination-csql\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(destinationCsql)\n .build());\n\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"destination-csql\")\n .build());\n\n var mysqltomysql = new MigrationJob(\"mysqltomysql\", MigrationJobArgs.builder()\n .location(\"us-central1\")\n .migrationJobId(\"my-migrationid\")\n .displayName(\"my-migrationid_display\")\n .labels(Map.of(\"foo\", \"bar\"))\n .performanceConfig(MigrationJobPerformanceConfigArgs.builder()\n .dumpParallelLevel(\"MAX\")\n .build())\n .vpcPeeringConnectivity(MigrationJobVpcPeeringConnectivityArgs.builder()\n .vpc(default_.id())\n .build())\n .dumpType(\"LOGICAL\")\n .dumpFlags(MigrationJobDumpFlagsArgs.builder()\n .dumpFlags(MigrationJobDumpFlagsDumpFlagArgs.builder()\n .name(\"max-allowed-packet\")\n .value(\"1073741824\")\n .build())\n .build())\n .source(sourceCp.name())\n .destination(destinationCp.name())\n .type(\"CONTINUOUS\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sourceCsql:\n type: gcp:sql:DatabaseInstance\n name: source_csql\n properties:\n name: source-csql\n databaseVersion: MYSQL_5_7\n settings:\n tier: db-n1-standard-1\n deletionProtectionEnabled: false\n deletionProtection: false\n sourceSqlClientCert:\n type: gcp:sql:SslCert\n name: source_sql_client_cert\n properties:\n commonName: cert\n instance: ${sourceCsql.name}\n options:\n dependson:\n - ${sourceCsql}\n sourceSqldbUser:\n type: gcp:sql:User\n name: source_sqldb_user\n properties:\n name: username\n instance: ${sourceCsql.name}\n password: password\n options:\n dependson:\n - ${sourceSqlClientCert}\n sourceCp:\n type: gcp:databasemigrationservice:ConnectionProfile\n name: source_cp\n properties:\n location: us-central1\n connectionProfileId: source-cp\n displayName: source-cp_display\n labels:\n foo: bar\n mysql:\n host: ${sourceCsql.ipAddresses[0].ipAddress}\n port: 3306\n username: ${sourceSqldbUser.name}\n password: ${sourceSqldbUser.password}\n ssl:\n clientKey: ${sourceSqlClientCert.privateKey}\n clientCertificate: ${sourceSqlClientCert.cert}\n caCertificate: ${sourceSqlClientCert.serverCaCert}\n cloudSqlId: source-csql\n options:\n dependson:\n - ${sourceSqldbUser}\n destinationCsql:\n type: gcp:sql:DatabaseInstance\n name: destination_csql\n properties:\n name: destination-csql\n databaseVersion: MYSQL_5_7\n settings:\n tier: db-n1-standard-1\n deletionProtectionEnabled: false\n deletionProtection: false\n destinationCp:\n type: gcp:databasemigrationservice:ConnectionProfile\n name: destination_cp\n properties:\n location: us-central1\n connectionProfileId: destination-cp\n displayName: destination-cp_display\n labels:\n foo: bar\n mysql:\n cloudSqlId: destination-csql\n options:\n dependson:\n - ${destinationCsql}\n default:\n type: gcp:compute:Network\n properties:\n name: destination-csql\n mysqltomysql:\n type: gcp:databasemigrationservice:MigrationJob\n properties:\n location: us-central1\n migrationJobId: my-migrationid\n displayName: my-migrationid_display\n labels:\n foo: bar\n performanceConfig:\n dumpParallelLevel: MAX\n vpcPeeringConnectivity:\n vpc: ${default.id}\n dumpType: LOGICAL\n dumpFlags:\n dumpFlags:\n - name: max-allowed-packet\n value: '1073741824'\n source: ${sourceCp.name}\n destination: ${destinationCp.name}\n type: CONTINUOUS\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Database Migration Service Migration Job Postgres To Postgres\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst sourceCsql = new gcp.sql.DatabaseInstance(\"source_csql\", {\n name: \"source-csql\",\n databaseVersion: \"POSTGRES_15\",\n settings: {\n tier: \"db-custom-2-13312\",\n deletionProtectionEnabled: false,\n },\n deletionProtection: false,\n});\nconst sourceSqlClientCert = new gcp.sql.SslCert(\"source_sql_client_cert\", {\n commonName: \"cert\",\n instance: sourceCsql.name,\n}, {\n dependsOn: [sourceCsql],\n});\nconst sourceSqldbUser = new gcp.sql.User(\"source_sqldb_user\", {\n name: \"username\",\n instance: sourceCsql.name,\n password: \"password\",\n}, {\n dependsOn: [sourceSqlClientCert],\n});\nconst sourceCp = new gcp.databasemigrationservice.ConnectionProfile(\"source_cp\", {\n location: \"us-central1\",\n connectionProfileId: \"source-cp\",\n displayName: \"source-cp_display\",\n labels: {\n foo: \"bar\",\n },\n postgresql: {\n host: sourceCsql.ipAddresses.apply(ipAddresses =\u003e ipAddresses[0].ipAddress),\n port: 3306,\n username: sourceSqldbUser.name,\n password: sourceSqldbUser.password,\n ssl: {\n clientKey: sourceSqlClientCert.privateKey,\n clientCertificate: sourceSqlClientCert.cert,\n caCertificate: sourceSqlClientCert.serverCaCert,\n },\n cloudSqlId: \"source-csql\",\n },\n}, {\n dependsOn: [sourceSqldbUser],\n});\nconst destinationCsql = new gcp.sql.DatabaseInstance(\"destination_csql\", {\n name: \"destination-csql\",\n databaseVersion: \"POSTGRES_15\",\n settings: {\n tier: \"db-custom-2-13312\",\n deletionProtectionEnabled: false,\n },\n deletionProtection: false,\n});\nconst destinationCp = new gcp.databasemigrationservice.ConnectionProfile(\"destination_cp\", {\n location: \"us-central1\",\n connectionProfileId: \"destination-cp\",\n displayName: \"destination-cp_display\",\n labels: {\n foo: \"bar\",\n },\n postgresql: {\n cloudSqlId: \"destination-csql\",\n },\n}, {\n dependsOn: [destinationCsql],\n});\nconst psqltopsql = new gcp.databasemigrationservice.MigrationJob(\"psqltopsql\", {\n location: \"us-central1\",\n migrationJobId: \"my-migrationid\",\n displayName: \"my-migrationid_display\",\n labels: {\n foo: \"bar\",\n },\n staticIpConnectivity: {},\n source: sourceCp.name,\n destination: destinationCp.name,\n type: \"CONTINUOUS\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nsource_csql = gcp.sql.DatabaseInstance(\"source_csql\",\n name=\"source-csql\",\n database_version=\"POSTGRES_15\",\n settings={\n \"tier\": \"db-custom-2-13312\",\n \"deletion_protection_enabled\": False,\n },\n deletion_protection=False)\nsource_sql_client_cert = gcp.sql.SslCert(\"source_sql_client_cert\",\n common_name=\"cert\",\n instance=source_csql.name,\n opts = pulumi.ResourceOptions(depends_on=[source_csql]))\nsource_sqldb_user = gcp.sql.User(\"source_sqldb_user\",\n name=\"username\",\n instance=source_csql.name,\n password=\"password\",\n opts = pulumi.ResourceOptions(depends_on=[source_sql_client_cert]))\nsource_cp = gcp.databasemigrationservice.ConnectionProfile(\"source_cp\",\n location=\"us-central1\",\n connection_profile_id=\"source-cp\",\n display_name=\"source-cp_display\",\n labels={\n \"foo\": \"bar\",\n },\n postgresql={\n \"host\": source_csql.ip_addresses[0].ip_address,\n \"port\": 3306,\n \"username\": source_sqldb_user.name,\n \"password\": source_sqldb_user.password,\n \"ssl\": {\n \"client_key\": source_sql_client_cert.private_key,\n \"client_certificate\": source_sql_client_cert.cert,\n \"ca_certificate\": source_sql_client_cert.server_ca_cert,\n },\n \"cloud_sql_id\": \"source-csql\",\n },\n opts = pulumi.ResourceOptions(depends_on=[source_sqldb_user]))\ndestination_csql = gcp.sql.DatabaseInstance(\"destination_csql\",\n name=\"destination-csql\",\n database_version=\"POSTGRES_15\",\n settings={\n \"tier\": \"db-custom-2-13312\",\n \"deletion_protection_enabled\": False,\n },\n deletion_protection=False)\ndestination_cp = gcp.databasemigrationservice.ConnectionProfile(\"destination_cp\",\n location=\"us-central1\",\n connection_profile_id=\"destination-cp\",\n display_name=\"destination-cp_display\",\n labels={\n \"foo\": \"bar\",\n },\n postgresql={\n \"cloud_sql_id\": \"destination-csql\",\n },\n opts = pulumi.ResourceOptions(depends_on=[destination_csql]))\npsqltopsql = gcp.databasemigrationservice.MigrationJob(\"psqltopsql\",\n location=\"us-central1\",\n migration_job_id=\"my-migrationid\",\n display_name=\"my-migrationid_display\",\n labels={\n \"foo\": \"bar\",\n },\n static_ip_connectivity={},\n source=source_cp.name,\n destination=destination_cp.name,\n type=\"CONTINUOUS\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var sourceCsql = new Gcp.Sql.DatabaseInstance(\"source_csql\", new()\n {\n Name = \"source-csql\",\n DatabaseVersion = \"POSTGRES_15\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-custom-2-13312\",\n DeletionProtectionEnabled = false,\n },\n DeletionProtection = false,\n });\n\n var sourceSqlClientCert = new Gcp.Sql.SslCert(\"source_sql_client_cert\", new()\n {\n CommonName = \"cert\",\n Instance = sourceCsql.Name,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n sourceCsql,\n },\n });\n\n var sourceSqldbUser = new Gcp.Sql.User(\"source_sqldb_user\", new()\n {\n Name = \"username\",\n Instance = sourceCsql.Name,\n Password = \"password\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n sourceSqlClientCert,\n },\n });\n\n var sourceCp = new Gcp.DatabaseMigrationService.ConnectionProfile(\"source_cp\", new()\n {\n Location = \"us-central1\",\n ConnectionProfileId = \"source-cp\",\n DisplayName = \"source-cp_display\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Postgresql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfilePostgresqlArgs\n {\n Host = sourceCsql.IpAddresses.Apply(ipAddresses =\u003e ipAddresses[0].IpAddress),\n Port = 3306,\n Username = sourceSqldbUser.Name,\n Password = sourceSqldbUser.Password,\n Ssl = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfilePostgresqlSslArgs\n {\n ClientKey = sourceSqlClientCert.PrivateKey,\n ClientCertificate = sourceSqlClientCert.Cert,\n CaCertificate = sourceSqlClientCert.ServerCaCert,\n },\n CloudSqlId = \"source-csql\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n sourceSqldbUser,\n },\n });\n\n var destinationCsql = new Gcp.Sql.DatabaseInstance(\"destination_csql\", new()\n {\n Name = \"destination-csql\",\n DatabaseVersion = \"POSTGRES_15\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-custom-2-13312\",\n DeletionProtectionEnabled = false,\n },\n DeletionProtection = false,\n });\n\n var destinationCp = new Gcp.DatabaseMigrationService.ConnectionProfile(\"destination_cp\", new()\n {\n Location = \"us-central1\",\n ConnectionProfileId = \"destination-cp\",\n DisplayName = \"destination-cp_display\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Postgresql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfilePostgresqlArgs\n {\n CloudSqlId = \"destination-csql\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n destinationCsql,\n },\n });\n\n var psqltopsql = new Gcp.DatabaseMigrationService.MigrationJob(\"psqltopsql\", new()\n {\n Location = \"us-central1\",\n MigrationJobId = \"my-migrationid\",\n DisplayName = \"my-migrationid_display\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n StaticIpConnectivity = null,\n Source = sourceCp.Name,\n Destination = destinationCp.Name,\n Type = \"CONTINUOUS\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/databasemigrationservice\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceCsql, err := sql.NewDatabaseInstance(ctx, \"source_csql\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"source-csql\"),\n\t\t\tDatabaseVersion: pulumi.String(\"POSTGRES_15\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-custom-2-13312\"),\n\t\t\t\tDeletionProtectionEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceSqlClientCert, err := sql.NewSslCert(ctx, \"source_sql_client_cert\", \u0026sql.SslCertArgs{\n\t\t\tCommonName: pulumi.String(\"cert\"),\n\t\t\tInstance: sourceCsql.Name,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsourceCsql,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceSqldbUser, err := sql.NewUser(ctx, \"source_sqldb_user\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"username\"),\n\t\t\tInstance: sourceCsql.Name,\n\t\t\tPassword: pulumi.String(\"password\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsourceSqlClientCert,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceCp, err := databasemigrationservice.NewConnectionProfile(ctx, \"source_cp\", \u0026databasemigrationservice.ConnectionProfileArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"source-cp\"),\n\t\t\tDisplayName: pulumi.String(\"source-cp_display\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tPostgresql: \u0026databasemigrationservice.ConnectionProfilePostgresqlArgs{\n\t\t\t\tHost: sourceCsql.IpAddresses.ApplyT(func(ipAddresses []sql.DatabaseInstanceIpAddress) (*string, error) {\n\t\t\t\t\treturn \u0026ipAddresses[0].IpAddress, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\tPort: pulumi.Int(3306),\n\t\t\t\tUsername: sourceSqldbUser.Name,\n\t\t\t\tPassword: sourceSqldbUser.Password,\n\t\t\t\tSsl: \u0026databasemigrationservice.ConnectionProfilePostgresqlSslArgs{\n\t\t\t\t\tClientKey: sourceSqlClientCert.PrivateKey,\n\t\t\t\t\tClientCertificate: sourceSqlClientCert.Cert,\n\t\t\t\t\tCaCertificate: sourceSqlClientCert.ServerCaCert,\n\t\t\t\t},\n\t\t\t\tCloudSqlId: pulumi.String(\"source-csql\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsourceSqldbUser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestinationCsql, err := sql.NewDatabaseInstance(ctx, \"destination_csql\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"destination-csql\"),\n\t\t\tDatabaseVersion: pulumi.String(\"POSTGRES_15\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-custom-2-13312\"),\n\t\t\t\tDeletionProtectionEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestinationCp, err := databasemigrationservice.NewConnectionProfile(ctx, \"destination_cp\", \u0026databasemigrationservice.ConnectionProfileArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"destination-cp\"),\n\t\t\tDisplayName: pulumi.String(\"destination-cp_display\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tPostgresql: \u0026databasemigrationservice.ConnectionProfilePostgresqlArgs{\n\t\t\t\tCloudSqlId: pulumi.String(\"destination-csql\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdestinationCsql,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = databasemigrationservice.NewMigrationJob(ctx, \"psqltopsql\", \u0026databasemigrationservice.MigrationJobArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tMigrationJobId: pulumi.String(\"my-migrationid\"),\n\t\t\tDisplayName: pulumi.String(\"my-migrationid_display\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tStaticIpConnectivity: \u0026databasemigrationservice.MigrationJobStaticIpConnectivityArgs{},\n\t\t\tSource: sourceCp.Name,\n\t\t\tDestination: destinationCp.Name,\n\t\t\tType: pulumi.String(\"CONTINUOUS\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.SslCert;\nimport com.pulumi.gcp.sql.SslCertArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfile;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfileArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfilePostgresqlArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfilePostgresqlSslArgs;\nimport com.pulumi.gcp.databasemigrationservice.MigrationJob;\nimport com.pulumi.gcp.databasemigrationservice.MigrationJobArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.MigrationJobStaticIpConnectivityArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var sourceCsql = new DatabaseInstance(\"sourceCsql\", DatabaseInstanceArgs.builder()\n .name(\"source-csql\")\n .databaseVersion(\"POSTGRES_15\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-custom-2-13312\")\n .deletionProtectionEnabled(false)\n .build())\n .deletionProtection(false)\n .build());\n\n var sourceSqlClientCert = new SslCert(\"sourceSqlClientCert\", SslCertArgs.builder()\n .commonName(\"cert\")\n .instance(sourceCsql.name())\n .build(), CustomResourceOptions.builder()\n .dependsOn(sourceCsql)\n .build());\n\n var sourceSqldbUser = new User(\"sourceSqldbUser\", UserArgs.builder()\n .name(\"username\")\n .instance(sourceCsql.name())\n .password(\"password\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(sourceSqlClientCert)\n .build());\n\n var sourceCp = new ConnectionProfile(\"sourceCp\", ConnectionProfileArgs.builder()\n .location(\"us-central1\")\n .connectionProfileId(\"source-cp\")\n .displayName(\"source-cp_display\")\n .labels(Map.of(\"foo\", \"bar\"))\n .postgresql(ConnectionProfilePostgresqlArgs.builder()\n .host(sourceCsql.ipAddresses().applyValue(ipAddresses -\u003e ipAddresses[0].ipAddress()))\n .port(3306)\n .username(sourceSqldbUser.name())\n .password(sourceSqldbUser.password())\n .ssl(ConnectionProfilePostgresqlSslArgs.builder()\n .clientKey(sourceSqlClientCert.privateKey())\n .clientCertificate(sourceSqlClientCert.cert())\n .caCertificate(sourceSqlClientCert.serverCaCert())\n .build())\n .cloudSqlId(\"source-csql\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(sourceSqldbUser)\n .build());\n\n var destinationCsql = new DatabaseInstance(\"destinationCsql\", DatabaseInstanceArgs.builder()\n .name(\"destination-csql\")\n .databaseVersion(\"POSTGRES_15\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-custom-2-13312\")\n .deletionProtectionEnabled(false)\n .build())\n .deletionProtection(false)\n .build());\n\n var destinationCp = new ConnectionProfile(\"destinationCp\", ConnectionProfileArgs.builder()\n .location(\"us-central1\")\n .connectionProfileId(\"destination-cp\")\n .displayName(\"destination-cp_display\")\n .labels(Map.of(\"foo\", \"bar\"))\n .postgresql(ConnectionProfilePostgresqlArgs.builder()\n .cloudSqlId(\"destination-csql\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(destinationCsql)\n .build());\n\n var psqltopsql = new MigrationJob(\"psqltopsql\", MigrationJobArgs.builder()\n .location(\"us-central1\")\n .migrationJobId(\"my-migrationid\")\n .displayName(\"my-migrationid_display\")\n .labels(Map.of(\"foo\", \"bar\"))\n .staticIpConnectivity()\n .source(sourceCp.name())\n .destination(destinationCp.name())\n .type(\"CONTINUOUS\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sourceCsql:\n type: gcp:sql:DatabaseInstance\n name: source_csql\n properties:\n name: source-csql\n databaseVersion: POSTGRES_15\n settings:\n tier: db-custom-2-13312\n deletionProtectionEnabled: false\n deletionProtection: false\n sourceSqlClientCert:\n type: gcp:sql:SslCert\n name: source_sql_client_cert\n properties:\n commonName: cert\n instance: ${sourceCsql.name}\n options:\n dependson:\n - ${sourceCsql}\n sourceSqldbUser:\n type: gcp:sql:User\n name: source_sqldb_user\n properties:\n name: username\n instance: ${sourceCsql.name}\n password: password\n options:\n dependson:\n - ${sourceSqlClientCert}\n sourceCp:\n type: gcp:databasemigrationservice:ConnectionProfile\n name: source_cp\n properties:\n location: us-central1\n connectionProfileId: source-cp\n displayName: source-cp_display\n labels:\n foo: bar\n postgresql:\n host: ${sourceCsql.ipAddresses[0].ipAddress}\n port: 3306\n username: ${sourceSqldbUser.name}\n password: ${sourceSqldbUser.password}\n ssl:\n clientKey: ${sourceSqlClientCert.privateKey}\n clientCertificate: ${sourceSqlClientCert.cert}\n caCertificate: ${sourceSqlClientCert.serverCaCert}\n cloudSqlId: source-csql\n options:\n dependson:\n - ${sourceSqldbUser}\n destinationCsql:\n type: gcp:sql:DatabaseInstance\n name: destination_csql\n properties:\n name: destination-csql\n databaseVersion: POSTGRES_15\n settings:\n tier: db-custom-2-13312\n deletionProtectionEnabled: false\n deletionProtection: false\n destinationCp:\n type: gcp:databasemigrationservice:ConnectionProfile\n name: destination_cp\n properties:\n location: us-central1\n connectionProfileId: destination-cp\n displayName: destination-cp_display\n labels:\n foo: bar\n postgresql:\n cloudSqlId: destination-csql\n options:\n dependson:\n - ${destinationCsql}\n psqltopsql:\n type: gcp:databasemigrationservice:MigrationJob\n properties:\n location: us-central1\n migrationJobId: my-migrationid\n displayName: my-migrationid_display\n labels:\n foo: bar\n staticIpConnectivity: {}\n source: ${sourceCp.name}\n destination: ${destinationCp.name}\n type: CONTINUOUS\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Database Migration Service Migration Job Postgres To Alloydb\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst sourceCsql = new gcp.sql.DatabaseInstance(\"source_csql\", {\n name: \"source-csql\",\n databaseVersion: \"POSTGRES_15\",\n settings: {\n tier: \"db-custom-2-13312\",\n deletionProtectionEnabled: false,\n },\n deletionProtection: false,\n});\nconst sourceSqlClientCert = new gcp.sql.SslCert(\"source_sql_client_cert\", {\n commonName: \"cert\",\n instance: sourceCsql.name,\n}, {\n dependsOn: [sourceCsql],\n});\nconst sourceSqldbUser = new gcp.sql.User(\"source_sqldb_user\", {\n name: \"username\",\n instance: sourceCsql.name,\n password: \"password\",\n}, {\n dependsOn: [sourceSqlClientCert],\n});\nconst sourceCp = new gcp.databasemigrationservice.ConnectionProfile(\"source_cp\", {\n location: \"us-central1\",\n connectionProfileId: \"source-cp\",\n displayName: \"source-cp_display\",\n labels: {\n foo: \"bar\",\n },\n postgresql: {\n host: sourceCsql.ipAddresses.apply(ipAddresses =\u003e ipAddresses[0].ipAddress),\n port: 3306,\n username: sourceSqldbUser.name,\n password: sourceSqldbUser.password,\n ssl: {\n clientKey: sourceSqlClientCert.privateKey,\n clientCertificate: sourceSqlClientCert.cert,\n caCertificate: sourceSqlClientCert.serverCaCert,\n },\n cloudSqlId: \"source-csql\",\n },\n}, {\n dependsOn: [sourceSqldbUser],\n});\nconst _default = new gcp.compute.Network(\"default\", {name: \"destination-alloydb\"});\nconst destinationAlloydb = new gcp.alloydb.Cluster(\"destination_alloydb\", {\n clusterId: \"destination-alloydb\",\n location: \"us-central1\",\n networkConfig: {\n network: _default.id,\n },\n databaseVersion: \"POSTGRES_15\",\n initialUser: {\n user: \"destination-alloydb\",\n password: \"destination-alloydb\",\n },\n});\nconst privateIpAlloc = new gcp.compute.GlobalAddress(\"private_ip_alloc\", {\n name: \"destination-alloydb\",\n addressType: \"INTERNAL\",\n purpose: \"VPC_PEERING\",\n prefixLength: 16,\n network: _default.id,\n});\nconst vpcConnection = new gcp.servicenetworking.Connection(\"vpc_connection\", {\n network: _default.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [privateIpAlloc.name],\n});\nconst destinationAlloydbPrimary = new gcp.alloydb.Instance(\"destination_alloydb_primary\", {\n cluster: destinationAlloydb.name,\n instanceId: \"destination-alloydb-primary\",\n instanceType: \"PRIMARY\",\n}, {\n dependsOn: [vpcConnection],\n});\nconst destinationCp = new gcp.databasemigrationservice.ConnectionProfile(\"destination_cp\", {\n location: \"us-central1\",\n connectionProfileId: \"destination-cp\",\n displayName: \"destination-cp_display\",\n labels: {\n foo: \"bar\",\n },\n postgresql: {\n alloydbClusterId: \"destination-alloydb\",\n },\n}, {\n dependsOn: [\n destinationAlloydb,\n destinationAlloydbPrimary,\n ],\n});\nconst psqltoalloydb = new gcp.databasemigrationservice.MigrationJob(\"psqltoalloydb\", {\n location: \"us-central1\",\n migrationJobId: \"my-migrationid\",\n displayName: \"my-migrationid_display\",\n labels: {\n foo: \"bar\",\n },\n staticIpConnectivity: {},\n source: sourceCp.name,\n destination: destinationCp.name,\n type: \"CONTINUOUS\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nsource_csql = gcp.sql.DatabaseInstance(\"source_csql\",\n name=\"source-csql\",\n database_version=\"POSTGRES_15\",\n settings={\n \"tier\": \"db-custom-2-13312\",\n \"deletion_protection_enabled\": False,\n },\n deletion_protection=False)\nsource_sql_client_cert = gcp.sql.SslCert(\"source_sql_client_cert\",\n common_name=\"cert\",\n instance=source_csql.name,\n opts = pulumi.ResourceOptions(depends_on=[source_csql]))\nsource_sqldb_user = gcp.sql.User(\"source_sqldb_user\",\n name=\"username\",\n instance=source_csql.name,\n password=\"password\",\n opts = pulumi.ResourceOptions(depends_on=[source_sql_client_cert]))\nsource_cp = gcp.databasemigrationservice.ConnectionProfile(\"source_cp\",\n location=\"us-central1\",\n connection_profile_id=\"source-cp\",\n display_name=\"source-cp_display\",\n labels={\n \"foo\": \"bar\",\n },\n postgresql={\n \"host\": source_csql.ip_addresses[0].ip_address,\n \"port\": 3306,\n \"username\": source_sqldb_user.name,\n \"password\": source_sqldb_user.password,\n \"ssl\": {\n \"client_key\": source_sql_client_cert.private_key,\n \"client_certificate\": source_sql_client_cert.cert,\n \"ca_certificate\": source_sql_client_cert.server_ca_cert,\n },\n \"cloud_sql_id\": \"source-csql\",\n },\n opts = pulumi.ResourceOptions(depends_on=[source_sqldb_user]))\ndefault = gcp.compute.Network(\"default\", name=\"destination-alloydb\")\ndestination_alloydb = gcp.alloydb.Cluster(\"destination_alloydb\",\n cluster_id=\"destination-alloydb\",\n location=\"us-central1\",\n network_config={\n \"network\": default.id,\n },\n database_version=\"POSTGRES_15\",\n initial_user={\n \"user\": \"destination-alloydb\",\n \"password\": \"destination-alloydb\",\n })\nprivate_ip_alloc = gcp.compute.GlobalAddress(\"private_ip_alloc\",\n name=\"destination-alloydb\",\n address_type=\"INTERNAL\",\n purpose=\"VPC_PEERING\",\n prefix_length=16,\n network=default.id)\nvpc_connection = gcp.servicenetworking.Connection(\"vpc_connection\",\n network=default.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[private_ip_alloc.name])\ndestination_alloydb_primary = gcp.alloydb.Instance(\"destination_alloydb_primary\",\n cluster=destination_alloydb.name,\n instance_id=\"destination-alloydb-primary\",\n instance_type=\"PRIMARY\",\n opts = pulumi.ResourceOptions(depends_on=[vpc_connection]))\ndestination_cp = gcp.databasemigrationservice.ConnectionProfile(\"destination_cp\",\n location=\"us-central1\",\n connection_profile_id=\"destination-cp\",\n display_name=\"destination-cp_display\",\n labels={\n \"foo\": \"bar\",\n },\n postgresql={\n \"alloydb_cluster_id\": \"destination-alloydb\",\n },\n opts = pulumi.ResourceOptions(depends_on=[\n destination_alloydb,\n destination_alloydb_primary,\n ]))\npsqltoalloydb = gcp.databasemigrationservice.MigrationJob(\"psqltoalloydb\",\n location=\"us-central1\",\n migration_job_id=\"my-migrationid\",\n display_name=\"my-migrationid_display\",\n labels={\n \"foo\": \"bar\",\n },\n static_ip_connectivity={},\n source=source_cp.name,\n destination=destination_cp.name,\n type=\"CONTINUOUS\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var sourceCsql = new Gcp.Sql.DatabaseInstance(\"source_csql\", new()\n {\n Name = \"source-csql\",\n DatabaseVersion = \"POSTGRES_15\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-custom-2-13312\",\n DeletionProtectionEnabled = false,\n },\n DeletionProtection = false,\n });\n\n var sourceSqlClientCert = new Gcp.Sql.SslCert(\"source_sql_client_cert\", new()\n {\n CommonName = \"cert\",\n Instance = sourceCsql.Name,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n sourceCsql,\n },\n });\n\n var sourceSqldbUser = new Gcp.Sql.User(\"source_sqldb_user\", new()\n {\n Name = \"username\",\n Instance = sourceCsql.Name,\n Password = \"password\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n sourceSqlClientCert,\n },\n });\n\n var sourceCp = new Gcp.DatabaseMigrationService.ConnectionProfile(\"source_cp\", new()\n {\n Location = \"us-central1\",\n ConnectionProfileId = \"source-cp\",\n DisplayName = \"source-cp_display\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Postgresql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfilePostgresqlArgs\n {\n Host = sourceCsql.IpAddresses.Apply(ipAddresses =\u003e ipAddresses[0].IpAddress),\n Port = 3306,\n Username = sourceSqldbUser.Name,\n Password = sourceSqldbUser.Password,\n Ssl = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfilePostgresqlSslArgs\n {\n ClientKey = sourceSqlClientCert.PrivateKey,\n ClientCertificate = sourceSqlClientCert.Cert,\n CaCertificate = sourceSqlClientCert.ServerCaCert,\n },\n CloudSqlId = \"source-csql\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n sourceSqldbUser,\n },\n });\n\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"destination-alloydb\",\n });\n\n var destinationAlloydb = new Gcp.Alloydb.Cluster(\"destination_alloydb\", new()\n {\n ClusterId = \"destination-alloydb\",\n Location = \"us-central1\",\n NetworkConfig = new Gcp.Alloydb.Inputs.ClusterNetworkConfigArgs\n {\n Network = @default.Id,\n },\n DatabaseVersion = \"POSTGRES_15\",\n InitialUser = new Gcp.Alloydb.Inputs.ClusterInitialUserArgs\n {\n User = \"destination-alloydb\",\n Password = \"destination-alloydb\",\n },\n });\n\n var privateIpAlloc = new Gcp.Compute.GlobalAddress(\"private_ip_alloc\", new()\n {\n Name = \"destination-alloydb\",\n AddressType = \"INTERNAL\",\n Purpose = \"VPC_PEERING\",\n PrefixLength = 16,\n Network = @default.Id,\n });\n\n var vpcConnection = new Gcp.ServiceNetworking.Connection(\"vpc_connection\", new()\n {\n Network = @default.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n privateIpAlloc.Name,\n },\n });\n\n var destinationAlloydbPrimary = new Gcp.Alloydb.Instance(\"destination_alloydb_primary\", new()\n {\n Cluster = destinationAlloydb.Name,\n InstanceId = \"destination-alloydb-primary\",\n InstanceType = \"PRIMARY\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n vpcConnection,\n },\n });\n\n var destinationCp = new Gcp.DatabaseMigrationService.ConnectionProfile(\"destination_cp\", new()\n {\n Location = \"us-central1\",\n ConnectionProfileId = \"destination-cp\",\n DisplayName = \"destination-cp_display\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Postgresql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfilePostgresqlArgs\n {\n AlloydbClusterId = \"destination-alloydb\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n destinationAlloydb,\n destinationAlloydbPrimary,\n },\n });\n\n var psqltoalloydb = new Gcp.DatabaseMigrationService.MigrationJob(\"psqltoalloydb\", new()\n {\n Location = \"us-central1\",\n MigrationJobId = \"my-migrationid\",\n DisplayName = \"my-migrationid_display\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n StaticIpConnectivity = null,\n Source = sourceCp.Name,\n Destination = destinationCp.Name,\n Type = \"CONTINUOUS\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/alloydb\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/databasemigrationservice\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceCsql, err := sql.NewDatabaseInstance(ctx, \"source_csql\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"source-csql\"),\n\t\t\tDatabaseVersion: pulumi.String(\"POSTGRES_15\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-custom-2-13312\"),\n\t\t\t\tDeletionProtectionEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceSqlClientCert, err := sql.NewSslCert(ctx, \"source_sql_client_cert\", \u0026sql.SslCertArgs{\n\t\t\tCommonName: pulumi.String(\"cert\"),\n\t\t\tInstance: sourceCsql.Name,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsourceCsql,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceSqldbUser, err := sql.NewUser(ctx, \"source_sqldb_user\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"username\"),\n\t\t\tInstance: sourceCsql.Name,\n\t\t\tPassword: pulumi.String(\"password\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsourceSqlClientCert,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceCp, err := databasemigrationservice.NewConnectionProfile(ctx, \"source_cp\", \u0026databasemigrationservice.ConnectionProfileArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"source-cp\"),\n\t\t\tDisplayName: pulumi.String(\"source-cp_display\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tPostgresql: \u0026databasemigrationservice.ConnectionProfilePostgresqlArgs{\n\t\t\t\tHost: sourceCsql.IpAddresses.ApplyT(func(ipAddresses []sql.DatabaseInstanceIpAddress) (*string, error) {\n\t\t\t\t\treturn \u0026ipAddresses[0].IpAddress, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\tPort: pulumi.Int(3306),\n\t\t\t\tUsername: sourceSqldbUser.Name,\n\t\t\t\tPassword: sourceSqldbUser.Password,\n\t\t\t\tSsl: \u0026databasemigrationservice.ConnectionProfilePostgresqlSslArgs{\n\t\t\t\t\tClientKey: sourceSqlClientCert.PrivateKey,\n\t\t\t\t\tClientCertificate: sourceSqlClientCert.Cert,\n\t\t\t\t\tCaCertificate: sourceSqlClientCert.ServerCaCert,\n\t\t\t\t},\n\t\t\t\tCloudSqlId: pulumi.String(\"source-csql\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsourceSqldbUser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"destination-alloydb\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestinationAlloydb, err := alloydb.NewCluster(ctx, \"destination_alloydb\", \u0026alloydb.ClusterArgs{\n\t\t\tClusterId: pulumi.String(\"destination-alloydb\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tNetworkConfig: \u0026alloydb.ClusterNetworkConfigArgs{\n\t\t\t\tNetwork: _default.ID(),\n\t\t\t},\n\t\t\tDatabaseVersion: pulumi.String(\"POSTGRES_15\"),\n\t\t\tInitialUser: \u0026alloydb.ClusterInitialUserArgs{\n\t\t\t\tUser: pulumi.String(\"destination-alloydb\"),\n\t\t\t\tPassword: pulumi.String(\"destination-alloydb\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateIpAlloc, err := compute.NewGlobalAddress(ctx, \"private_ip_alloc\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"destination-alloydb\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpcConnection, err := servicenetworking.NewConnection(ctx, \"vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: _default.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tprivateIpAlloc.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestinationAlloydbPrimary, err := alloydb.NewInstance(ctx, \"destination_alloydb_primary\", \u0026alloydb.InstanceArgs{\n\t\t\tCluster: destinationAlloydb.Name,\n\t\t\tInstanceId: pulumi.String(\"destination-alloydb-primary\"),\n\t\t\tInstanceType: pulumi.String(\"PRIMARY\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestinationCp, err := databasemigrationservice.NewConnectionProfile(ctx, \"destination_cp\", \u0026databasemigrationservice.ConnectionProfileArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"destination-cp\"),\n\t\t\tDisplayName: pulumi.String(\"destination-cp_display\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tPostgresql: \u0026databasemigrationservice.ConnectionProfilePostgresqlArgs{\n\t\t\t\tAlloydbClusterId: pulumi.String(\"destination-alloydb\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdestinationAlloydb,\n\t\t\tdestinationAlloydbPrimary,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = databasemigrationservice.NewMigrationJob(ctx, \"psqltoalloydb\", \u0026databasemigrationservice.MigrationJobArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tMigrationJobId: pulumi.String(\"my-migrationid\"),\n\t\t\tDisplayName: pulumi.String(\"my-migrationid_display\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tStaticIpConnectivity: \u0026databasemigrationservice.MigrationJobStaticIpConnectivityArgs{},\n\t\t\tSource: sourceCp.Name,\n\t\t\tDestination: destinationCp.Name,\n\t\t\tType: pulumi.String(\"CONTINUOUS\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.SslCert;\nimport com.pulumi.gcp.sql.SslCertArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfile;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfileArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfilePostgresqlArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfilePostgresqlSslArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.alloydb.Cluster;\nimport com.pulumi.gcp.alloydb.ClusterArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterNetworkConfigArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterInitialUserArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.alloydb.Instance;\nimport com.pulumi.gcp.alloydb.InstanceArgs;\nimport com.pulumi.gcp.databasemigrationservice.MigrationJob;\nimport com.pulumi.gcp.databasemigrationservice.MigrationJobArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.MigrationJobStaticIpConnectivityArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var sourceCsql = new DatabaseInstance(\"sourceCsql\", DatabaseInstanceArgs.builder()\n .name(\"source-csql\")\n .databaseVersion(\"POSTGRES_15\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-custom-2-13312\")\n .deletionProtectionEnabled(false)\n .build())\n .deletionProtection(false)\n .build());\n\n var sourceSqlClientCert = new SslCert(\"sourceSqlClientCert\", SslCertArgs.builder()\n .commonName(\"cert\")\n .instance(sourceCsql.name())\n .build(), CustomResourceOptions.builder()\n .dependsOn(sourceCsql)\n .build());\n\n var sourceSqldbUser = new User(\"sourceSqldbUser\", UserArgs.builder()\n .name(\"username\")\n .instance(sourceCsql.name())\n .password(\"password\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(sourceSqlClientCert)\n .build());\n\n var sourceCp = new ConnectionProfile(\"sourceCp\", ConnectionProfileArgs.builder()\n .location(\"us-central1\")\n .connectionProfileId(\"source-cp\")\n .displayName(\"source-cp_display\")\n .labels(Map.of(\"foo\", \"bar\"))\n .postgresql(ConnectionProfilePostgresqlArgs.builder()\n .host(sourceCsql.ipAddresses().applyValue(ipAddresses -\u003e ipAddresses[0].ipAddress()))\n .port(3306)\n .username(sourceSqldbUser.name())\n .password(sourceSqldbUser.password())\n .ssl(ConnectionProfilePostgresqlSslArgs.builder()\n .clientKey(sourceSqlClientCert.privateKey())\n .clientCertificate(sourceSqlClientCert.cert())\n .caCertificate(sourceSqlClientCert.serverCaCert())\n .build())\n .cloudSqlId(\"source-csql\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(sourceSqldbUser)\n .build());\n\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"destination-alloydb\")\n .build());\n\n var destinationAlloydb = new Cluster(\"destinationAlloydb\", ClusterArgs.builder()\n .clusterId(\"destination-alloydb\")\n .location(\"us-central1\")\n .networkConfig(ClusterNetworkConfigArgs.builder()\n .network(default_.id())\n .build())\n .databaseVersion(\"POSTGRES_15\")\n .initialUser(ClusterInitialUserArgs.builder()\n .user(\"destination-alloydb\")\n .password(\"destination-alloydb\")\n .build())\n .build());\n\n var privateIpAlloc = new GlobalAddress(\"privateIpAlloc\", GlobalAddressArgs.builder()\n .name(\"destination-alloydb\")\n .addressType(\"INTERNAL\")\n .purpose(\"VPC_PEERING\")\n .prefixLength(16)\n .network(default_.id())\n .build());\n\n var vpcConnection = new Connection(\"vpcConnection\", ConnectionArgs.builder()\n .network(default_.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(privateIpAlloc.name())\n .build());\n\n var destinationAlloydbPrimary = new Instance(\"destinationAlloydbPrimary\", InstanceArgs.builder()\n .cluster(destinationAlloydb.name())\n .instanceId(\"destination-alloydb-primary\")\n .instanceType(\"PRIMARY\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(vpcConnection)\n .build());\n\n var destinationCp = new ConnectionProfile(\"destinationCp\", ConnectionProfileArgs.builder()\n .location(\"us-central1\")\n .connectionProfileId(\"destination-cp\")\n .displayName(\"destination-cp_display\")\n .labels(Map.of(\"foo\", \"bar\"))\n .postgresql(ConnectionProfilePostgresqlArgs.builder()\n .alloydbClusterId(\"destination-alloydb\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n destinationAlloydb,\n destinationAlloydbPrimary)\n .build());\n\n var psqltoalloydb = new MigrationJob(\"psqltoalloydb\", MigrationJobArgs.builder()\n .location(\"us-central1\")\n .migrationJobId(\"my-migrationid\")\n .displayName(\"my-migrationid_display\")\n .labels(Map.of(\"foo\", \"bar\"))\n .staticIpConnectivity()\n .source(sourceCp.name())\n .destination(destinationCp.name())\n .type(\"CONTINUOUS\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sourceCsql:\n type: gcp:sql:DatabaseInstance\n name: source_csql\n properties:\n name: source-csql\n databaseVersion: POSTGRES_15\n settings:\n tier: db-custom-2-13312\n deletionProtectionEnabled: false\n deletionProtection: false\n sourceSqlClientCert:\n type: gcp:sql:SslCert\n name: source_sql_client_cert\n properties:\n commonName: cert\n instance: ${sourceCsql.name}\n options:\n dependson:\n - ${sourceCsql}\n sourceSqldbUser:\n type: gcp:sql:User\n name: source_sqldb_user\n properties:\n name: username\n instance: ${sourceCsql.name}\n password: password\n options:\n dependson:\n - ${sourceSqlClientCert}\n sourceCp:\n type: gcp:databasemigrationservice:ConnectionProfile\n name: source_cp\n properties:\n location: us-central1\n connectionProfileId: source-cp\n displayName: source-cp_display\n labels:\n foo: bar\n postgresql:\n host: ${sourceCsql.ipAddresses[0].ipAddress}\n port: 3306\n username: ${sourceSqldbUser.name}\n password: ${sourceSqldbUser.password}\n ssl:\n clientKey: ${sourceSqlClientCert.privateKey}\n clientCertificate: ${sourceSqlClientCert.cert}\n caCertificate: ${sourceSqlClientCert.serverCaCert}\n cloudSqlId: source-csql\n options:\n dependson:\n - ${sourceSqldbUser}\n destinationAlloydb:\n type: gcp:alloydb:Cluster\n name: destination_alloydb\n properties:\n clusterId: destination-alloydb\n location: us-central1\n networkConfig:\n network: ${default.id}\n databaseVersion: POSTGRES_15\n initialUser:\n user: destination-alloydb\n password: destination-alloydb\n destinationAlloydbPrimary:\n type: gcp:alloydb:Instance\n name: destination_alloydb_primary\n properties:\n cluster: ${destinationAlloydb.name}\n instanceId: destination-alloydb-primary\n instanceType: PRIMARY\n options:\n dependson:\n - ${vpcConnection}\n privateIpAlloc:\n type: gcp:compute:GlobalAddress\n name: private_ip_alloc\n properties:\n name: destination-alloydb\n addressType: INTERNAL\n purpose: VPC_PEERING\n prefixLength: 16\n network: ${default.id}\n vpcConnection:\n type: gcp:servicenetworking:Connection\n name: vpc_connection\n properties:\n network: ${default.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${privateIpAlloc.name}\n default:\n type: gcp:compute:Network\n properties:\n name: destination-alloydb\n destinationCp:\n type: gcp:databasemigrationservice:ConnectionProfile\n name: destination_cp\n properties:\n location: us-central1\n connectionProfileId: destination-cp\n displayName: destination-cp_display\n labels:\n foo: bar\n postgresql:\n alloydbClusterId: destination-alloydb\n options:\n dependson:\n - ${destinationAlloydb}\n - ${destinationAlloydbPrimary}\n psqltoalloydb:\n type: gcp:databasemigrationservice:MigrationJob\n properties:\n location: us-central1\n migrationJobId: my-migrationid\n displayName: my-migrationid_display\n labels:\n foo: bar\n staticIpConnectivity: {}\n source: ${sourceCp.name}\n destination: ${destinationCp.name}\n type: CONTINUOUS\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nMigrationJob can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/migrationJobs/{{migration_job_id}}`\n\n* `{{project}}/{{location}}/{{migration_job_id}}`\n\n* `{{location}}/{{migration_job_id}}`\n\nWhen using the `pulumi import` command, MigrationJob can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:databasemigrationservice/migrationJob:MigrationJob default projects/{{project}}/locations/{{location}}/migrationJobs/{{migration_job_id}}\n```\n\n```sh\n$ pulumi import gcp:databasemigrationservice/migrationJob:MigrationJob default {{project}}/{{location}}/{{migration_job_id}}\n```\n\n```sh\n$ pulumi import gcp:databasemigrationservice/migrationJob:MigrationJob default {{location}}/{{migration_job_id}}\n```\n\n", + "description": "A migration job definition.\n\n\nTo get more information about MigrationJob, see:\n\n* [API documentation](https://cloud.google.com/database-migration/docs/reference/rest/v1/projects.locations.migrationJobs/create)\n* How-to Guides\n * [Database Migration](https://cloud.google.com/database-migration/docs/)\n\n## Example Usage\n\n### Database Migration Service Migration Job Mysql To Mysql\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst sourceCsql = new gcp.sql.DatabaseInstance(\"source_csql\", {\n name: \"source-csql\",\n databaseVersion: \"MYSQL_5_7\",\n settings: {\n tier: \"db-n1-standard-1\",\n deletionProtectionEnabled: false,\n },\n deletionProtection: false,\n});\nconst sourceSqlClientCert = new gcp.sql.SslCert(\"source_sql_client_cert\", {\n commonName: \"cert\",\n instance: sourceCsql.name,\n}, {\n dependsOn: [sourceCsql],\n});\nconst sourceSqldbUser = new gcp.sql.User(\"source_sqldb_user\", {\n name: \"username\",\n instance: sourceCsql.name,\n password: \"password\",\n}, {\n dependsOn: [sourceSqlClientCert],\n});\nconst sourceCp = new gcp.databasemigrationservice.ConnectionProfile(\"source_cp\", {\n location: \"us-central1\",\n connectionProfileId: \"source-cp\",\n displayName: \"source-cp_display\",\n labels: {\n foo: \"bar\",\n },\n mysql: {\n host: sourceCsql.ipAddresses.apply(ipAddresses =\u003e ipAddresses[0].ipAddress),\n port: 3306,\n username: sourceSqldbUser.name,\n password: sourceSqldbUser.password,\n ssl: {\n clientKey: sourceSqlClientCert.privateKey,\n clientCertificate: sourceSqlClientCert.cert,\n caCertificate: sourceSqlClientCert.serverCaCert,\n },\n cloudSqlId: \"source-csql\",\n },\n}, {\n dependsOn: [sourceSqldbUser],\n});\nconst destinationCsql = new gcp.sql.DatabaseInstance(\"destination_csql\", {\n name: \"destination-csql\",\n databaseVersion: \"MYSQL_5_7\",\n settings: {\n tier: \"db-n1-standard-1\",\n deletionProtectionEnabled: false,\n },\n deletionProtection: false,\n});\nconst destinationCp = new gcp.databasemigrationservice.ConnectionProfile(\"destination_cp\", {\n location: \"us-central1\",\n connectionProfileId: \"destination-cp\",\n displayName: \"destination-cp_display\",\n labels: {\n foo: \"bar\",\n },\n mysql: {\n cloudSqlId: \"destination-csql\",\n },\n}, {\n dependsOn: [destinationCsql],\n});\nconst _default = new gcp.compute.Network(\"default\", {name: \"destination-csql\"});\nconst mysqltomysql = new gcp.databasemigrationservice.MigrationJob(\"mysqltomysql\", {\n location: \"us-central1\",\n migrationJobId: \"my-migrationid\",\n displayName: \"my-migrationid_display\",\n labels: {\n foo: \"bar\",\n },\n performanceConfig: {\n dumpParallelLevel: \"MAX\",\n },\n vpcPeeringConnectivity: {\n vpc: _default.id,\n },\n dumpType: \"LOGICAL\",\n dumpFlags: {\n dumpFlags: [{\n name: \"max-allowed-packet\",\n value: \"1073741824\",\n }],\n },\n source: sourceCp.name,\n destination: destinationCp.name,\n type: \"CONTINUOUS\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nsource_csql = gcp.sql.DatabaseInstance(\"source_csql\",\n name=\"source-csql\",\n database_version=\"MYSQL_5_7\",\n settings={\n \"tier\": \"db-n1-standard-1\",\n \"deletion_protection_enabled\": False,\n },\n deletion_protection=False)\nsource_sql_client_cert = gcp.sql.SslCert(\"source_sql_client_cert\",\n common_name=\"cert\",\n instance=source_csql.name,\n opts = pulumi.ResourceOptions(depends_on=[source_csql]))\nsource_sqldb_user = gcp.sql.User(\"source_sqldb_user\",\n name=\"username\",\n instance=source_csql.name,\n password=\"password\",\n opts = pulumi.ResourceOptions(depends_on=[source_sql_client_cert]))\nsource_cp = gcp.databasemigrationservice.ConnectionProfile(\"source_cp\",\n location=\"us-central1\",\n connection_profile_id=\"source-cp\",\n display_name=\"source-cp_display\",\n labels={\n \"foo\": \"bar\",\n },\n mysql={\n \"host\": source_csql.ip_addresses[0].ip_address,\n \"port\": 3306,\n \"username\": source_sqldb_user.name,\n \"password\": source_sqldb_user.password,\n \"ssl\": {\n \"client_key\": source_sql_client_cert.private_key,\n \"client_certificate\": source_sql_client_cert.cert,\n \"ca_certificate\": source_sql_client_cert.server_ca_cert,\n },\n \"cloud_sql_id\": \"source-csql\",\n },\n opts = pulumi.ResourceOptions(depends_on=[source_sqldb_user]))\ndestination_csql = gcp.sql.DatabaseInstance(\"destination_csql\",\n name=\"destination-csql\",\n database_version=\"MYSQL_5_7\",\n settings={\n \"tier\": \"db-n1-standard-1\",\n \"deletion_protection_enabled\": False,\n },\n deletion_protection=False)\ndestination_cp = gcp.databasemigrationservice.ConnectionProfile(\"destination_cp\",\n location=\"us-central1\",\n connection_profile_id=\"destination-cp\",\n display_name=\"destination-cp_display\",\n labels={\n \"foo\": \"bar\",\n },\n mysql={\n \"cloud_sql_id\": \"destination-csql\",\n },\n opts = pulumi.ResourceOptions(depends_on=[destination_csql]))\ndefault = gcp.compute.Network(\"default\", name=\"destination-csql\")\nmysqltomysql = gcp.databasemigrationservice.MigrationJob(\"mysqltomysql\",\n location=\"us-central1\",\n migration_job_id=\"my-migrationid\",\n display_name=\"my-migrationid_display\",\n labels={\n \"foo\": \"bar\",\n },\n performance_config={\n \"dump_parallel_level\": \"MAX\",\n },\n vpc_peering_connectivity={\n \"vpc\": default.id,\n },\n dump_type=\"LOGICAL\",\n dump_flags={\n \"dump_flags\": [{\n \"name\": \"max-allowed-packet\",\n \"value\": \"1073741824\",\n }],\n },\n source=source_cp.name,\n destination=destination_cp.name,\n type=\"CONTINUOUS\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var sourceCsql = new Gcp.Sql.DatabaseInstance(\"source_csql\", new()\n {\n Name = \"source-csql\",\n DatabaseVersion = \"MYSQL_5_7\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-n1-standard-1\",\n DeletionProtectionEnabled = false,\n },\n DeletionProtection = false,\n });\n\n var sourceSqlClientCert = new Gcp.Sql.SslCert(\"source_sql_client_cert\", new()\n {\n CommonName = \"cert\",\n Instance = sourceCsql.Name,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n sourceCsql,\n },\n });\n\n var sourceSqldbUser = new Gcp.Sql.User(\"source_sqldb_user\", new()\n {\n Name = \"username\",\n Instance = sourceCsql.Name,\n Password = \"password\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n sourceSqlClientCert,\n },\n });\n\n var sourceCp = new Gcp.DatabaseMigrationService.ConnectionProfile(\"source_cp\", new()\n {\n Location = \"us-central1\",\n ConnectionProfileId = \"source-cp\",\n DisplayName = \"source-cp_display\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Mysql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileMysqlArgs\n {\n Host = sourceCsql.IpAddresses.Apply(ipAddresses =\u003e ipAddresses[0].IpAddress),\n Port = 3306,\n Username = sourceSqldbUser.Name,\n Password = sourceSqldbUser.Password,\n Ssl = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileMysqlSslArgs\n {\n ClientKey = sourceSqlClientCert.PrivateKey,\n ClientCertificate = sourceSqlClientCert.Cert,\n CaCertificate = sourceSqlClientCert.ServerCaCert,\n },\n CloudSqlId = \"source-csql\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n sourceSqldbUser,\n },\n });\n\n var destinationCsql = new Gcp.Sql.DatabaseInstance(\"destination_csql\", new()\n {\n Name = \"destination-csql\",\n DatabaseVersion = \"MYSQL_5_7\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-n1-standard-1\",\n DeletionProtectionEnabled = false,\n },\n DeletionProtection = false,\n });\n\n var destinationCp = new Gcp.DatabaseMigrationService.ConnectionProfile(\"destination_cp\", new()\n {\n Location = \"us-central1\",\n ConnectionProfileId = \"destination-cp\",\n DisplayName = \"destination-cp_display\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Mysql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileMysqlArgs\n {\n CloudSqlId = \"destination-csql\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n destinationCsql,\n },\n });\n\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"destination-csql\",\n });\n\n var mysqltomysql = new Gcp.DatabaseMigrationService.MigrationJob(\"mysqltomysql\", new()\n {\n Location = \"us-central1\",\n MigrationJobId = \"my-migrationid\",\n DisplayName = \"my-migrationid_display\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n PerformanceConfig = new Gcp.DatabaseMigrationService.Inputs.MigrationJobPerformanceConfigArgs\n {\n DumpParallelLevel = \"MAX\",\n },\n VpcPeeringConnectivity = new Gcp.DatabaseMigrationService.Inputs.MigrationJobVpcPeeringConnectivityArgs\n {\n Vpc = @default.Id,\n },\n DumpType = \"LOGICAL\",\n DumpFlags = new Gcp.DatabaseMigrationService.Inputs.MigrationJobDumpFlagsArgs\n {\n DumpFlags = new[]\n {\n new Gcp.DatabaseMigrationService.Inputs.MigrationJobDumpFlagsDumpFlagArgs\n {\n Name = \"max-allowed-packet\",\n Value = \"1073741824\",\n },\n },\n },\n Source = sourceCp.Name,\n Destination = destinationCp.Name,\n Type = \"CONTINUOUS\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/databasemigrationservice\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceCsql, err := sql.NewDatabaseInstance(ctx, \"source_csql\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"source-csql\"),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_5_7\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-n1-standard-1\"),\n\t\t\t\tDeletionProtectionEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceSqlClientCert, err := sql.NewSslCert(ctx, \"source_sql_client_cert\", \u0026sql.SslCertArgs{\n\t\t\tCommonName: pulumi.String(\"cert\"),\n\t\t\tInstance: sourceCsql.Name,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsourceCsql,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceSqldbUser, err := sql.NewUser(ctx, \"source_sqldb_user\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"username\"),\n\t\t\tInstance: sourceCsql.Name,\n\t\t\tPassword: pulumi.String(\"password\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsourceSqlClientCert,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceCp, err := databasemigrationservice.NewConnectionProfile(ctx, \"source_cp\", \u0026databasemigrationservice.ConnectionProfileArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"source-cp\"),\n\t\t\tDisplayName: pulumi.String(\"source-cp_display\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tMysql: \u0026databasemigrationservice.ConnectionProfileMysqlArgs{\n\t\t\t\tHost: sourceCsql.IpAddresses.ApplyT(func(ipAddresses []sql.DatabaseInstanceIpAddress) (*string, error) {\n\t\t\t\t\treturn \u0026ipAddresses[0].IpAddress, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\tPort: pulumi.Int(3306),\n\t\t\t\tUsername: sourceSqldbUser.Name,\n\t\t\t\tPassword: sourceSqldbUser.Password,\n\t\t\t\tSsl: \u0026databasemigrationservice.ConnectionProfileMysqlSslArgs{\n\t\t\t\t\tClientKey: sourceSqlClientCert.PrivateKey,\n\t\t\t\t\tClientCertificate: sourceSqlClientCert.Cert,\n\t\t\t\t\tCaCertificate: sourceSqlClientCert.ServerCaCert,\n\t\t\t\t},\n\t\t\t\tCloudSqlId: pulumi.String(\"source-csql\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsourceSqldbUser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestinationCsql, err := sql.NewDatabaseInstance(ctx, \"destination_csql\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"destination-csql\"),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_5_7\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-n1-standard-1\"),\n\t\t\t\tDeletionProtectionEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestinationCp, err := databasemigrationservice.NewConnectionProfile(ctx, \"destination_cp\", \u0026databasemigrationservice.ConnectionProfileArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"destination-cp\"),\n\t\t\tDisplayName: pulumi.String(\"destination-cp_display\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tMysql: \u0026databasemigrationservice.ConnectionProfileMysqlArgs{\n\t\t\t\tCloudSqlId: pulumi.String(\"destination-csql\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdestinationCsql,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"destination-csql\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = databasemigrationservice.NewMigrationJob(ctx, \"mysqltomysql\", \u0026databasemigrationservice.MigrationJobArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tMigrationJobId: pulumi.String(\"my-migrationid\"),\n\t\t\tDisplayName: pulumi.String(\"my-migrationid_display\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tPerformanceConfig: \u0026databasemigrationservice.MigrationJobPerformanceConfigArgs{\n\t\t\t\tDumpParallelLevel: pulumi.String(\"MAX\"),\n\t\t\t},\n\t\t\tVpcPeeringConnectivity: \u0026databasemigrationservice.MigrationJobVpcPeeringConnectivityArgs{\n\t\t\t\tVpc: _default.ID(),\n\t\t\t},\n\t\t\tDumpType: pulumi.String(\"LOGICAL\"),\n\t\t\tDumpFlags: \u0026databasemigrationservice.MigrationJobDumpFlagsArgs{\n\t\t\t\tDumpFlags: databasemigrationservice.MigrationJobDumpFlagsDumpFlagArray{\n\t\t\t\t\t\u0026databasemigrationservice.MigrationJobDumpFlagsDumpFlagArgs{\n\t\t\t\t\t\tName: pulumi.String(\"max-allowed-packet\"),\n\t\t\t\t\t\tValue: pulumi.String(\"1073741824\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tSource: sourceCp.Name,\n\t\t\tDestination: destinationCp.Name,\n\t\t\tType: pulumi.String(\"CONTINUOUS\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.SslCert;\nimport com.pulumi.gcp.sql.SslCertArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfile;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfileArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileMysqlArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileMysqlSslArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.databasemigrationservice.MigrationJob;\nimport com.pulumi.gcp.databasemigrationservice.MigrationJobArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.MigrationJobPerformanceConfigArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.MigrationJobVpcPeeringConnectivityArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.MigrationJobDumpFlagsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var sourceCsql = new DatabaseInstance(\"sourceCsql\", DatabaseInstanceArgs.builder()\n .name(\"source-csql\")\n .databaseVersion(\"MYSQL_5_7\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-n1-standard-1\")\n .deletionProtectionEnabled(false)\n .build())\n .deletionProtection(false)\n .build());\n\n var sourceSqlClientCert = new SslCert(\"sourceSqlClientCert\", SslCertArgs.builder()\n .commonName(\"cert\")\n .instance(sourceCsql.name())\n .build(), CustomResourceOptions.builder()\n .dependsOn(sourceCsql)\n .build());\n\n var sourceSqldbUser = new User(\"sourceSqldbUser\", UserArgs.builder()\n .name(\"username\")\n .instance(sourceCsql.name())\n .password(\"password\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(sourceSqlClientCert)\n .build());\n\n var sourceCp = new ConnectionProfile(\"sourceCp\", ConnectionProfileArgs.builder()\n .location(\"us-central1\")\n .connectionProfileId(\"source-cp\")\n .displayName(\"source-cp_display\")\n .labels(Map.of(\"foo\", \"bar\"))\n .mysql(ConnectionProfileMysqlArgs.builder()\n .host(sourceCsql.ipAddresses().applyValue(ipAddresses -\u003e ipAddresses[0].ipAddress()))\n .port(3306)\n .username(sourceSqldbUser.name())\n .password(sourceSqldbUser.password())\n .ssl(ConnectionProfileMysqlSslArgs.builder()\n .clientKey(sourceSqlClientCert.privateKey())\n .clientCertificate(sourceSqlClientCert.cert())\n .caCertificate(sourceSqlClientCert.serverCaCert())\n .build())\n .cloudSqlId(\"source-csql\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(sourceSqldbUser)\n .build());\n\n var destinationCsql = new DatabaseInstance(\"destinationCsql\", DatabaseInstanceArgs.builder()\n .name(\"destination-csql\")\n .databaseVersion(\"MYSQL_5_7\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-n1-standard-1\")\n .deletionProtectionEnabled(false)\n .build())\n .deletionProtection(false)\n .build());\n\n var destinationCp = new ConnectionProfile(\"destinationCp\", ConnectionProfileArgs.builder()\n .location(\"us-central1\")\n .connectionProfileId(\"destination-cp\")\n .displayName(\"destination-cp_display\")\n .labels(Map.of(\"foo\", \"bar\"))\n .mysql(ConnectionProfileMysqlArgs.builder()\n .cloudSqlId(\"destination-csql\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(destinationCsql)\n .build());\n\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"destination-csql\")\n .build());\n\n var mysqltomysql = new MigrationJob(\"mysqltomysql\", MigrationJobArgs.builder()\n .location(\"us-central1\")\n .migrationJobId(\"my-migrationid\")\n .displayName(\"my-migrationid_display\")\n .labels(Map.of(\"foo\", \"bar\"))\n .performanceConfig(MigrationJobPerformanceConfigArgs.builder()\n .dumpParallelLevel(\"MAX\")\n .build())\n .vpcPeeringConnectivity(MigrationJobVpcPeeringConnectivityArgs.builder()\n .vpc(default_.id())\n .build())\n .dumpType(\"LOGICAL\")\n .dumpFlags(MigrationJobDumpFlagsArgs.builder()\n .dumpFlags(MigrationJobDumpFlagsDumpFlagArgs.builder()\n .name(\"max-allowed-packet\")\n .value(\"1073741824\")\n .build())\n .build())\n .source(sourceCp.name())\n .destination(destinationCp.name())\n .type(\"CONTINUOUS\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sourceCsql:\n type: gcp:sql:DatabaseInstance\n name: source_csql\n properties:\n name: source-csql\n databaseVersion: MYSQL_5_7\n settings:\n tier: db-n1-standard-1\n deletionProtectionEnabled: false\n deletionProtection: false\n sourceSqlClientCert:\n type: gcp:sql:SslCert\n name: source_sql_client_cert\n properties:\n commonName: cert\n instance: ${sourceCsql.name}\n options:\n dependsOn:\n - ${sourceCsql}\n sourceSqldbUser:\n type: gcp:sql:User\n name: source_sqldb_user\n properties:\n name: username\n instance: ${sourceCsql.name}\n password: password\n options:\n dependsOn:\n - ${sourceSqlClientCert}\n sourceCp:\n type: gcp:databasemigrationservice:ConnectionProfile\n name: source_cp\n properties:\n location: us-central1\n connectionProfileId: source-cp\n displayName: source-cp_display\n labels:\n foo: bar\n mysql:\n host: ${sourceCsql.ipAddresses[0].ipAddress}\n port: 3306\n username: ${sourceSqldbUser.name}\n password: ${sourceSqldbUser.password}\n ssl:\n clientKey: ${sourceSqlClientCert.privateKey}\n clientCertificate: ${sourceSqlClientCert.cert}\n caCertificate: ${sourceSqlClientCert.serverCaCert}\n cloudSqlId: source-csql\n options:\n dependsOn:\n - ${sourceSqldbUser}\n destinationCsql:\n type: gcp:sql:DatabaseInstance\n name: destination_csql\n properties:\n name: destination-csql\n databaseVersion: MYSQL_5_7\n settings:\n tier: db-n1-standard-1\n deletionProtectionEnabled: false\n deletionProtection: false\n destinationCp:\n type: gcp:databasemigrationservice:ConnectionProfile\n name: destination_cp\n properties:\n location: us-central1\n connectionProfileId: destination-cp\n displayName: destination-cp_display\n labels:\n foo: bar\n mysql:\n cloudSqlId: destination-csql\n options:\n dependsOn:\n - ${destinationCsql}\n default:\n type: gcp:compute:Network\n properties:\n name: destination-csql\n mysqltomysql:\n type: gcp:databasemigrationservice:MigrationJob\n properties:\n location: us-central1\n migrationJobId: my-migrationid\n displayName: my-migrationid_display\n labels:\n foo: bar\n performanceConfig:\n dumpParallelLevel: MAX\n vpcPeeringConnectivity:\n vpc: ${default.id}\n dumpType: LOGICAL\n dumpFlags:\n dumpFlags:\n - name: max-allowed-packet\n value: '1073741824'\n source: ${sourceCp.name}\n destination: ${destinationCp.name}\n type: CONTINUOUS\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Database Migration Service Migration Job Postgres To Postgres\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst sourceCsql = new gcp.sql.DatabaseInstance(\"source_csql\", {\n name: \"source-csql\",\n databaseVersion: \"POSTGRES_15\",\n settings: {\n tier: \"db-custom-2-13312\",\n deletionProtectionEnabled: false,\n },\n deletionProtection: false,\n});\nconst sourceSqlClientCert = new gcp.sql.SslCert(\"source_sql_client_cert\", {\n commonName: \"cert\",\n instance: sourceCsql.name,\n}, {\n dependsOn: [sourceCsql],\n});\nconst sourceSqldbUser = new gcp.sql.User(\"source_sqldb_user\", {\n name: \"username\",\n instance: sourceCsql.name,\n password: \"password\",\n}, {\n dependsOn: [sourceSqlClientCert],\n});\nconst sourceCp = new gcp.databasemigrationservice.ConnectionProfile(\"source_cp\", {\n location: \"us-central1\",\n connectionProfileId: \"source-cp\",\n displayName: \"source-cp_display\",\n labels: {\n foo: \"bar\",\n },\n postgresql: {\n host: sourceCsql.ipAddresses.apply(ipAddresses =\u003e ipAddresses[0].ipAddress),\n port: 3306,\n username: sourceSqldbUser.name,\n password: sourceSqldbUser.password,\n ssl: {\n clientKey: sourceSqlClientCert.privateKey,\n clientCertificate: sourceSqlClientCert.cert,\n caCertificate: sourceSqlClientCert.serverCaCert,\n },\n cloudSqlId: \"source-csql\",\n },\n}, {\n dependsOn: [sourceSqldbUser],\n});\nconst destinationCsql = new gcp.sql.DatabaseInstance(\"destination_csql\", {\n name: \"destination-csql\",\n databaseVersion: \"POSTGRES_15\",\n settings: {\n tier: \"db-custom-2-13312\",\n deletionProtectionEnabled: false,\n },\n deletionProtection: false,\n});\nconst destinationCp = new gcp.databasemigrationservice.ConnectionProfile(\"destination_cp\", {\n location: \"us-central1\",\n connectionProfileId: \"destination-cp\",\n displayName: \"destination-cp_display\",\n labels: {\n foo: \"bar\",\n },\n postgresql: {\n cloudSqlId: \"destination-csql\",\n },\n}, {\n dependsOn: [destinationCsql],\n});\nconst psqltopsql = new gcp.databasemigrationservice.MigrationJob(\"psqltopsql\", {\n location: \"us-central1\",\n migrationJobId: \"my-migrationid\",\n displayName: \"my-migrationid_display\",\n labels: {\n foo: \"bar\",\n },\n staticIpConnectivity: {},\n source: sourceCp.name,\n destination: destinationCp.name,\n type: \"CONTINUOUS\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nsource_csql = gcp.sql.DatabaseInstance(\"source_csql\",\n name=\"source-csql\",\n database_version=\"POSTGRES_15\",\n settings={\n \"tier\": \"db-custom-2-13312\",\n \"deletion_protection_enabled\": False,\n },\n deletion_protection=False)\nsource_sql_client_cert = gcp.sql.SslCert(\"source_sql_client_cert\",\n common_name=\"cert\",\n instance=source_csql.name,\n opts = pulumi.ResourceOptions(depends_on=[source_csql]))\nsource_sqldb_user = gcp.sql.User(\"source_sqldb_user\",\n name=\"username\",\n instance=source_csql.name,\n password=\"password\",\n opts = pulumi.ResourceOptions(depends_on=[source_sql_client_cert]))\nsource_cp = gcp.databasemigrationservice.ConnectionProfile(\"source_cp\",\n location=\"us-central1\",\n connection_profile_id=\"source-cp\",\n display_name=\"source-cp_display\",\n labels={\n \"foo\": \"bar\",\n },\n postgresql={\n \"host\": source_csql.ip_addresses[0].ip_address,\n \"port\": 3306,\n \"username\": source_sqldb_user.name,\n \"password\": source_sqldb_user.password,\n \"ssl\": {\n \"client_key\": source_sql_client_cert.private_key,\n \"client_certificate\": source_sql_client_cert.cert,\n \"ca_certificate\": source_sql_client_cert.server_ca_cert,\n },\n \"cloud_sql_id\": \"source-csql\",\n },\n opts = pulumi.ResourceOptions(depends_on=[source_sqldb_user]))\ndestination_csql = gcp.sql.DatabaseInstance(\"destination_csql\",\n name=\"destination-csql\",\n database_version=\"POSTGRES_15\",\n settings={\n \"tier\": \"db-custom-2-13312\",\n \"deletion_protection_enabled\": False,\n },\n deletion_protection=False)\ndestination_cp = gcp.databasemigrationservice.ConnectionProfile(\"destination_cp\",\n location=\"us-central1\",\n connection_profile_id=\"destination-cp\",\n display_name=\"destination-cp_display\",\n labels={\n \"foo\": \"bar\",\n },\n postgresql={\n \"cloud_sql_id\": \"destination-csql\",\n },\n opts = pulumi.ResourceOptions(depends_on=[destination_csql]))\npsqltopsql = gcp.databasemigrationservice.MigrationJob(\"psqltopsql\",\n location=\"us-central1\",\n migration_job_id=\"my-migrationid\",\n display_name=\"my-migrationid_display\",\n labels={\n \"foo\": \"bar\",\n },\n static_ip_connectivity={},\n source=source_cp.name,\n destination=destination_cp.name,\n type=\"CONTINUOUS\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var sourceCsql = new Gcp.Sql.DatabaseInstance(\"source_csql\", new()\n {\n Name = \"source-csql\",\n DatabaseVersion = \"POSTGRES_15\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-custom-2-13312\",\n DeletionProtectionEnabled = false,\n },\n DeletionProtection = false,\n });\n\n var sourceSqlClientCert = new Gcp.Sql.SslCert(\"source_sql_client_cert\", new()\n {\n CommonName = \"cert\",\n Instance = sourceCsql.Name,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n sourceCsql,\n },\n });\n\n var sourceSqldbUser = new Gcp.Sql.User(\"source_sqldb_user\", new()\n {\n Name = \"username\",\n Instance = sourceCsql.Name,\n Password = \"password\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n sourceSqlClientCert,\n },\n });\n\n var sourceCp = new Gcp.DatabaseMigrationService.ConnectionProfile(\"source_cp\", new()\n {\n Location = \"us-central1\",\n ConnectionProfileId = \"source-cp\",\n DisplayName = \"source-cp_display\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Postgresql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfilePostgresqlArgs\n {\n Host = sourceCsql.IpAddresses.Apply(ipAddresses =\u003e ipAddresses[0].IpAddress),\n Port = 3306,\n Username = sourceSqldbUser.Name,\n Password = sourceSqldbUser.Password,\n Ssl = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfilePostgresqlSslArgs\n {\n ClientKey = sourceSqlClientCert.PrivateKey,\n ClientCertificate = sourceSqlClientCert.Cert,\n CaCertificate = sourceSqlClientCert.ServerCaCert,\n },\n CloudSqlId = \"source-csql\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n sourceSqldbUser,\n },\n });\n\n var destinationCsql = new Gcp.Sql.DatabaseInstance(\"destination_csql\", new()\n {\n Name = \"destination-csql\",\n DatabaseVersion = \"POSTGRES_15\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-custom-2-13312\",\n DeletionProtectionEnabled = false,\n },\n DeletionProtection = false,\n });\n\n var destinationCp = new Gcp.DatabaseMigrationService.ConnectionProfile(\"destination_cp\", new()\n {\n Location = \"us-central1\",\n ConnectionProfileId = \"destination-cp\",\n DisplayName = \"destination-cp_display\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Postgresql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfilePostgresqlArgs\n {\n CloudSqlId = \"destination-csql\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n destinationCsql,\n },\n });\n\n var psqltopsql = new Gcp.DatabaseMigrationService.MigrationJob(\"psqltopsql\", new()\n {\n Location = \"us-central1\",\n MigrationJobId = \"my-migrationid\",\n DisplayName = \"my-migrationid_display\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n StaticIpConnectivity = null,\n Source = sourceCp.Name,\n Destination = destinationCp.Name,\n Type = \"CONTINUOUS\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/databasemigrationservice\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceCsql, err := sql.NewDatabaseInstance(ctx, \"source_csql\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"source-csql\"),\n\t\t\tDatabaseVersion: pulumi.String(\"POSTGRES_15\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-custom-2-13312\"),\n\t\t\t\tDeletionProtectionEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceSqlClientCert, err := sql.NewSslCert(ctx, \"source_sql_client_cert\", \u0026sql.SslCertArgs{\n\t\t\tCommonName: pulumi.String(\"cert\"),\n\t\t\tInstance: sourceCsql.Name,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsourceCsql,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceSqldbUser, err := sql.NewUser(ctx, \"source_sqldb_user\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"username\"),\n\t\t\tInstance: sourceCsql.Name,\n\t\t\tPassword: pulumi.String(\"password\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsourceSqlClientCert,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceCp, err := databasemigrationservice.NewConnectionProfile(ctx, \"source_cp\", \u0026databasemigrationservice.ConnectionProfileArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"source-cp\"),\n\t\t\tDisplayName: pulumi.String(\"source-cp_display\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tPostgresql: \u0026databasemigrationservice.ConnectionProfilePostgresqlArgs{\n\t\t\t\tHost: sourceCsql.IpAddresses.ApplyT(func(ipAddresses []sql.DatabaseInstanceIpAddress) (*string, error) {\n\t\t\t\t\treturn \u0026ipAddresses[0].IpAddress, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\tPort: pulumi.Int(3306),\n\t\t\t\tUsername: sourceSqldbUser.Name,\n\t\t\t\tPassword: sourceSqldbUser.Password,\n\t\t\t\tSsl: \u0026databasemigrationservice.ConnectionProfilePostgresqlSslArgs{\n\t\t\t\t\tClientKey: sourceSqlClientCert.PrivateKey,\n\t\t\t\t\tClientCertificate: sourceSqlClientCert.Cert,\n\t\t\t\t\tCaCertificate: sourceSqlClientCert.ServerCaCert,\n\t\t\t\t},\n\t\t\t\tCloudSqlId: pulumi.String(\"source-csql\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsourceSqldbUser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestinationCsql, err := sql.NewDatabaseInstance(ctx, \"destination_csql\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"destination-csql\"),\n\t\t\tDatabaseVersion: pulumi.String(\"POSTGRES_15\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-custom-2-13312\"),\n\t\t\t\tDeletionProtectionEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestinationCp, err := databasemigrationservice.NewConnectionProfile(ctx, \"destination_cp\", \u0026databasemigrationservice.ConnectionProfileArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"destination-cp\"),\n\t\t\tDisplayName: pulumi.String(\"destination-cp_display\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tPostgresql: \u0026databasemigrationservice.ConnectionProfilePostgresqlArgs{\n\t\t\t\tCloudSqlId: pulumi.String(\"destination-csql\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdestinationCsql,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = databasemigrationservice.NewMigrationJob(ctx, \"psqltopsql\", \u0026databasemigrationservice.MigrationJobArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tMigrationJobId: pulumi.String(\"my-migrationid\"),\n\t\t\tDisplayName: pulumi.String(\"my-migrationid_display\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tStaticIpConnectivity: \u0026databasemigrationservice.MigrationJobStaticIpConnectivityArgs{},\n\t\t\tSource: sourceCp.Name,\n\t\t\tDestination: destinationCp.Name,\n\t\t\tType: pulumi.String(\"CONTINUOUS\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.SslCert;\nimport com.pulumi.gcp.sql.SslCertArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfile;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfileArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfilePostgresqlArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfilePostgresqlSslArgs;\nimport com.pulumi.gcp.databasemigrationservice.MigrationJob;\nimport com.pulumi.gcp.databasemigrationservice.MigrationJobArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.MigrationJobStaticIpConnectivityArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var sourceCsql = new DatabaseInstance(\"sourceCsql\", DatabaseInstanceArgs.builder()\n .name(\"source-csql\")\n .databaseVersion(\"POSTGRES_15\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-custom-2-13312\")\n .deletionProtectionEnabled(false)\n .build())\n .deletionProtection(false)\n .build());\n\n var sourceSqlClientCert = new SslCert(\"sourceSqlClientCert\", SslCertArgs.builder()\n .commonName(\"cert\")\n .instance(sourceCsql.name())\n .build(), CustomResourceOptions.builder()\n .dependsOn(sourceCsql)\n .build());\n\n var sourceSqldbUser = new User(\"sourceSqldbUser\", UserArgs.builder()\n .name(\"username\")\n .instance(sourceCsql.name())\n .password(\"password\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(sourceSqlClientCert)\n .build());\n\n var sourceCp = new ConnectionProfile(\"sourceCp\", ConnectionProfileArgs.builder()\n .location(\"us-central1\")\n .connectionProfileId(\"source-cp\")\n .displayName(\"source-cp_display\")\n .labels(Map.of(\"foo\", \"bar\"))\n .postgresql(ConnectionProfilePostgresqlArgs.builder()\n .host(sourceCsql.ipAddresses().applyValue(ipAddresses -\u003e ipAddresses[0].ipAddress()))\n .port(3306)\n .username(sourceSqldbUser.name())\n .password(sourceSqldbUser.password())\n .ssl(ConnectionProfilePostgresqlSslArgs.builder()\n .clientKey(sourceSqlClientCert.privateKey())\n .clientCertificate(sourceSqlClientCert.cert())\n .caCertificate(sourceSqlClientCert.serverCaCert())\n .build())\n .cloudSqlId(\"source-csql\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(sourceSqldbUser)\n .build());\n\n var destinationCsql = new DatabaseInstance(\"destinationCsql\", DatabaseInstanceArgs.builder()\n .name(\"destination-csql\")\n .databaseVersion(\"POSTGRES_15\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-custom-2-13312\")\n .deletionProtectionEnabled(false)\n .build())\n .deletionProtection(false)\n .build());\n\n var destinationCp = new ConnectionProfile(\"destinationCp\", ConnectionProfileArgs.builder()\n .location(\"us-central1\")\n .connectionProfileId(\"destination-cp\")\n .displayName(\"destination-cp_display\")\n .labels(Map.of(\"foo\", \"bar\"))\n .postgresql(ConnectionProfilePostgresqlArgs.builder()\n .cloudSqlId(\"destination-csql\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(destinationCsql)\n .build());\n\n var psqltopsql = new MigrationJob(\"psqltopsql\", MigrationJobArgs.builder()\n .location(\"us-central1\")\n .migrationJobId(\"my-migrationid\")\n .displayName(\"my-migrationid_display\")\n .labels(Map.of(\"foo\", \"bar\"))\n .staticIpConnectivity()\n .source(sourceCp.name())\n .destination(destinationCp.name())\n .type(\"CONTINUOUS\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sourceCsql:\n type: gcp:sql:DatabaseInstance\n name: source_csql\n properties:\n name: source-csql\n databaseVersion: POSTGRES_15\n settings:\n tier: db-custom-2-13312\n deletionProtectionEnabled: false\n deletionProtection: false\n sourceSqlClientCert:\n type: gcp:sql:SslCert\n name: source_sql_client_cert\n properties:\n commonName: cert\n instance: ${sourceCsql.name}\n options:\n dependsOn:\n - ${sourceCsql}\n sourceSqldbUser:\n type: gcp:sql:User\n name: source_sqldb_user\n properties:\n name: username\n instance: ${sourceCsql.name}\n password: password\n options:\n dependsOn:\n - ${sourceSqlClientCert}\n sourceCp:\n type: gcp:databasemigrationservice:ConnectionProfile\n name: source_cp\n properties:\n location: us-central1\n connectionProfileId: source-cp\n displayName: source-cp_display\n labels:\n foo: bar\n postgresql:\n host: ${sourceCsql.ipAddresses[0].ipAddress}\n port: 3306\n username: ${sourceSqldbUser.name}\n password: ${sourceSqldbUser.password}\n ssl:\n clientKey: ${sourceSqlClientCert.privateKey}\n clientCertificate: ${sourceSqlClientCert.cert}\n caCertificate: ${sourceSqlClientCert.serverCaCert}\n cloudSqlId: source-csql\n options:\n dependsOn:\n - ${sourceSqldbUser}\n destinationCsql:\n type: gcp:sql:DatabaseInstance\n name: destination_csql\n properties:\n name: destination-csql\n databaseVersion: POSTGRES_15\n settings:\n tier: db-custom-2-13312\n deletionProtectionEnabled: false\n deletionProtection: false\n destinationCp:\n type: gcp:databasemigrationservice:ConnectionProfile\n name: destination_cp\n properties:\n location: us-central1\n connectionProfileId: destination-cp\n displayName: destination-cp_display\n labels:\n foo: bar\n postgresql:\n cloudSqlId: destination-csql\n options:\n dependsOn:\n - ${destinationCsql}\n psqltopsql:\n type: gcp:databasemigrationservice:MigrationJob\n properties:\n location: us-central1\n migrationJobId: my-migrationid\n displayName: my-migrationid_display\n labels:\n foo: bar\n staticIpConnectivity: {}\n source: ${sourceCp.name}\n destination: ${destinationCp.name}\n type: CONTINUOUS\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Database Migration Service Migration Job Postgres To Alloydb\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst sourceCsql = new gcp.sql.DatabaseInstance(\"source_csql\", {\n name: \"source-csql\",\n databaseVersion: \"POSTGRES_15\",\n settings: {\n tier: \"db-custom-2-13312\",\n deletionProtectionEnabled: false,\n },\n deletionProtection: false,\n});\nconst sourceSqlClientCert = new gcp.sql.SslCert(\"source_sql_client_cert\", {\n commonName: \"cert\",\n instance: sourceCsql.name,\n}, {\n dependsOn: [sourceCsql],\n});\nconst sourceSqldbUser = new gcp.sql.User(\"source_sqldb_user\", {\n name: \"username\",\n instance: sourceCsql.name,\n password: \"password\",\n}, {\n dependsOn: [sourceSqlClientCert],\n});\nconst sourceCp = new gcp.databasemigrationservice.ConnectionProfile(\"source_cp\", {\n location: \"us-central1\",\n connectionProfileId: \"source-cp\",\n displayName: \"source-cp_display\",\n labels: {\n foo: \"bar\",\n },\n postgresql: {\n host: sourceCsql.ipAddresses.apply(ipAddresses =\u003e ipAddresses[0].ipAddress),\n port: 3306,\n username: sourceSqldbUser.name,\n password: sourceSqldbUser.password,\n ssl: {\n clientKey: sourceSqlClientCert.privateKey,\n clientCertificate: sourceSqlClientCert.cert,\n caCertificate: sourceSqlClientCert.serverCaCert,\n },\n cloudSqlId: \"source-csql\",\n },\n}, {\n dependsOn: [sourceSqldbUser],\n});\nconst _default = new gcp.compute.Network(\"default\", {name: \"destination-alloydb\"});\nconst destinationAlloydb = new gcp.alloydb.Cluster(\"destination_alloydb\", {\n clusterId: \"destination-alloydb\",\n location: \"us-central1\",\n networkConfig: {\n network: _default.id,\n },\n databaseVersion: \"POSTGRES_15\",\n initialUser: {\n user: \"destination-alloydb\",\n password: \"destination-alloydb\",\n },\n});\nconst privateIpAlloc = new gcp.compute.GlobalAddress(\"private_ip_alloc\", {\n name: \"destination-alloydb\",\n addressType: \"INTERNAL\",\n purpose: \"VPC_PEERING\",\n prefixLength: 16,\n network: _default.id,\n});\nconst vpcConnection = new gcp.servicenetworking.Connection(\"vpc_connection\", {\n network: _default.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [privateIpAlloc.name],\n});\nconst destinationAlloydbPrimary = new gcp.alloydb.Instance(\"destination_alloydb_primary\", {\n cluster: destinationAlloydb.name,\n instanceId: \"destination-alloydb-primary\",\n instanceType: \"PRIMARY\",\n}, {\n dependsOn: [vpcConnection],\n});\nconst destinationCp = new gcp.databasemigrationservice.ConnectionProfile(\"destination_cp\", {\n location: \"us-central1\",\n connectionProfileId: \"destination-cp\",\n displayName: \"destination-cp_display\",\n labels: {\n foo: \"bar\",\n },\n postgresql: {\n alloydbClusterId: \"destination-alloydb\",\n },\n}, {\n dependsOn: [\n destinationAlloydb,\n destinationAlloydbPrimary,\n ],\n});\nconst psqltoalloydb = new gcp.databasemigrationservice.MigrationJob(\"psqltoalloydb\", {\n location: \"us-central1\",\n migrationJobId: \"my-migrationid\",\n displayName: \"my-migrationid_display\",\n labels: {\n foo: \"bar\",\n },\n staticIpConnectivity: {},\n source: sourceCp.name,\n destination: destinationCp.name,\n type: \"CONTINUOUS\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nsource_csql = gcp.sql.DatabaseInstance(\"source_csql\",\n name=\"source-csql\",\n database_version=\"POSTGRES_15\",\n settings={\n \"tier\": \"db-custom-2-13312\",\n \"deletion_protection_enabled\": False,\n },\n deletion_protection=False)\nsource_sql_client_cert = gcp.sql.SslCert(\"source_sql_client_cert\",\n common_name=\"cert\",\n instance=source_csql.name,\n opts = pulumi.ResourceOptions(depends_on=[source_csql]))\nsource_sqldb_user = gcp.sql.User(\"source_sqldb_user\",\n name=\"username\",\n instance=source_csql.name,\n password=\"password\",\n opts = pulumi.ResourceOptions(depends_on=[source_sql_client_cert]))\nsource_cp = gcp.databasemigrationservice.ConnectionProfile(\"source_cp\",\n location=\"us-central1\",\n connection_profile_id=\"source-cp\",\n display_name=\"source-cp_display\",\n labels={\n \"foo\": \"bar\",\n },\n postgresql={\n \"host\": source_csql.ip_addresses[0].ip_address,\n \"port\": 3306,\n \"username\": source_sqldb_user.name,\n \"password\": source_sqldb_user.password,\n \"ssl\": {\n \"client_key\": source_sql_client_cert.private_key,\n \"client_certificate\": source_sql_client_cert.cert,\n \"ca_certificate\": source_sql_client_cert.server_ca_cert,\n },\n \"cloud_sql_id\": \"source-csql\",\n },\n opts = pulumi.ResourceOptions(depends_on=[source_sqldb_user]))\ndefault = gcp.compute.Network(\"default\", name=\"destination-alloydb\")\ndestination_alloydb = gcp.alloydb.Cluster(\"destination_alloydb\",\n cluster_id=\"destination-alloydb\",\n location=\"us-central1\",\n network_config={\n \"network\": default.id,\n },\n database_version=\"POSTGRES_15\",\n initial_user={\n \"user\": \"destination-alloydb\",\n \"password\": \"destination-alloydb\",\n })\nprivate_ip_alloc = gcp.compute.GlobalAddress(\"private_ip_alloc\",\n name=\"destination-alloydb\",\n address_type=\"INTERNAL\",\n purpose=\"VPC_PEERING\",\n prefix_length=16,\n network=default.id)\nvpc_connection = gcp.servicenetworking.Connection(\"vpc_connection\",\n network=default.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[private_ip_alloc.name])\ndestination_alloydb_primary = gcp.alloydb.Instance(\"destination_alloydb_primary\",\n cluster=destination_alloydb.name,\n instance_id=\"destination-alloydb-primary\",\n instance_type=\"PRIMARY\",\n opts = pulumi.ResourceOptions(depends_on=[vpc_connection]))\ndestination_cp = gcp.databasemigrationservice.ConnectionProfile(\"destination_cp\",\n location=\"us-central1\",\n connection_profile_id=\"destination-cp\",\n display_name=\"destination-cp_display\",\n labels={\n \"foo\": \"bar\",\n },\n postgresql={\n \"alloydb_cluster_id\": \"destination-alloydb\",\n },\n opts = pulumi.ResourceOptions(depends_on=[\n destination_alloydb,\n destination_alloydb_primary,\n ]))\npsqltoalloydb = gcp.databasemigrationservice.MigrationJob(\"psqltoalloydb\",\n location=\"us-central1\",\n migration_job_id=\"my-migrationid\",\n display_name=\"my-migrationid_display\",\n labels={\n \"foo\": \"bar\",\n },\n static_ip_connectivity={},\n source=source_cp.name,\n destination=destination_cp.name,\n type=\"CONTINUOUS\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var sourceCsql = new Gcp.Sql.DatabaseInstance(\"source_csql\", new()\n {\n Name = \"source-csql\",\n DatabaseVersion = \"POSTGRES_15\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-custom-2-13312\",\n DeletionProtectionEnabled = false,\n },\n DeletionProtection = false,\n });\n\n var sourceSqlClientCert = new Gcp.Sql.SslCert(\"source_sql_client_cert\", new()\n {\n CommonName = \"cert\",\n Instance = sourceCsql.Name,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n sourceCsql,\n },\n });\n\n var sourceSqldbUser = new Gcp.Sql.User(\"source_sqldb_user\", new()\n {\n Name = \"username\",\n Instance = sourceCsql.Name,\n Password = \"password\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n sourceSqlClientCert,\n },\n });\n\n var sourceCp = new Gcp.DatabaseMigrationService.ConnectionProfile(\"source_cp\", new()\n {\n Location = \"us-central1\",\n ConnectionProfileId = \"source-cp\",\n DisplayName = \"source-cp_display\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Postgresql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfilePostgresqlArgs\n {\n Host = sourceCsql.IpAddresses.Apply(ipAddresses =\u003e ipAddresses[0].IpAddress),\n Port = 3306,\n Username = sourceSqldbUser.Name,\n Password = sourceSqldbUser.Password,\n Ssl = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfilePostgresqlSslArgs\n {\n ClientKey = sourceSqlClientCert.PrivateKey,\n ClientCertificate = sourceSqlClientCert.Cert,\n CaCertificate = sourceSqlClientCert.ServerCaCert,\n },\n CloudSqlId = \"source-csql\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n sourceSqldbUser,\n },\n });\n\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"destination-alloydb\",\n });\n\n var destinationAlloydb = new Gcp.Alloydb.Cluster(\"destination_alloydb\", new()\n {\n ClusterId = \"destination-alloydb\",\n Location = \"us-central1\",\n NetworkConfig = new Gcp.Alloydb.Inputs.ClusterNetworkConfigArgs\n {\n Network = @default.Id,\n },\n DatabaseVersion = \"POSTGRES_15\",\n InitialUser = new Gcp.Alloydb.Inputs.ClusterInitialUserArgs\n {\n User = \"destination-alloydb\",\n Password = \"destination-alloydb\",\n },\n });\n\n var privateIpAlloc = new Gcp.Compute.GlobalAddress(\"private_ip_alloc\", new()\n {\n Name = \"destination-alloydb\",\n AddressType = \"INTERNAL\",\n Purpose = \"VPC_PEERING\",\n PrefixLength = 16,\n Network = @default.Id,\n });\n\n var vpcConnection = new Gcp.ServiceNetworking.Connection(\"vpc_connection\", new()\n {\n Network = @default.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n privateIpAlloc.Name,\n },\n });\n\n var destinationAlloydbPrimary = new Gcp.Alloydb.Instance(\"destination_alloydb_primary\", new()\n {\n Cluster = destinationAlloydb.Name,\n InstanceId = \"destination-alloydb-primary\",\n InstanceType = \"PRIMARY\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n vpcConnection,\n },\n });\n\n var destinationCp = new Gcp.DatabaseMigrationService.ConnectionProfile(\"destination_cp\", new()\n {\n Location = \"us-central1\",\n ConnectionProfileId = \"destination-cp\",\n DisplayName = \"destination-cp_display\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Postgresql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfilePostgresqlArgs\n {\n AlloydbClusterId = \"destination-alloydb\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n destinationAlloydb,\n destinationAlloydbPrimary,\n },\n });\n\n var psqltoalloydb = new Gcp.DatabaseMigrationService.MigrationJob(\"psqltoalloydb\", new()\n {\n Location = \"us-central1\",\n MigrationJobId = \"my-migrationid\",\n DisplayName = \"my-migrationid_display\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n StaticIpConnectivity = null,\n Source = sourceCp.Name,\n Destination = destinationCp.Name,\n Type = \"CONTINUOUS\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/alloydb\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/databasemigrationservice\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceCsql, err := sql.NewDatabaseInstance(ctx, \"source_csql\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"source-csql\"),\n\t\t\tDatabaseVersion: pulumi.String(\"POSTGRES_15\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-custom-2-13312\"),\n\t\t\t\tDeletionProtectionEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceSqlClientCert, err := sql.NewSslCert(ctx, \"source_sql_client_cert\", \u0026sql.SslCertArgs{\n\t\t\tCommonName: pulumi.String(\"cert\"),\n\t\t\tInstance: sourceCsql.Name,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsourceCsql,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceSqldbUser, err := sql.NewUser(ctx, \"source_sqldb_user\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"username\"),\n\t\t\tInstance: sourceCsql.Name,\n\t\t\tPassword: pulumi.String(\"password\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsourceSqlClientCert,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceCp, err := databasemigrationservice.NewConnectionProfile(ctx, \"source_cp\", \u0026databasemigrationservice.ConnectionProfileArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"source-cp\"),\n\t\t\tDisplayName: pulumi.String(\"source-cp_display\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tPostgresql: \u0026databasemigrationservice.ConnectionProfilePostgresqlArgs{\n\t\t\t\tHost: sourceCsql.IpAddresses.ApplyT(func(ipAddresses []sql.DatabaseInstanceIpAddress) (*string, error) {\n\t\t\t\t\treturn \u0026ipAddresses[0].IpAddress, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\tPort: pulumi.Int(3306),\n\t\t\t\tUsername: sourceSqldbUser.Name,\n\t\t\t\tPassword: sourceSqldbUser.Password,\n\t\t\t\tSsl: \u0026databasemigrationservice.ConnectionProfilePostgresqlSslArgs{\n\t\t\t\t\tClientKey: sourceSqlClientCert.PrivateKey,\n\t\t\t\t\tClientCertificate: sourceSqlClientCert.Cert,\n\t\t\t\t\tCaCertificate: sourceSqlClientCert.ServerCaCert,\n\t\t\t\t},\n\t\t\t\tCloudSqlId: pulumi.String(\"source-csql\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsourceSqldbUser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"destination-alloydb\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestinationAlloydb, err := alloydb.NewCluster(ctx, \"destination_alloydb\", \u0026alloydb.ClusterArgs{\n\t\t\tClusterId: pulumi.String(\"destination-alloydb\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tNetworkConfig: \u0026alloydb.ClusterNetworkConfigArgs{\n\t\t\t\tNetwork: _default.ID(),\n\t\t\t},\n\t\t\tDatabaseVersion: pulumi.String(\"POSTGRES_15\"),\n\t\t\tInitialUser: \u0026alloydb.ClusterInitialUserArgs{\n\t\t\t\tUser: pulumi.String(\"destination-alloydb\"),\n\t\t\t\tPassword: pulumi.String(\"destination-alloydb\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateIpAlloc, err := compute.NewGlobalAddress(ctx, \"private_ip_alloc\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"destination-alloydb\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpcConnection, err := servicenetworking.NewConnection(ctx, \"vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: _default.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tprivateIpAlloc.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestinationAlloydbPrimary, err := alloydb.NewInstance(ctx, \"destination_alloydb_primary\", \u0026alloydb.InstanceArgs{\n\t\t\tCluster: destinationAlloydb.Name,\n\t\t\tInstanceId: pulumi.String(\"destination-alloydb-primary\"),\n\t\t\tInstanceType: pulumi.String(\"PRIMARY\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestinationCp, err := databasemigrationservice.NewConnectionProfile(ctx, \"destination_cp\", \u0026databasemigrationservice.ConnectionProfileArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"destination-cp\"),\n\t\t\tDisplayName: pulumi.String(\"destination-cp_display\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tPostgresql: \u0026databasemigrationservice.ConnectionProfilePostgresqlArgs{\n\t\t\t\tAlloydbClusterId: pulumi.String(\"destination-alloydb\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdestinationAlloydb,\n\t\t\tdestinationAlloydbPrimary,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = databasemigrationservice.NewMigrationJob(ctx, \"psqltoalloydb\", \u0026databasemigrationservice.MigrationJobArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tMigrationJobId: pulumi.String(\"my-migrationid\"),\n\t\t\tDisplayName: pulumi.String(\"my-migrationid_display\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tStaticIpConnectivity: \u0026databasemigrationservice.MigrationJobStaticIpConnectivityArgs{},\n\t\t\tSource: sourceCp.Name,\n\t\t\tDestination: destinationCp.Name,\n\t\t\tType: pulumi.String(\"CONTINUOUS\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.SslCert;\nimport com.pulumi.gcp.sql.SslCertArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfile;\nimport com.pulumi.gcp.databasemigrationservice.ConnectionProfileArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfilePostgresqlArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfilePostgresqlSslArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.alloydb.Cluster;\nimport com.pulumi.gcp.alloydb.ClusterArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterNetworkConfigArgs;\nimport com.pulumi.gcp.alloydb.inputs.ClusterInitialUserArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.alloydb.Instance;\nimport com.pulumi.gcp.alloydb.InstanceArgs;\nimport com.pulumi.gcp.databasemigrationservice.MigrationJob;\nimport com.pulumi.gcp.databasemigrationservice.MigrationJobArgs;\nimport com.pulumi.gcp.databasemigrationservice.inputs.MigrationJobStaticIpConnectivityArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var sourceCsql = new DatabaseInstance(\"sourceCsql\", DatabaseInstanceArgs.builder()\n .name(\"source-csql\")\n .databaseVersion(\"POSTGRES_15\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-custom-2-13312\")\n .deletionProtectionEnabled(false)\n .build())\n .deletionProtection(false)\n .build());\n\n var sourceSqlClientCert = new SslCert(\"sourceSqlClientCert\", SslCertArgs.builder()\n .commonName(\"cert\")\n .instance(sourceCsql.name())\n .build(), CustomResourceOptions.builder()\n .dependsOn(sourceCsql)\n .build());\n\n var sourceSqldbUser = new User(\"sourceSqldbUser\", UserArgs.builder()\n .name(\"username\")\n .instance(sourceCsql.name())\n .password(\"password\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(sourceSqlClientCert)\n .build());\n\n var sourceCp = new ConnectionProfile(\"sourceCp\", ConnectionProfileArgs.builder()\n .location(\"us-central1\")\n .connectionProfileId(\"source-cp\")\n .displayName(\"source-cp_display\")\n .labels(Map.of(\"foo\", \"bar\"))\n .postgresql(ConnectionProfilePostgresqlArgs.builder()\n .host(sourceCsql.ipAddresses().applyValue(ipAddresses -\u003e ipAddresses[0].ipAddress()))\n .port(3306)\n .username(sourceSqldbUser.name())\n .password(sourceSqldbUser.password())\n .ssl(ConnectionProfilePostgresqlSslArgs.builder()\n .clientKey(sourceSqlClientCert.privateKey())\n .clientCertificate(sourceSqlClientCert.cert())\n .caCertificate(sourceSqlClientCert.serverCaCert())\n .build())\n .cloudSqlId(\"source-csql\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(sourceSqldbUser)\n .build());\n\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"destination-alloydb\")\n .build());\n\n var destinationAlloydb = new Cluster(\"destinationAlloydb\", ClusterArgs.builder()\n .clusterId(\"destination-alloydb\")\n .location(\"us-central1\")\n .networkConfig(ClusterNetworkConfigArgs.builder()\n .network(default_.id())\n .build())\n .databaseVersion(\"POSTGRES_15\")\n .initialUser(ClusterInitialUserArgs.builder()\n .user(\"destination-alloydb\")\n .password(\"destination-alloydb\")\n .build())\n .build());\n\n var privateIpAlloc = new GlobalAddress(\"privateIpAlloc\", GlobalAddressArgs.builder()\n .name(\"destination-alloydb\")\n .addressType(\"INTERNAL\")\n .purpose(\"VPC_PEERING\")\n .prefixLength(16)\n .network(default_.id())\n .build());\n\n var vpcConnection = new Connection(\"vpcConnection\", ConnectionArgs.builder()\n .network(default_.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(privateIpAlloc.name())\n .build());\n\n var destinationAlloydbPrimary = new Instance(\"destinationAlloydbPrimary\", InstanceArgs.builder()\n .cluster(destinationAlloydb.name())\n .instanceId(\"destination-alloydb-primary\")\n .instanceType(\"PRIMARY\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(vpcConnection)\n .build());\n\n var destinationCp = new ConnectionProfile(\"destinationCp\", ConnectionProfileArgs.builder()\n .location(\"us-central1\")\n .connectionProfileId(\"destination-cp\")\n .displayName(\"destination-cp_display\")\n .labels(Map.of(\"foo\", \"bar\"))\n .postgresql(ConnectionProfilePostgresqlArgs.builder()\n .alloydbClusterId(\"destination-alloydb\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n destinationAlloydb,\n destinationAlloydbPrimary)\n .build());\n\n var psqltoalloydb = new MigrationJob(\"psqltoalloydb\", MigrationJobArgs.builder()\n .location(\"us-central1\")\n .migrationJobId(\"my-migrationid\")\n .displayName(\"my-migrationid_display\")\n .labels(Map.of(\"foo\", \"bar\"))\n .staticIpConnectivity()\n .source(sourceCp.name())\n .destination(destinationCp.name())\n .type(\"CONTINUOUS\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sourceCsql:\n type: gcp:sql:DatabaseInstance\n name: source_csql\n properties:\n name: source-csql\n databaseVersion: POSTGRES_15\n settings:\n tier: db-custom-2-13312\n deletionProtectionEnabled: false\n deletionProtection: false\n sourceSqlClientCert:\n type: gcp:sql:SslCert\n name: source_sql_client_cert\n properties:\n commonName: cert\n instance: ${sourceCsql.name}\n options:\n dependsOn:\n - ${sourceCsql}\n sourceSqldbUser:\n type: gcp:sql:User\n name: source_sqldb_user\n properties:\n name: username\n instance: ${sourceCsql.name}\n password: password\n options:\n dependsOn:\n - ${sourceSqlClientCert}\n sourceCp:\n type: gcp:databasemigrationservice:ConnectionProfile\n name: source_cp\n properties:\n location: us-central1\n connectionProfileId: source-cp\n displayName: source-cp_display\n labels:\n foo: bar\n postgresql:\n host: ${sourceCsql.ipAddresses[0].ipAddress}\n port: 3306\n username: ${sourceSqldbUser.name}\n password: ${sourceSqldbUser.password}\n ssl:\n clientKey: ${sourceSqlClientCert.privateKey}\n clientCertificate: ${sourceSqlClientCert.cert}\n caCertificate: ${sourceSqlClientCert.serverCaCert}\n cloudSqlId: source-csql\n options:\n dependsOn:\n - ${sourceSqldbUser}\n destinationAlloydb:\n type: gcp:alloydb:Cluster\n name: destination_alloydb\n properties:\n clusterId: destination-alloydb\n location: us-central1\n networkConfig:\n network: ${default.id}\n databaseVersion: POSTGRES_15\n initialUser:\n user: destination-alloydb\n password: destination-alloydb\n destinationAlloydbPrimary:\n type: gcp:alloydb:Instance\n name: destination_alloydb_primary\n properties:\n cluster: ${destinationAlloydb.name}\n instanceId: destination-alloydb-primary\n instanceType: PRIMARY\n options:\n dependsOn:\n - ${vpcConnection}\n privateIpAlloc:\n type: gcp:compute:GlobalAddress\n name: private_ip_alloc\n properties:\n name: destination-alloydb\n addressType: INTERNAL\n purpose: VPC_PEERING\n prefixLength: 16\n network: ${default.id}\n vpcConnection:\n type: gcp:servicenetworking:Connection\n name: vpc_connection\n properties:\n network: ${default.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${privateIpAlloc.name}\n default:\n type: gcp:compute:Network\n properties:\n name: destination-alloydb\n destinationCp:\n type: gcp:databasemigrationservice:ConnectionProfile\n name: destination_cp\n properties:\n location: us-central1\n connectionProfileId: destination-cp\n displayName: destination-cp_display\n labels:\n foo: bar\n postgresql:\n alloydbClusterId: destination-alloydb\n options:\n dependsOn:\n - ${destinationAlloydb}\n - ${destinationAlloydbPrimary}\n psqltoalloydb:\n type: gcp:databasemigrationservice:MigrationJob\n properties:\n location: us-central1\n migrationJobId: my-migrationid\n displayName: my-migrationid_display\n labels:\n foo: bar\n staticIpConnectivity: {}\n source: ${sourceCp.name}\n destination: ${destinationCp.name}\n type: CONTINUOUS\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nMigrationJob can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/migrationJobs/{{migration_job_id}}`\n\n* `{{project}}/{{location}}/{{migration_job_id}}`\n\n* `{{location}}/{{migration_job_id}}`\n\nWhen using the `pulumi import` command, MigrationJob can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:databasemigrationservice/migrationJob:MigrationJob default projects/{{project}}/locations/{{location}}/migrationJobs/{{migration_job_id}}\n```\n\n```sh\n$ pulumi import gcp:databasemigrationservice/migrationJob:MigrationJob default {{project}}/{{location}}/{{migration_job_id}}\n```\n\n```sh\n$ pulumi import gcp:databasemigrationservice/migrationJob:MigrationJob default {{location}}/{{migration_job_id}}\n```\n\n", "properties": { "createTime": { "type": "string", @@ -190137,7 +190137,7 @@ } }, "gcp:datacatalog/entryGroupIamBinding:EntryGroupIamBinding": { - "description": "Three different resources help you manage your IAM policy for Data catalog EntryGroup. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Authoritative. Sets the IAM policy for the entrygroup and replaces any existing policy already attached.\n* `gcp.datacatalog.EntryGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrygroup are preserved.\n* `gcp.datacatalog.EntryGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrygroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Retrieves the IAM policy for the entrygroup\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.EntryGroupIamBinding` and `gcp.datacatalog.EntryGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.EntryGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.EntryGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.EntryGroupIamPolicy(\"policy\", {\n entryGroup: basicEntryGroup.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.EntryGroupIamPolicy(\"policy\",\n entry_group=basic_entry_group[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.EntryGroupIamPolicy(\"policy\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewEntryGroupIamPolicy(ctx, \"policy\", \u0026datacatalog.EntryGroupIamPolicyArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicy;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryGroupIamPolicy(\"policy\", EntryGroupIamPolicyArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:EntryGroupIamPolicy\n properties:\n entryGroup: ${basicEntryGroup.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.EntryGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.EntryGroupIamBinding(\"binding\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.EntryGroupIamBinding(\"binding\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.EntryGroupIamBinding(\"binding\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamBinding(ctx, \"binding\", \u0026datacatalog.EntryGroupIamBindingArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBinding;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryGroupIamBinding(\"binding\", EntryGroupIamBindingArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:EntryGroupIamBinding\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.EntryGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.EntryGroupIamMember(\"member\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.EntryGroupIamMember(\"member\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.EntryGroupIamMember(\"member\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamMember(ctx, \"member\", \u0026datacatalog.EntryGroupIamMemberArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMember;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryGroupIamMember(\"member\", EntryGroupIamMemberArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:EntryGroupIamMember\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Data catalog EntryGroup\nThree different resources help you manage your IAM policy for Data catalog EntryGroup. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Authoritative. Sets the IAM policy for the entrygroup and replaces any existing policy already attached.\n* `gcp.datacatalog.EntryGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrygroup are preserved.\n* `gcp.datacatalog.EntryGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrygroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Retrieves the IAM policy for the entrygroup\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.EntryGroupIamBinding` and `gcp.datacatalog.EntryGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.EntryGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.EntryGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.EntryGroupIamPolicy(\"policy\", {\n entryGroup: basicEntryGroup.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.EntryGroupIamPolicy(\"policy\",\n entry_group=basic_entry_group[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.EntryGroupIamPolicy(\"policy\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewEntryGroupIamPolicy(ctx, \"policy\", \u0026datacatalog.EntryGroupIamPolicyArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicy;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryGroupIamPolicy(\"policy\", EntryGroupIamPolicyArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:EntryGroupIamPolicy\n properties:\n entryGroup: ${basicEntryGroup.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.EntryGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.EntryGroupIamBinding(\"binding\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.EntryGroupIamBinding(\"binding\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.EntryGroupIamBinding(\"binding\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamBinding(ctx, \"binding\", \u0026datacatalog.EntryGroupIamBindingArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBinding;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryGroupIamBinding(\"binding\", EntryGroupIamBindingArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:EntryGroupIamBinding\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.EntryGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.EntryGroupIamMember(\"member\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.EntryGroupIamMember(\"member\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.EntryGroupIamMember(\"member\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamMember(ctx, \"member\", \u0026datacatalog.EntryGroupIamMemberArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMember;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryGroupIamMember(\"member\", EntryGroupIamMemberArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:EntryGroupIamMember\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}}\n\n* {{project}}/{{region}}/{{entry_group}}\n\n* {{region}}/{{entry_group}}\n\n* {{entry_group}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog entrygroup IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamBinding:EntryGroupIamBinding editor \"projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamBinding:EntryGroupIamBinding editor \"projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamBinding:EntryGroupIamBinding editor projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Data catalog EntryGroup. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Authoritative. Sets the IAM policy for the entrygroup and replaces any existing policy already attached.\n* `gcp.datacatalog.EntryGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrygroup are preserved.\n* `gcp.datacatalog.EntryGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrygroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Retrieves the IAM policy for the entrygroup\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.EntryGroupIamBinding` and `gcp.datacatalog.EntryGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.EntryGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.EntryGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.EntryGroupIamPolicy(\"policy\", {\n entryGroup: basicEntryGroup.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.EntryGroupIamPolicy(\"policy\",\n entry_group=basic_entry_group[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.EntryGroupIamPolicy(\"policy\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewEntryGroupIamPolicy(ctx, \"policy\", \u0026datacatalog.EntryGroupIamPolicyArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicy;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryGroupIamPolicy(\"policy\", EntryGroupIamPolicyArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:EntryGroupIamPolicy\n properties:\n entryGroup: ${basicEntryGroup.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.EntryGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.EntryGroupIamBinding(\"binding\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.EntryGroupIamBinding(\"binding\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.EntryGroupIamBinding(\"binding\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamBinding(ctx, \"binding\", \u0026datacatalog.EntryGroupIamBindingArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBinding;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryGroupIamBinding(\"binding\", EntryGroupIamBindingArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:EntryGroupIamBinding\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.EntryGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.EntryGroupIamMember(\"member\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.EntryGroupIamMember(\"member\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.EntryGroupIamMember(\"member\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamMember(ctx, \"member\", \u0026datacatalog.EntryGroupIamMemberArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMember;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryGroupIamMember(\"member\", EntryGroupIamMemberArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:EntryGroupIamMember\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Data catalog EntryGroup\nThree different resources help you manage your IAM policy for Data catalog EntryGroup. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Authoritative. Sets the IAM policy for the entrygroup and replaces any existing policy already attached.\n* `gcp.datacatalog.EntryGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrygroup are preserved.\n* `gcp.datacatalog.EntryGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrygroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Retrieves the IAM policy for the entrygroup\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.EntryGroupIamBinding` and `gcp.datacatalog.EntryGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.EntryGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.EntryGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.EntryGroupIamPolicy(\"policy\", {\n entryGroup: basicEntryGroup.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.EntryGroupIamPolicy(\"policy\",\n entry_group=basic_entry_group[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.EntryGroupIamPolicy(\"policy\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewEntryGroupIamPolicy(ctx, \"policy\", \u0026datacatalog.EntryGroupIamPolicyArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicy;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryGroupIamPolicy(\"policy\", EntryGroupIamPolicyArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:EntryGroupIamPolicy\n properties:\n entryGroup: ${basicEntryGroup.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.EntryGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.EntryGroupIamBinding(\"binding\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.EntryGroupIamBinding(\"binding\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.EntryGroupIamBinding(\"binding\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamBinding(ctx, \"binding\", \u0026datacatalog.EntryGroupIamBindingArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBinding;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryGroupIamBinding(\"binding\", EntryGroupIamBindingArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:EntryGroupIamBinding\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.EntryGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.EntryGroupIamMember(\"member\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.EntryGroupIamMember(\"member\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.EntryGroupIamMember(\"member\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamMember(ctx, \"member\", \u0026datacatalog.EntryGroupIamMemberArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMember;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryGroupIamMember(\"member\", EntryGroupIamMemberArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:EntryGroupIamMember\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}}\n\n* {{project}}/{{region}}/{{entry_group}}\n\n* {{region}}/{{entry_group}}\n\n* {{entry_group}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog entrygroup IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamBinding:EntryGroupIamBinding editor \"projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamBinding:EntryGroupIamBinding editor \"projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamBinding:EntryGroupIamBinding editor projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:datacatalog/EntryGroupIamBindingCondition:EntryGroupIamBindingCondition" @@ -190256,7 +190256,7 @@ } }, "gcp:datacatalog/entryGroupIamMember:EntryGroupIamMember": { - "description": "Three different resources help you manage your IAM policy for Data catalog EntryGroup. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Authoritative. Sets the IAM policy for the entrygroup and replaces any existing policy already attached.\n* `gcp.datacatalog.EntryGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrygroup are preserved.\n* `gcp.datacatalog.EntryGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrygroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Retrieves the IAM policy for the entrygroup\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.EntryGroupIamBinding` and `gcp.datacatalog.EntryGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.EntryGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.EntryGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.EntryGroupIamPolicy(\"policy\", {\n entryGroup: basicEntryGroup.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.EntryGroupIamPolicy(\"policy\",\n entry_group=basic_entry_group[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.EntryGroupIamPolicy(\"policy\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewEntryGroupIamPolicy(ctx, \"policy\", \u0026datacatalog.EntryGroupIamPolicyArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicy;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryGroupIamPolicy(\"policy\", EntryGroupIamPolicyArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:EntryGroupIamPolicy\n properties:\n entryGroup: ${basicEntryGroup.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.EntryGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.EntryGroupIamBinding(\"binding\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.EntryGroupIamBinding(\"binding\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.EntryGroupIamBinding(\"binding\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamBinding(ctx, \"binding\", \u0026datacatalog.EntryGroupIamBindingArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBinding;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryGroupIamBinding(\"binding\", EntryGroupIamBindingArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:EntryGroupIamBinding\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.EntryGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.EntryGroupIamMember(\"member\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.EntryGroupIamMember(\"member\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.EntryGroupIamMember(\"member\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamMember(ctx, \"member\", \u0026datacatalog.EntryGroupIamMemberArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMember;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryGroupIamMember(\"member\", EntryGroupIamMemberArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:EntryGroupIamMember\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Data catalog EntryGroup\nThree different resources help you manage your IAM policy for Data catalog EntryGroup. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Authoritative. Sets the IAM policy for the entrygroup and replaces any existing policy already attached.\n* `gcp.datacatalog.EntryGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrygroup are preserved.\n* `gcp.datacatalog.EntryGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrygroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Retrieves the IAM policy for the entrygroup\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.EntryGroupIamBinding` and `gcp.datacatalog.EntryGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.EntryGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.EntryGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.EntryGroupIamPolicy(\"policy\", {\n entryGroup: basicEntryGroup.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.EntryGroupIamPolicy(\"policy\",\n entry_group=basic_entry_group[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.EntryGroupIamPolicy(\"policy\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewEntryGroupIamPolicy(ctx, \"policy\", \u0026datacatalog.EntryGroupIamPolicyArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicy;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryGroupIamPolicy(\"policy\", EntryGroupIamPolicyArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:EntryGroupIamPolicy\n properties:\n entryGroup: ${basicEntryGroup.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.EntryGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.EntryGroupIamBinding(\"binding\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.EntryGroupIamBinding(\"binding\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.EntryGroupIamBinding(\"binding\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamBinding(ctx, \"binding\", \u0026datacatalog.EntryGroupIamBindingArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBinding;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryGroupIamBinding(\"binding\", EntryGroupIamBindingArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:EntryGroupIamBinding\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.EntryGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.EntryGroupIamMember(\"member\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.EntryGroupIamMember(\"member\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.EntryGroupIamMember(\"member\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamMember(ctx, \"member\", \u0026datacatalog.EntryGroupIamMemberArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMember;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryGroupIamMember(\"member\", EntryGroupIamMemberArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:EntryGroupIamMember\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}}\n\n* {{project}}/{{region}}/{{entry_group}}\n\n* {{region}}/{{entry_group}}\n\n* {{entry_group}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog entrygroup IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamMember:EntryGroupIamMember editor \"projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamMember:EntryGroupIamMember editor \"projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamMember:EntryGroupIamMember editor projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Data catalog EntryGroup. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Authoritative. Sets the IAM policy for the entrygroup and replaces any existing policy already attached.\n* `gcp.datacatalog.EntryGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrygroup are preserved.\n* `gcp.datacatalog.EntryGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrygroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Retrieves the IAM policy for the entrygroup\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.EntryGroupIamBinding` and `gcp.datacatalog.EntryGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.EntryGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.EntryGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.EntryGroupIamPolicy(\"policy\", {\n entryGroup: basicEntryGroup.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.EntryGroupIamPolicy(\"policy\",\n entry_group=basic_entry_group[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.EntryGroupIamPolicy(\"policy\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewEntryGroupIamPolicy(ctx, \"policy\", \u0026datacatalog.EntryGroupIamPolicyArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicy;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryGroupIamPolicy(\"policy\", EntryGroupIamPolicyArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:EntryGroupIamPolicy\n properties:\n entryGroup: ${basicEntryGroup.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.EntryGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.EntryGroupIamBinding(\"binding\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.EntryGroupIamBinding(\"binding\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.EntryGroupIamBinding(\"binding\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamBinding(ctx, \"binding\", \u0026datacatalog.EntryGroupIamBindingArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBinding;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryGroupIamBinding(\"binding\", EntryGroupIamBindingArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:EntryGroupIamBinding\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.EntryGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.EntryGroupIamMember(\"member\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.EntryGroupIamMember(\"member\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.EntryGroupIamMember(\"member\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamMember(ctx, \"member\", \u0026datacatalog.EntryGroupIamMemberArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMember;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryGroupIamMember(\"member\", EntryGroupIamMemberArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:EntryGroupIamMember\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Data catalog EntryGroup\nThree different resources help you manage your IAM policy for Data catalog EntryGroup. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Authoritative. Sets the IAM policy for the entrygroup and replaces any existing policy already attached.\n* `gcp.datacatalog.EntryGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrygroup are preserved.\n* `gcp.datacatalog.EntryGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrygroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Retrieves the IAM policy for the entrygroup\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.EntryGroupIamBinding` and `gcp.datacatalog.EntryGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.EntryGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.EntryGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.EntryGroupIamPolicy(\"policy\", {\n entryGroup: basicEntryGroup.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.EntryGroupIamPolicy(\"policy\",\n entry_group=basic_entry_group[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.EntryGroupIamPolicy(\"policy\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewEntryGroupIamPolicy(ctx, \"policy\", \u0026datacatalog.EntryGroupIamPolicyArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicy;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryGroupIamPolicy(\"policy\", EntryGroupIamPolicyArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:EntryGroupIamPolicy\n properties:\n entryGroup: ${basicEntryGroup.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.EntryGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.EntryGroupIamBinding(\"binding\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.EntryGroupIamBinding(\"binding\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.EntryGroupIamBinding(\"binding\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamBinding(ctx, \"binding\", \u0026datacatalog.EntryGroupIamBindingArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBinding;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryGroupIamBinding(\"binding\", EntryGroupIamBindingArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:EntryGroupIamBinding\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.EntryGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.EntryGroupIamMember(\"member\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.EntryGroupIamMember(\"member\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.EntryGroupIamMember(\"member\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamMember(ctx, \"member\", \u0026datacatalog.EntryGroupIamMemberArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMember;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryGroupIamMember(\"member\", EntryGroupIamMemberArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:EntryGroupIamMember\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}}\n\n* {{project}}/{{region}}/{{entry_group}}\n\n* {{region}}/{{entry_group}}\n\n* {{entry_group}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog entrygroup IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamMember:EntryGroupIamMember editor \"projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamMember:EntryGroupIamMember editor \"projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamMember:EntryGroupIamMember editor projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:datacatalog/EntryGroupIamMemberCondition:EntryGroupIamMemberCondition" @@ -190368,7 +190368,7 @@ } }, "gcp:datacatalog/entryGroupIamPolicy:EntryGroupIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Data catalog EntryGroup. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Authoritative. Sets the IAM policy for the entrygroup and replaces any existing policy already attached.\n* `gcp.datacatalog.EntryGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrygroup are preserved.\n* `gcp.datacatalog.EntryGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrygroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Retrieves the IAM policy for the entrygroup\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.EntryGroupIamBinding` and `gcp.datacatalog.EntryGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.EntryGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.EntryGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.EntryGroupIamPolicy(\"policy\", {\n entryGroup: basicEntryGroup.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.EntryGroupIamPolicy(\"policy\",\n entry_group=basic_entry_group[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.EntryGroupIamPolicy(\"policy\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewEntryGroupIamPolicy(ctx, \"policy\", \u0026datacatalog.EntryGroupIamPolicyArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicy;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryGroupIamPolicy(\"policy\", EntryGroupIamPolicyArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:EntryGroupIamPolicy\n properties:\n entryGroup: ${basicEntryGroup.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.EntryGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.EntryGroupIamBinding(\"binding\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.EntryGroupIamBinding(\"binding\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.EntryGroupIamBinding(\"binding\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamBinding(ctx, \"binding\", \u0026datacatalog.EntryGroupIamBindingArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBinding;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryGroupIamBinding(\"binding\", EntryGroupIamBindingArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:EntryGroupIamBinding\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.EntryGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.EntryGroupIamMember(\"member\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.EntryGroupIamMember(\"member\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.EntryGroupIamMember(\"member\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamMember(ctx, \"member\", \u0026datacatalog.EntryGroupIamMemberArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMember;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryGroupIamMember(\"member\", EntryGroupIamMemberArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:EntryGroupIamMember\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Data catalog EntryGroup\nThree different resources help you manage your IAM policy for Data catalog EntryGroup. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Authoritative. Sets the IAM policy for the entrygroup and replaces any existing policy already attached.\n* `gcp.datacatalog.EntryGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrygroup are preserved.\n* `gcp.datacatalog.EntryGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrygroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Retrieves the IAM policy for the entrygroup\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.EntryGroupIamBinding` and `gcp.datacatalog.EntryGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.EntryGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.EntryGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.EntryGroupIamPolicy(\"policy\", {\n entryGroup: basicEntryGroup.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.EntryGroupIamPolicy(\"policy\",\n entry_group=basic_entry_group[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.EntryGroupIamPolicy(\"policy\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewEntryGroupIamPolicy(ctx, \"policy\", \u0026datacatalog.EntryGroupIamPolicyArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicy;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryGroupIamPolicy(\"policy\", EntryGroupIamPolicyArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:EntryGroupIamPolicy\n properties:\n entryGroup: ${basicEntryGroup.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.EntryGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.EntryGroupIamBinding(\"binding\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.EntryGroupIamBinding(\"binding\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.EntryGroupIamBinding(\"binding\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamBinding(ctx, \"binding\", \u0026datacatalog.EntryGroupIamBindingArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBinding;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryGroupIamBinding(\"binding\", EntryGroupIamBindingArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:EntryGroupIamBinding\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.EntryGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.EntryGroupIamMember(\"member\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.EntryGroupIamMember(\"member\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.EntryGroupIamMember(\"member\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamMember(ctx, \"member\", \u0026datacatalog.EntryGroupIamMemberArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMember;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryGroupIamMember(\"member\", EntryGroupIamMemberArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:EntryGroupIamMember\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}}\n\n* {{project}}/{{region}}/{{entry_group}}\n\n* {{region}}/{{entry_group}}\n\n* {{entry_group}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog entrygroup IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamPolicy:EntryGroupIamPolicy editor \"projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamPolicy:EntryGroupIamPolicy editor \"projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamPolicy:EntryGroupIamPolicy editor projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Data catalog EntryGroup. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Authoritative. Sets the IAM policy for the entrygroup and replaces any existing policy already attached.\n* `gcp.datacatalog.EntryGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrygroup are preserved.\n* `gcp.datacatalog.EntryGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrygroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Retrieves the IAM policy for the entrygroup\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.EntryGroupIamBinding` and `gcp.datacatalog.EntryGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.EntryGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.EntryGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.EntryGroupIamPolicy(\"policy\", {\n entryGroup: basicEntryGroup.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.EntryGroupIamPolicy(\"policy\",\n entry_group=basic_entry_group[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.EntryGroupIamPolicy(\"policy\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewEntryGroupIamPolicy(ctx, \"policy\", \u0026datacatalog.EntryGroupIamPolicyArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicy;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryGroupIamPolicy(\"policy\", EntryGroupIamPolicyArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:EntryGroupIamPolicy\n properties:\n entryGroup: ${basicEntryGroup.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.EntryGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.EntryGroupIamBinding(\"binding\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.EntryGroupIamBinding(\"binding\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.EntryGroupIamBinding(\"binding\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamBinding(ctx, \"binding\", \u0026datacatalog.EntryGroupIamBindingArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBinding;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryGroupIamBinding(\"binding\", EntryGroupIamBindingArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:EntryGroupIamBinding\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.EntryGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.EntryGroupIamMember(\"member\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.EntryGroupIamMember(\"member\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.EntryGroupIamMember(\"member\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamMember(ctx, \"member\", \u0026datacatalog.EntryGroupIamMemberArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMember;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryGroupIamMember(\"member\", EntryGroupIamMemberArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:EntryGroupIamMember\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Data catalog EntryGroup\nThree different resources help you manage your IAM policy for Data catalog EntryGroup. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Authoritative. Sets the IAM policy for the entrygroup and replaces any existing policy already attached.\n* `gcp.datacatalog.EntryGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrygroup are preserved.\n* `gcp.datacatalog.EntryGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrygroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Retrieves the IAM policy for the entrygroup\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.EntryGroupIamBinding` and `gcp.datacatalog.EntryGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.EntryGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.EntryGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.EntryGroupIamPolicy(\"policy\", {\n entryGroup: basicEntryGroup.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.EntryGroupIamPolicy(\"policy\",\n entry_group=basic_entry_group[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.EntryGroupIamPolicy(\"policy\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewEntryGroupIamPolicy(ctx, \"policy\", \u0026datacatalog.EntryGroupIamPolicyArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicy;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryGroupIamPolicy(\"policy\", EntryGroupIamPolicyArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:EntryGroupIamPolicy\n properties:\n entryGroup: ${basicEntryGroup.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.EntryGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.EntryGroupIamBinding(\"binding\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.EntryGroupIamBinding(\"binding\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.EntryGroupIamBinding(\"binding\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamBinding(ctx, \"binding\", \u0026datacatalog.EntryGroupIamBindingArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBinding;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryGroupIamBinding(\"binding\", EntryGroupIamBindingArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:EntryGroupIamBinding\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.EntryGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.EntryGroupIamMember(\"member\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.EntryGroupIamMember(\"member\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.EntryGroupIamMember(\"member\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamMember(ctx, \"member\", \u0026datacatalog.EntryGroupIamMemberArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMember;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryGroupIamMember(\"member\", EntryGroupIamMemberArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:EntryGroupIamMember\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}}\n\n* {{project}}/{{region}}/{{entry_group}}\n\n* {{region}}/{{entry_group}}\n\n* {{entry_group}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog entrygroup IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamPolicy:EntryGroupIamPolicy editor \"projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamPolicy:EntryGroupIamPolicy editor \"projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamPolicy:EntryGroupIamPolicy editor projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "entryGroup": { "type": "string", @@ -190451,7 +190451,7 @@ } }, "gcp:datacatalog/policyTag:PolicyTag": { - "description": "Denotes one policy tag in a taxonomy.\n\n\nTo get more information about PolicyTag, see:\n\n* [API documentation](https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.taxonomies.policyTags)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/data-catalog/docs)\n\n## Example Usage\n\n### Data Catalog Taxonomies Policy Tag Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myTaxonomy = new gcp.datacatalog.Taxonomy(\"my_taxonomy\", {\n displayName: \"taxonomy_display_name\",\n description: \"A collection of policy tags\",\n activatedPolicyTypes: [\"FINE_GRAINED_ACCESS_CONTROL\"],\n});\nconst basicPolicyTag = new gcp.datacatalog.PolicyTag(\"basic_policy_tag\", {\n taxonomy: myTaxonomy.id,\n displayName: \"Low security\",\n description: \"A policy tag normally associated with low security items\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_taxonomy = gcp.datacatalog.Taxonomy(\"my_taxonomy\",\n display_name=\"taxonomy_display_name\",\n description=\"A collection of policy tags\",\n activated_policy_types=[\"FINE_GRAINED_ACCESS_CONTROL\"])\nbasic_policy_tag = gcp.datacatalog.PolicyTag(\"basic_policy_tag\",\n taxonomy=my_taxonomy.id,\n display_name=\"Low security\",\n description=\"A policy tag normally associated with low security items\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myTaxonomy = new Gcp.DataCatalog.Taxonomy(\"my_taxonomy\", new()\n {\n DisplayName = \"taxonomy_display_name\",\n Description = \"A collection of policy tags\",\n ActivatedPolicyTypes = new[]\n {\n \"FINE_GRAINED_ACCESS_CONTROL\",\n },\n });\n\n var basicPolicyTag = new Gcp.DataCatalog.PolicyTag(\"basic_policy_tag\", new()\n {\n Taxonomy = myTaxonomy.Id,\n DisplayName = \"Low security\",\n Description = \"A policy tag normally associated with low security items\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyTaxonomy, err := datacatalog.NewTaxonomy(ctx, \"my_taxonomy\", \u0026datacatalog.TaxonomyArgs{\n\t\t\tDisplayName: pulumi.String(\"taxonomy_display_name\"),\n\t\t\tDescription: pulumi.String(\"A collection of policy tags\"),\n\t\t\tActivatedPolicyTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"FINE_GRAINED_ACCESS_CONTROL\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewPolicyTag(ctx, \"basic_policy_tag\", \u0026datacatalog.PolicyTagArgs{\n\t\t\tTaxonomy: myTaxonomy.ID(),\n\t\t\tDisplayName: pulumi.String(\"Low security\"),\n\t\t\tDescription: pulumi.String(\"A policy tag normally associated with low security items\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.Taxonomy;\nimport com.pulumi.gcp.datacatalog.TaxonomyArgs;\nimport com.pulumi.gcp.datacatalog.PolicyTag;\nimport com.pulumi.gcp.datacatalog.PolicyTagArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myTaxonomy = new Taxonomy(\"myTaxonomy\", TaxonomyArgs.builder()\n .displayName(\"taxonomy_display_name\")\n .description(\"A collection of policy tags\")\n .activatedPolicyTypes(\"FINE_GRAINED_ACCESS_CONTROL\")\n .build());\n\n var basicPolicyTag = new PolicyTag(\"basicPolicyTag\", PolicyTagArgs.builder()\n .taxonomy(myTaxonomy.id())\n .displayName(\"Low security\")\n .description(\"A policy tag normally associated with low security items\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basicPolicyTag:\n type: gcp:datacatalog:PolicyTag\n name: basic_policy_tag\n properties:\n taxonomy: ${myTaxonomy.id}\n displayName: Low security\n description: A policy tag normally associated with low security items\n myTaxonomy:\n type: gcp:datacatalog:Taxonomy\n name: my_taxonomy\n properties:\n displayName: taxonomy_display_name\n description: A collection of policy tags\n activatedPolicyTypes:\n - FINE_GRAINED_ACCESS_CONTROL\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Catalog Taxonomies Policy Tag Child Policies\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myTaxonomy = new gcp.datacatalog.Taxonomy(\"my_taxonomy\", {\n displayName: \"taxonomy_display_name\",\n description: \"A collection of policy tags\",\n activatedPolicyTypes: [\"FINE_GRAINED_ACCESS_CONTROL\"],\n});\nconst parentPolicy = new gcp.datacatalog.PolicyTag(\"parent_policy\", {\n taxonomy: myTaxonomy.id,\n displayName: \"High\",\n description: \"A policy tag category used for high security access\",\n});\nconst childPolicy = new gcp.datacatalog.PolicyTag(\"child_policy\", {\n taxonomy: myTaxonomy.id,\n displayName: \"ssn\",\n description: \"A hash of the users ssn\",\n parentPolicyTag: parentPolicy.id,\n});\nconst childPolicy2 = new gcp.datacatalog.PolicyTag(\"child_policy2\", {\n taxonomy: myTaxonomy.id,\n displayName: \"dob\",\n description: \"The users date of birth\",\n parentPolicyTag: parentPolicy.id,\n}, {\n dependsOn: [childPolicy],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_taxonomy = gcp.datacatalog.Taxonomy(\"my_taxonomy\",\n display_name=\"taxonomy_display_name\",\n description=\"A collection of policy tags\",\n activated_policy_types=[\"FINE_GRAINED_ACCESS_CONTROL\"])\nparent_policy = gcp.datacatalog.PolicyTag(\"parent_policy\",\n taxonomy=my_taxonomy.id,\n display_name=\"High\",\n description=\"A policy tag category used for high security access\")\nchild_policy = gcp.datacatalog.PolicyTag(\"child_policy\",\n taxonomy=my_taxonomy.id,\n display_name=\"ssn\",\n description=\"A hash of the users ssn\",\n parent_policy_tag=parent_policy.id)\nchild_policy2 = gcp.datacatalog.PolicyTag(\"child_policy2\",\n taxonomy=my_taxonomy.id,\n display_name=\"dob\",\n description=\"The users date of birth\",\n parent_policy_tag=parent_policy.id,\n opts = pulumi.ResourceOptions(depends_on=[child_policy]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myTaxonomy = new Gcp.DataCatalog.Taxonomy(\"my_taxonomy\", new()\n {\n DisplayName = \"taxonomy_display_name\",\n Description = \"A collection of policy tags\",\n ActivatedPolicyTypes = new[]\n {\n \"FINE_GRAINED_ACCESS_CONTROL\",\n },\n });\n\n var parentPolicy = new Gcp.DataCatalog.PolicyTag(\"parent_policy\", new()\n {\n Taxonomy = myTaxonomy.Id,\n DisplayName = \"High\",\n Description = \"A policy tag category used for high security access\",\n });\n\n var childPolicy = new Gcp.DataCatalog.PolicyTag(\"child_policy\", new()\n {\n Taxonomy = myTaxonomy.Id,\n DisplayName = \"ssn\",\n Description = \"A hash of the users ssn\",\n ParentPolicyTag = parentPolicy.Id,\n });\n\n var childPolicy2 = new Gcp.DataCatalog.PolicyTag(\"child_policy2\", new()\n {\n Taxonomy = myTaxonomy.Id,\n DisplayName = \"dob\",\n Description = \"The users date of birth\",\n ParentPolicyTag = parentPolicy.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n childPolicy,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyTaxonomy, err := datacatalog.NewTaxonomy(ctx, \"my_taxonomy\", \u0026datacatalog.TaxonomyArgs{\n\t\t\tDisplayName: pulumi.String(\"taxonomy_display_name\"),\n\t\t\tDescription: pulumi.String(\"A collection of policy tags\"),\n\t\t\tActivatedPolicyTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"FINE_GRAINED_ACCESS_CONTROL\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tparentPolicy, err := datacatalog.NewPolicyTag(ctx, \"parent_policy\", \u0026datacatalog.PolicyTagArgs{\n\t\t\tTaxonomy: myTaxonomy.ID(),\n\t\t\tDisplayName: pulumi.String(\"High\"),\n\t\t\tDescription: pulumi.String(\"A policy tag category used for high security access\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tchildPolicy, err := datacatalog.NewPolicyTag(ctx, \"child_policy\", \u0026datacatalog.PolicyTagArgs{\n\t\t\tTaxonomy: myTaxonomy.ID(),\n\t\t\tDisplayName: pulumi.String(\"ssn\"),\n\t\t\tDescription: pulumi.String(\"A hash of the users ssn\"),\n\t\t\tParentPolicyTag: parentPolicy.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewPolicyTag(ctx, \"child_policy2\", \u0026datacatalog.PolicyTagArgs{\n\t\t\tTaxonomy: myTaxonomy.ID(),\n\t\t\tDisplayName: pulumi.String(\"dob\"),\n\t\t\tDescription: pulumi.String(\"The users date of birth\"),\n\t\t\tParentPolicyTag: parentPolicy.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tchildPolicy,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.Taxonomy;\nimport com.pulumi.gcp.datacatalog.TaxonomyArgs;\nimport com.pulumi.gcp.datacatalog.PolicyTag;\nimport com.pulumi.gcp.datacatalog.PolicyTagArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myTaxonomy = new Taxonomy(\"myTaxonomy\", TaxonomyArgs.builder()\n .displayName(\"taxonomy_display_name\")\n .description(\"A collection of policy tags\")\n .activatedPolicyTypes(\"FINE_GRAINED_ACCESS_CONTROL\")\n .build());\n\n var parentPolicy = new PolicyTag(\"parentPolicy\", PolicyTagArgs.builder()\n .taxonomy(myTaxonomy.id())\n .displayName(\"High\")\n .description(\"A policy tag category used for high security access\")\n .build());\n\n var childPolicy = new PolicyTag(\"childPolicy\", PolicyTagArgs.builder()\n .taxonomy(myTaxonomy.id())\n .displayName(\"ssn\")\n .description(\"A hash of the users ssn\")\n .parentPolicyTag(parentPolicy.id())\n .build());\n\n var childPolicy2 = new PolicyTag(\"childPolicy2\", PolicyTagArgs.builder()\n .taxonomy(myTaxonomy.id())\n .displayName(\"dob\")\n .description(\"The users date of birth\")\n .parentPolicyTag(parentPolicy.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(childPolicy)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n parentPolicy:\n type: gcp:datacatalog:PolicyTag\n name: parent_policy\n properties:\n taxonomy: ${myTaxonomy.id}\n displayName: High\n description: A policy tag category used for high security access\n childPolicy:\n type: gcp:datacatalog:PolicyTag\n name: child_policy\n properties:\n taxonomy: ${myTaxonomy.id}\n displayName: ssn\n description: A hash of the users ssn\n parentPolicyTag: ${parentPolicy.id}\n childPolicy2:\n type: gcp:datacatalog:PolicyTag\n name: child_policy2\n properties:\n taxonomy: ${myTaxonomy.id}\n displayName: dob\n description: The users date of birth\n parentPolicyTag: ${parentPolicy.id}\n options:\n dependson:\n - ${childPolicy}\n myTaxonomy:\n type: gcp:datacatalog:Taxonomy\n name: my_taxonomy\n properties:\n displayName: taxonomy_display_name\n description: A collection of policy tags\n activatedPolicyTypes:\n - FINE_GRAINED_ACCESS_CONTROL\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nPolicyTag can be imported using any of these accepted formats:\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, PolicyTag can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:datacatalog/policyTag:PolicyTag default {{name}}\n```\n\n", + "description": "Denotes one policy tag in a taxonomy.\n\n\nTo get more information about PolicyTag, see:\n\n* [API documentation](https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.taxonomies.policyTags)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/data-catalog/docs)\n\n## Example Usage\n\n### Data Catalog Taxonomies Policy Tag Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myTaxonomy = new gcp.datacatalog.Taxonomy(\"my_taxonomy\", {\n displayName: \"taxonomy_display_name\",\n description: \"A collection of policy tags\",\n activatedPolicyTypes: [\"FINE_GRAINED_ACCESS_CONTROL\"],\n});\nconst basicPolicyTag = new gcp.datacatalog.PolicyTag(\"basic_policy_tag\", {\n taxonomy: myTaxonomy.id,\n displayName: \"Low security\",\n description: \"A policy tag normally associated with low security items\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_taxonomy = gcp.datacatalog.Taxonomy(\"my_taxonomy\",\n display_name=\"taxonomy_display_name\",\n description=\"A collection of policy tags\",\n activated_policy_types=[\"FINE_GRAINED_ACCESS_CONTROL\"])\nbasic_policy_tag = gcp.datacatalog.PolicyTag(\"basic_policy_tag\",\n taxonomy=my_taxonomy.id,\n display_name=\"Low security\",\n description=\"A policy tag normally associated with low security items\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myTaxonomy = new Gcp.DataCatalog.Taxonomy(\"my_taxonomy\", new()\n {\n DisplayName = \"taxonomy_display_name\",\n Description = \"A collection of policy tags\",\n ActivatedPolicyTypes = new[]\n {\n \"FINE_GRAINED_ACCESS_CONTROL\",\n },\n });\n\n var basicPolicyTag = new Gcp.DataCatalog.PolicyTag(\"basic_policy_tag\", new()\n {\n Taxonomy = myTaxonomy.Id,\n DisplayName = \"Low security\",\n Description = \"A policy tag normally associated with low security items\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyTaxonomy, err := datacatalog.NewTaxonomy(ctx, \"my_taxonomy\", \u0026datacatalog.TaxonomyArgs{\n\t\t\tDisplayName: pulumi.String(\"taxonomy_display_name\"),\n\t\t\tDescription: pulumi.String(\"A collection of policy tags\"),\n\t\t\tActivatedPolicyTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"FINE_GRAINED_ACCESS_CONTROL\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewPolicyTag(ctx, \"basic_policy_tag\", \u0026datacatalog.PolicyTagArgs{\n\t\t\tTaxonomy: myTaxonomy.ID(),\n\t\t\tDisplayName: pulumi.String(\"Low security\"),\n\t\t\tDescription: pulumi.String(\"A policy tag normally associated with low security items\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.Taxonomy;\nimport com.pulumi.gcp.datacatalog.TaxonomyArgs;\nimport com.pulumi.gcp.datacatalog.PolicyTag;\nimport com.pulumi.gcp.datacatalog.PolicyTagArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myTaxonomy = new Taxonomy(\"myTaxonomy\", TaxonomyArgs.builder()\n .displayName(\"taxonomy_display_name\")\n .description(\"A collection of policy tags\")\n .activatedPolicyTypes(\"FINE_GRAINED_ACCESS_CONTROL\")\n .build());\n\n var basicPolicyTag = new PolicyTag(\"basicPolicyTag\", PolicyTagArgs.builder()\n .taxonomy(myTaxonomy.id())\n .displayName(\"Low security\")\n .description(\"A policy tag normally associated with low security items\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basicPolicyTag:\n type: gcp:datacatalog:PolicyTag\n name: basic_policy_tag\n properties:\n taxonomy: ${myTaxonomy.id}\n displayName: Low security\n description: A policy tag normally associated with low security items\n myTaxonomy:\n type: gcp:datacatalog:Taxonomy\n name: my_taxonomy\n properties:\n displayName: taxonomy_display_name\n description: A collection of policy tags\n activatedPolicyTypes:\n - FINE_GRAINED_ACCESS_CONTROL\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Catalog Taxonomies Policy Tag Child Policies\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myTaxonomy = new gcp.datacatalog.Taxonomy(\"my_taxonomy\", {\n displayName: \"taxonomy_display_name\",\n description: \"A collection of policy tags\",\n activatedPolicyTypes: [\"FINE_GRAINED_ACCESS_CONTROL\"],\n});\nconst parentPolicy = new gcp.datacatalog.PolicyTag(\"parent_policy\", {\n taxonomy: myTaxonomy.id,\n displayName: \"High\",\n description: \"A policy tag category used for high security access\",\n});\nconst childPolicy = new gcp.datacatalog.PolicyTag(\"child_policy\", {\n taxonomy: myTaxonomy.id,\n displayName: \"ssn\",\n description: \"A hash of the users ssn\",\n parentPolicyTag: parentPolicy.id,\n});\nconst childPolicy2 = new gcp.datacatalog.PolicyTag(\"child_policy2\", {\n taxonomy: myTaxonomy.id,\n displayName: \"dob\",\n description: \"The users date of birth\",\n parentPolicyTag: parentPolicy.id,\n}, {\n dependsOn: [childPolicy],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_taxonomy = gcp.datacatalog.Taxonomy(\"my_taxonomy\",\n display_name=\"taxonomy_display_name\",\n description=\"A collection of policy tags\",\n activated_policy_types=[\"FINE_GRAINED_ACCESS_CONTROL\"])\nparent_policy = gcp.datacatalog.PolicyTag(\"parent_policy\",\n taxonomy=my_taxonomy.id,\n display_name=\"High\",\n description=\"A policy tag category used for high security access\")\nchild_policy = gcp.datacatalog.PolicyTag(\"child_policy\",\n taxonomy=my_taxonomy.id,\n display_name=\"ssn\",\n description=\"A hash of the users ssn\",\n parent_policy_tag=parent_policy.id)\nchild_policy2 = gcp.datacatalog.PolicyTag(\"child_policy2\",\n taxonomy=my_taxonomy.id,\n display_name=\"dob\",\n description=\"The users date of birth\",\n parent_policy_tag=parent_policy.id,\n opts = pulumi.ResourceOptions(depends_on=[child_policy]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myTaxonomy = new Gcp.DataCatalog.Taxonomy(\"my_taxonomy\", new()\n {\n DisplayName = \"taxonomy_display_name\",\n Description = \"A collection of policy tags\",\n ActivatedPolicyTypes = new[]\n {\n \"FINE_GRAINED_ACCESS_CONTROL\",\n },\n });\n\n var parentPolicy = new Gcp.DataCatalog.PolicyTag(\"parent_policy\", new()\n {\n Taxonomy = myTaxonomy.Id,\n DisplayName = \"High\",\n Description = \"A policy tag category used for high security access\",\n });\n\n var childPolicy = new Gcp.DataCatalog.PolicyTag(\"child_policy\", new()\n {\n Taxonomy = myTaxonomy.Id,\n DisplayName = \"ssn\",\n Description = \"A hash of the users ssn\",\n ParentPolicyTag = parentPolicy.Id,\n });\n\n var childPolicy2 = new Gcp.DataCatalog.PolicyTag(\"child_policy2\", new()\n {\n Taxonomy = myTaxonomy.Id,\n DisplayName = \"dob\",\n Description = \"The users date of birth\",\n ParentPolicyTag = parentPolicy.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n childPolicy,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyTaxonomy, err := datacatalog.NewTaxonomy(ctx, \"my_taxonomy\", \u0026datacatalog.TaxonomyArgs{\n\t\t\tDisplayName: pulumi.String(\"taxonomy_display_name\"),\n\t\t\tDescription: pulumi.String(\"A collection of policy tags\"),\n\t\t\tActivatedPolicyTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"FINE_GRAINED_ACCESS_CONTROL\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tparentPolicy, err := datacatalog.NewPolicyTag(ctx, \"parent_policy\", \u0026datacatalog.PolicyTagArgs{\n\t\t\tTaxonomy: myTaxonomy.ID(),\n\t\t\tDisplayName: pulumi.String(\"High\"),\n\t\t\tDescription: pulumi.String(\"A policy tag category used for high security access\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tchildPolicy, err := datacatalog.NewPolicyTag(ctx, \"child_policy\", \u0026datacatalog.PolicyTagArgs{\n\t\t\tTaxonomy: myTaxonomy.ID(),\n\t\t\tDisplayName: pulumi.String(\"ssn\"),\n\t\t\tDescription: pulumi.String(\"A hash of the users ssn\"),\n\t\t\tParentPolicyTag: parentPolicy.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewPolicyTag(ctx, \"child_policy2\", \u0026datacatalog.PolicyTagArgs{\n\t\t\tTaxonomy: myTaxonomy.ID(),\n\t\t\tDisplayName: pulumi.String(\"dob\"),\n\t\t\tDescription: pulumi.String(\"The users date of birth\"),\n\t\t\tParentPolicyTag: parentPolicy.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tchildPolicy,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.Taxonomy;\nimport com.pulumi.gcp.datacatalog.TaxonomyArgs;\nimport com.pulumi.gcp.datacatalog.PolicyTag;\nimport com.pulumi.gcp.datacatalog.PolicyTagArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myTaxonomy = new Taxonomy(\"myTaxonomy\", TaxonomyArgs.builder()\n .displayName(\"taxonomy_display_name\")\n .description(\"A collection of policy tags\")\n .activatedPolicyTypes(\"FINE_GRAINED_ACCESS_CONTROL\")\n .build());\n\n var parentPolicy = new PolicyTag(\"parentPolicy\", PolicyTagArgs.builder()\n .taxonomy(myTaxonomy.id())\n .displayName(\"High\")\n .description(\"A policy tag category used for high security access\")\n .build());\n\n var childPolicy = new PolicyTag(\"childPolicy\", PolicyTagArgs.builder()\n .taxonomy(myTaxonomy.id())\n .displayName(\"ssn\")\n .description(\"A hash of the users ssn\")\n .parentPolicyTag(parentPolicy.id())\n .build());\n\n var childPolicy2 = new PolicyTag(\"childPolicy2\", PolicyTagArgs.builder()\n .taxonomy(myTaxonomy.id())\n .displayName(\"dob\")\n .description(\"The users date of birth\")\n .parentPolicyTag(parentPolicy.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(childPolicy)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n parentPolicy:\n type: gcp:datacatalog:PolicyTag\n name: parent_policy\n properties:\n taxonomy: ${myTaxonomy.id}\n displayName: High\n description: A policy tag category used for high security access\n childPolicy:\n type: gcp:datacatalog:PolicyTag\n name: child_policy\n properties:\n taxonomy: ${myTaxonomy.id}\n displayName: ssn\n description: A hash of the users ssn\n parentPolicyTag: ${parentPolicy.id}\n childPolicy2:\n type: gcp:datacatalog:PolicyTag\n name: child_policy2\n properties:\n taxonomy: ${myTaxonomy.id}\n displayName: dob\n description: The users date of birth\n parentPolicyTag: ${parentPolicy.id}\n options:\n dependsOn:\n - ${childPolicy}\n myTaxonomy:\n type: gcp:datacatalog:Taxonomy\n name: my_taxonomy\n properties:\n displayName: taxonomy_display_name\n description: A collection of policy tags\n activatedPolicyTypes:\n - FINE_GRAINED_ACCESS_CONTROL\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nPolicyTag can be imported using any of these accepted formats:\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, PolicyTag can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:datacatalog/policyTag:PolicyTag default {{name}}\n```\n\n", "properties": { "childPolicyTags": { "type": "array", @@ -190546,7 +190546,7 @@ } }, "gcp:datacatalog/policyTagIamBinding:PolicyTagIamBinding": { - "description": "Three different resources help you manage your IAM policy for Data catalog PolicyTag. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Authoritative. Sets the IAM policy for the policytag and replaces any existing policy already attached.\n* `gcp.datacatalog.PolicyTagIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the policytag are preserved.\n* `gcp.datacatalog.PolicyTagIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the policytag are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Retrieves the IAM policy for the policytag\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.PolicyTagIamBinding` and `gcp.datacatalog.PolicyTagIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.PolicyTagIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.PolicyTagIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.PolicyTagIamPolicy(\"policy\", {\n policyTag: basicPolicyTag.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.PolicyTagIamPolicy(\"policy\",\n policy_tag=basic_policy_tag[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.PolicyTagIamPolicy(\"policy\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewPolicyTagIamPolicy(ctx, \"policy\", \u0026datacatalog.PolicyTagIamPolicyArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicy;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new PolicyTagIamPolicy(\"policy\", PolicyTagIamPolicyArgs.builder()\n .policyTag(basicPolicyTag.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:PolicyTagIamPolicy\n properties:\n policyTag: ${basicPolicyTag.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.PolicyTagIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.PolicyTagIamBinding(\"binding\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.PolicyTagIamBinding(\"binding\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.PolicyTagIamBinding(\"binding\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamBinding(ctx, \"binding\", \u0026datacatalog.PolicyTagIamBindingArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBinding;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new PolicyTagIamBinding(\"binding\", PolicyTagIamBindingArgs.builder()\n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:PolicyTagIamBinding\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.PolicyTagIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.PolicyTagIamMember(\"member\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.PolicyTagIamMember(\"member\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.PolicyTagIamMember(\"member\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamMember(ctx, \"member\", \u0026datacatalog.PolicyTagIamMemberArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMember;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new PolicyTagIamMember(\"member\", PolicyTagIamMemberArgs.builder()\n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:PolicyTagIamMember\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Data catalog PolicyTag\nThree different resources help you manage your IAM policy for Data catalog PolicyTag. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Authoritative. Sets the IAM policy for the policytag and replaces any existing policy already attached.\n* `gcp.datacatalog.PolicyTagIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the policytag are preserved.\n* `gcp.datacatalog.PolicyTagIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the policytag are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Retrieves the IAM policy for the policytag\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.PolicyTagIamBinding` and `gcp.datacatalog.PolicyTagIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.PolicyTagIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.PolicyTagIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.PolicyTagIamPolicy(\"policy\", {\n policyTag: basicPolicyTag.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.PolicyTagIamPolicy(\"policy\",\n policy_tag=basic_policy_tag[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.PolicyTagIamPolicy(\"policy\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewPolicyTagIamPolicy(ctx, \"policy\", \u0026datacatalog.PolicyTagIamPolicyArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicy;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new PolicyTagIamPolicy(\"policy\", PolicyTagIamPolicyArgs.builder()\n .policyTag(basicPolicyTag.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:PolicyTagIamPolicy\n properties:\n policyTag: ${basicPolicyTag.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.PolicyTagIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.PolicyTagIamBinding(\"binding\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.PolicyTagIamBinding(\"binding\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.PolicyTagIamBinding(\"binding\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamBinding(ctx, \"binding\", \u0026datacatalog.PolicyTagIamBindingArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBinding;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new PolicyTagIamBinding(\"binding\", PolicyTagIamBindingArgs.builder()\n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:PolicyTagIamBinding\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.PolicyTagIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.PolicyTagIamMember(\"member\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.PolicyTagIamMember(\"member\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.PolicyTagIamMember(\"member\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamMember(ctx, \"member\", \u0026datacatalog.PolicyTagIamMemberArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMember;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new PolicyTagIamMember(\"member\", PolicyTagIamMemberArgs.builder()\n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:PolicyTagIamMember\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{policy_tag}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog policytag IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamBinding:PolicyTagIamBinding editor \"{{policy_tag}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamBinding:PolicyTagIamBinding editor \"{{policy_tag}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamBinding:PolicyTagIamBinding editor {{policy_tag}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Data catalog PolicyTag. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Authoritative. Sets the IAM policy for the policytag and replaces any existing policy already attached.\n* `gcp.datacatalog.PolicyTagIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the policytag are preserved.\n* `gcp.datacatalog.PolicyTagIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the policytag are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Retrieves the IAM policy for the policytag\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.PolicyTagIamBinding` and `gcp.datacatalog.PolicyTagIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.PolicyTagIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.PolicyTagIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.PolicyTagIamPolicy(\"policy\", {\n policyTag: basicPolicyTag.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.PolicyTagIamPolicy(\"policy\",\n policy_tag=basic_policy_tag[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.PolicyTagIamPolicy(\"policy\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewPolicyTagIamPolicy(ctx, \"policy\", \u0026datacatalog.PolicyTagIamPolicyArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicy;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new PolicyTagIamPolicy(\"policy\", PolicyTagIamPolicyArgs.builder()\n .policyTag(basicPolicyTag.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:PolicyTagIamPolicy\n properties:\n policyTag: ${basicPolicyTag.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.PolicyTagIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.PolicyTagIamBinding(\"binding\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.PolicyTagIamBinding(\"binding\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.PolicyTagIamBinding(\"binding\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamBinding(ctx, \"binding\", \u0026datacatalog.PolicyTagIamBindingArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBinding;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new PolicyTagIamBinding(\"binding\", PolicyTagIamBindingArgs.builder()\n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:PolicyTagIamBinding\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.PolicyTagIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.PolicyTagIamMember(\"member\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.PolicyTagIamMember(\"member\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.PolicyTagIamMember(\"member\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamMember(ctx, \"member\", \u0026datacatalog.PolicyTagIamMemberArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMember;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new PolicyTagIamMember(\"member\", PolicyTagIamMemberArgs.builder()\n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:PolicyTagIamMember\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Data catalog PolicyTag\nThree different resources help you manage your IAM policy for Data catalog PolicyTag. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Authoritative. Sets the IAM policy for the policytag and replaces any existing policy already attached.\n* `gcp.datacatalog.PolicyTagIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the policytag are preserved.\n* `gcp.datacatalog.PolicyTagIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the policytag are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Retrieves the IAM policy for the policytag\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.PolicyTagIamBinding` and `gcp.datacatalog.PolicyTagIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.PolicyTagIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.PolicyTagIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.PolicyTagIamPolicy(\"policy\", {\n policyTag: basicPolicyTag.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.PolicyTagIamPolicy(\"policy\",\n policy_tag=basic_policy_tag[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.PolicyTagIamPolicy(\"policy\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewPolicyTagIamPolicy(ctx, \"policy\", \u0026datacatalog.PolicyTagIamPolicyArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicy;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new PolicyTagIamPolicy(\"policy\", PolicyTagIamPolicyArgs.builder()\n .policyTag(basicPolicyTag.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:PolicyTagIamPolicy\n properties:\n policyTag: ${basicPolicyTag.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.PolicyTagIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.PolicyTagIamBinding(\"binding\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.PolicyTagIamBinding(\"binding\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.PolicyTagIamBinding(\"binding\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamBinding(ctx, \"binding\", \u0026datacatalog.PolicyTagIamBindingArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBinding;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new PolicyTagIamBinding(\"binding\", PolicyTagIamBindingArgs.builder()\n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:PolicyTagIamBinding\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.PolicyTagIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.PolicyTagIamMember(\"member\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.PolicyTagIamMember(\"member\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.PolicyTagIamMember(\"member\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamMember(ctx, \"member\", \u0026datacatalog.PolicyTagIamMemberArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMember;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new PolicyTagIamMember(\"member\", PolicyTagIamMemberArgs.builder()\n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:PolicyTagIamMember\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{policy_tag}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog policytag IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamBinding:PolicyTagIamBinding editor \"{{policy_tag}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamBinding:PolicyTagIamBinding editor \"{{policy_tag}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamBinding:PolicyTagIamBinding editor {{policy_tag}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:datacatalog/PolicyTagIamBindingCondition:PolicyTagIamBindingCondition" @@ -190638,7 +190638,7 @@ } }, "gcp:datacatalog/policyTagIamMember:PolicyTagIamMember": { - "description": "Three different resources help you manage your IAM policy for Data catalog PolicyTag. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Authoritative. Sets the IAM policy for the policytag and replaces any existing policy already attached.\n* `gcp.datacatalog.PolicyTagIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the policytag are preserved.\n* `gcp.datacatalog.PolicyTagIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the policytag are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Retrieves the IAM policy for the policytag\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.PolicyTagIamBinding` and `gcp.datacatalog.PolicyTagIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.PolicyTagIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.PolicyTagIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.PolicyTagIamPolicy(\"policy\", {\n policyTag: basicPolicyTag.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.PolicyTagIamPolicy(\"policy\",\n policy_tag=basic_policy_tag[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.PolicyTagIamPolicy(\"policy\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewPolicyTagIamPolicy(ctx, \"policy\", \u0026datacatalog.PolicyTagIamPolicyArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicy;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new PolicyTagIamPolicy(\"policy\", PolicyTagIamPolicyArgs.builder()\n .policyTag(basicPolicyTag.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:PolicyTagIamPolicy\n properties:\n policyTag: ${basicPolicyTag.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.PolicyTagIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.PolicyTagIamBinding(\"binding\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.PolicyTagIamBinding(\"binding\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.PolicyTagIamBinding(\"binding\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamBinding(ctx, \"binding\", \u0026datacatalog.PolicyTagIamBindingArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBinding;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new PolicyTagIamBinding(\"binding\", PolicyTagIamBindingArgs.builder()\n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:PolicyTagIamBinding\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.PolicyTagIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.PolicyTagIamMember(\"member\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.PolicyTagIamMember(\"member\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.PolicyTagIamMember(\"member\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamMember(ctx, \"member\", \u0026datacatalog.PolicyTagIamMemberArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMember;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new PolicyTagIamMember(\"member\", PolicyTagIamMemberArgs.builder()\n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:PolicyTagIamMember\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Data catalog PolicyTag\nThree different resources help you manage your IAM policy for Data catalog PolicyTag. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Authoritative. Sets the IAM policy for the policytag and replaces any existing policy already attached.\n* `gcp.datacatalog.PolicyTagIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the policytag are preserved.\n* `gcp.datacatalog.PolicyTagIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the policytag are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Retrieves the IAM policy for the policytag\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.PolicyTagIamBinding` and `gcp.datacatalog.PolicyTagIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.PolicyTagIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.PolicyTagIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.PolicyTagIamPolicy(\"policy\", {\n policyTag: basicPolicyTag.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.PolicyTagIamPolicy(\"policy\",\n policy_tag=basic_policy_tag[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.PolicyTagIamPolicy(\"policy\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewPolicyTagIamPolicy(ctx, \"policy\", \u0026datacatalog.PolicyTagIamPolicyArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicy;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new PolicyTagIamPolicy(\"policy\", PolicyTagIamPolicyArgs.builder()\n .policyTag(basicPolicyTag.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:PolicyTagIamPolicy\n properties:\n policyTag: ${basicPolicyTag.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.PolicyTagIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.PolicyTagIamBinding(\"binding\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.PolicyTagIamBinding(\"binding\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.PolicyTagIamBinding(\"binding\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamBinding(ctx, \"binding\", \u0026datacatalog.PolicyTagIamBindingArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBinding;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new PolicyTagIamBinding(\"binding\", PolicyTagIamBindingArgs.builder()\n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:PolicyTagIamBinding\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.PolicyTagIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.PolicyTagIamMember(\"member\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.PolicyTagIamMember(\"member\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.PolicyTagIamMember(\"member\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamMember(ctx, \"member\", \u0026datacatalog.PolicyTagIamMemberArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMember;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new PolicyTagIamMember(\"member\", PolicyTagIamMemberArgs.builder()\n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:PolicyTagIamMember\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{policy_tag}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog policytag IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamMember:PolicyTagIamMember editor \"{{policy_tag}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamMember:PolicyTagIamMember editor \"{{policy_tag}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamMember:PolicyTagIamMember editor {{policy_tag}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Data catalog PolicyTag. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Authoritative. Sets the IAM policy for the policytag and replaces any existing policy already attached.\n* `gcp.datacatalog.PolicyTagIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the policytag are preserved.\n* `gcp.datacatalog.PolicyTagIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the policytag are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Retrieves the IAM policy for the policytag\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.PolicyTagIamBinding` and `gcp.datacatalog.PolicyTagIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.PolicyTagIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.PolicyTagIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.PolicyTagIamPolicy(\"policy\", {\n policyTag: basicPolicyTag.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.PolicyTagIamPolicy(\"policy\",\n policy_tag=basic_policy_tag[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.PolicyTagIamPolicy(\"policy\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewPolicyTagIamPolicy(ctx, \"policy\", \u0026datacatalog.PolicyTagIamPolicyArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicy;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new PolicyTagIamPolicy(\"policy\", PolicyTagIamPolicyArgs.builder()\n .policyTag(basicPolicyTag.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:PolicyTagIamPolicy\n properties:\n policyTag: ${basicPolicyTag.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.PolicyTagIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.PolicyTagIamBinding(\"binding\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.PolicyTagIamBinding(\"binding\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.PolicyTagIamBinding(\"binding\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamBinding(ctx, \"binding\", \u0026datacatalog.PolicyTagIamBindingArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBinding;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new PolicyTagIamBinding(\"binding\", PolicyTagIamBindingArgs.builder()\n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:PolicyTagIamBinding\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.PolicyTagIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.PolicyTagIamMember(\"member\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.PolicyTagIamMember(\"member\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.PolicyTagIamMember(\"member\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamMember(ctx, \"member\", \u0026datacatalog.PolicyTagIamMemberArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMember;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new PolicyTagIamMember(\"member\", PolicyTagIamMemberArgs.builder()\n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:PolicyTagIamMember\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Data catalog PolicyTag\nThree different resources help you manage your IAM policy for Data catalog PolicyTag. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Authoritative. Sets the IAM policy for the policytag and replaces any existing policy already attached.\n* `gcp.datacatalog.PolicyTagIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the policytag are preserved.\n* `gcp.datacatalog.PolicyTagIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the policytag are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Retrieves the IAM policy for the policytag\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.PolicyTagIamBinding` and `gcp.datacatalog.PolicyTagIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.PolicyTagIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.PolicyTagIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.PolicyTagIamPolicy(\"policy\", {\n policyTag: basicPolicyTag.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.PolicyTagIamPolicy(\"policy\",\n policy_tag=basic_policy_tag[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.PolicyTagIamPolicy(\"policy\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewPolicyTagIamPolicy(ctx, \"policy\", \u0026datacatalog.PolicyTagIamPolicyArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicy;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new PolicyTagIamPolicy(\"policy\", PolicyTagIamPolicyArgs.builder()\n .policyTag(basicPolicyTag.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:PolicyTagIamPolicy\n properties:\n policyTag: ${basicPolicyTag.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.PolicyTagIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.PolicyTagIamBinding(\"binding\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.PolicyTagIamBinding(\"binding\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.PolicyTagIamBinding(\"binding\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamBinding(ctx, \"binding\", \u0026datacatalog.PolicyTagIamBindingArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBinding;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new PolicyTagIamBinding(\"binding\", PolicyTagIamBindingArgs.builder()\n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:PolicyTagIamBinding\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.PolicyTagIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.PolicyTagIamMember(\"member\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.PolicyTagIamMember(\"member\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.PolicyTagIamMember(\"member\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamMember(ctx, \"member\", \u0026datacatalog.PolicyTagIamMemberArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMember;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new PolicyTagIamMember(\"member\", PolicyTagIamMemberArgs.builder()\n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:PolicyTagIamMember\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{policy_tag}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog policytag IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamMember:PolicyTagIamMember editor \"{{policy_tag}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamMember:PolicyTagIamMember editor \"{{policy_tag}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamMember:PolicyTagIamMember editor {{policy_tag}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:datacatalog/PolicyTagIamMemberCondition:PolicyTagIamMemberCondition" @@ -190723,7 +190723,7 @@ } }, "gcp:datacatalog/policyTagIamPolicy:PolicyTagIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Data catalog PolicyTag. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Authoritative. Sets the IAM policy for the policytag and replaces any existing policy already attached.\n* `gcp.datacatalog.PolicyTagIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the policytag are preserved.\n* `gcp.datacatalog.PolicyTagIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the policytag are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Retrieves the IAM policy for the policytag\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.PolicyTagIamBinding` and `gcp.datacatalog.PolicyTagIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.PolicyTagIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.PolicyTagIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.PolicyTagIamPolicy(\"policy\", {\n policyTag: basicPolicyTag.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.PolicyTagIamPolicy(\"policy\",\n policy_tag=basic_policy_tag[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.PolicyTagIamPolicy(\"policy\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewPolicyTagIamPolicy(ctx, \"policy\", \u0026datacatalog.PolicyTagIamPolicyArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicy;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new PolicyTagIamPolicy(\"policy\", PolicyTagIamPolicyArgs.builder()\n .policyTag(basicPolicyTag.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:PolicyTagIamPolicy\n properties:\n policyTag: ${basicPolicyTag.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.PolicyTagIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.PolicyTagIamBinding(\"binding\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.PolicyTagIamBinding(\"binding\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.PolicyTagIamBinding(\"binding\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamBinding(ctx, \"binding\", \u0026datacatalog.PolicyTagIamBindingArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBinding;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new PolicyTagIamBinding(\"binding\", PolicyTagIamBindingArgs.builder()\n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:PolicyTagIamBinding\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.PolicyTagIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.PolicyTagIamMember(\"member\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.PolicyTagIamMember(\"member\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.PolicyTagIamMember(\"member\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamMember(ctx, \"member\", \u0026datacatalog.PolicyTagIamMemberArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMember;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new PolicyTagIamMember(\"member\", PolicyTagIamMemberArgs.builder()\n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:PolicyTagIamMember\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Data catalog PolicyTag\nThree different resources help you manage your IAM policy for Data catalog PolicyTag. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Authoritative. Sets the IAM policy for the policytag and replaces any existing policy already attached.\n* `gcp.datacatalog.PolicyTagIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the policytag are preserved.\n* `gcp.datacatalog.PolicyTagIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the policytag are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Retrieves the IAM policy for the policytag\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.PolicyTagIamBinding` and `gcp.datacatalog.PolicyTagIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.PolicyTagIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.PolicyTagIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.PolicyTagIamPolicy(\"policy\", {\n policyTag: basicPolicyTag.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.PolicyTagIamPolicy(\"policy\",\n policy_tag=basic_policy_tag[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.PolicyTagIamPolicy(\"policy\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewPolicyTagIamPolicy(ctx, \"policy\", \u0026datacatalog.PolicyTagIamPolicyArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicy;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new PolicyTagIamPolicy(\"policy\", PolicyTagIamPolicyArgs.builder()\n .policyTag(basicPolicyTag.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:PolicyTagIamPolicy\n properties:\n policyTag: ${basicPolicyTag.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.PolicyTagIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.PolicyTagIamBinding(\"binding\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.PolicyTagIamBinding(\"binding\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.PolicyTagIamBinding(\"binding\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamBinding(ctx, \"binding\", \u0026datacatalog.PolicyTagIamBindingArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBinding;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new PolicyTagIamBinding(\"binding\", PolicyTagIamBindingArgs.builder()\n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:PolicyTagIamBinding\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.PolicyTagIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.PolicyTagIamMember(\"member\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.PolicyTagIamMember(\"member\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.PolicyTagIamMember(\"member\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamMember(ctx, \"member\", \u0026datacatalog.PolicyTagIamMemberArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMember;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new PolicyTagIamMember(\"member\", PolicyTagIamMemberArgs.builder()\n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:PolicyTagIamMember\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{policy_tag}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog policytag IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamPolicy:PolicyTagIamPolicy editor \"{{policy_tag}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamPolicy:PolicyTagIamPolicy editor \"{{policy_tag}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamPolicy:PolicyTagIamPolicy editor {{policy_tag}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Data catalog PolicyTag. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Authoritative. Sets the IAM policy for the policytag and replaces any existing policy already attached.\n* `gcp.datacatalog.PolicyTagIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the policytag are preserved.\n* `gcp.datacatalog.PolicyTagIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the policytag are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Retrieves the IAM policy for the policytag\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.PolicyTagIamBinding` and `gcp.datacatalog.PolicyTagIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.PolicyTagIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.PolicyTagIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.PolicyTagIamPolicy(\"policy\", {\n policyTag: basicPolicyTag.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.PolicyTagIamPolicy(\"policy\",\n policy_tag=basic_policy_tag[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.PolicyTagIamPolicy(\"policy\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewPolicyTagIamPolicy(ctx, \"policy\", \u0026datacatalog.PolicyTagIamPolicyArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicy;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new PolicyTagIamPolicy(\"policy\", PolicyTagIamPolicyArgs.builder()\n .policyTag(basicPolicyTag.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:PolicyTagIamPolicy\n properties:\n policyTag: ${basicPolicyTag.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.PolicyTagIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.PolicyTagIamBinding(\"binding\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.PolicyTagIamBinding(\"binding\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.PolicyTagIamBinding(\"binding\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamBinding(ctx, \"binding\", \u0026datacatalog.PolicyTagIamBindingArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBinding;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new PolicyTagIamBinding(\"binding\", PolicyTagIamBindingArgs.builder()\n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:PolicyTagIamBinding\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.PolicyTagIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.PolicyTagIamMember(\"member\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.PolicyTagIamMember(\"member\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.PolicyTagIamMember(\"member\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamMember(ctx, \"member\", \u0026datacatalog.PolicyTagIamMemberArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMember;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new PolicyTagIamMember(\"member\", PolicyTagIamMemberArgs.builder()\n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:PolicyTagIamMember\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Data catalog PolicyTag\nThree different resources help you manage your IAM policy for Data catalog PolicyTag. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Authoritative. Sets the IAM policy for the policytag and replaces any existing policy already attached.\n* `gcp.datacatalog.PolicyTagIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the policytag are preserved.\n* `gcp.datacatalog.PolicyTagIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the policytag are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Retrieves the IAM policy for the policytag\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.PolicyTagIamBinding` and `gcp.datacatalog.PolicyTagIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.PolicyTagIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.PolicyTagIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.PolicyTagIamPolicy(\"policy\", {\n policyTag: basicPolicyTag.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.PolicyTagIamPolicy(\"policy\",\n policy_tag=basic_policy_tag[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.PolicyTagIamPolicy(\"policy\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewPolicyTagIamPolicy(ctx, \"policy\", \u0026datacatalog.PolicyTagIamPolicyArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicy;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new PolicyTagIamPolicy(\"policy\", PolicyTagIamPolicyArgs.builder()\n .policyTag(basicPolicyTag.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:PolicyTagIamPolicy\n properties:\n policyTag: ${basicPolicyTag.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.PolicyTagIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.PolicyTagIamBinding(\"binding\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.PolicyTagIamBinding(\"binding\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.PolicyTagIamBinding(\"binding\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamBinding(ctx, \"binding\", \u0026datacatalog.PolicyTagIamBindingArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBinding;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new PolicyTagIamBinding(\"binding\", PolicyTagIamBindingArgs.builder()\n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:PolicyTagIamBinding\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.PolicyTagIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.PolicyTagIamMember(\"member\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.PolicyTagIamMember(\"member\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.PolicyTagIamMember(\"member\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamMember(ctx, \"member\", \u0026datacatalog.PolicyTagIamMemberArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMember;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new PolicyTagIamMember(\"member\", PolicyTagIamMemberArgs.builder()\n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:PolicyTagIamMember\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{policy_tag}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog policytag IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamPolicy:PolicyTagIamPolicy editor \"{{policy_tag}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamPolicy:PolicyTagIamPolicy editor \"{{policy_tag}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamPolicy:PolicyTagIamPolicy editor {{policy_tag}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -190995,7 +190995,7 @@ } }, "gcp:datacatalog/tagTemplateIamBinding:TagTemplateIamBinding": { - "description": "Three different resources help you manage your IAM policy for Data catalog TagTemplate. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Authoritative. Sets the IAM policy for the tagtemplate and replaces any existing policy already attached.\n* `gcp.datacatalog.TagTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagtemplate are preserved.\n* `gcp.datacatalog.TagTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagtemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Retrieves the IAM policy for the tagtemplate\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TagTemplateIamBinding` and `gcp.datacatalog.TagTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TagTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.TagTemplateIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TagTemplateIamPolicy(\"policy\", {\n tagTemplate: basicTagTemplate.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.TagTemplateIamPolicy(\"policy\",\n tag_template=basic_tag_template[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TagTemplateIamPolicy(\"policy\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTagTemplateIamPolicy(ctx, \"policy\", \u0026datacatalog.TagTemplateIamPolicyArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicy;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagTemplateIamPolicy(\"policy\", TagTemplateIamPolicyArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TagTemplateIamPolicy\n properties:\n tagTemplate: ${basicTagTemplate.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TagTemplateIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TagTemplateIamBinding(\"binding\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TagTemplateIamBinding(\"binding\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TagTemplateIamBinding(\"binding\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamBinding(ctx, \"binding\", \u0026datacatalog.TagTemplateIamBindingArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBinding;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagTemplateIamBinding(\"binding\", TagTemplateIamBindingArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TagTemplateIamBinding\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TagTemplateIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TagTemplateIamMember(\"member\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TagTemplateIamMember(\"member\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TagTemplateIamMember(\"member\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamMember(ctx, \"member\", \u0026datacatalog.TagTemplateIamMemberArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMember;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagTemplateIamMember(\"member\", TagTemplateIamMemberArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TagTemplateIamMember\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Data catalog TagTemplate\nThree different resources help you manage your IAM policy for Data catalog TagTemplate. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Authoritative. Sets the IAM policy for the tagtemplate and replaces any existing policy already attached.\n* `gcp.datacatalog.TagTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagtemplate are preserved.\n* `gcp.datacatalog.TagTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagtemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Retrieves the IAM policy for the tagtemplate\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TagTemplateIamBinding` and `gcp.datacatalog.TagTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TagTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.TagTemplateIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TagTemplateIamPolicy(\"policy\", {\n tagTemplate: basicTagTemplate.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.TagTemplateIamPolicy(\"policy\",\n tag_template=basic_tag_template[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TagTemplateIamPolicy(\"policy\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTagTemplateIamPolicy(ctx, \"policy\", \u0026datacatalog.TagTemplateIamPolicyArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicy;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagTemplateIamPolicy(\"policy\", TagTemplateIamPolicyArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TagTemplateIamPolicy\n properties:\n tagTemplate: ${basicTagTemplate.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TagTemplateIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TagTemplateIamBinding(\"binding\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TagTemplateIamBinding(\"binding\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TagTemplateIamBinding(\"binding\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamBinding(ctx, \"binding\", \u0026datacatalog.TagTemplateIamBindingArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBinding;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagTemplateIamBinding(\"binding\", TagTemplateIamBindingArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TagTemplateIamBinding\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TagTemplateIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TagTemplateIamMember(\"member\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TagTemplateIamMember(\"member\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TagTemplateIamMember(\"member\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamMember(ctx, \"member\", \u0026datacatalog.TagTemplateIamMemberArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMember;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagTemplateIamMember(\"member\", TagTemplateIamMemberArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TagTemplateIamMember\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}}\n\n* {{project}}/{{region}}/{{tag_template}}\n\n* {{region}}/{{tag_template}}\n\n* {{tag_template}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog tagtemplate IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamBinding:TagTemplateIamBinding editor \"projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamBinding:TagTemplateIamBinding editor \"projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamBinding:TagTemplateIamBinding editor projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Data catalog TagTemplate. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Authoritative. Sets the IAM policy for the tagtemplate and replaces any existing policy already attached.\n* `gcp.datacatalog.TagTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagtemplate are preserved.\n* `gcp.datacatalog.TagTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagtemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Retrieves the IAM policy for the tagtemplate\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TagTemplateIamBinding` and `gcp.datacatalog.TagTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TagTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.TagTemplateIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TagTemplateIamPolicy(\"policy\", {\n tagTemplate: basicTagTemplate.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.TagTemplateIamPolicy(\"policy\",\n tag_template=basic_tag_template[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TagTemplateIamPolicy(\"policy\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTagTemplateIamPolicy(ctx, \"policy\", \u0026datacatalog.TagTemplateIamPolicyArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicy;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagTemplateIamPolicy(\"policy\", TagTemplateIamPolicyArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TagTemplateIamPolicy\n properties:\n tagTemplate: ${basicTagTemplate.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TagTemplateIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TagTemplateIamBinding(\"binding\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TagTemplateIamBinding(\"binding\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TagTemplateIamBinding(\"binding\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamBinding(ctx, \"binding\", \u0026datacatalog.TagTemplateIamBindingArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBinding;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagTemplateIamBinding(\"binding\", TagTemplateIamBindingArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TagTemplateIamBinding\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TagTemplateIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TagTemplateIamMember(\"member\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TagTemplateIamMember(\"member\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TagTemplateIamMember(\"member\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamMember(ctx, \"member\", \u0026datacatalog.TagTemplateIamMemberArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMember;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagTemplateIamMember(\"member\", TagTemplateIamMemberArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TagTemplateIamMember\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Data catalog TagTemplate\nThree different resources help you manage your IAM policy for Data catalog TagTemplate. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Authoritative. Sets the IAM policy for the tagtemplate and replaces any existing policy already attached.\n* `gcp.datacatalog.TagTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagtemplate are preserved.\n* `gcp.datacatalog.TagTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagtemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Retrieves the IAM policy for the tagtemplate\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TagTemplateIamBinding` and `gcp.datacatalog.TagTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TagTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.TagTemplateIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TagTemplateIamPolicy(\"policy\", {\n tagTemplate: basicTagTemplate.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.TagTemplateIamPolicy(\"policy\",\n tag_template=basic_tag_template[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TagTemplateIamPolicy(\"policy\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTagTemplateIamPolicy(ctx, \"policy\", \u0026datacatalog.TagTemplateIamPolicyArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicy;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagTemplateIamPolicy(\"policy\", TagTemplateIamPolicyArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TagTemplateIamPolicy\n properties:\n tagTemplate: ${basicTagTemplate.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TagTemplateIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TagTemplateIamBinding(\"binding\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TagTemplateIamBinding(\"binding\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TagTemplateIamBinding(\"binding\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamBinding(ctx, \"binding\", \u0026datacatalog.TagTemplateIamBindingArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBinding;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagTemplateIamBinding(\"binding\", TagTemplateIamBindingArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TagTemplateIamBinding\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TagTemplateIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TagTemplateIamMember(\"member\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TagTemplateIamMember(\"member\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TagTemplateIamMember(\"member\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamMember(ctx, \"member\", \u0026datacatalog.TagTemplateIamMemberArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMember;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagTemplateIamMember(\"member\", TagTemplateIamMemberArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TagTemplateIamMember\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}}\n\n* {{project}}/{{region}}/{{tag_template}}\n\n* {{region}}/{{tag_template}}\n\n* {{tag_template}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog tagtemplate IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamBinding:TagTemplateIamBinding editor \"projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamBinding:TagTemplateIamBinding editor \"projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamBinding:TagTemplateIamBinding editor projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:datacatalog/TagTemplateIamBindingCondition:TagTemplateIamBindingCondition" @@ -191114,7 +191114,7 @@ } }, "gcp:datacatalog/tagTemplateIamMember:TagTemplateIamMember": { - "description": "Three different resources help you manage your IAM policy for Data catalog TagTemplate. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Authoritative. Sets the IAM policy for the tagtemplate and replaces any existing policy already attached.\n* `gcp.datacatalog.TagTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagtemplate are preserved.\n* `gcp.datacatalog.TagTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagtemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Retrieves the IAM policy for the tagtemplate\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TagTemplateIamBinding` and `gcp.datacatalog.TagTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TagTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.TagTemplateIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TagTemplateIamPolicy(\"policy\", {\n tagTemplate: basicTagTemplate.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.TagTemplateIamPolicy(\"policy\",\n tag_template=basic_tag_template[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TagTemplateIamPolicy(\"policy\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTagTemplateIamPolicy(ctx, \"policy\", \u0026datacatalog.TagTemplateIamPolicyArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicy;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagTemplateIamPolicy(\"policy\", TagTemplateIamPolicyArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TagTemplateIamPolicy\n properties:\n tagTemplate: ${basicTagTemplate.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TagTemplateIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TagTemplateIamBinding(\"binding\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TagTemplateIamBinding(\"binding\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TagTemplateIamBinding(\"binding\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamBinding(ctx, \"binding\", \u0026datacatalog.TagTemplateIamBindingArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBinding;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagTemplateIamBinding(\"binding\", TagTemplateIamBindingArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TagTemplateIamBinding\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TagTemplateIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TagTemplateIamMember(\"member\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TagTemplateIamMember(\"member\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TagTemplateIamMember(\"member\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamMember(ctx, \"member\", \u0026datacatalog.TagTemplateIamMemberArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMember;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagTemplateIamMember(\"member\", TagTemplateIamMemberArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TagTemplateIamMember\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Data catalog TagTemplate\nThree different resources help you manage your IAM policy for Data catalog TagTemplate. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Authoritative. Sets the IAM policy for the tagtemplate and replaces any existing policy already attached.\n* `gcp.datacatalog.TagTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagtemplate are preserved.\n* `gcp.datacatalog.TagTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagtemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Retrieves the IAM policy for the tagtemplate\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TagTemplateIamBinding` and `gcp.datacatalog.TagTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TagTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.TagTemplateIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TagTemplateIamPolicy(\"policy\", {\n tagTemplate: basicTagTemplate.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.TagTemplateIamPolicy(\"policy\",\n tag_template=basic_tag_template[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TagTemplateIamPolicy(\"policy\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTagTemplateIamPolicy(ctx, \"policy\", \u0026datacatalog.TagTemplateIamPolicyArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicy;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagTemplateIamPolicy(\"policy\", TagTemplateIamPolicyArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TagTemplateIamPolicy\n properties:\n tagTemplate: ${basicTagTemplate.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TagTemplateIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TagTemplateIamBinding(\"binding\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TagTemplateIamBinding(\"binding\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TagTemplateIamBinding(\"binding\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamBinding(ctx, \"binding\", \u0026datacatalog.TagTemplateIamBindingArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBinding;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagTemplateIamBinding(\"binding\", TagTemplateIamBindingArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TagTemplateIamBinding\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TagTemplateIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TagTemplateIamMember(\"member\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TagTemplateIamMember(\"member\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TagTemplateIamMember(\"member\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamMember(ctx, \"member\", \u0026datacatalog.TagTemplateIamMemberArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMember;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagTemplateIamMember(\"member\", TagTemplateIamMemberArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TagTemplateIamMember\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}}\n\n* {{project}}/{{region}}/{{tag_template}}\n\n* {{region}}/{{tag_template}}\n\n* {{tag_template}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog tagtemplate IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamMember:TagTemplateIamMember editor \"projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamMember:TagTemplateIamMember editor \"projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamMember:TagTemplateIamMember editor projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Data catalog TagTemplate. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Authoritative. Sets the IAM policy for the tagtemplate and replaces any existing policy already attached.\n* `gcp.datacatalog.TagTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagtemplate are preserved.\n* `gcp.datacatalog.TagTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagtemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Retrieves the IAM policy for the tagtemplate\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TagTemplateIamBinding` and `gcp.datacatalog.TagTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TagTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.TagTemplateIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TagTemplateIamPolicy(\"policy\", {\n tagTemplate: basicTagTemplate.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.TagTemplateIamPolicy(\"policy\",\n tag_template=basic_tag_template[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TagTemplateIamPolicy(\"policy\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTagTemplateIamPolicy(ctx, \"policy\", \u0026datacatalog.TagTemplateIamPolicyArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicy;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagTemplateIamPolicy(\"policy\", TagTemplateIamPolicyArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TagTemplateIamPolicy\n properties:\n tagTemplate: ${basicTagTemplate.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TagTemplateIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TagTemplateIamBinding(\"binding\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TagTemplateIamBinding(\"binding\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TagTemplateIamBinding(\"binding\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamBinding(ctx, \"binding\", \u0026datacatalog.TagTemplateIamBindingArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBinding;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagTemplateIamBinding(\"binding\", TagTemplateIamBindingArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TagTemplateIamBinding\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TagTemplateIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TagTemplateIamMember(\"member\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TagTemplateIamMember(\"member\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TagTemplateIamMember(\"member\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamMember(ctx, \"member\", \u0026datacatalog.TagTemplateIamMemberArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMember;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagTemplateIamMember(\"member\", TagTemplateIamMemberArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TagTemplateIamMember\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Data catalog TagTemplate\nThree different resources help you manage your IAM policy for Data catalog TagTemplate. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Authoritative. Sets the IAM policy for the tagtemplate and replaces any existing policy already attached.\n* `gcp.datacatalog.TagTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagtemplate are preserved.\n* `gcp.datacatalog.TagTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagtemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Retrieves the IAM policy for the tagtemplate\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TagTemplateIamBinding` and `gcp.datacatalog.TagTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TagTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.TagTemplateIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TagTemplateIamPolicy(\"policy\", {\n tagTemplate: basicTagTemplate.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.TagTemplateIamPolicy(\"policy\",\n tag_template=basic_tag_template[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TagTemplateIamPolicy(\"policy\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTagTemplateIamPolicy(ctx, \"policy\", \u0026datacatalog.TagTemplateIamPolicyArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicy;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagTemplateIamPolicy(\"policy\", TagTemplateIamPolicyArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TagTemplateIamPolicy\n properties:\n tagTemplate: ${basicTagTemplate.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TagTemplateIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TagTemplateIamBinding(\"binding\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TagTemplateIamBinding(\"binding\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TagTemplateIamBinding(\"binding\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamBinding(ctx, \"binding\", \u0026datacatalog.TagTemplateIamBindingArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBinding;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagTemplateIamBinding(\"binding\", TagTemplateIamBindingArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TagTemplateIamBinding\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TagTemplateIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TagTemplateIamMember(\"member\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TagTemplateIamMember(\"member\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TagTemplateIamMember(\"member\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamMember(ctx, \"member\", \u0026datacatalog.TagTemplateIamMemberArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMember;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagTemplateIamMember(\"member\", TagTemplateIamMemberArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TagTemplateIamMember\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}}\n\n* {{project}}/{{region}}/{{tag_template}}\n\n* {{region}}/{{tag_template}}\n\n* {{tag_template}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog tagtemplate IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamMember:TagTemplateIamMember editor \"projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamMember:TagTemplateIamMember editor \"projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamMember:TagTemplateIamMember editor projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:datacatalog/TagTemplateIamMemberCondition:TagTemplateIamMemberCondition" @@ -191226,7 +191226,7 @@ } }, "gcp:datacatalog/tagTemplateIamPolicy:TagTemplateIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Data catalog TagTemplate. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Authoritative. Sets the IAM policy for the tagtemplate and replaces any existing policy already attached.\n* `gcp.datacatalog.TagTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagtemplate are preserved.\n* `gcp.datacatalog.TagTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagtemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Retrieves the IAM policy for the tagtemplate\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TagTemplateIamBinding` and `gcp.datacatalog.TagTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TagTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.TagTemplateIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TagTemplateIamPolicy(\"policy\", {\n tagTemplate: basicTagTemplate.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.TagTemplateIamPolicy(\"policy\",\n tag_template=basic_tag_template[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TagTemplateIamPolicy(\"policy\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTagTemplateIamPolicy(ctx, \"policy\", \u0026datacatalog.TagTemplateIamPolicyArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicy;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagTemplateIamPolicy(\"policy\", TagTemplateIamPolicyArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TagTemplateIamPolicy\n properties:\n tagTemplate: ${basicTagTemplate.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TagTemplateIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TagTemplateIamBinding(\"binding\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TagTemplateIamBinding(\"binding\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TagTemplateIamBinding(\"binding\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamBinding(ctx, \"binding\", \u0026datacatalog.TagTemplateIamBindingArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBinding;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagTemplateIamBinding(\"binding\", TagTemplateIamBindingArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TagTemplateIamBinding\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TagTemplateIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TagTemplateIamMember(\"member\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TagTemplateIamMember(\"member\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TagTemplateIamMember(\"member\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamMember(ctx, \"member\", \u0026datacatalog.TagTemplateIamMemberArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMember;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagTemplateIamMember(\"member\", TagTemplateIamMemberArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TagTemplateIamMember\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Data catalog TagTemplate\nThree different resources help you manage your IAM policy for Data catalog TagTemplate. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Authoritative. Sets the IAM policy for the tagtemplate and replaces any existing policy already attached.\n* `gcp.datacatalog.TagTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagtemplate are preserved.\n* `gcp.datacatalog.TagTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagtemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Retrieves the IAM policy for the tagtemplate\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TagTemplateIamBinding` and `gcp.datacatalog.TagTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TagTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.TagTemplateIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TagTemplateIamPolicy(\"policy\", {\n tagTemplate: basicTagTemplate.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.TagTemplateIamPolicy(\"policy\",\n tag_template=basic_tag_template[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TagTemplateIamPolicy(\"policy\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTagTemplateIamPolicy(ctx, \"policy\", \u0026datacatalog.TagTemplateIamPolicyArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicy;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagTemplateIamPolicy(\"policy\", TagTemplateIamPolicyArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TagTemplateIamPolicy\n properties:\n tagTemplate: ${basicTagTemplate.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TagTemplateIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TagTemplateIamBinding(\"binding\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TagTemplateIamBinding(\"binding\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TagTemplateIamBinding(\"binding\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamBinding(ctx, \"binding\", \u0026datacatalog.TagTemplateIamBindingArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBinding;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagTemplateIamBinding(\"binding\", TagTemplateIamBindingArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TagTemplateIamBinding\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TagTemplateIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TagTemplateIamMember(\"member\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TagTemplateIamMember(\"member\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TagTemplateIamMember(\"member\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamMember(ctx, \"member\", \u0026datacatalog.TagTemplateIamMemberArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMember;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagTemplateIamMember(\"member\", TagTemplateIamMemberArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TagTemplateIamMember\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}}\n\n* {{project}}/{{region}}/{{tag_template}}\n\n* {{region}}/{{tag_template}}\n\n* {{tag_template}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog tagtemplate IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamPolicy:TagTemplateIamPolicy editor \"projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamPolicy:TagTemplateIamPolicy editor \"projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamPolicy:TagTemplateIamPolicy editor projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Data catalog TagTemplate. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Authoritative. Sets the IAM policy for the tagtemplate and replaces any existing policy already attached.\n* `gcp.datacatalog.TagTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagtemplate are preserved.\n* `gcp.datacatalog.TagTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagtemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Retrieves the IAM policy for the tagtemplate\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TagTemplateIamBinding` and `gcp.datacatalog.TagTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TagTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.TagTemplateIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TagTemplateIamPolicy(\"policy\", {\n tagTemplate: basicTagTemplate.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.TagTemplateIamPolicy(\"policy\",\n tag_template=basic_tag_template[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TagTemplateIamPolicy(\"policy\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTagTemplateIamPolicy(ctx, \"policy\", \u0026datacatalog.TagTemplateIamPolicyArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicy;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagTemplateIamPolicy(\"policy\", TagTemplateIamPolicyArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TagTemplateIamPolicy\n properties:\n tagTemplate: ${basicTagTemplate.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TagTemplateIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TagTemplateIamBinding(\"binding\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TagTemplateIamBinding(\"binding\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TagTemplateIamBinding(\"binding\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamBinding(ctx, \"binding\", \u0026datacatalog.TagTemplateIamBindingArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBinding;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagTemplateIamBinding(\"binding\", TagTemplateIamBindingArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TagTemplateIamBinding\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TagTemplateIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TagTemplateIamMember(\"member\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TagTemplateIamMember(\"member\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TagTemplateIamMember(\"member\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamMember(ctx, \"member\", \u0026datacatalog.TagTemplateIamMemberArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMember;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagTemplateIamMember(\"member\", TagTemplateIamMemberArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TagTemplateIamMember\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Data catalog TagTemplate\nThree different resources help you manage your IAM policy for Data catalog TagTemplate. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Authoritative. Sets the IAM policy for the tagtemplate and replaces any existing policy already attached.\n* `gcp.datacatalog.TagTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagtemplate are preserved.\n* `gcp.datacatalog.TagTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagtemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Retrieves the IAM policy for the tagtemplate\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TagTemplateIamBinding` and `gcp.datacatalog.TagTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TagTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.TagTemplateIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TagTemplateIamPolicy(\"policy\", {\n tagTemplate: basicTagTemplate.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.TagTemplateIamPolicy(\"policy\",\n tag_template=basic_tag_template[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TagTemplateIamPolicy(\"policy\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTagTemplateIamPolicy(ctx, \"policy\", \u0026datacatalog.TagTemplateIamPolicyArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicy;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagTemplateIamPolicy(\"policy\", TagTemplateIamPolicyArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TagTemplateIamPolicy\n properties:\n tagTemplate: ${basicTagTemplate.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TagTemplateIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TagTemplateIamBinding(\"binding\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TagTemplateIamBinding(\"binding\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TagTemplateIamBinding(\"binding\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamBinding(ctx, \"binding\", \u0026datacatalog.TagTemplateIamBindingArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBinding;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagTemplateIamBinding(\"binding\", TagTemplateIamBindingArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TagTemplateIamBinding\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TagTemplateIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TagTemplateIamMember(\"member\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TagTemplateIamMember(\"member\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TagTemplateIamMember(\"member\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamMember(ctx, \"member\", \u0026datacatalog.TagTemplateIamMemberArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMember;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagTemplateIamMember(\"member\", TagTemplateIamMemberArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TagTemplateIamMember\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}}\n\n* {{project}}/{{region}}/{{tag_template}}\n\n* {{region}}/{{tag_template}}\n\n* {{tag_template}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog tagtemplate IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamPolicy:TagTemplateIamPolicy editor \"projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamPolicy:TagTemplateIamPolicy editor \"projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamPolicy:TagTemplateIamPolicy editor projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -191412,7 +191412,7 @@ } }, "gcp:datacatalog/taxonomyIamBinding:TaxonomyIamBinding": { - "description": "Three different resources help you manage your IAM policy for Data catalog Taxonomy. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Authoritative. Sets the IAM policy for the taxonomy and replaces any existing policy already attached.\n* `gcp.datacatalog.TaxonomyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the taxonomy are preserved.\n* `gcp.datacatalog.TaxonomyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the taxonomy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Retrieves the IAM policy for the taxonomy\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TaxonomyIamBinding` and `gcp.datacatalog.TaxonomyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TaxonomyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.TaxonomyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TaxonomyIamPolicy(\"policy\", {\n taxonomy: basicTaxonomy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.TaxonomyIamPolicy(\"policy\",\n taxonomy=basic_taxonomy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TaxonomyIamPolicy(\"policy\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTaxonomyIamPolicy(ctx, \"policy\", \u0026datacatalog.TaxonomyIamPolicyArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicy;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaxonomyIamPolicy(\"policy\", TaxonomyIamPolicyArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TaxonomyIamPolicy\n properties:\n taxonomy: ${basicTaxonomy.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TaxonomyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TaxonomyIamBinding(\"binding\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TaxonomyIamBinding(\"binding\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TaxonomyIamBinding(\"binding\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamBinding(ctx, \"binding\", \u0026datacatalog.TaxonomyIamBindingArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBinding;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaxonomyIamBinding(\"binding\", TaxonomyIamBindingArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TaxonomyIamBinding\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TaxonomyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TaxonomyIamMember(\"member\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TaxonomyIamMember(\"member\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TaxonomyIamMember(\"member\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamMember(ctx, \"member\", \u0026datacatalog.TaxonomyIamMemberArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMember;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaxonomyIamMember(\"member\", TaxonomyIamMemberArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TaxonomyIamMember\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Data catalog Taxonomy\nThree different resources help you manage your IAM policy for Data catalog Taxonomy. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Authoritative. Sets the IAM policy for the taxonomy and replaces any existing policy already attached.\n* `gcp.datacatalog.TaxonomyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the taxonomy are preserved.\n* `gcp.datacatalog.TaxonomyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the taxonomy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Retrieves the IAM policy for the taxonomy\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TaxonomyIamBinding` and `gcp.datacatalog.TaxonomyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TaxonomyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.TaxonomyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TaxonomyIamPolicy(\"policy\", {\n taxonomy: basicTaxonomy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.TaxonomyIamPolicy(\"policy\",\n taxonomy=basic_taxonomy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TaxonomyIamPolicy(\"policy\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTaxonomyIamPolicy(ctx, \"policy\", \u0026datacatalog.TaxonomyIamPolicyArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicy;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaxonomyIamPolicy(\"policy\", TaxonomyIamPolicyArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TaxonomyIamPolicy\n properties:\n taxonomy: ${basicTaxonomy.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TaxonomyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TaxonomyIamBinding(\"binding\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TaxonomyIamBinding(\"binding\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TaxonomyIamBinding(\"binding\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamBinding(ctx, \"binding\", \u0026datacatalog.TaxonomyIamBindingArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBinding;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaxonomyIamBinding(\"binding\", TaxonomyIamBindingArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TaxonomyIamBinding\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TaxonomyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TaxonomyIamMember(\"member\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TaxonomyIamMember(\"member\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TaxonomyIamMember(\"member\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamMember(ctx, \"member\", \u0026datacatalog.TaxonomyIamMemberArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMember;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaxonomyIamMember(\"member\", TaxonomyIamMemberArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TaxonomyIamMember\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}}\n\n* {{project}}/{{region}}/{{taxonomy}}\n\n* {{region}}/{{taxonomy}}\n\n* {{taxonomy}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog taxonomy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamBinding:TaxonomyIamBinding editor \"projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamBinding:TaxonomyIamBinding editor \"projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamBinding:TaxonomyIamBinding editor projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Data catalog Taxonomy. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Authoritative. Sets the IAM policy for the taxonomy and replaces any existing policy already attached.\n* `gcp.datacatalog.TaxonomyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the taxonomy are preserved.\n* `gcp.datacatalog.TaxonomyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the taxonomy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Retrieves the IAM policy for the taxonomy\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TaxonomyIamBinding` and `gcp.datacatalog.TaxonomyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TaxonomyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.TaxonomyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TaxonomyIamPolicy(\"policy\", {\n taxonomy: basicTaxonomy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.TaxonomyIamPolicy(\"policy\",\n taxonomy=basic_taxonomy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TaxonomyIamPolicy(\"policy\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTaxonomyIamPolicy(ctx, \"policy\", \u0026datacatalog.TaxonomyIamPolicyArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicy;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaxonomyIamPolicy(\"policy\", TaxonomyIamPolicyArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TaxonomyIamPolicy\n properties:\n taxonomy: ${basicTaxonomy.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TaxonomyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TaxonomyIamBinding(\"binding\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TaxonomyIamBinding(\"binding\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TaxonomyIamBinding(\"binding\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamBinding(ctx, \"binding\", \u0026datacatalog.TaxonomyIamBindingArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBinding;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaxonomyIamBinding(\"binding\", TaxonomyIamBindingArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TaxonomyIamBinding\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TaxonomyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TaxonomyIamMember(\"member\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TaxonomyIamMember(\"member\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TaxonomyIamMember(\"member\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamMember(ctx, \"member\", \u0026datacatalog.TaxonomyIamMemberArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMember;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaxonomyIamMember(\"member\", TaxonomyIamMemberArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TaxonomyIamMember\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Data catalog Taxonomy\nThree different resources help you manage your IAM policy for Data catalog Taxonomy. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Authoritative. Sets the IAM policy for the taxonomy and replaces any existing policy already attached.\n* `gcp.datacatalog.TaxonomyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the taxonomy are preserved.\n* `gcp.datacatalog.TaxonomyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the taxonomy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Retrieves the IAM policy for the taxonomy\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TaxonomyIamBinding` and `gcp.datacatalog.TaxonomyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TaxonomyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.TaxonomyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TaxonomyIamPolicy(\"policy\", {\n taxonomy: basicTaxonomy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.TaxonomyIamPolicy(\"policy\",\n taxonomy=basic_taxonomy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TaxonomyIamPolicy(\"policy\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTaxonomyIamPolicy(ctx, \"policy\", \u0026datacatalog.TaxonomyIamPolicyArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicy;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaxonomyIamPolicy(\"policy\", TaxonomyIamPolicyArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TaxonomyIamPolicy\n properties:\n taxonomy: ${basicTaxonomy.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TaxonomyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TaxonomyIamBinding(\"binding\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TaxonomyIamBinding(\"binding\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TaxonomyIamBinding(\"binding\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamBinding(ctx, \"binding\", \u0026datacatalog.TaxonomyIamBindingArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBinding;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaxonomyIamBinding(\"binding\", TaxonomyIamBindingArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TaxonomyIamBinding\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TaxonomyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TaxonomyIamMember(\"member\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TaxonomyIamMember(\"member\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TaxonomyIamMember(\"member\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamMember(ctx, \"member\", \u0026datacatalog.TaxonomyIamMemberArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMember;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaxonomyIamMember(\"member\", TaxonomyIamMemberArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TaxonomyIamMember\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}}\n\n* {{project}}/{{region}}/{{taxonomy}}\n\n* {{region}}/{{taxonomy}}\n\n* {{taxonomy}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog taxonomy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamBinding:TaxonomyIamBinding editor \"projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamBinding:TaxonomyIamBinding editor \"projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamBinding:TaxonomyIamBinding editor projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:datacatalog/TaxonomyIamBindingCondition:TaxonomyIamBindingCondition" @@ -191531,7 +191531,7 @@ } }, "gcp:datacatalog/taxonomyIamMember:TaxonomyIamMember": { - "description": "Three different resources help you manage your IAM policy for Data catalog Taxonomy. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Authoritative. Sets the IAM policy for the taxonomy and replaces any existing policy already attached.\n* `gcp.datacatalog.TaxonomyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the taxonomy are preserved.\n* `gcp.datacatalog.TaxonomyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the taxonomy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Retrieves the IAM policy for the taxonomy\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TaxonomyIamBinding` and `gcp.datacatalog.TaxonomyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TaxonomyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.TaxonomyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TaxonomyIamPolicy(\"policy\", {\n taxonomy: basicTaxonomy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.TaxonomyIamPolicy(\"policy\",\n taxonomy=basic_taxonomy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TaxonomyIamPolicy(\"policy\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTaxonomyIamPolicy(ctx, \"policy\", \u0026datacatalog.TaxonomyIamPolicyArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicy;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaxonomyIamPolicy(\"policy\", TaxonomyIamPolicyArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TaxonomyIamPolicy\n properties:\n taxonomy: ${basicTaxonomy.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TaxonomyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TaxonomyIamBinding(\"binding\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TaxonomyIamBinding(\"binding\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TaxonomyIamBinding(\"binding\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamBinding(ctx, \"binding\", \u0026datacatalog.TaxonomyIamBindingArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBinding;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaxonomyIamBinding(\"binding\", TaxonomyIamBindingArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TaxonomyIamBinding\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TaxonomyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TaxonomyIamMember(\"member\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TaxonomyIamMember(\"member\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TaxonomyIamMember(\"member\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamMember(ctx, \"member\", \u0026datacatalog.TaxonomyIamMemberArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMember;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaxonomyIamMember(\"member\", TaxonomyIamMemberArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TaxonomyIamMember\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Data catalog Taxonomy\nThree different resources help you manage your IAM policy for Data catalog Taxonomy. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Authoritative. Sets the IAM policy for the taxonomy and replaces any existing policy already attached.\n* `gcp.datacatalog.TaxonomyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the taxonomy are preserved.\n* `gcp.datacatalog.TaxonomyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the taxonomy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Retrieves the IAM policy for the taxonomy\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TaxonomyIamBinding` and `gcp.datacatalog.TaxonomyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TaxonomyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.TaxonomyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TaxonomyIamPolicy(\"policy\", {\n taxonomy: basicTaxonomy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.TaxonomyIamPolicy(\"policy\",\n taxonomy=basic_taxonomy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TaxonomyIamPolicy(\"policy\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTaxonomyIamPolicy(ctx, \"policy\", \u0026datacatalog.TaxonomyIamPolicyArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicy;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaxonomyIamPolicy(\"policy\", TaxonomyIamPolicyArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TaxonomyIamPolicy\n properties:\n taxonomy: ${basicTaxonomy.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TaxonomyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TaxonomyIamBinding(\"binding\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TaxonomyIamBinding(\"binding\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TaxonomyIamBinding(\"binding\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamBinding(ctx, \"binding\", \u0026datacatalog.TaxonomyIamBindingArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBinding;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaxonomyIamBinding(\"binding\", TaxonomyIamBindingArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TaxonomyIamBinding\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TaxonomyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TaxonomyIamMember(\"member\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TaxonomyIamMember(\"member\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TaxonomyIamMember(\"member\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamMember(ctx, \"member\", \u0026datacatalog.TaxonomyIamMemberArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMember;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaxonomyIamMember(\"member\", TaxonomyIamMemberArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TaxonomyIamMember\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}}\n\n* {{project}}/{{region}}/{{taxonomy}}\n\n* {{region}}/{{taxonomy}}\n\n* {{taxonomy}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog taxonomy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamMember:TaxonomyIamMember editor \"projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamMember:TaxonomyIamMember editor \"projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamMember:TaxonomyIamMember editor projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Data catalog Taxonomy. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Authoritative. Sets the IAM policy for the taxonomy and replaces any existing policy already attached.\n* `gcp.datacatalog.TaxonomyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the taxonomy are preserved.\n* `gcp.datacatalog.TaxonomyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the taxonomy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Retrieves the IAM policy for the taxonomy\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TaxonomyIamBinding` and `gcp.datacatalog.TaxonomyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TaxonomyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.TaxonomyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TaxonomyIamPolicy(\"policy\", {\n taxonomy: basicTaxonomy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.TaxonomyIamPolicy(\"policy\",\n taxonomy=basic_taxonomy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TaxonomyIamPolicy(\"policy\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTaxonomyIamPolicy(ctx, \"policy\", \u0026datacatalog.TaxonomyIamPolicyArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicy;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaxonomyIamPolicy(\"policy\", TaxonomyIamPolicyArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TaxonomyIamPolicy\n properties:\n taxonomy: ${basicTaxonomy.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TaxonomyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TaxonomyIamBinding(\"binding\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TaxonomyIamBinding(\"binding\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TaxonomyIamBinding(\"binding\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamBinding(ctx, \"binding\", \u0026datacatalog.TaxonomyIamBindingArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBinding;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaxonomyIamBinding(\"binding\", TaxonomyIamBindingArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TaxonomyIamBinding\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TaxonomyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TaxonomyIamMember(\"member\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TaxonomyIamMember(\"member\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TaxonomyIamMember(\"member\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamMember(ctx, \"member\", \u0026datacatalog.TaxonomyIamMemberArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMember;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaxonomyIamMember(\"member\", TaxonomyIamMemberArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TaxonomyIamMember\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Data catalog Taxonomy\nThree different resources help you manage your IAM policy for Data catalog Taxonomy. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Authoritative. Sets the IAM policy for the taxonomy and replaces any existing policy already attached.\n* `gcp.datacatalog.TaxonomyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the taxonomy are preserved.\n* `gcp.datacatalog.TaxonomyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the taxonomy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Retrieves the IAM policy for the taxonomy\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TaxonomyIamBinding` and `gcp.datacatalog.TaxonomyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TaxonomyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.TaxonomyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TaxonomyIamPolicy(\"policy\", {\n taxonomy: basicTaxonomy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.TaxonomyIamPolicy(\"policy\",\n taxonomy=basic_taxonomy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TaxonomyIamPolicy(\"policy\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTaxonomyIamPolicy(ctx, \"policy\", \u0026datacatalog.TaxonomyIamPolicyArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicy;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaxonomyIamPolicy(\"policy\", TaxonomyIamPolicyArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TaxonomyIamPolicy\n properties:\n taxonomy: ${basicTaxonomy.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TaxonomyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TaxonomyIamBinding(\"binding\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TaxonomyIamBinding(\"binding\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TaxonomyIamBinding(\"binding\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamBinding(ctx, \"binding\", \u0026datacatalog.TaxonomyIamBindingArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBinding;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaxonomyIamBinding(\"binding\", TaxonomyIamBindingArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TaxonomyIamBinding\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TaxonomyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TaxonomyIamMember(\"member\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TaxonomyIamMember(\"member\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TaxonomyIamMember(\"member\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamMember(ctx, \"member\", \u0026datacatalog.TaxonomyIamMemberArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMember;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaxonomyIamMember(\"member\", TaxonomyIamMemberArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TaxonomyIamMember\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}}\n\n* {{project}}/{{region}}/{{taxonomy}}\n\n* {{region}}/{{taxonomy}}\n\n* {{taxonomy}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog taxonomy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamMember:TaxonomyIamMember editor \"projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamMember:TaxonomyIamMember editor \"projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamMember:TaxonomyIamMember editor projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:datacatalog/TaxonomyIamMemberCondition:TaxonomyIamMemberCondition" @@ -191643,7 +191643,7 @@ } }, "gcp:datacatalog/taxonomyIamPolicy:TaxonomyIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Data catalog Taxonomy. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Authoritative. Sets the IAM policy for the taxonomy and replaces any existing policy already attached.\n* `gcp.datacatalog.TaxonomyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the taxonomy are preserved.\n* `gcp.datacatalog.TaxonomyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the taxonomy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Retrieves the IAM policy for the taxonomy\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TaxonomyIamBinding` and `gcp.datacatalog.TaxonomyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TaxonomyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.TaxonomyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TaxonomyIamPolicy(\"policy\", {\n taxonomy: basicTaxonomy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.TaxonomyIamPolicy(\"policy\",\n taxonomy=basic_taxonomy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TaxonomyIamPolicy(\"policy\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTaxonomyIamPolicy(ctx, \"policy\", \u0026datacatalog.TaxonomyIamPolicyArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicy;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaxonomyIamPolicy(\"policy\", TaxonomyIamPolicyArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TaxonomyIamPolicy\n properties:\n taxonomy: ${basicTaxonomy.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TaxonomyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TaxonomyIamBinding(\"binding\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TaxonomyIamBinding(\"binding\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TaxonomyIamBinding(\"binding\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamBinding(ctx, \"binding\", \u0026datacatalog.TaxonomyIamBindingArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBinding;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaxonomyIamBinding(\"binding\", TaxonomyIamBindingArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TaxonomyIamBinding\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TaxonomyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TaxonomyIamMember(\"member\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TaxonomyIamMember(\"member\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TaxonomyIamMember(\"member\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamMember(ctx, \"member\", \u0026datacatalog.TaxonomyIamMemberArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMember;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaxonomyIamMember(\"member\", TaxonomyIamMemberArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TaxonomyIamMember\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Data catalog Taxonomy\nThree different resources help you manage your IAM policy for Data catalog Taxonomy. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Authoritative. Sets the IAM policy for the taxonomy and replaces any existing policy already attached.\n* `gcp.datacatalog.TaxonomyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the taxonomy are preserved.\n* `gcp.datacatalog.TaxonomyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the taxonomy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Retrieves the IAM policy for the taxonomy\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TaxonomyIamBinding` and `gcp.datacatalog.TaxonomyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TaxonomyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.TaxonomyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TaxonomyIamPolicy(\"policy\", {\n taxonomy: basicTaxonomy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.TaxonomyIamPolicy(\"policy\",\n taxonomy=basic_taxonomy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TaxonomyIamPolicy(\"policy\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTaxonomyIamPolicy(ctx, \"policy\", \u0026datacatalog.TaxonomyIamPolicyArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicy;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaxonomyIamPolicy(\"policy\", TaxonomyIamPolicyArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TaxonomyIamPolicy\n properties:\n taxonomy: ${basicTaxonomy.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TaxonomyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TaxonomyIamBinding(\"binding\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TaxonomyIamBinding(\"binding\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TaxonomyIamBinding(\"binding\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamBinding(ctx, \"binding\", \u0026datacatalog.TaxonomyIamBindingArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBinding;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaxonomyIamBinding(\"binding\", TaxonomyIamBindingArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TaxonomyIamBinding\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TaxonomyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TaxonomyIamMember(\"member\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TaxonomyIamMember(\"member\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TaxonomyIamMember(\"member\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamMember(ctx, \"member\", \u0026datacatalog.TaxonomyIamMemberArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMember;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaxonomyIamMember(\"member\", TaxonomyIamMemberArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TaxonomyIamMember\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}}\n\n* {{project}}/{{region}}/{{taxonomy}}\n\n* {{region}}/{{taxonomy}}\n\n* {{taxonomy}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog taxonomy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamPolicy:TaxonomyIamPolicy editor \"projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamPolicy:TaxonomyIamPolicy editor \"projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamPolicy:TaxonomyIamPolicy editor projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Data catalog Taxonomy. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Authoritative. Sets the IAM policy for the taxonomy and replaces any existing policy already attached.\n* `gcp.datacatalog.TaxonomyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the taxonomy are preserved.\n* `gcp.datacatalog.TaxonomyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the taxonomy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Retrieves the IAM policy for the taxonomy\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TaxonomyIamBinding` and `gcp.datacatalog.TaxonomyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TaxonomyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.TaxonomyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TaxonomyIamPolicy(\"policy\", {\n taxonomy: basicTaxonomy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.TaxonomyIamPolicy(\"policy\",\n taxonomy=basic_taxonomy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TaxonomyIamPolicy(\"policy\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTaxonomyIamPolicy(ctx, \"policy\", \u0026datacatalog.TaxonomyIamPolicyArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicy;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaxonomyIamPolicy(\"policy\", TaxonomyIamPolicyArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TaxonomyIamPolicy\n properties:\n taxonomy: ${basicTaxonomy.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TaxonomyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TaxonomyIamBinding(\"binding\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TaxonomyIamBinding(\"binding\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TaxonomyIamBinding(\"binding\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamBinding(ctx, \"binding\", \u0026datacatalog.TaxonomyIamBindingArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBinding;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaxonomyIamBinding(\"binding\", TaxonomyIamBindingArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TaxonomyIamBinding\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TaxonomyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TaxonomyIamMember(\"member\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TaxonomyIamMember(\"member\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TaxonomyIamMember(\"member\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamMember(ctx, \"member\", \u0026datacatalog.TaxonomyIamMemberArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMember;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaxonomyIamMember(\"member\", TaxonomyIamMemberArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TaxonomyIamMember\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Data catalog Taxonomy\nThree different resources help you manage your IAM policy for Data catalog Taxonomy. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Authoritative. Sets the IAM policy for the taxonomy and replaces any existing policy already attached.\n* `gcp.datacatalog.TaxonomyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the taxonomy are preserved.\n* `gcp.datacatalog.TaxonomyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the taxonomy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Retrieves the IAM policy for the taxonomy\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TaxonomyIamBinding` and `gcp.datacatalog.TaxonomyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TaxonomyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.datacatalog.TaxonomyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TaxonomyIamPolicy(\"policy\", {\n taxonomy: basicTaxonomy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.datacatalog.TaxonomyIamPolicy(\"policy\",\n taxonomy=basic_taxonomy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TaxonomyIamPolicy(\"policy\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTaxonomyIamPolicy(ctx, \"policy\", \u0026datacatalog.TaxonomyIamPolicyArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicy;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaxonomyIamPolicy(\"policy\", TaxonomyIamPolicyArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TaxonomyIamPolicy\n properties:\n taxonomy: ${basicTaxonomy.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TaxonomyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TaxonomyIamBinding(\"binding\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TaxonomyIamBinding(\"binding\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TaxonomyIamBinding(\"binding\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamBinding(ctx, \"binding\", \u0026datacatalog.TaxonomyIamBindingArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBinding;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaxonomyIamBinding(\"binding\", TaxonomyIamBindingArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TaxonomyIamBinding\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.datacatalog.TaxonomyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TaxonomyIamMember(\"member\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TaxonomyIamMember(\"member\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TaxonomyIamMember(\"member\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamMember(ctx, \"member\", \u0026datacatalog.TaxonomyIamMemberArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMember;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaxonomyIamMember(\"member\", TaxonomyIamMemberArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TaxonomyIamMember\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}}\n\n* {{project}}/{{region}}/{{taxonomy}}\n\n* {{region}}/{{taxonomy}}\n\n* {{taxonomy}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog taxonomy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamPolicy:TaxonomyIamPolicy editor \"projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamPolicy:TaxonomyIamPolicy editor \"projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamPolicy:TaxonomyIamPolicy editor projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -192714,7 +192714,7 @@ } }, "gcp:dataform/repository:Repository": { - "description": "## Example Usage\n\n### Dataform Repository\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secret = new gcp.secretmanager.Secret(\"secret\", {\n secretId: \"my-secret\",\n replication: {\n auto: {},\n },\n});\nconst secretVersion = new gcp.secretmanager.SecretVersion(\"secret_version\", {\n secret: secret.id,\n secretData: \"secret-data\",\n});\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"example-key-ring\",\n location: \"us-central1\",\n});\nconst exampleKey = new gcp.kms.CryptoKey(\"example_key\", {\n name: \"example-crypto-key-name\",\n keyRing: keyring.id,\n});\nconst cryptoKeyBinding = new gcp.kms.CryptoKeyIAMBinding(\"crypto_key_binding\", {\n cryptoKeyId: exampleKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n members: [`serviceAccount:service-${project.number}@gcp-sa-dataform.iam.gserviceaccount.com`],\n});\nconst dataformRepository = new gcp.dataform.Repository(\"dataform_repository\", {\n name: \"dataform_repository\",\n displayName: \"dataform_repository\",\n npmrcEnvironmentVariablesSecretVersion: secretVersion.id,\n kmsKeyName: exampleKey.id,\n labels: {\n label_foo1: \"label-bar1\",\n },\n gitRemoteSettings: {\n url: \"https://github.com/OWNER/REPOSITORY.git\",\n defaultBranch: \"main\",\n authenticationTokenSecretVersion: secretVersion.id,\n },\n workspaceCompilationOverrides: {\n defaultDatabase: \"database\",\n schemaSuffix: \"_suffix\",\n tablePrefix: \"prefix_\",\n },\n}, {\n dependsOn: [cryptoKeyBinding],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret = gcp.secretmanager.Secret(\"secret\",\n secret_id=\"my-secret\",\n replication={\n \"auto\": {},\n })\nsecret_version = gcp.secretmanager.SecretVersion(\"secret_version\",\n secret=secret.id,\n secret_data=\"secret-data\")\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"example-key-ring\",\n location=\"us-central1\")\nexample_key = gcp.kms.CryptoKey(\"example_key\",\n name=\"example-crypto-key-name\",\n key_ring=keyring.id)\ncrypto_key_binding = gcp.kms.CryptoKeyIAMBinding(\"crypto_key_binding\",\n crypto_key_id=example_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n members=[f\"serviceAccount:service-{project['number']}@gcp-sa-dataform.iam.gserviceaccount.com\"])\ndataform_repository = gcp.dataform.Repository(\"dataform_repository\",\n name=\"dataform_repository\",\n display_name=\"dataform_repository\",\n npmrc_environment_variables_secret_version=secret_version.id,\n kms_key_name=example_key.id,\n labels={\n \"label_foo1\": \"label-bar1\",\n },\n git_remote_settings={\n \"url\": \"https://github.com/OWNER/REPOSITORY.git\",\n \"default_branch\": \"main\",\n \"authentication_token_secret_version\": secret_version.id,\n },\n workspace_compilation_overrides={\n \"default_database\": \"database\",\n \"schema_suffix\": \"_suffix\",\n \"table_prefix\": \"prefix_\",\n },\n opts = pulumi.ResourceOptions(depends_on=[crypto_key_binding]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret = new Gcp.SecretManager.Secret(\"secret\", new()\n {\n SecretId = \"my-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var secretVersion = new Gcp.SecretManager.SecretVersion(\"secret_version\", new()\n {\n Secret = secret.Id,\n SecretData = \"secret-data\",\n });\n\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"example-key-ring\",\n Location = \"us-central1\",\n });\n\n var exampleKey = new Gcp.Kms.CryptoKey(\"example_key\", new()\n {\n Name = \"example-crypto-key-name\",\n KeyRing = keyring.Id,\n });\n\n var cryptoKeyBinding = new Gcp.Kms.CryptoKeyIAMBinding(\"crypto_key_binding\", new()\n {\n CryptoKeyId = exampleKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Members = new[]\n {\n $\"serviceAccount:service-{project.Number}@gcp-sa-dataform.iam.gserviceaccount.com\",\n },\n });\n\n var dataformRepository = new Gcp.Dataform.Repository(\"dataform_repository\", new()\n {\n Name = \"dataform_repository\",\n DisplayName = \"dataform_repository\",\n NpmrcEnvironmentVariablesSecretVersion = secretVersion.Id,\n KmsKeyName = exampleKey.Id,\n Labels = \n {\n { \"label_foo1\", \"label-bar1\" },\n },\n GitRemoteSettings = new Gcp.Dataform.Inputs.RepositoryGitRemoteSettingsArgs\n {\n Url = \"https://github.com/OWNER/REPOSITORY.git\",\n DefaultBranch = \"main\",\n AuthenticationTokenSecretVersion = secretVersion.Id,\n },\n WorkspaceCompilationOverrides = new Gcp.Dataform.Inputs.RepositoryWorkspaceCompilationOverridesArgs\n {\n DefaultDatabase = \"database\",\n SchemaSuffix = \"_suffix\",\n TablePrefix = \"prefix_\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n cryptoKeyBinding,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataform\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsecret, err := secretmanager.NewSecret(ctx, \"secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"my-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecretVersion, err := secretmanager.NewSecretVersion(ctx, \"secret_version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: secret.ID(),\n\t\t\tSecretData: pulumi.String(\"secret-data\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"example-key-ring\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleKey, err := kms.NewCryptoKey(ctx, \"example_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"example-crypto-key-name\"),\n\t\t\tKeyRing: keyring.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKeyBinding, err := kms.NewCryptoKeyIAMBinding(ctx, \"crypto_key_binding\", \u0026kms.CryptoKeyIAMBindingArgs{\n\t\t\tCryptoKeyId: exampleKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-dataform.iam.gserviceaccount.com\", project.Number),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataform.NewRepository(ctx, \"dataform_repository\", \u0026dataform.RepositoryArgs{\n\t\t\tName: pulumi.String(\"dataform_repository\"),\n\t\t\tDisplayName: pulumi.String(\"dataform_repository\"),\n\t\t\tNpmrcEnvironmentVariablesSecretVersion: secretVersion.ID(),\n\t\t\tKmsKeyName: exampleKey.ID(),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label_foo1\": pulumi.String(\"label-bar1\"),\n\t\t\t},\n\t\t\tGitRemoteSettings: \u0026dataform.RepositoryGitRemoteSettingsArgs{\n\t\t\t\tUrl: pulumi.String(\"https://github.com/OWNER/REPOSITORY.git\"),\n\t\t\t\tDefaultBranch: pulumi.String(\"main\"),\n\t\t\t\tAuthenticationTokenSecretVersion: secretVersion.ID(),\n\t\t\t},\n\t\t\tWorkspaceCompilationOverrides: \u0026dataform.RepositoryWorkspaceCompilationOverridesArgs{\n\t\t\t\tDefaultDatabase: pulumi.String(\"database\"),\n\t\t\t\tSchemaSuffix: pulumi.String(\"_suffix\"),\n\t\t\t\tTablePrefix: pulumi.String(\"prefix_\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcryptoKeyBinding,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBinding;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;\nimport com.pulumi.gcp.dataform.Repository;\nimport com.pulumi.gcp.dataform.RepositoryArgs;\nimport com.pulumi.gcp.dataform.inputs.RepositoryGitRemoteSettingsArgs;\nimport com.pulumi.gcp.dataform.inputs.RepositoryWorkspaceCompilationOverridesArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret = new Secret(\"secret\", SecretArgs.builder()\n .secretId(\"my-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var secretVersion = new SecretVersion(\"secretVersion\", SecretVersionArgs.builder()\n .secret(secret.id())\n .secretData(\"secret-data\")\n .build());\n\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder()\n .name(\"example-key-ring\")\n .location(\"us-central1\")\n .build());\n\n var exampleKey = new CryptoKey(\"exampleKey\", CryptoKeyArgs.builder()\n .name(\"example-crypto-key-name\")\n .keyRing(keyring.id())\n .build());\n\n var cryptoKeyBinding = new CryptoKeyIAMBinding(\"cryptoKeyBinding\", CryptoKeyIAMBindingArgs.builder()\n .cryptoKeyId(exampleKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .members(String.format(\"serviceAccount:service-%s@gcp-sa-dataform.iam.gserviceaccount.com\", project.number()))\n .build());\n\n var dataformRepository = new Repository(\"dataformRepository\", RepositoryArgs.builder()\n .name(\"dataform_repository\")\n .displayName(\"dataform_repository\")\n .npmrcEnvironmentVariablesSecretVersion(secretVersion.id())\n .kmsKeyName(exampleKey.id())\n .labels(Map.of(\"label_foo1\", \"label-bar1\"))\n .gitRemoteSettings(RepositoryGitRemoteSettingsArgs.builder()\n .url(\"https://github.com/OWNER/REPOSITORY.git\")\n .defaultBranch(\"main\")\n .authenticationTokenSecretVersion(secretVersion.id())\n .build())\n .workspaceCompilationOverrides(RepositoryWorkspaceCompilationOverridesArgs.builder()\n .defaultDatabase(\"database\")\n .schemaSuffix(\"_suffix\")\n .tablePrefix(\"prefix_\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(cryptoKeyBinding)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: my-secret\n replication:\n auto: {}\n secretVersion:\n type: gcp:secretmanager:SecretVersion\n name: secret_version\n properties:\n secret: ${secret.id}\n secretData: secret-data\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: example-key-ring\n location: us-central1\n exampleKey:\n type: gcp:kms:CryptoKey\n name: example_key\n properties:\n name: example-crypto-key-name\n keyRing: ${keyring.id}\n cryptoKeyBinding:\n type: gcp:kms:CryptoKeyIAMBinding\n name: crypto_key_binding\n properties:\n cryptoKeyId: ${exampleKey.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n members:\n - serviceAccount:service-${project.number}@gcp-sa-dataform.iam.gserviceaccount.com\n dataformRepository:\n type: gcp:dataform:Repository\n name: dataform_repository\n properties:\n name: dataform_repository\n displayName: dataform_repository\n npmrcEnvironmentVariablesSecretVersion: ${secretVersion.id}\n kmsKeyName: ${exampleKey.id}\n labels:\n label_foo1: label-bar1\n gitRemoteSettings:\n url: https://github.com/OWNER/REPOSITORY.git\n defaultBranch: main\n authenticationTokenSecretVersion: ${secretVersion.id}\n workspaceCompilationOverrides:\n defaultDatabase: database\n schemaSuffix: _suffix\n tablePrefix: prefix_\n options:\n dependson:\n - ${cryptoKeyBinding}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRepository can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/repositories/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Repository can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:dataform/repository:Repository default projects/{{project}}/locations/{{region}}/repositories/{{name}}\n```\n\n```sh\n$ pulumi import gcp:dataform/repository:Repository default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:dataform/repository:Repository default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:dataform/repository:Repository default {{name}}\n```\n\n", + "description": "## Example Usage\n\n### Dataform Repository\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secret = new gcp.secretmanager.Secret(\"secret\", {\n secretId: \"my-secret\",\n replication: {\n auto: {},\n },\n});\nconst secretVersion = new gcp.secretmanager.SecretVersion(\"secret_version\", {\n secret: secret.id,\n secretData: \"secret-data\",\n});\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"example-key-ring\",\n location: \"us-central1\",\n});\nconst exampleKey = new gcp.kms.CryptoKey(\"example_key\", {\n name: \"example-crypto-key-name\",\n keyRing: keyring.id,\n});\nconst cryptoKeyBinding = new gcp.kms.CryptoKeyIAMBinding(\"crypto_key_binding\", {\n cryptoKeyId: exampleKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n members: [`serviceAccount:service-${project.number}@gcp-sa-dataform.iam.gserviceaccount.com`],\n});\nconst dataformRepository = new gcp.dataform.Repository(\"dataform_repository\", {\n name: \"dataform_repository\",\n displayName: \"dataform_repository\",\n npmrcEnvironmentVariablesSecretVersion: secretVersion.id,\n kmsKeyName: exampleKey.id,\n labels: {\n label_foo1: \"label-bar1\",\n },\n gitRemoteSettings: {\n url: \"https://github.com/OWNER/REPOSITORY.git\",\n defaultBranch: \"main\",\n authenticationTokenSecretVersion: secretVersion.id,\n },\n workspaceCompilationOverrides: {\n defaultDatabase: \"database\",\n schemaSuffix: \"_suffix\",\n tablePrefix: \"prefix_\",\n },\n}, {\n dependsOn: [cryptoKeyBinding],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret = gcp.secretmanager.Secret(\"secret\",\n secret_id=\"my-secret\",\n replication={\n \"auto\": {},\n })\nsecret_version = gcp.secretmanager.SecretVersion(\"secret_version\",\n secret=secret.id,\n secret_data=\"secret-data\")\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"example-key-ring\",\n location=\"us-central1\")\nexample_key = gcp.kms.CryptoKey(\"example_key\",\n name=\"example-crypto-key-name\",\n key_ring=keyring.id)\ncrypto_key_binding = gcp.kms.CryptoKeyIAMBinding(\"crypto_key_binding\",\n crypto_key_id=example_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n members=[f\"serviceAccount:service-{project['number']}@gcp-sa-dataform.iam.gserviceaccount.com\"])\ndataform_repository = gcp.dataform.Repository(\"dataform_repository\",\n name=\"dataform_repository\",\n display_name=\"dataform_repository\",\n npmrc_environment_variables_secret_version=secret_version.id,\n kms_key_name=example_key.id,\n labels={\n \"label_foo1\": \"label-bar1\",\n },\n git_remote_settings={\n \"url\": \"https://github.com/OWNER/REPOSITORY.git\",\n \"default_branch\": \"main\",\n \"authentication_token_secret_version\": secret_version.id,\n },\n workspace_compilation_overrides={\n \"default_database\": \"database\",\n \"schema_suffix\": \"_suffix\",\n \"table_prefix\": \"prefix_\",\n },\n opts = pulumi.ResourceOptions(depends_on=[crypto_key_binding]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret = new Gcp.SecretManager.Secret(\"secret\", new()\n {\n SecretId = \"my-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var secretVersion = new Gcp.SecretManager.SecretVersion(\"secret_version\", new()\n {\n Secret = secret.Id,\n SecretData = \"secret-data\",\n });\n\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"example-key-ring\",\n Location = \"us-central1\",\n });\n\n var exampleKey = new Gcp.Kms.CryptoKey(\"example_key\", new()\n {\n Name = \"example-crypto-key-name\",\n KeyRing = keyring.Id,\n });\n\n var cryptoKeyBinding = new Gcp.Kms.CryptoKeyIAMBinding(\"crypto_key_binding\", new()\n {\n CryptoKeyId = exampleKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Members = new[]\n {\n $\"serviceAccount:service-{project.Number}@gcp-sa-dataform.iam.gserviceaccount.com\",\n },\n });\n\n var dataformRepository = new Gcp.Dataform.Repository(\"dataform_repository\", new()\n {\n Name = \"dataform_repository\",\n DisplayName = \"dataform_repository\",\n NpmrcEnvironmentVariablesSecretVersion = secretVersion.Id,\n KmsKeyName = exampleKey.Id,\n Labels = \n {\n { \"label_foo1\", \"label-bar1\" },\n },\n GitRemoteSettings = new Gcp.Dataform.Inputs.RepositoryGitRemoteSettingsArgs\n {\n Url = \"https://github.com/OWNER/REPOSITORY.git\",\n DefaultBranch = \"main\",\n AuthenticationTokenSecretVersion = secretVersion.Id,\n },\n WorkspaceCompilationOverrides = new Gcp.Dataform.Inputs.RepositoryWorkspaceCompilationOverridesArgs\n {\n DefaultDatabase = \"database\",\n SchemaSuffix = \"_suffix\",\n TablePrefix = \"prefix_\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n cryptoKeyBinding,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataform\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsecret, err := secretmanager.NewSecret(ctx, \"secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"my-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecretVersion, err := secretmanager.NewSecretVersion(ctx, \"secret_version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: secret.ID(),\n\t\t\tSecretData: pulumi.String(\"secret-data\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"example-key-ring\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleKey, err := kms.NewCryptoKey(ctx, \"example_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"example-crypto-key-name\"),\n\t\t\tKeyRing: keyring.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKeyBinding, err := kms.NewCryptoKeyIAMBinding(ctx, \"crypto_key_binding\", \u0026kms.CryptoKeyIAMBindingArgs{\n\t\t\tCryptoKeyId: exampleKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-dataform.iam.gserviceaccount.com\", project.Number),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataform.NewRepository(ctx, \"dataform_repository\", \u0026dataform.RepositoryArgs{\n\t\t\tName: pulumi.String(\"dataform_repository\"),\n\t\t\tDisplayName: pulumi.String(\"dataform_repository\"),\n\t\t\tNpmrcEnvironmentVariablesSecretVersion: secretVersion.ID(),\n\t\t\tKmsKeyName: exampleKey.ID(),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label_foo1\": pulumi.String(\"label-bar1\"),\n\t\t\t},\n\t\t\tGitRemoteSettings: \u0026dataform.RepositoryGitRemoteSettingsArgs{\n\t\t\t\tUrl: pulumi.String(\"https://github.com/OWNER/REPOSITORY.git\"),\n\t\t\t\tDefaultBranch: pulumi.String(\"main\"),\n\t\t\t\tAuthenticationTokenSecretVersion: secretVersion.ID(),\n\t\t\t},\n\t\t\tWorkspaceCompilationOverrides: \u0026dataform.RepositoryWorkspaceCompilationOverridesArgs{\n\t\t\t\tDefaultDatabase: pulumi.String(\"database\"),\n\t\t\t\tSchemaSuffix: pulumi.String(\"_suffix\"),\n\t\t\t\tTablePrefix: pulumi.String(\"prefix_\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcryptoKeyBinding,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBinding;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;\nimport com.pulumi.gcp.dataform.Repository;\nimport com.pulumi.gcp.dataform.RepositoryArgs;\nimport com.pulumi.gcp.dataform.inputs.RepositoryGitRemoteSettingsArgs;\nimport com.pulumi.gcp.dataform.inputs.RepositoryWorkspaceCompilationOverridesArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret = new Secret(\"secret\", SecretArgs.builder()\n .secretId(\"my-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var secretVersion = new SecretVersion(\"secretVersion\", SecretVersionArgs.builder()\n .secret(secret.id())\n .secretData(\"secret-data\")\n .build());\n\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder()\n .name(\"example-key-ring\")\n .location(\"us-central1\")\n .build());\n\n var exampleKey = new CryptoKey(\"exampleKey\", CryptoKeyArgs.builder()\n .name(\"example-crypto-key-name\")\n .keyRing(keyring.id())\n .build());\n\n var cryptoKeyBinding = new CryptoKeyIAMBinding(\"cryptoKeyBinding\", CryptoKeyIAMBindingArgs.builder()\n .cryptoKeyId(exampleKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .members(String.format(\"serviceAccount:service-%s@gcp-sa-dataform.iam.gserviceaccount.com\", project.number()))\n .build());\n\n var dataformRepository = new Repository(\"dataformRepository\", RepositoryArgs.builder()\n .name(\"dataform_repository\")\n .displayName(\"dataform_repository\")\n .npmrcEnvironmentVariablesSecretVersion(secretVersion.id())\n .kmsKeyName(exampleKey.id())\n .labels(Map.of(\"label_foo1\", \"label-bar1\"))\n .gitRemoteSettings(RepositoryGitRemoteSettingsArgs.builder()\n .url(\"https://github.com/OWNER/REPOSITORY.git\")\n .defaultBranch(\"main\")\n .authenticationTokenSecretVersion(secretVersion.id())\n .build())\n .workspaceCompilationOverrides(RepositoryWorkspaceCompilationOverridesArgs.builder()\n .defaultDatabase(\"database\")\n .schemaSuffix(\"_suffix\")\n .tablePrefix(\"prefix_\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(cryptoKeyBinding)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: my-secret\n replication:\n auto: {}\n secretVersion:\n type: gcp:secretmanager:SecretVersion\n name: secret_version\n properties:\n secret: ${secret.id}\n secretData: secret-data\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: example-key-ring\n location: us-central1\n exampleKey:\n type: gcp:kms:CryptoKey\n name: example_key\n properties:\n name: example-crypto-key-name\n keyRing: ${keyring.id}\n cryptoKeyBinding:\n type: gcp:kms:CryptoKeyIAMBinding\n name: crypto_key_binding\n properties:\n cryptoKeyId: ${exampleKey.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n members:\n - serviceAccount:service-${project.number}@gcp-sa-dataform.iam.gserviceaccount.com\n dataformRepository:\n type: gcp:dataform:Repository\n name: dataform_repository\n properties:\n name: dataform_repository\n displayName: dataform_repository\n npmrcEnvironmentVariablesSecretVersion: ${secretVersion.id}\n kmsKeyName: ${exampleKey.id}\n labels:\n label_foo1: label-bar1\n gitRemoteSettings:\n url: https://github.com/OWNER/REPOSITORY.git\n defaultBranch: main\n authenticationTokenSecretVersion: ${secretVersion.id}\n workspaceCompilationOverrides:\n defaultDatabase: database\n schemaSuffix: _suffix\n tablePrefix: prefix_\n options:\n dependsOn:\n - ${cryptoKeyBinding}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRepository can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/repositories/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Repository can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:dataform/repository:Repository default projects/{{project}}/locations/{{region}}/repositories/{{name}}\n```\n\n```sh\n$ pulumi import gcp:dataform/repository:Repository default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:dataform/repository:Repository default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:dataform/repository:Repository default {{name}}\n```\n\n", "properties": { "displayName": { "type": "string", @@ -193172,7 +193172,7 @@ } }, "gcp:dataform/repositoryReleaseConfig:RepositoryReleaseConfig": { - "description": "## Example Usage\n\n### Dataform Repository Release Config\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst gitRepository = new gcp.sourcerepo.Repository(\"git_repository\", {name: \"my/repository\"});\nconst secret = new gcp.secretmanager.Secret(\"secret\", {\n secretId: \"my_secret\",\n replication: {\n auto: {},\n },\n});\nconst secretVersion = new gcp.secretmanager.SecretVersion(\"secret_version\", {\n secret: secret.id,\n secretData: \"secret-data\",\n});\nconst repository = new gcp.dataform.Repository(\"repository\", {\n name: \"dataform_repository\",\n region: \"us-central1\",\n gitRemoteSettings: {\n url: gitRepository.url,\n defaultBranch: \"main\",\n authenticationTokenSecretVersion: secretVersion.id,\n },\n workspaceCompilationOverrides: {\n defaultDatabase: \"database\",\n schemaSuffix: \"_suffix\",\n tablePrefix: \"prefix_\",\n },\n});\nconst release = new gcp.dataform.RepositoryReleaseConfig(\"release\", {\n project: repository.project,\n region: repository.region,\n repository: repository.name,\n name: \"my_release\",\n gitCommitish: \"main\",\n cronSchedule: \"0 7 * * *\",\n timeZone: \"America/New_York\",\n codeCompilationConfig: {\n defaultDatabase: \"gcp-example-project\",\n defaultSchema: \"example-dataset\",\n defaultLocation: \"us-central1\",\n assertionSchema: \"example-assertion-dataset\",\n databaseSuffix: \"\",\n schemaSuffix: \"\",\n tablePrefix: \"\",\n vars: {\n var1: \"value\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ngit_repository = gcp.sourcerepo.Repository(\"git_repository\", name=\"my/repository\")\nsecret = gcp.secretmanager.Secret(\"secret\",\n secret_id=\"my_secret\",\n replication={\n \"auto\": {},\n })\nsecret_version = gcp.secretmanager.SecretVersion(\"secret_version\",\n secret=secret.id,\n secret_data=\"secret-data\")\nrepository = gcp.dataform.Repository(\"repository\",\n name=\"dataform_repository\",\n region=\"us-central1\",\n git_remote_settings={\n \"url\": git_repository.url,\n \"default_branch\": \"main\",\n \"authentication_token_secret_version\": secret_version.id,\n },\n workspace_compilation_overrides={\n \"default_database\": \"database\",\n \"schema_suffix\": \"_suffix\",\n \"table_prefix\": \"prefix_\",\n })\nrelease = gcp.dataform.RepositoryReleaseConfig(\"release\",\n project=repository.project,\n region=repository.region,\n repository=repository.name,\n name=\"my_release\",\n git_commitish=\"main\",\n cron_schedule=\"0 7 * * *\",\n time_zone=\"America/New_York\",\n code_compilation_config={\n \"default_database\": \"gcp-example-project\",\n \"default_schema\": \"example-dataset\",\n \"default_location\": \"us-central1\",\n \"assertion_schema\": \"example-assertion-dataset\",\n \"database_suffix\": \"\",\n \"schema_suffix\": \"\",\n \"table_prefix\": \"\",\n \"vars\": {\n \"var1\": \"value\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var gitRepository = new Gcp.SourceRepo.Repository(\"git_repository\", new()\n {\n Name = \"my/repository\",\n });\n\n var secret = new Gcp.SecretManager.Secret(\"secret\", new()\n {\n SecretId = \"my_secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var secretVersion = new Gcp.SecretManager.SecretVersion(\"secret_version\", new()\n {\n Secret = secret.Id,\n SecretData = \"secret-data\",\n });\n\n var repository = new Gcp.Dataform.Repository(\"repository\", new()\n {\n Name = \"dataform_repository\",\n Region = \"us-central1\",\n GitRemoteSettings = new Gcp.Dataform.Inputs.RepositoryGitRemoteSettingsArgs\n {\n Url = gitRepository.Url,\n DefaultBranch = \"main\",\n AuthenticationTokenSecretVersion = secretVersion.Id,\n },\n WorkspaceCompilationOverrides = new Gcp.Dataform.Inputs.RepositoryWorkspaceCompilationOverridesArgs\n {\n DefaultDatabase = \"database\",\n SchemaSuffix = \"_suffix\",\n TablePrefix = \"prefix_\",\n },\n });\n\n var release = new Gcp.Dataform.RepositoryReleaseConfig(\"release\", new()\n {\n Project = repository.Project,\n Region = repository.Region,\n Repository = repository.Name,\n Name = \"my_release\",\n GitCommitish = \"main\",\n CronSchedule = \"0 7 * * *\",\n TimeZone = \"America/New_York\",\n CodeCompilationConfig = new Gcp.Dataform.Inputs.RepositoryReleaseConfigCodeCompilationConfigArgs\n {\n DefaultDatabase = \"gcp-example-project\",\n DefaultSchema = \"example-dataset\",\n DefaultLocation = \"us-central1\",\n AssertionSchema = \"example-assertion-dataset\",\n DatabaseSuffix = \"\",\n SchemaSuffix = \"\",\n TablePrefix = \"\",\n Vars = \n {\n { \"var1\", \"value\" },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataform\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tgitRepository, err := sourcerepo.NewRepository(ctx, \"git_repository\", \u0026sourcerepo.RepositoryArgs{\n\t\t\tName: pulumi.String(\"my/repository\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecret, err := secretmanager.NewSecret(ctx, \"secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"my_secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecretVersion, err := secretmanager.NewSecretVersion(ctx, \"secret_version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: secret.ID(),\n\t\t\tSecretData: pulumi.String(\"secret-data\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trepository, err := dataform.NewRepository(ctx, \"repository\", \u0026dataform.RepositoryArgs{\n\t\t\tName: pulumi.String(\"dataform_repository\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tGitRemoteSettings: \u0026dataform.RepositoryGitRemoteSettingsArgs{\n\t\t\t\tUrl: gitRepository.Url,\n\t\t\t\tDefaultBranch: pulumi.String(\"main\"),\n\t\t\t\tAuthenticationTokenSecretVersion: secretVersion.ID(),\n\t\t\t},\n\t\t\tWorkspaceCompilationOverrides: \u0026dataform.RepositoryWorkspaceCompilationOverridesArgs{\n\t\t\t\tDefaultDatabase: pulumi.String(\"database\"),\n\t\t\t\tSchemaSuffix: pulumi.String(\"_suffix\"),\n\t\t\t\tTablePrefix: pulumi.String(\"prefix_\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataform.NewRepositoryReleaseConfig(ctx, \"release\", \u0026dataform.RepositoryReleaseConfigArgs{\n\t\t\tProject: repository.Project,\n\t\t\tRegion: repository.Region,\n\t\t\tRepository: repository.Name,\n\t\t\tName: pulumi.String(\"my_release\"),\n\t\t\tGitCommitish: pulumi.String(\"main\"),\n\t\t\tCronSchedule: pulumi.String(\"0 7 * * *\"),\n\t\t\tTimeZone: pulumi.String(\"America/New_York\"),\n\t\t\tCodeCompilationConfig: \u0026dataform.RepositoryReleaseConfigCodeCompilationConfigArgs{\n\t\t\t\tDefaultDatabase: pulumi.String(\"gcp-example-project\"),\n\t\t\t\tDefaultSchema: pulumi.String(\"example-dataset\"),\n\t\t\t\tDefaultLocation: pulumi.String(\"us-central1\"),\n\t\t\t\tAssertionSchema: pulumi.String(\"example-assertion-dataset\"),\n\t\t\t\tDatabaseSuffix: pulumi.String(\"\"),\n\t\t\t\tSchemaSuffix: pulumi.String(\"\"),\n\t\t\t\tTablePrefix: pulumi.String(\"\"),\n\t\t\t\tVars: pulumi.StringMap{\n\t\t\t\t\t\"var1\": pulumi.String(\"value\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sourcerepo.Repository;\nimport com.pulumi.gcp.sourcerepo.RepositoryArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.dataform.Repository;\nimport com.pulumi.gcp.dataform.RepositoryArgs;\nimport com.pulumi.gcp.dataform.inputs.RepositoryGitRemoteSettingsArgs;\nimport com.pulumi.gcp.dataform.inputs.RepositoryWorkspaceCompilationOverridesArgs;\nimport com.pulumi.gcp.dataform.RepositoryReleaseConfig;\nimport com.pulumi.gcp.dataform.RepositoryReleaseConfigArgs;\nimport com.pulumi.gcp.dataform.inputs.RepositoryReleaseConfigCodeCompilationConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var gitRepository = new Repository(\"gitRepository\", RepositoryArgs.builder()\n .name(\"my/repository\")\n .build());\n\n var secret = new Secret(\"secret\", SecretArgs.builder()\n .secretId(\"my_secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var secretVersion = new SecretVersion(\"secretVersion\", SecretVersionArgs.builder()\n .secret(secret.id())\n .secretData(\"secret-data\")\n .build());\n\n var repository = new Repository(\"repository\", RepositoryArgs.builder()\n .name(\"dataform_repository\")\n .region(\"us-central1\")\n .gitRemoteSettings(RepositoryGitRemoteSettingsArgs.builder()\n .url(gitRepository.url())\n .defaultBranch(\"main\")\n .authenticationTokenSecretVersion(secretVersion.id())\n .build())\n .workspaceCompilationOverrides(RepositoryWorkspaceCompilationOverridesArgs.builder()\n .defaultDatabase(\"database\")\n .schemaSuffix(\"_suffix\")\n .tablePrefix(\"prefix_\")\n .build())\n .build());\n\n var release = new RepositoryReleaseConfig(\"release\", RepositoryReleaseConfigArgs.builder()\n .project(repository.project())\n .region(repository.region())\n .repository(repository.name())\n .name(\"my_release\")\n .gitCommitish(\"main\")\n .cronSchedule(\"0 7 * * *\")\n .timeZone(\"America/New_York\")\n .codeCompilationConfig(RepositoryReleaseConfigCodeCompilationConfigArgs.builder()\n .defaultDatabase(\"gcp-example-project\")\n .defaultSchema(\"example-dataset\")\n .defaultLocation(\"us-central1\")\n .assertionSchema(\"example-assertion-dataset\")\n .databaseSuffix(\"\")\n .schemaSuffix(\"\")\n .tablePrefix(\"\")\n .vars(Map.of(\"var1\", \"value\"))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n gitRepository:\n type: gcp:sourcerepo:Repository\n name: git_repository\n properties:\n name: my/repository\n secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: my_secret\n replication:\n auto: {}\n secretVersion:\n type: gcp:secretmanager:SecretVersion\n name: secret_version\n properties:\n secret: ${secret.id}\n secretData: secret-data\n repository:\n type: gcp:dataform:Repository\n properties:\n name: dataform_repository\n region: us-central1\n gitRemoteSettings:\n url: ${gitRepository.url}\n defaultBranch: main\n authenticationTokenSecretVersion: ${secretVersion.id}\n workspaceCompilationOverrides:\n defaultDatabase: database\n schemaSuffix: _suffix\n tablePrefix: prefix_\n release:\n type: gcp:dataform:RepositoryReleaseConfig\n properties:\n project: ${repository.project}\n region: ${repository.region}\n repository: ${repository.name}\n name: my_release\n gitCommitish: main\n cronSchedule: 0 7 * * *\n timeZone: America/New_York\n codeCompilationConfig:\n defaultDatabase: gcp-example-project\n defaultSchema: example-dataset\n defaultLocation: us-central1\n assertionSchema: example-assertion-dataset\n databaseSuffix:\n schemaSuffix:\n tablePrefix:\n vars:\n var1: value\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRepositoryReleaseConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/repositories/{{repository}}/releaseConfigs/{{name}}`\n\n* `{{project}}/{{region}}/{{repository}}/{{name}}`\n\n* `{{region}}/{{repository}}/{{name}}`\n\n* `{{repository}}/{{name}}`\n\nWhen using the `pulumi import` command, RepositoryReleaseConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:dataform/repositoryReleaseConfig:RepositoryReleaseConfig default projects/{{project}}/locations/{{region}}/repositories/{{repository}}/releaseConfigs/{{name}}\n```\n\n```sh\n$ pulumi import gcp:dataform/repositoryReleaseConfig:RepositoryReleaseConfig default {{project}}/{{region}}/{{repository}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:dataform/repositoryReleaseConfig:RepositoryReleaseConfig default {{region}}/{{repository}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:dataform/repositoryReleaseConfig:RepositoryReleaseConfig default {{repository}}/{{name}}\n```\n\n", + "description": "## Example Usage\n\n### Dataform Repository Release Config\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst gitRepository = new gcp.sourcerepo.Repository(\"git_repository\", {name: \"my/repository\"});\nconst secret = new gcp.secretmanager.Secret(\"secret\", {\n secretId: \"my_secret\",\n replication: {\n auto: {},\n },\n});\nconst secretVersion = new gcp.secretmanager.SecretVersion(\"secret_version\", {\n secret: secret.id,\n secretData: \"secret-data\",\n});\nconst repository = new gcp.dataform.Repository(\"repository\", {\n name: \"dataform_repository\",\n region: \"us-central1\",\n gitRemoteSettings: {\n url: gitRepository.url,\n defaultBranch: \"main\",\n authenticationTokenSecretVersion: secretVersion.id,\n },\n workspaceCompilationOverrides: {\n defaultDatabase: \"database\",\n schemaSuffix: \"_suffix\",\n tablePrefix: \"prefix_\",\n },\n});\nconst release = new gcp.dataform.RepositoryReleaseConfig(\"release\", {\n project: repository.project,\n region: repository.region,\n repository: repository.name,\n name: \"my_release\",\n gitCommitish: \"main\",\n cronSchedule: \"0 7 * * *\",\n timeZone: \"America/New_York\",\n codeCompilationConfig: {\n defaultDatabase: \"gcp-example-project\",\n defaultSchema: \"example-dataset\",\n defaultLocation: \"us-central1\",\n assertionSchema: \"example-assertion-dataset\",\n databaseSuffix: \"\",\n schemaSuffix: \"\",\n tablePrefix: \"\",\n vars: {\n var1: \"value\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ngit_repository = gcp.sourcerepo.Repository(\"git_repository\", name=\"my/repository\")\nsecret = gcp.secretmanager.Secret(\"secret\",\n secret_id=\"my_secret\",\n replication={\n \"auto\": {},\n })\nsecret_version = gcp.secretmanager.SecretVersion(\"secret_version\",\n secret=secret.id,\n secret_data=\"secret-data\")\nrepository = gcp.dataform.Repository(\"repository\",\n name=\"dataform_repository\",\n region=\"us-central1\",\n git_remote_settings={\n \"url\": git_repository.url,\n \"default_branch\": \"main\",\n \"authentication_token_secret_version\": secret_version.id,\n },\n workspace_compilation_overrides={\n \"default_database\": \"database\",\n \"schema_suffix\": \"_suffix\",\n \"table_prefix\": \"prefix_\",\n })\nrelease = gcp.dataform.RepositoryReleaseConfig(\"release\",\n project=repository.project,\n region=repository.region,\n repository=repository.name,\n name=\"my_release\",\n git_commitish=\"main\",\n cron_schedule=\"0 7 * * *\",\n time_zone=\"America/New_York\",\n code_compilation_config={\n \"default_database\": \"gcp-example-project\",\n \"default_schema\": \"example-dataset\",\n \"default_location\": \"us-central1\",\n \"assertion_schema\": \"example-assertion-dataset\",\n \"database_suffix\": \"\",\n \"schema_suffix\": \"\",\n \"table_prefix\": \"\",\n \"vars\": {\n \"var1\": \"value\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var gitRepository = new Gcp.SourceRepo.Repository(\"git_repository\", new()\n {\n Name = \"my/repository\",\n });\n\n var secret = new Gcp.SecretManager.Secret(\"secret\", new()\n {\n SecretId = \"my_secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var secretVersion = new Gcp.SecretManager.SecretVersion(\"secret_version\", new()\n {\n Secret = secret.Id,\n SecretData = \"secret-data\",\n });\n\n var repository = new Gcp.Dataform.Repository(\"repository\", new()\n {\n Name = \"dataform_repository\",\n Region = \"us-central1\",\n GitRemoteSettings = new Gcp.Dataform.Inputs.RepositoryGitRemoteSettingsArgs\n {\n Url = gitRepository.Url,\n DefaultBranch = \"main\",\n AuthenticationTokenSecretVersion = secretVersion.Id,\n },\n WorkspaceCompilationOverrides = new Gcp.Dataform.Inputs.RepositoryWorkspaceCompilationOverridesArgs\n {\n DefaultDatabase = \"database\",\n SchemaSuffix = \"_suffix\",\n TablePrefix = \"prefix_\",\n },\n });\n\n var release = new Gcp.Dataform.RepositoryReleaseConfig(\"release\", new()\n {\n Project = repository.Project,\n Region = repository.Region,\n Repository = repository.Name,\n Name = \"my_release\",\n GitCommitish = \"main\",\n CronSchedule = \"0 7 * * *\",\n TimeZone = \"America/New_York\",\n CodeCompilationConfig = new Gcp.Dataform.Inputs.RepositoryReleaseConfigCodeCompilationConfigArgs\n {\n DefaultDatabase = \"gcp-example-project\",\n DefaultSchema = \"example-dataset\",\n DefaultLocation = \"us-central1\",\n AssertionSchema = \"example-assertion-dataset\",\n DatabaseSuffix = \"\",\n SchemaSuffix = \"\",\n TablePrefix = \"\",\n Vars = \n {\n { \"var1\", \"value\" },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataform\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tgitRepository, err := sourcerepo.NewRepository(ctx, \"git_repository\", \u0026sourcerepo.RepositoryArgs{\n\t\t\tName: pulumi.String(\"my/repository\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecret, err := secretmanager.NewSecret(ctx, \"secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"my_secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecretVersion, err := secretmanager.NewSecretVersion(ctx, \"secret_version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: secret.ID(),\n\t\t\tSecretData: pulumi.String(\"secret-data\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trepository, err := dataform.NewRepository(ctx, \"repository\", \u0026dataform.RepositoryArgs{\n\t\t\tName: pulumi.String(\"dataform_repository\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tGitRemoteSettings: \u0026dataform.RepositoryGitRemoteSettingsArgs{\n\t\t\t\tUrl: gitRepository.Url,\n\t\t\t\tDefaultBranch: pulumi.String(\"main\"),\n\t\t\t\tAuthenticationTokenSecretVersion: secretVersion.ID(),\n\t\t\t},\n\t\t\tWorkspaceCompilationOverrides: \u0026dataform.RepositoryWorkspaceCompilationOverridesArgs{\n\t\t\t\tDefaultDatabase: pulumi.String(\"database\"),\n\t\t\t\tSchemaSuffix: pulumi.String(\"_suffix\"),\n\t\t\t\tTablePrefix: pulumi.String(\"prefix_\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataform.NewRepositoryReleaseConfig(ctx, \"release\", \u0026dataform.RepositoryReleaseConfigArgs{\n\t\t\tProject: repository.Project,\n\t\t\tRegion: repository.Region,\n\t\t\tRepository: repository.Name,\n\t\t\tName: pulumi.String(\"my_release\"),\n\t\t\tGitCommitish: pulumi.String(\"main\"),\n\t\t\tCronSchedule: pulumi.String(\"0 7 * * *\"),\n\t\t\tTimeZone: pulumi.String(\"America/New_York\"),\n\t\t\tCodeCompilationConfig: \u0026dataform.RepositoryReleaseConfigCodeCompilationConfigArgs{\n\t\t\t\tDefaultDatabase: pulumi.String(\"gcp-example-project\"),\n\t\t\t\tDefaultSchema: pulumi.String(\"example-dataset\"),\n\t\t\t\tDefaultLocation: pulumi.String(\"us-central1\"),\n\t\t\t\tAssertionSchema: pulumi.String(\"example-assertion-dataset\"),\n\t\t\t\tDatabaseSuffix: pulumi.String(\"\"),\n\t\t\t\tSchemaSuffix: pulumi.String(\"\"),\n\t\t\t\tTablePrefix: pulumi.String(\"\"),\n\t\t\t\tVars: pulumi.StringMap{\n\t\t\t\t\t\"var1\": pulumi.String(\"value\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sourcerepo.Repository;\nimport com.pulumi.gcp.sourcerepo.RepositoryArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.dataform.Repository;\nimport com.pulumi.gcp.dataform.RepositoryArgs;\nimport com.pulumi.gcp.dataform.inputs.RepositoryGitRemoteSettingsArgs;\nimport com.pulumi.gcp.dataform.inputs.RepositoryWorkspaceCompilationOverridesArgs;\nimport com.pulumi.gcp.dataform.RepositoryReleaseConfig;\nimport com.pulumi.gcp.dataform.RepositoryReleaseConfigArgs;\nimport com.pulumi.gcp.dataform.inputs.RepositoryReleaseConfigCodeCompilationConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var gitRepository = new Repository(\"gitRepository\", RepositoryArgs.builder()\n .name(\"my/repository\")\n .build());\n\n var secret = new Secret(\"secret\", SecretArgs.builder()\n .secretId(\"my_secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var secretVersion = new SecretVersion(\"secretVersion\", SecretVersionArgs.builder()\n .secret(secret.id())\n .secretData(\"secret-data\")\n .build());\n\n var repository = new Repository(\"repository\", RepositoryArgs.builder()\n .name(\"dataform_repository\")\n .region(\"us-central1\")\n .gitRemoteSettings(RepositoryGitRemoteSettingsArgs.builder()\n .url(gitRepository.url())\n .defaultBranch(\"main\")\n .authenticationTokenSecretVersion(secretVersion.id())\n .build())\n .workspaceCompilationOverrides(RepositoryWorkspaceCompilationOverridesArgs.builder()\n .defaultDatabase(\"database\")\n .schemaSuffix(\"_suffix\")\n .tablePrefix(\"prefix_\")\n .build())\n .build());\n\n var release = new RepositoryReleaseConfig(\"release\", RepositoryReleaseConfigArgs.builder()\n .project(repository.project())\n .region(repository.region())\n .repository(repository.name())\n .name(\"my_release\")\n .gitCommitish(\"main\")\n .cronSchedule(\"0 7 * * *\")\n .timeZone(\"America/New_York\")\n .codeCompilationConfig(RepositoryReleaseConfigCodeCompilationConfigArgs.builder()\n .defaultDatabase(\"gcp-example-project\")\n .defaultSchema(\"example-dataset\")\n .defaultLocation(\"us-central1\")\n .assertionSchema(\"example-assertion-dataset\")\n .databaseSuffix(\"\")\n .schemaSuffix(\"\")\n .tablePrefix(\"\")\n .vars(Map.of(\"var1\", \"value\"))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n gitRepository:\n type: gcp:sourcerepo:Repository\n name: git_repository\n properties:\n name: my/repository\n secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: my_secret\n replication:\n auto: {}\n secretVersion:\n type: gcp:secretmanager:SecretVersion\n name: secret_version\n properties:\n secret: ${secret.id}\n secretData: secret-data\n repository:\n type: gcp:dataform:Repository\n properties:\n name: dataform_repository\n region: us-central1\n gitRemoteSettings:\n url: ${gitRepository.url}\n defaultBranch: main\n authenticationTokenSecretVersion: ${secretVersion.id}\n workspaceCompilationOverrides:\n defaultDatabase: database\n schemaSuffix: _suffix\n tablePrefix: prefix_\n release:\n type: gcp:dataform:RepositoryReleaseConfig\n properties:\n project: ${repository.project}\n region: ${repository.region}\n repository: ${repository.name}\n name: my_release\n gitCommitish: main\n cronSchedule: 0 7 * * *\n timeZone: America/New_York\n codeCompilationConfig:\n defaultDatabase: gcp-example-project\n defaultSchema: example-dataset\n defaultLocation: us-central1\n assertionSchema: example-assertion-dataset\n databaseSuffix: \"\"\n schemaSuffix: \"\"\n tablePrefix: \"\"\n vars:\n var1: value\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRepositoryReleaseConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/repositories/{{repository}}/releaseConfigs/{{name}}`\n\n* `{{project}}/{{region}}/{{repository}}/{{name}}`\n\n* `{{region}}/{{repository}}/{{name}}`\n\n* `{{repository}}/{{name}}`\n\nWhen using the `pulumi import` command, RepositoryReleaseConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:dataform/repositoryReleaseConfig:RepositoryReleaseConfig default projects/{{project}}/locations/{{region}}/repositories/{{repository}}/releaseConfigs/{{name}}\n```\n\n```sh\n$ pulumi import gcp:dataform/repositoryReleaseConfig:RepositoryReleaseConfig default {{project}}/{{region}}/{{repository}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:dataform/repositoryReleaseConfig:RepositoryReleaseConfig default {{region}}/{{repository}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:dataform/repositoryReleaseConfig:RepositoryReleaseConfig default {{repository}}/{{name}}\n```\n\n", "properties": { "codeCompilationConfig": { "$ref": "#/types/gcp:dataform/RepositoryReleaseConfigCodeCompilationConfig:RepositoryReleaseConfigCodeCompilationConfig", @@ -193312,7 +193312,7 @@ } }, "gcp:dataform/repositoryWorkflowConfig:RepositoryWorkflowConfig": { - "description": "## Example Usage\n\n### Dataform Repository Workflow Config\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst gitRepository = new gcp.sourcerepo.Repository(\"git_repository\", {name: \"my/repository\"});\nconst secret = new gcp.secretmanager.Secret(\"secret\", {\n secretId: \"my_secret\",\n replication: {\n auto: {},\n },\n});\nconst secretVersion = new gcp.secretmanager.SecretVersion(\"secret_version\", {\n secret: secret.id,\n secretData: \"secret-data\",\n});\nconst repository = new gcp.dataform.Repository(\"repository\", {\n name: \"dataform_repository\",\n region: \"us-central1\",\n gitRemoteSettings: {\n url: gitRepository.url,\n defaultBranch: \"main\",\n authenticationTokenSecretVersion: secretVersion.id,\n },\n workspaceCompilationOverrides: {\n defaultDatabase: \"database\",\n schemaSuffix: \"_suffix\",\n tablePrefix: \"prefix_\",\n },\n});\nconst releaseConfig = new gcp.dataform.RepositoryReleaseConfig(\"release_config\", {\n project: repository.project,\n region: repository.region,\n repository: repository.name,\n name: \"my_release\",\n gitCommitish: \"main\",\n cronSchedule: \"0 7 * * *\",\n timeZone: \"America/New_York\",\n codeCompilationConfig: {\n defaultDatabase: \"gcp-example-project\",\n defaultSchema: \"example-dataset\",\n defaultLocation: \"us-central1\",\n assertionSchema: \"example-assertion-dataset\",\n databaseSuffix: \"\",\n schemaSuffix: \"\",\n tablePrefix: \"\",\n vars: {\n var1: \"value\",\n },\n },\n});\nconst dataformSa = new gcp.serviceaccount.Account(\"dataform_sa\", {\n accountId: \"dataform-sa\",\n displayName: \"Dataform Service Account\",\n});\nconst workflow = new gcp.dataform.RepositoryWorkflowConfig(\"workflow\", {\n project: repository.project,\n region: repository.region,\n repository: repository.name,\n name: \"my_workflow\",\n releaseConfig: releaseConfig.id,\n invocationConfig: {\n includedTargets: [\n {\n database: \"gcp-example-project\",\n schema: \"example-dataset\",\n name: \"target_1\",\n },\n {\n database: \"gcp-example-project\",\n schema: \"example-dataset\",\n name: \"target_2\",\n },\n ],\n includedTags: [\"tag_1\"],\n transitiveDependenciesIncluded: true,\n transitiveDependentsIncluded: true,\n fullyRefreshIncrementalTablesEnabled: false,\n serviceAccount: dataformSa.email,\n },\n cronSchedule: \"0 7 * * *\",\n timeZone: \"America/New_York\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ngit_repository = gcp.sourcerepo.Repository(\"git_repository\", name=\"my/repository\")\nsecret = gcp.secretmanager.Secret(\"secret\",\n secret_id=\"my_secret\",\n replication={\n \"auto\": {},\n })\nsecret_version = gcp.secretmanager.SecretVersion(\"secret_version\",\n secret=secret.id,\n secret_data=\"secret-data\")\nrepository = gcp.dataform.Repository(\"repository\",\n name=\"dataform_repository\",\n region=\"us-central1\",\n git_remote_settings={\n \"url\": git_repository.url,\n \"default_branch\": \"main\",\n \"authentication_token_secret_version\": secret_version.id,\n },\n workspace_compilation_overrides={\n \"default_database\": \"database\",\n \"schema_suffix\": \"_suffix\",\n \"table_prefix\": \"prefix_\",\n })\nrelease_config = gcp.dataform.RepositoryReleaseConfig(\"release_config\",\n project=repository.project,\n region=repository.region,\n repository=repository.name,\n name=\"my_release\",\n git_commitish=\"main\",\n cron_schedule=\"0 7 * * *\",\n time_zone=\"America/New_York\",\n code_compilation_config={\n \"default_database\": \"gcp-example-project\",\n \"default_schema\": \"example-dataset\",\n \"default_location\": \"us-central1\",\n \"assertion_schema\": \"example-assertion-dataset\",\n \"database_suffix\": \"\",\n \"schema_suffix\": \"\",\n \"table_prefix\": \"\",\n \"vars\": {\n \"var1\": \"value\",\n },\n })\ndataform_sa = gcp.serviceaccount.Account(\"dataform_sa\",\n account_id=\"dataform-sa\",\n display_name=\"Dataform Service Account\")\nworkflow = gcp.dataform.RepositoryWorkflowConfig(\"workflow\",\n project=repository.project,\n region=repository.region,\n repository=repository.name,\n name=\"my_workflow\",\n release_config=release_config.id,\n invocation_config={\n \"included_targets\": [\n {\n \"database\": \"gcp-example-project\",\n \"schema\": \"example-dataset\",\n \"name\": \"target_1\",\n },\n {\n \"database\": \"gcp-example-project\",\n \"schema\": \"example-dataset\",\n \"name\": \"target_2\",\n },\n ],\n \"included_tags\": [\"tag_1\"],\n \"transitive_dependencies_included\": True,\n \"transitive_dependents_included\": True,\n \"fully_refresh_incremental_tables_enabled\": False,\n \"service_account\": dataform_sa.email,\n },\n cron_schedule=\"0 7 * * *\",\n time_zone=\"America/New_York\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var gitRepository = new Gcp.SourceRepo.Repository(\"git_repository\", new()\n {\n Name = \"my/repository\",\n });\n\n var secret = new Gcp.SecretManager.Secret(\"secret\", new()\n {\n SecretId = \"my_secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var secretVersion = new Gcp.SecretManager.SecretVersion(\"secret_version\", new()\n {\n Secret = secret.Id,\n SecretData = \"secret-data\",\n });\n\n var repository = new Gcp.Dataform.Repository(\"repository\", new()\n {\n Name = \"dataform_repository\",\n Region = \"us-central1\",\n GitRemoteSettings = new Gcp.Dataform.Inputs.RepositoryGitRemoteSettingsArgs\n {\n Url = gitRepository.Url,\n DefaultBranch = \"main\",\n AuthenticationTokenSecretVersion = secretVersion.Id,\n },\n WorkspaceCompilationOverrides = new Gcp.Dataform.Inputs.RepositoryWorkspaceCompilationOverridesArgs\n {\n DefaultDatabase = \"database\",\n SchemaSuffix = \"_suffix\",\n TablePrefix = \"prefix_\",\n },\n });\n\n var releaseConfig = new Gcp.Dataform.RepositoryReleaseConfig(\"release_config\", new()\n {\n Project = repository.Project,\n Region = repository.Region,\n Repository = repository.Name,\n Name = \"my_release\",\n GitCommitish = \"main\",\n CronSchedule = \"0 7 * * *\",\n TimeZone = \"America/New_York\",\n CodeCompilationConfig = new Gcp.Dataform.Inputs.RepositoryReleaseConfigCodeCompilationConfigArgs\n {\n DefaultDatabase = \"gcp-example-project\",\n DefaultSchema = \"example-dataset\",\n DefaultLocation = \"us-central1\",\n AssertionSchema = \"example-assertion-dataset\",\n DatabaseSuffix = \"\",\n SchemaSuffix = \"\",\n TablePrefix = \"\",\n Vars = \n {\n { \"var1\", \"value\" },\n },\n },\n });\n\n var dataformSa = new Gcp.ServiceAccount.Account(\"dataform_sa\", new()\n {\n AccountId = \"dataform-sa\",\n DisplayName = \"Dataform Service Account\",\n });\n\n var workflow = new Gcp.Dataform.RepositoryWorkflowConfig(\"workflow\", new()\n {\n Project = repository.Project,\n Region = repository.Region,\n Repository = repository.Name,\n Name = \"my_workflow\",\n ReleaseConfig = releaseConfig.Id,\n InvocationConfig = new Gcp.Dataform.Inputs.RepositoryWorkflowConfigInvocationConfigArgs\n {\n IncludedTargets = new[]\n {\n new Gcp.Dataform.Inputs.RepositoryWorkflowConfigInvocationConfigIncludedTargetArgs\n {\n Database = \"gcp-example-project\",\n Schema = \"example-dataset\",\n Name = \"target_1\",\n },\n new Gcp.Dataform.Inputs.RepositoryWorkflowConfigInvocationConfigIncludedTargetArgs\n {\n Database = \"gcp-example-project\",\n Schema = \"example-dataset\",\n Name = \"target_2\",\n },\n },\n IncludedTags = new[]\n {\n \"tag_1\",\n },\n TransitiveDependenciesIncluded = true,\n TransitiveDependentsIncluded = true,\n FullyRefreshIncrementalTablesEnabled = false,\n ServiceAccount = dataformSa.Email,\n },\n CronSchedule = \"0 7 * * *\",\n TimeZone = \"America/New_York\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataform\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tgitRepository, err := sourcerepo.NewRepository(ctx, \"git_repository\", \u0026sourcerepo.RepositoryArgs{\n\t\t\tName: pulumi.String(\"my/repository\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecret, err := secretmanager.NewSecret(ctx, \"secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"my_secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecretVersion, err := secretmanager.NewSecretVersion(ctx, \"secret_version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: secret.ID(),\n\t\t\tSecretData: pulumi.String(\"secret-data\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trepository, err := dataform.NewRepository(ctx, \"repository\", \u0026dataform.RepositoryArgs{\n\t\t\tName: pulumi.String(\"dataform_repository\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tGitRemoteSettings: \u0026dataform.RepositoryGitRemoteSettingsArgs{\n\t\t\t\tUrl: gitRepository.Url,\n\t\t\t\tDefaultBranch: pulumi.String(\"main\"),\n\t\t\t\tAuthenticationTokenSecretVersion: secretVersion.ID(),\n\t\t\t},\n\t\t\tWorkspaceCompilationOverrides: \u0026dataform.RepositoryWorkspaceCompilationOverridesArgs{\n\t\t\t\tDefaultDatabase: pulumi.String(\"database\"),\n\t\t\t\tSchemaSuffix: pulumi.String(\"_suffix\"),\n\t\t\t\tTablePrefix: pulumi.String(\"prefix_\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treleaseConfig, err := dataform.NewRepositoryReleaseConfig(ctx, \"release_config\", \u0026dataform.RepositoryReleaseConfigArgs{\n\t\t\tProject: repository.Project,\n\t\t\tRegion: repository.Region,\n\t\t\tRepository: repository.Name,\n\t\t\tName: pulumi.String(\"my_release\"),\n\t\t\tGitCommitish: pulumi.String(\"main\"),\n\t\t\tCronSchedule: pulumi.String(\"0 7 * * *\"),\n\t\t\tTimeZone: pulumi.String(\"America/New_York\"),\n\t\t\tCodeCompilationConfig: \u0026dataform.RepositoryReleaseConfigCodeCompilationConfigArgs{\n\t\t\t\tDefaultDatabase: pulumi.String(\"gcp-example-project\"),\n\t\t\t\tDefaultSchema: pulumi.String(\"example-dataset\"),\n\t\t\t\tDefaultLocation: pulumi.String(\"us-central1\"),\n\t\t\t\tAssertionSchema: pulumi.String(\"example-assertion-dataset\"),\n\t\t\t\tDatabaseSuffix: pulumi.String(\"\"),\n\t\t\t\tSchemaSuffix: pulumi.String(\"\"),\n\t\t\t\tTablePrefix: pulumi.String(\"\"),\n\t\t\t\tVars: pulumi.StringMap{\n\t\t\t\t\t\"var1\": pulumi.String(\"value\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdataformSa, err := serviceaccount.NewAccount(ctx, \"dataform_sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"dataform-sa\"),\n\t\t\tDisplayName: pulumi.String(\"Dataform Service Account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataform.NewRepositoryWorkflowConfig(ctx, \"workflow\", \u0026dataform.RepositoryWorkflowConfigArgs{\n\t\t\tProject: repository.Project,\n\t\t\tRegion: repository.Region,\n\t\t\tRepository: repository.Name,\n\t\t\tName: pulumi.String(\"my_workflow\"),\n\t\t\tReleaseConfig: releaseConfig.ID(),\n\t\t\tInvocationConfig: \u0026dataform.RepositoryWorkflowConfigInvocationConfigArgs{\n\t\t\t\tIncludedTargets: dataform.RepositoryWorkflowConfigInvocationConfigIncludedTargetArray{\n\t\t\t\t\t\u0026dataform.RepositoryWorkflowConfigInvocationConfigIncludedTargetArgs{\n\t\t\t\t\t\tDatabase: pulumi.String(\"gcp-example-project\"),\n\t\t\t\t\t\tSchema: pulumi.String(\"example-dataset\"),\n\t\t\t\t\t\tName: pulumi.String(\"target_1\"),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026dataform.RepositoryWorkflowConfigInvocationConfigIncludedTargetArgs{\n\t\t\t\t\t\tDatabase: pulumi.String(\"gcp-example-project\"),\n\t\t\t\t\t\tSchema: pulumi.String(\"example-dataset\"),\n\t\t\t\t\t\tName: pulumi.String(\"target_2\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tIncludedTags: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"tag_1\"),\n\t\t\t\t},\n\t\t\t\tTransitiveDependenciesIncluded: pulumi.Bool(true),\n\t\t\t\tTransitiveDependentsIncluded: pulumi.Bool(true),\n\t\t\t\tFullyRefreshIncrementalTablesEnabled: pulumi.Bool(false),\n\t\t\t\tServiceAccount: dataformSa.Email,\n\t\t\t},\n\t\t\tCronSchedule: pulumi.String(\"0 7 * * *\"),\n\t\t\tTimeZone: pulumi.String(\"America/New_York\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sourcerepo.Repository;\nimport com.pulumi.gcp.sourcerepo.RepositoryArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.dataform.Repository;\nimport com.pulumi.gcp.dataform.RepositoryArgs;\nimport com.pulumi.gcp.dataform.inputs.RepositoryGitRemoteSettingsArgs;\nimport com.pulumi.gcp.dataform.inputs.RepositoryWorkspaceCompilationOverridesArgs;\nimport com.pulumi.gcp.dataform.RepositoryReleaseConfig;\nimport com.pulumi.gcp.dataform.RepositoryReleaseConfigArgs;\nimport com.pulumi.gcp.dataform.inputs.RepositoryReleaseConfigCodeCompilationConfigArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.dataform.RepositoryWorkflowConfig;\nimport com.pulumi.gcp.dataform.RepositoryWorkflowConfigArgs;\nimport com.pulumi.gcp.dataform.inputs.RepositoryWorkflowConfigInvocationConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var gitRepository = new Repository(\"gitRepository\", RepositoryArgs.builder()\n .name(\"my/repository\")\n .build());\n\n var secret = new Secret(\"secret\", SecretArgs.builder()\n .secretId(\"my_secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var secretVersion = new SecretVersion(\"secretVersion\", SecretVersionArgs.builder()\n .secret(secret.id())\n .secretData(\"secret-data\")\n .build());\n\n var repository = new Repository(\"repository\", RepositoryArgs.builder()\n .name(\"dataform_repository\")\n .region(\"us-central1\")\n .gitRemoteSettings(RepositoryGitRemoteSettingsArgs.builder()\n .url(gitRepository.url())\n .defaultBranch(\"main\")\n .authenticationTokenSecretVersion(secretVersion.id())\n .build())\n .workspaceCompilationOverrides(RepositoryWorkspaceCompilationOverridesArgs.builder()\n .defaultDatabase(\"database\")\n .schemaSuffix(\"_suffix\")\n .tablePrefix(\"prefix_\")\n .build())\n .build());\n\n var releaseConfig = new RepositoryReleaseConfig(\"releaseConfig\", RepositoryReleaseConfigArgs.builder()\n .project(repository.project())\n .region(repository.region())\n .repository(repository.name())\n .name(\"my_release\")\n .gitCommitish(\"main\")\n .cronSchedule(\"0 7 * * *\")\n .timeZone(\"America/New_York\")\n .codeCompilationConfig(RepositoryReleaseConfigCodeCompilationConfigArgs.builder()\n .defaultDatabase(\"gcp-example-project\")\n .defaultSchema(\"example-dataset\")\n .defaultLocation(\"us-central1\")\n .assertionSchema(\"example-assertion-dataset\")\n .databaseSuffix(\"\")\n .schemaSuffix(\"\")\n .tablePrefix(\"\")\n .vars(Map.of(\"var1\", \"value\"))\n .build())\n .build());\n\n var dataformSa = new Account(\"dataformSa\", AccountArgs.builder()\n .accountId(\"dataform-sa\")\n .displayName(\"Dataform Service Account\")\n .build());\n\n var workflow = new RepositoryWorkflowConfig(\"workflow\", RepositoryWorkflowConfigArgs.builder()\n .project(repository.project())\n .region(repository.region())\n .repository(repository.name())\n .name(\"my_workflow\")\n .releaseConfig(releaseConfig.id())\n .invocationConfig(RepositoryWorkflowConfigInvocationConfigArgs.builder()\n .includedTargets( \n RepositoryWorkflowConfigInvocationConfigIncludedTargetArgs.builder()\n .database(\"gcp-example-project\")\n .schema(\"example-dataset\")\n .name(\"target_1\")\n .build(),\n RepositoryWorkflowConfigInvocationConfigIncludedTargetArgs.builder()\n .database(\"gcp-example-project\")\n .schema(\"example-dataset\")\n .name(\"target_2\")\n .build())\n .includedTags(\"tag_1\")\n .transitiveDependenciesIncluded(true)\n .transitiveDependentsIncluded(true)\n .fullyRefreshIncrementalTablesEnabled(false)\n .serviceAccount(dataformSa.email())\n .build())\n .cronSchedule(\"0 7 * * *\")\n .timeZone(\"America/New_York\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n gitRepository:\n type: gcp:sourcerepo:Repository\n name: git_repository\n properties:\n name: my/repository\n secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: my_secret\n replication:\n auto: {}\n secretVersion:\n type: gcp:secretmanager:SecretVersion\n name: secret_version\n properties:\n secret: ${secret.id}\n secretData: secret-data\n repository:\n type: gcp:dataform:Repository\n properties:\n name: dataform_repository\n region: us-central1\n gitRemoteSettings:\n url: ${gitRepository.url}\n defaultBranch: main\n authenticationTokenSecretVersion: ${secretVersion.id}\n workspaceCompilationOverrides:\n defaultDatabase: database\n schemaSuffix: _suffix\n tablePrefix: prefix_\n releaseConfig:\n type: gcp:dataform:RepositoryReleaseConfig\n name: release_config\n properties:\n project: ${repository.project}\n region: ${repository.region}\n repository: ${repository.name}\n name: my_release\n gitCommitish: main\n cronSchedule: 0 7 * * *\n timeZone: America/New_York\n codeCompilationConfig:\n defaultDatabase: gcp-example-project\n defaultSchema: example-dataset\n defaultLocation: us-central1\n assertionSchema: example-assertion-dataset\n databaseSuffix:\n schemaSuffix:\n tablePrefix:\n vars:\n var1: value\n dataformSa:\n type: gcp:serviceaccount:Account\n name: dataform_sa\n properties:\n accountId: dataform-sa\n displayName: Dataform Service Account\n workflow:\n type: gcp:dataform:RepositoryWorkflowConfig\n properties:\n project: ${repository.project}\n region: ${repository.region}\n repository: ${repository.name}\n name: my_workflow\n releaseConfig: ${releaseConfig.id}\n invocationConfig:\n includedTargets:\n - database: gcp-example-project\n schema: example-dataset\n name: target_1\n - database: gcp-example-project\n schema: example-dataset\n name: target_2\n includedTags:\n - tag_1\n transitiveDependenciesIncluded: true\n transitiveDependentsIncluded: true\n fullyRefreshIncrementalTablesEnabled: false\n serviceAccount: ${dataformSa.email}\n cronSchedule: 0 7 * * *\n timeZone: America/New_York\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRepositoryWorkflowConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/repositories/{{repository}}/workflowConfigs/{{name}}`\n\n* `{{project}}/{{region}}/{{repository}}/{{name}}`\n\n* `{{region}}/{{repository}}/{{name}}`\n\n* `{{repository}}/{{name}}`\n\nWhen using the `pulumi import` command, RepositoryWorkflowConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:dataform/repositoryWorkflowConfig:RepositoryWorkflowConfig default projects/{{project}}/locations/{{region}}/repositories/{{repository}}/workflowConfigs/{{name}}\n```\n\n```sh\n$ pulumi import gcp:dataform/repositoryWorkflowConfig:RepositoryWorkflowConfig default {{project}}/{{region}}/{{repository}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:dataform/repositoryWorkflowConfig:RepositoryWorkflowConfig default {{region}}/{{repository}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:dataform/repositoryWorkflowConfig:RepositoryWorkflowConfig default {{repository}}/{{name}}\n```\n\n", + "description": "## Example Usage\n\n### Dataform Repository Workflow Config\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst gitRepository = new gcp.sourcerepo.Repository(\"git_repository\", {name: \"my/repository\"});\nconst secret = new gcp.secretmanager.Secret(\"secret\", {\n secretId: \"my_secret\",\n replication: {\n auto: {},\n },\n});\nconst secretVersion = new gcp.secretmanager.SecretVersion(\"secret_version\", {\n secret: secret.id,\n secretData: \"secret-data\",\n});\nconst repository = new gcp.dataform.Repository(\"repository\", {\n name: \"dataform_repository\",\n region: \"us-central1\",\n gitRemoteSettings: {\n url: gitRepository.url,\n defaultBranch: \"main\",\n authenticationTokenSecretVersion: secretVersion.id,\n },\n workspaceCompilationOverrides: {\n defaultDatabase: \"database\",\n schemaSuffix: \"_suffix\",\n tablePrefix: \"prefix_\",\n },\n});\nconst releaseConfig = new gcp.dataform.RepositoryReleaseConfig(\"release_config\", {\n project: repository.project,\n region: repository.region,\n repository: repository.name,\n name: \"my_release\",\n gitCommitish: \"main\",\n cronSchedule: \"0 7 * * *\",\n timeZone: \"America/New_York\",\n codeCompilationConfig: {\n defaultDatabase: \"gcp-example-project\",\n defaultSchema: \"example-dataset\",\n defaultLocation: \"us-central1\",\n assertionSchema: \"example-assertion-dataset\",\n databaseSuffix: \"\",\n schemaSuffix: \"\",\n tablePrefix: \"\",\n vars: {\n var1: \"value\",\n },\n },\n});\nconst dataformSa = new gcp.serviceaccount.Account(\"dataform_sa\", {\n accountId: \"dataform-sa\",\n displayName: \"Dataform Service Account\",\n});\nconst workflow = new gcp.dataform.RepositoryWorkflowConfig(\"workflow\", {\n project: repository.project,\n region: repository.region,\n repository: repository.name,\n name: \"my_workflow\",\n releaseConfig: releaseConfig.id,\n invocationConfig: {\n includedTargets: [\n {\n database: \"gcp-example-project\",\n schema: \"example-dataset\",\n name: \"target_1\",\n },\n {\n database: \"gcp-example-project\",\n schema: \"example-dataset\",\n name: \"target_2\",\n },\n ],\n includedTags: [\"tag_1\"],\n transitiveDependenciesIncluded: true,\n transitiveDependentsIncluded: true,\n fullyRefreshIncrementalTablesEnabled: false,\n serviceAccount: dataformSa.email,\n },\n cronSchedule: \"0 7 * * *\",\n timeZone: \"America/New_York\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ngit_repository = gcp.sourcerepo.Repository(\"git_repository\", name=\"my/repository\")\nsecret = gcp.secretmanager.Secret(\"secret\",\n secret_id=\"my_secret\",\n replication={\n \"auto\": {},\n })\nsecret_version = gcp.secretmanager.SecretVersion(\"secret_version\",\n secret=secret.id,\n secret_data=\"secret-data\")\nrepository = gcp.dataform.Repository(\"repository\",\n name=\"dataform_repository\",\n region=\"us-central1\",\n git_remote_settings={\n \"url\": git_repository.url,\n \"default_branch\": \"main\",\n \"authentication_token_secret_version\": secret_version.id,\n },\n workspace_compilation_overrides={\n \"default_database\": \"database\",\n \"schema_suffix\": \"_suffix\",\n \"table_prefix\": \"prefix_\",\n })\nrelease_config = gcp.dataform.RepositoryReleaseConfig(\"release_config\",\n project=repository.project,\n region=repository.region,\n repository=repository.name,\n name=\"my_release\",\n git_commitish=\"main\",\n cron_schedule=\"0 7 * * *\",\n time_zone=\"America/New_York\",\n code_compilation_config={\n \"default_database\": \"gcp-example-project\",\n \"default_schema\": \"example-dataset\",\n \"default_location\": \"us-central1\",\n \"assertion_schema\": \"example-assertion-dataset\",\n \"database_suffix\": \"\",\n \"schema_suffix\": \"\",\n \"table_prefix\": \"\",\n \"vars\": {\n \"var1\": \"value\",\n },\n })\ndataform_sa = gcp.serviceaccount.Account(\"dataform_sa\",\n account_id=\"dataform-sa\",\n display_name=\"Dataform Service Account\")\nworkflow = gcp.dataform.RepositoryWorkflowConfig(\"workflow\",\n project=repository.project,\n region=repository.region,\n repository=repository.name,\n name=\"my_workflow\",\n release_config=release_config.id,\n invocation_config={\n \"included_targets\": [\n {\n \"database\": \"gcp-example-project\",\n \"schema\": \"example-dataset\",\n \"name\": \"target_1\",\n },\n {\n \"database\": \"gcp-example-project\",\n \"schema\": \"example-dataset\",\n \"name\": \"target_2\",\n },\n ],\n \"included_tags\": [\"tag_1\"],\n \"transitive_dependencies_included\": True,\n \"transitive_dependents_included\": True,\n \"fully_refresh_incremental_tables_enabled\": False,\n \"service_account\": dataform_sa.email,\n },\n cron_schedule=\"0 7 * * *\",\n time_zone=\"America/New_York\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var gitRepository = new Gcp.SourceRepo.Repository(\"git_repository\", new()\n {\n Name = \"my/repository\",\n });\n\n var secret = new Gcp.SecretManager.Secret(\"secret\", new()\n {\n SecretId = \"my_secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var secretVersion = new Gcp.SecretManager.SecretVersion(\"secret_version\", new()\n {\n Secret = secret.Id,\n SecretData = \"secret-data\",\n });\n\n var repository = new Gcp.Dataform.Repository(\"repository\", new()\n {\n Name = \"dataform_repository\",\n Region = \"us-central1\",\n GitRemoteSettings = new Gcp.Dataform.Inputs.RepositoryGitRemoteSettingsArgs\n {\n Url = gitRepository.Url,\n DefaultBranch = \"main\",\n AuthenticationTokenSecretVersion = secretVersion.Id,\n },\n WorkspaceCompilationOverrides = new Gcp.Dataform.Inputs.RepositoryWorkspaceCompilationOverridesArgs\n {\n DefaultDatabase = \"database\",\n SchemaSuffix = \"_suffix\",\n TablePrefix = \"prefix_\",\n },\n });\n\n var releaseConfig = new Gcp.Dataform.RepositoryReleaseConfig(\"release_config\", new()\n {\n Project = repository.Project,\n Region = repository.Region,\n Repository = repository.Name,\n Name = \"my_release\",\n GitCommitish = \"main\",\n CronSchedule = \"0 7 * * *\",\n TimeZone = \"America/New_York\",\n CodeCompilationConfig = new Gcp.Dataform.Inputs.RepositoryReleaseConfigCodeCompilationConfigArgs\n {\n DefaultDatabase = \"gcp-example-project\",\n DefaultSchema = \"example-dataset\",\n DefaultLocation = \"us-central1\",\n AssertionSchema = \"example-assertion-dataset\",\n DatabaseSuffix = \"\",\n SchemaSuffix = \"\",\n TablePrefix = \"\",\n Vars = \n {\n { \"var1\", \"value\" },\n },\n },\n });\n\n var dataformSa = new Gcp.ServiceAccount.Account(\"dataform_sa\", new()\n {\n AccountId = \"dataform-sa\",\n DisplayName = \"Dataform Service Account\",\n });\n\n var workflow = new Gcp.Dataform.RepositoryWorkflowConfig(\"workflow\", new()\n {\n Project = repository.Project,\n Region = repository.Region,\n Repository = repository.Name,\n Name = \"my_workflow\",\n ReleaseConfig = releaseConfig.Id,\n InvocationConfig = new Gcp.Dataform.Inputs.RepositoryWorkflowConfigInvocationConfigArgs\n {\n IncludedTargets = new[]\n {\n new Gcp.Dataform.Inputs.RepositoryWorkflowConfigInvocationConfigIncludedTargetArgs\n {\n Database = \"gcp-example-project\",\n Schema = \"example-dataset\",\n Name = \"target_1\",\n },\n new Gcp.Dataform.Inputs.RepositoryWorkflowConfigInvocationConfigIncludedTargetArgs\n {\n Database = \"gcp-example-project\",\n Schema = \"example-dataset\",\n Name = \"target_2\",\n },\n },\n IncludedTags = new[]\n {\n \"tag_1\",\n },\n TransitiveDependenciesIncluded = true,\n TransitiveDependentsIncluded = true,\n FullyRefreshIncrementalTablesEnabled = false,\n ServiceAccount = dataformSa.Email,\n },\n CronSchedule = \"0 7 * * *\",\n TimeZone = \"America/New_York\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataform\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tgitRepository, err := sourcerepo.NewRepository(ctx, \"git_repository\", \u0026sourcerepo.RepositoryArgs{\n\t\t\tName: pulumi.String(\"my/repository\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecret, err := secretmanager.NewSecret(ctx, \"secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"my_secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecretVersion, err := secretmanager.NewSecretVersion(ctx, \"secret_version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: secret.ID(),\n\t\t\tSecretData: pulumi.String(\"secret-data\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trepository, err := dataform.NewRepository(ctx, \"repository\", \u0026dataform.RepositoryArgs{\n\t\t\tName: pulumi.String(\"dataform_repository\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tGitRemoteSettings: \u0026dataform.RepositoryGitRemoteSettingsArgs{\n\t\t\t\tUrl: gitRepository.Url,\n\t\t\t\tDefaultBranch: pulumi.String(\"main\"),\n\t\t\t\tAuthenticationTokenSecretVersion: secretVersion.ID(),\n\t\t\t},\n\t\t\tWorkspaceCompilationOverrides: \u0026dataform.RepositoryWorkspaceCompilationOverridesArgs{\n\t\t\t\tDefaultDatabase: pulumi.String(\"database\"),\n\t\t\t\tSchemaSuffix: pulumi.String(\"_suffix\"),\n\t\t\t\tTablePrefix: pulumi.String(\"prefix_\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treleaseConfig, err := dataform.NewRepositoryReleaseConfig(ctx, \"release_config\", \u0026dataform.RepositoryReleaseConfigArgs{\n\t\t\tProject: repository.Project,\n\t\t\tRegion: repository.Region,\n\t\t\tRepository: repository.Name,\n\t\t\tName: pulumi.String(\"my_release\"),\n\t\t\tGitCommitish: pulumi.String(\"main\"),\n\t\t\tCronSchedule: pulumi.String(\"0 7 * * *\"),\n\t\t\tTimeZone: pulumi.String(\"America/New_York\"),\n\t\t\tCodeCompilationConfig: \u0026dataform.RepositoryReleaseConfigCodeCompilationConfigArgs{\n\t\t\t\tDefaultDatabase: pulumi.String(\"gcp-example-project\"),\n\t\t\t\tDefaultSchema: pulumi.String(\"example-dataset\"),\n\t\t\t\tDefaultLocation: pulumi.String(\"us-central1\"),\n\t\t\t\tAssertionSchema: pulumi.String(\"example-assertion-dataset\"),\n\t\t\t\tDatabaseSuffix: pulumi.String(\"\"),\n\t\t\t\tSchemaSuffix: pulumi.String(\"\"),\n\t\t\t\tTablePrefix: pulumi.String(\"\"),\n\t\t\t\tVars: pulumi.StringMap{\n\t\t\t\t\t\"var1\": pulumi.String(\"value\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdataformSa, err := serviceaccount.NewAccount(ctx, \"dataform_sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"dataform-sa\"),\n\t\t\tDisplayName: pulumi.String(\"Dataform Service Account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataform.NewRepositoryWorkflowConfig(ctx, \"workflow\", \u0026dataform.RepositoryWorkflowConfigArgs{\n\t\t\tProject: repository.Project,\n\t\t\tRegion: repository.Region,\n\t\t\tRepository: repository.Name,\n\t\t\tName: pulumi.String(\"my_workflow\"),\n\t\t\tReleaseConfig: releaseConfig.ID(),\n\t\t\tInvocationConfig: \u0026dataform.RepositoryWorkflowConfigInvocationConfigArgs{\n\t\t\t\tIncludedTargets: dataform.RepositoryWorkflowConfigInvocationConfigIncludedTargetArray{\n\t\t\t\t\t\u0026dataform.RepositoryWorkflowConfigInvocationConfigIncludedTargetArgs{\n\t\t\t\t\t\tDatabase: pulumi.String(\"gcp-example-project\"),\n\t\t\t\t\t\tSchema: pulumi.String(\"example-dataset\"),\n\t\t\t\t\t\tName: pulumi.String(\"target_1\"),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026dataform.RepositoryWorkflowConfigInvocationConfigIncludedTargetArgs{\n\t\t\t\t\t\tDatabase: pulumi.String(\"gcp-example-project\"),\n\t\t\t\t\t\tSchema: pulumi.String(\"example-dataset\"),\n\t\t\t\t\t\tName: pulumi.String(\"target_2\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tIncludedTags: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"tag_1\"),\n\t\t\t\t},\n\t\t\t\tTransitiveDependenciesIncluded: pulumi.Bool(true),\n\t\t\t\tTransitiveDependentsIncluded: pulumi.Bool(true),\n\t\t\t\tFullyRefreshIncrementalTablesEnabled: pulumi.Bool(false),\n\t\t\t\tServiceAccount: dataformSa.Email,\n\t\t\t},\n\t\t\tCronSchedule: pulumi.String(\"0 7 * * *\"),\n\t\t\tTimeZone: pulumi.String(\"America/New_York\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sourcerepo.Repository;\nimport com.pulumi.gcp.sourcerepo.RepositoryArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.dataform.Repository;\nimport com.pulumi.gcp.dataform.RepositoryArgs;\nimport com.pulumi.gcp.dataform.inputs.RepositoryGitRemoteSettingsArgs;\nimport com.pulumi.gcp.dataform.inputs.RepositoryWorkspaceCompilationOverridesArgs;\nimport com.pulumi.gcp.dataform.RepositoryReleaseConfig;\nimport com.pulumi.gcp.dataform.RepositoryReleaseConfigArgs;\nimport com.pulumi.gcp.dataform.inputs.RepositoryReleaseConfigCodeCompilationConfigArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.dataform.RepositoryWorkflowConfig;\nimport com.pulumi.gcp.dataform.RepositoryWorkflowConfigArgs;\nimport com.pulumi.gcp.dataform.inputs.RepositoryWorkflowConfigInvocationConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var gitRepository = new Repository(\"gitRepository\", RepositoryArgs.builder()\n .name(\"my/repository\")\n .build());\n\n var secret = new Secret(\"secret\", SecretArgs.builder()\n .secretId(\"my_secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var secretVersion = new SecretVersion(\"secretVersion\", SecretVersionArgs.builder()\n .secret(secret.id())\n .secretData(\"secret-data\")\n .build());\n\n var repository = new Repository(\"repository\", RepositoryArgs.builder()\n .name(\"dataform_repository\")\n .region(\"us-central1\")\n .gitRemoteSettings(RepositoryGitRemoteSettingsArgs.builder()\n .url(gitRepository.url())\n .defaultBranch(\"main\")\n .authenticationTokenSecretVersion(secretVersion.id())\n .build())\n .workspaceCompilationOverrides(RepositoryWorkspaceCompilationOverridesArgs.builder()\n .defaultDatabase(\"database\")\n .schemaSuffix(\"_suffix\")\n .tablePrefix(\"prefix_\")\n .build())\n .build());\n\n var releaseConfig = new RepositoryReleaseConfig(\"releaseConfig\", RepositoryReleaseConfigArgs.builder()\n .project(repository.project())\n .region(repository.region())\n .repository(repository.name())\n .name(\"my_release\")\n .gitCommitish(\"main\")\n .cronSchedule(\"0 7 * * *\")\n .timeZone(\"America/New_York\")\n .codeCompilationConfig(RepositoryReleaseConfigCodeCompilationConfigArgs.builder()\n .defaultDatabase(\"gcp-example-project\")\n .defaultSchema(\"example-dataset\")\n .defaultLocation(\"us-central1\")\n .assertionSchema(\"example-assertion-dataset\")\n .databaseSuffix(\"\")\n .schemaSuffix(\"\")\n .tablePrefix(\"\")\n .vars(Map.of(\"var1\", \"value\"))\n .build())\n .build());\n\n var dataformSa = new Account(\"dataformSa\", AccountArgs.builder()\n .accountId(\"dataform-sa\")\n .displayName(\"Dataform Service Account\")\n .build());\n\n var workflow = new RepositoryWorkflowConfig(\"workflow\", RepositoryWorkflowConfigArgs.builder()\n .project(repository.project())\n .region(repository.region())\n .repository(repository.name())\n .name(\"my_workflow\")\n .releaseConfig(releaseConfig.id())\n .invocationConfig(RepositoryWorkflowConfigInvocationConfigArgs.builder()\n .includedTargets( \n RepositoryWorkflowConfigInvocationConfigIncludedTargetArgs.builder()\n .database(\"gcp-example-project\")\n .schema(\"example-dataset\")\n .name(\"target_1\")\n .build(),\n RepositoryWorkflowConfigInvocationConfigIncludedTargetArgs.builder()\n .database(\"gcp-example-project\")\n .schema(\"example-dataset\")\n .name(\"target_2\")\n .build())\n .includedTags(\"tag_1\")\n .transitiveDependenciesIncluded(true)\n .transitiveDependentsIncluded(true)\n .fullyRefreshIncrementalTablesEnabled(false)\n .serviceAccount(dataformSa.email())\n .build())\n .cronSchedule(\"0 7 * * *\")\n .timeZone(\"America/New_York\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n gitRepository:\n type: gcp:sourcerepo:Repository\n name: git_repository\n properties:\n name: my/repository\n secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: my_secret\n replication:\n auto: {}\n secretVersion:\n type: gcp:secretmanager:SecretVersion\n name: secret_version\n properties:\n secret: ${secret.id}\n secretData: secret-data\n repository:\n type: gcp:dataform:Repository\n properties:\n name: dataform_repository\n region: us-central1\n gitRemoteSettings:\n url: ${gitRepository.url}\n defaultBranch: main\n authenticationTokenSecretVersion: ${secretVersion.id}\n workspaceCompilationOverrides:\n defaultDatabase: database\n schemaSuffix: _suffix\n tablePrefix: prefix_\n releaseConfig:\n type: gcp:dataform:RepositoryReleaseConfig\n name: release_config\n properties:\n project: ${repository.project}\n region: ${repository.region}\n repository: ${repository.name}\n name: my_release\n gitCommitish: main\n cronSchedule: 0 7 * * *\n timeZone: America/New_York\n codeCompilationConfig:\n defaultDatabase: gcp-example-project\n defaultSchema: example-dataset\n defaultLocation: us-central1\n assertionSchema: example-assertion-dataset\n databaseSuffix: \"\"\n schemaSuffix: \"\"\n tablePrefix: \"\"\n vars:\n var1: value\n dataformSa:\n type: gcp:serviceaccount:Account\n name: dataform_sa\n properties:\n accountId: dataform-sa\n displayName: Dataform Service Account\n workflow:\n type: gcp:dataform:RepositoryWorkflowConfig\n properties:\n project: ${repository.project}\n region: ${repository.region}\n repository: ${repository.name}\n name: my_workflow\n releaseConfig: ${releaseConfig.id}\n invocationConfig:\n includedTargets:\n - database: gcp-example-project\n schema: example-dataset\n name: target_1\n - database: gcp-example-project\n schema: example-dataset\n name: target_2\n includedTags:\n - tag_1\n transitiveDependenciesIncluded: true\n transitiveDependentsIncluded: true\n fullyRefreshIncrementalTablesEnabled: false\n serviceAccount: ${dataformSa.email}\n cronSchedule: 0 7 * * *\n timeZone: America/New_York\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRepositoryWorkflowConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/repositories/{{repository}}/workflowConfigs/{{name}}`\n\n* `{{project}}/{{region}}/{{repository}}/{{name}}`\n\n* `{{region}}/{{repository}}/{{name}}`\n\n* `{{repository}}/{{name}}`\n\nWhen using the `pulumi import` command, RepositoryWorkflowConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:dataform/repositoryWorkflowConfig:RepositoryWorkflowConfig default projects/{{project}}/locations/{{region}}/repositories/{{repository}}/workflowConfigs/{{name}}\n```\n\n```sh\n$ pulumi import gcp:dataform/repositoryWorkflowConfig:RepositoryWorkflowConfig default {{project}}/{{region}}/{{repository}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:dataform/repositoryWorkflowConfig:RepositoryWorkflowConfig default {{region}}/{{repository}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:dataform/repositoryWorkflowConfig:RepositoryWorkflowConfig default {{repository}}/{{name}}\n```\n\n", "properties": { "cronSchedule": { "type": "string", @@ -193452,7 +193452,7 @@ } }, "gcp:datafusion/instance:Instance": { - "description": "Represents a Data Fusion instance.\n\n\nTo get more information about Instance, see:\n\n* [API documentation](https://cloud.google.com/data-fusion/docs/reference/rest/v1beta1/projects.locations.instances)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/data-fusion/docs/)\n\n## Example Usage\n\n### Data Fusion Instance Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basicInstance = new gcp.datafusion.Instance(\"basic_instance\", {\n name: \"my-instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic_instance = gcp.datafusion.Instance(\"basic_instance\",\n name=\"my-instance\",\n region=\"us-central1\",\n type=\"BASIC\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basicInstance = new Gcp.DataFusion.Instance(\"basic_instance\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datafusion.NewInstance(ctx, \"basic_instance\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basicInstance = new Instance(\"basicInstance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basicInstance:\n type: gcp:datafusion:Instance\n name: basic_instance\n properties:\n name: my-instance\n region: us-central1\n type: BASIC\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.appengine.getDefaultServiceAccount({});\nconst network = new gcp.compute.Network(\"network\", {name: \"datafusion-full-network\"});\nconst privateIpAlloc = new gcp.compute.GlobalAddress(\"private_ip_alloc\", {\n name: \"datafusion-ip-alloc\",\n addressType: \"INTERNAL\",\n purpose: \"VPC_PEERING\",\n prefixLength: 22,\n network: network.id,\n});\nconst extendedInstance = new gcp.datafusion.Instance(\"extended_instance\", {\n name: \"my-instance\",\n description: \"My Data Fusion instance\",\n displayName: \"My Data Fusion instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n enableStackdriverLogging: true,\n enableStackdriverMonitoring: true,\n privateInstance: true,\n dataprocServiceAccount: _default.then(_default =\u003e _default.email),\n labels: {\n example_key: \"example_value\",\n },\n networkConfig: {\n network: \"default\",\n ipAllocation: pulumi.interpolate`${privateIpAlloc.address}/${privateIpAlloc.prefixLength}`,\n },\n accelerators: [{\n acceleratorType: \"CDC\",\n state: \"ENABLED\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.appengine.get_default_service_account()\nnetwork = gcp.compute.Network(\"network\", name=\"datafusion-full-network\")\nprivate_ip_alloc = gcp.compute.GlobalAddress(\"private_ip_alloc\",\n name=\"datafusion-ip-alloc\",\n address_type=\"INTERNAL\",\n purpose=\"VPC_PEERING\",\n prefix_length=22,\n network=network.id)\nextended_instance = gcp.datafusion.Instance(\"extended_instance\",\n name=\"my-instance\",\n description=\"My Data Fusion instance\",\n display_name=\"My Data Fusion instance\",\n region=\"us-central1\",\n type=\"BASIC\",\n enable_stackdriver_logging=True,\n enable_stackdriver_monitoring=True,\n private_instance=True,\n dataproc_service_account=default.email,\n labels={\n \"example_key\": \"example_value\",\n },\n network_config={\n \"network\": \"default\",\n \"ip_allocation\": pulumi.Output.all(\n address=private_ip_alloc.address,\n prefix_length=private_ip_alloc.prefix_length\n).apply(lambda resolved_outputs: f\"{resolved_outputs['address']}/{resolved_outputs['prefix_length']}\")\n,\n },\n accelerators=[{\n \"accelerator_type\": \"CDC\",\n \"state\": \"ENABLED\",\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.AppEngine.GetDefaultServiceAccount.Invoke();\n\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"datafusion-full-network\",\n });\n\n var privateIpAlloc = new Gcp.Compute.GlobalAddress(\"private_ip_alloc\", new()\n {\n Name = \"datafusion-ip-alloc\",\n AddressType = \"INTERNAL\",\n Purpose = \"VPC_PEERING\",\n PrefixLength = 22,\n Network = network.Id,\n });\n\n var extendedInstance = new Gcp.DataFusion.Instance(\"extended_instance\", new()\n {\n Name = \"my-instance\",\n Description = \"My Data Fusion instance\",\n DisplayName = \"My Data Fusion instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n EnableStackdriverLogging = true,\n EnableStackdriverMonitoring = true,\n PrivateInstance = true,\n DataprocServiceAccount = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Email)),\n Labels = \n {\n { \"example_key\", \"example_value\" },\n },\n NetworkConfig = new Gcp.DataFusion.Inputs.InstanceNetworkConfigArgs\n {\n Network = \"default\",\n IpAllocation = Output.Tuple(privateIpAlloc.Address, privateIpAlloc.PrefixLength).Apply(values =\u003e\n {\n var address = values.Item1;\n var prefixLength = values.Item2;\n return $\"{address}/{prefixLength}\";\n }),\n },\n Accelerators = new[]\n {\n new Gcp.DataFusion.Inputs.InstanceAcceleratorArgs\n {\n AcceleratorType = \"CDC\",\n State = \"ENABLED\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/appengine\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := appengine.GetDefaultServiceAccount(ctx, \u0026appengine.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"datafusion-full-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateIpAlloc, err := compute.NewGlobalAddress(ctx, \"private_ip_alloc\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"datafusion-ip-alloc\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tPrefixLength: pulumi.Int(22),\n\t\t\tNetwork: network.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datafusion.NewInstance(ctx, \"extended_instance\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tDescription: pulumi.String(\"My Data Fusion instance\"),\n\t\t\tDisplayName: pulumi.String(\"My Data Fusion instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t\tEnableStackdriverLogging: pulumi.Bool(true),\n\t\t\tEnableStackdriverMonitoring: pulumi.Bool(true),\n\t\t\tPrivateInstance: pulumi.Bool(true),\n\t\t\tDataprocServiceAccount: pulumi.String(_default.Email),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"example_key\": pulumi.String(\"example_value\"),\n\t\t\t},\n\t\t\tNetworkConfig: \u0026datafusion.InstanceNetworkConfigArgs{\n\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\tIpAllocation: pulumi.All(privateIpAlloc.Address, privateIpAlloc.PrefixLength).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\taddress := _args[0].(string)\n\t\t\t\t\tprefixLength := _args[1].(int)\n\t\t\t\t\treturn fmt.Sprintf(\"%v/%v\", address, prefixLength), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t\tAccelerators: datafusion.InstanceAcceleratorArray{\n\t\t\t\t\u0026datafusion.InstanceAcceleratorArgs{\n\t\t\t\t\tAcceleratorType: pulumi.String(\"CDC\"),\n\t\t\t\t\tState: pulumi.String(\"ENABLED\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.appengine.AppengineFunctions;\nimport com.pulumi.gcp.appengine.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceNetworkConfigArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceAcceleratorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = AppengineFunctions.getDefaultServiceAccount();\n\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"datafusion-full-network\")\n .build());\n\n var privateIpAlloc = new GlobalAddress(\"privateIpAlloc\", GlobalAddressArgs.builder()\n .name(\"datafusion-ip-alloc\")\n .addressType(\"INTERNAL\")\n .purpose(\"VPC_PEERING\")\n .prefixLength(22)\n .network(network.id())\n .build());\n\n var extendedInstance = new Instance(\"extendedInstance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .description(\"My Data Fusion instance\")\n .displayName(\"My Data Fusion instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .enableStackdriverLogging(true)\n .enableStackdriverMonitoring(true)\n .privateInstance(true)\n .dataprocServiceAccount(default_.email())\n .labels(Map.of(\"example_key\", \"example_value\"))\n .networkConfig(InstanceNetworkConfigArgs.builder()\n .network(\"default\")\n .ipAllocation(Output.tuple(privateIpAlloc.address(), privateIpAlloc.prefixLength()).applyValue(values -\u003e {\n var address = values.t1;\n var prefixLength = values.t2;\n return String.format(\"%s/%s\", address,prefixLength);\n }))\n .build())\n .accelerators(InstanceAcceleratorArgs.builder()\n .acceleratorType(\"CDC\")\n .state(\"ENABLED\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n extendedInstance:\n type: gcp:datafusion:Instance\n name: extended_instance\n properties:\n name: my-instance\n description: My Data Fusion instance\n displayName: My Data Fusion instance\n region: us-central1\n type: BASIC\n enableStackdriverLogging: true\n enableStackdriverMonitoring: true\n privateInstance: true\n dataprocServiceAccount: ${default.email}\n labels:\n example_key: example_value\n networkConfig:\n network: default\n ipAllocation: ${privateIpAlloc.address}/${privateIpAlloc.prefixLength}\n accelerators:\n - acceleratorType: CDC\n state: ENABLED\n network:\n type: gcp:compute:Network\n properties:\n name: datafusion-full-network\n privateIpAlloc:\n type: gcp:compute:GlobalAddress\n name: private_ip_alloc\n properties:\n name: datafusion-ip-alloc\n addressType: INTERNAL\n purpose: VPC_PEERING\n prefixLength: 22\n network: ${network.id}\nvariables:\n default:\n fn::invoke:\n Function: gcp:appengine:getDefaultServiceAccount\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Psc\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst psc = new gcp.compute.Network(\"psc\", {\n name: \"datafusion-psc-network\",\n autoCreateSubnetworks: false,\n});\nconst pscSubnetwork = new gcp.compute.Subnetwork(\"psc\", {\n name: \"datafusion-psc-subnet\",\n region: \"us-central1\",\n network: psc.id,\n ipCidrRange: \"10.0.0.0/16\",\n});\nconst pscNetworkAttachment = new gcp.compute.NetworkAttachment(\"psc\", {\n name: \"datafusion-psc-attachment\",\n region: \"us-central1\",\n connectionPreference: \"ACCEPT_AUTOMATIC\",\n subnetworks: [pscSubnetwork.selfLink],\n});\nconst pscInstance = new gcp.datafusion.Instance(\"psc_instance\", {\n name: \"psc-instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n privateInstance: true,\n networkConfig: {\n connectionType: \"PRIVATE_SERVICE_CONNECT_INTERFACES\",\n privateServiceConnectConfig: {\n networkAttachment: pscNetworkAttachment.id,\n unreachableCidrBlock: \"192.168.0.0/25\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npsc = gcp.compute.Network(\"psc\",\n name=\"datafusion-psc-network\",\n auto_create_subnetworks=False)\npsc_subnetwork = gcp.compute.Subnetwork(\"psc\",\n name=\"datafusion-psc-subnet\",\n region=\"us-central1\",\n network=psc.id,\n ip_cidr_range=\"10.0.0.0/16\")\npsc_network_attachment = gcp.compute.NetworkAttachment(\"psc\",\n name=\"datafusion-psc-attachment\",\n region=\"us-central1\",\n connection_preference=\"ACCEPT_AUTOMATIC\",\n subnetworks=[psc_subnetwork.self_link])\npsc_instance = gcp.datafusion.Instance(\"psc_instance\",\n name=\"psc-instance\",\n region=\"us-central1\",\n type=\"BASIC\",\n private_instance=True,\n network_config={\n \"connection_type\": \"PRIVATE_SERVICE_CONNECT_INTERFACES\",\n \"private_service_connect_config\": {\n \"network_attachment\": psc_network_attachment.id,\n \"unreachable_cidr_block\": \"192.168.0.0/25\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var psc = new Gcp.Compute.Network(\"psc\", new()\n {\n Name = \"datafusion-psc-network\",\n AutoCreateSubnetworks = false,\n });\n\n var pscSubnetwork = new Gcp.Compute.Subnetwork(\"psc\", new()\n {\n Name = \"datafusion-psc-subnet\",\n Region = \"us-central1\",\n Network = psc.Id,\n IpCidrRange = \"10.0.0.0/16\",\n });\n\n var pscNetworkAttachment = new Gcp.Compute.NetworkAttachment(\"psc\", new()\n {\n Name = \"datafusion-psc-attachment\",\n Region = \"us-central1\",\n ConnectionPreference = \"ACCEPT_AUTOMATIC\",\n Subnetworks = new[]\n {\n pscSubnetwork.SelfLink,\n },\n });\n\n var pscInstance = new Gcp.DataFusion.Instance(\"psc_instance\", new()\n {\n Name = \"psc-instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n PrivateInstance = true,\n NetworkConfig = new Gcp.DataFusion.Inputs.InstanceNetworkConfigArgs\n {\n ConnectionType = \"PRIVATE_SERVICE_CONNECT_INTERFACES\",\n PrivateServiceConnectConfig = new Gcp.DataFusion.Inputs.InstanceNetworkConfigPrivateServiceConnectConfigArgs\n {\n NetworkAttachment = pscNetworkAttachment.Id,\n UnreachableCidrBlock = \"192.168.0.0/25\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpsc, err := compute.NewNetwork(ctx, \"psc\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"datafusion-psc-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscSubnetwork, err := compute.NewSubnetwork(ctx, \"psc\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"datafusion-psc-subnet\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: psc.ID(),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscNetworkAttachment, err := compute.NewNetworkAttachment(ctx, \"psc\", \u0026compute.NetworkAttachmentArgs{\n\t\t\tName: pulumi.String(\"datafusion-psc-attachment\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tConnectionPreference: pulumi.String(\"ACCEPT_AUTOMATIC\"),\n\t\t\tSubnetworks: pulumi.StringArray{\n\t\t\t\tpscSubnetwork.SelfLink,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datafusion.NewInstance(ctx, \"psc_instance\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"psc-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t\tPrivateInstance: pulumi.Bool(true),\n\t\t\tNetworkConfig: \u0026datafusion.InstanceNetworkConfigArgs{\n\t\t\t\tConnectionType: pulumi.String(\"PRIVATE_SERVICE_CONNECT_INTERFACES\"),\n\t\t\t\tPrivateServiceConnectConfig: \u0026datafusion.InstanceNetworkConfigPrivateServiceConnectConfigArgs{\n\t\t\t\t\tNetworkAttachment: pscNetworkAttachment.ID(),\n\t\t\t\t\tUnreachableCidrBlock: pulumi.String(\"192.168.0.0/25\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.NetworkAttachment;\nimport com.pulumi.gcp.compute.NetworkAttachmentArgs;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceNetworkConfigArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceNetworkConfigPrivateServiceConnectConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var psc = new Network(\"psc\", NetworkArgs.builder()\n .name(\"datafusion-psc-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var pscSubnetwork = new Subnetwork(\"pscSubnetwork\", SubnetworkArgs.builder()\n .name(\"datafusion-psc-subnet\")\n .region(\"us-central1\")\n .network(psc.id())\n .ipCidrRange(\"10.0.0.0/16\")\n .build());\n\n var pscNetworkAttachment = new NetworkAttachment(\"pscNetworkAttachment\", NetworkAttachmentArgs.builder()\n .name(\"datafusion-psc-attachment\")\n .region(\"us-central1\")\n .connectionPreference(\"ACCEPT_AUTOMATIC\")\n .subnetworks(pscSubnetwork.selfLink())\n .build());\n\n var pscInstance = new Instance(\"pscInstance\", InstanceArgs.builder()\n .name(\"psc-instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .privateInstance(true)\n .networkConfig(InstanceNetworkConfigArgs.builder()\n .connectionType(\"PRIVATE_SERVICE_CONNECT_INTERFACES\")\n .privateServiceConnectConfig(InstanceNetworkConfigPrivateServiceConnectConfigArgs.builder()\n .networkAttachment(pscNetworkAttachment.id())\n .unreachableCidrBlock(\"192.168.0.0/25\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pscInstance:\n type: gcp:datafusion:Instance\n name: psc_instance\n properties:\n name: psc-instance\n region: us-central1\n type: BASIC\n privateInstance: true\n networkConfig:\n connectionType: PRIVATE_SERVICE_CONNECT_INTERFACES\n privateServiceConnectConfig:\n networkAttachment: ${pscNetworkAttachment.id}\n unreachableCidrBlock: 192.168.0.0/25\n psc:\n type: gcp:compute:Network\n properties:\n name: datafusion-psc-network\n autoCreateSubnetworks: false\n pscSubnetwork:\n type: gcp:compute:Subnetwork\n name: psc\n properties:\n name: datafusion-psc-subnet\n region: us-central1\n network: ${psc.id}\n ipCidrRange: 10.0.0.0/16\n pscNetworkAttachment:\n type: gcp:compute:NetworkAttachment\n name: psc\n properties:\n name: datafusion-psc-attachment\n region: us-central1\n connectionPreference: ACCEPT_AUTOMATIC\n subnetworks:\n - ${pscSubnetwork.selfLink}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Cmek\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRing(\"key_ring\", {\n name: \"my-instance\",\n location: \"us-central1\",\n});\nconst cryptoKey = new gcp.kms.CryptoKey(\"crypto_key\", {\n name: \"my-instance\",\n keyRing: keyRing.id,\n});\nconst project = gcp.organizations.getProject({});\nconst cryptoKeyMember = new gcp.kms.CryptoKeyIAMMember(\"crypto_key_member\", {\n cryptoKeyId: cryptoKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-datafusion.iam.gserviceaccount.com`),\n});\nconst cmek = new gcp.datafusion.Instance(\"cmek\", {\n name: \"my-instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n cryptoKeyConfig: {\n keyReference: cryptoKey.id,\n },\n}, {\n dependsOn: [cryptoKeyMember],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRing(\"key_ring\",\n name=\"my-instance\",\n location=\"us-central1\")\ncrypto_key = gcp.kms.CryptoKey(\"crypto_key\",\n name=\"my-instance\",\n key_ring=key_ring.id)\nproject = gcp.organizations.get_project()\ncrypto_key_member = gcp.kms.CryptoKeyIAMMember(\"crypto_key_member\",\n crypto_key_id=crypto_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-datafusion.iam.gserviceaccount.com\")\ncmek = gcp.datafusion.Instance(\"cmek\",\n name=\"my-instance\",\n region=\"us-central1\",\n type=\"BASIC\",\n crypto_key_config={\n \"key_reference\": crypto_key.id,\n },\n opts = pulumi.ResourceOptions(depends_on=[crypto_key_member]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRing(\"key_ring\", new()\n {\n Name = \"my-instance\",\n Location = \"us-central1\",\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKey(\"crypto_key\", new()\n {\n Name = \"my-instance\",\n KeyRing = keyRing.Id,\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var cryptoKeyMember = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key_member\", new()\n {\n CryptoKeyId = cryptoKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-datafusion.iam.gserviceaccount.com\",\n });\n\n var cmek = new Gcp.DataFusion.Instance(\"cmek\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n CryptoKeyConfig = new Gcp.DataFusion.Inputs.InstanceCryptoKeyConfigArgs\n {\n KeyReference = cryptoKey.Id,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n cryptoKeyMember,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyRing, err := kms.NewKeyRing(ctx, \"key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKey(ctx, \"crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tKeyRing: keyRing.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKeyMember, err := kms.NewCryptoKeyIAMMember(ctx, \"crypto_key_member\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: cryptoKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-datafusion.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datafusion.NewInstance(ctx, \"cmek\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t\tCryptoKeyConfig: \u0026datafusion.InstanceCryptoKeyConfigArgs{\n\t\t\t\tKeyReference: cryptoKey.ID(),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcryptoKeyMember,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceCryptoKeyConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRing(\"keyRing\", KeyRingArgs.builder()\n .name(\"my-instance\")\n .location(\"us-central1\")\n .build());\n\n var cryptoKey = new CryptoKey(\"cryptoKey\", CryptoKeyArgs.builder()\n .name(\"my-instance\")\n .keyRing(keyRing.id())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var cryptoKeyMember = new CryptoKeyIAMMember(\"cryptoKeyMember\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(cryptoKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-datafusion.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var cmek = new Instance(\"cmek\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .cryptoKeyConfig(InstanceCryptoKeyConfigArgs.builder()\n .keyReference(cryptoKey.id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(cryptoKeyMember)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cmek:\n type: gcp:datafusion:Instance\n properties:\n name: my-instance\n region: us-central1\n type: BASIC\n cryptoKeyConfig:\n keyReference: ${cryptoKey.id}\n options:\n dependson:\n - ${cryptoKeyMember}\n cryptoKey:\n type: gcp:kms:CryptoKey\n name: crypto_key\n properties:\n name: my-instance\n keyRing: ${keyRing.id}\n keyRing:\n type: gcp:kms:KeyRing\n name: key_ring\n properties:\n name: my-instance\n location: us-central1\n cryptoKeyMember:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key_member\n properties:\n cryptoKeyId: ${cryptoKey.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:service-${project.number}@gcp-sa-datafusion.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Enterprise\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst enterpriseInstance = new gcp.datafusion.Instance(\"enterprise_instance\", {\n name: \"my-instance\",\n region: \"us-central1\",\n type: \"ENTERPRISE\",\n enableRbac: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nenterprise_instance = gcp.datafusion.Instance(\"enterprise_instance\",\n name=\"my-instance\",\n region=\"us-central1\",\n type=\"ENTERPRISE\",\n enable_rbac=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var enterpriseInstance = new Gcp.DataFusion.Instance(\"enterprise_instance\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Type = \"ENTERPRISE\",\n EnableRbac = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datafusion.NewInstance(ctx, \"enterprise_instance\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"ENTERPRISE\"),\n\t\t\tEnableRbac: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var enterpriseInstance = new Instance(\"enterpriseInstance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .type(\"ENTERPRISE\")\n .enableRbac(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n enterpriseInstance:\n type: gcp:datafusion:Instance\n name: enterprise_instance\n properties:\n name: my-instance\n region: us-central1\n type: ENTERPRISE\n enableRbac: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Event\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst eventTopic = new gcp.pubsub.Topic(\"event\", {name: \"my-instance\"});\nconst event = new gcp.datafusion.Instance(\"event\", {\n name: \"my-instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n eventPublishConfig: {\n enabled: true,\n topic: eventTopic.id,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nevent_topic = gcp.pubsub.Topic(\"event\", name=\"my-instance\")\nevent = gcp.datafusion.Instance(\"event\",\n name=\"my-instance\",\n region=\"us-central1\",\n type=\"BASIC\",\n event_publish_config={\n \"enabled\": True,\n \"topic\": event_topic.id,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var eventTopic = new Gcp.PubSub.Topic(\"event\", new()\n {\n Name = \"my-instance\",\n });\n\n var @event = new Gcp.DataFusion.Instance(\"event\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n EventPublishConfig = new Gcp.DataFusion.Inputs.InstanceEventPublishConfigArgs\n {\n Enabled = true,\n Topic = eventTopic.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\teventTopic, err := pubsub.NewTopic(ctx, \"event\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datafusion.NewInstance(ctx, \"event\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t\tEventPublishConfig: \u0026datafusion.InstanceEventPublishConfigArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tTopic: eventTopic.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceEventPublishConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var eventTopic = new Topic(\"eventTopic\", TopicArgs.builder()\n .name(\"my-instance\")\n .build());\n\n var event = new Instance(\"event\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .eventPublishConfig(InstanceEventPublishConfigArgs.builder()\n .enabled(true)\n .topic(eventTopic.id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n event:\n type: gcp:datafusion:Instance\n properties:\n name: my-instance\n region: us-central1\n type: BASIC\n eventPublishConfig:\n enabled: true\n topic: ${eventTopic.id}\n eventTopic:\n type: gcp:pubsub:Topic\n name: event\n properties:\n name: my-instance\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Zone\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst zone = new gcp.datafusion.Instance(\"zone\", {\n name: \"my-instance\",\n region: \"us-central1\",\n zone: \"us-central1-a\",\n type: \"DEVELOPER\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nzone = gcp.datafusion.Instance(\"zone\",\n name=\"my-instance\",\n region=\"us-central1\",\n zone=\"us-central1-a\",\n type=\"DEVELOPER\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var zone = new Gcp.DataFusion.Instance(\"zone\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Zone = \"us-central1-a\",\n Type = \"DEVELOPER\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datafusion.NewInstance(ctx, \"zone\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tType: pulumi.String(\"DEVELOPER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var zone = new Instance(\"zone\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .zone(\"us-central1-a\")\n .type(\"DEVELOPER\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n zone:\n type: gcp:datafusion:Instance\n properties:\n name: my-instance\n region: us-central1\n zone: us-central1-a\n type: DEVELOPER\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInstance can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/instances/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Instance can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:datafusion/instance:Instance default projects/{{project}}/locations/{{region}}/instances/{{name}}\n```\n\n```sh\n$ pulumi import gcp:datafusion/instance:Instance default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:datafusion/instance:Instance default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:datafusion/instance:Instance default {{name}}\n```\n\n", + "description": "Represents a Data Fusion instance.\n\n\nTo get more information about Instance, see:\n\n* [API documentation](https://cloud.google.com/data-fusion/docs/reference/rest/v1beta1/projects.locations.instances)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/data-fusion/docs/)\n\n## Example Usage\n\n### Data Fusion Instance Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basicInstance = new gcp.datafusion.Instance(\"basic_instance\", {\n name: \"my-instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic_instance = gcp.datafusion.Instance(\"basic_instance\",\n name=\"my-instance\",\n region=\"us-central1\",\n type=\"BASIC\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basicInstance = new Gcp.DataFusion.Instance(\"basic_instance\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datafusion.NewInstance(ctx, \"basic_instance\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basicInstance = new Instance(\"basicInstance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basicInstance:\n type: gcp:datafusion:Instance\n name: basic_instance\n properties:\n name: my-instance\n region: us-central1\n type: BASIC\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.appengine.getDefaultServiceAccount({});\nconst network = new gcp.compute.Network(\"network\", {name: \"datafusion-full-network\"});\nconst privateIpAlloc = new gcp.compute.GlobalAddress(\"private_ip_alloc\", {\n name: \"datafusion-ip-alloc\",\n addressType: \"INTERNAL\",\n purpose: \"VPC_PEERING\",\n prefixLength: 22,\n network: network.id,\n});\nconst extendedInstance = new gcp.datafusion.Instance(\"extended_instance\", {\n name: \"my-instance\",\n description: \"My Data Fusion instance\",\n displayName: \"My Data Fusion instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n enableStackdriverLogging: true,\n enableStackdriverMonitoring: true,\n privateInstance: true,\n dataprocServiceAccount: _default.then(_default =\u003e _default.email),\n labels: {\n example_key: \"example_value\",\n },\n networkConfig: {\n network: \"default\",\n ipAllocation: pulumi.interpolate`${privateIpAlloc.address}/${privateIpAlloc.prefixLength}`,\n },\n accelerators: [{\n acceleratorType: \"CDC\",\n state: \"ENABLED\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.appengine.get_default_service_account()\nnetwork = gcp.compute.Network(\"network\", name=\"datafusion-full-network\")\nprivate_ip_alloc = gcp.compute.GlobalAddress(\"private_ip_alloc\",\n name=\"datafusion-ip-alloc\",\n address_type=\"INTERNAL\",\n purpose=\"VPC_PEERING\",\n prefix_length=22,\n network=network.id)\nextended_instance = gcp.datafusion.Instance(\"extended_instance\",\n name=\"my-instance\",\n description=\"My Data Fusion instance\",\n display_name=\"My Data Fusion instance\",\n region=\"us-central1\",\n type=\"BASIC\",\n enable_stackdriver_logging=True,\n enable_stackdriver_monitoring=True,\n private_instance=True,\n dataproc_service_account=default.email,\n labels={\n \"example_key\": \"example_value\",\n },\n network_config={\n \"network\": \"default\",\n \"ip_allocation\": pulumi.Output.all(\n address=private_ip_alloc.address,\n prefix_length=private_ip_alloc.prefix_length\n).apply(lambda resolved_outputs: f\"{resolved_outputs['address']}/{resolved_outputs['prefix_length']}\")\n,\n },\n accelerators=[{\n \"accelerator_type\": \"CDC\",\n \"state\": \"ENABLED\",\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.AppEngine.GetDefaultServiceAccount.Invoke();\n\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"datafusion-full-network\",\n });\n\n var privateIpAlloc = new Gcp.Compute.GlobalAddress(\"private_ip_alloc\", new()\n {\n Name = \"datafusion-ip-alloc\",\n AddressType = \"INTERNAL\",\n Purpose = \"VPC_PEERING\",\n PrefixLength = 22,\n Network = network.Id,\n });\n\n var extendedInstance = new Gcp.DataFusion.Instance(\"extended_instance\", new()\n {\n Name = \"my-instance\",\n Description = \"My Data Fusion instance\",\n DisplayName = \"My Data Fusion instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n EnableStackdriverLogging = true,\n EnableStackdriverMonitoring = true,\n PrivateInstance = true,\n DataprocServiceAccount = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Email)),\n Labels = \n {\n { \"example_key\", \"example_value\" },\n },\n NetworkConfig = new Gcp.DataFusion.Inputs.InstanceNetworkConfigArgs\n {\n Network = \"default\",\n IpAllocation = Output.Tuple(privateIpAlloc.Address, privateIpAlloc.PrefixLength).Apply(values =\u003e\n {\n var address = values.Item1;\n var prefixLength = values.Item2;\n return $\"{address}/{prefixLength}\";\n }),\n },\n Accelerators = new[]\n {\n new Gcp.DataFusion.Inputs.InstanceAcceleratorArgs\n {\n AcceleratorType = \"CDC\",\n State = \"ENABLED\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/appengine\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := appengine.GetDefaultServiceAccount(ctx, \u0026appengine.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"datafusion-full-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateIpAlloc, err := compute.NewGlobalAddress(ctx, \"private_ip_alloc\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"datafusion-ip-alloc\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tPrefixLength: pulumi.Int(22),\n\t\t\tNetwork: network.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datafusion.NewInstance(ctx, \"extended_instance\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tDescription: pulumi.String(\"My Data Fusion instance\"),\n\t\t\tDisplayName: pulumi.String(\"My Data Fusion instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t\tEnableStackdriverLogging: pulumi.Bool(true),\n\t\t\tEnableStackdriverMonitoring: pulumi.Bool(true),\n\t\t\tPrivateInstance: pulumi.Bool(true),\n\t\t\tDataprocServiceAccount: pulumi.String(_default.Email),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"example_key\": pulumi.String(\"example_value\"),\n\t\t\t},\n\t\t\tNetworkConfig: \u0026datafusion.InstanceNetworkConfigArgs{\n\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\tIpAllocation: pulumi.All(privateIpAlloc.Address, privateIpAlloc.PrefixLength).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\taddress := _args[0].(string)\n\t\t\t\t\tprefixLength := _args[1].(int)\n\t\t\t\t\treturn fmt.Sprintf(\"%v/%v\", address, prefixLength), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t\tAccelerators: datafusion.InstanceAcceleratorArray{\n\t\t\t\t\u0026datafusion.InstanceAcceleratorArgs{\n\t\t\t\t\tAcceleratorType: pulumi.String(\"CDC\"),\n\t\t\t\t\tState: pulumi.String(\"ENABLED\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.appengine.AppengineFunctions;\nimport com.pulumi.gcp.appengine.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceNetworkConfigArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceAcceleratorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = AppengineFunctions.getDefaultServiceAccount();\n\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"datafusion-full-network\")\n .build());\n\n var privateIpAlloc = new GlobalAddress(\"privateIpAlloc\", GlobalAddressArgs.builder()\n .name(\"datafusion-ip-alloc\")\n .addressType(\"INTERNAL\")\n .purpose(\"VPC_PEERING\")\n .prefixLength(22)\n .network(network.id())\n .build());\n\n var extendedInstance = new Instance(\"extendedInstance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .description(\"My Data Fusion instance\")\n .displayName(\"My Data Fusion instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .enableStackdriverLogging(true)\n .enableStackdriverMonitoring(true)\n .privateInstance(true)\n .dataprocServiceAccount(default_.email())\n .labels(Map.of(\"example_key\", \"example_value\"))\n .networkConfig(InstanceNetworkConfigArgs.builder()\n .network(\"default\")\n .ipAllocation(Output.tuple(privateIpAlloc.address(), privateIpAlloc.prefixLength()).applyValue(values -\u003e {\n var address = values.t1;\n var prefixLength = values.t2;\n return String.format(\"%s/%s\", address,prefixLength);\n }))\n .build())\n .accelerators(InstanceAcceleratorArgs.builder()\n .acceleratorType(\"CDC\")\n .state(\"ENABLED\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n extendedInstance:\n type: gcp:datafusion:Instance\n name: extended_instance\n properties:\n name: my-instance\n description: My Data Fusion instance\n displayName: My Data Fusion instance\n region: us-central1\n type: BASIC\n enableStackdriverLogging: true\n enableStackdriverMonitoring: true\n privateInstance: true\n dataprocServiceAccount: ${default.email}\n labels:\n example_key: example_value\n networkConfig:\n network: default\n ipAllocation: ${privateIpAlloc.address}/${privateIpAlloc.prefixLength}\n accelerators:\n - acceleratorType: CDC\n state: ENABLED\n network:\n type: gcp:compute:Network\n properties:\n name: datafusion-full-network\n privateIpAlloc:\n type: gcp:compute:GlobalAddress\n name: private_ip_alloc\n properties:\n name: datafusion-ip-alloc\n addressType: INTERNAL\n purpose: VPC_PEERING\n prefixLength: 22\n network: ${network.id}\nvariables:\n default:\n fn::invoke:\n function: gcp:appengine:getDefaultServiceAccount\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Psc\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst psc = new gcp.compute.Network(\"psc\", {\n name: \"datafusion-psc-network\",\n autoCreateSubnetworks: false,\n});\nconst pscSubnetwork = new gcp.compute.Subnetwork(\"psc\", {\n name: \"datafusion-psc-subnet\",\n region: \"us-central1\",\n network: psc.id,\n ipCidrRange: \"10.0.0.0/16\",\n});\nconst pscNetworkAttachment = new gcp.compute.NetworkAttachment(\"psc\", {\n name: \"datafusion-psc-attachment\",\n region: \"us-central1\",\n connectionPreference: \"ACCEPT_AUTOMATIC\",\n subnetworks: [pscSubnetwork.selfLink],\n});\nconst pscInstance = new gcp.datafusion.Instance(\"psc_instance\", {\n name: \"psc-instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n privateInstance: true,\n networkConfig: {\n connectionType: \"PRIVATE_SERVICE_CONNECT_INTERFACES\",\n privateServiceConnectConfig: {\n networkAttachment: pscNetworkAttachment.id,\n unreachableCidrBlock: \"192.168.0.0/25\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npsc = gcp.compute.Network(\"psc\",\n name=\"datafusion-psc-network\",\n auto_create_subnetworks=False)\npsc_subnetwork = gcp.compute.Subnetwork(\"psc\",\n name=\"datafusion-psc-subnet\",\n region=\"us-central1\",\n network=psc.id,\n ip_cidr_range=\"10.0.0.0/16\")\npsc_network_attachment = gcp.compute.NetworkAttachment(\"psc\",\n name=\"datafusion-psc-attachment\",\n region=\"us-central1\",\n connection_preference=\"ACCEPT_AUTOMATIC\",\n subnetworks=[psc_subnetwork.self_link])\npsc_instance = gcp.datafusion.Instance(\"psc_instance\",\n name=\"psc-instance\",\n region=\"us-central1\",\n type=\"BASIC\",\n private_instance=True,\n network_config={\n \"connection_type\": \"PRIVATE_SERVICE_CONNECT_INTERFACES\",\n \"private_service_connect_config\": {\n \"network_attachment\": psc_network_attachment.id,\n \"unreachable_cidr_block\": \"192.168.0.0/25\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var psc = new Gcp.Compute.Network(\"psc\", new()\n {\n Name = \"datafusion-psc-network\",\n AutoCreateSubnetworks = false,\n });\n\n var pscSubnetwork = new Gcp.Compute.Subnetwork(\"psc\", new()\n {\n Name = \"datafusion-psc-subnet\",\n Region = \"us-central1\",\n Network = psc.Id,\n IpCidrRange = \"10.0.0.0/16\",\n });\n\n var pscNetworkAttachment = new Gcp.Compute.NetworkAttachment(\"psc\", new()\n {\n Name = \"datafusion-psc-attachment\",\n Region = \"us-central1\",\n ConnectionPreference = \"ACCEPT_AUTOMATIC\",\n Subnetworks = new[]\n {\n pscSubnetwork.SelfLink,\n },\n });\n\n var pscInstance = new Gcp.DataFusion.Instance(\"psc_instance\", new()\n {\n Name = \"psc-instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n PrivateInstance = true,\n NetworkConfig = new Gcp.DataFusion.Inputs.InstanceNetworkConfigArgs\n {\n ConnectionType = \"PRIVATE_SERVICE_CONNECT_INTERFACES\",\n PrivateServiceConnectConfig = new Gcp.DataFusion.Inputs.InstanceNetworkConfigPrivateServiceConnectConfigArgs\n {\n NetworkAttachment = pscNetworkAttachment.Id,\n UnreachableCidrBlock = \"192.168.0.0/25\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpsc, err := compute.NewNetwork(ctx, \"psc\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"datafusion-psc-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscSubnetwork, err := compute.NewSubnetwork(ctx, \"psc\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"datafusion-psc-subnet\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: psc.ID(),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscNetworkAttachment, err := compute.NewNetworkAttachment(ctx, \"psc\", \u0026compute.NetworkAttachmentArgs{\n\t\t\tName: pulumi.String(\"datafusion-psc-attachment\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tConnectionPreference: pulumi.String(\"ACCEPT_AUTOMATIC\"),\n\t\t\tSubnetworks: pulumi.StringArray{\n\t\t\t\tpscSubnetwork.SelfLink,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datafusion.NewInstance(ctx, \"psc_instance\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"psc-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t\tPrivateInstance: pulumi.Bool(true),\n\t\t\tNetworkConfig: \u0026datafusion.InstanceNetworkConfigArgs{\n\t\t\t\tConnectionType: pulumi.String(\"PRIVATE_SERVICE_CONNECT_INTERFACES\"),\n\t\t\t\tPrivateServiceConnectConfig: \u0026datafusion.InstanceNetworkConfigPrivateServiceConnectConfigArgs{\n\t\t\t\t\tNetworkAttachment: pscNetworkAttachment.ID(),\n\t\t\t\t\tUnreachableCidrBlock: pulumi.String(\"192.168.0.0/25\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.NetworkAttachment;\nimport com.pulumi.gcp.compute.NetworkAttachmentArgs;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceNetworkConfigArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceNetworkConfigPrivateServiceConnectConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var psc = new Network(\"psc\", NetworkArgs.builder()\n .name(\"datafusion-psc-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var pscSubnetwork = new Subnetwork(\"pscSubnetwork\", SubnetworkArgs.builder()\n .name(\"datafusion-psc-subnet\")\n .region(\"us-central1\")\n .network(psc.id())\n .ipCidrRange(\"10.0.0.0/16\")\n .build());\n\n var pscNetworkAttachment = new NetworkAttachment(\"pscNetworkAttachment\", NetworkAttachmentArgs.builder()\n .name(\"datafusion-psc-attachment\")\n .region(\"us-central1\")\n .connectionPreference(\"ACCEPT_AUTOMATIC\")\n .subnetworks(pscSubnetwork.selfLink())\n .build());\n\n var pscInstance = new Instance(\"pscInstance\", InstanceArgs.builder()\n .name(\"psc-instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .privateInstance(true)\n .networkConfig(InstanceNetworkConfigArgs.builder()\n .connectionType(\"PRIVATE_SERVICE_CONNECT_INTERFACES\")\n .privateServiceConnectConfig(InstanceNetworkConfigPrivateServiceConnectConfigArgs.builder()\n .networkAttachment(pscNetworkAttachment.id())\n .unreachableCidrBlock(\"192.168.0.0/25\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pscInstance:\n type: gcp:datafusion:Instance\n name: psc_instance\n properties:\n name: psc-instance\n region: us-central1\n type: BASIC\n privateInstance: true\n networkConfig:\n connectionType: PRIVATE_SERVICE_CONNECT_INTERFACES\n privateServiceConnectConfig:\n networkAttachment: ${pscNetworkAttachment.id}\n unreachableCidrBlock: 192.168.0.0/25\n psc:\n type: gcp:compute:Network\n properties:\n name: datafusion-psc-network\n autoCreateSubnetworks: false\n pscSubnetwork:\n type: gcp:compute:Subnetwork\n name: psc\n properties:\n name: datafusion-psc-subnet\n region: us-central1\n network: ${psc.id}\n ipCidrRange: 10.0.0.0/16\n pscNetworkAttachment:\n type: gcp:compute:NetworkAttachment\n name: psc\n properties:\n name: datafusion-psc-attachment\n region: us-central1\n connectionPreference: ACCEPT_AUTOMATIC\n subnetworks:\n - ${pscSubnetwork.selfLink}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Cmek\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRing(\"key_ring\", {\n name: \"my-instance\",\n location: \"us-central1\",\n});\nconst cryptoKey = new gcp.kms.CryptoKey(\"crypto_key\", {\n name: \"my-instance\",\n keyRing: keyRing.id,\n});\nconst project = gcp.organizations.getProject({});\nconst cryptoKeyMember = new gcp.kms.CryptoKeyIAMMember(\"crypto_key_member\", {\n cryptoKeyId: cryptoKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-datafusion.iam.gserviceaccount.com`),\n});\nconst cmek = new gcp.datafusion.Instance(\"cmek\", {\n name: \"my-instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n cryptoKeyConfig: {\n keyReference: cryptoKey.id,\n },\n}, {\n dependsOn: [cryptoKeyMember],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRing(\"key_ring\",\n name=\"my-instance\",\n location=\"us-central1\")\ncrypto_key = gcp.kms.CryptoKey(\"crypto_key\",\n name=\"my-instance\",\n key_ring=key_ring.id)\nproject = gcp.organizations.get_project()\ncrypto_key_member = gcp.kms.CryptoKeyIAMMember(\"crypto_key_member\",\n crypto_key_id=crypto_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-datafusion.iam.gserviceaccount.com\")\ncmek = gcp.datafusion.Instance(\"cmek\",\n name=\"my-instance\",\n region=\"us-central1\",\n type=\"BASIC\",\n crypto_key_config={\n \"key_reference\": crypto_key.id,\n },\n opts = pulumi.ResourceOptions(depends_on=[crypto_key_member]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRing(\"key_ring\", new()\n {\n Name = \"my-instance\",\n Location = \"us-central1\",\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKey(\"crypto_key\", new()\n {\n Name = \"my-instance\",\n KeyRing = keyRing.Id,\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var cryptoKeyMember = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key_member\", new()\n {\n CryptoKeyId = cryptoKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-datafusion.iam.gserviceaccount.com\",\n });\n\n var cmek = new Gcp.DataFusion.Instance(\"cmek\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n CryptoKeyConfig = new Gcp.DataFusion.Inputs.InstanceCryptoKeyConfigArgs\n {\n KeyReference = cryptoKey.Id,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n cryptoKeyMember,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyRing, err := kms.NewKeyRing(ctx, \"key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKey(ctx, \"crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tKeyRing: keyRing.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKeyMember, err := kms.NewCryptoKeyIAMMember(ctx, \"crypto_key_member\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: cryptoKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-datafusion.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datafusion.NewInstance(ctx, \"cmek\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t\tCryptoKeyConfig: \u0026datafusion.InstanceCryptoKeyConfigArgs{\n\t\t\t\tKeyReference: cryptoKey.ID(),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcryptoKeyMember,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceCryptoKeyConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRing(\"keyRing\", KeyRingArgs.builder()\n .name(\"my-instance\")\n .location(\"us-central1\")\n .build());\n\n var cryptoKey = new CryptoKey(\"cryptoKey\", CryptoKeyArgs.builder()\n .name(\"my-instance\")\n .keyRing(keyRing.id())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var cryptoKeyMember = new CryptoKeyIAMMember(\"cryptoKeyMember\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(cryptoKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-datafusion.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var cmek = new Instance(\"cmek\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .cryptoKeyConfig(InstanceCryptoKeyConfigArgs.builder()\n .keyReference(cryptoKey.id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(cryptoKeyMember)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cmek:\n type: gcp:datafusion:Instance\n properties:\n name: my-instance\n region: us-central1\n type: BASIC\n cryptoKeyConfig:\n keyReference: ${cryptoKey.id}\n options:\n dependsOn:\n - ${cryptoKeyMember}\n cryptoKey:\n type: gcp:kms:CryptoKey\n name: crypto_key\n properties:\n name: my-instance\n keyRing: ${keyRing.id}\n keyRing:\n type: gcp:kms:KeyRing\n name: key_ring\n properties:\n name: my-instance\n location: us-central1\n cryptoKeyMember:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key_member\n properties:\n cryptoKeyId: ${cryptoKey.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:service-${project.number}@gcp-sa-datafusion.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Enterprise\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst enterpriseInstance = new gcp.datafusion.Instance(\"enterprise_instance\", {\n name: \"my-instance\",\n region: \"us-central1\",\n type: \"ENTERPRISE\",\n enableRbac: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nenterprise_instance = gcp.datafusion.Instance(\"enterprise_instance\",\n name=\"my-instance\",\n region=\"us-central1\",\n type=\"ENTERPRISE\",\n enable_rbac=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var enterpriseInstance = new Gcp.DataFusion.Instance(\"enterprise_instance\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Type = \"ENTERPRISE\",\n EnableRbac = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datafusion.NewInstance(ctx, \"enterprise_instance\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"ENTERPRISE\"),\n\t\t\tEnableRbac: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var enterpriseInstance = new Instance(\"enterpriseInstance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .type(\"ENTERPRISE\")\n .enableRbac(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n enterpriseInstance:\n type: gcp:datafusion:Instance\n name: enterprise_instance\n properties:\n name: my-instance\n region: us-central1\n type: ENTERPRISE\n enableRbac: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Event\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst eventTopic = new gcp.pubsub.Topic(\"event\", {name: \"my-instance\"});\nconst event = new gcp.datafusion.Instance(\"event\", {\n name: \"my-instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n eventPublishConfig: {\n enabled: true,\n topic: eventTopic.id,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nevent_topic = gcp.pubsub.Topic(\"event\", name=\"my-instance\")\nevent = gcp.datafusion.Instance(\"event\",\n name=\"my-instance\",\n region=\"us-central1\",\n type=\"BASIC\",\n event_publish_config={\n \"enabled\": True,\n \"topic\": event_topic.id,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var eventTopic = new Gcp.PubSub.Topic(\"event\", new()\n {\n Name = \"my-instance\",\n });\n\n var @event = new Gcp.DataFusion.Instance(\"event\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n EventPublishConfig = new Gcp.DataFusion.Inputs.InstanceEventPublishConfigArgs\n {\n Enabled = true,\n Topic = eventTopic.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\teventTopic, err := pubsub.NewTopic(ctx, \"event\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datafusion.NewInstance(ctx, \"event\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t\tEventPublishConfig: \u0026datafusion.InstanceEventPublishConfigArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tTopic: eventTopic.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceEventPublishConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var eventTopic = new Topic(\"eventTopic\", TopicArgs.builder()\n .name(\"my-instance\")\n .build());\n\n var event = new Instance(\"event\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .eventPublishConfig(InstanceEventPublishConfigArgs.builder()\n .enabled(true)\n .topic(eventTopic.id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n event:\n type: gcp:datafusion:Instance\n properties:\n name: my-instance\n region: us-central1\n type: BASIC\n eventPublishConfig:\n enabled: true\n topic: ${eventTopic.id}\n eventTopic:\n type: gcp:pubsub:Topic\n name: event\n properties:\n name: my-instance\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Zone\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst zone = new gcp.datafusion.Instance(\"zone\", {\n name: \"my-instance\",\n region: \"us-central1\",\n zone: \"us-central1-a\",\n type: \"DEVELOPER\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nzone = gcp.datafusion.Instance(\"zone\",\n name=\"my-instance\",\n region=\"us-central1\",\n zone=\"us-central1-a\",\n type=\"DEVELOPER\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var zone = new Gcp.DataFusion.Instance(\"zone\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Zone = \"us-central1-a\",\n Type = \"DEVELOPER\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datafusion.NewInstance(ctx, \"zone\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tType: pulumi.String(\"DEVELOPER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var zone = new Instance(\"zone\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .zone(\"us-central1-a\")\n .type(\"DEVELOPER\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n zone:\n type: gcp:datafusion:Instance\n properties:\n name: my-instance\n region: us-central1\n zone: us-central1-a\n type: DEVELOPER\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInstance can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/instances/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Instance can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:datafusion/instance:Instance default projects/{{project}}/locations/{{region}}/instances/{{name}}\n```\n\n```sh\n$ pulumi import gcp:datafusion/instance:Instance default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:datafusion/instance:Instance default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:datafusion/instance:Instance default {{name}}\n```\n\n", "properties": { "accelerators": { "type": "array", @@ -194287,7 +194287,7 @@ } }, "gcp:dataloss/preventionJobTrigger:PreventionJobTrigger": { - "description": "A job trigger configuration.\n\n\nTo get more information about JobTrigger, see:\n\n* [API documentation](https://cloud.google.com/dlp/docs/reference/rest/v2/projects.jobTriggers)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/dlp/docs/creating-job-triggers)\n\n## Example Usage\n\n### Dlp Job Trigger Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = new gcp.dataloss.PreventionJobTrigger(\"basic\", {\n parent: \"projects/my-project-name\",\n description: \"Description\",\n displayName: \"Displayname\",\n triggers: [{\n schedule: {\n recurrencePeriodDuration: \"86400s\",\n },\n }],\n inspectJob: {\n inspectTemplateName: \"fake\",\n actions: [{\n saveFindings: {\n outputConfig: {\n table: {\n projectId: \"project\",\n datasetId: \"dataset\",\n },\n },\n },\n }],\n storageConfig: {\n cloudStorageOptions: {\n fileSet: {\n url: \"gs://mybucket/directory/\",\n },\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic = gcp.dataloss.PreventionJobTrigger(\"basic\",\n parent=\"projects/my-project-name\",\n description=\"Description\",\n display_name=\"Displayname\",\n triggers=[{\n \"schedule\": {\n \"recurrence_period_duration\": \"86400s\",\n },\n }],\n inspect_job={\n \"inspect_template_name\": \"fake\",\n \"actions\": [{\n \"save_findings\": {\n \"output_config\": {\n \"table\": {\n \"project_id\": \"project\",\n \"dataset_id\": \"dataset\",\n },\n },\n },\n }],\n \"storage_config\": {\n \"cloud_storage_options\": {\n \"file_set\": {\n \"url\": \"gs://mybucket/directory/\",\n },\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = new Gcp.DataLoss.PreventionJobTrigger(\"basic\", new()\n {\n Parent = \"projects/my-project-name\",\n Description = \"Description\",\n DisplayName = \"Displayname\",\n Triggers = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerArgs\n {\n Schedule = new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerScheduleArgs\n {\n RecurrencePeriodDuration = \"86400s\",\n },\n },\n },\n InspectJob = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobArgs\n {\n InspectTemplateName = \"fake\",\n Actions = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionArgs\n {\n SaveFindings = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsArgs\n {\n OutputConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs\n {\n Table = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs\n {\n ProjectId = \"project\",\n DatasetId = \"dataset\",\n },\n },\n },\n },\n },\n StorageConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigArgs\n {\n CloudStorageOptions = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs\n {\n FileSet = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs\n {\n Url = \"gs://mybucket/directory/\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataloss\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataloss.NewPreventionJobTrigger(ctx, \"basic\", \u0026dataloss.PreventionJobTriggerArgs{\n\t\t\tParent: pulumi.String(\"projects/my-project-name\"),\n\t\t\tDescription: pulumi.String(\"Description\"),\n\t\t\tDisplayName: pulumi.String(\"Displayname\"),\n\t\t\tTriggers: dataloss.PreventionJobTriggerTriggerArray{\n\t\t\t\t\u0026dataloss.PreventionJobTriggerTriggerArgs{\n\t\t\t\t\tSchedule: \u0026dataloss.PreventionJobTriggerTriggerScheduleArgs{\n\t\t\t\t\t\tRecurrencePeriodDuration: pulumi.String(\"86400s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tInspectJob: \u0026dataloss.PreventionJobTriggerInspectJobArgs{\n\t\t\t\tInspectTemplateName: pulumi.String(\"fake\"),\n\t\t\t\tActions: dataloss.PreventionJobTriggerInspectJobActionArray{\n\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobActionArgs{\n\t\t\t\t\t\tSaveFindings: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsArgs{\n\t\t\t\t\t\t\tOutputConfig: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs{\n\t\t\t\t\t\t\t\tTable: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs{\n\t\t\t\t\t\t\t\t\tProjectId: pulumi.String(\"project\"),\n\t\t\t\t\t\t\t\t\tDatasetId: pulumi.String(\"dataset\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tStorageConfig: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigArgs{\n\t\t\t\t\tCloudStorageOptions: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs{\n\t\t\t\t\t\tFileSet: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs{\n\t\t\t\t\t\t\tUrl: pulumi.String(\"gs://mybucket/directory/\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataloss.PreventionJobTrigger;\nimport com.pulumi.gcp.dataloss.PreventionJobTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerScheduleArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basic = new PreventionJobTrigger(\"basic\", PreventionJobTriggerArgs.builder()\n .parent(\"projects/my-project-name\")\n .description(\"Description\")\n .displayName(\"Displayname\")\n .triggers(PreventionJobTriggerTriggerArgs.builder()\n .schedule(PreventionJobTriggerTriggerScheduleArgs.builder()\n .recurrencePeriodDuration(\"86400s\")\n .build())\n .build())\n .inspectJob(PreventionJobTriggerInspectJobArgs.builder()\n .inspectTemplateName(\"fake\")\n .actions(PreventionJobTriggerInspectJobActionArgs.builder()\n .saveFindings(PreventionJobTriggerInspectJobActionSaveFindingsArgs.builder()\n .outputConfig(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs.builder()\n .table(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs.builder()\n .projectId(\"project\")\n .datasetId(\"dataset\")\n .build())\n .build())\n .build())\n .build())\n .storageConfig(PreventionJobTriggerInspectJobStorageConfigArgs.builder()\n .cloudStorageOptions(PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs.builder()\n .fileSet(PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs.builder()\n .url(\"gs://mybucket/directory/\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basic:\n type: gcp:dataloss:PreventionJobTrigger\n properties:\n parent: projects/my-project-name\n description: Description\n displayName: Displayname\n triggers:\n - schedule:\n recurrencePeriodDuration: 86400s\n inspectJob:\n inspectTemplateName: fake\n actions:\n - saveFindings:\n outputConfig:\n table:\n projectId: project\n datasetId: dataset\n storageConfig:\n cloudStorageOptions:\n fileSet:\n url: gs://mybucket/directory/\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dlp Job Trigger Bigquery Row Limit\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst bigqueryRowLimit = new gcp.dataloss.PreventionJobTrigger(\"bigquery_row_limit\", {\n parent: \"projects/my-project-name\",\n description: \"Description\",\n displayName: \"Displayname\",\n triggers: [{\n schedule: {\n recurrencePeriodDuration: \"86400s\",\n },\n }],\n inspectJob: {\n inspectTemplateName: \"fake\",\n actions: [{\n saveFindings: {\n outputConfig: {\n table: {\n projectId: \"project\",\n datasetId: \"dataset\",\n },\n },\n },\n }],\n storageConfig: {\n bigQueryOptions: {\n tableReference: {\n projectId: \"project\",\n datasetId: \"dataset\",\n tableId: \"table_to_scan\",\n },\n rowsLimit: 1000,\n sampleMethod: \"RANDOM_START\",\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbigquery_row_limit = gcp.dataloss.PreventionJobTrigger(\"bigquery_row_limit\",\n parent=\"projects/my-project-name\",\n description=\"Description\",\n display_name=\"Displayname\",\n triggers=[{\n \"schedule\": {\n \"recurrence_period_duration\": \"86400s\",\n },\n }],\n inspect_job={\n \"inspect_template_name\": \"fake\",\n \"actions\": [{\n \"save_findings\": {\n \"output_config\": {\n \"table\": {\n \"project_id\": \"project\",\n \"dataset_id\": \"dataset\",\n },\n },\n },\n }],\n \"storage_config\": {\n \"big_query_options\": {\n \"table_reference\": {\n \"project_id\": \"project\",\n \"dataset_id\": \"dataset\",\n \"table_id\": \"table_to_scan\",\n },\n \"rows_limit\": 1000,\n \"sample_method\": \"RANDOM_START\",\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bigqueryRowLimit = new Gcp.DataLoss.PreventionJobTrigger(\"bigquery_row_limit\", new()\n {\n Parent = \"projects/my-project-name\",\n Description = \"Description\",\n DisplayName = \"Displayname\",\n Triggers = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerArgs\n {\n Schedule = new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerScheduleArgs\n {\n RecurrencePeriodDuration = \"86400s\",\n },\n },\n },\n InspectJob = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobArgs\n {\n InspectTemplateName = \"fake\",\n Actions = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionArgs\n {\n SaveFindings = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsArgs\n {\n OutputConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs\n {\n Table = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs\n {\n ProjectId = \"project\",\n DatasetId = \"dataset\",\n },\n },\n },\n },\n },\n StorageConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigArgs\n {\n BigQueryOptions = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsArgs\n {\n TableReference = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsTableReferenceArgs\n {\n ProjectId = \"project\",\n DatasetId = \"dataset\",\n TableId = \"table_to_scan\",\n },\n RowsLimit = 1000,\n SampleMethod = \"RANDOM_START\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataloss\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataloss.NewPreventionJobTrigger(ctx, \"bigquery_row_limit\", \u0026dataloss.PreventionJobTriggerArgs{\n\t\t\tParent: pulumi.String(\"projects/my-project-name\"),\n\t\t\tDescription: pulumi.String(\"Description\"),\n\t\t\tDisplayName: pulumi.String(\"Displayname\"),\n\t\t\tTriggers: dataloss.PreventionJobTriggerTriggerArray{\n\t\t\t\t\u0026dataloss.PreventionJobTriggerTriggerArgs{\n\t\t\t\t\tSchedule: \u0026dataloss.PreventionJobTriggerTriggerScheduleArgs{\n\t\t\t\t\t\tRecurrencePeriodDuration: pulumi.String(\"86400s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tInspectJob: \u0026dataloss.PreventionJobTriggerInspectJobArgs{\n\t\t\t\tInspectTemplateName: pulumi.String(\"fake\"),\n\t\t\t\tActions: dataloss.PreventionJobTriggerInspectJobActionArray{\n\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobActionArgs{\n\t\t\t\t\t\tSaveFindings: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsArgs{\n\t\t\t\t\t\t\tOutputConfig: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs{\n\t\t\t\t\t\t\t\tTable: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs{\n\t\t\t\t\t\t\t\t\tProjectId: pulumi.String(\"project\"),\n\t\t\t\t\t\t\t\t\tDatasetId: pulumi.String(\"dataset\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tStorageConfig: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigArgs{\n\t\t\t\t\tBigQueryOptions: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsArgs{\n\t\t\t\t\t\tTableReference: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsTableReferenceArgs{\n\t\t\t\t\t\t\tProjectId: pulumi.String(\"project\"),\n\t\t\t\t\t\t\tDatasetId: pulumi.String(\"dataset\"),\n\t\t\t\t\t\t\tTableId: pulumi.String(\"table_to_scan\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tRowsLimit: pulumi.Int(1000),\n\t\t\t\t\t\tSampleMethod: pulumi.String(\"RANDOM_START\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataloss.PreventionJobTrigger;\nimport com.pulumi.gcp.dataloss.PreventionJobTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerScheduleArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsTableReferenceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bigqueryRowLimit = new PreventionJobTrigger(\"bigqueryRowLimit\", PreventionJobTriggerArgs.builder()\n .parent(\"projects/my-project-name\")\n .description(\"Description\")\n .displayName(\"Displayname\")\n .triggers(PreventionJobTriggerTriggerArgs.builder()\n .schedule(PreventionJobTriggerTriggerScheduleArgs.builder()\n .recurrencePeriodDuration(\"86400s\")\n .build())\n .build())\n .inspectJob(PreventionJobTriggerInspectJobArgs.builder()\n .inspectTemplateName(\"fake\")\n .actions(PreventionJobTriggerInspectJobActionArgs.builder()\n .saveFindings(PreventionJobTriggerInspectJobActionSaveFindingsArgs.builder()\n .outputConfig(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs.builder()\n .table(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs.builder()\n .projectId(\"project\")\n .datasetId(\"dataset\")\n .build())\n .build())\n .build())\n .build())\n .storageConfig(PreventionJobTriggerInspectJobStorageConfigArgs.builder()\n .bigQueryOptions(PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsArgs.builder()\n .tableReference(PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsTableReferenceArgs.builder()\n .projectId(\"project\")\n .datasetId(\"dataset\")\n .tableId(\"table_to_scan\")\n .build())\n .rowsLimit(1000)\n .sampleMethod(\"RANDOM_START\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bigqueryRowLimit:\n type: gcp:dataloss:PreventionJobTrigger\n name: bigquery_row_limit\n properties:\n parent: projects/my-project-name\n description: Description\n displayName: Displayname\n triggers:\n - schedule:\n recurrencePeriodDuration: 86400s\n inspectJob:\n inspectTemplateName: fake\n actions:\n - saveFindings:\n outputConfig:\n table:\n projectId: project\n datasetId: dataset\n storageConfig:\n bigQueryOptions:\n tableReference:\n projectId: project\n datasetId: dataset\n tableId: table_to_scan\n rowsLimit: 1000\n sampleMethod: RANDOM_START\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dlp Job Trigger Bigquery Row Limit Percentage\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst bigqueryRowLimitPercentage = new gcp.dataloss.PreventionJobTrigger(\"bigquery_row_limit_percentage\", {\n parent: \"projects/my-project-name\",\n description: \"Description\",\n displayName: \"Displayname\",\n triggers: [{\n schedule: {\n recurrencePeriodDuration: \"86400s\",\n },\n }],\n inspectJob: {\n inspectTemplateName: \"fake\",\n actions: [{\n saveFindings: {\n outputConfig: {\n table: {\n projectId: \"project\",\n datasetId: \"dataset\",\n },\n },\n },\n }],\n storageConfig: {\n bigQueryOptions: {\n tableReference: {\n projectId: \"project\",\n datasetId: \"dataset\",\n tableId: \"table_to_scan\",\n },\n rowsLimitPercent: 50,\n sampleMethod: \"RANDOM_START\",\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbigquery_row_limit_percentage = gcp.dataloss.PreventionJobTrigger(\"bigquery_row_limit_percentage\",\n parent=\"projects/my-project-name\",\n description=\"Description\",\n display_name=\"Displayname\",\n triggers=[{\n \"schedule\": {\n \"recurrence_period_duration\": \"86400s\",\n },\n }],\n inspect_job={\n \"inspect_template_name\": \"fake\",\n \"actions\": [{\n \"save_findings\": {\n \"output_config\": {\n \"table\": {\n \"project_id\": \"project\",\n \"dataset_id\": \"dataset\",\n },\n },\n },\n }],\n \"storage_config\": {\n \"big_query_options\": {\n \"table_reference\": {\n \"project_id\": \"project\",\n \"dataset_id\": \"dataset\",\n \"table_id\": \"table_to_scan\",\n },\n \"rows_limit_percent\": 50,\n \"sample_method\": \"RANDOM_START\",\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bigqueryRowLimitPercentage = new Gcp.DataLoss.PreventionJobTrigger(\"bigquery_row_limit_percentage\", new()\n {\n Parent = \"projects/my-project-name\",\n Description = \"Description\",\n DisplayName = \"Displayname\",\n Triggers = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerArgs\n {\n Schedule = new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerScheduleArgs\n {\n RecurrencePeriodDuration = \"86400s\",\n },\n },\n },\n InspectJob = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobArgs\n {\n InspectTemplateName = \"fake\",\n Actions = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionArgs\n {\n SaveFindings = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsArgs\n {\n OutputConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs\n {\n Table = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs\n {\n ProjectId = \"project\",\n DatasetId = \"dataset\",\n },\n },\n },\n },\n },\n StorageConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigArgs\n {\n BigQueryOptions = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsArgs\n {\n TableReference = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsTableReferenceArgs\n {\n ProjectId = \"project\",\n DatasetId = \"dataset\",\n TableId = \"table_to_scan\",\n },\n RowsLimitPercent = 50,\n SampleMethod = \"RANDOM_START\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataloss\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataloss.NewPreventionJobTrigger(ctx, \"bigquery_row_limit_percentage\", \u0026dataloss.PreventionJobTriggerArgs{\n\t\t\tParent: pulumi.String(\"projects/my-project-name\"),\n\t\t\tDescription: pulumi.String(\"Description\"),\n\t\t\tDisplayName: pulumi.String(\"Displayname\"),\n\t\t\tTriggers: dataloss.PreventionJobTriggerTriggerArray{\n\t\t\t\t\u0026dataloss.PreventionJobTriggerTriggerArgs{\n\t\t\t\t\tSchedule: \u0026dataloss.PreventionJobTriggerTriggerScheduleArgs{\n\t\t\t\t\t\tRecurrencePeriodDuration: pulumi.String(\"86400s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tInspectJob: \u0026dataloss.PreventionJobTriggerInspectJobArgs{\n\t\t\t\tInspectTemplateName: pulumi.String(\"fake\"),\n\t\t\t\tActions: dataloss.PreventionJobTriggerInspectJobActionArray{\n\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobActionArgs{\n\t\t\t\t\t\tSaveFindings: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsArgs{\n\t\t\t\t\t\t\tOutputConfig: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs{\n\t\t\t\t\t\t\t\tTable: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs{\n\t\t\t\t\t\t\t\t\tProjectId: pulumi.String(\"project\"),\n\t\t\t\t\t\t\t\t\tDatasetId: pulumi.String(\"dataset\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tStorageConfig: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigArgs{\n\t\t\t\t\tBigQueryOptions: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsArgs{\n\t\t\t\t\t\tTableReference: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsTableReferenceArgs{\n\t\t\t\t\t\t\tProjectId: pulumi.String(\"project\"),\n\t\t\t\t\t\t\tDatasetId: pulumi.String(\"dataset\"),\n\t\t\t\t\t\t\tTableId: pulumi.String(\"table_to_scan\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tRowsLimitPercent: pulumi.Int(50),\n\t\t\t\t\t\tSampleMethod: pulumi.String(\"RANDOM_START\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataloss.PreventionJobTrigger;\nimport com.pulumi.gcp.dataloss.PreventionJobTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerScheduleArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsTableReferenceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bigqueryRowLimitPercentage = new PreventionJobTrigger(\"bigqueryRowLimitPercentage\", PreventionJobTriggerArgs.builder()\n .parent(\"projects/my-project-name\")\n .description(\"Description\")\n .displayName(\"Displayname\")\n .triggers(PreventionJobTriggerTriggerArgs.builder()\n .schedule(PreventionJobTriggerTriggerScheduleArgs.builder()\n .recurrencePeriodDuration(\"86400s\")\n .build())\n .build())\n .inspectJob(PreventionJobTriggerInspectJobArgs.builder()\n .inspectTemplateName(\"fake\")\n .actions(PreventionJobTriggerInspectJobActionArgs.builder()\n .saveFindings(PreventionJobTriggerInspectJobActionSaveFindingsArgs.builder()\n .outputConfig(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs.builder()\n .table(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs.builder()\n .projectId(\"project\")\n .datasetId(\"dataset\")\n .build())\n .build())\n .build())\n .build())\n .storageConfig(PreventionJobTriggerInspectJobStorageConfigArgs.builder()\n .bigQueryOptions(PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsArgs.builder()\n .tableReference(PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsTableReferenceArgs.builder()\n .projectId(\"project\")\n .datasetId(\"dataset\")\n .tableId(\"table_to_scan\")\n .build())\n .rowsLimitPercent(50)\n .sampleMethod(\"RANDOM_START\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bigqueryRowLimitPercentage:\n type: gcp:dataloss:PreventionJobTrigger\n name: bigquery_row_limit_percentage\n properties:\n parent: projects/my-project-name\n description: Description\n displayName: Displayname\n triggers:\n - schedule:\n recurrencePeriodDuration: 86400s\n inspectJob:\n inspectTemplateName: fake\n actions:\n - saveFindings:\n outputConfig:\n table:\n projectId: project\n datasetId: dataset\n storageConfig:\n bigQueryOptions:\n tableReference:\n projectId: project\n datasetId: dataset\n tableId: table_to_scan\n rowsLimitPercent: 50\n sampleMethod: RANDOM_START\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dlp Job Trigger Job Notification Emails\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst jobNotificationEmails = new gcp.dataloss.PreventionJobTrigger(\"job_notification_emails\", {\n parent: \"projects/my-project-name\",\n description: \"Description for the job_trigger created by terraform\",\n displayName: \"TerraformDisplayName\",\n triggers: [{\n schedule: {\n recurrencePeriodDuration: \"86400s\",\n },\n }],\n inspectJob: {\n inspectTemplateName: \"sample-inspect-template\",\n actions: [{\n jobNotificationEmails: {},\n }],\n storageConfig: {\n cloudStorageOptions: {\n fileSet: {\n url: \"gs://mybucket/directory/\",\n },\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\njob_notification_emails = gcp.dataloss.PreventionJobTrigger(\"job_notification_emails\",\n parent=\"projects/my-project-name\",\n description=\"Description for the job_trigger created by terraform\",\n display_name=\"TerraformDisplayName\",\n triggers=[{\n \"schedule\": {\n \"recurrence_period_duration\": \"86400s\",\n },\n }],\n inspect_job={\n \"inspect_template_name\": \"sample-inspect-template\",\n \"actions\": [{\n \"job_notification_emails\": {},\n }],\n \"storage_config\": {\n \"cloud_storage_options\": {\n \"file_set\": {\n \"url\": \"gs://mybucket/directory/\",\n },\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var jobNotificationEmails = new Gcp.DataLoss.PreventionJobTrigger(\"job_notification_emails\", new()\n {\n Parent = \"projects/my-project-name\",\n Description = \"Description for the job_trigger created by terraform\",\n DisplayName = \"TerraformDisplayName\",\n Triggers = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerArgs\n {\n Schedule = new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerScheduleArgs\n {\n RecurrencePeriodDuration = \"86400s\",\n },\n },\n },\n InspectJob = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobArgs\n {\n InspectTemplateName = \"sample-inspect-template\",\n Actions = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionArgs\n {\n JobNotificationEmails = null,\n },\n },\n StorageConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigArgs\n {\n CloudStorageOptions = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs\n {\n FileSet = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs\n {\n Url = \"gs://mybucket/directory/\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataloss\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataloss.NewPreventionJobTrigger(ctx, \"job_notification_emails\", \u0026dataloss.PreventionJobTriggerArgs{\n\t\t\tParent: pulumi.String(\"projects/my-project-name\"),\n\t\t\tDescription: pulumi.String(\"Description for the job_trigger created by terraform\"),\n\t\t\tDisplayName: pulumi.String(\"TerraformDisplayName\"),\n\t\t\tTriggers: dataloss.PreventionJobTriggerTriggerArray{\n\t\t\t\t\u0026dataloss.PreventionJobTriggerTriggerArgs{\n\t\t\t\t\tSchedule: \u0026dataloss.PreventionJobTriggerTriggerScheduleArgs{\n\t\t\t\t\t\tRecurrencePeriodDuration: pulumi.String(\"86400s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tInspectJob: \u0026dataloss.PreventionJobTriggerInspectJobArgs{\n\t\t\t\tInspectTemplateName: pulumi.String(\"sample-inspect-template\"),\n\t\t\t\tActions: dataloss.PreventionJobTriggerInspectJobActionArray{\n\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobActionArgs{\n\t\t\t\t\t\tJobNotificationEmails: \u0026dataloss.PreventionJobTriggerInspectJobActionJobNotificationEmailsArgs{},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tStorageConfig: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigArgs{\n\t\t\t\t\tCloudStorageOptions: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs{\n\t\t\t\t\t\tFileSet: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs{\n\t\t\t\t\t\t\tUrl: pulumi.String(\"gs://mybucket/directory/\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataloss.PreventionJobTrigger;\nimport com.pulumi.gcp.dataloss.PreventionJobTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerScheduleArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var jobNotificationEmails = new PreventionJobTrigger(\"jobNotificationEmails\", PreventionJobTriggerArgs.builder()\n .parent(\"projects/my-project-name\")\n .description(\"Description for the job_trigger created by terraform\")\n .displayName(\"TerraformDisplayName\")\n .triggers(PreventionJobTriggerTriggerArgs.builder()\n .schedule(PreventionJobTriggerTriggerScheduleArgs.builder()\n .recurrencePeriodDuration(\"86400s\")\n .build())\n .build())\n .inspectJob(PreventionJobTriggerInspectJobArgs.builder()\n .inspectTemplateName(\"sample-inspect-template\")\n .actions(PreventionJobTriggerInspectJobActionArgs.builder()\n .jobNotificationEmails()\n .build())\n .storageConfig(PreventionJobTriggerInspectJobStorageConfigArgs.builder()\n .cloudStorageOptions(PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs.builder()\n .fileSet(PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs.builder()\n .url(\"gs://mybucket/directory/\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n jobNotificationEmails:\n type: gcp:dataloss:PreventionJobTrigger\n name: job_notification_emails\n properties:\n parent: projects/my-project-name\n description: Description for the job_trigger created by terraform\n displayName: TerraformDisplayName\n triggers:\n - schedule:\n recurrencePeriodDuration: 86400s\n inspectJob:\n inspectTemplateName: sample-inspect-template\n actions:\n - jobNotificationEmails: {}\n storageConfig:\n cloudStorageOptions:\n fileSet:\n url: gs://mybucket/directory/\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dlp Job Trigger Deidentify\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.bigquery.Dataset(\"default\", {\n datasetId: \"tf_test\",\n friendlyName: \"terraform-test\",\n description: \"Description for the dataset created by terraform\",\n location: \"US\",\n defaultTableExpirationMs: 3600000,\n labels: {\n env: \"default\",\n },\n});\nconst defaultTable = new gcp.bigquery.Table(\"default\", {\n datasetId: _default.datasetId,\n tableId: \"tf_test\",\n deletionProtection: false,\n timePartitioning: {\n type: \"DAY\",\n },\n labels: {\n env: \"default\",\n },\n schema: ` [\n {\n \"name\": \"quantity\",\n \"type\": \"NUMERIC\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The quantity\"\n },\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"Name of the object\"\n }\n ]\n`,\n});\nconst deidentify = new gcp.dataloss.PreventionJobTrigger(\"deidentify\", {\n parent: \"projects/my-project-name\",\n description: \"Description for the job_trigger created by terraform\",\n displayName: \"TerraformDisplayName\",\n triggers: [{\n schedule: {\n recurrencePeriodDuration: \"86400s\",\n },\n }],\n inspectJob: {\n inspectTemplateName: \"sample-inspect-template\",\n actions: [{\n deidentify: {\n cloudStorageOutput: \"gs://samplebucket/dir/\",\n fileTypesToTransforms: [\n \"CSV\",\n \"TSV\",\n ],\n transformationDetailsStorageConfig: {\n table: {\n projectId: \"my-project-name\",\n datasetId: _default.datasetId,\n tableId: defaultTable.tableId,\n },\n },\n transformationConfig: {\n deidentifyTemplate: \"sample-deidentify-template\",\n imageRedactTemplate: \"sample-image-redact-template\",\n structuredDeidentifyTemplate: \"sample-structured-deidentify-template\",\n },\n },\n }],\n storageConfig: {\n cloudStorageOptions: {\n fileSet: {\n url: \"gs://mybucket/directory/\",\n },\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.bigquery.Dataset(\"default\",\n dataset_id=\"tf_test\",\n friendly_name=\"terraform-test\",\n description=\"Description for the dataset created by terraform\",\n location=\"US\",\n default_table_expiration_ms=3600000,\n labels={\n \"env\": \"default\",\n })\ndefault_table = gcp.bigquery.Table(\"default\",\n dataset_id=default.dataset_id,\n table_id=\"tf_test\",\n deletion_protection=False,\n time_partitioning={\n \"type\": \"DAY\",\n },\n labels={\n \"env\": \"default\",\n },\n schema=\"\"\" [\n {\n \"name\": \"quantity\",\n \"type\": \"NUMERIC\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The quantity\"\n },\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"Name of the object\"\n }\n ]\n\"\"\")\ndeidentify = gcp.dataloss.PreventionJobTrigger(\"deidentify\",\n parent=\"projects/my-project-name\",\n description=\"Description for the job_trigger created by terraform\",\n display_name=\"TerraformDisplayName\",\n triggers=[{\n \"schedule\": {\n \"recurrence_period_duration\": \"86400s\",\n },\n }],\n inspect_job={\n \"inspect_template_name\": \"sample-inspect-template\",\n \"actions\": [{\n \"deidentify\": {\n \"cloud_storage_output\": \"gs://samplebucket/dir/\",\n \"file_types_to_transforms\": [\n \"CSV\",\n \"TSV\",\n ],\n \"transformation_details_storage_config\": {\n \"table\": {\n \"project_id\": \"my-project-name\",\n \"dataset_id\": default.dataset_id,\n \"table_id\": default_table.table_id,\n },\n },\n \"transformation_config\": {\n \"deidentify_template\": \"sample-deidentify-template\",\n \"image_redact_template\": \"sample-image-redact-template\",\n \"structured_deidentify_template\": \"sample-structured-deidentify-template\",\n },\n },\n }],\n \"storage_config\": {\n \"cloud_storage_options\": {\n \"file_set\": {\n \"url\": \"gs://mybucket/directory/\",\n },\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.BigQuery.Dataset(\"default\", new()\n {\n DatasetId = \"tf_test\",\n FriendlyName = \"terraform-test\",\n Description = \"Description for the dataset created by terraform\",\n Location = \"US\",\n DefaultTableExpirationMs = 3600000,\n Labels = \n {\n { \"env\", \"default\" },\n },\n });\n\n var defaultTable = new Gcp.BigQuery.Table(\"default\", new()\n {\n DatasetId = @default.DatasetId,\n TableId = \"tf_test\",\n DeletionProtection = false,\n TimePartitioning = new Gcp.BigQuery.Inputs.TableTimePartitioningArgs\n {\n Type = \"DAY\",\n },\n Labels = \n {\n { \"env\", \"default\" },\n },\n Schema = @\" [\n {\n \"\"name\"\": \"\"quantity\"\",\n \"\"type\"\": \"\"NUMERIC\"\",\n \"\"mode\"\": \"\"NULLABLE\"\",\n \"\"description\"\": \"\"The quantity\"\"\n },\n {\n \"\"name\"\": \"\"name\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"mode\"\": \"\"NULLABLE\"\",\n \"\"description\"\": \"\"Name of the object\"\"\n }\n ]\n\",\n });\n\n var deidentify = new Gcp.DataLoss.PreventionJobTrigger(\"deidentify\", new()\n {\n Parent = \"projects/my-project-name\",\n Description = \"Description for the job_trigger created by terraform\",\n DisplayName = \"TerraformDisplayName\",\n Triggers = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerArgs\n {\n Schedule = new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerScheduleArgs\n {\n RecurrencePeriodDuration = \"86400s\",\n },\n },\n },\n InspectJob = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobArgs\n {\n InspectTemplateName = \"sample-inspect-template\",\n Actions = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionArgs\n {\n Deidentify = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionDeidentifyArgs\n {\n CloudStorageOutput = \"gs://samplebucket/dir/\",\n FileTypesToTransforms = new[]\n {\n \"CSV\",\n \"TSV\",\n },\n TransformationDetailsStorageConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionDeidentifyTransformationDetailsStorageConfigArgs\n {\n Table = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionDeidentifyTransformationDetailsStorageConfigTableArgs\n {\n ProjectId = \"my-project-name\",\n DatasetId = @default.DatasetId,\n TableId = defaultTable.TableId,\n },\n },\n TransformationConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionDeidentifyTransformationConfigArgs\n {\n DeidentifyTemplate = \"sample-deidentify-template\",\n ImageRedactTemplate = \"sample-image-redact-template\",\n StructuredDeidentifyTemplate = \"sample-structured-deidentify-template\",\n },\n },\n },\n },\n StorageConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigArgs\n {\n CloudStorageOptions = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs\n {\n FileSet = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs\n {\n Url = \"gs://mybucket/directory/\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataloss\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewDataset(ctx, \"default\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"tf_test\"),\n\t\t\tFriendlyName: pulumi.String(\"terraform-test\"),\n\t\t\tDescription: pulumi.String(\"Description for the dataset created by terraform\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tDefaultTableExpirationMs: pulumi.Int(3600000),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"env\": pulumi.String(\"default\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTable, err := bigquery.NewTable(ctx, \"default\", \u0026bigquery.TableArgs{\n\t\t\tDatasetId: _default.DatasetId,\n\t\t\tTableId: pulumi.String(\"tf_test\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tTimePartitioning: \u0026bigquery.TableTimePartitioningArgs{\n\t\t\t\tType: pulumi.String(\"DAY\"),\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"env\": pulumi.String(\"default\"),\n\t\t\t},\n\t\t\tSchema: pulumi.String(` [\n {\n \"name\": \"quantity\",\n \"type\": \"NUMERIC\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The quantity\"\n },\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"Name of the object\"\n }\n ]\n`),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataloss.NewPreventionJobTrigger(ctx, \"deidentify\", \u0026dataloss.PreventionJobTriggerArgs{\n\t\t\tParent: pulumi.String(\"projects/my-project-name\"),\n\t\t\tDescription: pulumi.String(\"Description for the job_trigger created by terraform\"),\n\t\t\tDisplayName: pulumi.String(\"TerraformDisplayName\"),\n\t\t\tTriggers: dataloss.PreventionJobTriggerTriggerArray{\n\t\t\t\t\u0026dataloss.PreventionJobTriggerTriggerArgs{\n\t\t\t\t\tSchedule: \u0026dataloss.PreventionJobTriggerTriggerScheduleArgs{\n\t\t\t\t\t\tRecurrencePeriodDuration: pulumi.String(\"86400s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tInspectJob: \u0026dataloss.PreventionJobTriggerInspectJobArgs{\n\t\t\t\tInspectTemplateName: pulumi.String(\"sample-inspect-template\"),\n\t\t\t\tActions: dataloss.PreventionJobTriggerInspectJobActionArray{\n\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobActionArgs{\n\t\t\t\t\t\tDeidentify: \u0026dataloss.PreventionJobTriggerInspectJobActionDeidentifyArgs{\n\t\t\t\t\t\t\tCloudStorageOutput: pulumi.String(\"gs://samplebucket/dir/\"),\n\t\t\t\t\t\t\tFileTypesToTransforms: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"CSV\"),\n\t\t\t\t\t\t\t\tpulumi.String(\"TSV\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tTransformationDetailsStorageConfig: \u0026dataloss.PreventionJobTriggerInspectJobActionDeidentifyTransformationDetailsStorageConfigArgs{\n\t\t\t\t\t\t\t\tTable: \u0026dataloss.PreventionJobTriggerInspectJobActionDeidentifyTransformationDetailsStorageConfigTableArgs{\n\t\t\t\t\t\t\t\t\tProjectId: pulumi.String(\"my-project-name\"),\n\t\t\t\t\t\t\t\t\tDatasetId: _default.DatasetId,\n\t\t\t\t\t\t\t\t\tTableId: defaultTable.TableId,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tTransformationConfig: \u0026dataloss.PreventionJobTriggerInspectJobActionDeidentifyTransformationConfigArgs{\n\t\t\t\t\t\t\t\tDeidentifyTemplate: pulumi.String(\"sample-deidentify-template\"),\n\t\t\t\t\t\t\t\tImageRedactTemplate: pulumi.String(\"sample-image-redact-template\"),\n\t\t\t\t\t\t\t\tStructuredDeidentifyTemplate: pulumi.String(\"sample-structured-deidentify-template\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tStorageConfig: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigArgs{\n\t\t\t\t\tCloudStorageOptions: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs{\n\t\t\t\t\t\tFileSet: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs{\n\t\t\t\t\t\t\tUrl: pulumi.String(\"gs://mybucket/directory/\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Table;\nimport com.pulumi.gcp.bigquery.TableArgs;\nimport com.pulumi.gcp.bigquery.inputs.TableTimePartitioningArgs;\nimport com.pulumi.gcp.dataloss.PreventionJobTrigger;\nimport com.pulumi.gcp.dataloss.PreventionJobTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerScheduleArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Dataset(\"default\", DatasetArgs.builder()\n .datasetId(\"tf_test\")\n .friendlyName(\"terraform-test\")\n .description(\"Description for the dataset created by terraform\")\n .location(\"US\")\n .defaultTableExpirationMs(3600000)\n .labels(Map.of(\"env\", \"default\"))\n .build());\n\n var defaultTable = new Table(\"defaultTable\", TableArgs.builder()\n .datasetId(default_.datasetId())\n .tableId(\"tf_test\")\n .deletionProtection(false)\n .timePartitioning(TableTimePartitioningArgs.builder()\n .type(\"DAY\")\n .build())\n .labels(Map.of(\"env\", \"default\"))\n .schema(\"\"\"\n [\n {\n \"name\": \"quantity\",\n \"type\": \"NUMERIC\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The quantity\"\n },\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"Name of the object\"\n }\n ]\n \"\"\")\n .build());\n\n var deidentify = new PreventionJobTrigger(\"deidentify\", PreventionJobTriggerArgs.builder()\n .parent(\"projects/my-project-name\")\n .description(\"Description for the job_trigger created by terraform\")\n .displayName(\"TerraformDisplayName\")\n .triggers(PreventionJobTriggerTriggerArgs.builder()\n .schedule(PreventionJobTriggerTriggerScheduleArgs.builder()\n .recurrencePeriodDuration(\"86400s\")\n .build())\n .build())\n .inspectJob(PreventionJobTriggerInspectJobArgs.builder()\n .inspectTemplateName(\"sample-inspect-template\")\n .actions(PreventionJobTriggerInspectJobActionArgs.builder()\n .deidentify(PreventionJobTriggerInspectJobActionDeidentifyArgs.builder()\n .cloudStorageOutput(\"gs://samplebucket/dir/\")\n .fileTypesToTransforms( \n \"CSV\",\n \"TSV\")\n .transformationDetailsStorageConfig(PreventionJobTriggerInspectJobActionDeidentifyTransformationDetailsStorageConfigArgs.builder()\n .table(PreventionJobTriggerInspectJobActionDeidentifyTransformationDetailsStorageConfigTableArgs.builder()\n .projectId(\"my-project-name\")\n .datasetId(default_.datasetId())\n .tableId(defaultTable.tableId())\n .build())\n .build())\n .transformationConfig(PreventionJobTriggerInspectJobActionDeidentifyTransformationConfigArgs.builder()\n .deidentifyTemplate(\"sample-deidentify-template\")\n .imageRedactTemplate(\"sample-image-redact-template\")\n .structuredDeidentifyTemplate(\"sample-structured-deidentify-template\")\n .build())\n .build())\n .build())\n .storageConfig(PreventionJobTriggerInspectJobStorageConfigArgs.builder()\n .cloudStorageOptions(PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs.builder()\n .fileSet(PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs.builder()\n .url(\"gs://mybucket/directory/\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n deidentify:\n type: gcp:dataloss:PreventionJobTrigger\n properties:\n parent: projects/my-project-name\n description: Description for the job_trigger created by terraform\n displayName: TerraformDisplayName\n triggers:\n - schedule:\n recurrencePeriodDuration: 86400s\n inspectJob:\n inspectTemplateName: sample-inspect-template\n actions:\n - deidentify:\n cloudStorageOutput: gs://samplebucket/dir/\n fileTypesToTransforms:\n - CSV\n - TSV\n transformationDetailsStorageConfig:\n table:\n projectId: my-project-name\n datasetId: ${default.datasetId}\n tableId: ${defaultTable.tableId}\n transformationConfig:\n deidentifyTemplate: sample-deidentify-template\n imageRedactTemplate: sample-image-redact-template\n structuredDeidentifyTemplate: sample-structured-deidentify-template\n storageConfig:\n cloudStorageOptions:\n fileSet:\n url: gs://mybucket/directory/\n default:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: tf_test\n friendlyName: terraform-test\n description: Description for the dataset created by terraform\n location: US\n defaultTableExpirationMs: 3.6e+06\n labels:\n env: default\n defaultTable:\n type: gcp:bigquery:Table\n name: default\n properties:\n datasetId: ${default.datasetId}\n tableId: tf_test\n deletionProtection: false\n timePartitioning:\n type: DAY\n labels:\n env: default\n schema: |2\n [\n {\n \"name\": \"quantity\",\n \"type\": \"NUMERIC\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The quantity\"\n },\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"Name of the object\"\n }\n ]\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dlp Job Trigger Hybrid\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hybridTrigger = new gcp.dataloss.PreventionJobTrigger(\"hybrid_trigger\", {\n parent: \"projects/my-project-name\",\n triggers: [{\n manual: {},\n }],\n inspectJob: {\n inspectTemplateName: \"fake\",\n actions: [{\n saveFindings: {\n outputConfig: {\n table: {\n projectId: \"project\",\n datasetId: \"dataset\",\n },\n },\n },\n }],\n storageConfig: {\n hybridOptions: {\n description: \"Hybrid job trigger for data from the comments field of a table that contains customer appointment bookings\",\n requiredFindingLabelKeys: [\"appointment-bookings-comments\"],\n labels: {\n env: \"prod\",\n },\n tableOptions: {\n identifyingFields: [{\n name: \"booking_id\",\n }],\n },\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhybrid_trigger = gcp.dataloss.PreventionJobTrigger(\"hybrid_trigger\",\n parent=\"projects/my-project-name\",\n triggers=[{\n \"manual\": {},\n }],\n inspect_job={\n \"inspect_template_name\": \"fake\",\n \"actions\": [{\n \"save_findings\": {\n \"output_config\": {\n \"table\": {\n \"project_id\": \"project\",\n \"dataset_id\": \"dataset\",\n },\n },\n },\n }],\n \"storage_config\": {\n \"hybrid_options\": {\n \"description\": \"Hybrid job trigger for data from the comments field of a table that contains customer appointment bookings\",\n \"required_finding_label_keys\": [\"appointment-bookings-comments\"],\n \"labels\": {\n \"env\": \"prod\",\n },\n \"table_options\": {\n \"identifying_fields\": [{\n \"name\": \"booking_id\",\n }],\n },\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hybridTrigger = new Gcp.DataLoss.PreventionJobTrigger(\"hybrid_trigger\", new()\n {\n Parent = \"projects/my-project-name\",\n Triggers = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerArgs\n {\n Manual = null,\n },\n },\n InspectJob = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobArgs\n {\n InspectTemplateName = \"fake\",\n Actions = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionArgs\n {\n SaveFindings = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsArgs\n {\n OutputConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs\n {\n Table = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs\n {\n ProjectId = \"project\",\n DatasetId = \"dataset\",\n },\n },\n },\n },\n },\n StorageConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigArgs\n {\n HybridOptions = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigHybridOptionsArgs\n {\n Description = \"Hybrid job trigger for data from the comments field of a table that contains customer appointment bookings\",\n RequiredFindingLabelKeys = new[]\n {\n \"appointment-bookings-comments\",\n },\n Labels = \n {\n { \"env\", \"prod\" },\n },\n TableOptions = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigHybridOptionsTableOptionsArgs\n {\n IdentifyingFields = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigHybridOptionsTableOptionsIdentifyingFieldArgs\n {\n Name = \"booking_id\",\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataloss\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataloss.NewPreventionJobTrigger(ctx, \"hybrid_trigger\", \u0026dataloss.PreventionJobTriggerArgs{\n\t\t\tParent: pulumi.String(\"projects/my-project-name\"),\n\t\t\tTriggers: dataloss.PreventionJobTriggerTriggerArray{\n\t\t\t\t\u0026dataloss.PreventionJobTriggerTriggerArgs{\n\t\t\t\t\tManual: \u0026dataloss.PreventionJobTriggerTriggerManualArgs{},\n\t\t\t\t},\n\t\t\t},\n\t\t\tInspectJob: \u0026dataloss.PreventionJobTriggerInspectJobArgs{\n\t\t\t\tInspectTemplateName: pulumi.String(\"fake\"),\n\t\t\t\tActions: dataloss.PreventionJobTriggerInspectJobActionArray{\n\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobActionArgs{\n\t\t\t\t\t\tSaveFindings: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsArgs{\n\t\t\t\t\t\t\tOutputConfig: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs{\n\t\t\t\t\t\t\t\tTable: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs{\n\t\t\t\t\t\t\t\t\tProjectId: pulumi.String(\"project\"),\n\t\t\t\t\t\t\t\t\tDatasetId: pulumi.String(\"dataset\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tStorageConfig: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigArgs{\n\t\t\t\t\tHybridOptions: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigHybridOptionsArgs{\n\t\t\t\t\t\tDescription: pulumi.String(\"Hybrid job trigger for data from the comments field of a table that contains customer appointment bookings\"),\n\t\t\t\t\t\tRequiredFindingLabelKeys: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"appointment-bookings-comments\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\t\t\t\"env\": pulumi.String(\"prod\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tTableOptions: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigHybridOptionsTableOptionsArgs{\n\t\t\t\t\t\t\tIdentifyingFields: dataloss.PreventionJobTriggerInspectJobStorageConfigHybridOptionsTableOptionsIdentifyingFieldArray{\n\t\t\t\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobStorageConfigHybridOptionsTableOptionsIdentifyingFieldArgs{\n\t\t\t\t\t\t\t\t\tName: pulumi.String(\"booking_id\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataloss.PreventionJobTrigger;\nimport com.pulumi.gcp.dataloss.PreventionJobTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerManualArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigHybridOptionsArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigHybridOptionsTableOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hybridTrigger = new PreventionJobTrigger(\"hybridTrigger\", PreventionJobTriggerArgs.builder()\n .parent(\"projects/my-project-name\")\n .triggers(PreventionJobTriggerTriggerArgs.builder()\n .manual()\n .build())\n .inspectJob(PreventionJobTriggerInspectJobArgs.builder()\n .inspectTemplateName(\"fake\")\n .actions(PreventionJobTriggerInspectJobActionArgs.builder()\n .saveFindings(PreventionJobTriggerInspectJobActionSaveFindingsArgs.builder()\n .outputConfig(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs.builder()\n .table(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs.builder()\n .projectId(\"project\")\n .datasetId(\"dataset\")\n .build())\n .build())\n .build())\n .build())\n .storageConfig(PreventionJobTriggerInspectJobStorageConfigArgs.builder()\n .hybridOptions(PreventionJobTriggerInspectJobStorageConfigHybridOptionsArgs.builder()\n .description(\"Hybrid job trigger for data from the comments field of a table that contains customer appointment bookings\")\n .requiredFindingLabelKeys(\"appointment-bookings-comments\")\n .labels(Map.of(\"env\", \"prod\"))\n .tableOptions(PreventionJobTriggerInspectJobStorageConfigHybridOptionsTableOptionsArgs.builder()\n .identifyingFields(PreventionJobTriggerInspectJobStorageConfigHybridOptionsTableOptionsIdentifyingFieldArgs.builder()\n .name(\"booking_id\")\n .build())\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hybridTrigger:\n type: gcp:dataloss:PreventionJobTrigger\n name: hybrid_trigger\n properties:\n parent: projects/my-project-name\n triggers:\n - manual: {}\n inspectJob:\n inspectTemplateName: fake\n actions:\n - saveFindings:\n outputConfig:\n table:\n projectId: project\n datasetId: dataset\n storageConfig:\n hybridOptions:\n description: Hybrid job trigger for data from the comments field of a table that contains customer appointment bookings\n requiredFindingLabelKeys:\n - appointment-bookings-comments\n labels:\n env: prod\n tableOptions:\n identifyingFields:\n - name: booking_id\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dlp Job Trigger Inspect\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst inspect = new gcp.dataloss.PreventionJobTrigger(\"inspect\", {\n parent: \"projects/my-project-name\",\n description: \"Description\",\n displayName: \"Displayname\",\n triggers: [{\n schedule: {\n recurrencePeriodDuration: \"86400s\",\n },\n }],\n inspectJob: {\n inspectTemplateName: \"fake\",\n actions: [{\n saveFindings: {\n outputConfig: {\n table: {\n projectId: \"project\",\n datasetId: \"dataset\",\n },\n },\n },\n }],\n storageConfig: {\n cloudStorageOptions: {\n fileSet: {\n url: \"gs://mybucket/directory/\",\n },\n },\n },\n inspectConfig: {\n customInfoTypes: [{\n infoType: {\n name: \"MY_CUSTOM_TYPE\",\n },\n likelihood: \"UNLIKELY\",\n regex: {\n pattern: \"test*\",\n },\n }],\n infoTypes: [{\n name: \"EMAIL_ADDRESS\",\n }],\n minLikelihood: \"UNLIKELY\",\n ruleSets: [\n {\n infoTypes: [{\n name: \"EMAIL_ADDRESS\",\n }],\n rules: [{\n exclusionRule: {\n regex: {\n pattern: \".+@example.com\",\n },\n matchingType: \"MATCHING_TYPE_FULL_MATCH\",\n },\n }],\n },\n {\n infoTypes: [{\n name: \"MY_CUSTOM_TYPE\",\n }],\n rules: [{\n hotwordRule: {\n hotwordRegex: {\n pattern: \"example*\",\n },\n proximity: {\n windowBefore: 50,\n },\n likelihoodAdjustment: {\n fixedLikelihood: \"VERY_LIKELY\",\n },\n },\n }],\n },\n ],\n limits: {\n maxFindingsPerItem: 10,\n maxFindingsPerRequest: 50,\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninspect = gcp.dataloss.PreventionJobTrigger(\"inspect\",\n parent=\"projects/my-project-name\",\n description=\"Description\",\n display_name=\"Displayname\",\n triggers=[{\n \"schedule\": {\n \"recurrence_period_duration\": \"86400s\",\n },\n }],\n inspect_job={\n \"inspect_template_name\": \"fake\",\n \"actions\": [{\n \"save_findings\": {\n \"output_config\": {\n \"table\": {\n \"project_id\": \"project\",\n \"dataset_id\": \"dataset\",\n },\n },\n },\n }],\n \"storage_config\": {\n \"cloud_storage_options\": {\n \"file_set\": {\n \"url\": \"gs://mybucket/directory/\",\n },\n },\n },\n \"inspect_config\": {\n \"custom_info_types\": [{\n \"info_type\": {\n \"name\": \"MY_CUSTOM_TYPE\",\n },\n \"likelihood\": \"UNLIKELY\",\n \"regex\": {\n \"pattern\": \"test*\",\n },\n }],\n \"info_types\": [{\n \"name\": \"EMAIL_ADDRESS\",\n }],\n \"min_likelihood\": \"UNLIKELY\",\n \"rule_sets\": [\n {\n \"info_types\": [{\n \"name\": \"EMAIL_ADDRESS\",\n }],\n \"rules\": [{\n \"exclusion_rule\": {\n \"regex\": {\n \"pattern\": \".+@example.com\",\n },\n \"matching_type\": \"MATCHING_TYPE_FULL_MATCH\",\n },\n }],\n },\n {\n \"info_types\": [{\n \"name\": \"MY_CUSTOM_TYPE\",\n }],\n \"rules\": [{\n \"hotword_rule\": {\n \"hotword_regex\": {\n \"pattern\": \"example*\",\n },\n \"proximity\": {\n \"window_before\": 50,\n },\n \"likelihood_adjustment\": {\n \"fixed_likelihood\": \"VERY_LIKELY\",\n },\n },\n }],\n },\n ],\n \"limits\": {\n \"max_findings_per_item\": 10,\n \"max_findings_per_request\": 50,\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var inspect = new Gcp.DataLoss.PreventionJobTrigger(\"inspect\", new()\n {\n Parent = \"projects/my-project-name\",\n Description = \"Description\",\n DisplayName = \"Displayname\",\n Triggers = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerArgs\n {\n Schedule = new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerScheduleArgs\n {\n RecurrencePeriodDuration = \"86400s\",\n },\n },\n },\n InspectJob = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobArgs\n {\n InspectTemplateName = \"fake\",\n Actions = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionArgs\n {\n SaveFindings = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsArgs\n {\n OutputConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs\n {\n Table = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs\n {\n ProjectId = \"project\",\n DatasetId = \"dataset\",\n },\n },\n },\n },\n },\n StorageConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigArgs\n {\n CloudStorageOptions = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs\n {\n FileSet = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs\n {\n Url = \"gs://mybucket/directory/\",\n },\n },\n },\n InspectConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigArgs\n {\n CustomInfoTypes = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigCustomInfoTypeArgs\n {\n InfoType = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigCustomInfoTypeInfoTypeArgs\n {\n Name = \"MY_CUSTOM_TYPE\",\n },\n Likelihood = \"UNLIKELY\",\n Regex = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigCustomInfoTypeRegexArgs\n {\n Pattern = \"test*\",\n },\n },\n },\n InfoTypes = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigInfoTypeArgs\n {\n Name = \"EMAIL_ADDRESS\",\n },\n },\n MinLikelihood = \"UNLIKELY\",\n RuleSets = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigRuleSetArgs\n {\n InfoTypes = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigRuleSetInfoTypeArgs\n {\n Name = \"EMAIL_ADDRESS\",\n },\n },\n Rules = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleArgs\n {\n ExclusionRule = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleExclusionRuleArgs\n {\n Regex = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleExclusionRuleRegexArgs\n {\n Pattern = \".+@example.com\",\n },\n MatchingType = \"MATCHING_TYPE_FULL_MATCH\",\n },\n },\n },\n },\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigRuleSetArgs\n {\n InfoTypes = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigRuleSetInfoTypeArgs\n {\n Name = \"MY_CUSTOM_TYPE\",\n },\n },\n Rules = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleArgs\n {\n HotwordRule = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleHotwordRuleArgs\n {\n HotwordRegex = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleHotwordRuleHotwordRegexArgs\n {\n Pattern = \"example*\",\n },\n Proximity = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleHotwordRuleProximityArgs\n {\n WindowBefore = 50,\n },\n LikelihoodAdjustment = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleHotwordRuleLikelihoodAdjustmentArgs\n {\n FixedLikelihood = \"VERY_LIKELY\",\n },\n },\n },\n },\n },\n },\n Limits = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigLimitsArgs\n {\n MaxFindingsPerItem = 10,\n MaxFindingsPerRequest = 50,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataloss\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataloss.NewPreventionJobTrigger(ctx, \"inspect\", \u0026dataloss.PreventionJobTriggerArgs{\n\t\t\tParent: pulumi.String(\"projects/my-project-name\"),\n\t\t\tDescription: pulumi.String(\"Description\"),\n\t\t\tDisplayName: pulumi.String(\"Displayname\"),\n\t\t\tTriggers: dataloss.PreventionJobTriggerTriggerArray{\n\t\t\t\t\u0026dataloss.PreventionJobTriggerTriggerArgs{\n\t\t\t\t\tSchedule: \u0026dataloss.PreventionJobTriggerTriggerScheduleArgs{\n\t\t\t\t\t\tRecurrencePeriodDuration: pulumi.String(\"86400s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tInspectJob: \u0026dataloss.PreventionJobTriggerInspectJobArgs{\n\t\t\t\tInspectTemplateName: pulumi.String(\"fake\"),\n\t\t\t\tActions: dataloss.PreventionJobTriggerInspectJobActionArray{\n\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobActionArgs{\n\t\t\t\t\t\tSaveFindings: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsArgs{\n\t\t\t\t\t\t\tOutputConfig: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs{\n\t\t\t\t\t\t\t\tTable: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs{\n\t\t\t\t\t\t\t\t\tProjectId: pulumi.String(\"project\"),\n\t\t\t\t\t\t\t\t\tDatasetId: pulumi.String(\"dataset\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tStorageConfig: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigArgs{\n\t\t\t\t\tCloudStorageOptions: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs{\n\t\t\t\t\t\tFileSet: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs{\n\t\t\t\t\t\t\tUrl: pulumi.String(\"gs://mybucket/directory/\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tInspectConfig: \u0026dataloss.PreventionJobTriggerInspectJobInspectConfigArgs{\n\t\t\t\t\tCustomInfoTypes: dataloss.PreventionJobTriggerInspectJobInspectConfigCustomInfoTypeArray{\n\t\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobInspectConfigCustomInfoTypeArgs{\n\t\t\t\t\t\t\tInfoType: \u0026dataloss.PreventionJobTriggerInspectJobInspectConfigCustomInfoTypeInfoTypeArgs{\n\t\t\t\t\t\t\t\tName: pulumi.String(\"MY_CUSTOM_TYPE\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tLikelihood: pulumi.String(\"UNLIKELY\"),\n\t\t\t\t\t\t\tRegex: \u0026dataloss.PreventionJobTriggerInspectJobInspectConfigCustomInfoTypeRegexArgs{\n\t\t\t\t\t\t\t\tPattern: pulumi.String(\"test*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tInfoTypes: dataloss.PreventionJobTriggerInspectJobInspectConfigInfoTypeArray{\n\t\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobInspectConfigInfoTypeArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"EMAIL_ADDRESS\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tMinLikelihood: pulumi.String(\"UNLIKELY\"),\n\t\t\t\t\tRuleSets: dataloss.PreventionJobTriggerInspectJobInspectConfigRuleSetArray{\n\t\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobInspectConfigRuleSetArgs{\n\t\t\t\t\t\t\tInfoTypes: dataloss.PreventionJobTriggerInspectJobInspectConfigRuleSetInfoTypeArray{\n\t\t\t\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobInspectConfigRuleSetInfoTypeArgs{\n\t\t\t\t\t\t\t\t\tName: pulumi.String(\"EMAIL_ADDRESS\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tRules: dataloss.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleArray{\n\t\t\t\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleArgs{\n\t\t\t\t\t\t\t\t\tExclusionRule: \u0026dataloss.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleExclusionRuleArgs{\n\t\t\t\t\t\t\t\t\t\tRegex: \u0026dataloss.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleExclusionRuleRegexArgs{\n\t\t\t\t\t\t\t\t\t\t\tPattern: pulumi.String(\".+@example.com\"),\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tMatchingType: pulumi.String(\"MATCHING_TYPE_FULL_MATCH\"),\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobInspectConfigRuleSetArgs{\n\t\t\t\t\t\t\tInfoTypes: dataloss.PreventionJobTriggerInspectJobInspectConfigRuleSetInfoTypeArray{\n\t\t\t\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobInspectConfigRuleSetInfoTypeArgs{\n\t\t\t\t\t\t\t\t\tName: pulumi.String(\"MY_CUSTOM_TYPE\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tRules: dataloss.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleArray{\n\t\t\t\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleArgs{\n\t\t\t\t\t\t\t\t\tHotwordRule: \u0026dataloss.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleHotwordRuleArgs{\n\t\t\t\t\t\t\t\t\t\tHotwordRegex: \u0026dataloss.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleHotwordRuleHotwordRegexArgs{\n\t\t\t\t\t\t\t\t\t\t\tPattern: pulumi.String(\"example*\"),\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tProximity: \u0026dataloss.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleHotwordRuleProximityArgs{\n\t\t\t\t\t\t\t\t\t\t\tWindowBefore: pulumi.Int(50),\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tLikelihoodAdjustment: \u0026dataloss.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleHotwordRuleLikelihoodAdjustmentArgs{\n\t\t\t\t\t\t\t\t\t\t\tFixedLikelihood: pulumi.String(\"VERY_LIKELY\"),\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tLimits: \u0026dataloss.PreventionJobTriggerInspectJobInspectConfigLimitsArgs{\n\t\t\t\t\t\tMaxFindingsPerItem: pulumi.Int(10),\n\t\t\t\t\t\tMaxFindingsPerRequest: pulumi.Int(50),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataloss.PreventionJobTrigger;\nimport com.pulumi.gcp.dataloss.PreventionJobTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerScheduleArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobInspectConfigArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobInspectConfigLimitsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var inspect = new PreventionJobTrigger(\"inspect\", PreventionJobTriggerArgs.builder()\n .parent(\"projects/my-project-name\")\n .description(\"Description\")\n .displayName(\"Displayname\")\n .triggers(PreventionJobTriggerTriggerArgs.builder()\n .schedule(PreventionJobTriggerTriggerScheduleArgs.builder()\n .recurrencePeriodDuration(\"86400s\")\n .build())\n .build())\n .inspectJob(PreventionJobTriggerInspectJobArgs.builder()\n .inspectTemplateName(\"fake\")\n .actions(PreventionJobTriggerInspectJobActionArgs.builder()\n .saveFindings(PreventionJobTriggerInspectJobActionSaveFindingsArgs.builder()\n .outputConfig(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs.builder()\n .table(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs.builder()\n .projectId(\"project\")\n .datasetId(\"dataset\")\n .build())\n .build())\n .build())\n .build())\n .storageConfig(PreventionJobTriggerInspectJobStorageConfigArgs.builder()\n .cloudStorageOptions(PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs.builder()\n .fileSet(PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs.builder()\n .url(\"gs://mybucket/directory/\")\n .build())\n .build())\n .build())\n .inspectConfig(PreventionJobTriggerInspectJobInspectConfigArgs.builder()\n .customInfoTypes(PreventionJobTriggerInspectJobInspectConfigCustomInfoTypeArgs.builder()\n .infoType(PreventionJobTriggerInspectJobInspectConfigCustomInfoTypeInfoTypeArgs.builder()\n .name(\"MY_CUSTOM_TYPE\")\n .build())\n .likelihood(\"UNLIKELY\")\n .regex(PreventionJobTriggerInspectJobInspectConfigCustomInfoTypeRegexArgs.builder()\n .pattern(\"test*\")\n .build())\n .build())\n .infoTypes(PreventionJobTriggerInspectJobInspectConfigInfoTypeArgs.builder()\n .name(\"EMAIL_ADDRESS\")\n .build())\n .minLikelihood(\"UNLIKELY\")\n .ruleSets( \n PreventionJobTriggerInspectJobInspectConfigRuleSetArgs.builder()\n .infoTypes(PreventionJobTriggerInspectJobInspectConfigRuleSetInfoTypeArgs.builder()\n .name(\"EMAIL_ADDRESS\")\n .build())\n .rules(PreventionJobTriggerInspectJobInspectConfigRuleSetRuleArgs.builder()\n .exclusionRule(PreventionJobTriggerInspectJobInspectConfigRuleSetRuleExclusionRuleArgs.builder()\n .regex(PreventionJobTriggerInspectJobInspectConfigRuleSetRuleExclusionRuleRegexArgs.builder()\n .pattern(\".+@example.com\")\n .build())\n .matchingType(\"MATCHING_TYPE_FULL_MATCH\")\n .build())\n .build())\n .build(),\n PreventionJobTriggerInspectJobInspectConfigRuleSetArgs.builder()\n .infoTypes(PreventionJobTriggerInspectJobInspectConfigRuleSetInfoTypeArgs.builder()\n .name(\"MY_CUSTOM_TYPE\")\n .build())\n .rules(PreventionJobTriggerInspectJobInspectConfigRuleSetRuleArgs.builder()\n .hotwordRule(PreventionJobTriggerInspectJobInspectConfigRuleSetRuleHotwordRuleArgs.builder()\n .hotwordRegex(PreventionJobTriggerInspectJobInspectConfigRuleSetRuleHotwordRuleHotwordRegexArgs.builder()\n .pattern(\"example*\")\n .build())\n .proximity(PreventionJobTriggerInspectJobInspectConfigRuleSetRuleHotwordRuleProximityArgs.builder()\n .windowBefore(50)\n .build())\n .likelihoodAdjustment(PreventionJobTriggerInspectJobInspectConfigRuleSetRuleHotwordRuleLikelihoodAdjustmentArgs.builder()\n .fixedLikelihood(\"VERY_LIKELY\")\n .build())\n .build())\n .build())\n .build())\n .limits(PreventionJobTriggerInspectJobInspectConfigLimitsArgs.builder()\n .maxFindingsPerItem(10)\n .maxFindingsPerRequest(50)\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n inspect:\n type: gcp:dataloss:PreventionJobTrigger\n properties:\n parent: projects/my-project-name\n description: Description\n displayName: Displayname\n triggers:\n - schedule:\n recurrencePeriodDuration: 86400s\n inspectJob:\n inspectTemplateName: fake\n actions:\n - saveFindings:\n outputConfig:\n table:\n projectId: project\n datasetId: dataset\n storageConfig:\n cloudStorageOptions:\n fileSet:\n url: gs://mybucket/directory/\n inspectConfig:\n customInfoTypes:\n - infoType:\n name: MY_CUSTOM_TYPE\n likelihood: UNLIKELY\n regex:\n pattern: test*\n infoTypes:\n - name: EMAIL_ADDRESS\n minLikelihood: UNLIKELY\n ruleSets:\n - infoTypes:\n - name: EMAIL_ADDRESS\n rules:\n - exclusionRule:\n regex:\n pattern: .+@example.com\n matchingType: MATCHING_TYPE_FULL_MATCH\n - infoTypes:\n - name: MY_CUSTOM_TYPE\n rules:\n - hotwordRule:\n hotwordRegex:\n pattern: example*\n proximity:\n windowBefore: 50\n likelihoodAdjustment:\n fixedLikelihood: VERY_LIKELY\n limits:\n maxFindingsPerItem: 10\n maxFindingsPerRequest: 50\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dlp Job Trigger Publish To Stackdriver\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst publishToStackdriver = new gcp.dataloss.PreventionJobTrigger(\"publish_to_stackdriver\", {\n parent: \"projects/my-project-name\",\n description: \"Description for the job_trigger created by terraform\",\n displayName: \"TerraformDisplayName\",\n triggers: [{\n schedule: {\n recurrencePeriodDuration: \"86400s\",\n },\n }],\n inspectJob: {\n inspectTemplateName: \"sample-inspect-template\",\n actions: [{\n publishToStackdriver: {},\n }],\n storageConfig: {\n cloudStorageOptions: {\n fileSet: {\n url: \"gs://mybucket/directory/\",\n },\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npublish_to_stackdriver = gcp.dataloss.PreventionJobTrigger(\"publish_to_stackdriver\",\n parent=\"projects/my-project-name\",\n description=\"Description for the job_trigger created by terraform\",\n display_name=\"TerraformDisplayName\",\n triggers=[{\n \"schedule\": {\n \"recurrence_period_duration\": \"86400s\",\n },\n }],\n inspect_job={\n \"inspect_template_name\": \"sample-inspect-template\",\n \"actions\": [{\n \"publish_to_stackdriver\": {},\n }],\n \"storage_config\": {\n \"cloud_storage_options\": {\n \"file_set\": {\n \"url\": \"gs://mybucket/directory/\",\n },\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var publishToStackdriver = new Gcp.DataLoss.PreventionJobTrigger(\"publish_to_stackdriver\", new()\n {\n Parent = \"projects/my-project-name\",\n Description = \"Description for the job_trigger created by terraform\",\n DisplayName = \"TerraformDisplayName\",\n Triggers = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerArgs\n {\n Schedule = new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerScheduleArgs\n {\n RecurrencePeriodDuration = \"86400s\",\n },\n },\n },\n InspectJob = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobArgs\n {\n InspectTemplateName = \"sample-inspect-template\",\n Actions = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionArgs\n {\n PublishToStackdriver = null,\n },\n },\n StorageConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigArgs\n {\n CloudStorageOptions = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs\n {\n FileSet = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs\n {\n Url = \"gs://mybucket/directory/\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataloss\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataloss.NewPreventionJobTrigger(ctx, \"publish_to_stackdriver\", \u0026dataloss.PreventionJobTriggerArgs{\n\t\t\tParent: pulumi.String(\"projects/my-project-name\"),\n\t\t\tDescription: pulumi.String(\"Description for the job_trigger created by terraform\"),\n\t\t\tDisplayName: pulumi.String(\"TerraformDisplayName\"),\n\t\t\tTriggers: dataloss.PreventionJobTriggerTriggerArray{\n\t\t\t\t\u0026dataloss.PreventionJobTriggerTriggerArgs{\n\t\t\t\t\tSchedule: \u0026dataloss.PreventionJobTriggerTriggerScheduleArgs{\n\t\t\t\t\t\tRecurrencePeriodDuration: pulumi.String(\"86400s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tInspectJob: \u0026dataloss.PreventionJobTriggerInspectJobArgs{\n\t\t\t\tInspectTemplateName: pulumi.String(\"sample-inspect-template\"),\n\t\t\t\tActions: dataloss.PreventionJobTriggerInspectJobActionArray{\n\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobActionArgs{\n\t\t\t\t\t\tPublishToStackdriver: \u0026dataloss.PreventionJobTriggerInspectJobActionPublishToStackdriverArgs{},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tStorageConfig: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigArgs{\n\t\t\t\t\tCloudStorageOptions: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs{\n\t\t\t\t\t\tFileSet: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs{\n\t\t\t\t\t\t\tUrl: pulumi.String(\"gs://mybucket/directory/\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataloss.PreventionJobTrigger;\nimport com.pulumi.gcp.dataloss.PreventionJobTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerScheduleArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var publishToStackdriver = new PreventionJobTrigger(\"publishToStackdriver\", PreventionJobTriggerArgs.builder()\n .parent(\"projects/my-project-name\")\n .description(\"Description for the job_trigger created by terraform\")\n .displayName(\"TerraformDisplayName\")\n .triggers(PreventionJobTriggerTriggerArgs.builder()\n .schedule(PreventionJobTriggerTriggerScheduleArgs.builder()\n .recurrencePeriodDuration(\"86400s\")\n .build())\n .build())\n .inspectJob(PreventionJobTriggerInspectJobArgs.builder()\n .inspectTemplateName(\"sample-inspect-template\")\n .actions(PreventionJobTriggerInspectJobActionArgs.builder()\n .publishToStackdriver()\n .build())\n .storageConfig(PreventionJobTriggerInspectJobStorageConfigArgs.builder()\n .cloudStorageOptions(PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs.builder()\n .fileSet(PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs.builder()\n .url(\"gs://mybucket/directory/\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n publishToStackdriver:\n type: gcp:dataloss:PreventionJobTrigger\n name: publish_to_stackdriver\n properties:\n parent: projects/my-project-name\n description: Description for the job_trigger created by terraform\n displayName: TerraformDisplayName\n triggers:\n - schedule:\n recurrencePeriodDuration: 86400s\n inspectJob:\n inspectTemplateName: sample-inspect-template\n actions:\n - publishToStackdriver: {}\n storageConfig:\n cloudStorageOptions:\n fileSet:\n url: gs://mybucket/directory/\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dlp Job Trigger With Id\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst withTriggerId = new gcp.dataloss.PreventionJobTrigger(\"with_trigger_id\", {\n parent: \"projects/my-project-name\",\n description: \"Starting description\",\n displayName: \"display\",\n triggerId: \"id-\",\n triggers: [{\n schedule: {\n recurrencePeriodDuration: \"86400s\",\n },\n }],\n inspectJob: {\n inspectTemplateName: \"fake\",\n actions: [{\n saveFindings: {\n outputConfig: {\n table: {\n projectId: \"project\",\n datasetId: \"dataset123\",\n },\n },\n },\n }],\n storageConfig: {\n cloudStorageOptions: {\n fileSet: {\n url: \"gs://mybucket/directory/\",\n },\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nwith_trigger_id = gcp.dataloss.PreventionJobTrigger(\"with_trigger_id\",\n parent=\"projects/my-project-name\",\n description=\"Starting description\",\n display_name=\"display\",\n trigger_id=\"id-\",\n triggers=[{\n \"schedule\": {\n \"recurrence_period_duration\": \"86400s\",\n },\n }],\n inspect_job={\n \"inspect_template_name\": \"fake\",\n \"actions\": [{\n \"save_findings\": {\n \"output_config\": {\n \"table\": {\n \"project_id\": \"project\",\n \"dataset_id\": \"dataset123\",\n },\n },\n },\n }],\n \"storage_config\": {\n \"cloud_storage_options\": {\n \"file_set\": {\n \"url\": \"gs://mybucket/directory/\",\n },\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var withTriggerId = new Gcp.DataLoss.PreventionJobTrigger(\"with_trigger_id\", new()\n {\n Parent = \"projects/my-project-name\",\n Description = \"Starting description\",\n DisplayName = \"display\",\n TriggerId = \"id-\",\n Triggers = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerArgs\n {\n Schedule = new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerScheduleArgs\n {\n RecurrencePeriodDuration = \"86400s\",\n },\n },\n },\n InspectJob = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobArgs\n {\n InspectTemplateName = \"fake\",\n Actions = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionArgs\n {\n SaveFindings = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsArgs\n {\n OutputConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs\n {\n Table = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs\n {\n ProjectId = \"project\",\n DatasetId = \"dataset123\",\n },\n },\n },\n },\n },\n StorageConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigArgs\n {\n CloudStorageOptions = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs\n {\n FileSet = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs\n {\n Url = \"gs://mybucket/directory/\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataloss\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataloss.NewPreventionJobTrigger(ctx, \"with_trigger_id\", \u0026dataloss.PreventionJobTriggerArgs{\n\t\t\tParent: pulumi.String(\"projects/my-project-name\"),\n\t\t\tDescription: pulumi.String(\"Starting description\"),\n\t\t\tDisplayName: pulumi.String(\"display\"),\n\t\t\tTriggerId: pulumi.String(\"id-\"),\n\t\t\tTriggers: dataloss.PreventionJobTriggerTriggerArray{\n\t\t\t\t\u0026dataloss.PreventionJobTriggerTriggerArgs{\n\t\t\t\t\tSchedule: \u0026dataloss.PreventionJobTriggerTriggerScheduleArgs{\n\t\t\t\t\t\tRecurrencePeriodDuration: pulumi.String(\"86400s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tInspectJob: \u0026dataloss.PreventionJobTriggerInspectJobArgs{\n\t\t\t\tInspectTemplateName: pulumi.String(\"fake\"),\n\t\t\t\tActions: dataloss.PreventionJobTriggerInspectJobActionArray{\n\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobActionArgs{\n\t\t\t\t\t\tSaveFindings: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsArgs{\n\t\t\t\t\t\t\tOutputConfig: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs{\n\t\t\t\t\t\t\t\tTable: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs{\n\t\t\t\t\t\t\t\t\tProjectId: pulumi.String(\"project\"),\n\t\t\t\t\t\t\t\t\tDatasetId: pulumi.String(\"dataset123\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tStorageConfig: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigArgs{\n\t\t\t\t\tCloudStorageOptions: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs{\n\t\t\t\t\t\tFileSet: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs{\n\t\t\t\t\t\t\tUrl: pulumi.String(\"gs://mybucket/directory/\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataloss.PreventionJobTrigger;\nimport com.pulumi.gcp.dataloss.PreventionJobTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerScheduleArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var withTriggerId = new PreventionJobTrigger(\"withTriggerId\", PreventionJobTriggerArgs.builder()\n .parent(\"projects/my-project-name\")\n .description(\"Starting description\")\n .displayName(\"display\")\n .triggerId(\"id-\")\n .triggers(PreventionJobTriggerTriggerArgs.builder()\n .schedule(PreventionJobTriggerTriggerScheduleArgs.builder()\n .recurrencePeriodDuration(\"86400s\")\n .build())\n .build())\n .inspectJob(PreventionJobTriggerInspectJobArgs.builder()\n .inspectTemplateName(\"fake\")\n .actions(PreventionJobTriggerInspectJobActionArgs.builder()\n .saveFindings(PreventionJobTriggerInspectJobActionSaveFindingsArgs.builder()\n .outputConfig(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs.builder()\n .table(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs.builder()\n .projectId(\"project\")\n .datasetId(\"dataset123\")\n .build())\n .build())\n .build())\n .build())\n .storageConfig(PreventionJobTriggerInspectJobStorageConfigArgs.builder()\n .cloudStorageOptions(PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs.builder()\n .fileSet(PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs.builder()\n .url(\"gs://mybucket/directory/\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n withTriggerId:\n type: gcp:dataloss:PreventionJobTrigger\n name: with_trigger_id\n properties:\n parent: projects/my-project-name\n description: Starting description\n displayName: display\n triggerId: id-\n triggers:\n - schedule:\n recurrencePeriodDuration: 86400s\n inspectJob:\n inspectTemplateName: fake\n actions:\n - saveFindings:\n outputConfig:\n table:\n projectId: project\n datasetId: dataset123\n storageConfig:\n cloudStorageOptions:\n fileSet:\n url: gs://mybucket/directory/\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dlp Job Trigger Multiple Actions\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = new gcp.dataloss.PreventionJobTrigger(\"basic\", {\n parent: \"projects/my-project-name\",\n description: \"Description\",\n displayName: \"Displayname\",\n triggers: [{\n schedule: {\n recurrencePeriodDuration: \"86400s\",\n },\n }],\n inspectJob: {\n inspectTemplateName: \"fake\",\n actions: [\n {\n saveFindings: {\n outputConfig: {\n table: {\n projectId: \"project\",\n datasetId: \"dataset\",\n },\n },\n },\n },\n {\n pubSub: {\n topic: \"projects/project/topics/topic-name\",\n },\n },\n ],\n storageConfig: {\n cloudStorageOptions: {\n fileSet: {\n url: \"gs://mybucket/directory/\",\n },\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic = gcp.dataloss.PreventionJobTrigger(\"basic\",\n parent=\"projects/my-project-name\",\n description=\"Description\",\n display_name=\"Displayname\",\n triggers=[{\n \"schedule\": {\n \"recurrence_period_duration\": \"86400s\",\n },\n }],\n inspect_job={\n \"inspect_template_name\": \"fake\",\n \"actions\": [\n {\n \"save_findings\": {\n \"output_config\": {\n \"table\": {\n \"project_id\": \"project\",\n \"dataset_id\": \"dataset\",\n },\n },\n },\n },\n {\n \"pub_sub\": {\n \"topic\": \"projects/project/topics/topic-name\",\n },\n },\n ],\n \"storage_config\": {\n \"cloud_storage_options\": {\n \"file_set\": {\n \"url\": \"gs://mybucket/directory/\",\n },\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = new Gcp.DataLoss.PreventionJobTrigger(\"basic\", new()\n {\n Parent = \"projects/my-project-name\",\n Description = \"Description\",\n DisplayName = \"Displayname\",\n Triggers = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerArgs\n {\n Schedule = new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerScheduleArgs\n {\n RecurrencePeriodDuration = \"86400s\",\n },\n },\n },\n InspectJob = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobArgs\n {\n InspectTemplateName = \"fake\",\n Actions = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionArgs\n {\n SaveFindings = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsArgs\n {\n OutputConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs\n {\n Table = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs\n {\n ProjectId = \"project\",\n DatasetId = \"dataset\",\n },\n },\n },\n },\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionArgs\n {\n PubSub = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionPubSubArgs\n {\n Topic = \"projects/project/topics/topic-name\",\n },\n },\n },\n StorageConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigArgs\n {\n CloudStorageOptions = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs\n {\n FileSet = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs\n {\n Url = \"gs://mybucket/directory/\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataloss\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataloss.NewPreventionJobTrigger(ctx, \"basic\", \u0026dataloss.PreventionJobTriggerArgs{\n\t\t\tParent: pulumi.String(\"projects/my-project-name\"),\n\t\t\tDescription: pulumi.String(\"Description\"),\n\t\t\tDisplayName: pulumi.String(\"Displayname\"),\n\t\t\tTriggers: dataloss.PreventionJobTriggerTriggerArray{\n\t\t\t\t\u0026dataloss.PreventionJobTriggerTriggerArgs{\n\t\t\t\t\tSchedule: \u0026dataloss.PreventionJobTriggerTriggerScheduleArgs{\n\t\t\t\t\t\tRecurrencePeriodDuration: pulumi.String(\"86400s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tInspectJob: \u0026dataloss.PreventionJobTriggerInspectJobArgs{\n\t\t\t\tInspectTemplateName: pulumi.String(\"fake\"),\n\t\t\t\tActions: dataloss.PreventionJobTriggerInspectJobActionArray{\n\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobActionArgs{\n\t\t\t\t\t\tSaveFindings: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsArgs{\n\t\t\t\t\t\t\tOutputConfig: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs{\n\t\t\t\t\t\t\t\tTable: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs{\n\t\t\t\t\t\t\t\t\tProjectId: pulumi.String(\"project\"),\n\t\t\t\t\t\t\t\t\tDatasetId: pulumi.String(\"dataset\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobActionArgs{\n\t\t\t\t\t\tPubSub: \u0026dataloss.PreventionJobTriggerInspectJobActionPubSubArgs{\n\t\t\t\t\t\t\tTopic: pulumi.String(\"projects/project/topics/topic-name\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tStorageConfig: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigArgs{\n\t\t\t\t\tCloudStorageOptions: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs{\n\t\t\t\t\t\tFileSet: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs{\n\t\t\t\t\t\t\tUrl: pulumi.String(\"gs://mybucket/directory/\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataloss.PreventionJobTrigger;\nimport com.pulumi.gcp.dataloss.PreventionJobTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerScheduleArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basic = new PreventionJobTrigger(\"basic\", PreventionJobTriggerArgs.builder()\n .parent(\"projects/my-project-name\")\n .description(\"Description\")\n .displayName(\"Displayname\")\n .triggers(PreventionJobTriggerTriggerArgs.builder()\n .schedule(PreventionJobTriggerTriggerScheduleArgs.builder()\n .recurrencePeriodDuration(\"86400s\")\n .build())\n .build())\n .inspectJob(PreventionJobTriggerInspectJobArgs.builder()\n .inspectTemplateName(\"fake\")\n .actions( \n PreventionJobTriggerInspectJobActionArgs.builder()\n .saveFindings(PreventionJobTriggerInspectJobActionSaveFindingsArgs.builder()\n .outputConfig(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs.builder()\n .table(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs.builder()\n .projectId(\"project\")\n .datasetId(\"dataset\")\n .build())\n .build())\n .build())\n .build(),\n PreventionJobTriggerInspectJobActionArgs.builder()\n .pubSub(PreventionJobTriggerInspectJobActionPubSubArgs.builder()\n .topic(\"projects/project/topics/topic-name\")\n .build())\n .build())\n .storageConfig(PreventionJobTriggerInspectJobStorageConfigArgs.builder()\n .cloudStorageOptions(PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs.builder()\n .fileSet(PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs.builder()\n .url(\"gs://mybucket/directory/\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basic:\n type: gcp:dataloss:PreventionJobTrigger\n properties:\n parent: projects/my-project-name\n description: Description\n displayName: Displayname\n triggers:\n - schedule:\n recurrencePeriodDuration: 86400s\n inspectJob:\n inspectTemplateName: fake\n actions:\n - saveFindings:\n outputConfig:\n table:\n projectId: project\n datasetId: dataset\n - pubSub:\n topic: projects/project/topics/topic-name\n storageConfig:\n cloudStorageOptions:\n fileSet:\n url: gs://mybucket/directory/\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dlp Job Trigger Cloud Storage Optional Timespan Autopopulation\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = new gcp.dataloss.PreventionJobTrigger(\"basic\", {\n parent: \"projects/my-project-name\",\n description: \"Description\",\n displayName: \"Displayname\",\n triggers: [{\n schedule: {\n recurrencePeriodDuration: \"86400s\",\n },\n }],\n inspectJob: {\n inspectTemplateName: \"fake\",\n actions: [{\n saveFindings: {\n outputConfig: {\n table: {\n projectId: \"project\",\n datasetId: \"dataset\",\n },\n },\n },\n }],\n storageConfig: {\n timespanConfig: {\n enableAutoPopulationOfTimespanConfig: true,\n },\n cloudStorageOptions: {\n fileSet: {\n url: \"gs://mybucket/directory/\",\n },\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic = gcp.dataloss.PreventionJobTrigger(\"basic\",\n parent=\"projects/my-project-name\",\n description=\"Description\",\n display_name=\"Displayname\",\n triggers=[{\n \"schedule\": {\n \"recurrence_period_duration\": \"86400s\",\n },\n }],\n inspect_job={\n \"inspect_template_name\": \"fake\",\n \"actions\": [{\n \"save_findings\": {\n \"output_config\": {\n \"table\": {\n \"project_id\": \"project\",\n \"dataset_id\": \"dataset\",\n },\n },\n },\n }],\n \"storage_config\": {\n \"timespan_config\": {\n \"enable_auto_population_of_timespan_config\": True,\n },\n \"cloud_storage_options\": {\n \"file_set\": {\n \"url\": \"gs://mybucket/directory/\",\n },\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = new Gcp.DataLoss.PreventionJobTrigger(\"basic\", new()\n {\n Parent = \"projects/my-project-name\",\n Description = \"Description\",\n DisplayName = \"Displayname\",\n Triggers = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerArgs\n {\n Schedule = new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerScheduleArgs\n {\n RecurrencePeriodDuration = \"86400s\",\n },\n },\n },\n InspectJob = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobArgs\n {\n InspectTemplateName = \"fake\",\n Actions = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionArgs\n {\n SaveFindings = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsArgs\n {\n OutputConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs\n {\n Table = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs\n {\n ProjectId = \"project\",\n DatasetId = \"dataset\",\n },\n },\n },\n },\n },\n StorageConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigArgs\n {\n TimespanConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigTimespanConfigArgs\n {\n EnableAutoPopulationOfTimespanConfig = true,\n },\n CloudStorageOptions = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs\n {\n FileSet = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs\n {\n Url = \"gs://mybucket/directory/\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataloss\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataloss.NewPreventionJobTrigger(ctx, \"basic\", \u0026dataloss.PreventionJobTriggerArgs{\n\t\t\tParent: pulumi.String(\"projects/my-project-name\"),\n\t\t\tDescription: pulumi.String(\"Description\"),\n\t\t\tDisplayName: pulumi.String(\"Displayname\"),\n\t\t\tTriggers: dataloss.PreventionJobTriggerTriggerArray{\n\t\t\t\t\u0026dataloss.PreventionJobTriggerTriggerArgs{\n\t\t\t\t\tSchedule: \u0026dataloss.PreventionJobTriggerTriggerScheduleArgs{\n\t\t\t\t\t\tRecurrencePeriodDuration: pulumi.String(\"86400s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tInspectJob: \u0026dataloss.PreventionJobTriggerInspectJobArgs{\n\t\t\t\tInspectTemplateName: pulumi.String(\"fake\"),\n\t\t\t\tActions: dataloss.PreventionJobTriggerInspectJobActionArray{\n\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobActionArgs{\n\t\t\t\t\t\tSaveFindings: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsArgs{\n\t\t\t\t\t\t\tOutputConfig: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs{\n\t\t\t\t\t\t\t\tTable: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs{\n\t\t\t\t\t\t\t\t\tProjectId: pulumi.String(\"project\"),\n\t\t\t\t\t\t\t\t\tDatasetId: pulumi.String(\"dataset\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tStorageConfig: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigArgs{\n\t\t\t\t\tTimespanConfig: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigTimespanConfigArgs{\n\t\t\t\t\t\tEnableAutoPopulationOfTimespanConfig: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tCloudStorageOptions: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs{\n\t\t\t\t\t\tFileSet: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs{\n\t\t\t\t\t\t\tUrl: pulumi.String(\"gs://mybucket/directory/\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataloss.PreventionJobTrigger;\nimport com.pulumi.gcp.dataloss.PreventionJobTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerScheduleArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigTimespanConfigArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basic = new PreventionJobTrigger(\"basic\", PreventionJobTriggerArgs.builder()\n .parent(\"projects/my-project-name\")\n .description(\"Description\")\n .displayName(\"Displayname\")\n .triggers(PreventionJobTriggerTriggerArgs.builder()\n .schedule(PreventionJobTriggerTriggerScheduleArgs.builder()\n .recurrencePeriodDuration(\"86400s\")\n .build())\n .build())\n .inspectJob(PreventionJobTriggerInspectJobArgs.builder()\n .inspectTemplateName(\"fake\")\n .actions(PreventionJobTriggerInspectJobActionArgs.builder()\n .saveFindings(PreventionJobTriggerInspectJobActionSaveFindingsArgs.builder()\n .outputConfig(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs.builder()\n .table(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs.builder()\n .projectId(\"project\")\n .datasetId(\"dataset\")\n .build())\n .build())\n .build())\n .build())\n .storageConfig(PreventionJobTriggerInspectJobStorageConfigArgs.builder()\n .timespanConfig(PreventionJobTriggerInspectJobStorageConfigTimespanConfigArgs.builder()\n .enableAutoPopulationOfTimespanConfig(true)\n .build())\n .cloudStorageOptions(PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs.builder()\n .fileSet(PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs.builder()\n .url(\"gs://mybucket/directory/\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basic:\n type: gcp:dataloss:PreventionJobTrigger\n properties:\n parent: projects/my-project-name\n description: Description\n displayName: Displayname\n triggers:\n - schedule:\n recurrencePeriodDuration: 86400s\n inspectJob:\n inspectTemplateName: fake\n actions:\n - saveFindings:\n outputConfig:\n table:\n projectId: project\n datasetId: dataset\n storageConfig:\n timespanConfig:\n enableAutoPopulationOfTimespanConfig: true\n cloudStorageOptions:\n fileSet:\n url: gs://mybucket/directory/\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dlp Job Trigger Timespan Config Big Query\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst timespanConfigBigQuery = new gcp.dataloss.PreventionJobTrigger(\"timespan_config_big_query\", {\n parent: \"projects/my-project-name\",\n description: \"BigQuery DLP Job Trigger with timespan config and row limit\",\n displayName: \"bigquery-dlp-job-trigger-limit-timespan\",\n triggers: [{\n schedule: {\n recurrencePeriodDuration: \"86400s\",\n },\n }],\n inspectJob: {\n inspectTemplateName: \"projects/test/locations/global/inspectTemplates/6425492983381733900\",\n storageConfig: {\n bigQueryOptions: {\n tableReference: {\n projectId: \"project\",\n datasetId: \"dataset\",\n tableId: \"table\",\n },\n sampleMethod: \"\",\n },\n timespanConfig: {\n startTime: \"2023-01-01T00:00:23Z\",\n timestampField: {\n name: \"timestamp\",\n },\n },\n },\n actions: [{\n saveFindings: {\n outputConfig: {\n table: {\n projectId: \"project\",\n datasetId: \"output\",\n },\n },\n },\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntimespan_config_big_query = gcp.dataloss.PreventionJobTrigger(\"timespan_config_big_query\",\n parent=\"projects/my-project-name\",\n description=\"BigQuery DLP Job Trigger with timespan config and row limit\",\n display_name=\"bigquery-dlp-job-trigger-limit-timespan\",\n triggers=[{\n \"schedule\": {\n \"recurrence_period_duration\": \"86400s\",\n },\n }],\n inspect_job={\n \"inspect_template_name\": \"projects/test/locations/global/inspectTemplates/6425492983381733900\",\n \"storage_config\": {\n \"big_query_options\": {\n \"table_reference\": {\n \"project_id\": \"project\",\n \"dataset_id\": \"dataset\",\n \"table_id\": \"table\",\n },\n \"sample_method\": \"\",\n },\n \"timespan_config\": {\n \"start_time\": \"2023-01-01T00:00:23Z\",\n \"timestamp_field\": {\n \"name\": \"timestamp\",\n },\n },\n },\n \"actions\": [{\n \"save_findings\": {\n \"output_config\": {\n \"table\": {\n \"project_id\": \"project\",\n \"dataset_id\": \"output\",\n },\n },\n },\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var timespanConfigBigQuery = new Gcp.DataLoss.PreventionJobTrigger(\"timespan_config_big_query\", new()\n {\n Parent = \"projects/my-project-name\",\n Description = \"BigQuery DLP Job Trigger with timespan config and row limit\",\n DisplayName = \"bigquery-dlp-job-trigger-limit-timespan\",\n Triggers = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerArgs\n {\n Schedule = new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerScheduleArgs\n {\n RecurrencePeriodDuration = \"86400s\",\n },\n },\n },\n InspectJob = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobArgs\n {\n InspectTemplateName = \"projects/test/locations/global/inspectTemplates/6425492983381733900\",\n StorageConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigArgs\n {\n BigQueryOptions = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsArgs\n {\n TableReference = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsTableReferenceArgs\n {\n ProjectId = \"project\",\n DatasetId = \"dataset\",\n TableId = \"table\",\n },\n SampleMethod = \"\",\n },\n TimespanConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigTimespanConfigArgs\n {\n StartTime = \"2023-01-01T00:00:23Z\",\n TimestampField = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigTimespanConfigTimestampFieldArgs\n {\n Name = \"timestamp\",\n },\n },\n },\n Actions = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionArgs\n {\n SaveFindings = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsArgs\n {\n OutputConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs\n {\n Table = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs\n {\n ProjectId = \"project\",\n DatasetId = \"output\",\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataloss\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataloss.NewPreventionJobTrigger(ctx, \"timespan_config_big_query\", \u0026dataloss.PreventionJobTriggerArgs{\n\t\t\tParent: pulumi.String(\"projects/my-project-name\"),\n\t\t\tDescription: pulumi.String(\"BigQuery DLP Job Trigger with timespan config and row limit\"),\n\t\t\tDisplayName: pulumi.String(\"bigquery-dlp-job-trigger-limit-timespan\"),\n\t\t\tTriggers: dataloss.PreventionJobTriggerTriggerArray{\n\t\t\t\t\u0026dataloss.PreventionJobTriggerTriggerArgs{\n\t\t\t\t\tSchedule: \u0026dataloss.PreventionJobTriggerTriggerScheduleArgs{\n\t\t\t\t\t\tRecurrencePeriodDuration: pulumi.String(\"86400s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tInspectJob: \u0026dataloss.PreventionJobTriggerInspectJobArgs{\n\t\t\t\tInspectTemplateName: pulumi.String(\"projects/test/locations/global/inspectTemplates/6425492983381733900\"),\n\t\t\t\tStorageConfig: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigArgs{\n\t\t\t\t\tBigQueryOptions: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsArgs{\n\t\t\t\t\t\tTableReference: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsTableReferenceArgs{\n\t\t\t\t\t\t\tProjectId: pulumi.String(\"project\"),\n\t\t\t\t\t\t\tDatasetId: pulumi.String(\"dataset\"),\n\t\t\t\t\t\t\tTableId: pulumi.String(\"table\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSampleMethod: pulumi.String(\"\"),\n\t\t\t\t\t},\n\t\t\t\t\tTimespanConfig: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigTimespanConfigArgs{\n\t\t\t\t\t\tStartTime: pulumi.String(\"2023-01-01T00:00:23Z\"),\n\t\t\t\t\t\tTimestampField: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigTimespanConfigTimestampFieldArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"timestamp\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tActions: dataloss.PreventionJobTriggerInspectJobActionArray{\n\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobActionArgs{\n\t\t\t\t\t\tSaveFindings: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsArgs{\n\t\t\t\t\t\t\tOutputConfig: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs{\n\t\t\t\t\t\t\t\tTable: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs{\n\t\t\t\t\t\t\t\t\tProjectId: pulumi.String(\"project\"),\n\t\t\t\t\t\t\t\t\tDatasetId: pulumi.String(\"output\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataloss.PreventionJobTrigger;\nimport com.pulumi.gcp.dataloss.PreventionJobTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerScheduleArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsTableReferenceArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigTimespanConfigArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigTimespanConfigTimestampFieldArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var timespanConfigBigQuery = new PreventionJobTrigger(\"timespanConfigBigQuery\", PreventionJobTriggerArgs.builder()\n .parent(\"projects/my-project-name\")\n .description(\"BigQuery DLP Job Trigger with timespan config and row limit\")\n .displayName(\"bigquery-dlp-job-trigger-limit-timespan\")\n .triggers(PreventionJobTriggerTriggerArgs.builder()\n .schedule(PreventionJobTriggerTriggerScheduleArgs.builder()\n .recurrencePeriodDuration(\"86400s\")\n .build())\n .build())\n .inspectJob(PreventionJobTriggerInspectJobArgs.builder()\n .inspectTemplateName(\"projects/test/locations/global/inspectTemplates/6425492983381733900\")\n .storageConfig(PreventionJobTriggerInspectJobStorageConfigArgs.builder()\n .bigQueryOptions(PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsArgs.builder()\n .tableReference(PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsTableReferenceArgs.builder()\n .projectId(\"project\")\n .datasetId(\"dataset\")\n .tableId(\"table\")\n .build())\n .sampleMethod(\"\")\n .build())\n .timespanConfig(PreventionJobTriggerInspectJobStorageConfigTimespanConfigArgs.builder()\n .startTime(\"2023-01-01T00:00:23Z\")\n .timestampField(PreventionJobTriggerInspectJobStorageConfigTimespanConfigTimestampFieldArgs.builder()\n .name(\"timestamp\")\n .build())\n .build())\n .build())\n .actions(PreventionJobTriggerInspectJobActionArgs.builder()\n .saveFindings(PreventionJobTriggerInspectJobActionSaveFindingsArgs.builder()\n .outputConfig(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs.builder()\n .table(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs.builder()\n .projectId(\"project\")\n .datasetId(\"output\")\n .build())\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n timespanConfigBigQuery:\n type: gcp:dataloss:PreventionJobTrigger\n name: timespan_config_big_query\n properties:\n parent: projects/my-project-name\n description: BigQuery DLP Job Trigger with timespan config and row limit\n displayName: bigquery-dlp-job-trigger-limit-timespan\n triggers:\n - schedule:\n recurrencePeriodDuration: 86400s\n inspectJob:\n inspectTemplateName: projects/test/locations/global/inspectTemplates/6425492983381733900\n storageConfig:\n bigQueryOptions:\n tableReference:\n projectId: project\n datasetId: dataset\n tableId: table\n sampleMethod:\n timespanConfig:\n startTime: 2023-01-01T00:00:23Z\n timestampField:\n name: timestamp\n actions:\n - saveFindings:\n outputConfig:\n table:\n projectId: project\n datasetId: output\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nJobTrigger can be imported using any of these accepted formats:\n\n* `{{parent}}/jobTriggers/{{name}}`\n\n* `{{parent}}/{{name}}`\n\nWhen using the `pulumi import` command, JobTrigger can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:dataloss/preventionJobTrigger:PreventionJobTrigger default {{parent}}/jobTriggers/{{name}}\n```\n\n```sh\n$ pulumi import gcp:dataloss/preventionJobTrigger:PreventionJobTrigger default {{parent}}/{{name}}\n```\n\n", + "description": "A job trigger configuration.\n\n\nTo get more information about JobTrigger, see:\n\n* [API documentation](https://cloud.google.com/dlp/docs/reference/rest/v2/projects.jobTriggers)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/dlp/docs/creating-job-triggers)\n\n## Example Usage\n\n### Dlp Job Trigger Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = new gcp.dataloss.PreventionJobTrigger(\"basic\", {\n parent: \"projects/my-project-name\",\n description: \"Description\",\n displayName: \"Displayname\",\n triggers: [{\n schedule: {\n recurrencePeriodDuration: \"86400s\",\n },\n }],\n inspectJob: {\n inspectTemplateName: \"fake\",\n actions: [{\n saveFindings: {\n outputConfig: {\n table: {\n projectId: \"project\",\n datasetId: \"dataset\",\n },\n },\n },\n }],\n storageConfig: {\n cloudStorageOptions: {\n fileSet: {\n url: \"gs://mybucket/directory/\",\n },\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic = gcp.dataloss.PreventionJobTrigger(\"basic\",\n parent=\"projects/my-project-name\",\n description=\"Description\",\n display_name=\"Displayname\",\n triggers=[{\n \"schedule\": {\n \"recurrence_period_duration\": \"86400s\",\n },\n }],\n inspect_job={\n \"inspect_template_name\": \"fake\",\n \"actions\": [{\n \"save_findings\": {\n \"output_config\": {\n \"table\": {\n \"project_id\": \"project\",\n \"dataset_id\": \"dataset\",\n },\n },\n },\n }],\n \"storage_config\": {\n \"cloud_storage_options\": {\n \"file_set\": {\n \"url\": \"gs://mybucket/directory/\",\n },\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = new Gcp.DataLoss.PreventionJobTrigger(\"basic\", new()\n {\n Parent = \"projects/my-project-name\",\n Description = \"Description\",\n DisplayName = \"Displayname\",\n Triggers = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerArgs\n {\n Schedule = new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerScheduleArgs\n {\n RecurrencePeriodDuration = \"86400s\",\n },\n },\n },\n InspectJob = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobArgs\n {\n InspectTemplateName = \"fake\",\n Actions = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionArgs\n {\n SaveFindings = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsArgs\n {\n OutputConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs\n {\n Table = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs\n {\n ProjectId = \"project\",\n DatasetId = \"dataset\",\n },\n },\n },\n },\n },\n StorageConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigArgs\n {\n CloudStorageOptions = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs\n {\n FileSet = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs\n {\n Url = \"gs://mybucket/directory/\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataloss\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataloss.NewPreventionJobTrigger(ctx, \"basic\", \u0026dataloss.PreventionJobTriggerArgs{\n\t\t\tParent: pulumi.String(\"projects/my-project-name\"),\n\t\t\tDescription: pulumi.String(\"Description\"),\n\t\t\tDisplayName: pulumi.String(\"Displayname\"),\n\t\t\tTriggers: dataloss.PreventionJobTriggerTriggerArray{\n\t\t\t\t\u0026dataloss.PreventionJobTriggerTriggerArgs{\n\t\t\t\t\tSchedule: \u0026dataloss.PreventionJobTriggerTriggerScheduleArgs{\n\t\t\t\t\t\tRecurrencePeriodDuration: pulumi.String(\"86400s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tInspectJob: \u0026dataloss.PreventionJobTriggerInspectJobArgs{\n\t\t\t\tInspectTemplateName: pulumi.String(\"fake\"),\n\t\t\t\tActions: dataloss.PreventionJobTriggerInspectJobActionArray{\n\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobActionArgs{\n\t\t\t\t\t\tSaveFindings: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsArgs{\n\t\t\t\t\t\t\tOutputConfig: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs{\n\t\t\t\t\t\t\t\tTable: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs{\n\t\t\t\t\t\t\t\t\tProjectId: pulumi.String(\"project\"),\n\t\t\t\t\t\t\t\t\tDatasetId: pulumi.String(\"dataset\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tStorageConfig: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigArgs{\n\t\t\t\t\tCloudStorageOptions: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs{\n\t\t\t\t\t\tFileSet: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs{\n\t\t\t\t\t\t\tUrl: pulumi.String(\"gs://mybucket/directory/\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataloss.PreventionJobTrigger;\nimport com.pulumi.gcp.dataloss.PreventionJobTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerScheduleArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basic = new PreventionJobTrigger(\"basic\", PreventionJobTriggerArgs.builder()\n .parent(\"projects/my-project-name\")\n .description(\"Description\")\n .displayName(\"Displayname\")\n .triggers(PreventionJobTriggerTriggerArgs.builder()\n .schedule(PreventionJobTriggerTriggerScheduleArgs.builder()\n .recurrencePeriodDuration(\"86400s\")\n .build())\n .build())\n .inspectJob(PreventionJobTriggerInspectJobArgs.builder()\n .inspectTemplateName(\"fake\")\n .actions(PreventionJobTriggerInspectJobActionArgs.builder()\n .saveFindings(PreventionJobTriggerInspectJobActionSaveFindingsArgs.builder()\n .outputConfig(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs.builder()\n .table(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs.builder()\n .projectId(\"project\")\n .datasetId(\"dataset\")\n .build())\n .build())\n .build())\n .build())\n .storageConfig(PreventionJobTriggerInspectJobStorageConfigArgs.builder()\n .cloudStorageOptions(PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs.builder()\n .fileSet(PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs.builder()\n .url(\"gs://mybucket/directory/\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basic:\n type: gcp:dataloss:PreventionJobTrigger\n properties:\n parent: projects/my-project-name\n description: Description\n displayName: Displayname\n triggers:\n - schedule:\n recurrencePeriodDuration: 86400s\n inspectJob:\n inspectTemplateName: fake\n actions:\n - saveFindings:\n outputConfig:\n table:\n projectId: project\n datasetId: dataset\n storageConfig:\n cloudStorageOptions:\n fileSet:\n url: gs://mybucket/directory/\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dlp Job Trigger Bigquery Row Limit\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst bigqueryRowLimit = new gcp.dataloss.PreventionJobTrigger(\"bigquery_row_limit\", {\n parent: \"projects/my-project-name\",\n description: \"Description\",\n displayName: \"Displayname\",\n triggers: [{\n schedule: {\n recurrencePeriodDuration: \"86400s\",\n },\n }],\n inspectJob: {\n inspectTemplateName: \"fake\",\n actions: [{\n saveFindings: {\n outputConfig: {\n table: {\n projectId: \"project\",\n datasetId: \"dataset\",\n },\n },\n },\n }],\n storageConfig: {\n bigQueryOptions: {\n tableReference: {\n projectId: \"project\",\n datasetId: \"dataset\",\n tableId: \"table_to_scan\",\n },\n rowsLimit: 1000,\n sampleMethod: \"RANDOM_START\",\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbigquery_row_limit = gcp.dataloss.PreventionJobTrigger(\"bigquery_row_limit\",\n parent=\"projects/my-project-name\",\n description=\"Description\",\n display_name=\"Displayname\",\n triggers=[{\n \"schedule\": {\n \"recurrence_period_duration\": \"86400s\",\n },\n }],\n inspect_job={\n \"inspect_template_name\": \"fake\",\n \"actions\": [{\n \"save_findings\": {\n \"output_config\": {\n \"table\": {\n \"project_id\": \"project\",\n \"dataset_id\": \"dataset\",\n },\n },\n },\n }],\n \"storage_config\": {\n \"big_query_options\": {\n \"table_reference\": {\n \"project_id\": \"project\",\n \"dataset_id\": \"dataset\",\n \"table_id\": \"table_to_scan\",\n },\n \"rows_limit\": 1000,\n \"sample_method\": \"RANDOM_START\",\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bigqueryRowLimit = new Gcp.DataLoss.PreventionJobTrigger(\"bigquery_row_limit\", new()\n {\n Parent = \"projects/my-project-name\",\n Description = \"Description\",\n DisplayName = \"Displayname\",\n Triggers = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerArgs\n {\n Schedule = new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerScheduleArgs\n {\n RecurrencePeriodDuration = \"86400s\",\n },\n },\n },\n InspectJob = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobArgs\n {\n InspectTemplateName = \"fake\",\n Actions = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionArgs\n {\n SaveFindings = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsArgs\n {\n OutputConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs\n {\n Table = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs\n {\n ProjectId = \"project\",\n DatasetId = \"dataset\",\n },\n },\n },\n },\n },\n StorageConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigArgs\n {\n BigQueryOptions = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsArgs\n {\n TableReference = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsTableReferenceArgs\n {\n ProjectId = \"project\",\n DatasetId = \"dataset\",\n TableId = \"table_to_scan\",\n },\n RowsLimit = 1000,\n SampleMethod = \"RANDOM_START\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataloss\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataloss.NewPreventionJobTrigger(ctx, \"bigquery_row_limit\", \u0026dataloss.PreventionJobTriggerArgs{\n\t\t\tParent: pulumi.String(\"projects/my-project-name\"),\n\t\t\tDescription: pulumi.String(\"Description\"),\n\t\t\tDisplayName: pulumi.String(\"Displayname\"),\n\t\t\tTriggers: dataloss.PreventionJobTriggerTriggerArray{\n\t\t\t\t\u0026dataloss.PreventionJobTriggerTriggerArgs{\n\t\t\t\t\tSchedule: \u0026dataloss.PreventionJobTriggerTriggerScheduleArgs{\n\t\t\t\t\t\tRecurrencePeriodDuration: pulumi.String(\"86400s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tInspectJob: \u0026dataloss.PreventionJobTriggerInspectJobArgs{\n\t\t\t\tInspectTemplateName: pulumi.String(\"fake\"),\n\t\t\t\tActions: dataloss.PreventionJobTriggerInspectJobActionArray{\n\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobActionArgs{\n\t\t\t\t\t\tSaveFindings: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsArgs{\n\t\t\t\t\t\t\tOutputConfig: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs{\n\t\t\t\t\t\t\t\tTable: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs{\n\t\t\t\t\t\t\t\t\tProjectId: pulumi.String(\"project\"),\n\t\t\t\t\t\t\t\t\tDatasetId: pulumi.String(\"dataset\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tStorageConfig: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigArgs{\n\t\t\t\t\tBigQueryOptions: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsArgs{\n\t\t\t\t\t\tTableReference: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsTableReferenceArgs{\n\t\t\t\t\t\t\tProjectId: pulumi.String(\"project\"),\n\t\t\t\t\t\t\tDatasetId: pulumi.String(\"dataset\"),\n\t\t\t\t\t\t\tTableId: pulumi.String(\"table_to_scan\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tRowsLimit: pulumi.Int(1000),\n\t\t\t\t\t\tSampleMethod: pulumi.String(\"RANDOM_START\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataloss.PreventionJobTrigger;\nimport com.pulumi.gcp.dataloss.PreventionJobTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerScheduleArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsTableReferenceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bigqueryRowLimit = new PreventionJobTrigger(\"bigqueryRowLimit\", PreventionJobTriggerArgs.builder()\n .parent(\"projects/my-project-name\")\n .description(\"Description\")\n .displayName(\"Displayname\")\n .triggers(PreventionJobTriggerTriggerArgs.builder()\n .schedule(PreventionJobTriggerTriggerScheduleArgs.builder()\n .recurrencePeriodDuration(\"86400s\")\n .build())\n .build())\n .inspectJob(PreventionJobTriggerInspectJobArgs.builder()\n .inspectTemplateName(\"fake\")\n .actions(PreventionJobTriggerInspectJobActionArgs.builder()\n .saveFindings(PreventionJobTriggerInspectJobActionSaveFindingsArgs.builder()\n .outputConfig(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs.builder()\n .table(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs.builder()\n .projectId(\"project\")\n .datasetId(\"dataset\")\n .build())\n .build())\n .build())\n .build())\n .storageConfig(PreventionJobTriggerInspectJobStorageConfigArgs.builder()\n .bigQueryOptions(PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsArgs.builder()\n .tableReference(PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsTableReferenceArgs.builder()\n .projectId(\"project\")\n .datasetId(\"dataset\")\n .tableId(\"table_to_scan\")\n .build())\n .rowsLimit(1000)\n .sampleMethod(\"RANDOM_START\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bigqueryRowLimit:\n type: gcp:dataloss:PreventionJobTrigger\n name: bigquery_row_limit\n properties:\n parent: projects/my-project-name\n description: Description\n displayName: Displayname\n triggers:\n - schedule:\n recurrencePeriodDuration: 86400s\n inspectJob:\n inspectTemplateName: fake\n actions:\n - saveFindings:\n outputConfig:\n table:\n projectId: project\n datasetId: dataset\n storageConfig:\n bigQueryOptions:\n tableReference:\n projectId: project\n datasetId: dataset\n tableId: table_to_scan\n rowsLimit: 1000\n sampleMethod: RANDOM_START\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dlp Job Trigger Bigquery Row Limit Percentage\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst bigqueryRowLimitPercentage = new gcp.dataloss.PreventionJobTrigger(\"bigquery_row_limit_percentage\", {\n parent: \"projects/my-project-name\",\n description: \"Description\",\n displayName: \"Displayname\",\n triggers: [{\n schedule: {\n recurrencePeriodDuration: \"86400s\",\n },\n }],\n inspectJob: {\n inspectTemplateName: \"fake\",\n actions: [{\n saveFindings: {\n outputConfig: {\n table: {\n projectId: \"project\",\n datasetId: \"dataset\",\n },\n },\n },\n }],\n storageConfig: {\n bigQueryOptions: {\n tableReference: {\n projectId: \"project\",\n datasetId: \"dataset\",\n tableId: \"table_to_scan\",\n },\n rowsLimitPercent: 50,\n sampleMethod: \"RANDOM_START\",\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbigquery_row_limit_percentage = gcp.dataloss.PreventionJobTrigger(\"bigquery_row_limit_percentage\",\n parent=\"projects/my-project-name\",\n description=\"Description\",\n display_name=\"Displayname\",\n triggers=[{\n \"schedule\": {\n \"recurrence_period_duration\": \"86400s\",\n },\n }],\n inspect_job={\n \"inspect_template_name\": \"fake\",\n \"actions\": [{\n \"save_findings\": {\n \"output_config\": {\n \"table\": {\n \"project_id\": \"project\",\n \"dataset_id\": \"dataset\",\n },\n },\n },\n }],\n \"storage_config\": {\n \"big_query_options\": {\n \"table_reference\": {\n \"project_id\": \"project\",\n \"dataset_id\": \"dataset\",\n \"table_id\": \"table_to_scan\",\n },\n \"rows_limit_percent\": 50,\n \"sample_method\": \"RANDOM_START\",\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bigqueryRowLimitPercentage = new Gcp.DataLoss.PreventionJobTrigger(\"bigquery_row_limit_percentage\", new()\n {\n Parent = \"projects/my-project-name\",\n Description = \"Description\",\n DisplayName = \"Displayname\",\n Triggers = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerArgs\n {\n Schedule = new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerScheduleArgs\n {\n RecurrencePeriodDuration = \"86400s\",\n },\n },\n },\n InspectJob = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobArgs\n {\n InspectTemplateName = \"fake\",\n Actions = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionArgs\n {\n SaveFindings = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsArgs\n {\n OutputConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs\n {\n Table = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs\n {\n ProjectId = \"project\",\n DatasetId = \"dataset\",\n },\n },\n },\n },\n },\n StorageConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigArgs\n {\n BigQueryOptions = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsArgs\n {\n TableReference = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsTableReferenceArgs\n {\n ProjectId = \"project\",\n DatasetId = \"dataset\",\n TableId = \"table_to_scan\",\n },\n RowsLimitPercent = 50,\n SampleMethod = \"RANDOM_START\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataloss\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataloss.NewPreventionJobTrigger(ctx, \"bigquery_row_limit_percentage\", \u0026dataloss.PreventionJobTriggerArgs{\n\t\t\tParent: pulumi.String(\"projects/my-project-name\"),\n\t\t\tDescription: pulumi.String(\"Description\"),\n\t\t\tDisplayName: pulumi.String(\"Displayname\"),\n\t\t\tTriggers: dataloss.PreventionJobTriggerTriggerArray{\n\t\t\t\t\u0026dataloss.PreventionJobTriggerTriggerArgs{\n\t\t\t\t\tSchedule: \u0026dataloss.PreventionJobTriggerTriggerScheduleArgs{\n\t\t\t\t\t\tRecurrencePeriodDuration: pulumi.String(\"86400s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tInspectJob: \u0026dataloss.PreventionJobTriggerInspectJobArgs{\n\t\t\t\tInspectTemplateName: pulumi.String(\"fake\"),\n\t\t\t\tActions: dataloss.PreventionJobTriggerInspectJobActionArray{\n\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobActionArgs{\n\t\t\t\t\t\tSaveFindings: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsArgs{\n\t\t\t\t\t\t\tOutputConfig: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs{\n\t\t\t\t\t\t\t\tTable: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs{\n\t\t\t\t\t\t\t\t\tProjectId: pulumi.String(\"project\"),\n\t\t\t\t\t\t\t\t\tDatasetId: pulumi.String(\"dataset\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tStorageConfig: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigArgs{\n\t\t\t\t\tBigQueryOptions: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsArgs{\n\t\t\t\t\t\tTableReference: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsTableReferenceArgs{\n\t\t\t\t\t\t\tProjectId: pulumi.String(\"project\"),\n\t\t\t\t\t\t\tDatasetId: pulumi.String(\"dataset\"),\n\t\t\t\t\t\t\tTableId: pulumi.String(\"table_to_scan\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tRowsLimitPercent: pulumi.Int(50),\n\t\t\t\t\t\tSampleMethod: pulumi.String(\"RANDOM_START\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataloss.PreventionJobTrigger;\nimport com.pulumi.gcp.dataloss.PreventionJobTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerScheduleArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsTableReferenceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bigqueryRowLimitPercentage = new PreventionJobTrigger(\"bigqueryRowLimitPercentage\", PreventionJobTriggerArgs.builder()\n .parent(\"projects/my-project-name\")\n .description(\"Description\")\n .displayName(\"Displayname\")\n .triggers(PreventionJobTriggerTriggerArgs.builder()\n .schedule(PreventionJobTriggerTriggerScheduleArgs.builder()\n .recurrencePeriodDuration(\"86400s\")\n .build())\n .build())\n .inspectJob(PreventionJobTriggerInspectJobArgs.builder()\n .inspectTemplateName(\"fake\")\n .actions(PreventionJobTriggerInspectJobActionArgs.builder()\n .saveFindings(PreventionJobTriggerInspectJobActionSaveFindingsArgs.builder()\n .outputConfig(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs.builder()\n .table(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs.builder()\n .projectId(\"project\")\n .datasetId(\"dataset\")\n .build())\n .build())\n .build())\n .build())\n .storageConfig(PreventionJobTriggerInspectJobStorageConfigArgs.builder()\n .bigQueryOptions(PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsArgs.builder()\n .tableReference(PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsTableReferenceArgs.builder()\n .projectId(\"project\")\n .datasetId(\"dataset\")\n .tableId(\"table_to_scan\")\n .build())\n .rowsLimitPercent(50)\n .sampleMethod(\"RANDOM_START\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bigqueryRowLimitPercentage:\n type: gcp:dataloss:PreventionJobTrigger\n name: bigquery_row_limit_percentage\n properties:\n parent: projects/my-project-name\n description: Description\n displayName: Displayname\n triggers:\n - schedule:\n recurrencePeriodDuration: 86400s\n inspectJob:\n inspectTemplateName: fake\n actions:\n - saveFindings:\n outputConfig:\n table:\n projectId: project\n datasetId: dataset\n storageConfig:\n bigQueryOptions:\n tableReference:\n projectId: project\n datasetId: dataset\n tableId: table_to_scan\n rowsLimitPercent: 50\n sampleMethod: RANDOM_START\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dlp Job Trigger Job Notification Emails\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst jobNotificationEmails = new gcp.dataloss.PreventionJobTrigger(\"job_notification_emails\", {\n parent: \"projects/my-project-name\",\n description: \"Description for the job_trigger created by terraform\",\n displayName: \"TerraformDisplayName\",\n triggers: [{\n schedule: {\n recurrencePeriodDuration: \"86400s\",\n },\n }],\n inspectJob: {\n inspectTemplateName: \"sample-inspect-template\",\n actions: [{\n jobNotificationEmails: {},\n }],\n storageConfig: {\n cloudStorageOptions: {\n fileSet: {\n url: \"gs://mybucket/directory/\",\n },\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\njob_notification_emails = gcp.dataloss.PreventionJobTrigger(\"job_notification_emails\",\n parent=\"projects/my-project-name\",\n description=\"Description for the job_trigger created by terraform\",\n display_name=\"TerraformDisplayName\",\n triggers=[{\n \"schedule\": {\n \"recurrence_period_duration\": \"86400s\",\n },\n }],\n inspect_job={\n \"inspect_template_name\": \"sample-inspect-template\",\n \"actions\": [{\n \"job_notification_emails\": {},\n }],\n \"storage_config\": {\n \"cloud_storage_options\": {\n \"file_set\": {\n \"url\": \"gs://mybucket/directory/\",\n },\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var jobNotificationEmails = new Gcp.DataLoss.PreventionJobTrigger(\"job_notification_emails\", new()\n {\n Parent = \"projects/my-project-name\",\n Description = \"Description for the job_trigger created by terraform\",\n DisplayName = \"TerraformDisplayName\",\n Triggers = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerArgs\n {\n Schedule = new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerScheduleArgs\n {\n RecurrencePeriodDuration = \"86400s\",\n },\n },\n },\n InspectJob = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobArgs\n {\n InspectTemplateName = \"sample-inspect-template\",\n Actions = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionArgs\n {\n JobNotificationEmails = null,\n },\n },\n StorageConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigArgs\n {\n CloudStorageOptions = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs\n {\n FileSet = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs\n {\n Url = \"gs://mybucket/directory/\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataloss\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataloss.NewPreventionJobTrigger(ctx, \"job_notification_emails\", \u0026dataloss.PreventionJobTriggerArgs{\n\t\t\tParent: pulumi.String(\"projects/my-project-name\"),\n\t\t\tDescription: pulumi.String(\"Description for the job_trigger created by terraform\"),\n\t\t\tDisplayName: pulumi.String(\"TerraformDisplayName\"),\n\t\t\tTriggers: dataloss.PreventionJobTriggerTriggerArray{\n\t\t\t\t\u0026dataloss.PreventionJobTriggerTriggerArgs{\n\t\t\t\t\tSchedule: \u0026dataloss.PreventionJobTriggerTriggerScheduleArgs{\n\t\t\t\t\t\tRecurrencePeriodDuration: pulumi.String(\"86400s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tInspectJob: \u0026dataloss.PreventionJobTriggerInspectJobArgs{\n\t\t\t\tInspectTemplateName: pulumi.String(\"sample-inspect-template\"),\n\t\t\t\tActions: dataloss.PreventionJobTriggerInspectJobActionArray{\n\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobActionArgs{\n\t\t\t\t\t\tJobNotificationEmails: \u0026dataloss.PreventionJobTriggerInspectJobActionJobNotificationEmailsArgs{},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tStorageConfig: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigArgs{\n\t\t\t\t\tCloudStorageOptions: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs{\n\t\t\t\t\t\tFileSet: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs{\n\t\t\t\t\t\t\tUrl: pulumi.String(\"gs://mybucket/directory/\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataloss.PreventionJobTrigger;\nimport com.pulumi.gcp.dataloss.PreventionJobTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerScheduleArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var jobNotificationEmails = new PreventionJobTrigger(\"jobNotificationEmails\", PreventionJobTriggerArgs.builder()\n .parent(\"projects/my-project-name\")\n .description(\"Description for the job_trigger created by terraform\")\n .displayName(\"TerraformDisplayName\")\n .triggers(PreventionJobTriggerTriggerArgs.builder()\n .schedule(PreventionJobTriggerTriggerScheduleArgs.builder()\n .recurrencePeriodDuration(\"86400s\")\n .build())\n .build())\n .inspectJob(PreventionJobTriggerInspectJobArgs.builder()\n .inspectTemplateName(\"sample-inspect-template\")\n .actions(PreventionJobTriggerInspectJobActionArgs.builder()\n .jobNotificationEmails()\n .build())\n .storageConfig(PreventionJobTriggerInspectJobStorageConfigArgs.builder()\n .cloudStorageOptions(PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs.builder()\n .fileSet(PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs.builder()\n .url(\"gs://mybucket/directory/\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n jobNotificationEmails:\n type: gcp:dataloss:PreventionJobTrigger\n name: job_notification_emails\n properties:\n parent: projects/my-project-name\n description: Description for the job_trigger created by terraform\n displayName: TerraformDisplayName\n triggers:\n - schedule:\n recurrencePeriodDuration: 86400s\n inspectJob:\n inspectTemplateName: sample-inspect-template\n actions:\n - jobNotificationEmails: {}\n storageConfig:\n cloudStorageOptions:\n fileSet:\n url: gs://mybucket/directory/\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dlp Job Trigger Deidentify\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.bigquery.Dataset(\"default\", {\n datasetId: \"tf_test\",\n friendlyName: \"terraform-test\",\n description: \"Description for the dataset created by terraform\",\n location: \"US\",\n defaultTableExpirationMs: 3600000,\n labels: {\n env: \"default\",\n },\n});\nconst defaultTable = new gcp.bigquery.Table(\"default\", {\n datasetId: _default.datasetId,\n tableId: \"tf_test\",\n deletionProtection: false,\n timePartitioning: {\n type: \"DAY\",\n },\n labels: {\n env: \"default\",\n },\n schema: ` [\n {\n \"name\": \"quantity\",\n \"type\": \"NUMERIC\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The quantity\"\n },\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"Name of the object\"\n }\n ]\n`,\n});\nconst deidentify = new gcp.dataloss.PreventionJobTrigger(\"deidentify\", {\n parent: \"projects/my-project-name\",\n description: \"Description for the job_trigger created by terraform\",\n displayName: \"TerraformDisplayName\",\n triggers: [{\n schedule: {\n recurrencePeriodDuration: \"86400s\",\n },\n }],\n inspectJob: {\n inspectTemplateName: \"sample-inspect-template\",\n actions: [{\n deidentify: {\n cloudStorageOutput: \"gs://samplebucket/dir/\",\n fileTypesToTransforms: [\n \"CSV\",\n \"TSV\",\n ],\n transformationDetailsStorageConfig: {\n table: {\n projectId: \"my-project-name\",\n datasetId: _default.datasetId,\n tableId: defaultTable.tableId,\n },\n },\n transformationConfig: {\n deidentifyTemplate: \"sample-deidentify-template\",\n imageRedactTemplate: \"sample-image-redact-template\",\n structuredDeidentifyTemplate: \"sample-structured-deidentify-template\",\n },\n },\n }],\n storageConfig: {\n cloudStorageOptions: {\n fileSet: {\n url: \"gs://mybucket/directory/\",\n },\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.bigquery.Dataset(\"default\",\n dataset_id=\"tf_test\",\n friendly_name=\"terraform-test\",\n description=\"Description for the dataset created by terraform\",\n location=\"US\",\n default_table_expiration_ms=3600000,\n labels={\n \"env\": \"default\",\n })\ndefault_table = gcp.bigquery.Table(\"default\",\n dataset_id=default.dataset_id,\n table_id=\"tf_test\",\n deletion_protection=False,\n time_partitioning={\n \"type\": \"DAY\",\n },\n labels={\n \"env\": \"default\",\n },\n schema=\"\"\" [\n {\n \"name\": \"quantity\",\n \"type\": \"NUMERIC\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The quantity\"\n },\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"Name of the object\"\n }\n ]\n\"\"\")\ndeidentify = gcp.dataloss.PreventionJobTrigger(\"deidentify\",\n parent=\"projects/my-project-name\",\n description=\"Description for the job_trigger created by terraform\",\n display_name=\"TerraformDisplayName\",\n triggers=[{\n \"schedule\": {\n \"recurrence_period_duration\": \"86400s\",\n },\n }],\n inspect_job={\n \"inspect_template_name\": \"sample-inspect-template\",\n \"actions\": [{\n \"deidentify\": {\n \"cloud_storage_output\": \"gs://samplebucket/dir/\",\n \"file_types_to_transforms\": [\n \"CSV\",\n \"TSV\",\n ],\n \"transformation_details_storage_config\": {\n \"table\": {\n \"project_id\": \"my-project-name\",\n \"dataset_id\": default.dataset_id,\n \"table_id\": default_table.table_id,\n },\n },\n \"transformation_config\": {\n \"deidentify_template\": \"sample-deidentify-template\",\n \"image_redact_template\": \"sample-image-redact-template\",\n \"structured_deidentify_template\": \"sample-structured-deidentify-template\",\n },\n },\n }],\n \"storage_config\": {\n \"cloud_storage_options\": {\n \"file_set\": {\n \"url\": \"gs://mybucket/directory/\",\n },\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.BigQuery.Dataset(\"default\", new()\n {\n DatasetId = \"tf_test\",\n FriendlyName = \"terraform-test\",\n Description = \"Description for the dataset created by terraform\",\n Location = \"US\",\n DefaultTableExpirationMs = 3600000,\n Labels = \n {\n { \"env\", \"default\" },\n },\n });\n\n var defaultTable = new Gcp.BigQuery.Table(\"default\", new()\n {\n DatasetId = @default.DatasetId,\n TableId = \"tf_test\",\n DeletionProtection = false,\n TimePartitioning = new Gcp.BigQuery.Inputs.TableTimePartitioningArgs\n {\n Type = \"DAY\",\n },\n Labels = \n {\n { \"env\", \"default\" },\n },\n Schema = @\" [\n {\n \"\"name\"\": \"\"quantity\"\",\n \"\"type\"\": \"\"NUMERIC\"\",\n \"\"mode\"\": \"\"NULLABLE\"\",\n \"\"description\"\": \"\"The quantity\"\"\n },\n {\n \"\"name\"\": \"\"name\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"mode\"\": \"\"NULLABLE\"\",\n \"\"description\"\": \"\"Name of the object\"\"\n }\n ]\n\",\n });\n\n var deidentify = new Gcp.DataLoss.PreventionJobTrigger(\"deidentify\", new()\n {\n Parent = \"projects/my-project-name\",\n Description = \"Description for the job_trigger created by terraform\",\n DisplayName = \"TerraformDisplayName\",\n Triggers = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerArgs\n {\n Schedule = new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerScheduleArgs\n {\n RecurrencePeriodDuration = \"86400s\",\n },\n },\n },\n InspectJob = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobArgs\n {\n InspectTemplateName = \"sample-inspect-template\",\n Actions = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionArgs\n {\n Deidentify = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionDeidentifyArgs\n {\n CloudStorageOutput = \"gs://samplebucket/dir/\",\n FileTypesToTransforms = new[]\n {\n \"CSV\",\n \"TSV\",\n },\n TransformationDetailsStorageConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionDeidentifyTransformationDetailsStorageConfigArgs\n {\n Table = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionDeidentifyTransformationDetailsStorageConfigTableArgs\n {\n ProjectId = \"my-project-name\",\n DatasetId = @default.DatasetId,\n TableId = defaultTable.TableId,\n },\n },\n TransformationConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionDeidentifyTransformationConfigArgs\n {\n DeidentifyTemplate = \"sample-deidentify-template\",\n ImageRedactTemplate = \"sample-image-redact-template\",\n StructuredDeidentifyTemplate = \"sample-structured-deidentify-template\",\n },\n },\n },\n },\n StorageConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigArgs\n {\n CloudStorageOptions = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs\n {\n FileSet = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs\n {\n Url = \"gs://mybucket/directory/\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataloss\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewDataset(ctx, \"default\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"tf_test\"),\n\t\t\tFriendlyName: pulumi.String(\"terraform-test\"),\n\t\t\tDescription: pulumi.String(\"Description for the dataset created by terraform\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tDefaultTableExpirationMs: pulumi.Int(3600000),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"env\": pulumi.String(\"default\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTable, err := bigquery.NewTable(ctx, \"default\", \u0026bigquery.TableArgs{\n\t\t\tDatasetId: _default.DatasetId,\n\t\t\tTableId: pulumi.String(\"tf_test\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tTimePartitioning: \u0026bigquery.TableTimePartitioningArgs{\n\t\t\t\tType: pulumi.String(\"DAY\"),\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"env\": pulumi.String(\"default\"),\n\t\t\t},\n\t\t\tSchema: pulumi.String(` [\n {\n \"name\": \"quantity\",\n \"type\": \"NUMERIC\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The quantity\"\n },\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"Name of the object\"\n }\n ]\n`),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataloss.NewPreventionJobTrigger(ctx, \"deidentify\", \u0026dataloss.PreventionJobTriggerArgs{\n\t\t\tParent: pulumi.String(\"projects/my-project-name\"),\n\t\t\tDescription: pulumi.String(\"Description for the job_trigger created by terraform\"),\n\t\t\tDisplayName: pulumi.String(\"TerraformDisplayName\"),\n\t\t\tTriggers: dataloss.PreventionJobTriggerTriggerArray{\n\t\t\t\t\u0026dataloss.PreventionJobTriggerTriggerArgs{\n\t\t\t\t\tSchedule: \u0026dataloss.PreventionJobTriggerTriggerScheduleArgs{\n\t\t\t\t\t\tRecurrencePeriodDuration: pulumi.String(\"86400s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tInspectJob: \u0026dataloss.PreventionJobTriggerInspectJobArgs{\n\t\t\t\tInspectTemplateName: pulumi.String(\"sample-inspect-template\"),\n\t\t\t\tActions: dataloss.PreventionJobTriggerInspectJobActionArray{\n\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobActionArgs{\n\t\t\t\t\t\tDeidentify: \u0026dataloss.PreventionJobTriggerInspectJobActionDeidentifyArgs{\n\t\t\t\t\t\t\tCloudStorageOutput: pulumi.String(\"gs://samplebucket/dir/\"),\n\t\t\t\t\t\t\tFileTypesToTransforms: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"CSV\"),\n\t\t\t\t\t\t\t\tpulumi.String(\"TSV\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tTransformationDetailsStorageConfig: \u0026dataloss.PreventionJobTriggerInspectJobActionDeidentifyTransformationDetailsStorageConfigArgs{\n\t\t\t\t\t\t\t\tTable: \u0026dataloss.PreventionJobTriggerInspectJobActionDeidentifyTransformationDetailsStorageConfigTableArgs{\n\t\t\t\t\t\t\t\t\tProjectId: pulumi.String(\"my-project-name\"),\n\t\t\t\t\t\t\t\t\tDatasetId: _default.DatasetId,\n\t\t\t\t\t\t\t\t\tTableId: defaultTable.TableId,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tTransformationConfig: \u0026dataloss.PreventionJobTriggerInspectJobActionDeidentifyTransformationConfigArgs{\n\t\t\t\t\t\t\t\tDeidentifyTemplate: pulumi.String(\"sample-deidentify-template\"),\n\t\t\t\t\t\t\t\tImageRedactTemplate: pulumi.String(\"sample-image-redact-template\"),\n\t\t\t\t\t\t\t\tStructuredDeidentifyTemplate: pulumi.String(\"sample-structured-deidentify-template\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tStorageConfig: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigArgs{\n\t\t\t\t\tCloudStorageOptions: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs{\n\t\t\t\t\t\tFileSet: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs{\n\t\t\t\t\t\t\tUrl: pulumi.String(\"gs://mybucket/directory/\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Table;\nimport com.pulumi.gcp.bigquery.TableArgs;\nimport com.pulumi.gcp.bigquery.inputs.TableTimePartitioningArgs;\nimport com.pulumi.gcp.dataloss.PreventionJobTrigger;\nimport com.pulumi.gcp.dataloss.PreventionJobTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerScheduleArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Dataset(\"default\", DatasetArgs.builder()\n .datasetId(\"tf_test\")\n .friendlyName(\"terraform-test\")\n .description(\"Description for the dataset created by terraform\")\n .location(\"US\")\n .defaultTableExpirationMs(3600000)\n .labels(Map.of(\"env\", \"default\"))\n .build());\n\n var defaultTable = new Table(\"defaultTable\", TableArgs.builder()\n .datasetId(default_.datasetId())\n .tableId(\"tf_test\")\n .deletionProtection(false)\n .timePartitioning(TableTimePartitioningArgs.builder()\n .type(\"DAY\")\n .build())\n .labels(Map.of(\"env\", \"default\"))\n .schema(\"\"\"\n [\n {\n \"name\": \"quantity\",\n \"type\": \"NUMERIC\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The quantity\"\n },\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"Name of the object\"\n }\n ]\n \"\"\")\n .build());\n\n var deidentify = new PreventionJobTrigger(\"deidentify\", PreventionJobTriggerArgs.builder()\n .parent(\"projects/my-project-name\")\n .description(\"Description for the job_trigger created by terraform\")\n .displayName(\"TerraformDisplayName\")\n .triggers(PreventionJobTriggerTriggerArgs.builder()\n .schedule(PreventionJobTriggerTriggerScheduleArgs.builder()\n .recurrencePeriodDuration(\"86400s\")\n .build())\n .build())\n .inspectJob(PreventionJobTriggerInspectJobArgs.builder()\n .inspectTemplateName(\"sample-inspect-template\")\n .actions(PreventionJobTriggerInspectJobActionArgs.builder()\n .deidentify(PreventionJobTriggerInspectJobActionDeidentifyArgs.builder()\n .cloudStorageOutput(\"gs://samplebucket/dir/\")\n .fileTypesToTransforms( \n \"CSV\",\n \"TSV\")\n .transformationDetailsStorageConfig(PreventionJobTriggerInspectJobActionDeidentifyTransformationDetailsStorageConfigArgs.builder()\n .table(PreventionJobTriggerInspectJobActionDeidentifyTransformationDetailsStorageConfigTableArgs.builder()\n .projectId(\"my-project-name\")\n .datasetId(default_.datasetId())\n .tableId(defaultTable.tableId())\n .build())\n .build())\n .transformationConfig(PreventionJobTriggerInspectJobActionDeidentifyTransformationConfigArgs.builder()\n .deidentifyTemplate(\"sample-deidentify-template\")\n .imageRedactTemplate(\"sample-image-redact-template\")\n .structuredDeidentifyTemplate(\"sample-structured-deidentify-template\")\n .build())\n .build())\n .build())\n .storageConfig(PreventionJobTriggerInspectJobStorageConfigArgs.builder()\n .cloudStorageOptions(PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs.builder()\n .fileSet(PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs.builder()\n .url(\"gs://mybucket/directory/\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n deidentify:\n type: gcp:dataloss:PreventionJobTrigger\n properties:\n parent: projects/my-project-name\n description: Description for the job_trigger created by terraform\n displayName: TerraformDisplayName\n triggers:\n - schedule:\n recurrencePeriodDuration: 86400s\n inspectJob:\n inspectTemplateName: sample-inspect-template\n actions:\n - deidentify:\n cloudStorageOutput: gs://samplebucket/dir/\n fileTypesToTransforms:\n - CSV\n - TSV\n transformationDetailsStorageConfig:\n table:\n projectId: my-project-name\n datasetId: ${default.datasetId}\n tableId: ${defaultTable.tableId}\n transformationConfig:\n deidentifyTemplate: sample-deidentify-template\n imageRedactTemplate: sample-image-redact-template\n structuredDeidentifyTemplate: sample-structured-deidentify-template\n storageConfig:\n cloudStorageOptions:\n fileSet:\n url: gs://mybucket/directory/\n default:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: tf_test\n friendlyName: terraform-test\n description: Description for the dataset created by terraform\n location: US\n defaultTableExpirationMs: 3.6e+06\n labels:\n env: default\n defaultTable:\n type: gcp:bigquery:Table\n name: default\n properties:\n datasetId: ${default.datasetId}\n tableId: tf_test\n deletionProtection: false\n timePartitioning:\n type: DAY\n labels:\n env: default\n schema: |2\n [\n {\n \"name\": \"quantity\",\n \"type\": \"NUMERIC\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The quantity\"\n },\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"Name of the object\"\n }\n ]\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dlp Job Trigger Hybrid\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hybridTrigger = new gcp.dataloss.PreventionJobTrigger(\"hybrid_trigger\", {\n parent: \"projects/my-project-name\",\n triggers: [{\n manual: {},\n }],\n inspectJob: {\n inspectTemplateName: \"fake\",\n actions: [{\n saveFindings: {\n outputConfig: {\n table: {\n projectId: \"project\",\n datasetId: \"dataset\",\n },\n },\n },\n }],\n storageConfig: {\n hybridOptions: {\n description: \"Hybrid job trigger for data from the comments field of a table that contains customer appointment bookings\",\n requiredFindingLabelKeys: [\"appointment-bookings-comments\"],\n labels: {\n env: \"prod\",\n },\n tableOptions: {\n identifyingFields: [{\n name: \"booking_id\",\n }],\n },\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhybrid_trigger = gcp.dataloss.PreventionJobTrigger(\"hybrid_trigger\",\n parent=\"projects/my-project-name\",\n triggers=[{\n \"manual\": {},\n }],\n inspect_job={\n \"inspect_template_name\": \"fake\",\n \"actions\": [{\n \"save_findings\": {\n \"output_config\": {\n \"table\": {\n \"project_id\": \"project\",\n \"dataset_id\": \"dataset\",\n },\n },\n },\n }],\n \"storage_config\": {\n \"hybrid_options\": {\n \"description\": \"Hybrid job trigger for data from the comments field of a table that contains customer appointment bookings\",\n \"required_finding_label_keys\": [\"appointment-bookings-comments\"],\n \"labels\": {\n \"env\": \"prod\",\n },\n \"table_options\": {\n \"identifying_fields\": [{\n \"name\": \"booking_id\",\n }],\n },\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hybridTrigger = new Gcp.DataLoss.PreventionJobTrigger(\"hybrid_trigger\", new()\n {\n Parent = \"projects/my-project-name\",\n Triggers = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerArgs\n {\n Manual = null,\n },\n },\n InspectJob = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobArgs\n {\n InspectTemplateName = \"fake\",\n Actions = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionArgs\n {\n SaveFindings = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsArgs\n {\n OutputConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs\n {\n Table = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs\n {\n ProjectId = \"project\",\n DatasetId = \"dataset\",\n },\n },\n },\n },\n },\n StorageConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigArgs\n {\n HybridOptions = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigHybridOptionsArgs\n {\n Description = \"Hybrid job trigger for data from the comments field of a table that contains customer appointment bookings\",\n RequiredFindingLabelKeys = new[]\n {\n \"appointment-bookings-comments\",\n },\n Labels = \n {\n { \"env\", \"prod\" },\n },\n TableOptions = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigHybridOptionsTableOptionsArgs\n {\n IdentifyingFields = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigHybridOptionsTableOptionsIdentifyingFieldArgs\n {\n Name = \"booking_id\",\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataloss\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataloss.NewPreventionJobTrigger(ctx, \"hybrid_trigger\", \u0026dataloss.PreventionJobTriggerArgs{\n\t\t\tParent: pulumi.String(\"projects/my-project-name\"),\n\t\t\tTriggers: dataloss.PreventionJobTriggerTriggerArray{\n\t\t\t\t\u0026dataloss.PreventionJobTriggerTriggerArgs{\n\t\t\t\t\tManual: \u0026dataloss.PreventionJobTriggerTriggerManualArgs{},\n\t\t\t\t},\n\t\t\t},\n\t\t\tInspectJob: \u0026dataloss.PreventionJobTriggerInspectJobArgs{\n\t\t\t\tInspectTemplateName: pulumi.String(\"fake\"),\n\t\t\t\tActions: dataloss.PreventionJobTriggerInspectJobActionArray{\n\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobActionArgs{\n\t\t\t\t\t\tSaveFindings: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsArgs{\n\t\t\t\t\t\t\tOutputConfig: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs{\n\t\t\t\t\t\t\t\tTable: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs{\n\t\t\t\t\t\t\t\t\tProjectId: pulumi.String(\"project\"),\n\t\t\t\t\t\t\t\t\tDatasetId: pulumi.String(\"dataset\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tStorageConfig: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigArgs{\n\t\t\t\t\tHybridOptions: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigHybridOptionsArgs{\n\t\t\t\t\t\tDescription: pulumi.String(\"Hybrid job trigger for data from the comments field of a table that contains customer appointment bookings\"),\n\t\t\t\t\t\tRequiredFindingLabelKeys: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"appointment-bookings-comments\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\t\t\t\"env\": pulumi.String(\"prod\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tTableOptions: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigHybridOptionsTableOptionsArgs{\n\t\t\t\t\t\t\tIdentifyingFields: dataloss.PreventionJobTriggerInspectJobStorageConfigHybridOptionsTableOptionsIdentifyingFieldArray{\n\t\t\t\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobStorageConfigHybridOptionsTableOptionsIdentifyingFieldArgs{\n\t\t\t\t\t\t\t\t\tName: pulumi.String(\"booking_id\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataloss.PreventionJobTrigger;\nimport com.pulumi.gcp.dataloss.PreventionJobTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerManualArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigHybridOptionsArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigHybridOptionsTableOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hybridTrigger = new PreventionJobTrigger(\"hybridTrigger\", PreventionJobTriggerArgs.builder()\n .parent(\"projects/my-project-name\")\n .triggers(PreventionJobTriggerTriggerArgs.builder()\n .manual()\n .build())\n .inspectJob(PreventionJobTriggerInspectJobArgs.builder()\n .inspectTemplateName(\"fake\")\n .actions(PreventionJobTriggerInspectJobActionArgs.builder()\n .saveFindings(PreventionJobTriggerInspectJobActionSaveFindingsArgs.builder()\n .outputConfig(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs.builder()\n .table(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs.builder()\n .projectId(\"project\")\n .datasetId(\"dataset\")\n .build())\n .build())\n .build())\n .build())\n .storageConfig(PreventionJobTriggerInspectJobStorageConfigArgs.builder()\n .hybridOptions(PreventionJobTriggerInspectJobStorageConfigHybridOptionsArgs.builder()\n .description(\"Hybrid job trigger for data from the comments field of a table that contains customer appointment bookings\")\n .requiredFindingLabelKeys(\"appointment-bookings-comments\")\n .labels(Map.of(\"env\", \"prod\"))\n .tableOptions(PreventionJobTriggerInspectJobStorageConfigHybridOptionsTableOptionsArgs.builder()\n .identifyingFields(PreventionJobTriggerInspectJobStorageConfigHybridOptionsTableOptionsIdentifyingFieldArgs.builder()\n .name(\"booking_id\")\n .build())\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hybridTrigger:\n type: gcp:dataloss:PreventionJobTrigger\n name: hybrid_trigger\n properties:\n parent: projects/my-project-name\n triggers:\n - manual: {}\n inspectJob:\n inspectTemplateName: fake\n actions:\n - saveFindings:\n outputConfig:\n table:\n projectId: project\n datasetId: dataset\n storageConfig:\n hybridOptions:\n description: Hybrid job trigger for data from the comments field of a table that contains customer appointment bookings\n requiredFindingLabelKeys:\n - appointment-bookings-comments\n labels:\n env: prod\n tableOptions:\n identifyingFields:\n - name: booking_id\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dlp Job Trigger Inspect\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst inspect = new gcp.dataloss.PreventionJobTrigger(\"inspect\", {\n parent: \"projects/my-project-name\",\n description: \"Description\",\n displayName: \"Displayname\",\n triggers: [{\n schedule: {\n recurrencePeriodDuration: \"86400s\",\n },\n }],\n inspectJob: {\n inspectTemplateName: \"fake\",\n actions: [{\n saveFindings: {\n outputConfig: {\n table: {\n projectId: \"project\",\n datasetId: \"dataset\",\n },\n },\n },\n }],\n storageConfig: {\n cloudStorageOptions: {\n fileSet: {\n url: \"gs://mybucket/directory/\",\n },\n },\n },\n inspectConfig: {\n customInfoTypes: [{\n infoType: {\n name: \"MY_CUSTOM_TYPE\",\n },\n likelihood: \"UNLIKELY\",\n regex: {\n pattern: \"test*\",\n },\n }],\n infoTypes: [{\n name: \"EMAIL_ADDRESS\",\n }],\n minLikelihood: \"UNLIKELY\",\n ruleSets: [\n {\n infoTypes: [{\n name: \"EMAIL_ADDRESS\",\n }],\n rules: [{\n exclusionRule: {\n regex: {\n pattern: \".+@example.com\",\n },\n matchingType: \"MATCHING_TYPE_FULL_MATCH\",\n },\n }],\n },\n {\n infoTypes: [{\n name: \"MY_CUSTOM_TYPE\",\n }],\n rules: [{\n hotwordRule: {\n hotwordRegex: {\n pattern: \"example*\",\n },\n proximity: {\n windowBefore: 50,\n },\n likelihoodAdjustment: {\n fixedLikelihood: \"VERY_LIKELY\",\n },\n },\n }],\n },\n ],\n limits: {\n maxFindingsPerItem: 10,\n maxFindingsPerRequest: 50,\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninspect = gcp.dataloss.PreventionJobTrigger(\"inspect\",\n parent=\"projects/my-project-name\",\n description=\"Description\",\n display_name=\"Displayname\",\n triggers=[{\n \"schedule\": {\n \"recurrence_period_duration\": \"86400s\",\n },\n }],\n inspect_job={\n \"inspect_template_name\": \"fake\",\n \"actions\": [{\n \"save_findings\": {\n \"output_config\": {\n \"table\": {\n \"project_id\": \"project\",\n \"dataset_id\": \"dataset\",\n },\n },\n },\n }],\n \"storage_config\": {\n \"cloud_storage_options\": {\n \"file_set\": {\n \"url\": \"gs://mybucket/directory/\",\n },\n },\n },\n \"inspect_config\": {\n \"custom_info_types\": [{\n \"info_type\": {\n \"name\": \"MY_CUSTOM_TYPE\",\n },\n \"likelihood\": \"UNLIKELY\",\n \"regex\": {\n \"pattern\": \"test*\",\n },\n }],\n \"info_types\": [{\n \"name\": \"EMAIL_ADDRESS\",\n }],\n \"min_likelihood\": \"UNLIKELY\",\n \"rule_sets\": [\n {\n \"info_types\": [{\n \"name\": \"EMAIL_ADDRESS\",\n }],\n \"rules\": [{\n \"exclusion_rule\": {\n \"regex\": {\n \"pattern\": \".+@example.com\",\n },\n \"matching_type\": \"MATCHING_TYPE_FULL_MATCH\",\n },\n }],\n },\n {\n \"info_types\": [{\n \"name\": \"MY_CUSTOM_TYPE\",\n }],\n \"rules\": [{\n \"hotword_rule\": {\n \"hotword_regex\": {\n \"pattern\": \"example*\",\n },\n \"proximity\": {\n \"window_before\": 50,\n },\n \"likelihood_adjustment\": {\n \"fixed_likelihood\": \"VERY_LIKELY\",\n },\n },\n }],\n },\n ],\n \"limits\": {\n \"max_findings_per_item\": 10,\n \"max_findings_per_request\": 50,\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var inspect = new Gcp.DataLoss.PreventionJobTrigger(\"inspect\", new()\n {\n Parent = \"projects/my-project-name\",\n Description = \"Description\",\n DisplayName = \"Displayname\",\n Triggers = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerArgs\n {\n Schedule = new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerScheduleArgs\n {\n RecurrencePeriodDuration = \"86400s\",\n },\n },\n },\n InspectJob = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobArgs\n {\n InspectTemplateName = \"fake\",\n Actions = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionArgs\n {\n SaveFindings = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsArgs\n {\n OutputConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs\n {\n Table = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs\n {\n ProjectId = \"project\",\n DatasetId = \"dataset\",\n },\n },\n },\n },\n },\n StorageConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigArgs\n {\n CloudStorageOptions = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs\n {\n FileSet = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs\n {\n Url = \"gs://mybucket/directory/\",\n },\n },\n },\n InspectConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigArgs\n {\n CustomInfoTypes = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigCustomInfoTypeArgs\n {\n InfoType = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigCustomInfoTypeInfoTypeArgs\n {\n Name = \"MY_CUSTOM_TYPE\",\n },\n Likelihood = \"UNLIKELY\",\n Regex = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigCustomInfoTypeRegexArgs\n {\n Pattern = \"test*\",\n },\n },\n },\n InfoTypes = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigInfoTypeArgs\n {\n Name = \"EMAIL_ADDRESS\",\n },\n },\n MinLikelihood = \"UNLIKELY\",\n RuleSets = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigRuleSetArgs\n {\n InfoTypes = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigRuleSetInfoTypeArgs\n {\n Name = \"EMAIL_ADDRESS\",\n },\n },\n Rules = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleArgs\n {\n ExclusionRule = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleExclusionRuleArgs\n {\n Regex = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleExclusionRuleRegexArgs\n {\n Pattern = \".+@example.com\",\n },\n MatchingType = \"MATCHING_TYPE_FULL_MATCH\",\n },\n },\n },\n },\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigRuleSetArgs\n {\n InfoTypes = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigRuleSetInfoTypeArgs\n {\n Name = \"MY_CUSTOM_TYPE\",\n },\n },\n Rules = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleArgs\n {\n HotwordRule = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleHotwordRuleArgs\n {\n HotwordRegex = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleHotwordRuleHotwordRegexArgs\n {\n Pattern = \"example*\",\n },\n Proximity = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleHotwordRuleProximityArgs\n {\n WindowBefore = 50,\n },\n LikelihoodAdjustment = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleHotwordRuleLikelihoodAdjustmentArgs\n {\n FixedLikelihood = \"VERY_LIKELY\",\n },\n },\n },\n },\n },\n },\n Limits = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobInspectConfigLimitsArgs\n {\n MaxFindingsPerItem = 10,\n MaxFindingsPerRequest = 50,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataloss\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataloss.NewPreventionJobTrigger(ctx, \"inspect\", \u0026dataloss.PreventionJobTriggerArgs{\n\t\t\tParent: pulumi.String(\"projects/my-project-name\"),\n\t\t\tDescription: pulumi.String(\"Description\"),\n\t\t\tDisplayName: pulumi.String(\"Displayname\"),\n\t\t\tTriggers: dataloss.PreventionJobTriggerTriggerArray{\n\t\t\t\t\u0026dataloss.PreventionJobTriggerTriggerArgs{\n\t\t\t\t\tSchedule: \u0026dataloss.PreventionJobTriggerTriggerScheduleArgs{\n\t\t\t\t\t\tRecurrencePeriodDuration: pulumi.String(\"86400s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tInspectJob: \u0026dataloss.PreventionJobTriggerInspectJobArgs{\n\t\t\t\tInspectTemplateName: pulumi.String(\"fake\"),\n\t\t\t\tActions: dataloss.PreventionJobTriggerInspectJobActionArray{\n\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobActionArgs{\n\t\t\t\t\t\tSaveFindings: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsArgs{\n\t\t\t\t\t\t\tOutputConfig: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs{\n\t\t\t\t\t\t\t\tTable: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs{\n\t\t\t\t\t\t\t\t\tProjectId: pulumi.String(\"project\"),\n\t\t\t\t\t\t\t\t\tDatasetId: pulumi.String(\"dataset\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tStorageConfig: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigArgs{\n\t\t\t\t\tCloudStorageOptions: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs{\n\t\t\t\t\t\tFileSet: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs{\n\t\t\t\t\t\t\tUrl: pulumi.String(\"gs://mybucket/directory/\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tInspectConfig: \u0026dataloss.PreventionJobTriggerInspectJobInspectConfigArgs{\n\t\t\t\t\tCustomInfoTypes: dataloss.PreventionJobTriggerInspectJobInspectConfigCustomInfoTypeArray{\n\t\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobInspectConfigCustomInfoTypeArgs{\n\t\t\t\t\t\t\tInfoType: \u0026dataloss.PreventionJobTriggerInspectJobInspectConfigCustomInfoTypeInfoTypeArgs{\n\t\t\t\t\t\t\t\tName: pulumi.String(\"MY_CUSTOM_TYPE\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tLikelihood: pulumi.String(\"UNLIKELY\"),\n\t\t\t\t\t\t\tRegex: \u0026dataloss.PreventionJobTriggerInspectJobInspectConfigCustomInfoTypeRegexArgs{\n\t\t\t\t\t\t\t\tPattern: pulumi.String(\"test*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tInfoTypes: dataloss.PreventionJobTriggerInspectJobInspectConfigInfoTypeArray{\n\t\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobInspectConfigInfoTypeArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"EMAIL_ADDRESS\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tMinLikelihood: pulumi.String(\"UNLIKELY\"),\n\t\t\t\t\tRuleSets: dataloss.PreventionJobTriggerInspectJobInspectConfigRuleSetArray{\n\t\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobInspectConfigRuleSetArgs{\n\t\t\t\t\t\t\tInfoTypes: dataloss.PreventionJobTriggerInspectJobInspectConfigRuleSetInfoTypeArray{\n\t\t\t\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobInspectConfigRuleSetInfoTypeArgs{\n\t\t\t\t\t\t\t\t\tName: pulumi.String(\"EMAIL_ADDRESS\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tRules: dataloss.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleArray{\n\t\t\t\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleArgs{\n\t\t\t\t\t\t\t\t\tExclusionRule: \u0026dataloss.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleExclusionRuleArgs{\n\t\t\t\t\t\t\t\t\t\tRegex: \u0026dataloss.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleExclusionRuleRegexArgs{\n\t\t\t\t\t\t\t\t\t\t\tPattern: pulumi.String(\".+@example.com\"),\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tMatchingType: pulumi.String(\"MATCHING_TYPE_FULL_MATCH\"),\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobInspectConfigRuleSetArgs{\n\t\t\t\t\t\t\tInfoTypes: dataloss.PreventionJobTriggerInspectJobInspectConfigRuleSetInfoTypeArray{\n\t\t\t\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobInspectConfigRuleSetInfoTypeArgs{\n\t\t\t\t\t\t\t\t\tName: pulumi.String(\"MY_CUSTOM_TYPE\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tRules: dataloss.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleArray{\n\t\t\t\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleArgs{\n\t\t\t\t\t\t\t\t\tHotwordRule: \u0026dataloss.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleHotwordRuleArgs{\n\t\t\t\t\t\t\t\t\t\tHotwordRegex: \u0026dataloss.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleHotwordRuleHotwordRegexArgs{\n\t\t\t\t\t\t\t\t\t\t\tPattern: pulumi.String(\"example*\"),\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tProximity: \u0026dataloss.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleHotwordRuleProximityArgs{\n\t\t\t\t\t\t\t\t\t\t\tWindowBefore: pulumi.Int(50),\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tLikelihoodAdjustment: \u0026dataloss.PreventionJobTriggerInspectJobInspectConfigRuleSetRuleHotwordRuleLikelihoodAdjustmentArgs{\n\t\t\t\t\t\t\t\t\t\t\tFixedLikelihood: pulumi.String(\"VERY_LIKELY\"),\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tLimits: \u0026dataloss.PreventionJobTriggerInspectJobInspectConfigLimitsArgs{\n\t\t\t\t\t\tMaxFindingsPerItem: pulumi.Int(10),\n\t\t\t\t\t\tMaxFindingsPerRequest: pulumi.Int(50),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataloss.PreventionJobTrigger;\nimport com.pulumi.gcp.dataloss.PreventionJobTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerScheduleArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobInspectConfigArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobInspectConfigLimitsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var inspect = new PreventionJobTrigger(\"inspect\", PreventionJobTriggerArgs.builder()\n .parent(\"projects/my-project-name\")\n .description(\"Description\")\n .displayName(\"Displayname\")\n .triggers(PreventionJobTriggerTriggerArgs.builder()\n .schedule(PreventionJobTriggerTriggerScheduleArgs.builder()\n .recurrencePeriodDuration(\"86400s\")\n .build())\n .build())\n .inspectJob(PreventionJobTriggerInspectJobArgs.builder()\n .inspectTemplateName(\"fake\")\n .actions(PreventionJobTriggerInspectJobActionArgs.builder()\n .saveFindings(PreventionJobTriggerInspectJobActionSaveFindingsArgs.builder()\n .outputConfig(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs.builder()\n .table(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs.builder()\n .projectId(\"project\")\n .datasetId(\"dataset\")\n .build())\n .build())\n .build())\n .build())\n .storageConfig(PreventionJobTriggerInspectJobStorageConfigArgs.builder()\n .cloudStorageOptions(PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs.builder()\n .fileSet(PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs.builder()\n .url(\"gs://mybucket/directory/\")\n .build())\n .build())\n .build())\n .inspectConfig(PreventionJobTriggerInspectJobInspectConfigArgs.builder()\n .customInfoTypes(PreventionJobTriggerInspectJobInspectConfigCustomInfoTypeArgs.builder()\n .infoType(PreventionJobTriggerInspectJobInspectConfigCustomInfoTypeInfoTypeArgs.builder()\n .name(\"MY_CUSTOM_TYPE\")\n .build())\n .likelihood(\"UNLIKELY\")\n .regex(PreventionJobTriggerInspectJobInspectConfigCustomInfoTypeRegexArgs.builder()\n .pattern(\"test*\")\n .build())\n .build())\n .infoTypes(PreventionJobTriggerInspectJobInspectConfigInfoTypeArgs.builder()\n .name(\"EMAIL_ADDRESS\")\n .build())\n .minLikelihood(\"UNLIKELY\")\n .ruleSets( \n PreventionJobTriggerInspectJobInspectConfigRuleSetArgs.builder()\n .infoTypes(PreventionJobTriggerInspectJobInspectConfigRuleSetInfoTypeArgs.builder()\n .name(\"EMAIL_ADDRESS\")\n .build())\n .rules(PreventionJobTriggerInspectJobInspectConfigRuleSetRuleArgs.builder()\n .exclusionRule(PreventionJobTriggerInspectJobInspectConfigRuleSetRuleExclusionRuleArgs.builder()\n .regex(PreventionJobTriggerInspectJobInspectConfigRuleSetRuleExclusionRuleRegexArgs.builder()\n .pattern(\".+@example.com\")\n .build())\n .matchingType(\"MATCHING_TYPE_FULL_MATCH\")\n .build())\n .build())\n .build(),\n PreventionJobTriggerInspectJobInspectConfigRuleSetArgs.builder()\n .infoTypes(PreventionJobTriggerInspectJobInspectConfigRuleSetInfoTypeArgs.builder()\n .name(\"MY_CUSTOM_TYPE\")\n .build())\n .rules(PreventionJobTriggerInspectJobInspectConfigRuleSetRuleArgs.builder()\n .hotwordRule(PreventionJobTriggerInspectJobInspectConfigRuleSetRuleHotwordRuleArgs.builder()\n .hotwordRegex(PreventionJobTriggerInspectJobInspectConfigRuleSetRuleHotwordRuleHotwordRegexArgs.builder()\n .pattern(\"example*\")\n .build())\n .proximity(PreventionJobTriggerInspectJobInspectConfigRuleSetRuleHotwordRuleProximityArgs.builder()\n .windowBefore(50)\n .build())\n .likelihoodAdjustment(PreventionJobTriggerInspectJobInspectConfigRuleSetRuleHotwordRuleLikelihoodAdjustmentArgs.builder()\n .fixedLikelihood(\"VERY_LIKELY\")\n .build())\n .build())\n .build())\n .build())\n .limits(PreventionJobTriggerInspectJobInspectConfigLimitsArgs.builder()\n .maxFindingsPerItem(10)\n .maxFindingsPerRequest(50)\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n inspect:\n type: gcp:dataloss:PreventionJobTrigger\n properties:\n parent: projects/my-project-name\n description: Description\n displayName: Displayname\n triggers:\n - schedule:\n recurrencePeriodDuration: 86400s\n inspectJob:\n inspectTemplateName: fake\n actions:\n - saveFindings:\n outputConfig:\n table:\n projectId: project\n datasetId: dataset\n storageConfig:\n cloudStorageOptions:\n fileSet:\n url: gs://mybucket/directory/\n inspectConfig:\n customInfoTypes:\n - infoType:\n name: MY_CUSTOM_TYPE\n likelihood: UNLIKELY\n regex:\n pattern: test*\n infoTypes:\n - name: EMAIL_ADDRESS\n minLikelihood: UNLIKELY\n ruleSets:\n - infoTypes:\n - name: EMAIL_ADDRESS\n rules:\n - exclusionRule:\n regex:\n pattern: .+@example.com\n matchingType: MATCHING_TYPE_FULL_MATCH\n - infoTypes:\n - name: MY_CUSTOM_TYPE\n rules:\n - hotwordRule:\n hotwordRegex:\n pattern: example*\n proximity:\n windowBefore: 50\n likelihoodAdjustment:\n fixedLikelihood: VERY_LIKELY\n limits:\n maxFindingsPerItem: 10\n maxFindingsPerRequest: 50\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dlp Job Trigger Publish To Stackdriver\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst publishToStackdriver = new gcp.dataloss.PreventionJobTrigger(\"publish_to_stackdriver\", {\n parent: \"projects/my-project-name\",\n description: \"Description for the job_trigger created by terraform\",\n displayName: \"TerraformDisplayName\",\n triggers: [{\n schedule: {\n recurrencePeriodDuration: \"86400s\",\n },\n }],\n inspectJob: {\n inspectTemplateName: \"sample-inspect-template\",\n actions: [{\n publishToStackdriver: {},\n }],\n storageConfig: {\n cloudStorageOptions: {\n fileSet: {\n url: \"gs://mybucket/directory/\",\n },\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npublish_to_stackdriver = gcp.dataloss.PreventionJobTrigger(\"publish_to_stackdriver\",\n parent=\"projects/my-project-name\",\n description=\"Description for the job_trigger created by terraform\",\n display_name=\"TerraformDisplayName\",\n triggers=[{\n \"schedule\": {\n \"recurrence_period_duration\": \"86400s\",\n },\n }],\n inspect_job={\n \"inspect_template_name\": \"sample-inspect-template\",\n \"actions\": [{\n \"publish_to_stackdriver\": {},\n }],\n \"storage_config\": {\n \"cloud_storage_options\": {\n \"file_set\": {\n \"url\": \"gs://mybucket/directory/\",\n },\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var publishToStackdriver = new Gcp.DataLoss.PreventionJobTrigger(\"publish_to_stackdriver\", new()\n {\n Parent = \"projects/my-project-name\",\n Description = \"Description for the job_trigger created by terraform\",\n DisplayName = \"TerraformDisplayName\",\n Triggers = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerArgs\n {\n Schedule = new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerScheduleArgs\n {\n RecurrencePeriodDuration = \"86400s\",\n },\n },\n },\n InspectJob = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobArgs\n {\n InspectTemplateName = \"sample-inspect-template\",\n Actions = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionArgs\n {\n PublishToStackdriver = null,\n },\n },\n StorageConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigArgs\n {\n CloudStorageOptions = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs\n {\n FileSet = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs\n {\n Url = \"gs://mybucket/directory/\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataloss\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataloss.NewPreventionJobTrigger(ctx, \"publish_to_stackdriver\", \u0026dataloss.PreventionJobTriggerArgs{\n\t\t\tParent: pulumi.String(\"projects/my-project-name\"),\n\t\t\tDescription: pulumi.String(\"Description for the job_trigger created by terraform\"),\n\t\t\tDisplayName: pulumi.String(\"TerraformDisplayName\"),\n\t\t\tTriggers: dataloss.PreventionJobTriggerTriggerArray{\n\t\t\t\t\u0026dataloss.PreventionJobTriggerTriggerArgs{\n\t\t\t\t\tSchedule: \u0026dataloss.PreventionJobTriggerTriggerScheduleArgs{\n\t\t\t\t\t\tRecurrencePeriodDuration: pulumi.String(\"86400s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tInspectJob: \u0026dataloss.PreventionJobTriggerInspectJobArgs{\n\t\t\t\tInspectTemplateName: pulumi.String(\"sample-inspect-template\"),\n\t\t\t\tActions: dataloss.PreventionJobTriggerInspectJobActionArray{\n\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobActionArgs{\n\t\t\t\t\t\tPublishToStackdriver: \u0026dataloss.PreventionJobTriggerInspectJobActionPublishToStackdriverArgs{},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tStorageConfig: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigArgs{\n\t\t\t\t\tCloudStorageOptions: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs{\n\t\t\t\t\t\tFileSet: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs{\n\t\t\t\t\t\t\tUrl: pulumi.String(\"gs://mybucket/directory/\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataloss.PreventionJobTrigger;\nimport com.pulumi.gcp.dataloss.PreventionJobTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerScheduleArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var publishToStackdriver = new PreventionJobTrigger(\"publishToStackdriver\", PreventionJobTriggerArgs.builder()\n .parent(\"projects/my-project-name\")\n .description(\"Description for the job_trigger created by terraform\")\n .displayName(\"TerraformDisplayName\")\n .triggers(PreventionJobTriggerTriggerArgs.builder()\n .schedule(PreventionJobTriggerTriggerScheduleArgs.builder()\n .recurrencePeriodDuration(\"86400s\")\n .build())\n .build())\n .inspectJob(PreventionJobTriggerInspectJobArgs.builder()\n .inspectTemplateName(\"sample-inspect-template\")\n .actions(PreventionJobTriggerInspectJobActionArgs.builder()\n .publishToStackdriver()\n .build())\n .storageConfig(PreventionJobTriggerInspectJobStorageConfigArgs.builder()\n .cloudStorageOptions(PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs.builder()\n .fileSet(PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs.builder()\n .url(\"gs://mybucket/directory/\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n publishToStackdriver:\n type: gcp:dataloss:PreventionJobTrigger\n name: publish_to_stackdriver\n properties:\n parent: projects/my-project-name\n description: Description for the job_trigger created by terraform\n displayName: TerraformDisplayName\n triggers:\n - schedule:\n recurrencePeriodDuration: 86400s\n inspectJob:\n inspectTemplateName: sample-inspect-template\n actions:\n - publishToStackdriver: {}\n storageConfig:\n cloudStorageOptions:\n fileSet:\n url: gs://mybucket/directory/\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dlp Job Trigger With Id\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst withTriggerId = new gcp.dataloss.PreventionJobTrigger(\"with_trigger_id\", {\n parent: \"projects/my-project-name\",\n description: \"Starting description\",\n displayName: \"display\",\n triggerId: \"id-\",\n triggers: [{\n schedule: {\n recurrencePeriodDuration: \"86400s\",\n },\n }],\n inspectJob: {\n inspectTemplateName: \"fake\",\n actions: [{\n saveFindings: {\n outputConfig: {\n table: {\n projectId: \"project\",\n datasetId: \"dataset123\",\n },\n },\n },\n }],\n storageConfig: {\n cloudStorageOptions: {\n fileSet: {\n url: \"gs://mybucket/directory/\",\n },\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nwith_trigger_id = gcp.dataloss.PreventionJobTrigger(\"with_trigger_id\",\n parent=\"projects/my-project-name\",\n description=\"Starting description\",\n display_name=\"display\",\n trigger_id=\"id-\",\n triggers=[{\n \"schedule\": {\n \"recurrence_period_duration\": \"86400s\",\n },\n }],\n inspect_job={\n \"inspect_template_name\": \"fake\",\n \"actions\": [{\n \"save_findings\": {\n \"output_config\": {\n \"table\": {\n \"project_id\": \"project\",\n \"dataset_id\": \"dataset123\",\n },\n },\n },\n }],\n \"storage_config\": {\n \"cloud_storage_options\": {\n \"file_set\": {\n \"url\": \"gs://mybucket/directory/\",\n },\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var withTriggerId = new Gcp.DataLoss.PreventionJobTrigger(\"with_trigger_id\", new()\n {\n Parent = \"projects/my-project-name\",\n Description = \"Starting description\",\n DisplayName = \"display\",\n TriggerId = \"id-\",\n Triggers = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerArgs\n {\n Schedule = new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerScheduleArgs\n {\n RecurrencePeriodDuration = \"86400s\",\n },\n },\n },\n InspectJob = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobArgs\n {\n InspectTemplateName = \"fake\",\n Actions = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionArgs\n {\n SaveFindings = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsArgs\n {\n OutputConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs\n {\n Table = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs\n {\n ProjectId = \"project\",\n DatasetId = \"dataset123\",\n },\n },\n },\n },\n },\n StorageConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigArgs\n {\n CloudStorageOptions = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs\n {\n FileSet = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs\n {\n Url = \"gs://mybucket/directory/\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataloss\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataloss.NewPreventionJobTrigger(ctx, \"with_trigger_id\", \u0026dataloss.PreventionJobTriggerArgs{\n\t\t\tParent: pulumi.String(\"projects/my-project-name\"),\n\t\t\tDescription: pulumi.String(\"Starting description\"),\n\t\t\tDisplayName: pulumi.String(\"display\"),\n\t\t\tTriggerId: pulumi.String(\"id-\"),\n\t\t\tTriggers: dataloss.PreventionJobTriggerTriggerArray{\n\t\t\t\t\u0026dataloss.PreventionJobTriggerTriggerArgs{\n\t\t\t\t\tSchedule: \u0026dataloss.PreventionJobTriggerTriggerScheduleArgs{\n\t\t\t\t\t\tRecurrencePeriodDuration: pulumi.String(\"86400s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tInspectJob: \u0026dataloss.PreventionJobTriggerInspectJobArgs{\n\t\t\t\tInspectTemplateName: pulumi.String(\"fake\"),\n\t\t\t\tActions: dataloss.PreventionJobTriggerInspectJobActionArray{\n\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobActionArgs{\n\t\t\t\t\t\tSaveFindings: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsArgs{\n\t\t\t\t\t\t\tOutputConfig: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs{\n\t\t\t\t\t\t\t\tTable: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs{\n\t\t\t\t\t\t\t\t\tProjectId: pulumi.String(\"project\"),\n\t\t\t\t\t\t\t\t\tDatasetId: pulumi.String(\"dataset123\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tStorageConfig: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigArgs{\n\t\t\t\t\tCloudStorageOptions: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs{\n\t\t\t\t\t\tFileSet: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs{\n\t\t\t\t\t\t\tUrl: pulumi.String(\"gs://mybucket/directory/\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataloss.PreventionJobTrigger;\nimport com.pulumi.gcp.dataloss.PreventionJobTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerScheduleArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var withTriggerId = new PreventionJobTrigger(\"withTriggerId\", PreventionJobTriggerArgs.builder()\n .parent(\"projects/my-project-name\")\n .description(\"Starting description\")\n .displayName(\"display\")\n .triggerId(\"id-\")\n .triggers(PreventionJobTriggerTriggerArgs.builder()\n .schedule(PreventionJobTriggerTriggerScheduleArgs.builder()\n .recurrencePeriodDuration(\"86400s\")\n .build())\n .build())\n .inspectJob(PreventionJobTriggerInspectJobArgs.builder()\n .inspectTemplateName(\"fake\")\n .actions(PreventionJobTriggerInspectJobActionArgs.builder()\n .saveFindings(PreventionJobTriggerInspectJobActionSaveFindingsArgs.builder()\n .outputConfig(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs.builder()\n .table(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs.builder()\n .projectId(\"project\")\n .datasetId(\"dataset123\")\n .build())\n .build())\n .build())\n .build())\n .storageConfig(PreventionJobTriggerInspectJobStorageConfigArgs.builder()\n .cloudStorageOptions(PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs.builder()\n .fileSet(PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs.builder()\n .url(\"gs://mybucket/directory/\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n withTriggerId:\n type: gcp:dataloss:PreventionJobTrigger\n name: with_trigger_id\n properties:\n parent: projects/my-project-name\n description: Starting description\n displayName: display\n triggerId: id-\n triggers:\n - schedule:\n recurrencePeriodDuration: 86400s\n inspectJob:\n inspectTemplateName: fake\n actions:\n - saveFindings:\n outputConfig:\n table:\n projectId: project\n datasetId: dataset123\n storageConfig:\n cloudStorageOptions:\n fileSet:\n url: gs://mybucket/directory/\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dlp Job Trigger Multiple Actions\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = new gcp.dataloss.PreventionJobTrigger(\"basic\", {\n parent: \"projects/my-project-name\",\n description: \"Description\",\n displayName: \"Displayname\",\n triggers: [{\n schedule: {\n recurrencePeriodDuration: \"86400s\",\n },\n }],\n inspectJob: {\n inspectTemplateName: \"fake\",\n actions: [\n {\n saveFindings: {\n outputConfig: {\n table: {\n projectId: \"project\",\n datasetId: \"dataset\",\n },\n },\n },\n },\n {\n pubSub: {\n topic: \"projects/project/topics/topic-name\",\n },\n },\n ],\n storageConfig: {\n cloudStorageOptions: {\n fileSet: {\n url: \"gs://mybucket/directory/\",\n },\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic = gcp.dataloss.PreventionJobTrigger(\"basic\",\n parent=\"projects/my-project-name\",\n description=\"Description\",\n display_name=\"Displayname\",\n triggers=[{\n \"schedule\": {\n \"recurrence_period_duration\": \"86400s\",\n },\n }],\n inspect_job={\n \"inspect_template_name\": \"fake\",\n \"actions\": [\n {\n \"save_findings\": {\n \"output_config\": {\n \"table\": {\n \"project_id\": \"project\",\n \"dataset_id\": \"dataset\",\n },\n },\n },\n },\n {\n \"pub_sub\": {\n \"topic\": \"projects/project/topics/topic-name\",\n },\n },\n ],\n \"storage_config\": {\n \"cloud_storage_options\": {\n \"file_set\": {\n \"url\": \"gs://mybucket/directory/\",\n },\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = new Gcp.DataLoss.PreventionJobTrigger(\"basic\", new()\n {\n Parent = \"projects/my-project-name\",\n Description = \"Description\",\n DisplayName = \"Displayname\",\n Triggers = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerArgs\n {\n Schedule = new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerScheduleArgs\n {\n RecurrencePeriodDuration = \"86400s\",\n },\n },\n },\n InspectJob = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobArgs\n {\n InspectTemplateName = \"fake\",\n Actions = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionArgs\n {\n SaveFindings = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsArgs\n {\n OutputConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs\n {\n Table = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs\n {\n ProjectId = \"project\",\n DatasetId = \"dataset\",\n },\n },\n },\n },\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionArgs\n {\n PubSub = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionPubSubArgs\n {\n Topic = \"projects/project/topics/topic-name\",\n },\n },\n },\n StorageConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigArgs\n {\n CloudStorageOptions = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs\n {\n FileSet = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs\n {\n Url = \"gs://mybucket/directory/\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataloss\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataloss.NewPreventionJobTrigger(ctx, \"basic\", \u0026dataloss.PreventionJobTriggerArgs{\n\t\t\tParent: pulumi.String(\"projects/my-project-name\"),\n\t\t\tDescription: pulumi.String(\"Description\"),\n\t\t\tDisplayName: pulumi.String(\"Displayname\"),\n\t\t\tTriggers: dataloss.PreventionJobTriggerTriggerArray{\n\t\t\t\t\u0026dataloss.PreventionJobTriggerTriggerArgs{\n\t\t\t\t\tSchedule: \u0026dataloss.PreventionJobTriggerTriggerScheduleArgs{\n\t\t\t\t\t\tRecurrencePeriodDuration: pulumi.String(\"86400s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tInspectJob: \u0026dataloss.PreventionJobTriggerInspectJobArgs{\n\t\t\t\tInspectTemplateName: pulumi.String(\"fake\"),\n\t\t\t\tActions: dataloss.PreventionJobTriggerInspectJobActionArray{\n\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobActionArgs{\n\t\t\t\t\t\tSaveFindings: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsArgs{\n\t\t\t\t\t\t\tOutputConfig: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs{\n\t\t\t\t\t\t\t\tTable: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs{\n\t\t\t\t\t\t\t\t\tProjectId: pulumi.String(\"project\"),\n\t\t\t\t\t\t\t\t\tDatasetId: pulumi.String(\"dataset\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobActionArgs{\n\t\t\t\t\t\tPubSub: \u0026dataloss.PreventionJobTriggerInspectJobActionPubSubArgs{\n\t\t\t\t\t\t\tTopic: pulumi.String(\"projects/project/topics/topic-name\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tStorageConfig: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigArgs{\n\t\t\t\t\tCloudStorageOptions: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs{\n\t\t\t\t\t\tFileSet: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs{\n\t\t\t\t\t\t\tUrl: pulumi.String(\"gs://mybucket/directory/\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataloss.PreventionJobTrigger;\nimport com.pulumi.gcp.dataloss.PreventionJobTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerScheduleArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basic = new PreventionJobTrigger(\"basic\", PreventionJobTriggerArgs.builder()\n .parent(\"projects/my-project-name\")\n .description(\"Description\")\n .displayName(\"Displayname\")\n .triggers(PreventionJobTriggerTriggerArgs.builder()\n .schedule(PreventionJobTriggerTriggerScheduleArgs.builder()\n .recurrencePeriodDuration(\"86400s\")\n .build())\n .build())\n .inspectJob(PreventionJobTriggerInspectJobArgs.builder()\n .inspectTemplateName(\"fake\")\n .actions( \n PreventionJobTriggerInspectJobActionArgs.builder()\n .saveFindings(PreventionJobTriggerInspectJobActionSaveFindingsArgs.builder()\n .outputConfig(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs.builder()\n .table(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs.builder()\n .projectId(\"project\")\n .datasetId(\"dataset\")\n .build())\n .build())\n .build())\n .build(),\n PreventionJobTriggerInspectJobActionArgs.builder()\n .pubSub(PreventionJobTriggerInspectJobActionPubSubArgs.builder()\n .topic(\"projects/project/topics/topic-name\")\n .build())\n .build())\n .storageConfig(PreventionJobTriggerInspectJobStorageConfigArgs.builder()\n .cloudStorageOptions(PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs.builder()\n .fileSet(PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs.builder()\n .url(\"gs://mybucket/directory/\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basic:\n type: gcp:dataloss:PreventionJobTrigger\n properties:\n parent: projects/my-project-name\n description: Description\n displayName: Displayname\n triggers:\n - schedule:\n recurrencePeriodDuration: 86400s\n inspectJob:\n inspectTemplateName: fake\n actions:\n - saveFindings:\n outputConfig:\n table:\n projectId: project\n datasetId: dataset\n - pubSub:\n topic: projects/project/topics/topic-name\n storageConfig:\n cloudStorageOptions:\n fileSet:\n url: gs://mybucket/directory/\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dlp Job Trigger Cloud Storage Optional Timespan Autopopulation\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = new gcp.dataloss.PreventionJobTrigger(\"basic\", {\n parent: \"projects/my-project-name\",\n description: \"Description\",\n displayName: \"Displayname\",\n triggers: [{\n schedule: {\n recurrencePeriodDuration: \"86400s\",\n },\n }],\n inspectJob: {\n inspectTemplateName: \"fake\",\n actions: [{\n saveFindings: {\n outputConfig: {\n table: {\n projectId: \"project\",\n datasetId: \"dataset\",\n },\n },\n },\n }],\n storageConfig: {\n timespanConfig: {\n enableAutoPopulationOfTimespanConfig: true,\n },\n cloudStorageOptions: {\n fileSet: {\n url: \"gs://mybucket/directory/\",\n },\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic = gcp.dataloss.PreventionJobTrigger(\"basic\",\n parent=\"projects/my-project-name\",\n description=\"Description\",\n display_name=\"Displayname\",\n triggers=[{\n \"schedule\": {\n \"recurrence_period_duration\": \"86400s\",\n },\n }],\n inspect_job={\n \"inspect_template_name\": \"fake\",\n \"actions\": [{\n \"save_findings\": {\n \"output_config\": {\n \"table\": {\n \"project_id\": \"project\",\n \"dataset_id\": \"dataset\",\n },\n },\n },\n }],\n \"storage_config\": {\n \"timespan_config\": {\n \"enable_auto_population_of_timespan_config\": True,\n },\n \"cloud_storage_options\": {\n \"file_set\": {\n \"url\": \"gs://mybucket/directory/\",\n },\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = new Gcp.DataLoss.PreventionJobTrigger(\"basic\", new()\n {\n Parent = \"projects/my-project-name\",\n Description = \"Description\",\n DisplayName = \"Displayname\",\n Triggers = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerArgs\n {\n Schedule = new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerScheduleArgs\n {\n RecurrencePeriodDuration = \"86400s\",\n },\n },\n },\n InspectJob = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobArgs\n {\n InspectTemplateName = \"fake\",\n Actions = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionArgs\n {\n SaveFindings = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsArgs\n {\n OutputConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs\n {\n Table = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs\n {\n ProjectId = \"project\",\n DatasetId = \"dataset\",\n },\n },\n },\n },\n },\n StorageConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigArgs\n {\n TimespanConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigTimespanConfigArgs\n {\n EnableAutoPopulationOfTimespanConfig = true,\n },\n CloudStorageOptions = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs\n {\n FileSet = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs\n {\n Url = \"gs://mybucket/directory/\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataloss\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataloss.NewPreventionJobTrigger(ctx, \"basic\", \u0026dataloss.PreventionJobTriggerArgs{\n\t\t\tParent: pulumi.String(\"projects/my-project-name\"),\n\t\t\tDescription: pulumi.String(\"Description\"),\n\t\t\tDisplayName: pulumi.String(\"Displayname\"),\n\t\t\tTriggers: dataloss.PreventionJobTriggerTriggerArray{\n\t\t\t\t\u0026dataloss.PreventionJobTriggerTriggerArgs{\n\t\t\t\t\tSchedule: \u0026dataloss.PreventionJobTriggerTriggerScheduleArgs{\n\t\t\t\t\t\tRecurrencePeriodDuration: pulumi.String(\"86400s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tInspectJob: \u0026dataloss.PreventionJobTriggerInspectJobArgs{\n\t\t\t\tInspectTemplateName: pulumi.String(\"fake\"),\n\t\t\t\tActions: dataloss.PreventionJobTriggerInspectJobActionArray{\n\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobActionArgs{\n\t\t\t\t\t\tSaveFindings: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsArgs{\n\t\t\t\t\t\t\tOutputConfig: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs{\n\t\t\t\t\t\t\t\tTable: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs{\n\t\t\t\t\t\t\t\t\tProjectId: pulumi.String(\"project\"),\n\t\t\t\t\t\t\t\t\tDatasetId: pulumi.String(\"dataset\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tStorageConfig: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigArgs{\n\t\t\t\t\tTimespanConfig: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigTimespanConfigArgs{\n\t\t\t\t\t\tEnableAutoPopulationOfTimespanConfig: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tCloudStorageOptions: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs{\n\t\t\t\t\t\tFileSet: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs{\n\t\t\t\t\t\t\tUrl: pulumi.String(\"gs://mybucket/directory/\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataloss.PreventionJobTrigger;\nimport com.pulumi.gcp.dataloss.PreventionJobTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerScheduleArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigTimespanConfigArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basic = new PreventionJobTrigger(\"basic\", PreventionJobTriggerArgs.builder()\n .parent(\"projects/my-project-name\")\n .description(\"Description\")\n .displayName(\"Displayname\")\n .triggers(PreventionJobTriggerTriggerArgs.builder()\n .schedule(PreventionJobTriggerTriggerScheduleArgs.builder()\n .recurrencePeriodDuration(\"86400s\")\n .build())\n .build())\n .inspectJob(PreventionJobTriggerInspectJobArgs.builder()\n .inspectTemplateName(\"fake\")\n .actions(PreventionJobTriggerInspectJobActionArgs.builder()\n .saveFindings(PreventionJobTriggerInspectJobActionSaveFindingsArgs.builder()\n .outputConfig(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs.builder()\n .table(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs.builder()\n .projectId(\"project\")\n .datasetId(\"dataset\")\n .build())\n .build())\n .build())\n .build())\n .storageConfig(PreventionJobTriggerInspectJobStorageConfigArgs.builder()\n .timespanConfig(PreventionJobTriggerInspectJobStorageConfigTimespanConfigArgs.builder()\n .enableAutoPopulationOfTimespanConfig(true)\n .build())\n .cloudStorageOptions(PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsArgs.builder()\n .fileSet(PreventionJobTriggerInspectJobStorageConfigCloudStorageOptionsFileSetArgs.builder()\n .url(\"gs://mybucket/directory/\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basic:\n type: gcp:dataloss:PreventionJobTrigger\n properties:\n parent: projects/my-project-name\n description: Description\n displayName: Displayname\n triggers:\n - schedule:\n recurrencePeriodDuration: 86400s\n inspectJob:\n inspectTemplateName: fake\n actions:\n - saveFindings:\n outputConfig:\n table:\n projectId: project\n datasetId: dataset\n storageConfig:\n timespanConfig:\n enableAutoPopulationOfTimespanConfig: true\n cloudStorageOptions:\n fileSet:\n url: gs://mybucket/directory/\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dlp Job Trigger Timespan Config Big Query\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst timespanConfigBigQuery = new gcp.dataloss.PreventionJobTrigger(\"timespan_config_big_query\", {\n parent: \"projects/my-project-name\",\n description: \"BigQuery DLP Job Trigger with timespan config and row limit\",\n displayName: \"bigquery-dlp-job-trigger-limit-timespan\",\n triggers: [{\n schedule: {\n recurrencePeriodDuration: \"86400s\",\n },\n }],\n inspectJob: {\n inspectTemplateName: \"projects/test/locations/global/inspectTemplates/6425492983381733900\",\n storageConfig: {\n bigQueryOptions: {\n tableReference: {\n projectId: \"project\",\n datasetId: \"dataset\",\n tableId: \"table\",\n },\n sampleMethod: \"\",\n },\n timespanConfig: {\n startTime: \"2023-01-01T00:00:23Z\",\n timestampField: {\n name: \"timestamp\",\n },\n },\n },\n actions: [{\n saveFindings: {\n outputConfig: {\n table: {\n projectId: \"project\",\n datasetId: \"output\",\n },\n },\n },\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntimespan_config_big_query = gcp.dataloss.PreventionJobTrigger(\"timespan_config_big_query\",\n parent=\"projects/my-project-name\",\n description=\"BigQuery DLP Job Trigger with timespan config and row limit\",\n display_name=\"bigquery-dlp-job-trigger-limit-timespan\",\n triggers=[{\n \"schedule\": {\n \"recurrence_period_duration\": \"86400s\",\n },\n }],\n inspect_job={\n \"inspect_template_name\": \"projects/test/locations/global/inspectTemplates/6425492983381733900\",\n \"storage_config\": {\n \"big_query_options\": {\n \"table_reference\": {\n \"project_id\": \"project\",\n \"dataset_id\": \"dataset\",\n \"table_id\": \"table\",\n },\n \"sample_method\": \"\",\n },\n \"timespan_config\": {\n \"start_time\": \"2023-01-01T00:00:23Z\",\n \"timestamp_field\": {\n \"name\": \"timestamp\",\n },\n },\n },\n \"actions\": [{\n \"save_findings\": {\n \"output_config\": {\n \"table\": {\n \"project_id\": \"project\",\n \"dataset_id\": \"output\",\n },\n },\n },\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var timespanConfigBigQuery = new Gcp.DataLoss.PreventionJobTrigger(\"timespan_config_big_query\", new()\n {\n Parent = \"projects/my-project-name\",\n Description = \"BigQuery DLP Job Trigger with timespan config and row limit\",\n DisplayName = \"bigquery-dlp-job-trigger-limit-timespan\",\n Triggers = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerArgs\n {\n Schedule = new Gcp.DataLoss.Inputs.PreventionJobTriggerTriggerScheduleArgs\n {\n RecurrencePeriodDuration = \"86400s\",\n },\n },\n },\n InspectJob = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobArgs\n {\n InspectTemplateName = \"projects/test/locations/global/inspectTemplates/6425492983381733900\",\n StorageConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigArgs\n {\n BigQueryOptions = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsArgs\n {\n TableReference = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsTableReferenceArgs\n {\n ProjectId = \"project\",\n DatasetId = \"dataset\",\n TableId = \"table\",\n },\n SampleMethod = \"\",\n },\n TimespanConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigTimespanConfigArgs\n {\n StartTime = \"2023-01-01T00:00:23Z\",\n TimestampField = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobStorageConfigTimespanConfigTimestampFieldArgs\n {\n Name = \"timestamp\",\n },\n },\n },\n Actions = new[]\n {\n new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionArgs\n {\n SaveFindings = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsArgs\n {\n OutputConfig = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs\n {\n Table = new Gcp.DataLoss.Inputs.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs\n {\n ProjectId = \"project\",\n DatasetId = \"output\",\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataloss\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataloss.NewPreventionJobTrigger(ctx, \"timespan_config_big_query\", \u0026dataloss.PreventionJobTriggerArgs{\n\t\t\tParent: pulumi.String(\"projects/my-project-name\"),\n\t\t\tDescription: pulumi.String(\"BigQuery DLP Job Trigger with timespan config and row limit\"),\n\t\t\tDisplayName: pulumi.String(\"bigquery-dlp-job-trigger-limit-timespan\"),\n\t\t\tTriggers: dataloss.PreventionJobTriggerTriggerArray{\n\t\t\t\t\u0026dataloss.PreventionJobTriggerTriggerArgs{\n\t\t\t\t\tSchedule: \u0026dataloss.PreventionJobTriggerTriggerScheduleArgs{\n\t\t\t\t\t\tRecurrencePeriodDuration: pulumi.String(\"86400s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tInspectJob: \u0026dataloss.PreventionJobTriggerInspectJobArgs{\n\t\t\t\tInspectTemplateName: pulumi.String(\"projects/test/locations/global/inspectTemplates/6425492983381733900\"),\n\t\t\t\tStorageConfig: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigArgs{\n\t\t\t\t\tBigQueryOptions: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsArgs{\n\t\t\t\t\t\tTableReference: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsTableReferenceArgs{\n\t\t\t\t\t\t\tProjectId: pulumi.String(\"project\"),\n\t\t\t\t\t\t\tDatasetId: pulumi.String(\"dataset\"),\n\t\t\t\t\t\t\tTableId: pulumi.String(\"table\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSampleMethod: pulumi.String(\"\"),\n\t\t\t\t\t},\n\t\t\t\t\tTimespanConfig: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigTimespanConfigArgs{\n\t\t\t\t\t\tStartTime: pulumi.String(\"2023-01-01T00:00:23Z\"),\n\t\t\t\t\t\tTimestampField: \u0026dataloss.PreventionJobTriggerInspectJobStorageConfigTimespanConfigTimestampFieldArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"timestamp\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tActions: dataloss.PreventionJobTriggerInspectJobActionArray{\n\t\t\t\t\t\u0026dataloss.PreventionJobTriggerInspectJobActionArgs{\n\t\t\t\t\t\tSaveFindings: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsArgs{\n\t\t\t\t\t\t\tOutputConfig: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs{\n\t\t\t\t\t\t\t\tTable: \u0026dataloss.PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs{\n\t\t\t\t\t\t\t\t\tProjectId: pulumi.String(\"project\"),\n\t\t\t\t\t\t\t\t\tDatasetId: pulumi.String(\"output\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataloss.PreventionJobTrigger;\nimport com.pulumi.gcp.dataloss.PreventionJobTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerTriggerScheduleArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsTableReferenceArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigTimespanConfigArgs;\nimport com.pulumi.gcp.dataloss.inputs.PreventionJobTriggerInspectJobStorageConfigTimespanConfigTimestampFieldArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var timespanConfigBigQuery = new PreventionJobTrigger(\"timespanConfigBigQuery\", PreventionJobTriggerArgs.builder()\n .parent(\"projects/my-project-name\")\n .description(\"BigQuery DLP Job Trigger with timespan config and row limit\")\n .displayName(\"bigquery-dlp-job-trigger-limit-timespan\")\n .triggers(PreventionJobTriggerTriggerArgs.builder()\n .schedule(PreventionJobTriggerTriggerScheduleArgs.builder()\n .recurrencePeriodDuration(\"86400s\")\n .build())\n .build())\n .inspectJob(PreventionJobTriggerInspectJobArgs.builder()\n .inspectTemplateName(\"projects/test/locations/global/inspectTemplates/6425492983381733900\")\n .storageConfig(PreventionJobTriggerInspectJobStorageConfigArgs.builder()\n .bigQueryOptions(PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsArgs.builder()\n .tableReference(PreventionJobTriggerInspectJobStorageConfigBigQueryOptionsTableReferenceArgs.builder()\n .projectId(\"project\")\n .datasetId(\"dataset\")\n .tableId(\"table\")\n .build())\n .sampleMethod(\"\")\n .build())\n .timespanConfig(PreventionJobTriggerInspectJobStorageConfigTimespanConfigArgs.builder()\n .startTime(\"2023-01-01T00:00:23Z\")\n .timestampField(PreventionJobTriggerInspectJobStorageConfigTimespanConfigTimestampFieldArgs.builder()\n .name(\"timestamp\")\n .build())\n .build())\n .build())\n .actions(PreventionJobTriggerInspectJobActionArgs.builder()\n .saveFindings(PreventionJobTriggerInspectJobActionSaveFindingsArgs.builder()\n .outputConfig(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigArgs.builder()\n .table(PreventionJobTriggerInspectJobActionSaveFindingsOutputConfigTableArgs.builder()\n .projectId(\"project\")\n .datasetId(\"output\")\n .build())\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n timespanConfigBigQuery:\n type: gcp:dataloss:PreventionJobTrigger\n name: timespan_config_big_query\n properties:\n parent: projects/my-project-name\n description: BigQuery DLP Job Trigger with timespan config and row limit\n displayName: bigquery-dlp-job-trigger-limit-timespan\n triggers:\n - schedule:\n recurrencePeriodDuration: 86400s\n inspectJob:\n inspectTemplateName: projects/test/locations/global/inspectTemplates/6425492983381733900\n storageConfig:\n bigQueryOptions:\n tableReference:\n projectId: project\n datasetId: dataset\n tableId: table\n sampleMethod: \"\"\n timespanConfig:\n startTime: 2023-01-01T00:00:23Z\n timestampField:\n name: timestamp\n actions:\n - saveFindings:\n outputConfig:\n table:\n projectId: project\n datasetId: output\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nJobTrigger can be imported using any of these accepted formats:\n\n* `{{parent}}/jobTriggers/{{name}}`\n\n* `{{parent}}/{{name}}`\n\nWhen using the `pulumi import` command, JobTrigger can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:dataloss/preventionJobTrigger:PreventionJobTrigger default {{parent}}/jobTriggers/{{name}}\n```\n\n```sh\n$ pulumi import gcp:dataloss/preventionJobTrigger:PreventionJobTrigger default {{parent}}/{{name}}\n```\n\n", "properties": { "createTime": { "type": "string", @@ -194753,7 +194753,7 @@ } }, "gcp:dataplex/aspectTypeIamBinding:AspectTypeIamBinding": { - "description": "Three different resources help you manage your IAM policy for Dataplex AspectType. Each of these resources serves a different use case:\n\n* `gcp.dataplex.AspectTypeIamPolicy`: Authoritative. Sets the IAM policy for the aspecttype and replaces any existing policy already attached.\n* `gcp.dataplex.AspectTypeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the aspecttype are preserved.\n* `gcp.dataplex.AspectTypeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the aspecttype are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.AspectTypeIamPolicy`: Retrieves the IAM policy for the aspecttype\n\n\u003e **Note:** `gcp.dataplex.AspectTypeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.AspectTypeIamBinding` and `gcp.dataplex.AspectTypeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.AspectTypeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.AspectTypeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.AspectTypeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.AspectTypeIamPolicy(\"policy\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.AspectTypeIamPolicy(\"policy\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.AspectTypeIamPolicy(\"policy\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAspectTypeIamPolicy(ctx, \"policy\", \u0026dataplex.AspectTypeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.AspectTypeIamPolicy;\nimport com.pulumi.gcp.dataplex.AspectTypeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AspectTypeIamPolicy(\"policy\", AspectTypeIamPolicyArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:AspectTypeIamPolicy\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AspectTypeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.AspectTypeIamBinding(\"binding\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.AspectTypeIamBinding(\"binding\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.AspectTypeIamBinding(\"binding\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAspectTypeIamBinding(ctx, \"binding\", \u0026dataplex.AspectTypeIamBindingArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AspectTypeIamBinding;\nimport com.pulumi.gcp.dataplex.AspectTypeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AspectTypeIamBinding(\"binding\", AspectTypeIamBindingArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:AspectTypeIamBinding\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AspectTypeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.AspectTypeIamMember(\"member\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.AspectTypeIamMember(\"member\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.AspectTypeIamMember(\"member\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAspectTypeIamMember(ctx, \"member\", \u0026dataplex.AspectTypeIamMemberArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AspectTypeIamMember;\nimport com.pulumi.gcp.dataplex.AspectTypeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AspectTypeIamMember(\"member\", AspectTypeIamMemberArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:AspectTypeIamMember\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex AspectType\nThree different resources help you manage your IAM policy for Dataplex AspectType. Each of these resources serves a different use case:\n\n* `gcp.dataplex.AspectTypeIamPolicy`: Authoritative. Sets the IAM policy for the aspecttype and replaces any existing policy already attached.\n* `gcp.dataplex.AspectTypeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the aspecttype are preserved.\n* `gcp.dataplex.AspectTypeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the aspecttype are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.AspectTypeIamPolicy`: Retrieves the IAM policy for the aspecttype\n\n\u003e **Note:** `gcp.dataplex.AspectTypeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.AspectTypeIamBinding` and `gcp.dataplex.AspectTypeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.AspectTypeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.AspectTypeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.AspectTypeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.AspectTypeIamPolicy(\"policy\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.AspectTypeIamPolicy(\"policy\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.AspectTypeIamPolicy(\"policy\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAspectTypeIamPolicy(ctx, \"policy\", \u0026dataplex.AspectTypeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.AspectTypeIamPolicy;\nimport com.pulumi.gcp.dataplex.AspectTypeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AspectTypeIamPolicy(\"policy\", AspectTypeIamPolicyArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:AspectTypeIamPolicy\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AspectTypeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.AspectTypeIamBinding(\"binding\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.AspectTypeIamBinding(\"binding\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.AspectTypeIamBinding(\"binding\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAspectTypeIamBinding(ctx, \"binding\", \u0026dataplex.AspectTypeIamBindingArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AspectTypeIamBinding;\nimport com.pulumi.gcp.dataplex.AspectTypeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AspectTypeIamBinding(\"binding\", AspectTypeIamBindingArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:AspectTypeIamBinding\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AspectTypeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.AspectTypeIamMember(\"member\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.AspectTypeIamMember(\"member\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.AspectTypeIamMember(\"member\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAspectTypeIamMember(ctx, \"member\", \u0026dataplex.AspectTypeIamMemberArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AspectTypeIamMember;\nimport com.pulumi.gcp.dataplex.AspectTypeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AspectTypeIamMember(\"member\", AspectTypeIamMemberArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:AspectTypeIamMember\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/aspectTypes/{{aspect_type_id}}\n\n* {{project}}/{{location}}/{{aspect_type_id}}\n\n* {{location}}/{{aspect_type_id}}\n\n* {{aspect_type_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex aspecttype IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/aspectTypeIamBinding:AspectTypeIamBinding editor \"projects/{{project}}/locations/{{location}}/aspectTypes/{{aspect_type_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/aspectTypeIamBinding:AspectTypeIamBinding editor \"projects/{{project}}/locations/{{location}}/aspectTypes/{{aspect_type_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/aspectTypeIamBinding:AspectTypeIamBinding editor projects/{{project}}/locations/{{location}}/aspectTypes/{{aspect_type_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex AspectType. Each of these resources serves a different use case:\n\n* `gcp.dataplex.AspectTypeIamPolicy`: Authoritative. Sets the IAM policy for the aspecttype and replaces any existing policy already attached.\n* `gcp.dataplex.AspectTypeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the aspecttype are preserved.\n* `gcp.dataplex.AspectTypeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the aspecttype are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.AspectTypeIamPolicy`: Retrieves the IAM policy for the aspecttype\n\n\u003e **Note:** `gcp.dataplex.AspectTypeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.AspectTypeIamBinding` and `gcp.dataplex.AspectTypeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.AspectTypeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.AspectTypeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.AspectTypeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.AspectTypeIamPolicy(\"policy\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.AspectTypeIamPolicy(\"policy\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.AspectTypeIamPolicy(\"policy\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAspectTypeIamPolicy(ctx, \"policy\", \u0026dataplex.AspectTypeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.AspectTypeIamPolicy;\nimport com.pulumi.gcp.dataplex.AspectTypeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AspectTypeIamPolicy(\"policy\", AspectTypeIamPolicyArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:AspectTypeIamPolicy\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AspectTypeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.AspectTypeIamBinding(\"binding\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.AspectTypeIamBinding(\"binding\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.AspectTypeIamBinding(\"binding\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAspectTypeIamBinding(ctx, \"binding\", \u0026dataplex.AspectTypeIamBindingArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AspectTypeIamBinding;\nimport com.pulumi.gcp.dataplex.AspectTypeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AspectTypeIamBinding(\"binding\", AspectTypeIamBindingArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:AspectTypeIamBinding\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AspectTypeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.AspectTypeIamMember(\"member\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.AspectTypeIamMember(\"member\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.AspectTypeIamMember(\"member\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAspectTypeIamMember(ctx, \"member\", \u0026dataplex.AspectTypeIamMemberArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AspectTypeIamMember;\nimport com.pulumi.gcp.dataplex.AspectTypeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AspectTypeIamMember(\"member\", AspectTypeIamMemberArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:AspectTypeIamMember\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex AspectType\nThree different resources help you manage your IAM policy for Dataplex AspectType. Each of these resources serves a different use case:\n\n* `gcp.dataplex.AspectTypeIamPolicy`: Authoritative. Sets the IAM policy for the aspecttype and replaces any existing policy already attached.\n* `gcp.dataplex.AspectTypeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the aspecttype are preserved.\n* `gcp.dataplex.AspectTypeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the aspecttype are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.AspectTypeIamPolicy`: Retrieves the IAM policy for the aspecttype\n\n\u003e **Note:** `gcp.dataplex.AspectTypeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.AspectTypeIamBinding` and `gcp.dataplex.AspectTypeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.AspectTypeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.AspectTypeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.AspectTypeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.AspectTypeIamPolicy(\"policy\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.AspectTypeIamPolicy(\"policy\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.AspectTypeIamPolicy(\"policy\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAspectTypeIamPolicy(ctx, \"policy\", \u0026dataplex.AspectTypeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.AspectTypeIamPolicy;\nimport com.pulumi.gcp.dataplex.AspectTypeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AspectTypeIamPolicy(\"policy\", AspectTypeIamPolicyArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:AspectTypeIamPolicy\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AspectTypeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.AspectTypeIamBinding(\"binding\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.AspectTypeIamBinding(\"binding\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.AspectTypeIamBinding(\"binding\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAspectTypeIamBinding(ctx, \"binding\", \u0026dataplex.AspectTypeIamBindingArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AspectTypeIamBinding;\nimport com.pulumi.gcp.dataplex.AspectTypeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AspectTypeIamBinding(\"binding\", AspectTypeIamBindingArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:AspectTypeIamBinding\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AspectTypeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.AspectTypeIamMember(\"member\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.AspectTypeIamMember(\"member\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.AspectTypeIamMember(\"member\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAspectTypeIamMember(ctx, \"member\", \u0026dataplex.AspectTypeIamMemberArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AspectTypeIamMember;\nimport com.pulumi.gcp.dataplex.AspectTypeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AspectTypeIamMember(\"member\", AspectTypeIamMemberArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:AspectTypeIamMember\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/aspectTypes/{{aspect_type_id}}\n\n* {{project}}/{{location}}/{{aspect_type_id}}\n\n* {{location}}/{{aspect_type_id}}\n\n* {{aspect_type_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex aspecttype IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/aspectTypeIamBinding:AspectTypeIamBinding editor \"projects/{{project}}/locations/{{location}}/aspectTypes/{{aspect_type_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/aspectTypeIamBinding:AspectTypeIamBinding editor \"projects/{{project}}/locations/{{location}}/aspectTypes/{{aspect_type_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/aspectTypeIamBinding:AspectTypeIamBinding editor projects/{{project}}/locations/{{location}}/aspectTypes/{{aspect_type_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "aspectTypeId": { "type": "string" @@ -194872,7 +194872,7 @@ } }, "gcp:dataplex/aspectTypeIamMember:AspectTypeIamMember": { - "description": "Three different resources help you manage your IAM policy for Dataplex AspectType. Each of these resources serves a different use case:\n\n* `gcp.dataplex.AspectTypeIamPolicy`: Authoritative. Sets the IAM policy for the aspecttype and replaces any existing policy already attached.\n* `gcp.dataplex.AspectTypeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the aspecttype are preserved.\n* `gcp.dataplex.AspectTypeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the aspecttype are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.AspectTypeIamPolicy`: Retrieves the IAM policy for the aspecttype\n\n\u003e **Note:** `gcp.dataplex.AspectTypeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.AspectTypeIamBinding` and `gcp.dataplex.AspectTypeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.AspectTypeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.AspectTypeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.AspectTypeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.AspectTypeIamPolicy(\"policy\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.AspectTypeIamPolicy(\"policy\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.AspectTypeIamPolicy(\"policy\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAspectTypeIamPolicy(ctx, \"policy\", \u0026dataplex.AspectTypeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.AspectTypeIamPolicy;\nimport com.pulumi.gcp.dataplex.AspectTypeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AspectTypeIamPolicy(\"policy\", AspectTypeIamPolicyArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:AspectTypeIamPolicy\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AspectTypeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.AspectTypeIamBinding(\"binding\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.AspectTypeIamBinding(\"binding\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.AspectTypeIamBinding(\"binding\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAspectTypeIamBinding(ctx, \"binding\", \u0026dataplex.AspectTypeIamBindingArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AspectTypeIamBinding;\nimport com.pulumi.gcp.dataplex.AspectTypeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AspectTypeIamBinding(\"binding\", AspectTypeIamBindingArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:AspectTypeIamBinding\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AspectTypeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.AspectTypeIamMember(\"member\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.AspectTypeIamMember(\"member\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.AspectTypeIamMember(\"member\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAspectTypeIamMember(ctx, \"member\", \u0026dataplex.AspectTypeIamMemberArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AspectTypeIamMember;\nimport com.pulumi.gcp.dataplex.AspectTypeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AspectTypeIamMember(\"member\", AspectTypeIamMemberArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:AspectTypeIamMember\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex AspectType\nThree different resources help you manage your IAM policy for Dataplex AspectType. Each of these resources serves a different use case:\n\n* `gcp.dataplex.AspectTypeIamPolicy`: Authoritative. Sets the IAM policy for the aspecttype and replaces any existing policy already attached.\n* `gcp.dataplex.AspectTypeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the aspecttype are preserved.\n* `gcp.dataplex.AspectTypeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the aspecttype are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.AspectTypeIamPolicy`: Retrieves the IAM policy for the aspecttype\n\n\u003e **Note:** `gcp.dataplex.AspectTypeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.AspectTypeIamBinding` and `gcp.dataplex.AspectTypeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.AspectTypeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.AspectTypeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.AspectTypeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.AspectTypeIamPolicy(\"policy\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.AspectTypeIamPolicy(\"policy\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.AspectTypeIamPolicy(\"policy\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAspectTypeIamPolicy(ctx, \"policy\", \u0026dataplex.AspectTypeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.AspectTypeIamPolicy;\nimport com.pulumi.gcp.dataplex.AspectTypeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AspectTypeIamPolicy(\"policy\", AspectTypeIamPolicyArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:AspectTypeIamPolicy\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AspectTypeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.AspectTypeIamBinding(\"binding\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.AspectTypeIamBinding(\"binding\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.AspectTypeIamBinding(\"binding\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAspectTypeIamBinding(ctx, \"binding\", \u0026dataplex.AspectTypeIamBindingArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AspectTypeIamBinding;\nimport com.pulumi.gcp.dataplex.AspectTypeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AspectTypeIamBinding(\"binding\", AspectTypeIamBindingArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:AspectTypeIamBinding\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AspectTypeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.AspectTypeIamMember(\"member\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.AspectTypeIamMember(\"member\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.AspectTypeIamMember(\"member\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAspectTypeIamMember(ctx, \"member\", \u0026dataplex.AspectTypeIamMemberArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AspectTypeIamMember;\nimport com.pulumi.gcp.dataplex.AspectTypeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AspectTypeIamMember(\"member\", AspectTypeIamMemberArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:AspectTypeIamMember\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/aspectTypes/{{aspect_type_id}}\n\n* {{project}}/{{location}}/{{aspect_type_id}}\n\n* {{location}}/{{aspect_type_id}}\n\n* {{aspect_type_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex aspecttype IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/aspectTypeIamMember:AspectTypeIamMember editor \"projects/{{project}}/locations/{{location}}/aspectTypes/{{aspect_type_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/aspectTypeIamMember:AspectTypeIamMember editor \"projects/{{project}}/locations/{{location}}/aspectTypes/{{aspect_type_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/aspectTypeIamMember:AspectTypeIamMember editor projects/{{project}}/locations/{{location}}/aspectTypes/{{aspect_type_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex AspectType. Each of these resources serves a different use case:\n\n* `gcp.dataplex.AspectTypeIamPolicy`: Authoritative. Sets the IAM policy for the aspecttype and replaces any existing policy already attached.\n* `gcp.dataplex.AspectTypeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the aspecttype are preserved.\n* `gcp.dataplex.AspectTypeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the aspecttype are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.AspectTypeIamPolicy`: Retrieves the IAM policy for the aspecttype\n\n\u003e **Note:** `gcp.dataplex.AspectTypeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.AspectTypeIamBinding` and `gcp.dataplex.AspectTypeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.AspectTypeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.AspectTypeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.AspectTypeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.AspectTypeIamPolicy(\"policy\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.AspectTypeIamPolicy(\"policy\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.AspectTypeIamPolicy(\"policy\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAspectTypeIamPolicy(ctx, \"policy\", \u0026dataplex.AspectTypeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.AspectTypeIamPolicy;\nimport com.pulumi.gcp.dataplex.AspectTypeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AspectTypeIamPolicy(\"policy\", AspectTypeIamPolicyArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:AspectTypeIamPolicy\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AspectTypeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.AspectTypeIamBinding(\"binding\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.AspectTypeIamBinding(\"binding\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.AspectTypeIamBinding(\"binding\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAspectTypeIamBinding(ctx, \"binding\", \u0026dataplex.AspectTypeIamBindingArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AspectTypeIamBinding;\nimport com.pulumi.gcp.dataplex.AspectTypeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AspectTypeIamBinding(\"binding\", AspectTypeIamBindingArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:AspectTypeIamBinding\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AspectTypeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.AspectTypeIamMember(\"member\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.AspectTypeIamMember(\"member\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.AspectTypeIamMember(\"member\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAspectTypeIamMember(ctx, \"member\", \u0026dataplex.AspectTypeIamMemberArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AspectTypeIamMember;\nimport com.pulumi.gcp.dataplex.AspectTypeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AspectTypeIamMember(\"member\", AspectTypeIamMemberArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:AspectTypeIamMember\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex AspectType\nThree different resources help you manage your IAM policy for Dataplex AspectType. Each of these resources serves a different use case:\n\n* `gcp.dataplex.AspectTypeIamPolicy`: Authoritative. Sets the IAM policy for the aspecttype and replaces any existing policy already attached.\n* `gcp.dataplex.AspectTypeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the aspecttype are preserved.\n* `gcp.dataplex.AspectTypeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the aspecttype are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.AspectTypeIamPolicy`: Retrieves the IAM policy for the aspecttype\n\n\u003e **Note:** `gcp.dataplex.AspectTypeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.AspectTypeIamBinding` and `gcp.dataplex.AspectTypeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.AspectTypeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.AspectTypeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.AspectTypeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.AspectTypeIamPolicy(\"policy\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.AspectTypeIamPolicy(\"policy\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.AspectTypeIamPolicy(\"policy\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAspectTypeIamPolicy(ctx, \"policy\", \u0026dataplex.AspectTypeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.AspectTypeIamPolicy;\nimport com.pulumi.gcp.dataplex.AspectTypeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AspectTypeIamPolicy(\"policy\", AspectTypeIamPolicyArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:AspectTypeIamPolicy\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AspectTypeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.AspectTypeIamBinding(\"binding\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.AspectTypeIamBinding(\"binding\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.AspectTypeIamBinding(\"binding\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAspectTypeIamBinding(ctx, \"binding\", \u0026dataplex.AspectTypeIamBindingArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AspectTypeIamBinding;\nimport com.pulumi.gcp.dataplex.AspectTypeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AspectTypeIamBinding(\"binding\", AspectTypeIamBindingArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:AspectTypeIamBinding\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AspectTypeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.AspectTypeIamMember(\"member\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.AspectTypeIamMember(\"member\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.AspectTypeIamMember(\"member\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAspectTypeIamMember(ctx, \"member\", \u0026dataplex.AspectTypeIamMemberArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AspectTypeIamMember;\nimport com.pulumi.gcp.dataplex.AspectTypeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AspectTypeIamMember(\"member\", AspectTypeIamMemberArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:AspectTypeIamMember\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/aspectTypes/{{aspect_type_id}}\n\n* {{project}}/{{location}}/{{aspect_type_id}}\n\n* {{location}}/{{aspect_type_id}}\n\n* {{aspect_type_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex aspecttype IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/aspectTypeIamMember:AspectTypeIamMember editor \"projects/{{project}}/locations/{{location}}/aspectTypes/{{aspect_type_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/aspectTypeIamMember:AspectTypeIamMember editor \"projects/{{project}}/locations/{{location}}/aspectTypes/{{aspect_type_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/aspectTypeIamMember:AspectTypeIamMember editor projects/{{project}}/locations/{{location}}/aspectTypes/{{aspect_type_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "aspectTypeId": { "type": "string" @@ -194984,7 +194984,7 @@ } }, "gcp:dataplex/aspectTypeIamPolicy:AspectTypeIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Dataplex AspectType. Each of these resources serves a different use case:\n\n* `gcp.dataplex.AspectTypeIamPolicy`: Authoritative. Sets the IAM policy for the aspecttype and replaces any existing policy already attached.\n* `gcp.dataplex.AspectTypeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the aspecttype are preserved.\n* `gcp.dataplex.AspectTypeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the aspecttype are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.AspectTypeIamPolicy`: Retrieves the IAM policy for the aspecttype\n\n\u003e **Note:** `gcp.dataplex.AspectTypeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.AspectTypeIamBinding` and `gcp.dataplex.AspectTypeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.AspectTypeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.AspectTypeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.AspectTypeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.AspectTypeIamPolicy(\"policy\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.AspectTypeIamPolicy(\"policy\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.AspectTypeIamPolicy(\"policy\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAspectTypeIamPolicy(ctx, \"policy\", \u0026dataplex.AspectTypeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.AspectTypeIamPolicy;\nimport com.pulumi.gcp.dataplex.AspectTypeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AspectTypeIamPolicy(\"policy\", AspectTypeIamPolicyArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:AspectTypeIamPolicy\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AspectTypeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.AspectTypeIamBinding(\"binding\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.AspectTypeIamBinding(\"binding\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.AspectTypeIamBinding(\"binding\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAspectTypeIamBinding(ctx, \"binding\", \u0026dataplex.AspectTypeIamBindingArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AspectTypeIamBinding;\nimport com.pulumi.gcp.dataplex.AspectTypeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AspectTypeIamBinding(\"binding\", AspectTypeIamBindingArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:AspectTypeIamBinding\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AspectTypeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.AspectTypeIamMember(\"member\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.AspectTypeIamMember(\"member\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.AspectTypeIamMember(\"member\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAspectTypeIamMember(ctx, \"member\", \u0026dataplex.AspectTypeIamMemberArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AspectTypeIamMember;\nimport com.pulumi.gcp.dataplex.AspectTypeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AspectTypeIamMember(\"member\", AspectTypeIamMemberArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:AspectTypeIamMember\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex AspectType\nThree different resources help you manage your IAM policy for Dataplex AspectType. Each of these resources serves a different use case:\n\n* `gcp.dataplex.AspectTypeIamPolicy`: Authoritative. Sets the IAM policy for the aspecttype and replaces any existing policy already attached.\n* `gcp.dataplex.AspectTypeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the aspecttype are preserved.\n* `gcp.dataplex.AspectTypeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the aspecttype are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.AspectTypeIamPolicy`: Retrieves the IAM policy for the aspecttype\n\n\u003e **Note:** `gcp.dataplex.AspectTypeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.AspectTypeIamBinding` and `gcp.dataplex.AspectTypeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.AspectTypeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.AspectTypeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.AspectTypeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.AspectTypeIamPolicy(\"policy\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.AspectTypeIamPolicy(\"policy\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.AspectTypeIamPolicy(\"policy\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAspectTypeIamPolicy(ctx, \"policy\", \u0026dataplex.AspectTypeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.AspectTypeIamPolicy;\nimport com.pulumi.gcp.dataplex.AspectTypeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AspectTypeIamPolicy(\"policy\", AspectTypeIamPolicyArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:AspectTypeIamPolicy\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AspectTypeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.AspectTypeIamBinding(\"binding\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.AspectTypeIamBinding(\"binding\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.AspectTypeIamBinding(\"binding\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAspectTypeIamBinding(ctx, \"binding\", \u0026dataplex.AspectTypeIamBindingArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AspectTypeIamBinding;\nimport com.pulumi.gcp.dataplex.AspectTypeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AspectTypeIamBinding(\"binding\", AspectTypeIamBindingArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:AspectTypeIamBinding\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AspectTypeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.AspectTypeIamMember(\"member\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.AspectTypeIamMember(\"member\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.AspectTypeIamMember(\"member\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAspectTypeIamMember(ctx, \"member\", \u0026dataplex.AspectTypeIamMemberArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AspectTypeIamMember;\nimport com.pulumi.gcp.dataplex.AspectTypeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AspectTypeIamMember(\"member\", AspectTypeIamMemberArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:AspectTypeIamMember\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/aspectTypes/{{aspect_type_id}}\n\n* {{project}}/{{location}}/{{aspect_type_id}}\n\n* {{location}}/{{aspect_type_id}}\n\n* {{aspect_type_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex aspecttype IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/aspectTypeIamPolicy:AspectTypeIamPolicy editor \"projects/{{project}}/locations/{{location}}/aspectTypes/{{aspect_type_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/aspectTypeIamPolicy:AspectTypeIamPolicy editor \"projects/{{project}}/locations/{{location}}/aspectTypes/{{aspect_type_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/aspectTypeIamPolicy:AspectTypeIamPolicy editor projects/{{project}}/locations/{{location}}/aspectTypes/{{aspect_type_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex AspectType. Each of these resources serves a different use case:\n\n* `gcp.dataplex.AspectTypeIamPolicy`: Authoritative. Sets the IAM policy for the aspecttype and replaces any existing policy already attached.\n* `gcp.dataplex.AspectTypeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the aspecttype are preserved.\n* `gcp.dataplex.AspectTypeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the aspecttype are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.AspectTypeIamPolicy`: Retrieves the IAM policy for the aspecttype\n\n\u003e **Note:** `gcp.dataplex.AspectTypeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.AspectTypeIamBinding` and `gcp.dataplex.AspectTypeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.AspectTypeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.AspectTypeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.AspectTypeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.AspectTypeIamPolicy(\"policy\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.AspectTypeIamPolicy(\"policy\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.AspectTypeIamPolicy(\"policy\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAspectTypeIamPolicy(ctx, \"policy\", \u0026dataplex.AspectTypeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.AspectTypeIamPolicy;\nimport com.pulumi.gcp.dataplex.AspectTypeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AspectTypeIamPolicy(\"policy\", AspectTypeIamPolicyArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:AspectTypeIamPolicy\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AspectTypeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.AspectTypeIamBinding(\"binding\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.AspectTypeIamBinding(\"binding\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.AspectTypeIamBinding(\"binding\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAspectTypeIamBinding(ctx, \"binding\", \u0026dataplex.AspectTypeIamBindingArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AspectTypeIamBinding;\nimport com.pulumi.gcp.dataplex.AspectTypeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AspectTypeIamBinding(\"binding\", AspectTypeIamBindingArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:AspectTypeIamBinding\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AspectTypeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.AspectTypeIamMember(\"member\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.AspectTypeIamMember(\"member\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.AspectTypeIamMember(\"member\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAspectTypeIamMember(ctx, \"member\", \u0026dataplex.AspectTypeIamMemberArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AspectTypeIamMember;\nimport com.pulumi.gcp.dataplex.AspectTypeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AspectTypeIamMember(\"member\", AspectTypeIamMemberArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:AspectTypeIamMember\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex AspectType\nThree different resources help you manage your IAM policy for Dataplex AspectType. Each of these resources serves a different use case:\n\n* `gcp.dataplex.AspectTypeIamPolicy`: Authoritative. Sets the IAM policy for the aspecttype and replaces any existing policy already attached.\n* `gcp.dataplex.AspectTypeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the aspecttype are preserved.\n* `gcp.dataplex.AspectTypeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the aspecttype are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.AspectTypeIamPolicy`: Retrieves the IAM policy for the aspecttype\n\n\u003e **Note:** `gcp.dataplex.AspectTypeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.AspectTypeIamBinding` and `gcp.dataplex.AspectTypeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.AspectTypeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.AspectTypeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.AspectTypeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.AspectTypeIamPolicy(\"policy\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.AspectTypeIamPolicy(\"policy\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.AspectTypeIamPolicy(\"policy\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAspectTypeIamPolicy(ctx, \"policy\", \u0026dataplex.AspectTypeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.AspectTypeIamPolicy;\nimport com.pulumi.gcp.dataplex.AspectTypeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AspectTypeIamPolicy(\"policy\", AspectTypeIamPolicyArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:AspectTypeIamPolicy\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AspectTypeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.AspectTypeIamBinding(\"binding\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.AspectTypeIamBinding(\"binding\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.AspectTypeIamBinding(\"binding\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAspectTypeIamBinding(ctx, \"binding\", \u0026dataplex.AspectTypeIamBindingArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AspectTypeIamBinding;\nimport com.pulumi.gcp.dataplex.AspectTypeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AspectTypeIamBinding(\"binding\", AspectTypeIamBindingArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:AspectTypeIamBinding\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AspectTypeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.AspectTypeIamMember(\"member\", {\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.AspectTypeIamMember(\"member\",\n project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.AspectTypeIamMember(\"member\", new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAspectTypeIamMember(ctx, \"member\", \u0026dataplex.AspectTypeIamMemberArgs{\n\t\t\tProject: pulumi.Any(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: pulumi.Any(testAspectTypeBasic.AspectTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AspectTypeIamMember;\nimport com.pulumi.gcp.dataplex.AspectTypeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AspectTypeIamMember(\"member\", AspectTypeIamMemberArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:AspectTypeIamMember\n properties:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/aspectTypes/{{aspect_type_id}}\n\n* {{project}}/{{location}}/{{aspect_type_id}}\n\n* {{location}}/{{aspect_type_id}}\n\n* {{aspect_type_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex aspecttype IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/aspectTypeIamPolicy:AspectTypeIamPolicy editor \"projects/{{project}}/locations/{{location}}/aspectTypes/{{aspect_type_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/aspectTypeIamPolicy:AspectTypeIamPolicy editor \"projects/{{project}}/locations/{{location}}/aspectTypes/{{aspect_type_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/aspectTypeIamPolicy:AspectTypeIamPolicy editor projects/{{project}}/locations/{{location}}/aspectTypes/{{aspect_type_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "aspectTypeId": { "type": "string" @@ -195067,7 +195067,7 @@ } }, "gcp:dataplex/asset:Asset": { - "description": "The Dataplex Asset resource\n\n## Example Usage\n\n### Basic_asset\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basicBucket = new gcp.storage.Bucket(\"basic_bucket\", {\n name: \"bucket\",\n location: \"us-west1\",\n uniformBucketLevelAccess: true,\n project: \"my-project-name\",\n});\nconst basicLake = new gcp.dataplex.Lake(\"basic_lake\", {\n name: \"lake\",\n location: \"us-west1\",\n project: \"my-project-name\",\n});\nconst basicZone = new gcp.dataplex.Zone(\"basic_zone\", {\n name: \"zone\",\n location: \"us-west1\",\n lake: basicLake.name,\n type: \"RAW\",\n discoverySpec: {\n enabled: false,\n },\n resourceSpec: {\n locationType: \"SINGLE_REGION\",\n },\n project: \"my-project-name\",\n});\nconst primary = new gcp.dataplex.Asset(\"primary\", {\n name: \"asset\",\n location: \"us-west1\",\n lake: basicLake.name,\n dataplexZone: basicZone.name,\n discoverySpec: {\n enabled: false,\n },\n resourceSpec: {\n name: \"projects/my-project-name/buckets/bucket\",\n type: \"STORAGE_BUCKET\",\n },\n labels: {\n env: \"foo\",\n \"my-asset\": \"exists\",\n },\n project: \"my-project-name\",\n}, {\n dependsOn: [basicBucket],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic_bucket = gcp.storage.Bucket(\"basic_bucket\",\n name=\"bucket\",\n location=\"us-west1\",\n uniform_bucket_level_access=True,\n project=\"my-project-name\")\nbasic_lake = gcp.dataplex.Lake(\"basic_lake\",\n name=\"lake\",\n location=\"us-west1\",\n project=\"my-project-name\")\nbasic_zone = gcp.dataplex.Zone(\"basic_zone\",\n name=\"zone\",\n location=\"us-west1\",\n lake=basic_lake.name,\n type=\"RAW\",\n discovery_spec={\n \"enabled\": False,\n },\n resource_spec={\n \"location_type\": \"SINGLE_REGION\",\n },\n project=\"my-project-name\")\nprimary = gcp.dataplex.Asset(\"primary\",\n name=\"asset\",\n location=\"us-west1\",\n lake=basic_lake.name,\n dataplex_zone=basic_zone.name,\n discovery_spec={\n \"enabled\": False,\n },\n resource_spec={\n \"name\": \"projects/my-project-name/buckets/bucket\",\n \"type\": \"STORAGE_BUCKET\",\n },\n labels={\n \"env\": \"foo\",\n \"my-asset\": \"exists\",\n },\n project=\"my-project-name\",\n opts = pulumi.ResourceOptions(depends_on=[basic_bucket]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basicBucket = new Gcp.Storage.Bucket(\"basic_bucket\", new()\n {\n Name = \"bucket\",\n Location = \"us-west1\",\n UniformBucketLevelAccess = true,\n Project = \"my-project-name\",\n });\n\n var basicLake = new Gcp.DataPlex.Lake(\"basic_lake\", new()\n {\n Name = \"lake\",\n Location = \"us-west1\",\n Project = \"my-project-name\",\n });\n\n var basicZone = new Gcp.DataPlex.Zone(\"basic_zone\", new()\n {\n Name = \"zone\",\n Location = \"us-west1\",\n Lake = basicLake.Name,\n Type = \"RAW\",\n DiscoverySpec = new Gcp.DataPlex.Inputs.ZoneDiscoverySpecArgs\n {\n Enabled = false,\n },\n ResourceSpec = new Gcp.DataPlex.Inputs.ZoneResourceSpecArgs\n {\n LocationType = \"SINGLE_REGION\",\n },\n Project = \"my-project-name\",\n });\n\n var primary = new Gcp.DataPlex.Asset(\"primary\", new()\n {\n Name = \"asset\",\n Location = \"us-west1\",\n Lake = basicLake.Name,\n DataplexZone = basicZone.Name,\n DiscoverySpec = new Gcp.DataPlex.Inputs.AssetDiscoverySpecArgs\n {\n Enabled = false,\n },\n ResourceSpec = new Gcp.DataPlex.Inputs.AssetResourceSpecArgs\n {\n Name = \"projects/my-project-name/buckets/bucket\",\n Type = \"STORAGE_BUCKET\",\n },\n Labels = \n {\n { \"env\", \"foo\" },\n { \"my-asset\", \"exists\" },\n },\n Project = \"my-project-name\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n basicBucket,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbasicBucket, err := storage.NewBucket(ctx, \"basic_bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"bucket\"),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasicLake, err := dataplex.NewLake(ctx, \"basic_lake\", \u0026dataplex.LakeArgs{\n\t\t\tName: pulumi.String(\"lake\"),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasicZone, err := dataplex.NewZone(ctx, \"basic_zone\", \u0026dataplex.ZoneArgs{\n\t\t\tName: pulumi.String(\"zone\"),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tLake: basicLake.Name,\n\t\t\tType: pulumi.String(\"RAW\"),\n\t\t\tDiscoverySpec: \u0026dataplex.ZoneDiscoverySpecArgs{\n\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t\tResourceSpec: \u0026dataplex.ZoneResourceSpecArgs{\n\t\t\t\tLocationType: pulumi.String(\"SINGLE_REGION\"),\n\t\t\t},\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAsset(ctx, \"primary\", \u0026dataplex.AssetArgs{\n\t\t\tName: pulumi.String(\"asset\"),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tLake: basicLake.Name,\n\t\t\tDataplexZone: basicZone.Name,\n\t\t\tDiscoverySpec: \u0026dataplex.AssetDiscoverySpecArgs{\n\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t\tResourceSpec: \u0026dataplex.AssetResourceSpecArgs{\n\t\t\t\tName: pulumi.String(\"projects/my-project-name/buckets/bucket\"),\n\t\t\t\tType: pulumi.String(\"STORAGE_BUCKET\"),\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"env\": pulumi.String(\"foo\"),\n\t\t\t\t\"my-asset\": pulumi.String(\"exists\"),\n\t\t\t},\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tbasicBucket,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.dataplex.Lake;\nimport com.pulumi.gcp.dataplex.LakeArgs;\nimport com.pulumi.gcp.dataplex.Zone;\nimport com.pulumi.gcp.dataplex.ZoneArgs;\nimport com.pulumi.gcp.dataplex.inputs.ZoneDiscoverySpecArgs;\nimport com.pulumi.gcp.dataplex.inputs.ZoneResourceSpecArgs;\nimport com.pulumi.gcp.dataplex.Asset;\nimport com.pulumi.gcp.dataplex.AssetArgs;\nimport com.pulumi.gcp.dataplex.inputs.AssetDiscoverySpecArgs;\nimport com.pulumi.gcp.dataplex.inputs.AssetResourceSpecArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basicBucket = new Bucket(\"basicBucket\", BucketArgs.builder()\n .name(\"bucket\")\n .location(\"us-west1\")\n .uniformBucketLevelAccess(true)\n .project(\"my-project-name\")\n .build());\n\n var basicLake = new Lake(\"basicLake\", LakeArgs.builder()\n .name(\"lake\")\n .location(\"us-west1\")\n .project(\"my-project-name\")\n .build());\n\n var basicZone = new Zone(\"basicZone\", ZoneArgs.builder()\n .name(\"zone\")\n .location(\"us-west1\")\n .lake(basicLake.name())\n .type(\"RAW\")\n .discoverySpec(ZoneDiscoverySpecArgs.builder()\n .enabled(false)\n .build())\n .resourceSpec(ZoneResourceSpecArgs.builder()\n .locationType(\"SINGLE_REGION\")\n .build())\n .project(\"my-project-name\")\n .build());\n\n var primary = new Asset(\"primary\", AssetArgs.builder()\n .name(\"asset\")\n .location(\"us-west1\")\n .lake(basicLake.name())\n .dataplexZone(basicZone.name())\n .discoverySpec(AssetDiscoverySpecArgs.builder()\n .enabled(false)\n .build())\n .resourceSpec(AssetResourceSpecArgs.builder()\n .name(\"projects/my-project-name/buckets/bucket\")\n .type(\"STORAGE_BUCKET\")\n .build())\n .labels(Map.ofEntries(\n Map.entry(\"env\", \"foo\"),\n Map.entry(\"my-asset\", \"exists\")\n ))\n .project(\"my-project-name\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(basicBucket)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basicBucket:\n type: gcp:storage:Bucket\n name: basic_bucket\n properties:\n name: bucket\n location: us-west1\n uniformBucketLevelAccess: true\n project: my-project-name\n basicLake:\n type: gcp:dataplex:Lake\n name: basic_lake\n properties:\n name: lake\n location: us-west1\n project: my-project-name\n basicZone:\n type: gcp:dataplex:Zone\n name: basic_zone\n properties:\n name: zone\n location: us-west1\n lake: ${basicLake.name}\n type: RAW\n discoverySpec:\n enabled: false\n resourceSpec:\n locationType: SINGLE_REGION\n project: my-project-name\n primary:\n type: gcp:dataplex:Asset\n properties:\n name: asset\n location: us-west1\n lake: ${basicLake.name}\n dataplexZone: ${basicZone.name}\n discoverySpec:\n enabled: false\n resourceSpec:\n name: projects/my-project-name/buckets/bucket\n type: STORAGE_BUCKET\n labels:\n env: foo\n my-asset: exists\n project: my-project-name\n options:\n dependson:\n - ${basicBucket}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAsset can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{name}}`\n\n* `{{project}}/{{location}}/{{lake}}/{{dataplex_zone}}/{{name}}`\n\n* `{{location}}/{{lake}}/{{dataplex_zone}}/{{name}}`\n\nWhen using the `pulumi import` command, Asset can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:dataplex/asset:Asset default projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{name}}\n```\n\n```sh\n$ pulumi import gcp:dataplex/asset:Asset default {{project}}/{{location}}/{{lake}}/{{dataplex_zone}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:dataplex/asset:Asset default {{location}}/{{lake}}/{{dataplex_zone}}/{{name}}\n```\n\n", + "description": "The Dataplex Asset resource\n\n## Example Usage\n\n### Basic_asset\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basicBucket = new gcp.storage.Bucket(\"basic_bucket\", {\n name: \"bucket\",\n location: \"us-west1\",\n uniformBucketLevelAccess: true,\n project: \"my-project-name\",\n});\nconst basicLake = new gcp.dataplex.Lake(\"basic_lake\", {\n name: \"lake\",\n location: \"us-west1\",\n project: \"my-project-name\",\n});\nconst basicZone = new gcp.dataplex.Zone(\"basic_zone\", {\n name: \"zone\",\n location: \"us-west1\",\n lake: basicLake.name,\n type: \"RAW\",\n discoverySpec: {\n enabled: false,\n },\n resourceSpec: {\n locationType: \"SINGLE_REGION\",\n },\n project: \"my-project-name\",\n});\nconst primary = new gcp.dataplex.Asset(\"primary\", {\n name: \"asset\",\n location: \"us-west1\",\n lake: basicLake.name,\n dataplexZone: basicZone.name,\n discoverySpec: {\n enabled: false,\n },\n resourceSpec: {\n name: \"projects/my-project-name/buckets/bucket\",\n type: \"STORAGE_BUCKET\",\n },\n labels: {\n env: \"foo\",\n \"my-asset\": \"exists\",\n },\n project: \"my-project-name\",\n}, {\n dependsOn: [basicBucket],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic_bucket = gcp.storage.Bucket(\"basic_bucket\",\n name=\"bucket\",\n location=\"us-west1\",\n uniform_bucket_level_access=True,\n project=\"my-project-name\")\nbasic_lake = gcp.dataplex.Lake(\"basic_lake\",\n name=\"lake\",\n location=\"us-west1\",\n project=\"my-project-name\")\nbasic_zone = gcp.dataplex.Zone(\"basic_zone\",\n name=\"zone\",\n location=\"us-west1\",\n lake=basic_lake.name,\n type=\"RAW\",\n discovery_spec={\n \"enabled\": False,\n },\n resource_spec={\n \"location_type\": \"SINGLE_REGION\",\n },\n project=\"my-project-name\")\nprimary = gcp.dataplex.Asset(\"primary\",\n name=\"asset\",\n location=\"us-west1\",\n lake=basic_lake.name,\n dataplex_zone=basic_zone.name,\n discovery_spec={\n \"enabled\": False,\n },\n resource_spec={\n \"name\": \"projects/my-project-name/buckets/bucket\",\n \"type\": \"STORAGE_BUCKET\",\n },\n labels={\n \"env\": \"foo\",\n \"my-asset\": \"exists\",\n },\n project=\"my-project-name\",\n opts = pulumi.ResourceOptions(depends_on=[basic_bucket]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basicBucket = new Gcp.Storage.Bucket(\"basic_bucket\", new()\n {\n Name = \"bucket\",\n Location = \"us-west1\",\n UniformBucketLevelAccess = true,\n Project = \"my-project-name\",\n });\n\n var basicLake = new Gcp.DataPlex.Lake(\"basic_lake\", new()\n {\n Name = \"lake\",\n Location = \"us-west1\",\n Project = \"my-project-name\",\n });\n\n var basicZone = new Gcp.DataPlex.Zone(\"basic_zone\", new()\n {\n Name = \"zone\",\n Location = \"us-west1\",\n Lake = basicLake.Name,\n Type = \"RAW\",\n DiscoverySpec = new Gcp.DataPlex.Inputs.ZoneDiscoverySpecArgs\n {\n Enabled = false,\n },\n ResourceSpec = new Gcp.DataPlex.Inputs.ZoneResourceSpecArgs\n {\n LocationType = \"SINGLE_REGION\",\n },\n Project = \"my-project-name\",\n });\n\n var primary = new Gcp.DataPlex.Asset(\"primary\", new()\n {\n Name = \"asset\",\n Location = \"us-west1\",\n Lake = basicLake.Name,\n DataplexZone = basicZone.Name,\n DiscoverySpec = new Gcp.DataPlex.Inputs.AssetDiscoverySpecArgs\n {\n Enabled = false,\n },\n ResourceSpec = new Gcp.DataPlex.Inputs.AssetResourceSpecArgs\n {\n Name = \"projects/my-project-name/buckets/bucket\",\n Type = \"STORAGE_BUCKET\",\n },\n Labels = \n {\n { \"env\", \"foo\" },\n { \"my-asset\", \"exists\" },\n },\n Project = \"my-project-name\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n basicBucket,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbasicBucket, err := storage.NewBucket(ctx, \"basic_bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"bucket\"),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasicLake, err := dataplex.NewLake(ctx, \"basic_lake\", \u0026dataplex.LakeArgs{\n\t\t\tName: pulumi.String(\"lake\"),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasicZone, err := dataplex.NewZone(ctx, \"basic_zone\", \u0026dataplex.ZoneArgs{\n\t\t\tName: pulumi.String(\"zone\"),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tLake: basicLake.Name,\n\t\t\tType: pulumi.String(\"RAW\"),\n\t\t\tDiscoverySpec: \u0026dataplex.ZoneDiscoverySpecArgs{\n\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t\tResourceSpec: \u0026dataplex.ZoneResourceSpecArgs{\n\t\t\t\tLocationType: pulumi.String(\"SINGLE_REGION\"),\n\t\t\t},\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAsset(ctx, \"primary\", \u0026dataplex.AssetArgs{\n\t\t\tName: pulumi.String(\"asset\"),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tLake: basicLake.Name,\n\t\t\tDataplexZone: basicZone.Name,\n\t\t\tDiscoverySpec: \u0026dataplex.AssetDiscoverySpecArgs{\n\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t\tResourceSpec: \u0026dataplex.AssetResourceSpecArgs{\n\t\t\t\tName: pulumi.String(\"projects/my-project-name/buckets/bucket\"),\n\t\t\t\tType: pulumi.String(\"STORAGE_BUCKET\"),\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"env\": pulumi.String(\"foo\"),\n\t\t\t\t\"my-asset\": pulumi.String(\"exists\"),\n\t\t\t},\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tbasicBucket,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.dataplex.Lake;\nimport com.pulumi.gcp.dataplex.LakeArgs;\nimport com.pulumi.gcp.dataplex.Zone;\nimport com.pulumi.gcp.dataplex.ZoneArgs;\nimport com.pulumi.gcp.dataplex.inputs.ZoneDiscoverySpecArgs;\nimport com.pulumi.gcp.dataplex.inputs.ZoneResourceSpecArgs;\nimport com.pulumi.gcp.dataplex.Asset;\nimport com.pulumi.gcp.dataplex.AssetArgs;\nimport com.pulumi.gcp.dataplex.inputs.AssetDiscoverySpecArgs;\nimport com.pulumi.gcp.dataplex.inputs.AssetResourceSpecArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basicBucket = new Bucket(\"basicBucket\", BucketArgs.builder()\n .name(\"bucket\")\n .location(\"us-west1\")\n .uniformBucketLevelAccess(true)\n .project(\"my-project-name\")\n .build());\n\n var basicLake = new Lake(\"basicLake\", LakeArgs.builder()\n .name(\"lake\")\n .location(\"us-west1\")\n .project(\"my-project-name\")\n .build());\n\n var basicZone = new Zone(\"basicZone\", ZoneArgs.builder()\n .name(\"zone\")\n .location(\"us-west1\")\n .lake(basicLake.name())\n .type(\"RAW\")\n .discoverySpec(ZoneDiscoverySpecArgs.builder()\n .enabled(false)\n .build())\n .resourceSpec(ZoneResourceSpecArgs.builder()\n .locationType(\"SINGLE_REGION\")\n .build())\n .project(\"my-project-name\")\n .build());\n\n var primary = new Asset(\"primary\", AssetArgs.builder()\n .name(\"asset\")\n .location(\"us-west1\")\n .lake(basicLake.name())\n .dataplexZone(basicZone.name())\n .discoverySpec(AssetDiscoverySpecArgs.builder()\n .enabled(false)\n .build())\n .resourceSpec(AssetResourceSpecArgs.builder()\n .name(\"projects/my-project-name/buckets/bucket\")\n .type(\"STORAGE_BUCKET\")\n .build())\n .labels(Map.ofEntries(\n Map.entry(\"env\", \"foo\"),\n Map.entry(\"my-asset\", \"exists\")\n ))\n .project(\"my-project-name\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(basicBucket)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basicBucket:\n type: gcp:storage:Bucket\n name: basic_bucket\n properties:\n name: bucket\n location: us-west1\n uniformBucketLevelAccess: true\n project: my-project-name\n basicLake:\n type: gcp:dataplex:Lake\n name: basic_lake\n properties:\n name: lake\n location: us-west1\n project: my-project-name\n basicZone:\n type: gcp:dataplex:Zone\n name: basic_zone\n properties:\n name: zone\n location: us-west1\n lake: ${basicLake.name}\n type: RAW\n discoverySpec:\n enabled: false\n resourceSpec:\n locationType: SINGLE_REGION\n project: my-project-name\n primary:\n type: gcp:dataplex:Asset\n properties:\n name: asset\n location: us-west1\n lake: ${basicLake.name}\n dataplexZone: ${basicZone.name}\n discoverySpec:\n enabled: false\n resourceSpec:\n name: projects/my-project-name/buckets/bucket\n type: STORAGE_BUCKET\n labels:\n env: foo\n my-asset: exists\n project: my-project-name\n options:\n dependsOn:\n - ${basicBucket}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAsset can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{name}}`\n\n* `{{project}}/{{location}}/{{lake}}/{{dataplex_zone}}/{{name}}`\n\n* `{{location}}/{{lake}}/{{dataplex_zone}}/{{name}}`\n\nWhen using the `pulumi import` command, Asset can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:dataplex/asset:Asset default projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{name}}\n```\n\n```sh\n$ pulumi import gcp:dataplex/asset:Asset default {{project}}/{{location}}/{{lake}}/{{dataplex_zone}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:dataplex/asset:Asset default {{location}}/{{lake}}/{{dataplex_zone}}/{{name}}\n```\n\n", "properties": { "createTime": { "type": "string", @@ -195348,7 +195348,7 @@ } }, "gcp:dataplex/assetIamBinding:AssetIamBinding": { - "description": "Three different resources help you manage your IAM policy for Dataplex Asset. Each of these resources serves a different use case:\n\n* `gcp.dataplex.AssetIamPolicy`: Authoritative. Sets the IAM policy for the asset and replaces any existing policy already attached.\n* `gcp.dataplex.AssetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the asset are preserved.\n* `gcp.dataplex.AssetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the asset are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.AssetIamPolicy`: Retrieves the IAM policy for the asset\n\n\u003e **Note:** `gcp.dataplex.AssetIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.AssetIamBinding` and `gcp.dataplex.AssetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.AssetIamBinding` resources **can be** used in conjunction with `gcp.dataplex.AssetIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.AssetIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.AssetIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.AssetIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.AssetIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAssetIamPolicy(ctx, \"policy\", \u0026dataplex.AssetIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.AssetIamPolicy;\nimport com.pulumi.gcp.dataplex.AssetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AssetIamPolicy(\"policy\", AssetIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:AssetIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AssetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.AssetIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.AssetIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.AssetIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamBinding(ctx, \"binding\", \u0026dataplex.AssetIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamBinding;\nimport com.pulumi.gcp.dataplex.AssetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AssetIamBinding(\"binding\", AssetIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:AssetIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AssetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.AssetIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.AssetIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.AssetIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamMember(ctx, \"member\", \u0026dataplex.AssetIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamMember;\nimport com.pulumi.gcp.dataplex.AssetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AssetIamMember(\"member\", AssetIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:AssetIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex Asset\nThree different resources help you manage your IAM policy for Dataplex Asset. Each of these resources serves a different use case:\n\n* `gcp.dataplex.AssetIamPolicy`: Authoritative. Sets the IAM policy for the asset and replaces any existing policy already attached.\n* `gcp.dataplex.AssetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the asset are preserved.\n* `gcp.dataplex.AssetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the asset are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.AssetIamPolicy`: Retrieves the IAM policy for the asset\n\n\u003e **Note:** `gcp.dataplex.AssetIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.AssetIamBinding` and `gcp.dataplex.AssetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.AssetIamBinding` resources **can be** used in conjunction with `gcp.dataplex.AssetIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.AssetIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.AssetIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.AssetIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.AssetIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAssetIamPolicy(ctx, \"policy\", \u0026dataplex.AssetIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.AssetIamPolicy;\nimport com.pulumi.gcp.dataplex.AssetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AssetIamPolicy(\"policy\", AssetIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:AssetIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AssetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.AssetIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.AssetIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.AssetIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamBinding(ctx, \"binding\", \u0026dataplex.AssetIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamBinding;\nimport com.pulumi.gcp.dataplex.AssetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AssetIamBinding(\"binding\", AssetIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:AssetIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AssetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.AssetIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.AssetIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.AssetIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamMember(ctx, \"member\", \u0026dataplex.AssetIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamMember;\nimport com.pulumi.gcp.dataplex.AssetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AssetIamMember(\"member\", AssetIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:AssetIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{name}}\n\n* {{project}}/{{location}}/{{lake}}/{{dataplex_zone}}/{{name}}\n\n* {{location}}/{{lake}}/{{dataplex_zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex asset IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamBinding:AssetIamBinding editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamBinding:AssetIamBinding editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamBinding:AssetIamBinding editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex Asset. Each of these resources serves a different use case:\n\n* `gcp.dataplex.AssetIamPolicy`: Authoritative. Sets the IAM policy for the asset and replaces any existing policy already attached.\n* `gcp.dataplex.AssetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the asset are preserved.\n* `gcp.dataplex.AssetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the asset are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.AssetIamPolicy`: Retrieves the IAM policy for the asset\n\n\u003e **Note:** `gcp.dataplex.AssetIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.AssetIamBinding` and `gcp.dataplex.AssetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.AssetIamBinding` resources **can be** used in conjunction with `gcp.dataplex.AssetIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.AssetIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.AssetIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.AssetIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.AssetIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAssetIamPolicy(ctx, \"policy\", \u0026dataplex.AssetIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.AssetIamPolicy;\nimport com.pulumi.gcp.dataplex.AssetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AssetIamPolicy(\"policy\", AssetIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:AssetIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AssetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.AssetIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.AssetIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.AssetIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamBinding(ctx, \"binding\", \u0026dataplex.AssetIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamBinding;\nimport com.pulumi.gcp.dataplex.AssetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AssetIamBinding(\"binding\", AssetIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:AssetIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AssetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.AssetIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.AssetIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.AssetIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamMember(ctx, \"member\", \u0026dataplex.AssetIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamMember;\nimport com.pulumi.gcp.dataplex.AssetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AssetIamMember(\"member\", AssetIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:AssetIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex Asset\nThree different resources help you manage your IAM policy for Dataplex Asset. Each of these resources serves a different use case:\n\n* `gcp.dataplex.AssetIamPolicy`: Authoritative. Sets the IAM policy for the asset and replaces any existing policy already attached.\n* `gcp.dataplex.AssetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the asset are preserved.\n* `gcp.dataplex.AssetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the asset are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.AssetIamPolicy`: Retrieves the IAM policy for the asset\n\n\u003e **Note:** `gcp.dataplex.AssetIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.AssetIamBinding` and `gcp.dataplex.AssetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.AssetIamBinding` resources **can be** used in conjunction with `gcp.dataplex.AssetIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.AssetIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.AssetIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.AssetIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.AssetIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAssetIamPolicy(ctx, \"policy\", \u0026dataplex.AssetIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.AssetIamPolicy;\nimport com.pulumi.gcp.dataplex.AssetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AssetIamPolicy(\"policy\", AssetIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:AssetIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AssetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.AssetIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.AssetIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.AssetIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamBinding(ctx, \"binding\", \u0026dataplex.AssetIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamBinding;\nimport com.pulumi.gcp.dataplex.AssetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AssetIamBinding(\"binding\", AssetIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:AssetIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AssetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.AssetIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.AssetIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.AssetIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamMember(ctx, \"member\", \u0026dataplex.AssetIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamMember;\nimport com.pulumi.gcp.dataplex.AssetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AssetIamMember(\"member\", AssetIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:AssetIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{name}}\n\n* {{project}}/{{location}}/{{lake}}/{{dataplex_zone}}/{{name}}\n\n* {{location}}/{{lake}}/{{dataplex_zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex asset IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamBinding:AssetIamBinding editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamBinding:AssetIamBinding editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamBinding:AssetIamBinding editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "asset": { "type": "string", @@ -195493,7 +195493,7 @@ } }, "gcp:dataplex/assetIamMember:AssetIamMember": { - "description": "Three different resources help you manage your IAM policy for Dataplex Asset. Each of these resources serves a different use case:\n\n* `gcp.dataplex.AssetIamPolicy`: Authoritative. Sets the IAM policy for the asset and replaces any existing policy already attached.\n* `gcp.dataplex.AssetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the asset are preserved.\n* `gcp.dataplex.AssetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the asset are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.AssetIamPolicy`: Retrieves the IAM policy for the asset\n\n\u003e **Note:** `gcp.dataplex.AssetIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.AssetIamBinding` and `gcp.dataplex.AssetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.AssetIamBinding` resources **can be** used in conjunction with `gcp.dataplex.AssetIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.AssetIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.AssetIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.AssetIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.AssetIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAssetIamPolicy(ctx, \"policy\", \u0026dataplex.AssetIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.AssetIamPolicy;\nimport com.pulumi.gcp.dataplex.AssetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AssetIamPolicy(\"policy\", AssetIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:AssetIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AssetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.AssetIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.AssetIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.AssetIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamBinding(ctx, \"binding\", \u0026dataplex.AssetIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamBinding;\nimport com.pulumi.gcp.dataplex.AssetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AssetIamBinding(\"binding\", AssetIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:AssetIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AssetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.AssetIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.AssetIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.AssetIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamMember(ctx, \"member\", \u0026dataplex.AssetIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamMember;\nimport com.pulumi.gcp.dataplex.AssetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AssetIamMember(\"member\", AssetIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:AssetIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex Asset\nThree different resources help you manage your IAM policy for Dataplex Asset. Each of these resources serves a different use case:\n\n* `gcp.dataplex.AssetIamPolicy`: Authoritative. Sets the IAM policy for the asset and replaces any existing policy already attached.\n* `gcp.dataplex.AssetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the asset are preserved.\n* `gcp.dataplex.AssetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the asset are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.AssetIamPolicy`: Retrieves the IAM policy for the asset\n\n\u003e **Note:** `gcp.dataplex.AssetIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.AssetIamBinding` and `gcp.dataplex.AssetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.AssetIamBinding` resources **can be** used in conjunction with `gcp.dataplex.AssetIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.AssetIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.AssetIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.AssetIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.AssetIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAssetIamPolicy(ctx, \"policy\", \u0026dataplex.AssetIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.AssetIamPolicy;\nimport com.pulumi.gcp.dataplex.AssetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AssetIamPolicy(\"policy\", AssetIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:AssetIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AssetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.AssetIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.AssetIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.AssetIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamBinding(ctx, \"binding\", \u0026dataplex.AssetIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamBinding;\nimport com.pulumi.gcp.dataplex.AssetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AssetIamBinding(\"binding\", AssetIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:AssetIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AssetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.AssetIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.AssetIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.AssetIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamMember(ctx, \"member\", \u0026dataplex.AssetIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamMember;\nimport com.pulumi.gcp.dataplex.AssetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AssetIamMember(\"member\", AssetIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:AssetIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{name}}\n\n* {{project}}/{{location}}/{{lake}}/{{dataplex_zone}}/{{name}}\n\n* {{location}}/{{lake}}/{{dataplex_zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex asset IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamMember:AssetIamMember editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamMember:AssetIamMember editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamMember:AssetIamMember editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex Asset. Each of these resources serves a different use case:\n\n* `gcp.dataplex.AssetIamPolicy`: Authoritative. Sets the IAM policy for the asset and replaces any existing policy already attached.\n* `gcp.dataplex.AssetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the asset are preserved.\n* `gcp.dataplex.AssetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the asset are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.AssetIamPolicy`: Retrieves the IAM policy for the asset\n\n\u003e **Note:** `gcp.dataplex.AssetIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.AssetIamBinding` and `gcp.dataplex.AssetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.AssetIamBinding` resources **can be** used in conjunction with `gcp.dataplex.AssetIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.AssetIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.AssetIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.AssetIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.AssetIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAssetIamPolicy(ctx, \"policy\", \u0026dataplex.AssetIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.AssetIamPolicy;\nimport com.pulumi.gcp.dataplex.AssetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AssetIamPolicy(\"policy\", AssetIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:AssetIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AssetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.AssetIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.AssetIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.AssetIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamBinding(ctx, \"binding\", \u0026dataplex.AssetIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamBinding;\nimport com.pulumi.gcp.dataplex.AssetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AssetIamBinding(\"binding\", AssetIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:AssetIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AssetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.AssetIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.AssetIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.AssetIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamMember(ctx, \"member\", \u0026dataplex.AssetIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamMember;\nimport com.pulumi.gcp.dataplex.AssetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AssetIamMember(\"member\", AssetIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:AssetIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex Asset\nThree different resources help you manage your IAM policy for Dataplex Asset. Each of these resources serves a different use case:\n\n* `gcp.dataplex.AssetIamPolicy`: Authoritative. Sets the IAM policy for the asset and replaces any existing policy already attached.\n* `gcp.dataplex.AssetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the asset are preserved.\n* `gcp.dataplex.AssetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the asset are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.AssetIamPolicy`: Retrieves the IAM policy for the asset\n\n\u003e **Note:** `gcp.dataplex.AssetIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.AssetIamBinding` and `gcp.dataplex.AssetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.AssetIamBinding` resources **can be** used in conjunction with `gcp.dataplex.AssetIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.AssetIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.AssetIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.AssetIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.AssetIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAssetIamPolicy(ctx, \"policy\", \u0026dataplex.AssetIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.AssetIamPolicy;\nimport com.pulumi.gcp.dataplex.AssetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AssetIamPolicy(\"policy\", AssetIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:AssetIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AssetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.AssetIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.AssetIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.AssetIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamBinding(ctx, \"binding\", \u0026dataplex.AssetIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamBinding;\nimport com.pulumi.gcp.dataplex.AssetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AssetIamBinding(\"binding\", AssetIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:AssetIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AssetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.AssetIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.AssetIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.AssetIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamMember(ctx, \"member\", \u0026dataplex.AssetIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamMember;\nimport com.pulumi.gcp.dataplex.AssetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AssetIamMember(\"member\", AssetIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:AssetIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{name}}\n\n* {{project}}/{{location}}/{{lake}}/{{dataplex_zone}}/{{name}}\n\n* {{location}}/{{lake}}/{{dataplex_zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex asset IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamMember:AssetIamMember editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamMember:AssetIamMember editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamMember:AssetIamMember editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "asset": { "type": "string", @@ -195631,7 +195631,7 @@ } }, "gcp:dataplex/assetIamPolicy:AssetIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Dataplex Asset. Each of these resources serves a different use case:\n\n* `gcp.dataplex.AssetIamPolicy`: Authoritative. Sets the IAM policy for the asset and replaces any existing policy already attached.\n* `gcp.dataplex.AssetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the asset are preserved.\n* `gcp.dataplex.AssetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the asset are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.AssetIamPolicy`: Retrieves the IAM policy for the asset\n\n\u003e **Note:** `gcp.dataplex.AssetIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.AssetIamBinding` and `gcp.dataplex.AssetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.AssetIamBinding` resources **can be** used in conjunction with `gcp.dataplex.AssetIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.AssetIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.AssetIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.AssetIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.AssetIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAssetIamPolicy(ctx, \"policy\", \u0026dataplex.AssetIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.AssetIamPolicy;\nimport com.pulumi.gcp.dataplex.AssetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AssetIamPolicy(\"policy\", AssetIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:AssetIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AssetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.AssetIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.AssetIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.AssetIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamBinding(ctx, \"binding\", \u0026dataplex.AssetIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamBinding;\nimport com.pulumi.gcp.dataplex.AssetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AssetIamBinding(\"binding\", AssetIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:AssetIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AssetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.AssetIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.AssetIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.AssetIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamMember(ctx, \"member\", \u0026dataplex.AssetIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamMember;\nimport com.pulumi.gcp.dataplex.AssetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AssetIamMember(\"member\", AssetIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:AssetIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex Asset\nThree different resources help you manage your IAM policy for Dataplex Asset. Each of these resources serves a different use case:\n\n* `gcp.dataplex.AssetIamPolicy`: Authoritative. Sets the IAM policy for the asset and replaces any existing policy already attached.\n* `gcp.dataplex.AssetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the asset are preserved.\n* `gcp.dataplex.AssetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the asset are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.AssetIamPolicy`: Retrieves the IAM policy for the asset\n\n\u003e **Note:** `gcp.dataplex.AssetIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.AssetIamBinding` and `gcp.dataplex.AssetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.AssetIamBinding` resources **can be** used in conjunction with `gcp.dataplex.AssetIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.AssetIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.AssetIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.AssetIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.AssetIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAssetIamPolicy(ctx, \"policy\", \u0026dataplex.AssetIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.AssetIamPolicy;\nimport com.pulumi.gcp.dataplex.AssetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AssetIamPolicy(\"policy\", AssetIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:AssetIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AssetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.AssetIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.AssetIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.AssetIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamBinding(ctx, \"binding\", \u0026dataplex.AssetIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamBinding;\nimport com.pulumi.gcp.dataplex.AssetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AssetIamBinding(\"binding\", AssetIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:AssetIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AssetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.AssetIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.AssetIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.AssetIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamMember(ctx, \"member\", \u0026dataplex.AssetIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamMember;\nimport com.pulumi.gcp.dataplex.AssetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AssetIamMember(\"member\", AssetIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:AssetIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{name}}\n\n* {{project}}/{{location}}/{{lake}}/{{dataplex_zone}}/{{name}}\n\n* {{location}}/{{lake}}/{{dataplex_zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex asset IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamPolicy:AssetIamPolicy editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamPolicy:AssetIamPolicy editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamPolicy:AssetIamPolicy editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex Asset. Each of these resources serves a different use case:\n\n* `gcp.dataplex.AssetIamPolicy`: Authoritative. Sets the IAM policy for the asset and replaces any existing policy already attached.\n* `gcp.dataplex.AssetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the asset are preserved.\n* `gcp.dataplex.AssetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the asset are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.AssetIamPolicy`: Retrieves the IAM policy for the asset\n\n\u003e **Note:** `gcp.dataplex.AssetIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.AssetIamBinding` and `gcp.dataplex.AssetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.AssetIamBinding` resources **can be** used in conjunction with `gcp.dataplex.AssetIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.AssetIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.AssetIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.AssetIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.AssetIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAssetIamPolicy(ctx, \"policy\", \u0026dataplex.AssetIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.AssetIamPolicy;\nimport com.pulumi.gcp.dataplex.AssetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AssetIamPolicy(\"policy\", AssetIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:AssetIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AssetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.AssetIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.AssetIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.AssetIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamBinding(ctx, \"binding\", \u0026dataplex.AssetIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamBinding;\nimport com.pulumi.gcp.dataplex.AssetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AssetIamBinding(\"binding\", AssetIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:AssetIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AssetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.AssetIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.AssetIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.AssetIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamMember(ctx, \"member\", \u0026dataplex.AssetIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamMember;\nimport com.pulumi.gcp.dataplex.AssetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AssetIamMember(\"member\", AssetIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:AssetIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex Asset\nThree different resources help you manage your IAM policy for Dataplex Asset. Each of these resources serves a different use case:\n\n* `gcp.dataplex.AssetIamPolicy`: Authoritative. Sets the IAM policy for the asset and replaces any existing policy already attached.\n* `gcp.dataplex.AssetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the asset are preserved.\n* `gcp.dataplex.AssetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the asset are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.AssetIamPolicy`: Retrieves the IAM policy for the asset\n\n\u003e **Note:** `gcp.dataplex.AssetIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.AssetIamBinding` and `gcp.dataplex.AssetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.AssetIamBinding` resources **can be** used in conjunction with `gcp.dataplex.AssetIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.AssetIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.AssetIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.AssetIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.AssetIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAssetIamPolicy(ctx, \"policy\", \u0026dataplex.AssetIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.AssetIamPolicy;\nimport com.pulumi.gcp.dataplex.AssetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AssetIamPolicy(\"policy\", AssetIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:AssetIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AssetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.AssetIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.AssetIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.AssetIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamBinding(ctx, \"binding\", \u0026dataplex.AssetIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamBinding;\nimport com.pulumi.gcp.dataplex.AssetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AssetIamBinding(\"binding\", AssetIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:AssetIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.AssetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.AssetIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.AssetIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.AssetIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamMember(ctx, \"member\", \u0026dataplex.AssetIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamMember;\nimport com.pulumi.gcp.dataplex.AssetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AssetIamMember(\"member\", AssetIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:AssetIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{name}}\n\n* {{project}}/{{location}}/{{lake}}/{{dataplex_zone}}/{{name}}\n\n* {{location}}/{{lake}}/{{dataplex_zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex asset IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamPolicy:AssetIamPolicy editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamPolicy:AssetIamPolicy editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamPolicy:AssetIamPolicy editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "asset": { "type": "string", @@ -195740,7 +195740,7 @@ } }, "gcp:dataplex/datascan:Datascan": { - "description": "Represents a user-visible job which provides the insights for the related data source.\n\n\nTo get more information about Datascan, see:\n\n* [API documentation](https://cloud.google.com/dataplex/docs/reference/rest)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/dataplex/docs)\n\n## Example Usage\n\n### Dataplex Datascan Basic Profile\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basicProfile = new gcp.dataplex.Datascan(\"basic_profile\", {\n location: \"us-central1\",\n dataScanId: \"dataprofile-basic\",\n data: {\n resource: \"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\",\n },\n executionSpec: {\n trigger: {\n onDemand: {},\n },\n },\n dataProfileSpec: {},\n project: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic_profile = gcp.dataplex.Datascan(\"basic_profile\",\n location=\"us-central1\",\n data_scan_id=\"dataprofile-basic\",\n data={\n \"resource\": \"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\",\n },\n execution_spec={\n \"trigger\": {\n \"on_demand\": {},\n },\n },\n data_profile_spec={},\n project=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basicProfile = new Gcp.DataPlex.Datascan(\"basic_profile\", new()\n {\n Location = \"us-central1\",\n DataScanId = \"dataprofile-basic\",\n Data = new Gcp.DataPlex.Inputs.DatascanDataArgs\n {\n Resource = \"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\",\n },\n ExecutionSpec = new Gcp.DataPlex.Inputs.DatascanExecutionSpecArgs\n {\n Trigger = new Gcp.DataPlex.Inputs.DatascanExecutionSpecTriggerArgs\n {\n OnDemand = null,\n },\n },\n DataProfileSpec = null,\n Project = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascan(ctx, \"basic_profile\", \u0026dataplex.DatascanArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDataScanId: pulumi.String(\"dataprofile-basic\"),\n\t\t\tData: \u0026dataplex.DatascanDataArgs{\n\t\t\t\tResource: pulumi.String(\"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\"),\n\t\t\t},\n\t\t\tExecutionSpec: \u0026dataplex.DatascanExecutionSpecArgs{\n\t\t\t\tTrigger: \u0026dataplex.DatascanExecutionSpecTriggerArgs{\n\t\t\t\t\tOnDemand: \u0026dataplex.DatascanExecutionSpecTriggerOnDemandArgs{},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDataProfileSpec: \u0026dataplex.DatascanDataProfileSpecArgs{},\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.Datascan;\nimport com.pulumi.gcp.dataplex.DatascanArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanDataArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanExecutionSpecArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanExecutionSpecTriggerArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanExecutionSpecTriggerOnDemandArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanDataProfileSpecArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basicProfile = new Datascan(\"basicProfile\", DatascanArgs.builder()\n .location(\"us-central1\")\n .dataScanId(\"dataprofile-basic\")\n .data(DatascanDataArgs.builder()\n .resource(\"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\")\n .build())\n .executionSpec(DatascanExecutionSpecArgs.builder()\n .trigger(DatascanExecutionSpecTriggerArgs.builder()\n .onDemand()\n .build())\n .build())\n .dataProfileSpec()\n .project(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basicProfile:\n type: gcp:dataplex:Datascan\n name: basic_profile\n properties:\n location: us-central1\n dataScanId: dataprofile-basic\n data:\n resource: //bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\n executionSpec:\n trigger:\n onDemand: {}\n dataProfileSpec: {}\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dataplex Datascan Full Profile\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst source = new gcp.bigquery.Dataset(\"source\", {\n datasetId: \"dataplex_dataset\",\n friendlyName: \"test\",\n description: \"This is a test description\",\n location: \"US\",\n deleteContentsOnDestroy: true,\n});\nconst fullProfile = new gcp.dataplex.Datascan(\"full_profile\", {\n location: \"us-central1\",\n displayName: \"Full Datascan Profile\",\n dataScanId: \"dataprofile-full\",\n description: \"Example resource - Full Datascan Profile\",\n labels: {\n author: \"billing\",\n },\n data: {\n resource: \"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\",\n },\n executionSpec: {\n trigger: {\n schedule: {\n cron: \"TZ=America/New_York 1 1 * * *\",\n },\n },\n },\n dataProfileSpec: {\n samplingPercent: 80,\n rowFilter: \"word_count \u003e 10\",\n includeFields: {\n fieldNames: [\"word_count\"],\n },\n excludeFields: {\n fieldNames: [\"property_type\"],\n },\n postScanActions: {\n bigqueryExport: {\n resultsTable: \"//bigquery.googleapis.com/projects/my-project-name/datasets/dataplex_dataset/tables/profile_export\",\n },\n },\n },\n project: \"my-project-name\",\n}, {\n dependsOn: [source],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsource = gcp.bigquery.Dataset(\"source\",\n dataset_id=\"dataplex_dataset\",\n friendly_name=\"test\",\n description=\"This is a test description\",\n location=\"US\",\n delete_contents_on_destroy=True)\nfull_profile = gcp.dataplex.Datascan(\"full_profile\",\n location=\"us-central1\",\n display_name=\"Full Datascan Profile\",\n data_scan_id=\"dataprofile-full\",\n description=\"Example resource - Full Datascan Profile\",\n labels={\n \"author\": \"billing\",\n },\n data={\n \"resource\": \"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\",\n },\n execution_spec={\n \"trigger\": {\n \"schedule\": {\n \"cron\": \"TZ=America/New_York 1 1 * * *\",\n },\n },\n },\n data_profile_spec={\n \"sampling_percent\": 80,\n \"row_filter\": \"word_count \u003e 10\",\n \"include_fields\": {\n \"field_names\": [\"word_count\"],\n },\n \"exclude_fields\": {\n \"field_names\": [\"property_type\"],\n },\n \"post_scan_actions\": {\n \"bigquery_export\": {\n \"results_table\": \"//bigquery.googleapis.com/projects/my-project-name/datasets/dataplex_dataset/tables/profile_export\",\n },\n },\n },\n project=\"my-project-name\",\n opts = pulumi.ResourceOptions(depends_on=[source]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var source = new Gcp.BigQuery.Dataset(\"source\", new()\n {\n DatasetId = \"dataplex_dataset\",\n FriendlyName = \"test\",\n Description = \"This is a test description\",\n Location = \"US\",\n DeleteContentsOnDestroy = true,\n });\n\n var fullProfile = new Gcp.DataPlex.Datascan(\"full_profile\", new()\n {\n Location = \"us-central1\",\n DisplayName = \"Full Datascan Profile\",\n DataScanId = \"dataprofile-full\",\n Description = \"Example resource - Full Datascan Profile\",\n Labels = \n {\n { \"author\", \"billing\" },\n },\n Data = new Gcp.DataPlex.Inputs.DatascanDataArgs\n {\n Resource = \"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\",\n },\n ExecutionSpec = new Gcp.DataPlex.Inputs.DatascanExecutionSpecArgs\n {\n Trigger = new Gcp.DataPlex.Inputs.DatascanExecutionSpecTriggerArgs\n {\n Schedule = new Gcp.DataPlex.Inputs.DatascanExecutionSpecTriggerScheduleArgs\n {\n Cron = \"TZ=America/New_York 1 1 * * *\",\n },\n },\n },\n DataProfileSpec = new Gcp.DataPlex.Inputs.DatascanDataProfileSpecArgs\n {\n SamplingPercent = 80,\n RowFilter = \"word_count \u003e 10\",\n IncludeFields = new Gcp.DataPlex.Inputs.DatascanDataProfileSpecIncludeFieldsArgs\n {\n FieldNames = new[]\n {\n \"word_count\",\n },\n },\n ExcludeFields = new Gcp.DataPlex.Inputs.DatascanDataProfileSpecExcludeFieldsArgs\n {\n FieldNames = new[]\n {\n \"property_type\",\n },\n },\n PostScanActions = new Gcp.DataPlex.Inputs.DatascanDataProfileSpecPostScanActionsArgs\n {\n BigqueryExport = new Gcp.DataPlex.Inputs.DatascanDataProfileSpecPostScanActionsBigqueryExportArgs\n {\n ResultsTable = \"//bigquery.googleapis.com/projects/my-project-name/datasets/dataplex_dataset/tables/profile_export\",\n },\n },\n },\n Project = \"my-project-name\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n source,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsource, err := bigquery.NewDataset(ctx, \"source\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"dataplex_dataset\"),\n\t\t\tFriendlyName: pulumi.String(\"test\"),\n\t\t\tDescription: pulumi.String(\"This is a test description\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tDeleteContentsOnDestroy: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewDatascan(ctx, \"full_profile\", \u0026dataplex.DatascanArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDisplayName: pulumi.String(\"Full Datascan Profile\"),\n\t\t\tDataScanId: pulumi.String(\"dataprofile-full\"),\n\t\t\tDescription: pulumi.String(\"Example resource - Full Datascan Profile\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"author\": pulumi.String(\"billing\"),\n\t\t\t},\n\t\t\tData: \u0026dataplex.DatascanDataArgs{\n\t\t\t\tResource: pulumi.String(\"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\"),\n\t\t\t},\n\t\t\tExecutionSpec: \u0026dataplex.DatascanExecutionSpecArgs{\n\t\t\t\tTrigger: \u0026dataplex.DatascanExecutionSpecTriggerArgs{\n\t\t\t\t\tSchedule: \u0026dataplex.DatascanExecutionSpecTriggerScheduleArgs{\n\t\t\t\t\t\tCron: pulumi.String(\"TZ=America/New_York 1 1 * * *\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDataProfileSpec: \u0026dataplex.DatascanDataProfileSpecArgs{\n\t\t\t\tSamplingPercent: pulumi.Float64(80),\n\t\t\t\tRowFilter: pulumi.String(\"word_count \u003e 10\"),\n\t\t\t\tIncludeFields: \u0026dataplex.DatascanDataProfileSpecIncludeFieldsArgs{\n\t\t\t\t\tFieldNames: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"word_count\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tExcludeFields: \u0026dataplex.DatascanDataProfileSpecExcludeFieldsArgs{\n\t\t\t\t\tFieldNames: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"property_type\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tPostScanActions: \u0026dataplex.DatascanDataProfileSpecPostScanActionsArgs{\n\t\t\t\t\tBigqueryExport: \u0026dataplex.DatascanDataProfileSpecPostScanActionsBigqueryExportArgs{\n\t\t\t\t\t\tResultsTable: pulumi.String(\"//bigquery.googleapis.com/projects/my-project-name/datasets/dataplex_dataset/tables/profile_export\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsource,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.dataplex.Datascan;\nimport com.pulumi.gcp.dataplex.DatascanArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanDataArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanExecutionSpecArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanExecutionSpecTriggerArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanExecutionSpecTriggerScheduleArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanDataProfileSpecArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanDataProfileSpecIncludeFieldsArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanDataProfileSpecExcludeFieldsArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanDataProfileSpecPostScanActionsArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanDataProfileSpecPostScanActionsBigqueryExportArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var source = new Dataset(\"source\", DatasetArgs.builder()\n .datasetId(\"dataplex_dataset\")\n .friendlyName(\"test\")\n .description(\"This is a test description\")\n .location(\"US\")\n .deleteContentsOnDestroy(true)\n .build());\n\n var fullProfile = new Datascan(\"fullProfile\", DatascanArgs.builder()\n .location(\"us-central1\")\n .displayName(\"Full Datascan Profile\")\n .dataScanId(\"dataprofile-full\")\n .description(\"Example resource - Full Datascan Profile\")\n .labels(Map.of(\"author\", \"billing\"))\n .data(DatascanDataArgs.builder()\n .resource(\"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\")\n .build())\n .executionSpec(DatascanExecutionSpecArgs.builder()\n .trigger(DatascanExecutionSpecTriggerArgs.builder()\n .schedule(DatascanExecutionSpecTriggerScheduleArgs.builder()\n .cron(\"TZ=America/New_York 1 1 * * *\")\n .build())\n .build())\n .build())\n .dataProfileSpec(DatascanDataProfileSpecArgs.builder()\n .samplingPercent(80)\n .rowFilter(\"word_count \u003e 10\")\n .includeFields(DatascanDataProfileSpecIncludeFieldsArgs.builder()\n .fieldNames(\"word_count\")\n .build())\n .excludeFields(DatascanDataProfileSpecExcludeFieldsArgs.builder()\n .fieldNames(\"property_type\")\n .build())\n .postScanActions(DatascanDataProfileSpecPostScanActionsArgs.builder()\n .bigqueryExport(DatascanDataProfileSpecPostScanActionsBigqueryExportArgs.builder()\n .resultsTable(\"//bigquery.googleapis.com/projects/my-project-name/datasets/dataplex_dataset/tables/profile_export\")\n .build())\n .build())\n .build())\n .project(\"my-project-name\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(source)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fullProfile:\n type: gcp:dataplex:Datascan\n name: full_profile\n properties:\n location: us-central1\n displayName: Full Datascan Profile\n dataScanId: dataprofile-full\n description: Example resource - Full Datascan Profile\n labels:\n author: billing\n data:\n resource: //bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\n executionSpec:\n trigger:\n schedule:\n cron: TZ=America/New_York 1 1 * * *\n dataProfileSpec:\n samplingPercent: 80\n rowFilter: word_count \u003e 10\n includeFields:\n fieldNames:\n - word_count\n excludeFields:\n fieldNames:\n - property_type\n postScanActions:\n bigqueryExport:\n resultsTable: //bigquery.googleapis.com/projects/my-project-name/datasets/dataplex_dataset/tables/profile_export\n project: my-project-name\n options:\n dependson:\n - ${source}\n source:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: dataplex_dataset\n friendlyName: test\n description: This is a test description\n location: US\n deleteContentsOnDestroy: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dataplex Datascan Basic Quality\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basicQuality = new gcp.dataplex.Datascan(\"basic_quality\", {\n location: \"us-central1\",\n dataScanId: \"dataquality-basic\",\n data: {\n resource: \"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\",\n },\n executionSpec: {\n trigger: {\n onDemand: {},\n },\n },\n dataQualitySpec: {\n rules: [{\n dimension: \"VALIDITY\",\n name: \"rule1\",\n description: \"rule 1 for validity dimension\",\n tableConditionExpectation: {\n sqlExpression: \"COUNT(*) \u003e 0\",\n },\n }],\n },\n project: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic_quality = gcp.dataplex.Datascan(\"basic_quality\",\n location=\"us-central1\",\n data_scan_id=\"dataquality-basic\",\n data={\n \"resource\": \"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\",\n },\n execution_spec={\n \"trigger\": {\n \"on_demand\": {},\n },\n },\n data_quality_spec={\n \"rules\": [{\n \"dimension\": \"VALIDITY\",\n \"name\": \"rule1\",\n \"description\": \"rule 1 for validity dimension\",\n \"table_condition_expectation\": {\n \"sql_expression\": \"COUNT(*) \u003e 0\",\n },\n }],\n },\n project=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basicQuality = new Gcp.DataPlex.Datascan(\"basic_quality\", new()\n {\n Location = \"us-central1\",\n DataScanId = \"dataquality-basic\",\n Data = new Gcp.DataPlex.Inputs.DatascanDataArgs\n {\n Resource = \"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\",\n },\n ExecutionSpec = new Gcp.DataPlex.Inputs.DatascanExecutionSpecArgs\n {\n Trigger = new Gcp.DataPlex.Inputs.DatascanExecutionSpecTriggerArgs\n {\n OnDemand = null,\n },\n },\n DataQualitySpec = new Gcp.DataPlex.Inputs.DatascanDataQualitySpecArgs\n {\n Rules = new[]\n {\n new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleArgs\n {\n Dimension = \"VALIDITY\",\n Name = \"rule1\",\n Description = \"rule 1 for validity dimension\",\n TableConditionExpectation = new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleTableConditionExpectationArgs\n {\n SqlExpression = \"COUNT(*) \u003e 0\",\n },\n },\n },\n },\n Project = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascan(ctx, \"basic_quality\", \u0026dataplex.DatascanArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDataScanId: pulumi.String(\"dataquality-basic\"),\n\t\t\tData: \u0026dataplex.DatascanDataArgs{\n\t\t\t\tResource: pulumi.String(\"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\"),\n\t\t\t},\n\t\t\tExecutionSpec: \u0026dataplex.DatascanExecutionSpecArgs{\n\t\t\t\tTrigger: \u0026dataplex.DatascanExecutionSpecTriggerArgs{\n\t\t\t\t\tOnDemand: \u0026dataplex.DatascanExecutionSpecTriggerOnDemandArgs{},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDataQualitySpec: \u0026dataplex.DatascanDataQualitySpecArgs{\n\t\t\t\tRules: dataplex.DatascanDataQualitySpecRuleArray{\n\t\t\t\t\t\u0026dataplex.DatascanDataQualitySpecRuleArgs{\n\t\t\t\t\t\tDimension: pulumi.String(\"VALIDITY\"),\n\t\t\t\t\t\tName: pulumi.String(\"rule1\"),\n\t\t\t\t\t\tDescription: pulumi.String(\"rule 1 for validity dimension\"),\n\t\t\t\t\t\tTableConditionExpectation: \u0026dataplex.DatascanDataQualitySpecRuleTableConditionExpectationArgs{\n\t\t\t\t\t\t\tSqlExpression: pulumi.String(\"COUNT(*) \u003e 0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.Datascan;\nimport com.pulumi.gcp.dataplex.DatascanArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanDataArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanExecutionSpecArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanExecutionSpecTriggerArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanExecutionSpecTriggerOnDemandArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanDataQualitySpecArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basicQuality = new Datascan(\"basicQuality\", DatascanArgs.builder()\n .location(\"us-central1\")\n .dataScanId(\"dataquality-basic\")\n .data(DatascanDataArgs.builder()\n .resource(\"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\")\n .build())\n .executionSpec(DatascanExecutionSpecArgs.builder()\n .trigger(DatascanExecutionSpecTriggerArgs.builder()\n .onDemand()\n .build())\n .build())\n .dataQualitySpec(DatascanDataQualitySpecArgs.builder()\n .rules(DatascanDataQualitySpecRuleArgs.builder()\n .dimension(\"VALIDITY\")\n .name(\"rule1\")\n .description(\"rule 1 for validity dimension\")\n .tableConditionExpectation(DatascanDataQualitySpecRuleTableConditionExpectationArgs.builder()\n .sqlExpression(\"COUNT(*) \u003e 0\")\n .build())\n .build())\n .build())\n .project(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basicQuality:\n type: gcp:dataplex:Datascan\n name: basic_quality\n properties:\n location: us-central1\n dataScanId: dataquality-basic\n data:\n resource: //bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\n executionSpec:\n trigger:\n onDemand: {}\n dataQualitySpec:\n rules:\n - dimension: VALIDITY\n name: rule1\n description: rule 1 for validity dimension\n tableConditionExpectation:\n sqlExpression: COUNT(*) \u003e 0\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dataplex Datascan Full Quality\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fullQuality = new gcp.dataplex.Datascan(\"full_quality\", {\n location: \"us-central1\",\n displayName: \"Full Datascan Quality\",\n dataScanId: \"dataquality-full\",\n description: \"Example resource - Full Datascan Quality\",\n labels: {\n author: \"billing\",\n },\n data: {\n resource: \"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/austin_bikeshare/tables/bikeshare_stations\",\n },\n executionSpec: {\n trigger: {\n schedule: {\n cron: \"TZ=America/New_York 1 1 * * *\",\n },\n },\n field: \"modified_date\",\n },\n dataQualitySpec: {\n samplingPercent: 5,\n rowFilter: \"station_id \u003e 1000\",\n rules: [\n {\n column: \"address\",\n dimension: \"VALIDITY\",\n threshold: 0.99,\n nonNullExpectation: {},\n },\n {\n column: \"council_district\",\n dimension: \"VALIDITY\",\n ignoreNull: true,\n threshold: 0.9,\n rangeExpectation: {\n minValue: \"1\",\n maxValue: \"10\",\n strictMinEnabled: true,\n strictMaxEnabled: false,\n },\n },\n {\n column: \"power_type\",\n dimension: \"VALIDITY\",\n ignoreNull: false,\n regexExpectation: {\n regex: \".*solar.*\",\n },\n },\n {\n column: \"property_type\",\n dimension: \"VALIDITY\",\n ignoreNull: false,\n setExpectation: {\n values: [\n \"sidewalk\",\n \"parkland\",\n ],\n },\n },\n {\n column: \"address\",\n dimension: \"UNIQUENESS\",\n uniquenessExpectation: {},\n },\n {\n column: \"number_of_docks\",\n dimension: \"VALIDITY\",\n statisticRangeExpectation: {\n statistic: \"MEAN\",\n minValue: \"5\",\n maxValue: \"15\",\n strictMinEnabled: true,\n strictMaxEnabled: true,\n },\n },\n {\n column: \"footprint_length\",\n dimension: \"VALIDITY\",\n rowConditionExpectation: {\n sqlExpression: \"footprint_length \u003e 0 AND footprint_length \u003c= 10\",\n },\n },\n {\n dimension: \"VALIDITY\",\n tableConditionExpectation: {\n sqlExpression: \"COUNT(*) \u003e 0\",\n },\n },\n {\n dimension: \"VALIDITY\",\n sqlAssertion: {\n sqlStatement: \"select * from bigquery-public-data.austin_bikeshare.bikeshare_stations where station_id is null\",\n },\n },\n ],\n },\n project: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfull_quality = gcp.dataplex.Datascan(\"full_quality\",\n location=\"us-central1\",\n display_name=\"Full Datascan Quality\",\n data_scan_id=\"dataquality-full\",\n description=\"Example resource - Full Datascan Quality\",\n labels={\n \"author\": \"billing\",\n },\n data={\n \"resource\": \"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/austin_bikeshare/tables/bikeshare_stations\",\n },\n execution_spec={\n \"trigger\": {\n \"schedule\": {\n \"cron\": \"TZ=America/New_York 1 1 * * *\",\n },\n },\n \"field\": \"modified_date\",\n },\n data_quality_spec={\n \"sampling_percent\": 5,\n \"row_filter\": \"station_id \u003e 1000\",\n \"rules\": [\n {\n \"column\": \"address\",\n \"dimension\": \"VALIDITY\",\n \"threshold\": 0.99,\n \"non_null_expectation\": {},\n },\n {\n \"column\": \"council_district\",\n \"dimension\": \"VALIDITY\",\n \"ignore_null\": True,\n \"threshold\": 0.9,\n \"range_expectation\": {\n \"min_value\": \"1\",\n \"max_value\": \"10\",\n \"strict_min_enabled\": True,\n \"strict_max_enabled\": False,\n },\n },\n {\n \"column\": \"power_type\",\n \"dimension\": \"VALIDITY\",\n \"ignore_null\": False,\n \"regex_expectation\": {\n \"regex\": \".*solar.*\",\n },\n },\n {\n \"column\": \"property_type\",\n \"dimension\": \"VALIDITY\",\n \"ignore_null\": False,\n \"set_expectation\": {\n \"values\": [\n \"sidewalk\",\n \"parkland\",\n ],\n },\n },\n {\n \"column\": \"address\",\n \"dimension\": \"UNIQUENESS\",\n \"uniqueness_expectation\": {},\n },\n {\n \"column\": \"number_of_docks\",\n \"dimension\": \"VALIDITY\",\n \"statistic_range_expectation\": {\n \"statistic\": \"MEAN\",\n \"min_value\": \"5\",\n \"max_value\": \"15\",\n \"strict_min_enabled\": True,\n \"strict_max_enabled\": True,\n },\n },\n {\n \"column\": \"footprint_length\",\n \"dimension\": \"VALIDITY\",\n \"row_condition_expectation\": {\n \"sql_expression\": \"footprint_length \u003e 0 AND footprint_length \u003c= 10\",\n },\n },\n {\n \"dimension\": \"VALIDITY\",\n \"table_condition_expectation\": {\n \"sql_expression\": \"COUNT(*) \u003e 0\",\n },\n },\n {\n \"dimension\": \"VALIDITY\",\n \"sql_assertion\": {\n \"sql_statement\": \"select * from bigquery-public-data.austin_bikeshare.bikeshare_stations where station_id is null\",\n },\n },\n ],\n },\n project=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fullQuality = new Gcp.DataPlex.Datascan(\"full_quality\", new()\n {\n Location = \"us-central1\",\n DisplayName = \"Full Datascan Quality\",\n DataScanId = \"dataquality-full\",\n Description = \"Example resource - Full Datascan Quality\",\n Labels = \n {\n { \"author\", \"billing\" },\n },\n Data = new Gcp.DataPlex.Inputs.DatascanDataArgs\n {\n Resource = \"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/austin_bikeshare/tables/bikeshare_stations\",\n },\n ExecutionSpec = new Gcp.DataPlex.Inputs.DatascanExecutionSpecArgs\n {\n Trigger = new Gcp.DataPlex.Inputs.DatascanExecutionSpecTriggerArgs\n {\n Schedule = new Gcp.DataPlex.Inputs.DatascanExecutionSpecTriggerScheduleArgs\n {\n Cron = \"TZ=America/New_York 1 1 * * *\",\n },\n },\n Field = \"modified_date\",\n },\n DataQualitySpec = new Gcp.DataPlex.Inputs.DatascanDataQualitySpecArgs\n {\n SamplingPercent = 5,\n RowFilter = \"station_id \u003e 1000\",\n Rules = new[]\n {\n new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleArgs\n {\n Column = \"address\",\n Dimension = \"VALIDITY\",\n Threshold = 0.99,\n NonNullExpectation = null,\n },\n new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleArgs\n {\n Column = \"council_district\",\n Dimension = \"VALIDITY\",\n IgnoreNull = true,\n Threshold = 0.9,\n RangeExpectation = new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleRangeExpectationArgs\n {\n MinValue = \"1\",\n MaxValue = \"10\",\n StrictMinEnabled = true,\n StrictMaxEnabled = false,\n },\n },\n new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleArgs\n {\n Column = \"power_type\",\n Dimension = \"VALIDITY\",\n IgnoreNull = false,\n RegexExpectation = new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleRegexExpectationArgs\n {\n Regex = \".*solar.*\",\n },\n },\n new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleArgs\n {\n Column = \"property_type\",\n Dimension = \"VALIDITY\",\n IgnoreNull = false,\n SetExpectation = new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleSetExpectationArgs\n {\n Values = new[]\n {\n \"sidewalk\",\n \"parkland\",\n },\n },\n },\n new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleArgs\n {\n Column = \"address\",\n Dimension = \"UNIQUENESS\",\n UniquenessExpectation = null,\n },\n new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleArgs\n {\n Column = \"number_of_docks\",\n Dimension = \"VALIDITY\",\n StatisticRangeExpectation = new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleStatisticRangeExpectationArgs\n {\n Statistic = \"MEAN\",\n MinValue = \"5\",\n MaxValue = \"15\",\n StrictMinEnabled = true,\n StrictMaxEnabled = true,\n },\n },\n new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleArgs\n {\n Column = \"footprint_length\",\n Dimension = \"VALIDITY\",\n RowConditionExpectation = new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleRowConditionExpectationArgs\n {\n SqlExpression = \"footprint_length \u003e 0 AND footprint_length \u003c= 10\",\n },\n },\n new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleArgs\n {\n Dimension = \"VALIDITY\",\n TableConditionExpectation = new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleTableConditionExpectationArgs\n {\n SqlExpression = \"COUNT(*) \u003e 0\",\n },\n },\n new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleArgs\n {\n Dimension = \"VALIDITY\",\n SqlAssertion = new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleSqlAssertionArgs\n {\n SqlStatement = \"select * from bigquery-public-data.austin_bikeshare.bikeshare_stations where station_id is null\",\n },\n },\n },\n },\n Project = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascan(ctx, \"full_quality\", \u0026dataplex.DatascanArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDisplayName: pulumi.String(\"Full Datascan Quality\"),\n\t\t\tDataScanId: pulumi.String(\"dataquality-full\"),\n\t\t\tDescription: pulumi.String(\"Example resource - Full Datascan Quality\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"author\": pulumi.String(\"billing\"),\n\t\t\t},\n\t\t\tData: \u0026dataplex.DatascanDataArgs{\n\t\t\t\tResource: pulumi.String(\"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/austin_bikeshare/tables/bikeshare_stations\"),\n\t\t\t},\n\t\t\tExecutionSpec: \u0026dataplex.DatascanExecutionSpecArgs{\n\t\t\t\tTrigger: \u0026dataplex.DatascanExecutionSpecTriggerArgs{\n\t\t\t\t\tSchedule: \u0026dataplex.DatascanExecutionSpecTriggerScheduleArgs{\n\t\t\t\t\t\tCron: pulumi.String(\"TZ=America/New_York 1 1 * * *\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tField: pulumi.String(\"modified_date\"),\n\t\t\t},\n\t\t\tDataQualitySpec: \u0026dataplex.DatascanDataQualitySpecArgs{\n\t\t\t\tSamplingPercent: pulumi.Float64(5),\n\t\t\t\tRowFilter: pulumi.String(\"station_id \u003e 1000\"),\n\t\t\t\tRules: dataplex.DatascanDataQualitySpecRuleArray{\n\t\t\t\t\t\u0026dataplex.DatascanDataQualitySpecRuleArgs{\n\t\t\t\t\t\tColumn: pulumi.String(\"address\"),\n\t\t\t\t\t\tDimension: pulumi.String(\"VALIDITY\"),\n\t\t\t\t\t\tThreshold: pulumi.Float64(0.99),\n\t\t\t\t\t\tNonNullExpectation: \u0026dataplex.DatascanDataQualitySpecRuleNonNullExpectationArgs{},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026dataplex.DatascanDataQualitySpecRuleArgs{\n\t\t\t\t\t\tColumn: pulumi.String(\"council_district\"),\n\t\t\t\t\t\tDimension: pulumi.String(\"VALIDITY\"),\n\t\t\t\t\t\tIgnoreNull: pulumi.Bool(true),\n\t\t\t\t\t\tThreshold: pulumi.Float64(0.9),\n\t\t\t\t\t\tRangeExpectation: \u0026dataplex.DatascanDataQualitySpecRuleRangeExpectationArgs{\n\t\t\t\t\t\t\tMinValue: pulumi.String(\"1\"),\n\t\t\t\t\t\t\tMaxValue: pulumi.String(\"10\"),\n\t\t\t\t\t\t\tStrictMinEnabled: pulumi.Bool(true),\n\t\t\t\t\t\t\tStrictMaxEnabled: pulumi.Bool(false),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026dataplex.DatascanDataQualitySpecRuleArgs{\n\t\t\t\t\t\tColumn: pulumi.String(\"power_type\"),\n\t\t\t\t\t\tDimension: pulumi.String(\"VALIDITY\"),\n\t\t\t\t\t\tIgnoreNull: pulumi.Bool(false),\n\t\t\t\t\t\tRegexExpectation: \u0026dataplex.DatascanDataQualitySpecRuleRegexExpectationArgs{\n\t\t\t\t\t\t\tRegex: pulumi.String(\".*solar.*\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026dataplex.DatascanDataQualitySpecRuleArgs{\n\t\t\t\t\t\tColumn: pulumi.String(\"property_type\"),\n\t\t\t\t\t\tDimension: pulumi.String(\"VALIDITY\"),\n\t\t\t\t\t\tIgnoreNull: pulumi.Bool(false),\n\t\t\t\t\t\tSetExpectation: \u0026dataplex.DatascanDataQualitySpecRuleSetExpectationArgs{\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"sidewalk\"),\n\t\t\t\t\t\t\t\tpulumi.String(\"parkland\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026dataplex.DatascanDataQualitySpecRuleArgs{\n\t\t\t\t\t\tColumn: pulumi.String(\"address\"),\n\t\t\t\t\t\tDimension: pulumi.String(\"UNIQUENESS\"),\n\t\t\t\t\t\tUniquenessExpectation: \u0026dataplex.DatascanDataQualitySpecRuleUniquenessExpectationArgs{},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026dataplex.DatascanDataQualitySpecRuleArgs{\n\t\t\t\t\t\tColumn: pulumi.String(\"number_of_docks\"),\n\t\t\t\t\t\tDimension: pulumi.String(\"VALIDITY\"),\n\t\t\t\t\t\tStatisticRangeExpectation: \u0026dataplex.DatascanDataQualitySpecRuleStatisticRangeExpectationArgs{\n\t\t\t\t\t\t\tStatistic: pulumi.String(\"MEAN\"),\n\t\t\t\t\t\t\tMinValue: pulumi.String(\"5\"),\n\t\t\t\t\t\t\tMaxValue: pulumi.String(\"15\"),\n\t\t\t\t\t\t\tStrictMinEnabled: pulumi.Bool(true),\n\t\t\t\t\t\t\tStrictMaxEnabled: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026dataplex.DatascanDataQualitySpecRuleArgs{\n\t\t\t\t\t\tColumn: pulumi.String(\"footprint_length\"),\n\t\t\t\t\t\tDimension: pulumi.String(\"VALIDITY\"),\n\t\t\t\t\t\tRowConditionExpectation: \u0026dataplex.DatascanDataQualitySpecRuleRowConditionExpectationArgs{\n\t\t\t\t\t\t\tSqlExpression: pulumi.String(\"footprint_length \u003e 0 AND footprint_length \u003c= 10\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026dataplex.DatascanDataQualitySpecRuleArgs{\n\t\t\t\t\t\tDimension: pulumi.String(\"VALIDITY\"),\n\t\t\t\t\t\tTableConditionExpectation: \u0026dataplex.DatascanDataQualitySpecRuleTableConditionExpectationArgs{\n\t\t\t\t\t\t\tSqlExpression: pulumi.String(\"COUNT(*) \u003e 0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026dataplex.DatascanDataQualitySpecRuleArgs{\n\t\t\t\t\t\tDimension: pulumi.String(\"VALIDITY\"),\n\t\t\t\t\t\tSqlAssertion: \u0026dataplex.DatascanDataQualitySpecRuleSqlAssertionArgs{\n\t\t\t\t\t\t\tSqlStatement: pulumi.String(\"select * from bigquery-public-data.austin_bikeshare.bikeshare_stations where station_id is null\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.Datascan;\nimport com.pulumi.gcp.dataplex.DatascanArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanDataArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanExecutionSpecArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanExecutionSpecTriggerArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanExecutionSpecTriggerScheduleArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanDataQualitySpecArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fullQuality = new Datascan(\"fullQuality\", DatascanArgs.builder()\n .location(\"us-central1\")\n .displayName(\"Full Datascan Quality\")\n .dataScanId(\"dataquality-full\")\n .description(\"Example resource - Full Datascan Quality\")\n .labels(Map.of(\"author\", \"billing\"))\n .data(DatascanDataArgs.builder()\n .resource(\"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/austin_bikeshare/tables/bikeshare_stations\")\n .build())\n .executionSpec(DatascanExecutionSpecArgs.builder()\n .trigger(DatascanExecutionSpecTriggerArgs.builder()\n .schedule(DatascanExecutionSpecTriggerScheduleArgs.builder()\n .cron(\"TZ=America/New_York 1 1 * * *\")\n .build())\n .build())\n .field(\"modified_date\")\n .build())\n .dataQualitySpec(DatascanDataQualitySpecArgs.builder()\n .samplingPercent(5)\n .rowFilter(\"station_id \u003e 1000\")\n .rules( \n DatascanDataQualitySpecRuleArgs.builder()\n .column(\"address\")\n .dimension(\"VALIDITY\")\n .threshold(0.99)\n .nonNullExpectation()\n .build(),\n DatascanDataQualitySpecRuleArgs.builder()\n .column(\"council_district\")\n .dimension(\"VALIDITY\")\n .ignoreNull(true)\n .threshold(0.9)\n .rangeExpectation(DatascanDataQualitySpecRuleRangeExpectationArgs.builder()\n .minValue(1)\n .maxValue(10)\n .strictMinEnabled(true)\n .strictMaxEnabled(false)\n .build())\n .build(),\n DatascanDataQualitySpecRuleArgs.builder()\n .column(\"power_type\")\n .dimension(\"VALIDITY\")\n .ignoreNull(false)\n .regexExpectation(DatascanDataQualitySpecRuleRegexExpectationArgs.builder()\n .regex(\".*solar.*\")\n .build())\n .build(),\n DatascanDataQualitySpecRuleArgs.builder()\n .column(\"property_type\")\n .dimension(\"VALIDITY\")\n .ignoreNull(false)\n .setExpectation(DatascanDataQualitySpecRuleSetExpectationArgs.builder()\n .values( \n \"sidewalk\",\n \"parkland\")\n .build())\n .build(),\n DatascanDataQualitySpecRuleArgs.builder()\n .column(\"address\")\n .dimension(\"UNIQUENESS\")\n .uniquenessExpectation()\n .build(),\n DatascanDataQualitySpecRuleArgs.builder()\n .column(\"number_of_docks\")\n .dimension(\"VALIDITY\")\n .statisticRangeExpectation(DatascanDataQualitySpecRuleStatisticRangeExpectationArgs.builder()\n .statistic(\"MEAN\")\n .minValue(5)\n .maxValue(15)\n .strictMinEnabled(true)\n .strictMaxEnabled(true)\n .build())\n .build(),\n DatascanDataQualitySpecRuleArgs.builder()\n .column(\"footprint_length\")\n .dimension(\"VALIDITY\")\n .rowConditionExpectation(DatascanDataQualitySpecRuleRowConditionExpectationArgs.builder()\n .sqlExpression(\"footprint_length \u003e 0 AND footprint_length \u003c= 10\")\n .build())\n .build(),\n DatascanDataQualitySpecRuleArgs.builder()\n .dimension(\"VALIDITY\")\n .tableConditionExpectation(DatascanDataQualitySpecRuleTableConditionExpectationArgs.builder()\n .sqlExpression(\"COUNT(*) \u003e 0\")\n .build())\n .build(),\n DatascanDataQualitySpecRuleArgs.builder()\n .dimension(\"VALIDITY\")\n .sqlAssertion(DatascanDataQualitySpecRuleSqlAssertionArgs.builder()\n .sqlStatement(\"select * from bigquery-public-data.austin_bikeshare.bikeshare_stations where station_id is null\")\n .build())\n .build())\n .build())\n .project(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fullQuality:\n type: gcp:dataplex:Datascan\n name: full_quality\n properties:\n location: us-central1\n displayName: Full Datascan Quality\n dataScanId: dataquality-full\n description: Example resource - Full Datascan Quality\n labels:\n author: billing\n data:\n resource: //bigquery.googleapis.com/projects/bigquery-public-data/datasets/austin_bikeshare/tables/bikeshare_stations\n executionSpec:\n trigger:\n schedule:\n cron: TZ=America/New_York 1 1 * * *\n field: modified_date\n dataQualitySpec:\n samplingPercent: 5\n rowFilter: station_id \u003e 1000\n rules:\n - column: address\n dimension: VALIDITY\n threshold: 0.99\n nonNullExpectation: {}\n - column: council_district\n dimension: VALIDITY\n ignoreNull: true\n threshold: 0.9\n rangeExpectation:\n minValue: 1\n maxValue: 10\n strictMinEnabled: true\n strictMaxEnabled: false\n - column: power_type\n dimension: VALIDITY\n ignoreNull: false\n regexExpectation:\n regex: .*solar.*\n - column: property_type\n dimension: VALIDITY\n ignoreNull: false\n setExpectation:\n values:\n - sidewalk\n - parkland\n - column: address\n dimension: UNIQUENESS\n uniquenessExpectation: {}\n - column: number_of_docks\n dimension: VALIDITY\n statisticRangeExpectation:\n statistic: MEAN\n minValue: 5\n maxValue: 15\n strictMinEnabled: true\n strictMaxEnabled: true\n - column: footprint_length\n dimension: VALIDITY\n rowConditionExpectation:\n sqlExpression: footprint_length \u003e 0 AND footprint_length \u003c= 10\n - dimension: VALIDITY\n tableConditionExpectation:\n sqlExpression: COUNT(*) \u003e 0\n - dimension: VALIDITY\n sqlAssertion:\n sqlStatement: select * from bigquery-public-data.austin_bikeshare.bikeshare_stations where station_id is null\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nDatascan can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}}`\n\n* `{{project}}/{{location}}/{{data_scan_id}}`\n\n* `{{location}}/{{data_scan_id}}`\n\n* `{{data_scan_id}}`\n\nWhen using the `pulumi import` command, Datascan can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:dataplex/datascan:Datascan default projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}}\n```\n\n```sh\n$ pulumi import gcp:dataplex/datascan:Datascan default {{project}}/{{location}}/{{data_scan_id}}\n```\n\n```sh\n$ pulumi import gcp:dataplex/datascan:Datascan default {{location}}/{{data_scan_id}}\n```\n\n```sh\n$ pulumi import gcp:dataplex/datascan:Datascan default {{data_scan_id}}\n```\n\n", + "description": "Represents a user-visible job which provides the insights for the related data source.\n\n\nTo get more information about Datascan, see:\n\n* [API documentation](https://cloud.google.com/dataplex/docs/reference/rest)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/dataplex/docs)\n\n## Example Usage\n\n### Dataplex Datascan Basic Profile\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basicProfile = new gcp.dataplex.Datascan(\"basic_profile\", {\n location: \"us-central1\",\n dataScanId: \"dataprofile-basic\",\n data: {\n resource: \"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\",\n },\n executionSpec: {\n trigger: {\n onDemand: {},\n },\n },\n dataProfileSpec: {},\n project: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic_profile = gcp.dataplex.Datascan(\"basic_profile\",\n location=\"us-central1\",\n data_scan_id=\"dataprofile-basic\",\n data={\n \"resource\": \"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\",\n },\n execution_spec={\n \"trigger\": {\n \"on_demand\": {},\n },\n },\n data_profile_spec={},\n project=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basicProfile = new Gcp.DataPlex.Datascan(\"basic_profile\", new()\n {\n Location = \"us-central1\",\n DataScanId = \"dataprofile-basic\",\n Data = new Gcp.DataPlex.Inputs.DatascanDataArgs\n {\n Resource = \"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\",\n },\n ExecutionSpec = new Gcp.DataPlex.Inputs.DatascanExecutionSpecArgs\n {\n Trigger = new Gcp.DataPlex.Inputs.DatascanExecutionSpecTriggerArgs\n {\n OnDemand = null,\n },\n },\n DataProfileSpec = null,\n Project = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascan(ctx, \"basic_profile\", \u0026dataplex.DatascanArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDataScanId: pulumi.String(\"dataprofile-basic\"),\n\t\t\tData: \u0026dataplex.DatascanDataArgs{\n\t\t\t\tResource: pulumi.String(\"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\"),\n\t\t\t},\n\t\t\tExecutionSpec: \u0026dataplex.DatascanExecutionSpecArgs{\n\t\t\t\tTrigger: \u0026dataplex.DatascanExecutionSpecTriggerArgs{\n\t\t\t\t\tOnDemand: \u0026dataplex.DatascanExecutionSpecTriggerOnDemandArgs{},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDataProfileSpec: \u0026dataplex.DatascanDataProfileSpecArgs{},\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.Datascan;\nimport com.pulumi.gcp.dataplex.DatascanArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanDataArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanExecutionSpecArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanExecutionSpecTriggerArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanExecutionSpecTriggerOnDemandArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanDataProfileSpecArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basicProfile = new Datascan(\"basicProfile\", DatascanArgs.builder()\n .location(\"us-central1\")\n .dataScanId(\"dataprofile-basic\")\n .data(DatascanDataArgs.builder()\n .resource(\"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\")\n .build())\n .executionSpec(DatascanExecutionSpecArgs.builder()\n .trigger(DatascanExecutionSpecTriggerArgs.builder()\n .onDemand()\n .build())\n .build())\n .dataProfileSpec()\n .project(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basicProfile:\n type: gcp:dataplex:Datascan\n name: basic_profile\n properties:\n location: us-central1\n dataScanId: dataprofile-basic\n data:\n resource: //bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\n executionSpec:\n trigger:\n onDemand: {}\n dataProfileSpec: {}\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dataplex Datascan Full Profile\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst source = new gcp.bigquery.Dataset(\"source\", {\n datasetId: \"dataplex_dataset\",\n friendlyName: \"test\",\n description: \"This is a test description\",\n location: \"US\",\n deleteContentsOnDestroy: true,\n});\nconst fullProfile = new gcp.dataplex.Datascan(\"full_profile\", {\n location: \"us-central1\",\n displayName: \"Full Datascan Profile\",\n dataScanId: \"dataprofile-full\",\n description: \"Example resource - Full Datascan Profile\",\n labels: {\n author: \"billing\",\n },\n data: {\n resource: \"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\",\n },\n executionSpec: {\n trigger: {\n schedule: {\n cron: \"TZ=America/New_York 1 1 * * *\",\n },\n },\n },\n dataProfileSpec: {\n samplingPercent: 80,\n rowFilter: \"word_count \u003e 10\",\n includeFields: {\n fieldNames: [\"word_count\"],\n },\n excludeFields: {\n fieldNames: [\"property_type\"],\n },\n postScanActions: {\n bigqueryExport: {\n resultsTable: \"//bigquery.googleapis.com/projects/my-project-name/datasets/dataplex_dataset/tables/profile_export\",\n },\n },\n },\n project: \"my-project-name\",\n}, {\n dependsOn: [source],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsource = gcp.bigquery.Dataset(\"source\",\n dataset_id=\"dataplex_dataset\",\n friendly_name=\"test\",\n description=\"This is a test description\",\n location=\"US\",\n delete_contents_on_destroy=True)\nfull_profile = gcp.dataplex.Datascan(\"full_profile\",\n location=\"us-central1\",\n display_name=\"Full Datascan Profile\",\n data_scan_id=\"dataprofile-full\",\n description=\"Example resource - Full Datascan Profile\",\n labels={\n \"author\": \"billing\",\n },\n data={\n \"resource\": \"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\",\n },\n execution_spec={\n \"trigger\": {\n \"schedule\": {\n \"cron\": \"TZ=America/New_York 1 1 * * *\",\n },\n },\n },\n data_profile_spec={\n \"sampling_percent\": 80,\n \"row_filter\": \"word_count \u003e 10\",\n \"include_fields\": {\n \"field_names\": [\"word_count\"],\n },\n \"exclude_fields\": {\n \"field_names\": [\"property_type\"],\n },\n \"post_scan_actions\": {\n \"bigquery_export\": {\n \"results_table\": \"//bigquery.googleapis.com/projects/my-project-name/datasets/dataplex_dataset/tables/profile_export\",\n },\n },\n },\n project=\"my-project-name\",\n opts = pulumi.ResourceOptions(depends_on=[source]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var source = new Gcp.BigQuery.Dataset(\"source\", new()\n {\n DatasetId = \"dataplex_dataset\",\n FriendlyName = \"test\",\n Description = \"This is a test description\",\n Location = \"US\",\n DeleteContentsOnDestroy = true,\n });\n\n var fullProfile = new Gcp.DataPlex.Datascan(\"full_profile\", new()\n {\n Location = \"us-central1\",\n DisplayName = \"Full Datascan Profile\",\n DataScanId = \"dataprofile-full\",\n Description = \"Example resource - Full Datascan Profile\",\n Labels = \n {\n { \"author\", \"billing\" },\n },\n Data = new Gcp.DataPlex.Inputs.DatascanDataArgs\n {\n Resource = \"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\",\n },\n ExecutionSpec = new Gcp.DataPlex.Inputs.DatascanExecutionSpecArgs\n {\n Trigger = new Gcp.DataPlex.Inputs.DatascanExecutionSpecTriggerArgs\n {\n Schedule = new Gcp.DataPlex.Inputs.DatascanExecutionSpecTriggerScheduleArgs\n {\n Cron = \"TZ=America/New_York 1 1 * * *\",\n },\n },\n },\n DataProfileSpec = new Gcp.DataPlex.Inputs.DatascanDataProfileSpecArgs\n {\n SamplingPercent = 80,\n RowFilter = \"word_count \u003e 10\",\n IncludeFields = new Gcp.DataPlex.Inputs.DatascanDataProfileSpecIncludeFieldsArgs\n {\n FieldNames = new[]\n {\n \"word_count\",\n },\n },\n ExcludeFields = new Gcp.DataPlex.Inputs.DatascanDataProfileSpecExcludeFieldsArgs\n {\n FieldNames = new[]\n {\n \"property_type\",\n },\n },\n PostScanActions = new Gcp.DataPlex.Inputs.DatascanDataProfileSpecPostScanActionsArgs\n {\n BigqueryExport = new Gcp.DataPlex.Inputs.DatascanDataProfileSpecPostScanActionsBigqueryExportArgs\n {\n ResultsTable = \"//bigquery.googleapis.com/projects/my-project-name/datasets/dataplex_dataset/tables/profile_export\",\n },\n },\n },\n Project = \"my-project-name\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n source,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsource, err := bigquery.NewDataset(ctx, \"source\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"dataplex_dataset\"),\n\t\t\tFriendlyName: pulumi.String(\"test\"),\n\t\t\tDescription: pulumi.String(\"This is a test description\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tDeleteContentsOnDestroy: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewDatascan(ctx, \"full_profile\", \u0026dataplex.DatascanArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDisplayName: pulumi.String(\"Full Datascan Profile\"),\n\t\t\tDataScanId: pulumi.String(\"dataprofile-full\"),\n\t\t\tDescription: pulumi.String(\"Example resource - Full Datascan Profile\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"author\": pulumi.String(\"billing\"),\n\t\t\t},\n\t\t\tData: \u0026dataplex.DatascanDataArgs{\n\t\t\t\tResource: pulumi.String(\"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\"),\n\t\t\t},\n\t\t\tExecutionSpec: \u0026dataplex.DatascanExecutionSpecArgs{\n\t\t\t\tTrigger: \u0026dataplex.DatascanExecutionSpecTriggerArgs{\n\t\t\t\t\tSchedule: \u0026dataplex.DatascanExecutionSpecTriggerScheduleArgs{\n\t\t\t\t\t\tCron: pulumi.String(\"TZ=America/New_York 1 1 * * *\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDataProfileSpec: \u0026dataplex.DatascanDataProfileSpecArgs{\n\t\t\t\tSamplingPercent: pulumi.Float64(80),\n\t\t\t\tRowFilter: pulumi.String(\"word_count \u003e 10\"),\n\t\t\t\tIncludeFields: \u0026dataplex.DatascanDataProfileSpecIncludeFieldsArgs{\n\t\t\t\t\tFieldNames: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"word_count\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tExcludeFields: \u0026dataplex.DatascanDataProfileSpecExcludeFieldsArgs{\n\t\t\t\t\tFieldNames: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"property_type\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tPostScanActions: \u0026dataplex.DatascanDataProfileSpecPostScanActionsArgs{\n\t\t\t\t\tBigqueryExport: \u0026dataplex.DatascanDataProfileSpecPostScanActionsBigqueryExportArgs{\n\t\t\t\t\t\tResultsTable: pulumi.String(\"//bigquery.googleapis.com/projects/my-project-name/datasets/dataplex_dataset/tables/profile_export\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsource,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.dataplex.Datascan;\nimport com.pulumi.gcp.dataplex.DatascanArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanDataArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanExecutionSpecArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanExecutionSpecTriggerArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanExecutionSpecTriggerScheduleArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanDataProfileSpecArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanDataProfileSpecIncludeFieldsArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanDataProfileSpecExcludeFieldsArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanDataProfileSpecPostScanActionsArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanDataProfileSpecPostScanActionsBigqueryExportArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var source = new Dataset(\"source\", DatasetArgs.builder()\n .datasetId(\"dataplex_dataset\")\n .friendlyName(\"test\")\n .description(\"This is a test description\")\n .location(\"US\")\n .deleteContentsOnDestroy(true)\n .build());\n\n var fullProfile = new Datascan(\"fullProfile\", DatascanArgs.builder()\n .location(\"us-central1\")\n .displayName(\"Full Datascan Profile\")\n .dataScanId(\"dataprofile-full\")\n .description(\"Example resource - Full Datascan Profile\")\n .labels(Map.of(\"author\", \"billing\"))\n .data(DatascanDataArgs.builder()\n .resource(\"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\")\n .build())\n .executionSpec(DatascanExecutionSpecArgs.builder()\n .trigger(DatascanExecutionSpecTriggerArgs.builder()\n .schedule(DatascanExecutionSpecTriggerScheduleArgs.builder()\n .cron(\"TZ=America/New_York 1 1 * * *\")\n .build())\n .build())\n .build())\n .dataProfileSpec(DatascanDataProfileSpecArgs.builder()\n .samplingPercent(80)\n .rowFilter(\"word_count \u003e 10\")\n .includeFields(DatascanDataProfileSpecIncludeFieldsArgs.builder()\n .fieldNames(\"word_count\")\n .build())\n .excludeFields(DatascanDataProfileSpecExcludeFieldsArgs.builder()\n .fieldNames(\"property_type\")\n .build())\n .postScanActions(DatascanDataProfileSpecPostScanActionsArgs.builder()\n .bigqueryExport(DatascanDataProfileSpecPostScanActionsBigqueryExportArgs.builder()\n .resultsTable(\"//bigquery.googleapis.com/projects/my-project-name/datasets/dataplex_dataset/tables/profile_export\")\n .build())\n .build())\n .build())\n .project(\"my-project-name\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(source)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fullProfile:\n type: gcp:dataplex:Datascan\n name: full_profile\n properties:\n location: us-central1\n displayName: Full Datascan Profile\n dataScanId: dataprofile-full\n description: Example resource - Full Datascan Profile\n labels:\n author: billing\n data:\n resource: //bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\n executionSpec:\n trigger:\n schedule:\n cron: TZ=America/New_York 1 1 * * *\n dataProfileSpec:\n samplingPercent: 80\n rowFilter: word_count \u003e 10\n includeFields:\n fieldNames:\n - word_count\n excludeFields:\n fieldNames:\n - property_type\n postScanActions:\n bigqueryExport:\n resultsTable: //bigquery.googleapis.com/projects/my-project-name/datasets/dataplex_dataset/tables/profile_export\n project: my-project-name\n options:\n dependsOn:\n - ${source}\n source:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: dataplex_dataset\n friendlyName: test\n description: This is a test description\n location: US\n deleteContentsOnDestroy: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dataplex Datascan Basic Quality\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basicQuality = new gcp.dataplex.Datascan(\"basic_quality\", {\n location: \"us-central1\",\n dataScanId: \"dataquality-basic\",\n data: {\n resource: \"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\",\n },\n executionSpec: {\n trigger: {\n onDemand: {},\n },\n },\n dataQualitySpec: {\n rules: [{\n dimension: \"VALIDITY\",\n name: \"rule1\",\n description: \"rule 1 for validity dimension\",\n tableConditionExpectation: {\n sqlExpression: \"COUNT(*) \u003e 0\",\n },\n }],\n },\n project: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic_quality = gcp.dataplex.Datascan(\"basic_quality\",\n location=\"us-central1\",\n data_scan_id=\"dataquality-basic\",\n data={\n \"resource\": \"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\",\n },\n execution_spec={\n \"trigger\": {\n \"on_demand\": {},\n },\n },\n data_quality_spec={\n \"rules\": [{\n \"dimension\": \"VALIDITY\",\n \"name\": \"rule1\",\n \"description\": \"rule 1 for validity dimension\",\n \"table_condition_expectation\": {\n \"sql_expression\": \"COUNT(*) \u003e 0\",\n },\n }],\n },\n project=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basicQuality = new Gcp.DataPlex.Datascan(\"basic_quality\", new()\n {\n Location = \"us-central1\",\n DataScanId = \"dataquality-basic\",\n Data = new Gcp.DataPlex.Inputs.DatascanDataArgs\n {\n Resource = \"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\",\n },\n ExecutionSpec = new Gcp.DataPlex.Inputs.DatascanExecutionSpecArgs\n {\n Trigger = new Gcp.DataPlex.Inputs.DatascanExecutionSpecTriggerArgs\n {\n OnDemand = null,\n },\n },\n DataQualitySpec = new Gcp.DataPlex.Inputs.DatascanDataQualitySpecArgs\n {\n Rules = new[]\n {\n new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleArgs\n {\n Dimension = \"VALIDITY\",\n Name = \"rule1\",\n Description = \"rule 1 for validity dimension\",\n TableConditionExpectation = new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleTableConditionExpectationArgs\n {\n SqlExpression = \"COUNT(*) \u003e 0\",\n },\n },\n },\n },\n Project = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascan(ctx, \"basic_quality\", \u0026dataplex.DatascanArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDataScanId: pulumi.String(\"dataquality-basic\"),\n\t\t\tData: \u0026dataplex.DatascanDataArgs{\n\t\t\t\tResource: pulumi.String(\"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\"),\n\t\t\t},\n\t\t\tExecutionSpec: \u0026dataplex.DatascanExecutionSpecArgs{\n\t\t\t\tTrigger: \u0026dataplex.DatascanExecutionSpecTriggerArgs{\n\t\t\t\t\tOnDemand: \u0026dataplex.DatascanExecutionSpecTriggerOnDemandArgs{},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDataQualitySpec: \u0026dataplex.DatascanDataQualitySpecArgs{\n\t\t\t\tRules: dataplex.DatascanDataQualitySpecRuleArray{\n\t\t\t\t\t\u0026dataplex.DatascanDataQualitySpecRuleArgs{\n\t\t\t\t\t\tDimension: pulumi.String(\"VALIDITY\"),\n\t\t\t\t\t\tName: pulumi.String(\"rule1\"),\n\t\t\t\t\t\tDescription: pulumi.String(\"rule 1 for validity dimension\"),\n\t\t\t\t\t\tTableConditionExpectation: \u0026dataplex.DatascanDataQualitySpecRuleTableConditionExpectationArgs{\n\t\t\t\t\t\t\tSqlExpression: pulumi.String(\"COUNT(*) \u003e 0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.Datascan;\nimport com.pulumi.gcp.dataplex.DatascanArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanDataArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanExecutionSpecArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanExecutionSpecTriggerArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanExecutionSpecTriggerOnDemandArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanDataQualitySpecArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basicQuality = new Datascan(\"basicQuality\", DatascanArgs.builder()\n .location(\"us-central1\")\n .dataScanId(\"dataquality-basic\")\n .data(DatascanDataArgs.builder()\n .resource(\"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\")\n .build())\n .executionSpec(DatascanExecutionSpecArgs.builder()\n .trigger(DatascanExecutionSpecTriggerArgs.builder()\n .onDemand()\n .build())\n .build())\n .dataQualitySpec(DatascanDataQualitySpecArgs.builder()\n .rules(DatascanDataQualitySpecRuleArgs.builder()\n .dimension(\"VALIDITY\")\n .name(\"rule1\")\n .description(\"rule 1 for validity dimension\")\n .tableConditionExpectation(DatascanDataQualitySpecRuleTableConditionExpectationArgs.builder()\n .sqlExpression(\"COUNT(*) \u003e 0\")\n .build())\n .build())\n .build())\n .project(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basicQuality:\n type: gcp:dataplex:Datascan\n name: basic_quality\n properties:\n location: us-central1\n dataScanId: dataquality-basic\n data:\n resource: //bigquery.googleapis.com/projects/bigquery-public-data/datasets/samples/tables/shakespeare\n executionSpec:\n trigger:\n onDemand: {}\n dataQualitySpec:\n rules:\n - dimension: VALIDITY\n name: rule1\n description: rule 1 for validity dimension\n tableConditionExpectation:\n sqlExpression: COUNT(*) \u003e 0\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dataplex Datascan Full Quality\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fullQuality = new gcp.dataplex.Datascan(\"full_quality\", {\n location: \"us-central1\",\n displayName: \"Full Datascan Quality\",\n dataScanId: \"dataquality-full\",\n description: \"Example resource - Full Datascan Quality\",\n labels: {\n author: \"billing\",\n },\n data: {\n resource: \"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/austin_bikeshare/tables/bikeshare_stations\",\n },\n executionSpec: {\n trigger: {\n schedule: {\n cron: \"TZ=America/New_York 1 1 * * *\",\n },\n },\n field: \"modified_date\",\n },\n dataQualitySpec: {\n samplingPercent: 5,\n rowFilter: \"station_id \u003e 1000\",\n rules: [\n {\n column: \"address\",\n dimension: \"VALIDITY\",\n threshold: 0.99,\n nonNullExpectation: {},\n },\n {\n column: \"council_district\",\n dimension: \"VALIDITY\",\n ignoreNull: true,\n threshold: 0.9,\n rangeExpectation: {\n minValue: \"1\",\n maxValue: \"10\",\n strictMinEnabled: true,\n strictMaxEnabled: false,\n },\n },\n {\n column: \"power_type\",\n dimension: \"VALIDITY\",\n ignoreNull: false,\n regexExpectation: {\n regex: \".*solar.*\",\n },\n },\n {\n column: \"property_type\",\n dimension: \"VALIDITY\",\n ignoreNull: false,\n setExpectation: {\n values: [\n \"sidewalk\",\n \"parkland\",\n ],\n },\n },\n {\n column: \"address\",\n dimension: \"UNIQUENESS\",\n uniquenessExpectation: {},\n },\n {\n column: \"number_of_docks\",\n dimension: \"VALIDITY\",\n statisticRangeExpectation: {\n statistic: \"MEAN\",\n minValue: \"5\",\n maxValue: \"15\",\n strictMinEnabled: true,\n strictMaxEnabled: true,\n },\n },\n {\n column: \"footprint_length\",\n dimension: \"VALIDITY\",\n rowConditionExpectation: {\n sqlExpression: \"footprint_length \u003e 0 AND footprint_length \u003c= 10\",\n },\n },\n {\n dimension: \"VALIDITY\",\n tableConditionExpectation: {\n sqlExpression: \"COUNT(*) \u003e 0\",\n },\n },\n {\n dimension: \"VALIDITY\",\n sqlAssertion: {\n sqlStatement: \"select * from bigquery-public-data.austin_bikeshare.bikeshare_stations where station_id is null\",\n },\n },\n ],\n },\n project: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfull_quality = gcp.dataplex.Datascan(\"full_quality\",\n location=\"us-central1\",\n display_name=\"Full Datascan Quality\",\n data_scan_id=\"dataquality-full\",\n description=\"Example resource - Full Datascan Quality\",\n labels={\n \"author\": \"billing\",\n },\n data={\n \"resource\": \"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/austin_bikeshare/tables/bikeshare_stations\",\n },\n execution_spec={\n \"trigger\": {\n \"schedule\": {\n \"cron\": \"TZ=America/New_York 1 1 * * *\",\n },\n },\n \"field\": \"modified_date\",\n },\n data_quality_spec={\n \"sampling_percent\": 5,\n \"row_filter\": \"station_id \u003e 1000\",\n \"rules\": [\n {\n \"column\": \"address\",\n \"dimension\": \"VALIDITY\",\n \"threshold\": 0.99,\n \"non_null_expectation\": {},\n },\n {\n \"column\": \"council_district\",\n \"dimension\": \"VALIDITY\",\n \"ignore_null\": True,\n \"threshold\": 0.9,\n \"range_expectation\": {\n \"min_value\": \"1\",\n \"max_value\": \"10\",\n \"strict_min_enabled\": True,\n \"strict_max_enabled\": False,\n },\n },\n {\n \"column\": \"power_type\",\n \"dimension\": \"VALIDITY\",\n \"ignore_null\": False,\n \"regex_expectation\": {\n \"regex\": \".*solar.*\",\n },\n },\n {\n \"column\": \"property_type\",\n \"dimension\": \"VALIDITY\",\n \"ignore_null\": False,\n \"set_expectation\": {\n \"values\": [\n \"sidewalk\",\n \"parkland\",\n ],\n },\n },\n {\n \"column\": \"address\",\n \"dimension\": \"UNIQUENESS\",\n \"uniqueness_expectation\": {},\n },\n {\n \"column\": \"number_of_docks\",\n \"dimension\": \"VALIDITY\",\n \"statistic_range_expectation\": {\n \"statistic\": \"MEAN\",\n \"min_value\": \"5\",\n \"max_value\": \"15\",\n \"strict_min_enabled\": True,\n \"strict_max_enabled\": True,\n },\n },\n {\n \"column\": \"footprint_length\",\n \"dimension\": \"VALIDITY\",\n \"row_condition_expectation\": {\n \"sql_expression\": \"footprint_length \u003e 0 AND footprint_length \u003c= 10\",\n },\n },\n {\n \"dimension\": \"VALIDITY\",\n \"table_condition_expectation\": {\n \"sql_expression\": \"COUNT(*) \u003e 0\",\n },\n },\n {\n \"dimension\": \"VALIDITY\",\n \"sql_assertion\": {\n \"sql_statement\": \"select * from bigquery-public-data.austin_bikeshare.bikeshare_stations where station_id is null\",\n },\n },\n ],\n },\n project=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fullQuality = new Gcp.DataPlex.Datascan(\"full_quality\", new()\n {\n Location = \"us-central1\",\n DisplayName = \"Full Datascan Quality\",\n DataScanId = \"dataquality-full\",\n Description = \"Example resource - Full Datascan Quality\",\n Labels = \n {\n { \"author\", \"billing\" },\n },\n Data = new Gcp.DataPlex.Inputs.DatascanDataArgs\n {\n Resource = \"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/austin_bikeshare/tables/bikeshare_stations\",\n },\n ExecutionSpec = new Gcp.DataPlex.Inputs.DatascanExecutionSpecArgs\n {\n Trigger = new Gcp.DataPlex.Inputs.DatascanExecutionSpecTriggerArgs\n {\n Schedule = new Gcp.DataPlex.Inputs.DatascanExecutionSpecTriggerScheduleArgs\n {\n Cron = \"TZ=America/New_York 1 1 * * *\",\n },\n },\n Field = \"modified_date\",\n },\n DataQualitySpec = new Gcp.DataPlex.Inputs.DatascanDataQualitySpecArgs\n {\n SamplingPercent = 5,\n RowFilter = \"station_id \u003e 1000\",\n Rules = new[]\n {\n new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleArgs\n {\n Column = \"address\",\n Dimension = \"VALIDITY\",\n Threshold = 0.99,\n NonNullExpectation = null,\n },\n new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleArgs\n {\n Column = \"council_district\",\n Dimension = \"VALIDITY\",\n IgnoreNull = true,\n Threshold = 0.9,\n RangeExpectation = new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleRangeExpectationArgs\n {\n MinValue = \"1\",\n MaxValue = \"10\",\n StrictMinEnabled = true,\n StrictMaxEnabled = false,\n },\n },\n new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleArgs\n {\n Column = \"power_type\",\n Dimension = \"VALIDITY\",\n IgnoreNull = false,\n RegexExpectation = new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleRegexExpectationArgs\n {\n Regex = \".*solar.*\",\n },\n },\n new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleArgs\n {\n Column = \"property_type\",\n Dimension = \"VALIDITY\",\n IgnoreNull = false,\n SetExpectation = new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleSetExpectationArgs\n {\n Values = new[]\n {\n \"sidewalk\",\n \"parkland\",\n },\n },\n },\n new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleArgs\n {\n Column = \"address\",\n Dimension = \"UNIQUENESS\",\n UniquenessExpectation = null,\n },\n new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleArgs\n {\n Column = \"number_of_docks\",\n Dimension = \"VALIDITY\",\n StatisticRangeExpectation = new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleStatisticRangeExpectationArgs\n {\n Statistic = \"MEAN\",\n MinValue = \"5\",\n MaxValue = \"15\",\n StrictMinEnabled = true,\n StrictMaxEnabled = true,\n },\n },\n new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleArgs\n {\n Column = \"footprint_length\",\n Dimension = \"VALIDITY\",\n RowConditionExpectation = new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleRowConditionExpectationArgs\n {\n SqlExpression = \"footprint_length \u003e 0 AND footprint_length \u003c= 10\",\n },\n },\n new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleArgs\n {\n Dimension = \"VALIDITY\",\n TableConditionExpectation = new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleTableConditionExpectationArgs\n {\n SqlExpression = \"COUNT(*) \u003e 0\",\n },\n },\n new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleArgs\n {\n Dimension = \"VALIDITY\",\n SqlAssertion = new Gcp.DataPlex.Inputs.DatascanDataQualitySpecRuleSqlAssertionArgs\n {\n SqlStatement = \"select * from bigquery-public-data.austin_bikeshare.bikeshare_stations where station_id is null\",\n },\n },\n },\n },\n Project = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascan(ctx, \"full_quality\", \u0026dataplex.DatascanArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDisplayName: pulumi.String(\"Full Datascan Quality\"),\n\t\t\tDataScanId: pulumi.String(\"dataquality-full\"),\n\t\t\tDescription: pulumi.String(\"Example resource - Full Datascan Quality\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"author\": pulumi.String(\"billing\"),\n\t\t\t},\n\t\t\tData: \u0026dataplex.DatascanDataArgs{\n\t\t\t\tResource: pulumi.String(\"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/austin_bikeshare/tables/bikeshare_stations\"),\n\t\t\t},\n\t\t\tExecutionSpec: \u0026dataplex.DatascanExecutionSpecArgs{\n\t\t\t\tTrigger: \u0026dataplex.DatascanExecutionSpecTriggerArgs{\n\t\t\t\t\tSchedule: \u0026dataplex.DatascanExecutionSpecTriggerScheduleArgs{\n\t\t\t\t\t\tCron: pulumi.String(\"TZ=America/New_York 1 1 * * *\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tField: pulumi.String(\"modified_date\"),\n\t\t\t},\n\t\t\tDataQualitySpec: \u0026dataplex.DatascanDataQualitySpecArgs{\n\t\t\t\tSamplingPercent: pulumi.Float64(5),\n\t\t\t\tRowFilter: pulumi.String(\"station_id \u003e 1000\"),\n\t\t\t\tRules: dataplex.DatascanDataQualitySpecRuleArray{\n\t\t\t\t\t\u0026dataplex.DatascanDataQualitySpecRuleArgs{\n\t\t\t\t\t\tColumn: pulumi.String(\"address\"),\n\t\t\t\t\t\tDimension: pulumi.String(\"VALIDITY\"),\n\t\t\t\t\t\tThreshold: pulumi.Float64(0.99),\n\t\t\t\t\t\tNonNullExpectation: \u0026dataplex.DatascanDataQualitySpecRuleNonNullExpectationArgs{},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026dataplex.DatascanDataQualitySpecRuleArgs{\n\t\t\t\t\t\tColumn: pulumi.String(\"council_district\"),\n\t\t\t\t\t\tDimension: pulumi.String(\"VALIDITY\"),\n\t\t\t\t\t\tIgnoreNull: pulumi.Bool(true),\n\t\t\t\t\t\tThreshold: pulumi.Float64(0.9),\n\t\t\t\t\t\tRangeExpectation: \u0026dataplex.DatascanDataQualitySpecRuleRangeExpectationArgs{\n\t\t\t\t\t\t\tMinValue: pulumi.String(\"1\"),\n\t\t\t\t\t\t\tMaxValue: pulumi.String(\"10\"),\n\t\t\t\t\t\t\tStrictMinEnabled: pulumi.Bool(true),\n\t\t\t\t\t\t\tStrictMaxEnabled: pulumi.Bool(false),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026dataplex.DatascanDataQualitySpecRuleArgs{\n\t\t\t\t\t\tColumn: pulumi.String(\"power_type\"),\n\t\t\t\t\t\tDimension: pulumi.String(\"VALIDITY\"),\n\t\t\t\t\t\tIgnoreNull: pulumi.Bool(false),\n\t\t\t\t\t\tRegexExpectation: \u0026dataplex.DatascanDataQualitySpecRuleRegexExpectationArgs{\n\t\t\t\t\t\t\tRegex: pulumi.String(\".*solar.*\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026dataplex.DatascanDataQualitySpecRuleArgs{\n\t\t\t\t\t\tColumn: pulumi.String(\"property_type\"),\n\t\t\t\t\t\tDimension: pulumi.String(\"VALIDITY\"),\n\t\t\t\t\t\tIgnoreNull: pulumi.Bool(false),\n\t\t\t\t\t\tSetExpectation: \u0026dataplex.DatascanDataQualitySpecRuleSetExpectationArgs{\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"sidewalk\"),\n\t\t\t\t\t\t\t\tpulumi.String(\"parkland\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026dataplex.DatascanDataQualitySpecRuleArgs{\n\t\t\t\t\t\tColumn: pulumi.String(\"address\"),\n\t\t\t\t\t\tDimension: pulumi.String(\"UNIQUENESS\"),\n\t\t\t\t\t\tUniquenessExpectation: \u0026dataplex.DatascanDataQualitySpecRuleUniquenessExpectationArgs{},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026dataplex.DatascanDataQualitySpecRuleArgs{\n\t\t\t\t\t\tColumn: pulumi.String(\"number_of_docks\"),\n\t\t\t\t\t\tDimension: pulumi.String(\"VALIDITY\"),\n\t\t\t\t\t\tStatisticRangeExpectation: \u0026dataplex.DatascanDataQualitySpecRuleStatisticRangeExpectationArgs{\n\t\t\t\t\t\t\tStatistic: pulumi.String(\"MEAN\"),\n\t\t\t\t\t\t\tMinValue: pulumi.String(\"5\"),\n\t\t\t\t\t\t\tMaxValue: pulumi.String(\"15\"),\n\t\t\t\t\t\t\tStrictMinEnabled: pulumi.Bool(true),\n\t\t\t\t\t\t\tStrictMaxEnabled: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026dataplex.DatascanDataQualitySpecRuleArgs{\n\t\t\t\t\t\tColumn: pulumi.String(\"footprint_length\"),\n\t\t\t\t\t\tDimension: pulumi.String(\"VALIDITY\"),\n\t\t\t\t\t\tRowConditionExpectation: \u0026dataplex.DatascanDataQualitySpecRuleRowConditionExpectationArgs{\n\t\t\t\t\t\t\tSqlExpression: pulumi.String(\"footprint_length \u003e 0 AND footprint_length \u003c= 10\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026dataplex.DatascanDataQualitySpecRuleArgs{\n\t\t\t\t\t\tDimension: pulumi.String(\"VALIDITY\"),\n\t\t\t\t\t\tTableConditionExpectation: \u0026dataplex.DatascanDataQualitySpecRuleTableConditionExpectationArgs{\n\t\t\t\t\t\t\tSqlExpression: pulumi.String(\"COUNT(*) \u003e 0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026dataplex.DatascanDataQualitySpecRuleArgs{\n\t\t\t\t\t\tDimension: pulumi.String(\"VALIDITY\"),\n\t\t\t\t\t\tSqlAssertion: \u0026dataplex.DatascanDataQualitySpecRuleSqlAssertionArgs{\n\t\t\t\t\t\t\tSqlStatement: pulumi.String(\"select * from bigquery-public-data.austin_bikeshare.bikeshare_stations where station_id is null\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.Datascan;\nimport com.pulumi.gcp.dataplex.DatascanArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanDataArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanExecutionSpecArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanExecutionSpecTriggerArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanExecutionSpecTriggerScheduleArgs;\nimport com.pulumi.gcp.dataplex.inputs.DatascanDataQualitySpecArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fullQuality = new Datascan(\"fullQuality\", DatascanArgs.builder()\n .location(\"us-central1\")\n .displayName(\"Full Datascan Quality\")\n .dataScanId(\"dataquality-full\")\n .description(\"Example resource - Full Datascan Quality\")\n .labels(Map.of(\"author\", \"billing\"))\n .data(DatascanDataArgs.builder()\n .resource(\"//bigquery.googleapis.com/projects/bigquery-public-data/datasets/austin_bikeshare/tables/bikeshare_stations\")\n .build())\n .executionSpec(DatascanExecutionSpecArgs.builder()\n .trigger(DatascanExecutionSpecTriggerArgs.builder()\n .schedule(DatascanExecutionSpecTriggerScheduleArgs.builder()\n .cron(\"TZ=America/New_York 1 1 * * *\")\n .build())\n .build())\n .field(\"modified_date\")\n .build())\n .dataQualitySpec(DatascanDataQualitySpecArgs.builder()\n .samplingPercent(5)\n .rowFilter(\"station_id \u003e 1000\")\n .rules( \n DatascanDataQualitySpecRuleArgs.builder()\n .column(\"address\")\n .dimension(\"VALIDITY\")\n .threshold(0.99)\n .nonNullExpectation()\n .build(),\n DatascanDataQualitySpecRuleArgs.builder()\n .column(\"council_district\")\n .dimension(\"VALIDITY\")\n .ignoreNull(true)\n .threshold(0.9)\n .rangeExpectation(DatascanDataQualitySpecRuleRangeExpectationArgs.builder()\n .minValue(1)\n .maxValue(10)\n .strictMinEnabled(true)\n .strictMaxEnabled(false)\n .build())\n .build(),\n DatascanDataQualitySpecRuleArgs.builder()\n .column(\"power_type\")\n .dimension(\"VALIDITY\")\n .ignoreNull(false)\n .regexExpectation(DatascanDataQualitySpecRuleRegexExpectationArgs.builder()\n .regex(\".*solar.*\")\n .build())\n .build(),\n DatascanDataQualitySpecRuleArgs.builder()\n .column(\"property_type\")\n .dimension(\"VALIDITY\")\n .ignoreNull(false)\n .setExpectation(DatascanDataQualitySpecRuleSetExpectationArgs.builder()\n .values( \n \"sidewalk\",\n \"parkland\")\n .build())\n .build(),\n DatascanDataQualitySpecRuleArgs.builder()\n .column(\"address\")\n .dimension(\"UNIQUENESS\")\n .uniquenessExpectation()\n .build(),\n DatascanDataQualitySpecRuleArgs.builder()\n .column(\"number_of_docks\")\n .dimension(\"VALIDITY\")\n .statisticRangeExpectation(DatascanDataQualitySpecRuleStatisticRangeExpectationArgs.builder()\n .statistic(\"MEAN\")\n .minValue(5)\n .maxValue(15)\n .strictMinEnabled(true)\n .strictMaxEnabled(true)\n .build())\n .build(),\n DatascanDataQualitySpecRuleArgs.builder()\n .column(\"footprint_length\")\n .dimension(\"VALIDITY\")\n .rowConditionExpectation(DatascanDataQualitySpecRuleRowConditionExpectationArgs.builder()\n .sqlExpression(\"footprint_length \u003e 0 AND footprint_length \u003c= 10\")\n .build())\n .build(),\n DatascanDataQualitySpecRuleArgs.builder()\n .dimension(\"VALIDITY\")\n .tableConditionExpectation(DatascanDataQualitySpecRuleTableConditionExpectationArgs.builder()\n .sqlExpression(\"COUNT(*) \u003e 0\")\n .build())\n .build(),\n DatascanDataQualitySpecRuleArgs.builder()\n .dimension(\"VALIDITY\")\n .sqlAssertion(DatascanDataQualitySpecRuleSqlAssertionArgs.builder()\n .sqlStatement(\"select * from bigquery-public-data.austin_bikeshare.bikeshare_stations where station_id is null\")\n .build())\n .build())\n .build())\n .project(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fullQuality:\n type: gcp:dataplex:Datascan\n name: full_quality\n properties:\n location: us-central1\n displayName: Full Datascan Quality\n dataScanId: dataquality-full\n description: Example resource - Full Datascan Quality\n labels:\n author: billing\n data:\n resource: //bigquery.googleapis.com/projects/bigquery-public-data/datasets/austin_bikeshare/tables/bikeshare_stations\n executionSpec:\n trigger:\n schedule:\n cron: TZ=America/New_York 1 1 * * *\n field: modified_date\n dataQualitySpec:\n samplingPercent: 5\n rowFilter: station_id \u003e 1000\n rules:\n - column: address\n dimension: VALIDITY\n threshold: 0.99\n nonNullExpectation: {}\n - column: council_district\n dimension: VALIDITY\n ignoreNull: true\n threshold: 0.9\n rangeExpectation:\n minValue: 1\n maxValue: 10\n strictMinEnabled: true\n strictMaxEnabled: false\n - column: power_type\n dimension: VALIDITY\n ignoreNull: false\n regexExpectation:\n regex: .*solar.*\n - column: property_type\n dimension: VALIDITY\n ignoreNull: false\n setExpectation:\n values:\n - sidewalk\n - parkland\n - column: address\n dimension: UNIQUENESS\n uniquenessExpectation: {}\n - column: number_of_docks\n dimension: VALIDITY\n statisticRangeExpectation:\n statistic: MEAN\n minValue: 5\n maxValue: 15\n strictMinEnabled: true\n strictMaxEnabled: true\n - column: footprint_length\n dimension: VALIDITY\n rowConditionExpectation:\n sqlExpression: footprint_length \u003e 0 AND footprint_length \u003c= 10\n - dimension: VALIDITY\n tableConditionExpectation:\n sqlExpression: COUNT(*) \u003e 0\n - dimension: VALIDITY\n sqlAssertion:\n sqlStatement: select * from bigquery-public-data.austin_bikeshare.bikeshare_stations where station_id is null\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nDatascan can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}}`\n\n* `{{project}}/{{location}}/{{data_scan_id}}`\n\n* `{{location}}/{{data_scan_id}}`\n\n* `{{data_scan_id}}`\n\nWhen using the `pulumi import` command, Datascan can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:dataplex/datascan:Datascan default projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}}\n```\n\n```sh\n$ pulumi import gcp:dataplex/datascan:Datascan default {{project}}/{{location}}/{{data_scan_id}}\n```\n\n```sh\n$ pulumi import gcp:dataplex/datascan:Datascan default {{location}}/{{data_scan_id}}\n```\n\n```sh\n$ pulumi import gcp:dataplex/datascan:Datascan default {{data_scan_id}}\n```\n\n", "properties": { "createTime": { "type": "string", @@ -196003,7 +196003,7 @@ } }, "gcp:dataplex/datascanIamBinding:DatascanIamBinding": { - "description": "Three different resources help you manage your IAM policy for Dataplex Datascan. Each of these resources serves a different use case:\n\n* `gcp.dataplex.DatascanIamPolicy`: Authoritative. Sets the IAM policy for the datascan and replaces any existing policy already attached.\n* `gcp.dataplex.DatascanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datascan are preserved.\n* `gcp.dataplex.DatascanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datascan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.DatascanIamPolicy`: Retrieves the IAM policy for the datascan\n\n\u003e **Note:** `gcp.dataplex.DatascanIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.DatascanIamBinding` and `gcp.dataplex.DatascanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.DatascanIamBinding` resources **can be** used in conjunction with `gcp.dataplex.DatascanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.DatascanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.DatascanIamPolicy(\"policy\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.DatascanIamPolicy(\"policy\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.DatascanIamPolicy(\"policy\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewDatascanIamPolicy(ctx, \"policy\", \u0026dataplex.DatascanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicy;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DatascanIamPolicy(\"policy\", DatascanIamPolicyArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:DatascanIamPolicy\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.DatascanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.DatascanIamBinding(\"binding\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.DatascanIamBinding(\"binding\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.DatascanIamBinding(\"binding\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamBinding(ctx, \"binding\", \u0026dataplex.DatascanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamBinding;\nimport com.pulumi.gcp.dataplex.DatascanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DatascanIamBinding(\"binding\", DatascanIamBindingArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:DatascanIamBinding\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.DatascanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.DatascanIamMember(\"member\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.DatascanIamMember(\"member\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.DatascanIamMember(\"member\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamMember(ctx, \"member\", \u0026dataplex.DatascanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamMember;\nimport com.pulumi.gcp.dataplex.DatascanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DatascanIamMember(\"member\", DatascanIamMemberArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:DatascanIamMember\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex Datascan\nThree different resources help you manage your IAM policy for Dataplex Datascan. Each of these resources serves a different use case:\n\n* `gcp.dataplex.DatascanIamPolicy`: Authoritative. Sets the IAM policy for the datascan and replaces any existing policy already attached.\n* `gcp.dataplex.DatascanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datascan are preserved.\n* `gcp.dataplex.DatascanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datascan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.DatascanIamPolicy`: Retrieves the IAM policy for the datascan\n\n\u003e **Note:** `gcp.dataplex.DatascanIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.DatascanIamBinding` and `gcp.dataplex.DatascanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.DatascanIamBinding` resources **can be** used in conjunction with `gcp.dataplex.DatascanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.DatascanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.DatascanIamPolicy(\"policy\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.DatascanIamPolicy(\"policy\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.DatascanIamPolicy(\"policy\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewDatascanIamPolicy(ctx, \"policy\", \u0026dataplex.DatascanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicy;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DatascanIamPolicy(\"policy\", DatascanIamPolicyArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:DatascanIamPolicy\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.DatascanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.DatascanIamBinding(\"binding\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.DatascanIamBinding(\"binding\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.DatascanIamBinding(\"binding\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamBinding(ctx, \"binding\", \u0026dataplex.DatascanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamBinding;\nimport com.pulumi.gcp.dataplex.DatascanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DatascanIamBinding(\"binding\", DatascanIamBindingArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:DatascanIamBinding\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.DatascanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.DatascanIamMember(\"member\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.DatascanIamMember(\"member\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.DatascanIamMember(\"member\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamMember(ctx, \"member\", \u0026dataplex.DatascanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamMember;\nimport com.pulumi.gcp.dataplex.DatascanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DatascanIamMember(\"member\", DatascanIamMemberArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:DatascanIamMember\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}}\n\n* {{project}}/{{location}}/{{data_scan_id}}\n\n* {{location}}/{{data_scan_id}}\n\n* {{data_scan_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex datascan IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamBinding:DatascanIamBinding editor \"projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamBinding:DatascanIamBinding editor \"projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamBinding:DatascanIamBinding editor projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex Datascan. Each of these resources serves a different use case:\n\n* `gcp.dataplex.DatascanIamPolicy`: Authoritative. Sets the IAM policy for the datascan and replaces any existing policy already attached.\n* `gcp.dataplex.DatascanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datascan are preserved.\n* `gcp.dataplex.DatascanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datascan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.DatascanIamPolicy`: Retrieves the IAM policy for the datascan\n\n\u003e **Note:** `gcp.dataplex.DatascanIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.DatascanIamBinding` and `gcp.dataplex.DatascanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.DatascanIamBinding` resources **can be** used in conjunction with `gcp.dataplex.DatascanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.DatascanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.DatascanIamPolicy(\"policy\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.DatascanIamPolicy(\"policy\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.DatascanIamPolicy(\"policy\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewDatascanIamPolicy(ctx, \"policy\", \u0026dataplex.DatascanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicy;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DatascanIamPolicy(\"policy\", DatascanIamPolicyArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:DatascanIamPolicy\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.DatascanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.DatascanIamBinding(\"binding\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.DatascanIamBinding(\"binding\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.DatascanIamBinding(\"binding\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamBinding(ctx, \"binding\", \u0026dataplex.DatascanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamBinding;\nimport com.pulumi.gcp.dataplex.DatascanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DatascanIamBinding(\"binding\", DatascanIamBindingArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:DatascanIamBinding\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.DatascanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.DatascanIamMember(\"member\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.DatascanIamMember(\"member\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.DatascanIamMember(\"member\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamMember(ctx, \"member\", \u0026dataplex.DatascanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamMember;\nimport com.pulumi.gcp.dataplex.DatascanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DatascanIamMember(\"member\", DatascanIamMemberArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:DatascanIamMember\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex Datascan\nThree different resources help you manage your IAM policy for Dataplex Datascan. Each of these resources serves a different use case:\n\n* `gcp.dataplex.DatascanIamPolicy`: Authoritative. Sets the IAM policy for the datascan and replaces any existing policy already attached.\n* `gcp.dataplex.DatascanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datascan are preserved.\n* `gcp.dataplex.DatascanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datascan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.DatascanIamPolicy`: Retrieves the IAM policy for the datascan\n\n\u003e **Note:** `gcp.dataplex.DatascanIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.DatascanIamBinding` and `gcp.dataplex.DatascanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.DatascanIamBinding` resources **can be** used in conjunction with `gcp.dataplex.DatascanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.DatascanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.DatascanIamPolicy(\"policy\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.DatascanIamPolicy(\"policy\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.DatascanIamPolicy(\"policy\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewDatascanIamPolicy(ctx, \"policy\", \u0026dataplex.DatascanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicy;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DatascanIamPolicy(\"policy\", DatascanIamPolicyArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:DatascanIamPolicy\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.DatascanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.DatascanIamBinding(\"binding\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.DatascanIamBinding(\"binding\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.DatascanIamBinding(\"binding\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamBinding(ctx, \"binding\", \u0026dataplex.DatascanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamBinding;\nimport com.pulumi.gcp.dataplex.DatascanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DatascanIamBinding(\"binding\", DatascanIamBindingArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:DatascanIamBinding\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.DatascanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.DatascanIamMember(\"member\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.DatascanIamMember(\"member\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.DatascanIamMember(\"member\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamMember(ctx, \"member\", \u0026dataplex.DatascanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamMember;\nimport com.pulumi.gcp.dataplex.DatascanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DatascanIamMember(\"member\", DatascanIamMemberArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:DatascanIamMember\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}}\n\n* {{project}}/{{location}}/{{data_scan_id}}\n\n* {{location}}/{{data_scan_id}}\n\n* {{data_scan_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex datascan IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamBinding:DatascanIamBinding editor \"projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamBinding:DatascanIamBinding editor \"projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamBinding:DatascanIamBinding editor projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dataplex/DatascanIamBindingCondition:DatascanIamBindingCondition" @@ -196122,7 +196122,7 @@ } }, "gcp:dataplex/datascanIamMember:DatascanIamMember": { - "description": "Three different resources help you manage your IAM policy for Dataplex Datascan. Each of these resources serves a different use case:\n\n* `gcp.dataplex.DatascanIamPolicy`: Authoritative. Sets the IAM policy for the datascan and replaces any existing policy already attached.\n* `gcp.dataplex.DatascanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datascan are preserved.\n* `gcp.dataplex.DatascanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datascan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.DatascanIamPolicy`: Retrieves the IAM policy for the datascan\n\n\u003e **Note:** `gcp.dataplex.DatascanIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.DatascanIamBinding` and `gcp.dataplex.DatascanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.DatascanIamBinding` resources **can be** used in conjunction with `gcp.dataplex.DatascanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.DatascanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.DatascanIamPolicy(\"policy\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.DatascanIamPolicy(\"policy\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.DatascanIamPolicy(\"policy\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewDatascanIamPolicy(ctx, \"policy\", \u0026dataplex.DatascanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicy;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DatascanIamPolicy(\"policy\", DatascanIamPolicyArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:DatascanIamPolicy\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.DatascanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.DatascanIamBinding(\"binding\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.DatascanIamBinding(\"binding\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.DatascanIamBinding(\"binding\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamBinding(ctx, \"binding\", \u0026dataplex.DatascanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamBinding;\nimport com.pulumi.gcp.dataplex.DatascanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DatascanIamBinding(\"binding\", DatascanIamBindingArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:DatascanIamBinding\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.DatascanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.DatascanIamMember(\"member\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.DatascanIamMember(\"member\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.DatascanIamMember(\"member\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamMember(ctx, \"member\", \u0026dataplex.DatascanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamMember;\nimport com.pulumi.gcp.dataplex.DatascanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DatascanIamMember(\"member\", DatascanIamMemberArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:DatascanIamMember\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex Datascan\nThree different resources help you manage your IAM policy for Dataplex Datascan. Each of these resources serves a different use case:\n\n* `gcp.dataplex.DatascanIamPolicy`: Authoritative. Sets the IAM policy for the datascan and replaces any existing policy already attached.\n* `gcp.dataplex.DatascanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datascan are preserved.\n* `gcp.dataplex.DatascanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datascan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.DatascanIamPolicy`: Retrieves the IAM policy for the datascan\n\n\u003e **Note:** `gcp.dataplex.DatascanIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.DatascanIamBinding` and `gcp.dataplex.DatascanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.DatascanIamBinding` resources **can be** used in conjunction with `gcp.dataplex.DatascanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.DatascanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.DatascanIamPolicy(\"policy\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.DatascanIamPolicy(\"policy\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.DatascanIamPolicy(\"policy\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewDatascanIamPolicy(ctx, \"policy\", \u0026dataplex.DatascanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicy;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DatascanIamPolicy(\"policy\", DatascanIamPolicyArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:DatascanIamPolicy\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.DatascanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.DatascanIamBinding(\"binding\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.DatascanIamBinding(\"binding\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.DatascanIamBinding(\"binding\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamBinding(ctx, \"binding\", \u0026dataplex.DatascanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamBinding;\nimport com.pulumi.gcp.dataplex.DatascanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DatascanIamBinding(\"binding\", DatascanIamBindingArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:DatascanIamBinding\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.DatascanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.DatascanIamMember(\"member\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.DatascanIamMember(\"member\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.DatascanIamMember(\"member\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamMember(ctx, \"member\", \u0026dataplex.DatascanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamMember;\nimport com.pulumi.gcp.dataplex.DatascanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DatascanIamMember(\"member\", DatascanIamMemberArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:DatascanIamMember\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}}\n\n* {{project}}/{{location}}/{{data_scan_id}}\n\n* {{location}}/{{data_scan_id}}\n\n* {{data_scan_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex datascan IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamMember:DatascanIamMember editor \"projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamMember:DatascanIamMember editor \"projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamMember:DatascanIamMember editor projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex Datascan. Each of these resources serves a different use case:\n\n* `gcp.dataplex.DatascanIamPolicy`: Authoritative. Sets the IAM policy for the datascan and replaces any existing policy already attached.\n* `gcp.dataplex.DatascanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datascan are preserved.\n* `gcp.dataplex.DatascanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datascan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.DatascanIamPolicy`: Retrieves the IAM policy for the datascan\n\n\u003e **Note:** `gcp.dataplex.DatascanIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.DatascanIamBinding` and `gcp.dataplex.DatascanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.DatascanIamBinding` resources **can be** used in conjunction with `gcp.dataplex.DatascanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.DatascanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.DatascanIamPolicy(\"policy\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.DatascanIamPolicy(\"policy\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.DatascanIamPolicy(\"policy\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewDatascanIamPolicy(ctx, \"policy\", \u0026dataplex.DatascanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicy;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DatascanIamPolicy(\"policy\", DatascanIamPolicyArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:DatascanIamPolicy\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.DatascanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.DatascanIamBinding(\"binding\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.DatascanIamBinding(\"binding\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.DatascanIamBinding(\"binding\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamBinding(ctx, \"binding\", \u0026dataplex.DatascanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamBinding;\nimport com.pulumi.gcp.dataplex.DatascanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DatascanIamBinding(\"binding\", DatascanIamBindingArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:DatascanIamBinding\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.DatascanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.DatascanIamMember(\"member\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.DatascanIamMember(\"member\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.DatascanIamMember(\"member\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamMember(ctx, \"member\", \u0026dataplex.DatascanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamMember;\nimport com.pulumi.gcp.dataplex.DatascanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DatascanIamMember(\"member\", DatascanIamMemberArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:DatascanIamMember\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex Datascan\nThree different resources help you manage your IAM policy for Dataplex Datascan. Each of these resources serves a different use case:\n\n* `gcp.dataplex.DatascanIamPolicy`: Authoritative. Sets the IAM policy for the datascan and replaces any existing policy already attached.\n* `gcp.dataplex.DatascanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datascan are preserved.\n* `gcp.dataplex.DatascanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datascan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.DatascanIamPolicy`: Retrieves the IAM policy for the datascan\n\n\u003e **Note:** `gcp.dataplex.DatascanIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.DatascanIamBinding` and `gcp.dataplex.DatascanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.DatascanIamBinding` resources **can be** used in conjunction with `gcp.dataplex.DatascanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.DatascanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.DatascanIamPolicy(\"policy\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.DatascanIamPolicy(\"policy\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.DatascanIamPolicy(\"policy\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewDatascanIamPolicy(ctx, \"policy\", \u0026dataplex.DatascanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicy;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DatascanIamPolicy(\"policy\", DatascanIamPolicyArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:DatascanIamPolicy\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.DatascanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.DatascanIamBinding(\"binding\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.DatascanIamBinding(\"binding\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.DatascanIamBinding(\"binding\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamBinding(ctx, \"binding\", \u0026dataplex.DatascanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamBinding;\nimport com.pulumi.gcp.dataplex.DatascanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DatascanIamBinding(\"binding\", DatascanIamBindingArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:DatascanIamBinding\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.DatascanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.DatascanIamMember(\"member\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.DatascanIamMember(\"member\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.DatascanIamMember(\"member\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamMember(ctx, \"member\", \u0026dataplex.DatascanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamMember;\nimport com.pulumi.gcp.dataplex.DatascanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DatascanIamMember(\"member\", DatascanIamMemberArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:DatascanIamMember\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}}\n\n* {{project}}/{{location}}/{{data_scan_id}}\n\n* {{location}}/{{data_scan_id}}\n\n* {{data_scan_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex datascan IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamMember:DatascanIamMember editor \"projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamMember:DatascanIamMember editor \"projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamMember:DatascanIamMember editor projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dataplex/DatascanIamMemberCondition:DatascanIamMemberCondition" @@ -196234,7 +196234,7 @@ } }, "gcp:dataplex/datascanIamPolicy:DatascanIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Dataplex Datascan. Each of these resources serves a different use case:\n\n* `gcp.dataplex.DatascanIamPolicy`: Authoritative. Sets the IAM policy for the datascan and replaces any existing policy already attached.\n* `gcp.dataplex.DatascanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datascan are preserved.\n* `gcp.dataplex.DatascanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datascan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.DatascanIamPolicy`: Retrieves the IAM policy for the datascan\n\n\u003e **Note:** `gcp.dataplex.DatascanIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.DatascanIamBinding` and `gcp.dataplex.DatascanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.DatascanIamBinding` resources **can be** used in conjunction with `gcp.dataplex.DatascanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.DatascanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.DatascanIamPolicy(\"policy\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.DatascanIamPolicy(\"policy\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.DatascanIamPolicy(\"policy\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewDatascanIamPolicy(ctx, \"policy\", \u0026dataplex.DatascanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicy;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DatascanIamPolicy(\"policy\", DatascanIamPolicyArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:DatascanIamPolicy\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.DatascanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.DatascanIamBinding(\"binding\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.DatascanIamBinding(\"binding\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.DatascanIamBinding(\"binding\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamBinding(ctx, \"binding\", \u0026dataplex.DatascanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamBinding;\nimport com.pulumi.gcp.dataplex.DatascanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DatascanIamBinding(\"binding\", DatascanIamBindingArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:DatascanIamBinding\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.DatascanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.DatascanIamMember(\"member\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.DatascanIamMember(\"member\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.DatascanIamMember(\"member\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamMember(ctx, \"member\", \u0026dataplex.DatascanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamMember;\nimport com.pulumi.gcp.dataplex.DatascanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DatascanIamMember(\"member\", DatascanIamMemberArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:DatascanIamMember\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex Datascan\nThree different resources help you manage your IAM policy for Dataplex Datascan. Each of these resources serves a different use case:\n\n* `gcp.dataplex.DatascanIamPolicy`: Authoritative. Sets the IAM policy for the datascan and replaces any existing policy already attached.\n* `gcp.dataplex.DatascanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datascan are preserved.\n* `gcp.dataplex.DatascanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datascan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.DatascanIamPolicy`: Retrieves the IAM policy for the datascan\n\n\u003e **Note:** `gcp.dataplex.DatascanIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.DatascanIamBinding` and `gcp.dataplex.DatascanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.DatascanIamBinding` resources **can be** used in conjunction with `gcp.dataplex.DatascanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.DatascanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.DatascanIamPolicy(\"policy\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.DatascanIamPolicy(\"policy\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.DatascanIamPolicy(\"policy\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewDatascanIamPolicy(ctx, \"policy\", \u0026dataplex.DatascanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicy;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DatascanIamPolicy(\"policy\", DatascanIamPolicyArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:DatascanIamPolicy\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.DatascanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.DatascanIamBinding(\"binding\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.DatascanIamBinding(\"binding\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.DatascanIamBinding(\"binding\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamBinding(ctx, \"binding\", \u0026dataplex.DatascanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamBinding;\nimport com.pulumi.gcp.dataplex.DatascanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DatascanIamBinding(\"binding\", DatascanIamBindingArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:DatascanIamBinding\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.DatascanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.DatascanIamMember(\"member\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.DatascanIamMember(\"member\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.DatascanIamMember(\"member\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamMember(ctx, \"member\", \u0026dataplex.DatascanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamMember;\nimport com.pulumi.gcp.dataplex.DatascanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DatascanIamMember(\"member\", DatascanIamMemberArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:DatascanIamMember\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}}\n\n* {{project}}/{{location}}/{{data_scan_id}}\n\n* {{location}}/{{data_scan_id}}\n\n* {{data_scan_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex datascan IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamPolicy:DatascanIamPolicy editor \"projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamPolicy:DatascanIamPolicy editor \"projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamPolicy:DatascanIamPolicy editor projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex Datascan. Each of these resources serves a different use case:\n\n* `gcp.dataplex.DatascanIamPolicy`: Authoritative. Sets the IAM policy for the datascan and replaces any existing policy already attached.\n* `gcp.dataplex.DatascanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datascan are preserved.\n* `gcp.dataplex.DatascanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datascan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.DatascanIamPolicy`: Retrieves the IAM policy for the datascan\n\n\u003e **Note:** `gcp.dataplex.DatascanIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.DatascanIamBinding` and `gcp.dataplex.DatascanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.DatascanIamBinding` resources **can be** used in conjunction with `gcp.dataplex.DatascanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.DatascanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.DatascanIamPolicy(\"policy\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.DatascanIamPolicy(\"policy\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.DatascanIamPolicy(\"policy\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewDatascanIamPolicy(ctx, \"policy\", \u0026dataplex.DatascanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicy;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DatascanIamPolicy(\"policy\", DatascanIamPolicyArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:DatascanIamPolicy\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.DatascanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.DatascanIamBinding(\"binding\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.DatascanIamBinding(\"binding\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.DatascanIamBinding(\"binding\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamBinding(ctx, \"binding\", \u0026dataplex.DatascanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamBinding;\nimport com.pulumi.gcp.dataplex.DatascanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DatascanIamBinding(\"binding\", DatascanIamBindingArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:DatascanIamBinding\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.DatascanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.DatascanIamMember(\"member\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.DatascanIamMember(\"member\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.DatascanIamMember(\"member\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamMember(ctx, \"member\", \u0026dataplex.DatascanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamMember;\nimport com.pulumi.gcp.dataplex.DatascanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DatascanIamMember(\"member\", DatascanIamMemberArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:DatascanIamMember\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex Datascan\nThree different resources help you manage your IAM policy for Dataplex Datascan. Each of these resources serves a different use case:\n\n* `gcp.dataplex.DatascanIamPolicy`: Authoritative. Sets the IAM policy for the datascan and replaces any existing policy already attached.\n* `gcp.dataplex.DatascanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datascan are preserved.\n* `gcp.dataplex.DatascanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datascan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.DatascanIamPolicy`: Retrieves the IAM policy for the datascan\n\n\u003e **Note:** `gcp.dataplex.DatascanIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.DatascanIamBinding` and `gcp.dataplex.DatascanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.DatascanIamBinding` resources **can be** used in conjunction with `gcp.dataplex.DatascanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.DatascanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.DatascanIamPolicy(\"policy\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.DatascanIamPolicy(\"policy\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.DatascanIamPolicy(\"policy\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewDatascanIamPolicy(ctx, \"policy\", \u0026dataplex.DatascanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicy;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DatascanIamPolicy(\"policy\", DatascanIamPolicyArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:DatascanIamPolicy\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.DatascanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.DatascanIamBinding(\"binding\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.DatascanIamBinding(\"binding\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.DatascanIamBinding(\"binding\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamBinding(ctx, \"binding\", \u0026dataplex.DatascanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamBinding;\nimport com.pulumi.gcp.dataplex.DatascanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DatascanIamBinding(\"binding\", DatascanIamBindingArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:DatascanIamBinding\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.DatascanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.DatascanIamMember(\"member\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.DatascanIamMember(\"member\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.DatascanIamMember(\"member\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamMember(ctx, \"member\", \u0026dataplex.DatascanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamMember;\nimport com.pulumi.gcp.dataplex.DatascanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DatascanIamMember(\"member\", DatascanIamMemberArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:DatascanIamMember\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}}\n\n* {{project}}/{{location}}/{{data_scan_id}}\n\n* {{location}}/{{data_scan_id}}\n\n* {{data_scan_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex datascan IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamPolicy:DatascanIamPolicy editor \"projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamPolicy:DatascanIamPolicy editor \"projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamPolicy:DatascanIamPolicy editor projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "dataScanId": { "type": "string" @@ -196499,7 +196499,7 @@ } }, "gcp:dataplex/entryGroupIamBinding:EntryGroupIamBinding": { - "description": "Three different resources help you manage your IAM policy for Dataplex EntryGroup. Each of these resources serves a different use case:\n\n* `gcp.dataplex.EntryGroupIamPolicy`: Authoritative. Sets the IAM policy for the entrygroup and replaces any existing policy already attached.\n* `gcp.dataplex.EntryGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrygroup are preserved.\n* `gcp.dataplex.EntryGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrygroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.EntryGroupIamPolicy`: Retrieves the IAM policy for the entrygroup\n\n\u003e **Note:** `gcp.dataplex.EntryGroupIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.EntryGroupIamBinding` and `gcp.dataplex.EntryGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.EntryGroupIamBinding` resources **can be** used in conjunction with `gcp.dataplex.EntryGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.EntryGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.EntryGroupIamPolicy(\"policy\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.EntryGroupIamPolicy(\"policy\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.EntryGroupIamPolicy(\"policy\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewEntryGroupIamPolicy(ctx, \"policy\", \u0026dataplex.EntryGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.EntryGroupIamPolicy;\nimport com.pulumi.gcp.dataplex.EntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryGroupIamPolicy(\"policy\", EntryGroupIamPolicyArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:EntryGroupIamPolicy\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.EntryGroupIamBinding(\"binding\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.EntryGroupIamBinding(\"binding\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.EntryGroupIamBinding(\"binding\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryGroupIamBinding(ctx, \"binding\", \u0026dataplex.EntryGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryGroupIamBinding;\nimport com.pulumi.gcp.dataplex.EntryGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryGroupIamBinding(\"binding\", EntryGroupIamBindingArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:EntryGroupIamBinding\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.EntryGroupIamMember(\"member\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.EntryGroupIamMember(\"member\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.EntryGroupIamMember(\"member\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryGroupIamMember(ctx, \"member\", \u0026dataplex.EntryGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryGroupIamMember;\nimport com.pulumi.gcp.dataplex.EntryGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryGroupIamMember(\"member\", EntryGroupIamMemberArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:EntryGroupIamMember\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex EntryGroup\nThree different resources help you manage your IAM policy for Dataplex EntryGroup. Each of these resources serves a different use case:\n\n* `gcp.dataplex.EntryGroupIamPolicy`: Authoritative. Sets the IAM policy for the entrygroup and replaces any existing policy already attached.\n* `gcp.dataplex.EntryGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrygroup are preserved.\n* `gcp.dataplex.EntryGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrygroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.EntryGroupIamPolicy`: Retrieves the IAM policy for the entrygroup\n\n\u003e **Note:** `gcp.dataplex.EntryGroupIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.EntryGroupIamBinding` and `gcp.dataplex.EntryGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.EntryGroupIamBinding` resources **can be** used in conjunction with `gcp.dataplex.EntryGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.EntryGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.EntryGroupIamPolicy(\"policy\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.EntryGroupIamPolicy(\"policy\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.EntryGroupIamPolicy(\"policy\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewEntryGroupIamPolicy(ctx, \"policy\", \u0026dataplex.EntryGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.EntryGroupIamPolicy;\nimport com.pulumi.gcp.dataplex.EntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryGroupIamPolicy(\"policy\", EntryGroupIamPolicyArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:EntryGroupIamPolicy\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.EntryGroupIamBinding(\"binding\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.EntryGroupIamBinding(\"binding\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.EntryGroupIamBinding(\"binding\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryGroupIamBinding(ctx, \"binding\", \u0026dataplex.EntryGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryGroupIamBinding;\nimport com.pulumi.gcp.dataplex.EntryGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryGroupIamBinding(\"binding\", EntryGroupIamBindingArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:EntryGroupIamBinding\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.EntryGroupIamMember(\"member\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.EntryGroupIamMember(\"member\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.EntryGroupIamMember(\"member\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryGroupIamMember(ctx, \"member\", \u0026dataplex.EntryGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryGroupIamMember;\nimport com.pulumi.gcp.dataplex.EntryGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryGroupIamMember(\"member\", EntryGroupIamMemberArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:EntryGroupIamMember\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/entryGroups/{{entry_group_id}}\n\n* {{project}}/{{location}}/{{entry_group_id}}\n\n* {{location}}/{{entry_group_id}}\n\n* {{entry_group_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex entrygroup IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryGroupIamBinding:EntryGroupIamBinding editor \"projects/{{project}}/locations/{{location}}/entryGroups/{{entry_group_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryGroupIamBinding:EntryGroupIamBinding editor \"projects/{{project}}/locations/{{location}}/entryGroups/{{entry_group_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryGroupIamBinding:EntryGroupIamBinding editor projects/{{project}}/locations/{{location}}/entryGroups/{{entry_group_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex EntryGroup. Each of these resources serves a different use case:\n\n* `gcp.dataplex.EntryGroupIamPolicy`: Authoritative. Sets the IAM policy for the entrygroup and replaces any existing policy already attached.\n* `gcp.dataplex.EntryGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrygroup are preserved.\n* `gcp.dataplex.EntryGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrygroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.EntryGroupIamPolicy`: Retrieves the IAM policy for the entrygroup\n\n\u003e **Note:** `gcp.dataplex.EntryGroupIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.EntryGroupIamBinding` and `gcp.dataplex.EntryGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.EntryGroupIamBinding` resources **can be** used in conjunction with `gcp.dataplex.EntryGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.EntryGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.EntryGroupIamPolicy(\"policy\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.EntryGroupIamPolicy(\"policy\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.EntryGroupIamPolicy(\"policy\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewEntryGroupIamPolicy(ctx, \"policy\", \u0026dataplex.EntryGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.EntryGroupIamPolicy;\nimport com.pulumi.gcp.dataplex.EntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryGroupIamPolicy(\"policy\", EntryGroupIamPolicyArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:EntryGroupIamPolicy\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.EntryGroupIamBinding(\"binding\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.EntryGroupIamBinding(\"binding\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.EntryGroupIamBinding(\"binding\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryGroupIamBinding(ctx, \"binding\", \u0026dataplex.EntryGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryGroupIamBinding;\nimport com.pulumi.gcp.dataplex.EntryGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryGroupIamBinding(\"binding\", EntryGroupIamBindingArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:EntryGroupIamBinding\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.EntryGroupIamMember(\"member\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.EntryGroupIamMember(\"member\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.EntryGroupIamMember(\"member\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryGroupIamMember(ctx, \"member\", \u0026dataplex.EntryGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryGroupIamMember;\nimport com.pulumi.gcp.dataplex.EntryGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryGroupIamMember(\"member\", EntryGroupIamMemberArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:EntryGroupIamMember\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex EntryGroup\nThree different resources help you manage your IAM policy for Dataplex EntryGroup. Each of these resources serves a different use case:\n\n* `gcp.dataplex.EntryGroupIamPolicy`: Authoritative. Sets the IAM policy for the entrygroup and replaces any existing policy already attached.\n* `gcp.dataplex.EntryGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrygroup are preserved.\n* `gcp.dataplex.EntryGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrygroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.EntryGroupIamPolicy`: Retrieves the IAM policy for the entrygroup\n\n\u003e **Note:** `gcp.dataplex.EntryGroupIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.EntryGroupIamBinding` and `gcp.dataplex.EntryGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.EntryGroupIamBinding` resources **can be** used in conjunction with `gcp.dataplex.EntryGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.EntryGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.EntryGroupIamPolicy(\"policy\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.EntryGroupIamPolicy(\"policy\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.EntryGroupIamPolicy(\"policy\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewEntryGroupIamPolicy(ctx, \"policy\", \u0026dataplex.EntryGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.EntryGroupIamPolicy;\nimport com.pulumi.gcp.dataplex.EntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryGroupIamPolicy(\"policy\", EntryGroupIamPolicyArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:EntryGroupIamPolicy\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.EntryGroupIamBinding(\"binding\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.EntryGroupIamBinding(\"binding\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.EntryGroupIamBinding(\"binding\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryGroupIamBinding(ctx, \"binding\", \u0026dataplex.EntryGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryGroupIamBinding;\nimport com.pulumi.gcp.dataplex.EntryGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryGroupIamBinding(\"binding\", EntryGroupIamBindingArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:EntryGroupIamBinding\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.EntryGroupIamMember(\"member\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.EntryGroupIamMember(\"member\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.EntryGroupIamMember(\"member\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryGroupIamMember(ctx, \"member\", \u0026dataplex.EntryGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryGroupIamMember;\nimport com.pulumi.gcp.dataplex.EntryGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryGroupIamMember(\"member\", EntryGroupIamMemberArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:EntryGroupIamMember\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/entryGroups/{{entry_group_id}}\n\n* {{project}}/{{location}}/{{entry_group_id}}\n\n* {{location}}/{{entry_group_id}}\n\n* {{entry_group_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex entrygroup IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryGroupIamBinding:EntryGroupIamBinding editor \"projects/{{project}}/locations/{{location}}/entryGroups/{{entry_group_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryGroupIamBinding:EntryGroupIamBinding editor \"projects/{{project}}/locations/{{location}}/entryGroups/{{entry_group_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryGroupIamBinding:EntryGroupIamBinding editor projects/{{project}}/locations/{{location}}/entryGroups/{{entry_group_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dataplex/EntryGroupIamBindingCondition:EntryGroupIamBindingCondition" @@ -196618,7 +196618,7 @@ } }, "gcp:dataplex/entryGroupIamMember:EntryGroupIamMember": { - "description": "Three different resources help you manage your IAM policy for Dataplex EntryGroup. Each of these resources serves a different use case:\n\n* `gcp.dataplex.EntryGroupIamPolicy`: Authoritative. Sets the IAM policy for the entrygroup and replaces any existing policy already attached.\n* `gcp.dataplex.EntryGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrygroup are preserved.\n* `gcp.dataplex.EntryGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrygroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.EntryGroupIamPolicy`: Retrieves the IAM policy for the entrygroup\n\n\u003e **Note:** `gcp.dataplex.EntryGroupIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.EntryGroupIamBinding` and `gcp.dataplex.EntryGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.EntryGroupIamBinding` resources **can be** used in conjunction with `gcp.dataplex.EntryGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.EntryGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.EntryGroupIamPolicy(\"policy\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.EntryGroupIamPolicy(\"policy\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.EntryGroupIamPolicy(\"policy\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewEntryGroupIamPolicy(ctx, \"policy\", \u0026dataplex.EntryGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.EntryGroupIamPolicy;\nimport com.pulumi.gcp.dataplex.EntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryGroupIamPolicy(\"policy\", EntryGroupIamPolicyArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:EntryGroupIamPolicy\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.EntryGroupIamBinding(\"binding\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.EntryGroupIamBinding(\"binding\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.EntryGroupIamBinding(\"binding\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryGroupIamBinding(ctx, \"binding\", \u0026dataplex.EntryGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryGroupIamBinding;\nimport com.pulumi.gcp.dataplex.EntryGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryGroupIamBinding(\"binding\", EntryGroupIamBindingArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:EntryGroupIamBinding\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.EntryGroupIamMember(\"member\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.EntryGroupIamMember(\"member\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.EntryGroupIamMember(\"member\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryGroupIamMember(ctx, \"member\", \u0026dataplex.EntryGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryGroupIamMember;\nimport com.pulumi.gcp.dataplex.EntryGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryGroupIamMember(\"member\", EntryGroupIamMemberArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:EntryGroupIamMember\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex EntryGroup\nThree different resources help you manage your IAM policy for Dataplex EntryGroup. Each of these resources serves a different use case:\n\n* `gcp.dataplex.EntryGroupIamPolicy`: Authoritative. Sets the IAM policy for the entrygroup and replaces any existing policy already attached.\n* `gcp.dataplex.EntryGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrygroup are preserved.\n* `gcp.dataplex.EntryGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrygroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.EntryGroupIamPolicy`: Retrieves the IAM policy for the entrygroup\n\n\u003e **Note:** `gcp.dataplex.EntryGroupIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.EntryGroupIamBinding` and `gcp.dataplex.EntryGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.EntryGroupIamBinding` resources **can be** used in conjunction with `gcp.dataplex.EntryGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.EntryGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.EntryGroupIamPolicy(\"policy\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.EntryGroupIamPolicy(\"policy\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.EntryGroupIamPolicy(\"policy\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewEntryGroupIamPolicy(ctx, \"policy\", \u0026dataplex.EntryGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.EntryGroupIamPolicy;\nimport com.pulumi.gcp.dataplex.EntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryGroupIamPolicy(\"policy\", EntryGroupIamPolicyArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:EntryGroupIamPolicy\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.EntryGroupIamBinding(\"binding\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.EntryGroupIamBinding(\"binding\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.EntryGroupIamBinding(\"binding\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryGroupIamBinding(ctx, \"binding\", \u0026dataplex.EntryGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryGroupIamBinding;\nimport com.pulumi.gcp.dataplex.EntryGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryGroupIamBinding(\"binding\", EntryGroupIamBindingArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:EntryGroupIamBinding\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.EntryGroupIamMember(\"member\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.EntryGroupIamMember(\"member\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.EntryGroupIamMember(\"member\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryGroupIamMember(ctx, \"member\", \u0026dataplex.EntryGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryGroupIamMember;\nimport com.pulumi.gcp.dataplex.EntryGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryGroupIamMember(\"member\", EntryGroupIamMemberArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:EntryGroupIamMember\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/entryGroups/{{entry_group_id}}\n\n* {{project}}/{{location}}/{{entry_group_id}}\n\n* {{location}}/{{entry_group_id}}\n\n* {{entry_group_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex entrygroup IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryGroupIamMember:EntryGroupIamMember editor \"projects/{{project}}/locations/{{location}}/entryGroups/{{entry_group_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryGroupIamMember:EntryGroupIamMember editor \"projects/{{project}}/locations/{{location}}/entryGroups/{{entry_group_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryGroupIamMember:EntryGroupIamMember editor projects/{{project}}/locations/{{location}}/entryGroups/{{entry_group_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex EntryGroup. Each of these resources serves a different use case:\n\n* `gcp.dataplex.EntryGroupIamPolicy`: Authoritative. Sets the IAM policy for the entrygroup and replaces any existing policy already attached.\n* `gcp.dataplex.EntryGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrygroup are preserved.\n* `gcp.dataplex.EntryGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrygroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.EntryGroupIamPolicy`: Retrieves the IAM policy for the entrygroup\n\n\u003e **Note:** `gcp.dataplex.EntryGroupIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.EntryGroupIamBinding` and `gcp.dataplex.EntryGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.EntryGroupIamBinding` resources **can be** used in conjunction with `gcp.dataplex.EntryGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.EntryGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.EntryGroupIamPolicy(\"policy\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.EntryGroupIamPolicy(\"policy\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.EntryGroupIamPolicy(\"policy\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewEntryGroupIamPolicy(ctx, \"policy\", \u0026dataplex.EntryGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.EntryGroupIamPolicy;\nimport com.pulumi.gcp.dataplex.EntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryGroupIamPolicy(\"policy\", EntryGroupIamPolicyArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:EntryGroupIamPolicy\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.EntryGroupIamBinding(\"binding\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.EntryGroupIamBinding(\"binding\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.EntryGroupIamBinding(\"binding\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryGroupIamBinding(ctx, \"binding\", \u0026dataplex.EntryGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryGroupIamBinding;\nimport com.pulumi.gcp.dataplex.EntryGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryGroupIamBinding(\"binding\", EntryGroupIamBindingArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:EntryGroupIamBinding\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.EntryGroupIamMember(\"member\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.EntryGroupIamMember(\"member\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.EntryGroupIamMember(\"member\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryGroupIamMember(ctx, \"member\", \u0026dataplex.EntryGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryGroupIamMember;\nimport com.pulumi.gcp.dataplex.EntryGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryGroupIamMember(\"member\", EntryGroupIamMemberArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:EntryGroupIamMember\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex EntryGroup\nThree different resources help you manage your IAM policy for Dataplex EntryGroup. Each of these resources serves a different use case:\n\n* `gcp.dataplex.EntryGroupIamPolicy`: Authoritative. Sets the IAM policy for the entrygroup and replaces any existing policy already attached.\n* `gcp.dataplex.EntryGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrygroup are preserved.\n* `gcp.dataplex.EntryGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrygroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.EntryGroupIamPolicy`: Retrieves the IAM policy for the entrygroup\n\n\u003e **Note:** `gcp.dataplex.EntryGroupIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.EntryGroupIamBinding` and `gcp.dataplex.EntryGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.EntryGroupIamBinding` resources **can be** used in conjunction with `gcp.dataplex.EntryGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.EntryGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.EntryGroupIamPolicy(\"policy\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.EntryGroupIamPolicy(\"policy\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.EntryGroupIamPolicy(\"policy\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewEntryGroupIamPolicy(ctx, \"policy\", \u0026dataplex.EntryGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.EntryGroupIamPolicy;\nimport com.pulumi.gcp.dataplex.EntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryGroupIamPolicy(\"policy\", EntryGroupIamPolicyArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:EntryGroupIamPolicy\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.EntryGroupIamBinding(\"binding\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.EntryGroupIamBinding(\"binding\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.EntryGroupIamBinding(\"binding\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryGroupIamBinding(ctx, \"binding\", \u0026dataplex.EntryGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryGroupIamBinding;\nimport com.pulumi.gcp.dataplex.EntryGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryGroupIamBinding(\"binding\", EntryGroupIamBindingArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:EntryGroupIamBinding\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.EntryGroupIamMember(\"member\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.EntryGroupIamMember(\"member\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.EntryGroupIamMember(\"member\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryGroupIamMember(ctx, \"member\", \u0026dataplex.EntryGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryGroupIamMember;\nimport com.pulumi.gcp.dataplex.EntryGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryGroupIamMember(\"member\", EntryGroupIamMemberArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:EntryGroupIamMember\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/entryGroups/{{entry_group_id}}\n\n* {{project}}/{{location}}/{{entry_group_id}}\n\n* {{location}}/{{entry_group_id}}\n\n* {{entry_group_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex entrygroup IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryGroupIamMember:EntryGroupIamMember editor \"projects/{{project}}/locations/{{location}}/entryGroups/{{entry_group_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryGroupIamMember:EntryGroupIamMember editor \"projects/{{project}}/locations/{{location}}/entryGroups/{{entry_group_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryGroupIamMember:EntryGroupIamMember editor projects/{{project}}/locations/{{location}}/entryGroups/{{entry_group_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dataplex/EntryGroupIamMemberCondition:EntryGroupIamMemberCondition" @@ -196730,7 +196730,7 @@ } }, "gcp:dataplex/entryGroupIamPolicy:EntryGroupIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Dataplex EntryGroup. Each of these resources serves a different use case:\n\n* `gcp.dataplex.EntryGroupIamPolicy`: Authoritative. Sets the IAM policy for the entrygroup and replaces any existing policy already attached.\n* `gcp.dataplex.EntryGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrygroup are preserved.\n* `gcp.dataplex.EntryGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrygroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.EntryGroupIamPolicy`: Retrieves the IAM policy for the entrygroup\n\n\u003e **Note:** `gcp.dataplex.EntryGroupIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.EntryGroupIamBinding` and `gcp.dataplex.EntryGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.EntryGroupIamBinding` resources **can be** used in conjunction with `gcp.dataplex.EntryGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.EntryGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.EntryGroupIamPolicy(\"policy\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.EntryGroupIamPolicy(\"policy\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.EntryGroupIamPolicy(\"policy\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewEntryGroupIamPolicy(ctx, \"policy\", \u0026dataplex.EntryGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.EntryGroupIamPolicy;\nimport com.pulumi.gcp.dataplex.EntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryGroupIamPolicy(\"policy\", EntryGroupIamPolicyArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:EntryGroupIamPolicy\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.EntryGroupIamBinding(\"binding\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.EntryGroupIamBinding(\"binding\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.EntryGroupIamBinding(\"binding\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryGroupIamBinding(ctx, \"binding\", \u0026dataplex.EntryGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryGroupIamBinding;\nimport com.pulumi.gcp.dataplex.EntryGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryGroupIamBinding(\"binding\", EntryGroupIamBindingArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:EntryGroupIamBinding\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.EntryGroupIamMember(\"member\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.EntryGroupIamMember(\"member\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.EntryGroupIamMember(\"member\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryGroupIamMember(ctx, \"member\", \u0026dataplex.EntryGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryGroupIamMember;\nimport com.pulumi.gcp.dataplex.EntryGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryGroupIamMember(\"member\", EntryGroupIamMemberArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:EntryGroupIamMember\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex EntryGroup\nThree different resources help you manage your IAM policy for Dataplex EntryGroup. Each of these resources serves a different use case:\n\n* `gcp.dataplex.EntryGroupIamPolicy`: Authoritative. Sets the IAM policy for the entrygroup and replaces any existing policy already attached.\n* `gcp.dataplex.EntryGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrygroup are preserved.\n* `gcp.dataplex.EntryGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrygroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.EntryGroupIamPolicy`: Retrieves the IAM policy for the entrygroup\n\n\u003e **Note:** `gcp.dataplex.EntryGroupIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.EntryGroupIamBinding` and `gcp.dataplex.EntryGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.EntryGroupIamBinding` resources **can be** used in conjunction with `gcp.dataplex.EntryGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.EntryGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.EntryGroupIamPolicy(\"policy\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.EntryGroupIamPolicy(\"policy\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.EntryGroupIamPolicy(\"policy\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewEntryGroupIamPolicy(ctx, \"policy\", \u0026dataplex.EntryGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.EntryGroupIamPolicy;\nimport com.pulumi.gcp.dataplex.EntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryGroupIamPolicy(\"policy\", EntryGroupIamPolicyArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:EntryGroupIamPolicy\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.EntryGroupIamBinding(\"binding\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.EntryGroupIamBinding(\"binding\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.EntryGroupIamBinding(\"binding\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryGroupIamBinding(ctx, \"binding\", \u0026dataplex.EntryGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryGroupIamBinding;\nimport com.pulumi.gcp.dataplex.EntryGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryGroupIamBinding(\"binding\", EntryGroupIamBindingArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:EntryGroupIamBinding\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.EntryGroupIamMember(\"member\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.EntryGroupIamMember(\"member\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.EntryGroupIamMember(\"member\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryGroupIamMember(ctx, \"member\", \u0026dataplex.EntryGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryGroupIamMember;\nimport com.pulumi.gcp.dataplex.EntryGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryGroupIamMember(\"member\", EntryGroupIamMemberArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:EntryGroupIamMember\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/entryGroups/{{entry_group_id}}\n\n* {{project}}/{{location}}/{{entry_group_id}}\n\n* {{location}}/{{entry_group_id}}\n\n* {{entry_group_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex entrygroup IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryGroupIamPolicy:EntryGroupIamPolicy editor \"projects/{{project}}/locations/{{location}}/entryGroups/{{entry_group_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryGroupIamPolicy:EntryGroupIamPolicy editor \"projects/{{project}}/locations/{{location}}/entryGroups/{{entry_group_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryGroupIamPolicy:EntryGroupIamPolicy editor projects/{{project}}/locations/{{location}}/entryGroups/{{entry_group_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex EntryGroup. Each of these resources serves a different use case:\n\n* `gcp.dataplex.EntryGroupIamPolicy`: Authoritative. Sets the IAM policy for the entrygroup and replaces any existing policy already attached.\n* `gcp.dataplex.EntryGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrygroup are preserved.\n* `gcp.dataplex.EntryGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrygroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.EntryGroupIamPolicy`: Retrieves the IAM policy for the entrygroup\n\n\u003e **Note:** `gcp.dataplex.EntryGroupIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.EntryGroupIamBinding` and `gcp.dataplex.EntryGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.EntryGroupIamBinding` resources **can be** used in conjunction with `gcp.dataplex.EntryGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.EntryGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.EntryGroupIamPolicy(\"policy\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.EntryGroupIamPolicy(\"policy\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.EntryGroupIamPolicy(\"policy\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewEntryGroupIamPolicy(ctx, \"policy\", \u0026dataplex.EntryGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.EntryGroupIamPolicy;\nimport com.pulumi.gcp.dataplex.EntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryGroupIamPolicy(\"policy\", EntryGroupIamPolicyArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:EntryGroupIamPolicy\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.EntryGroupIamBinding(\"binding\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.EntryGroupIamBinding(\"binding\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.EntryGroupIamBinding(\"binding\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryGroupIamBinding(ctx, \"binding\", \u0026dataplex.EntryGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryGroupIamBinding;\nimport com.pulumi.gcp.dataplex.EntryGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryGroupIamBinding(\"binding\", EntryGroupIamBindingArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:EntryGroupIamBinding\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.EntryGroupIamMember(\"member\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.EntryGroupIamMember(\"member\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.EntryGroupIamMember(\"member\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryGroupIamMember(ctx, \"member\", \u0026dataplex.EntryGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryGroupIamMember;\nimport com.pulumi.gcp.dataplex.EntryGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryGroupIamMember(\"member\", EntryGroupIamMemberArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:EntryGroupIamMember\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex EntryGroup\nThree different resources help you manage your IAM policy for Dataplex EntryGroup. Each of these resources serves a different use case:\n\n* `gcp.dataplex.EntryGroupIamPolicy`: Authoritative. Sets the IAM policy for the entrygroup and replaces any existing policy already attached.\n* `gcp.dataplex.EntryGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrygroup are preserved.\n* `gcp.dataplex.EntryGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrygroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.EntryGroupIamPolicy`: Retrieves the IAM policy for the entrygroup\n\n\u003e **Note:** `gcp.dataplex.EntryGroupIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.EntryGroupIamBinding` and `gcp.dataplex.EntryGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.EntryGroupIamBinding` resources **can be** used in conjunction with `gcp.dataplex.EntryGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.EntryGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.EntryGroupIamPolicy(\"policy\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.EntryGroupIamPolicy(\"policy\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.EntryGroupIamPolicy(\"policy\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewEntryGroupIamPolicy(ctx, \"policy\", \u0026dataplex.EntryGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.EntryGroupIamPolicy;\nimport com.pulumi.gcp.dataplex.EntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryGroupIamPolicy(\"policy\", EntryGroupIamPolicyArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:EntryGroupIamPolicy\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.EntryGroupIamBinding(\"binding\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.EntryGroupIamBinding(\"binding\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.EntryGroupIamBinding(\"binding\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryGroupIamBinding(ctx, \"binding\", \u0026dataplex.EntryGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryGroupIamBinding;\nimport com.pulumi.gcp.dataplex.EntryGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryGroupIamBinding(\"binding\", EntryGroupIamBindingArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:EntryGroupIamBinding\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.EntryGroupIamMember(\"member\", {\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.EntryGroupIamMember(\"member\",\n project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.EntryGroupIamMember(\"member\", new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryGroupIamMember(ctx, \"member\", \u0026dataplex.EntryGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: pulumi.Any(testEntryGroupBasic.EntryGroupId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryGroupIamMember;\nimport com.pulumi.gcp.dataplex.EntryGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryGroupIamMember(\"member\", EntryGroupIamMemberArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:EntryGroupIamMember\n properties:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/entryGroups/{{entry_group_id}}\n\n* {{project}}/{{location}}/{{entry_group_id}}\n\n* {{location}}/{{entry_group_id}}\n\n* {{entry_group_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex entrygroup IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryGroupIamPolicy:EntryGroupIamPolicy editor \"projects/{{project}}/locations/{{location}}/entryGroups/{{entry_group_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryGroupIamPolicy:EntryGroupIamPolicy editor \"projects/{{project}}/locations/{{location}}/entryGroups/{{entry_group_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryGroupIamPolicy:EntryGroupIamPolicy editor projects/{{project}}/locations/{{location}}/entryGroups/{{entry_group_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "entryGroupId": { "type": "string" @@ -197052,7 +197052,7 @@ } }, "gcp:dataplex/entryTypeIamBinding:EntryTypeIamBinding": { - "description": "Three different resources help you manage your IAM policy for Dataplex EntryType. Each of these resources serves a different use case:\n\n* `gcp.dataplex.EntryTypeIamPolicy`: Authoritative. Sets the IAM policy for the entrytype and replaces any existing policy already attached.\n* `gcp.dataplex.EntryTypeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrytype are preserved.\n* `gcp.dataplex.EntryTypeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrytype are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.EntryTypeIamPolicy`: Retrieves the IAM policy for the entrytype\n\n\u003e **Note:** `gcp.dataplex.EntryTypeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.EntryTypeIamBinding` and `gcp.dataplex.EntryTypeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.EntryTypeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.EntryTypeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.EntryTypeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.EntryTypeIamPolicy(\"policy\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.EntryTypeIamPolicy(\"policy\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.EntryTypeIamPolicy(\"policy\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewEntryTypeIamPolicy(ctx, \"policy\", \u0026dataplex.EntryTypeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.EntryTypeIamPolicy;\nimport com.pulumi.gcp.dataplex.EntryTypeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryTypeIamPolicy(\"policy\", EntryTypeIamPolicyArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:EntryTypeIamPolicy\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryTypeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.EntryTypeIamBinding(\"binding\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.EntryTypeIamBinding(\"binding\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.EntryTypeIamBinding(\"binding\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryTypeIamBinding(ctx, \"binding\", \u0026dataplex.EntryTypeIamBindingArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryTypeIamBinding;\nimport com.pulumi.gcp.dataplex.EntryTypeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryTypeIamBinding(\"binding\", EntryTypeIamBindingArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:EntryTypeIamBinding\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryTypeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.EntryTypeIamMember(\"member\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.EntryTypeIamMember(\"member\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.EntryTypeIamMember(\"member\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryTypeIamMember(ctx, \"member\", \u0026dataplex.EntryTypeIamMemberArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryTypeIamMember;\nimport com.pulumi.gcp.dataplex.EntryTypeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryTypeIamMember(\"member\", EntryTypeIamMemberArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:EntryTypeIamMember\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex EntryType\nThree different resources help you manage your IAM policy for Dataplex EntryType. Each of these resources serves a different use case:\n\n* `gcp.dataplex.EntryTypeIamPolicy`: Authoritative. Sets the IAM policy for the entrytype and replaces any existing policy already attached.\n* `gcp.dataplex.EntryTypeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrytype are preserved.\n* `gcp.dataplex.EntryTypeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrytype are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.EntryTypeIamPolicy`: Retrieves the IAM policy for the entrytype\n\n\u003e **Note:** `gcp.dataplex.EntryTypeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.EntryTypeIamBinding` and `gcp.dataplex.EntryTypeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.EntryTypeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.EntryTypeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.EntryTypeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.EntryTypeIamPolicy(\"policy\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.EntryTypeIamPolicy(\"policy\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.EntryTypeIamPolicy(\"policy\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewEntryTypeIamPolicy(ctx, \"policy\", \u0026dataplex.EntryTypeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.EntryTypeIamPolicy;\nimport com.pulumi.gcp.dataplex.EntryTypeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryTypeIamPolicy(\"policy\", EntryTypeIamPolicyArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:EntryTypeIamPolicy\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryTypeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.EntryTypeIamBinding(\"binding\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.EntryTypeIamBinding(\"binding\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.EntryTypeIamBinding(\"binding\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryTypeIamBinding(ctx, \"binding\", \u0026dataplex.EntryTypeIamBindingArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryTypeIamBinding;\nimport com.pulumi.gcp.dataplex.EntryTypeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryTypeIamBinding(\"binding\", EntryTypeIamBindingArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:EntryTypeIamBinding\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryTypeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.EntryTypeIamMember(\"member\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.EntryTypeIamMember(\"member\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.EntryTypeIamMember(\"member\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryTypeIamMember(ctx, \"member\", \u0026dataplex.EntryTypeIamMemberArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryTypeIamMember;\nimport com.pulumi.gcp.dataplex.EntryTypeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryTypeIamMember(\"member\", EntryTypeIamMemberArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:EntryTypeIamMember\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/entryTypes/{{entry_type_id}}\n\n* {{project}}/{{location}}/{{entry_type_id}}\n\n* {{location}}/{{entry_type_id}}\n\n* {{entry_type_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex entrytype IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryTypeIamBinding:EntryTypeIamBinding editor \"projects/{{project}}/locations/{{location}}/entryTypes/{{entry_type_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryTypeIamBinding:EntryTypeIamBinding editor \"projects/{{project}}/locations/{{location}}/entryTypes/{{entry_type_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryTypeIamBinding:EntryTypeIamBinding editor projects/{{project}}/locations/{{location}}/entryTypes/{{entry_type_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex EntryType. Each of these resources serves a different use case:\n\n* `gcp.dataplex.EntryTypeIamPolicy`: Authoritative. Sets the IAM policy for the entrytype and replaces any existing policy already attached.\n* `gcp.dataplex.EntryTypeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrytype are preserved.\n* `gcp.dataplex.EntryTypeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrytype are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.EntryTypeIamPolicy`: Retrieves the IAM policy for the entrytype\n\n\u003e **Note:** `gcp.dataplex.EntryTypeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.EntryTypeIamBinding` and `gcp.dataplex.EntryTypeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.EntryTypeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.EntryTypeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.EntryTypeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.EntryTypeIamPolicy(\"policy\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.EntryTypeIamPolicy(\"policy\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.EntryTypeIamPolicy(\"policy\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewEntryTypeIamPolicy(ctx, \"policy\", \u0026dataplex.EntryTypeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.EntryTypeIamPolicy;\nimport com.pulumi.gcp.dataplex.EntryTypeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryTypeIamPolicy(\"policy\", EntryTypeIamPolicyArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:EntryTypeIamPolicy\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryTypeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.EntryTypeIamBinding(\"binding\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.EntryTypeIamBinding(\"binding\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.EntryTypeIamBinding(\"binding\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryTypeIamBinding(ctx, \"binding\", \u0026dataplex.EntryTypeIamBindingArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryTypeIamBinding;\nimport com.pulumi.gcp.dataplex.EntryTypeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryTypeIamBinding(\"binding\", EntryTypeIamBindingArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:EntryTypeIamBinding\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryTypeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.EntryTypeIamMember(\"member\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.EntryTypeIamMember(\"member\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.EntryTypeIamMember(\"member\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryTypeIamMember(ctx, \"member\", \u0026dataplex.EntryTypeIamMemberArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryTypeIamMember;\nimport com.pulumi.gcp.dataplex.EntryTypeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryTypeIamMember(\"member\", EntryTypeIamMemberArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:EntryTypeIamMember\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex EntryType\nThree different resources help you manage your IAM policy for Dataplex EntryType. Each of these resources serves a different use case:\n\n* `gcp.dataplex.EntryTypeIamPolicy`: Authoritative. Sets the IAM policy for the entrytype and replaces any existing policy already attached.\n* `gcp.dataplex.EntryTypeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrytype are preserved.\n* `gcp.dataplex.EntryTypeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrytype are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.EntryTypeIamPolicy`: Retrieves the IAM policy for the entrytype\n\n\u003e **Note:** `gcp.dataplex.EntryTypeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.EntryTypeIamBinding` and `gcp.dataplex.EntryTypeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.EntryTypeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.EntryTypeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.EntryTypeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.EntryTypeIamPolicy(\"policy\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.EntryTypeIamPolicy(\"policy\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.EntryTypeIamPolicy(\"policy\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewEntryTypeIamPolicy(ctx, \"policy\", \u0026dataplex.EntryTypeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.EntryTypeIamPolicy;\nimport com.pulumi.gcp.dataplex.EntryTypeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryTypeIamPolicy(\"policy\", EntryTypeIamPolicyArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:EntryTypeIamPolicy\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryTypeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.EntryTypeIamBinding(\"binding\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.EntryTypeIamBinding(\"binding\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.EntryTypeIamBinding(\"binding\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryTypeIamBinding(ctx, \"binding\", \u0026dataplex.EntryTypeIamBindingArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryTypeIamBinding;\nimport com.pulumi.gcp.dataplex.EntryTypeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryTypeIamBinding(\"binding\", EntryTypeIamBindingArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:EntryTypeIamBinding\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryTypeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.EntryTypeIamMember(\"member\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.EntryTypeIamMember(\"member\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.EntryTypeIamMember(\"member\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryTypeIamMember(ctx, \"member\", \u0026dataplex.EntryTypeIamMemberArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryTypeIamMember;\nimport com.pulumi.gcp.dataplex.EntryTypeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryTypeIamMember(\"member\", EntryTypeIamMemberArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:EntryTypeIamMember\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/entryTypes/{{entry_type_id}}\n\n* {{project}}/{{location}}/{{entry_type_id}}\n\n* {{location}}/{{entry_type_id}}\n\n* {{entry_type_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex entrytype IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryTypeIamBinding:EntryTypeIamBinding editor \"projects/{{project}}/locations/{{location}}/entryTypes/{{entry_type_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryTypeIamBinding:EntryTypeIamBinding editor \"projects/{{project}}/locations/{{location}}/entryTypes/{{entry_type_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryTypeIamBinding:EntryTypeIamBinding editor projects/{{project}}/locations/{{location}}/entryTypes/{{entry_type_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dataplex/EntryTypeIamBindingCondition:EntryTypeIamBindingCondition" @@ -197171,7 +197171,7 @@ } }, "gcp:dataplex/entryTypeIamMember:EntryTypeIamMember": { - "description": "Three different resources help you manage your IAM policy for Dataplex EntryType. Each of these resources serves a different use case:\n\n* `gcp.dataplex.EntryTypeIamPolicy`: Authoritative. Sets the IAM policy for the entrytype and replaces any existing policy already attached.\n* `gcp.dataplex.EntryTypeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrytype are preserved.\n* `gcp.dataplex.EntryTypeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrytype are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.EntryTypeIamPolicy`: Retrieves the IAM policy for the entrytype\n\n\u003e **Note:** `gcp.dataplex.EntryTypeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.EntryTypeIamBinding` and `gcp.dataplex.EntryTypeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.EntryTypeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.EntryTypeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.EntryTypeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.EntryTypeIamPolicy(\"policy\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.EntryTypeIamPolicy(\"policy\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.EntryTypeIamPolicy(\"policy\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewEntryTypeIamPolicy(ctx, \"policy\", \u0026dataplex.EntryTypeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.EntryTypeIamPolicy;\nimport com.pulumi.gcp.dataplex.EntryTypeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryTypeIamPolicy(\"policy\", EntryTypeIamPolicyArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:EntryTypeIamPolicy\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryTypeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.EntryTypeIamBinding(\"binding\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.EntryTypeIamBinding(\"binding\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.EntryTypeIamBinding(\"binding\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryTypeIamBinding(ctx, \"binding\", \u0026dataplex.EntryTypeIamBindingArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryTypeIamBinding;\nimport com.pulumi.gcp.dataplex.EntryTypeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryTypeIamBinding(\"binding\", EntryTypeIamBindingArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:EntryTypeIamBinding\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryTypeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.EntryTypeIamMember(\"member\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.EntryTypeIamMember(\"member\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.EntryTypeIamMember(\"member\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryTypeIamMember(ctx, \"member\", \u0026dataplex.EntryTypeIamMemberArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryTypeIamMember;\nimport com.pulumi.gcp.dataplex.EntryTypeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryTypeIamMember(\"member\", EntryTypeIamMemberArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:EntryTypeIamMember\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex EntryType\nThree different resources help you manage your IAM policy for Dataplex EntryType. Each of these resources serves a different use case:\n\n* `gcp.dataplex.EntryTypeIamPolicy`: Authoritative. Sets the IAM policy for the entrytype and replaces any existing policy already attached.\n* `gcp.dataplex.EntryTypeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrytype are preserved.\n* `gcp.dataplex.EntryTypeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrytype are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.EntryTypeIamPolicy`: Retrieves the IAM policy for the entrytype\n\n\u003e **Note:** `gcp.dataplex.EntryTypeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.EntryTypeIamBinding` and `gcp.dataplex.EntryTypeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.EntryTypeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.EntryTypeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.EntryTypeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.EntryTypeIamPolicy(\"policy\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.EntryTypeIamPolicy(\"policy\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.EntryTypeIamPolicy(\"policy\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewEntryTypeIamPolicy(ctx, \"policy\", \u0026dataplex.EntryTypeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.EntryTypeIamPolicy;\nimport com.pulumi.gcp.dataplex.EntryTypeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryTypeIamPolicy(\"policy\", EntryTypeIamPolicyArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:EntryTypeIamPolicy\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryTypeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.EntryTypeIamBinding(\"binding\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.EntryTypeIamBinding(\"binding\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.EntryTypeIamBinding(\"binding\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryTypeIamBinding(ctx, \"binding\", \u0026dataplex.EntryTypeIamBindingArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryTypeIamBinding;\nimport com.pulumi.gcp.dataplex.EntryTypeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryTypeIamBinding(\"binding\", EntryTypeIamBindingArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:EntryTypeIamBinding\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryTypeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.EntryTypeIamMember(\"member\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.EntryTypeIamMember(\"member\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.EntryTypeIamMember(\"member\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryTypeIamMember(ctx, \"member\", \u0026dataplex.EntryTypeIamMemberArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryTypeIamMember;\nimport com.pulumi.gcp.dataplex.EntryTypeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryTypeIamMember(\"member\", EntryTypeIamMemberArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:EntryTypeIamMember\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/entryTypes/{{entry_type_id}}\n\n* {{project}}/{{location}}/{{entry_type_id}}\n\n* {{location}}/{{entry_type_id}}\n\n* {{entry_type_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex entrytype IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryTypeIamMember:EntryTypeIamMember editor \"projects/{{project}}/locations/{{location}}/entryTypes/{{entry_type_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryTypeIamMember:EntryTypeIamMember editor \"projects/{{project}}/locations/{{location}}/entryTypes/{{entry_type_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryTypeIamMember:EntryTypeIamMember editor projects/{{project}}/locations/{{location}}/entryTypes/{{entry_type_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex EntryType. Each of these resources serves a different use case:\n\n* `gcp.dataplex.EntryTypeIamPolicy`: Authoritative. Sets the IAM policy for the entrytype and replaces any existing policy already attached.\n* `gcp.dataplex.EntryTypeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrytype are preserved.\n* `gcp.dataplex.EntryTypeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrytype are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.EntryTypeIamPolicy`: Retrieves the IAM policy for the entrytype\n\n\u003e **Note:** `gcp.dataplex.EntryTypeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.EntryTypeIamBinding` and `gcp.dataplex.EntryTypeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.EntryTypeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.EntryTypeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.EntryTypeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.EntryTypeIamPolicy(\"policy\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.EntryTypeIamPolicy(\"policy\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.EntryTypeIamPolicy(\"policy\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewEntryTypeIamPolicy(ctx, \"policy\", \u0026dataplex.EntryTypeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.EntryTypeIamPolicy;\nimport com.pulumi.gcp.dataplex.EntryTypeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryTypeIamPolicy(\"policy\", EntryTypeIamPolicyArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:EntryTypeIamPolicy\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryTypeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.EntryTypeIamBinding(\"binding\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.EntryTypeIamBinding(\"binding\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.EntryTypeIamBinding(\"binding\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryTypeIamBinding(ctx, \"binding\", \u0026dataplex.EntryTypeIamBindingArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryTypeIamBinding;\nimport com.pulumi.gcp.dataplex.EntryTypeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryTypeIamBinding(\"binding\", EntryTypeIamBindingArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:EntryTypeIamBinding\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryTypeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.EntryTypeIamMember(\"member\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.EntryTypeIamMember(\"member\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.EntryTypeIamMember(\"member\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryTypeIamMember(ctx, \"member\", \u0026dataplex.EntryTypeIamMemberArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryTypeIamMember;\nimport com.pulumi.gcp.dataplex.EntryTypeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryTypeIamMember(\"member\", EntryTypeIamMemberArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:EntryTypeIamMember\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex EntryType\nThree different resources help you manage your IAM policy for Dataplex EntryType. Each of these resources serves a different use case:\n\n* `gcp.dataplex.EntryTypeIamPolicy`: Authoritative. Sets the IAM policy for the entrytype and replaces any existing policy already attached.\n* `gcp.dataplex.EntryTypeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrytype are preserved.\n* `gcp.dataplex.EntryTypeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrytype are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.EntryTypeIamPolicy`: Retrieves the IAM policy for the entrytype\n\n\u003e **Note:** `gcp.dataplex.EntryTypeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.EntryTypeIamBinding` and `gcp.dataplex.EntryTypeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.EntryTypeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.EntryTypeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.EntryTypeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.EntryTypeIamPolicy(\"policy\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.EntryTypeIamPolicy(\"policy\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.EntryTypeIamPolicy(\"policy\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewEntryTypeIamPolicy(ctx, \"policy\", \u0026dataplex.EntryTypeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.EntryTypeIamPolicy;\nimport com.pulumi.gcp.dataplex.EntryTypeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryTypeIamPolicy(\"policy\", EntryTypeIamPolicyArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:EntryTypeIamPolicy\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryTypeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.EntryTypeIamBinding(\"binding\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.EntryTypeIamBinding(\"binding\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.EntryTypeIamBinding(\"binding\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryTypeIamBinding(ctx, \"binding\", \u0026dataplex.EntryTypeIamBindingArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryTypeIamBinding;\nimport com.pulumi.gcp.dataplex.EntryTypeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryTypeIamBinding(\"binding\", EntryTypeIamBindingArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:EntryTypeIamBinding\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryTypeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.EntryTypeIamMember(\"member\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.EntryTypeIamMember(\"member\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.EntryTypeIamMember(\"member\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryTypeIamMember(ctx, \"member\", \u0026dataplex.EntryTypeIamMemberArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryTypeIamMember;\nimport com.pulumi.gcp.dataplex.EntryTypeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryTypeIamMember(\"member\", EntryTypeIamMemberArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:EntryTypeIamMember\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/entryTypes/{{entry_type_id}}\n\n* {{project}}/{{location}}/{{entry_type_id}}\n\n* {{location}}/{{entry_type_id}}\n\n* {{entry_type_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex entrytype IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryTypeIamMember:EntryTypeIamMember editor \"projects/{{project}}/locations/{{location}}/entryTypes/{{entry_type_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryTypeIamMember:EntryTypeIamMember editor \"projects/{{project}}/locations/{{location}}/entryTypes/{{entry_type_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryTypeIamMember:EntryTypeIamMember editor projects/{{project}}/locations/{{location}}/entryTypes/{{entry_type_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dataplex/EntryTypeIamMemberCondition:EntryTypeIamMemberCondition" @@ -197283,7 +197283,7 @@ } }, "gcp:dataplex/entryTypeIamPolicy:EntryTypeIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Dataplex EntryType. Each of these resources serves a different use case:\n\n* `gcp.dataplex.EntryTypeIamPolicy`: Authoritative. Sets the IAM policy for the entrytype and replaces any existing policy already attached.\n* `gcp.dataplex.EntryTypeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrytype are preserved.\n* `gcp.dataplex.EntryTypeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrytype are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.EntryTypeIamPolicy`: Retrieves the IAM policy for the entrytype\n\n\u003e **Note:** `gcp.dataplex.EntryTypeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.EntryTypeIamBinding` and `gcp.dataplex.EntryTypeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.EntryTypeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.EntryTypeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.EntryTypeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.EntryTypeIamPolicy(\"policy\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.EntryTypeIamPolicy(\"policy\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.EntryTypeIamPolicy(\"policy\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewEntryTypeIamPolicy(ctx, \"policy\", \u0026dataplex.EntryTypeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.EntryTypeIamPolicy;\nimport com.pulumi.gcp.dataplex.EntryTypeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryTypeIamPolicy(\"policy\", EntryTypeIamPolicyArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:EntryTypeIamPolicy\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryTypeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.EntryTypeIamBinding(\"binding\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.EntryTypeIamBinding(\"binding\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.EntryTypeIamBinding(\"binding\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryTypeIamBinding(ctx, \"binding\", \u0026dataplex.EntryTypeIamBindingArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryTypeIamBinding;\nimport com.pulumi.gcp.dataplex.EntryTypeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryTypeIamBinding(\"binding\", EntryTypeIamBindingArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:EntryTypeIamBinding\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryTypeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.EntryTypeIamMember(\"member\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.EntryTypeIamMember(\"member\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.EntryTypeIamMember(\"member\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryTypeIamMember(ctx, \"member\", \u0026dataplex.EntryTypeIamMemberArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryTypeIamMember;\nimport com.pulumi.gcp.dataplex.EntryTypeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryTypeIamMember(\"member\", EntryTypeIamMemberArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:EntryTypeIamMember\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex EntryType\nThree different resources help you manage your IAM policy for Dataplex EntryType. Each of these resources serves a different use case:\n\n* `gcp.dataplex.EntryTypeIamPolicy`: Authoritative. Sets the IAM policy for the entrytype and replaces any existing policy already attached.\n* `gcp.dataplex.EntryTypeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrytype are preserved.\n* `gcp.dataplex.EntryTypeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrytype are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.EntryTypeIamPolicy`: Retrieves the IAM policy for the entrytype\n\n\u003e **Note:** `gcp.dataplex.EntryTypeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.EntryTypeIamBinding` and `gcp.dataplex.EntryTypeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.EntryTypeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.EntryTypeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.EntryTypeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.EntryTypeIamPolicy(\"policy\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.EntryTypeIamPolicy(\"policy\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.EntryTypeIamPolicy(\"policy\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewEntryTypeIamPolicy(ctx, \"policy\", \u0026dataplex.EntryTypeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.EntryTypeIamPolicy;\nimport com.pulumi.gcp.dataplex.EntryTypeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryTypeIamPolicy(\"policy\", EntryTypeIamPolicyArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:EntryTypeIamPolicy\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryTypeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.EntryTypeIamBinding(\"binding\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.EntryTypeIamBinding(\"binding\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.EntryTypeIamBinding(\"binding\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryTypeIamBinding(ctx, \"binding\", \u0026dataplex.EntryTypeIamBindingArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryTypeIamBinding;\nimport com.pulumi.gcp.dataplex.EntryTypeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryTypeIamBinding(\"binding\", EntryTypeIamBindingArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:EntryTypeIamBinding\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryTypeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.EntryTypeIamMember(\"member\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.EntryTypeIamMember(\"member\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.EntryTypeIamMember(\"member\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryTypeIamMember(ctx, \"member\", \u0026dataplex.EntryTypeIamMemberArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryTypeIamMember;\nimport com.pulumi.gcp.dataplex.EntryTypeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryTypeIamMember(\"member\", EntryTypeIamMemberArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:EntryTypeIamMember\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/entryTypes/{{entry_type_id}}\n\n* {{project}}/{{location}}/{{entry_type_id}}\n\n* {{location}}/{{entry_type_id}}\n\n* {{entry_type_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex entrytype IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryTypeIamPolicy:EntryTypeIamPolicy editor \"projects/{{project}}/locations/{{location}}/entryTypes/{{entry_type_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryTypeIamPolicy:EntryTypeIamPolicy editor \"projects/{{project}}/locations/{{location}}/entryTypes/{{entry_type_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryTypeIamPolicy:EntryTypeIamPolicy editor projects/{{project}}/locations/{{location}}/entryTypes/{{entry_type_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex EntryType. Each of these resources serves a different use case:\n\n* `gcp.dataplex.EntryTypeIamPolicy`: Authoritative. Sets the IAM policy for the entrytype and replaces any existing policy already attached.\n* `gcp.dataplex.EntryTypeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrytype are preserved.\n* `gcp.dataplex.EntryTypeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrytype are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.EntryTypeIamPolicy`: Retrieves the IAM policy for the entrytype\n\n\u003e **Note:** `gcp.dataplex.EntryTypeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.EntryTypeIamBinding` and `gcp.dataplex.EntryTypeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.EntryTypeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.EntryTypeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.EntryTypeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.EntryTypeIamPolicy(\"policy\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.EntryTypeIamPolicy(\"policy\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.EntryTypeIamPolicy(\"policy\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewEntryTypeIamPolicy(ctx, \"policy\", \u0026dataplex.EntryTypeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.EntryTypeIamPolicy;\nimport com.pulumi.gcp.dataplex.EntryTypeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryTypeIamPolicy(\"policy\", EntryTypeIamPolicyArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:EntryTypeIamPolicy\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryTypeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.EntryTypeIamBinding(\"binding\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.EntryTypeIamBinding(\"binding\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.EntryTypeIamBinding(\"binding\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryTypeIamBinding(ctx, \"binding\", \u0026dataplex.EntryTypeIamBindingArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryTypeIamBinding;\nimport com.pulumi.gcp.dataplex.EntryTypeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryTypeIamBinding(\"binding\", EntryTypeIamBindingArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:EntryTypeIamBinding\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryTypeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.EntryTypeIamMember(\"member\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.EntryTypeIamMember(\"member\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.EntryTypeIamMember(\"member\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryTypeIamMember(ctx, \"member\", \u0026dataplex.EntryTypeIamMemberArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryTypeIamMember;\nimport com.pulumi.gcp.dataplex.EntryTypeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryTypeIamMember(\"member\", EntryTypeIamMemberArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:EntryTypeIamMember\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex EntryType\nThree different resources help you manage your IAM policy for Dataplex EntryType. Each of these resources serves a different use case:\n\n* `gcp.dataplex.EntryTypeIamPolicy`: Authoritative. Sets the IAM policy for the entrytype and replaces any existing policy already attached.\n* `gcp.dataplex.EntryTypeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrytype are preserved.\n* `gcp.dataplex.EntryTypeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrytype are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.EntryTypeIamPolicy`: Retrieves the IAM policy for the entrytype\n\n\u003e **Note:** `gcp.dataplex.EntryTypeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.EntryTypeIamBinding` and `gcp.dataplex.EntryTypeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.EntryTypeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.EntryTypeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.EntryTypeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.EntryTypeIamPolicy(\"policy\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.EntryTypeIamPolicy(\"policy\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.EntryTypeIamPolicy(\"policy\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewEntryTypeIamPolicy(ctx, \"policy\", \u0026dataplex.EntryTypeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.EntryTypeIamPolicy;\nimport com.pulumi.gcp.dataplex.EntryTypeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryTypeIamPolicy(\"policy\", EntryTypeIamPolicyArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:EntryTypeIamPolicy\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryTypeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.EntryTypeIamBinding(\"binding\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.EntryTypeIamBinding(\"binding\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.EntryTypeIamBinding(\"binding\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryTypeIamBinding(ctx, \"binding\", \u0026dataplex.EntryTypeIamBindingArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryTypeIamBinding;\nimport com.pulumi.gcp.dataplex.EntryTypeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryTypeIamBinding(\"binding\", EntryTypeIamBindingArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:EntryTypeIamBinding\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.EntryTypeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.EntryTypeIamMember(\"member\", {\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.EntryTypeIamMember(\"member\",\n project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.EntryTypeIamMember(\"member\", new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewEntryTypeIamMember(ctx, \"member\", \u0026dataplex.EntryTypeIamMemberArgs{\n\t\t\tProject: pulumi.Any(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.Any(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: pulumi.Any(testEntryTypeBasic.EntryTypeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.EntryTypeIamMember;\nimport com.pulumi.gcp.dataplex.EntryTypeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryTypeIamMember(\"member\", EntryTypeIamMemberArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:EntryTypeIamMember\n properties:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/entryTypes/{{entry_type_id}}\n\n* {{project}}/{{location}}/{{entry_type_id}}\n\n* {{location}}/{{entry_type_id}}\n\n* {{entry_type_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex entrytype IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryTypeIamPolicy:EntryTypeIamPolicy editor \"projects/{{project}}/locations/{{location}}/entryTypes/{{entry_type_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryTypeIamPolicy:EntryTypeIamPolicy editor \"projects/{{project}}/locations/{{location}}/entryTypes/{{entry_type_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/entryTypeIamPolicy:EntryTypeIamPolicy editor projects/{{project}}/locations/{{location}}/entryTypes/{{entry_type_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "entryTypeId": { "type": "string" @@ -197593,7 +197593,7 @@ } }, "gcp:dataplex/lakeIamBinding:LakeIamBinding": { - "description": "Three different resources help you manage your IAM policy for Dataplex Lake. Each of these resources serves a different use case:\n\n* `gcp.dataplex.LakeIamPolicy`: Authoritative. Sets the IAM policy for the lake and replaces any existing policy already attached.\n* `gcp.dataplex.LakeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the lake are preserved.\n* `gcp.dataplex.LakeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the lake are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.LakeIamPolicy`: Retrieves the IAM policy for the lake\n\n\u003e **Note:** `gcp.dataplex.LakeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.LakeIamBinding` and `gcp.dataplex.LakeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.LakeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.LakeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.LakeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.LakeIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.LakeIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.LakeIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewLakeIamPolicy(ctx, \"policy\", \u0026dataplex.LakeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.LakeIamPolicy;\nimport com.pulumi.gcp.dataplex.LakeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LakeIamPolicy(\"policy\", LakeIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:LakeIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.LakeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.LakeIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.LakeIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.LakeIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamBinding(ctx, \"binding\", \u0026dataplex.LakeIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamBinding;\nimport com.pulumi.gcp.dataplex.LakeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LakeIamBinding(\"binding\", LakeIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:LakeIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.LakeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.LakeIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.LakeIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.LakeIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamMember(ctx, \"member\", \u0026dataplex.LakeIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamMember;\nimport com.pulumi.gcp.dataplex.LakeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LakeIamMember(\"member\", LakeIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:LakeIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex Lake\nThree different resources help you manage your IAM policy for Dataplex Lake. Each of these resources serves a different use case:\n\n* `gcp.dataplex.LakeIamPolicy`: Authoritative. Sets the IAM policy for the lake and replaces any existing policy already attached.\n* `gcp.dataplex.LakeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the lake are preserved.\n* `gcp.dataplex.LakeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the lake are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.LakeIamPolicy`: Retrieves the IAM policy for the lake\n\n\u003e **Note:** `gcp.dataplex.LakeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.LakeIamBinding` and `gcp.dataplex.LakeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.LakeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.LakeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.LakeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.LakeIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.LakeIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.LakeIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewLakeIamPolicy(ctx, \"policy\", \u0026dataplex.LakeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.LakeIamPolicy;\nimport com.pulumi.gcp.dataplex.LakeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LakeIamPolicy(\"policy\", LakeIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:LakeIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.LakeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.LakeIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.LakeIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.LakeIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamBinding(ctx, \"binding\", \u0026dataplex.LakeIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamBinding;\nimport com.pulumi.gcp.dataplex.LakeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LakeIamBinding(\"binding\", LakeIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:LakeIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.LakeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.LakeIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.LakeIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.LakeIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamMember(ctx, \"member\", \u0026dataplex.LakeIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamMember;\nimport com.pulumi.gcp.dataplex.LakeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LakeIamMember(\"member\", LakeIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:LakeIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex lake IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamBinding:LakeIamBinding editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamBinding:LakeIamBinding editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamBinding:LakeIamBinding editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex Lake. Each of these resources serves a different use case:\n\n* `gcp.dataplex.LakeIamPolicy`: Authoritative. Sets the IAM policy for the lake and replaces any existing policy already attached.\n* `gcp.dataplex.LakeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the lake are preserved.\n* `gcp.dataplex.LakeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the lake are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.LakeIamPolicy`: Retrieves the IAM policy for the lake\n\n\u003e **Note:** `gcp.dataplex.LakeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.LakeIamBinding` and `gcp.dataplex.LakeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.LakeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.LakeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.LakeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.LakeIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.LakeIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.LakeIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewLakeIamPolicy(ctx, \"policy\", \u0026dataplex.LakeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.LakeIamPolicy;\nimport com.pulumi.gcp.dataplex.LakeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LakeIamPolicy(\"policy\", LakeIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:LakeIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.LakeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.LakeIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.LakeIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.LakeIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamBinding(ctx, \"binding\", \u0026dataplex.LakeIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamBinding;\nimport com.pulumi.gcp.dataplex.LakeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LakeIamBinding(\"binding\", LakeIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:LakeIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.LakeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.LakeIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.LakeIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.LakeIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamMember(ctx, \"member\", \u0026dataplex.LakeIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamMember;\nimport com.pulumi.gcp.dataplex.LakeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LakeIamMember(\"member\", LakeIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:LakeIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex Lake\nThree different resources help you manage your IAM policy for Dataplex Lake. Each of these resources serves a different use case:\n\n* `gcp.dataplex.LakeIamPolicy`: Authoritative. Sets the IAM policy for the lake and replaces any existing policy already attached.\n* `gcp.dataplex.LakeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the lake are preserved.\n* `gcp.dataplex.LakeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the lake are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.LakeIamPolicy`: Retrieves the IAM policy for the lake\n\n\u003e **Note:** `gcp.dataplex.LakeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.LakeIamBinding` and `gcp.dataplex.LakeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.LakeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.LakeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.LakeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.LakeIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.LakeIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.LakeIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewLakeIamPolicy(ctx, \"policy\", \u0026dataplex.LakeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.LakeIamPolicy;\nimport com.pulumi.gcp.dataplex.LakeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LakeIamPolicy(\"policy\", LakeIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:LakeIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.LakeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.LakeIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.LakeIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.LakeIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamBinding(ctx, \"binding\", \u0026dataplex.LakeIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamBinding;\nimport com.pulumi.gcp.dataplex.LakeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LakeIamBinding(\"binding\", LakeIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:LakeIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.LakeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.LakeIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.LakeIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.LakeIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamMember(ctx, \"member\", \u0026dataplex.LakeIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamMember;\nimport com.pulumi.gcp.dataplex.LakeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LakeIamMember(\"member\", LakeIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:LakeIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex lake IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamBinding:LakeIamBinding editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamBinding:LakeIamBinding editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamBinding:LakeIamBinding editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dataplex/LakeIamBindingCondition:LakeIamBindingCondition" @@ -197712,7 +197712,7 @@ } }, "gcp:dataplex/lakeIamMember:LakeIamMember": { - "description": "Three different resources help you manage your IAM policy for Dataplex Lake. Each of these resources serves a different use case:\n\n* `gcp.dataplex.LakeIamPolicy`: Authoritative. Sets the IAM policy for the lake and replaces any existing policy already attached.\n* `gcp.dataplex.LakeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the lake are preserved.\n* `gcp.dataplex.LakeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the lake are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.LakeIamPolicy`: Retrieves the IAM policy for the lake\n\n\u003e **Note:** `gcp.dataplex.LakeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.LakeIamBinding` and `gcp.dataplex.LakeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.LakeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.LakeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.LakeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.LakeIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.LakeIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.LakeIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewLakeIamPolicy(ctx, \"policy\", \u0026dataplex.LakeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.LakeIamPolicy;\nimport com.pulumi.gcp.dataplex.LakeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LakeIamPolicy(\"policy\", LakeIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:LakeIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.LakeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.LakeIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.LakeIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.LakeIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamBinding(ctx, \"binding\", \u0026dataplex.LakeIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamBinding;\nimport com.pulumi.gcp.dataplex.LakeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LakeIamBinding(\"binding\", LakeIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:LakeIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.LakeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.LakeIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.LakeIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.LakeIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamMember(ctx, \"member\", \u0026dataplex.LakeIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamMember;\nimport com.pulumi.gcp.dataplex.LakeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LakeIamMember(\"member\", LakeIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:LakeIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex Lake\nThree different resources help you manage your IAM policy for Dataplex Lake. Each of these resources serves a different use case:\n\n* `gcp.dataplex.LakeIamPolicy`: Authoritative. Sets the IAM policy for the lake and replaces any existing policy already attached.\n* `gcp.dataplex.LakeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the lake are preserved.\n* `gcp.dataplex.LakeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the lake are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.LakeIamPolicy`: Retrieves the IAM policy for the lake\n\n\u003e **Note:** `gcp.dataplex.LakeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.LakeIamBinding` and `gcp.dataplex.LakeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.LakeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.LakeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.LakeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.LakeIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.LakeIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.LakeIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewLakeIamPolicy(ctx, \"policy\", \u0026dataplex.LakeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.LakeIamPolicy;\nimport com.pulumi.gcp.dataplex.LakeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LakeIamPolicy(\"policy\", LakeIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:LakeIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.LakeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.LakeIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.LakeIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.LakeIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamBinding(ctx, \"binding\", \u0026dataplex.LakeIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamBinding;\nimport com.pulumi.gcp.dataplex.LakeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LakeIamBinding(\"binding\", LakeIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:LakeIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.LakeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.LakeIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.LakeIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.LakeIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamMember(ctx, \"member\", \u0026dataplex.LakeIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamMember;\nimport com.pulumi.gcp.dataplex.LakeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LakeIamMember(\"member\", LakeIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:LakeIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex lake IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamMember:LakeIamMember editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamMember:LakeIamMember editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamMember:LakeIamMember editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex Lake. Each of these resources serves a different use case:\n\n* `gcp.dataplex.LakeIamPolicy`: Authoritative. Sets the IAM policy for the lake and replaces any existing policy already attached.\n* `gcp.dataplex.LakeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the lake are preserved.\n* `gcp.dataplex.LakeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the lake are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.LakeIamPolicy`: Retrieves the IAM policy for the lake\n\n\u003e **Note:** `gcp.dataplex.LakeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.LakeIamBinding` and `gcp.dataplex.LakeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.LakeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.LakeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.LakeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.LakeIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.LakeIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.LakeIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewLakeIamPolicy(ctx, \"policy\", \u0026dataplex.LakeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.LakeIamPolicy;\nimport com.pulumi.gcp.dataplex.LakeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LakeIamPolicy(\"policy\", LakeIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:LakeIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.LakeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.LakeIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.LakeIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.LakeIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamBinding(ctx, \"binding\", \u0026dataplex.LakeIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamBinding;\nimport com.pulumi.gcp.dataplex.LakeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LakeIamBinding(\"binding\", LakeIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:LakeIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.LakeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.LakeIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.LakeIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.LakeIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamMember(ctx, \"member\", \u0026dataplex.LakeIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamMember;\nimport com.pulumi.gcp.dataplex.LakeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LakeIamMember(\"member\", LakeIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:LakeIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex Lake\nThree different resources help you manage your IAM policy for Dataplex Lake. Each of these resources serves a different use case:\n\n* `gcp.dataplex.LakeIamPolicy`: Authoritative. Sets the IAM policy for the lake and replaces any existing policy already attached.\n* `gcp.dataplex.LakeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the lake are preserved.\n* `gcp.dataplex.LakeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the lake are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.LakeIamPolicy`: Retrieves the IAM policy for the lake\n\n\u003e **Note:** `gcp.dataplex.LakeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.LakeIamBinding` and `gcp.dataplex.LakeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.LakeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.LakeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.LakeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.LakeIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.LakeIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.LakeIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewLakeIamPolicy(ctx, \"policy\", \u0026dataplex.LakeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.LakeIamPolicy;\nimport com.pulumi.gcp.dataplex.LakeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LakeIamPolicy(\"policy\", LakeIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:LakeIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.LakeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.LakeIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.LakeIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.LakeIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamBinding(ctx, \"binding\", \u0026dataplex.LakeIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamBinding;\nimport com.pulumi.gcp.dataplex.LakeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LakeIamBinding(\"binding\", LakeIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:LakeIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.LakeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.LakeIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.LakeIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.LakeIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamMember(ctx, \"member\", \u0026dataplex.LakeIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamMember;\nimport com.pulumi.gcp.dataplex.LakeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LakeIamMember(\"member\", LakeIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:LakeIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex lake IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamMember:LakeIamMember editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamMember:LakeIamMember editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamMember:LakeIamMember editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dataplex/LakeIamMemberCondition:LakeIamMemberCondition" @@ -197824,7 +197824,7 @@ } }, "gcp:dataplex/lakeIamPolicy:LakeIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Dataplex Lake. Each of these resources serves a different use case:\n\n* `gcp.dataplex.LakeIamPolicy`: Authoritative. Sets the IAM policy for the lake and replaces any existing policy already attached.\n* `gcp.dataplex.LakeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the lake are preserved.\n* `gcp.dataplex.LakeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the lake are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.LakeIamPolicy`: Retrieves the IAM policy for the lake\n\n\u003e **Note:** `gcp.dataplex.LakeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.LakeIamBinding` and `gcp.dataplex.LakeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.LakeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.LakeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.LakeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.LakeIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.LakeIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.LakeIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewLakeIamPolicy(ctx, \"policy\", \u0026dataplex.LakeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.LakeIamPolicy;\nimport com.pulumi.gcp.dataplex.LakeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LakeIamPolicy(\"policy\", LakeIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:LakeIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.LakeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.LakeIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.LakeIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.LakeIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamBinding(ctx, \"binding\", \u0026dataplex.LakeIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamBinding;\nimport com.pulumi.gcp.dataplex.LakeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LakeIamBinding(\"binding\", LakeIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:LakeIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.LakeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.LakeIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.LakeIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.LakeIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamMember(ctx, \"member\", \u0026dataplex.LakeIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamMember;\nimport com.pulumi.gcp.dataplex.LakeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LakeIamMember(\"member\", LakeIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:LakeIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex Lake\nThree different resources help you manage your IAM policy for Dataplex Lake. Each of these resources serves a different use case:\n\n* `gcp.dataplex.LakeIamPolicy`: Authoritative. Sets the IAM policy for the lake and replaces any existing policy already attached.\n* `gcp.dataplex.LakeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the lake are preserved.\n* `gcp.dataplex.LakeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the lake are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.LakeIamPolicy`: Retrieves the IAM policy for the lake\n\n\u003e **Note:** `gcp.dataplex.LakeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.LakeIamBinding` and `gcp.dataplex.LakeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.LakeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.LakeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.LakeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.LakeIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.LakeIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.LakeIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewLakeIamPolicy(ctx, \"policy\", \u0026dataplex.LakeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.LakeIamPolicy;\nimport com.pulumi.gcp.dataplex.LakeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LakeIamPolicy(\"policy\", LakeIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:LakeIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.LakeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.LakeIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.LakeIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.LakeIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamBinding(ctx, \"binding\", \u0026dataplex.LakeIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamBinding;\nimport com.pulumi.gcp.dataplex.LakeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LakeIamBinding(\"binding\", LakeIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:LakeIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.LakeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.LakeIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.LakeIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.LakeIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamMember(ctx, \"member\", \u0026dataplex.LakeIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamMember;\nimport com.pulumi.gcp.dataplex.LakeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LakeIamMember(\"member\", LakeIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:LakeIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex lake IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamPolicy:LakeIamPolicy editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamPolicy:LakeIamPolicy editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamPolicy:LakeIamPolicy editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex Lake. Each of these resources serves a different use case:\n\n* `gcp.dataplex.LakeIamPolicy`: Authoritative. Sets the IAM policy for the lake and replaces any existing policy already attached.\n* `gcp.dataplex.LakeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the lake are preserved.\n* `gcp.dataplex.LakeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the lake are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.LakeIamPolicy`: Retrieves the IAM policy for the lake\n\n\u003e **Note:** `gcp.dataplex.LakeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.LakeIamBinding` and `gcp.dataplex.LakeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.LakeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.LakeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.LakeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.LakeIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.LakeIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.LakeIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewLakeIamPolicy(ctx, \"policy\", \u0026dataplex.LakeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.LakeIamPolicy;\nimport com.pulumi.gcp.dataplex.LakeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LakeIamPolicy(\"policy\", LakeIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:LakeIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.LakeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.LakeIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.LakeIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.LakeIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamBinding(ctx, \"binding\", \u0026dataplex.LakeIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamBinding;\nimport com.pulumi.gcp.dataplex.LakeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LakeIamBinding(\"binding\", LakeIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:LakeIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.LakeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.LakeIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.LakeIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.LakeIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamMember(ctx, \"member\", \u0026dataplex.LakeIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamMember;\nimport com.pulumi.gcp.dataplex.LakeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LakeIamMember(\"member\", LakeIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:LakeIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex Lake\nThree different resources help you manage your IAM policy for Dataplex Lake. Each of these resources serves a different use case:\n\n* `gcp.dataplex.LakeIamPolicy`: Authoritative. Sets the IAM policy for the lake and replaces any existing policy already attached.\n* `gcp.dataplex.LakeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the lake are preserved.\n* `gcp.dataplex.LakeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the lake are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.LakeIamPolicy`: Retrieves the IAM policy for the lake\n\n\u003e **Note:** `gcp.dataplex.LakeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.LakeIamBinding` and `gcp.dataplex.LakeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.LakeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.LakeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.LakeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.LakeIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.LakeIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.LakeIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewLakeIamPolicy(ctx, \"policy\", \u0026dataplex.LakeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.LakeIamPolicy;\nimport com.pulumi.gcp.dataplex.LakeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LakeIamPolicy(\"policy\", LakeIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:LakeIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.LakeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.LakeIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.LakeIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.LakeIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamBinding(ctx, \"binding\", \u0026dataplex.LakeIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamBinding;\nimport com.pulumi.gcp.dataplex.LakeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LakeIamBinding(\"binding\", LakeIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:LakeIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.LakeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.LakeIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.LakeIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.LakeIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamMember(ctx, \"member\", \u0026dataplex.LakeIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamMember;\nimport com.pulumi.gcp.dataplex.LakeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LakeIamMember(\"member\", LakeIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:LakeIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex lake IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamPolicy:LakeIamPolicy editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamPolicy:LakeIamPolicy editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamPolicy:LakeIamPolicy editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -197907,7 +197907,7 @@ } }, "gcp:dataplex/task:Task": { - "description": "A Dataplex task represents the work that you want Dataplex to do on a schedule. It encapsulates code, parameters, and the schedule.\n\n\nTo get more information about Task, see:\n\n* [API documentation](https://cloud.google.com/dataplex/docs/reference/rest/v1/projects.locations.lakes.tasks)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/dataplex/docs)\n\n## Example Usage\n\n### Dataplex Task Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example = new gcp.dataplex.Lake(\"example\", {\n name: \"tf-test-lake_91042\",\n location: \"us-central1\",\n project: \"my-project-name\",\n});\nconst exampleTask = new gcp.dataplex.Task(\"example\", {\n taskId: \"tf-test-task_72490\",\n location: \"us-central1\",\n lake: example.name,\n description: \"Test Task Basic\",\n displayName: \"task-basic\",\n labels: {\n count: \"3\",\n },\n triggerSpec: {\n type: \"RECURRING\",\n disabled: false,\n maxRetries: 3,\n startTime: \"2023-10-02T15:01:23Z\",\n schedule: \"1 * * * *\",\n },\n executionSpec: {\n serviceAccount: project.then(project =\u003e `${project.number}-compute@developer.gserviceaccount.com`),\n project: \"my-project-name\",\n maxJobExecutionLifetime: \"100s\",\n kmsKey: \"234jn2kjn42k3n423\",\n },\n spark: {\n pythonScriptFile: \"gs://dataproc-examples/pyspark/hello-world/hello-world.py\",\n },\n project: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample = gcp.dataplex.Lake(\"example\",\n name=\"tf-test-lake_91042\",\n location=\"us-central1\",\n project=\"my-project-name\")\nexample_task = gcp.dataplex.Task(\"example\",\n task_id=\"tf-test-task_72490\",\n location=\"us-central1\",\n lake=example.name,\n description=\"Test Task Basic\",\n display_name=\"task-basic\",\n labels={\n \"count\": \"3\",\n },\n trigger_spec={\n \"type\": \"RECURRING\",\n \"disabled\": False,\n \"max_retries\": 3,\n \"start_time\": \"2023-10-02T15:01:23Z\",\n \"schedule\": \"1 * * * *\",\n },\n execution_spec={\n \"service_account\": f\"{project.number}-compute@developer.gserviceaccount.com\",\n \"project\": \"my-project-name\",\n \"max_job_execution_lifetime\": \"100s\",\n \"kms_key\": \"234jn2kjn42k3n423\",\n },\n spark={\n \"python_script_file\": \"gs://dataproc-examples/pyspark/hello-world/hello-world.py\",\n },\n project=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example = new Gcp.DataPlex.Lake(\"example\", new()\n {\n Name = \"tf-test-lake_91042\",\n Location = \"us-central1\",\n Project = \"my-project-name\",\n });\n\n var exampleTask = new Gcp.DataPlex.Task(\"example\", new()\n {\n TaskId = \"tf-test-task_72490\",\n Location = \"us-central1\",\n Lake = example.Name,\n Description = \"Test Task Basic\",\n DisplayName = \"task-basic\",\n Labels = \n {\n { \"count\", \"3\" },\n },\n TriggerSpec = new Gcp.DataPlex.Inputs.TaskTriggerSpecArgs\n {\n Type = \"RECURRING\",\n Disabled = false,\n MaxRetries = 3,\n StartTime = \"2023-10-02T15:01:23Z\",\n Schedule = \"1 * * * *\",\n },\n ExecutionSpec = new Gcp.DataPlex.Inputs.TaskExecutionSpecArgs\n {\n ServiceAccount = $\"{project.Apply(getProjectResult =\u003e getProjectResult.Number)}-compute@developer.gserviceaccount.com\",\n Project = \"my-project-name\",\n MaxJobExecutionLifetime = \"100s\",\n KmsKey = \"234jn2kjn42k3n423\",\n },\n Spark = new Gcp.DataPlex.Inputs.TaskSparkArgs\n {\n PythonScriptFile = \"gs://dataproc-examples/pyspark/hello-world/hello-world.py\",\n },\n Project = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := dataplex.NewLake(ctx, \"example\", \u0026dataplex.LakeArgs{\n\t\t\tName: pulumi.String(\"tf-test-lake_91042\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewTask(ctx, \"example\", \u0026dataplex.TaskArgs{\n\t\t\tTaskId: pulumi.String(\"tf-test-task_72490\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tLake: example.Name,\n\t\t\tDescription: pulumi.String(\"Test Task Basic\"),\n\t\t\tDisplayName: pulumi.String(\"task-basic\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"count\": pulumi.String(\"3\"),\n\t\t\t},\n\t\t\tTriggerSpec: \u0026dataplex.TaskTriggerSpecArgs{\n\t\t\t\tType: pulumi.String(\"RECURRING\"),\n\t\t\t\tDisabled: pulumi.Bool(false),\n\t\t\t\tMaxRetries: pulumi.Int(3),\n\t\t\t\tStartTime: pulumi.String(\"2023-10-02T15:01:23Z\"),\n\t\t\t\tSchedule: pulumi.String(\"1 * * * *\"),\n\t\t\t},\n\t\t\tExecutionSpec: \u0026dataplex.TaskExecutionSpecArgs{\n\t\t\t\tServiceAccount: pulumi.Sprintf(\"%v-compute@developer.gserviceaccount.com\", project.Number),\n\t\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\t\tMaxJobExecutionLifetime: pulumi.String(\"100s\"),\n\t\t\t\tKmsKey: pulumi.String(\"234jn2kjn42k3n423\"),\n\t\t\t},\n\t\t\tSpark: \u0026dataplex.TaskSparkArgs{\n\t\t\t\tPythonScriptFile: pulumi.String(\"gs://dataproc-examples/pyspark/hello-world/hello-world.py\"),\n\t\t\t},\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.dataplex.Lake;\nimport com.pulumi.gcp.dataplex.LakeArgs;\nimport com.pulumi.gcp.dataplex.Task;\nimport com.pulumi.gcp.dataplex.TaskArgs;\nimport com.pulumi.gcp.dataplex.inputs.TaskTriggerSpecArgs;\nimport com.pulumi.gcp.dataplex.inputs.TaskExecutionSpecArgs;\nimport com.pulumi.gcp.dataplex.inputs.TaskSparkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example = new Lake(\"example\", LakeArgs.builder()\n .name(\"tf-test-lake_91042\")\n .location(\"us-central1\")\n .project(\"my-project-name\")\n .build());\n\n var exampleTask = new Task(\"exampleTask\", TaskArgs.builder()\n .taskId(\"tf-test-task_72490\")\n .location(\"us-central1\")\n .lake(example.name())\n .description(\"Test Task Basic\")\n .displayName(\"task-basic\")\n .labels(Map.of(\"count\", \"3\"))\n .triggerSpec(TaskTriggerSpecArgs.builder()\n .type(\"RECURRING\")\n .disabled(false)\n .maxRetries(3)\n .startTime(\"2023-10-02T15:01:23Z\")\n .schedule(\"1 * * * *\")\n .build())\n .executionSpec(TaskExecutionSpecArgs.builder()\n .serviceAccount(String.format(\"%s-compute@developer.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .project(\"my-project-name\")\n .maxJobExecutionLifetime(\"100s\")\n .kmsKey(\"234jn2kjn42k3n423\")\n .build())\n .spark(TaskSparkArgs.builder()\n .pythonScriptFile(\"gs://dataproc-examples/pyspark/hello-world/hello-world.py\")\n .build())\n .project(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:dataplex:Lake\n properties:\n name: tf-test-lake_91042\n location: us-central1\n project: my-project-name\n exampleTask:\n type: gcp:dataplex:Task\n name: example\n properties:\n taskId: tf-test-task_72490\n location: us-central1\n lake: ${example.name}\n description: Test Task Basic\n displayName: task-basic\n labels:\n count: '3'\n triggerSpec:\n type: RECURRING\n disabled: false\n maxRetries: 3\n startTime: 2023-10-02T15:01:23Z\n schedule: 1 * * * *\n executionSpec:\n serviceAccount: ${project.number}-compute@developer.gserviceaccount.com\n project: my-project-name\n maxJobExecutionLifetime: 100s\n kmsKey: 234jn2kjn42k3n423\n spark:\n pythonScriptFile: gs://dataproc-examples/pyspark/hello-world/hello-world.py\n project: my-project-name\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dataplex Task Spark\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n// VPC network\nconst _default = new gcp.compute.Network(\"default\", {\n name: \"tf-test-workstation-cluster_89605\",\n autoCreateSubnetworks: true,\n});\nconst project = gcp.organizations.getProject({});\nconst exampleSpark = new gcp.dataplex.Lake(\"example_spark\", {\n name: \"tf-test-lake_56730\",\n location: \"us-central1\",\n project: \"my-project-name\",\n});\nconst exampleSparkTask = new gcp.dataplex.Task(\"example_spark\", {\n taskId: \"tf-test-task_95154\",\n location: \"us-central1\",\n lake: exampleSpark.name,\n triggerSpec: {\n type: \"ON_DEMAND\",\n },\n description: \"task-spark-terraform\",\n executionSpec: {\n serviceAccount: project.then(project =\u003e `${project.number}-compute@developer.gserviceaccount.com`),\n args: {\n TASK_ARGS: \"--output_location,gs://spark-job/task-result, --output_format, json\",\n },\n },\n spark: {\n infrastructureSpec: {\n batch: {\n executorsCount: 2,\n maxExecutorsCount: 100,\n },\n containerImage: {\n image: \"test-image\",\n javaJars: [\"test-java-jars.jar\"],\n pythonPackages: [\"gs://bucket-name/my/path/to/lib.tar.gz\"],\n properties: {\n name: \"wrench\",\n mass: \"1.3kg\",\n count: \"3\",\n },\n },\n vpcNetwork: {\n networkTags: [\"test-network-tag\"],\n subNetwork: _default.id,\n },\n },\n fileUris: [\"gs://terrafrom-test/test.csv\"],\n archiveUris: [\"gs://terraform-test/test.csv\"],\n sqlScript: \"show databases\",\n },\n project: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n# VPC network\ndefault = gcp.compute.Network(\"default\",\n name=\"tf-test-workstation-cluster_89605\",\n auto_create_subnetworks=True)\nproject = gcp.organizations.get_project()\nexample_spark = gcp.dataplex.Lake(\"example_spark\",\n name=\"tf-test-lake_56730\",\n location=\"us-central1\",\n project=\"my-project-name\")\nexample_spark_task = gcp.dataplex.Task(\"example_spark\",\n task_id=\"tf-test-task_95154\",\n location=\"us-central1\",\n lake=example_spark.name,\n trigger_spec={\n \"type\": \"ON_DEMAND\",\n },\n description=\"task-spark-terraform\",\n execution_spec={\n \"service_account\": f\"{project.number}-compute@developer.gserviceaccount.com\",\n \"args\": {\n \"TASK_ARGS\": \"--output_location,gs://spark-job/task-result, --output_format, json\",\n },\n },\n spark={\n \"infrastructure_spec\": {\n \"batch\": {\n \"executors_count\": 2,\n \"max_executors_count\": 100,\n },\n \"container_image\": {\n \"image\": \"test-image\",\n \"java_jars\": [\"test-java-jars.jar\"],\n \"python_packages\": [\"gs://bucket-name/my/path/to/lib.tar.gz\"],\n \"properties\": {\n \"name\": \"wrench\",\n \"mass\": \"1.3kg\",\n \"count\": \"3\",\n },\n },\n \"vpc_network\": {\n \"network_tags\": [\"test-network-tag\"],\n \"sub_network\": default.id,\n },\n },\n \"file_uris\": [\"gs://terrafrom-test/test.csv\"],\n \"archive_uris\": [\"gs://terraform-test/test.csv\"],\n \"sql_script\": \"show databases\",\n },\n project=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // VPC network\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"tf-test-workstation-cluster_89605\",\n AutoCreateSubnetworks = true,\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var exampleSpark = new Gcp.DataPlex.Lake(\"example_spark\", new()\n {\n Name = \"tf-test-lake_56730\",\n Location = \"us-central1\",\n Project = \"my-project-name\",\n });\n\n var exampleSparkTask = new Gcp.DataPlex.Task(\"example_spark\", new()\n {\n TaskId = \"tf-test-task_95154\",\n Location = \"us-central1\",\n Lake = exampleSpark.Name,\n TriggerSpec = new Gcp.DataPlex.Inputs.TaskTriggerSpecArgs\n {\n Type = \"ON_DEMAND\",\n },\n Description = \"task-spark-terraform\",\n ExecutionSpec = new Gcp.DataPlex.Inputs.TaskExecutionSpecArgs\n {\n ServiceAccount = $\"{project.Apply(getProjectResult =\u003e getProjectResult.Number)}-compute@developer.gserviceaccount.com\",\n Args = \n {\n { \"TASK_ARGS\", \"--output_location,gs://spark-job/task-result, --output_format, json\" },\n },\n },\n Spark = new Gcp.DataPlex.Inputs.TaskSparkArgs\n {\n InfrastructureSpec = new Gcp.DataPlex.Inputs.TaskSparkInfrastructureSpecArgs\n {\n Batch = new Gcp.DataPlex.Inputs.TaskSparkInfrastructureSpecBatchArgs\n {\n ExecutorsCount = 2,\n MaxExecutorsCount = 100,\n },\n ContainerImage = new Gcp.DataPlex.Inputs.TaskSparkInfrastructureSpecContainerImageArgs\n {\n Image = \"test-image\",\n JavaJars = new[]\n {\n \"test-java-jars.jar\",\n },\n PythonPackages = new[]\n {\n \"gs://bucket-name/my/path/to/lib.tar.gz\",\n },\n Properties = \n {\n { \"name\", \"wrench\" },\n { \"mass\", \"1.3kg\" },\n { \"count\", \"3\" },\n },\n },\n VpcNetwork = new Gcp.DataPlex.Inputs.TaskSparkInfrastructureSpecVpcNetworkArgs\n {\n NetworkTags = new[]\n {\n \"test-network-tag\",\n },\n SubNetwork = @default.Id,\n },\n },\n FileUris = new[]\n {\n \"gs://terrafrom-test/test.csv\",\n },\n ArchiveUris = new[]\n {\n \"gs://terraform-test/test.csv\",\n },\n SqlScript = \"show databases\",\n },\n Project = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// VPC network\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"tf-test-workstation-cluster_89605\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleSpark, err := dataplex.NewLake(ctx, \"example_spark\", \u0026dataplex.LakeArgs{\n\t\t\tName: pulumi.String(\"tf-test-lake_56730\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewTask(ctx, \"example_spark\", \u0026dataplex.TaskArgs{\n\t\t\tTaskId: pulumi.String(\"tf-test-task_95154\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tLake: exampleSpark.Name,\n\t\t\tTriggerSpec: \u0026dataplex.TaskTriggerSpecArgs{\n\t\t\t\tType: pulumi.String(\"ON_DEMAND\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"task-spark-terraform\"),\n\t\t\tExecutionSpec: \u0026dataplex.TaskExecutionSpecArgs{\n\t\t\t\tServiceAccount: pulumi.Sprintf(\"%v-compute@developer.gserviceaccount.com\", project.Number),\n\t\t\t\tArgs: pulumi.StringMap{\n\t\t\t\t\t\"TASK_ARGS\": pulumi.String(\"--output_location,gs://spark-job/task-result, --output_format, json\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tSpark: \u0026dataplex.TaskSparkArgs{\n\t\t\t\tInfrastructureSpec: \u0026dataplex.TaskSparkInfrastructureSpecArgs{\n\t\t\t\t\tBatch: \u0026dataplex.TaskSparkInfrastructureSpecBatchArgs{\n\t\t\t\t\t\tExecutorsCount: pulumi.Int(2),\n\t\t\t\t\t\tMaxExecutorsCount: pulumi.Int(100),\n\t\t\t\t\t},\n\t\t\t\t\tContainerImage: \u0026dataplex.TaskSparkInfrastructureSpecContainerImageArgs{\n\t\t\t\t\t\tImage: pulumi.String(\"test-image\"),\n\t\t\t\t\t\tJavaJars: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"test-java-jars.jar\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tPythonPackages: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"gs://bucket-name/my/path/to/lib.tar.gz\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\t\t\t\"name\": pulumi.String(\"wrench\"),\n\t\t\t\t\t\t\t\"mass\": pulumi.String(\"1.3kg\"),\n\t\t\t\t\t\t\t\"count\": pulumi.String(\"3\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVpcNetwork: \u0026dataplex.TaskSparkInfrastructureSpecVpcNetworkArgs{\n\t\t\t\t\t\tNetworkTags: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"test-network-tag\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSubNetwork: _default.ID(),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tFileUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"gs://terrafrom-test/test.csv\"),\n\t\t\t\t},\n\t\t\t\tArchiveUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"gs://terraform-test/test.csv\"),\n\t\t\t\t},\n\t\t\t\tSqlScript: pulumi.String(\"show databases\"),\n\t\t\t},\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.dataplex.Lake;\nimport com.pulumi.gcp.dataplex.LakeArgs;\nimport com.pulumi.gcp.dataplex.Task;\nimport com.pulumi.gcp.dataplex.TaskArgs;\nimport com.pulumi.gcp.dataplex.inputs.TaskTriggerSpecArgs;\nimport com.pulumi.gcp.dataplex.inputs.TaskExecutionSpecArgs;\nimport com.pulumi.gcp.dataplex.inputs.TaskSparkArgs;\nimport com.pulumi.gcp.dataplex.inputs.TaskSparkInfrastructureSpecArgs;\nimport com.pulumi.gcp.dataplex.inputs.TaskSparkInfrastructureSpecBatchArgs;\nimport com.pulumi.gcp.dataplex.inputs.TaskSparkInfrastructureSpecContainerImageArgs;\nimport com.pulumi.gcp.dataplex.inputs.TaskSparkInfrastructureSpecVpcNetworkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // VPC network\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"tf-test-workstation-cluster_89605\")\n .autoCreateSubnetworks(true)\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var exampleSpark = new Lake(\"exampleSpark\", LakeArgs.builder()\n .name(\"tf-test-lake_56730\")\n .location(\"us-central1\")\n .project(\"my-project-name\")\n .build());\n\n var exampleSparkTask = new Task(\"exampleSparkTask\", TaskArgs.builder()\n .taskId(\"tf-test-task_95154\")\n .location(\"us-central1\")\n .lake(exampleSpark.name())\n .triggerSpec(TaskTriggerSpecArgs.builder()\n .type(\"ON_DEMAND\")\n .build())\n .description(\"task-spark-terraform\")\n .executionSpec(TaskExecutionSpecArgs.builder()\n .serviceAccount(String.format(\"%s-compute@developer.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .args(Map.of(\"TASK_ARGS\", \"--output_location,gs://spark-job/task-result, --output_format, json\"))\n .build())\n .spark(TaskSparkArgs.builder()\n .infrastructureSpec(TaskSparkInfrastructureSpecArgs.builder()\n .batch(TaskSparkInfrastructureSpecBatchArgs.builder()\n .executorsCount(2)\n .maxExecutorsCount(100)\n .build())\n .containerImage(TaskSparkInfrastructureSpecContainerImageArgs.builder()\n .image(\"test-image\")\n .javaJars(\"test-java-jars.jar\")\n .pythonPackages(\"gs://bucket-name/my/path/to/lib.tar.gz\")\n .properties(Map.ofEntries(\n Map.entry(\"name\", \"wrench\"),\n Map.entry(\"mass\", \"1.3kg\"),\n Map.entry(\"count\", \"3\")\n ))\n .build())\n .vpcNetwork(TaskSparkInfrastructureSpecVpcNetworkArgs.builder()\n .networkTags(\"test-network-tag\")\n .subNetwork(default_.id())\n .build())\n .build())\n .fileUris(\"gs://terrafrom-test/test.csv\")\n .archiveUris(\"gs://terraform-test/test.csv\")\n .sqlScript(\"show databases\")\n .build())\n .project(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # VPC network\n default:\n type: gcp:compute:Network\n properties:\n name: tf-test-workstation-cluster_89605\n autoCreateSubnetworks: true\n exampleSpark:\n type: gcp:dataplex:Lake\n name: example_spark\n properties:\n name: tf-test-lake_56730\n location: us-central1\n project: my-project-name\n exampleSparkTask:\n type: gcp:dataplex:Task\n name: example_spark\n properties:\n taskId: tf-test-task_95154\n location: us-central1\n lake: ${exampleSpark.name}\n triggerSpec:\n type: ON_DEMAND\n description: task-spark-terraform\n executionSpec:\n serviceAccount: ${project.number}-compute@developer.gserviceaccount.com\n args:\n TASK_ARGS: --output_location,gs://spark-job/task-result, --output_format, json\n spark:\n infrastructureSpec:\n batch:\n executorsCount: 2\n maxExecutorsCount: 100\n containerImage:\n image: test-image\n javaJars:\n - test-java-jars.jar\n pythonPackages:\n - gs://bucket-name/my/path/to/lib.tar.gz\n properties:\n name: wrench\n mass: 1.3kg\n count: '3'\n vpcNetwork:\n networkTags:\n - test-network-tag\n subNetwork: ${default.id}\n fileUris:\n - gs://terrafrom-test/test.csv\n archiveUris:\n - gs://terraform-test/test.csv\n sqlScript: show databases\n project: my-project-name\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dataplex Task Notebook\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n// VPC network\nconst _default = new gcp.compute.Network(\"default\", {\n name: \"tf-test-workstation-cluster_64336\",\n autoCreateSubnetworks: true,\n});\nconst project = gcp.organizations.getProject({});\nconst exampleNotebook = new gcp.dataplex.Lake(\"example_notebook\", {\n name: \"tf-test-lake_34962\",\n location: \"us-central1\",\n project: \"my-project-name\",\n});\nconst exampleNotebookTask = new gcp.dataplex.Task(\"example_notebook\", {\n taskId: \"tf-test-task_74000\",\n location: \"us-central1\",\n lake: exampleNotebook.name,\n triggerSpec: {\n type: \"RECURRING\",\n schedule: \"1 * * * *\",\n },\n executionSpec: {\n serviceAccount: project.then(project =\u003e `${project.number}-compute@developer.gserviceaccount.com`),\n args: {\n TASK_ARGS: \"--output_location,gs://spark-job-jars-anrajitha/task-result, --output_format, json\",\n },\n },\n notebook: {\n notebook: \"gs://terraform-test/test-notebook.ipynb\",\n infrastructureSpec: {\n batch: {\n executorsCount: 2,\n maxExecutorsCount: 100,\n },\n containerImage: {\n image: \"test-image\",\n javaJars: [\"test-java-jars.jar\"],\n pythonPackages: [\"gs://bucket-name/my/path/to/lib.tar.gz\"],\n properties: {\n name: \"wrench\",\n mass: \"1.3kg\",\n count: \"3\",\n },\n },\n vpcNetwork: {\n networkTags: [\"test-network-tag\"],\n network: _default.id,\n },\n },\n fileUris: [\"gs://terraform-test/test.csv\"],\n archiveUris: [\"gs://terraform-test/test.csv\"],\n },\n project: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n# VPC network\ndefault = gcp.compute.Network(\"default\",\n name=\"tf-test-workstation-cluster_64336\",\n auto_create_subnetworks=True)\nproject = gcp.organizations.get_project()\nexample_notebook = gcp.dataplex.Lake(\"example_notebook\",\n name=\"tf-test-lake_34962\",\n location=\"us-central1\",\n project=\"my-project-name\")\nexample_notebook_task = gcp.dataplex.Task(\"example_notebook\",\n task_id=\"tf-test-task_74000\",\n location=\"us-central1\",\n lake=example_notebook.name,\n trigger_spec={\n \"type\": \"RECURRING\",\n \"schedule\": \"1 * * * *\",\n },\n execution_spec={\n \"service_account\": f\"{project.number}-compute@developer.gserviceaccount.com\",\n \"args\": {\n \"TASK_ARGS\": \"--output_location,gs://spark-job-jars-anrajitha/task-result, --output_format, json\",\n },\n },\n notebook={\n \"notebook\": \"gs://terraform-test/test-notebook.ipynb\",\n \"infrastructure_spec\": {\n \"batch\": {\n \"executors_count\": 2,\n \"max_executors_count\": 100,\n },\n \"container_image\": {\n \"image\": \"test-image\",\n \"java_jars\": [\"test-java-jars.jar\"],\n \"python_packages\": [\"gs://bucket-name/my/path/to/lib.tar.gz\"],\n \"properties\": {\n \"name\": \"wrench\",\n \"mass\": \"1.3kg\",\n \"count\": \"3\",\n },\n },\n \"vpc_network\": {\n \"network_tags\": [\"test-network-tag\"],\n \"network\": default.id,\n },\n },\n \"file_uris\": [\"gs://terraform-test/test.csv\"],\n \"archive_uris\": [\"gs://terraform-test/test.csv\"],\n },\n project=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // VPC network\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"tf-test-workstation-cluster_64336\",\n AutoCreateSubnetworks = true,\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var exampleNotebook = new Gcp.DataPlex.Lake(\"example_notebook\", new()\n {\n Name = \"tf-test-lake_34962\",\n Location = \"us-central1\",\n Project = \"my-project-name\",\n });\n\n var exampleNotebookTask = new Gcp.DataPlex.Task(\"example_notebook\", new()\n {\n TaskId = \"tf-test-task_74000\",\n Location = \"us-central1\",\n Lake = exampleNotebook.Name,\n TriggerSpec = new Gcp.DataPlex.Inputs.TaskTriggerSpecArgs\n {\n Type = \"RECURRING\",\n Schedule = \"1 * * * *\",\n },\n ExecutionSpec = new Gcp.DataPlex.Inputs.TaskExecutionSpecArgs\n {\n ServiceAccount = $\"{project.Apply(getProjectResult =\u003e getProjectResult.Number)}-compute@developer.gserviceaccount.com\",\n Args = \n {\n { \"TASK_ARGS\", \"--output_location,gs://spark-job-jars-anrajitha/task-result, --output_format, json\" },\n },\n },\n Notebook = new Gcp.DataPlex.Inputs.TaskNotebookArgs\n {\n Notebook = \"gs://terraform-test/test-notebook.ipynb\",\n InfrastructureSpec = new Gcp.DataPlex.Inputs.TaskNotebookInfrastructureSpecArgs\n {\n Batch = new Gcp.DataPlex.Inputs.TaskNotebookInfrastructureSpecBatchArgs\n {\n ExecutorsCount = 2,\n MaxExecutorsCount = 100,\n },\n ContainerImage = new Gcp.DataPlex.Inputs.TaskNotebookInfrastructureSpecContainerImageArgs\n {\n Image = \"test-image\",\n JavaJars = new[]\n {\n \"test-java-jars.jar\",\n },\n PythonPackages = new[]\n {\n \"gs://bucket-name/my/path/to/lib.tar.gz\",\n },\n Properties = \n {\n { \"name\", \"wrench\" },\n { \"mass\", \"1.3kg\" },\n { \"count\", \"3\" },\n },\n },\n VpcNetwork = new Gcp.DataPlex.Inputs.TaskNotebookInfrastructureSpecVpcNetworkArgs\n {\n NetworkTags = new[]\n {\n \"test-network-tag\",\n },\n Network = @default.Id,\n },\n },\n FileUris = new[]\n {\n \"gs://terraform-test/test.csv\",\n },\n ArchiveUris = new[]\n {\n \"gs://terraform-test/test.csv\",\n },\n },\n Project = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// VPC network\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"tf-test-workstation-cluster_64336\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleNotebook, err := dataplex.NewLake(ctx, \"example_notebook\", \u0026dataplex.LakeArgs{\n\t\t\tName: pulumi.String(\"tf-test-lake_34962\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewTask(ctx, \"example_notebook\", \u0026dataplex.TaskArgs{\n\t\t\tTaskId: pulumi.String(\"tf-test-task_74000\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tLake: exampleNotebook.Name,\n\t\t\tTriggerSpec: \u0026dataplex.TaskTriggerSpecArgs{\n\t\t\t\tType: pulumi.String(\"RECURRING\"),\n\t\t\t\tSchedule: pulumi.String(\"1 * * * *\"),\n\t\t\t},\n\t\t\tExecutionSpec: \u0026dataplex.TaskExecutionSpecArgs{\n\t\t\t\tServiceAccount: pulumi.Sprintf(\"%v-compute@developer.gserviceaccount.com\", project.Number),\n\t\t\t\tArgs: pulumi.StringMap{\n\t\t\t\t\t\"TASK_ARGS\": pulumi.String(\"--output_location,gs://spark-job-jars-anrajitha/task-result, --output_format, json\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNotebook: \u0026dataplex.TaskNotebookArgs{\n\t\t\t\tNotebook: pulumi.String(\"gs://terraform-test/test-notebook.ipynb\"),\n\t\t\t\tInfrastructureSpec: \u0026dataplex.TaskNotebookInfrastructureSpecArgs{\n\t\t\t\t\tBatch: \u0026dataplex.TaskNotebookInfrastructureSpecBatchArgs{\n\t\t\t\t\t\tExecutorsCount: pulumi.Int(2),\n\t\t\t\t\t\tMaxExecutorsCount: pulumi.Int(100),\n\t\t\t\t\t},\n\t\t\t\t\tContainerImage: \u0026dataplex.TaskNotebookInfrastructureSpecContainerImageArgs{\n\t\t\t\t\t\tImage: pulumi.String(\"test-image\"),\n\t\t\t\t\t\tJavaJars: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"test-java-jars.jar\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tPythonPackages: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"gs://bucket-name/my/path/to/lib.tar.gz\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\t\t\t\"name\": pulumi.String(\"wrench\"),\n\t\t\t\t\t\t\t\"mass\": pulumi.String(\"1.3kg\"),\n\t\t\t\t\t\t\t\"count\": pulumi.String(\"3\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVpcNetwork: \u0026dataplex.TaskNotebookInfrastructureSpecVpcNetworkArgs{\n\t\t\t\t\t\tNetworkTags: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"test-network-tag\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tNetwork: _default.ID(),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tFileUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"gs://terraform-test/test.csv\"),\n\t\t\t\t},\n\t\t\t\tArchiveUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"gs://terraform-test/test.csv\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.dataplex.Lake;\nimport com.pulumi.gcp.dataplex.LakeArgs;\nimport com.pulumi.gcp.dataplex.Task;\nimport com.pulumi.gcp.dataplex.TaskArgs;\nimport com.pulumi.gcp.dataplex.inputs.TaskTriggerSpecArgs;\nimport com.pulumi.gcp.dataplex.inputs.TaskExecutionSpecArgs;\nimport com.pulumi.gcp.dataplex.inputs.TaskNotebookArgs;\nimport com.pulumi.gcp.dataplex.inputs.TaskNotebookInfrastructureSpecArgs;\nimport com.pulumi.gcp.dataplex.inputs.TaskNotebookInfrastructureSpecBatchArgs;\nimport com.pulumi.gcp.dataplex.inputs.TaskNotebookInfrastructureSpecContainerImageArgs;\nimport com.pulumi.gcp.dataplex.inputs.TaskNotebookInfrastructureSpecVpcNetworkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // VPC network\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"tf-test-workstation-cluster_64336\")\n .autoCreateSubnetworks(true)\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var exampleNotebook = new Lake(\"exampleNotebook\", LakeArgs.builder()\n .name(\"tf-test-lake_34962\")\n .location(\"us-central1\")\n .project(\"my-project-name\")\n .build());\n\n var exampleNotebookTask = new Task(\"exampleNotebookTask\", TaskArgs.builder()\n .taskId(\"tf-test-task_74000\")\n .location(\"us-central1\")\n .lake(exampleNotebook.name())\n .triggerSpec(TaskTriggerSpecArgs.builder()\n .type(\"RECURRING\")\n .schedule(\"1 * * * *\")\n .build())\n .executionSpec(TaskExecutionSpecArgs.builder()\n .serviceAccount(String.format(\"%s-compute@developer.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .args(Map.of(\"TASK_ARGS\", \"--output_location,gs://spark-job-jars-anrajitha/task-result, --output_format, json\"))\n .build())\n .notebook(TaskNotebookArgs.builder()\n .notebook(\"gs://terraform-test/test-notebook.ipynb\")\n .infrastructureSpec(TaskNotebookInfrastructureSpecArgs.builder()\n .batch(TaskNotebookInfrastructureSpecBatchArgs.builder()\n .executorsCount(2)\n .maxExecutorsCount(100)\n .build())\n .containerImage(TaskNotebookInfrastructureSpecContainerImageArgs.builder()\n .image(\"test-image\")\n .javaJars(\"test-java-jars.jar\")\n .pythonPackages(\"gs://bucket-name/my/path/to/lib.tar.gz\")\n .properties(Map.ofEntries(\n Map.entry(\"name\", \"wrench\"),\n Map.entry(\"mass\", \"1.3kg\"),\n Map.entry(\"count\", \"3\")\n ))\n .build())\n .vpcNetwork(TaskNotebookInfrastructureSpecVpcNetworkArgs.builder()\n .networkTags(\"test-network-tag\")\n .network(default_.id())\n .build())\n .build())\n .fileUris(\"gs://terraform-test/test.csv\")\n .archiveUris(\"gs://terraform-test/test.csv\")\n .build())\n .project(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # VPC network\n default:\n type: gcp:compute:Network\n properties:\n name: tf-test-workstation-cluster_64336\n autoCreateSubnetworks: true\n exampleNotebook:\n type: gcp:dataplex:Lake\n name: example_notebook\n properties:\n name: tf-test-lake_34962\n location: us-central1\n project: my-project-name\n exampleNotebookTask:\n type: gcp:dataplex:Task\n name: example_notebook\n properties:\n taskId: tf-test-task_74000\n location: us-central1\n lake: ${exampleNotebook.name}\n triggerSpec:\n type: RECURRING\n schedule: 1 * * * *\n executionSpec:\n serviceAccount: ${project.number}-compute@developer.gserviceaccount.com\n args:\n TASK_ARGS: --output_location,gs://spark-job-jars-anrajitha/task-result, --output_format, json\n notebook:\n notebook: gs://terraform-test/test-notebook.ipynb\n infrastructureSpec:\n batch:\n executorsCount: 2\n maxExecutorsCount: 100\n containerImage:\n image: test-image\n javaJars:\n - test-java-jars.jar\n pythonPackages:\n - gs://bucket-name/my/path/to/lib.tar.gz\n properties:\n name: wrench\n mass: 1.3kg\n count: '3'\n vpcNetwork:\n networkTags:\n - test-network-tag\n network: ${default.id}\n fileUris:\n - gs://terraform-test/test.csv\n archiveUris:\n - gs://terraform-test/test.csv\n project: my-project-name\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nTask can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}}`\n\n* `{{project}}/{{location}}/{{lake}}/{{task_id}}`\n\n* `{{location}}/{{lake}}/{{task_id}}`\n\nWhen using the `pulumi import` command, Task can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:dataplex/task:Task default projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}}\n```\n\n```sh\n$ pulumi import gcp:dataplex/task:Task default {{project}}/{{location}}/{{lake}}/{{task_id}}\n```\n\n```sh\n$ pulumi import gcp:dataplex/task:Task default {{location}}/{{lake}}/{{task_id}}\n```\n\n", + "description": "A Dataplex task represents the work that you want Dataplex to do on a schedule. It encapsulates code, parameters, and the schedule.\n\n\nTo get more information about Task, see:\n\n* [API documentation](https://cloud.google.com/dataplex/docs/reference/rest/v1/projects.locations.lakes.tasks)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/dataplex/docs)\n\n## Example Usage\n\n### Dataplex Task Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example = new gcp.dataplex.Lake(\"example\", {\n name: \"tf-test-lake_91042\",\n location: \"us-central1\",\n project: \"my-project-name\",\n});\nconst exampleTask = new gcp.dataplex.Task(\"example\", {\n taskId: \"tf-test-task_72490\",\n location: \"us-central1\",\n lake: example.name,\n description: \"Test Task Basic\",\n displayName: \"task-basic\",\n labels: {\n count: \"3\",\n },\n triggerSpec: {\n type: \"RECURRING\",\n disabled: false,\n maxRetries: 3,\n startTime: \"2023-10-02T15:01:23Z\",\n schedule: \"1 * * * *\",\n },\n executionSpec: {\n serviceAccount: project.then(project =\u003e `${project.number}-compute@developer.gserviceaccount.com`),\n project: \"my-project-name\",\n maxJobExecutionLifetime: \"100s\",\n kmsKey: \"234jn2kjn42k3n423\",\n },\n spark: {\n pythonScriptFile: \"gs://dataproc-examples/pyspark/hello-world/hello-world.py\",\n },\n project: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample = gcp.dataplex.Lake(\"example\",\n name=\"tf-test-lake_91042\",\n location=\"us-central1\",\n project=\"my-project-name\")\nexample_task = gcp.dataplex.Task(\"example\",\n task_id=\"tf-test-task_72490\",\n location=\"us-central1\",\n lake=example.name,\n description=\"Test Task Basic\",\n display_name=\"task-basic\",\n labels={\n \"count\": \"3\",\n },\n trigger_spec={\n \"type\": \"RECURRING\",\n \"disabled\": False,\n \"max_retries\": 3,\n \"start_time\": \"2023-10-02T15:01:23Z\",\n \"schedule\": \"1 * * * *\",\n },\n execution_spec={\n \"service_account\": f\"{project.number}-compute@developer.gserviceaccount.com\",\n \"project\": \"my-project-name\",\n \"max_job_execution_lifetime\": \"100s\",\n \"kms_key\": \"234jn2kjn42k3n423\",\n },\n spark={\n \"python_script_file\": \"gs://dataproc-examples/pyspark/hello-world/hello-world.py\",\n },\n project=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example = new Gcp.DataPlex.Lake(\"example\", new()\n {\n Name = \"tf-test-lake_91042\",\n Location = \"us-central1\",\n Project = \"my-project-name\",\n });\n\n var exampleTask = new Gcp.DataPlex.Task(\"example\", new()\n {\n TaskId = \"tf-test-task_72490\",\n Location = \"us-central1\",\n Lake = example.Name,\n Description = \"Test Task Basic\",\n DisplayName = \"task-basic\",\n Labels = \n {\n { \"count\", \"3\" },\n },\n TriggerSpec = new Gcp.DataPlex.Inputs.TaskTriggerSpecArgs\n {\n Type = \"RECURRING\",\n Disabled = false,\n MaxRetries = 3,\n StartTime = \"2023-10-02T15:01:23Z\",\n Schedule = \"1 * * * *\",\n },\n ExecutionSpec = new Gcp.DataPlex.Inputs.TaskExecutionSpecArgs\n {\n ServiceAccount = $\"{project.Apply(getProjectResult =\u003e getProjectResult.Number)}-compute@developer.gserviceaccount.com\",\n Project = \"my-project-name\",\n MaxJobExecutionLifetime = \"100s\",\n KmsKey = \"234jn2kjn42k3n423\",\n },\n Spark = new Gcp.DataPlex.Inputs.TaskSparkArgs\n {\n PythonScriptFile = \"gs://dataproc-examples/pyspark/hello-world/hello-world.py\",\n },\n Project = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := dataplex.NewLake(ctx, \"example\", \u0026dataplex.LakeArgs{\n\t\t\tName: pulumi.String(\"tf-test-lake_91042\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewTask(ctx, \"example\", \u0026dataplex.TaskArgs{\n\t\t\tTaskId: pulumi.String(\"tf-test-task_72490\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tLake: example.Name,\n\t\t\tDescription: pulumi.String(\"Test Task Basic\"),\n\t\t\tDisplayName: pulumi.String(\"task-basic\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"count\": pulumi.String(\"3\"),\n\t\t\t},\n\t\t\tTriggerSpec: \u0026dataplex.TaskTriggerSpecArgs{\n\t\t\t\tType: pulumi.String(\"RECURRING\"),\n\t\t\t\tDisabled: pulumi.Bool(false),\n\t\t\t\tMaxRetries: pulumi.Int(3),\n\t\t\t\tStartTime: pulumi.String(\"2023-10-02T15:01:23Z\"),\n\t\t\t\tSchedule: pulumi.String(\"1 * * * *\"),\n\t\t\t},\n\t\t\tExecutionSpec: \u0026dataplex.TaskExecutionSpecArgs{\n\t\t\t\tServiceAccount: pulumi.Sprintf(\"%v-compute@developer.gserviceaccount.com\", project.Number),\n\t\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\t\tMaxJobExecutionLifetime: pulumi.String(\"100s\"),\n\t\t\t\tKmsKey: pulumi.String(\"234jn2kjn42k3n423\"),\n\t\t\t},\n\t\t\tSpark: \u0026dataplex.TaskSparkArgs{\n\t\t\t\tPythonScriptFile: pulumi.String(\"gs://dataproc-examples/pyspark/hello-world/hello-world.py\"),\n\t\t\t},\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.dataplex.Lake;\nimport com.pulumi.gcp.dataplex.LakeArgs;\nimport com.pulumi.gcp.dataplex.Task;\nimport com.pulumi.gcp.dataplex.TaskArgs;\nimport com.pulumi.gcp.dataplex.inputs.TaskTriggerSpecArgs;\nimport com.pulumi.gcp.dataplex.inputs.TaskExecutionSpecArgs;\nimport com.pulumi.gcp.dataplex.inputs.TaskSparkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example = new Lake(\"example\", LakeArgs.builder()\n .name(\"tf-test-lake_91042\")\n .location(\"us-central1\")\n .project(\"my-project-name\")\n .build());\n\n var exampleTask = new Task(\"exampleTask\", TaskArgs.builder()\n .taskId(\"tf-test-task_72490\")\n .location(\"us-central1\")\n .lake(example.name())\n .description(\"Test Task Basic\")\n .displayName(\"task-basic\")\n .labels(Map.of(\"count\", \"3\"))\n .triggerSpec(TaskTriggerSpecArgs.builder()\n .type(\"RECURRING\")\n .disabled(false)\n .maxRetries(3)\n .startTime(\"2023-10-02T15:01:23Z\")\n .schedule(\"1 * * * *\")\n .build())\n .executionSpec(TaskExecutionSpecArgs.builder()\n .serviceAccount(String.format(\"%s-compute@developer.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .project(\"my-project-name\")\n .maxJobExecutionLifetime(\"100s\")\n .kmsKey(\"234jn2kjn42k3n423\")\n .build())\n .spark(TaskSparkArgs.builder()\n .pythonScriptFile(\"gs://dataproc-examples/pyspark/hello-world/hello-world.py\")\n .build())\n .project(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:dataplex:Lake\n properties:\n name: tf-test-lake_91042\n location: us-central1\n project: my-project-name\n exampleTask:\n type: gcp:dataplex:Task\n name: example\n properties:\n taskId: tf-test-task_72490\n location: us-central1\n lake: ${example.name}\n description: Test Task Basic\n displayName: task-basic\n labels:\n count: '3'\n triggerSpec:\n type: RECURRING\n disabled: false\n maxRetries: 3\n startTime: 2023-10-02T15:01:23Z\n schedule: 1 * * * *\n executionSpec:\n serviceAccount: ${project.number}-compute@developer.gserviceaccount.com\n project: my-project-name\n maxJobExecutionLifetime: 100s\n kmsKey: 234jn2kjn42k3n423\n spark:\n pythonScriptFile: gs://dataproc-examples/pyspark/hello-world/hello-world.py\n project: my-project-name\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dataplex Task Spark\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n// VPC network\nconst _default = new gcp.compute.Network(\"default\", {\n name: \"tf-test-workstation-cluster_89605\",\n autoCreateSubnetworks: true,\n});\nconst project = gcp.organizations.getProject({});\nconst exampleSpark = new gcp.dataplex.Lake(\"example_spark\", {\n name: \"tf-test-lake_56730\",\n location: \"us-central1\",\n project: \"my-project-name\",\n});\nconst exampleSparkTask = new gcp.dataplex.Task(\"example_spark\", {\n taskId: \"tf-test-task_95154\",\n location: \"us-central1\",\n lake: exampleSpark.name,\n triggerSpec: {\n type: \"ON_DEMAND\",\n },\n description: \"task-spark-terraform\",\n executionSpec: {\n serviceAccount: project.then(project =\u003e `${project.number}-compute@developer.gserviceaccount.com`),\n args: {\n TASK_ARGS: \"--output_location,gs://spark-job/task-result, --output_format, json\",\n },\n },\n spark: {\n infrastructureSpec: {\n batch: {\n executorsCount: 2,\n maxExecutorsCount: 100,\n },\n containerImage: {\n image: \"test-image\",\n javaJars: [\"test-java-jars.jar\"],\n pythonPackages: [\"gs://bucket-name/my/path/to/lib.tar.gz\"],\n properties: {\n name: \"wrench\",\n mass: \"1.3kg\",\n count: \"3\",\n },\n },\n vpcNetwork: {\n networkTags: [\"test-network-tag\"],\n subNetwork: _default.id,\n },\n },\n fileUris: [\"gs://terrafrom-test/test.csv\"],\n archiveUris: [\"gs://terraform-test/test.csv\"],\n sqlScript: \"show databases\",\n },\n project: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n# VPC network\ndefault = gcp.compute.Network(\"default\",\n name=\"tf-test-workstation-cluster_89605\",\n auto_create_subnetworks=True)\nproject = gcp.organizations.get_project()\nexample_spark = gcp.dataplex.Lake(\"example_spark\",\n name=\"tf-test-lake_56730\",\n location=\"us-central1\",\n project=\"my-project-name\")\nexample_spark_task = gcp.dataplex.Task(\"example_spark\",\n task_id=\"tf-test-task_95154\",\n location=\"us-central1\",\n lake=example_spark.name,\n trigger_spec={\n \"type\": \"ON_DEMAND\",\n },\n description=\"task-spark-terraform\",\n execution_spec={\n \"service_account\": f\"{project.number}-compute@developer.gserviceaccount.com\",\n \"args\": {\n \"TASK_ARGS\": \"--output_location,gs://spark-job/task-result, --output_format, json\",\n },\n },\n spark={\n \"infrastructure_spec\": {\n \"batch\": {\n \"executors_count\": 2,\n \"max_executors_count\": 100,\n },\n \"container_image\": {\n \"image\": \"test-image\",\n \"java_jars\": [\"test-java-jars.jar\"],\n \"python_packages\": [\"gs://bucket-name/my/path/to/lib.tar.gz\"],\n \"properties\": {\n \"name\": \"wrench\",\n \"mass\": \"1.3kg\",\n \"count\": \"3\",\n },\n },\n \"vpc_network\": {\n \"network_tags\": [\"test-network-tag\"],\n \"sub_network\": default.id,\n },\n },\n \"file_uris\": [\"gs://terrafrom-test/test.csv\"],\n \"archive_uris\": [\"gs://terraform-test/test.csv\"],\n \"sql_script\": \"show databases\",\n },\n project=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // VPC network\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"tf-test-workstation-cluster_89605\",\n AutoCreateSubnetworks = true,\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var exampleSpark = new Gcp.DataPlex.Lake(\"example_spark\", new()\n {\n Name = \"tf-test-lake_56730\",\n Location = \"us-central1\",\n Project = \"my-project-name\",\n });\n\n var exampleSparkTask = new Gcp.DataPlex.Task(\"example_spark\", new()\n {\n TaskId = \"tf-test-task_95154\",\n Location = \"us-central1\",\n Lake = exampleSpark.Name,\n TriggerSpec = new Gcp.DataPlex.Inputs.TaskTriggerSpecArgs\n {\n Type = \"ON_DEMAND\",\n },\n Description = \"task-spark-terraform\",\n ExecutionSpec = new Gcp.DataPlex.Inputs.TaskExecutionSpecArgs\n {\n ServiceAccount = $\"{project.Apply(getProjectResult =\u003e getProjectResult.Number)}-compute@developer.gserviceaccount.com\",\n Args = \n {\n { \"TASK_ARGS\", \"--output_location,gs://spark-job/task-result, --output_format, json\" },\n },\n },\n Spark = new Gcp.DataPlex.Inputs.TaskSparkArgs\n {\n InfrastructureSpec = new Gcp.DataPlex.Inputs.TaskSparkInfrastructureSpecArgs\n {\n Batch = new Gcp.DataPlex.Inputs.TaskSparkInfrastructureSpecBatchArgs\n {\n ExecutorsCount = 2,\n MaxExecutorsCount = 100,\n },\n ContainerImage = new Gcp.DataPlex.Inputs.TaskSparkInfrastructureSpecContainerImageArgs\n {\n Image = \"test-image\",\n JavaJars = new[]\n {\n \"test-java-jars.jar\",\n },\n PythonPackages = new[]\n {\n \"gs://bucket-name/my/path/to/lib.tar.gz\",\n },\n Properties = \n {\n { \"name\", \"wrench\" },\n { \"mass\", \"1.3kg\" },\n { \"count\", \"3\" },\n },\n },\n VpcNetwork = new Gcp.DataPlex.Inputs.TaskSparkInfrastructureSpecVpcNetworkArgs\n {\n NetworkTags = new[]\n {\n \"test-network-tag\",\n },\n SubNetwork = @default.Id,\n },\n },\n FileUris = new[]\n {\n \"gs://terrafrom-test/test.csv\",\n },\n ArchiveUris = new[]\n {\n \"gs://terraform-test/test.csv\",\n },\n SqlScript = \"show databases\",\n },\n Project = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// VPC network\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"tf-test-workstation-cluster_89605\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleSpark, err := dataplex.NewLake(ctx, \"example_spark\", \u0026dataplex.LakeArgs{\n\t\t\tName: pulumi.String(\"tf-test-lake_56730\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewTask(ctx, \"example_spark\", \u0026dataplex.TaskArgs{\n\t\t\tTaskId: pulumi.String(\"tf-test-task_95154\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tLake: exampleSpark.Name,\n\t\t\tTriggerSpec: \u0026dataplex.TaskTriggerSpecArgs{\n\t\t\t\tType: pulumi.String(\"ON_DEMAND\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"task-spark-terraform\"),\n\t\t\tExecutionSpec: \u0026dataplex.TaskExecutionSpecArgs{\n\t\t\t\tServiceAccount: pulumi.Sprintf(\"%v-compute@developer.gserviceaccount.com\", project.Number),\n\t\t\t\tArgs: pulumi.StringMap{\n\t\t\t\t\t\"TASK_ARGS\": pulumi.String(\"--output_location,gs://spark-job/task-result, --output_format, json\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tSpark: \u0026dataplex.TaskSparkArgs{\n\t\t\t\tInfrastructureSpec: \u0026dataplex.TaskSparkInfrastructureSpecArgs{\n\t\t\t\t\tBatch: \u0026dataplex.TaskSparkInfrastructureSpecBatchArgs{\n\t\t\t\t\t\tExecutorsCount: pulumi.Int(2),\n\t\t\t\t\t\tMaxExecutorsCount: pulumi.Int(100),\n\t\t\t\t\t},\n\t\t\t\t\tContainerImage: \u0026dataplex.TaskSparkInfrastructureSpecContainerImageArgs{\n\t\t\t\t\t\tImage: pulumi.String(\"test-image\"),\n\t\t\t\t\t\tJavaJars: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"test-java-jars.jar\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tPythonPackages: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"gs://bucket-name/my/path/to/lib.tar.gz\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\t\t\t\"name\": pulumi.String(\"wrench\"),\n\t\t\t\t\t\t\t\"mass\": pulumi.String(\"1.3kg\"),\n\t\t\t\t\t\t\t\"count\": pulumi.String(\"3\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVpcNetwork: \u0026dataplex.TaskSparkInfrastructureSpecVpcNetworkArgs{\n\t\t\t\t\t\tNetworkTags: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"test-network-tag\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSubNetwork: _default.ID(),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tFileUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"gs://terrafrom-test/test.csv\"),\n\t\t\t\t},\n\t\t\t\tArchiveUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"gs://terraform-test/test.csv\"),\n\t\t\t\t},\n\t\t\t\tSqlScript: pulumi.String(\"show databases\"),\n\t\t\t},\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.dataplex.Lake;\nimport com.pulumi.gcp.dataplex.LakeArgs;\nimport com.pulumi.gcp.dataplex.Task;\nimport com.pulumi.gcp.dataplex.TaskArgs;\nimport com.pulumi.gcp.dataplex.inputs.TaskTriggerSpecArgs;\nimport com.pulumi.gcp.dataplex.inputs.TaskExecutionSpecArgs;\nimport com.pulumi.gcp.dataplex.inputs.TaskSparkArgs;\nimport com.pulumi.gcp.dataplex.inputs.TaskSparkInfrastructureSpecArgs;\nimport com.pulumi.gcp.dataplex.inputs.TaskSparkInfrastructureSpecBatchArgs;\nimport com.pulumi.gcp.dataplex.inputs.TaskSparkInfrastructureSpecContainerImageArgs;\nimport com.pulumi.gcp.dataplex.inputs.TaskSparkInfrastructureSpecVpcNetworkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // VPC network\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"tf-test-workstation-cluster_89605\")\n .autoCreateSubnetworks(true)\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var exampleSpark = new Lake(\"exampleSpark\", LakeArgs.builder()\n .name(\"tf-test-lake_56730\")\n .location(\"us-central1\")\n .project(\"my-project-name\")\n .build());\n\n var exampleSparkTask = new Task(\"exampleSparkTask\", TaskArgs.builder()\n .taskId(\"tf-test-task_95154\")\n .location(\"us-central1\")\n .lake(exampleSpark.name())\n .triggerSpec(TaskTriggerSpecArgs.builder()\n .type(\"ON_DEMAND\")\n .build())\n .description(\"task-spark-terraform\")\n .executionSpec(TaskExecutionSpecArgs.builder()\n .serviceAccount(String.format(\"%s-compute@developer.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .args(Map.of(\"TASK_ARGS\", \"--output_location,gs://spark-job/task-result, --output_format, json\"))\n .build())\n .spark(TaskSparkArgs.builder()\n .infrastructureSpec(TaskSparkInfrastructureSpecArgs.builder()\n .batch(TaskSparkInfrastructureSpecBatchArgs.builder()\n .executorsCount(2)\n .maxExecutorsCount(100)\n .build())\n .containerImage(TaskSparkInfrastructureSpecContainerImageArgs.builder()\n .image(\"test-image\")\n .javaJars(\"test-java-jars.jar\")\n .pythonPackages(\"gs://bucket-name/my/path/to/lib.tar.gz\")\n .properties(Map.ofEntries(\n Map.entry(\"name\", \"wrench\"),\n Map.entry(\"mass\", \"1.3kg\"),\n Map.entry(\"count\", \"3\")\n ))\n .build())\n .vpcNetwork(TaskSparkInfrastructureSpecVpcNetworkArgs.builder()\n .networkTags(\"test-network-tag\")\n .subNetwork(default_.id())\n .build())\n .build())\n .fileUris(\"gs://terrafrom-test/test.csv\")\n .archiveUris(\"gs://terraform-test/test.csv\")\n .sqlScript(\"show databases\")\n .build())\n .project(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # VPC network\n default:\n type: gcp:compute:Network\n properties:\n name: tf-test-workstation-cluster_89605\n autoCreateSubnetworks: true\n exampleSpark:\n type: gcp:dataplex:Lake\n name: example_spark\n properties:\n name: tf-test-lake_56730\n location: us-central1\n project: my-project-name\n exampleSparkTask:\n type: gcp:dataplex:Task\n name: example_spark\n properties:\n taskId: tf-test-task_95154\n location: us-central1\n lake: ${exampleSpark.name}\n triggerSpec:\n type: ON_DEMAND\n description: task-spark-terraform\n executionSpec:\n serviceAccount: ${project.number}-compute@developer.gserviceaccount.com\n args:\n TASK_ARGS: --output_location,gs://spark-job/task-result, --output_format, json\n spark:\n infrastructureSpec:\n batch:\n executorsCount: 2\n maxExecutorsCount: 100\n containerImage:\n image: test-image\n javaJars:\n - test-java-jars.jar\n pythonPackages:\n - gs://bucket-name/my/path/to/lib.tar.gz\n properties:\n name: wrench\n mass: 1.3kg\n count: '3'\n vpcNetwork:\n networkTags:\n - test-network-tag\n subNetwork: ${default.id}\n fileUris:\n - gs://terrafrom-test/test.csv\n archiveUris:\n - gs://terraform-test/test.csv\n sqlScript: show databases\n project: my-project-name\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dataplex Task Notebook\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n// VPC network\nconst _default = new gcp.compute.Network(\"default\", {\n name: \"tf-test-workstation-cluster_64336\",\n autoCreateSubnetworks: true,\n});\nconst project = gcp.organizations.getProject({});\nconst exampleNotebook = new gcp.dataplex.Lake(\"example_notebook\", {\n name: \"tf-test-lake_34962\",\n location: \"us-central1\",\n project: \"my-project-name\",\n});\nconst exampleNotebookTask = new gcp.dataplex.Task(\"example_notebook\", {\n taskId: \"tf-test-task_74000\",\n location: \"us-central1\",\n lake: exampleNotebook.name,\n triggerSpec: {\n type: \"RECURRING\",\n schedule: \"1 * * * *\",\n },\n executionSpec: {\n serviceAccount: project.then(project =\u003e `${project.number}-compute@developer.gserviceaccount.com`),\n args: {\n TASK_ARGS: \"--output_location,gs://spark-job-jars-anrajitha/task-result, --output_format, json\",\n },\n },\n notebook: {\n notebook: \"gs://terraform-test/test-notebook.ipynb\",\n infrastructureSpec: {\n batch: {\n executorsCount: 2,\n maxExecutorsCount: 100,\n },\n containerImage: {\n image: \"test-image\",\n javaJars: [\"test-java-jars.jar\"],\n pythonPackages: [\"gs://bucket-name/my/path/to/lib.tar.gz\"],\n properties: {\n name: \"wrench\",\n mass: \"1.3kg\",\n count: \"3\",\n },\n },\n vpcNetwork: {\n networkTags: [\"test-network-tag\"],\n network: _default.id,\n },\n },\n fileUris: [\"gs://terraform-test/test.csv\"],\n archiveUris: [\"gs://terraform-test/test.csv\"],\n },\n project: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n# VPC network\ndefault = gcp.compute.Network(\"default\",\n name=\"tf-test-workstation-cluster_64336\",\n auto_create_subnetworks=True)\nproject = gcp.organizations.get_project()\nexample_notebook = gcp.dataplex.Lake(\"example_notebook\",\n name=\"tf-test-lake_34962\",\n location=\"us-central1\",\n project=\"my-project-name\")\nexample_notebook_task = gcp.dataplex.Task(\"example_notebook\",\n task_id=\"tf-test-task_74000\",\n location=\"us-central1\",\n lake=example_notebook.name,\n trigger_spec={\n \"type\": \"RECURRING\",\n \"schedule\": \"1 * * * *\",\n },\n execution_spec={\n \"service_account\": f\"{project.number}-compute@developer.gserviceaccount.com\",\n \"args\": {\n \"TASK_ARGS\": \"--output_location,gs://spark-job-jars-anrajitha/task-result, --output_format, json\",\n },\n },\n notebook={\n \"notebook\": \"gs://terraform-test/test-notebook.ipynb\",\n \"infrastructure_spec\": {\n \"batch\": {\n \"executors_count\": 2,\n \"max_executors_count\": 100,\n },\n \"container_image\": {\n \"image\": \"test-image\",\n \"java_jars\": [\"test-java-jars.jar\"],\n \"python_packages\": [\"gs://bucket-name/my/path/to/lib.tar.gz\"],\n \"properties\": {\n \"name\": \"wrench\",\n \"mass\": \"1.3kg\",\n \"count\": \"3\",\n },\n },\n \"vpc_network\": {\n \"network_tags\": [\"test-network-tag\"],\n \"network\": default.id,\n },\n },\n \"file_uris\": [\"gs://terraform-test/test.csv\"],\n \"archive_uris\": [\"gs://terraform-test/test.csv\"],\n },\n project=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // VPC network\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"tf-test-workstation-cluster_64336\",\n AutoCreateSubnetworks = true,\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var exampleNotebook = new Gcp.DataPlex.Lake(\"example_notebook\", new()\n {\n Name = \"tf-test-lake_34962\",\n Location = \"us-central1\",\n Project = \"my-project-name\",\n });\n\n var exampleNotebookTask = new Gcp.DataPlex.Task(\"example_notebook\", new()\n {\n TaskId = \"tf-test-task_74000\",\n Location = \"us-central1\",\n Lake = exampleNotebook.Name,\n TriggerSpec = new Gcp.DataPlex.Inputs.TaskTriggerSpecArgs\n {\n Type = \"RECURRING\",\n Schedule = \"1 * * * *\",\n },\n ExecutionSpec = new Gcp.DataPlex.Inputs.TaskExecutionSpecArgs\n {\n ServiceAccount = $\"{project.Apply(getProjectResult =\u003e getProjectResult.Number)}-compute@developer.gserviceaccount.com\",\n Args = \n {\n { \"TASK_ARGS\", \"--output_location,gs://spark-job-jars-anrajitha/task-result, --output_format, json\" },\n },\n },\n Notebook = new Gcp.DataPlex.Inputs.TaskNotebookArgs\n {\n Notebook = \"gs://terraform-test/test-notebook.ipynb\",\n InfrastructureSpec = new Gcp.DataPlex.Inputs.TaskNotebookInfrastructureSpecArgs\n {\n Batch = new Gcp.DataPlex.Inputs.TaskNotebookInfrastructureSpecBatchArgs\n {\n ExecutorsCount = 2,\n MaxExecutorsCount = 100,\n },\n ContainerImage = new Gcp.DataPlex.Inputs.TaskNotebookInfrastructureSpecContainerImageArgs\n {\n Image = \"test-image\",\n JavaJars = new[]\n {\n \"test-java-jars.jar\",\n },\n PythonPackages = new[]\n {\n \"gs://bucket-name/my/path/to/lib.tar.gz\",\n },\n Properties = \n {\n { \"name\", \"wrench\" },\n { \"mass\", \"1.3kg\" },\n { \"count\", \"3\" },\n },\n },\n VpcNetwork = new Gcp.DataPlex.Inputs.TaskNotebookInfrastructureSpecVpcNetworkArgs\n {\n NetworkTags = new[]\n {\n \"test-network-tag\",\n },\n Network = @default.Id,\n },\n },\n FileUris = new[]\n {\n \"gs://terraform-test/test.csv\",\n },\n ArchiveUris = new[]\n {\n \"gs://terraform-test/test.csv\",\n },\n },\n Project = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// VPC network\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"tf-test-workstation-cluster_64336\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleNotebook, err := dataplex.NewLake(ctx, \"example_notebook\", \u0026dataplex.LakeArgs{\n\t\t\tName: pulumi.String(\"tf-test-lake_34962\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewTask(ctx, \"example_notebook\", \u0026dataplex.TaskArgs{\n\t\t\tTaskId: pulumi.String(\"tf-test-task_74000\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tLake: exampleNotebook.Name,\n\t\t\tTriggerSpec: \u0026dataplex.TaskTriggerSpecArgs{\n\t\t\t\tType: pulumi.String(\"RECURRING\"),\n\t\t\t\tSchedule: pulumi.String(\"1 * * * *\"),\n\t\t\t},\n\t\t\tExecutionSpec: \u0026dataplex.TaskExecutionSpecArgs{\n\t\t\t\tServiceAccount: pulumi.Sprintf(\"%v-compute@developer.gserviceaccount.com\", project.Number),\n\t\t\t\tArgs: pulumi.StringMap{\n\t\t\t\t\t\"TASK_ARGS\": pulumi.String(\"--output_location,gs://spark-job-jars-anrajitha/task-result, --output_format, json\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNotebook: \u0026dataplex.TaskNotebookArgs{\n\t\t\t\tNotebook: pulumi.String(\"gs://terraform-test/test-notebook.ipynb\"),\n\t\t\t\tInfrastructureSpec: \u0026dataplex.TaskNotebookInfrastructureSpecArgs{\n\t\t\t\t\tBatch: \u0026dataplex.TaskNotebookInfrastructureSpecBatchArgs{\n\t\t\t\t\t\tExecutorsCount: pulumi.Int(2),\n\t\t\t\t\t\tMaxExecutorsCount: pulumi.Int(100),\n\t\t\t\t\t},\n\t\t\t\t\tContainerImage: \u0026dataplex.TaskNotebookInfrastructureSpecContainerImageArgs{\n\t\t\t\t\t\tImage: pulumi.String(\"test-image\"),\n\t\t\t\t\t\tJavaJars: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"test-java-jars.jar\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tPythonPackages: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"gs://bucket-name/my/path/to/lib.tar.gz\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\t\t\t\"name\": pulumi.String(\"wrench\"),\n\t\t\t\t\t\t\t\"mass\": pulumi.String(\"1.3kg\"),\n\t\t\t\t\t\t\t\"count\": pulumi.String(\"3\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVpcNetwork: \u0026dataplex.TaskNotebookInfrastructureSpecVpcNetworkArgs{\n\t\t\t\t\t\tNetworkTags: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"test-network-tag\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tNetwork: _default.ID(),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tFileUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"gs://terraform-test/test.csv\"),\n\t\t\t\t},\n\t\t\t\tArchiveUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"gs://terraform-test/test.csv\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.dataplex.Lake;\nimport com.pulumi.gcp.dataplex.LakeArgs;\nimport com.pulumi.gcp.dataplex.Task;\nimport com.pulumi.gcp.dataplex.TaskArgs;\nimport com.pulumi.gcp.dataplex.inputs.TaskTriggerSpecArgs;\nimport com.pulumi.gcp.dataplex.inputs.TaskExecutionSpecArgs;\nimport com.pulumi.gcp.dataplex.inputs.TaskNotebookArgs;\nimport com.pulumi.gcp.dataplex.inputs.TaskNotebookInfrastructureSpecArgs;\nimport com.pulumi.gcp.dataplex.inputs.TaskNotebookInfrastructureSpecBatchArgs;\nimport com.pulumi.gcp.dataplex.inputs.TaskNotebookInfrastructureSpecContainerImageArgs;\nimport com.pulumi.gcp.dataplex.inputs.TaskNotebookInfrastructureSpecVpcNetworkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // VPC network\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"tf-test-workstation-cluster_64336\")\n .autoCreateSubnetworks(true)\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var exampleNotebook = new Lake(\"exampleNotebook\", LakeArgs.builder()\n .name(\"tf-test-lake_34962\")\n .location(\"us-central1\")\n .project(\"my-project-name\")\n .build());\n\n var exampleNotebookTask = new Task(\"exampleNotebookTask\", TaskArgs.builder()\n .taskId(\"tf-test-task_74000\")\n .location(\"us-central1\")\n .lake(exampleNotebook.name())\n .triggerSpec(TaskTriggerSpecArgs.builder()\n .type(\"RECURRING\")\n .schedule(\"1 * * * *\")\n .build())\n .executionSpec(TaskExecutionSpecArgs.builder()\n .serviceAccount(String.format(\"%s-compute@developer.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .args(Map.of(\"TASK_ARGS\", \"--output_location,gs://spark-job-jars-anrajitha/task-result, --output_format, json\"))\n .build())\n .notebook(TaskNotebookArgs.builder()\n .notebook(\"gs://terraform-test/test-notebook.ipynb\")\n .infrastructureSpec(TaskNotebookInfrastructureSpecArgs.builder()\n .batch(TaskNotebookInfrastructureSpecBatchArgs.builder()\n .executorsCount(2)\n .maxExecutorsCount(100)\n .build())\n .containerImage(TaskNotebookInfrastructureSpecContainerImageArgs.builder()\n .image(\"test-image\")\n .javaJars(\"test-java-jars.jar\")\n .pythonPackages(\"gs://bucket-name/my/path/to/lib.tar.gz\")\n .properties(Map.ofEntries(\n Map.entry(\"name\", \"wrench\"),\n Map.entry(\"mass\", \"1.3kg\"),\n Map.entry(\"count\", \"3\")\n ))\n .build())\n .vpcNetwork(TaskNotebookInfrastructureSpecVpcNetworkArgs.builder()\n .networkTags(\"test-network-tag\")\n .network(default_.id())\n .build())\n .build())\n .fileUris(\"gs://terraform-test/test.csv\")\n .archiveUris(\"gs://terraform-test/test.csv\")\n .build())\n .project(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # VPC network\n default:\n type: gcp:compute:Network\n properties:\n name: tf-test-workstation-cluster_64336\n autoCreateSubnetworks: true\n exampleNotebook:\n type: gcp:dataplex:Lake\n name: example_notebook\n properties:\n name: tf-test-lake_34962\n location: us-central1\n project: my-project-name\n exampleNotebookTask:\n type: gcp:dataplex:Task\n name: example_notebook\n properties:\n taskId: tf-test-task_74000\n location: us-central1\n lake: ${exampleNotebook.name}\n triggerSpec:\n type: RECURRING\n schedule: 1 * * * *\n executionSpec:\n serviceAccount: ${project.number}-compute@developer.gserviceaccount.com\n args:\n TASK_ARGS: --output_location,gs://spark-job-jars-anrajitha/task-result, --output_format, json\n notebook:\n notebook: gs://terraform-test/test-notebook.ipynb\n infrastructureSpec:\n batch:\n executorsCount: 2\n maxExecutorsCount: 100\n containerImage:\n image: test-image\n javaJars:\n - test-java-jars.jar\n pythonPackages:\n - gs://bucket-name/my/path/to/lib.tar.gz\n properties:\n name: wrench\n mass: 1.3kg\n count: '3'\n vpcNetwork:\n networkTags:\n - test-network-tag\n network: ${default.id}\n fileUris:\n - gs://terraform-test/test.csv\n archiveUris:\n - gs://terraform-test/test.csv\n project: my-project-name\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nTask can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}}`\n\n* `{{project}}/{{location}}/{{lake}}/{{task_id}}`\n\n* `{{location}}/{{lake}}/{{task_id}}`\n\nWhen using the `pulumi import` command, Task can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:dataplex/task:Task default projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}}\n```\n\n```sh\n$ pulumi import gcp:dataplex/task:Task default {{project}}/{{location}}/{{lake}}/{{task_id}}\n```\n\n```sh\n$ pulumi import gcp:dataplex/task:Task default {{location}}/{{lake}}/{{task_id}}\n```\n\n", "properties": { "createTime": { "type": "string", @@ -198169,7 +198169,7 @@ } }, "gcp:dataplex/taskIamBinding:TaskIamBinding": { - "description": "Three different resources help you manage your IAM policy for Dataplex Task. Each of these resources serves a different use case:\n\n* `gcp.dataplex.TaskIamPolicy`: Authoritative. Sets the IAM policy for the task and replaces any existing policy already attached.\n* `gcp.dataplex.TaskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the task are preserved.\n* `gcp.dataplex.TaskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the task are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.TaskIamPolicy`: Retrieves the IAM policy for the task\n\n\u003e **Note:** `gcp.dataplex.TaskIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.TaskIamBinding` and `gcp.dataplex.TaskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.TaskIamBinding` resources **can be** used in conjunction with `gcp.dataplex.TaskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.TaskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.TaskIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.TaskIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.TaskIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewTaskIamPolicy(ctx, \"policy\", \u0026dataplex.TaskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.TaskIamPolicy;\nimport com.pulumi.gcp.dataplex.TaskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaskIamPolicy(\"policy\", TaskIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:TaskIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.TaskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.TaskIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.TaskIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.TaskIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamBinding(ctx, \"binding\", \u0026dataplex.TaskIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamBinding;\nimport com.pulumi.gcp.dataplex.TaskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaskIamBinding(\"binding\", TaskIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:TaskIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.TaskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.TaskIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.TaskIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.TaskIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamMember(ctx, \"member\", \u0026dataplex.TaskIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamMember;\nimport com.pulumi.gcp.dataplex.TaskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaskIamMember(\"member\", TaskIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:TaskIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex Task\nThree different resources help you manage your IAM policy for Dataplex Task. Each of these resources serves a different use case:\n\n* `gcp.dataplex.TaskIamPolicy`: Authoritative. Sets the IAM policy for the task and replaces any existing policy already attached.\n* `gcp.dataplex.TaskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the task are preserved.\n* `gcp.dataplex.TaskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the task are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.TaskIamPolicy`: Retrieves the IAM policy for the task\n\n\u003e **Note:** `gcp.dataplex.TaskIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.TaskIamBinding` and `gcp.dataplex.TaskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.TaskIamBinding` resources **can be** used in conjunction with `gcp.dataplex.TaskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.TaskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.TaskIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.TaskIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.TaskIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewTaskIamPolicy(ctx, \"policy\", \u0026dataplex.TaskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.TaskIamPolicy;\nimport com.pulumi.gcp.dataplex.TaskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaskIamPolicy(\"policy\", TaskIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:TaskIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.TaskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.TaskIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.TaskIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.TaskIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamBinding(ctx, \"binding\", \u0026dataplex.TaskIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamBinding;\nimport com.pulumi.gcp.dataplex.TaskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaskIamBinding(\"binding\", TaskIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:TaskIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.TaskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.TaskIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.TaskIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.TaskIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamMember(ctx, \"member\", \u0026dataplex.TaskIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamMember;\nimport com.pulumi.gcp.dataplex.TaskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaskIamMember(\"member\", TaskIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:TaskIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}}\n\n* {{project}}/{{location}}/{{lake}}/{{task_id}}\n\n* {{location}}/{{lake}}/{{task_id}}\n\n* {{task_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex task IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamBinding:TaskIamBinding editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamBinding:TaskIamBinding editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamBinding:TaskIamBinding editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex Task. Each of these resources serves a different use case:\n\n* `gcp.dataplex.TaskIamPolicy`: Authoritative. Sets the IAM policy for the task and replaces any existing policy already attached.\n* `gcp.dataplex.TaskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the task are preserved.\n* `gcp.dataplex.TaskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the task are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.TaskIamPolicy`: Retrieves the IAM policy for the task\n\n\u003e **Note:** `gcp.dataplex.TaskIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.TaskIamBinding` and `gcp.dataplex.TaskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.TaskIamBinding` resources **can be** used in conjunction with `gcp.dataplex.TaskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.TaskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.TaskIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.TaskIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.TaskIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewTaskIamPolicy(ctx, \"policy\", \u0026dataplex.TaskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.TaskIamPolicy;\nimport com.pulumi.gcp.dataplex.TaskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaskIamPolicy(\"policy\", TaskIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:TaskIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.TaskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.TaskIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.TaskIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.TaskIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamBinding(ctx, \"binding\", \u0026dataplex.TaskIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamBinding;\nimport com.pulumi.gcp.dataplex.TaskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaskIamBinding(\"binding\", TaskIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:TaskIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.TaskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.TaskIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.TaskIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.TaskIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamMember(ctx, \"member\", \u0026dataplex.TaskIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamMember;\nimport com.pulumi.gcp.dataplex.TaskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaskIamMember(\"member\", TaskIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:TaskIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex Task\nThree different resources help you manage your IAM policy for Dataplex Task. Each of these resources serves a different use case:\n\n* `gcp.dataplex.TaskIamPolicy`: Authoritative. Sets the IAM policy for the task and replaces any existing policy already attached.\n* `gcp.dataplex.TaskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the task are preserved.\n* `gcp.dataplex.TaskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the task are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.TaskIamPolicy`: Retrieves the IAM policy for the task\n\n\u003e **Note:** `gcp.dataplex.TaskIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.TaskIamBinding` and `gcp.dataplex.TaskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.TaskIamBinding` resources **can be** used in conjunction with `gcp.dataplex.TaskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.TaskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.TaskIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.TaskIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.TaskIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewTaskIamPolicy(ctx, \"policy\", \u0026dataplex.TaskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.TaskIamPolicy;\nimport com.pulumi.gcp.dataplex.TaskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaskIamPolicy(\"policy\", TaskIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:TaskIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.TaskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.TaskIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.TaskIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.TaskIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamBinding(ctx, \"binding\", \u0026dataplex.TaskIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamBinding;\nimport com.pulumi.gcp.dataplex.TaskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaskIamBinding(\"binding\", TaskIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:TaskIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.TaskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.TaskIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.TaskIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.TaskIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamMember(ctx, \"member\", \u0026dataplex.TaskIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamMember;\nimport com.pulumi.gcp.dataplex.TaskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaskIamMember(\"member\", TaskIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:TaskIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}}\n\n* {{project}}/{{location}}/{{lake}}/{{task_id}}\n\n* {{location}}/{{lake}}/{{task_id}}\n\n* {{task_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex task IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamBinding:TaskIamBinding editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamBinding:TaskIamBinding editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamBinding:TaskIamBinding editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dataplex/TaskIamBindingCondition:TaskIamBindingCondition" @@ -198304,7 +198304,7 @@ } }, "gcp:dataplex/taskIamMember:TaskIamMember": { - "description": "Three different resources help you manage your IAM policy for Dataplex Task. Each of these resources serves a different use case:\n\n* `gcp.dataplex.TaskIamPolicy`: Authoritative. Sets the IAM policy for the task and replaces any existing policy already attached.\n* `gcp.dataplex.TaskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the task are preserved.\n* `gcp.dataplex.TaskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the task are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.TaskIamPolicy`: Retrieves the IAM policy for the task\n\n\u003e **Note:** `gcp.dataplex.TaskIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.TaskIamBinding` and `gcp.dataplex.TaskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.TaskIamBinding` resources **can be** used in conjunction with `gcp.dataplex.TaskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.TaskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.TaskIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.TaskIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.TaskIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewTaskIamPolicy(ctx, \"policy\", \u0026dataplex.TaskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.TaskIamPolicy;\nimport com.pulumi.gcp.dataplex.TaskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaskIamPolicy(\"policy\", TaskIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:TaskIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.TaskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.TaskIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.TaskIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.TaskIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamBinding(ctx, \"binding\", \u0026dataplex.TaskIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamBinding;\nimport com.pulumi.gcp.dataplex.TaskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaskIamBinding(\"binding\", TaskIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:TaskIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.TaskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.TaskIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.TaskIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.TaskIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamMember(ctx, \"member\", \u0026dataplex.TaskIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamMember;\nimport com.pulumi.gcp.dataplex.TaskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaskIamMember(\"member\", TaskIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:TaskIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex Task\nThree different resources help you manage your IAM policy for Dataplex Task. Each of these resources serves a different use case:\n\n* `gcp.dataplex.TaskIamPolicy`: Authoritative. Sets the IAM policy for the task and replaces any existing policy already attached.\n* `gcp.dataplex.TaskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the task are preserved.\n* `gcp.dataplex.TaskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the task are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.TaskIamPolicy`: Retrieves the IAM policy for the task\n\n\u003e **Note:** `gcp.dataplex.TaskIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.TaskIamBinding` and `gcp.dataplex.TaskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.TaskIamBinding` resources **can be** used in conjunction with `gcp.dataplex.TaskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.TaskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.TaskIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.TaskIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.TaskIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewTaskIamPolicy(ctx, \"policy\", \u0026dataplex.TaskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.TaskIamPolicy;\nimport com.pulumi.gcp.dataplex.TaskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaskIamPolicy(\"policy\", TaskIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:TaskIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.TaskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.TaskIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.TaskIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.TaskIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamBinding(ctx, \"binding\", \u0026dataplex.TaskIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamBinding;\nimport com.pulumi.gcp.dataplex.TaskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaskIamBinding(\"binding\", TaskIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:TaskIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.TaskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.TaskIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.TaskIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.TaskIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamMember(ctx, \"member\", \u0026dataplex.TaskIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamMember;\nimport com.pulumi.gcp.dataplex.TaskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaskIamMember(\"member\", TaskIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:TaskIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}}\n\n* {{project}}/{{location}}/{{lake}}/{{task_id}}\n\n* {{location}}/{{lake}}/{{task_id}}\n\n* {{task_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex task IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamMember:TaskIamMember editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamMember:TaskIamMember editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamMember:TaskIamMember editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex Task. Each of these resources serves a different use case:\n\n* `gcp.dataplex.TaskIamPolicy`: Authoritative. Sets the IAM policy for the task and replaces any existing policy already attached.\n* `gcp.dataplex.TaskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the task are preserved.\n* `gcp.dataplex.TaskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the task are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.TaskIamPolicy`: Retrieves the IAM policy for the task\n\n\u003e **Note:** `gcp.dataplex.TaskIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.TaskIamBinding` and `gcp.dataplex.TaskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.TaskIamBinding` resources **can be** used in conjunction with `gcp.dataplex.TaskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.TaskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.TaskIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.TaskIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.TaskIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewTaskIamPolicy(ctx, \"policy\", \u0026dataplex.TaskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.TaskIamPolicy;\nimport com.pulumi.gcp.dataplex.TaskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaskIamPolicy(\"policy\", TaskIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:TaskIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.TaskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.TaskIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.TaskIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.TaskIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamBinding(ctx, \"binding\", \u0026dataplex.TaskIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamBinding;\nimport com.pulumi.gcp.dataplex.TaskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaskIamBinding(\"binding\", TaskIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:TaskIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.TaskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.TaskIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.TaskIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.TaskIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamMember(ctx, \"member\", \u0026dataplex.TaskIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamMember;\nimport com.pulumi.gcp.dataplex.TaskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaskIamMember(\"member\", TaskIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:TaskIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex Task\nThree different resources help you manage your IAM policy for Dataplex Task. Each of these resources serves a different use case:\n\n* `gcp.dataplex.TaskIamPolicy`: Authoritative. Sets the IAM policy for the task and replaces any existing policy already attached.\n* `gcp.dataplex.TaskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the task are preserved.\n* `gcp.dataplex.TaskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the task are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.TaskIamPolicy`: Retrieves the IAM policy for the task\n\n\u003e **Note:** `gcp.dataplex.TaskIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.TaskIamBinding` and `gcp.dataplex.TaskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.TaskIamBinding` resources **can be** used in conjunction with `gcp.dataplex.TaskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.TaskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.TaskIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.TaskIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.TaskIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewTaskIamPolicy(ctx, \"policy\", \u0026dataplex.TaskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.TaskIamPolicy;\nimport com.pulumi.gcp.dataplex.TaskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaskIamPolicy(\"policy\", TaskIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:TaskIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.TaskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.TaskIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.TaskIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.TaskIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamBinding(ctx, \"binding\", \u0026dataplex.TaskIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamBinding;\nimport com.pulumi.gcp.dataplex.TaskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaskIamBinding(\"binding\", TaskIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:TaskIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.TaskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.TaskIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.TaskIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.TaskIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamMember(ctx, \"member\", \u0026dataplex.TaskIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamMember;\nimport com.pulumi.gcp.dataplex.TaskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaskIamMember(\"member\", TaskIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:TaskIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}}\n\n* {{project}}/{{location}}/{{lake}}/{{task_id}}\n\n* {{location}}/{{lake}}/{{task_id}}\n\n* {{task_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex task IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamMember:TaskIamMember editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamMember:TaskIamMember editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamMember:TaskIamMember editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dataplex/TaskIamMemberCondition:TaskIamMemberCondition" @@ -198432,7 +198432,7 @@ } }, "gcp:dataplex/taskIamPolicy:TaskIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Dataplex Task. Each of these resources serves a different use case:\n\n* `gcp.dataplex.TaskIamPolicy`: Authoritative. Sets the IAM policy for the task and replaces any existing policy already attached.\n* `gcp.dataplex.TaskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the task are preserved.\n* `gcp.dataplex.TaskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the task are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.TaskIamPolicy`: Retrieves the IAM policy for the task\n\n\u003e **Note:** `gcp.dataplex.TaskIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.TaskIamBinding` and `gcp.dataplex.TaskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.TaskIamBinding` resources **can be** used in conjunction with `gcp.dataplex.TaskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.TaskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.TaskIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.TaskIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.TaskIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewTaskIamPolicy(ctx, \"policy\", \u0026dataplex.TaskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.TaskIamPolicy;\nimport com.pulumi.gcp.dataplex.TaskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaskIamPolicy(\"policy\", TaskIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:TaskIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.TaskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.TaskIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.TaskIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.TaskIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamBinding(ctx, \"binding\", \u0026dataplex.TaskIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamBinding;\nimport com.pulumi.gcp.dataplex.TaskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaskIamBinding(\"binding\", TaskIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:TaskIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.TaskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.TaskIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.TaskIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.TaskIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamMember(ctx, \"member\", \u0026dataplex.TaskIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamMember;\nimport com.pulumi.gcp.dataplex.TaskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaskIamMember(\"member\", TaskIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:TaskIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex Task\nThree different resources help you manage your IAM policy for Dataplex Task. Each of these resources serves a different use case:\n\n* `gcp.dataplex.TaskIamPolicy`: Authoritative. Sets the IAM policy for the task and replaces any existing policy already attached.\n* `gcp.dataplex.TaskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the task are preserved.\n* `gcp.dataplex.TaskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the task are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.TaskIamPolicy`: Retrieves the IAM policy for the task\n\n\u003e **Note:** `gcp.dataplex.TaskIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.TaskIamBinding` and `gcp.dataplex.TaskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.TaskIamBinding` resources **can be** used in conjunction with `gcp.dataplex.TaskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.TaskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.TaskIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.TaskIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.TaskIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewTaskIamPolicy(ctx, \"policy\", \u0026dataplex.TaskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.TaskIamPolicy;\nimport com.pulumi.gcp.dataplex.TaskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaskIamPolicy(\"policy\", TaskIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:TaskIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.TaskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.TaskIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.TaskIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.TaskIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamBinding(ctx, \"binding\", \u0026dataplex.TaskIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamBinding;\nimport com.pulumi.gcp.dataplex.TaskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaskIamBinding(\"binding\", TaskIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:TaskIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.TaskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.TaskIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.TaskIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.TaskIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamMember(ctx, \"member\", \u0026dataplex.TaskIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamMember;\nimport com.pulumi.gcp.dataplex.TaskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaskIamMember(\"member\", TaskIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:TaskIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}}\n\n* {{project}}/{{location}}/{{lake}}/{{task_id}}\n\n* {{location}}/{{lake}}/{{task_id}}\n\n* {{task_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex task IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamPolicy:TaskIamPolicy editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamPolicy:TaskIamPolicy editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamPolicy:TaskIamPolicy editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex Task. Each of these resources serves a different use case:\n\n* `gcp.dataplex.TaskIamPolicy`: Authoritative. Sets the IAM policy for the task and replaces any existing policy already attached.\n* `gcp.dataplex.TaskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the task are preserved.\n* `gcp.dataplex.TaskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the task are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.TaskIamPolicy`: Retrieves the IAM policy for the task\n\n\u003e **Note:** `gcp.dataplex.TaskIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.TaskIamBinding` and `gcp.dataplex.TaskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.TaskIamBinding` resources **can be** used in conjunction with `gcp.dataplex.TaskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.TaskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.TaskIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.TaskIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.TaskIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewTaskIamPolicy(ctx, \"policy\", \u0026dataplex.TaskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.TaskIamPolicy;\nimport com.pulumi.gcp.dataplex.TaskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaskIamPolicy(\"policy\", TaskIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:TaskIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.TaskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.TaskIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.TaskIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.TaskIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamBinding(ctx, \"binding\", \u0026dataplex.TaskIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamBinding;\nimport com.pulumi.gcp.dataplex.TaskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaskIamBinding(\"binding\", TaskIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:TaskIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.TaskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.TaskIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.TaskIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.TaskIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamMember(ctx, \"member\", \u0026dataplex.TaskIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamMember;\nimport com.pulumi.gcp.dataplex.TaskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaskIamMember(\"member\", TaskIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:TaskIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex Task\nThree different resources help you manage your IAM policy for Dataplex Task. Each of these resources serves a different use case:\n\n* `gcp.dataplex.TaskIamPolicy`: Authoritative. Sets the IAM policy for the task and replaces any existing policy already attached.\n* `gcp.dataplex.TaskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the task are preserved.\n* `gcp.dataplex.TaskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the task are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.TaskIamPolicy`: Retrieves the IAM policy for the task\n\n\u003e **Note:** `gcp.dataplex.TaskIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.TaskIamBinding` and `gcp.dataplex.TaskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.TaskIamBinding` resources **can be** used in conjunction with `gcp.dataplex.TaskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.TaskIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.TaskIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.TaskIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.TaskIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewTaskIamPolicy(ctx, \"policy\", \u0026dataplex.TaskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.TaskIamPolicy;\nimport com.pulumi.gcp.dataplex.TaskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaskIamPolicy(\"policy\", TaskIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:TaskIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.TaskIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.TaskIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.TaskIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.TaskIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamBinding(ctx, \"binding\", \u0026dataplex.TaskIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamBinding;\nimport com.pulumi.gcp.dataplex.TaskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaskIamBinding(\"binding\", TaskIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:TaskIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.TaskIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.TaskIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.TaskIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.TaskIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamMember(ctx, \"member\", \u0026dataplex.TaskIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamMember;\nimport com.pulumi.gcp.dataplex.TaskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaskIamMember(\"member\", TaskIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:TaskIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}}\n\n* {{project}}/{{location}}/{{lake}}/{{task_id}}\n\n* {{location}}/{{lake}}/{{task_id}}\n\n* {{task_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex task IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamPolicy:TaskIamPolicy editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamPolicy:TaskIamPolicy editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamPolicy:TaskIamPolicy editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -198784,7 +198784,7 @@ } }, "gcp:dataplex/zoneIamBinding:ZoneIamBinding": { - "description": "Three different resources help you manage your IAM policy for Dataplex Zone. Each of these resources serves a different use case:\n\n* `gcp.dataplex.ZoneIamPolicy`: Authoritative. Sets the IAM policy for the zone and replaces any existing policy already attached.\n* `gcp.dataplex.ZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the zone are preserved.\n* `gcp.dataplex.ZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the zone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.ZoneIamPolicy`: Retrieves the IAM policy for the zone\n\n\u003e **Note:** `gcp.dataplex.ZoneIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.ZoneIamBinding` and `gcp.dataplex.ZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.ZoneIamBinding` resources **can be** used in conjunction with `gcp.dataplex.ZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.ZoneIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.ZoneIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.ZoneIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.ZoneIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewZoneIamPolicy(ctx, \"policy\", \u0026dataplex.ZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicy;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ZoneIamPolicy(\"policy\", ZoneIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:ZoneIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.ZoneIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.ZoneIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.ZoneIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.ZoneIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamBinding(ctx, \"binding\", \u0026dataplex.ZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamBinding;\nimport com.pulumi.gcp.dataplex.ZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ZoneIamBinding(\"binding\", ZoneIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:ZoneIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.ZoneIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.ZoneIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.ZoneIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.ZoneIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamMember(ctx, \"member\", \u0026dataplex.ZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamMember;\nimport com.pulumi.gcp.dataplex.ZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ZoneIamMember(\"member\", ZoneIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:ZoneIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex Zone\nThree different resources help you manage your IAM policy for Dataplex Zone. Each of these resources serves a different use case:\n\n* `gcp.dataplex.ZoneIamPolicy`: Authoritative. Sets the IAM policy for the zone and replaces any existing policy already attached.\n* `gcp.dataplex.ZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the zone are preserved.\n* `gcp.dataplex.ZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the zone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.ZoneIamPolicy`: Retrieves the IAM policy for the zone\n\n\u003e **Note:** `gcp.dataplex.ZoneIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.ZoneIamBinding` and `gcp.dataplex.ZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.ZoneIamBinding` resources **can be** used in conjunction with `gcp.dataplex.ZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.ZoneIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.ZoneIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.ZoneIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.ZoneIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewZoneIamPolicy(ctx, \"policy\", \u0026dataplex.ZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicy;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ZoneIamPolicy(\"policy\", ZoneIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:ZoneIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.ZoneIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.ZoneIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.ZoneIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.ZoneIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamBinding(ctx, \"binding\", \u0026dataplex.ZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamBinding;\nimport com.pulumi.gcp.dataplex.ZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ZoneIamBinding(\"binding\", ZoneIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:ZoneIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.ZoneIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.ZoneIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.ZoneIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.ZoneIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamMember(ctx, \"member\", \u0026dataplex.ZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamMember;\nimport com.pulumi.gcp.dataplex.ZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ZoneIamMember(\"member\", ZoneIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:ZoneIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{name}}\n\n* {{project}}/{{location}}/{{lake}}/{{name}}\n\n* {{location}}/{{lake}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex zone IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamBinding:ZoneIamBinding editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamBinding:ZoneIamBinding editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamBinding:ZoneIamBinding editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex Zone. Each of these resources serves a different use case:\n\n* `gcp.dataplex.ZoneIamPolicy`: Authoritative. Sets the IAM policy for the zone and replaces any existing policy already attached.\n* `gcp.dataplex.ZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the zone are preserved.\n* `gcp.dataplex.ZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the zone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.ZoneIamPolicy`: Retrieves the IAM policy for the zone\n\n\u003e **Note:** `gcp.dataplex.ZoneIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.ZoneIamBinding` and `gcp.dataplex.ZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.ZoneIamBinding` resources **can be** used in conjunction with `gcp.dataplex.ZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.ZoneIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.ZoneIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.ZoneIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.ZoneIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewZoneIamPolicy(ctx, \"policy\", \u0026dataplex.ZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicy;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ZoneIamPolicy(\"policy\", ZoneIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:ZoneIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.ZoneIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.ZoneIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.ZoneIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.ZoneIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamBinding(ctx, \"binding\", \u0026dataplex.ZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamBinding;\nimport com.pulumi.gcp.dataplex.ZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ZoneIamBinding(\"binding\", ZoneIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:ZoneIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.ZoneIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.ZoneIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.ZoneIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.ZoneIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamMember(ctx, \"member\", \u0026dataplex.ZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamMember;\nimport com.pulumi.gcp.dataplex.ZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ZoneIamMember(\"member\", ZoneIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:ZoneIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex Zone\nThree different resources help you manage your IAM policy for Dataplex Zone. Each of these resources serves a different use case:\n\n* `gcp.dataplex.ZoneIamPolicy`: Authoritative. Sets the IAM policy for the zone and replaces any existing policy already attached.\n* `gcp.dataplex.ZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the zone are preserved.\n* `gcp.dataplex.ZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the zone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.ZoneIamPolicy`: Retrieves the IAM policy for the zone\n\n\u003e **Note:** `gcp.dataplex.ZoneIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.ZoneIamBinding` and `gcp.dataplex.ZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.ZoneIamBinding` resources **can be** used in conjunction with `gcp.dataplex.ZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.ZoneIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.ZoneIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.ZoneIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.ZoneIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewZoneIamPolicy(ctx, \"policy\", \u0026dataplex.ZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicy;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ZoneIamPolicy(\"policy\", ZoneIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:ZoneIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.ZoneIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.ZoneIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.ZoneIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.ZoneIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamBinding(ctx, \"binding\", \u0026dataplex.ZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamBinding;\nimport com.pulumi.gcp.dataplex.ZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ZoneIamBinding(\"binding\", ZoneIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:ZoneIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.ZoneIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.ZoneIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.ZoneIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.ZoneIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamMember(ctx, \"member\", \u0026dataplex.ZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamMember;\nimport com.pulumi.gcp.dataplex.ZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ZoneIamMember(\"member\", ZoneIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:ZoneIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{name}}\n\n* {{project}}/{{location}}/{{lake}}/{{name}}\n\n* {{location}}/{{lake}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex zone IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamBinding:ZoneIamBinding editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamBinding:ZoneIamBinding editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamBinding:ZoneIamBinding editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dataplex/ZoneIamBindingCondition:ZoneIamBindingCondition" @@ -198916,7 +198916,7 @@ } }, "gcp:dataplex/zoneIamMember:ZoneIamMember": { - "description": "Three different resources help you manage your IAM policy for Dataplex Zone. Each of these resources serves a different use case:\n\n* `gcp.dataplex.ZoneIamPolicy`: Authoritative. Sets the IAM policy for the zone and replaces any existing policy already attached.\n* `gcp.dataplex.ZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the zone are preserved.\n* `gcp.dataplex.ZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the zone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.ZoneIamPolicy`: Retrieves the IAM policy for the zone\n\n\u003e **Note:** `gcp.dataplex.ZoneIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.ZoneIamBinding` and `gcp.dataplex.ZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.ZoneIamBinding` resources **can be** used in conjunction with `gcp.dataplex.ZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.ZoneIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.ZoneIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.ZoneIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.ZoneIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewZoneIamPolicy(ctx, \"policy\", \u0026dataplex.ZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicy;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ZoneIamPolicy(\"policy\", ZoneIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:ZoneIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.ZoneIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.ZoneIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.ZoneIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.ZoneIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamBinding(ctx, \"binding\", \u0026dataplex.ZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamBinding;\nimport com.pulumi.gcp.dataplex.ZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ZoneIamBinding(\"binding\", ZoneIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:ZoneIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.ZoneIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.ZoneIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.ZoneIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.ZoneIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamMember(ctx, \"member\", \u0026dataplex.ZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamMember;\nimport com.pulumi.gcp.dataplex.ZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ZoneIamMember(\"member\", ZoneIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:ZoneIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex Zone\nThree different resources help you manage your IAM policy for Dataplex Zone. Each of these resources serves a different use case:\n\n* `gcp.dataplex.ZoneIamPolicy`: Authoritative. Sets the IAM policy for the zone and replaces any existing policy already attached.\n* `gcp.dataplex.ZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the zone are preserved.\n* `gcp.dataplex.ZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the zone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.ZoneIamPolicy`: Retrieves the IAM policy for the zone\n\n\u003e **Note:** `gcp.dataplex.ZoneIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.ZoneIamBinding` and `gcp.dataplex.ZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.ZoneIamBinding` resources **can be** used in conjunction with `gcp.dataplex.ZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.ZoneIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.ZoneIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.ZoneIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.ZoneIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewZoneIamPolicy(ctx, \"policy\", \u0026dataplex.ZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicy;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ZoneIamPolicy(\"policy\", ZoneIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:ZoneIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.ZoneIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.ZoneIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.ZoneIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.ZoneIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamBinding(ctx, \"binding\", \u0026dataplex.ZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamBinding;\nimport com.pulumi.gcp.dataplex.ZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ZoneIamBinding(\"binding\", ZoneIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:ZoneIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.ZoneIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.ZoneIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.ZoneIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.ZoneIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamMember(ctx, \"member\", \u0026dataplex.ZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamMember;\nimport com.pulumi.gcp.dataplex.ZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ZoneIamMember(\"member\", ZoneIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:ZoneIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{name}}\n\n* {{project}}/{{location}}/{{lake}}/{{name}}\n\n* {{location}}/{{lake}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex zone IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamMember:ZoneIamMember editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamMember:ZoneIamMember editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamMember:ZoneIamMember editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex Zone. Each of these resources serves a different use case:\n\n* `gcp.dataplex.ZoneIamPolicy`: Authoritative. Sets the IAM policy for the zone and replaces any existing policy already attached.\n* `gcp.dataplex.ZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the zone are preserved.\n* `gcp.dataplex.ZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the zone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.ZoneIamPolicy`: Retrieves the IAM policy for the zone\n\n\u003e **Note:** `gcp.dataplex.ZoneIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.ZoneIamBinding` and `gcp.dataplex.ZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.ZoneIamBinding` resources **can be** used in conjunction with `gcp.dataplex.ZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.ZoneIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.ZoneIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.ZoneIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.ZoneIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewZoneIamPolicy(ctx, \"policy\", \u0026dataplex.ZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicy;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ZoneIamPolicy(\"policy\", ZoneIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:ZoneIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.ZoneIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.ZoneIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.ZoneIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.ZoneIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamBinding(ctx, \"binding\", \u0026dataplex.ZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamBinding;\nimport com.pulumi.gcp.dataplex.ZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ZoneIamBinding(\"binding\", ZoneIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:ZoneIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.ZoneIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.ZoneIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.ZoneIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.ZoneIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamMember(ctx, \"member\", \u0026dataplex.ZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamMember;\nimport com.pulumi.gcp.dataplex.ZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ZoneIamMember(\"member\", ZoneIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:ZoneIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex Zone\nThree different resources help you manage your IAM policy for Dataplex Zone. Each of these resources serves a different use case:\n\n* `gcp.dataplex.ZoneIamPolicy`: Authoritative. Sets the IAM policy for the zone and replaces any existing policy already attached.\n* `gcp.dataplex.ZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the zone are preserved.\n* `gcp.dataplex.ZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the zone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.ZoneIamPolicy`: Retrieves the IAM policy for the zone\n\n\u003e **Note:** `gcp.dataplex.ZoneIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.ZoneIamBinding` and `gcp.dataplex.ZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.ZoneIamBinding` resources **can be** used in conjunction with `gcp.dataplex.ZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.ZoneIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.ZoneIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.ZoneIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.ZoneIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewZoneIamPolicy(ctx, \"policy\", \u0026dataplex.ZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicy;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ZoneIamPolicy(\"policy\", ZoneIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:ZoneIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.ZoneIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.ZoneIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.ZoneIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.ZoneIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamBinding(ctx, \"binding\", \u0026dataplex.ZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamBinding;\nimport com.pulumi.gcp.dataplex.ZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ZoneIamBinding(\"binding\", ZoneIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:ZoneIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.ZoneIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.ZoneIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.ZoneIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.ZoneIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamMember(ctx, \"member\", \u0026dataplex.ZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamMember;\nimport com.pulumi.gcp.dataplex.ZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ZoneIamMember(\"member\", ZoneIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:ZoneIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{name}}\n\n* {{project}}/{{location}}/{{lake}}/{{name}}\n\n* {{location}}/{{lake}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex zone IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamMember:ZoneIamMember editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamMember:ZoneIamMember editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamMember:ZoneIamMember editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dataplex/ZoneIamMemberCondition:ZoneIamMemberCondition" @@ -199041,7 +199041,7 @@ } }, "gcp:dataplex/zoneIamPolicy:ZoneIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Dataplex Zone. Each of these resources serves a different use case:\n\n* `gcp.dataplex.ZoneIamPolicy`: Authoritative. Sets the IAM policy for the zone and replaces any existing policy already attached.\n* `gcp.dataplex.ZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the zone are preserved.\n* `gcp.dataplex.ZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the zone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.ZoneIamPolicy`: Retrieves the IAM policy for the zone\n\n\u003e **Note:** `gcp.dataplex.ZoneIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.ZoneIamBinding` and `gcp.dataplex.ZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.ZoneIamBinding` resources **can be** used in conjunction with `gcp.dataplex.ZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.ZoneIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.ZoneIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.ZoneIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.ZoneIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewZoneIamPolicy(ctx, \"policy\", \u0026dataplex.ZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicy;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ZoneIamPolicy(\"policy\", ZoneIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:ZoneIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.ZoneIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.ZoneIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.ZoneIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.ZoneIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamBinding(ctx, \"binding\", \u0026dataplex.ZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamBinding;\nimport com.pulumi.gcp.dataplex.ZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ZoneIamBinding(\"binding\", ZoneIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:ZoneIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.ZoneIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.ZoneIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.ZoneIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.ZoneIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamMember(ctx, \"member\", \u0026dataplex.ZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamMember;\nimport com.pulumi.gcp.dataplex.ZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ZoneIamMember(\"member\", ZoneIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:ZoneIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex Zone\nThree different resources help you manage your IAM policy for Dataplex Zone. Each of these resources serves a different use case:\n\n* `gcp.dataplex.ZoneIamPolicy`: Authoritative. Sets the IAM policy for the zone and replaces any existing policy already attached.\n* `gcp.dataplex.ZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the zone are preserved.\n* `gcp.dataplex.ZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the zone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.ZoneIamPolicy`: Retrieves the IAM policy for the zone\n\n\u003e **Note:** `gcp.dataplex.ZoneIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.ZoneIamBinding` and `gcp.dataplex.ZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.ZoneIamBinding` resources **can be** used in conjunction with `gcp.dataplex.ZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.ZoneIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.ZoneIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.ZoneIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.ZoneIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewZoneIamPolicy(ctx, \"policy\", \u0026dataplex.ZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicy;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ZoneIamPolicy(\"policy\", ZoneIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:ZoneIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.ZoneIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.ZoneIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.ZoneIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.ZoneIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamBinding(ctx, \"binding\", \u0026dataplex.ZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamBinding;\nimport com.pulumi.gcp.dataplex.ZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ZoneIamBinding(\"binding\", ZoneIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:ZoneIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.ZoneIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.ZoneIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.ZoneIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.ZoneIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamMember(ctx, \"member\", \u0026dataplex.ZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamMember;\nimport com.pulumi.gcp.dataplex.ZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ZoneIamMember(\"member\", ZoneIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:ZoneIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{name}}\n\n* {{project}}/{{location}}/{{lake}}/{{name}}\n\n* {{location}}/{{lake}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex zone IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamPolicy:ZoneIamPolicy editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamPolicy:ZoneIamPolicy editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamPolicy:ZoneIamPolicy editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex Zone. Each of these resources serves a different use case:\n\n* `gcp.dataplex.ZoneIamPolicy`: Authoritative. Sets the IAM policy for the zone and replaces any existing policy already attached.\n* `gcp.dataplex.ZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the zone are preserved.\n* `gcp.dataplex.ZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the zone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.ZoneIamPolicy`: Retrieves the IAM policy for the zone\n\n\u003e **Note:** `gcp.dataplex.ZoneIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.ZoneIamBinding` and `gcp.dataplex.ZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.ZoneIamBinding` resources **can be** used in conjunction with `gcp.dataplex.ZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.ZoneIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.ZoneIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.ZoneIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.ZoneIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewZoneIamPolicy(ctx, \"policy\", \u0026dataplex.ZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicy;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ZoneIamPolicy(\"policy\", ZoneIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:ZoneIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.ZoneIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.ZoneIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.ZoneIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.ZoneIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamBinding(ctx, \"binding\", \u0026dataplex.ZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamBinding;\nimport com.pulumi.gcp.dataplex.ZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ZoneIamBinding(\"binding\", ZoneIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:ZoneIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.ZoneIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.ZoneIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.ZoneIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.ZoneIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamMember(ctx, \"member\", \u0026dataplex.ZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamMember;\nimport com.pulumi.gcp.dataplex.ZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ZoneIamMember(\"member\", ZoneIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:ZoneIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataplex Zone\nThree different resources help you manage your IAM policy for Dataplex Zone. Each of these resources serves a different use case:\n\n* `gcp.dataplex.ZoneIamPolicy`: Authoritative. Sets the IAM policy for the zone and replaces any existing policy already attached.\n* `gcp.dataplex.ZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the zone are preserved.\n* `gcp.dataplex.ZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the zone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.ZoneIamPolicy`: Retrieves the IAM policy for the zone\n\n\u003e **Note:** `gcp.dataplex.ZoneIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.ZoneIamBinding` and `gcp.dataplex.ZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.ZoneIamBinding` resources **can be** used in conjunction with `gcp.dataplex.ZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataplex.ZoneIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.ZoneIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataplex.ZoneIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.ZoneIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewZoneIamPolicy(ctx, \"policy\", \u0026dataplex.ZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicy;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ZoneIamPolicy(\"policy\", ZoneIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:ZoneIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.ZoneIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.ZoneIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.ZoneIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.ZoneIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamBinding(ctx, \"binding\", \u0026dataplex.ZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamBinding;\nimport com.pulumi.gcp.dataplex.ZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ZoneIamBinding(\"binding\", ZoneIamBindingArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:ZoneIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataplex.ZoneIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.ZoneIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.ZoneIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.ZoneIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamMember(ctx, \"member\", \u0026dataplex.ZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamMember;\nimport com.pulumi.gcp.dataplex.ZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ZoneIamMember(\"member\", ZoneIamMemberArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:ZoneIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{name}}\n\n* {{project}}/{{location}}/{{lake}}/{{name}}\n\n* {{location}}/{{lake}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex zone IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamPolicy:ZoneIamPolicy editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamPolicy:ZoneIamPolicy editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamPolicy:ZoneIamPolicy editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "dataplexZone": { "type": "string", @@ -199242,7 +199242,7 @@ } }, "gcp:dataproc/autoscalingPolicyIamBinding:AutoscalingPolicyIamBinding": { - "description": "Three different resources help you manage your IAM policy for Dataproc AutoscalingPolicy. Each of these resources serves a different use case:\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Authoritative. Sets the IAM policy for the autoscalingpolicy and replaces any existing policy already attached.\n* `gcp.dataproc.AutoscalingPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the autoscalingpolicy are preserved.\n* `gcp.dataproc.AutoscalingPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the autoscalingpolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Retrieves the IAM policy for the autoscalingpolicy\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.AutoscalingPolicyIamBinding` and `gcp.dataproc.AutoscalingPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamBinding` resources **can be** used in conjunction with `gcp.dataproc.AutoscalingPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.AutoscalingPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.AutoscalingPolicyIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewAutoscalingPolicyIamPolicy(ctx, \"policy\", \u0026dataproc.AutoscalingPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicy;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AutoscalingPolicyIamPolicy(\"policy\", AutoscalingPolicyIamPolicyArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:AutoscalingPolicyIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.AutoscalingPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.AutoscalingPolicyIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamBinding(ctx, \"binding\", \u0026dataproc.AutoscalingPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBinding;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AutoscalingPolicyIamBinding(\"binding\", AutoscalingPolicyIamBindingArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:AutoscalingPolicyIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.AutoscalingPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.AutoscalingPolicyIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.AutoscalingPolicyIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.AutoscalingPolicyIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamMember(ctx, \"member\", \u0026dataproc.AutoscalingPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMember;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AutoscalingPolicyIamMember(\"member\", AutoscalingPolicyIamMemberArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:AutoscalingPolicyIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataproc AutoscalingPolicy\nThree different resources help you manage your IAM policy for Dataproc AutoscalingPolicy. Each of these resources serves a different use case:\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Authoritative. Sets the IAM policy for the autoscalingpolicy and replaces any existing policy already attached.\n* `gcp.dataproc.AutoscalingPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the autoscalingpolicy are preserved.\n* `gcp.dataproc.AutoscalingPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the autoscalingpolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Retrieves the IAM policy for the autoscalingpolicy\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.AutoscalingPolicyIamBinding` and `gcp.dataproc.AutoscalingPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamBinding` resources **can be** used in conjunction with `gcp.dataproc.AutoscalingPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.AutoscalingPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.AutoscalingPolicyIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewAutoscalingPolicyIamPolicy(ctx, \"policy\", \u0026dataproc.AutoscalingPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicy;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AutoscalingPolicyIamPolicy(\"policy\", AutoscalingPolicyIamPolicyArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:AutoscalingPolicyIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.AutoscalingPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.AutoscalingPolicyIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamBinding(ctx, \"binding\", \u0026dataproc.AutoscalingPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBinding;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AutoscalingPolicyIamBinding(\"binding\", AutoscalingPolicyIamBindingArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:AutoscalingPolicyIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.AutoscalingPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.AutoscalingPolicyIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.AutoscalingPolicyIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.AutoscalingPolicyIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamMember(ctx, \"member\", \u0026dataproc.AutoscalingPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMember;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AutoscalingPolicyIamMember(\"member\", AutoscalingPolicyIamMemberArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:AutoscalingPolicyIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}}\n\n* {{project}}/{{location}}/{{policy_id}}\n\n* {{location}}/{{policy_id}}\n\n* {{policy_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataproc autoscalingpolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamBinding:AutoscalingPolicyIamBinding editor \"projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamBinding:AutoscalingPolicyIamBinding editor \"projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamBinding:AutoscalingPolicyIamBinding editor projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataproc AutoscalingPolicy. Each of these resources serves a different use case:\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Authoritative. Sets the IAM policy for the autoscalingpolicy and replaces any existing policy already attached.\n* `gcp.dataproc.AutoscalingPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the autoscalingpolicy are preserved.\n* `gcp.dataproc.AutoscalingPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the autoscalingpolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Retrieves the IAM policy for the autoscalingpolicy\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.AutoscalingPolicyIamBinding` and `gcp.dataproc.AutoscalingPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamBinding` resources **can be** used in conjunction with `gcp.dataproc.AutoscalingPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.AutoscalingPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.AutoscalingPolicyIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewAutoscalingPolicyIamPolicy(ctx, \"policy\", \u0026dataproc.AutoscalingPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicy;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AutoscalingPolicyIamPolicy(\"policy\", AutoscalingPolicyIamPolicyArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:AutoscalingPolicyIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.AutoscalingPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.AutoscalingPolicyIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamBinding(ctx, \"binding\", \u0026dataproc.AutoscalingPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBinding;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AutoscalingPolicyIamBinding(\"binding\", AutoscalingPolicyIamBindingArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:AutoscalingPolicyIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.AutoscalingPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.AutoscalingPolicyIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.AutoscalingPolicyIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.AutoscalingPolicyIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamMember(ctx, \"member\", \u0026dataproc.AutoscalingPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMember;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AutoscalingPolicyIamMember(\"member\", AutoscalingPolicyIamMemberArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:AutoscalingPolicyIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataproc AutoscalingPolicy\nThree different resources help you manage your IAM policy for Dataproc AutoscalingPolicy. Each of these resources serves a different use case:\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Authoritative. Sets the IAM policy for the autoscalingpolicy and replaces any existing policy already attached.\n* `gcp.dataproc.AutoscalingPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the autoscalingpolicy are preserved.\n* `gcp.dataproc.AutoscalingPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the autoscalingpolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Retrieves the IAM policy for the autoscalingpolicy\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.AutoscalingPolicyIamBinding` and `gcp.dataproc.AutoscalingPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamBinding` resources **can be** used in conjunction with `gcp.dataproc.AutoscalingPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.AutoscalingPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.AutoscalingPolicyIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewAutoscalingPolicyIamPolicy(ctx, \"policy\", \u0026dataproc.AutoscalingPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicy;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AutoscalingPolicyIamPolicy(\"policy\", AutoscalingPolicyIamPolicyArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:AutoscalingPolicyIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.AutoscalingPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.AutoscalingPolicyIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamBinding(ctx, \"binding\", \u0026dataproc.AutoscalingPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBinding;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AutoscalingPolicyIamBinding(\"binding\", AutoscalingPolicyIamBindingArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:AutoscalingPolicyIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.AutoscalingPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.AutoscalingPolicyIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.AutoscalingPolicyIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.AutoscalingPolicyIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamMember(ctx, \"member\", \u0026dataproc.AutoscalingPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMember;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AutoscalingPolicyIamMember(\"member\", AutoscalingPolicyIamMemberArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:AutoscalingPolicyIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}}\n\n* {{project}}/{{location}}/{{policy_id}}\n\n* {{location}}/{{policy_id}}\n\n* {{policy_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataproc autoscalingpolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamBinding:AutoscalingPolicyIamBinding editor \"projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamBinding:AutoscalingPolicyIamBinding editor \"projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamBinding:AutoscalingPolicyIamBinding editor projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dataproc/AutoscalingPolicyIamBindingCondition:AutoscalingPolicyIamBindingCondition" @@ -199364,7 +199364,7 @@ } }, "gcp:dataproc/autoscalingPolicyIamMember:AutoscalingPolicyIamMember": { - "description": "Three different resources help you manage your IAM policy for Dataproc AutoscalingPolicy. Each of these resources serves a different use case:\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Authoritative. Sets the IAM policy for the autoscalingpolicy and replaces any existing policy already attached.\n* `gcp.dataproc.AutoscalingPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the autoscalingpolicy are preserved.\n* `gcp.dataproc.AutoscalingPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the autoscalingpolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Retrieves the IAM policy for the autoscalingpolicy\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.AutoscalingPolicyIamBinding` and `gcp.dataproc.AutoscalingPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamBinding` resources **can be** used in conjunction with `gcp.dataproc.AutoscalingPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.AutoscalingPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.AutoscalingPolicyIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewAutoscalingPolicyIamPolicy(ctx, \"policy\", \u0026dataproc.AutoscalingPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicy;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AutoscalingPolicyIamPolicy(\"policy\", AutoscalingPolicyIamPolicyArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:AutoscalingPolicyIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.AutoscalingPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.AutoscalingPolicyIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamBinding(ctx, \"binding\", \u0026dataproc.AutoscalingPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBinding;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AutoscalingPolicyIamBinding(\"binding\", AutoscalingPolicyIamBindingArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:AutoscalingPolicyIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.AutoscalingPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.AutoscalingPolicyIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.AutoscalingPolicyIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.AutoscalingPolicyIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamMember(ctx, \"member\", \u0026dataproc.AutoscalingPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMember;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AutoscalingPolicyIamMember(\"member\", AutoscalingPolicyIamMemberArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:AutoscalingPolicyIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataproc AutoscalingPolicy\nThree different resources help you manage your IAM policy for Dataproc AutoscalingPolicy. Each of these resources serves a different use case:\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Authoritative. Sets the IAM policy for the autoscalingpolicy and replaces any existing policy already attached.\n* `gcp.dataproc.AutoscalingPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the autoscalingpolicy are preserved.\n* `gcp.dataproc.AutoscalingPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the autoscalingpolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Retrieves the IAM policy for the autoscalingpolicy\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.AutoscalingPolicyIamBinding` and `gcp.dataproc.AutoscalingPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamBinding` resources **can be** used in conjunction with `gcp.dataproc.AutoscalingPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.AutoscalingPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.AutoscalingPolicyIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewAutoscalingPolicyIamPolicy(ctx, \"policy\", \u0026dataproc.AutoscalingPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicy;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AutoscalingPolicyIamPolicy(\"policy\", AutoscalingPolicyIamPolicyArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:AutoscalingPolicyIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.AutoscalingPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.AutoscalingPolicyIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamBinding(ctx, \"binding\", \u0026dataproc.AutoscalingPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBinding;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AutoscalingPolicyIamBinding(\"binding\", AutoscalingPolicyIamBindingArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:AutoscalingPolicyIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.AutoscalingPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.AutoscalingPolicyIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.AutoscalingPolicyIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.AutoscalingPolicyIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamMember(ctx, \"member\", \u0026dataproc.AutoscalingPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMember;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AutoscalingPolicyIamMember(\"member\", AutoscalingPolicyIamMemberArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:AutoscalingPolicyIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}}\n\n* {{project}}/{{location}}/{{policy_id}}\n\n* {{location}}/{{policy_id}}\n\n* {{policy_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataproc autoscalingpolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamMember:AutoscalingPolicyIamMember editor \"projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamMember:AutoscalingPolicyIamMember editor \"projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamMember:AutoscalingPolicyIamMember editor projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataproc AutoscalingPolicy. Each of these resources serves a different use case:\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Authoritative. Sets the IAM policy for the autoscalingpolicy and replaces any existing policy already attached.\n* `gcp.dataproc.AutoscalingPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the autoscalingpolicy are preserved.\n* `gcp.dataproc.AutoscalingPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the autoscalingpolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Retrieves the IAM policy for the autoscalingpolicy\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.AutoscalingPolicyIamBinding` and `gcp.dataproc.AutoscalingPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamBinding` resources **can be** used in conjunction with `gcp.dataproc.AutoscalingPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.AutoscalingPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.AutoscalingPolicyIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewAutoscalingPolicyIamPolicy(ctx, \"policy\", \u0026dataproc.AutoscalingPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicy;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AutoscalingPolicyIamPolicy(\"policy\", AutoscalingPolicyIamPolicyArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:AutoscalingPolicyIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.AutoscalingPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.AutoscalingPolicyIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamBinding(ctx, \"binding\", \u0026dataproc.AutoscalingPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBinding;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AutoscalingPolicyIamBinding(\"binding\", AutoscalingPolicyIamBindingArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:AutoscalingPolicyIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.AutoscalingPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.AutoscalingPolicyIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.AutoscalingPolicyIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.AutoscalingPolicyIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamMember(ctx, \"member\", \u0026dataproc.AutoscalingPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMember;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AutoscalingPolicyIamMember(\"member\", AutoscalingPolicyIamMemberArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:AutoscalingPolicyIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataproc AutoscalingPolicy\nThree different resources help you manage your IAM policy for Dataproc AutoscalingPolicy. Each of these resources serves a different use case:\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Authoritative. Sets the IAM policy for the autoscalingpolicy and replaces any existing policy already attached.\n* `gcp.dataproc.AutoscalingPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the autoscalingpolicy are preserved.\n* `gcp.dataproc.AutoscalingPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the autoscalingpolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Retrieves the IAM policy for the autoscalingpolicy\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.AutoscalingPolicyIamBinding` and `gcp.dataproc.AutoscalingPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamBinding` resources **can be** used in conjunction with `gcp.dataproc.AutoscalingPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.AutoscalingPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.AutoscalingPolicyIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewAutoscalingPolicyIamPolicy(ctx, \"policy\", \u0026dataproc.AutoscalingPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicy;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AutoscalingPolicyIamPolicy(\"policy\", AutoscalingPolicyIamPolicyArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:AutoscalingPolicyIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.AutoscalingPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.AutoscalingPolicyIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamBinding(ctx, \"binding\", \u0026dataproc.AutoscalingPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBinding;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AutoscalingPolicyIamBinding(\"binding\", AutoscalingPolicyIamBindingArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:AutoscalingPolicyIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.AutoscalingPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.AutoscalingPolicyIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.AutoscalingPolicyIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.AutoscalingPolicyIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamMember(ctx, \"member\", \u0026dataproc.AutoscalingPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMember;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AutoscalingPolicyIamMember(\"member\", AutoscalingPolicyIamMemberArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:AutoscalingPolicyIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}}\n\n* {{project}}/{{location}}/{{policy_id}}\n\n* {{location}}/{{policy_id}}\n\n* {{policy_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataproc autoscalingpolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamMember:AutoscalingPolicyIamMember editor \"projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamMember:AutoscalingPolicyIamMember editor \"projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamMember:AutoscalingPolicyIamMember editor projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dataproc/AutoscalingPolicyIamMemberCondition:AutoscalingPolicyIamMemberCondition" @@ -199479,7 +199479,7 @@ } }, "gcp:dataproc/autoscalingPolicyIamPolicy:AutoscalingPolicyIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Dataproc AutoscalingPolicy. Each of these resources serves a different use case:\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Authoritative. Sets the IAM policy for the autoscalingpolicy and replaces any existing policy already attached.\n* `gcp.dataproc.AutoscalingPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the autoscalingpolicy are preserved.\n* `gcp.dataproc.AutoscalingPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the autoscalingpolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Retrieves the IAM policy for the autoscalingpolicy\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.AutoscalingPolicyIamBinding` and `gcp.dataproc.AutoscalingPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamBinding` resources **can be** used in conjunction with `gcp.dataproc.AutoscalingPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.AutoscalingPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.AutoscalingPolicyIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewAutoscalingPolicyIamPolicy(ctx, \"policy\", \u0026dataproc.AutoscalingPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicy;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AutoscalingPolicyIamPolicy(\"policy\", AutoscalingPolicyIamPolicyArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:AutoscalingPolicyIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.AutoscalingPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.AutoscalingPolicyIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamBinding(ctx, \"binding\", \u0026dataproc.AutoscalingPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBinding;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AutoscalingPolicyIamBinding(\"binding\", AutoscalingPolicyIamBindingArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:AutoscalingPolicyIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.AutoscalingPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.AutoscalingPolicyIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.AutoscalingPolicyIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.AutoscalingPolicyIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamMember(ctx, \"member\", \u0026dataproc.AutoscalingPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMember;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AutoscalingPolicyIamMember(\"member\", AutoscalingPolicyIamMemberArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:AutoscalingPolicyIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataproc AutoscalingPolicy\nThree different resources help you manage your IAM policy for Dataproc AutoscalingPolicy. Each of these resources serves a different use case:\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Authoritative. Sets the IAM policy for the autoscalingpolicy and replaces any existing policy already attached.\n* `gcp.dataproc.AutoscalingPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the autoscalingpolicy are preserved.\n* `gcp.dataproc.AutoscalingPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the autoscalingpolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Retrieves the IAM policy for the autoscalingpolicy\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.AutoscalingPolicyIamBinding` and `gcp.dataproc.AutoscalingPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamBinding` resources **can be** used in conjunction with `gcp.dataproc.AutoscalingPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.AutoscalingPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.AutoscalingPolicyIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewAutoscalingPolicyIamPolicy(ctx, \"policy\", \u0026dataproc.AutoscalingPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicy;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AutoscalingPolicyIamPolicy(\"policy\", AutoscalingPolicyIamPolicyArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:AutoscalingPolicyIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.AutoscalingPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.AutoscalingPolicyIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamBinding(ctx, \"binding\", \u0026dataproc.AutoscalingPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBinding;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AutoscalingPolicyIamBinding(\"binding\", AutoscalingPolicyIamBindingArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:AutoscalingPolicyIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.AutoscalingPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.AutoscalingPolicyIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.AutoscalingPolicyIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.AutoscalingPolicyIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamMember(ctx, \"member\", \u0026dataproc.AutoscalingPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMember;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AutoscalingPolicyIamMember(\"member\", AutoscalingPolicyIamMemberArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:AutoscalingPolicyIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}}\n\n* {{project}}/{{location}}/{{policy_id}}\n\n* {{location}}/{{policy_id}}\n\n* {{policy_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataproc autoscalingpolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamPolicy:AutoscalingPolicyIamPolicy editor \"projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamPolicy:AutoscalingPolicyIamPolicy editor \"projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamPolicy:AutoscalingPolicyIamPolicy editor projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataproc AutoscalingPolicy. Each of these resources serves a different use case:\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Authoritative. Sets the IAM policy for the autoscalingpolicy and replaces any existing policy already attached.\n* `gcp.dataproc.AutoscalingPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the autoscalingpolicy are preserved.\n* `gcp.dataproc.AutoscalingPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the autoscalingpolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Retrieves the IAM policy for the autoscalingpolicy\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.AutoscalingPolicyIamBinding` and `gcp.dataproc.AutoscalingPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamBinding` resources **can be** used in conjunction with `gcp.dataproc.AutoscalingPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.AutoscalingPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.AutoscalingPolicyIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewAutoscalingPolicyIamPolicy(ctx, \"policy\", \u0026dataproc.AutoscalingPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicy;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AutoscalingPolicyIamPolicy(\"policy\", AutoscalingPolicyIamPolicyArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:AutoscalingPolicyIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.AutoscalingPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.AutoscalingPolicyIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamBinding(ctx, \"binding\", \u0026dataproc.AutoscalingPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBinding;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AutoscalingPolicyIamBinding(\"binding\", AutoscalingPolicyIamBindingArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:AutoscalingPolicyIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.AutoscalingPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.AutoscalingPolicyIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.AutoscalingPolicyIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.AutoscalingPolicyIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamMember(ctx, \"member\", \u0026dataproc.AutoscalingPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMember;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AutoscalingPolicyIamMember(\"member\", AutoscalingPolicyIamMemberArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:AutoscalingPolicyIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataproc AutoscalingPolicy\nThree different resources help you manage your IAM policy for Dataproc AutoscalingPolicy. Each of these resources serves a different use case:\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Authoritative. Sets the IAM policy for the autoscalingpolicy and replaces any existing policy already attached.\n* `gcp.dataproc.AutoscalingPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the autoscalingpolicy are preserved.\n* `gcp.dataproc.AutoscalingPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the autoscalingpolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Retrieves the IAM policy for the autoscalingpolicy\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.AutoscalingPolicyIamBinding` and `gcp.dataproc.AutoscalingPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamBinding` resources **can be** used in conjunction with `gcp.dataproc.AutoscalingPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.AutoscalingPolicyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.AutoscalingPolicyIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewAutoscalingPolicyIamPolicy(ctx, \"policy\", \u0026dataproc.AutoscalingPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicy;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AutoscalingPolicyIamPolicy(\"policy\", AutoscalingPolicyIamPolicyArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:AutoscalingPolicyIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.AutoscalingPolicyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.AutoscalingPolicyIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamBinding(ctx, \"binding\", \u0026dataproc.AutoscalingPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBinding;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AutoscalingPolicyIamBinding(\"binding\", AutoscalingPolicyIamBindingArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:AutoscalingPolicyIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.AutoscalingPolicyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.AutoscalingPolicyIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.AutoscalingPolicyIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.AutoscalingPolicyIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamMember(ctx, \"member\", \u0026dataproc.AutoscalingPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMember;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AutoscalingPolicyIamMember(\"member\", AutoscalingPolicyIamMemberArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:AutoscalingPolicyIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}}\n\n* {{project}}/{{location}}/{{policy_id}}\n\n* {{location}}/{{policy_id}}\n\n* {{policy_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataproc autoscalingpolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamPolicy:AutoscalingPolicyIamPolicy editor \"projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamPolicy:AutoscalingPolicyIamPolicy editor \"projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamPolicy:AutoscalingPolicyIamPolicy editor projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -199565,7 +199565,7 @@ } }, "gcp:dataproc/batch:Batch": { - "description": "Dataproc Serverless Batches lets you run Spark workloads without requiring you to\nprovision and manage your own Dataproc cluster.\n\n\nTo get more information about Batch, see:\n\n* [API documentation](https://cloud.google.com/dataproc-serverless/docs/reference/rest/v1/projects.locations.batches)\n* How-to Guides\n * [Dataproc Serverless Batches Intro](https://cloud.google.com/dataproc-serverless/docs/overview)\n\n## Example Usage\n\n### Dataproc Batch Spark\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst exampleBatchSpark = new gcp.dataproc.Batch(\"example_batch_spark\", {\n batchId: \"tf-test-batch_75125\",\n location: \"us-central1\",\n labels: {\n batch_test: \"terraform\",\n },\n runtimeConfig: {\n properties: {\n \"spark.dynamicAllocation.enabled\": \"false\",\n \"spark.executor.instances\": \"2\",\n },\n },\n environmentConfig: {\n executionConfig: {\n subnetworkUri: \"default\",\n ttl: \"3600s\",\n networkTags: [\"tag1\"],\n },\n },\n sparkBatch: {\n mainClass: \"org.apache.spark.examples.SparkPi\",\n args: [\"10\"],\n jarFileUris: [\"file:///usr/lib/spark/examples/jars/spark-examples.jar\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample_batch_spark = gcp.dataproc.Batch(\"example_batch_spark\",\n batch_id=\"tf-test-batch_75125\",\n location=\"us-central1\",\n labels={\n \"batch_test\": \"terraform\",\n },\n runtime_config={\n \"properties\": {\n \"spark.dynamicAllocation.enabled\": \"false\",\n \"spark.executor.instances\": \"2\",\n },\n },\n environment_config={\n \"execution_config\": {\n \"subnetwork_uri\": \"default\",\n \"ttl\": \"3600s\",\n \"network_tags\": [\"tag1\"],\n },\n },\n spark_batch={\n \"main_class\": \"org.apache.spark.examples.SparkPi\",\n \"args\": [\"10\"],\n \"jar_file_uris\": [\"file:///usr/lib/spark/examples/jars/spark-examples.jar\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleBatchSpark = new Gcp.Dataproc.Batch(\"example_batch_spark\", new()\n {\n BatchId = \"tf-test-batch_75125\",\n Location = \"us-central1\",\n Labels = \n {\n { \"batch_test\", \"terraform\" },\n },\n RuntimeConfig = new Gcp.Dataproc.Inputs.BatchRuntimeConfigArgs\n {\n Properties = \n {\n { \"spark.dynamicAllocation.enabled\", \"false\" },\n { \"spark.executor.instances\", \"2\" },\n },\n },\n EnvironmentConfig = new Gcp.Dataproc.Inputs.BatchEnvironmentConfigArgs\n {\n ExecutionConfig = new Gcp.Dataproc.Inputs.BatchEnvironmentConfigExecutionConfigArgs\n {\n SubnetworkUri = \"default\",\n Ttl = \"3600s\",\n NetworkTags = new[]\n {\n \"tag1\",\n },\n },\n },\n SparkBatch = new Gcp.Dataproc.Inputs.BatchSparkBatchArgs\n {\n MainClass = \"org.apache.spark.examples.SparkPi\",\n Args = new[]\n {\n \"10\",\n },\n JarFileUris = new[]\n {\n \"file:///usr/lib/spark/examples/jars/spark-examples.jar\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewBatch(ctx, \"example_batch_spark\", \u0026dataproc.BatchArgs{\n\t\t\tBatchId: pulumi.String(\"tf-test-batch_75125\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"batch_test\": pulumi.String(\"terraform\"),\n\t\t\t},\n\t\t\tRuntimeConfig: \u0026dataproc.BatchRuntimeConfigArgs{\n\t\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\t\"spark.dynamicAllocation.enabled\": pulumi.String(\"false\"),\n\t\t\t\t\t\"spark.executor.instances\": pulumi.String(\"2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEnvironmentConfig: \u0026dataproc.BatchEnvironmentConfigArgs{\n\t\t\t\tExecutionConfig: \u0026dataproc.BatchEnvironmentConfigExecutionConfigArgs{\n\t\t\t\t\tSubnetworkUri: pulumi.String(\"default\"),\n\t\t\t\t\tTtl: pulumi.String(\"3600s\"),\n\t\t\t\t\tNetworkTags: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"tag1\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tSparkBatch: \u0026dataproc.BatchSparkBatchArgs{\n\t\t\t\tMainClass: pulumi.String(\"org.apache.spark.examples.SparkPi\"),\n\t\t\t\tArgs: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10\"),\n\t\t\t\t},\n\t\t\t\tJarFileUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"file:///usr/lib/spark/examples/jars/spark-examples.jar\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.Batch;\nimport com.pulumi.gcp.dataproc.BatchArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchRuntimeConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchEnvironmentConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchEnvironmentConfigExecutionConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchSparkBatchArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleBatchSpark = new Batch(\"exampleBatchSpark\", BatchArgs.builder()\n .batchId(\"tf-test-batch_75125\")\n .location(\"us-central1\")\n .labels(Map.of(\"batch_test\", \"terraform\"))\n .runtimeConfig(BatchRuntimeConfigArgs.builder()\n .properties(Map.ofEntries(\n Map.entry(\"spark.dynamicAllocation.enabled\", \"false\"),\n Map.entry(\"spark.executor.instances\", \"2\")\n ))\n .build())\n .environmentConfig(BatchEnvironmentConfigArgs.builder()\n .executionConfig(BatchEnvironmentConfigExecutionConfigArgs.builder()\n .subnetworkUri(\"default\")\n .ttl(\"3600s\")\n .networkTags(\"tag1\")\n .build())\n .build())\n .sparkBatch(BatchSparkBatchArgs.builder()\n .mainClass(\"org.apache.spark.examples.SparkPi\")\n .args(\"10\")\n .jarFileUris(\"file:///usr/lib/spark/examples/jars/spark-examples.jar\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleBatchSpark:\n type: gcp:dataproc:Batch\n name: example_batch_spark\n properties:\n batchId: tf-test-batch_75125\n location: us-central1\n labels:\n batch_test: terraform\n runtimeConfig:\n properties:\n spark.dynamicAllocation.enabled: 'false'\n spark.executor.instances: '2'\n environmentConfig:\n executionConfig:\n subnetworkUri: default\n ttl: 3600s\n networkTags:\n - tag1\n sparkBatch:\n mainClass: org.apache.spark.examples.SparkPi\n args:\n - '10'\n jarFileUris:\n - file:///usr/lib/spark/examples/jars/spark-examples.jar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dataproc Batch Spark Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst gcsAccount = gcp.storage.getProjectServiceAccount({});\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n uniformBucketLevelAccess: true,\n name: \"dataproc-bucket\",\n location: \"US\",\n forceDestroy: true,\n});\nconst keyRing = new gcp.kms.KeyRing(\"key_ring\", {\n name: \"example-keyring\",\n location: \"us-central1\",\n});\nconst cryptoKey = new gcp.kms.CryptoKey(\"crypto_key\", {\n name: \"example-key\",\n keyRing: keyRing.id,\n purpose: \"ENCRYPT_DECRYPT\",\n});\nconst cryptoKeyMember1 = new gcp.kms.CryptoKeyIAMMember(\"crypto_key_member_1\", {\n cryptoKeyId: cryptoKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@dataproc-accounts.iam.gserviceaccount.com`),\n});\nconst ms = new gcp.dataproc.MetastoreService(\"ms\", {\n serviceId: \"dataproc-batch\",\n location: \"us-central1\",\n port: 9080,\n tier: \"DEVELOPER\",\n maintenanceWindow: {\n hourOfDay: 2,\n dayOfWeek: \"SUNDAY\",\n },\n hiveMetastoreConfig: {\n version: \"3.1.2\",\n },\n});\nconst basic = new gcp.dataproc.Cluster(\"basic\", {\n name: \"dataproc-batch\",\n region: \"us-central1\",\n clusterConfig: {\n softwareConfig: {\n overrideProperties: {\n \"dataproc:dataproc.allow.zero.workers\": \"true\",\n \"spark:spark.history.fs.logDirectory\": pulumi.interpolate`gs://${bucket.name}/*/spark-job-history`,\n },\n },\n endpointConfig: {\n enableHttpPortAccess: true,\n },\n masterConfig: {\n numInstances: 1,\n machineType: \"e2-standard-2\",\n diskConfig: {\n bootDiskSizeGb: 35,\n },\n },\n metastoreConfig: {\n dataprocMetastoreService: ms.name,\n },\n },\n});\nconst exampleBatchSpark = new gcp.dataproc.Batch(\"example_batch_spark\", {\n batchId: \"dataproc-batch\",\n location: \"us-central1\",\n labels: {\n batch_test: \"terraform\",\n },\n runtimeConfig: {\n properties: {\n \"spark.dynamicAllocation.enabled\": \"false\",\n \"spark.executor.instances\": \"2\",\n },\n version: \"2.2\",\n },\n environmentConfig: {\n executionConfig: {\n ttl: \"3600s\",\n networkTags: [\"tag1\"],\n kmsKey: cryptoKey.id,\n networkUri: \"default\",\n serviceAccount: project.then(project =\u003e `${project.number}-compute@developer.gserviceaccount.com`),\n stagingBucket: bucket.name,\n },\n peripheralsConfig: {\n metastoreService: ms.name,\n sparkHistoryServerConfig: {\n dataprocCluster: basic.id,\n },\n },\n },\n sparkBatch: {\n mainClass: \"org.apache.spark.examples.SparkPi\",\n args: [\"10\"],\n jarFileUris: [\"file:///usr/lib/spark/examples/jars/spark-examples.jar\"],\n },\n}, {\n dependsOn: [cryptoKeyMember1],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ngcs_account = gcp.storage.get_project_service_account()\nbucket = gcp.storage.Bucket(\"bucket\",\n uniform_bucket_level_access=True,\n name=\"dataproc-bucket\",\n location=\"US\",\n force_destroy=True)\nkey_ring = gcp.kms.KeyRing(\"key_ring\",\n name=\"example-keyring\",\n location=\"us-central1\")\ncrypto_key = gcp.kms.CryptoKey(\"crypto_key\",\n name=\"example-key\",\n key_ring=key_ring.id,\n purpose=\"ENCRYPT_DECRYPT\")\ncrypto_key_member1 = gcp.kms.CryptoKeyIAMMember(\"crypto_key_member_1\",\n crypto_key_id=crypto_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:service-{project.number}@dataproc-accounts.iam.gserviceaccount.com\")\nms = gcp.dataproc.MetastoreService(\"ms\",\n service_id=\"dataproc-batch\",\n location=\"us-central1\",\n port=9080,\n tier=\"DEVELOPER\",\n maintenance_window={\n \"hour_of_day\": 2,\n \"day_of_week\": \"SUNDAY\",\n },\n hive_metastore_config={\n \"version\": \"3.1.2\",\n })\nbasic = gcp.dataproc.Cluster(\"basic\",\n name=\"dataproc-batch\",\n region=\"us-central1\",\n cluster_config={\n \"software_config\": {\n \"override_properties\": {\n \"dataproc:dataproc.allow.zero.workers\": \"true\",\n \"spark:spark.history.fs.logDirectory\": bucket.name.apply(lambda name: f\"gs://{name}/*/spark-job-history\"),\n },\n },\n \"endpoint_config\": {\n \"enable_http_port_access\": True,\n },\n \"master_config\": {\n \"num_instances\": 1,\n \"machine_type\": \"e2-standard-2\",\n \"disk_config\": {\n \"boot_disk_size_gb\": 35,\n },\n },\n \"metastore_config\": {\n \"dataproc_metastore_service\": ms.name,\n },\n })\nexample_batch_spark = gcp.dataproc.Batch(\"example_batch_spark\",\n batch_id=\"dataproc-batch\",\n location=\"us-central1\",\n labels={\n \"batch_test\": \"terraform\",\n },\n runtime_config={\n \"properties\": {\n \"spark.dynamicAllocation.enabled\": \"false\",\n \"spark.executor.instances\": \"2\",\n },\n \"version\": \"2.2\",\n },\n environment_config={\n \"execution_config\": {\n \"ttl\": \"3600s\",\n \"network_tags\": [\"tag1\"],\n \"kms_key\": crypto_key.id,\n \"network_uri\": \"default\",\n \"service_account\": f\"{project.number}-compute@developer.gserviceaccount.com\",\n \"staging_bucket\": bucket.name,\n },\n \"peripherals_config\": {\n \"metastore_service\": ms.name,\n \"spark_history_server_config\": {\n \"dataproc_cluster\": basic.id,\n },\n },\n },\n spark_batch={\n \"main_class\": \"org.apache.spark.examples.SparkPi\",\n \"args\": [\"10\"],\n \"jar_file_uris\": [\"file:///usr/lib/spark/examples/jars/spark-examples.jar\"],\n },\n opts = pulumi.ResourceOptions(depends_on=[crypto_key_member1]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var gcsAccount = Gcp.Storage.GetProjectServiceAccount.Invoke();\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n UniformBucketLevelAccess = true,\n Name = \"dataproc-bucket\",\n Location = \"US\",\n ForceDestroy = true,\n });\n\n var keyRing = new Gcp.Kms.KeyRing(\"key_ring\", new()\n {\n Name = \"example-keyring\",\n Location = \"us-central1\",\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKey(\"crypto_key\", new()\n {\n Name = \"example-key\",\n KeyRing = keyRing.Id,\n Purpose = \"ENCRYPT_DECRYPT\",\n });\n\n var cryptoKeyMember1 = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key_member_1\", new()\n {\n CryptoKeyId = cryptoKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@dataproc-accounts.iam.gserviceaccount.com\",\n });\n\n var ms = new Gcp.Dataproc.MetastoreService(\"ms\", new()\n {\n ServiceId = \"dataproc-batch\",\n Location = \"us-central1\",\n Port = 9080,\n Tier = \"DEVELOPER\",\n MaintenanceWindow = new Gcp.Dataproc.Inputs.MetastoreServiceMaintenanceWindowArgs\n {\n HourOfDay = 2,\n DayOfWeek = \"SUNDAY\",\n },\n HiveMetastoreConfig = new Gcp.Dataproc.Inputs.MetastoreServiceHiveMetastoreConfigArgs\n {\n Version = \"3.1.2\",\n },\n });\n\n var basic = new Gcp.Dataproc.Cluster(\"basic\", new()\n {\n Name = \"dataproc-batch\",\n Region = \"us-central1\",\n ClusterConfig = new Gcp.Dataproc.Inputs.ClusterClusterConfigArgs\n {\n SoftwareConfig = new Gcp.Dataproc.Inputs.ClusterClusterConfigSoftwareConfigArgs\n {\n OverrideProperties = \n {\n { \"dataproc:dataproc.allow.zero.workers\", \"true\" },\n { \"spark:spark.history.fs.logDirectory\", bucket.Name.Apply(name =\u003e $\"gs://{name}/*/spark-job-history\") },\n },\n },\n EndpointConfig = new Gcp.Dataproc.Inputs.ClusterClusterConfigEndpointConfigArgs\n {\n EnableHttpPortAccess = true,\n },\n MasterConfig = new Gcp.Dataproc.Inputs.ClusterClusterConfigMasterConfigArgs\n {\n NumInstances = 1,\n MachineType = \"e2-standard-2\",\n DiskConfig = new Gcp.Dataproc.Inputs.ClusterClusterConfigMasterConfigDiskConfigArgs\n {\n BootDiskSizeGb = 35,\n },\n },\n MetastoreConfig = new Gcp.Dataproc.Inputs.ClusterClusterConfigMetastoreConfigArgs\n {\n DataprocMetastoreService = ms.Name,\n },\n },\n });\n\n var exampleBatchSpark = new Gcp.Dataproc.Batch(\"example_batch_spark\", new()\n {\n BatchId = \"dataproc-batch\",\n Location = \"us-central1\",\n Labels = \n {\n { \"batch_test\", \"terraform\" },\n },\n RuntimeConfig = new Gcp.Dataproc.Inputs.BatchRuntimeConfigArgs\n {\n Properties = \n {\n { \"spark.dynamicAllocation.enabled\", \"false\" },\n { \"spark.executor.instances\", \"2\" },\n },\n Version = \"2.2\",\n },\n EnvironmentConfig = new Gcp.Dataproc.Inputs.BatchEnvironmentConfigArgs\n {\n ExecutionConfig = new Gcp.Dataproc.Inputs.BatchEnvironmentConfigExecutionConfigArgs\n {\n Ttl = \"3600s\",\n NetworkTags = new[]\n {\n \"tag1\",\n },\n KmsKey = cryptoKey.Id,\n NetworkUri = \"default\",\n ServiceAccount = $\"{project.Apply(getProjectResult =\u003e getProjectResult.Number)}-compute@developer.gserviceaccount.com\",\n StagingBucket = bucket.Name,\n },\n PeripheralsConfig = new Gcp.Dataproc.Inputs.BatchEnvironmentConfigPeripheralsConfigArgs\n {\n MetastoreService = ms.Name,\n SparkHistoryServerConfig = new Gcp.Dataproc.Inputs.BatchEnvironmentConfigPeripheralsConfigSparkHistoryServerConfigArgs\n {\n DataprocCluster = basic.Id,\n },\n },\n },\n SparkBatch = new Gcp.Dataproc.Inputs.BatchSparkBatchArgs\n {\n MainClass = \"org.apache.spark.examples.SparkPi\",\n Args = new[]\n {\n \"10\",\n },\n JarFileUris = new[]\n {\n \"file:///usr/lib/spark/examples/jars/spark-examples.jar\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n cryptoKeyMember1,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.GetProjectServiceAccount(ctx, \u0026storage.GetProjectServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t\tName: pulumi.String(\"dataproc-bucket\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkeyRing, err := kms.NewKeyRing(ctx, \"key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"example-keyring\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKey(ctx, \"crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"example-key\"),\n\t\t\tKeyRing: keyRing.ID(),\n\t\t\tPurpose: pulumi.String(\"ENCRYPT_DECRYPT\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKeyMember1, err := kms.NewCryptoKeyIAMMember(ctx, \"crypto_key_member_1\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: cryptoKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@dataproc-accounts.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tms, err := dataproc.NewMetastoreService(ctx, \"ms\", \u0026dataproc.MetastoreServiceArgs{\n\t\t\tServiceId: pulumi.String(\"dataproc-batch\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPort: pulumi.Int(9080),\n\t\t\tTier: pulumi.String(\"DEVELOPER\"),\n\t\t\tMaintenanceWindow: \u0026dataproc.MetastoreServiceMaintenanceWindowArgs{\n\t\t\t\tHourOfDay: pulumi.Int(2),\n\t\t\t\tDayOfWeek: pulumi.String(\"SUNDAY\"),\n\t\t\t},\n\t\t\tHiveMetastoreConfig: \u0026dataproc.MetastoreServiceHiveMetastoreConfigArgs{\n\t\t\t\tVersion: pulumi.String(\"3.1.2\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasic, err := dataproc.NewCluster(ctx, \"basic\", \u0026dataproc.ClusterArgs{\n\t\t\tName: pulumi.String(\"dataproc-batch\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tClusterConfig: \u0026dataproc.ClusterClusterConfigArgs{\n\t\t\t\tSoftwareConfig: \u0026dataproc.ClusterClusterConfigSoftwareConfigArgs{\n\t\t\t\t\tOverrideProperties: pulumi.StringMap{\n\t\t\t\t\t\t\"dataproc:dataproc.allow.zero.workers\": pulumi.String(\"true\"),\n\t\t\t\t\t\t\"spark:spark.history.fs.logDirectory\": bucket.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/*/spark-job-history\", name), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tEndpointConfig: \u0026dataproc.ClusterClusterConfigEndpointConfigArgs{\n\t\t\t\t\tEnableHttpPortAccess: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tMasterConfig: \u0026dataproc.ClusterClusterConfigMasterConfigArgs{\n\t\t\t\t\tNumInstances: pulumi.Int(1),\n\t\t\t\t\tMachineType: pulumi.String(\"e2-standard-2\"),\n\t\t\t\t\tDiskConfig: \u0026dataproc.ClusterClusterConfigMasterConfigDiskConfigArgs{\n\t\t\t\t\t\tBootDiskSizeGb: pulumi.Int(35),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tMetastoreConfig: \u0026dataproc.ClusterClusterConfigMetastoreConfigArgs{\n\t\t\t\t\tDataprocMetastoreService: ms.Name,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewBatch(ctx, \"example_batch_spark\", \u0026dataproc.BatchArgs{\n\t\t\tBatchId: pulumi.String(\"dataproc-batch\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"batch_test\": pulumi.String(\"terraform\"),\n\t\t\t},\n\t\t\tRuntimeConfig: \u0026dataproc.BatchRuntimeConfigArgs{\n\t\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\t\"spark.dynamicAllocation.enabled\": pulumi.String(\"false\"),\n\t\t\t\t\t\"spark.executor.instances\": pulumi.String(\"2\"),\n\t\t\t\t},\n\t\t\t\tVersion: pulumi.String(\"2.2\"),\n\t\t\t},\n\t\t\tEnvironmentConfig: \u0026dataproc.BatchEnvironmentConfigArgs{\n\t\t\t\tExecutionConfig: \u0026dataproc.BatchEnvironmentConfigExecutionConfigArgs{\n\t\t\t\t\tTtl: pulumi.String(\"3600s\"),\n\t\t\t\t\tNetworkTags: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"tag1\"),\n\t\t\t\t\t},\n\t\t\t\t\tKmsKey: cryptoKey.ID(),\n\t\t\t\t\tNetworkUri: pulumi.String(\"default\"),\n\t\t\t\t\tServiceAccount: pulumi.Sprintf(\"%v-compute@developer.gserviceaccount.com\", project.Number),\n\t\t\t\t\tStagingBucket: bucket.Name,\n\t\t\t\t},\n\t\t\t\tPeripheralsConfig: \u0026dataproc.BatchEnvironmentConfigPeripheralsConfigArgs{\n\t\t\t\t\tMetastoreService: ms.Name,\n\t\t\t\t\tSparkHistoryServerConfig: \u0026dataproc.BatchEnvironmentConfigPeripheralsConfigSparkHistoryServerConfigArgs{\n\t\t\t\t\t\tDataprocCluster: basic.ID(),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tSparkBatch: \u0026dataproc.BatchSparkBatchArgs{\n\t\t\t\tMainClass: pulumi.String(\"org.apache.spark.examples.SparkPi\"),\n\t\t\t\tArgs: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10\"),\n\t\t\t\t},\n\t\t\t\tJarFileUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"file:///usr/lib/spark/examples/jars/spark-examples.jar\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcryptoKeyMember1,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.storage.StorageFunctions;\nimport com.pulumi.gcp.storage.inputs.GetProjectServiceAccountArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.dataproc.MetastoreService;\nimport com.pulumi.gcp.dataproc.MetastoreServiceArgs;\nimport com.pulumi.gcp.dataproc.inputs.MetastoreServiceMaintenanceWindowArgs;\nimport com.pulumi.gcp.dataproc.inputs.MetastoreServiceHiveMetastoreConfigArgs;\nimport com.pulumi.gcp.dataproc.Cluster;\nimport com.pulumi.gcp.dataproc.ClusterArgs;\nimport com.pulumi.gcp.dataproc.inputs.ClusterClusterConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.ClusterClusterConfigSoftwareConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.ClusterClusterConfigEndpointConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.ClusterClusterConfigMasterConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.ClusterClusterConfigMasterConfigDiskConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.ClusterClusterConfigMetastoreConfigArgs;\nimport com.pulumi.gcp.dataproc.Batch;\nimport com.pulumi.gcp.dataproc.BatchArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchRuntimeConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchEnvironmentConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchEnvironmentConfigExecutionConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchEnvironmentConfigPeripheralsConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchEnvironmentConfigPeripheralsConfigSparkHistoryServerConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchSparkBatchArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n final var gcsAccount = StorageFunctions.getProjectServiceAccount();\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .uniformBucketLevelAccess(true)\n .name(\"dataproc-bucket\")\n .location(\"US\")\n .forceDestroy(true)\n .build());\n\n var keyRing = new KeyRing(\"keyRing\", KeyRingArgs.builder()\n .name(\"example-keyring\")\n .location(\"us-central1\")\n .build());\n\n var cryptoKey = new CryptoKey(\"cryptoKey\", CryptoKeyArgs.builder()\n .name(\"example-key\")\n .keyRing(keyRing.id())\n .purpose(\"ENCRYPT_DECRYPT\")\n .build());\n\n var cryptoKeyMember1 = new CryptoKeyIAMMember(\"cryptoKeyMember1\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(cryptoKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:service-%s@dataproc-accounts.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var ms = new MetastoreService(\"ms\", MetastoreServiceArgs.builder()\n .serviceId(\"dataproc-batch\")\n .location(\"us-central1\")\n .port(9080)\n .tier(\"DEVELOPER\")\n .maintenanceWindow(MetastoreServiceMaintenanceWindowArgs.builder()\n .hourOfDay(2)\n .dayOfWeek(\"SUNDAY\")\n .build())\n .hiveMetastoreConfig(MetastoreServiceHiveMetastoreConfigArgs.builder()\n .version(\"3.1.2\")\n .build())\n .build());\n\n var basic = new Cluster(\"basic\", ClusterArgs.builder()\n .name(\"dataproc-batch\")\n .region(\"us-central1\")\n .clusterConfig(ClusterClusterConfigArgs.builder()\n .softwareConfig(ClusterClusterConfigSoftwareConfigArgs.builder()\n .overrideProperties(Map.ofEntries(\n Map.entry(\"dataproc:dataproc.allow.zero.workers\", \"true\"),\n Map.entry(\"spark:spark.history.fs.logDirectory\", bucket.name().applyValue(name -\u003e String.format(\"gs://%s/*/spark-job-history\", name)))\n ))\n .build())\n .endpointConfig(ClusterClusterConfigEndpointConfigArgs.builder()\n .enableHttpPortAccess(true)\n .build())\n .masterConfig(ClusterClusterConfigMasterConfigArgs.builder()\n .numInstances(1)\n .machineType(\"e2-standard-2\")\n .diskConfig(ClusterClusterConfigMasterConfigDiskConfigArgs.builder()\n .bootDiskSizeGb(35)\n .build())\n .build())\n .metastoreConfig(ClusterClusterConfigMetastoreConfigArgs.builder()\n .dataprocMetastoreService(ms.name())\n .build())\n .build())\n .build());\n\n var exampleBatchSpark = new Batch(\"exampleBatchSpark\", BatchArgs.builder()\n .batchId(\"dataproc-batch\")\n .location(\"us-central1\")\n .labels(Map.of(\"batch_test\", \"terraform\"))\n .runtimeConfig(BatchRuntimeConfigArgs.builder()\n .properties(Map.ofEntries(\n Map.entry(\"spark.dynamicAllocation.enabled\", \"false\"),\n Map.entry(\"spark.executor.instances\", \"2\")\n ))\n .version(\"2.2\")\n .build())\n .environmentConfig(BatchEnvironmentConfigArgs.builder()\n .executionConfig(BatchEnvironmentConfigExecutionConfigArgs.builder()\n .ttl(\"3600s\")\n .networkTags(\"tag1\")\n .kmsKey(cryptoKey.id())\n .networkUri(\"default\")\n .serviceAccount(String.format(\"%s-compute@developer.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .stagingBucket(bucket.name())\n .build())\n .peripheralsConfig(BatchEnvironmentConfigPeripheralsConfigArgs.builder()\n .metastoreService(ms.name())\n .sparkHistoryServerConfig(BatchEnvironmentConfigPeripheralsConfigSparkHistoryServerConfigArgs.builder()\n .dataprocCluster(basic.id())\n .build())\n .build())\n .build())\n .sparkBatch(BatchSparkBatchArgs.builder()\n .mainClass(\"org.apache.spark.examples.SparkPi\")\n .args(\"10\")\n .jarFileUris(\"file:///usr/lib/spark/examples/jars/spark-examples.jar\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(cryptoKeyMember1)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleBatchSpark:\n type: gcp:dataproc:Batch\n name: example_batch_spark\n properties:\n batchId: dataproc-batch\n location: us-central1\n labels:\n batch_test: terraform\n runtimeConfig:\n properties:\n spark.dynamicAllocation.enabled: 'false'\n spark.executor.instances: '2'\n version: '2.2'\n environmentConfig:\n executionConfig:\n ttl: 3600s\n networkTags:\n - tag1\n kmsKey: ${cryptoKey.id}\n networkUri: default\n serviceAccount: ${project.number}-compute@developer.gserviceaccount.com\n stagingBucket: ${bucket.name}\n peripheralsConfig:\n metastoreService: ${ms.name}\n sparkHistoryServerConfig:\n dataprocCluster: ${basic.id}\n sparkBatch:\n mainClass: org.apache.spark.examples.SparkPi\n args:\n - '10'\n jarFileUris:\n - file:///usr/lib/spark/examples/jars/spark-examples.jar\n options:\n dependson:\n - ${cryptoKeyMember1}\n bucket:\n type: gcp:storage:Bucket\n properties:\n uniformBucketLevelAccess: true\n name: dataproc-bucket\n location: US\n forceDestroy: true\n cryptoKey:\n type: gcp:kms:CryptoKey\n name: crypto_key\n properties:\n name: example-key\n keyRing: ${keyRing.id}\n purpose: ENCRYPT_DECRYPT\n keyRing:\n type: gcp:kms:KeyRing\n name: key_ring\n properties:\n name: example-keyring\n location: us-central1\n cryptoKeyMember1:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key_member_1\n properties:\n cryptoKeyId: ${cryptoKey.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:service-${project.number}@dataproc-accounts.iam.gserviceaccount.com\n basic:\n type: gcp:dataproc:Cluster\n properties:\n name: dataproc-batch\n region: us-central1\n clusterConfig:\n softwareConfig:\n overrideProperties:\n dataproc:dataproc.allow.zero.workers: 'true'\n spark:spark.history.fs.logDirectory: gs://${bucket.name}/*/spark-job-history\n endpointConfig:\n enableHttpPortAccess: true\n masterConfig:\n numInstances: 1\n machineType: e2-standard-2\n diskConfig:\n bootDiskSizeGb: 35\n metastoreConfig:\n dataprocMetastoreService: ${ms.name}\n ms:\n type: gcp:dataproc:MetastoreService\n properties:\n serviceId: dataproc-batch\n location: us-central1\n port: 9080\n tier: DEVELOPER\n maintenanceWindow:\n hourOfDay: 2\n dayOfWeek: SUNDAY\n hiveMetastoreConfig:\n version: 3.1.2\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n gcsAccount:\n fn::invoke:\n Function: gcp:storage:getProjectServiceAccount\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dataproc Batch Sparksql\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst exampleBatchSparsql = new gcp.dataproc.Batch(\"example_batch_sparsql\", {\n batchId: \"tf-test-batch_88722\",\n location: \"us-central1\",\n runtimeConfig: {\n properties: {\n \"spark.dynamicAllocation.enabled\": \"false\",\n \"spark.executor.instances\": \"2\",\n },\n },\n environmentConfig: {\n executionConfig: {\n subnetworkUri: \"default\",\n },\n },\n sparkSqlBatch: {\n queryFileUri: \"gs://dataproc-examples/spark-sql/natality/cigarette_correlations.sql\",\n jarFileUris: [\"file:///usr/lib/spark/examples/jars/spark-examples.jar\"],\n queryVariables: {\n name: \"value\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample_batch_sparsql = gcp.dataproc.Batch(\"example_batch_sparsql\",\n batch_id=\"tf-test-batch_88722\",\n location=\"us-central1\",\n runtime_config={\n \"properties\": {\n \"spark.dynamicAllocation.enabled\": \"false\",\n \"spark.executor.instances\": \"2\",\n },\n },\n environment_config={\n \"execution_config\": {\n \"subnetwork_uri\": \"default\",\n },\n },\n spark_sql_batch={\n \"query_file_uri\": \"gs://dataproc-examples/spark-sql/natality/cigarette_correlations.sql\",\n \"jar_file_uris\": [\"file:///usr/lib/spark/examples/jars/spark-examples.jar\"],\n \"query_variables\": {\n \"name\": \"value\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleBatchSparsql = new Gcp.Dataproc.Batch(\"example_batch_sparsql\", new()\n {\n BatchId = \"tf-test-batch_88722\",\n Location = \"us-central1\",\n RuntimeConfig = new Gcp.Dataproc.Inputs.BatchRuntimeConfigArgs\n {\n Properties = \n {\n { \"spark.dynamicAllocation.enabled\", \"false\" },\n { \"spark.executor.instances\", \"2\" },\n },\n },\n EnvironmentConfig = new Gcp.Dataproc.Inputs.BatchEnvironmentConfigArgs\n {\n ExecutionConfig = new Gcp.Dataproc.Inputs.BatchEnvironmentConfigExecutionConfigArgs\n {\n SubnetworkUri = \"default\",\n },\n },\n SparkSqlBatch = new Gcp.Dataproc.Inputs.BatchSparkSqlBatchArgs\n {\n QueryFileUri = \"gs://dataproc-examples/spark-sql/natality/cigarette_correlations.sql\",\n JarFileUris = new[]\n {\n \"file:///usr/lib/spark/examples/jars/spark-examples.jar\",\n },\n QueryVariables = \n {\n { \"name\", \"value\" },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewBatch(ctx, \"example_batch_sparsql\", \u0026dataproc.BatchArgs{\n\t\t\tBatchId: pulumi.String(\"tf-test-batch_88722\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRuntimeConfig: \u0026dataproc.BatchRuntimeConfigArgs{\n\t\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\t\"spark.dynamicAllocation.enabled\": pulumi.String(\"false\"),\n\t\t\t\t\t\"spark.executor.instances\": pulumi.String(\"2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEnvironmentConfig: \u0026dataproc.BatchEnvironmentConfigArgs{\n\t\t\t\tExecutionConfig: \u0026dataproc.BatchEnvironmentConfigExecutionConfigArgs{\n\t\t\t\t\tSubnetworkUri: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tSparkSqlBatch: \u0026dataproc.BatchSparkSqlBatchArgs{\n\t\t\t\tQueryFileUri: pulumi.String(\"gs://dataproc-examples/spark-sql/natality/cigarette_correlations.sql\"),\n\t\t\t\tJarFileUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"file:///usr/lib/spark/examples/jars/spark-examples.jar\"),\n\t\t\t\t},\n\t\t\t\tQueryVariables: pulumi.StringMap{\n\t\t\t\t\t\"name\": pulumi.String(\"value\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.Batch;\nimport com.pulumi.gcp.dataproc.BatchArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchRuntimeConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchEnvironmentConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchEnvironmentConfigExecutionConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchSparkSqlBatchArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleBatchSparsql = new Batch(\"exampleBatchSparsql\", BatchArgs.builder()\n .batchId(\"tf-test-batch_88722\")\n .location(\"us-central1\")\n .runtimeConfig(BatchRuntimeConfigArgs.builder()\n .properties(Map.ofEntries(\n Map.entry(\"spark.dynamicAllocation.enabled\", \"false\"),\n Map.entry(\"spark.executor.instances\", \"2\")\n ))\n .build())\n .environmentConfig(BatchEnvironmentConfigArgs.builder()\n .executionConfig(BatchEnvironmentConfigExecutionConfigArgs.builder()\n .subnetworkUri(\"default\")\n .build())\n .build())\n .sparkSqlBatch(BatchSparkSqlBatchArgs.builder()\n .queryFileUri(\"gs://dataproc-examples/spark-sql/natality/cigarette_correlations.sql\")\n .jarFileUris(\"file:///usr/lib/spark/examples/jars/spark-examples.jar\")\n .queryVariables(Map.of(\"name\", \"value\"))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleBatchSparsql:\n type: gcp:dataproc:Batch\n name: example_batch_sparsql\n properties:\n batchId: tf-test-batch_88722\n location: us-central1\n runtimeConfig:\n properties:\n spark.dynamicAllocation.enabled: 'false'\n spark.executor.instances: '2'\n environmentConfig:\n executionConfig:\n subnetworkUri: default\n sparkSqlBatch:\n queryFileUri: gs://dataproc-examples/spark-sql/natality/cigarette_correlations.sql\n jarFileUris:\n - file:///usr/lib/spark/examples/jars/spark-examples.jar\n queryVariables:\n name: value\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dataproc Batch Pyspark\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst exampleBatchPyspark = new gcp.dataproc.Batch(\"example_batch_pyspark\", {\n batchId: \"tf-test-batch_39249\",\n location: \"us-central1\",\n runtimeConfig: {\n properties: {\n \"spark.dynamicAllocation.enabled\": \"false\",\n \"spark.executor.instances\": \"2\",\n },\n },\n environmentConfig: {\n executionConfig: {\n subnetworkUri: \"default\",\n },\n },\n pysparkBatch: {\n mainPythonFileUri: \"https://storage.googleapis.com/terraform-batches/test_util.py\",\n args: [\"10\"],\n jarFileUris: [\"file:///usr/lib/spark/examples/jars/spark-examples.jar\"],\n pythonFileUris: [\"gs://dataproc-examples/pyspark/hello-world/hello-world.py\"],\n archiveUris: [\n \"https://storage.googleapis.com/terraform-batches/animals.txt.tar.gz#unpacked\",\n \"https://storage.googleapis.com/terraform-batches/animals.txt.jar\",\n \"https://storage.googleapis.com/terraform-batches/animals.txt\",\n ],\n fileUris: [\"https://storage.googleapis.com/terraform-batches/people.txt\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample_batch_pyspark = gcp.dataproc.Batch(\"example_batch_pyspark\",\n batch_id=\"tf-test-batch_39249\",\n location=\"us-central1\",\n runtime_config={\n \"properties\": {\n \"spark.dynamicAllocation.enabled\": \"false\",\n \"spark.executor.instances\": \"2\",\n },\n },\n environment_config={\n \"execution_config\": {\n \"subnetwork_uri\": \"default\",\n },\n },\n pyspark_batch={\n \"main_python_file_uri\": \"https://storage.googleapis.com/terraform-batches/test_util.py\",\n \"args\": [\"10\"],\n \"jar_file_uris\": [\"file:///usr/lib/spark/examples/jars/spark-examples.jar\"],\n \"python_file_uris\": [\"gs://dataproc-examples/pyspark/hello-world/hello-world.py\"],\n \"archive_uris\": [\n \"https://storage.googleapis.com/terraform-batches/animals.txt.tar.gz#unpacked\",\n \"https://storage.googleapis.com/terraform-batches/animals.txt.jar\",\n \"https://storage.googleapis.com/terraform-batches/animals.txt\",\n ],\n \"file_uris\": [\"https://storage.googleapis.com/terraform-batches/people.txt\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleBatchPyspark = new Gcp.Dataproc.Batch(\"example_batch_pyspark\", new()\n {\n BatchId = \"tf-test-batch_39249\",\n Location = \"us-central1\",\n RuntimeConfig = new Gcp.Dataproc.Inputs.BatchRuntimeConfigArgs\n {\n Properties = \n {\n { \"spark.dynamicAllocation.enabled\", \"false\" },\n { \"spark.executor.instances\", \"2\" },\n },\n },\n EnvironmentConfig = new Gcp.Dataproc.Inputs.BatchEnvironmentConfigArgs\n {\n ExecutionConfig = new Gcp.Dataproc.Inputs.BatchEnvironmentConfigExecutionConfigArgs\n {\n SubnetworkUri = \"default\",\n },\n },\n PysparkBatch = new Gcp.Dataproc.Inputs.BatchPysparkBatchArgs\n {\n MainPythonFileUri = \"https://storage.googleapis.com/terraform-batches/test_util.py\",\n Args = new[]\n {\n \"10\",\n },\n JarFileUris = new[]\n {\n \"file:///usr/lib/spark/examples/jars/spark-examples.jar\",\n },\n PythonFileUris = new[]\n {\n \"gs://dataproc-examples/pyspark/hello-world/hello-world.py\",\n },\n ArchiveUris = new[]\n {\n \"https://storage.googleapis.com/terraform-batches/animals.txt.tar.gz#unpacked\",\n \"https://storage.googleapis.com/terraform-batches/animals.txt.jar\",\n \"https://storage.googleapis.com/terraform-batches/animals.txt\",\n },\n FileUris = new[]\n {\n \"https://storage.googleapis.com/terraform-batches/people.txt\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewBatch(ctx, \"example_batch_pyspark\", \u0026dataproc.BatchArgs{\n\t\t\tBatchId: pulumi.String(\"tf-test-batch_39249\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRuntimeConfig: \u0026dataproc.BatchRuntimeConfigArgs{\n\t\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\t\"spark.dynamicAllocation.enabled\": pulumi.String(\"false\"),\n\t\t\t\t\t\"spark.executor.instances\": pulumi.String(\"2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEnvironmentConfig: \u0026dataproc.BatchEnvironmentConfigArgs{\n\t\t\t\tExecutionConfig: \u0026dataproc.BatchEnvironmentConfigExecutionConfigArgs{\n\t\t\t\t\tSubnetworkUri: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPysparkBatch: \u0026dataproc.BatchPysparkBatchArgs{\n\t\t\t\tMainPythonFileUri: pulumi.String(\"https://storage.googleapis.com/terraform-batches/test_util.py\"),\n\t\t\t\tArgs: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10\"),\n\t\t\t\t},\n\t\t\t\tJarFileUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"file:///usr/lib/spark/examples/jars/spark-examples.jar\"),\n\t\t\t\t},\n\t\t\t\tPythonFileUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"gs://dataproc-examples/pyspark/hello-world/hello-world.py\"),\n\t\t\t\t},\n\t\t\t\tArchiveUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"https://storage.googleapis.com/terraform-batches/animals.txt.tar.gz#unpacked\"),\n\t\t\t\t\tpulumi.String(\"https://storage.googleapis.com/terraform-batches/animals.txt.jar\"),\n\t\t\t\t\tpulumi.String(\"https://storage.googleapis.com/terraform-batches/animals.txt\"),\n\t\t\t\t},\n\t\t\t\tFileUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"https://storage.googleapis.com/terraform-batches/people.txt\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.Batch;\nimport com.pulumi.gcp.dataproc.BatchArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchRuntimeConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchEnvironmentConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchEnvironmentConfigExecutionConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchPysparkBatchArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleBatchPyspark = new Batch(\"exampleBatchPyspark\", BatchArgs.builder()\n .batchId(\"tf-test-batch_39249\")\n .location(\"us-central1\")\n .runtimeConfig(BatchRuntimeConfigArgs.builder()\n .properties(Map.ofEntries(\n Map.entry(\"spark.dynamicAllocation.enabled\", \"false\"),\n Map.entry(\"spark.executor.instances\", \"2\")\n ))\n .build())\n .environmentConfig(BatchEnvironmentConfigArgs.builder()\n .executionConfig(BatchEnvironmentConfigExecutionConfigArgs.builder()\n .subnetworkUri(\"default\")\n .build())\n .build())\n .pysparkBatch(BatchPysparkBatchArgs.builder()\n .mainPythonFileUri(\"https://storage.googleapis.com/terraform-batches/test_util.py\")\n .args(\"10\")\n .jarFileUris(\"file:///usr/lib/spark/examples/jars/spark-examples.jar\")\n .pythonFileUris(\"gs://dataproc-examples/pyspark/hello-world/hello-world.py\")\n .archiveUris( \n \"https://storage.googleapis.com/terraform-batches/animals.txt.tar.gz#unpacked\",\n \"https://storage.googleapis.com/terraform-batches/animals.txt.jar\",\n \"https://storage.googleapis.com/terraform-batches/animals.txt\")\n .fileUris(\"https://storage.googleapis.com/terraform-batches/people.txt\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleBatchPyspark:\n type: gcp:dataproc:Batch\n name: example_batch_pyspark\n properties:\n batchId: tf-test-batch_39249\n location: us-central1\n runtimeConfig:\n properties:\n spark.dynamicAllocation.enabled: 'false'\n spark.executor.instances: '2'\n environmentConfig:\n executionConfig:\n subnetworkUri: default\n pysparkBatch:\n mainPythonFileUri: https://storage.googleapis.com/terraform-batches/test_util.py\n args:\n - '10'\n jarFileUris:\n - file:///usr/lib/spark/examples/jars/spark-examples.jar\n pythonFileUris:\n - gs://dataproc-examples/pyspark/hello-world/hello-world.py\n archiveUris:\n - https://storage.googleapis.com/terraform-batches/animals.txt.tar.gz#unpacked\n - https://storage.googleapis.com/terraform-batches/animals.txt.jar\n - https://storage.googleapis.com/terraform-batches/animals.txt\n fileUris:\n - https://storage.googleapis.com/terraform-batches/people.txt\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dataproc Batch Sparkr\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst exampleBatchSparkr = new gcp.dataproc.Batch(\"example_batch_sparkr\", {\n batchId: \"tf-test-batch_74391\",\n location: \"us-central1\",\n labels: {\n batch_test: \"terraform\",\n },\n runtimeConfig: {\n properties: {\n \"spark.dynamicAllocation.enabled\": \"false\",\n \"spark.executor.instances\": \"2\",\n },\n },\n environmentConfig: {\n executionConfig: {\n subnetworkUri: \"default\",\n ttl: \"3600s\",\n networkTags: [\"tag1\"],\n },\n },\n sparkRBatch: {\n mainRFileUri: \"https://storage.googleapis.com/terraform-batches/spark-r-flights.r\",\n args: [\"https://storage.googleapis.com/terraform-batches/flights.csv\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample_batch_sparkr = gcp.dataproc.Batch(\"example_batch_sparkr\",\n batch_id=\"tf-test-batch_74391\",\n location=\"us-central1\",\n labels={\n \"batch_test\": \"terraform\",\n },\n runtime_config={\n \"properties\": {\n \"spark.dynamicAllocation.enabled\": \"false\",\n \"spark.executor.instances\": \"2\",\n },\n },\n environment_config={\n \"execution_config\": {\n \"subnetwork_uri\": \"default\",\n \"ttl\": \"3600s\",\n \"network_tags\": [\"tag1\"],\n },\n },\n spark_r_batch={\n \"main_r_file_uri\": \"https://storage.googleapis.com/terraform-batches/spark-r-flights.r\",\n \"args\": [\"https://storage.googleapis.com/terraform-batches/flights.csv\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleBatchSparkr = new Gcp.Dataproc.Batch(\"example_batch_sparkr\", new()\n {\n BatchId = \"tf-test-batch_74391\",\n Location = \"us-central1\",\n Labels = \n {\n { \"batch_test\", \"terraform\" },\n },\n RuntimeConfig = new Gcp.Dataproc.Inputs.BatchRuntimeConfigArgs\n {\n Properties = \n {\n { \"spark.dynamicAllocation.enabled\", \"false\" },\n { \"spark.executor.instances\", \"2\" },\n },\n },\n EnvironmentConfig = new Gcp.Dataproc.Inputs.BatchEnvironmentConfigArgs\n {\n ExecutionConfig = new Gcp.Dataproc.Inputs.BatchEnvironmentConfigExecutionConfigArgs\n {\n SubnetworkUri = \"default\",\n Ttl = \"3600s\",\n NetworkTags = new[]\n {\n \"tag1\",\n },\n },\n },\n SparkRBatch = new Gcp.Dataproc.Inputs.BatchSparkRBatchArgs\n {\n MainRFileUri = \"https://storage.googleapis.com/terraform-batches/spark-r-flights.r\",\n Args = new[]\n {\n \"https://storage.googleapis.com/terraform-batches/flights.csv\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewBatch(ctx, \"example_batch_sparkr\", \u0026dataproc.BatchArgs{\n\t\t\tBatchId: pulumi.String(\"tf-test-batch_74391\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"batch_test\": pulumi.String(\"terraform\"),\n\t\t\t},\n\t\t\tRuntimeConfig: \u0026dataproc.BatchRuntimeConfigArgs{\n\t\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\t\"spark.dynamicAllocation.enabled\": pulumi.String(\"false\"),\n\t\t\t\t\t\"spark.executor.instances\": pulumi.String(\"2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEnvironmentConfig: \u0026dataproc.BatchEnvironmentConfigArgs{\n\t\t\t\tExecutionConfig: \u0026dataproc.BatchEnvironmentConfigExecutionConfigArgs{\n\t\t\t\t\tSubnetworkUri: pulumi.String(\"default\"),\n\t\t\t\t\tTtl: pulumi.String(\"3600s\"),\n\t\t\t\t\tNetworkTags: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"tag1\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tSparkRBatch: \u0026dataproc.BatchSparkRBatchArgs{\n\t\t\t\tMainRFileUri: pulumi.String(\"https://storage.googleapis.com/terraform-batches/spark-r-flights.r\"),\n\t\t\t\tArgs: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"https://storage.googleapis.com/terraform-batches/flights.csv\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.Batch;\nimport com.pulumi.gcp.dataproc.BatchArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchRuntimeConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchEnvironmentConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchEnvironmentConfigExecutionConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchSparkRBatchArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleBatchSparkr = new Batch(\"exampleBatchSparkr\", BatchArgs.builder()\n .batchId(\"tf-test-batch_74391\")\n .location(\"us-central1\")\n .labels(Map.of(\"batch_test\", \"terraform\"))\n .runtimeConfig(BatchRuntimeConfigArgs.builder()\n .properties(Map.ofEntries(\n Map.entry(\"spark.dynamicAllocation.enabled\", \"false\"),\n Map.entry(\"spark.executor.instances\", \"2\")\n ))\n .build())\n .environmentConfig(BatchEnvironmentConfigArgs.builder()\n .executionConfig(BatchEnvironmentConfigExecutionConfigArgs.builder()\n .subnetworkUri(\"default\")\n .ttl(\"3600s\")\n .networkTags(\"tag1\")\n .build())\n .build())\n .sparkRBatch(BatchSparkRBatchArgs.builder()\n .mainRFileUri(\"https://storage.googleapis.com/terraform-batches/spark-r-flights.r\")\n .args(\"https://storage.googleapis.com/terraform-batches/flights.csv\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleBatchSparkr:\n type: gcp:dataproc:Batch\n name: example_batch_sparkr\n properties:\n batchId: tf-test-batch_74391\n location: us-central1\n labels:\n batch_test: terraform\n runtimeConfig:\n properties:\n spark.dynamicAllocation.enabled: 'false'\n spark.executor.instances: '2'\n environmentConfig:\n executionConfig:\n subnetworkUri: default\n ttl: 3600s\n networkTags:\n - tag1\n sparkRBatch:\n mainRFileUri: https://storage.googleapis.com/terraform-batches/spark-r-flights.r\n args:\n - https://storage.googleapis.com/terraform-batches/flights.csv\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nBatch can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/batches/{{batch_id}}`\n\n* `{{project}}/{{location}}/{{batch_id}}`\n\n* `{{location}}/{{batch_id}}`\n\nWhen using the `pulumi import` command, Batch can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:dataproc/batch:Batch default projects/{{project}}/locations/{{location}}/batches/{{batch_id}}\n```\n\n```sh\n$ pulumi import gcp:dataproc/batch:Batch default {{project}}/{{location}}/{{batch_id}}\n```\n\n```sh\n$ pulumi import gcp:dataproc/batch:Batch default {{location}}/{{batch_id}}\n```\n\n", + "description": "Dataproc Serverless Batches lets you run Spark workloads without requiring you to\nprovision and manage your own Dataproc cluster.\n\n\nTo get more information about Batch, see:\n\n* [API documentation](https://cloud.google.com/dataproc-serverless/docs/reference/rest/v1/projects.locations.batches)\n* How-to Guides\n * [Dataproc Serverless Batches Intro](https://cloud.google.com/dataproc-serverless/docs/overview)\n\n## Example Usage\n\n### Dataproc Batch Spark\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst exampleBatchSpark = new gcp.dataproc.Batch(\"example_batch_spark\", {\n batchId: \"tf-test-batch_75125\",\n location: \"us-central1\",\n labels: {\n batch_test: \"terraform\",\n },\n runtimeConfig: {\n properties: {\n \"spark.dynamicAllocation.enabled\": \"false\",\n \"spark.executor.instances\": \"2\",\n },\n },\n environmentConfig: {\n executionConfig: {\n subnetworkUri: \"default\",\n ttl: \"3600s\",\n networkTags: [\"tag1\"],\n },\n },\n sparkBatch: {\n mainClass: \"org.apache.spark.examples.SparkPi\",\n args: [\"10\"],\n jarFileUris: [\"file:///usr/lib/spark/examples/jars/spark-examples.jar\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample_batch_spark = gcp.dataproc.Batch(\"example_batch_spark\",\n batch_id=\"tf-test-batch_75125\",\n location=\"us-central1\",\n labels={\n \"batch_test\": \"terraform\",\n },\n runtime_config={\n \"properties\": {\n \"spark.dynamicAllocation.enabled\": \"false\",\n \"spark.executor.instances\": \"2\",\n },\n },\n environment_config={\n \"execution_config\": {\n \"subnetwork_uri\": \"default\",\n \"ttl\": \"3600s\",\n \"network_tags\": [\"tag1\"],\n },\n },\n spark_batch={\n \"main_class\": \"org.apache.spark.examples.SparkPi\",\n \"args\": [\"10\"],\n \"jar_file_uris\": [\"file:///usr/lib/spark/examples/jars/spark-examples.jar\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleBatchSpark = new Gcp.Dataproc.Batch(\"example_batch_spark\", new()\n {\n BatchId = \"tf-test-batch_75125\",\n Location = \"us-central1\",\n Labels = \n {\n { \"batch_test\", \"terraform\" },\n },\n RuntimeConfig = new Gcp.Dataproc.Inputs.BatchRuntimeConfigArgs\n {\n Properties = \n {\n { \"spark.dynamicAllocation.enabled\", \"false\" },\n { \"spark.executor.instances\", \"2\" },\n },\n },\n EnvironmentConfig = new Gcp.Dataproc.Inputs.BatchEnvironmentConfigArgs\n {\n ExecutionConfig = new Gcp.Dataproc.Inputs.BatchEnvironmentConfigExecutionConfigArgs\n {\n SubnetworkUri = \"default\",\n Ttl = \"3600s\",\n NetworkTags = new[]\n {\n \"tag1\",\n },\n },\n },\n SparkBatch = new Gcp.Dataproc.Inputs.BatchSparkBatchArgs\n {\n MainClass = \"org.apache.spark.examples.SparkPi\",\n Args = new[]\n {\n \"10\",\n },\n JarFileUris = new[]\n {\n \"file:///usr/lib/spark/examples/jars/spark-examples.jar\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewBatch(ctx, \"example_batch_spark\", \u0026dataproc.BatchArgs{\n\t\t\tBatchId: pulumi.String(\"tf-test-batch_75125\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"batch_test\": pulumi.String(\"terraform\"),\n\t\t\t},\n\t\t\tRuntimeConfig: \u0026dataproc.BatchRuntimeConfigArgs{\n\t\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\t\"spark.dynamicAllocation.enabled\": pulumi.String(\"false\"),\n\t\t\t\t\t\"spark.executor.instances\": pulumi.String(\"2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEnvironmentConfig: \u0026dataproc.BatchEnvironmentConfigArgs{\n\t\t\t\tExecutionConfig: \u0026dataproc.BatchEnvironmentConfigExecutionConfigArgs{\n\t\t\t\t\tSubnetworkUri: pulumi.String(\"default\"),\n\t\t\t\t\tTtl: pulumi.String(\"3600s\"),\n\t\t\t\t\tNetworkTags: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"tag1\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tSparkBatch: \u0026dataproc.BatchSparkBatchArgs{\n\t\t\t\tMainClass: pulumi.String(\"org.apache.spark.examples.SparkPi\"),\n\t\t\t\tArgs: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10\"),\n\t\t\t\t},\n\t\t\t\tJarFileUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"file:///usr/lib/spark/examples/jars/spark-examples.jar\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.Batch;\nimport com.pulumi.gcp.dataproc.BatchArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchRuntimeConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchEnvironmentConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchEnvironmentConfigExecutionConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchSparkBatchArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleBatchSpark = new Batch(\"exampleBatchSpark\", BatchArgs.builder()\n .batchId(\"tf-test-batch_75125\")\n .location(\"us-central1\")\n .labels(Map.of(\"batch_test\", \"terraform\"))\n .runtimeConfig(BatchRuntimeConfigArgs.builder()\n .properties(Map.ofEntries(\n Map.entry(\"spark.dynamicAllocation.enabled\", \"false\"),\n Map.entry(\"spark.executor.instances\", \"2\")\n ))\n .build())\n .environmentConfig(BatchEnvironmentConfigArgs.builder()\n .executionConfig(BatchEnvironmentConfigExecutionConfigArgs.builder()\n .subnetworkUri(\"default\")\n .ttl(\"3600s\")\n .networkTags(\"tag1\")\n .build())\n .build())\n .sparkBatch(BatchSparkBatchArgs.builder()\n .mainClass(\"org.apache.spark.examples.SparkPi\")\n .args(\"10\")\n .jarFileUris(\"file:///usr/lib/spark/examples/jars/spark-examples.jar\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleBatchSpark:\n type: gcp:dataproc:Batch\n name: example_batch_spark\n properties:\n batchId: tf-test-batch_75125\n location: us-central1\n labels:\n batch_test: terraform\n runtimeConfig:\n properties:\n spark.dynamicAllocation.enabled: 'false'\n spark.executor.instances: '2'\n environmentConfig:\n executionConfig:\n subnetworkUri: default\n ttl: 3600s\n networkTags:\n - tag1\n sparkBatch:\n mainClass: org.apache.spark.examples.SparkPi\n args:\n - '10'\n jarFileUris:\n - file:///usr/lib/spark/examples/jars/spark-examples.jar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dataproc Batch Spark Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst gcsAccount = gcp.storage.getProjectServiceAccount({});\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n uniformBucketLevelAccess: true,\n name: \"dataproc-bucket\",\n location: \"US\",\n forceDestroy: true,\n});\nconst keyRing = new gcp.kms.KeyRing(\"key_ring\", {\n name: \"example-keyring\",\n location: \"us-central1\",\n});\nconst cryptoKey = new gcp.kms.CryptoKey(\"crypto_key\", {\n name: \"example-key\",\n keyRing: keyRing.id,\n purpose: \"ENCRYPT_DECRYPT\",\n});\nconst cryptoKeyMember1 = new gcp.kms.CryptoKeyIAMMember(\"crypto_key_member_1\", {\n cryptoKeyId: cryptoKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@dataproc-accounts.iam.gserviceaccount.com`),\n});\nconst ms = new gcp.dataproc.MetastoreService(\"ms\", {\n serviceId: \"dataproc-batch\",\n location: \"us-central1\",\n port: 9080,\n tier: \"DEVELOPER\",\n maintenanceWindow: {\n hourOfDay: 2,\n dayOfWeek: \"SUNDAY\",\n },\n hiveMetastoreConfig: {\n version: \"3.1.2\",\n },\n});\nconst basic = new gcp.dataproc.Cluster(\"basic\", {\n name: \"dataproc-batch\",\n region: \"us-central1\",\n clusterConfig: {\n softwareConfig: {\n overrideProperties: {\n \"dataproc:dataproc.allow.zero.workers\": \"true\",\n \"spark:spark.history.fs.logDirectory\": pulumi.interpolate`gs://${bucket.name}/*/spark-job-history`,\n },\n },\n endpointConfig: {\n enableHttpPortAccess: true,\n },\n masterConfig: {\n numInstances: 1,\n machineType: \"e2-standard-2\",\n diskConfig: {\n bootDiskSizeGb: 35,\n },\n },\n metastoreConfig: {\n dataprocMetastoreService: ms.name,\n },\n },\n});\nconst exampleBatchSpark = new gcp.dataproc.Batch(\"example_batch_spark\", {\n batchId: \"dataproc-batch\",\n location: \"us-central1\",\n labels: {\n batch_test: \"terraform\",\n },\n runtimeConfig: {\n properties: {\n \"spark.dynamicAllocation.enabled\": \"false\",\n \"spark.executor.instances\": \"2\",\n },\n version: \"2.2\",\n },\n environmentConfig: {\n executionConfig: {\n ttl: \"3600s\",\n networkTags: [\"tag1\"],\n kmsKey: cryptoKey.id,\n networkUri: \"default\",\n serviceAccount: project.then(project =\u003e `${project.number}-compute@developer.gserviceaccount.com`),\n stagingBucket: bucket.name,\n },\n peripheralsConfig: {\n metastoreService: ms.name,\n sparkHistoryServerConfig: {\n dataprocCluster: basic.id,\n },\n },\n },\n sparkBatch: {\n mainClass: \"org.apache.spark.examples.SparkPi\",\n args: [\"10\"],\n jarFileUris: [\"file:///usr/lib/spark/examples/jars/spark-examples.jar\"],\n },\n}, {\n dependsOn: [cryptoKeyMember1],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ngcs_account = gcp.storage.get_project_service_account()\nbucket = gcp.storage.Bucket(\"bucket\",\n uniform_bucket_level_access=True,\n name=\"dataproc-bucket\",\n location=\"US\",\n force_destroy=True)\nkey_ring = gcp.kms.KeyRing(\"key_ring\",\n name=\"example-keyring\",\n location=\"us-central1\")\ncrypto_key = gcp.kms.CryptoKey(\"crypto_key\",\n name=\"example-key\",\n key_ring=key_ring.id,\n purpose=\"ENCRYPT_DECRYPT\")\ncrypto_key_member1 = gcp.kms.CryptoKeyIAMMember(\"crypto_key_member_1\",\n crypto_key_id=crypto_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:service-{project.number}@dataproc-accounts.iam.gserviceaccount.com\")\nms = gcp.dataproc.MetastoreService(\"ms\",\n service_id=\"dataproc-batch\",\n location=\"us-central1\",\n port=9080,\n tier=\"DEVELOPER\",\n maintenance_window={\n \"hour_of_day\": 2,\n \"day_of_week\": \"SUNDAY\",\n },\n hive_metastore_config={\n \"version\": \"3.1.2\",\n })\nbasic = gcp.dataproc.Cluster(\"basic\",\n name=\"dataproc-batch\",\n region=\"us-central1\",\n cluster_config={\n \"software_config\": {\n \"override_properties\": {\n \"dataproc:dataproc.allow.zero.workers\": \"true\",\n \"spark:spark.history.fs.logDirectory\": bucket.name.apply(lambda name: f\"gs://{name}/*/spark-job-history\"),\n },\n },\n \"endpoint_config\": {\n \"enable_http_port_access\": True,\n },\n \"master_config\": {\n \"num_instances\": 1,\n \"machine_type\": \"e2-standard-2\",\n \"disk_config\": {\n \"boot_disk_size_gb\": 35,\n },\n },\n \"metastore_config\": {\n \"dataproc_metastore_service\": ms.name,\n },\n })\nexample_batch_spark = gcp.dataproc.Batch(\"example_batch_spark\",\n batch_id=\"dataproc-batch\",\n location=\"us-central1\",\n labels={\n \"batch_test\": \"terraform\",\n },\n runtime_config={\n \"properties\": {\n \"spark.dynamicAllocation.enabled\": \"false\",\n \"spark.executor.instances\": \"2\",\n },\n \"version\": \"2.2\",\n },\n environment_config={\n \"execution_config\": {\n \"ttl\": \"3600s\",\n \"network_tags\": [\"tag1\"],\n \"kms_key\": crypto_key.id,\n \"network_uri\": \"default\",\n \"service_account\": f\"{project.number}-compute@developer.gserviceaccount.com\",\n \"staging_bucket\": bucket.name,\n },\n \"peripherals_config\": {\n \"metastore_service\": ms.name,\n \"spark_history_server_config\": {\n \"dataproc_cluster\": basic.id,\n },\n },\n },\n spark_batch={\n \"main_class\": \"org.apache.spark.examples.SparkPi\",\n \"args\": [\"10\"],\n \"jar_file_uris\": [\"file:///usr/lib/spark/examples/jars/spark-examples.jar\"],\n },\n opts = pulumi.ResourceOptions(depends_on=[crypto_key_member1]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var gcsAccount = Gcp.Storage.GetProjectServiceAccount.Invoke();\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n UniformBucketLevelAccess = true,\n Name = \"dataproc-bucket\",\n Location = \"US\",\n ForceDestroy = true,\n });\n\n var keyRing = new Gcp.Kms.KeyRing(\"key_ring\", new()\n {\n Name = \"example-keyring\",\n Location = \"us-central1\",\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKey(\"crypto_key\", new()\n {\n Name = \"example-key\",\n KeyRing = keyRing.Id,\n Purpose = \"ENCRYPT_DECRYPT\",\n });\n\n var cryptoKeyMember1 = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key_member_1\", new()\n {\n CryptoKeyId = cryptoKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@dataproc-accounts.iam.gserviceaccount.com\",\n });\n\n var ms = new Gcp.Dataproc.MetastoreService(\"ms\", new()\n {\n ServiceId = \"dataproc-batch\",\n Location = \"us-central1\",\n Port = 9080,\n Tier = \"DEVELOPER\",\n MaintenanceWindow = new Gcp.Dataproc.Inputs.MetastoreServiceMaintenanceWindowArgs\n {\n HourOfDay = 2,\n DayOfWeek = \"SUNDAY\",\n },\n HiveMetastoreConfig = new Gcp.Dataproc.Inputs.MetastoreServiceHiveMetastoreConfigArgs\n {\n Version = \"3.1.2\",\n },\n });\n\n var basic = new Gcp.Dataproc.Cluster(\"basic\", new()\n {\n Name = \"dataproc-batch\",\n Region = \"us-central1\",\n ClusterConfig = new Gcp.Dataproc.Inputs.ClusterClusterConfigArgs\n {\n SoftwareConfig = new Gcp.Dataproc.Inputs.ClusterClusterConfigSoftwareConfigArgs\n {\n OverrideProperties = \n {\n { \"dataproc:dataproc.allow.zero.workers\", \"true\" },\n { \"spark:spark.history.fs.logDirectory\", bucket.Name.Apply(name =\u003e $\"gs://{name}/*/spark-job-history\") },\n },\n },\n EndpointConfig = new Gcp.Dataproc.Inputs.ClusterClusterConfigEndpointConfigArgs\n {\n EnableHttpPortAccess = true,\n },\n MasterConfig = new Gcp.Dataproc.Inputs.ClusterClusterConfigMasterConfigArgs\n {\n NumInstances = 1,\n MachineType = \"e2-standard-2\",\n DiskConfig = new Gcp.Dataproc.Inputs.ClusterClusterConfigMasterConfigDiskConfigArgs\n {\n BootDiskSizeGb = 35,\n },\n },\n MetastoreConfig = new Gcp.Dataproc.Inputs.ClusterClusterConfigMetastoreConfigArgs\n {\n DataprocMetastoreService = ms.Name,\n },\n },\n });\n\n var exampleBatchSpark = new Gcp.Dataproc.Batch(\"example_batch_spark\", new()\n {\n BatchId = \"dataproc-batch\",\n Location = \"us-central1\",\n Labels = \n {\n { \"batch_test\", \"terraform\" },\n },\n RuntimeConfig = new Gcp.Dataproc.Inputs.BatchRuntimeConfigArgs\n {\n Properties = \n {\n { \"spark.dynamicAllocation.enabled\", \"false\" },\n { \"spark.executor.instances\", \"2\" },\n },\n Version = \"2.2\",\n },\n EnvironmentConfig = new Gcp.Dataproc.Inputs.BatchEnvironmentConfigArgs\n {\n ExecutionConfig = new Gcp.Dataproc.Inputs.BatchEnvironmentConfigExecutionConfigArgs\n {\n Ttl = \"3600s\",\n NetworkTags = new[]\n {\n \"tag1\",\n },\n KmsKey = cryptoKey.Id,\n NetworkUri = \"default\",\n ServiceAccount = $\"{project.Apply(getProjectResult =\u003e getProjectResult.Number)}-compute@developer.gserviceaccount.com\",\n StagingBucket = bucket.Name,\n },\n PeripheralsConfig = new Gcp.Dataproc.Inputs.BatchEnvironmentConfigPeripheralsConfigArgs\n {\n MetastoreService = ms.Name,\n SparkHistoryServerConfig = new Gcp.Dataproc.Inputs.BatchEnvironmentConfigPeripheralsConfigSparkHistoryServerConfigArgs\n {\n DataprocCluster = basic.Id,\n },\n },\n },\n SparkBatch = new Gcp.Dataproc.Inputs.BatchSparkBatchArgs\n {\n MainClass = \"org.apache.spark.examples.SparkPi\",\n Args = new[]\n {\n \"10\",\n },\n JarFileUris = new[]\n {\n \"file:///usr/lib/spark/examples/jars/spark-examples.jar\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n cryptoKeyMember1,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.GetProjectServiceAccount(ctx, \u0026storage.GetProjectServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t\tName: pulumi.String(\"dataproc-bucket\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkeyRing, err := kms.NewKeyRing(ctx, \"key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"example-keyring\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKey(ctx, \"crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"example-key\"),\n\t\t\tKeyRing: keyRing.ID(),\n\t\t\tPurpose: pulumi.String(\"ENCRYPT_DECRYPT\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKeyMember1, err := kms.NewCryptoKeyIAMMember(ctx, \"crypto_key_member_1\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: cryptoKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@dataproc-accounts.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tms, err := dataproc.NewMetastoreService(ctx, \"ms\", \u0026dataproc.MetastoreServiceArgs{\n\t\t\tServiceId: pulumi.String(\"dataproc-batch\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPort: pulumi.Int(9080),\n\t\t\tTier: pulumi.String(\"DEVELOPER\"),\n\t\t\tMaintenanceWindow: \u0026dataproc.MetastoreServiceMaintenanceWindowArgs{\n\t\t\t\tHourOfDay: pulumi.Int(2),\n\t\t\t\tDayOfWeek: pulumi.String(\"SUNDAY\"),\n\t\t\t},\n\t\t\tHiveMetastoreConfig: \u0026dataproc.MetastoreServiceHiveMetastoreConfigArgs{\n\t\t\t\tVersion: pulumi.String(\"3.1.2\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasic, err := dataproc.NewCluster(ctx, \"basic\", \u0026dataproc.ClusterArgs{\n\t\t\tName: pulumi.String(\"dataproc-batch\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tClusterConfig: \u0026dataproc.ClusterClusterConfigArgs{\n\t\t\t\tSoftwareConfig: \u0026dataproc.ClusterClusterConfigSoftwareConfigArgs{\n\t\t\t\t\tOverrideProperties: pulumi.StringMap{\n\t\t\t\t\t\t\"dataproc:dataproc.allow.zero.workers\": pulumi.String(\"true\"),\n\t\t\t\t\t\t\"spark:spark.history.fs.logDirectory\": bucket.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/*/spark-job-history\", name), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tEndpointConfig: \u0026dataproc.ClusterClusterConfigEndpointConfigArgs{\n\t\t\t\t\tEnableHttpPortAccess: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tMasterConfig: \u0026dataproc.ClusterClusterConfigMasterConfigArgs{\n\t\t\t\t\tNumInstances: pulumi.Int(1),\n\t\t\t\t\tMachineType: pulumi.String(\"e2-standard-2\"),\n\t\t\t\t\tDiskConfig: \u0026dataproc.ClusterClusterConfigMasterConfigDiskConfigArgs{\n\t\t\t\t\t\tBootDiskSizeGb: pulumi.Int(35),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tMetastoreConfig: \u0026dataproc.ClusterClusterConfigMetastoreConfigArgs{\n\t\t\t\t\tDataprocMetastoreService: ms.Name,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewBatch(ctx, \"example_batch_spark\", \u0026dataproc.BatchArgs{\n\t\t\tBatchId: pulumi.String(\"dataproc-batch\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"batch_test\": pulumi.String(\"terraform\"),\n\t\t\t},\n\t\t\tRuntimeConfig: \u0026dataproc.BatchRuntimeConfigArgs{\n\t\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\t\"spark.dynamicAllocation.enabled\": pulumi.String(\"false\"),\n\t\t\t\t\t\"spark.executor.instances\": pulumi.String(\"2\"),\n\t\t\t\t},\n\t\t\t\tVersion: pulumi.String(\"2.2\"),\n\t\t\t},\n\t\t\tEnvironmentConfig: \u0026dataproc.BatchEnvironmentConfigArgs{\n\t\t\t\tExecutionConfig: \u0026dataproc.BatchEnvironmentConfigExecutionConfigArgs{\n\t\t\t\t\tTtl: pulumi.String(\"3600s\"),\n\t\t\t\t\tNetworkTags: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"tag1\"),\n\t\t\t\t\t},\n\t\t\t\t\tKmsKey: cryptoKey.ID(),\n\t\t\t\t\tNetworkUri: pulumi.String(\"default\"),\n\t\t\t\t\tServiceAccount: pulumi.Sprintf(\"%v-compute@developer.gserviceaccount.com\", project.Number),\n\t\t\t\t\tStagingBucket: bucket.Name,\n\t\t\t\t},\n\t\t\t\tPeripheralsConfig: \u0026dataproc.BatchEnvironmentConfigPeripheralsConfigArgs{\n\t\t\t\t\tMetastoreService: ms.Name,\n\t\t\t\t\tSparkHistoryServerConfig: \u0026dataproc.BatchEnvironmentConfigPeripheralsConfigSparkHistoryServerConfigArgs{\n\t\t\t\t\t\tDataprocCluster: basic.ID(),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tSparkBatch: \u0026dataproc.BatchSparkBatchArgs{\n\t\t\t\tMainClass: pulumi.String(\"org.apache.spark.examples.SparkPi\"),\n\t\t\t\tArgs: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10\"),\n\t\t\t\t},\n\t\t\t\tJarFileUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"file:///usr/lib/spark/examples/jars/spark-examples.jar\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcryptoKeyMember1,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.storage.StorageFunctions;\nimport com.pulumi.gcp.storage.inputs.GetProjectServiceAccountArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.dataproc.MetastoreService;\nimport com.pulumi.gcp.dataproc.MetastoreServiceArgs;\nimport com.pulumi.gcp.dataproc.inputs.MetastoreServiceMaintenanceWindowArgs;\nimport com.pulumi.gcp.dataproc.inputs.MetastoreServiceHiveMetastoreConfigArgs;\nimport com.pulumi.gcp.dataproc.Cluster;\nimport com.pulumi.gcp.dataproc.ClusterArgs;\nimport com.pulumi.gcp.dataproc.inputs.ClusterClusterConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.ClusterClusterConfigSoftwareConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.ClusterClusterConfigEndpointConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.ClusterClusterConfigMasterConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.ClusterClusterConfigMasterConfigDiskConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.ClusterClusterConfigMetastoreConfigArgs;\nimport com.pulumi.gcp.dataproc.Batch;\nimport com.pulumi.gcp.dataproc.BatchArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchRuntimeConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchEnvironmentConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchEnvironmentConfigExecutionConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchEnvironmentConfigPeripheralsConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchEnvironmentConfigPeripheralsConfigSparkHistoryServerConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchSparkBatchArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n final var gcsAccount = StorageFunctions.getProjectServiceAccount();\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .uniformBucketLevelAccess(true)\n .name(\"dataproc-bucket\")\n .location(\"US\")\n .forceDestroy(true)\n .build());\n\n var keyRing = new KeyRing(\"keyRing\", KeyRingArgs.builder()\n .name(\"example-keyring\")\n .location(\"us-central1\")\n .build());\n\n var cryptoKey = new CryptoKey(\"cryptoKey\", CryptoKeyArgs.builder()\n .name(\"example-key\")\n .keyRing(keyRing.id())\n .purpose(\"ENCRYPT_DECRYPT\")\n .build());\n\n var cryptoKeyMember1 = new CryptoKeyIAMMember(\"cryptoKeyMember1\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(cryptoKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:service-%s@dataproc-accounts.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var ms = new MetastoreService(\"ms\", MetastoreServiceArgs.builder()\n .serviceId(\"dataproc-batch\")\n .location(\"us-central1\")\n .port(9080)\n .tier(\"DEVELOPER\")\n .maintenanceWindow(MetastoreServiceMaintenanceWindowArgs.builder()\n .hourOfDay(2)\n .dayOfWeek(\"SUNDAY\")\n .build())\n .hiveMetastoreConfig(MetastoreServiceHiveMetastoreConfigArgs.builder()\n .version(\"3.1.2\")\n .build())\n .build());\n\n var basic = new Cluster(\"basic\", ClusterArgs.builder()\n .name(\"dataproc-batch\")\n .region(\"us-central1\")\n .clusterConfig(ClusterClusterConfigArgs.builder()\n .softwareConfig(ClusterClusterConfigSoftwareConfigArgs.builder()\n .overrideProperties(Map.ofEntries(\n Map.entry(\"dataproc:dataproc.allow.zero.workers\", \"true\"),\n Map.entry(\"spark:spark.history.fs.logDirectory\", bucket.name().applyValue(name -\u003e String.format(\"gs://%s/*/spark-job-history\", name)))\n ))\n .build())\n .endpointConfig(ClusterClusterConfigEndpointConfigArgs.builder()\n .enableHttpPortAccess(true)\n .build())\n .masterConfig(ClusterClusterConfigMasterConfigArgs.builder()\n .numInstances(1)\n .machineType(\"e2-standard-2\")\n .diskConfig(ClusterClusterConfigMasterConfigDiskConfigArgs.builder()\n .bootDiskSizeGb(35)\n .build())\n .build())\n .metastoreConfig(ClusterClusterConfigMetastoreConfigArgs.builder()\n .dataprocMetastoreService(ms.name())\n .build())\n .build())\n .build());\n\n var exampleBatchSpark = new Batch(\"exampleBatchSpark\", BatchArgs.builder()\n .batchId(\"dataproc-batch\")\n .location(\"us-central1\")\n .labels(Map.of(\"batch_test\", \"terraform\"))\n .runtimeConfig(BatchRuntimeConfigArgs.builder()\n .properties(Map.ofEntries(\n Map.entry(\"spark.dynamicAllocation.enabled\", \"false\"),\n Map.entry(\"spark.executor.instances\", \"2\")\n ))\n .version(\"2.2\")\n .build())\n .environmentConfig(BatchEnvironmentConfigArgs.builder()\n .executionConfig(BatchEnvironmentConfigExecutionConfigArgs.builder()\n .ttl(\"3600s\")\n .networkTags(\"tag1\")\n .kmsKey(cryptoKey.id())\n .networkUri(\"default\")\n .serviceAccount(String.format(\"%s-compute@developer.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .stagingBucket(bucket.name())\n .build())\n .peripheralsConfig(BatchEnvironmentConfigPeripheralsConfigArgs.builder()\n .metastoreService(ms.name())\n .sparkHistoryServerConfig(BatchEnvironmentConfigPeripheralsConfigSparkHistoryServerConfigArgs.builder()\n .dataprocCluster(basic.id())\n .build())\n .build())\n .build())\n .sparkBatch(BatchSparkBatchArgs.builder()\n .mainClass(\"org.apache.spark.examples.SparkPi\")\n .args(\"10\")\n .jarFileUris(\"file:///usr/lib/spark/examples/jars/spark-examples.jar\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(cryptoKeyMember1)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleBatchSpark:\n type: gcp:dataproc:Batch\n name: example_batch_spark\n properties:\n batchId: dataproc-batch\n location: us-central1\n labels:\n batch_test: terraform\n runtimeConfig:\n properties:\n spark.dynamicAllocation.enabled: 'false'\n spark.executor.instances: '2'\n version: '2.2'\n environmentConfig:\n executionConfig:\n ttl: 3600s\n networkTags:\n - tag1\n kmsKey: ${cryptoKey.id}\n networkUri: default\n serviceAccount: ${project.number}-compute@developer.gserviceaccount.com\n stagingBucket: ${bucket.name}\n peripheralsConfig:\n metastoreService: ${ms.name}\n sparkHistoryServerConfig:\n dataprocCluster: ${basic.id}\n sparkBatch:\n mainClass: org.apache.spark.examples.SparkPi\n args:\n - '10'\n jarFileUris:\n - file:///usr/lib/spark/examples/jars/spark-examples.jar\n options:\n dependsOn:\n - ${cryptoKeyMember1}\n bucket:\n type: gcp:storage:Bucket\n properties:\n uniformBucketLevelAccess: true\n name: dataproc-bucket\n location: US\n forceDestroy: true\n cryptoKey:\n type: gcp:kms:CryptoKey\n name: crypto_key\n properties:\n name: example-key\n keyRing: ${keyRing.id}\n purpose: ENCRYPT_DECRYPT\n keyRing:\n type: gcp:kms:KeyRing\n name: key_ring\n properties:\n name: example-keyring\n location: us-central1\n cryptoKeyMember1:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key_member_1\n properties:\n cryptoKeyId: ${cryptoKey.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:service-${project.number}@dataproc-accounts.iam.gserviceaccount.com\n basic:\n type: gcp:dataproc:Cluster\n properties:\n name: dataproc-batch\n region: us-central1\n clusterConfig:\n softwareConfig:\n overrideProperties:\n dataproc:dataproc.allow.zero.workers: 'true'\n spark:spark.history.fs.logDirectory: gs://${bucket.name}/*/spark-job-history\n endpointConfig:\n enableHttpPortAccess: true\n masterConfig:\n numInstances: 1\n machineType: e2-standard-2\n diskConfig:\n bootDiskSizeGb: 35\n metastoreConfig:\n dataprocMetastoreService: ${ms.name}\n ms:\n type: gcp:dataproc:MetastoreService\n properties:\n serviceId: dataproc-batch\n location: us-central1\n port: 9080\n tier: DEVELOPER\n maintenanceWindow:\n hourOfDay: 2\n dayOfWeek: SUNDAY\n hiveMetastoreConfig:\n version: 3.1.2\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n gcsAccount:\n fn::invoke:\n function: gcp:storage:getProjectServiceAccount\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dataproc Batch Sparksql\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst exampleBatchSparsql = new gcp.dataproc.Batch(\"example_batch_sparsql\", {\n batchId: \"tf-test-batch_88722\",\n location: \"us-central1\",\n runtimeConfig: {\n properties: {\n \"spark.dynamicAllocation.enabled\": \"false\",\n \"spark.executor.instances\": \"2\",\n },\n },\n environmentConfig: {\n executionConfig: {\n subnetworkUri: \"default\",\n },\n },\n sparkSqlBatch: {\n queryFileUri: \"gs://dataproc-examples/spark-sql/natality/cigarette_correlations.sql\",\n jarFileUris: [\"file:///usr/lib/spark/examples/jars/spark-examples.jar\"],\n queryVariables: {\n name: \"value\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample_batch_sparsql = gcp.dataproc.Batch(\"example_batch_sparsql\",\n batch_id=\"tf-test-batch_88722\",\n location=\"us-central1\",\n runtime_config={\n \"properties\": {\n \"spark.dynamicAllocation.enabled\": \"false\",\n \"spark.executor.instances\": \"2\",\n },\n },\n environment_config={\n \"execution_config\": {\n \"subnetwork_uri\": \"default\",\n },\n },\n spark_sql_batch={\n \"query_file_uri\": \"gs://dataproc-examples/spark-sql/natality/cigarette_correlations.sql\",\n \"jar_file_uris\": [\"file:///usr/lib/spark/examples/jars/spark-examples.jar\"],\n \"query_variables\": {\n \"name\": \"value\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleBatchSparsql = new Gcp.Dataproc.Batch(\"example_batch_sparsql\", new()\n {\n BatchId = \"tf-test-batch_88722\",\n Location = \"us-central1\",\n RuntimeConfig = new Gcp.Dataproc.Inputs.BatchRuntimeConfigArgs\n {\n Properties = \n {\n { \"spark.dynamicAllocation.enabled\", \"false\" },\n { \"spark.executor.instances\", \"2\" },\n },\n },\n EnvironmentConfig = new Gcp.Dataproc.Inputs.BatchEnvironmentConfigArgs\n {\n ExecutionConfig = new Gcp.Dataproc.Inputs.BatchEnvironmentConfigExecutionConfigArgs\n {\n SubnetworkUri = \"default\",\n },\n },\n SparkSqlBatch = new Gcp.Dataproc.Inputs.BatchSparkSqlBatchArgs\n {\n QueryFileUri = \"gs://dataproc-examples/spark-sql/natality/cigarette_correlations.sql\",\n JarFileUris = new[]\n {\n \"file:///usr/lib/spark/examples/jars/spark-examples.jar\",\n },\n QueryVariables = \n {\n { \"name\", \"value\" },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewBatch(ctx, \"example_batch_sparsql\", \u0026dataproc.BatchArgs{\n\t\t\tBatchId: pulumi.String(\"tf-test-batch_88722\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRuntimeConfig: \u0026dataproc.BatchRuntimeConfigArgs{\n\t\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\t\"spark.dynamicAllocation.enabled\": pulumi.String(\"false\"),\n\t\t\t\t\t\"spark.executor.instances\": pulumi.String(\"2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEnvironmentConfig: \u0026dataproc.BatchEnvironmentConfigArgs{\n\t\t\t\tExecutionConfig: \u0026dataproc.BatchEnvironmentConfigExecutionConfigArgs{\n\t\t\t\t\tSubnetworkUri: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tSparkSqlBatch: \u0026dataproc.BatchSparkSqlBatchArgs{\n\t\t\t\tQueryFileUri: pulumi.String(\"gs://dataproc-examples/spark-sql/natality/cigarette_correlations.sql\"),\n\t\t\t\tJarFileUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"file:///usr/lib/spark/examples/jars/spark-examples.jar\"),\n\t\t\t\t},\n\t\t\t\tQueryVariables: pulumi.StringMap{\n\t\t\t\t\t\"name\": pulumi.String(\"value\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.Batch;\nimport com.pulumi.gcp.dataproc.BatchArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchRuntimeConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchEnvironmentConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchEnvironmentConfigExecutionConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchSparkSqlBatchArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleBatchSparsql = new Batch(\"exampleBatchSparsql\", BatchArgs.builder()\n .batchId(\"tf-test-batch_88722\")\n .location(\"us-central1\")\n .runtimeConfig(BatchRuntimeConfigArgs.builder()\n .properties(Map.ofEntries(\n Map.entry(\"spark.dynamicAllocation.enabled\", \"false\"),\n Map.entry(\"spark.executor.instances\", \"2\")\n ))\n .build())\n .environmentConfig(BatchEnvironmentConfigArgs.builder()\n .executionConfig(BatchEnvironmentConfigExecutionConfigArgs.builder()\n .subnetworkUri(\"default\")\n .build())\n .build())\n .sparkSqlBatch(BatchSparkSqlBatchArgs.builder()\n .queryFileUri(\"gs://dataproc-examples/spark-sql/natality/cigarette_correlations.sql\")\n .jarFileUris(\"file:///usr/lib/spark/examples/jars/spark-examples.jar\")\n .queryVariables(Map.of(\"name\", \"value\"))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleBatchSparsql:\n type: gcp:dataproc:Batch\n name: example_batch_sparsql\n properties:\n batchId: tf-test-batch_88722\n location: us-central1\n runtimeConfig:\n properties:\n spark.dynamicAllocation.enabled: 'false'\n spark.executor.instances: '2'\n environmentConfig:\n executionConfig:\n subnetworkUri: default\n sparkSqlBatch:\n queryFileUri: gs://dataproc-examples/spark-sql/natality/cigarette_correlations.sql\n jarFileUris:\n - file:///usr/lib/spark/examples/jars/spark-examples.jar\n queryVariables:\n name: value\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dataproc Batch Pyspark\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst exampleBatchPyspark = new gcp.dataproc.Batch(\"example_batch_pyspark\", {\n batchId: \"tf-test-batch_39249\",\n location: \"us-central1\",\n runtimeConfig: {\n properties: {\n \"spark.dynamicAllocation.enabled\": \"false\",\n \"spark.executor.instances\": \"2\",\n },\n },\n environmentConfig: {\n executionConfig: {\n subnetworkUri: \"default\",\n },\n },\n pysparkBatch: {\n mainPythonFileUri: \"https://storage.googleapis.com/terraform-batches/test_util.py\",\n args: [\"10\"],\n jarFileUris: [\"file:///usr/lib/spark/examples/jars/spark-examples.jar\"],\n pythonFileUris: [\"gs://dataproc-examples/pyspark/hello-world/hello-world.py\"],\n archiveUris: [\n \"https://storage.googleapis.com/terraform-batches/animals.txt.tar.gz#unpacked\",\n \"https://storage.googleapis.com/terraform-batches/animals.txt.jar\",\n \"https://storage.googleapis.com/terraform-batches/animals.txt\",\n ],\n fileUris: [\"https://storage.googleapis.com/terraform-batches/people.txt\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample_batch_pyspark = gcp.dataproc.Batch(\"example_batch_pyspark\",\n batch_id=\"tf-test-batch_39249\",\n location=\"us-central1\",\n runtime_config={\n \"properties\": {\n \"spark.dynamicAllocation.enabled\": \"false\",\n \"spark.executor.instances\": \"2\",\n },\n },\n environment_config={\n \"execution_config\": {\n \"subnetwork_uri\": \"default\",\n },\n },\n pyspark_batch={\n \"main_python_file_uri\": \"https://storage.googleapis.com/terraform-batches/test_util.py\",\n \"args\": [\"10\"],\n \"jar_file_uris\": [\"file:///usr/lib/spark/examples/jars/spark-examples.jar\"],\n \"python_file_uris\": [\"gs://dataproc-examples/pyspark/hello-world/hello-world.py\"],\n \"archive_uris\": [\n \"https://storage.googleapis.com/terraform-batches/animals.txt.tar.gz#unpacked\",\n \"https://storage.googleapis.com/terraform-batches/animals.txt.jar\",\n \"https://storage.googleapis.com/terraform-batches/animals.txt\",\n ],\n \"file_uris\": [\"https://storage.googleapis.com/terraform-batches/people.txt\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleBatchPyspark = new Gcp.Dataproc.Batch(\"example_batch_pyspark\", new()\n {\n BatchId = \"tf-test-batch_39249\",\n Location = \"us-central1\",\n RuntimeConfig = new Gcp.Dataproc.Inputs.BatchRuntimeConfigArgs\n {\n Properties = \n {\n { \"spark.dynamicAllocation.enabled\", \"false\" },\n { \"spark.executor.instances\", \"2\" },\n },\n },\n EnvironmentConfig = new Gcp.Dataproc.Inputs.BatchEnvironmentConfigArgs\n {\n ExecutionConfig = new Gcp.Dataproc.Inputs.BatchEnvironmentConfigExecutionConfigArgs\n {\n SubnetworkUri = \"default\",\n },\n },\n PysparkBatch = new Gcp.Dataproc.Inputs.BatchPysparkBatchArgs\n {\n MainPythonFileUri = \"https://storage.googleapis.com/terraform-batches/test_util.py\",\n Args = new[]\n {\n \"10\",\n },\n JarFileUris = new[]\n {\n \"file:///usr/lib/spark/examples/jars/spark-examples.jar\",\n },\n PythonFileUris = new[]\n {\n \"gs://dataproc-examples/pyspark/hello-world/hello-world.py\",\n },\n ArchiveUris = new[]\n {\n \"https://storage.googleapis.com/terraform-batches/animals.txt.tar.gz#unpacked\",\n \"https://storage.googleapis.com/terraform-batches/animals.txt.jar\",\n \"https://storage.googleapis.com/terraform-batches/animals.txt\",\n },\n FileUris = new[]\n {\n \"https://storage.googleapis.com/terraform-batches/people.txt\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewBatch(ctx, \"example_batch_pyspark\", \u0026dataproc.BatchArgs{\n\t\t\tBatchId: pulumi.String(\"tf-test-batch_39249\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRuntimeConfig: \u0026dataproc.BatchRuntimeConfigArgs{\n\t\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\t\"spark.dynamicAllocation.enabled\": pulumi.String(\"false\"),\n\t\t\t\t\t\"spark.executor.instances\": pulumi.String(\"2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEnvironmentConfig: \u0026dataproc.BatchEnvironmentConfigArgs{\n\t\t\t\tExecutionConfig: \u0026dataproc.BatchEnvironmentConfigExecutionConfigArgs{\n\t\t\t\t\tSubnetworkUri: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPysparkBatch: \u0026dataproc.BatchPysparkBatchArgs{\n\t\t\t\tMainPythonFileUri: pulumi.String(\"https://storage.googleapis.com/terraform-batches/test_util.py\"),\n\t\t\t\tArgs: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10\"),\n\t\t\t\t},\n\t\t\t\tJarFileUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"file:///usr/lib/spark/examples/jars/spark-examples.jar\"),\n\t\t\t\t},\n\t\t\t\tPythonFileUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"gs://dataproc-examples/pyspark/hello-world/hello-world.py\"),\n\t\t\t\t},\n\t\t\t\tArchiveUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"https://storage.googleapis.com/terraform-batches/animals.txt.tar.gz#unpacked\"),\n\t\t\t\t\tpulumi.String(\"https://storage.googleapis.com/terraform-batches/animals.txt.jar\"),\n\t\t\t\t\tpulumi.String(\"https://storage.googleapis.com/terraform-batches/animals.txt\"),\n\t\t\t\t},\n\t\t\t\tFileUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"https://storage.googleapis.com/terraform-batches/people.txt\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.Batch;\nimport com.pulumi.gcp.dataproc.BatchArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchRuntimeConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchEnvironmentConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchEnvironmentConfigExecutionConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchPysparkBatchArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleBatchPyspark = new Batch(\"exampleBatchPyspark\", BatchArgs.builder()\n .batchId(\"tf-test-batch_39249\")\n .location(\"us-central1\")\n .runtimeConfig(BatchRuntimeConfigArgs.builder()\n .properties(Map.ofEntries(\n Map.entry(\"spark.dynamicAllocation.enabled\", \"false\"),\n Map.entry(\"spark.executor.instances\", \"2\")\n ))\n .build())\n .environmentConfig(BatchEnvironmentConfigArgs.builder()\n .executionConfig(BatchEnvironmentConfigExecutionConfigArgs.builder()\n .subnetworkUri(\"default\")\n .build())\n .build())\n .pysparkBatch(BatchPysparkBatchArgs.builder()\n .mainPythonFileUri(\"https://storage.googleapis.com/terraform-batches/test_util.py\")\n .args(\"10\")\n .jarFileUris(\"file:///usr/lib/spark/examples/jars/spark-examples.jar\")\n .pythonFileUris(\"gs://dataproc-examples/pyspark/hello-world/hello-world.py\")\n .archiveUris( \n \"https://storage.googleapis.com/terraform-batches/animals.txt.tar.gz#unpacked\",\n \"https://storage.googleapis.com/terraform-batches/animals.txt.jar\",\n \"https://storage.googleapis.com/terraform-batches/animals.txt\")\n .fileUris(\"https://storage.googleapis.com/terraform-batches/people.txt\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleBatchPyspark:\n type: gcp:dataproc:Batch\n name: example_batch_pyspark\n properties:\n batchId: tf-test-batch_39249\n location: us-central1\n runtimeConfig:\n properties:\n spark.dynamicAllocation.enabled: 'false'\n spark.executor.instances: '2'\n environmentConfig:\n executionConfig:\n subnetworkUri: default\n pysparkBatch:\n mainPythonFileUri: https://storage.googleapis.com/terraform-batches/test_util.py\n args:\n - '10'\n jarFileUris:\n - file:///usr/lib/spark/examples/jars/spark-examples.jar\n pythonFileUris:\n - gs://dataproc-examples/pyspark/hello-world/hello-world.py\n archiveUris:\n - https://storage.googleapis.com/terraform-batches/animals.txt.tar.gz#unpacked\n - https://storage.googleapis.com/terraform-batches/animals.txt.jar\n - https://storage.googleapis.com/terraform-batches/animals.txt\n fileUris:\n - https://storage.googleapis.com/terraform-batches/people.txt\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dataproc Batch Sparkr\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst exampleBatchSparkr = new gcp.dataproc.Batch(\"example_batch_sparkr\", {\n batchId: \"tf-test-batch_74391\",\n location: \"us-central1\",\n labels: {\n batch_test: \"terraform\",\n },\n runtimeConfig: {\n properties: {\n \"spark.dynamicAllocation.enabled\": \"false\",\n \"spark.executor.instances\": \"2\",\n },\n },\n environmentConfig: {\n executionConfig: {\n subnetworkUri: \"default\",\n ttl: \"3600s\",\n networkTags: [\"tag1\"],\n },\n },\n sparkRBatch: {\n mainRFileUri: \"https://storage.googleapis.com/terraform-batches/spark-r-flights.r\",\n args: [\"https://storage.googleapis.com/terraform-batches/flights.csv\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample_batch_sparkr = gcp.dataproc.Batch(\"example_batch_sparkr\",\n batch_id=\"tf-test-batch_74391\",\n location=\"us-central1\",\n labels={\n \"batch_test\": \"terraform\",\n },\n runtime_config={\n \"properties\": {\n \"spark.dynamicAllocation.enabled\": \"false\",\n \"spark.executor.instances\": \"2\",\n },\n },\n environment_config={\n \"execution_config\": {\n \"subnetwork_uri\": \"default\",\n \"ttl\": \"3600s\",\n \"network_tags\": [\"tag1\"],\n },\n },\n spark_r_batch={\n \"main_r_file_uri\": \"https://storage.googleapis.com/terraform-batches/spark-r-flights.r\",\n \"args\": [\"https://storage.googleapis.com/terraform-batches/flights.csv\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleBatchSparkr = new Gcp.Dataproc.Batch(\"example_batch_sparkr\", new()\n {\n BatchId = \"tf-test-batch_74391\",\n Location = \"us-central1\",\n Labels = \n {\n { \"batch_test\", \"terraform\" },\n },\n RuntimeConfig = new Gcp.Dataproc.Inputs.BatchRuntimeConfigArgs\n {\n Properties = \n {\n { \"spark.dynamicAllocation.enabled\", \"false\" },\n { \"spark.executor.instances\", \"2\" },\n },\n },\n EnvironmentConfig = new Gcp.Dataproc.Inputs.BatchEnvironmentConfigArgs\n {\n ExecutionConfig = new Gcp.Dataproc.Inputs.BatchEnvironmentConfigExecutionConfigArgs\n {\n SubnetworkUri = \"default\",\n Ttl = \"3600s\",\n NetworkTags = new[]\n {\n \"tag1\",\n },\n },\n },\n SparkRBatch = new Gcp.Dataproc.Inputs.BatchSparkRBatchArgs\n {\n MainRFileUri = \"https://storage.googleapis.com/terraform-batches/spark-r-flights.r\",\n Args = new[]\n {\n \"https://storage.googleapis.com/terraform-batches/flights.csv\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewBatch(ctx, \"example_batch_sparkr\", \u0026dataproc.BatchArgs{\n\t\t\tBatchId: pulumi.String(\"tf-test-batch_74391\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"batch_test\": pulumi.String(\"terraform\"),\n\t\t\t},\n\t\t\tRuntimeConfig: \u0026dataproc.BatchRuntimeConfigArgs{\n\t\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\t\"spark.dynamicAllocation.enabled\": pulumi.String(\"false\"),\n\t\t\t\t\t\"spark.executor.instances\": pulumi.String(\"2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEnvironmentConfig: \u0026dataproc.BatchEnvironmentConfigArgs{\n\t\t\t\tExecutionConfig: \u0026dataproc.BatchEnvironmentConfigExecutionConfigArgs{\n\t\t\t\t\tSubnetworkUri: pulumi.String(\"default\"),\n\t\t\t\t\tTtl: pulumi.String(\"3600s\"),\n\t\t\t\t\tNetworkTags: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"tag1\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tSparkRBatch: \u0026dataproc.BatchSparkRBatchArgs{\n\t\t\t\tMainRFileUri: pulumi.String(\"https://storage.googleapis.com/terraform-batches/spark-r-flights.r\"),\n\t\t\t\tArgs: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"https://storage.googleapis.com/terraform-batches/flights.csv\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.Batch;\nimport com.pulumi.gcp.dataproc.BatchArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchRuntimeConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchEnvironmentConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchEnvironmentConfigExecutionConfigArgs;\nimport com.pulumi.gcp.dataproc.inputs.BatchSparkRBatchArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleBatchSparkr = new Batch(\"exampleBatchSparkr\", BatchArgs.builder()\n .batchId(\"tf-test-batch_74391\")\n .location(\"us-central1\")\n .labels(Map.of(\"batch_test\", \"terraform\"))\n .runtimeConfig(BatchRuntimeConfigArgs.builder()\n .properties(Map.ofEntries(\n Map.entry(\"spark.dynamicAllocation.enabled\", \"false\"),\n Map.entry(\"spark.executor.instances\", \"2\")\n ))\n .build())\n .environmentConfig(BatchEnvironmentConfigArgs.builder()\n .executionConfig(BatchEnvironmentConfigExecutionConfigArgs.builder()\n .subnetworkUri(\"default\")\n .ttl(\"3600s\")\n .networkTags(\"tag1\")\n .build())\n .build())\n .sparkRBatch(BatchSparkRBatchArgs.builder()\n .mainRFileUri(\"https://storage.googleapis.com/terraform-batches/spark-r-flights.r\")\n .args(\"https://storage.googleapis.com/terraform-batches/flights.csv\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleBatchSparkr:\n type: gcp:dataproc:Batch\n name: example_batch_sparkr\n properties:\n batchId: tf-test-batch_74391\n location: us-central1\n labels:\n batch_test: terraform\n runtimeConfig:\n properties:\n spark.dynamicAllocation.enabled: 'false'\n spark.executor.instances: '2'\n environmentConfig:\n executionConfig:\n subnetworkUri: default\n ttl: 3600s\n networkTags:\n - tag1\n sparkRBatch:\n mainRFileUri: https://storage.googleapis.com/terraform-batches/spark-r-flights.r\n args:\n - https://storage.googleapis.com/terraform-batches/flights.csv\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nBatch can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/batches/{{batch_id}}`\n\n* `{{project}}/{{location}}/{{batch_id}}`\n\n* `{{location}}/{{batch_id}}`\n\nWhen using the `pulumi import` command, Batch can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:dataproc/batch:Batch default projects/{{project}}/locations/{{location}}/batches/{{batch_id}}\n```\n\n```sh\n$ pulumi import gcp:dataproc/batch:Batch default {{project}}/{{location}}/{{batch_id}}\n```\n\n```sh\n$ pulumi import gcp:dataproc/batch:Batch default {{location}}/{{batch_id}}\n```\n\n", "properties": { "batchId": { "type": "string", @@ -200014,7 +200014,7 @@ } }, "gcp:dataproc/clusterIAMBinding:ClusterIAMBinding": { - "description": "Three different resources help you manage IAM policies on dataproc clusters. Each of these resources serves a different use case:\n\n* `gcp.dataproc.ClusterIAMPolicy`: Authoritative. Sets the IAM policy for the cluster and replaces any existing policy already attached.\n* `gcp.dataproc.ClusterIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cluster are preserved.\n* `gcp.dataproc.ClusterIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cluster are preserved.\n\n\u003e **Note:** `gcp.dataproc.ClusterIAMPolicy` **cannot** be used in conjunction with `gcp.dataproc.ClusterIAMBinding` and `gcp.dataproc.ClusterIAMMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the cluster as `gcp.dataproc.ClusterIAMPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.dataproc.ClusterIAMBinding` resources **can be** used in conjunction with `gcp.dataproc.ClusterIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.dataproc.ClusterIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.ClusterIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n cluster: \"your-dataproc-cluster\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.dataproc.ClusterIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n cluster=\"your-dataproc-cluster\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.ClusterIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n Cluster = \"your-dataproc-cluster\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewClusterIAMPolicy(ctx, \"editor\", \u0026dataproc.ClusterIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicy;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new ClusterIAMPolicy(\"editor\", ClusterIAMPolicyArgs.builder()\n .project(\"your-project\")\n .region(\"your-region\")\n .cluster(\"your-dataproc-cluster\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMPolicy\n properties:\n project: your-project\n region: your-region\n cluster: your-dataproc-cluster\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.ClusterIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMBinding(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMBinding(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMBinding(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMBinding(ctx, \"editor\", \u0026dataproc.ClusterIAMBindingArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMBinding;\nimport com.pulumi.gcp.dataproc.ClusterIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMBinding(\"editor\", ClusterIAMBindingArgs.builder()\n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMBinding\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.ClusterIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMMember(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMMember(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMMember(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMMember(ctx, \"editor\", \u0026dataproc.ClusterIAMMemberArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMMember;\nimport com.pulumi.gcp.dataproc.ClusterIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMMember(\"editor\", ClusterIAMMemberArgs.builder()\n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMMember\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.ClusterIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.ClusterIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n cluster: \"your-dataproc-cluster\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.dataproc.ClusterIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n cluster=\"your-dataproc-cluster\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.ClusterIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n Cluster = \"your-dataproc-cluster\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewClusterIAMPolicy(ctx, \"editor\", \u0026dataproc.ClusterIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicy;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new ClusterIAMPolicy(\"editor\", ClusterIAMPolicyArgs.builder()\n .project(\"your-project\")\n .region(\"your-region\")\n .cluster(\"your-dataproc-cluster\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMPolicy\n properties:\n project: your-project\n region: your-region\n cluster: your-dataproc-cluster\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.ClusterIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMBinding(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMBinding(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMBinding(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMBinding(ctx, \"editor\", \u0026dataproc.ClusterIAMBindingArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMBinding;\nimport com.pulumi.gcp.dataproc.ClusterIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMBinding(\"editor\", ClusterIAMBindingArgs.builder()\n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMBinding\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.ClusterIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMMember(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMMember(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMMember(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMMember(ctx, \"editor\", \u0026dataproc.ClusterIAMMemberArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMMember;\nimport com.pulumi.gcp.dataproc.ClusterIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMMember(\"editor\", ClusterIAMMemberArgs.builder()\n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMMember\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `cluster` identifier of the Dataproc Cluster resource only. For example:\n\n* `projects/{project}/regions/{region}/clusters/{cluster}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = projects/{project}/regions/{region}/clusters/{cluster}\n\n to = google_dataproc_cluster_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:dataproc/clusterIAMBinding:ClusterIAMBinding default projects/{project}/regions/{region}/clusters/{cluster}\n```\n\n", + "description": "Three different resources help you manage IAM policies on dataproc clusters. Each of these resources serves a different use case:\n\n* `gcp.dataproc.ClusterIAMPolicy`: Authoritative. Sets the IAM policy for the cluster and replaces any existing policy already attached.\n* `gcp.dataproc.ClusterIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cluster are preserved.\n* `gcp.dataproc.ClusterIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cluster are preserved.\n\n\u003e **Note:** `gcp.dataproc.ClusterIAMPolicy` **cannot** be used in conjunction with `gcp.dataproc.ClusterIAMBinding` and `gcp.dataproc.ClusterIAMMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the cluster as `gcp.dataproc.ClusterIAMPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.dataproc.ClusterIAMBinding` resources **can be** used in conjunction with `gcp.dataproc.ClusterIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.dataproc.ClusterIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.ClusterIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n cluster: \"your-dataproc-cluster\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.dataproc.ClusterIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n cluster=\"your-dataproc-cluster\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.ClusterIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n Cluster = \"your-dataproc-cluster\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewClusterIAMPolicy(ctx, \"editor\", \u0026dataproc.ClusterIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicy;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new ClusterIAMPolicy(\"editor\", ClusterIAMPolicyArgs.builder()\n .project(\"your-project\")\n .region(\"your-region\")\n .cluster(\"your-dataproc-cluster\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMPolicy\n properties:\n project: your-project\n region: your-region\n cluster: your-dataproc-cluster\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.ClusterIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMBinding(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMBinding(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMBinding(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMBinding(ctx, \"editor\", \u0026dataproc.ClusterIAMBindingArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMBinding;\nimport com.pulumi.gcp.dataproc.ClusterIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMBinding(\"editor\", ClusterIAMBindingArgs.builder()\n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMBinding\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.ClusterIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMMember(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMMember(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMMember(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMMember(ctx, \"editor\", \u0026dataproc.ClusterIAMMemberArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMMember;\nimport com.pulumi.gcp.dataproc.ClusterIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMMember(\"editor\", ClusterIAMMemberArgs.builder()\n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMMember\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.ClusterIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.ClusterIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n cluster: \"your-dataproc-cluster\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.dataproc.ClusterIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n cluster=\"your-dataproc-cluster\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.ClusterIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n Cluster = \"your-dataproc-cluster\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewClusterIAMPolicy(ctx, \"editor\", \u0026dataproc.ClusterIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicy;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new ClusterIAMPolicy(\"editor\", ClusterIAMPolicyArgs.builder()\n .project(\"your-project\")\n .region(\"your-region\")\n .cluster(\"your-dataproc-cluster\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMPolicy\n properties:\n project: your-project\n region: your-region\n cluster: your-dataproc-cluster\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.ClusterIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMBinding(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMBinding(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMBinding(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMBinding(ctx, \"editor\", \u0026dataproc.ClusterIAMBindingArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMBinding;\nimport com.pulumi.gcp.dataproc.ClusterIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMBinding(\"editor\", ClusterIAMBindingArgs.builder()\n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMBinding\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.ClusterIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMMember(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMMember(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMMember(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMMember(ctx, \"editor\", \u0026dataproc.ClusterIAMMemberArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMMember;\nimport com.pulumi.gcp.dataproc.ClusterIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMMember(\"editor\", ClusterIAMMemberArgs.builder()\n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMMember\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `cluster` identifier of the Dataproc Cluster resource only. For example:\n\n* `projects/{project}/regions/{region}/clusters/{cluster}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = projects/{project}/regions/{region}/clusters/{cluster}\n\n to = google_dataproc_cluster_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:dataproc/clusterIAMBinding:ClusterIAMBinding default projects/{project}/regions/{region}/clusters/{cluster}\n```\n\n", "properties": { "cluster": { "type": "string", @@ -200136,7 +200136,7 @@ } }, "gcp:dataproc/clusterIAMMember:ClusterIAMMember": { - "description": "Three different resources help you manage IAM policies on dataproc clusters. Each of these resources serves a different use case:\n\n* `gcp.dataproc.ClusterIAMPolicy`: Authoritative. Sets the IAM policy for the cluster and replaces any existing policy already attached.\n* `gcp.dataproc.ClusterIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cluster are preserved.\n* `gcp.dataproc.ClusterIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cluster are preserved.\n\n\u003e **Note:** `gcp.dataproc.ClusterIAMPolicy` **cannot** be used in conjunction with `gcp.dataproc.ClusterIAMBinding` and `gcp.dataproc.ClusterIAMMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the cluster as `gcp.dataproc.ClusterIAMPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.dataproc.ClusterIAMBinding` resources **can be** used in conjunction with `gcp.dataproc.ClusterIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.dataproc.ClusterIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.ClusterIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n cluster: \"your-dataproc-cluster\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.dataproc.ClusterIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n cluster=\"your-dataproc-cluster\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.ClusterIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n Cluster = \"your-dataproc-cluster\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewClusterIAMPolicy(ctx, \"editor\", \u0026dataproc.ClusterIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicy;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new ClusterIAMPolicy(\"editor\", ClusterIAMPolicyArgs.builder()\n .project(\"your-project\")\n .region(\"your-region\")\n .cluster(\"your-dataproc-cluster\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMPolicy\n properties:\n project: your-project\n region: your-region\n cluster: your-dataproc-cluster\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.ClusterIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMBinding(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMBinding(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMBinding(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMBinding(ctx, \"editor\", \u0026dataproc.ClusterIAMBindingArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMBinding;\nimport com.pulumi.gcp.dataproc.ClusterIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMBinding(\"editor\", ClusterIAMBindingArgs.builder()\n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMBinding\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.ClusterIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMMember(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMMember(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMMember(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMMember(ctx, \"editor\", \u0026dataproc.ClusterIAMMemberArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMMember;\nimport com.pulumi.gcp.dataproc.ClusterIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMMember(\"editor\", ClusterIAMMemberArgs.builder()\n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMMember\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.ClusterIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.ClusterIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n cluster: \"your-dataproc-cluster\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.dataproc.ClusterIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n cluster=\"your-dataproc-cluster\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.ClusterIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n Cluster = \"your-dataproc-cluster\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewClusterIAMPolicy(ctx, \"editor\", \u0026dataproc.ClusterIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicy;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new ClusterIAMPolicy(\"editor\", ClusterIAMPolicyArgs.builder()\n .project(\"your-project\")\n .region(\"your-region\")\n .cluster(\"your-dataproc-cluster\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMPolicy\n properties:\n project: your-project\n region: your-region\n cluster: your-dataproc-cluster\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.ClusterIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMBinding(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMBinding(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMBinding(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMBinding(ctx, \"editor\", \u0026dataproc.ClusterIAMBindingArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMBinding;\nimport com.pulumi.gcp.dataproc.ClusterIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMBinding(\"editor\", ClusterIAMBindingArgs.builder()\n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMBinding\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.ClusterIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMMember(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMMember(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMMember(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMMember(ctx, \"editor\", \u0026dataproc.ClusterIAMMemberArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMMember;\nimport com.pulumi.gcp.dataproc.ClusterIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMMember(\"editor\", ClusterIAMMemberArgs.builder()\n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMMember\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `cluster` identifier of the Dataproc Cluster resource only. For example:\n\n* `projects/{project}/regions/{region}/clusters/{cluster}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = projects/{project}/regions/{region}/clusters/{cluster}\n\n to = google_dataproc_cluster_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:dataproc/clusterIAMMember:ClusterIAMMember default projects/{project}/regions/{region}/clusters/{cluster}\n```\n\n", + "description": "Three different resources help you manage IAM policies on dataproc clusters. Each of these resources serves a different use case:\n\n* `gcp.dataproc.ClusterIAMPolicy`: Authoritative. Sets the IAM policy for the cluster and replaces any existing policy already attached.\n* `gcp.dataproc.ClusterIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cluster are preserved.\n* `gcp.dataproc.ClusterIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cluster are preserved.\n\n\u003e **Note:** `gcp.dataproc.ClusterIAMPolicy` **cannot** be used in conjunction with `gcp.dataproc.ClusterIAMBinding` and `gcp.dataproc.ClusterIAMMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the cluster as `gcp.dataproc.ClusterIAMPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.dataproc.ClusterIAMBinding` resources **can be** used in conjunction with `gcp.dataproc.ClusterIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.dataproc.ClusterIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.ClusterIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n cluster: \"your-dataproc-cluster\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.dataproc.ClusterIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n cluster=\"your-dataproc-cluster\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.ClusterIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n Cluster = \"your-dataproc-cluster\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewClusterIAMPolicy(ctx, \"editor\", \u0026dataproc.ClusterIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicy;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new ClusterIAMPolicy(\"editor\", ClusterIAMPolicyArgs.builder()\n .project(\"your-project\")\n .region(\"your-region\")\n .cluster(\"your-dataproc-cluster\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMPolicy\n properties:\n project: your-project\n region: your-region\n cluster: your-dataproc-cluster\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.ClusterIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMBinding(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMBinding(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMBinding(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMBinding(ctx, \"editor\", \u0026dataproc.ClusterIAMBindingArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMBinding;\nimport com.pulumi.gcp.dataproc.ClusterIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMBinding(\"editor\", ClusterIAMBindingArgs.builder()\n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMBinding\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.ClusterIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMMember(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMMember(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMMember(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMMember(ctx, \"editor\", \u0026dataproc.ClusterIAMMemberArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMMember;\nimport com.pulumi.gcp.dataproc.ClusterIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMMember(\"editor\", ClusterIAMMemberArgs.builder()\n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMMember\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.ClusterIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.ClusterIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n cluster: \"your-dataproc-cluster\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.dataproc.ClusterIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n cluster=\"your-dataproc-cluster\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.ClusterIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n Cluster = \"your-dataproc-cluster\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewClusterIAMPolicy(ctx, \"editor\", \u0026dataproc.ClusterIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicy;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new ClusterIAMPolicy(\"editor\", ClusterIAMPolicyArgs.builder()\n .project(\"your-project\")\n .region(\"your-region\")\n .cluster(\"your-dataproc-cluster\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMPolicy\n properties:\n project: your-project\n region: your-region\n cluster: your-dataproc-cluster\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.ClusterIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMBinding(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMBinding(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMBinding(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMBinding(ctx, \"editor\", \u0026dataproc.ClusterIAMBindingArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMBinding;\nimport com.pulumi.gcp.dataproc.ClusterIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMBinding(\"editor\", ClusterIAMBindingArgs.builder()\n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMBinding\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.ClusterIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMMember(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMMember(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMMember(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMMember(ctx, \"editor\", \u0026dataproc.ClusterIAMMemberArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMMember;\nimport com.pulumi.gcp.dataproc.ClusterIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMMember(\"editor\", ClusterIAMMemberArgs.builder()\n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMMember\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `cluster` identifier of the Dataproc Cluster resource only. For example:\n\n* `projects/{project}/regions/{region}/clusters/{cluster}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = projects/{project}/regions/{region}/clusters/{cluster}\n\n to = google_dataproc_cluster_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:dataproc/clusterIAMMember:ClusterIAMMember default projects/{project}/regions/{region}/clusters/{cluster}\n```\n\n", "properties": { "cluster": { "type": "string", @@ -200251,7 +200251,7 @@ } }, "gcp:dataproc/clusterIAMPolicy:ClusterIAMPolicy": { - "description": "Three different resources help you manage IAM policies on dataproc clusters. Each of these resources serves a different use case:\n\n* `gcp.dataproc.ClusterIAMPolicy`: Authoritative. Sets the IAM policy for the cluster and replaces any existing policy already attached.\n* `gcp.dataproc.ClusterIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cluster are preserved.\n* `gcp.dataproc.ClusterIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cluster are preserved.\n\n\u003e **Note:** `gcp.dataproc.ClusterIAMPolicy` **cannot** be used in conjunction with `gcp.dataproc.ClusterIAMBinding` and `gcp.dataproc.ClusterIAMMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the cluster as `gcp.dataproc.ClusterIAMPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.dataproc.ClusterIAMBinding` resources **can be** used in conjunction with `gcp.dataproc.ClusterIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.dataproc.ClusterIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.ClusterIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n cluster: \"your-dataproc-cluster\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.dataproc.ClusterIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n cluster=\"your-dataproc-cluster\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.ClusterIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n Cluster = \"your-dataproc-cluster\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewClusterIAMPolicy(ctx, \"editor\", \u0026dataproc.ClusterIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicy;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new ClusterIAMPolicy(\"editor\", ClusterIAMPolicyArgs.builder()\n .project(\"your-project\")\n .region(\"your-region\")\n .cluster(\"your-dataproc-cluster\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMPolicy\n properties:\n project: your-project\n region: your-region\n cluster: your-dataproc-cluster\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.ClusterIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMBinding(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMBinding(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMBinding(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMBinding(ctx, \"editor\", \u0026dataproc.ClusterIAMBindingArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMBinding;\nimport com.pulumi.gcp.dataproc.ClusterIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMBinding(\"editor\", ClusterIAMBindingArgs.builder()\n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMBinding\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.ClusterIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMMember(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMMember(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMMember(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMMember(ctx, \"editor\", \u0026dataproc.ClusterIAMMemberArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMMember;\nimport com.pulumi.gcp.dataproc.ClusterIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMMember(\"editor\", ClusterIAMMemberArgs.builder()\n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMMember\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.ClusterIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.ClusterIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n cluster: \"your-dataproc-cluster\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.dataproc.ClusterIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n cluster=\"your-dataproc-cluster\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.ClusterIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n Cluster = \"your-dataproc-cluster\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewClusterIAMPolicy(ctx, \"editor\", \u0026dataproc.ClusterIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicy;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new ClusterIAMPolicy(\"editor\", ClusterIAMPolicyArgs.builder()\n .project(\"your-project\")\n .region(\"your-region\")\n .cluster(\"your-dataproc-cluster\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMPolicy\n properties:\n project: your-project\n region: your-region\n cluster: your-dataproc-cluster\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.ClusterIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMBinding(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMBinding(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMBinding(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMBinding(ctx, \"editor\", \u0026dataproc.ClusterIAMBindingArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMBinding;\nimport com.pulumi.gcp.dataproc.ClusterIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMBinding(\"editor\", ClusterIAMBindingArgs.builder()\n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMBinding\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.ClusterIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMMember(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMMember(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMMember(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMMember(ctx, \"editor\", \u0026dataproc.ClusterIAMMemberArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMMember;\nimport com.pulumi.gcp.dataproc.ClusterIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMMember(\"editor\", ClusterIAMMemberArgs.builder()\n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMMember\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `cluster` identifier of the Dataproc Cluster resource only. For example:\n\n* `projects/{project}/regions/{region}/clusters/{cluster}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = projects/{project}/regions/{region}/clusters/{cluster}\n\n to = google_dataproc_cluster_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:dataproc/clusterIAMPolicy:ClusterIAMPolicy default projects/{project}/regions/{region}/clusters/{cluster}\n```\n\n", + "description": "Three different resources help you manage IAM policies on dataproc clusters. Each of these resources serves a different use case:\n\n* `gcp.dataproc.ClusterIAMPolicy`: Authoritative. Sets the IAM policy for the cluster and replaces any existing policy already attached.\n* `gcp.dataproc.ClusterIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cluster are preserved.\n* `gcp.dataproc.ClusterIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cluster are preserved.\n\n\u003e **Note:** `gcp.dataproc.ClusterIAMPolicy` **cannot** be used in conjunction with `gcp.dataproc.ClusterIAMBinding` and `gcp.dataproc.ClusterIAMMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the cluster as `gcp.dataproc.ClusterIAMPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.dataproc.ClusterIAMBinding` resources **can be** used in conjunction with `gcp.dataproc.ClusterIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.dataproc.ClusterIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.ClusterIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n cluster: \"your-dataproc-cluster\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.dataproc.ClusterIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n cluster=\"your-dataproc-cluster\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.ClusterIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n Cluster = \"your-dataproc-cluster\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewClusterIAMPolicy(ctx, \"editor\", \u0026dataproc.ClusterIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicy;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new ClusterIAMPolicy(\"editor\", ClusterIAMPolicyArgs.builder()\n .project(\"your-project\")\n .region(\"your-region\")\n .cluster(\"your-dataproc-cluster\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMPolicy\n properties:\n project: your-project\n region: your-region\n cluster: your-dataproc-cluster\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.ClusterIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMBinding(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMBinding(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMBinding(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMBinding(ctx, \"editor\", \u0026dataproc.ClusterIAMBindingArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMBinding;\nimport com.pulumi.gcp.dataproc.ClusterIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMBinding(\"editor\", ClusterIAMBindingArgs.builder()\n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMBinding\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.ClusterIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMMember(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMMember(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMMember(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMMember(ctx, \"editor\", \u0026dataproc.ClusterIAMMemberArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMMember;\nimport com.pulumi.gcp.dataproc.ClusterIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMMember(\"editor\", ClusterIAMMemberArgs.builder()\n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMMember\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.ClusterIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.ClusterIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n cluster: \"your-dataproc-cluster\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.dataproc.ClusterIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n cluster=\"your-dataproc-cluster\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.ClusterIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n Cluster = \"your-dataproc-cluster\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewClusterIAMPolicy(ctx, \"editor\", \u0026dataproc.ClusterIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicy;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new ClusterIAMPolicy(\"editor\", ClusterIAMPolicyArgs.builder()\n .project(\"your-project\")\n .region(\"your-region\")\n .cluster(\"your-dataproc-cluster\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMPolicy\n properties:\n project: your-project\n region: your-region\n cluster: your-dataproc-cluster\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.ClusterIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMBinding(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMBinding(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMBinding(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMBinding(ctx, \"editor\", \u0026dataproc.ClusterIAMBindingArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMBinding;\nimport com.pulumi.gcp.dataproc.ClusterIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMBinding(\"editor\", ClusterIAMBindingArgs.builder()\n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMBinding\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.ClusterIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMMember(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMMember(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMMember(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMMember(ctx, \"editor\", \u0026dataproc.ClusterIAMMemberArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMMember;\nimport com.pulumi.gcp.dataproc.ClusterIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMMember(\"editor\", ClusterIAMMemberArgs.builder()\n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMMember\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `cluster` identifier of the Dataproc Cluster resource only. For example:\n\n* `projects/{project}/regions/{region}/clusters/{cluster}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = projects/{project}/regions/{region}/clusters/{cluster}\n\n to = google_dataproc_cluster_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:dataproc/clusterIAMPolicy:ClusterIAMPolicy default projects/{project}/regions/{region}/clusters/{cluster}\n```\n\n", "properties": { "cluster": { "type": "string", @@ -201531,7 +201531,7 @@ } }, "gcp:dataproc/jobIAMBinding:JobIAMBinding": { - "description": "Three different resources help you manage IAM policies on dataproc jobs. Each of these resources serves a different use case:\n\n* `gcp.dataproc.JobIAMPolicy`: Authoritative. Sets the IAM policy for the job and replaces any existing policy already attached.\n* `gcp.dataproc.JobIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the job are preserved.\n* `gcp.dataproc.JobIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the job are preserved.\n\n\u003e **Note:** `gcp.dataproc.JobIAMPolicy` **cannot** be used in conjunction with `gcp.dataproc.JobIAMBinding` and `gcp.dataproc.JobIAMMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the job as `gcp.dataproc.JobIAMPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.dataproc.JobIAMBinding` resources **can be** used in conjunction with `gcp.dataproc.JobIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.dataproc.JobIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.JobIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n jobId: \"your-dataproc-job\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.dataproc.JobIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n job_id=\"your-dataproc-job\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.JobIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n JobId = \"your-dataproc-job\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewJobIAMPolicy(ctx, \"editor\", \u0026dataproc.JobIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.JobIAMPolicy;\nimport com.pulumi.gcp.dataproc.JobIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new JobIAMPolicy(\"editor\", JobIAMPolicyArgs.builder()\n .project(\"your-project\")\n .region(\"your-region\")\n .jobId(\"your-dataproc-job\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMPolicy\n properties:\n project: your-project\n region: your-region\n jobId: your-dataproc-job\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.JobIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMBinding(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMBinding(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMBinding(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMBinding(ctx, \"editor\", \u0026dataproc.JobIAMBindingArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMBinding;\nimport com.pulumi.gcp.dataproc.JobIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMBinding(\"editor\", JobIAMBindingArgs.builder()\n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMBinding\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.JobIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMMember(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMMember(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMMember(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMMember(ctx, \"editor\", \u0026dataproc.JobIAMMemberArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMMember;\nimport com.pulumi.gcp.dataproc.JobIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMMember(\"editor\", JobIAMMemberArgs.builder()\n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMMember\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.JobIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.JobIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n jobId: \"your-dataproc-job\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.dataproc.JobIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n job_id=\"your-dataproc-job\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.JobIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n JobId = \"your-dataproc-job\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewJobIAMPolicy(ctx, \"editor\", \u0026dataproc.JobIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.JobIAMPolicy;\nimport com.pulumi.gcp.dataproc.JobIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new JobIAMPolicy(\"editor\", JobIAMPolicyArgs.builder()\n .project(\"your-project\")\n .region(\"your-region\")\n .jobId(\"your-dataproc-job\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMPolicy\n properties:\n project: your-project\n region: your-region\n jobId: your-dataproc-job\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.JobIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMBinding(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMBinding(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMBinding(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMBinding(ctx, \"editor\", \u0026dataproc.JobIAMBindingArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMBinding;\nimport com.pulumi.gcp.dataproc.JobIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMBinding(\"editor\", JobIAMBindingArgs.builder()\n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMBinding\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.JobIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMMember(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMMember(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMMember(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMMember(ctx, \"editor\", \u0026dataproc.JobIAMMemberArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMMember;\nimport com.pulumi.gcp.dataproc.JobIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMMember(\"editor\", JobIAMMemberArgs.builder()\n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMMember\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `job_id` identifier of the Dataproc Job resource only. For example:\n\n* `projects/{project}/regions/{region}/jobs/{job_id}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/regions/{region}/jobs/{job_id}\"\n\n to = google_dataproc_job_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:dataproc/jobIAMBinding:JobIAMBinding default \"projects/{project}/regions/{region}/jobs/{job_id}\"\n```\n\n", + "description": "Three different resources help you manage IAM policies on dataproc jobs. Each of these resources serves a different use case:\n\n* `gcp.dataproc.JobIAMPolicy`: Authoritative. Sets the IAM policy for the job and replaces any existing policy already attached.\n* `gcp.dataproc.JobIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the job are preserved.\n* `gcp.dataproc.JobIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the job are preserved.\n\n\u003e **Note:** `gcp.dataproc.JobIAMPolicy` **cannot** be used in conjunction with `gcp.dataproc.JobIAMBinding` and `gcp.dataproc.JobIAMMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the job as `gcp.dataproc.JobIAMPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.dataproc.JobIAMBinding` resources **can be** used in conjunction with `gcp.dataproc.JobIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.dataproc.JobIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.JobIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n jobId: \"your-dataproc-job\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.dataproc.JobIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n job_id=\"your-dataproc-job\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.JobIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n JobId = \"your-dataproc-job\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewJobIAMPolicy(ctx, \"editor\", \u0026dataproc.JobIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.JobIAMPolicy;\nimport com.pulumi.gcp.dataproc.JobIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new JobIAMPolicy(\"editor\", JobIAMPolicyArgs.builder()\n .project(\"your-project\")\n .region(\"your-region\")\n .jobId(\"your-dataproc-job\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMPolicy\n properties:\n project: your-project\n region: your-region\n jobId: your-dataproc-job\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.JobIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMBinding(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMBinding(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMBinding(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMBinding(ctx, \"editor\", \u0026dataproc.JobIAMBindingArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMBinding;\nimport com.pulumi.gcp.dataproc.JobIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMBinding(\"editor\", JobIAMBindingArgs.builder()\n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMBinding\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.JobIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMMember(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMMember(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMMember(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMMember(ctx, \"editor\", \u0026dataproc.JobIAMMemberArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMMember;\nimport com.pulumi.gcp.dataproc.JobIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMMember(\"editor\", JobIAMMemberArgs.builder()\n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMMember\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.JobIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.JobIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n jobId: \"your-dataproc-job\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.dataproc.JobIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n job_id=\"your-dataproc-job\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.JobIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n JobId = \"your-dataproc-job\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewJobIAMPolicy(ctx, \"editor\", \u0026dataproc.JobIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.JobIAMPolicy;\nimport com.pulumi.gcp.dataproc.JobIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new JobIAMPolicy(\"editor\", JobIAMPolicyArgs.builder()\n .project(\"your-project\")\n .region(\"your-region\")\n .jobId(\"your-dataproc-job\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMPolicy\n properties:\n project: your-project\n region: your-region\n jobId: your-dataproc-job\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.JobIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMBinding(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMBinding(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMBinding(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMBinding(ctx, \"editor\", \u0026dataproc.JobIAMBindingArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMBinding;\nimport com.pulumi.gcp.dataproc.JobIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMBinding(\"editor\", JobIAMBindingArgs.builder()\n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMBinding\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.JobIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMMember(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMMember(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMMember(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMMember(ctx, \"editor\", \u0026dataproc.JobIAMMemberArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMMember;\nimport com.pulumi.gcp.dataproc.JobIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMMember(\"editor\", JobIAMMemberArgs.builder()\n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMMember\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `job_id` identifier of the Dataproc Job resource only. For example:\n\n* `projects/{project}/regions/{region}/jobs/{job_id}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/regions/{region}/jobs/{job_id}\"\n\n to = google_dataproc_job_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:dataproc/jobIAMBinding:JobIAMBinding default \"projects/{project}/regions/{region}/jobs/{job_id}\"\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dataproc/JobIAMBindingCondition:JobIAMBindingCondition" @@ -201650,7 +201650,7 @@ } }, "gcp:dataproc/jobIAMMember:JobIAMMember": { - "description": "Three different resources help you manage IAM policies on dataproc jobs. Each of these resources serves a different use case:\n\n* `gcp.dataproc.JobIAMPolicy`: Authoritative. Sets the IAM policy for the job and replaces any existing policy already attached.\n* `gcp.dataproc.JobIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the job are preserved.\n* `gcp.dataproc.JobIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the job are preserved.\n\n\u003e **Note:** `gcp.dataproc.JobIAMPolicy` **cannot** be used in conjunction with `gcp.dataproc.JobIAMBinding` and `gcp.dataproc.JobIAMMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the job as `gcp.dataproc.JobIAMPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.dataproc.JobIAMBinding` resources **can be** used in conjunction with `gcp.dataproc.JobIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.dataproc.JobIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.JobIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n jobId: \"your-dataproc-job\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.dataproc.JobIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n job_id=\"your-dataproc-job\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.JobIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n JobId = \"your-dataproc-job\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewJobIAMPolicy(ctx, \"editor\", \u0026dataproc.JobIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.JobIAMPolicy;\nimport com.pulumi.gcp.dataproc.JobIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new JobIAMPolicy(\"editor\", JobIAMPolicyArgs.builder()\n .project(\"your-project\")\n .region(\"your-region\")\n .jobId(\"your-dataproc-job\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMPolicy\n properties:\n project: your-project\n region: your-region\n jobId: your-dataproc-job\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.JobIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMBinding(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMBinding(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMBinding(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMBinding(ctx, \"editor\", \u0026dataproc.JobIAMBindingArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMBinding;\nimport com.pulumi.gcp.dataproc.JobIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMBinding(\"editor\", JobIAMBindingArgs.builder()\n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMBinding\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.JobIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMMember(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMMember(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMMember(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMMember(ctx, \"editor\", \u0026dataproc.JobIAMMemberArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMMember;\nimport com.pulumi.gcp.dataproc.JobIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMMember(\"editor\", JobIAMMemberArgs.builder()\n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMMember\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.JobIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.JobIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n jobId: \"your-dataproc-job\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.dataproc.JobIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n job_id=\"your-dataproc-job\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.JobIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n JobId = \"your-dataproc-job\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewJobIAMPolicy(ctx, \"editor\", \u0026dataproc.JobIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.JobIAMPolicy;\nimport com.pulumi.gcp.dataproc.JobIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new JobIAMPolicy(\"editor\", JobIAMPolicyArgs.builder()\n .project(\"your-project\")\n .region(\"your-region\")\n .jobId(\"your-dataproc-job\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMPolicy\n properties:\n project: your-project\n region: your-region\n jobId: your-dataproc-job\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.JobIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMBinding(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMBinding(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMBinding(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMBinding(ctx, \"editor\", \u0026dataproc.JobIAMBindingArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMBinding;\nimport com.pulumi.gcp.dataproc.JobIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMBinding(\"editor\", JobIAMBindingArgs.builder()\n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMBinding\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.JobIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMMember(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMMember(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMMember(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMMember(ctx, \"editor\", \u0026dataproc.JobIAMMemberArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMMember;\nimport com.pulumi.gcp.dataproc.JobIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMMember(\"editor\", JobIAMMemberArgs.builder()\n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMMember\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `job_id` identifier of the Dataproc Job resource only. For example:\n\n* `projects/{project}/regions/{region}/jobs/{job_id}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/regions/{region}/jobs/{job_id}\"\n\n to = google_dataproc_job_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:dataproc/jobIAMMember:JobIAMMember default \"projects/{project}/regions/{region}/jobs/{job_id}\"\n```\n\n", + "description": "Three different resources help you manage IAM policies on dataproc jobs. Each of these resources serves a different use case:\n\n* `gcp.dataproc.JobIAMPolicy`: Authoritative. Sets the IAM policy for the job and replaces any existing policy already attached.\n* `gcp.dataproc.JobIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the job are preserved.\n* `gcp.dataproc.JobIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the job are preserved.\n\n\u003e **Note:** `gcp.dataproc.JobIAMPolicy` **cannot** be used in conjunction with `gcp.dataproc.JobIAMBinding` and `gcp.dataproc.JobIAMMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the job as `gcp.dataproc.JobIAMPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.dataproc.JobIAMBinding` resources **can be** used in conjunction with `gcp.dataproc.JobIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.dataproc.JobIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.JobIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n jobId: \"your-dataproc-job\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.dataproc.JobIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n job_id=\"your-dataproc-job\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.JobIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n JobId = \"your-dataproc-job\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewJobIAMPolicy(ctx, \"editor\", \u0026dataproc.JobIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.JobIAMPolicy;\nimport com.pulumi.gcp.dataproc.JobIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new JobIAMPolicy(\"editor\", JobIAMPolicyArgs.builder()\n .project(\"your-project\")\n .region(\"your-region\")\n .jobId(\"your-dataproc-job\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMPolicy\n properties:\n project: your-project\n region: your-region\n jobId: your-dataproc-job\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.JobIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMBinding(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMBinding(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMBinding(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMBinding(ctx, \"editor\", \u0026dataproc.JobIAMBindingArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMBinding;\nimport com.pulumi.gcp.dataproc.JobIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMBinding(\"editor\", JobIAMBindingArgs.builder()\n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMBinding\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.JobIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMMember(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMMember(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMMember(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMMember(ctx, \"editor\", \u0026dataproc.JobIAMMemberArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMMember;\nimport com.pulumi.gcp.dataproc.JobIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMMember(\"editor\", JobIAMMemberArgs.builder()\n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMMember\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.JobIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.JobIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n jobId: \"your-dataproc-job\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.dataproc.JobIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n job_id=\"your-dataproc-job\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.JobIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n JobId = \"your-dataproc-job\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewJobIAMPolicy(ctx, \"editor\", \u0026dataproc.JobIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.JobIAMPolicy;\nimport com.pulumi.gcp.dataproc.JobIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new JobIAMPolicy(\"editor\", JobIAMPolicyArgs.builder()\n .project(\"your-project\")\n .region(\"your-region\")\n .jobId(\"your-dataproc-job\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMPolicy\n properties:\n project: your-project\n region: your-region\n jobId: your-dataproc-job\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.JobIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMBinding(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMBinding(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMBinding(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMBinding(ctx, \"editor\", \u0026dataproc.JobIAMBindingArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMBinding;\nimport com.pulumi.gcp.dataproc.JobIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMBinding(\"editor\", JobIAMBindingArgs.builder()\n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMBinding\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.JobIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMMember(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMMember(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMMember(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMMember(ctx, \"editor\", \u0026dataproc.JobIAMMemberArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMMember;\nimport com.pulumi.gcp.dataproc.JobIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMMember(\"editor\", JobIAMMemberArgs.builder()\n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMMember\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `job_id` identifier of the Dataproc Job resource only. For example:\n\n* `projects/{project}/regions/{region}/jobs/{job_id}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/regions/{region}/jobs/{job_id}\"\n\n to = google_dataproc_job_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:dataproc/jobIAMMember:JobIAMMember default \"projects/{project}/regions/{region}/jobs/{job_id}\"\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dataproc/JobIAMMemberCondition:JobIAMMemberCondition" @@ -201762,7 +201762,7 @@ } }, "gcp:dataproc/jobIAMPolicy:JobIAMPolicy": { - "description": "Three different resources help you manage IAM policies on dataproc jobs. Each of these resources serves a different use case:\n\n* `gcp.dataproc.JobIAMPolicy`: Authoritative. Sets the IAM policy for the job and replaces any existing policy already attached.\n* `gcp.dataproc.JobIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the job are preserved.\n* `gcp.dataproc.JobIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the job are preserved.\n\n\u003e **Note:** `gcp.dataproc.JobIAMPolicy` **cannot** be used in conjunction with `gcp.dataproc.JobIAMBinding` and `gcp.dataproc.JobIAMMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the job as `gcp.dataproc.JobIAMPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.dataproc.JobIAMBinding` resources **can be** used in conjunction with `gcp.dataproc.JobIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.dataproc.JobIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.JobIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n jobId: \"your-dataproc-job\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.dataproc.JobIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n job_id=\"your-dataproc-job\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.JobIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n JobId = \"your-dataproc-job\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewJobIAMPolicy(ctx, \"editor\", \u0026dataproc.JobIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.JobIAMPolicy;\nimport com.pulumi.gcp.dataproc.JobIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new JobIAMPolicy(\"editor\", JobIAMPolicyArgs.builder()\n .project(\"your-project\")\n .region(\"your-region\")\n .jobId(\"your-dataproc-job\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMPolicy\n properties:\n project: your-project\n region: your-region\n jobId: your-dataproc-job\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.JobIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMBinding(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMBinding(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMBinding(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMBinding(ctx, \"editor\", \u0026dataproc.JobIAMBindingArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMBinding;\nimport com.pulumi.gcp.dataproc.JobIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMBinding(\"editor\", JobIAMBindingArgs.builder()\n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMBinding\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.JobIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMMember(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMMember(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMMember(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMMember(ctx, \"editor\", \u0026dataproc.JobIAMMemberArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMMember;\nimport com.pulumi.gcp.dataproc.JobIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMMember(\"editor\", JobIAMMemberArgs.builder()\n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMMember\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.JobIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.JobIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n jobId: \"your-dataproc-job\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.dataproc.JobIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n job_id=\"your-dataproc-job\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.JobIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n JobId = \"your-dataproc-job\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewJobIAMPolicy(ctx, \"editor\", \u0026dataproc.JobIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.JobIAMPolicy;\nimport com.pulumi.gcp.dataproc.JobIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new JobIAMPolicy(\"editor\", JobIAMPolicyArgs.builder()\n .project(\"your-project\")\n .region(\"your-region\")\n .jobId(\"your-dataproc-job\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMPolicy\n properties:\n project: your-project\n region: your-region\n jobId: your-dataproc-job\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.JobIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMBinding(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMBinding(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMBinding(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMBinding(ctx, \"editor\", \u0026dataproc.JobIAMBindingArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMBinding;\nimport com.pulumi.gcp.dataproc.JobIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMBinding(\"editor\", JobIAMBindingArgs.builder()\n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMBinding\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.JobIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMMember(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMMember(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMMember(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMMember(ctx, \"editor\", \u0026dataproc.JobIAMMemberArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMMember;\nimport com.pulumi.gcp.dataproc.JobIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMMember(\"editor\", JobIAMMemberArgs.builder()\n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMMember\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `job_id` identifier of the Dataproc Job resource only. For example:\n\n* `projects/{project}/regions/{region}/jobs/{job_id}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/regions/{region}/jobs/{job_id}\"\n\n to = google_dataproc_job_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:dataproc/jobIAMPolicy:JobIAMPolicy default \"projects/{project}/regions/{region}/jobs/{job_id}\"\n```\n\n", + "description": "Three different resources help you manage IAM policies on dataproc jobs. Each of these resources serves a different use case:\n\n* `gcp.dataproc.JobIAMPolicy`: Authoritative. Sets the IAM policy for the job and replaces any existing policy already attached.\n* `gcp.dataproc.JobIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the job are preserved.\n* `gcp.dataproc.JobIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the job are preserved.\n\n\u003e **Note:** `gcp.dataproc.JobIAMPolicy` **cannot** be used in conjunction with `gcp.dataproc.JobIAMBinding` and `gcp.dataproc.JobIAMMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the job as `gcp.dataproc.JobIAMPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.dataproc.JobIAMBinding` resources **can be** used in conjunction with `gcp.dataproc.JobIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.dataproc.JobIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.JobIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n jobId: \"your-dataproc-job\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.dataproc.JobIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n job_id=\"your-dataproc-job\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.JobIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n JobId = \"your-dataproc-job\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewJobIAMPolicy(ctx, \"editor\", \u0026dataproc.JobIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.JobIAMPolicy;\nimport com.pulumi.gcp.dataproc.JobIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new JobIAMPolicy(\"editor\", JobIAMPolicyArgs.builder()\n .project(\"your-project\")\n .region(\"your-region\")\n .jobId(\"your-dataproc-job\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMPolicy\n properties:\n project: your-project\n region: your-region\n jobId: your-dataproc-job\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.JobIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMBinding(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMBinding(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMBinding(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMBinding(ctx, \"editor\", \u0026dataproc.JobIAMBindingArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMBinding;\nimport com.pulumi.gcp.dataproc.JobIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMBinding(\"editor\", JobIAMBindingArgs.builder()\n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMBinding\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.JobIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMMember(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMMember(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMMember(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMMember(ctx, \"editor\", \u0026dataproc.JobIAMMemberArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMMember;\nimport com.pulumi.gcp.dataproc.JobIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMMember(\"editor\", JobIAMMemberArgs.builder()\n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMMember\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.JobIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.JobIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n jobId: \"your-dataproc-job\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.dataproc.JobIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n job_id=\"your-dataproc-job\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.JobIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n JobId = \"your-dataproc-job\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewJobIAMPolicy(ctx, \"editor\", \u0026dataproc.JobIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.JobIAMPolicy;\nimport com.pulumi.gcp.dataproc.JobIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new JobIAMPolicy(\"editor\", JobIAMPolicyArgs.builder()\n .project(\"your-project\")\n .region(\"your-region\")\n .jobId(\"your-dataproc-job\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMPolicy\n properties:\n project: your-project\n region: your-region\n jobId: your-dataproc-job\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.JobIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMBinding(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMBinding(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMBinding(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMBinding(ctx, \"editor\", \u0026dataproc.JobIAMBindingArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMBinding;\nimport com.pulumi.gcp.dataproc.JobIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMBinding(\"editor\", JobIAMBindingArgs.builder()\n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMBinding\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.JobIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMMember(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMMember(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMMember(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMMember(ctx, \"editor\", \u0026dataproc.JobIAMMemberArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMMember;\nimport com.pulumi.gcp.dataproc.JobIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMMember(\"editor\", JobIAMMemberArgs.builder()\n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMMember\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `job_id` identifier of the Dataproc Job resource only. For example:\n\n* `projects/{project}/regions/{region}/jobs/{job_id}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/regions/{region}/jobs/{job_id}\"\n\n to = google_dataproc_job_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:dataproc/jobIAMPolicy:JobIAMPolicy default \"projects/{project}/regions/{region}/jobs/{job_id}\"\n```\n\n", "properties": { "etag": { "type": "string", @@ -201845,7 +201845,7 @@ } }, "gcp:dataproc/metastoreFederation:MetastoreFederation": { - "description": "A managed metastore federation.\n\n\n\n## Example Usage\n\n### Dataproc Metastore Federation Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultMetastoreService = new gcp.dataproc.MetastoreService(\"default\", {\n serviceId: \"metastore-service\",\n location: \"us-central1\",\n tier: \"DEVELOPER\",\n hiveMetastoreConfig: {\n version: \"3.1.2\",\n endpointProtocol: \"GRPC\",\n },\n});\nconst _default = new gcp.dataproc.MetastoreFederation(\"default\", {\n location: \"us-central1\",\n federationId: \"metastore-fed\",\n version: \"3.1.2\",\n backendMetastores: [{\n rank: \"1\",\n name: defaultMetastoreService.id,\n metastoreType: \"DATAPROC_METASTORE\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_metastore_service = gcp.dataproc.MetastoreService(\"default\",\n service_id=\"metastore-service\",\n location=\"us-central1\",\n tier=\"DEVELOPER\",\n hive_metastore_config={\n \"version\": \"3.1.2\",\n \"endpoint_protocol\": \"GRPC\",\n })\ndefault = gcp.dataproc.MetastoreFederation(\"default\",\n location=\"us-central1\",\n federation_id=\"metastore-fed\",\n version=\"3.1.2\",\n backend_metastores=[{\n \"rank\": \"1\",\n \"name\": default_metastore_service.id,\n \"metastore_type\": \"DATAPROC_METASTORE\",\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultMetastoreService = new Gcp.Dataproc.MetastoreService(\"default\", new()\n {\n ServiceId = \"metastore-service\",\n Location = \"us-central1\",\n Tier = \"DEVELOPER\",\n HiveMetastoreConfig = new Gcp.Dataproc.Inputs.MetastoreServiceHiveMetastoreConfigArgs\n {\n Version = \"3.1.2\",\n EndpointProtocol = \"GRPC\",\n },\n });\n\n var @default = new Gcp.Dataproc.MetastoreFederation(\"default\", new()\n {\n Location = \"us-central1\",\n FederationId = \"metastore-fed\",\n Version = \"3.1.2\",\n BackendMetastores = new[]\n {\n new Gcp.Dataproc.Inputs.MetastoreFederationBackendMetastoreArgs\n {\n Rank = \"1\",\n Name = defaultMetastoreService.Id,\n MetastoreType = \"DATAPROC_METASTORE\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultMetastoreService, err := dataproc.NewMetastoreService(ctx, \"default\", \u0026dataproc.MetastoreServiceArgs{\n\t\t\tServiceId: pulumi.String(\"metastore-service\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTier: pulumi.String(\"DEVELOPER\"),\n\t\t\tHiveMetastoreConfig: \u0026dataproc.MetastoreServiceHiveMetastoreConfigArgs{\n\t\t\t\tVersion: pulumi.String(\"3.1.2\"),\n\t\t\t\tEndpointProtocol: pulumi.String(\"GRPC\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreFederation(ctx, \"default\", \u0026dataproc.MetastoreFederationArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tFederationId: pulumi.String(\"metastore-fed\"),\n\t\t\tVersion: pulumi.String(\"3.1.2\"),\n\t\t\tBackendMetastores: dataproc.MetastoreFederationBackendMetastoreArray{\n\t\t\t\t\u0026dataproc.MetastoreFederationBackendMetastoreArgs{\n\t\t\t\t\tRank: pulumi.String(\"1\"),\n\t\t\t\t\tName: defaultMetastoreService.ID(),\n\t\t\t\t\tMetastoreType: pulumi.String(\"DATAPROC_METASTORE\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreService;\nimport com.pulumi.gcp.dataproc.MetastoreServiceArgs;\nimport com.pulumi.gcp.dataproc.inputs.MetastoreServiceHiveMetastoreConfigArgs;\nimport com.pulumi.gcp.dataproc.MetastoreFederation;\nimport com.pulumi.gcp.dataproc.MetastoreFederationArgs;\nimport com.pulumi.gcp.dataproc.inputs.MetastoreFederationBackendMetastoreArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultMetastoreService = new MetastoreService(\"defaultMetastoreService\", MetastoreServiceArgs.builder()\n .serviceId(\"metastore-service\")\n .location(\"us-central1\")\n .tier(\"DEVELOPER\")\n .hiveMetastoreConfig(MetastoreServiceHiveMetastoreConfigArgs.builder()\n .version(\"3.1.2\")\n .endpointProtocol(\"GRPC\")\n .build())\n .build());\n\n var default_ = new MetastoreFederation(\"default\", MetastoreFederationArgs.builder()\n .location(\"us-central1\")\n .federationId(\"metastore-fed\")\n .version(\"3.1.2\")\n .backendMetastores(MetastoreFederationBackendMetastoreArgs.builder()\n .rank(\"1\")\n .name(defaultMetastoreService.id())\n .metastoreType(\"DATAPROC_METASTORE\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:dataproc:MetastoreFederation\n properties:\n location: us-central1\n federationId: metastore-fed\n version: 3.1.2\n backendMetastores:\n - rank: '1'\n name: ${defaultMetastoreService.id}\n metastoreType: DATAPROC_METASTORE\n defaultMetastoreService:\n type: gcp:dataproc:MetastoreService\n name: default\n properties:\n serviceId: metastore-service\n location: us-central1\n tier: DEVELOPER\n hiveMetastoreConfig:\n version: 3.1.2\n endpointProtocol: GRPC\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dataproc Metastore Federation Bigquery\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultMetastoreService = new gcp.dataproc.MetastoreService(\"default\", {\n serviceId: \"metastore-service\",\n location: \"us-central1\",\n tier: \"DEVELOPER\",\n hiveMetastoreConfig: {\n version: \"3.1.2\",\n endpointProtocol: \"GRPC\",\n },\n});\nconst project = gcp.organizations.getProject({});\nconst _default = new gcp.dataproc.MetastoreFederation(\"default\", {\n location: \"us-central1\",\n federationId: \"metastore-fed\",\n version: \"3.1.2\",\n backendMetastores: [\n {\n rank: \"2\",\n name: project.then(project =\u003e project.id),\n metastoreType: \"BIGQUERY\",\n },\n {\n rank: \"1\",\n name: defaultMetastoreService.id,\n metastoreType: \"DATAPROC_METASTORE\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_metastore_service = gcp.dataproc.MetastoreService(\"default\",\n service_id=\"metastore-service\",\n location=\"us-central1\",\n tier=\"DEVELOPER\",\n hive_metastore_config={\n \"version\": \"3.1.2\",\n \"endpoint_protocol\": \"GRPC\",\n })\nproject = gcp.organizations.get_project()\ndefault = gcp.dataproc.MetastoreFederation(\"default\",\n location=\"us-central1\",\n federation_id=\"metastore-fed\",\n version=\"3.1.2\",\n backend_metastores=[\n {\n \"rank\": \"2\",\n \"name\": project.id,\n \"metastore_type\": \"BIGQUERY\",\n },\n {\n \"rank\": \"1\",\n \"name\": default_metastore_service.id,\n \"metastore_type\": \"DATAPROC_METASTORE\",\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultMetastoreService = new Gcp.Dataproc.MetastoreService(\"default\", new()\n {\n ServiceId = \"metastore-service\",\n Location = \"us-central1\",\n Tier = \"DEVELOPER\",\n HiveMetastoreConfig = new Gcp.Dataproc.Inputs.MetastoreServiceHiveMetastoreConfigArgs\n {\n Version = \"3.1.2\",\n EndpointProtocol = \"GRPC\",\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var @default = new Gcp.Dataproc.MetastoreFederation(\"default\", new()\n {\n Location = \"us-central1\",\n FederationId = \"metastore-fed\",\n Version = \"3.1.2\",\n BackendMetastores = new[]\n {\n new Gcp.Dataproc.Inputs.MetastoreFederationBackendMetastoreArgs\n {\n Rank = \"2\",\n Name = project.Apply(getProjectResult =\u003e getProjectResult.Id),\n MetastoreType = \"BIGQUERY\",\n },\n new Gcp.Dataproc.Inputs.MetastoreFederationBackendMetastoreArgs\n {\n Rank = \"1\",\n Name = defaultMetastoreService.Id,\n MetastoreType = \"DATAPROC_METASTORE\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultMetastoreService, err := dataproc.NewMetastoreService(ctx, \"default\", \u0026dataproc.MetastoreServiceArgs{\n\t\t\tServiceId: pulumi.String(\"metastore-service\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTier: pulumi.String(\"DEVELOPER\"),\n\t\t\tHiveMetastoreConfig: \u0026dataproc.MetastoreServiceHiveMetastoreConfigArgs{\n\t\t\t\tVersion: pulumi.String(\"3.1.2\"),\n\t\t\t\tEndpointProtocol: pulumi.String(\"GRPC\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreFederation(ctx, \"default\", \u0026dataproc.MetastoreFederationArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tFederationId: pulumi.String(\"metastore-fed\"),\n\t\t\tVersion: pulumi.String(\"3.1.2\"),\n\t\t\tBackendMetastores: dataproc.MetastoreFederationBackendMetastoreArray{\n\t\t\t\t\u0026dataproc.MetastoreFederationBackendMetastoreArgs{\n\t\t\t\t\tRank: pulumi.String(\"2\"),\n\t\t\t\t\tName: pulumi.String(project.Id),\n\t\t\t\t\tMetastoreType: pulumi.String(\"BIGQUERY\"),\n\t\t\t\t},\n\t\t\t\t\u0026dataproc.MetastoreFederationBackendMetastoreArgs{\n\t\t\t\t\tRank: pulumi.String(\"1\"),\n\t\t\t\t\tName: defaultMetastoreService.ID(),\n\t\t\t\t\tMetastoreType: pulumi.String(\"DATAPROC_METASTORE\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreService;\nimport com.pulumi.gcp.dataproc.MetastoreServiceArgs;\nimport com.pulumi.gcp.dataproc.inputs.MetastoreServiceHiveMetastoreConfigArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.dataproc.MetastoreFederation;\nimport com.pulumi.gcp.dataproc.MetastoreFederationArgs;\nimport com.pulumi.gcp.dataproc.inputs.MetastoreFederationBackendMetastoreArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultMetastoreService = new MetastoreService(\"defaultMetastoreService\", MetastoreServiceArgs.builder()\n .serviceId(\"metastore-service\")\n .location(\"us-central1\")\n .tier(\"DEVELOPER\")\n .hiveMetastoreConfig(MetastoreServiceHiveMetastoreConfigArgs.builder()\n .version(\"3.1.2\")\n .endpointProtocol(\"GRPC\")\n .build())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var default_ = new MetastoreFederation(\"default\", MetastoreFederationArgs.builder()\n .location(\"us-central1\")\n .federationId(\"metastore-fed\")\n .version(\"3.1.2\")\n .backendMetastores( \n MetastoreFederationBackendMetastoreArgs.builder()\n .rank(\"2\")\n .name(project.applyValue(getProjectResult -\u003e getProjectResult.id()))\n .metastoreType(\"BIGQUERY\")\n .build(),\n MetastoreFederationBackendMetastoreArgs.builder()\n .rank(\"1\")\n .name(defaultMetastoreService.id())\n .metastoreType(\"DATAPROC_METASTORE\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:dataproc:MetastoreFederation\n properties:\n location: us-central1\n federationId: metastore-fed\n version: 3.1.2\n backendMetastores:\n - rank: '2'\n name: ${project.id}\n metastoreType: BIGQUERY\n - rank: '1'\n name: ${defaultMetastoreService.id}\n metastoreType: DATAPROC_METASTORE\n defaultMetastoreService:\n type: gcp:dataproc:MetastoreService\n name: default\n properties:\n serviceId: metastore-service\n location: us-central1\n tier: DEVELOPER\n hiveMetastoreConfig:\n version: 3.1.2\n endpointProtocol: GRPC\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFederation can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/federations/{{federation_id}}`\n\n* `{{project}}/{{location}}/{{federation_id}}`\n\n* `{{location}}/{{federation_id}}`\n\nWhen using the `pulumi import` command, Federation can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:dataproc/metastoreFederation:MetastoreFederation default projects/{{project}}/locations/{{location}}/federations/{{federation_id}}\n```\n\n```sh\n$ pulumi import gcp:dataproc/metastoreFederation:MetastoreFederation default {{project}}/{{location}}/{{federation_id}}\n```\n\n```sh\n$ pulumi import gcp:dataproc/metastoreFederation:MetastoreFederation default {{location}}/{{federation_id}}\n```\n\n", + "description": "A managed metastore federation.\n\n\n\n## Example Usage\n\n### Dataproc Metastore Federation Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultMetastoreService = new gcp.dataproc.MetastoreService(\"default\", {\n serviceId: \"metastore-service\",\n location: \"us-central1\",\n tier: \"DEVELOPER\",\n hiveMetastoreConfig: {\n version: \"3.1.2\",\n endpointProtocol: \"GRPC\",\n },\n});\nconst _default = new gcp.dataproc.MetastoreFederation(\"default\", {\n location: \"us-central1\",\n federationId: \"metastore-fed\",\n version: \"3.1.2\",\n backendMetastores: [{\n rank: \"1\",\n name: defaultMetastoreService.id,\n metastoreType: \"DATAPROC_METASTORE\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_metastore_service = gcp.dataproc.MetastoreService(\"default\",\n service_id=\"metastore-service\",\n location=\"us-central1\",\n tier=\"DEVELOPER\",\n hive_metastore_config={\n \"version\": \"3.1.2\",\n \"endpoint_protocol\": \"GRPC\",\n })\ndefault = gcp.dataproc.MetastoreFederation(\"default\",\n location=\"us-central1\",\n federation_id=\"metastore-fed\",\n version=\"3.1.2\",\n backend_metastores=[{\n \"rank\": \"1\",\n \"name\": default_metastore_service.id,\n \"metastore_type\": \"DATAPROC_METASTORE\",\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultMetastoreService = new Gcp.Dataproc.MetastoreService(\"default\", new()\n {\n ServiceId = \"metastore-service\",\n Location = \"us-central1\",\n Tier = \"DEVELOPER\",\n HiveMetastoreConfig = new Gcp.Dataproc.Inputs.MetastoreServiceHiveMetastoreConfigArgs\n {\n Version = \"3.1.2\",\n EndpointProtocol = \"GRPC\",\n },\n });\n\n var @default = new Gcp.Dataproc.MetastoreFederation(\"default\", new()\n {\n Location = \"us-central1\",\n FederationId = \"metastore-fed\",\n Version = \"3.1.2\",\n BackendMetastores = new[]\n {\n new Gcp.Dataproc.Inputs.MetastoreFederationBackendMetastoreArgs\n {\n Rank = \"1\",\n Name = defaultMetastoreService.Id,\n MetastoreType = \"DATAPROC_METASTORE\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultMetastoreService, err := dataproc.NewMetastoreService(ctx, \"default\", \u0026dataproc.MetastoreServiceArgs{\n\t\t\tServiceId: pulumi.String(\"metastore-service\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTier: pulumi.String(\"DEVELOPER\"),\n\t\t\tHiveMetastoreConfig: \u0026dataproc.MetastoreServiceHiveMetastoreConfigArgs{\n\t\t\t\tVersion: pulumi.String(\"3.1.2\"),\n\t\t\t\tEndpointProtocol: pulumi.String(\"GRPC\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreFederation(ctx, \"default\", \u0026dataproc.MetastoreFederationArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tFederationId: pulumi.String(\"metastore-fed\"),\n\t\t\tVersion: pulumi.String(\"3.1.2\"),\n\t\t\tBackendMetastores: dataproc.MetastoreFederationBackendMetastoreArray{\n\t\t\t\t\u0026dataproc.MetastoreFederationBackendMetastoreArgs{\n\t\t\t\t\tRank: pulumi.String(\"1\"),\n\t\t\t\t\tName: defaultMetastoreService.ID(),\n\t\t\t\t\tMetastoreType: pulumi.String(\"DATAPROC_METASTORE\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreService;\nimport com.pulumi.gcp.dataproc.MetastoreServiceArgs;\nimport com.pulumi.gcp.dataproc.inputs.MetastoreServiceHiveMetastoreConfigArgs;\nimport com.pulumi.gcp.dataproc.MetastoreFederation;\nimport com.pulumi.gcp.dataproc.MetastoreFederationArgs;\nimport com.pulumi.gcp.dataproc.inputs.MetastoreFederationBackendMetastoreArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultMetastoreService = new MetastoreService(\"defaultMetastoreService\", MetastoreServiceArgs.builder()\n .serviceId(\"metastore-service\")\n .location(\"us-central1\")\n .tier(\"DEVELOPER\")\n .hiveMetastoreConfig(MetastoreServiceHiveMetastoreConfigArgs.builder()\n .version(\"3.1.2\")\n .endpointProtocol(\"GRPC\")\n .build())\n .build());\n\n var default_ = new MetastoreFederation(\"default\", MetastoreFederationArgs.builder()\n .location(\"us-central1\")\n .federationId(\"metastore-fed\")\n .version(\"3.1.2\")\n .backendMetastores(MetastoreFederationBackendMetastoreArgs.builder()\n .rank(\"1\")\n .name(defaultMetastoreService.id())\n .metastoreType(\"DATAPROC_METASTORE\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:dataproc:MetastoreFederation\n properties:\n location: us-central1\n federationId: metastore-fed\n version: 3.1.2\n backendMetastores:\n - rank: '1'\n name: ${defaultMetastoreService.id}\n metastoreType: DATAPROC_METASTORE\n defaultMetastoreService:\n type: gcp:dataproc:MetastoreService\n name: default\n properties:\n serviceId: metastore-service\n location: us-central1\n tier: DEVELOPER\n hiveMetastoreConfig:\n version: 3.1.2\n endpointProtocol: GRPC\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dataproc Metastore Federation Bigquery\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultMetastoreService = new gcp.dataproc.MetastoreService(\"default\", {\n serviceId: \"metastore-service\",\n location: \"us-central1\",\n tier: \"DEVELOPER\",\n hiveMetastoreConfig: {\n version: \"3.1.2\",\n endpointProtocol: \"GRPC\",\n },\n});\nconst project = gcp.organizations.getProject({});\nconst _default = new gcp.dataproc.MetastoreFederation(\"default\", {\n location: \"us-central1\",\n federationId: \"metastore-fed\",\n version: \"3.1.2\",\n backendMetastores: [\n {\n rank: \"2\",\n name: project.then(project =\u003e project.id),\n metastoreType: \"BIGQUERY\",\n },\n {\n rank: \"1\",\n name: defaultMetastoreService.id,\n metastoreType: \"DATAPROC_METASTORE\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_metastore_service = gcp.dataproc.MetastoreService(\"default\",\n service_id=\"metastore-service\",\n location=\"us-central1\",\n tier=\"DEVELOPER\",\n hive_metastore_config={\n \"version\": \"3.1.2\",\n \"endpoint_protocol\": \"GRPC\",\n })\nproject = gcp.organizations.get_project()\ndefault = gcp.dataproc.MetastoreFederation(\"default\",\n location=\"us-central1\",\n federation_id=\"metastore-fed\",\n version=\"3.1.2\",\n backend_metastores=[\n {\n \"rank\": \"2\",\n \"name\": project.id,\n \"metastore_type\": \"BIGQUERY\",\n },\n {\n \"rank\": \"1\",\n \"name\": default_metastore_service.id,\n \"metastore_type\": \"DATAPROC_METASTORE\",\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultMetastoreService = new Gcp.Dataproc.MetastoreService(\"default\", new()\n {\n ServiceId = \"metastore-service\",\n Location = \"us-central1\",\n Tier = \"DEVELOPER\",\n HiveMetastoreConfig = new Gcp.Dataproc.Inputs.MetastoreServiceHiveMetastoreConfigArgs\n {\n Version = \"3.1.2\",\n EndpointProtocol = \"GRPC\",\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var @default = new Gcp.Dataproc.MetastoreFederation(\"default\", new()\n {\n Location = \"us-central1\",\n FederationId = \"metastore-fed\",\n Version = \"3.1.2\",\n BackendMetastores = new[]\n {\n new Gcp.Dataproc.Inputs.MetastoreFederationBackendMetastoreArgs\n {\n Rank = \"2\",\n Name = project.Apply(getProjectResult =\u003e getProjectResult.Id),\n MetastoreType = \"BIGQUERY\",\n },\n new Gcp.Dataproc.Inputs.MetastoreFederationBackendMetastoreArgs\n {\n Rank = \"1\",\n Name = defaultMetastoreService.Id,\n MetastoreType = \"DATAPROC_METASTORE\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultMetastoreService, err := dataproc.NewMetastoreService(ctx, \"default\", \u0026dataproc.MetastoreServiceArgs{\n\t\t\tServiceId: pulumi.String(\"metastore-service\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTier: pulumi.String(\"DEVELOPER\"),\n\t\t\tHiveMetastoreConfig: \u0026dataproc.MetastoreServiceHiveMetastoreConfigArgs{\n\t\t\t\tVersion: pulumi.String(\"3.1.2\"),\n\t\t\t\tEndpointProtocol: pulumi.String(\"GRPC\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreFederation(ctx, \"default\", \u0026dataproc.MetastoreFederationArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tFederationId: pulumi.String(\"metastore-fed\"),\n\t\t\tVersion: pulumi.String(\"3.1.2\"),\n\t\t\tBackendMetastores: dataproc.MetastoreFederationBackendMetastoreArray{\n\t\t\t\t\u0026dataproc.MetastoreFederationBackendMetastoreArgs{\n\t\t\t\t\tRank: pulumi.String(\"2\"),\n\t\t\t\t\tName: pulumi.String(project.Id),\n\t\t\t\t\tMetastoreType: pulumi.String(\"BIGQUERY\"),\n\t\t\t\t},\n\t\t\t\t\u0026dataproc.MetastoreFederationBackendMetastoreArgs{\n\t\t\t\t\tRank: pulumi.String(\"1\"),\n\t\t\t\t\tName: defaultMetastoreService.ID(),\n\t\t\t\t\tMetastoreType: pulumi.String(\"DATAPROC_METASTORE\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreService;\nimport com.pulumi.gcp.dataproc.MetastoreServiceArgs;\nimport com.pulumi.gcp.dataproc.inputs.MetastoreServiceHiveMetastoreConfigArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.dataproc.MetastoreFederation;\nimport com.pulumi.gcp.dataproc.MetastoreFederationArgs;\nimport com.pulumi.gcp.dataproc.inputs.MetastoreFederationBackendMetastoreArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultMetastoreService = new MetastoreService(\"defaultMetastoreService\", MetastoreServiceArgs.builder()\n .serviceId(\"metastore-service\")\n .location(\"us-central1\")\n .tier(\"DEVELOPER\")\n .hiveMetastoreConfig(MetastoreServiceHiveMetastoreConfigArgs.builder()\n .version(\"3.1.2\")\n .endpointProtocol(\"GRPC\")\n .build())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var default_ = new MetastoreFederation(\"default\", MetastoreFederationArgs.builder()\n .location(\"us-central1\")\n .federationId(\"metastore-fed\")\n .version(\"3.1.2\")\n .backendMetastores( \n MetastoreFederationBackendMetastoreArgs.builder()\n .rank(\"2\")\n .name(project.applyValue(getProjectResult -\u003e getProjectResult.id()))\n .metastoreType(\"BIGQUERY\")\n .build(),\n MetastoreFederationBackendMetastoreArgs.builder()\n .rank(\"1\")\n .name(defaultMetastoreService.id())\n .metastoreType(\"DATAPROC_METASTORE\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:dataproc:MetastoreFederation\n properties:\n location: us-central1\n federationId: metastore-fed\n version: 3.1.2\n backendMetastores:\n - rank: '2'\n name: ${project.id}\n metastoreType: BIGQUERY\n - rank: '1'\n name: ${defaultMetastoreService.id}\n metastoreType: DATAPROC_METASTORE\n defaultMetastoreService:\n type: gcp:dataproc:MetastoreService\n name: default\n properties:\n serviceId: metastore-service\n location: us-central1\n tier: DEVELOPER\n hiveMetastoreConfig:\n version: 3.1.2\n endpointProtocol: GRPC\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFederation can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/federations/{{federation_id}}`\n\n* `{{project}}/{{location}}/{{federation_id}}`\n\n* `{{location}}/{{federation_id}}`\n\nWhen using the `pulumi import` command, Federation can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:dataproc/metastoreFederation:MetastoreFederation default projects/{{project}}/locations/{{location}}/federations/{{federation_id}}\n```\n\n```sh\n$ pulumi import gcp:dataproc/metastoreFederation:MetastoreFederation default {{project}}/{{location}}/{{federation_id}}\n```\n\n```sh\n$ pulumi import gcp:dataproc/metastoreFederation:MetastoreFederation default {{location}}/{{federation_id}}\n```\n\n", "properties": { "backendMetastores": { "type": "array", @@ -202043,7 +202043,7 @@ } }, "gcp:dataproc/metastoreFederationIamBinding:MetastoreFederationIamBinding": { - "description": "Three different resources help you manage your IAM policy for Dataproc metastore Federation. Each of these resources serves a different use case:\n\n* `gcp.dataproc.MetastoreFederationIamPolicy`: Authoritative. Sets the IAM policy for the federation and replaces any existing policy already attached.\n* `gcp.dataproc.MetastoreFederationIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the federation are preserved.\n* `gcp.dataproc.MetastoreFederationIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the federation are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.MetastoreFederationIamPolicy`: Retrieves the IAM policy for the federation\n\n\u003e **Note:** `gcp.dataproc.MetastoreFederationIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.MetastoreFederationIamBinding` and `gcp.dataproc.MetastoreFederationIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.MetastoreFederationIamBinding` resources **can be** used in conjunction with `gcp.dataproc.MetastoreFederationIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.MetastoreFederationIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.MetastoreFederationIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.MetastoreFederationIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.MetastoreFederationIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreFederationIamPolicy(ctx, \"policy\", \u0026dataproc.MetastoreFederationIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamPolicy;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MetastoreFederationIamPolicy(\"policy\", MetastoreFederationIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:MetastoreFederationIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreFederationIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.MetastoreFederationIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.MetastoreFederationIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.MetastoreFederationIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreFederationIamBinding(ctx, \"binding\", \u0026dataproc.MetastoreFederationIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamBinding;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MetastoreFederationIamBinding(\"binding\", MetastoreFederationIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:MetastoreFederationIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreFederationIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.MetastoreFederationIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.MetastoreFederationIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.MetastoreFederationIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreFederationIamMember(ctx, \"member\", \u0026dataproc.MetastoreFederationIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamMember;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MetastoreFederationIamMember(\"member\", MetastoreFederationIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:MetastoreFederationIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataproc metastore Federation\nThree different resources help you manage your IAM policy for Dataproc metastore Federation. Each of these resources serves a different use case:\n\n* `gcp.dataproc.MetastoreFederationIamPolicy`: Authoritative. Sets the IAM policy for the federation and replaces any existing policy already attached.\n* `gcp.dataproc.MetastoreFederationIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the federation are preserved.\n* `gcp.dataproc.MetastoreFederationIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the federation are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.MetastoreFederationIamPolicy`: Retrieves the IAM policy for the federation\n\n\u003e **Note:** `gcp.dataproc.MetastoreFederationIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.MetastoreFederationIamBinding` and `gcp.dataproc.MetastoreFederationIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.MetastoreFederationIamBinding` resources **can be** used in conjunction with `gcp.dataproc.MetastoreFederationIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.MetastoreFederationIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.MetastoreFederationIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.MetastoreFederationIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.MetastoreFederationIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreFederationIamPolicy(ctx, \"policy\", \u0026dataproc.MetastoreFederationIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamPolicy;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MetastoreFederationIamPolicy(\"policy\", MetastoreFederationIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:MetastoreFederationIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreFederationIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.MetastoreFederationIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.MetastoreFederationIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.MetastoreFederationIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreFederationIamBinding(ctx, \"binding\", \u0026dataproc.MetastoreFederationIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamBinding;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MetastoreFederationIamBinding(\"binding\", MetastoreFederationIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:MetastoreFederationIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreFederationIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.MetastoreFederationIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.MetastoreFederationIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.MetastoreFederationIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreFederationIamMember(ctx, \"member\", \u0026dataproc.MetastoreFederationIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamMember;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MetastoreFederationIamMember(\"member\", MetastoreFederationIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:MetastoreFederationIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/federations/{{federation_id}}\n\n* {{project}}/{{location}}/{{federation_id}}\n\n* {{location}}/{{federation_id}}\n\n* {{federation_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataproc metastore federation IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreFederationIamBinding:MetastoreFederationIamBinding editor \"projects/{{project}}/locations/{{location}}/federations/{{federation_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreFederationIamBinding:MetastoreFederationIamBinding editor \"projects/{{project}}/locations/{{location}}/federations/{{federation_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreFederationIamBinding:MetastoreFederationIamBinding editor projects/{{project}}/locations/{{location}}/federations/{{federation_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataproc metastore Federation. Each of these resources serves a different use case:\n\n* `gcp.dataproc.MetastoreFederationIamPolicy`: Authoritative. Sets the IAM policy for the federation and replaces any existing policy already attached.\n* `gcp.dataproc.MetastoreFederationIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the federation are preserved.\n* `gcp.dataproc.MetastoreFederationIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the federation are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.MetastoreFederationIamPolicy`: Retrieves the IAM policy for the federation\n\n\u003e **Note:** `gcp.dataproc.MetastoreFederationIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.MetastoreFederationIamBinding` and `gcp.dataproc.MetastoreFederationIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.MetastoreFederationIamBinding` resources **can be** used in conjunction with `gcp.dataproc.MetastoreFederationIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.MetastoreFederationIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.MetastoreFederationIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.MetastoreFederationIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.MetastoreFederationIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreFederationIamPolicy(ctx, \"policy\", \u0026dataproc.MetastoreFederationIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamPolicy;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MetastoreFederationIamPolicy(\"policy\", MetastoreFederationIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:MetastoreFederationIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreFederationIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.MetastoreFederationIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.MetastoreFederationIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.MetastoreFederationIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreFederationIamBinding(ctx, \"binding\", \u0026dataproc.MetastoreFederationIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamBinding;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MetastoreFederationIamBinding(\"binding\", MetastoreFederationIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:MetastoreFederationIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreFederationIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.MetastoreFederationIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.MetastoreFederationIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.MetastoreFederationIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreFederationIamMember(ctx, \"member\", \u0026dataproc.MetastoreFederationIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamMember;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MetastoreFederationIamMember(\"member\", MetastoreFederationIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:MetastoreFederationIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataproc metastore Federation\nThree different resources help you manage your IAM policy for Dataproc metastore Federation. Each of these resources serves a different use case:\n\n* `gcp.dataproc.MetastoreFederationIamPolicy`: Authoritative. Sets the IAM policy for the federation and replaces any existing policy already attached.\n* `gcp.dataproc.MetastoreFederationIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the federation are preserved.\n* `gcp.dataproc.MetastoreFederationIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the federation are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.MetastoreFederationIamPolicy`: Retrieves the IAM policy for the federation\n\n\u003e **Note:** `gcp.dataproc.MetastoreFederationIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.MetastoreFederationIamBinding` and `gcp.dataproc.MetastoreFederationIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.MetastoreFederationIamBinding` resources **can be** used in conjunction with `gcp.dataproc.MetastoreFederationIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.MetastoreFederationIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.MetastoreFederationIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.MetastoreFederationIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.MetastoreFederationIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreFederationIamPolicy(ctx, \"policy\", \u0026dataproc.MetastoreFederationIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamPolicy;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MetastoreFederationIamPolicy(\"policy\", MetastoreFederationIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:MetastoreFederationIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreFederationIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.MetastoreFederationIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.MetastoreFederationIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.MetastoreFederationIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreFederationIamBinding(ctx, \"binding\", \u0026dataproc.MetastoreFederationIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamBinding;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MetastoreFederationIamBinding(\"binding\", MetastoreFederationIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:MetastoreFederationIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreFederationIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.MetastoreFederationIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.MetastoreFederationIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.MetastoreFederationIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreFederationIamMember(ctx, \"member\", \u0026dataproc.MetastoreFederationIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamMember;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MetastoreFederationIamMember(\"member\", MetastoreFederationIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:MetastoreFederationIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/federations/{{federation_id}}\n\n* {{project}}/{{location}}/{{federation_id}}\n\n* {{location}}/{{federation_id}}\n\n* {{federation_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataproc metastore federation IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreFederationIamBinding:MetastoreFederationIamBinding editor \"projects/{{project}}/locations/{{location}}/federations/{{federation_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreFederationIamBinding:MetastoreFederationIamBinding editor \"projects/{{project}}/locations/{{location}}/federations/{{federation_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreFederationIamBinding:MetastoreFederationIamBinding editor projects/{{project}}/locations/{{location}}/federations/{{federation_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dataproc/MetastoreFederationIamBindingCondition:MetastoreFederationIamBindingCondition" @@ -202162,7 +202162,7 @@ } }, "gcp:dataproc/metastoreFederationIamMember:MetastoreFederationIamMember": { - "description": "Three different resources help you manage your IAM policy for Dataproc metastore Federation. Each of these resources serves a different use case:\n\n* `gcp.dataproc.MetastoreFederationIamPolicy`: Authoritative. Sets the IAM policy for the federation and replaces any existing policy already attached.\n* `gcp.dataproc.MetastoreFederationIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the federation are preserved.\n* `gcp.dataproc.MetastoreFederationIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the federation are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.MetastoreFederationIamPolicy`: Retrieves the IAM policy for the federation\n\n\u003e **Note:** `gcp.dataproc.MetastoreFederationIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.MetastoreFederationIamBinding` and `gcp.dataproc.MetastoreFederationIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.MetastoreFederationIamBinding` resources **can be** used in conjunction with `gcp.dataproc.MetastoreFederationIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.MetastoreFederationIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.MetastoreFederationIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.MetastoreFederationIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.MetastoreFederationIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreFederationIamPolicy(ctx, \"policy\", \u0026dataproc.MetastoreFederationIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamPolicy;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MetastoreFederationIamPolicy(\"policy\", MetastoreFederationIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:MetastoreFederationIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreFederationIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.MetastoreFederationIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.MetastoreFederationIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.MetastoreFederationIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreFederationIamBinding(ctx, \"binding\", \u0026dataproc.MetastoreFederationIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamBinding;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MetastoreFederationIamBinding(\"binding\", MetastoreFederationIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:MetastoreFederationIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreFederationIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.MetastoreFederationIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.MetastoreFederationIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.MetastoreFederationIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreFederationIamMember(ctx, \"member\", \u0026dataproc.MetastoreFederationIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamMember;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MetastoreFederationIamMember(\"member\", MetastoreFederationIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:MetastoreFederationIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataproc metastore Federation\nThree different resources help you manage your IAM policy for Dataproc metastore Federation. Each of these resources serves a different use case:\n\n* `gcp.dataproc.MetastoreFederationIamPolicy`: Authoritative. Sets the IAM policy for the federation and replaces any existing policy already attached.\n* `gcp.dataproc.MetastoreFederationIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the federation are preserved.\n* `gcp.dataproc.MetastoreFederationIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the federation are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.MetastoreFederationIamPolicy`: Retrieves the IAM policy for the federation\n\n\u003e **Note:** `gcp.dataproc.MetastoreFederationIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.MetastoreFederationIamBinding` and `gcp.dataproc.MetastoreFederationIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.MetastoreFederationIamBinding` resources **can be** used in conjunction with `gcp.dataproc.MetastoreFederationIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.MetastoreFederationIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.MetastoreFederationIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.MetastoreFederationIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.MetastoreFederationIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreFederationIamPolicy(ctx, \"policy\", \u0026dataproc.MetastoreFederationIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamPolicy;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MetastoreFederationIamPolicy(\"policy\", MetastoreFederationIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:MetastoreFederationIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreFederationIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.MetastoreFederationIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.MetastoreFederationIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.MetastoreFederationIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreFederationIamBinding(ctx, \"binding\", \u0026dataproc.MetastoreFederationIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamBinding;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MetastoreFederationIamBinding(\"binding\", MetastoreFederationIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:MetastoreFederationIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreFederationIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.MetastoreFederationIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.MetastoreFederationIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.MetastoreFederationIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreFederationIamMember(ctx, \"member\", \u0026dataproc.MetastoreFederationIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamMember;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MetastoreFederationIamMember(\"member\", MetastoreFederationIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:MetastoreFederationIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/federations/{{federation_id}}\n\n* {{project}}/{{location}}/{{federation_id}}\n\n* {{location}}/{{federation_id}}\n\n* {{federation_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataproc metastore federation IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreFederationIamMember:MetastoreFederationIamMember editor \"projects/{{project}}/locations/{{location}}/federations/{{federation_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreFederationIamMember:MetastoreFederationIamMember editor \"projects/{{project}}/locations/{{location}}/federations/{{federation_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreFederationIamMember:MetastoreFederationIamMember editor projects/{{project}}/locations/{{location}}/federations/{{federation_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataproc metastore Federation. Each of these resources serves a different use case:\n\n* `gcp.dataproc.MetastoreFederationIamPolicy`: Authoritative. Sets the IAM policy for the federation and replaces any existing policy already attached.\n* `gcp.dataproc.MetastoreFederationIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the federation are preserved.\n* `gcp.dataproc.MetastoreFederationIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the federation are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.MetastoreFederationIamPolicy`: Retrieves the IAM policy for the federation\n\n\u003e **Note:** `gcp.dataproc.MetastoreFederationIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.MetastoreFederationIamBinding` and `gcp.dataproc.MetastoreFederationIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.MetastoreFederationIamBinding` resources **can be** used in conjunction with `gcp.dataproc.MetastoreFederationIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.MetastoreFederationIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.MetastoreFederationIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.MetastoreFederationIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.MetastoreFederationIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreFederationIamPolicy(ctx, \"policy\", \u0026dataproc.MetastoreFederationIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamPolicy;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MetastoreFederationIamPolicy(\"policy\", MetastoreFederationIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:MetastoreFederationIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreFederationIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.MetastoreFederationIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.MetastoreFederationIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.MetastoreFederationIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreFederationIamBinding(ctx, \"binding\", \u0026dataproc.MetastoreFederationIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamBinding;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MetastoreFederationIamBinding(\"binding\", MetastoreFederationIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:MetastoreFederationIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreFederationIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.MetastoreFederationIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.MetastoreFederationIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.MetastoreFederationIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreFederationIamMember(ctx, \"member\", \u0026dataproc.MetastoreFederationIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamMember;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MetastoreFederationIamMember(\"member\", MetastoreFederationIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:MetastoreFederationIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataproc metastore Federation\nThree different resources help you manage your IAM policy for Dataproc metastore Federation. Each of these resources serves a different use case:\n\n* `gcp.dataproc.MetastoreFederationIamPolicy`: Authoritative. Sets the IAM policy for the federation and replaces any existing policy already attached.\n* `gcp.dataproc.MetastoreFederationIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the federation are preserved.\n* `gcp.dataproc.MetastoreFederationIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the federation are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.MetastoreFederationIamPolicy`: Retrieves the IAM policy for the federation\n\n\u003e **Note:** `gcp.dataproc.MetastoreFederationIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.MetastoreFederationIamBinding` and `gcp.dataproc.MetastoreFederationIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.MetastoreFederationIamBinding` resources **can be** used in conjunction with `gcp.dataproc.MetastoreFederationIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.MetastoreFederationIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.MetastoreFederationIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.MetastoreFederationIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.MetastoreFederationIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreFederationIamPolicy(ctx, \"policy\", \u0026dataproc.MetastoreFederationIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamPolicy;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MetastoreFederationIamPolicy(\"policy\", MetastoreFederationIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:MetastoreFederationIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreFederationIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.MetastoreFederationIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.MetastoreFederationIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.MetastoreFederationIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreFederationIamBinding(ctx, \"binding\", \u0026dataproc.MetastoreFederationIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamBinding;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MetastoreFederationIamBinding(\"binding\", MetastoreFederationIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:MetastoreFederationIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreFederationIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.MetastoreFederationIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.MetastoreFederationIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.MetastoreFederationIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreFederationIamMember(ctx, \"member\", \u0026dataproc.MetastoreFederationIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamMember;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MetastoreFederationIamMember(\"member\", MetastoreFederationIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:MetastoreFederationIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/federations/{{federation_id}}\n\n* {{project}}/{{location}}/{{federation_id}}\n\n* {{location}}/{{federation_id}}\n\n* {{federation_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataproc metastore federation IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreFederationIamMember:MetastoreFederationIamMember editor \"projects/{{project}}/locations/{{location}}/federations/{{federation_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreFederationIamMember:MetastoreFederationIamMember editor \"projects/{{project}}/locations/{{location}}/federations/{{federation_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreFederationIamMember:MetastoreFederationIamMember editor projects/{{project}}/locations/{{location}}/federations/{{federation_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dataproc/MetastoreFederationIamMemberCondition:MetastoreFederationIamMemberCondition" @@ -202274,7 +202274,7 @@ } }, "gcp:dataproc/metastoreFederationIamPolicy:MetastoreFederationIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Dataproc metastore Federation. Each of these resources serves a different use case:\n\n* `gcp.dataproc.MetastoreFederationIamPolicy`: Authoritative. Sets the IAM policy for the federation and replaces any existing policy already attached.\n* `gcp.dataproc.MetastoreFederationIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the federation are preserved.\n* `gcp.dataproc.MetastoreFederationIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the federation are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.MetastoreFederationIamPolicy`: Retrieves the IAM policy for the federation\n\n\u003e **Note:** `gcp.dataproc.MetastoreFederationIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.MetastoreFederationIamBinding` and `gcp.dataproc.MetastoreFederationIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.MetastoreFederationIamBinding` resources **can be** used in conjunction with `gcp.dataproc.MetastoreFederationIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.MetastoreFederationIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.MetastoreFederationIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.MetastoreFederationIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.MetastoreFederationIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreFederationIamPolicy(ctx, \"policy\", \u0026dataproc.MetastoreFederationIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamPolicy;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MetastoreFederationIamPolicy(\"policy\", MetastoreFederationIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:MetastoreFederationIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreFederationIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.MetastoreFederationIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.MetastoreFederationIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.MetastoreFederationIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreFederationIamBinding(ctx, \"binding\", \u0026dataproc.MetastoreFederationIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamBinding;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MetastoreFederationIamBinding(\"binding\", MetastoreFederationIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:MetastoreFederationIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreFederationIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.MetastoreFederationIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.MetastoreFederationIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.MetastoreFederationIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreFederationIamMember(ctx, \"member\", \u0026dataproc.MetastoreFederationIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamMember;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MetastoreFederationIamMember(\"member\", MetastoreFederationIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:MetastoreFederationIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataproc metastore Federation\nThree different resources help you manage your IAM policy for Dataproc metastore Federation. Each of these resources serves a different use case:\n\n* `gcp.dataproc.MetastoreFederationIamPolicy`: Authoritative. Sets the IAM policy for the federation and replaces any existing policy already attached.\n* `gcp.dataproc.MetastoreFederationIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the federation are preserved.\n* `gcp.dataproc.MetastoreFederationIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the federation are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.MetastoreFederationIamPolicy`: Retrieves the IAM policy for the federation\n\n\u003e **Note:** `gcp.dataproc.MetastoreFederationIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.MetastoreFederationIamBinding` and `gcp.dataproc.MetastoreFederationIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.MetastoreFederationIamBinding` resources **can be** used in conjunction with `gcp.dataproc.MetastoreFederationIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.MetastoreFederationIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.MetastoreFederationIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.MetastoreFederationIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.MetastoreFederationIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreFederationIamPolicy(ctx, \"policy\", \u0026dataproc.MetastoreFederationIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamPolicy;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MetastoreFederationIamPolicy(\"policy\", MetastoreFederationIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:MetastoreFederationIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreFederationIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.MetastoreFederationIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.MetastoreFederationIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.MetastoreFederationIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreFederationIamBinding(ctx, \"binding\", \u0026dataproc.MetastoreFederationIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamBinding;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MetastoreFederationIamBinding(\"binding\", MetastoreFederationIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:MetastoreFederationIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreFederationIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.MetastoreFederationIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.MetastoreFederationIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.MetastoreFederationIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreFederationIamMember(ctx, \"member\", \u0026dataproc.MetastoreFederationIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamMember;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MetastoreFederationIamMember(\"member\", MetastoreFederationIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:MetastoreFederationIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/federations/{{federation_id}}\n\n* {{project}}/{{location}}/{{federation_id}}\n\n* {{location}}/{{federation_id}}\n\n* {{federation_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataproc metastore federation IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreFederationIamPolicy:MetastoreFederationIamPolicy editor \"projects/{{project}}/locations/{{location}}/federations/{{federation_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreFederationIamPolicy:MetastoreFederationIamPolicy editor \"projects/{{project}}/locations/{{location}}/federations/{{federation_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreFederationIamPolicy:MetastoreFederationIamPolicy editor projects/{{project}}/locations/{{location}}/federations/{{federation_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataproc metastore Federation. Each of these resources serves a different use case:\n\n* `gcp.dataproc.MetastoreFederationIamPolicy`: Authoritative. Sets the IAM policy for the federation and replaces any existing policy already attached.\n* `gcp.dataproc.MetastoreFederationIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the federation are preserved.\n* `gcp.dataproc.MetastoreFederationIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the federation are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.MetastoreFederationIamPolicy`: Retrieves the IAM policy for the federation\n\n\u003e **Note:** `gcp.dataproc.MetastoreFederationIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.MetastoreFederationIamBinding` and `gcp.dataproc.MetastoreFederationIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.MetastoreFederationIamBinding` resources **can be** used in conjunction with `gcp.dataproc.MetastoreFederationIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.MetastoreFederationIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.MetastoreFederationIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.MetastoreFederationIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.MetastoreFederationIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreFederationIamPolicy(ctx, \"policy\", \u0026dataproc.MetastoreFederationIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamPolicy;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MetastoreFederationIamPolicy(\"policy\", MetastoreFederationIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:MetastoreFederationIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreFederationIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.MetastoreFederationIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.MetastoreFederationIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.MetastoreFederationIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreFederationIamBinding(ctx, \"binding\", \u0026dataproc.MetastoreFederationIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamBinding;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MetastoreFederationIamBinding(\"binding\", MetastoreFederationIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:MetastoreFederationIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreFederationIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.MetastoreFederationIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.MetastoreFederationIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.MetastoreFederationIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreFederationIamMember(ctx, \"member\", \u0026dataproc.MetastoreFederationIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamMember;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MetastoreFederationIamMember(\"member\", MetastoreFederationIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:MetastoreFederationIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataproc metastore Federation\nThree different resources help you manage your IAM policy for Dataproc metastore Federation. Each of these resources serves a different use case:\n\n* `gcp.dataproc.MetastoreFederationIamPolicy`: Authoritative. Sets the IAM policy for the federation and replaces any existing policy already attached.\n* `gcp.dataproc.MetastoreFederationIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the federation are preserved.\n* `gcp.dataproc.MetastoreFederationIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the federation are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.MetastoreFederationIamPolicy`: Retrieves the IAM policy for the federation\n\n\u003e **Note:** `gcp.dataproc.MetastoreFederationIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.MetastoreFederationIamBinding` and `gcp.dataproc.MetastoreFederationIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.MetastoreFederationIamBinding` resources **can be** used in conjunction with `gcp.dataproc.MetastoreFederationIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.MetastoreFederationIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.MetastoreFederationIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.MetastoreFederationIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.MetastoreFederationIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreFederationIamPolicy(ctx, \"policy\", \u0026dataproc.MetastoreFederationIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamPolicy;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MetastoreFederationIamPolicy(\"policy\", MetastoreFederationIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:MetastoreFederationIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreFederationIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.MetastoreFederationIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.MetastoreFederationIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.MetastoreFederationIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreFederationIamBinding(ctx, \"binding\", \u0026dataproc.MetastoreFederationIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamBinding;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MetastoreFederationIamBinding(\"binding\", MetastoreFederationIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:MetastoreFederationIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreFederationIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.MetastoreFederationIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.MetastoreFederationIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.MetastoreFederationIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreFederationIamMember(ctx, \"member\", \u0026dataproc.MetastoreFederationIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tFederationId: pulumi.Any(_default.FederationId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamMember;\nimport com.pulumi.gcp.dataproc.MetastoreFederationIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MetastoreFederationIamMember(\"member\", MetastoreFederationIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:MetastoreFederationIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/federations/{{federation_id}}\n\n* {{project}}/{{location}}/{{federation_id}}\n\n* {{location}}/{{federation_id}}\n\n* {{federation_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataproc metastore federation IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreFederationIamPolicy:MetastoreFederationIamPolicy editor \"projects/{{project}}/locations/{{location}}/federations/{{federation_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreFederationIamPolicy:MetastoreFederationIamPolicy editor \"projects/{{project}}/locations/{{location}}/federations/{{federation_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreFederationIamPolicy:MetastoreFederationIamPolicy editor projects/{{project}}/locations/{{location}}/federations/{{federation_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -202708,7 +202708,7 @@ } }, "gcp:dataproc/metastoreServiceIamBinding:MetastoreServiceIamBinding": { - "description": "Three different resources help you manage your IAM policy for Dataproc metastore Service. Each of these resources serves a different use case:\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.dataproc.MetastoreServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.dataproc.MetastoreServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.MetastoreServiceIamBinding` and `gcp.dataproc.MetastoreServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamBinding` resources **can be** used in conjunction with `gcp.dataproc.MetastoreServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.MetastoreServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.MetastoreServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.MetastoreServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.MetastoreServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreServiceIamPolicy(ctx, \"policy\", \u0026dataproc.MetastoreServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicy;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MetastoreServiceIamPolicy(\"policy\", MetastoreServiceIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:MetastoreServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.MetastoreServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.MetastoreServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.MetastoreServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamBinding(ctx, \"binding\", \u0026dataproc.MetastoreServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBinding;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MetastoreServiceIamBinding(\"binding\", MetastoreServiceIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:MetastoreServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.MetastoreServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.MetastoreServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.MetastoreServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamMember(ctx, \"member\", \u0026dataproc.MetastoreServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMember;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MetastoreServiceIamMember(\"member\", MetastoreServiceIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:MetastoreServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataproc metastore Service\nThree different resources help you manage your IAM policy for Dataproc metastore Service. Each of these resources serves a different use case:\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.dataproc.MetastoreServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.dataproc.MetastoreServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.MetastoreServiceIamBinding` and `gcp.dataproc.MetastoreServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamBinding` resources **can be** used in conjunction with `gcp.dataproc.MetastoreServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.MetastoreServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.MetastoreServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.MetastoreServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.MetastoreServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreServiceIamPolicy(ctx, \"policy\", \u0026dataproc.MetastoreServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicy;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MetastoreServiceIamPolicy(\"policy\", MetastoreServiceIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:MetastoreServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.MetastoreServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.MetastoreServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.MetastoreServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamBinding(ctx, \"binding\", \u0026dataproc.MetastoreServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBinding;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MetastoreServiceIamBinding(\"binding\", MetastoreServiceIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:MetastoreServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.MetastoreServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.MetastoreServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.MetastoreServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamMember(ctx, \"member\", \u0026dataproc.MetastoreServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMember;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MetastoreServiceIamMember(\"member\", MetastoreServiceIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:MetastoreServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{service_id}}\n\n* {{project}}/{{location}}/{{service_id}}\n\n* {{location}}/{{service_id}}\n\n* {{service_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataproc metastore service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamBinding:MetastoreServiceIamBinding editor \"projects/{{project}}/locations/{{location}}/services/{{service_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamBinding:MetastoreServiceIamBinding editor \"projects/{{project}}/locations/{{location}}/services/{{service_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamBinding:MetastoreServiceIamBinding editor projects/{{project}}/locations/{{location}}/services/{{service_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataproc metastore Service. Each of these resources serves a different use case:\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.dataproc.MetastoreServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.dataproc.MetastoreServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.MetastoreServiceIamBinding` and `gcp.dataproc.MetastoreServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamBinding` resources **can be** used in conjunction with `gcp.dataproc.MetastoreServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.MetastoreServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.MetastoreServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.MetastoreServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.MetastoreServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreServiceIamPolicy(ctx, \"policy\", \u0026dataproc.MetastoreServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicy;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MetastoreServiceIamPolicy(\"policy\", MetastoreServiceIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:MetastoreServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.MetastoreServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.MetastoreServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.MetastoreServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamBinding(ctx, \"binding\", \u0026dataproc.MetastoreServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBinding;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MetastoreServiceIamBinding(\"binding\", MetastoreServiceIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:MetastoreServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.MetastoreServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.MetastoreServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.MetastoreServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamMember(ctx, \"member\", \u0026dataproc.MetastoreServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMember;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MetastoreServiceIamMember(\"member\", MetastoreServiceIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:MetastoreServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataproc metastore Service\nThree different resources help you manage your IAM policy for Dataproc metastore Service. Each of these resources serves a different use case:\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.dataproc.MetastoreServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.dataproc.MetastoreServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.MetastoreServiceIamBinding` and `gcp.dataproc.MetastoreServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamBinding` resources **can be** used in conjunction with `gcp.dataproc.MetastoreServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.MetastoreServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.MetastoreServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.MetastoreServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.MetastoreServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreServiceIamPolicy(ctx, \"policy\", \u0026dataproc.MetastoreServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicy;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MetastoreServiceIamPolicy(\"policy\", MetastoreServiceIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:MetastoreServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.MetastoreServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.MetastoreServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.MetastoreServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamBinding(ctx, \"binding\", \u0026dataproc.MetastoreServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBinding;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MetastoreServiceIamBinding(\"binding\", MetastoreServiceIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:MetastoreServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.MetastoreServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.MetastoreServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.MetastoreServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamMember(ctx, \"member\", \u0026dataproc.MetastoreServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMember;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MetastoreServiceIamMember(\"member\", MetastoreServiceIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:MetastoreServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{service_id}}\n\n* {{project}}/{{location}}/{{service_id}}\n\n* {{location}}/{{service_id}}\n\n* {{service_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataproc metastore service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamBinding:MetastoreServiceIamBinding editor \"projects/{{project}}/locations/{{location}}/services/{{service_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamBinding:MetastoreServiceIamBinding editor \"projects/{{project}}/locations/{{location}}/services/{{service_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamBinding:MetastoreServiceIamBinding editor projects/{{project}}/locations/{{location}}/services/{{service_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dataproc/MetastoreServiceIamBindingCondition:MetastoreServiceIamBindingCondition" @@ -202827,7 +202827,7 @@ } }, "gcp:dataproc/metastoreServiceIamMember:MetastoreServiceIamMember": { - "description": "Three different resources help you manage your IAM policy for Dataproc metastore Service. Each of these resources serves a different use case:\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.dataproc.MetastoreServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.dataproc.MetastoreServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.MetastoreServiceIamBinding` and `gcp.dataproc.MetastoreServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamBinding` resources **can be** used in conjunction with `gcp.dataproc.MetastoreServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.MetastoreServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.MetastoreServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.MetastoreServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.MetastoreServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreServiceIamPolicy(ctx, \"policy\", \u0026dataproc.MetastoreServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicy;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MetastoreServiceIamPolicy(\"policy\", MetastoreServiceIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:MetastoreServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.MetastoreServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.MetastoreServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.MetastoreServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamBinding(ctx, \"binding\", \u0026dataproc.MetastoreServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBinding;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MetastoreServiceIamBinding(\"binding\", MetastoreServiceIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:MetastoreServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.MetastoreServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.MetastoreServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.MetastoreServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamMember(ctx, \"member\", \u0026dataproc.MetastoreServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMember;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MetastoreServiceIamMember(\"member\", MetastoreServiceIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:MetastoreServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataproc metastore Service\nThree different resources help you manage your IAM policy for Dataproc metastore Service. Each of these resources serves a different use case:\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.dataproc.MetastoreServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.dataproc.MetastoreServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.MetastoreServiceIamBinding` and `gcp.dataproc.MetastoreServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamBinding` resources **can be** used in conjunction with `gcp.dataproc.MetastoreServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.MetastoreServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.MetastoreServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.MetastoreServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.MetastoreServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreServiceIamPolicy(ctx, \"policy\", \u0026dataproc.MetastoreServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicy;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MetastoreServiceIamPolicy(\"policy\", MetastoreServiceIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:MetastoreServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.MetastoreServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.MetastoreServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.MetastoreServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamBinding(ctx, \"binding\", \u0026dataproc.MetastoreServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBinding;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MetastoreServiceIamBinding(\"binding\", MetastoreServiceIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:MetastoreServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.MetastoreServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.MetastoreServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.MetastoreServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamMember(ctx, \"member\", \u0026dataproc.MetastoreServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMember;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MetastoreServiceIamMember(\"member\", MetastoreServiceIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:MetastoreServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{service_id}}\n\n* {{project}}/{{location}}/{{service_id}}\n\n* {{location}}/{{service_id}}\n\n* {{service_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataproc metastore service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamMember:MetastoreServiceIamMember editor \"projects/{{project}}/locations/{{location}}/services/{{service_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamMember:MetastoreServiceIamMember editor \"projects/{{project}}/locations/{{location}}/services/{{service_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamMember:MetastoreServiceIamMember editor projects/{{project}}/locations/{{location}}/services/{{service_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataproc metastore Service. Each of these resources serves a different use case:\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.dataproc.MetastoreServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.dataproc.MetastoreServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.MetastoreServiceIamBinding` and `gcp.dataproc.MetastoreServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamBinding` resources **can be** used in conjunction with `gcp.dataproc.MetastoreServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.MetastoreServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.MetastoreServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.MetastoreServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.MetastoreServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreServiceIamPolicy(ctx, \"policy\", \u0026dataproc.MetastoreServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicy;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MetastoreServiceIamPolicy(\"policy\", MetastoreServiceIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:MetastoreServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.MetastoreServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.MetastoreServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.MetastoreServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamBinding(ctx, \"binding\", \u0026dataproc.MetastoreServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBinding;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MetastoreServiceIamBinding(\"binding\", MetastoreServiceIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:MetastoreServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.MetastoreServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.MetastoreServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.MetastoreServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamMember(ctx, \"member\", \u0026dataproc.MetastoreServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMember;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MetastoreServiceIamMember(\"member\", MetastoreServiceIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:MetastoreServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataproc metastore Service\nThree different resources help you manage your IAM policy for Dataproc metastore Service. Each of these resources serves a different use case:\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.dataproc.MetastoreServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.dataproc.MetastoreServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.MetastoreServiceIamBinding` and `gcp.dataproc.MetastoreServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamBinding` resources **can be** used in conjunction with `gcp.dataproc.MetastoreServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.MetastoreServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.MetastoreServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.MetastoreServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.MetastoreServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreServiceIamPolicy(ctx, \"policy\", \u0026dataproc.MetastoreServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicy;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MetastoreServiceIamPolicy(\"policy\", MetastoreServiceIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:MetastoreServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.MetastoreServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.MetastoreServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.MetastoreServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamBinding(ctx, \"binding\", \u0026dataproc.MetastoreServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBinding;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MetastoreServiceIamBinding(\"binding\", MetastoreServiceIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:MetastoreServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.MetastoreServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.MetastoreServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.MetastoreServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamMember(ctx, \"member\", \u0026dataproc.MetastoreServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMember;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MetastoreServiceIamMember(\"member\", MetastoreServiceIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:MetastoreServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{service_id}}\n\n* {{project}}/{{location}}/{{service_id}}\n\n* {{location}}/{{service_id}}\n\n* {{service_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataproc metastore service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamMember:MetastoreServiceIamMember editor \"projects/{{project}}/locations/{{location}}/services/{{service_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamMember:MetastoreServiceIamMember editor \"projects/{{project}}/locations/{{location}}/services/{{service_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamMember:MetastoreServiceIamMember editor projects/{{project}}/locations/{{location}}/services/{{service_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dataproc/MetastoreServiceIamMemberCondition:MetastoreServiceIamMemberCondition" @@ -202939,7 +202939,7 @@ } }, "gcp:dataproc/metastoreServiceIamPolicy:MetastoreServiceIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Dataproc metastore Service. Each of these resources serves a different use case:\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.dataproc.MetastoreServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.dataproc.MetastoreServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.MetastoreServiceIamBinding` and `gcp.dataproc.MetastoreServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamBinding` resources **can be** used in conjunction with `gcp.dataproc.MetastoreServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.MetastoreServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.MetastoreServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.MetastoreServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.MetastoreServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreServiceIamPolicy(ctx, \"policy\", \u0026dataproc.MetastoreServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicy;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MetastoreServiceIamPolicy(\"policy\", MetastoreServiceIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:MetastoreServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.MetastoreServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.MetastoreServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.MetastoreServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamBinding(ctx, \"binding\", \u0026dataproc.MetastoreServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBinding;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MetastoreServiceIamBinding(\"binding\", MetastoreServiceIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:MetastoreServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.MetastoreServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.MetastoreServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.MetastoreServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamMember(ctx, \"member\", \u0026dataproc.MetastoreServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMember;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MetastoreServiceIamMember(\"member\", MetastoreServiceIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:MetastoreServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataproc metastore Service\nThree different resources help you manage your IAM policy for Dataproc metastore Service. Each of these resources serves a different use case:\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.dataproc.MetastoreServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.dataproc.MetastoreServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.MetastoreServiceIamBinding` and `gcp.dataproc.MetastoreServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamBinding` resources **can be** used in conjunction with `gcp.dataproc.MetastoreServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.MetastoreServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.MetastoreServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.MetastoreServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.MetastoreServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreServiceIamPolicy(ctx, \"policy\", \u0026dataproc.MetastoreServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicy;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MetastoreServiceIamPolicy(\"policy\", MetastoreServiceIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:MetastoreServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.MetastoreServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.MetastoreServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.MetastoreServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamBinding(ctx, \"binding\", \u0026dataproc.MetastoreServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBinding;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MetastoreServiceIamBinding(\"binding\", MetastoreServiceIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:MetastoreServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.MetastoreServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.MetastoreServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.MetastoreServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamMember(ctx, \"member\", \u0026dataproc.MetastoreServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMember;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MetastoreServiceIamMember(\"member\", MetastoreServiceIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:MetastoreServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{service_id}}\n\n* {{project}}/{{location}}/{{service_id}}\n\n* {{location}}/{{service_id}}\n\n* {{service_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataproc metastore service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamPolicy:MetastoreServiceIamPolicy editor \"projects/{{project}}/locations/{{location}}/services/{{service_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamPolicy:MetastoreServiceIamPolicy editor \"projects/{{project}}/locations/{{location}}/services/{{service_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamPolicy:MetastoreServiceIamPolicy editor projects/{{project}}/locations/{{location}}/services/{{service_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataproc metastore Service. Each of these resources serves a different use case:\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.dataproc.MetastoreServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.dataproc.MetastoreServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.MetastoreServiceIamBinding` and `gcp.dataproc.MetastoreServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamBinding` resources **can be** used in conjunction with `gcp.dataproc.MetastoreServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.MetastoreServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.MetastoreServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.MetastoreServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.MetastoreServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreServiceIamPolicy(ctx, \"policy\", \u0026dataproc.MetastoreServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicy;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MetastoreServiceIamPolicy(\"policy\", MetastoreServiceIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:MetastoreServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.MetastoreServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.MetastoreServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.MetastoreServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamBinding(ctx, \"binding\", \u0026dataproc.MetastoreServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBinding;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MetastoreServiceIamBinding(\"binding\", MetastoreServiceIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:MetastoreServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.MetastoreServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.MetastoreServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.MetastoreServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamMember(ctx, \"member\", \u0026dataproc.MetastoreServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMember;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MetastoreServiceIamMember(\"member\", MetastoreServiceIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:MetastoreServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Dataproc metastore Service\nThree different resources help you manage your IAM policy for Dataproc metastore Service. Each of these resources serves a different use case:\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.dataproc.MetastoreServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.dataproc.MetastoreServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.MetastoreServiceIamBinding` and `gcp.dataproc.MetastoreServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamBinding` resources **can be** used in conjunction with `gcp.dataproc.MetastoreServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dataproc.MetastoreServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.MetastoreServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dataproc.MetastoreServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.MetastoreServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreServiceIamPolicy(ctx, \"policy\", \u0026dataproc.MetastoreServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicy;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MetastoreServiceIamPolicy(\"policy\", MetastoreServiceIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:MetastoreServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.MetastoreServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.MetastoreServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.MetastoreServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamBinding(ctx, \"binding\", \u0026dataproc.MetastoreServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBinding;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MetastoreServiceIamBinding(\"binding\", MetastoreServiceIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:MetastoreServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dataproc.MetastoreServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.MetastoreServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.MetastoreServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.MetastoreServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamMember(ctx, \"member\", \u0026dataproc.MetastoreServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMember;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MetastoreServiceIamMember(\"member\", MetastoreServiceIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:MetastoreServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{service_id}}\n\n* {{project}}/{{location}}/{{service_id}}\n\n* {{location}}/{{service_id}}\n\n* {{service_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataproc metastore service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamPolicy:MetastoreServiceIamPolicy editor \"projects/{{project}}/locations/{{location}}/services/{{service_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamPolicy:MetastoreServiceIamPolicy editor \"projects/{{project}}/locations/{{location}}/services/{{service_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamPolicy:MetastoreServiceIamPolicy editor projects/{{project}}/locations/{{location}}/services/{{service_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -203701,7 +203701,7 @@ } }, "gcp:datastream/stream:Stream": { - "description": "A resource representing streaming data from a source to a destination.\n\n\nTo get more information about Stream, see:\n\n* [API documentation](https://cloud.google.com/datastream/docs/reference/rest/v1/projects.locations.streams)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/datastream/docs/create-a-stream)\n\n## Example Usage\n\n### Datastream Stream Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as random from \"@pulumi/random\";\n\nconst project = gcp.organizations.getProject({});\nconst instance = new gcp.sql.DatabaseInstance(\"instance\", {\n name: \"my-instance\",\n databaseVersion: \"MYSQL_8_0\",\n region: \"us-central1\",\n settings: {\n tier: \"db-f1-micro\",\n backupConfiguration: {\n enabled: true,\n binaryLogEnabled: true,\n },\n ipConfiguration: {\n authorizedNetworks: [\n {\n value: \"34.71.242.81\",\n },\n {\n value: \"34.72.28.29\",\n },\n {\n value: \"34.67.6.157\",\n },\n {\n value: \"34.67.234.134\",\n },\n {\n value: \"34.72.239.218\",\n },\n ],\n },\n },\n deletionProtection: true,\n});\nconst db = new gcp.sql.Database(\"db\", {\n instance: instance.name,\n name: \"db\",\n});\nconst pwd = new random.RandomPassword(\"pwd\", {\n length: 16,\n special: false,\n});\nconst user = new gcp.sql.User(\"user\", {\n name: \"user\",\n instance: instance.name,\n host: \"%\",\n password: pwd.result,\n});\nconst sourceConnectionProfile = new gcp.datastream.ConnectionProfile(\"source_connection_profile\", {\n displayName: \"Source connection profile\",\n location: \"us-central1\",\n connectionProfileId: \"source-profile\",\n mysqlProfile: {\n hostname: instance.publicIpAddress,\n username: user.name,\n password: user.password,\n },\n});\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: \"my-bucket\",\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst viewer = new gcp.storage.BucketIAMMember(\"viewer\", {\n bucket: bucket.name,\n role: \"roles/storage.objectViewer\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-datastream.iam.gserviceaccount.com`),\n});\nconst creator = new gcp.storage.BucketIAMMember(\"creator\", {\n bucket: bucket.name,\n role: \"roles/storage.objectCreator\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-datastream.iam.gserviceaccount.com`),\n});\nconst reader = new gcp.storage.BucketIAMMember(\"reader\", {\n bucket: bucket.name,\n role: \"roles/storage.legacyBucketReader\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-datastream.iam.gserviceaccount.com`),\n});\nconst keyUser = new gcp.kms.CryptoKeyIAMMember(\"key_user\", {\n cryptoKeyId: \"kms-name\",\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-datastream.iam.gserviceaccount.com`),\n});\nconst destinationConnectionProfile = new gcp.datastream.ConnectionProfile(\"destination_connection_profile\", {\n displayName: \"Connection profile\",\n location: \"us-central1\",\n connectionProfileId: \"destination-profile\",\n gcsProfile: {\n bucket: bucket.name,\n rootPath: \"/path\",\n },\n});\nconst _default = new gcp.datastream.Stream(\"default\", {\n streamId: \"my-stream\",\n desiredState: \"NOT_STARTED\",\n location: \"us-central1\",\n displayName: \"my stream\",\n labels: {\n key: \"value\",\n },\n sourceConfig: {\n sourceConnectionProfile: sourceConnectionProfile.id,\n mysqlSourceConfig: {\n includeObjects: {\n mysqlDatabases: [{\n database: \"my-database\",\n mysqlTables: [\n {\n table: \"includedTable\",\n mysqlColumns: [{\n column: \"includedColumn\",\n dataType: \"VARCHAR\",\n collation: \"utf8mb4\",\n primaryKey: false,\n nullable: false,\n ordinalPosition: 0,\n }],\n },\n {\n table: \"includedTable_2\",\n },\n ],\n }],\n },\n excludeObjects: {\n mysqlDatabases: [{\n database: \"my-database\",\n mysqlTables: [{\n table: \"excludedTable\",\n mysqlColumns: [{\n column: \"excludedColumn\",\n dataType: \"VARCHAR\",\n collation: \"utf8mb4\",\n primaryKey: false,\n nullable: false,\n ordinalPosition: 0,\n }],\n }],\n }],\n },\n maxConcurrentCdcTasks: 5,\n },\n },\n destinationConfig: {\n destinationConnectionProfile: destinationConnectionProfile.id,\n gcsDestinationConfig: {\n path: \"mydata\",\n fileRotationMb: 200,\n fileRotationInterval: \"60s\",\n jsonFileFormat: {\n schemaFileFormat: \"NO_SCHEMA_FILE\",\n compression: \"GZIP\",\n },\n },\n },\n backfillAll: {\n mysqlExcludedObjects: {\n mysqlDatabases: [{\n database: \"my-database\",\n mysqlTables: [{\n table: \"excludedTable\",\n mysqlColumns: [{\n column: \"excludedColumn\",\n dataType: \"VARCHAR\",\n collation: \"utf8mb4\",\n primaryKey: false,\n nullable: false,\n ordinalPosition: 0,\n }],\n }],\n }],\n },\n },\n customerManagedEncryptionKey: \"kms-name\",\n}, {\n dependsOn: [keyUser],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_random as random\n\nproject = gcp.organizations.get_project()\ninstance = gcp.sql.DatabaseInstance(\"instance\",\n name=\"my-instance\",\n database_version=\"MYSQL_8_0\",\n region=\"us-central1\",\n settings={\n \"tier\": \"db-f1-micro\",\n \"backup_configuration\": {\n \"enabled\": True,\n \"binary_log_enabled\": True,\n },\n \"ip_configuration\": {\n \"authorized_networks\": [\n {\n \"value\": \"34.71.242.81\",\n },\n {\n \"value\": \"34.72.28.29\",\n },\n {\n \"value\": \"34.67.6.157\",\n },\n {\n \"value\": \"34.67.234.134\",\n },\n {\n \"value\": \"34.72.239.218\",\n },\n ],\n },\n },\n deletion_protection=True)\ndb = gcp.sql.Database(\"db\",\n instance=instance.name,\n name=\"db\")\npwd = random.RandomPassword(\"pwd\",\n length=16,\n special=False)\nuser = gcp.sql.User(\"user\",\n name=\"user\",\n instance=instance.name,\n host=\"%\",\n password=pwd.result)\nsource_connection_profile = gcp.datastream.ConnectionProfile(\"source_connection_profile\",\n display_name=\"Source connection profile\",\n location=\"us-central1\",\n connection_profile_id=\"source-profile\",\n mysql_profile={\n \"hostname\": instance.public_ip_address,\n \"username\": user.name,\n \"password\": user.password,\n })\nbucket = gcp.storage.Bucket(\"bucket\",\n name=\"my-bucket\",\n location=\"US\",\n uniform_bucket_level_access=True)\nviewer = gcp.storage.BucketIAMMember(\"viewer\",\n bucket=bucket.name,\n role=\"roles/storage.objectViewer\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-datastream.iam.gserviceaccount.com\")\ncreator = gcp.storage.BucketIAMMember(\"creator\",\n bucket=bucket.name,\n role=\"roles/storage.objectCreator\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-datastream.iam.gserviceaccount.com\")\nreader = gcp.storage.BucketIAMMember(\"reader\",\n bucket=bucket.name,\n role=\"roles/storage.legacyBucketReader\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-datastream.iam.gserviceaccount.com\")\nkey_user = gcp.kms.CryptoKeyIAMMember(\"key_user\",\n crypto_key_id=\"kms-name\",\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-datastream.iam.gserviceaccount.com\")\ndestination_connection_profile = gcp.datastream.ConnectionProfile(\"destination_connection_profile\",\n display_name=\"Connection profile\",\n location=\"us-central1\",\n connection_profile_id=\"destination-profile\",\n gcs_profile={\n \"bucket\": bucket.name,\n \"root_path\": \"/path\",\n })\ndefault = gcp.datastream.Stream(\"default\",\n stream_id=\"my-stream\",\n desired_state=\"NOT_STARTED\",\n location=\"us-central1\",\n display_name=\"my stream\",\n labels={\n \"key\": \"value\",\n },\n source_config={\n \"source_connection_profile\": source_connection_profile.id,\n \"mysql_source_config\": {\n \"include_objects\": {\n \"mysql_databases\": [{\n \"database\": \"my-database\",\n \"mysql_tables\": [\n {\n \"table\": \"includedTable\",\n \"mysql_columns\": [{\n \"column\": \"includedColumn\",\n \"data_type\": \"VARCHAR\",\n \"collation\": \"utf8mb4\",\n \"primary_key\": False,\n \"nullable\": False,\n \"ordinal_position\": 0,\n }],\n },\n {\n \"table\": \"includedTable_2\",\n },\n ],\n }],\n },\n \"exclude_objects\": {\n \"mysql_databases\": [{\n \"database\": \"my-database\",\n \"mysql_tables\": [{\n \"table\": \"excludedTable\",\n \"mysql_columns\": [{\n \"column\": \"excludedColumn\",\n \"data_type\": \"VARCHAR\",\n \"collation\": \"utf8mb4\",\n \"primary_key\": False,\n \"nullable\": False,\n \"ordinal_position\": 0,\n }],\n }],\n }],\n },\n \"max_concurrent_cdc_tasks\": 5,\n },\n },\n destination_config={\n \"destination_connection_profile\": destination_connection_profile.id,\n \"gcs_destination_config\": {\n \"path\": \"mydata\",\n \"file_rotation_mb\": 200,\n \"file_rotation_interval\": \"60s\",\n \"json_file_format\": {\n \"schema_file_format\": \"NO_SCHEMA_FILE\",\n \"compression\": \"GZIP\",\n },\n },\n },\n backfill_all={\n \"mysql_excluded_objects\": {\n \"mysql_databases\": [{\n \"database\": \"my-database\",\n \"mysql_tables\": [{\n \"table\": \"excludedTable\",\n \"mysql_columns\": [{\n \"column\": \"excludedColumn\",\n \"data_type\": \"VARCHAR\",\n \"collation\": \"utf8mb4\",\n \"primary_key\": False,\n \"nullable\": False,\n \"ordinal_position\": 0,\n }],\n }],\n }],\n },\n },\n customer_managed_encryption_key=\"kms-name\",\n opts = pulumi.ResourceOptions(depends_on=[key_user]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Random = Pulumi.Random;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var instance = new Gcp.Sql.DatabaseInstance(\"instance\", new()\n {\n Name = \"my-instance\",\n DatabaseVersion = \"MYSQL_8_0\",\n Region = \"us-central1\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n BackupConfiguration = new Gcp.Sql.Inputs.DatabaseInstanceSettingsBackupConfigurationArgs\n {\n Enabled = true,\n BinaryLogEnabled = true,\n },\n IpConfiguration = new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationArgs\n {\n AuthorizedNetworks = new[]\n {\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.71.242.81\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.72.28.29\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.67.6.157\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.67.234.134\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.72.239.218\",\n },\n },\n },\n },\n DeletionProtection = true,\n });\n\n var db = new Gcp.Sql.Database(\"db\", new()\n {\n Instance = instance.Name,\n Name = \"db\",\n });\n\n var pwd = new Random.RandomPassword(\"pwd\", new()\n {\n Length = 16,\n Special = false,\n });\n\n var user = new Gcp.Sql.User(\"user\", new()\n {\n Name = \"user\",\n Instance = instance.Name,\n Host = \"%\",\n Password = pwd.Result,\n });\n\n var sourceConnectionProfile = new Gcp.Datastream.ConnectionProfile(\"source_connection_profile\", new()\n {\n DisplayName = \"Source connection profile\",\n Location = \"us-central1\",\n ConnectionProfileId = \"source-profile\",\n MysqlProfile = new Gcp.Datastream.Inputs.ConnectionProfileMysqlProfileArgs\n {\n Hostname = instance.PublicIpAddress,\n Username = user.Name,\n Password = user.Password,\n },\n });\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = \"my-bucket\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var viewer = new Gcp.Storage.BucketIAMMember(\"viewer\", new()\n {\n Bucket = bucket.Name,\n Role = \"roles/storage.objectViewer\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-datastream.iam.gserviceaccount.com\",\n });\n\n var creator = new Gcp.Storage.BucketIAMMember(\"creator\", new()\n {\n Bucket = bucket.Name,\n Role = \"roles/storage.objectCreator\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-datastream.iam.gserviceaccount.com\",\n });\n\n var reader = new Gcp.Storage.BucketIAMMember(\"reader\", new()\n {\n Bucket = bucket.Name,\n Role = \"roles/storage.legacyBucketReader\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-datastream.iam.gserviceaccount.com\",\n });\n\n var keyUser = new Gcp.Kms.CryptoKeyIAMMember(\"key_user\", new()\n {\n CryptoKeyId = \"kms-name\",\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-datastream.iam.gserviceaccount.com\",\n });\n\n var destinationConnectionProfile = new Gcp.Datastream.ConnectionProfile(\"destination_connection_profile\", new()\n {\n DisplayName = \"Connection profile\",\n Location = \"us-central1\",\n ConnectionProfileId = \"destination-profile\",\n GcsProfile = new Gcp.Datastream.Inputs.ConnectionProfileGcsProfileArgs\n {\n Bucket = bucket.Name,\n RootPath = \"/path\",\n },\n });\n\n var @default = new Gcp.Datastream.Stream(\"default\", new()\n {\n StreamId = \"my-stream\",\n DesiredState = \"NOT_STARTED\",\n Location = \"us-central1\",\n DisplayName = \"my stream\",\n Labels = \n {\n { \"key\", \"value\" },\n },\n SourceConfig = new Gcp.Datastream.Inputs.StreamSourceConfigArgs\n {\n SourceConnectionProfile = sourceConnectionProfile.Id,\n MysqlSourceConfig = new Gcp.Datastream.Inputs.StreamSourceConfigMysqlSourceConfigArgs\n {\n IncludeObjects = new Gcp.Datastream.Inputs.StreamSourceConfigMysqlSourceConfigIncludeObjectsArgs\n {\n MysqlDatabases = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigMysqlSourceConfigIncludeObjectsMysqlDatabaseArgs\n {\n Database = \"my-database\",\n MysqlTables = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigMysqlSourceConfigIncludeObjectsMysqlDatabaseMysqlTableArgs\n {\n Table = \"includedTable\",\n MysqlColumns = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigMysqlSourceConfigIncludeObjectsMysqlDatabaseMysqlTableMysqlColumnArgs\n {\n Column = \"includedColumn\",\n DataType = \"VARCHAR\",\n Collation = \"utf8mb4\",\n PrimaryKey = false,\n Nullable = false,\n OrdinalPosition = 0,\n },\n },\n },\n new Gcp.Datastream.Inputs.StreamSourceConfigMysqlSourceConfigIncludeObjectsMysqlDatabaseMysqlTableArgs\n {\n Table = \"includedTable_2\",\n },\n },\n },\n },\n },\n ExcludeObjects = new Gcp.Datastream.Inputs.StreamSourceConfigMysqlSourceConfigExcludeObjectsArgs\n {\n MysqlDatabases = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigMysqlSourceConfigExcludeObjectsMysqlDatabaseArgs\n {\n Database = \"my-database\",\n MysqlTables = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigMysqlSourceConfigExcludeObjectsMysqlDatabaseMysqlTableArgs\n {\n Table = \"excludedTable\",\n MysqlColumns = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigMysqlSourceConfigExcludeObjectsMysqlDatabaseMysqlTableMysqlColumnArgs\n {\n Column = \"excludedColumn\",\n DataType = \"VARCHAR\",\n Collation = \"utf8mb4\",\n PrimaryKey = false,\n Nullable = false,\n OrdinalPosition = 0,\n },\n },\n },\n },\n },\n },\n },\n MaxConcurrentCdcTasks = 5,\n },\n },\n DestinationConfig = new Gcp.Datastream.Inputs.StreamDestinationConfigArgs\n {\n DestinationConnectionProfile = destinationConnectionProfile.Id,\n GcsDestinationConfig = new Gcp.Datastream.Inputs.StreamDestinationConfigGcsDestinationConfigArgs\n {\n Path = \"mydata\",\n FileRotationMb = 200,\n FileRotationInterval = \"60s\",\n JsonFileFormat = new Gcp.Datastream.Inputs.StreamDestinationConfigGcsDestinationConfigJsonFileFormatArgs\n {\n SchemaFileFormat = \"NO_SCHEMA_FILE\",\n Compression = \"GZIP\",\n },\n },\n },\n BackfillAll = new Gcp.Datastream.Inputs.StreamBackfillAllArgs\n {\n MysqlExcludedObjects = new Gcp.Datastream.Inputs.StreamBackfillAllMysqlExcludedObjectsArgs\n {\n MysqlDatabases = new[]\n {\n new Gcp.Datastream.Inputs.StreamBackfillAllMysqlExcludedObjectsMysqlDatabaseArgs\n {\n Database = \"my-database\",\n MysqlTables = new[]\n {\n new Gcp.Datastream.Inputs.StreamBackfillAllMysqlExcludedObjectsMysqlDatabaseMysqlTableArgs\n {\n Table = \"excludedTable\",\n MysqlColumns = new[]\n {\n new Gcp.Datastream.Inputs.StreamBackfillAllMysqlExcludedObjectsMysqlDatabaseMysqlTableMysqlColumnArgs\n {\n Column = \"excludedColumn\",\n DataType = \"VARCHAR\",\n Collation = \"utf8mb4\",\n PrimaryKey = false,\n Nullable = false,\n OrdinalPosition = 0,\n },\n },\n },\n },\n },\n },\n },\n },\n CustomerManagedEncryptionKey = \"kms-name\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n keyUser,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datastream\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi-random/sdk/v4/go/random\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstance, err := sql.NewDatabaseInstance(ctx, \"instance\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_8_0\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t\tBackupConfiguration: \u0026sql.DatabaseInstanceSettingsBackupConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tBinaryLogEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tIpConfiguration: \u0026sql.DatabaseInstanceSettingsIpConfigurationArgs{\n\t\t\t\t\tAuthorizedNetworks: sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArray{\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.71.242.81\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.72.28.29\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.67.6.157\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.67.234.134\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.72.239.218\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sql.NewDatabase(ctx, \"db\", \u0026sql.DatabaseArgs{\n\t\t\tInstance: instance.Name,\n\t\t\tName: pulumi.String(\"db\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpwd, err := random.NewRandomPassword(ctx, \"pwd\", \u0026random.RandomPasswordArgs{\n\t\t\tLength: pulumi.Int(16),\n\t\t\tSpecial: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := sql.NewUser(ctx, \"user\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"user\"),\n\t\t\tInstance: instance.Name,\n\t\t\tHost: pulumi.String(\"%\"),\n\t\t\tPassword: pwd.Result,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceConnectionProfile, err := datastream.NewConnectionProfile(ctx, \"source_connection_profile\", \u0026datastream.ConnectionProfileArgs{\n\t\t\tDisplayName: pulumi.String(\"Source connection profile\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"source-profile\"),\n\t\t\tMysqlProfile: \u0026datastream.ConnectionProfileMysqlProfileArgs{\n\t\t\t\tHostname: instance.PublicIpAddress,\n\t\t\t\tUsername: user.Name,\n\t\t\t\tPassword: user.Password,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"my-bucket\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMMember(ctx, \"viewer\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: bucket.Name,\n\t\t\tRole: pulumi.String(\"roles/storage.objectViewer\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-datastream.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMMember(ctx, \"creator\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: bucket.Name,\n\t\t\tRole: pulumi.String(\"roles/storage.objectCreator\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-datastream.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMMember(ctx, \"reader\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: bucket.Name,\n\t\t\tRole: pulumi.String(\"roles/storage.legacyBucketReader\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-datastream.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkeyUser, err := kms.NewCryptoKeyIAMMember(ctx, \"key_user\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.String(\"kms-name\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-datastream.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestinationConnectionProfile, err := datastream.NewConnectionProfile(ctx, \"destination_connection_profile\", \u0026datastream.ConnectionProfileArgs{\n\t\t\tDisplayName: pulumi.String(\"Connection profile\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"destination-profile\"),\n\t\t\tGcsProfile: \u0026datastream.ConnectionProfileGcsProfileArgs{\n\t\t\t\tBucket: bucket.Name,\n\t\t\t\tRootPath: pulumi.String(\"/path\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datastream.NewStream(ctx, \"default\", \u0026datastream.StreamArgs{\n\t\t\tStreamId: pulumi.String(\"my-stream\"),\n\t\t\tDesiredState: pulumi.String(\"NOT_STARTED\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDisplayName: pulumi.String(\"my stream\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t\tSourceConfig: \u0026datastream.StreamSourceConfigArgs{\n\t\t\t\tSourceConnectionProfile: sourceConnectionProfile.ID(),\n\t\t\t\tMysqlSourceConfig: \u0026datastream.StreamSourceConfigMysqlSourceConfigArgs{\n\t\t\t\t\tIncludeObjects: \u0026datastream.StreamSourceConfigMysqlSourceConfigIncludeObjectsArgs{\n\t\t\t\t\t\tMysqlDatabases: datastream.StreamSourceConfigMysqlSourceConfigIncludeObjectsMysqlDatabaseArray{\n\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigMysqlSourceConfigIncludeObjectsMysqlDatabaseArgs{\n\t\t\t\t\t\t\t\tDatabase: pulumi.String(\"my-database\"),\n\t\t\t\t\t\t\t\tMysqlTables: datastream.StreamSourceConfigMysqlSourceConfigIncludeObjectsMysqlDatabaseMysqlTableArray{\n\t\t\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigMysqlSourceConfigIncludeObjectsMysqlDatabaseMysqlTableArgs{\n\t\t\t\t\t\t\t\t\t\tTable: pulumi.String(\"includedTable\"),\n\t\t\t\t\t\t\t\t\t\tMysqlColumns: datastream.StreamSourceConfigMysqlSourceConfigIncludeObjectsMysqlDatabaseMysqlTableMysqlColumnArray{\n\t\t\t\t\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigMysqlSourceConfigIncludeObjectsMysqlDatabaseMysqlTableMysqlColumnArgs{\n\t\t\t\t\t\t\t\t\t\t\t\tColumn: pulumi.String(\"includedColumn\"),\n\t\t\t\t\t\t\t\t\t\t\t\tDataType: pulumi.String(\"VARCHAR\"),\n\t\t\t\t\t\t\t\t\t\t\t\tCollation: pulumi.String(\"utf8mb4\"),\n\t\t\t\t\t\t\t\t\t\t\t\tPrimaryKey: pulumi.Bool(false),\n\t\t\t\t\t\t\t\t\t\t\t\tNullable: pulumi.Bool(false),\n\t\t\t\t\t\t\t\t\t\t\t\tOrdinalPosition: pulumi.Int(0),\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigMysqlSourceConfigIncludeObjectsMysqlDatabaseMysqlTableArgs{\n\t\t\t\t\t\t\t\t\t\tTable: pulumi.String(\"includedTable_2\"),\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tExcludeObjects: \u0026datastream.StreamSourceConfigMysqlSourceConfigExcludeObjectsArgs{\n\t\t\t\t\t\tMysqlDatabases: datastream.StreamSourceConfigMysqlSourceConfigExcludeObjectsMysqlDatabaseArray{\n\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigMysqlSourceConfigExcludeObjectsMysqlDatabaseArgs{\n\t\t\t\t\t\t\t\tDatabase: pulumi.String(\"my-database\"),\n\t\t\t\t\t\t\t\tMysqlTables: datastream.StreamSourceConfigMysqlSourceConfigExcludeObjectsMysqlDatabaseMysqlTableArray{\n\t\t\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigMysqlSourceConfigExcludeObjectsMysqlDatabaseMysqlTableArgs{\n\t\t\t\t\t\t\t\t\t\tTable: pulumi.String(\"excludedTable\"),\n\t\t\t\t\t\t\t\t\t\tMysqlColumns: datastream.StreamSourceConfigMysqlSourceConfigExcludeObjectsMysqlDatabaseMysqlTableMysqlColumnArray{\n\t\t\t\t\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigMysqlSourceConfigExcludeObjectsMysqlDatabaseMysqlTableMysqlColumnArgs{\n\t\t\t\t\t\t\t\t\t\t\t\tColumn: pulumi.String(\"excludedColumn\"),\n\t\t\t\t\t\t\t\t\t\t\t\tDataType: pulumi.String(\"VARCHAR\"),\n\t\t\t\t\t\t\t\t\t\t\t\tCollation: pulumi.String(\"utf8mb4\"),\n\t\t\t\t\t\t\t\t\t\t\t\tPrimaryKey: pulumi.Bool(false),\n\t\t\t\t\t\t\t\t\t\t\t\tNullable: pulumi.Bool(false),\n\t\t\t\t\t\t\t\t\t\t\t\tOrdinalPosition: pulumi.Int(0),\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tMaxConcurrentCdcTasks: pulumi.Int(5),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDestinationConfig: \u0026datastream.StreamDestinationConfigArgs{\n\t\t\t\tDestinationConnectionProfile: destinationConnectionProfile.ID(),\n\t\t\t\tGcsDestinationConfig: \u0026datastream.StreamDestinationConfigGcsDestinationConfigArgs{\n\t\t\t\t\tPath: pulumi.String(\"mydata\"),\n\t\t\t\t\tFileRotationMb: pulumi.Int(200),\n\t\t\t\t\tFileRotationInterval: pulumi.String(\"60s\"),\n\t\t\t\t\tJsonFileFormat: \u0026datastream.StreamDestinationConfigGcsDestinationConfigJsonFileFormatArgs{\n\t\t\t\t\t\tSchemaFileFormat: pulumi.String(\"NO_SCHEMA_FILE\"),\n\t\t\t\t\t\tCompression: pulumi.String(\"GZIP\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tBackfillAll: \u0026datastream.StreamBackfillAllArgs{\n\t\t\t\tMysqlExcludedObjects: \u0026datastream.StreamBackfillAllMysqlExcludedObjectsArgs{\n\t\t\t\t\tMysqlDatabases: datastream.StreamBackfillAllMysqlExcludedObjectsMysqlDatabaseArray{\n\t\t\t\t\t\t\u0026datastream.StreamBackfillAllMysqlExcludedObjectsMysqlDatabaseArgs{\n\t\t\t\t\t\t\tDatabase: pulumi.String(\"my-database\"),\n\t\t\t\t\t\t\tMysqlTables: datastream.StreamBackfillAllMysqlExcludedObjectsMysqlDatabaseMysqlTableArray{\n\t\t\t\t\t\t\t\t\u0026datastream.StreamBackfillAllMysqlExcludedObjectsMysqlDatabaseMysqlTableArgs{\n\t\t\t\t\t\t\t\t\tTable: pulumi.String(\"excludedTable\"),\n\t\t\t\t\t\t\t\t\tMysqlColumns: datastream.StreamBackfillAllMysqlExcludedObjectsMysqlDatabaseMysqlTableMysqlColumnArray{\n\t\t\t\t\t\t\t\t\t\t\u0026datastream.StreamBackfillAllMysqlExcludedObjectsMysqlDatabaseMysqlTableMysqlColumnArgs{\n\t\t\t\t\t\t\t\t\t\t\tColumn: pulumi.String(\"excludedColumn\"),\n\t\t\t\t\t\t\t\t\t\t\tDataType: pulumi.String(\"VARCHAR\"),\n\t\t\t\t\t\t\t\t\t\t\tCollation: pulumi.String(\"utf8mb4\"),\n\t\t\t\t\t\t\t\t\t\t\tPrimaryKey: pulumi.Bool(false),\n\t\t\t\t\t\t\t\t\t\t\tNullable: pulumi.Bool(false),\n\t\t\t\t\t\t\t\t\t\t\tOrdinalPosition: pulumi.Int(0),\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tCustomerManagedEncryptionKey: pulumi.String(\"kms-name\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tkeyUser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsBackupConfigurationArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsIpConfigurationArgs;\nimport com.pulumi.gcp.sql.Database;\nimport com.pulumi.gcp.sql.DatabaseArgs;\nimport com.pulumi.random.RandomPassword;\nimport com.pulumi.random.RandomPasswordArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport com.pulumi.gcp.datastream.ConnectionProfile;\nimport com.pulumi.gcp.datastream.ConnectionProfileArgs;\nimport com.pulumi.gcp.datastream.inputs.ConnectionProfileMysqlProfileArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.datastream.inputs.ConnectionProfileGcsProfileArgs;\nimport com.pulumi.gcp.datastream.Stream;\nimport com.pulumi.gcp.datastream.StreamArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigMysqlSourceConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigMysqlSourceConfigIncludeObjectsArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigMysqlSourceConfigExcludeObjectsArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigGcsDestinationConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigGcsDestinationConfigJsonFileFormatArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamBackfillAllArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamBackfillAllMysqlExcludedObjectsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var instance = new DatabaseInstance(\"instance\", DatabaseInstanceArgs.builder()\n .name(\"my-instance\")\n .databaseVersion(\"MYSQL_8_0\")\n .region(\"us-central1\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .backupConfiguration(DatabaseInstanceSettingsBackupConfigurationArgs.builder()\n .enabled(true)\n .binaryLogEnabled(true)\n .build())\n .ipConfiguration(DatabaseInstanceSettingsIpConfigurationArgs.builder()\n .authorizedNetworks( \n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.71.242.81\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.72.28.29\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.67.6.157\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.67.234.134\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.72.239.218\")\n .build())\n .build())\n .build())\n .deletionProtection(true)\n .build());\n\n var db = new Database(\"db\", DatabaseArgs.builder()\n .instance(instance.name())\n .name(\"db\")\n .build());\n\n var pwd = new RandomPassword(\"pwd\", RandomPasswordArgs.builder()\n .length(16)\n .special(false)\n .build());\n\n var user = new User(\"user\", UserArgs.builder()\n .name(\"user\")\n .instance(instance.name())\n .host(\"%\")\n .password(pwd.result())\n .build());\n\n var sourceConnectionProfile = new ConnectionProfile(\"sourceConnectionProfile\", ConnectionProfileArgs.builder()\n .displayName(\"Source connection profile\")\n .location(\"us-central1\")\n .connectionProfileId(\"source-profile\")\n .mysqlProfile(ConnectionProfileMysqlProfileArgs.builder()\n .hostname(instance.publicIpAddress())\n .username(user.name())\n .password(user.password())\n .build())\n .build());\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(\"my-bucket\")\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var viewer = new BucketIAMMember(\"viewer\", BucketIAMMemberArgs.builder()\n .bucket(bucket.name())\n .role(\"roles/storage.objectViewer\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-datastream.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var creator = new BucketIAMMember(\"creator\", BucketIAMMemberArgs.builder()\n .bucket(bucket.name())\n .role(\"roles/storage.objectCreator\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-datastream.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var reader = new BucketIAMMember(\"reader\", BucketIAMMemberArgs.builder()\n .bucket(bucket.name())\n .role(\"roles/storage.legacyBucketReader\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-datastream.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var keyUser = new CryptoKeyIAMMember(\"keyUser\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(\"kms-name\")\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-datastream.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var destinationConnectionProfile = new ConnectionProfile(\"destinationConnectionProfile\", ConnectionProfileArgs.builder()\n .displayName(\"Connection profile\")\n .location(\"us-central1\")\n .connectionProfileId(\"destination-profile\")\n .gcsProfile(ConnectionProfileGcsProfileArgs.builder()\n .bucket(bucket.name())\n .rootPath(\"/path\")\n .build())\n .build());\n\n var default_ = new Stream(\"default\", StreamArgs.builder()\n .streamId(\"my-stream\")\n .desiredState(\"NOT_STARTED\")\n .location(\"us-central1\")\n .displayName(\"my stream\")\n .labels(Map.of(\"key\", \"value\"))\n .sourceConfig(StreamSourceConfigArgs.builder()\n .sourceConnectionProfile(sourceConnectionProfile.id())\n .mysqlSourceConfig(StreamSourceConfigMysqlSourceConfigArgs.builder()\n .includeObjects(StreamSourceConfigMysqlSourceConfigIncludeObjectsArgs.builder()\n .mysqlDatabases(StreamSourceConfigMysqlSourceConfigIncludeObjectsMysqlDatabaseArgs.builder()\n .database(\"my-database\")\n .mysqlTables( \n StreamSourceConfigMysqlSourceConfigIncludeObjectsMysqlDatabaseMysqlTableArgs.builder()\n .table(\"includedTable\")\n .mysqlColumns(StreamSourceConfigMysqlSourceConfigIncludeObjectsMysqlDatabaseMysqlTableMysqlColumnArgs.builder()\n .column(\"includedColumn\")\n .dataType(\"VARCHAR\")\n .collation(\"utf8mb4\")\n .primaryKey(false)\n .nullable(false)\n .ordinalPosition(0)\n .build())\n .build(),\n StreamSourceConfigMysqlSourceConfigIncludeObjectsMysqlDatabaseMysqlTableArgs.builder()\n .table(\"includedTable_2\")\n .build())\n .build())\n .build())\n .excludeObjects(StreamSourceConfigMysqlSourceConfigExcludeObjectsArgs.builder()\n .mysqlDatabases(StreamSourceConfigMysqlSourceConfigExcludeObjectsMysqlDatabaseArgs.builder()\n .database(\"my-database\")\n .mysqlTables(StreamSourceConfigMysqlSourceConfigExcludeObjectsMysqlDatabaseMysqlTableArgs.builder()\n .table(\"excludedTable\")\n .mysqlColumns(StreamSourceConfigMysqlSourceConfigExcludeObjectsMysqlDatabaseMysqlTableMysqlColumnArgs.builder()\n .column(\"excludedColumn\")\n .dataType(\"VARCHAR\")\n .collation(\"utf8mb4\")\n .primaryKey(false)\n .nullable(false)\n .ordinalPosition(0)\n .build())\n .build())\n .build())\n .build())\n .maxConcurrentCdcTasks(5)\n .build())\n .build())\n .destinationConfig(StreamDestinationConfigArgs.builder()\n .destinationConnectionProfile(destinationConnectionProfile.id())\n .gcsDestinationConfig(StreamDestinationConfigGcsDestinationConfigArgs.builder()\n .path(\"mydata\")\n .fileRotationMb(200)\n .fileRotationInterval(\"60s\")\n .jsonFileFormat(StreamDestinationConfigGcsDestinationConfigJsonFileFormatArgs.builder()\n .schemaFileFormat(\"NO_SCHEMA_FILE\")\n .compression(\"GZIP\")\n .build())\n .build())\n .build())\n .backfillAll(StreamBackfillAllArgs.builder()\n .mysqlExcludedObjects(StreamBackfillAllMysqlExcludedObjectsArgs.builder()\n .mysqlDatabases(StreamBackfillAllMysqlExcludedObjectsMysqlDatabaseArgs.builder()\n .database(\"my-database\")\n .mysqlTables(StreamBackfillAllMysqlExcludedObjectsMysqlDatabaseMysqlTableArgs.builder()\n .table(\"excludedTable\")\n .mysqlColumns(StreamBackfillAllMysqlExcludedObjectsMysqlDatabaseMysqlTableMysqlColumnArgs.builder()\n .column(\"excludedColumn\")\n .dataType(\"VARCHAR\")\n .collation(\"utf8mb4\")\n .primaryKey(false)\n .nullable(false)\n .ordinalPosition(0)\n .build())\n .build())\n .build())\n .build())\n .build())\n .customerManagedEncryptionKey(\"kms-name\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(keyUser)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:sql:DatabaseInstance\n properties:\n name: my-instance\n databaseVersion: MYSQL_8_0\n region: us-central1\n settings:\n tier: db-f1-micro\n backupConfiguration:\n enabled: true\n binaryLogEnabled: true\n ipConfiguration:\n authorizedNetworks:\n - value: 34.71.242.81\n - value: 34.72.28.29\n - value: 34.67.6.157\n - value: 34.67.234.134\n - value: 34.72.239.218\n deletionProtection: true\n db:\n type: gcp:sql:Database\n properties:\n instance: ${instance.name}\n name: db\n pwd:\n type: random:RandomPassword\n properties:\n length: 16\n special: false\n user:\n type: gcp:sql:User\n properties:\n name: user\n instance: ${instance.name}\n host: '%'\n password: ${pwd.result}\n sourceConnectionProfile:\n type: gcp:datastream:ConnectionProfile\n name: source_connection_profile\n properties:\n displayName: Source connection profile\n location: us-central1\n connectionProfileId: source-profile\n mysqlProfile:\n hostname: ${instance.publicIpAddress}\n username: ${user.name}\n password: ${user.password}\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: my-bucket\n location: US\n uniformBucketLevelAccess: true\n viewer:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${bucket.name}\n role: roles/storage.objectViewer\n member: serviceAccount:service-${project.number}@gcp-sa-datastream.iam.gserviceaccount.com\n creator:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${bucket.name}\n role: roles/storage.objectCreator\n member: serviceAccount:service-${project.number}@gcp-sa-datastream.iam.gserviceaccount.com\n reader:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${bucket.name}\n role: roles/storage.legacyBucketReader\n member: serviceAccount:service-${project.number}@gcp-sa-datastream.iam.gserviceaccount.com\n keyUser:\n type: gcp:kms:CryptoKeyIAMMember\n name: key_user\n properties:\n cryptoKeyId: kms-name\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:service-${project.number}@gcp-sa-datastream.iam.gserviceaccount.com\n destinationConnectionProfile:\n type: gcp:datastream:ConnectionProfile\n name: destination_connection_profile\n properties:\n displayName: Connection profile\n location: us-central1\n connectionProfileId: destination-profile\n gcsProfile:\n bucket: ${bucket.name}\n rootPath: /path\n default:\n type: gcp:datastream:Stream\n properties:\n streamId: my-stream\n desiredState: NOT_STARTED\n location: us-central1\n displayName: my stream\n labels:\n key: value\n sourceConfig:\n sourceConnectionProfile: ${sourceConnectionProfile.id}\n mysqlSourceConfig:\n includeObjects:\n mysqlDatabases:\n - database: my-database\n mysqlTables:\n - table: includedTable\n mysqlColumns:\n - column: includedColumn\n dataType: VARCHAR\n collation: utf8mb4\n primaryKey: false\n nullable: false\n ordinalPosition: 0\n - table: includedTable_2\n excludeObjects:\n mysqlDatabases:\n - database: my-database\n mysqlTables:\n - table: excludedTable\n mysqlColumns:\n - column: excludedColumn\n dataType: VARCHAR\n collation: utf8mb4\n primaryKey: false\n nullable: false\n ordinalPosition: 0\n maxConcurrentCdcTasks: 5\n destinationConfig:\n destinationConnectionProfile: ${destinationConnectionProfile.id}\n gcsDestinationConfig:\n path: mydata\n fileRotationMb: 200\n fileRotationInterval: 60s\n jsonFileFormat:\n schemaFileFormat: NO_SCHEMA_FILE\n compression: GZIP\n backfillAll:\n mysqlExcludedObjects:\n mysqlDatabases:\n - database: my-database\n mysqlTables:\n - table: excludedTable\n mysqlColumns:\n - column: excludedColumn\n dataType: VARCHAR\n collation: utf8mb4\n primaryKey: false\n nullable: false\n ordinalPosition: 0\n customerManagedEncryptionKey: kms-name\n options:\n dependson:\n - ${keyUser}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Datastream Stream Postgresql\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst source = new gcp.datastream.ConnectionProfile(\"source\", {\n displayName: \"Postgresql Source\",\n location: \"us-central1\",\n connectionProfileId: \"source-profile\",\n postgresqlProfile: {\n hostname: \"hostname\",\n port: 5432,\n username: \"user\",\n password: \"pass\",\n database: \"postgres\",\n },\n});\nconst destination = new gcp.datastream.ConnectionProfile(\"destination\", {\n displayName: \"BigQuery Destination\",\n location: \"us-central1\",\n connectionProfileId: \"destination-profile\",\n bigqueryProfile: {},\n});\nconst _default = new gcp.datastream.Stream(\"default\", {\n displayName: \"Postgres to BigQuery\",\n location: \"us-central1\",\n streamId: \"my-stream\",\n desiredState: \"RUNNING\",\n sourceConfig: {\n sourceConnectionProfile: source.id,\n postgresqlSourceConfig: {\n maxConcurrentBackfillTasks: 12,\n publication: \"publication\",\n replicationSlot: \"replication_slot\",\n includeObjects: {\n postgresqlSchemas: [{\n schema: \"schema\",\n postgresqlTables: [{\n table: \"table\",\n postgresqlColumns: [{\n column: \"column\",\n }],\n }],\n }],\n },\n excludeObjects: {\n postgresqlSchemas: [{\n schema: \"schema\",\n postgresqlTables: [{\n table: \"table\",\n postgresqlColumns: [{\n column: \"column\",\n }],\n }],\n }],\n },\n },\n },\n destinationConfig: {\n destinationConnectionProfile: destination.id,\n bigqueryDestinationConfig: {\n dataFreshness: \"900s\",\n sourceHierarchyDatasets: {\n datasetTemplate: {\n location: \"us-central1\",\n },\n },\n },\n },\n backfillAll: {\n postgresqlExcludedObjects: {\n postgresqlSchemas: [{\n schema: \"schema\",\n postgresqlTables: [{\n table: \"table\",\n postgresqlColumns: [{\n column: \"column\",\n }],\n }],\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsource = gcp.datastream.ConnectionProfile(\"source\",\n display_name=\"Postgresql Source\",\n location=\"us-central1\",\n connection_profile_id=\"source-profile\",\n postgresql_profile={\n \"hostname\": \"hostname\",\n \"port\": 5432,\n \"username\": \"user\",\n \"password\": \"pass\",\n \"database\": \"postgres\",\n })\ndestination = gcp.datastream.ConnectionProfile(\"destination\",\n display_name=\"BigQuery Destination\",\n location=\"us-central1\",\n connection_profile_id=\"destination-profile\",\n bigquery_profile={})\ndefault = gcp.datastream.Stream(\"default\",\n display_name=\"Postgres to BigQuery\",\n location=\"us-central1\",\n stream_id=\"my-stream\",\n desired_state=\"RUNNING\",\n source_config={\n \"source_connection_profile\": source.id,\n \"postgresql_source_config\": {\n \"max_concurrent_backfill_tasks\": 12,\n \"publication\": \"publication\",\n \"replication_slot\": \"replication_slot\",\n \"include_objects\": {\n \"postgresql_schemas\": [{\n \"schema\": \"schema\",\n \"postgresql_tables\": [{\n \"table\": \"table\",\n \"postgresql_columns\": [{\n \"column\": \"column\",\n }],\n }],\n }],\n },\n \"exclude_objects\": {\n \"postgresql_schemas\": [{\n \"schema\": \"schema\",\n \"postgresql_tables\": [{\n \"table\": \"table\",\n \"postgresql_columns\": [{\n \"column\": \"column\",\n }],\n }],\n }],\n },\n },\n },\n destination_config={\n \"destination_connection_profile\": destination.id,\n \"bigquery_destination_config\": {\n \"data_freshness\": \"900s\",\n \"source_hierarchy_datasets\": {\n \"dataset_template\": {\n \"location\": \"us-central1\",\n },\n },\n },\n },\n backfill_all={\n \"postgresql_excluded_objects\": {\n \"postgresql_schemas\": [{\n \"schema\": \"schema\",\n \"postgresql_tables\": [{\n \"table\": \"table\",\n \"postgresql_columns\": [{\n \"column\": \"column\",\n }],\n }],\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var source = new Gcp.Datastream.ConnectionProfile(\"source\", new()\n {\n DisplayName = \"Postgresql Source\",\n Location = \"us-central1\",\n ConnectionProfileId = \"source-profile\",\n PostgresqlProfile = new Gcp.Datastream.Inputs.ConnectionProfilePostgresqlProfileArgs\n {\n Hostname = \"hostname\",\n Port = 5432,\n Username = \"user\",\n Password = \"pass\",\n Database = \"postgres\",\n },\n });\n\n var destination = new Gcp.Datastream.ConnectionProfile(\"destination\", new()\n {\n DisplayName = \"BigQuery Destination\",\n Location = \"us-central1\",\n ConnectionProfileId = \"destination-profile\",\n BigqueryProfile = null,\n });\n\n var @default = new Gcp.Datastream.Stream(\"default\", new()\n {\n DisplayName = \"Postgres to BigQuery\",\n Location = \"us-central1\",\n StreamId = \"my-stream\",\n DesiredState = \"RUNNING\",\n SourceConfig = new Gcp.Datastream.Inputs.StreamSourceConfigArgs\n {\n SourceConnectionProfile = source.Id,\n PostgresqlSourceConfig = new Gcp.Datastream.Inputs.StreamSourceConfigPostgresqlSourceConfigArgs\n {\n MaxConcurrentBackfillTasks = 12,\n Publication = \"publication\",\n ReplicationSlot = \"replication_slot\",\n IncludeObjects = new Gcp.Datastream.Inputs.StreamSourceConfigPostgresqlSourceConfigIncludeObjectsArgs\n {\n PostgresqlSchemas = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigPostgresqlSourceConfigIncludeObjectsPostgresqlSchemaArgs\n {\n Schema = \"schema\",\n PostgresqlTables = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigPostgresqlSourceConfigIncludeObjectsPostgresqlSchemaPostgresqlTableArgs\n {\n Table = \"table\",\n PostgresqlColumns = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigPostgresqlSourceConfigIncludeObjectsPostgresqlSchemaPostgresqlTablePostgresqlColumnArgs\n {\n Column = \"column\",\n },\n },\n },\n },\n },\n },\n },\n ExcludeObjects = new Gcp.Datastream.Inputs.StreamSourceConfigPostgresqlSourceConfigExcludeObjectsArgs\n {\n PostgresqlSchemas = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigPostgresqlSourceConfigExcludeObjectsPostgresqlSchemaArgs\n {\n Schema = \"schema\",\n PostgresqlTables = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigPostgresqlSourceConfigExcludeObjectsPostgresqlSchemaPostgresqlTableArgs\n {\n Table = \"table\",\n PostgresqlColumns = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigPostgresqlSourceConfigExcludeObjectsPostgresqlSchemaPostgresqlTablePostgresqlColumnArgs\n {\n Column = \"column\",\n },\n },\n },\n },\n },\n },\n },\n },\n },\n DestinationConfig = new Gcp.Datastream.Inputs.StreamDestinationConfigArgs\n {\n DestinationConnectionProfile = destination.Id,\n BigqueryDestinationConfig = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigArgs\n {\n DataFreshness = \"900s\",\n SourceHierarchyDatasets = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs\n {\n DatasetTemplate = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs\n {\n Location = \"us-central1\",\n },\n },\n },\n },\n BackfillAll = new Gcp.Datastream.Inputs.StreamBackfillAllArgs\n {\n PostgresqlExcludedObjects = new Gcp.Datastream.Inputs.StreamBackfillAllPostgresqlExcludedObjectsArgs\n {\n PostgresqlSchemas = new[]\n {\n new Gcp.Datastream.Inputs.StreamBackfillAllPostgresqlExcludedObjectsPostgresqlSchemaArgs\n {\n Schema = \"schema\",\n PostgresqlTables = new[]\n {\n new Gcp.Datastream.Inputs.StreamBackfillAllPostgresqlExcludedObjectsPostgresqlSchemaPostgresqlTableArgs\n {\n Table = \"table\",\n PostgresqlColumns = new[]\n {\n new Gcp.Datastream.Inputs.StreamBackfillAllPostgresqlExcludedObjectsPostgresqlSchemaPostgresqlTablePostgresqlColumnArgs\n {\n Column = \"column\",\n },\n },\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datastream\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsource, err := datastream.NewConnectionProfile(ctx, \"source\", \u0026datastream.ConnectionProfileArgs{\n\t\t\tDisplayName: pulumi.String(\"Postgresql Source\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"source-profile\"),\n\t\t\tPostgresqlProfile: \u0026datastream.ConnectionProfilePostgresqlProfileArgs{\n\t\t\t\tHostname: pulumi.String(\"hostname\"),\n\t\t\t\tPort: pulumi.Int(5432),\n\t\t\t\tUsername: pulumi.String(\"user\"),\n\t\t\t\tPassword: pulumi.String(\"pass\"),\n\t\t\t\tDatabase: pulumi.String(\"postgres\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestination, err := datastream.NewConnectionProfile(ctx, \"destination\", \u0026datastream.ConnectionProfileArgs{\n\t\t\tDisplayName: pulumi.String(\"BigQuery Destination\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"destination-profile\"),\n\t\t\tBigqueryProfile: \u0026datastream.ConnectionProfileBigqueryProfileArgs{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datastream.NewStream(ctx, \"default\", \u0026datastream.StreamArgs{\n\t\t\tDisplayName: pulumi.String(\"Postgres to BigQuery\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tStreamId: pulumi.String(\"my-stream\"),\n\t\t\tDesiredState: pulumi.String(\"RUNNING\"),\n\t\t\tSourceConfig: \u0026datastream.StreamSourceConfigArgs{\n\t\t\t\tSourceConnectionProfile: source.ID(),\n\t\t\t\tPostgresqlSourceConfig: \u0026datastream.StreamSourceConfigPostgresqlSourceConfigArgs{\n\t\t\t\t\tMaxConcurrentBackfillTasks: pulumi.Int(12),\n\t\t\t\t\tPublication: pulumi.String(\"publication\"),\n\t\t\t\t\tReplicationSlot: pulumi.String(\"replication_slot\"),\n\t\t\t\t\tIncludeObjects: \u0026datastream.StreamSourceConfigPostgresqlSourceConfigIncludeObjectsArgs{\n\t\t\t\t\t\tPostgresqlSchemas: datastream.StreamSourceConfigPostgresqlSourceConfigIncludeObjectsPostgresqlSchemaArray{\n\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigPostgresqlSourceConfigIncludeObjectsPostgresqlSchemaArgs{\n\t\t\t\t\t\t\t\tSchema: pulumi.String(\"schema\"),\n\t\t\t\t\t\t\t\tPostgresqlTables: datastream.StreamSourceConfigPostgresqlSourceConfigIncludeObjectsPostgresqlSchemaPostgresqlTableArray{\n\t\t\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigPostgresqlSourceConfigIncludeObjectsPostgresqlSchemaPostgresqlTableArgs{\n\t\t\t\t\t\t\t\t\t\tTable: pulumi.String(\"table\"),\n\t\t\t\t\t\t\t\t\t\tPostgresqlColumns: datastream.StreamSourceConfigPostgresqlSourceConfigIncludeObjectsPostgresqlSchemaPostgresqlTablePostgresqlColumnArray{\n\t\t\t\t\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigPostgresqlSourceConfigIncludeObjectsPostgresqlSchemaPostgresqlTablePostgresqlColumnArgs{\n\t\t\t\t\t\t\t\t\t\t\t\tColumn: pulumi.String(\"column\"),\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tExcludeObjects: \u0026datastream.StreamSourceConfigPostgresqlSourceConfigExcludeObjectsArgs{\n\t\t\t\t\t\tPostgresqlSchemas: datastream.StreamSourceConfigPostgresqlSourceConfigExcludeObjectsPostgresqlSchemaArray{\n\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigPostgresqlSourceConfigExcludeObjectsPostgresqlSchemaArgs{\n\t\t\t\t\t\t\t\tSchema: pulumi.String(\"schema\"),\n\t\t\t\t\t\t\t\tPostgresqlTables: datastream.StreamSourceConfigPostgresqlSourceConfigExcludeObjectsPostgresqlSchemaPostgresqlTableArray{\n\t\t\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigPostgresqlSourceConfigExcludeObjectsPostgresqlSchemaPostgresqlTableArgs{\n\t\t\t\t\t\t\t\t\t\tTable: pulumi.String(\"table\"),\n\t\t\t\t\t\t\t\t\t\tPostgresqlColumns: datastream.StreamSourceConfigPostgresqlSourceConfigExcludeObjectsPostgresqlSchemaPostgresqlTablePostgresqlColumnArray{\n\t\t\t\t\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigPostgresqlSourceConfigExcludeObjectsPostgresqlSchemaPostgresqlTablePostgresqlColumnArgs{\n\t\t\t\t\t\t\t\t\t\t\t\tColumn: pulumi.String(\"column\"),\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDestinationConfig: \u0026datastream.StreamDestinationConfigArgs{\n\t\t\t\tDestinationConnectionProfile: destination.ID(),\n\t\t\t\tBigqueryDestinationConfig: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigArgs{\n\t\t\t\t\tDataFreshness: pulumi.String(\"900s\"),\n\t\t\t\t\tSourceHierarchyDatasets: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs{\n\t\t\t\t\t\tDatasetTemplate: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs{\n\t\t\t\t\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tBackfillAll: \u0026datastream.StreamBackfillAllArgs{\n\t\t\t\tPostgresqlExcludedObjects: \u0026datastream.StreamBackfillAllPostgresqlExcludedObjectsArgs{\n\t\t\t\t\tPostgresqlSchemas: datastream.StreamBackfillAllPostgresqlExcludedObjectsPostgresqlSchemaArray{\n\t\t\t\t\t\t\u0026datastream.StreamBackfillAllPostgresqlExcludedObjectsPostgresqlSchemaArgs{\n\t\t\t\t\t\t\tSchema: pulumi.String(\"schema\"),\n\t\t\t\t\t\t\tPostgresqlTables: datastream.StreamBackfillAllPostgresqlExcludedObjectsPostgresqlSchemaPostgresqlTableArray{\n\t\t\t\t\t\t\t\t\u0026datastream.StreamBackfillAllPostgresqlExcludedObjectsPostgresqlSchemaPostgresqlTableArgs{\n\t\t\t\t\t\t\t\t\tTable: pulumi.String(\"table\"),\n\t\t\t\t\t\t\t\t\tPostgresqlColumns: datastream.StreamBackfillAllPostgresqlExcludedObjectsPostgresqlSchemaPostgresqlTablePostgresqlColumnArray{\n\t\t\t\t\t\t\t\t\t\t\u0026datastream.StreamBackfillAllPostgresqlExcludedObjectsPostgresqlSchemaPostgresqlTablePostgresqlColumnArgs{\n\t\t\t\t\t\t\t\t\t\t\tColumn: pulumi.String(\"column\"),\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datastream.ConnectionProfile;\nimport com.pulumi.gcp.datastream.ConnectionProfileArgs;\nimport com.pulumi.gcp.datastream.inputs.ConnectionProfilePostgresqlProfileArgs;\nimport com.pulumi.gcp.datastream.inputs.ConnectionProfileBigqueryProfileArgs;\nimport com.pulumi.gcp.datastream.Stream;\nimport com.pulumi.gcp.datastream.StreamArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigPostgresqlSourceConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigPostgresqlSourceConfigIncludeObjectsArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigPostgresqlSourceConfigExcludeObjectsArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamBackfillAllArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamBackfillAllPostgresqlExcludedObjectsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var source = new ConnectionProfile(\"source\", ConnectionProfileArgs.builder()\n .displayName(\"Postgresql Source\")\n .location(\"us-central1\")\n .connectionProfileId(\"source-profile\")\n .postgresqlProfile(ConnectionProfilePostgresqlProfileArgs.builder()\n .hostname(\"hostname\")\n .port(5432)\n .username(\"user\")\n .password(\"pass\")\n .database(\"postgres\")\n .build())\n .build());\n\n var destination = new ConnectionProfile(\"destination\", ConnectionProfileArgs.builder()\n .displayName(\"BigQuery Destination\")\n .location(\"us-central1\")\n .connectionProfileId(\"destination-profile\")\n .bigqueryProfile()\n .build());\n\n var default_ = new Stream(\"default\", StreamArgs.builder()\n .displayName(\"Postgres to BigQuery\")\n .location(\"us-central1\")\n .streamId(\"my-stream\")\n .desiredState(\"RUNNING\")\n .sourceConfig(StreamSourceConfigArgs.builder()\n .sourceConnectionProfile(source.id())\n .postgresqlSourceConfig(StreamSourceConfigPostgresqlSourceConfigArgs.builder()\n .maxConcurrentBackfillTasks(12)\n .publication(\"publication\")\n .replicationSlot(\"replication_slot\")\n .includeObjects(StreamSourceConfigPostgresqlSourceConfigIncludeObjectsArgs.builder()\n .postgresqlSchemas(StreamSourceConfigPostgresqlSourceConfigIncludeObjectsPostgresqlSchemaArgs.builder()\n .schema(\"schema\")\n .postgresqlTables(StreamSourceConfigPostgresqlSourceConfigIncludeObjectsPostgresqlSchemaPostgresqlTableArgs.builder()\n .table(\"table\")\n .postgresqlColumns(StreamSourceConfigPostgresqlSourceConfigIncludeObjectsPostgresqlSchemaPostgresqlTablePostgresqlColumnArgs.builder()\n .column(\"column\")\n .build())\n .build())\n .build())\n .build())\n .excludeObjects(StreamSourceConfigPostgresqlSourceConfigExcludeObjectsArgs.builder()\n .postgresqlSchemas(StreamSourceConfigPostgresqlSourceConfigExcludeObjectsPostgresqlSchemaArgs.builder()\n .schema(\"schema\")\n .postgresqlTables(StreamSourceConfigPostgresqlSourceConfigExcludeObjectsPostgresqlSchemaPostgresqlTableArgs.builder()\n .table(\"table\")\n .postgresqlColumns(StreamSourceConfigPostgresqlSourceConfigExcludeObjectsPostgresqlSchemaPostgresqlTablePostgresqlColumnArgs.builder()\n .column(\"column\")\n .build())\n .build())\n .build())\n .build())\n .build())\n .build())\n .destinationConfig(StreamDestinationConfigArgs.builder()\n .destinationConnectionProfile(destination.id())\n .bigqueryDestinationConfig(StreamDestinationConfigBigqueryDestinationConfigArgs.builder()\n .dataFreshness(\"900s\")\n .sourceHierarchyDatasets(StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs.builder()\n .datasetTemplate(StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs.builder()\n .location(\"us-central1\")\n .build())\n .build())\n .build())\n .build())\n .backfillAll(StreamBackfillAllArgs.builder()\n .postgresqlExcludedObjects(StreamBackfillAllPostgresqlExcludedObjectsArgs.builder()\n .postgresqlSchemas(StreamBackfillAllPostgresqlExcludedObjectsPostgresqlSchemaArgs.builder()\n .schema(\"schema\")\n .postgresqlTables(StreamBackfillAllPostgresqlExcludedObjectsPostgresqlSchemaPostgresqlTableArgs.builder()\n .table(\"table\")\n .postgresqlColumns(StreamBackfillAllPostgresqlExcludedObjectsPostgresqlSchemaPostgresqlTablePostgresqlColumnArgs.builder()\n .column(\"column\")\n .build())\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n source:\n type: gcp:datastream:ConnectionProfile\n properties:\n displayName: Postgresql Source\n location: us-central1\n connectionProfileId: source-profile\n postgresqlProfile:\n hostname: hostname\n port: 5432\n username: user\n password: pass\n database: postgres\n destination:\n type: gcp:datastream:ConnectionProfile\n properties:\n displayName: BigQuery Destination\n location: us-central1\n connectionProfileId: destination-profile\n bigqueryProfile: {}\n default:\n type: gcp:datastream:Stream\n properties:\n displayName: Postgres to BigQuery\n location: us-central1\n streamId: my-stream\n desiredState: RUNNING\n sourceConfig:\n sourceConnectionProfile: ${source.id}\n postgresqlSourceConfig:\n maxConcurrentBackfillTasks: 12\n publication: publication\n replicationSlot: replication_slot\n includeObjects:\n postgresqlSchemas:\n - schema: schema\n postgresqlTables:\n - table: table\n postgresqlColumns:\n - column: column\n excludeObjects:\n postgresqlSchemas:\n - schema: schema\n postgresqlTables:\n - table: table\n postgresqlColumns:\n - column: column\n destinationConfig:\n destinationConnectionProfile: ${destination.id}\n bigqueryDestinationConfig:\n dataFreshness: 900s\n sourceHierarchyDatasets:\n datasetTemplate:\n location: us-central1\n backfillAll:\n postgresqlExcludedObjects:\n postgresqlSchemas:\n - schema: schema\n postgresqlTables:\n - table: table\n postgresqlColumns:\n - column: column\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Datastream Stream Oracle\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst source = new gcp.datastream.ConnectionProfile(\"source\", {\n displayName: \"Oracle Source\",\n location: \"us-central1\",\n connectionProfileId: \"source-profile\",\n oracleProfile: {\n hostname: \"hostname\",\n port: 1521,\n username: \"user\",\n password: \"pass\",\n databaseService: \"ORCL\",\n },\n});\nconst destination = new gcp.datastream.ConnectionProfile(\"destination\", {\n displayName: \"BigQuery Destination\",\n location: \"us-central1\",\n connectionProfileId: \"destination-profile\",\n bigqueryProfile: {},\n});\nconst stream5 = new gcp.datastream.Stream(\"stream5\", {\n displayName: \"Oracle to BigQuery\",\n location: \"us-central1\",\n streamId: \"my-stream\",\n desiredState: \"RUNNING\",\n sourceConfig: {\n sourceConnectionProfile: source.id,\n oracleSourceConfig: {\n maxConcurrentCdcTasks: 8,\n maxConcurrentBackfillTasks: 12,\n includeObjects: {\n oracleSchemas: [{\n schema: \"schema\",\n oracleTables: [{\n table: \"table\",\n oracleColumns: [{\n column: \"column\",\n }],\n }],\n }],\n },\n excludeObjects: {\n oracleSchemas: [{\n schema: \"schema\",\n oracleTables: [{\n table: \"table\",\n oracleColumns: [{\n column: \"column\",\n }],\n }],\n }],\n },\n dropLargeObjects: {},\n },\n },\n destinationConfig: {\n destinationConnectionProfile: destination.id,\n bigqueryDestinationConfig: {\n dataFreshness: \"900s\",\n sourceHierarchyDatasets: {\n datasetTemplate: {\n location: \"us-central1\",\n },\n },\n },\n },\n backfillAll: {\n oracleExcludedObjects: {\n oracleSchemas: [{\n schema: \"schema\",\n oracleTables: [{\n table: \"table\",\n oracleColumns: [{\n column: \"column\",\n }],\n }],\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsource = gcp.datastream.ConnectionProfile(\"source\",\n display_name=\"Oracle Source\",\n location=\"us-central1\",\n connection_profile_id=\"source-profile\",\n oracle_profile={\n \"hostname\": \"hostname\",\n \"port\": 1521,\n \"username\": \"user\",\n \"password\": \"pass\",\n \"database_service\": \"ORCL\",\n })\ndestination = gcp.datastream.ConnectionProfile(\"destination\",\n display_name=\"BigQuery Destination\",\n location=\"us-central1\",\n connection_profile_id=\"destination-profile\",\n bigquery_profile={})\nstream5 = gcp.datastream.Stream(\"stream5\",\n display_name=\"Oracle to BigQuery\",\n location=\"us-central1\",\n stream_id=\"my-stream\",\n desired_state=\"RUNNING\",\n source_config={\n \"source_connection_profile\": source.id,\n \"oracle_source_config\": {\n \"max_concurrent_cdc_tasks\": 8,\n \"max_concurrent_backfill_tasks\": 12,\n \"include_objects\": {\n \"oracle_schemas\": [{\n \"schema\": \"schema\",\n \"oracle_tables\": [{\n \"table\": \"table\",\n \"oracle_columns\": [{\n \"column\": \"column\",\n }],\n }],\n }],\n },\n \"exclude_objects\": {\n \"oracle_schemas\": [{\n \"schema\": \"schema\",\n \"oracle_tables\": [{\n \"table\": \"table\",\n \"oracle_columns\": [{\n \"column\": \"column\",\n }],\n }],\n }],\n },\n \"drop_large_objects\": {},\n },\n },\n destination_config={\n \"destination_connection_profile\": destination.id,\n \"bigquery_destination_config\": {\n \"data_freshness\": \"900s\",\n \"source_hierarchy_datasets\": {\n \"dataset_template\": {\n \"location\": \"us-central1\",\n },\n },\n },\n },\n backfill_all={\n \"oracle_excluded_objects\": {\n \"oracle_schemas\": [{\n \"schema\": \"schema\",\n \"oracle_tables\": [{\n \"table\": \"table\",\n \"oracle_columns\": [{\n \"column\": \"column\",\n }],\n }],\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var source = new Gcp.Datastream.ConnectionProfile(\"source\", new()\n {\n DisplayName = \"Oracle Source\",\n Location = \"us-central1\",\n ConnectionProfileId = \"source-profile\",\n OracleProfile = new Gcp.Datastream.Inputs.ConnectionProfileOracleProfileArgs\n {\n Hostname = \"hostname\",\n Port = 1521,\n Username = \"user\",\n Password = \"pass\",\n DatabaseService = \"ORCL\",\n },\n });\n\n var destination = new Gcp.Datastream.ConnectionProfile(\"destination\", new()\n {\n DisplayName = \"BigQuery Destination\",\n Location = \"us-central1\",\n ConnectionProfileId = \"destination-profile\",\n BigqueryProfile = null,\n });\n\n var stream5 = new Gcp.Datastream.Stream(\"stream5\", new()\n {\n DisplayName = \"Oracle to BigQuery\",\n Location = \"us-central1\",\n StreamId = \"my-stream\",\n DesiredState = \"RUNNING\",\n SourceConfig = new Gcp.Datastream.Inputs.StreamSourceConfigArgs\n {\n SourceConnectionProfile = source.Id,\n OracleSourceConfig = new Gcp.Datastream.Inputs.StreamSourceConfigOracleSourceConfigArgs\n {\n MaxConcurrentCdcTasks = 8,\n MaxConcurrentBackfillTasks = 12,\n IncludeObjects = new Gcp.Datastream.Inputs.StreamSourceConfigOracleSourceConfigIncludeObjectsArgs\n {\n OracleSchemas = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigOracleSourceConfigIncludeObjectsOracleSchemaArgs\n {\n Schema = \"schema\",\n OracleTables = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigOracleSourceConfigIncludeObjectsOracleSchemaOracleTableArgs\n {\n Table = \"table\",\n OracleColumns = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigOracleSourceConfigIncludeObjectsOracleSchemaOracleTableOracleColumnArgs\n {\n Column = \"column\",\n },\n },\n },\n },\n },\n },\n },\n ExcludeObjects = new Gcp.Datastream.Inputs.StreamSourceConfigOracleSourceConfigExcludeObjectsArgs\n {\n OracleSchemas = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigOracleSourceConfigExcludeObjectsOracleSchemaArgs\n {\n Schema = \"schema\",\n OracleTables = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigOracleSourceConfigExcludeObjectsOracleSchemaOracleTableArgs\n {\n Table = \"table\",\n OracleColumns = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigOracleSourceConfigExcludeObjectsOracleSchemaOracleTableOracleColumnArgs\n {\n Column = \"column\",\n },\n },\n },\n },\n },\n },\n },\n DropLargeObjects = null,\n },\n },\n DestinationConfig = new Gcp.Datastream.Inputs.StreamDestinationConfigArgs\n {\n DestinationConnectionProfile = destination.Id,\n BigqueryDestinationConfig = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigArgs\n {\n DataFreshness = \"900s\",\n SourceHierarchyDatasets = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs\n {\n DatasetTemplate = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs\n {\n Location = \"us-central1\",\n },\n },\n },\n },\n BackfillAll = new Gcp.Datastream.Inputs.StreamBackfillAllArgs\n {\n OracleExcludedObjects = new Gcp.Datastream.Inputs.StreamBackfillAllOracleExcludedObjectsArgs\n {\n OracleSchemas = new[]\n {\n new Gcp.Datastream.Inputs.StreamBackfillAllOracleExcludedObjectsOracleSchemaArgs\n {\n Schema = \"schema\",\n OracleTables = new[]\n {\n new Gcp.Datastream.Inputs.StreamBackfillAllOracleExcludedObjectsOracleSchemaOracleTableArgs\n {\n Table = \"table\",\n OracleColumns = new[]\n {\n new Gcp.Datastream.Inputs.StreamBackfillAllOracleExcludedObjectsOracleSchemaOracleTableOracleColumnArgs\n {\n Column = \"column\",\n },\n },\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datastream\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsource, err := datastream.NewConnectionProfile(ctx, \"source\", \u0026datastream.ConnectionProfileArgs{\n\t\t\tDisplayName: pulumi.String(\"Oracle Source\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"source-profile\"),\n\t\t\tOracleProfile: \u0026datastream.ConnectionProfileOracleProfileArgs{\n\t\t\t\tHostname: pulumi.String(\"hostname\"),\n\t\t\t\tPort: pulumi.Int(1521),\n\t\t\t\tUsername: pulumi.String(\"user\"),\n\t\t\t\tPassword: pulumi.String(\"pass\"),\n\t\t\t\tDatabaseService: pulumi.String(\"ORCL\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestination, err := datastream.NewConnectionProfile(ctx, \"destination\", \u0026datastream.ConnectionProfileArgs{\n\t\t\tDisplayName: pulumi.String(\"BigQuery Destination\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"destination-profile\"),\n\t\t\tBigqueryProfile: \u0026datastream.ConnectionProfileBigqueryProfileArgs{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datastream.NewStream(ctx, \"stream5\", \u0026datastream.StreamArgs{\n\t\t\tDisplayName: pulumi.String(\"Oracle to BigQuery\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tStreamId: pulumi.String(\"my-stream\"),\n\t\t\tDesiredState: pulumi.String(\"RUNNING\"),\n\t\t\tSourceConfig: \u0026datastream.StreamSourceConfigArgs{\n\t\t\t\tSourceConnectionProfile: source.ID(),\n\t\t\t\tOracleSourceConfig: \u0026datastream.StreamSourceConfigOracleSourceConfigArgs{\n\t\t\t\t\tMaxConcurrentCdcTasks: pulumi.Int(8),\n\t\t\t\t\tMaxConcurrentBackfillTasks: pulumi.Int(12),\n\t\t\t\t\tIncludeObjects: \u0026datastream.StreamSourceConfigOracleSourceConfigIncludeObjectsArgs{\n\t\t\t\t\t\tOracleSchemas: datastream.StreamSourceConfigOracleSourceConfigIncludeObjectsOracleSchemaArray{\n\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigOracleSourceConfigIncludeObjectsOracleSchemaArgs{\n\t\t\t\t\t\t\t\tSchema: pulumi.String(\"schema\"),\n\t\t\t\t\t\t\t\tOracleTables: datastream.StreamSourceConfigOracleSourceConfigIncludeObjectsOracleSchemaOracleTableArray{\n\t\t\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigOracleSourceConfigIncludeObjectsOracleSchemaOracleTableArgs{\n\t\t\t\t\t\t\t\t\t\tTable: pulumi.String(\"table\"),\n\t\t\t\t\t\t\t\t\t\tOracleColumns: datastream.StreamSourceConfigOracleSourceConfigIncludeObjectsOracleSchemaOracleTableOracleColumnArray{\n\t\t\t\t\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigOracleSourceConfigIncludeObjectsOracleSchemaOracleTableOracleColumnArgs{\n\t\t\t\t\t\t\t\t\t\t\t\tColumn: pulumi.String(\"column\"),\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tExcludeObjects: \u0026datastream.StreamSourceConfigOracleSourceConfigExcludeObjectsArgs{\n\t\t\t\t\t\tOracleSchemas: datastream.StreamSourceConfigOracleSourceConfigExcludeObjectsOracleSchemaArray{\n\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigOracleSourceConfigExcludeObjectsOracleSchemaArgs{\n\t\t\t\t\t\t\t\tSchema: pulumi.String(\"schema\"),\n\t\t\t\t\t\t\t\tOracleTables: datastream.StreamSourceConfigOracleSourceConfigExcludeObjectsOracleSchemaOracleTableArray{\n\t\t\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigOracleSourceConfigExcludeObjectsOracleSchemaOracleTableArgs{\n\t\t\t\t\t\t\t\t\t\tTable: pulumi.String(\"table\"),\n\t\t\t\t\t\t\t\t\t\tOracleColumns: datastream.StreamSourceConfigOracleSourceConfigExcludeObjectsOracleSchemaOracleTableOracleColumnArray{\n\t\t\t\t\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigOracleSourceConfigExcludeObjectsOracleSchemaOracleTableOracleColumnArgs{\n\t\t\t\t\t\t\t\t\t\t\t\tColumn: pulumi.String(\"column\"),\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tDropLargeObjects: \u0026datastream.StreamSourceConfigOracleSourceConfigDropLargeObjectsArgs{},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDestinationConfig: \u0026datastream.StreamDestinationConfigArgs{\n\t\t\t\tDestinationConnectionProfile: destination.ID(),\n\t\t\t\tBigqueryDestinationConfig: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigArgs{\n\t\t\t\t\tDataFreshness: pulumi.String(\"900s\"),\n\t\t\t\t\tSourceHierarchyDatasets: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs{\n\t\t\t\t\t\tDatasetTemplate: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs{\n\t\t\t\t\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tBackfillAll: \u0026datastream.StreamBackfillAllArgs{\n\t\t\t\tOracleExcludedObjects: \u0026datastream.StreamBackfillAllOracleExcludedObjectsArgs{\n\t\t\t\t\tOracleSchemas: datastream.StreamBackfillAllOracleExcludedObjectsOracleSchemaArray{\n\t\t\t\t\t\t\u0026datastream.StreamBackfillAllOracleExcludedObjectsOracleSchemaArgs{\n\t\t\t\t\t\t\tSchema: pulumi.String(\"schema\"),\n\t\t\t\t\t\t\tOracleTables: datastream.StreamBackfillAllOracleExcludedObjectsOracleSchemaOracleTableArray{\n\t\t\t\t\t\t\t\t\u0026datastream.StreamBackfillAllOracleExcludedObjectsOracleSchemaOracleTableArgs{\n\t\t\t\t\t\t\t\t\tTable: pulumi.String(\"table\"),\n\t\t\t\t\t\t\t\t\tOracleColumns: datastream.StreamBackfillAllOracleExcludedObjectsOracleSchemaOracleTableOracleColumnArray{\n\t\t\t\t\t\t\t\t\t\t\u0026datastream.StreamBackfillAllOracleExcludedObjectsOracleSchemaOracleTableOracleColumnArgs{\n\t\t\t\t\t\t\t\t\t\t\tColumn: pulumi.String(\"column\"),\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datastream.ConnectionProfile;\nimport com.pulumi.gcp.datastream.ConnectionProfileArgs;\nimport com.pulumi.gcp.datastream.inputs.ConnectionProfileOracleProfileArgs;\nimport com.pulumi.gcp.datastream.inputs.ConnectionProfileBigqueryProfileArgs;\nimport com.pulumi.gcp.datastream.Stream;\nimport com.pulumi.gcp.datastream.StreamArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigOracleSourceConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigOracleSourceConfigIncludeObjectsArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigOracleSourceConfigExcludeObjectsArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigOracleSourceConfigDropLargeObjectsArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamBackfillAllArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamBackfillAllOracleExcludedObjectsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var source = new ConnectionProfile(\"source\", ConnectionProfileArgs.builder()\n .displayName(\"Oracle Source\")\n .location(\"us-central1\")\n .connectionProfileId(\"source-profile\")\n .oracleProfile(ConnectionProfileOracleProfileArgs.builder()\n .hostname(\"hostname\")\n .port(1521)\n .username(\"user\")\n .password(\"pass\")\n .databaseService(\"ORCL\")\n .build())\n .build());\n\n var destination = new ConnectionProfile(\"destination\", ConnectionProfileArgs.builder()\n .displayName(\"BigQuery Destination\")\n .location(\"us-central1\")\n .connectionProfileId(\"destination-profile\")\n .bigqueryProfile()\n .build());\n\n var stream5 = new Stream(\"stream5\", StreamArgs.builder()\n .displayName(\"Oracle to BigQuery\")\n .location(\"us-central1\")\n .streamId(\"my-stream\")\n .desiredState(\"RUNNING\")\n .sourceConfig(StreamSourceConfigArgs.builder()\n .sourceConnectionProfile(source.id())\n .oracleSourceConfig(StreamSourceConfigOracleSourceConfigArgs.builder()\n .maxConcurrentCdcTasks(8)\n .maxConcurrentBackfillTasks(12)\n .includeObjects(StreamSourceConfigOracleSourceConfigIncludeObjectsArgs.builder()\n .oracleSchemas(StreamSourceConfigOracleSourceConfigIncludeObjectsOracleSchemaArgs.builder()\n .schema(\"schema\")\n .oracleTables(StreamSourceConfigOracleSourceConfigIncludeObjectsOracleSchemaOracleTableArgs.builder()\n .table(\"table\")\n .oracleColumns(StreamSourceConfigOracleSourceConfigIncludeObjectsOracleSchemaOracleTableOracleColumnArgs.builder()\n .column(\"column\")\n .build())\n .build())\n .build())\n .build())\n .excludeObjects(StreamSourceConfigOracleSourceConfigExcludeObjectsArgs.builder()\n .oracleSchemas(StreamSourceConfigOracleSourceConfigExcludeObjectsOracleSchemaArgs.builder()\n .schema(\"schema\")\n .oracleTables(StreamSourceConfigOracleSourceConfigExcludeObjectsOracleSchemaOracleTableArgs.builder()\n .table(\"table\")\n .oracleColumns(StreamSourceConfigOracleSourceConfigExcludeObjectsOracleSchemaOracleTableOracleColumnArgs.builder()\n .column(\"column\")\n .build())\n .build())\n .build())\n .build())\n .dropLargeObjects()\n .build())\n .build())\n .destinationConfig(StreamDestinationConfigArgs.builder()\n .destinationConnectionProfile(destination.id())\n .bigqueryDestinationConfig(StreamDestinationConfigBigqueryDestinationConfigArgs.builder()\n .dataFreshness(\"900s\")\n .sourceHierarchyDatasets(StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs.builder()\n .datasetTemplate(StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs.builder()\n .location(\"us-central1\")\n .build())\n .build())\n .build())\n .build())\n .backfillAll(StreamBackfillAllArgs.builder()\n .oracleExcludedObjects(StreamBackfillAllOracleExcludedObjectsArgs.builder()\n .oracleSchemas(StreamBackfillAllOracleExcludedObjectsOracleSchemaArgs.builder()\n .schema(\"schema\")\n .oracleTables(StreamBackfillAllOracleExcludedObjectsOracleSchemaOracleTableArgs.builder()\n .table(\"table\")\n .oracleColumns(StreamBackfillAllOracleExcludedObjectsOracleSchemaOracleTableOracleColumnArgs.builder()\n .column(\"column\")\n .build())\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n source:\n type: gcp:datastream:ConnectionProfile\n properties:\n displayName: Oracle Source\n location: us-central1\n connectionProfileId: source-profile\n oracleProfile:\n hostname: hostname\n port: 1521\n username: user\n password: pass\n databaseService: ORCL\n destination:\n type: gcp:datastream:ConnectionProfile\n properties:\n displayName: BigQuery Destination\n location: us-central1\n connectionProfileId: destination-profile\n bigqueryProfile: {}\n stream5:\n type: gcp:datastream:Stream\n properties:\n displayName: Oracle to BigQuery\n location: us-central1\n streamId: my-stream\n desiredState: RUNNING\n sourceConfig:\n sourceConnectionProfile: ${source.id}\n oracleSourceConfig:\n maxConcurrentCdcTasks: 8\n maxConcurrentBackfillTasks: 12\n includeObjects:\n oracleSchemas:\n - schema: schema\n oracleTables:\n - table: table\n oracleColumns:\n - column: column\n excludeObjects:\n oracleSchemas:\n - schema: schema\n oracleTables:\n - table: table\n oracleColumns:\n - column: column\n dropLargeObjects: {}\n destinationConfig:\n destinationConnectionProfile: ${destination.id}\n bigqueryDestinationConfig:\n dataFreshness: 900s\n sourceHierarchyDatasets:\n datasetTemplate:\n location: us-central1\n backfillAll:\n oracleExcludedObjects:\n oracleSchemas:\n - schema: schema\n oracleTables:\n - table: table\n oracleColumns:\n - column: column\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Datastream Stream Sql Server\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.sql.DatabaseInstance(\"instance\", {\n name: \"sql-server\",\n databaseVersion: \"SQLSERVER_2019_STANDARD\",\n region: \"us-central1\",\n rootPassword: \"root-password\",\n deletionProtection: true,\n settings: {\n tier: \"db-custom-2-4096\",\n ipConfiguration: {\n authorizedNetworks: [\n {\n value: \"34.71.242.81\",\n },\n {\n value: \"34.72.28.29\",\n },\n {\n value: \"34.67.6.157\",\n },\n {\n value: \"34.67.234.134\",\n },\n {\n value: \"34.72.239.218\",\n },\n ],\n },\n },\n});\nconst user = new gcp.sql.User(\"user\", {\n name: \"user\",\n instance: instance.name,\n password: \"password\",\n});\nconst db = new gcp.sql.Database(\"db\", {\n name: \"db\",\n instance: instance.name,\n}, {\n dependsOn: [user],\n});\nconst source = new gcp.datastream.ConnectionProfile(\"source\", {\n displayName: \"SQL Server Source\",\n location: \"us-central1\",\n connectionProfileId: \"source-profile\",\n sqlServerProfile: {\n hostname: instance.publicIpAddress,\n port: 1433,\n username: user.name,\n password: user.password,\n database: db.name,\n },\n});\nconst destination = new gcp.datastream.ConnectionProfile(\"destination\", {\n displayName: \"BigQuery Destination\",\n location: \"us-central1\",\n connectionProfileId: \"destination-profile\",\n bigqueryProfile: {},\n});\nconst _default = new gcp.datastream.Stream(\"default\", {\n displayName: \"SQL Server to BigQuery\",\n location: \"us-central1\",\n streamId: \"stream\",\n sourceConfig: {\n sourceConnectionProfile: source.id,\n sqlServerSourceConfig: {\n includeObjects: {\n schemas: [{\n schema: \"schema\",\n tables: [{\n table: \"table\",\n }],\n }],\n },\n transactionLogs: {},\n },\n },\n destinationConfig: {\n destinationConnectionProfile: destination.id,\n bigqueryDestinationConfig: {\n dataFreshness: \"900s\",\n sourceHierarchyDatasets: {\n datasetTemplate: {\n location: \"us-central1\",\n },\n },\n },\n },\n backfillNone: {},\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.sql.DatabaseInstance(\"instance\",\n name=\"sql-server\",\n database_version=\"SQLSERVER_2019_STANDARD\",\n region=\"us-central1\",\n root_password=\"root-password\",\n deletion_protection=True,\n settings={\n \"tier\": \"db-custom-2-4096\",\n \"ip_configuration\": {\n \"authorized_networks\": [\n {\n \"value\": \"34.71.242.81\",\n },\n {\n \"value\": \"34.72.28.29\",\n },\n {\n \"value\": \"34.67.6.157\",\n },\n {\n \"value\": \"34.67.234.134\",\n },\n {\n \"value\": \"34.72.239.218\",\n },\n ],\n },\n })\nuser = gcp.sql.User(\"user\",\n name=\"user\",\n instance=instance.name,\n password=\"password\")\ndb = gcp.sql.Database(\"db\",\n name=\"db\",\n instance=instance.name,\n opts = pulumi.ResourceOptions(depends_on=[user]))\nsource = gcp.datastream.ConnectionProfile(\"source\",\n display_name=\"SQL Server Source\",\n location=\"us-central1\",\n connection_profile_id=\"source-profile\",\n sql_server_profile={\n \"hostname\": instance.public_ip_address,\n \"port\": 1433,\n \"username\": user.name,\n \"password\": user.password,\n \"database\": db.name,\n })\ndestination = gcp.datastream.ConnectionProfile(\"destination\",\n display_name=\"BigQuery Destination\",\n location=\"us-central1\",\n connection_profile_id=\"destination-profile\",\n bigquery_profile={})\ndefault = gcp.datastream.Stream(\"default\",\n display_name=\"SQL Server to BigQuery\",\n location=\"us-central1\",\n stream_id=\"stream\",\n source_config={\n \"source_connection_profile\": source.id,\n \"sql_server_source_config\": {\n \"include_objects\": {\n \"schemas\": [{\n \"schema\": \"schema\",\n \"tables\": [{\n \"table\": \"table\",\n }],\n }],\n },\n \"transaction_logs\": {},\n },\n },\n destination_config={\n \"destination_connection_profile\": destination.id,\n \"bigquery_destination_config\": {\n \"data_freshness\": \"900s\",\n \"source_hierarchy_datasets\": {\n \"dataset_template\": {\n \"location\": \"us-central1\",\n },\n },\n },\n },\n backfill_none={})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Sql.DatabaseInstance(\"instance\", new()\n {\n Name = \"sql-server\",\n DatabaseVersion = \"SQLSERVER_2019_STANDARD\",\n Region = \"us-central1\",\n RootPassword = \"root-password\",\n DeletionProtection = true,\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-custom-2-4096\",\n IpConfiguration = new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationArgs\n {\n AuthorizedNetworks = new[]\n {\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.71.242.81\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.72.28.29\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.67.6.157\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.67.234.134\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.72.239.218\",\n },\n },\n },\n },\n });\n\n var user = new Gcp.Sql.User(\"user\", new()\n {\n Name = \"user\",\n Instance = instance.Name,\n Password = \"password\",\n });\n\n var db = new Gcp.Sql.Database(\"db\", new()\n {\n Name = \"db\",\n Instance = instance.Name,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n user,\n },\n });\n\n var source = new Gcp.Datastream.ConnectionProfile(\"source\", new()\n {\n DisplayName = \"SQL Server Source\",\n Location = \"us-central1\",\n ConnectionProfileId = \"source-profile\",\n SqlServerProfile = new Gcp.Datastream.Inputs.ConnectionProfileSqlServerProfileArgs\n {\n Hostname = instance.PublicIpAddress,\n Port = 1433,\n Username = user.Name,\n Password = user.Password,\n Database = db.Name,\n },\n });\n\n var destination = new Gcp.Datastream.ConnectionProfile(\"destination\", new()\n {\n DisplayName = \"BigQuery Destination\",\n Location = \"us-central1\",\n ConnectionProfileId = \"destination-profile\",\n BigqueryProfile = null,\n });\n\n var @default = new Gcp.Datastream.Stream(\"default\", new()\n {\n DisplayName = \"SQL Server to BigQuery\",\n Location = \"us-central1\",\n StreamId = \"stream\",\n SourceConfig = new Gcp.Datastream.Inputs.StreamSourceConfigArgs\n {\n SourceConnectionProfile = source.Id,\n SqlServerSourceConfig = new Gcp.Datastream.Inputs.StreamSourceConfigSqlServerSourceConfigArgs\n {\n IncludeObjects = new Gcp.Datastream.Inputs.StreamSourceConfigSqlServerSourceConfigIncludeObjectsArgs\n {\n Schemas = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigSqlServerSourceConfigIncludeObjectsSchemaArgs\n {\n Schema = \"schema\",\n Tables = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigSqlServerSourceConfigIncludeObjectsSchemaTableArgs\n {\n Table = \"table\",\n },\n },\n },\n },\n },\n TransactionLogs = null,\n },\n },\n DestinationConfig = new Gcp.Datastream.Inputs.StreamDestinationConfigArgs\n {\n DestinationConnectionProfile = destination.Id,\n BigqueryDestinationConfig = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigArgs\n {\n DataFreshness = \"900s\",\n SourceHierarchyDatasets = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs\n {\n DatasetTemplate = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs\n {\n Location = \"us-central1\",\n },\n },\n },\n },\n BackfillNone = null,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datastream\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinstance, err := sql.NewDatabaseInstance(ctx, \"instance\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"sql-server\"),\n\t\t\tDatabaseVersion: pulumi.String(\"SQLSERVER_2019_STANDARD\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tRootPassword: pulumi.String(\"root-password\"),\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-custom-2-4096\"),\n\t\t\t\tIpConfiguration: \u0026sql.DatabaseInstanceSettingsIpConfigurationArgs{\n\t\t\t\t\tAuthorizedNetworks: sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArray{\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.71.242.81\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.72.28.29\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.67.6.157\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.67.234.134\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.72.239.218\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := sql.NewUser(ctx, \"user\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"user\"),\n\t\t\tInstance: instance.Name,\n\t\t\tPassword: pulumi.String(\"password\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdb, err := sql.NewDatabase(ctx, \"db\", \u0026sql.DatabaseArgs{\n\t\t\tName: pulumi.String(\"db\"),\n\t\t\tInstance: instance.Name,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tuser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsource, err := datastream.NewConnectionProfile(ctx, \"source\", \u0026datastream.ConnectionProfileArgs{\n\t\t\tDisplayName: pulumi.String(\"SQL Server Source\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"source-profile\"),\n\t\t\tSqlServerProfile: \u0026datastream.ConnectionProfileSqlServerProfileArgs{\n\t\t\t\tHostname: instance.PublicIpAddress,\n\t\t\t\tPort: pulumi.Int(1433),\n\t\t\t\tUsername: user.Name,\n\t\t\t\tPassword: user.Password,\n\t\t\t\tDatabase: db.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestination, err := datastream.NewConnectionProfile(ctx, \"destination\", \u0026datastream.ConnectionProfileArgs{\n\t\t\tDisplayName: pulumi.String(\"BigQuery Destination\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"destination-profile\"),\n\t\t\tBigqueryProfile: \u0026datastream.ConnectionProfileBigqueryProfileArgs{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datastream.NewStream(ctx, \"default\", \u0026datastream.StreamArgs{\n\t\t\tDisplayName: pulumi.String(\"SQL Server to BigQuery\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tStreamId: pulumi.String(\"stream\"),\n\t\t\tSourceConfig: \u0026datastream.StreamSourceConfigArgs{\n\t\t\t\tSourceConnectionProfile: source.ID(),\n\t\t\t\tSqlServerSourceConfig: \u0026datastream.StreamSourceConfigSqlServerSourceConfigArgs{\n\t\t\t\t\tIncludeObjects: \u0026datastream.StreamSourceConfigSqlServerSourceConfigIncludeObjectsArgs{\n\t\t\t\t\t\tSchemas: datastream.StreamSourceConfigSqlServerSourceConfigIncludeObjectsSchemaArray{\n\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigSqlServerSourceConfigIncludeObjectsSchemaArgs{\n\t\t\t\t\t\t\t\tSchema: pulumi.String(\"schema\"),\n\t\t\t\t\t\t\t\tTables: datastream.StreamSourceConfigSqlServerSourceConfigIncludeObjectsSchemaTableArray{\n\t\t\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigSqlServerSourceConfigIncludeObjectsSchemaTableArgs{\n\t\t\t\t\t\t\t\t\t\tTable: pulumi.String(\"table\"),\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tTransactionLogs: \u0026datastream.StreamSourceConfigSqlServerSourceConfigTransactionLogsArgs{},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDestinationConfig: \u0026datastream.StreamDestinationConfigArgs{\n\t\t\t\tDestinationConnectionProfile: destination.ID(),\n\t\t\t\tBigqueryDestinationConfig: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigArgs{\n\t\t\t\t\tDataFreshness: pulumi.String(\"900s\"),\n\t\t\t\t\tSourceHierarchyDatasets: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs{\n\t\t\t\t\t\tDatasetTemplate: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs{\n\t\t\t\t\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tBackfillNone: \u0026datastream.StreamBackfillNoneArgs{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsIpConfigurationArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport com.pulumi.gcp.sql.Database;\nimport com.pulumi.gcp.sql.DatabaseArgs;\nimport com.pulumi.gcp.datastream.ConnectionProfile;\nimport com.pulumi.gcp.datastream.ConnectionProfileArgs;\nimport com.pulumi.gcp.datastream.inputs.ConnectionProfileSqlServerProfileArgs;\nimport com.pulumi.gcp.datastream.inputs.ConnectionProfileBigqueryProfileArgs;\nimport com.pulumi.gcp.datastream.Stream;\nimport com.pulumi.gcp.datastream.StreamArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigSqlServerSourceConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigSqlServerSourceConfigIncludeObjectsArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigSqlServerSourceConfigTransactionLogsArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamBackfillNoneArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new DatabaseInstance(\"instance\", DatabaseInstanceArgs.builder()\n .name(\"sql-server\")\n .databaseVersion(\"SQLSERVER_2019_STANDARD\")\n .region(\"us-central1\")\n .rootPassword(\"root-password\")\n .deletionProtection(true)\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-custom-2-4096\")\n .ipConfiguration(DatabaseInstanceSettingsIpConfigurationArgs.builder()\n .authorizedNetworks( \n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.71.242.81\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.72.28.29\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.67.6.157\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.67.234.134\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.72.239.218\")\n .build())\n .build())\n .build())\n .build());\n\n var user = new User(\"user\", UserArgs.builder()\n .name(\"user\")\n .instance(instance.name())\n .password(\"password\")\n .build());\n\n var db = new Database(\"db\", DatabaseArgs.builder()\n .name(\"db\")\n .instance(instance.name())\n .build(), CustomResourceOptions.builder()\n .dependsOn(user)\n .build());\n\n var source = new ConnectionProfile(\"source\", ConnectionProfileArgs.builder()\n .displayName(\"SQL Server Source\")\n .location(\"us-central1\")\n .connectionProfileId(\"source-profile\")\n .sqlServerProfile(ConnectionProfileSqlServerProfileArgs.builder()\n .hostname(instance.publicIpAddress())\n .port(1433)\n .username(user.name())\n .password(user.password())\n .database(db.name())\n .build())\n .build());\n\n var destination = new ConnectionProfile(\"destination\", ConnectionProfileArgs.builder()\n .displayName(\"BigQuery Destination\")\n .location(\"us-central1\")\n .connectionProfileId(\"destination-profile\")\n .bigqueryProfile()\n .build());\n\n var default_ = new Stream(\"default\", StreamArgs.builder()\n .displayName(\"SQL Server to BigQuery\")\n .location(\"us-central1\")\n .streamId(\"stream\")\n .sourceConfig(StreamSourceConfigArgs.builder()\n .sourceConnectionProfile(source.id())\n .sqlServerSourceConfig(StreamSourceConfigSqlServerSourceConfigArgs.builder()\n .includeObjects(StreamSourceConfigSqlServerSourceConfigIncludeObjectsArgs.builder()\n .schemas(StreamSourceConfigSqlServerSourceConfigIncludeObjectsSchemaArgs.builder()\n .schema(\"schema\")\n .tables(StreamSourceConfigSqlServerSourceConfigIncludeObjectsSchemaTableArgs.builder()\n .table(\"table\")\n .build())\n .build())\n .build())\n .transactionLogs()\n .build())\n .build())\n .destinationConfig(StreamDestinationConfigArgs.builder()\n .destinationConnectionProfile(destination.id())\n .bigqueryDestinationConfig(StreamDestinationConfigBigqueryDestinationConfigArgs.builder()\n .dataFreshness(\"900s\")\n .sourceHierarchyDatasets(StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs.builder()\n .datasetTemplate(StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs.builder()\n .location(\"us-central1\")\n .build())\n .build())\n .build())\n .build())\n .backfillNone()\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:sql:DatabaseInstance\n properties:\n name: sql-server\n databaseVersion: SQLSERVER_2019_STANDARD\n region: us-central1\n rootPassword: root-password\n deletionProtection: true\n settings:\n tier: db-custom-2-4096\n ipConfiguration:\n authorizedNetworks:\n - value: 34.71.242.81\n - value: 34.72.28.29\n - value: 34.67.6.157\n - value: 34.67.234.134\n - value: 34.72.239.218\n db:\n type: gcp:sql:Database\n properties:\n name: db\n instance: ${instance.name}\n options:\n dependson:\n - ${user}\n user:\n type: gcp:sql:User\n properties:\n name: user\n instance: ${instance.name}\n password: password\n source:\n type: gcp:datastream:ConnectionProfile\n properties:\n displayName: SQL Server Source\n location: us-central1\n connectionProfileId: source-profile\n sqlServerProfile:\n hostname: ${instance.publicIpAddress}\n port: 1433\n username: ${user.name}\n password: ${user.password}\n database: ${db.name}\n destination:\n type: gcp:datastream:ConnectionProfile\n properties:\n displayName: BigQuery Destination\n location: us-central1\n connectionProfileId: destination-profile\n bigqueryProfile: {}\n default:\n type: gcp:datastream:Stream\n properties:\n displayName: SQL Server to BigQuery\n location: us-central1\n streamId: stream\n sourceConfig:\n sourceConnectionProfile: ${source.id}\n sqlServerSourceConfig:\n includeObjects:\n schemas:\n - schema: schema\n tables:\n - table: table\n transactionLogs: {}\n destinationConfig:\n destinationConnectionProfile: ${destination.id}\n bigqueryDestinationConfig:\n dataFreshness: 900s\n sourceHierarchyDatasets:\n datasetTemplate:\n location: us-central1\n backfillNone: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Datastream Stream Sql Server Change Tables\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.sql.DatabaseInstance(\"instance\", {\n name: \"sql-server\",\n databaseVersion: \"SQLSERVER_2019_STANDARD\",\n region: \"us-central1\",\n rootPassword: \"root-password\",\n deletionProtection: true,\n settings: {\n tier: \"db-custom-2-4096\",\n ipConfiguration: {\n authorizedNetworks: [\n {\n value: \"34.71.242.81\",\n },\n {\n value: \"34.72.28.29\",\n },\n {\n value: \"34.67.6.157\",\n },\n {\n value: \"34.67.234.134\",\n },\n {\n value: \"34.72.239.218\",\n },\n ],\n },\n },\n});\nconst user = new gcp.sql.User(\"user\", {\n name: \"user\",\n instance: instance.name,\n password: \"password\",\n});\nconst db = new gcp.sql.Database(\"db\", {\n name: \"db\",\n instance: instance.name,\n}, {\n dependsOn: [user],\n});\nconst source = new gcp.datastream.ConnectionProfile(\"source\", {\n displayName: \"SQL Server Source\",\n location: \"us-central1\",\n connectionProfileId: \"source-profile\",\n sqlServerProfile: {\n hostname: instance.publicIpAddress,\n port: 1433,\n username: user.name,\n password: user.password,\n database: db.name,\n },\n});\nconst destination = new gcp.datastream.ConnectionProfile(\"destination\", {\n displayName: \"BigQuery Destination\",\n location: \"us-central1\",\n connectionProfileId: \"destination-profile\",\n bigqueryProfile: {},\n});\nconst _default = new gcp.datastream.Stream(\"default\", {\n displayName: \"SQL Server to BigQuery\",\n location: \"us-central1\",\n streamId: \"stream\",\n sourceConfig: {\n sourceConnectionProfile: source.id,\n sqlServerSourceConfig: {\n includeObjects: {\n schemas: [{\n schema: \"schema\",\n tables: [{\n table: \"table\",\n }],\n }],\n },\n changeTables: {},\n },\n },\n destinationConfig: {\n destinationConnectionProfile: destination.id,\n bigqueryDestinationConfig: {\n dataFreshness: \"900s\",\n sourceHierarchyDatasets: {\n datasetTemplate: {\n location: \"us-central1\",\n },\n },\n },\n },\n backfillNone: {},\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.sql.DatabaseInstance(\"instance\",\n name=\"sql-server\",\n database_version=\"SQLSERVER_2019_STANDARD\",\n region=\"us-central1\",\n root_password=\"root-password\",\n deletion_protection=True,\n settings={\n \"tier\": \"db-custom-2-4096\",\n \"ip_configuration\": {\n \"authorized_networks\": [\n {\n \"value\": \"34.71.242.81\",\n },\n {\n \"value\": \"34.72.28.29\",\n },\n {\n \"value\": \"34.67.6.157\",\n },\n {\n \"value\": \"34.67.234.134\",\n },\n {\n \"value\": \"34.72.239.218\",\n },\n ],\n },\n })\nuser = gcp.sql.User(\"user\",\n name=\"user\",\n instance=instance.name,\n password=\"password\")\ndb = gcp.sql.Database(\"db\",\n name=\"db\",\n instance=instance.name,\n opts = pulumi.ResourceOptions(depends_on=[user]))\nsource = gcp.datastream.ConnectionProfile(\"source\",\n display_name=\"SQL Server Source\",\n location=\"us-central1\",\n connection_profile_id=\"source-profile\",\n sql_server_profile={\n \"hostname\": instance.public_ip_address,\n \"port\": 1433,\n \"username\": user.name,\n \"password\": user.password,\n \"database\": db.name,\n })\ndestination = gcp.datastream.ConnectionProfile(\"destination\",\n display_name=\"BigQuery Destination\",\n location=\"us-central1\",\n connection_profile_id=\"destination-profile\",\n bigquery_profile={})\ndefault = gcp.datastream.Stream(\"default\",\n display_name=\"SQL Server to BigQuery\",\n location=\"us-central1\",\n stream_id=\"stream\",\n source_config={\n \"source_connection_profile\": source.id,\n \"sql_server_source_config\": {\n \"include_objects\": {\n \"schemas\": [{\n \"schema\": \"schema\",\n \"tables\": [{\n \"table\": \"table\",\n }],\n }],\n },\n \"change_tables\": {},\n },\n },\n destination_config={\n \"destination_connection_profile\": destination.id,\n \"bigquery_destination_config\": {\n \"data_freshness\": \"900s\",\n \"source_hierarchy_datasets\": {\n \"dataset_template\": {\n \"location\": \"us-central1\",\n },\n },\n },\n },\n backfill_none={})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Sql.DatabaseInstance(\"instance\", new()\n {\n Name = \"sql-server\",\n DatabaseVersion = \"SQLSERVER_2019_STANDARD\",\n Region = \"us-central1\",\n RootPassword = \"root-password\",\n DeletionProtection = true,\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-custom-2-4096\",\n IpConfiguration = new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationArgs\n {\n AuthorizedNetworks = new[]\n {\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.71.242.81\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.72.28.29\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.67.6.157\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.67.234.134\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.72.239.218\",\n },\n },\n },\n },\n });\n\n var user = new Gcp.Sql.User(\"user\", new()\n {\n Name = \"user\",\n Instance = instance.Name,\n Password = \"password\",\n });\n\n var db = new Gcp.Sql.Database(\"db\", new()\n {\n Name = \"db\",\n Instance = instance.Name,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n user,\n },\n });\n\n var source = new Gcp.Datastream.ConnectionProfile(\"source\", new()\n {\n DisplayName = \"SQL Server Source\",\n Location = \"us-central1\",\n ConnectionProfileId = \"source-profile\",\n SqlServerProfile = new Gcp.Datastream.Inputs.ConnectionProfileSqlServerProfileArgs\n {\n Hostname = instance.PublicIpAddress,\n Port = 1433,\n Username = user.Name,\n Password = user.Password,\n Database = db.Name,\n },\n });\n\n var destination = new Gcp.Datastream.ConnectionProfile(\"destination\", new()\n {\n DisplayName = \"BigQuery Destination\",\n Location = \"us-central1\",\n ConnectionProfileId = \"destination-profile\",\n BigqueryProfile = null,\n });\n\n var @default = new Gcp.Datastream.Stream(\"default\", new()\n {\n DisplayName = \"SQL Server to BigQuery\",\n Location = \"us-central1\",\n StreamId = \"stream\",\n SourceConfig = new Gcp.Datastream.Inputs.StreamSourceConfigArgs\n {\n SourceConnectionProfile = source.Id,\n SqlServerSourceConfig = new Gcp.Datastream.Inputs.StreamSourceConfigSqlServerSourceConfigArgs\n {\n IncludeObjects = new Gcp.Datastream.Inputs.StreamSourceConfigSqlServerSourceConfigIncludeObjectsArgs\n {\n Schemas = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigSqlServerSourceConfigIncludeObjectsSchemaArgs\n {\n Schema = \"schema\",\n Tables = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigSqlServerSourceConfigIncludeObjectsSchemaTableArgs\n {\n Table = \"table\",\n },\n },\n },\n },\n },\n ChangeTables = null,\n },\n },\n DestinationConfig = new Gcp.Datastream.Inputs.StreamDestinationConfigArgs\n {\n DestinationConnectionProfile = destination.Id,\n BigqueryDestinationConfig = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigArgs\n {\n DataFreshness = \"900s\",\n SourceHierarchyDatasets = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs\n {\n DatasetTemplate = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs\n {\n Location = \"us-central1\",\n },\n },\n },\n },\n BackfillNone = null,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datastream\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinstance, err := sql.NewDatabaseInstance(ctx, \"instance\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"sql-server\"),\n\t\t\tDatabaseVersion: pulumi.String(\"SQLSERVER_2019_STANDARD\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tRootPassword: pulumi.String(\"root-password\"),\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-custom-2-4096\"),\n\t\t\t\tIpConfiguration: \u0026sql.DatabaseInstanceSettingsIpConfigurationArgs{\n\t\t\t\t\tAuthorizedNetworks: sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArray{\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.71.242.81\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.72.28.29\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.67.6.157\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.67.234.134\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.72.239.218\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := sql.NewUser(ctx, \"user\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"user\"),\n\t\t\tInstance: instance.Name,\n\t\t\tPassword: pulumi.String(\"password\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdb, err := sql.NewDatabase(ctx, \"db\", \u0026sql.DatabaseArgs{\n\t\t\tName: pulumi.String(\"db\"),\n\t\t\tInstance: instance.Name,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tuser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsource, err := datastream.NewConnectionProfile(ctx, \"source\", \u0026datastream.ConnectionProfileArgs{\n\t\t\tDisplayName: pulumi.String(\"SQL Server Source\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"source-profile\"),\n\t\t\tSqlServerProfile: \u0026datastream.ConnectionProfileSqlServerProfileArgs{\n\t\t\t\tHostname: instance.PublicIpAddress,\n\t\t\t\tPort: pulumi.Int(1433),\n\t\t\t\tUsername: user.Name,\n\t\t\t\tPassword: user.Password,\n\t\t\t\tDatabase: db.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestination, err := datastream.NewConnectionProfile(ctx, \"destination\", \u0026datastream.ConnectionProfileArgs{\n\t\t\tDisplayName: pulumi.String(\"BigQuery Destination\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"destination-profile\"),\n\t\t\tBigqueryProfile: \u0026datastream.ConnectionProfileBigqueryProfileArgs{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datastream.NewStream(ctx, \"default\", \u0026datastream.StreamArgs{\n\t\t\tDisplayName: pulumi.String(\"SQL Server to BigQuery\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tStreamId: pulumi.String(\"stream\"),\n\t\t\tSourceConfig: \u0026datastream.StreamSourceConfigArgs{\n\t\t\t\tSourceConnectionProfile: source.ID(),\n\t\t\t\tSqlServerSourceConfig: \u0026datastream.StreamSourceConfigSqlServerSourceConfigArgs{\n\t\t\t\t\tIncludeObjects: \u0026datastream.StreamSourceConfigSqlServerSourceConfigIncludeObjectsArgs{\n\t\t\t\t\t\tSchemas: datastream.StreamSourceConfigSqlServerSourceConfigIncludeObjectsSchemaArray{\n\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigSqlServerSourceConfigIncludeObjectsSchemaArgs{\n\t\t\t\t\t\t\t\tSchema: pulumi.String(\"schema\"),\n\t\t\t\t\t\t\t\tTables: datastream.StreamSourceConfigSqlServerSourceConfigIncludeObjectsSchemaTableArray{\n\t\t\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigSqlServerSourceConfigIncludeObjectsSchemaTableArgs{\n\t\t\t\t\t\t\t\t\t\tTable: pulumi.String(\"table\"),\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tChangeTables: \u0026datastream.StreamSourceConfigSqlServerSourceConfigChangeTablesArgs{},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDestinationConfig: \u0026datastream.StreamDestinationConfigArgs{\n\t\t\t\tDestinationConnectionProfile: destination.ID(),\n\t\t\t\tBigqueryDestinationConfig: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigArgs{\n\t\t\t\t\tDataFreshness: pulumi.String(\"900s\"),\n\t\t\t\t\tSourceHierarchyDatasets: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs{\n\t\t\t\t\t\tDatasetTemplate: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs{\n\t\t\t\t\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tBackfillNone: \u0026datastream.StreamBackfillNoneArgs{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsIpConfigurationArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport com.pulumi.gcp.sql.Database;\nimport com.pulumi.gcp.sql.DatabaseArgs;\nimport com.pulumi.gcp.datastream.ConnectionProfile;\nimport com.pulumi.gcp.datastream.ConnectionProfileArgs;\nimport com.pulumi.gcp.datastream.inputs.ConnectionProfileSqlServerProfileArgs;\nimport com.pulumi.gcp.datastream.inputs.ConnectionProfileBigqueryProfileArgs;\nimport com.pulumi.gcp.datastream.Stream;\nimport com.pulumi.gcp.datastream.StreamArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigSqlServerSourceConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigSqlServerSourceConfigIncludeObjectsArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigSqlServerSourceConfigChangeTablesArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamBackfillNoneArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new DatabaseInstance(\"instance\", DatabaseInstanceArgs.builder()\n .name(\"sql-server\")\n .databaseVersion(\"SQLSERVER_2019_STANDARD\")\n .region(\"us-central1\")\n .rootPassword(\"root-password\")\n .deletionProtection(true)\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-custom-2-4096\")\n .ipConfiguration(DatabaseInstanceSettingsIpConfigurationArgs.builder()\n .authorizedNetworks( \n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.71.242.81\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.72.28.29\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.67.6.157\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.67.234.134\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.72.239.218\")\n .build())\n .build())\n .build())\n .build());\n\n var user = new User(\"user\", UserArgs.builder()\n .name(\"user\")\n .instance(instance.name())\n .password(\"password\")\n .build());\n\n var db = new Database(\"db\", DatabaseArgs.builder()\n .name(\"db\")\n .instance(instance.name())\n .build(), CustomResourceOptions.builder()\n .dependsOn(user)\n .build());\n\n var source = new ConnectionProfile(\"source\", ConnectionProfileArgs.builder()\n .displayName(\"SQL Server Source\")\n .location(\"us-central1\")\n .connectionProfileId(\"source-profile\")\n .sqlServerProfile(ConnectionProfileSqlServerProfileArgs.builder()\n .hostname(instance.publicIpAddress())\n .port(1433)\n .username(user.name())\n .password(user.password())\n .database(db.name())\n .build())\n .build());\n\n var destination = new ConnectionProfile(\"destination\", ConnectionProfileArgs.builder()\n .displayName(\"BigQuery Destination\")\n .location(\"us-central1\")\n .connectionProfileId(\"destination-profile\")\n .bigqueryProfile()\n .build());\n\n var default_ = new Stream(\"default\", StreamArgs.builder()\n .displayName(\"SQL Server to BigQuery\")\n .location(\"us-central1\")\n .streamId(\"stream\")\n .sourceConfig(StreamSourceConfigArgs.builder()\n .sourceConnectionProfile(source.id())\n .sqlServerSourceConfig(StreamSourceConfigSqlServerSourceConfigArgs.builder()\n .includeObjects(StreamSourceConfigSqlServerSourceConfigIncludeObjectsArgs.builder()\n .schemas(StreamSourceConfigSqlServerSourceConfigIncludeObjectsSchemaArgs.builder()\n .schema(\"schema\")\n .tables(StreamSourceConfigSqlServerSourceConfigIncludeObjectsSchemaTableArgs.builder()\n .table(\"table\")\n .build())\n .build())\n .build())\n .changeTables()\n .build())\n .build())\n .destinationConfig(StreamDestinationConfigArgs.builder()\n .destinationConnectionProfile(destination.id())\n .bigqueryDestinationConfig(StreamDestinationConfigBigqueryDestinationConfigArgs.builder()\n .dataFreshness(\"900s\")\n .sourceHierarchyDatasets(StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs.builder()\n .datasetTemplate(StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs.builder()\n .location(\"us-central1\")\n .build())\n .build())\n .build())\n .build())\n .backfillNone()\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:sql:DatabaseInstance\n properties:\n name: sql-server\n databaseVersion: SQLSERVER_2019_STANDARD\n region: us-central1\n rootPassword: root-password\n deletionProtection: true\n settings:\n tier: db-custom-2-4096\n ipConfiguration:\n authorizedNetworks:\n - value: 34.71.242.81\n - value: 34.72.28.29\n - value: 34.67.6.157\n - value: 34.67.234.134\n - value: 34.72.239.218\n db:\n type: gcp:sql:Database\n properties:\n name: db\n instance: ${instance.name}\n options:\n dependson:\n - ${user}\n user:\n type: gcp:sql:User\n properties:\n name: user\n instance: ${instance.name}\n password: password\n source:\n type: gcp:datastream:ConnectionProfile\n properties:\n displayName: SQL Server Source\n location: us-central1\n connectionProfileId: source-profile\n sqlServerProfile:\n hostname: ${instance.publicIpAddress}\n port: 1433\n username: ${user.name}\n password: ${user.password}\n database: ${db.name}\n destination:\n type: gcp:datastream:ConnectionProfile\n properties:\n displayName: BigQuery Destination\n location: us-central1\n connectionProfileId: destination-profile\n bigqueryProfile: {}\n default:\n type: gcp:datastream:Stream\n properties:\n displayName: SQL Server to BigQuery\n location: us-central1\n streamId: stream\n sourceConfig:\n sourceConnectionProfile: ${source.id}\n sqlServerSourceConfig:\n includeObjects:\n schemas:\n - schema: schema\n tables:\n - table: table\n changeTables: {}\n destinationConfig:\n destinationConnectionProfile: ${destination.id}\n bigqueryDestinationConfig:\n dataFreshness: 900s\n sourceHierarchyDatasets:\n datasetTemplate:\n location: us-central1\n backfillNone: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Datastream Stream Postgresql Bigquery Dataset Id\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as random from \"@pulumi/random\";\n\nconst postgres = new gcp.bigquery.Dataset(\"postgres\", {\n datasetId: \"postgres\",\n friendlyName: \"postgres\",\n description: \"Database of postgres\",\n location: \"us-central1\",\n});\nconst destinationConnectionProfile2 = new gcp.datastream.ConnectionProfile(\"destination_connection_profile2\", {\n displayName: \"Connection profile\",\n location: \"us-central1\",\n connectionProfileId: \"dest-profile\",\n bigqueryProfile: {},\n});\nconst instance = new gcp.sql.DatabaseInstance(\"instance\", {\n name: \"instance-name\",\n databaseVersion: \"MYSQL_8_0\",\n region: \"us-central1\",\n settings: {\n tier: \"db-f1-micro\",\n backupConfiguration: {\n enabled: true,\n binaryLogEnabled: true,\n },\n ipConfiguration: {\n authorizedNetworks: [\n {\n value: \"34.71.242.81\",\n },\n {\n value: \"34.72.28.29\",\n },\n {\n value: \"34.67.6.157\",\n },\n {\n value: \"34.67.234.134\",\n },\n {\n value: \"34.72.239.218\",\n },\n ],\n },\n },\n deletionProtection: false,\n});\nconst pwd = new random.RandomPassword(\"pwd\", {\n length: 16,\n special: false,\n});\nconst user = new gcp.sql.User(\"user\", {\n name: \"my-user\",\n instance: instance.name,\n host: \"%\",\n password: pwd.result,\n});\nconst sourceConnectionProfile = new gcp.datastream.ConnectionProfile(\"source_connection_profile\", {\n displayName: \"Source connection profile\",\n location: \"us-central1\",\n connectionProfileId: \"source-profile\",\n mysqlProfile: {\n hostname: instance.publicIpAddress,\n username: user.name,\n password: user.password,\n },\n});\nconst _default = new gcp.datastream.Stream(\"default\", {\n displayName: \"postgres to bigQuery\",\n location: \"us-central1\",\n streamId: \"postgres-bigquery\",\n sourceConfig: {\n sourceConnectionProfile: sourceConnectionProfile.id,\n mysqlSourceConfig: {},\n },\n destinationConfig: {\n destinationConnectionProfile: destinationConnectionProfile2.id,\n bigqueryDestinationConfig: {\n dataFreshness: \"900s\",\n singleTargetDataset: {\n datasetId: postgres.id,\n },\n },\n },\n backfillAll: {},\n});\nconst db = new gcp.sql.Database(\"db\", {\n instance: instance.name,\n name: \"db\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_random as random\n\npostgres = gcp.bigquery.Dataset(\"postgres\",\n dataset_id=\"postgres\",\n friendly_name=\"postgres\",\n description=\"Database of postgres\",\n location=\"us-central1\")\ndestination_connection_profile2 = gcp.datastream.ConnectionProfile(\"destination_connection_profile2\",\n display_name=\"Connection profile\",\n location=\"us-central1\",\n connection_profile_id=\"dest-profile\",\n bigquery_profile={})\ninstance = gcp.sql.DatabaseInstance(\"instance\",\n name=\"instance-name\",\n database_version=\"MYSQL_8_0\",\n region=\"us-central1\",\n settings={\n \"tier\": \"db-f1-micro\",\n \"backup_configuration\": {\n \"enabled\": True,\n \"binary_log_enabled\": True,\n },\n \"ip_configuration\": {\n \"authorized_networks\": [\n {\n \"value\": \"34.71.242.81\",\n },\n {\n \"value\": \"34.72.28.29\",\n },\n {\n \"value\": \"34.67.6.157\",\n },\n {\n \"value\": \"34.67.234.134\",\n },\n {\n \"value\": \"34.72.239.218\",\n },\n ],\n },\n },\n deletion_protection=False)\npwd = random.RandomPassword(\"pwd\",\n length=16,\n special=False)\nuser = gcp.sql.User(\"user\",\n name=\"my-user\",\n instance=instance.name,\n host=\"%\",\n password=pwd.result)\nsource_connection_profile = gcp.datastream.ConnectionProfile(\"source_connection_profile\",\n display_name=\"Source connection profile\",\n location=\"us-central1\",\n connection_profile_id=\"source-profile\",\n mysql_profile={\n \"hostname\": instance.public_ip_address,\n \"username\": user.name,\n \"password\": user.password,\n })\ndefault = gcp.datastream.Stream(\"default\",\n display_name=\"postgres to bigQuery\",\n location=\"us-central1\",\n stream_id=\"postgres-bigquery\",\n source_config={\n \"source_connection_profile\": source_connection_profile.id,\n \"mysql_source_config\": {},\n },\n destination_config={\n \"destination_connection_profile\": destination_connection_profile2.id,\n \"bigquery_destination_config\": {\n \"data_freshness\": \"900s\",\n \"single_target_dataset\": {\n \"dataset_id\": postgres.id,\n },\n },\n },\n backfill_all={})\ndb = gcp.sql.Database(\"db\",\n instance=instance.name,\n name=\"db\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Random = Pulumi.Random;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var postgres = new Gcp.BigQuery.Dataset(\"postgres\", new()\n {\n DatasetId = \"postgres\",\n FriendlyName = \"postgres\",\n Description = \"Database of postgres\",\n Location = \"us-central1\",\n });\n\n var destinationConnectionProfile2 = new Gcp.Datastream.ConnectionProfile(\"destination_connection_profile2\", new()\n {\n DisplayName = \"Connection profile\",\n Location = \"us-central1\",\n ConnectionProfileId = \"dest-profile\",\n BigqueryProfile = null,\n });\n\n var instance = new Gcp.Sql.DatabaseInstance(\"instance\", new()\n {\n Name = \"instance-name\",\n DatabaseVersion = \"MYSQL_8_0\",\n Region = \"us-central1\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n BackupConfiguration = new Gcp.Sql.Inputs.DatabaseInstanceSettingsBackupConfigurationArgs\n {\n Enabled = true,\n BinaryLogEnabled = true,\n },\n IpConfiguration = new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationArgs\n {\n AuthorizedNetworks = new[]\n {\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.71.242.81\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.72.28.29\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.67.6.157\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.67.234.134\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.72.239.218\",\n },\n },\n },\n },\n DeletionProtection = false,\n });\n\n var pwd = new Random.RandomPassword(\"pwd\", new()\n {\n Length = 16,\n Special = false,\n });\n\n var user = new Gcp.Sql.User(\"user\", new()\n {\n Name = \"my-user\",\n Instance = instance.Name,\n Host = \"%\",\n Password = pwd.Result,\n });\n\n var sourceConnectionProfile = new Gcp.Datastream.ConnectionProfile(\"source_connection_profile\", new()\n {\n DisplayName = \"Source connection profile\",\n Location = \"us-central1\",\n ConnectionProfileId = \"source-profile\",\n MysqlProfile = new Gcp.Datastream.Inputs.ConnectionProfileMysqlProfileArgs\n {\n Hostname = instance.PublicIpAddress,\n Username = user.Name,\n Password = user.Password,\n },\n });\n\n var @default = new Gcp.Datastream.Stream(\"default\", new()\n {\n DisplayName = \"postgres to bigQuery\",\n Location = \"us-central1\",\n StreamId = \"postgres-bigquery\",\n SourceConfig = new Gcp.Datastream.Inputs.StreamSourceConfigArgs\n {\n SourceConnectionProfile = sourceConnectionProfile.Id,\n MysqlSourceConfig = null,\n },\n DestinationConfig = new Gcp.Datastream.Inputs.StreamDestinationConfigArgs\n {\n DestinationConnectionProfile = destinationConnectionProfile2.Id,\n BigqueryDestinationConfig = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigArgs\n {\n DataFreshness = \"900s\",\n SingleTargetDataset = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigSingleTargetDatasetArgs\n {\n DatasetId = postgres.Id,\n },\n },\n },\n BackfillAll = null,\n });\n\n var db = new Gcp.Sql.Database(\"db\", new()\n {\n Instance = instance.Name,\n Name = \"db\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datastream\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi-random/sdk/v4/go/random\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpostgres, err := bigquery.NewDataset(ctx, \"postgres\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"postgres\"),\n\t\t\tFriendlyName: pulumi.String(\"postgres\"),\n\t\t\tDescription: pulumi.String(\"Database of postgres\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestinationConnectionProfile2, err := datastream.NewConnectionProfile(ctx, \"destination_connection_profile2\", \u0026datastream.ConnectionProfileArgs{\n\t\t\tDisplayName: pulumi.String(\"Connection profile\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"dest-profile\"),\n\t\t\tBigqueryProfile: \u0026datastream.ConnectionProfileBigqueryProfileArgs{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstance, err := sql.NewDatabaseInstance(ctx, \"instance\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"instance-name\"),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_8_0\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t\tBackupConfiguration: \u0026sql.DatabaseInstanceSettingsBackupConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tBinaryLogEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tIpConfiguration: \u0026sql.DatabaseInstanceSettingsIpConfigurationArgs{\n\t\t\t\t\tAuthorizedNetworks: sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArray{\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.71.242.81\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.72.28.29\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.67.6.157\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.67.234.134\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.72.239.218\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpwd, err := random.NewRandomPassword(ctx, \"pwd\", \u0026random.RandomPasswordArgs{\n\t\t\tLength: pulumi.Int(16),\n\t\t\tSpecial: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := sql.NewUser(ctx, \"user\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"my-user\"),\n\t\t\tInstance: instance.Name,\n\t\t\tHost: pulumi.String(\"%\"),\n\t\t\tPassword: pwd.Result,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceConnectionProfile, err := datastream.NewConnectionProfile(ctx, \"source_connection_profile\", \u0026datastream.ConnectionProfileArgs{\n\t\t\tDisplayName: pulumi.String(\"Source connection profile\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"source-profile\"),\n\t\t\tMysqlProfile: \u0026datastream.ConnectionProfileMysqlProfileArgs{\n\t\t\t\tHostname: instance.PublicIpAddress,\n\t\t\t\tUsername: user.Name,\n\t\t\t\tPassword: user.Password,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datastream.NewStream(ctx, \"default\", \u0026datastream.StreamArgs{\n\t\t\tDisplayName: pulumi.String(\"postgres to bigQuery\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tStreamId: pulumi.String(\"postgres-bigquery\"),\n\t\t\tSourceConfig: \u0026datastream.StreamSourceConfigArgs{\n\t\t\t\tSourceConnectionProfile: sourceConnectionProfile.ID(),\n\t\t\t\tMysqlSourceConfig: \u0026datastream.StreamSourceConfigMysqlSourceConfigArgs{},\n\t\t\t},\n\t\t\tDestinationConfig: \u0026datastream.StreamDestinationConfigArgs{\n\t\t\t\tDestinationConnectionProfile: destinationConnectionProfile2.ID(),\n\t\t\t\tBigqueryDestinationConfig: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigArgs{\n\t\t\t\t\tDataFreshness: pulumi.String(\"900s\"),\n\t\t\t\t\tSingleTargetDataset: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigSingleTargetDatasetArgs{\n\t\t\t\t\t\tDatasetId: postgres.ID(),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tBackfillAll: \u0026datastream.StreamBackfillAllArgs{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sql.NewDatabase(ctx, \"db\", \u0026sql.DatabaseArgs{\n\t\t\tInstance: instance.Name,\n\t\t\tName: pulumi.String(\"db\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.datastream.ConnectionProfile;\nimport com.pulumi.gcp.datastream.ConnectionProfileArgs;\nimport com.pulumi.gcp.datastream.inputs.ConnectionProfileBigqueryProfileArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsBackupConfigurationArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsIpConfigurationArgs;\nimport com.pulumi.random.RandomPassword;\nimport com.pulumi.random.RandomPasswordArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport com.pulumi.gcp.datastream.inputs.ConnectionProfileMysqlProfileArgs;\nimport com.pulumi.gcp.datastream.Stream;\nimport com.pulumi.gcp.datastream.StreamArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigMysqlSourceConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigSingleTargetDatasetArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamBackfillAllArgs;\nimport com.pulumi.gcp.sql.Database;\nimport com.pulumi.gcp.sql.DatabaseArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var postgres = new Dataset(\"postgres\", DatasetArgs.builder()\n .datasetId(\"postgres\")\n .friendlyName(\"postgres\")\n .description(\"Database of postgres\")\n .location(\"us-central1\")\n .build());\n\n var destinationConnectionProfile2 = new ConnectionProfile(\"destinationConnectionProfile2\", ConnectionProfileArgs.builder()\n .displayName(\"Connection profile\")\n .location(\"us-central1\")\n .connectionProfileId(\"dest-profile\")\n .bigqueryProfile()\n .build());\n\n var instance = new DatabaseInstance(\"instance\", DatabaseInstanceArgs.builder()\n .name(\"instance-name\")\n .databaseVersion(\"MYSQL_8_0\")\n .region(\"us-central1\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .backupConfiguration(DatabaseInstanceSettingsBackupConfigurationArgs.builder()\n .enabled(true)\n .binaryLogEnabled(true)\n .build())\n .ipConfiguration(DatabaseInstanceSettingsIpConfigurationArgs.builder()\n .authorizedNetworks( \n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.71.242.81\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.72.28.29\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.67.6.157\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.67.234.134\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.72.239.218\")\n .build())\n .build())\n .build())\n .deletionProtection(false)\n .build());\n\n var pwd = new RandomPassword(\"pwd\", RandomPasswordArgs.builder()\n .length(16)\n .special(false)\n .build());\n\n var user = new User(\"user\", UserArgs.builder()\n .name(\"my-user\")\n .instance(instance.name())\n .host(\"%\")\n .password(pwd.result())\n .build());\n\n var sourceConnectionProfile = new ConnectionProfile(\"sourceConnectionProfile\", ConnectionProfileArgs.builder()\n .displayName(\"Source connection profile\")\n .location(\"us-central1\")\n .connectionProfileId(\"source-profile\")\n .mysqlProfile(ConnectionProfileMysqlProfileArgs.builder()\n .hostname(instance.publicIpAddress())\n .username(user.name())\n .password(user.password())\n .build())\n .build());\n\n var default_ = new Stream(\"default\", StreamArgs.builder()\n .displayName(\"postgres to bigQuery\")\n .location(\"us-central1\")\n .streamId(\"postgres-bigquery\")\n .sourceConfig(StreamSourceConfigArgs.builder()\n .sourceConnectionProfile(sourceConnectionProfile.id())\n .mysqlSourceConfig()\n .build())\n .destinationConfig(StreamDestinationConfigArgs.builder()\n .destinationConnectionProfile(destinationConnectionProfile2.id())\n .bigqueryDestinationConfig(StreamDestinationConfigBigqueryDestinationConfigArgs.builder()\n .dataFreshness(\"900s\")\n .singleTargetDataset(StreamDestinationConfigBigqueryDestinationConfigSingleTargetDatasetArgs.builder()\n .datasetId(postgres.id())\n .build())\n .build())\n .build())\n .backfillAll()\n .build());\n\n var db = new Database(\"db\", DatabaseArgs.builder()\n .instance(instance.name())\n .name(\"db\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n postgres:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: postgres\n friendlyName: postgres\n description: Database of postgres\n location: us-central1\n default:\n type: gcp:datastream:Stream\n properties:\n displayName: postgres to bigQuery\n location: us-central1\n streamId: postgres-bigquery\n sourceConfig:\n sourceConnectionProfile: ${sourceConnectionProfile.id}\n mysqlSourceConfig: {}\n destinationConfig:\n destinationConnectionProfile: ${destinationConnectionProfile2.id}\n bigqueryDestinationConfig:\n dataFreshness: 900s\n singleTargetDataset:\n datasetId: ${postgres.id}\n backfillAll: {}\n destinationConnectionProfile2:\n type: gcp:datastream:ConnectionProfile\n name: destination_connection_profile2\n properties:\n displayName: Connection profile\n location: us-central1\n connectionProfileId: dest-profile\n bigqueryProfile: {}\n instance:\n type: gcp:sql:DatabaseInstance\n properties:\n name: instance-name\n databaseVersion: MYSQL_8_0\n region: us-central1\n settings:\n tier: db-f1-micro\n backupConfiguration:\n enabled: true\n binaryLogEnabled: true\n ipConfiguration:\n authorizedNetworks:\n - value: 34.71.242.81\n - value: 34.72.28.29\n - value: 34.67.6.157\n - value: 34.67.234.134\n - value: 34.72.239.218\n deletionProtection: false\n db:\n type: gcp:sql:Database\n properties:\n instance: ${instance.name}\n name: db\n pwd:\n type: random:RandomPassword\n properties:\n length: 16\n special: false\n user:\n type: gcp:sql:User\n properties:\n name: my-user\n instance: ${instance.name}\n host: '%'\n password: ${pwd.result}\n sourceConnectionProfile:\n type: gcp:datastream:ConnectionProfile\n name: source_connection_profile\n properties:\n displayName: Source connection profile\n location: us-central1\n connectionProfileId: source-profile\n mysqlProfile:\n hostname: ${instance.publicIpAddress}\n username: ${user.name}\n password: ${user.password}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Datastream Stream Bigquery\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as random from \"@pulumi/random\";\n\nconst project = gcp.organizations.getProject({});\nconst instance = new gcp.sql.DatabaseInstance(\"instance\", {\n name: \"my-instance\",\n databaseVersion: \"MYSQL_8_0\",\n region: \"us-central1\",\n settings: {\n tier: \"db-f1-micro\",\n backupConfiguration: {\n enabled: true,\n binaryLogEnabled: true,\n },\n ipConfiguration: {\n authorizedNetworks: [\n {\n value: \"34.71.242.81\",\n },\n {\n value: \"34.72.28.29\",\n },\n {\n value: \"34.67.6.157\",\n },\n {\n value: \"34.67.234.134\",\n },\n {\n value: \"34.72.239.218\",\n },\n ],\n },\n },\n deletionProtection: true,\n});\nconst db = new gcp.sql.Database(\"db\", {\n instance: instance.name,\n name: \"db\",\n});\nconst pwd = new random.RandomPassword(\"pwd\", {\n length: 16,\n special: false,\n});\nconst user = new gcp.sql.User(\"user\", {\n name: \"user\",\n instance: instance.name,\n host: \"%\",\n password: pwd.result,\n});\nconst sourceConnectionProfile = new gcp.datastream.ConnectionProfile(\"source_connection_profile\", {\n displayName: \"Source connection profile\",\n location: \"us-central1\",\n connectionProfileId: \"source-profile\",\n mysqlProfile: {\n hostname: instance.publicIpAddress,\n username: user.name,\n password: user.password,\n },\n});\nconst bqSa = gcp.bigquery.getDefaultServiceAccount({});\nconst bigqueryKeyUser = new gcp.kms.CryptoKeyIAMMember(\"bigquery_key_user\", {\n cryptoKeyId: \"bigquery-kms-name\",\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: bqSa.then(bqSa =\u003e `serviceAccount:${bqSa.email}`),\n});\nconst destinationConnectionProfile = new gcp.datastream.ConnectionProfile(\"destination_connection_profile\", {\n displayName: \"Connection profile\",\n location: \"us-central1\",\n connectionProfileId: \"destination-profile\",\n bigqueryProfile: {},\n});\nconst _default = new gcp.datastream.Stream(\"default\", {\n streamId: \"my-stream\",\n location: \"us-central1\",\n displayName: \"my stream\",\n sourceConfig: {\n sourceConnectionProfile: sourceConnectionProfile.id,\n mysqlSourceConfig: {},\n },\n destinationConfig: {\n destinationConnectionProfile: destinationConnectionProfile.id,\n bigqueryDestinationConfig: {\n sourceHierarchyDatasets: {\n datasetTemplate: {\n location: \"us-central1\",\n kmsKeyName: \"bigquery-kms-name\",\n },\n },\n },\n },\n backfillNone: {},\n}, {\n dependsOn: [bigqueryKeyUser],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_random as random\n\nproject = gcp.organizations.get_project()\ninstance = gcp.sql.DatabaseInstance(\"instance\",\n name=\"my-instance\",\n database_version=\"MYSQL_8_0\",\n region=\"us-central1\",\n settings={\n \"tier\": \"db-f1-micro\",\n \"backup_configuration\": {\n \"enabled\": True,\n \"binary_log_enabled\": True,\n },\n \"ip_configuration\": {\n \"authorized_networks\": [\n {\n \"value\": \"34.71.242.81\",\n },\n {\n \"value\": \"34.72.28.29\",\n },\n {\n \"value\": \"34.67.6.157\",\n },\n {\n \"value\": \"34.67.234.134\",\n },\n {\n \"value\": \"34.72.239.218\",\n },\n ],\n },\n },\n deletion_protection=True)\ndb = gcp.sql.Database(\"db\",\n instance=instance.name,\n name=\"db\")\npwd = random.RandomPassword(\"pwd\",\n length=16,\n special=False)\nuser = gcp.sql.User(\"user\",\n name=\"user\",\n instance=instance.name,\n host=\"%\",\n password=pwd.result)\nsource_connection_profile = gcp.datastream.ConnectionProfile(\"source_connection_profile\",\n display_name=\"Source connection profile\",\n location=\"us-central1\",\n connection_profile_id=\"source-profile\",\n mysql_profile={\n \"hostname\": instance.public_ip_address,\n \"username\": user.name,\n \"password\": user.password,\n })\nbq_sa = gcp.bigquery.get_default_service_account()\nbigquery_key_user = gcp.kms.CryptoKeyIAMMember(\"bigquery_key_user\",\n crypto_key_id=\"bigquery-kms-name\",\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:{bq_sa.email}\")\ndestination_connection_profile = gcp.datastream.ConnectionProfile(\"destination_connection_profile\",\n display_name=\"Connection profile\",\n location=\"us-central1\",\n connection_profile_id=\"destination-profile\",\n bigquery_profile={})\ndefault = gcp.datastream.Stream(\"default\",\n stream_id=\"my-stream\",\n location=\"us-central1\",\n display_name=\"my stream\",\n source_config={\n \"source_connection_profile\": source_connection_profile.id,\n \"mysql_source_config\": {},\n },\n destination_config={\n \"destination_connection_profile\": destination_connection_profile.id,\n \"bigquery_destination_config\": {\n \"source_hierarchy_datasets\": {\n \"dataset_template\": {\n \"location\": \"us-central1\",\n \"kms_key_name\": \"bigquery-kms-name\",\n },\n },\n },\n },\n backfill_none={},\n opts = pulumi.ResourceOptions(depends_on=[bigquery_key_user]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Random = Pulumi.Random;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var instance = new Gcp.Sql.DatabaseInstance(\"instance\", new()\n {\n Name = \"my-instance\",\n DatabaseVersion = \"MYSQL_8_0\",\n Region = \"us-central1\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n BackupConfiguration = new Gcp.Sql.Inputs.DatabaseInstanceSettingsBackupConfigurationArgs\n {\n Enabled = true,\n BinaryLogEnabled = true,\n },\n IpConfiguration = new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationArgs\n {\n AuthorizedNetworks = new[]\n {\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.71.242.81\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.72.28.29\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.67.6.157\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.67.234.134\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.72.239.218\",\n },\n },\n },\n },\n DeletionProtection = true,\n });\n\n var db = new Gcp.Sql.Database(\"db\", new()\n {\n Instance = instance.Name,\n Name = \"db\",\n });\n\n var pwd = new Random.RandomPassword(\"pwd\", new()\n {\n Length = 16,\n Special = false,\n });\n\n var user = new Gcp.Sql.User(\"user\", new()\n {\n Name = \"user\",\n Instance = instance.Name,\n Host = \"%\",\n Password = pwd.Result,\n });\n\n var sourceConnectionProfile = new Gcp.Datastream.ConnectionProfile(\"source_connection_profile\", new()\n {\n DisplayName = \"Source connection profile\",\n Location = \"us-central1\",\n ConnectionProfileId = \"source-profile\",\n MysqlProfile = new Gcp.Datastream.Inputs.ConnectionProfileMysqlProfileArgs\n {\n Hostname = instance.PublicIpAddress,\n Username = user.Name,\n Password = user.Password,\n },\n });\n\n var bqSa = Gcp.BigQuery.GetDefaultServiceAccount.Invoke();\n\n var bigqueryKeyUser = new Gcp.Kms.CryptoKeyIAMMember(\"bigquery_key_user\", new()\n {\n CryptoKeyId = \"bigquery-kms-name\",\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:{bqSa.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Email)}\",\n });\n\n var destinationConnectionProfile = new Gcp.Datastream.ConnectionProfile(\"destination_connection_profile\", new()\n {\n DisplayName = \"Connection profile\",\n Location = \"us-central1\",\n ConnectionProfileId = \"destination-profile\",\n BigqueryProfile = null,\n });\n\n var @default = new Gcp.Datastream.Stream(\"default\", new()\n {\n StreamId = \"my-stream\",\n Location = \"us-central1\",\n DisplayName = \"my stream\",\n SourceConfig = new Gcp.Datastream.Inputs.StreamSourceConfigArgs\n {\n SourceConnectionProfile = sourceConnectionProfile.Id,\n MysqlSourceConfig = null,\n },\n DestinationConfig = new Gcp.Datastream.Inputs.StreamDestinationConfigArgs\n {\n DestinationConnectionProfile = destinationConnectionProfile.Id,\n BigqueryDestinationConfig = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigArgs\n {\n SourceHierarchyDatasets = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs\n {\n DatasetTemplate = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs\n {\n Location = \"us-central1\",\n KmsKeyName = \"bigquery-kms-name\",\n },\n },\n },\n },\n BackfillNone = null,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n bigqueryKeyUser,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datastream\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi-random/sdk/v4/go/random\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstance, err := sql.NewDatabaseInstance(ctx, \"instance\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_8_0\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t\tBackupConfiguration: \u0026sql.DatabaseInstanceSettingsBackupConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tBinaryLogEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tIpConfiguration: \u0026sql.DatabaseInstanceSettingsIpConfigurationArgs{\n\t\t\t\t\tAuthorizedNetworks: sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArray{\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.71.242.81\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.72.28.29\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.67.6.157\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.67.234.134\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.72.239.218\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sql.NewDatabase(ctx, \"db\", \u0026sql.DatabaseArgs{\n\t\t\tInstance: instance.Name,\n\t\t\tName: pulumi.String(\"db\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpwd, err := random.NewRandomPassword(ctx, \"pwd\", \u0026random.RandomPasswordArgs{\n\t\t\tLength: pulumi.Int(16),\n\t\t\tSpecial: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := sql.NewUser(ctx, \"user\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"user\"),\n\t\t\tInstance: instance.Name,\n\t\t\tHost: pulumi.String(\"%\"),\n\t\t\tPassword: pwd.Result,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceConnectionProfile, err := datastream.NewConnectionProfile(ctx, \"source_connection_profile\", \u0026datastream.ConnectionProfileArgs{\n\t\t\tDisplayName: pulumi.String(\"Source connection profile\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"source-profile\"),\n\t\t\tMysqlProfile: \u0026datastream.ConnectionProfileMysqlProfileArgs{\n\t\t\t\tHostname: instance.PublicIpAddress,\n\t\t\t\tUsername: user.Name,\n\t\t\t\tPassword: user.Password,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbqSa, err := bigquery.GetDefaultServiceAccount(ctx, \u0026bigquery.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbigqueryKeyUser, err := kms.NewCryptoKeyIAMMember(ctx, \"bigquery_key_user\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.String(\"bigquery-kms-name\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v\", bqSa.Email),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestinationConnectionProfile, err := datastream.NewConnectionProfile(ctx, \"destination_connection_profile\", \u0026datastream.ConnectionProfileArgs{\n\t\t\tDisplayName: pulumi.String(\"Connection profile\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"destination-profile\"),\n\t\t\tBigqueryProfile: \u0026datastream.ConnectionProfileBigqueryProfileArgs{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datastream.NewStream(ctx, \"default\", \u0026datastream.StreamArgs{\n\t\t\tStreamId: pulumi.String(\"my-stream\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDisplayName: pulumi.String(\"my stream\"),\n\t\t\tSourceConfig: \u0026datastream.StreamSourceConfigArgs{\n\t\t\t\tSourceConnectionProfile: sourceConnectionProfile.ID(),\n\t\t\t\tMysqlSourceConfig: \u0026datastream.StreamSourceConfigMysqlSourceConfigArgs{},\n\t\t\t},\n\t\t\tDestinationConfig: \u0026datastream.StreamDestinationConfigArgs{\n\t\t\t\tDestinationConnectionProfile: destinationConnectionProfile.ID(),\n\t\t\t\tBigqueryDestinationConfig: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigArgs{\n\t\t\t\t\tSourceHierarchyDatasets: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs{\n\t\t\t\t\t\tDatasetTemplate: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs{\n\t\t\t\t\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\t\t\t\t\tKmsKeyName: pulumi.String(\"bigquery-kms-name\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tBackfillNone: \u0026datastream.StreamBackfillNoneArgs{},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tbigqueryKeyUser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsBackupConfigurationArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsIpConfigurationArgs;\nimport com.pulumi.gcp.sql.Database;\nimport com.pulumi.gcp.sql.DatabaseArgs;\nimport com.pulumi.random.RandomPassword;\nimport com.pulumi.random.RandomPasswordArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport com.pulumi.gcp.datastream.ConnectionProfile;\nimport com.pulumi.gcp.datastream.ConnectionProfileArgs;\nimport com.pulumi.gcp.datastream.inputs.ConnectionProfileMysqlProfileArgs;\nimport com.pulumi.gcp.bigquery.BigqueryFunctions;\nimport com.pulumi.gcp.bigquery.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.datastream.inputs.ConnectionProfileBigqueryProfileArgs;\nimport com.pulumi.gcp.datastream.Stream;\nimport com.pulumi.gcp.datastream.StreamArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigMysqlSourceConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamBackfillNoneArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var instance = new DatabaseInstance(\"instance\", DatabaseInstanceArgs.builder()\n .name(\"my-instance\")\n .databaseVersion(\"MYSQL_8_0\")\n .region(\"us-central1\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .backupConfiguration(DatabaseInstanceSettingsBackupConfigurationArgs.builder()\n .enabled(true)\n .binaryLogEnabled(true)\n .build())\n .ipConfiguration(DatabaseInstanceSettingsIpConfigurationArgs.builder()\n .authorizedNetworks( \n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.71.242.81\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.72.28.29\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.67.6.157\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.67.234.134\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.72.239.218\")\n .build())\n .build())\n .build())\n .deletionProtection(true)\n .build());\n\n var db = new Database(\"db\", DatabaseArgs.builder()\n .instance(instance.name())\n .name(\"db\")\n .build());\n\n var pwd = new RandomPassword(\"pwd\", RandomPasswordArgs.builder()\n .length(16)\n .special(false)\n .build());\n\n var user = new User(\"user\", UserArgs.builder()\n .name(\"user\")\n .instance(instance.name())\n .host(\"%\")\n .password(pwd.result())\n .build());\n\n var sourceConnectionProfile = new ConnectionProfile(\"sourceConnectionProfile\", ConnectionProfileArgs.builder()\n .displayName(\"Source connection profile\")\n .location(\"us-central1\")\n .connectionProfileId(\"source-profile\")\n .mysqlProfile(ConnectionProfileMysqlProfileArgs.builder()\n .hostname(instance.publicIpAddress())\n .username(user.name())\n .password(user.password())\n .build())\n .build());\n\n final var bqSa = BigqueryFunctions.getDefaultServiceAccount();\n\n var bigqueryKeyUser = new CryptoKeyIAMMember(\"bigqueryKeyUser\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(\"bigquery-kms-name\")\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:%s\", bqSa.applyValue(getDefaultServiceAccountResult -\u003e getDefaultServiceAccountResult.email())))\n .build());\n\n var destinationConnectionProfile = new ConnectionProfile(\"destinationConnectionProfile\", ConnectionProfileArgs.builder()\n .displayName(\"Connection profile\")\n .location(\"us-central1\")\n .connectionProfileId(\"destination-profile\")\n .bigqueryProfile()\n .build());\n\n var default_ = new Stream(\"default\", StreamArgs.builder()\n .streamId(\"my-stream\")\n .location(\"us-central1\")\n .displayName(\"my stream\")\n .sourceConfig(StreamSourceConfigArgs.builder()\n .sourceConnectionProfile(sourceConnectionProfile.id())\n .mysqlSourceConfig()\n .build())\n .destinationConfig(StreamDestinationConfigArgs.builder()\n .destinationConnectionProfile(destinationConnectionProfile.id())\n .bigqueryDestinationConfig(StreamDestinationConfigBigqueryDestinationConfigArgs.builder()\n .sourceHierarchyDatasets(StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs.builder()\n .datasetTemplate(StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs.builder()\n .location(\"us-central1\")\n .kmsKeyName(\"bigquery-kms-name\")\n .build())\n .build())\n .build())\n .build())\n .backfillNone()\n .build(), CustomResourceOptions.builder()\n .dependsOn(bigqueryKeyUser)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:sql:DatabaseInstance\n properties:\n name: my-instance\n databaseVersion: MYSQL_8_0\n region: us-central1\n settings:\n tier: db-f1-micro\n backupConfiguration:\n enabled: true\n binaryLogEnabled: true\n ipConfiguration:\n authorizedNetworks:\n - value: 34.71.242.81\n - value: 34.72.28.29\n - value: 34.67.6.157\n - value: 34.67.234.134\n - value: 34.72.239.218\n deletionProtection: true\n db:\n type: gcp:sql:Database\n properties:\n instance: ${instance.name}\n name: db\n pwd:\n type: random:RandomPassword\n properties:\n length: 16\n special: false\n user:\n type: gcp:sql:User\n properties:\n name: user\n instance: ${instance.name}\n host: '%'\n password: ${pwd.result}\n sourceConnectionProfile:\n type: gcp:datastream:ConnectionProfile\n name: source_connection_profile\n properties:\n displayName: Source connection profile\n location: us-central1\n connectionProfileId: source-profile\n mysqlProfile:\n hostname: ${instance.publicIpAddress}\n username: ${user.name}\n password: ${user.password}\n bigqueryKeyUser:\n type: gcp:kms:CryptoKeyIAMMember\n name: bigquery_key_user\n properties:\n cryptoKeyId: bigquery-kms-name\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:${bqSa.email}\n destinationConnectionProfile:\n type: gcp:datastream:ConnectionProfile\n name: destination_connection_profile\n properties:\n displayName: Connection profile\n location: us-central1\n connectionProfileId: destination-profile\n bigqueryProfile: {}\n default:\n type: gcp:datastream:Stream\n properties:\n streamId: my-stream\n location: us-central1\n displayName: my stream\n sourceConfig:\n sourceConnectionProfile: ${sourceConnectionProfile.id}\n mysqlSourceConfig: {}\n destinationConfig:\n destinationConnectionProfile: ${destinationConnectionProfile.id}\n bigqueryDestinationConfig:\n sourceHierarchyDatasets:\n datasetTemplate:\n location: us-central1\n kmsKeyName: bigquery-kms-name\n backfillNone: {}\n options:\n dependson:\n - ${bigqueryKeyUser}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n bqSa:\n fn::invoke:\n Function: gcp:bigquery:getDefaultServiceAccount\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Datastream Stream Bigquery Append Only\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as random from \"@pulumi/random\";\n\nconst project = gcp.organizations.getProject({});\nconst instance = new gcp.sql.DatabaseInstance(\"instance\", {\n name: \"my-instance\",\n databaseVersion: \"MYSQL_8_0\",\n region: \"us-central1\",\n settings: {\n tier: \"db-f1-micro\",\n backupConfiguration: {\n enabled: true,\n binaryLogEnabled: true,\n },\n ipConfiguration: {\n authorizedNetworks: [\n {\n value: \"34.71.242.81\",\n },\n {\n value: \"34.72.28.29\",\n },\n {\n value: \"34.67.6.157\",\n },\n {\n value: \"34.67.234.134\",\n },\n {\n value: \"34.72.239.218\",\n },\n ],\n },\n },\n deletionProtection: true,\n});\nconst db = new gcp.sql.Database(\"db\", {\n instance: instance.name,\n name: \"db\",\n});\nconst pwd = new random.RandomPassword(\"pwd\", {\n length: 16,\n special: false,\n});\nconst user = new gcp.sql.User(\"user\", {\n name: \"user\",\n instance: instance.name,\n host: \"%\",\n password: pwd.result,\n});\nconst sourceConnectionProfile = new gcp.datastream.ConnectionProfile(\"source_connection_profile\", {\n displayName: \"Source connection profile\",\n location: \"us-central1\",\n connectionProfileId: \"source-profile\",\n mysqlProfile: {\n hostname: instance.publicIpAddress,\n username: user.name,\n password: user.password,\n },\n});\nconst destinationConnectionProfile = new gcp.datastream.ConnectionProfile(\"destination_connection_profile\", {\n displayName: \"Connection profile\",\n location: \"us-central1\",\n connectionProfileId: \"destination-profile\",\n bigqueryProfile: {},\n});\nconst _default = new gcp.datastream.Stream(\"default\", {\n streamId: \"my-stream\",\n location: \"us-central1\",\n displayName: \"my stream\",\n sourceConfig: {\n sourceConnectionProfile: sourceConnectionProfile.id,\n mysqlSourceConfig: {},\n },\n destinationConfig: {\n destinationConnectionProfile: destinationConnectionProfile.id,\n bigqueryDestinationConfig: {\n sourceHierarchyDatasets: {\n datasetTemplate: {\n location: \"us-central1\",\n },\n },\n appendOnly: {},\n },\n },\n backfillNone: {},\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_random as random\n\nproject = gcp.organizations.get_project()\ninstance = gcp.sql.DatabaseInstance(\"instance\",\n name=\"my-instance\",\n database_version=\"MYSQL_8_0\",\n region=\"us-central1\",\n settings={\n \"tier\": \"db-f1-micro\",\n \"backup_configuration\": {\n \"enabled\": True,\n \"binary_log_enabled\": True,\n },\n \"ip_configuration\": {\n \"authorized_networks\": [\n {\n \"value\": \"34.71.242.81\",\n },\n {\n \"value\": \"34.72.28.29\",\n },\n {\n \"value\": \"34.67.6.157\",\n },\n {\n \"value\": \"34.67.234.134\",\n },\n {\n \"value\": \"34.72.239.218\",\n },\n ],\n },\n },\n deletion_protection=True)\ndb = gcp.sql.Database(\"db\",\n instance=instance.name,\n name=\"db\")\npwd = random.RandomPassword(\"pwd\",\n length=16,\n special=False)\nuser = gcp.sql.User(\"user\",\n name=\"user\",\n instance=instance.name,\n host=\"%\",\n password=pwd.result)\nsource_connection_profile = gcp.datastream.ConnectionProfile(\"source_connection_profile\",\n display_name=\"Source connection profile\",\n location=\"us-central1\",\n connection_profile_id=\"source-profile\",\n mysql_profile={\n \"hostname\": instance.public_ip_address,\n \"username\": user.name,\n \"password\": user.password,\n })\ndestination_connection_profile = gcp.datastream.ConnectionProfile(\"destination_connection_profile\",\n display_name=\"Connection profile\",\n location=\"us-central1\",\n connection_profile_id=\"destination-profile\",\n bigquery_profile={})\ndefault = gcp.datastream.Stream(\"default\",\n stream_id=\"my-stream\",\n location=\"us-central1\",\n display_name=\"my stream\",\n source_config={\n \"source_connection_profile\": source_connection_profile.id,\n \"mysql_source_config\": {},\n },\n destination_config={\n \"destination_connection_profile\": destination_connection_profile.id,\n \"bigquery_destination_config\": {\n \"source_hierarchy_datasets\": {\n \"dataset_template\": {\n \"location\": \"us-central1\",\n },\n },\n \"append_only\": {},\n },\n },\n backfill_none={})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Random = Pulumi.Random;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var instance = new Gcp.Sql.DatabaseInstance(\"instance\", new()\n {\n Name = \"my-instance\",\n DatabaseVersion = \"MYSQL_8_0\",\n Region = \"us-central1\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n BackupConfiguration = new Gcp.Sql.Inputs.DatabaseInstanceSettingsBackupConfigurationArgs\n {\n Enabled = true,\n BinaryLogEnabled = true,\n },\n IpConfiguration = new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationArgs\n {\n AuthorizedNetworks = new[]\n {\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.71.242.81\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.72.28.29\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.67.6.157\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.67.234.134\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.72.239.218\",\n },\n },\n },\n },\n DeletionProtection = true,\n });\n\n var db = new Gcp.Sql.Database(\"db\", new()\n {\n Instance = instance.Name,\n Name = \"db\",\n });\n\n var pwd = new Random.RandomPassword(\"pwd\", new()\n {\n Length = 16,\n Special = false,\n });\n\n var user = new Gcp.Sql.User(\"user\", new()\n {\n Name = \"user\",\n Instance = instance.Name,\n Host = \"%\",\n Password = pwd.Result,\n });\n\n var sourceConnectionProfile = new Gcp.Datastream.ConnectionProfile(\"source_connection_profile\", new()\n {\n DisplayName = \"Source connection profile\",\n Location = \"us-central1\",\n ConnectionProfileId = \"source-profile\",\n MysqlProfile = new Gcp.Datastream.Inputs.ConnectionProfileMysqlProfileArgs\n {\n Hostname = instance.PublicIpAddress,\n Username = user.Name,\n Password = user.Password,\n },\n });\n\n var destinationConnectionProfile = new Gcp.Datastream.ConnectionProfile(\"destination_connection_profile\", new()\n {\n DisplayName = \"Connection profile\",\n Location = \"us-central1\",\n ConnectionProfileId = \"destination-profile\",\n BigqueryProfile = null,\n });\n\n var @default = new Gcp.Datastream.Stream(\"default\", new()\n {\n StreamId = \"my-stream\",\n Location = \"us-central1\",\n DisplayName = \"my stream\",\n SourceConfig = new Gcp.Datastream.Inputs.StreamSourceConfigArgs\n {\n SourceConnectionProfile = sourceConnectionProfile.Id,\n MysqlSourceConfig = null,\n },\n DestinationConfig = new Gcp.Datastream.Inputs.StreamDestinationConfigArgs\n {\n DestinationConnectionProfile = destinationConnectionProfile.Id,\n BigqueryDestinationConfig = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigArgs\n {\n SourceHierarchyDatasets = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs\n {\n DatasetTemplate = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs\n {\n Location = \"us-central1\",\n },\n },\n AppendOnly = null,\n },\n },\n BackfillNone = null,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datastream\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi-random/sdk/v4/go/random\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstance, err := sql.NewDatabaseInstance(ctx, \"instance\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_8_0\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t\tBackupConfiguration: \u0026sql.DatabaseInstanceSettingsBackupConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tBinaryLogEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tIpConfiguration: \u0026sql.DatabaseInstanceSettingsIpConfigurationArgs{\n\t\t\t\t\tAuthorizedNetworks: sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArray{\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.71.242.81\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.72.28.29\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.67.6.157\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.67.234.134\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.72.239.218\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sql.NewDatabase(ctx, \"db\", \u0026sql.DatabaseArgs{\n\t\t\tInstance: instance.Name,\n\t\t\tName: pulumi.String(\"db\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpwd, err := random.NewRandomPassword(ctx, \"pwd\", \u0026random.RandomPasswordArgs{\n\t\t\tLength: pulumi.Int(16),\n\t\t\tSpecial: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := sql.NewUser(ctx, \"user\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"user\"),\n\t\t\tInstance: instance.Name,\n\t\t\tHost: pulumi.String(\"%\"),\n\t\t\tPassword: pwd.Result,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceConnectionProfile, err := datastream.NewConnectionProfile(ctx, \"source_connection_profile\", \u0026datastream.ConnectionProfileArgs{\n\t\t\tDisplayName: pulumi.String(\"Source connection profile\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"source-profile\"),\n\t\t\tMysqlProfile: \u0026datastream.ConnectionProfileMysqlProfileArgs{\n\t\t\t\tHostname: instance.PublicIpAddress,\n\t\t\t\tUsername: user.Name,\n\t\t\t\tPassword: user.Password,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestinationConnectionProfile, err := datastream.NewConnectionProfile(ctx, \"destination_connection_profile\", \u0026datastream.ConnectionProfileArgs{\n\t\t\tDisplayName: pulumi.String(\"Connection profile\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"destination-profile\"),\n\t\t\tBigqueryProfile: \u0026datastream.ConnectionProfileBigqueryProfileArgs{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datastream.NewStream(ctx, \"default\", \u0026datastream.StreamArgs{\n\t\t\tStreamId: pulumi.String(\"my-stream\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDisplayName: pulumi.String(\"my stream\"),\n\t\t\tSourceConfig: \u0026datastream.StreamSourceConfigArgs{\n\t\t\t\tSourceConnectionProfile: sourceConnectionProfile.ID(),\n\t\t\t\tMysqlSourceConfig: \u0026datastream.StreamSourceConfigMysqlSourceConfigArgs{},\n\t\t\t},\n\t\t\tDestinationConfig: \u0026datastream.StreamDestinationConfigArgs{\n\t\t\t\tDestinationConnectionProfile: destinationConnectionProfile.ID(),\n\t\t\t\tBigqueryDestinationConfig: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigArgs{\n\t\t\t\t\tSourceHierarchyDatasets: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs{\n\t\t\t\t\t\tDatasetTemplate: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs{\n\t\t\t\t\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tAppendOnly: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigAppendOnlyArgs{},\n\t\t\t\t},\n\t\t\t},\n\t\t\tBackfillNone: \u0026datastream.StreamBackfillNoneArgs{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsBackupConfigurationArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsIpConfigurationArgs;\nimport com.pulumi.gcp.sql.Database;\nimport com.pulumi.gcp.sql.DatabaseArgs;\nimport com.pulumi.random.RandomPassword;\nimport com.pulumi.random.RandomPasswordArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport com.pulumi.gcp.datastream.ConnectionProfile;\nimport com.pulumi.gcp.datastream.ConnectionProfileArgs;\nimport com.pulumi.gcp.datastream.inputs.ConnectionProfileMysqlProfileArgs;\nimport com.pulumi.gcp.datastream.inputs.ConnectionProfileBigqueryProfileArgs;\nimport com.pulumi.gcp.datastream.Stream;\nimport com.pulumi.gcp.datastream.StreamArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigMysqlSourceConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigAppendOnlyArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamBackfillNoneArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var instance = new DatabaseInstance(\"instance\", DatabaseInstanceArgs.builder()\n .name(\"my-instance\")\n .databaseVersion(\"MYSQL_8_0\")\n .region(\"us-central1\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .backupConfiguration(DatabaseInstanceSettingsBackupConfigurationArgs.builder()\n .enabled(true)\n .binaryLogEnabled(true)\n .build())\n .ipConfiguration(DatabaseInstanceSettingsIpConfigurationArgs.builder()\n .authorizedNetworks( \n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.71.242.81\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.72.28.29\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.67.6.157\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.67.234.134\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.72.239.218\")\n .build())\n .build())\n .build())\n .deletionProtection(true)\n .build());\n\n var db = new Database(\"db\", DatabaseArgs.builder()\n .instance(instance.name())\n .name(\"db\")\n .build());\n\n var pwd = new RandomPassword(\"pwd\", RandomPasswordArgs.builder()\n .length(16)\n .special(false)\n .build());\n\n var user = new User(\"user\", UserArgs.builder()\n .name(\"user\")\n .instance(instance.name())\n .host(\"%\")\n .password(pwd.result())\n .build());\n\n var sourceConnectionProfile = new ConnectionProfile(\"sourceConnectionProfile\", ConnectionProfileArgs.builder()\n .displayName(\"Source connection profile\")\n .location(\"us-central1\")\n .connectionProfileId(\"source-profile\")\n .mysqlProfile(ConnectionProfileMysqlProfileArgs.builder()\n .hostname(instance.publicIpAddress())\n .username(user.name())\n .password(user.password())\n .build())\n .build());\n\n var destinationConnectionProfile = new ConnectionProfile(\"destinationConnectionProfile\", ConnectionProfileArgs.builder()\n .displayName(\"Connection profile\")\n .location(\"us-central1\")\n .connectionProfileId(\"destination-profile\")\n .bigqueryProfile()\n .build());\n\n var default_ = new Stream(\"default\", StreamArgs.builder()\n .streamId(\"my-stream\")\n .location(\"us-central1\")\n .displayName(\"my stream\")\n .sourceConfig(StreamSourceConfigArgs.builder()\n .sourceConnectionProfile(sourceConnectionProfile.id())\n .mysqlSourceConfig()\n .build())\n .destinationConfig(StreamDestinationConfigArgs.builder()\n .destinationConnectionProfile(destinationConnectionProfile.id())\n .bigqueryDestinationConfig(StreamDestinationConfigBigqueryDestinationConfigArgs.builder()\n .sourceHierarchyDatasets(StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs.builder()\n .datasetTemplate(StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs.builder()\n .location(\"us-central1\")\n .build())\n .build())\n .appendOnly()\n .build())\n .build())\n .backfillNone()\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:sql:DatabaseInstance\n properties:\n name: my-instance\n databaseVersion: MYSQL_8_0\n region: us-central1\n settings:\n tier: db-f1-micro\n backupConfiguration:\n enabled: true\n binaryLogEnabled: true\n ipConfiguration:\n authorizedNetworks:\n - value: 34.71.242.81\n - value: 34.72.28.29\n - value: 34.67.6.157\n - value: 34.67.234.134\n - value: 34.72.239.218\n deletionProtection: true\n db:\n type: gcp:sql:Database\n properties:\n instance: ${instance.name}\n name: db\n pwd:\n type: random:RandomPassword\n properties:\n length: 16\n special: false\n user:\n type: gcp:sql:User\n properties:\n name: user\n instance: ${instance.name}\n host: '%'\n password: ${pwd.result}\n sourceConnectionProfile:\n type: gcp:datastream:ConnectionProfile\n name: source_connection_profile\n properties:\n displayName: Source connection profile\n location: us-central1\n connectionProfileId: source-profile\n mysqlProfile:\n hostname: ${instance.publicIpAddress}\n username: ${user.name}\n password: ${user.password}\n destinationConnectionProfile:\n type: gcp:datastream:ConnectionProfile\n name: destination_connection_profile\n properties:\n displayName: Connection profile\n location: us-central1\n connectionProfileId: destination-profile\n bigqueryProfile: {}\n default:\n type: gcp:datastream:Stream\n properties:\n streamId: my-stream\n location: us-central1\n displayName: my stream\n sourceConfig:\n sourceConnectionProfile: ${sourceConnectionProfile.id}\n mysqlSourceConfig: {}\n destinationConfig:\n destinationConnectionProfile: ${destinationConnectionProfile.id}\n bigqueryDestinationConfig:\n sourceHierarchyDatasets:\n datasetTemplate:\n location: us-central1\n appendOnly: {}\n backfillNone: {}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nStream can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/streams/{{stream_id}}`\n\n* `{{project}}/{{location}}/{{stream_id}}`\n\n* `{{location}}/{{stream_id}}`\n\nWhen using the `pulumi import` command, Stream can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:datastream/stream:Stream default projects/{{project}}/locations/{{location}}/streams/{{stream_id}}\n```\n\n```sh\n$ pulumi import gcp:datastream/stream:Stream default {{project}}/{{location}}/{{stream_id}}\n```\n\n```sh\n$ pulumi import gcp:datastream/stream:Stream default {{location}}/{{stream_id}}\n```\n\n", + "description": "A resource representing streaming data from a source to a destination.\n\n\nTo get more information about Stream, see:\n\n* [API documentation](https://cloud.google.com/datastream/docs/reference/rest/v1/projects.locations.streams)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/datastream/docs/create-a-stream)\n\n## Example Usage\n\n### Datastream Stream Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as random from \"@pulumi/random\";\n\nconst project = gcp.organizations.getProject({});\nconst instance = new gcp.sql.DatabaseInstance(\"instance\", {\n name: \"my-instance\",\n databaseVersion: \"MYSQL_8_0\",\n region: \"us-central1\",\n settings: {\n tier: \"db-f1-micro\",\n backupConfiguration: {\n enabled: true,\n binaryLogEnabled: true,\n },\n ipConfiguration: {\n authorizedNetworks: [\n {\n value: \"34.71.242.81\",\n },\n {\n value: \"34.72.28.29\",\n },\n {\n value: \"34.67.6.157\",\n },\n {\n value: \"34.67.234.134\",\n },\n {\n value: \"34.72.239.218\",\n },\n ],\n },\n },\n deletionProtection: true,\n});\nconst db = new gcp.sql.Database(\"db\", {\n instance: instance.name,\n name: \"db\",\n});\nconst pwd = new random.RandomPassword(\"pwd\", {\n length: 16,\n special: false,\n});\nconst user = new gcp.sql.User(\"user\", {\n name: \"user\",\n instance: instance.name,\n host: \"%\",\n password: pwd.result,\n});\nconst sourceConnectionProfile = new gcp.datastream.ConnectionProfile(\"source_connection_profile\", {\n displayName: \"Source connection profile\",\n location: \"us-central1\",\n connectionProfileId: \"source-profile\",\n mysqlProfile: {\n hostname: instance.publicIpAddress,\n username: user.name,\n password: user.password,\n },\n});\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: \"my-bucket\",\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst viewer = new gcp.storage.BucketIAMMember(\"viewer\", {\n bucket: bucket.name,\n role: \"roles/storage.objectViewer\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-datastream.iam.gserviceaccount.com`),\n});\nconst creator = new gcp.storage.BucketIAMMember(\"creator\", {\n bucket: bucket.name,\n role: \"roles/storage.objectCreator\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-datastream.iam.gserviceaccount.com`),\n});\nconst reader = new gcp.storage.BucketIAMMember(\"reader\", {\n bucket: bucket.name,\n role: \"roles/storage.legacyBucketReader\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-datastream.iam.gserviceaccount.com`),\n});\nconst keyUser = new gcp.kms.CryptoKeyIAMMember(\"key_user\", {\n cryptoKeyId: \"kms-name\",\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-datastream.iam.gserviceaccount.com`),\n});\nconst destinationConnectionProfile = new gcp.datastream.ConnectionProfile(\"destination_connection_profile\", {\n displayName: \"Connection profile\",\n location: \"us-central1\",\n connectionProfileId: \"destination-profile\",\n gcsProfile: {\n bucket: bucket.name,\n rootPath: \"/path\",\n },\n});\nconst _default = new gcp.datastream.Stream(\"default\", {\n streamId: \"my-stream\",\n desiredState: \"NOT_STARTED\",\n location: \"us-central1\",\n displayName: \"my stream\",\n labels: {\n key: \"value\",\n },\n sourceConfig: {\n sourceConnectionProfile: sourceConnectionProfile.id,\n mysqlSourceConfig: {\n includeObjects: {\n mysqlDatabases: [{\n database: \"my-database\",\n mysqlTables: [\n {\n table: \"includedTable\",\n mysqlColumns: [{\n column: \"includedColumn\",\n dataType: \"VARCHAR\",\n collation: \"utf8mb4\",\n primaryKey: false,\n nullable: false,\n ordinalPosition: 0,\n }],\n },\n {\n table: \"includedTable_2\",\n },\n ],\n }],\n },\n excludeObjects: {\n mysqlDatabases: [{\n database: \"my-database\",\n mysqlTables: [{\n table: \"excludedTable\",\n mysqlColumns: [{\n column: \"excludedColumn\",\n dataType: \"VARCHAR\",\n collation: \"utf8mb4\",\n primaryKey: false,\n nullable: false,\n ordinalPosition: 0,\n }],\n }],\n }],\n },\n maxConcurrentCdcTasks: 5,\n },\n },\n destinationConfig: {\n destinationConnectionProfile: destinationConnectionProfile.id,\n gcsDestinationConfig: {\n path: \"mydata\",\n fileRotationMb: 200,\n fileRotationInterval: \"60s\",\n jsonFileFormat: {\n schemaFileFormat: \"NO_SCHEMA_FILE\",\n compression: \"GZIP\",\n },\n },\n },\n backfillAll: {\n mysqlExcludedObjects: {\n mysqlDatabases: [{\n database: \"my-database\",\n mysqlTables: [{\n table: \"excludedTable\",\n mysqlColumns: [{\n column: \"excludedColumn\",\n dataType: \"VARCHAR\",\n collation: \"utf8mb4\",\n primaryKey: false,\n nullable: false,\n ordinalPosition: 0,\n }],\n }],\n }],\n },\n },\n customerManagedEncryptionKey: \"kms-name\",\n}, {\n dependsOn: [keyUser],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_random as random\n\nproject = gcp.organizations.get_project()\ninstance = gcp.sql.DatabaseInstance(\"instance\",\n name=\"my-instance\",\n database_version=\"MYSQL_8_0\",\n region=\"us-central1\",\n settings={\n \"tier\": \"db-f1-micro\",\n \"backup_configuration\": {\n \"enabled\": True,\n \"binary_log_enabled\": True,\n },\n \"ip_configuration\": {\n \"authorized_networks\": [\n {\n \"value\": \"34.71.242.81\",\n },\n {\n \"value\": \"34.72.28.29\",\n },\n {\n \"value\": \"34.67.6.157\",\n },\n {\n \"value\": \"34.67.234.134\",\n },\n {\n \"value\": \"34.72.239.218\",\n },\n ],\n },\n },\n deletion_protection=True)\ndb = gcp.sql.Database(\"db\",\n instance=instance.name,\n name=\"db\")\npwd = random.RandomPassword(\"pwd\",\n length=16,\n special=False)\nuser = gcp.sql.User(\"user\",\n name=\"user\",\n instance=instance.name,\n host=\"%\",\n password=pwd.result)\nsource_connection_profile = gcp.datastream.ConnectionProfile(\"source_connection_profile\",\n display_name=\"Source connection profile\",\n location=\"us-central1\",\n connection_profile_id=\"source-profile\",\n mysql_profile={\n \"hostname\": instance.public_ip_address,\n \"username\": user.name,\n \"password\": user.password,\n })\nbucket = gcp.storage.Bucket(\"bucket\",\n name=\"my-bucket\",\n location=\"US\",\n uniform_bucket_level_access=True)\nviewer = gcp.storage.BucketIAMMember(\"viewer\",\n bucket=bucket.name,\n role=\"roles/storage.objectViewer\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-datastream.iam.gserviceaccount.com\")\ncreator = gcp.storage.BucketIAMMember(\"creator\",\n bucket=bucket.name,\n role=\"roles/storage.objectCreator\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-datastream.iam.gserviceaccount.com\")\nreader = gcp.storage.BucketIAMMember(\"reader\",\n bucket=bucket.name,\n role=\"roles/storage.legacyBucketReader\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-datastream.iam.gserviceaccount.com\")\nkey_user = gcp.kms.CryptoKeyIAMMember(\"key_user\",\n crypto_key_id=\"kms-name\",\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-datastream.iam.gserviceaccount.com\")\ndestination_connection_profile = gcp.datastream.ConnectionProfile(\"destination_connection_profile\",\n display_name=\"Connection profile\",\n location=\"us-central1\",\n connection_profile_id=\"destination-profile\",\n gcs_profile={\n \"bucket\": bucket.name,\n \"root_path\": \"/path\",\n })\ndefault = gcp.datastream.Stream(\"default\",\n stream_id=\"my-stream\",\n desired_state=\"NOT_STARTED\",\n location=\"us-central1\",\n display_name=\"my stream\",\n labels={\n \"key\": \"value\",\n },\n source_config={\n \"source_connection_profile\": source_connection_profile.id,\n \"mysql_source_config\": {\n \"include_objects\": {\n \"mysql_databases\": [{\n \"database\": \"my-database\",\n \"mysql_tables\": [\n {\n \"table\": \"includedTable\",\n \"mysql_columns\": [{\n \"column\": \"includedColumn\",\n \"data_type\": \"VARCHAR\",\n \"collation\": \"utf8mb4\",\n \"primary_key\": False,\n \"nullable\": False,\n \"ordinal_position\": 0,\n }],\n },\n {\n \"table\": \"includedTable_2\",\n },\n ],\n }],\n },\n \"exclude_objects\": {\n \"mysql_databases\": [{\n \"database\": \"my-database\",\n \"mysql_tables\": [{\n \"table\": \"excludedTable\",\n \"mysql_columns\": [{\n \"column\": \"excludedColumn\",\n \"data_type\": \"VARCHAR\",\n \"collation\": \"utf8mb4\",\n \"primary_key\": False,\n \"nullable\": False,\n \"ordinal_position\": 0,\n }],\n }],\n }],\n },\n \"max_concurrent_cdc_tasks\": 5,\n },\n },\n destination_config={\n \"destination_connection_profile\": destination_connection_profile.id,\n \"gcs_destination_config\": {\n \"path\": \"mydata\",\n \"file_rotation_mb\": 200,\n \"file_rotation_interval\": \"60s\",\n \"json_file_format\": {\n \"schema_file_format\": \"NO_SCHEMA_FILE\",\n \"compression\": \"GZIP\",\n },\n },\n },\n backfill_all={\n \"mysql_excluded_objects\": {\n \"mysql_databases\": [{\n \"database\": \"my-database\",\n \"mysql_tables\": [{\n \"table\": \"excludedTable\",\n \"mysql_columns\": [{\n \"column\": \"excludedColumn\",\n \"data_type\": \"VARCHAR\",\n \"collation\": \"utf8mb4\",\n \"primary_key\": False,\n \"nullable\": False,\n \"ordinal_position\": 0,\n }],\n }],\n }],\n },\n },\n customer_managed_encryption_key=\"kms-name\",\n opts = pulumi.ResourceOptions(depends_on=[key_user]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Random = Pulumi.Random;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var instance = new Gcp.Sql.DatabaseInstance(\"instance\", new()\n {\n Name = \"my-instance\",\n DatabaseVersion = \"MYSQL_8_0\",\n Region = \"us-central1\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n BackupConfiguration = new Gcp.Sql.Inputs.DatabaseInstanceSettingsBackupConfigurationArgs\n {\n Enabled = true,\n BinaryLogEnabled = true,\n },\n IpConfiguration = new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationArgs\n {\n AuthorizedNetworks = new[]\n {\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.71.242.81\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.72.28.29\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.67.6.157\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.67.234.134\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.72.239.218\",\n },\n },\n },\n },\n DeletionProtection = true,\n });\n\n var db = new Gcp.Sql.Database(\"db\", new()\n {\n Instance = instance.Name,\n Name = \"db\",\n });\n\n var pwd = new Random.RandomPassword(\"pwd\", new()\n {\n Length = 16,\n Special = false,\n });\n\n var user = new Gcp.Sql.User(\"user\", new()\n {\n Name = \"user\",\n Instance = instance.Name,\n Host = \"%\",\n Password = pwd.Result,\n });\n\n var sourceConnectionProfile = new Gcp.Datastream.ConnectionProfile(\"source_connection_profile\", new()\n {\n DisplayName = \"Source connection profile\",\n Location = \"us-central1\",\n ConnectionProfileId = \"source-profile\",\n MysqlProfile = new Gcp.Datastream.Inputs.ConnectionProfileMysqlProfileArgs\n {\n Hostname = instance.PublicIpAddress,\n Username = user.Name,\n Password = user.Password,\n },\n });\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = \"my-bucket\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var viewer = new Gcp.Storage.BucketIAMMember(\"viewer\", new()\n {\n Bucket = bucket.Name,\n Role = \"roles/storage.objectViewer\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-datastream.iam.gserviceaccount.com\",\n });\n\n var creator = new Gcp.Storage.BucketIAMMember(\"creator\", new()\n {\n Bucket = bucket.Name,\n Role = \"roles/storage.objectCreator\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-datastream.iam.gserviceaccount.com\",\n });\n\n var reader = new Gcp.Storage.BucketIAMMember(\"reader\", new()\n {\n Bucket = bucket.Name,\n Role = \"roles/storage.legacyBucketReader\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-datastream.iam.gserviceaccount.com\",\n });\n\n var keyUser = new Gcp.Kms.CryptoKeyIAMMember(\"key_user\", new()\n {\n CryptoKeyId = \"kms-name\",\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-datastream.iam.gserviceaccount.com\",\n });\n\n var destinationConnectionProfile = new Gcp.Datastream.ConnectionProfile(\"destination_connection_profile\", new()\n {\n DisplayName = \"Connection profile\",\n Location = \"us-central1\",\n ConnectionProfileId = \"destination-profile\",\n GcsProfile = new Gcp.Datastream.Inputs.ConnectionProfileGcsProfileArgs\n {\n Bucket = bucket.Name,\n RootPath = \"/path\",\n },\n });\n\n var @default = new Gcp.Datastream.Stream(\"default\", new()\n {\n StreamId = \"my-stream\",\n DesiredState = \"NOT_STARTED\",\n Location = \"us-central1\",\n DisplayName = \"my stream\",\n Labels = \n {\n { \"key\", \"value\" },\n },\n SourceConfig = new Gcp.Datastream.Inputs.StreamSourceConfigArgs\n {\n SourceConnectionProfile = sourceConnectionProfile.Id,\n MysqlSourceConfig = new Gcp.Datastream.Inputs.StreamSourceConfigMysqlSourceConfigArgs\n {\n IncludeObjects = new Gcp.Datastream.Inputs.StreamSourceConfigMysqlSourceConfigIncludeObjectsArgs\n {\n MysqlDatabases = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigMysqlSourceConfigIncludeObjectsMysqlDatabaseArgs\n {\n Database = \"my-database\",\n MysqlTables = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigMysqlSourceConfigIncludeObjectsMysqlDatabaseMysqlTableArgs\n {\n Table = \"includedTable\",\n MysqlColumns = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigMysqlSourceConfigIncludeObjectsMysqlDatabaseMysqlTableMysqlColumnArgs\n {\n Column = \"includedColumn\",\n DataType = \"VARCHAR\",\n Collation = \"utf8mb4\",\n PrimaryKey = false,\n Nullable = false,\n OrdinalPosition = 0,\n },\n },\n },\n new Gcp.Datastream.Inputs.StreamSourceConfigMysqlSourceConfigIncludeObjectsMysqlDatabaseMysqlTableArgs\n {\n Table = \"includedTable_2\",\n },\n },\n },\n },\n },\n ExcludeObjects = new Gcp.Datastream.Inputs.StreamSourceConfigMysqlSourceConfigExcludeObjectsArgs\n {\n MysqlDatabases = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigMysqlSourceConfigExcludeObjectsMysqlDatabaseArgs\n {\n Database = \"my-database\",\n MysqlTables = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigMysqlSourceConfigExcludeObjectsMysqlDatabaseMysqlTableArgs\n {\n Table = \"excludedTable\",\n MysqlColumns = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigMysqlSourceConfigExcludeObjectsMysqlDatabaseMysqlTableMysqlColumnArgs\n {\n Column = \"excludedColumn\",\n DataType = \"VARCHAR\",\n Collation = \"utf8mb4\",\n PrimaryKey = false,\n Nullable = false,\n OrdinalPosition = 0,\n },\n },\n },\n },\n },\n },\n },\n MaxConcurrentCdcTasks = 5,\n },\n },\n DestinationConfig = new Gcp.Datastream.Inputs.StreamDestinationConfigArgs\n {\n DestinationConnectionProfile = destinationConnectionProfile.Id,\n GcsDestinationConfig = new Gcp.Datastream.Inputs.StreamDestinationConfigGcsDestinationConfigArgs\n {\n Path = \"mydata\",\n FileRotationMb = 200,\n FileRotationInterval = \"60s\",\n JsonFileFormat = new Gcp.Datastream.Inputs.StreamDestinationConfigGcsDestinationConfigJsonFileFormatArgs\n {\n SchemaFileFormat = \"NO_SCHEMA_FILE\",\n Compression = \"GZIP\",\n },\n },\n },\n BackfillAll = new Gcp.Datastream.Inputs.StreamBackfillAllArgs\n {\n MysqlExcludedObjects = new Gcp.Datastream.Inputs.StreamBackfillAllMysqlExcludedObjectsArgs\n {\n MysqlDatabases = new[]\n {\n new Gcp.Datastream.Inputs.StreamBackfillAllMysqlExcludedObjectsMysqlDatabaseArgs\n {\n Database = \"my-database\",\n MysqlTables = new[]\n {\n new Gcp.Datastream.Inputs.StreamBackfillAllMysqlExcludedObjectsMysqlDatabaseMysqlTableArgs\n {\n Table = \"excludedTable\",\n MysqlColumns = new[]\n {\n new Gcp.Datastream.Inputs.StreamBackfillAllMysqlExcludedObjectsMysqlDatabaseMysqlTableMysqlColumnArgs\n {\n Column = \"excludedColumn\",\n DataType = \"VARCHAR\",\n Collation = \"utf8mb4\",\n PrimaryKey = false,\n Nullable = false,\n OrdinalPosition = 0,\n },\n },\n },\n },\n },\n },\n },\n },\n CustomerManagedEncryptionKey = \"kms-name\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n keyUser,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datastream\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi-random/sdk/v4/go/random\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstance, err := sql.NewDatabaseInstance(ctx, \"instance\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_8_0\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t\tBackupConfiguration: \u0026sql.DatabaseInstanceSettingsBackupConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tBinaryLogEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tIpConfiguration: \u0026sql.DatabaseInstanceSettingsIpConfigurationArgs{\n\t\t\t\t\tAuthorizedNetworks: sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArray{\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.71.242.81\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.72.28.29\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.67.6.157\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.67.234.134\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.72.239.218\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sql.NewDatabase(ctx, \"db\", \u0026sql.DatabaseArgs{\n\t\t\tInstance: instance.Name,\n\t\t\tName: pulumi.String(\"db\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpwd, err := random.NewRandomPassword(ctx, \"pwd\", \u0026random.RandomPasswordArgs{\n\t\t\tLength: pulumi.Int(16),\n\t\t\tSpecial: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := sql.NewUser(ctx, \"user\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"user\"),\n\t\t\tInstance: instance.Name,\n\t\t\tHost: pulumi.String(\"%\"),\n\t\t\tPassword: pwd.Result,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceConnectionProfile, err := datastream.NewConnectionProfile(ctx, \"source_connection_profile\", \u0026datastream.ConnectionProfileArgs{\n\t\t\tDisplayName: pulumi.String(\"Source connection profile\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"source-profile\"),\n\t\t\tMysqlProfile: \u0026datastream.ConnectionProfileMysqlProfileArgs{\n\t\t\t\tHostname: instance.PublicIpAddress,\n\t\t\t\tUsername: user.Name,\n\t\t\t\tPassword: user.Password,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"my-bucket\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMMember(ctx, \"viewer\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: bucket.Name,\n\t\t\tRole: pulumi.String(\"roles/storage.objectViewer\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-datastream.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMMember(ctx, \"creator\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: bucket.Name,\n\t\t\tRole: pulumi.String(\"roles/storage.objectCreator\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-datastream.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMMember(ctx, \"reader\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: bucket.Name,\n\t\t\tRole: pulumi.String(\"roles/storage.legacyBucketReader\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-datastream.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkeyUser, err := kms.NewCryptoKeyIAMMember(ctx, \"key_user\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.String(\"kms-name\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-datastream.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestinationConnectionProfile, err := datastream.NewConnectionProfile(ctx, \"destination_connection_profile\", \u0026datastream.ConnectionProfileArgs{\n\t\t\tDisplayName: pulumi.String(\"Connection profile\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"destination-profile\"),\n\t\t\tGcsProfile: \u0026datastream.ConnectionProfileGcsProfileArgs{\n\t\t\t\tBucket: bucket.Name,\n\t\t\t\tRootPath: pulumi.String(\"/path\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datastream.NewStream(ctx, \"default\", \u0026datastream.StreamArgs{\n\t\t\tStreamId: pulumi.String(\"my-stream\"),\n\t\t\tDesiredState: pulumi.String(\"NOT_STARTED\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDisplayName: pulumi.String(\"my stream\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t\tSourceConfig: \u0026datastream.StreamSourceConfigArgs{\n\t\t\t\tSourceConnectionProfile: sourceConnectionProfile.ID(),\n\t\t\t\tMysqlSourceConfig: \u0026datastream.StreamSourceConfigMysqlSourceConfigArgs{\n\t\t\t\t\tIncludeObjects: \u0026datastream.StreamSourceConfigMysqlSourceConfigIncludeObjectsArgs{\n\t\t\t\t\t\tMysqlDatabases: datastream.StreamSourceConfigMysqlSourceConfigIncludeObjectsMysqlDatabaseArray{\n\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigMysqlSourceConfigIncludeObjectsMysqlDatabaseArgs{\n\t\t\t\t\t\t\t\tDatabase: pulumi.String(\"my-database\"),\n\t\t\t\t\t\t\t\tMysqlTables: datastream.StreamSourceConfigMysqlSourceConfigIncludeObjectsMysqlDatabaseMysqlTableArray{\n\t\t\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigMysqlSourceConfigIncludeObjectsMysqlDatabaseMysqlTableArgs{\n\t\t\t\t\t\t\t\t\t\tTable: pulumi.String(\"includedTable\"),\n\t\t\t\t\t\t\t\t\t\tMysqlColumns: datastream.StreamSourceConfigMysqlSourceConfigIncludeObjectsMysqlDatabaseMysqlTableMysqlColumnArray{\n\t\t\t\t\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigMysqlSourceConfigIncludeObjectsMysqlDatabaseMysqlTableMysqlColumnArgs{\n\t\t\t\t\t\t\t\t\t\t\t\tColumn: pulumi.String(\"includedColumn\"),\n\t\t\t\t\t\t\t\t\t\t\t\tDataType: pulumi.String(\"VARCHAR\"),\n\t\t\t\t\t\t\t\t\t\t\t\tCollation: pulumi.String(\"utf8mb4\"),\n\t\t\t\t\t\t\t\t\t\t\t\tPrimaryKey: pulumi.Bool(false),\n\t\t\t\t\t\t\t\t\t\t\t\tNullable: pulumi.Bool(false),\n\t\t\t\t\t\t\t\t\t\t\t\tOrdinalPosition: pulumi.Int(0),\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigMysqlSourceConfigIncludeObjectsMysqlDatabaseMysqlTableArgs{\n\t\t\t\t\t\t\t\t\t\tTable: pulumi.String(\"includedTable_2\"),\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tExcludeObjects: \u0026datastream.StreamSourceConfigMysqlSourceConfigExcludeObjectsArgs{\n\t\t\t\t\t\tMysqlDatabases: datastream.StreamSourceConfigMysqlSourceConfigExcludeObjectsMysqlDatabaseArray{\n\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigMysqlSourceConfigExcludeObjectsMysqlDatabaseArgs{\n\t\t\t\t\t\t\t\tDatabase: pulumi.String(\"my-database\"),\n\t\t\t\t\t\t\t\tMysqlTables: datastream.StreamSourceConfigMysqlSourceConfigExcludeObjectsMysqlDatabaseMysqlTableArray{\n\t\t\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigMysqlSourceConfigExcludeObjectsMysqlDatabaseMysqlTableArgs{\n\t\t\t\t\t\t\t\t\t\tTable: pulumi.String(\"excludedTable\"),\n\t\t\t\t\t\t\t\t\t\tMysqlColumns: datastream.StreamSourceConfigMysqlSourceConfigExcludeObjectsMysqlDatabaseMysqlTableMysqlColumnArray{\n\t\t\t\t\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigMysqlSourceConfigExcludeObjectsMysqlDatabaseMysqlTableMysqlColumnArgs{\n\t\t\t\t\t\t\t\t\t\t\t\tColumn: pulumi.String(\"excludedColumn\"),\n\t\t\t\t\t\t\t\t\t\t\t\tDataType: pulumi.String(\"VARCHAR\"),\n\t\t\t\t\t\t\t\t\t\t\t\tCollation: pulumi.String(\"utf8mb4\"),\n\t\t\t\t\t\t\t\t\t\t\t\tPrimaryKey: pulumi.Bool(false),\n\t\t\t\t\t\t\t\t\t\t\t\tNullable: pulumi.Bool(false),\n\t\t\t\t\t\t\t\t\t\t\t\tOrdinalPosition: pulumi.Int(0),\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tMaxConcurrentCdcTasks: pulumi.Int(5),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDestinationConfig: \u0026datastream.StreamDestinationConfigArgs{\n\t\t\t\tDestinationConnectionProfile: destinationConnectionProfile.ID(),\n\t\t\t\tGcsDestinationConfig: \u0026datastream.StreamDestinationConfigGcsDestinationConfigArgs{\n\t\t\t\t\tPath: pulumi.String(\"mydata\"),\n\t\t\t\t\tFileRotationMb: pulumi.Int(200),\n\t\t\t\t\tFileRotationInterval: pulumi.String(\"60s\"),\n\t\t\t\t\tJsonFileFormat: \u0026datastream.StreamDestinationConfigGcsDestinationConfigJsonFileFormatArgs{\n\t\t\t\t\t\tSchemaFileFormat: pulumi.String(\"NO_SCHEMA_FILE\"),\n\t\t\t\t\t\tCompression: pulumi.String(\"GZIP\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tBackfillAll: \u0026datastream.StreamBackfillAllArgs{\n\t\t\t\tMysqlExcludedObjects: \u0026datastream.StreamBackfillAllMysqlExcludedObjectsArgs{\n\t\t\t\t\tMysqlDatabases: datastream.StreamBackfillAllMysqlExcludedObjectsMysqlDatabaseArray{\n\t\t\t\t\t\t\u0026datastream.StreamBackfillAllMysqlExcludedObjectsMysqlDatabaseArgs{\n\t\t\t\t\t\t\tDatabase: pulumi.String(\"my-database\"),\n\t\t\t\t\t\t\tMysqlTables: datastream.StreamBackfillAllMysqlExcludedObjectsMysqlDatabaseMysqlTableArray{\n\t\t\t\t\t\t\t\t\u0026datastream.StreamBackfillAllMysqlExcludedObjectsMysqlDatabaseMysqlTableArgs{\n\t\t\t\t\t\t\t\t\tTable: pulumi.String(\"excludedTable\"),\n\t\t\t\t\t\t\t\t\tMysqlColumns: datastream.StreamBackfillAllMysqlExcludedObjectsMysqlDatabaseMysqlTableMysqlColumnArray{\n\t\t\t\t\t\t\t\t\t\t\u0026datastream.StreamBackfillAllMysqlExcludedObjectsMysqlDatabaseMysqlTableMysqlColumnArgs{\n\t\t\t\t\t\t\t\t\t\t\tColumn: pulumi.String(\"excludedColumn\"),\n\t\t\t\t\t\t\t\t\t\t\tDataType: pulumi.String(\"VARCHAR\"),\n\t\t\t\t\t\t\t\t\t\t\tCollation: pulumi.String(\"utf8mb4\"),\n\t\t\t\t\t\t\t\t\t\t\tPrimaryKey: pulumi.Bool(false),\n\t\t\t\t\t\t\t\t\t\t\tNullable: pulumi.Bool(false),\n\t\t\t\t\t\t\t\t\t\t\tOrdinalPosition: pulumi.Int(0),\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tCustomerManagedEncryptionKey: pulumi.String(\"kms-name\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tkeyUser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsBackupConfigurationArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsIpConfigurationArgs;\nimport com.pulumi.gcp.sql.Database;\nimport com.pulumi.gcp.sql.DatabaseArgs;\nimport com.pulumi.random.RandomPassword;\nimport com.pulumi.random.RandomPasswordArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport com.pulumi.gcp.datastream.ConnectionProfile;\nimport com.pulumi.gcp.datastream.ConnectionProfileArgs;\nimport com.pulumi.gcp.datastream.inputs.ConnectionProfileMysqlProfileArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.datastream.inputs.ConnectionProfileGcsProfileArgs;\nimport com.pulumi.gcp.datastream.Stream;\nimport com.pulumi.gcp.datastream.StreamArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigMysqlSourceConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigMysqlSourceConfigIncludeObjectsArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigMysqlSourceConfigExcludeObjectsArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigGcsDestinationConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigGcsDestinationConfigJsonFileFormatArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamBackfillAllArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamBackfillAllMysqlExcludedObjectsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var instance = new DatabaseInstance(\"instance\", DatabaseInstanceArgs.builder()\n .name(\"my-instance\")\n .databaseVersion(\"MYSQL_8_0\")\n .region(\"us-central1\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .backupConfiguration(DatabaseInstanceSettingsBackupConfigurationArgs.builder()\n .enabled(true)\n .binaryLogEnabled(true)\n .build())\n .ipConfiguration(DatabaseInstanceSettingsIpConfigurationArgs.builder()\n .authorizedNetworks( \n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.71.242.81\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.72.28.29\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.67.6.157\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.67.234.134\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.72.239.218\")\n .build())\n .build())\n .build())\n .deletionProtection(true)\n .build());\n\n var db = new Database(\"db\", DatabaseArgs.builder()\n .instance(instance.name())\n .name(\"db\")\n .build());\n\n var pwd = new RandomPassword(\"pwd\", RandomPasswordArgs.builder()\n .length(16)\n .special(false)\n .build());\n\n var user = new User(\"user\", UserArgs.builder()\n .name(\"user\")\n .instance(instance.name())\n .host(\"%\")\n .password(pwd.result())\n .build());\n\n var sourceConnectionProfile = new ConnectionProfile(\"sourceConnectionProfile\", ConnectionProfileArgs.builder()\n .displayName(\"Source connection profile\")\n .location(\"us-central1\")\n .connectionProfileId(\"source-profile\")\n .mysqlProfile(ConnectionProfileMysqlProfileArgs.builder()\n .hostname(instance.publicIpAddress())\n .username(user.name())\n .password(user.password())\n .build())\n .build());\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(\"my-bucket\")\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var viewer = new BucketIAMMember(\"viewer\", BucketIAMMemberArgs.builder()\n .bucket(bucket.name())\n .role(\"roles/storage.objectViewer\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-datastream.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var creator = new BucketIAMMember(\"creator\", BucketIAMMemberArgs.builder()\n .bucket(bucket.name())\n .role(\"roles/storage.objectCreator\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-datastream.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var reader = new BucketIAMMember(\"reader\", BucketIAMMemberArgs.builder()\n .bucket(bucket.name())\n .role(\"roles/storage.legacyBucketReader\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-datastream.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var keyUser = new CryptoKeyIAMMember(\"keyUser\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(\"kms-name\")\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-datastream.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var destinationConnectionProfile = new ConnectionProfile(\"destinationConnectionProfile\", ConnectionProfileArgs.builder()\n .displayName(\"Connection profile\")\n .location(\"us-central1\")\n .connectionProfileId(\"destination-profile\")\n .gcsProfile(ConnectionProfileGcsProfileArgs.builder()\n .bucket(bucket.name())\n .rootPath(\"/path\")\n .build())\n .build());\n\n var default_ = new Stream(\"default\", StreamArgs.builder()\n .streamId(\"my-stream\")\n .desiredState(\"NOT_STARTED\")\n .location(\"us-central1\")\n .displayName(\"my stream\")\n .labels(Map.of(\"key\", \"value\"))\n .sourceConfig(StreamSourceConfigArgs.builder()\n .sourceConnectionProfile(sourceConnectionProfile.id())\n .mysqlSourceConfig(StreamSourceConfigMysqlSourceConfigArgs.builder()\n .includeObjects(StreamSourceConfigMysqlSourceConfigIncludeObjectsArgs.builder()\n .mysqlDatabases(StreamSourceConfigMysqlSourceConfigIncludeObjectsMysqlDatabaseArgs.builder()\n .database(\"my-database\")\n .mysqlTables( \n StreamSourceConfigMysqlSourceConfigIncludeObjectsMysqlDatabaseMysqlTableArgs.builder()\n .table(\"includedTable\")\n .mysqlColumns(StreamSourceConfigMysqlSourceConfigIncludeObjectsMysqlDatabaseMysqlTableMysqlColumnArgs.builder()\n .column(\"includedColumn\")\n .dataType(\"VARCHAR\")\n .collation(\"utf8mb4\")\n .primaryKey(false)\n .nullable(false)\n .ordinalPosition(0)\n .build())\n .build(),\n StreamSourceConfigMysqlSourceConfigIncludeObjectsMysqlDatabaseMysqlTableArgs.builder()\n .table(\"includedTable_2\")\n .build())\n .build())\n .build())\n .excludeObjects(StreamSourceConfigMysqlSourceConfigExcludeObjectsArgs.builder()\n .mysqlDatabases(StreamSourceConfigMysqlSourceConfigExcludeObjectsMysqlDatabaseArgs.builder()\n .database(\"my-database\")\n .mysqlTables(StreamSourceConfigMysqlSourceConfigExcludeObjectsMysqlDatabaseMysqlTableArgs.builder()\n .table(\"excludedTable\")\n .mysqlColumns(StreamSourceConfigMysqlSourceConfigExcludeObjectsMysqlDatabaseMysqlTableMysqlColumnArgs.builder()\n .column(\"excludedColumn\")\n .dataType(\"VARCHAR\")\n .collation(\"utf8mb4\")\n .primaryKey(false)\n .nullable(false)\n .ordinalPosition(0)\n .build())\n .build())\n .build())\n .build())\n .maxConcurrentCdcTasks(5)\n .build())\n .build())\n .destinationConfig(StreamDestinationConfigArgs.builder()\n .destinationConnectionProfile(destinationConnectionProfile.id())\n .gcsDestinationConfig(StreamDestinationConfigGcsDestinationConfigArgs.builder()\n .path(\"mydata\")\n .fileRotationMb(200)\n .fileRotationInterval(\"60s\")\n .jsonFileFormat(StreamDestinationConfigGcsDestinationConfigJsonFileFormatArgs.builder()\n .schemaFileFormat(\"NO_SCHEMA_FILE\")\n .compression(\"GZIP\")\n .build())\n .build())\n .build())\n .backfillAll(StreamBackfillAllArgs.builder()\n .mysqlExcludedObjects(StreamBackfillAllMysqlExcludedObjectsArgs.builder()\n .mysqlDatabases(StreamBackfillAllMysqlExcludedObjectsMysqlDatabaseArgs.builder()\n .database(\"my-database\")\n .mysqlTables(StreamBackfillAllMysqlExcludedObjectsMysqlDatabaseMysqlTableArgs.builder()\n .table(\"excludedTable\")\n .mysqlColumns(StreamBackfillAllMysqlExcludedObjectsMysqlDatabaseMysqlTableMysqlColumnArgs.builder()\n .column(\"excludedColumn\")\n .dataType(\"VARCHAR\")\n .collation(\"utf8mb4\")\n .primaryKey(false)\n .nullable(false)\n .ordinalPosition(0)\n .build())\n .build())\n .build())\n .build())\n .build())\n .customerManagedEncryptionKey(\"kms-name\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(keyUser)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:sql:DatabaseInstance\n properties:\n name: my-instance\n databaseVersion: MYSQL_8_0\n region: us-central1\n settings:\n tier: db-f1-micro\n backupConfiguration:\n enabled: true\n binaryLogEnabled: true\n ipConfiguration:\n authorizedNetworks:\n - value: 34.71.242.81\n - value: 34.72.28.29\n - value: 34.67.6.157\n - value: 34.67.234.134\n - value: 34.72.239.218\n deletionProtection: true\n db:\n type: gcp:sql:Database\n properties:\n instance: ${instance.name}\n name: db\n pwd:\n type: random:RandomPassword\n properties:\n length: 16\n special: false\n user:\n type: gcp:sql:User\n properties:\n name: user\n instance: ${instance.name}\n host: '%'\n password: ${pwd.result}\n sourceConnectionProfile:\n type: gcp:datastream:ConnectionProfile\n name: source_connection_profile\n properties:\n displayName: Source connection profile\n location: us-central1\n connectionProfileId: source-profile\n mysqlProfile:\n hostname: ${instance.publicIpAddress}\n username: ${user.name}\n password: ${user.password}\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: my-bucket\n location: US\n uniformBucketLevelAccess: true\n viewer:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${bucket.name}\n role: roles/storage.objectViewer\n member: serviceAccount:service-${project.number}@gcp-sa-datastream.iam.gserviceaccount.com\n creator:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${bucket.name}\n role: roles/storage.objectCreator\n member: serviceAccount:service-${project.number}@gcp-sa-datastream.iam.gserviceaccount.com\n reader:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${bucket.name}\n role: roles/storage.legacyBucketReader\n member: serviceAccount:service-${project.number}@gcp-sa-datastream.iam.gserviceaccount.com\n keyUser:\n type: gcp:kms:CryptoKeyIAMMember\n name: key_user\n properties:\n cryptoKeyId: kms-name\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:service-${project.number}@gcp-sa-datastream.iam.gserviceaccount.com\n destinationConnectionProfile:\n type: gcp:datastream:ConnectionProfile\n name: destination_connection_profile\n properties:\n displayName: Connection profile\n location: us-central1\n connectionProfileId: destination-profile\n gcsProfile:\n bucket: ${bucket.name}\n rootPath: /path\n default:\n type: gcp:datastream:Stream\n properties:\n streamId: my-stream\n desiredState: NOT_STARTED\n location: us-central1\n displayName: my stream\n labels:\n key: value\n sourceConfig:\n sourceConnectionProfile: ${sourceConnectionProfile.id}\n mysqlSourceConfig:\n includeObjects:\n mysqlDatabases:\n - database: my-database\n mysqlTables:\n - table: includedTable\n mysqlColumns:\n - column: includedColumn\n dataType: VARCHAR\n collation: utf8mb4\n primaryKey: false\n nullable: false\n ordinalPosition: 0\n - table: includedTable_2\n excludeObjects:\n mysqlDatabases:\n - database: my-database\n mysqlTables:\n - table: excludedTable\n mysqlColumns:\n - column: excludedColumn\n dataType: VARCHAR\n collation: utf8mb4\n primaryKey: false\n nullable: false\n ordinalPosition: 0\n maxConcurrentCdcTasks: 5\n destinationConfig:\n destinationConnectionProfile: ${destinationConnectionProfile.id}\n gcsDestinationConfig:\n path: mydata\n fileRotationMb: 200\n fileRotationInterval: 60s\n jsonFileFormat:\n schemaFileFormat: NO_SCHEMA_FILE\n compression: GZIP\n backfillAll:\n mysqlExcludedObjects:\n mysqlDatabases:\n - database: my-database\n mysqlTables:\n - table: excludedTable\n mysqlColumns:\n - column: excludedColumn\n dataType: VARCHAR\n collation: utf8mb4\n primaryKey: false\n nullable: false\n ordinalPosition: 0\n customerManagedEncryptionKey: kms-name\n options:\n dependsOn:\n - ${keyUser}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Datastream Stream Postgresql\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst source = new gcp.datastream.ConnectionProfile(\"source\", {\n displayName: \"Postgresql Source\",\n location: \"us-central1\",\n connectionProfileId: \"source-profile\",\n postgresqlProfile: {\n hostname: \"hostname\",\n port: 5432,\n username: \"user\",\n password: \"pass\",\n database: \"postgres\",\n },\n});\nconst destination = new gcp.datastream.ConnectionProfile(\"destination\", {\n displayName: \"BigQuery Destination\",\n location: \"us-central1\",\n connectionProfileId: \"destination-profile\",\n bigqueryProfile: {},\n});\nconst _default = new gcp.datastream.Stream(\"default\", {\n displayName: \"Postgres to BigQuery\",\n location: \"us-central1\",\n streamId: \"my-stream\",\n desiredState: \"RUNNING\",\n sourceConfig: {\n sourceConnectionProfile: source.id,\n postgresqlSourceConfig: {\n maxConcurrentBackfillTasks: 12,\n publication: \"publication\",\n replicationSlot: \"replication_slot\",\n includeObjects: {\n postgresqlSchemas: [{\n schema: \"schema\",\n postgresqlTables: [{\n table: \"table\",\n postgresqlColumns: [{\n column: \"column\",\n }],\n }],\n }],\n },\n excludeObjects: {\n postgresqlSchemas: [{\n schema: \"schema\",\n postgresqlTables: [{\n table: \"table\",\n postgresqlColumns: [{\n column: \"column\",\n }],\n }],\n }],\n },\n },\n },\n destinationConfig: {\n destinationConnectionProfile: destination.id,\n bigqueryDestinationConfig: {\n dataFreshness: \"900s\",\n sourceHierarchyDatasets: {\n datasetTemplate: {\n location: \"us-central1\",\n },\n },\n },\n },\n backfillAll: {\n postgresqlExcludedObjects: {\n postgresqlSchemas: [{\n schema: \"schema\",\n postgresqlTables: [{\n table: \"table\",\n postgresqlColumns: [{\n column: \"column\",\n }],\n }],\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsource = gcp.datastream.ConnectionProfile(\"source\",\n display_name=\"Postgresql Source\",\n location=\"us-central1\",\n connection_profile_id=\"source-profile\",\n postgresql_profile={\n \"hostname\": \"hostname\",\n \"port\": 5432,\n \"username\": \"user\",\n \"password\": \"pass\",\n \"database\": \"postgres\",\n })\ndestination = gcp.datastream.ConnectionProfile(\"destination\",\n display_name=\"BigQuery Destination\",\n location=\"us-central1\",\n connection_profile_id=\"destination-profile\",\n bigquery_profile={})\ndefault = gcp.datastream.Stream(\"default\",\n display_name=\"Postgres to BigQuery\",\n location=\"us-central1\",\n stream_id=\"my-stream\",\n desired_state=\"RUNNING\",\n source_config={\n \"source_connection_profile\": source.id,\n \"postgresql_source_config\": {\n \"max_concurrent_backfill_tasks\": 12,\n \"publication\": \"publication\",\n \"replication_slot\": \"replication_slot\",\n \"include_objects\": {\n \"postgresql_schemas\": [{\n \"schema\": \"schema\",\n \"postgresql_tables\": [{\n \"table\": \"table\",\n \"postgresql_columns\": [{\n \"column\": \"column\",\n }],\n }],\n }],\n },\n \"exclude_objects\": {\n \"postgresql_schemas\": [{\n \"schema\": \"schema\",\n \"postgresql_tables\": [{\n \"table\": \"table\",\n \"postgresql_columns\": [{\n \"column\": \"column\",\n }],\n }],\n }],\n },\n },\n },\n destination_config={\n \"destination_connection_profile\": destination.id,\n \"bigquery_destination_config\": {\n \"data_freshness\": \"900s\",\n \"source_hierarchy_datasets\": {\n \"dataset_template\": {\n \"location\": \"us-central1\",\n },\n },\n },\n },\n backfill_all={\n \"postgresql_excluded_objects\": {\n \"postgresql_schemas\": [{\n \"schema\": \"schema\",\n \"postgresql_tables\": [{\n \"table\": \"table\",\n \"postgresql_columns\": [{\n \"column\": \"column\",\n }],\n }],\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var source = new Gcp.Datastream.ConnectionProfile(\"source\", new()\n {\n DisplayName = \"Postgresql Source\",\n Location = \"us-central1\",\n ConnectionProfileId = \"source-profile\",\n PostgresqlProfile = new Gcp.Datastream.Inputs.ConnectionProfilePostgresqlProfileArgs\n {\n Hostname = \"hostname\",\n Port = 5432,\n Username = \"user\",\n Password = \"pass\",\n Database = \"postgres\",\n },\n });\n\n var destination = new Gcp.Datastream.ConnectionProfile(\"destination\", new()\n {\n DisplayName = \"BigQuery Destination\",\n Location = \"us-central1\",\n ConnectionProfileId = \"destination-profile\",\n BigqueryProfile = null,\n });\n\n var @default = new Gcp.Datastream.Stream(\"default\", new()\n {\n DisplayName = \"Postgres to BigQuery\",\n Location = \"us-central1\",\n StreamId = \"my-stream\",\n DesiredState = \"RUNNING\",\n SourceConfig = new Gcp.Datastream.Inputs.StreamSourceConfigArgs\n {\n SourceConnectionProfile = source.Id,\n PostgresqlSourceConfig = new Gcp.Datastream.Inputs.StreamSourceConfigPostgresqlSourceConfigArgs\n {\n MaxConcurrentBackfillTasks = 12,\n Publication = \"publication\",\n ReplicationSlot = \"replication_slot\",\n IncludeObjects = new Gcp.Datastream.Inputs.StreamSourceConfigPostgresqlSourceConfigIncludeObjectsArgs\n {\n PostgresqlSchemas = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigPostgresqlSourceConfigIncludeObjectsPostgresqlSchemaArgs\n {\n Schema = \"schema\",\n PostgresqlTables = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigPostgresqlSourceConfigIncludeObjectsPostgresqlSchemaPostgresqlTableArgs\n {\n Table = \"table\",\n PostgresqlColumns = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigPostgresqlSourceConfigIncludeObjectsPostgresqlSchemaPostgresqlTablePostgresqlColumnArgs\n {\n Column = \"column\",\n },\n },\n },\n },\n },\n },\n },\n ExcludeObjects = new Gcp.Datastream.Inputs.StreamSourceConfigPostgresqlSourceConfigExcludeObjectsArgs\n {\n PostgresqlSchemas = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigPostgresqlSourceConfigExcludeObjectsPostgresqlSchemaArgs\n {\n Schema = \"schema\",\n PostgresqlTables = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigPostgresqlSourceConfigExcludeObjectsPostgresqlSchemaPostgresqlTableArgs\n {\n Table = \"table\",\n PostgresqlColumns = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigPostgresqlSourceConfigExcludeObjectsPostgresqlSchemaPostgresqlTablePostgresqlColumnArgs\n {\n Column = \"column\",\n },\n },\n },\n },\n },\n },\n },\n },\n },\n DestinationConfig = new Gcp.Datastream.Inputs.StreamDestinationConfigArgs\n {\n DestinationConnectionProfile = destination.Id,\n BigqueryDestinationConfig = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigArgs\n {\n DataFreshness = \"900s\",\n SourceHierarchyDatasets = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs\n {\n DatasetTemplate = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs\n {\n Location = \"us-central1\",\n },\n },\n },\n },\n BackfillAll = new Gcp.Datastream.Inputs.StreamBackfillAllArgs\n {\n PostgresqlExcludedObjects = new Gcp.Datastream.Inputs.StreamBackfillAllPostgresqlExcludedObjectsArgs\n {\n PostgresqlSchemas = new[]\n {\n new Gcp.Datastream.Inputs.StreamBackfillAllPostgresqlExcludedObjectsPostgresqlSchemaArgs\n {\n Schema = \"schema\",\n PostgresqlTables = new[]\n {\n new Gcp.Datastream.Inputs.StreamBackfillAllPostgresqlExcludedObjectsPostgresqlSchemaPostgresqlTableArgs\n {\n Table = \"table\",\n PostgresqlColumns = new[]\n {\n new Gcp.Datastream.Inputs.StreamBackfillAllPostgresqlExcludedObjectsPostgresqlSchemaPostgresqlTablePostgresqlColumnArgs\n {\n Column = \"column\",\n },\n },\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datastream\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsource, err := datastream.NewConnectionProfile(ctx, \"source\", \u0026datastream.ConnectionProfileArgs{\n\t\t\tDisplayName: pulumi.String(\"Postgresql Source\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"source-profile\"),\n\t\t\tPostgresqlProfile: \u0026datastream.ConnectionProfilePostgresqlProfileArgs{\n\t\t\t\tHostname: pulumi.String(\"hostname\"),\n\t\t\t\tPort: pulumi.Int(5432),\n\t\t\t\tUsername: pulumi.String(\"user\"),\n\t\t\t\tPassword: pulumi.String(\"pass\"),\n\t\t\t\tDatabase: pulumi.String(\"postgres\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestination, err := datastream.NewConnectionProfile(ctx, \"destination\", \u0026datastream.ConnectionProfileArgs{\n\t\t\tDisplayName: pulumi.String(\"BigQuery Destination\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"destination-profile\"),\n\t\t\tBigqueryProfile: \u0026datastream.ConnectionProfileBigqueryProfileArgs{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datastream.NewStream(ctx, \"default\", \u0026datastream.StreamArgs{\n\t\t\tDisplayName: pulumi.String(\"Postgres to BigQuery\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tStreamId: pulumi.String(\"my-stream\"),\n\t\t\tDesiredState: pulumi.String(\"RUNNING\"),\n\t\t\tSourceConfig: \u0026datastream.StreamSourceConfigArgs{\n\t\t\t\tSourceConnectionProfile: source.ID(),\n\t\t\t\tPostgresqlSourceConfig: \u0026datastream.StreamSourceConfigPostgresqlSourceConfigArgs{\n\t\t\t\t\tMaxConcurrentBackfillTasks: pulumi.Int(12),\n\t\t\t\t\tPublication: pulumi.String(\"publication\"),\n\t\t\t\t\tReplicationSlot: pulumi.String(\"replication_slot\"),\n\t\t\t\t\tIncludeObjects: \u0026datastream.StreamSourceConfigPostgresqlSourceConfigIncludeObjectsArgs{\n\t\t\t\t\t\tPostgresqlSchemas: datastream.StreamSourceConfigPostgresqlSourceConfigIncludeObjectsPostgresqlSchemaArray{\n\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigPostgresqlSourceConfigIncludeObjectsPostgresqlSchemaArgs{\n\t\t\t\t\t\t\t\tSchema: pulumi.String(\"schema\"),\n\t\t\t\t\t\t\t\tPostgresqlTables: datastream.StreamSourceConfigPostgresqlSourceConfigIncludeObjectsPostgresqlSchemaPostgresqlTableArray{\n\t\t\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigPostgresqlSourceConfigIncludeObjectsPostgresqlSchemaPostgresqlTableArgs{\n\t\t\t\t\t\t\t\t\t\tTable: pulumi.String(\"table\"),\n\t\t\t\t\t\t\t\t\t\tPostgresqlColumns: datastream.StreamSourceConfigPostgresqlSourceConfigIncludeObjectsPostgresqlSchemaPostgresqlTablePostgresqlColumnArray{\n\t\t\t\t\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigPostgresqlSourceConfigIncludeObjectsPostgresqlSchemaPostgresqlTablePostgresqlColumnArgs{\n\t\t\t\t\t\t\t\t\t\t\t\tColumn: pulumi.String(\"column\"),\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tExcludeObjects: \u0026datastream.StreamSourceConfigPostgresqlSourceConfigExcludeObjectsArgs{\n\t\t\t\t\t\tPostgresqlSchemas: datastream.StreamSourceConfigPostgresqlSourceConfigExcludeObjectsPostgresqlSchemaArray{\n\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigPostgresqlSourceConfigExcludeObjectsPostgresqlSchemaArgs{\n\t\t\t\t\t\t\t\tSchema: pulumi.String(\"schema\"),\n\t\t\t\t\t\t\t\tPostgresqlTables: datastream.StreamSourceConfigPostgresqlSourceConfigExcludeObjectsPostgresqlSchemaPostgresqlTableArray{\n\t\t\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigPostgresqlSourceConfigExcludeObjectsPostgresqlSchemaPostgresqlTableArgs{\n\t\t\t\t\t\t\t\t\t\tTable: pulumi.String(\"table\"),\n\t\t\t\t\t\t\t\t\t\tPostgresqlColumns: datastream.StreamSourceConfigPostgresqlSourceConfigExcludeObjectsPostgresqlSchemaPostgresqlTablePostgresqlColumnArray{\n\t\t\t\t\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigPostgresqlSourceConfigExcludeObjectsPostgresqlSchemaPostgresqlTablePostgresqlColumnArgs{\n\t\t\t\t\t\t\t\t\t\t\t\tColumn: pulumi.String(\"column\"),\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDestinationConfig: \u0026datastream.StreamDestinationConfigArgs{\n\t\t\t\tDestinationConnectionProfile: destination.ID(),\n\t\t\t\tBigqueryDestinationConfig: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigArgs{\n\t\t\t\t\tDataFreshness: pulumi.String(\"900s\"),\n\t\t\t\t\tSourceHierarchyDatasets: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs{\n\t\t\t\t\t\tDatasetTemplate: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs{\n\t\t\t\t\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tBackfillAll: \u0026datastream.StreamBackfillAllArgs{\n\t\t\t\tPostgresqlExcludedObjects: \u0026datastream.StreamBackfillAllPostgresqlExcludedObjectsArgs{\n\t\t\t\t\tPostgresqlSchemas: datastream.StreamBackfillAllPostgresqlExcludedObjectsPostgresqlSchemaArray{\n\t\t\t\t\t\t\u0026datastream.StreamBackfillAllPostgresqlExcludedObjectsPostgresqlSchemaArgs{\n\t\t\t\t\t\t\tSchema: pulumi.String(\"schema\"),\n\t\t\t\t\t\t\tPostgresqlTables: datastream.StreamBackfillAllPostgresqlExcludedObjectsPostgresqlSchemaPostgresqlTableArray{\n\t\t\t\t\t\t\t\t\u0026datastream.StreamBackfillAllPostgresqlExcludedObjectsPostgresqlSchemaPostgresqlTableArgs{\n\t\t\t\t\t\t\t\t\tTable: pulumi.String(\"table\"),\n\t\t\t\t\t\t\t\t\tPostgresqlColumns: datastream.StreamBackfillAllPostgresqlExcludedObjectsPostgresqlSchemaPostgresqlTablePostgresqlColumnArray{\n\t\t\t\t\t\t\t\t\t\t\u0026datastream.StreamBackfillAllPostgresqlExcludedObjectsPostgresqlSchemaPostgresqlTablePostgresqlColumnArgs{\n\t\t\t\t\t\t\t\t\t\t\tColumn: pulumi.String(\"column\"),\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datastream.ConnectionProfile;\nimport com.pulumi.gcp.datastream.ConnectionProfileArgs;\nimport com.pulumi.gcp.datastream.inputs.ConnectionProfilePostgresqlProfileArgs;\nimport com.pulumi.gcp.datastream.inputs.ConnectionProfileBigqueryProfileArgs;\nimport com.pulumi.gcp.datastream.Stream;\nimport com.pulumi.gcp.datastream.StreamArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigPostgresqlSourceConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigPostgresqlSourceConfigIncludeObjectsArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigPostgresqlSourceConfigExcludeObjectsArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamBackfillAllArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamBackfillAllPostgresqlExcludedObjectsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var source = new ConnectionProfile(\"source\", ConnectionProfileArgs.builder()\n .displayName(\"Postgresql Source\")\n .location(\"us-central1\")\n .connectionProfileId(\"source-profile\")\n .postgresqlProfile(ConnectionProfilePostgresqlProfileArgs.builder()\n .hostname(\"hostname\")\n .port(5432)\n .username(\"user\")\n .password(\"pass\")\n .database(\"postgres\")\n .build())\n .build());\n\n var destination = new ConnectionProfile(\"destination\", ConnectionProfileArgs.builder()\n .displayName(\"BigQuery Destination\")\n .location(\"us-central1\")\n .connectionProfileId(\"destination-profile\")\n .bigqueryProfile()\n .build());\n\n var default_ = new Stream(\"default\", StreamArgs.builder()\n .displayName(\"Postgres to BigQuery\")\n .location(\"us-central1\")\n .streamId(\"my-stream\")\n .desiredState(\"RUNNING\")\n .sourceConfig(StreamSourceConfigArgs.builder()\n .sourceConnectionProfile(source.id())\n .postgresqlSourceConfig(StreamSourceConfigPostgresqlSourceConfigArgs.builder()\n .maxConcurrentBackfillTasks(12)\n .publication(\"publication\")\n .replicationSlot(\"replication_slot\")\n .includeObjects(StreamSourceConfigPostgresqlSourceConfigIncludeObjectsArgs.builder()\n .postgresqlSchemas(StreamSourceConfigPostgresqlSourceConfigIncludeObjectsPostgresqlSchemaArgs.builder()\n .schema(\"schema\")\n .postgresqlTables(StreamSourceConfigPostgresqlSourceConfigIncludeObjectsPostgresqlSchemaPostgresqlTableArgs.builder()\n .table(\"table\")\n .postgresqlColumns(StreamSourceConfigPostgresqlSourceConfigIncludeObjectsPostgresqlSchemaPostgresqlTablePostgresqlColumnArgs.builder()\n .column(\"column\")\n .build())\n .build())\n .build())\n .build())\n .excludeObjects(StreamSourceConfigPostgresqlSourceConfigExcludeObjectsArgs.builder()\n .postgresqlSchemas(StreamSourceConfigPostgresqlSourceConfigExcludeObjectsPostgresqlSchemaArgs.builder()\n .schema(\"schema\")\n .postgresqlTables(StreamSourceConfigPostgresqlSourceConfigExcludeObjectsPostgresqlSchemaPostgresqlTableArgs.builder()\n .table(\"table\")\n .postgresqlColumns(StreamSourceConfigPostgresqlSourceConfigExcludeObjectsPostgresqlSchemaPostgresqlTablePostgresqlColumnArgs.builder()\n .column(\"column\")\n .build())\n .build())\n .build())\n .build())\n .build())\n .build())\n .destinationConfig(StreamDestinationConfigArgs.builder()\n .destinationConnectionProfile(destination.id())\n .bigqueryDestinationConfig(StreamDestinationConfigBigqueryDestinationConfigArgs.builder()\n .dataFreshness(\"900s\")\n .sourceHierarchyDatasets(StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs.builder()\n .datasetTemplate(StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs.builder()\n .location(\"us-central1\")\n .build())\n .build())\n .build())\n .build())\n .backfillAll(StreamBackfillAllArgs.builder()\n .postgresqlExcludedObjects(StreamBackfillAllPostgresqlExcludedObjectsArgs.builder()\n .postgresqlSchemas(StreamBackfillAllPostgresqlExcludedObjectsPostgresqlSchemaArgs.builder()\n .schema(\"schema\")\n .postgresqlTables(StreamBackfillAllPostgresqlExcludedObjectsPostgresqlSchemaPostgresqlTableArgs.builder()\n .table(\"table\")\n .postgresqlColumns(StreamBackfillAllPostgresqlExcludedObjectsPostgresqlSchemaPostgresqlTablePostgresqlColumnArgs.builder()\n .column(\"column\")\n .build())\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n source:\n type: gcp:datastream:ConnectionProfile\n properties:\n displayName: Postgresql Source\n location: us-central1\n connectionProfileId: source-profile\n postgresqlProfile:\n hostname: hostname\n port: 5432\n username: user\n password: pass\n database: postgres\n destination:\n type: gcp:datastream:ConnectionProfile\n properties:\n displayName: BigQuery Destination\n location: us-central1\n connectionProfileId: destination-profile\n bigqueryProfile: {}\n default:\n type: gcp:datastream:Stream\n properties:\n displayName: Postgres to BigQuery\n location: us-central1\n streamId: my-stream\n desiredState: RUNNING\n sourceConfig:\n sourceConnectionProfile: ${source.id}\n postgresqlSourceConfig:\n maxConcurrentBackfillTasks: 12\n publication: publication\n replicationSlot: replication_slot\n includeObjects:\n postgresqlSchemas:\n - schema: schema\n postgresqlTables:\n - table: table\n postgresqlColumns:\n - column: column\n excludeObjects:\n postgresqlSchemas:\n - schema: schema\n postgresqlTables:\n - table: table\n postgresqlColumns:\n - column: column\n destinationConfig:\n destinationConnectionProfile: ${destination.id}\n bigqueryDestinationConfig:\n dataFreshness: 900s\n sourceHierarchyDatasets:\n datasetTemplate:\n location: us-central1\n backfillAll:\n postgresqlExcludedObjects:\n postgresqlSchemas:\n - schema: schema\n postgresqlTables:\n - table: table\n postgresqlColumns:\n - column: column\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Datastream Stream Oracle\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst source = new gcp.datastream.ConnectionProfile(\"source\", {\n displayName: \"Oracle Source\",\n location: \"us-central1\",\n connectionProfileId: \"source-profile\",\n oracleProfile: {\n hostname: \"hostname\",\n port: 1521,\n username: \"user\",\n password: \"pass\",\n databaseService: \"ORCL\",\n },\n});\nconst destination = new gcp.datastream.ConnectionProfile(\"destination\", {\n displayName: \"BigQuery Destination\",\n location: \"us-central1\",\n connectionProfileId: \"destination-profile\",\n bigqueryProfile: {},\n});\nconst stream5 = new gcp.datastream.Stream(\"stream5\", {\n displayName: \"Oracle to BigQuery\",\n location: \"us-central1\",\n streamId: \"my-stream\",\n desiredState: \"RUNNING\",\n sourceConfig: {\n sourceConnectionProfile: source.id,\n oracleSourceConfig: {\n maxConcurrentCdcTasks: 8,\n maxConcurrentBackfillTasks: 12,\n includeObjects: {\n oracleSchemas: [{\n schema: \"schema\",\n oracleTables: [{\n table: \"table\",\n oracleColumns: [{\n column: \"column\",\n }],\n }],\n }],\n },\n excludeObjects: {\n oracleSchemas: [{\n schema: \"schema\",\n oracleTables: [{\n table: \"table\",\n oracleColumns: [{\n column: \"column\",\n }],\n }],\n }],\n },\n dropLargeObjects: {},\n },\n },\n destinationConfig: {\n destinationConnectionProfile: destination.id,\n bigqueryDestinationConfig: {\n dataFreshness: \"900s\",\n sourceHierarchyDatasets: {\n datasetTemplate: {\n location: \"us-central1\",\n },\n },\n },\n },\n backfillAll: {\n oracleExcludedObjects: {\n oracleSchemas: [{\n schema: \"schema\",\n oracleTables: [{\n table: \"table\",\n oracleColumns: [{\n column: \"column\",\n }],\n }],\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsource = gcp.datastream.ConnectionProfile(\"source\",\n display_name=\"Oracle Source\",\n location=\"us-central1\",\n connection_profile_id=\"source-profile\",\n oracle_profile={\n \"hostname\": \"hostname\",\n \"port\": 1521,\n \"username\": \"user\",\n \"password\": \"pass\",\n \"database_service\": \"ORCL\",\n })\ndestination = gcp.datastream.ConnectionProfile(\"destination\",\n display_name=\"BigQuery Destination\",\n location=\"us-central1\",\n connection_profile_id=\"destination-profile\",\n bigquery_profile={})\nstream5 = gcp.datastream.Stream(\"stream5\",\n display_name=\"Oracle to BigQuery\",\n location=\"us-central1\",\n stream_id=\"my-stream\",\n desired_state=\"RUNNING\",\n source_config={\n \"source_connection_profile\": source.id,\n \"oracle_source_config\": {\n \"max_concurrent_cdc_tasks\": 8,\n \"max_concurrent_backfill_tasks\": 12,\n \"include_objects\": {\n \"oracle_schemas\": [{\n \"schema\": \"schema\",\n \"oracle_tables\": [{\n \"table\": \"table\",\n \"oracle_columns\": [{\n \"column\": \"column\",\n }],\n }],\n }],\n },\n \"exclude_objects\": {\n \"oracle_schemas\": [{\n \"schema\": \"schema\",\n \"oracle_tables\": [{\n \"table\": \"table\",\n \"oracle_columns\": [{\n \"column\": \"column\",\n }],\n }],\n }],\n },\n \"drop_large_objects\": {},\n },\n },\n destination_config={\n \"destination_connection_profile\": destination.id,\n \"bigquery_destination_config\": {\n \"data_freshness\": \"900s\",\n \"source_hierarchy_datasets\": {\n \"dataset_template\": {\n \"location\": \"us-central1\",\n },\n },\n },\n },\n backfill_all={\n \"oracle_excluded_objects\": {\n \"oracle_schemas\": [{\n \"schema\": \"schema\",\n \"oracle_tables\": [{\n \"table\": \"table\",\n \"oracle_columns\": [{\n \"column\": \"column\",\n }],\n }],\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var source = new Gcp.Datastream.ConnectionProfile(\"source\", new()\n {\n DisplayName = \"Oracle Source\",\n Location = \"us-central1\",\n ConnectionProfileId = \"source-profile\",\n OracleProfile = new Gcp.Datastream.Inputs.ConnectionProfileOracleProfileArgs\n {\n Hostname = \"hostname\",\n Port = 1521,\n Username = \"user\",\n Password = \"pass\",\n DatabaseService = \"ORCL\",\n },\n });\n\n var destination = new Gcp.Datastream.ConnectionProfile(\"destination\", new()\n {\n DisplayName = \"BigQuery Destination\",\n Location = \"us-central1\",\n ConnectionProfileId = \"destination-profile\",\n BigqueryProfile = null,\n });\n\n var stream5 = new Gcp.Datastream.Stream(\"stream5\", new()\n {\n DisplayName = \"Oracle to BigQuery\",\n Location = \"us-central1\",\n StreamId = \"my-stream\",\n DesiredState = \"RUNNING\",\n SourceConfig = new Gcp.Datastream.Inputs.StreamSourceConfigArgs\n {\n SourceConnectionProfile = source.Id,\n OracleSourceConfig = new Gcp.Datastream.Inputs.StreamSourceConfigOracleSourceConfigArgs\n {\n MaxConcurrentCdcTasks = 8,\n MaxConcurrentBackfillTasks = 12,\n IncludeObjects = new Gcp.Datastream.Inputs.StreamSourceConfigOracleSourceConfigIncludeObjectsArgs\n {\n OracleSchemas = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigOracleSourceConfigIncludeObjectsOracleSchemaArgs\n {\n Schema = \"schema\",\n OracleTables = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigOracleSourceConfigIncludeObjectsOracleSchemaOracleTableArgs\n {\n Table = \"table\",\n OracleColumns = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigOracleSourceConfigIncludeObjectsOracleSchemaOracleTableOracleColumnArgs\n {\n Column = \"column\",\n },\n },\n },\n },\n },\n },\n },\n ExcludeObjects = new Gcp.Datastream.Inputs.StreamSourceConfigOracleSourceConfigExcludeObjectsArgs\n {\n OracleSchemas = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigOracleSourceConfigExcludeObjectsOracleSchemaArgs\n {\n Schema = \"schema\",\n OracleTables = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigOracleSourceConfigExcludeObjectsOracleSchemaOracleTableArgs\n {\n Table = \"table\",\n OracleColumns = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigOracleSourceConfigExcludeObjectsOracleSchemaOracleTableOracleColumnArgs\n {\n Column = \"column\",\n },\n },\n },\n },\n },\n },\n },\n DropLargeObjects = null,\n },\n },\n DestinationConfig = new Gcp.Datastream.Inputs.StreamDestinationConfigArgs\n {\n DestinationConnectionProfile = destination.Id,\n BigqueryDestinationConfig = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigArgs\n {\n DataFreshness = \"900s\",\n SourceHierarchyDatasets = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs\n {\n DatasetTemplate = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs\n {\n Location = \"us-central1\",\n },\n },\n },\n },\n BackfillAll = new Gcp.Datastream.Inputs.StreamBackfillAllArgs\n {\n OracleExcludedObjects = new Gcp.Datastream.Inputs.StreamBackfillAllOracleExcludedObjectsArgs\n {\n OracleSchemas = new[]\n {\n new Gcp.Datastream.Inputs.StreamBackfillAllOracleExcludedObjectsOracleSchemaArgs\n {\n Schema = \"schema\",\n OracleTables = new[]\n {\n new Gcp.Datastream.Inputs.StreamBackfillAllOracleExcludedObjectsOracleSchemaOracleTableArgs\n {\n Table = \"table\",\n OracleColumns = new[]\n {\n new Gcp.Datastream.Inputs.StreamBackfillAllOracleExcludedObjectsOracleSchemaOracleTableOracleColumnArgs\n {\n Column = \"column\",\n },\n },\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datastream\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsource, err := datastream.NewConnectionProfile(ctx, \"source\", \u0026datastream.ConnectionProfileArgs{\n\t\t\tDisplayName: pulumi.String(\"Oracle Source\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"source-profile\"),\n\t\t\tOracleProfile: \u0026datastream.ConnectionProfileOracleProfileArgs{\n\t\t\t\tHostname: pulumi.String(\"hostname\"),\n\t\t\t\tPort: pulumi.Int(1521),\n\t\t\t\tUsername: pulumi.String(\"user\"),\n\t\t\t\tPassword: pulumi.String(\"pass\"),\n\t\t\t\tDatabaseService: pulumi.String(\"ORCL\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestination, err := datastream.NewConnectionProfile(ctx, \"destination\", \u0026datastream.ConnectionProfileArgs{\n\t\t\tDisplayName: pulumi.String(\"BigQuery Destination\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"destination-profile\"),\n\t\t\tBigqueryProfile: \u0026datastream.ConnectionProfileBigqueryProfileArgs{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datastream.NewStream(ctx, \"stream5\", \u0026datastream.StreamArgs{\n\t\t\tDisplayName: pulumi.String(\"Oracle to BigQuery\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tStreamId: pulumi.String(\"my-stream\"),\n\t\t\tDesiredState: pulumi.String(\"RUNNING\"),\n\t\t\tSourceConfig: \u0026datastream.StreamSourceConfigArgs{\n\t\t\t\tSourceConnectionProfile: source.ID(),\n\t\t\t\tOracleSourceConfig: \u0026datastream.StreamSourceConfigOracleSourceConfigArgs{\n\t\t\t\t\tMaxConcurrentCdcTasks: pulumi.Int(8),\n\t\t\t\t\tMaxConcurrentBackfillTasks: pulumi.Int(12),\n\t\t\t\t\tIncludeObjects: \u0026datastream.StreamSourceConfigOracleSourceConfigIncludeObjectsArgs{\n\t\t\t\t\t\tOracleSchemas: datastream.StreamSourceConfigOracleSourceConfigIncludeObjectsOracleSchemaArray{\n\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigOracleSourceConfigIncludeObjectsOracleSchemaArgs{\n\t\t\t\t\t\t\t\tSchema: pulumi.String(\"schema\"),\n\t\t\t\t\t\t\t\tOracleTables: datastream.StreamSourceConfigOracleSourceConfigIncludeObjectsOracleSchemaOracleTableArray{\n\t\t\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigOracleSourceConfigIncludeObjectsOracleSchemaOracleTableArgs{\n\t\t\t\t\t\t\t\t\t\tTable: pulumi.String(\"table\"),\n\t\t\t\t\t\t\t\t\t\tOracleColumns: datastream.StreamSourceConfigOracleSourceConfigIncludeObjectsOracleSchemaOracleTableOracleColumnArray{\n\t\t\t\t\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigOracleSourceConfigIncludeObjectsOracleSchemaOracleTableOracleColumnArgs{\n\t\t\t\t\t\t\t\t\t\t\t\tColumn: pulumi.String(\"column\"),\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tExcludeObjects: \u0026datastream.StreamSourceConfigOracleSourceConfigExcludeObjectsArgs{\n\t\t\t\t\t\tOracleSchemas: datastream.StreamSourceConfigOracleSourceConfigExcludeObjectsOracleSchemaArray{\n\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigOracleSourceConfigExcludeObjectsOracleSchemaArgs{\n\t\t\t\t\t\t\t\tSchema: pulumi.String(\"schema\"),\n\t\t\t\t\t\t\t\tOracleTables: datastream.StreamSourceConfigOracleSourceConfigExcludeObjectsOracleSchemaOracleTableArray{\n\t\t\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigOracleSourceConfigExcludeObjectsOracleSchemaOracleTableArgs{\n\t\t\t\t\t\t\t\t\t\tTable: pulumi.String(\"table\"),\n\t\t\t\t\t\t\t\t\t\tOracleColumns: datastream.StreamSourceConfigOracleSourceConfigExcludeObjectsOracleSchemaOracleTableOracleColumnArray{\n\t\t\t\t\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigOracleSourceConfigExcludeObjectsOracleSchemaOracleTableOracleColumnArgs{\n\t\t\t\t\t\t\t\t\t\t\t\tColumn: pulumi.String(\"column\"),\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tDropLargeObjects: \u0026datastream.StreamSourceConfigOracleSourceConfigDropLargeObjectsArgs{},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDestinationConfig: \u0026datastream.StreamDestinationConfigArgs{\n\t\t\t\tDestinationConnectionProfile: destination.ID(),\n\t\t\t\tBigqueryDestinationConfig: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigArgs{\n\t\t\t\t\tDataFreshness: pulumi.String(\"900s\"),\n\t\t\t\t\tSourceHierarchyDatasets: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs{\n\t\t\t\t\t\tDatasetTemplate: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs{\n\t\t\t\t\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tBackfillAll: \u0026datastream.StreamBackfillAllArgs{\n\t\t\t\tOracleExcludedObjects: \u0026datastream.StreamBackfillAllOracleExcludedObjectsArgs{\n\t\t\t\t\tOracleSchemas: datastream.StreamBackfillAllOracleExcludedObjectsOracleSchemaArray{\n\t\t\t\t\t\t\u0026datastream.StreamBackfillAllOracleExcludedObjectsOracleSchemaArgs{\n\t\t\t\t\t\t\tSchema: pulumi.String(\"schema\"),\n\t\t\t\t\t\t\tOracleTables: datastream.StreamBackfillAllOracleExcludedObjectsOracleSchemaOracleTableArray{\n\t\t\t\t\t\t\t\t\u0026datastream.StreamBackfillAllOracleExcludedObjectsOracleSchemaOracleTableArgs{\n\t\t\t\t\t\t\t\t\tTable: pulumi.String(\"table\"),\n\t\t\t\t\t\t\t\t\tOracleColumns: datastream.StreamBackfillAllOracleExcludedObjectsOracleSchemaOracleTableOracleColumnArray{\n\t\t\t\t\t\t\t\t\t\t\u0026datastream.StreamBackfillAllOracleExcludedObjectsOracleSchemaOracleTableOracleColumnArgs{\n\t\t\t\t\t\t\t\t\t\t\tColumn: pulumi.String(\"column\"),\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datastream.ConnectionProfile;\nimport com.pulumi.gcp.datastream.ConnectionProfileArgs;\nimport com.pulumi.gcp.datastream.inputs.ConnectionProfileOracleProfileArgs;\nimport com.pulumi.gcp.datastream.inputs.ConnectionProfileBigqueryProfileArgs;\nimport com.pulumi.gcp.datastream.Stream;\nimport com.pulumi.gcp.datastream.StreamArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigOracleSourceConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigOracleSourceConfigIncludeObjectsArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigOracleSourceConfigExcludeObjectsArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigOracleSourceConfigDropLargeObjectsArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamBackfillAllArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamBackfillAllOracleExcludedObjectsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var source = new ConnectionProfile(\"source\", ConnectionProfileArgs.builder()\n .displayName(\"Oracle Source\")\n .location(\"us-central1\")\n .connectionProfileId(\"source-profile\")\n .oracleProfile(ConnectionProfileOracleProfileArgs.builder()\n .hostname(\"hostname\")\n .port(1521)\n .username(\"user\")\n .password(\"pass\")\n .databaseService(\"ORCL\")\n .build())\n .build());\n\n var destination = new ConnectionProfile(\"destination\", ConnectionProfileArgs.builder()\n .displayName(\"BigQuery Destination\")\n .location(\"us-central1\")\n .connectionProfileId(\"destination-profile\")\n .bigqueryProfile()\n .build());\n\n var stream5 = new Stream(\"stream5\", StreamArgs.builder()\n .displayName(\"Oracle to BigQuery\")\n .location(\"us-central1\")\n .streamId(\"my-stream\")\n .desiredState(\"RUNNING\")\n .sourceConfig(StreamSourceConfigArgs.builder()\n .sourceConnectionProfile(source.id())\n .oracleSourceConfig(StreamSourceConfigOracleSourceConfigArgs.builder()\n .maxConcurrentCdcTasks(8)\n .maxConcurrentBackfillTasks(12)\n .includeObjects(StreamSourceConfigOracleSourceConfigIncludeObjectsArgs.builder()\n .oracleSchemas(StreamSourceConfigOracleSourceConfigIncludeObjectsOracleSchemaArgs.builder()\n .schema(\"schema\")\n .oracleTables(StreamSourceConfigOracleSourceConfigIncludeObjectsOracleSchemaOracleTableArgs.builder()\n .table(\"table\")\n .oracleColumns(StreamSourceConfigOracleSourceConfigIncludeObjectsOracleSchemaOracleTableOracleColumnArgs.builder()\n .column(\"column\")\n .build())\n .build())\n .build())\n .build())\n .excludeObjects(StreamSourceConfigOracleSourceConfigExcludeObjectsArgs.builder()\n .oracleSchemas(StreamSourceConfigOracleSourceConfigExcludeObjectsOracleSchemaArgs.builder()\n .schema(\"schema\")\n .oracleTables(StreamSourceConfigOracleSourceConfigExcludeObjectsOracleSchemaOracleTableArgs.builder()\n .table(\"table\")\n .oracleColumns(StreamSourceConfigOracleSourceConfigExcludeObjectsOracleSchemaOracleTableOracleColumnArgs.builder()\n .column(\"column\")\n .build())\n .build())\n .build())\n .build())\n .dropLargeObjects()\n .build())\n .build())\n .destinationConfig(StreamDestinationConfigArgs.builder()\n .destinationConnectionProfile(destination.id())\n .bigqueryDestinationConfig(StreamDestinationConfigBigqueryDestinationConfigArgs.builder()\n .dataFreshness(\"900s\")\n .sourceHierarchyDatasets(StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs.builder()\n .datasetTemplate(StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs.builder()\n .location(\"us-central1\")\n .build())\n .build())\n .build())\n .build())\n .backfillAll(StreamBackfillAllArgs.builder()\n .oracleExcludedObjects(StreamBackfillAllOracleExcludedObjectsArgs.builder()\n .oracleSchemas(StreamBackfillAllOracleExcludedObjectsOracleSchemaArgs.builder()\n .schema(\"schema\")\n .oracleTables(StreamBackfillAllOracleExcludedObjectsOracleSchemaOracleTableArgs.builder()\n .table(\"table\")\n .oracleColumns(StreamBackfillAllOracleExcludedObjectsOracleSchemaOracleTableOracleColumnArgs.builder()\n .column(\"column\")\n .build())\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n source:\n type: gcp:datastream:ConnectionProfile\n properties:\n displayName: Oracle Source\n location: us-central1\n connectionProfileId: source-profile\n oracleProfile:\n hostname: hostname\n port: 1521\n username: user\n password: pass\n databaseService: ORCL\n destination:\n type: gcp:datastream:ConnectionProfile\n properties:\n displayName: BigQuery Destination\n location: us-central1\n connectionProfileId: destination-profile\n bigqueryProfile: {}\n stream5:\n type: gcp:datastream:Stream\n properties:\n displayName: Oracle to BigQuery\n location: us-central1\n streamId: my-stream\n desiredState: RUNNING\n sourceConfig:\n sourceConnectionProfile: ${source.id}\n oracleSourceConfig:\n maxConcurrentCdcTasks: 8\n maxConcurrentBackfillTasks: 12\n includeObjects:\n oracleSchemas:\n - schema: schema\n oracleTables:\n - table: table\n oracleColumns:\n - column: column\n excludeObjects:\n oracleSchemas:\n - schema: schema\n oracleTables:\n - table: table\n oracleColumns:\n - column: column\n dropLargeObjects: {}\n destinationConfig:\n destinationConnectionProfile: ${destination.id}\n bigqueryDestinationConfig:\n dataFreshness: 900s\n sourceHierarchyDatasets:\n datasetTemplate:\n location: us-central1\n backfillAll:\n oracleExcludedObjects:\n oracleSchemas:\n - schema: schema\n oracleTables:\n - table: table\n oracleColumns:\n - column: column\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Datastream Stream Sql Server\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.sql.DatabaseInstance(\"instance\", {\n name: \"sql-server\",\n databaseVersion: \"SQLSERVER_2019_STANDARD\",\n region: \"us-central1\",\n rootPassword: \"root-password\",\n deletionProtection: true,\n settings: {\n tier: \"db-custom-2-4096\",\n ipConfiguration: {\n authorizedNetworks: [\n {\n value: \"34.71.242.81\",\n },\n {\n value: \"34.72.28.29\",\n },\n {\n value: \"34.67.6.157\",\n },\n {\n value: \"34.67.234.134\",\n },\n {\n value: \"34.72.239.218\",\n },\n ],\n },\n },\n});\nconst user = new gcp.sql.User(\"user\", {\n name: \"user\",\n instance: instance.name,\n password: \"password\",\n});\nconst db = new gcp.sql.Database(\"db\", {\n name: \"db\",\n instance: instance.name,\n}, {\n dependsOn: [user],\n});\nconst source = new gcp.datastream.ConnectionProfile(\"source\", {\n displayName: \"SQL Server Source\",\n location: \"us-central1\",\n connectionProfileId: \"source-profile\",\n sqlServerProfile: {\n hostname: instance.publicIpAddress,\n port: 1433,\n username: user.name,\n password: user.password,\n database: db.name,\n },\n});\nconst destination = new gcp.datastream.ConnectionProfile(\"destination\", {\n displayName: \"BigQuery Destination\",\n location: \"us-central1\",\n connectionProfileId: \"destination-profile\",\n bigqueryProfile: {},\n});\nconst _default = new gcp.datastream.Stream(\"default\", {\n displayName: \"SQL Server to BigQuery\",\n location: \"us-central1\",\n streamId: \"stream\",\n sourceConfig: {\n sourceConnectionProfile: source.id,\n sqlServerSourceConfig: {\n includeObjects: {\n schemas: [{\n schema: \"schema\",\n tables: [{\n table: \"table\",\n }],\n }],\n },\n transactionLogs: {},\n },\n },\n destinationConfig: {\n destinationConnectionProfile: destination.id,\n bigqueryDestinationConfig: {\n dataFreshness: \"900s\",\n sourceHierarchyDatasets: {\n datasetTemplate: {\n location: \"us-central1\",\n },\n },\n },\n },\n backfillNone: {},\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.sql.DatabaseInstance(\"instance\",\n name=\"sql-server\",\n database_version=\"SQLSERVER_2019_STANDARD\",\n region=\"us-central1\",\n root_password=\"root-password\",\n deletion_protection=True,\n settings={\n \"tier\": \"db-custom-2-4096\",\n \"ip_configuration\": {\n \"authorized_networks\": [\n {\n \"value\": \"34.71.242.81\",\n },\n {\n \"value\": \"34.72.28.29\",\n },\n {\n \"value\": \"34.67.6.157\",\n },\n {\n \"value\": \"34.67.234.134\",\n },\n {\n \"value\": \"34.72.239.218\",\n },\n ],\n },\n })\nuser = gcp.sql.User(\"user\",\n name=\"user\",\n instance=instance.name,\n password=\"password\")\ndb = gcp.sql.Database(\"db\",\n name=\"db\",\n instance=instance.name,\n opts = pulumi.ResourceOptions(depends_on=[user]))\nsource = gcp.datastream.ConnectionProfile(\"source\",\n display_name=\"SQL Server Source\",\n location=\"us-central1\",\n connection_profile_id=\"source-profile\",\n sql_server_profile={\n \"hostname\": instance.public_ip_address,\n \"port\": 1433,\n \"username\": user.name,\n \"password\": user.password,\n \"database\": db.name,\n })\ndestination = gcp.datastream.ConnectionProfile(\"destination\",\n display_name=\"BigQuery Destination\",\n location=\"us-central1\",\n connection_profile_id=\"destination-profile\",\n bigquery_profile={})\ndefault = gcp.datastream.Stream(\"default\",\n display_name=\"SQL Server to BigQuery\",\n location=\"us-central1\",\n stream_id=\"stream\",\n source_config={\n \"source_connection_profile\": source.id,\n \"sql_server_source_config\": {\n \"include_objects\": {\n \"schemas\": [{\n \"schema\": \"schema\",\n \"tables\": [{\n \"table\": \"table\",\n }],\n }],\n },\n \"transaction_logs\": {},\n },\n },\n destination_config={\n \"destination_connection_profile\": destination.id,\n \"bigquery_destination_config\": {\n \"data_freshness\": \"900s\",\n \"source_hierarchy_datasets\": {\n \"dataset_template\": {\n \"location\": \"us-central1\",\n },\n },\n },\n },\n backfill_none={})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Sql.DatabaseInstance(\"instance\", new()\n {\n Name = \"sql-server\",\n DatabaseVersion = \"SQLSERVER_2019_STANDARD\",\n Region = \"us-central1\",\n RootPassword = \"root-password\",\n DeletionProtection = true,\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-custom-2-4096\",\n IpConfiguration = new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationArgs\n {\n AuthorizedNetworks = new[]\n {\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.71.242.81\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.72.28.29\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.67.6.157\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.67.234.134\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.72.239.218\",\n },\n },\n },\n },\n });\n\n var user = new Gcp.Sql.User(\"user\", new()\n {\n Name = \"user\",\n Instance = instance.Name,\n Password = \"password\",\n });\n\n var db = new Gcp.Sql.Database(\"db\", new()\n {\n Name = \"db\",\n Instance = instance.Name,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n user,\n },\n });\n\n var source = new Gcp.Datastream.ConnectionProfile(\"source\", new()\n {\n DisplayName = \"SQL Server Source\",\n Location = \"us-central1\",\n ConnectionProfileId = \"source-profile\",\n SqlServerProfile = new Gcp.Datastream.Inputs.ConnectionProfileSqlServerProfileArgs\n {\n Hostname = instance.PublicIpAddress,\n Port = 1433,\n Username = user.Name,\n Password = user.Password,\n Database = db.Name,\n },\n });\n\n var destination = new Gcp.Datastream.ConnectionProfile(\"destination\", new()\n {\n DisplayName = \"BigQuery Destination\",\n Location = \"us-central1\",\n ConnectionProfileId = \"destination-profile\",\n BigqueryProfile = null,\n });\n\n var @default = new Gcp.Datastream.Stream(\"default\", new()\n {\n DisplayName = \"SQL Server to BigQuery\",\n Location = \"us-central1\",\n StreamId = \"stream\",\n SourceConfig = new Gcp.Datastream.Inputs.StreamSourceConfigArgs\n {\n SourceConnectionProfile = source.Id,\n SqlServerSourceConfig = new Gcp.Datastream.Inputs.StreamSourceConfigSqlServerSourceConfigArgs\n {\n IncludeObjects = new Gcp.Datastream.Inputs.StreamSourceConfigSqlServerSourceConfigIncludeObjectsArgs\n {\n Schemas = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigSqlServerSourceConfigIncludeObjectsSchemaArgs\n {\n Schema = \"schema\",\n Tables = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigSqlServerSourceConfigIncludeObjectsSchemaTableArgs\n {\n Table = \"table\",\n },\n },\n },\n },\n },\n TransactionLogs = null,\n },\n },\n DestinationConfig = new Gcp.Datastream.Inputs.StreamDestinationConfigArgs\n {\n DestinationConnectionProfile = destination.Id,\n BigqueryDestinationConfig = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigArgs\n {\n DataFreshness = \"900s\",\n SourceHierarchyDatasets = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs\n {\n DatasetTemplate = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs\n {\n Location = \"us-central1\",\n },\n },\n },\n },\n BackfillNone = null,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datastream\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinstance, err := sql.NewDatabaseInstance(ctx, \"instance\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"sql-server\"),\n\t\t\tDatabaseVersion: pulumi.String(\"SQLSERVER_2019_STANDARD\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tRootPassword: pulumi.String(\"root-password\"),\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-custom-2-4096\"),\n\t\t\t\tIpConfiguration: \u0026sql.DatabaseInstanceSettingsIpConfigurationArgs{\n\t\t\t\t\tAuthorizedNetworks: sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArray{\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.71.242.81\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.72.28.29\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.67.6.157\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.67.234.134\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.72.239.218\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := sql.NewUser(ctx, \"user\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"user\"),\n\t\t\tInstance: instance.Name,\n\t\t\tPassword: pulumi.String(\"password\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdb, err := sql.NewDatabase(ctx, \"db\", \u0026sql.DatabaseArgs{\n\t\t\tName: pulumi.String(\"db\"),\n\t\t\tInstance: instance.Name,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tuser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsource, err := datastream.NewConnectionProfile(ctx, \"source\", \u0026datastream.ConnectionProfileArgs{\n\t\t\tDisplayName: pulumi.String(\"SQL Server Source\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"source-profile\"),\n\t\t\tSqlServerProfile: \u0026datastream.ConnectionProfileSqlServerProfileArgs{\n\t\t\t\tHostname: instance.PublicIpAddress,\n\t\t\t\tPort: pulumi.Int(1433),\n\t\t\t\tUsername: user.Name,\n\t\t\t\tPassword: user.Password,\n\t\t\t\tDatabase: db.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestination, err := datastream.NewConnectionProfile(ctx, \"destination\", \u0026datastream.ConnectionProfileArgs{\n\t\t\tDisplayName: pulumi.String(\"BigQuery Destination\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"destination-profile\"),\n\t\t\tBigqueryProfile: \u0026datastream.ConnectionProfileBigqueryProfileArgs{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datastream.NewStream(ctx, \"default\", \u0026datastream.StreamArgs{\n\t\t\tDisplayName: pulumi.String(\"SQL Server to BigQuery\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tStreamId: pulumi.String(\"stream\"),\n\t\t\tSourceConfig: \u0026datastream.StreamSourceConfigArgs{\n\t\t\t\tSourceConnectionProfile: source.ID(),\n\t\t\t\tSqlServerSourceConfig: \u0026datastream.StreamSourceConfigSqlServerSourceConfigArgs{\n\t\t\t\t\tIncludeObjects: \u0026datastream.StreamSourceConfigSqlServerSourceConfigIncludeObjectsArgs{\n\t\t\t\t\t\tSchemas: datastream.StreamSourceConfigSqlServerSourceConfigIncludeObjectsSchemaArray{\n\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigSqlServerSourceConfigIncludeObjectsSchemaArgs{\n\t\t\t\t\t\t\t\tSchema: pulumi.String(\"schema\"),\n\t\t\t\t\t\t\t\tTables: datastream.StreamSourceConfigSqlServerSourceConfigIncludeObjectsSchemaTableArray{\n\t\t\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigSqlServerSourceConfigIncludeObjectsSchemaTableArgs{\n\t\t\t\t\t\t\t\t\t\tTable: pulumi.String(\"table\"),\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tTransactionLogs: \u0026datastream.StreamSourceConfigSqlServerSourceConfigTransactionLogsArgs{},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDestinationConfig: \u0026datastream.StreamDestinationConfigArgs{\n\t\t\t\tDestinationConnectionProfile: destination.ID(),\n\t\t\t\tBigqueryDestinationConfig: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigArgs{\n\t\t\t\t\tDataFreshness: pulumi.String(\"900s\"),\n\t\t\t\t\tSourceHierarchyDatasets: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs{\n\t\t\t\t\t\tDatasetTemplate: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs{\n\t\t\t\t\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tBackfillNone: \u0026datastream.StreamBackfillNoneArgs{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsIpConfigurationArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport com.pulumi.gcp.sql.Database;\nimport com.pulumi.gcp.sql.DatabaseArgs;\nimport com.pulumi.gcp.datastream.ConnectionProfile;\nimport com.pulumi.gcp.datastream.ConnectionProfileArgs;\nimport com.pulumi.gcp.datastream.inputs.ConnectionProfileSqlServerProfileArgs;\nimport com.pulumi.gcp.datastream.inputs.ConnectionProfileBigqueryProfileArgs;\nimport com.pulumi.gcp.datastream.Stream;\nimport com.pulumi.gcp.datastream.StreamArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigSqlServerSourceConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigSqlServerSourceConfigIncludeObjectsArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigSqlServerSourceConfigTransactionLogsArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamBackfillNoneArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new DatabaseInstance(\"instance\", DatabaseInstanceArgs.builder()\n .name(\"sql-server\")\n .databaseVersion(\"SQLSERVER_2019_STANDARD\")\n .region(\"us-central1\")\n .rootPassword(\"root-password\")\n .deletionProtection(true)\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-custom-2-4096\")\n .ipConfiguration(DatabaseInstanceSettingsIpConfigurationArgs.builder()\n .authorizedNetworks( \n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.71.242.81\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.72.28.29\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.67.6.157\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.67.234.134\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.72.239.218\")\n .build())\n .build())\n .build())\n .build());\n\n var user = new User(\"user\", UserArgs.builder()\n .name(\"user\")\n .instance(instance.name())\n .password(\"password\")\n .build());\n\n var db = new Database(\"db\", DatabaseArgs.builder()\n .name(\"db\")\n .instance(instance.name())\n .build(), CustomResourceOptions.builder()\n .dependsOn(user)\n .build());\n\n var source = new ConnectionProfile(\"source\", ConnectionProfileArgs.builder()\n .displayName(\"SQL Server Source\")\n .location(\"us-central1\")\n .connectionProfileId(\"source-profile\")\n .sqlServerProfile(ConnectionProfileSqlServerProfileArgs.builder()\n .hostname(instance.publicIpAddress())\n .port(1433)\n .username(user.name())\n .password(user.password())\n .database(db.name())\n .build())\n .build());\n\n var destination = new ConnectionProfile(\"destination\", ConnectionProfileArgs.builder()\n .displayName(\"BigQuery Destination\")\n .location(\"us-central1\")\n .connectionProfileId(\"destination-profile\")\n .bigqueryProfile()\n .build());\n\n var default_ = new Stream(\"default\", StreamArgs.builder()\n .displayName(\"SQL Server to BigQuery\")\n .location(\"us-central1\")\n .streamId(\"stream\")\n .sourceConfig(StreamSourceConfigArgs.builder()\n .sourceConnectionProfile(source.id())\n .sqlServerSourceConfig(StreamSourceConfigSqlServerSourceConfigArgs.builder()\n .includeObjects(StreamSourceConfigSqlServerSourceConfigIncludeObjectsArgs.builder()\n .schemas(StreamSourceConfigSqlServerSourceConfigIncludeObjectsSchemaArgs.builder()\n .schema(\"schema\")\n .tables(StreamSourceConfigSqlServerSourceConfigIncludeObjectsSchemaTableArgs.builder()\n .table(\"table\")\n .build())\n .build())\n .build())\n .transactionLogs()\n .build())\n .build())\n .destinationConfig(StreamDestinationConfigArgs.builder()\n .destinationConnectionProfile(destination.id())\n .bigqueryDestinationConfig(StreamDestinationConfigBigqueryDestinationConfigArgs.builder()\n .dataFreshness(\"900s\")\n .sourceHierarchyDatasets(StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs.builder()\n .datasetTemplate(StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs.builder()\n .location(\"us-central1\")\n .build())\n .build())\n .build())\n .build())\n .backfillNone()\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:sql:DatabaseInstance\n properties:\n name: sql-server\n databaseVersion: SQLSERVER_2019_STANDARD\n region: us-central1\n rootPassword: root-password\n deletionProtection: true\n settings:\n tier: db-custom-2-4096\n ipConfiguration:\n authorizedNetworks:\n - value: 34.71.242.81\n - value: 34.72.28.29\n - value: 34.67.6.157\n - value: 34.67.234.134\n - value: 34.72.239.218\n db:\n type: gcp:sql:Database\n properties:\n name: db\n instance: ${instance.name}\n options:\n dependsOn:\n - ${user}\n user:\n type: gcp:sql:User\n properties:\n name: user\n instance: ${instance.name}\n password: password\n source:\n type: gcp:datastream:ConnectionProfile\n properties:\n displayName: SQL Server Source\n location: us-central1\n connectionProfileId: source-profile\n sqlServerProfile:\n hostname: ${instance.publicIpAddress}\n port: 1433\n username: ${user.name}\n password: ${user.password}\n database: ${db.name}\n destination:\n type: gcp:datastream:ConnectionProfile\n properties:\n displayName: BigQuery Destination\n location: us-central1\n connectionProfileId: destination-profile\n bigqueryProfile: {}\n default:\n type: gcp:datastream:Stream\n properties:\n displayName: SQL Server to BigQuery\n location: us-central1\n streamId: stream\n sourceConfig:\n sourceConnectionProfile: ${source.id}\n sqlServerSourceConfig:\n includeObjects:\n schemas:\n - schema: schema\n tables:\n - table: table\n transactionLogs: {}\n destinationConfig:\n destinationConnectionProfile: ${destination.id}\n bigqueryDestinationConfig:\n dataFreshness: 900s\n sourceHierarchyDatasets:\n datasetTemplate:\n location: us-central1\n backfillNone: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Datastream Stream Sql Server Change Tables\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.sql.DatabaseInstance(\"instance\", {\n name: \"sql-server\",\n databaseVersion: \"SQLSERVER_2019_STANDARD\",\n region: \"us-central1\",\n rootPassword: \"root-password\",\n deletionProtection: true,\n settings: {\n tier: \"db-custom-2-4096\",\n ipConfiguration: {\n authorizedNetworks: [\n {\n value: \"34.71.242.81\",\n },\n {\n value: \"34.72.28.29\",\n },\n {\n value: \"34.67.6.157\",\n },\n {\n value: \"34.67.234.134\",\n },\n {\n value: \"34.72.239.218\",\n },\n ],\n },\n },\n});\nconst user = new gcp.sql.User(\"user\", {\n name: \"user\",\n instance: instance.name,\n password: \"password\",\n});\nconst db = new gcp.sql.Database(\"db\", {\n name: \"db\",\n instance: instance.name,\n}, {\n dependsOn: [user],\n});\nconst source = new gcp.datastream.ConnectionProfile(\"source\", {\n displayName: \"SQL Server Source\",\n location: \"us-central1\",\n connectionProfileId: \"source-profile\",\n sqlServerProfile: {\n hostname: instance.publicIpAddress,\n port: 1433,\n username: user.name,\n password: user.password,\n database: db.name,\n },\n});\nconst destination = new gcp.datastream.ConnectionProfile(\"destination\", {\n displayName: \"BigQuery Destination\",\n location: \"us-central1\",\n connectionProfileId: \"destination-profile\",\n bigqueryProfile: {},\n});\nconst _default = new gcp.datastream.Stream(\"default\", {\n displayName: \"SQL Server to BigQuery\",\n location: \"us-central1\",\n streamId: \"stream\",\n sourceConfig: {\n sourceConnectionProfile: source.id,\n sqlServerSourceConfig: {\n includeObjects: {\n schemas: [{\n schema: \"schema\",\n tables: [{\n table: \"table\",\n }],\n }],\n },\n changeTables: {},\n },\n },\n destinationConfig: {\n destinationConnectionProfile: destination.id,\n bigqueryDestinationConfig: {\n dataFreshness: \"900s\",\n sourceHierarchyDatasets: {\n datasetTemplate: {\n location: \"us-central1\",\n },\n },\n },\n },\n backfillNone: {},\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.sql.DatabaseInstance(\"instance\",\n name=\"sql-server\",\n database_version=\"SQLSERVER_2019_STANDARD\",\n region=\"us-central1\",\n root_password=\"root-password\",\n deletion_protection=True,\n settings={\n \"tier\": \"db-custom-2-4096\",\n \"ip_configuration\": {\n \"authorized_networks\": [\n {\n \"value\": \"34.71.242.81\",\n },\n {\n \"value\": \"34.72.28.29\",\n },\n {\n \"value\": \"34.67.6.157\",\n },\n {\n \"value\": \"34.67.234.134\",\n },\n {\n \"value\": \"34.72.239.218\",\n },\n ],\n },\n })\nuser = gcp.sql.User(\"user\",\n name=\"user\",\n instance=instance.name,\n password=\"password\")\ndb = gcp.sql.Database(\"db\",\n name=\"db\",\n instance=instance.name,\n opts = pulumi.ResourceOptions(depends_on=[user]))\nsource = gcp.datastream.ConnectionProfile(\"source\",\n display_name=\"SQL Server Source\",\n location=\"us-central1\",\n connection_profile_id=\"source-profile\",\n sql_server_profile={\n \"hostname\": instance.public_ip_address,\n \"port\": 1433,\n \"username\": user.name,\n \"password\": user.password,\n \"database\": db.name,\n })\ndestination = gcp.datastream.ConnectionProfile(\"destination\",\n display_name=\"BigQuery Destination\",\n location=\"us-central1\",\n connection_profile_id=\"destination-profile\",\n bigquery_profile={})\ndefault = gcp.datastream.Stream(\"default\",\n display_name=\"SQL Server to BigQuery\",\n location=\"us-central1\",\n stream_id=\"stream\",\n source_config={\n \"source_connection_profile\": source.id,\n \"sql_server_source_config\": {\n \"include_objects\": {\n \"schemas\": [{\n \"schema\": \"schema\",\n \"tables\": [{\n \"table\": \"table\",\n }],\n }],\n },\n \"change_tables\": {},\n },\n },\n destination_config={\n \"destination_connection_profile\": destination.id,\n \"bigquery_destination_config\": {\n \"data_freshness\": \"900s\",\n \"source_hierarchy_datasets\": {\n \"dataset_template\": {\n \"location\": \"us-central1\",\n },\n },\n },\n },\n backfill_none={})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Sql.DatabaseInstance(\"instance\", new()\n {\n Name = \"sql-server\",\n DatabaseVersion = \"SQLSERVER_2019_STANDARD\",\n Region = \"us-central1\",\n RootPassword = \"root-password\",\n DeletionProtection = true,\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-custom-2-4096\",\n IpConfiguration = new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationArgs\n {\n AuthorizedNetworks = new[]\n {\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.71.242.81\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.72.28.29\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.67.6.157\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.67.234.134\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.72.239.218\",\n },\n },\n },\n },\n });\n\n var user = new Gcp.Sql.User(\"user\", new()\n {\n Name = \"user\",\n Instance = instance.Name,\n Password = \"password\",\n });\n\n var db = new Gcp.Sql.Database(\"db\", new()\n {\n Name = \"db\",\n Instance = instance.Name,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n user,\n },\n });\n\n var source = new Gcp.Datastream.ConnectionProfile(\"source\", new()\n {\n DisplayName = \"SQL Server Source\",\n Location = \"us-central1\",\n ConnectionProfileId = \"source-profile\",\n SqlServerProfile = new Gcp.Datastream.Inputs.ConnectionProfileSqlServerProfileArgs\n {\n Hostname = instance.PublicIpAddress,\n Port = 1433,\n Username = user.Name,\n Password = user.Password,\n Database = db.Name,\n },\n });\n\n var destination = new Gcp.Datastream.ConnectionProfile(\"destination\", new()\n {\n DisplayName = \"BigQuery Destination\",\n Location = \"us-central1\",\n ConnectionProfileId = \"destination-profile\",\n BigqueryProfile = null,\n });\n\n var @default = new Gcp.Datastream.Stream(\"default\", new()\n {\n DisplayName = \"SQL Server to BigQuery\",\n Location = \"us-central1\",\n StreamId = \"stream\",\n SourceConfig = new Gcp.Datastream.Inputs.StreamSourceConfigArgs\n {\n SourceConnectionProfile = source.Id,\n SqlServerSourceConfig = new Gcp.Datastream.Inputs.StreamSourceConfigSqlServerSourceConfigArgs\n {\n IncludeObjects = new Gcp.Datastream.Inputs.StreamSourceConfigSqlServerSourceConfigIncludeObjectsArgs\n {\n Schemas = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigSqlServerSourceConfigIncludeObjectsSchemaArgs\n {\n Schema = \"schema\",\n Tables = new[]\n {\n new Gcp.Datastream.Inputs.StreamSourceConfigSqlServerSourceConfigIncludeObjectsSchemaTableArgs\n {\n Table = \"table\",\n },\n },\n },\n },\n },\n ChangeTables = null,\n },\n },\n DestinationConfig = new Gcp.Datastream.Inputs.StreamDestinationConfigArgs\n {\n DestinationConnectionProfile = destination.Id,\n BigqueryDestinationConfig = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigArgs\n {\n DataFreshness = \"900s\",\n SourceHierarchyDatasets = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs\n {\n DatasetTemplate = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs\n {\n Location = \"us-central1\",\n },\n },\n },\n },\n BackfillNone = null,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datastream\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinstance, err := sql.NewDatabaseInstance(ctx, \"instance\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"sql-server\"),\n\t\t\tDatabaseVersion: pulumi.String(\"SQLSERVER_2019_STANDARD\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tRootPassword: pulumi.String(\"root-password\"),\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-custom-2-4096\"),\n\t\t\t\tIpConfiguration: \u0026sql.DatabaseInstanceSettingsIpConfigurationArgs{\n\t\t\t\t\tAuthorizedNetworks: sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArray{\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.71.242.81\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.72.28.29\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.67.6.157\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.67.234.134\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.72.239.218\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := sql.NewUser(ctx, \"user\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"user\"),\n\t\t\tInstance: instance.Name,\n\t\t\tPassword: pulumi.String(\"password\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdb, err := sql.NewDatabase(ctx, \"db\", \u0026sql.DatabaseArgs{\n\t\t\tName: pulumi.String(\"db\"),\n\t\t\tInstance: instance.Name,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tuser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsource, err := datastream.NewConnectionProfile(ctx, \"source\", \u0026datastream.ConnectionProfileArgs{\n\t\t\tDisplayName: pulumi.String(\"SQL Server Source\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"source-profile\"),\n\t\t\tSqlServerProfile: \u0026datastream.ConnectionProfileSqlServerProfileArgs{\n\t\t\t\tHostname: instance.PublicIpAddress,\n\t\t\t\tPort: pulumi.Int(1433),\n\t\t\t\tUsername: user.Name,\n\t\t\t\tPassword: user.Password,\n\t\t\t\tDatabase: db.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestination, err := datastream.NewConnectionProfile(ctx, \"destination\", \u0026datastream.ConnectionProfileArgs{\n\t\t\tDisplayName: pulumi.String(\"BigQuery Destination\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"destination-profile\"),\n\t\t\tBigqueryProfile: \u0026datastream.ConnectionProfileBigqueryProfileArgs{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datastream.NewStream(ctx, \"default\", \u0026datastream.StreamArgs{\n\t\t\tDisplayName: pulumi.String(\"SQL Server to BigQuery\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tStreamId: pulumi.String(\"stream\"),\n\t\t\tSourceConfig: \u0026datastream.StreamSourceConfigArgs{\n\t\t\t\tSourceConnectionProfile: source.ID(),\n\t\t\t\tSqlServerSourceConfig: \u0026datastream.StreamSourceConfigSqlServerSourceConfigArgs{\n\t\t\t\t\tIncludeObjects: \u0026datastream.StreamSourceConfigSqlServerSourceConfigIncludeObjectsArgs{\n\t\t\t\t\t\tSchemas: datastream.StreamSourceConfigSqlServerSourceConfigIncludeObjectsSchemaArray{\n\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigSqlServerSourceConfigIncludeObjectsSchemaArgs{\n\t\t\t\t\t\t\t\tSchema: pulumi.String(\"schema\"),\n\t\t\t\t\t\t\t\tTables: datastream.StreamSourceConfigSqlServerSourceConfigIncludeObjectsSchemaTableArray{\n\t\t\t\t\t\t\t\t\t\u0026datastream.StreamSourceConfigSqlServerSourceConfigIncludeObjectsSchemaTableArgs{\n\t\t\t\t\t\t\t\t\t\tTable: pulumi.String(\"table\"),\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tChangeTables: \u0026datastream.StreamSourceConfigSqlServerSourceConfigChangeTablesArgs{},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDestinationConfig: \u0026datastream.StreamDestinationConfigArgs{\n\t\t\t\tDestinationConnectionProfile: destination.ID(),\n\t\t\t\tBigqueryDestinationConfig: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigArgs{\n\t\t\t\t\tDataFreshness: pulumi.String(\"900s\"),\n\t\t\t\t\tSourceHierarchyDatasets: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs{\n\t\t\t\t\t\tDatasetTemplate: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs{\n\t\t\t\t\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tBackfillNone: \u0026datastream.StreamBackfillNoneArgs{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsIpConfigurationArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport com.pulumi.gcp.sql.Database;\nimport com.pulumi.gcp.sql.DatabaseArgs;\nimport com.pulumi.gcp.datastream.ConnectionProfile;\nimport com.pulumi.gcp.datastream.ConnectionProfileArgs;\nimport com.pulumi.gcp.datastream.inputs.ConnectionProfileSqlServerProfileArgs;\nimport com.pulumi.gcp.datastream.inputs.ConnectionProfileBigqueryProfileArgs;\nimport com.pulumi.gcp.datastream.Stream;\nimport com.pulumi.gcp.datastream.StreamArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigSqlServerSourceConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigSqlServerSourceConfigIncludeObjectsArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigSqlServerSourceConfigChangeTablesArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamBackfillNoneArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new DatabaseInstance(\"instance\", DatabaseInstanceArgs.builder()\n .name(\"sql-server\")\n .databaseVersion(\"SQLSERVER_2019_STANDARD\")\n .region(\"us-central1\")\n .rootPassword(\"root-password\")\n .deletionProtection(true)\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-custom-2-4096\")\n .ipConfiguration(DatabaseInstanceSettingsIpConfigurationArgs.builder()\n .authorizedNetworks( \n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.71.242.81\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.72.28.29\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.67.6.157\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.67.234.134\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.72.239.218\")\n .build())\n .build())\n .build())\n .build());\n\n var user = new User(\"user\", UserArgs.builder()\n .name(\"user\")\n .instance(instance.name())\n .password(\"password\")\n .build());\n\n var db = new Database(\"db\", DatabaseArgs.builder()\n .name(\"db\")\n .instance(instance.name())\n .build(), CustomResourceOptions.builder()\n .dependsOn(user)\n .build());\n\n var source = new ConnectionProfile(\"source\", ConnectionProfileArgs.builder()\n .displayName(\"SQL Server Source\")\n .location(\"us-central1\")\n .connectionProfileId(\"source-profile\")\n .sqlServerProfile(ConnectionProfileSqlServerProfileArgs.builder()\n .hostname(instance.publicIpAddress())\n .port(1433)\n .username(user.name())\n .password(user.password())\n .database(db.name())\n .build())\n .build());\n\n var destination = new ConnectionProfile(\"destination\", ConnectionProfileArgs.builder()\n .displayName(\"BigQuery Destination\")\n .location(\"us-central1\")\n .connectionProfileId(\"destination-profile\")\n .bigqueryProfile()\n .build());\n\n var default_ = new Stream(\"default\", StreamArgs.builder()\n .displayName(\"SQL Server to BigQuery\")\n .location(\"us-central1\")\n .streamId(\"stream\")\n .sourceConfig(StreamSourceConfigArgs.builder()\n .sourceConnectionProfile(source.id())\n .sqlServerSourceConfig(StreamSourceConfigSqlServerSourceConfigArgs.builder()\n .includeObjects(StreamSourceConfigSqlServerSourceConfigIncludeObjectsArgs.builder()\n .schemas(StreamSourceConfigSqlServerSourceConfigIncludeObjectsSchemaArgs.builder()\n .schema(\"schema\")\n .tables(StreamSourceConfigSqlServerSourceConfigIncludeObjectsSchemaTableArgs.builder()\n .table(\"table\")\n .build())\n .build())\n .build())\n .changeTables()\n .build())\n .build())\n .destinationConfig(StreamDestinationConfigArgs.builder()\n .destinationConnectionProfile(destination.id())\n .bigqueryDestinationConfig(StreamDestinationConfigBigqueryDestinationConfigArgs.builder()\n .dataFreshness(\"900s\")\n .sourceHierarchyDatasets(StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs.builder()\n .datasetTemplate(StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs.builder()\n .location(\"us-central1\")\n .build())\n .build())\n .build())\n .build())\n .backfillNone()\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:sql:DatabaseInstance\n properties:\n name: sql-server\n databaseVersion: SQLSERVER_2019_STANDARD\n region: us-central1\n rootPassword: root-password\n deletionProtection: true\n settings:\n tier: db-custom-2-4096\n ipConfiguration:\n authorizedNetworks:\n - value: 34.71.242.81\n - value: 34.72.28.29\n - value: 34.67.6.157\n - value: 34.67.234.134\n - value: 34.72.239.218\n db:\n type: gcp:sql:Database\n properties:\n name: db\n instance: ${instance.name}\n options:\n dependsOn:\n - ${user}\n user:\n type: gcp:sql:User\n properties:\n name: user\n instance: ${instance.name}\n password: password\n source:\n type: gcp:datastream:ConnectionProfile\n properties:\n displayName: SQL Server Source\n location: us-central1\n connectionProfileId: source-profile\n sqlServerProfile:\n hostname: ${instance.publicIpAddress}\n port: 1433\n username: ${user.name}\n password: ${user.password}\n database: ${db.name}\n destination:\n type: gcp:datastream:ConnectionProfile\n properties:\n displayName: BigQuery Destination\n location: us-central1\n connectionProfileId: destination-profile\n bigqueryProfile: {}\n default:\n type: gcp:datastream:Stream\n properties:\n displayName: SQL Server to BigQuery\n location: us-central1\n streamId: stream\n sourceConfig:\n sourceConnectionProfile: ${source.id}\n sqlServerSourceConfig:\n includeObjects:\n schemas:\n - schema: schema\n tables:\n - table: table\n changeTables: {}\n destinationConfig:\n destinationConnectionProfile: ${destination.id}\n bigqueryDestinationConfig:\n dataFreshness: 900s\n sourceHierarchyDatasets:\n datasetTemplate:\n location: us-central1\n backfillNone: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Datastream Stream Postgresql Bigquery Dataset Id\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as random from \"@pulumi/random\";\n\nconst postgres = new gcp.bigquery.Dataset(\"postgres\", {\n datasetId: \"postgres\",\n friendlyName: \"postgres\",\n description: \"Database of postgres\",\n location: \"us-central1\",\n});\nconst destinationConnectionProfile2 = new gcp.datastream.ConnectionProfile(\"destination_connection_profile2\", {\n displayName: \"Connection profile\",\n location: \"us-central1\",\n connectionProfileId: \"dest-profile\",\n bigqueryProfile: {},\n});\nconst instance = new gcp.sql.DatabaseInstance(\"instance\", {\n name: \"instance-name\",\n databaseVersion: \"MYSQL_8_0\",\n region: \"us-central1\",\n settings: {\n tier: \"db-f1-micro\",\n backupConfiguration: {\n enabled: true,\n binaryLogEnabled: true,\n },\n ipConfiguration: {\n authorizedNetworks: [\n {\n value: \"34.71.242.81\",\n },\n {\n value: \"34.72.28.29\",\n },\n {\n value: \"34.67.6.157\",\n },\n {\n value: \"34.67.234.134\",\n },\n {\n value: \"34.72.239.218\",\n },\n ],\n },\n },\n deletionProtection: false,\n});\nconst pwd = new random.RandomPassword(\"pwd\", {\n length: 16,\n special: false,\n});\nconst user = new gcp.sql.User(\"user\", {\n name: \"my-user\",\n instance: instance.name,\n host: \"%\",\n password: pwd.result,\n});\nconst sourceConnectionProfile = new gcp.datastream.ConnectionProfile(\"source_connection_profile\", {\n displayName: \"Source connection profile\",\n location: \"us-central1\",\n connectionProfileId: \"source-profile\",\n mysqlProfile: {\n hostname: instance.publicIpAddress,\n username: user.name,\n password: user.password,\n },\n});\nconst _default = new gcp.datastream.Stream(\"default\", {\n displayName: \"postgres to bigQuery\",\n location: \"us-central1\",\n streamId: \"postgres-bigquery\",\n sourceConfig: {\n sourceConnectionProfile: sourceConnectionProfile.id,\n mysqlSourceConfig: {},\n },\n destinationConfig: {\n destinationConnectionProfile: destinationConnectionProfile2.id,\n bigqueryDestinationConfig: {\n dataFreshness: \"900s\",\n singleTargetDataset: {\n datasetId: postgres.id,\n },\n },\n },\n backfillAll: {},\n});\nconst db = new gcp.sql.Database(\"db\", {\n instance: instance.name,\n name: \"db\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_random as random\n\npostgres = gcp.bigquery.Dataset(\"postgres\",\n dataset_id=\"postgres\",\n friendly_name=\"postgres\",\n description=\"Database of postgres\",\n location=\"us-central1\")\ndestination_connection_profile2 = gcp.datastream.ConnectionProfile(\"destination_connection_profile2\",\n display_name=\"Connection profile\",\n location=\"us-central1\",\n connection_profile_id=\"dest-profile\",\n bigquery_profile={})\ninstance = gcp.sql.DatabaseInstance(\"instance\",\n name=\"instance-name\",\n database_version=\"MYSQL_8_0\",\n region=\"us-central1\",\n settings={\n \"tier\": \"db-f1-micro\",\n \"backup_configuration\": {\n \"enabled\": True,\n \"binary_log_enabled\": True,\n },\n \"ip_configuration\": {\n \"authorized_networks\": [\n {\n \"value\": \"34.71.242.81\",\n },\n {\n \"value\": \"34.72.28.29\",\n },\n {\n \"value\": \"34.67.6.157\",\n },\n {\n \"value\": \"34.67.234.134\",\n },\n {\n \"value\": \"34.72.239.218\",\n },\n ],\n },\n },\n deletion_protection=False)\npwd = random.RandomPassword(\"pwd\",\n length=16,\n special=False)\nuser = gcp.sql.User(\"user\",\n name=\"my-user\",\n instance=instance.name,\n host=\"%\",\n password=pwd.result)\nsource_connection_profile = gcp.datastream.ConnectionProfile(\"source_connection_profile\",\n display_name=\"Source connection profile\",\n location=\"us-central1\",\n connection_profile_id=\"source-profile\",\n mysql_profile={\n \"hostname\": instance.public_ip_address,\n \"username\": user.name,\n \"password\": user.password,\n })\ndefault = gcp.datastream.Stream(\"default\",\n display_name=\"postgres to bigQuery\",\n location=\"us-central1\",\n stream_id=\"postgres-bigquery\",\n source_config={\n \"source_connection_profile\": source_connection_profile.id,\n \"mysql_source_config\": {},\n },\n destination_config={\n \"destination_connection_profile\": destination_connection_profile2.id,\n \"bigquery_destination_config\": {\n \"data_freshness\": \"900s\",\n \"single_target_dataset\": {\n \"dataset_id\": postgres.id,\n },\n },\n },\n backfill_all={})\ndb = gcp.sql.Database(\"db\",\n instance=instance.name,\n name=\"db\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Random = Pulumi.Random;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var postgres = new Gcp.BigQuery.Dataset(\"postgres\", new()\n {\n DatasetId = \"postgres\",\n FriendlyName = \"postgres\",\n Description = \"Database of postgres\",\n Location = \"us-central1\",\n });\n\n var destinationConnectionProfile2 = new Gcp.Datastream.ConnectionProfile(\"destination_connection_profile2\", new()\n {\n DisplayName = \"Connection profile\",\n Location = \"us-central1\",\n ConnectionProfileId = \"dest-profile\",\n BigqueryProfile = null,\n });\n\n var instance = new Gcp.Sql.DatabaseInstance(\"instance\", new()\n {\n Name = \"instance-name\",\n DatabaseVersion = \"MYSQL_8_0\",\n Region = \"us-central1\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n BackupConfiguration = new Gcp.Sql.Inputs.DatabaseInstanceSettingsBackupConfigurationArgs\n {\n Enabled = true,\n BinaryLogEnabled = true,\n },\n IpConfiguration = new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationArgs\n {\n AuthorizedNetworks = new[]\n {\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.71.242.81\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.72.28.29\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.67.6.157\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.67.234.134\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.72.239.218\",\n },\n },\n },\n },\n DeletionProtection = false,\n });\n\n var pwd = new Random.RandomPassword(\"pwd\", new()\n {\n Length = 16,\n Special = false,\n });\n\n var user = new Gcp.Sql.User(\"user\", new()\n {\n Name = \"my-user\",\n Instance = instance.Name,\n Host = \"%\",\n Password = pwd.Result,\n });\n\n var sourceConnectionProfile = new Gcp.Datastream.ConnectionProfile(\"source_connection_profile\", new()\n {\n DisplayName = \"Source connection profile\",\n Location = \"us-central1\",\n ConnectionProfileId = \"source-profile\",\n MysqlProfile = new Gcp.Datastream.Inputs.ConnectionProfileMysqlProfileArgs\n {\n Hostname = instance.PublicIpAddress,\n Username = user.Name,\n Password = user.Password,\n },\n });\n\n var @default = new Gcp.Datastream.Stream(\"default\", new()\n {\n DisplayName = \"postgres to bigQuery\",\n Location = \"us-central1\",\n StreamId = \"postgres-bigquery\",\n SourceConfig = new Gcp.Datastream.Inputs.StreamSourceConfigArgs\n {\n SourceConnectionProfile = sourceConnectionProfile.Id,\n MysqlSourceConfig = null,\n },\n DestinationConfig = new Gcp.Datastream.Inputs.StreamDestinationConfigArgs\n {\n DestinationConnectionProfile = destinationConnectionProfile2.Id,\n BigqueryDestinationConfig = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigArgs\n {\n DataFreshness = \"900s\",\n SingleTargetDataset = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigSingleTargetDatasetArgs\n {\n DatasetId = postgres.Id,\n },\n },\n },\n BackfillAll = null,\n });\n\n var db = new Gcp.Sql.Database(\"db\", new()\n {\n Instance = instance.Name,\n Name = \"db\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datastream\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi-random/sdk/v4/go/random\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpostgres, err := bigquery.NewDataset(ctx, \"postgres\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"postgres\"),\n\t\t\tFriendlyName: pulumi.String(\"postgres\"),\n\t\t\tDescription: pulumi.String(\"Database of postgres\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestinationConnectionProfile2, err := datastream.NewConnectionProfile(ctx, \"destination_connection_profile2\", \u0026datastream.ConnectionProfileArgs{\n\t\t\tDisplayName: pulumi.String(\"Connection profile\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"dest-profile\"),\n\t\t\tBigqueryProfile: \u0026datastream.ConnectionProfileBigqueryProfileArgs{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstance, err := sql.NewDatabaseInstance(ctx, \"instance\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"instance-name\"),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_8_0\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t\tBackupConfiguration: \u0026sql.DatabaseInstanceSettingsBackupConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tBinaryLogEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tIpConfiguration: \u0026sql.DatabaseInstanceSettingsIpConfigurationArgs{\n\t\t\t\t\tAuthorizedNetworks: sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArray{\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.71.242.81\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.72.28.29\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.67.6.157\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.67.234.134\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.72.239.218\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpwd, err := random.NewRandomPassword(ctx, \"pwd\", \u0026random.RandomPasswordArgs{\n\t\t\tLength: pulumi.Int(16),\n\t\t\tSpecial: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := sql.NewUser(ctx, \"user\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"my-user\"),\n\t\t\tInstance: instance.Name,\n\t\t\tHost: pulumi.String(\"%\"),\n\t\t\tPassword: pwd.Result,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceConnectionProfile, err := datastream.NewConnectionProfile(ctx, \"source_connection_profile\", \u0026datastream.ConnectionProfileArgs{\n\t\t\tDisplayName: pulumi.String(\"Source connection profile\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"source-profile\"),\n\t\t\tMysqlProfile: \u0026datastream.ConnectionProfileMysqlProfileArgs{\n\t\t\t\tHostname: instance.PublicIpAddress,\n\t\t\t\tUsername: user.Name,\n\t\t\t\tPassword: user.Password,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datastream.NewStream(ctx, \"default\", \u0026datastream.StreamArgs{\n\t\t\tDisplayName: pulumi.String(\"postgres to bigQuery\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tStreamId: pulumi.String(\"postgres-bigquery\"),\n\t\t\tSourceConfig: \u0026datastream.StreamSourceConfigArgs{\n\t\t\t\tSourceConnectionProfile: sourceConnectionProfile.ID(),\n\t\t\t\tMysqlSourceConfig: \u0026datastream.StreamSourceConfigMysqlSourceConfigArgs{},\n\t\t\t},\n\t\t\tDestinationConfig: \u0026datastream.StreamDestinationConfigArgs{\n\t\t\t\tDestinationConnectionProfile: destinationConnectionProfile2.ID(),\n\t\t\t\tBigqueryDestinationConfig: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigArgs{\n\t\t\t\t\tDataFreshness: pulumi.String(\"900s\"),\n\t\t\t\t\tSingleTargetDataset: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigSingleTargetDatasetArgs{\n\t\t\t\t\t\tDatasetId: postgres.ID(),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tBackfillAll: \u0026datastream.StreamBackfillAllArgs{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sql.NewDatabase(ctx, \"db\", \u0026sql.DatabaseArgs{\n\t\t\tInstance: instance.Name,\n\t\t\tName: pulumi.String(\"db\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.datastream.ConnectionProfile;\nimport com.pulumi.gcp.datastream.ConnectionProfileArgs;\nimport com.pulumi.gcp.datastream.inputs.ConnectionProfileBigqueryProfileArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsBackupConfigurationArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsIpConfigurationArgs;\nimport com.pulumi.random.RandomPassword;\nimport com.pulumi.random.RandomPasswordArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport com.pulumi.gcp.datastream.inputs.ConnectionProfileMysqlProfileArgs;\nimport com.pulumi.gcp.datastream.Stream;\nimport com.pulumi.gcp.datastream.StreamArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigMysqlSourceConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigSingleTargetDatasetArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamBackfillAllArgs;\nimport com.pulumi.gcp.sql.Database;\nimport com.pulumi.gcp.sql.DatabaseArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var postgres = new Dataset(\"postgres\", DatasetArgs.builder()\n .datasetId(\"postgres\")\n .friendlyName(\"postgres\")\n .description(\"Database of postgres\")\n .location(\"us-central1\")\n .build());\n\n var destinationConnectionProfile2 = new ConnectionProfile(\"destinationConnectionProfile2\", ConnectionProfileArgs.builder()\n .displayName(\"Connection profile\")\n .location(\"us-central1\")\n .connectionProfileId(\"dest-profile\")\n .bigqueryProfile()\n .build());\n\n var instance = new DatabaseInstance(\"instance\", DatabaseInstanceArgs.builder()\n .name(\"instance-name\")\n .databaseVersion(\"MYSQL_8_0\")\n .region(\"us-central1\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .backupConfiguration(DatabaseInstanceSettingsBackupConfigurationArgs.builder()\n .enabled(true)\n .binaryLogEnabled(true)\n .build())\n .ipConfiguration(DatabaseInstanceSettingsIpConfigurationArgs.builder()\n .authorizedNetworks( \n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.71.242.81\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.72.28.29\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.67.6.157\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.67.234.134\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.72.239.218\")\n .build())\n .build())\n .build())\n .deletionProtection(false)\n .build());\n\n var pwd = new RandomPassword(\"pwd\", RandomPasswordArgs.builder()\n .length(16)\n .special(false)\n .build());\n\n var user = new User(\"user\", UserArgs.builder()\n .name(\"my-user\")\n .instance(instance.name())\n .host(\"%\")\n .password(pwd.result())\n .build());\n\n var sourceConnectionProfile = new ConnectionProfile(\"sourceConnectionProfile\", ConnectionProfileArgs.builder()\n .displayName(\"Source connection profile\")\n .location(\"us-central1\")\n .connectionProfileId(\"source-profile\")\n .mysqlProfile(ConnectionProfileMysqlProfileArgs.builder()\n .hostname(instance.publicIpAddress())\n .username(user.name())\n .password(user.password())\n .build())\n .build());\n\n var default_ = new Stream(\"default\", StreamArgs.builder()\n .displayName(\"postgres to bigQuery\")\n .location(\"us-central1\")\n .streamId(\"postgres-bigquery\")\n .sourceConfig(StreamSourceConfigArgs.builder()\n .sourceConnectionProfile(sourceConnectionProfile.id())\n .mysqlSourceConfig()\n .build())\n .destinationConfig(StreamDestinationConfigArgs.builder()\n .destinationConnectionProfile(destinationConnectionProfile2.id())\n .bigqueryDestinationConfig(StreamDestinationConfigBigqueryDestinationConfigArgs.builder()\n .dataFreshness(\"900s\")\n .singleTargetDataset(StreamDestinationConfigBigqueryDestinationConfigSingleTargetDatasetArgs.builder()\n .datasetId(postgres.id())\n .build())\n .build())\n .build())\n .backfillAll()\n .build());\n\n var db = new Database(\"db\", DatabaseArgs.builder()\n .instance(instance.name())\n .name(\"db\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n postgres:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: postgres\n friendlyName: postgres\n description: Database of postgres\n location: us-central1\n default:\n type: gcp:datastream:Stream\n properties:\n displayName: postgres to bigQuery\n location: us-central1\n streamId: postgres-bigquery\n sourceConfig:\n sourceConnectionProfile: ${sourceConnectionProfile.id}\n mysqlSourceConfig: {}\n destinationConfig:\n destinationConnectionProfile: ${destinationConnectionProfile2.id}\n bigqueryDestinationConfig:\n dataFreshness: 900s\n singleTargetDataset:\n datasetId: ${postgres.id}\n backfillAll: {}\n destinationConnectionProfile2:\n type: gcp:datastream:ConnectionProfile\n name: destination_connection_profile2\n properties:\n displayName: Connection profile\n location: us-central1\n connectionProfileId: dest-profile\n bigqueryProfile: {}\n instance:\n type: gcp:sql:DatabaseInstance\n properties:\n name: instance-name\n databaseVersion: MYSQL_8_0\n region: us-central1\n settings:\n tier: db-f1-micro\n backupConfiguration:\n enabled: true\n binaryLogEnabled: true\n ipConfiguration:\n authorizedNetworks:\n - value: 34.71.242.81\n - value: 34.72.28.29\n - value: 34.67.6.157\n - value: 34.67.234.134\n - value: 34.72.239.218\n deletionProtection: false\n db:\n type: gcp:sql:Database\n properties:\n instance: ${instance.name}\n name: db\n pwd:\n type: random:RandomPassword\n properties:\n length: 16\n special: false\n user:\n type: gcp:sql:User\n properties:\n name: my-user\n instance: ${instance.name}\n host: '%'\n password: ${pwd.result}\n sourceConnectionProfile:\n type: gcp:datastream:ConnectionProfile\n name: source_connection_profile\n properties:\n displayName: Source connection profile\n location: us-central1\n connectionProfileId: source-profile\n mysqlProfile:\n hostname: ${instance.publicIpAddress}\n username: ${user.name}\n password: ${user.password}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Datastream Stream Bigquery\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as random from \"@pulumi/random\";\n\nconst project = gcp.organizations.getProject({});\nconst instance = new gcp.sql.DatabaseInstance(\"instance\", {\n name: \"my-instance\",\n databaseVersion: \"MYSQL_8_0\",\n region: \"us-central1\",\n settings: {\n tier: \"db-f1-micro\",\n backupConfiguration: {\n enabled: true,\n binaryLogEnabled: true,\n },\n ipConfiguration: {\n authorizedNetworks: [\n {\n value: \"34.71.242.81\",\n },\n {\n value: \"34.72.28.29\",\n },\n {\n value: \"34.67.6.157\",\n },\n {\n value: \"34.67.234.134\",\n },\n {\n value: \"34.72.239.218\",\n },\n ],\n },\n },\n deletionProtection: true,\n});\nconst db = new gcp.sql.Database(\"db\", {\n instance: instance.name,\n name: \"db\",\n});\nconst pwd = new random.RandomPassword(\"pwd\", {\n length: 16,\n special: false,\n});\nconst user = new gcp.sql.User(\"user\", {\n name: \"user\",\n instance: instance.name,\n host: \"%\",\n password: pwd.result,\n});\nconst sourceConnectionProfile = new gcp.datastream.ConnectionProfile(\"source_connection_profile\", {\n displayName: \"Source connection profile\",\n location: \"us-central1\",\n connectionProfileId: \"source-profile\",\n mysqlProfile: {\n hostname: instance.publicIpAddress,\n username: user.name,\n password: user.password,\n },\n});\nconst bqSa = gcp.bigquery.getDefaultServiceAccount({});\nconst bigqueryKeyUser = new gcp.kms.CryptoKeyIAMMember(\"bigquery_key_user\", {\n cryptoKeyId: \"bigquery-kms-name\",\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: bqSa.then(bqSa =\u003e `serviceAccount:${bqSa.email}`),\n});\nconst destinationConnectionProfile = new gcp.datastream.ConnectionProfile(\"destination_connection_profile\", {\n displayName: \"Connection profile\",\n location: \"us-central1\",\n connectionProfileId: \"destination-profile\",\n bigqueryProfile: {},\n});\nconst _default = new gcp.datastream.Stream(\"default\", {\n streamId: \"my-stream\",\n location: \"us-central1\",\n displayName: \"my stream\",\n sourceConfig: {\n sourceConnectionProfile: sourceConnectionProfile.id,\n mysqlSourceConfig: {},\n },\n destinationConfig: {\n destinationConnectionProfile: destinationConnectionProfile.id,\n bigqueryDestinationConfig: {\n sourceHierarchyDatasets: {\n datasetTemplate: {\n location: \"us-central1\",\n kmsKeyName: \"bigquery-kms-name\",\n },\n },\n },\n },\n backfillNone: {},\n}, {\n dependsOn: [bigqueryKeyUser],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_random as random\n\nproject = gcp.organizations.get_project()\ninstance = gcp.sql.DatabaseInstance(\"instance\",\n name=\"my-instance\",\n database_version=\"MYSQL_8_0\",\n region=\"us-central1\",\n settings={\n \"tier\": \"db-f1-micro\",\n \"backup_configuration\": {\n \"enabled\": True,\n \"binary_log_enabled\": True,\n },\n \"ip_configuration\": {\n \"authorized_networks\": [\n {\n \"value\": \"34.71.242.81\",\n },\n {\n \"value\": \"34.72.28.29\",\n },\n {\n \"value\": \"34.67.6.157\",\n },\n {\n \"value\": \"34.67.234.134\",\n },\n {\n \"value\": \"34.72.239.218\",\n },\n ],\n },\n },\n deletion_protection=True)\ndb = gcp.sql.Database(\"db\",\n instance=instance.name,\n name=\"db\")\npwd = random.RandomPassword(\"pwd\",\n length=16,\n special=False)\nuser = gcp.sql.User(\"user\",\n name=\"user\",\n instance=instance.name,\n host=\"%\",\n password=pwd.result)\nsource_connection_profile = gcp.datastream.ConnectionProfile(\"source_connection_profile\",\n display_name=\"Source connection profile\",\n location=\"us-central1\",\n connection_profile_id=\"source-profile\",\n mysql_profile={\n \"hostname\": instance.public_ip_address,\n \"username\": user.name,\n \"password\": user.password,\n })\nbq_sa = gcp.bigquery.get_default_service_account()\nbigquery_key_user = gcp.kms.CryptoKeyIAMMember(\"bigquery_key_user\",\n crypto_key_id=\"bigquery-kms-name\",\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:{bq_sa.email}\")\ndestination_connection_profile = gcp.datastream.ConnectionProfile(\"destination_connection_profile\",\n display_name=\"Connection profile\",\n location=\"us-central1\",\n connection_profile_id=\"destination-profile\",\n bigquery_profile={})\ndefault = gcp.datastream.Stream(\"default\",\n stream_id=\"my-stream\",\n location=\"us-central1\",\n display_name=\"my stream\",\n source_config={\n \"source_connection_profile\": source_connection_profile.id,\n \"mysql_source_config\": {},\n },\n destination_config={\n \"destination_connection_profile\": destination_connection_profile.id,\n \"bigquery_destination_config\": {\n \"source_hierarchy_datasets\": {\n \"dataset_template\": {\n \"location\": \"us-central1\",\n \"kms_key_name\": \"bigquery-kms-name\",\n },\n },\n },\n },\n backfill_none={},\n opts = pulumi.ResourceOptions(depends_on=[bigquery_key_user]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Random = Pulumi.Random;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var instance = new Gcp.Sql.DatabaseInstance(\"instance\", new()\n {\n Name = \"my-instance\",\n DatabaseVersion = \"MYSQL_8_0\",\n Region = \"us-central1\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n BackupConfiguration = new Gcp.Sql.Inputs.DatabaseInstanceSettingsBackupConfigurationArgs\n {\n Enabled = true,\n BinaryLogEnabled = true,\n },\n IpConfiguration = new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationArgs\n {\n AuthorizedNetworks = new[]\n {\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.71.242.81\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.72.28.29\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.67.6.157\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.67.234.134\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.72.239.218\",\n },\n },\n },\n },\n DeletionProtection = true,\n });\n\n var db = new Gcp.Sql.Database(\"db\", new()\n {\n Instance = instance.Name,\n Name = \"db\",\n });\n\n var pwd = new Random.RandomPassword(\"pwd\", new()\n {\n Length = 16,\n Special = false,\n });\n\n var user = new Gcp.Sql.User(\"user\", new()\n {\n Name = \"user\",\n Instance = instance.Name,\n Host = \"%\",\n Password = pwd.Result,\n });\n\n var sourceConnectionProfile = new Gcp.Datastream.ConnectionProfile(\"source_connection_profile\", new()\n {\n DisplayName = \"Source connection profile\",\n Location = \"us-central1\",\n ConnectionProfileId = \"source-profile\",\n MysqlProfile = new Gcp.Datastream.Inputs.ConnectionProfileMysqlProfileArgs\n {\n Hostname = instance.PublicIpAddress,\n Username = user.Name,\n Password = user.Password,\n },\n });\n\n var bqSa = Gcp.BigQuery.GetDefaultServiceAccount.Invoke();\n\n var bigqueryKeyUser = new Gcp.Kms.CryptoKeyIAMMember(\"bigquery_key_user\", new()\n {\n CryptoKeyId = \"bigquery-kms-name\",\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:{bqSa.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Email)}\",\n });\n\n var destinationConnectionProfile = new Gcp.Datastream.ConnectionProfile(\"destination_connection_profile\", new()\n {\n DisplayName = \"Connection profile\",\n Location = \"us-central1\",\n ConnectionProfileId = \"destination-profile\",\n BigqueryProfile = null,\n });\n\n var @default = new Gcp.Datastream.Stream(\"default\", new()\n {\n StreamId = \"my-stream\",\n Location = \"us-central1\",\n DisplayName = \"my stream\",\n SourceConfig = new Gcp.Datastream.Inputs.StreamSourceConfigArgs\n {\n SourceConnectionProfile = sourceConnectionProfile.Id,\n MysqlSourceConfig = null,\n },\n DestinationConfig = new Gcp.Datastream.Inputs.StreamDestinationConfigArgs\n {\n DestinationConnectionProfile = destinationConnectionProfile.Id,\n BigqueryDestinationConfig = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigArgs\n {\n SourceHierarchyDatasets = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs\n {\n DatasetTemplate = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs\n {\n Location = \"us-central1\",\n KmsKeyName = \"bigquery-kms-name\",\n },\n },\n },\n },\n BackfillNone = null,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n bigqueryKeyUser,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datastream\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi-random/sdk/v4/go/random\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstance, err := sql.NewDatabaseInstance(ctx, \"instance\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_8_0\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t\tBackupConfiguration: \u0026sql.DatabaseInstanceSettingsBackupConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tBinaryLogEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tIpConfiguration: \u0026sql.DatabaseInstanceSettingsIpConfigurationArgs{\n\t\t\t\t\tAuthorizedNetworks: sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArray{\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.71.242.81\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.72.28.29\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.67.6.157\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.67.234.134\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.72.239.218\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sql.NewDatabase(ctx, \"db\", \u0026sql.DatabaseArgs{\n\t\t\tInstance: instance.Name,\n\t\t\tName: pulumi.String(\"db\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpwd, err := random.NewRandomPassword(ctx, \"pwd\", \u0026random.RandomPasswordArgs{\n\t\t\tLength: pulumi.Int(16),\n\t\t\tSpecial: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := sql.NewUser(ctx, \"user\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"user\"),\n\t\t\tInstance: instance.Name,\n\t\t\tHost: pulumi.String(\"%\"),\n\t\t\tPassword: pwd.Result,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceConnectionProfile, err := datastream.NewConnectionProfile(ctx, \"source_connection_profile\", \u0026datastream.ConnectionProfileArgs{\n\t\t\tDisplayName: pulumi.String(\"Source connection profile\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"source-profile\"),\n\t\t\tMysqlProfile: \u0026datastream.ConnectionProfileMysqlProfileArgs{\n\t\t\t\tHostname: instance.PublicIpAddress,\n\t\t\t\tUsername: user.Name,\n\t\t\t\tPassword: user.Password,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbqSa, err := bigquery.GetDefaultServiceAccount(ctx, \u0026bigquery.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbigqueryKeyUser, err := kms.NewCryptoKeyIAMMember(ctx, \"bigquery_key_user\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.String(\"bigquery-kms-name\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v\", bqSa.Email),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestinationConnectionProfile, err := datastream.NewConnectionProfile(ctx, \"destination_connection_profile\", \u0026datastream.ConnectionProfileArgs{\n\t\t\tDisplayName: pulumi.String(\"Connection profile\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"destination-profile\"),\n\t\t\tBigqueryProfile: \u0026datastream.ConnectionProfileBigqueryProfileArgs{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datastream.NewStream(ctx, \"default\", \u0026datastream.StreamArgs{\n\t\t\tStreamId: pulumi.String(\"my-stream\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDisplayName: pulumi.String(\"my stream\"),\n\t\t\tSourceConfig: \u0026datastream.StreamSourceConfigArgs{\n\t\t\t\tSourceConnectionProfile: sourceConnectionProfile.ID(),\n\t\t\t\tMysqlSourceConfig: \u0026datastream.StreamSourceConfigMysqlSourceConfigArgs{},\n\t\t\t},\n\t\t\tDestinationConfig: \u0026datastream.StreamDestinationConfigArgs{\n\t\t\t\tDestinationConnectionProfile: destinationConnectionProfile.ID(),\n\t\t\t\tBigqueryDestinationConfig: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigArgs{\n\t\t\t\t\tSourceHierarchyDatasets: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs{\n\t\t\t\t\t\tDatasetTemplate: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs{\n\t\t\t\t\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\t\t\t\t\tKmsKeyName: pulumi.String(\"bigquery-kms-name\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tBackfillNone: \u0026datastream.StreamBackfillNoneArgs{},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tbigqueryKeyUser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsBackupConfigurationArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsIpConfigurationArgs;\nimport com.pulumi.gcp.sql.Database;\nimport com.pulumi.gcp.sql.DatabaseArgs;\nimport com.pulumi.random.RandomPassword;\nimport com.pulumi.random.RandomPasswordArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport com.pulumi.gcp.datastream.ConnectionProfile;\nimport com.pulumi.gcp.datastream.ConnectionProfileArgs;\nimport com.pulumi.gcp.datastream.inputs.ConnectionProfileMysqlProfileArgs;\nimport com.pulumi.gcp.bigquery.BigqueryFunctions;\nimport com.pulumi.gcp.bigquery.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.datastream.inputs.ConnectionProfileBigqueryProfileArgs;\nimport com.pulumi.gcp.datastream.Stream;\nimport com.pulumi.gcp.datastream.StreamArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigMysqlSourceConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamBackfillNoneArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var instance = new DatabaseInstance(\"instance\", DatabaseInstanceArgs.builder()\n .name(\"my-instance\")\n .databaseVersion(\"MYSQL_8_0\")\n .region(\"us-central1\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .backupConfiguration(DatabaseInstanceSettingsBackupConfigurationArgs.builder()\n .enabled(true)\n .binaryLogEnabled(true)\n .build())\n .ipConfiguration(DatabaseInstanceSettingsIpConfigurationArgs.builder()\n .authorizedNetworks( \n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.71.242.81\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.72.28.29\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.67.6.157\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.67.234.134\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.72.239.218\")\n .build())\n .build())\n .build())\n .deletionProtection(true)\n .build());\n\n var db = new Database(\"db\", DatabaseArgs.builder()\n .instance(instance.name())\n .name(\"db\")\n .build());\n\n var pwd = new RandomPassword(\"pwd\", RandomPasswordArgs.builder()\n .length(16)\n .special(false)\n .build());\n\n var user = new User(\"user\", UserArgs.builder()\n .name(\"user\")\n .instance(instance.name())\n .host(\"%\")\n .password(pwd.result())\n .build());\n\n var sourceConnectionProfile = new ConnectionProfile(\"sourceConnectionProfile\", ConnectionProfileArgs.builder()\n .displayName(\"Source connection profile\")\n .location(\"us-central1\")\n .connectionProfileId(\"source-profile\")\n .mysqlProfile(ConnectionProfileMysqlProfileArgs.builder()\n .hostname(instance.publicIpAddress())\n .username(user.name())\n .password(user.password())\n .build())\n .build());\n\n final var bqSa = BigqueryFunctions.getDefaultServiceAccount();\n\n var bigqueryKeyUser = new CryptoKeyIAMMember(\"bigqueryKeyUser\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(\"bigquery-kms-name\")\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:%s\", bqSa.applyValue(getDefaultServiceAccountResult -\u003e getDefaultServiceAccountResult.email())))\n .build());\n\n var destinationConnectionProfile = new ConnectionProfile(\"destinationConnectionProfile\", ConnectionProfileArgs.builder()\n .displayName(\"Connection profile\")\n .location(\"us-central1\")\n .connectionProfileId(\"destination-profile\")\n .bigqueryProfile()\n .build());\n\n var default_ = new Stream(\"default\", StreamArgs.builder()\n .streamId(\"my-stream\")\n .location(\"us-central1\")\n .displayName(\"my stream\")\n .sourceConfig(StreamSourceConfigArgs.builder()\n .sourceConnectionProfile(sourceConnectionProfile.id())\n .mysqlSourceConfig()\n .build())\n .destinationConfig(StreamDestinationConfigArgs.builder()\n .destinationConnectionProfile(destinationConnectionProfile.id())\n .bigqueryDestinationConfig(StreamDestinationConfigBigqueryDestinationConfigArgs.builder()\n .sourceHierarchyDatasets(StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs.builder()\n .datasetTemplate(StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs.builder()\n .location(\"us-central1\")\n .kmsKeyName(\"bigquery-kms-name\")\n .build())\n .build())\n .build())\n .build())\n .backfillNone()\n .build(), CustomResourceOptions.builder()\n .dependsOn(bigqueryKeyUser)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:sql:DatabaseInstance\n properties:\n name: my-instance\n databaseVersion: MYSQL_8_0\n region: us-central1\n settings:\n tier: db-f1-micro\n backupConfiguration:\n enabled: true\n binaryLogEnabled: true\n ipConfiguration:\n authorizedNetworks:\n - value: 34.71.242.81\n - value: 34.72.28.29\n - value: 34.67.6.157\n - value: 34.67.234.134\n - value: 34.72.239.218\n deletionProtection: true\n db:\n type: gcp:sql:Database\n properties:\n instance: ${instance.name}\n name: db\n pwd:\n type: random:RandomPassword\n properties:\n length: 16\n special: false\n user:\n type: gcp:sql:User\n properties:\n name: user\n instance: ${instance.name}\n host: '%'\n password: ${pwd.result}\n sourceConnectionProfile:\n type: gcp:datastream:ConnectionProfile\n name: source_connection_profile\n properties:\n displayName: Source connection profile\n location: us-central1\n connectionProfileId: source-profile\n mysqlProfile:\n hostname: ${instance.publicIpAddress}\n username: ${user.name}\n password: ${user.password}\n bigqueryKeyUser:\n type: gcp:kms:CryptoKeyIAMMember\n name: bigquery_key_user\n properties:\n cryptoKeyId: bigquery-kms-name\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:${bqSa.email}\n destinationConnectionProfile:\n type: gcp:datastream:ConnectionProfile\n name: destination_connection_profile\n properties:\n displayName: Connection profile\n location: us-central1\n connectionProfileId: destination-profile\n bigqueryProfile: {}\n default:\n type: gcp:datastream:Stream\n properties:\n streamId: my-stream\n location: us-central1\n displayName: my stream\n sourceConfig:\n sourceConnectionProfile: ${sourceConnectionProfile.id}\n mysqlSourceConfig: {}\n destinationConfig:\n destinationConnectionProfile: ${destinationConnectionProfile.id}\n bigqueryDestinationConfig:\n sourceHierarchyDatasets:\n datasetTemplate:\n location: us-central1\n kmsKeyName: bigquery-kms-name\n backfillNone: {}\n options:\n dependsOn:\n - ${bigqueryKeyUser}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n bqSa:\n fn::invoke:\n function: gcp:bigquery:getDefaultServiceAccount\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Datastream Stream Bigquery Append Only\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as random from \"@pulumi/random\";\n\nconst project = gcp.organizations.getProject({});\nconst instance = new gcp.sql.DatabaseInstance(\"instance\", {\n name: \"my-instance\",\n databaseVersion: \"MYSQL_8_0\",\n region: \"us-central1\",\n settings: {\n tier: \"db-f1-micro\",\n backupConfiguration: {\n enabled: true,\n binaryLogEnabled: true,\n },\n ipConfiguration: {\n authorizedNetworks: [\n {\n value: \"34.71.242.81\",\n },\n {\n value: \"34.72.28.29\",\n },\n {\n value: \"34.67.6.157\",\n },\n {\n value: \"34.67.234.134\",\n },\n {\n value: \"34.72.239.218\",\n },\n ],\n },\n },\n deletionProtection: true,\n});\nconst db = new gcp.sql.Database(\"db\", {\n instance: instance.name,\n name: \"db\",\n});\nconst pwd = new random.RandomPassword(\"pwd\", {\n length: 16,\n special: false,\n});\nconst user = new gcp.sql.User(\"user\", {\n name: \"user\",\n instance: instance.name,\n host: \"%\",\n password: pwd.result,\n});\nconst sourceConnectionProfile = new gcp.datastream.ConnectionProfile(\"source_connection_profile\", {\n displayName: \"Source connection profile\",\n location: \"us-central1\",\n connectionProfileId: \"source-profile\",\n mysqlProfile: {\n hostname: instance.publicIpAddress,\n username: user.name,\n password: user.password,\n },\n});\nconst destinationConnectionProfile = new gcp.datastream.ConnectionProfile(\"destination_connection_profile\", {\n displayName: \"Connection profile\",\n location: \"us-central1\",\n connectionProfileId: \"destination-profile\",\n bigqueryProfile: {},\n});\nconst _default = new gcp.datastream.Stream(\"default\", {\n streamId: \"my-stream\",\n location: \"us-central1\",\n displayName: \"my stream\",\n sourceConfig: {\n sourceConnectionProfile: sourceConnectionProfile.id,\n mysqlSourceConfig: {},\n },\n destinationConfig: {\n destinationConnectionProfile: destinationConnectionProfile.id,\n bigqueryDestinationConfig: {\n sourceHierarchyDatasets: {\n datasetTemplate: {\n location: \"us-central1\",\n },\n },\n appendOnly: {},\n },\n },\n backfillNone: {},\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_random as random\n\nproject = gcp.organizations.get_project()\ninstance = gcp.sql.DatabaseInstance(\"instance\",\n name=\"my-instance\",\n database_version=\"MYSQL_8_0\",\n region=\"us-central1\",\n settings={\n \"tier\": \"db-f1-micro\",\n \"backup_configuration\": {\n \"enabled\": True,\n \"binary_log_enabled\": True,\n },\n \"ip_configuration\": {\n \"authorized_networks\": [\n {\n \"value\": \"34.71.242.81\",\n },\n {\n \"value\": \"34.72.28.29\",\n },\n {\n \"value\": \"34.67.6.157\",\n },\n {\n \"value\": \"34.67.234.134\",\n },\n {\n \"value\": \"34.72.239.218\",\n },\n ],\n },\n },\n deletion_protection=True)\ndb = gcp.sql.Database(\"db\",\n instance=instance.name,\n name=\"db\")\npwd = random.RandomPassword(\"pwd\",\n length=16,\n special=False)\nuser = gcp.sql.User(\"user\",\n name=\"user\",\n instance=instance.name,\n host=\"%\",\n password=pwd.result)\nsource_connection_profile = gcp.datastream.ConnectionProfile(\"source_connection_profile\",\n display_name=\"Source connection profile\",\n location=\"us-central1\",\n connection_profile_id=\"source-profile\",\n mysql_profile={\n \"hostname\": instance.public_ip_address,\n \"username\": user.name,\n \"password\": user.password,\n })\ndestination_connection_profile = gcp.datastream.ConnectionProfile(\"destination_connection_profile\",\n display_name=\"Connection profile\",\n location=\"us-central1\",\n connection_profile_id=\"destination-profile\",\n bigquery_profile={})\ndefault = gcp.datastream.Stream(\"default\",\n stream_id=\"my-stream\",\n location=\"us-central1\",\n display_name=\"my stream\",\n source_config={\n \"source_connection_profile\": source_connection_profile.id,\n \"mysql_source_config\": {},\n },\n destination_config={\n \"destination_connection_profile\": destination_connection_profile.id,\n \"bigquery_destination_config\": {\n \"source_hierarchy_datasets\": {\n \"dataset_template\": {\n \"location\": \"us-central1\",\n },\n },\n \"append_only\": {},\n },\n },\n backfill_none={})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Random = Pulumi.Random;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var instance = new Gcp.Sql.DatabaseInstance(\"instance\", new()\n {\n Name = \"my-instance\",\n DatabaseVersion = \"MYSQL_8_0\",\n Region = \"us-central1\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n BackupConfiguration = new Gcp.Sql.Inputs.DatabaseInstanceSettingsBackupConfigurationArgs\n {\n Enabled = true,\n BinaryLogEnabled = true,\n },\n IpConfiguration = new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationArgs\n {\n AuthorizedNetworks = new[]\n {\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.71.242.81\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.72.28.29\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.67.6.157\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.67.234.134\",\n },\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs\n {\n Value = \"34.72.239.218\",\n },\n },\n },\n },\n DeletionProtection = true,\n });\n\n var db = new Gcp.Sql.Database(\"db\", new()\n {\n Instance = instance.Name,\n Name = \"db\",\n });\n\n var pwd = new Random.RandomPassword(\"pwd\", new()\n {\n Length = 16,\n Special = false,\n });\n\n var user = new Gcp.Sql.User(\"user\", new()\n {\n Name = \"user\",\n Instance = instance.Name,\n Host = \"%\",\n Password = pwd.Result,\n });\n\n var sourceConnectionProfile = new Gcp.Datastream.ConnectionProfile(\"source_connection_profile\", new()\n {\n DisplayName = \"Source connection profile\",\n Location = \"us-central1\",\n ConnectionProfileId = \"source-profile\",\n MysqlProfile = new Gcp.Datastream.Inputs.ConnectionProfileMysqlProfileArgs\n {\n Hostname = instance.PublicIpAddress,\n Username = user.Name,\n Password = user.Password,\n },\n });\n\n var destinationConnectionProfile = new Gcp.Datastream.ConnectionProfile(\"destination_connection_profile\", new()\n {\n DisplayName = \"Connection profile\",\n Location = \"us-central1\",\n ConnectionProfileId = \"destination-profile\",\n BigqueryProfile = null,\n });\n\n var @default = new Gcp.Datastream.Stream(\"default\", new()\n {\n StreamId = \"my-stream\",\n Location = \"us-central1\",\n DisplayName = \"my stream\",\n SourceConfig = new Gcp.Datastream.Inputs.StreamSourceConfigArgs\n {\n SourceConnectionProfile = sourceConnectionProfile.Id,\n MysqlSourceConfig = null,\n },\n DestinationConfig = new Gcp.Datastream.Inputs.StreamDestinationConfigArgs\n {\n DestinationConnectionProfile = destinationConnectionProfile.Id,\n BigqueryDestinationConfig = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigArgs\n {\n SourceHierarchyDatasets = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs\n {\n DatasetTemplate = new Gcp.Datastream.Inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs\n {\n Location = \"us-central1\",\n },\n },\n AppendOnly = null,\n },\n },\n BackfillNone = null,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datastream\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi-random/sdk/v4/go/random\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstance, err := sql.NewDatabaseInstance(ctx, \"instance\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_8_0\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t\tBackupConfiguration: \u0026sql.DatabaseInstanceSettingsBackupConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tBinaryLogEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tIpConfiguration: \u0026sql.DatabaseInstanceSettingsIpConfigurationArgs{\n\t\t\t\t\tAuthorizedNetworks: sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArray{\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.71.242.81\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.72.28.29\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.67.6.157\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.67.234.134\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"34.72.239.218\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sql.NewDatabase(ctx, \"db\", \u0026sql.DatabaseArgs{\n\t\t\tInstance: instance.Name,\n\t\t\tName: pulumi.String(\"db\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpwd, err := random.NewRandomPassword(ctx, \"pwd\", \u0026random.RandomPasswordArgs{\n\t\t\tLength: pulumi.Int(16),\n\t\t\tSpecial: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := sql.NewUser(ctx, \"user\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"user\"),\n\t\t\tInstance: instance.Name,\n\t\t\tHost: pulumi.String(\"%\"),\n\t\t\tPassword: pwd.Result,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceConnectionProfile, err := datastream.NewConnectionProfile(ctx, \"source_connection_profile\", \u0026datastream.ConnectionProfileArgs{\n\t\t\tDisplayName: pulumi.String(\"Source connection profile\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"source-profile\"),\n\t\t\tMysqlProfile: \u0026datastream.ConnectionProfileMysqlProfileArgs{\n\t\t\t\tHostname: instance.PublicIpAddress,\n\t\t\t\tUsername: user.Name,\n\t\t\t\tPassword: user.Password,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestinationConnectionProfile, err := datastream.NewConnectionProfile(ctx, \"destination_connection_profile\", \u0026datastream.ConnectionProfileArgs{\n\t\t\tDisplayName: pulumi.String(\"Connection profile\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionProfileId: pulumi.String(\"destination-profile\"),\n\t\t\tBigqueryProfile: \u0026datastream.ConnectionProfileBigqueryProfileArgs{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datastream.NewStream(ctx, \"default\", \u0026datastream.StreamArgs{\n\t\t\tStreamId: pulumi.String(\"my-stream\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDisplayName: pulumi.String(\"my stream\"),\n\t\t\tSourceConfig: \u0026datastream.StreamSourceConfigArgs{\n\t\t\t\tSourceConnectionProfile: sourceConnectionProfile.ID(),\n\t\t\t\tMysqlSourceConfig: \u0026datastream.StreamSourceConfigMysqlSourceConfigArgs{},\n\t\t\t},\n\t\t\tDestinationConfig: \u0026datastream.StreamDestinationConfigArgs{\n\t\t\t\tDestinationConnectionProfile: destinationConnectionProfile.ID(),\n\t\t\t\tBigqueryDestinationConfig: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigArgs{\n\t\t\t\t\tSourceHierarchyDatasets: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs{\n\t\t\t\t\t\tDatasetTemplate: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs{\n\t\t\t\t\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tAppendOnly: \u0026datastream.StreamDestinationConfigBigqueryDestinationConfigAppendOnlyArgs{},\n\t\t\t\t},\n\t\t\t},\n\t\t\tBackfillNone: \u0026datastream.StreamBackfillNoneArgs{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsBackupConfigurationArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsIpConfigurationArgs;\nimport com.pulumi.gcp.sql.Database;\nimport com.pulumi.gcp.sql.DatabaseArgs;\nimport com.pulumi.random.RandomPassword;\nimport com.pulumi.random.RandomPasswordArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport com.pulumi.gcp.datastream.ConnectionProfile;\nimport com.pulumi.gcp.datastream.ConnectionProfileArgs;\nimport com.pulumi.gcp.datastream.inputs.ConnectionProfileMysqlProfileArgs;\nimport com.pulumi.gcp.datastream.inputs.ConnectionProfileBigqueryProfileArgs;\nimport com.pulumi.gcp.datastream.Stream;\nimport com.pulumi.gcp.datastream.StreamArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamSourceConfigMysqlSourceConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamDestinationConfigBigqueryDestinationConfigAppendOnlyArgs;\nimport com.pulumi.gcp.datastream.inputs.StreamBackfillNoneArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var instance = new DatabaseInstance(\"instance\", DatabaseInstanceArgs.builder()\n .name(\"my-instance\")\n .databaseVersion(\"MYSQL_8_0\")\n .region(\"us-central1\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .backupConfiguration(DatabaseInstanceSettingsBackupConfigurationArgs.builder()\n .enabled(true)\n .binaryLogEnabled(true)\n .build())\n .ipConfiguration(DatabaseInstanceSettingsIpConfigurationArgs.builder()\n .authorizedNetworks( \n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.71.242.81\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.72.28.29\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.67.6.157\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.67.234.134\")\n .build(),\n DatabaseInstanceSettingsIpConfigurationAuthorizedNetworkArgs.builder()\n .value(\"34.72.239.218\")\n .build())\n .build())\n .build())\n .deletionProtection(true)\n .build());\n\n var db = new Database(\"db\", DatabaseArgs.builder()\n .instance(instance.name())\n .name(\"db\")\n .build());\n\n var pwd = new RandomPassword(\"pwd\", RandomPasswordArgs.builder()\n .length(16)\n .special(false)\n .build());\n\n var user = new User(\"user\", UserArgs.builder()\n .name(\"user\")\n .instance(instance.name())\n .host(\"%\")\n .password(pwd.result())\n .build());\n\n var sourceConnectionProfile = new ConnectionProfile(\"sourceConnectionProfile\", ConnectionProfileArgs.builder()\n .displayName(\"Source connection profile\")\n .location(\"us-central1\")\n .connectionProfileId(\"source-profile\")\n .mysqlProfile(ConnectionProfileMysqlProfileArgs.builder()\n .hostname(instance.publicIpAddress())\n .username(user.name())\n .password(user.password())\n .build())\n .build());\n\n var destinationConnectionProfile = new ConnectionProfile(\"destinationConnectionProfile\", ConnectionProfileArgs.builder()\n .displayName(\"Connection profile\")\n .location(\"us-central1\")\n .connectionProfileId(\"destination-profile\")\n .bigqueryProfile()\n .build());\n\n var default_ = new Stream(\"default\", StreamArgs.builder()\n .streamId(\"my-stream\")\n .location(\"us-central1\")\n .displayName(\"my stream\")\n .sourceConfig(StreamSourceConfigArgs.builder()\n .sourceConnectionProfile(sourceConnectionProfile.id())\n .mysqlSourceConfig()\n .build())\n .destinationConfig(StreamDestinationConfigArgs.builder()\n .destinationConnectionProfile(destinationConnectionProfile.id())\n .bigqueryDestinationConfig(StreamDestinationConfigBigqueryDestinationConfigArgs.builder()\n .sourceHierarchyDatasets(StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsArgs.builder()\n .datasetTemplate(StreamDestinationConfigBigqueryDestinationConfigSourceHierarchyDatasetsDatasetTemplateArgs.builder()\n .location(\"us-central1\")\n .build())\n .build())\n .appendOnly()\n .build())\n .build())\n .backfillNone()\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:sql:DatabaseInstance\n properties:\n name: my-instance\n databaseVersion: MYSQL_8_0\n region: us-central1\n settings:\n tier: db-f1-micro\n backupConfiguration:\n enabled: true\n binaryLogEnabled: true\n ipConfiguration:\n authorizedNetworks:\n - value: 34.71.242.81\n - value: 34.72.28.29\n - value: 34.67.6.157\n - value: 34.67.234.134\n - value: 34.72.239.218\n deletionProtection: true\n db:\n type: gcp:sql:Database\n properties:\n instance: ${instance.name}\n name: db\n pwd:\n type: random:RandomPassword\n properties:\n length: 16\n special: false\n user:\n type: gcp:sql:User\n properties:\n name: user\n instance: ${instance.name}\n host: '%'\n password: ${pwd.result}\n sourceConnectionProfile:\n type: gcp:datastream:ConnectionProfile\n name: source_connection_profile\n properties:\n displayName: Source connection profile\n location: us-central1\n connectionProfileId: source-profile\n mysqlProfile:\n hostname: ${instance.publicIpAddress}\n username: ${user.name}\n password: ${user.password}\n destinationConnectionProfile:\n type: gcp:datastream:ConnectionProfile\n name: destination_connection_profile\n properties:\n displayName: Connection profile\n location: us-central1\n connectionProfileId: destination-profile\n bigqueryProfile: {}\n default:\n type: gcp:datastream:Stream\n properties:\n streamId: my-stream\n location: us-central1\n displayName: my stream\n sourceConfig:\n sourceConnectionProfile: ${sourceConnectionProfile.id}\n mysqlSourceConfig: {}\n destinationConfig:\n destinationConnectionProfile: ${destinationConnectionProfile.id}\n bigqueryDestinationConfig:\n sourceHierarchyDatasets:\n datasetTemplate:\n location: us-central1\n appendOnly: {}\n backfillNone: {}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nStream can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/streams/{{stream_id}}`\n\n* `{{project}}/{{location}}/{{stream_id}}`\n\n* `{{location}}/{{stream_id}}`\n\nWhen using the `pulumi import` command, Stream can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:datastream/stream:Stream default projects/{{project}}/locations/{{location}}/streams/{{stream_id}}\n```\n\n```sh\n$ pulumi import gcp:datastream/stream:Stream default {{project}}/{{location}}/{{stream_id}}\n```\n\n```sh\n$ pulumi import gcp:datastream/stream:Stream default {{location}}/{{stream_id}}\n```\n\n", "properties": { "backfillAll": { "$ref": "#/types/gcp:datastream/StreamBackfillAll:StreamBackfillAll", @@ -203941,7 +203941,7 @@ } }, "gcp:deploymentmanager/deployment:Deployment": { - "description": "A collection of resources that are deployed and managed together using\na configuration file\n\n\n\n\u003e **Warning:** This resource is intended only to manage a Deployment resource,\nand attempts to manage the Deployment's resources in the provider as well\nwill likely result in errors or unexpected behavior as the two tools\nfight over ownership. We strongly discourage doing so unless you are an\nexperienced user of both tools.\n\nIn addition, due to limitations of the API, the provider will treat\ndeployments in preview as recreate-only for any update operation other\nthan actually deploying an in-preview deployment (i.e. `preview=true` to\n`preview=false`).\n\n## Example Usage\n\n### Deployment Manager Deployment Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst deployment = new gcp.deploymentmanager.Deployment(\"deployment\", {\n name: \"my-deployment\",\n target: {\n config: {\n content: std.file({\n input: \"path/to/config.yml\",\n }).then(invoke =\u003e invoke.result),\n },\n },\n labels: [{\n key: \"foo\",\n value: \"bar\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndeployment = gcp.deploymentmanager.Deployment(\"deployment\",\n name=\"my-deployment\",\n target={\n \"config\": {\n \"content\": std.file(input=\"path/to/config.yml\").result,\n },\n },\n labels=[{\n \"key\": \"foo\",\n \"value\": \"bar\",\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var deployment = new Gcp.DeploymentManager.Deployment(\"deployment\", new()\n {\n Name = \"my-deployment\",\n Target = new Gcp.DeploymentManager.Inputs.DeploymentTargetArgs\n {\n Config = new Gcp.DeploymentManager.Inputs.DeploymentTargetConfigArgs\n {\n Content = Std.File.Invoke(new()\n {\n Input = \"path/to/config.yml\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n Labels = new[]\n {\n new Gcp.DeploymentManager.Inputs.DeploymentLabelArgs\n {\n Key = \"foo\",\n Value = \"bar\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/deploymentmanager\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"path/to/config.yml\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = deploymentmanager.NewDeployment(ctx, \"deployment\", \u0026deploymentmanager.DeploymentArgs{\n\t\t\tName: pulumi.String(\"my-deployment\"),\n\t\t\tTarget: \u0026deploymentmanager.DeploymentTargetArgs{\n\t\t\t\tConfig: \u0026deploymentmanager.DeploymentTargetConfigArgs{\n\t\t\t\t\tContent: pulumi.String(invokeFile.Result),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLabels: deploymentmanager.DeploymentLabelArray{\n\t\t\t\t\u0026deploymentmanager.DeploymentLabelArgs{\n\t\t\t\t\tKey: pulumi.String(\"foo\"),\n\t\t\t\t\tValue: pulumi.String(\"bar\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.deploymentmanager.Deployment;\nimport com.pulumi.gcp.deploymentmanager.DeploymentArgs;\nimport com.pulumi.gcp.deploymentmanager.inputs.DeploymentTargetArgs;\nimport com.pulumi.gcp.deploymentmanager.inputs.DeploymentTargetConfigArgs;\nimport com.pulumi.gcp.deploymentmanager.inputs.DeploymentLabelArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var deployment = new Deployment(\"deployment\", DeploymentArgs.builder()\n .name(\"my-deployment\")\n .target(DeploymentTargetArgs.builder()\n .config(DeploymentTargetConfigArgs.builder()\n .content(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/config.yml\")\n .build()).result())\n .build())\n .build())\n .labels(DeploymentLabelArgs.builder()\n .key(\"foo\")\n .value(\"bar\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n deployment:\n type: gcp:deploymentmanager:Deployment\n properties:\n name: my-deployment\n target:\n config:\n content:\n fn::invoke:\n Function: std:file\n Arguments:\n input: path/to/config.yml\n Return: result\n labels:\n - key: foo\n value: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## Import\n\nDeployment can be imported using any of these accepted formats:\n\n* `projects/{{project}}/deployments/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Deployment can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:deploymentmanager/deployment:Deployment default projects/{{project}}/deployments/{{name}}\n```\n\n```sh\n$ pulumi import gcp:deploymentmanager/deployment:Deployment default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:deploymentmanager/deployment:Deployment default {{name}}\n```\n\n", + "description": "A collection of resources that are deployed and managed together using\na configuration file\n\n\n\n\u003e **Warning:** This resource is intended only to manage a Deployment resource,\nand attempts to manage the Deployment's resources in the provider as well\nwill likely result in errors or unexpected behavior as the two tools\nfight over ownership. We strongly discourage doing so unless you are an\nexperienced user of both tools.\n\nIn addition, due to limitations of the API, the provider will treat\ndeployments in preview as recreate-only for any update operation other\nthan actually deploying an in-preview deployment (i.e. `preview=true` to\n`preview=false`).\n\n## Example Usage\n\n### Deployment Manager Deployment Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst deployment = new gcp.deploymentmanager.Deployment(\"deployment\", {\n name: \"my-deployment\",\n target: {\n config: {\n content: std.file({\n input: \"path/to/config.yml\",\n }).then(invoke =\u003e invoke.result),\n },\n },\n labels: [{\n key: \"foo\",\n value: \"bar\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndeployment = gcp.deploymentmanager.Deployment(\"deployment\",\n name=\"my-deployment\",\n target={\n \"config\": {\n \"content\": std.file(input=\"path/to/config.yml\").result,\n },\n },\n labels=[{\n \"key\": \"foo\",\n \"value\": \"bar\",\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var deployment = new Gcp.DeploymentManager.Deployment(\"deployment\", new()\n {\n Name = \"my-deployment\",\n Target = new Gcp.DeploymentManager.Inputs.DeploymentTargetArgs\n {\n Config = new Gcp.DeploymentManager.Inputs.DeploymentTargetConfigArgs\n {\n Content = Std.File.Invoke(new()\n {\n Input = \"path/to/config.yml\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n Labels = new[]\n {\n new Gcp.DeploymentManager.Inputs.DeploymentLabelArgs\n {\n Key = \"foo\",\n Value = \"bar\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/deploymentmanager\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"path/to/config.yml\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = deploymentmanager.NewDeployment(ctx, \"deployment\", \u0026deploymentmanager.DeploymentArgs{\n\t\t\tName: pulumi.String(\"my-deployment\"),\n\t\t\tTarget: \u0026deploymentmanager.DeploymentTargetArgs{\n\t\t\t\tConfig: \u0026deploymentmanager.DeploymentTargetConfigArgs{\n\t\t\t\t\tContent: pulumi.String(invokeFile.Result),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLabels: deploymentmanager.DeploymentLabelArray{\n\t\t\t\t\u0026deploymentmanager.DeploymentLabelArgs{\n\t\t\t\t\tKey: pulumi.String(\"foo\"),\n\t\t\t\t\tValue: pulumi.String(\"bar\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.deploymentmanager.Deployment;\nimport com.pulumi.gcp.deploymentmanager.DeploymentArgs;\nimport com.pulumi.gcp.deploymentmanager.inputs.DeploymentTargetArgs;\nimport com.pulumi.gcp.deploymentmanager.inputs.DeploymentTargetConfigArgs;\nimport com.pulumi.gcp.deploymentmanager.inputs.DeploymentLabelArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var deployment = new Deployment(\"deployment\", DeploymentArgs.builder()\n .name(\"my-deployment\")\n .target(DeploymentTargetArgs.builder()\n .config(DeploymentTargetConfigArgs.builder()\n .content(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/config.yml\")\n .build()).result())\n .build())\n .build())\n .labels(DeploymentLabelArgs.builder()\n .key(\"foo\")\n .value(\"bar\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n deployment:\n type: gcp:deploymentmanager:Deployment\n properties:\n name: my-deployment\n target:\n config:\n content:\n fn::invoke:\n function: std:file\n arguments:\n input: path/to/config.yml\n return: result\n labels:\n - key: foo\n value: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## Import\n\nDeployment can be imported using any of these accepted formats:\n\n* `projects/{{project}}/deployments/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Deployment can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:deploymentmanager/deployment:Deployment default projects/{{project}}/deployments/{{name}}\n```\n\n```sh\n$ pulumi import gcp:deploymentmanager/deployment:Deployment default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:deploymentmanager/deployment:Deployment default {{name}}\n```\n\n", "properties": { "createPolicy": { "type": "string", @@ -204096,7 +204096,7 @@ } }, "gcp:developerconnect/connection:Connection": { - "description": "## Example Usage\n\n### Developer Connect Connection Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_connection = new gcp.developerconnect.Connection(\"my-connection\", {\n location: \"us-central1\",\n connectionId: \"tf-test-connection\",\n githubConfig: {\n githubApp: \"DEVELOPER_CONNECT\",\n authorizerCredential: {\n oauthTokenSecretVersion: \"projects/devconnect-terraform-creds/secrets/tf-test-do-not-change-github-oauthtoken-e0b9e7/versions/1\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_connection = gcp.developerconnect.Connection(\"my-connection\",\n location=\"us-central1\",\n connection_id=\"tf-test-connection\",\n github_config={\n \"github_app\": \"DEVELOPER_CONNECT\",\n \"authorizer_credential\": {\n \"oauth_token_secret_version\": \"projects/devconnect-terraform-creds/secrets/tf-test-do-not-change-github-oauthtoken-e0b9e7/versions/1\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_connection = new Gcp.DeveloperConnect.Connection(\"my-connection\", new()\n {\n Location = \"us-central1\",\n ConnectionId = \"tf-test-connection\",\n GithubConfig = new Gcp.DeveloperConnect.Inputs.ConnectionGithubConfigArgs\n {\n GithubApp = \"DEVELOPER_CONNECT\",\n AuthorizerCredential = new Gcp.DeveloperConnect.Inputs.ConnectionGithubConfigAuthorizerCredentialArgs\n {\n OauthTokenSecretVersion = \"projects/devconnect-terraform-creds/secrets/tf-test-do-not-change-github-oauthtoken-e0b9e7/versions/1\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/developerconnect\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := developerconnect.NewConnection(ctx, \"my-connection\", \u0026developerconnect.ConnectionArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionId: pulumi.String(\"tf-test-connection\"),\n\t\t\tGithubConfig: \u0026developerconnect.ConnectionGithubConfigArgs{\n\t\t\t\tGithubApp: pulumi.String(\"DEVELOPER_CONNECT\"),\n\t\t\t\tAuthorizerCredential: \u0026developerconnect.ConnectionGithubConfigAuthorizerCredentialArgs{\n\t\t\t\t\tOauthTokenSecretVersion: pulumi.String(\"projects/devconnect-terraform-creds/secrets/tf-test-do-not-change-github-oauthtoken-e0b9e7/versions/1\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.developerconnect.Connection;\nimport com.pulumi.gcp.developerconnect.ConnectionArgs;\nimport com.pulumi.gcp.developerconnect.inputs.ConnectionGithubConfigArgs;\nimport com.pulumi.gcp.developerconnect.inputs.ConnectionGithubConfigAuthorizerCredentialArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_connection = new Connection(\"my-connection\", ConnectionArgs.builder()\n .location(\"us-central1\")\n .connectionId(\"tf-test-connection\")\n .githubConfig(ConnectionGithubConfigArgs.builder()\n .githubApp(\"DEVELOPER_CONNECT\")\n .authorizerCredential(ConnectionGithubConfigAuthorizerCredentialArgs.builder()\n .oauthTokenSecretVersion(\"projects/devconnect-terraform-creds/secrets/tf-test-do-not-change-github-oauthtoken-e0b9e7/versions/1\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-connection:\n type: gcp:developerconnect:Connection\n properties:\n location: us-central1\n connectionId: tf-test-connection\n githubConfig:\n githubApp: DEVELOPER_CONNECT\n authorizerCredential:\n oauthTokenSecretVersion: projects/devconnect-terraform-creds/secrets/tf-test-do-not-change-github-oauthtoken-e0b9e7/versions/1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Developer Connect Connection Github Doc\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst github_token_secret = new gcp.secretmanager.Secret(\"github-token-secret\", {\n secretId: \"github-token-secret\",\n replication: {\n auto: {},\n },\n});\nconst github_token_secret_version = new gcp.secretmanager.SecretVersion(\"github-token-secret-version\", {\n secret: github_token_secret.id,\n secretData: std.file({\n input: \"my-github-token.txt\",\n }).then(invoke =\u003e invoke.result),\n});\nconst p4sa-secretAccessor = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"serviceAccount:service-123456789@gcp-sa-devconnect.iam.gserviceaccount.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n secretId: github_token_secret.secretId,\n policyData: p4sa_secretAccessor.then(p4sa_secretAccessor =\u003e p4sa_secretAccessor.policyData),\n});\nconst my_connection = new gcp.developerconnect.Connection(\"my-connection\", {\n location: \"us-central1\",\n connectionId: \"my-connection\",\n githubConfig: {\n githubApp: \"DEVELOPER_CONNECT\",\n appInstallationId: \"123123\",\n authorizerCredential: {\n oauthTokenSecretVersion: github_token_secret_version.id,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ngithub_token_secret = gcp.secretmanager.Secret(\"github-token-secret\",\n secret_id=\"github-token-secret\",\n replication={\n \"auto\": {},\n })\ngithub_token_secret_version = gcp.secretmanager.SecretVersion(\"github-token-secret-version\",\n secret=github_token_secret.id,\n secret_data=std.file(input=\"my-github-token.txt\").result)\np4sa_secret_accessor = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"serviceAccount:service-123456789@gcp-sa-devconnect.iam.gserviceaccount.com\"],\n}])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n secret_id=github_token_secret.secret_id,\n policy_data=p4sa_secret_accessor.policy_data)\nmy_connection = gcp.developerconnect.Connection(\"my-connection\",\n location=\"us-central1\",\n connection_id=\"my-connection\",\n github_config={\n \"github_app\": \"DEVELOPER_CONNECT\",\n \"app_installation_id\": \"123123\",\n \"authorizer_credential\": {\n \"oauth_token_secret_version\": github_token_secret_version.id,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var github_token_secret = new Gcp.SecretManager.Secret(\"github-token-secret\", new()\n {\n SecretId = \"github-token-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var github_token_secret_version = new Gcp.SecretManager.SecretVersion(\"github-token-secret-version\", new()\n {\n Secret = github_token_secret.Id,\n SecretData = Std.File.Invoke(new()\n {\n Input = \"my-github-token.txt\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n var p4sa_secretAccessor = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"serviceAccount:service-123456789@gcp-sa-devconnect.iam.gserviceaccount.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n SecretId = github_token_secret.SecretId,\n PolicyData = p4sa_secretAccessor.Apply(p4sa_secretAccessor =\u003e p4sa_secretAccessor.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData)),\n });\n\n var my_connection = new Gcp.DeveloperConnect.Connection(\"my-connection\", new()\n {\n Location = \"us-central1\",\n ConnectionId = \"my-connection\",\n GithubConfig = new Gcp.DeveloperConnect.Inputs.ConnectionGithubConfigArgs\n {\n GithubApp = \"DEVELOPER_CONNECT\",\n AppInstallationId = \"123123\",\n AuthorizerCredential = new Gcp.DeveloperConnect.Inputs.ConnectionGithubConfigAuthorizerCredentialArgs\n {\n OauthTokenSecretVersion = github_token_secret_version.Id,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/developerconnect\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecret(ctx, \"github-token-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"github-token-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"my-github-token.txt\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"github-token-secret-version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: github_token_secret.ID(),\n\t\t\tSecretData: pulumi.String(invokeFile.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tp4sa_secretAccessor, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"serviceAccount:service-123456789@gcp-sa-devconnect.iam.gserviceaccount.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tSecretId: github_token_secret.SecretId,\n\t\t\tPolicyData: pulumi.String(p4sa_secretAccessor.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = developerconnect.NewConnection(ctx, \"my-connection\", \u0026developerconnect.ConnectionArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionId: pulumi.String(\"my-connection\"),\n\t\t\tGithubConfig: \u0026developerconnect.ConnectionGithubConfigArgs{\n\t\t\t\tGithubApp: pulumi.String(\"DEVELOPER_CONNECT\"),\n\t\t\t\tAppInstallationId: pulumi.String(\"123123\"),\n\t\t\t\tAuthorizerCredential: \u0026developerconnect.ConnectionGithubConfigAuthorizerCredentialArgs{\n\t\t\t\t\tOauthTokenSecretVersion: github_token_secret_version.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport com.pulumi.gcp.developerconnect.Connection;\nimport com.pulumi.gcp.developerconnect.ConnectionArgs;\nimport com.pulumi.gcp.developerconnect.inputs.ConnectionGithubConfigArgs;\nimport com.pulumi.gcp.developerconnect.inputs.ConnectionGithubConfigAuthorizerCredentialArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var github_token_secret = new Secret(\"github-token-secret\", SecretArgs.builder()\n .secretId(\"github-token-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var github_token_secret_version = new SecretVersion(\"github-token-secret-version\", SecretVersionArgs.builder()\n .secret(github_token_secret.id())\n .secretData(StdFunctions.file(FileArgs.builder()\n .input(\"my-github-token.txt\")\n .build()).result())\n .build());\n\n final var p4sa-secretAccessor = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"serviceAccount:service-123456789@gcp-sa-devconnect.iam.gserviceaccount.com\")\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder()\n .secretId(github_token_secret.secretId())\n .policyData(p4sa_secretAccessor.policyData())\n .build());\n\n var my_connection = new Connection(\"my-connection\", ConnectionArgs.builder()\n .location(\"us-central1\")\n .connectionId(\"my-connection\")\n .githubConfig(ConnectionGithubConfigArgs.builder()\n .githubApp(\"DEVELOPER_CONNECT\")\n .appInstallationId(123123)\n .authorizerCredential(ConnectionGithubConfigAuthorizerCredentialArgs.builder()\n .oauthTokenSecretVersion(github_token_secret_version.id())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n github-token-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: github-token-secret\n replication:\n auto: {}\n github-token-secret-version:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${[\"github-token-secret\"].id}\n secretData:\n fn::invoke:\n Function: std:file\n Arguments:\n input: my-github-token.txt\n Return: result\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n secretId: ${[\"github-token-secret\"].secretId}\n policyData: ${[\"p4sa-secretAccessor\"].policyData}\n my-connection:\n type: gcp:developerconnect:Connection\n properties:\n location: us-central1\n connectionId: my-connection\n githubConfig:\n githubApp: DEVELOPER_CONNECT\n appInstallationId: 123123\n authorizerCredential:\n oauthTokenSecretVersion: ${[\"github-token-secret-version\"].id}\nvariables:\n p4sa-secretAccessor:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - serviceAccount:service-123456789@gcp-sa-devconnect.iam.gserviceaccount.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nConnection can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/connections/{{connection_id}}`\n\n* `{{project}}/{{location}}/{{connection_id}}`\n\n* `{{location}}/{{connection_id}}`\n\nWhen using the `pulumi import` command, Connection can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:developerconnect/connection:Connection default projects/{{project}}/locations/{{location}}/connections/{{connection_id}}\n```\n\n```sh\n$ pulumi import gcp:developerconnect/connection:Connection default {{project}}/{{location}}/{{connection_id}}\n```\n\n```sh\n$ pulumi import gcp:developerconnect/connection:Connection default {{location}}/{{connection_id}}\n```\n\n", + "description": "## Example Usage\n\n### Developer Connect Connection Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_connection = new gcp.developerconnect.Connection(\"my-connection\", {\n location: \"us-central1\",\n connectionId: \"tf-test-connection\",\n githubConfig: {\n githubApp: \"DEVELOPER_CONNECT\",\n authorizerCredential: {\n oauthTokenSecretVersion: \"projects/devconnect-terraform-creds/secrets/tf-test-do-not-change-github-oauthtoken-e0b9e7/versions/1\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_connection = gcp.developerconnect.Connection(\"my-connection\",\n location=\"us-central1\",\n connection_id=\"tf-test-connection\",\n github_config={\n \"github_app\": \"DEVELOPER_CONNECT\",\n \"authorizer_credential\": {\n \"oauth_token_secret_version\": \"projects/devconnect-terraform-creds/secrets/tf-test-do-not-change-github-oauthtoken-e0b9e7/versions/1\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_connection = new Gcp.DeveloperConnect.Connection(\"my-connection\", new()\n {\n Location = \"us-central1\",\n ConnectionId = \"tf-test-connection\",\n GithubConfig = new Gcp.DeveloperConnect.Inputs.ConnectionGithubConfigArgs\n {\n GithubApp = \"DEVELOPER_CONNECT\",\n AuthorizerCredential = new Gcp.DeveloperConnect.Inputs.ConnectionGithubConfigAuthorizerCredentialArgs\n {\n OauthTokenSecretVersion = \"projects/devconnect-terraform-creds/secrets/tf-test-do-not-change-github-oauthtoken-e0b9e7/versions/1\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/developerconnect\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := developerconnect.NewConnection(ctx, \"my-connection\", \u0026developerconnect.ConnectionArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionId: pulumi.String(\"tf-test-connection\"),\n\t\t\tGithubConfig: \u0026developerconnect.ConnectionGithubConfigArgs{\n\t\t\t\tGithubApp: pulumi.String(\"DEVELOPER_CONNECT\"),\n\t\t\t\tAuthorizerCredential: \u0026developerconnect.ConnectionGithubConfigAuthorizerCredentialArgs{\n\t\t\t\t\tOauthTokenSecretVersion: pulumi.String(\"projects/devconnect-terraform-creds/secrets/tf-test-do-not-change-github-oauthtoken-e0b9e7/versions/1\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.developerconnect.Connection;\nimport com.pulumi.gcp.developerconnect.ConnectionArgs;\nimport com.pulumi.gcp.developerconnect.inputs.ConnectionGithubConfigArgs;\nimport com.pulumi.gcp.developerconnect.inputs.ConnectionGithubConfigAuthorizerCredentialArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_connection = new Connection(\"my-connection\", ConnectionArgs.builder()\n .location(\"us-central1\")\n .connectionId(\"tf-test-connection\")\n .githubConfig(ConnectionGithubConfigArgs.builder()\n .githubApp(\"DEVELOPER_CONNECT\")\n .authorizerCredential(ConnectionGithubConfigAuthorizerCredentialArgs.builder()\n .oauthTokenSecretVersion(\"projects/devconnect-terraform-creds/secrets/tf-test-do-not-change-github-oauthtoken-e0b9e7/versions/1\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-connection:\n type: gcp:developerconnect:Connection\n properties:\n location: us-central1\n connectionId: tf-test-connection\n githubConfig:\n githubApp: DEVELOPER_CONNECT\n authorizerCredential:\n oauthTokenSecretVersion: projects/devconnect-terraform-creds/secrets/tf-test-do-not-change-github-oauthtoken-e0b9e7/versions/1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Developer Connect Connection Github Doc\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst github_token_secret = new gcp.secretmanager.Secret(\"github-token-secret\", {\n secretId: \"github-token-secret\",\n replication: {\n auto: {},\n },\n});\nconst github_token_secret_version = new gcp.secretmanager.SecretVersion(\"github-token-secret-version\", {\n secret: github_token_secret.id,\n secretData: std.file({\n input: \"my-github-token.txt\",\n }).then(invoke =\u003e invoke.result),\n});\nconst p4sa-secretAccessor = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"serviceAccount:service-123456789@gcp-sa-devconnect.iam.gserviceaccount.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n secretId: github_token_secret.secretId,\n policyData: p4sa_secretAccessor.then(p4sa_secretAccessor =\u003e p4sa_secretAccessor.policyData),\n});\nconst my_connection = new gcp.developerconnect.Connection(\"my-connection\", {\n location: \"us-central1\",\n connectionId: \"my-connection\",\n githubConfig: {\n githubApp: \"DEVELOPER_CONNECT\",\n appInstallationId: \"123123\",\n authorizerCredential: {\n oauthTokenSecretVersion: github_token_secret_version.id,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ngithub_token_secret = gcp.secretmanager.Secret(\"github-token-secret\",\n secret_id=\"github-token-secret\",\n replication={\n \"auto\": {},\n })\ngithub_token_secret_version = gcp.secretmanager.SecretVersion(\"github-token-secret-version\",\n secret=github_token_secret.id,\n secret_data=std.file(input=\"my-github-token.txt\").result)\np4sa_secret_accessor = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"serviceAccount:service-123456789@gcp-sa-devconnect.iam.gserviceaccount.com\"],\n}])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n secret_id=github_token_secret.secret_id,\n policy_data=p4sa_secret_accessor.policy_data)\nmy_connection = gcp.developerconnect.Connection(\"my-connection\",\n location=\"us-central1\",\n connection_id=\"my-connection\",\n github_config={\n \"github_app\": \"DEVELOPER_CONNECT\",\n \"app_installation_id\": \"123123\",\n \"authorizer_credential\": {\n \"oauth_token_secret_version\": github_token_secret_version.id,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var github_token_secret = new Gcp.SecretManager.Secret(\"github-token-secret\", new()\n {\n SecretId = \"github-token-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var github_token_secret_version = new Gcp.SecretManager.SecretVersion(\"github-token-secret-version\", new()\n {\n Secret = github_token_secret.Id,\n SecretData = Std.File.Invoke(new()\n {\n Input = \"my-github-token.txt\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n var p4sa_secretAccessor = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"serviceAccount:service-123456789@gcp-sa-devconnect.iam.gserviceaccount.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n SecretId = github_token_secret.SecretId,\n PolicyData = p4sa_secretAccessor.Apply(p4sa_secretAccessor =\u003e p4sa_secretAccessor.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData)),\n });\n\n var my_connection = new Gcp.DeveloperConnect.Connection(\"my-connection\", new()\n {\n Location = \"us-central1\",\n ConnectionId = \"my-connection\",\n GithubConfig = new Gcp.DeveloperConnect.Inputs.ConnectionGithubConfigArgs\n {\n GithubApp = \"DEVELOPER_CONNECT\",\n AppInstallationId = \"123123\",\n AuthorizerCredential = new Gcp.DeveloperConnect.Inputs.ConnectionGithubConfigAuthorizerCredentialArgs\n {\n OauthTokenSecretVersion = github_token_secret_version.Id,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/developerconnect\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecret(ctx, \"github-token-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"github-token-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"my-github-token.txt\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"github-token-secret-version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: github_token_secret.ID(),\n\t\t\tSecretData: pulumi.String(invokeFile.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tp4sa_secretAccessor, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"serviceAccount:service-123456789@gcp-sa-devconnect.iam.gserviceaccount.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tSecretId: github_token_secret.SecretId,\n\t\t\tPolicyData: pulumi.String(p4sa_secretAccessor.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = developerconnect.NewConnection(ctx, \"my-connection\", \u0026developerconnect.ConnectionArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectionId: pulumi.String(\"my-connection\"),\n\t\t\tGithubConfig: \u0026developerconnect.ConnectionGithubConfigArgs{\n\t\t\t\tGithubApp: pulumi.String(\"DEVELOPER_CONNECT\"),\n\t\t\t\tAppInstallationId: pulumi.String(\"123123\"),\n\t\t\t\tAuthorizerCredential: \u0026developerconnect.ConnectionGithubConfigAuthorizerCredentialArgs{\n\t\t\t\t\tOauthTokenSecretVersion: github_token_secret_version.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport com.pulumi.gcp.developerconnect.Connection;\nimport com.pulumi.gcp.developerconnect.ConnectionArgs;\nimport com.pulumi.gcp.developerconnect.inputs.ConnectionGithubConfigArgs;\nimport com.pulumi.gcp.developerconnect.inputs.ConnectionGithubConfigAuthorizerCredentialArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var github_token_secret = new Secret(\"github-token-secret\", SecretArgs.builder()\n .secretId(\"github-token-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var github_token_secret_version = new SecretVersion(\"github-token-secret-version\", SecretVersionArgs.builder()\n .secret(github_token_secret.id())\n .secretData(StdFunctions.file(FileArgs.builder()\n .input(\"my-github-token.txt\")\n .build()).result())\n .build());\n\n final var p4sa-secretAccessor = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"serviceAccount:service-123456789@gcp-sa-devconnect.iam.gserviceaccount.com\")\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder()\n .secretId(github_token_secret.secretId())\n .policyData(p4sa_secretAccessor.policyData())\n .build());\n\n var my_connection = new Connection(\"my-connection\", ConnectionArgs.builder()\n .location(\"us-central1\")\n .connectionId(\"my-connection\")\n .githubConfig(ConnectionGithubConfigArgs.builder()\n .githubApp(\"DEVELOPER_CONNECT\")\n .appInstallationId(123123)\n .authorizerCredential(ConnectionGithubConfigAuthorizerCredentialArgs.builder()\n .oauthTokenSecretVersion(github_token_secret_version.id())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n github-token-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: github-token-secret\n replication:\n auto: {}\n github-token-secret-version:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${[\"github-token-secret\"].id}\n secretData:\n fn::invoke:\n function: std:file\n arguments:\n input: my-github-token.txt\n return: result\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n secretId: ${[\"github-token-secret\"].secretId}\n policyData: ${[\"p4sa-secretAccessor\"].policyData}\n my-connection:\n type: gcp:developerconnect:Connection\n properties:\n location: us-central1\n connectionId: my-connection\n githubConfig:\n githubApp: DEVELOPER_CONNECT\n appInstallationId: 123123\n authorizerCredential:\n oauthTokenSecretVersion: ${[\"github-token-secret-version\"].id}\nvariables:\n p4sa-secretAccessor:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - serviceAccount:service-123456789@gcp-sa-devconnect.iam.gserviceaccount.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nConnection can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/connections/{{connection_id}}`\n\n* `{{project}}/{{location}}/{{connection_id}}`\n\n* `{{location}}/{{connection_id}}`\n\nWhen using the `pulumi import` command, Connection can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:developerconnect/connection:Connection default projects/{{project}}/locations/{{location}}/connections/{{connection_id}}\n```\n\n```sh\n$ pulumi import gcp:developerconnect/connection:Connection default {{project}}/{{location}}/{{connection_id}}\n```\n\n```sh\n$ pulumi import gcp:developerconnect/connection:Connection default {{location}}/{{connection_id}}\n```\n\n", "properties": { "annotations": { "type": "object", @@ -204354,7 +204354,7 @@ } }, "gcp:developerconnect/gitRepositoryLink:GitRepositoryLink": { - "description": "## Example Usage\n\n### Developer Connect Git Repository Link Github Doc\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```yaml\nresources:\n github-token-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: github-token-secret\n replication:\n auto: {}\n github-token-secret-version:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${[\"github-token-secret\"].id}\n secretData:\n fn::invoke:\n Function: std:file\n Arguments:\n input: my-github-token.txt\n Return: result\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n secretId: ${[\"github-token-secret\"].secretId}\n policyData: ${[\"p4sa-secretAccessor\"].policyData}\n my-connection:\n type: gcp:developerconnect:Connection\n properties:\n location: us-central1\n connectionId: my-connection\n githubConfig:\n githubApp: DEVELOPER_CONNECT\n appInstallationId: 123123\n authorizerCredential:\n oauthTokenSecretVersion: ${[\"github-token-secret-version\"].id}\n my-repository:\n type: gcp:developerconnect:GitRepositoryLink\n properties:\n location: us-central1\n gitRepositoryLinkId: my-repo\n parentConnection: ${[\"my-connection\"].connectionId}\n remoteUri: https://github.com/myuser/myrepo.git\nvariables:\n p4sa-secretAccessor:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - serviceAccount:service-123456789@gcp-sa-devconnect.iam.gserviceaccount.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGitRepositoryLink can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/connections/{{parent_connection}}/gitRepositoryLinks/{{git_repository_link_id}}`\n\n* `{{project}}/{{location}}/{{parent_connection}}/{{git_repository_link_id}}`\n\n* `{{location}}/{{parent_connection}}/{{git_repository_link_id}}`\n\nWhen using the `pulumi import` command, GitRepositoryLink can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:developerconnect/gitRepositoryLink:GitRepositoryLink default projects/{{project}}/locations/{{location}}/connections/{{parent_connection}}/gitRepositoryLinks/{{git_repository_link_id}}\n```\n\n```sh\n$ pulumi import gcp:developerconnect/gitRepositoryLink:GitRepositoryLink default {{project}}/{{location}}/{{parent_connection}}/{{git_repository_link_id}}\n```\n\n```sh\n$ pulumi import gcp:developerconnect/gitRepositoryLink:GitRepositoryLink default {{location}}/{{parent_connection}}/{{git_repository_link_id}}\n```\n\n", + "description": "## Example Usage\n\n### Developer Connect Git Repository Link Github Doc\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```yaml\nresources:\n github-token-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: github-token-secret\n replication:\n auto: {}\n github-token-secret-version:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${[\"github-token-secret\"].id}\n secretData:\n fn::invoke:\n function: std:file\n arguments:\n input: my-github-token.txt\n return: result\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n secretId: ${[\"github-token-secret\"].secretId}\n policyData: ${[\"p4sa-secretAccessor\"].policyData}\n my-connection:\n type: gcp:developerconnect:Connection\n properties:\n location: us-central1\n connectionId: my-connection\n githubConfig:\n githubApp: DEVELOPER_CONNECT\n appInstallationId: 123123\n authorizerCredential:\n oauthTokenSecretVersion: ${[\"github-token-secret-version\"].id}\n my-repository:\n type: gcp:developerconnect:GitRepositoryLink\n properties:\n location: us-central1\n gitRepositoryLinkId: my-repo\n parentConnection: ${[\"my-connection\"].connectionId}\n remoteUri: https://github.com/myuser/myrepo.git\nvariables:\n p4sa-secretAccessor:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - serviceAccount:service-123456789@gcp-sa-devconnect.iam.gserviceaccount.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGitRepositoryLink can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/connections/{{parent_connection}}/gitRepositoryLinks/{{git_repository_link_id}}`\n\n* `{{project}}/{{location}}/{{parent_connection}}/{{git_repository_link_id}}`\n\n* `{{location}}/{{parent_connection}}/{{git_repository_link_id}}`\n\nWhen using the `pulumi import` command, GitRepositoryLink can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:developerconnect/gitRepositoryLink:GitRepositoryLink default projects/{{project}}/locations/{{location}}/connections/{{parent_connection}}/gitRepositoryLinks/{{git_repository_link_id}}\n```\n\n```sh\n$ pulumi import gcp:developerconnect/gitRepositoryLink:GitRepositoryLink default {{project}}/{{location}}/{{parent_connection}}/{{git_repository_link_id}}\n```\n\n```sh\n$ pulumi import gcp:developerconnect/gitRepositoryLink:GitRepositoryLink default {{location}}/{{parent_connection}}/{{git_repository_link_id}}\n```\n\n", "properties": { "annotations": { "type": "object", @@ -206462,7 +206462,7 @@ } }, "gcp:diagflow/entityType:EntityType": { - "description": "Represents an entity type. Entity types serve as a tool for extracting parameter values from natural language queries.\n\n\nTo get more information about EntityType, see:\n\n* [API documentation](https://cloud.google.com/dialogflow/docs/reference/rest/v2/projects.agent.entityTypes)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/dialogflow/docs/)\n\n## Example Usage\n\n### Dialogflow Entity Type Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basicAgent = new gcp.diagflow.Agent(\"basic_agent\", {\n displayName: \"example_agent\",\n defaultLanguageCode: \"en\",\n timeZone: \"America/New_York\",\n});\nconst basicEntityType = new gcp.diagflow.EntityType(\"basic_entity_type\", {\n displayName: \"\",\n kind: \"KIND_MAP\",\n entities: [\n {\n value: \"value1\",\n synonyms: [\n \"synonym1\",\n \"synonym2\",\n ],\n },\n {\n value: \"value2\",\n synonyms: [\n \"synonym3\",\n \"synonym4\",\n ],\n },\n ],\n}, {\n dependsOn: [basicAgent],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic_agent = gcp.diagflow.Agent(\"basic_agent\",\n display_name=\"example_agent\",\n default_language_code=\"en\",\n time_zone=\"America/New_York\")\nbasic_entity_type = gcp.diagflow.EntityType(\"basic_entity_type\",\n display_name=\"\",\n kind=\"KIND_MAP\",\n entities=[\n {\n \"value\": \"value1\",\n \"synonyms\": [\n \"synonym1\",\n \"synonym2\",\n ],\n },\n {\n \"value\": \"value2\",\n \"synonyms\": [\n \"synonym3\",\n \"synonym4\",\n ],\n },\n ],\n opts = pulumi.ResourceOptions(depends_on=[basic_agent]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basicAgent = new Gcp.Diagflow.Agent(\"basic_agent\", new()\n {\n DisplayName = \"example_agent\",\n DefaultLanguageCode = \"en\",\n TimeZone = \"America/New_York\",\n });\n\n var basicEntityType = new Gcp.Diagflow.EntityType(\"basic_entity_type\", new()\n {\n DisplayName = \"\",\n Kind = \"KIND_MAP\",\n Entities = new[]\n {\n new Gcp.Diagflow.Inputs.EntityTypeEntityArgs\n {\n Value = \"value1\",\n Synonyms = new[]\n {\n \"synonym1\",\n \"synonym2\",\n },\n },\n new Gcp.Diagflow.Inputs.EntityTypeEntityArgs\n {\n Value = \"value2\",\n Synonyms = new[]\n {\n \"synonym3\",\n \"synonym4\",\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n basicAgent,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/diagflow\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbasicAgent, err := diagflow.NewAgent(ctx, \"basic_agent\", \u0026diagflow.AgentArgs{\n\t\t\tDisplayName: pulumi.String(\"example_agent\"),\n\t\t\tDefaultLanguageCode: pulumi.String(\"en\"),\n\t\t\tTimeZone: pulumi.String(\"America/New_York\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = diagflow.NewEntityType(ctx, \"basic_entity_type\", \u0026diagflow.EntityTypeArgs{\n\t\t\tDisplayName: pulumi.String(\"\"),\n\t\t\tKind: pulumi.String(\"KIND_MAP\"),\n\t\t\tEntities: diagflow.EntityTypeEntityArray{\n\t\t\t\t\u0026diagflow.EntityTypeEntityArgs{\n\t\t\t\t\tValue: pulumi.String(\"value1\"),\n\t\t\t\t\tSynonyms: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"synonym1\"),\n\t\t\t\t\t\tpulumi.String(\"synonym2\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026diagflow.EntityTypeEntityArgs{\n\t\t\t\t\tValue: pulumi.String(\"value2\"),\n\t\t\t\t\tSynonyms: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"synonym3\"),\n\t\t\t\t\t\tpulumi.String(\"synonym4\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tbasicAgent,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.diagflow.Agent;\nimport com.pulumi.gcp.diagflow.AgentArgs;\nimport com.pulumi.gcp.diagflow.EntityType;\nimport com.pulumi.gcp.diagflow.EntityTypeArgs;\nimport com.pulumi.gcp.diagflow.inputs.EntityTypeEntityArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basicAgent = new Agent(\"basicAgent\", AgentArgs.builder()\n .displayName(\"example_agent\")\n .defaultLanguageCode(\"en\")\n .timeZone(\"America/New_York\")\n .build());\n\n var basicEntityType = new EntityType(\"basicEntityType\", EntityTypeArgs.builder()\n .displayName(\"\")\n .kind(\"KIND_MAP\")\n .entities( \n EntityTypeEntityArgs.builder()\n .value(\"value1\")\n .synonyms( \n \"synonym1\",\n \"synonym2\")\n .build(),\n EntityTypeEntityArgs.builder()\n .value(\"value2\")\n .synonyms( \n \"synonym3\",\n \"synonym4\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(basicAgent)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basicAgent:\n type: gcp:diagflow:Agent\n name: basic_agent\n properties:\n displayName: example_agent\n defaultLanguageCode: en\n timeZone: America/New_York\n basicEntityType:\n type: gcp:diagflow:EntityType\n name: basic_entity_type\n properties:\n displayName:\n kind: KIND_MAP\n entities:\n - value: value1\n synonyms:\n - synonym1\n - synonym2\n - value: value2\n synonyms:\n - synonym3\n - synonym4\n options:\n dependson:\n - ${basicAgent}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nEntityType can be imported using any of these accepted formats:\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, EntityType can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:diagflow/entityType:EntityType default {{name}}\n```\n\n", + "description": "Represents an entity type. Entity types serve as a tool for extracting parameter values from natural language queries.\n\n\nTo get more information about EntityType, see:\n\n* [API documentation](https://cloud.google.com/dialogflow/docs/reference/rest/v2/projects.agent.entityTypes)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/dialogflow/docs/)\n\n## Example Usage\n\n### Dialogflow Entity Type Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basicAgent = new gcp.diagflow.Agent(\"basic_agent\", {\n displayName: \"example_agent\",\n defaultLanguageCode: \"en\",\n timeZone: \"America/New_York\",\n});\nconst basicEntityType = new gcp.diagflow.EntityType(\"basic_entity_type\", {\n displayName: \"\",\n kind: \"KIND_MAP\",\n entities: [\n {\n value: \"value1\",\n synonyms: [\n \"synonym1\",\n \"synonym2\",\n ],\n },\n {\n value: \"value2\",\n synonyms: [\n \"synonym3\",\n \"synonym4\",\n ],\n },\n ],\n}, {\n dependsOn: [basicAgent],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic_agent = gcp.diagflow.Agent(\"basic_agent\",\n display_name=\"example_agent\",\n default_language_code=\"en\",\n time_zone=\"America/New_York\")\nbasic_entity_type = gcp.diagflow.EntityType(\"basic_entity_type\",\n display_name=\"\",\n kind=\"KIND_MAP\",\n entities=[\n {\n \"value\": \"value1\",\n \"synonyms\": [\n \"synonym1\",\n \"synonym2\",\n ],\n },\n {\n \"value\": \"value2\",\n \"synonyms\": [\n \"synonym3\",\n \"synonym4\",\n ],\n },\n ],\n opts = pulumi.ResourceOptions(depends_on=[basic_agent]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basicAgent = new Gcp.Diagflow.Agent(\"basic_agent\", new()\n {\n DisplayName = \"example_agent\",\n DefaultLanguageCode = \"en\",\n TimeZone = \"America/New_York\",\n });\n\n var basicEntityType = new Gcp.Diagflow.EntityType(\"basic_entity_type\", new()\n {\n DisplayName = \"\",\n Kind = \"KIND_MAP\",\n Entities = new[]\n {\n new Gcp.Diagflow.Inputs.EntityTypeEntityArgs\n {\n Value = \"value1\",\n Synonyms = new[]\n {\n \"synonym1\",\n \"synonym2\",\n },\n },\n new Gcp.Diagflow.Inputs.EntityTypeEntityArgs\n {\n Value = \"value2\",\n Synonyms = new[]\n {\n \"synonym3\",\n \"synonym4\",\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n basicAgent,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/diagflow\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbasicAgent, err := diagflow.NewAgent(ctx, \"basic_agent\", \u0026diagflow.AgentArgs{\n\t\t\tDisplayName: pulumi.String(\"example_agent\"),\n\t\t\tDefaultLanguageCode: pulumi.String(\"en\"),\n\t\t\tTimeZone: pulumi.String(\"America/New_York\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = diagflow.NewEntityType(ctx, \"basic_entity_type\", \u0026diagflow.EntityTypeArgs{\n\t\t\tDisplayName: pulumi.String(\"\"),\n\t\t\tKind: pulumi.String(\"KIND_MAP\"),\n\t\t\tEntities: diagflow.EntityTypeEntityArray{\n\t\t\t\t\u0026diagflow.EntityTypeEntityArgs{\n\t\t\t\t\tValue: pulumi.String(\"value1\"),\n\t\t\t\t\tSynonyms: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"synonym1\"),\n\t\t\t\t\t\tpulumi.String(\"synonym2\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026diagflow.EntityTypeEntityArgs{\n\t\t\t\t\tValue: pulumi.String(\"value2\"),\n\t\t\t\t\tSynonyms: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"synonym3\"),\n\t\t\t\t\t\tpulumi.String(\"synonym4\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tbasicAgent,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.diagflow.Agent;\nimport com.pulumi.gcp.diagflow.AgentArgs;\nimport com.pulumi.gcp.diagflow.EntityType;\nimport com.pulumi.gcp.diagflow.EntityTypeArgs;\nimport com.pulumi.gcp.diagflow.inputs.EntityTypeEntityArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basicAgent = new Agent(\"basicAgent\", AgentArgs.builder()\n .displayName(\"example_agent\")\n .defaultLanguageCode(\"en\")\n .timeZone(\"America/New_York\")\n .build());\n\n var basicEntityType = new EntityType(\"basicEntityType\", EntityTypeArgs.builder()\n .displayName(\"\")\n .kind(\"KIND_MAP\")\n .entities( \n EntityTypeEntityArgs.builder()\n .value(\"value1\")\n .synonyms( \n \"synonym1\",\n \"synonym2\")\n .build(),\n EntityTypeEntityArgs.builder()\n .value(\"value2\")\n .synonyms( \n \"synonym3\",\n \"synonym4\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(basicAgent)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basicAgent:\n type: gcp:diagflow:Agent\n name: basic_agent\n properties:\n displayName: example_agent\n defaultLanguageCode: en\n timeZone: America/New_York\n basicEntityType:\n type: gcp:diagflow:EntityType\n name: basic_entity_type\n properties:\n displayName: \"\"\n kind: KIND_MAP\n entities:\n - value: value1\n synonyms:\n - synonym1\n - synonym2\n - value: value2\n synonyms:\n - synonym3\n - synonym4\n options:\n dependsOn:\n - ${basicAgent}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nEntityType can be imported using any of these accepted formats:\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, EntityType can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:diagflow/entityType:EntityType default {{name}}\n```\n\n", "properties": { "displayName": { "type": "string", @@ -206564,7 +206564,7 @@ } }, "gcp:diagflow/fulfillment:Fulfillment": { - "description": "By default, your agent responds to a matched intent with a static response. If you're using one of the integration options, you can provide a more dynamic response by using fulfillment. When you enable fulfillment for an intent, Dialogflow responds to that intent by calling a service that you define. For example, if an end-user wants to schedule a haircut on Friday, your service can check your database and respond to the end-user with availability information for Friday.\n\n\nTo get more information about Fulfillment, see:\n\n* [API documentation](https://cloud.google.com/dialogflow/es/docs/reference/rest/v2/projects.agent/getFulfillment)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/dialogflow/es/docs/fulfillment-overview)\n\n## Example Usage\n\n### Dialogflow Fulfillment Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basicAgent = new gcp.diagflow.Agent(\"basic_agent\", {\n displayName: \"example_agent\",\n defaultLanguageCode: \"en\",\n timeZone: \"America/New_York\",\n});\nconst basicFulfillment = new gcp.diagflow.Fulfillment(\"basic_fulfillment\", {\n displayName: \"basic-fulfillment\",\n enabled: true,\n genericWebService: {\n uri: \"https://google.com\",\n username: \"admin\",\n password: \"password\",\n requestHeaders: {\n name: \"wrench\",\n },\n },\n}, {\n dependsOn: [basicAgent],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic_agent = gcp.diagflow.Agent(\"basic_agent\",\n display_name=\"example_agent\",\n default_language_code=\"en\",\n time_zone=\"America/New_York\")\nbasic_fulfillment = gcp.diagflow.Fulfillment(\"basic_fulfillment\",\n display_name=\"basic-fulfillment\",\n enabled=True,\n generic_web_service={\n \"uri\": \"https://google.com\",\n \"username\": \"admin\",\n \"password\": \"password\",\n \"request_headers\": {\n \"name\": \"wrench\",\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[basic_agent]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basicAgent = new Gcp.Diagflow.Agent(\"basic_agent\", new()\n {\n DisplayName = \"example_agent\",\n DefaultLanguageCode = \"en\",\n TimeZone = \"America/New_York\",\n });\n\n var basicFulfillment = new Gcp.Diagflow.Fulfillment(\"basic_fulfillment\", new()\n {\n DisplayName = \"basic-fulfillment\",\n Enabled = true,\n GenericWebService = new Gcp.Diagflow.Inputs.FulfillmentGenericWebServiceArgs\n {\n Uri = \"https://google.com\",\n Username = \"admin\",\n Password = \"password\",\n RequestHeaders = \n {\n { \"name\", \"wrench\" },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n basicAgent,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/diagflow\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbasicAgent, err := diagflow.NewAgent(ctx, \"basic_agent\", \u0026diagflow.AgentArgs{\n\t\t\tDisplayName: pulumi.String(\"example_agent\"),\n\t\t\tDefaultLanguageCode: pulumi.String(\"en\"),\n\t\t\tTimeZone: pulumi.String(\"America/New_York\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = diagflow.NewFulfillment(ctx, \"basic_fulfillment\", \u0026diagflow.FulfillmentArgs{\n\t\t\tDisplayName: pulumi.String(\"basic-fulfillment\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tGenericWebService: \u0026diagflow.FulfillmentGenericWebServiceArgs{\n\t\t\t\tUri: pulumi.String(\"https://google.com\"),\n\t\t\t\tUsername: pulumi.String(\"admin\"),\n\t\t\t\tPassword: pulumi.String(\"password\"),\n\t\t\t\tRequestHeaders: pulumi.StringMap{\n\t\t\t\t\t\"name\": pulumi.String(\"wrench\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tbasicAgent,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.diagflow.Agent;\nimport com.pulumi.gcp.diagflow.AgentArgs;\nimport com.pulumi.gcp.diagflow.Fulfillment;\nimport com.pulumi.gcp.diagflow.FulfillmentArgs;\nimport com.pulumi.gcp.diagflow.inputs.FulfillmentGenericWebServiceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basicAgent = new Agent(\"basicAgent\", AgentArgs.builder()\n .displayName(\"example_agent\")\n .defaultLanguageCode(\"en\")\n .timeZone(\"America/New_York\")\n .build());\n\n var basicFulfillment = new Fulfillment(\"basicFulfillment\", FulfillmentArgs.builder()\n .displayName(\"basic-fulfillment\")\n .enabled(true)\n .genericWebService(FulfillmentGenericWebServiceArgs.builder()\n .uri(\"https://google.com\")\n .username(\"admin\")\n .password(\"password\")\n .requestHeaders(Map.of(\"name\", \"wrench\"))\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(basicAgent)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basicAgent:\n type: gcp:diagflow:Agent\n name: basic_agent\n properties:\n displayName: example_agent\n defaultLanguageCode: en\n timeZone: America/New_York\n basicFulfillment:\n type: gcp:diagflow:Fulfillment\n name: basic_fulfillment\n properties:\n displayName: basic-fulfillment\n enabled: true\n genericWebService:\n uri: https://google.com\n username: admin\n password: password\n requestHeaders:\n name: wrench\n options:\n dependson:\n - ${basicAgent}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFulfillment can be imported using any of these accepted formats:\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Fulfillment can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:diagflow/fulfillment:Fulfillment default {{name}}\n```\n\n", + "description": "By default, your agent responds to a matched intent with a static response. If you're using one of the integration options, you can provide a more dynamic response by using fulfillment. When you enable fulfillment for an intent, Dialogflow responds to that intent by calling a service that you define. For example, if an end-user wants to schedule a haircut on Friday, your service can check your database and respond to the end-user with availability information for Friday.\n\n\nTo get more information about Fulfillment, see:\n\n* [API documentation](https://cloud.google.com/dialogflow/es/docs/reference/rest/v2/projects.agent/getFulfillment)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/dialogflow/es/docs/fulfillment-overview)\n\n## Example Usage\n\n### Dialogflow Fulfillment Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basicAgent = new gcp.diagflow.Agent(\"basic_agent\", {\n displayName: \"example_agent\",\n defaultLanguageCode: \"en\",\n timeZone: \"America/New_York\",\n});\nconst basicFulfillment = new gcp.diagflow.Fulfillment(\"basic_fulfillment\", {\n displayName: \"basic-fulfillment\",\n enabled: true,\n genericWebService: {\n uri: \"https://google.com\",\n username: \"admin\",\n password: \"password\",\n requestHeaders: {\n name: \"wrench\",\n },\n },\n}, {\n dependsOn: [basicAgent],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic_agent = gcp.diagflow.Agent(\"basic_agent\",\n display_name=\"example_agent\",\n default_language_code=\"en\",\n time_zone=\"America/New_York\")\nbasic_fulfillment = gcp.diagflow.Fulfillment(\"basic_fulfillment\",\n display_name=\"basic-fulfillment\",\n enabled=True,\n generic_web_service={\n \"uri\": \"https://google.com\",\n \"username\": \"admin\",\n \"password\": \"password\",\n \"request_headers\": {\n \"name\": \"wrench\",\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[basic_agent]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basicAgent = new Gcp.Diagflow.Agent(\"basic_agent\", new()\n {\n DisplayName = \"example_agent\",\n DefaultLanguageCode = \"en\",\n TimeZone = \"America/New_York\",\n });\n\n var basicFulfillment = new Gcp.Diagflow.Fulfillment(\"basic_fulfillment\", new()\n {\n DisplayName = \"basic-fulfillment\",\n Enabled = true,\n GenericWebService = new Gcp.Diagflow.Inputs.FulfillmentGenericWebServiceArgs\n {\n Uri = \"https://google.com\",\n Username = \"admin\",\n Password = \"password\",\n RequestHeaders = \n {\n { \"name\", \"wrench\" },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n basicAgent,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/diagflow\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbasicAgent, err := diagflow.NewAgent(ctx, \"basic_agent\", \u0026diagflow.AgentArgs{\n\t\t\tDisplayName: pulumi.String(\"example_agent\"),\n\t\t\tDefaultLanguageCode: pulumi.String(\"en\"),\n\t\t\tTimeZone: pulumi.String(\"America/New_York\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = diagflow.NewFulfillment(ctx, \"basic_fulfillment\", \u0026diagflow.FulfillmentArgs{\n\t\t\tDisplayName: pulumi.String(\"basic-fulfillment\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tGenericWebService: \u0026diagflow.FulfillmentGenericWebServiceArgs{\n\t\t\t\tUri: pulumi.String(\"https://google.com\"),\n\t\t\t\tUsername: pulumi.String(\"admin\"),\n\t\t\t\tPassword: pulumi.String(\"password\"),\n\t\t\t\tRequestHeaders: pulumi.StringMap{\n\t\t\t\t\t\"name\": pulumi.String(\"wrench\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tbasicAgent,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.diagflow.Agent;\nimport com.pulumi.gcp.diagflow.AgentArgs;\nimport com.pulumi.gcp.diagflow.Fulfillment;\nimport com.pulumi.gcp.diagflow.FulfillmentArgs;\nimport com.pulumi.gcp.diagflow.inputs.FulfillmentGenericWebServiceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basicAgent = new Agent(\"basicAgent\", AgentArgs.builder()\n .displayName(\"example_agent\")\n .defaultLanguageCode(\"en\")\n .timeZone(\"America/New_York\")\n .build());\n\n var basicFulfillment = new Fulfillment(\"basicFulfillment\", FulfillmentArgs.builder()\n .displayName(\"basic-fulfillment\")\n .enabled(true)\n .genericWebService(FulfillmentGenericWebServiceArgs.builder()\n .uri(\"https://google.com\")\n .username(\"admin\")\n .password(\"password\")\n .requestHeaders(Map.of(\"name\", \"wrench\"))\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(basicAgent)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basicAgent:\n type: gcp:diagflow:Agent\n name: basic_agent\n properties:\n displayName: example_agent\n defaultLanguageCode: en\n timeZone: America/New_York\n basicFulfillment:\n type: gcp:diagflow:Fulfillment\n name: basic_fulfillment\n properties:\n displayName: basic-fulfillment\n enabled: true\n genericWebService:\n uri: https://google.com\n username: admin\n password: password\n requestHeaders:\n name: wrench\n options:\n dependsOn:\n - ${basicAgent}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFulfillment can be imported using any of these accepted formats:\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Fulfillment can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:diagflow/fulfillment:Fulfillment default {{name}}\n```\n\n", "properties": { "displayName": { "type": "string", @@ -206664,7 +206664,7 @@ } }, "gcp:diagflow/intent:Intent": { - "description": "Represents a Dialogflow intent. Intents convert a number of user expressions or patterns into an action. An action\nis an extraction of a user command or sentence semantics.\n\n\nTo get more information about Intent, see:\n\n* [API documentation](https://cloud.google.com/dialogflow/docs/reference/rest/v2/projects.agent.intents)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/dialogflow/docs/)\n\n## Example Usage\n\n### Dialogflow Intent Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basicAgent = new gcp.diagflow.Agent(\"basic_agent\", {\n displayName: \"example_agent\",\n defaultLanguageCode: \"en\",\n timeZone: \"America/New_York\",\n});\nconst basicIntent = new gcp.diagflow.Intent(\"basic_intent\", {displayName: \"basic-intent\"}, {\n dependsOn: [basicAgent],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic_agent = gcp.diagflow.Agent(\"basic_agent\",\n display_name=\"example_agent\",\n default_language_code=\"en\",\n time_zone=\"America/New_York\")\nbasic_intent = gcp.diagflow.Intent(\"basic_intent\", display_name=\"basic-intent\",\nopts = pulumi.ResourceOptions(depends_on=[basic_agent]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basicAgent = new Gcp.Diagflow.Agent(\"basic_agent\", new()\n {\n DisplayName = \"example_agent\",\n DefaultLanguageCode = \"en\",\n TimeZone = \"America/New_York\",\n });\n\n var basicIntent = new Gcp.Diagflow.Intent(\"basic_intent\", new()\n {\n DisplayName = \"basic-intent\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n basicAgent,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/diagflow\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbasicAgent, err := diagflow.NewAgent(ctx, \"basic_agent\", \u0026diagflow.AgentArgs{\n\t\t\tDisplayName: pulumi.String(\"example_agent\"),\n\t\t\tDefaultLanguageCode: pulumi.String(\"en\"),\n\t\t\tTimeZone: pulumi.String(\"America/New_York\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = diagflow.NewIntent(ctx, \"basic_intent\", \u0026diagflow.IntentArgs{\n\t\t\tDisplayName: pulumi.String(\"basic-intent\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tbasicAgent,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.diagflow.Agent;\nimport com.pulumi.gcp.diagflow.AgentArgs;\nimport com.pulumi.gcp.diagflow.Intent;\nimport com.pulumi.gcp.diagflow.IntentArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basicAgent = new Agent(\"basicAgent\", AgentArgs.builder()\n .displayName(\"example_agent\")\n .defaultLanguageCode(\"en\")\n .timeZone(\"America/New_York\")\n .build());\n\n var basicIntent = new Intent(\"basicIntent\", IntentArgs.builder()\n .displayName(\"basic-intent\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(basicAgent)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basicAgent:\n type: gcp:diagflow:Agent\n name: basic_agent\n properties:\n displayName: example_agent\n defaultLanguageCode: en\n timeZone: America/New_York\n basicIntent:\n type: gcp:diagflow:Intent\n name: basic_intent\n properties:\n displayName: basic-intent\n options:\n dependson:\n - ${basicAgent}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dialogflow Intent Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst agentProject = new gcp.organizations.Project(\"agent_project\", {\n projectId: \"my-project\",\n name: \"my-project\",\n orgId: \"123456789\",\n deletionPolicy: \"DELETE\",\n});\nconst agentProjectService = new gcp.projects.Service(\"agent_project\", {\n project: agentProject.projectId,\n service: \"dialogflow.googleapis.com\",\n disableDependentServices: false,\n});\nconst dialogflowServiceAccount = new gcp.serviceaccount.Account(\"dialogflow_service_account\", {accountId: \"my-account\"});\nconst agentCreate = new gcp.projects.IAMMember(\"agent_create\", {\n project: agentProjectService.project,\n role: \"roles/dialogflow.admin\",\n member: pulumi.interpolate`serviceAccount:${dialogflowServiceAccount.email}`,\n});\nconst basicAgent = new gcp.diagflow.Agent(\"basic_agent\", {\n project: agentProject.projectId,\n displayName: \"example_agent\",\n defaultLanguageCode: \"en\",\n timeZone: \"America/New_York\",\n});\nconst fullIntent = new gcp.diagflow.Intent(\"full_intent\", {\n project: agentProject.projectId,\n displayName: \"full-intent\",\n webhookState: \"WEBHOOK_STATE_ENABLED\",\n priority: 1,\n isFallback: false,\n mlDisabled: true,\n action: \"some_action\",\n resetContexts: true,\n inputContextNames: [pulumi.interpolate`projects/${agentProject.projectId}/agent/sessions/-/contexts/some_id`],\n events: [\"some_event\"],\n defaultResponsePlatforms: [\n \"FACEBOOK\",\n \"SLACK\",\n ],\n}, {\n dependsOn: [basicAgent],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nagent_project = gcp.organizations.Project(\"agent_project\",\n project_id=\"my-project\",\n name=\"my-project\",\n org_id=\"123456789\",\n deletion_policy=\"DELETE\")\nagent_project_service = gcp.projects.Service(\"agent_project\",\n project=agent_project.project_id,\n service=\"dialogflow.googleapis.com\",\n disable_dependent_services=False)\ndialogflow_service_account = gcp.serviceaccount.Account(\"dialogflow_service_account\", account_id=\"my-account\")\nagent_create = gcp.projects.IAMMember(\"agent_create\",\n project=agent_project_service.project,\n role=\"roles/dialogflow.admin\",\n member=dialogflow_service_account.email.apply(lambda email: f\"serviceAccount:{email}\"))\nbasic_agent = gcp.diagflow.Agent(\"basic_agent\",\n project=agent_project.project_id,\n display_name=\"example_agent\",\n default_language_code=\"en\",\n time_zone=\"America/New_York\")\nfull_intent = gcp.diagflow.Intent(\"full_intent\",\n project=agent_project.project_id,\n display_name=\"full-intent\",\n webhook_state=\"WEBHOOK_STATE_ENABLED\",\n priority=1,\n is_fallback=False,\n ml_disabled=True,\n action=\"some_action\",\n reset_contexts=True,\n input_context_names=[agent_project.project_id.apply(lambda project_id: f\"projects/{project_id}/agent/sessions/-/contexts/some_id\")],\n events=[\"some_event\"],\n default_response_platforms=[\n \"FACEBOOK\",\n \"SLACK\",\n ],\n opts = pulumi.ResourceOptions(depends_on=[basic_agent]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var agentProject = new Gcp.Organizations.Project(\"agent_project\", new()\n {\n ProjectId = \"my-project\",\n Name = \"my-project\",\n OrgId = \"123456789\",\n DeletionPolicy = \"DELETE\",\n });\n\n var agentProjectService = new Gcp.Projects.Service(\"agent_project\", new()\n {\n Project = agentProject.ProjectId,\n ServiceName = \"dialogflow.googleapis.com\",\n DisableDependentServices = false,\n });\n\n var dialogflowServiceAccount = new Gcp.ServiceAccount.Account(\"dialogflow_service_account\", new()\n {\n AccountId = \"my-account\",\n });\n\n var agentCreate = new Gcp.Projects.IAMMember(\"agent_create\", new()\n {\n Project = agentProjectService.Project,\n Role = \"roles/dialogflow.admin\",\n Member = dialogflowServiceAccount.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n var basicAgent = new Gcp.Diagflow.Agent(\"basic_agent\", new()\n {\n Project = agentProject.ProjectId,\n DisplayName = \"example_agent\",\n DefaultLanguageCode = \"en\",\n TimeZone = \"America/New_York\",\n });\n\n var fullIntent = new Gcp.Diagflow.Intent(\"full_intent\", new()\n {\n Project = agentProject.ProjectId,\n DisplayName = \"full-intent\",\n WebhookState = \"WEBHOOK_STATE_ENABLED\",\n Priority = 1,\n IsFallback = false,\n MlDisabled = true,\n Action = \"some_action\",\n ResetContexts = true,\n InputContextNames = new[]\n {\n agentProject.ProjectId.Apply(projectId =\u003e $\"projects/{projectId}/agent/sessions/-/contexts/some_id\"),\n },\n Events = new[]\n {\n \"some_event\",\n },\n DefaultResponsePlatforms = new[]\n {\n \"FACEBOOK\",\n \"SLACK\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n basicAgent,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/diagflow\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tagentProject, err := organizations.NewProject(ctx, \"agent_project\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"my-project\"),\n\t\t\tName: pulumi.String(\"my-project\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tagentProjectService, err := projects.NewService(ctx, \"agent_project\", \u0026projects.ServiceArgs{\n\t\t\tProject: agentProject.ProjectId,\n\t\t\tService: pulumi.String(\"dialogflow.googleapis.com\"),\n\t\t\tDisableDependentServices: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdialogflowServiceAccount, err := serviceaccount.NewAccount(ctx, \"dialogflow_service_account\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMMember(ctx, \"agent_create\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: agentProjectService.Project,\n\t\t\tRole: pulumi.String(\"roles/dialogflow.admin\"),\n\t\t\tMember: dialogflowServiceAccount.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasicAgent, err := diagflow.NewAgent(ctx, \"basic_agent\", \u0026diagflow.AgentArgs{\n\t\t\tProject: agentProject.ProjectId,\n\t\t\tDisplayName: pulumi.String(\"example_agent\"),\n\t\t\tDefaultLanguageCode: pulumi.String(\"en\"),\n\t\t\tTimeZone: pulumi.String(\"America/New_York\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = diagflow.NewIntent(ctx, \"full_intent\", \u0026diagflow.IntentArgs{\n\t\t\tProject: agentProject.ProjectId,\n\t\t\tDisplayName: pulumi.String(\"full-intent\"),\n\t\t\tWebhookState: pulumi.String(\"WEBHOOK_STATE_ENABLED\"),\n\t\t\tPriority: pulumi.Int(1),\n\t\t\tIsFallback: pulumi.Bool(false),\n\t\t\tMlDisabled: pulumi.Bool(true),\n\t\t\tAction: pulumi.String(\"some_action\"),\n\t\t\tResetContexts: pulumi.Bool(true),\n\t\t\tInputContextNames: pulumi.StringArray{\n\t\t\t\tagentProject.ProjectId.ApplyT(func(projectId string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"projects/%v/agent/sessions/-/contexts/some_id\", projectId), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t\tEvents: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"some_event\"),\n\t\t\t},\n\t\t\tDefaultResponsePlatforms: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"FACEBOOK\"),\n\t\t\t\tpulumi.String(\"SLACK\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tbasicAgent,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.diagflow.Agent;\nimport com.pulumi.gcp.diagflow.AgentArgs;\nimport com.pulumi.gcp.diagflow.Intent;\nimport com.pulumi.gcp.diagflow.IntentArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var agentProject = new Project(\"agentProject\", ProjectArgs.builder()\n .projectId(\"my-project\")\n .name(\"my-project\")\n .orgId(\"123456789\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var agentProjectService = new Service(\"agentProjectService\", ServiceArgs.builder()\n .project(agentProject.projectId())\n .service(\"dialogflow.googleapis.com\")\n .disableDependentServices(false)\n .build());\n\n var dialogflowServiceAccount = new Account(\"dialogflowServiceAccount\", AccountArgs.builder()\n .accountId(\"my-account\")\n .build());\n\n var agentCreate = new IAMMember(\"agentCreate\", IAMMemberArgs.builder()\n .project(agentProjectService.project())\n .role(\"roles/dialogflow.admin\")\n .member(dialogflowServiceAccount.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n var basicAgent = new Agent(\"basicAgent\", AgentArgs.builder()\n .project(agentProject.projectId())\n .displayName(\"example_agent\")\n .defaultLanguageCode(\"en\")\n .timeZone(\"America/New_York\")\n .build());\n\n var fullIntent = new Intent(\"fullIntent\", IntentArgs.builder()\n .project(agentProject.projectId())\n .displayName(\"full-intent\")\n .webhookState(\"WEBHOOK_STATE_ENABLED\")\n .priority(1)\n .isFallback(false)\n .mlDisabled(true)\n .action(\"some_action\")\n .resetContexts(true)\n .inputContextNames(agentProject.projectId().applyValue(projectId -\u003e String.format(\"projects/%s/agent/sessions/-/contexts/some_id\", projectId)))\n .events(\"some_event\")\n .defaultResponsePlatforms( \n \"FACEBOOK\",\n \"SLACK\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(basicAgent)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n agentProject:\n type: gcp:organizations:Project\n name: agent_project\n properties:\n projectId: my-project\n name: my-project\n orgId: '123456789'\n deletionPolicy: DELETE\n agentProjectService:\n type: gcp:projects:Service\n name: agent_project\n properties:\n project: ${agentProject.projectId}\n service: dialogflow.googleapis.com\n disableDependentServices: false\n dialogflowServiceAccount:\n type: gcp:serviceaccount:Account\n name: dialogflow_service_account\n properties:\n accountId: my-account\n agentCreate:\n type: gcp:projects:IAMMember\n name: agent_create\n properties:\n project: ${agentProjectService.project}\n role: roles/dialogflow.admin\n member: serviceAccount:${dialogflowServiceAccount.email}\n basicAgent:\n type: gcp:diagflow:Agent\n name: basic_agent\n properties:\n project: ${agentProject.projectId}\n displayName: example_agent\n defaultLanguageCode: en\n timeZone: America/New_York\n fullIntent:\n type: gcp:diagflow:Intent\n name: full_intent\n properties:\n project: ${agentProject.projectId}\n displayName: full-intent\n webhookState: WEBHOOK_STATE_ENABLED\n priority: 1\n isFallback: false\n mlDisabled: true\n action: some_action\n resetContexts: true\n inputContextNames:\n - projects/${agentProject.projectId}/agent/sessions/-/contexts/some_id\n events:\n - some_event\n defaultResponsePlatforms:\n - FACEBOOK\n - SLACK\n options:\n dependson:\n - ${basicAgent}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nIntent can be imported using any of these accepted formats:\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Intent can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:diagflow/intent:Intent default {{name}}\n```\n\n", + "description": "Represents a Dialogflow intent. Intents convert a number of user expressions or patterns into an action. An action\nis an extraction of a user command or sentence semantics.\n\n\nTo get more information about Intent, see:\n\n* [API documentation](https://cloud.google.com/dialogflow/docs/reference/rest/v2/projects.agent.intents)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/dialogflow/docs/)\n\n## Example Usage\n\n### Dialogflow Intent Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basicAgent = new gcp.diagflow.Agent(\"basic_agent\", {\n displayName: \"example_agent\",\n defaultLanguageCode: \"en\",\n timeZone: \"America/New_York\",\n});\nconst basicIntent = new gcp.diagflow.Intent(\"basic_intent\", {displayName: \"basic-intent\"}, {\n dependsOn: [basicAgent],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic_agent = gcp.diagflow.Agent(\"basic_agent\",\n display_name=\"example_agent\",\n default_language_code=\"en\",\n time_zone=\"America/New_York\")\nbasic_intent = gcp.diagflow.Intent(\"basic_intent\", display_name=\"basic-intent\",\nopts = pulumi.ResourceOptions(depends_on=[basic_agent]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basicAgent = new Gcp.Diagflow.Agent(\"basic_agent\", new()\n {\n DisplayName = \"example_agent\",\n DefaultLanguageCode = \"en\",\n TimeZone = \"America/New_York\",\n });\n\n var basicIntent = new Gcp.Diagflow.Intent(\"basic_intent\", new()\n {\n DisplayName = \"basic-intent\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n basicAgent,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/diagflow\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbasicAgent, err := diagflow.NewAgent(ctx, \"basic_agent\", \u0026diagflow.AgentArgs{\n\t\t\tDisplayName: pulumi.String(\"example_agent\"),\n\t\t\tDefaultLanguageCode: pulumi.String(\"en\"),\n\t\t\tTimeZone: pulumi.String(\"America/New_York\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = diagflow.NewIntent(ctx, \"basic_intent\", \u0026diagflow.IntentArgs{\n\t\t\tDisplayName: pulumi.String(\"basic-intent\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tbasicAgent,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.diagflow.Agent;\nimport com.pulumi.gcp.diagflow.AgentArgs;\nimport com.pulumi.gcp.diagflow.Intent;\nimport com.pulumi.gcp.diagflow.IntentArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basicAgent = new Agent(\"basicAgent\", AgentArgs.builder()\n .displayName(\"example_agent\")\n .defaultLanguageCode(\"en\")\n .timeZone(\"America/New_York\")\n .build());\n\n var basicIntent = new Intent(\"basicIntent\", IntentArgs.builder()\n .displayName(\"basic-intent\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(basicAgent)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basicAgent:\n type: gcp:diagflow:Agent\n name: basic_agent\n properties:\n displayName: example_agent\n defaultLanguageCode: en\n timeZone: America/New_York\n basicIntent:\n type: gcp:diagflow:Intent\n name: basic_intent\n properties:\n displayName: basic-intent\n options:\n dependsOn:\n - ${basicAgent}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Dialogflow Intent Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst agentProject = new gcp.organizations.Project(\"agent_project\", {\n projectId: \"my-project\",\n name: \"my-project\",\n orgId: \"123456789\",\n deletionPolicy: \"DELETE\",\n});\nconst agentProjectService = new gcp.projects.Service(\"agent_project\", {\n project: agentProject.projectId,\n service: \"dialogflow.googleapis.com\",\n disableDependentServices: false,\n});\nconst dialogflowServiceAccount = new gcp.serviceaccount.Account(\"dialogflow_service_account\", {accountId: \"my-account\"});\nconst agentCreate = new gcp.projects.IAMMember(\"agent_create\", {\n project: agentProjectService.project,\n role: \"roles/dialogflow.admin\",\n member: pulumi.interpolate`serviceAccount:${dialogflowServiceAccount.email}`,\n});\nconst basicAgent = new gcp.diagflow.Agent(\"basic_agent\", {\n project: agentProject.projectId,\n displayName: \"example_agent\",\n defaultLanguageCode: \"en\",\n timeZone: \"America/New_York\",\n});\nconst fullIntent = new gcp.diagflow.Intent(\"full_intent\", {\n project: agentProject.projectId,\n displayName: \"full-intent\",\n webhookState: \"WEBHOOK_STATE_ENABLED\",\n priority: 1,\n isFallback: false,\n mlDisabled: true,\n action: \"some_action\",\n resetContexts: true,\n inputContextNames: [pulumi.interpolate`projects/${agentProject.projectId}/agent/sessions/-/contexts/some_id`],\n events: [\"some_event\"],\n defaultResponsePlatforms: [\n \"FACEBOOK\",\n \"SLACK\",\n ],\n}, {\n dependsOn: [basicAgent],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nagent_project = gcp.organizations.Project(\"agent_project\",\n project_id=\"my-project\",\n name=\"my-project\",\n org_id=\"123456789\",\n deletion_policy=\"DELETE\")\nagent_project_service = gcp.projects.Service(\"agent_project\",\n project=agent_project.project_id,\n service=\"dialogflow.googleapis.com\",\n disable_dependent_services=False)\ndialogflow_service_account = gcp.serviceaccount.Account(\"dialogflow_service_account\", account_id=\"my-account\")\nagent_create = gcp.projects.IAMMember(\"agent_create\",\n project=agent_project_service.project,\n role=\"roles/dialogflow.admin\",\n member=dialogflow_service_account.email.apply(lambda email: f\"serviceAccount:{email}\"))\nbasic_agent = gcp.diagflow.Agent(\"basic_agent\",\n project=agent_project.project_id,\n display_name=\"example_agent\",\n default_language_code=\"en\",\n time_zone=\"America/New_York\")\nfull_intent = gcp.diagflow.Intent(\"full_intent\",\n project=agent_project.project_id,\n display_name=\"full-intent\",\n webhook_state=\"WEBHOOK_STATE_ENABLED\",\n priority=1,\n is_fallback=False,\n ml_disabled=True,\n action=\"some_action\",\n reset_contexts=True,\n input_context_names=[agent_project.project_id.apply(lambda project_id: f\"projects/{project_id}/agent/sessions/-/contexts/some_id\")],\n events=[\"some_event\"],\n default_response_platforms=[\n \"FACEBOOK\",\n \"SLACK\",\n ],\n opts = pulumi.ResourceOptions(depends_on=[basic_agent]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var agentProject = new Gcp.Organizations.Project(\"agent_project\", new()\n {\n ProjectId = \"my-project\",\n Name = \"my-project\",\n OrgId = \"123456789\",\n DeletionPolicy = \"DELETE\",\n });\n\n var agentProjectService = new Gcp.Projects.Service(\"agent_project\", new()\n {\n Project = agentProject.ProjectId,\n ServiceName = \"dialogflow.googleapis.com\",\n DisableDependentServices = false,\n });\n\n var dialogflowServiceAccount = new Gcp.ServiceAccount.Account(\"dialogflow_service_account\", new()\n {\n AccountId = \"my-account\",\n });\n\n var agentCreate = new Gcp.Projects.IAMMember(\"agent_create\", new()\n {\n Project = agentProjectService.Project,\n Role = \"roles/dialogflow.admin\",\n Member = dialogflowServiceAccount.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n var basicAgent = new Gcp.Diagflow.Agent(\"basic_agent\", new()\n {\n Project = agentProject.ProjectId,\n DisplayName = \"example_agent\",\n DefaultLanguageCode = \"en\",\n TimeZone = \"America/New_York\",\n });\n\n var fullIntent = new Gcp.Diagflow.Intent(\"full_intent\", new()\n {\n Project = agentProject.ProjectId,\n DisplayName = \"full-intent\",\n WebhookState = \"WEBHOOK_STATE_ENABLED\",\n Priority = 1,\n IsFallback = false,\n MlDisabled = true,\n Action = \"some_action\",\n ResetContexts = true,\n InputContextNames = new[]\n {\n agentProject.ProjectId.Apply(projectId =\u003e $\"projects/{projectId}/agent/sessions/-/contexts/some_id\"),\n },\n Events = new[]\n {\n \"some_event\",\n },\n DefaultResponsePlatforms = new[]\n {\n \"FACEBOOK\",\n \"SLACK\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n basicAgent,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/diagflow\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tagentProject, err := organizations.NewProject(ctx, \"agent_project\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"my-project\"),\n\t\t\tName: pulumi.String(\"my-project\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tagentProjectService, err := projects.NewService(ctx, \"agent_project\", \u0026projects.ServiceArgs{\n\t\t\tProject: agentProject.ProjectId,\n\t\t\tService: pulumi.String(\"dialogflow.googleapis.com\"),\n\t\t\tDisableDependentServices: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdialogflowServiceAccount, err := serviceaccount.NewAccount(ctx, \"dialogflow_service_account\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMMember(ctx, \"agent_create\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: agentProjectService.Project,\n\t\t\tRole: pulumi.String(\"roles/dialogflow.admin\"),\n\t\t\tMember: dialogflowServiceAccount.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasicAgent, err := diagflow.NewAgent(ctx, \"basic_agent\", \u0026diagflow.AgentArgs{\n\t\t\tProject: agentProject.ProjectId,\n\t\t\tDisplayName: pulumi.String(\"example_agent\"),\n\t\t\tDefaultLanguageCode: pulumi.String(\"en\"),\n\t\t\tTimeZone: pulumi.String(\"America/New_York\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = diagflow.NewIntent(ctx, \"full_intent\", \u0026diagflow.IntentArgs{\n\t\t\tProject: agentProject.ProjectId,\n\t\t\tDisplayName: pulumi.String(\"full-intent\"),\n\t\t\tWebhookState: pulumi.String(\"WEBHOOK_STATE_ENABLED\"),\n\t\t\tPriority: pulumi.Int(1),\n\t\t\tIsFallback: pulumi.Bool(false),\n\t\t\tMlDisabled: pulumi.Bool(true),\n\t\t\tAction: pulumi.String(\"some_action\"),\n\t\t\tResetContexts: pulumi.Bool(true),\n\t\t\tInputContextNames: pulumi.StringArray{\n\t\t\t\tagentProject.ProjectId.ApplyT(func(projectId string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"projects/%v/agent/sessions/-/contexts/some_id\", projectId), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t\tEvents: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"some_event\"),\n\t\t\t},\n\t\t\tDefaultResponsePlatforms: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"FACEBOOK\"),\n\t\t\t\tpulumi.String(\"SLACK\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tbasicAgent,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.diagflow.Agent;\nimport com.pulumi.gcp.diagflow.AgentArgs;\nimport com.pulumi.gcp.diagflow.Intent;\nimport com.pulumi.gcp.diagflow.IntentArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var agentProject = new Project(\"agentProject\", ProjectArgs.builder()\n .projectId(\"my-project\")\n .name(\"my-project\")\n .orgId(\"123456789\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var agentProjectService = new Service(\"agentProjectService\", ServiceArgs.builder()\n .project(agentProject.projectId())\n .service(\"dialogflow.googleapis.com\")\n .disableDependentServices(false)\n .build());\n\n var dialogflowServiceAccount = new Account(\"dialogflowServiceAccount\", AccountArgs.builder()\n .accountId(\"my-account\")\n .build());\n\n var agentCreate = new IAMMember(\"agentCreate\", IAMMemberArgs.builder()\n .project(agentProjectService.project())\n .role(\"roles/dialogflow.admin\")\n .member(dialogflowServiceAccount.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n var basicAgent = new Agent(\"basicAgent\", AgentArgs.builder()\n .project(agentProject.projectId())\n .displayName(\"example_agent\")\n .defaultLanguageCode(\"en\")\n .timeZone(\"America/New_York\")\n .build());\n\n var fullIntent = new Intent(\"fullIntent\", IntentArgs.builder()\n .project(agentProject.projectId())\n .displayName(\"full-intent\")\n .webhookState(\"WEBHOOK_STATE_ENABLED\")\n .priority(1)\n .isFallback(false)\n .mlDisabled(true)\n .action(\"some_action\")\n .resetContexts(true)\n .inputContextNames(agentProject.projectId().applyValue(projectId -\u003e String.format(\"projects/%s/agent/sessions/-/contexts/some_id\", projectId)))\n .events(\"some_event\")\n .defaultResponsePlatforms( \n \"FACEBOOK\",\n \"SLACK\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(basicAgent)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n agentProject:\n type: gcp:organizations:Project\n name: agent_project\n properties:\n projectId: my-project\n name: my-project\n orgId: '123456789'\n deletionPolicy: DELETE\n agentProjectService:\n type: gcp:projects:Service\n name: agent_project\n properties:\n project: ${agentProject.projectId}\n service: dialogflow.googleapis.com\n disableDependentServices: false\n dialogflowServiceAccount:\n type: gcp:serviceaccount:Account\n name: dialogflow_service_account\n properties:\n accountId: my-account\n agentCreate:\n type: gcp:projects:IAMMember\n name: agent_create\n properties:\n project: ${agentProjectService.project}\n role: roles/dialogflow.admin\n member: serviceAccount:${dialogflowServiceAccount.email}\n basicAgent:\n type: gcp:diagflow:Agent\n name: basic_agent\n properties:\n project: ${agentProject.projectId}\n displayName: example_agent\n defaultLanguageCode: en\n timeZone: America/New_York\n fullIntent:\n type: gcp:diagflow:Intent\n name: full_intent\n properties:\n project: ${agentProject.projectId}\n displayName: full-intent\n webhookState: WEBHOOK_STATE_ENABLED\n priority: 1\n isFallback: false\n mlDisabled: true\n action: some_action\n resetContexts: true\n inputContextNames:\n - projects/${agentProject.projectId}/agent/sessions/-/contexts/some_id\n events:\n - some_event\n defaultResponsePlatforms:\n - FACEBOOK\n - SLACK\n options:\n dependsOn:\n - ${basicAgent}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nIntent can be imported using any of these accepted formats:\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Intent can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:diagflow/intent:Intent default {{name}}\n```\n\n", "properties": { "action": { "type": "string", @@ -207777,7 +207777,7 @@ } }, "gcp:dns/dnsManagedZoneIamBinding:DnsManagedZoneIamBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud DNS ManagedZone. Each of these resources serves a different use case:\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Authoritative. Sets the IAM policy for the managedzone and replaces any existing policy already attached.\n* `gcp.dns.DnsManagedZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedzone are preserved.\n* `gcp.dns.DnsManagedZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedzone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Retrieves the IAM policy for the managedzone\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamPolicy` **cannot** be used in conjunction with `gcp.dns.DnsManagedZoneIamBinding` and `gcp.dns.DnsManagedZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamBinding` resources **can be** used in conjunction with `gcp.dns.DnsManagedZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dns.DnsManagedZoneIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dns.DnsManagedZoneIamPolicy(\"policy\", {\n project: _default.project,\n managedZone: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dns.DnsManagedZoneIamPolicy(\"policy\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dns.DnsManagedZoneIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewDnsManagedZoneIamPolicy(ctx, \"policy\", \u0026dns.DnsManagedZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicy;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DnsManagedZoneIamPolicy(\"policy\", DnsManagedZoneIamPolicyArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dns:DnsManagedZoneIamPolicy\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dns.DnsManagedZoneIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dns.DnsManagedZoneIamBinding(\"binding\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dns.DnsManagedZoneIamBinding(\"binding\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dns.DnsManagedZoneIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamBinding(ctx, \"binding\", \u0026dns.DnsManagedZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBinding;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DnsManagedZoneIamBinding(\"binding\", DnsManagedZoneIamBindingArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dns:DnsManagedZoneIamBinding\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dns.DnsManagedZoneIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dns.DnsManagedZoneIamMember(\"member\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dns.DnsManagedZoneIamMember(\"member\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dns.DnsManagedZoneIamMember(\"member\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamMember(ctx, \"member\", \u0026dns.DnsManagedZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMember;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DnsManagedZoneIamMember(\"member\", DnsManagedZoneIamMemberArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dns:DnsManagedZoneIamMember\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud DNS ManagedZone\nThree different resources help you manage your IAM policy for Cloud DNS ManagedZone. Each of these resources serves a different use case:\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Authoritative. Sets the IAM policy for the managedzone and replaces any existing policy already attached.\n* `gcp.dns.DnsManagedZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedzone are preserved.\n* `gcp.dns.DnsManagedZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedzone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Retrieves the IAM policy for the managedzone\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamPolicy` **cannot** be used in conjunction with `gcp.dns.DnsManagedZoneIamBinding` and `gcp.dns.DnsManagedZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamBinding` resources **can be** used in conjunction with `gcp.dns.DnsManagedZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dns.DnsManagedZoneIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dns.DnsManagedZoneIamPolicy(\"policy\", {\n project: _default.project,\n managedZone: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dns.DnsManagedZoneIamPolicy(\"policy\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dns.DnsManagedZoneIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewDnsManagedZoneIamPolicy(ctx, \"policy\", \u0026dns.DnsManagedZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicy;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DnsManagedZoneIamPolicy(\"policy\", DnsManagedZoneIamPolicyArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dns:DnsManagedZoneIamPolicy\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dns.DnsManagedZoneIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dns.DnsManagedZoneIamBinding(\"binding\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dns.DnsManagedZoneIamBinding(\"binding\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dns.DnsManagedZoneIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamBinding(ctx, \"binding\", \u0026dns.DnsManagedZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBinding;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DnsManagedZoneIamBinding(\"binding\", DnsManagedZoneIamBindingArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dns:DnsManagedZoneIamBinding\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dns.DnsManagedZoneIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dns.DnsManagedZoneIamMember(\"member\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dns.DnsManagedZoneIamMember(\"member\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dns.DnsManagedZoneIamMember(\"member\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamMember(ctx, \"member\", \u0026dns.DnsManagedZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMember;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DnsManagedZoneIamMember(\"member\", DnsManagedZoneIamMemberArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dns:DnsManagedZoneIamMember\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/managedZones/{{managed_zone}}\n\n* {{project}}/{{managed_zone}}\n\n* {{managed_zone}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud DNS managedzone IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamBinding:DnsManagedZoneIamBinding editor \"projects/{{project}}/managedZones/{{managed_zone}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamBinding:DnsManagedZoneIamBinding editor \"projects/{{project}}/managedZones/{{managed_zone}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamBinding:DnsManagedZoneIamBinding editor projects/{{project}}/managedZones/{{managed_zone}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud DNS ManagedZone. Each of these resources serves a different use case:\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Authoritative. Sets the IAM policy for the managedzone and replaces any existing policy already attached.\n* `gcp.dns.DnsManagedZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedzone are preserved.\n* `gcp.dns.DnsManagedZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedzone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Retrieves the IAM policy for the managedzone\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamPolicy` **cannot** be used in conjunction with `gcp.dns.DnsManagedZoneIamBinding` and `gcp.dns.DnsManagedZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamBinding` resources **can be** used in conjunction with `gcp.dns.DnsManagedZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dns.DnsManagedZoneIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dns.DnsManagedZoneIamPolicy(\"policy\", {\n project: _default.project,\n managedZone: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dns.DnsManagedZoneIamPolicy(\"policy\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dns.DnsManagedZoneIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewDnsManagedZoneIamPolicy(ctx, \"policy\", \u0026dns.DnsManagedZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicy;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DnsManagedZoneIamPolicy(\"policy\", DnsManagedZoneIamPolicyArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dns:DnsManagedZoneIamPolicy\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dns.DnsManagedZoneIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dns.DnsManagedZoneIamBinding(\"binding\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dns.DnsManagedZoneIamBinding(\"binding\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dns.DnsManagedZoneIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamBinding(ctx, \"binding\", \u0026dns.DnsManagedZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBinding;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DnsManagedZoneIamBinding(\"binding\", DnsManagedZoneIamBindingArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dns:DnsManagedZoneIamBinding\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dns.DnsManagedZoneIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dns.DnsManagedZoneIamMember(\"member\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dns.DnsManagedZoneIamMember(\"member\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dns.DnsManagedZoneIamMember(\"member\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamMember(ctx, \"member\", \u0026dns.DnsManagedZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMember;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DnsManagedZoneIamMember(\"member\", DnsManagedZoneIamMemberArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dns:DnsManagedZoneIamMember\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud DNS ManagedZone\nThree different resources help you manage your IAM policy for Cloud DNS ManagedZone. Each of these resources serves a different use case:\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Authoritative. Sets the IAM policy for the managedzone and replaces any existing policy already attached.\n* `gcp.dns.DnsManagedZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedzone are preserved.\n* `gcp.dns.DnsManagedZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedzone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Retrieves the IAM policy for the managedzone\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamPolicy` **cannot** be used in conjunction with `gcp.dns.DnsManagedZoneIamBinding` and `gcp.dns.DnsManagedZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamBinding` resources **can be** used in conjunction with `gcp.dns.DnsManagedZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dns.DnsManagedZoneIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dns.DnsManagedZoneIamPolicy(\"policy\", {\n project: _default.project,\n managedZone: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dns.DnsManagedZoneIamPolicy(\"policy\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dns.DnsManagedZoneIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewDnsManagedZoneIamPolicy(ctx, \"policy\", \u0026dns.DnsManagedZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicy;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DnsManagedZoneIamPolicy(\"policy\", DnsManagedZoneIamPolicyArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dns:DnsManagedZoneIamPolicy\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dns.DnsManagedZoneIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dns.DnsManagedZoneIamBinding(\"binding\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dns.DnsManagedZoneIamBinding(\"binding\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dns.DnsManagedZoneIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamBinding(ctx, \"binding\", \u0026dns.DnsManagedZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBinding;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DnsManagedZoneIamBinding(\"binding\", DnsManagedZoneIamBindingArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dns:DnsManagedZoneIamBinding\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dns.DnsManagedZoneIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dns.DnsManagedZoneIamMember(\"member\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dns.DnsManagedZoneIamMember(\"member\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dns.DnsManagedZoneIamMember(\"member\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamMember(ctx, \"member\", \u0026dns.DnsManagedZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMember;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DnsManagedZoneIamMember(\"member\", DnsManagedZoneIamMemberArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dns:DnsManagedZoneIamMember\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/managedZones/{{managed_zone}}\n\n* {{project}}/{{managed_zone}}\n\n* {{managed_zone}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud DNS managedzone IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamBinding:DnsManagedZoneIamBinding editor \"projects/{{project}}/managedZones/{{managed_zone}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamBinding:DnsManagedZoneIamBinding editor \"projects/{{project}}/managedZones/{{managed_zone}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamBinding:DnsManagedZoneIamBinding editor projects/{{project}}/managedZones/{{managed_zone}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dns/DnsManagedZoneIamBindingCondition:DnsManagedZoneIamBindingCondition" @@ -207884,7 +207884,7 @@ } }, "gcp:dns/dnsManagedZoneIamMember:DnsManagedZoneIamMember": { - "description": "Three different resources help you manage your IAM policy for Cloud DNS ManagedZone. Each of these resources serves a different use case:\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Authoritative. Sets the IAM policy for the managedzone and replaces any existing policy already attached.\n* `gcp.dns.DnsManagedZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedzone are preserved.\n* `gcp.dns.DnsManagedZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedzone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Retrieves the IAM policy for the managedzone\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamPolicy` **cannot** be used in conjunction with `gcp.dns.DnsManagedZoneIamBinding` and `gcp.dns.DnsManagedZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamBinding` resources **can be** used in conjunction with `gcp.dns.DnsManagedZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dns.DnsManagedZoneIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dns.DnsManagedZoneIamPolicy(\"policy\", {\n project: _default.project,\n managedZone: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dns.DnsManagedZoneIamPolicy(\"policy\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dns.DnsManagedZoneIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewDnsManagedZoneIamPolicy(ctx, \"policy\", \u0026dns.DnsManagedZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicy;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DnsManagedZoneIamPolicy(\"policy\", DnsManagedZoneIamPolicyArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dns:DnsManagedZoneIamPolicy\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dns.DnsManagedZoneIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dns.DnsManagedZoneIamBinding(\"binding\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dns.DnsManagedZoneIamBinding(\"binding\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dns.DnsManagedZoneIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamBinding(ctx, \"binding\", \u0026dns.DnsManagedZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBinding;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DnsManagedZoneIamBinding(\"binding\", DnsManagedZoneIamBindingArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dns:DnsManagedZoneIamBinding\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dns.DnsManagedZoneIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dns.DnsManagedZoneIamMember(\"member\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dns.DnsManagedZoneIamMember(\"member\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dns.DnsManagedZoneIamMember(\"member\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamMember(ctx, \"member\", \u0026dns.DnsManagedZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMember;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DnsManagedZoneIamMember(\"member\", DnsManagedZoneIamMemberArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dns:DnsManagedZoneIamMember\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud DNS ManagedZone\nThree different resources help you manage your IAM policy for Cloud DNS ManagedZone. Each of these resources serves a different use case:\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Authoritative. Sets the IAM policy for the managedzone and replaces any existing policy already attached.\n* `gcp.dns.DnsManagedZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedzone are preserved.\n* `gcp.dns.DnsManagedZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedzone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Retrieves the IAM policy for the managedzone\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamPolicy` **cannot** be used in conjunction with `gcp.dns.DnsManagedZoneIamBinding` and `gcp.dns.DnsManagedZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamBinding` resources **can be** used in conjunction with `gcp.dns.DnsManagedZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dns.DnsManagedZoneIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dns.DnsManagedZoneIamPolicy(\"policy\", {\n project: _default.project,\n managedZone: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dns.DnsManagedZoneIamPolicy(\"policy\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dns.DnsManagedZoneIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewDnsManagedZoneIamPolicy(ctx, \"policy\", \u0026dns.DnsManagedZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicy;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DnsManagedZoneIamPolicy(\"policy\", DnsManagedZoneIamPolicyArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dns:DnsManagedZoneIamPolicy\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dns.DnsManagedZoneIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dns.DnsManagedZoneIamBinding(\"binding\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dns.DnsManagedZoneIamBinding(\"binding\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dns.DnsManagedZoneIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamBinding(ctx, \"binding\", \u0026dns.DnsManagedZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBinding;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DnsManagedZoneIamBinding(\"binding\", DnsManagedZoneIamBindingArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dns:DnsManagedZoneIamBinding\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dns.DnsManagedZoneIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dns.DnsManagedZoneIamMember(\"member\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dns.DnsManagedZoneIamMember(\"member\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dns.DnsManagedZoneIamMember(\"member\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamMember(ctx, \"member\", \u0026dns.DnsManagedZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMember;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DnsManagedZoneIamMember(\"member\", DnsManagedZoneIamMemberArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dns:DnsManagedZoneIamMember\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/managedZones/{{managed_zone}}\n\n* {{project}}/{{managed_zone}}\n\n* {{managed_zone}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud DNS managedzone IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamMember:DnsManagedZoneIamMember editor \"projects/{{project}}/managedZones/{{managed_zone}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamMember:DnsManagedZoneIamMember editor \"projects/{{project}}/managedZones/{{managed_zone}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamMember:DnsManagedZoneIamMember editor projects/{{project}}/managedZones/{{managed_zone}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud DNS ManagedZone. Each of these resources serves a different use case:\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Authoritative. Sets the IAM policy for the managedzone and replaces any existing policy already attached.\n* `gcp.dns.DnsManagedZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedzone are preserved.\n* `gcp.dns.DnsManagedZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedzone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Retrieves the IAM policy for the managedzone\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamPolicy` **cannot** be used in conjunction with `gcp.dns.DnsManagedZoneIamBinding` and `gcp.dns.DnsManagedZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamBinding` resources **can be** used in conjunction with `gcp.dns.DnsManagedZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dns.DnsManagedZoneIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dns.DnsManagedZoneIamPolicy(\"policy\", {\n project: _default.project,\n managedZone: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dns.DnsManagedZoneIamPolicy(\"policy\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dns.DnsManagedZoneIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewDnsManagedZoneIamPolicy(ctx, \"policy\", \u0026dns.DnsManagedZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicy;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DnsManagedZoneIamPolicy(\"policy\", DnsManagedZoneIamPolicyArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dns:DnsManagedZoneIamPolicy\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dns.DnsManagedZoneIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dns.DnsManagedZoneIamBinding(\"binding\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dns.DnsManagedZoneIamBinding(\"binding\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dns.DnsManagedZoneIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamBinding(ctx, \"binding\", \u0026dns.DnsManagedZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBinding;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DnsManagedZoneIamBinding(\"binding\", DnsManagedZoneIamBindingArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dns:DnsManagedZoneIamBinding\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dns.DnsManagedZoneIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dns.DnsManagedZoneIamMember(\"member\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dns.DnsManagedZoneIamMember(\"member\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dns.DnsManagedZoneIamMember(\"member\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamMember(ctx, \"member\", \u0026dns.DnsManagedZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMember;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DnsManagedZoneIamMember(\"member\", DnsManagedZoneIamMemberArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dns:DnsManagedZoneIamMember\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud DNS ManagedZone\nThree different resources help you manage your IAM policy for Cloud DNS ManagedZone. Each of these resources serves a different use case:\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Authoritative. Sets the IAM policy for the managedzone and replaces any existing policy already attached.\n* `gcp.dns.DnsManagedZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedzone are preserved.\n* `gcp.dns.DnsManagedZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedzone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Retrieves the IAM policy for the managedzone\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamPolicy` **cannot** be used in conjunction with `gcp.dns.DnsManagedZoneIamBinding` and `gcp.dns.DnsManagedZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamBinding` resources **can be** used in conjunction with `gcp.dns.DnsManagedZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dns.DnsManagedZoneIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dns.DnsManagedZoneIamPolicy(\"policy\", {\n project: _default.project,\n managedZone: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dns.DnsManagedZoneIamPolicy(\"policy\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dns.DnsManagedZoneIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewDnsManagedZoneIamPolicy(ctx, \"policy\", \u0026dns.DnsManagedZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicy;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DnsManagedZoneIamPolicy(\"policy\", DnsManagedZoneIamPolicyArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dns:DnsManagedZoneIamPolicy\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dns.DnsManagedZoneIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dns.DnsManagedZoneIamBinding(\"binding\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dns.DnsManagedZoneIamBinding(\"binding\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dns.DnsManagedZoneIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamBinding(ctx, \"binding\", \u0026dns.DnsManagedZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBinding;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DnsManagedZoneIamBinding(\"binding\", DnsManagedZoneIamBindingArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dns:DnsManagedZoneIamBinding\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dns.DnsManagedZoneIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dns.DnsManagedZoneIamMember(\"member\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dns.DnsManagedZoneIamMember(\"member\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dns.DnsManagedZoneIamMember(\"member\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamMember(ctx, \"member\", \u0026dns.DnsManagedZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMember;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DnsManagedZoneIamMember(\"member\", DnsManagedZoneIamMemberArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dns:DnsManagedZoneIamMember\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/managedZones/{{managed_zone}}\n\n* {{project}}/{{managed_zone}}\n\n* {{managed_zone}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud DNS managedzone IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamMember:DnsManagedZoneIamMember editor \"projects/{{project}}/managedZones/{{managed_zone}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamMember:DnsManagedZoneIamMember editor \"projects/{{project}}/managedZones/{{managed_zone}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamMember:DnsManagedZoneIamMember editor projects/{{project}}/managedZones/{{managed_zone}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dns/DnsManagedZoneIamMemberCondition:DnsManagedZoneIamMemberCondition" @@ -207984,7 +207984,7 @@ } }, "gcp:dns/dnsManagedZoneIamPolicy:DnsManagedZoneIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud DNS ManagedZone. Each of these resources serves a different use case:\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Authoritative. Sets the IAM policy for the managedzone and replaces any existing policy already attached.\n* `gcp.dns.DnsManagedZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedzone are preserved.\n* `gcp.dns.DnsManagedZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedzone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Retrieves the IAM policy for the managedzone\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamPolicy` **cannot** be used in conjunction with `gcp.dns.DnsManagedZoneIamBinding` and `gcp.dns.DnsManagedZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamBinding` resources **can be** used in conjunction with `gcp.dns.DnsManagedZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dns.DnsManagedZoneIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dns.DnsManagedZoneIamPolicy(\"policy\", {\n project: _default.project,\n managedZone: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dns.DnsManagedZoneIamPolicy(\"policy\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dns.DnsManagedZoneIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewDnsManagedZoneIamPolicy(ctx, \"policy\", \u0026dns.DnsManagedZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicy;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DnsManagedZoneIamPolicy(\"policy\", DnsManagedZoneIamPolicyArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dns:DnsManagedZoneIamPolicy\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dns.DnsManagedZoneIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dns.DnsManagedZoneIamBinding(\"binding\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dns.DnsManagedZoneIamBinding(\"binding\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dns.DnsManagedZoneIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamBinding(ctx, \"binding\", \u0026dns.DnsManagedZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBinding;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DnsManagedZoneIamBinding(\"binding\", DnsManagedZoneIamBindingArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dns:DnsManagedZoneIamBinding\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dns.DnsManagedZoneIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dns.DnsManagedZoneIamMember(\"member\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dns.DnsManagedZoneIamMember(\"member\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dns.DnsManagedZoneIamMember(\"member\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamMember(ctx, \"member\", \u0026dns.DnsManagedZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMember;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DnsManagedZoneIamMember(\"member\", DnsManagedZoneIamMemberArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dns:DnsManagedZoneIamMember\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud DNS ManagedZone\nThree different resources help you manage your IAM policy for Cloud DNS ManagedZone. Each of these resources serves a different use case:\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Authoritative. Sets the IAM policy for the managedzone and replaces any existing policy already attached.\n* `gcp.dns.DnsManagedZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedzone are preserved.\n* `gcp.dns.DnsManagedZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedzone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Retrieves the IAM policy for the managedzone\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamPolicy` **cannot** be used in conjunction with `gcp.dns.DnsManagedZoneIamBinding` and `gcp.dns.DnsManagedZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamBinding` resources **can be** used in conjunction with `gcp.dns.DnsManagedZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dns.DnsManagedZoneIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dns.DnsManagedZoneIamPolicy(\"policy\", {\n project: _default.project,\n managedZone: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dns.DnsManagedZoneIamPolicy(\"policy\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dns.DnsManagedZoneIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewDnsManagedZoneIamPolicy(ctx, \"policy\", \u0026dns.DnsManagedZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicy;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DnsManagedZoneIamPolicy(\"policy\", DnsManagedZoneIamPolicyArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dns:DnsManagedZoneIamPolicy\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dns.DnsManagedZoneIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dns.DnsManagedZoneIamBinding(\"binding\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dns.DnsManagedZoneIamBinding(\"binding\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dns.DnsManagedZoneIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamBinding(ctx, \"binding\", \u0026dns.DnsManagedZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBinding;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DnsManagedZoneIamBinding(\"binding\", DnsManagedZoneIamBindingArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dns:DnsManagedZoneIamBinding\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dns.DnsManagedZoneIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dns.DnsManagedZoneIamMember(\"member\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dns.DnsManagedZoneIamMember(\"member\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dns.DnsManagedZoneIamMember(\"member\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamMember(ctx, \"member\", \u0026dns.DnsManagedZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMember;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DnsManagedZoneIamMember(\"member\", DnsManagedZoneIamMemberArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dns:DnsManagedZoneIamMember\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/managedZones/{{managed_zone}}\n\n* {{project}}/{{managed_zone}}\n\n* {{managed_zone}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud DNS managedzone IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamPolicy:DnsManagedZoneIamPolicy editor \"projects/{{project}}/managedZones/{{managed_zone}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamPolicy:DnsManagedZoneIamPolicy editor \"projects/{{project}}/managedZones/{{managed_zone}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamPolicy:DnsManagedZoneIamPolicy editor projects/{{project}}/managedZones/{{managed_zone}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud DNS ManagedZone. Each of these resources serves a different use case:\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Authoritative. Sets the IAM policy for the managedzone and replaces any existing policy already attached.\n* `gcp.dns.DnsManagedZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedzone are preserved.\n* `gcp.dns.DnsManagedZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedzone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Retrieves the IAM policy for the managedzone\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamPolicy` **cannot** be used in conjunction with `gcp.dns.DnsManagedZoneIamBinding` and `gcp.dns.DnsManagedZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamBinding` resources **can be** used in conjunction with `gcp.dns.DnsManagedZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dns.DnsManagedZoneIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dns.DnsManagedZoneIamPolicy(\"policy\", {\n project: _default.project,\n managedZone: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dns.DnsManagedZoneIamPolicy(\"policy\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dns.DnsManagedZoneIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewDnsManagedZoneIamPolicy(ctx, \"policy\", \u0026dns.DnsManagedZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicy;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DnsManagedZoneIamPolicy(\"policy\", DnsManagedZoneIamPolicyArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dns:DnsManagedZoneIamPolicy\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dns.DnsManagedZoneIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dns.DnsManagedZoneIamBinding(\"binding\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dns.DnsManagedZoneIamBinding(\"binding\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dns.DnsManagedZoneIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamBinding(ctx, \"binding\", \u0026dns.DnsManagedZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBinding;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DnsManagedZoneIamBinding(\"binding\", DnsManagedZoneIamBindingArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dns:DnsManagedZoneIamBinding\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dns.DnsManagedZoneIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dns.DnsManagedZoneIamMember(\"member\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dns.DnsManagedZoneIamMember(\"member\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dns.DnsManagedZoneIamMember(\"member\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamMember(ctx, \"member\", \u0026dns.DnsManagedZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMember;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DnsManagedZoneIamMember(\"member\", DnsManagedZoneIamMemberArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dns:DnsManagedZoneIamMember\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud DNS ManagedZone\nThree different resources help you manage your IAM policy for Cloud DNS ManagedZone. Each of these resources serves a different use case:\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Authoritative. Sets the IAM policy for the managedzone and replaces any existing policy already attached.\n* `gcp.dns.DnsManagedZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedzone are preserved.\n* `gcp.dns.DnsManagedZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedzone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Retrieves the IAM policy for the managedzone\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamPolicy` **cannot** be used in conjunction with `gcp.dns.DnsManagedZoneIamBinding` and `gcp.dns.DnsManagedZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamBinding` resources **can be** used in conjunction with `gcp.dns.DnsManagedZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.dns.DnsManagedZoneIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dns.DnsManagedZoneIamPolicy(\"policy\", {\n project: _default.project,\n managedZone: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.dns.DnsManagedZoneIamPolicy(\"policy\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dns.DnsManagedZoneIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewDnsManagedZoneIamPolicy(ctx, \"policy\", \u0026dns.DnsManagedZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicy;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DnsManagedZoneIamPolicy(\"policy\", DnsManagedZoneIamPolicyArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dns:DnsManagedZoneIamPolicy\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dns.DnsManagedZoneIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dns.DnsManagedZoneIamBinding(\"binding\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dns.DnsManagedZoneIamBinding(\"binding\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dns.DnsManagedZoneIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamBinding(ctx, \"binding\", \u0026dns.DnsManagedZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBinding;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DnsManagedZoneIamBinding(\"binding\", DnsManagedZoneIamBindingArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dns:DnsManagedZoneIamBinding\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.dns.DnsManagedZoneIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dns.DnsManagedZoneIamMember(\"member\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dns.DnsManagedZoneIamMember(\"member\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dns.DnsManagedZoneIamMember(\"member\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamMember(ctx, \"member\", \u0026dns.DnsManagedZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMember;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DnsManagedZoneIamMember(\"member\", DnsManagedZoneIamMemberArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dns:DnsManagedZoneIamMember\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/managedZones/{{managed_zone}}\n\n* {{project}}/{{managed_zone}}\n\n* {{managed_zone}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud DNS managedzone IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamPolicy:DnsManagedZoneIamPolicy editor \"projects/{{project}}/managedZones/{{managed_zone}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamPolicy:DnsManagedZoneIamPolicy editor \"projects/{{project}}/managedZones/{{managed_zone}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamPolicy:DnsManagedZoneIamPolicy editor projects/{{project}}/managedZones/{{managed_zone}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -208774,7 +208774,7 @@ } }, "gcp:edgecontainer/cluster:Cluster": { - "description": "Cluster contains information about a Google Distributed Cloud Edge Kubernetes cluster.\n\n\nTo get more information about Cluster, see:\n\n* [API documentation](https://cloud.google.com/distributed-cloud/edge/latest/docs/reference/container/rest/v1/projects.locations.clusters)\n* How-to Guides\n * [Create and manage clusters](https://cloud.google.com/distributed-cloud/edge/latest/docs/clusters)\n\n\n\n## Example Usage\n\n### Edgecontainer Cluster\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst _default = new gcp.edgecontainer.Cluster(\"default\", {\n name: \"basic-cluster\",\n location: \"us-central1\",\n authorization: {\n adminUsers: {\n username: \"admin@hashicorptest.com\",\n },\n },\n networking: {\n clusterIpv4CidrBlocks: [\"10.0.0.0/16\"],\n servicesIpv4CidrBlocks: [\"10.1.0.0/16\"],\n },\n fleet: {\n project: project.then(project =\u003e `projects/${project.number}`),\n },\n labels: {\n my_key: \"my_val\",\n other_key: \"other_val\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ndefault = gcp.edgecontainer.Cluster(\"default\",\n name=\"basic-cluster\",\n location=\"us-central1\",\n authorization={\n \"admin_users\": {\n \"username\": \"admin@hashicorptest.com\",\n },\n },\n networking={\n \"cluster_ipv4_cidr_blocks\": [\"10.0.0.0/16\"],\n \"services_ipv4_cidr_blocks\": [\"10.1.0.0/16\"],\n },\n fleet={\n \"project\": f\"projects/{project.number}\",\n },\n labels={\n \"my_key\": \"my_val\",\n \"other_key\": \"other_val\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var @default = new Gcp.EdgeContainer.Cluster(\"default\", new()\n {\n Name = \"basic-cluster\",\n Location = \"us-central1\",\n Authorization = new Gcp.EdgeContainer.Inputs.ClusterAuthorizationArgs\n {\n AdminUsers = new Gcp.EdgeContainer.Inputs.ClusterAuthorizationAdminUsersArgs\n {\n Username = \"admin@hashicorptest.com\",\n },\n },\n Networking = new Gcp.EdgeContainer.Inputs.ClusterNetworkingArgs\n {\n ClusterIpv4CidrBlocks = new[]\n {\n \"10.0.0.0/16\",\n },\n ServicesIpv4CidrBlocks = new[]\n {\n \"10.1.0.0/16\",\n },\n },\n Fleet = new Gcp.EdgeContainer.Inputs.ClusterFleetArgs\n {\n Project = $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}\",\n },\n Labels = \n {\n { \"my_key\", \"my_val\" },\n { \"other_key\", \"other_val\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/edgecontainer\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = edgecontainer.NewCluster(ctx, \"default\", \u0026edgecontainer.ClusterArgs{\n\t\t\tName: pulumi.String(\"basic-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tAuthorization: \u0026edgecontainer.ClusterAuthorizationArgs{\n\t\t\t\tAdminUsers: \u0026edgecontainer.ClusterAuthorizationAdminUsersArgs{\n\t\t\t\t\tUsername: pulumi.String(\"admin@hashicorptest.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworking: \u0026edgecontainer.ClusterNetworkingArgs{\n\t\t\t\tClusterIpv4CidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.0.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tServicesIpv4CidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.1.0.0/16\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tFleet: \u0026edgecontainer.ClusterFleetArgs{\n\t\t\t\tProject: pulumi.Sprintf(\"projects/%v\", project.Number),\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"my_key\": pulumi.String(\"my_val\"),\n\t\t\t\t\"other_key\": pulumi.String(\"other_val\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.edgecontainer.Cluster;\nimport com.pulumi.gcp.edgecontainer.ClusterArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterAuthorizationArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterAuthorizationAdminUsersArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterNetworkingArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterFleetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var default_ = new Cluster(\"default\", ClusterArgs.builder()\n .name(\"basic-cluster\")\n .location(\"us-central1\")\n .authorization(ClusterAuthorizationArgs.builder()\n .adminUsers(ClusterAuthorizationAdminUsersArgs.builder()\n .username(\"admin@hashicorptest.com\")\n .build())\n .build())\n .networking(ClusterNetworkingArgs.builder()\n .clusterIpv4CidrBlocks(\"10.0.0.0/16\")\n .servicesIpv4CidrBlocks(\"10.1.0.0/16\")\n .build())\n .fleet(ClusterFleetArgs.builder()\n .project(String.format(\"projects/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build())\n .labels(Map.ofEntries(\n Map.entry(\"my_key\", \"my_val\"),\n Map.entry(\"other_key\", \"other_val\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:edgecontainer:Cluster\n properties:\n name: basic-cluster\n location: us-central1\n authorization:\n adminUsers:\n username: admin@hashicorptest.com\n networking:\n clusterIpv4CidrBlocks:\n - 10.0.0.0/16\n servicesIpv4CidrBlocks:\n - 10.1.0.0/16\n fleet:\n project: projects/${project.number}\n labels:\n my_key: my_val\n other_key: other_val\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Edgecontainer Cluster With Maintenance Window\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst _default = new gcp.edgecontainer.Cluster(\"default\", {\n name: \"cluster-with-maintenance\",\n location: \"us-central1\",\n authorization: {\n adminUsers: {\n username: \"admin@hashicorptest.com\",\n },\n },\n networking: {\n clusterIpv4CidrBlocks: [\"10.0.0.0/16\"],\n servicesIpv4CidrBlocks: [\"10.1.0.0/16\"],\n },\n fleet: {\n project: project.then(project =\u003e `projects/${project.number}`),\n },\n maintenancePolicy: {\n window: {\n recurringWindow: {\n window: {\n startTime: \"2023-01-01T08:00:00Z\",\n endTime: \"2023-01-01T17:00:00Z\",\n },\n recurrence: \"FREQ=WEEKLY;BYDAY=SA\",\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ndefault = gcp.edgecontainer.Cluster(\"default\",\n name=\"cluster-with-maintenance\",\n location=\"us-central1\",\n authorization={\n \"admin_users\": {\n \"username\": \"admin@hashicorptest.com\",\n },\n },\n networking={\n \"cluster_ipv4_cidr_blocks\": [\"10.0.0.0/16\"],\n \"services_ipv4_cidr_blocks\": [\"10.1.0.0/16\"],\n },\n fleet={\n \"project\": f\"projects/{project.number}\",\n },\n maintenance_policy={\n \"window\": {\n \"recurring_window\": {\n \"window\": {\n \"start_time\": \"2023-01-01T08:00:00Z\",\n \"end_time\": \"2023-01-01T17:00:00Z\",\n },\n \"recurrence\": \"FREQ=WEEKLY;BYDAY=SA\",\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var @default = new Gcp.EdgeContainer.Cluster(\"default\", new()\n {\n Name = \"cluster-with-maintenance\",\n Location = \"us-central1\",\n Authorization = new Gcp.EdgeContainer.Inputs.ClusterAuthorizationArgs\n {\n AdminUsers = new Gcp.EdgeContainer.Inputs.ClusterAuthorizationAdminUsersArgs\n {\n Username = \"admin@hashicorptest.com\",\n },\n },\n Networking = new Gcp.EdgeContainer.Inputs.ClusterNetworkingArgs\n {\n ClusterIpv4CidrBlocks = new[]\n {\n \"10.0.0.0/16\",\n },\n ServicesIpv4CidrBlocks = new[]\n {\n \"10.1.0.0/16\",\n },\n },\n Fleet = new Gcp.EdgeContainer.Inputs.ClusterFleetArgs\n {\n Project = $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}\",\n },\n MaintenancePolicy = new Gcp.EdgeContainer.Inputs.ClusterMaintenancePolicyArgs\n {\n Window = new Gcp.EdgeContainer.Inputs.ClusterMaintenancePolicyWindowArgs\n {\n RecurringWindow = new Gcp.EdgeContainer.Inputs.ClusterMaintenancePolicyWindowRecurringWindowArgs\n {\n Window = new Gcp.EdgeContainer.Inputs.ClusterMaintenancePolicyWindowRecurringWindowWindowArgs\n {\n StartTime = \"2023-01-01T08:00:00Z\",\n EndTime = \"2023-01-01T17:00:00Z\",\n },\n Recurrence = \"FREQ=WEEKLY;BYDAY=SA\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/edgecontainer\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = edgecontainer.NewCluster(ctx, \"default\", \u0026edgecontainer.ClusterArgs{\n\t\t\tName: pulumi.String(\"cluster-with-maintenance\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tAuthorization: \u0026edgecontainer.ClusterAuthorizationArgs{\n\t\t\t\tAdminUsers: \u0026edgecontainer.ClusterAuthorizationAdminUsersArgs{\n\t\t\t\t\tUsername: pulumi.String(\"admin@hashicorptest.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworking: \u0026edgecontainer.ClusterNetworkingArgs{\n\t\t\t\tClusterIpv4CidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.0.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tServicesIpv4CidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.1.0.0/16\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tFleet: \u0026edgecontainer.ClusterFleetArgs{\n\t\t\t\tProject: pulumi.Sprintf(\"projects/%v\", project.Number),\n\t\t\t},\n\t\t\tMaintenancePolicy: \u0026edgecontainer.ClusterMaintenancePolicyArgs{\n\t\t\t\tWindow: \u0026edgecontainer.ClusterMaintenancePolicyWindowArgs{\n\t\t\t\t\tRecurringWindow: \u0026edgecontainer.ClusterMaintenancePolicyWindowRecurringWindowArgs{\n\t\t\t\t\t\tWindow: \u0026edgecontainer.ClusterMaintenancePolicyWindowRecurringWindowWindowArgs{\n\t\t\t\t\t\t\tStartTime: pulumi.String(\"2023-01-01T08:00:00Z\"),\n\t\t\t\t\t\t\tEndTime: pulumi.String(\"2023-01-01T17:00:00Z\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tRecurrence: pulumi.String(\"FREQ=WEEKLY;BYDAY=SA\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.edgecontainer.Cluster;\nimport com.pulumi.gcp.edgecontainer.ClusterArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterAuthorizationArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterAuthorizationAdminUsersArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterNetworkingArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterFleetArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterMaintenancePolicyArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterMaintenancePolicyWindowArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterMaintenancePolicyWindowRecurringWindowArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterMaintenancePolicyWindowRecurringWindowWindowArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var default_ = new Cluster(\"default\", ClusterArgs.builder()\n .name(\"cluster-with-maintenance\")\n .location(\"us-central1\")\n .authorization(ClusterAuthorizationArgs.builder()\n .adminUsers(ClusterAuthorizationAdminUsersArgs.builder()\n .username(\"admin@hashicorptest.com\")\n .build())\n .build())\n .networking(ClusterNetworkingArgs.builder()\n .clusterIpv4CidrBlocks(\"10.0.0.0/16\")\n .servicesIpv4CidrBlocks(\"10.1.0.0/16\")\n .build())\n .fleet(ClusterFleetArgs.builder()\n .project(String.format(\"projects/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build())\n .maintenancePolicy(ClusterMaintenancePolicyArgs.builder()\n .window(ClusterMaintenancePolicyWindowArgs.builder()\n .recurringWindow(ClusterMaintenancePolicyWindowRecurringWindowArgs.builder()\n .window(ClusterMaintenancePolicyWindowRecurringWindowWindowArgs.builder()\n .startTime(\"2023-01-01T08:00:00Z\")\n .endTime(\"2023-01-01T17:00:00Z\")\n .build())\n .recurrence(\"FREQ=WEEKLY;BYDAY=SA\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:edgecontainer:Cluster\n properties:\n name: cluster-with-maintenance\n location: us-central1\n authorization:\n adminUsers:\n username: admin@hashicorptest.com\n networking:\n clusterIpv4CidrBlocks:\n - 10.0.0.0/16\n servicesIpv4CidrBlocks:\n - 10.1.0.0/16\n fleet:\n project: projects/${project.number}\n maintenancePolicy:\n window:\n recurringWindow:\n window:\n startTime: 2023-01-01T08:00:00Z\n endTime: 2023-01-01T17:00:00Z\n recurrence: FREQ=WEEKLY;BYDAY=SA\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Edgecontainer Local Control Plane Cluster\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst _default = new gcp.edgecontainer.Cluster(\"default\", {\n name: \"local-control-plane-cluster\",\n location: \"us-central1\",\n authorization: {\n adminUsers: {\n username: \"admin@hashicorptest.com\",\n },\n },\n networking: {\n clusterIpv4CidrBlocks: [\"10.0.0.0/16\"],\n servicesIpv4CidrBlocks: [\"10.1.0.0/16\"],\n },\n fleet: {\n project: project.then(project =\u003e `projects/${project.number}`),\n },\n externalLoadBalancerIpv4AddressPools: [\"10.100.0.0-10.100.0.10\"],\n controlPlane: {\n local: {\n nodeLocation: \"us-central1-edge-example-edgesite\",\n nodeCount: 1,\n machineFilter: \"machine-name\",\n sharedDeploymentPolicy: \"ALLOWED\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ndefault = gcp.edgecontainer.Cluster(\"default\",\n name=\"local-control-plane-cluster\",\n location=\"us-central1\",\n authorization={\n \"admin_users\": {\n \"username\": \"admin@hashicorptest.com\",\n },\n },\n networking={\n \"cluster_ipv4_cidr_blocks\": [\"10.0.0.0/16\"],\n \"services_ipv4_cidr_blocks\": [\"10.1.0.0/16\"],\n },\n fleet={\n \"project\": f\"projects/{project.number}\",\n },\n external_load_balancer_ipv4_address_pools=[\"10.100.0.0-10.100.0.10\"],\n control_plane={\n \"local\": {\n \"node_location\": \"us-central1-edge-example-edgesite\",\n \"node_count\": 1,\n \"machine_filter\": \"machine-name\",\n \"shared_deployment_policy\": \"ALLOWED\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var @default = new Gcp.EdgeContainer.Cluster(\"default\", new()\n {\n Name = \"local-control-plane-cluster\",\n Location = \"us-central1\",\n Authorization = new Gcp.EdgeContainer.Inputs.ClusterAuthorizationArgs\n {\n AdminUsers = new Gcp.EdgeContainer.Inputs.ClusterAuthorizationAdminUsersArgs\n {\n Username = \"admin@hashicorptest.com\",\n },\n },\n Networking = new Gcp.EdgeContainer.Inputs.ClusterNetworkingArgs\n {\n ClusterIpv4CidrBlocks = new[]\n {\n \"10.0.0.0/16\",\n },\n ServicesIpv4CidrBlocks = new[]\n {\n \"10.1.0.0/16\",\n },\n },\n Fleet = new Gcp.EdgeContainer.Inputs.ClusterFleetArgs\n {\n Project = $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}\",\n },\n ExternalLoadBalancerIpv4AddressPools = new[]\n {\n \"10.100.0.0-10.100.0.10\",\n },\n ControlPlane = new Gcp.EdgeContainer.Inputs.ClusterControlPlaneArgs\n {\n Local = new Gcp.EdgeContainer.Inputs.ClusterControlPlaneLocalArgs\n {\n NodeLocation = \"us-central1-edge-example-edgesite\",\n NodeCount = 1,\n MachineFilter = \"machine-name\",\n SharedDeploymentPolicy = \"ALLOWED\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/edgecontainer\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = edgecontainer.NewCluster(ctx, \"default\", \u0026edgecontainer.ClusterArgs{\n\t\t\tName: pulumi.String(\"local-control-plane-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tAuthorization: \u0026edgecontainer.ClusterAuthorizationArgs{\n\t\t\t\tAdminUsers: \u0026edgecontainer.ClusterAuthorizationAdminUsersArgs{\n\t\t\t\t\tUsername: pulumi.String(\"admin@hashicorptest.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworking: \u0026edgecontainer.ClusterNetworkingArgs{\n\t\t\t\tClusterIpv4CidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.0.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tServicesIpv4CidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.1.0.0/16\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tFleet: \u0026edgecontainer.ClusterFleetArgs{\n\t\t\t\tProject: pulumi.Sprintf(\"projects/%v\", project.Number),\n\t\t\t},\n\t\t\tExternalLoadBalancerIpv4AddressPools: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"10.100.0.0-10.100.0.10\"),\n\t\t\t},\n\t\t\tControlPlane: \u0026edgecontainer.ClusterControlPlaneArgs{\n\t\t\t\tLocal: \u0026edgecontainer.ClusterControlPlaneLocalArgs{\n\t\t\t\t\tNodeLocation: pulumi.String(\"us-central1-edge-example-edgesite\"),\n\t\t\t\t\tNodeCount: pulumi.Int(1),\n\t\t\t\t\tMachineFilter: pulumi.String(\"machine-name\"),\n\t\t\t\t\tSharedDeploymentPolicy: pulumi.String(\"ALLOWED\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.edgecontainer.Cluster;\nimport com.pulumi.gcp.edgecontainer.ClusterArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterAuthorizationArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterAuthorizationAdminUsersArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterNetworkingArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterFleetArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterControlPlaneArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterControlPlaneLocalArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var default_ = new Cluster(\"default\", ClusterArgs.builder()\n .name(\"local-control-plane-cluster\")\n .location(\"us-central1\")\n .authorization(ClusterAuthorizationArgs.builder()\n .adminUsers(ClusterAuthorizationAdminUsersArgs.builder()\n .username(\"admin@hashicorptest.com\")\n .build())\n .build())\n .networking(ClusterNetworkingArgs.builder()\n .clusterIpv4CidrBlocks(\"10.0.0.0/16\")\n .servicesIpv4CidrBlocks(\"10.1.0.0/16\")\n .build())\n .fleet(ClusterFleetArgs.builder()\n .project(String.format(\"projects/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build())\n .externalLoadBalancerIpv4AddressPools(\"10.100.0.0-10.100.0.10\")\n .controlPlane(ClusterControlPlaneArgs.builder()\n .local(ClusterControlPlaneLocalArgs.builder()\n .nodeLocation(\"us-central1-edge-example-edgesite\")\n .nodeCount(1)\n .machineFilter(\"machine-name\")\n .sharedDeploymentPolicy(\"ALLOWED\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:edgecontainer:Cluster\n properties:\n name: local-control-plane-cluster\n location: us-central1\n authorization:\n adminUsers:\n username: admin@hashicorptest.com\n networking:\n clusterIpv4CidrBlocks:\n - 10.0.0.0/16\n servicesIpv4CidrBlocks:\n - 10.1.0.0/16\n fleet:\n project: projects/${project.number}\n externalLoadBalancerIpv4AddressPools:\n - 10.100.0.0-10.100.0.10\n controlPlane:\n local:\n nodeLocation: us-central1-edge-example-edgesite\n nodeCount: 1\n machineFilter: machine-name\n sharedDeploymentPolicy: ALLOWED\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nCluster can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/clusters/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Cluster can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:edgecontainer/cluster:Cluster default projects/{{project}}/locations/{{location}}/clusters/{{name}}\n```\n\n```sh\n$ pulumi import gcp:edgecontainer/cluster:Cluster default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:edgecontainer/cluster:Cluster default {{location}}/{{name}}\n```\n\n", + "description": "Cluster contains information about a Google Distributed Cloud Edge Kubernetes cluster.\n\n\nTo get more information about Cluster, see:\n\n* [API documentation](https://cloud.google.com/distributed-cloud/edge/latest/docs/reference/container/rest/v1/projects.locations.clusters)\n* How-to Guides\n * [Create and manage clusters](https://cloud.google.com/distributed-cloud/edge/latest/docs/clusters)\n\n\n\n## Example Usage\n\n### Edgecontainer Cluster\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst _default = new gcp.edgecontainer.Cluster(\"default\", {\n name: \"basic-cluster\",\n location: \"us-central1\",\n authorization: {\n adminUsers: {\n username: \"admin@hashicorptest.com\",\n },\n },\n networking: {\n clusterIpv4CidrBlocks: [\"10.0.0.0/16\"],\n servicesIpv4CidrBlocks: [\"10.1.0.0/16\"],\n },\n fleet: {\n project: project.then(project =\u003e `projects/${project.number}`),\n },\n labels: {\n my_key: \"my_val\",\n other_key: \"other_val\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ndefault = gcp.edgecontainer.Cluster(\"default\",\n name=\"basic-cluster\",\n location=\"us-central1\",\n authorization={\n \"admin_users\": {\n \"username\": \"admin@hashicorptest.com\",\n },\n },\n networking={\n \"cluster_ipv4_cidr_blocks\": [\"10.0.0.0/16\"],\n \"services_ipv4_cidr_blocks\": [\"10.1.0.0/16\"],\n },\n fleet={\n \"project\": f\"projects/{project.number}\",\n },\n labels={\n \"my_key\": \"my_val\",\n \"other_key\": \"other_val\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var @default = new Gcp.EdgeContainer.Cluster(\"default\", new()\n {\n Name = \"basic-cluster\",\n Location = \"us-central1\",\n Authorization = new Gcp.EdgeContainer.Inputs.ClusterAuthorizationArgs\n {\n AdminUsers = new Gcp.EdgeContainer.Inputs.ClusterAuthorizationAdminUsersArgs\n {\n Username = \"admin@hashicorptest.com\",\n },\n },\n Networking = new Gcp.EdgeContainer.Inputs.ClusterNetworkingArgs\n {\n ClusterIpv4CidrBlocks = new[]\n {\n \"10.0.0.0/16\",\n },\n ServicesIpv4CidrBlocks = new[]\n {\n \"10.1.0.0/16\",\n },\n },\n Fleet = new Gcp.EdgeContainer.Inputs.ClusterFleetArgs\n {\n Project = $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}\",\n },\n Labels = \n {\n { \"my_key\", \"my_val\" },\n { \"other_key\", \"other_val\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/edgecontainer\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = edgecontainer.NewCluster(ctx, \"default\", \u0026edgecontainer.ClusterArgs{\n\t\t\tName: pulumi.String(\"basic-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tAuthorization: \u0026edgecontainer.ClusterAuthorizationArgs{\n\t\t\t\tAdminUsers: \u0026edgecontainer.ClusterAuthorizationAdminUsersArgs{\n\t\t\t\t\tUsername: pulumi.String(\"admin@hashicorptest.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworking: \u0026edgecontainer.ClusterNetworkingArgs{\n\t\t\t\tClusterIpv4CidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.0.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tServicesIpv4CidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.1.0.0/16\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tFleet: \u0026edgecontainer.ClusterFleetArgs{\n\t\t\t\tProject: pulumi.Sprintf(\"projects/%v\", project.Number),\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"my_key\": pulumi.String(\"my_val\"),\n\t\t\t\t\"other_key\": pulumi.String(\"other_val\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.edgecontainer.Cluster;\nimport com.pulumi.gcp.edgecontainer.ClusterArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterAuthorizationArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterAuthorizationAdminUsersArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterNetworkingArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterFleetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var default_ = new Cluster(\"default\", ClusterArgs.builder()\n .name(\"basic-cluster\")\n .location(\"us-central1\")\n .authorization(ClusterAuthorizationArgs.builder()\n .adminUsers(ClusterAuthorizationAdminUsersArgs.builder()\n .username(\"admin@hashicorptest.com\")\n .build())\n .build())\n .networking(ClusterNetworkingArgs.builder()\n .clusterIpv4CidrBlocks(\"10.0.0.0/16\")\n .servicesIpv4CidrBlocks(\"10.1.0.0/16\")\n .build())\n .fleet(ClusterFleetArgs.builder()\n .project(String.format(\"projects/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build())\n .labels(Map.ofEntries(\n Map.entry(\"my_key\", \"my_val\"),\n Map.entry(\"other_key\", \"other_val\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:edgecontainer:Cluster\n properties:\n name: basic-cluster\n location: us-central1\n authorization:\n adminUsers:\n username: admin@hashicorptest.com\n networking:\n clusterIpv4CidrBlocks:\n - 10.0.0.0/16\n servicesIpv4CidrBlocks:\n - 10.1.0.0/16\n fleet:\n project: projects/${project.number}\n labels:\n my_key: my_val\n other_key: other_val\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Edgecontainer Cluster With Maintenance Window\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst _default = new gcp.edgecontainer.Cluster(\"default\", {\n name: \"cluster-with-maintenance\",\n location: \"us-central1\",\n authorization: {\n adminUsers: {\n username: \"admin@hashicorptest.com\",\n },\n },\n networking: {\n clusterIpv4CidrBlocks: [\"10.0.0.0/16\"],\n servicesIpv4CidrBlocks: [\"10.1.0.0/16\"],\n },\n fleet: {\n project: project.then(project =\u003e `projects/${project.number}`),\n },\n maintenancePolicy: {\n window: {\n recurringWindow: {\n window: {\n startTime: \"2023-01-01T08:00:00Z\",\n endTime: \"2023-01-01T17:00:00Z\",\n },\n recurrence: \"FREQ=WEEKLY;BYDAY=SA\",\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ndefault = gcp.edgecontainer.Cluster(\"default\",\n name=\"cluster-with-maintenance\",\n location=\"us-central1\",\n authorization={\n \"admin_users\": {\n \"username\": \"admin@hashicorptest.com\",\n },\n },\n networking={\n \"cluster_ipv4_cidr_blocks\": [\"10.0.0.0/16\"],\n \"services_ipv4_cidr_blocks\": [\"10.1.0.0/16\"],\n },\n fleet={\n \"project\": f\"projects/{project.number}\",\n },\n maintenance_policy={\n \"window\": {\n \"recurring_window\": {\n \"window\": {\n \"start_time\": \"2023-01-01T08:00:00Z\",\n \"end_time\": \"2023-01-01T17:00:00Z\",\n },\n \"recurrence\": \"FREQ=WEEKLY;BYDAY=SA\",\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var @default = new Gcp.EdgeContainer.Cluster(\"default\", new()\n {\n Name = \"cluster-with-maintenance\",\n Location = \"us-central1\",\n Authorization = new Gcp.EdgeContainer.Inputs.ClusterAuthorizationArgs\n {\n AdminUsers = new Gcp.EdgeContainer.Inputs.ClusterAuthorizationAdminUsersArgs\n {\n Username = \"admin@hashicorptest.com\",\n },\n },\n Networking = new Gcp.EdgeContainer.Inputs.ClusterNetworkingArgs\n {\n ClusterIpv4CidrBlocks = new[]\n {\n \"10.0.0.0/16\",\n },\n ServicesIpv4CidrBlocks = new[]\n {\n \"10.1.0.0/16\",\n },\n },\n Fleet = new Gcp.EdgeContainer.Inputs.ClusterFleetArgs\n {\n Project = $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}\",\n },\n MaintenancePolicy = new Gcp.EdgeContainer.Inputs.ClusterMaintenancePolicyArgs\n {\n Window = new Gcp.EdgeContainer.Inputs.ClusterMaintenancePolicyWindowArgs\n {\n RecurringWindow = new Gcp.EdgeContainer.Inputs.ClusterMaintenancePolicyWindowRecurringWindowArgs\n {\n Window = new Gcp.EdgeContainer.Inputs.ClusterMaintenancePolicyWindowRecurringWindowWindowArgs\n {\n StartTime = \"2023-01-01T08:00:00Z\",\n EndTime = \"2023-01-01T17:00:00Z\",\n },\n Recurrence = \"FREQ=WEEKLY;BYDAY=SA\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/edgecontainer\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = edgecontainer.NewCluster(ctx, \"default\", \u0026edgecontainer.ClusterArgs{\n\t\t\tName: pulumi.String(\"cluster-with-maintenance\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tAuthorization: \u0026edgecontainer.ClusterAuthorizationArgs{\n\t\t\t\tAdminUsers: \u0026edgecontainer.ClusterAuthorizationAdminUsersArgs{\n\t\t\t\t\tUsername: pulumi.String(\"admin@hashicorptest.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworking: \u0026edgecontainer.ClusterNetworkingArgs{\n\t\t\t\tClusterIpv4CidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.0.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tServicesIpv4CidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.1.0.0/16\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tFleet: \u0026edgecontainer.ClusterFleetArgs{\n\t\t\t\tProject: pulumi.Sprintf(\"projects/%v\", project.Number),\n\t\t\t},\n\t\t\tMaintenancePolicy: \u0026edgecontainer.ClusterMaintenancePolicyArgs{\n\t\t\t\tWindow: \u0026edgecontainer.ClusterMaintenancePolicyWindowArgs{\n\t\t\t\t\tRecurringWindow: \u0026edgecontainer.ClusterMaintenancePolicyWindowRecurringWindowArgs{\n\t\t\t\t\t\tWindow: \u0026edgecontainer.ClusterMaintenancePolicyWindowRecurringWindowWindowArgs{\n\t\t\t\t\t\t\tStartTime: pulumi.String(\"2023-01-01T08:00:00Z\"),\n\t\t\t\t\t\t\tEndTime: pulumi.String(\"2023-01-01T17:00:00Z\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tRecurrence: pulumi.String(\"FREQ=WEEKLY;BYDAY=SA\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.edgecontainer.Cluster;\nimport com.pulumi.gcp.edgecontainer.ClusterArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterAuthorizationArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterAuthorizationAdminUsersArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterNetworkingArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterFleetArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterMaintenancePolicyArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterMaintenancePolicyWindowArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterMaintenancePolicyWindowRecurringWindowArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterMaintenancePolicyWindowRecurringWindowWindowArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var default_ = new Cluster(\"default\", ClusterArgs.builder()\n .name(\"cluster-with-maintenance\")\n .location(\"us-central1\")\n .authorization(ClusterAuthorizationArgs.builder()\n .adminUsers(ClusterAuthorizationAdminUsersArgs.builder()\n .username(\"admin@hashicorptest.com\")\n .build())\n .build())\n .networking(ClusterNetworkingArgs.builder()\n .clusterIpv4CidrBlocks(\"10.0.0.0/16\")\n .servicesIpv4CidrBlocks(\"10.1.0.0/16\")\n .build())\n .fleet(ClusterFleetArgs.builder()\n .project(String.format(\"projects/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build())\n .maintenancePolicy(ClusterMaintenancePolicyArgs.builder()\n .window(ClusterMaintenancePolicyWindowArgs.builder()\n .recurringWindow(ClusterMaintenancePolicyWindowRecurringWindowArgs.builder()\n .window(ClusterMaintenancePolicyWindowRecurringWindowWindowArgs.builder()\n .startTime(\"2023-01-01T08:00:00Z\")\n .endTime(\"2023-01-01T17:00:00Z\")\n .build())\n .recurrence(\"FREQ=WEEKLY;BYDAY=SA\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:edgecontainer:Cluster\n properties:\n name: cluster-with-maintenance\n location: us-central1\n authorization:\n adminUsers:\n username: admin@hashicorptest.com\n networking:\n clusterIpv4CidrBlocks:\n - 10.0.0.0/16\n servicesIpv4CidrBlocks:\n - 10.1.0.0/16\n fleet:\n project: projects/${project.number}\n maintenancePolicy:\n window:\n recurringWindow:\n window:\n startTime: 2023-01-01T08:00:00Z\n endTime: 2023-01-01T17:00:00Z\n recurrence: FREQ=WEEKLY;BYDAY=SA\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Edgecontainer Local Control Plane Cluster\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst _default = new gcp.edgecontainer.Cluster(\"default\", {\n name: \"local-control-plane-cluster\",\n location: \"us-central1\",\n authorization: {\n adminUsers: {\n username: \"admin@hashicorptest.com\",\n },\n },\n networking: {\n clusterIpv4CidrBlocks: [\"10.0.0.0/16\"],\n servicesIpv4CidrBlocks: [\"10.1.0.0/16\"],\n },\n fleet: {\n project: project.then(project =\u003e `projects/${project.number}`),\n },\n externalLoadBalancerIpv4AddressPools: [\"10.100.0.0-10.100.0.10\"],\n controlPlane: {\n local: {\n nodeLocation: \"us-central1-edge-example-edgesite\",\n nodeCount: 1,\n machineFilter: \"machine-name\",\n sharedDeploymentPolicy: \"ALLOWED\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ndefault = gcp.edgecontainer.Cluster(\"default\",\n name=\"local-control-plane-cluster\",\n location=\"us-central1\",\n authorization={\n \"admin_users\": {\n \"username\": \"admin@hashicorptest.com\",\n },\n },\n networking={\n \"cluster_ipv4_cidr_blocks\": [\"10.0.0.0/16\"],\n \"services_ipv4_cidr_blocks\": [\"10.1.0.0/16\"],\n },\n fleet={\n \"project\": f\"projects/{project.number}\",\n },\n external_load_balancer_ipv4_address_pools=[\"10.100.0.0-10.100.0.10\"],\n control_plane={\n \"local\": {\n \"node_location\": \"us-central1-edge-example-edgesite\",\n \"node_count\": 1,\n \"machine_filter\": \"machine-name\",\n \"shared_deployment_policy\": \"ALLOWED\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var @default = new Gcp.EdgeContainer.Cluster(\"default\", new()\n {\n Name = \"local-control-plane-cluster\",\n Location = \"us-central1\",\n Authorization = new Gcp.EdgeContainer.Inputs.ClusterAuthorizationArgs\n {\n AdminUsers = new Gcp.EdgeContainer.Inputs.ClusterAuthorizationAdminUsersArgs\n {\n Username = \"admin@hashicorptest.com\",\n },\n },\n Networking = new Gcp.EdgeContainer.Inputs.ClusterNetworkingArgs\n {\n ClusterIpv4CidrBlocks = new[]\n {\n \"10.0.0.0/16\",\n },\n ServicesIpv4CidrBlocks = new[]\n {\n \"10.1.0.0/16\",\n },\n },\n Fleet = new Gcp.EdgeContainer.Inputs.ClusterFleetArgs\n {\n Project = $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}\",\n },\n ExternalLoadBalancerIpv4AddressPools = new[]\n {\n \"10.100.0.0-10.100.0.10\",\n },\n ControlPlane = new Gcp.EdgeContainer.Inputs.ClusterControlPlaneArgs\n {\n Local = new Gcp.EdgeContainer.Inputs.ClusterControlPlaneLocalArgs\n {\n NodeLocation = \"us-central1-edge-example-edgesite\",\n NodeCount = 1,\n MachineFilter = \"machine-name\",\n SharedDeploymentPolicy = \"ALLOWED\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/edgecontainer\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = edgecontainer.NewCluster(ctx, \"default\", \u0026edgecontainer.ClusterArgs{\n\t\t\tName: pulumi.String(\"local-control-plane-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tAuthorization: \u0026edgecontainer.ClusterAuthorizationArgs{\n\t\t\t\tAdminUsers: \u0026edgecontainer.ClusterAuthorizationAdminUsersArgs{\n\t\t\t\t\tUsername: pulumi.String(\"admin@hashicorptest.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworking: \u0026edgecontainer.ClusterNetworkingArgs{\n\t\t\t\tClusterIpv4CidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.0.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tServicesIpv4CidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.1.0.0/16\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tFleet: \u0026edgecontainer.ClusterFleetArgs{\n\t\t\t\tProject: pulumi.Sprintf(\"projects/%v\", project.Number),\n\t\t\t},\n\t\t\tExternalLoadBalancerIpv4AddressPools: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"10.100.0.0-10.100.0.10\"),\n\t\t\t},\n\t\t\tControlPlane: \u0026edgecontainer.ClusterControlPlaneArgs{\n\t\t\t\tLocal: \u0026edgecontainer.ClusterControlPlaneLocalArgs{\n\t\t\t\t\tNodeLocation: pulumi.String(\"us-central1-edge-example-edgesite\"),\n\t\t\t\t\tNodeCount: pulumi.Int(1),\n\t\t\t\t\tMachineFilter: pulumi.String(\"machine-name\"),\n\t\t\t\t\tSharedDeploymentPolicy: pulumi.String(\"ALLOWED\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.edgecontainer.Cluster;\nimport com.pulumi.gcp.edgecontainer.ClusterArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterAuthorizationArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterAuthorizationAdminUsersArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterNetworkingArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterFleetArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterControlPlaneArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterControlPlaneLocalArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var default_ = new Cluster(\"default\", ClusterArgs.builder()\n .name(\"local-control-plane-cluster\")\n .location(\"us-central1\")\n .authorization(ClusterAuthorizationArgs.builder()\n .adminUsers(ClusterAuthorizationAdminUsersArgs.builder()\n .username(\"admin@hashicorptest.com\")\n .build())\n .build())\n .networking(ClusterNetworkingArgs.builder()\n .clusterIpv4CidrBlocks(\"10.0.0.0/16\")\n .servicesIpv4CidrBlocks(\"10.1.0.0/16\")\n .build())\n .fleet(ClusterFleetArgs.builder()\n .project(String.format(\"projects/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build())\n .externalLoadBalancerIpv4AddressPools(\"10.100.0.0-10.100.0.10\")\n .controlPlane(ClusterControlPlaneArgs.builder()\n .local(ClusterControlPlaneLocalArgs.builder()\n .nodeLocation(\"us-central1-edge-example-edgesite\")\n .nodeCount(1)\n .machineFilter(\"machine-name\")\n .sharedDeploymentPolicy(\"ALLOWED\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:edgecontainer:Cluster\n properties:\n name: local-control-plane-cluster\n location: us-central1\n authorization:\n adminUsers:\n username: admin@hashicorptest.com\n networking:\n clusterIpv4CidrBlocks:\n - 10.0.0.0/16\n servicesIpv4CidrBlocks:\n - 10.1.0.0/16\n fleet:\n project: projects/${project.number}\n externalLoadBalancerIpv4AddressPools:\n - 10.100.0.0-10.100.0.10\n controlPlane:\n local:\n nodeLocation: us-central1-edge-example-edgesite\n nodeCount: 1\n machineFilter: machine-name\n sharedDeploymentPolicy: ALLOWED\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nCluster can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/clusters/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Cluster can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:edgecontainer/cluster:Cluster default projects/{{project}}/locations/{{location}}/clusters/{{name}}\n```\n\n```sh\n$ pulumi import gcp:edgecontainer/cluster:Cluster default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:edgecontainer/cluster:Cluster default {{location}}/{{name}}\n```\n\n", "properties": { "authorization": { "$ref": "#/types/gcp:edgecontainer/ClusterAuthorization:ClusterAuthorization", @@ -209136,7 +209136,7 @@ } }, "gcp:edgecontainer/nodePool:NodePool": { - "description": "\"A set of Kubernetes nodes in a cluster with common configuration and specification.\"\n\n\nTo get more information about NodePool, see:\n\n* [API documentation](https://cloud.google.com/distributed-cloud/edge/latest/docs/reference/container/rest/v1/projects.locations.clusters.nodePools)\n* How-to Guides\n * [Google Distributed Cloud Edge](https://cloud.google.com/distributed-cloud/edge/latest/docs)\n\n## Example Usage\n\n### Edgecontainer Node Pool\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst cluster = new gcp.edgecontainer.Cluster(\"cluster\", {\n name: \"default\",\n location: \"us-central1\",\n authorization: {\n adminUsers: {\n username: \"admin@hashicorptest.com\",\n },\n },\n networking: {\n clusterIpv4CidrBlocks: [\"10.0.0.0/16\"],\n servicesIpv4CidrBlocks: [\"10.1.0.0/16\"],\n },\n fleet: {\n project: project.then(project =\u003e `projects/${project.number}`),\n },\n});\nconst _default = new gcp.edgecontainer.NodePool(\"default\", {\n name: \"nodepool-1\",\n cluster: cluster.name,\n location: \"us-central1\",\n nodeLocation: \"us-central1-edge-example-edgesite\",\n nodeCount: 3,\n labels: {\n my_key: \"my_val\",\n other_key: \"other_val\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ncluster = gcp.edgecontainer.Cluster(\"cluster\",\n name=\"default\",\n location=\"us-central1\",\n authorization={\n \"admin_users\": {\n \"username\": \"admin@hashicorptest.com\",\n },\n },\n networking={\n \"cluster_ipv4_cidr_blocks\": [\"10.0.0.0/16\"],\n \"services_ipv4_cidr_blocks\": [\"10.1.0.0/16\"],\n },\n fleet={\n \"project\": f\"projects/{project.number}\",\n })\ndefault = gcp.edgecontainer.NodePool(\"default\",\n name=\"nodepool-1\",\n cluster=cluster.name,\n location=\"us-central1\",\n node_location=\"us-central1-edge-example-edgesite\",\n node_count=3,\n labels={\n \"my_key\": \"my_val\",\n \"other_key\": \"other_val\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var cluster = new Gcp.EdgeContainer.Cluster(\"cluster\", new()\n {\n Name = \"default\",\n Location = \"us-central1\",\n Authorization = new Gcp.EdgeContainer.Inputs.ClusterAuthorizationArgs\n {\n AdminUsers = new Gcp.EdgeContainer.Inputs.ClusterAuthorizationAdminUsersArgs\n {\n Username = \"admin@hashicorptest.com\",\n },\n },\n Networking = new Gcp.EdgeContainer.Inputs.ClusterNetworkingArgs\n {\n ClusterIpv4CidrBlocks = new[]\n {\n \"10.0.0.0/16\",\n },\n ServicesIpv4CidrBlocks = new[]\n {\n \"10.1.0.0/16\",\n },\n },\n Fleet = new Gcp.EdgeContainer.Inputs.ClusterFleetArgs\n {\n Project = $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}\",\n },\n });\n\n var @default = new Gcp.EdgeContainer.NodePool(\"default\", new()\n {\n Name = \"nodepool-1\",\n Cluster = cluster.Name,\n Location = \"us-central1\",\n NodeLocation = \"us-central1-edge-example-edgesite\",\n NodeCount = 3,\n Labels = \n {\n { \"my_key\", \"my_val\" },\n { \"other_key\", \"other_val\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/edgecontainer\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcluster, err := edgecontainer.NewCluster(ctx, \"cluster\", \u0026edgecontainer.ClusterArgs{\n\t\t\tName: pulumi.String(\"default\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tAuthorization: \u0026edgecontainer.ClusterAuthorizationArgs{\n\t\t\t\tAdminUsers: \u0026edgecontainer.ClusterAuthorizationAdminUsersArgs{\n\t\t\t\t\tUsername: pulumi.String(\"admin@hashicorptest.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworking: \u0026edgecontainer.ClusterNetworkingArgs{\n\t\t\t\tClusterIpv4CidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.0.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tServicesIpv4CidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.1.0.0/16\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tFleet: \u0026edgecontainer.ClusterFleetArgs{\n\t\t\t\tProject: pulumi.Sprintf(\"projects/%v\", project.Number),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = edgecontainer.NewNodePool(ctx, \"default\", \u0026edgecontainer.NodePoolArgs{\n\t\t\tName: pulumi.String(\"nodepool-1\"),\n\t\t\tCluster: cluster.Name,\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tNodeLocation: pulumi.String(\"us-central1-edge-example-edgesite\"),\n\t\t\tNodeCount: pulumi.Int(3),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"my_key\": pulumi.String(\"my_val\"),\n\t\t\t\t\"other_key\": pulumi.String(\"other_val\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.edgecontainer.Cluster;\nimport com.pulumi.gcp.edgecontainer.ClusterArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterAuthorizationArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterAuthorizationAdminUsersArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterNetworkingArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterFleetArgs;\nimport com.pulumi.gcp.edgecontainer.NodePool;\nimport com.pulumi.gcp.edgecontainer.NodePoolArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var cluster = new Cluster(\"cluster\", ClusterArgs.builder()\n .name(\"default\")\n .location(\"us-central1\")\n .authorization(ClusterAuthorizationArgs.builder()\n .adminUsers(ClusterAuthorizationAdminUsersArgs.builder()\n .username(\"admin@hashicorptest.com\")\n .build())\n .build())\n .networking(ClusterNetworkingArgs.builder()\n .clusterIpv4CidrBlocks(\"10.0.0.0/16\")\n .servicesIpv4CidrBlocks(\"10.1.0.0/16\")\n .build())\n .fleet(ClusterFleetArgs.builder()\n .project(String.format(\"projects/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build())\n .build());\n\n var default_ = new NodePool(\"default\", NodePoolArgs.builder()\n .name(\"nodepool-1\")\n .cluster(cluster.name())\n .location(\"us-central1\")\n .nodeLocation(\"us-central1-edge-example-edgesite\")\n .nodeCount(3)\n .labels(Map.ofEntries(\n Map.entry(\"my_key\", \"my_val\"),\n Map.entry(\"other_key\", \"other_val\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cluster:\n type: gcp:edgecontainer:Cluster\n properties:\n name: default\n location: us-central1\n authorization:\n adminUsers:\n username: admin@hashicorptest.com\n networking:\n clusterIpv4CidrBlocks:\n - 10.0.0.0/16\n servicesIpv4CidrBlocks:\n - 10.1.0.0/16\n fleet:\n project: projects/${project.number}\n default:\n type: gcp:edgecontainer:NodePool\n properties:\n name: nodepool-1\n cluster: ${cluster.name}\n location: us-central1\n nodeLocation: us-central1-edge-example-edgesite\n nodeCount: 3\n labels:\n my_key: my_val\n other_key: other_val\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Edgecontainer Node Pool With Cmek\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst cluster = new gcp.edgecontainer.Cluster(\"cluster\", {\n name: \"default\",\n location: \"us-central1\",\n authorization: {\n adminUsers: {\n username: \"admin@hashicorptest.com\",\n },\n },\n networking: {\n clusterIpv4CidrBlocks: [\"10.0.0.0/16\"],\n servicesIpv4CidrBlocks: [\"10.1.0.0/16\"],\n },\n fleet: {\n project: project.then(project =\u003e `projects/${project.number}`),\n },\n});\nconst keyRing = new gcp.kms.KeyRing(\"key_ring\", {\n name: \"keyring\",\n location: \"us-central1\",\n});\nconst cryptoKeyCryptoKey = new gcp.kms.CryptoKey(\"crypto_key\", {\n name: \"key\",\n keyRing: keyRing.id,\n});\nconst cryptoKey = new gcp.kms.CryptoKeyIAMMember(\"crypto_key\", {\n cryptoKeyId: cryptoKeyCryptoKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-edgecontainer.iam.gserviceaccount.com`),\n});\nconst _default = new gcp.edgecontainer.NodePool(\"default\", {\n name: \"nodepool-1\",\n cluster: cluster.name,\n location: \"us-central1\",\n nodeLocation: \"us-central1-edge-example-edgesite\",\n nodeCount: 3,\n localDiskEncryption: {\n kmsKey: cryptoKeyCryptoKey.id,\n },\n}, {\n dependsOn: [cryptoKey],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ncluster = gcp.edgecontainer.Cluster(\"cluster\",\n name=\"default\",\n location=\"us-central1\",\n authorization={\n \"admin_users\": {\n \"username\": \"admin@hashicorptest.com\",\n },\n },\n networking={\n \"cluster_ipv4_cidr_blocks\": [\"10.0.0.0/16\"],\n \"services_ipv4_cidr_blocks\": [\"10.1.0.0/16\"],\n },\n fleet={\n \"project\": f\"projects/{project.number}\",\n })\nkey_ring = gcp.kms.KeyRing(\"key_ring\",\n name=\"keyring\",\n location=\"us-central1\")\ncrypto_key_crypto_key = gcp.kms.CryptoKey(\"crypto_key\",\n name=\"key\",\n key_ring=key_ring.id)\ncrypto_key = gcp.kms.CryptoKeyIAMMember(\"crypto_key\",\n crypto_key_id=crypto_key_crypto_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-edgecontainer.iam.gserviceaccount.com\")\ndefault = gcp.edgecontainer.NodePool(\"default\",\n name=\"nodepool-1\",\n cluster=cluster.name,\n location=\"us-central1\",\n node_location=\"us-central1-edge-example-edgesite\",\n node_count=3,\n local_disk_encryption={\n \"kms_key\": crypto_key_crypto_key.id,\n },\n opts = pulumi.ResourceOptions(depends_on=[crypto_key]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var cluster = new Gcp.EdgeContainer.Cluster(\"cluster\", new()\n {\n Name = \"default\",\n Location = \"us-central1\",\n Authorization = new Gcp.EdgeContainer.Inputs.ClusterAuthorizationArgs\n {\n AdminUsers = new Gcp.EdgeContainer.Inputs.ClusterAuthorizationAdminUsersArgs\n {\n Username = \"admin@hashicorptest.com\",\n },\n },\n Networking = new Gcp.EdgeContainer.Inputs.ClusterNetworkingArgs\n {\n ClusterIpv4CidrBlocks = new[]\n {\n \"10.0.0.0/16\",\n },\n ServicesIpv4CidrBlocks = new[]\n {\n \"10.1.0.0/16\",\n },\n },\n Fleet = new Gcp.EdgeContainer.Inputs.ClusterFleetArgs\n {\n Project = $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}\",\n },\n });\n\n var keyRing = new Gcp.Kms.KeyRing(\"key_ring\", new()\n {\n Name = \"keyring\",\n Location = \"us-central1\",\n });\n\n var cryptoKeyCryptoKey = new Gcp.Kms.CryptoKey(\"crypto_key\", new()\n {\n Name = \"key\",\n KeyRing = keyRing.Id,\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key\", new()\n {\n CryptoKeyId = cryptoKeyCryptoKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-edgecontainer.iam.gserviceaccount.com\",\n });\n\n var @default = new Gcp.EdgeContainer.NodePool(\"default\", new()\n {\n Name = \"nodepool-1\",\n Cluster = cluster.Name,\n Location = \"us-central1\",\n NodeLocation = \"us-central1-edge-example-edgesite\",\n NodeCount = 3,\n LocalDiskEncryption = new Gcp.EdgeContainer.Inputs.NodePoolLocalDiskEncryptionArgs\n {\n KmsKey = cryptoKeyCryptoKey.Id,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n cryptoKey,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/edgecontainer\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcluster, err := edgecontainer.NewCluster(ctx, \"cluster\", \u0026edgecontainer.ClusterArgs{\n\t\t\tName: pulumi.String(\"default\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tAuthorization: \u0026edgecontainer.ClusterAuthorizationArgs{\n\t\t\t\tAdminUsers: \u0026edgecontainer.ClusterAuthorizationAdminUsersArgs{\n\t\t\t\t\tUsername: pulumi.String(\"admin@hashicorptest.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworking: \u0026edgecontainer.ClusterNetworkingArgs{\n\t\t\t\tClusterIpv4CidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.0.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tServicesIpv4CidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.1.0.0/16\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tFleet: \u0026edgecontainer.ClusterFleetArgs{\n\t\t\t\tProject: pulumi.Sprintf(\"projects/%v\", project.Number),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkeyRing, err := kms.NewKeyRing(ctx, \"key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKeyCryptoKey, err := kms.NewCryptoKey(ctx, \"crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"key\"),\n\t\t\tKeyRing: keyRing.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKeyIAMMember(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: cryptoKeyCryptoKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-edgecontainer.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = edgecontainer.NewNodePool(ctx, \"default\", \u0026edgecontainer.NodePoolArgs{\n\t\t\tName: pulumi.String(\"nodepool-1\"),\n\t\t\tCluster: cluster.Name,\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tNodeLocation: pulumi.String(\"us-central1-edge-example-edgesite\"),\n\t\t\tNodeCount: pulumi.Int(3),\n\t\t\tLocalDiskEncryption: \u0026edgecontainer.NodePoolLocalDiskEncryptionArgs{\n\t\t\t\tKmsKey: cryptoKeyCryptoKey.ID(),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcryptoKey,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.edgecontainer.Cluster;\nimport com.pulumi.gcp.edgecontainer.ClusterArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterAuthorizationArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterAuthorizationAdminUsersArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterNetworkingArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterFleetArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.edgecontainer.NodePool;\nimport com.pulumi.gcp.edgecontainer.NodePoolArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.NodePoolLocalDiskEncryptionArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var cluster = new Cluster(\"cluster\", ClusterArgs.builder()\n .name(\"default\")\n .location(\"us-central1\")\n .authorization(ClusterAuthorizationArgs.builder()\n .adminUsers(ClusterAuthorizationAdminUsersArgs.builder()\n .username(\"admin@hashicorptest.com\")\n .build())\n .build())\n .networking(ClusterNetworkingArgs.builder()\n .clusterIpv4CidrBlocks(\"10.0.0.0/16\")\n .servicesIpv4CidrBlocks(\"10.1.0.0/16\")\n .build())\n .fleet(ClusterFleetArgs.builder()\n .project(String.format(\"projects/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build())\n .build());\n\n var keyRing = new KeyRing(\"keyRing\", KeyRingArgs.builder()\n .name(\"keyring\")\n .location(\"us-central1\")\n .build());\n\n var cryptoKeyCryptoKey = new CryptoKey(\"cryptoKeyCryptoKey\", CryptoKeyArgs.builder()\n .name(\"key\")\n .keyRing(keyRing.id())\n .build());\n\n var cryptoKey = new CryptoKeyIAMMember(\"cryptoKey\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(cryptoKeyCryptoKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-edgecontainer.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var default_ = new NodePool(\"default\", NodePoolArgs.builder()\n .name(\"nodepool-1\")\n .cluster(cluster.name())\n .location(\"us-central1\")\n .nodeLocation(\"us-central1-edge-example-edgesite\")\n .nodeCount(3)\n .localDiskEncryption(NodePoolLocalDiskEncryptionArgs.builder()\n .kmsKey(cryptoKeyCryptoKey.id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(cryptoKey)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cluster:\n type: gcp:edgecontainer:Cluster\n properties:\n name: default\n location: us-central1\n authorization:\n adminUsers:\n username: admin@hashicorptest.com\n networking:\n clusterIpv4CidrBlocks:\n - 10.0.0.0/16\n servicesIpv4CidrBlocks:\n - 10.1.0.0/16\n fleet:\n project: projects/${project.number}\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key\n properties:\n cryptoKeyId: ${cryptoKeyCryptoKey.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:service-${project.number}@gcp-sa-edgecontainer.iam.gserviceaccount.com\n cryptoKeyCryptoKey:\n type: gcp:kms:CryptoKey\n name: crypto_key\n properties:\n name: key\n keyRing: ${keyRing.id}\n keyRing:\n type: gcp:kms:KeyRing\n name: key_ring\n properties:\n name: keyring\n location: us-central1\n default:\n type: gcp:edgecontainer:NodePool\n properties:\n name: nodepool-1\n cluster: ${cluster.name}\n location: us-central1\n nodeLocation: us-central1-edge-example-edgesite\n nodeCount: 3\n localDiskEncryption:\n kmsKey: ${cryptoKeyCryptoKey.id}\n options:\n dependson:\n - ${cryptoKey}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Edgecontainer Local Control Plane Node Pool\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst _default = new gcp.edgecontainer.Cluster(\"default\", {\n name: \"\",\n location: \"us-central1\",\n authorization: {\n adminUsers: {\n username: \"admin@hashicorptest.com\",\n },\n },\n networking: {\n clusterIpv4CidrBlocks: [\"10.0.0.0/16\"],\n servicesIpv4CidrBlocks: [\"10.1.0.0/16\"],\n },\n fleet: {\n project: project.then(project =\u003e `projects/${project.number}`),\n },\n externalLoadBalancerIpv4AddressPools: [\"10.100.0.0-10.100.0.10\"],\n controlPlane: {\n local: {\n nodeLocation: \"us-central1-edge-example-edgesite\",\n nodeCount: 1,\n machineFilter: \"machine-name\",\n sharedDeploymentPolicy: \"ALLOWED\",\n },\n },\n});\nconst defaultNodePool = new gcp.edgecontainer.NodePool(\"default\", {\n name: \"nodepool-1\",\n cluster: cluster.name,\n location: \"us-central1\",\n nodeLocation: \"us-central1-edge-example-edgesite\",\n nodeCount: 3,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ndefault = gcp.edgecontainer.Cluster(\"default\",\n name=\"\",\n location=\"us-central1\",\n authorization={\n \"admin_users\": {\n \"username\": \"admin@hashicorptest.com\",\n },\n },\n networking={\n \"cluster_ipv4_cidr_blocks\": [\"10.0.0.0/16\"],\n \"services_ipv4_cidr_blocks\": [\"10.1.0.0/16\"],\n },\n fleet={\n \"project\": f\"projects/{project.number}\",\n },\n external_load_balancer_ipv4_address_pools=[\"10.100.0.0-10.100.0.10\"],\n control_plane={\n \"local\": {\n \"node_location\": \"us-central1-edge-example-edgesite\",\n \"node_count\": 1,\n \"machine_filter\": \"machine-name\",\n \"shared_deployment_policy\": \"ALLOWED\",\n },\n })\ndefault_node_pool = gcp.edgecontainer.NodePool(\"default\",\n name=\"nodepool-1\",\n cluster=cluster[\"name\"],\n location=\"us-central1\",\n node_location=\"us-central1-edge-example-edgesite\",\n node_count=3)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var @default = new Gcp.EdgeContainer.Cluster(\"default\", new()\n {\n Name = \"\",\n Location = \"us-central1\",\n Authorization = new Gcp.EdgeContainer.Inputs.ClusterAuthorizationArgs\n {\n AdminUsers = new Gcp.EdgeContainer.Inputs.ClusterAuthorizationAdminUsersArgs\n {\n Username = \"admin@hashicorptest.com\",\n },\n },\n Networking = new Gcp.EdgeContainer.Inputs.ClusterNetworkingArgs\n {\n ClusterIpv4CidrBlocks = new[]\n {\n \"10.0.0.0/16\",\n },\n ServicesIpv4CidrBlocks = new[]\n {\n \"10.1.0.0/16\",\n },\n },\n Fleet = new Gcp.EdgeContainer.Inputs.ClusterFleetArgs\n {\n Project = $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}\",\n },\n ExternalLoadBalancerIpv4AddressPools = new[]\n {\n \"10.100.0.0-10.100.0.10\",\n },\n ControlPlane = new Gcp.EdgeContainer.Inputs.ClusterControlPlaneArgs\n {\n Local = new Gcp.EdgeContainer.Inputs.ClusterControlPlaneLocalArgs\n {\n NodeLocation = \"us-central1-edge-example-edgesite\",\n NodeCount = 1,\n MachineFilter = \"machine-name\",\n SharedDeploymentPolicy = \"ALLOWED\",\n },\n },\n });\n\n var defaultNodePool = new Gcp.EdgeContainer.NodePool(\"default\", new()\n {\n Name = \"nodepool-1\",\n Cluster = cluster.Name,\n Location = \"us-central1\",\n NodeLocation = \"us-central1-edge-example-edgesite\",\n NodeCount = 3,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/edgecontainer\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = edgecontainer.NewCluster(ctx, \"default\", \u0026edgecontainer.ClusterArgs{\n\t\t\tName: pulumi.String(\"\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tAuthorization: \u0026edgecontainer.ClusterAuthorizationArgs{\n\t\t\t\tAdminUsers: \u0026edgecontainer.ClusterAuthorizationAdminUsersArgs{\n\t\t\t\t\tUsername: pulumi.String(\"admin@hashicorptest.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworking: \u0026edgecontainer.ClusterNetworkingArgs{\n\t\t\t\tClusterIpv4CidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.0.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tServicesIpv4CidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.1.0.0/16\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tFleet: \u0026edgecontainer.ClusterFleetArgs{\n\t\t\t\tProject: pulumi.Sprintf(\"projects/%v\", project.Number),\n\t\t\t},\n\t\t\tExternalLoadBalancerIpv4AddressPools: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"10.100.0.0-10.100.0.10\"),\n\t\t\t},\n\t\t\tControlPlane: \u0026edgecontainer.ClusterControlPlaneArgs{\n\t\t\t\tLocal: \u0026edgecontainer.ClusterControlPlaneLocalArgs{\n\t\t\t\t\tNodeLocation: pulumi.String(\"us-central1-edge-example-edgesite\"),\n\t\t\t\t\tNodeCount: pulumi.Int(1),\n\t\t\t\t\tMachineFilter: pulumi.String(\"machine-name\"),\n\t\t\t\t\tSharedDeploymentPolicy: pulumi.String(\"ALLOWED\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = edgecontainer.NewNodePool(ctx, \"default\", \u0026edgecontainer.NodePoolArgs{\n\t\t\tName: pulumi.String(\"nodepool-1\"),\n\t\t\tCluster: pulumi.Any(cluster.Name),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tNodeLocation: pulumi.String(\"us-central1-edge-example-edgesite\"),\n\t\t\tNodeCount: pulumi.Int(3),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.edgecontainer.Cluster;\nimport com.pulumi.gcp.edgecontainer.ClusterArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterAuthorizationArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterAuthorizationAdminUsersArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterNetworkingArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterFleetArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterControlPlaneArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterControlPlaneLocalArgs;\nimport com.pulumi.gcp.edgecontainer.NodePool;\nimport com.pulumi.gcp.edgecontainer.NodePoolArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var default_ = new Cluster(\"default\", ClusterArgs.builder()\n .name(\"\")\n .location(\"us-central1\")\n .authorization(ClusterAuthorizationArgs.builder()\n .adminUsers(ClusterAuthorizationAdminUsersArgs.builder()\n .username(\"admin@hashicorptest.com\")\n .build())\n .build())\n .networking(ClusterNetworkingArgs.builder()\n .clusterIpv4CidrBlocks(\"10.0.0.0/16\")\n .servicesIpv4CidrBlocks(\"10.1.0.0/16\")\n .build())\n .fleet(ClusterFleetArgs.builder()\n .project(String.format(\"projects/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build())\n .externalLoadBalancerIpv4AddressPools(\"10.100.0.0-10.100.0.10\")\n .controlPlane(ClusterControlPlaneArgs.builder()\n .local(ClusterControlPlaneLocalArgs.builder()\n .nodeLocation(\"us-central1-edge-example-edgesite\")\n .nodeCount(1)\n .machineFilter(\"machine-name\")\n .sharedDeploymentPolicy(\"ALLOWED\")\n .build())\n .build())\n .build());\n\n var defaultNodePool = new NodePool(\"defaultNodePool\", NodePoolArgs.builder()\n .name(\"nodepool-1\")\n .cluster(cluster.name())\n .location(\"us-central1\")\n .nodeLocation(\"us-central1-edge-example-edgesite\")\n .nodeCount(3)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:edgecontainer:Cluster\n properties:\n name:\n location: us-central1\n authorization:\n adminUsers:\n username: admin@hashicorptest.com\n networking:\n clusterIpv4CidrBlocks:\n - 10.0.0.0/16\n servicesIpv4CidrBlocks:\n - 10.1.0.0/16\n fleet:\n project: projects/${project.number}\n externalLoadBalancerIpv4AddressPools:\n - 10.100.0.0-10.100.0.10\n controlPlane:\n local:\n nodeLocation: us-central1-edge-example-edgesite\n nodeCount: 1\n machineFilter: machine-name\n sharedDeploymentPolicy: ALLOWED\n defaultNodePool:\n type: gcp:edgecontainer:NodePool\n name: default\n properties:\n name: nodepool-1\n cluster: ${cluster.name}\n location: us-central1\n nodeLocation: us-central1-edge-example-edgesite\n nodeCount: 3\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nNodePool can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/clusters/{{cluster}}/nodePools/{{name}}`\n\n* `{{project}}/{{location}}/{{cluster}}/{{name}}`\n\n* `{{location}}/{{cluster}}/{{name}}`\n\nWhen using the `pulumi import` command, NodePool can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:edgecontainer/nodePool:NodePool default projects/{{project}}/locations/{{location}}/clusters/{{cluster}}/nodePools/{{name}}\n```\n\n```sh\n$ pulumi import gcp:edgecontainer/nodePool:NodePool default {{project}}/{{location}}/{{cluster}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:edgecontainer/nodePool:NodePool default {{location}}/{{cluster}}/{{name}}\n```\n\n", + "description": "\"A set of Kubernetes nodes in a cluster with common configuration and specification.\"\n\n\nTo get more information about NodePool, see:\n\n* [API documentation](https://cloud.google.com/distributed-cloud/edge/latest/docs/reference/container/rest/v1/projects.locations.clusters.nodePools)\n* How-to Guides\n * [Google Distributed Cloud Edge](https://cloud.google.com/distributed-cloud/edge/latest/docs)\n\n## Example Usage\n\n### Edgecontainer Node Pool\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst cluster = new gcp.edgecontainer.Cluster(\"cluster\", {\n name: \"default\",\n location: \"us-central1\",\n authorization: {\n adminUsers: {\n username: \"admin@hashicorptest.com\",\n },\n },\n networking: {\n clusterIpv4CidrBlocks: [\"10.0.0.0/16\"],\n servicesIpv4CidrBlocks: [\"10.1.0.0/16\"],\n },\n fleet: {\n project: project.then(project =\u003e `projects/${project.number}`),\n },\n});\nconst _default = new gcp.edgecontainer.NodePool(\"default\", {\n name: \"nodepool-1\",\n cluster: cluster.name,\n location: \"us-central1\",\n nodeLocation: \"us-central1-edge-example-edgesite\",\n nodeCount: 3,\n labels: {\n my_key: \"my_val\",\n other_key: \"other_val\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ncluster = gcp.edgecontainer.Cluster(\"cluster\",\n name=\"default\",\n location=\"us-central1\",\n authorization={\n \"admin_users\": {\n \"username\": \"admin@hashicorptest.com\",\n },\n },\n networking={\n \"cluster_ipv4_cidr_blocks\": [\"10.0.0.0/16\"],\n \"services_ipv4_cidr_blocks\": [\"10.1.0.0/16\"],\n },\n fleet={\n \"project\": f\"projects/{project.number}\",\n })\ndefault = gcp.edgecontainer.NodePool(\"default\",\n name=\"nodepool-1\",\n cluster=cluster.name,\n location=\"us-central1\",\n node_location=\"us-central1-edge-example-edgesite\",\n node_count=3,\n labels={\n \"my_key\": \"my_val\",\n \"other_key\": \"other_val\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var cluster = new Gcp.EdgeContainer.Cluster(\"cluster\", new()\n {\n Name = \"default\",\n Location = \"us-central1\",\n Authorization = new Gcp.EdgeContainer.Inputs.ClusterAuthorizationArgs\n {\n AdminUsers = new Gcp.EdgeContainer.Inputs.ClusterAuthorizationAdminUsersArgs\n {\n Username = \"admin@hashicorptest.com\",\n },\n },\n Networking = new Gcp.EdgeContainer.Inputs.ClusterNetworkingArgs\n {\n ClusterIpv4CidrBlocks = new[]\n {\n \"10.0.0.0/16\",\n },\n ServicesIpv4CidrBlocks = new[]\n {\n \"10.1.0.0/16\",\n },\n },\n Fleet = new Gcp.EdgeContainer.Inputs.ClusterFleetArgs\n {\n Project = $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}\",\n },\n });\n\n var @default = new Gcp.EdgeContainer.NodePool(\"default\", new()\n {\n Name = \"nodepool-1\",\n Cluster = cluster.Name,\n Location = \"us-central1\",\n NodeLocation = \"us-central1-edge-example-edgesite\",\n NodeCount = 3,\n Labels = \n {\n { \"my_key\", \"my_val\" },\n { \"other_key\", \"other_val\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/edgecontainer\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcluster, err := edgecontainer.NewCluster(ctx, \"cluster\", \u0026edgecontainer.ClusterArgs{\n\t\t\tName: pulumi.String(\"default\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tAuthorization: \u0026edgecontainer.ClusterAuthorizationArgs{\n\t\t\t\tAdminUsers: \u0026edgecontainer.ClusterAuthorizationAdminUsersArgs{\n\t\t\t\t\tUsername: pulumi.String(\"admin@hashicorptest.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworking: \u0026edgecontainer.ClusterNetworkingArgs{\n\t\t\t\tClusterIpv4CidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.0.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tServicesIpv4CidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.1.0.0/16\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tFleet: \u0026edgecontainer.ClusterFleetArgs{\n\t\t\t\tProject: pulumi.Sprintf(\"projects/%v\", project.Number),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = edgecontainer.NewNodePool(ctx, \"default\", \u0026edgecontainer.NodePoolArgs{\n\t\t\tName: pulumi.String(\"nodepool-1\"),\n\t\t\tCluster: cluster.Name,\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tNodeLocation: pulumi.String(\"us-central1-edge-example-edgesite\"),\n\t\t\tNodeCount: pulumi.Int(3),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"my_key\": pulumi.String(\"my_val\"),\n\t\t\t\t\"other_key\": pulumi.String(\"other_val\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.edgecontainer.Cluster;\nimport com.pulumi.gcp.edgecontainer.ClusterArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterAuthorizationArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterAuthorizationAdminUsersArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterNetworkingArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterFleetArgs;\nimport com.pulumi.gcp.edgecontainer.NodePool;\nimport com.pulumi.gcp.edgecontainer.NodePoolArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var cluster = new Cluster(\"cluster\", ClusterArgs.builder()\n .name(\"default\")\n .location(\"us-central1\")\n .authorization(ClusterAuthorizationArgs.builder()\n .adminUsers(ClusterAuthorizationAdminUsersArgs.builder()\n .username(\"admin@hashicorptest.com\")\n .build())\n .build())\n .networking(ClusterNetworkingArgs.builder()\n .clusterIpv4CidrBlocks(\"10.0.0.0/16\")\n .servicesIpv4CidrBlocks(\"10.1.0.0/16\")\n .build())\n .fleet(ClusterFleetArgs.builder()\n .project(String.format(\"projects/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build())\n .build());\n\n var default_ = new NodePool(\"default\", NodePoolArgs.builder()\n .name(\"nodepool-1\")\n .cluster(cluster.name())\n .location(\"us-central1\")\n .nodeLocation(\"us-central1-edge-example-edgesite\")\n .nodeCount(3)\n .labels(Map.ofEntries(\n Map.entry(\"my_key\", \"my_val\"),\n Map.entry(\"other_key\", \"other_val\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cluster:\n type: gcp:edgecontainer:Cluster\n properties:\n name: default\n location: us-central1\n authorization:\n adminUsers:\n username: admin@hashicorptest.com\n networking:\n clusterIpv4CidrBlocks:\n - 10.0.0.0/16\n servicesIpv4CidrBlocks:\n - 10.1.0.0/16\n fleet:\n project: projects/${project.number}\n default:\n type: gcp:edgecontainer:NodePool\n properties:\n name: nodepool-1\n cluster: ${cluster.name}\n location: us-central1\n nodeLocation: us-central1-edge-example-edgesite\n nodeCount: 3\n labels:\n my_key: my_val\n other_key: other_val\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Edgecontainer Node Pool With Cmek\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst cluster = new gcp.edgecontainer.Cluster(\"cluster\", {\n name: \"default\",\n location: \"us-central1\",\n authorization: {\n adminUsers: {\n username: \"admin@hashicorptest.com\",\n },\n },\n networking: {\n clusterIpv4CidrBlocks: [\"10.0.0.0/16\"],\n servicesIpv4CidrBlocks: [\"10.1.0.0/16\"],\n },\n fleet: {\n project: project.then(project =\u003e `projects/${project.number}`),\n },\n});\nconst keyRing = new gcp.kms.KeyRing(\"key_ring\", {\n name: \"keyring\",\n location: \"us-central1\",\n});\nconst cryptoKeyCryptoKey = new gcp.kms.CryptoKey(\"crypto_key\", {\n name: \"key\",\n keyRing: keyRing.id,\n});\nconst cryptoKey = new gcp.kms.CryptoKeyIAMMember(\"crypto_key\", {\n cryptoKeyId: cryptoKeyCryptoKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-edgecontainer.iam.gserviceaccount.com`),\n});\nconst _default = new gcp.edgecontainer.NodePool(\"default\", {\n name: \"nodepool-1\",\n cluster: cluster.name,\n location: \"us-central1\",\n nodeLocation: \"us-central1-edge-example-edgesite\",\n nodeCount: 3,\n localDiskEncryption: {\n kmsKey: cryptoKeyCryptoKey.id,\n },\n}, {\n dependsOn: [cryptoKey],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ncluster = gcp.edgecontainer.Cluster(\"cluster\",\n name=\"default\",\n location=\"us-central1\",\n authorization={\n \"admin_users\": {\n \"username\": \"admin@hashicorptest.com\",\n },\n },\n networking={\n \"cluster_ipv4_cidr_blocks\": [\"10.0.0.0/16\"],\n \"services_ipv4_cidr_blocks\": [\"10.1.0.0/16\"],\n },\n fleet={\n \"project\": f\"projects/{project.number}\",\n })\nkey_ring = gcp.kms.KeyRing(\"key_ring\",\n name=\"keyring\",\n location=\"us-central1\")\ncrypto_key_crypto_key = gcp.kms.CryptoKey(\"crypto_key\",\n name=\"key\",\n key_ring=key_ring.id)\ncrypto_key = gcp.kms.CryptoKeyIAMMember(\"crypto_key\",\n crypto_key_id=crypto_key_crypto_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-edgecontainer.iam.gserviceaccount.com\")\ndefault = gcp.edgecontainer.NodePool(\"default\",\n name=\"nodepool-1\",\n cluster=cluster.name,\n location=\"us-central1\",\n node_location=\"us-central1-edge-example-edgesite\",\n node_count=3,\n local_disk_encryption={\n \"kms_key\": crypto_key_crypto_key.id,\n },\n opts = pulumi.ResourceOptions(depends_on=[crypto_key]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var cluster = new Gcp.EdgeContainer.Cluster(\"cluster\", new()\n {\n Name = \"default\",\n Location = \"us-central1\",\n Authorization = new Gcp.EdgeContainer.Inputs.ClusterAuthorizationArgs\n {\n AdminUsers = new Gcp.EdgeContainer.Inputs.ClusterAuthorizationAdminUsersArgs\n {\n Username = \"admin@hashicorptest.com\",\n },\n },\n Networking = new Gcp.EdgeContainer.Inputs.ClusterNetworkingArgs\n {\n ClusterIpv4CidrBlocks = new[]\n {\n \"10.0.0.0/16\",\n },\n ServicesIpv4CidrBlocks = new[]\n {\n \"10.1.0.0/16\",\n },\n },\n Fleet = new Gcp.EdgeContainer.Inputs.ClusterFleetArgs\n {\n Project = $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}\",\n },\n });\n\n var keyRing = new Gcp.Kms.KeyRing(\"key_ring\", new()\n {\n Name = \"keyring\",\n Location = \"us-central1\",\n });\n\n var cryptoKeyCryptoKey = new Gcp.Kms.CryptoKey(\"crypto_key\", new()\n {\n Name = \"key\",\n KeyRing = keyRing.Id,\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key\", new()\n {\n CryptoKeyId = cryptoKeyCryptoKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-edgecontainer.iam.gserviceaccount.com\",\n });\n\n var @default = new Gcp.EdgeContainer.NodePool(\"default\", new()\n {\n Name = \"nodepool-1\",\n Cluster = cluster.Name,\n Location = \"us-central1\",\n NodeLocation = \"us-central1-edge-example-edgesite\",\n NodeCount = 3,\n LocalDiskEncryption = new Gcp.EdgeContainer.Inputs.NodePoolLocalDiskEncryptionArgs\n {\n KmsKey = cryptoKeyCryptoKey.Id,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n cryptoKey,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/edgecontainer\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcluster, err := edgecontainer.NewCluster(ctx, \"cluster\", \u0026edgecontainer.ClusterArgs{\n\t\t\tName: pulumi.String(\"default\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tAuthorization: \u0026edgecontainer.ClusterAuthorizationArgs{\n\t\t\t\tAdminUsers: \u0026edgecontainer.ClusterAuthorizationAdminUsersArgs{\n\t\t\t\t\tUsername: pulumi.String(\"admin@hashicorptest.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworking: \u0026edgecontainer.ClusterNetworkingArgs{\n\t\t\t\tClusterIpv4CidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.0.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tServicesIpv4CidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.1.0.0/16\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tFleet: \u0026edgecontainer.ClusterFleetArgs{\n\t\t\t\tProject: pulumi.Sprintf(\"projects/%v\", project.Number),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkeyRing, err := kms.NewKeyRing(ctx, \"key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKeyCryptoKey, err := kms.NewCryptoKey(ctx, \"crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"key\"),\n\t\t\tKeyRing: keyRing.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKeyIAMMember(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: cryptoKeyCryptoKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-edgecontainer.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = edgecontainer.NewNodePool(ctx, \"default\", \u0026edgecontainer.NodePoolArgs{\n\t\t\tName: pulumi.String(\"nodepool-1\"),\n\t\t\tCluster: cluster.Name,\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tNodeLocation: pulumi.String(\"us-central1-edge-example-edgesite\"),\n\t\t\tNodeCount: pulumi.Int(3),\n\t\t\tLocalDiskEncryption: \u0026edgecontainer.NodePoolLocalDiskEncryptionArgs{\n\t\t\t\tKmsKey: cryptoKeyCryptoKey.ID(),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcryptoKey,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.edgecontainer.Cluster;\nimport com.pulumi.gcp.edgecontainer.ClusterArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterAuthorizationArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterAuthorizationAdminUsersArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterNetworkingArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterFleetArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.edgecontainer.NodePool;\nimport com.pulumi.gcp.edgecontainer.NodePoolArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.NodePoolLocalDiskEncryptionArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var cluster = new Cluster(\"cluster\", ClusterArgs.builder()\n .name(\"default\")\n .location(\"us-central1\")\n .authorization(ClusterAuthorizationArgs.builder()\n .adminUsers(ClusterAuthorizationAdminUsersArgs.builder()\n .username(\"admin@hashicorptest.com\")\n .build())\n .build())\n .networking(ClusterNetworkingArgs.builder()\n .clusterIpv4CidrBlocks(\"10.0.0.0/16\")\n .servicesIpv4CidrBlocks(\"10.1.0.0/16\")\n .build())\n .fleet(ClusterFleetArgs.builder()\n .project(String.format(\"projects/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build())\n .build());\n\n var keyRing = new KeyRing(\"keyRing\", KeyRingArgs.builder()\n .name(\"keyring\")\n .location(\"us-central1\")\n .build());\n\n var cryptoKeyCryptoKey = new CryptoKey(\"cryptoKeyCryptoKey\", CryptoKeyArgs.builder()\n .name(\"key\")\n .keyRing(keyRing.id())\n .build());\n\n var cryptoKey = new CryptoKeyIAMMember(\"cryptoKey\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(cryptoKeyCryptoKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-edgecontainer.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var default_ = new NodePool(\"default\", NodePoolArgs.builder()\n .name(\"nodepool-1\")\n .cluster(cluster.name())\n .location(\"us-central1\")\n .nodeLocation(\"us-central1-edge-example-edgesite\")\n .nodeCount(3)\n .localDiskEncryption(NodePoolLocalDiskEncryptionArgs.builder()\n .kmsKey(cryptoKeyCryptoKey.id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(cryptoKey)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cluster:\n type: gcp:edgecontainer:Cluster\n properties:\n name: default\n location: us-central1\n authorization:\n adminUsers:\n username: admin@hashicorptest.com\n networking:\n clusterIpv4CidrBlocks:\n - 10.0.0.0/16\n servicesIpv4CidrBlocks:\n - 10.1.0.0/16\n fleet:\n project: projects/${project.number}\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key\n properties:\n cryptoKeyId: ${cryptoKeyCryptoKey.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:service-${project.number}@gcp-sa-edgecontainer.iam.gserviceaccount.com\n cryptoKeyCryptoKey:\n type: gcp:kms:CryptoKey\n name: crypto_key\n properties:\n name: key\n keyRing: ${keyRing.id}\n keyRing:\n type: gcp:kms:KeyRing\n name: key_ring\n properties:\n name: keyring\n location: us-central1\n default:\n type: gcp:edgecontainer:NodePool\n properties:\n name: nodepool-1\n cluster: ${cluster.name}\n location: us-central1\n nodeLocation: us-central1-edge-example-edgesite\n nodeCount: 3\n localDiskEncryption:\n kmsKey: ${cryptoKeyCryptoKey.id}\n options:\n dependsOn:\n - ${cryptoKey}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Edgecontainer Local Control Plane Node Pool\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst _default = new gcp.edgecontainer.Cluster(\"default\", {\n name: \"\",\n location: \"us-central1\",\n authorization: {\n adminUsers: {\n username: \"admin@hashicorptest.com\",\n },\n },\n networking: {\n clusterIpv4CidrBlocks: [\"10.0.0.0/16\"],\n servicesIpv4CidrBlocks: [\"10.1.0.0/16\"],\n },\n fleet: {\n project: project.then(project =\u003e `projects/${project.number}`),\n },\n externalLoadBalancerIpv4AddressPools: [\"10.100.0.0-10.100.0.10\"],\n controlPlane: {\n local: {\n nodeLocation: \"us-central1-edge-example-edgesite\",\n nodeCount: 1,\n machineFilter: \"machine-name\",\n sharedDeploymentPolicy: \"ALLOWED\",\n },\n },\n});\nconst defaultNodePool = new gcp.edgecontainer.NodePool(\"default\", {\n name: \"nodepool-1\",\n cluster: cluster.name,\n location: \"us-central1\",\n nodeLocation: \"us-central1-edge-example-edgesite\",\n nodeCount: 3,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ndefault = gcp.edgecontainer.Cluster(\"default\",\n name=\"\",\n location=\"us-central1\",\n authorization={\n \"admin_users\": {\n \"username\": \"admin@hashicorptest.com\",\n },\n },\n networking={\n \"cluster_ipv4_cidr_blocks\": [\"10.0.0.0/16\"],\n \"services_ipv4_cidr_blocks\": [\"10.1.0.0/16\"],\n },\n fleet={\n \"project\": f\"projects/{project.number}\",\n },\n external_load_balancer_ipv4_address_pools=[\"10.100.0.0-10.100.0.10\"],\n control_plane={\n \"local\": {\n \"node_location\": \"us-central1-edge-example-edgesite\",\n \"node_count\": 1,\n \"machine_filter\": \"machine-name\",\n \"shared_deployment_policy\": \"ALLOWED\",\n },\n })\ndefault_node_pool = gcp.edgecontainer.NodePool(\"default\",\n name=\"nodepool-1\",\n cluster=cluster[\"name\"],\n location=\"us-central1\",\n node_location=\"us-central1-edge-example-edgesite\",\n node_count=3)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var @default = new Gcp.EdgeContainer.Cluster(\"default\", new()\n {\n Name = \"\",\n Location = \"us-central1\",\n Authorization = new Gcp.EdgeContainer.Inputs.ClusterAuthorizationArgs\n {\n AdminUsers = new Gcp.EdgeContainer.Inputs.ClusterAuthorizationAdminUsersArgs\n {\n Username = \"admin@hashicorptest.com\",\n },\n },\n Networking = new Gcp.EdgeContainer.Inputs.ClusterNetworkingArgs\n {\n ClusterIpv4CidrBlocks = new[]\n {\n \"10.0.0.0/16\",\n },\n ServicesIpv4CidrBlocks = new[]\n {\n \"10.1.0.0/16\",\n },\n },\n Fleet = new Gcp.EdgeContainer.Inputs.ClusterFleetArgs\n {\n Project = $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}\",\n },\n ExternalLoadBalancerIpv4AddressPools = new[]\n {\n \"10.100.0.0-10.100.0.10\",\n },\n ControlPlane = new Gcp.EdgeContainer.Inputs.ClusterControlPlaneArgs\n {\n Local = new Gcp.EdgeContainer.Inputs.ClusterControlPlaneLocalArgs\n {\n NodeLocation = \"us-central1-edge-example-edgesite\",\n NodeCount = 1,\n MachineFilter = \"machine-name\",\n SharedDeploymentPolicy = \"ALLOWED\",\n },\n },\n });\n\n var defaultNodePool = new Gcp.EdgeContainer.NodePool(\"default\", new()\n {\n Name = \"nodepool-1\",\n Cluster = cluster.Name,\n Location = \"us-central1\",\n NodeLocation = \"us-central1-edge-example-edgesite\",\n NodeCount = 3,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/edgecontainer\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = edgecontainer.NewCluster(ctx, \"default\", \u0026edgecontainer.ClusterArgs{\n\t\t\tName: pulumi.String(\"\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tAuthorization: \u0026edgecontainer.ClusterAuthorizationArgs{\n\t\t\t\tAdminUsers: \u0026edgecontainer.ClusterAuthorizationAdminUsersArgs{\n\t\t\t\t\tUsername: pulumi.String(\"admin@hashicorptest.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworking: \u0026edgecontainer.ClusterNetworkingArgs{\n\t\t\t\tClusterIpv4CidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.0.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tServicesIpv4CidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.1.0.0/16\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tFleet: \u0026edgecontainer.ClusterFleetArgs{\n\t\t\t\tProject: pulumi.Sprintf(\"projects/%v\", project.Number),\n\t\t\t},\n\t\t\tExternalLoadBalancerIpv4AddressPools: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"10.100.0.0-10.100.0.10\"),\n\t\t\t},\n\t\t\tControlPlane: \u0026edgecontainer.ClusterControlPlaneArgs{\n\t\t\t\tLocal: \u0026edgecontainer.ClusterControlPlaneLocalArgs{\n\t\t\t\t\tNodeLocation: pulumi.String(\"us-central1-edge-example-edgesite\"),\n\t\t\t\t\tNodeCount: pulumi.Int(1),\n\t\t\t\t\tMachineFilter: pulumi.String(\"machine-name\"),\n\t\t\t\t\tSharedDeploymentPolicy: pulumi.String(\"ALLOWED\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = edgecontainer.NewNodePool(ctx, \"default\", \u0026edgecontainer.NodePoolArgs{\n\t\t\tName: pulumi.String(\"nodepool-1\"),\n\t\t\tCluster: pulumi.Any(cluster.Name),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tNodeLocation: pulumi.String(\"us-central1-edge-example-edgesite\"),\n\t\t\tNodeCount: pulumi.Int(3),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.edgecontainer.Cluster;\nimport com.pulumi.gcp.edgecontainer.ClusterArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterAuthorizationArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterAuthorizationAdminUsersArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterNetworkingArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterFleetArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterControlPlaneArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterControlPlaneLocalArgs;\nimport com.pulumi.gcp.edgecontainer.NodePool;\nimport com.pulumi.gcp.edgecontainer.NodePoolArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var default_ = new Cluster(\"default\", ClusterArgs.builder()\n .name(\"\")\n .location(\"us-central1\")\n .authorization(ClusterAuthorizationArgs.builder()\n .adminUsers(ClusterAuthorizationAdminUsersArgs.builder()\n .username(\"admin@hashicorptest.com\")\n .build())\n .build())\n .networking(ClusterNetworkingArgs.builder()\n .clusterIpv4CidrBlocks(\"10.0.0.0/16\")\n .servicesIpv4CidrBlocks(\"10.1.0.0/16\")\n .build())\n .fleet(ClusterFleetArgs.builder()\n .project(String.format(\"projects/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build())\n .externalLoadBalancerIpv4AddressPools(\"10.100.0.0-10.100.0.10\")\n .controlPlane(ClusterControlPlaneArgs.builder()\n .local(ClusterControlPlaneLocalArgs.builder()\n .nodeLocation(\"us-central1-edge-example-edgesite\")\n .nodeCount(1)\n .machineFilter(\"machine-name\")\n .sharedDeploymentPolicy(\"ALLOWED\")\n .build())\n .build())\n .build());\n\n var defaultNodePool = new NodePool(\"defaultNodePool\", NodePoolArgs.builder()\n .name(\"nodepool-1\")\n .cluster(cluster.name())\n .location(\"us-central1\")\n .nodeLocation(\"us-central1-edge-example-edgesite\")\n .nodeCount(3)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:edgecontainer:Cluster\n properties:\n name: \"\"\n location: us-central1\n authorization:\n adminUsers:\n username: admin@hashicorptest.com\n networking:\n clusterIpv4CidrBlocks:\n - 10.0.0.0/16\n servicesIpv4CidrBlocks:\n - 10.1.0.0/16\n fleet:\n project: projects/${project.number}\n externalLoadBalancerIpv4AddressPools:\n - 10.100.0.0-10.100.0.10\n controlPlane:\n local:\n nodeLocation: us-central1-edge-example-edgesite\n nodeCount: 1\n machineFilter: machine-name\n sharedDeploymentPolicy: ALLOWED\n defaultNodePool:\n type: gcp:edgecontainer:NodePool\n name: default\n properties:\n name: nodepool-1\n cluster: ${cluster.name}\n location: us-central1\n nodeLocation: us-central1-edge-example-edgesite\n nodeCount: 3\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nNodePool can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/clusters/{{cluster}}/nodePools/{{name}}`\n\n* `{{project}}/{{location}}/{{cluster}}/{{name}}`\n\n* `{{location}}/{{cluster}}/{{name}}`\n\nWhen using the `pulumi import` command, NodePool can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:edgecontainer/nodePool:NodePool default projects/{{project}}/locations/{{location}}/clusters/{{cluster}}/nodePools/{{name}}\n```\n\n```sh\n$ pulumi import gcp:edgecontainer/nodePool:NodePool default {{project}}/{{location}}/{{cluster}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:edgecontainer/nodePool:NodePool default {{location}}/{{cluster}}/{{name}}\n```\n\n", "properties": { "cluster": { "type": "string", @@ -209365,7 +209365,7 @@ } }, "gcp:edgecontainer/vpnConnection:VpnConnection": { - "description": "A VPN connection\n\n\nTo get more information about VpnConnection, see:\n\n* [API documentation](https://cloud.google.com/distributed-cloud/edge/latest/docs/reference/container/rest/v1/projects.locations.vpnConnections)\n* How-to Guides\n * [Google Distributed Cloud Edge](https://cloud.google.com/distributed-cloud/edge/latest/docs)\n\n## Example Usage\n\n### Edgecontainer Vpn Connection\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst cluster = new gcp.edgecontainer.Cluster(\"cluster\", {\n name: \"default\",\n location: \"us-central1\",\n authorization: {\n adminUsers: {\n username: \"admin@hashicorptest.com\",\n },\n },\n networking: {\n clusterIpv4CidrBlocks: [\"10.0.0.0/16\"],\n servicesIpv4CidrBlocks: [\"10.1.0.0/16\"],\n },\n fleet: {\n project: project.then(project =\u003e `projects/${project.number}`),\n },\n});\nconst nodePool = new gcp.edgecontainer.NodePool(\"node_pool\", {\n name: \"nodepool-1\",\n cluster: cluster.name,\n location: \"us-central1\",\n nodeLocation: \"us-central1-edge-example-edgesite\",\n nodeCount: 3,\n});\nconst vpc = new gcp.compute.Network(\"vpc\", {name: \"example-vpc\"});\nconst _default = new gcp.edgecontainer.VpnConnection(\"default\", {\n name: \"vpn-connection-1\",\n location: \"us-central1\",\n cluster: pulumi.all([project, cluster.name]).apply(([project, name]) =\u003e `projects/${project.number}/locations/us-east1/clusters/${name}`),\n vpc: vpc.name,\n enableHighAvailability: true,\n labels: {\n my_key: \"my_val\",\n other_key: \"other_val\",\n },\n}, {\n dependsOn: [nodePool],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ncluster = gcp.edgecontainer.Cluster(\"cluster\",\n name=\"default\",\n location=\"us-central1\",\n authorization={\n \"admin_users\": {\n \"username\": \"admin@hashicorptest.com\",\n },\n },\n networking={\n \"cluster_ipv4_cidr_blocks\": [\"10.0.0.0/16\"],\n \"services_ipv4_cidr_blocks\": [\"10.1.0.0/16\"],\n },\n fleet={\n \"project\": f\"projects/{project.number}\",\n })\nnode_pool = gcp.edgecontainer.NodePool(\"node_pool\",\n name=\"nodepool-1\",\n cluster=cluster.name,\n location=\"us-central1\",\n node_location=\"us-central1-edge-example-edgesite\",\n node_count=3)\nvpc = gcp.compute.Network(\"vpc\", name=\"example-vpc\")\ndefault = gcp.edgecontainer.VpnConnection(\"default\",\n name=\"vpn-connection-1\",\n location=\"us-central1\",\n cluster=cluster.name.apply(lambda name: f\"projects/{project.number}/locations/us-east1/clusters/{name}\"),\n vpc=vpc.name,\n enable_high_availability=True,\n labels={\n \"my_key\": \"my_val\",\n \"other_key\": \"other_val\",\n },\n opts = pulumi.ResourceOptions(depends_on=[node_pool]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var cluster = new Gcp.EdgeContainer.Cluster(\"cluster\", new()\n {\n Name = \"default\",\n Location = \"us-central1\",\n Authorization = new Gcp.EdgeContainer.Inputs.ClusterAuthorizationArgs\n {\n AdminUsers = new Gcp.EdgeContainer.Inputs.ClusterAuthorizationAdminUsersArgs\n {\n Username = \"admin@hashicorptest.com\",\n },\n },\n Networking = new Gcp.EdgeContainer.Inputs.ClusterNetworkingArgs\n {\n ClusterIpv4CidrBlocks = new[]\n {\n \"10.0.0.0/16\",\n },\n ServicesIpv4CidrBlocks = new[]\n {\n \"10.1.0.0/16\",\n },\n },\n Fleet = new Gcp.EdgeContainer.Inputs.ClusterFleetArgs\n {\n Project = $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}\",\n },\n });\n\n var nodePool = new Gcp.EdgeContainer.NodePool(\"node_pool\", new()\n {\n Name = \"nodepool-1\",\n Cluster = cluster.Name,\n Location = \"us-central1\",\n NodeLocation = \"us-central1-edge-example-edgesite\",\n NodeCount = 3,\n });\n\n var vpc = new Gcp.Compute.Network(\"vpc\", new()\n {\n Name = \"example-vpc\",\n });\n\n var @default = new Gcp.EdgeContainer.VpnConnection(\"default\", new()\n {\n Name = \"vpn-connection-1\",\n Location = \"us-central1\",\n Cluster = Output.Tuple(project, cluster.Name).Apply(values =\u003e\n {\n var project = values.Item1;\n var name = values.Item2;\n return $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/locations/us-east1/clusters/{name}\";\n }),\n Vpc = vpc.Name,\n EnableHighAvailability = true,\n Labels = \n {\n { \"my_key\", \"my_val\" },\n { \"other_key\", \"other_val\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n nodePool,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/edgecontainer\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcluster, err := edgecontainer.NewCluster(ctx, \"cluster\", \u0026edgecontainer.ClusterArgs{\n\t\t\tName: pulumi.String(\"default\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tAuthorization: \u0026edgecontainer.ClusterAuthorizationArgs{\n\t\t\t\tAdminUsers: \u0026edgecontainer.ClusterAuthorizationAdminUsersArgs{\n\t\t\t\t\tUsername: pulumi.String(\"admin@hashicorptest.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworking: \u0026edgecontainer.ClusterNetworkingArgs{\n\t\t\t\tClusterIpv4CidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.0.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tServicesIpv4CidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.1.0.0/16\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tFleet: \u0026edgecontainer.ClusterFleetArgs{\n\t\t\t\tProject: pulumi.Sprintf(\"projects/%v\", project.Number),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnodePool, err := edgecontainer.NewNodePool(ctx, \"node_pool\", \u0026edgecontainer.NodePoolArgs{\n\t\t\tName: pulumi.String(\"nodepool-1\"),\n\t\t\tCluster: cluster.Name,\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tNodeLocation: pulumi.String(\"us-central1-edge-example-edgesite\"),\n\t\t\tNodeCount: pulumi.Int(3),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpc, err := compute.NewNetwork(ctx, \"vpc\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"example-vpc\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = edgecontainer.NewVpnConnection(ctx, \"default\", \u0026edgecontainer.VpnConnectionArgs{\n\t\t\tName: pulumi.String(\"vpn-connection-1\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tCluster: cluster.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/%v/locations/us-east1/clusters/%v\", project.Number, name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tVpc: vpc.Name,\n\t\t\tEnableHighAvailability: pulumi.Bool(true),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"my_key\": pulumi.String(\"my_val\"),\n\t\t\t\t\"other_key\": pulumi.String(\"other_val\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tnodePool,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.edgecontainer.Cluster;\nimport com.pulumi.gcp.edgecontainer.ClusterArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterAuthorizationArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterAuthorizationAdminUsersArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterNetworkingArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterFleetArgs;\nimport com.pulumi.gcp.edgecontainer.NodePool;\nimport com.pulumi.gcp.edgecontainer.NodePoolArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.edgecontainer.VpnConnection;\nimport com.pulumi.gcp.edgecontainer.VpnConnectionArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var cluster = new Cluster(\"cluster\", ClusterArgs.builder()\n .name(\"default\")\n .location(\"us-central1\")\n .authorization(ClusterAuthorizationArgs.builder()\n .adminUsers(ClusterAuthorizationAdminUsersArgs.builder()\n .username(\"admin@hashicorptest.com\")\n .build())\n .build())\n .networking(ClusterNetworkingArgs.builder()\n .clusterIpv4CidrBlocks(\"10.0.0.0/16\")\n .servicesIpv4CidrBlocks(\"10.1.0.0/16\")\n .build())\n .fleet(ClusterFleetArgs.builder()\n .project(String.format(\"projects/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build())\n .build());\n\n var nodePool = new NodePool(\"nodePool\", NodePoolArgs.builder()\n .name(\"nodepool-1\")\n .cluster(cluster.name())\n .location(\"us-central1\")\n .nodeLocation(\"us-central1-edge-example-edgesite\")\n .nodeCount(3)\n .build());\n\n var vpc = new Network(\"vpc\", NetworkArgs.builder()\n .name(\"example-vpc\")\n .build());\n\n var default_ = new VpnConnection(\"default\", VpnConnectionArgs.builder()\n .name(\"vpn-connection-1\")\n .location(\"us-central1\")\n .cluster(cluster.name().applyValue(name -\u003e String.format(\"projects/%s/locations/us-east1/clusters/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number()),name)))\n .vpc(vpc.name())\n .enableHighAvailability(true)\n .labels(Map.ofEntries(\n Map.entry(\"my_key\", \"my_val\"),\n Map.entry(\"other_key\", \"other_val\")\n ))\n .build(), CustomResourceOptions.builder()\n .dependsOn(nodePool)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cluster:\n type: gcp:edgecontainer:Cluster\n properties:\n name: default\n location: us-central1\n authorization:\n adminUsers:\n username: admin@hashicorptest.com\n networking:\n clusterIpv4CidrBlocks:\n - 10.0.0.0/16\n servicesIpv4CidrBlocks:\n - 10.1.0.0/16\n fleet:\n project: projects/${project.number}\n nodePool:\n type: gcp:edgecontainer:NodePool\n name: node_pool\n properties:\n name: nodepool-1\n cluster: ${cluster.name}\n location: us-central1\n nodeLocation: us-central1-edge-example-edgesite\n nodeCount: 3\n default:\n type: gcp:edgecontainer:VpnConnection\n properties:\n name: vpn-connection-1\n location: us-central1\n cluster: projects/${project.number}/locations/us-east1/clusters/${cluster.name}\n vpc: ${vpc.name}\n enableHighAvailability: true\n labels:\n my_key: my_val\n other_key: other_val\n options:\n dependson:\n - ${nodePool}\n vpc:\n type: gcp:compute:Network\n properties:\n name: example-vpc\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nVpnConnection can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/vpnConnections/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, VpnConnection can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:edgecontainer/vpnConnection:VpnConnection default projects/{{project}}/locations/{{location}}/vpnConnections/{{name}}\n```\n\n```sh\n$ pulumi import gcp:edgecontainer/vpnConnection:VpnConnection default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:edgecontainer/vpnConnection:VpnConnection default {{location}}/{{name}}\n```\n\n", + "description": "A VPN connection\n\n\nTo get more information about VpnConnection, see:\n\n* [API documentation](https://cloud.google.com/distributed-cloud/edge/latest/docs/reference/container/rest/v1/projects.locations.vpnConnections)\n* How-to Guides\n * [Google Distributed Cloud Edge](https://cloud.google.com/distributed-cloud/edge/latest/docs)\n\n## Example Usage\n\n### Edgecontainer Vpn Connection\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst cluster = new gcp.edgecontainer.Cluster(\"cluster\", {\n name: \"default\",\n location: \"us-central1\",\n authorization: {\n adminUsers: {\n username: \"admin@hashicorptest.com\",\n },\n },\n networking: {\n clusterIpv4CidrBlocks: [\"10.0.0.0/16\"],\n servicesIpv4CidrBlocks: [\"10.1.0.0/16\"],\n },\n fleet: {\n project: project.then(project =\u003e `projects/${project.number}`),\n },\n});\nconst nodePool = new gcp.edgecontainer.NodePool(\"node_pool\", {\n name: \"nodepool-1\",\n cluster: cluster.name,\n location: \"us-central1\",\n nodeLocation: \"us-central1-edge-example-edgesite\",\n nodeCount: 3,\n});\nconst vpc = new gcp.compute.Network(\"vpc\", {name: \"example-vpc\"});\nconst _default = new gcp.edgecontainer.VpnConnection(\"default\", {\n name: \"vpn-connection-1\",\n location: \"us-central1\",\n cluster: pulumi.all([project, cluster.name]).apply(([project, name]) =\u003e `projects/${project.number}/locations/us-east1/clusters/${name}`),\n vpc: vpc.name,\n enableHighAvailability: true,\n labels: {\n my_key: \"my_val\",\n other_key: \"other_val\",\n },\n}, {\n dependsOn: [nodePool],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ncluster = gcp.edgecontainer.Cluster(\"cluster\",\n name=\"default\",\n location=\"us-central1\",\n authorization={\n \"admin_users\": {\n \"username\": \"admin@hashicorptest.com\",\n },\n },\n networking={\n \"cluster_ipv4_cidr_blocks\": [\"10.0.0.0/16\"],\n \"services_ipv4_cidr_blocks\": [\"10.1.0.0/16\"],\n },\n fleet={\n \"project\": f\"projects/{project.number}\",\n })\nnode_pool = gcp.edgecontainer.NodePool(\"node_pool\",\n name=\"nodepool-1\",\n cluster=cluster.name,\n location=\"us-central1\",\n node_location=\"us-central1-edge-example-edgesite\",\n node_count=3)\nvpc = gcp.compute.Network(\"vpc\", name=\"example-vpc\")\ndefault = gcp.edgecontainer.VpnConnection(\"default\",\n name=\"vpn-connection-1\",\n location=\"us-central1\",\n cluster=cluster.name.apply(lambda name: f\"projects/{project.number}/locations/us-east1/clusters/{name}\"),\n vpc=vpc.name,\n enable_high_availability=True,\n labels={\n \"my_key\": \"my_val\",\n \"other_key\": \"other_val\",\n },\n opts = pulumi.ResourceOptions(depends_on=[node_pool]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var cluster = new Gcp.EdgeContainer.Cluster(\"cluster\", new()\n {\n Name = \"default\",\n Location = \"us-central1\",\n Authorization = new Gcp.EdgeContainer.Inputs.ClusterAuthorizationArgs\n {\n AdminUsers = new Gcp.EdgeContainer.Inputs.ClusterAuthorizationAdminUsersArgs\n {\n Username = \"admin@hashicorptest.com\",\n },\n },\n Networking = new Gcp.EdgeContainer.Inputs.ClusterNetworkingArgs\n {\n ClusterIpv4CidrBlocks = new[]\n {\n \"10.0.0.0/16\",\n },\n ServicesIpv4CidrBlocks = new[]\n {\n \"10.1.0.0/16\",\n },\n },\n Fleet = new Gcp.EdgeContainer.Inputs.ClusterFleetArgs\n {\n Project = $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}\",\n },\n });\n\n var nodePool = new Gcp.EdgeContainer.NodePool(\"node_pool\", new()\n {\n Name = \"nodepool-1\",\n Cluster = cluster.Name,\n Location = \"us-central1\",\n NodeLocation = \"us-central1-edge-example-edgesite\",\n NodeCount = 3,\n });\n\n var vpc = new Gcp.Compute.Network(\"vpc\", new()\n {\n Name = \"example-vpc\",\n });\n\n var @default = new Gcp.EdgeContainer.VpnConnection(\"default\", new()\n {\n Name = \"vpn-connection-1\",\n Location = \"us-central1\",\n Cluster = Output.Tuple(project, cluster.Name).Apply(values =\u003e\n {\n var project = values.Item1;\n var name = values.Item2;\n return $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/locations/us-east1/clusters/{name}\";\n }),\n Vpc = vpc.Name,\n EnableHighAvailability = true,\n Labels = \n {\n { \"my_key\", \"my_val\" },\n { \"other_key\", \"other_val\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n nodePool,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/edgecontainer\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcluster, err := edgecontainer.NewCluster(ctx, \"cluster\", \u0026edgecontainer.ClusterArgs{\n\t\t\tName: pulumi.String(\"default\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tAuthorization: \u0026edgecontainer.ClusterAuthorizationArgs{\n\t\t\t\tAdminUsers: \u0026edgecontainer.ClusterAuthorizationAdminUsersArgs{\n\t\t\t\t\tUsername: pulumi.String(\"admin@hashicorptest.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworking: \u0026edgecontainer.ClusterNetworkingArgs{\n\t\t\t\tClusterIpv4CidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.0.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tServicesIpv4CidrBlocks: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.1.0.0/16\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tFleet: \u0026edgecontainer.ClusterFleetArgs{\n\t\t\t\tProject: pulumi.Sprintf(\"projects/%v\", project.Number),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnodePool, err := edgecontainer.NewNodePool(ctx, \"node_pool\", \u0026edgecontainer.NodePoolArgs{\n\t\t\tName: pulumi.String(\"nodepool-1\"),\n\t\t\tCluster: cluster.Name,\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tNodeLocation: pulumi.String(\"us-central1-edge-example-edgesite\"),\n\t\t\tNodeCount: pulumi.Int(3),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpc, err := compute.NewNetwork(ctx, \"vpc\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"example-vpc\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = edgecontainer.NewVpnConnection(ctx, \"default\", \u0026edgecontainer.VpnConnectionArgs{\n\t\t\tName: pulumi.String(\"vpn-connection-1\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tCluster: cluster.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/%v/locations/us-east1/clusters/%v\", project.Number, name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tVpc: vpc.Name,\n\t\t\tEnableHighAvailability: pulumi.Bool(true),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"my_key\": pulumi.String(\"my_val\"),\n\t\t\t\t\"other_key\": pulumi.String(\"other_val\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tnodePool,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.edgecontainer.Cluster;\nimport com.pulumi.gcp.edgecontainer.ClusterArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterAuthorizationArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterAuthorizationAdminUsersArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterNetworkingArgs;\nimport com.pulumi.gcp.edgecontainer.inputs.ClusterFleetArgs;\nimport com.pulumi.gcp.edgecontainer.NodePool;\nimport com.pulumi.gcp.edgecontainer.NodePoolArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.edgecontainer.VpnConnection;\nimport com.pulumi.gcp.edgecontainer.VpnConnectionArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var cluster = new Cluster(\"cluster\", ClusterArgs.builder()\n .name(\"default\")\n .location(\"us-central1\")\n .authorization(ClusterAuthorizationArgs.builder()\n .adminUsers(ClusterAuthorizationAdminUsersArgs.builder()\n .username(\"admin@hashicorptest.com\")\n .build())\n .build())\n .networking(ClusterNetworkingArgs.builder()\n .clusterIpv4CidrBlocks(\"10.0.0.0/16\")\n .servicesIpv4CidrBlocks(\"10.1.0.0/16\")\n .build())\n .fleet(ClusterFleetArgs.builder()\n .project(String.format(\"projects/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build())\n .build());\n\n var nodePool = new NodePool(\"nodePool\", NodePoolArgs.builder()\n .name(\"nodepool-1\")\n .cluster(cluster.name())\n .location(\"us-central1\")\n .nodeLocation(\"us-central1-edge-example-edgesite\")\n .nodeCount(3)\n .build());\n\n var vpc = new Network(\"vpc\", NetworkArgs.builder()\n .name(\"example-vpc\")\n .build());\n\n var default_ = new VpnConnection(\"default\", VpnConnectionArgs.builder()\n .name(\"vpn-connection-1\")\n .location(\"us-central1\")\n .cluster(cluster.name().applyValue(name -\u003e String.format(\"projects/%s/locations/us-east1/clusters/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number()),name)))\n .vpc(vpc.name())\n .enableHighAvailability(true)\n .labels(Map.ofEntries(\n Map.entry(\"my_key\", \"my_val\"),\n Map.entry(\"other_key\", \"other_val\")\n ))\n .build(), CustomResourceOptions.builder()\n .dependsOn(nodePool)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cluster:\n type: gcp:edgecontainer:Cluster\n properties:\n name: default\n location: us-central1\n authorization:\n adminUsers:\n username: admin@hashicorptest.com\n networking:\n clusterIpv4CidrBlocks:\n - 10.0.0.0/16\n servicesIpv4CidrBlocks:\n - 10.1.0.0/16\n fleet:\n project: projects/${project.number}\n nodePool:\n type: gcp:edgecontainer:NodePool\n name: node_pool\n properties:\n name: nodepool-1\n cluster: ${cluster.name}\n location: us-central1\n nodeLocation: us-central1-edge-example-edgesite\n nodeCount: 3\n default:\n type: gcp:edgecontainer:VpnConnection\n properties:\n name: vpn-connection-1\n location: us-central1\n cluster: projects/${project.number}/locations/us-east1/clusters/${cluster.name}\n vpc: ${vpc.name}\n enableHighAvailability: true\n labels:\n my_key: my_val\n other_key: other_val\n options:\n dependsOn:\n - ${nodePool}\n vpc:\n type: gcp:compute:Network\n properties:\n name: example-vpc\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nVpnConnection can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/vpnConnections/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, VpnConnection can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:edgecontainer/vpnConnection:VpnConnection default projects/{{project}}/locations/{{location}}/vpnConnections/{{name}}\n```\n\n```sh\n$ pulumi import gcp:edgecontainer/vpnConnection:VpnConnection default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:edgecontainer/vpnConnection:VpnConnection default {{location}}/{{name}}\n```\n\n", "properties": { "cluster": { "type": "string", @@ -209600,7 +209600,7 @@ } }, "gcp:edgenetwork/network:Network": { - "description": "A Distributed Cloud Edge network, which provides L3 isolation within a zone.\n\n\nTo get more information about Network, see:\n\n* [API documentation](https://cloud.google.com/distributed-cloud/edge/latest/docs/reference/network/rest/v1/projects.locations.zones.networks)\n* How-to Guides\n * [Create and manage networks](https://cloud.google.com/distributed-cloud/edge/latest/docs/networks#api)\n\n## Example Usage\n\n### Edgenetwork Network\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst exampleNetwork = new gcp.edgenetwork.Network(\"example_network\", {\n networkId: \"example-network\",\n location: \"us-west1\",\n zone: \"\",\n description: \"Example network.\",\n mtu: 9000,\n labels: {\n environment: \"dev\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample_network = gcp.edgenetwork.Network(\"example_network\",\n network_id=\"example-network\",\n location=\"us-west1\",\n zone=\"\",\n description=\"Example network.\",\n mtu=9000,\n labels={\n \"environment\": \"dev\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleNetwork = new Gcp.EdgeNetwork.Network(\"example_network\", new()\n {\n NetworkId = \"example-network\",\n Location = \"us-west1\",\n Zone = \"\",\n Description = \"Example network.\",\n Mtu = 9000,\n Labels = \n {\n { \"environment\", \"dev\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/edgenetwork\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := edgenetwork.NewNetwork(ctx, \"example_network\", \u0026edgenetwork.NetworkArgs{\n\t\t\tNetworkId: pulumi.String(\"example-network\"),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tZone: pulumi.String(\"\"),\n\t\t\tDescription: pulumi.String(\"Example network.\"),\n\t\t\tMtu: pulumi.Int(9000),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"environment\": pulumi.String(\"dev\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.edgenetwork.Network;\nimport com.pulumi.gcp.edgenetwork.NetworkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleNetwork = new Network(\"exampleNetwork\", NetworkArgs.builder()\n .networkId(\"example-network\")\n .location(\"us-west1\")\n .zone(\"\")\n .description(\"Example network.\")\n .mtu(9000)\n .labels(Map.of(\"environment\", \"dev\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleNetwork:\n type: gcp:edgenetwork:Network\n name: example_network\n properties:\n networkId: example-network\n location: us-west1\n zone:\n description: Example network.\n mtu: 9000\n labels:\n environment: dev\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nNetwork can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/zones/{{zone}}/networks/{{network_id}}`\n\n* `{{project}}/{{location}}/{{zone}}/{{network_id}}`\n\n* `{{location}}/{{zone}}/{{network_id}}`\n\n* `{{location}}/{{network_id}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Network can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:edgenetwork/network:Network default projects/{{project}}/locations/{{location}}/zones/{{zone}}/networks/{{network_id}}\n```\n\n```sh\n$ pulumi import gcp:edgenetwork/network:Network default {{project}}/{{location}}/{{zone}}/{{network_id}}\n```\n\n```sh\n$ pulumi import gcp:edgenetwork/network:Network default {{location}}/{{zone}}/{{network_id}}\n```\n\n```sh\n$ pulumi import gcp:edgenetwork/network:Network default {{location}}/{{network_id}}\n```\n\n```sh\n$ pulumi import gcp:edgenetwork/network:Network default {{name}}\n```\n\n", + "description": "A Distributed Cloud Edge network, which provides L3 isolation within a zone.\n\n\nTo get more information about Network, see:\n\n* [API documentation](https://cloud.google.com/distributed-cloud/edge/latest/docs/reference/network/rest/v1/projects.locations.zones.networks)\n* How-to Guides\n * [Create and manage networks](https://cloud.google.com/distributed-cloud/edge/latest/docs/networks#api)\n\n## Example Usage\n\n### Edgenetwork Network\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst exampleNetwork = new gcp.edgenetwork.Network(\"example_network\", {\n networkId: \"example-network\",\n location: \"us-west1\",\n zone: \"\",\n description: \"Example network.\",\n mtu: 9000,\n labels: {\n environment: \"dev\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample_network = gcp.edgenetwork.Network(\"example_network\",\n network_id=\"example-network\",\n location=\"us-west1\",\n zone=\"\",\n description=\"Example network.\",\n mtu=9000,\n labels={\n \"environment\": \"dev\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleNetwork = new Gcp.EdgeNetwork.Network(\"example_network\", new()\n {\n NetworkId = \"example-network\",\n Location = \"us-west1\",\n Zone = \"\",\n Description = \"Example network.\",\n Mtu = 9000,\n Labels = \n {\n { \"environment\", \"dev\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/edgenetwork\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := edgenetwork.NewNetwork(ctx, \"example_network\", \u0026edgenetwork.NetworkArgs{\n\t\t\tNetworkId: pulumi.String(\"example-network\"),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tZone: pulumi.String(\"\"),\n\t\t\tDescription: pulumi.String(\"Example network.\"),\n\t\t\tMtu: pulumi.Int(9000),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"environment\": pulumi.String(\"dev\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.edgenetwork.Network;\nimport com.pulumi.gcp.edgenetwork.NetworkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleNetwork = new Network(\"exampleNetwork\", NetworkArgs.builder()\n .networkId(\"example-network\")\n .location(\"us-west1\")\n .zone(\"\")\n .description(\"Example network.\")\n .mtu(9000)\n .labels(Map.of(\"environment\", \"dev\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleNetwork:\n type: gcp:edgenetwork:Network\n name: example_network\n properties:\n networkId: example-network\n location: us-west1\n zone: \"\"\n description: Example network.\n mtu: 9000\n labels:\n environment: dev\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nNetwork can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/zones/{{zone}}/networks/{{network_id}}`\n\n* `{{project}}/{{location}}/{{zone}}/{{network_id}}`\n\n* `{{location}}/{{zone}}/{{network_id}}`\n\n* `{{location}}/{{network_id}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Network can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:edgenetwork/network:Network default projects/{{project}}/locations/{{location}}/zones/{{zone}}/networks/{{network_id}}\n```\n\n```sh\n$ pulumi import gcp:edgenetwork/network:Network default {{project}}/{{location}}/{{zone}}/{{network_id}}\n```\n\n```sh\n$ pulumi import gcp:edgenetwork/network:Network default {{location}}/{{zone}}/{{network_id}}\n```\n\n```sh\n$ pulumi import gcp:edgenetwork/network:Network default {{location}}/{{network_id}}\n```\n\n```sh\n$ pulumi import gcp:edgenetwork/network:Network default {{name}}\n```\n\n", "properties": { "createTime": { "type": "string", @@ -209791,7 +209791,7 @@ } }, "gcp:edgenetwork/subnet:Subnet": { - "description": "A Distributed Cloud Edge subnet, which provides L2 isolation within a network.\n\n\nTo get more information about Subnet, see:\n\n* [API documentation](https://cloud.google.com/distributed-cloud/edge/latest/docs/reference/network/rest/v1/projects.locations.zones.subnets)\n* How-to Guides\n * [Create and manage subnetworks](https://cloud.google.com/distributed-cloud/edge/latest/docs/subnetworks#api)\n\n## Example Usage\n\n### Edgenetwork Subnet\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst exampleNetwork = new gcp.edgenetwork.Network(\"example_network\", {\n networkId: \"example-network\",\n location: \"us-west1\",\n zone: \"\",\n description: \"Example network.\",\n mtu: 9000,\n});\nconst exampleSubnet = new gcp.edgenetwork.Subnet(\"example_subnet\", {\n subnetId: \"example-subnet\",\n location: \"us-west1\",\n zone: \"\",\n description: \"Example subnet.\",\n network: exampleNetwork.id,\n ipv4Cidrs: [\"4.4.4.1/24\"],\n labels: {\n environment: \"dev\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample_network = gcp.edgenetwork.Network(\"example_network\",\n network_id=\"example-network\",\n location=\"us-west1\",\n zone=\"\",\n description=\"Example network.\",\n mtu=9000)\nexample_subnet = gcp.edgenetwork.Subnet(\"example_subnet\",\n subnet_id=\"example-subnet\",\n location=\"us-west1\",\n zone=\"\",\n description=\"Example subnet.\",\n network=example_network.id,\n ipv4_cidrs=[\"4.4.4.1/24\"],\n labels={\n \"environment\": \"dev\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleNetwork = new Gcp.EdgeNetwork.Network(\"example_network\", new()\n {\n NetworkId = \"example-network\",\n Location = \"us-west1\",\n Zone = \"\",\n Description = \"Example network.\",\n Mtu = 9000,\n });\n\n var exampleSubnet = new Gcp.EdgeNetwork.Subnet(\"example_subnet\", new()\n {\n SubnetId = \"example-subnet\",\n Location = \"us-west1\",\n Zone = \"\",\n Description = \"Example subnet.\",\n Network = exampleNetwork.Id,\n Ipv4Cidrs = new[]\n {\n \"4.4.4.1/24\",\n },\n Labels = \n {\n { \"environment\", \"dev\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/edgenetwork\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleNetwork, err := edgenetwork.NewNetwork(ctx, \"example_network\", \u0026edgenetwork.NetworkArgs{\n\t\t\tNetworkId: pulumi.String(\"example-network\"),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tZone: pulumi.String(\"\"),\n\t\t\tDescription: pulumi.String(\"Example network.\"),\n\t\t\tMtu: pulumi.Int(9000),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = edgenetwork.NewSubnet(ctx, \"example_subnet\", \u0026edgenetwork.SubnetArgs{\n\t\t\tSubnetId: pulumi.String(\"example-subnet\"),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tZone: pulumi.String(\"\"),\n\t\t\tDescription: pulumi.String(\"Example subnet.\"),\n\t\t\tNetwork: exampleNetwork.ID(),\n\t\t\tIpv4Cidrs: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"4.4.4.1/24\"),\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"environment\": pulumi.String(\"dev\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.edgenetwork.Network;\nimport com.pulumi.gcp.edgenetwork.NetworkArgs;\nimport com.pulumi.gcp.edgenetwork.Subnet;\nimport com.pulumi.gcp.edgenetwork.SubnetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleNetwork = new Network(\"exampleNetwork\", NetworkArgs.builder()\n .networkId(\"example-network\")\n .location(\"us-west1\")\n .zone(\"\")\n .description(\"Example network.\")\n .mtu(9000)\n .build());\n\n var exampleSubnet = new Subnet(\"exampleSubnet\", SubnetArgs.builder()\n .subnetId(\"example-subnet\")\n .location(\"us-west1\")\n .zone(\"\")\n .description(\"Example subnet.\")\n .network(exampleNetwork.id())\n .ipv4Cidrs(\"4.4.4.1/24\")\n .labels(Map.of(\"environment\", \"dev\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleSubnet:\n type: gcp:edgenetwork:Subnet\n name: example_subnet\n properties:\n subnetId: example-subnet\n location: us-west1\n zone:\n description: Example subnet.\n network: ${exampleNetwork.id}\n ipv4Cidrs:\n - 4.4.4.1/24\n labels:\n environment: dev\n exampleNetwork:\n type: gcp:edgenetwork:Network\n name: example_network\n properties:\n networkId: example-network\n location: us-west1\n zone:\n description: Example network.\n mtu: 9000\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Edgenetwork Subnet With Vlan Id\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst exampleNetwork = new gcp.edgenetwork.Network(\"example_network\", {\n networkId: \"example-network\",\n location: \"us-west1\",\n zone: \"\",\n description: \"Example network.\",\n mtu: 9000,\n});\nconst exampleSubnetWithVlanId = new gcp.edgenetwork.Subnet(\"example_subnet_with_vlan_id\", {\n subnetId: \"example-subnet-with-vlan-id\",\n location: \"us-west1\",\n zone: \"\",\n description: \"Example subnet with VLAN ID.\",\n network: exampleNetwork.id,\n ipv6Cidrs: [\"4444:4444:4444:4444::1/64\"],\n vlanId: 44,\n labels: {\n environment: \"dev\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample_network = gcp.edgenetwork.Network(\"example_network\",\n network_id=\"example-network\",\n location=\"us-west1\",\n zone=\"\",\n description=\"Example network.\",\n mtu=9000)\nexample_subnet_with_vlan_id = gcp.edgenetwork.Subnet(\"example_subnet_with_vlan_id\",\n subnet_id=\"example-subnet-with-vlan-id\",\n location=\"us-west1\",\n zone=\"\",\n description=\"Example subnet with VLAN ID.\",\n network=example_network.id,\n ipv6_cidrs=[\"4444:4444:4444:4444::1/64\"],\n vlan_id=44,\n labels={\n \"environment\": \"dev\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleNetwork = new Gcp.EdgeNetwork.Network(\"example_network\", new()\n {\n NetworkId = \"example-network\",\n Location = \"us-west1\",\n Zone = \"\",\n Description = \"Example network.\",\n Mtu = 9000,\n });\n\n var exampleSubnetWithVlanId = new Gcp.EdgeNetwork.Subnet(\"example_subnet_with_vlan_id\", new()\n {\n SubnetId = \"example-subnet-with-vlan-id\",\n Location = \"us-west1\",\n Zone = \"\",\n Description = \"Example subnet with VLAN ID.\",\n Network = exampleNetwork.Id,\n Ipv6Cidrs = new[]\n {\n \"4444:4444:4444:4444::1/64\",\n },\n VlanId = 44,\n Labels = \n {\n { \"environment\", \"dev\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/edgenetwork\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleNetwork, err := edgenetwork.NewNetwork(ctx, \"example_network\", \u0026edgenetwork.NetworkArgs{\n\t\t\tNetworkId: pulumi.String(\"example-network\"),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tZone: pulumi.String(\"\"),\n\t\t\tDescription: pulumi.String(\"Example network.\"),\n\t\t\tMtu: pulumi.Int(9000),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = edgenetwork.NewSubnet(ctx, \"example_subnet_with_vlan_id\", \u0026edgenetwork.SubnetArgs{\n\t\t\tSubnetId: pulumi.String(\"example-subnet-with-vlan-id\"),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tZone: pulumi.String(\"\"),\n\t\t\tDescription: pulumi.String(\"Example subnet with VLAN ID.\"),\n\t\t\tNetwork: exampleNetwork.ID(),\n\t\t\tIpv6Cidrs: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"4444:4444:4444:4444::1/64\"),\n\t\t\t},\n\t\t\tVlanId: pulumi.Int(44),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"environment\": pulumi.String(\"dev\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.edgenetwork.Network;\nimport com.pulumi.gcp.edgenetwork.NetworkArgs;\nimport com.pulumi.gcp.edgenetwork.Subnet;\nimport com.pulumi.gcp.edgenetwork.SubnetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleNetwork = new Network(\"exampleNetwork\", NetworkArgs.builder()\n .networkId(\"example-network\")\n .location(\"us-west1\")\n .zone(\"\")\n .description(\"Example network.\")\n .mtu(9000)\n .build());\n\n var exampleSubnetWithVlanId = new Subnet(\"exampleSubnetWithVlanId\", SubnetArgs.builder()\n .subnetId(\"example-subnet-with-vlan-id\")\n .location(\"us-west1\")\n .zone(\"\")\n .description(\"Example subnet with VLAN ID.\")\n .network(exampleNetwork.id())\n .ipv6Cidrs(\"4444:4444:4444:4444::1/64\")\n .vlanId(44)\n .labels(Map.of(\"environment\", \"dev\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleSubnetWithVlanId:\n type: gcp:edgenetwork:Subnet\n name: example_subnet_with_vlan_id\n properties:\n subnetId: example-subnet-with-vlan-id\n location: us-west1\n zone:\n description: Example subnet with VLAN ID.\n network: ${exampleNetwork.id}\n ipv6Cidrs:\n - 4444:4444:4444:4444::1/64\n vlanId: 44\n labels:\n environment: dev\n exampleNetwork:\n type: gcp:edgenetwork:Network\n name: example_network\n properties:\n networkId: example-network\n location: us-west1\n zone:\n description: Example network.\n mtu: 9000\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nSubnet can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/zones/{{zone}}/subnets/{{subnet_id}}`\n\n* `{{project}}/{{location}}/{{zone}}/{{subnet_id}}`\n\n* `{{location}}/{{zone}}/{{subnet_id}}`\n\n* `{{location}}/{{subnet_id}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Subnet can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:edgenetwork/subnet:Subnet default projects/{{project}}/locations/{{location}}/zones/{{zone}}/subnets/{{subnet_id}}\n```\n\n```sh\n$ pulumi import gcp:edgenetwork/subnet:Subnet default {{project}}/{{location}}/{{zone}}/{{subnet_id}}\n```\n\n```sh\n$ pulumi import gcp:edgenetwork/subnet:Subnet default {{location}}/{{zone}}/{{subnet_id}}\n```\n\n```sh\n$ pulumi import gcp:edgenetwork/subnet:Subnet default {{location}}/{{subnet_id}}\n```\n\n```sh\n$ pulumi import gcp:edgenetwork/subnet:Subnet default {{name}}\n```\n\n", + "description": "A Distributed Cloud Edge subnet, which provides L2 isolation within a network.\n\n\nTo get more information about Subnet, see:\n\n* [API documentation](https://cloud.google.com/distributed-cloud/edge/latest/docs/reference/network/rest/v1/projects.locations.zones.subnets)\n* How-to Guides\n * [Create and manage subnetworks](https://cloud.google.com/distributed-cloud/edge/latest/docs/subnetworks#api)\n\n## Example Usage\n\n### Edgenetwork Subnet\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst exampleNetwork = new gcp.edgenetwork.Network(\"example_network\", {\n networkId: \"example-network\",\n location: \"us-west1\",\n zone: \"\",\n description: \"Example network.\",\n mtu: 9000,\n});\nconst exampleSubnet = new gcp.edgenetwork.Subnet(\"example_subnet\", {\n subnetId: \"example-subnet\",\n location: \"us-west1\",\n zone: \"\",\n description: \"Example subnet.\",\n network: exampleNetwork.id,\n ipv4Cidrs: [\"4.4.4.1/24\"],\n labels: {\n environment: \"dev\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample_network = gcp.edgenetwork.Network(\"example_network\",\n network_id=\"example-network\",\n location=\"us-west1\",\n zone=\"\",\n description=\"Example network.\",\n mtu=9000)\nexample_subnet = gcp.edgenetwork.Subnet(\"example_subnet\",\n subnet_id=\"example-subnet\",\n location=\"us-west1\",\n zone=\"\",\n description=\"Example subnet.\",\n network=example_network.id,\n ipv4_cidrs=[\"4.4.4.1/24\"],\n labels={\n \"environment\": \"dev\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleNetwork = new Gcp.EdgeNetwork.Network(\"example_network\", new()\n {\n NetworkId = \"example-network\",\n Location = \"us-west1\",\n Zone = \"\",\n Description = \"Example network.\",\n Mtu = 9000,\n });\n\n var exampleSubnet = new Gcp.EdgeNetwork.Subnet(\"example_subnet\", new()\n {\n SubnetId = \"example-subnet\",\n Location = \"us-west1\",\n Zone = \"\",\n Description = \"Example subnet.\",\n Network = exampleNetwork.Id,\n Ipv4Cidrs = new[]\n {\n \"4.4.4.1/24\",\n },\n Labels = \n {\n { \"environment\", \"dev\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/edgenetwork\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleNetwork, err := edgenetwork.NewNetwork(ctx, \"example_network\", \u0026edgenetwork.NetworkArgs{\n\t\t\tNetworkId: pulumi.String(\"example-network\"),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tZone: pulumi.String(\"\"),\n\t\t\tDescription: pulumi.String(\"Example network.\"),\n\t\t\tMtu: pulumi.Int(9000),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = edgenetwork.NewSubnet(ctx, \"example_subnet\", \u0026edgenetwork.SubnetArgs{\n\t\t\tSubnetId: pulumi.String(\"example-subnet\"),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tZone: pulumi.String(\"\"),\n\t\t\tDescription: pulumi.String(\"Example subnet.\"),\n\t\t\tNetwork: exampleNetwork.ID(),\n\t\t\tIpv4Cidrs: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"4.4.4.1/24\"),\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"environment\": pulumi.String(\"dev\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.edgenetwork.Network;\nimport com.pulumi.gcp.edgenetwork.NetworkArgs;\nimport com.pulumi.gcp.edgenetwork.Subnet;\nimport com.pulumi.gcp.edgenetwork.SubnetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleNetwork = new Network(\"exampleNetwork\", NetworkArgs.builder()\n .networkId(\"example-network\")\n .location(\"us-west1\")\n .zone(\"\")\n .description(\"Example network.\")\n .mtu(9000)\n .build());\n\n var exampleSubnet = new Subnet(\"exampleSubnet\", SubnetArgs.builder()\n .subnetId(\"example-subnet\")\n .location(\"us-west1\")\n .zone(\"\")\n .description(\"Example subnet.\")\n .network(exampleNetwork.id())\n .ipv4Cidrs(\"4.4.4.1/24\")\n .labels(Map.of(\"environment\", \"dev\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleSubnet:\n type: gcp:edgenetwork:Subnet\n name: example_subnet\n properties:\n subnetId: example-subnet\n location: us-west1\n zone: \"\"\n description: Example subnet.\n network: ${exampleNetwork.id}\n ipv4Cidrs:\n - 4.4.4.1/24\n labels:\n environment: dev\n exampleNetwork:\n type: gcp:edgenetwork:Network\n name: example_network\n properties:\n networkId: example-network\n location: us-west1\n zone: \"\"\n description: Example network.\n mtu: 9000\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Edgenetwork Subnet With Vlan Id\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst exampleNetwork = new gcp.edgenetwork.Network(\"example_network\", {\n networkId: \"example-network\",\n location: \"us-west1\",\n zone: \"\",\n description: \"Example network.\",\n mtu: 9000,\n});\nconst exampleSubnetWithVlanId = new gcp.edgenetwork.Subnet(\"example_subnet_with_vlan_id\", {\n subnetId: \"example-subnet-with-vlan-id\",\n location: \"us-west1\",\n zone: \"\",\n description: \"Example subnet with VLAN ID.\",\n network: exampleNetwork.id,\n ipv6Cidrs: [\"4444:4444:4444:4444::1/64\"],\n vlanId: 44,\n labels: {\n environment: \"dev\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample_network = gcp.edgenetwork.Network(\"example_network\",\n network_id=\"example-network\",\n location=\"us-west1\",\n zone=\"\",\n description=\"Example network.\",\n mtu=9000)\nexample_subnet_with_vlan_id = gcp.edgenetwork.Subnet(\"example_subnet_with_vlan_id\",\n subnet_id=\"example-subnet-with-vlan-id\",\n location=\"us-west1\",\n zone=\"\",\n description=\"Example subnet with VLAN ID.\",\n network=example_network.id,\n ipv6_cidrs=[\"4444:4444:4444:4444::1/64\"],\n vlan_id=44,\n labels={\n \"environment\": \"dev\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleNetwork = new Gcp.EdgeNetwork.Network(\"example_network\", new()\n {\n NetworkId = \"example-network\",\n Location = \"us-west1\",\n Zone = \"\",\n Description = \"Example network.\",\n Mtu = 9000,\n });\n\n var exampleSubnetWithVlanId = new Gcp.EdgeNetwork.Subnet(\"example_subnet_with_vlan_id\", new()\n {\n SubnetId = \"example-subnet-with-vlan-id\",\n Location = \"us-west1\",\n Zone = \"\",\n Description = \"Example subnet with VLAN ID.\",\n Network = exampleNetwork.Id,\n Ipv6Cidrs = new[]\n {\n \"4444:4444:4444:4444::1/64\",\n },\n VlanId = 44,\n Labels = \n {\n { \"environment\", \"dev\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/edgenetwork\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleNetwork, err := edgenetwork.NewNetwork(ctx, \"example_network\", \u0026edgenetwork.NetworkArgs{\n\t\t\tNetworkId: pulumi.String(\"example-network\"),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tZone: pulumi.String(\"\"),\n\t\t\tDescription: pulumi.String(\"Example network.\"),\n\t\t\tMtu: pulumi.Int(9000),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = edgenetwork.NewSubnet(ctx, \"example_subnet_with_vlan_id\", \u0026edgenetwork.SubnetArgs{\n\t\t\tSubnetId: pulumi.String(\"example-subnet-with-vlan-id\"),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tZone: pulumi.String(\"\"),\n\t\t\tDescription: pulumi.String(\"Example subnet with VLAN ID.\"),\n\t\t\tNetwork: exampleNetwork.ID(),\n\t\t\tIpv6Cidrs: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"4444:4444:4444:4444::1/64\"),\n\t\t\t},\n\t\t\tVlanId: pulumi.Int(44),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"environment\": pulumi.String(\"dev\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.edgenetwork.Network;\nimport com.pulumi.gcp.edgenetwork.NetworkArgs;\nimport com.pulumi.gcp.edgenetwork.Subnet;\nimport com.pulumi.gcp.edgenetwork.SubnetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleNetwork = new Network(\"exampleNetwork\", NetworkArgs.builder()\n .networkId(\"example-network\")\n .location(\"us-west1\")\n .zone(\"\")\n .description(\"Example network.\")\n .mtu(9000)\n .build());\n\n var exampleSubnetWithVlanId = new Subnet(\"exampleSubnetWithVlanId\", SubnetArgs.builder()\n .subnetId(\"example-subnet-with-vlan-id\")\n .location(\"us-west1\")\n .zone(\"\")\n .description(\"Example subnet with VLAN ID.\")\n .network(exampleNetwork.id())\n .ipv6Cidrs(\"4444:4444:4444:4444::1/64\")\n .vlanId(44)\n .labels(Map.of(\"environment\", \"dev\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleSubnetWithVlanId:\n type: gcp:edgenetwork:Subnet\n name: example_subnet_with_vlan_id\n properties:\n subnetId: example-subnet-with-vlan-id\n location: us-west1\n zone: \"\"\n description: Example subnet with VLAN ID.\n network: ${exampleNetwork.id}\n ipv6Cidrs:\n - 4444:4444:4444:4444::1/64\n vlanId: 44\n labels:\n environment: dev\n exampleNetwork:\n type: gcp:edgenetwork:Network\n name: example_network\n properties:\n networkId: example-network\n location: us-west1\n zone: \"\"\n description: Example network.\n mtu: 9000\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nSubnet can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/zones/{{zone}}/subnets/{{subnet_id}}`\n\n* `{{project}}/{{location}}/{{zone}}/{{subnet_id}}`\n\n* `{{location}}/{{zone}}/{{subnet_id}}`\n\n* `{{location}}/{{subnet_id}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Subnet can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:edgenetwork/subnet:Subnet default projects/{{project}}/locations/{{location}}/zones/{{zone}}/subnets/{{subnet_id}}\n```\n\n```sh\n$ pulumi import gcp:edgenetwork/subnet:Subnet default {{project}}/{{location}}/{{zone}}/{{subnet_id}}\n```\n\n```sh\n$ pulumi import gcp:edgenetwork/subnet:Subnet default {{location}}/{{zone}}/{{subnet_id}}\n```\n\n```sh\n$ pulumi import gcp:edgenetwork/subnet:Subnet default {{location}}/{{subnet_id}}\n```\n\n```sh\n$ pulumi import gcp:edgenetwork/subnet:Subnet default {{name}}\n```\n\n", "properties": { "createTime": { "type": "string", @@ -210317,7 +210317,7 @@ } }, "gcp:endpoints/service:Service": { - "description": "This resource creates and rolls out a Cloud Endpoints service using OpenAPI or gRPC. View the relevant docs for [OpenAPI](https://cloud.google.com/endpoints/docs/openapi/) and [gRPC](https://cloud.google.com/endpoints/docs/grpc/).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst openapiService = new gcp.endpoints.Service(\"openapi_service\", {\n serviceName: \"api-name.endpoints.project-id.cloud.goog\",\n project: \"project-id\",\n openapiConfig: std.file({\n input: \"openapi_spec.yml\",\n }).then(invoke =\u003e invoke.result),\n});\nconst grpcService = new gcp.endpoints.Service(\"grpc_service\", {\n serviceName: \"api-name.endpoints.project-id.cloud.goog\",\n project: \"project-id\",\n grpcConfig: std.file({\n input: \"service_spec.yml\",\n }).then(invoke =\u003e invoke.result),\n protocOutputBase64: std.filebase64({\n input: \"compiled_descriptor_file.pb\",\n }).then(invoke =\u003e invoke.result),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nopenapi_service = gcp.endpoints.Service(\"openapi_service\",\n service_name=\"api-name.endpoints.project-id.cloud.goog\",\n project=\"project-id\",\n openapi_config=std.file(input=\"openapi_spec.yml\").result)\ngrpc_service = gcp.endpoints.Service(\"grpc_service\",\n service_name=\"api-name.endpoints.project-id.cloud.goog\",\n project=\"project-id\",\n grpc_config=std.file(input=\"service_spec.yml\").result,\n protoc_output_base64=std.filebase64(input=\"compiled_descriptor_file.pb\").result)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var openapiService = new Gcp.Endpoints.Service(\"openapi_service\", new()\n {\n ServiceName = \"api-name.endpoints.project-id.cloud.goog\",\n Project = \"project-id\",\n OpenapiConfig = Std.File.Invoke(new()\n {\n Input = \"openapi_spec.yml\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n var grpcService = new Gcp.Endpoints.Service(\"grpc_service\", new()\n {\n ServiceName = \"api-name.endpoints.project-id.cloud.goog\",\n Project = \"project-id\",\n GrpcConfig = Std.File.Invoke(new()\n {\n Input = \"service_spec.yml\",\n }).Apply(invoke =\u003e invoke.Result),\n ProtocOutputBase64 = Std.Filebase64.Invoke(new()\n {\n Input = \"compiled_descriptor_file.pb\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"openapi_spec.yml\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = endpoints.NewService(ctx, \"openapi_service\", \u0026endpoints.ServiceArgs{\n\t\t\tServiceName: pulumi.String(\"api-name.endpoints.project-id.cloud.goog\"),\n\t\t\tProject: pulumi.String(\"project-id\"),\n\t\t\tOpenapiConfig: pulumi.String(invokeFile.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"service_spec.yml\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFilebase642, err := std.Filebase64(ctx, \u0026std.Filebase64Args{\n\t\t\tInput: \"compiled_descriptor_file.pb\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = endpoints.NewService(ctx, \"grpc_service\", \u0026endpoints.ServiceArgs{\n\t\t\tServiceName: pulumi.String(\"api-name.endpoints.project-id.cloud.goog\"),\n\t\t\tProject: pulumi.String(\"project-id\"),\n\t\t\tGrpcConfig: pulumi.String(invokeFile1.Result),\n\t\t\tProtocOutputBase64: pulumi.String(invokeFilebase642.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.Service;\nimport com.pulumi.gcp.endpoints.ServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var openapiService = new Service(\"openapiService\", ServiceArgs.builder()\n .serviceName(\"api-name.endpoints.project-id.cloud.goog\")\n .project(\"project-id\")\n .openapiConfig(StdFunctions.file(FileArgs.builder()\n .input(\"openapi_spec.yml\")\n .build()).result())\n .build());\n\n var grpcService = new Service(\"grpcService\", ServiceArgs.builder()\n .serviceName(\"api-name.endpoints.project-id.cloud.goog\")\n .project(\"project-id\")\n .grpcConfig(StdFunctions.file(FileArgs.builder()\n .input(\"service_spec.yml\")\n .build()).result())\n .protocOutputBase64(StdFunctions.filebase64(Filebase64Args.builder()\n .input(\"compiled_descriptor_file.pb\")\n .build()).result())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n openapiService:\n type: gcp:endpoints:Service\n name: openapi_service\n properties:\n serviceName: api-name.endpoints.project-id.cloud.goog\n project: project-id\n openapiConfig:\n fn::invoke:\n Function: std:file\n Arguments:\n input: openapi_spec.yml\n Return: result\n grpcService:\n type: gcp:endpoints:Service\n name: grpc_service\n properties:\n serviceName: api-name.endpoints.project-id.cloud.goog\n project: project-id\n grpcConfig:\n fn::invoke:\n Function: std:file\n Arguments:\n input: service_spec.yml\n Return: result\n protocOutputBase64:\n fn::invoke:\n Function: std:filebase64\n Arguments:\n input: compiled_descriptor_file.pb\n Return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nThe example in `examples/endpoints_on_compute_engine` shows the API from the quickstart running on a Compute Engine VM and reachable through Cloud Endpoints, which may also be useful.\n\n## Import\n\nThis resource does not support import.\n\n", + "description": "This resource creates and rolls out a Cloud Endpoints service using OpenAPI or gRPC. View the relevant docs for [OpenAPI](https://cloud.google.com/endpoints/docs/openapi/) and [gRPC](https://cloud.google.com/endpoints/docs/grpc/).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst openapiService = new gcp.endpoints.Service(\"openapi_service\", {\n serviceName: \"api-name.endpoints.project-id.cloud.goog\",\n project: \"project-id\",\n openapiConfig: std.file({\n input: \"openapi_spec.yml\",\n }).then(invoke =\u003e invoke.result),\n});\nconst grpcService = new gcp.endpoints.Service(\"grpc_service\", {\n serviceName: \"api-name.endpoints.project-id.cloud.goog\",\n project: \"project-id\",\n grpcConfig: std.file({\n input: \"service_spec.yml\",\n }).then(invoke =\u003e invoke.result),\n protocOutputBase64: std.filebase64({\n input: \"compiled_descriptor_file.pb\",\n }).then(invoke =\u003e invoke.result),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nopenapi_service = gcp.endpoints.Service(\"openapi_service\",\n service_name=\"api-name.endpoints.project-id.cloud.goog\",\n project=\"project-id\",\n openapi_config=std.file(input=\"openapi_spec.yml\").result)\ngrpc_service = gcp.endpoints.Service(\"grpc_service\",\n service_name=\"api-name.endpoints.project-id.cloud.goog\",\n project=\"project-id\",\n grpc_config=std.file(input=\"service_spec.yml\").result,\n protoc_output_base64=std.filebase64(input=\"compiled_descriptor_file.pb\").result)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var openapiService = new Gcp.Endpoints.Service(\"openapi_service\", new()\n {\n ServiceName = \"api-name.endpoints.project-id.cloud.goog\",\n Project = \"project-id\",\n OpenapiConfig = Std.File.Invoke(new()\n {\n Input = \"openapi_spec.yml\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n var grpcService = new Gcp.Endpoints.Service(\"grpc_service\", new()\n {\n ServiceName = \"api-name.endpoints.project-id.cloud.goog\",\n Project = \"project-id\",\n GrpcConfig = Std.File.Invoke(new()\n {\n Input = \"service_spec.yml\",\n }).Apply(invoke =\u003e invoke.Result),\n ProtocOutputBase64 = Std.Filebase64.Invoke(new()\n {\n Input = \"compiled_descriptor_file.pb\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"openapi_spec.yml\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = endpoints.NewService(ctx, \"openapi_service\", \u0026endpoints.ServiceArgs{\n\t\t\tServiceName: pulumi.String(\"api-name.endpoints.project-id.cloud.goog\"),\n\t\t\tProject: pulumi.String(\"project-id\"),\n\t\t\tOpenapiConfig: pulumi.String(invokeFile.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"service_spec.yml\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFilebase642, err := std.Filebase64(ctx, \u0026std.Filebase64Args{\n\t\t\tInput: \"compiled_descriptor_file.pb\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = endpoints.NewService(ctx, \"grpc_service\", \u0026endpoints.ServiceArgs{\n\t\t\tServiceName: pulumi.String(\"api-name.endpoints.project-id.cloud.goog\"),\n\t\t\tProject: pulumi.String(\"project-id\"),\n\t\t\tGrpcConfig: pulumi.String(invokeFile1.Result),\n\t\t\tProtocOutputBase64: pulumi.String(invokeFilebase642.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.Service;\nimport com.pulumi.gcp.endpoints.ServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var openapiService = new Service(\"openapiService\", ServiceArgs.builder()\n .serviceName(\"api-name.endpoints.project-id.cloud.goog\")\n .project(\"project-id\")\n .openapiConfig(StdFunctions.file(FileArgs.builder()\n .input(\"openapi_spec.yml\")\n .build()).result())\n .build());\n\n var grpcService = new Service(\"grpcService\", ServiceArgs.builder()\n .serviceName(\"api-name.endpoints.project-id.cloud.goog\")\n .project(\"project-id\")\n .grpcConfig(StdFunctions.file(FileArgs.builder()\n .input(\"service_spec.yml\")\n .build()).result())\n .protocOutputBase64(StdFunctions.filebase64(Filebase64Args.builder()\n .input(\"compiled_descriptor_file.pb\")\n .build()).result())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n openapiService:\n type: gcp:endpoints:Service\n name: openapi_service\n properties:\n serviceName: api-name.endpoints.project-id.cloud.goog\n project: project-id\n openapiConfig:\n fn::invoke:\n function: std:file\n arguments:\n input: openapi_spec.yml\n return: result\n grpcService:\n type: gcp:endpoints:Service\n name: grpc_service\n properties:\n serviceName: api-name.endpoints.project-id.cloud.goog\n project: project-id\n grpcConfig:\n fn::invoke:\n function: std:file\n arguments:\n input: service_spec.yml\n return: result\n protocOutputBase64:\n fn::invoke:\n function: std:filebase64\n arguments:\n input: compiled_descriptor_file.pb\n return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nThe example in `examples/endpoints_on_compute_engine` shows the API from the quickstart running on a Compute Engine VM and reachable through Cloud Endpoints, which may also be useful.\n\n## Import\n\nThis resource does not support import.\n\n", "properties": { "apis": { "type": "array", @@ -210449,7 +210449,7 @@ } }, "gcp:endpoints/serviceIamBinding:ServiceIamBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud Endpoints Service. Each of these resources serves a different use case:\n\n* `gcp.endpoints.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.endpoints.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.endpoints.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.endpoints.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.endpoints.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.endpoints.ServiceIamBinding` and `gcp.endpoints.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.endpoints.ServiceIamBinding` resources **can be** used in conjunction with `gcp.endpoints.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.endpoints.ServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.endpoints.ServiceIamPolicy(\"policy\", {\n serviceName: endpointsService.serviceName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.endpoints.ServiceIamPolicy(\"policy\",\n service_name=endpoints_service[\"serviceName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Endpoints.ServiceIamPolicy(\"policy\", new()\n {\n ServiceName = endpointsService.ServiceName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = endpoints.NewServiceIamPolicy(ctx, \"policy\", \u0026endpoints.ServiceIamPolicyArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicy;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .serviceName(endpointsService.serviceName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:endpoints:ServiceIamPolicy\n properties:\n serviceName: ${endpointsService.serviceName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.endpoints.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.endpoints.ServiceIamBinding(\"binding\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.endpoints.ServiceIamBinding(\"binding\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Endpoints.ServiceIamBinding(\"binding\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamBinding(ctx, \"binding\", \u0026endpoints.ServiceIamBindingArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamBinding;\nimport com.pulumi.gcp.endpoints.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:endpoints:ServiceIamBinding\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.endpoints.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.endpoints.ServiceIamMember(\"member\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.endpoints.ServiceIamMember(\"member\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Endpoints.ServiceIamMember(\"member\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamMember(ctx, \"member\", \u0026endpoints.ServiceIamMemberArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamMember;\nimport com.pulumi.gcp.endpoints.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:endpoints:ServiceIamMember\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Cloud Endpoints Service\nThree different resources help you manage your IAM policy for Cloud Endpoints Service. Each of these resources serves a different use case:\n\n* `gcp.endpoints.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.endpoints.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.endpoints.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.endpoints.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.endpoints.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.endpoints.ServiceIamBinding` and `gcp.endpoints.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.endpoints.ServiceIamBinding` resources **can be** used in conjunction with `gcp.endpoints.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.endpoints.ServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.endpoints.ServiceIamPolicy(\"policy\", {\n serviceName: endpointsService.serviceName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.endpoints.ServiceIamPolicy(\"policy\",\n service_name=endpoints_service[\"serviceName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Endpoints.ServiceIamPolicy(\"policy\", new()\n {\n ServiceName = endpointsService.ServiceName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = endpoints.NewServiceIamPolicy(ctx, \"policy\", \u0026endpoints.ServiceIamPolicyArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicy;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .serviceName(endpointsService.serviceName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:endpoints:ServiceIamPolicy\n properties:\n serviceName: ${endpointsService.serviceName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.endpoints.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.endpoints.ServiceIamBinding(\"binding\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.endpoints.ServiceIamBinding(\"binding\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Endpoints.ServiceIamBinding(\"binding\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamBinding(ctx, \"binding\", \u0026endpoints.ServiceIamBindingArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamBinding;\nimport com.pulumi.gcp.endpoints.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:endpoints:ServiceIamBinding\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.endpoints.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.endpoints.ServiceIamMember(\"member\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.endpoints.ServiceIamMember(\"member\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Endpoints.ServiceIamMember(\"member\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamMember(ctx, \"member\", \u0026endpoints.ServiceIamMemberArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamMember;\nimport com.pulumi.gcp.endpoints.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:endpoints:ServiceIamMember\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* services/{{service_name}}\n\n* {{service_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Endpoints service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamBinding:ServiceIamBinding editor \"services/{{service_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamBinding:ServiceIamBinding editor \"services/{{service_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamBinding:ServiceIamBinding editor services/{{service_name}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Endpoints Service. Each of these resources serves a different use case:\n\n* `gcp.endpoints.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.endpoints.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.endpoints.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.endpoints.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.endpoints.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.endpoints.ServiceIamBinding` and `gcp.endpoints.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.endpoints.ServiceIamBinding` resources **can be** used in conjunction with `gcp.endpoints.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.endpoints.ServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.endpoints.ServiceIamPolicy(\"policy\", {\n serviceName: endpointsService.serviceName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.endpoints.ServiceIamPolicy(\"policy\",\n service_name=endpoints_service[\"serviceName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Endpoints.ServiceIamPolicy(\"policy\", new()\n {\n ServiceName = endpointsService.ServiceName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = endpoints.NewServiceIamPolicy(ctx, \"policy\", \u0026endpoints.ServiceIamPolicyArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicy;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .serviceName(endpointsService.serviceName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:endpoints:ServiceIamPolicy\n properties:\n serviceName: ${endpointsService.serviceName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.endpoints.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.endpoints.ServiceIamBinding(\"binding\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.endpoints.ServiceIamBinding(\"binding\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Endpoints.ServiceIamBinding(\"binding\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamBinding(ctx, \"binding\", \u0026endpoints.ServiceIamBindingArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamBinding;\nimport com.pulumi.gcp.endpoints.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:endpoints:ServiceIamBinding\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.endpoints.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.endpoints.ServiceIamMember(\"member\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.endpoints.ServiceIamMember(\"member\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Endpoints.ServiceIamMember(\"member\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamMember(ctx, \"member\", \u0026endpoints.ServiceIamMemberArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamMember;\nimport com.pulumi.gcp.endpoints.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:endpoints:ServiceIamMember\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Cloud Endpoints Service\nThree different resources help you manage your IAM policy for Cloud Endpoints Service. Each of these resources serves a different use case:\n\n* `gcp.endpoints.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.endpoints.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.endpoints.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.endpoints.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.endpoints.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.endpoints.ServiceIamBinding` and `gcp.endpoints.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.endpoints.ServiceIamBinding` resources **can be** used in conjunction with `gcp.endpoints.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.endpoints.ServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.endpoints.ServiceIamPolicy(\"policy\", {\n serviceName: endpointsService.serviceName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.endpoints.ServiceIamPolicy(\"policy\",\n service_name=endpoints_service[\"serviceName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Endpoints.ServiceIamPolicy(\"policy\", new()\n {\n ServiceName = endpointsService.ServiceName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = endpoints.NewServiceIamPolicy(ctx, \"policy\", \u0026endpoints.ServiceIamPolicyArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicy;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .serviceName(endpointsService.serviceName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:endpoints:ServiceIamPolicy\n properties:\n serviceName: ${endpointsService.serviceName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.endpoints.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.endpoints.ServiceIamBinding(\"binding\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.endpoints.ServiceIamBinding(\"binding\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Endpoints.ServiceIamBinding(\"binding\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamBinding(ctx, \"binding\", \u0026endpoints.ServiceIamBindingArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamBinding;\nimport com.pulumi.gcp.endpoints.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:endpoints:ServiceIamBinding\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.endpoints.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.endpoints.ServiceIamMember(\"member\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.endpoints.ServiceIamMember(\"member\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Endpoints.ServiceIamMember(\"member\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamMember(ctx, \"member\", \u0026endpoints.ServiceIamMemberArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamMember;\nimport com.pulumi.gcp.endpoints.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:endpoints:ServiceIamMember\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* services/{{service_name}}\n\n* {{service_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Endpoints service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamBinding:ServiceIamBinding editor \"services/{{service_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamBinding:ServiceIamBinding editor \"services/{{service_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamBinding:ServiceIamBinding editor services/{{service_name}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:endpoints/ServiceIamBindingCondition:ServiceIamBindingCondition" @@ -210538,7 +210538,7 @@ } }, "gcp:endpoints/serviceIamMember:ServiceIamMember": { - "description": "Three different resources help you manage your IAM policy for Cloud Endpoints Service. Each of these resources serves a different use case:\n\n* `gcp.endpoints.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.endpoints.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.endpoints.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.endpoints.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.endpoints.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.endpoints.ServiceIamBinding` and `gcp.endpoints.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.endpoints.ServiceIamBinding` resources **can be** used in conjunction with `gcp.endpoints.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.endpoints.ServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.endpoints.ServiceIamPolicy(\"policy\", {\n serviceName: endpointsService.serviceName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.endpoints.ServiceIamPolicy(\"policy\",\n service_name=endpoints_service[\"serviceName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Endpoints.ServiceIamPolicy(\"policy\", new()\n {\n ServiceName = endpointsService.ServiceName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = endpoints.NewServiceIamPolicy(ctx, \"policy\", \u0026endpoints.ServiceIamPolicyArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicy;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .serviceName(endpointsService.serviceName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:endpoints:ServiceIamPolicy\n properties:\n serviceName: ${endpointsService.serviceName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.endpoints.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.endpoints.ServiceIamBinding(\"binding\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.endpoints.ServiceIamBinding(\"binding\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Endpoints.ServiceIamBinding(\"binding\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamBinding(ctx, \"binding\", \u0026endpoints.ServiceIamBindingArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamBinding;\nimport com.pulumi.gcp.endpoints.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:endpoints:ServiceIamBinding\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.endpoints.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.endpoints.ServiceIamMember(\"member\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.endpoints.ServiceIamMember(\"member\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Endpoints.ServiceIamMember(\"member\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamMember(ctx, \"member\", \u0026endpoints.ServiceIamMemberArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamMember;\nimport com.pulumi.gcp.endpoints.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:endpoints:ServiceIamMember\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Cloud Endpoints Service\nThree different resources help you manage your IAM policy for Cloud Endpoints Service. Each of these resources serves a different use case:\n\n* `gcp.endpoints.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.endpoints.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.endpoints.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.endpoints.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.endpoints.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.endpoints.ServiceIamBinding` and `gcp.endpoints.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.endpoints.ServiceIamBinding` resources **can be** used in conjunction with `gcp.endpoints.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.endpoints.ServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.endpoints.ServiceIamPolicy(\"policy\", {\n serviceName: endpointsService.serviceName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.endpoints.ServiceIamPolicy(\"policy\",\n service_name=endpoints_service[\"serviceName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Endpoints.ServiceIamPolicy(\"policy\", new()\n {\n ServiceName = endpointsService.ServiceName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = endpoints.NewServiceIamPolicy(ctx, \"policy\", \u0026endpoints.ServiceIamPolicyArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicy;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .serviceName(endpointsService.serviceName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:endpoints:ServiceIamPolicy\n properties:\n serviceName: ${endpointsService.serviceName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.endpoints.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.endpoints.ServiceIamBinding(\"binding\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.endpoints.ServiceIamBinding(\"binding\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Endpoints.ServiceIamBinding(\"binding\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamBinding(ctx, \"binding\", \u0026endpoints.ServiceIamBindingArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamBinding;\nimport com.pulumi.gcp.endpoints.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:endpoints:ServiceIamBinding\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.endpoints.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.endpoints.ServiceIamMember(\"member\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.endpoints.ServiceIamMember(\"member\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Endpoints.ServiceIamMember(\"member\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamMember(ctx, \"member\", \u0026endpoints.ServiceIamMemberArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamMember;\nimport com.pulumi.gcp.endpoints.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:endpoints:ServiceIamMember\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* services/{{service_name}}\n\n* {{service_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Endpoints service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamMember:ServiceIamMember editor \"services/{{service_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamMember:ServiceIamMember editor \"services/{{service_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamMember:ServiceIamMember editor services/{{service_name}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Endpoints Service. Each of these resources serves a different use case:\n\n* `gcp.endpoints.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.endpoints.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.endpoints.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.endpoints.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.endpoints.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.endpoints.ServiceIamBinding` and `gcp.endpoints.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.endpoints.ServiceIamBinding` resources **can be** used in conjunction with `gcp.endpoints.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.endpoints.ServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.endpoints.ServiceIamPolicy(\"policy\", {\n serviceName: endpointsService.serviceName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.endpoints.ServiceIamPolicy(\"policy\",\n service_name=endpoints_service[\"serviceName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Endpoints.ServiceIamPolicy(\"policy\", new()\n {\n ServiceName = endpointsService.ServiceName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = endpoints.NewServiceIamPolicy(ctx, \"policy\", \u0026endpoints.ServiceIamPolicyArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicy;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .serviceName(endpointsService.serviceName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:endpoints:ServiceIamPolicy\n properties:\n serviceName: ${endpointsService.serviceName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.endpoints.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.endpoints.ServiceIamBinding(\"binding\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.endpoints.ServiceIamBinding(\"binding\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Endpoints.ServiceIamBinding(\"binding\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamBinding(ctx, \"binding\", \u0026endpoints.ServiceIamBindingArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamBinding;\nimport com.pulumi.gcp.endpoints.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:endpoints:ServiceIamBinding\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.endpoints.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.endpoints.ServiceIamMember(\"member\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.endpoints.ServiceIamMember(\"member\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Endpoints.ServiceIamMember(\"member\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamMember(ctx, \"member\", \u0026endpoints.ServiceIamMemberArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamMember;\nimport com.pulumi.gcp.endpoints.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:endpoints:ServiceIamMember\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Cloud Endpoints Service\nThree different resources help you manage your IAM policy for Cloud Endpoints Service. Each of these resources serves a different use case:\n\n* `gcp.endpoints.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.endpoints.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.endpoints.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.endpoints.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.endpoints.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.endpoints.ServiceIamBinding` and `gcp.endpoints.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.endpoints.ServiceIamBinding` resources **can be** used in conjunction with `gcp.endpoints.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.endpoints.ServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.endpoints.ServiceIamPolicy(\"policy\", {\n serviceName: endpointsService.serviceName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.endpoints.ServiceIamPolicy(\"policy\",\n service_name=endpoints_service[\"serviceName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Endpoints.ServiceIamPolicy(\"policy\", new()\n {\n ServiceName = endpointsService.ServiceName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = endpoints.NewServiceIamPolicy(ctx, \"policy\", \u0026endpoints.ServiceIamPolicyArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicy;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .serviceName(endpointsService.serviceName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:endpoints:ServiceIamPolicy\n properties:\n serviceName: ${endpointsService.serviceName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.endpoints.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.endpoints.ServiceIamBinding(\"binding\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.endpoints.ServiceIamBinding(\"binding\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Endpoints.ServiceIamBinding(\"binding\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamBinding(ctx, \"binding\", \u0026endpoints.ServiceIamBindingArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamBinding;\nimport com.pulumi.gcp.endpoints.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:endpoints:ServiceIamBinding\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.endpoints.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.endpoints.ServiceIamMember(\"member\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.endpoints.ServiceIamMember(\"member\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Endpoints.ServiceIamMember(\"member\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamMember(ctx, \"member\", \u0026endpoints.ServiceIamMemberArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamMember;\nimport com.pulumi.gcp.endpoints.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:endpoints:ServiceIamMember\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* services/{{service_name}}\n\n* {{service_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Endpoints service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamMember:ServiceIamMember editor \"services/{{service_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamMember:ServiceIamMember editor \"services/{{service_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamMember:ServiceIamMember editor services/{{service_name}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:endpoints/ServiceIamMemberCondition:ServiceIamMemberCondition" @@ -210620,7 +210620,7 @@ } }, "gcp:endpoints/serviceIamPolicy:ServiceIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud Endpoints Service. Each of these resources serves a different use case:\n\n* `gcp.endpoints.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.endpoints.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.endpoints.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.endpoints.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.endpoints.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.endpoints.ServiceIamBinding` and `gcp.endpoints.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.endpoints.ServiceIamBinding` resources **can be** used in conjunction with `gcp.endpoints.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.endpoints.ServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.endpoints.ServiceIamPolicy(\"policy\", {\n serviceName: endpointsService.serviceName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.endpoints.ServiceIamPolicy(\"policy\",\n service_name=endpoints_service[\"serviceName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Endpoints.ServiceIamPolicy(\"policy\", new()\n {\n ServiceName = endpointsService.ServiceName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = endpoints.NewServiceIamPolicy(ctx, \"policy\", \u0026endpoints.ServiceIamPolicyArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicy;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .serviceName(endpointsService.serviceName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:endpoints:ServiceIamPolicy\n properties:\n serviceName: ${endpointsService.serviceName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.endpoints.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.endpoints.ServiceIamBinding(\"binding\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.endpoints.ServiceIamBinding(\"binding\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Endpoints.ServiceIamBinding(\"binding\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamBinding(ctx, \"binding\", \u0026endpoints.ServiceIamBindingArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamBinding;\nimport com.pulumi.gcp.endpoints.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:endpoints:ServiceIamBinding\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.endpoints.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.endpoints.ServiceIamMember(\"member\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.endpoints.ServiceIamMember(\"member\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Endpoints.ServiceIamMember(\"member\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamMember(ctx, \"member\", \u0026endpoints.ServiceIamMemberArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamMember;\nimport com.pulumi.gcp.endpoints.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:endpoints:ServiceIamMember\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Cloud Endpoints Service\nThree different resources help you manage your IAM policy for Cloud Endpoints Service. Each of these resources serves a different use case:\n\n* `gcp.endpoints.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.endpoints.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.endpoints.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.endpoints.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.endpoints.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.endpoints.ServiceIamBinding` and `gcp.endpoints.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.endpoints.ServiceIamBinding` resources **can be** used in conjunction with `gcp.endpoints.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.endpoints.ServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.endpoints.ServiceIamPolicy(\"policy\", {\n serviceName: endpointsService.serviceName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.endpoints.ServiceIamPolicy(\"policy\",\n service_name=endpoints_service[\"serviceName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Endpoints.ServiceIamPolicy(\"policy\", new()\n {\n ServiceName = endpointsService.ServiceName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = endpoints.NewServiceIamPolicy(ctx, \"policy\", \u0026endpoints.ServiceIamPolicyArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicy;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .serviceName(endpointsService.serviceName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:endpoints:ServiceIamPolicy\n properties:\n serviceName: ${endpointsService.serviceName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.endpoints.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.endpoints.ServiceIamBinding(\"binding\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.endpoints.ServiceIamBinding(\"binding\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Endpoints.ServiceIamBinding(\"binding\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamBinding(ctx, \"binding\", \u0026endpoints.ServiceIamBindingArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamBinding;\nimport com.pulumi.gcp.endpoints.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:endpoints:ServiceIamBinding\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.endpoints.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.endpoints.ServiceIamMember(\"member\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.endpoints.ServiceIamMember(\"member\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Endpoints.ServiceIamMember(\"member\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamMember(ctx, \"member\", \u0026endpoints.ServiceIamMemberArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamMember;\nimport com.pulumi.gcp.endpoints.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:endpoints:ServiceIamMember\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* services/{{service_name}}\n\n* {{service_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Endpoints service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamPolicy:ServiceIamPolicy editor \"services/{{service_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamPolicy:ServiceIamPolicy editor \"services/{{service_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamPolicy:ServiceIamPolicy editor services/{{service_name}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Endpoints Service. Each of these resources serves a different use case:\n\n* `gcp.endpoints.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.endpoints.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.endpoints.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.endpoints.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.endpoints.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.endpoints.ServiceIamBinding` and `gcp.endpoints.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.endpoints.ServiceIamBinding` resources **can be** used in conjunction with `gcp.endpoints.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.endpoints.ServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.endpoints.ServiceIamPolicy(\"policy\", {\n serviceName: endpointsService.serviceName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.endpoints.ServiceIamPolicy(\"policy\",\n service_name=endpoints_service[\"serviceName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Endpoints.ServiceIamPolicy(\"policy\", new()\n {\n ServiceName = endpointsService.ServiceName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = endpoints.NewServiceIamPolicy(ctx, \"policy\", \u0026endpoints.ServiceIamPolicyArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicy;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .serviceName(endpointsService.serviceName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:endpoints:ServiceIamPolicy\n properties:\n serviceName: ${endpointsService.serviceName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.endpoints.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.endpoints.ServiceIamBinding(\"binding\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.endpoints.ServiceIamBinding(\"binding\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Endpoints.ServiceIamBinding(\"binding\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamBinding(ctx, \"binding\", \u0026endpoints.ServiceIamBindingArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamBinding;\nimport com.pulumi.gcp.endpoints.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:endpoints:ServiceIamBinding\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.endpoints.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.endpoints.ServiceIamMember(\"member\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.endpoints.ServiceIamMember(\"member\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Endpoints.ServiceIamMember(\"member\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamMember(ctx, \"member\", \u0026endpoints.ServiceIamMemberArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamMember;\nimport com.pulumi.gcp.endpoints.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:endpoints:ServiceIamMember\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Cloud Endpoints Service\nThree different resources help you manage your IAM policy for Cloud Endpoints Service. Each of these resources serves a different use case:\n\n* `gcp.endpoints.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.endpoints.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.endpoints.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.endpoints.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.endpoints.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.endpoints.ServiceIamBinding` and `gcp.endpoints.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.endpoints.ServiceIamBinding` resources **can be** used in conjunction with `gcp.endpoints.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.endpoints.ServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.endpoints.ServiceIamPolicy(\"policy\", {\n serviceName: endpointsService.serviceName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.endpoints.ServiceIamPolicy(\"policy\",\n service_name=endpoints_service[\"serviceName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Endpoints.ServiceIamPolicy(\"policy\", new()\n {\n ServiceName = endpointsService.ServiceName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = endpoints.NewServiceIamPolicy(ctx, \"policy\", \u0026endpoints.ServiceIamPolicyArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicy;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .serviceName(endpointsService.serviceName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:endpoints:ServiceIamPolicy\n properties:\n serviceName: ${endpointsService.serviceName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.endpoints.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.endpoints.ServiceIamBinding(\"binding\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.endpoints.ServiceIamBinding(\"binding\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Endpoints.ServiceIamBinding(\"binding\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamBinding(ctx, \"binding\", \u0026endpoints.ServiceIamBindingArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamBinding;\nimport com.pulumi.gcp.endpoints.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:endpoints:ServiceIamBinding\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.endpoints.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.endpoints.ServiceIamMember(\"member\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.endpoints.ServiceIamMember(\"member\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Endpoints.ServiceIamMember(\"member\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamMember(ctx, \"member\", \u0026endpoints.ServiceIamMemberArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamMember;\nimport com.pulumi.gcp.endpoints.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:endpoints:ServiceIamMember\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* services/{{service_name}}\n\n* {{service_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Endpoints service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamPolicy:ServiceIamPolicy editor \"services/{{service_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamPolicy:ServiceIamPolicy editor \"services/{{service_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamPolicy:ServiceIamPolicy editor services/{{service_name}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -210673,7 +210673,7 @@ } }, "gcp:essentialcontacts/contact:Contact": { - "description": "A contact that will receive notifications from Google Cloud.\n\n\nTo get more information about Contact, see:\n\n* [API documentation](https://cloud.google.com/resource-manager/docs/reference/essentialcontacts/rest/v1/projects.contacts)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/resource-manager/docs/managing-notification-contacts)\n\n\u003e **Warning:** If you are using User ADCs (Application Default Credentials) with this resource,\nyou must specify a `billing_project` and set `user_project_override` to true\nin the provider configuration. Otherwise the Essential Contacts API will return a 403 error.\nYour account must have the `serviceusage.services.use` permission on the\n`billing_project` you defined.\n\n## Example Usage\n\n### Essential Contact\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst contact = new gcp.essentialcontacts.Contact(\"contact\", {\n parent: project.then(project =\u003e project.id),\n email: \"foo@bar.com\",\n languageTag: \"en-GB\",\n notificationCategorySubscriptions: [\"ALL\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ncontact = gcp.essentialcontacts.Contact(\"contact\",\n parent=project.id,\n email=\"foo@bar.com\",\n language_tag=\"en-GB\",\n notification_category_subscriptions=[\"ALL\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var contact = new Gcp.EssentialContacts.Contact(\"contact\", new()\n {\n Parent = project.Apply(getProjectResult =\u003e getProjectResult.Id),\n Email = \"foo@bar.com\",\n LanguageTag = \"en-GB\",\n NotificationCategorySubscriptions = new[]\n {\n \"ALL\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/essentialcontacts\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = essentialcontacts.NewContact(ctx, \"contact\", \u0026essentialcontacts.ContactArgs{\n\t\t\tParent: pulumi.String(project.Id),\n\t\t\tEmail: pulumi.String(\"foo@bar.com\"),\n\t\t\tLanguageTag: pulumi.String(\"en-GB\"),\n\t\t\tNotificationCategorySubscriptions: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"ALL\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.essentialcontacts.Contact;\nimport com.pulumi.gcp.essentialcontacts.ContactArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var contact = new Contact(\"contact\", ContactArgs.builder()\n .parent(project.applyValue(getProjectResult -\u003e getProjectResult.id()))\n .email(\"foo@bar.com\")\n .languageTag(\"en-GB\")\n .notificationCategorySubscriptions(\"ALL\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n contact:\n type: gcp:essentialcontacts:Contact\n properties:\n parent: ${project.id}\n email: foo@bar.com\n languageTag: en-GB\n notificationCategorySubscriptions:\n - ALL\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nContact can be imported using any of these accepted formats:\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Contact can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:essentialcontacts/contact:Contact default {{name}}\n```\n\n", + "description": "A contact that will receive notifications from Google Cloud.\n\n\nTo get more information about Contact, see:\n\n* [API documentation](https://cloud.google.com/resource-manager/docs/reference/essentialcontacts/rest/v1/projects.contacts)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/resource-manager/docs/managing-notification-contacts)\n\n\u003e **Warning:** If you are using User ADCs (Application Default Credentials) with this resource,\nyou must specify a `billing_project` and set `user_project_override` to true\nin the provider configuration. Otherwise the Essential Contacts API will return a 403 error.\nYour account must have the `serviceusage.services.use` permission on the\n`billing_project` you defined.\n\n## Example Usage\n\n### Essential Contact\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst contact = new gcp.essentialcontacts.Contact(\"contact\", {\n parent: project.then(project =\u003e project.id),\n email: \"foo@bar.com\",\n languageTag: \"en-GB\",\n notificationCategorySubscriptions: [\"ALL\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ncontact = gcp.essentialcontacts.Contact(\"contact\",\n parent=project.id,\n email=\"foo@bar.com\",\n language_tag=\"en-GB\",\n notification_category_subscriptions=[\"ALL\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var contact = new Gcp.EssentialContacts.Contact(\"contact\", new()\n {\n Parent = project.Apply(getProjectResult =\u003e getProjectResult.Id),\n Email = \"foo@bar.com\",\n LanguageTag = \"en-GB\",\n NotificationCategorySubscriptions = new[]\n {\n \"ALL\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/essentialcontacts\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = essentialcontacts.NewContact(ctx, \"contact\", \u0026essentialcontacts.ContactArgs{\n\t\t\tParent: pulumi.String(project.Id),\n\t\t\tEmail: pulumi.String(\"foo@bar.com\"),\n\t\t\tLanguageTag: pulumi.String(\"en-GB\"),\n\t\t\tNotificationCategorySubscriptions: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"ALL\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.essentialcontacts.Contact;\nimport com.pulumi.gcp.essentialcontacts.ContactArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var contact = new Contact(\"contact\", ContactArgs.builder()\n .parent(project.applyValue(getProjectResult -\u003e getProjectResult.id()))\n .email(\"foo@bar.com\")\n .languageTag(\"en-GB\")\n .notificationCategorySubscriptions(\"ALL\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n contact:\n type: gcp:essentialcontacts:Contact\n properties:\n parent: ${project.id}\n email: foo@bar.com\n languageTag: en-GB\n notificationCategorySubscriptions:\n - ALL\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nContact can be imported using any of these accepted formats:\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Contact can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:essentialcontacts/contact:Contact default {{name}}\n```\n\n", "properties": { "email": { "type": "string", @@ -210920,7 +210920,7 @@ } }, "gcp:essentialcontacts/documentAiWarehouseDocumentSchema:DocumentAiWarehouseDocumentSchema": { - "description": "A document schema is used to define document structure.\n\n\nTo get more information about DocumentSchema, see:\n\n* [API documentation](https://cloud.google.com/document-warehouse/docs/reference/rest/v1/projects.locations.documentSchemas)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/document-warehouse/docs/manage-document-schemas)\n\n## Example Usage\n\n### Document Ai Warehouse Document Schema Text\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst exampleText = new gcp.essentialcontacts.DocumentAiWarehouseDocumentSchema(\"example_text\", {\n projectNumber: project.then(project =\u003e project.number),\n displayName: \"test-property-text\",\n location: \"us\",\n documentIsFolder: false,\n propertyDefinitions: [{\n name: \"prop3\",\n displayName: \"propdisp3\",\n isRepeatable: false,\n isFilterable: true,\n isSearchable: true,\n isMetadata: false,\n isRequired: false,\n retrievalImportance: \"HIGHEST\",\n schemaSources: [{\n name: \"dummy_source\",\n processorType: \"dummy_processor\",\n }],\n textTypeOptions: {},\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample_text = gcp.essentialcontacts.DocumentAiWarehouseDocumentSchema(\"example_text\",\n project_number=project.number,\n display_name=\"test-property-text\",\n location=\"us\",\n document_is_folder=False,\n property_definitions=[{\n \"name\": \"prop3\",\n \"display_name\": \"propdisp3\",\n \"is_repeatable\": False,\n \"is_filterable\": True,\n \"is_searchable\": True,\n \"is_metadata\": False,\n \"is_required\": False,\n \"retrieval_importance\": \"HIGHEST\",\n \"schema_sources\": [{\n \"name\": \"dummy_source\",\n \"processor_type\": \"dummy_processor\",\n }],\n \"text_type_options\": {},\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var exampleText = new Gcp.EssentialContacts.DocumentAiWarehouseDocumentSchema(\"example_text\", new()\n {\n ProjectNumber = project.Apply(getProjectResult =\u003e getProjectResult.Number),\n DisplayName = \"test-property-text\",\n Location = \"us\",\n DocumentIsFolder = false,\n PropertyDefinitions = new[]\n {\n new Gcp.EssentialContacts.Inputs.DocumentAiWarehouseDocumentSchemaPropertyDefinitionArgs\n {\n Name = \"prop3\",\n DisplayName = \"propdisp3\",\n IsRepeatable = false,\n IsFilterable = true,\n IsSearchable = true,\n IsMetadata = false,\n IsRequired = false,\n RetrievalImportance = \"HIGHEST\",\n SchemaSources = new[]\n {\n new Gcp.EssentialContacts.Inputs.DocumentAiWarehouseDocumentSchemaPropertyDefinitionSchemaSourceArgs\n {\n Name = \"dummy_source\",\n ProcessorType = \"dummy_processor\",\n },\n },\n TextTypeOptions = null,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/essentialcontacts\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = essentialcontacts.NewDocumentAiWarehouseDocumentSchema(ctx, \"example_text\", \u0026essentialcontacts.DocumentAiWarehouseDocumentSchemaArgs{\n\t\t\tProjectNumber: pulumi.String(project.Number),\n\t\t\tDisplayName: pulumi.String(\"test-property-text\"),\n\t\t\tLocation: pulumi.String(\"us\"),\n\t\t\tDocumentIsFolder: pulumi.Bool(false),\n\t\t\tPropertyDefinitions: essentialcontacts.DocumentAiWarehouseDocumentSchemaPropertyDefinitionArray{\n\t\t\t\t\u0026essentialcontacts.DocumentAiWarehouseDocumentSchemaPropertyDefinitionArgs{\n\t\t\t\t\tName: pulumi.String(\"prop3\"),\n\t\t\t\t\tDisplayName: pulumi.String(\"propdisp3\"),\n\t\t\t\t\tIsRepeatable: pulumi.Bool(false),\n\t\t\t\t\tIsFilterable: pulumi.Bool(true),\n\t\t\t\t\tIsSearchable: pulumi.Bool(true),\n\t\t\t\t\tIsMetadata: pulumi.Bool(false),\n\t\t\t\t\tIsRequired: pulumi.Bool(false),\n\t\t\t\t\tRetrievalImportance: pulumi.String(\"HIGHEST\"),\n\t\t\t\t\tSchemaSources: essentialcontacts.DocumentAiWarehouseDocumentSchemaPropertyDefinitionSchemaSourceArray{\n\t\t\t\t\t\t\u0026essentialcontacts.DocumentAiWarehouseDocumentSchemaPropertyDefinitionSchemaSourceArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"dummy_source\"),\n\t\t\t\t\t\t\tProcessorType: pulumi.String(\"dummy_processor\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tTextTypeOptions: \u0026essentialcontacts.DocumentAiWarehouseDocumentSchemaPropertyDefinitionTextTypeOptionsArgs{},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.essentialcontacts.DocumentAiWarehouseDocumentSchema;\nimport com.pulumi.gcp.essentialcontacts.DocumentAiWarehouseDocumentSchemaArgs;\nimport com.pulumi.gcp.essentialcontacts.inputs.DocumentAiWarehouseDocumentSchemaPropertyDefinitionArgs;\nimport com.pulumi.gcp.essentialcontacts.inputs.DocumentAiWarehouseDocumentSchemaPropertyDefinitionTextTypeOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var exampleText = new DocumentAiWarehouseDocumentSchema(\"exampleText\", DocumentAiWarehouseDocumentSchemaArgs.builder()\n .projectNumber(project.applyValue(getProjectResult -\u003e getProjectResult.number()))\n .displayName(\"test-property-text\")\n .location(\"us\")\n .documentIsFolder(false)\n .propertyDefinitions(DocumentAiWarehouseDocumentSchemaPropertyDefinitionArgs.builder()\n .name(\"prop3\")\n .displayName(\"propdisp3\")\n .isRepeatable(false)\n .isFilterable(true)\n .isSearchable(true)\n .isMetadata(false)\n .isRequired(false)\n .retrievalImportance(\"HIGHEST\")\n .schemaSources(DocumentAiWarehouseDocumentSchemaPropertyDefinitionSchemaSourceArgs.builder()\n .name(\"dummy_source\")\n .processorType(\"dummy_processor\")\n .build())\n .textTypeOptions()\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleText:\n type: gcp:essentialcontacts:DocumentAiWarehouseDocumentSchema\n name: example_text\n properties:\n projectNumber: ${project.number}\n displayName: test-property-text\n location: us\n documentIsFolder: false\n propertyDefinitions:\n - name: prop3\n displayName: propdisp3\n isRepeatable: false\n isFilterable: true\n isSearchable: true\n isMetadata: false\n isRequired: false\n retrievalImportance: HIGHEST\n schemaSources:\n - name: dummy_source\n processorType: dummy_processor\n textTypeOptions: {}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nDocumentSchema can be imported using any of these accepted formats:\n\n* `projects/{{project_number}}/locations/{{location}}/documentSchemas/{{name}}`\n\n* `{{project_number}}/{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, DocumentSchema can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:essentialcontacts/documentAiWarehouseDocumentSchema:DocumentAiWarehouseDocumentSchema default projects/{{project_number}}/locations/{{location}}/documentSchemas/{{name}}\n```\n\n```sh\n$ pulumi import gcp:essentialcontacts/documentAiWarehouseDocumentSchema:DocumentAiWarehouseDocumentSchema default {{project_number}}/{{location}}/{{name}}\n```\n\n", + "description": "A document schema is used to define document structure.\n\n\nTo get more information about DocumentSchema, see:\n\n* [API documentation](https://cloud.google.com/document-warehouse/docs/reference/rest/v1/projects.locations.documentSchemas)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/document-warehouse/docs/manage-document-schemas)\n\n## Example Usage\n\n### Document Ai Warehouse Document Schema Text\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst exampleText = new gcp.essentialcontacts.DocumentAiWarehouseDocumentSchema(\"example_text\", {\n projectNumber: project.then(project =\u003e project.number),\n displayName: \"test-property-text\",\n location: \"us\",\n documentIsFolder: false,\n propertyDefinitions: [{\n name: \"prop3\",\n displayName: \"propdisp3\",\n isRepeatable: false,\n isFilterable: true,\n isSearchable: true,\n isMetadata: false,\n isRequired: false,\n retrievalImportance: \"HIGHEST\",\n schemaSources: [{\n name: \"dummy_source\",\n processorType: \"dummy_processor\",\n }],\n textTypeOptions: {},\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample_text = gcp.essentialcontacts.DocumentAiWarehouseDocumentSchema(\"example_text\",\n project_number=project.number,\n display_name=\"test-property-text\",\n location=\"us\",\n document_is_folder=False,\n property_definitions=[{\n \"name\": \"prop3\",\n \"display_name\": \"propdisp3\",\n \"is_repeatable\": False,\n \"is_filterable\": True,\n \"is_searchable\": True,\n \"is_metadata\": False,\n \"is_required\": False,\n \"retrieval_importance\": \"HIGHEST\",\n \"schema_sources\": [{\n \"name\": \"dummy_source\",\n \"processor_type\": \"dummy_processor\",\n }],\n \"text_type_options\": {},\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var exampleText = new Gcp.EssentialContacts.DocumentAiWarehouseDocumentSchema(\"example_text\", new()\n {\n ProjectNumber = project.Apply(getProjectResult =\u003e getProjectResult.Number),\n DisplayName = \"test-property-text\",\n Location = \"us\",\n DocumentIsFolder = false,\n PropertyDefinitions = new[]\n {\n new Gcp.EssentialContacts.Inputs.DocumentAiWarehouseDocumentSchemaPropertyDefinitionArgs\n {\n Name = \"prop3\",\n DisplayName = \"propdisp3\",\n IsRepeatable = false,\n IsFilterable = true,\n IsSearchable = true,\n IsMetadata = false,\n IsRequired = false,\n RetrievalImportance = \"HIGHEST\",\n SchemaSources = new[]\n {\n new Gcp.EssentialContacts.Inputs.DocumentAiWarehouseDocumentSchemaPropertyDefinitionSchemaSourceArgs\n {\n Name = \"dummy_source\",\n ProcessorType = \"dummy_processor\",\n },\n },\n TextTypeOptions = null,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/essentialcontacts\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = essentialcontacts.NewDocumentAiWarehouseDocumentSchema(ctx, \"example_text\", \u0026essentialcontacts.DocumentAiWarehouseDocumentSchemaArgs{\n\t\t\tProjectNumber: pulumi.String(project.Number),\n\t\t\tDisplayName: pulumi.String(\"test-property-text\"),\n\t\t\tLocation: pulumi.String(\"us\"),\n\t\t\tDocumentIsFolder: pulumi.Bool(false),\n\t\t\tPropertyDefinitions: essentialcontacts.DocumentAiWarehouseDocumentSchemaPropertyDefinitionArray{\n\t\t\t\t\u0026essentialcontacts.DocumentAiWarehouseDocumentSchemaPropertyDefinitionArgs{\n\t\t\t\t\tName: pulumi.String(\"prop3\"),\n\t\t\t\t\tDisplayName: pulumi.String(\"propdisp3\"),\n\t\t\t\t\tIsRepeatable: pulumi.Bool(false),\n\t\t\t\t\tIsFilterable: pulumi.Bool(true),\n\t\t\t\t\tIsSearchable: pulumi.Bool(true),\n\t\t\t\t\tIsMetadata: pulumi.Bool(false),\n\t\t\t\t\tIsRequired: pulumi.Bool(false),\n\t\t\t\t\tRetrievalImportance: pulumi.String(\"HIGHEST\"),\n\t\t\t\t\tSchemaSources: essentialcontacts.DocumentAiWarehouseDocumentSchemaPropertyDefinitionSchemaSourceArray{\n\t\t\t\t\t\t\u0026essentialcontacts.DocumentAiWarehouseDocumentSchemaPropertyDefinitionSchemaSourceArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"dummy_source\"),\n\t\t\t\t\t\t\tProcessorType: pulumi.String(\"dummy_processor\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tTextTypeOptions: \u0026essentialcontacts.DocumentAiWarehouseDocumentSchemaPropertyDefinitionTextTypeOptionsArgs{},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.essentialcontacts.DocumentAiWarehouseDocumentSchema;\nimport com.pulumi.gcp.essentialcontacts.DocumentAiWarehouseDocumentSchemaArgs;\nimport com.pulumi.gcp.essentialcontacts.inputs.DocumentAiWarehouseDocumentSchemaPropertyDefinitionArgs;\nimport com.pulumi.gcp.essentialcontacts.inputs.DocumentAiWarehouseDocumentSchemaPropertyDefinitionTextTypeOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var exampleText = new DocumentAiWarehouseDocumentSchema(\"exampleText\", DocumentAiWarehouseDocumentSchemaArgs.builder()\n .projectNumber(project.applyValue(getProjectResult -\u003e getProjectResult.number()))\n .displayName(\"test-property-text\")\n .location(\"us\")\n .documentIsFolder(false)\n .propertyDefinitions(DocumentAiWarehouseDocumentSchemaPropertyDefinitionArgs.builder()\n .name(\"prop3\")\n .displayName(\"propdisp3\")\n .isRepeatable(false)\n .isFilterable(true)\n .isSearchable(true)\n .isMetadata(false)\n .isRequired(false)\n .retrievalImportance(\"HIGHEST\")\n .schemaSources(DocumentAiWarehouseDocumentSchemaPropertyDefinitionSchemaSourceArgs.builder()\n .name(\"dummy_source\")\n .processorType(\"dummy_processor\")\n .build())\n .textTypeOptions()\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleText:\n type: gcp:essentialcontacts:DocumentAiWarehouseDocumentSchema\n name: example_text\n properties:\n projectNumber: ${project.number}\n displayName: test-property-text\n location: us\n documentIsFolder: false\n propertyDefinitions:\n - name: prop3\n displayName: propdisp3\n isRepeatable: false\n isFilterable: true\n isSearchable: true\n isMetadata: false\n isRequired: false\n retrievalImportance: HIGHEST\n schemaSources:\n - name: dummy_source\n processorType: dummy_processor\n textTypeOptions: {}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nDocumentSchema can be imported using any of these accepted formats:\n\n* `projects/{{project_number}}/locations/{{location}}/documentSchemas/{{name}}`\n\n* `{{project_number}}/{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, DocumentSchema can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:essentialcontacts/documentAiWarehouseDocumentSchema:DocumentAiWarehouseDocumentSchema default projects/{{project_number}}/locations/{{location}}/documentSchemas/{{name}}\n```\n\n```sh\n$ pulumi import gcp:essentialcontacts/documentAiWarehouseDocumentSchema:DocumentAiWarehouseDocumentSchema default {{project_number}}/{{location}}/{{name}}\n```\n\n", "properties": { "displayName": { "type": "string", @@ -211033,7 +211033,7 @@ } }, "gcp:essentialcontacts/documentAiWarehouseLocation:DocumentAiWarehouseLocation": { - "description": "A location is used to initialize a project.\n\n\nTo get more information about Location, see:\n\n* [API documentation](https://cloud.google.com/document-warehouse/docs/reference/rest/v1/projects.locations)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/document-warehouse/docs/overview)\n\n## Example Usage\n\n### Document Ai Warehouse Location\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example = new gcp.essentialcontacts.DocumentAiWarehouseLocation(\"example\", {\n location: \"us\",\n projectNumber: project.then(project =\u003e project.number),\n accessControlMode: \"ACL_MODE_DOCUMENT_LEVEL_ACCESS_CONTROL_GCI\",\n databaseType: \"DB_INFRA_SPANNER\",\n kmsKey: \"dummy_key\",\n documentCreatorDefaultRole: \"DOCUMENT_ADMIN\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample = gcp.essentialcontacts.DocumentAiWarehouseLocation(\"example\",\n location=\"us\",\n project_number=project.number,\n access_control_mode=\"ACL_MODE_DOCUMENT_LEVEL_ACCESS_CONTROL_GCI\",\n database_type=\"DB_INFRA_SPANNER\",\n kms_key=\"dummy_key\",\n document_creator_default_role=\"DOCUMENT_ADMIN\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example = new Gcp.EssentialContacts.DocumentAiWarehouseLocation(\"example\", new()\n {\n Location = \"us\",\n ProjectNumber = project.Apply(getProjectResult =\u003e getProjectResult.Number),\n AccessControlMode = \"ACL_MODE_DOCUMENT_LEVEL_ACCESS_CONTROL_GCI\",\n DatabaseType = \"DB_INFRA_SPANNER\",\n KmsKey = \"dummy_key\",\n DocumentCreatorDefaultRole = \"DOCUMENT_ADMIN\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/essentialcontacts\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = essentialcontacts.NewDocumentAiWarehouseLocation(ctx, \"example\", \u0026essentialcontacts.DocumentAiWarehouseLocationArgs{\n\t\t\tLocation: pulumi.String(\"us\"),\n\t\t\tProjectNumber: pulumi.String(project.Number),\n\t\t\tAccessControlMode: pulumi.String(\"ACL_MODE_DOCUMENT_LEVEL_ACCESS_CONTROL_GCI\"),\n\t\t\tDatabaseType: pulumi.String(\"DB_INFRA_SPANNER\"),\n\t\t\tKmsKey: pulumi.String(\"dummy_key\"),\n\t\t\tDocumentCreatorDefaultRole: pulumi.String(\"DOCUMENT_ADMIN\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.essentialcontacts.DocumentAiWarehouseLocation;\nimport com.pulumi.gcp.essentialcontacts.DocumentAiWarehouseLocationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example = new DocumentAiWarehouseLocation(\"example\", DocumentAiWarehouseLocationArgs.builder()\n .location(\"us\")\n .projectNumber(project.applyValue(getProjectResult -\u003e getProjectResult.number()))\n .accessControlMode(\"ACL_MODE_DOCUMENT_LEVEL_ACCESS_CONTROL_GCI\")\n .databaseType(\"DB_INFRA_SPANNER\")\n .kmsKey(\"dummy_key\")\n .documentCreatorDefaultRole(\"DOCUMENT_ADMIN\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:essentialcontacts:DocumentAiWarehouseLocation\n properties:\n location: us\n projectNumber: ${project.number}\n accessControlMode: ACL_MODE_DOCUMENT_LEVEL_ACCESS_CONTROL_GCI\n databaseType: DB_INFRA_SPANNER\n kmsKey: dummy_key\n documentCreatorDefaultRole: DOCUMENT_ADMIN\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource does not support import.\n\n", + "description": "A location is used to initialize a project.\n\n\nTo get more information about Location, see:\n\n* [API documentation](https://cloud.google.com/document-warehouse/docs/reference/rest/v1/projects.locations)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/document-warehouse/docs/overview)\n\n## Example Usage\n\n### Document Ai Warehouse Location\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example = new gcp.essentialcontacts.DocumentAiWarehouseLocation(\"example\", {\n location: \"us\",\n projectNumber: project.then(project =\u003e project.number),\n accessControlMode: \"ACL_MODE_DOCUMENT_LEVEL_ACCESS_CONTROL_GCI\",\n databaseType: \"DB_INFRA_SPANNER\",\n kmsKey: \"dummy_key\",\n documentCreatorDefaultRole: \"DOCUMENT_ADMIN\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample = gcp.essentialcontacts.DocumentAiWarehouseLocation(\"example\",\n location=\"us\",\n project_number=project.number,\n access_control_mode=\"ACL_MODE_DOCUMENT_LEVEL_ACCESS_CONTROL_GCI\",\n database_type=\"DB_INFRA_SPANNER\",\n kms_key=\"dummy_key\",\n document_creator_default_role=\"DOCUMENT_ADMIN\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example = new Gcp.EssentialContacts.DocumentAiWarehouseLocation(\"example\", new()\n {\n Location = \"us\",\n ProjectNumber = project.Apply(getProjectResult =\u003e getProjectResult.Number),\n AccessControlMode = \"ACL_MODE_DOCUMENT_LEVEL_ACCESS_CONTROL_GCI\",\n DatabaseType = \"DB_INFRA_SPANNER\",\n KmsKey = \"dummy_key\",\n DocumentCreatorDefaultRole = \"DOCUMENT_ADMIN\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/essentialcontacts\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = essentialcontacts.NewDocumentAiWarehouseLocation(ctx, \"example\", \u0026essentialcontacts.DocumentAiWarehouseLocationArgs{\n\t\t\tLocation: pulumi.String(\"us\"),\n\t\t\tProjectNumber: pulumi.String(project.Number),\n\t\t\tAccessControlMode: pulumi.String(\"ACL_MODE_DOCUMENT_LEVEL_ACCESS_CONTROL_GCI\"),\n\t\t\tDatabaseType: pulumi.String(\"DB_INFRA_SPANNER\"),\n\t\t\tKmsKey: pulumi.String(\"dummy_key\"),\n\t\t\tDocumentCreatorDefaultRole: pulumi.String(\"DOCUMENT_ADMIN\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.essentialcontacts.DocumentAiWarehouseLocation;\nimport com.pulumi.gcp.essentialcontacts.DocumentAiWarehouseLocationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example = new DocumentAiWarehouseLocation(\"example\", DocumentAiWarehouseLocationArgs.builder()\n .location(\"us\")\n .projectNumber(project.applyValue(getProjectResult -\u003e getProjectResult.number()))\n .accessControlMode(\"ACL_MODE_DOCUMENT_LEVEL_ACCESS_CONTROL_GCI\")\n .databaseType(\"DB_INFRA_SPANNER\")\n .kmsKey(\"dummy_key\")\n .documentCreatorDefaultRole(\"DOCUMENT_ADMIN\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:essentialcontacts:DocumentAiWarehouseLocation\n properties:\n location: us\n projectNumber: ${project.number}\n accessControlMode: ACL_MODE_DOCUMENT_LEVEL_ACCESS_CONTROL_GCI\n databaseType: DB_INFRA_SPANNER\n kmsKey: dummy_key\n documentCreatorDefaultRole: DOCUMENT_ADMIN\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource does not support import.\n\n", "properties": { "accessControlMode": { "type": "string", @@ -211142,7 +211142,7 @@ } }, "gcp:eventarc/channel:Channel": { - "description": "The Eventarc Channel resource\n\n## Example Usage\n\n### Basic\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst testProject = gcp.organizations.getProject({\n projectId: \"my-project-name\",\n});\nconst testKeyRing = gcp.kms.getKMSKeyRing({\n name: \"keyring\",\n location: \"us-west1\",\n});\nconst key = testKeyRing.then(testKeyRing =\u003e gcp.kms.getKMSCryptoKey({\n name: \"key\",\n keyRing: testKeyRing.id,\n}));\nconst key1Member = new gcp.kms.CryptoKeyIAMMember(\"key1_member\", {\n cryptoKeyId: key1.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: testProject.then(testProject =\u003e `serviceAccount:service-${testProject.number}@gcp-sa-eventarc.iam.gserviceaccount.com`),\n});\nconst primary = new gcp.eventarc.Channel(\"primary\", {\n location: \"us-west1\",\n name: \"channel\",\n project: testProject.then(testProject =\u003e testProject.projectId),\n cryptoKeyName: key1.id,\n thirdPartyProvider: testProject.then(testProject =\u003e `projects/${testProject.projectId}/locations/us-west1/providers/datadog`),\n}, {\n dependsOn: [key1Member],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest_project = gcp.organizations.get_project(project_id=\"my-project-name\")\ntest_key_ring = gcp.kms.get_kms_key_ring(name=\"keyring\",\n location=\"us-west1\")\nkey = gcp.kms.get_kms_crypto_key(name=\"key\",\n key_ring=test_key_ring.id)\nkey1_member = gcp.kms.CryptoKeyIAMMember(\"key1_member\",\n crypto_key_id=key1[\"id\"],\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:service-{test_project.number}@gcp-sa-eventarc.iam.gserviceaccount.com\")\nprimary = gcp.eventarc.Channel(\"primary\",\n location=\"us-west1\",\n name=\"channel\",\n project=test_project.project_id,\n crypto_key_name=key1[\"id\"],\n third_party_provider=f\"projects/{test_project.project_id}/locations/us-west1/providers/datadog\",\n opts = pulumi.ResourceOptions(depends_on=[key1_member]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testProject = Gcp.Organizations.GetProject.Invoke(new()\n {\n ProjectId = \"my-project-name\",\n });\n\n var testKeyRing = Gcp.Kms.GetKMSKeyRing.Invoke(new()\n {\n Name = \"keyring\",\n Location = \"us-west1\",\n });\n\n var key = Gcp.Kms.GetKMSCryptoKey.Invoke(new()\n {\n Name = \"key\",\n KeyRing = testKeyRing.Apply(getKMSKeyRingResult =\u003e getKMSKeyRingResult.Id),\n });\n\n var key1Member = new Gcp.Kms.CryptoKeyIAMMember(\"key1_member\", new()\n {\n CryptoKeyId = key1.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:service-{testProject.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-eventarc.iam.gserviceaccount.com\",\n });\n\n var primary = new Gcp.Eventarc.Channel(\"primary\", new()\n {\n Location = \"us-west1\",\n Name = \"channel\",\n Project = testProject.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n CryptoKeyName = key1.Id,\n ThirdPartyProvider = $\"projects/{testProject.Apply(getProjectResult =\u003e getProjectResult.ProjectId)}/locations/us-west1/providers/datadog\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n key1Member,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/eventarc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestProject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{\n\t\t\tProjectId: pulumi.StringRef(\"my-project-name\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestKeyRing, err := kms.GetKMSKeyRing(ctx, \u0026kms.GetKMSKeyRingArgs{\n\t\t\tName: \"keyring\",\n\t\t\tLocation: \"us-west1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.GetKMSCryptoKey(ctx, \u0026kms.GetKMSCryptoKeyArgs{\n\t\t\tName: \"key\",\n\t\t\tKeyRing: testKeyRing.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkey1Member, err := kms.NewCryptoKeyIAMMember(ctx, \"key1_member\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.Any(key1.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-eventarc.iam.gserviceaccount.com\", testProject.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = eventarc.NewChannel(ctx, \"primary\", \u0026eventarc.ChannelArgs{\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tName: pulumi.String(\"channel\"),\n\t\t\tProject: pulumi.String(testProject.ProjectId),\n\t\t\tCryptoKeyName: pulumi.Any(key1.Id),\n\t\t\tThirdPartyProvider: pulumi.Sprintf(\"projects/%v/locations/us-west1/providers/datadog\", testProject.ProjectId),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tkey1Member,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetKMSKeyRingArgs;\nimport com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.eventarc.Channel;\nimport com.pulumi.gcp.eventarc.ChannelArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var testProject = OrganizationsFunctions.getProject(GetProjectArgs.builder()\n .projectId(\"my-project-name\")\n .build());\n\n final var testKeyRing = KmsFunctions.getKMSKeyRing(GetKMSKeyRingArgs.builder()\n .name(\"keyring\")\n .location(\"us-west1\")\n .build());\n\n final var key = KmsFunctions.getKMSCryptoKey(GetKMSCryptoKeyArgs.builder()\n .name(\"key\")\n .keyRing(testKeyRing.applyValue(getKMSKeyRingResult -\u003e getKMSKeyRingResult.id()))\n .build());\n\n var key1Member = new CryptoKeyIAMMember(\"key1Member\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(key1.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-eventarc.iam.gserviceaccount.com\", testProject.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var primary = new Channel(\"primary\", ChannelArgs.builder()\n .location(\"us-west1\")\n .name(\"channel\")\n .project(testProject.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .cryptoKeyName(key1.id())\n .thirdPartyProvider(String.format(\"projects/%s/locations/us-west1/providers/datadog\", testProject.applyValue(getProjectResult -\u003e getProjectResult.projectId())))\n .build(), CustomResourceOptions.builder()\n .dependsOn(key1Member)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n key1Member:\n type: gcp:kms:CryptoKeyIAMMember\n name: key1_member\n properties:\n cryptoKeyId: ${key1.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:service-${testProject.number}@gcp-sa-eventarc.iam.gserviceaccount.com\n primary:\n type: gcp:eventarc:Channel\n properties:\n location: us-west1\n name: channel\n project: ${testProject.projectId}\n cryptoKeyName: ${key1.id}\n thirdPartyProvider: projects/${testProject.projectId}/locations/us-west1/providers/datadog\n options:\n dependson:\n - ${key1Member}\nvariables:\n testProject:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments:\n projectId: my-project-name\n testKeyRing:\n fn::invoke:\n Function: gcp:kms:getKMSKeyRing\n Arguments:\n name: keyring\n location: us-west1\n key:\n fn::invoke:\n Function: gcp:kms:getKMSCryptoKey\n Arguments:\n name: key\n keyRing: ${testKeyRing.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nChannel can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/channels/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Channel can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:eventarc/channel:Channel default projects/{{project}}/locations/{{location}}/channels/{{name}}\n```\n\n```sh\n$ pulumi import gcp:eventarc/channel:Channel default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:eventarc/channel:Channel default {{location}}/{{name}}\n```\n\n", + "description": "The Eventarc Channel resource\n\n## Example Usage\n\n### Basic\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst testProject = gcp.organizations.getProject({\n projectId: \"my-project-name\",\n});\nconst testKeyRing = gcp.kms.getKMSKeyRing({\n name: \"keyring\",\n location: \"us-west1\",\n});\nconst key = testKeyRing.then(testKeyRing =\u003e gcp.kms.getKMSCryptoKey({\n name: \"key\",\n keyRing: testKeyRing.id,\n}));\nconst key1Member = new gcp.kms.CryptoKeyIAMMember(\"key1_member\", {\n cryptoKeyId: key1.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: testProject.then(testProject =\u003e `serviceAccount:service-${testProject.number}@gcp-sa-eventarc.iam.gserviceaccount.com`),\n});\nconst primary = new gcp.eventarc.Channel(\"primary\", {\n location: \"us-west1\",\n name: \"channel\",\n project: testProject.then(testProject =\u003e testProject.projectId),\n cryptoKeyName: key1.id,\n thirdPartyProvider: testProject.then(testProject =\u003e `projects/${testProject.projectId}/locations/us-west1/providers/datadog`),\n}, {\n dependsOn: [key1Member],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest_project = gcp.organizations.get_project(project_id=\"my-project-name\")\ntest_key_ring = gcp.kms.get_kms_key_ring(name=\"keyring\",\n location=\"us-west1\")\nkey = gcp.kms.get_kms_crypto_key(name=\"key\",\n key_ring=test_key_ring.id)\nkey1_member = gcp.kms.CryptoKeyIAMMember(\"key1_member\",\n crypto_key_id=key1[\"id\"],\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:service-{test_project.number}@gcp-sa-eventarc.iam.gserviceaccount.com\")\nprimary = gcp.eventarc.Channel(\"primary\",\n location=\"us-west1\",\n name=\"channel\",\n project=test_project.project_id,\n crypto_key_name=key1[\"id\"],\n third_party_provider=f\"projects/{test_project.project_id}/locations/us-west1/providers/datadog\",\n opts = pulumi.ResourceOptions(depends_on=[key1_member]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testProject = Gcp.Organizations.GetProject.Invoke(new()\n {\n ProjectId = \"my-project-name\",\n });\n\n var testKeyRing = Gcp.Kms.GetKMSKeyRing.Invoke(new()\n {\n Name = \"keyring\",\n Location = \"us-west1\",\n });\n\n var key = Gcp.Kms.GetKMSCryptoKey.Invoke(new()\n {\n Name = \"key\",\n KeyRing = testKeyRing.Apply(getKMSKeyRingResult =\u003e getKMSKeyRingResult.Id),\n });\n\n var key1Member = new Gcp.Kms.CryptoKeyIAMMember(\"key1_member\", new()\n {\n CryptoKeyId = key1.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:service-{testProject.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-eventarc.iam.gserviceaccount.com\",\n });\n\n var primary = new Gcp.Eventarc.Channel(\"primary\", new()\n {\n Location = \"us-west1\",\n Name = \"channel\",\n Project = testProject.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n CryptoKeyName = key1.Id,\n ThirdPartyProvider = $\"projects/{testProject.Apply(getProjectResult =\u003e getProjectResult.ProjectId)}/locations/us-west1/providers/datadog\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n key1Member,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/eventarc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestProject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{\n\t\t\tProjectId: pulumi.StringRef(\"my-project-name\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestKeyRing, err := kms.GetKMSKeyRing(ctx, \u0026kms.GetKMSKeyRingArgs{\n\t\t\tName: \"keyring\",\n\t\t\tLocation: \"us-west1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.GetKMSCryptoKey(ctx, \u0026kms.GetKMSCryptoKeyArgs{\n\t\t\tName: \"key\",\n\t\t\tKeyRing: testKeyRing.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkey1Member, err := kms.NewCryptoKeyIAMMember(ctx, \"key1_member\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.Any(key1.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-eventarc.iam.gserviceaccount.com\", testProject.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = eventarc.NewChannel(ctx, \"primary\", \u0026eventarc.ChannelArgs{\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tName: pulumi.String(\"channel\"),\n\t\t\tProject: pulumi.String(testProject.ProjectId),\n\t\t\tCryptoKeyName: pulumi.Any(key1.Id),\n\t\t\tThirdPartyProvider: pulumi.Sprintf(\"projects/%v/locations/us-west1/providers/datadog\", testProject.ProjectId),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tkey1Member,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetKMSKeyRingArgs;\nimport com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.eventarc.Channel;\nimport com.pulumi.gcp.eventarc.ChannelArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var testProject = OrganizationsFunctions.getProject(GetProjectArgs.builder()\n .projectId(\"my-project-name\")\n .build());\n\n final var testKeyRing = KmsFunctions.getKMSKeyRing(GetKMSKeyRingArgs.builder()\n .name(\"keyring\")\n .location(\"us-west1\")\n .build());\n\n final var key = KmsFunctions.getKMSCryptoKey(GetKMSCryptoKeyArgs.builder()\n .name(\"key\")\n .keyRing(testKeyRing.applyValue(getKMSKeyRingResult -\u003e getKMSKeyRingResult.id()))\n .build());\n\n var key1Member = new CryptoKeyIAMMember(\"key1Member\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(key1.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-eventarc.iam.gserviceaccount.com\", testProject.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var primary = new Channel(\"primary\", ChannelArgs.builder()\n .location(\"us-west1\")\n .name(\"channel\")\n .project(testProject.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .cryptoKeyName(key1.id())\n .thirdPartyProvider(String.format(\"projects/%s/locations/us-west1/providers/datadog\", testProject.applyValue(getProjectResult -\u003e getProjectResult.projectId())))\n .build(), CustomResourceOptions.builder()\n .dependsOn(key1Member)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n key1Member:\n type: gcp:kms:CryptoKeyIAMMember\n name: key1_member\n properties:\n cryptoKeyId: ${key1.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:service-${testProject.number}@gcp-sa-eventarc.iam.gserviceaccount.com\n primary:\n type: gcp:eventarc:Channel\n properties:\n location: us-west1\n name: channel\n project: ${testProject.projectId}\n cryptoKeyName: ${key1.id}\n thirdPartyProvider: projects/${testProject.projectId}/locations/us-west1/providers/datadog\n options:\n dependsOn:\n - ${key1Member}\nvariables:\n testProject:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments:\n projectId: my-project-name\n testKeyRing:\n fn::invoke:\n function: gcp:kms:getKMSKeyRing\n arguments:\n name: keyring\n location: us-west1\n key:\n fn::invoke:\n function: gcp:kms:getKMSCryptoKey\n arguments:\n name: key\n keyRing: ${testKeyRing.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nChannel can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/channels/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Channel can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:eventarc/channel:Channel default projects/{{project}}/locations/{{location}}/channels/{{name}}\n```\n\n```sh\n$ pulumi import gcp:eventarc/channel:Channel default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:eventarc/channel:Channel default {{location}}/{{name}}\n```\n\n", "properties": { "activationToken": { "type": "string", @@ -211285,7 +211285,7 @@ } }, "gcp:eventarc/googleChannelConfig:GoogleChannelConfig": { - "description": "The Eventarc GoogleChannelConfig resource\n\n## Example Usage\n\n### Basic\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst testProject = gcp.organizations.getProject({\n projectId: \"my-project-name\",\n});\nconst testKeyRing = gcp.kms.getKMSKeyRing({\n name: \"keyring\",\n location: \"us-west1\",\n});\nconst key = testKeyRing.then(testKeyRing =\u003e gcp.kms.getKMSCryptoKey({\n name: \"key\",\n keyRing: testKeyRing.id,\n}));\nconst key1Member = new gcp.kms.CryptoKeyIAMMember(\"key1_member\", {\n cryptoKeyId: key1.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: testProject.then(testProject =\u003e `serviceAccount:service-${testProject.number}@gcp-sa-eventarc.iam.gserviceaccount.com`),\n});\nconst primary = new gcp.eventarc.GoogleChannelConfig(\"primary\", {\n location: \"us-west1\",\n name: \"channel\",\n project: testProject.then(testProject =\u003e testProject.projectId),\n cryptoKeyName: key1.id,\n}, {\n dependsOn: [key1Member],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest_project = gcp.organizations.get_project(project_id=\"my-project-name\")\ntest_key_ring = gcp.kms.get_kms_key_ring(name=\"keyring\",\n location=\"us-west1\")\nkey = gcp.kms.get_kms_crypto_key(name=\"key\",\n key_ring=test_key_ring.id)\nkey1_member = gcp.kms.CryptoKeyIAMMember(\"key1_member\",\n crypto_key_id=key1[\"id\"],\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:service-{test_project.number}@gcp-sa-eventarc.iam.gserviceaccount.com\")\nprimary = gcp.eventarc.GoogleChannelConfig(\"primary\",\n location=\"us-west1\",\n name=\"channel\",\n project=test_project.project_id,\n crypto_key_name=key1[\"id\"],\n opts = pulumi.ResourceOptions(depends_on=[key1_member]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testProject = Gcp.Organizations.GetProject.Invoke(new()\n {\n ProjectId = \"my-project-name\",\n });\n\n var testKeyRing = Gcp.Kms.GetKMSKeyRing.Invoke(new()\n {\n Name = \"keyring\",\n Location = \"us-west1\",\n });\n\n var key = Gcp.Kms.GetKMSCryptoKey.Invoke(new()\n {\n Name = \"key\",\n KeyRing = testKeyRing.Apply(getKMSKeyRingResult =\u003e getKMSKeyRingResult.Id),\n });\n\n var key1Member = new Gcp.Kms.CryptoKeyIAMMember(\"key1_member\", new()\n {\n CryptoKeyId = key1.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:service-{testProject.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-eventarc.iam.gserviceaccount.com\",\n });\n\n var primary = new Gcp.Eventarc.GoogleChannelConfig(\"primary\", new()\n {\n Location = \"us-west1\",\n Name = \"channel\",\n Project = testProject.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n CryptoKeyName = key1.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n key1Member,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/eventarc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestProject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{\n\t\t\tProjectId: pulumi.StringRef(\"my-project-name\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestKeyRing, err := kms.GetKMSKeyRing(ctx, \u0026kms.GetKMSKeyRingArgs{\n\t\t\tName: \"keyring\",\n\t\t\tLocation: \"us-west1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.GetKMSCryptoKey(ctx, \u0026kms.GetKMSCryptoKeyArgs{\n\t\t\tName: \"key\",\n\t\t\tKeyRing: testKeyRing.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkey1Member, err := kms.NewCryptoKeyIAMMember(ctx, \"key1_member\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.Any(key1.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-eventarc.iam.gserviceaccount.com\", testProject.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = eventarc.NewGoogleChannelConfig(ctx, \"primary\", \u0026eventarc.GoogleChannelConfigArgs{\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tName: pulumi.String(\"channel\"),\n\t\t\tProject: pulumi.String(testProject.ProjectId),\n\t\t\tCryptoKeyName: pulumi.Any(key1.Id),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tkey1Member,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetKMSKeyRingArgs;\nimport com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.eventarc.GoogleChannelConfig;\nimport com.pulumi.gcp.eventarc.GoogleChannelConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var testProject = OrganizationsFunctions.getProject(GetProjectArgs.builder()\n .projectId(\"my-project-name\")\n .build());\n\n final var testKeyRing = KmsFunctions.getKMSKeyRing(GetKMSKeyRingArgs.builder()\n .name(\"keyring\")\n .location(\"us-west1\")\n .build());\n\n final var key = KmsFunctions.getKMSCryptoKey(GetKMSCryptoKeyArgs.builder()\n .name(\"key\")\n .keyRing(testKeyRing.applyValue(getKMSKeyRingResult -\u003e getKMSKeyRingResult.id()))\n .build());\n\n var key1Member = new CryptoKeyIAMMember(\"key1Member\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(key1.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-eventarc.iam.gserviceaccount.com\", testProject.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var primary = new GoogleChannelConfig(\"primary\", GoogleChannelConfigArgs.builder()\n .location(\"us-west1\")\n .name(\"channel\")\n .project(testProject.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .cryptoKeyName(key1.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(key1Member)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n key1Member:\n type: gcp:kms:CryptoKeyIAMMember\n name: key1_member\n properties:\n cryptoKeyId: ${key1.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:service-${testProject.number}@gcp-sa-eventarc.iam.gserviceaccount.com\n primary:\n type: gcp:eventarc:GoogleChannelConfig\n properties:\n location: us-west1\n name: channel\n project: ${testProject.projectId}\n cryptoKeyName: ${key1.id}\n options:\n dependson:\n - ${key1Member}\nvariables:\n testProject:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments:\n projectId: my-project-name\n testKeyRing:\n fn::invoke:\n Function: gcp:kms:getKMSKeyRing\n Arguments:\n name: keyring\n location: us-west1\n key:\n fn::invoke:\n Function: gcp:kms:getKMSCryptoKey\n Arguments:\n name: key\n keyRing: ${testKeyRing.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGoogleChannelConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/googleChannelConfig`\n\n* `{{project}}/{{location}}`\n\n* `{{location}}`\n\nWhen using the `pulumi import` command, GoogleChannelConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:eventarc/googleChannelConfig:GoogleChannelConfig default projects/{{project}}/locations/{{location}}/googleChannelConfig\n```\n\n```sh\n$ pulumi import gcp:eventarc/googleChannelConfig:GoogleChannelConfig default {{project}}/{{location}}\n```\n\n```sh\n$ pulumi import gcp:eventarc/googleChannelConfig:GoogleChannelConfig default {{location}}\n```\n\n", + "description": "The Eventarc GoogleChannelConfig resource\n\n## Example Usage\n\n### Basic\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst testProject = gcp.organizations.getProject({\n projectId: \"my-project-name\",\n});\nconst testKeyRing = gcp.kms.getKMSKeyRing({\n name: \"keyring\",\n location: \"us-west1\",\n});\nconst key = testKeyRing.then(testKeyRing =\u003e gcp.kms.getKMSCryptoKey({\n name: \"key\",\n keyRing: testKeyRing.id,\n}));\nconst key1Member = new gcp.kms.CryptoKeyIAMMember(\"key1_member\", {\n cryptoKeyId: key1.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: testProject.then(testProject =\u003e `serviceAccount:service-${testProject.number}@gcp-sa-eventarc.iam.gserviceaccount.com`),\n});\nconst primary = new gcp.eventarc.GoogleChannelConfig(\"primary\", {\n location: \"us-west1\",\n name: \"channel\",\n project: testProject.then(testProject =\u003e testProject.projectId),\n cryptoKeyName: key1.id,\n}, {\n dependsOn: [key1Member],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest_project = gcp.organizations.get_project(project_id=\"my-project-name\")\ntest_key_ring = gcp.kms.get_kms_key_ring(name=\"keyring\",\n location=\"us-west1\")\nkey = gcp.kms.get_kms_crypto_key(name=\"key\",\n key_ring=test_key_ring.id)\nkey1_member = gcp.kms.CryptoKeyIAMMember(\"key1_member\",\n crypto_key_id=key1[\"id\"],\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:service-{test_project.number}@gcp-sa-eventarc.iam.gserviceaccount.com\")\nprimary = gcp.eventarc.GoogleChannelConfig(\"primary\",\n location=\"us-west1\",\n name=\"channel\",\n project=test_project.project_id,\n crypto_key_name=key1[\"id\"],\n opts = pulumi.ResourceOptions(depends_on=[key1_member]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testProject = Gcp.Organizations.GetProject.Invoke(new()\n {\n ProjectId = \"my-project-name\",\n });\n\n var testKeyRing = Gcp.Kms.GetKMSKeyRing.Invoke(new()\n {\n Name = \"keyring\",\n Location = \"us-west1\",\n });\n\n var key = Gcp.Kms.GetKMSCryptoKey.Invoke(new()\n {\n Name = \"key\",\n KeyRing = testKeyRing.Apply(getKMSKeyRingResult =\u003e getKMSKeyRingResult.Id),\n });\n\n var key1Member = new Gcp.Kms.CryptoKeyIAMMember(\"key1_member\", new()\n {\n CryptoKeyId = key1.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:service-{testProject.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-eventarc.iam.gserviceaccount.com\",\n });\n\n var primary = new Gcp.Eventarc.GoogleChannelConfig(\"primary\", new()\n {\n Location = \"us-west1\",\n Name = \"channel\",\n Project = testProject.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n CryptoKeyName = key1.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n key1Member,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/eventarc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestProject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{\n\t\t\tProjectId: pulumi.StringRef(\"my-project-name\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestKeyRing, err := kms.GetKMSKeyRing(ctx, \u0026kms.GetKMSKeyRingArgs{\n\t\t\tName: \"keyring\",\n\t\t\tLocation: \"us-west1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.GetKMSCryptoKey(ctx, \u0026kms.GetKMSCryptoKeyArgs{\n\t\t\tName: \"key\",\n\t\t\tKeyRing: testKeyRing.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkey1Member, err := kms.NewCryptoKeyIAMMember(ctx, \"key1_member\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.Any(key1.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-eventarc.iam.gserviceaccount.com\", testProject.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = eventarc.NewGoogleChannelConfig(ctx, \"primary\", \u0026eventarc.GoogleChannelConfigArgs{\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tName: pulumi.String(\"channel\"),\n\t\t\tProject: pulumi.String(testProject.ProjectId),\n\t\t\tCryptoKeyName: pulumi.Any(key1.Id),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tkey1Member,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetKMSKeyRingArgs;\nimport com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.eventarc.GoogleChannelConfig;\nimport com.pulumi.gcp.eventarc.GoogleChannelConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var testProject = OrganizationsFunctions.getProject(GetProjectArgs.builder()\n .projectId(\"my-project-name\")\n .build());\n\n final var testKeyRing = KmsFunctions.getKMSKeyRing(GetKMSKeyRingArgs.builder()\n .name(\"keyring\")\n .location(\"us-west1\")\n .build());\n\n final var key = KmsFunctions.getKMSCryptoKey(GetKMSCryptoKeyArgs.builder()\n .name(\"key\")\n .keyRing(testKeyRing.applyValue(getKMSKeyRingResult -\u003e getKMSKeyRingResult.id()))\n .build());\n\n var key1Member = new CryptoKeyIAMMember(\"key1Member\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(key1.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-eventarc.iam.gserviceaccount.com\", testProject.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var primary = new GoogleChannelConfig(\"primary\", GoogleChannelConfigArgs.builder()\n .location(\"us-west1\")\n .name(\"channel\")\n .project(testProject.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .cryptoKeyName(key1.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(key1Member)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n key1Member:\n type: gcp:kms:CryptoKeyIAMMember\n name: key1_member\n properties:\n cryptoKeyId: ${key1.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:service-${testProject.number}@gcp-sa-eventarc.iam.gserviceaccount.com\n primary:\n type: gcp:eventarc:GoogleChannelConfig\n properties:\n location: us-west1\n name: channel\n project: ${testProject.projectId}\n cryptoKeyName: ${key1.id}\n options:\n dependsOn:\n - ${key1Member}\nvariables:\n testProject:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments:\n projectId: my-project-name\n testKeyRing:\n fn::invoke:\n function: gcp:kms:getKMSKeyRing\n arguments:\n name: keyring\n location: us-west1\n key:\n fn::invoke:\n function: gcp:kms:getKMSCryptoKey\n arguments:\n name: key\n keyRing: ${testKeyRing.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGoogleChannelConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/googleChannelConfig`\n\n* `{{project}}/{{location}}`\n\n* `{{location}}`\n\nWhen using the `pulumi import` command, GoogleChannelConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:eventarc/googleChannelConfig:GoogleChannelConfig default projects/{{project}}/locations/{{location}}/googleChannelConfig\n```\n\n```sh\n$ pulumi import gcp:eventarc/googleChannelConfig:GoogleChannelConfig default {{project}}/{{location}}\n```\n\n```sh\n$ pulumi import gcp:eventarc/googleChannelConfig:GoogleChannelConfig default {{location}}\n```\n\n", "properties": { "cryptoKeyName": { "type": "string", @@ -212457,7 +212457,7 @@ } }, "gcp:firebase/appCheckAppAttestConfig:AppCheckAppAttestConfig": { - "description": "An app's App Attest configuration object. Note that the Team ID registered with your\napp is used as part of the validation process. Make sure your `gcp.firebase.AppleApp` has a team_id present.\n\n\nTo get more information about AppAttestConfig, see:\n\n* [API documentation](https://firebase.google.com/docs/reference/appcheck/rest/v1/projects.apps.appAttestConfig)\n* How-to Guides\n * [Official Documentation](https://firebase.google.com/docs/app-check)\n\n## Example Usage\n\n### Firebase App Check App Attest Config Minimal\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst _default = new gcp.firebase.AppleApp(\"default\", {\n project: \"my-project-name\",\n displayName: \"Apple app\",\n bundleId: \"bundle.id.appattest\",\n teamId: \"9987654321\",\n});\n// It takes a while for App Check to recognize the new app\n// If your app already exists, you don't have to wait 30 seconds.\nconst wait30s = new time.index.Sleep(\"wait_30s\", {createDuration: \"30s\"}, {\n dependsOn: [_default],\n});\nconst defaultAppCheckAppAttestConfig = new gcp.firebase.AppCheckAppAttestConfig(\"default\", {\n project: \"my-project-name\",\n appId: _default.appId,\n}, {\n dependsOn: [wait30s],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\ndefault = gcp.firebase.AppleApp(\"default\",\n project=\"my-project-name\",\n display_name=\"Apple app\",\n bundle_id=\"bundle.id.appattest\",\n team_id=\"9987654321\")\n# It takes a while for App Check to recognize the new app\n# If your app already exists, you don't have to wait 30 seconds.\nwait30s = time.index.Sleep(\"wait_30s\", create_duration=30s,\nopts = pulumi.ResourceOptions(depends_on=[default]))\ndefault_app_check_app_attest_config = gcp.firebase.AppCheckAppAttestConfig(\"default\",\n project=\"my-project-name\",\n app_id=default.app_id,\n opts = pulumi.ResourceOptions(depends_on=[wait30s]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Firebase.AppleApp(\"default\", new()\n {\n Project = \"my-project-name\",\n DisplayName = \"Apple app\",\n BundleId = \"bundle.id.appattest\",\n TeamId = \"9987654321\",\n });\n\n // It takes a while for App Check to recognize the new app\n // If your app already exists, you don't have to wait 30 seconds.\n var wait30s = new Time.Index.Sleep(\"wait_30s\", new()\n {\n CreateDuration = \"30s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n var defaultAppCheckAppAttestConfig = new Gcp.Firebase.AppCheckAppAttestConfig(\"default\", new()\n {\n Project = \"my-project-name\",\n AppId = @default.AppId,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait30s,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firebase.NewAppleApp(ctx, \"default\", \u0026firebase.AppleAppArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tDisplayName: pulumi.String(\"Apple app\"),\n\t\t\tBundleId: pulumi.String(\"bundle.id.appattest\"),\n\t\t\tTeamId: pulumi.String(\"9987654321\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// It takes a while for App Check to recognize the new app\n\t\t// If your app already exists, you don't have to wait 30 seconds.\n\t\twait30s, err := time.NewSleep(ctx, \"wait_30s\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"30s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewAppCheckAppAttestConfig(ctx, \"default\", \u0026firebase.AppCheckAppAttestConfigArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tAppId: _default.AppId,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait30s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firebase.AppleApp;\nimport com.pulumi.gcp.firebase.AppleAppArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.firebase.AppCheckAppAttestConfig;\nimport com.pulumi.gcp.firebase.AppCheckAppAttestConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new AppleApp(\"default\", AppleAppArgs.builder()\n .project(\"my-project-name\")\n .displayName(\"Apple app\")\n .bundleId(\"bundle.id.appattest\")\n .teamId(\"9987654321\")\n .build());\n\n // It takes a while for App Check to recognize the new app\n // If your app already exists, you don't have to wait 30 seconds.\n var wait30s = new Sleep(\"wait30s\", SleepArgs.builder()\n .createDuration(\"30s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n var defaultAppCheckAppAttestConfig = new AppCheckAppAttestConfig(\"defaultAppCheckAppAttestConfig\", AppCheckAppAttestConfigArgs.builder()\n .project(\"my-project-name\")\n .appId(default_.appId())\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait30s)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:firebase:AppleApp\n properties:\n project: my-project-name\n displayName: Apple app\n bundleId: bundle.id.appattest\n teamId: '9987654321'\n # It takes a while for App Check to recognize the new app\n # If your app already exists, you don't have to wait 30 seconds.\n wait30s:\n type: time:sleep\n name: wait_30s\n properties:\n createDuration: 30s\n options:\n dependson:\n - ${default}\n defaultAppCheckAppAttestConfig:\n type: gcp:firebase:AppCheckAppAttestConfig\n name: default\n properties:\n project: my-project-name\n appId: ${default.appId}\n options:\n dependson:\n - ${wait30s}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firebase App Check App Attest Config Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst _default = new gcp.firebase.AppleApp(\"default\", {\n project: \"my-project-name\",\n displayName: \"Apple app\",\n bundleId: \"bundle.id.appattest\",\n teamId: \"9987654321\",\n});\n// It takes a while for App Check to recognize the new app\n// If your app already exists, you don't have to wait 30 seconds.\nconst wait30s = new time.index.Sleep(\"wait_30s\", {createDuration: \"30s\"}, {\n dependsOn: [_default],\n});\nconst defaultAppCheckAppAttestConfig = new gcp.firebase.AppCheckAppAttestConfig(\"default\", {\n project: \"my-project-name\",\n appId: _default.appId,\n tokenTtl: \"7200s\",\n}, {\n dependsOn: [wait30s],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\ndefault = gcp.firebase.AppleApp(\"default\",\n project=\"my-project-name\",\n display_name=\"Apple app\",\n bundle_id=\"bundle.id.appattest\",\n team_id=\"9987654321\")\n# It takes a while for App Check to recognize the new app\n# If your app already exists, you don't have to wait 30 seconds.\nwait30s = time.index.Sleep(\"wait_30s\", create_duration=30s,\nopts = pulumi.ResourceOptions(depends_on=[default]))\ndefault_app_check_app_attest_config = gcp.firebase.AppCheckAppAttestConfig(\"default\",\n project=\"my-project-name\",\n app_id=default.app_id,\n token_ttl=\"7200s\",\n opts = pulumi.ResourceOptions(depends_on=[wait30s]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Firebase.AppleApp(\"default\", new()\n {\n Project = \"my-project-name\",\n DisplayName = \"Apple app\",\n BundleId = \"bundle.id.appattest\",\n TeamId = \"9987654321\",\n });\n\n // It takes a while for App Check to recognize the new app\n // If your app already exists, you don't have to wait 30 seconds.\n var wait30s = new Time.Index.Sleep(\"wait_30s\", new()\n {\n CreateDuration = \"30s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n var defaultAppCheckAppAttestConfig = new Gcp.Firebase.AppCheckAppAttestConfig(\"default\", new()\n {\n Project = \"my-project-name\",\n AppId = @default.AppId,\n TokenTtl = \"7200s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait30s,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firebase.NewAppleApp(ctx, \"default\", \u0026firebase.AppleAppArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tDisplayName: pulumi.String(\"Apple app\"),\n\t\t\tBundleId: pulumi.String(\"bundle.id.appattest\"),\n\t\t\tTeamId: pulumi.String(\"9987654321\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// It takes a while for App Check to recognize the new app\n\t\t// If your app already exists, you don't have to wait 30 seconds.\n\t\twait30s, err := time.NewSleep(ctx, \"wait_30s\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"30s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewAppCheckAppAttestConfig(ctx, \"default\", \u0026firebase.AppCheckAppAttestConfigArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tAppId: _default.AppId,\n\t\t\tTokenTtl: pulumi.String(\"7200s\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait30s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firebase.AppleApp;\nimport com.pulumi.gcp.firebase.AppleAppArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.firebase.AppCheckAppAttestConfig;\nimport com.pulumi.gcp.firebase.AppCheckAppAttestConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new AppleApp(\"default\", AppleAppArgs.builder()\n .project(\"my-project-name\")\n .displayName(\"Apple app\")\n .bundleId(\"bundle.id.appattest\")\n .teamId(\"9987654321\")\n .build());\n\n // It takes a while for App Check to recognize the new app\n // If your app already exists, you don't have to wait 30 seconds.\n var wait30s = new Sleep(\"wait30s\", SleepArgs.builder()\n .createDuration(\"30s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n var defaultAppCheckAppAttestConfig = new AppCheckAppAttestConfig(\"defaultAppCheckAppAttestConfig\", AppCheckAppAttestConfigArgs.builder()\n .project(\"my-project-name\")\n .appId(default_.appId())\n .tokenTtl(\"7200s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait30s)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:firebase:AppleApp\n properties:\n project: my-project-name\n displayName: Apple app\n bundleId: bundle.id.appattest\n teamId: '9987654321'\n # It takes a while for App Check to recognize the new app\n # If your app already exists, you don't have to wait 30 seconds.\n wait30s:\n type: time:sleep\n name: wait_30s\n properties:\n createDuration: 30s\n options:\n dependson:\n - ${default}\n defaultAppCheckAppAttestConfig:\n type: gcp:firebase:AppCheckAppAttestConfig\n name: default\n properties:\n project: my-project-name\n appId: ${default.appId}\n tokenTtl: 7200s\n options:\n dependson:\n - ${wait30s}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAppAttestConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/apps/{{app_id}}/appAttestConfig`\n\n* `{{project}}/{{app_id}}`\n\n* `{{app_id}}`\n\nWhen using the `pulumi import` command, AppAttestConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:firebase/appCheckAppAttestConfig:AppCheckAppAttestConfig default projects/{{project}}/apps/{{app_id}}/appAttestConfig\n```\n\n```sh\n$ pulumi import gcp:firebase/appCheckAppAttestConfig:AppCheckAppAttestConfig default {{project}}/{{app_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/appCheckAppAttestConfig:AppCheckAppAttestConfig default {{app_id}}\n```\n\n", + "description": "An app's App Attest configuration object. Note that the Team ID registered with your\napp is used as part of the validation process. Make sure your `gcp.firebase.AppleApp` has a team_id present.\n\n\nTo get more information about AppAttestConfig, see:\n\n* [API documentation](https://firebase.google.com/docs/reference/appcheck/rest/v1/projects.apps.appAttestConfig)\n* How-to Guides\n * [Official Documentation](https://firebase.google.com/docs/app-check)\n\n## Example Usage\n\n### Firebase App Check App Attest Config Minimal\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst _default = new gcp.firebase.AppleApp(\"default\", {\n project: \"my-project-name\",\n displayName: \"Apple app\",\n bundleId: \"bundle.id.appattest\",\n teamId: \"9987654321\",\n});\n// It takes a while for App Check to recognize the new app\n// If your app already exists, you don't have to wait 30 seconds.\nconst wait30s = new time.index.Sleep(\"wait_30s\", {createDuration: \"30s\"}, {\n dependsOn: [_default],\n});\nconst defaultAppCheckAppAttestConfig = new gcp.firebase.AppCheckAppAttestConfig(\"default\", {\n project: \"my-project-name\",\n appId: _default.appId,\n}, {\n dependsOn: [wait30s],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\ndefault = gcp.firebase.AppleApp(\"default\",\n project=\"my-project-name\",\n display_name=\"Apple app\",\n bundle_id=\"bundle.id.appattest\",\n team_id=\"9987654321\")\n# It takes a while for App Check to recognize the new app\n# If your app already exists, you don't have to wait 30 seconds.\nwait30s = time.index.Sleep(\"wait_30s\", create_duration=30s,\nopts = pulumi.ResourceOptions(depends_on=[default]))\ndefault_app_check_app_attest_config = gcp.firebase.AppCheckAppAttestConfig(\"default\",\n project=\"my-project-name\",\n app_id=default.app_id,\n opts = pulumi.ResourceOptions(depends_on=[wait30s]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Firebase.AppleApp(\"default\", new()\n {\n Project = \"my-project-name\",\n DisplayName = \"Apple app\",\n BundleId = \"bundle.id.appattest\",\n TeamId = \"9987654321\",\n });\n\n // It takes a while for App Check to recognize the new app\n // If your app already exists, you don't have to wait 30 seconds.\n var wait30s = new Time.Index.Sleep(\"wait_30s\", new()\n {\n CreateDuration = \"30s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n var defaultAppCheckAppAttestConfig = new Gcp.Firebase.AppCheckAppAttestConfig(\"default\", new()\n {\n Project = \"my-project-name\",\n AppId = @default.AppId,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait30s,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firebase.NewAppleApp(ctx, \"default\", \u0026firebase.AppleAppArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tDisplayName: pulumi.String(\"Apple app\"),\n\t\t\tBundleId: pulumi.String(\"bundle.id.appattest\"),\n\t\t\tTeamId: pulumi.String(\"9987654321\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// It takes a while for App Check to recognize the new app\n\t\t// If your app already exists, you don't have to wait 30 seconds.\n\t\twait30s, err := time.NewSleep(ctx, \"wait_30s\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"30s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewAppCheckAppAttestConfig(ctx, \"default\", \u0026firebase.AppCheckAppAttestConfigArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tAppId: _default.AppId,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait30s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firebase.AppleApp;\nimport com.pulumi.gcp.firebase.AppleAppArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.firebase.AppCheckAppAttestConfig;\nimport com.pulumi.gcp.firebase.AppCheckAppAttestConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new AppleApp(\"default\", AppleAppArgs.builder()\n .project(\"my-project-name\")\n .displayName(\"Apple app\")\n .bundleId(\"bundle.id.appattest\")\n .teamId(\"9987654321\")\n .build());\n\n // It takes a while for App Check to recognize the new app\n // If your app already exists, you don't have to wait 30 seconds.\n var wait30s = new Sleep(\"wait30s\", SleepArgs.builder()\n .createDuration(\"30s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n var defaultAppCheckAppAttestConfig = new AppCheckAppAttestConfig(\"defaultAppCheckAppAttestConfig\", AppCheckAppAttestConfigArgs.builder()\n .project(\"my-project-name\")\n .appId(default_.appId())\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait30s)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:firebase:AppleApp\n properties:\n project: my-project-name\n displayName: Apple app\n bundleId: bundle.id.appattest\n teamId: '9987654321'\n # It takes a while for App Check to recognize the new app\n # If your app already exists, you don't have to wait 30 seconds.\n wait30s:\n type: time:sleep\n name: wait_30s\n properties:\n createDuration: 30s\n options:\n dependsOn:\n - ${default}\n defaultAppCheckAppAttestConfig:\n type: gcp:firebase:AppCheckAppAttestConfig\n name: default\n properties:\n project: my-project-name\n appId: ${default.appId}\n options:\n dependsOn:\n - ${wait30s}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firebase App Check App Attest Config Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst _default = new gcp.firebase.AppleApp(\"default\", {\n project: \"my-project-name\",\n displayName: \"Apple app\",\n bundleId: \"bundle.id.appattest\",\n teamId: \"9987654321\",\n});\n// It takes a while for App Check to recognize the new app\n// If your app already exists, you don't have to wait 30 seconds.\nconst wait30s = new time.index.Sleep(\"wait_30s\", {createDuration: \"30s\"}, {\n dependsOn: [_default],\n});\nconst defaultAppCheckAppAttestConfig = new gcp.firebase.AppCheckAppAttestConfig(\"default\", {\n project: \"my-project-name\",\n appId: _default.appId,\n tokenTtl: \"7200s\",\n}, {\n dependsOn: [wait30s],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\ndefault = gcp.firebase.AppleApp(\"default\",\n project=\"my-project-name\",\n display_name=\"Apple app\",\n bundle_id=\"bundle.id.appattest\",\n team_id=\"9987654321\")\n# It takes a while for App Check to recognize the new app\n# If your app already exists, you don't have to wait 30 seconds.\nwait30s = time.index.Sleep(\"wait_30s\", create_duration=30s,\nopts = pulumi.ResourceOptions(depends_on=[default]))\ndefault_app_check_app_attest_config = gcp.firebase.AppCheckAppAttestConfig(\"default\",\n project=\"my-project-name\",\n app_id=default.app_id,\n token_ttl=\"7200s\",\n opts = pulumi.ResourceOptions(depends_on=[wait30s]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Firebase.AppleApp(\"default\", new()\n {\n Project = \"my-project-name\",\n DisplayName = \"Apple app\",\n BundleId = \"bundle.id.appattest\",\n TeamId = \"9987654321\",\n });\n\n // It takes a while for App Check to recognize the new app\n // If your app already exists, you don't have to wait 30 seconds.\n var wait30s = new Time.Index.Sleep(\"wait_30s\", new()\n {\n CreateDuration = \"30s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n var defaultAppCheckAppAttestConfig = new Gcp.Firebase.AppCheckAppAttestConfig(\"default\", new()\n {\n Project = \"my-project-name\",\n AppId = @default.AppId,\n TokenTtl = \"7200s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait30s,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firebase.NewAppleApp(ctx, \"default\", \u0026firebase.AppleAppArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tDisplayName: pulumi.String(\"Apple app\"),\n\t\t\tBundleId: pulumi.String(\"bundle.id.appattest\"),\n\t\t\tTeamId: pulumi.String(\"9987654321\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// It takes a while for App Check to recognize the new app\n\t\t// If your app already exists, you don't have to wait 30 seconds.\n\t\twait30s, err := time.NewSleep(ctx, \"wait_30s\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"30s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewAppCheckAppAttestConfig(ctx, \"default\", \u0026firebase.AppCheckAppAttestConfigArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tAppId: _default.AppId,\n\t\t\tTokenTtl: pulumi.String(\"7200s\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait30s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firebase.AppleApp;\nimport com.pulumi.gcp.firebase.AppleAppArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.firebase.AppCheckAppAttestConfig;\nimport com.pulumi.gcp.firebase.AppCheckAppAttestConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new AppleApp(\"default\", AppleAppArgs.builder()\n .project(\"my-project-name\")\n .displayName(\"Apple app\")\n .bundleId(\"bundle.id.appattest\")\n .teamId(\"9987654321\")\n .build());\n\n // It takes a while for App Check to recognize the new app\n // If your app already exists, you don't have to wait 30 seconds.\n var wait30s = new Sleep(\"wait30s\", SleepArgs.builder()\n .createDuration(\"30s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n var defaultAppCheckAppAttestConfig = new AppCheckAppAttestConfig(\"defaultAppCheckAppAttestConfig\", AppCheckAppAttestConfigArgs.builder()\n .project(\"my-project-name\")\n .appId(default_.appId())\n .tokenTtl(\"7200s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait30s)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:firebase:AppleApp\n properties:\n project: my-project-name\n displayName: Apple app\n bundleId: bundle.id.appattest\n teamId: '9987654321'\n # It takes a while for App Check to recognize the new app\n # If your app already exists, you don't have to wait 30 seconds.\n wait30s:\n type: time:sleep\n name: wait_30s\n properties:\n createDuration: 30s\n options:\n dependsOn:\n - ${default}\n defaultAppCheckAppAttestConfig:\n type: gcp:firebase:AppCheckAppAttestConfig\n name: default\n properties:\n project: my-project-name\n appId: ${default.appId}\n tokenTtl: 7200s\n options:\n dependsOn:\n - ${wait30s}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAppAttestConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/apps/{{app_id}}/appAttestConfig`\n\n* `{{project}}/{{app_id}}`\n\n* `{{app_id}}`\n\nWhen using the `pulumi import` command, AppAttestConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:firebase/appCheckAppAttestConfig:AppCheckAppAttestConfig default projects/{{project}}/apps/{{app_id}}/appAttestConfig\n```\n\n```sh\n$ pulumi import gcp:firebase/appCheckAppAttestConfig:AppCheckAppAttestConfig default {{project}}/{{app_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/appCheckAppAttestConfig:AppCheckAppAttestConfig default {{app_id}}\n```\n\n", "properties": { "appId": { "type": "string", @@ -212527,7 +212527,7 @@ } }, "gcp:firebase/appCheckDebugToken:AppCheckDebugToken": { - "description": "A debug token is a secret used during the development or integration testing of\nan app. It essentially allows the development or integration testing to bypass\napp attestation while still allowing App Check to enforce protection on supported\nproduction Firebase services.\n\n\nTo get more information about DebugToken, see:\n\n* [API documentation](https://firebase.google.com/docs/reference/appcheck/rest/v1/projects.apps.debugTokens)\n* How-to Guides\n * [Official Documentation](https://firebase.google.com/docs/app-check)\n\n\n\n## Example Usage\n\n### Firebase App Check Debug Token Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst _default = new gcp.firebase.WebApp(\"default\", {\n project: \"my-project-name\",\n displayName: \"Web App for debug token\",\n});\n// It takes a while for App Check to recognize the new app\n// If your app already exists, you don't have to wait 30 seconds.\nconst wait30s = new time.index.Sleep(\"wait_30s\", {createDuration: \"30s\"}, {\n dependsOn: [_default],\n});\nconst defaultAppCheckDebugToken = new gcp.firebase.AppCheckDebugToken(\"default\", {\n project: \"my-project-name\",\n appId: _default.appId,\n displayName: \"Debug Token\",\n token: \"00000000-AAAA-BBBB-CCCC-000000000000\",\n}, {\n dependsOn: [wait30s],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\ndefault = gcp.firebase.WebApp(\"default\",\n project=\"my-project-name\",\n display_name=\"Web App for debug token\")\n# It takes a while for App Check to recognize the new app\n# If your app already exists, you don't have to wait 30 seconds.\nwait30s = time.index.Sleep(\"wait_30s\", create_duration=30s,\nopts = pulumi.ResourceOptions(depends_on=[default]))\ndefault_app_check_debug_token = gcp.firebase.AppCheckDebugToken(\"default\",\n project=\"my-project-name\",\n app_id=default.app_id,\n display_name=\"Debug Token\",\n token=\"00000000-AAAA-BBBB-CCCC-000000000000\",\n opts = pulumi.ResourceOptions(depends_on=[wait30s]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Firebase.WebApp(\"default\", new()\n {\n Project = \"my-project-name\",\n DisplayName = \"Web App for debug token\",\n });\n\n // It takes a while for App Check to recognize the new app\n // If your app already exists, you don't have to wait 30 seconds.\n var wait30s = new Time.Index.Sleep(\"wait_30s\", new()\n {\n CreateDuration = \"30s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n var defaultAppCheckDebugToken = new Gcp.Firebase.AppCheckDebugToken(\"default\", new()\n {\n Project = \"my-project-name\",\n AppId = @default.AppId,\n DisplayName = \"Debug Token\",\n Token = \"00000000-AAAA-BBBB-CCCC-000000000000\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait30s,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firebase.NewWebApp(ctx, \"default\", \u0026firebase.WebAppArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tDisplayName: pulumi.String(\"Web App for debug token\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// It takes a while for App Check to recognize the new app\n\t\t// If your app already exists, you don't have to wait 30 seconds.\n\t\twait30s, err := time.NewSleep(ctx, \"wait_30s\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"30s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewAppCheckDebugToken(ctx, \"default\", \u0026firebase.AppCheckDebugTokenArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tAppId: _default.AppId,\n\t\t\tDisplayName: pulumi.String(\"Debug Token\"),\n\t\t\tToken: pulumi.String(\"00000000-AAAA-BBBB-CCCC-000000000000\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait30s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firebase.WebApp;\nimport com.pulumi.gcp.firebase.WebAppArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.firebase.AppCheckDebugToken;\nimport com.pulumi.gcp.firebase.AppCheckDebugTokenArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new WebApp(\"default\", WebAppArgs.builder()\n .project(\"my-project-name\")\n .displayName(\"Web App for debug token\")\n .build());\n\n // It takes a while for App Check to recognize the new app\n // If your app already exists, you don't have to wait 30 seconds.\n var wait30s = new Sleep(\"wait30s\", SleepArgs.builder()\n .createDuration(\"30s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n var defaultAppCheckDebugToken = new AppCheckDebugToken(\"defaultAppCheckDebugToken\", AppCheckDebugTokenArgs.builder()\n .project(\"my-project-name\")\n .appId(default_.appId())\n .displayName(\"Debug Token\")\n .token(\"00000000-AAAA-BBBB-CCCC-000000000000\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait30s)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:firebase:WebApp\n properties:\n project: my-project-name\n displayName: Web App for debug token\n # It takes a while for App Check to recognize the new app\n # If your app already exists, you don't have to wait 30 seconds.\n wait30s:\n type: time:sleep\n name: wait_30s\n properties:\n createDuration: 30s\n options:\n dependson:\n - ${default}\n defaultAppCheckDebugToken:\n type: gcp:firebase:AppCheckDebugToken\n name: default\n properties:\n project: my-project-name\n appId: ${default.appId}\n displayName: Debug Token\n token: 00000000-AAAA-BBBB-CCCC-000000000000\n options:\n dependson:\n - ${wait30s}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nDebugToken can be imported using any of these accepted formats:\n\n* `projects/{{project}}/apps/{{app_id}}/debugTokens/{{debug_token_id}}`\n\n* `{{project}}/{{app_id}}/{{debug_token_id}}`\n\n* `{{app_id}}/{{debug_token_id}}`\n\nWhen using the `pulumi import` command, DebugToken can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:firebase/appCheckDebugToken:AppCheckDebugToken default projects/{{project}}/apps/{{app_id}}/debugTokens/{{debug_token_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/appCheckDebugToken:AppCheckDebugToken default {{project}}/{{app_id}}/{{debug_token_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/appCheckDebugToken:AppCheckDebugToken default {{app_id}}/{{debug_token_id}}\n```\n\n", + "description": "A debug token is a secret used during the development or integration testing of\nan app. It essentially allows the development or integration testing to bypass\napp attestation while still allowing App Check to enforce protection on supported\nproduction Firebase services.\n\n\nTo get more information about DebugToken, see:\n\n* [API documentation](https://firebase.google.com/docs/reference/appcheck/rest/v1/projects.apps.debugTokens)\n* How-to Guides\n * [Official Documentation](https://firebase.google.com/docs/app-check)\n\n\n\n## Example Usage\n\n### Firebase App Check Debug Token Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst _default = new gcp.firebase.WebApp(\"default\", {\n project: \"my-project-name\",\n displayName: \"Web App for debug token\",\n});\n// It takes a while for App Check to recognize the new app\n// If your app already exists, you don't have to wait 30 seconds.\nconst wait30s = new time.index.Sleep(\"wait_30s\", {createDuration: \"30s\"}, {\n dependsOn: [_default],\n});\nconst defaultAppCheckDebugToken = new gcp.firebase.AppCheckDebugToken(\"default\", {\n project: \"my-project-name\",\n appId: _default.appId,\n displayName: \"Debug Token\",\n token: \"00000000-AAAA-BBBB-CCCC-000000000000\",\n}, {\n dependsOn: [wait30s],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\ndefault = gcp.firebase.WebApp(\"default\",\n project=\"my-project-name\",\n display_name=\"Web App for debug token\")\n# It takes a while for App Check to recognize the new app\n# If your app already exists, you don't have to wait 30 seconds.\nwait30s = time.index.Sleep(\"wait_30s\", create_duration=30s,\nopts = pulumi.ResourceOptions(depends_on=[default]))\ndefault_app_check_debug_token = gcp.firebase.AppCheckDebugToken(\"default\",\n project=\"my-project-name\",\n app_id=default.app_id,\n display_name=\"Debug Token\",\n token=\"00000000-AAAA-BBBB-CCCC-000000000000\",\n opts = pulumi.ResourceOptions(depends_on=[wait30s]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Firebase.WebApp(\"default\", new()\n {\n Project = \"my-project-name\",\n DisplayName = \"Web App for debug token\",\n });\n\n // It takes a while for App Check to recognize the new app\n // If your app already exists, you don't have to wait 30 seconds.\n var wait30s = new Time.Index.Sleep(\"wait_30s\", new()\n {\n CreateDuration = \"30s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n var defaultAppCheckDebugToken = new Gcp.Firebase.AppCheckDebugToken(\"default\", new()\n {\n Project = \"my-project-name\",\n AppId = @default.AppId,\n DisplayName = \"Debug Token\",\n Token = \"00000000-AAAA-BBBB-CCCC-000000000000\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait30s,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firebase.NewWebApp(ctx, \"default\", \u0026firebase.WebAppArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tDisplayName: pulumi.String(\"Web App for debug token\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// It takes a while for App Check to recognize the new app\n\t\t// If your app already exists, you don't have to wait 30 seconds.\n\t\twait30s, err := time.NewSleep(ctx, \"wait_30s\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"30s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewAppCheckDebugToken(ctx, \"default\", \u0026firebase.AppCheckDebugTokenArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tAppId: _default.AppId,\n\t\t\tDisplayName: pulumi.String(\"Debug Token\"),\n\t\t\tToken: pulumi.String(\"00000000-AAAA-BBBB-CCCC-000000000000\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait30s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firebase.WebApp;\nimport com.pulumi.gcp.firebase.WebAppArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.firebase.AppCheckDebugToken;\nimport com.pulumi.gcp.firebase.AppCheckDebugTokenArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new WebApp(\"default\", WebAppArgs.builder()\n .project(\"my-project-name\")\n .displayName(\"Web App for debug token\")\n .build());\n\n // It takes a while for App Check to recognize the new app\n // If your app already exists, you don't have to wait 30 seconds.\n var wait30s = new Sleep(\"wait30s\", SleepArgs.builder()\n .createDuration(\"30s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n var defaultAppCheckDebugToken = new AppCheckDebugToken(\"defaultAppCheckDebugToken\", AppCheckDebugTokenArgs.builder()\n .project(\"my-project-name\")\n .appId(default_.appId())\n .displayName(\"Debug Token\")\n .token(\"00000000-AAAA-BBBB-CCCC-000000000000\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait30s)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:firebase:WebApp\n properties:\n project: my-project-name\n displayName: Web App for debug token\n # It takes a while for App Check to recognize the new app\n # If your app already exists, you don't have to wait 30 seconds.\n wait30s:\n type: time:sleep\n name: wait_30s\n properties:\n createDuration: 30s\n options:\n dependsOn:\n - ${default}\n defaultAppCheckDebugToken:\n type: gcp:firebase:AppCheckDebugToken\n name: default\n properties:\n project: my-project-name\n appId: ${default.appId}\n displayName: Debug Token\n token: 00000000-AAAA-BBBB-CCCC-000000000000\n options:\n dependsOn:\n - ${wait30s}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nDebugToken can be imported using any of these accepted formats:\n\n* `projects/{{project}}/apps/{{app_id}}/debugTokens/{{debug_token_id}}`\n\n* `{{project}}/{{app_id}}/{{debug_token_id}}`\n\n* `{{app_id}}/{{debug_token_id}}`\n\nWhen using the `pulumi import` command, DebugToken can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:firebase/appCheckDebugToken:AppCheckDebugToken default projects/{{project}}/apps/{{app_id}}/debugTokens/{{debug_token_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/appCheckDebugToken:AppCheckDebugToken default {{project}}/{{app_id}}/{{debug_token_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/appCheckDebugToken:AppCheckDebugToken default {{app_id}}/{{debug_token_id}}\n```\n\n", "properties": { "appId": { "type": "string", @@ -212617,7 +212617,7 @@ } }, "gcp:firebase/appCheckDeviceCheckConfig:AppCheckDeviceCheckConfig": { - "description": "An app's DeviceCheck configuration object. Note that the Team ID registered with your\napp is used as part of the validation process. Make sure your `gcp.firebase.AppleApp` has a team_id present.\n\n\nTo get more information about DeviceCheckConfig, see:\n\n* [API documentation](https://firebase.google.com/docs/reference/appcheck/rest/v1/projects.apps.deviceCheckConfig)\n* How-to Guides\n * [Official Documentation](https://firebase.google.com/docs/app-check)\n\n\n\n## Example Usage\n\n### Firebase App Check Device Check Config Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\nimport * as time from \"@pulumi/time\";\n\nconst _default = new gcp.firebase.AppleApp(\"default\", {\n project: \"my-project-name\",\n displayName: \"Apple app\",\n bundleId: \"bundle.id.devicecheck\",\n teamId: \"9987654321\",\n});\n// It takes a while for App Check to recognize the new app\n// If your app already exists, you don't have to wait 30 seconds.\nconst wait30s = new time.index.Sleep(\"wait_30s\", {createDuration: \"30s\"}, {\n dependsOn: [_default],\n});\nconst defaultAppCheckDeviceCheckConfig = new gcp.firebase.AppCheckDeviceCheckConfig(\"default\", {\n project: \"my-project-name\",\n appId: _default.appId,\n tokenTtl: \"7200s\",\n keyId: \"Key ID\",\n privateKey: std.file({\n input: \"path/to/private-key.p8\",\n }).then(invoke =\u003e invoke.result),\n}, {\n dependsOn: [wait30s],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\nimport pulumi_time as time\n\ndefault = gcp.firebase.AppleApp(\"default\",\n project=\"my-project-name\",\n display_name=\"Apple app\",\n bundle_id=\"bundle.id.devicecheck\",\n team_id=\"9987654321\")\n# It takes a while for App Check to recognize the new app\n# If your app already exists, you don't have to wait 30 seconds.\nwait30s = time.index.Sleep(\"wait_30s\", create_duration=30s,\nopts = pulumi.ResourceOptions(depends_on=[default]))\ndefault_app_check_device_check_config = gcp.firebase.AppCheckDeviceCheckConfig(\"default\",\n project=\"my-project-name\",\n app_id=default.app_id,\n token_ttl=\"7200s\",\n key_id=\"Key ID\",\n private_key=std.file(input=\"path/to/private-key.p8\").result,\n opts = pulumi.ResourceOptions(depends_on=[wait30s]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Firebase.AppleApp(\"default\", new()\n {\n Project = \"my-project-name\",\n DisplayName = \"Apple app\",\n BundleId = \"bundle.id.devicecheck\",\n TeamId = \"9987654321\",\n });\n\n // It takes a while for App Check to recognize the new app\n // If your app already exists, you don't have to wait 30 seconds.\n var wait30s = new Time.Index.Sleep(\"wait_30s\", new()\n {\n CreateDuration = \"30s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n var defaultAppCheckDeviceCheckConfig = new Gcp.Firebase.AppCheckDeviceCheckConfig(\"default\", new()\n {\n Project = \"my-project-name\",\n AppId = @default.AppId,\n TokenTtl = \"7200s\",\n KeyId = \"Key ID\",\n PrivateKey = Std.File.Invoke(new()\n {\n Input = \"path/to/private-key.p8\",\n }).Apply(invoke =\u003e invoke.Result),\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait30s,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firebase.NewAppleApp(ctx, \"default\", \u0026firebase.AppleAppArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tDisplayName: pulumi.String(\"Apple app\"),\n\t\t\tBundleId: pulumi.String(\"bundle.id.devicecheck\"),\n\t\t\tTeamId: pulumi.String(\"9987654321\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// It takes a while for App Check to recognize the new app\n\t\t// If your app already exists, you don't have to wait 30 seconds.\n\t\twait30s, err := time.NewSleep(ctx, \"wait_30s\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"30s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"path/to/private-key.p8\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewAppCheckDeviceCheckConfig(ctx, \"default\", \u0026firebase.AppCheckDeviceCheckConfigArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tAppId: _default.AppId,\n\t\t\tTokenTtl: pulumi.String(\"7200s\"),\n\t\t\tKeyId: pulumi.String(\"Key ID\"),\n\t\t\tPrivateKey: pulumi.String(invokeFile.Result),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait30s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firebase.AppleApp;\nimport com.pulumi.gcp.firebase.AppleAppArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.firebase.AppCheckDeviceCheckConfig;\nimport com.pulumi.gcp.firebase.AppCheckDeviceCheckConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new AppleApp(\"default\", AppleAppArgs.builder()\n .project(\"my-project-name\")\n .displayName(\"Apple app\")\n .bundleId(\"bundle.id.devicecheck\")\n .teamId(\"9987654321\")\n .build());\n\n // It takes a while for App Check to recognize the new app\n // If your app already exists, you don't have to wait 30 seconds.\n var wait30s = new Sleep(\"wait30s\", SleepArgs.builder()\n .createDuration(\"30s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n var defaultAppCheckDeviceCheckConfig = new AppCheckDeviceCheckConfig(\"defaultAppCheckDeviceCheckConfig\", AppCheckDeviceCheckConfigArgs.builder()\n .project(\"my-project-name\")\n .appId(default_.appId())\n .tokenTtl(\"7200s\")\n .keyId(\"Key ID\")\n .privateKey(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/private-key.p8\")\n .build()).result())\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait30s)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:firebase:AppleApp\n properties:\n project: my-project-name\n displayName: Apple app\n bundleId: bundle.id.devicecheck\n teamId: '9987654321'\n # It takes a while for App Check to recognize the new app\n # If your app already exists, you don't have to wait 30 seconds.\n wait30s:\n type: time:sleep\n name: wait_30s\n properties:\n createDuration: 30s\n options:\n dependson:\n - ${default}\n defaultAppCheckDeviceCheckConfig:\n type: gcp:firebase:AppCheckDeviceCheckConfig\n name: default\n properties:\n project: my-project-name\n appId: ${default.appId}\n tokenTtl: 7200s\n keyId: Key ID\n privateKey:\n fn::invoke:\n Function: std:file\n Arguments:\n input: path/to/private-key.p8\n Return: result\n options:\n dependson:\n - ${wait30s}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nDeviceCheckConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/apps/{{app_id}}/deviceCheckConfig`\n\n* `{{project}}/{{app_id}}`\n\n* `{{app_id}}`\n\nWhen using the `pulumi import` command, DeviceCheckConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:firebase/appCheckDeviceCheckConfig:AppCheckDeviceCheckConfig default projects/{{project}}/apps/{{app_id}}/deviceCheckConfig\n```\n\n```sh\n$ pulumi import gcp:firebase/appCheckDeviceCheckConfig:AppCheckDeviceCheckConfig default {{project}}/{{app_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/appCheckDeviceCheckConfig:AppCheckDeviceCheckConfig default {{app_id}}\n```\n\n", + "description": "An app's DeviceCheck configuration object. Note that the Team ID registered with your\napp is used as part of the validation process. Make sure your `gcp.firebase.AppleApp` has a team_id present.\n\n\nTo get more information about DeviceCheckConfig, see:\n\n* [API documentation](https://firebase.google.com/docs/reference/appcheck/rest/v1/projects.apps.deviceCheckConfig)\n* How-to Guides\n * [Official Documentation](https://firebase.google.com/docs/app-check)\n\n\n\n## Example Usage\n\n### Firebase App Check Device Check Config Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\nimport * as time from \"@pulumi/time\";\n\nconst _default = new gcp.firebase.AppleApp(\"default\", {\n project: \"my-project-name\",\n displayName: \"Apple app\",\n bundleId: \"bundle.id.devicecheck\",\n teamId: \"9987654321\",\n});\n// It takes a while for App Check to recognize the new app\n// If your app already exists, you don't have to wait 30 seconds.\nconst wait30s = new time.index.Sleep(\"wait_30s\", {createDuration: \"30s\"}, {\n dependsOn: [_default],\n});\nconst defaultAppCheckDeviceCheckConfig = new gcp.firebase.AppCheckDeviceCheckConfig(\"default\", {\n project: \"my-project-name\",\n appId: _default.appId,\n tokenTtl: \"7200s\",\n keyId: \"Key ID\",\n privateKey: std.file({\n input: \"path/to/private-key.p8\",\n }).then(invoke =\u003e invoke.result),\n}, {\n dependsOn: [wait30s],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\nimport pulumi_time as time\n\ndefault = gcp.firebase.AppleApp(\"default\",\n project=\"my-project-name\",\n display_name=\"Apple app\",\n bundle_id=\"bundle.id.devicecheck\",\n team_id=\"9987654321\")\n# It takes a while for App Check to recognize the new app\n# If your app already exists, you don't have to wait 30 seconds.\nwait30s = time.index.Sleep(\"wait_30s\", create_duration=30s,\nopts = pulumi.ResourceOptions(depends_on=[default]))\ndefault_app_check_device_check_config = gcp.firebase.AppCheckDeviceCheckConfig(\"default\",\n project=\"my-project-name\",\n app_id=default.app_id,\n token_ttl=\"7200s\",\n key_id=\"Key ID\",\n private_key=std.file(input=\"path/to/private-key.p8\").result,\n opts = pulumi.ResourceOptions(depends_on=[wait30s]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Firebase.AppleApp(\"default\", new()\n {\n Project = \"my-project-name\",\n DisplayName = \"Apple app\",\n BundleId = \"bundle.id.devicecheck\",\n TeamId = \"9987654321\",\n });\n\n // It takes a while for App Check to recognize the new app\n // If your app already exists, you don't have to wait 30 seconds.\n var wait30s = new Time.Index.Sleep(\"wait_30s\", new()\n {\n CreateDuration = \"30s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n var defaultAppCheckDeviceCheckConfig = new Gcp.Firebase.AppCheckDeviceCheckConfig(\"default\", new()\n {\n Project = \"my-project-name\",\n AppId = @default.AppId,\n TokenTtl = \"7200s\",\n KeyId = \"Key ID\",\n PrivateKey = Std.File.Invoke(new()\n {\n Input = \"path/to/private-key.p8\",\n }).Apply(invoke =\u003e invoke.Result),\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait30s,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firebase.NewAppleApp(ctx, \"default\", \u0026firebase.AppleAppArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tDisplayName: pulumi.String(\"Apple app\"),\n\t\t\tBundleId: pulumi.String(\"bundle.id.devicecheck\"),\n\t\t\tTeamId: pulumi.String(\"9987654321\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// It takes a while for App Check to recognize the new app\n\t\t// If your app already exists, you don't have to wait 30 seconds.\n\t\twait30s, err := time.NewSleep(ctx, \"wait_30s\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"30s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"path/to/private-key.p8\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewAppCheckDeviceCheckConfig(ctx, \"default\", \u0026firebase.AppCheckDeviceCheckConfigArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tAppId: _default.AppId,\n\t\t\tTokenTtl: pulumi.String(\"7200s\"),\n\t\t\tKeyId: pulumi.String(\"Key ID\"),\n\t\t\tPrivateKey: pulumi.String(invokeFile.Result),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait30s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firebase.AppleApp;\nimport com.pulumi.gcp.firebase.AppleAppArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.firebase.AppCheckDeviceCheckConfig;\nimport com.pulumi.gcp.firebase.AppCheckDeviceCheckConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new AppleApp(\"default\", AppleAppArgs.builder()\n .project(\"my-project-name\")\n .displayName(\"Apple app\")\n .bundleId(\"bundle.id.devicecheck\")\n .teamId(\"9987654321\")\n .build());\n\n // It takes a while for App Check to recognize the new app\n // If your app already exists, you don't have to wait 30 seconds.\n var wait30s = new Sleep(\"wait30s\", SleepArgs.builder()\n .createDuration(\"30s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n var defaultAppCheckDeviceCheckConfig = new AppCheckDeviceCheckConfig(\"defaultAppCheckDeviceCheckConfig\", AppCheckDeviceCheckConfigArgs.builder()\n .project(\"my-project-name\")\n .appId(default_.appId())\n .tokenTtl(\"7200s\")\n .keyId(\"Key ID\")\n .privateKey(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/private-key.p8\")\n .build()).result())\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait30s)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:firebase:AppleApp\n properties:\n project: my-project-name\n displayName: Apple app\n bundleId: bundle.id.devicecheck\n teamId: '9987654321'\n # It takes a while for App Check to recognize the new app\n # If your app already exists, you don't have to wait 30 seconds.\n wait30s:\n type: time:sleep\n name: wait_30s\n properties:\n createDuration: 30s\n options:\n dependsOn:\n - ${default}\n defaultAppCheckDeviceCheckConfig:\n type: gcp:firebase:AppCheckDeviceCheckConfig\n name: default\n properties:\n project: my-project-name\n appId: ${default.appId}\n tokenTtl: 7200s\n keyId: Key ID\n privateKey:\n fn::invoke:\n function: std:file\n arguments:\n input: path/to/private-key.p8\n return: result\n options:\n dependsOn:\n - ${wait30s}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nDeviceCheckConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/apps/{{app_id}}/deviceCheckConfig`\n\n* `{{project}}/{{app_id}}`\n\n* `{{app_id}}`\n\nWhen using the `pulumi import` command, DeviceCheckConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:firebase/appCheckDeviceCheckConfig:AppCheckDeviceCheckConfig default projects/{{project}}/apps/{{app_id}}/deviceCheckConfig\n```\n\n```sh\n$ pulumi import gcp:firebase/appCheckDeviceCheckConfig:AppCheckDeviceCheckConfig default {{project}}/{{app_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/appCheckDeviceCheckConfig:AppCheckDeviceCheckConfig default {{app_id}}\n```\n\n", "properties": { "appId": { "type": "string", @@ -212727,7 +212727,7 @@ } }, "gcp:firebase/appCheckPlayIntegrityConfig:AppCheckPlayIntegrityConfig": { - "description": "An app's Play Integrity configuration object. Note that your registered SHA-256 certificate fingerprints are used to validate tokens issued by the Play Integrity API.\nMake sure your `gcp.firebase.AndroidApp` has at least one `sha256_hashes` present.\n\n\nTo get more information about PlayIntegrityConfig, see:\n\n* [API documentation](https://firebase.google.com/docs/reference/appcheck/rest/v1/projects.apps.playIntegrityConfig)\n* How-to Guides\n * [Official Documentation](https://firebase.google.com/docs/app-check)\n\n## Example Usage\n\n### Firebase App Check Play Integrity Config Minimal\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\n// Enables the Play Integrity API\nconst playIntegrity = new gcp.projects.Service(\"play_integrity\", {\n project: \"my-project-name\",\n service: \"playintegrity.googleapis.com\",\n disableOnDestroy: false,\n});\nconst _default = new gcp.firebase.AndroidApp(\"default\", {\n project: \"my-project-name\",\n displayName: \"Play Integrity app\",\n packageName: \"package.name.playintegrity\",\n sha1Hashes: [\"2145bdf698b8715039bd0e83f2069bed435ac21c\"],\n sha256Hashes: [\"2145bdf698b8715039bd0e83f2069bed435ac21ca1b2c3d4e5f6123456789abc\"],\n});\n// It takes a while for App Check to recognize the new app\n// If your app already exists, you don't have to wait 30 seconds.\nconst wait30s = new time.index.Sleep(\"wait_30s\", {createDuration: \"30s\"}, {\n dependsOn: [_default],\n});\nconst defaultAppCheckPlayIntegrityConfig = new gcp.firebase.AppCheckPlayIntegrityConfig(\"default\", {\n project: \"my-project-name\",\n appId: _default.appId,\n}, {\n dependsOn: [wait30s],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\n# Enables the Play Integrity API\nplay_integrity = gcp.projects.Service(\"play_integrity\",\n project=\"my-project-name\",\n service=\"playintegrity.googleapis.com\",\n disable_on_destroy=False)\ndefault = gcp.firebase.AndroidApp(\"default\",\n project=\"my-project-name\",\n display_name=\"Play Integrity app\",\n package_name=\"package.name.playintegrity\",\n sha1_hashes=[\"2145bdf698b8715039bd0e83f2069bed435ac21c\"],\n sha256_hashes=[\"2145bdf698b8715039bd0e83f2069bed435ac21ca1b2c3d4e5f6123456789abc\"])\n# It takes a while for App Check to recognize the new app\n# If your app already exists, you don't have to wait 30 seconds.\nwait30s = time.index.Sleep(\"wait_30s\", create_duration=30s,\nopts = pulumi.ResourceOptions(depends_on=[default]))\ndefault_app_check_play_integrity_config = gcp.firebase.AppCheckPlayIntegrityConfig(\"default\",\n project=\"my-project-name\",\n app_id=default.app_id,\n opts = pulumi.ResourceOptions(depends_on=[wait30s]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Enables the Play Integrity API\n var playIntegrity = new Gcp.Projects.Service(\"play_integrity\", new()\n {\n Project = \"my-project-name\",\n ServiceName = \"playintegrity.googleapis.com\",\n DisableOnDestroy = false,\n });\n\n var @default = new Gcp.Firebase.AndroidApp(\"default\", new()\n {\n Project = \"my-project-name\",\n DisplayName = \"Play Integrity app\",\n PackageName = \"package.name.playintegrity\",\n Sha1Hashes = new[]\n {\n \"2145bdf698b8715039bd0e83f2069bed435ac21c\",\n },\n Sha256Hashes = new[]\n {\n \"2145bdf698b8715039bd0e83f2069bed435ac21ca1b2c3d4e5f6123456789abc\",\n },\n });\n\n // It takes a while for App Check to recognize the new app\n // If your app already exists, you don't have to wait 30 seconds.\n var wait30s = new Time.Index.Sleep(\"wait_30s\", new()\n {\n CreateDuration = \"30s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n var defaultAppCheckPlayIntegrityConfig = new Gcp.Firebase.AppCheckPlayIntegrityConfig(\"default\", new()\n {\n Project = \"my-project-name\",\n AppId = @default.AppId,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait30s,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Enables the Play Integrity API\n\t\t_, err := projects.NewService(ctx, \"play_integrity\", \u0026projects.ServiceArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tService: pulumi.String(\"playintegrity.googleapis.com\"),\n\t\t\tDisableOnDestroy: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewAndroidApp(ctx, \"default\", \u0026firebase.AndroidAppArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tDisplayName: pulumi.String(\"Play Integrity app\"),\n\t\t\tPackageName: pulumi.String(\"package.name.playintegrity\"),\n\t\t\tSha1Hashes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"2145bdf698b8715039bd0e83f2069bed435ac21c\"),\n\t\t\t},\n\t\t\tSha256Hashes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"2145bdf698b8715039bd0e83f2069bed435ac21ca1b2c3d4e5f6123456789abc\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// It takes a while for App Check to recognize the new app\n\t\t// If your app already exists, you don't have to wait 30 seconds.\n\t\twait30s, err := time.NewSleep(ctx, \"wait_30s\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"30s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewAppCheckPlayIntegrityConfig(ctx, \"default\", \u0026firebase.AppCheckPlayIntegrityConfigArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tAppId: _default.AppId,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait30s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.firebase.AndroidApp;\nimport com.pulumi.gcp.firebase.AndroidAppArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.firebase.AppCheckPlayIntegrityConfig;\nimport com.pulumi.gcp.firebase.AppCheckPlayIntegrityConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Enables the Play Integrity API\n var playIntegrity = new Service(\"playIntegrity\", ServiceArgs.builder()\n .project(\"my-project-name\")\n .service(\"playintegrity.googleapis.com\")\n .disableOnDestroy(false)\n .build());\n\n var default_ = new AndroidApp(\"default\", AndroidAppArgs.builder()\n .project(\"my-project-name\")\n .displayName(\"Play Integrity app\")\n .packageName(\"package.name.playintegrity\")\n .sha1Hashes(\"2145bdf698b8715039bd0e83f2069bed435ac21c\")\n .sha256Hashes(\"2145bdf698b8715039bd0e83f2069bed435ac21ca1b2c3d4e5f6123456789abc\")\n .build());\n\n // It takes a while for App Check to recognize the new app\n // If your app already exists, you don't have to wait 30 seconds.\n var wait30s = new Sleep(\"wait30s\", SleepArgs.builder()\n .createDuration(\"30s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n var defaultAppCheckPlayIntegrityConfig = new AppCheckPlayIntegrityConfig(\"defaultAppCheckPlayIntegrityConfig\", AppCheckPlayIntegrityConfigArgs.builder()\n .project(\"my-project-name\")\n .appId(default_.appId())\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait30s)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Enables the Play Integrity API\n playIntegrity:\n type: gcp:projects:Service\n name: play_integrity\n properties:\n project: my-project-name\n service: playintegrity.googleapis.com\n disableOnDestroy: false\n default:\n type: gcp:firebase:AndroidApp\n properties:\n project: my-project-name\n displayName: Play Integrity app\n packageName: package.name.playintegrity\n sha1Hashes:\n - 2145bdf698b8715039bd0e83f2069bed435ac21c\n sha256Hashes:\n - 2145bdf698b8715039bd0e83f2069bed435ac21ca1b2c3d4e5f6123456789abc\n # It takes a while for App Check to recognize the new app\n # If your app already exists, you don't have to wait 30 seconds.\n wait30s:\n type: time:sleep\n name: wait_30s\n properties:\n createDuration: 30s\n options:\n dependson:\n - ${default}\n defaultAppCheckPlayIntegrityConfig:\n type: gcp:firebase:AppCheckPlayIntegrityConfig\n name: default\n properties:\n project: my-project-name\n appId: ${default.appId}\n options:\n dependson:\n - ${wait30s}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firebase App Check Play Integrity Config Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\n// Enables the Play Integrity API\nconst playIntegrity = new gcp.projects.Service(\"play_integrity\", {\n project: \"my-project-name\",\n service: \"playintegrity.googleapis.com\",\n disableOnDestroy: false,\n});\nconst _default = new gcp.firebase.AndroidApp(\"default\", {\n project: \"my-project-name\",\n displayName: \"Play Integrity app\",\n packageName: \"package.name.playintegrity\",\n sha1Hashes: [\"2145bdf698b8715039bd0e83f2069bed435ac21c\"],\n sha256Hashes: [\"2145bdf698b8715039bd0e83f2069bed435ac21ca1b2c3d4e5f6123456789abc\"],\n});\n// It takes a while for App Check to recognize the new app\n// If your app already exists, you don't have to wait 30 seconds.\nconst wait30s = new time.index.Sleep(\"wait_30s\", {createDuration: \"30s\"}, {\n dependsOn: [_default],\n});\nconst defaultAppCheckPlayIntegrityConfig = new gcp.firebase.AppCheckPlayIntegrityConfig(\"default\", {\n project: \"my-project-name\",\n appId: _default.appId,\n tokenTtl: \"7200s\",\n}, {\n dependsOn: [wait30s],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\n# Enables the Play Integrity API\nplay_integrity = gcp.projects.Service(\"play_integrity\",\n project=\"my-project-name\",\n service=\"playintegrity.googleapis.com\",\n disable_on_destroy=False)\ndefault = gcp.firebase.AndroidApp(\"default\",\n project=\"my-project-name\",\n display_name=\"Play Integrity app\",\n package_name=\"package.name.playintegrity\",\n sha1_hashes=[\"2145bdf698b8715039bd0e83f2069bed435ac21c\"],\n sha256_hashes=[\"2145bdf698b8715039bd0e83f2069bed435ac21ca1b2c3d4e5f6123456789abc\"])\n# It takes a while for App Check to recognize the new app\n# If your app already exists, you don't have to wait 30 seconds.\nwait30s = time.index.Sleep(\"wait_30s\", create_duration=30s,\nopts = pulumi.ResourceOptions(depends_on=[default]))\ndefault_app_check_play_integrity_config = gcp.firebase.AppCheckPlayIntegrityConfig(\"default\",\n project=\"my-project-name\",\n app_id=default.app_id,\n token_ttl=\"7200s\",\n opts = pulumi.ResourceOptions(depends_on=[wait30s]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Enables the Play Integrity API\n var playIntegrity = new Gcp.Projects.Service(\"play_integrity\", new()\n {\n Project = \"my-project-name\",\n ServiceName = \"playintegrity.googleapis.com\",\n DisableOnDestroy = false,\n });\n\n var @default = new Gcp.Firebase.AndroidApp(\"default\", new()\n {\n Project = \"my-project-name\",\n DisplayName = \"Play Integrity app\",\n PackageName = \"package.name.playintegrity\",\n Sha1Hashes = new[]\n {\n \"2145bdf698b8715039bd0e83f2069bed435ac21c\",\n },\n Sha256Hashes = new[]\n {\n \"2145bdf698b8715039bd0e83f2069bed435ac21ca1b2c3d4e5f6123456789abc\",\n },\n });\n\n // It takes a while for App Check to recognize the new app\n // If your app already exists, you don't have to wait 30 seconds.\n var wait30s = new Time.Index.Sleep(\"wait_30s\", new()\n {\n CreateDuration = \"30s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n var defaultAppCheckPlayIntegrityConfig = new Gcp.Firebase.AppCheckPlayIntegrityConfig(\"default\", new()\n {\n Project = \"my-project-name\",\n AppId = @default.AppId,\n TokenTtl = \"7200s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait30s,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Enables the Play Integrity API\n\t\t_, err := projects.NewService(ctx, \"play_integrity\", \u0026projects.ServiceArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tService: pulumi.String(\"playintegrity.googleapis.com\"),\n\t\t\tDisableOnDestroy: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewAndroidApp(ctx, \"default\", \u0026firebase.AndroidAppArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tDisplayName: pulumi.String(\"Play Integrity app\"),\n\t\t\tPackageName: pulumi.String(\"package.name.playintegrity\"),\n\t\t\tSha1Hashes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"2145bdf698b8715039bd0e83f2069bed435ac21c\"),\n\t\t\t},\n\t\t\tSha256Hashes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"2145bdf698b8715039bd0e83f2069bed435ac21ca1b2c3d4e5f6123456789abc\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// It takes a while for App Check to recognize the new app\n\t\t// If your app already exists, you don't have to wait 30 seconds.\n\t\twait30s, err := time.NewSleep(ctx, \"wait_30s\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"30s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewAppCheckPlayIntegrityConfig(ctx, \"default\", \u0026firebase.AppCheckPlayIntegrityConfigArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tAppId: _default.AppId,\n\t\t\tTokenTtl: pulumi.String(\"7200s\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait30s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.firebase.AndroidApp;\nimport com.pulumi.gcp.firebase.AndroidAppArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.firebase.AppCheckPlayIntegrityConfig;\nimport com.pulumi.gcp.firebase.AppCheckPlayIntegrityConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Enables the Play Integrity API\n var playIntegrity = new Service(\"playIntegrity\", ServiceArgs.builder()\n .project(\"my-project-name\")\n .service(\"playintegrity.googleapis.com\")\n .disableOnDestroy(false)\n .build());\n\n var default_ = new AndroidApp(\"default\", AndroidAppArgs.builder()\n .project(\"my-project-name\")\n .displayName(\"Play Integrity app\")\n .packageName(\"package.name.playintegrity\")\n .sha1Hashes(\"2145bdf698b8715039bd0e83f2069bed435ac21c\")\n .sha256Hashes(\"2145bdf698b8715039bd0e83f2069bed435ac21ca1b2c3d4e5f6123456789abc\")\n .build());\n\n // It takes a while for App Check to recognize the new app\n // If your app already exists, you don't have to wait 30 seconds.\n var wait30s = new Sleep(\"wait30s\", SleepArgs.builder()\n .createDuration(\"30s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n var defaultAppCheckPlayIntegrityConfig = new AppCheckPlayIntegrityConfig(\"defaultAppCheckPlayIntegrityConfig\", AppCheckPlayIntegrityConfigArgs.builder()\n .project(\"my-project-name\")\n .appId(default_.appId())\n .tokenTtl(\"7200s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait30s)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Enables the Play Integrity API\n playIntegrity:\n type: gcp:projects:Service\n name: play_integrity\n properties:\n project: my-project-name\n service: playintegrity.googleapis.com\n disableOnDestroy: false\n default:\n type: gcp:firebase:AndroidApp\n properties:\n project: my-project-name\n displayName: Play Integrity app\n packageName: package.name.playintegrity\n sha1Hashes:\n - 2145bdf698b8715039bd0e83f2069bed435ac21c\n sha256Hashes:\n - 2145bdf698b8715039bd0e83f2069bed435ac21ca1b2c3d4e5f6123456789abc\n # It takes a while for App Check to recognize the new app\n # If your app already exists, you don't have to wait 30 seconds.\n wait30s:\n type: time:sleep\n name: wait_30s\n properties:\n createDuration: 30s\n options:\n dependson:\n - ${default}\n defaultAppCheckPlayIntegrityConfig:\n type: gcp:firebase:AppCheckPlayIntegrityConfig\n name: default\n properties:\n project: my-project-name\n appId: ${default.appId}\n tokenTtl: 7200s\n options:\n dependson:\n - ${wait30s}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nPlayIntegrityConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/apps/{{app_id}}/playIntegrityConfig`\n\n* `{{project}}/{{app_id}}`\n\n* `{{app_id}}`\n\nWhen using the `pulumi import` command, PlayIntegrityConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:firebase/appCheckPlayIntegrityConfig:AppCheckPlayIntegrityConfig default projects/{{project}}/apps/{{app_id}}/playIntegrityConfig\n```\n\n```sh\n$ pulumi import gcp:firebase/appCheckPlayIntegrityConfig:AppCheckPlayIntegrityConfig default {{project}}/{{app_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/appCheckPlayIntegrityConfig:AppCheckPlayIntegrityConfig default {{app_id}}\n```\n\n", + "description": "An app's Play Integrity configuration object. Note that your registered SHA-256 certificate fingerprints are used to validate tokens issued by the Play Integrity API.\nMake sure your `gcp.firebase.AndroidApp` has at least one `sha256_hashes` present.\n\n\nTo get more information about PlayIntegrityConfig, see:\n\n* [API documentation](https://firebase.google.com/docs/reference/appcheck/rest/v1/projects.apps.playIntegrityConfig)\n* How-to Guides\n * [Official Documentation](https://firebase.google.com/docs/app-check)\n\n## Example Usage\n\n### Firebase App Check Play Integrity Config Minimal\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\n// Enables the Play Integrity API\nconst playIntegrity = new gcp.projects.Service(\"play_integrity\", {\n project: \"my-project-name\",\n service: \"playintegrity.googleapis.com\",\n disableOnDestroy: false,\n});\nconst _default = new gcp.firebase.AndroidApp(\"default\", {\n project: \"my-project-name\",\n displayName: \"Play Integrity app\",\n packageName: \"package.name.playintegrity\",\n sha1Hashes: [\"2145bdf698b8715039bd0e83f2069bed435ac21c\"],\n sha256Hashes: [\"2145bdf698b8715039bd0e83f2069bed435ac21ca1b2c3d4e5f6123456789abc\"],\n});\n// It takes a while for App Check to recognize the new app\n// If your app already exists, you don't have to wait 30 seconds.\nconst wait30s = new time.index.Sleep(\"wait_30s\", {createDuration: \"30s\"}, {\n dependsOn: [_default],\n});\nconst defaultAppCheckPlayIntegrityConfig = new gcp.firebase.AppCheckPlayIntegrityConfig(\"default\", {\n project: \"my-project-name\",\n appId: _default.appId,\n}, {\n dependsOn: [wait30s],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\n# Enables the Play Integrity API\nplay_integrity = gcp.projects.Service(\"play_integrity\",\n project=\"my-project-name\",\n service=\"playintegrity.googleapis.com\",\n disable_on_destroy=False)\ndefault = gcp.firebase.AndroidApp(\"default\",\n project=\"my-project-name\",\n display_name=\"Play Integrity app\",\n package_name=\"package.name.playintegrity\",\n sha1_hashes=[\"2145bdf698b8715039bd0e83f2069bed435ac21c\"],\n sha256_hashes=[\"2145bdf698b8715039bd0e83f2069bed435ac21ca1b2c3d4e5f6123456789abc\"])\n# It takes a while for App Check to recognize the new app\n# If your app already exists, you don't have to wait 30 seconds.\nwait30s = time.index.Sleep(\"wait_30s\", create_duration=30s,\nopts = pulumi.ResourceOptions(depends_on=[default]))\ndefault_app_check_play_integrity_config = gcp.firebase.AppCheckPlayIntegrityConfig(\"default\",\n project=\"my-project-name\",\n app_id=default.app_id,\n opts = pulumi.ResourceOptions(depends_on=[wait30s]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Enables the Play Integrity API\n var playIntegrity = new Gcp.Projects.Service(\"play_integrity\", new()\n {\n Project = \"my-project-name\",\n ServiceName = \"playintegrity.googleapis.com\",\n DisableOnDestroy = false,\n });\n\n var @default = new Gcp.Firebase.AndroidApp(\"default\", new()\n {\n Project = \"my-project-name\",\n DisplayName = \"Play Integrity app\",\n PackageName = \"package.name.playintegrity\",\n Sha1Hashes = new[]\n {\n \"2145bdf698b8715039bd0e83f2069bed435ac21c\",\n },\n Sha256Hashes = new[]\n {\n \"2145bdf698b8715039bd0e83f2069bed435ac21ca1b2c3d4e5f6123456789abc\",\n },\n });\n\n // It takes a while for App Check to recognize the new app\n // If your app already exists, you don't have to wait 30 seconds.\n var wait30s = new Time.Index.Sleep(\"wait_30s\", new()\n {\n CreateDuration = \"30s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n var defaultAppCheckPlayIntegrityConfig = new Gcp.Firebase.AppCheckPlayIntegrityConfig(\"default\", new()\n {\n Project = \"my-project-name\",\n AppId = @default.AppId,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait30s,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Enables the Play Integrity API\n\t\t_, err := projects.NewService(ctx, \"play_integrity\", \u0026projects.ServiceArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tService: pulumi.String(\"playintegrity.googleapis.com\"),\n\t\t\tDisableOnDestroy: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewAndroidApp(ctx, \"default\", \u0026firebase.AndroidAppArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tDisplayName: pulumi.String(\"Play Integrity app\"),\n\t\t\tPackageName: pulumi.String(\"package.name.playintegrity\"),\n\t\t\tSha1Hashes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"2145bdf698b8715039bd0e83f2069bed435ac21c\"),\n\t\t\t},\n\t\t\tSha256Hashes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"2145bdf698b8715039bd0e83f2069bed435ac21ca1b2c3d4e5f6123456789abc\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// It takes a while for App Check to recognize the new app\n\t\t// If your app already exists, you don't have to wait 30 seconds.\n\t\twait30s, err := time.NewSleep(ctx, \"wait_30s\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"30s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewAppCheckPlayIntegrityConfig(ctx, \"default\", \u0026firebase.AppCheckPlayIntegrityConfigArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tAppId: _default.AppId,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait30s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.firebase.AndroidApp;\nimport com.pulumi.gcp.firebase.AndroidAppArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.firebase.AppCheckPlayIntegrityConfig;\nimport com.pulumi.gcp.firebase.AppCheckPlayIntegrityConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Enables the Play Integrity API\n var playIntegrity = new Service(\"playIntegrity\", ServiceArgs.builder()\n .project(\"my-project-name\")\n .service(\"playintegrity.googleapis.com\")\n .disableOnDestroy(false)\n .build());\n\n var default_ = new AndroidApp(\"default\", AndroidAppArgs.builder()\n .project(\"my-project-name\")\n .displayName(\"Play Integrity app\")\n .packageName(\"package.name.playintegrity\")\n .sha1Hashes(\"2145bdf698b8715039bd0e83f2069bed435ac21c\")\n .sha256Hashes(\"2145bdf698b8715039bd0e83f2069bed435ac21ca1b2c3d4e5f6123456789abc\")\n .build());\n\n // It takes a while for App Check to recognize the new app\n // If your app already exists, you don't have to wait 30 seconds.\n var wait30s = new Sleep(\"wait30s\", SleepArgs.builder()\n .createDuration(\"30s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n var defaultAppCheckPlayIntegrityConfig = new AppCheckPlayIntegrityConfig(\"defaultAppCheckPlayIntegrityConfig\", AppCheckPlayIntegrityConfigArgs.builder()\n .project(\"my-project-name\")\n .appId(default_.appId())\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait30s)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Enables the Play Integrity API\n playIntegrity:\n type: gcp:projects:Service\n name: play_integrity\n properties:\n project: my-project-name\n service: playintegrity.googleapis.com\n disableOnDestroy: false\n default:\n type: gcp:firebase:AndroidApp\n properties:\n project: my-project-name\n displayName: Play Integrity app\n packageName: package.name.playintegrity\n sha1Hashes:\n - 2145bdf698b8715039bd0e83f2069bed435ac21c\n sha256Hashes:\n - 2145bdf698b8715039bd0e83f2069bed435ac21ca1b2c3d4e5f6123456789abc\n # It takes a while for App Check to recognize the new app\n # If your app already exists, you don't have to wait 30 seconds.\n wait30s:\n type: time:sleep\n name: wait_30s\n properties:\n createDuration: 30s\n options:\n dependsOn:\n - ${default}\n defaultAppCheckPlayIntegrityConfig:\n type: gcp:firebase:AppCheckPlayIntegrityConfig\n name: default\n properties:\n project: my-project-name\n appId: ${default.appId}\n options:\n dependsOn:\n - ${wait30s}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firebase App Check Play Integrity Config Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\n// Enables the Play Integrity API\nconst playIntegrity = new gcp.projects.Service(\"play_integrity\", {\n project: \"my-project-name\",\n service: \"playintegrity.googleapis.com\",\n disableOnDestroy: false,\n});\nconst _default = new gcp.firebase.AndroidApp(\"default\", {\n project: \"my-project-name\",\n displayName: \"Play Integrity app\",\n packageName: \"package.name.playintegrity\",\n sha1Hashes: [\"2145bdf698b8715039bd0e83f2069bed435ac21c\"],\n sha256Hashes: [\"2145bdf698b8715039bd0e83f2069bed435ac21ca1b2c3d4e5f6123456789abc\"],\n});\n// It takes a while for App Check to recognize the new app\n// If your app already exists, you don't have to wait 30 seconds.\nconst wait30s = new time.index.Sleep(\"wait_30s\", {createDuration: \"30s\"}, {\n dependsOn: [_default],\n});\nconst defaultAppCheckPlayIntegrityConfig = new gcp.firebase.AppCheckPlayIntegrityConfig(\"default\", {\n project: \"my-project-name\",\n appId: _default.appId,\n tokenTtl: \"7200s\",\n}, {\n dependsOn: [wait30s],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\n# Enables the Play Integrity API\nplay_integrity = gcp.projects.Service(\"play_integrity\",\n project=\"my-project-name\",\n service=\"playintegrity.googleapis.com\",\n disable_on_destroy=False)\ndefault = gcp.firebase.AndroidApp(\"default\",\n project=\"my-project-name\",\n display_name=\"Play Integrity app\",\n package_name=\"package.name.playintegrity\",\n sha1_hashes=[\"2145bdf698b8715039bd0e83f2069bed435ac21c\"],\n sha256_hashes=[\"2145bdf698b8715039bd0e83f2069bed435ac21ca1b2c3d4e5f6123456789abc\"])\n# It takes a while for App Check to recognize the new app\n# If your app already exists, you don't have to wait 30 seconds.\nwait30s = time.index.Sleep(\"wait_30s\", create_duration=30s,\nopts = pulumi.ResourceOptions(depends_on=[default]))\ndefault_app_check_play_integrity_config = gcp.firebase.AppCheckPlayIntegrityConfig(\"default\",\n project=\"my-project-name\",\n app_id=default.app_id,\n token_ttl=\"7200s\",\n opts = pulumi.ResourceOptions(depends_on=[wait30s]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Enables the Play Integrity API\n var playIntegrity = new Gcp.Projects.Service(\"play_integrity\", new()\n {\n Project = \"my-project-name\",\n ServiceName = \"playintegrity.googleapis.com\",\n DisableOnDestroy = false,\n });\n\n var @default = new Gcp.Firebase.AndroidApp(\"default\", new()\n {\n Project = \"my-project-name\",\n DisplayName = \"Play Integrity app\",\n PackageName = \"package.name.playintegrity\",\n Sha1Hashes = new[]\n {\n \"2145bdf698b8715039bd0e83f2069bed435ac21c\",\n },\n Sha256Hashes = new[]\n {\n \"2145bdf698b8715039bd0e83f2069bed435ac21ca1b2c3d4e5f6123456789abc\",\n },\n });\n\n // It takes a while for App Check to recognize the new app\n // If your app already exists, you don't have to wait 30 seconds.\n var wait30s = new Time.Index.Sleep(\"wait_30s\", new()\n {\n CreateDuration = \"30s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n var defaultAppCheckPlayIntegrityConfig = new Gcp.Firebase.AppCheckPlayIntegrityConfig(\"default\", new()\n {\n Project = \"my-project-name\",\n AppId = @default.AppId,\n TokenTtl = \"7200s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait30s,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Enables the Play Integrity API\n\t\t_, err := projects.NewService(ctx, \"play_integrity\", \u0026projects.ServiceArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tService: pulumi.String(\"playintegrity.googleapis.com\"),\n\t\t\tDisableOnDestroy: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewAndroidApp(ctx, \"default\", \u0026firebase.AndroidAppArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tDisplayName: pulumi.String(\"Play Integrity app\"),\n\t\t\tPackageName: pulumi.String(\"package.name.playintegrity\"),\n\t\t\tSha1Hashes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"2145bdf698b8715039bd0e83f2069bed435ac21c\"),\n\t\t\t},\n\t\t\tSha256Hashes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"2145bdf698b8715039bd0e83f2069bed435ac21ca1b2c3d4e5f6123456789abc\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// It takes a while for App Check to recognize the new app\n\t\t// If your app already exists, you don't have to wait 30 seconds.\n\t\twait30s, err := time.NewSleep(ctx, \"wait_30s\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"30s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewAppCheckPlayIntegrityConfig(ctx, \"default\", \u0026firebase.AppCheckPlayIntegrityConfigArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tAppId: _default.AppId,\n\t\t\tTokenTtl: pulumi.String(\"7200s\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait30s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.firebase.AndroidApp;\nimport com.pulumi.gcp.firebase.AndroidAppArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.firebase.AppCheckPlayIntegrityConfig;\nimport com.pulumi.gcp.firebase.AppCheckPlayIntegrityConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Enables the Play Integrity API\n var playIntegrity = new Service(\"playIntegrity\", ServiceArgs.builder()\n .project(\"my-project-name\")\n .service(\"playintegrity.googleapis.com\")\n .disableOnDestroy(false)\n .build());\n\n var default_ = new AndroidApp(\"default\", AndroidAppArgs.builder()\n .project(\"my-project-name\")\n .displayName(\"Play Integrity app\")\n .packageName(\"package.name.playintegrity\")\n .sha1Hashes(\"2145bdf698b8715039bd0e83f2069bed435ac21c\")\n .sha256Hashes(\"2145bdf698b8715039bd0e83f2069bed435ac21ca1b2c3d4e5f6123456789abc\")\n .build());\n\n // It takes a while for App Check to recognize the new app\n // If your app already exists, you don't have to wait 30 seconds.\n var wait30s = new Sleep(\"wait30s\", SleepArgs.builder()\n .createDuration(\"30s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n var defaultAppCheckPlayIntegrityConfig = new AppCheckPlayIntegrityConfig(\"defaultAppCheckPlayIntegrityConfig\", AppCheckPlayIntegrityConfigArgs.builder()\n .project(\"my-project-name\")\n .appId(default_.appId())\n .tokenTtl(\"7200s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait30s)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Enables the Play Integrity API\n playIntegrity:\n type: gcp:projects:Service\n name: play_integrity\n properties:\n project: my-project-name\n service: playintegrity.googleapis.com\n disableOnDestroy: false\n default:\n type: gcp:firebase:AndroidApp\n properties:\n project: my-project-name\n displayName: Play Integrity app\n packageName: package.name.playintegrity\n sha1Hashes:\n - 2145bdf698b8715039bd0e83f2069bed435ac21c\n sha256Hashes:\n - 2145bdf698b8715039bd0e83f2069bed435ac21ca1b2c3d4e5f6123456789abc\n # It takes a while for App Check to recognize the new app\n # If your app already exists, you don't have to wait 30 seconds.\n wait30s:\n type: time:sleep\n name: wait_30s\n properties:\n createDuration: 30s\n options:\n dependsOn:\n - ${default}\n defaultAppCheckPlayIntegrityConfig:\n type: gcp:firebase:AppCheckPlayIntegrityConfig\n name: default\n properties:\n project: my-project-name\n appId: ${default.appId}\n tokenTtl: 7200s\n options:\n dependsOn:\n - ${wait30s}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nPlayIntegrityConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/apps/{{app_id}}/playIntegrityConfig`\n\n* `{{project}}/{{app_id}}`\n\n* `{{app_id}}`\n\nWhen using the `pulumi import` command, PlayIntegrityConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:firebase/appCheckPlayIntegrityConfig:AppCheckPlayIntegrityConfig default projects/{{project}}/apps/{{app_id}}/playIntegrityConfig\n```\n\n```sh\n$ pulumi import gcp:firebase/appCheckPlayIntegrityConfig:AppCheckPlayIntegrityConfig default {{project}}/{{app_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/appCheckPlayIntegrityConfig:AppCheckPlayIntegrityConfig default {{app_id}}\n```\n\n", "properties": { "appId": { "type": "string", @@ -212797,7 +212797,7 @@ } }, "gcp:firebase/appCheckRecaptchaEnterpriseConfig:AppCheckRecaptchaEnterpriseConfig": { - "description": "An app's reCAPTCHA Enterprise configuration object.\n\n\nTo get more information about RecaptchaEnterpriseConfig, see:\n\n* [API documentation](https://firebase.google.com/docs/reference/appcheck/rest/v1/projects.apps.recaptchaEnterpriseConfig)\n* How-to Guides\n * [Official Documentation](https://firebase.google.com/docs/app-check)\n\n## Example Usage\n\n### Firebase App Check Recaptcha Enterprise Config Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\n// Enables the reCAPTCHA Enterprise API\nconst recaptchaEnterprise = new gcp.projects.Service(\"recaptcha_enterprise\", {\n project: \"my-project-name\",\n service: \"recaptchaenterprise.googleapis.com\",\n disableOnDestroy: false,\n});\nconst _default = new gcp.firebase.WebApp(\"default\", {\n project: \"my-project-name\",\n displayName: \"Web App for reCAPTCHA Enterprise\",\n});\n// It takes a while for App Check to recognize the new app\n// If your app already exists, you don't have to wait 30 seconds.\nconst wait30s = new time.index.Sleep(\"wait_30s\", {createDuration: \"30s\"}, {\n dependsOn: [_default],\n});\nconst defaultAppCheckRecaptchaEnterpriseConfig = new gcp.firebase.AppCheckRecaptchaEnterpriseConfig(\"default\", {\n project: \"my-project-name\",\n appId: _default.appId,\n siteKey: \"6LdpMXIpAAAAANkwWQPgEdjEhal7ugkH9RK9ytuw\",\n tokenTtl: \"7200s\",\n}, {\n dependsOn: [wait30s],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\n# Enables the reCAPTCHA Enterprise API\nrecaptcha_enterprise = gcp.projects.Service(\"recaptcha_enterprise\",\n project=\"my-project-name\",\n service=\"recaptchaenterprise.googleapis.com\",\n disable_on_destroy=False)\ndefault = gcp.firebase.WebApp(\"default\",\n project=\"my-project-name\",\n display_name=\"Web App for reCAPTCHA Enterprise\")\n# It takes a while for App Check to recognize the new app\n# If your app already exists, you don't have to wait 30 seconds.\nwait30s = time.index.Sleep(\"wait_30s\", create_duration=30s,\nopts = pulumi.ResourceOptions(depends_on=[default]))\ndefault_app_check_recaptcha_enterprise_config = gcp.firebase.AppCheckRecaptchaEnterpriseConfig(\"default\",\n project=\"my-project-name\",\n app_id=default.app_id,\n site_key=\"6LdpMXIpAAAAANkwWQPgEdjEhal7ugkH9RK9ytuw\",\n token_ttl=\"7200s\",\n opts = pulumi.ResourceOptions(depends_on=[wait30s]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Enables the reCAPTCHA Enterprise API\n var recaptchaEnterprise = new Gcp.Projects.Service(\"recaptcha_enterprise\", new()\n {\n Project = \"my-project-name\",\n ServiceName = \"recaptchaenterprise.googleapis.com\",\n DisableOnDestroy = false,\n });\n\n var @default = new Gcp.Firebase.WebApp(\"default\", new()\n {\n Project = \"my-project-name\",\n DisplayName = \"Web App for reCAPTCHA Enterprise\",\n });\n\n // It takes a while for App Check to recognize the new app\n // If your app already exists, you don't have to wait 30 seconds.\n var wait30s = new Time.Index.Sleep(\"wait_30s\", new()\n {\n CreateDuration = \"30s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n var defaultAppCheckRecaptchaEnterpriseConfig = new Gcp.Firebase.AppCheckRecaptchaEnterpriseConfig(\"default\", new()\n {\n Project = \"my-project-name\",\n AppId = @default.AppId,\n SiteKey = \"6LdpMXIpAAAAANkwWQPgEdjEhal7ugkH9RK9ytuw\",\n TokenTtl = \"7200s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait30s,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Enables the reCAPTCHA Enterprise API\n\t\t_, err := projects.NewService(ctx, \"recaptcha_enterprise\", \u0026projects.ServiceArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tService: pulumi.String(\"recaptchaenterprise.googleapis.com\"),\n\t\t\tDisableOnDestroy: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewWebApp(ctx, \"default\", \u0026firebase.WebAppArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tDisplayName: pulumi.String(\"Web App for reCAPTCHA Enterprise\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// It takes a while for App Check to recognize the new app\n\t\t// If your app already exists, you don't have to wait 30 seconds.\n\t\twait30s, err := time.NewSleep(ctx, \"wait_30s\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"30s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewAppCheckRecaptchaEnterpriseConfig(ctx, \"default\", \u0026firebase.AppCheckRecaptchaEnterpriseConfigArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tAppId: _default.AppId,\n\t\t\tSiteKey: pulumi.String(\"6LdpMXIpAAAAANkwWQPgEdjEhal7ugkH9RK9ytuw\"),\n\t\t\tTokenTtl: pulumi.String(\"7200s\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait30s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.firebase.WebApp;\nimport com.pulumi.gcp.firebase.WebAppArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.firebase.AppCheckRecaptchaEnterpriseConfig;\nimport com.pulumi.gcp.firebase.AppCheckRecaptchaEnterpriseConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Enables the reCAPTCHA Enterprise API\n var recaptchaEnterprise = new Service(\"recaptchaEnterprise\", ServiceArgs.builder()\n .project(\"my-project-name\")\n .service(\"recaptchaenterprise.googleapis.com\")\n .disableOnDestroy(false)\n .build());\n\n var default_ = new WebApp(\"default\", WebAppArgs.builder()\n .project(\"my-project-name\")\n .displayName(\"Web App for reCAPTCHA Enterprise\")\n .build());\n\n // It takes a while for App Check to recognize the new app\n // If your app already exists, you don't have to wait 30 seconds.\n var wait30s = new Sleep(\"wait30s\", SleepArgs.builder()\n .createDuration(\"30s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n var defaultAppCheckRecaptchaEnterpriseConfig = new AppCheckRecaptchaEnterpriseConfig(\"defaultAppCheckRecaptchaEnterpriseConfig\", AppCheckRecaptchaEnterpriseConfigArgs.builder()\n .project(\"my-project-name\")\n .appId(default_.appId())\n .siteKey(\"6LdpMXIpAAAAANkwWQPgEdjEhal7ugkH9RK9ytuw\")\n .tokenTtl(\"7200s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait30s)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Enables the reCAPTCHA Enterprise API\n recaptchaEnterprise:\n type: gcp:projects:Service\n name: recaptcha_enterprise\n properties:\n project: my-project-name\n service: recaptchaenterprise.googleapis.com\n disableOnDestroy: false\n default:\n type: gcp:firebase:WebApp\n properties:\n project: my-project-name\n displayName: Web App for reCAPTCHA Enterprise\n # It takes a while for App Check to recognize the new app\n # If your app already exists, you don't have to wait 30 seconds.\n wait30s:\n type: time:sleep\n name: wait_30s\n properties:\n createDuration: 30s\n options:\n dependson:\n - ${default}\n defaultAppCheckRecaptchaEnterpriseConfig:\n type: gcp:firebase:AppCheckRecaptchaEnterpriseConfig\n name: default\n properties:\n project: my-project-name\n appId: ${default.appId}\n siteKey: 6LdpMXIpAAAAANkwWQPgEdjEhal7ugkH9RK9ytuw\n tokenTtl: 7200s\n options:\n dependson:\n - ${wait30s}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRecaptchaEnterpriseConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/apps/{{app_id}}/recaptchaEnterpriseConfig`\n\n* `{{project}}/{{app_id}}`\n\n* `{{app_id}}`\n\nWhen using the `pulumi import` command, RecaptchaEnterpriseConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:firebase/appCheckRecaptchaEnterpriseConfig:AppCheckRecaptchaEnterpriseConfig default projects/{{project}}/apps/{{app_id}}/recaptchaEnterpriseConfig\n```\n\n```sh\n$ pulumi import gcp:firebase/appCheckRecaptchaEnterpriseConfig:AppCheckRecaptchaEnterpriseConfig default {{project}}/{{app_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/appCheckRecaptchaEnterpriseConfig:AppCheckRecaptchaEnterpriseConfig default {{app_id}}\n```\n\n", + "description": "An app's reCAPTCHA Enterprise configuration object.\n\n\nTo get more information about RecaptchaEnterpriseConfig, see:\n\n* [API documentation](https://firebase.google.com/docs/reference/appcheck/rest/v1/projects.apps.recaptchaEnterpriseConfig)\n* How-to Guides\n * [Official Documentation](https://firebase.google.com/docs/app-check)\n\n## Example Usage\n\n### Firebase App Check Recaptcha Enterprise Config Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\n// Enables the reCAPTCHA Enterprise API\nconst recaptchaEnterprise = new gcp.projects.Service(\"recaptcha_enterprise\", {\n project: \"my-project-name\",\n service: \"recaptchaenterprise.googleapis.com\",\n disableOnDestroy: false,\n});\nconst _default = new gcp.firebase.WebApp(\"default\", {\n project: \"my-project-name\",\n displayName: \"Web App for reCAPTCHA Enterprise\",\n});\n// It takes a while for App Check to recognize the new app\n// If your app already exists, you don't have to wait 30 seconds.\nconst wait30s = new time.index.Sleep(\"wait_30s\", {createDuration: \"30s\"}, {\n dependsOn: [_default],\n});\nconst defaultAppCheckRecaptchaEnterpriseConfig = new gcp.firebase.AppCheckRecaptchaEnterpriseConfig(\"default\", {\n project: \"my-project-name\",\n appId: _default.appId,\n siteKey: \"6LdpMXIpAAAAANkwWQPgEdjEhal7ugkH9RK9ytuw\",\n tokenTtl: \"7200s\",\n}, {\n dependsOn: [wait30s],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\n# Enables the reCAPTCHA Enterprise API\nrecaptcha_enterprise = gcp.projects.Service(\"recaptcha_enterprise\",\n project=\"my-project-name\",\n service=\"recaptchaenterprise.googleapis.com\",\n disable_on_destroy=False)\ndefault = gcp.firebase.WebApp(\"default\",\n project=\"my-project-name\",\n display_name=\"Web App for reCAPTCHA Enterprise\")\n# It takes a while for App Check to recognize the new app\n# If your app already exists, you don't have to wait 30 seconds.\nwait30s = time.index.Sleep(\"wait_30s\", create_duration=30s,\nopts = pulumi.ResourceOptions(depends_on=[default]))\ndefault_app_check_recaptcha_enterprise_config = gcp.firebase.AppCheckRecaptchaEnterpriseConfig(\"default\",\n project=\"my-project-name\",\n app_id=default.app_id,\n site_key=\"6LdpMXIpAAAAANkwWQPgEdjEhal7ugkH9RK9ytuw\",\n token_ttl=\"7200s\",\n opts = pulumi.ResourceOptions(depends_on=[wait30s]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Enables the reCAPTCHA Enterprise API\n var recaptchaEnterprise = new Gcp.Projects.Service(\"recaptcha_enterprise\", new()\n {\n Project = \"my-project-name\",\n ServiceName = \"recaptchaenterprise.googleapis.com\",\n DisableOnDestroy = false,\n });\n\n var @default = new Gcp.Firebase.WebApp(\"default\", new()\n {\n Project = \"my-project-name\",\n DisplayName = \"Web App for reCAPTCHA Enterprise\",\n });\n\n // It takes a while for App Check to recognize the new app\n // If your app already exists, you don't have to wait 30 seconds.\n var wait30s = new Time.Index.Sleep(\"wait_30s\", new()\n {\n CreateDuration = \"30s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n var defaultAppCheckRecaptchaEnterpriseConfig = new Gcp.Firebase.AppCheckRecaptchaEnterpriseConfig(\"default\", new()\n {\n Project = \"my-project-name\",\n AppId = @default.AppId,\n SiteKey = \"6LdpMXIpAAAAANkwWQPgEdjEhal7ugkH9RK9ytuw\",\n TokenTtl = \"7200s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait30s,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Enables the reCAPTCHA Enterprise API\n\t\t_, err := projects.NewService(ctx, \"recaptcha_enterprise\", \u0026projects.ServiceArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tService: pulumi.String(\"recaptchaenterprise.googleapis.com\"),\n\t\t\tDisableOnDestroy: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewWebApp(ctx, \"default\", \u0026firebase.WebAppArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tDisplayName: pulumi.String(\"Web App for reCAPTCHA Enterprise\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// It takes a while for App Check to recognize the new app\n\t\t// If your app already exists, you don't have to wait 30 seconds.\n\t\twait30s, err := time.NewSleep(ctx, \"wait_30s\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"30s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewAppCheckRecaptchaEnterpriseConfig(ctx, \"default\", \u0026firebase.AppCheckRecaptchaEnterpriseConfigArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tAppId: _default.AppId,\n\t\t\tSiteKey: pulumi.String(\"6LdpMXIpAAAAANkwWQPgEdjEhal7ugkH9RK9ytuw\"),\n\t\t\tTokenTtl: pulumi.String(\"7200s\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait30s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.firebase.WebApp;\nimport com.pulumi.gcp.firebase.WebAppArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.firebase.AppCheckRecaptchaEnterpriseConfig;\nimport com.pulumi.gcp.firebase.AppCheckRecaptchaEnterpriseConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Enables the reCAPTCHA Enterprise API\n var recaptchaEnterprise = new Service(\"recaptchaEnterprise\", ServiceArgs.builder()\n .project(\"my-project-name\")\n .service(\"recaptchaenterprise.googleapis.com\")\n .disableOnDestroy(false)\n .build());\n\n var default_ = new WebApp(\"default\", WebAppArgs.builder()\n .project(\"my-project-name\")\n .displayName(\"Web App for reCAPTCHA Enterprise\")\n .build());\n\n // It takes a while for App Check to recognize the new app\n // If your app already exists, you don't have to wait 30 seconds.\n var wait30s = new Sleep(\"wait30s\", SleepArgs.builder()\n .createDuration(\"30s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n var defaultAppCheckRecaptchaEnterpriseConfig = new AppCheckRecaptchaEnterpriseConfig(\"defaultAppCheckRecaptchaEnterpriseConfig\", AppCheckRecaptchaEnterpriseConfigArgs.builder()\n .project(\"my-project-name\")\n .appId(default_.appId())\n .siteKey(\"6LdpMXIpAAAAANkwWQPgEdjEhal7ugkH9RK9ytuw\")\n .tokenTtl(\"7200s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait30s)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Enables the reCAPTCHA Enterprise API\n recaptchaEnterprise:\n type: gcp:projects:Service\n name: recaptcha_enterprise\n properties:\n project: my-project-name\n service: recaptchaenterprise.googleapis.com\n disableOnDestroy: false\n default:\n type: gcp:firebase:WebApp\n properties:\n project: my-project-name\n displayName: Web App for reCAPTCHA Enterprise\n # It takes a while for App Check to recognize the new app\n # If your app already exists, you don't have to wait 30 seconds.\n wait30s:\n type: time:sleep\n name: wait_30s\n properties:\n createDuration: 30s\n options:\n dependsOn:\n - ${default}\n defaultAppCheckRecaptchaEnterpriseConfig:\n type: gcp:firebase:AppCheckRecaptchaEnterpriseConfig\n name: default\n properties:\n project: my-project-name\n appId: ${default.appId}\n siteKey: 6LdpMXIpAAAAANkwWQPgEdjEhal7ugkH9RK9ytuw\n tokenTtl: 7200s\n options:\n dependsOn:\n - ${wait30s}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRecaptchaEnterpriseConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/apps/{{app_id}}/recaptchaEnterpriseConfig`\n\n* `{{project}}/{{app_id}}`\n\n* `{{app_id}}`\n\nWhen using the `pulumi import` command, RecaptchaEnterpriseConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:firebase/appCheckRecaptchaEnterpriseConfig:AppCheckRecaptchaEnterpriseConfig default projects/{{project}}/apps/{{app_id}}/recaptchaEnterpriseConfig\n```\n\n```sh\n$ pulumi import gcp:firebase/appCheckRecaptchaEnterpriseConfig:AppCheckRecaptchaEnterpriseConfig default {{project}}/{{app_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/appCheckRecaptchaEnterpriseConfig:AppCheckRecaptchaEnterpriseConfig default {{app_id}}\n```\n\n", "properties": { "appId": { "type": "string", @@ -212881,7 +212881,7 @@ } }, "gcp:firebase/appCheckRecaptchaV3Config:AppCheckRecaptchaV3Config": { - "description": "An app's reCAPTCHA V3 configuration object.\n\n\nTo get more information about RecaptchaV3Config, see:\n\n* [API documentation](https://firebase.google.com/docs/reference/appcheck/rest/v1/projects.apps.recaptchaV3Config)\n* How-to Guides\n * [Official Documentation](https://firebase.google.com/docs/app-check)\n\n\n\n## Example Usage\n\n### Firebase App Check Recaptcha V3 Config Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst _default = new gcp.firebase.WebApp(\"default\", {\n project: \"my-project-name\",\n displayName: \"Web App for reCAPTCHA V3\",\n});\n// It takes a while for App Check to recognize the new app\n// If your app already exists, you don't have to wait 30 seconds.\nconst wait30s = new time.index.Sleep(\"wait_30s\", {createDuration: \"30s\"}, {\n dependsOn: [_default],\n});\nconst defaultAppCheckRecaptchaV3Config = new gcp.firebase.AppCheckRecaptchaV3Config(\"default\", {\n project: \"my-project-name\",\n appId: _default.appId,\n siteSecret: \"6Lf9YnQpAAAAAC3-MHmdAllTbPwTZxpUw5d34YzX\",\n tokenTtl: \"7200s\",\n}, {\n dependsOn: [wait30s],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\ndefault = gcp.firebase.WebApp(\"default\",\n project=\"my-project-name\",\n display_name=\"Web App for reCAPTCHA V3\")\n# It takes a while for App Check to recognize the new app\n# If your app already exists, you don't have to wait 30 seconds.\nwait30s = time.index.Sleep(\"wait_30s\", create_duration=30s,\nopts = pulumi.ResourceOptions(depends_on=[default]))\ndefault_app_check_recaptcha_v3_config = gcp.firebase.AppCheckRecaptchaV3Config(\"default\",\n project=\"my-project-name\",\n app_id=default.app_id,\n site_secret=\"6Lf9YnQpAAAAAC3-MHmdAllTbPwTZxpUw5d34YzX\",\n token_ttl=\"7200s\",\n opts = pulumi.ResourceOptions(depends_on=[wait30s]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Firebase.WebApp(\"default\", new()\n {\n Project = \"my-project-name\",\n DisplayName = \"Web App for reCAPTCHA V3\",\n });\n\n // It takes a while for App Check to recognize the new app\n // If your app already exists, you don't have to wait 30 seconds.\n var wait30s = new Time.Index.Sleep(\"wait_30s\", new()\n {\n CreateDuration = \"30s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n var defaultAppCheckRecaptchaV3Config = new Gcp.Firebase.AppCheckRecaptchaV3Config(\"default\", new()\n {\n Project = \"my-project-name\",\n AppId = @default.AppId,\n SiteSecret = \"6Lf9YnQpAAAAAC3-MHmdAllTbPwTZxpUw5d34YzX\",\n TokenTtl = \"7200s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait30s,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firebase.NewWebApp(ctx, \"default\", \u0026firebase.WebAppArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tDisplayName: pulumi.String(\"Web App for reCAPTCHA V3\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// It takes a while for App Check to recognize the new app\n\t\t// If your app already exists, you don't have to wait 30 seconds.\n\t\twait30s, err := time.NewSleep(ctx, \"wait_30s\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"30s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewAppCheckRecaptchaV3Config(ctx, \"default\", \u0026firebase.AppCheckRecaptchaV3ConfigArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tAppId: _default.AppId,\n\t\t\tSiteSecret: pulumi.String(\"6Lf9YnQpAAAAAC3-MHmdAllTbPwTZxpUw5d34YzX\"),\n\t\t\tTokenTtl: pulumi.String(\"7200s\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait30s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firebase.WebApp;\nimport com.pulumi.gcp.firebase.WebAppArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.firebase.AppCheckRecaptchaV3Config;\nimport com.pulumi.gcp.firebase.AppCheckRecaptchaV3ConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new WebApp(\"default\", WebAppArgs.builder()\n .project(\"my-project-name\")\n .displayName(\"Web App for reCAPTCHA V3\")\n .build());\n\n // It takes a while for App Check to recognize the new app\n // If your app already exists, you don't have to wait 30 seconds.\n var wait30s = new Sleep(\"wait30s\", SleepArgs.builder()\n .createDuration(\"30s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n var defaultAppCheckRecaptchaV3Config = new AppCheckRecaptchaV3Config(\"defaultAppCheckRecaptchaV3Config\", AppCheckRecaptchaV3ConfigArgs.builder()\n .project(\"my-project-name\")\n .appId(default_.appId())\n .siteSecret(\"6Lf9YnQpAAAAAC3-MHmdAllTbPwTZxpUw5d34YzX\")\n .tokenTtl(\"7200s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait30s)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:firebase:WebApp\n properties:\n project: my-project-name\n displayName: Web App for reCAPTCHA V3\n # It takes a while for App Check to recognize the new app\n # If your app already exists, you don't have to wait 30 seconds.\n wait30s:\n type: time:sleep\n name: wait_30s\n properties:\n createDuration: 30s\n options:\n dependson:\n - ${default}\n defaultAppCheckRecaptchaV3Config:\n type: gcp:firebase:AppCheckRecaptchaV3Config\n name: default\n properties:\n project: my-project-name\n appId: ${default.appId}\n siteSecret: 6Lf9YnQpAAAAAC3-MHmdAllTbPwTZxpUw5d34YzX\n tokenTtl: 7200s\n options:\n dependson:\n - ${wait30s}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRecaptchaV3Config can be imported using any of these accepted formats:\n\n* `projects/{{project}}/apps/{{app_id}}/recaptchaV3Config`\n\n* `{{project}}/{{app_id}}`\n\n* `{{app_id}}`\n\nWhen using the `pulumi import` command, RecaptchaV3Config can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:firebase/appCheckRecaptchaV3Config:AppCheckRecaptchaV3Config default projects/{{project}}/apps/{{app_id}}/recaptchaV3Config\n```\n\n```sh\n$ pulumi import gcp:firebase/appCheckRecaptchaV3Config:AppCheckRecaptchaV3Config default {{project}}/{{app_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/appCheckRecaptchaV3Config:AppCheckRecaptchaV3Config default {{app_id}}\n```\n\n", + "description": "An app's reCAPTCHA V3 configuration object.\n\n\nTo get more information about RecaptchaV3Config, see:\n\n* [API documentation](https://firebase.google.com/docs/reference/appcheck/rest/v1/projects.apps.recaptchaV3Config)\n* How-to Guides\n * [Official Documentation](https://firebase.google.com/docs/app-check)\n\n\n\n## Example Usage\n\n### Firebase App Check Recaptcha V3 Config Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst _default = new gcp.firebase.WebApp(\"default\", {\n project: \"my-project-name\",\n displayName: \"Web App for reCAPTCHA V3\",\n});\n// It takes a while for App Check to recognize the new app\n// If your app already exists, you don't have to wait 30 seconds.\nconst wait30s = new time.index.Sleep(\"wait_30s\", {createDuration: \"30s\"}, {\n dependsOn: [_default],\n});\nconst defaultAppCheckRecaptchaV3Config = new gcp.firebase.AppCheckRecaptchaV3Config(\"default\", {\n project: \"my-project-name\",\n appId: _default.appId,\n siteSecret: \"6Lf9YnQpAAAAAC3-MHmdAllTbPwTZxpUw5d34YzX\",\n tokenTtl: \"7200s\",\n}, {\n dependsOn: [wait30s],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\ndefault = gcp.firebase.WebApp(\"default\",\n project=\"my-project-name\",\n display_name=\"Web App for reCAPTCHA V3\")\n# It takes a while for App Check to recognize the new app\n# If your app already exists, you don't have to wait 30 seconds.\nwait30s = time.index.Sleep(\"wait_30s\", create_duration=30s,\nopts = pulumi.ResourceOptions(depends_on=[default]))\ndefault_app_check_recaptcha_v3_config = gcp.firebase.AppCheckRecaptchaV3Config(\"default\",\n project=\"my-project-name\",\n app_id=default.app_id,\n site_secret=\"6Lf9YnQpAAAAAC3-MHmdAllTbPwTZxpUw5d34YzX\",\n token_ttl=\"7200s\",\n opts = pulumi.ResourceOptions(depends_on=[wait30s]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Firebase.WebApp(\"default\", new()\n {\n Project = \"my-project-name\",\n DisplayName = \"Web App for reCAPTCHA V3\",\n });\n\n // It takes a while for App Check to recognize the new app\n // If your app already exists, you don't have to wait 30 seconds.\n var wait30s = new Time.Index.Sleep(\"wait_30s\", new()\n {\n CreateDuration = \"30s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n var defaultAppCheckRecaptchaV3Config = new Gcp.Firebase.AppCheckRecaptchaV3Config(\"default\", new()\n {\n Project = \"my-project-name\",\n AppId = @default.AppId,\n SiteSecret = \"6Lf9YnQpAAAAAC3-MHmdAllTbPwTZxpUw5d34YzX\",\n TokenTtl = \"7200s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait30s,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firebase.NewWebApp(ctx, \"default\", \u0026firebase.WebAppArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tDisplayName: pulumi.String(\"Web App for reCAPTCHA V3\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// It takes a while for App Check to recognize the new app\n\t\t// If your app already exists, you don't have to wait 30 seconds.\n\t\twait30s, err := time.NewSleep(ctx, \"wait_30s\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"30s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewAppCheckRecaptchaV3Config(ctx, \"default\", \u0026firebase.AppCheckRecaptchaV3ConfigArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tAppId: _default.AppId,\n\t\t\tSiteSecret: pulumi.String(\"6Lf9YnQpAAAAAC3-MHmdAllTbPwTZxpUw5d34YzX\"),\n\t\t\tTokenTtl: pulumi.String(\"7200s\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait30s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firebase.WebApp;\nimport com.pulumi.gcp.firebase.WebAppArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.firebase.AppCheckRecaptchaV3Config;\nimport com.pulumi.gcp.firebase.AppCheckRecaptchaV3ConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new WebApp(\"default\", WebAppArgs.builder()\n .project(\"my-project-name\")\n .displayName(\"Web App for reCAPTCHA V3\")\n .build());\n\n // It takes a while for App Check to recognize the new app\n // If your app already exists, you don't have to wait 30 seconds.\n var wait30s = new Sleep(\"wait30s\", SleepArgs.builder()\n .createDuration(\"30s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n var defaultAppCheckRecaptchaV3Config = new AppCheckRecaptchaV3Config(\"defaultAppCheckRecaptchaV3Config\", AppCheckRecaptchaV3ConfigArgs.builder()\n .project(\"my-project-name\")\n .appId(default_.appId())\n .siteSecret(\"6Lf9YnQpAAAAAC3-MHmdAllTbPwTZxpUw5d34YzX\")\n .tokenTtl(\"7200s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait30s)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:firebase:WebApp\n properties:\n project: my-project-name\n displayName: Web App for reCAPTCHA V3\n # It takes a while for App Check to recognize the new app\n # If your app already exists, you don't have to wait 30 seconds.\n wait30s:\n type: time:sleep\n name: wait_30s\n properties:\n createDuration: 30s\n options:\n dependsOn:\n - ${default}\n defaultAppCheckRecaptchaV3Config:\n type: gcp:firebase:AppCheckRecaptchaV3Config\n name: default\n properties:\n project: my-project-name\n appId: ${default.appId}\n siteSecret: 6Lf9YnQpAAAAAC3-MHmdAllTbPwTZxpUw5d34YzX\n tokenTtl: 7200s\n options:\n dependsOn:\n - ${wait30s}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRecaptchaV3Config can be imported using any of these accepted formats:\n\n* `projects/{{project}}/apps/{{app_id}}/recaptchaV3Config`\n\n* `{{project}}/{{app_id}}`\n\n* `{{app_id}}`\n\nWhen using the `pulumi import` command, RecaptchaV3Config can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:firebase/appCheckRecaptchaV3Config:AppCheckRecaptchaV3Config default projects/{{project}}/apps/{{app_id}}/recaptchaV3Config\n```\n\n```sh\n$ pulumi import gcp:firebase/appCheckRecaptchaV3Config:AppCheckRecaptchaV3Config default {{project}}/{{app_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/appCheckRecaptchaV3Config:AppCheckRecaptchaV3Config default {{app_id}}\n```\n\n", "properties": { "appId": { "type": "string", @@ -212977,7 +212977,7 @@ } }, "gcp:firebase/appCheckServiceConfig:AppCheckServiceConfig": { - "description": "The enforcement configuration for a service supported by App Check.\n\n\nTo get more information about ServiceConfig, see:\n\n* [API documentation](https://firebase.google.com/docs/reference/appcheck/rest/v1/projects.services)\n* How-to Guides\n * [Official Documentation](https://firebase.google.com/docs/app-check)\n\n## Example Usage\n\n### Firebase App Check Service Config Off\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst appcheck = new gcp.projects.Service(\"appcheck\", {\n project: \"my-project-name\",\n service: \"firebaseappcheck.googleapis.com\",\n disableOnDestroy: false,\n});\nconst _default = new gcp.firebase.AppCheckServiceConfig(\"default\", {\n project: \"my-project-name\",\n serviceId: \"firestore.googleapis.com\",\n}, {\n dependsOn: [appcheck],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nappcheck = gcp.projects.Service(\"appcheck\",\n project=\"my-project-name\",\n service=\"firebaseappcheck.googleapis.com\",\n disable_on_destroy=False)\ndefault = gcp.firebase.AppCheckServiceConfig(\"default\",\n project=\"my-project-name\",\n service_id=\"firestore.googleapis.com\",\n opts = pulumi.ResourceOptions(depends_on=[appcheck]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var appcheck = new Gcp.Projects.Service(\"appcheck\", new()\n {\n Project = \"my-project-name\",\n ServiceName = \"firebaseappcheck.googleapis.com\",\n DisableOnDestroy = false,\n });\n\n var @default = new Gcp.Firebase.AppCheckServiceConfig(\"default\", new()\n {\n Project = \"my-project-name\",\n ServiceId = \"firestore.googleapis.com\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n appcheck,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tappcheck, err := projects.NewService(ctx, \"appcheck\", \u0026projects.ServiceArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tService: pulumi.String(\"firebaseappcheck.googleapis.com\"),\n\t\t\tDisableOnDestroy: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewAppCheckServiceConfig(ctx, \"default\", \u0026firebase.AppCheckServiceConfigArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tServiceId: pulumi.String(\"firestore.googleapis.com\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tappcheck,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.firebase.AppCheckServiceConfig;\nimport com.pulumi.gcp.firebase.AppCheckServiceConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var appcheck = new Service(\"appcheck\", ServiceArgs.builder()\n .project(\"my-project-name\")\n .service(\"firebaseappcheck.googleapis.com\")\n .disableOnDestroy(false)\n .build());\n\n var default_ = new AppCheckServiceConfig(\"default\", AppCheckServiceConfigArgs.builder()\n .project(\"my-project-name\")\n .serviceId(\"firestore.googleapis.com\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(appcheck)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n appcheck:\n type: gcp:projects:Service\n properties:\n project: my-project-name\n service: firebaseappcheck.googleapis.com\n disableOnDestroy: false\n default:\n type: gcp:firebase:AppCheckServiceConfig\n properties:\n project: my-project-name\n serviceId: firestore.googleapis.com\n options:\n dependson:\n - ${appcheck}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firebase App Check Service Config Enforced\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst appcheck = new gcp.projects.Service(\"appcheck\", {\n project: \"my-project-name\",\n service: \"firebaseappcheck.googleapis.com\",\n disableOnDestroy: false,\n});\nconst _default = new gcp.firebase.AppCheckServiceConfig(\"default\", {\n project: \"my-project-name\",\n serviceId: \"firebasestorage.googleapis.com\",\n enforcementMode: \"ENFORCED\",\n}, {\n dependsOn: [appcheck],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nappcheck = gcp.projects.Service(\"appcheck\",\n project=\"my-project-name\",\n service=\"firebaseappcheck.googleapis.com\",\n disable_on_destroy=False)\ndefault = gcp.firebase.AppCheckServiceConfig(\"default\",\n project=\"my-project-name\",\n service_id=\"firebasestorage.googleapis.com\",\n enforcement_mode=\"ENFORCED\",\n opts = pulumi.ResourceOptions(depends_on=[appcheck]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var appcheck = new Gcp.Projects.Service(\"appcheck\", new()\n {\n Project = \"my-project-name\",\n ServiceName = \"firebaseappcheck.googleapis.com\",\n DisableOnDestroy = false,\n });\n\n var @default = new Gcp.Firebase.AppCheckServiceConfig(\"default\", new()\n {\n Project = \"my-project-name\",\n ServiceId = \"firebasestorage.googleapis.com\",\n EnforcementMode = \"ENFORCED\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n appcheck,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tappcheck, err := projects.NewService(ctx, \"appcheck\", \u0026projects.ServiceArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tService: pulumi.String(\"firebaseappcheck.googleapis.com\"),\n\t\t\tDisableOnDestroy: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewAppCheckServiceConfig(ctx, \"default\", \u0026firebase.AppCheckServiceConfigArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tServiceId: pulumi.String(\"firebasestorage.googleapis.com\"),\n\t\t\tEnforcementMode: pulumi.String(\"ENFORCED\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tappcheck,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.firebase.AppCheckServiceConfig;\nimport com.pulumi.gcp.firebase.AppCheckServiceConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var appcheck = new Service(\"appcheck\", ServiceArgs.builder()\n .project(\"my-project-name\")\n .service(\"firebaseappcheck.googleapis.com\")\n .disableOnDestroy(false)\n .build());\n\n var default_ = new AppCheckServiceConfig(\"default\", AppCheckServiceConfigArgs.builder()\n .project(\"my-project-name\")\n .serviceId(\"firebasestorage.googleapis.com\")\n .enforcementMode(\"ENFORCED\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(appcheck)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n appcheck:\n type: gcp:projects:Service\n properties:\n project: my-project-name\n service: firebaseappcheck.googleapis.com\n disableOnDestroy: false\n default:\n type: gcp:firebase:AppCheckServiceConfig\n properties:\n project: my-project-name\n serviceId: firebasestorage.googleapis.com\n enforcementMode: ENFORCED\n options:\n dependson:\n - ${appcheck}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firebase App Check Service Config Unenforced\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst appcheck = new gcp.projects.Service(\"appcheck\", {\n project: \"my-project-name\",\n service: \"firebaseappcheck.googleapis.com\",\n disableOnDestroy: false,\n});\nconst _default = new gcp.firebase.AppCheckServiceConfig(\"default\", {\n project: \"my-project-name\",\n serviceId: \"identitytoolkit.googleapis.com\",\n enforcementMode: \"UNENFORCED\",\n}, {\n dependsOn: [appcheck],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nappcheck = gcp.projects.Service(\"appcheck\",\n project=\"my-project-name\",\n service=\"firebaseappcheck.googleapis.com\",\n disable_on_destroy=False)\ndefault = gcp.firebase.AppCheckServiceConfig(\"default\",\n project=\"my-project-name\",\n service_id=\"identitytoolkit.googleapis.com\",\n enforcement_mode=\"UNENFORCED\",\n opts = pulumi.ResourceOptions(depends_on=[appcheck]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var appcheck = new Gcp.Projects.Service(\"appcheck\", new()\n {\n Project = \"my-project-name\",\n ServiceName = \"firebaseappcheck.googleapis.com\",\n DisableOnDestroy = false,\n });\n\n var @default = new Gcp.Firebase.AppCheckServiceConfig(\"default\", new()\n {\n Project = \"my-project-name\",\n ServiceId = \"identitytoolkit.googleapis.com\",\n EnforcementMode = \"UNENFORCED\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n appcheck,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tappcheck, err := projects.NewService(ctx, \"appcheck\", \u0026projects.ServiceArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tService: pulumi.String(\"firebaseappcheck.googleapis.com\"),\n\t\t\tDisableOnDestroy: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewAppCheckServiceConfig(ctx, \"default\", \u0026firebase.AppCheckServiceConfigArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tServiceId: pulumi.String(\"identitytoolkit.googleapis.com\"),\n\t\t\tEnforcementMode: pulumi.String(\"UNENFORCED\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tappcheck,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.firebase.AppCheckServiceConfig;\nimport com.pulumi.gcp.firebase.AppCheckServiceConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var appcheck = new Service(\"appcheck\", ServiceArgs.builder()\n .project(\"my-project-name\")\n .service(\"firebaseappcheck.googleapis.com\")\n .disableOnDestroy(false)\n .build());\n\n var default_ = new AppCheckServiceConfig(\"default\", AppCheckServiceConfigArgs.builder()\n .project(\"my-project-name\")\n .serviceId(\"identitytoolkit.googleapis.com\")\n .enforcementMode(\"UNENFORCED\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(appcheck)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n appcheck:\n type: gcp:projects:Service\n properties:\n project: my-project-name\n service: firebaseappcheck.googleapis.com\n disableOnDestroy: false\n default:\n type: gcp:firebase:AppCheckServiceConfig\n properties:\n project: my-project-name\n serviceId: identitytoolkit.googleapis.com\n enforcementMode: UNENFORCED\n options:\n dependson:\n - ${appcheck}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nServiceConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/services/{{service_id}}`\n\n* `{{project}}/{{service_id}}`\n\n* `{{service_id}}`\n\nWhen using the `pulumi import` command, ServiceConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:firebase/appCheckServiceConfig:AppCheckServiceConfig default projects/{{project}}/services/{{service_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/appCheckServiceConfig:AppCheckServiceConfig default {{project}}/{{service_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/appCheckServiceConfig:AppCheckServiceConfig default {{service_id}}\n```\n\n", + "description": "The enforcement configuration for a service supported by App Check.\n\n\nTo get more information about ServiceConfig, see:\n\n* [API documentation](https://firebase.google.com/docs/reference/appcheck/rest/v1/projects.services)\n* How-to Guides\n * [Official Documentation](https://firebase.google.com/docs/app-check)\n\n## Example Usage\n\n### Firebase App Check Service Config Off\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst appcheck = new gcp.projects.Service(\"appcheck\", {\n project: \"my-project-name\",\n service: \"firebaseappcheck.googleapis.com\",\n disableOnDestroy: false,\n});\nconst _default = new gcp.firebase.AppCheckServiceConfig(\"default\", {\n project: \"my-project-name\",\n serviceId: \"firestore.googleapis.com\",\n}, {\n dependsOn: [appcheck],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nappcheck = gcp.projects.Service(\"appcheck\",\n project=\"my-project-name\",\n service=\"firebaseappcheck.googleapis.com\",\n disable_on_destroy=False)\ndefault = gcp.firebase.AppCheckServiceConfig(\"default\",\n project=\"my-project-name\",\n service_id=\"firestore.googleapis.com\",\n opts = pulumi.ResourceOptions(depends_on=[appcheck]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var appcheck = new Gcp.Projects.Service(\"appcheck\", new()\n {\n Project = \"my-project-name\",\n ServiceName = \"firebaseappcheck.googleapis.com\",\n DisableOnDestroy = false,\n });\n\n var @default = new Gcp.Firebase.AppCheckServiceConfig(\"default\", new()\n {\n Project = \"my-project-name\",\n ServiceId = \"firestore.googleapis.com\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n appcheck,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tappcheck, err := projects.NewService(ctx, \"appcheck\", \u0026projects.ServiceArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tService: pulumi.String(\"firebaseappcheck.googleapis.com\"),\n\t\t\tDisableOnDestroy: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewAppCheckServiceConfig(ctx, \"default\", \u0026firebase.AppCheckServiceConfigArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tServiceId: pulumi.String(\"firestore.googleapis.com\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tappcheck,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.firebase.AppCheckServiceConfig;\nimport com.pulumi.gcp.firebase.AppCheckServiceConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var appcheck = new Service(\"appcheck\", ServiceArgs.builder()\n .project(\"my-project-name\")\n .service(\"firebaseappcheck.googleapis.com\")\n .disableOnDestroy(false)\n .build());\n\n var default_ = new AppCheckServiceConfig(\"default\", AppCheckServiceConfigArgs.builder()\n .project(\"my-project-name\")\n .serviceId(\"firestore.googleapis.com\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(appcheck)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n appcheck:\n type: gcp:projects:Service\n properties:\n project: my-project-name\n service: firebaseappcheck.googleapis.com\n disableOnDestroy: false\n default:\n type: gcp:firebase:AppCheckServiceConfig\n properties:\n project: my-project-name\n serviceId: firestore.googleapis.com\n options:\n dependsOn:\n - ${appcheck}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firebase App Check Service Config Enforced\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst appcheck = new gcp.projects.Service(\"appcheck\", {\n project: \"my-project-name\",\n service: \"firebaseappcheck.googleapis.com\",\n disableOnDestroy: false,\n});\nconst _default = new gcp.firebase.AppCheckServiceConfig(\"default\", {\n project: \"my-project-name\",\n serviceId: \"firebasestorage.googleapis.com\",\n enforcementMode: \"ENFORCED\",\n}, {\n dependsOn: [appcheck],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nappcheck = gcp.projects.Service(\"appcheck\",\n project=\"my-project-name\",\n service=\"firebaseappcheck.googleapis.com\",\n disable_on_destroy=False)\ndefault = gcp.firebase.AppCheckServiceConfig(\"default\",\n project=\"my-project-name\",\n service_id=\"firebasestorage.googleapis.com\",\n enforcement_mode=\"ENFORCED\",\n opts = pulumi.ResourceOptions(depends_on=[appcheck]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var appcheck = new Gcp.Projects.Service(\"appcheck\", new()\n {\n Project = \"my-project-name\",\n ServiceName = \"firebaseappcheck.googleapis.com\",\n DisableOnDestroy = false,\n });\n\n var @default = new Gcp.Firebase.AppCheckServiceConfig(\"default\", new()\n {\n Project = \"my-project-name\",\n ServiceId = \"firebasestorage.googleapis.com\",\n EnforcementMode = \"ENFORCED\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n appcheck,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tappcheck, err := projects.NewService(ctx, \"appcheck\", \u0026projects.ServiceArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tService: pulumi.String(\"firebaseappcheck.googleapis.com\"),\n\t\t\tDisableOnDestroy: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewAppCheckServiceConfig(ctx, \"default\", \u0026firebase.AppCheckServiceConfigArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tServiceId: pulumi.String(\"firebasestorage.googleapis.com\"),\n\t\t\tEnforcementMode: pulumi.String(\"ENFORCED\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tappcheck,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.firebase.AppCheckServiceConfig;\nimport com.pulumi.gcp.firebase.AppCheckServiceConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var appcheck = new Service(\"appcheck\", ServiceArgs.builder()\n .project(\"my-project-name\")\n .service(\"firebaseappcheck.googleapis.com\")\n .disableOnDestroy(false)\n .build());\n\n var default_ = new AppCheckServiceConfig(\"default\", AppCheckServiceConfigArgs.builder()\n .project(\"my-project-name\")\n .serviceId(\"firebasestorage.googleapis.com\")\n .enforcementMode(\"ENFORCED\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(appcheck)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n appcheck:\n type: gcp:projects:Service\n properties:\n project: my-project-name\n service: firebaseappcheck.googleapis.com\n disableOnDestroy: false\n default:\n type: gcp:firebase:AppCheckServiceConfig\n properties:\n project: my-project-name\n serviceId: firebasestorage.googleapis.com\n enforcementMode: ENFORCED\n options:\n dependsOn:\n - ${appcheck}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firebase App Check Service Config Unenforced\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst appcheck = new gcp.projects.Service(\"appcheck\", {\n project: \"my-project-name\",\n service: \"firebaseappcheck.googleapis.com\",\n disableOnDestroy: false,\n});\nconst _default = new gcp.firebase.AppCheckServiceConfig(\"default\", {\n project: \"my-project-name\",\n serviceId: \"identitytoolkit.googleapis.com\",\n enforcementMode: \"UNENFORCED\",\n}, {\n dependsOn: [appcheck],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nappcheck = gcp.projects.Service(\"appcheck\",\n project=\"my-project-name\",\n service=\"firebaseappcheck.googleapis.com\",\n disable_on_destroy=False)\ndefault = gcp.firebase.AppCheckServiceConfig(\"default\",\n project=\"my-project-name\",\n service_id=\"identitytoolkit.googleapis.com\",\n enforcement_mode=\"UNENFORCED\",\n opts = pulumi.ResourceOptions(depends_on=[appcheck]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var appcheck = new Gcp.Projects.Service(\"appcheck\", new()\n {\n Project = \"my-project-name\",\n ServiceName = \"firebaseappcheck.googleapis.com\",\n DisableOnDestroy = false,\n });\n\n var @default = new Gcp.Firebase.AppCheckServiceConfig(\"default\", new()\n {\n Project = \"my-project-name\",\n ServiceId = \"identitytoolkit.googleapis.com\",\n EnforcementMode = \"UNENFORCED\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n appcheck,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tappcheck, err := projects.NewService(ctx, \"appcheck\", \u0026projects.ServiceArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tService: pulumi.String(\"firebaseappcheck.googleapis.com\"),\n\t\t\tDisableOnDestroy: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewAppCheckServiceConfig(ctx, \"default\", \u0026firebase.AppCheckServiceConfigArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tServiceId: pulumi.String(\"identitytoolkit.googleapis.com\"),\n\t\t\tEnforcementMode: pulumi.String(\"UNENFORCED\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tappcheck,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.firebase.AppCheckServiceConfig;\nimport com.pulumi.gcp.firebase.AppCheckServiceConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var appcheck = new Service(\"appcheck\", ServiceArgs.builder()\n .project(\"my-project-name\")\n .service(\"firebaseappcheck.googleapis.com\")\n .disableOnDestroy(false)\n .build());\n\n var default_ = new AppCheckServiceConfig(\"default\", AppCheckServiceConfigArgs.builder()\n .project(\"my-project-name\")\n .serviceId(\"identitytoolkit.googleapis.com\")\n .enforcementMode(\"UNENFORCED\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(appcheck)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n appcheck:\n type: gcp:projects:Service\n properties:\n project: my-project-name\n service: firebaseappcheck.googleapis.com\n disableOnDestroy: false\n default:\n type: gcp:firebase:AppCheckServiceConfig\n properties:\n project: my-project-name\n serviceId: identitytoolkit.googleapis.com\n enforcementMode: UNENFORCED\n options:\n dependsOn:\n - ${appcheck}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nServiceConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/services/{{service_id}}`\n\n* `{{project}}/{{service_id}}`\n\n* `{{service_id}}`\n\nWhen using the `pulumi import` command, ServiceConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:firebase/appCheckServiceConfig:AppCheckServiceConfig default projects/{{project}}/services/{{service_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/appCheckServiceConfig:AppCheckServiceConfig default {{project}}/{{service_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/appCheckServiceConfig:AppCheckServiceConfig default {{service_id}}\n```\n\n", "properties": { "enforcementMode": { "type": "string" @@ -213169,7 +213169,7 @@ } }, "gcp:firebase/databaseInstance:DatabaseInstance": { - "description": "## Example Usage\n\n### Firebase Database Instance Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = new gcp.firebase.DatabaseInstance(\"basic\", {\n project: \"my-project-name\",\n region: \"us-central1\",\n instanceId: \"active-db\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic = gcp.firebase.DatabaseInstance(\"basic\",\n project=\"my-project-name\",\n region=\"us-central1\",\n instance_id=\"active-db\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = new Gcp.Firebase.DatabaseInstance(\"basic\", new()\n {\n Project = \"my-project-name\",\n Region = \"us-central1\",\n InstanceId = \"active-db\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firebase.NewDatabaseInstance(ctx, \"basic\", \u0026firebase.DatabaseInstanceArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tInstanceId: pulumi.String(\"active-db\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firebase.DatabaseInstance;\nimport com.pulumi.gcp.firebase.DatabaseInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basic = new DatabaseInstance(\"basic\", DatabaseInstanceArgs.builder()\n .project(\"my-project-name\")\n .region(\"us-central1\")\n .instanceId(\"active-db\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basic:\n type: gcp:firebase:DatabaseInstance\n properties:\n project: my-project-name\n region: us-central1\n instanceId: active-db\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firebase Database Instance Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst full = new gcp.firebase.DatabaseInstance(\"full\", {\n project: \"my-project-name\",\n region: \"europe-west1\",\n instanceId: \"disabled-db\",\n type: \"USER_DATABASE\",\n desiredState: \"DISABLED\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfull = gcp.firebase.DatabaseInstance(\"full\",\n project=\"my-project-name\",\n region=\"europe-west1\",\n instance_id=\"disabled-db\",\n type=\"USER_DATABASE\",\n desired_state=\"DISABLED\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var full = new Gcp.Firebase.DatabaseInstance(\"full\", new()\n {\n Project = \"my-project-name\",\n Region = \"europe-west1\",\n InstanceId = \"disabled-db\",\n Type = \"USER_DATABASE\",\n DesiredState = \"DISABLED\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firebase.NewDatabaseInstance(ctx, \"full\", \u0026firebase.DatabaseInstanceArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tRegion: pulumi.String(\"europe-west1\"),\n\t\t\tInstanceId: pulumi.String(\"disabled-db\"),\n\t\t\tType: pulumi.String(\"USER_DATABASE\"),\n\t\t\tDesiredState: pulumi.String(\"DISABLED\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firebase.DatabaseInstance;\nimport com.pulumi.gcp.firebase.DatabaseInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var full = new DatabaseInstance(\"full\", DatabaseInstanceArgs.builder()\n .project(\"my-project-name\")\n .region(\"europe-west1\")\n .instanceId(\"disabled-db\")\n .type(\"USER_DATABASE\")\n .desiredState(\"DISABLED\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n full:\n type: gcp:firebase:DatabaseInstance\n properties:\n project: my-project-name\n region: europe-west1\n instanceId: disabled-db\n type: USER_DATABASE\n desiredState: DISABLED\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firebase Database Instance Default Database\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.organizations.Project(\"default\", {\n projectId: \"rtdb-project\",\n name: \"rtdb-project\",\n orgId: \"123456789\",\n deletionPolicy: \"DELETE\",\n labels: {\n firebase: \"enabled\",\n },\n});\nconst defaultProject = new gcp.firebase.Project(\"default\", {project: _default.projectId});\nconst firebaseDatabase = new gcp.projects.Service(\"firebase_database\", {\n project: defaultProject.project,\n service: \"firebasedatabase.googleapis.com\",\n});\nconst defaultDatabaseInstance = new gcp.firebase.DatabaseInstance(\"default\", {\n project: defaultProject.project,\n region: \"us-central1\",\n instanceId: \"rtdb-project-default-rtdb\",\n type: \"DEFAULT_DATABASE\",\n}, {\n dependsOn: [firebaseDatabase],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.organizations.Project(\"default\",\n project_id=\"rtdb-project\",\n name=\"rtdb-project\",\n org_id=\"123456789\",\n deletion_policy=\"DELETE\",\n labels={\n \"firebase\": \"enabled\",\n })\ndefault_project = gcp.firebase.Project(\"default\", project=default.project_id)\nfirebase_database = gcp.projects.Service(\"firebase_database\",\n project=default_project.project,\n service=\"firebasedatabase.googleapis.com\")\ndefault_database_instance = gcp.firebase.DatabaseInstance(\"default\",\n project=default_project.project,\n region=\"us-central1\",\n instance_id=\"rtdb-project-default-rtdb\",\n type=\"DEFAULT_DATABASE\",\n opts = pulumi.ResourceOptions(depends_on=[firebase_database]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Organizations.Project(\"default\", new()\n {\n ProjectId = \"rtdb-project\",\n Name = \"rtdb-project\",\n OrgId = \"123456789\",\n DeletionPolicy = \"DELETE\",\n Labels = \n {\n { \"firebase\", \"enabled\" },\n },\n });\n\n var defaultProject = new Gcp.Firebase.Project(\"default\", new()\n {\n ProjectID = @default.ProjectId,\n });\n\n var firebaseDatabase = new Gcp.Projects.Service(\"firebase_database\", new()\n {\n Project = defaultProject.ProjectID,\n ServiceName = \"firebasedatabase.googleapis.com\",\n });\n\n var defaultDatabaseInstance = new Gcp.Firebase.DatabaseInstance(\"default\", new()\n {\n Project = defaultProject.ProjectID,\n Region = \"us-central1\",\n InstanceId = \"rtdb-project-default-rtdb\",\n Type = \"DEFAULT_DATABASE\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n firebaseDatabase,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewProject(ctx, \"default\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"rtdb-project\"),\n\t\t\tName: pulumi.String(\"rtdb-project\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"firebase\": pulumi.String(\"enabled\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultProject, err := firebase.NewProject(ctx, \"default\", \u0026firebase.ProjectArgs{\n\t\t\tProject: _default.ProjectId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirebaseDatabase, err := projects.NewService(ctx, \"firebase_database\", \u0026projects.ServiceArgs{\n\t\t\tProject: defaultProject.Project,\n\t\t\tService: pulumi.String(\"firebasedatabase.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewDatabaseInstance(ctx, \"default\", \u0026firebase.DatabaseInstanceArgs{\n\t\t\tProject: defaultProject.Project,\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tInstanceId: pulumi.String(\"rtdb-project-default-rtdb\"),\n\t\t\tType: pulumi.String(\"DEFAULT_DATABASE\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfirebaseDatabase,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.firebase.Project;\nimport com.pulumi.gcp.firebase.ProjectArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.firebase.DatabaseInstance;\nimport com.pulumi.gcp.firebase.DatabaseInstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Project(\"default\", ProjectArgs.builder()\n .projectId(\"rtdb-project\")\n .name(\"rtdb-project\")\n .orgId(\"123456789\")\n .deletionPolicy(\"DELETE\")\n .labels(Map.of(\"firebase\", \"enabled\"))\n .build());\n\n var defaultProject = new Project(\"defaultProject\", ProjectArgs.builder()\n .project(default_.projectId())\n .build());\n\n var firebaseDatabase = new Service(\"firebaseDatabase\", ServiceArgs.builder()\n .project(defaultProject.project())\n .service(\"firebasedatabase.googleapis.com\")\n .build());\n\n var defaultDatabaseInstance = new DatabaseInstance(\"defaultDatabaseInstance\", DatabaseInstanceArgs.builder()\n .project(defaultProject.project())\n .region(\"us-central1\")\n .instanceId(\"rtdb-project-default-rtdb\")\n .type(\"DEFAULT_DATABASE\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(firebaseDatabase)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:organizations:Project\n properties:\n projectId: rtdb-project\n name: rtdb-project\n orgId: '123456789'\n deletionPolicy: DELETE\n labels:\n firebase: enabled\n defaultProject:\n type: gcp:firebase:Project\n name: default\n properties:\n project: ${default.projectId}\n firebaseDatabase:\n type: gcp:projects:Service\n name: firebase_database\n properties:\n project: ${defaultProject.project}\n service: firebasedatabase.googleapis.com\n defaultDatabaseInstance:\n type: gcp:firebase:DatabaseInstance\n name: default\n properties:\n project: ${defaultProject.project}\n region: us-central1\n instanceId: rtdb-project-default-rtdb\n type: DEFAULT_DATABASE\n options:\n dependson:\n - ${firebaseDatabase}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInstance can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/instances/{{instance_id}}`\n\n* `{{project}}/{{region}}/{{instance_id}}`\n\n* `{{region}}/{{instance_id}}`\n\n* `{{instance_id}}`\n\nWhen using the `pulumi import` command, Instance can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:firebase/databaseInstance:DatabaseInstance default projects/{{project}}/locations/{{region}}/instances/{{instance_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/databaseInstance:DatabaseInstance default {{project}}/{{region}}/{{instance_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/databaseInstance:DatabaseInstance default {{region}}/{{instance_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/databaseInstance:DatabaseInstance default {{instance_id}}\n```\n\n", + "description": "## Example Usage\n\n### Firebase Database Instance Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = new gcp.firebase.DatabaseInstance(\"basic\", {\n project: \"my-project-name\",\n region: \"us-central1\",\n instanceId: \"active-db\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic = gcp.firebase.DatabaseInstance(\"basic\",\n project=\"my-project-name\",\n region=\"us-central1\",\n instance_id=\"active-db\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = new Gcp.Firebase.DatabaseInstance(\"basic\", new()\n {\n Project = \"my-project-name\",\n Region = \"us-central1\",\n InstanceId = \"active-db\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firebase.NewDatabaseInstance(ctx, \"basic\", \u0026firebase.DatabaseInstanceArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tInstanceId: pulumi.String(\"active-db\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firebase.DatabaseInstance;\nimport com.pulumi.gcp.firebase.DatabaseInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basic = new DatabaseInstance(\"basic\", DatabaseInstanceArgs.builder()\n .project(\"my-project-name\")\n .region(\"us-central1\")\n .instanceId(\"active-db\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basic:\n type: gcp:firebase:DatabaseInstance\n properties:\n project: my-project-name\n region: us-central1\n instanceId: active-db\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firebase Database Instance Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst full = new gcp.firebase.DatabaseInstance(\"full\", {\n project: \"my-project-name\",\n region: \"europe-west1\",\n instanceId: \"disabled-db\",\n type: \"USER_DATABASE\",\n desiredState: \"DISABLED\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfull = gcp.firebase.DatabaseInstance(\"full\",\n project=\"my-project-name\",\n region=\"europe-west1\",\n instance_id=\"disabled-db\",\n type=\"USER_DATABASE\",\n desired_state=\"DISABLED\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var full = new Gcp.Firebase.DatabaseInstance(\"full\", new()\n {\n Project = \"my-project-name\",\n Region = \"europe-west1\",\n InstanceId = \"disabled-db\",\n Type = \"USER_DATABASE\",\n DesiredState = \"DISABLED\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firebase.NewDatabaseInstance(ctx, \"full\", \u0026firebase.DatabaseInstanceArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tRegion: pulumi.String(\"europe-west1\"),\n\t\t\tInstanceId: pulumi.String(\"disabled-db\"),\n\t\t\tType: pulumi.String(\"USER_DATABASE\"),\n\t\t\tDesiredState: pulumi.String(\"DISABLED\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firebase.DatabaseInstance;\nimport com.pulumi.gcp.firebase.DatabaseInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var full = new DatabaseInstance(\"full\", DatabaseInstanceArgs.builder()\n .project(\"my-project-name\")\n .region(\"europe-west1\")\n .instanceId(\"disabled-db\")\n .type(\"USER_DATABASE\")\n .desiredState(\"DISABLED\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n full:\n type: gcp:firebase:DatabaseInstance\n properties:\n project: my-project-name\n region: europe-west1\n instanceId: disabled-db\n type: USER_DATABASE\n desiredState: DISABLED\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firebase Database Instance Default Database\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.organizations.Project(\"default\", {\n projectId: \"rtdb-project\",\n name: \"rtdb-project\",\n orgId: \"123456789\",\n deletionPolicy: \"DELETE\",\n labels: {\n firebase: \"enabled\",\n },\n});\nconst defaultProject = new gcp.firebase.Project(\"default\", {project: _default.projectId});\nconst firebaseDatabase = new gcp.projects.Service(\"firebase_database\", {\n project: defaultProject.project,\n service: \"firebasedatabase.googleapis.com\",\n});\nconst defaultDatabaseInstance = new gcp.firebase.DatabaseInstance(\"default\", {\n project: defaultProject.project,\n region: \"us-central1\",\n instanceId: \"rtdb-project-default-rtdb\",\n type: \"DEFAULT_DATABASE\",\n}, {\n dependsOn: [firebaseDatabase],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.organizations.Project(\"default\",\n project_id=\"rtdb-project\",\n name=\"rtdb-project\",\n org_id=\"123456789\",\n deletion_policy=\"DELETE\",\n labels={\n \"firebase\": \"enabled\",\n })\ndefault_project = gcp.firebase.Project(\"default\", project=default.project_id)\nfirebase_database = gcp.projects.Service(\"firebase_database\",\n project=default_project.project,\n service=\"firebasedatabase.googleapis.com\")\ndefault_database_instance = gcp.firebase.DatabaseInstance(\"default\",\n project=default_project.project,\n region=\"us-central1\",\n instance_id=\"rtdb-project-default-rtdb\",\n type=\"DEFAULT_DATABASE\",\n opts = pulumi.ResourceOptions(depends_on=[firebase_database]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Organizations.Project(\"default\", new()\n {\n ProjectId = \"rtdb-project\",\n Name = \"rtdb-project\",\n OrgId = \"123456789\",\n DeletionPolicy = \"DELETE\",\n Labels = \n {\n { \"firebase\", \"enabled\" },\n },\n });\n\n var defaultProject = new Gcp.Firebase.Project(\"default\", new()\n {\n ProjectID = @default.ProjectId,\n });\n\n var firebaseDatabase = new Gcp.Projects.Service(\"firebase_database\", new()\n {\n Project = defaultProject.ProjectID,\n ServiceName = \"firebasedatabase.googleapis.com\",\n });\n\n var defaultDatabaseInstance = new Gcp.Firebase.DatabaseInstance(\"default\", new()\n {\n Project = defaultProject.ProjectID,\n Region = \"us-central1\",\n InstanceId = \"rtdb-project-default-rtdb\",\n Type = \"DEFAULT_DATABASE\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n firebaseDatabase,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewProject(ctx, \"default\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"rtdb-project\"),\n\t\t\tName: pulumi.String(\"rtdb-project\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"firebase\": pulumi.String(\"enabled\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultProject, err := firebase.NewProject(ctx, \"default\", \u0026firebase.ProjectArgs{\n\t\t\tProject: _default.ProjectId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirebaseDatabase, err := projects.NewService(ctx, \"firebase_database\", \u0026projects.ServiceArgs{\n\t\t\tProject: defaultProject.Project,\n\t\t\tService: pulumi.String(\"firebasedatabase.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewDatabaseInstance(ctx, \"default\", \u0026firebase.DatabaseInstanceArgs{\n\t\t\tProject: defaultProject.Project,\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tInstanceId: pulumi.String(\"rtdb-project-default-rtdb\"),\n\t\t\tType: pulumi.String(\"DEFAULT_DATABASE\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfirebaseDatabase,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.firebase.Project;\nimport com.pulumi.gcp.firebase.ProjectArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.firebase.DatabaseInstance;\nimport com.pulumi.gcp.firebase.DatabaseInstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Project(\"default\", ProjectArgs.builder()\n .projectId(\"rtdb-project\")\n .name(\"rtdb-project\")\n .orgId(\"123456789\")\n .deletionPolicy(\"DELETE\")\n .labels(Map.of(\"firebase\", \"enabled\"))\n .build());\n\n var defaultProject = new Project(\"defaultProject\", ProjectArgs.builder()\n .project(default_.projectId())\n .build());\n\n var firebaseDatabase = new Service(\"firebaseDatabase\", ServiceArgs.builder()\n .project(defaultProject.project())\n .service(\"firebasedatabase.googleapis.com\")\n .build());\n\n var defaultDatabaseInstance = new DatabaseInstance(\"defaultDatabaseInstance\", DatabaseInstanceArgs.builder()\n .project(defaultProject.project())\n .region(\"us-central1\")\n .instanceId(\"rtdb-project-default-rtdb\")\n .type(\"DEFAULT_DATABASE\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(firebaseDatabase)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:organizations:Project\n properties:\n projectId: rtdb-project\n name: rtdb-project\n orgId: '123456789'\n deletionPolicy: DELETE\n labels:\n firebase: enabled\n defaultProject:\n type: gcp:firebase:Project\n name: default\n properties:\n project: ${default.projectId}\n firebaseDatabase:\n type: gcp:projects:Service\n name: firebase_database\n properties:\n project: ${defaultProject.project}\n service: firebasedatabase.googleapis.com\n defaultDatabaseInstance:\n type: gcp:firebase:DatabaseInstance\n name: default\n properties:\n project: ${defaultProject.project}\n region: us-central1\n instanceId: rtdb-project-default-rtdb\n type: DEFAULT_DATABASE\n options:\n dependsOn:\n - ${firebaseDatabase}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInstance can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/instances/{{instance_id}}`\n\n* `{{project}}/{{region}}/{{instance_id}}`\n\n* `{{region}}/{{instance_id}}`\n\n* `{{instance_id}}`\n\nWhen using the `pulumi import` command, Instance can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:firebase/databaseInstance:DatabaseInstance default projects/{{project}}/locations/{{region}}/instances/{{instance_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/databaseInstance:DatabaseInstance default {{project}}/{{region}}/{{instance_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/databaseInstance:DatabaseInstance default {{region}}/{{instance_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/databaseInstance:DatabaseInstance default {{instance_id}}\n```\n\n", "properties": { "databaseUrl": { "type": "string", @@ -213286,7 +213286,7 @@ } }, "gcp:firebase/extensionsInstance:ExtensionsInstance": { - "description": "## Example Usage\n\n### Firebase Extentions Instance Resize Image\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst images = new gcp.storage.Bucket(\"images\", {\n project: \"my-project-name\",\n name: \"bucket-id\",\n location: \"US\",\n uniformBucketLevelAccess: true,\n forceDestroy: true,\n});\nconst resizeImage = new gcp.firebase.ExtensionsInstance(\"resize_image\", {\n project: \"my-project-name\",\n instanceId: \"storage-resize-images\",\n config: {\n extensionRef: \"firebase/storage-resize-images\",\n extensionVersion: \"0.2.2\",\n params: {\n DELETE_ORIGINAL_FILE: \"false\",\n MAKE_PUBLIC: \"false\",\n IMAGE_TYPE: \"false\",\n IS_ANIMATED: \"true\",\n FUNCTION_MEMORY: \"1024\",\n DO_BACKFILL: \"false\",\n IMG_SIZES: \"200x200\",\n IMG_BUCKET: images.name,\n },\n systemParams: {\n \"firebaseextensions.v1beta.function/location\": \"\",\n \"firebaseextensions.v1beta.function/maxInstances\": \"3000\",\n \"firebaseextensions.v1beta.function/minInstances\": \"0\",\n \"firebaseextensions.v1beta.function/vpcConnectorEgressSettings\": \"VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED\",\n },\n allowedEventTypes: [\"firebase.extensions.storage-resize-images.v1.onCompletion\"],\n eventarcChannel: \"projects/my-project-name/locations//channels/firebase\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nimages = gcp.storage.Bucket(\"images\",\n project=\"my-project-name\",\n name=\"bucket-id\",\n location=\"US\",\n uniform_bucket_level_access=True,\n force_destroy=True)\nresize_image = gcp.firebase.ExtensionsInstance(\"resize_image\",\n project=\"my-project-name\",\n instance_id=\"storage-resize-images\",\n config={\n \"extension_ref\": \"firebase/storage-resize-images\",\n \"extension_version\": \"0.2.2\",\n \"params\": {\n \"DELETE_ORIGINAL_FILE\": \"false\",\n \"MAKE_PUBLIC\": \"false\",\n \"IMAGE_TYPE\": \"false\",\n \"IS_ANIMATED\": \"true\",\n \"FUNCTION_MEMORY\": \"1024\",\n \"DO_BACKFILL\": \"false\",\n \"IMG_SIZES\": \"200x200\",\n \"IMG_BUCKET\": images.name,\n },\n \"system_params\": {\n \"firebaseextensions.v1beta.function/location\": \"\",\n \"firebaseextensions.v1beta.function/maxInstances\": \"3000\",\n \"firebaseextensions.v1beta.function/minInstances\": \"0\",\n \"firebaseextensions.v1beta.function/vpcConnectorEgressSettings\": \"VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED\",\n },\n \"allowed_event_types\": [\"firebase.extensions.storage-resize-images.v1.onCompletion\"],\n \"eventarc_channel\": \"projects/my-project-name/locations//channels/firebase\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var images = new Gcp.Storage.Bucket(\"images\", new()\n {\n Project = \"my-project-name\",\n Name = \"bucket-id\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n ForceDestroy = true,\n });\n\n var resizeImage = new Gcp.Firebase.ExtensionsInstance(\"resize_image\", new()\n {\n Project = \"my-project-name\",\n InstanceId = \"storage-resize-images\",\n Config = new Gcp.Firebase.Inputs.ExtensionsInstanceConfigArgs\n {\n ExtensionRef = \"firebase/storage-resize-images\",\n ExtensionVersion = \"0.2.2\",\n Params = \n {\n { \"DELETE_ORIGINAL_FILE\", \"false\" },\n { \"MAKE_PUBLIC\", \"false\" },\n { \"IMAGE_TYPE\", \"false\" },\n { \"IS_ANIMATED\", \"true\" },\n { \"FUNCTION_MEMORY\", \"1024\" },\n { \"DO_BACKFILL\", \"false\" },\n { \"IMG_SIZES\", \"200x200\" },\n { \"IMG_BUCKET\", images.Name },\n },\n SystemParams = \n {\n { \"firebaseextensions.v1beta.function/location\", \"\" },\n { \"firebaseextensions.v1beta.function/maxInstances\", \"3000\" },\n { \"firebaseextensions.v1beta.function/minInstances\", \"0\" },\n { \"firebaseextensions.v1beta.function/vpcConnectorEgressSettings\", \"VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED\" },\n },\n AllowedEventTypes = new[]\n {\n \"firebase.extensions.storage-resize-images.v1.onCompletion\",\n },\n EventarcChannel = \"projects/my-project-name/locations//channels/firebase\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\timages, err := storage.NewBucket(ctx, \"images\", \u0026storage.BucketArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tName: pulumi.String(\"bucket-id\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewExtensionsInstance(ctx, \"resize_image\", \u0026firebase.ExtensionsInstanceArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tInstanceId: pulumi.String(\"storage-resize-images\"),\n\t\t\tConfig: \u0026firebase.ExtensionsInstanceConfigArgs{\n\t\t\t\tExtensionRef: pulumi.String(\"firebase/storage-resize-images\"),\n\t\t\t\tExtensionVersion: pulumi.String(\"0.2.2\"),\n\t\t\t\tParams: pulumi.StringMap{\n\t\t\t\t\t\"DELETE_ORIGINAL_FILE\": pulumi.String(\"false\"),\n\t\t\t\t\t\"MAKE_PUBLIC\": pulumi.String(\"false\"),\n\t\t\t\t\t\"IMAGE_TYPE\": pulumi.String(\"false\"),\n\t\t\t\t\t\"IS_ANIMATED\": pulumi.String(\"true\"),\n\t\t\t\t\t\"FUNCTION_MEMORY\": pulumi.String(\"1024\"),\n\t\t\t\t\t\"DO_BACKFILL\": pulumi.String(\"false\"),\n\t\t\t\t\t\"IMG_SIZES\": pulumi.String(\"200x200\"),\n\t\t\t\t\t\"IMG_BUCKET\": images.Name,\n\t\t\t\t},\n\t\t\t\tSystemParams: pulumi.StringMap{\n\t\t\t\t\t\"firebaseextensions.v1beta.function/location\": pulumi.String(\"\"),\n\t\t\t\t\t\"firebaseextensions.v1beta.function/maxInstances\": pulumi.String(\"3000\"),\n\t\t\t\t\t\"firebaseextensions.v1beta.function/minInstances\": pulumi.String(\"0\"),\n\t\t\t\t\t\"firebaseextensions.v1beta.function/vpcConnectorEgressSettings\": pulumi.String(\"VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED\"),\n\t\t\t\t},\n\t\t\t\tAllowedEventTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"firebase.extensions.storage-resize-images.v1.onCompletion\"),\n\t\t\t\t},\n\t\t\t\tEventarcChannel: pulumi.String(\"projects/my-project-name/locations//channels/firebase\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.firebase.ExtensionsInstance;\nimport com.pulumi.gcp.firebase.ExtensionsInstanceArgs;\nimport com.pulumi.gcp.firebase.inputs.ExtensionsInstanceConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var images = new Bucket(\"images\", BucketArgs.builder()\n .project(\"my-project-name\")\n .name(\"bucket-id\")\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .forceDestroy(true)\n .build());\n\n var resizeImage = new ExtensionsInstance(\"resizeImage\", ExtensionsInstanceArgs.builder()\n .project(\"my-project-name\")\n .instanceId(\"storage-resize-images\")\n .config(ExtensionsInstanceConfigArgs.builder()\n .extensionRef(\"firebase/storage-resize-images\")\n .extensionVersion(\"0.2.2\")\n .params(Map.ofEntries(\n Map.entry(\"DELETE_ORIGINAL_FILE\", false),\n Map.entry(\"MAKE_PUBLIC\", false),\n Map.entry(\"IMAGE_TYPE\", false),\n Map.entry(\"IS_ANIMATED\", true),\n Map.entry(\"FUNCTION_MEMORY\", 1024),\n Map.entry(\"DO_BACKFILL\", false),\n Map.entry(\"IMG_SIZES\", \"200x200\"),\n Map.entry(\"IMG_BUCKET\", images.name())\n ))\n .systemParams(Map.ofEntries(\n Map.entry(\"firebaseextensions.v1beta.function/location\", \"\"),\n Map.entry(\"firebaseextensions.v1beta.function/maxInstances\", 3000),\n Map.entry(\"firebaseextensions.v1beta.function/minInstances\", 0),\n Map.entry(\"firebaseextensions.v1beta.function/vpcConnectorEgressSettings\", \"VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED\")\n ))\n .allowedEventTypes(\"firebase.extensions.storage-resize-images.v1.onCompletion\")\n .eventarcChannel(\"projects/my-project-name/locations//channels/firebase\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n images:\n type: gcp:storage:Bucket\n properties:\n project: my-project-name\n name: bucket-id\n location: US\n uniformBucketLevelAccess: true # Delete all objects when the bucket is deleted\n forceDestroy: true\n resizeImage:\n type: gcp:firebase:ExtensionsInstance\n name: resize_image\n properties:\n project: my-project-name\n instanceId: storage-resize-images\n config:\n extensionRef: firebase/storage-resize-images\n extensionVersion: 0.2.2\n params:\n DELETE_ORIGINAL_FILE: false\n MAKE_PUBLIC: false\n IMAGE_TYPE: false\n IS_ANIMATED: true\n FUNCTION_MEMORY: 1024\n DO_BACKFILL: false\n IMG_SIZES: 200x200\n IMG_BUCKET: ${images.name}\n systemParams:\n firebaseextensions.v1beta.function/location:\n firebaseextensions.v1beta.function/maxInstances: 3000\n firebaseextensions.v1beta.function/minInstances: 0\n firebaseextensions.v1beta.function/vpcConnectorEgressSettings: VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED\n allowedEventTypes:\n - firebase.extensions.storage-resize-images.v1.onCompletion\n eventarcChannel: projects/my-project-name/locations//channels/firebase\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInstance can be imported using any of these accepted formats:\n\n* `projects/{{project}}/instances/{{instance_id}}`\n\n* `{{project}}/{{instance_id}}`\n\n* `{{instance_id}}`\n\nWhen using the `pulumi import` command, Instance can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:firebase/extensionsInstance:ExtensionsInstance default projects/{{project}}/instances/{{instance_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/extensionsInstance:ExtensionsInstance default {{project}}/{{instance_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/extensionsInstance:ExtensionsInstance default {{instance_id}}\n```\n\n", + "description": "## Example Usage\n\n### Firebase Extentions Instance Resize Image\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst images = new gcp.storage.Bucket(\"images\", {\n project: \"my-project-name\",\n name: \"bucket-id\",\n location: \"US\",\n uniformBucketLevelAccess: true,\n forceDestroy: true,\n});\nconst resizeImage = new gcp.firebase.ExtensionsInstance(\"resize_image\", {\n project: \"my-project-name\",\n instanceId: \"storage-resize-images\",\n config: {\n extensionRef: \"firebase/storage-resize-images\",\n extensionVersion: \"0.2.2\",\n params: {\n DELETE_ORIGINAL_FILE: \"false\",\n MAKE_PUBLIC: \"false\",\n IMAGE_TYPE: \"false\",\n IS_ANIMATED: \"true\",\n FUNCTION_MEMORY: \"1024\",\n DO_BACKFILL: \"false\",\n IMG_SIZES: \"200x200\",\n IMG_BUCKET: images.name,\n },\n systemParams: {\n \"firebaseextensions.v1beta.function/location\": \"\",\n \"firebaseextensions.v1beta.function/maxInstances\": \"3000\",\n \"firebaseextensions.v1beta.function/minInstances\": \"0\",\n \"firebaseextensions.v1beta.function/vpcConnectorEgressSettings\": \"VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED\",\n },\n allowedEventTypes: [\"firebase.extensions.storage-resize-images.v1.onCompletion\"],\n eventarcChannel: \"projects/my-project-name/locations//channels/firebase\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nimages = gcp.storage.Bucket(\"images\",\n project=\"my-project-name\",\n name=\"bucket-id\",\n location=\"US\",\n uniform_bucket_level_access=True,\n force_destroy=True)\nresize_image = gcp.firebase.ExtensionsInstance(\"resize_image\",\n project=\"my-project-name\",\n instance_id=\"storage-resize-images\",\n config={\n \"extension_ref\": \"firebase/storage-resize-images\",\n \"extension_version\": \"0.2.2\",\n \"params\": {\n \"DELETE_ORIGINAL_FILE\": \"false\",\n \"MAKE_PUBLIC\": \"false\",\n \"IMAGE_TYPE\": \"false\",\n \"IS_ANIMATED\": \"true\",\n \"FUNCTION_MEMORY\": \"1024\",\n \"DO_BACKFILL\": \"false\",\n \"IMG_SIZES\": \"200x200\",\n \"IMG_BUCKET\": images.name,\n },\n \"system_params\": {\n \"firebaseextensions.v1beta.function/location\": \"\",\n \"firebaseextensions.v1beta.function/maxInstances\": \"3000\",\n \"firebaseextensions.v1beta.function/minInstances\": \"0\",\n \"firebaseextensions.v1beta.function/vpcConnectorEgressSettings\": \"VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED\",\n },\n \"allowed_event_types\": [\"firebase.extensions.storage-resize-images.v1.onCompletion\"],\n \"eventarc_channel\": \"projects/my-project-name/locations//channels/firebase\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var images = new Gcp.Storage.Bucket(\"images\", new()\n {\n Project = \"my-project-name\",\n Name = \"bucket-id\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n ForceDestroy = true,\n });\n\n var resizeImage = new Gcp.Firebase.ExtensionsInstance(\"resize_image\", new()\n {\n Project = \"my-project-name\",\n InstanceId = \"storage-resize-images\",\n Config = new Gcp.Firebase.Inputs.ExtensionsInstanceConfigArgs\n {\n ExtensionRef = \"firebase/storage-resize-images\",\n ExtensionVersion = \"0.2.2\",\n Params = \n {\n { \"DELETE_ORIGINAL_FILE\", \"false\" },\n { \"MAKE_PUBLIC\", \"false\" },\n { \"IMAGE_TYPE\", \"false\" },\n { \"IS_ANIMATED\", \"true\" },\n { \"FUNCTION_MEMORY\", \"1024\" },\n { \"DO_BACKFILL\", \"false\" },\n { \"IMG_SIZES\", \"200x200\" },\n { \"IMG_BUCKET\", images.Name },\n },\n SystemParams = \n {\n { \"firebaseextensions.v1beta.function/location\", \"\" },\n { \"firebaseextensions.v1beta.function/maxInstances\", \"3000\" },\n { \"firebaseextensions.v1beta.function/minInstances\", \"0\" },\n { \"firebaseextensions.v1beta.function/vpcConnectorEgressSettings\", \"VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED\" },\n },\n AllowedEventTypes = new[]\n {\n \"firebase.extensions.storage-resize-images.v1.onCompletion\",\n },\n EventarcChannel = \"projects/my-project-name/locations//channels/firebase\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\timages, err := storage.NewBucket(ctx, \"images\", \u0026storage.BucketArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tName: pulumi.String(\"bucket-id\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewExtensionsInstance(ctx, \"resize_image\", \u0026firebase.ExtensionsInstanceArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tInstanceId: pulumi.String(\"storage-resize-images\"),\n\t\t\tConfig: \u0026firebase.ExtensionsInstanceConfigArgs{\n\t\t\t\tExtensionRef: pulumi.String(\"firebase/storage-resize-images\"),\n\t\t\t\tExtensionVersion: pulumi.String(\"0.2.2\"),\n\t\t\t\tParams: pulumi.StringMap{\n\t\t\t\t\t\"DELETE_ORIGINAL_FILE\": pulumi.String(\"false\"),\n\t\t\t\t\t\"MAKE_PUBLIC\": pulumi.String(\"false\"),\n\t\t\t\t\t\"IMAGE_TYPE\": pulumi.String(\"false\"),\n\t\t\t\t\t\"IS_ANIMATED\": pulumi.String(\"true\"),\n\t\t\t\t\t\"FUNCTION_MEMORY\": pulumi.String(\"1024\"),\n\t\t\t\t\t\"DO_BACKFILL\": pulumi.String(\"false\"),\n\t\t\t\t\t\"IMG_SIZES\": pulumi.String(\"200x200\"),\n\t\t\t\t\t\"IMG_BUCKET\": images.Name,\n\t\t\t\t},\n\t\t\t\tSystemParams: pulumi.StringMap{\n\t\t\t\t\t\"firebaseextensions.v1beta.function/location\": pulumi.String(\"\"),\n\t\t\t\t\t\"firebaseextensions.v1beta.function/maxInstances\": pulumi.String(\"3000\"),\n\t\t\t\t\t\"firebaseextensions.v1beta.function/minInstances\": pulumi.String(\"0\"),\n\t\t\t\t\t\"firebaseextensions.v1beta.function/vpcConnectorEgressSettings\": pulumi.String(\"VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED\"),\n\t\t\t\t},\n\t\t\t\tAllowedEventTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"firebase.extensions.storage-resize-images.v1.onCompletion\"),\n\t\t\t\t},\n\t\t\t\tEventarcChannel: pulumi.String(\"projects/my-project-name/locations//channels/firebase\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.firebase.ExtensionsInstance;\nimport com.pulumi.gcp.firebase.ExtensionsInstanceArgs;\nimport com.pulumi.gcp.firebase.inputs.ExtensionsInstanceConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var images = new Bucket(\"images\", BucketArgs.builder()\n .project(\"my-project-name\")\n .name(\"bucket-id\")\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .forceDestroy(true)\n .build());\n\n var resizeImage = new ExtensionsInstance(\"resizeImage\", ExtensionsInstanceArgs.builder()\n .project(\"my-project-name\")\n .instanceId(\"storage-resize-images\")\n .config(ExtensionsInstanceConfigArgs.builder()\n .extensionRef(\"firebase/storage-resize-images\")\n .extensionVersion(\"0.2.2\")\n .params(Map.ofEntries(\n Map.entry(\"DELETE_ORIGINAL_FILE\", false),\n Map.entry(\"MAKE_PUBLIC\", false),\n Map.entry(\"IMAGE_TYPE\", false),\n Map.entry(\"IS_ANIMATED\", true),\n Map.entry(\"FUNCTION_MEMORY\", 1024),\n Map.entry(\"DO_BACKFILL\", false),\n Map.entry(\"IMG_SIZES\", \"200x200\"),\n Map.entry(\"IMG_BUCKET\", images.name())\n ))\n .systemParams(Map.ofEntries(\n Map.entry(\"firebaseextensions.v1beta.function/location\", \"\"),\n Map.entry(\"firebaseextensions.v1beta.function/maxInstances\", 3000),\n Map.entry(\"firebaseextensions.v1beta.function/minInstances\", 0),\n Map.entry(\"firebaseextensions.v1beta.function/vpcConnectorEgressSettings\", \"VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED\")\n ))\n .allowedEventTypes(\"firebase.extensions.storage-resize-images.v1.onCompletion\")\n .eventarcChannel(\"projects/my-project-name/locations//channels/firebase\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n images:\n type: gcp:storage:Bucket\n properties:\n project: my-project-name\n name: bucket-id\n location: US\n uniformBucketLevelAccess: true # Delete all objects when the bucket is deleted\n forceDestroy: true\n resizeImage:\n type: gcp:firebase:ExtensionsInstance\n name: resize_image\n properties:\n project: my-project-name\n instanceId: storage-resize-images\n config:\n extensionRef: firebase/storage-resize-images\n extensionVersion: 0.2.2\n params:\n DELETE_ORIGINAL_FILE: false\n MAKE_PUBLIC: false\n IMAGE_TYPE: false\n IS_ANIMATED: true\n FUNCTION_MEMORY: 1024\n DO_BACKFILL: false\n IMG_SIZES: 200x200\n IMG_BUCKET: ${images.name}\n systemParams:\n firebaseextensions.v1beta.function/location: \"\"\n firebaseextensions.v1beta.function/maxInstances: 3000\n firebaseextensions.v1beta.function/minInstances: 0\n firebaseextensions.v1beta.function/vpcConnectorEgressSettings: VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED\n allowedEventTypes:\n - firebase.extensions.storage-resize-images.v1.onCompletion\n eventarcChannel: projects/my-project-name/locations//channels/firebase\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInstance can be imported using any of these accepted formats:\n\n* `projects/{{project}}/instances/{{instance_id}}`\n\n* `{{project}}/{{instance_id}}`\n\n* `{{instance_id}}`\n\nWhen using the `pulumi import` command, Instance can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:firebase/extensionsInstance:ExtensionsInstance default projects/{{project}}/instances/{{instance_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/extensionsInstance:ExtensionsInstance default {{project}}/{{instance_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/extensionsInstance:ExtensionsInstance default {{instance_id}}\n```\n\n", "properties": { "config": { "$ref": "#/types/gcp:firebase/ExtensionsInstanceConfig:ExtensionsInstanceConfig", @@ -214380,7 +214380,7 @@ } }, "gcp:firebaserules/ruleset:Ruleset": { - "description": "For more information, see:\n* [Get started with Firebase Security Rules](https://firebase.google.com/docs/rules/get-started)\n## Example Usage\n\n### Basic_ruleset\nCreates a basic Firestore ruleset\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst primary = new gcp.firebaserules.Ruleset(\"primary\", {\n source: {\n files: [{\n content: \"service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }\",\n name: \"firestore.rules\",\n fingerprint: \"\",\n }],\n language: \"\",\n },\n project: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprimary = gcp.firebaserules.Ruleset(\"primary\",\n source={\n \"files\": [{\n \"content\": \"service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }\",\n \"name\": \"firestore.rules\",\n \"fingerprint\": \"\",\n }],\n \"language\": \"\",\n },\n project=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Gcp.Firebaserules.Ruleset(\"primary\", new()\n {\n Source = new Gcp.Firebaserules.Inputs.RulesetSourceArgs\n {\n Files = new[]\n {\n new Gcp.Firebaserules.Inputs.RulesetSourceFileArgs\n {\n Content = \"service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }\",\n Name = \"firestore.rules\",\n Fingerprint = \"\",\n },\n },\n Language = \"\",\n },\n Project = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebaserules\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firebaserules.NewRuleset(ctx, \"primary\", \u0026firebaserules.RulesetArgs{\n\t\t\tSource: \u0026firebaserules.RulesetSourceArgs{\n\t\t\t\tFiles: firebaserules.RulesetSourceFileArray{\n\t\t\t\t\t\u0026firebaserules.RulesetSourceFileArgs{\n\t\t\t\t\t\tContent: pulumi.String(\"service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }\"),\n\t\t\t\t\t\tName: pulumi.String(\"firestore.rules\"),\n\t\t\t\t\t\tFingerprint: pulumi.String(\"\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tLanguage: pulumi.String(\"\"),\n\t\t\t},\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firebaserules.Ruleset;\nimport com.pulumi.gcp.firebaserules.RulesetArgs;\nimport com.pulumi.gcp.firebaserules.inputs.RulesetSourceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Ruleset(\"primary\", RulesetArgs.builder()\n .source(RulesetSourceArgs.builder()\n .files(RulesetSourceFileArgs.builder()\n .content(\"service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }\")\n .name(\"firestore.rules\")\n .fingerprint(\"\")\n .build())\n .language(\"\")\n .build())\n .project(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:firebaserules:Ruleset\n properties:\n source:\n files:\n - content: 'service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }'\n name: firestore.rules\n fingerprint:\n language:\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Minimal_ruleset\nCreates a minimal Firestore ruleset\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst primary = new gcp.firebaserules.Ruleset(\"primary\", {\n source: {\n files: [{\n content: \"service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }\",\n name: \"firestore.rules\",\n }],\n },\n project: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprimary = gcp.firebaserules.Ruleset(\"primary\",\n source={\n \"files\": [{\n \"content\": \"service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }\",\n \"name\": \"firestore.rules\",\n }],\n },\n project=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Gcp.Firebaserules.Ruleset(\"primary\", new()\n {\n Source = new Gcp.Firebaserules.Inputs.RulesetSourceArgs\n {\n Files = new[]\n {\n new Gcp.Firebaserules.Inputs.RulesetSourceFileArgs\n {\n Content = \"service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }\",\n Name = \"firestore.rules\",\n },\n },\n },\n Project = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebaserules\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firebaserules.NewRuleset(ctx, \"primary\", \u0026firebaserules.RulesetArgs{\n\t\t\tSource: \u0026firebaserules.RulesetSourceArgs{\n\t\t\t\tFiles: firebaserules.RulesetSourceFileArray{\n\t\t\t\t\t\u0026firebaserules.RulesetSourceFileArgs{\n\t\t\t\t\t\tContent: pulumi.String(\"service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }\"),\n\t\t\t\t\t\tName: pulumi.String(\"firestore.rules\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firebaserules.Ruleset;\nimport com.pulumi.gcp.firebaserules.RulesetArgs;\nimport com.pulumi.gcp.firebaserules.inputs.RulesetSourceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Ruleset(\"primary\", RulesetArgs.builder()\n .source(RulesetSourceArgs.builder()\n .files(RulesetSourceFileArgs.builder()\n .content(\"service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }\")\n .name(\"firestore.rules\")\n .build())\n .build())\n .project(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:firebaserules:Ruleset\n properties:\n source:\n files:\n - content: 'service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }'\n name: firestore.rules\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRuleset can be imported using any of these accepted formats:\n\n* `projects/{{project}}/rulesets/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Ruleset can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:firebaserules/ruleset:Ruleset default projects/{{project}}/rulesets/{{name}}\n```\n\n```sh\n$ pulumi import gcp:firebaserules/ruleset:Ruleset default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:firebaserules/ruleset:Ruleset default {{name}}\n```\n\n", + "description": "For more information, see:\n* [Get started with Firebase Security Rules](https://firebase.google.com/docs/rules/get-started)\n## Example Usage\n\n### Basic_ruleset\nCreates a basic Firestore ruleset\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst primary = new gcp.firebaserules.Ruleset(\"primary\", {\n source: {\n files: [{\n content: \"service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }\",\n name: \"firestore.rules\",\n fingerprint: \"\",\n }],\n language: \"\",\n },\n project: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprimary = gcp.firebaserules.Ruleset(\"primary\",\n source={\n \"files\": [{\n \"content\": \"service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }\",\n \"name\": \"firestore.rules\",\n \"fingerprint\": \"\",\n }],\n \"language\": \"\",\n },\n project=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Gcp.Firebaserules.Ruleset(\"primary\", new()\n {\n Source = new Gcp.Firebaserules.Inputs.RulesetSourceArgs\n {\n Files = new[]\n {\n new Gcp.Firebaserules.Inputs.RulesetSourceFileArgs\n {\n Content = \"service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }\",\n Name = \"firestore.rules\",\n Fingerprint = \"\",\n },\n },\n Language = \"\",\n },\n Project = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebaserules\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firebaserules.NewRuleset(ctx, \"primary\", \u0026firebaserules.RulesetArgs{\n\t\t\tSource: \u0026firebaserules.RulesetSourceArgs{\n\t\t\t\tFiles: firebaserules.RulesetSourceFileArray{\n\t\t\t\t\t\u0026firebaserules.RulesetSourceFileArgs{\n\t\t\t\t\t\tContent: pulumi.String(\"service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }\"),\n\t\t\t\t\t\tName: pulumi.String(\"firestore.rules\"),\n\t\t\t\t\t\tFingerprint: pulumi.String(\"\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tLanguage: pulumi.String(\"\"),\n\t\t\t},\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firebaserules.Ruleset;\nimport com.pulumi.gcp.firebaserules.RulesetArgs;\nimport com.pulumi.gcp.firebaserules.inputs.RulesetSourceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Ruleset(\"primary\", RulesetArgs.builder()\n .source(RulesetSourceArgs.builder()\n .files(RulesetSourceFileArgs.builder()\n .content(\"service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }\")\n .name(\"firestore.rules\")\n .fingerprint(\"\")\n .build())\n .language(\"\")\n .build())\n .project(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:firebaserules:Ruleset\n properties:\n source:\n files:\n - content: 'service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }'\n name: firestore.rules\n fingerprint: \"\"\n language: \"\"\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Minimal_ruleset\nCreates a minimal Firestore ruleset\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst primary = new gcp.firebaserules.Ruleset(\"primary\", {\n source: {\n files: [{\n content: \"service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }\",\n name: \"firestore.rules\",\n }],\n },\n project: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprimary = gcp.firebaserules.Ruleset(\"primary\",\n source={\n \"files\": [{\n \"content\": \"service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }\",\n \"name\": \"firestore.rules\",\n }],\n },\n project=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Gcp.Firebaserules.Ruleset(\"primary\", new()\n {\n Source = new Gcp.Firebaserules.Inputs.RulesetSourceArgs\n {\n Files = new[]\n {\n new Gcp.Firebaserules.Inputs.RulesetSourceFileArgs\n {\n Content = \"service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }\",\n Name = \"firestore.rules\",\n },\n },\n },\n Project = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebaserules\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firebaserules.NewRuleset(ctx, \"primary\", \u0026firebaserules.RulesetArgs{\n\t\t\tSource: \u0026firebaserules.RulesetSourceArgs{\n\t\t\t\tFiles: firebaserules.RulesetSourceFileArray{\n\t\t\t\t\t\u0026firebaserules.RulesetSourceFileArgs{\n\t\t\t\t\t\tContent: pulumi.String(\"service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }\"),\n\t\t\t\t\t\tName: pulumi.String(\"firestore.rules\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firebaserules.Ruleset;\nimport com.pulumi.gcp.firebaserules.RulesetArgs;\nimport com.pulumi.gcp.firebaserules.inputs.RulesetSourceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Ruleset(\"primary\", RulesetArgs.builder()\n .source(RulesetSourceArgs.builder()\n .files(RulesetSourceFileArgs.builder()\n .content(\"service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }\")\n .name(\"firestore.rules\")\n .build())\n .build())\n .project(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:firebaserules:Ruleset\n properties:\n source:\n files:\n - content: 'service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }'\n name: firestore.rules\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRuleset can be imported using any of these accepted formats:\n\n* `projects/{{project}}/rulesets/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Ruleset can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:firebaserules/ruleset:Ruleset default projects/{{project}}/rulesets/{{name}}\n```\n\n```sh\n$ pulumi import gcp:firebaserules/ruleset:Ruleset default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:firebaserules/ruleset:Ruleset default {{name}}\n```\n\n", "properties": { "createTime": { "type": "string", @@ -214558,7 +214558,7 @@ } }, "gcp:firestore/database:Database": { - "description": "A Cloud Firestore Database.\n\nIf you wish to use Firestore with App Engine, use the\n`gcp.appengine.Application`\nresource instead. If you were previously using the `gcp.appengine.Application` resource exclusively for managing a Firestore database\nand would like to use the `gcp.firestore.Database` resource instead, please follow the instructions\n[here](https://cloud.google.com/firestore/docs/app-engine-requirement).\n\n\nTo get more information about Database, see:\n\n* [API documentation](https://cloud.google.com/firestore/docs/reference/rest/v1/projects.databases)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/firestore/docs/)\n\n## Example Usage\n\n### Firestore Default Database\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.firestore.Database(\"database\", {\n project: \"my-project-name\",\n name: \"(default)\",\n locationId: \"nam5\",\n type: \"FIRESTORE_NATIVE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.firestore.Database(\"database\",\n project=\"my-project-name\",\n name=\"(default)\",\n location_id=\"nam5\",\n type=\"FIRESTORE_NATIVE\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Firestore.Database(\"database\", new()\n {\n Project = \"my-project-name\",\n Name = \"(default)\",\n LocationId = \"nam5\",\n Type = \"FIRESTORE_NATIVE\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firestore\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firestore.NewDatabase(ctx, \"database\", \u0026firestore.DatabaseArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tName: pulumi.String(\"(default)\"),\n\t\t\tLocationId: pulumi.String(\"nam5\"),\n\t\t\tType: pulumi.String(\"FIRESTORE_NATIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firestore.Database;\nimport com.pulumi.gcp.firestore.DatabaseArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new Database(\"database\", DatabaseArgs.builder()\n .project(\"my-project-name\")\n .name(\"(default)\")\n .locationId(\"nam5\")\n .type(\"FIRESTORE_NATIVE\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:firestore:Database\n properties:\n project: my-project-name\n name: (default)\n locationId: nam5\n type: FIRESTORE_NATIVE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firestore Database\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.firestore.Database(\"database\", {\n project: \"my-project-name\",\n name: \"database-id\",\n locationId: \"nam5\",\n type: \"FIRESTORE_NATIVE\",\n concurrencyMode: \"OPTIMISTIC\",\n appEngineIntegrationMode: \"DISABLED\",\n pointInTimeRecoveryEnablement: \"POINT_IN_TIME_RECOVERY_ENABLED\",\n deleteProtectionState: \"DELETE_PROTECTION_ENABLED\",\n deletionPolicy: \"DELETE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.firestore.Database(\"database\",\n project=\"my-project-name\",\n name=\"database-id\",\n location_id=\"nam5\",\n type=\"FIRESTORE_NATIVE\",\n concurrency_mode=\"OPTIMISTIC\",\n app_engine_integration_mode=\"DISABLED\",\n point_in_time_recovery_enablement=\"POINT_IN_TIME_RECOVERY_ENABLED\",\n delete_protection_state=\"DELETE_PROTECTION_ENABLED\",\n deletion_policy=\"DELETE\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Firestore.Database(\"database\", new()\n {\n Project = \"my-project-name\",\n Name = \"database-id\",\n LocationId = \"nam5\",\n Type = \"FIRESTORE_NATIVE\",\n ConcurrencyMode = \"OPTIMISTIC\",\n AppEngineIntegrationMode = \"DISABLED\",\n PointInTimeRecoveryEnablement = \"POINT_IN_TIME_RECOVERY_ENABLED\",\n DeleteProtectionState = \"DELETE_PROTECTION_ENABLED\",\n DeletionPolicy = \"DELETE\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firestore\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firestore.NewDatabase(ctx, \"database\", \u0026firestore.DatabaseArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tName: pulumi.String(\"database-id\"),\n\t\t\tLocationId: pulumi.String(\"nam5\"),\n\t\t\tType: pulumi.String(\"FIRESTORE_NATIVE\"),\n\t\t\tConcurrencyMode: pulumi.String(\"OPTIMISTIC\"),\n\t\t\tAppEngineIntegrationMode: pulumi.String(\"DISABLED\"),\n\t\t\tPointInTimeRecoveryEnablement: pulumi.String(\"POINT_IN_TIME_RECOVERY_ENABLED\"),\n\t\t\tDeleteProtectionState: pulumi.String(\"DELETE_PROTECTION_ENABLED\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firestore.Database;\nimport com.pulumi.gcp.firestore.DatabaseArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new Database(\"database\", DatabaseArgs.builder()\n .project(\"my-project-name\")\n .name(\"database-id\")\n .locationId(\"nam5\")\n .type(\"FIRESTORE_NATIVE\")\n .concurrencyMode(\"OPTIMISTIC\")\n .appEngineIntegrationMode(\"DISABLED\")\n .pointInTimeRecoveryEnablement(\"POINT_IN_TIME_RECOVERY_ENABLED\")\n .deleteProtectionState(\"DELETE_PROTECTION_ENABLED\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:firestore:Database\n properties:\n project: my-project-name\n name: database-id\n locationId: nam5\n type: FIRESTORE_NATIVE\n concurrencyMode: OPTIMISTIC\n appEngineIntegrationMode: DISABLED\n pointInTimeRecoveryEnablement: POINT_IN_TIME_RECOVERY_ENABLED\n deleteProtectionState: DELETE_PROTECTION_ENABLED\n deletionPolicy: DELETE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firestore Cmek Database\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst keyRing = new gcp.kms.KeyRing(\"key_ring\", {\n name: \"kms-key-ring\",\n location: \"us\",\n});\nconst cryptoKey = new gcp.kms.CryptoKey(\"crypto_key\", {\n name: \"kms-key\",\n keyRing: keyRing.id,\n purpose: \"ENCRYPT_DECRYPT\",\n});\nconst firestoreCmekKeyuser = new gcp.kms.CryptoKeyIAMBinding(\"firestore_cmek_keyuser\", {\n cryptoKeyId: cryptoKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n members: [project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-firestore.iam.gserviceaccount.com`)],\n});\nconst database = new gcp.firestore.Database(\"database\", {\n project: \"my-project-name\",\n name: \"cmek-database-id\",\n locationId: \"nam5\",\n type: \"FIRESTORE_NATIVE\",\n concurrencyMode: \"OPTIMISTIC\",\n appEngineIntegrationMode: \"DISABLED\",\n pointInTimeRecoveryEnablement: \"POINT_IN_TIME_RECOVERY_ENABLED\",\n deleteProtectionState: \"DELETE_PROTECTION_ENABLED\",\n deletionPolicy: \"DELETE\",\n cmekConfig: {\n kmsKeyName: cryptoKey.id,\n },\n}, {\n dependsOn: [firestoreCmekKeyuser],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nkey_ring = gcp.kms.KeyRing(\"key_ring\",\n name=\"kms-key-ring\",\n location=\"us\")\ncrypto_key = gcp.kms.CryptoKey(\"crypto_key\",\n name=\"kms-key\",\n key_ring=key_ring.id,\n purpose=\"ENCRYPT_DECRYPT\")\nfirestore_cmek_keyuser = gcp.kms.CryptoKeyIAMBinding(\"firestore_cmek_keyuser\",\n crypto_key_id=crypto_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n members=[f\"serviceAccount:service-{project.number}@gcp-sa-firestore.iam.gserviceaccount.com\"])\ndatabase = gcp.firestore.Database(\"database\",\n project=\"my-project-name\",\n name=\"cmek-database-id\",\n location_id=\"nam5\",\n type=\"FIRESTORE_NATIVE\",\n concurrency_mode=\"OPTIMISTIC\",\n app_engine_integration_mode=\"DISABLED\",\n point_in_time_recovery_enablement=\"POINT_IN_TIME_RECOVERY_ENABLED\",\n delete_protection_state=\"DELETE_PROTECTION_ENABLED\",\n deletion_policy=\"DELETE\",\n cmek_config={\n \"kms_key_name\": crypto_key.id,\n },\n opts = pulumi.ResourceOptions(depends_on=[firestore_cmek_keyuser]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var keyRing = new Gcp.Kms.KeyRing(\"key_ring\", new()\n {\n Name = \"kms-key-ring\",\n Location = \"us\",\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKey(\"crypto_key\", new()\n {\n Name = \"kms-key\",\n KeyRing = keyRing.Id,\n Purpose = \"ENCRYPT_DECRYPT\",\n });\n\n var firestoreCmekKeyuser = new Gcp.Kms.CryptoKeyIAMBinding(\"firestore_cmek_keyuser\", new()\n {\n CryptoKeyId = cryptoKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Members = new[]\n {\n $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-firestore.iam.gserviceaccount.com\",\n },\n });\n\n var database = new Gcp.Firestore.Database(\"database\", new()\n {\n Project = \"my-project-name\",\n Name = \"cmek-database-id\",\n LocationId = \"nam5\",\n Type = \"FIRESTORE_NATIVE\",\n ConcurrencyMode = \"OPTIMISTIC\",\n AppEngineIntegrationMode = \"DISABLED\",\n PointInTimeRecoveryEnablement = \"POINT_IN_TIME_RECOVERY_ENABLED\",\n DeleteProtectionState = \"DELETE_PROTECTION_ENABLED\",\n DeletionPolicy = \"DELETE\",\n CmekConfig = new Gcp.Firestore.Inputs.DatabaseCmekConfigArgs\n {\n KmsKeyName = cryptoKey.Id,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n firestoreCmekKeyuser,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firestore\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkeyRing, err := kms.NewKeyRing(ctx, \"key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"kms-key-ring\"),\n\t\t\tLocation: pulumi.String(\"us\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKey(ctx, \"crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"kms-key\"),\n\t\t\tKeyRing: keyRing.ID(),\n\t\t\tPurpose: pulumi.String(\"ENCRYPT_DECRYPT\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirestoreCmekKeyuser, err := kms.NewCryptoKeyIAMBinding(ctx, \"firestore_cmek_keyuser\", \u0026kms.CryptoKeyIAMBindingArgs{\n\t\t\tCryptoKeyId: cryptoKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-firestore.iam.gserviceaccount.com\", project.Number),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firestore.NewDatabase(ctx, \"database\", \u0026firestore.DatabaseArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tName: pulumi.String(\"cmek-database-id\"),\n\t\t\tLocationId: pulumi.String(\"nam5\"),\n\t\t\tType: pulumi.String(\"FIRESTORE_NATIVE\"),\n\t\t\tConcurrencyMode: pulumi.String(\"OPTIMISTIC\"),\n\t\t\tAppEngineIntegrationMode: pulumi.String(\"DISABLED\"),\n\t\t\tPointInTimeRecoveryEnablement: pulumi.String(\"POINT_IN_TIME_RECOVERY_ENABLED\"),\n\t\t\tDeleteProtectionState: pulumi.String(\"DELETE_PROTECTION_ENABLED\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t\tCmekConfig: \u0026firestore.DatabaseCmekConfigArgs{\n\t\t\t\tKmsKeyName: cryptoKey.ID(),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfirestoreCmekKeyuser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBinding;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;\nimport com.pulumi.gcp.firestore.Database;\nimport com.pulumi.gcp.firestore.DatabaseArgs;\nimport com.pulumi.gcp.firestore.inputs.DatabaseCmekConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var keyRing = new KeyRing(\"keyRing\", KeyRingArgs.builder()\n .name(\"kms-key-ring\")\n .location(\"us\")\n .build());\n\n var cryptoKey = new CryptoKey(\"cryptoKey\", CryptoKeyArgs.builder()\n .name(\"kms-key\")\n .keyRing(keyRing.id())\n .purpose(\"ENCRYPT_DECRYPT\")\n .build());\n\n var firestoreCmekKeyuser = new CryptoKeyIAMBinding(\"firestoreCmekKeyuser\", CryptoKeyIAMBindingArgs.builder()\n .cryptoKeyId(cryptoKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .members(String.format(\"serviceAccount:service-%s@gcp-sa-firestore.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var database = new Database(\"database\", DatabaseArgs.builder()\n .project(\"my-project-name\")\n .name(\"cmek-database-id\")\n .locationId(\"nam5\")\n .type(\"FIRESTORE_NATIVE\")\n .concurrencyMode(\"OPTIMISTIC\")\n .appEngineIntegrationMode(\"DISABLED\")\n .pointInTimeRecoveryEnablement(\"POINT_IN_TIME_RECOVERY_ENABLED\")\n .deleteProtectionState(\"DELETE_PROTECTION_ENABLED\")\n .deletionPolicy(\"DELETE\")\n .cmekConfig(DatabaseCmekConfigArgs.builder()\n .kmsKeyName(cryptoKey.id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(firestoreCmekKeyuser)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:firestore:Database\n properties:\n project: my-project-name\n name: cmek-database-id\n locationId: nam5\n type: FIRESTORE_NATIVE\n concurrencyMode: OPTIMISTIC\n appEngineIntegrationMode: DISABLED\n pointInTimeRecoveryEnablement: POINT_IN_TIME_RECOVERY_ENABLED\n deleteProtectionState: DELETE_PROTECTION_ENABLED\n deletionPolicy: DELETE\n cmekConfig:\n kmsKeyName: ${cryptoKey.id}\n options:\n dependson:\n - ${firestoreCmekKeyuser}\n cryptoKey:\n type: gcp:kms:CryptoKey\n name: crypto_key\n properties:\n name: kms-key\n keyRing: ${keyRing.id}\n purpose: ENCRYPT_DECRYPT\n keyRing:\n type: gcp:kms:KeyRing\n name: key_ring\n properties:\n name: kms-key-ring\n location: us\n firestoreCmekKeyuser:\n type: gcp:kms:CryptoKeyIAMBinding\n name: firestore_cmek_keyuser\n properties:\n cryptoKeyId: ${cryptoKey.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n members:\n - serviceAccount:service-${project.number}@gcp-sa-firestore.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firestore Default Database In Datastore Mode\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst datastoreModeDatabase = new gcp.firestore.Database(\"datastore_mode_database\", {\n project: \"my-project-name\",\n name: \"(default)\",\n locationId: \"nam5\",\n type: \"DATASTORE_MODE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatastore_mode_database = gcp.firestore.Database(\"datastore_mode_database\",\n project=\"my-project-name\",\n name=\"(default)\",\n location_id=\"nam5\",\n type=\"DATASTORE_MODE\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var datastoreModeDatabase = new Gcp.Firestore.Database(\"datastore_mode_database\", new()\n {\n Project = \"my-project-name\",\n Name = \"(default)\",\n LocationId = \"nam5\",\n Type = \"DATASTORE_MODE\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firestore\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firestore.NewDatabase(ctx, \"datastore_mode_database\", \u0026firestore.DatabaseArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tName: pulumi.String(\"(default)\"),\n\t\t\tLocationId: pulumi.String(\"nam5\"),\n\t\t\tType: pulumi.String(\"DATASTORE_MODE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firestore.Database;\nimport com.pulumi.gcp.firestore.DatabaseArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var datastoreModeDatabase = new Database(\"datastoreModeDatabase\", DatabaseArgs.builder()\n .project(\"my-project-name\")\n .name(\"(default)\")\n .locationId(\"nam5\")\n .type(\"DATASTORE_MODE\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n datastoreModeDatabase:\n type: gcp:firestore:Database\n name: datastore_mode_database\n properties:\n project: my-project-name\n name: (default)\n locationId: nam5\n type: DATASTORE_MODE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firestore Database In Datastore Mode\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst datastoreModeDatabase = new gcp.firestore.Database(\"datastore_mode_database\", {\n project: \"my-project-name\",\n name: \"database-id\",\n locationId: \"nam5\",\n type: \"DATASTORE_MODE\",\n concurrencyMode: \"OPTIMISTIC\",\n appEngineIntegrationMode: \"DISABLED\",\n pointInTimeRecoveryEnablement: \"POINT_IN_TIME_RECOVERY_ENABLED\",\n deleteProtectionState: \"DELETE_PROTECTION_ENABLED\",\n deletionPolicy: \"DELETE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatastore_mode_database = gcp.firestore.Database(\"datastore_mode_database\",\n project=\"my-project-name\",\n name=\"database-id\",\n location_id=\"nam5\",\n type=\"DATASTORE_MODE\",\n concurrency_mode=\"OPTIMISTIC\",\n app_engine_integration_mode=\"DISABLED\",\n point_in_time_recovery_enablement=\"POINT_IN_TIME_RECOVERY_ENABLED\",\n delete_protection_state=\"DELETE_PROTECTION_ENABLED\",\n deletion_policy=\"DELETE\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var datastoreModeDatabase = new Gcp.Firestore.Database(\"datastore_mode_database\", new()\n {\n Project = \"my-project-name\",\n Name = \"database-id\",\n LocationId = \"nam5\",\n Type = \"DATASTORE_MODE\",\n ConcurrencyMode = \"OPTIMISTIC\",\n AppEngineIntegrationMode = \"DISABLED\",\n PointInTimeRecoveryEnablement = \"POINT_IN_TIME_RECOVERY_ENABLED\",\n DeleteProtectionState = \"DELETE_PROTECTION_ENABLED\",\n DeletionPolicy = \"DELETE\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firestore\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firestore.NewDatabase(ctx, \"datastore_mode_database\", \u0026firestore.DatabaseArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tName: pulumi.String(\"database-id\"),\n\t\t\tLocationId: pulumi.String(\"nam5\"),\n\t\t\tType: pulumi.String(\"DATASTORE_MODE\"),\n\t\t\tConcurrencyMode: pulumi.String(\"OPTIMISTIC\"),\n\t\t\tAppEngineIntegrationMode: pulumi.String(\"DISABLED\"),\n\t\t\tPointInTimeRecoveryEnablement: pulumi.String(\"POINT_IN_TIME_RECOVERY_ENABLED\"),\n\t\t\tDeleteProtectionState: pulumi.String(\"DELETE_PROTECTION_ENABLED\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firestore.Database;\nimport com.pulumi.gcp.firestore.DatabaseArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var datastoreModeDatabase = new Database(\"datastoreModeDatabase\", DatabaseArgs.builder()\n .project(\"my-project-name\")\n .name(\"database-id\")\n .locationId(\"nam5\")\n .type(\"DATASTORE_MODE\")\n .concurrencyMode(\"OPTIMISTIC\")\n .appEngineIntegrationMode(\"DISABLED\")\n .pointInTimeRecoveryEnablement(\"POINT_IN_TIME_RECOVERY_ENABLED\")\n .deleteProtectionState(\"DELETE_PROTECTION_ENABLED\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n datastoreModeDatabase:\n type: gcp:firestore:Database\n name: datastore_mode_database\n properties:\n project: my-project-name\n name: database-id\n locationId: nam5\n type: DATASTORE_MODE\n concurrencyMode: OPTIMISTIC\n appEngineIntegrationMode: DISABLED\n pointInTimeRecoveryEnablement: POINT_IN_TIME_RECOVERY_ENABLED\n deleteProtectionState: DELETE_PROTECTION_ENABLED\n deletionPolicy: DELETE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firestore Cmek Database In Datastore Mode\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst keyRing = new gcp.kms.KeyRing(\"key_ring\", {\n name: \"kms-key-ring\",\n location: \"us\",\n});\nconst cryptoKey = new gcp.kms.CryptoKey(\"crypto_key\", {\n name: \"kms-key\",\n keyRing: keyRing.id,\n purpose: \"ENCRYPT_DECRYPT\",\n});\nconst firestoreCmekKeyuser = new gcp.kms.CryptoKeyIAMBinding(\"firestore_cmek_keyuser\", {\n cryptoKeyId: cryptoKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n members: [project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-firestore.iam.gserviceaccount.com`)],\n});\nconst database = new gcp.firestore.Database(\"database\", {\n project: \"my-project-name\",\n name: \"cmek-database-id\",\n locationId: \"nam5\",\n type: \"DATASTORE_MODE\",\n concurrencyMode: \"OPTIMISTIC\",\n appEngineIntegrationMode: \"DISABLED\",\n pointInTimeRecoveryEnablement: \"POINT_IN_TIME_RECOVERY_ENABLED\",\n deleteProtectionState: \"DELETE_PROTECTION_ENABLED\",\n deletionPolicy: \"DELETE\",\n cmekConfig: {\n kmsKeyName: cryptoKey.id,\n },\n}, {\n dependsOn: [firestoreCmekKeyuser],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nkey_ring = gcp.kms.KeyRing(\"key_ring\",\n name=\"kms-key-ring\",\n location=\"us\")\ncrypto_key = gcp.kms.CryptoKey(\"crypto_key\",\n name=\"kms-key\",\n key_ring=key_ring.id,\n purpose=\"ENCRYPT_DECRYPT\")\nfirestore_cmek_keyuser = gcp.kms.CryptoKeyIAMBinding(\"firestore_cmek_keyuser\",\n crypto_key_id=crypto_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n members=[f\"serviceAccount:service-{project.number}@gcp-sa-firestore.iam.gserviceaccount.com\"])\ndatabase = gcp.firestore.Database(\"database\",\n project=\"my-project-name\",\n name=\"cmek-database-id\",\n location_id=\"nam5\",\n type=\"DATASTORE_MODE\",\n concurrency_mode=\"OPTIMISTIC\",\n app_engine_integration_mode=\"DISABLED\",\n point_in_time_recovery_enablement=\"POINT_IN_TIME_RECOVERY_ENABLED\",\n delete_protection_state=\"DELETE_PROTECTION_ENABLED\",\n deletion_policy=\"DELETE\",\n cmek_config={\n \"kms_key_name\": crypto_key.id,\n },\n opts = pulumi.ResourceOptions(depends_on=[firestore_cmek_keyuser]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var keyRing = new Gcp.Kms.KeyRing(\"key_ring\", new()\n {\n Name = \"kms-key-ring\",\n Location = \"us\",\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKey(\"crypto_key\", new()\n {\n Name = \"kms-key\",\n KeyRing = keyRing.Id,\n Purpose = \"ENCRYPT_DECRYPT\",\n });\n\n var firestoreCmekKeyuser = new Gcp.Kms.CryptoKeyIAMBinding(\"firestore_cmek_keyuser\", new()\n {\n CryptoKeyId = cryptoKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Members = new[]\n {\n $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-firestore.iam.gserviceaccount.com\",\n },\n });\n\n var database = new Gcp.Firestore.Database(\"database\", new()\n {\n Project = \"my-project-name\",\n Name = \"cmek-database-id\",\n LocationId = \"nam5\",\n Type = \"DATASTORE_MODE\",\n ConcurrencyMode = \"OPTIMISTIC\",\n AppEngineIntegrationMode = \"DISABLED\",\n PointInTimeRecoveryEnablement = \"POINT_IN_TIME_RECOVERY_ENABLED\",\n DeleteProtectionState = \"DELETE_PROTECTION_ENABLED\",\n DeletionPolicy = \"DELETE\",\n CmekConfig = new Gcp.Firestore.Inputs.DatabaseCmekConfigArgs\n {\n KmsKeyName = cryptoKey.Id,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n firestoreCmekKeyuser,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firestore\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkeyRing, err := kms.NewKeyRing(ctx, \"key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"kms-key-ring\"),\n\t\t\tLocation: pulumi.String(\"us\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKey(ctx, \"crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"kms-key\"),\n\t\t\tKeyRing: keyRing.ID(),\n\t\t\tPurpose: pulumi.String(\"ENCRYPT_DECRYPT\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirestoreCmekKeyuser, err := kms.NewCryptoKeyIAMBinding(ctx, \"firestore_cmek_keyuser\", \u0026kms.CryptoKeyIAMBindingArgs{\n\t\t\tCryptoKeyId: cryptoKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-firestore.iam.gserviceaccount.com\", project.Number),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firestore.NewDatabase(ctx, \"database\", \u0026firestore.DatabaseArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tName: pulumi.String(\"cmek-database-id\"),\n\t\t\tLocationId: pulumi.String(\"nam5\"),\n\t\t\tType: pulumi.String(\"DATASTORE_MODE\"),\n\t\t\tConcurrencyMode: pulumi.String(\"OPTIMISTIC\"),\n\t\t\tAppEngineIntegrationMode: pulumi.String(\"DISABLED\"),\n\t\t\tPointInTimeRecoveryEnablement: pulumi.String(\"POINT_IN_TIME_RECOVERY_ENABLED\"),\n\t\t\tDeleteProtectionState: pulumi.String(\"DELETE_PROTECTION_ENABLED\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t\tCmekConfig: \u0026firestore.DatabaseCmekConfigArgs{\n\t\t\t\tKmsKeyName: cryptoKey.ID(),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfirestoreCmekKeyuser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBinding;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;\nimport com.pulumi.gcp.firestore.Database;\nimport com.pulumi.gcp.firestore.DatabaseArgs;\nimport com.pulumi.gcp.firestore.inputs.DatabaseCmekConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var keyRing = new KeyRing(\"keyRing\", KeyRingArgs.builder()\n .name(\"kms-key-ring\")\n .location(\"us\")\n .build());\n\n var cryptoKey = new CryptoKey(\"cryptoKey\", CryptoKeyArgs.builder()\n .name(\"kms-key\")\n .keyRing(keyRing.id())\n .purpose(\"ENCRYPT_DECRYPT\")\n .build());\n\n var firestoreCmekKeyuser = new CryptoKeyIAMBinding(\"firestoreCmekKeyuser\", CryptoKeyIAMBindingArgs.builder()\n .cryptoKeyId(cryptoKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .members(String.format(\"serviceAccount:service-%s@gcp-sa-firestore.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var database = new Database(\"database\", DatabaseArgs.builder()\n .project(\"my-project-name\")\n .name(\"cmek-database-id\")\n .locationId(\"nam5\")\n .type(\"DATASTORE_MODE\")\n .concurrencyMode(\"OPTIMISTIC\")\n .appEngineIntegrationMode(\"DISABLED\")\n .pointInTimeRecoveryEnablement(\"POINT_IN_TIME_RECOVERY_ENABLED\")\n .deleteProtectionState(\"DELETE_PROTECTION_ENABLED\")\n .deletionPolicy(\"DELETE\")\n .cmekConfig(DatabaseCmekConfigArgs.builder()\n .kmsKeyName(cryptoKey.id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(firestoreCmekKeyuser)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:firestore:Database\n properties:\n project: my-project-name\n name: cmek-database-id\n locationId: nam5\n type: DATASTORE_MODE\n concurrencyMode: OPTIMISTIC\n appEngineIntegrationMode: DISABLED\n pointInTimeRecoveryEnablement: POINT_IN_TIME_RECOVERY_ENABLED\n deleteProtectionState: DELETE_PROTECTION_ENABLED\n deletionPolicy: DELETE\n cmekConfig:\n kmsKeyName: ${cryptoKey.id}\n options:\n dependson:\n - ${firestoreCmekKeyuser}\n cryptoKey:\n type: gcp:kms:CryptoKey\n name: crypto_key\n properties:\n name: kms-key\n keyRing: ${keyRing.id}\n purpose: ENCRYPT_DECRYPT\n keyRing:\n type: gcp:kms:KeyRing\n name: key_ring\n properties:\n name: kms-key-ring\n location: us\n firestoreCmekKeyuser:\n type: gcp:kms:CryptoKeyIAMBinding\n name: firestore_cmek_keyuser\n properties:\n cryptoKeyId: ${cryptoKey.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n members:\n - serviceAccount:service-${project.number}@gcp-sa-firestore.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nDatabase can be imported using any of these accepted formats:\n\n* `projects/{{project}}/databases/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Database can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:firestore/database:Database default projects/{{project}}/databases/{{name}}\n```\n\n```sh\n$ pulumi import gcp:firestore/database:Database default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:firestore/database:Database default {{name}}\n```\n\n", + "description": "A Cloud Firestore Database.\n\nIf you wish to use Firestore with App Engine, use the\n`gcp.appengine.Application`\nresource instead. If you were previously using the `gcp.appengine.Application` resource exclusively for managing a Firestore database\nand would like to use the `gcp.firestore.Database` resource instead, please follow the instructions\n[here](https://cloud.google.com/firestore/docs/app-engine-requirement).\n\n\nTo get more information about Database, see:\n\n* [API documentation](https://cloud.google.com/firestore/docs/reference/rest/v1/projects.databases)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/firestore/docs/)\n\n## Example Usage\n\n### Firestore Default Database\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.firestore.Database(\"database\", {\n project: \"my-project-name\",\n name: \"(default)\",\n locationId: \"nam5\",\n type: \"FIRESTORE_NATIVE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.firestore.Database(\"database\",\n project=\"my-project-name\",\n name=\"(default)\",\n location_id=\"nam5\",\n type=\"FIRESTORE_NATIVE\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Firestore.Database(\"database\", new()\n {\n Project = \"my-project-name\",\n Name = \"(default)\",\n LocationId = \"nam5\",\n Type = \"FIRESTORE_NATIVE\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firestore\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firestore.NewDatabase(ctx, \"database\", \u0026firestore.DatabaseArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tName: pulumi.String(\"(default)\"),\n\t\t\tLocationId: pulumi.String(\"nam5\"),\n\t\t\tType: pulumi.String(\"FIRESTORE_NATIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firestore.Database;\nimport com.pulumi.gcp.firestore.DatabaseArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new Database(\"database\", DatabaseArgs.builder()\n .project(\"my-project-name\")\n .name(\"(default)\")\n .locationId(\"nam5\")\n .type(\"FIRESTORE_NATIVE\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:firestore:Database\n properties:\n project: my-project-name\n name: (default)\n locationId: nam5\n type: FIRESTORE_NATIVE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firestore Database\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.firestore.Database(\"database\", {\n project: \"my-project-name\",\n name: \"database-id\",\n locationId: \"nam5\",\n type: \"FIRESTORE_NATIVE\",\n concurrencyMode: \"OPTIMISTIC\",\n appEngineIntegrationMode: \"DISABLED\",\n pointInTimeRecoveryEnablement: \"POINT_IN_TIME_RECOVERY_ENABLED\",\n deleteProtectionState: \"DELETE_PROTECTION_ENABLED\",\n deletionPolicy: \"DELETE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.firestore.Database(\"database\",\n project=\"my-project-name\",\n name=\"database-id\",\n location_id=\"nam5\",\n type=\"FIRESTORE_NATIVE\",\n concurrency_mode=\"OPTIMISTIC\",\n app_engine_integration_mode=\"DISABLED\",\n point_in_time_recovery_enablement=\"POINT_IN_TIME_RECOVERY_ENABLED\",\n delete_protection_state=\"DELETE_PROTECTION_ENABLED\",\n deletion_policy=\"DELETE\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Firestore.Database(\"database\", new()\n {\n Project = \"my-project-name\",\n Name = \"database-id\",\n LocationId = \"nam5\",\n Type = \"FIRESTORE_NATIVE\",\n ConcurrencyMode = \"OPTIMISTIC\",\n AppEngineIntegrationMode = \"DISABLED\",\n PointInTimeRecoveryEnablement = \"POINT_IN_TIME_RECOVERY_ENABLED\",\n DeleteProtectionState = \"DELETE_PROTECTION_ENABLED\",\n DeletionPolicy = \"DELETE\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firestore\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firestore.NewDatabase(ctx, \"database\", \u0026firestore.DatabaseArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tName: pulumi.String(\"database-id\"),\n\t\t\tLocationId: pulumi.String(\"nam5\"),\n\t\t\tType: pulumi.String(\"FIRESTORE_NATIVE\"),\n\t\t\tConcurrencyMode: pulumi.String(\"OPTIMISTIC\"),\n\t\t\tAppEngineIntegrationMode: pulumi.String(\"DISABLED\"),\n\t\t\tPointInTimeRecoveryEnablement: pulumi.String(\"POINT_IN_TIME_RECOVERY_ENABLED\"),\n\t\t\tDeleteProtectionState: pulumi.String(\"DELETE_PROTECTION_ENABLED\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firestore.Database;\nimport com.pulumi.gcp.firestore.DatabaseArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new Database(\"database\", DatabaseArgs.builder()\n .project(\"my-project-name\")\n .name(\"database-id\")\n .locationId(\"nam5\")\n .type(\"FIRESTORE_NATIVE\")\n .concurrencyMode(\"OPTIMISTIC\")\n .appEngineIntegrationMode(\"DISABLED\")\n .pointInTimeRecoveryEnablement(\"POINT_IN_TIME_RECOVERY_ENABLED\")\n .deleteProtectionState(\"DELETE_PROTECTION_ENABLED\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:firestore:Database\n properties:\n project: my-project-name\n name: database-id\n locationId: nam5\n type: FIRESTORE_NATIVE\n concurrencyMode: OPTIMISTIC\n appEngineIntegrationMode: DISABLED\n pointInTimeRecoveryEnablement: POINT_IN_TIME_RECOVERY_ENABLED\n deleteProtectionState: DELETE_PROTECTION_ENABLED\n deletionPolicy: DELETE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firestore Cmek Database\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst keyRing = new gcp.kms.KeyRing(\"key_ring\", {\n name: \"kms-key-ring\",\n location: \"us\",\n});\nconst cryptoKey = new gcp.kms.CryptoKey(\"crypto_key\", {\n name: \"kms-key\",\n keyRing: keyRing.id,\n purpose: \"ENCRYPT_DECRYPT\",\n});\nconst firestoreCmekKeyuser = new gcp.kms.CryptoKeyIAMBinding(\"firestore_cmek_keyuser\", {\n cryptoKeyId: cryptoKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n members: [project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-firestore.iam.gserviceaccount.com`)],\n});\nconst database = new gcp.firestore.Database(\"database\", {\n project: \"my-project-name\",\n name: \"cmek-database-id\",\n locationId: \"nam5\",\n type: \"FIRESTORE_NATIVE\",\n concurrencyMode: \"OPTIMISTIC\",\n appEngineIntegrationMode: \"DISABLED\",\n pointInTimeRecoveryEnablement: \"POINT_IN_TIME_RECOVERY_ENABLED\",\n deleteProtectionState: \"DELETE_PROTECTION_ENABLED\",\n deletionPolicy: \"DELETE\",\n cmekConfig: {\n kmsKeyName: cryptoKey.id,\n },\n}, {\n dependsOn: [firestoreCmekKeyuser],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nkey_ring = gcp.kms.KeyRing(\"key_ring\",\n name=\"kms-key-ring\",\n location=\"us\")\ncrypto_key = gcp.kms.CryptoKey(\"crypto_key\",\n name=\"kms-key\",\n key_ring=key_ring.id,\n purpose=\"ENCRYPT_DECRYPT\")\nfirestore_cmek_keyuser = gcp.kms.CryptoKeyIAMBinding(\"firestore_cmek_keyuser\",\n crypto_key_id=crypto_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n members=[f\"serviceAccount:service-{project.number}@gcp-sa-firestore.iam.gserviceaccount.com\"])\ndatabase = gcp.firestore.Database(\"database\",\n project=\"my-project-name\",\n name=\"cmek-database-id\",\n location_id=\"nam5\",\n type=\"FIRESTORE_NATIVE\",\n concurrency_mode=\"OPTIMISTIC\",\n app_engine_integration_mode=\"DISABLED\",\n point_in_time_recovery_enablement=\"POINT_IN_TIME_RECOVERY_ENABLED\",\n delete_protection_state=\"DELETE_PROTECTION_ENABLED\",\n deletion_policy=\"DELETE\",\n cmek_config={\n \"kms_key_name\": crypto_key.id,\n },\n opts = pulumi.ResourceOptions(depends_on=[firestore_cmek_keyuser]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var keyRing = new Gcp.Kms.KeyRing(\"key_ring\", new()\n {\n Name = \"kms-key-ring\",\n Location = \"us\",\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKey(\"crypto_key\", new()\n {\n Name = \"kms-key\",\n KeyRing = keyRing.Id,\n Purpose = \"ENCRYPT_DECRYPT\",\n });\n\n var firestoreCmekKeyuser = new Gcp.Kms.CryptoKeyIAMBinding(\"firestore_cmek_keyuser\", new()\n {\n CryptoKeyId = cryptoKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Members = new[]\n {\n $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-firestore.iam.gserviceaccount.com\",\n },\n });\n\n var database = new Gcp.Firestore.Database(\"database\", new()\n {\n Project = \"my-project-name\",\n Name = \"cmek-database-id\",\n LocationId = \"nam5\",\n Type = \"FIRESTORE_NATIVE\",\n ConcurrencyMode = \"OPTIMISTIC\",\n AppEngineIntegrationMode = \"DISABLED\",\n PointInTimeRecoveryEnablement = \"POINT_IN_TIME_RECOVERY_ENABLED\",\n DeleteProtectionState = \"DELETE_PROTECTION_ENABLED\",\n DeletionPolicy = \"DELETE\",\n CmekConfig = new Gcp.Firestore.Inputs.DatabaseCmekConfigArgs\n {\n KmsKeyName = cryptoKey.Id,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n firestoreCmekKeyuser,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firestore\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkeyRing, err := kms.NewKeyRing(ctx, \"key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"kms-key-ring\"),\n\t\t\tLocation: pulumi.String(\"us\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKey(ctx, \"crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"kms-key\"),\n\t\t\tKeyRing: keyRing.ID(),\n\t\t\tPurpose: pulumi.String(\"ENCRYPT_DECRYPT\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirestoreCmekKeyuser, err := kms.NewCryptoKeyIAMBinding(ctx, \"firestore_cmek_keyuser\", \u0026kms.CryptoKeyIAMBindingArgs{\n\t\t\tCryptoKeyId: cryptoKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-firestore.iam.gserviceaccount.com\", project.Number),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firestore.NewDatabase(ctx, \"database\", \u0026firestore.DatabaseArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tName: pulumi.String(\"cmek-database-id\"),\n\t\t\tLocationId: pulumi.String(\"nam5\"),\n\t\t\tType: pulumi.String(\"FIRESTORE_NATIVE\"),\n\t\t\tConcurrencyMode: pulumi.String(\"OPTIMISTIC\"),\n\t\t\tAppEngineIntegrationMode: pulumi.String(\"DISABLED\"),\n\t\t\tPointInTimeRecoveryEnablement: pulumi.String(\"POINT_IN_TIME_RECOVERY_ENABLED\"),\n\t\t\tDeleteProtectionState: pulumi.String(\"DELETE_PROTECTION_ENABLED\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t\tCmekConfig: \u0026firestore.DatabaseCmekConfigArgs{\n\t\t\t\tKmsKeyName: cryptoKey.ID(),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfirestoreCmekKeyuser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBinding;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;\nimport com.pulumi.gcp.firestore.Database;\nimport com.pulumi.gcp.firestore.DatabaseArgs;\nimport com.pulumi.gcp.firestore.inputs.DatabaseCmekConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var keyRing = new KeyRing(\"keyRing\", KeyRingArgs.builder()\n .name(\"kms-key-ring\")\n .location(\"us\")\n .build());\n\n var cryptoKey = new CryptoKey(\"cryptoKey\", CryptoKeyArgs.builder()\n .name(\"kms-key\")\n .keyRing(keyRing.id())\n .purpose(\"ENCRYPT_DECRYPT\")\n .build());\n\n var firestoreCmekKeyuser = new CryptoKeyIAMBinding(\"firestoreCmekKeyuser\", CryptoKeyIAMBindingArgs.builder()\n .cryptoKeyId(cryptoKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .members(String.format(\"serviceAccount:service-%s@gcp-sa-firestore.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var database = new Database(\"database\", DatabaseArgs.builder()\n .project(\"my-project-name\")\n .name(\"cmek-database-id\")\n .locationId(\"nam5\")\n .type(\"FIRESTORE_NATIVE\")\n .concurrencyMode(\"OPTIMISTIC\")\n .appEngineIntegrationMode(\"DISABLED\")\n .pointInTimeRecoveryEnablement(\"POINT_IN_TIME_RECOVERY_ENABLED\")\n .deleteProtectionState(\"DELETE_PROTECTION_ENABLED\")\n .deletionPolicy(\"DELETE\")\n .cmekConfig(DatabaseCmekConfigArgs.builder()\n .kmsKeyName(cryptoKey.id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(firestoreCmekKeyuser)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:firestore:Database\n properties:\n project: my-project-name\n name: cmek-database-id\n locationId: nam5\n type: FIRESTORE_NATIVE\n concurrencyMode: OPTIMISTIC\n appEngineIntegrationMode: DISABLED\n pointInTimeRecoveryEnablement: POINT_IN_TIME_RECOVERY_ENABLED\n deleteProtectionState: DELETE_PROTECTION_ENABLED\n deletionPolicy: DELETE\n cmekConfig:\n kmsKeyName: ${cryptoKey.id}\n options:\n dependsOn:\n - ${firestoreCmekKeyuser}\n cryptoKey:\n type: gcp:kms:CryptoKey\n name: crypto_key\n properties:\n name: kms-key\n keyRing: ${keyRing.id}\n purpose: ENCRYPT_DECRYPT\n keyRing:\n type: gcp:kms:KeyRing\n name: key_ring\n properties:\n name: kms-key-ring\n location: us\n firestoreCmekKeyuser:\n type: gcp:kms:CryptoKeyIAMBinding\n name: firestore_cmek_keyuser\n properties:\n cryptoKeyId: ${cryptoKey.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n members:\n - serviceAccount:service-${project.number}@gcp-sa-firestore.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firestore Default Database In Datastore Mode\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst datastoreModeDatabase = new gcp.firestore.Database(\"datastore_mode_database\", {\n project: \"my-project-name\",\n name: \"(default)\",\n locationId: \"nam5\",\n type: \"DATASTORE_MODE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatastore_mode_database = gcp.firestore.Database(\"datastore_mode_database\",\n project=\"my-project-name\",\n name=\"(default)\",\n location_id=\"nam5\",\n type=\"DATASTORE_MODE\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var datastoreModeDatabase = new Gcp.Firestore.Database(\"datastore_mode_database\", new()\n {\n Project = \"my-project-name\",\n Name = \"(default)\",\n LocationId = \"nam5\",\n Type = \"DATASTORE_MODE\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firestore\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firestore.NewDatabase(ctx, \"datastore_mode_database\", \u0026firestore.DatabaseArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tName: pulumi.String(\"(default)\"),\n\t\t\tLocationId: pulumi.String(\"nam5\"),\n\t\t\tType: pulumi.String(\"DATASTORE_MODE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firestore.Database;\nimport com.pulumi.gcp.firestore.DatabaseArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var datastoreModeDatabase = new Database(\"datastoreModeDatabase\", DatabaseArgs.builder()\n .project(\"my-project-name\")\n .name(\"(default)\")\n .locationId(\"nam5\")\n .type(\"DATASTORE_MODE\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n datastoreModeDatabase:\n type: gcp:firestore:Database\n name: datastore_mode_database\n properties:\n project: my-project-name\n name: (default)\n locationId: nam5\n type: DATASTORE_MODE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firestore Database In Datastore Mode\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst datastoreModeDatabase = new gcp.firestore.Database(\"datastore_mode_database\", {\n project: \"my-project-name\",\n name: \"database-id\",\n locationId: \"nam5\",\n type: \"DATASTORE_MODE\",\n concurrencyMode: \"OPTIMISTIC\",\n appEngineIntegrationMode: \"DISABLED\",\n pointInTimeRecoveryEnablement: \"POINT_IN_TIME_RECOVERY_ENABLED\",\n deleteProtectionState: \"DELETE_PROTECTION_ENABLED\",\n deletionPolicy: \"DELETE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatastore_mode_database = gcp.firestore.Database(\"datastore_mode_database\",\n project=\"my-project-name\",\n name=\"database-id\",\n location_id=\"nam5\",\n type=\"DATASTORE_MODE\",\n concurrency_mode=\"OPTIMISTIC\",\n app_engine_integration_mode=\"DISABLED\",\n point_in_time_recovery_enablement=\"POINT_IN_TIME_RECOVERY_ENABLED\",\n delete_protection_state=\"DELETE_PROTECTION_ENABLED\",\n deletion_policy=\"DELETE\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var datastoreModeDatabase = new Gcp.Firestore.Database(\"datastore_mode_database\", new()\n {\n Project = \"my-project-name\",\n Name = \"database-id\",\n LocationId = \"nam5\",\n Type = \"DATASTORE_MODE\",\n ConcurrencyMode = \"OPTIMISTIC\",\n AppEngineIntegrationMode = \"DISABLED\",\n PointInTimeRecoveryEnablement = \"POINT_IN_TIME_RECOVERY_ENABLED\",\n DeleteProtectionState = \"DELETE_PROTECTION_ENABLED\",\n DeletionPolicy = \"DELETE\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firestore\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firestore.NewDatabase(ctx, \"datastore_mode_database\", \u0026firestore.DatabaseArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tName: pulumi.String(\"database-id\"),\n\t\t\tLocationId: pulumi.String(\"nam5\"),\n\t\t\tType: pulumi.String(\"DATASTORE_MODE\"),\n\t\t\tConcurrencyMode: pulumi.String(\"OPTIMISTIC\"),\n\t\t\tAppEngineIntegrationMode: pulumi.String(\"DISABLED\"),\n\t\t\tPointInTimeRecoveryEnablement: pulumi.String(\"POINT_IN_TIME_RECOVERY_ENABLED\"),\n\t\t\tDeleteProtectionState: pulumi.String(\"DELETE_PROTECTION_ENABLED\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firestore.Database;\nimport com.pulumi.gcp.firestore.DatabaseArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var datastoreModeDatabase = new Database(\"datastoreModeDatabase\", DatabaseArgs.builder()\n .project(\"my-project-name\")\n .name(\"database-id\")\n .locationId(\"nam5\")\n .type(\"DATASTORE_MODE\")\n .concurrencyMode(\"OPTIMISTIC\")\n .appEngineIntegrationMode(\"DISABLED\")\n .pointInTimeRecoveryEnablement(\"POINT_IN_TIME_RECOVERY_ENABLED\")\n .deleteProtectionState(\"DELETE_PROTECTION_ENABLED\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n datastoreModeDatabase:\n type: gcp:firestore:Database\n name: datastore_mode_database\n properties:\n project: my-project-name\n name: database-id\n locationId: nam5\n type: DATASTORE_MODE\n concurrencyMode: OPTIMISTIC\n appEngineIntegrationMode: DISABLED\n pointInTimeRecoveryEnablement: POINT_IN_TIME_RECOVERY_ENABLED\n deleteProtectionState: DELETE_PROTECTION_ENABLED\n deletionPolicy: DELETE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firestore Cmek Database In Datastore Mode\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst keyRing = new gcp.kms.KeyRing(\"key_ring\", {\n name: \"kms-key-ring\",\n location: \"us\",\n});\nconst cryptoKey = new gcp.kms.CryptoKey(\"crypto_key\", {\n name: \"kms-key\",\n keyRing: keyRing.id,\n purpose: \"ENCRYPT_DECRYPT\",\n});\nconst firestoreCmekKeyuser = new gcp.kms.CryptoKeyIAMBinding(\"firestore_cmek_keyuser\", {\n cryptoKeyId: cryptoKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n members: [project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-firestore.iam.gserviceaccount.com`)],\n});\nconst database = new gcp.firestore.Database(\"database\", {\n project: \"my-project-name\",\n name: \"cmek-database-id\",\n locationId: \"nam5\",\n type: \"DATASTORE_MODE\",\n concurrencyMode: \"OPTIMISTIC\",\n appEngineIntegrationMode: \"DISABLED\",\n pointInTimeRecoveryEnablement: \"POINT_IN_TIME_RECOVERY_ENABLED\",\n deleteProtectionState: \"DELETE_PROTECTION_ENABLED\",\n deletionPolicy: \"DELETE\",\n cmekConfig: {\n kmsKeyName: cryptoKey.id,\n },\n}, {\n dependsOn: [firestoreCmekKeyuser],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nkey_ring = gcp.kms.KeyRing(\"key_ring\",\n name=\"kms-key-ring\",\n location=\"us\")\ncrypto_key = gcp.kms.CryptoKey(\"crypto_key\",\n name=\"kms-key\",\n key_ring=key_ring.id,\n purpose=\"ENCRYPT_DECRYPT\")\nfirestore_cmek_keyuser = gcp.kms.CryptoKeyIAMBinding(\"firestore_cmek_keyuser\",\n crypto_key_id=crypto_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n members=[f\"serviceAccount:service-{project.number}@gcp-sa-firestore.iam.gserviceaccount.com\"])\ndatabase = gcp.firestore.Database(\"database\",\n project=\"my-project-name\",\n name=\"cmek-database-id\",\n location_id=\"nam5\",\n type=\"DATASTORE_MODE\",\n concurrency_mode=\"OPTIMISTIC\",\n app_engine_integration_mode=\"DISABLED\",\n point_in_time_recovery_enablement=\"POINT_IN_TIME_RECOVERY_ENABLED\",\n delete_protection_state=\"DELETE_PROTECTION_ENABLED\",\n deletion_policy=\"DELETE\",\n cmek_config={\n \"kms_key_name\": crypto_key.id,\n },\n opts = pulumi.ResourceOptions(depends_on=[firestore_cmek_keyuser]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var keyRing = new Gcp.Kms.KeyRing(\"key_ring\", new()\n {\n Name = \"kms-key-ring\",\n Location = \"us\",\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKey(\"crypto_key\", new()\n {\n Name = \"kms-key\",\n KeyRing = keyRing.Id,\n Purpose = \"ENCRYPT_DECRYPT\",\n });\n\n var firestoreCmekKeyuser = new Gcp.Kms.CryptoKeyIAMBinding(\"firestore_cmek_keyuser\", new()\n {\n CryptoKeyId = cryptoKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Members = new[]\n {\n $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-firestore.iam.gserviceaccount.com\",\n },\n });\n\n var database = new Gcp.Firestore.Database(\"database\", new()\n {\n Project = \"my-project-name\",\n Name = \"cmek-database-id\",\n LocationId = \"nam5\",\n Type = \"DATASTORE_MODE\",\n ConcurrencyMode = \"OPTIMISTIC\",\n AppEngineIntegrationMode = \"DISABLED\",\n PointInTimeRecoveryEnablement = \"POINT_IN_TIME_RECOVERY_ENABLED\",\n DeleteProtectionState = \"DELETE_PROTECTION_ENABLED\",\n DeletionPolicy = \"DELETE\",\n CmekConfig = new Gcp.Firestore.Inputs.DatabaseCmekConfigArgs\n {\n KmsKeyName = cryptoKey.Id,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n firestoreCmekKeyuser,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firestore\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkeyRing, err := kms.NewKeyRing(ctx, \"key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"kms-key-ring\"),\n\t\t\tLocation: pulumi.String(\"us\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKey(ctx, \"crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"kms-key\"),\n\t\t\tKeyRing: keyRing.ID(),\n\t\t\tPurpose: pulumi.String(\"ENCRYPT_DECRYPT\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirestoreCmekKeyuser, err := kms.NewCryptoKeyIAMBinding(ctx, \"firestore_cmek_keyuser\", \u0026kms.CryptoKeyIAMBindingArgs{\n\t\t\tCryptoKeyId: cryptoKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-firestore.iam.gserviceaccount.com\", project.Number),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firestore.NewDatabase(ctx, \"database\", \u0026firestore.DatabaseArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tName: pulumi.String(\"cmek-database-id\"),\n\t\t\tLocationId: pulumi.String(\"nam5\"),\n\t\t\tType: pulumi.String(\"DATASTORE_MODE\"),\n\t\t\tConcurrencyMode: pulumi.String(\"OPTIMISTIC\"),\n\t\t\tAppEngineIntegrationMode: pulumi.String(\"DISABLED\"),\n\t\t\tPointInTimeRecoveryEnablement: pulumi.String(\"POINT_IN_TIME_RECOVERY_ENABLED\"),\n\t\t\tDeleteProtectionState: pulumi.String(\"DELETE_PROTECTION_ENABLED\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t\tCmekConfig: \u0026firestore.DatabaseCmekConfigArgs{\n\t\t\t\tKmsKeyName: cryptoKey.ID(),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfirestoreCmekKeyuser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBinding;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;\nimport com.pulumi.gcp.firestore.Database;\nimport com.pulumi.gcp.firestore.DatabaseArgs;\nimport com.pulumi.gcp.firestore.inputs.DatabaseCmekConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var keyRing = new KeyRing(\"keyRing\", KeyRingArgs.builder()\n .name(\"kms-key-ring\")\n .location(\"us\")\n .build());\n\n var cryptoKey = new CryptoKey(\"cryptoKey\", CryptoKeyArgs.builder()\n .name(\"kms-key\")\n .keyRing(keyRing.id())\n .purpose(\"ENCRYPT_DECRYPT\")\n .build());\n\n var firestoreCmekKeyuser = new CryptoKeyIAMBinding(\"firestoreCmekKeyuser\", CryptoKeyIAMBindingArgs.builder()\n .cryptoKeyId(cryptoKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .members(String.format(\"serviceAccount:service-%s@gcp-sa-firestore.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var database = new Database(\"database\", DatabaseArgs.builder()\n .project(\"my-project-name\")\n .name(\"cmek-database-id\")\n .locationId(\"nam5\")\n .type(\"DATASTORE_MODE\")\n .concurrencyMode(\"OPTIMISTIC\")\n .appEngineIntegrationMode(\"DISABLED\")\n .pointInTimeRecoveryEnablement(\"POINT_IN_TIME_RECOVERY_ENABLED\")\n .deleteProtectionState(\"DELETE_PROTECTION_ENABLED\")\n .deletionPolicy(\"DELETE\")\n .cmekConfig(DatabaseCmekConfigArgs.builder()\n .kmsKeyName(cryptoKey.id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(firestoreCmekKeyuser)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:firestore:Database\n properties:\n project: my-project-name\n name: cmek-database-id\n locationId: nam5\n type: DATASTORE_MODE\n concurrencyMode: OPTIMISTIC\n appEngineIntegrationMode: DISABLED\n pointInTimeRecoveryEnablement: POINT_IN_TIME_RECOVERY_ENABLED\n deleteProtectionState: DELETE_PROTECTION_ENABLED\n deletionPolicy: DELETE\n cmekConfig:\n kmsKeyName: ${cryptoKey.id}\n options:\n dependsOn:\n - ${firestoreCmekKeyuser}\n cryptoKey:\n type: gcp:kms:CryptoKey\n name: crypto_key\n properties:\n name: kms-key\n keyRing: ${keyRing.id}\n purpose: ENCRYPT_DECRYPT\n keyRing:\n type: gcp:kms:KeyRing\n name: key_ring\n properties:\n name: kms-key-ring\n location: us\n firestoreCmekKeyuser:\n type: gcp:kms:CryptoKeyIAMBinding\n name: firestore_cmek_keyuser\n properties:\n cryptoKeyId: ${cryptoKey.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n members:\n - serviceAccount:service-${project.number}@gcp-sa-firestore.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nDatabase can be imported using any of these accepted formats:\n\n* `projects/{{project}}/databases/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Database can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:firestore/database:Database default projects/{{project}}/databases/{{name}}\n```\n\n```sh\n$ pulumi import gcp:firestore/database:Database default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:firestore/database:Database default {{name}}\n```\n\n", "properties": { "appEngineIntegrationMode": { "type": "string", @@ -214769,7 +214769,7 @@ } }, "gcp:firestore/document:Document": { - "description": "In Cloud Firestore, the unit of storage is the document. A document is a lightweight record\nthat contains fields, which map to values. Each document is identified by a name.\n\n\nTo get more information about Document, see:\n\n* [API documentation](https://cloud.google.com/firestore/docs/reference/rest/v1/projects.databases.documents)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/firestore/docs/manage-data/add-data)\n\n\u003e **Warning:** This resource creates a Firestore Document on a project that already has\na Firestore database. If you haven't already created it, you may\ncreate a `gcp.firestore.Database` resource with `type` set to\n`\"FIRESTORE_NATIVE\"` and `location_id` set to your chosen location.\nIf you wish to use App Engine, you may instead create a\n`gcp.appengine.Application` resource with `database_type` set to\n`\"CLOUD_FIRESTORE\"`. Your Firestore location will be the same as\nthe App Engine location specified.\n\n## Example Usage\n\n### Firestore Document Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst project = new gcp.organizations.Project(\"project\", {\n projectId: \"project-id\",\n name: \"project-id\",\n orgId: \"123456789\",\n deletionPolicy: \"DELETE\",\n});\nconst wait60Seconds = new time.index.Sleep(\"wait_60_seconds\", {createDuration: \"60s\"}, {\n dependsOn: [project],\n});\nconst firestore = new gcp.projects.Service(\"firestore\", {\n project: project.projectId,\n service: \"firestore.googleapis.com\",\n}, {\n dependsOn: [wait60Seconds],\n});\nconst database = new gcp.firestore.Database(\"database\", {\n project: project.projectId,\n name: \"(default)\",\n locationId: \"nam5\",\n type: \"FIRESTORE_NATIVE\",\n}, {\n dependsOn: [firestore],\n});\nconst mydoc = new gcp.firestore.Document(\"mydoc\", {\n project: project.projectId,\n database: database.name,\n collection: \"somenewcollection\",\n documentId: \"my-doc-id\",\n fields: \"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"akey\\\":{\\\"stringValue\\\":\\\"avalue\\\"}}}}}\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\nproject = gcp.organizations.Project(\"project\",\n project_id=\"project-id\",\n name=\"project-id\",\n org_id=\"123456789\",\n deletion_policy=\"DELETE\")\nwait60_seconds = time.index.Sleep(\"wait_60_seconds\", create_duration=60s,\nopts = pulumi.ResourceOptions(depends_on=[project]))\nfirestore = gcp.projects.Service(\"firestore\",\n project=project.project_id,\n service=\"firestore.googleapis.com\",\n opts = pulumi.ResourceOptions(depends_on=[wait60_seconds]))\ndatabase = gcp.firestore.Database(\"database\",\n project=project.project_id,\n name=\"(default)\",\n location_id=\"nam5\",\n type=\"FIRESTORE_NATIVE\",\n opts = pulumi.ResourceOptions(depends_on=[firestore]))\nmydoc = gcp.firestore.Document(\"mydoc\",\n project=project.project_id,\n database=database.name,\n collection=\"somenewcollection\",\n document_id=\"my-doc-id\",\n fields=\"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"akey\\\":{\\\"stringValue\\\":\\\"avalue\\\"}}}}}\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Organizations.Project(\"project\", new()\n {\n ProjectId = \"project-id\",\n Name = \"project-id\",\n OrgId = \"123456789\",\n DeletionPolicy = \"DELETE\",\n });\n\n var wait60Seconds = new Time.Index.Sleep(\"wait_60_seconds\", new()\n {\n CreateDuration = \"60s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n project,\n },\n });\n\n var firestore = new Gcp.Projects.Service(\"firestore\", new()\n {\n Project = project.ProjectId,\n ServiceName = \"firestore.googleapis.com\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait60Seconds,\n },\n });\n\n var database = new Gcp.Firestore.Database(\"database\", new()\n {\n Project = project.ProjectId,\n Name = \"(default)\",\n LocationId = \"nam5\",\n Type = \"FIRESTORE_NATIVE\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n firestore,\n },\n });\n\n var mydoc = new Gcp.Firestore.Document(\"mydoc\", new()\n {\n Project = project.ProjectId,\n Database = database.Name,\n Collection = \"somenewcollection\",\n DocumentId = \"my-doc-id\",\n Fields = \"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"akey\\\":{\\\"stringValue\\\":\\\"avalue\\\"}}}}}\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firestore\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.NewProject(ctx, \"project\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"project-id\"),\n\t\t\tName: pulumi.String(\"project-id\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twait60Seconds, err := time.NewSleep(ctx, \"wait_60_seconds\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"60s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tproject,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirestore, err := projects.NewService(ctx, \"firestore\", \u0026projects.ServiceArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tService: pulumi.String(\"firestore.googleapis.com\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait60Seconds,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdatabase, err := firestore.NewDatabase(ctx, \"database\", \u0026firestore.DatabaseArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tName: pulumi.String(\"(default)\"),\n\t\t\tLocationId: pulumi.String(\"nam5\"),\n\t\t\tType: pulumi.String(\"FIRESTORE_NATIVE\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfirestore,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firestore.NewDocument(ctx, \"mydoc\", \u0026firestore.DocumentArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tDatabase: database.Name,\n\t\t\tCollection: pulumi.String(\"somenewcollection\"),\n\t\t\tDocumentId: pulumi.String(\"my-doc-id\"),\n\t\t\tFields: pulumi.String(\"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"akey\\\":{\\\"stringValue\\\":\\\"avalue\\\"}}}}}\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.firestore.Database;\nimport com.pulumi.gcp.firestore.DatabaseArgs;\nimport com.pulumi.gcp.firestore.Document;\nimport com.pulumi.gcp.firestore.DocumentArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new Project(\"project\", ProjectArgs.builder()\n .projectId(\"project-id\")\n .name(\"project-id\")\n .orgId(\"123456789\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var wait60Seconds = new Sleep(\"wait60Seconds\", SleepArgs.builder()\n .createDuration(\"60s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(project)\n .build());\n\n var firestore = new Service(\"firestore\", ServiceArgs.builder()\n .project(project.projectId())\n .service(\"firestore.googleapis.com\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait60Seconds)\n .build());\n\n var database = new Database(\"database\", DatabaseArgs.builder()\n .project(project.projectId())\n .name(\"(default)\")\n .locationId(\"nam5\")\n .type(\"FIRESTORE_NATIVE\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(firestore)\n .build());\n\n var mydoc = new Document(\"mydoc\", DocumentArgs.builder()\n .project(project.projectId())\n .database(database.name())\n .collection(\"somenewcollection\")\n .documentId(\"my-doc-id\")\n .fields(\"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"akey\\\":{\\\"stringValue\\\":\\\"avalue\\\"}}}}}\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:organizations:Project\n properties:\n projectId: project-id\n name: project-id\n orgId: '123456789'\n deletionPolicy: DELETE\n wait60Seconds:\n type: time:sleep\n name: wait_60_seconds\n properties:\n createDuration: 60s\n options:\n dependson:\n - ${project}\n firestore:\n type: gcp:projects:Service\n properties:\n project: ${project.projectId}\n service: firestore.googleapis.com\n options:\n dependson:\n - ${wait60Seconds}\n database:\n type: gcp:firestore:Database\n properties:\n project: ${project.projectId}\n name: (default)\n locationId: nam5\n type: FIRESTORE_NATIVE\n options:\n dependson:\n - ${firestore}\n mydoc:\n type: gcp:firestore:Document\n properties:\n project: ${project.projectId}\n database: ${database.name}\n collection: somenewcollection\n documentId: my-doc-id\n fields: '{\"something\":{\"mapValue\":{\"fields\":{\"akey\":{\"stringValue\":\"avalue\"}}}}}'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firestore Document Nested Document\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst project = new gcp.organizations.Project(\"project\", {\n projectId: \"project-id\",\n name: \"project-id\",\n orgId: \"123456789\",\n deletionPolicy: \"DELETE\",\n});\nconst wait60Seconds = new time.index.Sleep(\"wait_60_seconds\", {createDuration: \"60s\"}, {\n dependsOn: [project],\n});\nconst firestore = new gcp.projects.Service(\"firestore\", {\n project: project.projectId,\n service: \"firestore.googleapis.com\",\n}, {\n dependsOn: [wait60Seconds],\n});\nconst database = new gcp.firestore.Database(\"database\", {\n project: project.projectId,\n name: \"(default)\",\n locationId: \"nam5\",\n type: \"FIRESTORE_NATIVE\",\n}, {\n dependsOn: [firestore],\n});\nconst mydoc = new gcp.firestore.Document(\"mydoc\", {\n project: project.projectId,\n database: database.name,\n collection: \"somenewcollection\",\n documentId: \"my-doc-id\",\n fields: \"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"akey\\\":{\\\"stringValue\\\":\\\"avalue\\\"}}}}}\",\n});\nconst subDocument = new gcp.firestore.Document(\"sub_document\", {\n project: project.projectId,\n database: database.name,\n collection: pulumi.interpolate`${mydoc.path}/subdocs`,\n documentId: \"bitcoinkey\",\n fields: \"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"ayo\\\":{\\\"stringValue\\\":\\\"val2\\\"}}}}}\",\n});\nconst subSubDocument = new gcp.firestore.Document(\"sub_sub_document\", {\n project: project.projectId,\n database: database.name,\n collection: pulumi.interpolate`${subDocument.path}/subsubdocs`,\n documentId: \"asecret\",\n fields: \"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"secret\\\":{\\\"stringValue\\\":\\\"hithere\\\"}}}}}\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\nproject = gcp.organizations.Project(\"project\",\n project_id=\"project-id\",\n name=\"project-id\",\n org_id=\"123456789\",\n deletion_policy=\"DELETE\")\nwait60_seconds = time.index.Sleep(\"wait_60_seconds\", create_duration=60s,\nopts = pulumi.ResourceOptions(depends_on=[project]))\nfirestore = gcp.projects.Service(\"firestore\",\n project=project.project_id,\n service=\"firestore.googleapis.com\",\n opts = pulumi.ResourceOptions(depends_on=[wait60_seconds]))\ndatabase = gcp.firestore.Database(\"database\",\n project=project.project_id,\n name=\"(default)\",\n location_id=\"nam5\",\n type=\"FIRESTORE_NATIVE\",\n opts = pulumi.ResourceOptions(depends_on=[firestore]))\nmydoc = gcp.firestore.Document(\"mydoc\",\n project=project.project_id,\n database=database.name,\n collection=\"somenewcollection\",\n document_id=\"my-doc-id\",\n fields=\"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"akey\\\":{\\\"stringValue\\\":\\\"avalue\\\"}}}}}\")\nsub_document = gcp.firestore.Document(\"sub_document\",\n project=project.project_id,\n database=database.name,\n collection=mydoc.path.apply(lambda path: f\"{path}/subdocs\"),\n document_id=\"bitcoinkey\",\n fields=\"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"ayo\\\":{\\\"stringValue\\\":\\\"val2\\\"}}}}}\")\nsub_sub_document = gcp.firestore.Document(\"sub_sub_document\",\n project=project.project_id,\n database=database.name,\n collection=sub_document.path.apply(lambda path: f\"{path}/subsubdocs\"),\n document_id=\"asecret\",\n fields=\"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"secret\\\":{\\\"stringValue\\\":\\\"hithere\\\"}}}}}\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Organizations.Project(\"project\", new()\n {\n ProjectId = \"project-id\",\n Name = \"project-id\",\n OrgId = \"123456789\",\n DeletionPolicy = \"DELETE\",\n });\n\n var wait60Seconds = new Time.Index.Sleep(\"wait_60_seconds\", new()\n {\n CreateDuration = \"60s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n project,\n },\n });\n\n var firestore = new Gcp.Projects.Service(\"firestore\", new()\n {\n Project = project.ProjectId,\n ServiceName = \"firestore.googleapis.com\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait60Seconds,\n },\n });\n\n var database = new Gcp.Firestore.Database(\"database\", new()\n {\n Project = project.ProjectId,\n Name = \"(default)\",\n LocationId = \"nam5\",\n Type = \"FIRESTORE_NATIVE\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n firestore,\n },\n });\n\n var mydoc = new Gcp.Firestore.Document(\"mydoc\", new()\n {\n Project = project.ProjectId,\n Database = database.Name,\n Collection = \"somenewcollection\",\n DocumentId = \"my-doc-id\",\n Fields = \"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"akey\\\":{\\\"stringValue\\\":\\\"avalue\\\"}}}}}\",\n });\n\n var subDocument = new Gcp.Firestore.Document(\"sub_document\", new()\n {\n Project = project.ProjectId,\n Database = database.Name,\n Collection = mydoc.Path.Apply(path =\u003e $\"{path}/subdocs\"),\n DocumentId = \"bitcoinkey\",\n Fields = \"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"ayo\\\":{\\\"stringValue\\\":\\\"val2\\\"}}}}}\",\n });\n\n var subSubDocument = new Gcp.Firestore.Document(\"sub_sub_document\", new()\n {\n Project = project.ProjectId,\n Database = database.Name,\n Collection = subDocument.Path.Apply(path =\u003e $\"{path}/subsubdocs\"),\n DocumentId = \"asecret\",\n Fields = \"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"secret\\\":{\\\"stringValue\\\":\\\"hithere\\\"}}}}}\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firestore\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.NewProject(ctx, \"project\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"project-id\"),\n\t\t\tName: pulumi.String(\"project-id\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twait60Seconds, err := time.NewSleep(ctx, \"wait_60_seconds\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"60s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tproject,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirestore, err := projects.NewService(ctx, \"firestore\", \u0026projects.ServiceArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tService: pulumi.String(\"firestore.googleapis.com\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait60Seconds,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdatabase, err := firestore.NewDatabase(ctx, \"database\", \u0026firestore.DatabaseArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tName: pulumi.String(\"(default)\"),\n\t\t\tLocationId: pulumi.String(\"nam5\"),\n\t\t\tType: pulumi.String(\"FIRESTORE_NATIVE\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfirestore,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmydoc, err := firestore.NewDocument(ctx, \"mydoc\", \u0026firestore.DocumentArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tDatabase: database.Name,\n\t\t\tCollection: pulumi.String(\"somenewcollection\"),\n\t\t\tDocumentId: pulumi.String(\"my-doc-id\"),\n\t\t\tFields: pulumi.String(\"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"akey\\\":{\\\"stringValue\\\":\\\"avalue\\\"}}}}}\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubDocument, err := firestore.NewDocument(ctx, \"sub_document\", \u0026firestore.DocumentArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tDatabase: database.Name,\n\t\t\tCollection: mydoc.Path.ApplyT(func(path string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v/subdocs\", path), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tDocumentId: pulumi.String(\"bitcoinkey\"),\n\t\t\tFields: pulumi.String(\"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"ayo\\\":{\\\"stringValue\\\":\\\"val2\\\"}}}}}\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firestore.NewDocument(ctx, \"sub_sub_document\", \u0026firestore.DocumentArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tDatabase: database.Name,\n\t\t\tCollection: subDocument.Path.ApplyT(func(path string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v/subsubdocs\", path), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tDocumentId: pulumi.String(\"asecret\"),\n\t\t\tFields: pulumi.String(\"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"secret\\\":{\\\"stringValue\\\":\\\"hithere\\\"}}}}}\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.firestore.Database;\nimport com.pulumi.gcp.firestore.DatabaseArgs;\nimport com.pulumi.gcp.firestore.Document;\nimport com.pulumi.gcp.firestore.DocumentArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new Project(\"project\", ProjectArgs.builder()\n .projectId(\"project-id\")\n .name(\"project-id\")\n .orgId(\"123456789\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var wait60Seconds = new Sleep(\"wait60Seconds\", SleepArgs.builder()\n .createDuration(\"60s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(project)\n .build());\n\n var firestore = new Service(\"firestore\", ServiceArgs.builder()\n .project(project.projectId())\n .service(\"firestore.googleapis.com\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait60Seconds)\n .build());\n\n var database = new Database(\"database\", DatabaseArgs.builder()\n .project(project.projectId())\n .name(\"(default)\")\n .locationId(\"nam5\")\n .type(\"FIRESTORE_NATIVE\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(firestore)\n .build());\n\n var mydoc = new Document(\"mydoc\", DocumentArgs.builder()\n .project(project.projectId())\n .database(database.name())\n .collection(\"somenewcollection\")\n .documentId(\"my-doc-id\")\n .fields(\"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"akey\\\":{\\\"stringValue\\\":\\\"avalue\\\"}}}}}\")\n .build());\n\n var subDocument = new Document(\"subDocument\", DocumentArgs.builder()\n .project(project.projectId())\n .database(database.name())\n .collection(mydoc.path().applyValue(path -\u003e String.format(\"%s/subdocs\", path)))\n .documentId(\"bitcoinkey\")\n .fields(\"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"ayo\\\":{\\\"stringValue\\\":\\\"val2\\\"}}}}}\")\n .build());\n\n var subSubDocument = new Document(\"subSubDocument\", DocumentArgs.builder()\n .project(project.projectId())\n .database(database.name())\n .collection(subDocument.path().applyValue(path -\u003e String.format(\"%s/subsubdocs\", path)))\n .documentId(\"asecret\")\n .fields(\"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"secret\\\":{\\\"stringValue\\\":\\\"hithere\\\"}}}}}\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:organizations:Project\n properties:\n projectId: project-id\n name: project-id\n orgId: '123456789'\n deletionPolicy: DELETE\n wait60Seconds:\n type: time:sleep\n name: wait_60_seconds\n properties:\n createDuration: 60s\n options:\n dependson:\n - ${project}\n firestore:\n type: gcp:projects:Service\n properties:\n project: ${project.projectId}\n service: firestore.googleapis.com\n options:\n dependson:\n - ${wait60Seconds}\n database:\n type: gcp:firestore:Database\n properties:\n project: ${project.projectId}\n name: (default)\n locationId: nam5\n type: FIRESTORE_NATIVE\n options:\n dependson:\n - ${firestore}\n mydoc:\n type: gcp:firestore:Document\n properties:\n project: ${project.projectId}\n database: ${database.name}\n collection: somenewcollection\n documentId: my-doc-id\n fields: '{\"something\":{\"mapValue\":{\"fields\":{\"akey\":{\"stringValue\":\"avalue\"}}}}}'\n subDocument:\n type: gcp:firestore:Document\n name: sub_document\n properties:\n project: ${project.projectId}\n database: ${database.name}\n collection: ${mydoc.path}/subdocs\n documentId: bitcoinkey\n fields: '{\"something\":{\"mapValue\":{\"fields\":{\"ayo\":{\"stringValue\":\"val2\"}}}}}'\n subSubDocument:\n type: gcp:firestore:Document\n name: sub_sub_document\n properties:\n project: ${project.projectId}\n database: ${database.name}\n collection: ${subDocument.path}/subsubdocs\n documentId: asecret\n fields: '{\"something\":{\"mapValue\":{\"fields\":{\"secret\":{\"stringValue\":\"hithere\"}}}}}'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nDocument can be imported using any of these accepted formats:\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Document can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:firestore/document:Document default {{name}}\n```\n\n", + "description": "In Cloud Firestore, the unit of storage is the document. A document is a lightweight record\nthat contains fields, which map to values. Each document is identified by a name.\n\n\nTo get more information about Document, see:\n\n* [API documentation](https://cloud.google.com/firestore/docs/reference/rest/v1/projects.databases.documents)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/firestore/docs/manage-data/add-data)\n\n\u003e **Warning:** This resource creates a Firestore Document on a project that already has\na Firestore database. If you haven't already created it, you may\ncreate a `gcp.firestore.Database` resource with `type` set to\n`\"FIRESTORE_NATIVE\"` and `location_id` set to your chosen location.\nIf you wish to use App Engine, you may instead create a\n`gcp.appengine.Application` resource with `database_type` set to\n`\"CLOUD_FIRESTORE\"`. Your Firestore location will be the same as\nthe App Engine location specified.\n\n## Example Usage\n\n### Firestore Document Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst project = new gcp.organizations.Project(\"project\", {\n projectId: \"project-id\",\n name: \"project-id\",\n orgId: \"123456789\",\n deletionPolicy: \"DELETE\",\n});\nconst wait60Seconds = new time.index.Sleep(\"wait_60_seconds\", {createDuration: \"60s\"}, {\n dependsOn: [project],\n});\nconst firestore = new gcp.projects.Service(\"firestore\", {\n project: project.projectId,\n service: \"firestore.googleapis.com\",\n}, {\n dependsOn: [wait60Seconds],\n});\nconst database = new gcp.firestore.Database(\"database\", {\n project: project.projectId,\n name: \"(default)\",\n locationId: \"nam5\",\n type: \"FIRESTORE_NATIVE\",\n}, {\n dependsOn: [firestore],\n});\nconst mydoc = new gcp.firestore.Document(\"mydoc\", {\n project: project.projectId,\n database: database.name,\n collection: \"somenewcollection\",\n documentId: \"my-doc-id\",\n fields: \"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"akey\\\":{\\\"stringValue\\\":\\\"avalue\\\"}}}}}\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\nproject = gcp.organizations.Project(\"project\",\n project_id=\"project-id\",\n name=\"project-id\",\n org_id=\"123456789\",\n deletion_policy=\"DELETE\")\nwait60_seconds = time.index.Sleep(\"wait_60_seconds\", create_duration=60s,\nopts = pulumi.ResourceOptions(depends_on=[project]))\nfirestore = gcp.projects.Service(\"firestore\",\n project=project.project_id,\n service=\"firestore.googleapis.com\",\n opts = pulumi.ResourceOptions(depends_on=[wait60_seconds]))\ndatabase = gcp.firestore.Database(\"database\",\n project=project.project_id,\n name=\"(default)\",\n location_id=\"nam5\",\n type=\"FIRESTORE_NATIVE\",\n opts = pulumi.ResourceOptions(depends_on=[firestore]))\nmydoc = gcp.firestore.Document(\"mydoc\",\n project=project.project_id,\n database=database.name,\n collection=\"somenewcollection\",\n document_id=\"my-doc-id\",\n fields=\"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"akey\\\":{\\\"stringValue\\\":\\\"avalue\\\"}}}}}\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Organizations.Project(\"project\", new()\n {\n ProjectId = \"project-id\",\n Name = \"project-id\",\n OrgId = \"123456789\",\n DeletionPolicy = \"DELETE\",\n });\n\n var wait60Seconds = new Time.Index.Sleep(\"wait_60_seconds\", new()\n {\n CreateDuration = \"60s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n project,\n },\n });\n\n var firestore = new Gcp.Projects.Service(\"firestore\", new()\n {\n Project = project.ProjectId,\n ServiceName = \"firestore.googleapis.com\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait60Seconds,\n },\n });\n\n var database = new Gcp.Firestore.Database(\"database\", new()\n {\n Project = project.ProjectId,\n Name = \"(default)\",\n LocationId = \"nam5\",\n Type = \"FIRESTORE_NATIVE\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n firestore,\n },\n });\n\n var mydoc = new Gcp.Firestore.Document(\"mydoc\", new()\n {\n Project = project.ProjectId,\n Database = database.Name,\n Collection = \"somenewcollection\",\n DocumentId = \"my-doc-id\",\n Fields = \"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"akey\\\":{\\\"stringValue\\\":\\\"avalue\\\"}}}}}\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firestore\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.NewProject(ctx, \"project\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"project-id\"),\n\t\t\tName: pulumi.String(\"project-id\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twait60Seconds, err := time.NewSleep(ctx, \"wait_60_seconds\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"60s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tproject,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirestore, err := projects.NewService(ctx, \"firestore\", \u0026projects.ServiceArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tService: pulumi.String(\"firestore.googleapis.com\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait60Seconds,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdatabase, err := firestore.NewDatabase(ctx, \"database\", \u0026firestore.DatabaseArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tName: pulumi.String(\"(default)\"),\n\t\t\tLocationId: pulumi.String(\"nam5\"),\n\t\t\tType: pulumi.String(\"FIRESTORE_NATIVE\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfirestore,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firestore.NewDocument(ctx, \"mydoc\", \u0026firestore.DocumentArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tDatabase: database.Name,\n\t\t\tCollection: pulumi.String(\"somenewcollection\"),\n\t\t\tDocumentId: pulumi.String(\"my-doc-id\"),\n\t\t\tFields: pulumi.String(\"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"akey\\\":{\\\"stringValue\\\":\\\"avalue\\\"}}}}}\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.firestore.Database;\nimport com.pulumi.gcp.firestore.DatabaseArgs;\nimport com.pulumi.gcp.firestore.Document;\nimport com.pulumi.gcp.firestore.DocumentArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new Project(\"project\", ProjectArgs.builder()\n .projectId(\"project-id\")\n .name(\"project-id\")\n .orgId(\"123456789\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var wait60Seconds = new Sleep(\"wait60Seconds\", SleepArgs.builder()\n .createDuration(\"60s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(project)\n .build());\n\n var firestore = new Service(\"firestore\", ServiceArgs.builder()\n .project(project.projectId())\n .service(\"firestore.googleapis.com\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait60Seconds)\n .build());\n\n var database = new Database(\"database\", DatabaseArgs.builder()\n .project(project.projectId())\n .name(\"(default)\")\n .locationId(\"nam5\")\n .type(\"FIRESTORE_NATIVE\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(firestore)\n .build());\n\n var mydoc = new Document(\"mydoc\", DocumentArgs.builder()\n .project(project.projectId())\n .database(database.name())\n .collection(\"somenewcollection\")\n .documentId(\"my-doc-id\")\n .fields(\"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"akey\\\":{\\\"stringValue\\\":\\\"avalue\\\"}}}}}\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:organizations:Project\n properties:\n projectId: project-id\n name: project-id\n orgId: '123456789'\n deletionPolicy: DELETE\n wait60Seconds:\n type: time:sleep\n name: wait_60_seconds\n properties:\n createDuration: 60s\n options:\n dependsOn:\n - ${project}\n firestore:\n type: gcp:projects:Service\n properties:\n project: ${project.projectId}\n service: firestore.googleapis.com\n options:\n dependsOn:\n - ${wait60Seconds}\n database:\n type: gcp:firestore:Database\n properties:\n project: ${project.projectId}\n name: (default)\n locationId: nam5\n type: FIRESTORE_NATIVE\n options:\n dependsOn:\n - ${firestore}\n mydoc:\n type: gcp:firestore:Document\n properties:\n project: ${project.projectId}\n database: ${database.name}\n collection: somenewcollection\n documentId: my-doc-id\n fields: '{\"something\":{\"mapValue\":{\"fields\":{\"akey\":{\"stringValue\":\"avalue\"}}}}}'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firestore Document Nested Document\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst project = new gcp.organizations.Project(\"project\", {\n projectId: \"project-id\",\n name: \"project-id\",\n orgId: \"123456789\",\n deletionPolicy: \"DELETE\",\n});\nconst wait60Seconds = new time.index.Sleep(\"wait_60_seconds\", {createDuration: \"60s\"}, {\n dependsOn: [project],\n});\nconst firestore = new gcp.projects.Service(\"firestore\", {\n project: project.projectId,\n service: \"firestore.googleapis.com\",\n}, {\n dependsOn: [wait60Seconds],\n});\nconst database = new gcp.firestore.Database(\"database\", {\n project: project.projectId,\n name: \"(default)\",\n locationId: \"nam5\",\n type: \"FIRESTORE_NATIVE\",\n}, {\n dependsOn: [firestore],\n});\nconst mydoc = new gcp.firestore.Document(\"mydoc\", {\n project: project.projectId,\n database: database.name,\n collection: \"somenewcollection\",\n documentId: \"my-doc-id\",\n fields: \"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"akey\\\":{\\\"stringValue\\\":\\\"avalue\\\"}}}}}\",\n});\nconst subDocument = new gcp.firestore.Document(\"sub_document\", {\n project: project.projectId,\n database: database.name,\n collection: pulumi.interpolate`${mydoc.path}/subdocs`,\n documentId: \"bitcoinkey\",\n fields: \"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"ayo\\\":{\\\"stringValue\\\":\\\"val2\\\"}}}}}\",\n});\nconst subSubDocument = new gcp.firestore.Document(\"sub_sub_document\", {\n project: project.projectId,\n database: database.name,\n collection: pulumi.interpolate`${subDocument.path}/subsubdocs`,\n documentId: \"asecret\",\n fields: \"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"secret\\\":{\\\"stringValue\\\":\\\"hithere\\\"}}}}}\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\nproject = gcp.organizations.Project(\"project\",\n project_id=\"project-id\",\n name=\"project-id\",\n org_id=\"123456789\",\n deletion_policy=\"DELETE\")\nwait60_seconds = time.index.Sleep(\"wait_60_seconds\", create_duration=60s,\nopts = pulumi.ResourceOptions(depends_on=[project]))\nfirestore = gcp.projects.Service(\"firestore\",\n project=project.project_id,\n service=\"firestore.googleapis.com\",\n opts = pulumi.ResourceOptions(depends_on=[wait60_seconds]))\ndatabase = gcp.firestore.Database(\"database\",\n project=project.project_id,\n name=\"(default)\",\n location_id=\"nam5\",\n type=\"FIRESTORE_NATIVE\",\n opts = pulumi.ResourceOptions(depends_on=[firestore]))\nmydoc = gcp.firestore.Document(\"mydoc\",\n project=project.project_id,\n database=database.name,\n collection=\"somenewcollection\",\n document_id=\"my-doc-id\",\n fields=\"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"akey\\\":{\\\"stringValue\\\":\\\"avalue\\\"}}}}}\")\nsub_document = gcp.firestore.Document(\"sub_document\",\n project=project.project_id,\n database=database.name,\n collection=mydoc.path.apply(lambda path: f\"{path}/subdocs\"),\n document_id=\"bitcoinkey\",\n fields=\"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"ayo\\\":{\\\"stringValue\\\":\\\"val2\\\"}}}}}\")\nsub_sub_document = gcp.firestore.Document(\"sub_sub_document\",\n project=project.project_id,\n database=database.name,\n collection=sub_document.path.apply(lambda path: f\"{path}/subsubdocs\"),\n document_id=\"asecret\",\n fields=\"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"secret\\\":{\\\"stringValue\\\":\\\"hithere\\\"}}}}}\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Organizations.Project(\"project\", new()\n {\n ProjectId = \"project-id\",\n Name = \"project-id\",\n OrgId = \"123456789\",\n DeletionPolicy = \"DELETE\",\n });\n\n var wait60Seconds = new Time.Index.Sleep(\"wait_60_seconds\", new()\n {\n CreateDuration = \"60s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n project,\n },\n });\n\n var firestore = new Gcp.Projects.Service(\"firestore\", new()\n {\n Project = project.ProjectId,\n ServiceName = \"firestore.googleapis.com\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait60Seconds,\n },\n });\n\n var database = new Gcp.Firestore.Database(\"database\", new()\n {\n Project = project.ProjectId,\n Name = \"(default)\",\n LocationId = \"nam5\",\n Type = \"FIRESTORE_NATIVE\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n firestore,\n },\n });\n\n var mydoc = new Gcp.Firestore.Document(\"mydoc\", new()\n {\n Project = project.ProjectId,\n Database = database.Name,\n Collection = \"somenewcollection\",\n DocumentId = \"my-doc-id\",\n Fields = \"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"akey\\\":{\\\"stringValue\\\":\\\"avalue\\\"}}}}}\",\n });\n\n var subDocument = new Gcp.Firestore.Document(\"sub_document\", new()\n {\n Project = project.ProjectId,\n Database = database.Name,\n Collection = mydoc.Path.Apply(path =\u003e $\"{path}/subdocs\"),\n DocumentId = \"bitcoinkey\",\n Fields = \"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"ayo\\\":{\\\"stringValue\\\":\\\"val2\\\"}}}}}\",\n });\n\n var subSubDocument = new Gcp.Firestore.Document(\"sub_sub_document\", new()\n {\n Project = project.ProjectId,\n Database = database.Name,\n Collection = subDocument.Path.Apply(path =\u003e $\"{path}/subsubdocs\"),\n DocumentId = \"asecret\",\n Fields = \"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"secret\\\":{\\\"stringValue\\\":\\\"hithere\\\"}}}}}\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firestore\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.NewProject(ctx, \"project\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"project-id\"),\n\t\t\tName: pulumi.String(\"project-id\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twait60Seconds, err := time.NewSleep(ctx, \"wait_60_seconds\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"60s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tproject,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirestore, err := projects.NewService(ctx, \"firestore\", \u0026projects.ServiceArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tService: pulumi.String(\"firestore.googleapis.com\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait60Seconds,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdatabase, err := firestore.NewDatabase(ctx, \"database\", \u0026firestore.DatabaseArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tName: pulumi.String(\"(default)\"),\n\t\t\tLocationId: pulumi.String(\"nam5\"),\n\t\t\tType: pulumi.String(\"FIRESTORE_NATIVE\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfirestore,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmydoc, err := firestore.NewDocument(ctx, \"mydoc\", \u0026firestore.DocumentArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tDatabase: database.Name,\n\t\t\tCollection: pulumi.String(\"somenewcollection\"),\n\t\t\tDocumentId: pulumi.String(\"my-doc-id\"),\n\t\t\tFields: pulumi.String(\"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"akey\\\":{\\\"stringValue\\\":\\\"avalue\\\"}}}}}\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubDocument, err := firestore.NewDocument(ctx, \"sub_document\", \u0026firestore.DocumentArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tDatabase: database.Name,\n\t\t\tCollection: mydoc.Path.ApplyT(func(path string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v/subdocs\", path), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tDocumentId: pulumi.String(\"bitcoinkey\"),\n\t\t\tFields: pulumi.String(\"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"ayo\\\":{\\\"stringValue\\\":\\\"val2\\\"}}}}}\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firestore.NewDocument(ctx, \"sub_sub_document\", \u0026firestore.DocumentArgs{\n\t\t\tProject: project.ProjectId,\n\t\t\tDatabase: database.Name,\n\t\t\tCollection: subDocument.Path.ApplyT(func(path string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v/subsubdocs\", path), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tDocumentId: pulumi.String(\"asecret\"),\n\t\t\tFields: pulumi.String(\"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"secret\\\":{\\\"stringValue\\\":\\\"hithere\\\"}}}}}\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.firestore.Database;\nimport com.pulumi.gcp.firestore.DatabaseArgs;\nimport com.pulumi.gcp.firestore.Document;\nimport com.pulumi.gcp.firestore.DocumentArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new Project(\"project\", ProjectArgs.builder()\n .projectId(\"project-id\")\n .name(\"project-id\")\n .orgId(\"123456789\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var wait60Seconds = new Sleep(\"wait60Seconds\", SleepArgs.builder()\n .createDuration(\"60s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(project)\n .build());\n\n var firestore = new Service(\"firestore\", ServiceArgs.builder()\n .project(project.projectId())\n .service(\"firestore.googleapis.com\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait60Seconds)\n .build());\n\n var database = new Database(\"database\", DatabaseArgs.builder()\n .project(project.projectId())\n .name(\"(default)\")\n .locationId(\"nam5\")\n .type(\"FIRESTORE_NATIVE\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(firestore)\n .build());\n\n var mydoc = new Document(\"mydoc\", DocumentArgs.builder()\n .project(project.projectId())\n .database(database.name())\n .collection(\"somenewcollection\")\n .documentId(\"my-doc-id\")\n .fields(\"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"akey\\\":{\\\"stringValue\\\":\\\"avalue\\\"}}}}}\")\n .build());\n\n var subDocument = new Document(\"subDocument\", DocumentArgs.builder()\n .project(project.projectId())\n .database(database.name())\n .collection(mydoc.path().applyValue(path -\u003e String.format(\"%s/subdocs\", path)))\n .documentId(\"bitcoinkey\")\n .fields(\"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"ayo\\\":{\\\"stringValue\\\":\\\"val2\\\"}}}}}\")\n .build());\n\n var subSubDocument = new Document(\"subSubDocument\", DocumentArgs.builder()\n .project(project.projectId())\n .database(database.name())\n .collection(subDocument.path().applyValue(path -\u003e String.format(\"%s/subsubdocs\", path)))\n .documentId(\"asecret\")\n .fields(\"{\\\"something\\\":{\\\"mapValue\\\":{\\\"fields\\\":{\\\"secret\\\":{\\\"stringValue\\\":\\\"hithere\\\"}}}}}\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:organizations:Project\n properties:\n projectId: project-id\n name: project-id\n orgId: '123456789'\n deletionPolicy: DELETE\n wait60Seconds:\n type: time:sleep\n name: wait_60_seconds\n properties:\n createDuration: 60s\n options:\n dependsOn:\n - ${project}\n firestore:\n type: gcp:projects:Service\n properties:\n project: ${project.projectId}\n service: firestore.googleapis.com\n options:\n dependsOn:\n - ${wait60Seconds}\n database:\n type: gcp:firestore:Database\n properties:\n project: ${project.projectId}\n name: (default)\n locationId: nam5\n type: FIRESTORE_NATIVE\n options:\n dependsOn:\n - ${firestore}\n mydoc:\n type: gcp:firestore:Document\n properties:\n project: ${project.projectId}\n database: ${database.name}\n collection: somenewcollection\n documentId: my-doc-id\n fields: '{\"something\":{\"mapValue\":{\"fields\":{\"akey\":{\"stringValue\":\"avalue\"}}}}}'\n subDocument:\n type: gcp:firestore:Document\n name: sub_document\n properties:\n project: ${project.projectId}\n database: ${database.name}\n collection: ${mydoc.path}/subdocs\n documentId: bitcoinkey\n fields: '{\"something\":{\"mapValue\":{\"fields\":{\"ayo\":{\"stringValue\":\"val2\"}}}}}'\n subSubDocument:\n type: gcp:firestore:Document\n name: sub_sub_document\n properties:\n project: ${project.projectId}\n database: ${database.name}\n collection: ${subDocument.path}/subsubdocs\n documentId: asecret\n fields: '{\"something\":{\"mapValue\":{\"fields\":{\"secret\":{\"stringValue\":\"hithere\"}}}}}'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nDocument can be imported using any of these accepted formats:\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Document can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:firestore/document:Document default {{name}}\n```\n\n", "properties": { "collection": { "type": "string", @@ -215144,7 +215144,7 @@ } }, "gcp:folder/accessApprovalSettings:AccessApprovalSettings": { - "description": "Access Approval enables you to require your explicit approval whenever Google support and engineering need to access your customer content.\n\n\nTo get more information about FolderSettings, see:\n\n* [API documentation](https://cloud.google.com/access-approval/docs/reference/rest/v1/folders)\n\n## Example Usage\n\n### Folder Access Approval Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myFolder = new gcp.organizations.Folder(\"my_folder\", {\n displayName: \"my-folder\",\n parent: \"organizations/123456789\",\n deletionProtection: false,\n});\nconst folderAccessApproval = new gcp.folder.AccessApprovalSettings(\"folder_access_approval\", {\n folderId: myFolder.folderId,\n notificationEmails: [\n \"testuser@example.com\",\n \"example.user@example.com\",\n ],\n enrolledServices: [{\n cloudProduct: \"all\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_folder = gcp.organizations.Folder(\"my_folder\",\n display_name=\"my-folder\",\n parent=\"organizations/123456789\",\n deletion_protection=False)\nfolder_access_approval = gcp.folder.AccessApprovalSettings(\"folder_access_approval\",\n folder_id=my_folder.folder_id,\n notification_emails=[\n \"testuser@example.com\",\n \"example.user@example.com\",\n ],\n enrolled_services=[{\n \"cloud_product\": \"all\",\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myFolder = new Gcp.Organizations.Folder(\"my_folder\", new()\n {\n DisplayName = \"my-folder\",\n Parent = \"organizations/123456789\",\n DeletionProtection = false,\n });\n\n var folderAccessApproval = new Gcp.Folder.AccessApprovalSettings(\"folder_access_approval\", new()\n {\n FolderId = myFolder.FolderId,\n NotificationEmails = new[]\n {\n \"testuser@example.com\",\n \"example.user@example.com\",\n },\n EnrolledServices = new[]\n {\n new Gcp.Folder.Inputs.AccessApprovalSettingsEnrolledServiceArgs\n {\n CloudProduct = \"all\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyFolder, err := organizations.NewFolder(ctx, \"my_folder\", \u0026organizations.FolderArgs{\n\t\t\tDisplayName: pulumi.String(\"my-folder\"),\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = folder.NewAccessApprovalSettings(ctx, \"folder_access_approval\", \u0026folder.AccessApprovalSettingsArgs{\n\t\t\tFolderId: myFolder.FolderId,\n\t\t\tNotificationEmails: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"testuser@example.com\"),\n\t\t\t\tpulumi.String(\"example.user@example.com\"),\n\t\t\t},\n\t\t\tEnrolledServices: folder.AccessApprovalSettingsEnrolledServiceArray{\n\t\t\t\t\u0026folder.AccessApprovalSettingsEnrolledServiceArgs{\n\t\t\t\t\tCloudProduct: pulumi.String(\"all\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Folder;\nimport com.pulumi.gcp.organizations.FolderArgs;\nimport com.pulumi.gcp.folder.AccessApprovalSettings;\nimport com.pulumi.gcp.folder.AccessApprovalSettingsArgs;\nimport com.pulumi.gcp.folder.inputs.AccessApprovalSettingsEnrolledServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myFolder = new Folder(\"myFolder\", FolderArgs.builder()\n .displayName(\"my-folder\")\n .parent(\"organizations/123456789\")\n .deletionProtection(false)\n .build());\n\n var folderAccessApproval = new AccessApprovalSettings(\"folderAccessApproval\", AccessApprovalSettingsArgs.builder()\n .folderId(myFolder.folderId())\n .notificationEmails( \n \"testuser@example.com\",\n \"example.user@example.com\")\n .enrolledServices(AccessApprovalSettingsEnrolledServiceArgs.builder()\n .cloudProduct(\"all\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myFolder:\n type: gcp:organizations:Folder\n name: my_folder\n properties:\n displayName: my-folder\n parent: organizations/123456789\n deletionProtection: false\n folderAccessApproval:\n type: gcp:folder:AccessApprovalSettings\n name: folder_access_approval\n properties:\n folderId: ${myFolder.folderId}\n notificationEmails:\n - testuser@example.com\n - example.user@example.com\n enrolledServices:\n - cloudProduct: all\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Folder Access Approval Active Key Version\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myFolder = new gcp.organizations.Folder(\"my_folder\", {\n displayName: \"my-folder\",\n parent: \"organizations/123456789\",\n deletionProtection: false,\n});\nconst myProject = new gcp.organizations.Project(\"my_project\", {\n name: \"My Project\",\n projectId: \"your-project-id\",\n folderId: myFolder.name,\n deletionPolicy: \"DELETE\",\n});\nconst keyRing = new gcp.kms.KeyRing(\"key_ring\", {\n name: \"key-ring\",\n location: \"global\",\n project: myProject.projectId,\n});\nconst cryptoKey = new gcp.kms.CryptoKey(\"crypto_key\", {\n name: \"crypto-key\",\n keyRing: keyRing.id,\n purpose: \"ASYMMETRIC_SIGN\",\n versionTemplate: {\n algorithm: \"EC_SIGN_P384_SHA384\",\n },\n});\nconst serviceAccount = gcp.accessapproval.getFolderServiceAccountOutput({\n folderId: myFolder.folderId,\n});\nconst iam = new gcp.kms.CryptoKeyIAMMember(\"iam\", {\n cryptoKeyId: cryptoKey.id,\n role: \"roles/cloudkms.signerVerifier\",\n member: serviceAccount.apply(serviceAccount =\u003e `serviceAccount:${serviceAccount.accountEmail}`),\n});\nconst cryptoKeyVersion = gcp.kms.getKMSCryptoKeyVersionOutput({\n cryptoKey: cryptoKey.id,\n});\nconst folderAccessApproval = new gcp.folder.AccessApprovalSettings(\"folder_access_approval\", {\n folderId: myFolder.folderId,\n activeKeyVersion: cryptoKeyVersion.apply(cryptoKeyVersion =\u003e cryptoKeyVersion.name),\n enrolledServices: [{\n cloudProduct: \"all\",\n }],\n}, {\n dependsOn: [iam],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_folder = gcp.organizations.Folder(\"my_folder\",\n display_name=\"my-folder\",\n parent=\"organizations/123456789\",\n deletion_protection=False)\nmy_project = gcp.organizations.Project(\"my_project\",\n name=\"My Project\",\n project_id=\"your-project-id\",\n folder_id=my_folder.name,\n deletion_policy=\"DELETE\")\nkey_ring = gcp.kms.KeyRing(\"key_ring\",\n name=\"key-ring\",\n location=\"global\",\n project=my_project.project_id)\ncrypto_key = gcp.kms.CryptoKey(\"crypto_key\",\n name=\"crypto-key\",\n key_ring=key_ring.id,\n purpose=\"ASYMMETRIC_SIGN\",\n version_template={\n \"algorithm\": \"EC_SIGN_P384_SHA384\",\n })\nservice_account = gcp.accessapproval.get_folder_service_account_output(folder_id=my_folder.folder_id)\niam = gcp.kms.CryptoKeyIAMMember(\"iam\",\n crypto_key_id=crypto_key.id,\n role=\"roles/cloudkms.signerVerifier\",\n member=service_account.apply(lambda service_account: f\"serviceAccount:{service_account.account_email}\"))\ncrypto_key_version = gcp.kms.get_kms_crypto_key_version_output(crypto_key=crypto_key.id)\nfolder_access_approval = gcp.folder.AccessApprovalSettings(\"folder_access_approval\",\n folder_id=my_folder.folder_id,\n active_key_version=crypto_key_version.name,\n enrolled_services=[{\n \"cloud_product\": \"all\",\n }],\n opts = pulumi.ResourceOptions(depends_on=[iam]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myFolder = new Gcp.Organizations.Folder(\"my_folder\", new()\n {\n DisplayName = \"my-folder\",\n Parent = \"organizations/123456789\",\n DeletionProtection = false,\n });\n\n var myProject = new Gcp.Organizations.Project(\"my_project\", new()\n {\n Name = \"My Project\",\n ProjectId = \"your-project-id\",\n FolderId = myFolder.Name,\n DeletionPolicy = \"DELETE\",\n });\n\n var keyRing = new Gcp.Kms.KeyRing(\"key_ring\", new()\n {\n Name = \"key-ring\",\n Location = \"global\",\n Project = myProject.ProjectId,\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKey(\"crypto_key\", new()\n {\n Name = \"crypto-key\",\n KeyRing = keyRing.Id,\n Purpose = \"ASYMMETRIC_SIGN\",\n VersionTemplate = new Gcp.Kms.Inputs.CryptoKeyVersionTemplateArgs\n {\n Algorithm = \"EC_SIGN_P384_SHA384\",\n },\n });\n\n var serviceAccount = Gcp.AccessApproval.GetFolderServiceAccount.Invoke(new()\n {\n FolderId = myFolder.FolderId,\n });\n\n var iam = new Gcp.Kms.CryptoKeyIAMMember(\"iam\", new()\n {\n CryptoKeyId = cryptoKey.Id,\n Role = \"roles/cloudkms.signerVerifier\",\n Member = $\"serviceAccount:{serviceAccount.Apply(getFolderServiceAccountResult =\u003e getFolderServiceAccountResult.AccountEmail)}\",\n });\n\n var cryptoKeyVersion = Gcp.Kms.GetKMSCryptoKeyVersion.Invoke(new()\n {\n CryptoKey = cryptoKey.Id,\n });\n\n var folderAccessApproval = new Gcp.Folder.AccessApprovalSettings(\"folder_access_approval\", new()\n {\n FolderId = myFolder.FolderId,\n ActiveKeyVersion = cryptoKeyVersion.Apply(getKMSCryptoKeyVersionResult =\u003e getKMSCryptoKeyVersionResult.Name),\n EnrolledServices = new[]\n {\n new Gcp.Folder.Inputs.AccessApprovalSettingsEnrolledServiceArgs\n {\n CloudProduct = \"all\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n iam,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accessapproval\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyFolder, err := organizations.NewFolder(ctx, \"my_folder\", \u0026organizations.FolderArgs{\n\t\t\tDisplayName: pulumi.String(\"my-folder\"),\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyProject, err := organizations.NewProject(ctx, \"my_project\", \u0026organizations.ProjectArgs{\n\t\t\tName: pulumi.String(\"My Project\"),\n\t\t\tProjectId: pulumi.String(\"your-project-id\"),\n\t\t\tFolderId: myFolder.Name,\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkeyRing, err := kms.NewKeyRing(ctx, \"key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"key-ring\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tProject: myProject.ProjectId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKey(ctx, \"crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"crypto-key\"),\n\t\t\tKeyRing: keyRing.ID(),\n\t\t\tPurpose: pulumi.String(\"ASYMMETRIC_SIGN\"),\n\t\t\tVersionTemplate: \u0026kms.CryptoKeyVersionTemplateArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"EC_SIGN_P384_SHA384\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tserviceAccount := accessapproval.GetFolderServiceAccountOutput(ctx, accessapproval.GetFolderServiceAccountOutputArgs{\n\t\t\tFolderId: myFolder.FolderId,\n\t\t}, nil)\n\t\tiam, err := kms.NewCryptoKeyIAMMember(ctx, \"iam\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: cryptoKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.signerVerifier\"),\n\t\t\tMember: serviceAccount.ApplyT(func(serviceAccount accessapproval.GetFolderServiceAccountResult) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", serviceAccount.AccountEmail), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKeyVersion := kms.GetKMSCryptoKeyVersionOutput(ctx, kms.GetKMSCryptoKeyVersionOutputArgs{\n\t\t\tCryptoKey: cryptoKey.ID(),\n\t\t}, nil)\n\t\t_, err = folder.NewAccessApprovalSettings(ctx, \"folder_access_approval\", \u0026folder.AccessApprovalSettingsArgs{\n\t\t\tFolderId: myFolder.FolderId,\n\t\t\tActiveKeyVersion: pulumi.String(cryptoKeyVersion.ApplyT(func(cryptoKeyVersion kms.GetKMSCryptoKeyVersionResult) (*string, error) {\n\t\t\t\treturn \u0026cryptoKeyVersion.Name, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\tEnrolledServices: folder.AccessApprovalSettingsEnrolledServiceArray{\n\t\t\t\t\u0026folder.AccessApprovalSettingsEnrolledServiceArgs{\n\t\t\t\t\tCloudProduct: pulumi.String(\"all\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tiam,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Folder;\nimport com.pulumi.gcp.organizations.FolderArgs;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.kms.inputs.CryptoKeyVersionTemplateArgs;\nimport com.pulumi.gcp.accessapproval.AccessapprovalFunctions;\nimport com.pulumi.gcp.accessapproval.inputs.GetFolderServiceAccountArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyVersionArgs;\nimport com.pulumi.gcp.folder.AccessApprovalSettings;\nimport com.pulumi.gcp.folder.AccessApprovalSettingsArgs;\nimport com.pulumi.gcp.folder.inputs.AccessApprovalSettingsEnrolledServiceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myFolder = new Folder(\"myFolder\", FolderArgs.builder()\n .displayName(\"my-folder\")\n .parent(\"organizations/123456789\")\n .deletionProtection(false)\n .build());\n\n var myProject = new Project(\"myProject\", ProjectArgs.builder()\n .name(\"My Project\")\n .projectId(\"your-project-id\")\n .folderId(myFolder.name())\n .deletionPolicy(\"DELETE\")\n .build());\n\n var keyRing = new KeyRing(\"keyRing\", KeyRingArgs.builder()\n .name(\"key-ring\")\n .location(\"global\")\n .project(myProject.projectId())\n .build());\n\n var cryptoKey = new CryptoKey(\"cryptoKey\", CryptoKeyArgs.builder()\n .name(\"crypto-key\")\n .keyRing(keyRing.id())\n .purpose(\"ASYMMETRIC_SIGN\")\n .versionTemplate(CryptoKeyVersionTemplateArgs.builder()\n .algorithm(\"EC_SIGN_P384_SHA384\")\n .build())\n .build());\n\n final var serviceAccount = AccessapprovalFunctions.getFolderServiceAccount(GetFolderServiceAccountArgs.builder()\n .folderId(myFolder.folderId())\n .build());\n\n var iam = new CryptoKeyIAMMember(\"iam\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(cryptoKey.id())\n .role(\"roles/cloudkms.signerVerifier\")\n .member(serviceAccount.applyValue(getFolderServiceAccountResult -\u003e getFolderServiceAccountResult).applyValue(serviceAccount -\u003e String.format(\"serviceAccount:%s\", serviceAccount.applyValue(getFolderServiceAccountResult -\u003e getFolderServiceAccountResult.accountEmail()))))\n .build());\n\n final var cryptoKeyVersion = KmsFunctions.getKMSCryptoKeyVersion(GetKMSCryptoKeyVersionArgs.builder()\n .cryptoKey(cryptoKey.id())\n .build());\n\n var folderAccessApproval = new AccessApprovalSettings(\"folderAccessApproval\", AccessApprovalSettingsArgs.builder()\n .folderId(myFolder.folderId())\n .activeKeyVersion(cryptoKeyVersion.applyValue(getKMSCryptoKeyVersionResult -\u003e getKMSCryptoKeyVersionResult).applyValue(cryptoKeyVersion -\u003e cryptoKeyVersion.applyValue(getKMSCryptoKeyVersionResult -\u003e getKMSCryptoKeyVersionResult.name())))\n .enrolledServices(AccessApprovalSettingsEnrolledServiceArgs.builder()\n .cloudProduct(\"all\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(iam)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myFolder:\n type: gcp:organizations:Folder\n name: my_folder\n properties:\n displayName: my-folder\n parent: organizations/123456789\n deletionProtection: false\n myProject:\n type: gcp:organizations:Project\n name: my_project\n properties:\n name: My Project\n projectId: your-project-id\n folderId: ${myFolder.name}\n deletionPolicy: DELETE\n keyRing:\n type: gcp:kms:KeyRing\n name: key_ring\n properties:\n name: key-ring\n location: global\n project: ${myProject.projectId}\n cryptoKey:\n type: gcp:kms:CryptoKey\n name: crypto_key\n properties:\n name: crypto-key\n keyRing: ${keyRing.id}\n purpose: ASYMMETRIC_SIGN\n versionTemplate:\n algorithm: EC_SIGN_P384_SHA384\n iam:\n type: gcp:kms:CryptoKeyIAMMember\n properties:\n cryptoKeyId: ${cryptoKey.id}\n role: roles/cloudkms.signerVerifier\n member: serviceAccount:${serviceAccount.accountEmail}\n folderAccessApproval:\n type: gcp:folder:AccessApprovalSettings\n name: folder_access_approval\n properties:\n folderId: ${myFolder.folderId}\n activeKeyVersion: ${cryptoKeyVersion.name}\n enrolledServices:\n - cloudProduct: all\n options:\n dependson:\n - ${iam}\nvariables:\n serviceAccount:\n fn::invoke:\n Function: gcp:accessapproval:getFolderServiceAccount\n Arguments:\n folderId: ${myFolder.folderId}\n cryptoKeyVersion:\n fn::invoke:\n Function: gcp:kms:getKMSCryptoKeyVersion\n Arguments:\n cryptoKey: ${cryptoKey.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFolderSettings can be imported using any of these accepted formats:\n\n* `folders/{{folder_id}}/accessApprovalSettings`\n\n* `{{folder_id}}`\n\nWhen using the `pulumi import` command, FolderSettings can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:folder/accessApprovalSettings:AccessApprovalSettings default folders/{{folder_id}}/accessApprovalSettings\n```\n\n```sh\n$ pulumi import gcp:folder/accessApprovalSettings:AccessApprovalSettings default {{folder_id}}\n```\n\n", + "description": "Access Approval enables you to require your explicit approval whenever Google support and engineering need to access your customer content.\n\n\nTo get more information about FolderSettings, see:\n\n* [API documentation](https://cloud.google.com/access-approval/docs/reference/rest/v1/folders)\n\n## Example Usage\n\n### Folder Access Approval Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myFolder = new gcp.organizations.Folder(\"my_folder\", {\n displayName: \"my-folder\",\n parent: \"organizations/123456789\",\n deletionProtection: false,\n});\nconst folderAccessApproval = new gcp.folder.AccessApprovalSettings(\"folder_access_approval\", {\n folderId: myFolder.folderId,\n notificationEmails: [\n \"testuser@example.com\",\n \"example.user@example.com\",\n ],\n enrolledServices: [{\n cloudProduct: \"all\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_folder = gcp.organizations.Folder(\"my_folder\",\n display_name=\"my-folder\",\n parent=\"organizations/123456789\",\n deletion_protection=False)\nfolder_access_approval = gcp.folder.AccessApprovalSettings(\"folder_access_approval\",\n folder_id=my_folder.folder_id,\n notification_emails=[\n \"testuser@example.com\",\n \"example.user@example.com\",\n ],\n enrolled_services=[{\n \"cloud_product\": \"all\",\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myFolder = new Gcp.Organizations.Folder(\"my_folder\", new()\n {\n DisplayName = \"my-folder\",\n Parent = \"organizations/123456789\",\n DeletionProtection = false,\n });\n\n var folderAccessApproval = new Gcp.Folder.AccessApprovalSettings(\"folder_access_approval\", new()\n {\n FolderId = myFolder.FolderId,\n NotificationEmails = new[]\n {\n \"testuser@example.com\",\n \"example.user@example.com\",\n },\n EnrolledServices = new[]\n {\n new Gcp.Folder.Inputs.AccessApprovalSettingsEnrolledServiceArgs\n {\n CloudProduct = \"all\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyFolder, err := organizations.NewFolder(ctx, \"my_folder\", \u0026organizations.FolderArgs{\n\t\t\tDisplayName: pulumi.String(\"my-folder\"),\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = folder.NewAccessApprovalSettings(ctx, \"folder_access_approval\", \u0026folder.AccessApprovalSettingsArgs{\n\t\t\tFolderId: myFolder.FolderId,\n\t\t\tNotificationEmails: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"testuser@example.com\"),\n\t\t\t\tpulumi.String(\"example.user@example.com\"),\n\t\t\t},\n\t\t\tEnrolledServices: folder.AccessApprovalSettingsEnrolledServiceArray{\n\t\t\t\t\u0026folder.AccessApprovalSettingsEnrolledServiceArgs{\n\t\t\t\t\tCloudProduct: pulumi.String(\"all\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Folder;\nimport com.pulumi.gcp.organizations.FolderArgs;\nimport com.pulumi.gcp.folder.AccessApprovalSettings;\nimport com.pulumi.gcp.folder.AccessApprovalSettingsArgs;\nimport com.pulumi.gcp.folder.inputs.AccessApprovalSettingsEnrolledServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myFolder = new Folder(\"myFolder\", FolderArgs.builder()\n .displayName(\"my-folder\")\n .parent(\"organizations/123456789\")\n .deletionProtection(false)\n .build());\n\n var folderAccessApproval = new AccessApprovalSettings(\"folderAccessApproval\", AccessApprovalSettingsArgs.builder()\n .folderId(myFolder.folderId())\n .notificationEmails( \n \"testuser@example.com\",\n \"example.user@example.com\")\n .enrolledServices(AccessApprovalSettingsEnrolledServiceArgs.builder()\n .cloudProduct(\"all\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myFolder:\n type: gcp:organizations:Folder\n name: my_folder\n properties:\n displayName: my-folder\n parent: organizations/123456789\n deletionProtection: false\n folderAccessApproval:\n type: gcp:folder:AccessApprovalSettings\n name: folder_access_approval\n properties:\n folderId: ${myFolder.folderId}\n notificationEmails:\n - testuser@example.com\n - example.user@example.com\n enrolledServices:\n - cloudProduct: all\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Folder Access Approval Active Key Version\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myFolder = new gcp.organizations.Folder(\"my_folder\", {\n displayName: \"my-folder\",\n parent: \"organizations/123456789\",\n deletionProtection: false,\n});\nconst myProject = new gcp.organizations.Project(\"my_project\", {\n name: \"My Project\",\n projectId: \"your-project-id\",\n folderId: myFolder.name,\n deletionPolicy: \"DELETE\",\n});\nconst keyRing = new gcp.kms.KeyRing(\"key_ring\", {\n name: \"key-ring\",\n location: \"global\",\n project: myProject.projectId,\n});\nconst cryptoKey = new gcp.kms.CryptoKey(\"crypto_key\", {\n name: \"crypto-key\",\n keyRing: keyRing.id,\n purpose: \"ASYMMETRIC_SIGN\",\n versionTemplate: {\n algorithm: \"EC_SIGN_P384_SHA384\",\n },\n});\nconst serviceAccount = gcp.accessapproval.getFolderServiceAccountOutput({\n folderId: myFolder.folderId,\n});\nconst iam = new gcp.kms.CryptoKeyIAMMember(\"iam\", {\n cryptoKeyId: cryptoKey.id,\n role: \"roles/cloudkms.signerVerifier\",\n member: serviceAccount.apply(serviceAccount =\u003e `serviceAccount:${serviceAccount.accountEmail}`),\n});\nconst cryptoKeyVersion = gcp.kms.getKMSCryptoKeyVersionOutput({\n cryptoKey: cryptoKey.id,\n});\nconst folderAccessApproval = new gcp.folder.AccessApprovalSettings(\"folder_access_approval\", {\n folderId: myFolder.folderId,\n activeKeyVersion: cryptoKeyVersion.apply(cryptoKeyVersion =\u003e cryptoKeyVersion.name),\n enrolledServices: [{\n cloudProduct: \"all\",\n }],\n}, {\n dependsOn: [iam],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_folder = gcp.organizations.Folder(\"my_folder\",\n display_name=\"my-folder\",\n parent=\"organizations/123456789\",\n deletion_protection=False)\nmy_project = gcp.organizations.Project(\"my_project\",\n name=\"My Project\",\n project_id=\"your-project-id\",\n folder_id=my_folder.name,\n deletion_policy=\"DELETE\")\nkey_ring = gcp.kms.KeyRing(\"key_ring\",\n name=\"key-ring\",\n location=\"global\",\n project=my_project.project_id)\ncrypto_key = gcp.kms.CryptoKey(\"crypto_key\",\n name=\"crypto-key\",\n key_ring=key_ring.id,\n purpose=\"ASYMMETRIC_SIGN\",\n version_template={\n \"algorithm\": \"EC_SIGN_P384_SHA384\",\n })\nservice_account = gcp.accessapproval.get_folder_service_account_output(folder_id=my_folder.folder_id)\niam = gcp.kms.CryptoKeyIAMMember(\"iam\",\n crypto_key_id=crypto_key.id,\n role=\"roles/cloudkms.signerVerifier\",\n member=service_account.apply(lambda service_account: f\"serviceAccount:{service_account.account_email}\"))\ncrypto_key_version = gcp.kms.get_kms_crypto_key_version_output(crypto_key=crypto_key.id)\nfolder_access_approval = gcp.folder.AccessApprovalSettings(\"folder_access_approval\",\n folder_id=my_folder.folder_id,\n active_key_version=crypto_key_version.name,\n enrolled_services=[{\n \"cloud_product\": \"all\",\n }],\n opts = pulumi.ResourceOptions(depends_on=[iam]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myFolder = new Gcp.Organizations.Folder(\"my_folder\", new()\n {\n DisplayName = \"my-folder\",\n Parent = \"organizations/123456789\",\n DeletionProtection = false,\n });\n\n var myProject = new Gcp.Organizations.Project(\"my_project\", new()\n {\n Name = \"My Project\",\n ProjectId = \"your-project-id\",\n FolderId = myFolder.Name,\n DeletionPolicy = \"DELETE\",\n });\n\n var keyRing = new Gcp.Kms.KeyRing(\"key_ring\", new()\n {\n Name = \"key-ring\",\n Location = \"global\",\n Project = myProject.ProjectId,\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKey(\"crypto_key\", new()\n {\n Name = \"crypto-key\",\n KeyRing = keyRing.Id,\n Purpose = \"ASYMMETRIC_SIGN\",\n VersionTemplate = new Gcp.Kms.Inputs.CryptoKeyVersionTemplateArgs\n {\n Algorithm = \"EC_SIGN_P384_SHA384\",\n },\n });\n\n var serviceAccount = Gcp.AccessApproval.GetFolderServiceAccount.Invoke(new()\n {\n FolderId = myFolder.FolderId,\n });\n\n var iam = new Gcp.Kms.CryptoKeyIAMMember(\"iam\", new()\n {\n CryptoKeyId = cryptoKey.Id,\n Role = \"roles/cloudkms.signerVerifier\",\n Member = $\"serviceAccount:{serviceAccount.Apply(getFolderServiceAccountResult =\u003e getFolderServiceAccountResult.AccountEmail)}\",\n });\n\n var cryptoKeyVersion = Gcp.Kms.GetKMSCryptoKeyVersion.Invoke(new()\n {\n CryptoKey = cryptoKey.Id,\n });\n\n var folderAccessApproval = new Gcp.Folder.AccessApprovalSettings(\"folder_access_approval\", new()\n {\n FolderId = myFolder.FolderId,\n ActiveKeyVersion = cryptoKeyVersion.Apply(getKMSCryptoKeyVersionResult =\u003e getKMSCryptoKeyVersionResult.Name),\n EnrolledServices = new[]\n {\n new Gcp.Folder.Inputs.AccessApprovalSettingsEnrolledServiceArgs\n {\n CloudProduct = \"all\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n iam,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accessapproval\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyFolder, err := organizations.NewFolder(ctx, \"my_folder\", \u0026organizations.FolderArgs{\n\t\t\tDisplayName: pulumi.String(\"my-folder\"),\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyProject, err := organizations.NewProject(ctx, \"my_project\", \u0026organizations.ProjectArgs{\n\t\t\tName: pulumi.String(\"My Project\"),\n\t\t\tProjectId: pulumi.String(\"your-project-id\"),\n\t\t\tFolderId: myFolder.Name,\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkeyRing, err := kms.NewKeyRing(ctx, \"key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"key-ring\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tProject: myProject.ProjectId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKey(ctx, \"crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"crypto-key\"),\n\t\t\tKeyRing: keyRing.ID(),\n\t\t\tPurpose: pulumi.String(\"ASYMMETRIC_SIGN\"),\n\t\t\tVersionTemplate: \u0026kms.CryptoKeyVersionTemplateArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"EC_SIGN_P384_SHA384\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tserviceAccount := accessapproval.GetFolderServiceAccountOutput(ctx, accessapproval.GetFolderServiceAccountOutputArgs{\n\t\t\tFolderId: myFolder.FolderId,\n\t\t}, nil)\n\t\tiam, err := kms.NewCryptoKeyIAMMember(ctx, \"iam\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: cryptoKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.signerVerifier\"),\n\t\t\tMember: serviceAccount.ApplyT(func(serviceAccount accessapproval.GetFolderServiceAccountResult) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", serviceAccount.AccountEmail), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKeyVersion := kms.GetKMSCryptoKeyVersionOutput(ctx, kms.GetKMSCryptoKeyVersionOutputArgs{\n\t\t\tCryptoKey: cryptoKey.ID(),\n\t\t}, nil)\n\t\t_, err = folder.NewAccessApprovalSettings(ctx, \"folder_access_approval\", \u0026folder.AccessApprovalSettingsArgs{\n\t\t\tFolderId: myFolder.FolderId,\n\t\t\tActiveKeyVersion: pulumi.String(cryptoKeyVersion.ApplyT(func(cryptoKeyVersion kms.GetKMSCryptoKeyVersionResult) (*string, error) {\n\t\t\t\treturn \u0026cryptoKeyVersion.Name, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\tEnrolledServices: folder.AccessApprovalSettingsEnrolledServiceArray{\n\t\t\t\t\u0026folder.AccessApprovalSettingsEnrolledServiceArgs{\n\t\t\t\t\tCloudProduct: pulumi.String(\"all\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tiam,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Folder;\nimport com.pulumi.gcp.organizations.FolderArgs;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.kms.inputs.CryptoKeyVersionTemplateArgs;\nimport com.pulumi.gcp.accessapproval.AccessapprovalFunctions;\nimport com.pulumi.gcp.accessapproval.inputs.GetFolderServiceAccountArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyVersionArgs;\nimport com.pulumi.gcp.folder.AccessApprovalSettings;\nimport com.pulumi.gcp.folder.AccessApprovalSettingsArgs;\nimport com.pulumi.gcp.folder.inputs.AccessApprovalSettingsEnrolledServiceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myFolder = new Folder(\"myFolder\", FolderArgs.builder()\n .displayName(\"my-folder\")\n .parent(\"organizations/123456789\")\n .deletionProtection(false)\n .build());\n\n var myProject = new Project(\"myProject\", ProjectArgs.builder()\n .name(\"My Project\")\n .projectId(\"your-project-id\")\n .folderId(myFolder.name())\n .deletionPolicy(\"DELETE\")\n .build());\n\n var keyRing = new KeyRing(\"keyRing\", KeyRingArgs.builder()\n .name(\"key-ring\")\n .location(\"global\")\n .project(myProject.projectId())\n .build());\n\n var cryptoKey = new CryptoKey(\"cryptoKey\", CryptoKeyArgs.builder()\n .name(\"crypto-key\")\n .keyRing(keyRing.id())\n .purpose(\"ASYMMETRIC_SIGN\")\n .versionTemplate(CryptoKeyVersionTemplateArgs.builder()\n .algorithm(\"EC_SIGN_P384_SHA384\")\n .build())\n .build());\n\n final var serviceAccount = AccessapprovalFunctions.getFolderServiceAccount(GetFolderServiceAccountArgs.builder()\n .folderId(myFolder.folderId())\n .build());\n\n var iam = new CryptoKeyIAMMember(\"iam\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(cryptoKey.id())\n .role(\"roles/cloudkms.signerVerifier\")\n .member(serviceAccount.applyValue(getFolderServiceAccountResult -\u003e getFolderServiceAccountResult).applyValue(serviceAccount -\u003e String.format(\"serviceAccount:%s\", serviceAccount.applyValue(getFolderServiceAccountResult -\u003e getFolderServiceAccountResult.accountEmail()))))\n .build());\n\n final var cryptoKeyVersion = KmsFunctions.getKMSCryptoKeyVersion(GetKMSCryptoKeyVersionArgs.builder()\n .cryptoKey(cryptoKey.id())\n .build());\n\n var folderAccessApproval = new AccessApprovalSettings(\"folderAccessApproval\", AccessApprovalSettingsArgs.builder()\n .folderId(myFolder.folderId())\n .activeKeyVersion(cryptoKeyVersion.applyValue(getKMSCryptoKeyVersionResult -\u003e getKMSCryptoKeyVersionResult).applyValue(cryptoKeyVersion -\u003e cryptoKeyVersion.applyValue(getKMSCryptoKeyVersionResult -\u003e getKMSCryptoKeyVersionResult.name())))\n .enrolledServices(AccessApprovalSettingsEnrolledServiceArgs.builder()\n .cloudProduct(\"all\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(iam)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myFolder:\n type: gcp:organizations:Folder\n name: my_folder\n properties:\n displayName: my-folder\n parent: organizations/123456789\n deletionProtection: false\n myProject:\n type: gcp:organizations:Project\n name: my_project\n properties:\n name: My Project\n projectId: your-project-id\n folderId: ${myFolder.name}\n deletionPolicy: DELETE\n keyRing:\n type: gcp:kms:KeyRing\n name: key_ring\n properties:\n name: key-ring\n location: global\n project: ${myProject.projectId}\n cryptoKey:\n type: gcp:kms:CryptoKey\n name: crypto_key\n properties:\n name: crypto-key\n keyRing: ${keyRing.id}\n purpose: ASYMMETRIC_SIGN\n versionTemplate:\n algorithm: EC_SIGN_P384_SHA384\n iam:\n type: gcp:kms:CryptoKeyIAMMember\n properties:\n cryptoKeyId: ${cryptoKey.id}\n role: roles/cloudkms.signerVerifier\n member: serviceAccount:${serviceAccount.accountEmail}\n folderAccessApproval:\n type: gcp:folder:AccessApprovalSettings\n name: folder_access_approval\n properties:\n folderId: ${myFolder.folderId}\n activeKeyVersion: ${cryptoKeyVersion.name}\n enrolledServices:\n - cloudProduct: all\n options:\n dependsOn:\n - ${iam}\nvariables:\n serviceAccount:\n fn::invoke:\n function: gcp:accessapproval:getFolderServiceAccount\n arguments:\n folderId: ${myFolder.folderId}\n cryptoKeyVersion:\n fn::invoke:\n function: gcp:kms:getKMSCryptoKeyVersion\n arguments:\n cryptoKey: ${cryptoKey.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFolderSettings can be imported using any of these accepted formats:\n\n* `folders/{{folder_id}}/accessApprovalSettings`\n\n* `{{folder_id}}`\n\nWhen using the `pulumi import` command, FolderSettings can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:folder/accessApprovalSettings:AccessApprovalSettings default folders/{{folder_id}}/accessApprovalSettings\n```\n\n```sh\n$ pulumi import gcp:folder/accessApprovalSettings:AccessApprovalSettings default {{folder_id}}\n```\n\n", "properties": { "activeKeyVersion": { "type": "string", @@ -215362,7 +215362,7 @@ } }, "gcp:folder/iAMMember:IAMMember": { - "description": "Four different resources help you manage your IAM policy for a folder. Each of these resources serves a different use case:\n\n* `gcp.folder.IAMPolicy`: Authoritative. Sets the IAM policy for the folder and replaces any existing policy already attached.\n* `gcp.folder.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the folder are preserved.\n* `gcp.folder.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the folder are preserved.\n* `gcp.folder.IamAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\n\u003e **Note:** `gcp.folder.IAMPolicy` **cannot** be used in conjunction with `gcp.folder.IAMBinding`, `gcp.folder.IAMMember`, or `gcp.folder.IamAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.folder.IAMBinding` resources **can be** used in conjunction with `gcp.folder.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** The underlying API method `projects.setIamPolicy` has constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints, \n IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning a 400 error code so please review these if you encounter errors with this resource.\n\n## gcp.folder.IAMPolicy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your folder\n using this resource. Deleting a `gcp.folder.IAMPolicy` removes access\n from anyone without permissions on its parent folder/organization. Proceed with caution.\n It's not recommended to use `gcp.folder.IAMPolicy` with your provider folder\n to avoid locking yourself out, and it should generally only be used with folders\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst folder = new gcp.folder.IAMPolicy(\"folder\", {\n folder: \"folders/1234567\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nfolder = gcp.folder.IAMPolicy(\"folder\",\n folder=\"folders/1234567\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var folder = new Gcp.Folder.IAMPolicy(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = folder.NewIAMPolicy(ctx, \"folder\", \u0026folder.IAMPolicyArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.folder.IAMPolicy;\nimport com.pulumi.gcp.folder.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var folder = new IAMPolicy(\"folder\", IAMPolicyArgs.builder()\n .folder(\"folders/1234567\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMPolicy\n properties:\n folder: folders/1234567\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst folder = new gcp.folder.IAMPolicy(\"folder\", {\n folder: \"folders/1234567\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\nfolder = gcp.folder.IAMPolicy(\"folder\",\n folder=\"folders/1234567\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var folder = new Gcp.Folder.IAMPolicy(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = folder.NewIAMPolicy(ctx, \"folder\", \u0026folder.IAMPolicyArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.folder.IAMPolicy;\nimport com.pulumi.gcp.folder.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var folder = new IAMPolicy(\"folder\", IAMPolicyArgs.builder()\n .folder(\"folders/1234567\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMPolicy\n properties:\n folder: folders/1234567\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Folder.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026folder.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport com.pulumi.gcp.folder.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Folder.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026folder.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport com.pulumi.gcp.folder.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IamAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IamAuditConfig(\"folder\", {\n folder: \"folders/1234567\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IamAuditConfig(\"folder\",\n folder=\"folders/1234567\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IamAuditConfig(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIamAuditConfig(ctx, \"folder\", \u0026folder.IamAuditConfigArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: folder.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IamAuditConfig;\nimport com.pulumi.gcp.folder.IamAuditConfigArgs;\nimport com.pulumi.gcp.folder.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IamAuditConfig(\"folder\", IamAuditConfigArgs.builder()\n .folder(\"folders/1234567\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IamAuditConfig\n properties:\n folder: folders/1234567\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Folder.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026folder.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport com.pulumi.gcp.folder.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Folder.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026folder.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport com.pulumi.gcp.folder.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IamAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IamAuditConfig(\"folder\", {\n folder: \"folders/1234567\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IamAuditConfig(\"folder\",\n folder=\"folders/1234567\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IamAuditConfig(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIamAuditConfig(ctx, \"folder\", \u0026folder.IamAuditConfigArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: folder.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IamAuditConfig;\nimport com.pulumi.gcp.folder.IamAuditConfigArgs;\nimport com.pulumi.gcp.folder.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IamAuditConfig(\"folder\", IamAuditConfigArgs.builder()\n .folder(\"folders/1234567\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IamAuditConfig\n properties:\n folder: folders/1234567\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_folder_iam_audit_config` resource using the resource's `folder_id` and the `service`, e.g:\n\n* `\"folder/{{folder_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"folder/{{folder_id}} foo.googleapis.com\"\n\n to = google_folder_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:folder/iAMMember:IAMMember default \"folder/{{folder_id}} foo.googleapis.com\"\n```\n\n", + "description": "Four different resources help you manage your IAM policy for a folder. Each of these resources serves a different use case:\n\n* `gcp.folder.IAMPolicy`: Authoritative. Sets the IAM policy for the folder and replaces any existing policy already attached.\n* `gcp.folder.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the folder are preserved.\n* `gcp.folder.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the folder are preserved.\n* `gcp.folder.IamAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\n\u003e **Note:** `gcp.folder.IAMPolicy` **cannot** be used in conjunction with `gcp.folder.IAMBinding`, `gcp.folder.IAMMember`, or `gcp.folder.IamAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.folder.IAMBinding` resources **can be** used in conjunction with `gcp.folder.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** The underlying API method `projects.setIamPolicy` has constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints, \n IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning a 400 error code so please review these if you encounter errors with this resource.\n\n## gcp.folder.IAMPolicy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your folder\n using this resource. Deleting a `gcp.folder.IAMPolicy` removes access\n from anyone without permissions on its parent folder/organization. Proceed with caution.\n It's not recommended to use `gcp.folder.IAMPolicy` with your provider folder\n to avoid locking yourself out, and it should generally only be used with folders\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst folder = new gcp.folder.IAMPolicy(\"folder\", {\n folder: \"folders/1234567\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nfolder = gcp.folder.IAMPolicy(\"folder\",\n folder=\"folders/1234567\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var folder = new Gcp.Folder.IAMPolicy(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = folder.NewIAMPolicy(ctx, \"folder\", \u0026folder.IAMPolicyArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.folder.IAMPolicy;\nimport com.pulumi.gcp.folder.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var folder = new IAMPolicy(\"folder\", IAMPolicyArgs.builder()\n .folder(\"folders/1234567\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMPolicy\n properties:\n folder: folders/1234567\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst folder = new gcp.folder.IAMPolicy(\"folder\", {\n folder: \"folders/1234567\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\nfolder = gcp.folder.IAMPolicy(\"folder\",\n folder=\"folders/1234567\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var folder = new Gcp.Folder.IAMPolicy(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = folder.NewIAMPolicy(ctx, \"folder\", \u0026folder.IAMPolicyArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.folder.IAMPolicy;\nimport com.pulumi.gcp.folder.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var folder = new IAMPolicy(\"folder\", IAMPolicyArgs.builder()\n .folder(\"folders/1234567\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMPolicy\n properties:\n folder: folders/1234567\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Folder.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026folder.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport com.pulumi.gcp.folder.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Folder.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026folder.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport com.pulumi.gcp.folder.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IamAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IamAuditConfig(\"folder\", {\n folder: \"folders/1234567\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IamAuditConfig(\"folder\",\n folder=\"folders/1234567\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IamAuditConfig(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIamAuditConfig(ctx, \"folder\", \u0026folder.IamAuditConfigArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: folder.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IamAuditConfig;\nimport com.pulumi.gcp.folder.IamAuditConfigArgs;\nimport com.pulumi.gcp.folder.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IamAuditConfig(\"folder\", IamAuditConfigArgs.builder()\n .folder(\"folders/1234567\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IamAuditConfig\n properties:\n folder: folders/1234567\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Folder.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026folder.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport com.pulumi.gcp.folder.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Folder.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026folder.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport com.pulumi.gcp.folder.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IamAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IamAuditConfig(\"folder\", {\n folder: \"folders/1234567\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IamAuditConfig(\"folder\",\n folder=\"folders/1234567\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IamAuditConfig(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIamAuditConfig(ctx, \"folder\", \u0026folder.IamAuditConfigArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: folder.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IamAuditConfig;\nimport com.pulumi.gcp.folder.IamAuditConfigArgs;\nimport com.pulumi.gcp.folder.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IamAuditConfig(\"folder\", IamAuditConfigArgs.builder()\n .folder(\"folders/1234567\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IamAuditConfig\n properties:\n folder: folders/1234567\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_folder_iam_audit_config` resource using the resource's `folder_id` and the `service`, e.g:\n\n* `\"folder/{{folder_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"folder/{{folder_id}} foo.googleapis.com\"\n\n to = google_folder_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:folder/iAMMember:IAMMember default \"folder/{{folder_id}} foo.googleapis.com\"\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:folder/IAMMemberCondition:IAMMemberCondition", @@ -215450,7 +215450,7 @@ } }, "gcp:folder/iAMPolicy:IAMPolicy": { - "description": "Four different resources help you manage your IAM policy for a folder. Each of these resources serves a different use case:\n\n* `gcp.folder.IAMPolicy`: Authoritative. Sets the IAM policy for the folder and replaces any existing policy already attached.\n* `gcp.folder.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the folder are preserved.\n* `gcp.folder.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the folder are preserved.\n* `gcp.folder.IamAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\n\u003e **Note:** `gcp.folder.IAMPolicy` **cannot** be used in conjunction with `gcp.folder.IAMBinding`, `gcp.folder.IAMMember`, or `gcp.folder.IamAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.folder.IAMBinding` resources **can be** used in conjunction with `gcp.folder.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** The underlying API method `projects.setIamPolicy` has constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints, \n IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning a 400 error code so please review these if you encounter errors with this resource.\n\n## gcp.folder.IAMPolicy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your folder\n using this resource. Deleting a `gcp.folder.IAMPolicy` removes access\n from anyone without permissions on its parent folder/organization. Proceed with caution.\n It's not recommended to use `gcp.folder.IAMPolicy` with your provider folder\n to avoid locking yourself out, and it should generally only be used with folders\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst folder = new gcp.folder.IAMPolicy(\"folder\", {\n folder: \"folders/1234567\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nfolder = gcp.folder.IAMPolicy(\"folder\",\n folder=\"folders/1234567\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var folder = new Gcp.Folder.IAMPolicy(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = folder.NewIAMPolicy(ctx, \"folder\", \u0026folder.IAMPolicyArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.folder.IAMPolicy;\nimport com.pulumi.gcp.folder.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var folder = new IAMPolicy(\"folder\", IAMPolicyArgs.builder()\n .folder(\"folders/1234567\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMPolicy\n properties:\n folder: folders/1234567\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst folder = new gcp.folder.IAMPolicy(\"folder\", {\n folder: \"folders/1234567\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\nfolder = gcp.folder.IAMPolicy(\"folder\",\n folder=\"folders/1234567\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var folder = new Gcp.Folder.IAMPolicy(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = folder.NewIAMPolicy(ctx, \"folder\", \u0026folder.IAMPolicyArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.folder.IAMPolicy;\nimport com.pulumi.gcp.folder.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var folder = new IAMPolicy(\"folder\", IAMPolicyArgs.builder()\n .folder(\"folders/1234567\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMPolicy\n properties:\n folder: folders/1234567\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Folder.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026folder.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport com.pulumi.gcp.folder.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Folder.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026folder.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport com.pulumi.gcp.folder.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IamAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IamAuditConfig(\"folder\", {\n folder: \"folders/1234567\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IamAuditConfig(\"folder\",\n folder=\"folders/1234567\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IamAuditConfig(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIamAuditConfig(ctx, \"folder\", \u0026folder.IamAuditConfigArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: folder.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IamAuditConfig;\nimport com.pulumi.gcp.folder.IamAuditConfigArgs;\nimport com.pulumi.gcp.folder.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IamAuditConfig(\"folder\", IamAuditConfigArgs.builder()\n .folder(\"folders/1234567\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IamAuditConfig\n properties:\n folder: folders/1234567\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Folder.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026folder.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport com.pulumi.gcp.folder.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Folder.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026folder.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport com.pulumi.gcp.folder.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IamAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IamAuditConfig(\"folder\", {\n folder: \"folders/1234567\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IamAuditConfig(\"folder\",\n folder=\"folders/1234567\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IamAuditConfig(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIamAuditConfig(ctx, \"folder\", \u0026folder.IamAuditConfigArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: folder.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IamAuditConfig;\nimport com.pulumi.gcp.folder.IamAuditConfigArgs;\nimport com.pulumi.gcp.folder.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IamAuditConfig(\"folder\", IamAuditConfigArgs.builder()\n .folder(\"folders/1234567\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IamAuditConfig\n properties:\n folder: folders/1234567\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_folder_iam_audit_config` resource using the resource's `folder_id` and the `service`, e.g:\n\n* `\"folder/{{folder_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"folder/{{folder_id}} foo.googleapis.com\"\n\n to = google_folder_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:folder/iAMPolicy:IAMPolicy default \"folder/{{folder_id}} foo.googleapis.com\"\n```\n\n", + "description": "Four different resources help you manage your IAM policy for a folder. Each of these resources serves a different use case:\n\n* `gcp.folder.IAMPolicy`: Authoritative. Sets the IAM policy for the folder and replaces any existing policy already attached.\n* `gcp.folder.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the folder are preserved.\n* `gcp.folder.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the folder are preserved.\n* `gcp.folder.IamAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\n\u003e **Note:** `gcp.folder.IAMPolicy` **cannot** be used in conjunction with `gcp.folder.IAMBinding`, `gcp.folder.IAMMember`, or `gcp.folder.IamAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.folder.IAMBinding` resources **can be** used in conjunction with `gcp.folder.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** The underlying API method `projects.setIamPolicy` has constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints, \n IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning a 400 error code so please review these if you encounter errors with this resource.\n\n## gcp.folder.IAMPolicy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your folder\n using this resource. Deleting a `gcp.folder.IAMPolicy` removes access\n from anyone without permissions on its parent folder/organization. Proceed with caution.\n It's not recommended to use `gcp.folder.IAMPolicy` with your provider folder\n to avoid locking yourself out, and it should generally only be used with folders\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst folder = new gcp.folder.IAMPolicy(\"folder\", {\n folder: \"folders/1234567\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nfolder = gcp.folder.IAMPolicy(\"folder\",\n folder=\"folders/1234567\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var folder = new Gcp.Folder.IAMPolicy(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = folder.NewIAMPolicy(ctx, \"folder\", \u0026folder.IAMPolicyArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.folder.IAMPolicy;\nimport com.pulumi.gcp.folder.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var folder = new IAMPolicy(\"folder\", IAMPolicyArgs.builder()\n .folder(\"folders/1234567\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMPolicy\n properties:\n folder: folders/1234567\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst folder = new gcp.folder.IAMPolicy(\"folder\", {\n folder: \"folders/1234567\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\nfolder = gcp.folder.IAMPolicy(\"folder\",\n folder=\"folders/1234567\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var folder = new Gcp.Folder.IAMPolicy(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = folder.NewIAMPolicy(ctx, \"folder\", \u0026folder.IAMPolicyArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.folder.IAMPolicy;\nimport com.pulumi.gcp.folder.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var folder = new IAMPolicy(\"folder\", IAMPolicyArgs.builder()\n .folder(\"folders/1234567\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMPolicy\n properties:\n folder: folders/1234567\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Folder.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026folder.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport com.pulumi.gcp.folder.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Folder.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026folder.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport com.pulumi.gcp.folder.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IamAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IamAuditConfig(\"folder\", {\n folder: \"folders/1234567\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IamAuditConfig(\"folder\",\n folder=\"folders/1234567\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IamAuditConfig(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIamAuditConfig(ctx, \"folder\", \u0026folder.IamAuditConfigArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: folder.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IamAuditConfig;\nimport com.pulumi.gcp.folder.IamAuditConfigArgs;\nimport com.pulumi.gcp.folder.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IamAuditConfig(\"folder\", IamAuditConfigArgs.builder()\n .folder(\"folders/1234567\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IamAuditConfig\n properties:\n folder: folders/1234567\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Folder.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026folder.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport com.pulumi.gcp.folder.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Folder.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026folder.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport com.pulumi.gcp.folder.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IamAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IamAuditConfig(\"folder\", {\n folder: \"folders/1234567\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IamAuditConfig(\"folder\",\n folder=\"folders/1234567\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IamAuditConfig(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIamAuditConfig(ctx, \"folder\", \u0026folder.IamAuditConfigArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: folder.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IamAuditConfig;\nimport com.pulumi.gcp.folder.IamAuditConfigArgs;\nimport com.pulumi.gcp.folder.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IamAuditConfig(\"folder\", IamAuditConfigArgs.builder()\n .folder(\"folders/1234567\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IamAuditConfig\n properties:\n folder: folders/1234567\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_folder_iam_audit_config` resource using the resource's `folder_id` and the `service`, e.g:\n\n* `\"folder/{{folder_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"folder/{{folder_id}} foo.googleapis.com\"\n\n to = google_folder_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:folder/iAMPolicy:IAMPolicy default \"folder/{{folder_id}} foo.googleapis.com\"\n```\n\n", "properties": { "etag": { "type": "string", @@ -215506,7 +215506,7 @@ } }, "gcp:folder/iamAuditConfig:IamAuditConfig": { - "description": "Four different resources help you manage your IAM policy for a folder. Each of these resources serves a different use case:\n\n* `gcp.folder.IAMPolicy`: Authoritative. Sets the IAM policy for the folder and replaces any existing policy already attached.\n* `gcp.folder.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the folder are preserved.\n* `gcp.folder.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the folder are preserved.\n* `gcp.folder.IamAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\n\u003e **Note:** `gcp.folder.IAMPolicy` **cannot** be used in conjunction with `gcp.folder.IAMBinding`, `gcp.folder.IAMMember`, or `gcp.folder.IamAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.folder.IAMBinding` resources **can be** used in conjunction with `gcp.folder.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** The underlying API method `projects.setIamPolicy` has constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints, \n IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning a 400 error code so please review these if you encounter errors with this resource.\n\n## gcp.folder.IAMPolicy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your folder\n using this resource. Deleting a `gcp.folder.IAMPolicy` removes access\n from anyone without permissions on its parent folder/organization. Proceed with caution.\n It's not recommended to use `gcp.folder.IAMPolicy` with your provider folder\n to avoid locking yourself out, and it should generally only be used with folders\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst folder = new gcp.folder.IAMPolicy(\"folder\", {\n folder: \"folders/1234567\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nfolder = gcp.folder.IAMPolicy(\"folder\",\n folder=\"folders/1234567\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var folder = new Gcp.Folder.IAMPolicy(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = folder.NewIAMPolicy(ctx, \"folder\", \u0026folder.IAMPolicyArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.folder.IAMPolicy;\nimport com.pulumi.gcp.folder.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var folder = new IAMPolicy(\"folder\", IAMPolicyArgs.builder()\n .folder(\"folders/1234567\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMPolicy\n properties:\n folder: folders/1234567\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst folder = new gcp.folder.IAMPolicy(\"folder\", {\n folder: \"folders/1234567\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\nfolder = gcp.folder.IAMPolicy(\"folder\",\n folder=\"folders/1234567\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var folder = new Gcp.Folder.IAMPolicy(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = folder.NewIAMPolicy(ctx, \"folder\", \u0026folder.IAMPolicyArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.folder.IAMPolicy;\nimport com.pulumi.gcp.folder.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var folder = new IAMPolicy(\"folder\", IAMPolicyArgs.builder()\n .folder(\"folders/1234567\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMPolicy\n properties:\n folder: folders/1234567\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Folder.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026folder.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport com.pulumi.gcp.folder.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Folder.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026folder.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport com.pulumi.gcp.folder.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IamAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IamAuditConfig(\"folder\", {\n folder: \"folders/1234567\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IamAuditConfig(\"folder\",\n folder=\"folders/1234567\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IamAuditConfig(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIamAuditConfig(ctx, \"folder\", \u0026folder.IamAuditConfigArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: folder.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IamAuditConfig;\nimport com.pulumi.gcp.folder.IamAuditConfigArgs;\nimport com.pulumi.gcp.folder.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IamAuditConfig(\"folder\", IamAuditConfigArgs.builder()\n .folder(\"folders/1234567\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IamAuditConfig\n properties:\n folder: folders/1234567\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Folder.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026folder.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport com.pulumi.gcp.folder.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Folder.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026folder.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport com.pulumi.gcp.folder.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IamAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IamAuditConfig(\"folder\", {\n folder: \"folders/1234567\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IamAuditConfig(\"folder\",\n folder=\"folders/1234567\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IamAuditConfig(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIamAuditConfig(ctx, \"folder\", \u0026folder.IamAuditConfigArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: folder.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IamAuditConfig;\nimport com.pulumi.gcp.folder.IamAuditConfigArgs;\nimport com.pulumi.gcp.folder.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IamAuditConfig(\"folder\", IamAuditConfigArgs.builder()\n .folder(\"folders/1234567\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IamAuditConfig\n properties:\n folder: folders/1234567\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_folder_iam_audit_config` resource using the resource's `folder_id` and the `service`, e.g:\n\n* `\"folder/{{folder_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"folder/{{folder_id}} foo.googleapis.com\"\n\n to = google_folder_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:folder/iamAuditConfig:IamAuditConfig default \"folder/{{folder_id}} foo.googleapis.com\"\n```\n\n", + "description": "Four different resources help you manage your IAM policy for a folder. Each of these resources serves a different use case:\n\n* `gcp.folder.IAMPolicy`: Authoritative. Sets the IAM policy for the folder and replaces any existing policy already attached.\n* `gcp.folder.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the folder are preserved.\n* `gcp.folder.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the folder are preserved.\n* `gcp.folder.IamAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\n\u003e **Note:** `gcp.folder.IAMPolicy` **cannot** be used in conjunction with `gcp.folder.IAMBinding`, `gcp.folder.IAMMember`, or `gcp.folder.IamAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.folder.IAMBinding` resources **can be** used in conjunction with `gcp.folder.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** The underlying API method `projects.setIamPolicy` has constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints, \n IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning a 400 error code so please review these if you encounter errors with this resource.\n\n## gcp.folder.IAMPolicy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your folder\n using this resource. Deleting a `gcp.folder.IAMPolicy` removes access\n from anyone without permissions on its parent folder/organization. Proceed with caution.\n It's not recommended to use `gcp.folder.IAMPolicy` with your provider folder\n to avoid locking yourself out, and it should generally only be used with folders\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst folder = new gcp.folder.IAMPolicy(\"folder\", {\n folder: \"folders/1234567\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nfolder = gcp.folder.IAMPolicy(\"folder\",\n folder=\"folders/1234567\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var folder = new Gcp.Folder.IAMPolicy(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = folder.NewIAMPolicy(ctx, \"folder\", \u0026folder.IAMPolicyArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.folder.IAMPolicy;\nimport com.pulumi.gcp.folder.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var folder = new IAMPolicy(\"folder\", IAMPolicyArgs.builder()\n .folder(\"folders/1234567\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMPolicy\n properties:\n folder: folders/1234567\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst folder = new gcp.folder.IAMPolicy(\"folder\", {\n folder: \"folders/1234567\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\nfolder = gcp.folder.IAMPolicy(\"folder\",\n folder=\"folders/1234567\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var folder = new Gcp.Folder.IAMPolicy(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = folder.NewIAMPolicy(ctx, \"folder\", \u0026folder.IAMPolicyArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.folder.IAMPolicy;\nimport com.pulumi.gcp.folder.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var folder = new IAMPolicy(\"folder\", IAMPolicyArgs.builder()\n .folder(\"folders/1234567\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMPolicy\n properties:\n folder: folders/1234567\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Folder.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026folder.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport com.pulumi.gcp.folder.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Folder.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026folder.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport com.pulumi.gcp.folder.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IamAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IamAuditConfig(\"folder\", {\n folder: \"folders/1234567\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IamAuditConfig(\"folder\",\n folder=\"folders/1234567\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IamAuditConfig(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIamAuditConfig(ctx, \"folder\", \u0026folder.IamAuditConfigArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: folder.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IamAuditConfig;\nimport com.pulumi.gcp.folder.IamAuditConfigArgs;\nimport com.pulumi.gcp.folder.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IamAuditConfig(\"folder\", IamAuditConfigArgs.builder()\n .folder(\"folders/1234567\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IamAuditConfig\n properties:\n folder: folders/1234567\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Folder.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026folder.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport com.pulumi.gcp.folder.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Folder.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026folder.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport com.pulumi.gcp.folder.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder()\n .folder(\"folders/1234567\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.folder.IamAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IamAuditConfig(\"folder\", {\n folder: \"folders/1234567\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IamAuditConfig(\"folder\",\n folder=\"folders/1234567\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IamAuditConfig(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIamAuditConfig(ctx, \"folder\", \u0026folder.IamAuditConfigArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: folder.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IamAuditConfig;\nimport com.pulumi.gcp.folder.IamAuditConfigArgs;\nimport com.pulumi.gcp.folder.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IamAuditConfig(\"folder\", IamAuditConfigArgs.builder()\n .folder(\"folders/1234567\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IamAuditConfig\n properties:\n folder: folders/1234567\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_folder_iam_audit_config` resource using the resource's `folder_id` and the `service`, e.g:\n\n* `\"folder/{{folder_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"folder/{{folder_id}} foo.googleapis.com\"\n\n to = google_folder_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:folder/iamAuditConfig:IamAuditConfig default \"folder/{{folder_id}} foo.googleapis.com\"\n```\n\n", "properties": { "auditLogConfigs": { "type": "array", @@ -215941,7 +215941,7 @@ } }, "gcp:gkebackup/backupPlanIamBinding:BackupPlanIamBinding": { - "description": "Three different resources help you manage your IAM policy for Backup for GKE BackupPlan. Each of these resources serves a different use case:\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Authoritative. Sets the IAM policy for the backupplan and replaces any existing policy already attached.\n* `gcp.gkebackup.BackupPlanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the backupplan are preserved.\n* `gcp.gkebackup.BackupPlanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the backupplan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Retrieves the IAM policy for the backupplan\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamPolicy` **cannot** be used in conjunction with `gcp.gkebackup.BackupPlanIamBinding` and `gcp.gkebackup.BackupPlanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamBinding` resources **can be** used in conjunction with `gcp.gkebackup.BackupPlanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkebackup.BackupPlanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkebackup.BackupPlanIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkebackup.BackupPlanIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeBackup.BackupPlanIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewBackupPlanIamPolicy(ctx, \"policy\", \u0026gkebackup.BackupPlanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicy;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BackupPlanIamPolicy(\"policy\", BackupPlanIamPolicyArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkebackup:BackupPlanIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.BackupPlanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkebackup.BackupPlanIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkebackup.BackupPlanIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeBackup.BackupPlanIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamBinding(ctx, \"binding\", \u0026gkebackup.BackupPlanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBinding;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BackupPlanIamBinding(\"binding\", BackupPlanIamBindingArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkebackup:BackupPlanIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.BackupPlanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkebackup.BackupPlanIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkebackup.BackupPlanIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeBackup.BackupPlanIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamMember(ctx, \"member\", \u0026gkebackup.BackupPlanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMember;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BackupPlanIamMember(\"member\", BackupPlanIamMemberArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkebackup:BackupPlanIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Backup for GKE BackupPlan\nThree different resources help you manage your IAM policy for Backup for GKE BackupPlan. Each of these resources serves a different use case:\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Authoritative. Sets the IAM policy for the backupplan and replaces any existing policy already attached.\n* `gcp.gkebackup.BackupPlanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the backupplan are preserved.\n* `gcp.gkebackup.BackupPlanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the backupplan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Retrieves the IAM policy for the backupplan\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamPolicy` **cannot** be used in conjunction with `gcp.gkebackup.BackupPlanIamBinding` and `gcp.gkebackup.BackupPlanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamBinding` resources **can be** used in conjunction with `gcp.gkebackup.BackupPlanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkebackup.BackupPlanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkebackup.BackupPlanIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkebackup.BackupPlanIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeBackup.BackupPlanIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewBackupPlanIamPolicy(ctx, \"policy\", \u0026gkebackup.BackupPlanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicy;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BackupPlanIamPolicy(\"policy\", BackupPlanIamPolicyArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkebackup:BackupPlanIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.BackupPlanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkebackup.BackupPlanIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkebackup.BackupPlanIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeBackup.BackupPlanIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamBinding(ctx, \"binding\", \u0026gkebackup.BackupPlanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBinding;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BackupPlanIamBinding(\"binding\", BackupPlanIamBindingArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkebackup:BackupPlanIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.BackupPlanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkebackup.BackupPlanIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkebackup.BackupPlanIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeBackup.BackupPlanIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamMember(ctx, \"member\", \u0026gkebackup.BackupPlanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMember;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BackupPlanIamMember(\"member\", BackupPlanIamMemberArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkebackup:BackupPlanIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/backupPlans/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBackup for GKE backupplan IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamBinding:BackupPlanIamBinding editor \"projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamBinding:BackupPlanIamBinding editor \"projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamBinding:BackupPlanIamBinding editor projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Backup for GKE BackupPlan. Each of these resources serves a different use case:\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Authoritative. Sets the IAM policy for the backupplan and replaces any existing policy already attached.\n* `gcp.gkebackup.BackupPlanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the backupplan are preserved.\n* `gcp.gkebackup.BackupPlanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the backupplan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Retrieves the IAM policy for the backupplan\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamPolicy` **cannot** be used in conjunction with `gcp.gkebackup.BackupPlanIamBinding` and `gcp.gkebackup.BackupPlanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamBinding` resources **can be** used in conjunction with `gcp.gkebackup.BackupPlanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkebackup.BackupPlanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkebackup.BackupPlanIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkebackup.BackupPlanIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeBackup.BackupPlanIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewBackupPlanIamPolicy(ctx, \"policy\", \u0026gkebackup.BackupPlanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicy;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BackupPlanIamPolicy(\"policy\", BackupPlanIamPolicyArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkebackup:BackupPlanIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.BackupPlanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkebackup.BackupPlanIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkebackup.BackupPlanIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeBackup.BackupPlanIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamBinding(ctx, \"binding\", \u0026gkebackup.BackupPlanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBinding;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BackupPlanIamBinding(\"binding\", BackupPlanIamBindingArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkebackup:BackupPlanIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.BackupPlanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkebackup.BackupPlanIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkebackup.BackupPlanIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeBackup.BackupPlanIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamMember(ctx, \"member\", \u0026gkebackup.BackupPlanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMember;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BackupPlanIamMember(\"member\", BackupPlanIamMemberArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkebackup:BackupPlanIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Backup for GKE BackupPlan\nThree different resources help you manage your IAM policy for Backup for GKE BackupPlan. Each of these resources serves a different use case:\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Authoritative. Sets the IAM policy for the backupplan and replaces any existing policy already attached.\n* `gcp.gkebackup.BackupPlanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the backupplan are preserved.\n* `gcp.gkebackup.BackupPlanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the backupplan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Retrieves the IAM policy for the backupplan\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamPolicy` **cannot** be used in conjunction with `gcp.gkebackup.BackupPlanIamBinding` and `gcp.gkebackup.BackupPlanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamBinding` resources **can be** used in conjunction with `gcp.gkebackup.BackupPlanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkebackup.BackupPlanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkebackup.BackupPlanIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkebackup.BackupPlanIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeBackup.BackupPlanIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewBackupPlanIamPolicy(ctx, \"policy\", \u0026gkebackup.BackupPlanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicy;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BackupPlanIamPolicy(\"policy\", BackupPlanIamPolicyArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkebackup:BackupPlanIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.BackupPlanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkebackup.BackupPlanIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkebackup.BackupPlanIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeBackup.BackupPlanIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamBinding(ctx, \"binding\", \u0026gkebackup.BackupPlanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBinding;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BackupPlanIamBinding(\"binding\", BackupPlanIamBindingArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkebackup:BackupPlanIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.BackupPlanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkebackup.BackupPlanIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkebackup.BackupPlanIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeBackup.BackupPlanIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamMember(ctx, \"member\", \u0026gkebackup.BackupPlanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMember;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BackupPlanIamMember(\"member\", BackupPlanIamMemberArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkebackup:BackupPlanIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/backupPlans/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBackup for GKE backupplan IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamBinding:BackupPlanIamBinding editor \"projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamBinding:BackupPlanIamBinding editor \"projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamBinding:BackupPlanIamBinding editor projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:gkebackup/BackupPlanIamBindingCondition:BackupPlanIamBindingCondition" @@ -216062,7 +216062,7 @@ } }, "gcp:gkebackup/backupPlanIamMember:BackupPlanIamMember": { - "description": "Three different resources help you manage your IAM policy for Backup for GKE BackupPlan. Each of these resources serves a different use case:\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Authoritative. Sets the IAM policy for the backupplan and replaces any existing policy already attached.\n* `gcp.gkebackup.BackupPlanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the backupplan are preserved.\n* `gcp.gkebackup.BackupPlanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the backupplan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Retrieves the IAM policy for the backupplan\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamPolicy` **cannot** be used in conjunction with `gcp.gkebackup.BackupPlanIamBinding` and `gcp.gkebackup.BackupPlanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamBinding` resources **can be** used in conjunction with `gcp.gkebackup.BackupPlanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkebackup.BackupPlanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkebackup.BackupPlanIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkebackup.BackupPlanIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeBackup.BackupPlanIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewBackupPlanIamPolicy(ctx, \"policy\", \u0026gkebackup.BackupPlanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicy;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BackupPlanIamPolicy(\"policy\", BackupPlanIamPolicyArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkebackup:BackupPlanIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.BackupPlanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkebackup.BackupPlanIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkebackup.BackupPlanIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeBackup.BackupPlanIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamBinding(ctx, \"binding\", \u0026gkebackup.BackupPlanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBinding;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BackupPlanIamBinding(\"binding\", BackupPlanIamBindingArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkebackup:BackupPlanIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.BackupPlanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkebackup.BackupPlanIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkebackup.BackupPlanIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeBackup.BackupPlanIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamMember(ctx, \"member\", \u0026gkebackup.BackupPlanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMember;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BackupPlanIamMember(\"member\", BackupPlanIamMemberArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkebackup:BackupPlanIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Backup for GKE BackupPlan\nThree different resources help you manage your IAM policy for Backup for GKE BackupPlan. Each of these resources serves a different use case:\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Authoritative. Sets the IAM policy for the backupplan and replaces any existing policy already attached.\n* `gcp.gkebackup.BackupPlanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the backupplan are preserved.\n* `gcp.gkebackup.BackupPlanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the backupplan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Retrieves the IAM policy for the backupplan\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamPolicy` **cannot** be used in conjunction with `gcp.gkebackup.BackupPlanIamBinding` and `gcp.gkebackup.BackupPlanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamBinding` resources **can be** used in conjunction with `gcp.gkebackup.BackupPlanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkebackup.BackupPlanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkebackup.BackupPlanIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkebackup.BackupPlanIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeBackup.BackupPlanIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewBackupPlanIamPolicy(ctx, \"policy\", \u0026gkebackup.BackupPlanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicy;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BackupPlanIamPolicy(\"policy\", BackupPlanIamPolicyArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkebackup:BackupPlanIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.BackupPlanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkebackup.BackupPlanIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkebackup.BackupPlanIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeBackup.BackupPlanIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamBinding(ctx, \"binding\", \u0026gkebackup.BackupPlanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBinding;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BackupPlanIamBinding(\"binding\", BackupPlanIamBindingArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkebackup:BackupPlanIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.BackupPlanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkebackup.BackupPlanIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkebackup.BackupPlanIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeBackup.BackupPlanIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamMember(ctx, \"member\", \u0026gkebackup.BackupPlanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMember;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BackupPlanIamMember(\"member\", BackupPlanIamMemberArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkebackup:BackupPlanIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/backupPlans/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBackup for GKE backupplan IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamMember:BackupPlanIamMember editor \"projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamMember:BackupPlanIamMember editor \"projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamMember:BackupPlanIamMember editor projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Backup for GKE BackupPlan. Each of these resources serves a different use case:\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Authoritative. Sets the IAM policy for the backupplan and replaces any existing policy already attached.\n* `gcp.gkebackup.BackupPlanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the backupplan are preserved.\n* `gcp.gkebackup.BackupPlanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the backupplan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Retrieves the IAM policy for the backupplan\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamPolicy` **cannot** be used in conjunction with `gcp.gkebackup.BackupPlanIamBinding` and `gcp.gkebackup.BackupPlanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamBinding` resources **can be** used in conjunction with `gcp.gkebackup.BackupPlanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkebackup.BackupPlanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkebackup.BackupPlanIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkebackup.BackupPlanIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeBackup.BackupPlanIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewBackupPlanIamPolicy(ctx, \"policy\", \u0026gkebackup.BackupPlanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicy;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BackupPlanIamPolicy(\"policy\", BackupPlanIamPolicyArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkebackup:BackupPlanIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.BackupPlanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkebackup.BackupPlanIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkebackup.BackupPlanIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeBackup.BackupPlanIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamBinding(ctx, \"binding\", \u0026gkebackup.BackupPlanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBinding;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BackupPlanIamBinding(\"binding\", BackupPlanIamBindingArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkebackup:BackupPlanIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.BackupPlanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkebackup.BackupPlanIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkebackup.BackupPlanIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeBackup.BackupPlanIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamMember(ctx, \"member\", \u0026gkebackup.BackupPlanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMember;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BackupPlanIamMember(\"member\", BackupPlanIamMemberArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkebackup:BackupPlanIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Backup for GKE BackupPlan\nThree different resources help you manage your IAM policy for Backup for GKE BackupPlan. Each of these resources serves a different use case:\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Authoritative. Sets the IAM policy for the backupplan and replaces any existing policy already attached.\n* `gcp.gkebackup.BackupPlanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the backupplan are preserved.\n* `gcp.gkebackup.BackupPlanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the backupplan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Retrieves the IAM policy for the backupplan\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamPolicy` **cannot** be used in conjunction with `gcp.gkebackup.BackupPlanIamBinding` and `gcp.gkebackup.BackupPlanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamBinding` resources **can be** used in conjunction with `gcp.gkebackup.BackupPlanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkebackup.BackupPlanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkebackup.BackupPlanIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkebackup.BackupPlanIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeBackup.BackupPlanIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewBackupPlanIamPolicy(ctx, \"policy\", \u0026gkebackup.BackupPlanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicy;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BackupPlanIamPolicy(\"policy\", BackupPlanIamPolicyArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkebackup:BackupPlanIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.BackupPlanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkebackup.BackupPlanIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkebackup.BackupPlanIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeBackup.BackupPlanIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamBinding(ctx, \"binding\", \u0026gkebackup.BackupPlanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBinding;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BackupPlanIamBinding(\"binding\", BackupPlanIamBindingArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkebackup:BackupPlanIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.BackupPlanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkebackup.BackupPlanIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkebackup.BackupPlanIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeBackup.BackupPlanIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamMember(ctx, \"member\", \u0026gkebackup.BackupPlanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMember;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BackupPlanIamMember(\"member\", BackupPlanIamMemberArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkebackup:BackupPlanIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/backupPlans/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBackup for GKE backupplan IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamMember:BackupPlanIamMember editor \"projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamMember:BackupPlanIamMember editor \"projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamMember:BackupPlanIamMember editor projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:gkebackup/BackupPlanIamMemberCondition:BackupPlanIamMemberCondition" @@ -216176,7 +216176,7 @@ } }, "gcp:gkebackup/backupPlanIamPolicy:BackupPlanIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Backup for GKE BackupPlan. Each of these resources serves a different use case:\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Authoritative. Sets the IAM policy for the backupplan and replaces any existing policy already attached.\n* `gcp.gkebackup.BackupPlanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the backupplan are preserved.\n* `gcp.gkebackup.BackupPlanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the backupplan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Retrieves the IAM policy for the backupplan\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamPolicy` **cannot** be used in conjunction with `gcp.gkebackup.BackupPlanIamBinding` and `gcp.gkebackup.BackupPlanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamBinding` resources **can be** used in conjunction with `gcp.gkebackup.BackupPlanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkebackup.BackupPlanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkebackup.BackupPlanIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkebackup.BackupPlanIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeBackup.BackupPlanIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewBackupPlanIamPolicy(ctx, \"policy\", \u0026gkebackup.BackupPlanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicy;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BackupPlanIamPolicy(\"policy\", BackupPlanIamPolicyArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkebackup:BackupPlanIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.BackupPlanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkebackup.BackupPlanIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkebackup.BackupPlanIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeBackup.BackupPlanIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamBinding(ctx, \"binding\", \u0026gkebackup.BackupPlanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBinding;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BackupPlanIamBinding(\"binding\", BackupPlanIamBindingArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkebackup:BackupPlanIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.BackupPlanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkebackup.BackupPlanIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkebackup.BackupPlanIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeBackup.BackupPlanIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamMember(ctx, \"member\", \u0026gkebackup.BackupPlanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMember;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BackupPlanIamMember(\"member\", BackupPlanIamMemberArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkebackup:BackupPlanIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Backup for GKE BackupPlan\nThree different resources help you manage your IAM policy for Backup for GKE BackupPlan. Each of these resources serves a different use case:\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Authoritative. Sets the IAM policy for the backupplan and replaces any existing policy already attached.\n* `gcp.gkebackup.BackupPlanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the backupplan are preserved.\n* `gcp.gkebackup.BackupPlanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the backupplan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Retrieves the IAM policy for the backupplan\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamPolicy` **cannot** be used in conjunction with `gcp.gkebackup.BackupPlanIamBinding` and `gcp.gkebackup.BackupPlanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamBinding` resources **can be** used in conjunction with `gcp.gkebackup.BackupPlanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkebackup.BackupPlanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkebackup.BackupPlanIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkebackup.BackupPlanIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeBackup.BackupPlanIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewBackupPlanIamPolicy(ctx, \"policy\", \u0026gkebackup.BackupPlanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicy;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BackupPlanIamPolicy(\"policy\", BackupPlanIamPolicyArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkebackup:BackupPlanIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.BackupPlanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkebackup.BackupPlanIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkebackup.BackupPlanIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeBackup.BackupPlanIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamBinding(ctx, \"binding\", \u0026gkebackup.BackupPlanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBinding;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BackupPlanIamBinding(\"binding\", BackupPlanIamBindingArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkebackup:BackupPlanIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.BackupPlanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkebackup.BackupPlanIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkebackup.BackupPlanIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeBackup.BackupPlanIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamMember(ctx, \"member\", \u0026gkebackup.BackupPlanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMember;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BackupPlanIamMember(\"member\", BackupPlanIamMemberArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkebackup:BackupPlanIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/backupPlans/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBackup for GKE backupplan IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamPolicy:BackupPlanIamPolicy editor \"projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamPolicy:BackupPlanIamPolicy editor \"projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamPolicy:BackupPlanIamPolicy editor projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Backup for GKE BackupPlan. Each of these resources serves a different use case:\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Authoritative. Sets the IAM policy for the backupplan and replaces any existing policy already attached.\n* `gcp.gkebackup.BackupPlanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the backupplan are preserved.\n* `gcp.gkebackup.BackupPlanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the backupplan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Retrieves the IAM policy for the backupplan\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamPolicy` **cannot** be used in conjunction with `gcp.gkebackup.BackupPlanIamBinding` and `gcp.gkebackup.BackupPlanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamBinding` resources **can be** used in conjunction with `gcp.gkebackup.BackupPlanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkebackup.BackupPlanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkebackup.BackupPlanIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkebackup.BackupPlanIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeBackup.BackupPlanIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewBackupPlanIamPolicy(ctx, \"policy\", \u0026gkebackup.BackupPlanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicy;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BackupPlanIamPolicy(\"policy\", BackupPlanIamPolicyArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkebackup:BackupPlanIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.BackupPlanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkebackup.BackupPlanIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkebackup.BackupPlanIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeBackup.BackupPlanIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamBinding(ctx, \"binding\", \u0026gkebackup.BackupPlanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBinding;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BackupPlanIamBinding(\"binding\", BackupPlanIamBindingArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkebackup:BackupPlanIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.BackupPlanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkebackup.BackupPlanIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkebackup.BackupPlanIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeBackup.BackupPlanIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamMember(ctx, \"member\", \u0026gkebackup.BackupPlanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMember;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BackupPlanIamMember(\"member\", BackupPlanIamMemberArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkebackup:BackupPlanIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Backup for GKE BackupPlan\nThree different resources help you manage your IAM policy for Backup for GKE BackupPlan. Each of these resources serves a different use case:\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Authoritative. Sets the IAM policy for the backupplan and replaces any existing policy already attached.\n* `gcp.gkebackup.BackupPlanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the backupplan are preserved.\n* `gcp.gkebackup.BackupPlanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the backupplan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Retrieves the IAM policy for the backupplan\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamPolicy` **cannot** be used in conjunction with `gcp.gkebackup.BackupPlanIamBinding` and `gcp.gkebackup.BackupPlanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamBinding` resources **can be** used in conjunction with `gcp.gkebackup.BackupPlanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkebackup.BackupPlanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkebackup.BackupPlanIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkebackup.BackupPlanIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeBackup.BackupPlanIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewBackupPlanIamPolicy(ctx, \"policy\", \u0026gkebackup.BackupPlanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicy;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BackupPlanIamPolicy(\"policy\", BackupPlanIamPolicyArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkebackup:BackupPlanIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.BackupPlanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkebackup.BackupPlanIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkebackup.BackupPlanIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeBackup.BackupPlanIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamBinding(ctx, \"binding\", \u0026gkebackup.BackupPlanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBinding;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BackupPlanIamBinding(\"binding\", BackupPlanIamBindingArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkebackup:BackupPlanIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.BackupPlanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkebackup.BackupPlanIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkebackup.BackupPlanIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeBackup.BackupPlanIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamMember(ctx, \"member\", \u0026gkebackup.BackupPlanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMember;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BackupPlanIamMember(\"member\", BackupPlanIamMemberArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkebackup:BackupPlanIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/backupPlans/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBackup for GKE backupplan IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamPolicy:BackupPlanIamPolicy editor \"projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamPolicy:BackupPlanIamPolicy editor \"projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamPolicy:BackupPlanIamPolicy editor projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -216261,7 +216261,7 @@ } }, "gcp:gkebackup/restorePlan:RestorePlan": { - "description": "Represents a Restore Plan instance.\n\n\nTo get more information about RestorePlan, see:\n\n* [API documentation](https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/reference/rest/v1/projects.locations.restorePlans)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke)\n\n## Example Usage\n\n### Gkebackup Restoreplan All Namespaces\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst primary = new gcp.container.Cluster(\"primary\", {\n name: \"restore-all-ns-cluster\",\n location: \"us-central1\",\n initialNodeCount: 1,\n workloadIdentityConfig: {\n workloadPool: \"my-project-name.svc.id.goog\",\n },\n addonsConfig: {\n gkeBackupAgentConfig: {\n enabled: true,\n },\n },\n deletionProtection: true,\n network: \"default\",\n subnetwork: \"default\",\n});\nconst basic = new gcp.gkebackup.BackupPlan(\"basic\", {\n name: \"restore-all-ns\",\n cluster: primary.id,\n location: \"us-central1\",\n backupConfig: {\n includeVolumeData: true,\n includeSecrets: true,\n allNamespaces: true,\n },\n});\nconst allNs = new gcp.gkebackup.RestorePlan(\"all_ns\", {\n name: \"restore-all-ns\",\n location: \"us-central1\",\n backupPlan: basic.id,\n cluster: primary.id,\n restoreConfig: {\n allNamespaces: true,\n namespacedResourceRestoreMode: \"FAIL_ON_CONFLICT\",\n volumeDataRestorePolicy: \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n clusterResourceRestoreScope: {\n allGroupKinds: true,\n },\n clusterResourceConflictPolicy: \"USE_EXISTING_VERSION\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprimary = gcp.container.Cluster(\"primary\",\n name=\"restore-all-ns-cluster\",\n location=\"us-central1\",\n initial_node_count=1,\n workload_identity_config={\n \"workload_pool\": \"my-project-name.svc.id.goog\",\n },\n addons_config={\n \"gke_backup_agent_config\": {\n \"enabled\": True,\n },\n },\n deletion_protection=True,\n network=\"default\",\n subnetwork=\"default\")\nbasic = gcp.gkebackup.BackupPlan(\"basic\",\n name=\"restore-all-ns\",\n cluster=primary.id,\n location=\"us-central1\",\n backup_config={\n \"include_volume_data\": True,\n \"include_secrets\": True,\n \"all_namespaces\": True,\n })\nall_ns = gcp.gkebackup.RestorePlan(\"all_ns\",\n name=\"restore-all-ns\",\n location=\"us-central1\",\n backup_plan=basic.id,\n cluster=primary.id,\n restore_config={\n \"all_namespaces\": True,\n \"namespaced_resource_restore_mode\": \"FAIL_ON_CONFLICT\",\n \"volume_data_restore_policy\": \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n \"cluster_resource_restore_scope\": {\n \"all_group_kinds\": True,\n },\n \"cluster_resource_conflict_policy\": \"USE_EXISTING_VERSION\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Gcp.Container.Cluster(\"primary\", new()\n {\n Name = \"restore-all-ns-cluster\",\n Location = \"us-central1\",\n InitialNodeCount = 1,\n WorkloadIdentityConfig = new Gcp.Container.Inputs.ClusterWorkloadIdentityConfigArgs\n {\n WorkloadPool = \"my-project-name.svc.id.goog\",\n },\n AddonsConfig = new Gcp.Container.Inputs.ClusterAddonsConfigArgs\n {\n GkeBackupAgentConfig = new Gcp.Container.Inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs\n {\n Enabled = true,\n },\n },\n DeletionProtection = true,\n Network = \"default\",\n Subnetwork = \"default\",\n });\n\n var basic = new Gcp.GkeBackup.BackupPlan(\"basic\", new()\n {\n Name = \"restore-all-ns\",\n Cluster = primary.Id,\n Location = \"us-central1\",\n BackupConfig = new Gcp.GkeBackup.Inputs.BackupPlanBackupConfigArgs\n {\n IncludeVolumeData = true,\n IncludeSecrets = true,\n AllNamespaces = true,\n },\n });\n\n var allNs = new Gcp.GkeBackup.RestorePlan(\"all_ns\", new()\n {\n Name = \"restore-all-ns\",\n Location = \"us-central1\",\n BackupPlan = basic.Id,\n Cluster = primary.Id,\n RestoreConfig = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigArgs\n {\n AllNamespaces = true,\n NamespacedResourceRestoreMode = \"FAIL_ON_CONFLICT\",\n VolumeDataRestorePolicy = \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n ClusterResourceRestoreScope = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs\n {\n AllGroupKinds = true,\n },\n ClusterResourceConflictPolicy = \"USE_EXISTING_VERSION\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprimary, err := container.NewCluster(ctx, \"primary\", \u0026container.ClusterArgs{\n\t\t\tName: pulumi.String(\"restore-all-ns-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tInitialNodeCount: pulumi.Int(1),\n\t\t\tWorkloadIdentityConfig: \u0026container.ClusterWorkloadIdentityConfigArgs{\n\t\t\t\tWorkloadPool: pulumi.String(\"my-project-name.svc.id.goog\"),\n\t\t\t},\n\t\t\tAddonsConfig: \u0026container.ClusterAddonsConfigArgs{\n\t\t\t\tGkeBackupAgentConfig: \u0026container.ClusterAddonsConfigGkeBackupAgentConfigArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\tSubnetwork: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasic, err := gkebackup.NewBackupPlan(ctx, \"basic\", \u0026gkebackup.BackupPlanArgs{\n\t\t\tName: pulumi.String(\"restore-all-ns\"),\n\t\t\tCluster: primary.ID(),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupConfig: \u0026gkebackup.BackupPlanBackupConfigArgs{\n\t\t\t\tIncludeVolumeData: pulumi.Bool(true),\n\t\t\t\tIncludeSecrets: pulumi.Bool(true),\n\t\t\t\tAllNamespaces: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewRestorePlan(ctx, \"all_ns\", \u0026gkebackup.RestorePlanArgs{\n\t\t\tName: pulumi.String(\"restore-all-ns\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupPlan: basic.ID(),\n\t\t\tCluster: primary.ID(),\n\t\t\tRestoreConfig: \u0026gkebackup.RestorePlanRestoreConfigArgs{\n\t\t\t\tAllNamespaces: pulumi.Bool(true),\n\t\t\t\tNamespacedResourceRestoreMode: pulumi.String(\"FAIL_ON_CONFLICT\"),\n\t\t\t\tVolumeDataRestorePolicy: pulumi.String(\"RESTORE_VOLUME_DATA_FROM_BACKUP\"),\n\t\t\t\tClusterResourceRestoreScope: \u0026gkebackup.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs{\n\t\t\t\t\tAllGroupKinds: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tClusterResourceConflictPolicy: pulumi.String(\"USE_EXISTING_VERSION\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.Cluster;\nimport com.pulumi.gcp.container.ClusterArgs;\nimport com.pulumi.gcp.container.inputs.ClusterWorkloadIdentityConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlan;\nimport com.pulumi.gcp.gkebackup.BackupPlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.BackupPlanBackupConfigArgs;\nimport com.pulumi.gcp.gkebackup.RestorePlan;\nimport com.pulumi.gcp.gkebackup.RestorePlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Cluster(\"primary\", ClusterArgs.builder()\n .name(\"restore-all-ns-cluster\")\n .location(\"us-central1\")\n .initialNodeCount(1)\n .workloadIdentityConfig(ClusterWorkloadIdentityConfigArgs.builder()\n .workloadPool(\"my-project-name.svc.id.goog\")\n .build())\n .addonsConfig(ClusterAddonsConfigArgs.builder()\n .gkeBackupAgentConfig(ClusterAddonsConfigGkeBackupAgentConfigArgs.builder()\n .enabled(true)\n .build())\n .build())\n .deletionProtection(true)\n .network(\"default\")\n .subnetwork(\"default\")\n .build());\n\n var basic = new BackupPlan(\"basic\", BackupPlanArgs.builder()\n .name(\"restore-all-ns\")\n .cluster(primary.id())\n .location(\"us-central1\")\n .backupConfig(BackupPlanBackupConfigArgs.builder()\n .includeVolumeData(true)\n .includeSecrets(true)\n .allNamespaces(true)\n .build())\n .build());\n\n var allNs = new RestorePlan(\"allNs\", RestorePlanArgs.builder()\n .name(\"restore-all-ns\")\n .location(\"us-central1\")\n .backupPlan(basic.id())\n .cluster(primary.id())\n .restoreConfig(RestorePlanRestoreConfigArgs.builder()\n .allNamespaces(true)\n .namespacedResourceRestoreMode(\"FAIL_ON_CONFLICT\")\n .volumeDataRestorePolicy(\"RESTORE_VOLUME_DATA_FROM_BACKUP\")\n .clusterResourceRestoreScope(RestorePlanRestoreConfigClusterResourceRestoreScopeArgs.builder()\n .allGroupKinds(true)\n .build())\n .clusterResourceConflictPolicy(\"USE_EXISTING_VERSION\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:Cluster\n properties:\n name: restore-all-ns-cluster\n location: us-central1\n initialNodeCount: 1\n workloadIdentityConfig:\n workloadPool: my-project-name.svc.id.goog\n addonsConfig:\n gkeBackupAgentConfig:\n enabled: true\n deletionProtection: true\n network: default\n subnetwork: default\n basic:\n type: gcp:gkebackup:BackupPlan\n properties:\n name: restore-all-ns\n cluster: ${primary.id}\n location: us-central1\n backupConfig:\n includeVolumeData: true\n includeSecrets: true\n allNamespaces: true\n allNs:\n type: gcp:gkebackup:RestorePlan\n name: all_ns\n properties:\n name: restore-all-ns\n location: us-central1\n backupPlan: ${basic.id}\n cluster: ${primary.id}\n restoreConfig:\n allNamespaces: true\n namespacedResourceRestoreMode: FAIL_ON_CONFLICT\n volumeDataRestorePolicy: RESTORE_VOLUME_DATA_FROM_BACKUP\n clusterResourceRestoreScope:\n allGroupKinds: true\n clusterResourceConflictPolicy: USE_EXISTING_VERSION\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Gkebackup Restoreplan Rollback Namespace\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst primary = new gcp.container.Cluster(\"primary\", {\n name: \"rollback-ns-cluster\",\n location: \"us-central1\",\n initialNodeCount: 1,\n workloadIdentityConfig: {\n workloadPool: \"my-project-name.svc.id.goog\",\n },\n addonsConfig: {\n gkeBackupAgentConfig: {\n enabled: true,\n },\n },\n deletionProtection: true,\n network: \"default\",\n subnetwork: \"default\",\n});\nconst basic = new gcp.gkebackup.BackupPlan(\"basic\", {\n name: \"rollback-ns\",\n cluster: primary.id,\n location: \"us-central1\",\n backupConfig: {\n includeVolumeData: true,\n includeSecrets: true,\n allNamespaces: true,\n },\n});\nconst rollbackNs = new gcp.gkebackup.RestorePlan(\"rollback_ns\", {\n name: \"rollback-ns-rp\",\n location: \"us-central1\",\n backupPlan: basic.id,\n cluster: primary.id,\n restoreConfig: {\n selectedNamespaces: {\n namespaces: [\"my-ns\"],\n },\n namespacedResourceRestoreMode: \"DELETE_AND_RESTORE\",\n volumeDataRestorePolicy: \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n clusterResourceRestoreScope: {\n selectedGroupKinds: [\n {\n resourceGroup: \"apiextension.k8s.io\",\n resourceKind: \"CustomResourceDefinition\",\n },\n {\n resourceGroup: \"storage.k8s.io\",\n resourceKind: \"StorageClass\",\n },\n ],\n },\n clusterResourceConflictPolicy: \"USE_EXISTING_VERSION\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprimary = gcp.container.Cluster(\"primary\",\n name=\"rollback-ns-cluster\",\n location=\"us-central1\",\n initial_node_count=1,\n workload_identity_config={\n \"workload_pool\": \"my-project-name.svc.id.goog\",\n },\n addons_config={\n \"gke_backup_agent_config\": {\n \"enabled\": True,\n },\n },\n deletion_protection=True,\n network=\"default\",\n subnetwork=\"default\")\nbasic = gcp.gkebackup.BackupPlan(\"basic\",\n name=\"rollback-ns\",\n cluster=primary.id,\n location=\"us-central1\",\n backup_config={\n \"include_volume_data\": True,\n \"include_secrets\": True,\n \"all_namespaces\": True,\n })\nrollback_ns = gcp.gkebackup.RestorePlan(\"rollback_ns\",\n name=\"rollback-ns-rp\",\n location=\"us-central1\",\n backup_plan=basic.id,\n cluster=primary.id,\n restore_config={\n \"selected_namespaces\": {\n \"namespaces\": [\"my-ns\"],\n },\n \"namespaced_resource_restore_mode\": \"DELETE_AND_RESTORE\",\n \"volume_data_restore_policy\": \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n \"cluster_resource_restore_scope\": {\n \"selected_group_kinds\": [\n {\n \"resource_group\": \"apiextension.k8s.io\",\n \"resource_kind\": \"CustomResourceDefinition\",\n },\n {\n \"resource_group\": \"storage.k8s.io\",\n \"resource_kind\": \"StorageClass\",\n },\n ],\n },\n \"cluster_resource_conflict_policy\": \"USE_EXISTING_VERSION\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Gcp.Container.Cluster(\"primary\", new()\n {\n Name = \"rollback-ns-cluster\",\n Location = \"us-central1\",\n InitialNodeCount = 1,\n WorkloadIdentityConfig = new Gcp.Container.Inputs.ClusterWorkloadIdentityConfigArgs\n {\n WorkloadPool = \"my-project-name.svc.id.goog\",\n },\n AddonsConfig = new Gcp.Container.Inputs.ClusterAddonsConfigArgs\n {\n GkeBackupAgentConfig = new Gcp.Container.Inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs\n {\n Enabled = true,\n },\n },\n DeletionProtection = true,\n Network = \"default\",\n Subnetwork = \"default\",\n });\n\n var basic = new Gcp.GkeBackup.BackupPlan(\"basic\", new()\n {\n Name = \"rollback-ns\",\n Cluster = primary.Id,\n Location = \"us-central1\",\n BackupConfig = new Gcp.GkeBackup.Inputs.BackupPlanBackupConfigArgs\n {\n IncludeVolumeData = true,\n IncludeSecrets = true,\n AllNamespaces = true,\n },\n });\n\n var rollbackNs = new Gcp.GkeBackup.RestorePlan(\"rollback_ns\", new()\n {\n Name = \"rollback-ns-rp\",\n Location = \"us-central1\",\n BackupPlan = basic.Id,\n Cluster = primary.Id,\n RestoreConfig = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigArgs\n {\n SelectedNamespaces = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigSelectedNamespacesArgs\n {\n Namespaces = new[]\n {\n \"my-ns\",\n },\n },\n NamespacedResourceRestoreMode = \"DELETE_AND_RESTORE\",\n VolumeDataRestorePolicy = \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n ClusterResourceRestoreScope = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs\n {\n SelectedGroupKinds = new[]\n {\n new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeSelectedGroupKindArgs\n {\n ResourceGroup = \"apiextension.k8s.io\",\n ResourceKind = \"CustomResourceDefinition\",\n },\n new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeSelectedGroupKindArgs\n {\n ResourceGroup = \"storage.k8s.io\",\n ResourceKind = \"StorageClass\",\n },\n },\n },\n ClusterResourceConflictPolicy = \"USE_EXISTING_VERSION\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprimary, err := container.NewCluster(ctx, \"primary\", \u0026container.ClusterArgs{\n\t\t\tName: pulumi.String(\"rollback-ns-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tInitialNodeCount: pulumi.Int(1),\n\t\t\tWorkloadIdentityConfig: \u0026container.ClusterWorkloadIdentityConfigArgs{\n\t\t\t\tWorkloadPool: pulumi.String(\"my-project-name.svc.id.goog\"),\n\t\t\t},\n\t\t\tAddonsConfig: \u0026container.ClusterAddonsConfigArgs{\n\t\t\t\tGkeBackupAgentConfig: \u0026container.ClusterAddonsConfigGkeBackupAgentConfigArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\tSubnetwork: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasic, err := gkebackup.NewBackupPlan(ctx, \"basic\", \u0026gkebackup.BackupPlanArgs{\n\t\t\tName: pulumi.String(\"rollback-ns\"),\n\t\t\tCluster: primary.ID(),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupConfig: \u0026gkebackup.BackupPlanBackupConfigArgs{\n\t\t\t\tIncludeVolumeData: pulumi.Bool(true),\n\t\t\t\tIncludeSecrets: pulumi.Bool(true),\n\t\t\t\tAllNamespaces: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewRestorePlan(ctx, \"rollback_ns\", \u0026gkebackup.RestorePlanArgs{\n\t\t\tName: pulumi.String(\"rollback-ns-rp\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupPlan: basic.ID(),\n\t\t\tCluster: primary.ID(),\n\t\t\tRestoreConfig: \u0026gkebackup.RestorePlanRestoreConfigArgs{\n\t\t\t\tSelectedNamespaces: \u0026gkebackup.RestorePlanRestoreConfigSelectedNamespacesArgs{\n\t\t\t\t\tNamespaces: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"my-ns\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tNamespacedResourceRestoreMode: pulumi.String(\"DELETE_AND_RESTORE\"),\n\t\t\t\tVolumeDataRestorePolicy: pulumi.String(\"RESTORE_VOLUME_DATA_FROM_BACKUP\"),\n\t\t\t\tClusterResourceRestoreScope: \u0026gkebackup.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs{\n\t\t\t\t\tSelectedGroupKinds: gkebackup.RestorePlanRestoreConfigClusterResourceRestoreScopeSelectedGroupKindArray{\n\t\t\t\t\t\t\u0026gkebackup.RestorePlanRestoreConfigClusterResourceRestoreScopeSelectedGroupKindArgs{\n\t\t\t\t\t\t\tResourceGroup: pulumi.String(\"apiextension.k8s.io\"),\n\t\t\t\t\t\t\tResourceKind: pulumi.String(\"CustomResourceDefinition\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026gkebackup.RestorePlanRestoreConfigClusterResourceRestoreScopeSelectedGroupKindArgs{\n\t\t\t\t\t\t\tResourceGroup: pulumi.String(\"storage.k8s.io\"),\n\t\t\t\t\t\t\tResourceKind: pulumi.String(\"StorageClass\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tClusterResourceConflictPolicy: pulumi.String(\"USE_EXISTING_VERSION\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.Cluster;\nimport com.pulumi.gcp.container.ClusterArgs;\nimport com.pulumi.gcp.container.inputs.ClusterWorkloadIdentityConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlan;\nimport com.pulumi.gcp.gkebackup.BackupPlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.BackupPlanBackupConfigArgs;\nimport com.pulumi.gcp.gkebackup.RestorePlan;\nimport com.pulumi.gcp.gkebackup.RestorePlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigSelectedNamespacesArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Cluster(\"primary\", ClusterArgs.builder()\n .name(\"rollback-ns-cluster\")\n .location(\"us-central1\")\n .initialNodeCount(1)\n .workloadIdentityConfig(ClusterWorkloadIdentityConfigArgs.builder()\n .workloadPool(\"my-project-name.svc.id.goog\")\n .build())\n .addonsConfig(ClusterAddonsConfigArgs.builder()\n .gkeBackupAgentConfig(ClusterAddonsConfigGkeBackupAgentConfigArgs.builder()\n .enabled(true)\n .build())\n .build())\n .deletionProtection(true)\n .network(\"default\")\n .subnetwork(\"default\")\n .build());\n\n var basic = new BackupPlan(\"basic\", BackupPlanArgs.builder()\n .name(\"rollback-ns\")\n .cluster(primary.id())\n .location(\"us-central1\")\n .backupConfig(BackupPlanBackupConfigArgs.builder()\n .includeVolumeData(true)\n .includeSecrets(true)\n .allNamespaces(true)\n .build())\n .build());\n\n var rollbackNs = new RestorePlan(\"rollbackNs\", RestorePlanArgs.builder()\n .name(\"rollback-ns-rp\")\n .location(\"us-central1\")\n .backupPlan(basic.id())\n .cluster(primary.id())\n .restoreConfig(RestorePlanRestoreConfigArgs.builder()\n .selectedNamespaces(RestorePlanRestoreConfigSelectedNamespacesArgs.builder()\n .namespaces(\"my-ns\")\n .build())\n .namespacedResourceRestoreMode(\"DELETE_AND_RESTORE\")\n .volumeDataRestorePolicy(\"RESTORE_VOLUME_DATA_FROM_BACKUP\")\n .clusterResourceRestoreScope(RestorePlanRestoreConfigClusterResourceRestoreScopeArgs.builder()\n .selectedGroupKinds( \n RestorePlanRestoreConfigClusterResourceRestoreScopeSelectedGroupKindArgs.builder()\n .resourceGroup(\"apiextension.k8s.io\")\n .resourceKind(\"CustomResourceDefinition\")\n .build(),\n RestorePlanRestoreConfigClusterResourceRestoreScopeSelectedGroupKindArgs.builder()\n .resourceGroup(\"storage.k8s.io\")\n .resourceKind(\"StorageClass\")\n .build())\n .build())\n .clusterResourceConflictPolicy(\"USE_EXISTING_VERSION\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:Cluster\n properties:\n name: rollback-ns-cluster\n location: us-central1\n initialNodeCount: 1\n workloadIdentityConfig:\n workloadPool: my-project-name.svc.id.goog\n addonsConfig:\n gkeBackupAgentConfig:\n enabled: true\n deletionProtection: true\n network: default\n subnetwork: default\n basic:\n type: gcp:gkebackup:BackupPlan\n properties:\n name: rollback-ns\n cluster: ${primary.id}\n location: us-central1\n backupConfig:\n includeVolumeData: true\n includeSecrets: true\n allNamespaces: true\n rollbackNs:\n type: gcp:gkebackup:RestorePlan\n name: rollback_ns\n properties:\n name: rollback-ns-rp\n location: us-central1\n backupPlan: ${basic.id}\n cluster: ${primary.id}\n restoreConfig:\n selectedNamespaces:\n namespaces:\n - my-ns\n namespacedResourceRestoreMode: DELETE_AND_RESTORE\n volumeDataRestorePolicy: RESTORE_VOLUME_DATA_FROM_BACKUP\n clusterResourceRestoreScope:\n selectedGroupKinds:\n - resourceGroup: apiextension.k8s.io\n resourceKind: CustomResourceDefinition\n - resourceGroup: storage.k8s.io\n resourceKind: StorageClass\n clusterResourceConflictPolicy: USE_EXISTING_VERSION\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Gkebackup Restoreplan Protected Application\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst primary = new gcp.container.Cluster(\"primary\", {\n name: \"rollback-app-cluster\",\n location: \"us-central1\",\n initialNodeCount: 1,\n workloadIdentityConfig: {\n workloadPool: \"my-project-name.svc.id.goog\",\n },\n addonsConfig: {\n gkeBackupAgentConfig: {\n enabled: true,\n },\n },\n deletionProtection: true,\n network: \"default\",\n subnetwork: \"default\",\n});\nconst basic = new gcp.gkebackup.BackupPlan(\"basic\", {\n name: \"rollback-app\",\n cluster: primary.id,\n location: \"us-central1\",\n backupConfig: {\n includeVolumeData: true,\n includeSecrets: true,\n allNamespaces: true,\n },\n});\nconst rollbackApp = new gcp.gkebackup.RestorePlan(\"rollback_app\", {\n name: \"rollback-app-rp\",\n location: \"us-central1\",\n backupPlan: basic.id,\n cluster: primary.id,\n restoreConfig: {\n selectedApplications: {\n namespacedNames: [{\n name: \"my-app\",\n namespace: \"my-ns\",\n }],\n },\n namespacedResourceRestoreMode: \"DELETE_AND_RESTORE\",\n volumeDataRestorePolicy: \"REUSE_VOLUME_HANDLE_FROM_BACKUP\",\n clusterResourceRestoreScope: {\n noGroupKinds: true,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprimary = gcp.container.Cluster(\"primary\",\n name=\"rollback-app-cluster\",\n location=\"us-central1\",\n initial_node_count=1,\n workload_identity_config={\n \"workload_pool\": \"my-project-name.svc.id.goog\",\n },\n addons_config={\n \"gke_backup_agent_config\": {\n \"enabled\": True,\n },\n },\n deletion_protection=True,\n network=\"default\",\n subnetwork=\"default\")\nbasic = gcp.gkebackup.BackupPlan(\"basic\",\n name=\"rollback-app\",\n cluster=primary.id,\n location=\"us-central1\",\n backup_config={\n \"include_volume_data\": True,\n \"include_secrets\": True,\n \"all_namespaces\": True,\n })\nrollback_app = gcp.gkebackup.RestorePlan(\"rollback_app\",\n name=\"rollback-app-rp\",\n location=\"us-central1\",\n backup_plan=basic.id,\n cluster=primary.id,\n restore_config={\n \"selected_applications\": {\n \"namespaced_names\": [{\n \"name\": \"my-app\",\n \"namespace\": \"my-ns\",\n }],\n },\n \"namespaced_resource_restore_mode\": \"DELETE_AND_RESTORE\",\n \"volume_data_restore_policy\": \"REUSE_VOLUME_HANDLE_FROM_BACKUP\",\n \"cluster_resource_restore_scope\": {\n \"no_group_kinds\": True,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Gcp.Container.Cluster(\"primary\", new()\n {\n Name = \"rollback-app-cluster\",\n Location = \"us-central1\",\n InitialNodeCount = 1,\n WorkloadIdentityConfig = new Gcp.Container.Inputs.ClusterWorkloadIdentityConfigArgs\n {\n WorkloadPool = \"my-project-name.svc.id.goog\",\n },\n AddonsConfig = new Gcp.Container.Inputs.ClusterAddonsConfigArgs\n {\n GkeBackupAgentConfig = new Gcp.Container.Inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs\n {\n Enabled = true,\n },\n },\n DeletionProtection = true,\n Network = \"default\",\n Subnetwork = \"default\",\n });\n\n var basic = new Gcp.GkeBackup.BackupPlan(\"basic\", new()\n {\n Name = \"rollback-app\",\n Cluster = primary.Id,\n Location = \"us-central1\",\n BackupConfig = new Gcp.GkeBackup.Inputs.BackupPlanBackupConfigArgs\n {\n IncludeVolumeData = true,\n IncludeSecrets = true,\n AllNamespaces = true,\n },\n });\n\n var rollbackApp = new Gcp.GkeBackup.RestorePlan(\"rollback_app\", new()\n {\n Name = \"rollback-app-rp\",\n Location = \"us-central1\",\n BackupPlan = basic.Id,\n Cluster = primary.Id,\n RestoreConfig = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigArgs\n {\n SelectedApplications = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigSelectedApplicationsArgs\n {\n NamespacedNames = new[]\n {\n new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigSelectedApplicationsNamespacedNameArgs\n {\n Name = \"my-app\",\n Namespace = \"my-ns\",\n },\n },\n },\n NamespacedResourceRestoreMode = \"DELETE_AND_RESTORE\",\n VolumeDataRestorePolicy = \"REUSE_VOLUME_HANDLE_FROM_BACKUP\",\n ClusterResourceRestoreScope = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs\n {\n NoGroupKinds = true,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprimary, err := container.NewCluster(ctx, \"primary\", \u0026container.ClusterArgs{\n\t\t\tName: pulumi.String(\"rollback-app-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tInitialNodeCount: pulumi.Int(1),\n\t\t\tWorkloadIdentityConfig: \u0026container.ClusterWorkloadIdentityConfigArgs{\n\t\t\t\tWorkloadPool: pulumi.String(\"my-project-name.svc.id.goog\"),\n\t\t\t},\n\t\t\tAddonsConfig: \u0026container.ClusterAddonsConfigArgs{\n\t\t\t\tGkeBackupAgentConfig: \u0026container.ClusterAddonsConfigGkeBackupAgentConfigArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\tSubnetwork: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasic, err := gkebackup.NewBackupPlan(ctx, \"basic\", \u0026gkebackup.BackupPlanArgs{\n\t\t\tName: pulumi.String(\"rollback-app\"),\n\t\t\tCluster: primary.ID(),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupConfig: \u0026gkebackup.BackupPlanBackupConfigArgs{\n\t\t\t\tIncludeVolumeData: pulumi.Bool(true),\n\t\t\t\tIncludeSecrets: pulumi.Bool(true),\n\t\t\t\tAllNamespaces: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewRestorePlan(ctx, \"rollback_app\", \u0026gkebackup.RestorePlanArgs{\n\t\t\tName: pulumi.String(\"rollback-app-rp\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupPlan: basic.ID(),\n\t\t\tCluster: primary.ID(),\n\t\t\tRestoreConfig: \u0026gkebackup.RestorePlanRestoreConfigArgs{\n\t\t\t\tSelectedApplications: \u0026gkebackup.RestorePlanRestoreConfigSelectedApplicationsArgs{\n\t\t\t\t\tNamespacedNames: gkebackup.RestorePlanRestoreConfigSelectedApplicationsNamespacedNameArray{\n\t\t\t\t\t\t\u0026gkebackup.RestorePlanRestoreConfigSelectedApplicationsNamespacedNameArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"my-app\"),\n\t\t\t\t\t\t\tNamespace: pulumi.String(\"my-ns\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tNamespacedResourceRestoreMode: pulumi.String(\"DELETE_AND_RESTORE\"),\n\t\t\t\tVolumeDataRestorePolicy: pulumi.String(\"REUSE_VOLUME_HANDLE_FROM_BACKUP\"),\n\t\t\t\tClusterResourceRestoreScope: \u0026gkebackup.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs{\n\t\t\t\t\tNoGroupKinds: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.Cluster;\nimport com.pulumi.gcp.container.ClusterArgs;\nimport com.pulumi.gcp.container.inputs.ClusterWorkloadIdentityConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlan;\nimport com.pulumi.gcp.gkebackup.BackupPlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.BackupPlanBackupConfigArgs;\nimport com.pulumi.gcp.gkebackup.RestorePlan;\nimport com.pulumi.gcp.gkebackup.RestorePlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigSelectedApplicationsArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Cluster(\"primary\", ClusterArgs.builder()\n .name(\"rollback-app-cluster\")\n .location(\"us-central1\")\n .initialNodeCount(1)\n .workloadIdentityConfig(ClusterWorkloadIdentityConfigArgs.builder()\n .workloadPool(\"my-project-name.svc.id.goog\")\n .build())\n .addonsConfig(ClusterAddonsConfigArgs.builder()\n .gkeBackupAgentConfig(ClusterAddonsConfigGkeBackupAgentConfigArgs.builder()\n .enabled(true)\n .build())\n .build())\n .deletionProtection(true)\n .network(\"default\")\n .subnetwork(\"default\")\n .build());\n\n var basic = new BackupPlan(\"basic\", BackupPlanArgs.builder()\n .name(\"rollback-app\")\n .cluster(primary.id())\n .location(\"us-central1\")\n .backupConfig(BackupPlanBackupConfigArgs.builder()\n .includeVolumeData(true)\n .includeSecrets(true)\n .allNamespaces(true)\n .build())\n .build());\n\n var rollbackApp = new RestorePlan(\"rollbackApp\", RestorePlanArgs.builder()\n .name(\"rollback-app-rp\")\n .location(\"us-central1\")\n .backupPlan(basic.id())\n .cluster(primary.id())\n .restoreConfig(RestorePlanRestoreConfigArgs.builder()\n .selectedApplications(RestorePlanRestoreConfigSelectedApplicationsArgs.builder()\n .namespacedNames(RestorePlanRestoreConfigSelectedApplicationsNamespacedNameArgs.builder()\n .name(\"my-app\")\n .namespace(\"my-ns\")\n .build())\n .build())\n .namespacedResourceRestoreMode(\"DELETE_AND_RESTORE\")\n .volumeDataRestorePolicy(\"REUSE_VOLUME_HANDLE_FROM_BACKUP\")\n .clusterResourceRestoreScope(RestorePlanRestoreConfigClusterResourceRestoreScopeArgs.builder()\n .noGroupKinds(true)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:Cluster\n properties:\n name: rollback-app-cluster\n location: us-central1\n initialNodeCount: 1\n workloadIdentityConfig:\n workloadPool: my-project-name.svc.id.goog\n addonsConfig:\n gkeBackupAgentConfig:\n enabled: true\n deletionProtection: true\n network: default\n subnetwork: default\n basic:\n type: gcp:gkebackup:BackupPlan\n properties:\n name: rollback-app\n cluster: ${primary.id}\n location: us-central1\n backupConfig:\n includeVolumeData: true\n includeSecrets: true\n allNamespaces: true\n rollbackApp:\n type: gcp:gkebackup:RestorePlan\n name: rollback_app\n properties:\n name: rollback-app-rp\n location: us-central1\n backupPlan: ${basic.id}\n cluster: ${primary.id}\n restoreConfig:\n selectedApplications:\n namespacedNames:\n - name: my-app\n namespace: my-ns\n namespacedResourceRestoreMode: DELETE_AND_RESTORE\n volumeDataRestorePolicy: REUSE_VOLUME_HANDLE_FROM_BACKUP\n clusterResourceRestoreScope:\n noGroupKinds: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Gkebackup Restoreplan All Cluster Resources\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst primary = new gcp.container.Cluster(\"primary\", {\n name: \"all-groupkinds-cluster\",\n location: \"us-central1\",\n initialNodeCount: 1,\n workloadIdentityConfig: {\n workloadPool: \"my-project-name.svc.id.goog\",\n },\n addonsConfig: {\n gkeBackupAgentConfig: {\n enabled: true,\n },\n },\n deletionProtection: true,\n network: \"default\",\n subnetwork: \"default\",\n});\nconst basic = new gcp.gkebackup.BackupPlan(\"basic\", {\n name: \"all-groupkinds\",\n cluster: primary.id,\n location: \"us-central1\",\n backupConfig: {\n includeVolumeData: true,\n includeSecrets: true,\n allNamespaces: true,\n },\n});\nconst allClusterResources = new gcp.gkebackup.RestorePlan(\"all_cluster_resources\", {\n name: \"all-groupkinds-rp\",\n location: \"us-central1\",\n backupPlan: basic.id,\n cluster: primary.id,\n restoreConfig: {\n noNamespaces: true,\n namespacedResourceRestoreMode: \"FAIL_ON_CONFLICT\",\n clusterResourceRestoreScope: {\n allGroupKinds: true,\n },\n clusterResourceConflictPolicy: \"USE_EXISTING_VERSION\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprimary = gcp.container.Cluster(\"primary\",\n name=\"all-groupkinds-cluster\",\n location=\"us-central1\",\n initial_node_count=1,\n workload_identity_config={\n \"workload_pool\": \"my-project-name.svc.id.goog\",\n },\n addons_config={\n \"gke_backup_agent_config\": {\n \"enabled\": True,\n },\n },\n deletion_protection=True,\n network=\"default\",\n subnetwork=\"default\")\nbasic = gcp.gkebackup.BackupPlan(\"basic\",\n name=\"all-groupkinds\",\n cluster=primary.id,\n location=\"us-central1\",\n backup_config={\n \"include_volume_data\": True,\n \"include_secrets\": True,\n \"all_namespaces\": True,\n })\nall_cluster_resources = gcp.gkebackup.RestorePlan(\"all_cluster_resources\",\n name=\"all-groupkinds-rp\",\n location=\"us-central1\",\n backup_plan=basic.id,\n cluster=primary.id,\n restore_config={\n \"no_namespaces\": True,\n \"namespaced_resource_restore_mode\": \"FAIL_ON_CONFLICT\",\n \"cluster_resource_restore_scope\": {\n \"all_group_kinds\": True,\n },\n \"cluster_resource_conflict_policy\": \"USE_EXISTING_VERSION\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Gcp.Container.Cluster(\"primary\", new()\n {\n Name = \"all-groupkinds-cluster\",\n Location = \"us-central1\",\n InitialNodeCount = 1,\n WorkloadIdentityConfig = new Gcp.Container.Inputs.ClusterWorkloadIdentityConfigArgs\n {\n WorkloadPool = \"my-project-name.svc.id.goog\",\n },\n AddonsConfig = new Gcp.Container.Inputs.ClusterAddonsConfigArgs\n {\n GkeBackupAgentConfig = new Gcp.Container.Inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs\n {\n Enabled = true,\n },\n },\n DeletionProtection = true,\n Network = \"default\",\n Subnetwork = \"default\",\n });\n\n var basic = new Gcp.GkeBackup.BackupPlan(\"basic\", new()\n {\n Name = \"all-groupkinds\",\n Cluster = primary.Id,\n Location = \"us-central1\",\n BackupConfig = new Gcp.GkeBackup.Inputs.BackupPlanBackupConfigArgs\n {\n IncludeVolumeData = true,\n IncludeSecrets = true,\n AllNamespaces = true,\n },\n });\n\n var allClusterResources = new Gcp.GkeBackup.RestorePlan(\"all_cluster_resources\", new()\n {\n Name = \"all-groupkinds-rp\",\n Location = \"us-central1\",\n BackupPlan = basic.Id,\n Cluster = primary.Id,\n RestoreConfig = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigArgs\n {\n NoNamespaces = true,\n NamespacedResourceRestoreMode = \"FAIL_ON_CONFLICT\",\n ClusterResourceRestoreScope = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs\n {\n AllGroupKinds = true,\n },\n ClusterResourceConflictPolicy = \"USE_EXISTING_VERSION\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprimary, err := container.NewCluster(ctx, \"primary\", \u0026container.ClusterArgs{\n\t\t\tName: pulumi.String(\"all-groupkinds-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tInitialNodeCount: pulumi.Int(1),\n\t\t\tWorkloadIdentityConfig: \u0026container.ClusterWorkloadIdentityConfigArgs{\n\t\t\t\tWorkloadPool: pulumi.String(\"my-project-name.svc.id.goog\"),\n\t\t\t},\n\t\t\tAddonsConfig: \u0026container.ClusterAddonsConfigArgs{\n\t\t\t\tGkeBackupAgentConfig: \u0026container.ClusterAddonsConfigGkeBackupAgentConfigArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\tSubnetwork: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasic, err := gkebackup.NewBackupPlan(ctx, \"basic\", \u0026gkebackup.BackupPlanArgs{\n\t\t\tName: pulumi.String(\"all-groupkinds\"),\n\t\t\tCluster: primary.ID(),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupConfig: \u0026gkebackup.BackupPlanBackupConfigArgs{\n\t\t\t\tIncludeVolumeData: pulumi.Bool(true),\n\t\t\t\tIncludeSecrets: pulumi.Bool(true),\n\t\t\t\tAllNamespaces: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewRestorePlan(ctx, \"all_cluster_resources\", \u0026gkebackup.RestorePlanArgs{\n\t\t\tName: pulumi.String(\"all-groupkinds-rp\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupPlan: basic.ID(),\n\t\t\tCluster: primary.ID(),\n\t\t\tRestoreConfig: \u0026gkebackup.RestorePlanRestoreConfigArgs{\n\t\t\t\tNoNamespaces: pulumi.Bool(true),\n\t\t\t\tNamespacedResourceRestoreMode: pulumi.String(\"FAIL_ON_CONFLICT\"),\n\t\t\t\tClusterResourceRestoreScope: \u0026gkebackup.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs{\n\t\t\t\t\tAllGroupKinds: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tClusterResourceConflictPolicy: pulumi.String(\"USE_EXISTING_VERSION\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.Cluster;\nimport com.pulumi.gcp.container.ClusterArgs;\nimport com.pulumi.gcp.container.inputs.ClusterWorkloadIdentityConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlan;\nimport com.pulumi.gcp.gkebackup.BackupPlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.BackupPlanBackupConfigArgs;\nimport com.pulumi.gcp.gkebackup.RestorePlan;\nimport com.pulumi.gcp.gkebackup.RestorePlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Cluster(\"primary\", ClusterArgs.builder()\n .name(\"all-groupkinds-cluster\")\n .location(\"us-central1\")\n .initialNodeCount(1)\n .workloadIdentityConfig(ClusterWorkloadIdentityConfigArgs.builder()\n .workloadPool(\"my-project-name.svc.id.goog\")\n .build())\n .addonsConfig(ClusterAddonsConfigArgs.builder()\n .gkeBackupAgentConfig(ClusterAddonsConfigGkeBackupAgentConfigArgs.builder()\n .enabled(true)\n .build())\n .build())\n .deletionProtection(true)\n .network(\"default\")\n .subnetwork(\"default\")\n .build());\n\n var basic = new BackupPlan(\"basic\", BackupPlanArgs.builder()\n .name(\"all-groupkinds\")\n .cluster(primary.id())\n .location(\"us-central1\")\n .backupConfig(BackupPlanBackupConfigArgs.builder()\n .includeVolumeData(true)\n .includeSecrets(true)\n .allNamespaces(true)\n .build())\n .build());\n\n var allClusterResources = new RestorePlan(\"allClusterResources\", RestorePlanArgs.builder()\n .name(\"all-groupkinds-rp\")\n .location(\"us-central1\")\n .backupPlan(basic.id())\n .cluster(primary.id())\n .restoreConfig(RestorePlanRestoreConfigArgs.builder()\n .noNamespaces(true)\n .namespacedResourceRestoreMode(\"FAIL_ON_CONFLICT\")\n .clusterResourceRestoreScope(RestorePlanRestoreConfigClusterResourceRestoreScopeArgs.builder()\n .allGroupKinds(true)\n .build())\n .clusterResourceConflictPolicy(\"USE_EXISTING_VERSION\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:Cluster\n properties:\n name: all-groupkinds-cluster\n location: us-central1\n initialNodeCount: 1\n workloadIdentityConfig:\n workloadPool: my-project-name.svc.id.goog\n addonsConfig:\n gkeBackupAgentConfig:\n enabled: true\n deletionProtection: true\n network: default\n subnetwork: default\n basic:\n type: gcp:gkebackup:BackupPlan\n properties:\n name: all-groupkinds\n cluster: ${primary.id}\n location: us-central1\n backupConfig:\n includeVolumeData: true\n includeSecrets: true\n allNamespaces: true\n allClusterResources:\n type: gcp:gkebackup:RestorePlan\n name: all_cluster_resources\n properties:\n name: all-groupkinds-rp\n location: us-central1\n backupPlan: ${basic.id}\n cluster: ${primary.id}\n restoreConfig:\n noNamespaces: true\n namespacedResourceRestoreMode: FAIL_ON_CONFLICT\n clusterResourceRestoreScope:\n allGroupKinds: true\n clusterResourceConflictPolicy: USE_EXISTING_VERSION\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Gkebackup Restoreplan Rename Namespace\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst primary = new gcp.container.Cluster(\"primary\", {\n name: \"rename-ns-cluster\",\n location: \"us-central1\",\n initialNodeCount: 1,\n workloadIdentityConfig: {\n workloadPool: \"my-project-name.svc.id.goog\",\n },\n addonsConfig: {\n gkeBackupAgentConfig: {\n enabled: true,\n },\n },\n deletionProtection: true,\n network: \"default\",\n subnetwork: \"default\",\n});\nconst basic = new gcp.gkebackup.BackupPlan(\"basic\", {\n name: \"rename-ns\",\n cluster: primary.id,\n location: \"us-central1\",\n backupConfig: {\n includeVolumeData: true,\n includeSecrets: true,\n allNamespaces: true,\n },\n});\nconst renameNs = new gcp.gkebackup.RestorePlan(\"rename_ns\", {\n name: \"rename-ns-rp\",\n location: \"us-central1\",\n backupPlan: basic.id,\n cluster: primary.id,\n restoreConfig: {\n selectedNamespaces: {\n namespaces: [\"ns1\"],\n },\n namespacedResourceRestoreMode: \"FAIL_ON_CONFLICT\",\n volumeDataRestorePolicy: \"REUSE_VOLUME_HANDLE_FROM_BACKUP\",\n clusterResourceRestoreScope: {\n noGroupKinds: true,\n },\n transformationRules: [\n {\n description: \"rename namespace from ns1 to ns2\",\n resourceFilter: {\n groupKinds: [{\n resourceKind: \"Namespace\",\n }],\n jsonPath: \".metadata[?(@.name == 'ns1')]\",\n },\n fieldActions: [{\n op: \"REPLACE\",\n path: \"/metadata/name\",\n value: \"ns2\",\n }],\n },\n {\n description: \"move all resources from ns1 to ns2\",\n resourceFilter: {\n namespaces: [\"ns1\"],\n },\n fieldActions: [{\n op: \"REPLACE\",\n path: \"/metadata/namespace\",\n value: \"ns2\",\n }],\n },\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprimary = gcp.container.Cluster(\"primary\",\n name=\"rename-ns-cluster\",\n location=\"us-central1\",\n initial_node_count=1,\n workload_identity_config={\n \"workload_pool\": \"my-project-name.svc.id.goog\",\n },\n addons_config={\n \"gke_backup_agent_config\": {\n \"enabled\": True,\n },\n },\n deletion_protection=True,\n network=\"default\",\n subnetwork=\"default\")\nbasic = gcp.gkebackup.BackupPlan(\"basic\",\n name=\"rename-ns\",\n cluster=primary.id,\n location=\"us-central1\",\n backup_config={\n \"include_volume_data\": True,\n \"include_secrets\": True,\n \"all_namespaces\": True,\n })\nrename_ns = gcp.gkebackup.RestorePlan(\"rename_ns\",\n name=\"rename-ns-rp\",\n location=\"us-central1\",\n backup_plan=basic.id,\n cluster=primary.id,\n restore_config={\n \"selected_namespaces\": {\n \"namespaces\": [\"ns1\"],\n },\n \"namespaced_resource_restore_mode\": \"FAIL_ON_CONFLICT\",\n \"volume_data_restore_policy\": \"REUSE_VOLUME_HANDLE_FROM_BACKUP\",\n \"cluster_resource_restore_scope\": {\n \"no_group_kinds\": True,\n },\n \"transformation_rules\": [\n {\n \"description\": \"rename namespace from ns1 to ns2\",\n \"resource_filter\": {\n \"group_kinds\": [{\n \"resource_kind\": \"Namespace\",\n }],\n \"json_path\": \".metadata[?(@.name == 'ns1')]\",\n },\n \"field_actions\": [{\n \"op\": \"REPLACE\",\n \"path\": \"/metadata/name\",\n \"value\": \"ns2\",\n }],\n },\n {\n \"description\": \"move all resources from ns1 to ns2\",\n \"resource_filter\": {\n \"namespaces\": [\"ns1\"],\n },\n \"field_actions\": [{\n \"op\": \"REPLACE\",\n \"path\": \"/metadata/namespace\",\n \"value\": \"ns2\",\n }],\n },\n ],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Gcp.Container.Cluster(\"primary\", new()\n {\n Name = \"rename-ns-cluster\",\n Location = \"us-central1\",\n InitialNodeCount = 1,\n WorkloadIdentityConfig = new Gcp.Container.Inputs.ClusterWorkloadIdentityConfigArgs\n {\n WorkloadPool = \"my-project-name.svc.id.goog\",\n },\n AddonsConfig = new Gcp.Container.Inputs.ClusterAddonsConfigArgs\n {\n GkeBackupAgentConfig = new Gcp.Container.Inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs\n {\n Enabled = true,\n },\n },\n DeletionProtection = true,\n Network = \"default\",\n Subnetwork = \"default\",\n });\n\n var basic = new Gcp.GkeBackup.BackupPlan(\"basic\", new()\n {\n Name = \"rename-ns\",\n Cluster = primary.Id,\n Location = \"us-central1\",\n BackupConfig = new Gcp.GkeBackup.Inputs.BackupPlanBackupConfigArgs\n {\n IncludeVolumeData = true,\n IncludeSecrets = true,\n AllNamespaces = true,\n },\n });\n\n var renameNs = new Gcp.GkeBackup.RestorePlan(\"rename_ns\", new()\n {\n Name = \"rename-ns-rp\",\n Location = \"us-central1\",\n BackupPlan = basic.Id,\n Cluster = primary.Id,\n RestoreConfig = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigArgs\n {\n SelectedNamespaces = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigSelectedNamespacesArgs\n {\n Namespaces = new[]\n {\n \"ns1\",\n },\n },\n NamespacedResourceRestoreMode = \"FAIL_ON_CONFLICT\",\n VolumeDataRestorePolicy = \"REUSE_VOLUME_HANDLE_FROM_BACKUP\",\n ClusterResourceRestoreScope = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs\n {\n NoGroupKinds = true,\n },\n TransformationRules = new[]\n {\n new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigTransformationRuleArgs\n {\n Description = \"rename namespace from ns1 to ns2\",\n ResourceFilter = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigTransformationRuleResourceFilterArgs\n {\n GroupKinds = new[]\n {\n new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigTransformationRuleResourceFilterGroupKindArgs\n {\n ResourceKind = \"Namespace\",\n },\n },\n JsonPath = \".metadata[?(@.name == 'ns1')]\",\n },\n FieldActions = new[]\n {\n new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigTransformationRuleFieldActionArgs\n {\n Op = \"REPLACE\",\n Path = \"/metadata/name\",\n Value = \"ns2\",\n },\n },\n },\n new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigTransformationRuleArgs\n {\n Description = \"move all resources from ns1 to ns2\",\n ResourceFilter = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigTransformationRuleResourceFilterArgs\n {\n Namespaces = new[]\n {\n \"ns1\",\n },\n },\n FieldActions = new[]\n {\n new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigTransformationRuleFieldActionArgs\n {\n Op = \"REPLACE\",\n Path = \"/metadata/namespace\",\n Value = \"ns2\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprimary, err := container.NewCluster(ctx, \"primary\", \u0026container.ClusterArgs{\n\t\t\tName: pulumi.String(\"rename-ns-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tInitialNodeCount: pulumi.Int(1),\n\t\t\tWorkloadIdentityConfig: \u0026container.ClusterWorkloadIdentityConfigArgs{\n\t\t\t\tWorkloadPool: pulumi.String(\"my-project-name.svc.id.goog\"),\n\t\t\t},\n\t\t\tAddonsConfig: \u0026container.ClusterAddonsConfigArgs{\n\t\t\t\tGkeBackupAgentConfig: \u0026container.ClusterAddonsConfigGkeBackupAgentConfigArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\tSubnetwork: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasic, err := gkebackup.NewBackupPlan(ctx, \"basic\", \u0026gkebackup.BackupPlanArgs{\n\t\t\tName: pulumi.String(\"rename-ns\"),\n\t\t\tCluster: primary.ID(),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupConfig: \u0026gkebackup.BackupPlanBackupConfigArgs{\n\t\t\t\tIncludeVolumeData: pulumi.Bool(true),\n\t\t\t\tIncludeSecrets: pulumi.Bool(true),\n\t\t\t\tAllNamespaces: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewRestorePlan(ctx, \"rename_ns\", \u0026gkebackup.RestorePlanArgs{\n\t\t\tName: pulumi.String(\"rename-ns-rp\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupPlan: basic.ID(),\n\t\t\tCluster: primary.ID(),\n\t\t\tRestoreConfig: \u0026gkebackup.RestorePlanRestoreConfigArgs{\n\t\t\t\tSelectedNamespaces: \u0026gkebackup.RestorePlanRestoreConfigSelectedNamespacesArgs{\n\t\t\t\t\tNamespaces: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"ns1\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tNamespacedResourceRestoreMode: pulumi.String(\"FAIL_ON_CONFLICT\"),\n\t\t\t\tVolumeDataRestorePolicy: pulumi.String(\"REUSE_VOLUME_HANDLE_FROM_BACKUP\"),\n\t\t\t\tClusterResourceRestoreScope: \u0026gkebackup.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs{\n\t\t\t\t\tNoGroupKinds: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tTransformationRules: gkebackup.RestorePlanRestoreConfigTransformationRuleArray{\n\t\t\t\t\t\u0026gkebackup.RestorePlanRestoreConfigTransformationRuleArgs{\n\t\t\t\t\t\tDescription: pulumi.String(\"rename namespace from ns1 to ns2\"),\n\t\t\t\t\t\tResourceFilter: \u0026gkebackup.RestorePlanRestoreConfigTransformationRuleResourceFilterArgs{\n\t\t\t\t\t\t\tGroupKinds: gkebackup.RestorePlanRestoreConfigTransformationRuleResourceFilterGroupKindArray{\n\t\t\t\t\t\t\t\t\u0026gkebackup.RestorePlanRestoreConfigTransformationRuleResourceFilterGroupKindArgs{\n\t\t\t\t\t\t\t\t\tResourceKind: pulumi.String(\"Namespace\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tJsonPath: pulumi.String(\".metadata[?(@.name == 'ns1')]\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tFieldActions: gkebackup.RestorePlanRestoreConfigTransformationRuleFieldActionArray{\n\t\t\t\t\t\t\t\u0026gkebackup.RestorePlanRestoreConfigTransformationRuleFieldActionArgs{\n\t\t\t\t\t\t\t\tOp: pulumi.String(\"REPLACE\"),\n\t\t\t\t\t\t\t\tPath: pulumi.String(\"/metadata/name\"),\n\t\t\t\t\t\t\t\tValue: pulumi.String(\"ns2\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026gkebackup.RestorePlanRestoreConfigTransformationRuleArgs{\n\t\t\t\t\t\tDescription: pulumi.String(\"move all resources from ns1 to ns2\"),\n\t\t\t\t\t\tResourceFilter: \u0026gkebackup.RestorePlanRestoreConfigTransformationRuleResourceFilterArgs{\n\t\t\t\t\t\t\tNamespaces: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"ns1\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tFieldActions: gkebackup.RestorePlanRestoreConfigTransformationRuleFieldActionArray{\n\t\t\t\t\t\t\t\u0026gkebackup.RestorePlanRestoreConfigTransformationRuleFieldActionArgs{\n\t\t\t\t\t\t\t\tOp: pulumi.String(\"REPLACE\"),\n\t\t\t\t\t\t\t\tPath: pulumi.String(\"/metadata/namespace\"),\n\t\t\t\t\t\t\t\tValue: pulumi.String(\"ns2\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.Cluster;\nimport com.pulumi.gcp.container.ClusterArgs;\nimport com.pulumi.gcp.container.inputs.ClusterWorkloadIdentityConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlan;\nimport com.pulumi.gcp.gkebackup.BackupPlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.BackupPlanBackupConfigArgs;\nimport com.pulumi.gcp.gkebackup.RestorePlan;\nimport com.pulumi.gcp.gkebackup.RestorePlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigSelectedNamespacesArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Cluster(\"primary\", ClusterArgs.builder()\n .name(\"rename-ns-cluster\")\n .location(\"us-central1\")\n .initialNodeCount(1)\n .workloadIdentityConfig(ClusterWorkloadIdentityConfigArgs.builder()\n .workloadPool(\"my-project-name.svc.id.goog\")\n .build())\n .addonsConfig(ClusterAddonsConfigArgs.builder()\n .gkeBackupAgentConfig(ClusterAddonsConfigGkeBackupAgentConfigArgs.builder()\n .enabled(true)\n .build())\n .build())\n .deletionProtection(true)\n .network(\"default\")\n .subnetwork(\"default\")\n .build());\n\n var basic = new BackupPlan(\"basic\", BackupPlanArgs.builder()\n .name(\"rename-ns\")\n .cluster(primary.id())\n .location(\"us-central1\")\n .backupConfig(BackupPlanBackupConfigArgs.builder()\n .includeVolumeData(true)\n .includeSecrets(true)\n .allNamespaces(true)\n .build())\n .build());\n\n var renameNs = new RestorePlan(\"renameNs\", RestorePlanArgs.builder()\n .name(\"rename-ns-rp\")\n .location(\"us-central1\")\n .backupPlan(basic.id())\n .cluster(primary.id())\n .restoreConfig(RestorePlanRestoreConfigArgs.builder()\n .selectedNamespaces(RestorePlanRestoreConfigSelectedNamespacesArgs.builder()\n .namespaces(\"ns1\")\n .build())\n .namespacedResourceRestoreMode(\"FAIL_ON_CONFLICT\")\n .volumeDataRestorePolicy(\"REUSE_VOLUME_HANDLE_FROM_BACKUP\")\n .clusterResourceRestoreScope(RestorePlanRestoreConfigClusterResourceRestoreScopeArgs.builder()\n .noGroupKinds(true)\n .build())\n .transformationRules( \n RestorePlanRestoreConfigTransformationRuleArgs.builder()\n .description(\"rename namespace from ns1 to ns2\")\n .resourceFilter(RestorePlanRestoreConfigTransformationRuleResourceFilterArgs.builder()\n .groupKinds(RestorePlanRestoreConfigTransformationRuleResourceFilterGroupKindArgs.builder()\n .resourceKind(\"Namespace\")\n .build())\n .jsonPath(\".metadata[?(@.name == 'ns1')]\")\n .build())\n .fieldActions(RestorePlanRestoreConfigTransformationRuleFieldActionArgs.builder()\n .op(\"REPLACE\")\n .path(\"/metadata/name\")\n .value(\"ns2\")\n .build())\n .build(),\n RestorePlanRestoreConfigTransformationRuleArgs.builder()\n .description(\"move all resources from ns1 to ns2\")\n .resourceFilter(RestorePlanRestoreConfigTransformationRuleResourceFilterArgs.builder()\n .namespaces(\"ns1\")\n .build())\n .fieldActions(RestorePlanRestoreConfigTransformationRuleFieldActionArgs.builder()\n .op(\"REPLACE\")\n .path(\"/metadata/namespace\")\n .value(\"ns2\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:Cluster\n properties:\n name: rename-ns-cluster\n location: us-central1\n initialNodeCount: 1\n workloadIdentityConfig:\n workloadPool: my-project-name.svc.id.goog\n addonsConfig:\n gkeBackupAgentConfig:\n enabled: true\n deletionProtection: true\n network: default\n subnetwork: default\n basic:\n type: gcp:gkebackup:BackupPlan\n properties:\n name: rename-ns\n cluster: ${primary.id}\n location: us-central1\n backupConfig:\n includeVolumeData: true\n includeSecrets: true\n allNamespaces: true\n renameNs:\n type: gcp:gkebackup:RestorePlan\n name: rename_ns\n properties:\n name: rename-ns-rp\n location: us-central1\n backupPlan: ${basic.id}\n cluster: ${primary.id}\n restoreConfig:\n selectedNamespaces:\n namespaces:\n - ns1\n namespacedResourceRestoreMode: FAIL_ON_CONFLICT\n volumeDataRestorePolicy: REUSE_VOLUME_HANDLE_FROM_BACKUP\n clusterResourceRestoreScope:\n noGroupKinds: true\n transformationRules:\n - description: rename namespace from ns1 to ns2\n resourceFilter:\n groupKinds:\n - resourceKind: Namespace\n jsonPath: .metadata[?(@.name == 'ns1')]\n fieldActions:\n - op: REPLACE\n path: /metadata/name\n value: ns2\n - description: move all resources from ns1 to ns2\n resourceFilter:\n namespaces:\n - ns1\n fieldActions:\n - op: REPLACE\n path: /metadata/namespace\n value: ns2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Gkebackup Restoreplan Second Transformation\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst primary = new gcp.container.Cluster(\"primary\", {\n name: \"transform-rule-cluster\",\n location: \"us-central1\",\n initialNodeCount: 1,\n workloadIdentityConfig: {\n workloadPool: \"my-project-name.svc.id.goog\",\n },\n addonsConfig: {\n gkeBackupAgentConfig: {\n enabled: true,\n },\n },\n deletionProtection: true,\n network: \"default\",\n subnetwork: \"default\",\n});\nconst basic = new gcp.gkebackup.BackupPlan(\"basic\", {\n name: \"transform-rule\",\n cluster: primary.id,\n location: \"us-central1\",\n backupConfig: {\n includeVolumeData: true,\n includeSecrets: true,\n allNamespaces: true,\n },\n});\nconst transformRule = new gcp.gkebackup.RestorePlan(\"transform_rule\", {\n name: \"transform-rule-rp\",\n description: \"copy nginx env variables\",\n labels: {\n app: \"nginx\",\n },\n location: \"us-central1\",\n backupPlan: basic.id,\n cluster: primary.id,\n restoreConfig: {\n excludedNamespaces: {\n namespaces: [\"my-ns\"],\n },\n namespacedResourceRestoreMode: \"DELETE_AND_RESTORE\",\n volumeDataRestorePolicy: \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n clusterResourceRestoreScope: {\n excludedGroupKinds: [{\n resourceGroup: \"apiextension.k8s.io\",\n resourceKind: \"CustomResourceDefinition\",\n }],\n },\n clusterResourceConflictPolicy: \"USE_EXISTING_VERSION\",\n transformationRules: [{\n description: \"Copy environment variables from the nginx container to the install init container.\",\n resourceFilter: {\n groupKinds: [{\n resourceKind: \"Pod\",\n resourceGroup: \"\",\n }],\n jsonPath: \".metadata[?(@.name == 'nginx')]\",\n },\n fieldActions: [{\n op: \"COPY\",\n path: \"/spec/initContainers/0/env\",\n fromPath: \"/spec/containers/0/env\",\n }],\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprimary = gcp.container.Cluster(\"primary\",\n name=\"transform-rule-cluster\",\n location=\"us-central1\",\n initial_node_count=1,\n workload_identity_config={\n \"workload_pool\": \"my-project-name.svc.id.goog\",\n },\n addons_config={\n \"gke_backup_agent_config\": {\n \"enabled\": True,\n },\n },\n deletion_protection=True,\n network=\"default\",\n subnetwork=\"default\")\nbasic = gcp.gkebackup.BackupPlan(\"basic\",\n name=\"transform-rule\",\n cluster=primary.id,\n location=\"us-central1\",\n backup_config={\n \"include_volume_data\": True,\n \"include_secrets\": True,\n \"all_namespaces\": True,\n })\ntransform_rule = gcp.gkebackup.RestorePlan(\"transform_rule\",\n name=\"transform-rule-rp\",\n description=\"copy nginx env variables\",\n labels={\n \"app\": \"nginx\",\n },\n location=\"us-central1\",\n backup_plan=basic.id,\n cluster=primary.id,\n restore_config={\n \"excluded_namespaces\": {\n \"namespaces\": [\"my-ns\"],\n },\n \"namespaced_resource_restore_mode\": \"DELETE_AND_RESTORE\",\n \"volume_data_restore_policy\": \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n \"cluster_resource_restore_scope\": {\n \"excluded_group_kinds\": [{\n \"resource_group\": \"apiextension.k8s.io\",\n \"resource_kind\": \"CustomResourceDefinition\",\n }],\n },\n \"cluster_resource_conflict_policy\": \"USE_EXISTING_VERSION\",\n \"transformation_rules\": [{\n \"description\": \"Copy environment variables from the nginx container to the install init container.\",\n \"resource_filter\": {\n \"group_kinds\": [{\n \"resource_kind\": \"Pod\",\n \"resource_group\": \"\",\n }],\n \"json_path\": \".metadata[?(@.name == 'nginx')]\",\n },\n \"field_actions\": [{\n \"op\": \"COPY\",\n \"path\": \"/spec/initContainers/0/env\",\n \"from_path\": \"/spec/containers/0/env\",\n }],\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Gcp.Container.Cluster(\"primary\", new()\n {\n Name = \"transform-rule-cluster\",\n Location = \"us-central1\",\n InitialNodeCount = 1,\n WorkloadIdentityConfig = new Gcp.Container.Inputs.ClusterWorkloadIdentityConfigArgs\n {\n WorkloadPool = \"my-project-name.svc.id.goog\",\n },\n AddonsConfig = new Gcp.Container.Inputs.ClusterAddonsConfigArgs\n {\n GkeBackupAgentConfig = new Gcp.Container.Inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs\n {\n Enabled = true,\n },\n },\n DeletionProtection = true,\n Network = \"default\",\n Subnetwork = \"default\",\n });\n\n var basic = new Gcp.GkeBackup.BackupPlan(\"basic\", new()\n {\n Name = \"transform-rule\",\n Cluster = primary.Id,\n Location = \"us-central1\",\n BackupConfig = new Gcp.GkeBackup.Inputs.BackupPlanBackupConfigArgs\n {\n IncludeVolumeData = true,\n IncludeSecrets = true,\n AllNamespaces = true,\n },\n });\n\n var transformRule = new Gcp.GkeBackup.RestorePlan(\"transform_rule\", new()\n {\n Name = \"transform-rule-rp\",\n Description = \"copy nginx env variables\",\n Labels = \n {\n { \"app\", \"nginx\" },\n },\n Location = \"us-central1\",\n BackupPlan = basic.Id,\n Cluster = primary.Id,\n RestoreConfig = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigArgs\n {\n ExcludedNamespaces = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigExcludedNamespacesArgs\n {\n Namespaces = new[]\n {\n \"my-ns\",\n },\n },\n NamespacedResourceRestoreMode = \"DELETE_AND_RESTORE\",\n VolumeDataRestorePolicy = \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n ClusterResourceRestoreScope = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs\n {\n ExcludedGroupKinds = new[]\n {\n new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeExcludedGroupKindArgs\n {\n ResourceGroup = \"apiextension.k8s.io\",\n ResourceKind = \"CustomResourceDefinition\",\n },\n },\n },\n ClusterResourceConflictPolicy = \"USE_EXISTING_VERSION\",\n TransformationRules = new[]\n {\n new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigTransformationRuleArgs\n {\n Description = \"Copy environment variables from the nginx container to the install init container.\",\n ResourceFilter = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigTransformationRuleResourceFilterArgs\n {\n GroupKinds = new[]\n {\n new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigTransformationRuleResourceFilterGroupKindArgs\n {\n ResourceKind = \"Pod\",\n ResourceGroup = \"\",\n },\n },\n JsonPath = \".metadata[?(@.name == 'nginx')]\",\n },\n FieldActions = new[]\n {\n new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigTransformationRuleFieldActionArgs\n {\n Op = \"COPY\",\n Path = \"/spec/initContainers/0/env\",\n FromPath = \"/spec/containers/0/env\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprimary, err := container.NewCluster(ctx, \"primary\", \u0026container.ClusterArgs{\n\t\t\tName: pulumi.String(\"transform-rule-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tInitialNodeCount: pulumi.Int(1),\n\t\t\tWorkloadIdentityConfig: \u0026container.ClusterWorkloadIdentityConfigArgs{\n\t\t\t\tWorkloadPool: pulumi.String(\"my-project-name.svc.id.goog\"),\n\t\t\t},\n\t\t\tAddonsConfig: \u0026container.ClusterAddonsConfigArgs{\n\t\t\t\tGkeBackupAgentConfig: \u0026container.ClusterAddonsConfigGkeBackupAgentConfigArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\tSubnetwork: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasic, err := gkebackup.NewBackupPlan(ctx, \"basic\", \u0026gkebackup.BackupPlanArgs{\n\t\t\tName: pulumi.String(\"transform-rule\"),\n\t\t\tCluster: primary.ID(),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupConfig: \u0026gkebackup.BackupPlanBackupConfigArgs{\n\t\t\t\tIncludeVolumeData: pulumi.Bool(true),\n\t\t\t\tIncludeSecrets: pulumi.Bool(true),\n\t\t\t\tAllNamespaces: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewRestorePlan(ctx, \"transform_rule\", \u0026gkebackup.RestorePlanArgs{\n\t\t\tName: pulumi.String(\"transform-rule-rp\"),\n\t\t\tDescription: pulumi.String(\"copy nginx env variables\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"app\": pulumi.String(\"nginx\"),\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupPlan: basic.ID(),\n\t\t\tCluster: primary.ID(),\n\t\t\tRestoreConfig: \u0026gkebackup.RestorePlanRestoreConfigArgs{\n\t\t\t\tExcludedNamespaces: \u0026gkebackup.RestorePlanRestoreConfigExcludedNamespacesArgs{\n\t\t\t\t\tNamespaces: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"my-ns\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tNamespacedResourceRestoreMode: pulumi.String(\"DELETE_AND_RESTORE\"),\n\t\t\t\tVolumeDataRestorePolicy: pulumi.String(\"RESTORE_VOLUME_DATA_FROM_BACKUP\"),\n\t\t\t\tClusterResourceRestoreScope: \u0026gkebackup.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs{\n\t\t\t\t\tExcludedGroupKinds: gkebackup.RestorePlanRestoreConfigClusterResourceRestoreScopeExcludedGroupKindArray{\n\t\t\t\t\t\t\u0026gkebackup.RestorePlanRestoreConfigClusterResourceRestoreScopeExcludedGroupKindArgs{\n\t\t\t\t\t\t\tResourceGroup: pulumi.String(\"apiextension.k8s.io\"),\n\t\t\t\t\t\t\tResourceKind: pulumi.String(\"CustomResourceDefinition\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tClusterResourceConflictPolicy: pulumi.String(\"USE_EXISTING_VERSION\"),\n\t\t\t\tTransformationRules: gkebackup.RestorePlanRestoreConfigTransformationRuleArray{\n\t\t\t\t\t\u0026gkebackup.RestorePlanRestoreConfigTransformationRuleArgs{\n\t\t\t\t\t\tDescription: pulumi.String(\"Copy environment variables from the nginx container to the install init container.\"),\n\t\t\t\t\t\tResourceFilter: \u0026gkebackup.RestorePlanRestoreConfigTransformationRuleResourceFilterArgs{\n\t\t\t\t\t\t\tGroupKinds: gkebackup.RestorePlanRestoreConfigTransformationRuleResourceFilterGroupKindArray{\n\t\t\t\t\t\t\t\t\u0026gkebackup.RestorePlanRestoreConfigTransformationRuleResourceFilterGroupKindArgs{\n\t\t\t\t\t\t\t\t\tResourceKind: pulumi.String(\"Pod\"),\n\t\t\t\t\t\t\t\t\tResourceGroup: pulumi.String(\"\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tJsonPath: pulumi.String(\".metadata[?(@.name == 'nginx')]\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tFieldActions: gkebackup.RestorePlanRestoreConfigTransformationRuleFieldActionArray{\n\t\t\t\t\t\t\t\u0026gkebackup.RestorePlanRestoreConfigTransformationRuleFieldActionArgs{\n\t\t\t\t\t\t\t\tOp: pulumi.String(\"COPY\"),\n\t\t\t\t\t\t\t\tPath: pulumi.String(\"/spec/initContainers/0/env\"),\n\t\t\t\t\t\t\t\tFromPath: pulumi.String(\"/spec/containers/0/env\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.Cluster;\nimport com.pulumi.gcp.container.ClusterArgs;\nimport com.pulumi.gcp.container.inputs.ClusterWorkloadIdentityConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlan;\nimport com.pulumi.gcp.gkebackup.BackupPlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.BackupPlanBackupConfigArgs;\nimport com.pulumi.gcp.gkebackup.RestorePlan;\nimport com.pulumi.gcp.gkebackup.RestorePlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigExcludedNamespacesArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Cluster(\"primary\", ClusterArgs.builder()\n .name(\"transform-rule-cluster\")\n .location(\"us-central1\")\n .initialNodeCount(1)\n .workloadIdentityConfig(ClusterWorkloadIdentityConfigArgs.builder()\n .workloadPool(\"my-project-name.svc.id.goog\")\n .build())\n .addonsConfig(ClusterAddonsConfigArgs.builder()\n .gkeBackupAgentConfig(ClusterAddonsConfigGkeBackupAgentConfigArgs.builder()\n .enabled(true)\n .build())\n .build())\n .deletionProtection(true)\n .network(\"default\")\n .subnetwork(\"default\")\n .build());\n\n var basic = new BackupPlan(\"basic\", BackupPlanArgs.builder()\n .name(\"transform-rule\")\n .cluster(primary.id())\n .location(\"us-central1\")\n .backupConfig(BackupPlanBackupConfigArgs.builder()\n .includeVolumeData(true)\n .includeSecrets(true)\n .allNamespaces(true)\n .build())\n .build());\n\n var transformRule = new RestorePlan(\"transformRule\", RestorePlanArgs.builder()\n .name(\"transform-rule-rp\")\n .description(\"copy nginx env variables\")\n .labels(Map.of(\"app\", \"nginx\"))\n .location(\"us-central1\")\n .backupPlan(basic.id())\n .cluster(primary.id())\n .restoreConfig(RestorePlanRestoreConfigArgs.builder()\n .excludedNamespaces(RestorePlanRestoreConfigExcludedNamespacesArgs.builder()\n .namespaces(\"my-ns\")\n .build())\n .namespacedResourceRestoreMode(\"DELETE_AND_RESTORE\")\n .volumeDataRestorePolicy(\"RESTORE_VOLUME_DATA_FROM_BACKUP\")\n .clusterResourceRestoreScope(RestorePlanRestoreConfigClusterResourceRestoreScopeArgs.builder()\n .excludedGroupKinds(RestorePlanRestoreConfigClusterResourceRestoreScopeExcludedGroupKindArgs.builder()\n .resourceGroup(\"apiextension.k8s.io\")\n .resourceKind(\"CustomResourceDefinition\")\n .build())\n .build())\n .clusterResourceConflictPolicy(\"USE_EXISTING_VERSION\")\n .transformationRules(RestorePlanRestoreConfigTransformationRuleArgs.builder()\n .description(\"Copy environment variables from the nginx container to the install init container.\")\n .resourceFilter(RestorePlanRestoreConfigTransformationRuleResourceFilterArgs.builder()\n .groupKinds(RestorePlanRestoreConfigTransformationRuleResourceFilterGroupKindArgs.builder()\n .resourceKind(\"Pod\")\n .resourceGroup(\"\")\n .build())\n .jsonPath(\".metadata[?(@.name == 'nginx')]\")\n .build())\n .fieldActions(RestorePlanRestoreConfigTransformationRuleFieldActionArgs.builder()\n .op(\"COPY\")\n .path(\"/spec/initContainers/0/env\")\n .fromPath(\"/spec/containers/0/env\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:Cluster\n properties:\n name: transform-rule-cluster\n location: us-central1\n initialNodeCount: 1\n workloadIdentityConfig:\n workloadPool: my-project-name.svc.id.goog\n addonsConfig:\n gkeBackupAgentConfig:\n enabled: true\n deletionProtection: true\n network: default\n subnetwork: default\n basic:\n type: gcp:gkebackup:BackupPlan\n properties:\n name: transform-rule\n cluster: ${primary.id}\n location: us-central1\n backupConfig:\n includeVolumeData: true\n includeSecrets: true\n allNamespaces: true\n transformRule:\n type: gcp:gkebackup:RestorePlan\n name: transform_rule\n properties:\n name: transform-rule-rp\n description: copy nginx env variables\n labels:\n app: nginx\n location: us-central1\n backupPlan: ${basic.id}\n cluster: ${primary.id}\n restoreConfig:\n excludedNamespaces:\n namespaces:\n - my-ns\n namespacedResourceRestoreMode: DELETE_AND_RESTORE\n volumeDataRestorePolicy: RESTORE_VOLUME_DATA_FROM_BACKUP\n clusterResourceRestoreScope:\n excludedGroupKinds:\n - resourceGroup: apiextension.k8s.io\n resourceKind: CustomResourceDefinition\n clusterResourceConflictPolicy: USE_EXISTING_VERSION\n transformationRules:\n - description: Copy environment variables from the nginx container to the install init container.\n resourceFilter:\n groupKinds:\n - resourceKind: Pod\n resourceGroup:\n jsonPath: .metadata[?(@.name == 'nginx')]\n fieldActions:\n - op: COPY\n path: /spec/initContainers/0/env\n fromPath: /spec/containers/0/env\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Gkebackup Restoreplan Gitops Mode\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst primary = new gcp.container.Cluster(\"primary\", {\n name: \"gitops-mode-cluster\",\n location: \"us-central1\",\n initialNodeCount: 1,\n workloadIdentityConfig: {\n workloadPool: \"my-project-name.svc.id.goog\",\n },\n addonsConfig: {\n gkeBackupAgentConfig: {\n enabled: true,\n },\n },\n deletionProtection: true,\n network: \"default\",\n subnetwork: \"default\",\n});\nconst basic = new gcp.gkebackup.BackupPlan(\"basic\", {\n name: \"gitops-mode\",\n cluster: primary.id,\n location: \"us-central1\",\n backupConfig: {\n includeVolumeData: true,\n includeSecrets: true,\n allNamespaces: true,\n },\n});\nconst gitopsMode = new gcp.gkebackup.RestorePlan(\"gitops_mode\", {\n name: \"gitops-mode\",\n location: \"us-central1\",\n backupPlan: basic.id,\n cluster: primary.id,\n restoreConfig: {\n allNamespaces: true,\n namespacedResourceRestoreMode: \"MERGE_SKIP_ON_CONFLICT\",\n volumeDataRestorePolicy: \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n clusterResourceRestoreScope: {\n allGroupKinds: true,\n },\n clusterResourceConflictPolicy: \"USE_EXISTING_VERSION\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprimary = gcp.container.Cluster(\"primary\",\n name=\"gitops-mode-cluster\",\n location=\"us-central1\",\n initial_node_count=1,\n workload_identity_config={\n \"workload_pool\": \"my-project-name.svc.id.goog\",\n },\n addons_config={\n \"gke_backup_agent_config\": {\n \"enabled\": True,\n },\n },\n deletion_protection=True,\n network=\"default\",\n subnetwork=\"default\")\nbasic = gcp.gkebackup.BackupPlan(\"basic\",\n name=\"gitops-mode\",\n cluster=primary.id,\n location=\"us-central1\",\n backup_config={\n \"include_volume_data\": True,\n \"include_secrets\": True,\n \"all_namespaces\": True,\n })\ngitops_mode = gcp.gkebackup.RestorePlan(\"gitops_mode\",\n name=\"gitops-mode\",\n location=\"us-central1\",\n backup_plan=basic.id,\n cluster=primary.id,\n restore_config={\n \"all_namespaces\": True,\n \"namespaced_resource_restore_mode\": \"MERGE_SKIP_ON_CONFLICT\",\n \"volume_data_restore_policy\": \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n \"cluster_resource_restore_scope\": {\n \"all_group_kinds\": True,\n },\n \"cluster_resource_conflict_policy\": \"USE_EXISTING_VERSION\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Gcp.Container.Cluster(\"primary\", new()\n {\n Name = \"gitops-mode-cluster\",\n Location = \"us-central1\",\n InitialNodeCount = 1,\n WorkloadIdentityConfig = new Gcp.Container.Inputs.ClusterWorkloadIdentityConfigArgs\n {\n WorkloadPool = \"my-project-name.svc.id.goog\",\n },\n AddonsConfig = new Gcp.Container.Inputs.ClusterAddonsConfigArgs\n {\n GkeBackupAgentConfig = new Gcp.Container.Inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs\n {\n Enabled = true,\n },\n },\n DeletionProtection = true,\n Network = \"default\",\n Subnetwork = \"default\",\n });\n\n var basic = new Gcp.GkeBackup.BackupPlan(\"basic\", new()\n {\n Name = \"gitops-mode\",\n Cluster = primary.Id,\n Location = \"us-central1\",\n BackupConfig = new Gcp.GkeBackup.Inputs.BackupPlanBackupConfigArgs\n {\n IncludeVolumeData = true,\n IncludeSecrets = true,\n AllNamespaces = true,\n },\n });\n\n var gitopsMode = new Gcp.GkeBackup.RestorePlan(\"gitops_mode\", new()\n {\n Name = \"gitops-mode\",\n Location = \"us-central1\",\n BackupPlan = basic.Id,\n Cluster = primary.Id,\n RestoreConfig = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigArgs\n {\n AllNamespaces = true,\n NamespacedResourceRestoreMode = \"MERGE_SKIP_ON_CONFLICT\",\n VolumeDataRestorePolicy = \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n ClusterResourceRestoreScope = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs\n {\n AllGroupKinds = true,\n },\n ClusterResourceConflictPolicy = \"USE_EXISTING_VERSION\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprimary, err := container.NewCluster(ctx, \"primary\", \u0026container.ClusterArgs{\n\t\t\tName: pulumi.String(\"gitops-mode-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tInitialNodeCount: pulumi.Int(1),\n\t\t\tWorkloadIdentityConfig: \u0026container.ClusterWorkloadIdentityConfigArgs{\n\t\t\t\tWorkloadPool: pulumi.String(\"my-project-name.svc.id.goog\"),\n\t\t\t},\n\t\t\tAddonsConfig: \u0026container.ClusterAddonsConfigArgs{\n\t\t\t\tGkeBackupAgentConfig: \u0026container.ClusterAddonsConfigGkeBackupAgentConfigArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\tSubnetwork: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasic, err := gkebackup.NewBackupPlan(ctx, \"basic\", \u0026gkebackup.BackupPlanArgs{\n\t\t\tName: pulumi.String(\"gitops-mode\"),\n\t\t\tCluster: primary.ID(),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupConfig: \u0026gkebackup.BackupPlanBackupConfigArgs{\n\t\t\t\tIncludeVolumeData: pulumi.Bool(true),\n\t\t\t\tIncludeSecrets: pulumi.Bool(true),\n\t\t\t\tAllNamespaces: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewRestorePlan(ctx, \"gitops_mode\", \u0026gkebackup.RestorePlanArgs{\n\t\t\tName: pulumi.String(\"gitops-mode\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupPlan: basic.ID(),\n\t\t\tCluster: primary.ID(),\n\t\t\tRestoreConfig: \u0026gkebackup.RestorePlanRestoreConfigArgs{\n\t\t\t\tAllNamespaces: pulumi.Bool(true),\n\t\t\t\tNamespacedResourceRestoreMode: pulumi.String(\"MERGE_SKIP_ON_CONFLICT\"),\n\t\t\t\tVolumeDataRestorePolicy: pulumi.String(\"RESTORE_VOLUME_DATA_FROM_BACKUP\"),\n\t\t\t\tClusterResourceRestoreScope: \u0026gkebackup.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs{\n\t\t\t\t\tAllGroupKinds: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tClusterResourceConflictPolicy: pulumi.String(\"USE_EXISTING_VERSION\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.Cluster;\nimport com.pulumi.gcp.container.ClusterArgs;\nimport com.pulumi.gcp.container.inputs.ClusterWorkloadIdentityConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlan;\nimport com.pulumi.gcp.gkebackup.BackupPlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.BackupPlanBackupConfigArgs;\nimport com.pulumi.gcp.gkebackup.RestorePlan;\nimport com.pulumi.gcp.gkebackup.RestorePlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Cluster(\"primary\", ClusterArgs.builder()\n .name(\"gitops-mode-cluster\")\n .location(\"us-central1\")\n .initialNodeCount(1)\n .workloadIdentityConfig(ClusterWorkloadIdentityConfigArgs.builder()\n .workloadPool(\"my-project-name.svc.id.goog\")\n .build())\n .addonsConfig(ClusterAddonsConfigArgs.builder()\n .gkeBackupAgentConfig(ClusterAddonsConfigGkeBackupAgentConfigArgs.builder()\n .enabled(true)\n .build())\n .build())\n .deletionProtection(true)\n .network(\"default\")\n .subnetwork(\"default\")\n .build());\n\n var basic = new BackupPlan(\"basic\", BackupPlanArgs.builder()\n .name(\"gitops-mode\")\n .cluster(primary.id())\n .location(\"us-central1\")\n .backupConfig(BackupPlanBackupConfigArgs.builder()\n .includeVolumeData(true)\n .includeSecrets(true)\n .allNamespaces(true)\n .build())\n .build());\n\n var gitopsMode = new RestorePlan(\"gitopsMode\", RestorePlanArgs.builder()\n .name(\"gitops-mode\")\n .location(\"us-central1\")\n .backupPlan(basic.id())\n .cluster(primary.id())\n .restoreConfig(RestorePlanRestoreConfigArgs.builder()\n .allNamespaces(true)\n .namespacedResourceRestoreMode(\"MERGE_SKIP_ON_CONFLICT\")\n .volumeDataRestorePolicy(\"RESTORE_VOLUME_DATA_FROM_BACKUP\")\n .clusterResourceRestoreScope(RestorePlanRestoreConfigClusterResourceRestoreScopeArgs.builder()\n .allGroupKinds(true)\n .build())\n .clusterResourceConflictPolicy(\"USE_EXISTING_VERSION\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:Cluster\n properties:\n name: gitops-mode-cluster\n location: us-central1\n initialNodeCount: 1\n workloadIdentityConfig:\n workloadPool: my-project-name.svc.id.goog\n addonsConfig:\n gkeBackupAgentConfig:\n enabled: true\n deletionProtection: true\n network: default\n subnetwork: default\n basic:\n type: gcp:gkebackup:BackupPlan\n properties:\n name: gitops-mode\n cluster: ${primary.id}\n location: us-central1\n backupConfig:\n includeVolumeData: true\n includeSecrets: true\n allNamespaces: true\n gitopsMode:\n type: gcp:gkebackup:RestorePlan\n name: gitops_mode\n properties:\n name: gitops-mode\n location: us-central1\n backupPlan: ${basic.id}\n cluster: ${primary.id}\n restoreConfig:\n allNamespaces: true\n namespacedResourceRestoreMode: MERGE_SKIP_ON_CONFLICT\n volumeDataRestorePolicy: RESTORE_VOLUME_DATA_FROM_BACKUP\n clusterResourceRestoreScope:\n allGroupKinds: true\n clusterResourceConflictPolicy: USE_EXISTING_VERSION\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Gkebackup Restoreplan Restore Order\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst primary = new gcp.container.Cluster(\"primary\", {\n name: \"restore-order-cluster\",\n location: \"us-central1\",\n initialNodeCount: 1,\n workloadIdentityConfig: {\n workloadPool: \"my-project-name.svc.id.goog\",\n },\n addonsConfig: {\n gkeBackupAgentConfig: {\n enabled: true,\n },\n },\n deletionProtection: true,\n network: \"default\",\n subnetwork: \"default\",\n});\nconst basic = new gcp.gkebackup.BackupPlan(\"basic\", {\n name: \"restore-order\",\n cluster: primary.id,\n location: \"us-central1\",\n backupConfig: {\n includeVolumeData: true,\n includeSecrets: true,\n allNamespaces: true,\n },\n});\nconst restoreOrder = new gcp.gkebackup.RestorePlan(\"restore_order\", {\n name: \"restore-order\",\n location: \"us-central1\",\n backupPlan: basic.id,\n cluster: primary.id,\n restoreConfig: {\n allNamespaces: true,\n namespacedResourceRestoreMode: \"FAIL_ON_CONFLICT\",\n volumeDataRestorePolicy: \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n clusterResourceRestoreScope: {\n allGroupKinds: true,\n },\n clusterResourceConflictPolicy: \"USE_EXISTING_VERSION\",\n restoreOrder: {\n groupKindDependencies: [\n {\n satisfying: {\n resourceGroup: \"stable.example.com\",\n resourceKind: \"kindA\",\n },\n requiring: {\n resourceGroup: \"stable.example.com\",\n resourceKind: \"kindB\",\n },\n },\n {\n satisfying: {\n resourceGroup: \"stable.example.com\",\n resourceKind: \"kindB\",\n },\n requiring: {\n resourceGroup: \"stable.example.com\",\n resourceKind: \"kindC\",\n },\n },\n ],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprimary = gcp.container.Cluster(\"primary\",\n name=\"restore-order-cluster\",\n location=\"us-central1\",\n initial_node_count=1,\n workload_identity_config={\n \"workload_pool\": \"my-project-name.svc.id.goog\",\n },\n addons_config={\n \"gke_backup_agent_config\": {\n \"enabled\": True,\n },\n },\n deletion_protection=True,\n network=\"default\",\n subnetwork=\"default\")\nbasic = gcp.gkebackup.BackupPlan(\"basic\",\n name=\"restore-order\",\n cluster=primary.id,\n location=\"us-central1\",\n backup_config={\n \"include_volume_data\": True,\n \"include_secrets\": True,\n \"all_namespaces\": True,\n })\nrestore_order = gcp.gkebackup.RestorePlan(\"restore_order\",\n name=\"restore-order\",\n location=\"us-central1\",\n backup_plan=basic.id,\n cluster=primary.id,\n restore_config={\n \"all_namespaces\": True,\n \"namespaced_resource_restore_mode\": \"FAIL_ON_CONFLICT\",\n \"volume_data_restore_policy\": \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n \"cluster_resource_restore_scope\": {\n \"all_group_kinds\": True,\n },\n \"cluster_resource_conflict_policy\": \"USE_EXISTING_VERSION\",\n \"restore_order\": {\n \"group_kind_dependencies\": [\n {\n \"satisfying\": {\n \"resource_group\": \"stable.example.com\",\n \"resource_kind\": \"kindA\",\n },\n \"requiring\": {\n \"resource_group\": \"stable.example.com\",\n \"resource_kind\": \"kindB\",\n },\n },\n {\n \"satisfying\": {\n \"resource_group\": \"stable.example.com\",\n \"resource_kind\": \"kindB\",\n },\n \"requiring\": {\n \"resource_group\": \"stable.example.com\",\n \"resource_kind\": \"kindC\",\n },\n },\n ],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Gcp.Container.Cluster(\"primary\", new()\n {\n Name = \"restore-order-cluster\",\n Location = \"us-central1\",\n InitialNodeCount = 1,\n WorkloadIdentityConfig = new Gcp.Container.Inputs.ClusterWorkloadIdentityConfigArgs\n {\n WorkloadPool = \"my-project-name.svc.id.goog\",\n },\n AddonsConfig = new Gcp.Container.Inputs.ClusterAddonsConfigArgs\n {\n GkeBackupAgentConfig = new Gcp.Container.Inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs\n {\n Enabled = true,\n },\n },\n DeletionProtection = true,\n Network = \"default\",\n Subnetwork = \"default\",\n });\n\n var basic = new Gcp.GkeBackup.BackupPlan(\"basic\", new()\n {\n Name = \"restore-order\",\n Cluster = primary.Id,\n Location = \"us-central1\",\n BackupConfig = new Gcp.GkeBackup.Inputs.BackupPlanBackupConfigArgs\n {\n IncludeVolumeData = true,\n IncludeSecrets = true,\n AllNamespaces = true,\n },\n });\n\n var restoreOrder = new Gcp.GkeBackup.RestorePlan(\"restore_order\", new()\n {\n Name = \"restore-order\",\n Location = \"us-central1\",\n BackupPlan = basic.Id,\n Cluster = primary.Id,\n RestoreConfig = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigArgs\n {\n AllNamespaces = true,\n NamespacedResourceRestoreMode = \"FAIL_ON_CONFLICT\",\n VolumeDataRestorePolicy = \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n ClusterResourceRestoreScope = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs\n {\n AllGroupKinds = true,\n },\n ClusterResourceConflictPolicy = \"USE_EXISTING_VERSION\",\n RestoreOrder = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigRestoreOrderArgs\n {\n GroupKindDependencies = new[]\n {\n new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigRestoreOrderGroupKindDependencyArgs\n {\n Satisfying = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigRestoreOrderGroupKindDependencySatisfyingArgs\n {\n ResourceGroup = \"stable.example.com\",\n ResourceKind = \"kindA\",\n },\n Requiring = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigRestoreOrderGroupKindDependencyRequiringArgs\n {\n ResourceGroup = \"stable.example.com\",\n ResourceKind = \"kindB\",\n },\n },\n new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigRestoreOrderGroupKindDependencyArgs\n {\n Satisfying = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigRestoreOrderGroupKindDependencySatisfyingArgs\n {\n ResourceGroup = \"stable.example.com\",\n ResourceKind = \"kindB\",\n },\n Requiring = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigRestoreOrderGroupKindDependencyRequiringArgs\n {\n ResourceGroup = \"stable.example.com\",\n ResourceKind = \"kindC\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprimary, err := container.NewCluster(ctx, \"primary\", \u0026container.ClusterArgs{\n\t\t\tName: pulumi.String(\"restore-order-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tInitialNodeCount: pulumi.Int(1),\n\t\t\tWorkloadIdentityConfig: \u0026container.ClusterWorkloadIdentityConfigArgs{\n\t\t\t\tWorkloadPool: pulumi.String(\"my-project-name.svc.id.goog\"),\n\t\t\t},\n\t\t\tAddonsConfig: \u0026container.ClusterAddonsConfigArgs{\n\t\t\t\tGkeBackupAgentConfig: \u0026container.ClusterAddonsConfigGkeBackupAgentConfigArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\tSubnetwork: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasic, err := gkebackup.NewBackupPlan(ctx, \"basic\", \u0026gkebackup.BackupPlanArgs{\n\t\t\tName: pulumi.String(\"restore-order\"),\n\t\t\tCluster: primary.ID(),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupConfig: \u0026gkebackup.BackupPlanBackupConfigArgs{\n\t\t\t\tIncludeVolumeData: pulumi.Bool(true),\n\t\t\t\tIncludeSecrets: pulumi.Bool(true),\n\t\t\t\tAllNamespaces: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewRestorePlan(ctx, \"restore_order\", \u0026gkebackup.RestorePlanArgs{\n\t\t\tName: pulumi.String(\"restore-order\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupPlan: basic.ID(),\n\t\t\tCluster: primary.ID(),\n\t\t\tRestoreConfig: \u0026gkebackup.RestorePlanRestoreConfigArgs{\n\t\t\t\tAllNamespaces: pulumi.Bool(true),\n\t\t\t\tNamespacedResourceRestoreMode: pulumi.String(\"FAIL_ON_CONFLICT\"),\n\t\t\t\tVolumeDataRestorePolicy: pulumi.String(\"RESTORE_VOLUME_DATA_FROM_BACKUP\"),\n\t\t\t\tClusterResourceRestoreScope: \u0026gkebackup.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs{\n\t\t\t\t\tAllGroupKinds: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tClusterResourceConflictPolicy: pulumi.String(\"USE_EXISTING_VERSION\"),\n\t\t\t\tRestoreOrder: \u0026gkebackup.RestorePlanRestoreConfigRestoreOrderArgs{\n\t\t\t\t\tGroupKindDependencies: gkebackup.RestorePlanRestoreConfigRestoreOrderGroupKindDependencyArray{\n\t\t\t\t\t\t\u0026gkebackup.RestorePlanRestoreConfigRestoreOrderGroupKindDependencyArgs{\n\t\t\t\t\t\t\tSatisfying: \u0026gkebackup.RestorePlanRestoreConfigRestoreOrderGroupKindDependencySatisfyingArgs{\n\t\t\t\t\t\t\t\tResourceGroup: pulumi.String(\"stable.example.com\"),\n\t\t\t\t\t\t\t\tResourceKind: pulumi.String(\"kindA\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tRequiring: \u0026gkebackup.RestorePlanRestoreConfigRestoreOrderGroupKindDependencyRequiringArgs{\n\t\t\t\t\t\t\t\tResourceGroup: pulumi.String(\"stable.example.com\"),\n\t\t\t\t\t\t\t\tResourceKind: pulumi.String(\"kindB\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026gkebackup.RestorePlanRestoreConfigRestoreOrderGroupKindDependencyArgs{\n\t\t\t\t\t\t\tSatisfying: \u0026gkebackup.RestorePlanRestoreConfigRestoreOrderGroupKindDependencySatisfyingArgs{\n\t\t\t\t\t\t\t\tResourceGroup: pulumi.String(\"stable.example.com\"),\n\t\t\t\t\t\t\t\tResourceKind: pulumi.String(\"kindB\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tRequiring: \u0026gkebackup.RestorePlanRestoreConfigRestoreOrderGroupKindDependencyRequiringArgs{\n\t\t\t\t\t\t\t\tResourceGroup: pulumi.String(\"stable.example.com\"),\n\t\t\t\t\t\t\t\tResourceKind: pulumi.String(\"kindC\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.Cluster;\nimport com.pulumi.gcp.container.ClusterArgs;\nimport com.pulumi.gcp.container.inputs.ClusterWorkloadIdentityConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlan;\nimport com.pulumi.gcp.gkebackup.BackupPlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.BackupPlanBackupConfigArgs;\nimport com.pulumi.gcp.gkebackup.RestorePlan;\nimport com.pulumi.gcp.gkebackup.RestorePlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigRestoreOrderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Cluster(\"primary\", ClusterArgs.builder()\n .name(\"restore-order-cluster\")\n .location(\"us-central1\")\n .initialNodeCount(1)\n .workloadIdentityConfig(ClusterWorkloadIdentityConfigArgs.builder()\n .workloadPool(\"my-project-name.svc.id.goog\")\n .build())\n .addonsConfig(ClusterAddonsConfigArgs.builder()\n .gkeBackupAgentConfig(ClusterAddonsConfigGkeBackupAgentConfigArgs.builder()\n .enabled(true)\n .build())\n .build())\n .deletionProtection(true)\n .network(\"default\")\n .subnetwork(\"default\")\n .build());\n\n var basic = new BackupPlan(\"basic\", BackupPlanArgs.builder()\n .name(\"restore-order\")\n .cluster(primary.id())\n .location(\"us-central1\")\n .backupConfig(BackupPlanBackupConfigArgs.builder()\n .includeVolumeData(true)\n .includeSecrets(true)\n .allNamespaces(true)\n .build())\n .build());\n\n var restoreOrder = new RestorePlan(\"restoreOrder\", RestorePlanArgs.builder()\n .name(\"restore-order\")\n .location(\"us-central1\")\n .backupPlan(basic.id())\n .cluster(primary.id())\n .restoreConfig(RestorePlanRestoreConfigArgs.builder()\n .allNamespaces(true)\n .namespacedResourceRestoreMode(\"FAIL_ON_CONFLICT\")\n .volumeDataRestorePolicy(\"RESTORE_VOLUME_DATA_FROM_BACKUP\")\n .clusterResourceRestoreScope(RestorePlanRestoreConfigClusterResourceRestoreScopeArgs.builder()\n .allGroupKinds(true)\n .build())\n .clusterResourceConflictPolicy(\"USE_EXISTING_VERSION\")\n .restoreOrder(RestorePlanRestoreConfigRestoreOrderArgs.builder()\n .groupKindDependencies( \n RestorePlanRestoreConfigRestoreOrderGroupKindDependencyArgs.builder()\n .satisfying(RestorePlanRestoreConfigRestoreOrderGroupKindDependencySatisfyingArgs.builder()\n .resourceGroup(\"stable.example.com\")\n .resourceKind(\"kindA\")\n .build())\n .requiring(RestorePlanRestoreConfigRestoreOrderGroupKindDependencyRequiringArgs.builder()\n .resourceGroup(\"stable.example.com\")\n .resourceKind(\"kindB\")\n .build())\n .build(),\n RestorePlanRestoreConfigRestoreOrderGroupKindDependencyArgs.builder()\n .satisfying(RestorePlanRestoreConfigRestoreOrderGroupKindDependencySatisfyingArgs.builder()\n .resourceGroup(\"stable.example.com\")\n .resourceKind(\"kindB\")\n .build())\n .requiring(RestorePlanRestoreConfigRestoreOrderGroupKindDependencyRequiringArgs.builder()\n .resourceGroup(\"stable.example.com\")\n .resourceKind(\"kindC\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:Cluster\n properties:\n name: restore-order-cluster\n location: us-central1\n initialNodeCount: 1\n workloadIdentityConfig:\n workloadPool: my-project-name.svc.id.goog\n addonsConfig:\n gkeBackupAgentConfig:\n enabled: true\n deletionProtection: true\n network: default\n subnetwork: default\n basic:\n type: gcp:gkebackup:BackupPlan\n properties:\n name: restore-order\n cluster: ${primary.id}\n location: us-central1\n backupConfig:\n includeVolumeData: true\n includeSecrets: true\n allNamespaces: true\n restoreOrder:\n type: gcp:gkebackup:RestorePlan\n name: restore_order\n properties:\n name: restore-order\n location: us-central1\n backupPlan: ${basic.id}\n cluster: ${primary.id}\n restoreConfig:\n allNamespaces: true\n namespacedResourceRestoreMode: FAIL_ON_CONFLICT\n volumeDataRestorePolicy: RESTORE_VOLUME_DATA_FROM_BACKUP\n clusterResourceRestoreScope:\n allGroupKinds: true\n clusterResourceConflictPolicy: USE_EXISTING_VERSION\n restoreOrder:\n groupKindDependencies:\n - satisfying:\n resourceGroup: stable.example.com\n resourceKind: kindA\n requiring:\n resourceGroup: stable.example.com\n resourceKind: kindB\n - satisfying:\n resourceGroup: stable.example.com\n resourceKind: kindB\n requiring:\n resourceGroup: stable.example.com\n resourceKind: kindC\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Gkebackup Restoreplan Volume Res\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst primary = new gcp.container.Cluster(\"primary\", {\n name: \"volume-res-cluster\",\n location: \"us-central1\",\n initialNodeCount: 1,\n workloadIdentityConfig: {\n workloadPool: \"my-project-name.svc.id.goog\",\n },\n addonsConfig: {\n gkeBackupAgentConfig: {\n enabled: true,\n },\n },\n deletionProtection: true,\n network: \"default\",\n subnetwork: \"default\",\n});\nconst basic = new gcp.gkebackup.BackupPlan(\"basic\", {\n name: \"volume-res\",\n cluster: primary.id,\n location: \"us-central1\",\n backupConfig: {\n includeVolumeData: true,\n includeSecrets: true,\n allNamespaces: true,\n },\n});\nconst volumeRes = new gcp.gkebackup.RestorePlan(\"volume_res\", {\n name: \"volume-res\",\n location: \"us-central1\",\n backupPlan: basic.id,\n cluster: primary.id,\n restoreConfig: {\n allNamespaces: true,\n namespacedResourceRestoreMode: \"FAIL_ON_CONFLICT\",\n volumeDataRestorePolicy: \"NO_VOLUME_DATA_RESTORATION\",\n clusterResourceRestoreScope: {\n allGroupKinds: true,\n },\n clusterResourceConflictPolicy: \"USE_EXISTING_VERSION\",\n volumeDataRestorePolicyBindings: [{\n policy: \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n volumeType: \"GCE_PERSISTENT_DISK\",\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprimary = gcp.container.Cluster(\"primary\",\n name=\"volume-res-cluster\",\n location=\"us-central1\",\n initial_node_count=1,\n workload_identity_config={\n \"workload_pool\": \"my-project-name.svc.id.goog\",\n },\n addons_config={\n \"gke_backup_agent_config\": {\n \"enabled\": True,\n },\n },\n deletion_protection=True,\n network=\"default\",\n subnetwork=\"default\")\nbasic = gcp.gkebackup.BackupPlan(\"basic\",\n name=\"volume-res\",\n cluster=primary.id,\n location=\"us-central1\",\n backup_config={\n \"include_volume_data\": True,\n \"include_secrets\": True,\n \"all_namespaces\": True,\n })\nvolume_res = gcp.gkebackup.RestorePlan(\"volume_res\",\n name=\"volume-res\",\n location=\"us-central1\",\n backup_plan=basic.id,\n cluster=primary.id,\n restore_config={\n \"all_namespaces\": True,\n \"namespaced_resource_restore_mode\": \"FAIL_ON_CONFLICT\",\n \"volume_data_restore_policy\": \"NO_VOLUME_DATA_RESTORATION\",\n \"cluster_resource_restore_scope\": {\n \"all_group_kinds\": True,\n },\n \"cluster_resource_conflict_policy\": \"USE_EXISTING_VERSION\",\n \"volume_data_restore_policy_bindings\": [{\n \"policy\": \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n \"volume_type\": \"GCE_PERSISTENT_DISK\",\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Gcp.Container.Cluster(\"primary\", new()\n {\n Name = \"volume-res-cluster\",\n Location = \"us-central1\",\n InitialNodeCount = 1,\n WorkloadIdentityConfig = new Gcp.Container.Inputs.ClusterWorkloadIdentityConfigArgs\n {\n WorkloadPool = \"my-project-name.svc.id.goog\",\n },\n AddonsConfig = new Gcp.Container.Inputs.ClusterAddonsConfigArgs\n {\n GkeBackupAgentConfig = new Gcp.Container.Inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs\n {\n Enabled = true,\n },\n },\n DeletionProtection = true,\n Network = \"default\",\n Subnetwork = \"default\",\n });\n\n var basic = new Gcp.GkeBackup.BackupPlan(\"basic\", new()\n {\n Name = \"volume-res\",\n Cluster = primary.Id,\n Location = \"us-central1\",\n BackupConfig = new Gcp.GkeBackup.Inputs.BackupPlanBackupConfigArgs\n {\n IncludeVolumeData = true,\n IncludeSecrets = true,\n AllNamespaces = true,\n },\n });\n\n var volumeRes = new Gcp.GkeBackup.RestorePlan(\"volume_res\", new()\n {\n Name = \"volume-res\",\n Location = \"us-central1\",\n BackupPlan = basic.Id,\n Cluster = primary.Id,\n RestoreConfig = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigArgs\n {\n AllNamespaces = true,\n NamespacedResourceRestoreMode = \"FAIL_ON_CONFLICT\",\n VolumeDataRestorePolicy = \"NO_VOLUME_DATA_RESTORATION\",\n ClusterResourceRestoreScope = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs\n {\n AllGroupKinds = true,\n },\n ClusterResourceConflictPolicy = \"USE_EXISTING_VERSION\",\n VolumeDataRestorePolicyBindings = new[]\n {\n new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigVolumeDataRestorePolicyBindingArgs\n {\n Policy = \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n VolumeType = \"GCE_PERSISTENT_DISK\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprimary, err := container.NewCluster(ctx, \"primary\", \u0026container.ClusterArgs{\n\t\t\tName: pulumi.String(\"volume-res-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tInitialNodeCount: pulumi.Int(1),\n\t\t\tWorkloadIdentityConfig: \u0026container.ClusterWorkloadIdentityConfigArgs{\n\t\t\t\tWorkloadPool: pulumi.String(\"my-project-name.svc.id.goog\"),\n\t\t\t},\n\t\t\tAddonsConfig: \u0026container.ClusterAddonsConfigArgs{\n\t\t\t\tGkeBackupAgentConfig: \u0026container.ClusterAddonsConfigGkeBackupAgentConfigArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\tSubnetwork: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasic, err := gkebackup.NewBackupPlan(ctx, \"basic\", \u0026gkebackup.BackupPlanArgs{\n\t\t\tName: pulumi.String(\"volume-res\"),\n\t\t\tCluster: primary.ID(),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupConfig: \u0026gkebackup.BackupPlanBackupConfigArgs{\n\t\t\t\tIncludeVolumeData: pulumi.Bool(true),\n\t\t\t\tIncludeSecrets: pulumi.Bool(true),\n\t\t\t\tAllNamespaces: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewRestorePlan(ctx, \"volume_res\", \u0026gkebackup.RestorePlanArgs{\n\t\t\tName: pulumi.String(\"volume-res\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupPlan: basic.ID(),\n\t\t\tCluster: primary.ID(),\n\t\t\tRestoreConfig: \u0026gkebackup.RestorePlanRestoreConfigArgs{\n\t\t\t\tAllNamespaces: pulumi.Bool(true),\n\t\t\t\tNamespacedResourceRestoreMode: pulumi.String(\"FAIL_ON_CONFLICT\"),\n\t\t\t\tVolumeDataRestorePolicy: pulumi.String(\"NO_VOLUME_DATA_RESTORATION\"),\n\t\t\t\tClusterResourceRestoreScope: \u0026gkebackup.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs{\n\t\t\t\t\tAllGroupKinds: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tClusterResourceConflictPolicy: pulumi.String(\"USE_EXISTING_VERSION\"),\n\t\t\t\tVolumeDataRestorePolicyBindings: gkebackup.RestorePlanRestoreConfigVolumeDataRestorePolicyBindingArray{\n\t\t\t\t\t\u0026gkebackup.RestorePlanRestoreConfigVolumeDataRestorePolicyBindingArgs{\n\t\t\t\t\t\tPolicy: pulumi.String(\"RESTORE_VOLUME_DATA_FROM_BACKUP\"),\n\t\t\t\t\t\tVolumeType: pulumi.String(\"GCE_PERSISTENT_DISK\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.Cluster;\nimport com.pulumi.gcp.container.ClusterArgs;\nimport com.pulumi.gcp.container.inputs.ClusterWorkloadIdentityConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlan;\nimport com.pulumi.gcp.gkebackup.BackupPlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.BackupPlanBackupConfigArgs;\nimport com.pulumi.gcp.gkebackup.RestorePlan;\nimport com.pulumi.gcp.gkebackup.RestorePlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Cluster(\"primary\", ClusterArgs.builder()\n .name(\"volume-res-cluster\")\n .location(\"us-central1\")\n .initialNodeCount(1)\n .workloadIdentityConfig(ClusterWorkloadIdentityConfigArgs.builder()\n .workloadPool(\"my-project-name.svc.id.goog\")\n .build())\n .addonsConfig(ClusterAddonsConfigArgs.builder()\n .gkeBackupAgentConfig(ClusterAddonsConfigGkeBackupAgentConfigArgs.builder()\n .enabled(true)\n .build())\n .build())\n .deletionProtection(true)\n .network(\"default\")\n .subnetwork(\"default\")\n .build());\n\n var basic = new BackupPlan(\"basic\", BackupPlanArgs.builder()\n .name(\"volume-res\")\n .cluster(primary.id())\n .location(\"us-central1\")\n .backupConfig(BackupPlanBackupConfigArgs.builder()\n .includeVolumeData(true)\n .includeSecrets(true)\n .allNamespaces(true)\n .build())\n .build());\n\n var volumeRes = new RestorePlan(\"volumeRes\", RestorePlanArgs.builder()\n .name(\"volume-res\")\n .location(\"us-central1\")\n .backupPlan(basic.id())\n .cluster(primary.id())\n .restoreConfig(RestorePlanRestoreConfigArgs.builder()\n .allNamespaces(true)\n .namespacedResourceRestoreMode(\"FAIL_ON_CONFLICT\")\n .volumeDataRestorePolicy(\"NO_VOLUME_DATA_RESTORATION\")\n .clusterResourceRestoreScope(RestorePlanRestoreConfigClusterResourceRestoreScopeArgs.builder()\n .allGroupKinds(true)\n .build())\n .clusterResourceConflictPolicy(\"USE_EXISTING_VERSION\")\n .volumeDataRestorePolicyBindings(RestorePlanRestoreConfigVolumeDataRestorePolicyBindingArgs.builder()\n .policy(\"RESTORE_VOLUME_DATA_FROM_BACKUP\")\n .volumeType(\"GCE_PERSISTENT_DISK\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:Cluster\n properties:\n name: volume-res-cluster\n location: us-central1\n initialNodeCount: 1\n workloadIdentityConfig:\n workloadPool: my-project-name.svc.id.goog\n addonsConfig:\n gkeBackupAgentConfig:\n enabled: true\n deletionProtection: true\n network: default\n subnetwork: default\n basic:\n type: gcp:gkebackup:BackupPlan\n properties:\n name: volume-res\n cluster: ${primary.id}\n location: us-central1\n backupConfig:\n includeVolumeData: true\n includeSecrets: true\n allNamespaces: true\n volumeRes:\n type: gcp:gkebackup:RestorePlan\n name: volume_res\n properties:\n name: volume-res\n location: us-central1\n backupPlan: ${basic.id}\n cluster: ${primary.id}\n restoreConfig:\n allNamespaces: true\n namespacedResourceRestoreMode: FAIL_ON_CONFLICT\n volumeDataRestorePolicy: NO_VOLUME_DATA_RESTORATION\n clusterResourceRestoreScope:\n allGroupKinds: true\n clusterResourceConflictPolicy: USE_EXISTING_VERSION\n volumeDataRestorePolicyBindings:\n - policy: RESTORE_VOLUME_DATA_FROM_BACKUP\n volumeType: GCE_PERSISTENT_DISK\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRestorePlan can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/restorePlans/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, RestorePlan can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:gkebackup/restorePlan:RestorePlan default projects/{{project}}/locations/{{location}}/restorePlans/{{name}}\n```\n\n```sh\n$ pulumi import gcp:gkebackup/restorePlan:RestorePlan default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:gkebackup/restorePlan:RestorePlan default {{location}}/{{name}}\n```\n\n", + "description": "Represents a Restore Plan instance.\n\n\nTo get more information about RestorePlan, see:\n\n* [API documentation](https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/reference/rest/v1/projects.locations.restorePlans)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke)\n\n## Example Usage\n\n### Gkebackup Restoreplan All Namespaces\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst primary = new gcp.container.Cluster(\"primary\", {\n name: \"restore-all-ns-cluster\",\n location: \"us-central1\",\n initialNodeCount: 1,\n workloadIdentityConfig: {\n workloadPool: \"my-project-name.svc.id.goog\",\n },\n addonsConfig: {\n gkeBackupAgentConfig: {\n enabled: true,\n },\n },\n deletionProtection: true,\n network: \"default\",\n subnetwork: \"default\",\n});\nconst basic = new gcp.gkebackup.BackupPlan(\"basic\", {\n name: \"restore-all-ns\",\n cluster: primary.id,\n location: \"us-central1\",\n backupConfig: {\n includeVolumeData: true,\n includeSecrets: true,\n allNamespaces: true,\n },\n});\nconst allNs = new gcp.gkebackup.RestorePlan(\"all_ns\", {\n name: \"restore-all-ns\",\n location: \"us-central1\",\n backupPlan: basic.id,\n cluster: primary.id,\n restoreConfig: {\n allNamespaces: true,\n namespacedResourceRestoreMode: \"FAIL_ON_CONFLICT\",\n volumeDataRestorePolicy: \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n clusterResourceRestoreScope: {\n allGroupKinds: true,\n },\n clusterResourceConflictPolicy: \"USE_EXISTING_VERSION\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprimary = gcp.container.Cluster(\"primary\",\n name=\"restore-all-ns-cluster\",\n location=\"us-central1\",\n initial_node_count=1,\n workload_identity_config={\n \"workload_pool\": \"my-project-name.svc.id.goog\",\n },\n addons_config={\n \"gke_backup_agent_config\": {\n \"enabled\": True,\n },\n },\n deletion_protection=True,\n network=\"default\",\n subnetwork=\"default\")\nbasic = gcp.gkebackup.BackupPlan(\"basic\",\n name=\"restore-all-ns\",\n cluster=primary.id,\n location=\"us-central1\",\n backup_config={\n \"include_volume_data\": True,\n \"include_secrets\": True,\n \"all_namespaces\": True,\n })\nall_ns = gcp.gkebackup.RestorePlan(\"all_ns\",\n name=\"restore-all-ns\",\n location=\"us-central1\",\n backup_plan=basic.id,\n cluster=primary.id,\n restore_config={\n \"all_namespaces\": True,\n \"namespaced_resource_restore_mode\": \"FAIL_ON_CONFLICT\",\n \"volume_data_restore_policy\": \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n \"cluster_resource_restore_scope\": {\n \"all_group_kinds\": True,\n },\n \"cluster_resource_conflict_policy\": \"USE_EXISTING_VERSION\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Gcp.Container.Cluster(\"primary\", new()\n {\n Name = \"restore-all-ns-cluster\",\n Location = \"us-central1\",\n InitialNodeCount = 1,\n WorkloadIdentityConfig = new Gcp.Container.Inputs.ClusterWorkloadIdentityConfigArgs\n {\n WorkloadPool = \"my-project-name.svc.id.goog\",\n },\n AddonsConfig = new Gcp.Container.Inputs.ClusterAddonsConfigArgs\n {\n GkeBackupAgentConfig = new Gcp.Container.Inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs\n {\n Enabled = true,\n },\n },\n DeletionProtection = true,\n Network = \"default\",\n Subnetwork = \"default\",\n });\n\n var basic = new Gcp.GkeBackup.BackupPlan(\"basic\", new()\n {\n Name = \"restore-all-ns\",\n Cluster = primary.Id,\n Location = \"us-central1\",\n BackupConfig = new Gcp.GkeBackup.Inputs.BackupPlanBackupConfigArgs\n {\n IncludeVolumeData = true,\n IncludeSecrets = true,\n AllNamespaces = true,\n },\n });\n\n var allNs = new Gcp.GkeBackup.RestorePlan(\"all_ns\", new()\n {\n Name = \"restore-all-ns\",\n Location = \"us-central1\",\n BackupPlan = basic.Id,\n Cluster = primary.Id,\n RestoreConfig = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigArgs\n {\n AllNamespaces = true,\n NamespacedResourceRestoreMode = \"FAIL_ON_CONFLICT\",\n VolumeDataRestorePolicy = \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n ClusterResourceRestoreScope = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs\n {\n AllGroupKinds = true,\n },\n ClusterResourceConflictPolicy = \"USE_EXISTING_VERSION\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprimary, err := container.NewCluster(ctx, \"primary\", \u0026container.ClusterArgs{\n\t\t\tName: pulumi.String(\"restore-all-ns-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tInitialNodeCount: pulumi.Int(1),\n\t\t\tWorkloadIdentityConfig: \u0026container.ClusterWorkloadIdentityConfigArgs{\n\t\t\t\tWorkloadPool: pulumi.String(\"my-project-name.svc.id.goog\"),\n\t\t\t},\n\t\t\tAddonsConfig: \u0026container.ClusterAddonsConfigArgs{\n\t\t\t\tGkeBackupAgentConfig: \u0026container.ClusterAddonsConfigGkeBackupAgentConfigArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\tSubnetwork: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasic, err := gkebackup.NewBackupPlan(ctx, \"basic\", \u0026gkebackup.BackupPlanArgs{\n\t\t\tName: pulumi.String(\"restore-all-ns\"),\n\t\t\tCluster: primary.ID(),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupConfig: \u0026gkebackup.BackupPlanBackupConfigArgs{\n\t\t\t\tIncludeVolumeData: pulumi.Bool(true),\n\t\t\t\tIncludeSecrets: pulumi.Bool(true),\n\t\t\t\tAllNamespaces: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewRestorePlan(ctx, \"all_ns\", \u0026gkebackup.RestorePlanArgs{\n\t\t\tName: pulumi.String(\"restore-all-ns\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupPlan: basic.ID(),\n\t\t\tCluster: primary.ID(),\n\t\t\tRestoreConfig: \u0026gkebackup.RestorePlanRestoreConfigArgs{\n\t\t\t\tAllNamespaces: pulumi.Bool(true),\n\t\t\t\tNamespacedResourceRestoreMode: pulumi.String(\"FAIL_ON_CONFLICT\"),\n\t\t\t\tVolumeDataRestorePolicy: pulumi.String(\"RESTORE_VOLUME_DATA_FROM_BACKUP\"),\n\t\t\t\tClusterResourceRestoreScope: \u0026gkebackup.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs{\n\t\t\t\t\tAllGroupKinds: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tClusterResourceConflictPolicy: pulumi.String(\"USE_EXISTING_VERSION\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.Cluster;\nimport com.pulumi.gcp.container.ClusterArgs;\nimport com.pulumi.gcp.container.inputs.ClusterWorkloadIdentityConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlan;\nimport com.pulumi.gcp.gkebackup.BackupPlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.BackupPlanBackupConfigArgs;\nimport com.pulumi.gcp.gkebackup.RestorePlan;\nimport com.pulumi.gcp.gkebackup.RestorePlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Cluster(\"primary\", ClusterArgs.builder()\n .name(\"restore-all-ns-cluster\")\n .location(\"us-central1\")\n .initialNodeCount(1)\n .workloadIdentityConfig(ClusterWorkloadIdentityConfigArgs.builder()\n .workloadPool(\"my-project-name.svc.id.goog\")\n .build())\n .addonsConfig(ClusterAddonsConfigArgs.builder()\n .gkeBackupAgentConfig(ClusterAddonsConfigGkeBackupAgentConfigArgs.builder()\n .enabled(true)\n .build())\n .build())\n .deletionProtection(true)\n .network(\"default\")\n .subnetwork(\"default\")\n .build());\n\n var basic = new BackupPlan(\"basic\", BackupPlanArgs.builder()\n .name(\"restore-all-ns\")\n .cluster(primary.id())\n .location(\"us-central1\")\n .backupConfig(BackupPlanBackupConfigArgs.builder()\n .includeVolumeData(true)\n .includeSecrets(true)\n .allNamespaces(true)\n .build())\n .build());\n\n var allNs = new RestorePlan(\"allNs\", RestorePlanArgs.builder()\n .name(\"restore-all-ns\")\n .location(\"us-central1\")\n .backupPlan(basic.id())\n .cluster(primary.id())\n .restoreConfig(RestorePlanRestoreConfigArgs.builder()\n .allNamespaces(true)\n .namespacedResourceRestoreMode(\"FAIL_ON_CONFLICT\")\n .volumeDataRestorePolicy(\"RESTORE_VOLUME_DATA_FROM_BACKUP\")\n .clusterResourceRestoreScope(RestorePlanRestoreConfigClusterResourceRestoreScopeArgs.builder()\n .allGroupKinds(true)\n .build())\n .clusterResourceConflictPolicy(\"USE_EXISTING_VERSION\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:Cluster\n properties:\n name: restore-all-ns-cluster\n location: us-central1\n initialNodeCount: 1\n workloadIdentityConfig:\n workloadPool: my-project-name.svc.id.goog\n addonsConfig:\n gkeBackupAgentConfig:\n enabled: true\n deletionProtection: true\n network: default\n subnetwork: default\n basic:\n type: gcp:gkebackup:BackupPlan\n properties:\n name: restore-all-ns\n cluster: ${primary.id}\n location: us-central1\n backupConfig:\n includeVolumeData: true\n includeSecrets: true\n allNamespaces: true\n allNs:\n type: gcp:gkebackup:RestorePlan\n name: all_ns\n properties:\n name: restore-all-ns\n location: us-central1\n backupPlan: ${basic.id}\n cluster: ${primary.id}\n restoreConfig:\n allNamespaces: true\n namespacedResourceRestoreMode: FAIL_ON_CONFLICT\n volumeDataRestorePolicy: RESTORE_VOLUME_DATA_FROM_BACKUP\n clusterResourceRestoreScope:\n allGroupKinds: true\n clusterResourceConflictPolicy: USE_EXISTING_VERSION\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Gkebackup Restoreplan Rollback Namespace\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst primary = new gcp.container.Cluster(\"primary\", {\n name: \"rollback-ns-cluster\",\n location: \"us-central1\",\n initialNodeCount: 1,\n workloadIdentityConfig: {\n workloadPool: \"my-project-name.svc.id.goog\",\n },\n addonsConfig: {\n gkeBackupAgentConfig: {\n enabled: true,\n },\n },\n deletionProtection: true,\n network: \"default\",\n subnetwork: \"default\",\n});\nconst basic = new gcp.gkebackup.BackupPlan(\"basic\", {\n name: \"rollback-ns\",\n cluster: primary.id,\n location: \"us-central1\",\n backupConfig: {\n includeVolumeData: true,\n includeSecrets: true,\n allNamespaces: true,\n },\n});\nconst rollbackNs = new gcp.gkebackup.RestorePlan(\"rollback_ns\", {\n name: \"rollback-ns-rp\",\n location: \"us-central1\",\n backupPlan: basic.id,\n cluster: primary.id,\n restoreConfig: {\n selectedNamespaces: {\n namespaces: [\"my-ns\"],\n },\n namespacedResourceRestoreMode: \"DELETE_AND_RESTORE\",\n volumeDataRestorePolicy: \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n clusterResourceRestoreScope: {\n selectedGroupKinds: [\n {\n resourceGroup: \"apiextension.k8s.io\",\n resourceKind: \"CustomResourceDefinition\",\n },\n {\n resourceGroup: \"storage.k8s.io\",\n resourceKind: \"StorageClass\",\n },\n ],\n },\n clusterResourceConflictPolicy: \"USE_EXISTING_VERSION\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprimary = gcp.container.Cluster(\"primary\",\n name=\"rollback-ns-cluster\",\n location=\"us-central1\",\n initial_node_count=1,\n workload_identity_config={\n \"workload_pool\": \"my-project-name.svc.id.goog\",\n },\n addons_config={\n \"gke_backup_agent_config\": {\n \"enabled\": True,\n },\n },\n deletion_protection=True,\n network=\"default\",\n subnetwork=\"default\")\nbasic = gcp.gkebackup.BackupPlan(\"basic\",\n name=\"rollback-ns\",\n cluster=primary.id,\n location=\"us-central1\",\n backup_config={\n \"include_volume_data\": True,\n \"include_secrets\": True,\n \"all_namespaces\": True,\n })\nrollback_ns = gcp.gkebackup.RestorePlan(\"rollback_ns\",\n name=\"rollback-ns-rp\",\n location=\"us-central1\",\n backup_plan=basic.id,\n cluster=primary.id,\n restore_config={\n \"selected_namespaces\": {\n \"namespaces\": [\"my-ns\"],\n },\n \"namespaced_resource_restore_mode\": \"DELETE_AND_RESTORE\",\n \"volume_data_restore_policy\": \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n \"cluster_resource_restore_scope\": {\n \"selected_group_kinds\": [\n {\n \"resource_group\": \"apiextension.k8s.io\",\n \"resource_kind\": \"CustomResourceDefinition\",\n },\n {\n \"resource_group\": \"storage.k8s.io\",\n \"resource_kind\": \"StorageClass\",\n },\n ],\n },\n \"cluster_resource_conflict_policy\": \"USE_EXISTING_VERSION\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Gcp.Container.Cluster(\"primary\", new()\n {\n Name = \"rollback-ns-cluster\",\n Location = \"us-central1\",\n InitialNodeCount = 1,\n WorkloadIdentityConfig = new Gcp.Container.Inputs.ClusterWorkloadIdentityConfigArgs\n {\n WorkloadPool = \"my-project-name.svc.id.goog\",\n },\n AddonsConfig = new Gcp.Container.Inputs.ClusterAddonsConfigArgs\n {\n GkeBackupAgentConfig = new Gcp.Container.Inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs\n {\n Enabled = true,\n },\n },\n DeletionProtection = true,\n Network = \"default\",\n Subnetwork = \"default\",\n });\n\n var basic = new Gcp.GkeBackup.BackupPlan(\"basic\", new()\n {\n Name = \"rollback-ns\",\n Cluster = primary.Id,\n Location = \"us-central1\",\n BackupConfig = new Gcp.GkeBackup.Inputs.BackupPlanBackupConfigArgs\n {\n IncludeVolumeData = true,\n IncludeSecrets = true,\n AllNamespaces = true,\n },\n });\n\n var rollbackNs = new Gcp.GkeBackup.RestorePlan(\"rollback_ns\", new()\n {\n Name = \"rollback-ns-rp\",\n Location = \"us-central1\",\n BackupPlan = basic.Id,\n Cluster = primary.Id,\n RestoreConfig = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigArgs\n {\n SelectedNamespaces = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigSelectedNamespacesArgs\n {\n Namespaces = new[]\n {\n \"my-ns\",\n },\n },\n NamespacedResourceRestoreMode = \"DELETE_AND_RESTORE\",\n VolumeDataRestorePolicy = \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n ClusterResourceRestoreScope = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs\n {\n SelectedGroupKinds = new[]\n {\n new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeSelectedGroupKindArgs\n {\n ResourceGroup = \"apiextension.k8s.io\",\n ResourceKind = \"CustomResourceDefinition\",\n },\n new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeSelectedGroupKindArgs\n {\n ResourceGroup = \"storage.k8s.io\",\n ResourceKind = \"StorageClass\",\n },\n },\n },\n ClusterResourceConflictPolicy = \"USE_EXISTING_VERSION\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprimary, err := container.NewCluster(ctx, \"primary\", \u0026container.ClusterArgs{\n\t\t\tName: pulumi.String(\"rollback-ns-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tInitialNodeCount: pulumi.Int(1),\n\t\t\tWorkloadIdentityConfig: \u0026container.ClusterWorkloadIdentityConfigArgs{\n\t\t\t\tWorkloadPool: pulumi.String(\"my-project-name.svc.id.goog\"),\n\t\t\t},\n\t\t\tAddonsConfig: \u0026container.ClusterAddonsConfigArgs{\n\t\t\t\tGkeBackupAgentConfig: \u0026container.ClusterAddonsConfigGkeBackupAgentConfigArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\tSubnetwork: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasic, err := gkebackup.NewBackupPlan(ctx, \"basic\", \u0026gkebackup.BackupPlanArgs{\n\t\t\tName: pulumi.String(\"rollback-ns\"),\n\t\t\tCluster: primary.ID(),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupConfig: \u0026gkebackup.BackupPlanBackupConfigArgs{\n\t\t\t\tIncludeVolumeData: pulumi.Bool(true),\n\t\t\t\tIncludeSecrets: pulumi.Bool(true),\n\t\t\t\tAllNamespaces: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewRestorePlan(ctx, \"rollback_ns\", \u0026gkebackup.RestorePlanArgs{\n\t\t\tName: pulumi.String(\"rollback-ns-rp\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupPlan: basic.ID(),\n\t\t\tCluster: primary.ID(),\n\t\t\tRestoreConfig: \u0026gkebackup.RestorePlanRestoreConfigArgs{\n\t\t\t\tSelectedNamespaces: \u0026gkebackup.RestorePlanRestoreConfigSelectedNamespacesArgs{\n\t\t\t\t\tNamespaces: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"my-ns\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tNamespacedResourceRestoreMode: pulumi.String(\"DELETE_AND_RESTORE\"),\n\t\t\t\tVolumeDataRestorePolicy: pulumi.String(\"RESTORE_VOLUME_DATA_FROM_BACKUP\"),\n\t\t\t\tClusterResourceRestoreScope: \u0026gkebackup.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs{\n\t\t\t\t\tSelectedGroupKinds: gkebackup.RestorePlanRestoreConfigClusterResourceRestoreScopeSelectedGroupKindArray{\n\t\t\t\t\t\t\u0026gkebackup.RestorePlanRestoreConfigClusterResourceRestoreScopeSelectedGroupKindArgs{\n\t\t\t\t\t\t\tResourceGroup: pulumi.String(\"apiextension.k8s.io\"),\n\t\t\t\t\t\t\tResourceKind: pulumi.String(\"CustomResourceDefinition\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026gkebackup.RestorePlanRestoreConfigClusterResourceRestoreScopeSelectedGroupKindArgs{\n\t\t\t\t\t\t\tResourceGroup: pulumi.String(\"storage.k8s.io\"),\n\t\t\t\t\t\t\tResourceKind: pulumi.String(\"StorageClass\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tClusterResourceConflictPolicy: pulumi.String(\"USE_EXISTING_VERSION\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.Cluster;\nimport com.pulumi.gcp.container.ClusterArgs;\nimport com.pulumi.gcp.container.inputs.ClusterWorkloadIdentityConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlan;\nimport com.pulumi.gcp.gkebackup.BackupPlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.BackupPlanBackupConfigArgs;\nimport com.pulumi.gcp.gkebackup.RestorePlan;\nimport com.pulumi.gcp.gkebackup.RestorePlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigSelectedNamespacesArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Cluster(\"primary\", ClusterArgs.builder()\n .name(\"rollback-ns-cluster\")\n .location(\"us-central1\")\n .initialNodeCount(1)\n .workloadIdentityConfig(ClusterWorkloadIdentityConfigArgs.builder()\n .workloadPool(\"my-project-name.svc.id.goog\")\n .build())\n .addonsConfig(ClusterAddonsConfigArgs.builder()\n .gkeBackupAgentConfig(ClusterAddonsConfigGkeBackupAgentConfigArgs.builder()\n .enabled(true)\n .build())\n .build())\n .deletionProtection(true)\n .network(\"default\")\n .subnetwork(\"default\")\n .build());\n\n var basic = new BackupPlan(\"basic\", BackupPlanArgs.builder()\n .name(\"rollback-ns\")\n .cluster(primary.id())\n .location(\"us-central1\")\n .backupConfig(BackupPlanBackupConfigArgs.builder()\n .includeVolumeData(true)\n .includeSecrets(true)\n .allNamespaces(true)\n .build())\n .build());\n\n var rollbackNs = new RestorePlan(\"rollbackNs\", RestorePlanArgs.builder()\n .name(\"rollback-ns-rp\")\n .location(\"us-central1\")\n .backupPlan(basic.id())\n .cluster(primary.id())\n .restoreConfig(RestorePlanRestoreConfigArgs.builder()\n .selectedNamespaces(RestorePlanRestoreConfigSelectedNamespacesArgs.builder()\n .namespaces(\"my-ns\")\n .build())\n .namespacedResourceRestoreMode(\"DELETE_AND_RESTORE\")\n .volumeDataRestorePolicy(\"RESTORE_VOLUME_DATA_FROM_BACKUP\")\n .clusterResourceRestoreScope(RestorePlanRestoreConfigClusterResourceRestoreScopeArgs.builder()\n .selectedGroupKinds( \n RestorePlanRestoreConfigClusterResourceRestoreScopeSelectedGroupKindArgs.builder()\n .resourceGroup(\"apiextension.k8s.io\")\n .resourceKind(\"CustomResourceDefinition\")\n .build(),\n RestorePlanRestoreConfigClusterResourceRestoreScopeSelectedGroupKindArgs.builder()\n .resourceGroup(\"storage.k8s.io\")\n .resourceKind(\"StorageClass\")\n .build())\n .build())\n .clusterResourceConflictPolicy(\"USE_EXISTING_VERSION\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:Cluster\n properties:\n name: rollback-ns-cluster\n location: us-central1\n initialNodeCount: 1\n workloadIdentityConfig:\n workloadPool: my-project-name.svc.id.goog\n addonsConfig:\n gkeBackupAgentConfig:\n enabled: true\n deletionProtection: true\n network: default\n subnetwork: default\n basic:\n type: gcp:gkebackup:BackupPlan\n properties:\n name: rollback-ns\n cluster: ${primary.id}\n location: us-central1\n backupConfig:\n includeVolumeData: true\n includeSecrets: true\n allNamespaces: true\n rollbackNs:\n type: gcp:gkebackup:RestorePlan\n name: rollback_ns\n properties:\n name: rollback-ns-rp\n location: us-central1\n backupPlan: ${basic.id}\n cluster: ${primary.id}\n restoreConfig:\n selectedNamespaces:\n namespaces:\n - my-ns\n namespacedResourceRestoreMode: DELETE_AND_RESTORE\n volumeDataRestorePolicy: RESTORE_VOLUME_DATA_FROM_BACKUP\n clusterResourceRestoreScope:\n selectedGroupKinds:\n - resourceGroup: apiextension.k8s.io\n resourceKind: CustomResourceDefinition\n - resourceGroup: storage.k8s.io\n resourceKind: StorageClass\n clusterResourceConflictPolicy: USE_EXISTING_VERSION\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Gkebackup Restoreplan Protected Application\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst primary = new gcp.container.Cluster(\"primary\", {\n name: \"rollback-app-cluster\",\n location: \"us-central1\",\n initialNodeCount: 1,\n workloadIdentityConfig: {\n workloadPool: \"my-project-name.svc.id.goog\",\n },\n addonsConfig: {\n gkeBackupAgentConfig: {\n enabled: true,\n },\n },\n deletionProtection: true,\n network: \"default\",\n subnetwork: \"default\",\n});\nconst basic = new gcp.gkebackup.BackupPlan(\"basic\", {\n name: \"rollback-app\",\n cluster: primary.id,\n location: \"us-central1\",\n backupConfig: {\n includeVolumeData: true,\n includeSecrets: true,\n allNamespaces: true,\n },\n});\nconst rollbackApp = new gcp.gkebackup.RestorePlan(\"rollback_app\", {\n name: \"rollback-app-rp\",\n location: \"us-central1\",\n backupPlan: basic.id,\n cluster: primary.id,\n restoreConfig: {\n selectedApplications: {\n namespacedNames: [{\n name: \"my-app\",\n namespace: \"my-ns\",\n }],\n },\n namespacedResourceRestoreMode: \"DELETE_AND_RESTORE\",\n volumeDataRestorePolicy: \"REUSE_VOLUME_HANDLE_FROM_BACKUP\",\n clusterResourceRestoreScope: {\n noGroupKinds: true,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprimary = gcp.container.Cluster(\"primary\",\n name=\"rollback-app-cluster\",\n location=\"us-central1\",\n initial_node_count=1,\n workload_identity_config={\n \"workload_pool\": \"my-project-name.svc.id.goog\",\n },\n addons_config={\n \"gke_backup_agent_config\": {\n \"enabled\": True,\n },\n },\n deletion_protection=True,\n network=\"default\",\n subnetwork=\"default\")\nbasic = gcp.gkebackup.BackupPlan(\"basic\",\n name=\"rollback-app\",\n cluster=primary.id,\n location=\"us-central1\",\n backup_config={\n \"include_volume_data\": True,\n \"include_secrets\": True,\n \"all_namespaces\": True,\n })\nrollback_app = gcp.gkebackup.RestorePlan(\"rollback_app\",\n name=\"rollback-app-rp\",\n location=\"us-central1\",\n backup_plan=basic.id,\n cluster=primary.id,\n restore_config={\n \"selected_applications\": {\n \"namespaced_names\": [{\n \"name\": \"my-app\",\n \"namespace\": \"my-ns\",\n }],\n },\n \"namespaced_resource_restore_mode\": \"DELETE_AND_RESTORE\",\n \"volume_data_restore_policy\": \"REUSE_VOLUME_HANDLE_FROM_BACKUP\",\n \"cluster_resource_restore_scope\": {\n \"no_group_kinds\": True,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Gcp.Container.Cluster(\"primary\", new()\n {\n Name = \"rollback-app-cluster\",\n Location = \"us-central1\",\n InitialNodeCount = 1,\n WorkloadIdentityConfig = new Gcp.Container.Inputs.ClusterWorkloadIdentityConfigArgs\n {\n WorkloadPool = \"my-project-name.svc.id.goog\",\n },\n AddonsConfig = new Gcp.Container.Inputs.ClusterAddonsConfigArgs\n {\n GkeBackupAgentConfig = new Gcp.Container.Inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs\n {\n Enabled = true,\n },\n },\n DeletionProtection = true,\n Network = \"default\",\n Subnetwork = \"default\",\n });\n\n var basic = new Gcp.GkeBackup.BackupPlan(\"basic\", new()\n {\n Name = \"rollback-app\",\n Cluster = primary.Id,\n Location = \"us-central1\",\n BackupConfig = new Gcp.GkeBackup.Inputs.BackupPlanBackupConfigArgs\n {\n IncludeVolumeData = true,\n IncludeSecrets = true,\n AllNamespaces = true,\n },\n });\n\n var rollbackApp = new Gcp.GkeBackup.RestorePlan(\"rollback_app\", new()\n {\n Name = \"rollback-app-rp\",\n Location = \"us-central1\",\n BackupPlan = basic.Id,\n Cluster = primary.Id,\n RestoreConfig = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigArgs\n {\n SelectedApplications = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigSelectedApplicationsArgs\n {\n NamespacedNames = new[]\n {\n new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigSelectedApplicationsNamespacedNameArgs\n {\n Name = \"my-app\",\n Namespace = \"my-ns\",\n },\n },\n },\n NamespacedResourceRestoreMode = \"DELETE_AND_RESTORE\",\n VolumeDataRestorePolicy = \"REUSE_VOLUME_HANDLE_FROM_BACKUP\",\n ClusterResourceRestoreScope = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs\n {\n NoGroupKinds = true,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprimary, err := container.NewCluster(ctx, \"primary\", \u0026container.ClusterArgs{\n\t\t\tName: pulumi.String(\"rollback-app-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tInitialNodeCount: pulumi.Int(1),\n\t\t\tWorkloadIdentityConfig: \u0026container.ClusterWorkloadIdentityConfigArgs{\n\t\t\t\tWorkloadPool: pulumi.String(\"my-project-name.svc.id.goog\"),\n\t\t\t},\n\t\t\tAddonsConfig: \u0026container.ClusterAddonsConfigArgs{\n\t\t\t\tGkeBackupAgentConfig: \u0026container.ClusterAddonsConfigGkeBackupAgentConfigArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\tSubnetwork: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasic, err := gkebackup.NewBackupPlan(ctx, \"basic\", \u0026gkebackup.BackupPlanArgs{\n\t\t\tName: pulumi.String(\"rollback-app\"),\n\t\t\tCluster: primary.ID(),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupConfig: \u0026gkebackup.BackupPlanBackupConfigArgs{\n\t\t\t\tIncludeVolumeData: pulumi.Bool(true),\n\t\t\t\tIncludeSecrets: pulumi.Bool(true),\n\t\t\t\tAllNamespaces: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewRestorePlan(ctx, \"rollback_app\", \u0026gkebackup.RestorePlanArgs{\n\t\t\tName: pulumi.String(\"rollback-app-rp\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupPlan: basic.ID(),\n\t\t\tCluster: primary.ID(),\n\t\t\tRestoreConfig: \u0026gkebackup.RestorePlanRestoreConfigArgs{\n\t\t\t\tSelectedApplications: \u0026gkebackup.RestorePlanRestoreConfigSelectedApplicationsArgs{\n\t\t\t\t\tNamespacedNames: gkebackup.RestorePlanRestoreConfigSelectedApplicationsNamespacedNameArray{\n\t\t\t\t\t\t\u0026gkebackup.RestorePlanRestoreConfigSelectedApplicationsNamespacedNameArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"my-app\"),\n\t\t\t\t\t\t\tNamespace: pulumi.String(\"my-ns\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tNamespacedResourceRestoreMode: pulumi.String(\"DELETE_AND_RESTORE\"),\n\t\t\t\tVolumeDataRestorePolicy: pulumi.String(\"REUSE_VOLUME_HANDLE_FROM_BACKUP\"),\n\t\t\t\tClusterResourceRestoreScope: \u0026gkebackup.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs{\n\t\t\t\t\tNoGroupKinds: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.Cluster;\nimport com.pulumi.gcp.container.ClusterArgs;\nimport com.pulumi.gcp.container.inputs.ClusterWorkloadIdentityConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlan;\nimport com.pulumi.gcp.gkebackup.BackupPlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.BackupPlanBackupConfigArgs;\nimport com.pulumi.gcp.gkebackup.RestorePlan;\nimport com.pulumi.gcp.gkebackup.RestorePlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigSelectedApplicationsArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Cluster(\"primary\", ClusterArgs.builder()\n .name(\"rollback-app-cluster\")\n .location(\"us-central1\")\n .initialNodeCount(1)\n .workloadIdentityConfig(ClusterWorkloadIdentityConfigArgs.builder()\n .workloadPool(\"my-project-name.svc.id.goog\")\n .build())\n .addonsConfig(ClusterAddonsConfigArgs.builder()\n .gkeBackupAgentConfig(ClusterAddonsConfigGkeBackupAgentConfigArgs.builder()\n .enabled(true)\n .build())\n .build())\n .deletionProtection(true)\n .network(\"default\")\n .subnetwork(\"default\")\n .build());\n\n var basic = new BackupPlan(\"basic\", BackupPlanArgs.builder()\n .name(\"rollback-app\")\n .cluster(primary.id())\n .location(\"us-central1\")\n .backupConfig(BackupPlanBackupConfigArgs.builder()\n .includeVolumeData(true)\n .includeSecrets(true)\n .allNamespaces(true)\n .build())\n .build());\n\n var rollbackApp = new RestorePlan(\"rollbackApp\", RestorePlanArgs.builder()\n .name(\"rollback-app-rp\")\n .location(\"us-central1\")\n .backupPlan(basic.id())\n .cluster(primary.id())\n .restoreConfig(RestorePlanRestoreConfigArgs.builder()\n .selectedApplications(RestorePlanRestoreConfigSelectedApplicationsArgs.builder()\n .namespacedNames(RestorePlanRestoreConfigSelectedApplicationsNamespacedNameArgs.builder()\n .name(\"my-app\")\n .namespace(\"my-ns\")\n .build())\n .build())\n .namespacedResourceRestoreMode(\"DELETE_AND_RESTORE\")\n .volumeDataRestorePolicy(\"REUSE_VOLUME_HANDLE_FROM_BACKUP\")\n .clusterResourceRestoreScope(RestorePlanRestoreConfigClusterResourceRestoreScopeArgs.builder()\n .noGroupKinds(true)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:Cluster\n properties:\n name: rollback-app-cluster\n location: us-central1\n initialNodeCount: 1\n workloadIdentityConfig:\n workloadPool: my-project-name.svc.id.goog\n addonsConfig:\n gkeBackupAgentConfig:\n enabled: true\n deletionProtection: true\n network: default\n subnetwork: default\n basic:\n type: gcp:gkebackup:BackupPlan\n properties:\n name: rollback-app\n cluster: ${primary.id}\n location: us-central1\n backupConfig:\n includeVolumeData: true\n includeSecrets: true\n allNamespaces: true\n rollbackApp:\n type: gcp:gkebackup:RestorePlan\n name: rollback_app\n properties:\n name: rollback-app-rp\n location: us-central1\n backupPlan: ${basic.id}\n cluster: ${primary.id}\n restoreConfig:\n selectedApplications:\n namespacedNames:\n - name: my-app\n namespace: my-ns\n namespacedResourceRestoreMode: DELETE_AND_RESTORE\n volumeDataRestorePolicy: REUSE_VOLUME_HANDLE_FROM_BACKUP\n clusterResourceRestoreScope:\n noGroupKinds: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Gkebackup Restoreplan All Cluster Resources\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst primary = new gcp.container.Cluster(\"primary\", {\n name: \"all-groupkinds-cluster\",\n location: \"us-central1\",\n initialNodeCount: 1,\n workloadIdentityConfig: {\n workloadPool: \"my-project-name.svc.id.goog\",\n },\n addonsConfig: {\n gkeBackupAgentConfig: {\n enabled: true,\n },\n },\n deletionProtection: true,\n network: \"default\",\n subnetwork: \"default\",\n});\nconst basic = new gcp.gkebackup.BackupPlan(\"basic\", {\n name: \"all-groupkinds\",\n cluster: primary.id,\n location: \"us-central1\",\n backupConfig: {\n includeVolumeData: true,\n includeSecrets: true,\n allNamespaces: true,\n },\n});\nconst allClusterResources = new gcp.gkebackup.RestorePlan(\"all_cluster_resources\", {\n name: \"all-groupkinds-rp\",\n location: \"us-central1\",\n backupPlan: basic.id,\n cluster: primary.id,\n restoreConfig: {\n noNamespaces: true,\n namespacedResourceRestoreMode: \"FAIL_ON_CONFLICT\",\n clusterResourceRestoreScope: {\n allGroupKinds: true,\n },\n clusterResourceConflictPolicy: \"USE_EXISTING_VERSION\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprimary = gcp.container.Cluster(\"primary\",\n name=\"all-groupkinds-cluster\",\n location=\"us-central1\",\n initial_node_count=1,\n workload_identity_config={\n \"workload_pool\": \"my-project-name.svc.id.goog\",\n },\n addons_config={\n \"gke_backup_agent_config\": {\n \"enabled\": True,\n },\n },\n deletion_protection=True,\n network=\"default\",\n subnetwork=\"default\")\nbasic = gcp.gkebackup.BackupPlan(\"basic\",\n name=\"all-groupkinds\",\n cluster=primary.id,\n location=\"us-central1\",\n backup_config={\n \"include_volume_data\": True,\n \"include_secrets\": True,\n \"all_namespaces\": True,\n })\nall_cluster_resources = gcp.gkebackup.RestorePlan(\"all_cluster_resources\",\n name=\"all-groupkinds-rp\",\n location=\"us-central1\",\n backup_plan=basic.id,\n cluster=primary.id,\n restore_config={\n \"no_namespaces\": True,\n \"namespaced_resource_restore_mode\": \"FAIL_ON_CONFLICT\",\n \"cluster_resource_restore_scope\": {\n \"all_group_kinds\": True,\n },\n \"cluster_resource_conflict_policy\": \"USE_EXISTING_VERSION\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Gcp.Container.Cluster(\"primary\", new()\n {\n Name = \"all-groupkinds-cluster\",\n Location = \"us-central1\",\n InitialNodeCount = 1,\n WorkloadIdentityConfig = new Gcp.Container.Inputs.ClusterWorkloadIdentityConfigArgs\n {\n WorkloadPool = \"my-project-name.svc.id.goog\",\n },\n AddonsConfig = new Gcp.Container.Inputs.ClusterAddonsConfigArgs\n {\n GkeBackupAgentConfig = new Gcp.Container.Inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs\n {\n Enabled = true,\n },\n },\n DeletionProtection = true,\n Network = \"default\",\n Subnetwork = \"default\",\n });\n\n var basic = new Gcp.GkeBackup.BackupPlan(\"basic\", new()\n {\n Name = \"all-groupkinds\",\n Cluster = primary.Id,\n Location = \"us-central1\",\n BackupConfig = new Gcp.GkeBackup.Inputs.BackupPlanBackupConfigArgs\n {\n IncludeVolumeData = true,\n IncludeSecrets = true,\n AllNamespaces = true,\n },\n });\n\n var allClusterResources = new Gcp.GkeBackup.RestorePlan(\"all_cluster_resources\", new()\n {\n Name = \"all-groupkinds-rp\",\n Location = \"us-central1\",\n BackupPlan = basic.Id,\n Cluster = primary.Id,\n RestoreConfig = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigArgs\n {\n NoNamespaces = true,\n NamespacedResourceRestoreMode = \"FAIL_ON_CONFLICT\",\n ClusterResourceRestoreScope = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs\n {\n AllGroupKinds = true,\n },\n ClusterResourceConflictPolicy = \"USE_EXISTING_VERSION\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprimary, err := container.NewCluster(ctx, \"primary\", \u0026container.ClusterArgs{\n\t\t\tName: pulumi.String(\"all-groupkinds-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tInitialNodeCount: pulumi.Int(1),\n\t\t\tWorkloadIdentityConfig: \u0026container.ClusterWorkloadIdentityConfigArgs{\n\t\t\t\tWorkloadPool: pulumi.String(\"my-project-name.svc.id.goog\"),\n\t\t\t},\n\t\t\tAddonsConfig: \u0026container.ClusterAddonsConfigArgs{\n\t\t\t\tGkeBackupAgentConfig: \u0026container.ClusterAddonsConfigGkeBackupAgentConfigArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\tSubnetwork: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasic, err := gkebackup.NewBackupPlan(ctx, \"basic\", \u0026gkebackup.BackupPlanArgs{\n\t\t\tName: pulumi.String(\"all-groupkinds\"),\n\t\t\tCluster: primary.ID(),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupConfig: \u0026gkebackup.BackupPlanBackupConfigArgs{\n\t\t\t\tIncludeVolumeData: pulumi.Bool(true),\n\t\t\t\tIncludeSecrets: pulumi.Bool(true),\n\t\t\t\tAllNamespaces: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewRestorePlan(ctx, \"all_cluster_resources\", \u0026gkebackup.RestorePlanArgs{\n\t\t\tName: pulumi.String(\"all-groupkinds-rp\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupPlan: basic.ID(),\n\t\t\tCluster: primary.ID(),\n\t\t\tRestoreConfig: \u0026gkebackup.RestorePlanRestoreConfigArgs{\n\t\t\t\tNoNamespaces: pulumi.Bool(true),\n\t\t\t\tNamespacedResourceRestoreMode: pulumi.String(\"FAIL_ON_CONFLICT\"),\n\t\t\t\tClusterResourceRestoreScope: \u0026gkebackup.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs{\n\t\t\t\t\tAllGroupKinds: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tClusterResourceConflictPolicy: pulumi.String(\"USE_EXISTING_VERSION\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.Cluster;\nimport com.pulumi.gcp.container.ClusterArgs;\nimport com.pulumi.gcp.container.inputs.ClusterWorkloadIdentityConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlan;\nimport com.pulumi.gcp.gkebackup.BackupPlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.BackupPlanBackupConfigArgs;\nimport com.pulumi.gcp.gkebackup.RestorePlan;\nimport com.pulumi.gcp.gkebackup.RestorePlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Cluster(\"primary\", ClusterArgs.builder()\n .name(\"all-groupkinds-cluster\")\n .location(\"us-central1\")\n .initialNodeCount(1)\n .workloadIdentityConfig(ClusterWorkloadIdentityConfigArgs.builder()\n .workloadPool(\"my-project-name.svc.id.goog\")\n .build())\n .addonsConfig(ClusterAddonsConfigArgs.builder()\n .gkeBackupAgentConfig(ClusterAddonsConfigGkeBackupAgentConfigArgs.builder()\n .enabled(true)\n .build())\n .build())\n .deletionProtection(true)\n .network(\"default\")\n .subnetwork(\"default\")\n .build());\n\n var basic = new BackupPlan(\"basic\", BackupPlanArgs.builder()\n .name(\"all-groupkinds\")\n .cluster(primary.id())\n .location(\"us-central1\")\n .backupConfig(BackupPlanBackupConfigArgs.builder()\n .includeVolumeData(true)\n .includeSecrets(true)\n .allNamespaces(true)\n .build())\n .build());\n\n var allClusterResources = new RestorePlan(\"allClusterResources\", RestorePlanArgs.builder()\n .name(\"all-groupkinds-rp\")\n .location(\"us-central1\")\n .backupPlan(basic.id())\n .cluster(primary.id())\n .restoreConfig(RestorePlanRestoreConfigArgs.builder()\n .noNamespaces(true)\n .namespacedResourceRestoreMode(\"FAIL_ON_CONFLICT\")\n .clusterResourceRestoreScope(RestorePlanRestoreConfigClusterResourceRestoreScopeArgs.builder()\n .allGroupKinds(true)\n .build())\n .clusterResourceConflictPolicy(\"USE_EXISTING_VERSION\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:Cluster\n properties:\n name: all-groupkinds-cluster\n location: us-central1\n initialNodeCount: 1\n workloadIdentityConfig:\n workloadPool: my-project-name.svc.id.goog\n addonsConfig:\n gkeBackupAgentConfig:\n enabled: true\n deletionProtection: true\n network: default\n subnetwork: default\n basic:\n type: gcp:gkebackup:BackupPlan\n properties:\n name: all-groupkinds\n cluster: ${primary.id}\n location: us-central1\n backupConfig:\n includeVolumeData: true\n includeSecrets: true\n allNamespaces: true\n allClusterResources:\n type: gcp:gkebackup:RestorePlan\n name: all_cluster_resources\n properties:\n name: all-groupkinds-rp\n location: us-central1\n backupPlan: ${basic.id}\n cluster: ${primary.id}\n restoreConfig:\n noNamespaces: true\n namespacedResourceRestoreMode: FAIL_ON_CONFLICT\n clusterResourceRestoreScope:\n allGroupKinds: true\n clusterResourceConflictPolicy: USE_EXISTING_VERSION\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Gkebackup Restoreplan Rename Namespace\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst primary = new gcp.container.Cluster(\"primary\", {\n name: \"rename-ns-cluster\",\n location: \"us-central1\",\n initialNodeCount: 1,\n workloadIdentityConfig: {\n workloadPool: \"my-project-name.svc.id.goog\",\n },\n addonsConfig: {\n gkeBackupAgentConfig: {\n enabled: true,\n },\n },\n deletionProtection: true,\n network: \"default\",\n subnetwork: \"default\",\n});\nconst basic = new gcp.gkebackup.BackupPlan(\"basic\", {\n name: \"rename-ns\",\n cluster: primary.id,\n location: \"us-central1\",\n backupConfig: {\n includeVolumeData: true,\n includeSecrets: true,\n allNamespaces: true,\n },\n});\nconst renameNs = new gcp.gkebackup.RestorePlan(\"rename_ns\", {\n name: \"rename-ns-rp\",\n location: \"us-central1\",\n backupPlan: basic.id,\n cluster: primary.id,\n restoreConfig: {\n selectedNamespaces: {\n namespaces: [\"ns1\"],\n },\n namespacedResourceRestoreMode: \"FAIL_ON_CONFLICT\",\n volumeDataRestorePolicy: \"REUSE_VOLUME_HANDLE_FROM_BACKUP\",\n clusterResourceRestoreScope: {\n noGroupKinds: true,\n },\n transformationRules: [\n {\n description: \"rename namespace from ns1 to ns2\",\n resourceFilter: {\n groupKinds: [{\n resourceKind: \"Namespace\",\n }],\n jsonPath: \".metadata[?(@.name == 'ns1')]\",\n },\n fieldActions: [{\n op: \"REPLACE\",\n path: \"/metadata/name\",\n value: \"ns2\",\n }],\n },\n {\n description: \"move all resources from ns1 to ns2\",\n resourceFilter: {\n namespaces: [\"ns1\"],\n },\n fieldActions: [{\n op: \"REPLACE\",\n path: \"/metadata/namespace\",\n value: \"ns2\",\n }],\n },\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprimary = gcp.container.Cluster(\"primary\",\n name=\"rename-ns-cluster\",\n location=\"us-central1\",\n initial_node_count=1,\n workload_identity_config={\n \"workload_pool\": \"my-project-name.svc.id.goog\",\n },\n addons_config={\n \"gke_backup_agent_config\": {\n \"enabled\": True,\n },\n },\n deletion_protection=True,\n network=\"default\",\n subnetwork=\"default\")\nbasic = gcp.gkebackup.BackupPlan(\"basic\",\n name=\"rename-ns\",\n cluster=primary.id,\n location=\"us-central1\",\n backup_config={\n \"include_volume_data\": True,\n \"include_secrets\": True,\n \"all_namespaces\": True,\n })\nrename_ns = gcp.gkebackup.RestorePlan(\"rename_ns\",\n name=\"rename-ns-rp\",\n location=\"us-central1\",\n backup_plan=basic.id,\n cluster=primary.id,\n restore_config={\n \"selected_namespaces\": {\n \"namespaces\": [\"ns1\"],\n },\n \"namespaced_resource_restore_mode\": \"FAIL_ON_CONFLICT\",\n \"volume_data_restore_policy\": \"REUSE_VOLUME_HANDLE_FROM_BACKUP\",\n \"cluster_resource_restore_scope\": {\n \"no_group_kinds\": True,\n },\n \"transformation_rules\": [\n {\n \"description\": \"rename namespace from ns1 to ns2\",\n \"resource_filter\": {\n \"group_kinds\": [{\n \"resource_kind\": \"Namespace\",\n }],\n \"json_path\": \".metadata[?(@.name == 'ns1')]\",\n },\n \"field_actions\": [{\n \"op\": \"REPLACE\",\n \"path\": \"/metadata/name\",\n \"value\": \"ns2\",\n }],\n },\n {\n \"description\": \"move all resources from ns1 to ns2\",\n \"resource_filter\": {\n \"namespaces\": [\"ns1\"],\n },\n \"field_actions\": [{\n \"op\": \"REPLACE\",\n \"path\": \"/metadata/namespace\",\n \"value\": \"ns2\",\n }],\n },\n ],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Gcp.Container.Cluster(\"primary\", new()\n {\n Name = \"rename-ns-cluster\",\n Location = \"us-central1\",\n InitialNodeCount = 1,\n WorkloadIdentityConfig = new Gcp.Container.Inputs.ClusterWorkloadIdentityConfigArgs\n {\n WorkloadPool = \"my-project-name.svc.id.goog\",\n },\n AddonsConfig = new Gcp.Container.Inputs.ClusterAddonsConfigArgs\n {\n GkeBackupAgentConfig = new Gcp.Container.Inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs\n {\n Enabled = true,\n },\n },\n DeletionProtection = true,\n Network = \"default\",\n Subnetwork = \"default\",\n });\n\n var basic = new Gcp.GkeBackup.BackupPlan(\"basic\", new()\n {\n Name = \"rename-ns\",\n Cluster = primary.Id,\n Location = \"us-central1\",\n BackupConfig = new Gcp.GkeBackup.Inputs.BackupPlanBackupConfigArgs\n {\n IncludeVolumeData = true,\n IncludeSecrets = true,\n AllNamespaces = true,\n },\n });\n\n var renameNs = new Gcp.GkeBackup.RestorePlan(\"rename_ns\", new()\n {\n Name = \"rename-ns-rp\",\n Location = \"us-central1\",\n BackupPlan = basic.Id,\n Cluster = primary.Id,\n RestoreConfig = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigArgs\n {\n SelectedNamespaces = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigSelectedNamespacesArgs\n {\n Namespaces = new[]\n {\n \"ns1\",\n },\n },\n NamespacedResourceRestoreMode = \"FAIL_ON_CONFLICT\",\n VolumeDataRestorePolicy = \"REUSE_VOLUME_HANDLE_FROM_BACKUP\",\n ClusterResourceRestoreScope = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs\n {\n NoGroupKinds = true,\n },\n TransformationRules = new[]\n {\n new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigTransformationRuleArgs\n {\n Description = \"rename namespace from ns1 to ns2\",\n ResourceFilter = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigTransformationRuleResourceFilterArgs\n {\n GroupKinds = new[]\n {\n new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigTransformationRuleResourceFilterGroupKindArgs\n {\n ResourceKind = \"Namespace\",\n },\n },\n JsonPath = \".metadata[?(@.name == 'ns1')]\",\n },\n FieldActions = new[]\n {\n new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigTransformationRuleFieldActionArgs\n {\n Op = \"REPLACE\",\n Path = \"/metadata/name\",\n Value = \"ns2\",\n },\n },\n },\n new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigTransformationRuleArgs\n {\n Description = \"move all resources from ns1 to ns2\",\n ResourceFilter = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigTransformationRuleResourceFilterArgs\n {\n Namespaces = new[]\n {\n \"ns1\",\n },\n },\n FieldActions = new[]\n {\n new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigTransformationRuleFieldActionArgs\n {\n Op = \"REPLACE\",\n Path = \"/metadata/namespace\",\n Value = \"ns2\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprimary, err := container.NewCluster(ctx, \"primary\", \u0026container.ClusterArgs{\n\t\t\tName: pulumi.String(\"rename-ns-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tInitialNodeCount: pulumi.Int(1),\n\t\t\tWorkloadIdentityConfig: \u0026container.ClusterWorkloadIdentityConfigArgs{\n\t\t\t\tWorkloadPool: pulumi.String(\"my-project-name.svc.id.goog\"),\n\t\t\t},\n\t\t\tAddonsConfig: \u0026container.ClusterAddonsConfigArgs{\n\t\t\t\tGkeBackupAgentConfig: \u0026container.ClusterAddonsConfigGkeBackupAgentConfigArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\tSubnetwork: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasic, err := gkebackup.NewBackupPlan(ctx, \"basic\", \u0026gkebackup.BackupPlanArgs{\n\t\t\tName: pulumi.String(\"rename-ns\"),\n\t\t\tCluster: primary.ID(),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupConfig: \u0026gkebackup.BackupPlanBackupConfigArgs{\n\t\t\t\tIncludeVolumeData: pulumi.Bool(true),\n\t\t\t\tIncludeSecrets: pulumi.Bool(true),\n\t\t\t\tAllNamespaces: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewRestorePlan(ctx, \"rename_ns\", \u0026gkebackup.RestorePlanArgs{\n\t\t\tName: pulumi.String(\"rename-ns-rp\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupPlan: basic.ID(),\n\t\t\tCluster: primary.ID(),\n\t\t\tRestoreConfig: \u0026gkebackup.RestorePlanRestoreConfigArgs{\n\t\t\t\tSelectedNamespaces: \u0026gkebackup.RestorePlanRestoreConfigSelectedNamespacesArgs{\n\t\t\t\t\tNamespaces: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"ns1\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tNamespacedResourceRestoreMode: pulumi.String(\"FAIL_ON_CONFLICT\"),\n\t\t\t\tVolumeDataRestorePolicy: pulumi.String(\"REUSE_VOLUME_HANDLE_FROM_BACKUP\"),\n\t\t\t\tClusterResourceRestoreScope: \u0026gkebackup.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs{\n\t\t\t\t\tNoGroupKinds: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tTransformationRules: gkebackup.RestorePlanRestoreConfigTransformationRuleArray{\n\t\t\t\t\t\u0026gkebackup.RestorePlanRestoreConfigTransformationRuleArgs{\n\t\t\t\t\t\tDescription: pulumi.String(\"rename namespace from ns1 to ns2\"),\n\t\t\t\t\t\tResourceFilter: \u0026gkebackup.RestorePlanRestoreConfigTransformationRuleResourceFilterArgs{\n\t\t\t\t\t\t\tGroupKinds: gkebackup.RestorePlanRestoreConfigTransformationRuleResourceFilterGroupKindArray{\n\t\t\t\t\t\t\t\t\u0026gkebackup.RestorePlanRestoreConfigTransformationRuleResourceFilterGroupKindArgs{\n\t\t\t\t\t\t\t\t\tResourceKind: pulumi.String(\"Namespace\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tJsonPath: pulumi.String(\".metadata[?(@.name == 'ns1')]\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tFieldActions: gkebackup.RestorePlanRestoreConfigTransformationRuleFieldActionArray{\n\t\t\t\t\t\t\t\u0026gkebackup.RestorePlanRestoreConfigTransformationRuleFieldActionArgs{\n\t\t\t\t\t\t\t\tOp: pulumi.String(\"REPLACE\"),\n\t\t\t\t\t\t\t\tPath: pulumi.String(\"/metadata/name\"),\n\t\t\t\t\t\t\t\tValue: pulumi.String(\"ns2\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026gkebackup.RestorePlanRestoreConfigTransformationRuleArgs{\n\t\t\t\t\t\tDescription: pulumi.String(\"move all resources from ns1 to ns2\"),\n\t\t\t\t\t\tResourceFilter: \u0026gkebackup.RestorePlanRestoreConfigTransformationRuleResourceFilterArgs{\n\t\t\t\t\t\t\tNamespaces: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"ns1\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tFieldActions: gkebackup.RestorePlanRestoreConfigTransformationRuleFieldActionArray{\n\t\t\t\t\t\t\t\u0026gkebackup.RestorePlanRestoreConfigTransformationRuleFieldActionArgs{\n\t\t\t\t\t\t\t\tOp: pulumi.String(\"REPLACE\"),\n\t\t\t\t\t\t\t\tPath: pulumi.String(\"/metadata/namespace\"),\n\t\t\t\t\t\t\t\tValue: pulumi.String(\"ns2\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.Cluster;\nimport com.pulumi.gcp.container.ClusterArgs;\nimport com.pulumi.gcp.container.inputs.ClusterWorkloadIdentityConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlan;\nimport com.pulumi.gcp.gkebackup.BackupPlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.BackupPlanBackupConfigArgs;\nimport com.pulumi.gcp.gkebackup.RestorePlan;\nimport com.pulumi.gcp.gkebackup.RestorePlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigSelectedNamespacesArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Cluster(\"primary\", ClusterArgs.builder()\n .name(\"rename-ns-cluster\")\n .location(\"us-central1\")\n .initialNodeCount(1)\n .workloadIdentityConfig(ClusterWorkloadIdentityConfigArgs.builder()\n .workloadPool(\"my-project-name.svc.id.goog\")\n .build())\n .addonsConfig(ClusterAddonsConfigArgs.builder()\n .gkeBackupAgentConfig(ClusterAddonsConfigGkeBackupAgentConfigArgs.builder()\n .enabled(true)\n .build())\n .build())\n .deletionProtection(true)\n .network(\"default\")\n .subnetwork(\"default\")\n .build());\n\n var basic = new BackupPlan(\"basic\", BackupPlanArgs.builder()\n .name(\"rename-ns\")\n .cluster(primary.id())\n .location(\"us-central1\")\n .backupConfig(BackupPlanBackupConfigArgs.builder()\n .includeVolumeData(true)\n .includeSecrets(true)\n .allNamespaces(true)\n .build())\n .build());\n\n var renameNs = new RestorePlan(\"renameNs\", RestorePlanArgs.builder()\n .name(\"rename-ns-rp\")\n .location(\"us-central1\")\n .backupPlan(basic.id())\n .cluster(primary.id())\n .restoreConfig(RestorePlanRestoreConfigArgs.builder()\n .selectedNamespaces(RestorePlanRestoreConfigSelectedNamespacesArgs.builder()\n .namespaces(\"ns1\")\n .build())\n .namespacedResourceRestoreMode(\"FAIL_ON_CONFLICT\")\n .volumeDataRestorePolicy(\"REUSE_VOLUME_HANDLE_FROM_BACKUP\")\n .clusterResourceRestoreScope(RestorePlanRestoreConfigClusterResourceRestoreScopeArgs.builder()\n .noGroupKinds(true)\n .build())\n .transformationRules( \n RestorePlanRestoreConfigTransformationRuleArgs.builder()\n .description(\"rename namespace from ns1 to ns2\")\n .resourceFilter(RestorePlanRestoreConfigTransformationRuleResourceFilterArgs.builder()\n .groupKinds(RestorePlanRestoreConfigTransformationRuleResourceFilterGroupKindArgs.builder()\n .resourceKind(\"Namespace\")\n .build())\n .jsonPath(\".metadata[?(@.name == 'ns1')]\")\n .build())\n .fieldActions(RestorePlanRestoreConfigTransformationRuleFieldActionArgs.builder()\n .op(\"REPLACE\")\n .path(\"/metadata/name\")\n .value(\"ns2\")\n .build())\n .build(),\n RestorePlanRestoreConfigTransformationRuleArgs.builder()\n .description(\"move all resources from ns1 to ns2\")\n .resourceFilter(RestorePlanRestoreConfigTransformationRuleResourceFilterArgs.builder()\n .namespaces(\"ns1\")\n .build())\n .fieldActions(RestorePlanRestoreConfigTransformationRuleFieldActionArgs.builder()\n .op(\"REPLACE\")\n .path(\"/metadata/namespace\")\n .value(\"ns2\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:Cluster\n properties:\n name: rename-ns-cluster\n location: us-central1\n initialNodeCount: 1\n workloadIdentityConfig:\n workloadPool: my-project-name.svc.id.goog\n addonsConfig:\n gkeBackupAgentConfig:\n enabled: true\n deletionProtection: true\n network: default\n subnetwork: default\n basic:\n type: gcp:gkebackup:BackupPlan\n properties:\n name: rename-ns\n cluster: ${primary.id}\n location: us-central1\n backupConfig:\n includeVolumeData: true\n includeSecrets: true\n allNamespaces: true\n renameNs:\n type: gcp:gkebackup:RestorePlan\n name: rename_ns\n properties:\n name: rename-ns-rp\n location: us-central1\n backupPlan: ${basic.id}\n cluster: ${primary.id}\n restoreConfig:\n selectedNamespaces:\n namespaces:\n - ns1\n namespacedResourceRestoreMode: FAIL_ON_CONFLICT\n volumeDataRestorePolicy: REUSE_VOLUME_HANDLE_FROM_BACKUP\n clusterResourceRestoreScope:\n noGroupKinds: true\n transformationRules:\n - description: rename namespace from ns1 to ns2\n resourceFilter:\n groupKinds:\n - resourceKind: Namespace\n jsonPath: .metadata[?(@.name == 'ns1')]\n fieldActions:\n - op: REPLACE\n path: /metadata/name\n value: ns2\n - description: move all resources from ns1 to ns2\n resourceFilter:\n namespaces:\n - ns1\n fieldActions:\n - op: REPLACE\n path: /metadata/namespace\n value: ns2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Gkebackup Restoreplan Second Transformation\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst primary = new gcp.container.Cluster(\"primary\", {\n name: \"transform-rule-cluster\",\n location: \"us-central1\",\n initialNodeCount: 1,\n workloadIdentityConfig: {\n workloadPool: \"my-project-name.svc.id.goog\",\n },\n addonsConfig: {\n gkeBackupAgentConfig: {\n enabled: true,\n },\n },\n deletionProtection: true,\n network: \"default\",\n subnetwork: \"default\",\n});\nconst basic = new gcp.gkebackup.BackupPlan(\"basic\", {\n name: \"transform-rule\",\n cluster: primary.id,\n location: \"us-central1\",\n backupConfig: {\n includeVolumeData: true,\n includeSecrets: true,\n allNamespaces: true,\n },\n});\nconst transformRule = new gcp.gkebackup.RestorePlan(\"transform_rule\", {\n name: \"transform-rule-rp\",\n description: \"copy nginx env variables\",\n labels: {\n app: \"nginx\",\n },\n location: \"us-central1\",\n backupPlan: basic.id,\n cluster: primary.id,\n restoreConfig: {\n excludedNamespaces: {\n namespaces: [\"my-ns\"],\n },\n namespacedResourceRestoreMode: \"DELETE_AND_RESTORE\",\n volumeDataRestorePolicy: \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n clusterResourceRestoreScope: {\n excludedGroupKinds: [{\n resourceGroup: \"apiextension.k8s.io\",\n resourceKind: \"CustomResourceDefinition\",\n }],\n },\n clusterResourceConflictPolicy: \"USE_EXISTING_VERSION\",\n transformationRules: [{\n description: \"Copy environment variables from the nginx container to the install init container.\",\n resourceFilter: {\n groupKinds: [{\n resourceKind: \"Pod\",\n resourceGroup: \"\",\n }],\n jsonPath: \".metadata[?(@.name == 'nginx')]\",\n },\n fieldActions: [{\n op: \"COPY\",\n path: \"/spec/initContainers/0/env\",\n fromPath: \"/spec/containers/0/env\",\n }],\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprimary = gcp.container.Cluster(\"primary\",\n name=\"transform-rule-cluster\",\n location=\"us-central1\",\n initial_node_count=1,\n workload_identity_config={\n \"workload_pool\": \"my-project-name.svc.id.goog\",\n },\n addons_config={\n \"gke_backup_agent_config\": {\n \"enabled\": True,\n },\n },\n deletion_protection=True,\n network=\"default\",\n subnetwork=\"default\")\nbasic = gcp.gkebackup.BackupPlan(\"basic\",\n name=\"transform-rule\",\n cluster=primary.id,\n location=\"us-central1\",\n backup_config={\n \"include_volume_data\": True,\n \"include_secrets\": True,\n \"all_namespaces\": True,\n })\ntransform_rule = gcp.gkebackup.RestorePlan(\"transform_rule\",\n name=\"transform-rule-rp\",\n description=\"copy nginx env variables\",\n labels={\n \"app\": \"nginx\",\n },\n location=\"us-central1\",\n backup_plan=basic.id,\n cluster=primary.id,\n restore_config={\n \"excluded_namespaces\": {\n \"namespaces\": [\"my-ns\"],\n },\n \"namespaced_resource_restore_mode\": \"DELETE_AND_RESTORE\",\n \"volume_data_restore_policy\": \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n \"cluster_resource_restore_scope\": {\n \"excluded_group_kinds\": [{\n \"resource_group\": \"apiextension.k8s.io\",\n \"resource_kind\": \"CustomResourceDefinition\",\n }],\n },\n \"cluster_resource_conflict_policy\": \"USE_EXISTING_VERSION\",\n \"transformation_rules\": [{\n \"description\": \"Copy environment variables from the nginx container to the install init container.\",\n \"resource_filter\": {\n \"group_kinds\": [{\n \"resource_kind\": \"Pod\",\n \"resource_group\": \"\",\n }],\n \"json_path\": \".metadata[?(@.name == 'nginx')]\",\n },\n \"field_actions\": [{\n \"op\": \"COPY\",\n \"path\": \"/spec/initContainers/0/env\",\n \"from_path\": \"/spec/containers/0/env\",\n }],\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Gcp.Container.Cluster(\"primary\", new()\n {\n Name = \"transform-rule-cluster\",\n Location = \"us-central1\",\n InitialNodeCount = 1,\n WorkloadIdentityConfig = new Gcp.Container.Inputs.ClusterWorkloadIdentityConfigArgs\n {\n WorkloadPool = \"my-project-name.svc.id.goog\",\n },\n AddonsConfig = new Gcp.Container.Inputs.ClusterAddonsConfigArgs\n {\n GkeBackupAgentConfig = new Gcp.Container.Inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs\n {\n Enabled = true,\n },\n },\n DeletionProtection = true,\n Network = \"default\",\n Subnetwork = \"default\",\n });\n\n var basic = new Gcp.GkeBackup.BackupPlan(\"basic\", new()\n {\n Name = \"transform-rule\",\n Cluster = primary.Id,\n Location = \"us-central1\",\n BackupConfig = new Gcp.GkeBackup.Inputs.BackupPlanBackupConfigArgs\n {\n IncludeVolumeData = true,\n IncludeSecrets = true,\n AllNamespaces = true,\n },\n });\n\n var transformRule = new Gcp.GkeBackup.RestorePlan(\"transform_rule\", new()\n {\n Name = \"transform-rule-rp\",\n Description = \"copy nginx env variables\",\n Labels = \n {\n { \"app\", \"nginx\" },\n },\n Location = \"us-central1\",\n BackupPlan = basic.Id,\n Cluster = primary.Id,\n RestoreConfig = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigArgs\n {\n ExcludedNamespaces = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigExcludedNamespacesArgs\n {\n Namespaces = new[]\n {\n \"my-ns\",\n },\n },\n NamespacedResourceRestoreMode = \"DELETE_AND_RESTORE\",\n VolumeDataRestorePolicy = \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n ClusterResourceRestoreScope = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs\n {\n ExcludedGroupKinds = new[]\n {\n new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeExcludedGroupKindArgs\n {\n ResourceGroup = \"apiextension.k8s.io\",\n ResourceKind = \"CustomResourceDefinition\",\n },\n },\n },\n ClusterResourceConflictPolicy = \"USE_EXISTING_VERSION\",\n TransformationRules = new[]\n {\n new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigTransformationRuleArgs\n {\n Description = \"Copy environment variables from the nginx container to the install init container.\",\n ResourceFilter = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigTransformationRuleResourceFilterArgs\n {\n GroupKinds = new[]\n {\n new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigTransformationRuleResourceFilterGroupKindArgs\n {\n ResourceKind = \"Pod\",\n ResourceGroup = \"\",\n },\n },\n JsonPath = \".metadata[?(@.name == 'nginx')]\",\n },\n FieldActions = new[]\n {\n new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigTransformationRuleFieldActionArgs\n {\n Op = \"COPY\",\n Path = \"/spec/initContainers/0/env\",\n FromPath = \"/spec/containers/0/env\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprimary, err := container.NewCluster(ctx, \"primary\", \u0026container.ClusterArgs{\n\t\t\tName: pulumi.String(\"transform-rule-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tInitialNodeCount: pulumi.Int(1),\n\t\t\tWorkloadIdentityConfig: \u0026container.ClusterWorkloadIdentityConfigArgs{\n\t\t\t\tWorkloadPool: pulumi.String(\"my-project-name.svc.id.goog\"),\n\t\t\t},\n\t\t\tAddonsConfig: \u0026container.ClusterAddonsConfigArgs{\n\t\t\t\tGkeBackupAgentConfig: \u0026container.ClusterAddonsConfigGkeBackupAgentConfigArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\tSubnetwork: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasic, err := gkebackup.NewBackupPlan(ctx, \"basic\", \u0026gkebackup.BackupPlanArgs{\n\t\t\tName: pulumi.String(\"transform-rule\"),\n\t\t\tCluster: primary.ID(),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupConfig: \u0026gkebackup.BackupPlanBackupConfigArgs{\n\t\t\t\tIncludeVolumeData: pulumi.Bool(true),\n\t\t\t\tIncludeSecrets: pulumi.Bool(true),\n\t\t\t\tAllNamespaces: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewRestorePlan(ctx, \"transform_rule\", \u0026gkebackup.RestorePlanArgs{\n\t\t\tName: pulumi.String(\"transform-rule-rp\"),\n\t\t\tDescription: pulumi.String(\"copy nginx env variables\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"app\": pulumi.String(\"nginx\"),\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupPlan: basic.ID(),\n\t\t\tCluster: primary.ID(),\n\t\t\tRestoreConfig: \u0026gkebackup.RestorePlanRestoreConfigArgs{\n\t\t\t\tExcludedNamespaces: \u0026gkebackup.RestorePlanRestoreConfigExcludedNamespacesArgs{\n\t\t\t\t\tNamespaces: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"my-ns\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tNamespacedResourceRestoreMode: pulumi.String(\"DELETE_AND_RESTORE\"),\n\t\t\t\tVolumeDataRestorePolicy: pulumi.String(\"RESTORE_VOLUME_DATA_FROM_BACKUP\"),\n\t\t\t\tClusterResourceRestoreScope: \u0026gkebackup.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs{\n\t\t\t\t\tExcludedGroupKinds: gkebackup.RestorePlanRestoreConfigClusterResourceRestoreScopeExcludedGroupKindArray{\n\t\t\t\t\t\t\u0026gkebackup.RestorePlanRestoreConfigClusterResourceRestoreScopeExcludedGroupKindArgs{\n\t\t\t\t\t\t\tResourceGroup: pulumi.String(\"apiextension.k8s.io\"),\n\t\t\t\t\t\t\tResourceKind: pulumi.String(\"CustomResourceDefinition\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tClusterResourceConflictPolicy: pulumi.String(\"USE_EXISTING_VERSION\"),\n\t\t\t\tTransformationRules: gkebackup.RestorePlanRestoreConfigTransformationRuleArray{\n\t\t\t\t\t\u0026gkebackup.RestorePlanRestoreConfigTransformationRuleArgs{\n\t\t\t\t\t\tDescription: pulumi.String(\"Copy environment variables from the nginx container to the install init container.\"),\n\t\t\t\t\t\tResourceFilter: \u0026gkebackup.RestorePlanRestoreConfigTransformationRuleResourceFilterArgs{\n\t\t\t\t\t\t\tGroupKinds: gkebackup.RestorePlanRestoreConfigTransformationRuleResourceFilterGroupKindArray{\n\t\t\t\t\t\t\t\t\u0026gkebackup.RestorePlanRestoreConfigTransformationRuleResourceFilterGroupKindArgs{\n\t\t\t\t\t\t\t\t\tResourceKind: pulumi.String(\"Pod\"),\n\t\t\t\t\t\t\t\t\tResourceGroup: pulumi.String(\"\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tJsonPath: pulumi.String(\".metadata[?(@.name == 'nginx')]\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tFieldActions: gkebackup.RestorePlanRestoreConfigTransformationRuleFieldActionArray{\n\t\t\t\t\t\t\t\u0026gkebackup.RestorePlanRestoreConfigTransformationRuleFieldActionArgs{\n\t\t\t\t\t\t\t\tOp: pulumi.String(\"COPY\"),\n\t\t\t\t\t\t\t\tPath: pulumi.String(\"/spec/initContainers/0/env\"),\n\t\t\t\t\t\t\t\tFromPath: pulumi.String(\"/spec/containers/0/env\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.Cluster;\nimport com.pulumi.gcp.container.ClusterArgs;\nimport com.pulumi.gcp.container.inputs.ClusterWorkloadIdentityConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlan;\nimport com.pulumi.gcp.gkebackup.BackupPlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.BackupPlanBackupConfigArgs;\nimport com.pulumi.gcp.gkebackup.RestorePlan;\nimport com.pulumi.gcp.gkebackup.RestorePlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigExcludedNamespacesArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Cluster(\"primary\", ClusterArgs.builder()\n .name(\"transform-rule-cluster\")\n .location(\"us-central1\")\n .initialNodeCount(1)\n .workloadIdentityConfig(ClusterWorkloadIdentityConfigArgs.builder()\n .workloadPool(\"my-project-name.svc.id.goog\")\n .build())\n .addonsConfig(ClusterAddonsConfigArgs.builder()\n .gkeBackupAgentConfig(ClusterAddonsConfigGkeBackupAgentConfigArgs.builder()\n .enabled(true)\n .build())\n .build())\n .deletionProtection(true)\n .network(\"default\")\n .subnetwork(\"default\")\n .build());\n\n var basic = new BackupPlan(\"basic\", BackupPlanArgs.builder()\n .name(\"transform-rule\")\n .cluster(primary.id())\n .location(\"us-central1\")\n .backupConfig(BackupPlanBackupConfigArgs.builder()\n .includeVolumeData(true)\n .includeSecrets(true)\n .allNamespaces(true)\n .build())\n .build());\n\n var transformRule = new RestorePlan(\"transformRule\", RestorePlanArgs.builder()\n .name(\"transform-rule-rp\")\n .description(\"copy nginx env variables\")\n .labels(Map.of(\"app\", \"nginx\"))\n .location(\"us-central1\")\n .backupPlan(basic.id())\n .cluster(primary.id())\n .restoreConfig(RestorePlanRestoreConfigArgs.builder()\n .excludedNamespaces(RestorePlanRestoreConfigExcludedNamespacesArgs.builder()\n .namespaces(\"my-ns\")\n .build())\n .namespacedResourceRestoreMode(\"DELETE_AND_RESTORE\")\n .volumeDataRestorePolicy(\"RESTORE_VOLUME_DATA_FROM_BACKUP\")\n .clusterResourceRestoreScope(RestorePlanRestoreConfigClusterResourceRestoreScopeArgs.builder()\n .excludedGroupKinds(RestorePlanRestoreConfigClusterResourceRestoreScopeExcludedGroupKindArgs.builder()\n .resourceGroup(\"apiextension.k8s.io\")\n .resourceKind(\"CustomResourceDefinition\")\n .build())\n .build())\n .clusterResourceConflictPolicy(\"USE_EXISTING_VERSION\")\n .transformationRules(RestorePlanRestoreConfigTransformationRuleArgs.builder()\n .description(\"Copy environment variables from the nginx container to the install init container.\")\n .resourceFilter(RestorePlanRestoreConfigTransformationRuleResourceFilterArgs.builder()\n .groupKinds(RestorePlanRestoreConfigTransformationRuleResourceFilterGroupKindArgs.builder()\n .resourceKind(\"Pod\")\n .resourceGroup(\"\")\n .build())\n .jsonPath(\".metadata[?(@.name == 'nginx')]\")\n .build())\n .fieldActions(RestorePlanRestoreConfigTransformationRuleFieldActionArgs.builder()\n .op(\"COPY\")\n .path(\"/spec/initContainers/0/env\")\n .fromPath(\"/spec/containers/0/env\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:Cluster\n properties:\n name: transform-rule-cluster\n location: us-central1\n initialNodeCount: 1\n workloadIdentityConfig:\n workloadPool: my-project-name.svc.id.goog\n addonsConfig:\n gkeBackupAgentConfig:\n enabled: true\n deletionProtection: true\n network: default\n subnetwork: default\n basic:\n type: gcp:gkebackup:BackupPlan\n properties:\n name: transform-rule\n cluster: ${primary.id}\n location: us-central1\n backupConfig:\n includeVolumeData: true\n includeSecrets: true\n allNamespaces: true\n transformRule:\n type: gcp:gkebackup:RestorePlan\n name: transform_rule\n properties:\n name: transform-rule-rp\n description: copy nginx env variables\n labels:\n app: nginx\n location: us-central1\n backupPlan: ${basic.id}\n cluster: ${primary.id}\n restoreConfig:\n excludedNamespaces:\n namespaces:\n - my-ns\n namespacedResourceRestoreMode: DELETE_AND_RESTORE\n volumeDataRestorePolicy: RESTORE_VOLUME_DATA_FROM_BACKUP\n clusterResourceRestoreScope:\n excludedGroupKinds:\n - resourceGroup: apiextension.k8s.io\n resourceKind: CustomResourceDefinition\n clusterResourceConflictPolicy: USE_EXISTING_VERSION\n transformationRules:\n - description: Copy environment variables from the nginx container to the install init container.\n resourceFilter:\n groupKinds:\n - resourceKind: Pod\n resourceGroup: \"\"\n jsonPath: .metadata[?(@.name == 'nginx')]\n fieldActions:\n - op: COPY\n path: /spec/initContainers/0/env\n fromPath: /spec/containers/0/env\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Gkebackup Restoreplan Gitops Mode\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst primary = new gcp.container.Cluster(\"primary\", {\n name: \"gitops-mode-cluster\",\n location: \"us-central1\",\n initialNodeCount: 1,\n workloadIdentityConfig: {\n workloadPool: \"my-project-name.svc.id.goog\",\n },\n addonsConfig: {\n gkeBackupAgentConfig: {\n enabled: true,\n },\n },\n deletionProtection: true,\n network: \"default\",\n subnetwork: \"default\",\n});\nconst basic = new gcp.gkebackup.BackupPlan(\"basic\", {\n name: \"gitops-mode\",\n cluster: primary.id,\n location: \"us-central1\",\n backupConfig: {\n includeVolumeData: true,\n includeSecrets: true,\n allNamespaces: true,\n },\n});\nconst gitopsMode = new gcp.gkebackup.RestorePlan(\"gitops_mode\", {\n name: \"gitops-mode\",\n location: \"us-central1\",\n backupPlan: basic.id,\n cluster: primary.id,\n restoreConfig: {\n allNamespaces: true,\n namespacedResourceRestoreMode: \"MERGE_SKIP_ON_CONFLICT\",\n volumeDataRestorePolicy: \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n clusterResourceRestoreScope: {\n allGroupKinds: true,\n },\n clusterResourceConflictPolicy: \"USE_EXISTING_VERSION\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprimary = gcp.container.Cluster(\"primary\",\n name=\"gitops-mode-cluster\",\n location=\"us-central1\",\n initial_node_count=1,\n workload_identity_config={\n \"workload_pool\": \"my-project-name.svc.id.goog\",\n },\n addons_config={\n \"gke_backup_agent_config\": {\n \"enabled\": True,\n },\n },\n deletion_protection=True,\n network=\"default\",\n subnetwork=\"default\")\nbasic = gcp.gkebackup.BackupPlan(\"basic\",\n name=\"gitops-mode\",\n cluster=primary.id,\n location=\"us-central1\",\n backup_config={\n \"include_volume_data\": True,\n \"include_secrets\": True,\n \"all_namespaces\": True,\n })\ngitops_mode = gcp.gkebackup.RestorePlan(\"gitops_mode\",\n name=\"gitops-mode\",\n location=\"us-central1\",\n backup_plan=basic.id,\n cluster=primary.id,\n restore_config={\n \"all_namespaces\": True,\n \"namespaced_resource_restore_mode\": \"MERGE_SKIP_ON_CONFLICT\",\n \"volume_data_restore_policy\": \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n \"cluster_resource_restore_scope\": {\n \"all_group_kinds\": True,\n },\n \"cluster_resource_conflict_policy\": \"USE_EXISTING_VERSION\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Gcp.Container.Cluster(\"primary\", new()\n {\n Name = \"gitops-mode-cluster\",\n Location = \"us-central1\",\n InitialNodeCount = 1,\n WorkloadIdentityConfig = new Gcp.Container.Inputs.ClusterWorkloadIdentityConfigArgs\n {\n WorkloadPool = \"my-project-name.svc.id.goog\",\n },\n AddonsConfig = new Gcp.Container.Inputs.ClusterAddonsConfigArgs\n {\n GkeBackupAgentConfig = new Gcp.Container.Inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs\n {\n Enabled = true,\n },\n },\n DeletionProtection = true,\n Network = \"default\",\n Subnetwork = \"default\",\n });\n\n var basic = new Gcp.GkeBackup.BackupPlan(\"basic\", new()\n {\n Name = \"gitops-mode\",\n Cluster = primary.Id,\n Location = \"us-central1\",\n BackupConfig = new Gcp.GkeBackup.Inputs.BackupPlanBackupConfigArgs\n {\n IncludeVolumeData = true,\n IncludeSecrets = true,\n AllNamespaces = true,\n },\n });\n\n var gitopsMode = new Gcp.GkeBackup.RestorePlan(\"gitops_mode\", new()\n {\n Name = \"gitops-mode\",\n Location = \"us-central1\",\n BackupPlan = basic.Id,\n Cluster = primary.Id,\n RestoreConfig = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigArgs\n {\n AllNamespaces = true,\n NamespacedResourceRestoreMode = \"MERGE_SKIP_ON_CONFLICT\",\n VolumeDataRestorePolicy = \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n ClusterResourceRestoreScope = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs\n {\n AllGroupKinds = true,\n },\n ClusterResourceConflictPolicy = \"USE_EXISTING_VERSION\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprimary, err := container.NewCluster(ctx, \"primary\", \u0026container.ClusterArgs{\n\t\t\tName: pulumi.String(\"gitops-mode-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tInitialNodeCount: pulumi.Int(1),\n\t\t\tWorkloadIdentityConfig: \u0026container.ClusterWorkloadIdentityConfigArgs{\n\t\t\t\tWorkloadPool: pulumi.String(\"my-project-name.svc.id.goog\"),\n\t\t\t},\n\t\t\tAddonsConfig: \u0026container.ClusterAddonsConfigArgs{\n\t\t\t\tGkeBackupAgentConfig: \u0026container.ClusterAddonsConfigGkeBackupAgentConfigArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\tSubnetwork: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasic, err := gkebackup.NewBackupPlan(ctx, \"basic\", \u0026gkebackup.BackupPlanArgs{\n\t\t\tName: pulumi.String(\"gitops-mode\"),\n\t\t\tCluster: primary.ID(),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupConfig: \u0026gkebackup.BackupPlanBackupConfigArgs{\n\t\t\t\tIncludeVolumeData: pulumi.Bool(true),\n\t\t\t\tIncludeSecrets: pulumi.Bool(true),\n\t\t\t\tAllNamespaces: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewRestorePlan(ctx, \"gitops_mode\", \u0026gkebackup.RestorePlanArgs{\n\t\t\tName: pulumi.String(\"gitops-mode\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupPlan: basic.ID(),\n\t\t\tCluster: primary.ID(),\n\t\t\tRestoreConfig: \u0026gkebackup.RestorePlanRestoreConfigArgs{\n\t\t\t\tAllNamespaces: pulumi.Bool(true),\n\t\t\t\tNamespacedResourceRestoreMode: pulumi.String(\"MERGE_SKIP_ON_CONFLICT\"),\n\t\t\t\tVolumeDataRestorePolicy: pulumi.String(\"RESTORE_VOLUME_DATA_FROM_BACKUP\"),\n\t\t\t\tClusterResourceRestoreScope: \u0026gkebackup.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs{\n\t\t\t\t\tAllGroupKinds: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tClusterResourceConflictPolicy: pulumi.String(\"USE_EXISTING_VERSION\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.Cluster;\nimport com.pulumi.gcp.container.ClusterArgs;\nimport com.pulumi.gcp.container.inputs.ClusterWorkloadIdentityConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlan;\nimport com.pulumi.gcp.gkebackup.BackupPlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.BackupPlanBackupConfigArgs;\nimport com.pulumi.gcp.gkebackup.RestorePlan;\nimport com.pulumi.gcp.gkebackup.RestorePlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Cluster(\"primary\", ClusterArgs.builder()\n .name(\"gitops-mode-cluster\")\n .location(\"us-central1\")\n .initialNodeCount(1)\n .workloadIdentityConfig(ClusterWorkloadIdentityConfigArgs.builder()\n .workloadPool(\"my-project-name.svc.id.goog\")\n .build())\n .addonsConfig(ClusterAddonsConfigArgs.builder()\n .gkeBackupAgentConfig(ClusterAddonsConfigGkeBackupAgentConfigArgs.builder()\n .enabled(true)\n .build())\n .build())\n .deletionProtection(true)\n .network(\"default\")\n .subnetwork(\"default\")\n .build());\n\n var basic = new BackupPlan(\"basic\", BackupPlanArgs.builder()\n .name(\"gitops-mode\")\n .cluster(primary.id())\n .location(\"us-central1\")\n .backupConfig(BackupPlanBackupConfigArgs.builder()\n .includeVolumeData(true)\n .includeSecrets(true)\n .allNamespaces(true)\n .build())\n .build());\n\n var gitopsMode = new RestorePlan(\"gitopsMode\", RestorePlanArgs.builder()\n .name(\"gitops-mode\")\n .location(\"us-central1\")\n .backupPlan(basic.id())\n .cluster(primary.id())\n .restoreConfig(RestorePlanRestoreConfigArgs.builder()\n .allNamespaces(true)\n .namespacedResourceRestoreMode(\"MERGE_SKIP_ON_CONFLICT\")\n .volumeDataRestorePolicy(\"RESTORE_VOLUME_DATA_FROM_BACKUP\")\n .clusterResourceRestoreScope(RestorePlanRestoreConfigClusterResourceRestoreScopeArgs.builder()\n .allGroupKinds(true)\n .build())\n .clusterResourceConflictPolicy(\"USE_EXISTING_VERSION\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:Cluster\n properties:\n name: gitops-mode-cluster\n location: us-central1\n initialNodeCount: 1\n workloadIdentityConfig:\n workloadPool: my-project-name.svc.id.goog\n addonsConfig:\n gkeBackupAgentConfig:\n enabled: true\n deletionProtection: true\n network: default\n subnetwork: default\n basic:\n type: gcp:gkebackup:BackupPlan\n properties:\n name: gitops-mode\n cluster: ${primary.id}\n location: us-central1\n backupConfig:\n includeVolumeData: true\n includeSecrets: true\n allNamespaces: true\n gitopsMode:\n type: gcp:gkebackup:RestorePlan\n name: gitops_mode\n properties:\n name: gitops-mode\n location: us-central1\n backupPlan: ${basic.id}\n cluster: ${primary.id}\n restoreConfig:\n allNamespaces: true\n namespacedResourceRestoreMode: MERGE_SKIP_ON_CONFLICT\n volumeDataRestorePolicy: RESTORE_VOLUME_DATA_FROM_BACKUP\n clusterResourceRestoreScope:\n allGroupKinds: true\n clusterResourceConflictPolicy: USE_EXISTING_VERSION\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Gkebackup Restoreplan Restore Order\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst primary = new gcp.container.Cluster(\"primary\", {\n name: \"restore-order-cluster\",\n location: \"us-central1\",\n initialNodeCount: 1,\n workloadIdentityConfig: {\n workloadPool: \"my-project-name.svc.id.goog\",\n },\n addonsConfig: {\n gkeBackupAgentConfig: {\n enabled: true,\n },\n },\n deletionProtection: true,\n network: \"default\",\n subnetwork: \"default\",\n});\nconst basic = new gcp.gkebackup.BackupPlan(\"basic\", {\n name: \"restore-order\",\n cluster: primary.id,\n location: \"us-central1\",\n backupConfig: {\n includeVolumeData: true,\n includeSecrets: true,\n allNamespaces: true,\n },\n});\nconst restoreOrder = new gcp.gkebackup.RestorePlan(\"restore_order\", {\n name: \"restore-order\",\n location: \"us-central1\",\n backupPlan: basic.id,\n cluster: primary.id,\n restoreConfig: {\n allNamespaces: true,\n namespacedResourceRestoreMode: \"FAIL_ON_CONFLICT\",\n volumeDataRestorePolicy: \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n clusterResourceRestoreScope: {\n allGroupKinds: true,\n },\n clusterResourceConflictPolicy: \"USE_EXISTING_VERSION\",\n restoreOrder: {\n groupKindDependencies: [\n {\n satisfying: {\n resourceGroup: \"stable.example.com\",\n resourceKind: \"kindA\",\n },\n requiring: {\n resourceGroup: \"stable.example.com\",\n resourceKind: \"kindB\",\n },\n },\n {\n satisfying: {\n resourceGroup: \"stable.example.com\",\n resourceKind: \"kindB\",\n },\n requiring: {\n resourceGroup: \"stable.example.com\",\n resourceKind: \"kindC\",\n },\n },\n ],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprimary = gcp.container.Cluster(\"primary\",\n name=\"restore-order-cluster\",\n location=\"us-central1\",\n initial_node_count=1,\n workload_identity_config={\n \"workload_pool\": \"my-project-name.svc.id.goog\",\n },\n addons_config={\n \"gke_backup_agent_config\": {\n \"enabled\": True,\n },\n },\n deletion_protection=True,\n network=\"default\",\n subnetwork=\"default\")\nbasic = gcp.gkebackup.BackupPlan(\"basic\",\n name=\"restore-order\",\n cluster=primary.id,\n location=\"us-central1\",\n backup_config={\n \"include_volume_data\": True,\n \"include_secrets\": True,\n \"all_namespaces\": True,\n })\nrestore_order = gcp.gkebackup.RestorePlan(\"restore_order\",\n name=\"restore-order\",\n location=\"us-central1\",\n backup_plan=basic.id,\n cluster=primary.id,\n restore_config={\n \"all_namespaces\": True,\n \"namespaced_resource_restore_mode\": \"FAIL_ON_CONFLICT\",\n \"volume_data_restore_policy\": \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n \"cluster_resource_restore_scope\": {\n \"all_group_kinds\": True,\n },\n \"cluster_resource_conflict_policy\": \"USE_EXISTING_VERSION\",\n \"restore_order\": {\n \"group_kind_dependencies\": [\n {\n \"satisfying\": {\n \"resource_group\": \"stable.example.com\",\n \"resource_kind\": \"kindA\",\n },\n \"requiring\": {\n \"resource_group\": \"stable.example.com\",\n \"resource_kind\": \"kindB\",\n },\n },\n {\n \"satisfying\": {\n \"resource_group\": \"stable.example.com\",\n \"resource_kind\": \"kindB\",\n },\n \"requiring\": {\n \"resource_group\": \"stable.example.com\",\n \"resource_kind\": \"kindC\",\n },\n },\n ],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Gcp.Container.Cluster(\"primary\", new()\n {\n Name = \"restore-order-cluster\",\n Location = \"us-central1\",\n InitialNodeCount = 1,\n WorkloadIdentityConfig = new Gcp.Container.Inputs.ClusterWorkloadIdentityConfigArgs\n {\n WorkloadPool = \"my-project-name.svc.id.goog\",\n },\n AddonsConfig = new Gcp.Container.Inputs.ClusterAddonsConfigArgs\n {\n GkeBackupAgentConfig = new Gcp.Container.Inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs\n {\n Enabled = true,\n },\n },\n DeletionProtection = true,\n Network = \"default\",\n Subnetwork = \"default\",\n });\n\n var basic = new Gcp.GkeBackup.BackupPlan(\"basic\", new()\n {\n Name = \"restore-order\",\n Cluster = primary.Id,\n Location = \"us-central1\",\n BackupConfig = new Gcp.GkeBackup.Inputs.BackupPlanBackupConfigArgs\n {\n IncludeVolumeData = true,\n IncludeSecrets = true,\n AllNamespaces = true,\n },\n });\n\n var restoreOrder = new Gcp.GkeBackup.RestorePlan(\"restore_order\", new()\n {\n Name = \"restore-order\",\n Location = \"us-central1\",\n BackupPlan = basic.Id,\n Cluster = primary.Id,\n RestoreConfig = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigArgs\n {\n AllNamespaces = true,\n NamespacedResourceRestoreMode = \"FAIL_ON_CONFLICT\",\n VolumeDataRestorePolicy = \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n ClusterResourceRestoreScope = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs\n {\n AllGroupKinds = true,\n },\n ClusterResourceConflictPolicy = \"USE_EXISTING_VERSION\",\n RestoreOrder = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigRestoreOrderArgs\n {\n GroupKindDependencies = new[]\n {\n new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigRestoreOrderGroupKindDependencyArgs\n {\n Satisfying = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigRestoreOrderGroupKindDependencySatisfyingArgs\n {\n ResourceGroup = \"stable.example.com\",\n ResourceKind = \"kindA\",\n },\n Requiring = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigRestoreOrderGroupKindDependencyRequiringArgs\n {\n ResourceGroup = \"stable.example.com\",\n ResourceKind = \"kindB\",\n },\n },\n new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigRestoreOrderGroupKindDependencyArgs\n {\n Satisfying = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigRestoreOrderGroupKindDependencySatisfyingArgs\n {\n ResourceGroup = \"stable.example.com\",\n ResourceKind = \"kindB\",\n },\n Requiring = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigRestoreOrderGroupKindDependencyRequiringArgs\n {\n ResourceGroup = \"stable.example.com\",\n ResourceKind = \"kindC\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprimary, err := container.NewCluster(ctx, \"primary\", \u0026container.ClusterArgs{\n\t\t\tName: pulumi.String(\"restore-order-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tInitialNodeCount: pulumi.Int(1),\n\t\t\tWorkloadIdentityConfig: \u0026container.ClusterWorkloadIdentityConfigArgs{\n\t\t\t\tWorkloadPool: pulumi.String(\"my-project-name.svc.id.goog\"),\n\t\t\t},\n\t\t\tAddonsConfig: \u0026container.ClusterAddonsConfigArgs{\n\t\t\t\tGkeBackupAgentConfig: \u0026container.ClusterAddonsConfigGkeBackupAgentConfigArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\tSubnetwork: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasic, err := gkebackup.NewBackupPlan(ctx, \"basic\", \u0026gkebackup.BackupPlanArgs{\n\t\t\tName: pulumi.String(\"restore-order\"),\n\t\t\tCluster: primary.ID(),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupConfig: \u0026gkebackup.BackupPlanBackupConfigArgs{\n\t\t\t\tIncludeVolumeData: pulumi.Bool(true),\n\t\t\t\tIncludeSecrets: pulumi.Bool(true),\n\t\t\t\tAllNamespaces: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewRestorePlan(ctx, \"restore_order\", \u0026gkebackup.RestorePlanArgs{\n\t\t\tName: pulumi.String(\"restore-order\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupPlan: basic.ID(),\n\t\t\tCluster: primary.ID(),\n\t\t\tRestoreConfig: \u0026gkebackup.RestorePlanRestoreConfigArgs{\n\t\t\t\tAllNamespaces: pulumi.Bool(true),\n\t\t\t\tNamespacedResourceRestoreMode: pulumi.String(\"FAIL_ON_CONFLICT\"),\n\t\t\t\tVolumeDataRestorePolicy: pulumi.String(\"RESTORE_VOLUME_DATA_FROM_BACKUP\"),\n\t\t\t\tClusterResourceRestoreScope: \u0026gkebackup.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs{\n\t\t\t\t\tAllGroupKinds: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tClusterResourceConflictPolicy: pulumi.String(\"USE_EXISTING_VERSION\"),\n\t\t\t\tRestoreOrder: \u0026gkebackup.RestorePlanRestoreConfigRestoreOrderArgs{\n\t\t\t\t\tGroupKindDependencies: gkebackup.RestorePlanRestoreConfigRestoreOrderGroupKindDependencyArray{\n\t\t\t\t\t\t\u0026gkebackup.RestorePlanRestoreConfigRestoreOrderGroupKindDependencyArgs{\n\t\t\t\t\t\t\tSatisfying: \u0026gkebackup.RestorePlanRestoreConfigRestoreOrderGroupKindDependencySatisfyingArgs{\n\t\t\t\t\t\t\t\tResourceGroup: pulumi.String(\"stable.example.com\"),\n\t\t\t\t\t\t\t\tResourceKind: pulumi.String(\"kindA\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tRequiring: \u0026gkebackup.RestorePlanRestoreConfigRestoreOrderGroupKindDependencyRequiringArgs{\n\t\t\t\t\t\t\t\tResourceGroup: pulumi.String(\"stable.example.com\"),\n\t\t\t\t\t\t\t\tResourceKind: pulumi.String(\"kindB\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026gkebackup.RestorePlanRestoreConfigRestoreOrderGroupKindDependencyArgs{\n\t\t\t\t\t\t\tSatisfying: \u0026gkebackup.RestorePlanRestoreConfigRestoreOrderGroupKindDependencySatisfyingArgs{\n\t\t\t\t\t\t\t\tResourceGroup: pulumi.String(\"stable.example.com\"),\n\t\t\t\t\t\t\t\tResourceKind: pulumi.String(\"kindB\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tRequiring: \u0026gkebackup.RestorePlanRestoreConfigRestoreOrderGroupKindDependencyRequiringArgs{\n\t\t\t\t\t\t\t\tResourceGroup: pulumi.String(\"stable.example.com\"),\n\t\t\t\t\t\t\t\tResourceKind: pulumi.String(\"kindC\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.Cluster;\nimport com.pulumi.gcp.container.ClusterArgs;\nimport com.pulumi.gcp.container.inputs.ClusterWorkloadIdentityConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlan;\nimport com.pulumi.gcp.gkebackup.BackupPlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.BackupPlanBackupConfigArgs;\nimport com.pulumi.gcp.gkebackup.RestorePlan;\nimport com.pulumi.gcp.gkebackup.RestorePlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigRestoreOrderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Cluster(\"primary\", ClusterArgs.builder()\n .name(\"restore-order-cluster\")\n .location(\"us-central1\")\n .initialNodeCount(1)\n .workloadIdentityConfig(ClusterWorkloadIdentityConfigArgs.builder()\n .workloadPool(\"my-project-name.svc.id.goog\")\n .build())\n .addonsConfig(ClusterAddonsConfigArgs.builder()\n .gkeBackupAgentConfig(ClusterAddonsConfigGkeBackupAgentConfigArgs.builder()\n .enabled(true)\n .build())\n .build())\n .deletionProtection(true)\n .network(\"default\")\n .subnetwork(\"default\")\n .build());\n\n var basic = new BackupPlan(\"basic\", BackupPlanArgs.builder()\n .name(\"restore-order\")\n .cluster(primary.id())\n .location(\"us-central1\")\n .backupConfig(BackupPlanBackupConfigArgs.builder()\n .includeVolumeData(true)\n .includeSecrets(true)\n .allNamespaces(true)\n .build())\n .build());\n\n var restoreOrder = new RestorePlan(\"restoreOrder\", RestorePlanArgs.builder()\n .name(\"restore-order\")\n .location(\"us-central1\")\n .backupPlan(basic.id())\n .cluster(primary.id())\n .restoreConfig(RestorePlanRestoreConfigArgs.builder()\n .allNamespaces(true)\n .namespacedResourceRestoreMode(\"FAIL_ON_CONFLICT\")\n .volumeDataRestorePolicy(\"RESTORE_VOLUME_DATA_FROM_BACKUP\")\n .clusterResourceRestoreScope(RestorePlanRestoreConfigClusterResourceRestoreScopeArgs.builder()\n .allGroupKinds(true)\n .build())\n .clusterResourceConflictPolicy(\"USE_EXISTING_VERSION\")\n .restoreOrder(RestorePlanRestoreConfigRestoreOrderArgs.builder()\n .groupKindDependencies( \n RestorePlanRestoreConfigRestoreOrderGroupKindDependencyArgs.builder()\n .satisfying(RestorePlanRestoreConfigRestoreOrderGroupKindDependencySatisfyingArgs.builder()\n .resourceGroup(\"stable.example.com\")\n .resourceKind(\"kindA\")\n .build())\n .requiring(RestorePlanRestoreConfigRestoreOrderGroupKindDependencyRequiringArgs.builder()\n .resourceGroup(\"stable.example.com\")\n .resourceKind(\"kindB\")\n .build())\n .build(),\n RestorePlanRestoreConfigRestoreOrderGroupKindDependencyArgs.builder()\n .satisfying(RestorePlanRestoreConfigRestoreOrderGroupKindDependencySatisfyingArgs.builder()\n .resourceGroup(\"stable.example.com\")\n .resourceKind(\"kindB\")\n .build())\n .requiring(RestorePlanRestoreConfigRestoreOrderGroupKindDependencyRequiringArgs.builder()\n .resourceGroup(\"stable.example.com\")\n .resourceKind(\"kindC\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:Cluster\n properties:\n name: restore-order-cluster\n location: us-central1\n initialNodeCount: 1\n workloadIdentityConfig:\n workloadPool: my-project-name.svc.id.goog\n addonsConfig:\n gkeBackupAgentConfig:\n enabled: true\n deletionProtection: true\n network: default\n subnetwork: default\n basic:\n type: gcp:gkebackup:BackupPlan\n properties:\n name: restore-order\n cluster: ${primary.id}\n location: us-central1\n backupConfig:\n includeVolumeData: true\n includeSecrets: true\n allNamespaces: true\n restoreOrder:\n type: gcp:gkebackup:RestorePlan\n name: restore_order\n properties:\n name: restore-order\n location: us-central1\n backupPlan: ${basic.id}\n cluster: ${primary.id}\n restoreConfig:\n allNamespaces: true\n namespacedResourceRestoreMode: FAIL_ON_CONFLICT\n volumeDataRestorePolicy: RESTORE_VOLUME_DATA_FROM_BACKUP\n clusterResourceRestoreScope:\n allGroupKinds: true\n clusterResourceConflictPolicy: USE_EXISTING_VERSION\n restoreOrder:\n groupKindDependencies:\n - satisfying:\n resourceGroup: stable.example.com\n resourceKind: kindA\n requiring:\n resourceGroup: stable.example.com\n resourceKind: kindB\n - satisfying:\n resourceGroup: stable.example.com\n resourceKind: kindB\n requiring:\n resourceGroup: stable.example.com\n resourceKind: kindC\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Gkebackup Restoreplan Volume Res\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst primary = new gcp.container.Cluster(\"primary\", {\n name: \"volume-res-cluster\",\n location: \"us-central1\",\n initialNodeCount: 1,\n workloadIdentityConfig: {\n workloadPool: \"my-project-name.svc.id.goog\",\n },\n addonsConfig: {\n gkeBackupAgentConfig: {\n enabled: true,\n },\n },\n deletionProtection: true,\n network: \"default\",\n subnetwork: \"default\",\n});\nconst basic = new gcp.gkebackup.BackupPlan(\"basic\", {\n name: \"volume-res\",\n cluster: primary.id,\n location: \"us-central1\",\n backupConfig: {\n includeVolumeData: true,\n includeSecrets: true,\n allNamespaces: true,\n },\n});\nconst volumeRes = new gcp.gkebackup.RestorePlan(\"volume_res\", {\n name: \"volume-res\",\n location: \"us-central1\",\n backupPlan: basic.id,\n cluster: primary.id,\n restoreConfig: {\n allNamespaces: true,\n namespacedResourceRestoreMode: \"FAIL_ON_CONFLICT\",\n volumeDataRestorePolicy: \"NO_VOLUME_DATA_RESTORATION\",\n clusterResourceRestoreScope: {\n allGroupKinds: true,\n },\n clusterResourceConflictPolicy: \"USE_EXISTING_VERSION\",\n volumeDataRestorePolicyBindings: [{\n policy: \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n volumeType: \"GCE_PERSISTENT_DISK\",\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprimary = gcp.container.Cluster(\"primary\",\n name=\"volume-res-cluster\",\n location=\"us-central1\",\n initial_node_count=1,\n workload_identity_config={\n \"workload_pool\": \"my-project-name.svc.id.goog\",\n },\n addons_config={\n \"gke_backup_agent_config\": {\n \"enabled\": True,\n },\n },\n deletion_protection=True,\n network=\"default\",\n subnetwork=\"default\")\nbasic = gcp.gkebackup.BackupPlan(\"basic\",\n name=\"volume-res\",\n cluster=primary.id,\n location=\"us-central1\",\n backup_config={\n \"include_volume_data\": True,\n \"include_secrets\": True,\n \"all_namespaces\": True,\n })\nvolume_res = gcp.gkebackup.RestorePlan(\"volume_res\",\n name=\"volume-res\",\n location=\"us-central1\",\n backup_plan=basic.id,\n cluster=primary.id,\n restore_config={\n \"all_namespaces\": True,\n \"namespaced_resource_restore_mode\": \"FAIL_ON_CONFLICT\",\n \"volume_data_restore_policy\": \"NO_VOLUME_DATA_RESTORATION\",\n \"cluster_resource_restore_scope\": {\n \"all_group_kinds\": True,\n },\n \"cluster_resource_conflict_policy\": \"USE_EXISTING_VERSION\",\n \"volume_data_restore_policy_bindings\": [{\n \"policy\": \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n \"volume_type\": \"GCE_PERSISTENT_DISK\",\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Gcp.Container.Cluster(\"primary\", new()\n {\n Name = \"volume-res-cluster\",\n Location = \"us-central1\",\n InitialNodeCount = 1,\n WorkloadIdentityConfig = new Gcp.Container.Inputs.ClusterWorkloadIdentityConfigArgs\n {\n WorkloadPool = \"my-project-name.svc.id.goog\",\n },\n AddonsConfig = new Gcp.Container.Inputs.ClusterAddonsConfigArgs\n {\n GkeBackupAgentConfig = new Gcp.Container.Inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs\n {\n Enabled = true,\n },\n },\n DeletionProtection = true,\n Network = \"default\",\n Subnetwork = \"default\",\n });\n\n var basic = new Gcp.GkeBackup.BackupPlan(\"basic\", new()\n {\n Name = \"volume-res\",\n Cluster = primary.Id,\n Location = \"us-central1\",\n BackupConfig = new Gcp.GkeBackup.Inputs.BackupPlanBackupConfigArgs\n {\n IncludeVolumeData = true,\n IncludeSecrets = true,\n AllNamespaces = true,\n },\n });\n\n var volumeRes = new Gcp.GkeBackup.RestorePlan(\"volume_res\", new()\n {\n Name = \"volume-res\",\n Location = \"us-central1\",\n BackupPlan = basic.Id,\n Cluster = primary.Id,\n RestoreConfig = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigArgs\n {\n AllNamespaces = true,\n NamespacedResourceRestoreMode = \"FAIL_ON_CONFLICT\",\n VolumeDataRestorePolicy = \"NO_VOLUME_DATA_RESTORATION\",\n ClusterResourceRestoreScope = new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs\n {\n AllGroupKinds = true,\n },\n ClusterResourceConflictPolicy = \"USE_EXISTING_VERSION\",\n VolumeDataRestorePolicyBindings = new[]\n {\n new Gcp.GkeBackup.Inputs.RestorePlanRestoreConfigVolumeDataRestorePolicyBindingArgs\n {\n Policy = \"RESTORE_VOLUME_DATA_FROM_BACKUP\",\n VolumeType = \"GCE_PERSISTENT_DISK\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprimary, err := container.NewCluster(ctx, \"primary\", \u0026container.ClusterArgs{\n\t\t\tName: pulumi.String(\"volume-res-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tInitialNodeCount: pulumi.Int(1),\n\t\t\tWorkloadIdentityConfig: \u0026container.ClusterWorkloadIdentityConfigArgs{\n\t\t\t\tWorkloadPool: pulumi.String(\"my-project-name.svc.id.goog\"),\n\t\t\t},\n\t\t\tAddonsConfig: \u0026container.ClusterAddonsConfigArgs{\n\t\t\t\tGkeBackupAgentConfig: \u0026container.ClusterAddonsConfigGkeBackupAgentConfigArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\tSubnetwork: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasic, err := gkebackup.NewBackupPlan(ctx, \"basic\", \u0026gkebackup.BackupPlanArgs{\n\t\t\tName: pulumi.String(\"volume-res\"),\n\t\t\tCluster: primary.ID(),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupConfig: \u0026gkebackup.BackupPlanBackupConfigArgs{\n\t\t\t\tIncludeVolumeData: pulumi.Bool(true),\n\t\t\t\tIncludeSecrets: pulumi.Bool(true),\n\t\t\t\tAllNamespaces: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewRestorePlan(ctx, \"volume_res\", \u0026gkebackup.RestorePlanArgs{\n\t\t\tName: pulumi.String(\"volume-res\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tBackupPlan: basic.ID(),\n\t\t\tCluster: primary.ID(),\n\t\t\tRestoreConfig: \u0026gkebackup.RestorePlanRestoreConfigArgs{\n\t\t\t\tAllNamespaces: pulumi.Bool(true),\n\t\t\t\tNamespacedResourceRestoreMode: pulumi.String(\"FAIL_ON_CONFLICT\"),\n\t\t\t\tVolumeDataRestorePolicy: pulumi.String(\"NO_VOLUME_DATA_RESTORATION\"),\n\t\t\t\tClusterResourceRestoreScope: \u0026gkebackup.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs{\n\t\t\t\t\tAllGroupKinds: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tClusterResourceConflictPolicy: pulumi.String(\"USE_EXISTING_VERSION\"),\n\t\t\t\tVolumeDataRestorePolicyBindings: gkebackup.RestorePlanRestoreConfigVolumeDataRestorePolicyBindingArray{\n\t\t\t\t\t\u0026gkebackup.RestorePlanRestoreConfigVolumeDataRestorePolicyBindingArgs{\n\t\t\t\t\t\tPolicy: pulumi.String(\"RESTORE_VOLUME_DATA_FROM_BACKUP\"),\n\t\t\t\t\t\tVolumeType: pulumi.String(\"GCE_PERSISTENT_DISK\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.Cluster;\nimport com.pulumi.gcp.container.ClusterArgs;\nimport com.pulumi.gcp.container.inputs.ClusterWorkloadIdentityConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigArgs;\nimport com.pulumi.gcp.container.inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlan;\nimport com.pulumi.gcp.gkebackup.BackupPlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.BackupPlanBackupConfigArgs;\nimport com.pulumi.gcp.gkebackup.RestorePlan;\nimport com.pulumi.gcp.gkebackup.RestorePlanArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigArgs;\nimport com.pulumi.gcp.gkebackup.inputs.RestorePlanRestoreConfigClusterResourceRestoreScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Cluster(\"primary\", ClusterArgs.builder()\n .name(\"volume-res-cluster\")\n .location(\"us-central1\")\n .initialNodeCount(1)\n .workloadIdentityConfig(ClusterWorkloadIdentityConfigArgs.builder()\n .workloadPool(\"my-project-name.svc.id.goog\")\n .build())\n .addonsConfig(ClusterAddonsConfigArgs.builder()\n .gkeBackupAgentConfig(ClusterAddonsConfigGkeBackupAgentConfigArgs.builder()\n .enabled(true)\n .build())\n .build())\n .deletionProtection(true)\n .network(\"default\")\n .subnetwork(\"default\")\n .build());\n\n var basic = new BackupPlan(\"basic\", BackupPlanArgs.builder()\n .name(\"volume-res\")\n .cluster(primary.id())\n .location(\"us-central1\")\n .backupConfig(BackupPlanBackupConfigArgs.builder()\n .includeVolumeData(true)\n .includeSecrets(true)\n .allNamespaces(true)\n .build())\n .build());\n\n var volumeRes = new RestorePlan(\"volumeRes\", RestorePlanArgs.builder()\n .name(\"volume-res\")\n .location(\"us-central1\")\n .backupPlan(basic.id())\n .cluster(primary.id())\n .restoreConfig(RestorePlanRestoreConfigArgs.builder()\n .allNamespaces(true)\n .namespacedResourceRestoreMode(\"FAIL_ON_CONFLICT\")\n .volumeDataRestorePolicy(\"NO_VOLUME_DATA_RESTORATION\")\n .clusterResourceRestoreScope(RestorePlanRestoreConfigClusterResourceRestoreScopeArgs.builder()\n .allGroupKinds(true)\n .build())\n .clusterResourceConflictPolicy(\"USE_EXISTING_VERSION\")\n .volumeDataRestorePolicyBindings(RestorePlanRestoreConfigVolumeDataRestorePolicyBindingArgs.builder()\n .policy(\"RESTORE_VOLUME_DATA_FROM_BACKUP\")\n .volumeType(\"GCE_PERSISTENT_DISK\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:Cluster\n properties:\n name: volume-res-cluster\n location: us-central1\n initialNodeCount: 1\n workloadIdentityConfig:\n workloadPool: my-project-name.svc.id.goog\n addonsConfig:\n gkeBackupAgentConfig:\n enabled: true\n deletionProtection: true\n network: default\n subnetwork: default\n basic:\n type: gcp:gkebackup:BackupPlan\n properties:\n name: volume-res\n cluster: ${primary.id}\n location: us-central1\n backupConfig:\n includeVolumeData: true\n includeSecrets: true\n allNamespaces: true\n volumeRes:\n type: gcp:gkebackup:RestorePlan\n name: volume_res\n properties:\n name: volume-res\n location: us-central1\n backupPlan: ${basic.id}\n cluster: ${primary.id}\n restoreConfig:\n allNamespaces: true\n namespacedResourceRestoreMode: FAIL_ON_CONFLICT\n volumeDataRestorePolicy: NO_VOLUME_DATA_RESTORATION\n clusterResourceRestoreScope:\n allGroupKinds: true\n clusterResourceConflictPolicy: USE_EXISTING_VERSION\n volumeDataRestorePolicyBindings:\n - policy: RESTORE_VOLUME_DATA_FROM_BACKUP\n volumeType: GCE_PERSISTENT_DISK\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRestorePlan can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/restorePlans/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, RestorePlan can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:gkebackup/restorePlan:RestorePlan default projects/{{project}}/locations/{{location}}/restorePlans/{{name}}\n```\n\n```sh\n$ pulumi import gcp:gkebackup/restorePlan:RestorePlan default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:gkebackup/restorePlan:RestorePlan default {{location}}/{{name}}\n```\n\n", "properties": { "backupPlan": { "type": "string", @@ -216461,7 +216461,7 @@ } }, "gcp:gkebackup/restorePlanIamBinding:RestorePlanIamBinding": { - "description": "Three different resources help you manage your IAM policy for Backup for GKE RestorePlan. Each of these resources serves a different use case:\n\n* `gcp.gkebackup.RestorePlanIamPolicy`: Authoritative. Sets the IAM policy for the restoreplan and replaces any existing policy already attached.\n* `gcp.gkebackup.RestorePlanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the restoreplan are preserved.\n* `gcp.gkebackup.RestorePlanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the restoreplan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkebackup.RestorePlanIamPolicy`: Retrieves the IAM policy for the restoreplan\n\n\u003e **Note:** `gcp.gkebackup.RestorePlanIamPolicy` **cannot** be used in conjunction with `gcp.gkebackup.RestorePlanIamBinding` and `gcp.gkebackup.RestorePlanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkebackup.RestorePlanIamBinding` resources **can be** used in conjunction with `gcp.gkebackup.RestorePlanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkebackup.RestorePlanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkebackup.RestorePlanIamPolicy(\"policy\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkebackup.RestorePlanIamPolicy(\"policy\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeBackup.RestorePlanIamPolicy(\"policy\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewRestorePlanIamPolicy(ctx, \"policy\", \u0026gkebackup.RestorePlanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamPolicy;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RestorePlanIamPolicy(\"policy\", RestorePlanIamPolicyArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkebackup:RestorePlanIamPolicy\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.RestorePlanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkebackup.RestorePlanIamBinding(\"binding\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkebackup.RestorePlanIamBinding(\"binding\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeBackup.RestorePlanIamBinding(\"binding\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewRestorePlanIamBinding(ctx, \"binding\", \u0026gkebackup.RestorePlanIamBindingArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamBinding;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RestorePlanIamBinding(\"binding\", RestorePlanIamBindingArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkebackup:RestorePlanIamBinding\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.RestorePlanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkebackup.RestorePlanIamMember(\"member\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkebackup.RestorePlanIamMember(\"member\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeBackup.RestorePlanIamMember(\"member\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewRestorePlanIamMember(ctx, \"member\", \u0026gkebackup.RestorePlanIamMemberArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamMember;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RestorePlanIamMember(\"member\", RestorePlanIamMemberArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkebackup:RestorePlanIamMember\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Backup for GKE RestorePlan\nThree different resources help you manage your IAM policy for Backup for GKE RestorePlan. Each of these resources serves a different use case:\n\n* `gcp.gkebackup.RestorePlanIamPolicy`: Authoritative. Sets the IAM policy for the restoreplan and replaces any existing policy already attached.\n* `gcp.gkebackup.RestorePlanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the restoreplan are preserved.\n* `gcp.gkebackup.RestorePlanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the restoreplan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkebackup.RestorePlanIamPolicy`: Retrieves the IAM policy for the restoreplan\n\n\u003e **Note:** `gcp.gkebackup.RestorePlanIamPolicy` **cannot** be used in conjunction with `gcp.gkebackup.RestorePlanIamBinding` and `gcp.gkebackup.RestorePlanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkebackup.RestorePlanIamBinding` resources **can be** used in conjunction with `gcp.gkebackup.RestorePlanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkebackup.RestorePlanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkebackup.RestorePlanIamPolicy(\"policy\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkebackup.RestorePlanIamPolicy(\"policy\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeBackup.RestorePlanIamPolicy(\"policy\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewRestorePlanIamPolicy(ctx, \"policy\", \u0026gkebackup.RestorePlanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamPolicy;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RestorePlanIamPolicy(\"policy\", RestorePlanIamPolicyArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkebackup:RestorePlanIamPolicy\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.RestorePlanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkebackup.RestorePlanIamBinding(\"binding\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkebackup.RestorePlanIamBinding(\"binding\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeBackup.RestorePlanIamBinding(\"binding\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewRestorePlanIamBinding(ctx, \"binding\", \u0026gkebackup.RestorePlanIamBindingArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamBinding;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RestorePlanIamBinding(\"binding\", RestorePlanIamBindingArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkebackup:RestorePlanIamBinding\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.RestorePlanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkebackup.RestorePlanIamMember(\"member\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkebackup.RestorePlanIamMember(\"member\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeBackup.RestorePlanIamMember(\"member\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewRestorePlanIamMember(ctx, \"member\", \u0026gkebackup.RestorePlanIamMemberArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamMember;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RestorePlanIamMember(\"member\", RestorePlanIamMemberArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkebackup:RestorePlanIamMember\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/restorePlans/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBackup for GKE restoreplan IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/restorePlanIamBinding:RestorePlanIamBinding editor \"projects/{{project}}/locations/{{location}}/restorePlans/{{restore_plan}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/restorePlanIamBinding:RestorePlanIamBinding editor \"projects/{{project}}/locations/{{location}}/restorePlans/{{restore_plan}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/restorePlanIamBinding:RestorePlanIamBinding editor projects/{{project}}/locations/{{location}}/restorePlans/{{restore_plan}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Backup for GKE RestorePlan. Each of these resources serves a different use case:\n\n* `gcp.gkebackup.RestorePlanIamPolicy`: Authoritative. Sets the IAM policy for the restoreplan and replaces any existing policy already attached.\n* `gcp.gkebackup.RestorePlanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the restoreplan are preserved.\n* `gcp.gkebackup.RestorePlanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the restoreplan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkebackup.RestorePlanIamPolicy`: Retrieves the IAM policy for the restoreplan\n\n\u003e **Note:** `gcp.gkebackup.RestorePlanIamPolicy` **cannot** be used in conjunction with `gcp.gkebackup.RestorePlanIamBinding` and `gcp.gkebackup.RestorePlanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkebackup.RestorePlanIamBinding` resources **can be** used in conjunction with `gcp.gkebackup.RestorePlanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkebackup.RestorePlanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkebackup.RestorePlanIamPolicy(\"policy\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkebackup.RestorePlanIamPolicy(\"policy\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeBackup.RestorePlanIamPolicy(\"policy\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewRestorePlanIamPolicy(ctx, \"policy\", \u0026gkebackup.RestorePlanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamPolicy;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RestorePlanIamPolicy(\"policy\", RestorePlanIamPolicyArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkebackup:RestorePlanIamPolicy\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.RestorePlanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkebackup.RestorePlanIamBinding(\"binding\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkebackup.RestorePlanIamBinding(\"binding\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeBackup.RestorePlanIamBinding(\"binding\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewRestorePlanIamBinding(ctx, \"binding\", \u0026gkebackup.RestorePlanIamBindingArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamBinding;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RestorePlanIamBinding(\"binding\", RestorePlanIamBindingArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkebackup:RestorePlanIamBinding\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.RestorePlanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkebackup.RestorePlanIamMember(\"member\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkebackup.RestorePlanIamMember(\"member\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeBackup.RestorePlanIamMember(\"member\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewRestorePlanIamMember(ctx, \"member\", \u0026gkebackup.RestorePlanIamMemberArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamMember;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RestorePlanIamMember(\"member\", RestorePlanIamMemberArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkebackup:RestorePlanIamMember\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Backup for GKE RestorePlan\nThree different resources help you manage your IAM policy for Backup for GKE RestorePlan. Each of these resources serves a different use case:\n\n* `gcp.gkebackup.RestorePlanIamPolicy`: Authoritative. Sets the IAM policy for the restoreplan and replaces any existing policy already attached.\n* `gcp.gkebackup.RestorePlanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the restoreplan are preserved.\n* `gcp.gkebackup.RestorePlanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the restoreplan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkebackup.RestorePlanIamPolicy`: Retrieves the IAM policy for the restoreplan\n\n\u003e **Note:** `gcp.gkebackup.RestorePlanIamPolicy` **cannot** be used in conjunction with `gcp.gkebackup.RestorePlanIamBinding` and `gcp.gkebackup.RestorePlanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkebackup.RestorePlanIamBinding` resources **can be** used in conjunction with `gcp.gkebackup.RestorePlanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkebackup.RestorePlanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkebackup.RestorePlanIamPolicy(\"policy\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkebackup.RestorePlanIamPolicy(\"policy\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeBackup.RestorePlanIamPolicy(\"policy\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewRestorePlanIamPolicy(ctx, \"policy\", \u0026gkebackup.RestorePlanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamPolicy;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RestorePlanIamPolicy(\"policy\", RestorePlanIamPolicyArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkebackup:RestorePlanIamPolicy\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.RestorePlanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkebackup.RestorePlanIamBinding(\"binding\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkebackup.RestorePlanIamBinding(\"binding\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeBackup.RestorePlanIamBinding(\"binding\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewRestorePlanIamBinding(ctx, \"binding\", \u0026gkebackup.RestorePlanIamBindingArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamBinding;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RestorePlanIamBinding(\"binding\", RestorePlanIamBindingArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkebackup:RestorePlanIamBinding\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.RestorePlanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkebackup.RestorePlanIamMember(\"member\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkebackup.RestorePlanIamMember(\"member\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeBackup.RestorePlanIamMember(\"member\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewRestorePlanIamMember(ctx, \"member\", \u0026gkebackup.RestorePlanIamMemberArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamMember;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RestorePlanIamMember(\"member\", RestorePlanIamMemberArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkebackup:RestorePlanIamMember\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/restorePlans/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBackup for GKE restoreplan IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/restorePlanIamBinding:RestorePlanIamBinding editor \"projects/{{project}}/locations/{{location}}/restorePlans/{{restore_plan}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/restorePlanIamBinding:RestorePlanIamBinding editor \"projects/{{project}}/locations/{{location}}/restorePlans/{{restore_plan}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/restorePlanIamBinding:RestorePlanIamBinding editor projects/{{project}}/locations/{{location}}/restorePlans/{{restore_plan}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:gkebackup/RestorePlanIamBindingCondition:RestorePlanIamBindingCondition" @@ -216582,7 +216582,7 @@ } }, "gcp:gkebackup/restorePlanIamMember:RestorePlanIamMember": { - "description": "Three different resources help you manage your IAM policy for Backup for GKE RestorePlan. Each of these resources serves a different use case:\n\n* `gcp.gkebackup.RestorePlanIamPolicy`: Authoritative. Sets the IAM policy for the restoreplan and replaces any existing policy already attached.\n* `gcp.gkebackup.RestorePlanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the restoreplan are preserved.\n* `gcp.gkebackup.RestorePlanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the restoreplan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkebackup.RestorePlanIamPolicy`: Retrieves the IAM policy for the restoreplan\n\n\u003e **Note:** `gcp.gkebackup.RestorePlanIamPolicy` **cannot** be used in conjunction with `gcp.gkebackup.RestorePlanIamBinding` and `gcp.gkebackup.RestorePlanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkebackup.RestorePlanIamBinding` resources **can be** used in conjunction with `gcp.gkebackup.RestorePlanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkebackup.RestorePlanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkebackup.RestorePlanIamPolicy(\"policy\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkebackup.RestorePlanIamPolicy(\"policy\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeBackup.RestorePlanIamPolicy(\"policy\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewRestorePlanIamPolicy(ctx, \"policy\", \u0026gkebackup.RestorePlanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamPolicy;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RestorePlanIamPolicy(\"policy\", RestorePlanIamPolicyArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkebackup:RestorePlanIamPolicy\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.RestorePlanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkebackup.RestorePlanIamBinding(\"binding\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkebackup.RestorePlanIamBinding(\"binding\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeBackup.RestorePlanIamBinding(\"binding\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewRestorePlanIamBinding(ctx, \"binding\", \u0026gkebackup.RestorePlanIamBindingArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamBinding;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RestorePlanIamBinding(\"binding\", RestorePlanIamBindingArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkebackup:RestorePlanIamBinding\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.RestorePlanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkebackup.RestorePlanIamMember(\"member\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkebackup.RestorePlanIamMember(\"member\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeBackup.RestorePlanIamMember(\"member\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewRestorePlanIamMember(ctx, \"member\", \u0026gkebackup.RestorePlanIamMemberArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamMember;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RestorePlanIamMember(\"member\", RestorePlanIamMemberArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkebackup:RestorePlanIamMember\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Backup for GKE RestorePlan\nThree different resources help you manage your IAM policy for Backup for GKE RestorePlan. Each of these resources serves a different use case:\n\n* `gcp.gkebackup.RestorePlanIamPolicy`: Authoritative. Sets the IAM policy for the restoreplan and replaces any existing policy already attached.\n* `gcp.gkebackup.RestorePlanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the restoreplan are preserved.\n* `gcp.gkebackup.RestorePlanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the restoreplan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkebackup.RestorePlanIamPolicy`: Retrieves the IAM policy for the restoreplan\n\n\u003e **Note:** `gcp.gkebackup.RestorePlanIamPolicy` **cannot** be used in conjunction with `gcp.gkebackup.RestorePlanIamBinding` and `gcp.gkebackup.RestorePlanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkebackup.RestorePlanIamBinding` resources **can be** used in conjunction with `gcp.gkebackup.RestorePlanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkebackup.RestorePlanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkebackup.RestorePlanIamPolicy(\"policy\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkebackup.RestorePlanIamPolicy(\"policy\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeBackup.RestorePlanIamPolicy(\"policy\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewRestorePlanIamPolicy(ctx, \"policy\", \u0026gkebackup.RestorePlanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamPolicy;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RestorePlanIamPolicy(\"policy\", RestorePlanIamPolicyArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkebackup:RestorePlanIamPolicy\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.RestorePlanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkebackup.RestorePlanIamBinding(\"binding\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkebackup.RestorePlanIamBinding(\"binding\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeBackup.RestorePlanIamBinding(\"binding\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewRestorePlanIamBinding(ctx, \"binding\", \u0026gkebackup.RestorePlanIamBindingArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamBinding;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RestorePlanIamBinding(\"binding\", RestorePlanIamBindingArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkebackup:RestorePlanIamBinding\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.RestorePlanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkebackup.RestorePlanIamMember(\"member\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkebackup.RestorePlanIamMember(\"member\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeBackup.RestorePlanIamMember(\"member\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewRestorePlanIamMember(ctx, \"member\", \u0026gkebackup.RestorePlanIamMemberArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamMember;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RestorePlanIamMember(\"member\", RestorePlanIamMemberArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkebackup:RestorePlanIamMember\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/restorePlans/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBackup for GKE restoreplan IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/restorePlanIamMember:RestorePlanIamMember editor \"projects/{{project}}/locations/{{location}}/restorePlans/{{restore_plan}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/restorePlanIamMember:RestorePlanIamMember editor \"projects/{{project}}/locations/{{location}}/restorePlans/{{restore_plan}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/restorePlanIamMember:RestorePlanIamMember editor projects/{{project}}/locations/{{location}}/restorePlans/{{restore_plan}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Backup for GKE RestorePlan. Each of these resources serves a different use case:\n\n* `gcp.gkebackup.RestorePlanIamPolicy`: Authoritative. Sets the IAM policy for the restoreplan and replaces any existing policy already attached.\n* `gcp.gkebackup.RestorePlanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the restoreplan are preserved.\n* `gcp.gkebackup.RestorePlanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the restoreplan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkebackup.RestorePlanIamPolicy`: Retrieves the IAM policy for the restoreplan\n\n\u003e **Note:** `gcp.gkebackup.RestorePlanIamPolicy` **cannot** be used in conjunction with `gcp.gkebackup.RestorePlanIamBinding` and `gcp.gkebackup.RestorePlanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkebackup.RestorePlanIamBinding` resources **can be** used in conjunction with `gcp.gkebackup.RestorePlanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkebackup.RestorePlanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkebackup.RestorePlanIamPolicy(\"policy\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkebackup.RestorePlanIamPolicy(\"policy\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeBackup.RestorePlanIamPolicy(\"policy\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewRestorePlanIamPolicy(ctx, \"policy\", \u0026gkebackup.RestorePlanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamPolicy;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RestorePlanIamPolicy(\"policy\", RestorePlanIamPolicyArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkebackup:RestorePlanIamPolicy\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.RestorePlanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkebackup.RestorePlanIamBinding(\"binding\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkebackup.RestorePlanIamBinding(\"binding\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeBackup.RestorePlanIamBinding(\"binding\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewRestorePlanIamBinding(ctx, \"binding\", \u0026gkebackup.RestorePlanIamBindingArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamBinding;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RestorePlanIamBinding(\"binding\", RestorePlanIamBindingArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkebackup:RestorePlanIamBinding\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.RestorePlanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkebackup.RestorePlanIamMember(\"member\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkebackup.RestorePlanIamMember(\"member\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeBackup.RestorePlanIamMember(\"member\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewRestorePlanIamMember(ctx, \"member\", \u0026gkebackup.RestorePlanIamMemberArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamMember;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RestorePlanIamMember(\"member\", RestorePlanIamMemberArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkebackup:RestorePlanIamMember\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Backup for GKE RestorePlan\nThree different resources help you manage your IAM policy for Backup for GKE RestorePlan. Each of these resources serves a different use case:\n\n* `gcp.gkebackup.RestorePlanIamPolicy`: Authoritative. Sets the IAM policy for the restoreplan and replaces any existing policy already attached.\n* `gcp.gkebackup.RestorePlanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the restoreplan are preserved.\n* `gcp.gkebackup.RestorePlanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the restoreplan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkebackup.RestorePlanIamPolicy`: Retrieves the IAM policy for the restoreplan\n\n\u003e **Note:** `gcp.gkebackup.RestorePlanIamPolicy` **cannot** be used in conjunction with `gcp.gkebackup.RestorePlanIamBinding` and `gcp.gkebackup.RestorePlanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkebackup.RestorePlanIamBinding` resources **can be** used in conjunction with `gcp.gkebackup.RestorePlanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkebackup.RestorePlanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkebackup.RestorePlanIamPolicy(\"policy\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkebackup.RestorePlanIamPolicy(\"policy\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeBackup.RestorePlanIamPolicy(\"policy\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewRestorePlanIamPolicy(ctx, \"policy\", \u0026gkebackup.RestorePlanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamPolicy;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RestorePlanIamPolicy(\"policy\", RestorePlanIamPolicyArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkebackup:RestorePlanIamPolicy\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.RestorePlanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkebackup.RestorePlanIamBinding(\"binding\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkebackup.RestorePlanIamBinding(\"binding\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeBackup.RestorePlanIamBinding(\"binding\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewRestorePlanIamBinding(ctx, \"binding\", \u0026gkebackup.RestorePlanIamBindingArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamBinding;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RestorePlanIamBinding(\"binding\", RestorePlanIamBindingArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkebackup:RestorePlanIamBinding\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.RestorePlanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkebackup.RestorePlanIamMember(\"member\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkebackup.RestorePlanIamMember(\"member\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeBackup.RestorePlanIamMember(\"member\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewRestorePlanIamMember(ctx, \"member\", \u0026gkebackup.RestorePlanIamMemberArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamMember;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RestorePlanIamMember(\"member\", RestorePlanIamMemberArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkebackup:RestorePlanIamMember\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/restorePlans/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBackup for GKE restoreplan IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/restorePlanIamMember:RestorePlanIamMember editor \"projects/{{project}}/locations/{{location}}/restorePlans/{{restore_plan}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/restorePlanIamMember:RestorePlanIamMember editor \"projects/{{project}}/locations/{{location}}/restorePlans/{{restore_plan}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/restorePlanIamMember:RestorePlanIamMember editor projects/{{project}}/locations/{{location}}/restorePlans/{{restore_plan}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:gkebackup/RestorePlanIamMemberCondition:RestorePlanIamMemberCondition" @@ -216696,7 +216696,7 @@ } }, "gcp:gkebackup/restorePlanIamPolicy:RestorePlanIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Backup for GKE RestorePlan. Each of these resources serves a different use case:\n\n* `gcp.gkebackup.RestorePlanIamPolicy`: Authoritative. Sets the IAM policy for the restoreplan and replaces any existing policy already attached.\n* `gcp.gkebackup.RestorePlanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the restoreplan are preserved.\n* `gcp.gkebackup.RestorePlanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the restoreplan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkebackup.RestorePlanIamPolicy`: Retrieves the IAM policy for the restoreplan\n\n\u003e **Note:** `gcp.gkebackup.RestorePlanIamPolicy` **cannot** be used in conjunction with `gcp.gkebackup.RestorePlanIamBinding` and `gcp.gkebackup.RestorePlanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkebackup.RestorePlanIamBinding` resources **can be** used in conjunction with `gcp.gkebackup.RestorePlanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkebackup.RestorePlanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkebackup.RestorePlanIamPolicy(\"policy\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkebackup.RestorePlanIamPolicy(\"policy\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeBackup.RestorePlanIamPolicy(\"policy\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewRestorePlanIamPolicy(ctx, \"policy\", \u0026gkebackup.RestorePlanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamPolicy;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RestorePlanIamPolicy(\"policy\", RestorePlanIamPolicyArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkebackup:RestorePlanIamPolicy\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.RestorePlanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkebackup.RestorePlanIamBinding(\"binding\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkebackup.RestorePlanIamBinding(\"binding\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeBackup.RestorePlanIamBinding(\"binding\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewRestorePlanIamBinding(ctx, \"binding\", \u0026gkebackup.RestorePlanIamBindingArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamBinding;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RestorePlanIamBinding(\"binding\", RestorePlanIamBindingArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkebackup:RestorePlanIamBinding\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.RestorePlanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkebackup.RestorePlanIamMember(\"member\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkebackup.RestorePlanIamMember(\"member\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeBackup.RestorePlanIamMember(\"member\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewRestorePlanIamMember(ctx, \"member\", \u0026gkebackup.RestorePlanIamMemberArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamMember;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RestorePlanIamMember(\"member\", RestorePlanIamMemberArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkebackup:RestorePlanIamMember\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Backup for GKE RestorePlan\nThree different resources help you manage your IAM policy for Backup for GKE RestorePlan. Each of these resources serves a different use case:\n\n* `gcp.gkebackup.RestorePlanIamPolicy`: Authoritative. Sets the IAM policy for the restoreplan and replaces any existing policy already attached.\n* `gcp.gkebackup.RestorePlanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the restoreplan are preserved.\n* `gcp.gkebackup.RestorePlanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the restoreplan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkebackup.RestorePlanIamPolicy`: Retrieves the IAM policy for the restoreplan\n\n\u003e **Note:** `gcp.gkebackup.RestorePlanIamPolicy` **cannot** be used in conjunction with `gcp.gkebackup.RestorePlanIamBinding` and `gcp.gkebackup.RestorePlanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkebackup.RestorePlanIamBinding` resources **can be** used in conjunction with `gcp.gkebackup.RestorePlanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkebackup.RestorePlanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkebackup.RestorePlanIamPolicy(\"policy\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkebackup.RestorePlanIamPolicy(\"policy\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeBackup.RestorePlanIamPolicy(\"policy\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewRestorePlanIamPolicy(ctx, \"policy\", \u0026gkebackup.RestorePlanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamPolicy;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RestorePlanIamPolicy(\"policy\", RestorePlanIamPolicyArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkebackup:RestorePlanIamPolicy\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.RestorePlanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkebackup.RestorePlanIamBinding(\"binding\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkebackup.RestorePlanIamBinding(\"binding\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeBackup.RestorePlanIamBinding(\"binding\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewRestorePlanIamBinding(ctx, \"binding\", \u0026gkebackup.RestorePlanIamBindingArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamBinding;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RestorePlanIamBinding(\"binding\", RestorePlanIamBindingArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkebackup:RestorePlanIamBinding\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.RestorePlanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkebackup.RestorePlanIamMember(\"member\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkebackup.RestorePlanIamMember(\"member\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeBackup.RestorePlanIamMember(\"member\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewRestorePlanIamMember(ctx, \"member\", \u0026gkebackup.RestorePlanIamMemberArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamMember;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RestorePlanIamMember(\"member\", RestorePlanIamMemberArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkebackup:RestorePlanIamMember\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/restorePlans/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBackup for GKE restoreplan IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/restorePlanIamPolicy:RestorePlanIamPolicy editor \"projects/{{project}}/locations/{{location}}/restorePlans/{{restore_plan}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/restorePlanIamPolicy:RestorePlanIamPolicy editor \"projects/{{project}}/locations/{{location}}/restorePlans/{{restore_plan}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/restorePlanIamPolicy:RestorePlanIamPolicy editor projects/{{project}}/locations/{{location}}/restorePlans/{{restore_plan}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Backup for GKE RestorePlan. Each of these resources serves a different use case:\n\n* `gcp.gkebackup.RestorePlanIamPolicy`: Authoritative. Sets the IAM policy for the restoreplan and replaces any existing policy already attached.\n* `gcp.gkebackup.RestorePlanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the restoreplan are preserved.\n* `gcp.gkebackup.RestorePlanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the restoreplan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkebackup.RestorePlanIamPolicy`: Retrieves the IAM policy for the restoreplan\n\n\u003e **Note:** `gcp.gkebackup.RestorePlanIamPolicy` **cannot** be used in conjunction with `gcp.gkebackup.RestorePlanIamBinding` and `gcp.gkebackup.RestorePlanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkebackup.RestorePlanIamBinding` resources **can be** used in conjunction with `gcp.gkebackup.RestorePlanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkebackup.RestorePlanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkebackup.RestorePlanIamPolicy(\"policy\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkebackup.RestorePlanIamPolicy(\"policy\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeBackup.RestorePlanIamPolicy(\"policy\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewRestorePlanIamPolicy(ctx, \"policy\", \u0026gkebackup.RestorePlanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamPolicy;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RestorePlanIamPolicy(\"policy\", RestorePlanIamPolicyArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkebackup:RestorePlanIamPolicy\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.RestorePlanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkebackup.RestorePlanIamBinding(\"binding\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkebackup.RestorePlanIamBinding(\"binding\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeBackup.RestorePlanIamBinding(\"binding\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewRestorePlanIamBinding(ctx, \"binding\", \u0026gkebackup.RestorePlanIamBindingArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamBinding;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RestorePlanIamBinding(\"binding\", RestorePlanIamBindingArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkebackup:RestorePlanIamBinding\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.RestorePlanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkebackup.RestorePlanIamMember(\"member\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkebackup.RestorePlanIamMember(\"member\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeBackup.RestorePlanIamMember(\"member\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewRestorePlanIamMember(ctx, \"member\", \u0026gkebackup.RestorePlanIamMemberArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamMember;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RestorePlanIamMember(\"member\", RestorePlanIamMemberArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkebackup:RestorePlanIamMember\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Backup for GKE RestorePlan\nThree different resources help you manage your IAM policy for Backup for GKE RestorePlan. Each of these resources serves a different use case:\n\n* `gcp.gkebackup.RestorePlanIamPolicy`: Authoritative. Sets the IAM policy for the restoreplan and replaces any existing policy already attached.\n* `gcp.gkebackup.RestorePlanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the restoreplan are preserved.\n* `gcp.gkebackup.RestorePlanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the restoreplan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkebackup.RestorePlanIamPolicy`: Retrieves the IAM policy for the restoreplan\n\n\u003e **Note:** `gcp.gkebackup.RestorePlanIamPolicy` **cannot** be used in conjunction with `gcp.gkebackup.RestorePlanIamBinding` and `gcp.gkebackup.RestorePlanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkebackup.RestorePlanIamBinding` resources **can be** used in conjunction with `gcp.gkebackup.RestorePlanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkebackup.RestorePlanIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkebackup.RestorePlanIamPolicy(\"policy\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkebackup.RestorePlanIamPolicy(\"policy\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeBackup.RestorePlanIamPolicy(\"policy\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewRestorePlanIamPolicy(ctx, \"policy\", \u0026gkebackup.RestorePlanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamPolicy;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RestorePlanIamPolicy(\"policy\", RestorePlanIamPolicyArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkebackup:RestorePlanIamPolicy\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.RestorePlanIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkebackup.RestorePlanIamBinding(\"binding\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkebackup.RestorePlanIamBinding(\"binding\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeBackup.RestorePlanIamBinding(\"binding\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewRestorePlanIamBinding(ctx, \"binding\", \u0026gkebackup.RestorePlanIamBindingArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamBinding;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RestorePlanIamBinding(\"binding\", RestorePlanIamBindingArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkebackup:RestorePlanIamBinding\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkebackup.RestorePlanIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkebackup.RestorePlanIamMember(\"member\", {\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkebackup.RestorePlanIamMember(\"member\",\n project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeBackup.RestorePlanIamMember(\"member\", new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewRestorePlanIamMember(ctx, \"member\", \u0026gkebackup.RestorePlanIamMemberArgs{\n\t\t\tProject: pulumi.Any(allNs.Project),\n\t\t\tLocation: pulumi.Any(allNs.Location),\n\t\t\tName: pulumi.Any(allNs.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamMember;\nimport com.pulumi.gcp.gkebackup.RestorePlanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RestorePlanIamMember(\"member\", RestorePlanIamMemberArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkebackup:RestorePlanIamMember\n properties:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/restorePlans/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBackup for GKE restoreplan IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/restorePlanIamPolicy:RestorePlanIamPolicy editor \"projects/{{project}}/locations/{{location}}/restorePlans/{{restore_plan}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/restorePlanIamPolicy:RestorePlanIamPolicy editor \"projects/{{project}}/locations/{{location}}/restorePlans/{{restore_plan}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/restorePlanIamPolicy:RestorePlanIamPolicy editor projects/{{project}}/locations/{{location}}/restorePlans/{{restore_plan}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -216980,7 +216980,7 @@ } }, "gcp:gkehub/featureIamBinding:FeatureIamBinding": { - "description": "Three different resources help you manage your IAM policy for GKEHub Feature. Each of these resources serves a different use case:\n\n* `gcp.gkehub.FeatureIamPolicy`: Authoritative. Sets the IAM policy for the feature and replaces any existing policy already attached.\n* `gcp.gkehub.FeatureIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the feature are preserved.\n* `gcp.gkehub.FeatureIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the feature are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.FeatureIamPolicy`: Retrieves the IAM policy for the feature\n\n\u003e **Note:** `gcp.gkehub.FeatureIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.FeatureIamBinding` and `gcp.gkehub.FeatureIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.FeatureIamBinding` resources **can be** used in conjunction with `gcp.gkehub.FeatureIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.FeatureIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.FeatureIamPolicy(\"policy\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.FeatureIamPolicy(\"policy\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.FeatureIamPolicy(\"policy\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewFeatureIamPolicy(ctx, \"policy\", \u0026gkehub.FeatureIamPolicyArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicy;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FeatureIamPolicy(\"policy\", FeatureIamPolicyArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:FeatureIamPolicy\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.FeatureIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.FeatureIamBinding(\"binding\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.FeatureIamBinding(\"binding\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.FeatureIamBinding(\"binding\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamBinding(ctx, \"binding\", \u0026gkehub.FeatureIamBindingArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamBinding;\nimport com.pulumi.gcp.gkehub.FeatureIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FeatureIamBinding(\"binding\", FeatureIamBindingArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:FeatureIamBinding\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.FeatureIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.FeatureIamMember(\"member\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.FeatureIamMember(\"member\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.FeatureIamMember(\"member\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamMember(ctx, \"member\", \u0026gkehub.FeatureIamMemberArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamMember;\nimport com.pulumi.gcp.gkehub.FeatureIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FeatureIamMember(\"member\", FeatureIamMemberArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:FeatureIamMember\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for GKEHub Feature\nThree different resources help you manage your IAM policy for GKEHub Feature. Each of these resources serves a different use case:\n\n* `gcp.gkehub.FeatureIamPolicy`: Authoritative. Sets the IAM policy for the feature and replaces any existing policy already attached.\n* `gcp.gkehub.FeatureIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the feature are preserved.\n* `gcp.gkehub.FeatureIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the feature are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.FeatureIamPolicy`: Retrieves the IAM policy for the feature\n\n\u003e **Note:** `gcp.gkehub.FeatureIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.FeatureIamBinding` and `gcp.gkehub.FeatureIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.FeatureIamBinding` resources **can be** used in conjunction with `gcp.gkehub.FeatureIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.FeatureIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.FeatureIamPolicy(\"policy\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.FeatureIamPolicy(\"policy\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.FeatureIamPolicy(\"policy\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewFeatureIamPolicy(ctx, \"policy\", \u0026gkehub.FeatureIamPolicyArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicy;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FeatureIamPolicy(\"policy\", FeatureIamPolicyArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:FeatureIamPolicy\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.FeatureIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.FeatureIamBinding(\"binding\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.FeatureIamBinding(\"binding\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.FeatureIamBinding(\"binding\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamBinding(ctx, \"binding\", \u0026gkehub.FeatureIamBindingArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamBinding;\nimport com.pulumi.gcp.gkehub.FeatureIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FeatureIamBinding(\"binding\", FeatureIamBindingArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:FeatureIamBinding\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.FeatureIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.FeatureIamMember(\"member\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.FeatureIamMember(\"member\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.FeatureIamMember(\"member\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamMember(ctx, \"member\", \u0026gkehub.FeatureIamMemberArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamMember;\nimport com.pulumi.gcp.gkehub.FeatureIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FeatureIamMember(\"member\", FeatureIamMemberArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:FeatureIamMember\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/features/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub feature IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamBinding:FeatureIamBinding editor \"projects/{{project}}/locations/{{location}}/features/{{feature}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamBinding:FeatureIamBinding editor \"projects/{{project}}/locations/{{location}}/features/{{feature}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamBinding:FeatureIamBinding editor projects/{{project}}/locations/{{location}}/features/{{feature}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for GKEHub Feature. Each of these resources serves a different use case:\n\n* `gcp.gkehub.FeatureIamPolicy`: Authoritative. Sets the IAM policy for the feature and replaces any existing policy already attached.\n* `gcp.gkehub.FeatureIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the feature are preserved.\n* `gcp.gkehub.FeatureIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the feature are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.FeatureIamPolicy`: Retrieves the IAM policy for the feature\n\n\u003e **Note:** `gcp.gkehub.FeatureIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.FeatureIamBinding` and `gcp.gkehub.FeatureIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.FeatureIamBinding` resources **can be** used in conjunction with `gcp.gkehub.FeatureIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.FeatureIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.FeatureIamPolicy(\"policy\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.FeatureIamPolicy(\"policy\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.FeatureIamPolicy(\"policy\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewFeatureIamPolicy(ctx, \"policy\", \u0026gkehub.FeatureIamPolicyArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicy;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FeatureIamPolicy(\"policy\", FeatureIamPolicyArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:FeatureIamPolicy\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.FeatureIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.FeatureIamBinding(\"binding\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.FeatureIamBinding(\"binding\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.FeatureIamBinding(\"binding\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamBinding(ctx, \"binding\", \u0026gkehub.FeatureIamBindingArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamBinding;\nimport com.pulumi.gcp.gkehub.FeatureIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FeatureIamBinding(\"binding\", FeatureIamBindingArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:FeatureIamBinding\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.FeatureIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.FeatureIamMember(\"member\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.FeatureIamMember(\"member\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.FeatureIamMember(\"member\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamMember(ctx, \"member\", \u0026gkehub.FeatureIamMemberArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamMember;\nimport com.pulumi.gcp.gkehub.FeatureIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FeatureIamMember(\"member\", FeatureIamMemberArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:FeatureIamMember\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for GKEHub Feature\nThree different resources help you manage your IAM policy for GKEHub Feature. Each of these resources serves a different use case:\n\n* `gcp.gkehub.FeatureIamPolicy`: Authoritative. Sets the IAM policy for the feature and replaces any existing policy already attached.\n* `gcp.gkehub.FeatureIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the feature are preserved.\n* `gcp.gkehub.FeatureIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the feature are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.FeatureIamPolicy`: Retrieves the IAM policy for the feature\n\n\u003e **Note:** `gcp.gkehub.FeatureIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.FeatureIamBinding` and `gcp.gkehub.FeatureIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.FeatureIamBinding` resources **can be** used in conjunction with `gcp.gkehub.FeatureIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.FeatureIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.FeatureIamPolicy(\"policy\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.FeatureIamPolicy(\"policy\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.FeatureIamPolicy(\"policy\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewFeatureIamPolicy(ctx, \"policy\", \u0026gkehub.FeatureIamPolicyArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicy;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FeatureIamPolicy(\"policy\", FeatureIamPolicyArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:FeatureIamPolicy\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.FeatureIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.FeatureIamBinding(\"binding\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.FeatureIamBinding(\"binding\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.FeatureIamBinding(\"binding\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamBinding(ctx, \"binding\", \u0026gkehub.FeatureIamBindingArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamBinding;\nimport com.pulumi.gcp.gkehub.FeatureIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FeatureIamBinding(\"binding\", FeatureIamBindingArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:FeatureIamBinding\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.FeatureIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.FeatureIamMember(\"member\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.FeatureIamMember(\"member\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.FeatureIamMember(\"member\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamMember(ctx, \"member\", \u0026gkehub.FeatureIamMemberArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamMember;\nimport com.pulumi.gcp.gkehub.FeatureIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FeatureIamMember(\"member\", FeatureIamMemberArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:FeatureIamMember\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/features/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub feature IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamBinding:FeatureIamBinding editor \"projects/{{project}}/locations/{{location}}/features/{{feature}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamBinding:FeatureIamBinding editor \"projects/{{project}}/locations/{{location}}/features/{{feature}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamBinding:FeatureIamBinding editor projects/{{project}}/locations/{{location}}/features/{{feature}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:gkehub/FeatureIamBindingCondition:FeatureIamBindingCondition" @@ -217101,7 +217101,7 @@ } }, "gcp:gkehub/featureIamMember:FeatureIamMember": { - "description": "Three different resources help you manage your IAM policy for GKEHub Feature. Each of these resources serves a different use case:\n\n* `gcp.gkehub.FeatureIamPolicy`: Authoritative. Sets the IAM policy for the feature and replaces any existing policy already attached.\n* `gcp.gkehub.FeatureIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the feature are preserved.\n* `gcp.gkehub.FeatureIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the feature are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.FeatureIamPolicy`: Retrieves the IAM policy for the feature\n\n\u003e **Note:** `gcp.gkehub.FeatureIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.FeatureIamBinding` and `gcp.gkehub.FeatureIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.FeatureIamBinding` resources **can be** used in conjunction with `gcp.gkehub.FeatureIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.FeatureIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.FeatureIamPolicy(\"policy\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.FeatureIamPolicy(\"policy\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.FeatureIamPolicy(\"policy\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewFeatureIamPolicy(ctx, \"policy\", \u0026gkehub.FeatureIamPolicyArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicy;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FeatureIamPolicy(\"policy\", FeatureIamPolicyArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:FeatureIamPolicy\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.FeatureIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.FeatureIamBinding(\"binding\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.FeatureIamBinding(\"binding\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.FeatureIamBinding(\"binding\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamBinding(ctx, \"binding\", \u0026gkehub.FeatureIamBindingArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamBinding;\nimport com.pulumi.gcp.gkehub.FeatureIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FeatureIamBinding(\"binding\", FeatureIamBindingArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:FeatureIamBinding\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.FeatureIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.FeatureIamMember(\"member\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.FeatureIamMember(\"member\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.FeatureIamMember(\"member\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamMember(ctx, \"member\", \u0026gkehub.FeatureIamMemberArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamMember;\nimport com.pulumi.gcp.gkehub.FeatureIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FeatureIamMember(\"member\", FeatureIamMemberArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:FeatureIamMember\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for GKEHub Feature\nThree different resources help you manage your IAM policy for GKEHub Feature. Each of these resources serves a different use case:\n\n* `gcp.gkehub.FeatureIamPolicy`: Authoritative. Sets the IAM policy for the feature and replaces any existing policy already attached.\n* `gcp.gkehub.FeatureIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the feature are preserved.\n* `gcp.gkehub.FeatureIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the feature are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.FeatureIamPolicy`: Retrieves the IAM policy for the feature\n\n\u003e **Note:** `gcp.gkehub.FeatureIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.FeatureIamBinding` and `gcp.gkehub.FeatureIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.FeatureIamBinding` resources **can be** used in conjunction with `gcp.gkehub.FeatureIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.FeatureIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.FeatureIamPolicy(\"policy\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.FeatureIamPolicy(\"policy\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.FeatureIamPolicy(\"policy\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewFeatureIamPolicy(ctx, \"policy\", \u0026gkehub.FeatureIamPolicyArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicy;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FeatureIamPolicy(\"policy\", FeatureIamPolicyArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:FeatureIamPolicy\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.FeatureIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.FeatureIamBinding(\"binding\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.FeatureIamBinding(\"binding\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.FeatureIamBinding(\"binding\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamBinding(ctx, \"binding\", \u0026gkehub.FeatureIamBindingArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamBinding;\nimport com.pulumi.gcp.gkehub.FeatureIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FeatureIamBinding(\"binding\", FeatureIamBindingArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:FeatureIamBinding\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.FeatureIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.FeatureIamMember(\"member\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.FeatureIamMember(\"member\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.FeatureIamMember(\"member\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamMember(ctx, \"member\", \u0026gkehub.FeatureIamMemberArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamMember;\nimport com.pulumi.gcp.gkehub.FeatureIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FeatureIamMember(\"member\", FeatureIamMemberArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:FeatureIamMember\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/features/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub feature IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamMember:FeatureIamMember editor \"projects/{{project}}/locations/{{location}}/features/{{feature}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamMember:FeatureIamMember editor \"projects/{{project}}/locations/{{location}}/features/{{feature}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamMember:FeatureIamMember editor projects/{{project}}/locations/{{location}}/features/{{feature}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for GKEHub Feature. Each of these resources serves a different use case:\n\n* `gcp.gkehub.FeatureIamPolicy`: Authoritative. Sets the IAM policy for the feature and replaces any existing policy already attached.\n* `gcp.gkehub.FeatureIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the feature are preserved.\n* `gcp.gkehub.FeatureIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the feature are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.FeatureIamPolicy`: Retrieves the IAM policy for the feature\n\n\u003e **Note:** `gcp.gkehub.FeatureIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.FeatureIamBinding` and `gcp.gkehub.FeatureIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.FeatureIamBinding` resources **can be** used in conjunction with `gcp.gkehub.FeatureIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.FeatureIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.FeatureIamPolicy(\"policy\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.FeatureIamPolicy(\"policy\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.FeatureIamPolicy(\"policy\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewFeatureIamPolicy(ctx, \"policy\", \u0026gkehub.FeatureIamPolicyArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicy;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FeatureIamPolicy(\"policy\", FeatureIamPolicyArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:FeatureIamPolicy\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.FeatureIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.FeatureIamBinding(\"binding\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.FeatureIamBinding(\"binding\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.FeatureIamBinding(\"binding\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamBinding(ctx, \"binding\", \u0026gkehub.FeatureIamBindingArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamBinding;\nimport com.pulumi.gcp.gkehub.FeatureIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FeatureIamBinding(\"binding\", FeatureIamBindingArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:FeatureIamBinding\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.FeatureIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.FeatureIamMember(\"member\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.FeatureIamMember(\"member\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.FeatureIamMember(\"member\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamMember(ctx, \"member\", \u0026gkehub.FeatureIamMemberArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamMember;\nimport com.pulumi.gcp.gkehub.FeatureIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FeatureIamMember(\"member\", FeatureIamMemberArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:FeatureIamMember\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for GKEHub Feature\nThree different resources help you manage your IAM policy for GKEHub Feature. Each of these resources serves a different use case:\n\n* `gcp.gkehub.FeatureIamPolicy`: Authoritative. Sets the IAM policy for the feature and replaces any existing policy already attached.\n* `gcp.gkehub.FeatureIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the feature are preserved.\n* `gcp.gkehub.FeatureIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the feature are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.FeatureIamPolicy`: Retrieves the IAM policy for the feature\n\n\u003e **Note:** `gcp.gkehub.FeatureIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.FeatureIamBinding` and `gcp.gkehub.FeatureIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.FeatureIamBinding` resources **can be** used in conjunction with `gcp.gkehub.FeatureIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.FeatureIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.FeatureIamPolicy(\"policy\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.FeatureIamPolicy(\"policy\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.FeatureIamPolicy(\"policy\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewFeatureIamPolicy(ctx, \"policy\", \u0026gkehub.FeatureIamPolicyArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicy;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FeatureIamPolicy(\"policy\", FeatureIamPolicyArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:FeatureIamPolicy\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.FeatureIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.FeatureIamBinding(\"binding\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.FeatureIamBinding(\"binding\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.FeatureIamBinding(\"binding\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamBinding(ctx, \"binding\", \u0026gkehub.FeatureIamBindingArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamBinding;\nimport com.pulumi.gcp.gkehub.FeatureIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FeatureIamBinding(\"binding\", FeatureIamBindingArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:FeatureIamBinding\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.FeatureIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.FeatureIamMember(\"member\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.FeatureIamMember(\"member\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.FeatureIamMember(\"member\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamMember(ctx, \"member\", \u0026gkehub.FeatureIamMemberArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamMember;\nimport com.pulumi.gcp.gkehub.FeatureIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FeatureIamMember(\"member\", FeatureIamMemberArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:FeatureIamMember\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/features/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub feature IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamMember:FeatureIamMember editor \"projects/{{project}}/locations/{{location}}/features/{{feature}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamMember:FeatureIamMember editor \"projects/{{project}}/locations/{{location}}/features/{{feature}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamMember:FeatureIamMember editor projects/{{project}}/locations/{{location}}/features/{{feature}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:gkehub/FeatureIamMemberCondition:FeatureIamMemberCondition" @@ -217215,7 +217215,7 @@ } }, "gcp:gkehub/featureIamPolicy:FeatureIamPolicy": { - "description": "Three different resources help you manage your IAM policy for GKEHub Feature. Each of these resources serves a different use case:\n\n* `gcp.gkehub.FeatureIamPolicy`: Authoritative. Sets the IAM policy for the feature and replaces any existing policy already attached.\n* `gcp.gkehub.FeatureIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the feature are preserved.\n* `gcp.gkehub.FeatureIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the feature are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.FeatureIamPolicy`: Retrieves the IAM policy for the feature\n\n\u003e **Note:** `gcp.gkehub.FeatureIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.FeatureIamBinding` and `gcp.gkehub.FeatureIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.FeatureIamBinding` resources **can be** used in conjunction with `gcp.gkehub.FeatureIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.FeatureIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.FeatureIamPolicy(\"policy\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.FeatureIamPolicy(\"policy\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.FeatureIamPolicy(\"policy\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewFeatureIamPolicy(ctx, \"policy\", \u0026gkehub.FeatureIamPolicyArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicy;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FeatureIamPolicy(\"policy\", FeatureIamPolicyArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:FeatureIamPolicy\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.FeatureIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.FeatureIamBinding(\"binding\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.FeatureIamBinding(\"binding\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.FeatureIamBinding(\"binding\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamBinding(ctx, \"binding\", \u0026gkehub.FeatureIamBindingArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamBinding;\nimport com.pulumi.gcp.gkehub.FeatureIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FeatureIamBinding(\"binding\", FeatureIamBindingArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:FeatureIamBinding\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.FeatureIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.FeatureIamMember(\"member\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.FeatureIamMember(\"member\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.FeatureIamMember(\"member\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamMember(ctx, \"member\", \u0026gkehub.FeatureIamMemberArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamMember;\nimport com.pulumi.gcp.gkehub.FeatureIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FeatureIamMember(\"member\", FeatureIamMemberArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:FeatureIamMember\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for GKEHub Feature\nThree different resources help you manage your IAM policy for GKEHub Feature. Each of these resources serves a different use case:\n\n* `gcp.gkehub.FeatureIamPolicy`: Authoritative. Sets the IAM policy for the feature and replaces any existing policy already attached.\n* `gcp.gkehub.FeatureIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the feature are preserved.\n* `gcp.gkehub.FeatureIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the feature are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.FeatureIamPolicy`: Retrieves the IAM policy for the feature\n\n\u003e **Note:** `gcp.gkehub.FeatureIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.FeatureIamBinding` and `gcp.gkehub.FeatureIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.FeatureIamBinding` resources **can be** used in conjunction with `gcp.gkehub.FeatureIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.FeatureIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.FeatureIamPolicy(\"policy\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.FeatureIamPolicy(\"policy\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.FeatureIamPolicy(\"policy\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewFeatureIamPolicy(ctx, \"policy\", \u0026gkehub.FeatureIamPolicyArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicy;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FeatureIamPolicy(\"policy\", FeatureIamPolicyArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:FeatureIamPolicy\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.FeatureIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.FeatureIamBinding(\"binding\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.FeatureIamBinding(\"binding\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.FeatureIamBinding(\"binding\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamBinding(ctx, \"binding\", \u0026gkehub.FeatureIamBindingArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamBinding;\nimport com.pulumi.gcp.gkehub.FeatureIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FeatureIamBinding(\"binding\", FeatureIamBindingArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:FeatureIamBinding\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.FeatureIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.FeatureIamMember(\"member\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.FeatureIamMember(\"member\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.FeatureIamMember(\"member\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamMember(ctx, \"member\", \u0026gkehub.FeatureIamMemberArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamMember;\nimport com.pulumi.gcp.gkehub.FeatureIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FeatureIamMember(\"member\", FeatureIamMemberArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:FeatureIamMember\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/features/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub feature IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamPolicy:FeatureIamPolicy editor \"projects/{{project}}/locations/{{location}}/features/{{feature}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamPolicy:FeatureIamPolicy editor \"projects/{{project}}/locations/{{location}}/features/{{feature}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamPolicy:FeatureIamPolicy editor projects/{{project}}/locations/{{location}}/features/{{feature}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for GKEHub Feature. Each of these resources serves a different use case:\n\n* `gcp.gkehub.FeatureIamPolicy`: Authoritative. Sets the IAM policy for the feature and replaces any existing policy already attached.\n* `gcp.gkehub.FeatureIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the feature are preserved.\n* `gcp.gkehub.FeatureIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the feature are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.FeatureIamPolicy`: Retrieves the IAM policy for the feature\n\n\u003e **Note:** `gcp.gkehub.FeatureIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.FeatureIamBinding` and `gcp.gkehub.FeatureIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.FeatureIamBinding` resources **can be** used in conjunction with `gcp.gkehub.FeatureIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.FeatureIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.FeatureIamPolicy(\"policy\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.FeatureIamPolicy(\"policy\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.FeatureIamPolicy(\"policy\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewFeatureIamPolicy(ctx, \"policy\", \u0026gkehub.FeatureIamPolicyArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicy;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FeatureIamPolicy(\"policy\", FeatureIamPolicyArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:FeatureIamPolicy\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.FeatureIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.FeatureIamBinding(\"binding\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.FeatureIamBinding(\"binding\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.FeatureIamBinding(\"binding\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamBinding(ctx, \"binding\", \u0026gkehub.FeatureIamBindingArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamBinding;\nimport com.pulumi.gcp.gkehub.FeatureIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FeatureIamBinding(\"binding\", FeatureIamBindingArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:FeatureIamBinding\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.FeatureIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.FeatureIamMember(\"member\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.FeatureIamMember(\"member\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.FeatureIamMember(\"member\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamMember(ctx, \"member\", \u0026gkehub.FeatureIamMemberArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamMember;\nimport com.pulumi.gcp.gkehub.FeatureIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FeatureIamMember(\"member\", FeatureIamMemberArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:FeatureIamMember\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for GKEHub Feature\nThree different resources help you manage your IAM policy for GKEHub Feature. Each of these resources serves a different use case:\n\n* `gcp.gkehub.FeatureIamPolicy`: Authoritative. Sets the IAM policy for the feature and replaces any existing policy already attached.\n* `gcp.gkehub.FeatureIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the feature are preserved.\n* `gcp.gkehub.FeatureIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the feature are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.FeatureIamPolicy`: Retrieves the IAM policy for the feature\n\n\u003e **Note:** `gcp.gkehub.FeatureIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.FeatureIamBinding` and `gcp.gkehub.FeatureIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.FeatureIamBinding` resources **can be** used in conjunction with `gcp.gkehub.FeatureIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.FeatureIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.FeatureIamPolicy(\"policy\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.FeatureIamPolicy(\"policy\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.FeatureIamPolicy(\"policy\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewFeatureIamPolicy(ctx, \"policy\", \u0026gkehub.FeatureIamPolicyArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicy;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FeatureIamPolicy(\"policy\", FeatureIamPolicyArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:FeatureIamPolicy\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.FeatureIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.FeatureIamBinding(\"binding\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.FeatureIamBinding(\"binding\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.FeatureIamBinding(\"binding\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamBinding(ctx, \"binding\", \u0026gkehub.FeatureIamBindingArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamBinding;\nimport com.pulumi.gcp.gkehub.FeatureIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FeatureIamBinding(\"binding\", FeatureIamBindingArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:FeatureIamBinding\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.FeatureIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.FeatureIamMember(\"member\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.FeatureIamMember(\"member\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.FeatureIamMember(\"member\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamMember(ctx, \"member\", \u0026gkehub.FeatureIamMemberArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamMember;\nimport com.pulumi.gcp.gkehub.FeatureIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FeatureIamMember(\"member\", FeatureIamMemberArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:FeatureIamMember\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/features/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub feature IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamPolicy:FeatureIamPolicy editor \"projects/{{project}}/locations/{{location}}/features/{{feature}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamPolicy:FeatureIamPolicy editor \"projects/{{project}}/locations/{{location}}/features/{{feature}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamPolicy:FeatureIamPolicy editor projects/{{project}}/locations/{{location}}/features/{{feature}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -217702,7 +217702,7 @@ } }, "gcp:gkehub/membershipBinding:MembershipBinding": { - "description": "MembershipBinding is a subresource of a Membership, representing what Fleet Scopes (or other, future Fleet resources) a Membership is bound to.\n\n\nTo get more information about MembershipBinding, see:\n\n* [API documentation](https://cloud.google.com/anthos/fleet-management/docs/reference/rest/v1/projects.locations.memberships.bindings)\n* How-to Guides\n * [Registering a Cluster](https://cloud.google.com/anthos/multicluster-management/connect/registering-a-cluster#register_cluster)\n\n## Example Usage\n\n### Gkehub Membership Binding Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst primary = new gcp.container.Cluster(\"primary\", {\n name: \"basic-cluster\",\n location: \"us-central1-a\",\n initialNodeCount: 1,\n deletionProtection: true,\n network: \"default\",\n subnetwork: \"default\",\n});\nconst membership = new gcp.gkehub.Membership(\"membership\", {\n membershipId: \"tf-test-membership_9106\",\n endpoint: {\n gkeCluster: {\n resourceLink: pulumi.interpolate`//container.googleapis.com/${primary.id}`,\n },\n },\n}, {\n dependsOn: [primary],\n});\nconst scope = new gcp.gkehub.Scope(\"scope\", {scopeId: \"tf-test-scope_27169\"});\nconst membershipBinding = new gcp.gkehub.MembershipBinding(\"membership_binding\", {\n membershipBindingId: \"tf-test-membership-binding_75223\",\n scope: scope.name,\n membershipId: membership.membershipId,\n location: \"global\",\n labels: {\n keyb: \"valueb\",\n keya: \"valuea\",\n keyc: \"valuec\",\n },\n}, {\n dependsOn: [\n membership,\n scope,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprimary = gcp.container.Cluster(\"primary\",\n name=\"basic-cluster\",\n location=\"us-central1-a\",\n initial_node_count=1,\n deletion_protection=True,\n network=\"default\",\n subnetwork=\"default\")\nmembership = gcp.gkehub.Membership(\"membership\",\n membership_id=\"tf-test-membership_9106\",\n endpoint={\n \"gke_cluster\": {\n \"resource_link\": primary.id.apply(lambda id: f\"//container.googleapis.com/{id}\"),\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[primary]))\nscope = gcp.gkehub.Scope(\"scope\", scope_id=\"tf-test-scope_27169\")\nmembership_binding = gcp.gkehub.MembershipBinding(\"membership_binding\",\n membership_binding_id=\"tf-test-membership-binding_75223\",\n scope=scope.name,\n membership_id=membership.membership_id,\n location=\"global\",\n labels={\n \"keyb\": \"valueb\",\n \"keya\": \"valuea\",\n \"keyc\": \"valuec\",\n },\n opts = pulumi.ResourceOptions(depends_on=[\n membership,\n scope,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Gcp.Container.Cluster(\"primary\", new()\n {\n Name = \"basic-cluster\",\n Location = \"us-central1-a\",\n InitialNodeCount = 1,\n DeletionProtection = true,\n Network = \"default\",\n Subnetwork = \"default\",\n });\n\n var membership = new Gcp.GkeHub.Membership(\"membership\", new()\n {\n MembershipId = \"tf-test-membership_9106\",\n Endpoint = new Gcp.GkeHub.Inputs.MembershipEndpointArgs\n {\n GkeCluster = new Gcp.GkeHub.Inputs.MembershipEndpointGkeClusterArgs\n {\n ResourceLink = primary.Id.Apply(id =\u003e $\"//container.googleapis.com/{id}\"),\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n primary,\n },\n });\n\n var scope = new Gcp.GkeHub.Scope(\"scope\", new()\n {\n ScopeId = \"tf-test-scope_27169\",\n });\n\n var membershipBinding = new Gcp.GkeHub.MembershipBinding(\"membership_binding\", new()\n {\n MembershipBindingId = \"tf-test-membership-binding_75223\",\n Scope = scope.Name,\n MembershipId = membership.MembershipId,\n Location = \"global\",\n Labels = \n {\n { \"keyb\", \"valueb\" },\n { \"keya\", \"valuea\" },\n { \"keyc\", \"valuec\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n membership,\n scope,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprimary, err := container.NewCluster(ctx, \"primary\", \u0026container.ClusterArgs{\n\t\t\tName: pulumi.String(\"basic-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1-a\"),\n\t\t\tInitialNodeCount: pulumi.Int(1),\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\tSubnetwork: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmembership, err := gkehub.NewMembership(ctx, \"membership\", \u0026gkehub.MembershipArgs{\n\t\t\tMembershipId: pulumi.String(\"tf-test-membership_9106\"),\n\t\t\tEndpoint: \u0026gkehub.MembershipEndpointArgs{\n\t\t\t\tGkeCluster: \u0026gkehub.MembershipEndpointGkeClusterArgs{\n\t\t\t\t\tResourceLink: primary.ID().ApplyT(func(id string) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"//container.googleapis.com/%v\", id), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tprimary,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tscope, err := gkehub.NewScope(ctx, \"scope\", \u0026gkehub.ScopeArgs{\n\t\t\tScopeId: pulumi.String(\"tf-test-scope_27169\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewMembershipBinding(ctx, \"membership_binding\", \u0026gkehub.MembershipBindingArgs{\n\t\t\tMembershipBindingId: pulumi.String(\"tf-test-membership-binding_75223\"),\n\t\t\tScope: scope.Name,\n\t\t\tMembershipId: membership.MembershipId,\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"keyb\": pulumi.String(\"valueb\"),\n\t\t\t\t\"keya\": pulumi.String(\"valuea\"),\n\t\t\t\t\"keyc\": pulumi.String(\"valuec\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tmembership,\n\t\t\tscope,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.Cluster;\nimport com.pulumi.gcp.container.ClusterArgs;\nimport com.pulumi.gcp.gkehub.Membership;\nimport com.pulumi.gcp.gkehub.MembershipArgs;\nimport com.pulumi.gcp.gkehub.inputs.MembershipEndpointArgs;\nimport com.pulumi.gcp.gkehub.inputs.MembershipEndpointGkeClusterArgs;\nimport com.pulumi.gcp.gkehub.Scope;\nimport com.pulumi.gcp.gkehub.ScopeArgs;\nimport com.pulumi.gcp.gkehub.MembershipBinding;\nimport com.pulumi.gcp.gkehub.MembershipBindingArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Cluster(\"primary\", ClusterArgs.builder()\n .name(\"basic-cluster\")\n .location(\"us-central1-a\")\n .initialNodeCount(1)\n .deletionProtection(true)\n .network(\"default\")\n .subnetwork(\"default\")\n .build());\n\n var membership = new Membership(\"membership\", MembershipArgs.builder()\n .membershipId(\"tf-test-membership_9106\")\n .endpoint(MembershipEndpointArgs.builder()\n .gkeCluster(MembershipEndpointGkeClusterArgs.builder()\n .resourceLink(primary.id().applyValue(id -\u003e String.format(\"//container.googleapis.com/%s\", id)))\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(primary)\n .build());\n\n var scope = new Scope(\"scope\", ScopeArgs.builder()\n .scopeId(\"tf-test-scope_27169\")\n .build());\n\n var membershipBinding = new MembershipBinding(\"membershipBinding\", MembershipBindingArgs.builder()\n .membershipBindingId(\"tf-test-membership-binding_75223\")\n .scope(scope.name())\n .membershipId(membership.membershipId())\n .location(\"global\")\n .labels(Map.ofEntries(\n Map.entry(\"keyb\", \"valueb\"),\n Map.entry(\"keya\", \"valuea\"),\n Map.entry(\"keyc\", \"valuec\")\n ))\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n membership,\n scope)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:Cluster\n properties:\n name: basic-cluster\n location: us-central1-a\n initialNodeCount: 1\n deletionProtection: true\n network: default\n subnetwork: default\n membership:\n type: gcp:gkehub:Membership\n properties:\n membershipId: tf-test-membership_9106\n endpoint:\n gkeCluster:\n resourceLink: //container.googleapis.com/${primary.id}\n options:\n dependson:\n - ${primary}\n scope:\n type: gcp:gkehub:Scope\n properties:\n scopeId: tf-test-scope_27169\n membershipBinding:\n type: gcp:gkehub:MembershipBinding\n name: membership_binding\n properties:\n membershipBindingId: tf-test-membership-binding_75223\n scope: ${scope.name}\n membershipId: ${membership.membershipId}\n location: global\n labels:\n keyb: valueb\n keya: valuea\n keyc: valuec\n options:\n dependson:\n - ${membership}\n - ${scope}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nMembershipBinding can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}/bindings/{{membership_binding_id}}`\n\n* `{{project}}/{{location}}/{{membership_id}}/{{membership_binding_id}}`\n\n* `{{location}}/{{membership_id}}/{{membership_binding_id}}`\n\nWhen using the `pulumi import` command, MembershipBinding can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:gkehub/membershipBinding:MembershipBinding default projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}/bindings/{{membership_binding_id}}\n```\n\n```sh\n$ pulumi import gcp:gkehub/membershipBinding:MembershipBinding default {{project}}/{{location}}/{{membership_id}}/{{membership_binding_id}}\n```\n\n```sh\n$ pulumi import gcp:gkehub/membershipBinding:MembershipBinding default {{location}}/{{membership_id}}/{{membership_binding_id}}\n```\n\n", + "description": "MembershipBinding is a subresource of a Membership, representing what Fleet Scopes (or other, future Fleet resources) a Membership is bound to.\n\n\nTo get more information about MembershipBinding, see:\n\n* [API documentation](https://cloud.google.com/anthos/fleet-management/docs/reference/rest/v1/projects.locations.memberships.bindings)\n* How-to Guides\n * [Registering a Cluster](https://cloud.google.com/anthos/multicluster-management/connect/registering-a-cluster#register_cluster)\n\n## Example Usage\n\n### Gkehub Membership Binding Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst primary = new gcp.container.Cluster(\"primary\", {\n name: \"basic-cluster\",\n location: \"us-central1-a\",\n initialNodeCount: 1,\n deletionProtection: true,\n network: \"default\",\n subnetwork: \"default\",\n});\nconst membership = new gcp.gkehub.Membership(\"membership\", {\n membershipId: \"tf-test-membership_9106\",\n endpoint: {\n gkeCluster: {\n resourceLink: pulumi.interpolate`//container.googleapis.com/${primary.id}`,\n },\n },\n}, {\n dependsOn: [primary],\n});\nconst scope = new gcp.gkehub.Scope(\"scope\", {scopeId: \"tf-test-scope_27169\"});\nconst membershipBinding = new gcp.gkehub.MembershipBinding(\"membership_binding\", {\n membershipBindingId: \"tf-test-membership-binding_75223\",\n scope: scope.name,\n membershipId: membership.membershipId,\n location: \"global\",\n labels: {\n keyb: \"valueb\",\n keya: \"valuea\",\n keyc: \"valuec\",\n },\n}, {\n dependsOn: [\n membership,\n scope,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprimary = gcp.container.Cluster(\"primary\",\n name=\"basic-cluster\",\n location=\"us-central1-a\",\n initial_node_count=1,\n deletion_protection=True,\n network=\"default\",\n subnetwork=\"default\")\nmembership = gcp.gkehub.Membership(\"membership\",\n membership_id=\"tf-test-membership_9106\",\n endpoint={\n \"gke_cluster\": {\n \"resource_link\": primary.id.apply(lambda id: f\"//container.googleapis.com/{id}\"),\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[primary]))\nscope = gcp.gkehub.Scope(\"scope\", scope_id=\"tf-test-scope_27169\")\nmembership_binding = gcp.gkehub.MembershipBinding(\"membership_binding\",\n membership_binding_id=\"tf-test-membership-binding_75223\",\n scope=scope.name,\n membership_id=membership.membership_id,\n location=\"global\",\n labels={\n \"keyb\": \"valueb\",\n \"keya\": \"valuea\",\n \"keyc\": \"valuec\",\n },\n opts = pulumi.ResourceOptions(depends_on=[\n membership,\n scope,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Gcp.Container.Cluster(\"primary\", new()\n {\n Name = \"basic-cluster\",\n Location = \"us-central1-a\",\n InitialNodeCount = 1,\n DeletionProtection = true,\n Network = \"default\",\n Subnetwork = \"default\",\n });\n\n var membership = new Gcp.GkeHub.Membership(\"membership\", new()\n {\n MembershipId = \"tf-test-membership_9106\",\n Endpoint = new Gcp.GkeHub.Inputs.MembershipEndpointArgs\n {\n GkeCluster = new Gcp.GkeHub.Inputs.MembershipEndpointGkeClusterArgs\n {\n ResourceLink = primary.Id.Apply(id =\u003e $\"//container.googleapis.com/{id}\"),\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n primary,\n },\n });\n\n var scope = new Gcp.GkeHub.Scope(\"scope\", new()\n {\n ScopeId = \"tf-test-scope_27169\",\n });\n\n var membershipBinding = new Gcp.GkeHub.MembershipBinding(\"membership_binding\", new()\n {\n MembershipBindingId = \"tf-test-membership-binding_75223\",\n Scope = scope.Name,\n MembershipId = membership.MembershipId,\n Location = \"global\",\n Labels = \n {\n { \"keyb\", \"valueb\" },\n { \"keya\", \"valuea\" },\n { \"keyc\", \"valuec\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n membership,\n scope,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprimary, err := container.NewCluster(ctx, \"primary\", \u0026container.ClusterArgs{\n\t\t\tName: pulumi.String(\"basic-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1-a\"),\n\t\t\tInitialNodeCount: pulumi.Int(1),\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\tSubnetwork: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmembership, err := gkehub.NewMembership(ctx, \"membership\", \u0026gkehub.MembershipArgs{\n\t\t\tMembershipId: pulumi.String(\"tf-test-membership_9106\"),\n\t\t\tEndpoint: \u0026gkehub.MembershipEndpointArgs{\n\t\t\t\tGkeCluster: \u0026gkehub.MembershipEndpointGkeClusterArgs{\n\t\t\t\t\tResourceLink: primary.ID().ApplyT(func(id string) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"//container.googleapis.com/%v\", id), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tprimary,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tscope, err := gkehub.NewScope(ctx, \"scope\", \u0026gkehub.ScopeArgs{\n\t\t\tScopeId: pulumi.String(\"tf-test-scope_27169\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewMembershipBinding(ctx, \"membership_binding\", \u0026gkehub.MembershipBindingArgs{\n\t\t\tMembershipBindingId: pulumi.String(\"tf-test-membership-binding_75223\"),\n\t\t\tScope: scope.Name,\n\t\t\tMembershipId: membership.MembershipId,\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"keyb\": pulumi.String(\"valueb\"),\n\t\t\t\t\"keya\": pulumi.String(\"valuea\"),\n\t\t\t\t\"keyc\": pulumi.String(\"valuec\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tmembership,\n\t\t\tscope,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.Cluster;\nimport com.pulumi.gcp.container.ClusterArgs;\nimport com.pulumi.gcp.gkehub.Membership;\nimport com.pulumi.gcp.gkehub.MembershipArgs;\nimport com.pulumi.gcp.gkehub.inputs.MembershipEndpointArgs;\nimport com.pulumi.gcp.gkehub.inputs.MembershipEndpointGkeClusterArgs;\nimport com.pulumi.gcp.gkehub.Scope;\nimport com.pulumi.gcp.gkehub.ScopeArgs;\nimport com.pulumi.gcp.gkehub.MembershipBinding;\nimport com.pulumi.gcp.gkehub.MembershipBindingArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Cluster(\"primary\", ClusterArgs.builder()\n .name(\"basic-cluster\")\n .location(\"us-central1-a\")\n .initialNodeCount(1)\n .deletionProtection(true)\n .network(\"default\")\n .subnetwork(\"default\")\n .build());\n\n var membership = new Membership(\"membership\", MembershipArgs.builder()\n .membershipId(\"tf-test-membership_9106\")\n .endpoint(MembershipEndpointArgs.builder()\n .gkeCluster(MembershipEndpointGkeClusterArgs.builder()\n .resourceLink(primary.id().applyValue(id -\u003e String.format(\"//container.googleapis.com/%s\", id)))\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(primary)\n .build());\n\n var scope = new Scope(\"scope\", ScopeArgs.builder()\n .scopeId(\"tf-test-scope_27169\")\n .build());\n\n var membershipBinding = new MembershipBinding(\"membershipBinding\", MembershipBindingArgs.builder()\n .membershipBindingId(\"tf-test-membership-binding_75223\")\n .scope(scope.name())\n .membershipId(membership.membershipId())\n .location(\"global\")\n .labels(Map.ofEntries(\n Map.entry(\"keyb\", \"valueb\"),\n Map.entry(\"keya\", \"valuea\"),\n Map.entry(\"keyc\", \"valuec\")\n ))\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n membership,\n scope)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:Cluster\n properties:\n name: basic-cluster\n location: us-central1-a\n initialNodeCount: 1\n deletionProtection: true\n network: default\n subnetwork: default\n membership:\n type: gcp:gkehub:Membership\n properties:\n membershipId: tf-test-membership_9106\n endpoint:\n gkeCluster:\n resourceLink: //container.googleapis.com/${primary.id}\n options:\n dependsOn:\n - ${primary}\n scope:\n type: gcp:gkehub:Scope\n properties:\n scopeId: tf-test-scope_27169\n membershipBinding:\n type: gcp:gkehub:MembershipBinding\n name: membership_binding\n properties:\n membershipBindingId: tf-test-membership-binding_75223\n scope: ${scope.name}\n membershipId: ${membership.membershipId}\n location: global\n labels:\n keyb: valueb\n keya: valuea\n keyc: valuec\n options:\n dependsOn:\n - ${membership}\n - ${scope}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nMembershipBinding can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}/bindings/{{membership_binding_id}}`\n\n* `{{project}}/{{location}}/{{membership_id}}/{{membership_binding_id}}`\n\n* `{{location}}/{{membership_id}}/{{membership_binding_id}}`\n\nWhen using the `pulumi import` command, MembershipBinding can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:gkehub/membershipBinding:MembershipBinding default projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}/bindings/{{membership_binding_id}}\n```\n\n```sh\n$ pulumi import gcp:gkehub/membershipBinding:MembershipBinding default {{project}}/{{location}}/{{membership_id}}/{{membership_binding_id}}\n```\n\n```sh\n$ pulumi import gcp:gkehub/membershipBinding:MembershipBinding default {{location}}/{{membership_id}}/{{membership_binding_id}}\n```\n\n", "properties": { "createTime": { "type": "string", @@ -217911,7 +217911,7 @@ } }, "gcp:gkehub/membershipIamBinding:MembershipIamBinding": { - "description": "Three different resources help you manage your IAM policy for GKEHub Membership. Each of these resources serves a different use case:\n\n* `gcp.gkehub.MembershipIamPolicy`: Authoritative. Sets the IAM policy for the membership and replaces any existing policy already attached.\n* `gcp.gkehub.MembershipIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the membership are preserved.\n* `gcp.gkehub.MembershipIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the membership are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.MembershipIamPolicy`: Retrieves the IAM policy for the membership\n\n\u003e **Note:** `gcp.gkehub.MembershipIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.MembershipIamBinding` and `gcp.gkehub.MembershipIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.MembershipIamBinding` resources **can be** used in conjunction with `gcp.gkehub.MembershipIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.MembershipIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.MembershipIamPolicy(\"policy\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.MembershipIamPolicy(\"policy\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.MembershipIamPolicy(\"policy\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewMembershipIamPolicy(ctx, \"policy\", \u0026gkehub.MembershipIamPolicyArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicy;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MembershipIamPolicy(\"policy\", MembershipIamPolicyArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:MembershipIamPolicy\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.MembershipIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.MembershipIamBinding(\"binding\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.MembershipIamBinding(\"binding\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.MembershipIamBinding(\"binding\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamBinding(ctx, \"binding\", \u0026gkehub.MembershipIamBindingArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamBinding;\nimport com.pulumi.gcp.gkehub.MembershipIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MembershipIamBinding(\"binding\", MembershipIamBindingArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:MembershipIamBinding\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.MembershipIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.MembershipIamMember(\"member\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.MembershipIamMember(\"member\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.MembershipIamMember(\"member\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamMember(ctx, \"member\", \u0026gkehub.MembershipIamMemberArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamMember;\nimport com.pulumi.gcp.gkehub.MembershipIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MembershipIamMember(\"member\", MembershipIamMemberArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:MembershipIamMember\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for GKEHub Membership\nThree different resources help you manage your IAM policy for GKEHub Membership. Each of these resources serves a different use case:\n\n* `gcp.gkehub.MembershipIamPolicy`: Authoritative. Sets the IAM policy for the membership and replaces any existing policy already attached.\n* `gcp.gkehub.MembershipIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the membership are preserved.\n* `gcp.gkehub.MembershipIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the membership are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.MembershipIamPolicy`: Retrieves the IAM policy for the membership\n\n\u003e **Note:** `gcp.gkehub.MembershipIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.MembershipIamBinding` and `gcp.gkehub.MembershipIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.MembershipIamBinding` resources **can be** used in conjunction with `gcp.gkehub.MembershipIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.MembershipIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.MembershipIamPolicy(\"policy\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.MembershipIamPolicy(\"policy\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.MembershipIamPolicy(\"policy\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewMembershipIamPolicy(ctx, \"policy\", \u0026gkehub.MembershipIamPolicyArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicy;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MembershipIamPolicy(\"policy\", MembershipIamPolicyArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:MembershipIamPolicy\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.MembershipIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.MembershipIamBinding(\"binding\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.MembershipIamBinding(\"binding\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.MembershipIamBinding(\"binding\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamBinding(ctx, \"binding\", \u0026gkehub.MembershipIamBindingArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamBinding;\nimport com.pulumi.gcp.gkehub.MembershipIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MembershipIamBinding(\"binding\", MembershipIamBindingArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:MembershipIamBinding\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.MembershipIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.MembershipIamMember(\"member\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.MembershipIamMember(\"member\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.MembershipIamMember(\"member\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamMember(ctx, \"member\", \u0026gkehub.MembershipIamMemberArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamMember;\nimport com.pulumi.gcp.gkehub.MembershipIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MembershipIamMember(\"member\", MembershipIamMemberArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:MembershipIamMember\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}\n\n* {{project}}/{{location}}/{{membership_id}}\n\n* {{location}}/{{membership_id}}\n\n* {{membership_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub membership IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamBinding:MembershipIamBinding editor \"projects/{{project}}/locations/{{location}}/memberships/{{membership_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamBinding:MembershipIamBinding editor \"projects/{{project}}/locations/{{location}}/memberships/{{membership_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamBinding:MembershipIamBinding editor projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for GKEHub Membership. Each of these resources serves a different use case:\n\n* `gcp.gkehub.MembershipIamPolicy`: Authoritative. Sets the IAM policy for the membership and replaces any existing policy already attached.\n* `gcp.gkehub.MembershipIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the membership are preserved.\n* `gcp.gkehub.MembershipIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the membership are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.MembershipIamPolicy`: Retrieves the IAM policy for the membership\n\n\u003e **Note:** `gcp.gkehub.MembershipIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.MembershipIamBinding` and `gcp.gkehub.MembershipIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.MembershipIamBinding` resources **can be** used in conjunction with `gcp.gkehub.MembershipIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.MembershipIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.MembershipIamPolicy(\"policy\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.MembershipIamPolicy(\"policy\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.MembershipIamPolicy(\"policy\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewMembershipIamPolicy(ctx, \"policy\", \u0026gkehub.MembershipIamPolicyArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicy;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MembershipIamPolicy(\"policy\", MembershipIamPolicyArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:MembershipIamPolicy\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.MembershipIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.MembershipIamBinding(\"binding\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.MembershipIamBinding(\"binding\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.MembershipIamBinding(\"binding\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamBinding(ctx, \"binding\", \u0026gkehub.MembershipIamBindingArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamBinding;\nimport com.pulumi.gcp.gkehub.MembershipIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MembershipIamBinding(\"binding\", MembershipIamBindingArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:MembershipIamBinding\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.MembershipIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.MembershipIamMember(\"member\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.MembershipIamMember(\"member\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.MembershipIamMember(\"member\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamMember(ctx, \"member\", \u0026gkehub.MembershipIamMemberArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamMember;\nimport com.pulumi.gcp.gkehub.MembershipIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MembershipIamMember(\"member\", MembershipIamMemberArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:MembershipIamMember\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for GKEHub Membership\nThree different resources help you manage your IAM policy for GKEHub Membership. Each of these resources serves a different use case:\n\n* `gcp.gkehub.MembershipIamPolicy`: Authoritative. Sets the IAM policy for the membership and replaces any existing policy already attached.\n* `gcp.gkehub.MembershipIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the membership are preserved.\n* `gcp.gkehub.MembershipIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the membership are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.MembershipIamPolicy`: Retrieves the IAM policy for the membership\n\n\u003e **Note:** `gcp.gkehub.MembershipIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.MembershipIamBinding` and `gcp.gkehub.MembershipIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.MembershipIamBinding` resources **can be** used in conjunction with `gcp.gkehub.MembershipIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.MembershipIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.MembershipIamPolicy(\"policy\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.MembershipIamPolicy(\"policy\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.MembershipIamPolicy(\"policy\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewMembershipIamPolicy(ctx, \"policy\", \u0026gkehub.MembershipIamPolicyArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicy;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MembershipIamPolicy(\"policy\", MembershipIamPolicyArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:MembershipIamPolicy\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.MembershipIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.MembershipIamBinding(\"binding\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.MembershipIamBinding(\"binding\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.MembershipIamBinding(\"binding\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamBinding(ctx, \"binding\", \u0026gkehub.MembershipIamBindingArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamBinding;\nimport com.pulumi.gcp.gkehub.MembershipIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MembershipIamBinding(\"binding\", MembershipIamBindingArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:MembershipIamBinding\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.MembershipIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.MembershipIamMember(\"member\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.MembershipIamMember(\"member\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.MembershipIamMember(\"member\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamMember(ctx, \"member\", \u0026gkehub.MembershipIamMemberArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamMember;\nimport com.pulumi.gcp.gkehub.MembershipIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MembershipIamMember(\"member\", MembershipIamMemberArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:MembershipIamMember\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}\n\n* {{project}}/{{location}}/{{membership_id}}\n\n* {{location}}/{{membership_id}}\n\n* {{membership_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub membership IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamBinding:MembershipIamBinding editor \"projects/{{project}}/locations/{{location}}/memberships/{{membership_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamBinding:MembershipIamBinding editor \"projects/{{project}}/locations/{{location}}/memberships/{{membership_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamBinding:MembershipIamBinding editor projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:gkehub/MembershipIamBindingCondition:MembershipIamBindingCondition" @@ -218030,7 +218030,7 @@ } }, "gcp:gkehub/membershipIamMember:MembershipIamMember": { - "description": "Three different resources help you manage your IAM policy for GKEHub Membership. Each of these resources serves a different use case:\n\n* `gcp.gkehub.MembershipIamPolicy`: Authoritative. Sets the IAM policy for the membership and replaces any existing policy already attached.\n* `gcp.gkehub.MembershipIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the membership are preserved.\n* `gcp.gkehub.MembershipIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the membership are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.MembershipIamPolicy`: Retrieves the IAM policy for the membership\n\n\u003e **Note:** `gcp.gkehub.MembershipIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.MembershipIamBinding` and `gcp.gkehub.MembershipIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.MembershipIamBinding` resources **can be** used in conjunction with `gcp.gkehub.MembershipIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.MembershipIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.MembershipIamPolicy(\"policy\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.MembershipIamPolicy(\"policy\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.MembershipIamPolicy(\"policy\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewMembershipIamPolicy(ctx, \"policy\", \u0026gkehub.MembershipIamPolicyArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicy;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MembershipIamPolicy(\"policy\", MembershipIamPolicyArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:MembershipIamPolicy\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.MembershipIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.MembershipIamBinding(\"binding\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.MembershipIamBinding(\"binding\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.MembershipIamBinding(\"binding\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamBinding(ctx, \"binding\", \u0026gkehub.MembershipIamBindingArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamBinding;\nimport com.pulumi.gcp.gkehub.MembershipIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MembershipIamBinding(\"binding\", MembershipIamBindingArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:MembershipIamBinding\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.MembershipIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.MembershipIamMember(\"member\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.MembershipIamMember(\"member\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.MembershipIamMember(\"member\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamMember(ctx, \"member\", \u0026gkehub.MembershipIamMemberArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamMember;\nimport com.pulumi.gcp.gkehub.MembershipIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MembershipIamMember(\"member\", MembershipIamMemberArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:MembershipIamMember\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for GKEHub Membership\nThree different resources help you manage your IAM policy for GKEHub Membership. Each of these resources serves a different use case:\n\n* `gcp.gkehub.MembershipIamPolicy`: Authoritative. Sets the IAM policy for the membership and replaces any existing policy already attached.\n* `gcp.gkehub.MembershipIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the membership are preserved.\n* `gcp.gkehub.MembershipIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the membership are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.MembershipIamPolicy`: Retrieves the IAM policy for the membership\n\n\u003e **Note:** `gcp.gkehub.MembershipIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.MembershipIamBinding` and `gcp.gkehub.MembershipIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.MembershipIamBinding` resources **can be** used in conjunction with `gcp.gkehub.MembershipIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.MembershipIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.MembershipIamPolicy(\"policy\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.MembershipIamPolicy(\"policy\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.MembershipIamPolicy(\"policy\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewMembershipIamPolicy(ctx, \"policy\", \u0026gkehub.MembershipIamPolicyArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicy;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MembershipIamPolicy(\"policy\", MembershipIamPolicyArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:MembershipIamPolicy\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.MembershipIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.MembershipIamBinding(\"binding\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.MembershipIamBinding(\"binding\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.MembershipIamBinding(\"binding\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamBinding(ctx, \"binding\", \u0026gkehub.MembershipIamBindingArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamBinding;\nimport com.pulumi.gcp.gkehub.MembershipIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MembershipIamBinding(\"binding\", MembershipIamBindingArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:MembershipIamBinding\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.MembershipIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.MembershipIamMember(\"member\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.MembershipIamMember(\"member\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.MembershipIamMember(\"member\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamMember(ctx, \"member\", \u0026gkehub.MembershipIamMemberArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamMember;\nimport com.pulumi.gcp.gkehub.MembershipIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MembershipIamMember(\"member\", MembershipIamMemberArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:MembershipIamMember\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}\n\n* {{project}}/{{location}}/{{membership_id}}\n\n* {{location}}/{{membership_id}}\n\n* {{membership_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub membership IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamMember:MembershipIamMember editor \"projects/{{project}}/locations/{{location}}/memberships/{{membership_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamMember:MembershipIamMember editor \"projects/{{project}}/locations/{{location}}/memberships/{{membership_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamMember:MembershipIamMember editor projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for GKEHub Membership. Each of these resources serves a different use case:\n\n* `gcp.gkehub.MembershipIamPolicy`: Authoritative. Sets the IAM policy for the membership and replaces any existing policy already attached.\n* `gcp.gkehub.MembershipIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the membership are preserved.\n* `gcp.gkehub.MembershipIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the membership are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.MembershipIamPolicy`: Retrieves the IAM policy for the membership\n\n\u003e **Note:** `gcp.gkehub.MembershipIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.MembershipIamBinding` and `gcp.gkehub.MembershipIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.MembershipIamBinding` resources **can be** used in conjunction with `gcp.gkehub.MembershipIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.MembershipIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.MembershipIamPolicy(\"policy\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.MembershipIamPolicy(\"policy\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.MembershipIamPolicy(\"policy\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewMembershipIamPolicy(ctx, \"policy\", \u0026gkehub.MembershipIamPolicyArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicy;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MembershipIamPolicy(\"policy\", MembershipIamPolicyArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:MembershipIamPolicy\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.MembershipIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.MembershipIamBinding(\"binding\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.MembershipIamBinding(\"binding\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.MembershipIamBinding(\"binding\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamBinding(ctx, \"binding\", \u0026gkehub.MembershipIamBindingArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamBinding;\nimport com.pulumi.gcp.gkehub.MembershipIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MembershipIamBinding(\"binding\", MembershipIamBindingArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:MembershipIamBinding\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.MembershipIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.MembershipIamMember(\"member\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.MembershipIamMember(\"member\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.MembershipIamMember(\"member\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamMember(ctx, \"member\", \u0026gkehub.MembershipIamMemberArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamMember;\nimport com.pulumi.gcp.gkehub.MembershipIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MembershipIamMember(\"member\", MembershipIamMemberArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:MembershipIamMember\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for GKEHub Membership\nThree different resources help you manage your IAM policy for GKEHub Membership. Each of these resources serves a different use case:\n\n* `gcp.gkehub.MembershipIamPolicy`: Authoritative. Sets the IAM policy for the membership and replaces any existing policy already attached.\n* `gcp.gkehub.MembershipIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the membership are preserved.\n* `gcp.gkehub.MembershipIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the membership are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.MembershipIamPolicy`: Retrieves the IAM policy for the membership\n\n\u003e **Note:** `gcp.gkehub.MembershipIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.MembershipIamBinding` and `gcp.gkehub.MembershipIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.MembershipIamBinding` resources **can be** used in conjunction with `gcp.gkehub.MembershipIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.MembershipIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.MembershipIamPolicy(\"policy\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.MembershipIamPolicy(\"policy\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.MembershipIamPolicy(\"policy\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewMembershipIamPolicy(ctx, \"policy\", \u0026gkehub.MembershipIamPolicyArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicy;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MembershipIamPolicy(\"policy\", MembershipIamPolicyArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:MembershipIamPolicy\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.MembershipIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.MembershipIamBinding(\"binding\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.MembershipIamBinding(\"binding\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.MembershipIamBinding(\"binding\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamBinding(ctx, \"binding\", \u0026gkehub.MembershipIamBindingArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamBinding;\nimport com.pulumi.gcp.gkehub.MembershipIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MembershipIamBinding(\"binding\", MembershipIamBindingArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:MembershipIamBinding\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.MembershipIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.MembershipIamMember(\"member\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.MembershipIamMember(\"member\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.MembershipIamMember(\"member\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamMember(ctx, \"member\", \u0026gkehub.MembershipIamMemberArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamMember;\nimport com.pulumi.gcp.gkehub.MembershipIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MembershipIamMember(\"member\", MembershipIamMemberArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:MembershipIamMember\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}\n\n* {{project}}/{{location}}/{{membership_id}}\n\n* {{location}}/{{membership_id}}\n\n* {{membership_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub membership IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamMember:MembershipIamMember editor \"projects/{{project}}/locations/{{location}}/memberships/{{membership_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamMember:MembershipIamMember editor \"projects/{{project}}/locations/{{location}}/memberships/{{membership_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamMember:MembershipIamMember editor projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:gkehub/MembershipIamMemberCondition:MembershipIamMemberCondition" @@ -218142,7 +218142,7 @@ } }, "gcp:gkehub/membershipIamPolicy:MembershipIamPolicy": { - "description": "Three different resources help you manage your IAM policy for GKEHub Membership. Each of these resources serves a different use case:\n\n* `gcp.gkehub.MembershipIamPolicy`: Authoritative. Sets the IAM policy for the membership and replaces any existing policy already attached.\n* `gcp.gkehub.MembershipIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the membership are preserved.\n* `gcp.gkehub.MembershipIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the membership are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.MembershipIamPolicy`: Retrieves the IAM policy for the membership\n\n\u003e **Note:** `gcp.gkehub.MembershipIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.MembershipIamBinding` and `gcp.gkehub.MembershipIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.MembershipIamBinding` resources **can be** used in conjunction with `gcp.gkehub.MembershipIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.MembershipIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.MembershipIamPolicy(\"policy\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.MembershipIamPolicy(\"policy\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.MembershipIamPolicy(\"policy\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewMembershipIamPolicy(ctx, \"policy\", \u0026gkehub.MembershipIamPolicyArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicy;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MembershipIamPolicy(\"policy\", MembershipIamPolicyArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:MembershipIamPolicy\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.MembershipIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.MembershipIamBinding(\"binding\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.MembershipIamBinding(\"binding\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.MembershipIamBinding(\"binding\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamBinding(ctx, \"binding\", \u0026gkehub.MembershipIamBindingArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamBinding;\nimport com.pulumi.gcp.gkehub.MembershipIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MembershipIamBinding(\"binding\", MembershipIamBindingArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:MembershipIamBinding\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.MembershipIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.MembershipIamMember(\"member\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.MembershipIamMember(\"member\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.MembershipIamMember(\"member\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamMember(ctx, \"member\", \u0026gkehub.MembershipIamMemberArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamMember;\nimport com.pulumi.gcp.gkehub.MembershipIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MembershipIamMember(\"member\", MembershipIamMemberArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:MembershipIamMember\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for GKEHub Membership\nThree different resources help you manage your IAM policy for GKEHub Membership. Each of these resources serves a different use case:\n\n* `gcp.gkehub.MembershipIamPolicy`: Authoritative. Sets the IAM policy for the membership and replaces any existing policy already attached.\n* `gcp.gkehub.MembershipIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the membership are preserved.\n* `gcp.gkehub.MembershipIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the membership are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.MembershipIamPolicy`: Retrieves the IAM policy for the membership\n\n\u003e **Note:** `gcp.gkehub.MembershipIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.MembershipIamBinding` and `gcp.gkehub.MembershipIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.MembershipIamBinding` resources **can be** used in conjunction with `gcp.gkehub.MembershipIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.MembershipIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.MembershipIamPolicy(\"policy\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.MembershipIamPolicy(\"policy\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.MembershipIamPolicy(\"policy\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewMembershipIamPolicy(ctx, \"policy\", \u0026gkehub.MembershipIamPolicyArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicy;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MembershipIamPolicy(\"policy\", MembershipIamPolicyArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:MembershipIamPolicy\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.MembershipIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.MembershipIamBinding(\"binding\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.MembershipIamBinding(\"binding\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.MembershipIamBinding(\"binding\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamBinding(ctx, \"binding\", \u0026gkehub.MembershipIamBindingArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamBinding;\nimport com.pulumi.gcp.gkehub.MembershipIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MembershipIamBinding(\"binding\", MembershipIamBindingArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:MembershipIamBinding\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.MembershipIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.MembershipIamMember(\"member\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.MembershipIamMember(\"member\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.MembershipIamMember(\"member\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamMember(ctx, \"member\", \u0026gkehub.MembershipIamMemberArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamMember;\nimport com.pulumi.gcp.gkehub.MembershipIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MembershipIamMember(\"member\", MembershipIamMemberArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:MembershipIamMember\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}\n\n* {{project}}/{{location}}/{{membership_id}}\n\n* {{location}}/{{membership_id}}\n\n* {{membership_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub membership IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamPolicy:MembershipIamPolicy editor \"projects/{{project}}/locations/{{location}}/memberships/{{membership_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamPolicy:MembershipIamPolicy editor \"projects/{{project}}/locations/{{location}}/memberships/{{membership_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamPolicy:MembershipIamPolicy editor projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for GKEHub Membership. Each of these resources serves a different use case:\n\n* `gcp.gkehub.MembershipIamPolicy`: Authoritative. Sets the IAM policy for the membership and replaces any existing policy already attached.\n* `gcp.gkehub.MembershipIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the membership are preserved.\n* `gcp.gkehub.MembershipIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the membership are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.MembershipIamPolicy`: Retrieves the IAM policy for the membership\n\n\u003e **Note:** `gcp.gkehub.MembershipIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.MembershipIamBinding` and `gcp.gkehub.MembershipIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.MembershipIamBinding` resources **can be** used in conjunction with `gcp.gkehub.MembershipIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.MembershipIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.MembershipIamPolicy(\"policy\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.MembershipIamPolicy(\"policy\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.MembershipIamPolicy(\"policy\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewMembershipIamPolicy(ctx, \"policy\", \u0026gkehub.MembershipIamPolicyArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicy;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MembershipIamPolicy(\"policy\", MembershipIamPolicyArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:MembershipIamPolicy\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.MembershipIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.MembershipIamBinding(\"binding\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.MembershipIamBinding(\"binding\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.MembershipIamBinding(\"binding\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamBinding(ctx, \"binding\", \u0026gkehub.MembershipIamBindingArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamBinding;\nimport com.pulumi.gcp.gkehub.MembershipIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MembershipIamBinding(\"binding\", MembershipIamBindingArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:MembershipIamBinding\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.MembershipIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.MembershipIamMember(\"member\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.MembershipIamMember(\"member\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.MembershipIamMember(\"member\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamMember(ctx, \"member\", \u0026gkehub.MembershipIamMemberArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamMember;\nimport com.pulumi.gcp.gkehub.MembershipIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MembershipIamMember(\"member\", MembershipIamMemberArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:MembershipIamMember\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for GKEHub Membership\nThree different resources help you manage your IAM policy for GKEHub Membership. Each of these resources serves a different use case:\n\n* `gcp.gkehub.MembershipIamPolicy`: Authoritative. Sets the IAM policy for the membership and replaces any existing policy already attached.\n* `gcp.gkehub.MembershipIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the membership are preserved.\n* `gcp.gkehub.MembershipIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the membership are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.MembershipIamPolicy`: Retrieves the IAM policy for the membership\n\n\u003e **Note:** `gcp.gkehub.MembershipIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.MembershipIamBinding` and `gcp.gkehub.MembershipIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.MembershipIamBinding` resources **can be** used in conjunction with `gcp.gkehub.MembershipIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.MembershipIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.MembershipIamPolicy(\"policy\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.MembershipIamPolicy(\"policy\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.MembershipIamPolicy(\"policy\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewMembershipIamPolicy(ctx, \"policy\", \u0026gkehub.MembershipIamPolicyArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicy;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MembershipIamPolicy(\"policy\", MembershipIamPolicyArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:MembershipIamPolicy\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.MembershipIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.MembershipIamBinding(\"binding\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.MembershipIamBinding(\"binding\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.MembershipIamBinding(\"binding\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamBinding(ctx, \"binding\", \u0026gkehub.MembershipIamBindingArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamBinding;\nimport com.pulumi.gcp.gkehub.MembershipIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MembershipIamBinding(\"binding\", MembershipIamBindingArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:MembershipIamBinding\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.MembershipIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.MembershipIamMember(\"member\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.MembershipIamMember(\"member\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.MembershipIamMember(\"member\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamMember(ctx, \"member\", \u0026gkehub.MembershipIamMemberArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamMember;\nimport com.pulumi.gcp.gkehub.MembershipIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MembershipIamMember(\"member\", MembershipIamMemberArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:MembershipIamMember\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}\n\n* {{project}}/{{location}}/{{membership_id}}\n\n* {{location}}/{{membership_id}}\n\n* {{membership_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub membership IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamPolicy:MembershipIamPolicy editor \"projects/{{project}}/locations/{{location}}/memberships/{{membership_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamPolicy:MembershipIamPolicy editor \"projects/{{project}}/locations/{{location}}/memberships/{{membership_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamPolicy:MembershipIamPolicy editor projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -218225,7 +218225,7 @@ } }, "gcp:gkehub/membershipRbacRoleBinding:MembershipRbacRoleBinding": { - "description": "## Example Usage\n\n### Gkehub Membership Rbac Role Binding Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst primary = new gcp.container.Cluster(\"primary\", {\n name: \"basic-cluster\",\n location: \"us-central1-a\",\n initialNodeCount: 1,\n deletionProtection: true,\n network: \"default\",\n subnetwork: \"default\",\n});\nconst membership = new gcp.gkehub.Membership(\"membership\", {\n membershipId: \"tf-test-membership_41819\",\n endpoint: {\n gkeCluster: {\n resourceLink: pulumi.interpolate`//container.googleapis.com/${primary.id}`,\n },\n },\n}, {\n dependsOn: [primary],\n});\nconst project = gcp.organizations.getProject({});\nconst membershipRbacRoleBinding = new gcp.gkehub.MembershipRbacRoleBinding(\"membership_rbac_role_binding\", {\n membershipRbacRoleBindingId: \"tf-test-membership-rbac-role-binding_75092\",\n membershipId: membership.membershipId,\n user: project.then(project =\u003e `service-${project.number}@gcp-sa-anthossupport.iam.gserviceaccount.com`),\n role: {\n predefinedRole: \"ANTHOS_SUPPORT\",\n },\n location: \"global\",\n}, {\n dependsOn: [membership],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprimary = gcp.container.Cluster(\"primary\",\n name=\"basic-cluster\",\n location=\"us-central1-a\",\n initial_node_count=1,\n deletion_protection=True,\n network=\"default\",\n subnetwork=\"default\")\nmembership = gcp.gkehub.Membership(\"membership\",\n membership_id=\"tf-test-membership_41819\",\n endpoint={\n \"gke_cluster\": {\n \"resource_link\": primary.id.apply(lambda id: f\"//container.googleapis.com/{id}\"),\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[primary]))\nproject = gcp.organizations.get_project()\nmembership_rbac_role_binding = gcp.gkehub.MembershipRbacRoleBinding(\"membership_rbac_role_binding\",\n membership_rbac_role_binding_id=\"tf-test-membership-rbac-role-binding_75092\",\n membership_id=membership.membership_id,\n user=f\"service-{project.number}@gcp-sa-anthossupport.iam.gserviceaccount.com\",\n role={\n \"predefined_role\": \"ANTHOS_SUPPORT\",\n },\n location=\"global\",\n opts = pulumi.ResourceOptions(depends_on=[membership]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Gcp.Container.Cluster(\"primary\", new()\n {\n Name = \"basic-cluster\",\n Location = \"us-central1-a\",\n InitialNodeCount = 1,\n DeletionProtection = true,\n Network = \"default\",\n Subnetwork = \"default\",\n });\n\n var membership = new Gcp.GkeHub.Membership(\"membership\", new()\n {\n MembershipId = \"tf-test-membership_41819\",\n Endpoint = new Gcp.GkeHub.Inputs.MembershipEndpointArgs\n {\n GkeCluster = new Gcp.GkeHub.Inputs.MembershipEndpointGkeClusterArgs\n {\n ResourceLink = primary.Id.Apply(id =\u003e $\"//container.googleapis.com/{id}\"),\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n primary,\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var membershipRbacRoleBinding = new Gcp.GkeHub.MembershipRbacRoleBinding(\"membership_rbac_role_binding\", new()\n {\n MembershipRbacRoleBindingId = \"tf-test-membership-rbac-role-binding_75092\",\n MembershipId = membership.MembershipId,\n User = $\"service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-anthossupport.iam.gserviceaccount.com\",\n Role = new Gcp.GkeHub.Inputs.MembershipRbacRoleBindingRoleArgs\n {\n PredefinedRole = \"ANTHOS_SUPPORT\",\n },\n Location = \"global\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n membership,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprimary, err := container.NewCluster(ctx, \"primary\", \u0026container.ClusterArgs{\n\t\t\tName: pulumi.String(\"basic-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1-a\"),\n\t\t\tInitialNodeCount: pulumi.Int(1),\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\tSubnetwork: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmembership, err := gkehub.NewMembership(ctx, \"membership\", \u0026gkehub.MembershipArgs{\n\t\t\tMembershipId: pulumi.String(\"tf-test-membership_41819\"),\n\t\t\tEndpoint: \u0026gkehub.MembershipEndpointArgs{\n\t\t\t\tGkeCluster: \u0026gkehub.MembershipEndpointGkeClusterArgs{\n\t\t\t\t\tResourceLink: primary.ID().ApplyT(func(id string) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"//container.googleapis.com/%v\", id), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tprimary,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewMembershipRbacRoleBinding(ctx, \"membership_rbac_role_binding\", \u0026gkehub.MembershipRbacRoleBindingArgs{\n\t\t\tMembershipRbacRoleBindingId: pulumi.String(\"tf-test-membership-rbac-role-binding_75092\"),\n\t\t\tMembershipId: membership.MembershipId,\n\t\t\tUser: pulumi.Sprintf(\"service-%v@gcp-sa-anthossupport.iam.gserviceaccount.com\", project.Number),\n\t\t\tRole: \u0026gkehub.MembershipRbacRoleBindingRoleArgs{\n\t\t\t\tPredefinedRole: pulumi.String(\"ANTHOS_SUPPORT\"),\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tmembership,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.Cluster;\nimport com.pulumi.gcp.container.ClusterArgs;\nimport com.pulumi.gcp.gkehub.Membership;\nimport com.pulumi.gcp.gkehub.MembershipArgs;\nimport com.pulumi.gcp.gkehub.inputs.MembershipEndpointArgs;\nimport com.pulumi.gcp.gkehub.inputs.MembershipEndpointGkeClusterArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.gkehub.MembershipRbacRoleBinding;\nimport com.pulumi.gcp.gkehub.MembershipRbacRoleBindingArgs;\nimport com.pulumi.gcp.gkehub.inputs.MembershipRbacRoleBindingRoleArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Cluster(\"primary\", ClusterArgs.builder()\n .name(\"basic-cluster\")\n .location(\"us-central1-a\")\n .initialNodeCount(1)\n .deletionProtection(true)\n .network(\"default\")\n .subnetwork(\"default\")\n .build());\n\n var membership = new Membership(\"membership\", MembershipArgs.builder()\n .membershipId(\"tf-test-membership_41819\")\n .endpoint(MembershipEndpointArgs.builder()\n .gkeCluster(MembershipEndpointGkeClusterArgs.builder()\n .resourceLink(primary.id().applyValue(id -\u003e String.format(\"//container.googleapis.com/%s\", id)))\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(primary)\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var membershipRbacRoleBinding = new MembershipRbacRoleBinding(\"membershipRbacRoleBinding\", MembershipRbacRoleBindingArgs.builder()\n .membershipRbacRoleBindingId(\"tf-test-membership-rbac-role-binding_75092\")\n .membershipId(membership.membershipId())\n .user(String.format(\"service-%s@gcp-sa-anthossupport.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .role(MembershipRbacRoleBindingRoleArgs.builder()\n .predefinedRole(\"ANTHOS_SUPPORT\")\n .build())\n .location(\"global\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(membership)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:Cluster\n properties:\n name: basic-cluster\n location: us-central1-a\n initialNodeCount: 1\n deletionProtection: true\n network: default\n subnetwork: default\n membership:\n type: gcp:gkehub:Membership\n properties:\n membershipId: tf-test-membership_41819\n endpoint:\n gkeCluster:\n resourceLink: //container.googleapis.com/${primary.id}\n options:\n dependson:\n - ${primary}\n membershipRbacRoleBinding:\n type: gcp:gkehub:MembershipRbacRoleBinding\n name: membership_rbac_role_binding\n properties:\n membershipRbacRoleBindingId: tf-test-membership-rbac-role-binding_75092\n membershipId: ${membership.membershipId}\n user: service-${project.number}@gcp-sa-anthossupport.iam.gserviceaccount.com\n role:\n predefinedRole: ANTHOS_SUPPORT\n location: global\n options:\n dependson:\n - ${membership}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nMembershipRBACRoleBinding can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}/rbacrolebindings/{{membership_rbac_role_binding_id}}`\n\n* `{{project}}/{{location}}/{{membership_id}}/{{membership_rbac_role_binding_id}}`\n\n* `{{location}}/{{membership_id}}/{{membership_rbac_role_binding_id}}`\n\nWhen using the `pulumi import` command, MembershipRBACRoleBinding can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:gkehub/membershipRbacRoleBinding:MembershipRbacRoleBinding default projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}/rbacrolebindings/{{membership_rbac_role_binding_id}}\n```\n\n```sh\n$ pulumi import gcp:gkehub/membershipRbacRoleBinding:MembershipRbacRoleBinding default {{project}}/{{location}}/{{membership_id}}/{{membership_rbac_role_binding_id}}\n```\n\n```sh\n$ pulumi import gcp:gkehub/membershipRbacRoleBinding:MembershipRbacRoleBinding default {{location}}/{{membership_id}}/{{membership_rbac_role_binding_id}}\n```\n\n", + "description": "## Example Usage\n\n### Gkehub Membership Rbac Role Binding Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst primary = new gcp.container.Cluster(\"primary\", {\n name: \"basic-cluster\",\n location: \"us-central1-a\",\n initialNodeCount: 1,\n deletionProtection: true,\n network: \"default\",\n subnetwork: \"default\",\n});\nconst membership = new gcp.gkehub.Membership(\"membership\", {\n membershipId: \"tf-test-membership_41819\",\n endpoint: {\n gkeCluster: {\n resourceLink: pulumi.interpolate`//container.googleapis.com/${primary.id}`,\n },\n },\n}, {\n dependsOn: [primary],\n});\nconst project = gcp.organizations.getProject({});\nconst membershipRbacRoleBinding = new gcp.gkehub.MembershipRbacRoleBinding(\"membership_rbac_role_binding\", {\n membershipRbacRoleBindingId: \"tf-test-membership-rbac-role-binding_75092\",\n membershipId: membership.membershipId,\n user: project.then(project =\u003e `service-${project.number}@gcp-sa-anthossupport.iam.gserviceaccount.com`),\n role: {\n predefinedRole: \"ANTHOS_SUPPORT\",\n },\n location: \"global\",\n}, {\n dependsOn: [membership],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprimary = gcp.container.Cluster(\"primary\",\n name=\"basic-cluster\",\n location=\"us-central1-a\",\n initial_node_count=1,\n deletion_protection=True,\n network=\"default\",\n subnetwork=\"default\")\nmembership = gcp.gkehub.Membership(\"membership\",\n membership_id=\"tf-test-membership_41819\",\n endpoint={\n \"gke_cluster\": {\n \"resource_link\": primary.id.apply(lambda id: f\"//container.googleapis.com/{id}\"),\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[primary]))\nproject = gcp.organizations.get_project()\nmembership_rbac_role_binding = gcp.gkehub.MembershipRbacRoleBinding(\"membership_rbac_role_binding\",\n membership_rbac_role_binding_id=\"tf-test-membership-rbac-role-binding_75092\",\n membership_id=membership.membership_id,\n user=f\"service-{project.number}@gcp-sa-anthossupport.iam.gserviceaccount.com\",\n role={\n \"predefined_role\": \"ANTHOS_SUPPORT\",\n },\n location=\"global\",\n opts = pulumi.ResourceOptions(depends_on=[membership]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Gcp.Container.Cluster(\"primary\", new()\n {\n Name = \"basic-cluster\",\n Location = \"us-central1-a\",\n InitialNodeCount = 1,\n DeletionProtection = true,\n Network = \"default\",\n Subnetwork = \"default\",\n });\n\n var membership = new Gcp.GkeHub.Membership(\"membership\", new()\n {\n MembershipId = \"tf-test-membership_41819\",\n Endpoint = new Gcp.GkeHub.Inputs.MembershipEndpointArgs\n {\n GkeCluster = new Gcp.GkeHub.Inputs.MembershipEndpointGkeClusterArgs\n {\n ResourceLink = primary.Id.Apply(id =\u003e $\"//container.googleapis.com/{id}\"),\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n primary,\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var membershipRbacRoleBinding = new Gcp.GkeHub.MembershipRbacRoleBinding(\"membership_rbac_role_binding\", new()\n {\n MembershipRbacRoleBindingId = \"tf-test-membership-rbac-role-binding_75092\",\n MembershipId = membership.MembershipId,\n User = $\"service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-anthossupport.iam.gserviceaccount.com\",\n Role = new Gcp.GkeHub.Inputs.MembershipRbacRoleBindingRoleArgs\n {\n PredefinedRole = \"ANTHOS_SUPPORT\",\n },\n Location = \"global\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n membership,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprimary, err := container.NewCluster(ctx, \"primary\", \u0026container.ClusterArgs{\n\t\t\tName: pulumi.String(\"basic-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1-a\"),\n\t\t\tInitialNodeCount: pulumi.Int(1),\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\tSubnetwork: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmembership, err := gkehub.NewMembership(ctx, \"membership\", \u0026gkehub.MembershipArgs{\n\t\t\tMembershipId: pulumi.String(\"tf-test-membership_41819\"),\n\t\t\tEndpoint: \u0026gkehub.MembershipEndpointArgs{\n\t\t\t\tGkeCluster: \u0026gkehub.MembershipEndpointGkeClusterArgs{\n\t\t\t\t\tResourceLink: primary.ID().ApplyT(func(id string) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"//container.googleapis.com/%v\", id), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tprimary,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewMembershipRbacRoleBinding(ctx, \"membership_rbac_role_binding\", \u0026gkehub.MembershipRbacRoleBindingArgs{\n\t\t\tMembershipRbacRoleBindingId: pulumi.String(\"tf-test-membership-rbac-role-binding_75092\"),\n\t\t\tMembershipId: membership.MembershipId,\n\t\t\tUser: pulumi.Sprintf(\"service-%v@gcp-sa-anthossupport.iam.gserviceaccount.com\", project.Number),\n\t\t\tRole: \u0026gkehub.MembershipRbacRoleBindingRoleArgs{\n\t\t\t\tPredefinedRole: pulumi.String(\"ANTHOS_SUPPORT\"),\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tmembership,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.Cluster;\nimport com.pulumi.gcp.container.ClusterArgs;\nimport com.pulumi.gcp.gkehub.Membership;\nimport com.pulumi.gcp.gkehub.MembershipArgs;\nimport com.pulumi.gcp.gkehub.inputs.MembershipEndpointArgs;\nimport com.pulumi.gcp.gkehub.inputs.MembershipEndpointGkeClusterArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.gkehub.MembershipRbacRoleBinding;\nimport com.pulumi.gcp.gkehub.MembershipRbacRoleBindingArgs;\nimport com.pulumi.gcp.gkehub.inputs.MembershipRbacRoleBindingRoleArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Cluster(\"primary\", ClusterArgs.builder()\n .name(\"basic-cluster\")\n .location(\"us-central1-a\")\n .initialNodeCount(1)\n .deletionProtection(true)\n .network(\"default\")\n .subnetwork(\"default\")\n .build());\n\n var membership = new Membership(\"membership\", MembershipArgs.builder()\n .membershipId(\"tf-test-membership_41819\")\n .endpoint(MembershipEndpointArgs.builder()\n .gkeCluster(MembershipEndpointGkeClusterArgs.builder()\n .resourceLink(primary.id().applyValue(id -\u003e String.format(\"//container.googleapis.com/%s\", id)))\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(primary)\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var membershipRbacRoleBinding = new MembershipRbacRoleBinding(\"membershipRbacRoleBinding\", MembershipRbacRoleBindingArgs.builder()\n .membershipRbacRoleBindingId(\"tf-test-membership-rbac-role-binding_75092\")\n .membershipId(membership.membershipId())\n .user(String.format(\"service-%s@gcp-sa-anthossupport.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .role(MembershipRbacRoleBindingRoleArgs.builder()\n .predefinedRole(\"ANTHOS_SUPPORT\")\n .build())\n .location(\"global\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(membership)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:container:Cluster\n properties:\n name: basic-cluster\n location: us-central1-a\n initialNodeCount: 1\n deletionProtection: true\n network: default\n subnetwork: default\n membership:\n type: gcp:gkehub:Membership\n properties:\n membershipId: tf-test-membership_41819\n endpoint:\n gkeCluster:\n resourceLink: //container.googleapis.com/${primary.id}\n options:\n dependsOn:\n - ${primary}\n membershipRbacRoleBinding:\n type: gcp:gkehub:MembershipRbacRoleBinding\n name: membership_rbac_role_binding\n properties:\n membershipRbacRoleBindingId: tf-test-membership-rbac-role-binding_75092\n membershipId: ${membership.membershipId}\n user: service-${project.number}@gcp-sa-anthossupport.iam.gserviceaccount.com\n role:\n predefinedRole: ANTHOS_SUPPORT\n location: global\n options:\n dependsOn:\n - ${membership}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nMembershipRBACRoleBinding can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}/rbacrolebindings/{{membership_rbac_role_binding_id}}`\n\n* `{{project}}/{{location}}/{{membership_id}}/{{membership_rbac_role_binding_id}}`\n\n* `{{location}}/{{membership_id}}/{{membership_rbac_role_binding_id}}`\n\nWhen using the `pulumi import` command, MembershipRBACRoleBinding can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:gkehub/membershipRbacRoleBinding:MembershipRbacRoleBinding default projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}/rbacrolebindings/{{membership_rbac_role_binding_id}}\n```\n\n```sh\n$ pulumi import gcp:gkehub/membershipRbacRoleBinding:MembershipRbacRoleBinding default {{project}}/{{location}}/{{membership_id}}/{{membership_rbac_role_binding_id}}\n```\n\n```sh\n$ pulumi import gcp:gkehub/membershipRbacRoleBinding:MembershipRbacRoleBinding default {{location}}/{{membership_id}}/{{membership_rbac_role_binding_id}}\n```\n\n", "properties": { "createTime": { "type": "string", @@ -218394,7 +218394,7 @@ } }, "gcp:gkehub/namespace:Namespace": { - "description": "Namespace represents a namespace across the Fleet.\n\n\nTo get more information about Namespace, see:\n\n* [API documentation](https://cloud.google.com/anthos/fleet-management/docs/reference/rest/v1/projects.locations.scopes.namespaces)\n* How-to Guides\n * [Registering a Cluster](https://cloud.google.com/anthos/multicluster-management/connect/registering-a-cluster#register_cluster)\n\n## Example Usage\n\n### Gkehub Namespace Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst scope = new gcp.gkehub.Scope(\"scope\", {scopeId: \"tf-test-scope_2605\"});\nconst namespace = new gcp.gkehub.Namespace(\"namespace\", {\n scopeNamespaceId: \"tf-test-namespace_34535\",\n scopeId: scope.scopeId,\n scope: scope.name,\n namespaceLabels: {\n keyb: \"valueb\",\n keya: \"valuea\",\n keyc: \"valuec\",\n },\n labels: {\n keyb: \"valueb\",\n keya: \"valuea\",\n keyc: \"valuec\",\n },\n}, {\n dependsOn: [scope],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nscope = gcp.gkehub.Scope(\"scope\", scope_id=\"tf-test-scope_2605\")\nnamespace = gcp.gkehub.Namespace(\"namespace\",\n scope_namespace_id=\"tf-test-namespace_34535\",\n scope_id=scope.scope_id,\n scope=scope.name,\n namespace_labels={\n \"keyb\": \"valueb\",\n \"keya\": \"valuea\",\n \"keyc\": \"valuec\",\n },\n labels={\n \"keyb\": \"valueb\",\n \"keya\": \"valuea\",\n \"keyc\": \"valuec\",\n },\n opts = pulumi.ResourceOptions(depends_on=[scope]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var scope = new Gcp.GkeHub.Scope(\"scope\", new()\n {\n ScopeId = \"tf-test-scope_2605\",\n });\n\n var @namespace = new Gcp.GkeHub.Namespace(\"namespace\", new()\n {\n ScopeNamespaceId = \"tf-test-namespace_34535\",\n ScopeId = scope.ScopeId,\n Scope = scope.Name,\n NamespaceLabels = \n {\n { \"keyb\", \"valueb\" },\n { \"keya\", \"valuea\" },\n { \"keyc\", \"valuec\" },\n },\n Labels = \n {\n { \"keyb\", \"valueb\" },\n { \"keya\", \"valuea\" },\n { \"keyc\", \"valuec\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n scope,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tscope, err := gkehub.NewScope(ctx, \"scope\", \u0026gkehub.ScopeArgs{\n\t\t\tScopeId: pulumi.String(\"tf-test-scope_2605\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewNamespace(ctx, \"namespace\", \u0026gkehub.NamespaceArgs{\n\t\t\tScopeNamespaceId: pulumi.String(\"tf-test-namespace_34535\"),\n\t\t\tScopeId: scope.ScopeId,\n\t\t\tScope: scope.Name,\n\t\t\tNamespaceLabels: pulumi.StringMap{\n\t\t\t\t\"keyb\": pulumi.String(\"valueb\"),\n\t\t\t\t\"keya\": pulumi.String(\"valuea\"),\n\t\t\t\t\"keyc\": pulumi.String(\"valuec\"),\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"keyb\": pulumi.String(\"valueb\"),\n\t\t\t\t\"keya\": pulumi.String(\"valuea\"),\n\t\t\t\t\"keyc\": pulumi.String(\"valuec\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tscope,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.Scope;\nimport com.pulumi.gcp.gkehub.ScopeArgs;\nimport com.pulumi.gcp.gkehub.Namespace;\nimport com.pulumi.gcp.gkehub.NamespaceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var scope = new Scope(\"scope\", ScopeArgs.builder()\n .scopeId(\"tf-test-scope_2605\")\n .build());\n\n var namespace = new Namespace(\"namespace\", NamespaceArgs.builder()\n .scopeNamespaceId(\"tf-test-namespace_34535\")\n .scopeId(scope.scopeId())\n .scope(scope.name())\n .namespaceLabels(Map.ofEntries(\n Map.entry(\"keyb\", \"valueb\"),\n Map.entry(\"keya\", \"valuea\"),\n Map.entry(\"keyc\", \"valuec\")\n ))\n .labels(Map.ofEntries(\n Map.entry(\"keyb\", \"valueb\"),\n Map.entry(\"keya\", \"valuea\"),\n Map.entry(\"keyc\", \"valuec\")\n ))\n .build(), CustomResourceOptions.builder()\n .dependsOn(scope)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n scope:\n type: gcp:gkehub:Scope\n properties:\n scopeId: tf-test-scope_2605\n namespace:\n type: gcp:gkehub:Namespace\n properties:\n scopeNamespaceId: tf-test-namespace_34535\n scopeId: ${scope.scopeId}\n scope: ${scope.name}\n namespaceLabels:\n keyb: valueb\n keya: valuea\n keyc: valuec\n labels:\n keyb: valueb\n keya: valuea\n keyc: valuec\n options:\n dependson:\n - ${scope}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nNamespace can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/global/scopes/{{scope_id}}/namespaces/{{scope_namespace_id}}`\n\n* `{{project}}/{{scope_id}}/{{scope_namespace_id}}`\n\n* `{{scope_id}}/{{scope_namespace_id}}`\n\nWhen using the `pulumi import` command, Namespace can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:gkehub/namespace:Namespace default projects/{{project}}/locations/global/scopes/{{scope_id}}/namespaces/{{scope_namespace_id}}\n```\n\n```sh\n$ pulumi import gcp:gkehub/namespace:Namespace default {{project}}/{{scope_id}}/{{scope_namespace_id}}\n```\n\n```sh\n$ pulumi import gcp:gkehub/namespace:Namespace default {{scope_id}}/{{scope_namespace_id}}\n```\n\n", + "description": "Namespace represents a namespace across the Fleet.\n\n\nTo get more information about Namespace, see:\n\n* [API documentation](https://cloud.google.com/anthos/fleet-management/docs/reference/rest/v1/projects.locations.scopes.namespaces)\n* How-to Guides\n * [Registering a Cluster](https://cloud.google.com/anthos/multicluster-management/connect/registering-a-cluster#register_cluster)\n\n## Example Usage\n\n### Gkehub Namespace Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst scope = new gcp.gkehub.Scope(\"scope\", {scopeId: \"tf-test-scope_2605\"});\nconst namespace = new gcp.gkehub.Namespace(\"namespace\", {\n scopeNamespaceId: \"tf-test-namespace_34535\",\n scopeId: scope.scopeId,\n scope: scope.name,\n namespaceLabels: {\n keyb: \"valueb\",\n keya: \"valuea\",\n keyc: \"valuec\",\n },\n labels: {\n keyb: \"valueb\",\n keya: \"valuea\",\n keyc: \"valuec\",\n },\n}, {\n dependsOn: [scope],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nscope = gcp.gkehub.Scope(\"scope\", scope_id=\"tf-test-scope_2605\")\nnamespace = gcp.gkehub.Namespace(\"namespace\",\n scope_namespace_id=\"tf-test-namespace_34535\",\n scope_id=scope.scope_id,\n scope=scope.name,\n namespace_labels={\n \"keyb\": \"valueb\",\n \"keya\": \"valuea\",\n \"keyc\": \"valuec\",\n },\n labels={\n \"keyb\": \"valueb\",\n \"keya\": \"valuea\",\n \"keyc\": \"valuec\",\n },\n opts = pulumi.ResourceOptions(depends_on=[scope]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var scope = new Gcp.GkeHub.Scope(\"scope\", new()\n {\n ScopeId = \"tf-test-scope_2605\",\n });\n\n var @namespace = new Gcp.GkeHub.Namespace(\"namespace\", new()\n {\n ScopeNamespaceId = \"tf-test-namespace_34535\",\n ScopeId = scope.ScopeId,\n Scope = scope.Name,\n NamespaceLabels = \n {\n { \"keyb\", \"valueb\" },\n { \"keya\", \"valuea\" },\n { \"keyc\", \"valuec\" },\n },\n Labels = \n {\n { \"keyb\", \"valueb\" },\n { \"keya\", \"valuea\" },\n { \"keyc\", \"valuec\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n scope,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tscope, err := gkehub.NewScope(ctx, \"scope\", \u0026gkehub.ScopeArgs{\n\t\t\tScopeId: pulumi.String(\"tf-test-scope_2605\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewNamespace(ctx, \"namespace\", \u0026gkehub.NamespaceArgs{\n\t\t\tScopeNamespaceId: pulumi.String(\"tf-test-namespace_34535\"),\n\t\t\tScopeId: scope.ScopeId,\n\t\t\tScope: scope.Name,\n\t\t\tNamespaceLabels: pulumi.StringMap{\n\t\t\t\t\"keyb\": pulumi.String(\"valueb\"),\n\t\t\t\t\"keya\": pulumi.String(\"valuea\"),\n\t\t\t\t\"keyc\": pulumi.String(\"valuec\"),\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"keyb\": pulumi.String(\"valueb\"),\n\t\t\t\t\"keya\": pulumi.String(\"valuea\"),\n\t\t\t\t\"keyc\": pulumi.String(\"valuec\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tscope,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.Scope;\nimport com.pulumi.gcp.gkehub.ScopeArgs;\nimport com.pulumi.gcp.gkehub.Namespace;\nimport com.pulumi.gcp.gkehub.NamespaceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var scope = new Scope(\"scope\", ScopeArgs.builder()\n .scopeId(\"tf-test-scope_2605\")\n .build());\n\n var namespace = new Namespace(\"namespace\", NamespaceArgs.builder()\n .scopeNamespaceId(\"tf-test-namespace_34535\")\n .scopeId(scope.scopeId())\n .scope(scope.name())\n .namespaceLabels(Map.ofEntries(\n Map.entry(\"keyb\", \"valueb\"),\n Map.entry(\"keya\", \"valuea\"),\n Map.entry(\"keyc\", \"valuec\")\n ))\n .labels(Map.ofEntries(\n Map.entry(\"keyb\", \"valueb\"),\n Map.entry(\"keya\", \"valuea\"),\n Map.entry(\"keyc\", \"valuec\")\n ))\n .build(), CustomResourceOptions.builder()\n .dependsOn(scope)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n scope:\n type: gcp:gkehub:Scope\n properties:\n scopeId: tf-test-scope_2605\n namespace:\n type: gcp:gkehub:Namespace\n properties:\n scopeNamespaceId: tf-test-namespace_34535\n scopeId: ${scope.scopeId}\n scope: ${scope.name}\n namespaceLabels:\n keyb: valueb\n keya: valuea\n keyc: valuec\n labels:\n keyb: valueb\n keya: valuea\n keyc: valuec\n options:\n dependsOn:\n - ${scope}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nNamespace can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/global/scopes/{{scope_id}}/namespaces/{{scope_namespace_id}}`\n\n* `{{project}}/{{scope_id}}/{{scope_namespace_id}}`\n\n* `{{scope_id}}/{{scope_namespace_id}}`\n\nWhen using the `pulumi import` command, Namespace can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:gkehub/namespace:Namespace default projects/{{project}}/locations/global/scopes/{{scope_id}}/namespaces/{{scope_namespace_id}}\n```\n\n```sh\n$ pulumi import gcp:gkehub/namespace:Namespace default {{project}}/{{scope_id}}/{{scope_namespace_id}}\n```\n\n```sh\n$ pulumi import gcp:gkehub/namespace:Namespace default {{scope_id}}/{{scope_namespace_id}}\n```\n\n", "properties": { "createTime": { "type": "string", @@ -218794,7 +218794,7 @@ } }, "gcp:gkehub/scopeIamBinding:ScopeIamBinding": { - "description": "Three different resources help you manage your IAM policy for GKEHub Scope. Each of these resources serves a different use case:\n\n* `gcp.gkehub.ScopeIamPolicy`: Authoritative. Sets the IAM policy for the scope and replaces any existing policy already attached.\n* `gcp.gkehub.ScopeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the scope are preserved.\n* `gcp.gkehub.ScopeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the scope are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.ScopeIamPolicy`: Retrieves the IAM policy for the scope\n\n\u003e **Note:** `gcp.gkehub.ScopeIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.ScopeIamBinding` and `gcp.gkehub.ScopeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.ScopeIamBinding` resources **can be** used in conjunction with `gcp.gkehub.ScopeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.ScopeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.ScopeIamPolicy(\"policy\", {\n project: scope.project,\n scopeId: scope.scopeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.ScopeIamPolicy(\"policy\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.ScopeIamPolicy(\"policy\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewScopeIamPolicy(ctx, \"policy\", \u0026gkehub.ScopeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicy;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ScopeIamPolicy(\"policy\", ScopeIamPolicyArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:ScopeIamPolicy\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.ScopeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.ScopeIamBinding(\"binding\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.ScopeIamBinding(\"binding\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.ScopeIamBinding(\"binding\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamBinding(ctx, \"binding\", \u0026gkehub.ScopeIamBindingArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamBinding;\nimport com.pulumi.gcp.gkehub.ScopeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ScopeIamBinding(\"binding\", ScopeIamBindingArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:ScopeIamBinding\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.ScopeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.ScopeIamMember(\"member\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.ScopeIamMember(\"member\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.ScopeIamMember(\"member\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamMember(ctx, \"member\", \u0026gkehub.ScopeIamMemberArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamMember;\nimport com.pulumi.gcp.gkehub.ScopeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ScopeIamMember(\"member\", ScopeIamMemberArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:ScopeIamMember\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for GKEHub Scope\nThree different resources help you manage your IAM policy for GKEHub Scope. Each of these resources serves a different use case:\n\n* `gcp.gkehub.ScopeIamPolicy`: Authoritative. Sets the IAM policy for the scope and replaces any existing policy already attached.\n* `gcp.gkehub.ScopeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the scope are preserved.\n* `gcp.gkehub.ScopeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the scope are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.ScopeIamPolicy`: Retrieves the IAM policy for the scope\n\n\u003e **Note:** `gcp.gkehub.ScopeIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.ScopeIamBinding` and `gcp.gkehub.ScopeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.ScopeIamBinding` resources **can be** used in conjunction with `gcp.gkehub.ScopeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.ScopeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.ScopeIamPolicy(\"policy\", {\n project: scope.project,\n scopeId: scope.scopeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.ScopeIamPolicy(\"policy\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.ScopeIamPolicy(\"policy\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewScopeIamPolicy(ctx, \"policy\", \u0026gkehub.ScopeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicy;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ScopeIamPolicy(\"policy\", ScopeIamPolicyArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:ScopeIamPolicy\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.ScopeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.ScopeIamBinding(\"binding\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.ScopeIamBinding(\"binding\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.ScopeIamBinding(\"binding\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamBinding(ctx, \"binding\", \u0026gkehub.ScopeIamBindingArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamBinding;\nimport com.pulumi.gcp.gkehub.ScopeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ScopeIamBinding(\"binding\", ScopeIamBindingArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:ScopeIamBinding\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.ScopeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.ScopeIamMember(\"member\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.ScopeIamMember(\"member\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.ScopeIamMember(\"member\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamMember(ctx, \"member\", \u0026gkehub.ScopeIamMemberArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamMember;\nimport com.pulumi.gcp.gkehub.ScopeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ScopeIamMember(\"member\", ScopeIamMemberArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:ScopeIamMember\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/scopes/{{scope_id}}\n\n* {{project}}/{{scope_id}}\n\n* {{scope_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub scope IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamBinding:ScopeIamBinding editor \"projects/{{project}}/locations/global/scopes/{{scope_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamBinding:ScopeIamBinding editor \"projects/{{project}}/locations/global/scopes/{{scope_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamBinding:ScopeIamBinding editor projects/{{project}}/locations/global/scopes/{{scope_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for GKEHub Scope. Each of these resources serves a different use case:\n\n* `gcp.gkehub.ScopeIamPolicy`: Authoritative. Sets the IAM policy for the scope and replaces any existing policy already attached.\n* `gcp.gkehub.ScopeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the scope are preserved.\n* `gcp.gkehub.ScopeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the scope are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.ScopeIamPolicy`: Retrieves the IAM policy for the scope\n\n\u003e **Note:** `gcp.gkehub.ScopeIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.ScopeIamBinding` and `gcp.gkehub.ScopeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.ScopeIamBinding` resources **can be** used in conjunction with `gcp.gkehub.ScopeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.ScopeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.ScopeIamPolicy(\"policy\", {\n project: scope.project,\n scopeId: scope.scopeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.ScopeIamPolicy(\"policy\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.ScopeIamPolicy(\"policy\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewScopeIamPolicy(ctx, \"policy\", \u0026gkehub.ScopeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicy;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ScopeIamPolicy(\"policy\", ScopeIamPolicyArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:ScopeIamPolicy\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.ScopeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.ScopeIamBinding(\"binding\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.ScopeIamBinding(\"binding\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.ScopeIamBinding(\"binding\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamBinding(ctx, \"binding\", \u0026gkehub.ScopeIamBindingArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamBinding;\nimport com.pulumi.gcp.gkehub.ScopeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ScopeIamBinding(\"binding\", ScopeIamBindingArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:ScopeIamBinding\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.ScopeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.ScopeIamMember(\"member\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.ScopeIamMember(\"member\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.ScopeIamMember(\"member\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamMember(ctx, \"member\", \u0026gkehub.ScopeIamMemberArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamMember;\nimport com.pulumi.gcp.gkehub.ScopeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ScopeIamMember(\"member\", ScopeIamMemberArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:ScopeIamMember\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for GKEHub Scope\nThree different resources help you manage your IAM policy for GKEHub Scope. Each of these resources serves a different use case:\n\n* `gcp.gkehub.ScopeIamPolicy`: Authoritative. Sets the IAM policy for the scope and replaces any existing policy already attached.\n* `gcp.gkehub.ScopeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the scope are preserved.\n* `gcp.gkehub.ScopeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the scope are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.ScopeIamPolicy`: Retrieves the IAM policy for the scope\n\n\u003e **Note:** `gcp.gkehub.ScopeIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.ScopeIamBinding` and `gcp.gkehub.ScopeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.ScopeIamBinding` resources **can be** used in conjunction with `gcp.gkehub.ScopeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.ScopeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.ScopeIamPolicy(\"policy\", {\n project: scope.project,\n scopeId: scope.scopeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.ScopeIamPolicy(\"policy\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.ScopeIamPolicy(\"policy\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewScopeIamPolicy(ctx, \"policy\", \u0026gkehub.ScopeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicy;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ScopeIamPolicy(\"policy\", ScopeIamPolicyArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:ScopeIamPolicy\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.ScopeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.ScopeIamBinding(\"binding\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.ScopeIamBinding(\"binding\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.ScopeIamBinding(\"binding\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamBinding(ctx, \"binding\", \u0026gkehub.ScopeIamBindingArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamBinding;\nimport com.pulumi.gcp.gkehub.ScopeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ScopeIamBinding(\"binding\", ScopeIamBindingArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:ScopeIamBinding\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.ScopeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.ScopeIamMember(\"member\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.ScopeIamMember(\"member\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.ScopeIamMember(\"member\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamMember(ctx, \"member\", \u0026gkehub.ScopeIamMemberArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamMember;\nimport com.pulumi.gcp.gkehub.ScopeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ScopeIamMember(\"member\", ScopeIamMemberArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:ScopeIamMember\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/scopes/{{scope_id}}\n\n* {{project}}/{{scope_id}}\n\n* {{scope_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub scope IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamBinding:ScopeIamBinding editor \"projects/{{project}}/locations/global/scopes/{{scope_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamBinding:ScopeIamBinding editor \"projects/{{project}}/locations/global/scopes/{{scope_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamBinding:ScopeIamBinding editor projects/{{project}}/locations/global/scopes/{{scope_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:gkehub/ScopeIamBindingCondition:ScopeIamBindingCondition" @@ -218898,7 +218898,7 @@ } }, "gcp:gkehub/scopeIamMember:ScopeIamMember": { - "description": "Three different resources help you manage your IAM policy for GKEHub Scope. Each of these resources serves a different use case:\n\n* `gcp.gkehub.ScopeIamPolicy`: Authoritative. Sets the IAM policy for the scope and replaces any existing policy already attached.\n* `gcp.gkehub.ScopeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the scope are preserved.\n* `gcp.gkehub.ScopeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the scope are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.ScopeIamPolicy`: Retrieves the IAM policy for the scope\n\n\u003e **Note:** `gcp.gkehub.ScopeIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.ScopeIamBinding` and `gcp.gkehub.ScopeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.ScopeIamBinding` resources **can be** used in conjunction with `gcp.gkehub.ScopeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.ScopeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.ScopeIamPolicy(\"policy\", {\n project: scope.project,\n scopeId: scope.scopeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.ScopeIamPolicy(\"policy\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.ScopeIamPolicy(\"policy\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewScopeIamPolicy(ctx, \"policy\", \u0026gkehub.ScopeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicy;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ScopeIamPolicy(\"policy\", ScopeIamPolicyArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:ScopeIamPolicy\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.ScopeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.ScopeIamBinding(\"binding\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.ScopeIamBinding(\"binding\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.ScopeIamBinding(\"binding\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamBinding(ctx, \"binding\", \u0026gkehub.ScopeIamBindingArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamBinding;\nimport com.pulumi.gcp.gkehub.ScopeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ScopeIamBinding(\"binding\", ScopeIamBindingArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:ScopeIamBinding\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.ScopeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.ScopeIamMember(\"member\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.ScopeIamMember(\"member\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.ScopeIamMember(\"member\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamMember(ctx, \"member\", \u0026gkehub.ScopeIamMemberArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamMember;\nimport com.pulumi.gcp.gkehub.ScopeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ScopeIamMember(\"member\", ScopeIamMemberArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:ScopeIamMember\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for GKEHub Scope\nThree different resources help you manage your IAM policy for GKEHub Scope. Each of these resources serves a different use case:\n\n* `gcp.gkehub.ScopeIamPolicy`: Authoritative. Sets the IAM policy for the scope and replaces any existing policy already attached.\n* `gcp.gkehub.ScopeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the scope are preserved.\n* `gcp.gkehub.ScopeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the scope are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.ScopeIamPolicy`: Retrieves the IAM policy for the scope\n\n\u003e **Note:** `gcp.gkehub.ScopeIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.ScopeIamBinding` and `gcp.gkehub.ScopeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.ScopeIamBinding` resources **can be** used in conjunction with `gcp.gkehub.ScopeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.ScopeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.ScopeIamPolicy(\"policy\", {\n project: scope.project,\n scopeId: scope.scopeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.ScopeIamPolicy(\"policy\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.ScopeIamPolicy(\"policy\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewScopeIamPolicy(ctx, \"policy\", \u0026gkehub.ScopeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicy;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ScopeIamPolicy(\"policy\", ScopeIamPolicyArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:ScopeIamPolicy\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.ScopeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.ScopeIamBinding(\"binding\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.ScopeIamBinding(\"binding\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.ScopeIamBinding(\"binding\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamBinding(ctx, \"binding\", \u0026gkehub.ScopeIamBindingArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamBinding;\nimport com.pulumi.gcp.gkehub.ScopeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ScopeIamBinding(\"binding\", ScopeIamBindingArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:ScopeIamBinding\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.ScopeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.ScopeIamMember(\"member\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.ScopeIamMember(\"member\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.ScopeIamMember(\"member\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamMember(ctx, \"member\", \u0026gkehub.ScopeIamMemberArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamMember;\nimport com.pulumi.gcp.gkehub.ScopeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ScopeIamMember(\"member\", ScopeIamMemberArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:ScopeIamMember\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/scopes/{{scope_id}}\n\n* {{project}}/{{scope_id}}\n\n* {{scope_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub scope IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamMember:ScopeIamMember editor \"projects/{{project}}/locations/global/scopes/{{scope_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamMember:ScopeIamMember editor \"projects/{{project}}/locations/global/scopes/{{scope_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamMember:ScopeIamMember editor projects/{{project}}/locations/global/scopes/{{scope_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for GKEHub Scope. Each of these resources serves a different use case:\n\n* `gcp.gkehub.ScopeIamPolicy`: Authoritative. Sets the IAM policy for the scope and replaces any existing policy already attached.\n* `gcp.gkehub.ScopeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the scope are preserved.\n* `gcp.gkehub.ScopeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the scope are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.ScopeIamPolicy`: Retrieves the IAM policy for the scope\n\n\u003e **Note:** `gcp.gkehub.ScopeIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.ScopeIamBinding` and `gcp.gkehub.ScopeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.ScopeIamBinding` resources **can be** used in conjunction with `gcp.gkehub.ScopeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.ScopeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.ScopeIamPolicy(\"policy\", {\n project: scope.project,\n scopeId: scope.scopeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.ScopeIamPolicy(\"policy\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.ScopeIamPolicy(\"policy\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewScopeIamPolicy(ctx, \"policy\", \u0026gkehub.ScopeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicy;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ScopeIamPolicy(\"policy\", ScopeIamPolicyArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:ScopeIamPolicy\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.ScopeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.ScopeIamBinding(\"binding\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.ScopeIamBinding(\"binding\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.ScopeIamBinding(\"binding\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamBinding(ctx, \"binding\", \u0026gkehub.ScopeIamBindingArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamBinding;\nimport com.pulumi.gcp.gkehub.ScopeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ScopeIamBinding(\"binding\", ScopeIamBindingArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:ScopeIamBinding\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.ScopeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.ScopeIamMember(\"member\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.ScopeIamMember(\"member\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.ScopeIamMember(\"member\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamMember(ctx, \"member\", \u0026gkehub.ScopeIamMemberArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamMember;\nimport com.pulumi.gcp.gkehub.ScopeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ScopeIamMember(\"member\", ScopeIamMemberArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:ScopeIamMember\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for GKEHub Scope\nThree different resources help you manage your IAM policy for GKEHub Scope. Each of these resources serves a different use case:\n\n* `gcp.gkehub.ScopeIamPolicy`: Authoritative. Sets the IAM policy for the scope and replaces any existing policy already attached.\n* `gcp.gkehub.ScopeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the scope are preserved.\n* `gcp.gkehub.ScopeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the scope are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.ScopeIamPolicy`: Retrieves the IAM policy for the scope\n\n\u003e **Note:** `gcp.gkehub.ScopeIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.ScopeIamBinding` and `gcp.gkehub.ScopeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.ScopeIamBinding` resources **can be** used in conjunction with `gcp.gkehub.ScopeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.ScopeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.ScopeIamPolicy(\"policy\", {\n project: scope.project,\n scopeId: scope.scopeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.ScopeIamPolicy(\"policy\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.ScopeIamPolicy(\"policy\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewScopeIamPolicy(ctx, \"policy\", \u0026gkehub.ScopeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicy;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ScopeIamPolicy(\"policy\", ScopeIamPolicyArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:ScopeIamPolicy\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.ScopeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.ScopeIamBinding(\"binding\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.ScopeIamBinding(\"binding\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.ScopeIamBinding(\"binding\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamBinding(ctx, \"binding\", \u0026gkehub.ScopeIamBindingArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamBinding;\nimport com.pulumi.gcp.gkehub.ScopeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ScopeIamBinding(\"binding\", ScopeIamBindingArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:ScopeIamBinding\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.ScopeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.ScopeIamMember(\"member\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.ScopeIamMember(\"member\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.ScopeIamMember(\"member\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamMember(ctx, \"member\", \u0026gkehub.ScopeIamMemberArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamMember;\nimport com.pulumi.gcp.gkehub.ScopeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ScopeIamMember(\"member\", ScopeIamMemberArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:ScopeIamMember\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/scopes/{{scope_id}}\n\n* {{project}}/{{scope_id}}\n\n* {{scope_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub scope IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamMember:ScopeIamMember editor \"projects/{{project}}/locations/global/scopes/{{scope_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamMember:ScopeIamMember editor \"projects/{{project}}/locations/global/scopes/{{scope_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamMember:ScopeIamMember editor projects/{{project}}/locations/global/scopes/{{scope_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:gkehub/ScopeIamMemberCondition:ScopeIamMemberCondition" @@ -218995,7 +218995,7 @@ } }, "gcp:gkehub/scopeIamPolicy:ScopeIamPolicy": { - "description": "Three different resources help you manage your IAM policy for GKEHub Scope. Each of these resources serves a different use case:\n\n* `gcp.gkehub.ScopeIamPolicy`: Authoritative. Sets the IAM policy for the scope and replaces any existing policy already attached.\n* `gcp.gkehub.ScopeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the scope are preserved.\n* `gcp.gkehub.ScopeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the scope are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.ScopeIamPolicy`: Retrieves the IAM policy for the scope\n\n\u003e **Note:** `gcp.gkehub.ScopeIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.ScopeIamBinding` and `gcp.gkehub.ScopeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.ScopeIamBinding` resources **can be** used in conjunction with `gcp.gkehub.ScopeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.ScopeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.ScopeIamPolicy(\"policy\", {\n project: scope.project,\n scopeId: scope.scopeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.ScopeIamPolicy(\"policy\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.ScopeIamPolicy(\"policy\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewScopeIamPolicy(ctx, \"policy\", \u0026gkehub.ScopeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicy;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ScopeIamPolicy(\"policy\", ScopeIamPolicyArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:ScopeIamPolicy\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.ScopeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.ScopeIamBinding(\"binding\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.ScopeIamBinding(\"binding\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.ScopeIamBinding(\"binding\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamBinding(ctx, \"binding\", \u0026gkehub.ScopeIamBindingArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamBinding;\nimport com.pulumi.gcp.gkehub.ScopeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ScopeIamBinding(\"binding\", ScopeIamBindingArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:ScopeIamBinding\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.ScopeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.ScopeIamMember(\"member\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.ScopeIamMember(\"member\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.ScopeIamMember(\"member\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamMember(ctx, \"member\", \u0026gkehub.ScopeIamMemberArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamMember;\nimport com.pulumi.gcp.gkehub.ScopeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ScopeIamMember(\"member\", ScopeIamMemberArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:ScopeIamMember\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for GKEHub Scope\nThree different resources help you manage your IAM policy for GKEHub Scope. Each of these resources serves a different use case:\n\n* `gcp.gkehub.ScopeIamPolicy`: Authoritative. Sets the IAM policy for the scope and replaces any existing policy already attached.\n* `gcp.gkehub.ScopeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the scope are preserved.\n* `gcp.gkehub.ScopeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the scope are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.ScopeIamPolicy`: Retrieves the IAM policy for the scope\n\n\u003e **Note:** `gcp.gkehub.ScopeIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.ScopeIamBinding` and `gcp.gkehub.ScopeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.ScopeIamBinding` resources **can be** used in conjunction with `gcp.gkehub.ScopeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.ScopeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.ScopeIamPolicy(\"policy\", {\n project: scope.project,\n scopeId: scope.scopeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.ScopeIamPolicy(\"policy\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.ScopeIamPolicy(\"policy\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewScopeIamPolicy(ctx, \"policy\", \u0026gkehub.ScopeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicy;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ScopeIamPolicy(\"policy\", ScopeIamPolicyArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:ScopeIamPolicy\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.ScopeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.ScopeIamBinding(\"binding\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.ScopeIamBinding(\"binding\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.ScopeIamBinding(\"binding\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamBinding(ctx, \"binding\", \u0026gkehub.ScopeIamBindingArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamBinding;\nimport com.pulumi.gcp.gkehub.ScopeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ScopeIamBinding(\"binding\", ScopeIamBindingArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:ScopeIamBinding\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.ScopeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.ScopeIamMember(\"member\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.ScopeIamMember(\"member\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.ScopeIamMember(\"member\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamMember(ctx, \"member\", \u0026gkehub.ScopeIamMemberArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamMember;\nimport com.pulumi.gcp.gkehub.ScopeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ScopeIamMember(\"member\", ScopeIamMemberArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:ScopeIamMember\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/scopes/{{scope_id}}\n\n* {{project}}/{{scope_id}}\n\n* {{scope_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub scope IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamPolicy:ScopeIamPolicy editor \"projects/{{project}}/locations/global/scopes/{{scope_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamPolicy:ScopeIamPolicy editor \"projects/{{project}}/locations/global/scopes/{{scope_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamPolicy:ScopeIamPolicy editor projects/{{project}}/locations/global/scopes/{{scope_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for GKEHub Scope. Each of these resources serves a different use case:\n\n* `gcp.gkehub.ScopeIamPolicy`: Authoritative. Sets the IAM policy for the scope and replaces any existing policy already attached.\n* `gcp.gkehub.ScopeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the scope are preserved.\n* `gcp.gkehub.ScopeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the scope are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.ScopeIamPolicy`: Retrieves the IAM policy for the scope\n\n\u003e **Note:** `gcp.gkehub.ScopeIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.ScopeIamBinding` and `gcp.gkehub.ScopeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.ScopeIamBinding` resources **can be** used in conjunction with `gcp.gkehub.ScopeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.ScopeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.ScopeIamPolicy(\"policy\", {\n project: scope.project,\n scopeId: scope.scopeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.ScopeIamPolicy(\"policy\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.ScopeIamPolicy(\"policy\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewScopeIamPolicy(ctx, \"policy\", \u0026gkehub.ScopeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicy;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ScopeIamPolicy(\"policy\", ScopeIamPolicyArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:ScopeIamPolicy\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.ScopeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.ScopeIamBinding(\"binding\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.ScopeIamBinding(\"binding\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.ScopeIamBinding(\"binding\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamBinding(ctx, \"binding\", \u0026gkehub.ScopeIamBindingArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamBinding;\nimport com.pulumi.gcp.gkehub.ScopeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ScopeIamBinding(\"binding\", ScopeIamBindingArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:ScopeIamBinding\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.ScopeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.ScopeIamMember(\"member\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.ScopeIamMember(\"member\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.ScopeIamMember(\"member\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamMember(ctx, \"member\", \u0026gkehub.ScopeIamMemberArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamMember;\nimport com.pulumi.gcp.gkehub.ScopeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ScopeIamMember(\"member\", ScopeIamMemberArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:ScopeIamMember\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for GKEHub Scope\nThree different resources help you manage your IAM policy for GKEHub Scope. Each of these resources serves a different use case:\n\n* `gcp.gkehub.ScopeIamPolicy`: Authoritative. Sets the IAM policy for the scope and replaces any existing policy already attached.\n* `gcp.gkehub.ScopeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the scope are preserved.\n* `gcp.gkehub.ScopeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the scope are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.ScopeIamPolicy`: Retrieves the IAM policy for the scope\n\n\u003e **Note:** `gcp.gkehub.ScopeIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.ScopeIamBinding` and `gcp.gkehub.ScopeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.ScopeIamBinding` resources **can be** used in conjunction with `gcp.gkehub.ScopeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.gkehub.ScopeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.ScopeIamPolicy(\"policy\", {\n project: scope.project,\n scopeId: scope.scopeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.gkehub.ScopeIamPolicy(\"policy\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.ScopeIamPolicy(\"policy\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewScopeIamPolicy(ctx, \"policy\", \u0026gkehub.ScopeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicy;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ScopeIamPolicy(\"policy\", ScopeIamPolicyArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:ScopeIamPolicy\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.ScopeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.ScopeIamBinding(\"binding\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.ScopeIamBinding(\"binding\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.ScopeIamBinding(\"binding\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamBinding(ctx, \"binding\", \u0026gkehub.ScopeIamBindingArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamBinding;\nimport com.pulumi.gcp.gkehub.ScopeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ScopeIamBinding(\"binding\", ScopeIamBindingArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:ScopeIamBinding\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.gkehub.ScopeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.ScopeIamMember(\"member\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.ScopeIamMember(\"member\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.ScopeIamMember(\"member\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamMember(ctx, \"member\", \u0026gkehub.ScopeIamMemberArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamMember;\nimport com.pulumi.gcp.gkehub.ScopeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ScopeIamMember(\"member\", ScopeIamMemberArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:ScopeIamMember\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/scopes/{{scope_id}}\n\n* {{project}}/{{scope_id}}\n\n* {{scope_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub scope IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamPolicy:ScopeIamPolicy editor \"projects/{{project}}/locations/global/scopes/{{scope_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamPolicy:ScopeIamPolicy editor \"projects/{{project}}/locations/global/scopes/{{scope_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamPolicy:ScopeIamPolicy editor projects/{{project}}/locations/global/scopes/{{scope_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -219063,7 +219063,7 @@ } }, "gcp:gkehub/scopeRbacRoleBinding:ScopeRbacRoleBinding": { - "description": "RBACRoleBinding represents a rbacrolebinding across the Fleet.\n\n\nTo get more information about ScopeRBACRoleBinding, see:\n\n* [API documentation](https://cloud.google.com/anthos/fleet-management/docs/reference/rest/v1/projects.locations.scopes.rbacrolebindings)\n* How-to Guides\n * [Registering a Cluster](https://cloud.google.com/anthos/multicluster-management/connect/registering-a-cluster#register_cluster)\n\n## Example Usage\n\n### Gkehub Scope Rbac Role Binding Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst scope = new gcp.gkehub.Scope(\"scope\", {scopeId: \"tf-test-scope_22375\"});\nconst scopeRbacRoleBinding = new gcp.gkehub.ScopeRbacRoleBinding(\"scope_rbac_role_binding\", {\n scopeRbacRoleBindingId: \"tf-test-scope-rbac-role-binding_29439\",\n scopeId: scope.scopeId,\n user: \"test-email@gmail.com\",\n role: {\n predefinedRole: \"ADMIN\",\n },\n labels: {\n key: \"value\",\n },\n}, {\n dependsOn: [scope],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nscope = gcp.gkehub.Scope(\"scope\", scope_id=\"tf-test-scope_22375\")\nscope_rbac_role_binding = gcp.gkehub.ScopeRbacRoleBinding(\"scope_rbac_role_binding\",\n scope_rbac_role_binding_id=\"tf-test-scope-rbac-role-binding_29439\",\n scope_id=scope.scope_id,\n user=\"test-email@gmail.com\",\n role={\n \"predefined_role\": \"ADMIN\",\n },\n labels={\n \"key\": \"value\",\n },\n opts = pulumi.ResourceOptions(depends_on=[scope]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var scope = new Gcp.GkeHub.Scope(\"scope\", new()\n {\n ScopeId = \"tf-test-scope_22375\",\n });\n\n var scopeRbacRoleBinding = new Gcp.GkeHub.ScopeRbacRoleBinding(\"scope_rbac_role_binding\", new()\n {\n ScopeRbacRoleBindingId = \"tf-test-scope-rbac-role-binding_29439\",\n ScopeId = scope.ScopeId,\n User = \"test-email@gmail.com\",\n Role = new Gcp.GkeHub.Inputs.ScopeRbacRoleBindingRoleArgs\n {\n PredefinedRole = \"ADMIN\",\n },\n Labels = \n {\n { \"key\", \"value\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n scope,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tscope, err := gkehub.NewScope(ctx, \"scope\", \u0026gkehub.ScopeArgs{\n\t\t\tScopeId: pulumi.String(\"tf-test-scope_22375\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewScopeRbacRoleBinding(ctx, \"scope_rbac_role_binding\", \u0026gkehub.ScopeRbacRoleBindingArgs{\n\t\t\tScopeRbacRoleBindingId: pulumi.String(\"tf-test-scope-rbac-role-binding_29439\"),\n\t\t\tScopeId: scope.ScopeId,\n\t\t\tUser: pulumi.String(\"test-email@gmail.com\"),\n\t\t\tRole: \u0026gkehub.ScopeRbacRoleBindingRoleArgs{\n\t\t\t\tPredefinedRole: pulumi.String(\"ADMIN\"),\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tscope,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.Scope;\nimport com.pulumi.gcp.gkehub.ScopeArgs;\nimport com.pulumi.gcp.gkehub.ScopeRbacRoleBinding;\nimport com.pulumi.gcp.gkehub.ScopeRbacRoleBindingArgs;\nimport com.pulumi.gcp.gkehub.inputs.ScopeRbacRoleBindingRoleArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var scope = new Scope(\"scope\", ScopeArgs.builder()\n .scopeId(\"tf-test-scope_22375\")\n .build());\n\n var scopeRbacRoleBinding = new ScopeRbacRoleBinding(\"scopeRbacRoleBinding\", ScopeRbacRoleBindingArgs.builder()\n .scopeRbacRoleBindingId(\"tf-test-scope-rbac-role-binding_29439\")\n .scopeId(scope.scopeId())\n .user(\"test-email@gmail.com\")\n .role(ScopeRbacRoleBindingRoleArgs.builder()\n .predefinedRole(\"ADMIN\")\n .build())\n .labels(Map.of(\"key\", \"value\"))\n .build(), CustomResourceOptions.builder()\n .dependsOn(scope)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n scope:\n type: gcp:gkehub:Scope\n properties:\n scopeId: tf-test-scope_22375\n scopeRbacRoleBinding:\n type: gcp:gkehub:ScopeRbacRoleBinding\n name: scope_rbac_role_binding\n properties:\n scopeRbacRoleBindingId: tf-test-scope-rbac-role-binding_29439\n scopeId: ${scope.scopeId}\n user: test-email@gmail.com\n role:\n predefinedRole: ADMIN\n labels:\n key: value\n options:\n dependson:\n - ${scope}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nScopeRBACRoleBinding can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/global/scopes/{{scope_id}}/rbacrolebindings/{{scope_rbac_role_binding_id}}`\n\n* `{{project}}/{{scope_id}}/{{scope_rbac_role_binding_id}}`\n\n* `{{scope_id}}/{{scope_rbac_role_binding_id}}`\n\nWhen using the `pulumi import` command, ScopeRBACRoleBinding can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:gkehub/scopeRbacRoleBinding:ScopeRbacRoleBinding default projects/{{project}}/locations/global/scopes/{{scope_id}}/rbacrolebindings/{{scope_rbac_role_binding_id}}\n```\n\n```sh\n$ pulumi import gcp:gkehub/scopeRbacRoleBinding:ScopeRbacRoleBinding default {{project}}/{{scope_id}}/{{scope_rbac_role_binding_id}}\n```\n\n```sh\n$ pulumi import gcp:gkehub/scopeRbacRoleBinding:ScopeRbacRoleBinding default {{scope_id}}/{{scope_rbac_role_binding_id}}\n```\n\n", + "description": "RBACRoleBinding represents a rbacrolebinding across the Fleet.\n\n\nTo get more information about ScopeRBACRoleBinding, see:\n\n* [API documentation](https://cloud.google.com/anthos/fleet-management/docs/reference/rest/v1/projects.locations.scopes.rbacrolebindings)\n* How-to Guides\n * [Registering a Cluster](https://cloud.google.com/anthos/multicluster-management/connect/registering-a-cluster#register_cluster)\n\n## Example Usage\n\n### Gkehub Scope Rbac Role Binding Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst scope = new gcp.gkehub.Scope(\"scope\", {scopeId: \"tf-test-scope_22375\"});\nconst scopeRbacRoleBinding = new gcp.gkehub.ScopeRbacRoleBinding(\"scope_rbac_role_binding\", {\n scopeRbacRoleBindingId: \"tf-test-scope-rbac-role-binding_29439\",\n scopeId: scope.scopeId,\n user: \"test-email@gmail.com\",\n role: {\n predefinedRole: \"ADMIN\",\n },\n labels: {\n key: \"value\",\n },\n}, {\n dependsOn: [scope],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nscope = gcp.gkehub.Scope(\"scope\", scope_id=\"tf-test-scope_22375\")\nscope_rbac_role_binding = gcp.gkehub.ScopeRbacRoleBinding(\"scope_rbac_role_binding\",\n scope_rbac_role_binding_id=\"tf-test-scope-rbac-role-binding_29439\",\n scope_id=scope.scope_id,\n user=\"test-email@gmail.com\",\n role={\n \"predefined_role\": \"ADMIN\",\n },\n labels={\n \"key\": \"value\",\n },\n opts = pulumi.ResourceOptions(depends_on=[scope]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var scope = new Gcp.GkeHub.Scope(\"scope\", new()\n {\n ScopeId = \"tf-test-scope_22375\",\n });\n\n var scopeRbacRoleBinding = new Gcp.GkeHub.ScopeRbacRoleBinding(\"scope_rbac_role_binding\", new()\n {\n ScopeRbacRoleBindingId = \"tf-test-scope-rbac-role-binding_29439\",\n ScopeId = scope.ScopeId,\n User = \"test-email@gmail.com\",\n Role = new Gcp.GkeHub.Inputs.ScopeRbacRoleBindingRoleArgs\n {\n PredefinedRole = \"ADMIN\",\n },\n Labels = \n {\n { \"key\", \"value\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n scope,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tscope, err := gkehub.NewScope(ctx, \"scope\", \u0026gkehub.ScopeArgs{\n\t\t\tScopeId: pulumi.String(\"tf-test-scope_22375\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewScopeRbacRoleBinding(ctx, \"scope_rbac_role_binding\", \u0026gkehub.ScopeRbacRoleBindingArgs{\n\t\t\tScopeRbacRoleBindingId: pulumi.String(\"tf-test-scope-rbac-role-binding_29439\"),\n\t\t\tScopeId: scope.ScopeId,\n\t\t\tUser: pulumi.String(\"test-email@gmail.com\"),\n\t\t\tRole: \u0026gkehub.ScopeRbacRoleBindingRoleArgs{\n\t\t\t\tPredefinedRole: pulumi.String(\"ADMIN\"),\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tscope,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.Scope;\nimport com.pulumi.gcp.gkehub.ScopeArgs;\nimport com.pulumi.gcp.gkehub.ScopeRbacRoleBinding;\nimport com.pulumi.gcp.gkehub.ScopeRbacRoleBindingArgs;\nimport com.pulumi.gcp.gkehub.inputs.ScopeRbacRoleBindingRoleArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var scope = new Scope(\"scope\", ScopeArgs.builder()\n .scopeId(\"tf-test-scope_22375\")\n .build());\n\n var scopeRbacRoleBinding = new ScopeRbacRoleBinding(\"scopeRbacRoleBinding\", ScopeRbacRoleBindingArgs.builder()\n .scopeRbacRoleBindingId(\"tf-test-scope-rbac-role-binding_29439\")\n .scopeId(scope.scopeId())\n .user(\"test-email@gmail.com\")\n .role(ScopeRbacRoleBindingRoleArgs.builder()\n .predefinedRole(\"ADMIN\")\n .build())\n .labels(Map.of(\"key\", \"value\"))\n .build(), CustomResourceOptions.builder()\n .dependsOn(scope)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n scope:\n type: gcp:gkehub:Scope\n properties:\n scopeId: tf-test-scope_22375\n scopeRbacRoleBinding:\n type: gcp:gkehub:ScopeRbacRoleBinding\n name: scope_rbac_role_binding\n properties:\n scopeRbacRoleBindingId: tf-test-scope-rbac-role-binding_29439\n scopeId: ${scope.scopeId}\n user: test-email@gmail.com\n role:\n predefinedRole: ADMIN\n labels:\n key: value\n options:\n dependsOn:\n - ${scope}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nScopeRBACRoleBinding can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/global/scopes/{{scope_id}}/rbacrolebindings/{{scope_rbac_role_binding_id}}`\n\n* `{{project}}/{{scope_id}}/{{scope_rbac_role_binding_id}}`\n\n* `{{scope_id}}/{{scope_rbac_role_binding_id}}`\n\nWhen using the `pulumi import` command, ScopeRBACRoleBinding can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:gkehub/scopeRbacRoleBinding:ScopeRbacRoleBinding default projects/{{project}}/locations/global/scopes/{{scope_id}}/rbacrolebindings/{{scope_rbac_role_binding_id}}\n```\n\n```sh\n$ pulumi import gcp:gkehub/scopeRbacRoleBinding:ScopeRbacRoleBinding default {{project}}/{{scope_id}}/{{scope_rbac_role_binding_id}}\n```\n\n```sh\n$ pulumi import gcp:gkehub/scopeRbacRoleBinding:ScopeRbacRoleBinding default {{scope_id}}/{{scope_rbac_role_binding_id}}\n```\n\n", "properties": { "createTime": { "type": "string", @@ -221069,7 +221069,7 @@ } }, "gcp:healthcare/consentStoreIamBinding:ConsentStoreIamBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud Healthcare ConsentStore. Each of these resources serves a different use case:\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Authoritative. Sets the IAM policy for the consentstore and replaces any existing policy already attached.\n* `gcp.healthcare.ConsentStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the consentstore are preserved.\n* `gcp.healthcare.ConsentStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the consentstore are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Retrieves the IAM policy for the consentstore\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.ConsentStoreIamBinding` and `gcp.healthcare.ConsentStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.ConsentStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.healthcare.ConsentStoreIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.healthcare.ConsentStoreIamPolicy(\"policy\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.healthcare.ConsentStoreIamPolicy(\"policy\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Healthcare.ConsentStoreIamPolicy(\"policy\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewConsentStoreIamPolicy(ctx, \"policy\", \u0026healthcare.ConsentStoreIamPolicyArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConsentStoreIamPolicy(\"policy\", ConsentStoreIamPolicyArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:healthcare:ConsentStoreIamPolicy\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.ConsentStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.healthcare.ConsentStoreIamBinding(\"binding\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.healthcare.ConsentStoreIamBinding(\"binding\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Healthcare.ConsentStoreIamBinding(\"binding\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamBinding(ctx, \"binding\", \u0026healthcare.ConsentStoreIamBindingArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBinding;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConsentStoreIamBinding(\"binding\", ConsentStoreIamBindingArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:healthcare:ConsentStoreIamBinding\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.ConsentStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.healthcare.ConsentStoreIamMember(\"member\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.healthcare.ConsentStoreIamMember(\"member\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Healthcare.ConsentStoreIamMember(\"member\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamMember(ctx, \"member\", \u0026healthcare.ConsentStoreIamMemberArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMember;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConsentStoreIamMember(\"member\", ConsentStoreIamMemberArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:healthcare:ConsentStoreIamMember\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Cloud Healthcare ConsentStore\nThree different resources help you manage your IAM policy for Cloud Healthcare ConsentStore. Each of these resources serves a different use case:\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Authoritative. Sets the IAM policy for the consentstore and replaces any existing policy already attached.\n* `gcp.healthcare.ConsentStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the consentstore are preserved.\n* `gcp.healthcare.ConsentStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the consentstore are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Retrieves the IAM policy for the consentstore\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.ConsentStoreIamBinding` and `gcp.healthcare.ConsentStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.ConsentStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.healthcare.ConsentStoreIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.healthcare.ConsentStoreIamPolicy(\"policy\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.healthcare.ConsentStoreIamPolicy(\"policy\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Healthcare.ConsentStoreIamPolicy(\"policy\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewConsentStoreIamPolicy(ctx, \"policy\", \u0026healthcare.ConsentStoreIamPolicyArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConsentStoreIamPolicy(\"policy\", ConsentStoreIamPolicyArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:healthcare:ConsentStoreIamPolicy\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.ConsentStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.healthcare.ConsentStoreIamBinding(\"binding\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.healthcare.ConsentStoreIamBinding(\"binding\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Healthcare.ConsentStoreIamBinding(\"binding\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamBinding(ctx, \"binding\", \u0026healthcare.ConsentStoreIamBindingArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBinding;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConsentStoreIamBinding(\"binding\", ConsentStoreIamBindingArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:healthcare:ConsentStoreIamBinding\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.ConsentStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.healthcare.ConsentStoreIamMember(\"member\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.healthcare.ConsentStoreIamMember(\"member\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Healthcare.ConsentStoreIamMember(\"member\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamMember(ctx, \"member\", \u0026healthcare.ConsentStoreIamMemberArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMember;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConsentStoreIamMember(\"member\", ConsentStoreIamMemberArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:healthcare:ConsentStoreIamMember\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{dataset}}/consentStores/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Healthcare consentstore IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamBinding:ConsentStoreIamBinding editor \"{{dataset}}/consentStores/{{consent_store}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamBinding:ConsentStoreIamBinding editor \"{{dataset}}/consentStores/{{consent_store}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamBinding:ConsentStoreIamBinding editor {{dataset}}/consentStores/{{consent_store}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Healthcare ConsentStore. Each of these resources serves a different use case:\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Authoritative. Sets the IAM policy for the consentstore and replaces any existing policy already attached.\n* `gcp.healthcare.ConsentStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the consentstore are preserved.\n* `gcp.healthcare.ConsentStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the consentstore are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Retrieves the IAM policy for the consentstore\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.ConsentStoreIamBinding` and `gcp.healthcare.ConsentStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.ConsentStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.healthcare.ConsentStoreIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.healthcare.ConsentStoreIamPolicy(\"policy\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.healthcare.ConsentStoreIamPolicy(\"policy\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Healthcare.ConsentStoreIamPolicy(\"policy\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewConsentStoreIamPolicy(ctx, \"policy\", \u0026healthcare.ConsentStoreIamPolicyArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConsentStoreIamPolicy(\"policy\", ConsentStoreIamPolicyArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:healthcare:ConsentStoreIamPolicy\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.ConsentStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.healthcare.ConsentStoreIamBinding(\"binding\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.healthcare.ConsentStoreIamBinding(\"binding\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Healthcare.ConsentStoreIamBinding(\"binding\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamBinding(ctx, \"binding\", \u0026healthcare.ConsentStoreIamBindingArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBinding;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConsentStoreIamBinding(\"binding\", ConsentStoreIamBindingArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:healthcare:ConsentStoreIamBinding\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.ConsentStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.healthcare.ConsentStoreIamMember(\"member\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.healthcare.ConsentStoreIamMember(\"member\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Healthcare.ConsentStoreIamMember(\"member\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamMember(ctx, \"member\", \u0026healthcare.ConsentStoreIamMemberArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMember;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConsentStoreIamMember(\"member\", ConsentStoreIamMemberArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:healthcare:ConsentStoreIamMember\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Cloud Healthcare ConsentStore\nThree different resources help you manage your IAM policy for Cloud Healthcare ConsentStore. Each of these resources serves a different use case:\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Authoritative. Sets the IAM policy for the consentstore and replaces any existing policy already attached.\n* `gcp.healthcare.ConsentStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the consentstore are preserved.\n* `gcp.healthcare.ConsentStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the consentstore are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Retrieves the IAM policy for the consentstore\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.ConsentStoreIamBinding` and `gcp.healthcare.ConsentStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.ConsentStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.healthcare.ConsentStoreIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.healthcare.ConsentStoreIamPolicy(\"policy\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.healthcare.ConsentStoreIamPolicy(\"policy\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Healthcare.ConsentStoreIamPolicy(\"policy\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewConsentStoreIamPolicy(ctx, \"policy\", \u0026healthcare.ConsentStoreIamPolicyArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConsentStoreIamPolicy(\"policy\", ConsentStoreIamPolicyArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:healthcare:ConsentStoreIamPolicy\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.ConsentStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.healthcare.ConsentStoreIamBinding(\"binding\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.healthcare.ConsentStoreIamBinding(\"binding\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Healthcare.ConsentStoreIamBinding(\"binding\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamBinding(ctx, \"binding\", \u0026healthcare.ConsentStoreIamBindingArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBinding;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConsentStoreIamBinding(\"binding\", ConsentStoreIamBindingArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:healthcare:ConsentStoreIamBinding\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.ConsentStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.healthcare.ConsentStoreIamMember(\"member\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.healthcare.ConsentStoreIamMember(\"member\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Healthcare.ConsentStoreIamMember(\"member\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamMember(ctx, \"member\", \u0026healthcare.ConsentStoreIamMemberArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMember;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConsentStoreIamMember(\"member\", ConsentStoreIamMemberArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:healthcare:ConsentStoreIamMember\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{dataset}}/consentStores/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Healthcare consentstore IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamBinding:ConsentStoreIamBinding editor \"{{dataset}}/consentStores/{{consent_store}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamBinding:ConsentStoreIamBinding editor \"{{dataset}}/consentStores/{{consent_store}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamBinding:ConsentStoreIamBinding editor {{dataset}}/consentStores/{{consent_store}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:healthcare/ConsentStoreIamBindingCondition:ConsentStoreIamBindingCondition" @@ -221177,7 +221177,7 @@ } }, "gcp:healthcare/consentStoreIamMember:ConsentStoreIamMember": { - "description": "Three different resources help you manage your IAM policy for Cloud Healthcare ConsentStore. Each of these resources serves a different use case:\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Authoritative. Sets the IAM policy for the consentstore and replaces any existing policy already attached.\n* `gcp.healthcare.ConsentStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the consentstore are preserved.\n* `gcp.healthcare.ConsentStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the consentstore are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Retrieves the IAM policy for the consentstore\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.ConsentStoreIamBinding` and `gcp.healthcare.ConsentStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.ConsentStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.healthcare.ConsentStoreIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.healthcare.ConsentStoreIamPolicy(\"policy\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.healthcare.ConsentStoreIamPolicy(\"policy\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Healthcare.ConsentStoreIamPolicy(\"policy\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewConsentStoreIamPolicy(ctx, \"policy\", \u0026healthcare.ConsentStoreIamPolicyArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConsentStoreIamPolicy(\"policy\", ConsentStoreIamPolicyArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:healthcare:ConsentStoreIamPolicy\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.ConsentStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.healthcare.ConsentStoreIamBinding(\"binding\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.healthcare.ConsentStoreIamBinding(\"binding\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Healthcare.ConsentStoreIamBinding(\"binding\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamBinding(ctx, \"binding\", \u0026healthcare.ConsentStoreIamBindingArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBinding;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConsentStoreIamBinding(\"binding\", ConsentStoreIamBindingArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:healthcare:ConsentStoreIamBinding\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.ConsentStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.healthcare.ConsentStoreIamMember(\"member\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.healthcare.ConsentStoreIamMember(\"member\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Healthcare.ConsentStoreIamMember(\"member\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamMember(ctx, \"member\", \u0026healthcare.ConsentStoreIamMemberArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMember;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConsentStoreIamMember(\"member\", ConsentStoreIamMemberArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:healthcare:ConsentStoreIamMember\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Cloud Healthcare ConsentStore\nThree different resources help you manage your IAM policy for Cloud Healthcare ConsentStore. Each of these resources serves a different use case:\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Authoritative. Sets the IAM policy for the consentstore and replaces any existing policy already attached.\n* `gcp.healthcare.ConsentStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the consentstore are preserved.\n* `gcp.healthcare.ConsentStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the consentstore are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Retrieves the IAM policy for the consentstore\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.ConsentStoreIamBinding` and `gcp.healthcare.ConsentStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.ConsentStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.healthcare.ConsentStoreIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.healthcare.ConsentStoreIamPolicy(\"policy\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.healthcare.ConsentStoreIamPolicy(\"policy\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Healthcare.ConsentStoreIamPolicy(\"policy\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewConsentStoreIamPolicy(ctx, \"policy\", \u0026healthcare.ConsentStoreIamPolicyArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConsentStoreIamPolicy(\"policy\", ConsentStoreIamPolicyArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:healthcare:ConsentStoreIamPolicy\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.ConsentStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.healthcare.ConsentStoreIamBinding(\"binding\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.healthcare.ConsentStoreIamBinding(\"binding\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Healthcare.ConsentStoreIamBinding(\"binding\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamBinding(ctx, \"binding\", \u0026healthcare.ConsentStoreIamBindingArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBinding;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConsentStoreIamBinding(\"binding\", ConsentStoreIamBindingArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:healthcare:ConsentStoreIamBinding\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.ConsentStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.healthcare.ConsentStoreIamMember(\"member\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.healthcare.ConsentStoreIamMember(\"member\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Healthcare.ConsentStoreIamMember(\"member\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamMember(ctx, \"member\", \u0026healthcare.ConsentStoreIamMemberArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMember;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConsentStoreIamMember(\"member\", ConsentStoreIamMemberArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:healthcare:ConsentStoreIamMember\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{dataset}}/consentStores/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Healthcare consentstore IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamMember:ConsentStoreIamMember editor \"{{dataset}}/consentStores/{{consent_store}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamMember:ConsentStoreIamMember editor \"{{dataset}}/consentStores/{{consent_store}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamMember:ConsentStoreIamMember editor {{dataset}}/consentStores/{{consent_store}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Healthcare ConsentStore. Each of these resources serves a different use case:\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Authoritative. Sets the IAM policy for the consentstore and replaces any existing policy already attached.\n* `gcp.healthcare.ConsentStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the consentstore are preserved.\n* `gcp.healthcare.ConsentStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the consentstore are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Retrieves the IAM policy for the consentstore\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.ConsentStoreIamBinding` and `gcp.healthcare.ConsentStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.ConsentStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.healthcare.ConsentStoreIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.healthcare.ConsentStoreIamPolicy(\"policy\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.healthcare.ConsentStoreIamPolicy(\"policy\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Healthcare.ConsentStoreIamPolicy(\"policy\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewConsentStoreIamPolicy(ctx, \"policy\", \u0026healthcare.ConsentStoreIamPolicyArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConsentStoreIamPolicy(\"policy\", ConsentStoreIamPolicyArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:healthcare:ConsentStoreIamPolicy\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.ConsentStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.healthcare.ConsentStoreIamBinding(\"binding\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.healthcare.ConsentStoreIamBinding(\"binding\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Healthcare.ConsentStoreIamBinding(\"binding\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamBinding(ctx, \"binding\", \u0026healthcare.ConsentStoreIamBindingArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBinding;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConsentStoreIamBinding(\"binding\", ConsentStoreIamBindingArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:healthcare:ConsentStoreIamBinding\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.ConsentStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.healthcare.ConsentStoreIamMember(\"member\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.healthcare.ConsentStoreIamMember(\"member\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Healthcare.ConsentStoreIamMember(\"member\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamMember(ctx, \"member\", \u0026healthcare.ConsentStoreIamMemberArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMember;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConsentStoreIamMember(\"member\", ConsentStoreIamMemberArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:healthcare:ConsentStoreIamMember\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Cloud Healthcare ConsentStore\nThree different resources help you manage your IAM policy for Cloud Healthcare ConsentStore. Each of these resources serves a different use case:\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Authoritative. Sets the IAM policy for the consentstore and replaces any existing policy already attached.\n* `gcp.healthcare.ConsentStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the consentstore are preserved.\n* `gcp.healthcare.ConsentStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the consentstore are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Retrieves the IAM policy for the consentstore\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.ConsentStoreIamBinding` and `gcp.healthcare.ConsentStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.ConsentStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.healthcare.ConsentStoreIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.healthcare.ConsentStoreIamPolicy(\"policy\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.healthcare.ConsentStoreIamPolicy(\"policy\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Healthcare.ConsentStoreIamPolicy(\"policy\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewConsentStoreIamPolicy(ctx, \"policy\", \u0026healthcare.ConsentStoreIamPolicyArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConsentStoreIamPolicy(\"policy\", ConsentStoreIamPolicyArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:healthcare:ConsentStoreIamPolicy\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.ConsentStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.healthcare.ConsentStoreIamBinding(\"binding\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.healthcare.ConsentStoreIamBinding(\"binding\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Healthcare.ConsentStoreIamBinding(\"binding\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamBinding(ctx, \"binding\", \u0026healthcare.ConsentStoreIamBindingArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBinding;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConsentStoreIamBinding(\"binding\", ConsentStoreIamBindingArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:healthcare:ConsentStoreIamBinding\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.ConsentStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.healthcare.ConsentStoreIamMember(\"member\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.healthcare.ConsentStoreIamMember(\"member\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Healthcare.ConsentStoreIamMember(\"member\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamMember(ctx, \"member\", \u0026healthcare.ConsentStoreIamMemberArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMember;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConsentStoreIamMember(\"member\", ConsentStoreIamMemberArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:healthcare:ConsentStoreIamMember\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{dataset}}/consentStores/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Healthcare consentstore IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamMember:ConsentStoreIamMember editor \"{{dataset}}/consentStores/{{consent_store}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamMember:ConsentStoreIamMember editor \"{{dataset}}/consentStores/{{consent_store}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamMember:ConsentStoreIamMember editor {{dataset}}/consentStores/{{consent_store}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:healthcare/ConsentStoreIamMemberCondition:ConsentStoreIamMemberCondition" @@ -221278,7 +221278,7 @@ } }, "gcp:healthcare/consentStoreIamPolicy:ConsentStoreIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud Healthcare ConsentStore. Each of these resources serves a different use case:\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Authoritative. Sets the IAM policy for the consentstore and replaces any existing policy already attached.\n* `gcp.healthcare.ConsentStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the consentstore are preserved.\n* `gcp.healthcare.ConsentStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the consentstore are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Retrieves the IAM policy for the consentstore\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.ConsentStoreIamBinding` and `gcp.healthcare.ConsentStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.ConsentStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.healthcare.ConsentStoreIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.healthcare.ConsentStoreIamPolicy(\"policy\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.healthcare.ConsentStoreIamPolicy(\"policy\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Healthcare.ConsentStoreIamPolicy(\"policy\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewConsentStoreIamPolicy(ctx, \"policy\", \u0026healthcare.ConsentStoreIamPolicyArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConsentStoreIamPolicy(\"policy\", ConsentStoreIamPolicyArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:healthcare:ConsentStoreIamPolicy\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.ConsentStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.healthcare.ConsentStoreIamBinding(\"binding\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.healthcare.ConsentStoreIamBinding(\"binding\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Healthcare.ConsentStoreIamBinding(\"binding\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamBinding(ctx, \"binding\", \u0026healthcare.ConsentStoreIamBindingArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBinding;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConsentStoreIamBinding(\"binding\", ConsentStoreIamBindingArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:healthcare:ConsentStoreIamBinding\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.ConsentStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.healthcare.ConsentStoreIamMember(\"member\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.healthcare.ConsentStoreIamMember(\"member\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Healthcare.ConsentStoreIamMember(\"member\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamMember(ctx, \"member\", \u0026healthcare.ConsentStoreIamMemberArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMember;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConsentStoreIamMember(\"member\", ConsentStoreIamMemberArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:healthcare:ConsentStoreIamMember\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Cloud Healthcare ConsentStore\nThree different resources help you manage your IAM policy for Cloud Healthcare ConsentStore. Each of these resources serves a different use case:\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Authoritative. Sets the IAM policy for the consentstore and replaces any existing policy already attached.\n* `gcp.healthcare.ConsentStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the consentstore are preserved.\n* `gcp.healthcare.ConsentStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the consentstore are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Retrieves the IAM policy for the consentstore\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.ConsentStoreIamBinding` and `gcp.healthcare.ConsentStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.ConsentStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.healthcare.ConsentStoreIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.healthcare.ConsentStoreIamPolicy(\"policy\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.healthcare.ConsentStoreIamPolicy(\"policy\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Healthcare.ConsentStoreIamPolicy(\"policy\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewConsentStoreIamPolicy(ctx, \"policy\", \u0026healthcare.ConsentStoreIamPolicyArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConsentStoreIamPolicy(\"policy\", ConsentStoreIamPolicyArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:healthcare:ConsentStoreIamPolicy\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.ConsentStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.healthcare.ConsentStoreIamBinding(\"binding\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.healthcare.ConsentStoreIamBinding(\"binding\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Healthcare.ConsentStoreIamBinding(\"binding\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamBinding(ctx, \"binding\", \u0026healthcare.ConsentStoreIamBindingArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBinding;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConsentStoreIamBinding(\"binding\", ConsentStoreIamBindingArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:healthcare:ConsentStoreIamBinding\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.ConsentStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.healthcare.ConsentStoreIamMember(\"member\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.healthcare.ConsentStoreIamMember(\"member\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Healthcare.ConsentStoreIamMember(\"member\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamMember(ctx, \"member\", \u0026healthcare.ConsentStoreIamMemberArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMember;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConsentStoreIamMember(\"member\", ConsentStoreIamMemberArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:healthcare:ConsentStoreIamMember\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{dataset}}/consentStores/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Healthcare consentstore IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamPolicy:ConsentStoreIamPolicy editor \"{{dataset}}/consentStores/{{consent_store}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamPolicy:ConsentStoreIamPolicy editor \"{{dataset}}/consentStores/{{consent_store}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamPolicy:ConsentStoreIamPolicy editor {{dataset}}/consentStores/{{consent_store}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Healthcare ConsentStore. Each of these resources serves a different use case:\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Authoritative. Sets the IAM policy for the consentstore and replaces any existing policy already attached.\n* `gcp.healthcare.ConsentStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the consentstore are preserved.\n* `gcp.healthcare.ConsentStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the consentstore are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Retrieves the IAM policy for the consentstore\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.ConsentStoreIamBinding` and `gcp.healthcare.ConsentStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.ConsentStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.healthcare.ConsentStoreIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.healthcare.ConsentStoreIamPolicy(\"policy\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.healthcare.ConsentStoreIamPolicy(\"policy\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Healthcare.ConsentStoreIamPolicy(\"policy\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewConsentStoreIamPolicy(ctx, \"policy\", \u0026healthcare.ConsentStoreIamPolicyArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConsentStoreIamPolicy(\"policy\", ConsentStoreIamPolicyArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:healthcare:ConsentStoreIamPolicy\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.ConsentStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.healthcare.ConsentStoreIamBinding(\"binding\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.healthcare.ConsentStoreIamBinding(\"binding\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Healthcare.ConsentStoreIamBinding(\"binding\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamBinding(ctx, \"binding\", \u0026healthcare.ConsentStoreIamBindingArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBinding;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConsentStoreIamBinding(\"binding\", ConsentStoreIamBindingArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:healthcare:ConsentStoreIamBinding\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.ConsentStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.healthcare.ConsentStoreIamMember(\"member\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.healthcare.ConsentStoreIamMember(\"member\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Healthcare.ConsentStoreIamMember(\"member\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamMember(ctx, \"member\", \u0026healthcare.ConsentStoreIamMemberArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMember;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConsentStoreIamMember(\"member\", ConsentStoreIamMemberArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:healthcare:ConsentStoreIamMember\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Cloud Healthcare ConsentStore\nThree different resources help you manage your IAM policy for Cloud Healthcare ConsentStore. Each of these resources serves a different use case:\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Authoritative. Sets the IAM policy for the consentstore and replaces any existing policy already attached.\n* `gcp.healthcare.ConsentStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the consentstore are preserved.\n* `gcp.healthcare.ConsentStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the consentstore are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Retrieves the IAM policy for the consentstore\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.ConsentStoreIamBinding` and `gcp.healthcare.ConsentStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.ConsentStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.healthcare.ConsentStoreIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.healthcare.ConsentStoreIamPolicy(\"policy\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.healthcare.ConsentStoreIamPolicy(\"policy\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Healthcare.ConsentStoreIamPolicy(\"policy\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewConsentStoreIamPolicy(ctx, \"policy\", \u0026healthcare.ConsentStoreIamPolicyArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConsentStoreIamPolicy(\"policy\", ConsentStoreIamPolicyArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:healthcare:ConsentStoreIamPolicy\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.ConsentStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.healthcare.ConsentStoreIamBinding(\"binding\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.healthcare.ConsentStoreIamBinding(\"binding\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Healthcare.ConsentStoreIamBinding(\"binding\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamBinding(ctx, \"binding\", \u0026healthcare.ConsentStoreIamBindingArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBinding;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConsentStoreIamBinding(\"binding\", ConsentStoreIamBindingArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:healthcare:ConsentStoreIamBinding\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.ConsentStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.healthcare.ConsentStoreIamMember(\"member\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.healthcare.ConsentStoreIamMember(\"member\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Healthcare.ConsentStoreIamMember(\"member\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamMember(ctx, \"member\", \u0026healthcare.ConsentStoreIamMemberArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMember;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConsentStoreIamMember(\"member\", ConsentStoreIamMemberArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:healthcare:ConsentStoreIamMember\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{dataset}}/consentStores/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Healthcare consentstore IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamPolicy:ConsentStoreIamPolicy editor \"{{dataset}}/consentStores/{{consent_store}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamPolicy:ConsentStoreIamPolicy editor \"{{dataset}}/consentStores/{{consent_store}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamPolicy:ConsentStoreIamPolicy editor {{dataset}}/consentStores/{{consent_store}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "consentStoreId": { "type": "string", @@ -221350,7 +221350,7 @@ } }, "gcp:healthcare/dataset:Dataset": { - "description": "A Healthcare `Dataset` is a toplevel logical grouping of `dicomStores`, `fhirStores` and `hl7V2Stores`.\n\n\nTo get more information about Dataset, see:\n\n* [API documentation](https://cloud.google.com/healthcare/docs/reference/rest/v1/projects.locations.datasets)\n* How-to Guides\n * [Creating a dataset](https://cloud.google.com/healthcare/docs/how-tos/datasets)\n\n## Example Usage\n\n### Healthcare Dataset Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.healthcare.Dataset(\"default\", {\n name: \"example-dataset\",\n location: \"us-central1\",\n timeZone: \"UTC\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.healthcare.Dataset(\"default\",\n name=\"example-dataset\",\n location=\"us-central1\",\n time_zone=\"UTC\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Healthcare.Dataset(\"default\", new()\n {\n Name = \"example-dataset\",\n Location = \"us-central1\",\n TimeZone = \"UTC\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDataset(ctx, \"default\", \u0026healthcare.DatasetArgs{\n\t\t\tName: pulumi.String(\"example-dataset\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTimeZone: pulumi.String(\"UTC\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Dataset;\nimport com.pulumi.gcp.healthcare.DatasetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Dataset(\"default\", DatasetArgs.builder()\n .name(\"example-dataset\")\n .location(\"us-central1\")\n .timeZone(\"UTC\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:healthcare:Dataset\n properties:\n name: example-dataset\n location: us-central1\n timeZone: UTC\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Healthcare Dataset Cmek\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst keyRing = new gcp.kms.KeyRing(\"key_ring\", {\n name: \"example-keyring\",\n location: \"us-central1\",\n});\nconst cryptoKey = new gcp.kms.CryptoKey(\"crypto_key\", {\n name: \"example-key\",\n keyRing: keyRing.id,\n purpose: \"ENCRYPT_DECRYPT\",\n});\nconst healthcareCmekKeyuser = new gcp.kms.CryptoKeyIAMBinding(\"healthcare_cmek_keyuser\", {\n cryptoKeyId: cryptoKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n members: [project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-healthcare.iam.gserviceaccount.com`)],\n});\nconst _default = new gcp.healthcare.Dataset(\"default\", {\n name: \"example-dataset\",\n location: \"us-central1\",\n timeZone: \"UTC\",\n encryptionSpec: {\n kmsKeyName: cryptoKey.id,\n },\n}, {\n dependsOn: [healthcareCmekKeyuser],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nkey_ring = gcp.kms.KeyRing(\"key_ring\",\n name=\"example-keyring\",\n location=\"us-central1\")\ncrypto_key = gcp.kms.CryptoKey(\"crypto_key\",\n name=\"example-key\",\n key_ring=key_ring.id,\n purpose=\"ENCRYPT_DECRYPT\")\nhealthcare_cmek_keyuser = gcp.kms.CryptoKeyIAMBinding(\"healthcare_cmek_keyuser\",\n crypto_key_id=crypto_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n members=[f\"serviceAccount:service-{project.number}@gcp-sa-healthcare.iam.gserviceaccount.com\"])\ndefault = gcp.healthcare.Dataset(\"default\",\n name=\"example-dataset\",\n location=\"us-central1\",\n time_zone=\"UTC\",\n encryption_spec={\n \"kms_key_name\": crypto_key.id,\n },\n opts = pulumi.ResourceOptions(depends_on=[healthcare_cmek_keyuser]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var keyRing = new Gcp.Kms.KeyRing(\"key_ring\", new()\n {\n Name = \"example-keyring\",\n Location = \"us-central1\",\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKey(\"crypto_key\", new()\n {\n Name = \"example-key\",\n KeyRing = keyRing.Id,\n Purpose = \"ENCRYPT_DECRYPT\",\n });\n\n var healthcareCmekKeyuser = new Gcp.Kms.CryptoKeyIAMBinding(\"healthcare_cmek_keyuser\", new()\n {\n CryptoKeyId = cryptoKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Members = new[]\n {\n $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-healthcare.iam.gserviceaccount.com\",\n },\n });\n\n var @default = new Gcp.Healthcare.Dataset(\"default\", new()\n {\n Name = \"example-dataset\",\n Location = \"us-central1\",\n TimeZone = \"UTC\",\n EncryptionSpec = new Gcp.Healthcare.Inputs.DatasetEncryptionSpecArgs\n {\n KmsKeyName = cryptoKey.Id,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n healthcareCmekKeyuser,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkeyRing, err := kms.NewKeyRing(ctx, \"key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"example-keyring\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKey(ctx, \"crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"example-key\"),\n\t\t\tKeyRing: keyRing.ID(),\n\t\t\tPurpose: pulumi.String(\"ENCRYPT_DECRYPT\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\thealthcareCmekKeyuser, err := kms.NewCryptoKeyIAMBinding(ctx, \"healthcare_cmek_keyuser\", \u0026kms.CryptoKeyIAMBindingArgs{\n\t\t\tCryptoKeyId: cryptoKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-healthcare.iam.gserviceaccount.com\", project.Number),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewDataset(ctx, \"default\", \u0026healthcare.DatasetArgs{\n\t\t\tName: pulumi.String(\"example-dataset\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTimeZone: pulumi.String(\"UTC\"),\n\t\t\tEncryptionSpec: \u0026healthcare.DatasetEncryptionSpecArgs{\n\t\t\t\tKmsKeyName: cryptoKey.ID(),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\thealthcareCmekKeyuser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBinding;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;\nimport com.pulumi.gcp.healthcare.Dataset;\nimport com.pulumi.gcp.healthcare.DatasetArgs;\nimport com.pulumi.gcp.healthcare.inputs.DatasetEncryptionSpecArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var keyRing = new KeyRing(\"keyRing\", KeyRingArgs.builder()\n .name(\"example-keyring\")\n .location(\"us-central1\")\n .build());\n\n var cryptoKey = new CryptoKey(\"cryptoKey\", CryptoKeyArgs.builder()\n .name(\"example-key\")\n .keyRing(keyRing.id())\n .purpose(\"ENCRYPT_DECRYPT\")\n .build());\n\n var healthcareCmekKeyuser = new CryptoKeyIAMBinding(\"healthcareCmekKeyuser\", CryptoKeyIAMBindingArgs.builder()\n .cryptoKeyId(cryptoKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .members(String.format(\"serviceAccount:service-%s@gcp-sa-healthcare.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var default_ = new Dataset(\"default\", DatasetArgs.builder()\n .name(\"example-dataset\")\n .location(\"us-central1\")\n .timeZone(\"UTC\")\n .encryptionSpec(DatasetEncryptionSpecArgs.builder()\n .kmsKeyName(cryptoKey.id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(healthcareCmekKeyuser)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:healthcare:Dataset\n properties:\n name: example-dataset\n location: us-central1\n timeZone: UTC\n encryptionSpec:\n kmsKeyName: ${cryptoKey.id}\n options:\n dependson:\n - ${healthcareCmekKeyuser}\n cryptoKey:\n type: gcp:kms:CryptoKey\n name: crypto_key\n properties:\n name: example-key\n keyRing: ${keyRing.id}\n purpose: ENCRYPT_DECRYPT\n keyRing:\n type: gcp:kms:KeyRing\n name: key_ring\n properties:\n name: example-keyring\n location: us-central1\n healthcareCmekKeyuser:\n type: gcp:kms:CryptoKeyIAMBinding\n name: healthcare_cmek_keyuser\n properties:\n cryptoKeyId: ${cryptoKey.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n members:\n - serviceAccount:service-${project.number}@gcp-sa-healthcare.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nDataset can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/datasets/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Dataset can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:healthcare/dataset:Dataset default projects/{{project}}/locations/{{location}}/datasets/{{name}}\n```\n\n```sh\n$ pulumi import gcp:healthcare/dataset:Dataset default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:healthcare/dataset:Dataset default {{location}}/{{name}}\n```\n\n", + "description": "A Healthcare `Dataset` is a toplevel logical grouping of `dicomStores`, `fhirStores` and `hl7V2Stores`.\n\n\nTo get more information about Dataset, see:\n\n* [API documentation](https://cloud.google.com/healthcare/docs/reference/rest/v1/projects.locations.datasets)\n* How-to Guides\n * [Creating a dataset](https://cloud.google.com/healthcare/docs/how-tos/datasets)\n\n## Example Usage\n\n### Healthcare Dataset Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.healthcare.Dataset(\"default\", {\n name: \"example-dataset\",\n location: \"us-central1\",\n timeZone: \"UTC\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.healthcare.Dataset(\"default\",\n name=\"example-dataset\",\n location=\"us-central1\",\n time_zone=\"UTC\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Healthcare.Dataset(\"default\", new()\n {\n Name = \"example-dataset\",\n Location = \"us-central1\",\n TimeZone = \"UTC\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDataset(ctx, \"default\", \u0026healthcare.DatasetArgs{\n\t\t\tName: pulumi.String(\"example-dataset\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTimeZone: pulumi.String(\"UTC\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Dataset;\nimport com.pulumi.gcp.healthcare.DatasetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Dataset(\"default\", DatasetArgs.builder()\n .name(\"example-dataset\")\n .location(\"us-central1\")\n .timeZone(\"UTC\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:healthcare:Dataset\n properties:\n name: example-dataset\n location: us-central1\n timeZone: UTC\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Healthcare Dataset Cmek\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst keyRing = new gcp.kms.KeyRing(\"key_ring\", {\n name: \"example-keyring\",\n location: \"us-central1\",\n});\nconst cryptoKey = new gcp.kms.CryptoKey(\"crypto_key\", {\n name: \"example-key\",\n keyRing: keyRing.id,\n purpose: \"ENCRYPT_DECRYPT\",\n});\nconst healthcareCmekKeyuser = new gcp.kms.CryptoKeyIAMBinding(\"healthcare_cmek_keyuser\", {\n cryptoKeyId: cryptoKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n members: [project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-healthcare.iam.gserviceaccount.com`)],\n});\nconst _default = new gcp.healthcare.Dataset(\"default\", {\n name: \"example-dataset\",\n location: \"us-central1\",\n timeZone: \"UTC\",\n encryptionSpec: {\n kmsKeyName: cryptoKey.id,\n },\n}, {\n dependsOn: [healthcareCmekKeyuser],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nkey_ring = gcp.kms.KeyRing(\"key_ring\",\n name=\"example-keyring\",\n location=\"us-central1\")\ncrypto_key = gcp.kms.CryptoKey(\"crypto_key\",\n name=\"example-key\",\n key_ring=key_ring.id,\n purpose=\"ENCRYPT_DECRYPT\")\nhealthcare_cmek_keyuser = gcp.kms.CryptoKeyIAMBinding(\"healthcare_cmek_keyuser\",\n crypto_key_id=crypto_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n members=[f\"serviceAccount:service-{project.number}@gcp-sa-healthcare.iam.gserviceaccount.com\"])\ndefault = gcp.healthcare.Dataset(\"default\",\n name=\"example-dataset\",\n location=\"us-central1\",\n time_zone=\"UTC\",\n encryption_spec={\n \"kms_key_name\": crypto_key.id,\n },\n opts = pulumi.ResourceOptions(depends_on=[healthcare_cmek_keyuser]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var keyRing = new Gcp.Kms.KeyRing(\"key_ring\", new()\n {\n Name = \"example-keyring\",\n Location = \"us-central1\",\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKey(\"crypto_key\", new()\n {\n Name = \"example-key\",\n KeyRing = keyRing.Id,\n Purpose = \"ENCRYPT_DECRYPT\",\n });\n\n var healthcareCmekKeyuser = new Gcp.Kms.CryptoKeyIAMBinding(\"healthcare_cmek_keyuser\", new()\n {\n CryptoKeyId = cryptoKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Members = new[]\n {\n $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-healthcare.iam.gserviceaccount.com\",\n },\n });\n\n var @default = new Gcp.Healthcare.Dataset(\"default\", new()\n {\n Name = \"example-dataset\",\n Location = \"us-central1\",\n TimeZone = \"UTC\",\n EncryptionSpec = new Gcp.Healthcare.Inputs.DatasetEncryptionSpecArgs\n {\n KmsKeyName = cryptoKey.Id,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n healthcareCmekKeyuser,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkeyRing, err := kms.NewKeyRing(ctx, \"key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"example-keyring\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKey(ctx, \"crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"example-key\"),\n\t\t\tKeyRing: keyRing.ID(),\n\t\t\tPurpose: pulumi.String(\"ENCRYPT_DECRYPT\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\thealthcareCmekKeyuser, err := kms.NewCryptoKeyIAMBinding(ctx, \"healthcare_cmek_keyuser\", \u0026kms.CryptoKeyIAMBindingArgs{\n\t\t\tCryptoKeyId: cryptoKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-healthcare.iam.gserviceaccount.com\", project.Number),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewDataset(ctx, \"default\", \u0026healthcare.DatasetArgs{\n\t\t\tName: pulumi.String(\"example-dataset\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTimeZone: pulumi.String(\"UTC\"),\n\t\t\tEncryptionSpec: \u0026healthcare.DatasetEncryptionSpecArgs{\n\t\t\t\tKmsKeyName: cryptoKey.ID(),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\thealthcareCmekKeyuser,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBinding;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;\nimport com.pulumi.gcp.healthcare.Dataset;\nimport com.pulumi.gcp.healthcare.DatasetArgs;\nimport com.pulumi.gcp.healthcare.inputs.DatasetEncryptionSpecArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var keyRing = new KeyRing(\"keyRing\", KeyRingArgs.builder()\n .name(\"example-keyring\")\n .location(\"us-central1\")\n .build());\n\n var cryptoKey = new CryptoKey(\"cryptoKey\", CryptoKeyArgs.builder()\n .name(\"example-key\")\n .keyRing(keyRing.id())\n .purpose(\"ENCRYPT_DECRYPT\")\n .build());\n\n var healthcareCmekKeyuser = new CryptoKeyIAMBinding(\"healthcareCmekKeyuser\", CryptoKeyIAMBindingArgs.builder()\n .cryptoKeyId(cryptoKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .members(String.format(\"serviceAccount:service-%s@gcp-sa-healthcare.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var default_ = new Dataset(\"default\", DatasetArgs.builder()\n .name(\"example-dataset\")\n .location(\"us-central1\")\n .timeZone(\"UTC\")\n .encryptionSpec(DatasetEncryptionSpecArgs.builder()\n .kmsKeyName(cryptoKey.id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(healthcareCmekKeyuser)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:healthcare:Dataset\n properties:\n name: example-dataset\n location: us-central1\n timeZone: UTC\n encryptionSpec:\n kmsKeyName: ${cryptoKey.id}\n options:\n dependsOn:\n - ${healthcareCmekKeyuser}\n cryptoKey:\n type: gcp:kms:CryptoKey\n name: crypto_key\n properties:\n name: example-key\n keyRing: ${keyRing.id}\n purpose: ENCRYPT_DECRYPT\n keyRing:\n type: gcp:kms:KeyRing\n name: key_ring\n properties:\n name: example-keyring\n location: us-central1\n healthcareCmekKeyuser:\n type: gcp:kms:CryptoKeyIAMBinding\n name: healthcare_cmek_keyuser\n properties:\n cryptoKeyId: ${cryptoKey.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n members:\n - serviceAccount:service-${project.number}@gcp-sa-healthcare.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nDataset can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/datasets/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Dataset can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:healthcare/dataset:Dataset default projects/{{project}}/locations/{{location}}/datasets/{{name}}\n```\n\n```sh\n$ pulumi import gcp:healthcare/dataset:Dataset default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:healthcare/dataset:Dataset default {{location}}/{{name}}\n```\n\n", "properties": { "encryptionSpec": { "$ref": "#/types/gcp:healthcare/DatasetEncryptionSpec:DatasetEncryptionSpec", @@ -221450,7 +221450,7 @@ } }, "gcp:healthcare/datasetIamBinding:DatasetIamBinding": { - "description": "Three different resources help you manage your IAM policy for Healthcare dataset. Each of these resources serves a different use case:\n\n* `gcp.healthcare.DatasetIamPolicy`: Authoritative. Sets the IAM policy for the dataset and replaces any existing policy already attached.\n* `gcp.healthcare.DatasetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataset are preserved.\n* `gcp.healthcare.DatasetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataset are preserved.\n\n\u003e **Note:** `gcp.healthcare.DatasetIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.DatasetIamBinding` and `gcp.healthcare.DatasetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.DatasetIamBinding` resources **can be** used in conjunction with `gcp.healthcare.DatasetIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.healthcare.DatasetIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst dataset = new gcp.healthcare.DatasetIamPolicy(\"dataset\", {\n datasetId: \"your-dataset-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\ndataset = gcp.healthcare.DatasetIamPolicy(\"dataset\",\n dataset_id=\"your-dataset-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var dataset = new Gcp.Healthcare.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewDatasetIamPolicy(ctx, \"dataset\", \u0026healthcare.DatasetIamPolicyArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.DatasetIamPolicy;\nimport com.pulumi.gcp.healthcare.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder()\n .datasetId(\"your-dataset-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamPolicy\n properties:\n datasetId: your-dataset-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DatasetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamBinding(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamBinding(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamBinding(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamBinding(ctx, \"dataset\", \u0026healthcare.DatasetIamBindingArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamBinding;\nimport com.pulumi.gcp.healthcare.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamBinding(\"dataset\", DatasetIamBindingArgs.builder()\n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamBinding\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DatasetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamMember(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamMember(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamMember(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamMember(ctx, \"dataset\", \u0026healthcare.DatasetIamMemberArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamMember;\nimport com.pulumi.gcp.healthcare.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamMember(\"dataset\", DatasetIamMemberArgs.builder()\n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamMember\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DatasetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamBinding(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamBinding(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamBinding(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamBinding(ctx, \"dataset\", \u0026healthcare.DatasetIamBindingArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamBinding;\nimport com.pulumi.gcp.healthcare.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamBinding(\"dataset\", DatasetIamBindingArgs.builder()\n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamBinding\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DatasetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamMember(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamMember(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamMember(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamMember(ctx, \"dataset\", \u0026healthcare.DatasetIamMemberArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamMember;\nimport com.pulumi.gcp.healthcare.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamMember(\"dataset\", DatasetIamMemberArgs.builder()\n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamMember\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcase Dataset resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}\"\n\n to = google_healthcare_dataset_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/datasetIamBinding:DatasetIamBinding default {{project_id}}/{{location}}/{{dataset}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for Healthcare dataset. Each of these resources serves a different use case:\n\n* `gcp.healthcare.DatasetIamPolicy`: Authoritative. Sets the IAM policy for the dataset and replaces any existing policy already attached.\n* `gcp.healthcare.DatasetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataset are preserved.\n* `gcp.healthcare.DatasetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataset are preserved.\n\n\u003e **Note:** `gcp.healthcare.DatasetIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.DatasetIamBinding` and `gcp.healthcare.DatasetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.DatasetIamBinding` resources **can be** used in conjunction with `gcp.healthcare.DatasetIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.healthcare.DatasetIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst dataset = new gcp.healthcare.DatasetIamPolicy(\"dataset\", {\n datasetId: \"your-dataset-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\ndataset = gcp.healthcare.DatasetIamPolicy(\"dataset\",\n dataset_id=\"your-dataset-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var dataset = new Gcp.Healthcare.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewDatasetIamPolicy(ctx, \"dataset\", \u0026healthcare.DatasetIamPolicyArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.DatasetIamPolicy;\nimport com.pulumi.gcp.healthcare.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder()\n .datasetId(\"your-dataset-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamPolicy\n properties:\n datasetId: your-dataset-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DatasetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamBinding(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamBinding(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamBinding(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamBinding(ctx, \"dataset\", \u0026healthcare.DatasetIamBindingArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamBinding;\nimport com.pulumi.gcp.healthcare.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamBinding(\"dataset\", DatasetIamBindingArgs.builder()\n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamBinding\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DatasetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamMember(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamMember(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamMember(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamMember(ctx, \"dataset\", \u0026healthcare.DatasetIamMemberArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamMember;\nimport com.pulumi.gcp.healthcare.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamMember(\"dataset\", DatasetIamMemberArgs.builder()\n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamMember\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DatasetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamBinding(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamBinding(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamBinding(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamBinding(ctx, \"dataset\", \u0026healthcare.DatasetIamBindingArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamBinding;\nimport com.pulumi.gcp.healthcare.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamBinding(\"dataset\", DatasetIamBindingArgs.builder()\n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamBinding\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DatasetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamMember(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamMember(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamMember(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamMember(ctx, \"dataset\", \u0026healthcare.DatasetIamMemberArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamMember;\nimport com.pulumi.gcp.healthcare.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamMember(\"dataset\", DatasetIamMemberArgs.builder()\n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamMember\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcase Dataset resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}\"\n\n to = google_healthcare_dataset_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/datasetIamBinding:DatasetIamBinding default {{project_id}}/{{location}}/{{dataset}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:healthcare/DatasetIamBindingCondition:DatasetIamBindingCondition" @@ -221542,7 +221542,7 @@ } }, "gcp:healthcare/datasetIamMember:DatasetIamMember": { - "description": "Three different resources help you manage your IAM policy for Healthcare dataset. Each of these resources serves a different use case:\n\n* `gcp.healthcare.DatasetIamPolicy`: Authoritative. Sets the IAM policy for the dataset and replaces any existing policy already attached.\n* `gcp.healthcare.DatasetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataset are preserved.\n* `gcp.healthcare.DatasetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataset are preserved.\n\n\u003e **Note:** `gcp.healthcare.DatasetIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.DatasetIamBinding` and `gcp.healthcare.DatasetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.DatasetIamBinding` resources **can be** used in conjunction with `gcp.healthcare.DatasetIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.healthcare.DatasetIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst dataset = new gcp.healthcare.DatasetIamPolicy(\"dataset\", {\n datasetId: \"your-dataset-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\ndataset = gcp.healthcare.DatasetIamPolicy(\"dataset\",\n dataset_id=\"your-dataset-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var dataset = new Gcp.Healthcare.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewDatasetIamPolicy(ctx, \"dataset\", \u0026healthcare.DatasetIamPolicyArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.DatasetIamPolicy;\nimport com.pulumi.gcp.healthcare.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder()\n .datasetId(\"your-dataset-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamPolicy\n properties:\n datasetId: your-dataset-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DatasetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamBinding(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamBinding(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamBinding(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamBinding(ctx, \"dataset\", \u0026healthcare.DatasetIamBindingArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamBinding;\nimport com.pulumi.gcp.healthcare.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamBinding(\"dataset\", DatasetIamBindingArgs.builder()\n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamBinding\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DatasetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamMember(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamMember(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamMember(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamMember(ctx, \"dataset\", \u0026healthcare.DatasetIamMemberArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamMember;\nimport com.pulumi.gcp.healthcare.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamMember(\"dataset\", DatasetIamMemberArgs.builder()\n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamMember\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DatasetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamBinding(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamBinding(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamBinding(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamBinding(ctx, \"dataset\", \u0026healthcare.DatasetIamBindingArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamBinding;\nimport com.pulumi.gcp.healthcare.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamBinding(\"dataset\", DatasetIamBindingArgs.builder()\n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamBinding\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DatasetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamMember(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamMember(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamMember(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamMember(ctx, \"dataset\", \u0026healthcare.DatasetIamMemberArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamMember;\nimport com.pulumi.gcp.healthcare.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamMember(\"dataset\", DatasetIamMemberArgs.builder()\n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamMember\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcase Dataset resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}\"\n\n to = google_healthcare_dataset_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/datasetIamMember:DatasetIamMember default {{project_id}}/{{location}}/{{dataset}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for Healthcare dataset. Each of these resources serves a different use case:\n\n* `gcp.healthcare.DatasetIamPolicy`: Authoritative. Sets the IAM policy for the dataset and replaces any existing policy already attached.\n* `gcp.healthcare.DatasetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataset are preserved.\n* `gcp.healthcare.DatasetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataset are preserved.\n\n\u003e **Note:** `gcp.healthcare.DatasetIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.DatasetIamBinding` and `gcp.healthcare.DatasetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.DatasetIamBinding` resources **can be** used in conjunction with `gcp.healthcare.DatasetIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.healthcare.DatasetIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst dataset = new gcp.healthcare.DatasetIamPolicy(\"dataset\", {\n datasetId: \"your-dataset-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\ndataset = gcp.healthcare.DatasetIamPolicy(\"dataset\",\n dataset_id=\"your-dataset-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var dataset = new Gcp.Healthcare.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewDatasetIamPolicy(ctx, \"dataset\", \u0026healthcare.DatasetIamPolicyArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.DatasetIamPolicy;\nimport com.pulumi.gcp.healthcare.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder()\n .datasetId(\"your-dataset-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamPolicy\n properties:\n datasetId: your-dataset-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DatasetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamBinding(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamBinding(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamBinding(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamBinding(ctx, \"dataset\", \u0026healthcare.DatasetIamBindingArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamBinding;\nimport com.pulumi.gcp.healthcare.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamBinding(\"dataset\", DatasetIamBindingArgs.builder()\n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamBinding\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DatasetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamMember(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamMember(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamMember(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamMember(ctx, \"dataset\", \u0026healthcare.DatasetIamMemberArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamMember;\nimport com.pulumi.gcp.healthcare.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamMember(\"dataset\", DatasetIamMemberArgs.builder()\n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamMember\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DatasetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamBinding(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamBinding(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamBinding(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamBinding(ctx, \"dataset\", \u0026healthcare.DatasetIamBindingArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamBinding;\nimport com.pulumi.gcp.healthcare.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamBinding(\"dataset\", DatasetIamBindingArgs.builder()\n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamBinding\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DatasetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamMember(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamMember(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamMember(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamMember(ctx, \"dataset\", \u0026healthcare.DatasetIamMemberArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamMember;\nimport com.pulumi.gcp.healthcare.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamMember(\"dataset\", DatasetIamMemberArgs.builder()\n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamMember\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcase Dataset resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}\"\n\n to = google_healthcare_dataset_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/datasetIamMember:DatasetIamMember default {{project_id}}/{{location}}/{{dataset}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:healthcare/DatasetIamMemberCondition:DatasetIamMemberCondition" @@ -221627,7 +221627,7 @@ } }, "gcp:healthcare/datasetIamPolicy:DatasetIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Healthcare dataset. Each of these resources serves a different use case:\n\n* `gcp.healthcare.DatasetIamPolicy`: Authoritative. Sets the IAM policy for the dataset and replaces any existing policy already attached.\n* `gcp.healthcare.DatasetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataset are preserved.\n* `gcp.healthcare.DatasetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataset are preserved.\n\n\u003e **Note:** `gcp.healthcare.DatasetIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.DatasetIamBinding` and `gcp.healthcare.DatasetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.DatasetIamBinding` resources **can be** used in conjunction with `gcp.healthcare.DatasetIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.healthcare.DatasetIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst dataset = new gcp.healthcare.DatasetIamPolicy(\"dataset\", {\n datasetId: \"your-dataset-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\ndataset = gcp.healthcare.DatasetIamPolicy(\"dataset\",\n dataset_id=\"your-dataset-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var dataset = new Gcp.Healthcare.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewDatasetIamPolicy(ctx, \"dataset\", \u0026healthcare.DatasetIamPolicyArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.DatasetIamPolicy;\nimport com.pulumi.gcp.healthcare.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder()\n .datasetId(\"your-dataset-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamPolicy\n properties:\n datasetId: your-dataset-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DatasetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamBinding(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamBinding(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamBinding(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamBinding(ctx, \"dataset\", \u0026healthcare.DatasetIamBindingArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamBinding;\nimport com.pulumi.gcp.healthcare.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamBinding(\"dataset\", DatasetIamBindingArgs.builder()\n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamBinding\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DatasetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamMember(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamMember(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamMember(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamMember(ctx, \"dataset\", \u0026healthcare.DatasetIamMemberArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamMember;\nimport com.pulumi.gcp.healthcare.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamMember(\"dataset\", DatasetIamMemberArgs.builder()\n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamMember\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DatasetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamBinding(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamBinding(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamBinding(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamBinding(ctx, \"dataset\", \u0026healthcare.DatasetIamBindingArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamBinding;\nimport com.pulumi.gcp.healthcare.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamBinding(\"dataset\", DatasetIamBindingArgs.builder()\n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamBinding\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DatasetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamMember(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamMember(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamMember(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamMember(ctx, \"dataset\", \u0026healthcare.DatasetIamMemberArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamMember;\nimport com.pulumi.gcp.healthcare.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamMember(\"dataset\", DatasetIamMemberArgs.builder()\n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamMember\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcase Dataset resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}\"\n\n to = google_healthcare_dataset_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/datasetIamPolicy:DatasetIamPolicy default {{project_id}}/{{location}}/{{dataset}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for Healthcare dataset. Each of these resources serves a different use case:\n\n* `gcp.healthcare.DatasetIamPolicy`: Authoritative. Sets the IAM policy for the dataset and replaces any existing policy already attached.\n* `gcp.healthcare.DatasetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataset are preserved.\n* `gcp.healthcare.DatasetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataset are preserved.\n\n\u003e **Note:** `gcp.healthcare.DatasetIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.DatasetIamBinding` and `gcp.healthcare.DatasetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.DatasetIamBinding` resources **can be** used in conjunction with `gcp.healthcare.DatasetIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.healthcare.DatasetIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst dataset = new gcp.healthcare.DatasetIamPolicy(\"dataset\", {\n datasetId: \"your-dataset-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\ndataset = gcp.healthcare.DatasetIamPolicy(\"dataset\",\n dataset_id=\"your-dataset-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var dataset = new Gcp.Healthcare.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewDatasetIamPolicy(ctx, \"dataset\", \u0026healthcare.DatasetIamPolicyArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.DatasetIamPolicy;\nimport com.pulumi.gcp.healthcare.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder()\n .datasetId(\"your-dataset-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamPolicy\n properties:\n datasetId: your-dataset-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DatasetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamBinding(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamBinding(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamBinding(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamBinding(ctx, \"dataset\", \u0026healthcare.DatasetIamBindingArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamBinding;\nimport com.pulumi.gcp.healthcare.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamBinding(\"dataset\", DatasetIamBindingArgs.builder()\n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamBinding\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DatasetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamMember(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamMember(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamMember(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamMember(ctx, \"dataset\", \u0026healthcare.DatasetIamMemberArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamMember;\nimport com.pulumi.gcp.healthcare.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamMember(\"dataset\", DatasetIamMemberArgs.builder()\n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamMember\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DatasetIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamBinding(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamBinding(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamBinding(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamBinding(ctx, \"dataset\", \u0026healthcare.DatasetIamBindingArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamBinding;\nimport com.pulumi.gcp.healthcare.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamBinding(\"dataset\", DatasetIamBindingArgs.builder()\n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamBinding\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DatasetIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamMember(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamMember(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamMember(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamMember(ctx, \"dataset\", \u0026healthcare.DatasetIamMemberArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamMember;\nimport com.pulumi.gcp.healthcare.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamMember(\"dataset\", DatasetIamMemberArgs.builder()\n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamMember\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcase Dataset resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}\"\n\n to = google_healthcare_dataset_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/datasetIamPolicy:DatasetIamPolicy default {{project_id}}/{{location}}/{{dataset}}\n```\n\n", "properties": { "datasetId": { "type": "string", @@ -221828,7 +221828,7 @@ } }, "gcp:healthcare/dicomStoreIamBinding:DicomStoreIamBinding": { - "description": "Three different resources help you manage your IAM policy for Healthcare DICOM store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.DicomStoreIamPolicy`: Authoritative. Sets the IAM policy for the DICOM store and replaces any existing policy already attached.\n* `gcp.healthcare.DicomStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the DICOM store are preserved.\n* `gcp.healthcare.DicomStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the DICOM store are preserved.\n\n\u003e **Note:** `gcp.healthcare.DicomStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.DicomStoreIamBinding` and `gcp.healthcare.DicomStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.DicomStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.DicomStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.healthcare.DicomStoreIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst dicomStore = new gcp.healthcare.DicomStoreIamPolicy(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\ndicom_store = gcp.healthcare.DicomStoreIamPolicy(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var dicomStore = new Gcp.Healthcare.DicomStoreIamPolicy(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewDicomStoreIamPolicy(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamPolicyArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.DicomStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.DicomStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var dicomStore = new DicomStoreIamPolicy(\"dicomStore\", DicomStoreIamPolicyArgs.builder()\n .dicomStoreId(\"your-dicom-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamPolicy\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DicomStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamBinding(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamBinding(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamBinding(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamBinding(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamBindingArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBinding;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamBinding(\"dicomStore\", DicomStoreIamBindingArgs.builder()\n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamBinding\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DicomStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamMember(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamMember(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamMember(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamMember(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamMemberArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMember;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamMember(\"dicomStore\", DicomStoreIamMemberArgs.builder()\n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamMember\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DicomStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamBinding(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamBinding(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamBinding(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamBinding(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamBindingArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBinding;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamBinding(\"dicomStore\", DicomStoreIamBindingArgs.builder()\n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamBinding\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DicomStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamMember(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamMember(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamMember(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamMember(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamMemberArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMember;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamMember(\"dicomStore\", DicomStoreIamMemberArgs.builder()\n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamMember\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcare DICOM store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\"\n\n to = google_healthcare_dicom_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/dicomStoreIamBinding:DicomStoreIamBinding default {{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for Healthcare DICOM store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.DicomStoreIamPolicy`: Authoritative. Sets the IAM policy for the DICOM store and replaces any existing policy already attached.\n* `gcp.healthcare.DicomStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the DICOM store are preserved.\n* `gcp.healthcare.DicomStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the DICOM store are preserved.\n\n\u003e **Note:** `gcp.healthcare.DicomStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.DicomStoreIamBinding` and `gcp.healthcare.DicomStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.DicomStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.DicomStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.healthcare.DicomStoreIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst dicomStore = new gcp.healthcare.DicomStoreIamPolicy(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\ndicom_store = gcp.healthcare.DicomStoreIamPolicy(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var dicomStore = new Gcp.Healthcare.DicomStoreIamPolicy(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewDicomStoreIamPolicy(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamPolicyArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.DicomStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.DicomStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var dicomStore = new DicomStoreIamPolicy(\"dicomStore\", DicomStoreIamPolicyArgs.builder()\n .dicomStoreId(\"your-dicom-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamPolicy\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DicomStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamBinding(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamBinding(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamBinding(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamBinding(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamBindingArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBinding;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamBinding(\"dicomStore\", DicomStoreIamBindingArgs.builder()\n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamBinding\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DicomStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamMember(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamMember(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamMember(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamMember(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamMemberArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMember;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamMember(\"dicomStore\", DicomStoreIamMemberArgs.builder()\n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamMember\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DicomStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamBinding(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamBinding(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamBinding(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamBinding(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamBindingArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBinding;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamBinding(\"dicomStore\", DicomStoreIamBindingArgs.builder()\n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamBinding\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DicomStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamMember(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamMember(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamMember(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamMember(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamMemberArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMember;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamMember(\"dicomStore\", DicomStoreIamMemberArgs.builder()\n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamMember\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcare DICOM store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\"\n\n to = google_healthcare_dicom_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/dicomStoreIamBinding:DicomStoreIamBinding default {{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:healthcare/DicomStoreIamBindingCondition:DicomStoreIamBindingCondition" @@ -221920,7 +221920,7 @@ } }, "gcp:healthcare/dicomStoreIamMember:DicomStoreIamMember": { - "description": "Three different resources help you manage your IAM policy for Healthcare DICOM store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.DicomStoreIamPolicy`: Authoritative. Sets the IAM policy for the DICOM store and replaces any existing policy already attached.\n* `gcp.healthcare.DicomStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the DICOM store are preserved.\n* `gcp.healthcare.DicomStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the DICOM store are preserved.\n\n\u003e **Note:** `gcp.healthcare.DicomStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.DicomStoreIamBinding` and `gcp.healthcare.DicomStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.DicomStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.DicomStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.healthcare.DicomStoreIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst dicomStore = new gcp.healthcare.DicomStoreIamPolicy(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\ndicom_store = gcp.healthcare.DicomStoreIamPolicy(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var dicomStore = new Gcp.Healthcare.DicomStoreIamPolicy(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewDicomStoreIamPolicy(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamPolicyArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.DicomStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.DicomStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var dicomStore = new DicomStoreIamPolicy(\"dicomStore\", DicomStoreIamPolicyArgs.builder()\n .dicomStoreId(\"your-dicom-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamPolicy\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DicomStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamBinding(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamBinding(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamBinding(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamBinding(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamBindingArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBinding;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamBinding(\"dicomStore\", DicomStoreIamBindingArgs.builder()\n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamBinding\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DicomStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamMember(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamMember(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamMember(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamMember(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamMemberArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMember;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamMember(\"dicomStore\", DicomStoreIamMemberArgs.builder()\n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamMember\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DicomStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamBinding(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamBinding(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamBinding(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamBinding(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamBindingArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBinding;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamBinding(\"dicomStore\", DicomStoreIamBindingArgs.builder()\n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamBinding\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DicomStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamMember(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamMember(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamMember(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamMember(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamMemberArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMember;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamMember(\"dicomStore\", DicomStoreIamMemberArgs.builder()\n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamMember\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcare DICOM store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\"\n\n to = google_healthcare_dicom_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/dicomStoreIamMember:DicomStoreIamMember default {{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for Healthcare DICOM store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.DicomStoreIamPolicy`: Authoritative. Sets the IAM policy for the DICOM store and replaces any existing policy already attached.\n* `gcp.healthcare.DicomStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the DICOM store are preserved.\n* `gcp.healthcare.DicomStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the DICOM store are preserved.\n\n\u003e **Note:** `gcp.healthcare.DicomStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.DicomStoreIamBinding` and `gcp.healthcare.DicomStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.DicomStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.DicomStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.healthcare.DicomStoreIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst dicomStore = new gcp.healthcare.DicomStoreIamPolicy(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\ndicom_store = gcp.healthcare.DicomStoreIamPolicy(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var dicomStore = new Gcp.Healthcare.DicomStoreIamPolicy(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewDicomStoreIamPolicy(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamPolicyArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.DicomStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.DicomStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var dicomStore = new DicomStoreIamPolicy(\"dicomStore\", DicomStoreIamPolicyArgs.builder()\n .dicomStoreId(\"your-dicom-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamPolicy\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DicomStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamBinding(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamBinding(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamBinding(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamBinding(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamBindingArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBinding;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamBinding(\"dicomStore\", DicomStoreIamBindingArgs.builder()\n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamBinding\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DicomStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamMember(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamMember(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamMember(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamMember(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamMemberArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMember;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamMember(\"dicomStore\", DicomStoreIamMemberArgs.builder()\n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamMember\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DicomStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamBinding(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamBinding(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamBinding(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamBinding(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamBindingArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBinding;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamBinding(\"dicomStore\", DicomStoreIamBindingArgs.builder()\n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamBinding\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DicomStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamMember(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamMember(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamMember(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamMember(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamMemberArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMember;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamMember(\"dicomStore\", DicomStoreIamMemberArgs.builder()\n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamMember\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcare DICOM store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\"\n\n to = google_healthcare_dicom_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/dicomStoreIamMember:DicomStoreIamMember default {{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:healthcare/DicomStoreIamMemberCondition:DicomStoreIamMemberCondition" @@ -222005,7 +222005,7 @@ } }, "gcp:healthcare/dicomStoreIamPolicy:DicomStoreIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Healthcare DICOM store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.DicomStoreIamPolicy`: Authoritative. Sets the IAM policy for the DICOM store and replaces any existing policy already attached.\n* `gcp.healthcare.DicomStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the DICOM store are preserved.\n* `gcp.healthcare.DicomStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the DICOM store are preserved.\n\n\u003e **Note:** `gcp.healthcare.DicomStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.DicomStoreIamBinding` and `gcp.healthcare.DicomStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.DicomStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.DicomStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.healthcare.DicomStoreIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst dicomStore = new gcp.healthcare.DicomStoreIamPolicy(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\ndicom_store = gcp.healthcare.DicomStoreIamPolicy(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var dicomStore = new Gcp.Healthcare.DicomStoreIamPolicy(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewDicomStoreIamPolicy(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamPolicyArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.DicomStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.DicomStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var dicomStore = new DicomStoreIamPolicy(\"dicomStore\", DicomStoreIamPolicyArgs.builder()\n .dicomStoreId(\"your-dicom-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamPolicy\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DicomStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamBinding(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamBinding(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamBinding(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamBinding(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamBindingArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBinding;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamBinding(\"dicomStore\", DicomStoreIamBindingArgs.builder()\n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamBinding\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DicomStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamMember(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamMember(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamMember(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamMember(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamMemberArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMember;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamMember(\"dicomStore\", DicomStoreIamMemberArgs.builder()\n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamMember\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DicomStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamBinding(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamBinding(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamBinding(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamBinding(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamBindingArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBinding;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamBinding(\"dicomStore\", DicomStoreIamBindingArgs.builder()\n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamBinding\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DicomStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamMember(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamMember(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamMember(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamMember(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamMemberArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMember;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamMember(\"dicomStore\", DicomStoreIamMemberArgs.builder()\n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamMember\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcare DICOM store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\"\n\n to = google_healthcare_dicom_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/dicomStoreIamPolicy:DicomStoreIamPolicy default {{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for Healthcare DICOM store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.DicomStoreIamPolicy`: Authoritative. Sets the IAM policy for the DICOM store and replaces any existing policy already attached.\n* `gcp.healthcare.DicomStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the DICOM store are preserved.\n* `gcp.healthcare.DicomStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the DICOM store are preserved.\n\n\u003e **Note:** `gcp.healthcare.DicomStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.DicomStoreIamBinding` and `gcp.healthcare.DicomStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.DicomStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.DicomStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.healthcare.DicomStoreIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst dicomStore = new gcp.healthcare.DicomStoreIamPolicy(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\ndicom_store = gcp.healthcare.DicomStoreIamPolicy(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var dicomStore = new Gcp.Healthcare.DicomStoreIamPolicy(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewDicomStoreIamPolicy(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamPolicyArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.DicomStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.DicomStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var dicomStore = new DicomStoreIamPolicy(\"dicomStore\", DicomStoreIamPolicyArgs.builder()\n .dicomStoreId(\"your-dicom-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamPolicy\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DicomStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamBinding(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamBinding(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamBinding(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamBinding(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamBindingArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBinding;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamBinding(\"dicomStore\", DicomStoreIamBindingArgs.builder()\n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamBinding\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DicomStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamMember(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamMember(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamMember(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamMember(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamMemberArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMember;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamMember(\"dicomStore\", DicomStoreIamMemberArgs.builder()\n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamMember\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DicomStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamBinding(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamBinding(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamBinding(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamBinding(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamBindingArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBinding;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamBinding(\"dicomStore\", DicomStoreIamBindingArgs.builder()\n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamBinding\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.DicomStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamMember(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamMember(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamMember(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamMember(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamMemberArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMember;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamMember(\"dicomStore\", DicomStoreIamMemberArgs.builder()\n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamMember\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcare DICOM store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\"\n\n to = google_healthcare_dicom_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/dicomStoreIamPolicy:DicomStoreIamPolicy default {{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\n```\n\n", "properties": { "dicomStoreId": { "type": "string", @@ -222335,7 +222335,7 @@ } }, "gcp:healthcare/fhirStoreIamBinding:FhirStoreIamBinding": { - "description": "Three different resources help you manage your IAM policy for Healthcare FHIR store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.FhirStoreIamPolicy`: Authoritative. Sets the IAM policy for the FHIR store and replaces any existing policy already attached.\n* `gcp.healthcare.FhirStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the FHIR store are preserved.\n* `gcp.healthcare.FhirStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the FHIR store are preserved.\n\n\u003e **Note:** `gcp.healthcare.FhirStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.FhirStoreIamBinding` and `gcp.healthcare.FhirStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.FhirStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.FhirStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.healthcare.FhirStoreIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst fhirStore = new gcp.healthcare.FhirStoreIamPolicy(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nfhir_store = gcp.healthcare.FhirStoreIamPolicy(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var fhirStore = new Gcp.Healthcare.FhirStoreIamPolicy(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewFhirStoreIamPolicy(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamPolicyArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.FhirStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.FhirStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var fhirStore = new FhirStoreIamPolicy(\"fhirStore\", FhirStoreIamPolicyArgs.builder()\n .fhirStoreId(\"your-fhir-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamPolicy\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.FhirStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamBinding(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamBinding(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamBinding(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamBinding(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamBindingArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBinding;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamBinding(\"fhirStore\", FhirStoreIamBindingArgs.builder()\n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamBinding\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.FhirStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamMember(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamMember(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamMember(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamMember(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamMemberArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMember;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamMember(\"fhirStore\", FhirStoreIamMemberArgs.builder()\n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamMember\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.FhirStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamBinding(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamBinding(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamBinding(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamBinding(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamBindingArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBinding;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamBinding(\"fhirStore\", FhirStoreIamBindingArgs.builder()\n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamBinding\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.FhirStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamMember(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamMember(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamMember(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamMember(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamMemberArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMember;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamMember(\"fhirStore\", FhirStoreIamMemberArgs.builder()\n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamMember\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcare FHIR store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\"\n\n to = google_healthcare_fhir_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/fhirStoreIamBinding:FhirStoreIamBinding default {{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for Healthcare FHIR store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.FhirStoreIamPolicy`: Authoritative. Sets the IAM policy for the FHIR store and replaces any existing policy already attached.\n* `gcp.healthcare.FhirStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the FHIR store are preserved.\n* `gcp.healthcare.FhirStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the FHIR store are preserved.\n\n\u003e **Note:** `gcp.healthcare.FhirStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.FhirStoreIamBinding` and `gcp.healthcare.FhirStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.FhirStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.FhirStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.healthcare.FhirStoreIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst fhirStore = new gcp.healthcare.FhirStoreIamPolicy(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nfhir_store = gcp.healthcare.FhirStoreIamPolicy(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var fhirStore = new Gcp.Healthcare.FhirStoreIamPolicy(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewFhirStoreIamPolicy(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamPolicyArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.FhirStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.FhirStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var fhirStore = new FhirStoreIamPolicy(\"fhirStore\", FhirStoreIamPolicyArgs.builder()\n .fhirStoreId(\"your-fhir-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamPolicy\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.FhirStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamBinding(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamBinding(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamBinding(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamBinding(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamBindingArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBinding;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamBinding(\"fhirStore\", FhirStoreIamBindingArgs.builder()\n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamBinding\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.FhirStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamMember(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamMember(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamMember(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamMember(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamMemberArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMember;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamMember(\"fhirStore\", FhirStoreIamMemberArgs.builder()\n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamMember\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.FhirStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamBinding(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamBinding(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamBinding(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamBinding(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamBindingArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBinding;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamBinding(\"fhirStore\", FhirStoreIamBindingArgs.builder()\n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamBinding\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.FhirStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamMember(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamMember(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamMember(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamMember(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamMemberArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMember;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamMember(\"fhirStore\", FhirStoreIamMemberArgs.builder()\n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamMember\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcare FHIR store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\"\n\n to = google_healthcare_fhir_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/fhirStoreIamBinding:FhirStoreIamBinding default {{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:healthcare/FhirStoreIamBindingCondition:FhirStoreIamBindingCondition" @@ -222427,7 +222427,7 @@ } }, "gcp:healthcare/fhirStoreIamMember:FhirStoreIamMember": { - "description": "Three different resources help you manage your IAM policy for Healthcare FHIR store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.FhirStoreIamPolicy`: Authoritative. Sets the IAM policy for the FHIR store and replaces any existing policy already attached.\n* `gcp.healthcare.FhirStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the FHIR store are preserved.\n* `gcp.healthcare.FhirStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the FHIR store are preserved.\n\n\u003e **Note:** `gcp.healthcare.FhirStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.FhirStoreIamBinding` and `gcp.healthcare.FhirStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.FhirStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.FhirStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.healthcare.FhirStoreIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst fhirStore = new gcp.healthcare.FhirStoreIamPolicy(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nfhir_store = gcp.healthcare.FhirStoreIamPolicy(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var fhirStore = new Gcp.Healthcare.FhirStoreIamPolicy(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewFhirStoreIamPolicy(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamPolicyArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.FhirStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.FhirStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var fhirStore = new FhirStoreIamPolicy(\"fhirStore\", FhirStoreIamPolicyArgs.builder()\n .fhirStoreId(\"your-fhir-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamPolicy\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.FhirStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamBinding(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamBinding(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamBinding(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamBinding(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamBindingArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBinding;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamBinding(\"fhirStore\", FhirStoreIamBindingArgs.builder()\n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamBinding\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.FhirStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamMember(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamMember(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamMember(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamMember(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamMemberArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMember;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamMember(\"fhirStore\", FhirStoreIamMemberArgs.builder()\n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamMember\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.FhirStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamBinding(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamBinding(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamBinding(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamBinding(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamBindingArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBinding;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamBinding(\"fhirStore\", FhirStoreIamBindingArgs.builder()\n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamBinding\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.FhirStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamMember(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamMember(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamMember(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamMember(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamMemberArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMember;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamMember(\"fhirStore\", FhirStoreIamMemberArgs.builder()\n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamMember\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcare FHIR store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\"\n\n to = google_healthcare_fhir_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/fhirStoreIamMember:FhirStoreIamMember default {{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for Healthcare FHIR store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.FhirStoreIamPolicy`: Authoritative. Sets the IAM policy for the FHIR store and replaces any existing policy already attached.\n* `gcp.healthcare.FhirStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the FHIR store are preserved.\n* `gcp.healthcare.FhirStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the FHIR store are preserved.\n\n\u003e **Note:** `gcp.healthcare.FhirStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.FhirStoreIamBinding` and `gcp.healthcare.FhirStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.FhirStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.FhirStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.healthcare.FhirStoreIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst fhirStore = new gcp.healthcare.FhirStoreIamPolicy(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nfhir_store = gcp.healthcare.FhirStoreIamPolicy(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var fhirStore = new Gcp.Healthcare.FhirStoreIamPolicy(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewFhirStoreIamPolicy(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamPolicyArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.FhirStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.FhirStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var fhirStore = new FhirStoreIamPolicy(\"fhirStore\", FhirStoreIamPolicyArgs.builder()\n .fhirStoreId(\"your-fhir-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamPolicy\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.FhirStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamBinding(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamBinding(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamBinding(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamBinding(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamBindingArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBinding;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamBinding(\"fhirStore\", FhirStoreIamBindingArgs.builder()\n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamBinding\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.FhirStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamMember(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamMember(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamMember(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamMember(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamMemberArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMember;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamMember(\"fhirStore\", FhirStoreIamMemberArgs.builder()\n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamMember\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.FhirStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamBinding(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamBinding(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamBinding(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamBinding(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamBindingArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBinding;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamBinding(\"fhirStore\", FhirStoreIamBindingArgs.builder()\n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamBinding\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.FhirStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamMember(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamMember(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamMember(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamMember(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamMemberArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMember;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamMember(\"fhirStore\", FhirStoreIamMemberArgs.builder()\n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamMember\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcare FHIR store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\"\n\n to = google_healthcare_fhir_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/fhirStoreIamMember:FhirStoreIamMember default {{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:healthcare/FhirStoreIamMemberCondition:FhirStoreIamMemberCondition" @@ -222512,7 +222512,7 @@ } }, "gcp:healthcare/fhirStoreIamPolicy:FhirStoreIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Healthcare FHIR store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.FhirStoreIamPolicy`: Authoritative. Sets the IAM policy for the FHIR store and replaces any existing policy already attached.\n* `gcp.healthcare.FhirStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the FHIR store are preserved.\n* `gcp.healthcare.FhirStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the FHIR store are preserved.\n\n\u003e **Note:** `gcp.healthcare.FhirStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.FhirStoreIamBinding` and `gcp.healthcare.FhirStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.FhirStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.FhirStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.healthcare.FhirStoreIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst fhirStore = new gcp.healthcare.FhirStoreIamPolicy(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nfhir_store = gcp.healthcare.FhirStoreIamPolicy(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var fhirStore = new Gcp.Healthcare.FhirStoreIamPolicy(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewFhirStoreIamPolicy(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamPolicyArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.FhirStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.FhirStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var fhirStore = new FhirStoreIamPolicy(\"fhirStore\", FhirStoreIamPolicyArgs.builder()\n .fhirStoreId(\"your-fhir-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamPolicy\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.FhirStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamBinding(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamBinding(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamBinding(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamBinding(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamBindingArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBinding;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamBinding(\"fhirStore\", FhirStoreIamBindingArgs.builder()\n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamBinding\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.FhirStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamMember(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamMember(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamMember(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamMember(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamMemberArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMember;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamMember(\"fhirStore\", FhirStoreIamMemberArgs.builder()\n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamMember\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.FhirStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamBinding(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamBinding(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamBinding(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamBinding(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamBindingArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBinding;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamBinding(\"fhirStore\", FhirStoreIamBindingArgs.builder()\n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamBinding\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.FhirStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamMember(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamMember(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamMember(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamMember(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamMemberArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMember;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamMember(\"fhirStore\", FhirStoreIamMemberArgs.builder()\n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamMember\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcare FHIR store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\"\n\n to = google_healthcare_fhir_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/fhirStoreIamPolicy:FhirStoreIamPolicy default {{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for Healthcare FHIR store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.FhirStoreIamPolicy`: Authoritative. Sets the IAM policy for the FHIR store and replaces any existing policy already attached.\n* `gcp.healthcare.FhirStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the FHIR store are preserved.\n* `gcp.healthcare.FhirStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the FHIR store are preserved.\n\n\u003e **Note:** `gcp.healthcare.FhirStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.FhirStoreIamBinding` and `gcp.healthcare.FhirStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.FhirStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.FhirStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.healthcare.FhirStoreIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst fhirStore = new gcp.healthcare.FhirStoreIamPolicy(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nfhir_store = gcp.healthcare.FhirStoreIamPolicy(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var fhirStore = new Gcp.Healthcare.FhirStoreIamPolicy(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewFhirStoreIamPolicy(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamPolicyArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.FhirStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.FhirStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var fhirStore = new FhirStoreIamPolicy(\"fhirStore\", FhirStoreIamPolicyArgs.builder()\n .fhirStoreId(\"your-fhir-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamPolicy\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.FhirStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamBinding(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamBinding(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamBinding(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamBinding(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamBindingArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBinding;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamBinding(\"fhirStore\", FhirStoreIamBindingArgs.builder()\n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamBinding\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.FhirStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamMember(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamMember(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamMember(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamMember(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamMemberArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMember;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamMember(\"fhirStore\", FhirStoreIamMemberArgs.builder()\n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamMember\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.FhirStoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamBinding(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamBinding(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamBinding(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamBinding(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamBindingArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBinding;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamBinding(\"fhirStore\", FhirStoreIamBindingArgs.builder()\n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamBinding\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.FhirStoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamMember(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamMember(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamMember(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamMember(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamMemberArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMember;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamMember(\"fhirStore\", FhirStoreIamMemberArgs.builder()\n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamMember\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcare FHIR store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\"\n\n to = google_healthcare_fhir_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/fhirStoreIamPolicy:FhirStoreIamPolicy default {{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\n```\n\n", "properties": { "etag": { "type": "string", @@ -222741,7 +222741,7 @@ } }, "gcp:healthcare/hl7StoreIamBinding:Hl7StoreIamBinding": { - "description": "Three different resources help you manage your IAM policy for Healthcare HL7v2 store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.Hl7StoreIamPolicy`: Authoritative. Sets the IAM policy for the HL7v2 store and replaces any existing policy already attached.\n* `gcp.healthcare.Hl7StoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the HL7v2 store are preserved.\n* `gcp.healthcare.Hl7StoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the HL7v2 store are preserved.\n\n\u003e **Note:** `gcp.healthcare.Hl7StoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.Hl7StoreIamBinding` and `gcp.healthcare.Hl7StoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.Hl7StoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.Hl7StoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.healthcare.Hl7StoreIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nhl7_v2_store = gcp.healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewHl7StoreIamPolicy(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamPolicyArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamPolicy;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var hl7V2Store = new Hl7StoreIamPolicy(\"hl7V2Store\", Hl7StoreIamPolicyArgs.builder()\n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamPolicy\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.Hl7StoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamBinding(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamBindingArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBinding;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamBinding(\"hl7V2Store\", Hl7StoreIamBindingArgs.builder()\n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamBinding\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.Hl7StoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamMember(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamMember(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamMemberArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMember;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamMember(\"hl7V2Store\", Hl7StoreIamMemberArgs.builder()\n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamMember\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.Hl7StoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamBinding(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamBindingArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBinding;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamBinding(\"hl7V2Store\", Hl7StoreIamBindingArgs.builder()\n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamBinding\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.Hl7StoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamMember(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamMember(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamMemberArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMember;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamMember(\"hl7V2Store\", Hl7StoreIamMemberArgs.builder()\n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamMember\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Google Cloud Healthcare HL7v2 store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\"\n\n to = google_healthcare_hl7_v2_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/hl7StoreIamBinding:Hl7StoreIamBinding default {{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for Healthcare HL7v2 store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.Hl7StoreIamPolicy`: Authoritative. Sets the IAM policy for the HL7v2 store and replaces any existing policy already attached.\n* `gcp.healthcare.Hl7StoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the HL7v2 store are preserved.\n* `gcp.healthcare.Hl7StoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the HL7v2 store are preserved.\n\n\u003e **Note:** `gcp.healthcare.Hl7StoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.Hl7StoreIamBinding` and `gcp.healthcare.Hl7StoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.Hl7StoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.Hl7StoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.healthcare.Hl7StoreIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nhl7_v2_store = gcp.healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewHl7StoreIamPolicy(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamPolicyArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamPolicy;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var hl7V2Store = new Hl7StoreIamPolicy(\"hl7V2Store\", Hl7StoreIamPolicyArgs.builder()\n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamPolicy\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.Hl7StoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamBinding(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamBindingArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBinding;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamBinding(\"hl7V2Store\", Hl7StoreIamBindingArgs.builder()\n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamBinding\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.Hl7StoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamMember(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamMember(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamMemberArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMember;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamMember(\"hl7V2Store\", Hl7StoreIamMemberArgs.builder()\n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamMember\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.Hl7StoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamBinding(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamBindingArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBinding;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamBinding(\"hl7V2Store\", Hl7StoreIamBindingArgs.builder()\n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamBinding\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.Hl7StoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamMember(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamMember(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamMemberArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMember;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamMember(\"hl7V2Store\", Hl7StoreIamMemberArgs.builder()\n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamMember\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Google Cloud Healthcare HL7v2 store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\"\n\n to = google_healthcare_hl7_v2_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/hl7StoreIamBinding:Hl7StoreIamBinding default {{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:healthcare/Hl7StoreIamBindingCondition:Hl7StoreIamBindingCondition" @@ -222833,7 +222833,7 @@ } }, "gcp:healthcare/hl7StoreIamMember:Hl7StoreIamMember": { - "description": "Three different resources help you manage your IAM policy for Healthcare HL7v2 store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.Hl7StoreIamPolicy`: Authoritative. Sets the IAM policy for the HL7v2 store and replaces any existing policy already attached.\n* `gcp.healthcare.Hl7StoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the HL7v2 store are preserved.\n* `gcp.healthcare.Hl7StoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the HL7v2 store are preserved.\n\n\u003e **Note:** `gcp.healthcare.Hl7StoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.Hl7StoreIamBinding` and `gcp.healthcare.Hl7StoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.Hl7StoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.Hl7StoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.healthcare.Hl7StoreIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nhl7_v2_store = gcp.healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewHl7StoreIamPolicy(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamPolicyArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamPolicy;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var hl7V2Store = new Hl7StoreIamPolicy(\"hl7V2Store\", Hl7StoreIamPolicyArgs.builder()\n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamPolicy\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.Hl7StoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamBinding(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamBindingArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBinding;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamBinding(\"hl7V2Store\", Hl7StoreIamBindingArgs.builder()\n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamBinding\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.Hl7StoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamMember(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamMember(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamMemberArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMember;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamMember(\"hl7V2Store\", Hl7StoreIamMemberArgs.builder()\n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamMember\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.Hl7StoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamBinding(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamBindingArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBinding;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamBinding(\"hl7V2Store\", Hl7StoreIamBindingArgs.builder()\n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamBinding\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.Hl7StoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamMember(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamMember(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamMemberArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMember;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamMember(\"hl7V2Store\", Hl7StoreIamMemberArgs.builder()\n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamMember\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Google Cloud Healthcare HL7v2 store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\"\n\n to = google_healthcare_hl7_v2_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/hl7StoreIamMember:Hl7StoreIamMember default {{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for Healthcare HL7v2 store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.Hl7StoreIamPolicy`: Authoritative. Sets the IAM policy for the HL7v2 store and replaces any existing policy already attached.\n* `gcp.healthcare.Hl7StoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the HL7v2 store are preserved.\n* `gcp.healthcare.Hl7StoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the HL7v2 store are preserved.\n\n\u003e **Note:** `gcp.healthcare.Hl7StoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.Hl7StoreIamBinding` and `gcp.healthcare.Hl7StoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.Hl7StoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.Hl7StoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.healthcare.Hl7StoreIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nhl7_v2_store = gcp.healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewHl7StoreIamPolicy(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamPolicyArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamPolicy;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var hl7V2Store = new Hl7StoreIamPolicy(\"hl7V2Store\", Hl7StoreIamPolicyArgs.builder()\n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamPolicy\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.Hl7StoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamBinding(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamBindingArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBinding;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamBinding(\"hl7V2Store\", Hl7StoreIamBindingArgs.builder()\n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamBinding\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.Hl7StoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamMember(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamMember(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamMemberArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMember;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamMember(\"hl7V2Store\", Hl7StoreIamMemberArgs.builder()\n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamMember\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.Hl7StoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamBinding(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamBindingArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBinding;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamBinding(\"hl7V2Store\", Hl7StoreIamBindingArgs.builder()\n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamBinding\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.Hl7StoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamMember(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamMember(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamMemberArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMember;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamMember(\"hl7V2Store\", Hl7StoreIamMemberArgs.builder()\n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamMember\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Google Cloud Healthcare HL7v2 store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\"\n\n to = google_healthcare_hl7_v2_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/hl7StoreIamMember:Hl7StoreIamMember default {{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:healthcare/Hl7StoreIamMemberCondition:Hl7StoreIamMemberCondition" @@ -222918,7 +222918,7 @@ } }, "gcp:healthcare/hl7StoreIamPolicy:Hl7StoreIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Healthcare HL7v2 store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.Hl7StoreIamPolicy`: Authoritative. Sets the IAM policy for the HL7v2 store and replaces any existing policy already attached.\n* `gcp.healthcare.Hl7StoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the HL7v2 store are preserved.\n* `gcp.healthcare.Hl7StoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the HL7v2 store are preserved.\n\n\u003e **Note:** `gcp.healthcare.Hl7StoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.Hl7StoreIamBinding` and `gcp.healthcare.Hl7StoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.Hl7StoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.Hl7StoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.healthcare.Hl7StoreIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nhl7_v2_store = gcp.healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewHl7StoreIamPolicy(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamPolicyArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamPolicy;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var hl7V2Store = new Hl7StoreIamPolicy(\"hl7V2Store\", Hl7StoreIamPolicyArgs.builder()\n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamPolicy\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.Hl7StoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamBinding(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamBindingArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBinding;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamBinding(\"hl7V2Store\", Hl7StoreIamBindingArgs.builder()\n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamBinding\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.Hl7StoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamMember(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamMember(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamMemberArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMember;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamMember(\"hl7V2Store\", Hl7StoreIamMemberArgs.builder()\n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamMember\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.Hl7StoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamBinding(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamBindingArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBinding;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamBinding(\"hl7V2Store\", Hl7StoreIamBindingArgs.builder()\n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamBinding\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.Hl7StoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamMember(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamMember(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamMemberArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMember;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamMember(\"hl7V2Store\", Hl7StoreIamMemberArgs.builder()\n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamMember\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Google Cloud Healthcare HL7v2 store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\"\n\n to = google_healthcare_hl7_v2_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/hl7StoreIamPolicy:Hl7StoreIamPolicy default {{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for Healthcare HL7v2 store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.Hl7StoreIamPolicy`: Authoritative. Sets the IAM policy for the HL7v2 store and replaces any existing policy already attached.\n* `gcp.healthcare.Hl7StoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the HL7v2 store are preserved.\n* `gcp.healthcare.Hl7StoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the HL7v2 store are preserved.\n\n\u003e **Note:** `gcp.healthcare.Hl7StoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.Hl7StoreIamBinding` and `gcp.healthcare.Hl7StoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.Hl7StoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.Hl7StoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.healthcare.Hl7StoreIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nhl7_v2_store = gcp.healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewHl7StoreIamPolicy(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamPolicyArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamPolicy;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var hl7V2Store = new Hl7StoreIamPolicy(\"hl7V2Store\", Hl7StoreIamPolicyArgs.builder()\n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamPolicy\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.Hl7StoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamBinding(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamBindingArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBinding;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamBinding(\"hl7V2Store\", Hl7StoreIamBindingArgs.builder()\n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamBinding\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.Hl7StoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamMember(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamMember(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamMemberArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMember;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamMember(\"hl7V2Store\", Hl7StoreIamMemberArgs.builder()\n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamMember\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.Hl7StoreIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamBinding(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamBindingArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBinding;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamBinding(\"hl7V2Store\", Hl7StoreIamBindingArgs.builder()\n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamBinding\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.healthcare.Hl7StoreIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamMember(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamMember(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamMemberArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMember;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamMember(\"hl7V2Store\", Hl7StoreIamMemberArgs.builder()\n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamMember\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Google Cloud Healthcare HL7v2 store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\"\n\n to = google_healthcare_hl7_v2_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/hl7StoreIamPolicy:Hl7StoreIamPolicy default {{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\n```\n\n", "properties": { "etag": { "type": "string", @@ -222974,7 +222974,7 @@ } }, "gcp:healthcare/pipelineJob:PipelineJob": { - "description": "PipelineJobs are Long Running Operations on Healthcare API to Map or Reconcile\nincoming data into FHIR format\n\n\nTo get more information about PipelineJob, see:\n\n* [API documentation](https://cloud.google.com/healthcare-api/healthcare-data-engine/docs/reference/rest/v1/projects.locations.datasets.pipelineJobs)\n* How-to Guides\n * [Creating a PipelineJob](https://cloud.google.com/healthcare-api/private/healthcare-data-engine/docs/reference/rest/v1/projects.locations.datasets.pipelineJobs#PipelineJob)\n\n## Example Usage\n\n### Healthcare Pipeline Job Reconciliation\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst dataset = new gcp.healthcare.Dataset(\"dataset\", {\n name: \"example_dataset\",\n location: \"us-central1\",\n});\nconst fhirstore = new gcp.healthcare.FhirStore(\"fhirstore\", {\n name: \"fhir_store\",\n dataset: dataset.id,\n version: \"R4\",\n enableUpdateCreate: true,\n disableReferentialIntegrity: true,\n});\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: \"example_bucket_name\",\n location: \"us-central1\",\n uniformBucketLevelAccess: true,\n});\nconst mergeFile = new gcp.storage.BucketObject(\"merge_file\", {\n name: \"merge.wstl\",\n content: \" \",\n bucket: bucket.name,\n});\nconst example_pipeline = new gcp.healthcare.PipelineJob(\"example-pipeline\", {\n name: \"example_pipeline_job\",\n location: \"us-central1\",\n dataset: dataset.id,\n disableLineage: true,\n reconciliationPipelineJob: {\n mergeConfig: {\n description: \"sample description for reconciliation rules\",\n whistleConfigSource: {\n uri: pulumi.interpolate`gs://${bucket.name}/${mergeFile.name}`,\n importUriPrefix: pulumi.interpolate`gs://${bucket.name}`,\n },\n },\n matchingUriPrefix: pulumi.interpolate`gs://${bucket.name}`,\n fhirStoreDestination: pulumi.interpolate`${dataset.id}/fhirStores/${fhirstore.name}`,\n },\n});\nconst hsa = new gcp.storage.BucketIAMMember(\"hsa\", {\n bucket: bucket.name,\n role: \"roles/storage.objectUser\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-healthcare.iam.gserviceaccount.com`),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ndataset = gcp.healthcare.Dataset(\"dataset\",\n name=\"example_dataset\",\n location=\"us-central1\")\nfhirstore = gcp.healthcare.FhirStore(\"fhirstore\",\n name=\"fhir_store\",\n dataset=dataset.id,\n version=\"R4\",\n enable_update_create=True,\n disable_referential_integrity=True)\nbucket = gcp.storage.Bucket(\"bucket\",\n name=\"example_bucket_name\",\n location=\"us-central1\",\n uniform_bucket_level_access=True)\nmerge_file = gcp.storage.BucketObject(\"merge_file\",\n name=\"merge.wstl\",\n content=\" \",\n bucket=bucket.name)\nexample_pipeline = gcp.healthcare.PipelineJob(\"example-pipeline\",\n name=\"example_pipeline_job\",\n location=\"us-central1\",\n dataset=dataset.id,\n disable_lineage=True,\n reconciliation_pipeline_job={\n \"merge_config\": {\n \"description\": \"sample description for reconciliation rules\",\n \"whistle_config_source\": {\n \"uri\": pulumi.Output.all(\n bucketName=bucket.name,\n mergeFileName=merge_file.name\n).apply(lambda resolved_outputs: f\"gs://{resolved_outputs['bucketName']}/{resolved_outputs['mergeFileName']}\")\n,\n \"import_uri_prefix\": bucket.name.apply(lambda name: f\"gs://{name}\"),\n },\n },\n \"matching_uri_prefix\": bucket.name.apply(lambda name: f\"gs://{name}\"),\n \"fhir_store_destination\": pulumi.Output.all(\n id=dataset.id,\n name=fhirstore.name\n).apply(lambda resolved_outputs: f\"{resolved_outputs['id']}/fhirStores/{resolved_outputs['name']}\")\n,\n })\nhsa = gcp.storage.BucketIAMMember(\"hsa\",\n bucket=bucket.name,\n role=\"roles/storage.objectUser\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-healthcare.iam.gserviceaccount.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var dataset = new Gcp.Healthcare.Dataset(\"dataset\", new()\n {\n Name = \"example_dataset\",\n Location = \"us-central1\",\n });\n\n var fhirstore = new Gcp.Healthcare.FhirStore(\"fhirstore\", new()\n {\n Name = \"fhir_store\",\n Dataset = dataset.Id,\n Version = \"R4\",\n EnableUpdateCreate = true,\n DisableReferentialIntegrity = true,\n });\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = \"example_bucket_name\",\n Location = \"us-central1\",\n UniformBucketLevelAccess = true,\n });\n\n var mergeFile = new Gcp.Storage.BucketObject(\"merge_file\", new()\n {\n Name = \"merge.wstl\",\n Content = \" \",\n Bucket = bucket.Name,\n });\n\n var example_pipeline = new Gcp.Healthcare.PipelineJob(\"example-pipeline\", new()\n {\n Name = \"example_pipeline_job\",\n Location = \"us-central1\",\n Dataset = dataset.Id,\n DisableLineage = true,\n ReconciliationPipelineJob = new Gcp.Healthcare.Inputs.PipelineJobReconciliationPipelineJobArgs\n {\n MergeConfig = new Gcp.Healthcare.Inputs.PipelineJobReconciliationPipelineJobMergeConfigArgs\n {\n Description = \"sample description for reconciliation rules\",\n WhistleConfigSource = new Gcp.Healthcare.Inputs.PipelineJobReconciliationPipelineJobMergeConfigWhistleConfigSourceArgs\n {\n Uri = Output.Tuple(bucket.Name, mergeFile.Name).Apply(values =\u003e\n {\n var bucketName = values.Item1;\n var mergeFileName = values.Item2;\n return $\"gs://{bucketName}/{mergeFileName}\";\n }),\n ImportUriPrefix = bucket.Name.Apply(name =\u003e $\"gs://{name}\"),\n },\n },\n MatchingUriPrefix = bucket.Name.Apply(name =\u003e $\"gs://{name}\"),\n FhirStoreDestination = Output.Tuple(dataset.Id, fhirstore.Name).Apply(values =\u003e\n {\n var id = values.Item1;\n var name = values.Item2;\n return $\"{id}/fhirStores/{name}\";\n }),\n },\n });\n\n var hsa = new Gcp.Storage.BucketIAMMember(\"hsa\", new()\n {\n Bucket = bucket.Name,\n Role = \"roles/storage.objectUser\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-healthcare.iam.gserviceaccount.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdataset, err := healthcare.NewDataset(ctx, \"dataset\", \u0026healthcare.DatasetArgs{\n\t\t\tName: pulumi.String(\"example_dataset\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfhirstore, err := healthcare.NewFhirStore(ctx, \"fhirstore\", \u0026healthcare.FhirStoreArgs{\n\t\t\tName: pulumi.String(\"fhir_store\"),\n\t\t\tDataset: dataset.ID(),\n\t\t\tVersion: pulumi.String(\"R4\"),\n\t\t\tEnableUpdateCreate: pulumi.Bool(true),\n\t\t\tDisableReferentialIntegrity: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"example_bucket_name\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmergeFile, err := storage.NewBucketObject(ctx, \"merge_file\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"merge.wstl\"),\n\t\t\tContent: pulumi.String(\" \"),\n\t\t\tBucket: bucket.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewPipelineJob(ctx, \"example-pipeline\", \u0026healthcare.PipelineJobArgs{\n\t\t\tName: pulumi.String(\"example_pipeline_job\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDataset: dataset.ID(),\n\t\t\tDisableLineage: pulumi.Bool(true),\n\t\t\tReconciliationPipelineJob: \u0026healthcare.PipelineJobReconciliationPipelineJobArgs{\n\t\t\t\tMergeConfig: \u0026healthcare.PipelineJobReconciliationPipelineJobMergeConfigArgs{\n\t\t\t\t\tDescription: pulumi.String(\"sample description for reconciliation rules\"),\n\t\t\t\t\tWhistleConfigSource: \u0026healthcare.PipelineJobReconciliationPipelineJobMergeConfigWhistleConfigSourceArgs{\n\t\t\t\t\t\tUri: pulumi.All(bucket.Name, mergeFile.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\t\tbucketName := _args[0].(string)\n\t\t\t\t\t\t\tmergeFileName := _args[1].(string)\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/%v\", bucketName, mergeFileName), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\tImportUriPrefix: bucket.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v\", name), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tMatchingUriPrefix: bucket.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"gs://%v\", name), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\tFhirStoreDestination: pulumi.All(dataset.ID(), fhirstore.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\tid := _args[0].(string)\n\t\t\t\t\tname := _args[1].(string)\n\t\t\t\t\treturn fmt.Sprintf(\"%v/fhirStores/%v\", id, name), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMMember(ctx, \"hsa\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: bucket.Name,\n\t\t\tRole: pulumi.String(\"roles/storage.objectUser\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-healthcare.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.healthcare.Dataset;\nimport com.pulumi.gcp.healthcare.DatasetArgs;\nimport com.pulumi.gcp.healthcare.FhirStore;\nimport com.pulumi.gcp.healthcare.FhirStoreArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.healthcare.PipelineJob;\nimport com.pulumi.gcp.healthcare.PipelineJobArgs;\nimport com.pulumi.gcp.healthcare.inputs.PipelineJobReconciliationPipelineJobArgs;\nimport com.pulumi.gcp.healthcare.inputs.PipelineJobReconciliationPipelineJobMergeConfigArgs;\nimport com.pulumi.gcp.healthcare.inputs.PipelineJobReconciliationPipelineJobMergeConfigWhistleConfigSourceArgs;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder()\n .name(\"example_dataset\")\n .location(\"us-central1\")\n .build());\n\n var fhirstore = new FhirStore(\"fhirstore\", FhirStoreArgs.builder()\n .name(\"fhir_store\")\n .dataset(dataset.id())\n .version(\"R4\")\n .enableUpdateCreate(true)\n .disableReferentialIntegrity(true)\n .build());\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(\"example_bucket_name\")\n .location(\"us-central1\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var mergeFile = new BucketObject(\"mergeFile\", BucketObjectArgs.builder()\n .name(\"merge.wstl\")\n .content(\" \")\n .bucket(bucket.name())\n .build());\n\n var example_pipeline = new PipelineJob(\"example-pipeline\", PipelineJobArgs.builder()\n .name(\"example_pipeline_job\")\n .location(\"us-central1\")\n .dataset(dataset.id())\n .disableLineage(true)\n .reconciliationPipelineJob(PipelineJobReconciliationPipelineJobArgs.builder()\n .mergeConfig(PipelineJobReconciliationPipelineJobMergeConfigArgs.builder()\n .description(\"sample description for reconciliation rules\")\n .whistleConfigSource(PipelineJobReconciliationPipelineJobMergeConfigWhistleConfigSourceArgs.builder()\n .uri(Output.tuple(bucket.name(), mergeFile.name()).applyValue(values -\u003e {\n var bucketName = values.t1;\n var mergeFileName = values.t2;\n return String.format(\"gs://%s/%s\", bucketName,mergeFileName);\n }))\n .importUriPrefix(bucket.name().applyValue(name -\u003e String.format(\"gs://%s\", name)))\n .build())\n .build())\n .matchingUriPrefix(bucket.name().applyValue(name -\u003e String.format(\"gs://%s\", name)))\n .fhirStoreDestination(Output.tuple(dataset.id(), fhirstore.name()).applyValue(values -\u003e {\n var id = values.t1;\n var name = values.t2;\n return String.format(\"%s/fhirStores/%s\", id,name);\n }))\n .build())\n .build());\n\n var hsa = new BucketIAMMember(\"hsa\", BucketIAMMemberArgs.builder()\n .bucket(bucket.name())\n .role(\"roles/storage.objectUser\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-healthcare.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-pipeline:\n type: gcp:healthcare:PipelineJob\n properties:\n name: example_pipeline_job\n location: us-central1\n dataset: ${dataset.id}\n disableLineage: true\n reconciliationPipelineJob:\n mergeConfig:\n description: sample description for reconciliation rules\n whistleConfigSource:\n uri: gs://${bucket.name}/${mergeFile.name}\n importUriPrefix: gs://${bucket.name}\n matchingUriPrefix: gs://${bucket.name}\n fhirStoreDestination: ${dataset.id}/fhirStores/${fhirstore.name}\n dataset:\n type: gcp:healthcare:Dataset\n properties:\n name: example_dataset\n location: us-central1\n fhirstore:\n type: gcp:healthcare:FhirStore\n properties:\n name: fhir_store\n dataset: ${dataset.id}\n version: R4\n enableUpdateCreate: true\n disableReferentialIntegrity: true\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: example_bucket_name\n location: us-central1\n uniformBucketLevelAccess: true\n mergeFile:\n type: gcp:storage:BucketObject\n name: merge_file\n properties:\n name: merge.wstl\n content: ' '\n bucket: ${bucket.name}\n hsa:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${bucket.name}\n role: roles/storage.objectUser\n member: serviceAccount:service-${project.number}@gcp-sa-healthcare.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Healthcare Pipeline Job Backfill\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.Dataset(\"dataset\", {\n name: \"example_dataset\",\n location: \"us-central1\",\n});\nconst example_pipeline = new gcp.healthcare.PipelineJob(\"example-pipeline\", {\n name: \"example_backfill_pipeline\",\n location: \"us-central1\",\n dataset: dataset.id,\n backfillPipelineJob: {\n mappingPipelineJob: pulumi.interpolate`${dataset.id}/pipelinejobs/example_mapping_pipeline`,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.Dataset(\"dataset\",\n name=\"example_dataset\",\n location=\"us-central1\")\nexample_pipeline = gcp.healthcare.PipelineJob(\"example-pipeline\",\n name=\"example_backfill_pipeline\",\n location=\"us-central1\",\n dataset=dataset.id,\n backfill_pipeline_job={\n \"mapping_pipeline_job\": dataset.id.apply(lambda id: f\"{id}/pipelinejobs/example_mapping_pipeline\"),\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.Dataset(\"dataset\", new()\n {\n Name = \"example_dataset\",\n Location = \"us-central1\",\n });\n\n var example_pipeline = new Gcp.Healthcare.PipelineJob(\"example-pipeline\", new()\n {\n Name = \"example_backfill_pipeline\",\n Location = \"us-central1\",\n Dataset = dataset.Id,\n BackfillPipelineJob = new Gcp.Healthcare.Inputs.PipelineJobBackfillPipelineJobArgs\n {\n MappingPipelineJob = dataset.Id.Apply(id =\u003e $\"{id}/pipelinejobs/example_mapping_pipeline\"),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := healthcare.NewDataset(ctx, \"dataset\", \u0026healthcare.DatasetArgs{\n\t\t\tName: pulumi.String(\"example_dataset\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewPipelineJob(ctx, \"example-pipeline\", \u0026healthcare.PipelineJobArgs{\n\t\t\tName: pulumi.String(\"example_backfill_pipeline\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDataset: dataset.ID(),\n\t\t\tBackfillPipelineJob: \u0026healthcare.PipelineJobBackfillPipelineJobArgs{\n\t\t\t\tMappingPipelineJob: dataset.ID().ApplyT(func(id string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"%v/pipelinejobs/example_mapping_pipeline\", id), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Dataset;\nimport com.pulumi.gcp.healthcare.DatasetArgs;\nimport com.pulumi.gcp.healthcare.PipelineJob;\nimport com.pulumi.gcp.healthcare.PipelineJobArgs;\nimport com.pulumi.gcp.healthcare.inputs.PipelineJobBackfillPipelineJobArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder()\n .name(\"example_dataset\")\n .location(\"us-central1\")\n .build());\n\n var example_pipeline = new PipelineJob(\"example-pipeline\", PipelineJobArgs.builder()\n .name(\"example_backfill_pipeline\")\n .location(\"us-central1\")\n .dataset(dataset.id())\n .backfillPipelineJob(PipelineJobBackfillPipelineJobArgs.builder()\n .mappingPipelineJob(dataset.id().applyValue(id -\u003e String.format(\"%s/pipelinejobs/example_mapping_pipeline\", id)))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-pipeline:\n type: gcp:healthcare:PipelineJob\n properties:\n name: example_backfill_pipeline\n location: us-central1\n dataset: ${dataset.id}\n backfillPipelineJob:\n mappingPipelineJob: ${dataset.id}/pipelinejobs/example_mapping_pipeline\n dataset:\n type: gcp:healthcare:Dataset\n properties:\n name: example_dataset\n location: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Healthcare Pipeline Job Whistle Mapping\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst dataset = new gcp.healthcare.Dataset(\"dataset\", {\n name: \"example_dataset\",\n location: \"us-central1\",\n});\nconst sourceFhirstore = new gcp.healthcare.FhirStore(\"source_fhirstore\", {\n name: \"source_fhir_store\",\n dataset: dataset.id,\n version: \"R4\",\n enableUpdateCreate: true,\n disableReferentialIntegrity: true,\n});\nconst destFhirstore = new gcp.healthcare.FhirStore(\"dest_fhirstore\", {\n name: \"dest_fhir_store\",\n dataset: dataset.id,\n version: \"R4\",\n enableUpdateCreate: true,\n disableReferentialIntegrity: true,\n});\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: \"example_bucket_name\",\n location: \"us-central1\",\n uniformBucketLevelAccess: true,\n});\nconst mappingFile = new gcp.storage.BucketObject(\"mapping_file\", {\n name: \"mapping.wstl\",\n content: \" \",\n bucket: bucket.name,\n});\nconst example_mapping_pipeline = new gcp.healthcare.PipelineJob(\"example-mapping-pipeline\", {\n name: \"example_mapping_pipeline_job\",\n location: \"us-central1\",\n dataset: dataset.id,\n disableLineage: true,\n labels: {\n example_label_key: \"example_label_value\",\n },\n mappingPipelineJob: {\n mappingConfig: {\n whistleConfigSource: {\n uri: pulumi.interpolate`gs://${bucket.name}/${mappingFile.name}`,\n importUriPrefix: pulumi.interpolate`gs://${bucket.name}`,\n },\n description: \"example description for mapping configuration\",\n },\n fhirStreamingSource: {\n fhirStore: pulumi.interpolate`${dataset.id}/fhirStores/${sourceFhirstore.name}`,\n description: \"example description for streaming fhirstore\",\n },\n fhirStoreDestination: pulumi.interpolate`${dataset.id}/fhirStores/${destFhirstore.name}`,\n },\n});\nconst hsa = new gcp.storage.BucketIAMMember(\"hsa\", {\n bucket: bucket.name,\n role: \"roles/storage.objectUser\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-healthcare.iam.gserviceaccount.com`),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ndataset = gcp.healthcare.Dataset(\"dataset\",\n name=\"example_dataset\",\n location=\"us-central1\")\nsource_fhirstore = gcp.healthcare.FhirStore(\"source_fhirstore\",\n name=\"source_fhir_store\",\n dataset=dataset.id,\n version=\"R4\",\n enable_update_create=True,\n disable_referential_integrity=True)\ndest_fhirstore = gcp.healthcare.FhirStore(\"dest_fhirstore\",\n name=\"dest_fhir_store\",\n dataset=dataset.id,\n version=\"R4\",\n enable_update_create=True,\n disable_referential_integrity=True)\nbucket = gcp.storage.Bucket(\"bucket\",\n name=\"example_bucket_name\",\n location=\"us-central1\",\n uniform_bucket_level_access=True)\nmapping_file = gcp.storage.BucketObject(\"mapping_file\",\n name=\"mapping.wstl\",\n content=\" \",\n bucket=bucket.name)\nexample_mapping_pipeline = gcp.healthcare.PipelineJob(\"example-mapping-pipeline\",\n name=\"example_mapping_pipeline_job\",\n location=\"us-central1\",\n dataset=dataset.id,\n disable_lineage=True,\n labels={\n \"example_label_key\": \"example_label_value\",\n },\n mapping_pipeline_job={\n \"mapping_config\": {\n \"whistle_config_source\": {\n \"uri\": pulumi.Output.all(\n bucketName=bucket.name,\n mappingFileName=mapping_file.name\n).apply(lambda resolved_outputs: f\"gs://{resolved_outputs['bucketName']}/{resolved_outputs['mappingFileName']}\")\n,\n \"import_uri_prefix\": bucket.name.apply(lambda name: f\"gs://{name}\"),\n },\n \"description\": \"example description for mapping configuration\",\n },\n \"fhir_streaming_source\": {\n \"fhir_store\": pulumi.Output.all(\n id=dataset.id,\n name=source_fhirstore.name\n).apply(lambda resolved_outputs: f\"{resolved_outputs['id']}/fhirStores/{resolved_outputs['name']}\")\n,\n \"description\": \"example description for streaming fhirstore\",\n },\n \"fhir_store_destination\": pulumi.Output.all(\n id=dataset.id,\n name=dest_fhirstore.name\n).apply(lambda resolved_outputs: f\"{resolved_outputs['id']}/fhirStores/{resolved_outputs['name']}\")\n,\n })\nhsa = gcp.storage.BucketIAMMember(\"hsa\",\n bucket=bucket.name,\n role=\"roles/storage.objectUser\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-healthcare.iam.gserviceaccount.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var dataset = new Gcp.Healthcare.Dataset(\"dataset\", new()\n {\n Name = \"example_dataset\",\n Location = \"us-central1\",\n });\n\n var sourceFhirstore = new Gcp.Healthcare.FhirStore(\"source_fhirstore\", new()\n {\n Name = \"source_fhir_store\",\n Dataset = dataset.Id,\n Version = \"R4\",\n EnableUpdateCreate = true,\n DisableReferentialIntegrity = true,\n });\n\n var destFhirstore = new Gcp.Healthcare.FhirStore(\"dest_fhirstore\", new()\n {\n Name = \"dest_fhir_store\",\n Dataset = dataset.Id,\n Version = \"R4\",\n EnableUpdateCreate = true,\n DisableReferentialIntegrity = true,\n });\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = \"example_bucket_name\",\n Location = \"us-central1\",\n UniformBucketLevelAccess = true,\n });\n\n var mappingFile = new Gcp.Storage.BucketObject(\"mapping_file\", new()\n {\n Name = \"mapping.wstl\",\n Content = \" \",\n Bucket = bucket.Name,\n });\n\n var example_mapping_pipeline = new Gcp.Healthcare.PipelineJob(\"example-mapping-pipeline\", new()\n {\n Name = \"example_mapping_pipeline_job\",\n Location = \"us-central1\",\n Dataset = dataset.Id,\n DisableLineage = true,\n Labels = \n {\n { \"example_label_key\", \"example_label_value\" },\n },\n MappingPipelineJob = new Gcp.Healthcare.Inputs.PipelineJobMappingPipelineJobArgs\n {\n MappingConfig = new Gcp.Healthcare.Inputs.PipelineJobMappingPipelineJobMappingConfigArgs\n {\n WhistleConfigSource = new Gcp.Healthcare.Inputs.PipelineJobMappingPipelineJobMappingConfigWhistleConfigSourceArgs\n {\n Uri = Output.Tuple(bucket.Name, mappingFile.Name).Apply(values =\u003e\n {\n var bucketName = values.Item1;\n var mappingFileName = values.Item2;\n return $\"gs://{bucketName}/{mappingFileName}\";\n }),\n ImportUriPrefix = bucket.Name.Apply(name =\u003e $\"gs://{name}\"),\n },\n Description = \"example description for mapping configuration\",\n },\n FhirStreamingSource = new Gcp.Healthcare.Inputs.PipelineJobMappingPipelineJobFhirStreamingSourceArgs\n {\n FhirStore = Output.Tuple(dataset.Id, sourceFhirstore.Name).Apply(values =\u003e\n {\n var id = values.Item1;\n var name = values.Item2;\n return $\"{id}/fhirStores/{name}\";\n }),\n Description = \"example description for streaming fhirstore\",\n },\n FhirStoreDestination = Output.Tuple(dataset.Id, destFhirstore.Name).Apply(values =\u003e\n {\n var id = values.Item1;\n var name = values.Item2;\n return $\"{id}/fhirStores/{name}\";\n }),\n },\n });\n\n var hsa = new Gcp.Storage.BucketIAMMember(\"hsa\", new()\n {\n Bucket = bucket.Name,\n Role = \"roles/storage.objectUser\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-healthcare.iam.gserviceaccount.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdataset, err := healthcare.NewDataset(ctx, \"dataset\", \u0026healthcare.DatasetArgs{\n\t\t\tName: pulumi.String(\"example_dataset\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceFhirstore, err := healthcare.NewFhirStore(ctx, \"source_fhirstore\", \u0026healthcare.FhirStoreArgs{\n\t\t\tName: pulumi.String(\"source_fhir_store\"),\n\t\t\tDataset: dataset.ID(),\n\t\t\tVersion: pulumi.String(\"R4\"),\n\t\t\tEnableUpdateCreate: pulumi.Bool(true),\n\t\t\tDisableReferentialIntegrity: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestFhirstore, err := healthcare.NewFhirStore(ctx, \"dest_fhirstore\", \u0026healthcare.FhirStoreArgs{\n\t\t\tName: pulumi.String(\"dest_fhir_store\"),\n\t\t\tDataset: dataset.ID(),\n\t\t\tVersion: pulumi.String(\"R4\"),\n\t\t\tEnableUpdateCreate: pulumi.Bool(true),\n\t\t\tDisableReferentialIntegrity: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"example_bucket_name\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmappingFile, err := storage.NewBucketObject(ctx, \"mapping_file\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"mapping.wstl\"),\n\t\t\tContent: pulumi.String(\" \"),\n\t\t\tBucket: bucket.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewPipelineJob(ctx, \"example-mapping-pipeline\", \u0026healthcare.PipelineJobArgs{\n\t\t\tName: pulumi.String(\"example_mapping_pipeline_job\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDataset: dataset.ID(),\n\t\t\tDisableLineage: pulumi.Bool(true),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"example_label_key\": pulumi.String(\"example_label_value\"),\n\t\t\t},\n\t\t\tMappingPipelineJob: \u0026healthcare.PipelineJobMappingPipelineJobArgs{\n\t\t\t\tMappingConfig: \u0026healthcare.PipelineJobMappingPipelineJobMappingConfigArgs{\n\t\t\t\t\tWhistleConfigSource: \u0026healthcare.PipelineJobMappingPipelineJobMappingConfigWhistleConfigSourceArgs{\n\t\t\t\t\t\tUri: pulumi.All(bucket.Name, mappingFile.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\t\tbucketName := _args[0].(string)\n\t\t\t\t\t\t\tmappingFileName := _args[1].(string)\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/%v\", bucketName, mappingFileName), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\tImportUriPrefix: bucket.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v\", name), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t\tDescription: pulumi.String(\"example description for mapping configuration\"),\n\t\t\t\t},\n\t\t\t\tFhirStreamingSource: \u0026healthcare.PipelineJobMappingPipelineJobFhirStreamingSourceArgs{\n\t\t\t\t\tFhirStore: pulumi.All(dataset.ID(), sourceFhirstore.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\tid := _args[0].(string)\n\t\t\t\t\t\tname := _args[1].(string)\n\t\t\t\t\t\treturn fmt.Sprintf(\"%v/fhirStores/%v\", id, name), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\tDescription: pulumi.String(\"example description for streaming fhirstore\"),\n\t\t\t\t},\n\t\t\t\tFhirStoreDestination: pulumi.All(dataset.ID(), destFhirstore.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\tid := _args[0].(string)\n\t\t\t\t\tname := _args[1].(string)\n\t\t\t\t\treturn fmt.Sprintf(\"%v/fhirStores/%v\", id, name), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMMember(ctx, \"hsa\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: bucket.Name,\n\t\t\tRole: pulumi.String(\"roles/storage.objectUser\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-healthcare.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.healthcare.Dataset;\nimport com.pulumi.gcp.healthcare.DatasetArgs;\nimport com.pulumi.gcp.healthcare.FhirStore;\nimport com.pulumi.gcp.healthcare.FhirStoreArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.healthcare.PipelineJob;\nimport com.pulumi.gcp.healthcare.PipelineJobArgs;\nimport com.pulumi.gcp.healthcare.inputs.PipelineJobMappingPipelineJobArgs;\nimport com.pulumi.gcp.healthcare.inputs.PipelineJobMappingPipelineJobMappingConfigArgs;\nimport com.pulumi.gcp.healthcare.inputs.PipelineJobMappingPipelineJobMappingConfigWhistleConfigSourceArgs;\nimport com.pulumi.gcp.healthcare.inputs.PipelineJobMappingPipelineJobFhirStreamingSourceArgs;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder()\n .name(\"example_dataset\")\n .location(\"us-central1\")\n .build());\n\n var sourceFhirstore = new FhirStore(\"sourceFhirstore\", FhirStoreArgs.builder()\n .name(\"source_fhir_store\")\n .dataset(dataset.id())\n .version(\"R4\")\n .enableUpdateCreate(true)\n .disableReferentialIntegrity(true)\n .build());\n\n var destFhirstore = new FhirStore(\"destFhirstore\", FhirStoreArgs.builder()\n .name(\"dest_fhir_store\")\n .dataset(dataset.id())\n .version(\"R4\")\n .enableUpdateCreate(true)\n .disableReferentialIntegrity(true)\n .build());\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(\"example_bucket_name\")\n .location(\"us-central1\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var mappingFile = new BucketObject(\"mappingFile\", BucketObjectArgs.builder()\n .name(\"mapping.wstl\")\n .content(\" \")\n .bucket(bucket.name())\n .build());\n\n var example_mapping_pipeline = new PipelineJob(\"example-mapping-pipeline\", PipelineJobArgs.builder()\n .name(\"example_mapping_pipeline_job\")\n .location(\"us-central1\")\n .dataset(dataset.id())\n .disableLineage(true)\n .labels(Map.of(\"example_label_key\", \"example_label_value\"))\n .mappingPipelineJob(PipelineJobMappingPipelineJobArgs.builder()\n .mappingConfig(PipelineJobMappingPipelineJobMappingConfigArgs.builder()\n .whistleConfigSource(PipelineJobMappingPipelineJobMappingConfigWhistleConfigSourceArgs.builder()\n .uri(Output.tuple(bucket.name(), mappingFile.name()).applyValue(values -\u003e {\n var bucketName = values.t1;\n var mappingFileName = values.t2;\n return String.format(\"gs://%s/%s\", bucketName,mappingFileName);\n }))\n .importUriPrefix(bucket.name().applyValue(name -\u003e String.format(\"gs://%s\", name)))\n .build())\n .description(\"example description for mapping configuration\")\n .build())\n .fhirStreamingSource(PipelineJobMappingPipelineJobFhirStreamingSourceArgs.builder()\n .fhirStore(Output.tuple(dataset.id(), sourceFhirstore.name()).applyValue(values -\u003e {\n var id = values.t1;\n var name = values.t2;\n return String.format(\"%s/fhirStores/%s\", id,name);\n }))\n .description(\"example description for streaming fhirstore\")\n .build())\n .fhirStoreDestination(Output.tuple(dataset.id(), destFhirstore.name()).applyValue(values -\u003e {\n var id = values.t1;\n var name = values.t2;\n return String.format(\"%s/fhirStores/%s\", id,name);\n }))\n .build())\n .build());\n\n var hsa = new BucketIAMMember(\"hsa\", BucketIAMMemberArgs.builder()\n .bucket(bucket.name())\n .role(\"roles/storage.objectUser\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-healthcare.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-mapping-pipeline:\n type: gcp:healthcare:PipelineJob\n properties:\n name: example_mapping_pipeline_job\n location: us-central1\n dataset: ${dataset.id}\n disableLineage: true\n labels:\n example_label_key: example_label_value\n mappingPipelineJob:\n mappingConfig:\n whistleConfigSource:\n uri: gs://${bucket.name}/${mappingFile.name}\n importUriPrefix: gs://${bucket.name}\n description: example description for mapping configuration\n fhirStreamingSource:\n fhirStore: ${dataset.id}/fhirStores/${sourceFhirstore.name}\n description: example description for streaming fhirstore\n fhirStoreDestination: ${dataset.id}/fhirStores/${destFhirstore.name}\n dataset:\n type: gcp:healthcare:Dataset\n properties:\n name: example_dataset\n location: us-central1\n sourceFhirstore:\n type: gcp:healthcare:FhirStore\n name: source_fhirstore\n properties:\n name: source_fhir_store\n dataset: ${dataset.id}\n version: R4\n enableUpdateCreate: true\n disableReferentialIntegrity: true\n destFhirstore:\n type: gcp:healthcare:FhirStore\n name: dest_fhirstore\n properties:\n name: dest_fhir_store\n dataset: ${dataset.id}\n version: R4\n enableUpdateCreate: true\n disableReferentialIntegrity: true\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: example_bucket_name\n location: us-central1\n uniformBucketLevelAccess: true\n mappingFile:\n type: gcp:storage:BucketObject\n name: mapping_file\n properties:\n name: mapping.wstl\n content: ' '\n bucket: ${bucket.name}\n hsa:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${bucket.name}\n role: roles/storage.objectUser\n member: serviceAccount:service-${project.number}@gcp-sa-healthcare.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Healthcare Pipeline Job Mapping Recon Dest\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst dataset = new gcp.healthcare.Dataset(\"dataset\", {\n name: \"example_dataset\",\n location: \"us-central1\",\n});\nconst destFhirstore = new gcp.healthcare.FhirStore(\"dest_fhirstore\", {\n name: \"dest_fhir_store\",\n dataset: dataset.id,\n version: \"R4\",\n enableUpdateCreate: true,\n disableReferentialIntegrity: true,\n});\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: \"example_bucket_name\",\n location: \"us-central1\",\n uniformBucketLevelAccess: true,\n});\nconst mergeFile = new gcp.storage.BucketObject(\"merge_file\", {\n name: \"merge.wstl\",\n content: \" \",\n bucket: bucket.name,\n});\nconst recon = new gcp.healthcare.PipelineJob(\"recon\", {\n name: \"example_recon_pipeline_job\",\n location: \"us-central1\",\n dataset: dataset.id,\n disableLineage: true,\n reconciliationPipelineJob: {\n mergeConfig: {\n description: \"sample description for reconciliation rules\",\n whistleConfigSource: {\n uri: pulumi.interpolate`gs://${bucket.name}/${mergeFile.name}`,\n importUriPrefix: pulumi.interpolate`gs://${bucket.name}`,\n },\n },\n matchingUriPrefix: pulumi.interpolate`gs://${bucket.name}`,\n fhirStoreDestination: pulumi.interpolate`${dataset.id}/fhirStores/${destFhirstore.name}`,\n },\n});\nconst sourceFhirstore = new gcp.healthcare.FhirStore(\"source_fhirstore\", {\n name: \"source_fhir_store\",\n dataset: dataset.id,\n version: \"R4\",\n enableUpdateCreate: true,\n disableReferentialIntegrity: true,\n});\nconst mappingFile = new gcp.storage.BucketObject(\"mapping_file\", {\n name: \"mapping.wstl\",\n content: \" \",\n bucket: bucket.name,\n});\nconst example_mapping_pipeline = new gcp.healthcare.PipelineJob(\"example-mapping-pipeline\", {\n name: \"example_mapping_pipeline_job\",\n location: \"us-central1\",\n dataset: dataset.id,\n disableLineage: true,\n labels: {\n example_label_key: \"example_label_value\",\n },\n mappingPipelineJob: {\n mappingConfig: {\n whistleConfigSource: {\n uri: pulumi.interpolate`gs://${bucket.name}/${mappingFile.name}`,\n importUriPrefix: pulumi.interpolate`gs://${bucket.name}`,\n },\n description: \"example description for mapping configuration\",\n },\n fhirStreamingSource: {\n fhirStore: pulumi.interpolate`${dataset.id}/fhirStores/${sourceFhirstore.name}`,\n description: \"example description for streaming fhirstore\",\n },\n reconciliationDestination: true,\n },\n}, {\n dependsOn: [recon],\n});\nconst hsa = new gcp.storage.BucketIAMMember(\"hsa\", {\n bucket: bucket.name,\n role: \"roles/storage.objectUser\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-healthcare.iam.gserviceaccount.com`),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ndataset = gcp.healthcare.Dataset(\"dataset\",\n name=\"example_dataset\",\n location=\"us-central1\")\ndest_fhirstore = gcp.healthcare.FhirStore(\"dest_fhirstore\",\n name=\"dest_fhir_store\",\n dataset=dataset.id,\n version=\"R4\",\n enable_update_create=True,\n disable_referential_integrity=True)\nbucket = gcp.storage.Bucket(\"bucket\",\n name=\"example_bucket_name\",\n location=\"us-central1\",\n uniform_bucket_level_access=True)\nmerge_file = gcp.storage.BucketObject(\"merge_file\",\n name=\"merge.wstl\",\n content=\" \",\n bucket=bucket.name)\nrecon = gcp.healthcare.PipelineJob(\"recon\",\n name=\"example_recon_pipeline_job\",\n location=\"us-central1\",\n dataset=dataset.id,\n disable_lineage=True,\n reconciliation_pipeline_job={\n \"merge_config\": {\n \"description\": \"sample description for reconciliation rules\",\n \"whistle_config_source\": {\n \"uri\": pulumi.Output.all(\n bucketName=bucket.name,\n mergeFileName=merge_file.name\n).apply(lambda resolved_outputs: f\"gs://{resolved_outputs['bucketName']}/{resolved_outputs['mergeFileName']}\")\n,\n \"import_uri_prefix\": bucket.name.apply(lambda name: f\"gs://{name}\"),\n },\n },\n \"matching_uri_prefix\": bucket.name.apply(lambda name: f\"gs://{name}\"),\n \"fhir_store_destination\": pulumi.Output.all(\n id=dataset.id,\n name=dest_fhirstore.name\n).apply(lambda resolved_outputs: f\"{resolved_outputs['id']}/fhirStores/{resolved_outputs['name']}\")\n,\n })\nsource_fhirstore = gcp.healthcare.FhirStore(\"source_fhirstore\",\n name=\"source_fhir_store\",\n dataset=dataset.id,\n version=\"R4\",\n enable_update_create=True,\n disable_referential_integrity=True)\nmapping_file = gcp.storage.BucketObject(\"mapping_file\",\n name=\"mapping.wstl\",\n content=\" \",\n bucket=bucket.name)\nexample_mapping_pipeline = gcp.healthcare.PipelineJob(\"example-mapping-pipeline\",\n name=\"example_mapping_pipeline_job\",\n location=\"us-central1\",\n dataset=dataset.id,\n disable_lineage=True,\n labels={\n \"example_label_key\": \"example_label_value\",\n },\n mapping_pipeline_job={\n \"mapping_config\": {\n \"whistle_config_source\": {\n \"uri\": pulumi.Output.all(\n bucketName=bucket.name,\n mappingFileName=mapping_file.name\n).apply(lambda resolved_outputs: f\"gs://{resolved_outputs['bucketName']}/{resolved_outputs['mappingFileName']}\")\n,\n \"import_uri_prefix\": bucket.name.apply(lambda name: f\"gs://{name}\"),\n },\n \"description\": \"example description for mapping configuration\",\n },\n \"fhir_streaming_source\": {\n \"fhir_store\": pulumi.Output.all(\n id=dataset.id,\n name=source_fhirstore.name\n).apply(lambda resolved_outputs: f\"{resolved_outputs['id']}/fhirStores/{resolved_outputs['name']}\")\n,\n \"description\": \"example description for streaming fhirstore\",\n },\n \"reconciliation_destination\": True,\n },\n opts = pulumi.ResourceOptions(depends_on=[recon]))\nhsa = gcp.storage.BucketIAMMember(\"hsa\",\n bucket=bucket.name,\n role=\"roles/storage.objectUser\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-healthcare.iam.gserviceaccount.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var dataset = new Gcp.Healthcare.Dataset(\"dataset\", new()\n {\n Name = \"example_dataset\",\n Location = \"us-central1\",\n });\n\n var destFhirstore = new Gcp.Healthcare.FhirStore(\"dest_fhirstore\", new()\n {\n Name = \"dest_fhir_store\",\n Dataset = dataset.Id,\n Version = \"R4\",\n EnableUpdateCreate = true,\n DisableReferentialIntegrity = true,\n });\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = \"example_bucket_name\",\n Location = \"us-central1\",\n UniformBucketLevelAccess = true,\n });\n\n var mergeFile = new Gcp.Storage.BucketObject(\"merge_file\", new()\n {\n Name = \"merge.wstl\",\n Content = \" \",\n Bucket = bucket.Name,\n });\n\n var recon = new Gcp.Healthcare.PipelineJob(\"recon\", new()\n {\n Name = \"example_recon_pipeline_job\",\n Location = \"us-central1\",\n Dataset = dataset.Id,\n DisableLineage = true,\n ReconciliationPipelineJob = new Gcp.Healthcare.Inputs.PipelineJobReconciliationPipelineJobArgs\n {\n MergeConfig = new Gcp.Healthcare.Inputs.PipelineJobReconciliationPipelineJobMergeConfigArgs\n {\n Description = \"sample description for reconciliation rules\",\n WhistleConfigSource = new Gcp.Healthcare.Inputs.PipelineJobReconciliationPipelineJobMergeConfigWhistleConfigSourceArgs\n {\n Uri = Output.Tuple(bucket.Name, mergeFile.Name).Apply(values =\u003e\n {\n var bucketName = values.Item1;\n var mergeFileName = values.Item2;\n return $\"gs://{bucketName}/{mergeFileName}\";\n }),\n ImportUriPrefix = bucket.Name.Apply(name =\u003e $\"gs://{name}\"),\n },\n },\n MatchingUriPrefix = bucket.Name.Apply(name =\u003e $\"gs://{name}\"),\n FhirStoreDestination = Output.Tuple(dataset.Id, destFhirstore.Name).Apply(values =\u003e\n {\n var id = values.Item1;\n var name = values.Item2;\n return $\"{id}/fhirStores/{name}\";\n }),\n },\n });\n\n var sourceFhirstore = new Gcp.Healthcare.FhirStore(\"source_fhirstore\", new()\n {\n Name = \"source_fhir_store\",\n Dataset = dataset.Id,\n Version = \"R4\",\n EnableUpdateCreate = true,\n DisableReferentialIntegrity = true,\n });\n\n var mappingFile = new Gcp.Storage.BucketObject(\"mapping_file\", new()\n {\n Name = \"mapping.wstl\",\n Content = \" \",\n Bucket = bucket.Name,\n });\n\n var example_mapping_pipeline = new Gcp.Healthcare.PipelineJob(\"example-mapping-pipeline\", new()\n {\n Name = \"example_mapping_pipeline_job\",\n Location = \"us-central1\",\n Dataset = dataset.Id,\n DisableLineage = true,\n Labels = \n {\n { \"example_label_key\", \"example_label_value\" },\n },\n MappingPipelineJob = new Gcp.Healthcare.Inputs.PipelineJobMappingPipelineJobArgs\n {\n MappingConfig = new Gcp.Healthcare.Inputs.PipelineJobMappingPipelineJobMappingConfigArgs\n {\n WhistleConfigSource = new Gcp.Healthcare.Inputs.PipelineJobMappingPipelineJobMappingConfigWhistleConfigSourceArgs\n {\n Uri = Output.Tuple(bucket.Name, mappingFile.Name).Apply(values =\u003e\n {\n var bucketName = values.Item1;\n var mappingFileName = values.Item2;\n return $\"gs://{bucketName}/{mappingFileName}\";\n }),\n ImportUriPrefix = bucket.Name.Apply(name =\u003e $\"gs://{name}\"),\n },\n Description = \"example description for mapping configuration\",\n },\n FhirStreamingSource = new Gcp.Healthcare.Inputs.PipelineJobMappingPipelineJobFhirStreamingSourceArgs\n {\n FhirStore = Output.Tuple(dataset.Id, sourceFhirstore.Name).Apply(values =\u003e\n {\n var id = values.Item1;\n var name = values.Item2;\n return $\"{id}/fhirStores/{name}\";\n }),\n Description = \"example description for streaming fhirstore\",\n },\n ReconciliationDestination = true,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n recon,\n },\n });\n\n var hsa = new Gcp.Storage.BucketIAMMember(\"hsa\", new()\n {\n Bucket = bucket.Name,\n Role = \"roles/storage.objectUser\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-healthcare.iam.gserviceaccount.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdataset, err := healthcare.NewDataset(ctx, \"dataset\", \u0026healthcare.DatasetArgs{\n\t\t\tName: pulumi.String(\"example_dataset\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestFhirstore, err := healthcare.NewFhirStore(ctx, \"dest_fhirstore\", \u0026healthcare.FhirStoreArgs{\n\t\t\tName: pulumi.String(\"dest_fhir_store\"),\n\t\t\tDataset: dataset.ID(),\n\t\t\tVersion: pulumi.String(\"R4\"),\n\t\t\tEnableUpdateCreate: pulumi.Bool(true),\n\t\t\tDisableReferentialIntegrity: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"example_bucket_name\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmergeFile, err := storage.NewBucketObject(ctx, \"merge_file\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"merge.wstl\"),\n\t\t\tContent: pulumi.String(\" \"),\n\t\t\tBucket: bucket.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trecon, err := healthcare.NewPipelineJob(ctx, \"recon\", \u0026healthcare.PipelineJobArgs{\n\t\t\tName: pulumi.String(\"example_recon_pipeline_job\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDataset: dataset.ID(),\n\t\t\tDisableLineage: pulumi.Bool(true),\n\t\t\tReconciliationPipelineJob: \u0026healthcare.PipelineJobReconciliationPipelineJobArgs{\n\t\t\t\tMergeConfig: \u0026healthcare.PipelineJobReconciliationPipelineJobMergeConfigArgs{\n\t\t\t\t\tDescription: pulumi.String(\"sample description for reconciliation rules\"),\n\t\t\t\t\tWhistleConfigSource: \u0026healthcare.PipelineJobReconciliationPipelineJobMergeConfigWhistleConfigSourceArgs{\n\t\t\t\t\t\tUri: pulumi.All(bucket.Name, mergeFile.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\t\tbucketName := _args[0].(string)\n\t\t\t\t\t\t\tmergeFileName := _args[1].(string)\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/%v\", bucketName, mergeFileName), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\tImportUriPrefix: bucket.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v\", name), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tMatchingUriPrefix: bucket.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"gs://%v\", name), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\tFhirStoreDestination: pulumi.All(dataset.ID(), destFhirstore.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\tid := _args[0].(string)\n\t\t\t\t\tname := _args[1].(string)\n\t\t\t\t\treturn fmt.Sprintf(\"%v/fhirStores/%v\", id, name), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceFhirstore, err := healthcare.NewFhirStore(ctx, \"source_fhirstore\", \u0026healthcare.FhirStoreArgs{\n\t\t\tName: pulumi.String(\"source_fhir_store\"),\n\t\t\tDataset: dataset.ID(),\n\t\t\tVersion: pulumi.String(\"R4\"),\n\t\t\tEnableUpdateCreate: pulumi.Bool(true),\n\t\t\tDisableReferentialIntegrity: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmappingFile, err := storage.NewBucketObject(ctx, \"mapping_file\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"mapping.wstl\"),\n\t\t\tContent: pulumi.String(\" \"),\n\t\t\tBucket: bucket.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewPipelineJob(ctx, \"example-mapping-pipeline\", \u0026healthcare.PipelineJobArgs{\n\t\t\tName: pulumi.String(\"example_mapping_pipeline_job\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDataset: dataset.ID(),\n\t\t\tDisableLineage: pulumi.Bool(true),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"example_label_key\": pulumi.String(\"example_label_value\"),\n\t\t\t},\n\t\t\tMappingPipelineJob: \u0026healthcare.PipelineJobMappingPipelineJobArgs{\n\t\t\t\tMappingConfig: \u0026healthcare.PipelineJobMappingPipelineJobMappingConfigArgs{\n\t\t\t\t\tWhistleConfigSource: \u0026healthcare.PipelineJobMappingPipelineJobMappingConfigWhistleConfigSourceArgs{\n\t\t\t\t\t\tUri: pulumi.All(bucket.Name, mappingFile.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\t\tbucketName := _args[0].(string)\n\t\t\t\t\t\t\tmappingFileName := _args[1].(string)\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/%v\", bucketName, mappingFileName), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\tImportUriPrefix: bucket.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v\", name), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t\tDescription: pulumi.String(\"example description for mapping configuration\"),\n\t\t\t\t},\n\t\t\t\tFhirStreamingSource: \u0026healthcare.PipelineJobMappingPipelineJobFhirStreamingSourceArgs{\n\t\t\t\t\tFhirStore: pulumi.All(dataset.ID(), sourceFhirstore.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\tid := _args[0].(string)\n\t\t\t\t\t\tname := _args[1].(string)\n\t\t\t\t\t\treturn fmt.Sprintf(\"%v/fhirStores/%v\", id, name), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\tDescription: pulumi.String(\"example description for streaming fhirstore\"),\n\t\t\t\t},\n\t\t\t\tReconciliationDestination: pulumi.Bool(true),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\trecon,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMMember(ctx, \"hsa\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: bucket.Name,\n\t\t\tRole: pulumi.String(\"roles/storage.objectUser\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-healthcare.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.healthcare.Dataset;\nimport com.pulumi.gcp.healthcare.DatasetArgs;\nimport com.pulumi.gcp.healthcare.FhirStore;\nimport com.pulumi.gcp.healthcare.FhirStoreArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.healthcare.PipelineJob;\nimport com.pulumi.gcp.healthcare.PipelineJobArgs;\nimport com.pulumi.gcp.healthcare.inputs.PipelineJobReconciliationPipelineJobArgs;\nimport com.pulumi.gcp.healthcare.inputs.PipelineJobReconciliationPipelineJobMergeConfigArgs;\nimport com.pulumi.gcp.healthcare.inputs.PipelineJobReconciliationPipelineJobMergeConfigWhistleConfigSourceArgs;\nimport com.pulumi.gcp.healthcare.inputs.PipelineJobMappingPipelineJobArgs;\nimport com.pulumi.gcp.healthcare.inputs.PipelineJobMappingPipelineJobMappingConfigArgs;\nimport com.pulumi.gcp.healthcare.inputs.PipelineJobMappingPipelineJobMappingConfigWhistleConfigSourceArgs;\nimport com.pulumi.gcp.healthcare.inputs.PipelineJobMappingPipelineJobFhirStreamingSourceArgs;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder()\n .name(\"example_dataset\")\n .location(\"us-central1\")\n .build());\n\n var destFhirstore = new FhirStore(\"destFhirstore\", FhirStoreArgs.builder()\n .name(\"dest_fhir_store\")\n .dataset(dataset.id())\n .version(\"R4\")\n .enableUpdateCreate(true)\n .disableReferentialIntegrity(true)\n .build());\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(\"example_bucket_name\")\n .location(\"us-central1\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var mergeFile = new BucketObject(\"mergeFile\", BucketObjectArgs.builder()\n .name(\"merge.wstl\")\n .content(\" \")\n .bucket(bucket.name())\n .build());\n\n var recon = new PipelineJob(\"recon\", PipelineJobArgs.builder()\n .name(\"example_recon_pipeline_job\")\n .location(\"us-central1\")\n .dataset(dataset.id())\n .disableLineage(true)\n .reconciliationPipelineJob(PipelineJobReconciliationPipelineJobArgs.builder()\n .mergeConfig(PipelineJobReconciliationPipelineJobMergeConfigArgs.builder()\n .description(\"sample description for reconciliation rules\")\n .whistleConfigSource(PipelineJobReconciliationPipelineJobMergeConfigWhistleConfigSourceArgs.builder()\n .uri(Output.tuple(bucket.name(), mergeFile.name()).applyValue(values -\u003e {\n var bucketName = values.t1;\n var mergeFileName = values.t2;\n return String.format(\"gs://%s/%s\", bucketName,mergeFileName);\n }))\n .importUriPrefix(bucket.name().applyValue(name -\u003e String.format(\"gs://%s\", name)))\n .build())\n .build())\n .matchingUriPrefix(bucket.name().applyValue(name -\u003e String.format(\"gs://%s\", name)))\n .fhirStoreDestination(Output.tuple(dataset.id(), destFhirstore.name()).applyValue(values -\u003e {\n var id = values.t1;\n var name = values.t2;\n return String.format(\"%s/fhirStores/%s\", id,name);\n }))\n .build())\n .build());\n\n var sourceFhirstore = new FhirStore(\"sourceFhirstore\", FhirStoreArgs.builder()\n .name(\"source_fhir_store\")\n .dataset(dataset.id())\n .version(\"R4\")\n .enableUpdateCreate(true)\n .disableReferentialIntegrity(true)\n .build());\n\n var mappingFile = new BucketObject(\"mappingFile\", BucketObjectArgs.builder()\n .name(\"mapping.wstl\")\n .content(\" \")\n .bucket(bucket.name())\n .build());\n\n var example_mapping_pipeline = new PipelineJob(\"example-mapping-pipeline\", PipelineJobArgs.builder()\n .name(\"example_mapping_pipeline_job\")\n .location(\"us-central1\")\n .dataset(dataset.id())\n .disableLineage(true)\n .labels(Map.of(\"example_label_key\", \"example_label_value\"))\n .mappingPipelineJob(PipelineJobMappingPipelineJobArgs.builder()\n .mappingConfig(PipelineJobMappingPipelineJobMappingConfigArgs.builder()\n .whistleConfigSource(PipelineJobMappingPipelineJobMappingConfigWhistleConfigSourceArgs.builder()\n .uri(Output.tuple(bucket.name(), mappingFile.name()).applyValue(values -\u003e {\n var bucketName = values.t1;\n var mappingFileName = values.t2;\n return String.format(\"gs://%s/%s\", bucketName,mappingFileName);\n }))\n .importUriPrefix(bucket.name().applyValue(name -\u003e String.format(\"gs://%s\", name)))\n .build())\n .description(\"example description for mapping configuration\")\n .build())\n .fhirStreamingSource(PipelineJobMappingPipelineJobFhirStreamingSourceArgs.builder()\n .fhirStore(Output.tuple(dataset.id(), sourceFhirstore.name()).applyValue(values -\u003e {\n var id = values.t1;\n var name = values.t2;\n return String.format(\"%s/fhirStores/%s\", id,name);\n }))\n .description(\"example description for streaming fhirstore\")\n .build())\n .reconciliationDestination(true)\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(recon)\n .build());\n\n var hsa = new BucketIAMMember(\"hsa\", BucketIAMMemberArgs.builder()\n .bucket(bucket.name())\n .role(\"roles/storage.objectUser\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-healthcare.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n recon:\n type: gcp:healthcare:PipelineJob\n properties:\n name: example_recon_pipeline_job\n location: us-central1\n dataset: ${dataset.id}\n disableLineage: true\n reconciliationPipelineJob:\n mergeConfig:\n description: sample description for reconciliation rules\n whistleConfigSource:\n uri: gs://${bucket.name}/${mergeFile.name}\n importUriPrefix: gs://${bucket.name}\n matchingUriPrefix: gs://${bucket.name}\n fhirStoreDestination: ${dataset.id}/fhirStores/${destFhirstore.name}\n example-mapping-pipeline:\n type: gcp:healthcare:PipelineJob\n properties:\n name: example_mapping_pipeline_job\n location: us-central1\n dataset: ${dataset.id}\n disableLineage: true\n labels:\n example_label_key: example_label_value\n mappingPipelineJob:\n mappingConfig:\n whistleConfigSource:\n uri: gs://${bucket.name}/${mappingFile.name}\n importUriPrefix: gs://${bucket.name}\n description: example description for mapping configuration\n fhirStreamingSource:\n fhirStore: ${dataset.id}/fhirStores/${sourceFhirstore.name}\n description: example description for streaming fhirstore\n reconciliationDestination: true\n options:\n dependson:\n - ${recon}\n dataset:\n type: gcp:healthcare:Dataset\n properties:\n name: example_dataset\n location: us-central1\n sourceFhirstore:\n type: gcp:healthcare:FhirStore\n name: source_fhirstore\n properties:\n name: source_fhir_store\n dataset: ${dataset.id}\n version: R4\n enableUpdateCreate: true\n disableReferentialIntegrity: true\n destFhirstore:\n type: gcp:healthcare:FhirStore\n name: dest_fhirstore\n properties:\n name: dest_fhir_store\n dataset: ${dataset.id}\n version: R4\n enableUpdateCreate: true\n disableReferentialIntegrity: true\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: example_bucket_name\n location: us-central1\n uniformBucketLevelAccess: true\n mappingFile:\n type: gcp:storage:BucketObject\n name: mapping_file\n properties:\n name: mapping.wstl\n content: ' '\n bucket: ${bucket.name}\n mergeFile:\n type: gcp:storage:BucketObject\n name: merge_file\n properties:\n name: merge.wstl\n content: ' '\n bucket: ${bucket.name}\n hsa:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${bucket.name}\n role: roles/storage.objectUser\n member: serviceAccount:service-${project.number}@gcp-sa-healthcare.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nPipelineJob can be imported using any of these accepted formats:\n\n* `{{dataset}}/pipelineJobs/{{name}}`\n\n* `{{dataset}}/pipelineJobs?pipelineJobId={{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, PipelineJob can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:healthcare/pipelineJob:PipelineJob default {{dataset}}/pipelineJobs/{{name}}\n```\n\n```sh\n$ pulumi import gcp:healthcare/pipelineJob:PipelineJob default {{dataset}}/pipelineJobs?pipelineJobId={{name}}\n```\n\n```sh\n$ pulumi import gcp:healthcare/pipelineJob:PipelineJob default {{name}}\n```\n\n", + "description": "PipelineJobs are Long Running Operations on Healthcare API to Map or Reconcile\nincoming data into FHIR format\n\n\nTo get more information about PipelineJob, see:\n\n* [API documentation](https://cloud.google.com/healthcare-api/healthcare-data-engine/docs/reference/rest/v1/projects.locations.datasets.pipelineJobs)\n* How-to Guides\n * [Creating a PipelineJob](https://cloud.google.com/healthcare-api/private/healthcare-data-engine/docs/reference/rest/v1/projects.locations.datasets.pipelineJobs#PipelineJob)\n\n## Example Usage\n\n### Healthcare Pipeline Job Reconciliation\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst dataset = new gcp.healthcare.Dataset(\"dataset\", {\n name: \"example_dataset\",\n location: \"us-central1\",\n});\nconst fhirstore = new gcp.healthcare.FhirStore(\"fhirstore\", {\n name: \"fhir_store\",\n dataset: dataset.id,\n version: \"R4\",\n enableUpdateCreate: true,\n disableReferentialIntegrity: true,\n});\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: \"example_bucket_name\",\n location: \"us-central1\",\n uniformBucketLevelAccess: true,\n});\nconst mergeFile = new gcp.storage.BucketObject(\"merge_file\", {\n name: \"merge.wstl\",\n content: \" \",\n bucket: bucket.name,\n});\nconst example_pipeline = new gcp.healthcare.PipelineJob(\"example-pipeline\", {\n name: \"example_pipeline_job\",\n location: \"us-central1\",\n dataset: dataset.id,\n disableLineage: true,\n reconciliationPipelineJob: {\n mergeConfig: {\n description: \"sample description for reconciliation rules\",\n whistleConfigSource: {\n uri: pulumi.interpolate`gs://${bucket.name}/${mergeFile.name}`,\n importUriPrefix: pulumi.interpolate`gs://${bucket.name}`,\n },\n },\n matchingUriPrefix: pulumi.interpolate`gs://${bucket.name}`,\n fhirStoreDestination: pulumi.interpolate`${dataset.id}/fhirStores/${fhirstore.name}`,\n },\n});\nconst hsa = new gcp.storage.BucketIAMMember(\"hsa\", {\n bucket: bucket.name,\n role: \"roles/storage.objectUser\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-healthcare.iam.gserviceaccount.com`),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ndataset = gcp.healthcare.Dataset(\"dataset\",\n name=\"example_dataset\",\n location=\"us-central1\")\nfhirstore = gcp.healthcare.FhirStore(\"fhirstore\",\n name=\"fhir_store\",\n dataset=dataset.id,\n version=\"R4\",\n enable_update_create=True,\n disable_referential_integrity=True)\nbucket = gcp.storage.Bucket(\"bucket\",\n name=\"example_bucket_name\",\n location=\"us-central1\",\n uniform_bucket_level_access=True)\nmerge_file = gcp.storage.BucketObject(\"merge_file\",\n name=\"merge.wstl\",\n content=\" \",\n bucket=bucket.name)\nexample_pipeline = gcp.healthcare.PipelineJob(\"example-pipeline\",\n name=\"example_pipeline_job\",\n location=\"us-central1\",\n dataset=dataset.id,\n disable_lineage=True,\n reconciliation_pipeline_job={\n \"merge_config\": {\n \"description\": \"sample description for reconciliation rules\",\n \"whistle_config_source\": {\n \"uri\": pulumi.Output.all(\n bucketName=bucket.name,\n mergeFileName=merge_file.name\n).apply(lambda resolved_outputs: f\"gs://{resolved_outputs['bucketName']}/{resolved_outputs['mergeFileName']}\")\n,\n \"import_uri_prefix\": bucket.name.apply(lambda name: f\"gs://{name}\"),\n },\n },\n \"matching_uri_prefix\": bucket.name.apply(lambda name: f\"gs://{name}\"),\n \"fhir_store_destination\": pulumi.Output.all(\n id=dataset.id,\n name=fhirstore.name\n).apply(lambda resolved_outputs: f\"{resolved_outputs['id']}/fhirStores/{resolved_outputs['name']}\")\n,\n })\nhsa = gcp.storage.BucketIAMMember(\"hsa\",\n bucket=bucket.name,\n role=\"roles/storage.objectUser\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-healthcare.iam.gserviceaccount.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var dataset = new Gcp.Healthcare.Dataset(\"dataset\", new()\n {\n Name = \"example_dataset\",\n Location = \"us-central1\",\n });\n\n var fhirstore = new Gcp.Healthcare.FhirStore(\"fhirstore\", new()\n {\n Name = \"fhir_store\",\n Dataset = dataset.Id,\n Version = \"R4\",\n EnableUpdateCreate = true,\n DisableReferentialIntegrity = true,\n });\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = \"example_bucket_name\",\n Location = \"us-central1\",\n UniformBucketLevelAccess = true,\n });\n\n var mergeFile = new Gcp.Storage.BucketObject(\"merge_file\", new()\n {\n Name = \"merge.wstl\",\n Content = \" \",\n Bucket = bucket.Name,\n });\n\n var example_pipeline = new Gcp.Healthcare.PipelineJob(\"example-pipeline\", new()\n {\n Name = \"example_pipeline_job\",\n Location = \"us-central1\",\n Dataset = dataset.Id,\n DisableLineage = true,\n ReconciliationPipelineJob = new Gcp.Healthcare.Inputs.PipelineJobReconciliationPipelineJobArgs\n {\n MergeConfig = new Gcp.Healthcare.Inputs.PipelineJobReconciliationPipelineJobMergeConfigArgs\n {\n Description = \"sample description for reconciliation rules\",\n WhistleConfigSource = new Gcp.Healthcare.Inputs.PipelineJobReconciliationPipelineJobMergeConfigWhistleConfigSourceArgs\n {\n Uri = Output.Tuple(bucket.Name, mergeFile.Name).Apply(values =\u003e\n {\n var bucketName = values.Item1;\n var mergeFileName = values.Item2;\n return $\"gs://{bucketName}/{mergeFileName}\";\n }),\n ImportUriPrefix = bucket.Name.Apply(name =\u003e $\"gs://{name}\"),\n },\n },\n MatchingUriPrefix = bucket.Name.Apply(name =\u003e $\"gs://{name}\"),\n FhirStoreDestination = Output.Tuple(dataset.Id, fhirstore.Name).Apply(values =\u003e\n {\n var id = values.Item1;\n var name = values.Item2;\n return $\"{id}/fhirStores/{name}\";\n }),\n },\n });\n\n var hsa = new Gcp.Storage.BucketIAMMember(\"hsa\", new()\n {\n Bucket = bucket.Name,\n Role = \"roles/storage.objectUser\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-healthcare.iam.gserviceaccount.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdataset, err := healthcare.NewDataset(ctx, \"dataset\", \u0026healthcare.DatasetArgs{\n\t\t\tName: pulumi.String(\"example_dataset\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfhirstore, err := healthcare.NewFhirStore(ctx, \"fhirstore\", \u0026healthcare.FhirStoreArgs{\n\t\t\tName: pulumi.String(\"fhir_store\"),\n\t\t\tDataset: dataset.ID(),\n\t\t\tVersion: pulumi.String(\"R4\"),\n\t\t\tEnableUpdateCreate: pulumi.Bool(true),\n\t\t\tDisableReferentialIntegrity: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"example_bucket_name\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmergeFile, err := storage.NewBucketObject(ctx, \"merge_file\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"merge.wstl\"),\n\t\t\tContent: pulumi.String(\" \"),\n\t\t\tBucket: bucket.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewPipelineJob(ctx, \"example-pipeline\", \u0026healthcare.PipelineJobArgs{\n\t\t\tName: pulumi.String(\"example_pipeline_job\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDataset: dataset.ID(),\n\t\t\tDisableLineage: pulumi.Bool(true),\n\t\t\tReconciliationPipelineJob: \u0026healthcare.PipelineJobReconciliationPipelineJobArgs{\n\t\t\t\tMergeConfig: \u0026healthcare.PipelineJobReconciliationPipelineJobMergeConfigArgs{\n\t\t\t\t\tDescription: pulumi.String(\"sample description for reconciliation rules\"),\n\t\t\t\t\tWhistleConfigSource: \u0026healthcare.PipelineJobReconciliationPipelineJobMergeConfigWhistleConfigSourceArgs{\n\t\t\t\t\t\tUri: pulumi.All(bucket.Name, mergeFile.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\t\tbucketName := _args[0].(string)\n\t\t\t\t\t\t\tmergeFileName := _args[1].(string)\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/%v\", bucketName, mergeFileName), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\tImportUriPrefix: bucket.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v\", name), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tMatchingUriPrefix: bucket.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"gs://%v\", name), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\tFhirStoreDestination: pulumi.All(dataset.ID(), fhirstore.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\tid := _args[0].(string)\n\t\t\t\t\tname := _args[1].(string)\n\t\t\t\t\treturn fmt.Sprintf(\"%v/fhirStores/%v\", id, name), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMMember(ctx, \"hsa\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: bucket.Name,\n\t\t\tRole: pulumi.String(\"roles/storage.objectUser\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-healthcare.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.healthcare.Dataset;\nimport com.pulumi.gcp.healthcare.DatasetArgs;\nimport com.pulumi.gcp.healthcare.FhirStore;\nimport com.pulumi.gcp.healthcare.FhirStoreArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.healthcare.PipelineJob;\nimport com.pulumi.gcp.healthcare.PipelineJobArgs;\nimport com.pulumi.gcp.healthcare.inputs.PipelineJobReconciliationPipelineJobArgs;\nimport com.pulumi.gcp.healthcare.inputs.PipelineJobReconciliationPipelineJobMergeConfigArgs;\nimport com.pulumi.gcp.healthcare.inputs.PipelineJobReconciliationPipelineJobMergeConfigWhistleConfigSourceArgs;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder()\n .name(\"example_dataset\")\n .location(\"us-central1\")\n .build());\n\n var fhirstore = new FhirStore(\"fhirstore\", FhirStoreArgs.builder()\n .name(\"fhir_store\")\n .dataset(dataset.id())\n .version(\"R4\")\n .enableUpdateCreate(true)\n .disableReferentialIntegrity(true)\n .build());\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(\"example_bucket_name\")\n .location(\"us-central1\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var mergeFile = new BucketObject(\"mergeFile\", BucketObjectArgs.builder()\n .name(\"merge.wstl\")\n .content(\" \")\n .bucket(bucket.name())\n .build());\n\n var example_pipeline = new PipelineJob(\"example-pipeline\", PipelineJobArgs.builder()\n .name(\"example_pipeline_job\")\n .location(\"us-central1\")\n .dataset(dataset.id())\n .disableLineage(true)\n .reconciliationPipelineJob(PipelineJobReconciliationPipelineJobArgs.builder()\n .mergeConfig(PipelineJobReconciliationPipelineJobMergeConfigArgs.builder()\n .description(\"sample description for reconciliation rules\")\n .whistleConfigSource(PipelineJobReconciliationPipelineJobMergeConfigWhistleConfigSourceArgs.builder()\n .uri(Output.tuple(bucket.name(), mergeFile.name()).applyValue(values -\u003e {\n var bucketName = values.t1;\n var mergeFileName = values.t2;\n return String.format(\"gs://%s/%s\", bucketName,mergeFileName);\n }))\n .importUriPrefix(bucket.name().applyValue(name -\u003e String.format(\"gs://%s\", name)))\n .build())\n .build())\n .matchingUriPrefix(bucket.name().applyValue(name -\u003e String.format(\"gs://%s\", name)))\n .fhirStoreDestination(Output.tuple(dataset.id(), fhirstore.name()).applyValue(values -\u003e {\n var id = values.t1;\n var name = values.t2;\n return String.format(\"%s/fhirStores/%s\", id,name);\n }))\n .build())\n .build());\n\n var hsa = new BucketIAMMember(\"hsa\", BucketIAMMemberArgs.builder()\n .bucket(bucket.name())\n .role(\"roles/storage.objectUser\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-healthcare.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-pipeline:\n type: gcp:healthcare:PipelineJob\n properties:\n name: example_pipeline_job\n location: us-central1\n dataset: ${dataset.id}\n disableLineage: true\n reconciliationPipelineJob:\n mergeConfig:\n description: sample description for reconciliation rules\n whistleConfigSource:\n uri: gs://${bucket.name}/${mergeFile.name}\n importUriPrefix: gs://${bucket.name}\n matchingUriPrefix: gs://${bucket.name}\n fhirStoreDestination: ${dataset.id}/fhirStores/${fhirstore.name}\n dataset:\n type: gcp:healthcare:Dataset\n properties:\n name: example_dataset\n location: us-central1\n fhirstore:\n type: gcp:healthcare:FhirStore\n properties:\n name: fhir_store\n dataset: ${dataset.id}\n version: R4\n enableUpdateCreate: true\n disableReferentialIntegrity: true\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: example_bucket_name\n location: us-central1\n uniformBucketLevelAccess: true\n mergeFile:\n type: gcp:storage:BucketObject\n name: merge_file\n properties:\n name: merge.wstl\n content: ' '\n bucket: ${bucket.name}\n hsa:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${bucket.name}\n role: roles/storage.objectUser\n member: serviceAccount:service-${project.number}@gcp-sa-healthcare.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Healthcare Pipeline Job Backfill\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.Dataset(\"dataset\", {\n name: \"example_dataset\",\n location: \"us-central1\",\n});\nconst example_pipeline = new gcp.healthcare.PipelineJob(\"example-pipeline\", {\n name: \"example_backfill_pipeline\",\n location: \"us-central1\",\n dataset: dataset.id,\n backfillPipelineJob: {\n mappingPipelineJob: pulumi.interpolate`${dataset.id}/pipelinejobs/example_mapping_pipeline`,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.Dataset(\"dataset\",\n name=\"example_dataset\",\n location=\"us-central1\")\nexample_pipeline = gcp.healthcare.PipelineJob(\"example-pipeline\",\n name=\"example_backfill_pipeline\",\n location=\"us-central1\",\n dataset=dataset.id,\n backfill_pipeline_job={\n \"mapping_pipeline_job\": dataset.id.apply(lambda id: f\"{id}/pipelinejobs/example_mapping_pipeline\"),\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.Dataset(\"dataset\", new()\n {\n Name = \"example_dataset\",\n Location = \"us-central1\",\n });\n\n var example_pipeline = new Gcp.Healthcare.PipelineJob(\"example-pipeline\", new()\n {\n Name = \"example_backfill_pipeline\",\n Location = \"us-central1\",\n Dataset = dataset.Id,\n BackfillPipelineJob = new Gcp.Healthcare.Inputs.PipelineJobBackfillPipelineJobArgs\n {\n MappingPipelineJob = dataset.Id.Apply(id =\u003e $\"{id}/pipelinejobs/example_mapping_pipeline\"),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := healthcare.NewDataset(ctx, \"dataset\", \u0026healthcare.DatasetArgs{\n\t\t\tName: pulumi.String(\"example_dataset\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewPipelineJob(ctx, \"example-pipeline\", \u0026healthcare.PipelineJobArgs{\n\t\t\tName: pulumi.String(\"example_backfill_pipeline\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDataset: dataset.ID(),\n\t\t\tBackfillPipelineJob: \u0026healthcare.PipelineJobBackfillPipelineJobArgs{\n\t\t\t\tMappingPipelineJob: dataset.ID().ApplyT(func(id string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"%v/pipelinejobs/example_mapping_pipeline\", id), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Dataset;\nimport com.pulumi.gcp.healthcare.DatasetArgs;\nimport com.pulumi.gcp.healthcare.PipelineJob;\nimport com.pulumi.gcp.healthcare.PipelineJobArgs;\nimport com.pulumi.gcp.healthcare.inputs.PipelineJobBackfillPipelineJobArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder()\n .name(\"example_dataset\")\n .location(\"us-central1\")\n .build());\n\n var example_pipeline = new PipelineJob(\"example-pipeline\", PipelineJobArgs.builder()\n .name(\"example_backfill_pipeline\")\n .location(\"us-central1\")\n .dataset(dataset.id())\n .backfillPipelineJob(PipelineJobBackfillPipelineJobArgs.builder()\n .mappingPipelineJob(dataset.id().applyValue(id -\u003e String.format(\"%s/pipelinejobs/example_mapping_pipeline\", id)))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-pipeline:\n type: gcp:healthcare:PipelineJob\n properties:\n name: example_backfill_pipeline\n location: us-central1\n dataset: ${dataset.id}\n backfillPipelineJob:\n mappingPipelineJob: ${dataset.id}/pipelinejobs/example_mapping_pipeline\n dataset:\n type: gcp:healthcare:Dataset\n properties:\n name: example_dataset\n location: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Healthcare Pipeline Job Whistle Mapping\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst dataset = new gcp.healthcare.Dataset(\"dataset\", {\n name: \"example_dataset\",\n location: \"us-central1\",\n});\nconst sourceFhirstore = new gcp.healthcare.FhirStore(\"source_fhirstore\", {\n name: \"source_fhir_store\",\n dataset: dataset.id,\n version: \"R4\",\n enableUpdateCreate: true,\n disableReferentialIntegrity: true,\n});\nconst destFhirstore = new gcp.healthcare.FhirStore(\"dest_fhirstore\", {\n name: \"dest_fhir_store\",\n dataset: dataset.id,\n version: \"R4\",\n enableUpdateCreate: true,\n disableReferentialIntegrity: true,\n});\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: \"example_bucket_name\",\n location: \"us-central1\",\n uniformBucketLevelAccess: true,\n});\nconst mappingFile = new gcp.storage.BucketObject(\"mapping_file\", {\n name: \"mapping.wstl\",\n content: \" \",\n bucket: bucket.name,\n});\nconst example_mapping_pipeline = new gcp.healthcare.PipelineJob(\"example-mapping-pipeline\", {\n name: \"example_mapping_pipeline_job\",\n location: \"us-central1\",\n dataset: dataset.id,\n disableLineage: true,\n labels: {\n example_label_key: \"example_label_value\",\n },\n mappingPipelineJob: {\n mappingConfig: {\n whistleConfigSource: {\n uri: pulumi.interpolate`gs://${bucket.name}/${mappingFile.name}`,\n importUriPrefix: pulumi.interpolate`gs://${bucket.name}`,\n },\n description: \"example description for mapping configuration\",\n },\n fhirStreamingSource: {\n fhirStore: pulumi.interpolate`${dataset.id}/fhirStores/${sourceFhirstore.name}`,\n description: \"example description for streaming fhirstore\",\n },\n fhirStoreDestination: pulumi.interpolate`${dataset.id}/fhirStores/${destFhirstore.name}`,\n },\n});\nconst hsa = new gcp.storage.BucketIAMMember(\"hsa\", {\n bucket: bucket.name,\n role: \"roles/storage.objectUser\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-healthcare.iam.gserviceaccount.com`),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ndataset = gcp.healthcare.Dataset(\"dataset\",\n name=\"example_dataset\",\n location=\"us-central1\")\nsource_fhirstore = gcp.healthcare.FhirStore(\"source_fhirstore\",\n name=\"source_fhir_store\",\n dataset=dataset.id,\n version=\"R4\",\n enable_update_create=True,\n disable_referential_integrity=True)\ndest_fhirstore = gcp.healthcare.FhirStore(\"dest_fhirstore\",\n name=\"dest_fhir_store\",\n dataset=dataset.id,\n version=\"R4\",\n enable_update_create=True,\n disable_referential_integrity=True)\nbucket = gcp.storage.Bucket(\"bucket\",\n name=\"example_bucket_name\",\n location=\"us-central1\",\n uniform_bucket_level_access=True)\nmapping_file = gcp.storage.BucketObject(\"mapping_file\",\n name=\"mapping.wstl\",\n content=\" \",\n bucket=bucket.name)\nexample_mapping_pipeline = gcp.healthcare.PipelineJob(\"example-mapping-pipeline\",\n name=\"example_mapping_pipeline_job\",\n location=\"us-central1\",\n dataset=dataset.id,\n disable_lineage=True,\n labels={\n \"example_label_key\": \"example_label_value\",\n },\n mapping_pipeline_job={\n \"mapping_config\": {\n \"whistle_config_source\": {\n \"uri\": pulumi.Output.all(\n bucketName=bucket.name,\n mappingFileName=mapping_file.name\n).apply(lambda resolved_outputs: f\"gs://{resolved_outputs['bucketName']}/{resolved_outputs['mappingFileName']}\")\n,\n \"import_uri_prefix\": bucket.name.apply(lambda name: f\"gs://{name}\"),\n },\n \"description\": \"example description for mapping configuration\",\n },\n \"fhir_streaming_source\": {\n \"fhir_store\": pulumi.Output.all(\n id=dataset.id,\n name=source_fhirstore.name\n).apply(lambda resolved_outputs: f\"{resolved_outputs['id']}/fhirStores/{resolved_outputs['name']}\")\n,\n \"description\": \"example description for streaming fhirstore\",\n },\n \"fhir_store_destination\": pulumi.Output.all(\n id=dataset.id,\n name=dest_fhirstore.name\n).apply(lambda resolved_outputs: f\"{resolved_outputs['id']}/fhirStores/{resolved_outputs['name']}\")\n,\n })\nhsa = gcp.storage.BucketIAMMember(\"hsa\",\n bucket=bucket.name,\n role=\"roles/storage.objectUser\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-healthcare.iam.gserviceaccount.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var dataset = new Gcp.Healthcare.Dataset(\"dataset\", new()\n {\n Name = \"example_dataset\",\n Location = \"us-central1\",\n });\n\n var sourceFhirstore = new Gcp.Healthcare.FhirStore(\"source_fhirstore\", new()\n {\n Name = \"source_fhir_store\",\n Dataset = dataset.Id,\n Version = \"R4\",\n EnableUpdateCreate = true,\n DisableReferentialIntegrity = true,\n });\n\n var destFhirstore = new Gcp.Healthcare.FhirStore(\"dest_fhirstore\", new()\n {\n Name = \"dest_fhir_store\",\n Dataset = dataset.Id,\n Version = \"R4\",\n EnableUpdateCreate = true,\n DisableReferentialIntegrity = true,\n });\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = \"example_bucket_name\",\n Location = \"us-central1\",\n UniformBucketLevelAccess = true,\n });\n\n var mappingFile = new Gcp.Storage.BucketObject(\"mapping_file\", new()\n {\n Name = \"mapping.wstl\",\n Content = \" \",\n Bucket = bucket.Name,\n });\n\n var example_mapping_pipeline = new Gcp.Healthcare.PipelineJob(\"example-mapping-pipeline\", new()\n {\n Name = \"example_mapping_pipeline_job\",\n Location = \"us-central1\",\n Dataset = dataset.Id,\n DisableLineage = true,\n Labels = \n {\n { \"example_label_key\", \"example_label_value\" },\n },\n MappingPipelineJob = new Gcp.Healthcare.Inputs.PipelineJobMappingPipelineJobArgs\n {\n MappingConfig = new Gcp.Healthcare.Inputs.PipelineJobMappingPipelineJobMappingConfigArgs\n {\n WhistleConfigSource = new Gcp.Healthcare.Inputs.PipelineJobMappingPipelineJobMappingConfigWhistleConfigSourceArgs\n {\n Uri = Output.Tuple(bucket.Name, mappingFile.Name).Apply(values =\u003e\n {\n var bucketName = values.Item1;\n var mappingFileName = values.Item2;\n return $\"gs://{bucketName}/{mappingFileName}\";\n }),\n ImportUriPrefix = bucket.Name.Apply(name =\u003e $\"gs://{name}\"),\n },\n Description = \"example description for mapping configuration\",\n },\n FhirStreamingSource = new Gcp.Healthcare.Inputs.PipelineJobMappingPipelineJobFhirStreamingSourceArgs\n {\n FhirStore = Output.Tuple(dataset.Id, sourceFhirstore.Name).Apply(values =\u003e\n {\n var id = values.Item1;\n var name = values.Item2;\n return $\"{id}/fhirStores/{name}\";\n }),\n Description = \"example description for streaming fhirstore\",\n },\n FhirStoreDestination = Output.Tuple(dataset.Id, destFhirstore.Name).Apply(values =\u003e\n {\n var id = values.Item1;\n var name = values.Item2;\n return $\"{id}/fhirStores/{name}\";\n }),\n },\n });\n\n var hsa = new Gcp.Storage.BucketIAMMember(\"hsa\", new()\n {\n Bucket = bucket.Name,\n Role = \"roles/storage.objectUser\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-healthcare.iam.gserviceaccount.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdataset, err := healthcare.NewDataset(ctx, \"dataset\", \u0026healthcare.DatasetArgs{\n\t\t\tName: pulumi.String(\"example_dataset\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceFhirstore, err := healthcare.NewFhirStore(ctx, \"source_fhirstore\", \u0026healthcare.FhirStoreArgs{\n\t\t\tName: pulumi.String(\"source_fhir_store\"),\n\t\t\tDataset: dataset.ID(),\n\t\t\tVersion: pulumi.String(\"R4\"),\n\t\t\tEnableUpdateCreate: pulumi.Bool(true),\n\t\t\tDisableReferentialIntegrity: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestFhirstore, err := healthcare.NewFhirStore(ctx, \"dest_fhirstore\", \u0026healthcare.FhirStoreArgs{\n\t\t\tName: pulumi.String(\"dest_fhir_store\"),\n\t\t\tDataset: dataset.ID(),\n\t\t\tVersion: pulumi.String(\"R4\"),\n\t\t\tEnableUpdateCreate: pulumi.Bool(true),\n\t\t\tDisableReferentialIntegrity: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"example_bucket_name\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmappingFile, err := storage.NewBucketObject(ctx, \"mapping_file\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"mapping.wstl\"),\n\t\t\tContent: pulumi.String(\" \"),\n\t\t\tBucket: bucket.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewPipelineJob(ctx, \"example-mapping-pipeline\", \u0026healthcare.PipelineJobArgs{\n\t\t\tName: pulumi.String(\"example_mapping_pipeline_job\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDataset: dataset.ID(),\n\t\t\tDisableLineage: pulumi.Bool(true),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"example_label_key\": pulumi.String(\"example_label_value\"),\n\t\t\t},\n\t\t\tMappingPipelineJob: \u0026healthcare.PipelineJobMappingPipelineJobArgs{\n\t\t\t\tMappingConfig: \u0026healthcare.PipelineJobMappingPipelineJobMappingConfigArgs{\n\t\t\t\t\tWhistleConfigSource: \u0026healthcare.PipelineJobMappingPipelineJobMappingConfigWhistleConfigSourceArgs{\n\t\t\t\t\t\tUri: pulumi.All(bucket.Name, mappingFile.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\t\tbucketName := _args[0].(string)\n\t\t\t\t\t\t\tmappingFileName := _args[1].(string)\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/%v\", bucketName, mappingFileName), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\tImportUriPrefix: bucket.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v\", name), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t\tDescription: pulumi.String(\"example description for mapping configuration\"),\n\t\t\t\t},\n\t\t\t\tFhirStreamingSource: \u0026healthcare.PipelineJobMappingPipelineJobFhirStreamingSourceArgs{\n\t\t\t\t\tFhirStore: pulumi.All(dataset.ID(), sourceFhirstore.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\tid := _args[0].(string)\n\t\t\t\t\t\tname := _args[1].(string)\n\t\t\t\t\t\treturn fmt.Sprintf(\"%v/fhirStores/%v\", id, name), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\tDescription: pulumi.String(\"example description for streaming fhirstore\"),\n\t\t\t\t},\n\t\t\t\tFhirStoreDestination: pulumi.All(dataset.ID(), destFhirstore.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\tid := _args[0].(string)\n\t\t\t\t\tname := _args[1].(string)\n\t\t\t\t\treturn fmt.Sprintf(\"%v/fhirStores/%v\", id, name), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMMember(ctx, \"hsa\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: bucket.Name,\n\t\t\tRole: pulumi.String(\"roles/storage.objectUser\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-healthcare.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.healthcare.Dataset;\nimport com.pulumi.gcp.healthcare.DatasetArgs;\nimport com.pulumi.gcp.healthcare.FhirStore;\nimport com.pulumi.gcp.healthcare.FhirStoreArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.healthcare.PipelineJob;\nimport com.pulumi.gcp.healthcare.PipelineJobArgs;\nimport com.pulumi.gcp.healthcare.inputs.PipelineJobMappingPipelineJobArgs;\nimport com.pulumi.gcp.healthcare.inputs.PipelineJobMappingPipelineJobMappingConfigArgs;\nimport com.pulumi.gcp.healthcare.inputs.PipelineJobMappingPipelineJobMappingConfigWhistleConfigSourceArgs;\nimport com.pulumi.gcp.healthcare.inputs.PipelineJobMappingPipelineJobFhirStreamingSourceArgs;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder()\n .name(\"example_dataset\")\n .location(\"us-central1\")\n .build());\n\n var sourceFhirstore = new FhirStore(\"sourceFhirstore\", FhirStoreArgs.builder()\n .name(\"source_fhir_store\")\n .dataset(dataset.id())\n .version(\"R4\")\n .enableUpdateCreate(true)\n .disableReferentialIntegrity(true)\n .build());\n\n var destFhirstore = new FhirStore(\"destFhirstore\", FhirStoreArgs.builder()\n .name(\"dest_fhir_store\")\n .dataset(dataset.id())\n .version(\"R4\")\n .enableUpdateCreate(true)\n .disableReferentialIntegrity(true)\n .build());\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(\"example_bucket_name\")\n .location(\"us-central1\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var mappingFile = new BucketObject(\"mappingFile\", BucketObjectArgs.builder()\n .name(\"mapping.wstl\")\n .content(\" \")\n .bucket(bucket.name())\n .build());\n\n var example_mapping_pipeline = new PipelineJob(\"example-mapping-pipeline\", PipelineJobArgs.builder()\n .name(\"example_mapping_pipeline_job\")\n .location(\"us-central1\")\n .dataset(dataset.id())\n .disableLineage(true)\n .labels(Map.of(\"example_label_key\", \"example_label_value\"))\n .mappingPipelineJob(PipelineJobMappingPipelineJobArgs.builder()\n .mappingConfig(PipelineJobMappingPipelineJobMappingConfigArgs.builder()\n .whistleConfigSource(PipelineJobMappingPipelineJobMappingConfigWhistleConfigSourceArgs.builder()\n .uri(Output.tuple(bucket.name(), mappingFile.name()).applyValue(values -\u003e {\n var bucketName = values.t1;\n var mappingFileName = values.t2;\n return String.format(\"gs://%s/%s\", bucketName,mappingFileName);\n }))\n .importUriPrefix(bucket.name().applyValue(name -\u003e String.format(\"gs://%s\", name)))\n .build())\n .description(\"example description for mapping configuration\")\n .build())\n .fhirStreamingSource(PipelineJobMappingPipelineJobFhirStreamingSourceArgs.builder()\n .fhirStore(Output.tuple(dataset.id(), sourceFhirstore.name()).applyValue(values -\u003e {\n var id = values.t1;\n var name = values.t2;\n return String.format(\"%s/fhirStores/%s\", id,name);\n }))\n .description(\"example description for streaming fhirstore\")\n .build())\n .fhirStoreDestination(Output.tuple(dataset.id(), destFhirstore.name()).applyValue(values -\u003e {\n var id = values.t1;\n var name = values.t2;\n return String.format(\"%s/fhirStores/%s\", id,name);\n }))\n .build())\n .build());\n\n var hsa = new BucketIAMMember(\"hsa\", BucketIAMMemberArgs.builder()\n .bucket(bucket.name())\n .role(\"roles/storage.objectUser\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-healthcare.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-mapping-pipeline:\n type: gcp:healthcare:PipelineJob\n properties:\n name: example_mapping_pipeline_job\n location: us-central1\n dataset: ${dataset.id}\n disableLineage: true\n labels:\n example_label_key: example_label_value\n mappingPipelineJob:\n mappingConfig:\n whistleConfigSource:\n uri: gs://${bucket.name}/${mappingFile.name}\n importUriPrefix: gs://${bucket.name}\n description: example description for mapping configuration\n fhirStreamingSource:\n fhirStore: ${dataset.id}/fhirStores/${sourceFhirstore.name}\n description: example description for streaming fhirstore\n fhirStoreDestination: ${dataset.id}/fhirStores/${destFhirstore.name}\n dataset:\n type: gcp:healthcare:Dataset\n properties:\n name: example_dataset\n location: us-central1\n sourceFhirstore:\n type: gcp:healthcare:FhirStore\n name: source_fhirstore\n properties:\n name: source_fhir_store\n dataset: ${dataset.id}\n version: R4\n enableUpdateCreate: true\n disableReferentialIntegrity: true\n destFhirstore:\n type: gcp:healthcare:FhirStore\n name: dest_fhirstore\n properties:\n name: dest_fhir_store\n dataset: ${dataset.id}\n version: R4\n enableUpdateCreate: true\n disableReferentialIntegrity: true\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: example_bucket_name\n location: us-central1\n uniformBucketLevelAccess: true\n mappingFile:\n type: gcp:storage:BucketObject\n name: mapping_file\n properties:\n name: mapping.wstl\n content: ' '\n bucket: ${bucket.name}\n hsa:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${bucket.name}\n role: roles/storage.objectUser\n member: serviceAccount:service-${project.number}@gcp-sa-healthcare.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Healthcare Pipeline Job Mapping Recon Dest\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst dataset = new gcp.healthcare.Dataset(\"dataset\", {\n name: \"example_dataset\",\n location: \"us-central1\",\n});\nconst destFhirstore = new gcp.healthcare.FhirStore(\"dest_fhirstore\", {\n name: \"dest_fhir_store\",\n dataset: dataset.id,\n version: \"R4\",\n enableUpdateCreate: true,\n disableReferentialIntegrity: true,\n});\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: \"example_bucket_name\",\n location: \"us-central1\",\n uniformBucketLevelAccess: true,\n});\nconst mergeFile = new gcp.storage.BucketObject(\"merge_file\", {\n name: \"merge.wstl\",\n content: \" \",\n bucket: bucket.name,\n});\nconst recon = new gcp.healthcare.PipelineJob(\"recon\", {\n name: \"example_recon_pipeline_job\",\n location: \"us-central1\",\n dataset: dataset.id,\n disableLineage: true,\n reconciliationPipelineJob: {\n mergeConfig: {\n description: \"sample description for reconciliation rules\",\n whistleConfigSource: {\n uri: pulumi.interpolate`gs://${bucket.name}/${mergeFile.name}`,\n importUriPrefix: pulumi.interpolate`gs://${bucket.name}`,\n },\n },\n matchingUriPrefix: pulumi.interpolate`gs://${bucket.name}`,\n fhirStoreDestination: pulumi.interpolate`${dataset.id}/fhirStores/${destFhirstore.name}`,\n },\n});\nconst sourceFhirstore = new gcp.healthcare.FhirStore(\"source_fhirstore\", {\n name: \"source_fhir_store\",\n dataset: dataset.id,\n version: \"R4\",\n enableUpdateCreate: true,\n disableReferentialIntegrity: true,\n});\nconst mappingFile = new gcp.storage.BucketObject(\"mapping_file\", {\n name: \"mapping.wstl\",\n content: \" \",\n bucket: bucket.name,\n});\nconst example_mapping_pipeline = new gcp.healthcare.PipelineJob(\"example-mapping-pipeline\", {\n name: \"example_mapping_pipeline_job\",\n location: \"us-central1\",\n dataset: dataset.id,\n disableLineage: true,\n labels: {\n example_label_key: \"example_label_value\",\n },\n mappingPipelineJob: {\n mappingConfig: {\n whistleConfigSource: {\n uri: pulumi.interpolate`gs://${bucket.name}/${mappingFile.name}`,\n importUriPrefix: pulumi.interpolate`gs://${bucket.name}`,\n },\n description: \"example description for mapping configuration\",\n },\n fhirStreamingSource: {\n fhirStore: pulumi.interpolate`${dataset.id}/fhirStores/${sourceFhirstore.name}`,\n description: \"example description for streaming fhirstore\",\n },\n reconciliationDestination: true,\n },\n}, {\n dependsOn: [recon],\n});\nconst hsa = new gcp.storage.BucketIAMMember(\"hsa\", {\n bucket: bucket.name,\n role: \"roles/storage.objectUser\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-healthcare.iam.gserviceaccount.com`),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ndataset = gcp.healthcare.Dataset(\"dataset\",\n name=\"example_dataset\",\n location=\"us-central1\")\ndest_fhirstore = gcp.healthcare.FhirStore(\"dest_fhirstore\",\n name=\"dest_fhir_store\",\n dataset=dataset.id,\n version=\"R4\",\n enable_update_create=True,\n disable_referential_integrity=True)\nbucket = gcp.storage.Bucket(\"bucket\",\n name=\"example_bucket_name\",\n location=\"us-central1\",\n uniform_bucket_level_access=True)\nmerge_file = gcp.storage.BucketObject(\"merge_file\",\n name=\"merge.wstl\",\n content=\" \",\n bucket=bucket.name)\nrecon = gcp.healthcare.PipelineJob(\"recon\",\n name=\"example_recon_pipeline_job\",\n location=\"us-central1\",\n dataset=dataset.id,\n disable_lineage=True,\n reconciliation_pipeline_job={\n \"merge_config\": {\n \"description\": \"sample description for reconciliation rules\",\n \"whistle_config_source\": {\n \"uri\": pulumi.Output.all(\n bucketName=bucket.name,\n mergeFileName=merge_file.name\n).apply(lambda resolved_outputs: f\"gs://{resolved_outputs['bucketName']}/{resolved_outputs['mergeFileName']}\")\n,\n \"import_uri_prefix\": bucket.name.apply(lambda name: f\"gs://{name}\"),\n },\n },\n \"matching_uri_prefix\": bucket.name.apply(lambda name: f\"gs://{name}\"),\n \"fhir_store_destination\": pulumi.Output.all(\n id=dataset.id,\n name=dest_fhirstore.name\n).apply(lambda resolved_outputs: f\"{resolved_outputs['id']}/fhirStores/{resolved_outputs['name']}\")\n,\n })\nsource_fhirstore = gcp.healthcare.FhirStore(\"source_fhirstore\",\n name=\"source_fhir_store\",\n dataset=dataset.id,\n version=\"R4\",\n enable_update_create=True,\n disable_referential_integrity=True)\nmapping_file = gcp.storage.BucketObject(\"mapping_file\",\n name=\"mapping.wstl\",\n content=\" \",\n bucket=bucket.name)\nexample_mapping_pipeline = gcp.healthcare.PipelineJob(\"example-mapping-pipeline\",\n name=\"example_mapping_pipeline_job\",\n location=\"us-central1\",\n dataset=dataset.id,\n disable_lineage=True,\n labels={\n \"example_label_key\": \"example_label_value\",\n },\n mapping_pipeline_job={\n \"mapping_config\": {\n \"whistle_config_source\": {\n \"uri\": pulumi.Output.all(\n bucketName=bucket.name,\n mappingFileName=mapping_file.name\n).apply(lambda resolved_outputs: f\"gs://{resolved_outputs['bucketName']}/{resolved_outputs['mappingFileName']}\")\n,\n \"import_uri_prefix\": bucket.name.apply(lambda name: f\"gs://{name}\"),\n },\n \"description\": \"example description for mapping configuration\",\n },\n \"fhir_streaming_source\": {\n \"fhir_store\": pulumi.Output.all(\n id=dataset.id,\n name=source_fhirstore.name\n).apply(lambda resolved_outputs: f\"{resolved_outputs['id']}/fhirStores/{resolved_outputs['name']}\")\n,\n \"description\": \"example description for streaming fhirstore\",\n },\n \"reconciliation_destination\": True,\n },\n opts = pulumi.ResourceOptions(depends_on=[recon]))\nhsa = gcp.storage.BucketIAMMember(\"hsa\",\n bucket=bucket.name,\n role=\"roles/storage.objectUser\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-healthcare.iam.gserviceaccount.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var dataset = new Gcp.Healthcare.Dataset(\"dataset\", new()\n {\n Name = \"example_dataset\",\n Location = \"us-central1\",\n });\n\n var destFhirstore = new Gcp.Healthcare.FhirStore(\"dest_fhirstore\", new()\n {\n Name = \"dest_fhir_store\",\n Dataset = dataset.Id,\n Version = \"R4\",\n EnableUpdateCreate = true,\n DisableReferentialIntegrity = true,\n });\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = \"example_bucket_name\",\n Location = \"us-central1\",\n UniformBucketLevelAccess = true,\n });\n\n var mergeFile = new Gcp.Storage.BucketObject(\"merge_file\", new()\n {\n Name = \"merge.wstl\",\n Content = \" \",\n Bucket = bucket.Name,\n });\n\n var recon = new Gcp.Healthcare.PipelineJob(\"recon\", new()\n {\n Name = \"example_recon_pipeline_job\",\n Location = \"us-central1\",\n Dataset = dataset.Id,\n DisableLineage = true,\n ReconciliationPipelineJob = new Gcp.Healthcare.Inputs.PipelineJobReconciliationPipelineJobArgs\n {\n MergeConfig = new Gcp.Healthcare.Inputs.PipelineJobReconciliationPipelineJobMergeConfigArgs\n {\n Description = \"sample description for reconciliation rules\",\n WhistleConfigSource = new Gcp.Healthcare.Inputs.PipelineJobReconciliationPipelineJobMergeConfigWhistleConfigSourceArgs\n {\n Uri = Output.Tuple(bucket.Name, mergeFile.Name).Apply(values =\u003e\n {\n var bucketName = values.Item1;\n var mergeFileName = values.Item2;\n return $\"gs://{bucketName}/{mergeFileName}\";\n }),\n ImportUriPrefix = bucket.Name.Apply(name =\u003e $\"gs://{name}\"),\n },\n },\n MatchingUriPrefix = bucket.Name.Apply(name =\u003e $\"gs://{name}\"),\n FhirStoreDestination = Output.Tuple(dataset.Id, destFhirstore.Name).Apply(values =\u003e\n {\n var id = values.Item1;\n var name = values.Item2;\n return $\"{id}/fhirStores/{name}\";\n }),\n },\n });\n\n var sourceFhirstore = new Gcp.Healthcare.FhirStore(\"source_fhirstore\", new()\n {\n Name = \"source_fhir_store\",\n Dataset = dataset.Id,\n Version = \"R4\",\n EnableUpdateCreate = true,\n DisableReferentialIntegrity = true,\n });\n\n var mappingFile = new Gcp.Storage.BucketObject(\"mapping_file\", new()\n {\n Name = \"mapping.wstl\",\n Content = \" \",\n Bucket = bucket.Name,\n });\n\n var example_mapping_pipeline = new Gcp.Healthcare.PipelineJob(\"example-mapping-pipeline\", new()\n {\n Name = \"example_mapping_pipeline_job\",\n Location = \"us-central1\",\n Dataset = dataset.Id,\n DisableLineage = true,\n Labels = \n {\n { \"example_label_key\", \"example_label_value\" },\n },\n MappingPipelineJob = new Gcp.Healthcare.Inputs.PipelineJobMappingPipelineJobArgs\n {\n MappingConfig = new Gcp.Healthcare.Inputs.PipelineJobMappingPipelineJobMappingConfigArgs\n {\n WhistleConfigSource = new Gcp.Healthcare.Inputs.PipelineJobMappingPipelineJobMappingConfigWhistleConfigSourceArgs\n {\n Uri = Output.Tuple(bucket.Name, mappingFile.Name).Apply(values =\u003e\n {\n var bucketName = values.Item1;\n var mappingFileName = values.Item2;\n return $\"gs://{bucketName}/{mappingFileName}\";\n }),\n ImportUriPrefix = bucket.Name.Apply(name =\u003e $\"gs://{name}\"),\n },\n Description = \"example description for mapping configuration\",\n },\n FhirStreamingSource = new Gcp.Healthcare.Inputs.PipelineJobMappingPipelineJobFhirStreamingSourceArgs\n {\n FhirStore = Output.Tuple(dataset.Id, sourceFhirstore.Name).Apply(values =\u003e\n {\n var id = values.Item1;\n var name = values.Item2;\n return $\"{id}/fhirStores/{name}\";\n }),\n Description = \"example description for streaming fhirstore\",\n },\n ReconciliationDestination = true,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n recon,\n },\n });\n\n var hsa = new Gcp.Storage.BucketIAMMember(\"hsa\", new()\n {\n Bucket = bucket.Name,\n Role = \"roles/storage.objectUser\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-healthcare.iam.gserviceaccount.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdataset, err := healthcare.NewDataset(ctx, \"dataset\", \u0026healthcare.DatasetArgs{\n\t\t\tName: pulumi.String(\"example_dataset\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestFhirstore, err := healthcare.NewFhirStore(ctx, \"dest_fhirstore\", \u0026healthcare.FhirStoreArgs{\n\t\t\tName: pulumi.String(\"dest_fhir_store\"),\n\t\t\tDataset: dataset.ID(),\n\t\t\tVersion: pulumi.String(\"R4\"),\n\t\t\tEnableUpdateCreate: pulumi.Bool(true),\n\t\t\tDisableReferentialIntegrity: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"example_bucket_name\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmergeFile, err := storage.NewBucketObject(ctx, \"merge_file\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"merge.wstl\"),\n\t\t\tContent: pulumi.String(\" \"),\n\t\t\tBucket: bucket.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trecon, err := healthcare.NewPipelineJob(ctx, \"recon\", \u0026healthcare.PipelineJobArgs{\n\t\t\tName: pulumi.String(\"example_recon_pipeline_job\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDataset: dataset.ID(),\n\t\t\tDisableLineage: pulumi.Bool(true),\n\t\t\tReconciliationPipelineJob: \u0026healthcare.PipelineJobReconciliationPipelineJobArgs{\n\t\t\t\tMergeConfig: \u0026healthcare.PipelineJobReconciliationPipelineJobMergeConfigArgs{\n\t\t\t\t\tDescription: pulumi.String(\"sample description for reconciliation rules\"),\n\t\t\t\t\tWhistleConfigSource: \u0026healthcare.PipelineJobReconciliationPipelineJobMergeConfigWhistleConfigSourceArgs{\n\t\t\t\t\t\tUri: pulumi.All(bucket.Name, mergeFile.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\t\tbucketName := _args[0].(string)\n\t\t\t\t\t\t\tmergeFileName := _args[1].(string)\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/%v\", bucketName, mergeFileName), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\tImportUriPrefix: bucket.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v\", name), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tMatchingUriPrefix: bucket.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"gs://%v\", name), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\tFhirStoreDestination: pulumi.All(dataset.ID(), destFhirstore.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\tid := _args[0].(string)\n\t\t\t\t\tname := _args[1].(string)\n\t\t\t\t\treturn fmt.Sprintf(\"%v/fhirStores/%v\", id, name), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceFhirstore, err := healthcare.NewFhirStore(ctx, \"source_fhirstore\", \u0026healthcare.FhirStoreArgs{\n\t\t\tName: pulumi.String(\"source_fhir_store\"),\n\t\t\tDataset: dataset.ID(),\n\t\t\tVersion: pulumi.String(\"R4\"),\n\t\t\tEnableUpdateCreate: pulumi.Bool(true),\n\t\t\tDisableReferentialIntegrity: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmappingFile, err := storage.NewBucketObject(ctx, \"mapping_file\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"mapping.wstl\"),\n\t\t\tContent: pulumi.String(\" \"),\n\t\t\tBucket: bucket.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewPipelineJob(ctx, \"example-mapping-pipeline\", \u0026healthcare.PipelineJobArgs{\n\t\t\tName: pulumi.String(\"example_mapping_pipeline_job\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDataset: dataset.ID(),\n\t\t\tDisableLineage: pulumi.Bool(true),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"example_label_key\": pulumi.String(\"example_label_value\"),\n\t\t\t},\n\t\t\tMappingPipelineJob: \u0026healthcare.PipelineJobMappingPipelineJobArgs{\n\t\t\t\tMappingConfig: \u0026healthcare.PipelineJobMappingPipelineJobMappingConfigArgs{\n\t\t\t\t\tWhistleConfigSource: \u0026healthcare.PipelineJobMappingPipelineJobMappingConfigWhistleConfigSourceArgs{\n\t\t\t\t\t\tUri: pulumi.All(bucket.Name, mappingFile.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\t\tbucketName := _args[0].(string)\n\t\t\t\t\t\t\tmappingFileName := _args[1].(string)\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/%v\", bucketName, mappingFileName), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\tImportUriPrefix: bucket.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v\", name), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t\tDescription: pulumi.String(\"example description for mapping configuration\"),\n\t\t\t\t},\n\t\t\t\tFhirStreamingSource: \u0026healthcare.PipelineJobMappingPipelineJobFhirStreamingSourceArgs{\n\t\t\t\t\tFhirStore: pulumi.All(dataset.ID(), sourceFhirstore.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\tid := _args[0].(string)\n\t\t\t\t\t\tname := _args[1].(string)\n\t\t\t\t\t\treturn fmt.Sprintf(\"%v/fhirStores/%v\", id, name), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\tDescription: pulumi.String(\"example description for streaming fhirstore\"),\n\t\t\t\t},\n\t\t\t\tReconciliationDestination: pulumi.Bool(true),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\trecon,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMMember(ctx, \"hsa\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: bucket.Name,\n\t\t\tRole: pulumi.String(\"roles/storage.objectUser\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-healthcare.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.healthcare.Dataset;\nimport com.pulumi.gcp.healthcare.DatasetArgs;\nimport com.pulumi.gcp.healthcare.FhirStore;\nimport com.pulumi.gcp.healthcare.FhirStoreArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.healthcare.PipelineJob;\nimport com.pulumi.gcp.healthcare.PipelineJobArgs;\nimport com.pulumi.gcp.healthcare.inputs.PipelineJobReconciliationPipelineJobArgs;\nimport com.pulumi.gcp.healthcare.inputs.PipelineJobReconciliationPipelineJobMergeConfigArgs;\nimport com.pulumi.gcp.healthcare.inputs.PipelineJobReconciliationPipelineJobMergeConfigWhistleConfigSourceArgs;\nimport com.pulumi.gcp.healthcare.inputs.PipelineJobMappingPipelineJobArgs;\nimport com.pulumi.gcp.healthcare.inputs.PipelineJobMappingPipelineJobMappingConfigArgs;\nimport com.pulumi.gcp.healthcare.inputs.PipelineJobMappingPipelineJobMappingConfigWhistleConfigSourceArgs;\nimport com.pulumi.gcp.healthcare.inputs.PipelineJobMappingPipelineJobFhirStreamingSourceArgs;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder()\n .name(\"example_dataset\")\n .location(\"us-central1\")\n .build());\n\n var destFhirstore = new FhirStore(\"destFhirstore\", FhirStoreArgs.builder()\n .name(\"dest_fhir_store\")\n .dataset(dataset.id())\n .version(\"R4\")\n .enableUpdateCreate(true)\n .disableReferentialIntegrity(true)\n .build());\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(\"example_bucket_name\")\n .location(\"us-central1\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var mergeFile = new BucketObject(\"mergeFile\", BucketObjectArgs.builder()\n .name(\"merge.wstl\")\n .content(\" \")\n .bucket(bucket.name())\n .build());\n\n var recon = new PipelineJob(\"recon\", PipelineJobArgs.builder()\n .name(\"example_recon_pipeline_job\")\n .location(\"us-central1\")\n .dataset(dataset.id())\n .disableLineage(true)\n .reconciliationPipelineJob(PipelineJobReconciliationPipelineJobArgs.builder()\n .mergeConfig(PipelineJobReconciliationPipelineJobMergeConfigArgs.builder()\n .description(\"sample description for reconciliation rules\")\n .whistleConfigSource(PipelineJobReconciliationPipelineJobMergeConfigWhistleConfigSourceArgs.builder()\n .uri(Output.tuple(bucket.name(), mergeFile.name()).applyValue(values -\u003e {\n var bucketName = values.t1;\n var mergeFileName = values.t2;\n return String.format(\"gs://%s/%s\", bucketName,mergeFileName);\n }))\n .importUriPrefix(bucket.name().applyValue(name -\u003e String.format(\"gs://%s\", name)))\n .build())\n .build())\n .matchingUriPrefix(bucket.name().applyValue(name -\u003e String.format(\"gs://%s\", name)))\n .fhirStoreDestination(Output.tuple(dataset.id(), destFhirstore.name()).applyValue(values -\u003e {\n var id = values.t1;\n var name = values.t2;\n return String.format(\"%s/fhirStores/%s\", id,name);\n }))\n .build())\n .build());\n\n var sourceFhirstore = new FhirStore(\"sourceFhirstore\", FhirStoreArgs.builder()\n .name(\"source_fhir_store\")\n .dataset(dataset.id())\n .version(\"R4\")\n .enableUpdateCreate(true)\n .disableReferentialIntegrity(true)\n .build());\n\n var mappingFile = new BucketObject(\"mappingFile\", BucketObjectArgs.builder()\n .name(\"mapping.wstl\")\n .content(\" \")\n .bucket(bucket.name())\n .build());\n\n var example_mapping_pipeline = new PipelineJob(\"example-mapping-pipeline\", PipelineJobArgs.builder()\n .name(\"example_mapping_pipeline_job\")\n .location(\"us-central1\")\n .dataset(dataset.id())\n .disableLineage(true)\n .labels(Map.of(\"example_label_key\", \"example_label_value\"))\n .mappingPipelineJob(PipelineJobMappingPipelineJobArgs.builder()\n .mappingConfig(PipelineJobMappingPipelineJobMappingConfigArgs.builder()\n .whistleConfigSource(PipelineJobMappingPipelineJobMappingConfigWhistleConfigSourceArgs.builder()\n .uri(Output.tuple(bucket.name(), mappingFile.name()).applyValue(values -\u003e {\n var bucketName = values.t1;\n var mappingFileName = values.t2;\n return String.format(\"gs://%s/%s\", bucketName,mappingFileName);\n }))\n .importUriPrefix(bucket.name().applyValue(name -\u003e String.format(\"gs://%s\", name)))\n .build())\n .description(\"example description for mapping configuration\")\n .build())\n .fhirStreamingSource(PipelineJobMappingPipelineJobFhirStreamingSourceArgs.builder()\n .fhirStore(Output.tuple(dataset.id(), sourceFhirstore.name()).applyValue(values -\u003e {\n var id = values.t1;\n var name = values.t2;\n return String.format(\"%s/fhirStores/%s\", id,name);\n }))\n .description(\"example description for streaming fhirstore\")\n .build())\n .reconciliationDestination(true)\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(recon)\n .build());\n\n var hsa = new BucketIAMMember(\"hsa\", BucketIAMMemberArgs.builder()\n .bucket(bucket.name())\n .role(\"roles/storage.objectUser\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-healthcare.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n recon:\n type: gcp:healthcare:PipelineJob\n properties:\n name: example_recon_pipeline_job\n location: us-central1\n dataset: ${dataset.id}\n disableLineage: true\n reconciliationPipelineJob:\n mergeConfig:\n description: sample description for reconciliation rules\n whistleConfigSource:\n uri: gs://${bucket.name}/${mergeFile.name}\n importUriPrefix: gs://${bucket.name}\n matchingUriPrefix: gs://${bucket.name}\n fhirStoreDestination: ${dataset.id}/fhirStores/${destFhirstore.name}\n example-mapping-pipeline:\n type: gcp:healthcare:PipelineJob\n properties:\n name: example_mapping_pipeline_job\n location: us-central1\n dataset: ${dataset.id}\n disableLineage: true\n labels:\n example_label_key: example_label_value\n mappingPipelineJob:\n mappingConfig:\n whistleConfigSource:\n uri: gs://${bucket.name}/${mappingFile.name}\n importUriPrefix: gs://${bucket.name}\n description: example description for mapping configuration\n fhirStreamingSource:\n fhirStore: ${dataset.id}/fhirStores/${sourceFhirstore.name}\n description: example description for streaming fhirstore\n reconciliationDestination: true\n options:\n dependsOn:\n - ${recon}\n dataset:\n type: gcp:healthcare:Dataset\n properties:\n name: example_dataset\n location: us-central1\n sourceFhirstore:\n type: gcp:healthcare:FhirStore\n name: source_fhirstore\n properties:\n name: source_fhir_store\n dataset: ${dataset.id}\n version: R4\n enableUpdateCreate: true\n disableReferentialIntegrity: true\n destFhirstore:\n type: gcp:healthcare:FhirStore\n name: dest_fhirstore\n properties:\n name: dest_fhir_store\n dataset: ${dataset.id}\n version: R4\n enableUpdateCreate: true\n disableReferentialIntegrity: true\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: example_bucket_name\n location: us-central1\n uniformBucketLevelAccess: true\n mappingFile:\n type: gcp:storage:BucketObject\n name: mapping_file\n properties:\n name: mapping.wstl\n content: ' '\n bucket: ${bucket.name}\n mergeFile:\n type: gcp:storage:BucketObject\n name: merge_file\n properties:\n name: merge.wstl\n content: ' '\n bucket: ${bucket.name}\n hsa:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${bucket.name}\n role: roles/storage.objectUser\n member: serviceAccount:service-${project.number}@gcp-sa-healthcare.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nPipelineJob can be imported using any of these accepted formats:\n\n* `{{dataset}}/pipelineJobs/{{name}}`\n\n* `{{dataset}}/pipelineJobs?pipelineJobId={{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, PipelineJob can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:healthcare/pipelineJob:PipelineJob default {{dataset}}/pipelineJobs/{{name}}\n```\n\n```sh\n$ pulumi import gcp:healthcare/pipelineJob:PipelineJob default {{dataset}}/pipelineJobs?pipelineJobId={{name}}\n```\n\n```sh\n$ pulumi import gcp:healthcare/pipelineJob:PipelineJob default {{name}}\n```\n\n", "properties": { "backfillPipelineJob": { "$ref": "#/types/gcp:healthcare/PipelineJobBackfillPipelineJob:PipelineJobBackfillPipelineJob", @@ -223265,7 +223265,7 @@ } }, "gcp:iam/accessBoundaryPolicy:AccessBoundaryPolicy": { - "description": "Represents a collection of access boundary policies to apply to a given resource.\n**NOTE**: This is a private feature and users should contact GCP support\nif they would like to test it.\n\n\n\n## Example Usage\n\n### Iam Access Boundary Policy Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst project = new gcp.organizations.Project(\"project\", {\n projectId: \"my-project\",\n name: \"my-project\",\n orgId: \"123456789\",\n billingAccount: \"000000-0000000-0000000-000000\",\n deletionPolicy: \"DELETE\",\n});\nconst access_policy = new gcp.accesscontextmanager.AccessPolicy(\"access-policy\", {\n parent: project.orgId.apply(orgId =\u003e `organizations/${orgId}`),\n title: \"my policy\",\n});\nconst test_access = new gcp.accesscontextmanager.AccessLevel(\"test-access\", {\n parent: pulumi.interpolate`accessPolicies/${access_policy.name}`,\n name: pulumi.interpolate`accessPolicies/${access_policy.name}/accessLevels/chromeos_no_lock`,\n title: \"chromeos_no_lock\",\n basic: {\n conditions: [{\n devicePolicy: {\n requireScreenLock: true,\n osConstraints: [{\n osType: \"DESKTOP_CHROME_OS\",\n }],\n },\n regions: [\n \"CH\",\n \"IT\",\n \"US\",\n ],\n }],\n },\n});\nconst example = new gcp.iam.AccessBoundaryPolicy(\"example\", {\n parent: std.urlencodeOutput({\n input: pulumi.interpolate`cloudresourcemanager.googleapis.com/projects/${project.projectId}`,\n }).apply(invoke =\u003e invoke.result),\n name: \"my-ab-policy\",\n displayName: \"My AB policy\",\n rules: [{\n description: \"AB rule\",\n accessBoundaryRule: {\n availableResource: \"*\",\n availablePermissions: [\"*\"],\n availabilityCondition: {\n title: \"Access level expr\",\n expression: pulumi.all([project.orgId, test_access.name]).apply(([orgId, name]) =\u003e `request.matchAccessLevels('${orgId}', ['${name}'])`),\n },\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nproject = gcp.organizations.Project(\"project\",\n project_id=\"my-project\",\n name=\"my-project\",\n org_id=\"123456789\",\n billing_account=\"000000-0000000-0000000-000000\",\n deletion_policy=\"DELETE\")\naccess_policy = gcp.accesscontextmanager.AccessPolicy(\"access-policy\",\n parent=project.org_id.apply(lambda org_id: f\"organizations/{org_id}\"),\n title=\"my policy\")\ntest_access = gcp.accesscontextmanager.AccessLevel(\"test-access\",\n parent=access_policy.name.apply(lambda name: f\"accessPolicies/{name}\"),\n name=access_policy.name.apply(lambda name: f\"accessPolicies/{name}/accessLevels/chromeos_no_lock\"),\n title=\"chromeos_no_lock\",\n basic={\n \"conditions\": [{\n \"device_policy\": {\n \"require_screen_lock\": True,\n \"os_constraints\": [{\n \"os_type\": \"DESKTOP_CHROME_OS\",\n }],\n },\n \"regions\": [\n \"CH\",\n \"IT\",\n \"US\",\n ],\n }],\n })\nexample = gcp.iam.AccessBoundaryPolicy(\"example\",\n parent=std.urlencode_output(input=project.project_id.apply(lambda project_id: f\"cloudresourcemanager.googleapis.com/projects/{project_id}\")).apply(lambda invoke: invoke.result),\n name=\"my-ab-policy\",\n display_name=\"My AB policy\",\n rules=[{\n \"description\": \"AB rule\",\n \"access_boundary_rule\": {\n \"available_resource\": \"*\",\n \"available_permissions\": [\"*\"],\n \"availability_condition\": {\n \"title\": \"Access level expr\",\n \"expression\": pulumi.Output.all(\n org_id=project.org_id,\n name=test_access.name\n).apply(lambda resolved_outputs: f\"request.matchAccessLevels('{resolved_outputs['org_id']}', ['{resolved_outputs['name']}'])\")\n,\n },\n },\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Organizations.Project(\"project\", new()\n {\n ProjectId = \"my-project\",\n Name = \"my-project\",\n OrgId = \"123456789\",\n BillingAccount = \"000000-0000000-0000000-000000\",\n DeletionPolicy = \"DELETE\",\n });\n\n var access_policy = new Gcp.AccessContextManager.AccessPolicy(\"access-policy\", new()\n {\n Parent = project.OrgId.Apply(orgId =\u003e $\"organizations/{orgId}\"),\n Title = \"my policy\",\n });\n\n var test_access = new Gcp.AccessContextManager.AccessLevel(\"test-access\", new()\n {\n Parent = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}\"),\n Name = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}/accessLevels/chromeos_no_lock\"),\n Title = \"chromeos_no_lock\",\n Basic = new Gcp.AccessContextManager.Inputs.AccessLevelBasicArgs\n {\n Conditions = new[]\n {\n new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionArgs\n {\n DevicePolicy = new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionDevicePolicyArgs\n {\n RequireScreenLock = true,\n OsConstraints = new[]\n {\n new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionDevicePolicyOsConstraintArgs\n {\n OsType = \"DESKTOP_CHROME_OS\",\n },\n },\n },\n Regions = new[]\n {\n \"CH\",\n \"IT\",\n \"US\",\n },\n },\n },\n },\n });\n\n var example = new Gcp.Iam.AccessBoundaryPolicy(\"example\", new()\n {\n Parent = Std.Urlencode.Invoke(new()\n {\n Input = project.ProjectId.Apply(projectId =\u003e $\"cloudresourcemanager.googleapis.com/projects/{projectId}\"),\n }).Apply(invoke =\u003e invoke.Result),\n Name = \"my-ab-policy\",\n DisplayName = \"My AB policy\",\n Rules = new[]\n {\n new Gcp.Iam.Inputs.AccessBoundaryPolicyRuleArgs\n {\n Description = \"AB rule\",\n AccessBoundaryRule = new Gcp.Iam.Inputs.AccessBoundaryPolicyRuleAccessBoundaryRuleArgs\n {\n AvailableResource = \"*\",\n AvailablePermissions = new[]\n {\n \"*\",\n },\n AvailabilityCondition = new Gcp.Iam.Inputs.AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs\n {\n Title = \"Access level expr\",\n Expression = Output.Tuple(project.OrgId, test_access.Name).Apply(values =\u003e\n {\n var orgId = values.Item1;\n var name = values.Item2;\n return $\"request.matchAccessLevels('{orgId}', ['{name}'])\";\n }),\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.NewProject(ctx, \"project\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"my-project\"),\n\t\t\tName: pulumi.String(\"my-project\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tBillingAccount: pulumi.String(\"000000-0000000-0000000-000000\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewAccessPolicy(ctx, \"access-policy\", \u0026accesscontextmanager.AccessPolicyArgs{\n\t\t\tParent: project.OrgId.ApplyT(func(orgId *string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"organizations/%v\", orgId), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tTitle: pulumi.String(\"my policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewAccessLevel(ctx, \"test-access\", \u0026accesscontextmanager.AccessLevelArgs{\n\t\t\tParent: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tName: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v/accessLevels/chromeos_no_lock\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tTitle: pulumi.String(\"chromeos_no_lock\"),\n\t\t\tBasic: \u0026accesscontextmanager.AccessLevelBasicArgs{\n\t\t\t\tConditions: accesscontextmanager.AccessLevelBasicConditionArray{\n\t\t\t\t\t\u0026accesscontextmanager.AccessLevelBasicConditionArgs{\n\t\t\t\t\t\tDevicePolicy: \u0026accesscontextmanager.AccessLevelBasicConditionDevicePolicyArgs{\n\t\t\t\t\t\t\tRequireScreenLock: pulumi.Bool(true),\n\t\t\t\t\t\t\tOsConstraints: accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArray{\n\t\t\t\t\t\t\t\t\u0026accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArgs{\n\t\t\t\t\t\t\t\t\tOsType: pulumi.String(\"DESKTOP_CHROME_OS\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tRegions: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"CH\"),\n\t\t\t\t\t\t\tpulumi.String(\"IT\"),\n\t\t\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewAccessBoundaryPolicy(ctx, \"example\", \u0026iam.AccessBoundaryPolicyArgs{\n\t\t\tParent: pulumi.String(std.UrlencodeOutput(ctx, std.UrlencodeOutputArgs{\n\t\t\t\tInput: project.ProjectId.ApplyT(func(projectId string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"cloudresourcemanager.googleapis.com/projects/%v\", projectId), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t}, nil).ApplyT(func(invoke std.UrlencodeResult) (*string, error) {\n\t\t\t\treturn invoke.Result, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\tName: pulumi.String(\"my-ab-policy\"),\n\t\t\tDisplayName: pulumi.String(\"My AB policy\"),\n\t\t\tRules: iam.AccessBoundaryPolicyRuleArray{\n\t\t\t\t\u0026iam.AccessBoundaryPolicyRuleArgs{\n\t\t\t\t\tDescription: pulumi.String(\"AB rule\"),\n\t\t\t\t\tAccessBoundaryRule: \u0026iam.AccessBoundaryPolicyRuleAccessBoundaryRuleArgs{\n\t\t\t\t\t\tAvailableResource: pulumi.String(\"*\"),\n\t\t\t\t\t\tAvailablePermissions: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"*\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tAvailabilityCondition: \u0026iam.AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs{\n\t\t\t\t\t\t\tTitle: pulumi.String(\"Access level expr\"),\n\t\t\t\t\t\t\tExpression: pulumi.All(project.OrgId, test_access.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\t\t\torgId := _args[0].(*string)\n\t\t\t\t\t\t\t\tname := _args[1].(string)\n\t\t\t\t\t\t\t\treturn fmt.Sprintf(\"request.matchAccessLevels('%v', ['%v'])\", orgId, name), nil\n\t\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicy;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessLevel;\nimport com.pulumi.gcp.accesscontextmanager.AccessLevelArgs;\nimport com.pulumi.gcp.accesscontextmanager.inputs.AccessLevelBasicArgs;\nimport com.pulumi.gcp.iam.AccessBoundaryPolicy;\nimport com.pulumi.gcp.iam.AccessBoundaryPolicyArgs;\nimport com.pulumi.gcp.iam.inputs.AccessBoundaryPolicyRuleArgs;\nimport com.pulumi.gcp.iam.inputs.AccessBoundaryPolicyRuleAccessBoundaryRuleArgs;\nimport com.pulumi.gcp.iam.inputs.AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new Project(\"project\", ProjectArgs.builder()\n .projectId(\"my-project\")\n .name(\"my-project\")\n .orgId(\"123456789\")\n .billingAccount(\"000000-0000000-0000000-000000\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var access_policy = new AccessPolicy(\"access-policy\", AccessPolicyArgs.builder()\n .parent(project.orgId().applyValue(orgId -\u003e String.format(\"organizations/%s\", orgId)))\n .title(\"my policy\")\n .build());\n\n var test_access = new AccessLevel(\"test-access\", AccessLevelArgs.builder()\n .parent(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s\", name)))\n .name(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s/accessLevels/chromeos_no_lock\", name)))\n .title(\"chromeos_no_lock\")\n .basic(AccessLevelBasicArgs.builder()\n .conditions(AccessLevelBasicConditionArgs.builder()\n .devicePolicy(AccessLevelBasicConditionDevicePolicyArgs.builder()\n .requireScreenLock(true)\n .osConstraints(AccessLevelBasicConditionDevicePolicyOsConstraintArgs.builder()\n .osType(\"DESKTOP_CHROME_OS\")\n .build())\n .build())\n .regions( \n \"CH\",\n \"IT\",\n \"US\")\n .build())\n .build())\n .build());\n\n var example = new AccessBoundaryPolicy(\"example\", AccessBoundaryPolicyArgs.builder()\n .parent(StdFunctions.urlencode().applyValue(invoke -\u003e invoke.result()))\n .name(\"my-ab-policy\")\n .displayName(\"My AB policy\")\n .rules(AccessBoundaryPolicyRuleArgs.builder()\n .description(\"AB rule\")\n .accessBoundaryRule(AccessBoundaryPolicyRuleAccessBoundaryRuleArgs.builder()\n .availableResource(\"*\")\n .availablePermissions(\"*\")\n .availabilityCondition(AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs.builder()\n .title(\"Access level expr\")\n .expression(Output.tuple(project.orgId(), test_access.name()).applyValue(values -\u003e {\n var orgId = values.t1;\n var name = values.t2;\n return String.format(\"request.matchAccessLevels('%s', ['%s'])\", orgId,name);\n }))\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:organizations:Project\n properties:\n projectId: my-project\n name: my-project\n orgId: '123456789'\n billingAccount: 000000-0000000-0000000-000000\n deletionPolicy: DELETE\n test-access:\n type: gcp:accesscontextmanager:AccessLevel\n properties:\n parent: accessPolicies/${[\"access-policy\"].name}\n name: accessPolicies/${[\"access-policy\"].name}/accessLevels/chromeos_no_lock\n title: chromeos_no_lock\n basic:\n conditions:\n - devicePolicy:\n requireScreenLock: true\n osConstraints:\n - osType: DESKTOP_CHROME_OS\n regions:\n - CH\n - IT\n - US\n access-policy:\n type: gcp:accesscontextmanager:AccessPolicy\n properties:\n parent: organizations/${project.orgId}\n title: my policy\n example:\n type: gcp:iam:AccessBoundaryPolicy\n properties:\n parent:\n fn::invoke:\n Function: std:urlencode\n Arguments:\n input: cloudresourcemanager.googleapis.com/projects/${project.projectId}\n Return: result\n name: my-ab-policy\n displayName: My AB policy\n rules:\n - description: AB rule\n accessBoundaryRule:\n availableResource: '*'\n availablePermissions:\n - '*'\n availabilityCondition:\n title: Access level expr\n expression: request.matchAccessLevels('${project.orgId}', ['${[\"test-access\"].name}'])\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAccessBoundaryPolicy can be imported using any of these accepted formats:\n\n* `{{parent}}/{{name}}`\n\nWhen using the `pulumi import` command, AccessBoundaryPolicy can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:iam/accessBoundaryPolicy:AccessBoundaryPolicy default {{parent}}/{{name}}\n```\n\n", + "description": "Represents a collection of access boundary policies to apply to a given resource.\n**NOTE**: This is a private feature and users should contact GCP support\nif they would like to test it.\n\n\n\n## Example Usage\n\n### Iam Access Boundary Policy Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst project = new gcp.organizations.Project(\"project\", {\n projectId: \"my-project\",\n name: \"my-project\",\n orgId: \"123456789\",\n billingAccount: \"000000-0000000-0000000-000000\",\n deletionPolicy: \"DELETE\",\n});\nconst access_policy = new gcp.accesscontextmanager.AccessPolicy(\"access-policy\", {\n parent: project.orgId.apply(orgId =\u003e `organizations/${orgId}`),\n title: \"my policy\",\n});\nconst test_access = new gcp.accesscontextmanager.AccessLevel(\"test-access\", {\n parent: pulumi.interpolate`accessPolicies/${access_policy.name}`,\n name: pulumi.interpolate`accessPolicies/${access_policy.name}/accessLevels/chromeos_no_lock`,\n title: \"chromeos_no_lock\",\n basic: {\n conditions: [{\n devicePolicy: {\n requireScreenLock: true,\n osConstraints: [{\n osType: \"DESKTOP_CHROME_OS\",\n }],\n },\n regions: [\n \"CH\",\n \"IT\",\n \"US\",\n ],\n }],\n },\n});\nconst example = new gcp.iam.AccessBoundaryPolicy(\"example\", {\n parent: std.urlencodeOutput({\n input: pulumi.interpolate`cloudresourcemanager.googleapis.com/projects/${project.projectId}`,\n }).apply(invoke =\u003e invoke.result),\n name: \"my-ab-policy\",\n displayName: \"My AB policy\",\n rules: [{\n description: \"AB rule\",\n accessBoundaryRule: {\n availableResource: \"*\",\n availablePermissions: [\"*\"],\n availabilityCondition: {\n title: \"Access level expr\",\n expression: pulumi.all([project.orgId, test_access.name]).apply(([orgId, name]) =\u003e `request.matchAccessLevels('${orgId}', ['${name}'])`),\n },\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nproject = gcp.organizations.Project(\"project\",\n project_id=\"my-project\",\n name=\"my-project\",\n org_id=\"123456789\",\n billing_account=\"000000-0000000-0000000-000000\",\n deletion_policy=\"DELETE\")\naccess_policy = gcp.accesscontextmanager.AccessPolicy(\"access-policy\",\n parent=project.org_id.apply(lambda org_id: f\"organizations/{org_id}\"),\n title=\"my policy\")\ntest_access = gcp.accesscontextmanager.AccessLevel(\"test-access\",\n parent=access_policy.name.apply(lambda name: f\"accessPolicies/{name}\"),\n name=access_policy.name.apply(lambda name: f\"accessPolicies/{name}/accessLevels/chromeos_no_lock\"),\n title=\"chromeos_no_lock\",\n basic={\n \"conditions\": [{\n \"device_policy\": {\n \"require_screen_lock\": True,\n \"os_constraints\": [{\n \"os_type\": \"DESKTOP_CHROME_OS\",\n }],\n },\n \"regions\": [\n \"CH\",\n \"IT\",\n \"US\",\n ],\n }],\n })\nexample = gcp.iam.AccessBoundaryPolicy(\"example\",\n parent=std.urlencode_output(input=project.project_id.apply(lambda project_id: f\"cloudresourcemanager.googleapis.com/projects/{project_id}\")).apply(lambda invoke: invoke.result),\n name=\"my-ab-policy\",\n display_name=\"My AB policy\",\n rules=[{\n \"description\": \"AB rule\",\n \"access_boundary_rule\": {\n \"available_resource\": \"*\",\n \"available_permissions\": [\"*\"],\n \"availability_condition\": {\n \"title\": \"Access level expr\",\n \"expression\": pulumi.Output.all(\n org_id=project.org_id,\n name=test_access.name\n).apply(lambda resolved_outputs: f\"request.matchAccessLevels('{resolved_outputs['org_id']}', ['{resolved_outputs['name']}'])\")\n,\n },\n },\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Organizations.Project(\"project\", new()\n {\n ProjectId = \"my-project\",\n Name = \"my-project\",\n OrgId = \"123456789\",\n BillingAccount = \"000000-0000000-0000000-000000\",\n DeletionPolicy = \"DELETE\",\n });\n\n var access_policy = new Gcp.AccessContextManager.AccessPolicy(\"access-policy\", new()\n {\n Parent = project.OrgId.Apply(orgId =\u003e $\"organizations/{orgId}\"),\n Title = \"my policy\",\n });\n\n var test_access = new Gcp.AccessContextManager.AccessLevel(\"test-access\", new()\n {\n Parent = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}\"),\n Name = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}/accessLevels/chromeos_no_lock\"),\n Title = \"chromeos_no_lock\",\n Basic = new Gcp.AccessContextManager.Inputs.AccessLevelBasicArgs\n {\n Conditions = new[]\n {\n new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionArgs\n {\n DevicePolicy = new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionDevicePolicyArgs\n {\n RequireScreenLock = true,\n OsConstraints = new[]\n {\n new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionDevicePolicyOsConstraintArgs\n {\n OsType = \"DESKTOP_CHROME_OS\",\n },\n },\n },\n Regions = new[]\n {\n \"CH\",\n \"IT\",\n \"US\",\n },\n },\n },\n },\n });\n\n var example = new Gcp.Iam.AccessBoundaryPolicy(\"example\", new()\n {\n Parent = Std.Urlencode.Invoke(new()\n {\n Input = project.ProjectId.Apply(projectId =\u003e $\"cloudresourcemanager.googleapis.com/projects/{projectId}\"),\n }).Apply(invoke =\u003e invoke.Result),\n Name = \"my-ab-policy\",\n DisplayName = \"My AB policy\",\n Rules = new[]\n {\n new Gcp.Iam.Inputs.AccessBoundaryPolicyRuleArgs\n {\n Description = \"AB rule\",\n AccessBoundaryRule = new Gcp.Iam.Inputs.AccessBoundaryPolicyRuleAccessBoundaryRuleArgs\n {\n AvailableResource = \"*\",\n AvailablePermissions = new[]\n {\n \"*\",\n },\n AvailabilityCondition = new Gcp.Iam.Inputs.AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs\n {\n Title = \"Access level expr\",\n Expression = Output.Tuple(project.OrgId, test_access.Name).Apply(values =\u003e\n {\n var orgId = values.Item1;\n var name = values.Item2;\n return $\"request.matchAccessLevels('{orgId}', ['{name}'])\";\n }),\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.NewProject(ctx, \"project\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"my-project\"),\n\t\t\tName: pulumi.String(\"my-project\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tBillingAccount: pulumi.String(\"000000-0000000-0000000-000000\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewAccessPolicy(ctx, \"access-policy\", \u0026accesscontextmanager.AccessPolicyArgs{\n\t\t\tParent: project.OrgId.ApplyT(func(orgId *string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"organizations/%v\", orgId), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tTitle: pulumi.String(\"my policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewAccessLevel(ctx, \"test-access\", \u0026accesscontextmanager.AccessLevelArgs{\n\t\t\tParent: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tName: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v/accessLevels/chromeos_no_lock\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tTitle: pulumi.String(\"chromeos_no_lock\"),\n\t\t\tBasic: \u0026accesscontextmanager.AccessLevelBasicArgs{\n\t\t\t\tConditions: accesscontextmanager.AccessLevelBasicConditionArray{\n\t\t\t\t\t\u0026accesscontextmanager.AccessLevelBasicConditionArgs{\n\t\t\t\t\t\tDevicePolicy: \u0026accesscontextmanager.AccessLevelBasicConditionDevicePolicyArgs{\n\t\t\t\t\t\t\tRequireScreenLock: pulumi.Bool(true),\n\t\t\t\t\t\t\tOsConstraints: accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArray{\n\t\t\t\t\t\t\t\t\u0026accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArgs{\n\t\t\t\t\t\t\t\t\tOsType: pulumi.String(\"DESKTOP_CHROME_OS\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tRegions: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"CH\"),\n\t\t\t\t\t\t\tpulumi.String(\"IT\"),\n\t\t\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewAccessBoundaryPolicy(ctx, \"example\", \u0026iam.AccessBoundaryPolicyArgs{\n\t\t\tParent: pulumi.String(std.UrlencodeOutput(ctx, std.UrlencodeOutputArgs{\n\t\t\t\tInput: project.ProjectId.ApplyT(func(projectId string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"cloudresourcemanager.googleapis.com/projects/%v\", projectId), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t}, nil).ApplyT(func(invoke std.UrlencodeResult) (*string, error) {\n\t\t\t\treturn invoke.Result, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\tName: pulumi.String(\"my-ab-policy\"),\n\t\t\tDisplayName: pulumi.String(\"My AB policy\"),\n\t\t\tRules: iam.AccessBoundaryPolicyRuleArray{\n\t\t\t\t\u0026iam.AccessBoundaryPolicyRuleArgs{\n\t\t\t\t\tDescription: pulumi.String(\"AB rule\"),\n\t\t\t\t\tAccessBoundaryRule: \u0026iam.AccessBoundaryPolicyRuleAccessBoundaryRuleArgs{\n\t\t\t\t\t\tAvailableResource: pulumi.String(\"*\"),\n\t\t\t\t\t\tAvailablePermissions: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"*\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tAvailabilityCondition: \u0026iam.AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs{\n\t\t\t\t\t\t\tTitle: pulumi.String(\"Access level expr\"),\n\t\t\t\t\t\t\tExpression: pulumi.All(project.OrgId, test_access.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\t\t\torgId := _args[0].(*string)\n\t\t\t\t\t\t\t\tname := _args[1].(string)\n\t\t\t\t\t\t\t\treturn fmt.Sprintf(\"request.matchAccessLevels('%v', ['%v'])\", orgId, name), nil\n\t\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicy;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessLevel;\nimport com.pulumi.gcp.accesscontextmanager.AccessLevelArgs;\nimport com.pulumi.gcp.accesscontextmanager.inputs.AccessLevelBasicArgs;\nimport com.pulumi.gcp.iam.AccessBoundaryPolicy;\nimport com.pulumi.gcp.iam.AccessBoundaryPolicyArgs;\nimport com.pulumi.gcp.iam.inputs.AccessBoundaryPolicyRuleArgs;\nimport com.pulumi.gcp.iam.inputs.AccessBoundaryPolicyRuleAccessBoundaryRuleArgs;\nimport com.pulumi.gcp.iam.inputs.AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new Project(\"project\", ProjectArgs.builder()\n .projectId(\"my-project\")\n .name(\"my-project\")\n .orgId(\"123456789\")\n .billingAccount(\"000000-0000000-0000000-000000\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var access_policy = new AccessPolicy(\"access-policy\", AccessPolicyArgs.builder()\n .parent(project.orgId().applyValue(orgId -\u003e String.format(\"organizations/%s\", orgId)))\n .title(\"my policy\")\n .build());\n\n var test_access = new AccessLevel(\"test-access\", AccessLevelArgs.builder()\n .parent(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s\", name)))\n .name(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s/accessLevels/chromeos_no_lock\", name)))\n .title(\"chromeos_no_lock\")\n .basic(AccessLevelBasicArgs.builder()\n .conditions(AccessLevelBasicConditionArgs.builder()\n .devicePolicy(AccessLevelBasicConditionDevicePolicyArgs.builder()\n .requireScreenLock(true)\n .osConstraints(AccessLevelBasicConditionDevicePolicyOsConstraintArgs.builder()\n .osType(\"DESKTOP_CHROME_OS\")\n .build())\n .build())\n .regions( \n \"CH\",\n \"IT\",\n \"US\")\n .build())\n .build())\n .build());\n\n var example = new AccessBoundaryPolicy(\"example\", AccessBoundaryPolicyArgs.builder()\n .parent(StdFunctions.urlencode().applyValue(invoke -\u003e invoke.result()))\n .name(\"my-ab-policy\")\n .displayName(\"My AB policy\")\n .rules(AccessBoundaryPolicyRuleArgs.builder()\n .description(\"AB rule\")\n .accessBoundaryRule(AccessBoundaryPolicyRuleAccessBoundaryRuleArgs.builder()\n .availableResource(\"*\")\n .availablePermissions(\"*\")\n .availabilityCondition(AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs.builder()\n .title(\"Access level expr\")\n .expression(Output.tuple(project.orgId(), test_access.name()).applyValue(values -\u003e {\n var orgId = values.t1;\n var name = values.t2;\n return String.format(\"request.matchAccessLevels('%s', ['%s'])\", orgId,name);\n }))\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:organizations:Project\n properties:\n projectId: my-project\n name: my-project\n orgId: '123456789'\n billingAccount: 000000-0000000-0000000-000000\n deletionPolicy: DELETE\n test-access:\n type: gcp:accesscontextmanager:AccessLevel\n properties:\n parent: accessPolicies/${[\"access-policy\"].name}\n name: accessPolicies/${[\"access-policy\"].name}/accessLevels/chromeos_no_lock\n title: chromeos_no_lock\n basic:\n conditions:\n - devicePolicy:\n requireScreenLock: true\n osConstraints:\n - osType: DESKTOP_CHROME_OS\n regions:\n - CH\n - IT\n - US\n access-policy:\n type: gcp:accesscontextmanager:AccessPolicy\n properties:\n parent: organizations/${project.orgId}\n title: my policy\n example:\n type: gcp:iam:AccessBoundaryPolicy\n properties:\n parent:\n fn::invoke:\n function: std:urlencode\n arguments:\n input: cloudresourcemanager.googleapis.com/projects/${project.projectId}\n return: result\n name: my-ab-policy\n displayName: My AB policy\n rules:\n - description: AB rule\n accessBoundaryRule:\n availableResource: '*'\n availablePermissions:\n - '*'\n availabilityCondition:\n title: Access level expr\n expression: request.matchAccessLevels('${project.orgId}', ['${[\"test-access\"].name}'])\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAccessBoundaryPolicy can be imported using any of these accepted formats:\n\n* `{{parent}}/{{name}}`\n\nWhen using the `pulumi import` command, AccessBoundaryPolicy can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:iam/accessBoundaryPolicy:AccessBoundaryPolicy default {{parent}}/{{name}}\n```\n\n", "properties": { "displayName": { "type": "string", @@ -223357,7 +223357,7 @@ } }, "gcp:iam/denyPolicy:DenyPolicy": { - "description": "Represents a collection of denial policies to apply to a given resource.\n\n\nTo get more information about DenyPolicy, see:\n\n* [API documentation](https://cloud.google.com/iam/docs/reference/rest/v2/policies)\n* How-to Guides\n * [Permissions supported in deny policies](https://cloud.google.com/iam/docs/deny-permissions-support)\n\n## Example Usage\n\n### Iam Deny Policy Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst project = new gcp.organizations.Project(\"project\", {\n projectId: \"my-project\",\n name: \"my-project\",\n orgId: \"123456789\",\n billingAccount: \"000000-0000000-0000000-000000\",\n deletionPolicy: \"DELETE\",\n});\nconst test_account = new gcp.serviceaccount.Account(\"test-account\", {\n accountId: \"svc-acc\",\n displayName: \"Test Service Account\",\n project: project.projectId,\n});\nconst example = new gcp.iam.DenyPolicy(\"example\", {\n parent: std.urlencodeOutput({\n input: pulumi.interpolate`cloudresourcemanager.googleapis.com/projects/${project.projectId}`,\n }).apply(invoke =\u003e invoke.result),\n name: \"my-deny-policy\",\n displayName: \"A deny rule\",\n rules: [\n {\n description: \"First rule\",\n denyRule: {\n deniedPrincipals: [\"principalSet://goog/public:all\"],\n denialCondition: {\n title: \"Some expr\",\n expression: \"!resource.matchTag('12345678/env', 'test')\",\n },\n deniedPermissions: [\"cloudresourcemanager.googleapis.com/projects.update\"],\n },\n },\n {\n description: \"Second rule\",\n denyRule: {\n deniedPrincipals: [\"principalSet://goog/public:all\"],\n denialCondition: {\n title: \"Some expr\",\n expression: \"!resource.matchTag('12345678/env', 'test')\",\n },\n deniedPermissions: [\"cloudresourcemanager.googleapis.com/projects.update\"],\n exceptionPrincipals: [pulumi.interpolate`principal://iam.googleapis.com/projects/-/serviceAccounts/${test_account.email}`],\n },\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nproject = gcp.organizations.Project(\"project\",\n project_id=\"my-project\",\n name=\"my-project\",\n org_id=\"123456789\",\n billing_account=\"000000-0000000-0000000-000000\",\n deletion_policy=\"DELETE\")\ntest_account = gcp.serviceaccount.Account(\"test-account\",\n account_id=\"svc-acc\",\n display_name=\"Test Service Account\",\n project=project.project_id)\nexample = gcp.iam.DenyPolicy(\"example\",\n parent=std.urlencode_output(input=project.project_id.apply(lambda project_id: f\"cloudresourcemanager.googleapis.com/projects/{project_id}\")).apply(lambda invoke: invoke.result),\n name=\"my-deny-policy\",\n display_name=\"A deny rule\",\n rules=[\n {\n \"description\": \"First rule\",\n \"deny_rule\": {\n \"denied_principals\": [\"principalSet://goog/public:all\"],\n \"denial_condition\": {\n \"title\": \"Some expr\",\n \"expression\": \"!resource.matchTag('12345678/env', 'test')\",\n },\n \"denied_permissions\": [\"cloudresourcemanager.googleapis.com/projects.update\"],\n },\n },\n {\n \"description\": \"Second rule\",\n \"deny_rule\": {\n \"denied_principals\": [\"principalSet://goog/public:all\"],\n \"denial_condition\": {\n \"title\": \"Some expr\",\n \"expression\": \"!resource.matchTag('12345678/env', 'test')\",\n },\n \"denied_permissions\": [\"cloudresourcemanager.googleapis.com/projects.update\"],\n \"exception_principals\": [test_account.email.apply(lambda email: f\"principal://iam.googleapis.com/projects/-/serviceAccounts/{email}\")],\n },\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Organizations.Project(\"project\", new()\n {\n ProjectId = \"my-project\",\n Name = \"my-project\",\n OrgId = \"123456789\",\n BillingAccount = \"000000-0000000-0000000-000000\",\n DeletionPolicy = \"DELETE\",\n });\n\n var test_account = new Gcp.ServiceAccount.Account(\"test-account\", new()\n {\n AccountId = \"svc-acc\",\n DisplayName = \"Test Service Account\",\n Project = project.ProjectId,\n });\n\n var example = new Gcp.Iam.DenyPolicy(\"example\", new()\n {\n Parent = Std.Urlencode.Invoke(new()\n {\n Input = project.ProjectId.Apply(projectId =\u003e $\"cloudresourcemanager.googleapis.com/projects/{projectId}\"),\n }).Apply(invoke =\u003e invoke.Result),\n Name = \"my-deny-policy\",\n DisplayName = \"A deny rule\",\n Rules = new[]\n {\n new Gcp.Iam.Inputs.DenyPolicyRuleArgs\n {\n Description = \"First rule\",\n DenyRule = new Gcp.Iam.Inputs.DenyPolicyRuleDenyRuleArgs\n {\n DeniedPrincipals = new[]\n {\n \"principalSet://goog/public:all\",\n },\n DenialCondition = new Gcp.Iam.Inputs.DenyPolicyRuleDenyRuleDenialConditionArgs\n {\n Title = \"Some expr\",\n Expression = \"!resource.matchTag('12345678/env', 'test')\",\n },\n DeniedPermissions = new[]\n {\n \"cloudresourcemanager.googleapis.com/projects.update\",\n },\n },\n },\n new Gcp.Iam.Inputs.DenyPolicyRuleArgs\n {\n Description = \"Second rule\",\n DenyRule = new Gcp.Iam.Inputs.DenyPolicyRuleDenyRuleArgs\n {\n DeniedPrincipals = new[]\n {\n \"principalSet://goog/public:all\",\n },\n DenialCondition = new Gcp.Iam.Inputs.DenyPolicyRuleDenyRuleDenialConditionArgs\n {\n Title = \"Some expr\",\n Expression = \"!resource.matchTag('12345678/env', 'test')\",\n },\n DeniedPermissions = new[]\n {\n \"cloudresourcemanager.googleapis.com/projects.update\",\n },\n ExceptionPrincipals = new[]\n {\n test_account.Email.Apply(email =\u003e $\"principal://iam.googleapis.com/projects/-/serviceAccounts/{email}\"),\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.NewProject(ctx, \"project\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"my-project\"),\n\t\t\tName: pulumi.String(\"my-project\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tBillingAccount: pulumi.String(\"000000-0000000-0000000-000000\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewAccount(ctx, \"test-account\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"svc-acc\"),\n\t\t\tDisplayName: pulumi.String(\"Test Service Account\"),\n\t\t\tProject: project.ProjectId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewDenyPolicy(ctx, \"example\", \u0026iam.DenyPolicyArgs{\n\t\t\tParent: pulumi.String(std.UrlencodeOutput(ctx, std.UrlencodeOutputArgs{\n\t\t\t\tInput: project.ProjectId.ApplyT(func(projectId string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"cloudresourcemanager.googleapis.com/projects/%v\", projectId), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t}, nil).ApplyT(func(invoke std.UrlencodeResult) (*string, error) {\n\t\t\t\treturn invoke.Result, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\tName: pulumi.String(\"my-deny-policy\"),\n\t\t\tDisplayName: pulumi.String(\"A deny rule\"),\n\t\t\tRules: iam.DenyPolicyRuleArray{\n\t\t\t\t\u0026iam.DenyPolicyRuleArgs{\n\t\t\t\t\tDescription: pulumi.String(\"First rule\"),\n\t\t\t\t\tDenyRule: \u0026iam.DenyPolicyRuleDenyRuleArgs{\n\t\t\t\t\t\tDeniedPrincipals: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"principalSet://goog/public:all\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDenialCondition: \u0026iam.DenyPolicyRuleDenyRuleDenialConditionArgs{\n\t\t\t\t\t\t\tTitle: pulumi.String(\"Some expr\"),\n\t\t\t\t\t\t\tExpression: pulumi.String(\"!resource.matchTag('12345678/env', 'test')\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDeniedPermissions: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"cloudresourcemanager.googleapis.com/projects.update\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026iam.DenyPolicyRuleArgs{\n\t\t\t\t\tDescription: pulumi.String(\"Second rule\"),\n\t\t\t\t\tDenyRule: \u0026iam.DenyPolicyRuleDenyRuleArgs{\n\t\t\t\t\t\tDeniedPrincipals: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"principalSet://goog/public:all\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDenialCondition: \u0026iam.DenyPolicyRuleDenyRuleDenialConditionArgs{\n\t\t\t\t\t\t\tTitle: pulumi.String(\"Some expr\"),\n\t\t\t\t\t\t\tExpression: pulumi.String(\"!resource.matchTag('12345678/env', 'test')\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDeniedPermissions: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"cloudresourcemanager.googleapis.com/projects.update\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExceptionPrincipals: pulumi.StringArray{\n\t\t\t\t\t\t\ttest_account.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\t\t\t\t\treturn fmt.Sprintf(\"principal://iam.googleapis.com/projects/-/serviceAccounts/%v\", email), nil\n\t\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.iam.DenyPolicy;\nimport com.pulumi.gcp.iam.DenyPolicyArgs;\nimport com.pulumi.gcp.iam.inputs.DenyPolicyRuleArgs;\nimport com.pulumi.gcp.iam.inputs.DenyPolicyRuleDenyRuleArgs;\nimport com.pulumi.gcp.iam.inputs.DenyPolicyRuleDenyRuleDenialConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new Project(\"project\", ProjectArgs.builder()\n .projectId(\"my-project\")\n .name(\"my-project\")\n .orgId(\"123456789\")\n .billingAccount(\"000000-0000000-0000000-000000\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var test_account = new Account(\"test-account\", AccountArgs.builder()\n .accountId(\"svc-acc\")\n .displayName(\"Test Service Account\")\n .project(project.projectId())\n .build());\n\n var example = new DenyPolicy(\"example\", DenyPolicyArgs.builder()\n .parent(StdFunctions.urlencode().applyValue(invoke -\u003e invoke.result()))\n .name(\"my-deny-policy\")\n .displayName(\"A deny rule\")\n .rules( \n DenyPolicyRuleArgs.builder()\n .description(\"First rule\")\n .denyRule(DenyPolicyRuleDenyRuleArgs.builder()\n .deniedPrincipals(\"principalSet://goog/public:all\")\n .denialCondition(DenyPolicyRuleDenyRuleDenialConditionArgs.builder()\n .title(\"Some expr\")\n .expression(\"!resource.matchTag('12345678/env', 'test')\")\n .build())\n .deniedPermissions(\"cloudresourcemanager.googleapis.com/projects.update\")\n .build())\n .build(),\n DenyPolicyRuleArgs.builder()\n .description(\"Second rule\")\n .denyRule(DenyPolicyRuleDenyRuleArgs.builder()\n .deniedPrincipals(\"principalSet://goog/public:all\")\n .denialCondition(DenyPolicyRuleDenyRuleDenialConditionArgs.builder()\n .title(\"Some expr\")\n .expression(\"!resource.matchTag('12345678/env', 'test')\")\n .build())\n .deniedPermissions(\"cloudresourcemanager.googleapis.com/projects.update\")\n .exceptionPrincipals(test_account.email().applyValue(email -\u003e String.format(\"principal://iam.googleapis.com/projects/-/serviceAccounts/%s\", email)))\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:organizations:Project\n properties:\n projectId: my-project\n name: my-project\n orgId: '123456789'\n billingAccount: 000000-0000000-0000000-000000\n deletionPolicy: DELETE\n example:\n type: gcp:iam:DenyPolicy\n properties:\n parent:\n fn::invoke:\n Function: std:urlencode\n Arguments:\n input: cloudresourcemanager.googleapis.com/projects/${project.projectId}\n Return: result\n name: my-deny-policy\n displayName: A deny rule\n rules:\n - description: First rule\n denyRule:\n deniedPrincipals:\n - principalSet://goog/public:all\n denialCondition:\n title: Some expr\n expression: '!resource.matchTag(''12345678/env'', ''test'')'\n deniedPermissions:\n - cloudresourcemanager.googleapis.com/projects.update\n - description: Second rule\n denyRule:\n deniedPrincipals:\n - principalSet://goog/public:all\n denialCondition:\n title: Some expr\n expression: '!resource.matchTag(''12345678/env'', ''test'')'\n deniedPermissions:\n - cloudresourcemanager.googleapis.com/projects.update\n exceptionPrincipals:\n - principal://iam.googleapis.com/projects/-/serviceAccounts/${[\"test-account\"].email}\n test-account:\n type: gcp:serviceaccount:Account\n properties:\n accountId: svc-acc\n displayName: Test Service Account\n project: ${project.projectId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nDenyPolicy can be imported using any of these accepted formats:\n\n* `{{parent}}/{{name}}`\n\nWhen using the `pulumi import` command, DenyPolicy can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:iam/denyPolicy:DenyPolicy default {{parent}}/{{name}}\n```\n\n", + "description": "Represents a collection of denial policies to apply to a given resource.\n\n\nTo get more information about DenyPolicy, see:\n\n* [API documentation](https://cloud.google.com/iam/docs/reference/rest/v2/policies)\n* How-to Guides\n * [Permissions supported in deny policies](https://cloud.google.com/iam/docs/deny-permissions-support)\n\n## Example Usage\n\n### Iam Deny Policy Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst project = new gcp.organizations.Project(\"project\", {\n projectId: \"my-project\",\n name: \"my-project\",\n orgId: \"123456789\",\n billingAccount: \"000000-0000000-0000000-000000\",\n deletionPolicy: \"DELETE\",\n});\nconst test_account = new gcp.serviceaccount.Account(\"test-account\", {\n accountId: \"svc-acc\",\n displayName: \"Test Service Account\",\n project: project.projectId,\n});\nconst example = new gcp.iam.DenyPolicy(\"example\", {\n parent: std.urlencodeOutput({\n input: pulumi.interpolate`cloudresourcemanager.googleapis.com/projects/${project.projectId}`,\n }).apply(invoke =\u003e invoke.result),\n name: \"my-deny-policy\",\n displayName: \"A deny rule\",\n rules: [\n {\n description: \"First rule\",\n denyRule: {\n deniedPrincipals: [\"principalSet://goog/public:all\"],\n denialCondition: {\n title: \"Some expr\",\n expression: \"!resource.matchTag('12345678/env', 'test')\",\n },\n deniedPermissions: [\"cloudresourcemanager.googleapis.com/projects.update\"],\n },\n },\n {\n description: \"Second rule\",\n denyRule: {\n deniedPrincipals: [\"principalSet://goog/public:all\"],\n denialCondition: {\n title: \"Some expr\",\n expression: \"!resource.matchTag('12345678/env', 'test')\",\n },\n deniedPermissions: [\"cloudresourcemanager.googleapis.com/projects.update\"],\n exceptionPrincipals: [pulumi.interpolate`principal://iam.googleapis.com/projects/-/serviceAccounts/${test_account.email}`],\n },\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nproject = gcp.organizations.Project(\"project\",\n project_id=\"my-project\",\n name=\"my-project\",\n org_id=\"123456789\",\n billing_account=\"000000-0000000-0000000-000000\",\n deletion_policy=\"DELETE\")\ntest_account = gcp.serviceaccount.Account(\"test-account\",\n account_id=\"svc-acc\",\n display_name=\"Test Service Account\",\n project=project.project_id)\nexample = gcp.iam.DenyPolicy(\"example\",\n parent=std.urlencode_output(input=project.project_id.apply(lambda project_id: f\"cloudresourcemanager.googleapis.com/projects/{project_id}\")).apply(lambda invoke: invoke.result),\n name=\"my-deny-policy\",\n display_name=\"A deny rule\",\n rules=[\n {\n \"description\": \"First rule\",\n \"deny_rule\": {\n \"denied_principals\": [\"principalSet://goog/public:all\"],\n \"denial_condition\": {\n \"title\": \"Some expr\",\n \"expression\": \"!resource.matchTag('12345678/env', 'test')\",\n },\n \"denied_permissions\": [\"cloudresourcemanager.googleapis.com/projects.update\"],\n },\n },\n {\n \"description\": \"Second rule\",\n \"deny_rule\": {\n \"denied_principals\": [\"principalSet://goog/public:all\"],\n \"denial_condition\": {\n \"title\": \"Some expr\",\n \"expression\": \"!resource.matchTag('12345678/env', 'test')\",\n },\n \"denied_permissions\": [\"cloudresourcemanager.googleapis.com/projects.update\"],\n \"exception_principals\": [test_account.email.apply(lambda email: f\"principal://iam.googleapis.com/projects/-/serviceAccounts/{email}\")],\n },\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Organizations.Project(\"project\", new()\n {\n ProjectId = \"my-project\",\n Name = \"my-project\",\n OrgId = \"123456789\",\n BillingAccount = \"000000-0000000-0000000-000000\",\n DeletionPolicy = \"DELETE\",\n });\n\n var test_account = new Gcp.ServiceAccount.Account(\"test-account\", new()\n {\n AccountId = \"svc-acc\",\n DisplayName = \"Test Service Account\",\n Project = project.ProjectId,\n });\n\n var example = new Gcp.Iam.DenyPolicy(\"example\", new()\n {\n Parent = Std.Urlencode.Invoke(new()\n {\n Input = project.ProjectId.Apply(projectId =\u003e $\"cloudresourcemanager.googleapis.com/projects/{projectId}\"),\n }).Apply(invoke =\u003e invoke.Result),\n Name = \"my-deny-policy\",\n DisplayName = \"A deny rule\",\n Rules = new[]\n {\n new Gcp.Iam.Inputs.DenyPolicyRuleArgs\n {\n Description = \"First rule\",\n DenyRule = new Gcp.Iam.Inputs.DenyPolicyRuleDenyRuleArgs\n {\n DeniedPrincipals = new[]\n {\n \"principalSet://goog/public:all\",\n },\n DenialCondition = new Gcp.Iam.Inputs.DenyPolicyRuleDenyRuleDenialConditionArgs\n {\n Title = \"Some expr\",\n Expression = \"!resource.matchTag('12345678/env', 'test')\",\n },\n DeniedPermissions = new[]\n {\n \"cloudresourcemanager.googleapis.com/projects.update\",\n },\n },\n },\n new Gcp.Iam.Inputs.DenyPolicyRuleArgs\n {\n Description = \"Second rule\",\n DenyRule = new Gcp.Iam.Inputs.DenyPolicyRuleDenyRuleArgs\n {\n DeniedPrincipals = new[]\n {\n \"principalSet://goog/public:all\",\n },\n DenialCondition = new Gcp.Iam.Inputs.DenyPolicyRuleDenyRuleDenialConditionArgs\n {\n Title = \"Some expr\",\n Expression = \"!resource.matchTag('12345678/env', 'test')\",\n },\n DeniedPermissions = new[]\n {\n \"cloudresourcemanager.googleapis.com/projects.update\",\n },\n ExceptionPrincipals = new[]\n {\n test_account.Email.Apply(email =\u003e $\"principal://iam.googleapis.com/projects/-/serviceAccounts/{email}\"),\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.NewProject(ctx, \"project\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"my-project\"),\n\t\t\tName: pulumi.String(\"my-project\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tBillingAccount: pulumi.String(\"000000-0000000-0000000-000000\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewAccount(ctx, \"test-account\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"svc-acc\"),\n\t\t\tDisplayName: pulumi.String(\"Test Service Account\"),\n\t\t\tProject: project.ProjectId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewDenyPolicy(ctx, \"example\", \u0026iam.DenyPolicyArgs{\n\t\t\tParent: pulumi.String(std.UrlencodeOutput(ctx, std.UrlencodeOutputArgs{\n\t\t\t\tInput: project.ProjectId.ApplyT(func(projectId string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"cloudresourcemanager.googleapis.com/projects/%v\", projectId), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t}, nil).ApplyT(func(invoke std.UrlencodeResult) (*string, error) {\n\t\t\t\treturn invoke.Result, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\tName: pulumi.String(\"my-deny-policy\"),\n\t\t\tDisplayName: pulumi.String(\"A deny rule\"),\n\t\t\tRules: iam.DenyPolicyRuleArray{\n\t\t\t\t\u0026iam.DenyPolicyRuleArgs{\n\t\t\t\t\tDescription: pulumi.String(\"First rule\"),\n\t\t\t\t\tDenyRule: \u0026iam.DenyPolicyRuleDenyRuleArgs{\n\t\t\t\t\t\tDeniedPrincipals: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"principalSet://goog/public:all\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDenialCondition: \u0026iam.DenyPolicyRuleDenyRuleDenialConditionArgs{\n\t\t\t\t\t\t\tTitle: pulumi.String(\"Some expr\"),\n\t\t\t\t\t\t\tExpression: pulumi.String(\"!resource.matchTag('12345678/env', 'test')\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDeniedPermissions: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"cloudresourcemanager.googleapis.com/projects.update\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026iam.DenyPolicyRuleArgs{\n\t\t\t\t\tDescription: pulumi.String(\"Second rule\"),\n\t\t\t\t\tDenyRule: \u0026iam.DenyPolicyRuleDenyRuleArgs{\n\t\t\t\t\t\tDeniedPrincipals: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"principalSet://goog/public:all\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDenialCondition: \u0026iam.DenyPolicyRuleDenyRuleDenialConditionArgs{\n\t\t\t\t\t\t\tTitle: pulumi.String(\"Some expr\"),\n\t\t\t\t\t\t\tExpression: pulumi.String(\"!resource.matchTag('12345678/env', 'test')\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDeniedPermissions: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"cloudresourcemanager.googleapis.com/projects.update\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExceptionPrincipals: pulumi.StringArray{\n\t\t\t\t\t\t\ttest_account.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\t\t\t\t\treturn fmt.Sprintf(\"principal://iam.googleapis.com/projects/-/serviceAccounts/%v\", email), nil\n\t\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.iam.DenyPolicy;\nimport com.pulumi.gcp.iam.DenyPolicyArgs;\nimport com.pulumi.gcp.iam.inputs.DenyPolicyRuleArgs;\nimport com.pulumi.gcp.iam.inputs.DenyPolicyRuleDenyRuleArgs;\nimport com.pulumi.gcp.iam.inputs.DenyPolicyRuleDenyRuleDenialConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new Project(\"project\", ProjectArgs.builder()\n .projectId(\"my-project\")\n .name(\"my-project\")\n .orgId(\"123456789\")\n .billingAccount(\"000000-0000000-0000000-000000\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var test_account = new Account(\"test-account\", AccountArgs.builder()\n .accountId(\"svc-acc\")\n .displayName(\"Test Service Account\")\n .project(project.projectId())\n .build());\n\n var example = new DenyPolicy(\"example\", DenyPolicyArgs.builder()\n .parent(StdFunctions.urlencode().applyValue(invoke -\u003e invoke.result()))\n .name(\"my-deny-policy\")\n .displayName(\"A deny rule\")\n .rules( \n DenyPolicyRuleArgs.builder()\n .description(\"First rule\")\n .denyRule(DenyPolicyRuleDenyRuleArgs.builder()\n .deniedPrincipals(\"principalSet://goog/public:all\")\n .denialCondition(DenyPolicyRuleDenyRuleDenialConditionArgs.builder()\n .title(\"Some expr\")\n .expression(\"!resource.matchTag('12345678/env', 'test')\")\n .build())\n .deniedPermissions(\"cloudresourcemanager.googleapis.com/projects.update\")\n .build())\n .build(),\n DenyPolicyRuleArgs.builder()\n .description(\"Second rule\")\n .denyRule(DenyPolicyRuleDenyRuleArgs.builder()\n .deniedPrincipals(\"principalSet://goog/public:all\")\n .denialCondition(DenyPolicyRuleDenyRuleDenialConditionArgs.builder()\n .title(\"Some expr\")\n .expression(\"!resource.matchTag('12345678/env', 'test')\")\n .build())\n .deniedPermissions(\"cloudresourcemanager.googleapis.com/projects.update\")\n .exceptionPrincipals(test_account.email().applyValue(email -\u003e String.format(\"principal://iam.googleapis.com/projects/-/serviceAccounts/%s\", email)))\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:organizations:Project\n properties:\n projectId: my-project\n name: my-project\n orgId: '123456789'\n billingAccount: 000000-0000000-0000000-000000\n deletionPolicy: DELETE\n example:\n type: gcp:iam:DenyPolicy\n properties:\n parent:\n fn::invoke:\n function: std:urlencode\n arguments:\n input: cloudresourcemanager.googleapis.com/projects/${project.projectId}\n return: result\n name: my-deny-policy\n displayName: A deny rule\n rules:\n - description: First rule\n denyRule:\n deniedPrincipals:\n - principalSet://goog/public:all\n denialCondition:\n title: Some expr\n expression: '!resource.matchTag(''12345678/env'', ''test'')'\n deniedPermissions:\n - cloudresourcemanager.googleapis.com/projects.update\n - description: Second rule\n denyRule:\n deniedPrincipals:\n - principalSet://goog/public:all\n denialCondition:\n title: Some expr\n expression: '!resource.matchTag(''12345678/env'', ''test'')'\n deniedPermissions:\n - cloudresourcemanager.googleapis.com/projects.update\n exceptionPrincipals:\n - principal://iam.googleapis.com/projects/-/serviceAccounts/${[\"test-account\"].email}\n test-account:\n type: gcp:serviceaccount:Account\n properties:\n accountId: svc-acc\n displayName: Test Service Account\n project: ${project.projectId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nDenyPolicy can be imported using any of these accepted formats:\n\n* `{{parent}}/{{name}}`\n\nWhen using the `pulumi import` command, DenyPolicy can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:iam/denyPolicy:DenyPolicy default {{parent}}/{{name}}\n```\n\n", "properties": { "displayName": { "type": "string", @@ -223449,7 +223449,7 @@ } }, "gcp:iam/foldersPolicyBinding:FoldersPolicyBinding": { - "description": "## Example Usage\n\n### Iam Folders Policy Binding\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst pabPolicy = new gcp.iam.PrincipalAccessBoundaryPolicy(\"pab_policy\", {\n organization: \"123456789\",\n location: \"global\",\n displayName: \"test folder binding\",\n principalAccessBoundaryPolicyId: \"my-pab-policy\",\n});\nconst folder = new gcp.organizations.Folder(\"folder\", {\n displayName: \"test folder\",\n parent: \"organizations/123456789\",\n deletionProtection: false,\n});\nconst wait120s = new time.index.Sleep(\"wait_120s\", {createDuration: \"120s\"}, {\n dependsOn: [folder],\n});\nconst my_folder_binding = new gcp.iam.FoldersPolicyBinding(\"my-folder-binding\", {\n folder: folder.folderId,\n location: \"global\",\n displayName: \"test folder binding\",\n policyKind: \"PRINCIPAL_ACCESS_BOUNDARY\",\n policyBindingId: \"test-folder-binding\",\n policy: pulumi.interpolate`organizations/123456789/locations/global/principalAccessBoundaryPolicies/${pabPolicy.principalAccessBoundaryPolicyId}`,\n target: {\n principalSet: pulumi.interpolate`//cloudresourcemanager.googleapis.com/folders/${folder.folderId}`,\n },\n}, {\n dependsOn: [wait120s],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\npab_policy = gcp.iam.PrincipalAccessBoundaryPolicy(\"pab_policy\",\n organization=\"123456789\",\n location=\"global\",\n display_name=\"test folder binding\",\n principal_access_boundary_policy_id=\"my-pab-policy\")\nfolder = gcp.organizations.Folder(\"folder\",\n display_name=\"test folder\",\n parent=\"organizations/123456789\",\n deletion_protection=False)\nwait120s = time.index.Sleep(\"wait_120s\", create_duration=120s,\nopts = pulumi.ResourceOptions(depends_on=[folder]))\nmy_folder_binding = gcp.iam.FoldersPolicyBinding(\"my-folder-binding\",\n folder=folder.folder_id,\n location=\"global\",\n display_name=\"test folder binding\",\n policy_kind=\"PRINCIPAL_ACCESS_BOUNDARY\",\n policy_binding_id=\"test-folder-binding\",\n policy=pab_policy.principal_access_boundary_policy_id.apply(lambda principal_access_boundary_policy_id: f\"organizations/123456789/locations/global/principalAccessBoundaryPolicies/{principal_access_boundary_policy_id}\"),\n target={\n \"principal_set\": folder.folder_id.apply(lambda folder_id: f\"//cloudresourcemanager.googleapis.com/folders/{folder_id}\"),\n },\n opts = pulumi.ResourceOptions(depends_on=[wait120s]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pabPolicy = new Gcp.Iam.PrincipalAccessBoundaryPolicy(\"pab_policy\", new()\n {\n Organization = \"123456789\",\n Location = \"global\",\n DisplayName = \"test folder binding\",\n PrincipalAccessBoundaryPolicyId = \"my-pab-policy\",\n });\n\n var folder = new Gcp.Organizations.Folder(\"folder\", new()\n {\n DisplayName = \"test folder\",\n Parent = \"organizations/123456789\",\n DeletionProtection = false,\n });\n\n var wait120s = new Time.Index.Sleep(\"wait_120s\", new()\n {\n CreateDuration = \"120s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n folder,\n },\n });\n\n var my_folder_binding = new Gcp.Iam.FoldersPolicyBinding(\"my-folder-binding\", new()\n {\n Folder = folder.FolderId,\n Location = \"global\",\n DisplayName = \"test folder binding\",\n PolicyKind = \"PRINCIPAL_ACCESS_BOUNDARY\",\n PolicyBindingId = \"test-folder-binding\",\n Policy = pabPolicy.PrincipalAccessBoundaryPolicyId.Apply(principalAccessBoundaryPolicyId =\u003e $\"organizations/123456789/locations/global/principalAccessBoundaryPolicies/{principalAccessBoundaryPolicyId}\"),\n Target = new Gcp.Iam.Inputs.FoldersPolicyBindingTargetArgs\n {\n PrincipalSet = folder.FolderId.Apply(folderId =\u003e $\"//cloudresourcemanager.googleapis.com/folders/{folderId}\"),\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait120s,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpabPolicy, err := iam.NewPrincipalAccessBoundaryPolicy(ctx, \"pab_policy\", \u0026iam.PrincipalAccessBoundaryPolicyArgs{\n\t\t\tOrganization: pulumi.String(\"123456789\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tDisplayName: pulumi.String(\"test folder binding\"),\n\t\t\tPrincipalAccessBoundaryPolicyId: pulumi.String(\"my-pab-policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfolder, err := organizations.NewFolder(ctx, \"folder\", \u0026organizations.FolderArgs{\n\t\t\tDisplayName: pulumi.String(\"test folder\"),\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twait120s, err := time.NewSleep(ctx, \"wait_120s\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"120s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfolder,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewFoldersPolicyBinding(ctx, \"my-folder-binding\", \u0026iam.FoldersPolicyBindingArgs{\n\t\t\tFolder: folder.FolderId,\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tDisplayName: pulumi.String(\"test folder binding\"),\n\t\t\tPolicyKind: pulumi.String(\"PRINCIPAL_ACCESS_BOUNDARY\"),\n\t\t\tPolicyBindingId: pulumi.String(\"test-folder-binding\"),\n\t\t\tPolicy: pabPolicy.PrincipalAccessBoundaryPolicyId.ApplyT(func(principalAccessBoundaryPolicyId string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"organizations/123456789/locations/global/principalAccessBoundaryPolicies/%v\", principalAccessBoundaryPolicyId), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tTarget: \u0026iam.FoldersPolicyBindingTargetArgs{\n\t\t\t\tPrincipalSet: folder.FolderId.ApplyT(func(folderId string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"//cloudresourcemanager.googleapis.com/folders/%v\", folderId), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait120s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iam.PrincipalAccessBoundaryPolicy;\nimport com.pulumi.gcp.iam.PrincipalAccessBoundaryPolicyArgs;\nimport com.pulumi.gcp.organizations.Folder;\nimport com.pulumi.gcp.organizations.FolderArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.iam.FoldersPolicyBinding;\nimport com.pulumi.gcp.iam.FoldersPolicyBindingArgs;\nimport com.pulumi.gcp.iam.inputs.FoldersPolicyBindingTargetArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pabPolicy = new PrincipalAccessBoundaryPolicy(\"pabPolicy\", PrincipalAccessBoundaryPolicyArgs.builder()\n .organization(\"123456789\")\n .location(\"global\")\n .displayName(\"test folder binding\")\n .principalAccessBoundaryPolicyId(\"my-pab-policy\")\n .build());\n\n var folder = new Folder(\"folder\", FolderArgs.builder()\n .displayName(\"test folder\")\n .parent(\"organizations/123456789\")\n .deletionProtection(false)\n .build());\n\n var wait120s = new Sleep(\"wait120s\", SleepArgs.builder()\n .createDuration(\"120s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(folder)\n .build());\n\n var my_folder_binding = new FoldersPolicyBinding(\"my-folder-binding\", FoldersPolicyBindingArgs.builder()\n .folder(folder.folderId())\n .location(\"global\")\n .displayName(\"test folder binding\")\n .policyKind(\"PRINCIPAL_ACCESS_BOUNDARY\")\n .policyBindingId(\"test-folder-binding\")\n .policy(pabPolicy.principalAccessBoundaryPolicyId().applyValue(principalAccessBoundaryPolicyId -\u003e String.format(\"organizations/123456789/locations/global/principalAccessBoundaryPolicies/%s\", principalAccessBoundaryPolicyId)))\n .target(FoldersPolicyBindingTargetArgs.builder()\n .principalSet(folder.folderId().applyValue(folderId -\u003e String.format(\"//cloudresourcemanager.googleapis.com/folders/%s\", folderId)))\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait120s)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pabPolicy:\n type: gcp:iam:PrincipalAccessBoundaryPolicy\n name: pab_policy\n properties:\n organization: '123456789'\n location: global\n displayName: test folder binding\n principalAccessBoundaryPolicyId: my-pab-policy\n folder:\n type: gcp:organizations:Folder\n properties:\n displayName: test folder\n parent: organizations/123456789\n deletionProtection: false\n wait120s:\n type: time:sleep\n name: wait_120s\n properties:\n createDuration: 120s\n options:\n dependson:\n - ${folder}\n my-folder-binding:\n type: gcp:iam:FoldersPolicyBinding\n properties:\n folder: ${folder.folderId}\n location: global\n displayName: test folder binding\n policyKind: PRINCIPAL_ACCESS_BOUNDARY\n policyBindingId: test-folder-binding\n policy: organizations/123456789/locations/global/principalAccessBoundaryPolicies/${pabPolicy.principalAccessBoundaryPolicyId}\n target:\n principalSet: //cloudresourcemanager.googleapis.com/folders/${folder.folderId}\n options:\n dependson:\n - ${wait120s}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFoldersPolicyBinding can be imported using any of these accepted formats:\n\n* `folders/{{folder}}/locations/{{location}}/policyBindings/{{policy_binding_id}}`\n\n* `{{folder}}/{{location}}/{{policy_binding_id}}`\n\nWhen using the `pulumi import` command, FoldersPolicyBinding can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:iam/foldersPolicyBinding:FoldersPolicyBinding default folders/{{folder}}/locations/{{location}}/policyBindings/{{policy_binding_id}}\n```\n\n```sh\n$ pulumi import gcp:iam/foldersPolicyBinding:FoldersPolicyBinding default {{folder}}/{{location}}/{{policy_binding_id}}\n```\n\n", + "description": "## Example Usage\n\n### Iam Folders Policy Binding\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst pabPolicy = new gcp.iam.PrincipalAccessBoundaryPolicy(\"pab_policy\", {\n organization: \"123456789\",\n location: \"global\",\n displayName: \"test folder binding\",\n principalAccessBoundaryPolicyId: \"my-pab-policy\",\n});\nconst folder = new gcp.organizations.Folder(\"folder\", {\n displayName: \"test folder\",\n parent: \"organizations/123456789\",\n deletionProtection: false,\n});\nconst wait120s = new time.index.Sleep(\"wait_120s\", {createDuration: \"120s\"}, {\n dependsOn: [folder],\n});\nconst my_folder_binding = new gcp.iam.FoldersPolicyBinding(\"my-folder-binding\", {\n folder: folder.folderId,\n location: \"global\",\n displayName: \"test folder binding\",\n policyKind: \"PRINCIPAL_ACCESS_BOUNDARY\",\n policyBindingId: \"test-folder-binding\",\n policy: pulumi.interpolate`organizations/123456789/locations/global/principalAccessBoundaryPolicies/${pabPolicy.principalAccessBoundaryPolicyId}`,\n target: {\n principalSet: pulumi.interpolate`//cloudresourcemanager.googleapis.com/folders/${folder.folderId}`,\n },\n}, {\n dependsOn: [wait120s],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\npab_policy = gcp.iam.PrincipalAccessBoundaryPolicy(\"pab_policy\",\n organization=\"123456789\",\n location=\"global\",\n display_name=\"test folder binding\",\n principal_access_boundary_policy_id=\"my-pab-policy\")\nfolder = gcp.organizations.Folder(\"folder\",\n display_name=\"test folder\",\n parent=\"organizations/123456789\",\n deletion_protection=False)\nwait120s = time.index.Sleep(\"wait_120s\", create_duration=120s,\nopts = pulumi.ResourceOptions(depends_on=[folder]))\nmy_folder_binding = gcp.iam.FoldersPolicyBinding(\"my-folder-binding\",\n folder=folder.folder_id,\n location=\"global\",\n display_name=\"test folder binding\",\n policy_kind=\"PRINCIPAL_ACCESS_BOUNDARY\",\n policy_binding_id=\"test-folder-binding\",\n policy=pab_policy.principal_access_boundary_policy_id.apply(lambda principal_access_boundary_policy_id: f\"organizations/123456789/locations/global/principalAccessBoundaryPolicies/{principal_access_boundary_policy_id}\"),\n target={\n \"principal_set\": folder.folder_id.apply(lambda folder_id: f\"//cloudresourcemanager.googleapis.com/folders/{folder_id}\"),\n },\n opts = pulumi.ResourceOptions(depends_on=[wait120s]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pabPolicy = new Gcp.Iam.PrincipalAccessBoundaryPolicy(\"pab_policy\", new()\n {\n Organization = \"123456789\",\n Location = \"global\",\n DisplayName = \"test folder binding\",\n PrincipalAccessBoundaryPolicyId = \"my-pab-policy\",\n });\n\n var folder = new Gcp.Organizations.Folder(\"folder\", new()\n {\n DisplayName = \"test folder\",\n Parent = \"organizations/123456789\",\n DeletionProtection = false,\n });\n\n var wait120s = new Time.Index.Sleep(\"wait_120s\", new()\n {\n CreateDuration = \"120s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n folder,\n },\n });\n\n var my_folder_binding = new Gcp.Iam.FoldersPolicyBinding(\"my-folder-binding\", new()\n {\n Folder = folder.FolderId,\n Location = \"global\",\n DisplayName = \"test folder binding\",\n PolicyKind = \"PRINCIPAL_ACCESS_BOUNDARY\",\n PolicyBindingId = \"test-folder-binding\",\n Policy = pabPolicy.PrincipalAccessBoundaryPolicyId.Apply(principalAccessBoundaryPolicyId =\u003e $\"organizations/123456789/locations/global/principalAccessBoundaryPolicies/{principalAccessBoundaryPolicyId}\"),\n Target = new Gcp.Iam.Inputs.FoldersPolicyBindingTargetArgs\n {\n PrincipalSet = folder.FolderId.Apply(folderId =\u003e $\"//cloudresourcemanager.googleapis.com/folders/{folderId}\"),\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait120s,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpabPolicy, err := iam.NewPrincipalAccessBoundaryPolicy(ctx, \"pab_policy\", \u0026iam.PrincipalAccessBoundaryPolicyArgs{\n\t\t\tOrganization: pulumi.String(\"123456789\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tDisplayName: pulumi.String(\"test folder binding\"),\n\t\t\tPrincipalAccessBoundaryPolicyId: pulumi.String(\"my-pab-policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfolder, err := organizations.NewFolder(ctx, \"folder\", \u0026organizations.FolderArgs{\n\t\t\tDisplayName: pulumi.String(\"test folder\"),\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twait120s, err := time.NewSleep(ctx, \"wait_120s\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"120s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfolder,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewFoldersPolicyBinding(ctx, \"my-folder-binding\", \u0026iam.FoldersPolicyBindingArgs{\n\t\t\tFolder: folder.FolderId,\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tDisplayName: pulumi.String(\"test folder binding\"),\n\t\t\tPolicyKind: pulumi.String(\"PRINCIPAL_ACCESS_BOUNDARY\"),\n\t\t\tPolicyBindingId: pulumi.String(\"test-folder-binding\"),\n\t\t\tPolicy: pabPolicy.PrincipalAccessBoundaryPolicyId.ApplyT(func(principalAccessBoundaryPolicyId string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"organizations/123456789/locations/global/principalAccessBoundaryPolicies/%v\", principalAccessBoundaryPolicyId), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tTarget: \u0026iam.FoldersPolicyBindingTargetArgs{\n\t\t\t\tPrincipalSet: folder.FolderId.ApplyT(func(folderId string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"//cloudresourcemanager.googleapis.com/folders/%v\", folderId), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait120s,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iam.PrincipalAccessBoundaryPolicy;\nimport com.pulumi.gcp.iam.PrincipalAccessBoundaryPolicyArgs;\nimport com.pulumi.gcp.organizations.Folder;\nimport com.pulumi.gcp.organizations.FolderArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.iam.FoldersPolicyBinding;\nimport com.pulumi.gcp.iam.FoldersPolicyBindingArgs;\nimport com.pulumi.gcp.iam.inputs.FoldersPolicyBindingTargetArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pabPolicy = new PrincipalAccessBoundaryPolicy(\"pabPolicy\", PrincipalAccessBoundaryPolicyArgs.builder()\n .organization(\"123456789\")\n .location(\"global\")\n .displayName(\"test folder binding\")\n .principalAccessBoundaryPolicyId(\"my-pab-policy\")\n .build());\n\n var folder = new Folder(\"folder\", FolderArgs.builder()\n .displayName(\"test folder\")\n .parent(\"organizations/123456789\")\n .deletionProtection(false)\n .build());\n\n var wait120s = new Sleep(\"wait120s\", SleepArgs.builder()\n .createDuration(\"120s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(folder)\n .build());\n\n var my_folder_binding = new FoldersPolicyBinding(\"my-folder-binding\", FoldersPolicyBindingArgs.builder()\n .folder(folder.folderId())\n .location(\"global\")\n .displayName(\"test folder binding\")\n .policyKind(\"PRINCIPAL_ACCESS_BOUNDARY\")\n .policyBindingId(\"test-folder-binding\")\n .policy(pabPolicy.principalAccessBoundaryPolicyId().applyValue(principalAccessBoundaryPolicyId -\u003e String.format(\"organizations/123456789/locations/global/principalAccessBoundaryPolicies/%s\", principalAccessBoundaryPolicyId)))\n .target(FoldersPolicyBindingTargetArgs.builder()\n .principalSet(folder.folderId().applyValue(folderId -\u003e String.format(\"//cloudresourcemanager.googleapis.com/folders/%s\", folderId)))\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait120s)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pabPolicy:\n type: gcp:iam:PrincipalAccessBoundaryPolicy\n name: pab_policy\n properties:\n organization: '123456789'\n location: global\n displayName: test folder binding\n principalAccessBoundaryPolicyId: my-pab-policy\n folder:\n type: gcp:organizations:Folder\n properties:\n displayName: test folder\n parent: organizations/123456789\n deletionProtection: false\n wait120s:\n type: time:sleep\n name: wait_120s\n properties:\n createDuration: 120s\n options:\n dependsOn:\n - ${folder}\n my-folder-binding:\n type: gcp:iam:FoldersPolicyBinding\n properties:\n folder: ${folder.folderId}\n location: global\n displayName: test folder binding\n policyKind: PRINCIPAL_ACCESS_BOUNDARY\n policyBindingId: test-folder-binding\n policy: organizations/123456789/locations/global/principalAccessBoundaryPolicies/${pabPolicy.principalAccessBoundaryPolicyId}\n target:\n principalSet: //cloudresourcemanager.googleapis.com/folders/${folder.folderId}\n options:\n dependsOn:\n - ${wait120s}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFoldersPolicyBinding can be imported using any of these accepted formats:\n\n* `folders/{{folder}}/locations/{{location}}/policyBindings/{{policy_binding_id}}`\n\n* `{{folder}}/{{location}}/{{policy_binding_id}}`\n\nWhen using the `pulumi import` command, FoldersPolicyBinding can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:iam/foldersPolicyBinding:FoldersPolicyBinding default folders/{{folder}}/locations/{{location}}/policyBindings/{{policy_binding_id}}\n```\n\n```sh\n$ pulumi import gcp:iam/foldersPolicyBinding:FoldersPolicyBinding default {{folder}}/{{location}}/{{policy_binding_id}}\n```\n\n", "properties": { "annotations": { "type": "object", @@ -224495,7 +224495,7 @@ } }, "gcp:iam/workloadIdentityPoolProvider:WorkloadIdentityPoolProvider": { - "description": "A configuration for an external identity provider.\n\n\nTo get more information about WorkloadIdentityPoolProvider, see:\n\n* [API documentation](https://cloud.google.com/iam/docs/reference/rest/v1/projects.locations.workloadIdentityPools.providers)\n* How-to Guides\n * [Managing workload identity providers](https://cloud.google.com/iam/docs/manage-workload-identity-pools-providers#managing_workload_identity_providers)\n\n## Example Usage\n\n### Iam Workload Identity Pool Provider Aws Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst pool = new gcp.iam.WorkloadIdentityPool(\"pool\", {workloadIdentityPoolId: \"example-pool\"});\nconst example = new gcp.iam.WorkloadIdentityPoolProvider(\"example\", {\n workloadIdentityPoolId: pool.workloadIdentityPoolId,\n workloadIdentityPoolProviderId: \"example-prvdr\",\n aws: {\n accountId: \"999999999999\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npool = gcp.iam.WorkloadIdentityPool(\"pool\", workload_identity_pool_id=\"example-pool\")\nexample = gcp.iam.WorkloadIdentityPoolProvider(\"example\",\n workload_identity_pool_id=pool.workload_identity_pool_id,\n workload_identity_pool_provider_id=\"example-prvdr\",\n aws={\n \"account_id\": \"999999999999\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Gcp.Iam.WorkloadIdentityPool(\"pool\", new()\n {\n WorkloadIdentityPoolId = \"example-pool\",\n });\n\n var example = new Gcp.Iam.WorkloadIdentityPoolProvider(\"example\", new()\n {\n WorkloadIdentityPoolId = pool.WorkloadIdentityPoolId,\n WorkloadIdentityPoolProviderId = \"example-prvdr\",\n Aws = new Gcp.Iam.Inputs.WorkloadIdentityPoolProviderAwsArgs\n {\n AccountId = \"999999999999\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := iam.NewWorkloadIdentityPool(ctx, \"pool\", \u0026iam.WorkloadIdentityPoolArgs{\n\t\t\tWorkloadIdentityPoolId: pulumi.String(\"example-pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewWorkloadIdentityPoolProvider(ctx, \"example\", \u0026iam.WorkloadIdentityPoolProviderArgs{\n\t\t\tWorkloadIdentityPoolId: pool.WorkloadIdentityPoolId,\n\t\t\tWorkloadIdentityPoolProviderId: pulumi.String(\"example-prvdr\"),\n\t\t\tAws: \u0026iam.WorkloadIdentityPoolProviderAwsArgs{\n\t\t\t\tAccountId: pulumi.String(\"999999999999\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iam.WorkloadIdentityPool;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolArgs;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProvider;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProviderArgs;\nimport com.pulumi.gcp.iam.inputs.WorkloadIdentityPoolProviderAwsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new WorkloadIdentityPool(\"pool\", WorkloadIdentityPoolArgs.builder()\n .workloadIdentityPoolId(\"example-pool\")\n .build());\n\n var example = new WorkloadIdentityPoolProvider(\"example\", WorkloadIdentityPoolProviderArgs.builder()\n .workloadIdentityPoolId(pool.workloadIdentityPoolId())\n .workloadIdentityPoolProviderId(\"example-prvdr\")\n .aws(WorkloadIdentityPoolProviderAwsArgs.builder()\n .accountId(\"999999999999\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pool:\n type: gcp:iam:WorkloadIdentityPool\n properties:\n workloadIdentityPoolId: example-pool\n example:\n type: gcp:iam:WorkloadIdentityPoolProvider\n properties:\n workloadIdentityPoolId: ${pool.workloadIdentityPoolId}\n workloadIdentityPoolProviderId: example-prvdr\n aws:\n accountId: '999999999999'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Iam Workload Identity Pool Provider Aws Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst pool = new gcp.iam.WorkloadIdentityPool(\"pool\", {workloadIdentityPoolId: \"example-pool\"});\nconst example = new gcp.iam.WorkloadIdentityPoolProvider(\"example\", {\n workloadIdentityPoolId: pool.workloadIdentityPoolId,\n workloadIdentityPoolProviderId: \"example-prvdr\",\n displayName: \"Name of provider\",\n description: \"AWS identity pool provider for automated test\",\n disabled: true,\n attributeCondition: \"attribute.aws_role==\\\"arn:aws:sts::999999999999:assumed-role/stack-eu-central-1-lambdaRole\\\"\",\n attributeMapping: {\n \"google.subject\": \"assertion.arn\",\n \"attribute.aws_account\": \"assertion.account\",\n \"attribute.environment\": \"assertion.arn.contains(\\\":instance-profile/Production\\\") ? \\\"prod\\\" : \\\"test\\\"\",\n },\n aws: {\n accountId: \"999999999999\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npool = gcp.iam.WorkloadIdentityPool(\"pool\", workload_identity_pool_id=\"example-pool\")\nexample = gcp.iam.WorkloadIdentityPoolProvider(\"example\",\n workload_identity_pool_id=pool.workload_identity_pool_id,\n workload_identity_pool_provider_id=\"example-prvdr\",\n display_name=\"Name of provider\",\n description=\"AWS identity pool provider for automated test\",\n disabled=True,\n attribute_condition=\"attribute.aws_role==\\\"arn:aws:sts::999999999999:assumed-role/stack-eu-central-1-lambdaRole\\\"\",\n attribute_mapping={\n \"google.subject\": \"assertion.arn\",\n \"attribute.aws_account\": \"assertion.account\",\n \"attribute.environment\": \"assertion.arn.contains(\\\":instance-profile/Production\\\") ? \\\"prod\\\" : \\\"test\\\"\",\n },\n aws={\n \"account_id\": \"999999999999\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Gcp.Iam.WorkloadIdentityPool(\"pool\", new()\n {\n WorkloadIdentityPoolId = \"example-pool\",\n });\n\n var example = new Gcp.Iam.WorkloadIdentityPoolProvider(\"example\", new()\n {\n WorkloadIdentityPoolId = pool.WorkloadIdentityPoolId,\n WorkloadIdentityPoolProviderId = \"example-prvdr\",\n DisplayName = \"Name of provider\",\n Description = \"AWS identity pool provider for automated test\",\n Disabled = true,\n AttributeCondition = \"attribute.aws_role==\\\"arn:aws:sts::999999999999:assumed-role/stack-eu-central-1-lambdaRole\\\"\",\n AttributeMapping = \n {\n { \"google.subject\", \"assertion.arn\" },\n { \"attribute.aws_account\", \"assertion.account\" },\n { \"attribute.environment\", \"assertion.arn.contains(\\\":instance-profile/Production\\\") ? \\\"prod\\\" : \\\"test\\\"\" },\n },\n Aws = new Gcp.Iam.Inputs.WorkloadIdentityPoolProviderAwsArgs\n {\n AccountId = \"999999999999\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := iam.NewWorkloadIdentityPool(ctx, \"pool\", \u0026iam.WorkloadIdentityPoolArgs{\n\t\t\tWorkloadIdentityPoolId: pulumi.String(\"example-pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewWorkloadIdentityPoolProvider(ctx, \"example\", \u0026iam.WorkloadIdentityPoolProviderArgs{\n\t\t\tWorkloadIdentityPoolId: pool.WorkloadIdentityPoolId,\n\t\t\tWorkloadIdentityPoolProviderId: pulumi.String(\"example-prvdr\"),\n\t\t\tDisplayName: pulumi.String(\"Name of provider\"),\n\t\t\tDescription: pulumi.String(\"AWS identity pool provider for automated test\"),\n\t\t\tDisabled: pulumi.Bool(true),\n\t\t\tAttributeCondition: pulumi.String(\"attribute.aws_role==\\\"arn:aws:sts::999999999999:assumed-role/stack-eu-central-1-lambdaRole\\\"\"),\n\t\t\tAttributeMapping: pulumi.StringMap{\n\t\t\t\t\"google.subject\": pulumi.String(\"assertion.arn\"),\n\t\t\t\t\"attribute.aws_account\": pulumi.String(\"assertion.account\"),\n\t\t\t\t\"attribute.environment\": pulumi.String(\"assertion.arn.contains(\\\":instance-profile/Production\\\") ? \\\"prod\\\" : \\\"test\\\"\"),\n\t\t\t},\n\t\t\tAws: \u0026iam.WorkloadIdentityPoolProviderAwsArgs{\n\t\t\t\tAccountId: pulumi.String(\"999999999999\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iam.WorkloadIdentityPool;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolArgs;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProvider;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProviderArgs;\nimport com.pulumi.gcp.iam.inputs.WorkloadIdentityPoolProviderAwsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new WorkloadIdentityPool(\"pool\", WorkloadIdentityPoolArgs.builder()\n .workloadIdentityPoolId(\"example-pool\")\n .build());\n\n var example = new WorkloadIdentityPoolProvider(\"example\", WorkloadIdentityPoolProviderArgs.builder()\n .workloadIdentityPoolId(pool.workloadIdentityPoolId())\n .workloadIdentityPoolProviderId(\"example-prvdr\")\n .displayName(\"Name of provider\")\n .description(\"AWS identity pool provider for automated test\")\n .disabled(true)\n .attributeCondition(\"attribute.aws_role==\\\"arn:aws:sts::999999999999:assumed-role/stack-eu-central-1-lambdaRole\\\"\")\n .attributeMapping(Map.ofEntries(\n Map.entry(\"google.subject\", \"assertion.arn\"),\n Map.entry(\"attribute.aws_account\", \"assertion.account\"),\n Map.entry(\"attribute.environment\", \"assertion.arn.contains(\\\":instance-profile/Production\\\") ? \\\"prod\\\" : \\\"test\\\"\")\n ))\n .aws(WorkloadIdentityPoolProviderAwsArgs.builder()\n .accountId(\"999999999999\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pool:\n type: gcp:iam:WorkloadIdentityPool\n properties:\n workloadIdentityPoolId: example-pool\n example:\n type: gcp:iam:WorkloadIdentityPoolProvider\n properties:\n workloadIdentityPoolId: ${pool.workloadIdentityPoolId}\n workloadIdentityPoolProviderId: example-prvdr\n displayName: Name of provider\n description: AWS identity pool provider for automated test\n disabled: true\n attributeCondition: attribute.aws_role==\"arn:aws:sts::999999999999:assumed-role/stack-eu-central-1-lambdaRole\"\n attributeMapping:\n google.subject: assertion.arn\n attribute.aws_account: assertion.account\n attribute.environment: 'assertion.arn.contains(\":instance-profile/Production\") ? \"prod\" : \"test\"'\n aws:\n accountId: '999999999999'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Iam Workload Identity Pool Provider Github Actions\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst pool = new gcp.iam.WorkloadIdentityPool(\"pool\", {workloadIdentityPoolId: \"example-pool\"});\nconst example = new gcp.iam.WorkloadIdentityPoolProvider(\"example\", {\n workloadIdentityPoolId: pool.workloadIdentityPoolId,\n workloadIdentityPoolProviderId: \"example-prvdr\",\n displayName: \"Name of provider\",\n description: \"GitHub Actions identity pool provider for automated test\",\n disabled: true,\n attributeCondition: ` assertion.repository_owner_id == \"123456789\" \u0026\u0026\n attribute.repository == \"gh-org/gh-repo\" \u0026\u0026\n assertion.ref == \"refs/heads/main\" \u0026\u0026\n assertion.ref_type == \"branch\"\n`,\n attributeMapping: {\n \"google.subject\": \"assertion.sub\",\n \"attribute.actor\": \"assertion.actor\",\n \"attribute.aud\": \"assertion.aud\",\n \"attribute.repository\": \"assertion.repository\",\n },\n oidc: {\n issuerUri: \"https://token.actions.githubusercontent.com\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npool = gcp.iam.WorkloadIdentityPool(\"pool\", workload_identity_pool_id=\"example-pool\")\nexample = gcp.iam.WorkloadIdentityPoolProvider(\"example\",\n workload_identity_pool_id=pool.workload_identity_pool_id,\n workload_identity_pool_provider_id=\"example-prvdr\",\n display_name=\"Name of provider\",\n description=\"GitHub Actions identity pool provider for automated test\",\n disabled=True,\n attribute_condition=\"\"\" assertion.repository_owner_id == \"123456789\" \u0026\u0026\n attribute.repository == \"gh-org/gh-repo\" \u0026\u0026\n assertion.ref == \"refs/heads/main\" \u0026\u0026\n assertion.ref_type == \"branch\"\n\"\"\",\n attribute_mapping={\n \"google.subject\": \"assertion.sub\",\n \"attribute.actor\": \"assertion.actor\",\n \"attribute.aud\": \"assertion.aud\",\n \"attribute.repository\": \"assertion.repository\",\n },\n oidc={\n \"issuer_uri\": \"https://token.actions.githubusercontent.com\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Gcp.Iam.WorkloadIdentityPool(\"pool\", new()\n {\n WorkloadIdentityPoolId = \"example-pool\",\n });\n\n var example = new Gcp.Iam.WorkloadIdentityPoolProvider(\"example\", new()\n {\n WorkloadIdentityPoolId = pool.WorkloadIdentityPoolId,\n WorkloadIdentityPoolProviderId = \"example-prvdr\",\n DisplayName = \"Name of provider\",\n Description = \"GitHub Actions identity pool provider for automated test\",\n Disabled = true,\n AttributeCondition = @\" assertion.repository_owner_id == \"\"123456789\"\" \u0026\u0026\n attribute.repository == \"\"gh-org/gh-repo\"\" \u0026\u0026\n assertion.ref == \"\"refs/heads/main\"\" \u0026\u0026\n assertion.ref_type == \"\"branch\"\"\n\",\n AttributeMapping = \n {\n { \"google.subject\", \"assertion.sub\" },\n { \"attribute.actor\", \"assertion.actor\" },\n { \"attribute.aud\", \"assertion.aud\" },\n { \"attribute.repository\", \"assertion.repository\" },\n },\n Oidc = new Gcp.Iam.Inputs.WorkloadIdentityPoolProviderOidcArgs\n {\n IssuerUri = \"https://token.actions.githubusercontent.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := iam.NewWorkloadIdentityPool(ctx, \"pool\", \u0026iam.WorkloadIdentityPoolArgs{\n\t\t\tWorkloadIdentityPoolId: pulumi.String(\"example-pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewWorkloadIdentityPoolProvider(ctx, \"example\", \u0026iam.WorkloadIdentityPoolProviderArgs{\n\t\t\tWorkloadIdentityPoolId: pool.WorkloadIdentityPoolId,\n\t\t\tWorkloadIdentityPoolProviderId: pulumi.String(\"example-prvdr\"),\n\t\t\tDisplayName: pulumi.String(\"Name of provider\"),\n\t\t\tDescription: pulumi.String(\"GitHub Actions identity pool provider for automated test\"),\n\t\t\tDisabled: pulumi.Bool(true),\n\t\t\tAttributeCondition: pulumi.String(\" assertion.repository_owner_id == \\\"123456789\\\" \u0026\u0026\\n attribute.repository == \\\"gh-org/gh-repo\\\" \u0026\u0026\\n assertion.ref == \\\"refs/heads/main\\\" \u0026\u0026\\n assertion.ref_type == \\\"branch\\\"\\n\"),\n\t\t\tAttributeMapping: pulumi.StringMap{\n\t\t\t\t\"google.subject\": pulumi.String(\"assertion.sub\"),\n\t\t\t\t\"attribute.actor\": pulumi.String(\"assertion.actor\"),\n\t\t\t\t\"attribute.aud\": pulumi.String(\"assertion.aud\"),\n\t\t\t\t\"attribute.repository\": pulumi.String(\"assertion.repository\"),\n\t\t\t},\n\t\t\tOidc: \u0026iam.WorkloadIdentityPoolProviderOidcArgs{\n\t\t\t\tIssuerUri: pulumi.String(\"https://token.actions.githubusercontent.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iam.WorkloadIdentityPool;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolArgs;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProvider;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProviderArgs;\nimport com.pulumi.gcp.iam.inputs.WorkloadIdentityPoolProviderOidcArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new WorkloadIdentityPool(\"pool\", WorkloadIdentityPoolArgs.builder()\n .workloadIdentityPoolId(\"example-pool\")\n .build());\n\n var example = new WorkloadIdentityPoolProvider(\"example\", WorkloadIdentityPoolProviderArgs.builder()\n .workloadIdentityPoolId(pool.workloadIdentityPoolId())\n .workloadIdentityPoolProviderId(\"example-prvdr\")\n .displayName(\"Name of provider\")\n .description(\"GitHub Actions identity pool provider for automated test\")\n .disabled(true)\n .attributeCondition(\"\"\"\n assertion.repository_owner_id == \"123456789\" \u0026\u0026\n attribute.repository == \"gh-org/gh-repo\" \u0026\u0026\n assertion.ref == \"refs/heads/main\" \u0026\u0026\n assertion.ref_type == \"branch\"\n \"\"\")\n .attributeMapping(Map.ofEntries(\n Map.entry(\"google.subject\", \"assertion.sub\"),\n Map.entry(\"attribute.actor\", \"assertion.actor\"),\n Map.entry(\"attribute.aud\", \"assertion.aud\"),\n Map.entry(\"attribute.repository\", \"assertion.repository\")\n ))\n .oidc(WorkloadIdentityPoolProviderOidcArgs.builder()\n .issuerUri(\"https://token.actions.githubusercontent.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pool:\n type: gcp:iam:WorkloadIdentityPool\n properties:\n workloadIdentityPoolId: example-pool\n example:\n type: gcp:iam:WorkloadIdentityPoolProvider\n properties:\n workloadIdentityPoolId: ${pool.workloadIdentityPoolId}\n workloadIdentityPoolProviderId: example-prvdr\n displayName: Name of provider\n description: GitHub Actions identity pool provider for automated test\n disabled: true\n attributeCondition: |2\n assertion.repository_owner_id == \"123456789\" \u0026\u0026\n attribute.repository == \"gh-org/gh-repo\" \u0026\u0026\n assertion.ref == \"refs/heads/main\" \u0026\u0026\n assertion.ref_type == \"branch\"\n attributeMapping:\n google.subject: assertion.sub\n attribute.actor: assertion.actor\n attribute.aud: assertion.aud\n attribute.repository: assertion.repository\n oidc:\n issuerUri: https://token.actions.githubusercontent.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Iam Workload Identity Pool Provider Oidc Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst pool = new gcp.iam.WorkloadIdentityPool(\"pool\", {workloadIdentityPoolId: \"example-pool\"});\nconst example = new gcp.iam.WorkloadIdentityPoolProvider(\"example\", {\n workloadIdentityPoolId: pool.workloadIdentityPoolId,\n workloadIdentityPoolProviderId: \"example-prvdr\",\n attributeMapping: {\n \"google.subject\": \"assertion.sub\",\n },\n oidc: {\n issuerUri: \"https://sts.windows.net/azure-tenant-id\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npool = gcp.iam.WorkloadIdentityPool(\"pool\", workload_identity_pool_id=\"example-pool\")\nexample = gcp.iam.WorkloadIdentityPoolProvider(\"example\",\n workload_identity_pool_id=pool.workload_identity_pool_id,\n workload_identity_pool_provider_id=\"example-prvdr\",\n attribute_mapping={\n \"google.subject\": \"assertion.sub\",\n },\n oidc={\n \"issuer_uri\": \"https://sts.windows.net/azure-tenant-id\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Gcp.Iam.WorkloadIdentityPool(\"pool\", new()\n {\n WorkloadIdentityPoolId = \"example-pool\",\n });\n\n var example = new Gcp.Iam.WorkloadIdentityPoolProvider(\"example\", new()\n {\n WorkloadIdentityPoolId = pool.WorkloadIdentityPoolId,\n WorkloadIdentityPoolProviderId = \"example-prvdr\",\n AttributeMapping = \n {\n { \"google.subject\", \"assertion.sub\" },\n },\n Oidc = new Gcp.Iam.Inputs.WorkloadIdentityPoolProviderOidcArgs\n {\n IssuerUri = \"https://sts.windows.net/azure-tenant-id\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := iam.NewWorkloadIdentityPool(ctx, \"pool\", \u0026iam.WorkloadIdentityPoolArgs{\n\t\t\tWorkloadIdentityPoolId: pulumi.String(\"example-pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewWorkloadIdentityPoolProvider(ctx, \"example\", \u0026iam.WorkloadIdentityPoolProviderArgs{\n\t\t\tWorkloadIdentityPoolId: pool.WorkloadIdentityPoolId,\n\t\t\tWorkloadIdentityPoolProviderId: pulumi.String(\"example-prvdr\"),\n\t\t\tAttributeMapping: pulumi.StringMap{\n\t\t\t\t\"google.subject\": pulumi.String(\"assertion.sub\"),\n\t\t\t},\n\t\t\tOidc: \u0026iam.WorkloadIdentityPoolProviderOidcArgs{\n\t\t\t\tIssuerUri: pulumi.String(\"https://sts.windows.net/azure-tenant-id\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iam.WorkloadIdentityPool;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolArgs;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProvider;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProviderArgs;\nimport com.pulumi.gcp.iam.inputs.WorkloadIdentityPoolProviderOidcArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new WorkloadIdentityPool(\"pool\", WorkloadIdentityPoolArgs.builder()\n .workloadIdentityPoolId(\"example-pool\")\n .build());\n\n var example = new WorkloadIdentityPoolProvider(\"example\", WorkloadIdentityPoolProviderArgs.builder()\n .workloadIdentityPoolId(pool.workloadIdentityPoolId())\n .workloadIdentityPoolProviderId(\"example-prvdr\")\n .attributeMapping(Map.of(\"google.subject\", \"assertion.sub\"))\n .oidc(WorkloadIdentityPoolProviderOidcArgs.builder()\n .issuerUri(\"https://sts.windows.net/azure-tenant-id\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pool:\n type: gcp:iam:WorkloadIdentityPool\n properties:\n workloadIdentityPoolId: example-pool\n example:\n type: gcp:iam:WorkloadIdentityPoolProvider\n properties:\n workloadIdentityPoolId: ${pool.workloadIdentityPoolId}\n workloadIdentityPoolProviderId: example-prvdr\n attributeMapping:\n google.subject: assertion.sub\n oidc:\n issuerUri: https://sts.windows.net/azure-tenant-id\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Iam Workload Identity Pool Provider Oidc Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst pool = new gcp.iam.WorkloadIdentityPool(\"pool\", {workloadIdentityPoolId: \"example-pool\"});\nconst example = new gcp.iam.WorkloadIdentityPoolProvider(\"example\", {\n workloadIdentityPoolId: pool.workloadIdentityPoolId,\n workloadIdentityPoolProviderId: \"example-prvdr\",\n displayName: \"Name of provider\",\n description: \"OIDC identity pool provider for automated test\",\n disabled: true,\n attributeCondition: \"\\\"e968c2ef-047c-498d-8d79-16ca1b61e77e\\\" in assertion.groups\",\n attributeMapping: {\n \"google.subject\": \"\\\"azure::\\\" + assertion.tid + \\\"::\\\" + assertion.sub\",\n \"attribute.tid\": \"assertion.tid\",\n \"attribute.managed_identity_name\": ` {\n \"8bb39bdb-1cc5-4447-b7db-a19e920eb111\":\"workload1\",\n \"55d36609-9bcf-48e0-a366-a3cf19027d2a\":\"workload2\"\n }[assertion.oid]\n`,\n },\n oidc: {\n allowedAudiences: [\n \"https://example.com/gcp-oidc-federation\",\n \"example.com/gcp-oidc-federation\",\n ],\n issuerUri: \"https://sts.windows.net/azure-tenant-id\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npool = gcp.iam.WorkloadIdentityPool(\"pool\", workload_identity_pool_id=\"example-pool\")\nexample = gcp.iam.WorkloadIdentityPoolProvider(\"example\",\n workload_identity_pool_id=pool.workload_identity_pool_id,\n workload_identity_pool_provider_id=\"example-prvdr\",\n display_name=\"Name of provider\",\n description=\"OIDC identity pool provider for automated test\",\n disabled=True,\n attribute_condition=\"\\\"e968c2ef-047c-498d-8d79-16ca1b61e77e\\\" in assertion.groups\",\n attribute_mapping={\n \"google.subject\": \"\\\"azure::\\\" + assertion.tid + \\\"::\\\" + assertion.sub\",\n \"attribute.tid\": \"assertion.tid\",\n \"attribute.managed_identity_name\": \"\"\" {\n \"8bb39bdb-1cc5-4447-b7db-a19e920eb111\":\"workload1\",\n \"55d36609-9bcf-48e0-a366-a3cf19027d2a\":\"workload2\"\n }[assertion.oid]\n\"\"\",\n },\n oidc={\n \"allowed_audiences\": [\n \"https://example.com/gcp-oidc-federation\",\n \"example.com/gcp-oidc-federation\",\n ],\n \"issuer_uri\": \"https://sts.windows.net/azure-tenant-id\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Gcp.Iam.WorkloadIdentityPool(\"pool\", new()\n {\n WorkloadIdentityPoolId = \"example-pool\",\n });\n\n var example = new Gcp.Iam.WorkloadIdentityPoolProvider(\"example\", new()\n {\n WorkloadIdentityPoolId = pool.WorkloadIdentityPoolId,\n WorkloadIdentityPoolProviderId = \"example-prvdr\",\n DisplayName = \"Name of provider\",\n Description = \"OIDC identity pool provider for automated test\",\n Disabled = true,\n AttributeCondition = \"\\\"e968c2ef-047c-498d-8d79-16ca1b61e77e\\\" in assertion.groups\",\n AttributeMapping = \n {\n { \"google.subject\", \"\\\"azure::\\\" + assertion.tid + \\\"::\\\" + assertion.sub\" },\n { \"attribute.tid\", \"assertion.tid\" },\n { \"attribute.managed_identity_name\", @\" {\n \"\"8bb39bdb-1cc5-4447-b7db-a19e920eb111\"\":\"\"workload1\"\",\n \"\"55d36609-9bcf-48e0-a366-a3cf19027d2a\"\":\"\"workload2\"\"\n }[assertion.oid]\n\" },\n },\n Oidc = new Gcp.Iam.Inputs.WorkloadIdentityPoolProviderOidcArgs\n {\n AllowedAudiences = new[]\n {\n \"https://example.com/gcp-oidc-federation\",\n \"example.com/gcp-oidc-federation\",\n },\n IssuerUri = \"https://sts.windows.net/azure-tenant-id\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := iam.NewWorkloadIdentityPool(ctx, \"pool\", \u0026iam.WorkloadIdentityPoolArgs{\n\t\t\tWorkloadIdentityPoolId: pulumi.String(\"example-pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewWorkloadIdentityPoolProvider(ctx, \"example\", \u0026iam.WorkloadIdentityPoolProviderArgs{\n\t\t\tWorkloadIdentityPoolId: pool.WorkloadIdentityPoolId,\n\t\t\tWorkloadIdentityPoolProviderId: pulumi.String(\"example-prvdr\"),\n\t\t\tDisplayName: pulumi.String(\"Name of provider\"),\n\t\t\tDescription: pulumi.String(\"OIDC identity pool provider for automated test\"),\n\t\t\tDisabled: pulumi.Bool(true),\n\t\t\tAttributeCondition: pulumi.String(\"\\\"e968c2ef-047c-498d-8d79-16ca1b61e77e\\\" in assertion.groups\"),\n\t\t\tAttributeMapping: pulumi.StringMap{\n\t\t\t\t\"google.subject\": pulumi.String(\"\\\"azure::\\\" + assertion.tid + \\\"::\\\" + assertion.sub\"),\n\t\t\t\t\"attribute.tid\": pulumi.String(\"assertion.tid\"),\n\t\t\t\t\"attribute.managed_identity_name\": pulumi.String(\" {\\n \\\"8bb39bdb-1cc5-4447-b7db-a19e920eb111\\\":\\\"workload1\\\",\\n \\\"55d36609-9bcf-48e0-a366-a3cf19027d2a\\\":\\\"workload2\\\"\\n }[assertion.oid]\\n\"),\n\t\t\t},\n\t\t\tOidc: \u0026iam.WorkloadIdentityPoolProviderOidcArgs{\n\t\t\t\tAllowedAudiences: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"https://example.com/gcp-oidc-federation\"),\n\t\t\t\t\tpulumi.String(\"example.com/gcp-oidc-federation\"),\n\t\t\t\t},\n\t\t\t\tIssuerUri: pulumi.String(\"https://sts.windows.net/azure-tenant-id\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iam.WorkloadIdentityPool;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolArgs;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProvider;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProviderArgs;\nimport com.pulumi.gcp.iam.inputs.WorkloadIdentityPoolProviderOidcArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new WorkloadIdentityPool(\"pool\", WorkloadIdentityPoolArgs.builder()\n .workloadIdentityPoolId(\"example-pool\")\n .build());\n\n var example = new WorkloadIdentityPoolProvider(\"example\", WorkloadIdentityPoolProviderArgs.builder()\n .workloadIdentityPoolId(pool.workloadIdentityPoolId())\n .workloadIdentityPoolProviderId(\"example-prvdr\")\n .displayName(\"Name of provider\")\n .description(\"OIDC identity pool provider for automated test\")\n .disabled(true)\n .attributeCondition(\"\\\"e968c2ef-047c-498d-8d79-16ca1b61e77e\\\" in assertion.groups\")\n .attributeMapping(Map.ofEntries(\n Map.entry(\"google.subject\", \"\\\"azure::\\\" + assertion.tid + \\\"::\\\" + assertion.sub\"),\n Map.entry(\"attribute.tid\", \"assertion.tid\"),\n Map.entry(\"attribute.managed_identity_name\", \"\"\"\n {\n \"8bb39bdb-1cc5-4447-b7db-a19e920eb111\":\"workload1\",\n \"55d36609-9bcf-48e0-a366-a3cf19027d2a\":\"workload2\"\n }[assertion.oid]\n \"\"\")\n ))\n .oidc(WorkloadIdentityPoolProviderOidcArgs.builder()\n .allowedAudiences( \n \"https://example.com/gcp-oidc-federation\",\n \"example.com/gcp-oidc-federation\")\n .issuerUri(\"https://sts.windows.net/azure-tenant-id\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pool:\n type: gcp:iam:WorkloadIdentityPool\n properties:\n workloadIdentityPoolId: example-pool\n example:\n type: gcp:iam:WorkloadIdentityPoolProvider\n properties:\n workloadIdentityPoolId: ${pool.workloadIdentityPoolId}\n workloadIdentityPoolProviderId: example-prvdr\n displayName: Name of provider\n description: OIDC identity pool provider for automated test\n disabled: true\n attributeCondition: '\"e968c2ef-047c-498d-8d79-16ca1b61e77e\" in assertion.groups'\n attributeMapping:\n google.subject: '\"azure::\" + assertion.tid + \"::\" + assertion.sub'\n attribute.tid: assertion.tid\n attribute.managed_identity_name: |2\n {\n \"8bb39bdb-1cc5-4447-b7db-a19e920eb111\":\"workload1\",\n \"55d36609-9bcf-48e0-a366-a3cf19027d2a\":\"workload2\"\n }[assertion.oid]\n oidc:\n allowedAudiences:\n - https://example.com/gcp-oidc-federation\n - example.com/gcp-oidc-federation\n issuerUri: https://sts.windows.net/azure-tenant-id\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Iam Workload Identity Pool Provider Saml Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst pool = new gcp.iam.WorkloadIdentityPool(\"pool\", {workloadIdentityPoolId: \"example-pool\"});\nconst example = new gcp.iam.WorkloadIdentityPoolProvider(\"example\", {\n workloadIdentityPoolId: pool.workloadIdentityPoolId,\n workloadIdentityPoolProviderId: \"example-prvdr\",\n attributeMapping: {\n \"google.subject\": \"assertion.arn\",\n \"attribute.aws_account\": \"assertion.account\",\n \"attribute.environment\": \"assertion.arn.contains(\\\":instance-profile/Production\\\") ? \\\"prod\\\" : \\\"test\\\"\",\n },\n saml: {\n idpMetadataXml: std.file({\n input: \"test-fixtures/metadata.xml\",\n }).then(invoke =\u003e invoke.result),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\npool = gcp.iam.WorkloadIdentityPool(\"pool\", workload_identity_pool_id=\"example-pool\")\nexample = gcp.iam.WorkloadIdentityPoolProvider(\"example\",\n workload_identity_pool_id=pool.workload_identity_pool_id,\n workload_identity_pool_provider_id=\"example-prvdr\",\n attribute_mapping={\n \"google.subject\": \"assertion.arn\",\n \"attribute.aws_account\": \"assertion.account\",\n \"attribute.environment\": \"assertion.arn.contains(\\\":instance-profile/Production\\\") ? \\\"prod\\\" : \\\"test\\\"\",\n },\n saml={\n \"idp_metadata_xml\": std.file(input=\"test-fixtures/metadata.xml\").result,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Gcp.Iam.WorkloadIdentityPool(\"pool\", new()\n {\n WorkloadIdentityPoolId = \"example-pool\",\n });\n\n var example = new Gcp.Iam.WorkloadIdentityPoolProvider(\"example\", new()\n {\n WorkloadIdentityPoolId = pool.WorkloadIdentityPoolId,\n WorkloadIdentityPoolProviderId = \"example-prvdr\",\n AttributeMapping = \n {\n { \"google.subject\", \"assertion.arn\" },\n { \"attribute.aws_account\", \"assertion.account\" },\n { \"attribute.environment\", \"assertion.arn.contains(\\\":instance-profile/Production\\\") ? \\\"prod\\\" : \\\"test\\\"\" },\n },\n Saml = new Gcp.Iam.Inputs.WorkloadIdentityPoolProviderSamlArgs\n {\n IdpMetadataXml = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/metadata.xml\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := iam.NewWorkloadIdentityPool(ctx, \"pool\", \u0026iam.WorkloadIdentityPoolArgs{\n\t\t\tWorkloadIdentityPoolId: pulumi.String(\"example-pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/metadata.xml\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewWorkloadIdentityPoolProvider(ctx, \"example\", \u0026iam.WorkloadIdentityPoolProviderArgs{\n\t\t\tWorkloadIdentityPoolId: pool.WorkloadIdentityPoolId,\n\t\t\tWorkloadIdentityPoolProviderId: pulumi.String(\"example-prvdr\"),\n\t\t\tAttributeMapping: pulumi.StringMap{\n\t\t\t\t\"google.subject\": pulumi.String(\"assertion.arn\"),\n\t\t\t\t\"attribute.aws_account\": pulumi.String(\"assertion.account\"),\n\t\t\t\t\"attribute.environment\": pulumi.String(\"assertion.arn.contains(\\\":instance-profile/Production\\\") ? \\\"prod\\\" : \\\"test\\\"\"),\n\t\t\t},\n\t\t\tSaml: \u0026iam.WorkloadIdentityPoolProviderSamlArgs{\n\t\t\t\tIdpMetadataXml: pulumi.String(invokeFile.Result),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iam.WorkloadIdentityPool;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolArgs;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProvider;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProviderArgs;\nimport com.pulumi.gcp.iam.inputs.WorkloadIdentityPoolProviderSamlArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new WorkloadIdentityPool(\"pool\", WorkloadIdentityPoolArgs.builder()\n .workloadIdentityPoolId(\"example-pool\")\n .build());\n\n var example = new WorkloadIdentityPoolProvider(\"example\", WorkloadIdentityPoolProviderArgs.builder()\n .workloadIdentityPoolId(pool.workloadIdentityPoolId())\n .workloadIdentityPoolProviderId(\"example-prvdr\")\n .attributeMapping(Map.ofEntries(\n Map.entry(\"google.subject\", \"assertion.arn\"),\n Map.entry(\"attribute.aws_account\", \"assertion.account\"),\n Map.entry(\"attribute.environment\", \"assertion.arn.contains(\\\":instance-profile/Production\\\") ? \\\"prod\\\" : \\\"test\\\"\")\n ))\n .saml(WorkloadIdentityPoolProviderSamlArgs.builder()\n .idpMetadataXml(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/metadata.xml\")\n .build()).result())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pool:\n type: gcp:iam:WorkloadIdentityPool\n properties:\n workloadIdentityPoolId: example-pool\n example:\n type: gcp:iam:WorkloadIdentityPoolProvider\n properties:\n workloadIdentityPoolId: ${pool.workloadIdentityPoolId}\n workloadIdentityPoolProviderId: example-prvdr\n attributeMapping:\n google.subject: assertion.arn\n attribute.aws_account: assertion.account\n attribute.environment: 'assertion.arn.contains(\":instance-profile/Production\") ? \"prod\" : \"test\"'\n saml:\n idpMetadataXml:\n fn::invoke:\n Function: std:file\n Arguments:\n input: test-fixtures/metadata.xml\n Return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Iam Workload Identity Pool Provider Saml Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst pool = new gcp.iam.WorkloadIdentityPool(\"pool\", {workloadIdentityPoolId: \"example-pool\"});\nconst example = new gcp.iam.WorkloadIdentityPoolProvider(\"example\", {\n workloadIdentityPoolId: pool.workloadIdentityPoolId,\n workloadIdentityPoolProviderId: \"example-prvdr\",\n displayName: \"Name of provider\",\n description: \"SAML 2.0 identity pool provider for automated test\",\n disabled: true,\n attributeMapping: {\n \"google.subject\": \"assertion.arn\",\n \"attribute.aws_account\": \"assertion.account\",\n \"attribute.environment\": \"assertion.arn.contains(\\\":instance-profile/Production\\\") ? \\\"prod\\\" : \\\"test\\\"\",\n },\n saml: {\n idpMetadataXml: std.file({\n input: \"test-fixtures/metadata.xml\",\n }).then(invoke =\u003e invoke.result),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\npool = gcp.iam.WorkloadIdentityPool(\"pool\", workload_identity_pool_id=\"example-pool\")\nexample = gcp.iam.WorkloadIdentityPoolProvider(\"example\",\n workload_identity_pool_id=pool.workload_identity_pool_id,\n workload_identity_pool_provider_id=\"example-prvdr\",\n display_name=\"Name of provider\",\n description=\"SAML 2.0 identity pool provider for automated test\",\n disabled=True,\n attribute_mapping={\n \"google.subject\": \"assertion.arn\",\n \"attribute.aws_account\": \"assertion.account\",\n \"attribute.environment\": \"assertion.arn.contains(\\\":instance-profile/Production\\\") ? \\\"prod\\\" : \\\"test\\\"\",\n },\n saml={\n \"idp_metadata_xml\": std.file(input=\"test-fixtures/metadata.xml\").result,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Gcp.Iam.WorkloadIdentityPool(\"pool\", new()\n {\n WorkloadIdentityPoolId = \"example-pool\",\n });\n\n var example = new Gcp.Iam.WorkloadIdentityPoolProvider(\"example\", new()\n {\n WorkloadIdentityPoolId = pool.WorkloadIdentityPoolId,\n WorkloadIdentityPoolProviderId = \"example-prvdr\",\n DisplayName = \"Name of provider\",\n Description = \"SAML 2.0 identity pool provider for automated test\",\n Disabled = true,\n AttributeMapping = \n {\n { \"google.subject\", \"assertion.arn\" },\n { \"attribute.aws_account\", \"assertion.account\" },\n { \"attribute.environment\", \"assertion.arn.contains(\\\":instance-profile/Production\\\") ? \\\"prod\\\" : \\\"test\\\"\" },\n },\n Saml = new Gcp.Iam.Inputs.WorkloadIdentityPoolProviderSamlArgs\n {\n IdpMetadataXml = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/metadata.xml\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := iam.NewWorkloadIdentityPool(ctx, \"pool\", \u0026iam.WorkloadIdentityPoolArgs{\n\t\t\tWorkloadIdentityPoolId: pulumi.String(\"example-pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/metadata.xml\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewWorkloadIdentityPoolProvider(ctx, \"example\", \u0026iam.WorkloadIdentityPoolProviderArgs{\n\t\t\tWorkloadIdentityPoolId: pool.WorkloadIdentityPoolId,\n\t\t\tWorkloadIdentityPoolProviderId: pulumi.String(\"example-prvdr\"),\n\t\t\tDisplayName: pulumi.String(\"Name of provider\"),\n\t\t\tDescription: pulumi.String(\"SAML 2.0 identity pool provider for automated test\"),\n\t\t\tDisabled: pulumi.Bool(true),\n\t\t\tAttributeMapping: pulumi.StringMap{\n\t\t\t\t\"google.subject\": pulumi.String(\"assertion.arn\"),\n\t\t\t\t\"attribute.aws_account\": pulumi.String(\"assertion.account\"),\n\t\t\t\t\"attribute.environment\": pulumi.String(\"assertion.arn.contains(\\\":instance-profile/Production\\\") ? \\\"prod\\\" : \\\"test\\\"\"),\n\t\t\t},\n\t\t\tSaml: \u0026iam.WorkloadIdentityPoolProviderSamlArgs{\n\t\t\t\tIdpMetadataXml: pulumi.String(invokeFile.Result),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iam.WorkloadIdentityPool;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolArgs;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProvider;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProviderArgs;\nimport com.pulumi.gcp.iam.inputs.WorkloadIdentityPoolProviderSamlArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new WorkloadIdentityPool(\"pool\", WorkloadIdentityPoolArgs.builder()\n .workloadIdentityPoolId(\"example-pool\")\n .build());\n\n var example = new WorkloadIdentityPoolProvider(\"example\", WorkloadIdentityPoolProviderArgs.builder()\n .workloadIdentityPoolId(pool.workloadIdentityPoolId())\n .workloadIdentityPoolProviderId(\"example-prvdr\")\n .displayName(\"Name of provider\")\n .description(\"SAML 2.0 identity pool provider for automated test\")\n .disabled(true)\n .attributeMapping(Map.ofEntries(\n Map.entry(\"google.subject\", \"assertion.arn\"),\n Map.entry(\"attribute.aws_account\", \"assertion.account\"),\n Map.entry(\"attribute.environment\", \"assertion.arn.contains(\\\":instance-profile/Production\\\") ? \\\"prod\\\" : \\\"test\\\"\")\n ))\n .saml(WorkloadIdentityPoolProviderSamlArgs.builder()\n .idpMetadataXml(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/metadata.xml\")\n .build()).result())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pool:\n type: gcp:iam:WorkloadIdentityPool\n properties:\n workloadIdentityPoolId: example-pool\n example:\n type: gcp:iam:WorkloadIdentityPoolProvider\n properties:\n workloadIdentityPoolId: ${pool.workloadIdentityPoolId}\n workloadIdentityPoolProviderId: example-prvdr\n displayName: Name of provider\n description: SAML 2.0 identity pool provider for automated test\n disabled: true\n attributeMapping:\n google.subject: assertion.arn\n attribute.aws_account: assertion.account\n attribute.environment: 'assertion.arn.contains(\":instance-profile/Production\") ? \"prod\" : \"test\"'\n saml:\n idpMetadataXml:\n fn::invoke:\n Function: std:file\n Arguments:\n input: test-fixtures/metadata.xml\n Return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Iam Workload Identity Pool Provider Oidc Upload Key\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst pool = new gcp.iam.WorkloadIdentityPool(\"pool\", {workloadIdentityPoolId: \"example-pool\"});\nconst example = new gcp.iam.WorkloadIdentityPoolProvider(\"example\", {\n workloadIdentityPoolId: pool.workloadIdentityPoolId,\n workloadIdentityPoolProviderId: \"example-prvdr\",\n displayName: \"Name of provider\",\n description: \"OIDC identity pool provider for automated test\",\n disabled: true,\n attributeCondition: \"\\\"e968c2ef-047c-498d-8d79-16ca1b61e77e\\\" in assertion.groups\",\n attributeMapping: {\n \"google.subject\": \"\\\"azure::\\\" + assertion.tid + \\\"::\\\" + assertion.sub\",\n \"attribute.tid\": \"assertion.tid\",\n \"attribute.managed_identity_name\": ` {\n \"8bb39bdb-1cc5-4447-b7db-a19e920eb111\":\"workload1\",\n \"55d36609-9bcf-48e0-a366-a3cf19027d2a\":\"workload2\"\n }[assertion.oid]\n`,\n },\n oidc: {\n allowedAudiences: [\n \"https://example.com/gcp-oidc-federation\",\n \"example.com/gcp-oidc-federation\",\n ],\n issuerUri: \"https://sts.windows.net/azure-tenant-id\",\n jwksJson: \"{\\\"keys\\\":[{\\\"kty\\\":\\\"RSA\\\",\\\"alg\\\":\\\"RS256\\\",\\\"kid\\\":\\\"sif0AR-F6MuvksAyAOv-Pds08Bcf2eUMlxE30NofddA\\\",\\\"use\\\":\\\"sig\\\",\\\"e\\\":\\\"AQAB\\\",\\\"n\\\":\\\"ylH1Chl1tpfti3lh51E1g5dPogzXDaQseqjsefGLknaNl5W6Wd4frBhHyE2t41Q5zgz_Ll0-NvWm0FlaG6brhrN9QZu6sJP1bM8WPfJVPgXOanxi7d7TXCkeNubGeiLTf5R3UXtS9Lm_guemU7MxDjDTelxnlgGCihOVTcL526suNJUdfXtpwUsvdU6_ZnAp9IpsuYjCtwPm9hPumlcZGMbxstdh07O4y4O90cVQClJOKSGQjAUCKJWXIQ0cqffGS_HuS_725CPzQ85SzYZzaNpgfhAER7kx_9P16ARM3BJz0PI5fe2hECE61J4GYU_BY43sxDfs7HyJpEXKLU9eWw\\\"}]}\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npool = gcp.iam.WorkloadIdentityPool(\"pool\", workload_identity_pool_id=\"example-pool\")\nexample = gcp.iam.WorkloadIdentityPoolProvider(\"example\",\n workload_identity_pool_id=pool.workload_identity_pool_id,\n workload_identity_pool_provider_id=\"example-prvdr\",\n display_name=\"Name of provider\",\n description=\"OIDC identity pool provider for automated test\",\n disabled=True,\n attribute_condition=\"\\\"e968c2ef-047c-498d-8d79-16ca1b61e77e\\\" in assertion.groups\",\n attribute_mapping={\n \"google.subject\": \"\\\"azure::\\\" + assertion.tid + \\\"::\\\" + assertion.sub\",\n \"attribute.tid\": \"assertion.tid\",\n \"attribute.managed_identity_name\": \"\"\" {\n \"8bb39bdb-1cc5-4447-b7db-a19e920eb111\":\"workload1\",\n \"55d36609-9bcf-48e0-a366-a3cf19027d2a\":\"workload2\"\n }[assertion.oid]\n\"\"\",\n },\n oidc={\n \"allowed_audiences\": [\n \"https://example.com/gcp-oidc-federation\",\n \"example.com/gcp-oidc-federation\",\n ],\n \"issuer_uri\": \"https://sts.windows.net/azure-tenant-id\",\n \"jwks_json\": \"{\\\"keys\\\":[{\\\"kty\\\":\\\"RSA\\\",\\\"alg\\\":\\\"RS256\\\",\\\"kid\\\":\\\"sif0AR-F6MuvksAyAOv-Pds08Bcf2eUMlxE30NofddA\\\",\\\"use\\\":\\\"sig\\\",\\\"e\\\":\\\"AQAB\\\",\\\"n\\\":\\\"ylH1Chl1tpfti3lh51E1g5dPogzXDaQseqjsefGLknaNl5W6Wd4frBhHyE2t41Q5zgz_Ll0-NvWm0FlaG6brhrN9QZu6sJP1bM8WPfJVPgXOanxi7d7TXCkeNubGeiLTf5R3UXtS9Lm_guemU7MxDjDTelxnlgGCihOVTcL526suNJUdfXtpwUsvdU6_ZnAp9IpsuYjCtwPm9hPumlcZGMbxstdh07O4y4O90cVQClJOKSGQjAUCKJWXIQ0cqffGS_HuS_725CPzQ85SzYZzaNpgfhAER7kx_9P16ARM3BJz0PI5fe2hECE61J4GYU_BY43sxDfs7HyJpEXKLU9eWw\\\"}]}\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Gcp.Iam.WorkloadIdentityPool(\"pool\", new()\n {\n WorkloadIdentityPoolId = \"example-pool\",\n });\n\n var example = new Gcp.Iam.WorkloadIdentityPoolProvider(\"example\", new()\n {\n WorkloadIdentityPoolId = pool.WorkloadIdentityPoolId,\n WorkloadIdentityPoolProviderId = \"example-prvdr\",\n DisplayName = \"Name of provider\",\n Description = \"OIDC identity pool provider for automated test\",\n Disabled = true,\n AttributeCondition = \"\\\"e968c2ef-047c-498d-8d79-16ca1b61e77e\\\" in assertion.groups\",\n AttributeMapping = \n {\n { \"google.subject\", \"\\\"azure::\\\" + assertion.tid + \\\"::\\\" + assertion.sub\" },\n { \"attribute.tid\", \"assertion.tid\" },\n { \"attribute.managed_identity_name\", @\" {\n \"\"8bb39bdb-1cc5-4447-b7db-a19e920eb111\"\":\"\"workload1\"\",\n \"\"55d36609-9bcf-48e0-a366-a3cf19027d2a\"\":\"\"workload2\"\"\n }[assertion.oid]\n\" },\n },\n Oidc = new Gcp.Iam.Inputs.WorkloadIdentityPoolProviderOidcArgs\n {\n AllowedAudiences = new[]\n {\n \"https://example.com/gcp-oidc-federation\",\n \"example.com/gcp-oidc-federation\",\n },\n IssuerUri = \"https://sts.windows.net/azure-tenant-id\",\n JwksJson = \"{\\\"keys\\\":[{\\\"kty\\\":\\\"RSA\\\",\\\"alg\\\":\\\"RS256\\\",\\\"kid\\\":\\\"sif0AR-F6MuvksAyAOv-Pds08Bcf2eUMlxE30NofddA\\\",\\\"use\\\":\\\"sig\\\",\\\"e\\\":\\\"AQAB\\\",\\\"n\\\":\\\"ylH1Chl1tpfti3lh51E1g5dPogzXDaQseqjsefGLknaNl5W6Wd4frBhHyE2t41Q5zgz_Ll0-NvWm0FlaG6brhrN9QZu6sJP1bM8WPfJVPgXOanxi7d7TXCkeNubGeiLTf5R3UXtS9Lm_guemU7MxDjDTelxnlgGCihOVTcL526suNJUdfXtpwUsvdU6_ZnAp9IpsuYjCtwPm9hPumlcZGMbxstdh07O4y4O90cVQClJOKSGQjAUCKJWXIQ0cqffGS_HuS_725CPzQ85SzYZzaNpgfhAER7kx_9P16ARM3BJz0PI5fe2hECE61J4GYU_BY43sxDfs7HyJpEXKLU9eWw\\\"}]}\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := iam.NewWorkloadIdentityPool(ctx, \"pool\", \u0026iam.WorkloadIdentityPoolArgs{\n\t\t\tWorkloadIdentityPoolId: pulumi.String(\"example-pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewWorkloadIdentityPoolProvider(ctx, \"example\", \u0026iam.WorkloadIdentityPoolProviderArgs{\n\t\t\tWorkloadIdentityPoolId: pool.WorkloadIdentityPoolId,\n\t\t\tWorkloadIdentityPoolProviderId: pulumi.String(\"example-prvdr\"),\n\t\t\tDisplayName: pulumi.String(\"Name of provider\"),\n\t\t\tDescription: pulumi.String(\"OIDC identity pool provider for automated test\"),\n\t\t\tDisabled: pulumi.Bool(true),\n\t\t\tAttributeCondition: pulumi.String(\"\\\"e968c2ef-047c-498d-8d79-16ca1b61e77e\\\" in assertion.groups\"),\n\t\t\tAttributeMapping: pulumi.StringMap{\n\t\t\t\t\"google.subject\": pulumi.String(\"\\\"azure::\\\" + assertion.tid + \\\"::\\\" + assertion.sub\"),\n\t\t\t\t\"attribute.tid\": pulumi.String(\"assertion.tid\"),\n\t\t\t\t\"attribute.managed_identity_name\": pulumi.String(\" {\\n \\\"8bb39bdb-1cc5-4447-b7db-a19e920eb111\\\":\\\"workload1\\\",\\n \\\"55d36609-9bcf-48e0-a366-a3cf19027d2a\\\":\\\"workload2\\\"\\n }[assertion.oid]\\n\"),\n\t\t\t},\n\t\t\tOidc: \u0026iam.WorkloadIdentityPoolProviderOidcArgs{\n\t\t\t\tAllowedAudiences: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"https://example.com/gcp-oidc-federation\"),\n\t\t\t\t\tpulumi.String(\"example.com/gcp-oidc-federation\"),\n\t\t\t\t},\n\t\t\t\tIssuerUri: pulumi.String(\"https://sts.windows.net/azure-tenant-id\"),\n\t\t\t\tJwksJson: pulumi.String(\"{\\\"keys\\\":[{\\\"kty\\\":\\\"RSA\\\",\\\"alg\\\":\\\"RS256\\\",\\\"kid\\\":\\\"sif0AR-F6MuvksAyAOv-Pds08Bcf2eUMlxE30NofddA\\\",\\\"use\\\":\\\"sig\\\",\\\"e\\\":\\\"AQAB\\\",\\\"n\\\":\\\"ylH1Chl1tpfti3lh51E1g5dPogzXDaQseqjsefGLknaNl5W6Wd4frBhHyE2t41Q5zgz_Ll0-NvWm0FlaG6brhrN9QZu6sJP1bM8WPfJVPgXOanxi7d7TXCkeNubGeiLTf5R3UXtS9Lm_guemU7MxDjDTelxnlgGCihOVTcL526suNJUdfXtpwUsvdU6_ZnAp9IpsuYjCtwPm9hPumlcZGMbxstdh07O4y4O90cVQClJOKSGQjAUCKJWXIQ0cqffGS_HuS_725CPzQ85SzYZzaNpgfhAER7kx_9P16ARM3BJz0PI5fe2hECE61J4GYU_BY43sxDfs7HyJpEXKLU9eWw\\\"}]}\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iam.WorkloadIdentityPool;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolArgs;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProvider;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProviderArgs;\nimport com.pulumi.gcp.iam.inputs.WorkloadIdentityPoolProviderOidcArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new WorkloadIdentityPool(\"pool\", WorkloadIdentityPoolArgs.builder()\n .workloadIdentityPoolId(\"example-pool\")\n .build());\n\n var example = new WorkloadIdentityPoolProvider(\"example\", WorkloadIdentityPoolProviderArgs.builder()\n .workloadIdentityPoolId(pool.workloadIdentityPoolId())\n .workloadIdentityPoolProviderId(\"example-prvdr\")\n .displayName(\"Name of provider\")\n .description(\"OIDC identity pool provider for automated test\")\n .disabled(true)\n .attributeCondition(\"\\\"e968c2ef-047c-498d-8d79-16ca1b61e77e\\\" in assertion.groups\")\n .attributeMapping(Map.ofEntries(\n Map.entry(\"google.subject\", \"\\\"azure::\\\" + assertion.tid + \\\"::\\\" + assertion.sub\"),\n Map.entry(\"attribute.tid\", \"assertion.tid\"),\n Map.entry(\"attribute.managed_identity_name\", \"\"\"\n {\n \"8bb39bdb-1cc5-4447-b7db-a19e920eb111\":\"workload1\",\n \"55d36609-9bcf-48e0-a366-a3cf19027d2a\":\"workload2\"\n }[assertion.oid]\n \"\"\")\n ))\n .oidc(WorkloadIdentityPoolProviderOidcArgs.builder()\n .allowedAudiences( \n \"https://example.com/gcp-oidc-federation\",\n \"example.com/gcp-oidc-federation\")\n .issuerUri(\"https://sts.windows.net/azure-tenant-id\")\n .jwksJson(\"{\\\"keys\\\":[{\\\"kty\\\":\\\"RSA\\\",\\\"alg\\\":\\\"RS256\\\",\\\"kid\\\":\\\"sif0AR-F6MuvksAyAOv-Pds08Bcf2eUMlxE30NofddA\\\",\\\"use\\\":\\\"sig\\\",\\\"e\\\":\\\"AQAB\\\",\\\"n\\\":\\\"ylH1Chl1tpfti3lh51E1g5dPogzXDaQseqjsefGLknaNl5W6Wd4frBhHyE2t41Q5zgz_Ll0-NvWm0FlaG6brhrN9QZu6sJP1bM8WPfJVPgXOanxi7d7TXCkeNubGeiLTf5R3UXtS9Lm_guemU7MxDjDTelxnlgGCihOVTcL526suNJUdfXtpwUsvdU6_ZnAp9IpsuYjCtwPm9hPumlcZGMbxstdh07O4y4O90cVQClJOKSGQjAUCKJWXIQ0cqffGS_HuS_725CPzQ85SzYZzaNpgfhAER7kx_9P16ARM3BJz0PI5fe2hECE61J4GYU_BY43sxDfs7HyJpEXKLU9eWw\\\"}]}\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pool:\n type: gcp:iam:WorkloadIdentityPool\n properties:\n workloadIdentityPoolId: example-pool\n example:\n type: gcp:iam:WorkloadIdentityPoolProvider\n properties:\n workloadIdentityPoolId: ${pool.workloadIdentityPoolId}\n workloadIdentityPoolProviderId: example-prvdr\n displayName: Name of provider\n description: OIDC identity pool provider for automated test\n disabled: true\n attributeCondition: '\"e968c2ef-047c-498d-8d79-16ca1b61e77e\" in assertion.groups'\n attributeMapping:\n google.subject: '\"azure::\" + assertion.tid + \"::\" + assertion.sub'\n attribute.tid: assertion.tid\n attribute.managed_identity_name: |2\n {\n \"8bb39bdb-1cc5-4447-b7db-a19e920eb111\":\"workload1\",\n \"55d36609-9bcf-48e0-a366-a3cf19027d2a\":\"workload2\"\n }[assertion.oid]\n oidc:\n allowedAudiences:\n - https://example.com/gcp-oidc-federation\n - example.com/gcp-oidc-federation\n issuerUri: https://sts.windows.net/azure-tenant-id\n jwksJson: '{\"keys\":[{\"kty\":\"RSA\",\"alg\":\"RS256\",\"kid\":\"sif0AR-F6MuvksAyAOv-Pds08Bcf2eUMlxE30NofddA\",\"use\":\"sig\",\"e\":\"AQAB\",\"n\":\"ylH1Chl1tpfti3lh51E1g5dPogzXDaQseqjsefGLknaNl5W6Wd4frBhHyE2t41Q5zgz_Ll0-NvWm0FlaG6brhrN9QZu6sJP1bM8WPfJVPgXOanxi7d7TXCkeNubGeiLTf5R3UXtS9Lm_guemU7MxDjDTelxnlgGCihOVTcL526suNJUdfXtpwUsvdU6_ZnAp9IpsuYjCtwPm9hPumlcZGMbxstdh07O4y4O90cVQClJOKSGQjAUCKJWXIQ0cqffGS_HuS_725CPzQ85SzYZzaNpgfhAER7kx_9P16ARM3BJz0PI5fe2hECE61J4GYU_BY43sxDfs7HyJpEXKLU9eWw\"}]}'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Iam Workload Identity Pool Provider X509 Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst pool = new gcp.iam.WorkloadIdentityPool(\"pool\", {workloadIdentityPoolId: \"example-pool\"});\nconst example = new gcp.iam.WorkloadIdentityPoolProvider(\"example\", {\n workloadIdentityPoolId: pool.workloadIdentityPoolId,\n workloadIdentityPoolProviderId: \"example-prvdr\",\n attributeMapping: {\n \"google.subject\": \"assertion.subject.dn.cn\",\n },\n x509: {\n trustStore: {\n trustAnchors: [{\n pemCertificate: std.file({\n input: \"test-fixtures/trust_anchor.pem\",\n }).then(invoke =\u003e invoke.result),\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\npool = gcp.iam.WorkloadIdentityPool(\"pool\", workload_identity_pool_id=\"example-pool\")\nexample = gcp.iam.WorkloadIdentityPoolProvider(\"example\",\n workload_identity_pool_id=pool.workload_identity_pool_id,\n workload_identity_pool_provider_id=\"example-prvdr\",\n attribute_mapping={\n \"google.subject\": \"assertion.subject.dn.cn\",\n },\n x509={\n \"trust_store\": {\n \"trust_anchors\": [{\n \"pem_certificate\": std.file(input=\"test-fixtures/trust_anchor.pem\").result,\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Gcp.Iam.WorkloadIdentityPool(\"pool\", new()\n {\n WorkloadIdentityPoolId = \"example-pool\",\n });\n\n var example = new Gcp.Iam.WorkloadIdentityPoolProvider(\"example\", new()\n {\n WorkloadIdentityPoolId = pool.WorkloadIdentityPoolId,\n WorkloadIdentityPoolProviderId = \"example-prvdr\",\n AttributeMapping = \n {\n { \"google.subject\", \"assertion.subject.dn.cn\" },\n },\n X509 = new Gcp.Iam.Inputs.WorkloadIdentityPoolProviderX509Args\n {\n TrustStore = new Gcp.Iam.Inputs.WorkloadIdentityPoolProviderX509TrustStoreArgs\n {\n TrustAnchors = new[]\n {\n new Gcp.Iam.Inputs.WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/trust_anchor.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := iam.NewWorkloadIdentityPool(ctx, \"pool\", \u0026iam.WorkloadIdentityPoolArgs{\n\t\t\tWorkloadIdentityPoolId: pulumi.String(\"example-pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/trust_anchor.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewWorkloadIdentityPoolProvider(ctx, \"example\", \u0026iam.WorkloadIdentityPoolProviderArgs{\n\t\t\tWorkloadIdentityPoolId: pool.WorkloadIdentityPoolId,\n\t\t\tWorkloadIdentityPoolProviderId: pulumi.String(\"example-prvdr\"),\n\t\t\tAttributeMapping: pulumi.StringMap{\n\t\t\t\t\"google.subject\": pulumi.String(\"assertion.subject.dn.cn\"),\n\t\t\t},\n\t\t\tX509: \u0026iam.WorkloadIdentityPoolProviderX509Args{\n\t\t\t\tTrustStore: \u0026iam.WorkloadIdentityPoolProviderX509TrustStoreArgs{\n\t\t\t\t\tTrustAnchors: iam.WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray{\n\t\t\t\t\t\t\u0026iam.WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs{\n\t\t\t\t\t\t\tPemCertificate: pulumi.String(invokeFile.Result),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iam.WorkloadIdentityPool;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolArgs;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProvider;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProviderArgs;\nimport com.pulumi.gcp.iam.inputs.WorkloadIdentityPoolProviderX509Args;\nimport com.pulumi.gcp.iam.inputs.WorkloadIdentityPoolProviderX509TrustStoreArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new WorkloadIdentityPool(\"pool\", WorkloadIdentityPoolArgs.builder()\n .workloadIdentityPoolId(\"example-pool\")\n .build());\n\n var example = new WorkloadIdentityPoolProvider(\"example\", WorkloadIdentityPoolProviderArgs.builder()\n .workloadIdentityPoolId(pool.workloadIdentityPoolId())\n .workloadIdentityPoolProviderId(\"example-prvdr\")\n .attributeMapping(Map.of(\"google.subject\", \"assertion.subject.dn.cn\"))\n .x509(WorkloadIdentityPoolProviderX509Args.builder()\n .trustStore(WorkloadIdentityPoolProviderX509TrustStoreArgs.builder()\n .trustAnchors(WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/trust_anchor.pem\")\n .build()).result())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pool:\n type: gcp:iam:WorkloadIdentityPool\n properties:\n workloadIdentityPoolId: example-pool\n example:\n type: gcp:iam:WorkloadIdentityPoolProvider\n properties:\n workloadIdentityPoolId: ${pool.workloadIdentityPoolId}\n workloadIdentityPoolProviderId: example-prvdr\n attributeMapping:\n google.subject: assertion.subject.dn.cn\n x509:\n trustStore:\n trustAnchors:\n - pemCertificate:\n fn::invoke:\n Function: std:file\n Arguments:\n input: test-fixtures/trust_anchor.pem\n Return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Iam Workload Identity Pool Provider X509 Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst pool = new gcp.iam.WorkloadIdentityPool(\"pool\", {workloadIdentityPoolId: \"example-pool\"});\nconst example = new gcp.iam.WorkloadIdentityPoolProvider(\"example\", {\n workloadIdentityPoolId: pool.workloadIdentityPoolId,\n workloadIdentityPoolProviderId: \"example-prvdr\",\n displayName: \"Name of provider\",\n description: \"X.509 identity pool provider for automated test\",\n disabled: true,\n attributeMapping: {\n \"google.subject\": \"assertion.subject.dn.cn\",\n },\n x509: {\n trustStore: {\n trustAnchors: [{\n pemCertificate: std.file({\n input: \"test-fixtures/trust_anchor.pem\",\n }).then(invoke =\u003e invoke.result),\n }],\n intermediateCas: [{\n pemCertificate: std.file({\n input: \"test-fixtures/intermediate_ca.pem\",\n }).then(invoke =\u003e invoke.result),\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\npool = gcp.iam.WorkloadIdentityPool(\"pool\", workload_identity_pool_id=\"example-pool\")\nexample = gcp.iam.WorkloadIdentityPoolProvider(\"example\",\n workload_identity_pool_id=pool.workload_identity_pool_id,\n workload_identity_pool_provider_id=\"example-prvdr\",\n display_name=\"Name of provider\",\n description=\"X.509 identity pool provider for automated test\",\n disabled=True,\n attribute_mapping={\n \"google.subject\": \"assertion.subject.dn.cn\",\n },\n x509={\n \"trust_store\": {\n \"trust_anchors\": [{\n \"pem_certificate\": std.file(input=\"test-fixtures/trust_anchor.pem\").result,\n }],\n \"intermediate_cas\": [{\n \"pem_certificate\": std.file(input=\"test-fixtures/intermediate_ca.pem\").result,\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Gcp.Iam.WorkloadIdentityPool(\"pool\", new()\n {\n WorkloadIdentityPoolId = \"example-pool\",\n });\n\n var example = new Gcp.Iam.WorkloadIdentityPoolProvider(\"example\", new()\n {\n WorkloadIdentityPoolId = pool.WorkloadIdentityPoolId,\n WorkloadIdentityPoolProviderId = \"example-prvdr\",\n DisplayName = \"Name of provider\",\n Description = \"X.509 identity pool provider for automated test\",\n Disabled = true,\n AttributeMapping = \n {\n { \"google.subject\", \"assertion.subject.dn.cn\" },\n },\n X509 = new Gcp.Iam.Inputs.WorkloadIdentityPoolProviderX509Args\n {\n TrustStore = new Gcp.Iam.Inputs.WorkloadIdentityPoolProviderX509TrustStoreArgs\n {\n TrustAnchors = new[]\n {\n new Gcp.Iam.Inputs.WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/trust_anchor.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n IntermediateCas = new[]\n {\n new Gcp.Iam.Inputs.WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/intermediate_ca.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := iam.NewWorkloadIdentityPool(ctx, \"pool\", \u0026iam.WorkloadIdentityPoolArgs{\n\t\t\tWorkloadIdentityPoolId: pulumi.String(\"example-pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/trust_anchor.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/intermediate_ca.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewWorkloadIdentityPoolProvider(ctx, \"example\", \u0026iam.WorkloadIdentityPoolProviderArgs{\n\t\t\tWorkloadIdentityPoolId: pool.WorkloadIdentityPoolId,\n\t\t\tWorkloadIdentityPoolProviderId: pulumi.String(\"example-prvdr\"),\n\t\t\tDisplayName: pulumi.String(\"Name of provider\"),\n\t\t\tDescription: pulumi.String(\"X.509 identity pool provider for automated test\"),\n\t\t\tDisabled: pulumi.Bool(true),\n\t\t\tAttributeMapping: pulumi.StringMap{\n\t\t\t\t\"google.subject\": pulumi.String(\"assertion.subject.dn.cn\"),\n\t\t\t},\n\t\t\tX509: \u0026iam.WorkloadIdentityPoolProviderX509Args{\n\t\t\t\tTrustStore: \u0026iam.WorkloadIdentityPoolProviderX509TrustStoreArgs{\n\t\t\t\t\tTrustAnchors: iam.WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray{\n\t\t\t\t\t\t\u0026iam.WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs{\n\t\t\t\t\t\t\tPemCertificate: pulumi.String(invokeFile.Result),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tIntermediateCas: iam.WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray{\n\t\t\t\t\t\t\u0026iam.WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs{\n\t\t\t\t\t\t\tPemCertificate: pulumi.String(invokeFile1.Result),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iam.WorkloadIdentityPool;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolArgs;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProvider;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProviderArgs;\nimport com.pulumi.gcp.iam.inputs.WorkloadIdentityPoolProviderX509Args;\nimport com.pulumi.gcp.iam.inputs.WorkloadIdentityPoolProviderX509TrustStoreArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new WorkloadIdentityPool(\"pool\", WorkloadIdentityPoolArgs.builder()\n .workloadIdentityPoolId(\"example-pool\")\n .build());\n\n var example = new WorkloadIdentityPoolProvider(\"example\", WorkloadIdentityPoolProviderArgs.builder()\n .workloadIdentityPoolId(pool.workloadIdentityPoolId())\n .workloadIdentityPoolProviderId(\"example-prvdr\")\n .displayName(\"Name of provider\")\n .description(\"X.509 identity pool provider for automated test\")\n .disabled(true)\n .attributeMapping(Map.of(\"google.subject\", \"assertion.subject.dn.cn\"))\n .x509(WorkloadIdentityPoolProviderX509Args.builder()\n .trustStore(WorkloadIdentityPoolProviderX509TrustStoreArgs.builder()\n .trustAnchors(WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/trust_anchor.pem\")\n .build()).result())\n .build())\n .intermediateCas(WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/intermediate_ca.pem\")\n .build()).result())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pool:\n type: gcp:iam:WorkloadIdentityPool\n properties:\n workloadIdentityPoolId: example-pool\n example:\n type: gcp:iam:WorkloadIdentityPoolProvider\n properties:\n workloadIdentityPoolId: ${pool.workloadIdentityPoolId}\n workloadIdentityPoolProviderId: example-prvdr\n displayName: Name of provider\n description: X.509 identity pool provider for automated test\n disabled: true\n attributeMapping:\n google.subject: assertion.subject.dn.cn\n x509:\n trustStore:\n trustAnchors:\n - pemCertificate:\n fn::invoke:\n Function: std:file\n Arguments:\n input: test-fixtures/trust_anchor.pem\n Return: result\n intermediateCas:\n - pemCertificate:\n fn::invoke:\n Function: std:file\n Arguments:\n input: test-fixtures/intermediate_ca.pem\n Return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nWorkloadIdentityPoolProvider can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/providers/{{workload_identity_pool_provider_id}}`\n\n* `{{project}}/{{workload_identity_pool_id}}/{{workload_identity_pool_provider_id}}`\n\n* `{{workload_identity_pool_id}}/{{workload_identity_pool_provider_id}}`\n\nWhen using the `pulumi import` command, WorkloadIdentityPoolProvider can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:iam/workloadIdentityPoolProvider:WorkloadIdentityPoolProvider default projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/providers/{{workload_identity_pool_provider_id}}\n```\n\n```sh\n$ pulumi import gcp:iam/workloadIdentityPoolProvider:WorkloadIdentityPoolProvider default {{project}}/{{workload_identity_pool_id}}/{{workload_identity_pool_provider_id}}\n```\n\n```sh\n$ pulumi import gcp:iam/workloadIdentityPoolProvider:WorkloadIdentityPoolProvider default {{workload_identity_pool_id}}/{{workload_identity_pool_provider_id}}\n```\n\n", + "description": "A configuration for an external identity provider.\n\n\nTo get more information about WorkloadIdentityPoolProvider, see:\n\n* [API documentation](https://cloud.google.com/iam/docs/reference/rest/v1/projects.locations.workloadIdentityPools.providers)\n* How-to Guides\n * [Managing workload identity providers](https://cloud.google.com/iam/docs/manage-workload-identity-pools-providers#managing_workload_identity_providers)\n\n## Example Usage\n\n### Iam Workload Identity Pool Provider Aws Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst pool = new gcp.iam.WorkloadIdentityPool(\"pool\", {workloadIdentityPoolId: \"example-pool\"});\nconst example = new gcp.iam.WorkloadIdentityPoolProvider(\"example\", {\n workloadIdentityPoolId: pool.workloadIdentityPoolId,\n workloadIdentityPoolProviderId: \"example-prvdr\",\n aws: {\n accountId: \"999999999999\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npool = gcp.iam.WorkloadIdentityPool(\"pool\", workload_identity_pool_id=\"example-pool\")\nexample = gcp.iam.WorkloadIdentityPoolProvider(\"example\",\n workload_identity_pool_id=pool.workload_identity_pool_id,\n workload_identity_pool_provider_id=\"example-prvdr\",\n aws={\n \"account_id\": \"999999999999\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Gcp.Iam.WorkloadIdentityPool(\"pool\", new()\n {\n WorkloadIdentityPoolId = \"example-pool\",\n });\n\n var example = new Gcp.Iam.WorkloadIdentityPoolProvider(\"example\", new()\n {\n WorkloadIdentityPoolId = pool.WorkloadIdentityPoolId,\n WorkloadIdentityPoolProviderId = \"example-prvdr\",\n Aws = new Gcp.Iam.Inputs.WorkloadIdentityPoolProviderAwsArgs\n {\n AccountId = \"999999999999\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := iam.NewWorkloadIdentityPool(ctx, \"pool\", \u0026iam.WorkloadIdentityPoolArgs{\n\t\t\tWorkloadIdentityPoolId: pulumi.String(\"example-pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewWorkloadIdentityPoolProvider(ctx, \"example\", \u0026iam.WorkloadIdentityPoolProviderArgs{\n\t\t\tWorkloadIdentityPoolId: pool.WorkloadIdentityPoolId,\n\t\t\tWorkloadIdentityPoolProviderId: pulumi.String(\"example-prvdr\"),\n\t\t\tAws: \u0026iam.WorkloadIdentityPoolProviderAwsArgs{\n\t\t\t\tAccountId: pulumi.String(\"999999999999\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iam.WorkloadIdentityPool;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolArgs;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProvider;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProviderArgs;\nimport com.pulumi.gcp.iam.inputs.WorkloadIdentityPoolProviderAwsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new WorkloadIdentityPool(\"pool\", WorkloadIdentityPoolArgs.builder()\n .workloadIdentityPoolId(\"example-pool\")\n .build());\n\n var example = new WorkloadIdentityPoolProvider(\"example\", WorkloadIdentityPoolProviderArgs.builder()\n .workloadIdentityPoolId(pool.workloadIdentityPoolId())\n .workloadIdentityPoolProviderId(\"example-prvdr\")\n .aws(WorkloadIdentityPoolProviderAwsArgs.builder()\n .accountId(\"999999999999\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pool:\n type: gcp:iam:WorkloadIdentityPool\n properties:\n workloadIdentityPoolId: example-pool\n example:\n type: gcp:iam:WorkloadIdentityPoolProvider\n properties:\n workloadIdentityPoolId: ${pool.workloadIdentityPoolId}\n workloadIdentityPoolProviderId: example-prvdr\n aws:\n accountId: '999999999999'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Iam Workload Identity Pool Provider Aws Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst pool = new gcp.iam.WorkloadIdentityPool(\"pool\", {workloadIdentityPoolId: \"example-pool\"});\nconst example = new gcp.iam.WorkloadIdentityPoolProvider(\"example\", {\n workloadIdentityPoolId: pool.workloadIdentityPoolId,\n workloadIdentityPoolProviderId: \"example-prvdr\",\n displayName: \"Name of provider\",\n description: \"AWS identity pool provider for automated test\",\n disabled: true,\n attributeCondition: \"attribute.aws_role==\\\"arn:aws:sts::999999999999:assumed-role/stack-eu-central-1-lambdaRole\\\"\",\n attributeMapping: {\n \"google.subject\": \"assertion.arn\",\n \"attribute.aws_account\": \"assertion.account\",\n \"attribute.environment\": \"assertion.arn.contains(\\\":instance-profile/Production\\\") ? \\\"prod\\\" : \\\"test\\\"\",\n },\n aws: {\n accountId: \"999999999999\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npool = gcp.iam.WorkloadIdentityPool(\"pool\", workload_identity_pool_id=\"example-pool\")\nexample = gcp.iam.WorkloadIdentityPoolProvider(\"example\",\n workload_identity_pool_id=pool.workload_identity_pool_id,\n workload_identity_pool_provider_id=\"example-prvdr\",\n display_name=\"Name of provider\",\n description=\"AWS identity pool provider for automated test\",\n disabled=True,\n attribute_condition=\"attribute.aws_role==\\\"arn:aws:sts::999999999999:assumed-role/stack-eu-central-1-lambdaRole\\\"\",\n attribute_mapping={\n \"google.subject\": \"assertion.arn\",\n \"attribute.aws_account\": \"assertion.account\",\n \"attribute.environment\": \"assertion.arn.contains(\\\":instance-profile/Production\\\") ? \\\"prod\\\" : \\\"test\\\"\",\n },\n aws={\n \"account_id\": \"999999999999\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Gcp.Iam.WorkloadIdentityPool(\"pool\", new()\n {\n WorkloadIdentityPoolId = \"example-pool\",\n });\n\n var example = new Gcp.Iam.WorkloadIdentityPoolProvider(\"example\", new()\n {\n WorkloadIdentityPoolId = pool.WorkloadIdentityPoolId,\n WorkloadIdentityPoolProviderId = \"example-prvdr\",\n DisplayName = \"Name of provider\",\n Description = \"AWS identity pool provider for automated test\",\n Disabled = true,\n AttributeCondition = \"attribute.aws_role==\\\"arn:aws:sts::999999999999:assumed-role/stack-eu-central-1-lambdaRole\\\"\",\n AttributeMapping = \n {\n { \"google.subject\", \"assertion.arn\" },\n { \"attribute.aws_account\", \"assertion.account\" },\n { \"attribute.environment\", \"assertion.arn.contains(\\\":instance-profile/Production\\\") ? \\\"prod\\\" : \\\"test\\\"\" },\n },\n Aws = new Gcp.Iam.Inputs.WorkloadIdentityPoolProviderAwsArgs\n {\n AccountId = \"999999999999\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := iam.NewWorkloadIdentityPool(ctx, \"pool\", \u0026iam.WorkloadIdentityPoolArgs{\n\t\t\tWorkloadIdentityPoolId: pulumi.String(\"example-pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewWorkloadIdentityPoolProvider(ctx, \"example\", \u0026iam.WorkloadIdentityPoolProviderArgs{\n\t\t\tWorkloadIdentityPoolId: pool.WorkloadIdentityPoolId,\n\t\t\tWorkloadIdentityPoolProviderId: pulumi.String(\"example-prvdr\"),\n\t\t\tDisplayName: pulumi.String(\"Name of provider\"),\n\t\t\tDescription: pulumi.String(\"AWS identity pool provider for automated test\"),\n\t\t\tDisabled: pulumi.Bool(true),\n\t\t\tAttributeCondition: pulumi.String(\"attribute.aws_role==\\\"arn:aws:sts::999999999999:assumed-role/stack-eu-central-1-lambdaRole\\\"\"),\n\t\t\tAttributeMapping: pulumi.StringMap{\n\t\t\t\t\"google.subject\": pulumi.String(\"assertion.arn\"),\n\t\t\t\t\"attribute.aws_account\": pulumi.String(\"assertion.account\"),\n\t\t\t\t\"attribute.environment\": pulumi.String(\"assertion.arn.contains(\\\":instance-profile/Production\\\") ? \\\"prod\\\" : \\\"test\\\"\"),\n\t\t\t},\n\t\t\tAws: \u0026iam.WorkloadIdentityPoolProviderAwsArgs{\n\t\t\t\tAccountId: pulumi.String(\"999999999999\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iam.WorkloadIdentityPool;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolArgs;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProvider;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProviderArgs;\nimport com.pulumi.gcp.iam.inputs.WorkloadIdentityPoolProviderAwsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new WorkloadIdentityPool(\"pool\", WorkloadIdentityPoolArgs.builder()\n .workloadIdentityPoolId(\"example-pool\")\n .build());\n\n var example = new WorkloadIdentityPoolProvider(\"example\", WorkloadIdentityPoolProviderArgs.builder()\n .workloadIdentityPoolId(pool.workloadIdentityPoolId())\n .workloadIdentityPoolProviderId(\"example-prvdr\")\n .displayName(\"Name of provider\")\n .description(\"AWS identity pool provider for automated test\")\n .disabled(true)\n .attributeCondition(\"attribute.aws_role==\\\"arn:aws:sts::999999999999:assumed-role/stack-eu-central-1-lambdaRole\\\"\")\n .attributeMapping(Map.ofEntries(\n Map.entry(\"google.subject\", \"assertion.arn\"),\n Map.entry(\"attribute.aws_account\", \"assertion.account\"),\n Map.entry(\"attribute.environment\", \"assertion.arn.contains(\\\":instance-profile/Production\\\") ? \\\"prod\\\" : \\\"test\\\"\")\n ))\n .aws(WorkloadIdentityPoolProviderAwsArgs.builder()\n .accountId(\"999999999999\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pool:\n type: gcp:iam:WorkloadIdentityPool\n properties:\n workloadIdentityPoolId: example-pool\n example:\n type: gcp:iam:WorkloadIdentityPoolProvider\n properties:\n workloadIdentityPoolId: ${pool.workloadIdentityPoolId}\n workloadIdentityPoolProviderId: example-prvdr\n displayName: Name of provider\n description: AWS identity pool provider for automated test\n disabled: true\n attributeCondition: attribute.aws_role==\"arn:aws:sts::999999999999:assumed-role/stack-eu-central-1-lambdaRole\"\n attributeMapping:\n google.subject: assertion.arn\n attribute.aws_account: assertion.account\n attribute.environment: 'assertion.arn.contains(\":instance-profile/Production\") ? \"prod\" : \"test\"'\n aws:\n accountId: '999999999999'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Iam Workload Identity Pool Provider Github Actions\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst pool = new gcp.iam.WorkloadIdentityPool(\"pool\", {workloadIdentityPoolId: \"example-pool\"});\nconst example = new gcp.iam.WorkloadIdentityPoolProvider(\"example\", {\n workloadIdentityPoolId: pool.workloadIdentityPoolId,\n workloadIdentityPoolProviderId: \"example-prvdr\",\n displayName: \"Name of provider\",\n description: \"GitHub Actions identity pool provider for automated test\",\n disabled: true,\n attributeCondition: ` assertion.repository_owner_id == \"123456789\" \u0026\u0026\n attribute.repository == \"gh-org/gh-repo\" \u0026\u0026\n assertion.ref == \"refs/heads/main\" \u0026\u0026\n assertion.ref_type == \"branch\"\n`,\n attributeMapping: {\n \"google.subject\": \"assertion.sub\",\n \"attribute.actor\": \"assertion.actor\",\n \"attribute.aud\": \"assertion.aud\",\n \"attribute.repository\": \"assertion.repository\",\n },\n oidc: {\n issuerUri: \"https://token.actions.githubusercontent.com\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npool = gcp.iam.WorkloadIdentityPool(\"pool\", workload_identity_pool_id=\"example-pool\")\nexample = gcp.iam.WorkloadIdentityPoolProvider(\"example\",\n workload_identity_pool_id=pool.workload_identity_pool_id,\n workload_identity_pool_provider_id=\"example-prvdr\",\n display_name=\"Name of provider\",\n description=\"GitHub Actions identity pool provider for automated test\",\n disabled=True,\n attribute_condition=\"\"\" assertion.repository_owner_id == \"123456789\" \u0026\u0026\n attribute.repository == \"gh-org/gh-repo\" \u0026\u0026\n assertion.ref == \"refs/heads/main\" \u0026\u0026\n assertion.ref_type == \"branch\"\n\"\"\",\n attribute_mapping={\n \"google.subject\": \"assertion.sub\",\n \"attribute.actor\": \"assertion.actor\",\n \"attribute.aud\": \"assertion.aud\",\n \"attribute.repository\": \"assertion.repository\",\n },\n oidc={\n \"issuer_uri\": \"https://token.actions.githubusercontent.com\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Gcp.Iam.WorkloadIdentityPool(\"pool\", new()\n {\n WorkloadIdentityPoolId = \"example-pool\",\n });\n\n var example = new Gcp.Iam.WorkloadIdentityPoolProvider(\"example\", new()\n {\n WorkloadIdentityPoolId = pool.WorkloadIdentityPoolId,\n WorkloadIdentityPoolProviderId = \"example-prvdr\",\n DisplayName = \"Name of provider\",\n Description = \"GitHub Actions identity pool provider for automated test\",\n Disabled = true,\n AttributeCondition = @\" assertion.repository_owner_id == \"\"123456789\"\" \u0026\u0026\n attribute.repository == \"\"gh-org/gh-repo\"\" \u0026\u0026\n assertion.ref == \"\"refs/heads/main\"\" \u0026\u0026\n assertion.ref_type == \"\"branch\"\"\n\",\n AttributeMapping = \n {\n { \"google.subject\", \"assertion.sub\" },\n { \"attribute.actor\", \"assertion.actor\" },\n { \"attribute.aud\", \"assertion.aud\" },\n { \"attribute.repository\", \"assertion.repository\" },\n },\n Oidc = new Gcp.Iam.Inputs.WorkloadIdentityPoolProviderOidcArgs\n {\n IssuerUri = \"https://token.actions.githubusercontent.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := iam.NewWorkloadIdentityPool(ctx, \"pool\", \u0026iam.WorkloadIdentityPoolArgs{\n\t\t\tWorkloadIdentityPoolId: pulumi.String(\"example-pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewWorkloadIdentityPoolProvider(ctx, \"example\", \u0026iam.WorkloadIdentityPoolProviderArgs{\n\t\t\tWorkloadIdentityPoolId: pool.WorkloadIdentityPoolId,\n\t\t\tWorkloadIdentityPoolProviderId: pulumi.String(\"example-prvdr\"),\n\t\t\tDisplayName: pulumi.String(\"Name of provider\"),\n\t\t\tDescription: pulumi.String(\"GitHub Actions identity pool provider for automated test\"),\n\t\t\tDisabled: pulumi.Bool(true),\n\t\t\tAttributeCondition: pulumi.String(\" assertion.repository_owner_id == \\\"123456789\\\" \u0026\u0026\\n attribute.repository == \\\"gh-org/gh-repo\\\" \u0026\u0026\\n assertion.ref == \\\"refs/heads/main\\\" \u0026\u0026\\n assertion.ref_type == \\\"branch\\\"\\n\"),\n\t\t\tAttributeMapping: pulumi.StringMap{\n\t\t\t\t\"google.subject\": pulumi.String(\"assertion.sub\"),\n\t\t\t\t\"attribute.actor\": pulumi.String(\"assertion.actor\"),\n\t\t\t\t\"attribute.aud\": pulumi.String(\"assertion.aud\"),\n\t\t\t\t\"attribute.repository\": pulumi.String(\"assertion.repository\"),\n\t\t\t},\n\t\t\tOidc: \u0026iam.WorkloadIdentityPoolProviderOidcArgs{\n\t\t\t\tIssuerUri: pulumi.String(\"https://token.actions.githubusercontent.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iam.WorkloadIdentityPool;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolArgs;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProvider;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProviderArgs;\nimport com.pulumi.gcp.iam.inputs.WorkloadIdentityPoolProviderOidcArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new WorkloadIdentityPool(\"pool\", WorkloadIdentityPoolArgs.builder()\n .workloadIdentityPoolId(\"example-pool\")\n .build());\n\n var example = new WorkloadIdentityPoolProvider(\"example\", WorkloadIdentityPoolProviderArgs.builder()\n .workloadIdentityPoolId(pool.workloadIdentityPoolId())\n .workloadIdentityPoolProviderId(\"example-prvdr\")\n .displayName(\"Name of provider\")\n .description(\"GitHub Actions identity pool provider for automated test\")\n .disabled(true)\n .attributeCondition(\"\"\"\n assertion.repository_owner_id == \"123456789\" \u0026\u0026\n attribute.repository == \"gh-org/gh-repo\" \u0026\u0026\n assertion.ref == \"refs/heads/main\" \u0026\u0026\n assertion.ref_type == \"branch\"\n \"\"\")\n .attributeMapping(Map.ofEntries(\n Map.entry(\"google.subject\", \"assertion.sub\"),\n Map.entry(\"attribute.actor\", \"assertion.actor\"),\n Map.entry(\"attribute.aud\", \"assertion.aud\"),\n Map.entry(\"attribute.repository\", \"assertion.repository\")\n ))\n .oidc(WorkloadIdentityPoolProviderOidcArgs.builder()\n .issuerUri(\"https://token.actions.githubusercontent.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pool:\n type: gcp:iam:WorkloadIdentityPool\n properties:\n workloadIdentityPoolId: example-pool\n example:\n type: gcp:iam:WorkloadIdentityPoolProvider\n properties:\n workloadIdentityPoolId: ${pool.workloadIdentityPoolId}\n workloadIdentityPoolProviderId: example-prvdr\n displayName: Name of provider\n description: GitHub Actions identity pool provider for automated test\n disabled: true\n attributeCondition: |2\n assertion.repository_owner_id == \"123456789\" \u0026\u0026\n attribute.repository == \"gh-org/gh-repo\" \u0026\u0026\n assertion.ref == \"refs/heads/main\" \u0026\u0026\n assertion.ref_type == \"branch\"\n attributeMapping:\n google.subject: assertion.sub\n attribute.actor: assertion.actor\n attribute.aud: assertion.aud\n attribute.repository: assertion.repository\n oidc:\n issuerUri: https://token.actions.githubusercontent.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Iam Workload Identity Pool Provider Oidc Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst pool = new gcp.iam.WorkloadIdentityPool(\"pool\", {workloadIdentityPoolId: \"example-pool\"});\nconst example = new gcp.iam.WorkloadIdentityPoolProvider(\"example\", {\n workloadIdentityPoolId: pool.workloadIdentityPoolId,\n workloadIdentityPoolProviderId: \"example-prvdr\",\n attributeMapping: {\n \"google.subject\": \"assertion.sub\",\n },\n oidc: {\n issuerUri: \"https://sts.windows.net/azure-tenant-id\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npool = gcp.iam.WorkloadIdentityPool(\"pool\", workload_identity_pool_id=\"example-pool\")\nexample = gcp.iam.WorkloadIdentityPoolProvider(\"example\",\n workload_identity_pool_id=pool.workload_identity_pool_id,\n workload_identity_pool_provider_id=\"example-prvdr\",\n attribute_mapping={\n \"google.subject\": \"assertion.sub\",\n },\n oidc={\n \"issuer_uri\": \"https://sts.windows.net/azure-tenant-id\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Gcp.Iam.WorkloadIdentityPool(\"pool\", new()\n {\n WorkloadIdentityPoolId = \"example-pool\",\n });\n\n var example = new Gcp.Iam.WorkloadIdentityPoolProvider(\"example\", new()\n {\n WorkloadIdentityPoolId = pool.WorkloadIdentityPoolId,\n WorkloadIdentityPoolProviderId = \"example-prvdr\",\n AttributeMapping = \n {\n { \"google.subject\", \"assertion.sub\" },\n },\n Oidc = new Gcp.Iam.Inputs.WorkloadIdentityPoolProviderOidcArgs\n {\n IssuerUri = \"https://sts.windows.net/azure-tenant-id\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := iam.NewWorkloadIdentityPool(ctx, \"pool\", \u0026iam.WorkloadIdentityPoolArgs{\n\t\t\tWorkloadIdentityPoolId: pulumi.String(\"example-pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewWorkloadIdentityPoolProvider(ctx, \"example\", \u0026iam.WorkloadIdentityPoolProviderArgs{\n\t\t\tWorkloadIdentityPoolId: pool.WorkloadIdentityPoolId,\n\t\t\tWorkloadIdentityPoolProviderId: pulumi.String(\"example-prvdr\"),\n\t\t\tAttributeMapping: pulumi.StringMap{\n\t\t\t\t\"google.subject\": pulumi.String(\"assertion.sub\"),\n\t\t\t},\n\t\t\tOidc: \u0026iam.WorkloadIdentityPoolProviderOidcArgs{\n\t\t\t\tIssuerUri: pulumi.String(\"https://sts.windows.net/azure-tenant-id\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iam.WorkloadIdentityPool;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolArgs;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProvider;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProviderArgs;\nimport com.pulumi.gcp.iam.inputs.WorkloadIdentityPoolProviderOidcArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new WorkloadIdentityPool(\"pool\", WorkloadIdentityPoolArgs.builder()\n .workloadIdentityPoolId(\"example-pool\")\n .build());\n\n var example = new WorkloadIdentityPoolProvider(\"example\", WorkloadIdentityPoolProviderArgs.builder()\n .workloadIdentityPoolId(pool.workloadIdentityPoolId())\n .workloadIdentityPoolProviderId(\"example-prvdr\")\n .attributeMapping(Map.of(\"google.subject\", \"assertion.sub\"))\n .oidc(WorkloadIdentityPoolProviderOidcArgs.builder()\n .issuerUri(\"https://sts.windows.net/azure-tenant-id\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pool:\n type: gcp:iam:WorkloadIdentityPool\n properties:\n workloadIdentityPoolId: example-pool\n example:\n type: gcp:iam:WorkloadIdentityPoolProvider\n properties:\n workloadIdentityPoolId: ${pool.workloadIdentityPoolId}\n workloadIdentityPoolProviderId: example-prvdr\n attributeMapping:\n google.subject: assertion.sub\n oidc:\n issuerUri: https://sts.windows.net/azure-tenant-id\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Iam Workload Identity Pool Provider Oidc Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst pool = new gcp.iam.WorkloadIdentityPool(\"pool\", {workloadIdentityPoolId: \"example-pool\"});\nconst example = new gcp.iam.WorkloadIdentityPoolProvider(\"example\", {\n workloadIdentityPoolId: pool.workloadIdentityPoolId,\n workloadIdentityPoolProviderId: \"example-prvdr\",\n displayName: \"Name of provider\",\n description: \"OIDC identity pool provider for automated test\",\n disabled: true,\n attributeCondition: \"\\\"e968c2ef-047c-498d-8d79-16ca1b61e77e\\\" in assertion.groups\",\n attributeMapping: {\n \"google.subject\": \"\\\"azure::\\\" + assertion.tid + \\\"::\\\" + assertion.sub\",\n \"attribute.tid\": \"assertion.tid\",\n \"attribute.managed_identity_name\": ` {\n \"8bb39bdb-1cc5-4447-b7db-a19e920eb111\":\"workload1\",\n \"55d36609-9bcf-48e0-a366-a3cf19027d2a\":\"workload2\"\n }[assertion.oid]\n`,\n },\n oidc: {\n allowedAudiences: [\n \"https://example.com/gcp-oidc-federation\",\n \"example.com/gcp-oidc-federation\",\n ],\n issuerUri: \"https://sts.windows.net/azure-tenant-id\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npool = gcp.iam.WorkloadIdentityPool(\"pool\", workload_identity_pool_id=\"example-pool\")\nexample = gcp.iam.WorkloadIdentityPoolProvider(\"example\",\n workload_identity_pool_id=pool.workload_identity_pool_id,\n workload_identity_pool_provider_id=\"example-prvdr\",\n display_name=\"Name of provider\",\n description=\"OIDC identity pool provider for automated test\",\n disabled=True,\n attribute_condition=\"\\\"e968c2ef-047c-498d-8d79-16ca1b61e77e\\\" in assertion.groups\",\n attribute_mapping={\n \"google.subject\": \"\\\"azure::\\\" + assertion.tid + \\\"::\\\" + assertion.sub\",\n \"attribute.tid\": \"assertion.tid\",\n \"attribute.managed_identity_name\": \"\"\" {\n \"8bb39bdb-1cc5-4447-b7db-a19e920eb111\":\"workload1\",\n \"55d36609-9bcf-48e0-a366-a3cf19027d2a\":\"workload2\"\n }[assertion.oid]\n\"\"\",\n },\n oidc={\n \"allowed_audiences\": [\n \"https://example.com/gcp-oidc-federation\",\n \"example.com/gcp-oidc-federation\",\n ],\n \"issuer_uri\": \"https://sts.windows.net/azure-tenant-id\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Gcp.Iam.WorkloadIdentityPool(\"pool\", new()\n {\n WorkloadIdentityPoolId = \"example-pool\",\n });\n\n var example = new Gcp.Iam.WorkloadIdentityPoolProvider(\"example\", new()\n {\n WorkloadIdentityPoolId = pool.WorkloadIdentityPoolId,\n WorkloadIdentityPoolProviderId = \"example-prvdr\",\n DisplayName = \"Name of provider\",\n Description = \"OIDC identity pool provider for automated test\",\n Disabled = true,\n AttributeCondition = \"\\\"e968c2ef-047c-498d-8d79-16ca1b61e77e\\\" in assertion.groups\",\n AttributeMapping = \n {\n { \"google.subject\", \"\\\"azure::\\\" + assertion.tid + \\\"::\\\" + assertion.sub\" },\n { \"attribute.tid\", \"assertion.tid\" },\n { \"attribute.managed_identity_name\", @\" {\n \"\"8bb39bdb-1cc5-4447-b7db-a19e920eb111\"\":\"\"workload1\"\",\n \"\"55d36609-9bcf-48e0-a366-a3cf19027d2a\"\":\"\"workload2\"\"\n }[assertion.oid]\n\" },\n },\n Oidc = new Gcp.Iam.Inputs.WorkloadIdentityPoolProviderOidcArgs\n {\n AllowedAudiences = new[]\n {\n \"https://example.com/gcp-oidc-federation\",\n \"example.com/gcp-oidc-federation\",\n },\n IssuerUri = \"https://sts.windows.net/azure-tenant-id\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := iam.NewWorkloadIdentityPool(ctx, \"pool\", \u0026iam.WorkloadIdentityPoolArgs{\n\t\t\tWorkloadIdentityPoolId: pulumi.String(\"example-pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewWorkloadIdentityPoolProvider(ctx, \"example\", \u0026iam.WorkloadIdentityPoolProviderArgs{\n\t\t\tWorkloadIdentityPoolId: pool.WorkloadIdentityPoolId,\n\t\t\tWorkloadIdentityPoolProviderId: pulumi.String(\"example-prvdr\"),\n\t\t\tDisplayName: pulumi.String(\"Name of provider\"),\n\t\t\tDescription: pulumi.String(\"OIDC identity pool provider for automated test\"),\n\t\t\tDisabled: pulumi.Bool(true),\n\t\t\tAttributeCondition: pulumi.String(\"\\\"e968c2ef-047c-498d-8d79-16ca1b61e77e\\\" in assertion.groups\"),\n\t\t\tAttributeMapping: pulumi.StringMap{\n\t\t\t\t\"google.subject\": pulumi.String(\"\\\"azure::\\\" + assertion.tid + \\\"::\\\" + assertion.sub\"),\n\t\t\t\t\"attribute.tid\": pulumi.String(\"assertion.tid\"),\n\t\t\t\t\"attribute.managed_identity_name\": pulumi.String(\" {\\n \\\"8bb39bdb-1cc5-4447-b7db-a19e920eb111\\\":\\\"workload1\\\",\\n \\\"55d36609-9bcf-48e0-a366-a3cf19027d2a\\\":\\\"workload2\\\"\\n }[assertion.oid]\\n\"),\n\t\t\t},\n\t\t\tOidc: \u0026iam.WorkloadIdentityPoolProviderOidcArgs{\n\t\t\t\tAllowedAudiences: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"https://example.com/gcp-oidc-federation\"),\n\t\t\t\t\tpulumi.String(\"example.com/gcp-oidc-federation\"),\n\t\t\t\t},\n\t\t\t\tIssuerUri: pulumi.String(\"https://sts.windows.net/azure-tenant-id\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iam.WorkloadIdentityPool;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolArgs;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProvider;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProviderArgs;\nimport com.pulumi.gcp.iam.inputs.WorkloadIdentityPoolProviderOidcArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new WorkloadIdentityPool(\"pool\", WorkloadIdentityPoolArgs.builder()\n .workloadIdentityPoolId(\"example-pool\")\n .build());\n\n var example = new WorkloadIdentityPoolProvider(\"example\", WorkloadIdentityPoolProviderArgs.builder()\n .workloadIdentityPoolId(pool.workloadIdentityPoolId())\n .workloadIdentityPoolProviderId(\"example-prvdr\")\n .displayName(\"Name of provider\")\n .description(\"OIDC identity pool provider for automated test\")\n .disabled(true)\n .attributeCondition(\"\\\"e968c2ef-047c-498d-8d79-16ca1b61e77e\\\" in assertion.groups\")\n .attributeMapping(Map.ofEntries(\n Map.entry(\"google.subject\", \"\\\"azure::\\\" + assertion.tid + \\\"::\\\" + assertion.sub\"),\n Map.entry(\"attribute.tid\", \"assertion.tid\"),\n Map.entry(\"attribute.managed_identity_name\", \"\"\"\n {\n \"8bb39bdb-1cc5-4447-b7db-a19e920eb111\":\"workload1\",\n \"55d36609-9bcf-48e0-a366-a3cf19027d2a\":\"workload2\"\n }[assertion.oid]\n \"\"\")\n ))\n .oidc(WorkloadIdentityPoolProviderOidcArgs.builder()\n .allowedAudiences( \n \"https://example.com/gcp-oidc-federation\",\n \"example.com/gcp-oidc-federation\")\n .issuerUri(\"https://sts.windows.net/azure-tenant-id\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pool:\n type: gcp:iam:WorkloadIdentityPool\n properties:\n workloadIdentityPoolId: example-pool\n example:\n type: gcp:iam:WorkloadIdentityPoolProvider\n properties:\n workloadIdentityPoolId: ${pool.workloadIdentityPoolId}\n workloadIdentityPoolProviderId: example-prvdr\n displayName: Name of provider\n description: OIDC identity pool provider for automated test\n disabled: true\n attributeCondition: '\"e968c2ef-047c-498d-8d79-16ca1b61e77e\" in assertion.groups'\n attributeMapping:\n google.subject: '\"azure::\" + assertion.tid + \"::\" + assertion.sub'\n attribute.tid: assertion.tid\n attribute.managed_identity_name: |2\n {\n \"8bb39bdb-1cc5-4447-b7db-a19e920eb111\":\"workload1\",\n \"55d36609-9bcf-48e0-a366-a3cf19027d2a\":\"workload2\"\n }[assertion.oid]\n oidc:\n allowedAudiences:\n - https://example.com/gcp-oidc-federation\n - example.com/gcp-oidc-federation\n issuerUri: https://sts.windows.net/azure-tenant-id\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Iam Workload Identity Pool Provider Saml Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst pool = new gcp.iam.WorkloadIdentityPool(\"pool\", {workloadIdentityPoolId: \"example-pool\"});\nconst example = new gcp.iam.WorkloadIdentityPoolProvider(\"example\", {\n workloadIdentityPoolId: pool.workloadIdentityPoolId,\n workloadIdentityPoolProviderId: \"example-prvdr\",\n attributeMapping: {\n \"google.subject\": \"assertion.arn\",\n \"attribute.aws_account\": \"assertion.account\",\n \"attribute.environment\": \"assertion.arn.contains(\\\":instance-profile/Production\\\") ? \\\"prod\\\" : \\\"test\\\"\",\n },\n saml: {\n idpMetadataXml: std.file({\n input: \"test-fixtures/metadata.xml\",\n }).then(invoke =\u003e invoke.result),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\npool = gcp.iam.WorkloadIdentityPool(\"pool\", workload_identity_pool_id=\"example-pool\")\nexample = gcp.iam.WorkloadIdentityPoolProvider(\"example\",\n workload_identity_pool_id=pool.workload_identity_pool_id,\n workload_identity_pool_provider_id=\"example-prvdr\",\n attribute_mapping={\n \"google.subject\": \"assertion.arn\",\n \"attribute.aws_account\": \"assertion.account\",\n \"attribute.environment\": \"assertion.arn.contains(\\\":instance-profile/Production\\\") ? \\\"prod\\\" : \\\"test\\\"\",\n },\n saml={\n \"idp_metadata_xml\": std.file(input=\"test-fixtures/metadata.xml\").result,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Gcp.Iam.WorkloadIdentityPool(\"pool\", new()\n {\n WorkloadIdentityPoolId = \"example-pool\",\n });\n\n var example = new Gcp.Iam.WorkloadIdentityPoolProvider(\"example\", new()\n {\n WorkloadIdentityPoolId = pool.WorkloadIdentityPoolId,\n WorkloadIdentityPoolProviderId = \"example-prvdr\",\n AttributeMapping = \n {\n { \"google.subject\", \"assertion.arn\" },\n { \"attribute.aws_account\", \"assertion.account\" },\n { \"attribute.environment\", \"assertion.arn.contains(\\\":instance-profile/Production\\\") ? \\\"prod\\\" : \\\"test\\\"\" },\n },\n Saml = new Gcp.Iam.Inputs.WorkloadIdentityPoolProviderSamlArgs\n {\n IdpMetadataXml = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/metadata.xml\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := iam.NewWorkloadIdentityPool(ctx, \"pool\", \u0026iam.WorkloadIdentityPoolArgs{\n\t\t\tWorkloadIdentityPoolId: pulumi.String(\"example-pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/metadata.xml\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewWorkloadIdentityPoolProvider(ctx, \"example\", \u0026iam.WorkloadIdentityPoolProviderArgs{\n\t\t\tWorkloadIdentityPoolId: pool.WorkloadIdentityPoolId,\n\t\t\tWorkloadIdentityPoolProviderId: pulumi.String(\"example-prvdr\"),\n\t\t\tAttributeMapping: pulumi.StringMap{\n\t\t\t\t\"google.subject\": pulumi.String(\"assertion.arn\"),\n\t\t\t\t\"attribute.aws_account\": pulumi.String(\"assertion.account\"),\n\t\t\t\t\"attribute.environment\": pulumi.String(\"assertion.arn.contains(\\\":instance-profile/Production\\\") ? \\\"prod\\\" : \\\"test\\\"\"),\n\t\t\t},\n\t\t\tSaml: \u0026iam.WorkloadIdentityPoolProviderSamlArgs{\n\t\t\t\tIdpMetadataXml: pulumi.String(invokeFile.Result),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iam.WorkloadIdentityPool;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolArgs;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProvider;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProviderArgs;\nimport com.pulumi.gcp.iam.inputs.WorkloadIdentityPoolProviderSamlArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new WorkloadIdentityPool(\"pool\", WorkloadIdentityPoolArgs.builder()\n .workloadIdentityPoolId(\"example-pool\")\n .build());\n\n var example = new WorkloadIdentityPoolProvider(\"example\", WorkloadIdentityPoolProviderArgs.builder()\n .workloadIdentityPoolId(pool.workloadIdentityPoolId())\n .workloadIdentityPoolProviderId(\"example-prvdr\")\n .attributeMapping(Map.ofEntries(\n Map.entry(\"google.subject\", \"assertion.arn\"),\n Map.entry(\"attribute.aws_account\", \"assertion.account\"),\n Map.entry(\"attribute.environment\", \"assertion.arn.contains(\\\":instance-profile/Production\\\") ? \\\"prod\\\" : \\\"test\\\"\")\n ))\n .saml(WorkloadIdentityPoolProviderSamlArgs.builder()\n .idpMetadataXml(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/metadata.xml\")\n .build()).result())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pool:\n type: gcp:iam:WorkloadIdentityPool\n properties:\n workloadIdentityPoolId: example-pool\n example:\n type: gcp:iam:WorkloadIdentityPoolProvider\n properties:\n workloadIdentityPoolId: ${pool.workloadIdentityPoolId}\n workloadIdentityPoolProviderId: example-prvdr\n attributeMapping:\n google.subject: assertion.arn\n attribute.aws_account: assertion.account\n attribute.environment: 'assertion.arn.contains(\":instance-profile/Production\") ? \"prod\" : \"test\"'\n saml:\n idpMetadataXml:\n fn::invoke:\n function: std:file\n arguments:\n input: test-fixtures/metadata.xml\n return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Iam Workload Identity Pool Provider Saml Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst pool = new gcp.iam.WorkloadIdentityPool(\"pool\", {workloadIdentityPoolId: \"example-pool\"});\nconst example = new gcp.iam.WorkloadIdentityPoolProvider(\"example\", {\n workloadIdentityPoolId: pool.workloadIdentityPoolId,\n workloadIdentityPoolProviderId: \"example-prvdr\",\n displayName: \"Name of provider\",\n description: \"SAML 2.0 identity pool provider for automated test\",\n disabled: true,\n attributeMapping: {\n \"google.subject\": \"assertion.arn\",\n \"attribute.aws_account\": \"assertion.account\",\n \"attribute.environment\": \"assertion.arn.contains(\\\":instance-profile/Production\\\") ? \\\"prod\\\" : \\\"test\\\"\",\n },\n saml: {\n idpMetadataXml: std.file({\n input: \"test-fixtures/metadata.xml\",\n }).then(invoke =\u003e invoke.result),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\npool = gcp.iam.WorkloadIdentityPool(\"pool\", workload_identity_pool_id=\"example-pool\")\nexample = gcp.iam.WorkloadIdentityPoolProvider(\"example\",\n workload_identity_pool_id=pool.workload_identity_pool_id,\n workload_identity_pool_provider_id=\"example-prvdr\",\n display_name=\"Name of provider\",\n description=\"SAML 2.0 identity pool provider for automated test\",\n disabled=True,\n attribute_mapping={\n \"google.subject\": \"assertion.arn\",\n \"attribute.aws_account\": \"assertion.account\",\n \"attribute.environment\": \"assertion.arn.contains(\\\":instance-profile/Production\\\") ? \\\"prod\\\" : \\\"test\\\"\",\n },\n saml={\n \"idp_metadata_xml\": std.file(input=\"test-fixtures/metadata.xml\").result,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Gcp.Iam.WorkloadIdentityPool(\"pool\", new()\n {\n WorkloadIdentityPoolId = \"example-pool\",\n });\n\n var example = new Gcp.Iam.WorkloadIdentityPoolProvider(\"example\", new()\n {\n WorkloadIdentityPoolId = pool.WorkloadIdentityPoolId,\n WorkloadIdentityPoolProviderId = \"example-prvdr\",\n DisplayName = \"Name of provider\",\n Description = \"SAML 2.0 identity pool provider for automated test\",\n Disabled = true,\n AttributeMapping = \n {\n { \"google.subject\", \"assertion.arn\" },\n { \"attribute.aws_account\", \"assertion.account\" },\n { \"attribute.environment\", \"assertion.arn.contains(\\\":instance-profile/Production\\\") ? \\\"prod\\\" : \\\"test\\\"\" },\n },\n Saml = new Gcp.Iam.Inputs.WorkloadIdentityPoolProviderSamlArgs\n {\n IdpMetadataXml = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/metadata.xml\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := iam.NewWorkloadIdentityPool(ctx, \"pool\", \u0026iam.WorkloadIdentityPoolArgs{\n\t\t\tWorkloadIdentityPoolId: pulumi.String(\"example-pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/metadata.xml\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewWorkloadIdentityPoolProvider(ctx, \"example\", \u0026iam.WorkloadIdentityPoolProviderArgs{\n\t\t\tWorkloadIdentityPoolId: pool.WorkloadIdentityPoolId,\n\t\t\tWorkloadIdentityPoolProviderId: pulumi.String(\"example-prvdr\"),\n\t\t\tDisplayName: pulumi.String(\"Name of provider\"),\n\t\t\tDescription: pulumi.String(\"SAML 2.0 identity pool provider for automated test\"),\n\t\t\tDisabled: pulumi.Bool(true),\n\t\t\tAttributeMapping: pulumi.StringMap{\n\t\t\t\t\"google.subject\": pulumi.String(\"assertion.arn\"),\n\t\t\t\t\"attribute.aws_account\": pulumi.String(\"assertion.account\"),\n\t\t\t\t\"attribute.environment\": pulumi.String(\"assertion.arn.contains(\\\":instance-profile/Production\\\") ? \\\"prod\\\" : \\\"test\\\"\"),\n\t\t\t},\n\t\t\tSaml: \u0026iam.WorkloadIdentityPoolProviderSamlArgs{\n\t\t\t\tIdpMetadataXml: pulumi.String(invokeFile.Result),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iam.WorkloadIdentityPool;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolArgs;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProvider;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProviderArgs;\nimport com.pulumi.gcp.iam.inputs.WorkloadIdentityPoolProviderSamlArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new WorkloadIdentityPool(\"pool\", WorkloadIdentityPoolArgs.builder()\n .workloadIdentityPoolId(\"example-pool\")\n .build());\n\n var example = new WorkloadIdentityPoolProvider(\"example\", WorkloadIdentityPoolProviderArgs.builder()\n .workloadIdentityPoolId(pool.workloadIdentityPoolId())\n .workloadIdentityPoolProviderId(\"example-prvdr\")\n .displayName(\"Name of provider\")\n .description(\"SAML 2.0 identity pool provider for automated test\")\n .disabled(true)\n .attributeMapping(Map.ofEntries(\n Map.entry(\"google.subject\", \"assertion.arn\"),\n Map.entry(\"attribute.aws_account\", \"assertion.account\"),\n Map.entry(\"attribute.environment\", \"assertion.arn.contains(\\\":instance-profile/Production\\\") ? \\\"prod\\\" : \\\"test\\\"\")\n ))\n .saml(WorkloadIdentityPoolProviderSamlArgs.builder()\n .idpMetadataXml(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/metadata.xml\")\n .build()).result())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pool:\n type: gcp:iam:WorkloadIdentityPool\n properties:\n workloadIdentityPoolId: example-pool\n example:\n type: gcp:iam:WorkloadIdentityPoolProvider\n properties:\n workloadIdentityPoolId: ${pool.workloadIdentityPoolId}\n workloadIdentityPoolProviderId: example-prvdr\n displayName: Name of provider\n description: SAML 2.0 identity pool provider for automated test\n disabled: true\n attributeMapping:\n google.subject: assertion.arn\n attribute.aws_account: assertion.account\n attribute.environment: 'assertion.arn.contains(\":instance-profile/Production\") ? \"prod\" : \"test\"'\n saml:\n idpMetadataXml:\n fn::invoke:\n function: std:file\n arguments:\n input: test-fixtures/metadata.xml\n return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Iam Workload Identity Pool Provider Oidc Upload Key\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst pool = new gcp.iam.WorkloadIdentityPool(\"pool\", {workloadIdentityPoolId: \"example-pool\"});\nconst example = new gcp.iam.WorkloadIdentityPoolProvider(\"example\", {\n workloadIdentityPoolId: pool.workloadIdentityPoolId,\n workloadIdentityPoolProviderId: \"example-prvdr\",\n displayName: \"Name of provider\",\n description: \"OIDC identity pool provider for automated test\",\n disabled: true,\n attributeCondition: \"\\\"e968c2ef-047c-498d-8d79-16ca1b61e77e\\\" in assertion.groups\",\n attributeMapping: {\n \"google.subject\": \"\\\"azure::\\\" + assertion.tid + \\\"::\\\" + assertion.sub\",\n \"attribute.tid\": \"assertion.tid\",\n \"attribute.managed_identity_name\": ` {\n \"8bb39bdb-1cc5-4447-b7db-a19e920eb111\":\"workload1\",\n \"55d36609-9bcf-48e0-a366-a3cf19027d2a\":\"workload2\"\n }[assertion.oid]\n`,\n },\n oidc: {\n allowedAudiences: [\n \"https://example.com/gcp-oidc-federation\",\n \"example.com/gcp-oidc-federation\",\n ],\n issuerUri: \"https://sts.windows.net/azure-tenant-id\",\n jwksJson: \"{\\\"keys\\\":[{\\\"kty\\\":\\\"RSA\\\",\\\"alg\\\":\\\"RS256\\\",\\\"kid\\\":\\\"sif0AR-F6MuvksAyAOv-Pds08Bcf2eUMlxE30NofddA\\\",\\\"use\\\":\\\"sig\\\",\\\"e\\\":\\\"AQAB\\\",\\\"n\\\":\\\"ylH1Chl1tpfti3lh51E1g5dPogzXDaQseqjsefGLknaNl5W6Wd4frBhHyE2t41Q5zgz_Ll0-NvWm0FlaG6brhrN9QZu6sJP1bM8WPfJVPgXOanxi7d7TXCkeNubGeiLTf5R3UXtS9Lm_guemU7MxDjDTelxnlgGCihOVTcL526suNJUdfXtpwUsvdU6_ZnAp9IpsuYjCtwPm9hPumlcZGMbxstdh07O4y4O90cVQClJOKSGQjAUCKJWXIQ0cqffGS_HuS_725CPzQ85SzYZzaNpgfhAER7kx_9P16ARM3BJz0PI5fe2hECE61J4GYU_BY43sxDfs7HyJpEXKLU9eWw\\\"}]}\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npool = gcp.iam.WorkloadIdentityPool(\"pool\", workload_identity_pool_id=\"example-pool\")\nexample = gcp.iam.WorkloadIdentityPoolProvider(\"example\",\n workload_identity_pool_id=pool.workload_identity_pool_id,\n workload_identity_pool_provider_id=\"example-prvdr\",\n display_name=\"Name of provider\",\n description=\"OIDC identity pool provider for automated test\",\n disabled=True,\n attribute_condition=\"\\\"e968c2ef-047c-498d-8d79-16ca1b61e77e\\\" in assertion.groups\",\n attribute_mapping={\n \"google.subject\": \"\\\"azure::\\\" + assertion.tid + \\\"::\\\" + assertion.sub\",\n \"attribute.tid\": \"assertion.tid\",\n \"attribute.managed_identity_name\": \"\"\" {\n \"8bb39bdb-1cc5-4447-b7db-a19e920eb111\":\"workload1\",\n \"55d36609-9bcf-48e0-a366-a3cf19027d2a\":\"workload2\"\n }[assertion.oid]\n\"\"\",\n },\n oidc={\n \"allowed_audiences\": [\n \"https://example.com/gcp-oidc-federation\",\n \"example.com/gcp-oidc-federation\",\n ],\n \"issuer_uri\": \"https://sts.windows.net/azure-tenant-id\",\n \"jwks_json\": \"{\\\"keys\\\":[{\\\"kty\\\":\\\"RSA\\\",\\\"alg\\\":\\\"RS256\\\",\\\"kid\\\":\\\"sif0AR-F6MuvksAyAOv-Pds08Bcf2eUMlxE30NofddA\\\",\\\"use\\\":\\\"sig\\\",\\\"e\\\":\\\"AQAB\\\",\\\"n\\\":\\\"ylH1Chl1tpfti3lh51E1g5dPogzXDaQseqjsefGLknaNl5W6Wd4frBhHyE2t41Q5zgz_Ll0-NvWm0FlaG6brhrN9QZu6sJP1bM8WPfJVPgXOanxi7d7TXCkeNubGeiLTf5R3UXtS9Lm_guemU7MxDjDTelxnlgGCihOVTcL526suNJUdfXtpwUsvdU6_ZnAp9IpsuYjCtwPm9hPumlcZGMbxstdh07O4y4O90cVQClJOKSGQjAUCKJWXIQ0cqffGS_HuS_725CPzQ85SzYZzaNpgfhAER7kx_9P16ARM3BJz0PI5fe2hECE61J4GYU_BY43sxDfs7HyJpEXKLU9eWw\\\"}]}\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Gcp.Iam.WorkloadIdentityPool(\"pool\", new()\n {\n WorkloadIdentityPoolId = \"example-pool\",\n });\n\n var example = new Gcp.Iam.WorkloadIdentityPoolProvider(\"example\", new()\n {\n WorkloadIdentityPoolId = pool.WorkloadIdentityPoolId,\n WorkloadIdentityPoolProviderId = \"example-prvdr\",\n DisplayName = \"Name of provider\",\n Description = \"OIDC identity pool provider for automated test\",\n Disabled = true,\n AttributeCondition = \"\\\"e968c2ef-047c-498d-8d79-16ca1b61e77e\\\" in assertion.groups\",\n AttributeMapping = \n {\n { \"google.subject\", \"\\\"azure::\\\" + assertion.tid + \\\"::\\\" + assertion.sub\" },\n { \"attribute.tid\", \"assertion.tid\" },\n { \"attribute.managed_identity_name\", @\" {\n \"\"8bb39bdb-1cc5-4447-b7db-a19e920eb111\"\":\"\"workload1\"\",\n \"\"55d36609-9bcf-48e0-a366-a3cf19027d2a\"\":\"\"workload2\"\"\n }[assertion.oid]\n\" },\n },\n Oidc = new Gcp.Iam.Inputs.WorkloadIdentityPoolProviderOidcArgs\n {\n AllowedAudiences = new[]\n {\n \"https://example.com/gcp-oidc-federation\",\n \"example.com/gcp-oidc-federation\",\n },\n IssuerUri = \"https://sts.windows.net/azure-tenant-id\",\n JwksJson = \"{\\\"keys\\\":[{\\\"kty\\\":\\\"RSA\\\",\\\"alg\\\":\\\"RS256\\\",\\\"kid\\\":\\\"sif0AR-F6MuvksAyAOv-Pds08Bcf2eUMlxE30NofddA\\\",\\\"use\\\":\\\"sig\\\",\\\"e\\\":\\\"AQAB\\\",\\\"n\\\":\\\"ylH1Chl1tpfti3lh51E1g5dPogzXDaQseqjsefGLknaNl5W6Wd4frBhHyE2t41Q5zgz_Ll0-NvWm0FlaG6brhrN9QZu6sJP1bM8WPfJVPgXOanxi7d7TXCkeNubGeiLTf5R3UXtS9Lm_guemU7MxDjDTelxnlgGCihOVTcL526suNJUdfXtpwUsvdU6_ZnAp9IpsuYjCtwPm9hPumlcZGMbxstdh07O4y4O90cVQClJOKSGQjAUCKJWXIQ0cqffGS_HuS_725CPzQ85SzYZzaNpgfhAER7kx_9P16ARM3BJz0PI5fe2hECE61J4GYU_BY43sxDfs7HyJpEXKLU9eWw\\\"}]}\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := iam.NewWorkloadIdentityPool(ctx, \"pool\", \u0026iam.WorkloadIdentityPoolArgs{\n\t\t\tWorkloadIdentityPoolId: pulumi.String(\"example-pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewWorkloadIdentityPoolProvider(ctx, \"example\", \u0026iam.WorkloadIdentityPoolProviderArgs{\n\t\t\tWorkloadIdentityPoolId: pool.WorkloadIdentityPoolId,\n\t\t\tWorkloadIdentityPoolProviderId: pulumi.String(\"example-prvdr\"),\n\t\t\tDisplayName: pulumi.String(\"Name of provider\"),\n\t\t\tDescription: pulumi.String(\"OIDC identity pool provider for automated test\"),\n\t\t\tDisabled: pulumi.Bool(true),\n\t\t\tAttributeCondition: pulumi.String(\"\\\"e968c2ef-047c-498d-8d79-16ca1b61e77e\\\" in assertion.groups\"),\n\t\t\tAttributeMapping: pulumi.StringMap{\n\t\t\t\t\"google.subject\": pulumi.String(\"\\\"azure::\\\" + assertion.tid + \\\"::\\\" + assertion.sub\"),\n\t\t\t\t\"attribute.tid\": pulumi.String(\"assertion.tid\"),\n\t\t\t\t\"attribute.managed_identity_name\": pulumi.String(\" {\\n \\\"8bb39bdb-1cc5-4447-b7db-a19e920eb111\\\":\\\"workload1\\\",\\n \\\"55d36609-9bcf-48e0-a366-a3cf19027d2a\\\":\\\"workload2\\\"\\n }[assertion.oid]\\n\"),\n\t\t\t},\n\t\t\tOidc: \u0026iam.WorkloadIdentityPoolProviderOidcArgs{\n\t\t\t\tAllowedAudiences: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"https://example.com/gcp-oidc-federation\"),\n\t\t\t\t\tpulumi.String(\"example.com/gcp-oidc-federation\"),\n\t\t\t\t},\n\t\t\t\tIssuerUri: pulumi.String(\"https://sts.windows.net/azure-tenant-id\"),\n\t\t\t\tJwksJson: pulumi.String(\"{\\\"keys\\\":[{\\\"kty\\\":\\\"RSA\\\",\\\"alg\\\":\\\"RS256\\\",\\\"kid\\\":\\\"sif0AR-F6MuvksAyAOv-Pds08Bcf2eUMlxE30NofddA\\\",\\\"use\\\":\\\"sig\\\",\\\"e\\\":\\\"AQAB\\\",\\\"n\\\":\\\"ylH1Chl1tpfti3lh51E1g5dPogzXDaQseqjsefGLknaNl5W6Wd4frBhHyE2t41Q5zgz_Ll0-NvWm0FlaG6brhrN9QZu6sJP1bM8WPfJVPgXOanxi7d7TXCkeNubGeiLTf5R3UXtS9Lm_guemU7MxDjDTelxnlgGCihOVTcL526suNJUdfXtpwUsvdU6_ZnAp9IpsuYjCtwPm9hPumlcZGMbxstdh07O4y4O90cVQClJOKSGQjAUCKJWXIQ0cqffGS_HuS_725CPzQ85SzYZzaNpgfhAER7kx_9P16ARM3BJz0PI5fe2hECE61J4GYU_BY43sxDfs7HyJpEXKLU9eWw\\\"}]}\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iam.WorkloadIdentityPool;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolArgs;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProvider;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProviderArgs;\nimport com.pulumi.gcp.iam.inputs.WorkloadIdentityPoolProviderOidcArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new WorkloadIdentityPool(\"pool\", WorkloadIdentityPoolArgs.builder()\n .workloadIdentityPoolId(\"example-pool\")\n .build());\n\n var example = new WorkloadIdentityPoolProvider(\"example\", WorkloadIdentityPoolProviderArgs.builder()\n .workloadIdentityPoolId(pool.workloadIdentityPoolId())\n .workloadIdentityPoolProviderId(\"example-prvdr\")\n .displayName(\"Name of provider\")\n .description(\"OIDC identity pool provider for automated test\")\n .disabled(true)\n .attributeCondition(\"\\\"e968c2ef-047c-498d-8d79-16ca1b61e77e\\\" in assertion.groups\")\n .attributeMapping(Map.ofEntries(\n Map.entry(\"google.subject\", \"\\\"azure::\\\" + assertion.tid + \\\"::\\\" + assertion.sub\"),\n Map.entry(\"attribute.tid\", \"assertion.tid\"),\n Map.entry(\"attribute.managed_identity_name\", \"\"\"\n {\n \"8bb39bdb-1cc5-4447-b7db-a19e920eb111\":\"workload1\",\n \"55d36609-9bcf-48e0-a366-a3cf19027d2a\":\"workload2\"\n }[assertion.oid]\n \"\"\")\n ))\n .oidc(WorkloadIdentityPoolProviderOidcArgs.builder()\n .allowedAudiences( \n \"https://example.com/gcp-oidc-federation\",\n \"example.com/gcp-oidc-federation\")\n .issuerUri(\"https://sts.windows.net/azure-tenant-id\")\n .jwksJson(\"{\\\"keys\\\":[{\\\"kty\\\":\\\"RSA\\\",\\\"alg\\\":\\\"RS256\\\",\\\"kid\\\":\\\"sif0AR-F6MuvksAyAOv-Pds08Bcf2eUMlxE30NofddA\\\",\\\"use\\\":\\\"sig\\\",\\\"e\\\":\\\"AQAB\\\",\\\"n\\\":\\\"ylH1Chl1tpfti3lh51E1g5dPogzXDaQseqjsefGLknaNl5W6Wd4frBhHyE2t41Q5zgz_Ll0-NvWm0FlaG6brhrN9QZu6sJP1bM8WPfJVPgXOanxi7d7TXCkeNubGeiLTf5R3UXtS9Lm_guemU7MxDjDTelxnlgGCihOVTcL526suNJUdfXtpwUsvdU6_ZnAp9IpsuYjCtwPm9hPumlcZGMbxstdh07O4y4O90cVQClJOKSGQjAUCKJWXIQ0cqffGS_HuS_725CPzQ85SzYZzaNpgfhAER7kx_9P16ARM3BJz0PI5fe2hECE61J4GYU_BY43sxDfs7HyJpEXKLU9eWw\\\"}]}\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pool:\n type: gcp:iam:WorkloadIdentityPool\n properties:\n workloadIdentityPoolId: example-pool\n example:\n type: gcp:iam:WorkloadIdentityPoolProvider\n properties:\n workloadIdentityPoolId: ${pool.workloadIdentityPoolId}\n workloadIdentityPoolProviderId: example-prvdr\n displayName: Name of provider\n description: OIDC identity pool provider for automated test\n disabled: true\n attributeCondition: '\"e968c2ef-047c-498d-8d79-16ca1b61e77e\" in assertion.groups'\n attributeMapping:\n google.subject: '\"azure::\" + assertion.tid + \"::\" + assertion.sub'\n attribute.tid: assertion.tid\n attribute.managed_identity_name: |2\n {\n \"8bb39bdb-1cc5-4447-b7db-a19e920eb111\":\"workload1\",\n \"55d36609-9bcf-48e0-a366-a3cf19027d2a\":\"workload2\"\n }[assertion.oid]\n oidc:\n allowedAudiences:\n - https://example.com/gcp-oidc-federation\n - example.com/gcp-oidc-federation\n issuerUri: https://sts.windows.net/azure-tenant-id\n jwksJson: '{\"keys\":[{\"kty\":\"RSA\",\"alg\":\"RS256\",\"kid\":\"sif0AR-F6MuvksAyAOv-Pds08Bcf2eUMlxE30NofddA\",\"use\":\"sig\",\"e\":\"AQAB\",\"n\":\"ylH1Chl1tpfti3lh51E1g5dPogzXDaQseqjsefGLknaNl5W6Wd4frBhHyE2t41Q5zgz_Ll0-NvWm0FlaG6brhrN9QZu6sJP1bM8WPfJVPgXOanxi7d7TXCkeNubGeiLTf5R3UXtS9Lm_guemU7MxDjDTelxnlgGCihOVTcL526suNJUdfXtpwUsvdU6_ZnAp9IpsuYjCtwPm9hPumlcZGMbxstdh07O4y4O90cVQClJOKSGQjAUCKJWXIQ0cqffGS_HuS_725CPzQ85SzYZzaNpgfhAER7kx_9P16ARM3BJz0PI5fe2hECE61J4GYU_BY43sxDfs7HyJpEXKLU9eWw\"}]}'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Iam Workload Identity Pool Provider X509 Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst pool = new gcp.iam.WorkloadIdentityPool(\"pool\", {workloadIdentityPoolId: \"example-pool\"});\nconst example = new gcp.iam.WorkloadIdentityPoolProvider(\"example\", {\n workloadIdentityPoolId: pool.workloadIdentityPoolId,\n workloadIdentityPoolProviderId: \"example-prvdr\",\n attributeMapping: {\n \"google.subject\": \"assertion.subject.dn.cn\",\n },\n x509: {\n trustStore: {\n trustAnchors: [{\n pemCertificate: std.file({\n input: \"test-fixtures/trust_anchor.pem\",\n }).then(invoke =\u003e invoke.result),\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\npool = gcp.iam.WorkloadIdentityPool(\"pool\", workload_identity_pool_id=\"example-pool\")\nexample = gcp.iam.WorkloadIdentityPoolProvider(\"example\",\n workload_identity_pool_id=pool.workload_identity_pool_id,\n workload_identity_pool_provider_id=\"example-prvdr\",\n attribute_mapping={\n \"google.subject\": \"assertion.subject.dn.cn\",\n },\n x509={\n \"trust_store\": {\n \"trust_anchors\": [{\n \"pem_certificate\": std.file(input=\"test-fixtures/trust_anchor.pem\").result,\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Gcp.Iam.WorkloadIdentityPool(\"pool\", new()\n {\n WorkloadIdentityPoolId = \"example-pool\",\n });\n\n var example = new Gcp.Iam.WorkloadIdentityPoolProvider(\"example\", new()\n {\n WorkloadIdentityPoolId = pool.WorkloadIdentityPoolId,\n WorkloadIdentityPoolProviderId = \"example-prvdr\",\n AttributeMapping = \n {\n { \"google.subject\", \"assertion.subject.dn.cn\" },\n },\n X509 = new Gcp.Iam.Inputs.WorkloadIdentityPoolProviderX509Args\n {\n TrustStore = new Gcp.Iam.Inputs.WorkloadIdentityPoolProviderX509TrustStoreArgs\n {\n TrustAnchors = new[]\n {\n new Gcp.Iam.Inputs.WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/trust_anchor.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := iam.NewWorkloadIdentityPool(ctx, \"pool\", \u0026iam.WorkloadIdentityPoolArgs{\n\t\t\tWorkloadIdentityPoolId: pulumi.String(\"example-pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/trust_anchor.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewWorkloadIdentityPoolProvider(ctx, \"example\", \u0026iam.WorkloadIdentityPoolProviderArgs{\n\t\t\tWorkloadIdentityPoolId: pool.WorkloadIdentityPoolId,\n\t\t\tWorkloadIdentityPoolProviderId: pulumi.String(\"example-prvdr\"),\n\t\t\tAttributeMapping: pulumi.StringMap{\n\t\t\t\t\"google.subject\": pulumi.String(\"assertion.subject.dn.cn\"),\n\t\t\t},\n\t\t\tX509: \u0026iam.WorkloadIdentityPoolProviderX509Args{\n\t\t\t\tTrustStore: \u0026iam.WorkloadIdentityPoolProviderX509TrustStoreArgs{\n\t\t\t\t\tTrustAnchors: iam.WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray{\n\t\t\t\t\t\t\u0026iam.WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs{\n\t\t\t\t\t\t\tPemCertificate: pulumi.String(invokeFile.Result),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iam.WorkloadIdentityPool;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolArgs;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProvider;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProviderArgs;\nimport com.pulumi.gcp.iam.inputs.WorkloadIdentityPoolProviderX509Args;\nimport com.pulumi.gcp.iam.inputs.WorkloadIdentityPoolProviderX509TrustStoreArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new WorkloadIdentityPool(\"pool\", WorkloadIdentityPoolArgs.builder()\n .workloadIdentityPoolId(\"example-pool\")\n .build());\n\n var example = new WorkloadIdentityPoolProvider(\"example\", WorkloadIdentityPoolProviderArgs.builder()\n .workloadIdentityPoolId(pool.workloadIdentityPoolId())\n .workloadIdentityPoolProviderId(\"example-prvdr\")\n .attributeMapping(Map.of(\"google.subject\", \"assertion.subject.dn.cn\"))\n .x509(WorkloadIdentityPoolProviderX509Args.builder()\n .trustStore(WorkloadIdentityPoolProviderX509TrustStoreArgs.builder()\n .trustAnchors(WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/trust_anchor.pem\")\n .build()).result())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pool:\n type: gcp:iam:WorkloadIdentityPool\n properties:\n workloadIdentityPoolId: example-pool\n example:\n type: gcp:iam:WorkloadIdentityPoolProvider\n properties:\n workloadIdentityPoolId: ${pool.workloadIdentityPoolId}\n workloadIdentityPoolProviderId: example-prvdr\n attributeMapping:\n google.subject: assertion.subject.dn.cn\n x509:\n trustStore:\n trustAnchors:\n - pemCertificate:\n fn::invoke:\n function: std:file\n arguments:\n input: test-fixtures/trust_anchor.pem\n return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Iam Workload Identity Pool Provider X509 Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst pool = new gcp.iam.WorkloadIdentityPool(\"pool\", {workloadIdentityPoolId: \"example-pool\"});\nconst example = new gcp.iam.WorkloadIdentityPoolProvider(\"example\", {\n workloadIdentityPoolId: pool.workloadIdentityPoolId,\n workloadIdentityPoolProviderId: \"example-prvdr\",\n displayName: \"Name of provider\",\n description: \"X.509 identity pool provider for automated test\",\n disabled: true,\n attributeMapping: {\n \"google.subject\": \"assertion.subject.dn.cn\",\n },\n x509: {\n trustStore: {\n trustAnchors: [{\n pemCertificate: std.file({\n input: \"test-fixtures/trust_anchor.pem\",\n }).then(invoke =\u003e invoke.result),\n }],\n intermediateCas: [{\n pemCertificate: std.file({\n input: \"test-fixtures/intermediate_ca.pem\",\n }).then(invoke =\u003e invoke.result),\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\npool = gcp.iam.WorkloadIdentityPool(\"pool\", workload_identity_pool_id=\"example-pool\")\nexample = gcp.iam.WorkloadIdentityPoolProvider(\"example\",\n workload_identity_pool_id=pool.workload_identity_pool_id,\n workload_identity_pool_provider_id=\"example-prvdr\",\n display_name=\"Name of provider\",\n description=\"X.509 identity pool provider for automated test\",\n disabled=True,\n attribute_mapping={\n \"google.subject\": \"assertion.subject.dn.cn\",\n },\n x509={\n \"trust_store\": {\n \"trust_anchors\": [{\n \"pem_certificate\": std.file(input=\"test-fixtures/trust_anchor.pem\").result,\n }],\n \"intermediate_cas\": [{\n \"pem_certificate\": std.file(input=\"test-fixtures/intermediate_ca.pem\").result,\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Gcp.Iam.WorkloadIdentityPool(\"pool\", new()\n {\n WorkloadIdentityPoolId = \"example-pool\",\n });\n\n var example = new Gcp.Iam.WorkloadIdentityPoolProvider(\"example\", new()\n {\n WorkloadIdentityPoolId = pool.WorkloadIdentityPoolId,\n WorkloadIdentityPoolProviderId = \"example-prvdr\",\n DisplayName = \"Name of provider\",\n Description = \"X.509 identity pool provider for automated test\",\n Disabled = true,\n AttributeMapping = \n {\n { \"google.subject\", \"assertion.subject.dn.cn\" },\n },\n X509 = new Gcp.Iam.Inputs.WorkloadIdentityPoolProviderX509Args\n {\n TrustStore = new Gcp.Iam.Inputs.WorkloadIdentityPoolProviderX509TrustStoreArgs\n {\n TrustAnchors = new[]\n {\n new Gcp.Iam.Inputs.WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/trust_anchor.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n IntermediateCas = new[]\n {\n new Gcp.Iam.Inputs.WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/intermediate_ca.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := iam.NewWorkloadIdentityPool(ctx, \"pool\", \u0026iam.WorkloadIdentityPoolArgs{\n\t\t\tWorkloadIdentityPoolId: pulumi.String(\"example-pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/trust_anchor.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/intermediate_ca.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewWorkloadIdentityPoolProvider(ctx, \"example\", \u0026iam.WorkloadIdentityPoolProviderArgs{\n\t\t\tWorkloadIdentityPoolId: pool.WorkloadIdentityPoolId,\n\t\t\tWorkloadIdentityPoolProviderId: pulumi.String(\"example-prvdr\"),\n\t\t\tDisplayName: pulumi.String(\"Name of provider\"),\n\t\t\tDescription: pulumi.String(\"X.509 identity pool provider for automated test\"),\n\t\t\tDisabled: pulumi.Bool(true),\n\t\t\tAttributeMapping: pulumi.StringMap{\n\t\t\t\t\"google.subject\": pulumi.String(\"assertion.subject.dn.cn\"),\n\t\t\t},\n\t\t\tX509: \u0026iam.WorkloadIdentityPoolProviderX509Args{\n\t\t\t\tTrustStore: \u0026iam.WorkloadIdentityPoolProviderX509TrustStoreArgs{\n\t\t\t\t\tTrustAnchors: iam.WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray{\n\t\t\t\t\t\t\u0026iam.WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs{\n\t\t\t\t\t\t\tPemCertificate: pulumi.String(invokeFile.Result),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tIntermediateCas: iam.WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray{\n\t\t\t\t\t\t\u0026iam.WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs{\n\t\t\t\t\t\t\tPemCertificate: pulumi.String(invokeFile1.Result),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iam.WorkloadIdentityPool;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolArgs;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProvider;\nimport com.pulumi.gcp.iam.WorkloadIdentityPoolProviderArgs;\nimport com.pulumi.gcp.iam.inputs.WorkloadIdentityPoolProviderX509Args;\nimport com.pulumi.gcp.iam.inputs.WorkloadIdentityPoolProviderX509TrustStoreArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new WorkloadIdentityPool(\"pool\", WorkloadIdentityPoolArgs.builder()\n .workloadIdentityPoolId(\"example-pool\")\n .build());\n\n var example = new WorkloadIdentityPoolProvider(\"example\", WorkloadIdentityPoolProviderArgs.builder()\n .workloadIdentityPoolId(pool.workloadIdentityPoolId())\n .workloadIdentityPoolProviderId(\"example-prvdr\")\n .displayName(\"Name of provider\")\n .description(\"X.509 identity pool provider for automated test\")\n .disabled(true)\n .attributeMapping(Map.of(\"google.subject\", \"assertion.subject.dn.cn\"))\n .x509(WorkloadIdentityPoolProviderX509Args.builder()\n .trustStore(WorkloadIdentityPoolProviderX509TrustStoreArgs.builder()\n .trustAnchors(WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/trust_anchor.pem\")\n .build()).result())\n .build())\n .intermediateCas(WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/intermediate_ca.pem\")\n .build()).result())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pool:\n type: gcp:iam:WorkloadIdentityPool\n properties:\n workloadIdentityPoolId: example-pool\n example:\n type: gcp:iam:WorkloadIdentityPoolProvider\n properties:\n workloadIdentityPoolId: ${pool.workloadIdentityPoolId}\n workloadIdentityPoolProviderId: example-prvdr\n displayName: Name of provider\n description: X.509 identity pool provider for automated test\n disabled: true\n attributeMapping:\n google.subject: assertion.subject.dn.cn\n x509:\n trustStore:\n trustAnchors:\n - pemCertificate:\n fn::invoke:\n function: std:file\n arguments:\n input: test-fixtures/trust_anchor.pem\n return: result\n intermediateCas:\n - pemCertificate:\n fn::invoke:\n function: std:file\n arguments:\n input: test-fixtures/intermediate_ca.pem\n return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nWorkloadIdentityPoolProvider can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/providers/{{workload_identity_pool_provider_id}}`\n\n* `{{project}}/{{workload_identity_pool_id}}/{{workload_identity_pool_provider_id}}`\n\n* `{{workload_identity_pool_id}}/{{workload_identity_pool_provider_id}}`\n\nWhen using the `pulumi import` command, WorkloadIdentityPoolProvider can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:iam/workloadIdentityPoolProvider:WorkloadIdentityPoolProvider default projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/providers/{{workload_identity_pool_provider_id}}\n```\n\n```sh\n$ pulumi import gcp:iam/workloadIdentityPoolProvider:WorkloadIdentityPoolProvider default {{project}}/{{workload_identity_pool_id}}/{{workload_identity_pool_provider_id}}\n```\n\n```sh\n$ pulumi import gcp:iam/workloadIdentityPoolProvider:WorkloadIdentityPoolProvider default {{workload_identity_pool_id}}/{{workload_identity_pool_provider_id}}\n```\n\n", "properties": { "attributeCondition": { "type": "string", @@ -224694,7 +224694,7 @@ } }, "gcp:iap/appEngineServiceIamBinding:AppEngineServiceIamBinding": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineService. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached.\n* `gcp.iap.AppEngineServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved.\n* `gcp.iap.AppEngineServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Retrieves the IAM policy for the appengineservice\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineServiceIamBinding` and `gcp.iap.AppEngineServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.AppEngineServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy AppEngineService\nThree different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineService. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached.\n* `gcp.iap.AppEngineServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved.\n* `gcp.iap.AppEngineServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Retrieves the IAM policy for the appengineservice\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineServiceIamBinding` and `gcp.iap.AppEngineServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.AppEngineServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}\n\n* {{project}}/{{appId}}/{{service}}\n\n* {{appId}}/{{service}}\n\n* {{service}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy appengineservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamBinding:AppEngineServiceIamBinding editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamBinding:AppEngineServiceIamBinding editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamBinding:AppEngineServiceIamBinding editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineService. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached.\n* `gcp.iap.AppEngineServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved.\n* `gcp.iap.AppEngineServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Retrieves the IAM policy for the appengineservice\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineServiceIamBinding` and `gcp.iap.AppEngineServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.AppEngineServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy AppEngineService\nThree different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineService. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached.\n* `gcp.iap.AppEngineServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved.\n* `gcp.iap.AppEngineServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Retrieves the IAM policy for the appengineservice\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineServiceIamBinding` and `gcp.iap.AppEngineServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.AppEngineServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}\n\n* {{project}}/{{appId}}/{{service}}\n\n* {{appId}}/{{service}}\n\n* {{service}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy appengineservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamBinding:AppEngineServiceIamBinding editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamBinding:AppEngineServiceIamBinding editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamBinding:AppEngineServiceIamBinding editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "appId": { "type": "string", @@ -224820,7 +224820,7 @@ } }, "gcp:iap/appEngineServiceIamMember:AppEngineServiceIamMember": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineService. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached.\n* `gcp.iap.AppEngineServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved.\n* `gcp.iap.AppEngineServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Retrieves the IAM policy for the appengineservice\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineServiceIamBinding` and `gcp.iap.AppEngineServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.AppEngineServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy AppEngineService\nThree different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineService. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached.\n* `gcp.iap.AppEngineServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved.\n* `gcp.iap.AppEngineServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Retrieves the IAM policy for the appengineservice\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineServiceIamBinding` and `gcp.iap.AppEngineServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.AppEngineServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}\n\n* {{project}}/{{appId}}/{{service}}\n\n* {{appId}}/{{service}}\n\n* {{service}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy appengineservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamMember:AppEngineServiceIamMember editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamMember:AppEngineServiceIamMember editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamMember:AppEngineServiceIamMember editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineService. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached.\n* `gcp.iap.AppEngineServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved.\n* `gcp.iap.AppEngineServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Retrieves the IAM policy for the appengineservice\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineServiceIamBinding` and `gcp.iap.AppEngineServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.AppEngineServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy AppEngineService\nThree different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineService. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached.\n* `gcp.iap.AppEngineServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved.\n* `gcp.iap.AppEngineServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Retrieves the IAM policy for the appengineservice\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineServiceIamBinding` and `gcp.iap.AppEngineServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.AppEngineServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}\n\n* {{project}}/{{appId}}/{{service}}\n\n* {{appId}}/{{service}}\n\n* {{service}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy appengineservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamMember:AppEngineServiceIamMember editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamMember:AppEngineServiceIamMember editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamMember:AppEngineServiceIamMember editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "appId": { "type": "string", @@ -224939,7 +224939,7 @@ } }, "gcp:iap/appEngineServiceIamPolicy:AppEngineServiceIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineService. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached.\n* `gcp.iap.AppEngineServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved.\n* `gcp.iap.AppEngineServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Retrieves the IAM policy for the appengineservice\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineServiceIamBinding` and `gcp.iap.AppEngineServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.AppEngineServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy AppEngineService\nThree different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineService. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached.\n* `gcp.iap.AppEngineServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved.\n* `gcp.iap.AppEngineServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Retrieves the IAM policy for the appengineservice\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineServiceIamBinding` and `gcp.iap.AppEngineServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.AppEngineServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}\n\n* {{project}}/{{appId}}/{{service}}\n\n* {{appId}}/{{service}}\n\n* {{service}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy appengineservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamPolicy:AppEngineServiceIamPolicy editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamPolicy:AppEngineServiceIamPolicy editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamPolicy:AppEngineServiceIamPolicy editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineService. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached.\n* `gcp.iap.AppEngineServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved.\n* `gcp.iap.AppEngineServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Retrieves the IAM policy for the appengineservice\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineServiceIamBinding` and `gcp.iap.AppEngineServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.AppEngineServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy AppEngineService\nThree different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineService. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached.\n* `gcp.iap.AppEngineServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved.\n* `gcp.iap.AppEngineServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Retrieves the IAM policy for the appengineservice\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineServiceIamBinding` and `gcp.iap.AppEngineServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.AppEngineServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}\n\n* {{project}}/{{appId}}/{{service}}\n\n* {{appId}}/{{service}}\n\n* {{service}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy appengineservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamPolicy:AppEngineServiceIamPolicy editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamPolicy:AppEngineServiceIamPolicy editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamPolicy:AppEngineServiceIamPolicy editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "appId": { "type": "string", @@ -225026,7 +225026,7 @@ } }, "gcp:iap/appEngineVersionIamBinding:AppEngineVersionIamBinding": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached.\n* `gcp.iap.AppEngineVersionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved.\n* `gcp.iap.AppEngineVersionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Retrieves the IAM policy for the appengineversion\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineVersionIamBinding` and `gcp.iap.AppEngineVersionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineVersionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.AppEngineVersionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineVersionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineVersionIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineVersionIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineVersionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineVersionIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineVersionIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy AppEngineVersion\nThree different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached.\n* `gcp.iap.AppEngineVersionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved.\n* `gcp.iap.AppEngineVersionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Retrieves the IAM policy for the appengineversion\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineVersionIamBinding` and `gcp.iap.AppEngineVersionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineVersionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.AppEngineVersionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineVersionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineVersionIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineVersionIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineVersionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineVersionIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineVersionIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}\n\n* {{project}}/{{appId}}/{{service}}/{{versionId}}\n\n* {{appId}}/{{service}}/{{versionId}}\n\n* {{version}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy appengineversion IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamBinding:AppEngineVersionIamBinding editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamBinding:AppEngineVersionIamBinding editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamBinding:AppEngineVersionIamBinding editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached.\n* `gcp.iap.AppEngineVersionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved.\n* `gcp.iap.AppEngineVersionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Retrieves the IAM policy for the appengineversion\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineVersionIamBinding` and `gcp.iap.AppEngineVersionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineVersionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.AppEngineVersionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineVersionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineVersionIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineVersionIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineVersionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineVersionIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineVersionIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy AppEngineVersion\nThree different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached.\n* `gcp.iap.AppEngineVersionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved.\n* `gcp.iap.AppEngineVersionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Retrieves the IAM policy for the appengineversion\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineVersionIamBinding` and `gcp.iap.AppEngineVersionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineVersionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.AppEngineVersionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineVersionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineVersionIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineVersionIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineVersionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineVersionIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineVersionIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}\n\n* {{project}}/{{appId}}/{{service}}/{{versionId}}\n\n* {{appId}}/{{service}}/{{versionId}}\n\n* {{version}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy appengineversion IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamBinding:AppEngineVersionIamBinding editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamBinding:AppEngineVersionIamBinding editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamBinding:AppEngineVersionIamBinding editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "appId": { "type": "string", @@ -225168,7 +225168,7 @@ } }, "gcp:iap/appEngineVersionIamMember:AppEngineVersionIamMember": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached.\n* `gcp.iap.AppEngineVersionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved.\n* `gcp.iap.AppEngineVersionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Retrieves the IAM policy for the appengineversion\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineVersionIamBinding` and `gcp.iap.AppEngineVersionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineVersionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.AppEngineVersionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineVersionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineVersionIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineVersionIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineVersionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineVersionIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineVersionIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy AppEngineVersion\nThree different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached.\n* `gcp.iap.AppEngineVersionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved.\n* `gcp.iap.AppEngineVersionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Retrieves the IAM policy for the appengineversion\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineVersionIamBinding` and `gcp.iap.AppEngineVersionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineVersionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.AppEngineVersionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineVersionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineVersionIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineVersionIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineVersionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineVersionIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineVersionIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}\n\n* {{project}}/{{appId}}/{{service}}/{{versionId}}\n\n* {{appId}}/{{service}}/{{versionId}}\n\n* {{version}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy appengineversion IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamMember:AppEngineVersionIamMember editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamMember:AppEngineVersionIamMember editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamMember:AppEngineVersionIamMember editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached.\n* `gcp.iap.AppEngineVersionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved.\n* `gcp.iap.AppEngineVersionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Retrieves the IAM policy for the appengineversion\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineVersionIamBinding` and `gcp.iap.AppEngineVersionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineVersionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.AppEngineVersionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineVersionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineVersionIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineVersionIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineVersionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineVersionIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineVersionIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy AppEngineVersion\nThree different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached.\n* `gcp.iap.AppEngineVersionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved.\n* `gcp.iap.AppEngineVersionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Retrieves the IAM policy for the appengineversion\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineVersionIamBinding` and `gcp.iap.AppEngineVersionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineVersionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.AppEngineVersionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineVersionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineVersionIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineVersionIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineVersionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineVersionIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineVersionIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}\n\n* {{project}}/{{appId}}/{{service}}/{{versionId}}\n\n* {{appId}}/{{service}}/{{versionId}}\n\n* {{version}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy appengineversion IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamMember:AppEngineVersionIamMember editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamMember:AppEngineVersionIamMember editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamMember:AppEngineVersionIamMember editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "appId": { "type": "string", @@ -225303,7 +225303,7 @@ } }, "gcp:iap/appEngineVersionIamPolicy:AppEngineVersionIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached.\n* `gcp.iap.AppEngineVersionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved.\n* `gcp.iap.AppEngineVersionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Retrieves the IAM policy for the appengineversion\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineVersionIamBinding` and `gcp.iap.AppEngineVersionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineVersionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.AppEngineVersionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineVersionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineVersionIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineVersionIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineVersionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineVersionIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineVersionIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy AppEngineVersion\nThree different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached.\n* `gcp.iap.AppEngineVersionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved.\n* `gcp.iap.AppEngineVersionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Retrieves the IAM policy for the appengineversion\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineVersionIamBinding` and `gcp.iap.AppEngineVersionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineVersionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.AppEngineVersionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineVersionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineVersionIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineVersionIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineVersionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineVersionIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineVersionIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}\n\n* {{project}}/{{appId}}/{{service}}/{{versionId}}\n\n* {{appId}}/{{service}}/{{versionId}}\n\n* {{version}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy appengineversion IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamPolicy:AppEngineVersionIamPolicy editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamPolicy:AppEngineVersionIamPolicy editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamPolicy:AppEngineVersionIamPolicy editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached.\n* `gcp.iap.AppEngineVersionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved.\n* `gcp.iap.AppEngineVersionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Retrieves the IAM policy for the appengineversion\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineVersionIamBinding` and `gcp.iap.AppEngineVersionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineVersionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.AppEngineVersionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineVersionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineVersionIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineVersionIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineVersionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineVersionIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineVersionIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy AppEngineVersion\nThree different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached.\n* `gcp.iap.AppEngineVersionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved.\n* `gcp.iap.AppEngineVersionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Retrieves the IAM policy for the appengineversion\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineVersionIamBinding` and `gcp.iap.AppEngineVersionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineVersionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.AppEngineVersionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineVersionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineVersionIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineVersionIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.AppEngineVersionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineVersionIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineVersionIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}\n\n* {{project}}/{{appId}}/{{service}}/{{versionId}}\n\n* {{appId}}/{{service}}/{{versionId}}\n\n* {{version}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy appengineversion IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamPolicy:AppEngineVersionIamPolicy editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamPolicy:AppEngineVersionIamPolicy editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamPolicy:AppEngineVersionIamPolicy editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "appId": { "type": "string", @@ -225557,7 +225557,7 @@ } }, "gcp:iap/settings:Settings": { - "description": "IAP settings - manage IAP settings\n\n\nTo get more information about Settings, see:\n\n* [API documentation](https://cloud.google.com/iap/docs/reference/rest/v1/IapSettings)\n* How-to Guides\n * [Customizing IAP](https://cloud.google.com/iap/docs/customizing)\n\n\n\n## Example Usage\n\n### Iap Settings Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst defaultHealthCheck = new gcp.compute.HealthCheck(\"default\", {\n name: \"iap-bs-health-check\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst _default = new gcp.compute.RegionBackendService(\"default\", {\n name: \"iap-settings-tf\",\n region: \"us-central1\",\n healthChecks: defaultHealthCheck.id,\n connectionDrainingTimeoutSec: 10,\n sessionAffinity: \"CLIENT_IP\",\n});\nconst iapSettings = new gcp.iap.Settings(\"iap_settings\", {\n name: pulumi.all([project, _default.name]).apply(([project, name]) =\u003e `projects/${project.number}/iap_web/compute-us-central1/services/${name}`),\n accessSettings: {\n identitySources: [\"WORKFORCE_IDENTITY_FEDERATION\"],\n allowedDomainsSettings: {\n domains: [\"test.abc.com\"],\n enable: true,\n },\n corsSettings: {\n allowHttpOptions: true,\n },\n reauthSettings: {\n method: \"SECURE_KEY\",\n maxAge: \"305s\",\n policyType: \"MINIMUM\",\n },\n gcipSettings: {\n loginPageUri: \"https://test.com/?apiKey=abc\",\n },\n oauthSettings: {\n loginHint: \"test\",\n },\n workforceIdentitySettings: {\n workforcePools: \"wif-pool\",\n oauth2: {\n clientId: \"test-client-id\",\n clientSecret: \"test-client-secret\",\n },\n },\n },\n applicationSettings: {\n cookieDomain: \"test.abc.com\",\n csmSettings: {\n rctokenAud: \"test-aud-set\",\n },\n accessDeniedPageSettings: {\n accessDeniedPageUri: \"test-uri\",\n generateTroubleshootingUri: true,\n remediationTokenGenerationEnabled: false,\n },\n attributePropagationSettings: {\n outputCredentials: [\"HEADER\"],\n expression: \"attributes.saml_attributes.filter(attribute, attribute.name in [\\\"test1\\\", \\\"test2\\\"])\",\n enable: false,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ndefault_health_check = gcp.compute.HealthCheck(\"default\",\n name=\"iap-bs-health-check\",\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\ndefault = gcp.compute.RegionBackendService(\"default\",\n name=\"iap-settings-tf\",\n region=\"us-central1\",\n health_checks=default_health_check.id,\n connection_draining_timeout_sec=10,\n session_affinity=\"CLIENT_IP\")\niap_settings = gcp.iap.Settings(\"iap_settings\",\n name=default.name.apply(lambda name: f\"projects/{project.number}/iap_web/compute-us-central1/services/{name}\"),\n access_settings={\n \"identity_sources\": [\"WORKFORCE_IDENTITY_FEDERATION\"],\n \"allowed_domains_settings\": {\n \"domains\": [\"test.abc.com\"],\n \"enable\": True,\n },\n \"cors_settings\": {\n \"allow_http_options\": True,\n },\n \"reauth_settings\": {\n \"method\": \"SECURE_KEY\",\n \"max_age\": \"305s\",\n \"policy_type\": \"MINIMUM\",\n },\n \"gcip_settings\": {\n \"login_page_uri\": \"https://test.com/?apiKey=abc\",\n },\n \"oauth_settings\": {\n \"login_hint\": \"test\",\n },\n \"workforce_identity_settings\": {\n \"workforce_pools\": \"wif-pool\",\n \"oauth2\": {\n \"client_id\": \"test-client-id\",\n \"client_secret\": \"test-client-secret\",\n },\n },\n },\n application_settings={\n \"cookie_domain\": \"test.abc.com\",\n \"csm_settings\": {\n \"rctoken_aud\": \"test-aud-set\",\n },\n \"access_denied_page_settings\": {\n \"access_denied_page_uri\": \"test-uri\",\n \"generate_troubleshooting_uri\": True,\n \"remediation_token_generation_enabled\": False,\n },\n \"attribute_propagation_settings\": {\n \"output_credentials\": [\"HEADER\"],\n \"expression\": \"attributes.saml_attributes.filter(attribute, attribute.name in [\\\"test1\\\", \\\"test2\\\"])\",\n \"enable\": False,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var defaultHealthCheck = new Gcp.Compute.HealthCheck(\"default\", new()\n {\n Name = \"iap-bs-health-check\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var @default = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n Name = \"iap-settings-tf\",\n Region = \"us-central1\",\n HealthChecks = defaultHealthCheck.Id,\n ConnectionDrainingTimeoutSec = 10,\n SessionAffinity = \"CLIENT_IP\",\n });\n\n var iapSettings = new Gcp.Iap.Settings(\"iap_settings\", new()\n {\n Name = Output.Tuple(project, @default.Name).Apply(values =\u003e\n {\n var project = values.Item1;\n var name = values.Item2;\n return $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/iap_web/compute-us-central1/services/{name}\";\n }),\n AccessSettings = new Gcp.Iap.Inputs.SettingsAccessSettingsArgs\n {\n IdentitySources = new[]\n {\n \"WORKFORCE_IDENTITY_FEDERATION\",\n },\n AllowedDomainsSettings = new Gcp.Iap.Inputs.SettingsAccessSettingsAllowedDomainsSettingsArgs\n {\n Domains = new[]\n {\n \"test.abc.com\",\n },\n Enable = true,\n },\n CorsSettings = new Gcp.Iap.Inputs.SettingsAccessSettingsCorsSettingsArgs\n {\n AllowHttpOptions = true,\n },\n ReauthSettings = new Gcp.Iap.Inputs.SettingsAccessSettingsReauthSettingsArgs\n {\n Method = \"SECURE_KEY\",\n MaxAge = \"305s\",\n PolicyType = \"MINIMUM\",\n },\n GcipSettings = new Gcp.Iap.Inputs.SettingsAccessSettingsGcipSettingsArgs\n {\n LoginPageUri = \"https://test.com/?apiKey=abc\",\n },\n OauthSettings = new Gcp.Iap.Inputs.SettingsAccessSettingsOauthSettingsArgs\n {\n LoginHint = \"test\",\n },\n WorkforceIdentitySettings = new Gcp.Iap.Inputs.SettingsAccessSettingsWorkforceIdentitySettingsArgs\n {\n WorkforcePools = \"wif-pool\",\n Oauth2 = new Gcp.Iap.Inputs.SettingsAccessSettingsWorkforceIdentitySettingsOauth2Args\n {\n ClientId = \"test-client-id\",\n ClientSecret = \"test-client-secret\",\n },\n },\n },\n ApplicationSettings = new Gcp.Iap.Inputs.SettingsApplicationSettingsArgs\n {\n CookieDomain = \"test.abc.com\",\n CsmSettings = new Gcp.Iap.Inputs.SettingsApplicationSettingsCsmSettingsArgs\n {\n RctokenAud = \"test-aud-set\",\n },\n AccessDeniedPageSettings = new Gcp.Iap.Inputs.SettingsApplicationSettingsAccessDeniedPageSettingsArgs\n {\n AccessDeniedPageUri = \"test-uri\",\n GenerateTroubleshootingUri = true,\n RemediationTokenGenerationEnabled = false,\n },\n AttributePropagationSettings = new Gcp.Iap.Inputs.SettingsApplicationSettingsAttributePropagationSettingsArgs\n {\n OutputCredentials = new[]\n {\n \"HEADER\",\n },\n Expression = \"attributes.saml_attributes.filter(attribute, attribute.name in [\\\"test1\\\", \\\"test2\\\"])\",\n Enable = false,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultHealthCheck, err := compute.NewHealthCheck(ctx, \"default\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"iap-bs-health-check\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"iap-settings-tf\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHealthChecks: defaultHealthCheck.ID(),\n\t\t\tConnectionDrainingTimeoutSec: pulumi.Int(10),\n\t\t\tSessionAffinity: pulumi.String(\"CLIENT_IP\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewSettings(ctx, \"iap_settings\", \u0026iap.SettingsArgs{\n\t\t\tName: _default.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/%v/iap_web/compute-us-central1/services/%v\", project.Number, name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tAccessSettings: \u0026iap.SettingsAccessSettingsArgs{\n\t\t\t\tIdentitySources: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"WORKFORCE_IDENTITY_FEDERATION\"),\n\t\t\t\t},\n\t\t\t\tAllowedDomainsSettings: \u0026iap.SettingsAccessSettingsAllowedDomainsSettingsArgs{\n\t\t\t\t\tDomains: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"test.abc.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tEnable: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tCorsSettings: \u0026iap.SettingsAccessSettingsCorsSettingsArgs{\n\t\t\t\t\tAllowHttpOptions: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tReauthSettings: \u0026iap.SettingsAccessSettingsReauthSettingsArgs{\n\t\t\t\t\tMethod: pulumi.String(\"SECURE_KEY\"),\n\t\t\t\t\tMaxAge: pulumi.String(\"305s\"),\n\t\t\t\t\tPolicyType: pulumi.String(\"MINIMUM\"),\n\t\t\t\t},\n\t\t\t\tGcipSettings: \u0026iap.SettingsAccessSettingsGcipSettingsArgs{\n\t\t\t\t\tLoginPageUri: pulumi.String(\"https://test.com/?apiKey=abc\"),\n\t\t\t\t},\n\t\t\t\tOauthSettings: \u0026iap.SettingsAccessSettingsOauthSettingsArgs{\n\t\t\t\t\tLoginHint: pulumi.String(\"test\"),\n\t\t\t\t},\n\t\t\t\tWorkforceIdentitySettings: \u0026iap.SettingsAccessSettingsWorkforceIdentitySettingsArgs{\n\t\t\t\t\tWorkforcePools: pulumi.String(\"wif-pool\"),\n\t\t\t\t\tOauth2: \u0026iap.SettingsAccessSettingsWorkforceIdentitySettingsOauth2Args{\n\t\t\t\t\t\tClientId: pulumi.String(\"test-client-id\"),\n\t\t\t\t\t\tClientSecret: pulumi.String(\"test-client-secret\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tApplicationSettings: \u0026iap.SettingsApplicationSettingsArgs{\n\t\t\t\tCookieDomain: pulumi.String(\"test.abc.com\"),\n\t\t\t\tCsmSettings: \u0026iap.SettingsApplicationSettingsCsmSettingsArgs{\n\t\t\t\t\tRctokenAud: pulumi.String(\"test-aud-set\"),\n\t\t\t\t},\n\t\t\t\tAccessDeniedPageSettings: \u0026iap.SettingsApplicationSettingsAccessDeniedPageSettingsArgs{\n\t\t\t\t\tAccessDeniedPageUri: pulumi.String(\"test-uri\"),\n\t\t\t\t\tGenerateTroubleshootingUri: pulumi.Bool(true),\n\t\t\t\t\tRemediationTokenGenerationEnabled: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t\tAttributePropagationSettings: \u0026iap.SettingsApplicationSettingsAttributePropagationSettingsArgs{\n\t\t\t\t\tOutputCredentials: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"HEADER\"),\n\t\t\t\t\t},\n\t\t\t\t\tExpression: pulumi.String(\"attributes.saml_attributes.filter(attribute, attribute.name in [\\\"test1\\\", \\\"test2\\\"])\"),\n\t\t\t\t\tEnable: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.iap.Settings;\nimport com.pulumi.gcp.iap.SettingsArgs;\nimport com.pulumi.gcp.iap.inputs.SettingsAccessSettingsArgs;\nimport com.pulumi.gcp.iap.inputs.SettingsAccessSettingsAllowedDomainsSettingsArgs;\nimport com.pulumi.gcp.iap.inputs.SettingsAccessSettingsCorsSettingsArgs;\nimport com.pulumi.gcp.iap.inputs.SettingsAccessSettingsReauthSettingsArgs;\nimport com.pulumi.gcp.iap.inputs.SettingsAccessSettingsGcipSettingsArgs;\nimport com.pulumi.gcp.iap.inputs.SettingsAccessSettingsOauthSettingsArgs;\nimport com.pulumi.gcp.iap.inputs.SettingsAccessSettingsWorkforceIdentitySettingsArgs;\nimport com.pulumi.gcp.iap.inputs.SettingsAccessSettingsWorkforceIdentitySettingsOauth2Args;\nimport com.pulumi.gcp.iap.inputs.SettingsApplicationSettingsArgs;\nimport com.pulumi.gcp.iap.inputs.SettingsApplicationSettingsCsmSettingsArgs;\nimport com.pulumi.gcp.iap.inputs.SettingsApplicationSettingsAccessDeniedPageSettingsArgs;\nimport com.pulumi.gcp.iap.inputs.SettingsApplicationSettingsAttributePropagationSettingsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var defaultHealthCheck = new HealthCheck(\"defaultHealthCheck\", HealthCheckArgs.builder()\n .name(\"iap-bs-health-check\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n var default_ = new RegionBackendService(\"default\", RegionBackendServiceArgs.builder()\n .name(\"iap-settings-tf\")\n .region(\"us-central1\")\n .healthChecks(defaultHealthCheck.id())\n .connectionDrainingTimeoutSec(10)\n .sessionAffinity(\"CLIENT_IP\")\n .build());\n\n var iapSettings = new Settings(\"iapSettings\", SettingsArgs.builder()\n .name(default_.name().applyValue(name -\u003e String.format(\"projects/%s/iap_web/compute-us-central1/services/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number()),name)))\n .accessSettings(SettingsAccessSettingsArgs.builder()\n .identitySources(\"WORKFORCE_IDENTITY_FEDERATION\")\n .allowedDomainsSettings(SettingsAccessSettingsAllowedDomainsSettingsArgs.builder()\n .domains(\"test.abc.com\")\n .enable(true)\n .build())\n .corsSettings(SettingsAccessSettingsCorsSettingsArgs.builder()\n .allowHttpOptions(true)\n .build())\n .reauthSettings(SettingsAccessSettingsReauthSettingsArgs.builder()\n .method(\"SECURE_KEY\")\n .maxAge(\"305s\")\n .policyType(\"MINIMUM\")\n .build())\n .gcipSettings(SettingsAccessSettingsGcipSettingsArgs.builder()\n .loginPageUri(\"https://test.com/?apiKey=abc\")\n .build())\n .oauthSettings(SettingsAccessSettingsOauthSettingsArgs.builder()\n .loginHint(\"test\")\n .build())\n .workforceIdentitySettings(SettingsAccessSettingsWorkforceIdentitySettingsArgs.builder()\n .workforcePools(\"wif-pool\")\n .oauth2(SettingsAccessSettingsWorkforceIdentitySettingsOauth2Args.builder()\n .clientId(\"test-client-id\")\n .clientSecret(\"test-client-secret\")\n .build())\n .build())\n .build())\n .applicationSettings(SettingsApplicationSettingsArgs.builder()\n .cookieDomain(\"test.abc.com\")\n .csmSettings(SettingsApplicationSettingsCsmSettingsArgs.builder()\n .rctokenAud(\"test-aud-set\")\n .build())\n .accessDeniedPageSettings(SettingsApplicationSettingsAccessDeniedPageSettingsArgs.builder()\n .accessDeniedPageUri(\"test-uri\")\n .generateTroubleshootingUri(true)\n .remediationTokenGenerationEnabled(false)\n .build())\n .attributePropagationSettings(SettingsApplicationSettingsAttributePropagationSettingsArgs.builder()\n .outputCredentials(\"HEADER\")\n .expression(\"attributes.saml_attributes.filter(attribute, attribute.name in [\\\"test1\\\", \\\"test2\\\"])\")\n .enable(false)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionBackendService\n properties:\n name: iap-settings-tf\n region: us-central1\n healthChecks: ${defaultHealthCheck.id}\n connectionDrainingTimeoutSec: 10\n sessionAffinity: CLIENT_IP\n defaultHealthCheck:\n type: gcp:compute:HealthCheck\n name: default\n properties:\n name: iap-bs-health-check\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\n iapSettings:\n type: gcp:iap:Settings\n name: iap_settings\n properties:\n name: projects/${project.number}/iap_web/compute-us-central1/services/${default.name}\n accessSettings:\n identitySources:\n - WORKFORCE_IDENTITY_FEDERATION\n allowedDomainsSettings:\n domains:\n - test.abc.com\n enable: true\n corsSettings:\n allowHttpOptions: true\n reauthSettings:\n method: SECURE_KEY\n maxAge: 305s\n policyType: MINIMUM\n gcipSettings:\n loginPageUri: https://test.com/?apiKey=abc\n oauthSettings:\n loginHint: test\n workforceIdentitySettings:\n workforcePools: wif-pool\n oauth2:\n clientId: test-client-id\n clientSecret: test-client-secret\n applicationSettings:\n cookieDomain: test.abc.com\n csmSettings:\n rctokenAud: test-aud-set\n accessDeniedPageSettings:\n accessDeniedPageUri: test-uri\n generateTroubleshootingUri: true\n remediationTokenGenerationEnabled: false\n attributePropagationSettings:\n outputCredentials:\n - HEADER\n expression: attributes.saml_attributes.filter(attribute, attribute.name in [\"test1\", \"test2\"])\n enable: false\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nSettings can be imported using any of these accepted formats:\n\n* `{{name}}/iapSettings`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Settings can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:iap/settings:Settings default {{name}}/iapSettings\n```\n\n```sh\n$ pulumi import gcp:iap/settings:Settings default {{name}}\n```\n\n", + "description": "IAP settings - manage IAP settings\n\n\nTo get more information about Settings, see:\n\n* [API documentation](https://cloud.google.com/iap/docs/reference/rest/v1/IapSettings)\n* How-to Guides\n * [Customizing IAP](https://cloud.google.com/iap/docs/customizing)\n\n\n\n## Example Usage\n\n### Iap Settings Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst defaultHealthCheck = new gcp.compute.HealthCheck(\"default\", {\n name: \"iap-bs-health-check\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst _default = new gcp.compute.RegionBackendService(\"default\", {\n name: \"iap-settings-tf\",\n region: \"us-central1\",\n healthChecks: defaultHealthCheck.id,\n connectionDrainingTimeoutSec: 10,\n sessionAffinity: \"CLIENT_IP\",\n});\nconst iapSettings = new gcp.iap.Settings(\"iap_settings\", {\n name: pulumi.all([project, _default.name]).apply(([project, name]) =\u003e `projects/${project.number}/iap_web/compute-us-central1/services/${name}`),\n accessSettings: {\n identitySources: [\"WORKFORCE_IDENTITY_FEDERATION\"],\n allowedDomainsSettings: {\n domains: [\"test.abc.com\"],\n enable: true,\n },\n corsSettings: {\n allowHttpOptions: true,\n },\n reauthSettings: {\n method: \"SECURE_KEY\",\n maxAge: \"305s\",\n policyType: \"MINIMUM\",\n },\n gcipSettings: {\n loginPageUri: \"https://test.com/?apiKey=abc\",\n },\n oauthSettings: {\n loginHint: \"test\",\n },\n workforceIdentitySettings: {\n workforcePools: \"wif-pool\",\n oauth2: {\n clientId: \"test-client-id\",\n clientSecret: \"test-client-secret\",\n },\n },\n },\n applicationSettings: {\n cookieDomain: \"test.abc.com\",\n csmSettings: {\n rctokenAud: \"test-aud-set\",\n },\n accessDeniedPageSettings: {\n accessDeniedPageUri: \"test-uri\",\n generateTroubleshootingUri: true,\n remediationTokenGenerationEnabled: false,\n },\n attributePropagationSettings: {\n outputCredentials: [\"HEADER\"],\n expression: \"attributes.saml_attributes.filter(attribute, attribute.name in [\\\"test1\\\", \\\"test2\\\"])\",\n enable: false,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ndefault_health_check = gcp.compute.HealthCheck(\"default\",\n name=\"iap-bs-health-check\",\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\ndefault = gcp.compute.RegionBackendService(\"default\",\n name=\"iap-settings-tf\",\n region=\"us-central1\",\n health_checks=default_health_check.id,\n connection_draining_timeout_sec=10,\n session_affinity=\"CLIENT_IP\")\niap_settings = gcp.iap.Settings(\"iap_settings\",\n name=default.name.apply(lambda name: f\"projects/{project.number}/iap_web/compute-us-central1/services/{name}\"),\n access_settings={\n \"identity_sources\": [\"WORKFORCE_IDENTITY_FEDERATION\"],\n \"allowed_domains_settings\": {\n \"domains\": [\"test.abc.com\"],\n \"enable\": True,\n },\n \"cors_settings\": {\n \"allow_http_options\": True,\n },\n \"reauth_settings\": {\n \"method\": \"SECURE_KEY\",\n \"max_age\": \"305s\",\n \"policy_type\": \"MINIMUM\",\n },\n \"gcip_settings\": {\n \"login_page_uri\": \"https://test.com/?apiKey=abc\",\n },\n \"oauth_settings\": {\n \"login_hint\": \"test\",\n },\n \"workforce_identity_settings\": {\n \"workforce_pools\": \"wif-pool\",\n \"oauth2\": {\n \"client_id\": \"test-client-id\",\n \"client_secret\": \"test-client-secret\",\n },\n },\n },\n application_settings={\n \"cookie_domain\": \"test.abc.com\",\n \"csm_settings\": {\n \"rctoken_aud\": \"test-aud-set\",\n },\n \"access_denied_page_settings\": {\n \"access_denied_page_uri\": \"test-uri\",\n \"generate_troubleshooting_uri\": True,\n \"remediation_token_generation_enabled\": False,\n },\n \"attribute_propagation_settings\": {\n \"output_credentials\": [\"HEADER\"],\n \"expression\": \"attributes.saml_attributes.filter(attribute, attribute.name in [\\\"test1\\\", \\\"test2\\\"])\",\n \"enable\": False,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var defaultHealthCheck = new Gcp.Compute.HealthCheck(\"default\", new()\n {\n Name = \"iap-bs-health-check\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var @default = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n Name = \"iap-settings-tf\",\n Region = \"us-central1\",\n HealthChecks = defaultHealthCheck.Id,\n ConnectionDrainingTimeoutSec = 10,\n SessionAffinity = \"CLIENT_IP\",\n });\n\n var iapSettings = new Gcp.Iap.Settings(\"iap_settings\", new()\n {\n Name = Output.Tuple(project, @default.Name).Apply(values =\u003e\n {\n var project = values.Item1;\n var name = values.Item2;\n return $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/iap_web/compute-us-central1/services/{name}\";\n }),\n AccessSettings = new Gcp.Iap.Inputs.SettingsAccessSettingsArgs\n {\n IdentitySources = new[]\n {\n \"WORKFORCE_IDENTITY_FEDERATION\",\n },\n AllowedDomainsSettings = new Gcp.Iap.Inputs.SettingsAccessSettingsAllowedDomainsSettingsArgs\n {\n Domains = new[]\n {\n \"test.abc.com\",\n },\n Enable = true,\n },\n CorsSettings = new Gcp.Iap.Inputs.SettingsAccessSettingsCorsSettingsArgs\n {\n AllowHttpOptions = true,\n },\n ReauthSettings = new Gcp.Iap.Inputs.SettingsAccessSettingsReauthSettingsArgs\n {\n Method = \"SECURE_KEY\",\n MaxAge = \"305s\",\n PolicyType = \"MINIMUM\",\n },\n GcipSettings = new Gcp.Iap.Inputs.SettingsAccessSettingsGcipSettingsArgs\n {\n LoginPageUri = \"https://test.com/?apiKey=abc\",\n },\n OauthSettings = new Gcp.Iap.Inputs.SettingsAccessSettingsOauthSettingsArgs\n {\n LoginHint = \"test\",\n },\n WorkforceIdentitySettings = new Gcp.Iap.Inputs.SettingsAccessSettingsWorkforceIdentitySettingsArgs\n {\n WorkforcePools = \"wif-pool\",\n Oauth2 = new Gcp.Iap.Inputs.SettingsAccessSettingsWorkforceIdentitySettingsOauth2Args\n {\n ClientId = \"test-client-id\",\n ClientSecret = \"test-client-secret\",\n },\n },\n },\n ApplicationSettings = new Gcp.Iap.Inputs.SettingsApplicationSettingsArgs\n {\n CookieDomain = \"test.abc.com\",\n CsmSettings = new Gcp.Iap.Inputs.SettingsApplicationSettingsCsmSettingsArgs\n {\n RctokenAud = \"test-aud-set\",\n },\n AccessDeniedPageSettings = new Gcp.Iap.Inputs.SettingsApplicationSettingsAccessDeniedPageSettingsArgs\n {\n AccessDeniedPageUri = \"test-uri\",\n GenerateTroubleshootingUri = true,\n RemediationTokenGenerationEnabled = false,\n },\n AttributePropagationSettings = new Gcp.Iap.Inputs.SettingsApplicationSettingsAttributePropagationSettingsArgs\n {\n OutputCredentials = new[]\n {\n \"HEADER\",\n },\n Expression = \"attributes.saml_attributes.filter(attribute, attribute.name in [\\\"test1\\\", \\\"test2\\\"])\",\n Enable = false,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultHealthCheck, err := compute.NewHealthCheck(ctx, \"default\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"iap-bs-health-check\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"iap-settings-tf\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHealthChecks: defaultHealthCheck.ID(),\n\t\t\tConnectionDrainingTimeoutSec: pulumi.Int(10),\n\t\t\tSessionAffinity: pulumi.String(\"CLIENT_IP\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewSettings(ctx, \"iap_settings\", \u0026iap.SettingsArgs{\n\t\t\tName: _default.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/%v/iap_web/compute-us-central1/services/%v\", project.Number, name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tAccessSettings: \u0026iap.SettingsAccessSettingsArgs{\n\t\t\t\tIdentitySources: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"WORKFORCE_IDENTITY_FEDERATION\"),\n\t\t\t\t},\n\t\t\t\tAllowedDomainsSettings: \u0026iap.SettingsAccessSettingsAllowedDomainsSettingsArgs{\n\t\t\t\t\tDomains: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"test.abc.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tEnable: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tCorsSettings: \u0026iap.SettingsAccessSettingsCorsSettingsArgs{\n\t\t\t\t\tAllowHttpOptions: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tReauthSettings: \u0026iap.SettingsAccessSettingsReauthSettingsArgs{\n\t\t\t\t\tMethod: pulumi.String(\"SECURE_KEY\"),\n\t\t\t\t\tMaxAge: pulumi.String(\"305s\"),\n\t\t\t\t\tPolicyType: pulumi.String(\"MINIMUM\"),\n\t\t\t\t},\n\t\t\t\tGcipSettings: \u0026iap.SettingsAccessSettingsGcipSettingsArgs{\n\t\t\t\t\tLoginPageUri: pulumi.String(\"https://test.com/?apiKey=abc\"),\n\t\t\t\t},\n\t\t\t\tOauthSettings: \u0026iap.SettingsAccessSettingsOauthSettingsArgs{\n\t\t\t\t\tLoginHint: pulumi.String(\"test\"),\n\t\t\t\t},\n\t\t\t\tWorkforceIdentitySettings: \u0026iap.SettingsAccessSettingsWorkforceIdentitySettingsArgs{\n\t\t\t\t\tWorkforcePools: pulumi.String(\"wif-pool\"),\n\t\t\t\t\tOauth2: \u0026iap.SettingsAccessSettingsWorkforceIdentitySettingsOauth2Args{\n\t\t\t\t\t\tClientId: pulumi.String(\"test-client-id\"),\n\t\t\t\t\t\tClientSecret: pulumi.String(\"test-client-secret\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tApplicationSettings: \u0026iap.SettingsApplicationSettingsArgs{\n\t\t\t\tCookieDomain: pulumi.String(\"test.abc.com\"),\n\t\t\t\tCsmSettings: \u0026iap.SettingsApplicationSettingsCsmSettingsArgs{\n\t\t\t\t\tRctokenAud: pulumi.String(\"test-aud-set\"),\n\t\t\t\t},\n\t\t\t\tAccessDeniedPageSettings: \u0026iap.SettingsApplicationSettingsAccessDeniedPageSettingsArgs{\n\t\t\t\t\tAccessDeniedPageUri: pulumi.String(\"test-uri\"),\n\t\t\t\t\tGenerateTroubleshootingUri: pulumi.Bool(true),\n\t\t\t\t\tRemediationTokenGenerationEnabled: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t\tAttributePropagationSettings: \u0026iap.SettingsApplicationSettingsAttributePropagationSettingsArgs{\n\t\t\t\t\tOutputCredentials: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"HEADER\"),\n\t\t\t\t\t},\n\t\t\t\t\tExpression: pulumi.String(\"attributes.saml_attributes.filter(attribute, attribute.name in [\\\"test1\\\", \\\"test2\\\"])\"),\n\t\t\t\t\tEnable: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.iap.Settings;\nimport com.pulumi.gcp.iap.SettingsArgs;\nimport com.pulumi.gcp.iap.inputs.SettingsAccessSettingsArgs;\nimport com.pulumi.gcp.iap.inputs.SettingsAccessSettingsAllowedDomainsSettingsArgs;\nimport com.pulumi.gcp.iap.inputs.SettingsAccessSettingsCorsSettingsArgs;\nimport com.pulumi.gcp.iap.inputs.SettingsAccessSettingsReauthSettingsArgs;\nimport com.pulumi.gcp.iap.inputs.SettingsAccessSettingsGcipSettingsArgs;\nimport com.pulumi.gcp.iap.inputs.SettingsAccessSettingsOauthSettingsArgs;\nimport com.pulumi.gcp.iap.inputs.SettingsAccessSettingsWorkforceIdentitySettingsArgs;\nimport com.pulumi.gcp.iap.inputs.SettingsAccessSettingsWorkforceIdentitySettingsOauth2Args;\nimport com.pulumi.gcp.iap.inputs.SettingsApplicationSettingsArgs;\nimport com.pulumi.gcp.iap.inputs.SettingsApplicationSettingsCsmSettingsArgs;\nimport com.pulumi.gcp.iap.inputs.SettingsApplicationSettingsAccessDeniedPageSettingsArgs;\nimport com.pulumi.gcp.iap.inputs.SettingsApplicationSettingsAttributePropagationSettingsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var defaultHealthCheck = new HealthCheck(\"defaultHealthCheck\", HealthCheckArgs.builder()\n .name(\"iap-bs-health-check\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n var default_ = new RegionBackendService(\"default\", RegionBackendServiceArgs.builder()\n .name(\"iap-settings-tf\")\n .region(\"us-central1\")\n .healthChecks(defaultHealthCheck.id())\n .connectionDrainingTimeoutSec(10)\n .sessionAffinity(\"CLIENT_IP\")\n .build());\n\n var iapSettings = new Settings(\"iapSettings\", SettingsArgs.builder()\n .name(default_.name().applyValue(name -\u003e String.format(\"projects/%s/iap_web/compute-us-central1/services/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number()),name)))\n .accessSettings(SettingsAccessSettingsArgs.builder()\n .identitySources(\"WORKFORCE_IDENTITY_FEDERATION\")\n .allowedDomainsSettings(SettingsAccessSettingsAllowedDomainsSettingsArgs.builder()\n .domains(\"test.abc.com\")\n .enable(true)\n .build())\n .corsSettings(SettingsAccessSettingsCorsSettingsArgs.builder()\n .allowHttpOptions(true)\n .build())\n .reauthSettings(SettingsAccessSettingsReauthSettingsArgs.builder()\n .method(\"SECURE_KEY\")\n .maxAge(\"305s\")\n .policyType(\"MINIMUM\")\n .build())\n .gcipSettings(SettingsAccessSettingsGcipSettingsArgs.builder()\n .loginPageUri(\"https://test.com/?apiKey=abc\")\n .build())\n .oauthSettings(SettingsAccessSettingsOauthSettingsArgs.builder()\n .loginHint(\"test\")\n .build())\n .workforceIdentitySettings(SettingsAccessSettingsWorkforceIdentitySettingsArgs.builder()\n .workforcePools(\"wif-pool\")\n .oauth2(SettingsAccessSettingsWorkforceIdentitySettingsOauth2Args.builder()\n .clientId(\"test-client-id\")\n .clientSecret(\"test-client-secret\")\n .build())\n .build())\n .build())\n .applicationSettings(SettingsApplicationSettingsArgs.builder()\n .cookieDomain(\"test.abc.com\")\n .csmSettings(SettingsApplicationSettingsCsmSettingsArgs.builder()\n .rctokenAud(\"test-aud-set\")\n .build())\n .accessDeniedPageSettings(SettingsApplicationSettingsAccessDeniedPageSettingsArgs.builder()\n .accessDeniedPageUri(\"test-uri\")\n .generateTroubleshootingUri(true)\n .remediationTokenGenerationEnabled(false)\n .build())\n .attributePropagationSettings(SettingsApplicationSettingsAttributePropagationSettingsArgs.builder()\n .outputCredentials(\"HEADER\")\n .expression(\"attributes.saml_attributes.filter(attribute, attribute.name in [\\\"test1\\\", \\\"test2\\\"])\")\n .enable(false)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionBackendService\n properties:\n name: iap-settings-tf\n region: us-central1\n healthChecks: ${defaultHealthCheck.id}\n connectionDrainingTimeoutSec: 10\n sessionAffinity: CLIENT_IP\n defaultHealthCheck:\n type: gcp:compute:HealthCheck\n name: default\n properties:\n name: iap-bs-health-check\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\n iapSettings:\n type: gcp:iap:Settings\n name: iap_settings\n properties:\n name: projects/${project.number}/iap_web/compute-us-central1/services/${default.name}\n accessSettings:\n identitySources:\n - WORKFORCE_IDENTITY_FEDERATION\n allowedDomainsSettings:\n domains:\n - test.abc.com\n enable: true\n corsSettings:\n allowHttpOptions: true\n reauthSettings:\n method: SECURE_KEY\n maxAge: 305s\n policyType: MINIMUM\n gcipSettings:\n loginPageUri: https://test.com/?apiKey=abc\n oauthSettings:\n loginHint: test\n workforceIdentitySettings:\n workforcePools: wif-pool\n oauth2:\n clientId: test-client-id\n clientSecret: test-client-secret\n applicationSettings:\n cookieDomain: test.abc.com\n csmSettings:\n rctokenAud: test-aud-set\n accessDeniedPageSettings:\n accessDeniedPageUri: test-uri\n generateTroubleshootingUri: true\n remediationTokenGenerationEnabled: false\n attributePropagationSettings:\n outputCredentials:\n - HEADER\n expression: attributes.saml_attributes.filter(attribute, attribute.name in [\"test1\", \"test2\"])\n enable: false\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nSettings can be imported using any of these accepted formats:\n\n* `{{name}}/iapSettings`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Settings can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:iap/settings:Settings default {{name}}/iapSettings\n```\n\n```sh\n$ pulumi import gcp:iap/settings:Settings default {{name}}\n```\n\n", "properties": { "accessSettings": { "$ref": "#/types/gcp:iap/SettingsAccessSettings:SettingsAccessSettings", @@ -225725,7 +225725,7 @@ } }, "gcp:iap/tunnelDestGroupIamBinding:TunnelDestGroupIamBinding": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelDestGroup. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Authoritative. Sets the IAM policy for the tunneldestgroup and replaces any existing policy already attached.\n* `gcp.iap.TunnelDestGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunneldestgroup are preserved.\n* `gcp.iap.TunnelDestGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunneldestgroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Retrieves the IAM policy for the tunneldestgroup\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelDestGroupIamBinding` and `gcp.iap.TunnelDestGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelDestGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelDestGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelDestGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelDestGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy TunnelDestGroup\nThree different resources help you manage your IAM policy for Identity-Aware Proxy TunnelDestGroup. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Authoritative. Sets the IAM policy for the tunneldestgroup and replaces any existing policy already attached.\n* `gcp.iap.TunnelDestGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunneldestgroup are preserved.\n* `gcp.iap.TunnelDestGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunneldestgroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Retrieves the IAM policy for the tunneldestgroup\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelDestGroupIamBinding` and `gcp.iap.TunnelDestGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelDestGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelDestGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelDestGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelDestGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n\n* {{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n\n* {{project}}/{{region}}/{{dest_group}}\n\n* {{region}}/{{dest_group}}\n\n* {{dest_group}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunneldestgroup IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamBinding:TunnelDestGroupIamBinding editor \"projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}} roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamBinding:TunnelDestGroupIamBinding editor \"projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}} roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamBinding:TunnelDestGroupIamBinding editor projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelDestGroup. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Authoritative. Sets the IAM policy for the tunneldestgroup and replaces any existing policy already attached.\n* `gcp.iap.TunnelDestGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunneldestgroup are preserved.\n* `gcp.iap.TunnelDestGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunneldestgroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Retrieves the IAM policy for the tunneldestgroup\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelDestGroupIamBinding` and `gcp.iap.TunnelDestGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelDestGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelDestGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelDestGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelDestGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy TunnelDestGroup\nThree different resources help you manage your IAM policy for Identity-Aware Proxy TunnelDestGroup. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Authoritative. Sets the IAM policy for the tunneldestgroup and replaces any existing policy already attached.\n* `gcp.iap.TunnelDestGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunneldestgroup are preserved.\n* `gcp.iap.TunnelDestGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunneldestgroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Retrieves the IAM policy for the tunneldestgroup\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelDestGroupIamBinding` and `gcp.iap.TunnelDestGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelDestGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelDestGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelDestGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelDestGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n\n* {{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n\n* {{project}}/{{region}}/{{dest_group}}\n\n* {{region}}/{{dest_group}}\n\n* {{dest_group}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunneldestgroup IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamBinding:TunnelDestGroupIamBinding editor \"projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}} roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamBinding:TunnelDestGroupIamBinding editor \"projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}} roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamBinding:TunnelDestGroupIamBinding editor projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:iap/TunnelDestGroupIamBindingCondition:TunnelDestGroupIamBindingCondition", @@ -225847,7 +225847,7 @@ } }, "gcp:iap/tunnelDestGroupIamMember:TunnelDestGroupIamMember": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelDestGroup. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Authoritative. Sets the IAM policy for the tunneldestgroup and replaces any existing policy already attached.\n* `gcp.iap.TunnelDestGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunneldestgroup are preserved.\n* `gcp.iap.TunnelDestGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunneldestgroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Retrieves the IAM policy for the tunneldestgroup\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelDestGroupIamBinding` and `gcp.iap.TunnelDestGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelDestGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelDestGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelDestGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelDestGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy TunnelDestGroup\nThree different resources help you manage your IAM policy for Identity-Aware Proxy TunnelDestGroup. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Authoritative. Sets the IAM policy for the tunneldestgroup and replaces any existing policy already attached.\n* `gcp.iap.TunnelDestGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunneldestgroup are preserved.\n* `gcp.iap.TunnelDestGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunneldestgroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Retrieves the IAM policy for the tunneldestgroup\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelDestGroupIamBinding` and `gcp.iap.TunnelDestGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelDestGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelDestGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelDestGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelDestGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n\n* {{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n\n* {{project}}/{{region}}/{{dest_group}}\n\n* {{region}}/{{dest_group}}\n\n* {{dest_group}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunneldestgroup IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamMember:TunnelDestGroupIamMember editor \"projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}} roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamMember:TunnelDestGroupIamMember editor \"projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}} roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamMember:TunnelDestGroupIamMember editor projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelDestGroup. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Authoritative. Sets the IAM policy for the tunneldestgroup and replaces any existing policy already attached.\n* `gcp.iap.TunnelDestGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunneldestgroup are preserved.\n* `gcp.iap.TunnelDestGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunneldestgroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Retrieves the IAM policy for the tunneldestgroup\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelDestGroupIamBinding` and `gcp.iap.TunnelDestGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelDestGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelDestGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelDestGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelDestGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy TunnelDestGroup\nThree different resources help you manage your IAM policy for Identity-Aware Proxy TunnelDestGroup. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Authoritative. Sets the IAM policy for the tunneldestgroup and replaces any existing policy already attached.\n* `gcp.iap.TunnelDestGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunneldestgroup are preserved.\n* `gcp.iap.TunnelDestGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunneldestgroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Retrieves the IAM policy for the tunneldestgroup\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelDestGroupIamBinding` and `gcp.iap.TunnelDestGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelDestGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelDestGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelDestGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelDestGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n\n* {{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n\n* {{project}}/{{region}}/{{dest_group}}\n\n* {{region}}/{{dest_group}}\n\n* {{dest_group}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunneldestgroup IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamMember:TunnelDestGroupIamMember editor \"projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}} roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamMember:TunnelDestGroupIamMember editor \"projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}} roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamMember:TunnelDestGroupIamMember editor projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:iap/TunnelDestGroupIamMemberCondition:TunnelDestGroupIamMemberCondition", @@ -225962,7 +225962,7 @@ } }, "gcp:iap/tunnelDestGroupIamPolicy:TunnelDestGroupIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelDestGroup. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Authoritative. Sets the IAM policy for the tunneldestgroup and replaces any existing policy already attached.\n* `gcp.iap.TunnelDestGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunneldestgroup are preserved.\n* `gcp.iap.TunnelDestGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunneldestgroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Retrieves the IAM policy for the tunneldestgroup\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelDestGroupIamBinding` and `gcp.iap.TunnelDestGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelDestGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelDestGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelDestGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelDestGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy TunnelDestGroup\nThree different resources help you manage your IAM policy for Identity-Aware Proxy TunnelDestGroup. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Authoritative. Sets the IAM policy for the tunneldestgroup and replaces any existing policy already attached.\n* `gcp.iap.TunnelDestGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunneldestgroup are preserved.\n* `gcp.iap.TunnelDestGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunneldestgroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Retrieves the IAM policy for the tunneldestgroup\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelDestGroupIamBinding` and `gcp.iap.TunnelDestGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelDestGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelDestGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelDestGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelDestGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n\n* {{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n\n* {{project}}/{{region}}/{{dest_group}}\n\n* {{region}}/{{dest_group}}\n\n* {{dest_group}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunneldestgroup IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamPolicy:TunnelDestGroupIamPolicy editor \"projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}} roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamPolicy:TunnelDestGroupIamPolicy editor \"projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}} roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamPolicy:TunnelDestGroupIamPolicy editor projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelDestGroup. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Authoritative. Sets the IAM policy for the tunneldestgroup and replaces any existing policy already attached.\n* `gcp.iap.TunnelDestGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunneldestgroup are preserved.\n* `gcp.iap.TunnelDestGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunneldestgroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Retrieves the IAM policy for the tunneldestgroup\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelDestGroupIamBinding` and `gcp.iap.TunnelDestGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelDestGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelDestGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelDestGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelDestGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy TunnelDestGroup\nThree different resources help you manage your IAM policy for Identity-Aware Proxy TunnelDestGroup. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Authoritative. Sets the IAM policy for the tunneldestgroup and replaces any existing policy already attached.\n* `gcp.iap.TunnelDestGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunneldestgroup are preserved.\n* `gcp.iap.TunnelDestGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunneldestgroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Retrieves the IAM policy for the tunneldestgroup\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelDestGroupIamBinding` and `gcp.iap.TunnelDestGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelDestGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelDestGroupIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelDestGroupIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelDestGroupIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n\n* {{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n\n* {{project}}/{{region}}/{{dest_group}}\n\n* {{region}}/{{dest_group}}\n\n* {{dest_group}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunneldestgroup IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamPolicy:TunnelDestGroupIamPolicy editor \"projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}} roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamPolicy:TunnelDestGroupIamPolicy editor \"projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}} roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamPolicy:TunnelDestGroupIamPolicy editor projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "destGroup": { "type": "string" @@ -226045,7 +226045,7 @@ } }, "gcp:iap/tunnelIamBinding:TunnelIamBinding": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy Tunnel. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelIamPolicy`: Authoritative. Sets the IAM policy for the tunnel and replaces any existing policy already attached.\n* `gcp.iap.TunnelIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnel are preserved.\n* `gcp.iap.TunnelIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnel are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelIamPolicy`: Retrieves the IAM policy for the tunnel\n\n\u003e **Note:** `gcp.iap.TunnelIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelIamBinding` and `gcp.iap.TunnelIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy Tunnel\nThree different resources help you manage your IAM policy for Identity-Aware Proxy Tunnel. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelIamPolicy`: Authoritative. Sets the IAM policy for the tunnel and replaces any existing policy already attached.\n* `gcp.iap.TunnelIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnel are preserved.\n* `gcp.iap.TunnelIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnel are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelIamPolicy`: Retrieves the IAM policy for the tunnel\n\n\u003e **Note:** `gcp.iap.TunnelIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelIamBinding` and `gcp.iap.TunnelIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunnel IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamBinding:TunnelIamBinding editor \"projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamBinding:TunnelIamBinding editor \"projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamBinding:TunnelIamBinding editor projects/{{project}}/iap_tunnel\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy Tunnel. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelIamPolicy`: Authoritative. Sets the IAM policy for the tunnel and replaces any existing policy already attached.\n* `gcp.iap.TunnelIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnel are preserved.\n* `gcp.iap.TunnelIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnel are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelIamPolicy`: Retrieves the IAM policy for the tunnel\n\n\u003e **Note:** `gcp.iap.TunnelIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelIamBinding` and `gcp.iap.TunnelIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy Tunnel\nThree different resources help you manage your IAM policy for Identity-Aware Proxy Tunnel. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelIamPolicy`: Authoritative. Sets the IAM policy for the tunnel and replaces any existing policy already attached.\n* `gcp.iap.TunnelIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnel are preserved.\n* `gcp.iap.TunnelIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnel are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelIamPolicy`: Retrieves the IAM policy for the tunnel\n\n\u003e **Note:** `gcp.iap.TunnelIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelIamBinding` and `gcp.iap.TunnelIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunnel IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamBinding:TunnelIamBinding editor \"projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamBinding:TunnelIamBinding editor \"projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamBinding:TunnelIamBinding editor projects/{{project}}/iap_tunnel\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:iap/TunnelIamBindingCondition:TunnelIamBindingCondition", @@ -226139,7 +226139,7 @@ } }, "gcp:iap/tunnelIamMember:TunnelIamMember": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy Tunnel. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelIamPolicy`: Authoritative. Sets the IAM policy for the tunnel and replaces any existing policy already attached.\n* `gcp.iap.TunnelIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnel are preserved.\n* `gcp.iap.TunnelIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnel are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelIamPolicy`: Retrieves the IAM policy for the tunnel\n\n\u003e **Note:** `gcp.iap.TunnelIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelIamBinding` and `gcp.iap.TunnelIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy Tunnel\nThree different resources help you manage your IAM policy for Identity-Aware Proxy Tunnel. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelIamPolicy`: Authoritative. Sets the IAM policy for the tunnel and replaces any existing policy already attached.\n* `gcp.iap.TunnelIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnel are preserved.\n* `gcp.iap.TunnelIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnel are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelIamPolicy`: Retrieves the IAM policy for the tunnel\n\n\u003e **Note:** `gcp.iap.TunnelIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelIamBinding` and `gcp.iap.TunnelIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunnel IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamMember:TunnelIamMember editor \"projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamMember:TunnelIamMember editor \"projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamMember:TunnelIamMember editor projects/{{project}}/iap_tunnel\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy Tunnel. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelIamPolicy`: Authoritative. Sets the IAM policy for the tunnel and replaces any existing policy already attached.\n* `gcp.iap.TunnelIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnel are preserved.\n* `gcp.iap.TunnelIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnel are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelIamPolicy`: Retrieves the IAM policy for the tunnel\n\n\u003e **Note:** `gcp.iap.TunnelIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelIamBinding` and `gcp.iap.TunnelIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy Tunnel\nThree different resources help you manage your IAM policy for Identity-Aware Proxy Tunnel. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelIamPolicy`: Authoritative. Sets the IAM policy for the tunnel and replaces any existing policy already attached.\n* `gcp.iap.TunnelIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnel are preserved.\n* `gcp.iap.TunnelIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnel are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelIamPolicy`: Retrieves the IAM policy for the tunnel\n\n\u003e **Note:** `gcp.iap.TunnelIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelIamBinding` and `gcp.iap.TunnelIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunnel IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamMember:TunnelIamMember editor \"projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamMember:TunnelIamMember editor \"projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamMember:TunnelIamMember editor projects/{{project}}/iap_tunnel\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:iap/TunnelIamMemberCondition:TunnelIamMemberCondition", @@ -226226,7 +226226,7 @@ } }, "gcp:iap/tunnelIamPolicy:TunnelIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy Tunnel. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelIamPolicy`: Authoritative. Sets the IAM policy for the tunnel and replaces any existing policy already attached.\n* `gcp.iap.TunnelIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnel are preserved.\n* `gcp.iap.TunnelIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnel are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelIamPolicy`: Retrieves the IAM policy for the tunnel\n\n\u003e **Note:** `gcp.iap.TunnelIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelIamBinding` and `gcp.iap.TunnelIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy Tunnel\nThree different resources help you manage your IAM policy for Identity-Aware Proxy Tunnel. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelIamPolicy`: Authoritative. Sets the IAM policy for the tunnel and replaces any existing policy already attached.\n* `gcp.iap.TunnelIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnel are preserved.\n* `gcp.iap.TunnelIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnel are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelIamPolicy`: Retrieves the IAM policy for the tunnel\n\n\u003e **Note:** `gcp.iap.TunnelIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelIamBinding` and `gcp.iap.TunnelIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunnel IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamPolicy:TunnelIamPolicy editor \"projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamPolicy:TunnelIamPolicy editor \"projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamPolicy:TunnelIamPolicy editor projects/{{project}}/iap_tunnel\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy Tunnel. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelIamPolicy`: Authoritative. Sets the IAM policy for the tunnel and replaces any existing policy already attached.\n* `gcp.iap.TunnelIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnel are preserved.\n* `gcp.iap.TunnelIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnel are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelIamPolicy`: Retrieves the IAM policy for the tunnel\n\n\u003e **Note:** `gcp.iap.TunnelIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelIamBinding` and `gcp.iap.TunnelIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy Tunnel\nThree different resources help you manage your IAM policy for Identity-Aware Proxy Tunnel. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelIamPolicy`: Authoritative. Sets the IAM policy for the tunnel and replaces any existing policy already attached.\n* `gcp.iap.TunnelIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnel are preserved.\n* `gcp.iap.TunnelIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnel are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelIamPolicy`: Retrieves the IAM policy for the tunnel\n\n\u003e **Note:** `gcp.iap.TunnelIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelIamBinding` and `gcp.iap.TunnelIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunnel IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamPolicy:TunnelIamPolicy editor \"projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamPolicy:TunnelIamPolicy editor \"projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamPolicy:TunnelIamPolicy editor projects/{{project}}/iap_tunnel\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -226281,7 +226281,7 @@ } }, "gcp:iap/tunnelInstanceIAMBinding:TunnelInstanceIAMBinding": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached.\n* `gcp.iap.TunnelInstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved.\n* `gcp.iap.TunnelInstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Retrieves the IAM policy for the tunnelinstance\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelInstanceIAMBinding` and `gcp.iap.TunnelInstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMBinding` resources **can be** used in conjunction with `gcp.iap.TunnelInstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelInstanceIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelInstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelInstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy TunnelInstance\nThree different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached.\n* `gcp.iap.TunnelInstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved.\n* `gcp.iap.TunnelInstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Retrieves the IAM policy for the tunnelinstance\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelInstanceIAMBinding` and `gcp.iap.TunnelInstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMBinding` resources **can be** used in conjunction with `gcp.iap.TunnelInstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelInstanceIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelInstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelInstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{name}}\n\n* projects/{{project}}/zones/{{zone}}/instances/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunnelinstance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMBinding:TunnelInstanceIAMBinding editor \"projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMBinding:TunnelInstanceIAMBinding editor \"projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMBinding:TunnelInstanceIAMBinding editor projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached.\n* `gcp.iap.TunnelInstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved.\n* `gcp.iap.TunnelInstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Retrieves the IAM policy for the tunnelinstance\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelInstanceIAMBinding` and `gcp.iap.TunnelInstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMBinding` resources **can be** used in conjunction with `gcp.iap.TunnelInstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelInstanceIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelInstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelInstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy TunnelInstance\nThree different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached.\n* `gcp.iap.TunnelInstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved.\n* `gcp.iap.TunnelInstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Retrieves the IAM policy for the tunnelinstance\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelInstanceIAMBinding` and `gcp.iap.TunnelInstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMBinding` resources **can be** used in conjunction with `gcp.iap.TunnelInstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelInstanceIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelInstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelInstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{name}}\n\n* projects/{{project}}/zones/{{zone}}/instances/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunnelinstance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMBinding:TunnelInstanceIAMBinding editor \"projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMBinding:TunnelInstanceIAMBinding editor \"projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMBinding:TunnelInstanceIAMBinding editor projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:iap/TunnelInstanceIAMBindingCondition:TunnelInstanceIAMBindingCondition", @@ -226403,7 +226403,7 @@ } }, "gcp:iap/tunnelInstanceIAMMember:TunnelInstanceIAMMember": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached.\n* `gcp.iap.TunnelInstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved.\n* `gcp.iap.TunnelInstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Retrieves the IAM policy for the tunnelinstance\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelInstanceIAMBinding` and `gcp.iap.TunnelInstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMBinding` resources **can be** used in conjunction with `gcp.iap.TunnelInstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelInstanceIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelInstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelInstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy TunnelInstance\nThree different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached.\n* `gcp.iap.TunnelInstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved.\n* `gcp.iap.TunnelInstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Retrieves the IAM policy for the tunnelinstance\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelInstanceIAMBinding` and `gcp.iap.TunnelInstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMBinding` resources **can be** used in conjunction with `gcp.iap.TunnelInstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelInstanceIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelInstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelInstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{name}}\n\n* projects/{{project}}/zones/{{zone}}/instances/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunnelinstance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMMember:TunnelInstanceIAMMember editor \"projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMMember:TunnelInstanceIAMMember editor \"projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMMember:TunnelInstanceIAMMember editor projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached.\n* `gcp.iap.TunnelInstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved.\n* `gcp.iap.TunnelInstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Retrieves the IAM policy for the tunnelinstance\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelInstanceIAMBinding` and `gcp.iap.TunnelInstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMBinding` resources **can be** used in conjunction with `gcp.iap.TunnelInstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelInstanceIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelInstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelInstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy TunnelInstance\nThree different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached.\n* `gcp.iap.TunnelInstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved.\n* `gcp.iap.TunnelInstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Retrieves the IAM policy for the tunnelinstance\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelInstanceIAMBinding` and `gcp.iap.TunnelInstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMBinding` resources **can be** used in conjunction with `gcp.iap.TunnelInstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelInstanceIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelInstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelInstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{name}}\n\n* projects/{{project}}/zones/{{zone}}/instances/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunnelinstance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMMember:TunnelInstanceIAMMember editor \"projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMMember:TunnelInstanceIAMMember editor \"projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMMember:TunnelInstanceIAMMember editor projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:iap/TunnelInstanceIAMMemberCondition:TunnelInstanceIAMMemberCondition", @@ -226518,7 +226518,7 @@ } }, "gcp:iap/tunnelInstanceIAMPolicy:TunnelInstanceIAMPolicy": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached.\n* `gcp.iap.TunnelInstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved.\n* `gcp.iap.TunnelInstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Retrieves the IAM policy for the tunnelinstance\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelInstanceIAMBinding` and `gcp.iap.TunnelInstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMBinding` resources **can be** used in conjunction with `gcp.iap.TunnelInstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelInstanceIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelInstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelInstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy TunnelInstance\nThree different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached.\n* `gcp.iap.TunnelInstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved.\n* `gcp.iap.TunnelInstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Retrieves the IAM policy for the tunnelinstance\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelInstanceIAMBinding` and `gcp.iap.TunnelInstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMBinding` resources **can be** used in conjunction with `gcp.iap.TunnelInstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelInstanceIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelInstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelInstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{name}}\n\n* projects/{{project}}/zones/{{zone}}/instances/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunnelinstance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMPolicy:TunnelInstanceIAMPolicy editor \"projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMPolicy:TunnelInstanceIAMPolicy editor \"projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMPolicy:TunnelInstanceIAMPolicy editor projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached.\n* `gcp.iap.TunnelInstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved.\n* `gcp.iap.TunnelInstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Retrieves the IAM policy for the tunnelinstance\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelInstanceIAMBinding` and `gcp.iap.TunnelInstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMBinding` resources **can be** used in conjunction with `gcp.iap.TunnelInstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelInstanceIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelInstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelInstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy TunnelInstance\nThree different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached.\n* `gcp.iap.TunnelInstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved.\n* `gcp.iap.TunnelInstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Retrieves the IAM policy for the tunnelinstance\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelInstanceIAMBinding` and `gcp.iap.TunnelInstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMBinding` resources **can be** used in conjunction with `gcp.iap.TunnelInstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.TunnelInstanceIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.tunnelResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelInstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.TunnelInstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{name}}\n\n* projects/{{project}}/zones/{{zone}}/instances/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunnelinstance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMPolicy:TunnelInstanceIAMPolicy editor \"projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMPolicy:TunnelInstanceIAMPolicy editor \"projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMPolicy:TunnelInstanceIAMPolicy editor projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -226601,7 +226601,7 @@ } }, "gcp:iap/webBackendServiceIamBinding:WebBackendServiceIamBinding": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved.\n* `gcp.iap.WebBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Retrieves the IAM policy for the webbackendservice\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebBackendServiceIamBinding` and `gcp.iap.WebBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebBackendServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebBackendServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebBackendServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy WebBackendService\nThree different resources help you manage your IAM policy for Identity-Aware Proxy WebBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved.\n* `gcp.iap.WebBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Retrieves the IAM policy for the webbackendservice\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebBackendServiceIamBinding` and `gcp.iap.WebBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebBackendServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebBackendServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebBackendServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute/services/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webbackendservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamBinding:WebBackendServiceIamBinding editor \"projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamBinding:WebBackendServiceIamBinding editor \"projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamBinding:WebBackendServiceIamBinding editor projects/{{project}}/iap_web/compute/services/{{web_backend_service}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved.\n* `gcp.iap.WebBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Retrieves the IAM policy for the webbackendservice\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebBackendServiceIamBinding` and `gcp.iap.WebBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebBackendServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebBackendServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebBackendServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy WebBackendService\nThree different resources help you manage your IAM policy for Identity-Aware Proxy WebBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved.\n* `gcp.iap.WebBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Retrieves the IAM policy for the webbackendservice\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebBackendServiceIamBinding` and `gcp.iap.WebBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebBackendServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebBackendServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebBackendServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute/services/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webbackendservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamBinding:WebBackendServiceIamBinding editor \"projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamBinding:WebBackendServiceIamBinding editor \"projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamBinding:WebBackendServiceIamBinding editor projects/{{project}}/iap_web/compute/services/{{web_backend_service}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:iap/WebBackendServiceIamBindingCondition:WebBackendServiceIamBindingCondition", @@ -226711,7 +226711,7 @@ } }, "gcp:iap/webBackendServiceIamMember:WebBackendServiceIamMember": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved.\n* `gcp.iap.WebBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Retrieves the IAM policy for the webbackendservice\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebBackendServiceIamBinding` and `gcp.iap.WebBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebBackendServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebBackendServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebBackendServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy WebBackendService\nThree different resources help you manage your IAM policy for Identity-Aware Proxy WebBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved.\n* `gcp.iap.WebBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Retrieves the IAM policy for the webbackendservice\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebBackendServiceIamBinding` and `gcp.iap.WebBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebBackendServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebBackendServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebBackendServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute/services/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webbackendservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamMember:WebBackendServiceIamMember editor \"projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamMember:WebBackendServiceIamMember editor \"projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamMember:WebBackendServiceIamMember editor projects/{{project}}/iap_web/compute/services/{{web_backend_service}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved.\n* `gcp.iap.WebBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Retrieves the IAM policy for the webbackendservice\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebBackendServiceIamBinding` and `gcp.iap.WebBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebBackendServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebBackendServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebBackendServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy WebBackendService\nThree different resources help you manage your IAM policy for Identity-Aware Proxy WebBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved.\n* `gcp.iap.WebBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Retrieves the IAM policy for the webbackendservice\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebBackendServiceIamBinding` and `gcp.iap.WebBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebBackendServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebBackendServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebBackendServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute/services/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webbackendservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamMember:WebBackendServiceIamMember editor \"projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamMember:WebBackendServiceIamMember editor \"projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamMember:WebBackendServiceIamMember editor projects/{{project}}/iap_web/compute/services/{{web_backend_service}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:iap/WebBackendServiceIamMemberCondition:WebBackendServiceIamMemberCondition", @@ -226814,7 +226814,7 @@ } }, "gcp:iap/webBackendServiceIamPolicy:WebBackendServiceIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved.\n* `gcp.iap.WebBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Retrieves the IAM policy for the webbackendservice\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebBackendServiceIamBinding` and `gcp.iap.WebBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebBackendServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebBackendServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebBackendServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy WebBackendService\nThree different resources help you manage your IAM policy for Identity-Aware Proxy WebBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved.\n* `gcp.iap.WebBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Retrieves the IAM policy for the webbackendservice\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebBackendServiceIamBinding` and `gcp.iap.WebBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebBackendServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebBackendServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebBackendServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute/services/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webbackendservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamPolicy:WebBackendServiceIamPolicy editor \"projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamPolicy:WebBackendServiceIamPolicy editor \"projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamPolicy:WebBackendServiceIamPolicy editor projects/{{project}}/iap_web/compute/services/{{web_backend_service}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved.\n* `gcp.iap.WebBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Retrieves the IAM policy for the webbackendservice\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebBackendServiceIamBinding` and `gcp.iap.WebBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebBackendServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebBackendServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebBackendServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy WebBackendService\nThree different resources help you manage your IAM policy for Identity-Aware Proxy WebBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved.\n* `gcp.iap.WebBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Retrieves the IAM policy for the webbackendservice\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebBackendServiceIamBinding` and `gcp.iap.WebBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebBackendServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebBackendServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebBackendServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute/services/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webbackendservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamPolicy:WebBackendServiceIamPolicy editor \"projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamPolicy:WebBackendServiceIamPolicy editor \"projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamPolicy:WebBackendServiceIamPolicy editor projects/{{project}}/iap_web/compute/services/{{web_backend_service}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -226885,7 +226885,7 @@ } }, "gcp:iap/webIamBinding:WebIamBinding": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:\n\n* `gcp.iap.WebIamPolicy`: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached.\n* `gcp.iap.WebIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved.\n* `gcp.iap.WebIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebIamPolicy`: Retrieves the IAM policy for the web\n\n\u003e **Note:** `gcp.iap.WebIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebIamBinding` and `gcp.iap.WebIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebIamBinding` resources **can be** used in conjunction with `gcp.iap.WebIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy Web\nThree different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:\n\n* `gcp.iap.WebIamPolicy`: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached.\n* `gcp.iap.WebIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved.\n* `gcp.iap.WebIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebIamPolicy`: Retrieves the IAM policy for the web\n\n\u003e **Note:** `gcp.iap.WebIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebIamBinding` and `gcp.iap.WebIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebIamBinding` resources **can be** used in conjunction with `gcp.iap.WebIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy web IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamBinding:WebIamBinding editor \"projects/{{project}}/iap_web roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamBinding:WebIamBinding editor \"projects/{{project}}/iap_web roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamBinding:WebIamBinding editor projects/{{project}}/iap_web\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:\n\n* `gcp.iap.WebIamPolicy`: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached.\n* `gcp.iap.WebIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved.\n* `gcp.iap.WebIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebIamPolicy`: Retrieves the IAM policy for the web\n\n\u003e **Note:** `gcp.iap.WebIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebIamBinding` and `gcp.iap.WebIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebIamBinding` resources **can be** used in conjunction with `gcp.iap.WebIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy Web\nThree different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:\n\n* `gcp.iap.WebIamPolicy`: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached.\n* `gcp.iap.WebIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved.\n* `gcp.iap.WebIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebIamPolicy`: Retrieves the IAM policy for the web\n\n\u003e **Note:** `gcp.iap.WebIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebIamBinding` and `gcp.iap.WebIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebIamBinding` resources **can be** used in conjunction with `gcp.iap.WebIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy web IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamBinding:WebIamBinding editor \"projects/{{project}}/iap_web roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamBinding:WebIamBinding editor \"projects/{{project}}/iap_web roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamBinding:WebIamBinding editor projects/{{project}}/iap_web\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:iap/WebIamBindingCondition:WebIamBindingCondition", @@ -226979,7 +226979,7 @@ } }, "gcp:iap/webIamMember:WebIamMember": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:\n\n* `gcp.iap.WebIamPolicy`: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached.\n* `gcp.iap.WebIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved.\n* `gcp.iap.WebIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebIamPolicy`: Retrieves the IAM policy for the web\n\n\u003e **Note:** `gcp.iap.WebIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebIamBinding` and `gcp.iap.WebIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebIamBinding` resources **can be** used in conjunction with `gcp.iap.WebIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy Web\nThree different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:\n\n* `gcp.iap.WebIamPolicy`: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached.\n* `gcp.iap.WebIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved.\n* `gcp.iap.WebIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebIamPolicy`: Retrieves the IAM policy for the web\n\n\u003e **Note:** `gcp.iap.WebIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebIamBinding` and `gcp.iap.WebIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebIamBinding` resources **can be** used in conjunction with `gcp.iap.WebIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy web IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamMember:WebIamMember editor \"projects/{{project}}/iap_web roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamMember:WebIamMember editor \"projects/{{project}}/iap_web roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamMember:WebIamMember editor projects/{{project}}/iap_web\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:\n\n* `gcp.iap.WebIamPolicy`: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached.\n* `gcp.iap.WebIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved.\n* `gcp.iap.WebIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebIamPolicy`: Retrieves the IAM policy for the web\n\n\u003e **Note:** `gcp.iap.WebIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebIamBinding` and `gcp.iap.WebIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebIamBinding` resources **can be** used in conjunction with `gcp.iap.WebIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy Web\nThree different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:\n\n* `gcp.iap.WebIamPolicy`: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached.\n* `gcp.iap.WebIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved.\n* `gcp.iap.WebIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebIamPolicy`: Retrieves the IAM policy for the web\n\n\u003e **Note:** `gcp.iap.WebIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebIamBinding` and `gcp.iap.WebIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebIamBinding` resources **can be** used in conjunction with `gcp.iap.WebIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy web IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamMember:WebIamMember editor \"projects/{{project}}/iap_web roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamMember:WebIamMember editor \"projects/{{project}}/iap_web roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamMember:WebIamMember editor projects/{{project}}/iap_web\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:iap/WebIamMemberCondition:WebIamMemberCondition", @@ -227066,7 +227066,7 @@ } }, "gcp:iap/webIamPolicy:WebIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:\n\n* `gcp.iap.WebIamPolicy`: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached.\n* `gcp.iap.WebIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved.\n* `gcp.iap.WebIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebIamPolicy`: Retrieves the IAM policy for the web\n\n\u003e **Note:** `gcp.iap.WebIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebIamBinding` and `gcp.iap.WebIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebIamBinding` resources **can be** used in conjunction with `gcp.iap.WebIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy Web\nThree different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:\n\n* `gcp.iap.WebIamPolicy`: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached.\n* `gcp.iap.WebIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved.\n* `gcp.iap.WebIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebIamPolicy`: Retrieves the IAM policy for the web\n\n\u003e **Note:** `gcp.iap.WebIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebIamBinding` and `gcp.iap.WebIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebIamBinding` resources **can be** used in conjunction with `gcp.iap.WebIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy web IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamPolicy:WebIamPolicy editor \"projects/{{project}}/iap_web roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamPolicy:WebIamPolicy editor \"projects/{{project}}/iap_web roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamPolicy:WebIamPolicy editor projects/{{project}}/iap_web\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:\n\n* `gcp.iap.WebIamPolicy`: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached.\n* `gcp.iap.WebIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved.\n* `gcp.iap.WebIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebIamPolicy`: Retrieves the IAM policy for the web\n\n\u003e **Note:** `gcp.iap.WebIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebIamBinding` and `gcp.iap.WebIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebIamBinding` resources **can be** used in conjunction with `gcp.iap.WebIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy Web\nThree different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:\n\n* `gcp.iap.WebIamPolicy`: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached.\n* `gcp.iap.WebIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved.\n* `gcp.iap.WebIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebIamPolicy`: Retrieves the IAM policy for the web\n\n\u003e **Note:** `gcp.iap.WebIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebIamBinding` and `gcp.iap.WebIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebIamBinding` resources **can be** used in conjunction with `gcp.iap.WebIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy web IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamPolicy:WebIamPolicy editor \"projects/{{project}}/iap_web roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamPolicy:WebIamPolicy editor \"projects/{{project}}/iap_web roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamPolicy:WebIamPolicy editor projects/{{project}}/iap_web\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -227121,7 +227121,7 @@ } }, "gcp:iap/webRegionBackendServiceIamBinding:WebRegionBackendServiceIamBinding": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebRegionBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webregionbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebRegionBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webregionbackendservice are preserved.\n* `gcp.iap.WebRegionBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webregionbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Retrieves the IAM policy for the webregionbackendservice\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebRegionBackendServiceIamBinding` and `gcp.iap.WebRegionBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebRegionBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebRegionBackendServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebRegionBackendServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebRegionBackendServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy WebRegionBackendService\nThree different resources help you manage your IAM policy for Identity-Aware Proxy WebRegionBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webregionbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebRegionBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webregionbackendservice are preserved.\n* `gcp.iap.WebRegionBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webregionbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Retrieves the IAM policy for the webregionbackendservice\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebRegionBackendServiceIamBinding` and `gcp.iap.WebRegionBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebRegionBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebRegionBackendServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebRegionBackendServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebRegionBackendServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute-{{region}}/services/{{name}}\n\n* {{project}}/{{region}}/{{name}}\n\n* {{region}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webregionbackendservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamBinding:WebRegionBackendServiceIamBinding editor \"projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamBinding:WebRegionBackendServiceIamBinding editor \"projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamBinding:WebRegionBackendServiceIamBinding editor projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebRegionBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webregionbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebRegionBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webregionbackendservice are preserved.\n* `gcp.iap.WebRegionBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webregionbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Retrieves the IAM policy for the webregionbackendservice\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebRegionBackendServiceIamBinding` and `gcp.iap.WebRegionBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebRegionBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebRegionBackendServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebRegionBackendServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebRegionBackendServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy WebRegionBackendService\nThree different resources help you manage your IAM policy for Identity-Aware Proxy WebRegionBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webregionbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebRegionBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webregionbackendservice are preserved.\n* `gcp.iap.WebRegionBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webregionbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Retrieves the IAM policy for the webregionbackendservice\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebRegionBackendServiceIamBinding` and `gcp.iap.WebRegionBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebRegionBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebRegionBackendServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebRegionBackendServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebRegionBackendServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute-{{region}}/services/{{name}}\n\n* {{project}}/{{region}}/{{name}}\n\n* {{region}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webregionbackendservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamBinding:WebRegionBackendServiceIamBinding editor \"projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamBinding:WebRegionBackendServiceIamBinding editor \"projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamBinding:WebRegionBackendServiceIamBinding editor projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:iap/WebRegionBackendServiceIamBindingCondition:WebRegionBackendServiceIamBindingCondition", @@ -227243,7 +227243,7 @@ } }, "gcp:iap/webRegionBackendServiceIamMember:WebRegionBackendServiceIamMember": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebRegionBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webregionbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebRegionBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webregionbackendservice are preserved.\n* `gcp.iap.WebRegionBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webregionbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Retrieves the IAM policy for the webregionbackendservice\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebRegionBackendServiceIamBinding` and `gcp.iap.WebRegionBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebRegionBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebRegionBackendServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebRegionBackendServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebRegionBackendServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy WebRegionBackendService\nThree different resources help you manage your IAM policy for Identity-Aware Proxy WebRegionBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webregionbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebRegionBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webregionbackendservice are preserved.\n* `gcp.iap.WebRegionBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webregionbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Retrieves the IAM policy for the webregionbackendservice\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebRegionBackendServiceIamBinding` and `gcp.iap.WebRegionBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebRegionBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebRegionBackendServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebRegionBackendServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebRegionBackendServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute-{{region}}/services/{{name}}\n\n* {{project}}/{{region}}/{{name}}\n\n* {{region}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webregionbackendservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamMember:WebRegionBackendServiceIamMember editor \"projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamMember:WebRegionBackendServiceIamMember editor \"projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamMember:WebRegionBackendServiceIamMember editor projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebRegionBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webregionbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebRegionBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webregionbackendservice are preserved.\n* `gcp.iap.WebRegionBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webregionbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Retrieves the IAM policy for the webregionbackendservice\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebRegionBackendServiceIamBinding` and `gcp.iap.WebRegionBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebRegionBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebRegionBackendServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebRegionBackendServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebRegionBackendServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy WebRegionBackendService\nThree different resources help you manage your IAM policy for Identity-Aware Proxy WebRegionBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webregionbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebRegionBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webregionbackendservice are preserved.\n* `gcp.iap.WebRegionBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webregionbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Retrieves the IAM policy for the webregionbackendservice\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebRegionBackendServiceIamBinding` and `gcp.iap.WebRegionBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebRegionBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebRegionBackendServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebRegionBackendServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebRegionBackendServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute-{{region}}/services/{{name}}\n\n* {{project}}/{{region}}/{{name}}\n\n* {{region}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webregionbackendservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamMember:WebRegionBackendServiceIamMember editor \"projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamMember:WebRegionBackendServiceIamMember editor \"projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamMember:WebRegionBackendServiceIamMember editor projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:iap/WebRegionBackendServiceIamMemberCondition:WebRegionBackendServiceIamMemberCondition", @@ -227358,7 +227358,7 @@ } }, "gcp:iap/webRegionBackendServiceIamPolicy:WebRegionBackendServiceIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebRegionBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webregionbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebRegionBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webregionbackendservice are preserved.\n* `gcp.iap.WebRegionBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webregionbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Retrieves the IAM policy for the webregionbackendservice\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebRegionBackendServiceIamBinding` and `gcp.iap.WebRegionBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebRegionBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebRegionBackendServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebRegionBackendServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebRegionBackendServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy WebRegionBackendService\nThree different resources help you manage your IAM policy for Identity-Aware Proxy WebRegionBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webregionbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebRegionBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webregionbackendservice are preserved.\n* `gcp.iap.WebRegionBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webregionbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Retrieves the IAM policy for the webregionbackendservice\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebRegionBackendServiceIamBinding` and `gcp.iap.WebRegionBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebRegionBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebRegionBackendServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebRegionBackendServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebRegionBackendServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute-{{region}}/services/{{name}}\n\n* {{project}}/{{region}}/{{name}}\n\n* {{region}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webregionbackendservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamPolicy:WebRegionBackendServiceIamPolicy editor \"projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamPolicy:WebRegionBackendServiceIamPolicy editor \"projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamPolicy:WebRegionBackendServiceIamPolicy editor projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebRegionBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webregionbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebRegionBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webregionbackendservice are preserved.\n* `gcp.iap.WebRegionBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webregionbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Retrieves the IAM policy for the webregionbackendservice\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebRegionBackendServiceIamBinding` and `gcp.iap.WebRegionBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebRegionBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebRegionBackendServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebRegionBackendServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebRegionBackendServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy WebRegionBackendService\nThree different resources help you manage your IAM policy for Identity-Aware Proxy WebRegionBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webregionbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebRegionBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webregionbackendservice are preserved.\n* `gcp.iap.WebRegionBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webregionbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Retrieves the IAM policy for the webregionbackendservice\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebRegionBackendServiceIamBinding` and `gcp.iap.WebRegionBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebRegionBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebRegionBackendServiceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebRegionBackendServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebRegionBackendServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute-{{region}}/services/{{name}}\n\n* {{project}}/{{region}}/{{name}}\n\n* {{region}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webregionbackendservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamPolicy:WebRegionBackendServiceIamPolicy editor \"projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamPolicy:WebRegionBackendServiceIamPolicy editor \"projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamPolicy:WebRegionBackendServiceIamPolicy editor projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -227441,7 +227441,7 @@ } }, "gcp:iap/webTypeAppEngingIamBinding:WebTypeAppEngingIamBinding": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached.\n* `gcp.iap.WebTypeAppEngingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved.\n* `gcp.iap.WebTypeAppEngingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Retrieves the IAM policy for the webtypeappengine\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeAppEngingIamBinding` and `gcp.iap.WebTypeAppEngingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeAppEngingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebTypeAppEngingIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeAppEngingIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeAppEngingIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy WebTypeAppEngine\nThree different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached.\n* `gcp.iap.WebTypeAppEngingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved.\n* `gcp.iap.WebTypeAppEngingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Retrieves the IAM policy for the webtypeappengine\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeAppEngingIamBinding` and `gcp.iap.WebTypeAppEngingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeAppEngingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebTypeAppEngingIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeAppEngingIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeAppEngingIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}\n\n* {{project}}/{{appId}}\n\n* {{appId}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webtypeappengine IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamBinding:WebTypeAppEngingIamBinding editor \"projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamBinding:WebTypeAppEngingIamBinding editor \"projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamBinding:WebTypeAppEngingIamBinding editor projects/{{project}}/iap_web/appengine-{{appId}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached.\n* `gcp.iap.WebTypeAppEngingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved.\n* `gcp.iap.WebTypeAppEngingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Retrieves the IAM policy for the webtypeappengine\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeAppEngingIamBinding` and `gcp.iap.WebTypeAppEngingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeAppEngingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebTypeAppEngingIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeAppEngingIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeAppEngingIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy WebTypeAppEngine\nThree different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached.\n* `gcp.iap.WebTypeAppEngingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved.\n* `gcp.iap.WebTypeAppEngingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Retrieves the IAM policy for the webtypeappengine\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeAppEngingIamBinding` and `gcp.iap.WebTypeAppEngingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeAppEngingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebTypeAppEngingIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeAppEngingIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeAppEngingIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}\n\n* {{project}}/{{appId}}\n\n* {{appId}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webtypeappengine IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamBinding:WebTypeAppEngingIamBinding editor \"projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamBinding:WebTypeAppEngingIamBinding editor \"projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamBinding:WebTypeAppEngingIamBinding editor projects/{{project}}/iap_web/appengine-{{appId}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "appId": { "type": "string", @@ -227551,7 +227551,7 @@ } }, "gcp:iap/webTypeAppEngingIamMember:WebTypeAppEngingIamMember": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached.\n* `gcp.iap.WebTypeAppEngingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved.\n* `gcp.iap.WebTypeAppEngingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Retrieves the IAM policy for the webtypeappengine\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeAppEngingIamBinding` and `gcp.iap.WebTypeAppEngingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeAppEngingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebTypeAppEngingIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeAppEngingIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeAppEngingIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy WebTypeAppEngine\nThree different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached.\n* `gcp.iap.WebTypeAppEngingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved.\n* `gcp.iap.WebTypeAppEngingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Retrieves the IAM policy for the webtypeappengine\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeAppEngingIamBinding` and `gcp.iap.WebTypeAppEngingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeAppEngingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebTypeAppEngingIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeAppEngingIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeAppEngingIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}\n\n* {{project}}/{{appId}}\n\n* {{appId}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webtypeappengine IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamMember:WebTypeAppEngingIamMember editor \"projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamMember:WebTypeAppEngingIamMember editor \"projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamMember:WebTypeAppEngingIamMember editor projects/{{project}}/iap_web/appengine-{{appId}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached.\n* `gcp.iap.WebTypeAppEngingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved.\n* `gcp.iap.WebTypeAppEngingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Retrieves the IAM policy for the webtypeappengine\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeAppEngingIamBinding` and `gcp.iap.WebTypeAppEngingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeAppEngingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebTypeAppEngingIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeAppEngingIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeAppEngingIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy WebTypeAppEngine\nThree different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached.\n* `gcp.iap.WebTypeAppEngingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved.\n* `gcp.iap.WebTypeAppEngingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Retrieves the IAM policy for the webtypeappengine\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeAppEngingIamBinding` and `gcp.iap.WebTypeAppEngingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeAppEngingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebTypeAppEngingIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeAppEngingIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeAppEngingIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}\n\n* {{project}}/{{appId}}\n\n* {{appId}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webtypeappengine IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamMember:WebTypeAppEngingIamMember editor \"projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamMember:WebTypeAppEngingIamMember editor \"projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamMember:WebTypeAppEngingIamMember editor projects/{{project}}/iap_web/appengine-{{appId}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "appId": { "type": "string", @@ -227654,7 +227654,7 @@ } }, "gcp:iap/webTypeAppEngingIamPolicy:WebTypeAppEngingIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached.\n* `gcp.iap.WebTypeAppEngingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved.\n* `gcp.iap.WebTypeAppEngingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Retrieves the IAM policy for the webtypeappengine\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeAppEngingIamBinding` and `gcp.iap.WebTypeAppEngingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeAppEngingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebTypeAppEngingIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeAppEngingIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeAppEngingIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy WebTypeAppEngine\nThree different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached.\n* `gcp.iap.WebTypeAppEngingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved.\n* `gcp.iap.WebTypeAppEngingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Retrieves the IAM policy for the webtypeappengine\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeAppEngingIamBinding` and `gcp.iap.WebTypeAppEngingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeAppEngingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebTypeAppEngingIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeAppEngingIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeAppEngingIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}\n\n* {{project}}/{{appId}}\n\n* {{appId}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webtypeappengine IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamPolicy:WebTypeAppEngingIamPolicy editor \"projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamPolicy:WebTypeAppEngingIamPolicy editor \"projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamPolicy:WebTypeAppEngingIamPolicy editor projects/{{project}}/iap_web/appengine-{{appId}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached.\n* `gcp.iap.WebTypeAppEngingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved.\n* `gcp.iap.WebTypeAppEngingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Retrieves the IAM policy for the webtypeappengine\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeAppEngingIamBinding` and `gcp.iap.WebTypeAppEngingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeAppEngingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebTypeAppEngingIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeAppEngingIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeAppEngingIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy WebTypeAppEngine\nThree different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached.\n* `gcp.iap.WebTypeAppEngingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved.\n* `gcp.iap.WebTypeAppEngingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Retrieves the IAM policy for the webtypeappengine\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeAppEngingIamBinding` and `gcp.iap.WebTypeAppEngingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeAppEngingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebTypeAppEngingIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeAppEngingIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeAppEngingIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}\n\n* {{project}}/{{appId}}\n\n* {{appId}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webtypeappengine IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamPolicy:WebTypeAppEngingIamPolicy editor \"projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamPolicy:WebTypeAppEngingIamPolicy editor \"projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamPolicy:WebTypeAppEngingIamPolicy editor projects/{{project}}/iap_web/appengine-{{appId}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "appId": { "type": "string", @@ -227725,7 +227725,7 @@ } }, "gcp:iap/webTypeComputeIamBinding:WebTypeComputeIamBinding": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached.\n* `gcp.iap.WebTypeComputeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved.\n* `gcp.iap.WebTypeComputeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Retrieves the IAM policy for the webtypecompute\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeComputeIamBinding` and `gcp.iap.WebTypeComputeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeComputeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebTypeComputeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeComputeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeComputeIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeComputeIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeComputeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeComputeIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeComputeIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy WebTypeCompute\nThree different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached.\n* `gcp.iap.WebTypeComputeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved.\n* `gcp.iap.WebTypeComputeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Retrieves the IAM policy for the webtypecompute\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeComputeIamBinding` and `gcp.iap.WebTypeComputeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeComputeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebTypeComputeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeComputeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeComputeIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeComputeIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeComputeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeComputeIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeComputeIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webtypecompute IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamBinding:WebTypeComputeIamBinding editor \"projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamBinding:WebTypeComputeIamBinding editor \"projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamBinding:WebTypeComputeIamBinding editor projects/{{project}}/iap_web/compute\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached.\n* `gcp.iap.WebTypeComputeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved.\n* `gcp.iap.WebTypeComputeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Retrieves the IAM policy for the webtypecompute\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeComputeIamBinding` and `gcp.iap.WebTypeComputeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeComputeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebTypeComputeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeComputeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeComputeIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeComputeIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeComputeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeComputeIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeComputeIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy WebTypeCompute\nThree different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached.\n* `gcp.iap.WebTypeComputeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved.\n* `gcp.iap.WebTypeComputeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Retrieves the IAM policy for the webtypecompute\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeComputeIamBinding` and `gcp.iap.WebTypeComputeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeComputeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebTypeComputeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeComputeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeComputeIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeComputeIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeComputeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeComputeIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeComputeIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webtypecompute IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamBinding:WebTypeComputeIamBinding editor \"projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamBinding:WebTypeComputeIamBinding editor \"projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamBinding:WebTypeComputeIamBinding editor projects/{{project}}/iap_web/compute\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:iap/WebTypeComputeIamBindingCondition:WebTypeComputeIamBindingCondition", @@ -227819,7 +227819,7 @@ } }, "gcp:iap/webTypeComputeIamMember:WebTypeComputeIamMember": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached.\n* `gcp.iap.WebTypeComputeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved.\n* `gcp.iap.WebTypeComputeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Retrieves the IAM policy for the webtypecompute\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeComputeIamBinding` and `gcp.iap.WebTypeComputeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeComputeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebTypeComputeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeComputeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeComputeIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeComputeIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeComputeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeComputeIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeComputeIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy WebTypeCompute\nThree different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached.\n* `gcp.iap.WebTypeComputeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved.\n* `gcp.iap.WebTypeComputeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Retrieves the IAM policy for the webtypecompute\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeComputeIamBinding` and `gcp.iap.WebTypeComputeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeComputeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebTypeComputeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeComputeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeComputeIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeComputeIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeComputeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeComputeIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeComputeIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webtypecompute IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamMember:WebTypeComputeIamMember editor \"projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamMember:WebTypeComputeIamMember editor \"projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamMember:WebTypeComputeIamMember editor projects/{{project}}/iap_web/compute\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached.\n* `gcp.iap.WebTypeComputeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved.\n* `gcp.iap.WebTypeComputeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Retrieves the IAM policy for the webtypecompute\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeComputeIamBinding` and `gcp.iap.WebTypeComputeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeComputeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebTypeComputeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeComputeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeComputeIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeComputeIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeComputeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeComputeIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeComputeIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy WebTypeCompute\nThree different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached.\n* `gcp.iap.WebTypeComputeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved.\n* `gcp.iap.WebTypeComputeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Retrieves the IAM policy for the webtypecompute\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeComputeIamBinding` and `gcp.iap.WebTypeComputeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeComputeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebTypeComputeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeComputeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeComputeIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeComputeIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeComputeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeComputeIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeComputeIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webtypecompute IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamMember:WebTypeComputeIamMember editor \"projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamMember:WebTypeComputeIamMember editor \"projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamMember:WebTypeComputeIamMember editor projects/{{project}}/iap_web/compute\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:iap/WebTypeComputeIamMemberCondition:WebTypeComputeIamMemberCondition", @@ -227906,7 +227906,7 @@ } }, "gcp:iap/webTypeComputeIamPolicy:WebTypeComputeIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached.\n* `gcp.iap.WebTypeComputeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved.\n* `gcp.iap.WebTypeComputeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Retrieves the IAM policy for the webtypecompute\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeComputeIamBinding` and `gcp.iap.WebTypeComputeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeComputeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebTypeComputeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeComputeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeComputeIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeComputeIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeComputeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeComputeIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeComputeIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy WebTypeCompute\nThree different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached.\n* `gcp.iap.WebTypeComputeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved.\n* `gcp.iap.WebTypeComputeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Retrieves the IAM policy for the webtypecompute\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeComputeIamBinding` and `gcp.iap.WebTypeComputeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeComputeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebTypeComputeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeComputeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeComputeIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeComputeIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeComputeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeComputeIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeComputeIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webtypecompute IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamPolicy:WebTypeComputeIamPolicy editor \"projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamPolicy:WebTypeComputeIamPolicy editor \"projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamPolicy:WebTypeComputeIamPolicy editor projects/{{project}}/iap_web/compute\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached.\n* `gcp.iap.WebTypeComputeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved.\n* `gcp.iap.WebTypeComputeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Retrieves the IAM policy for the webtypecompute\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeComputeIamBinding` and `gcp.iap.WebTypeComputeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeComputeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebTypeComputeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeComputeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeComputeIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeComputeIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeComputeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeComputeIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeComputeIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Identity-Aware Proxy WebTypeCompute\nThree different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached.\n* `gcp.iap.WebTypeComputeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved.\n* `gcp.iap.WebTypeComputeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Retrieves the IAM policy for the webtypecompute\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeComputeIamBinding` and `gcp.iap.WebTypeComputeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeComputeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.iap.WebTypeComputeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iap.httpsResourceAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder()\n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeComputeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeComputeIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeComputeIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.iap.WebTypeComputeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeComputeIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder()\n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeComputeIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webtypecompute IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamPolicy:WebTypeComputeIamPolicy editor \"projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamPolicy:WebTypeComputeIamPolicy editor \"projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamPolicy:WebTypeComputeIamPolicy editor projects/{{project}}/iap_web/compute\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -227961,7 +227961,7 @@ } }, "gcp:identityplatform/config:Config": { - "description": "Identity Platform configuration for a Cloud project. Identity Platform is an\nend-to-end authentication system for third-party users to access apps\nand services.\n\nThis entity is created only once during intialization and cannot be deleted,\nindividual Identity Providers may be disabled instead. This resource may only\nbe created in billing-enabled projects.\n\n\nTo get more information about Config, see:\n\n* [API documentation](https://cloud.google.com/identity-platform/docs/reference/rest/v2/Config)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/identity-platform/docs)\n\n\n\n## Example Usage\n\n### Identity Platform Config Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.organizations.Project(\"default\", {\n projectId: \"my-project\",\n name: \"my-project\",\n orgId: \"123456789\",\n billingAccount: \"000000-0000000-0000000-000000\",\n deletionPolicy: \"DELETE\",\n labels: {\n firebase: \"enabled\",\n },\n});\nconst identitytoolkit = new gcp.projects.Service(\"identitytoolkit\", {\n project: _default.projectId,\n service: \"identitytoolkit.googleapis.com\",\n});\nconst defaultConfig = new gcp.identityplatform.Config(\"default\", {\n project: _default.projectId,\n autodeleteAnonymousUsers: true,\n signIn: {\n allowDuplicateEmails: true,\n anonymous: {\n enabled: true,\n },\n email: {\n enabled: true,\n passwordRequired: false,\n },\n phoneNumber: {\n enabled: true,\n testPhoneNumbers: {\n \"+11231231234\": \"000000\",\n },\n },\n },\n smsRegionConfig: {\n allowlistOnly: {\n allowedRegions: [\n \"US\",\n \"CA\",\n ],\n },\n },\n blockingFunctions: {\n triggers: [{\n eventType: \"beforeSignIn\",\n functionUri: \"https://us-east1-my-project.cloudfunctions.net/before-sign-in\",\n }],\n forwardInboundCredentials: {\n refreshToken: true,\n accessToken: true,\n idToken: true,\n },\n },\n quota: {\n signUpQuotaConfig: {\n quota: 1000,\n startTime: \"\",\n quotaDuration: \"7200s\",\n },\n },\n authorizedDomains: [\n \"localhost\",\n \"my-project.firebaseapp.com\",\n \"my-project.web.app\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.organizations.Project(\"default\",\n project_id=\"my-project\",\n name=\"my-project\",\n org_id=\"123456789\",\n billing_account=\"000000-0000000-0000000-000000\",\n deletion_policy=\"DELETE\",\n labels={\n \"firebase\": \"enabled\",\n })\nidentitytoolkit = gcp.projects.Service(\"identitytoolkit\",\n project=default.project_id,\n service=\"identitytoolkit.googleapis.com\")\ndefault_config = gcp.identityplatform.Config(\"default\",\n project=default.project_id,\n autodelete_anonymous_users=True,\n sign_in={\n \"allow_duplicate_emails\": True,\n \"anonymous\": {\n \"enabled\": True,\n },\n \"email\": {\n \"enabled\": True,\n \"password_required\": False,\n },\n \"phone_number\": {\n \"enabled\": True,\n \"test_phone_numbers\": {\n \"+11231231234\": \"000000\",\n },\n },\n },\n sms_region_config={\n \"allowlist_only\": {\n \"allowed_regions\": [\n \"US\",\n \"CA\",\n ],\n },\n },\n blocking_functions={\n \"triggers\": [{\n \"event_type\": \"beforeSignIn\",\n \"function_uri\": \"https://us-east1-my-project.cloudfunctions.net/before-sign-in\",\n }],\n \"forward_inbound_credentials\": {\n \"refresh_token\": True,\n \"access_token\": True,\n \"id_token\": True,\n },\n },\n quota={\n \"sign_up_quota_config\": {\n \"quota\": 1000,\n \"start_time\": \"\",\n \"quota_duration\": \"7200s\",\n },\n },\n authorized_domains=[\n \"localhost\",\n \"my-project.firebaseapp.com\",\n \"my-project.web.app\",\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Organizations.Project(\"default\", new()\n {\n ProjectId = \"my-project\",\n Name = \"my-project\",\n OrgId = \"123456789\",\n BillingAccount = \"000000-0000000-0000000-000000\",\n DeletionPolicy = \"DELETE\",\n Labels = \n {\n { \"firebase\", \"enabled\" },\n },\n });\n\n var identitytoolkit = new Gcp.Projects.Service(\"identitytoolkit\", new()\n {\n Project = @default.ProjectId,\n ServiceName = \"identitytoolkit.googleapis.com\",\n });\n\n var defaultConfig = new Gcp.IdentityPlatform.Config(\"default\", new()\n {\n Project = @default.ProjectId,\n AutodeleteAnonymousUsers = true,\n SignIn = new Gcp.IdentityPlatform.Inputs.ConfigSignInArgs\n {\n AllowDuplicateEmails = true,\n Anonymous = new Gcp.IdentityPlatform.Inputs.ConfigSignInAnonymousArgs\n {\n Enabled = true,\n },\n Email = new Gcp.IdentityPlatform.Inputs.ConfigSignInEmailArgs\n {\n Enabled = true,\n PasswordRequired = false,\n },\n PhoneNumber = new Gcp.IdentityPlatform.Inputs.ConfigSignInPhoneNumberArgs\n {\n Enabled = true,\n TestPhoneNumbers = \n {\n { \"+11231231234\", \"000000\" },\n },\n },\n },\n SmsRegionConfig = new Gcp.IdentityPlatform.Inputs.ConfigSmsRegionConfigArgs\n {\n AllowlistOnly = new Gcp.IdentityPlatform.Inputs.ConfigSmsRegionConfigAllowlistOnlyArgs\n {\n AllowedRegions = new[]\n {\n \"US\",\n \"CA\",\n },\n },\n },\n BlockingFunctions = new Gcp.IdentityPlatform.Inputs.ConfigBlockingFunctionsArgs\n {\n Triggers = new[]\n {\n new Gcp.IdentityPlatform.Inputs.ConfigBlockingFunctionsTriggerArgs\n {\n EventType = \"beforeSignIn\",\n FunctionUri = \"https://us-east1-my-project.cloudfunctions.net/before-sign-in\",\n },\n },\n ForwardInboundCredentials = new Gcp.IdentityPlatform.Inputs.ConfigBlockingFunctionsForwardInboundCredentialsArgs\n {\n RefreshToken = true,\n AccessToken = true,\n IdToken = true,\n },\n },\n Quota = new Gcp.IdentityPlatform.Inputs.ConfigQuotaArgs\n {\n SignUpQuotaConfig = new Gcp.IdentityPlatform.Inputs.ConfigQuotaSignUpQuotaConfigArgs\n {\n Quota = 1000,\n StartTime = \"\",\n QuotaDuration = \"7200s\",\n },\n },\n AuthorizedDomains = new[]\n {\n \"localhost\",\n \"my-project.firebaseapp.com\",\n \"my-project.web.app\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/identityplatform\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewProject(ctx, \"default\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"my-project\"),\n\t\t\tName: pulumi.String(\"my-project\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tBillingAccount: pulumi.String(\"000000-0000000-0000000-000000\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"firebase\": pulumi.String(\"enabled\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewService(ctx, \"identitytoolkit\", \u0026projects.ServiceArgs{\n\t\t\tProject: _default.ProjectId,\n\t\t\tService: pulumi.String(\"identitytoolkit.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = identityplatform.NewConfig(ctx, \"default\", \u0026identityplatform.ConfigArgs{\n\t\t\tProject: _default.ProjectId,\n\t\t\tAutodeleteAnonymousUsers: pulumi.Bool(true),\n\t\t\tSignIn: \u0026identityplatform.ConfigSignInArgs{\n\t\t\t\tAllowDuplicateEmails: pulumi.Bool(true),\n\t\t\t\tAnonymous: \u0026identityplatform.ConfigSignInAnonymousArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tEmail: \u0026identityplatform.ConfigSignInEmailArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tPasswordRequired: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t\tPhoneNumber: \u0026identityplatform.ConfigSignInPhoneNumberArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tTestPhoneNumbers: pulumi.StringMap{\n\t\t\t\t\t\t\"+11231231234\": pulumi.String(\"000000\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tSmsRegionConfig: \u0026identityplatform.ConfigSmsRegionConfigArgs{\n\t\t\t\tAllowlistOnly: \u0026identityplatform.ConfigSmsRegionConfigAllowlistOnlyArgs{\n\t\t\t\t\tAllowedRegions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t\t\tpulumi.String(\"CA\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tBlockingFunctions: \u0026identityplatform.ConfigBlockingFunctionsArgs{\n\t\t\t\tTriggers: identityplatform.ConfigBlockingFunctionsTriggerArray{\n\t\t\t\t\t\u0026identityplatform.ConfigBlockingFunctionsTriggerArgs{\n\t\t\t\t\t\tEventType: pulumi.String(\"beforeSignIn\"),\n\t\t\t\t\t\tFunctionUri: pulumi.String(\"https://us-east1-my-project.cloudfunctions.net/before-sign-in\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tForwardInboundCredentials: \u0026identityplatform.ConfigBlockingFunctionsForwardInboundCredentialsArgs{\n\t\t\t\t\tRefreshToken: pulumi.Bool(true),\n\t\t\t\t\tAccessToken: pulumi.Bool(true),\n\t\t\t\t\tIdToken: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tQuota: \u0026identityplatform.ConfigQuotaArgs{\n\t\t\t\tSignUpQuotaConfig: \u0026identityplatform.ConfigQuotaSignUpQuotaConfigArgs{\n\t\t\t\t\tQuota: pulumi.Int(1000),\n\t\t\t\t\tStartTime: pulumi.String(\"\"),\n\t\t\t\t\tQuotaDuration: pulumi.String(\"7200s\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAuthorizedDomains: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"localhost\"),\n\t\t\t\tpulumi.String(\"my-project.firebaseapp.com\"),\n\t\t\t\tpulumi.String(\"my-project.web.app\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.identityplatform.Config;\nimport com.pulumi.gcp.identityplatform.ConfigArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigSignInArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigSignInAnonymousArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigSignInEmailArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigSignInPhoneNumberArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigSmsRegionConfigArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigSmsRegionConfigAllowlistOnlyArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigBlockingFunctionsArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigBlockingFunctionsForwardInboundCredentialsArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigQuotaArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigQuotaSignUpQuotaConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Project(\"default\", ProjectArgs.builder()\n .projectId(\"my-project\")\n .name(\"my-project\")\n .orgId(\"123456789\")\n .billingAccount(\"000000-0000000-0000000-000000\")\n .deletionPolicy(\"DELETE\")\n .labels(Map.of(\"firebase\", \"enabled\"))\n .build());\n\n var identitytoolkit = new Service(\"identitytoolkit\", ServiceArgs.builder()\n .project(default_.projectId())\n .service(\"identitytoolkit.googleapis.com\")\n .build());\n\n var defaultConfig = new Config(\"defaultConfig\", ConfigArgs.builder()\n .project(default_.projectId())\n .autodeleteAnonymousUsers(true)\n .signIn(ConfigSignInArgs.builder()\n .allowDuplicateEmails(true)\n .anonymous(ConfigSignInAnonymousArgs.builder()\n .enabled(true)\n .build())\n .email(ConfigSignInEmailArgs.builder()\n .enabled(true)\n .passwordRequired(false)\n .build())\n .phoneNumber(ConfigSignInPhoneNumberArgs.builder()\n .enabled(true)\n .testPhoneNumbers(Map.of(\"+11231231234\", \"000000\"))\n .build())\n .build())\n .smsRegionConfig(ConfigSmsRegionConfigArgs.builder()\n .allowlistOnly(ConfigSmsRegionConfigAllowlistOnlyArgs.builder()\n .allowedRegions( \n \"US\",\n \"CA\")\n .build())\n .build())\n .blockingFunctions(ConfigBlockingFunctionsArgs.builder()\n .triggers(ConfigBlockingFunctionsTriggerArgs.builder()\n .eventType(\"beforeSignIn\")\n .functionUri(\"https://us-east1-my-project.cloudfunctions.net/before-sign-in\")\n .build())\n .forwardInboundCredentials(ConfigBlockingFunctionsForwardInboundCredentialsArgs.builder()\n .refreshToken(true)\n .accessToken(true)\n .idToken(true)\n .build())\n .build())\n .quota(ConfigQuotaArgs.builder()\n .signUpQuotaConfig(ConfigQuotaSignUpQuotaConfigArgs.builder()\n .quota(1000)\n .startTime(\"\")\n .quotaDuration(\"7200s\")\n .build())\n .build())\n .authorizedDomains( \n \"localhost\",\n \"my-project.firebaseapp.com\",\n \"my-project.web.app\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:organizations:Project\n properties:\n projectId: my-project\n name: my-project\n orgId: '123456789'\n billingAccount: 000000-0000000-0000000-000000\n deletionPolicy: DELETE\n labels:\n firebase: enabled\n identitytoolkit:\n type: gcp:projects:Service\n properties:\n project: ${default.projectId}\n service: identitytoolkit.googleapis.com\n defaultConfig:\n type: gcp:identityplatform:Config\n name: default\n properties:\n project: ${default.projectId}\n autodeleteAnonymousUsers: true\n signIn:\n allowDuplicateEmails: true\n anonymous:\n enabled: true\n email:\n enabled: true\n passwordRequired: false\n phoneNumber:\n enabled: true\n testPhoneNumbers:\n '+11231231234': '000000'\n smsRegionConfig:\n allowlistOnly:\n allowedRegions:\n - US\n - CA\n blockingFunctions:\n triggers:\n - eventType: beforeSignIn\n functionUri: https://us-east1-my-project.cloudfunctions.net/before-sign-in\n forwardInboundCredentials:\n refreshToken: true\n accessToken: true\n idToken: true\n quota:\n signUpQuotaConfig:\n quota: 1000\n startTime:\n quotaDuration: 7200s\n authorizedDomains:\n - localhost\n - my-project.firebaseapp.com\n - my-project.web.app\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/config`\n\n* `projects/{{project}}`\n\n* `{{project}}`\n\nWhen using the `pulumi import` command, Config can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:identityplatform/config:Config default projects/{{project}}/config\n```\n\n```sh\n$ pulumi import gcp:identityplatform/config:Config default projects/{{project}}\n```\n\n```sh\n$ pulumi import gcp:identityplatform/config:Config default {{project}}\n```\n\n", + "description": "Identity Platform configuration for a Cloud project. Identity Platform is an\nend-to-end authentication system for third-party users to access apps\nand services.\n\nThis entity is created only once during intialization and cannot be deleted,\nindividual Identity Providers may be disabled instead. This resource may only\nbe created in billing-enabled projects.\n\n\nTo get more information about Config, see:\n\n* [API documentation](https://cloud.google.com/identity-platform/docs/reference/rest/v2/Config)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/identity-platform/docs)\n\n\n\n## Example Usage\n\n### Identity Platform Config Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.organizations.Project(\"default\", {\n projectId: \"my-project\",\n name: \"my-project\",\n orgId: \"123456789\",\n billingAccount: \"000000-0000000-0000000-000000\",\n deletionPolicy: \"DELETE\",\n labels: {\n firebase: \"enabled\",\n },\n});\nconst identitytoolkit = new gcp.projects.Service(\"identitytoolkit\", {\n project: _default.projectId,\n service: \"identitytoolkit.googleapis.com\",\n});\nconst defaultConfig = new gcp.identityplatform.Config(\"default\", {\n project: _default.projectId,\n autodeleteAnonymousUsers: true,\n signIn: {\n allowDuplicateEmails: true,\n anonymous: {\n enabled: true,\n },\n email: {\n enabled: true,\n passwordRequired: false,\n },\n phoneNumber: {\n enabled: true,\n testPhoneNumbers: {\n \"+11231231234\": \"000000\",\n },\n },\n },\n smsRegionConfig: {\n allowlistOnly: {\n allowedRegions: [\n \"US\",\n \"CA\",\n ],\n },\n },\n blockingFunctions: {\n triggers: [{\n eventType: \"beforeSignIn\",\n functionUri: \"https://us-east1-my-project.cloudfunctions.net/before-sign-in\",\n }],\n forwardInboundCredentials: {\n refreshToken: true,\n accessToken: true,\n idToken: true,\n },\n },\n quota: {\n signUpQuotaConfig: {\n quota: 1000,\n startTime: \"\",\n quotaDuration: \"7200s\",\n },\n },\n authorizedDomains: [\n \"localhost\",\n \"my-project.firebaseapp.com\",\n \"my-project.web.app\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.organizations.Project(\"default\",\n project_id=\"my-project\",\n name=\"my-project\",\n org_id=\"123456789\",\n billing_account=\"000000-0000000-0000000-000000\",\n deletion_policy=\"DELETE\",\n labels={\n \"firebase\": \"enabled\",\n })\nidentitytoolkit = gcp.projects.Service(\"identitytoolkit\",\n project=default.project_id,\n service=\"identitytoolkit.googleapis.com\")\ndefault_config = gcp.identityplatform.Config(\"default\",\n project=default.project_id,\n autodelete_anonymous_users=True,\n sign_in={\n \"allow_duplicate_emails\": True,\n \"anonymous\": {\n \"enabled\": True,\n },\n \"email\": {\n \"enabled\": True,\n \"password_required\": False,\n },\n \"phone_number\": {\n \"enabled\": True,\n \"test_phone_numbers\": {\n \"+11231231234\": \"000000\",\n },\n },\n },\n sms_region_config={\n \"allowlist_only\": {\n \"allowed_regions\": [\n \"US\",\n \"CA\",\n ],\n },\n },\n blocking_functions={\n \"triggers\": [{\n \"event_type\": \"beforeSignIn\",\n \"function_uri\": \"https://us-east1-my-project.cloudfunctions.net/before-sign-in\",\n }],\n \"forward_inbound_credentials\": {\n \"refresh_token\": True,\n \"access_token\": True,\n \"id_token\": True,\n },\n },\n quota={\n \"sign_up_quota_config\": {\n \"quota\": 1000,\n \"start_time\": \"\",\n \"quota_duration\": \"7200s\",\n },\n },\n authorized_domains=[\n \"localhost\",\n \"my-project.firebaseapp.com\",\n \"my-project.web.app\",\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Organizations.Project(\"default\", new()\n {\n ProjectId = \"my-project\",\n Name = \"my-project\",\n OrgId = \"123456789\",\n BillingAccount = \"000000-0000000-0000000-000000\",\n DeletionPolicy = \"DELETE\",\n Labels = \n {\n { \"firebase\", \"enabled\" },\n },\n });\n\n var identitytoolkit = new Gcp.Projects.Service(\"identitytoolkit\", new()\n {\n Project = @default.ProjectId,\n ServiceName = \"identitytoolkit.googleapis.com\",\n });\n\n var defaultConfig = new Gcp.IdentityPlatform.Config(\"default\", new()\n {\n Project = @default.ProjectId,\n AutodeleteAnonymousUsers = true,\n SignIn = new Gcp.IdentityPlatform.Inputs.ConfigSignInArgs\n {\n AllowDuplicateEmails = true,\n Anonymous = new Gcp.IdentityPlatform.Inputs.ConfigSignInAnonymousArgs\n {\n Enabled = true,\n },\n Email = new Gcp.IdentityPlatform.Inputs.ConfigSignInEmailArgs\n {\n Enabled = true,\n PasswordRequired = false,\n },\n PhoneNumber = new Gcp.IdentityPlatform.Inputs.ConfigSignInPhoneNumberArgs\n {\n Enabled = true,\n TestPhoneNumbers = \n {\n { \"+11231231234\", \"000000\" },\n },\n },\n },\n SmsRegionConfig = new Gcp.IdentityPlatform.Inputs.ConfigSmsRegionConfigArgs\n {\n AllowlistOnly = new Gcp.IdentityPlatform.Inputs.ConfigSmsRegionConfigAllowlistOnlyArgs\n {\n AllowedRegions = new[]\n {\n \"US\",\n \"CA\",\n },\n },\n },\n BlockingFunctions = new Gcp.IdentityPlatform.Inputs.ConfigBlockingFunctionsArgs\n {\n Triggers = new[]\n {\n new Gcp.IdentityPlatform.Inputs.ConfigBlockingFunctionsTriggerArgs\n {\n EventType = \"beforeSignIn\",\n FunctionUri = \"https://us-east1-my-project.cloudfunctions.net/before-sign-in\",\n },\n },\n ForwardInboundCredentials = new Gcp.IdentityPlatform.Inputs.ConfigBlockingFunctionsForwardInboundCredentialsArgs\n {\n RefreshToken = true,\n AccessToken = true,\n IdToken = true,\n },\n },\n Quota = new Gcp.IdentityPlatform.Inputs.ConfigQuotaArgs\n {\n SignUpQuotaConfig = new Gcp.IdentityPlatform.Inputs.ConfigQuotaSignUpQuotaConfigArgs\n {\n Quota = 1000,\n StartTime = \"\",\n QuotaDuration = \"7200s\",\n },\n },\n AuthorizedDomains = new[]\n {\n \"localhost\",\n \"my-project.firebaseapp.com\",\n \"my-project.web.app\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/identityplatform\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewProject(ctx, \"default\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"my-project\"),\n\t\t\tName: pulumi.String(\"my-project\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tBillingAccount: pulumi.String(\"000000-0000000-0000000-000000\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"firebase\": pulumi.String(\"enabled\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewService(ctx, \"identitytoolkit\", \u0026projects.ServiceArgs{\n\t\t\tProject: _default.ProjectId,\n\t\t\tService: pulumi.String(\"identitytoolkit.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = identityplatform.NewConfig(ctx, \"default\", \u0026identityplatform.ConfigArgs{\n\t\t\tProject: _default.ProjectId,\n\t\t\tAutodeleteAnonymousUsers: pulumi.Bool(true),\n\t\t\tSignIn: \u0026identityplatform.ConfigSignInArgs{\n\t\t\t\tAllowDuplicateEmails: pulumi.Bool(true),\n\t\t\t\tAnonymous: \u0026identityplatform.ConfigSignInAnonymousArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tEmail: \u0026identityplatform.ConfigSignInEmailArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tPasswordRequired: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t\tPhoneNumber: \u0026identityplatform.ConfigSignInPhoneNumberArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tTestPhoneNumbers: pulumi.StringMap{\n\t\t\t\t\t\t\"+11231231234\": pulumi.String(\"000000\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tSmsRegionConfig: \u0026identityplatform.ConfigSmsRegionConfigArgs{\n\t\t\t\tAllowlistOnly: \u0026identityplatform.ConfigSmsRegionConfigAllowlistOnlyArgs{\n\t\t\t\t\tAllowedRegions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t\t\tpulumi.String(\"CA\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tBlockingFunctions: \u0026identityplatform.ConfigBlockingFunctionsArgs{\n\t\t\t\tTriggers: identityplatform.ConfigBlockingFunctionsTriggerArray{\n\t\t\t\t\t\u0026identityplatform.ConfigBlockingFunctionsTriggerArgs{\n\t\t\t\t\t\tEventType: pulumi.String(\"beforeSignIn\"),\n\t\t\t\t\t\tFunctionUri: pulumi.String(\"https://us-east1-my-project.cloudfunctions.net/before-sign-in\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tForwardInboundCredentials: \u0026identityplatform.ConfigBlockingFunctionsForwardInboundCredentialsArgs{\n\t\t\t\t\tRefreshToken: pulumi.Bool(true),\n\t\t\t\t\tAccessToken: pulumi.Bool(true),\n\t\t\t\t\tIdToken: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tQuota: \u0026identityplatform.ConfigQuotaArgs{\n\t\t\t\tSignUpQuotaConfig: \u0026identityplatform.ConfigQuotaSignUpQuotaConfigArgs{\n\t\t\t\t\tQuota: pulumi.Int(1000),\n\t\t\t\t\tStartTime: pulumi.String(\"\"),\n\t\t\t\t\tQuotaDuration: pulumi.String(\"7200s\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAuthorizedDomains: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"localhost\"),\n\t\t\t\tpulumi.String(\"my-project.firebaseapp.com\"),\n\t\t\t\tpulumi.String(\"my-project.web.app\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.identityplatform.Config;\nimport com.pulumi.gcp.identityplatform.ConfigArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigSignInArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigSignInAnonymousArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigSignInEmailArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigSignInPhoneNumberArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigSmsRegionConfigArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigSmsRegionConfigAllowlistOnlyArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigBlockingFunctionsArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigBlockingFunctionsForwardInboundCredentialsArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigQuotaArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigQuotaSignUpQuotaConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Project(\"default\", ProjectArgs.builder()\n .projectId(\"my-project\")\n .name(\"my-project\")\n .orgId(\"123456789\")\n .billingAccount(\"000000-0000000-0000000-000000\")\n .deletionPolicy(\"DELETE\")\n .labels(Map.of(\"firebase\", \"enabled\"))\n .build());\n\n var identitytoolkit = new Service(\"identitytoolkit\", ServiceArgs.builder()\n .project(default_.projectId())\n .service(\"identitytoolkit.googleapis.com\")\n .build());\n\n var defaultConfig = new Config(\"defaultConfig\", ConfigArgs.builder()\n .project(default_.projectId())\n .autodeleteAnonymousUsers(true)\n .signIn(ConfigSignInArgs.builder()\n .allowDuplicateEmails(true)\n .anonymous(ConfigSignInAnonymousArgs.builder()\n .enabled(true)\n .build())\n .email(ConfigSignInEmailArgs.builder()\n .enabled(true)\n .passwordRequired(false)\n .build())\n .phoneNumber(ConfigSignInPhoneNumberArgs.builder()\n .enabled(true)\n .testPhoneNumbers(Map.of(\"+11231231234\", \"000000\"))\n .build())\n .build())\n .smsRegionConfig(ConfigSmsRegionConfigArgs.builder()\n .allowlistOnly(ConfigSmsRegionConfigAllowlistOnlyArgs.builder()\n .allowedRegions( \n \"US\",\n \"CA\")\n .build())\n .build())\n .blockingFunctions(ConfigBlockingFunctionsArgs.builder()\n .triggers(ConfigBlockingFunctionsTriggerArgs.builder()\n .eventType(\"beforeSignIn\")\n .functionUri(\"https://us-east1-my-project.cloudfunctions.net/before-sign-in\")\n .build())\n .forwardInboundCredentials(ConfigBlockingFunctionsForwardInboundCredentialsArgs.builder()\n .refreshToken(true)\n .accessToken(true)\n .idToken(true)\n .build())\n .build())\n .quota(ConfigQuotaArgs.builder()\n .signUpQuotaConfig(ConfigQuotaSignUpQuotaConfigArgs.builder()\n .quota(1000)\n .startTime(\"\")\n .quotaDuration(\"7200s\")\n .build())\n .build())\n .authorizedDomains( \n \"localhost\",\n \"my-project.firebaseapp.com\",\n \"my-project.web.app\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:organizations:Project\n properties:\n projectId: my-project\n name: my-project\n orgId: '123456789'\n billingAccount: 000000-0000000-0000000-000000\n deletionPolicy: DELETE\n labels:\n firebase: enabled\n identitytoolkit:\n type: gcp:projects:Service\n properties:\n project: ${default.projectId}\n service: identitytoolkit.googleapis.com\n defaultConfig:\n type: gcp:identityplatform:Config\n name: default\n properties:\n project: ${default.projectId}\n autodeleteAnonymousUsers: true\n signIn:\n allowDuplicateEmails: true\n anonymous:\n enabled: true\n email:\n enabled: true\n passwordRequired: false\n phoneNumber:\n enabled: true\n testPhoneNumbers:\n '+11231231234': '000000'\n smsRegionConfig:\n allowlistOnly:\n allowedRegions:\n - US\n - CA\n blockingFunctions:\n triggers:\n - eventType: beforeSignIn\n functionUri: https://us-east1-my-project.cloudfunctions.net/before-sign-in\n forwardInboundCredentials:\n refreshToken: true\n accessToken: true\n idToken: true\n quota:\n signUpQuotaConfig:\n quota: 1000\n startTime: \"\"\n quotaDuration: 7200s\n authorizedDomains:\n - localhost\n - my-project.firebaseapp.com\n - my-project.web.app\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/config`\n\n* `projects/{{project}}`\n\n* `{{project}}`\n\nWhen using the `pulumi import` command, Config can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:identityplatform/config:Config default projects/{{project}}/config\n```\n\n```sh\n$ pulumi import gcp:identityplatform/config:Config default projects/{{project}}\n```\n\n```sh\n$ pulumi import gcp:identityplatform/config:Config default {{project}}\n```\n\n", "properties": { "authorizedDomains": { "type": "array", @@ -228232,7 +228232,7 @@ } }, "gcp:identityplatform/inboundSamlConfig:InboundSamlConfig": { - "description": "Inbound SAML configuration for a Identity Toolkit project.\n\nYou must enable the\n[Google Identity Platform](https://console.cloud.google.com/marketplace/details/google-cloud-platform/customer-identity) in\nthe marketplace prior to using this resource.\n\n\n\n## Example Usage\n\n### Identity Platform Inbound Saml Config Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst samlConfig = new gcp.identityplatform.InboundSamlConfig(\"saml_config\", {\n name: \"saml.tf-config\",\n displayName: \"Display Name\",\n idpConfig: {\n idpEntityId: \"tf-idp\",\n signRequest: true,\n ssoUrl: \"https://example.com\",\n idpCertificates: [{\n x509Certificate: std.file({\n input: \"test-fixtures/rsa_cert.pem\",\n }).then(invoke =\u003e invoke.result),\n }],\n },\n spConfig: {\n spEntityId: \"tf-sp\",\n callbackUri: \"https://example.com\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nsaml_config = gcp.identityplatform.InboundSamlConfig(\"saml_config\",\n name=\"saml.tf-config\",\n display_name=\"Display Name\",\n idp_config={\n \"idp_entity_id\": \"tf-idp\",\n \"sign_request\": True,\n \"sso_url\": \"https://example.com\",\n \"idp_certificates\": [{\n \"x509_certificate\": std.file(input=\"test-fixtures/rsa_cert.pem\").result,\n }],\n },\n sp_config={\n \"sp_entity_id\": \"tf-sp\",\n \"callback_uri\": \"https://example.com\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var samlConfig = new Gcp.IdentityPlatform.InboundSamlConfig(\"saml_config\", new()\n {\n Name = \"saml.tf-config\",\n DisplayName = \"Display Name\",\n IdpConfig = new Gcp.IdentityPlatform.Inputs.InboundSamlConfigIdpConfigArgs\n {\n IdpEntityId = \"tf-idp\",\n SignRequest = true,\n SsoUrl = \"https://example.com\",\n IdpCertificates = new[]\n {\n new Gcp.IdentityPlatform.Inputs.InboundSamlConfigIdpConfigIdpCertificateArgs\n {\n X509Certificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/rsa_cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n },\n SpConfig = new Gcp.IdentityPlatform.Inputs.InboundSamlConfigSpConfigArgs\n {\n SpEntityId = \"tf-sp\",\n CallbackUri = \"https://example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/identityplatform\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/rsa_cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = identityplatform.NewInboundSamlConfig(ctx, \"saml_config\", \u0026identityplatform.InboundSamlConfigArgs{\n\t\t\tName: pulumi.String(\"saml.tf-config\"),\n\t\t\tDisplayName: pulumi.String(\"Display Name\"),\n\t\t\tIdpConfig: \u0026identityplatform.InboundSamlConfigIdpConfigArgs{\n\t\t\t\tIdpEntityId: pulumi.String(\"tf-idp\"),\n\t\t\t\tSignRequest: pulumi.Bool(true),\n\t\t\t\tSsoUrl: pulumi.String(\"https://example.com\"),\n\t\t\t\tIdpCertificates: identityplatform.InboundSamlConfigIdpConfigIdpCertificateArray{\n\t\t\t\t\t\u0026identityplatform.InboundSamlConfigIdpConfigIdpCertificateArgs{\n\t\t\t\t\t\tX509Certificate: pulumi.String(invokeFile.Result),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tSpConfig: \u0026identityplatform.InboundSamlConfigSpConfigArgs{\n\t\t\t\tSpEntityId: pulumi.String(\"tf-sp\"),\n\t\t\t\tCallbackUri: pulumi.String(\"https://example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.identityplatform.InboundSamlConfig;\nimport com.pulumi.gcp.identityplatform.InboundSamlConfigArgs;\nimport com.pulumi.gcp.identityplatform.inputs.InboundSamlConfigIdpConfigArgs;\nimport com.pulumi.gcp.identityplatform.inputs.InboundSamlConfigSpConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var samlConfig = new InboundSamlConfig(\"samlConfig\", InboundSamlConfigArgs.builder()\n .name(\"saml.tf-config\")\n .displayName(\"Display Name\")\n .idpConfig(InboundSamlConfigIdpConfigArgs.builder()\n .idpEntityId(\"tf-idp\")\n .signRequest(true)\n .ssoUrl(\"https://example.com\")\n .idpCertificates(InboundSamlConfigIdpConfigIdpCertificateArgs.builder()\n .x509Certificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/rsa_cert.pem\")\n .build()).result())\n .build())\n .build())\n .spConfig(InboundSamlConfigSpConfigArgs.builder()\n .spEntityId(\"tf-sp\")\n .callbackUri(\"https://example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n samlConfig:\n type: gcp:identityplatform:InboundSamlConfig\n name: saml_config\n properties:\n name: saml.tf-config\n displayName: Display Name\n idpConfig:\n idpEntityId: tf-idp\n signRequest: true\n ssoUrl: https://example.com\n idpCertificates:\n - x509Certificate:\n fn::invoke:\n Function: std:file\n Arguments:\n input: test-fixtures/rsa_cert.pem\n Return: result\n spConfig:\n spEntityId: tf-sp\n callbackUri: https://example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInboundSamlConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/inboundSamlConfigs/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, InboundSamlConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:identityplatform/inboundSamlConfig:InboundSamlConfig default projects/{{project}}/inboundSamlConfigs/{{name}}\n```\n\n```sh\n$ pulumi import gcp:identityplatform/inboundSamlConfig:InboundSamlConfig default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:identityplatform/inboundSamlConfig:InboundSamlConfig default {{name}}\n```\n\n", + "description": "Inbound SAML configuration for a Identity Toolkit project.\n\nYou must enable the\n[Google Identity Platform](https://console.cloud.google.com/marketplace/details/google-cloud-platform/customer-identity) in\nthe marketplace prior to using this resource.\n\n\n\n## Example Usage\n\n### Identity Platform Inbound Saml Config Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst samlConfig = new gcp.identityplatform.InboundSamlConfig(\"saml_config\", {\n name: \"saml.tf-config\",\n displayName: \"Display Name\",\n idpConfig: {\n idpEntityId: \"tf-idp\",\n signRequest: true,\n ssoUrl: \"https://example.com\",\n idpCertificates: [{\n x509Certificate: std.file({\n input: \"test-fixtures/rsa_cert.pem\",\n }).then(invoke =\u003e invoke.result),\n }],\n },\n spConfig: {\n spEntityId: \"tf-sp\",\n callbackUri: \"https://example.com\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nsaml_config = gcp.identityplatform.InboundSamlConfig(\"saml_config\",\n name=\"saml.tf-config\",\n display_name=\"Display Name\",\n idp_config={\n \"idp_entity_id\": \"tf-idp\",\n \"sign_request\": True,\n \"sso_url\": \"https://example.com\",\n \"idp_certificates\": [{\n \"x509_certificate\": std.file(input=\"test-fixtures/rsa_cert.pem\").result,\n }],\n },\n sp_config={\n \"sp_entity_id\": \"tf-sp\",\n \"callback_uri\": \"https://example.com\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var samlConfig = new Gcp.IdentityPlatform.InboundSamlConfig(\"saml_config\", new()\n {\n Name = \"saml.tf-config\",\n DisplayName = \"Display Name\",\n IdpConfig = new Gcp.IdentityPlatform.Inputs.InboundSamlConfigIdpConfigArgs\n {\n IdpEntityId = \"tf-idp\",\n SignRequest = true,\n SsoUrl = \"https://example.com\",\n IdpCertificates = new[]\n {\n new Gcp.IdentityPlatform.Inputs.InboundSamlConfigIdpConfigIdpCertificateArgs\n {\n X509Certificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/rsa_cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n },\n SpConfig = new Gcp.IdentityPlatform.Inputs.InboundSamlConfigSpConfigArgs\n {\n SpEntityId = \"tf-sp\",\n CallbackUri = \"https://example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/identityplatform\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/rsa_cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = identityplatform.NewInboundSamlConfig(ctx, \"saml_config\", \u0026identityplatform.InboundSamlConfigArgs{\n\t\t\tName: pulumi.String(\"saml.tf-config\"),\n\t\t\tDisplayName: pulumi.String(\"Display Name\"),\n\t\t\tIdpConfig: \u0026identityplatform.InboundSamlConfigIdpConfigArgs{\n\t\t\t\tIdpEntityId: pulumi.String(\"tf-idp\"),\n\t\t\t\tSignRequest: pulumi.Bool(true),\n\t\t\t\tSsoUrl: pulumi.String(\"https://example.com\"),\n\t\t\t\tIdpCertificates: identityplatform.InboundSamlConfigIdpConfigIdpCertificateArray{\n\t\t\t\t\t\u0026identityplatform.InboundSamlConfigIdpConfigIdpCertificateArgs{\n\t\t\t\t\t\tX509Certificate: pulumi.String(invokeFile.Result),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tSpConfig: \u0026identityplatform.InboundSamlConfigSpConfigArgs{\n\t\t\t\tSpEntityId: pulumi.String(\"tf-sp\"),\n\t\t\t\tCallbackUri: pulumi.String(\"https://example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.identityplatform.InboundSamlConfig;\nimport com.pulumi.gcp.identityplatform.InboundSamlConfigArgs;\nimport com.pulumi.gcp.identityplatform.inputs.InboundSamlConfigIdpConfigArgs;\nimport com.pulumi.gcp.identityplatform.inputs.InboundSamlConfigSpConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var samlConfig = new InboundSamlConfig(\"samlConfig\", InboundSamlConfigArgs.builder()\n .name(\"saml.tf-config\")\n .displayName(\"Display Name\")\n .idpConfig(InboundSamlConfigIdpConfigArgs.builder()\n .idpEntityId(\"tf-idp\")\n .signRequest(true)\n .ssoUrl(\"https://example.com\")\n .idpCertificates(InboundSamlConfigIdpConfigIdpCertificateArgs.builder()\n .x509Certificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/rsa_cert.pem\")\n .build()).result())\n .build())\n .build())\n .spConfig(InboundSamlConfigSpConfigArgs.builder()\n .spEntityId(\"tf-sp\")\n .callbackUri(\"https://example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n samlConfig:\n type: gcp:identityplatform:InboundSamlConfig\n name: saml_config\n properties:\n name: saml.tf-config\n displayName: Display Name\n idpConfig:\n idpEntityId: tf-idp\n signRequest: true\n ssoUrl: https://example.com\n idpCertificates:\n - x509Certificate:\n fn::invoke:\n function: std:file\n arguments:\n input: test-fixtures/rsa_cert.pem\n return: result\n spConfig:\n spEntityId: tf-sp\n callbackUri: https://example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInboundSamlConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/inboundSamlConfigs/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, InboundSamlConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:identityplatform/inboundSamlConfig:InboundSamlConfig default projects/{{project}}/inboundSamlConfigs/{{name}}\n```\n\n```sh\n$ pulumi import gcp:identityplatform/inboundSamlConfig:InboundSamlConfig default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:identityplatform/inboundSamlConfig:InboundSamlConfig default {{name}}\n```\n\n", "properties": { "displayName": { "type": "string", @@ -228645,7 +228645,7 @@ } }, "gcp:identityplatform/tenantInboundSamlConfig:TenantInboundSamlConfig": { - "description": "Inbound SAML configuration for a Identity Toolkit tenant.\n\nYou must enable the\n[Google Identity Platform](https://console.cloud.google.com/marketplace/details/google-cloud-platform/customer-identity) in\nthe marketplace prior to using this resource.\n\n\n\n## Example Usage\n\n### Identity Platform Tenant Inbound Saml Config Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst tenant = new gcp.identityplatform.Tenant(\"tenant\", {displayName: \"tenant\"});\nconst tenantSamlConfig = new gcp.identityplatform.TenantInboundSamlConfig(\"tenant_saml_config\", {\n name: \"saml.tf-config\",\n displayName: \"Display Name\",\n tenant: tenant.name,\n idpConfig: {\n idpEntityId: \"tf-idp\",\n signRequest: true,\n ssoUrl: \"https://example.com\",\n idpCertificates: [{\n x509Certificate: std.file({\n input: \"test-fixtures/rsa_cert.pem\",\n }).then(invoke =\u003e invoke.result),\n }],\n },\n spConfig: {\n spEntityId: \"tf-sp\",\n callbackUri: \"https://example.com\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ntenant = gcp.identityplatform.Tenant(\"tenant\", display_name=\"tenant\")\ntenant_saml_config = gcp.identityplatform.TenantInboundSamlConfig(\"tenant_saml_config\",\n name=\"saml.tf-config\",\n display_name=\"Display Name\",\n tenant=tenant.name,\n idp_config={\n \"idp_entity_id\": \"tf-idp\",\n \"sign_request\": True,\n \"sso_url\": \"https://example.com\",\n \"idp_certificates\": [{\n \"x509_certificate\": std.file(input=\"test-fixtures/rsa_cert.pem\").result,\n }],\n },\n sp_config={\n \"sp_entity_id\": \"tf-sp\",\n \"callback_uri\": \"https://example.com\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var tenant = new Gcp.IdentityPlatform.Tenant(\"tenant\", new()\n {\n DisplayName = \"tenant\",\n });\n\n var tenantSamlConfig = new Gcp.IdentityPlatform.TenantInboundSamlConfig(\"tenant_saml_config\", new()\n {\n Name = \"saml.tf-config\",\n DisplayName = \"Display Name\",\n Tenant = tenant.Name,\n IdpConfig = new Gcp.IdentityPlatform.Inputs.TenantInboundSamlConfigIdpConfigArgs\n {\n IdpEntityId = \"tf-idp\",\n SignRequest = true,\n SsoUrl = \"https://example.com\",\n IdpCertificates = new[]\n {\n new Gcp.IdentityPlatform.Inputs.TenantInboundSamlConfigIdpConfigIdpCertificateArgs\n {\n X509Certificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/rsa_cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n },\n SpConfig = new Gcp.IdentityPlatform.Inputs.TenantInboundSamlConfigSpConfigArgs\n {\n SpEntityId = \"tf-sp\",\n CallbackUri = \"https://example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/identityplatform\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttenant, err := identityplatform.NewTenant(ctx, \"tenant\", \u0026identityplatform.TenantArgs{\n\t\t\tDisplayName: pulumi.String(\"tenant\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/rsa_cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = identityplatform.NewTenantInboundSamlConfig(ctx, \"tenant_saml_config\", \u0026identityplatform.TenantInboundSamlConfigArgs{\n\t\t\tName: pulumi.String(\"saml.tf-config\"),\n\t\t\tDisplayName: pulumi.String(\"Display Name\"),\n\t\t\tTenant: tenant.Name,\n\t\t\tIdpConfig: \u0026identityplatform.TenantInboundSamlConfigIdpConfigArgs{\n\t\t\t\tIdpEntityId: pulumi.String(\"tf-idp\"),\n\t\t\t\tSignRequest: pulumi.Bool(true),\n\t\t\t\tSsoUrl: pulumi.String(\"https://example.com\"),\n\t\t\t\tIdpCertificates: identityplatform.TenantInboundSamlConfigIdpConfigIdpCertificateArray{\n\t\t\t\t\t\u0026identityplatform.TenantInboundSamlConfigIdpConfigIdpCertificateArgs{\n\t\t\t\t\t\tX509Certificate: pulumi.String(invokeFile.Result),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tSpConfig: \u0026identityplatform.TenantInboundSamlConfigSpConfigArgs{\n\t\t\t\tSpEntityId: pulumi.String(\"tf-sp\"),\n\t\t\t\tCallbackUri: pulumi.String(\"https://example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.identityplatform.Tenant;\nimport com.pulumi.gcp.identityplatform.TenantArgs;\nimport com.pulumi.gcp.identityplatform.TenantInboundSamlConfig;\nimport com.pulumi.gcp.identityplatform.TenantInboundSamlConfigArgs;\nimport com.pulumi.gcp.identityplatform.inputs.TenantInboundSamlConfigIdpConfigArgs;\nimport com.pulumi.gcp.identityplatform.inputs.TenantInboundSamlConfigSpConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var tenant = new Tenant(\"tenant\", TenantArgs.builder()\n .displayName(\"tenant\")\n .build());\n\n var tenantSamlConfig = new TenantInboundSamlConfig(\"tenantSamlConfig\", TenantInboundSamlConfigArgs.builder()\n .name(\"saml.tf-config\")\n .displayName(\"Display Name\")\n .tenant(tenant.name())\n .idpConfig(TenantInboundSamlConfigIdpConfigArgs.builder()\n .idpEntityId(\"tf-idp\")\n .signRequest(true)\n .ssoUrl(\"https://example.com\")\n .idpCertificates(TenantInboundSamlConfigIdpConfigIdpCertificateArgs.builder()\n .x509Certificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/rsa_cert.pem\")\n .build()).result())\n .build())\n .build())\n .spConfig(TenantInboundSamlConfigSpConfigArgs.builder()\n .spEntityId(\"tf-sp\")\n .callbackUri(\"https://example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tenant:\n type: gcp:identityplatform:Tenant\n properties:\n displayName: tenant\n tenantSamlConfig:\n type: gcp:identityplatform:TenantInboundSamlConfig\n name: tenant_saml_config\n properties:\n name: saml.tf-config\n displayName: Display Name\n tenant: ${tenant.name}\n idpConfig:\n idpEntityId: tf-idp\n signRequest: true\n ssoUrl: https://example.com\n idpCertificates:\n - x509Certificate:\n fn::invoke:\n Function: std:file\n Arguments:\n input: test-fixtures/rsa_cert.pem\n Return: result\n spConfig:\n spEntityId: tf-sp\n callbackUri: https://example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nTenantInboundSamlConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/tenants/{{tenant}}/inboundSamlConfigs/{{name}}`\n\n* `{{project}}/{{tenant}}/{{name}}`\n\n* `{{tenant}}/{{name}}`\n\nWhen using the `pulumi import` command, TenantInboundSamlConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:identityplatform/tenantInboundSamlConfig:TenantInboundSamlConfig default projects/{{project}}/tenants/{{tenant}}/inboundSamlConfigs/{{name}}\n```\n\n```sh\n$ pulumi import gcp:identityplatform/tenantInboundSamlConfig:TenantInboundSamlConfig default {{project}}/{{tenant}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:identityplatform/tenantInboundSamlConfig:TenantInboundSamlConfig default {{tenant}}/{{name}}\n```\n\n", + "description": "Inbound SAML configuration for a Identity Toolkit tenant.\n\nYou must enable the\n[Google Identity Platform](https://console.cloud.google.com/marketplace/details/google-cloud-platform/customer-identity) in\nthe marketplace prior to using this resource.\n\n\n\n## Example Usage\n\n### Identity Platform Tenant Inbound Saml Config Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst tenant = new gcp.identityplatform.Tenant(\"tenant\", {displayName: \"tenant\"});\nconst tenantSamlConfig = new gcp.identityplatform.TenantInboundSamlConfig(\"tenant_saml_config\", {\n name: \"saml.tf-config\",\n displayName: \"Display Name\",\n tenant: tenant.name,\n idpConfig: {\n idpEntityId: \"tf-idp\",\n signRequest: true,\n ssoUrl: \"https://example.com\",\n idpCertificates: [{\n x509Certificate: std.file({\n input: \"test-fixtures/rsa_cert.pem\",\n }).then(invoke =\u003e invoke.result),\n }],\n },\n spConfig: {\n spEntityId: \"tf-sp\",\n callbackUri: \"https://example.com\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ntenant = gcp.identityplatform.Tenant(\"tenant\", display_name=\"tenant\")\ntenant_saml_config = gcp.identityplatform.TenantInboundSamlConfig(\"tenant_saml_config\",\n name=\"saml.tf-config\",\n display_name=\"Display Name\",\n tenant=tenant.name,\n idp_config={\n \"idp_entity_id\": \"tf-idp\",\n \"sign_request\": True,\n \"sso_url\": \"https://example.com\",\n \"idp_certificates\": [{\n \"x509_certificate\": std.file(input=\"test-fixtures/rsa_cert.pem\").result,\n }],\n },\n sp_config={\n \"sp_entity_id\": \"tf-sp\",\n \"callback_uri\": \"https://example.com\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var tenant = new Gcp.IdentityPlatform.Tenant(\"tenant\", new()\n {\n DisplayName = \"tenant\",\n });\n\n var tenantSamlConfig = new Gcp.IdentityPlatform.TenantInboundSamlConfig(\"tenant_saml_config\", new()\n {\n Name = \"saml.tf-config\",\n DisplayName = \"Display Name\",\n Tenant = tenant.Name,\n IdpConfig = new Gcp.IdentityPlatform.Inputs.TenantInboundSamlConfigIdpConfigArgs\n {\n IdpEntityId = \"tf-idp\",\n SignRequest = true,\n SsoUrl = \"https://example.com\",\n IdpCertificates = new[]\n {\n new Gcp.IdentityPlatform.Inputs.TenantInboundSamlConfigIdpConfigIdpCertificateArgs\n {\n X509Certificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/rsa_cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n },\n SpConfig = new Gcp.IdentityPlatform.Inputs.TenantInboundSamlConfigSpConfigArgs\n {\n SpEntityId = \"tf-sp\",\n CallbackUri = \"https://example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/identityplatform\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttenant, err := identityplatform.NewTenant(ctx, \"tenant\", \u0026identityplatform.TenantArgs{\n\t\t\tDisplayName: pulumi.String(\"tenant\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/rsa_cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = identityplatform.NewTenantInboundSamlConfig(ctx, \"tenant_saml_config\", \u0026identityplatform.TenantInboundSamlConfigArgs{\n\t\t\tName: pulumi.String(\"saml.tf-config\"),\n\t\t\tDisplayName: pulumi.String(\"Display Name\"),\n\t\t\tTenant: tenant.Name,\n\t\t\tIdpConfig: \u0026identityplatform.TenantInboundSamlConfigIdpConfigArgs{\n\t\t\t\tIdpEntityId: pulumi.String(\"tf-idp\"),\n\t\t\t\tSignRequest: pulumi.Bool(true),\n\t\t\t\tSsoUrl: pulumi.String(\"https://example.com\"),\n\t\t\t\tIdpCertificates: identityplatform.TenantInboundSamlConfigIdpConfigIdpCertificateArray{\n\t\t\t\t\t\u0026identityplatform.TenantInboundSamlConfigIdpConfigIdpCertificateArgs{\n\t\t\t\t\t\tX509Certificate: pulumi.String(invokeFile.Result),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tSpConfig: \u0026identityplatform.TenantInboundSamlConfigSpConfigArgs{\n\t\t\t\tSpEntityId: pulumi.String(\"tf-sp\"),\n\t\t\t\tCallbackUri: pulumi.String(\"https://example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.identityplatform.Tenant;\nimport com.pulumi.gcp.identityplatform.TenantArgs;\nimport com.pulumi.gcp.identityplatform.TenantInboundSamlConfig;\nimport com.pulumi.gcp.identityplatform.TenantInboundSamlConfigArgs;\nimport com.pulumi.gcp.identityplatform.inputs.TenantInboundSamlConfigIdpConfigArgs;\nimport com.pulumi.gcp.identityplatform.inputs.TenantInboundSamlConfigSpConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var tenant = new Tenant(\"tenant\", TenantArgs.builder()\n .displayName(\"tenant\")\n .build());\n\n var tenantSamlConfig = new TenantInboundSamlConfig(\"tenantSamlConfig\", TenantInboundSamlConfigArgs.builder()\n .name(\"saml.tf-config\")\n .displayName(\"Display Name\")\n .tenant(tenant.name())\n .idpConfig(TenantInboundSamlConfigIdpConfigArgs.builder()\n .idpEntityId(\"tf-idp\")\n .signRequest(true)\n .ssoUrl(\"https://example.com\")\n .idpCertificates(TenantInboundSamlConfigIdpConfigIdpCertificateArgs.builder()\n .x509Certificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/rsa_cert.pem\")\n .build()).result())\n .build())\n .build())\n .spConfig(TenantInboundSamlConfigSpConfigArgs.builder()\n .spEntityId(\"tf-sp\")\n .callbackUri(\"https://example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tenant:\n type: gcp:identityplatform:Tenant\n properties:\n displayName: tenant\n tenantSamlConfig:\n type: gcp:identityplatform:TenantInboundSamlConfig\n name: tenant_saml_config\n properties:\n name: saml.tf-config\n displayName: Display Name\n tenant: ${tenant.name}\n idpConfig:\n idpEntityId: tf-idp\n signRequest: true\n ssoUrl: https://example.com\n idpCertificates:\n - x509Certificate:\n fn::invoke:\n function: std:file\n arguments:\n input: test-fixtures/rsa_cert.pem\n return: result\n spConfig:\n spEntityId: tf-sp\n callbackUri: https://example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nTenantInboundSamlConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/tenants/{{tenant}}/inboundSamlConfigs/{{name}}`\n\n* `{{project}}/{{tenant}}/{{name}}`\n\n* `{{tenant}}/{{name}}`\n\nWhen using the `pulumi import` command, TenantInboundSamlConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:identityplatform/tenantInboundSamlConfig:TenantInboundSamlConfig default projects/{{project}}/tenants/{{tenant}}/inboundSamlConfigs/{{name}}\n```\n\n```sh\n$ pulumi import gcp:identityplatform/tenantInboundSamlConfig:TenantInboundSamlConfig default {{project}}/{{tenant}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:identityplatform/tenantInboundSamlConfig:TenantInboundSamlConfig default {{tenant}}/{{name}}\n```\n\n", "properties": { "displayName": { "type": "string", @@ -228888,7 +228888,7 @@ } }, "gcp:integrationconnectors/connection:Connection": { - "description": "An Integration connectors Connection.\n\n\nTo get more information about Connection, see:\n\n* [API documentation](https://cloud.google.com/integration-connectors/docs/reference/rest/v1/projects.locations.connections)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/integration-connectors/docs/createconnection)\n\n## Example Usage\n\n### Integration Connectors Connection Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst testProject = gcp.organizations.getProject({});\nconst pubsubconnection = new gcp.integrationconnectors.Connection(\"pubsubconnection\", {\n name: \"test-pubsub\",\n location: \"us-central1\",\n connectorVersion: testProject.then(testProject =\u003e `projects/${testProject.projectId}/locations/global/providers/gcp/connectors/pubsub/versions/1`),\n description: \"tf created description\",\n configVariables: [\n {\n key: \"project_id\",\n stringValue: \"connectors-example\",\n },\n {\n key: \"topic_id\",\n stringValue: \"test\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest_project = gcp.organizations.get_project()\npubsubconnection = gcp.integrationconnectors.Connection(\"pubsubconnection\",\n name=\"test-pubsub\",\n location=\"us-central1\",\n connector_version=f\"projects/{test_project.project_id}/locations/global/providers/gcp/connectors/pubsub/versions/1\",\n description=\"tf created description\",\n config_variables=[\n {\n \"key\": \"project_id\",\n \"string_value\": \"connectors-example\",\n },\n {\n \"key\": \"topic_id\",\n \"string_value\": \"test\",\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testProject = Gcp.Organizations.GetProject.Invoke();\n\n var pubsubconnection = new Gcp.IntegrationConnectors.Connection(\"pubsubconnection\", new()\n {\n Name = \"test-pubsub\",\n Location = \"us-central1\",\n ConnectorVersion = $\"projects/{testProject.Apply(getProjectResult =\u003e getProjectResult.ProjectId)}/locations/global/providers/gcp/connectors/pubsub/versions/1\",\n Description = \"tf created description\",\n ConfigVariables = new[]\n {\n new Gcp.IntegrationConnectors.Inputs.ConnectionConfigVariableArgs\n {\n Key = \"project_id\",\n StringValue = \"connectors-example\",\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionConfigVariableArgs\n {\n Key = \"topic_id\",\n StringValue = \"test\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/integrationconnectors\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestProject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = integrationconnectors.NewConnection(ctx, \"pubsubconnection\", \u0026integrationconnectors.ConnectionArgs{\n\t\t\tName: pulumi.String(\"test-pubsub\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectorVersion: pulumi.Sprintf(\"projects/%v/locations/global/providers/gcp/connectors/pubsub/versions/1\", testProject.ProjectId),\n\t\t\tDescription: pulumi.String(\"tf created description\"),\n\t\t\tConfigVariables: integrationconnectors.ConnectionConfigVariableArray{\n\t\t\t\t\u0026integrationconnectors.ConnectionConfigVariableArgs{\n\t\t\t\t\tKey: pulumi.String(\"project_id\"),\n\t\t\t\t\tStringValue: pulumi.String(\"connectors-example\"),\n\t\t\t\t},\n\t\t\t\t\u0026integrationconnectors.ConnectionConfigVariableArgs{\n\t\t\t\t\tKey: pulumi.String(\"topic_id\"),\n\t\t\t\t\tStringValue: pulumi.String(\"test\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.integrationconnectors.Connection;\nimport com.pulumi.gcp.integrationconnectors.ConnectionArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionConfigVariableArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var testProject = OrganizationsFunctions.getProject();\n\n var pubsubconnection = new Connection(\"pubsubconnection\", ConnectionArgs.builder()\n .name(\"test-pubsub\")\n .location(\"us-central1\")\n .connectorVersion(String.format(\"projects/%s/locations/global/providers/gcp/connectors/pubsub/versions/1\", testProject.applyValue(getProjectResult -\u003e getProjectResult.projectId())))\n .description(\"tf created description\")\n .configVariables( \n ConnectionConfigVariableArgs.builder()\n .key(\"project_id\")\n .stringValue(\"connectors-example\")\n .build(),\n ConnectionConfigVariableArgs.builder()\n .key(\"topic_id\")\n .stringValue(\"test\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pubsubconnection:\n type: gcp:integrationconnectors:Connection\n properties:\n name: test-pubsub\n location: us-central1\n connectorVersion: projects/${testProject.projectId}/locations/global/providers/gcp/connectors/pubsub/versions/1\n description: tf created description\n configVariables:\n - key: project_id\n stringValue: connectors-example\n - key: topic_id\n stringValue: test\nvariables:\n testProject:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Integration Connectors Connection Advanced\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst testProject = gcp.organizations.getProject({});\nconst secret_basic = new gcp.secretmanager.Secret(\"secret-basic\", {\n secretId: \"test-secret\",\n replication: {\n userManaged: {\n replicas: [{\n location: \"us-central1\",\n }],\n },\n },\n});\nconst secret_version_basic = new gcp.secretmanager.SecretVersion(\"secret-version-basic\", {\n secret: secret_basic.id,\n secretData: \"dummypassword\",\n});\nconst secretIam = new gcp.secretmanager.SecretIamMember(\"secret_iam\", {\n secretId: secret_basic.id,\n role: \"roles/secretmanager.admin\",\n member: testProject.then(testProject =\u003e `serviceAccount:${testProject.number}-compute@developer.gserviceaccount.com`),\n}, {\n dependsOn: [secret_version_basic],\n});\nconst zendeskconnection = new gcp.integrationconnectors.Connection(\"zendeskconnection\", {\n name: \"test-zendesk\",\n description: \"tf updated description\",\n location: \"us-central1\",\n serviceAccount: testProject.then(testProject =\u003e `${testProject.number}-compute@developer.gserviceaccount.com`),\n connectorVersion: testProject.then(testProject =\u003e `projects/${testProject.projectId}/locations/global/providers/zendesk/connectors/zendesk/versions/1`),\n configVariables: [\n {\n key: \"proxy_enabled\",\n booleanValue: false,\n },\n {\n key: \"sample_integer_value\",\n integerValue: 1,\n },\n {\n key: \"sample_encryption_key_value\",\n encryptionKeyValue: {\n type: \"GOOGLE_MANAGED\",\n kmsKeyName: \"sampleKMSKkey\",\n },\n },\n {\n key: \"sample_secret_value\",\n secretValue: {\n secretVersion: secret_version_basic.name,\n },\n },\n ],\n suspended: false,\n authConfig: {\n additionalVariables: [\n {\n key: \"sample_string\",\n stringValue: \"sampleString\",\n },\n {\n key: \"sample_boolean\",\n booleanValue: false,\n },\n {\n key: \"sample_integer\",\n integerValue: 1,\n },\n {\n key: \"sample_secret_value\",\n secretValue: {\n secretVersion: secret_version_basic.name,\n },\n },\n {\n key: \"sample_encryption_key_value\",\n encryptionKeyValue: {\n type: \"GOOGLE_MANAGED\",\n kmsKeyName: \"sampleKMSKkey\",\n },\n },\n ],\n authType: \"USER_PASSWORD\",\n authKey: \"sampleAuthKey\",\n userPassword: {\n username: \"user@xyz.com\",\n password: {\n secretVersion: secret_version_basic.name,\n },\n },\n },\n destinationConfigs: [{\n key: \"url\",\n destinations: [{\n host: \"https://test.zendesk.com\",\n port: 80,\n }],\n }],\n lockConfig: {\n locked: false,\n reason: \"Its not locked\",\n },\n logConfig: {\n enabled: true,\n },\n nodeConfig: {\n minNodeCount: 2,\n maxNodeCount: 50,\n },\n labels: {\n foo: \"bar\",\n },\n sslConfig: {\n additionalVariables: [\n {\n key: \"sample_string\",\n stringValue: \"sampleString\",\n },\n {\n key: \"sample_boolean\",\n booleanValue: false,\n },\n {\n key: \"sample_integer\",\n integerValue: 1,\n },\n {\n key: \"sample_secret_value\",\n secretValue: {\n secretVersion: secret_version_basic.name,\n },\n },\n {\n key: \"sample_encryption_key_value\",\n encryptionKeyValue: {\n type: \"GOOGLE_MANAGED\",\n kmsKeyName: \"sampleKMSKkey\",\n },\n },\n ],\n clientCertType: \"PEM\",\n clientCertificate: {\n secretVersion: secret_version_basic.name,\n },\n clientPrivateKey: {\n secretVersion: secret_version_basic.name,\n },\n clientPrivateKeyPass: {\n secretVersion: secret_version_basic.name,\n },\n privateServerCertificate: {\n secretVersion: secret_version_basic.name,\n },\n serverCertType: \"PEM\",\n trustModel: \"PRIVATE\",\n type: \"TLS\",\n useSsl: true,\n },\n eventingEnablementType: \"EVENTING_AND_CONNECTION\",\n eventingConfig: {\n additionalVariables: [\n {\n key: \"sample_string\",\n stringValue: \"sampleString\",\n },\n {\n key: \"sample_boolean\",\n booleanValue: false,\n },\n {\n key: \"sample_integer\",\n integerValue: 1,\n },\n {\n key: \"sample_secret_value\",\n secretValue: {\n secretVersion: secret_version_basic.name,\n },\n },\n {\n key: \"sample_encryption_key_value\",\n encryptionKeyValue: {\n type: \"GOOGLE_MANAGED\",\n kmsKeyName: \"sampleKMSKkey\",\n },\n },\n ],\n registrationDestinationConfig: {\n key: \"registration_destination_config\",\n destinations: [{\n host: \"https://test.zendesk.com\",\n port: 80,\n }],\n },\n authConfig: {\n authType: \"USER_PASSWORD\",\n authKey: \"sampleAuthKey\",\n userPassword: {\n username: \"user@xyz.com\",\n password: {\n secretVersion: secret_version_basic.name,\n },\n },\n additionalVariables: [\n {\n key: \"sample_string\",\n stringValue: \"sampleString\",\n },\n {\n key: \"sample_boolean\",\n booleanValue: false,\n },\n {\n key: \"sample_integer\",\n integerValue: 1,\n },\n {\n key: \"sample_secret_value\",\n secretValue: {\n secretVersion: secret_version_basic.name,\n },\n },\n {\n key: \"sample_encryption_key_value\",\n encryptionKeyValue: {\n type: \"GOOGLE_MANAGED\",\n kmsKeyName: \"sampleKMSKkey\",\n },\n },\n ],\n },\n enrichmentEnabled: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest_project = gcp.organizations.get_project()\nsecret_basic = gcp.secretmanager.Secret(\"secret-basic\",\n secret_id=\"test-secret\",\n replication={\n \"user_managed\": {\n \"replicas\": [{\n \"location\": \"us-central1\",\n }],\n },\n })\nsecret_version_basic = gcp.secretmanager.SecretVersion(\"secret-version-basic\",\n secret=secret_basic.id,\n secret_data=\"dummypassword\")\nsecret_iam = gcp.secretmanager.SecretIamMember(\"secret_iam\",\n secret_id=secret_basic.id,\n role=\"roles/secretmanager.admin\",\n member=f\"serviceAccount:{test_project.number}-compute@developer.gserviceaccount.com\",\n opts = pulumi.ResourceOptions(depends_on=[secret_version_basic]))\nzendeskconnection = gcp.integrationconnectors.Connection(\"zendeskconnection\",\n name=\"test-zendesk\",\n description=\"tf updated description\",\n location=\"us-central1\",\n service_account=f\"{test_project.number}-compute@developer.gserviceaccount.com\",\n connector_version=f\"projects/{test_project.project_id}/locations/global/providers/zendesk/connectors/zendesk/versions/1\",\n config_variables=[\n {\n \"key\": \"proxy_enabled\",\n \"boolean_value\": False,\n },\n {\n \"key\": \"sample_integer_value\",\n \"integer_value\": 1,\n },\n {\n \"key\": \"sample_encryption_key_value\",\n \"encryption_key_value\": {\n \"type\": \"GOOGLE_MANAGED\",\n \"kms_key_name\": \"sampleKMSKkey\",\n },\n },\n {\n \"key\": \"sample_secret_value\",\n \"secret_value\": {\n \"secret_version\": secret_version_basic.name,\n },\n },\n ],\n suspended=False,\n auth_config={\n \"additional_variables\": [\n {\n \"key\": \"sample_string\",\n \"string_value\": \"sampleString\",\n },\n {\n \"key\": \"sample_boolean\",\n \"boolean_value\": False,\n },\n {\n \"key\": \"sample_integer\",\n \"integer_value\": 1,\n },\n {\n \"key\": \"sample_secret_value\",\n \"secret_value\": {\n \"secret_version\": secret_version_basic.name,\n },\n },\n {\n \"key\": \"sample_encryption_key_value\",\n \"encryption_key_value\": {\n \"type\": \"GOOGLE_MANAGED\",\n \"kms_key_name\": \"sampleKMSKkey\",\n },\n },\n ],\n \"auth_type\": \"USER_PASSWORD\",\n \"auth_key\": \"sampleAuthKey\",\n \"user_password\": {\n \"username\": \"user@xyz.com\",\n \"password\": {\n \"secret_version\": secret_version_basic.name,\n },\n },\n },\n destination_configs=[{\n \"key\": \"url\",\n \"destinations\": [{\n \"host\": \"https://test.zendesk.com\",\n \"port\": 80,\n }],\n }],\n lock_config={\n \"locked\": False,\n \"reason\": \"Its not locked\",\n },\n log_config={\n \"enabled\": True,\n },\n node_config={\n \"min_node_count\": 2,\n \"max_node_count\": 50,\n },\n labels={\n \"foo\": \"bar\",\n },\n ssl_config={\n \"additional_variables\": [\n {\n \"key\": \"sample_string\",\n \"string_value\": \"sampleString\",\n },\n {\n \"key\": \"sample_boolean\",\n \"boolean_value\": False,\n },\n {\n \"key\": \"sample_integer\",\n \"integer_value\": 1,\n },\n {\n \"key\": \"sample_secret_value\",\n \"secret_value\": {\n \"secret_version\": secret_version_basic.name,\n },\n },\n {\n \"key\": \"sample_encryption_key_value\",\n \"encryption_key_value\": {\n \"type\": \"GOOGLE_MANAGED\",\n \"kms_key_name\": \"sampleKMSKkey\",\n },\n },\n ],\n \"client_cert_type\": \"PEM\",\n \"client_certificate\": {\n \"secret_version\": secret_version_basic.name,\n },\n \"client_private_key\": {\n \"secret_version\": secret_version_basic.name,\n },\n \"client_private_key_pass\": {\n \"secret_version\": secret_version_basic.name,\n },\n \"private_server_certificate\": {\n \"secret_version\": secret_version_basic.name,\n },\n \"server_cert_type\": \"PEM\",\n \"trust_model\": \"PRIVATE\",\n \"type\": \"TLS\",\n \"use_ssl\": True,\n },\n eventing_enablement_type=\"EVENTING_AND_CONNECTION\",\n eventing_config={\n \"additional_variables\": [\n {\n \"key\": \"sample_string\",\n \"string_value\": \"sampleString\",\n },\n {\n \"key\": \"sample_boolean\",\n \"boolean_value\": False,\n },\n {\n \"key\": \"sample_integer\",\n \"integer_value\": 1,\n },\n {\n \"key\": \"sample_secret_value\",\n \"secret_value\": {\n \"secret_version\": secret_version_basic.name,\n },\n },\n {\n \"key\": \"sample_encryption_key_value\",\n \"encryption_key_value\": {\n \"type\": \"GOOGLE_MANAGED\",\n \"kms_key_name\": \"sampleKMSKkey\",\n },\n },\n ],\n \"registration_destination_config\": {\n \"key\": \"registration_destination_config\",\n \"destinations\": [{\n \"host\": \"https://test.zendesk.com\",\n \"port\": 80,\n }],\n },\n \"auth_config\": {\n \"auth_type\": \"USER_PASSWORD\",\n \"auth_key\": \"sampleAuthKey\",\n \"user_password\": {\n \"username\": \"user@xyz.com\",\n \"password\": {\n \"secret_version\": secret_version_basic.name,\n },\n },\n \"additional_variables\": [\n {\n \"key\": \"sample_string\",\n \"string_value\": \"sampleString\",\n },\n {\n \"key\": \"sample_boolean\",\n \"boolean_value\": False,\n },\n {\n \"key\": \"sample_integer\",\n \"integer_value\": 1,\n },\n {\n \"key\": \"sample_secret_value\",\n \"secret_value\": {\n \"secret_version\": secret_version_basic.name,\n },\n },\n {\n \"key\": \"sample_encryption_key_value\",\n \"encryption_key_value\": {\n \"type\": \"GOOGLE_MANAGED\",\n \"kms_key_name\": \"sampleKMSKkey\",\n },\n },\n ],\n },\n \"enrichment_enabled\": True,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testProject = Gcp.Organizations.GetProject.Invoke();\n\n var secret_basic = new Gcp.SecretManager.Secret(\"secret-basic\", new()\n {\n SecretId = \"test-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n UserManaged = new Gcp.SecretManager.Inputs.SecretReplicationUserManagedArgs\n {\n Replicas = new[]\n {\n new Gcp.SecretManager.Inputs.SecretReplicationUserManagedReplicaArgs\n {\n Location = \"us-central1\",\n },\n },\n },\n },\n });\n\n var secret_version_basic = new Gcp.SecretManager.SecretVersion(\"secret-version-basic\", new()\n {\n Secret = secret_basic.Id,\n SecretData = \"dummypassword\",\n });\n\n var secretIam = new Gcp.SecretManager.SecretIamMember(\"secret_iam\", new()\n {\n SecretId = secret_basic.Id,\n Role = \"roles/secretmanager.admin\",\n Member = $\"serviceAccount:{testProject.Apply(getProjectResult =\u003e getProjectResult.Number)}-compute@developer.gserviceaccount.com\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n secret_version_basic,\n },\n });\n\n var zendeskconnection = new Gcp.IntegrationConnectors.Connection(\"zendeskconnection\", new()\n {\n Name = \"test-zendesk\",\n Description = \"tf updated description\",\n Location = \"us-central1\",\n ServiceAccount = $\"{testProject.Apply(getProjectResult =\u003e getProjectResult.Number)}-compute@developer.gserviceaccount.com\",\n ConnectorVersion = $\"projects/{testProject.Apply(getProjectResult =\u003e getProjectResult.ProjectId)}/locations/global/providers/zendesk/connectors/zendesk/versions/1\",\n ConfigVariables = new[]\n {\n new Gcp.IntegrationConnectors.Inputs.ConnectionConfigVariableArgs\n {\n Key = \"proxy_enabled\",\n BooleanValue = false,\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionConfigVariableArgs\n {\n Key = \"sample_integer_value\",\n IntegerValue = 1,\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionConfigVariableArgs\n {\n Key = \"sample_encryption_key_value\",\n EncryptionKeyValue = new Gcp.IntegrationConnectors.Inputs.ConnectionConfigVariableEncryptionKeyValueArgs\n {\n Type = \"GOOGLE_MANAGED\",\n KmsKeyName = \"sampleKMSKkey\",\n },\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionConfigVariableArgs\n {\n Key = \"sample_secret_value\",\n SecretValue = new Gcp.IntegrationConnectors.Inputs.ConnectionConfigVariableSecretValueArgs\n {\n SecretVersion = secret_version_basic.Name,\n },\n },\n },\n Suspended = false,\n AuthConfig = new Gcp.IntegrationConnectors.Inputs.ConnectionAuthConfigArgs\n {\n AdditionalVariables = new[]\n {\n new Gcp.IntegrationConnectors.Inputs.ConnectionAuthConfigAdditionalVariableArgs\n {\n Key = \"sample_string\",\n StringValue = \"sampleString\",\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionAuthConfigAdditionalVariableArgs\n {\n Key = \"sample_boolean\",\n BooleanValue = false,\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionAuthConfigAdditionalVariableArgs\n {\n Key = \"sample_integer\",\n IntegerValue = 1,\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionAuthConfigAdditionalVariableArgs\n {\n Key = \"sample_secret_value\",\n SecretValue = new Gcp.IntegrationConnectors.Inputs.ConnectionAuthConfigAdditionalVariableSecretValueArgs\n {\n SecretVersion = secret_version_basic.Name,\n },\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionAuthConfigAdditionalVariableArgs\n {\n Key = \"sample_encryption_key_value\",\n EncryptionKeyValue = new Gcp.IntegrationConnectors.Inputs.ConnectionAuthConfigAdditionalVariableEncryptionKeyValueArgs\n {\n Type = \"GOOGLE_MANAGED\",\n KmsKeyName = \"sampleKMSKkey\",\n },\n },\n },\n AuthType = \"USER_PASSWORD\",\n AuthKey = \"sampleAuthKey\",\n UserPassword = new Gcp.IntegrationConnectors.Inputs.ConnectionAuthConfigUserPasswordArgs\n {\n Username = \"user@xyz.com\",\n Password = new Gcp.IntegrationConnectors.Inputs.ConnectionAuthConfigUserPasswordPasswordArgs\n {\n SecretVersion = secret_version_basic.Name,\n },\n },\n },\n DestinationConfigs = new[]\n {\n new Gcp.IntegrationConnectors.Inputs.ConnectionDestinationConfigArgs\n {\n Key = \"url\",\n Destinations = new[]\n {\n new Gcp.IntegrationConnectors.Inputs.ConnectionDestinationConfigDestinationArgs\n {\n Host = \"https://test.zendesk.com\",\n Port = 80,\n },\n },\n },\n },\n LockConfig = new Gcp.IntegrationConnectors.Inputs.ConnectionLockConfigArgs\n {\n Locked = false,\n Reason = \"Its not locked\",\n },\n LogConfig = new Gcp.IntegrationConnectors.Inputs.ConnectionLogConfigArgs\n {\n Enabled = true,\n },\n NodeConfig = new Gcp.IntegrationConnectors.Inputs.ConnectionNodeConfigArgs\n {\n MinNodeCount = 2,\n MaxNodeCount = 50,\n },\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n SslConfig = new Gcp.IntegrationConnectors.Inputs.ConnectionSslConfigArgs\n {\n AdditionalVariables = new[]\n {\n new Gcp.IntegrationConnectors.Inputs.ConnectionSslConfigAdditionalVariableArgs\n {\n Key = \"sample_string\",\n StringValue = \"sampleString\",\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionSslConfigAdditionalVariableArgs\n {\n Key = \"sample_boolean\",\n BooleanValue = false,\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionSslConfigAdditionalVariableArgs\n {\n Key = \"sample_integer\",\n IntegerValue = 1,\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionSslConfigAdditionalVariableArgs\n {\n Key = \"sample_secret_value\",\n SecretValue = new Gcp.IntegrationConnectors.Inputs.ConnectionSslConfigAdditionalVariableSecretValueArgs\n {\n SecretVersion = secret_version_basic.Name,\n },\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionSslConfigAdditionalVariableArgs\n {\n Key = \"sample_encryption_key_value\",\n EncryptionKeyValue = new Gcp.IntegrationConnectors.Inputs.ConnectionSslConfigAdditionalVariableEncryptionKeyValueArgs\n {\n Type = \"GOOGLE_MANAGED\",\n KmsKeyName = \"sampleKMSKkey\",\n },\n },\n },\n ClientCertType = \"PEM\",\n ClientCertificate = new Gcp.IntegrationConnectors.Inputs.ConnectionSslConfigClientCertificateArgs\n {\n SecretVersion = secret_version_basic.Name,\n },\n ClientPrivateKey = new Gcp.IntegrationConnectors.Inputs.ConnectionSslConfigClientPrivateKeyArgs\n {\n SecretVersion = secret_version_basic.Name,\n },\n ClientPrivateKeyPass = new Gcp.IntegrationConnectors.Inputs.ConnectionSslConfigClientPrivateKeyPassArgs\n {\n SecretVersion = secret_version_basic.Name,\n },\n PrivateServerCertificate = new Gcp.IntegrationConnectors.Inputs.ConnectionSslConfigPrivateServerCertificateArgs\n {\n SecretVersion = secret_version_basic.Name,\n },\n ServerCertType = \"PEM\",\n TrustModel = \"PRIVATE\",\n Type = \"TLS\",\n UseSsl = true,\n },\n EventingEnablementType = \"EVENTING_AND_CONNECTION\",\n EventingConfig = new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigArgs\n {\n AdditionalVariables = new[]\n {\n new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigAdditionalVariableArgs\n {\n Key = \"sample_string\",\n StringValue = \"sampleString\",\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigAdditionalVariableArgs\n {\n Key = \"sample_boolean\",\n BooleanValue = false,\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigAdditionalVariableArgs\n {\n Key = \"sample_integer\",\n IntegerValue = 1,\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigAdditionalVariableArgs\n {\n Key = \"sample_secret_value\",\n SecretValue = new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigAdditionalVariableSecretValueArgs\n {\n SecretVersion = secret_version_basic.Name,\n },\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigAdditionalVariableArgs\n {\n Key = \"sample_encryption_key_value\",\n EncryptionKeyValue = new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigAdditionalVariableEncryptionKeyValueArgs\n {\n Type = \"GOOGLE_MANAGED\",\n KmsKeyName = \"sampleKMSKkey\",\n },\n },\n },\n RegistrationDestinationConfig = new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigRegistrationDestinationConfigArgs\n {\n Key = \"registration_destination_config\",\n Destinations = new[]\n {\n new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigRegistrationDestinationConfigDestinationArgs\n {\n Host = \"https://test.zendesk.com\",\n Port = 80,\n },\n },\n },\n AuthConfig = new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigAuthConfigArgs\n {\n AuthType = \"USER_PASSWORD\",\n AuthKey = \"sampleAuthKey\",\n UserPassword = new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigAuthConfigUserPasswordArgs\n {\n Username = \"user@xyz.com\",\n Password = new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigAuthConfigUserPasswordPasswordArgs\n {\n SecretVersion = secret_version_basic.Name,\n },\n },\n AdditionalVariables = new[]\n {\n new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigAuthConfigAdditionalVariableArgs\n {\n Key = \"sample_string\",\n StringValue = \"sampleString\",\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigAuthConfigAdditionalVariableArgs\n {\n Key = \"sample_boolean\",\n BooleanValue = false,\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigAuthConfigAdditionalVariableArgs\n {\n Key = \"sample_integer\",\n IntegerValue = 1,\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigAuthConfigAdditionalVariableArgs\n {\n Key = \"sample_secret_value\",\n SecretValue = new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigAuthConfigAdditionalVariableSecretValueArgs\n {\n SecretVersion = secret_version_basic.Name,\n },\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigAuthConfigAdditionalVariableArgs\n {\n Key = \"sample_encryption_key_value\",\n EncryptionKeyValue = new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigAuthConfigAdditionalVariableEncryptionKeyValueArgs\n {\n Type = \"GOOGLE_MANAGED\",\n KmsKeyName = \"sampleKMSKkey\",\n },\n },\n },\n },\n EnrichmentEnabled = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/integrationconnectors\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestProject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecret(ctx, \"secret-basic\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"test-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tUserManaged: \u0026secretmanager.SecretReplicationUserManagedArgs{\n\t\t\t\t\tReplicas: secretmanager.SecretReplicationUserManagedReplicaArray{\n\t\t\t\t\t\t\u0026secretmanager.SecretReplicationUserManagedReplicaArgs{\n\t\t\t\t\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"secret-version-basic\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: secret_basic.ID(),\n\t\t\tSecretData: pulumi.String(\"dummypassword\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamMember(ctx, \"secret_iam\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tSecretId: secret_basic.ID(),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.admin\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v-compute@developer.gserviceaccount.com\", testProject.Number),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsecret_version_basic,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = integrationconnectors.NewConnection(ctx, \"zendeskconnection\", \u0026integrationconnectors.ConnectionArgs{\n\t\t\tName: pulumi.String(\"test-zendesk\"),\n\t\t\tDescription: pulumi.String(\"tf updated description\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tServiceAccount: pulumi.Sprintf(\"%v-compute@developer.gserviceaccount.com\", testProject.Number),\n\t\t\tConnectorVersion: pulumi.Sprintf(\"projects/%v/locations/global/providers/zendesk/connectors/zendesk/versions/1\", testProject.ProjectId),\n\t\t\tConfigVariables: integrationconnectors.ConnectionConfigVariableArray{\n\t\t\t\t\u0026integrationconnectors.ConnectionConfigVariableArgs{\n\t\t\t\t\tKey: pulumi.String(\"proxy_enabled\"),\n\t\t\t\t\tBooleanValue: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t\t\u0026integrationconnectors.ConnectionConfigVariableArgs{\n\t\t\t\t\tKey: pulumi.String(\"sample_integer_value\"),\n\t\t\t\t\tIntegerValue: pulumi.Int(1),\n\t\t\t\t},\n\t\t\t\t\u0026integrationconnectors.ConnectionConfigVariableArgs{\n\t\t\t\t\tKey: pulumi.String(\"sample_encryption_key_value\"),\n\t\t\t\t\tEncryptionKeyValue: \u0026integrationconnectors.ConnectionConfigVariableEncryptionKeyValueArgs{\n\t\t\t\t\t\tType: pulumi.String(\"GOOGLE_MANAGED\"),\n\t\t\t\t\t\tKmsKeyName: pulumi.String(\"sampleKMSKkey\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026integrationconnectors.ConnectionConfigVariableArgs{\n\t\t\t\t\tKey: pulumi.String(\"sample_secret_value\"),\n\t\t\t\t\tSecretValue: \u0026integrationconnectors.ConnectionConfigVariableSecretValueArgs{\n\t\t\t\t\t\tSecretVersion: secret_version_basic.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tSuspended: pulumi.Bool(false),\n\t\t\tAuthConfig: \u0026integrationconnectors.ConnectionAuthConfigArgs{\n\t\t\t\tAdditionalVariables: integrationconnectors.ConnectionAuthConfigAdditionalVariableArray{\n\t\t\t\t\t\u0026integrationconnectors.ConnectionAuthConfigAdditionalVariableArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sample_string\"),\n\t\t\t\t\t\tStringValue: pulumi.String(\"sampleString\"),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026integrationconnectors.ConnectionAuthConfigAdditionalVariableArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sample_boolean\"),\n\t\t\t\t\t\tBooleanValue: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026integrationconnectors.ConnectionAuthConfigAdditionalVariableArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sample_integer\"),\n\t\t\t\t\t\tIntegerValue: pulumi.Int(1),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026integrationconnectors.ConnectionAuthConfigAdditionalVariableArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sample_secret_value\"),\n\t\t\t\t\t\tSecretValue: \u0026integrationconnectors.ConnectionAuthConfigAdditionalVariableSecretValueArgs{\n\t\t\t\t\t\t\tSecretVersion: secret_version_basic.Name,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026integrationconnectors.ConnectionAuthConfigAdditionalVariableArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sample_encryption_key_value\"),\n\t\t\t\t\t\tEncryptionKeyValue: \u0026integrationconnectors.ConnectionAuthConfigAdditionalVariableEncryptionKeyValueArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"GOOGLE_MANAGED\"),\n\t\t\t\t\t\t\tKmsKeyName: pulumi.String(\"sampleKMSKkey\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tAuthType: pulumi.String(\"USER_PASSWORD\"),\n\t\t\t\tAuthKey: pulumi.String(\"sampleAuthKey\"),\n\t\t\t\tUserPassword: \u0026integrationconnectors.ConnectionAuthConfigUserPasswordArgs{\n\t\t\t\t\tUsername: pulumi.String(\"user@xyz.com\"),\n\t\t\t\t\tPassword: \u0026integrationconnectors.ConnectionAuthConfigUserPasswordPasswordArgs{\n\t\t\t\t\t\tSecretVersion: secret_version_basic.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDestinationConfigs: integrationconnectors.ConnectionDestinationConfigArray{\n\t\t\t\t\u0026integrationconnectors.ConnectionDestinationConfigArgs{\n\t\t\t\t\tKey: pulumi.String(\"url\"),\n\t\t\t\t\tDestinations: integrationconnectors.ConnectionDestinationConfigDestinationArray{\n\t\t\t\t\t\t\u0026integrationconnectors.ConnectionDestinationConfigDestinationArgs{\n\t\t\t\t\t\t\tHost: pulumi.String(\"https://test.zendesk.com\"),\n\t\t\t\t\t\t\tPort: pulumi.Int(80),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tLockConfig: \u0026integrationconnectors.ConnectionLockConfigArgs{\n\t\t\t\tLocked: pulumi.Bool(false),\n\t\t\t\tReason: pulumi.String(\"Its not locked\"),\n\t\t\t},\n\t\t\tLogConfig: \u0026integrationconnectors.ConnectionLogConfigArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t\tNodeConfig: \u0026integrationconnectors.ConnectionNodeConfigArgs{\n\t\t\t\tMinNodeCount: pulumi.Int(2),\n\t\t\t\tMaxNodeCount: pulumi.Int(50),\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tSslConfig: \u0026integrationconnectors.ConnectionSslConfigArgs{\n\t\t\t\tAdditionalVariables: integrationconnectors.ConnectionSslConfigAdditionalVariableArray{\n\t\t\t\t\t\u0026integrationconnectors.ConnectionSslConfigAdditionalVariableArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sample_string\"),\n\t\t\t\t\t\tStringValue: pulumi.String(\"sampleString\"),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026integrationconnectors.ConnectionSslConfigAdditionalVariableArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sample_boolean\"),\n\t\t\t\t\t\tBooleanValue: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026integrationconnectors.ConnectionSslConfigAdditionalVariableArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sample_integer\"),\n\t\t\t\t\t\tIntegerValue: pulumi.Int(1),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026integrationconnectors.ConnectionSslConfigAdditionalVariableArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sample_secret_value\"),\n\t\t\t\t\t\tSecretValue: \u0026integrationconnectors.ConnectionSslConfigAdditionalVariableSecretValueArgs{\n\t\t\t\t\t\t\tSecretVersion: secret_version_basic.Name,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026integrationconnectors.ConnectionSslConfigAdditionalVariableArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sample_encryption_key_value\"),\n\t\t\t\t\t\tEncryptionKeyValue: \u0026integrationconnectors.ConnectionSslConfigAdditionalVariableEncryptionKeyValueArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"GOOGLE_MANAGED\"),\n\t\t\t\t\t\t\tKmsKeyName: pulumi.String(\"sampleKMSKkey\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tClientCertType: pulumi.String(\"PEM\"),\n\t\t\t\tClientCertificate: \u0026integrationconnectors.ConnectionSslConfigClientCertificateArgs{\n\t\t\t\t\tSecretVersion: secret_version_basic.Name,\n\t\t\t\t},\n\t\t\t\tClientPrivateKey: \u0026integrationconnectors.ConnectionSslConfigClientPrivateKeyArgs{\n\t\t\t\t\tSecretVersion: secret_version_basic.Name,\n\t\t\t\t},\n\t\t\t\tClientPrivateKeyPass: \u0026integrationconnectors.ConnectionSslConfigClientPrivateKeyPassArgs{\n\t\t\t\t\tSecretVersion: secret_version_basic.Name,\n\t\t\t\t},\n\t\t\t\tPrivateServerCertificate: \u0026integrationconnectors.ConnectionSslConfigPrivateServerCertificateArgs{\n\t\t\t\t\tSecretVersion: secret_version_basic.Name,\n\t\t\t\t},\n\t\t\t\tServerCertType: pulumi.String(\"PEM\"),\n\t\t\t\tTrustModel: pulumi.String(\"PRIVATE\"),\n\t\t\t\tType: pulumi.String(\"TLS\"),\n\t\t\t\tUseSsl: pulumi.Bool(true),\n\t\t\t},\n\t\t\tEventingEnablementType: pulumi.String(\"EVENTING_AND_CONNECTION\"),\n\t\t\tEventingConfig: \u0026integrationconnectors.ConnectionEventingConfigArgs{\n\t\t\t\tAdditionalVariables: integrationconnectors.ConnectionEventingConfigAdditionalVariableArray{\n\t\t\t\t\t\u0026integrationconnectors.ConnectionEventingConfigAdditionalVariableArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sample_string\"),\n\t\t\t\t\t\tStringValue: pulumi.String(\"sampleString\"),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026integrationconnectors.ConnectionEventingConfigAdditionalVariableArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sample_boolean\"),\n\t\t\t\t\t\tBooleanValue: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026integrationconnectors.ConnectionEventingConfigAdditionalVariableArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sample_integer\"),\n\t\t\t\t\t\tIntegerValue: pulumi.Int(1),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026integrationconnectors.ConnectionEventingConfigAdditionalVariableArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sample_secret_value\"),\n\t\t\t\t\t\tSecretValue: \u0026integrationconnectors.ConnectionEventingConfigAdditionalVariableSecretValueArgs{\n\t\t\t\t\t\t\tSecretVersion: secret_version_basic.Name,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026integrationconnectors.ConnectionEventingConfigAdditionalVariableArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sample_encryption_key_value\"),\n\t\t\t\t\t\tEncryptionKeyValue: \u0026integrationconnectors.ConnectionEventingConfigAdditionalVariableEncryptionKeyValueArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"GOOGLE_MANAGED\"),\n\t\t\t\t\t\t\tKmsKeyName: pulumi.String(\"sampleKMSKkey\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tRegistrationDestinationConfig: \u0026integrationconnectors.ConnectionEventingConfigRegistrationDestinationConfigArgs{\n\t\t\t\t\tKey: pulumi.String(\"registration_destination_config\"),\n\t\t\t\t\tDestinations: integrationconnectors.ConnectionEventingConfigRegistrationDestinationConfigDestinationArray{\n\t\t\t\t\t\t\u0026integrationconnectors.ConnectionEventingConfigRegistrationDestinationConfigDestinationArgs{\n\t\t\t\t\t\t\tHost: pulumi.String(\"https://test.zendesk.com\"),\n\t\t\t\t\t\t\tPort: pulumi.Int(80),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tAuthConfig: \u0026integrationconnectors.ConnectionEventingConfigAuthConfigArgs{\n\t\t\t\t\tAuthType: pulumi.String(\"USER_PASSWORD\"),\n\t\t\t\t\tAuthKey: pulumi.String(\"sampleAuthKey\"),\n\t\t\t\t\tUserPassword: \u0026integrationconnectors.ConnectionEventingConfigAuthConfigUserPasswordArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"user@xyz.com\"),\n\t\t\t\t\t\tPassword: \u0026integrationconnectors.ConnectionEventingConfigAuthConfigUserPasswordPasswordArgs{\n\t\t\t\t\t\t\tSecretVersion: secret_version_basic.Name,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tAdditionalVariables: integrationconnectors.ConnectionEventingConfigAuthConfigAdditionalVariableArray{\n\t\t\t\t\t\t\u0026integrationconnectors.ConnectionEventingConfigAuthConfigAdditionalVariableArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"sample_string\"),\n\t\t\t\t\t\t\tStringValue: pulumi.String(\"sampleString\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026integrationconnectors.ConnectionEventingConfigAuthConfigAdditionalVariableArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"sample_boolean\"),\n\t\t\t\t\t\t\tBooleanValue: pulumi.Bool(false),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026integrationconnectors.ConnectionEventingConfigAuthConfigAdditionalVariableArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"sample_integer\"),\n\t\t\t\t\t\t\tIntegerValue: pulumi.Int(1),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026integrationconnectors.ConnectionEventingConfigAuthConfigAdditionalVariableArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"sample_secret_value\"),\n\t\t\t\t\t\t\tSecretValue: \u0026integrationconnectors.ConnectionEventingConfigAuthConfigAdditionalVariableSecretValueArgs{\n\t\t\t\t\t\t\t\tSecretVersion: secret_version_basic.Name,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026integrationconnectors.ConnectionEventingConfigAuthConfigAdditionalVariableArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"sample_encryption_key_value\"),\n\t\t\t\t\t\t\tEncryptionKeyValue: \u0026integrationconnectors.ConnectionEventingConfigAuthConfigAdditionalVariableEncryptionKeyValueArgs{\n\t\t\t\t\t\t\t\tType: pulumi.String(\"GOOGLE_MANAGED\"),\n\t\t\t\t\t\t\t\tKmsKeyName: pulumi.String(\"sampleKMSKkey\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tEnrichmentEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationUserManagedArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.integrationconnectors.Connection;\nimport com.pulumi.gcp.integrationconnectors.ConnectionArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionConfigVariableArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionConfigVariableEncryptionKeyValueArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionConfigVariableSecretValueArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionAuthConfigArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionAuthConfigUserPasswordArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionAuthConfigUserPasswordPasswordArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionDestinationConfigArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionLockConfigArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionLogConfigArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionNodeConfigArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionSslConfigArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionSslConfigClientCertificateArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionSslConfigClientPrivateKeyArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionSslConfigClientPrivateKeyPassArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionSslConfigPrivateServerCertificateArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionEventingConfigArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionEventingConfigRegistrationDestinationConfigArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionEventingConfigAuthConfigArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionEventingConfigAuthConfigUserPasswordArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionEventingConfigAuthConfigUserPasswordPasswordArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var testProject = OrganizationsFunctions.getProject();\n\n var secret_basic = new Secret(\"secret-basic\", SecretArgs.builder()\n .secretId(\"test-secret\")\n .replication(SecretReplicationArgs.builder()\n .userManaged(SecretReplicationUserManagedArgs.builder()\n .replicas(SecretReplicationUserManagedReplicaArgs.builder()\n .location(\"us-central1\")\n .build())\n .build())\n .build())\n .build());\n\n var secret_version_basic = new SecretVersion(\"secret-version-basic\", SecretVersionArgs.builder()\n .secret(secret_basic.id())\n .secretData(\"dummypassword\")\n .build());\n\n var secretIam = new SecretIamMember(\"secretIam\", SecretIamMemberArgs.builder()\n .secretId(secret_basic.id())\n .role(\"roles/secretmanager.admin\")\n .member(String.format(\"serviceAccount:%s-compute@developer.gserviceaccount.com\", testProject.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build(), CustomResourceOptions.builder()\n .dependsOn(secret_version_basic)\n .build());\n\n var zendeskconnection = new Connection(\"zendeskconnection\", ConnectionArgs.builder()\n .name(\"test-zendesk\")\n .description(\"tf updated description\")\n .location(\"us-central1\")\n .serviceAccount(String.format(\"%s-compute@developer.gserviceaccount.com\", testProject.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .connectorVersion(String.format(\"projects/%s/locations/global/providers/zendesk/connectors/zendesk/versions/1\", testProject.applyValue(getProjectResult -\u003e getProjectResult.projectId())))\n .configVariables( \n ConnectionConfigVariableArgs.builder()\n .key(\"proxy_enabled\")\n .booleanValue(false)\n .build(),\n ConnectionConfigVariableArgs.builder()\n .key(\"sample_integer_value\")\n .integerValue(1)\n .build(),\n ConnectionConfigVariableArgs.builder()\n .key(\"sample_encryption_key_value\")\n .encryptionKeyValue(ConnectionConfigVariableEncryptionKeyValueArgs.builder()\n .type(\"GOOGLE_MANAGED\")\n .kmsKeyName(\"sampleKMSKkey\")\n .build())\n .build(),\n ConnectionConfigVariableArgs.builder()\n .key(\"sample_secret_value\")\n .secretValue(ConnectionConfigVariableSecretValueArgs.builder()\n .secretVersion(secret_version_basic.name())\n .build())\n .build())\n .suspended(false)\n .authConfig(ConnectionAuthConfigArgs.builder()\n .additionalVariables( \n ConnectionAuthConfigAdditionalVariableArgs.builder()\n .key(\"sample_string\")\n .stringValue(\"sampleString\")\n .build(),\n ConnectionAuthConfigAdditionalVariableArgs.builder()\n .key(\"sample_boolean\")\n .booleanValue(false)\n .build(),\n ConnectionAuthConfigAdditionalVariableArgs.builder()\n .key(\"sample_integer\")\n .integerValue(1)\n .build(),\n ConnectionAuthConfigAdditionalVariableArgs.builder()\n .key(\"sample_secret_value\")\n .secretValue(ConnectionAuthConfigAdditionalVariableSecretValueArgs.builder()\n .secretVersion(secret_version_basic.name())\n .build())\n .build(),\n ConnectionAuthConfigAdditionalVariableArgs.builder()\n .key(\"sample_encryption_key_value\")\n .encryptionKeyValue(ConnectionAuthConfigAdditionalVariableEncryptionKeyValueArgs.builder()\n .type(\"GOOGLE_MANAGED\")\n .kmsKeyName(\"sampleKMSKkey\")\n .build())\n .build())\n .authType(\"USER_PASSWORD\")\n .authKey(\"sampleAuthKey\")\n .userPassword(ConnectionAuthConfigUserPasswordArgs.builder()\n .username(\"user@xyz.com\")\n .password(ConnectionAuthConfigUserPasswordPasswordArgs.builder()\n .secretVersion(secret_version_basic.name())\n .build())\n .build())\n .build())\n .destinationConfigs(ConnectionDestinationConfigArgs.builder()\n .key(\"url\")\n .destinations(ConnectionDestinationConfigDestinationArgs.builder()\n .host(\"https://test.zendesk.com\")\n .port(80)\n .build())\n .build())\n .lockConfig(ConnectionLockConfigArgs.builder()\n .locked(false)\n .reason(\"Its not locked\")\n .build())\n .logConfig(ConnectionLogConfigArgs.builder()\n .enabled(true)\n .build())\n .nodeConfig(ConnectionNodeConfigArgs.builder()\n .minNodeCount(2)\n .maxNodeCount(50)\n .build())\n .labels(Map.of(\"foo\", \"bar\"))\n .sslConfig(ConnectionSslConfigArgs.builder()\n .additionalVariables( \n ConnectionSslConfigAdditionalVariableArgs.builder()\n .key(\"sample_string\")\n .stringValue(\"sampleString\")\n .build(),\n ConnectionSslConfigAdditionalVariableArgs.builder()\n .key(\"sample_boolean\")\n .booleanValue(false)\n .build(),\n ConnectionSslConfigAdditionalVariableArgs.builder()\n .key(\"sample_integer\")\n .integerValue(1)\n .build(),\n ConnectionSslConfigAdditionalVariableArgs.builder()\n .key(\"sample_secret_value\")\n .secretValue(ConnectionSslConfigAdditionalVariableSecretValueArgs.builder()\n .secretVersion(secret_version_basic.name())\n .build())\n .build(),\n ConnectionSslConfigAdditionalVariableArgs.builder()\n .key(\"sample_encryption_key_value\")\n .encryptionKeyValue(ConnectionSslConfigAdditionalVariableEncryptionKeyValueArgs.builder()\n .type(\"GOOGLE_MANAGED\")\n .kmsKeyName(\"sampleKMSKkey\")\n .build())\n .build())\n .clientCertType(\"PEM\")\n .clientCertificate(ConnectionSslConfigClientCertificateArgs.builder()\n .secretVersion(secret_version_basic.name())\n .build())\n .clientPrivateKey(ConnectionSslConfigClientPrivateKeyArgs.builder()\n .secretVersion(secret_version_basic.name())\n .build())\n .clientPrivateKeyPass(ConnectionSslConfigClientPrivateKeyPassArgs.builder()\n .secretVersion(secret_version_basic.name())\n .build())\n .privateServerCertificate(ConnectionSslConfigPrivateServerCertificateArgs.builder()\n .secretVersion(secret_version_basic.name())\n .build())\n .serverCertType(\"PEM\")\n .trustModel(\"PRIVATE\")\n .type(\"TLS\")\n .useSsl(true)\n .build())\n .eventingEnablementType(\"EVENTING_AND_CONNECTION\")\n .eventingConfig(ConnectionEventingConfigArgs.builder()\n .additionalVariables( \n ConnectionEventingConfigAdditionalVariableArgs.builder()\n .key(\"sample_string\")\n .stringValue(\"sampleString\")\n .build(),\n ConnectionEventingConfigAdditionalVariableArgs.builder()\n .key(\"sample_boolean\")\n .booleanValue(false)\n .build(),\n ConnectionEventingConfigAdditionalVariableArgs.builder()\n .key(\"sample_integer\")\n .integerValue(1)\n .build(),\n ConnectionEventingConfigAdditionalVariableArgs.builder()\n .key(\"sample_secret_value\")\n .secretValue(ConnectionEventingConfigAdditionalVariableSecretValueArgs.builder()\n .secretVersion(secret_version_basic.name())\n .build())\n .build(),\n ConnectionEventingConfigAdditionalVariableArgs.builder()\n .key(\"sample_encryption_key_value\")\n .encryptionKeyValue(ConnectionEventingConfigAdditionalVariableEncryptionKeyValueArgs.builder()\n .type(\"GOOGLE_MANAGED\")\n .kmsKeyName(\"sampleKMSKkey\")\n .build())\n .build())\n .registrationDestinationConfig(ConnectionEventingConfigRegistrationDestinationConfigArgs.builder()\n .key(\"registration_destination_config\")\n .destinations(ConnectionEventingConfigRegistrationDestinationConfigDestinationArgs.builder()\n .host(\"https://test.zendesk.com\")\n .port(80)\n .build())\n .build())\n .authConfig(ConnectionEventingConfigAuthConfigArgs.builder()\n .authType(\"USER_PASSWORD\")\n .authKey(\"sampleAuthKey\")\n .userPassword(ConnectionEventingConfigAuthConfigUserPasswordArgs.builder()\n .username(\"user@xyz.com\")\n .password(ConnectionEventingConfigAuthConfigUserPasswordPasswordArgs.builder()\n .secretVersion(secret_version_basic.name())\n .build())\n .build())\n .additionalVariables( \n ConnectionEventingConfigAuthConfigAdditionalVariableArgs.builder()\n .key(\"sample_string\")\n .stringValue(\"sampleString\")\n .build(),\n ConnectionEventingConfigAuthConfigAdditionalVariableArgs.builder()\n .key(\"sample_boolean\")\n .booleanValue(false)\n .build(),\n ConnectionEventingConfigAuthConfigAdditionalVariableArgs.builder()\n .key(\"sample_integer\")\n .integerValue(1)\n .build(),\n ConnectionEventingConfigAuthConfigAdditionalVariableArgs.builder()\n .key(\"sample_secret_value\")\n .secretValue(ConnectionEventingConfigAuthConfigAdditionalVariableSecretValueArgs.builder()\n .secretVersion(secret_version_basic.name())\n .build())\n .build(),\n ConnectionEventingConfigAuthConfigAdditionalVariableArgs.builder()\n .key(\"sample_encryption_key_value\")\n .encryptionKeyValue(ConnectionEventingConfigAuthConfigAdditionalVariableEncryptionKeyValueArgs.builder()\n .type(\"GOOGLE_MANAGED\")\n .kmsKeyName(\"sampleKMSKkey\")\n .build())\n .build())\n .build())\n .enrichmentEnabled(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n secret-basic:\n type: gcp:secretmanager:Secret\n properties:\n secretId: test-secret\n replication:\n userManaged:\n replicas:\n - location: us-central1\n secret-version-basic:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${[\"secret-basic\"].id}\n secretData: dummypassword\n secretIam:\n type: gcp:secretmanager:SecretIamMember\n name: secret_iam\n properties:\n secretId: ${[\"secret-basic\"].id}\n role: roles/secretmanager.admin\n member: serviceAccount:${testProject.number}-compute@developer.gserviceaccount.com\n options:\n dependson:\n - ${[\"secret-version-basic\"]}\n zendeskconnection:\n type: gcp:integrationconnectors:Connection\n properties:\n name: test-zendesk\n description: tf updated description\n location: us-central1\n serviceAccount: ${testProject.number}-compute@developer.gserviceaccount.com\n connectorVersion: projects/${testProject.projectId}/locations/global/providers/zendesk/connectors/zendesk/versions/1\n configVariables:\n - key: proxy_enabled\n booleanValue: false\n - key: sample_integer_value\n integerValue: 1\n - key: sample_encryption_key_value\n encryptionKeyValue:\n type: GOOGLE_MANAGED\n kmsKeyName: sampleKMSKkey\n - key: sample_secret_value\n secretValue:\n secretVersion: ${[\"secret-version-basic\"].name}\n suspended: false\n authConfig:\n additionalVariables:\n - key: sample_string\n stringValue: sampleString\n - key: sample_boolean\n booleanValue: false\n - key: sample_integer\n integerValue: 1\n - key: sample_secret_value\n secretValue:\n secretVersion: ${[\"secret-version-basic\"].name}\n - key: sample_encryption_key_value\n encryptionKeyValue:\n type: GOOGLE_MANAGED\n kmsKeyName: sampleKMSKkey\n authType: USER_PASSWORD\n authKey: sampleAuthKey\n userPassword:\n username: user@xyz.com\n password:\n secretVersion: ${[\"secret-version-basic\"].name}\n destinationConfigs:\n - key: url\n destinations:\n - host: https://test.zendesk.com\n port: 80\n lockConfig:\n locked: false\n reason: Its not locked\n logConfig:\n enabled: true\n nodeConfig:\n minNodeCount: 2\n maxNodeCount: 50\n labels:\n foo: bar\n sslConfig:\n additionalVariables:\n - key: sample_string\n stringValue: sampleString\n - key: sample_boolean\n booleanValue: false\n - key: sample_integer\n integerValue: 1\n - key: sample_secret_value\n secretValue:\n secretVersion: ${[\"secret-version-basic\"].name}\n - key: sample_encryption_key_value\n encryptionKeyValue:\n type: GOOGLE_MANAGED\n kmsKeyName: sampleKMSKkey\n clientCertType: PEM\n clientCertificate:\n secretVersion: ${[\"secret-version-basic\"].name}\n clientPrivateKey:\n secretVersion: ${[\"secret-version-basic\"].name}\n clientPrivateKeyPass:\n secretVersion: ${[\"secret-version-basic\"].name}\n privateServerCertificate:\n secretVersion: ${[\"secret-version-basic\"].name}\n serverCertType: PEM\n trustModel: PRIVATE\n type: TLS\n useSsl: true\n eventingEnablementType: EVENTING_AND_CONNECTION\n eventingConfig:\n additionalVariables:\n - key: sample_string\n stringValue: sampleString\n - key: sample_boolean\n booleanValue: false\n - key: sample_integer\n integerValue: 1\n - key: sample_secret_value\n secretValue:\n secretVersion: ${[\"secret-version-basic\"].name}\n - key: sample_encryption_key_value\n encryptionKeyValue:\n type: GOOGLE_MANAGED\n kmsKeyName: sampleKMSKkey\n registrationDestinationConfig:\n key: registration_destination_config\n destinations:\n - host: https://test.zendesk.com\n port: 80\n authConfig:\n authType: USER_PASSWORD\n authKey: sampleAuthKey\n userPassword:\n username: user@xyz.com\n password:\n secretVersion: ${[\"secret-version-basic\"].name}\n additionalVariables:\n - key: sample_string\n stringValue: sampleString\n - key: sample_boolean\n booleanValue: false\n - key: sample_integer\n integerValue: 1\n - key: sample_secret_value\n secretValue:\n secretVersion: ${[\"secret-version-basic\"].name}\n - key: sample_encryption_key_value\n encryptionKeyValue:\n type: GOOGLE_MANAGED\n kmsKeyName: sampleKMSKkey\n enrichmentEnabled: true\nvariables:\n testProject:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nConnection can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/connections/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Connection can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:integrationconnectors/connection:Connection default projects/{{project}}/locations/{{location}}/connections/{{name}}\n```\n\n```sh\n$ pulumi import gcp:integrationconnectors/connection:Connection default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:integrationconnectors/connection:Connection default {{location}}/{{name}}\n```\n\n", + "description": "An Integration connectors Connection.\n\n\nTo get more information about Connection, see:\n\n* [API documentation](https://cloud.google.com/integration-connectors/docs/reference/rest/v1/projects.locations.connections)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/integration-connectors/docs/createconnection)\n\n## Example Usage\n\n### Integration Connectors Connection Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst testProject = gcp.organizations.getProject({});\nconst pubsubconnection = new gcp.integrationconnectors.Connection(\"pubsubconnection\", {\n name: \"test-pubsub\",\n location: \"us-central1\",\n connectorVersion: testProject.then(testProject =\u003e `projects/${testProject.projectId}/locations/global/providers/gcp/connectors/pubsub/versions/1`),\n description: \"tf created description\",\n configVariables: [\n {\n key: \"project_id\",\n stringValue: \"connectors-example\",\n },\n {\n key: \"topic_id\",\n stringValue: \"test\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest_project = gcp.organizations.get_project()\npubsubconnection = gcp.integrationconnectors.Connection(\"pubsubconnection\",\n name=\"test-pubsub\",\n location=\"us-central1\",\n connector_version=f\"projects/{test_project.project_id}/locations/global/providers/gcp/connectors/pubsub/versions/1\",\n description=\"tf created description\",\n config_variables=[\n {\n \"key\": \"project_id\",\n \"string_value\": \"connectors-example\",\n },\n {\n \"key\": \"topic_id\",\n \"string_value\": \"test\",\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testProject = Gcp.Organizations.GetProject.Invoke();\n\n var pubsubconnection = new Gcp.IntegrationConnectors.Connection(\"pubsubconnection\", new()\n {\n Name = \"test-pubsub\",\n Location = \"us-central1\",\n ConnectorVersion = $\"projects/{testProject.Apply(getProjectResult =\u003e getProjectResult.ProjectId)}/locations/global/providers/gcp/connectors/pubsub/versions/1\",\n Description = \"tf created description\",\n ConfigVariables = new[]\n {\n new Gcp.IntegrationConnectors.Inputs.ConnectionConfigVariableArgs\n {\n Key = \"project_id\",\n StringValue = \"connectors-example\",\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionConfigVariableArgs\n {\n Key = \"topic_id\",\n StringValue = \"test\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/integrationconnectors\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestProject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = integrationconnectors.NewConnection(ctx, \"pubsubconnection\", \u0026integrationconnectors.ConnectionArgs{\n\t\t\tName: pulumi.String(\"test-pubsub\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConnectorVersion: pulumi.Sprintf(\"projects/%v/locations/global/providers/gcp/connectors/pubsub/versions/1\", testProject.ProjectId),\n\t\t\tDescription: pulumi.String(\"tf created description\"),\n\t\t\tConfigVariables: integrationconnectors.ConnectionConfigVariableArray{\n\t\t\t\t\u0026integrationconnectors.ConnectionConfigVariableArgs{\n\t\t\t\t\tKey: pulumi.String(\"project_id\"),\n\t\t\t\t\tStringValue: pulumi.String(\"connectors-example\"),\n\t\t\t\t},\n\t\t\t\t\u0026integrationconnectors.ConnectionConfigVariableArgs{\n\t\t\t\t\tKey: pulumi.String(\"topic_id\"),\n\t\t\t\t\tStringValue: pulumi.String(\"test\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.integrationconnectors.Connection;\nimport com.pulumi.gcp.integrationconnectors.ConnectionArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionConfigVariableArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var testProject = OrganizationsFunctions.getProject();\n\n var pubsubconnection = new Connection(\"pubsubconnection\", ConnectionArgs.builder()\n .name(\"test-pubsub\")\n .location(\"us-central1\")\n .connectorVersion(String.format(\"projects/%s/locations/global/providers/gcp/connectors/pubsub/versions/1\", testProject.applyValue(getProjectResult -\u003e getProjectResult.projectId())))\n .description(\"tf created description\")\n .configVariables( \n ConnectionConfigVariableArgs.builder()\n .key(\"project_id\")\n .stringValue(\"connectors-example\")\n .build(),\n ConnectionConfigVariableArgs.builder()\n .key(\"topic_id\")\n .stringValue(\"test\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pubsubconnection:\n type: gcp:integrationconnectors:Connection\n properties:\n name: test-pubsub\n location: us-central1\n connectorVersion: projects/${testProject.projectId}/locations/global/providers/gcp/connectors/pubsub/versions/1\n description: tf created description\n configVariables:\n - key: project_id\n stringValue: connectors-example\n - key: topic_id\n stringValue: test\nvariables:\n testProject:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Integration Connectors Connection Advanced\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst testProject = gcp.organizations.getProject({});\nconst secret_basic = new gcp.secretmanager.Secret(\"secret-basic\", {\n secretId: \"test-secret\",\n replication: {\n userManaged: {\n replicas: [{\n location: \"us-central1\",\n }],\n },\n },\n});\nconst secret_version_basic = new gcp.secretmanager.SecretVersion(\"secret-version-basic\", {\n secret: secret_basic.id,\n secretData: \"dummypassword\",\n});\nconst secretIam = new gcp.secretmanager.SecretIamMember(\"secret_iam\", {\n secretId: secret_basic.id,\n role: \"roles/secretmanager.admin\",\n member: testProject.then(testProject =\u003e `serviceAccount:${testProject.number}-compute@developer.gserviceaccount.com`),\n}, {\n dependsOn: [secret_version_basic],\n});\nconst zendeskconnection = new gcp.integrationconnectors.Connection(\"zendeskconnection\", {\n name: \"test-zendesk\",\n description: \"tf updated description\",\n location: \"us-central1\",\n serviceAccount: testProject.then(testProject =\u003e `${testProject.number}-compute@developer.gserviceaccount.com`),\n connectorVersion: testProject.then(testProject =\u003e `projects/${testProject.projectId}/locations/global/providers/zendesk/connectors/zendesk/versions/1`),\n configVariables: [\n {\n key: \"proxy_enabled\",\n booleanValue: false,\n },\n {\n key: \"sample_integer_value\",\n integerValue: 1,\n },\n {\n key: \"sample_encryption_key_value\",\n encryptionKeyValue: {\n type: \"GOOGLE_MANAGED\",\n kmsKeyName: \"sampleKMSKkey\",\n },\n },\n {\n key: \"sample_secret_value\",\n secretValue: {\n secretVersion: secret_version_basic.name,\n },\n },\n ],\n suspended: false,\n authConfig: {\n additionalVariables: [\n {\n key: \"sample_string\",\n stringValue: \"sampleString\",\n },\n {\n key: \"sample_boolean\",\n booleanValue: false,\n },\n {\n key: \"sample_integer\",\n integerValue: 1,\n },\n {\n key: \"sample_secret_value\",\n secretValue: {\n secretVersion: secret_version_basic.name,\n },\n },\n {\n key: \"sample_encryption_key_value\",\n encryptionKeyValue: {\n type: \"GOOGLE_MANAGED\",\n kmsKeyName: \"sampleKMSKkey\",\n },\n },\n ],\n authType: \"USER_PASSWORD\",\n authKey: \"sampleAuthKey\",\n userPassword: {\n username: \"user@xyz.com\",\n password: {\n secretVersion: secret_version_basic.name,\n },\n },\n },\n destinationConfigs: [{\n key: \"url\",\n destinations: [{\n host: \"https://test.zendesk.com\",\n port: 80,\n }],\n }],\n lockConfig: {\n locked: false,\n reason: \"Its not locked\",\n },\n logConfig: {\n enabled: true,\n },\n nodeConfig: {\n minNodeCount: 2,\n maxNodeCount: 50,\n },\n labels: {\n foo: \"bar\",\n },\n sslConfig: {\n additionalVariables: [\n {\n key: \"sample_string\",\n stringValue: \"sampleString\",\n },\n {\n key: \"sample_boolean\",\n booleanValue: false,\n },\n {\n key: \"sample_integer\",\n integerValue: 1,\n },\n {\n key: \"sample_secret_value\",\n secretValue: {\n secretVersion: secret_version_basic.name,\n },\n },\n {\n key: \"sample_encryption_key_value\",\n encryptionKeyValue: {\n type: \"GOOGLE_MANAGED\",\n kmsKeyName: \"sampleKMSKkey\",\n },\n },\n ],\n clientCertType: \"PEM\",\n clientCertificate: {\n secretVersion: secret_version_basic.name,\n },\n clientPrivateKey: {\n secretVersion: secret_version_basic.name,\n },\n clientPrivateKeyPass: {\n secretVersion: secret_version_basic.name,\n },\n privateServerCertificate: {\n secretVersion: secret_version_basic.name,\n },\n serverCertType: \"PEM\",\n trustModel: \"PRIVATE\",\n type: \"TLS\",\n useSsl: true,\n },\n eventingEnablementType: \"EVENTING_AND_CONNECTION\",\n eventingConfig: {\n additionalVariables: [\n {\n key: \"sample_string\",\n stringValue: \"sampleString\",\n },\n {\n key: \"sample_boolean\",\n booleanValue: false,\n },\n {\n key: \"sample_integer\",\n integerValue: 1,\n },\n {\n key: \"sample_secret_value\",\n secretValue: {\n secretVersion: secret_version_basic.name,\n },\n },\n {\n key: \"sample_encryption_key_value\",\n encryptionKeyValue: {\n type: \"GOOGLE_MANAGED\",\n kmsKeyName: \"sampleKMSKkey\",\n },\n },\n ],\n registrationDestinationConfig: {\n key: \"registration_destination_config\",\n destinations: [{\n host: \"https://test.zendesk.com\",\n port: 80,\n }],\n },\n authConfig: {\n authType: \"USER_PASSWORD\",\n authKey: \"sampleAuthKey\",\n userPassword: {\n username: \"user@xyz.com\",\n password: {\n secretVersion: secret_version_basic.name,\n },\n },\n additionalVariables: [\n {\n key: \"sample_string\",\n stringValue: \"sampleString\",\n },\n {\n key: \"sample_boolean\",\n booleanValue: false,\n },\n {\n key: \"sample_integer\",\n integerValue: 1,\n },\n {\n key: \"sample_secret_value\",\n secretValue: {\n secretVersion: secret_version_basic.name,\n },\n },\n {\n key: \"sample_encryption_key_value\",\n encryptionKeyValue: {\n type: \"GOOGLE_MANAGED\",\n kmsKeyName: \"sampleKMSKkey\",\n },\n },\n ],\n },\n enrichmentEnabled: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest_project = gcp.organizations.get_project()\nsecret_basic = gcp.secretmanager.Secret(\"secret-basic\",\n secret_id=\"test-secret\",\n replication={\n \"user_managed\": {\n \"replicas\": [{\n \"location\": \"us-central1\",\n }],\n },\n })\nsecret_version_basic = gcp.secretmanager.SecretVersion(\"secret-version-basic\",\n secret=secret_basic.id,\n secret_data=\"dummypassword\")\nsecret_iam = gcp.secretmanager.SecretIamMember(\"secret_iam\",\n secret_id=secret_basic.id,\n role=\"roles/secretmanager.admin\",\n member=f\"serviceAccount:{test_project.number}-compute@developer.gserviceaccount.com\",\n opts = pulumi.ResourceOptions(depends_on=[secret_version_basic]))\nzendeskconnection = gcp.integrationconnectors.Connection(\"zendeskconnection\",\n name=\"test-zendesk\",\n description=\"tf updated description\",\n location=\"us-central1\",\n service_account=f\"{test_project.number}-compute@developer.gserviceaccount.com\",\n connector_version=f\"projects/{test_project.project_id}/locations/global/providers/zendesk/connectors/zendesk/versions/1\",\n config_variables=[\n {\n \"key\": \"proxy_enabled\",\n \"boolean_value\": False,\n },\n {\n \"key\": \"sample_integer_value\",\n \"integer_value\": 1,\n },\n {\n \"key\": \"sample_encryption_key_value\",\n \"encryption_key_value\": {\n \"type\": \"GOOGLE_MANAGED\",\n \"kms_key_name\": \"sampleKMSKkey\",\n },\n },\n {\n \"key\": \"sample_secret_value\",\n \"secret_value\": {\n \"secret_version\": secret_version_basic.name,\n },\n },\n ],\n suspended=False,\n auth_config={\n \"additional_variables\": [\n {\n \"key\": \"sample_string\",\n \"string_value\": \"sampleString\",\n },\n {\n \"key\": \"sample_boolean\",\n \"boolean_value\": False,\n },\n {\n \"key\": \"sample_integer\",\n \"integer_value\": 1,\n },\n {\n \"key\": \"sample_secret_value\",\n \"secret_value\": {\n \"secret_version\": secret_version_basic.name,\n },\n },\n {\n \"key\": \"sample_encryption_key_value\",\n \"encryption_key_value\": {\n \"type\": \"GOOGLE_MANAGED\",\n \"kms_key_name\": \"sampleKMSKkey\",\n },\n },\n ],\n \"auth_type\": \"USER_PASSWORD\",\n \"auth_key\": \"sampleAuthKey\",\n \"user_password\": {\n \"username\": \"user@xyz.com\",\n \"password\": {\n \"secret_version\": secret_version_basic.name,\n },\n },\n },\n destination_configs=[{\n \"key\": \"url\",\n \"destinations\": [{\n \"host\": \"https://test.zendesk.com\",\n \"port\": 80,\n }],\n }],\n lock_config={\n \"locked\": False,\n \"reason\": \"Its not locked\",\n },\n log_config={\n \"enabled\": True,\n },\n node_config={\n \"min_node_count\": 2,\n \"max_node_count\": 50,\n },\n labels={\n \"foo\": \"bar\",\n },\n ssl_config={\n \"additional_variables\": [\n {\n \"key\": \"sample_string\",\n \"string_value\": \"sampleString\",\n },\n {\n \"key\": \"sample_boolean\",\n \"boolean_value\": False,\n },\n {\n \"key\": \"sample_integer\",\n \"integer_value\": 1,\n },\n {\n \"key\": \"sample_secret_value\",\n \"secret_value\": {\n \"secret_version\": secret_version_basic.name,\n },\n },\n {\n \"key\": \"sample_encryption_key_value\",\n \"encryption_key_value\": {\n \"type\": \"GOOGLE_MANAGED\",\n \"kms_key_name\": \"sampleKMSKkey\",\n },\n },\n ],\n \"client_cert_type\": \"PEM\",\n \"client_certificate\": {\n \"secret_version\": secret_version_basic.name,\n },\n \"client_private_key\": {\n \"secret_version\": secret_version_basic.name,\n },\n \"client_private_key_pass\": {\n \"secret_version\": secret_version_basic.name,\n },\n \"private_server_certificate\": {\n \"secret_version\": secret_version_basic.name,\n },\n \"server_cert_type\": \"PEM\",\n \"trust_model\": \"PRIVATE\",\n \"type\": \"TLS\",\n \"use_ssl\": True,\n },\n eventing_enablement_type=\"EVENTING_AND_CONNECTION\",\n eventing_config={\n \"additional_variables\": [\n {\n \"key\": \"sample_string\",\n \"string_value\": \"sampleString\",\n },\n {\n \"key\": \"sample_boolean\",\n \"boolean_value\": False,\n },\n {\n \"key\": \"sample_integer\",\n \"integer_value\": 1,\n },\n {\n \"key\": \"sample_secret_value\",\n \"secret_value\": {\n \"secret_version\": secret_version_basic.name,\n },\n },\n {\n \"key\": \"sample_encryption_key_value\",\n \"encryption_key_value\": {\n \"type\": \"GOOGLE_MANAGED\",\n \"kms_key_name\": \"sampleKMSKkey\",\n },\n },\n ],\n \"registration_destination_config\": {\n \"key\": \"registration_destination_config\",\n \"destinations\": [{\n \"host\": \"https://test.zendesk.com\",\n \"port\": 80,\n }],\n },\n \"auth_config\": {\n \"auth_type\": \"USER_PASSWORD\",\n \"auth_key\": \"sampleAuthKey\",\n \"user_password\": {\n \"username\": \"user@xyz.com\",\n \"password\": {\n \"secret_version\": secret_version_basic.name,\n },\n },\n \"additional_variables\": [\n {\n \"key\": \"sample_string\",\n \"string_value\": \"sampleString\",\n },\n {\n \"key\": \"sample_boolean\",\n \"boolean_value\": False,\n },\n {\n \"key\": \"sample_integer\",\n \"integer_value\": 1,\n },\n {\n \"key\": \"sample_secret_value\",\n \"secret_value\": {\n \"secret_version\": secret_version_basic.name,\n },\n },\n {\n \"key\": \"sample_encryption_key_value\",\n \"encryption_key_value\": {\n \"type\": \"GOOGLE_MANAGED\",\n \"kms_key_name\": \"sampleKMSKkey\",\n },\n },\n ],\n },\n \"enrichment_enabled\": True,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testProject = Gcp.Organizations.GetProject.Invoke();\n\n var secret_basic = new Gcp.SecretManager.Secret(\"secret-basic\", new()\n {\n SecretId = \"test-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n UserManaged = new Gcp.SecretManager.Inputs.SecretReplicationUserManagedArgs\n {\n Replicas = new[]\n {\n new Gcp.SecretManager.Inputs.SecretReplicationUserManagedReplicaArgs\n {\n Location = \"us-central1\",\n },\n },\n },\n },\n });\n\n var secret_version_basic = new Gcp.SecretManager.SecretVersion(\"secret-version-basic\", new()\n {\n Secret = secret_basic.Id,\n SecretData = \"dummypassword\",\n });\n\n var secretIam = new Gcp.SecretManager.SecretIamMember(\"secret_iam\", new()\n {\n SecretId = secret_basic.Id,\n Role = \"roles/secretmanager.admin\",\n Member = $\"serviceAccount:{testProject.Apply(getProjectResult =\u003e getProjectResult.Number)}-compute@developer.gserviceaccount.com\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n secret_version_basic,\n },\n });\n\n var zendeskconnection = new Gcp.IntegrationConnectors.Connection(\"zendeskconnection\", new()\n {\n Name = \"test-zendesk\",\n Description = \"tf updated description\",\n Location = \"us-central1\",\n ServiceAccount = $\"{testProject.Apply(getProjectResult =\u003e getProjectResult.Number)}-compute@developer.gserviceaccount.com\",\n ConnectorVersion = $\"projects/{testProject.Apply(getProjectResult =\u003e getProjectResult.ProjectId)}/locations/global/providers/zendesk/connectors/zendesk/versions/1\",\n ConfigVariables = new[]\n {\n new Gcp.IntegrationConnectors.Inputs.ConnectionConfigVariableArgs\n {\n Key = \"proxy_enabled\",\n BooleanValue = false,\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionConfigVariableArgs\n {\n Key = \"sample_integer_value\",\n IntegerValue = 1,\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionConfigVariableArgs\n {\n Key = \"sample_encryption_key_value\",\n EncryptionKeyValue = new Gcp.IntegrationConnectors.Inputs.ConnectionConfigVariableEncryptionKeyValueArgs\n {\n Type = \"GOOGLE_MANAGED\",\n KmsKeyName = \"sampleKMSKkey\",\n },\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionConfigVariableArgs\n {\n Key = \"sample_secret_value\",\n SecretValue = new Gcp.IntegrationConnectors.Inputs.ConnectionConfigVariableSecretValueArgs\n {\n SecretVersion = secret_version_basic.Name,\n },\n },\n },\n Suspended = false,\n AuthConfig = new Gcp.IntegrationConnectors.Inputs.ConnectionAuthConfigArgs\n {\n AdditionalVariables = new[]\n {\n new Gcp.IntegrationConnectors.Inputs.ConnectionAuthConfigAdditionalVariableArgs\n {\n Key = \"sample_string\",\n StringValue = \"sampleString\",\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionAuthConfigAdditionalVariableArgs\n {\n Key = \"sample_boolean\",\n BooleanValue = false,\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionAuthConfigAdditionalVariableArgs\n {\n Key = \"sample_integer\",\n IntegerValue = 1,\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionAuthConfigAdditionalVariableArgs\n {\n Key = \"sample_secret_value\",\n SecretValue = new Gcp.IntegrationConnectors.Inputs.ConnectionAuthConfigAdditionalVariableSecretValueArgs\n {\n SecretVersion = secret_version_basic.Name,\n },\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionAuthConfigAdditionalVariableArgs\n {\n Key = \"sample_encryption_key_value\",\n EncryptionKeyValue = new Gcp.IntegrationConnectors.Inputs.ConnectionAuthConfigAdditionalVariableEncryptionKeyValueArgs\n {\n Type = \"GOOGLE_MANAGED\",\n KmsKeyName = \"sampleKMSKkey\",\n },\n },\n },\n AuthType = \"USER_PASSWORD\",\n AuthKey = \"sampleAuthKey\",\n UserPassword = new Gcp.IntegrationConnectors.Inputs.ConnectionAuthConfigUserPasswordArgs\n {\n Username = \"user@xyz.com\",\n Password = new Gcp.IntegrationConnectors.Inputs.ConnectionAuthConfigUserPasswordPasswordArgs\n {\n SecretVersion = secret_version_basic.Name,\n },\n },\n },\n DestinationConfigs = new[]\n {\n new Gcp.IntegrationConnectors.Inputs.ConnectionDestinationConfigArgs\n {\n Key = \"url\",\n Destinations = new[]\n {\n new Gcp.IntegrationConnectors.Inputs.ConnectionDestinationConfigDestinationArgs\n {\n Host = \"https://test.zendesk.com\",\n Port = 80,\n },\n },\n },\n },\n LockConfig = new Gcp.IntegrationConnectors.Inputs.ConnectionLockConfigArgs\n {\n Locked = false,\n Reason = \"Its not locked\",\n },\n LogConfig = new Gcp.IntegrationConnectors.Inputs.ConnectionLogConfigArgs\n {\n Enabled = true,\n },\n NodeConfig = new Gcp.IntegrationConnectors.Inputs.ConnectionNodeConfigArgs\n {\n MinNodeCount = 2,\n MaxNodeCount = 50,\n },\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n SslConfig = new Gcp.IntegrationConnectors.Inputs.ConnectionSslConfigArgs\n {\n AdditionalVariables = new[]\n {\n new Gcp.IntegrationConnectors.Inputs.ConnectionSslConfigAdditionalVariableArgs\n {\n Key = \"sample_string\",\n StringValue = \"sampleString\",\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionSslConfigAdditionalVariableArgs\n {\n Key = \"sample_boolean\",\n BooleanValue = false,\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionSslConfigAdditionalVariableArgs\n {\n Key = \"sample_integer\",\n IntegerValue = 1,\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionSslConfigAdditionalVariableArgs\n {\n Key = \"sample_secret_value\",\n SecretValue = new Gcp.IntegrationConnectors.Inputs.ConnectionSslConfigAdditionalVariableSecretValueArgs\n {\n SecretVersion = secret_version_basic.Name,\n },\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionSslConfigAdditionalVariableArgs\n {\n Key = \"sample_encryption_key_value\",\n EncryptionKeyValue = new Gcp.IntegrationConnectors.Inputs.ConnectionSslConfigAdditionalVariableEncryptionKeyValueArgs\n {\n Type = \"GOOGLE_MANAGED\",\n KmsKeyName = \"sampleKMSKkey\",\n },\n },\n },\n ClientCertType = \"PEM\",\n ClientCertificate = new Gcp.IntegrationConnectors.Inputs.ConnectionSslConfigClientCertificateArgs\n {\n SecretVersion = secret_version_basic.Name,\n },\n ClientPrivateKey = new Gcp.IntegrationConnectors.Inputs.ConnectionSslConfigClientPrivateKeyArgs\n {\n SecretVersion = secret_version_basic.Name,\n },\n ClientPrivateKeyPass = new Gcp.IntegrationConnectors.Inputs.ConnectionSslConfigClientPrivateKeyPassArgs\n {\n SecretVersion = secret_version_basic.Name,\n },\n PrivateServerCertificate = new Gcp.IntegrationConnectors.Inputs.ConnectionSslConfigPrivateServerCertificateArgs\n {\n SecretVersion = secret_version_basic.Name,\n },\n ServerCertType = \"PEM\",\n TrustModel = \"PRIVATE\",\n Type = \"TLS\",\n UseSsl = true,\n },\n EventingEnablementType = \"EVENTING_AND_CONNECTION\",\n EventingConfig = new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigArgs\n {\n AdditionalVariables = new[]\n {\n new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigAdditionalVariableArgs\n {\n Key = \"sample_string\",\n StringValue = \"sampleString\",\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigAdditionalVariableArgs\n {\n Key = \"sample_boolean\",\n BooleanValue = false,\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigAdditionalVariableArgs\n {\n Key = \"sample_integer\",\n IntegerValue = 1,\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigAdditionalVariableArgs\n {\n Key = \"sample_secret_value\",\n SecretValue = new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigAdditionalVariableSecretValueArgs\n {\n SecretVersion = secret_version_basic.Name,\n },\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigAdditionalVariableArgs\n {\n Key = \"sample_encryption_key_value\",\n EncryptionKeyValue = new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigAdditionalVariableEncryptionKeyValueArgs\n {\n Type = \"GOOGLE_MANAGED\",\n KmsKeyName = \"sampleKMSKkey\",\n },\n },\n },\n RegistrationDestinationConfig = new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigRegistrationDestinationConfigArgs\n {\n Key = \"registration_destination_config\",\n Destinations = new[]\n {\n new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigRegistrationDestinationConfigDestinationArgs\n {\n Host = \"https://test.zendesk.com\",\n Port = 80,\n },\n },\n },\n AuthConfig = new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigAuthConfigArgs\n {\n AuthType = \"USER_PASSWORD\",\n AuthKey = \"sampleAuthKey\",\n UserPassword = new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigAuthConfigUserPasswordArgs\n {\n Username = \"user@xyz.com\",\n Password = new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigAuthConfigUserPasswordPasswordArgs\n {\n SecretVersion = secret_version_basic.Name,\n },\n },\n AdditionalVariables = new[]\n {\n new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigAuthConfigAdditionalVariableArgs\n {\n Key = \"sample_string\",\n StringValue = \"sampleString\",\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigAuthConfigAdditionalVariableArgs\n {\n Key = \"sample_boolean\",\n BooleanValue = false,\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigAuthConfigAdditionalVariableArgs\n {\n Key = \"sample_integer\",\n IntegerValue = 1,\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigAuthConfigAdditionalVariableArgs\n {\n Key = \"sample_secret_value\",\n SecretValue = new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigAuthConfigAdditionalVariableSecretValueArgs\n {\n SecretVersion = secret_version_basic.Name,\n },\n },\n new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigAuthConfigAdditionalVariableArgs\n {\n Key = \"sample_encryption_key_value\",\n EncryptionKeyValue = new Gcp.IntegrationConnectors.Inputs.ConnectionEventingConfigAuthConfigAdditionalVariableEncryptionKeyValueArgs\n {\n Type = \"GOOGLE_MANAGED\",\n KmsKeyName = \"sampleKMSKkey\",\n },\n },\n },\n },\n EnrichmentEnabled = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/integrationconnectors\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestProject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecret(ctx, \"secret-basic\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"test-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tUserManaged: \u0026secretmanager.SecretReplicationUserManagedArgs{\n\t\t\t\t\tReplicas: secretmanager.SecretReplicationUserManagedReplicaArray{\n\t\t\t\t\t\t\u0026secretmanager.SecretReplicationUserManagedReplicaArgs{\n\t\t\t\t\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"secret-version-basic\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: secret_basic.ID(),\n\t\t\tSecretData: pulumi.String(\"dummypassword\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamMember(ctx, \"secret_iam\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tSecretId: secret_basic.ID(),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.admin\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v-compute@developer.gserviceaccount.com\", testProject.Number),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsecret_version_basic,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = integrationconnectors.NewConnection(ctx, \"zendeskconnection\", \u0026integrationconnectors.ConnectionArgs{\n\t\t\tName: pulumi.String(\"test-zendesk\"),\n\t\t\tDescription: pulumi.String(\"tf updated description\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tServiceAccount: pulumi.Sprintf(\"%v-compute@developer.gserviceaccount.com\", testProject.Number),\n\t\t\tConnectorVersion: pulumi.Sprintf(\"projects/%v/locations/global/providers/zendesk/connectors/zendesk/versions/1\", testProject.ProjectId),\n\t\t\tConfigVariables: integrationconnectors.ConnectionConfigVariableArray{\n\t\t\t\t\u0026integrationconnectors.ConnectionConfigVariableArgs{\n\t\t\t\t\tKey: pulumi.String(\"proxy_enabled\"),\n\t\t\t\t\tBooleanValue: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t\t\u0026integrationconnectors.ConnectionConfigVariableArgs{\n\t\t\t\t\tKey: pulumi.String(\"sample_integer_value\"),\n\t\t\t\t\tIntegerValue: pulumi.Int(1),\n\t\t\t\t},\n\t\t\t\t\u0026integrationconnectors.ConnectionConfigVariableArgs{\n\t\t\t\t\tKey: pulumi.String(\"sample_encryption_key_value\"),\n\t\t\t\t\tEncryptionKeyValue: \u0026integrationconnectors.ConnectionConfigVariableEncryptionKeyValueArgs{\n\t\t\t\t\t\tType: pulumi.String(\"GOOGLE_MANAGED\"),\n\t\t\t\t\t\tKmsKeyName: pulumi.String(\"sampleKMSKkey\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026integrationconnectors.ConnectionConfigVariableArgs{\n\t\t\t\t\tKey: pulumi.String(\"sample_secret_value\"),\n\t\t\t\t\tSecretValue: \u0026integrationconnectors.ConnectionConfigVariableSecretValueArgs{\n\t\t\t\t\t\tSecretVersion: secret_version_basic.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tSuspended: pulumi.Bool(false),\n\t\t\tAuthConfig: \u0026integrationconnectors.ConnectionAuthConfigArgs{\n\t\t\t\tAdditionalVariables: integrationconnectors.ConnectionAuthConfigAdditionalVariableArray{\n\t\t\t\t\t\u0026integrationconnectors.ConnectionAuthConfigAdditionalVariableArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sample_string\"),\n\t\t\t\t\t\tStringValue: pulumi.String(\"sampleString\"),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026integrationconnectors.ConnectionAuthConfigAdditionalVariableArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sample_boolean\"),\n\t\t\t\t\t\tBooleanValue: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026integrationconnectors.ConnectionAuthConfigAdditionalVariableArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sample_integer\"),\n\t\t\t\t\t\tIntegerValue: pulumi.Int(1),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026integrationconnectors.ConnectionAuthConfigAdditionalVariableArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sample_secret_value\"),\n\t\t\t\t\t\tSecretValue: \u0026integrationconnectors.ConnectionAuthConfigAdditionalVariableSecretValueArgs{\n\t\t\t\t\t\t\tSecretVersion: secret_version_basic.Name,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026integrationconnectors.ConnectionAuthConfigAdditionalVariableArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sample_encryption_key_value\"),\n\t\t\t\t\t\tEncryptionKeyValue: \u0026integrationconnectors.ConnectionAuthConfigAdditionalVariableEncryptionKeyValueArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"GOOGLE_MANAGED\"),\n\t\t\t\t\t\t\tKmsKeyName: pulumi.String(\"sampleKMSKkey\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tAuthType: pulumi.String(\"USER_PASSWORD\"),\n\t\t\t\tAuthKey: pulumi.String(\"sampleAuthKey\"),\n\t\t\t\tUserPassword: \u0026integrationconnectors.ConnectionAuthConfigUserPasswordArgs{\n\t\t\t\t\tUsername: pulumi.String(\"user@xyz.com\"),\n\t\t\t\t\tPassword: \u0026integrationconnectors.ConnectionAuthConfigUserPasswordPasswordArgs{\n\t\t\t\t\t\tSecretVersion: secret_version_basic.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDestinationConfigs: integrationconnectors.ConnectionDestinationConfigArray{\n\t\t\t\t\u0026integrationconnectors.ConnectionDestinationConfigArgs{\n\t\t\t\t\tKey: pulumi.String(\"url\"),\n\t\t\t\t\tDestinations: integrationconnectors.ConnectionDestinationConfigDestinationArray{\n\t\t\t\t\t\t\u0026integrationconnectors.ConnectionDestinationConfigDestinationArgs{\n\t\t\t\t\t\t\tHost: pulumi.String(\"https://test.zendesk.com\"),\n\t\t\t\t\t\t\tPort: pulumi.Int(80),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tLockConfig: \u0026integrationconnectors.ConnectionLockConfigArgs{\n\t\t\t\tLocked: pulumi.Bool(false),\n\t\t\t\tReason: pulumi.String(\"Its not locked\"),\n\t\t\t},\n\t\t\tLogConfig: \u0026integrationconnectors.ConnectionLogConfigArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t\tNodeConfig: \u0026integrationconnectors.ConnectionNodeConfigArgs{\n\t\t\t\tMinNodeCount: pulumi.Int(2),\n\t\t\t\tMaxNodeCount: pulumi.Int(50),\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tSslConfig: \u0026integrationconnectors.ConnectionSslConfigArgs{\n\t\t\t\tAdditionalVariables: integrationconnectors.ConnectionSslConfigAdditionalVariableArray{\n\t\t\t\t\t\u0026integrationconnectors.ConnectionSslConfigAdditionalVariableArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sample_string\"),\n\t\t\t\t\t\tStringValue: pulumi.String(\"sampleString\"),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026integrationconnectors.ConnectionSslConfigAdditionalVariableArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sample_boolean\"),\n\t\t\t\t\t\tBooleanValue: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026integrationconnectors.ConnectionSslConfigAdditionalVariableArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sample_integer\"),\n\t\t\t\t\t\tIntegerValue: pulumi.Int(1),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026integrationconnectors.ConnectionSslConfigAdditionalVariableArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sample_secret_value\"),\n\t\t\t\t\t\tSecretValue: \u0026integrationconnectors.ConnectionSslConfigAdditionalVariableSecretValueArgs{\n\t\t\t\t\t\t\tSecretVersion: secret_version_basic.Name,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026integrationconnectors.ConnectionSslConfigAdditionalVariableArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sample_encryption_key_value\"),\n\t\t\t\t\t\tEncryptionKeyValue: \u0026integrationconnectors.ConnectionSslConfigAdditionalVariableEncryptionKeyValueArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"GOOGLE_MANAGED\"),\n\t\t\t\t\t\t\tKmsKeyName: pulumi.String(\"sampleKMSKkey\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tClientCertType: pulumi.String(\"PEM\"),\n\t\t\t\tClientCertificate: \u0026integrationconnectors.ConnectionSslConfigClientCertificateArgs{\n\t\t\t\t\tSecretVersion: secret_version_basic.Name,\n\t\t\t\t},\n\t\t\t\tClientPrivateKey: \u0026integrationconnectors.ConnectionSslConfigClientPrivateKeyArgs{\n\t\t\t\t\tSecretVersion: secret_version_basic.Name,\n\t\t\t\t},\n\t\t\t\tClientPrivateKeyPass: \u0026integrationconnectors.ConnectionSslConfigClientPrivateKeyPassArgs{\n\t\t\t\t\tSecretVersion: secret_version_basic.Name,\n\t\t\t\t},\n\t\t\t\tPrivateServerCertificate: \u0026integrationconnectors.ConnectionSslConfigPrivateServerCertificateArgs{\n\t\t\t\t\tSecretVersion: secret_version_basic.Name,\n\t\t\t\t},\n\t\t\t\tServerCertType: pulumi.String(\"PEM\"),\n\t\t\t\tTrustModel: pulumi.String(\"PRIVATE\"),\n\t\t\t\tType: pulumi.String(\"TLS\"),\n\t\t\t\tUseSsl: pulumi.Bool(true),\n\t\t\t},\n\t\t\tEventingEnablementType: pulumi.String(\"EVENTING_AND_CONNECTION\"),\n\t\t\tEventingConfig: \u0026integrationconnectors.ConnectionEventingConfigArgs{\n\t\t\t\tAdditionalVariables: integrationconnectors.ConnectionEventingConfigAdditionalVariableArray{\n\t\t\t\t\t\u0026integrationconnectors.ConnectionEventingConfigAdditionalVariableArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sample_string\"),\n\t\t\t\t\t\tStringValue: pulumi.String(\"sampleString\"),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026integrationconnectors.ConnectionEventingConfigAdditionalVariableArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sample_boolean\"),\n\t\t\t\t\t\tBooleanValue: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026integrationconnectors.ConnectionEventingConfigAdditionalVariableArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sample_integer\"),\n\t\t\t\t\t\tIntegerValue: pulumi.Int(1),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026integrationconnectors.ConnectionEventingConfigAdditionalVariableArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sample_secret_value\"),\n\t\t\t\t\t\tSecretValue: \u0026integrationconnectors.ConnectionEventingConfigAdditionalVariableSecretValueArgs{\n\t\t\t\t\t\t\tSecretVersion: secret_version_basic.Name,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026integrationconnectors.ConnectionEventingConfigAdditionalVariableArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sample_encryption_key_value\"),\n\t\t\t\t\t\tEncryptionKeyValue: \u0026integrationconnectors.ConnectionEventingConfigAdditionalVariableEncryptionKeyValueArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"GOOGLE_MANAGED\"),\n\t\t\t\t\t\t\tKmsKeyName: pulumi.String(\"sampleKMSKkey\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tRegistrationDestinationConfig: \u0026integrationconnectors.ConnectionEventingConfigRegistrationDestinationConfigArgs{\n\t\t\t\t\tKey: pulumi.String(\"registration_destination_config\"),\n\t\t\t\t\tDestinations: integrationconnectors.ConnectionEventingConfigRegistrationDestinationConfigDestinationArray{\n\t\t\t\t\t\t\u0026integrationconnectors.ConnectionEventingConfigRegistrationDestinationConfigDestinationArgs{\n\t\t\t\t\t\t\tHost: pulumi.String(\"https://test.zendesk.com\"),\n\t\t\t\t\t\t\tPort: pulumi.Int(80),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tAuthConfig: \u0026integrationconnectors.ConnectionEventingConfigAuthConfigArgs{\n\t\t\t\t\tAuthType: pulumi.String(\"USER_PASSWORD\"),\n\t\t\t\t\tAuthKey: pulumi.String(\"sampleAuthKey\"),\n\t\t\t\t\tUserPassword: \u0026integrationconnectors.ConnectionEventingConfigAuthConfigUserPasswordArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"user@xyz.com\"),\n\t\t\t\t\t\tPassword: \u0026integrationconnectors.ConnectionEventingConfigAuthConfigUserPasswordPasswordArgs{\n\t\t\t\t\t\t\tSecretVersion: secret_version_basic.Name,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tAdditionalVariables: integrationconnectors.ConnectionEventingConfigAuthConfigAdditionalVariableArray{\n\t\t\t\t\t\t\u0026integrationconnectors.ConnectionEventingConfigAuthConfigAdditionalVariableArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"sample_string\"),\n\t\t\t\t\t\t\tStringValue: pulumi.String(\"sampleString\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026integrationconnectors.ConnectionEventingConfigAuthConfigAdditionalVariableArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"sample_boolean\"),\n\t\t\t\t\t\t\tBooleanValue: pulumi.Bool(false),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026integrationconnectors.ConnectionEventingConfigAuthConfigAdditionalVariableArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"sample_integer\"),\n\t\t\t\t\t\t\tIntegerValue: pulumi.Int(1),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026integrationconnectors.ConnectionEventingConfigAuthConfigAdditionalVariableArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"sample_secret_value\"),\n\t\t\t\t\t\t\tSecretValue: \u0026integrationconnectors.ConnectionEventingConfigAuthConfigAdditionalVariableSecretValueArgs{\n\t\t\t\t\t\t\t\tSecretVersion: secret_version_basic.Name,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026integrationconnectors.ConnectionEventingConfigAuthConfigAdditionalVariableArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"sample_encryption_key_value\"),\n\t\t\t\t\t\t\tEncryptionKeyValue: \u0026integrationconnectors.ConnectionEventingConfigAuthConfigAdditionalVariableEncryptionKeyValueArgs{\n\t\t\t\t\t\t\t\tType: pulumi.String(\"GOOGLE_MANAGED\"),\n\t\t\t\t\t\t\t\tKmsKeyName: pulumi.String(\"sampleKMSKkey\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tEnrichmentEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationUserManagedArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.integrationconnectors.Connection;\nimport com.pulumi.gcp.integrationconnectors.ConnectionArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionConfigVariableArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionConfigVariableEncryptionKeyValueArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionConfigVariableSecretValueArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionAuthConfigArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionAuthConfigUserPasswordArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionAuthConfigUserPasswordPasswordArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionDestinationConfigArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionLockConfigArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionLogConfigArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionNodeConfigArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionSslConfigArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionSslConfigClientCertificateArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionSslConfigClientPrivateKeyArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionSslConfigClientPrivateKeyPassArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionSslConfigPrivateServerCertificateArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionEventingConfigArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionEventingConfigRegistrationDestinationConfigArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionEventingConfigAuthConfigArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionEventingConfigAuthConfigUserPasswordArgs;\nimport com.pulumi.gcp.integrationconnectors.inputs.ConnectionEventingConfigAuthConfigUserPasswordPasswordArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var testProject = OrganizationsFunctions.getProject();\n\n var secret_basic = new Secret(\"secret-basic\", SecretArgs.builder()\n .secretId(\"test-secret\")\n .replication(SecretReplicationArgs.builder()\n .userManaged(SecretReplicationUserManagedArgs.builder()\n .replicas(SecretReplicationUserManagedReplicaArgs.builder()\n .location(\"us-central1\")\n .build())\n .build())\n .build())\n .build());\n\n var secret_version_basic = new SecretVersion(\"secret-version-basic\", SecretVersionArgs.builder()\n .secret(secret_basic.id())\n .secretData(\"dummypassword\")\n .build());\n\n var secretIam = new SecretIamMember(\"secretIam\", SecretIamMemberArgs.builder()\n .secretId(secret_basic.id())\n .role(\"roles/secretmanager.admin\")\n .member(String.format(\"serviceAccount:%s-compute@developer.gserviceaccount.com\", testProject.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build(), CustomResourceOptions.builder()\n .dependsOn(secret_version_basic)\n .build());\n\n var zendeskconnection = new Connection(\"zendeskconnection\", ConnectionArgs.builder()\n .name(\"test-zendesk\")\n .description(\"tf updated description\")\n .location(\"us-central1\")\n .serviceAccount(String.format(\"%s-compute@developer.gserviceaccount.com\", testProject.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .connectorVersion(String.format(\"projects/%s/locations/global/providers/zendesk/connectors/zendesk/versions/1\", testProject.applyValue(getProjectResult -\u003e getProjectResult.projectId())))\n .configVariables( \n ConnectionConfigVariableArgs.builder()\n .key(\"proxy_enabled\")\n .booleanValue(false)\n .build(),\n ConnectionConfigVariableArgs.builder()\n .key(\"sample_integer_value\")\n .integerValue(1)\n .build(),\n ConnectionConfigVariableArgs.builder()\n .key(\"sample_encryption_key_value\")\n .encryptionKeyValue(ConnectionConfigVariableEncryptionKeyValueArgs.builder()\n .type(\"GOOGLE_MANAGED\")\n .kmsKeyName(\"sampleKMSKkey\")\n .build())\n .build(),\n ConnectionConfigVariableArgs.builder()\n .key(\"sample_secret_value\")\n .secretValue(ConnectionConfigVariableSecretValueArgs.builder()\n .secretVersion(secret_version_basic.name())\n .build())\n .build())\n .suspended(false)\n .authConfig(ConnectionAuthConfigArgs.builder()\n .additionalVariables( \n ConnectionAuthConfigAdditionalVariableArgs.builder()\n .key(\"sample_string\")\n .stringValue(\"sampleString\")\n .build(),\n ConnectionAuthConfigAdditionalVariableArgs.builder()\n .key(\"sample_boolean\")\n .booleanValue(false)\n .build(),\n ConnectionAuthConfigAdditionalVariableArgs.builder()\n .key(\"sample_integer\")\n .integerValue(1)\n .build(),\n ConnectionAuthConfigAdditionalVariableArgs.builder()\n .key(\"sample_secret_value\")\n .secretValue(ConnectionAuthConfigAdditionalVariableSecretValueArgs.builder()\n .secretVersion(secret_version_basic.name())\n .build())\n .build(),\n ConnectionAuthConfigAdditionalVariableArgs.builder()\n .key(\"sample_encryption_key_value\")\n .encryptionKeyValue(ConnectionAuthConfigAdditionalVariableEncryptionKeyValueArgs.builder()\n .type(\"GOOGLE_MANAGED\")\n .kmsKeyName(\"sampleKMSKkey\")\n .build())\n .build())\n .authType(\"USER_PASSWORD\")\n .authKey(\"sampleAuthKey\")\n .userPassword(ConnectionAuthConfigUserPasswordArgs.builder()\n .username(\"user@xyz.com\")\n .password(ConnectionAuthConfigUserPasswordPasswordArgs.builder()\n .secretVersion(secret_version_basic.name())\n .build())\n .build())\n .build())\n .destinationConfigs(ConnectionDestinationConfigArgs.builder()\n .key(\"url\")\n .destinations(ConnectionDestinationConfigDestinationArgs.builder()\n .host(\"https://test.zendesk.com\")\n .port(80)\n .build())\n .build())\n .lockConfig(ConnectionLockConfigArgs.builder()\n .locked(false)\n .reason(\"Its not locked\")\n .build())\n .logConfig(ConnectionLogConfigArgs.builder()\n .enabled(true)\n .build())\n .nodeConfig(ConnectionNodeConfigArgs.builder()\n .minNodeCount(2)\n .maxNodeCount(50)\n .build())\n .labels(Map.of(\"foo\", \"bar\"))\n .sslConfig(ConnectionSslConfigArgs.builder()\n .additionalVariables( \n ConnectionSslConfigAdditionalVariableArgs.builder()\n .key(\"sample_string\")\n .stringValue(\"sampleString\")\n .build(),\n ConnectionSslConfigAdditionalVariableArgs.builder()\n .key(\"sample_boolean\")\n .booleanValue(false)\n .build(),\n ConnectionSslConfigAdditionalVariableArgs.builder()\n .key(\"sample_integer\")\n .integerValue(1)\n .build(),\n ConnectionSslConfigAdditionalVariableArgs.builder()\n .key(\"sample_secret_value\")\n .secretValue(ConnectionSslConfigAdditionalVariableSecretValueArgs.builder()\n .secretVersion(secret_version_basic.name())\n .build())\n .build(),\n ConnectionSslConfigAdditionalVariableArgs.builder()\n .key(\"sample_encryption_key_value\")\n .encryptionKeyValue(ConnectionSslConfigAdditionalVariableEncryptionKeyValueArgs.builder()\n .type(\"GOOGLE_MANAGED\")\n .kmsKeyName(\"sampleKMSKkey\")\n .build())\n .build())\n .clientCertType(\"PEM\")\n .clientCertificate(ConnectionSslConfigClientCertificateArgs.builder()\n .secretVersion(secret_version_basic.name())\n .build())\n .clientPrivateKey(ConnectionSslConfigClientPrivateKeyArgs.builder()\n .secretVersion(secret_version_basic.name())\n .build())\n .clientPrivateKeyPass(ConnectionSslConfigClientPrivateKeyPassArgs.builder()\n .secretVersion(secret_version_basic.name())\n .build())\n .privateServerCertificate(ConnectionSslConfigPrivateServerCertificateArgs.builder()\n .secretVersion(secret_version_basic.name())\n .build())\n .serverCertType(\"PEM\")\n .trustModel(\"PRIVATE\")\n .type(\"TLS\")\n .useSsl(true)\n .build())\n .eventingEnablementType(\"EVENTING_AND_CONNECTION\")\n .eventingConfig(ConnectionEventingConfigArgs.builder()\n .additionalVariables( \n ConnectionEventingConfigAdditionalVariableArgs.builder()\n .key(\"sample_string\")\n .stringValue(\"sampleString\")\n .build(),\n ConnectionEventingConfigAdditionalVariableArgs.builder()\n .key(\"sample_boolean\")\n .booleanValue(false)\n .build(),\n ConnectionEventingConfigAdditionalVariableArgs.builder()\n .key(\"sample_integer\")\n .integerValue(1)\n .build(),\n ConnectionEventingConfigAdditionalVariableArgs.builder()\n .key(\"sample_secret_value\")\n .secretValue(ConnectionEventingConfigAdditionalVariableSecretValueArgs.builder()\n .secretVersion(secret_version_basic.name())\n .build())\n .build(),\n ConnectionEventingConfigAdditionalVariableArgs.builder()\n .key(\"sample_encryption_key_value\")\n .encryptionKeyValue(ConnectionEventingConfigAdditionalVariableEncryptionKeyValueArgs.builder()\n .type(\"GOOGLE_MANAGED\")\n .kmsKeyName(\"sampleKMSKkey\")\n .build())\n .build())\n .registrationDestinationConfig(ConnectionEventingConfigRegistrationDestinationConfigArgs.builder()\n .key(\"registration_destination_config\")\n .destinations(ConnectionEventingConfigRegistrationDestinationConfigDestinationArgs.builder()\n .host(\"https://test.zendesk.com\")\n .port(80)\n .build())\n .build())\n .authConfig(ConnectionEventingConfigAuthConfigArgs.builder()\n .authType(\"USER_PASSWORD\")\n .authKey(\"sampleAuthKey\")\n .userPassword(ConnectionEventingConfigAuthConfigUserPasswordArgs.builder()\n .username(\"user@xyz.com\")\n .password(ConnectionEventingConfigAuthConfigUserPasswordPasswordArgs.builder()\n .secretVersion(secret_version_basic.name())\n .build())\n .build())\n .additionalVariables( \n ConnectionEventingConfigAuthConfigAdditionalVariableArgs.builder()\n .key(\"sample_string\")\n .stringValue(\"sampleString\")\n .build(),\n ConnectionEventingConfigAuthConfigAdditionalVariableArgs.builder()\n .key(\"sample_boolean\")\n .booleanValue(false)\n .build(),\n ConnectionEventingConfigAuthConfigAdditionalVariableArgs.builder()\n .key(\"sample_integer\")\n .integerValue(1)\n .build(),\n ConnectionEventingConfigAuthConfigAdditionalVariableArgs.builder()\n .key(\"sample_secret_value\")\n .secretValue(ConnectionEventingConfigAuthConfigAdditionalVariableSecretValueArgs.builder()\n .secretVersion(secret_version_basic.name())\n .build())\n .build(),\n ConnectionEventingConfigAuthConfigAdditionalVariableArgs.builder()\n .key(\"sample_encryption_key_value\")\n .encryptionKeyValue(ConnectionEventingConfigAuthConfigAdditionalVariableEncryptionKeyValueArgs.builder()\n .type(\"GOOGLE_MANAGED\")\n .kmsKeyName(\"sampleKMSKkey\")\n .build())\n .build())\n .build())\n .enrichmentEnabled(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n secret-basic:\n type: gcp:secretmanager:Secret\n properties:\n secretId: test-secret\n replication:\n userManaged:\n replicas:\n - location: us-central1\n secret-version-basic:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${[\"secret-basic\"].id}\n secretData: dummypassword\n secretIam:\n type: gcp:secretmanager:SecretIamMember\n name: secret_iam\n properties:\n secretId: ${[\"secret-basic\"].id}\n role: roles/secretmanager.admin\n member: serviceAccount:${testProject.number}-compute@developer.gserviceaccount.com\n options:\n dependsOn:\n - ${[\"secret-version-basic\"]}\n zendeskconnection:\n type: gcp:integrationconnectors:Connection\n properties:\n name: test-zendesk\n description: tf updated description\n location: us-central1\n serviceAccount: ${testProject.number}-compute@developer.gserviceaccount.com\n connectorVersion: projects/${testProject.projectId}/locations/global/providers/zendesk/connectors/zendesk/versions/1\n configVariables:\n - key: proxy_enabled\n booleanValue: false\n - key: sample_integer_value\n integerValue: 1\n - key: sample_encryption_key_value\n encryptionKeyValue:\n type: GOOGLE_MANAGED\n kmsKeyName: sampleKMSKkey\n - key: sample_secret_value\n secretValue:\n secretVersion: ${[\"secret-version-basic\"].name}\n suspended: false\n authConfig:\n additionalVariables:\n - key: sample_string\n stringValue: sampleString\n - key: sample_boolean\n booleanValue: false\n - key: sample_integer\n integerValue: 1\n - key: sample_secret_value\n secretValue:\n secretVersion: ${[\"secret-version-basic\"].name}\n - key: sample_encryption_key_value\n encryptionKeyValue:\n type: GOOGLE_MANAGED\n kmsKeyName: sampleKMSKkey\n authType: USER_PASSWORD\n authKey: sampleAuthKey\n userPassword:\n username: user@xyz.com\n password:\n secretVersion: ${[\"secret-version-basic\"].name}\n destinationConfigs:\n - key: url\n destinations:\n - host: https://test.zendesk.com\n port: 80\n lockConfig:\n locked: false\n reason: Its not locked\n logConfig:\n enabled: true\n nodeConfig:\n minNodeCount: 2\n maxNodeCount: 50\n labels:\n foo: bar\n sslConfig:\n additionalVariables:\n - key: sample_string\n stringValue: sampleString\n - key: sample_boolean\n booleanValue: false\n - key: sample_integer\n integerValue: 1\n - key: sample_secret_value\n secretValue:\n secretVersion: ${[\"secret-version-basic\"].name}\n - key: sample_encryption_key_value\n encryptionKeyValue:\n type: GOOGLE_MANAGED\n kmsKeyName: sampleKMSKkey\n clientCertType: PEM\n clientCertificate:\n secretVersion: ${[\"secret-version-basic\"].name}\n clientPrivateKey:\n secretVersion: ${[\"secret-version-basic\"].name}\n clientPrivateKeyPass:\n secretVersion: ${[\"secret-version-basic\"].name}\n privateServerCertificate:\n secretVersion: ${[\"secret-version-basic\"].name}\n serverCertType: PEM\n trustModel: PRIVATE\n type: TLS\n useSsl: true\n eventingEnablementType: EVENTING_AND_CONNECTION\n eventingConfig:\n additionalVariables:\n - key: sample_string\n stringValue: sampleString\n - key: sample_boolean\n booleanValue: false\n - key: sample_integer\n integerValue: 1\n - key: sample_secret_value\n secretValue:\n secretVersion: ${[\"secret-version-basic\"].name}\n - key: sample_encryption_key_value\n encryptionKeyValue:\n type: GOOGLE_MANAGED\n kmsKeyName: sampleKMSKkey\n registrationDestinationConfig:\n key: registration_destination_config\n destinations:\n - host: https://test.zendesk.com\n port: 80\n authConfig:\n authType: USER_PASSWORD\n authKey: sampleAuthKey\n userPassword:\n username: user@xyz.com\n password:\n secretVersion: ${[\"secret-version-basic\"].name}\n additionalVariables:\n - key: sample_string\n stringValue: sampleString\n - key: sample_boolean\n booleanValue: false\n - key: sample_integer\n integerValue: 1\n - key: sample_secret_value\n secretValue:\n secretVersion: ${[\"secret-version-basic\"].name}\n - key: sample_encryption_key_value\n encryptionKeyValue:\n type: GOOGLE_MANAGED\n kmsKeyName: sampleKMSKkey\n enrichmentEnabled: true\nvariables:\n testProject:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nConnection can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/connections/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Connection can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:integrationconnectors/connection:Connection default projects/{{project}}/locations/{{location}}/connections/{{name}}\n```\n\n```sh\n$ pulumi import gcp:integrationconnectors/connection:Connection default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:integrationconnectors/connection:Connection default {{location}}/{{name}}\n```\n\n", "properties": { "authConfig": { "$ref": "#/types/gcp:integrationconnectors/ConnectionAuthConfig:ConnectionAuthConfig", @@ -229468,7 +229468,7 @@ } }, "gcp:integrationconnectors/managedZone:ManagedZone": { - "description": "An Integration connectors Managed Zone.\n\n\nTo get more information about ManagedZone, see:\n\n* [API documentation](https://cloud.google.com/integration-connectors/docs/reference/rest/v1/projects.locations.global.managedZones)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/integration-connectors/docs)\n\n## Example Usage\n\n### Integration Connectors Managed Zone\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst targetProject = new gcp.organizations.Project(\"target_project\", {\n projectId: \"tf-test_2067\",\n name: \"tf-test_40785\",\n orgId: \"123456789\",\n billingAccount: \"000000-0000000-0000000-000000\",\n deletionPolicy: \"DELETE\",\n});\nconst testProject = gcp.organizations.getProject({});\nconst dnsPeerBinding = new gcp.projects.IAMMember(\"dns_peer_binding\", {\n project: targetProject.projectId,\n role: \"roles/dns.peer\",\n member: testProject.then(testProject =\u003e `serviceAccount:service-${testProject.number}@gcp-sa-connectors.iam.gserviceaccount.com`),\n});\nconst dns = new gcp.projects.Service(\"dns\", {\n project: targetProject.projectId,\n service: \"dns.googleapis.com\",\n});\nconst compute = new gcp.projects.Service(\"compute\", {\n project: targetProject.projectId,\n service: \"compute.googleapis.com\",\n});\nconst network = new gcp.compute.Network(\"network\", {\n project: targetProject.projectId,\n name: \"test\",\n autoCreateSubnetworks: false,\n}, {\n dependsOn: [compute],\n});\nconst zone = new gcp.dns.ManagedZone(\"zone\", {\n name: \"tf-test-dns_79169\",\n dnsName: \"private_56529.example.com.\",\n visibility: \"private\",\n privateVisibilityConfig: {\n networks: [{\n networkUrl: network.id,\n }],\n },\n}, {\n dependsOn: [dns],\n});\nconst testmanagedzone = new gcp.integrationconnectors.ManagedZone(\"testmanagedzone\", {\n name: \"test\",\n description: \"tf created description\",\n labels: {\n intent: \"example\",\n },\n targetProject: targetProject.projectId,\n targetVpc: \"test\",\n dns: zone.dnsName,\n}, {\n dependsOn: [\n dnsPeerBinding,\n zone,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntarget_project = gcp.organizations.Project(\"target_project\",\n project_id=\"tf-test_2067\",\n name=\"tf-test_40785\",\n org_id=\"123456789\",\n billing_account=\"000000-0000000-0000000-000000\",\n deletion_policy=\"DELETE\")\ntest_project = gcp.organizations.get_project()\ndns_peer_binding = gcp.projects.IAMMember(\"dns_peer_binding\",\n project=target_project.project_id,\n role=\"roles/dns.peer\",\n member=f\"serviceAccount:service-{test_project.number}@gcp-sa-connectors.iam.gserviceaccount.com\")\ndns = gcp.projects.Service(\"dns\",\n project=target_project.project_id,\n service=\"dns.googleapis.com\")\ncompute = gcp.projects.Service(\"compute\",\n project=target_project.project_id,\n service=\"compute.googleapis.com\")\nnetwork = gcp.compute.Network(\"network\",\n project=target_project.project_id,\n name=\"test\",\n auto_create_subnetworks=False,\n opts = pulumi.ResourceOptions(depends_on=[compute]))\nzone = gcp.dns.ManagedZone(\"zone\",\n name=\"tf-test-dns_79169\",\n dns_name=\"private_56529.example.com.\",\n visibility=\"private\",\n private_visibility_config={\n \"networks\": [{\n \"network_url\": network.id,\n }],\n },\n opts = pulumi.ResourceOptions(depends_on=[dns]))\ntestmanagedzone = gcp.integrationconnectors.ManagedZone(\"testmanagedzone\",\n name=\"test\",\n description=\"tf created description\",\n labels={\n \"intent\": \"example\",\n },\n target_project=target_project.project_id,\n target_vpc=\"test\",\n dns=zone.dns_name,\n opts = pulumi.ResourceOptions(depends_on=[\n dns_peer_binding,\n zone,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var targetProject = new Gcp.Organizations.Project(\"target_project\", new()\n {\n ProjectId = \"tf-test_2067\",\n Name = \"tf-test_40785\",\n OrgId = \"123456789\",\n BillingAccount = \"000000-0000000-0000000-000000\",\n DeletionPolicy = \"DELETE\",\n });\n\n var testProject = Gcp.Organizations.GetProject.Invoke();\n\n var dnsPeerBinding = new Gcp.Projects.IAMMember(\"dns_peer_binding\", new()\n {\n Project = targetProject.ProjectId,\n Role = \"roles/dns.peer\",\n Member = $\"serviceAccount:service-{testProject.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-connectors.iam.gserviceaccount.com\",\n });\n\n var dns = new Gcp.Projects.Service(\"dns\", new()\n {\n Project = targetProject.ProjectId,\n ServiceName = \"dns.googleapis.com\",\n });\n\n var compute = new Gcp.Projects.Service(\"compute\", new()\n {\n Project = targetProject.ProjectId,\n ServiceName = \"compute.googleapis.com\",\n });\n\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Project = targetProject.ProjectId,\n Name = \"test\",\n AutoCreateSubnetworks = false,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n compute,\n },\n });\n\n var zone = new Gcp.Dns.ManagedZone(\"zone\", new()\n {\n Name = \"tf-test-dns_79169\",\n DnsName = \"private_56529.example.com.\",\n Visibility = \"private\",\n PrivateVisibilityConfig = new Gcp.Dns.Inputs.ManagedZonePrivateVisibilityConfigArgs\n {\n Networks = new[]\n {\n new Gcp.Dns.Inputs.ManagedZonePrivateVisibilityConfigNetworkArgs\n {\n NetworkUrl = network.Id,\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n dns,\n },\n });\n\n var testmanagedzone = new Gcp.IntegrationConnectors.ManagedZone(\"testmanagedzone\", new()\n {\n Name = \"test\",\n Description = \"tf created description\",\n Labels = \n {\n { \"intent\", \"example\" },\n },\n TargetProject = targetProject.ProjectId,\n TargetVpc = \"test\",\n Dns = zone.DnsName,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n dnsPeerBinding,\n zone,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/integrationconnectors\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttargetProject, err := organizations.NewProject(ctx, \"target_project\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"tf-test_2067\"),\n\t\t\tName: pulumi.String(\"tf-test_40785\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tBillingAccount: pulumi.String(\"000000-0000000-0000000-000000\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestProject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdnsPeerBinding, err := projects.NewIAMMember(ctx, \"dns_peer_binding\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: targetProject.ProjectId,\n\t\t\tRole: pulumi.String(\"roles/dns.peer\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-connectors.iam.gserviceaccount.com\", testProject.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdns, err := projects.NewService(ctx, \"dns\", \u0026projects.ServiceArgs{\n\t\t\tProject: targetProject.ProjectId,\n\t\t\tService: pulumi.String(\"dns.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcompute, err := projects.NewService(ctx, \"compute\", \u0026projects.ServiceArgs{\n\t\t\tProject: targetProject.ProjectId,\n\t\t\tService: pulumi.String(\"compute.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tProject: targetProject.ProjectId,\n\t\t\tName: pulumi.String(\"test\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcompute,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tzone, err := dns.NewManagedZone(ctx, \"zone\", \u0026dns.ManagedZoneArgs{\n\t\t\tName: pulumi.String(\"tf-test-dns_79169\"),\n\t\t\tDnsName: pulumi.String(\"private_56529.example.com.\"),\n\t\t\tVisibility: pulumi.String(\"private\"),\n\t\t\tPrivateVisibilityConfig: \u0026dns.ManagedZonePrivateVisibilityConfigArgs{\n\t\t\t\tNetworks: dns.ManagedZonePrivateVisibilityConfigNetworkArray{\n\t\t\t\t\t\u0026dns.ManagedZonePrivateVisibilityConfigNetworkArgs{\n\t\t\t\t\t\tNetworkUrl: network.ID(),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdns,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = integrationconnectors.NewManagedZone(ctx, \"testmanagedzone\", \u0026integrationconnectors.ManagedZoneArgs{\n\t\t\tName: pulumi.String(\"test\"),\n\t\t\tDescription: pulumi.String(\"tf created description\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"intent\": pulumi.String(\"example\"),\n\t\t\t},\n\t\t\tTargetProject: targetProject.ProjectId,\n\t\t\tTargetVpc: pulumi.String(\"test\"),\n\t\t\tDns: zone.DnsName,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdnsPeerBinding,\n\t\t\tzone,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.dns.ManagedZone;\nimport com.pulumi.gcp.dns.ManagedZoneArgs;\nimport com.pulumi.gcp.dns.inputs.ManagedZonePrivateVisibilityConfigArgs;\nimport com.pulumi.gcp.integrationconnectors.ManagedZone;\nimport com.pulumi.gcp.integrationconnectors.ManagedZoneArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var targetProject = new Project(\"targetProject\", ProjectArgs.builder()\n .projectId(\"tf-test_2067\")\n .name(\"tf-test_40785\")\n .orgId(\"123456789\")\n .billingAccount(\"000000-0000000-0000000-000000\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n final var testProject = OrganizationsFunctions.getProject();\n\n var dnsPeerBinding = new IAMMember(\"dnsPeerBinding\", IAMMemberArgs.builder()\n .project(targetProject.projectId())\n .role(\"roles/dns.peer\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-connectors.iam.gserviceaccount.com\", testProject.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var dns = new Service(\"dns\", ServiceArgs.builder()\n .project(targetProject.projectId())\n .service(\"dns.googleapis.com\")\n .build());\n\n var compute = new Service(\"compute\", ServiceArgs.builder()\n .project(targetProject.projectId())\n .service(\"compute.googleapis.com\")\n .build());\n\n var network = new Network(\"network\", NetworkArgs.builder()\n .project(targetProject.projectId())\n .name(\"test\")\n .autoCreateSubnetworks(false)\n .build(), CustomResourceOptions.builder()\n .dependsOn(compute)\n .build());\n\n var zone = new ManagedZone(\"zone\", ManagedZoneArgs.builder()\n .name(\"tf-test-dns_79169\")\n .dnsName(\"private_56529.example.com.\")\n .visibility(\"private\")\n .privateVisibilityConfig(ManagedZonePrivateVisibilityConfigArgs.builder()\n .networks(ManagedZonePrivateVisibilityConfigNetworkArgs.builder()\n .networkUrl(network.id())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(dns)\n .build());\n\n var testmanagedzone = new ManagedZone(\"testmanagedzone\", ManagedZoneArgs.builder()\n .name(\"test\")\n .description(\"tf created description\")\n .labels(Map.of(\"intent\", \"example\"))\n .targetProject(targetProject.projectId())\n .targetVpc(\"test\")\n .dns(zone.dnsName())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n dnsPeerBinding,\n zone)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n targetProject:\n type: gcp:organizations:Project\n name: target_project\n properties:\n projectId: tf-test_2067\n name: tf-test_40785\n orgId: '123456789'\n billingAccount: 000000-0000000-0000000-000000\n deletionPolicy: DELETE\n dnsPeerBinding:\n type: gcp:projects:IAMMember\n name: dns_peer_binding\n properties:\n project: ${targetProject.projectId}\n role: roles/dns.peer\n member: serviceAccount:service-${testProject.number}@gcp-sa-connectors.iam.gserviceaccount.com\n dns:\n type: gcp:projects:Service\n properties:\n project: ${targetProject.projectId}\n service: dns.googleapis.com\n compute:\n type: gcp:projects:Service\n properties:\n project: ${targetProject.projectId}\n service: compute.googleapis.com\n network:\n type: gcp:compute:Network\n properties:\n project: ${targetProject.projectId}\n name: test\n autoCreateSubnetworks: false\n options:\n dependson:\n - ${compute}\n zone:\n type: gcp:dns:ManagedZone\n properties:\n name: tf-test-dns_79169\n dnsName: private_56529.example.com.\n visibility: private\n privateVisibilityConfig:\n networks:\n - networkUrl: ${network.id}\n options:\n dependson:\n - ${dns}\n testmanagedzone:\n type: gcp:integrationconnectors:ManagedZone\n properties:\n name: test\n description: tf created description\n labels:\n intent: example\n targetProject: ${targetProject.projectId}\n targetVpc: test\n dns: ${zone.dnsName}\n options:\n dependson:\n - ${dnsPeerBinding}\n - ${zone}\nvariables:\n testProject:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nManagedZone can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/global/managedZones/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, ManagedZone can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:integrationconnectors/managedZone:ManagedZone default projects/{{project}}/locations/global/managedZones/{{name}}\n```\n\n```sh\n$ pulumi import gcp:integrationconnectors/managedZone:ManagedZone default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:integrationconnectors/managedZone:ManagedZone default {{name}}\n```\n\n", + "description": "An Integration connectors Managed Zone.\n\n\nTo get more information about ManagedZone, see:\n\n* [API documentation](https://cloud.google.com/integration-connectors/docs/reference/rest/v1/projects.locations.global.managedZones)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/integration-connectors/docs)\n\n## Example Usage\n\n### Integration Connectors Managed Zone\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst targetProject = new gcp.organizations.Project(\"target_project\", {\n projectId: \"tf-test_2067\",\n name: \"tf-test_40785\",\n orgId: \"123456789\",\n billingAccount: \"000000-0000000-0000000-000000\",\n deletionPolicy: \"DELETE\",\n});\nconst testProject = gcp.organizations.getProject({});\nconst dnsPeerBinding = new gcp.projects.IAMMember(\"dns_peer_binding\", {\n project: targetProject.projectId,\n role: \"roles/dns.peer\",\n member: testProject.then(testProject =\u003e `serviceAccount:service-${testProject.number}@gcp-sa-connectors.iam.gserviceaccount.com`),\n});\nconst dns = new gcp.projects.Service(\"dns\", {\n project: targetProject.projectId,\n service: \"dns.googleapis.com\",\n});\nconst compute = new gcp.projects.Service(\"compute\", {\n project: targetProject.projectId,\n service: \"compute.googleapis.com\",\n});\nconst network = new gcp.compute.Network(\"network\", {\n project: targetProject.projectId,\n name: \"test\",\n autoCreateSubnetworks: false,\n}, {\n dependsOn: [compute],\n});\nconst zone = new gcp.dns.ManagedZone(\"zone\", {\n name: \"tf-test-dns_79169\",\n dnsName: \"private_56529.example.com.\",\n visibility: \"private\",\n privateVisibilityConfig: {\n networks: [{\n networkUrl: network.id,\n }],\n },\n}, {\n dependsOn: [dns],\n});\nconst testmanagedzone = new gcp.integrationconnectors.ManagedZone(\"testmanagedzone\", {\n name: \"test\",\n description: \"tf created description\",\n labels: {\n intent: \"example\",\n },\n targetProject: targetProject.projectId,\n targetVpc: \"test\",\n dns: zone.dnsName,\n}, {\n dependsOn: [\n dnsPeerBinding,\n zone,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntarget_project = gcp.organizations.Project(\"target_project\",\n project_id=\"tf-test_2067\",\n name=\"tf-test_40785\",\n org_id=\"123456789\",\n billing_account=\"000000-0000000-0000000-000000\",\n deletion_policy=\"DELETE\")\ntest_project = gcp.organizations.get_project()\ndns_peer_binding = gcp.projects.IAMMember(\"dns_peer_binding\",\n project=target_project.project_id,\n role=\"roles/dns.peer\",\n member=f\"serviceAccount:service-{test_project.number}@gcp-sa-connectors.iam.gserviceaccount.com\")\ndns = gcp.projects.Service(\"dns\",\n project=target_project.project_id,\n service=\"dns.googleapis.com\")\ncompute = gcp.projects.Service(\"compute\",\n project=target_project.project_id,\n service=\"compute.googleapis.com\")\nnetwork = gcp.compute.Network(\"network\",\n project=target_project.project_id,\n name=\"test\",\n auto_create_subnetworks=False,\n opts = pulumi.ResourceOptions(depends_on=[compute]))\nzone = gcp.dns.ManagedZone(\"zone\",\n name=\"tf-test-dns_79169\",\n dns_name=\"private_56529.example.com.\",\n visibility=\"private\",\n private_visibility_config={\n \"networks\": [{\n \"network_url\": network.id,\n }],\n },\n opts = pulumi.ResourceOptions(depends_on=[dns]))\ntestmanagedzone = gcp.integrationconnectors.ManagedZone(\"testmanagedzone\",\n name=\"test\",\n description=\"tf created description\",\n labels={\n \"intent\": \"example\",\n },\n target_project=target_project.project_id,\n target_vpc=\"test\",\n dns=zone.dns_name,\n opts = pulumi.ResourceOptions(depends_on=[\n dns_peer_binding,\n zone,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var targetProject = new Gcp.Organizations.Project(\"target_project\", new()\n {\n ProjectId = \"tf-test_2067\",\n Name = \"tf-test_40785\",\n OrgId = \"123456789\",\n BillingAccount = \"000000-0000000-0000000-000000\",\n DeletionPolicy = \"DELETE\",\n });\n\n var testProject = Gcp.Organizations.GetProject.Invoke();\n\n var dnsPeerBinding = new Gcp.Projects.IAMMember(\"dns_peer_binding\", new()\n {\n Project = targetProject.ProjectId,\n Role = \"roles/dns.peer\",\n Member = $\"serviceAccount:service-{testProject.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-connectors.iam.gserviceaccount.com\",\n });\n\n var dns = new Gcp.Projects.Service(\"dns\", new()\n {\n Project = targetProject.ProjectId,\n ServiceName = \"dns.googleapis.com\",\n });\n\n var compute = new Gcp.Projects.Service(\"compute\", new()\n {\n Project = targetProject.ProjectId,\n ServiceName = \"compute.googleapis.com\",\n });\n\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Project = targetProject.ProjectId,\n Name = \"test\",\n AutoCreateSubnetworks = false,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n compute,\n },\n });\n\n var zone = new Gcp.Dns.ManagedZone(\"zone\", new()\n {\n Name = \"tf-test-dns_79169\",\n DnsName = \"private_56529.example.com.\",\n Visibility = \"private\",\n PrivateVisibilityConfig = new Gcp.Dns.Inputs.ManagedZonePrivateVisibilityConfigArgs\n {\n Networks = new[]\n {\n new Gcp.Dns.Inputs.ManagedZonePrivateVisibilityConfigNetworkArgs\n {\n NetworkUrl = network.Id,\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n dns,\n },\n });\n\n var testmanagedzone = new Gcp.IntegrationConnectors.ManagedZone(\"testmanagedzone\", new()\n {\n Name = \"test\",\n Description = \"tf created description\",\n Labels = \n {\n { \"intent\", \"example\" },\n },\n TargetProject = targetProject.ProjectId,\n TargetVpc = \"test\",\n Dns = zone.DnsName,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n dnsPeerBinding,\n zone,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/integrationconnectors\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttargetProject, err := organizations.NewProject(ctx, \"target_project\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"tf-test_2067\"),\n\t\t\tName: pulumi.String(\"tf-test_40785\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tBillingAccount: pulumi.String(\"000000-0000000-0000000-000000\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestProject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdnsPeerBinding, err := projects.NewIAMMember(ctx, \"dns_peer_binding\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: targetProject.ProjectId,\n\t\t\tRole: pulumi.String(\"roles/dns.peer\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-connectors.iam.gserviceaccount.com\", testProject.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdns, err := projects.NewService(ctx, \"dns\", \u0026projects.ServiceArgs{\n\t\t\tProject: targetProject.ProjectId,\n\t\t\tService: pulumi.String(\"dns.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcompute, err := projects.NewService(ctx, \"compute\", \u0026projects.ServiceArgs{\n\t\t\tProject: targetProject.ProjectId,\n\t\t\tService: pulumi.String(\"compute.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tProject: targetProject.ProjectId,\n\t\t\tName: pulumi.String(\"test\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcompute,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tzone, err := dns.NewManagedZone(ctx, \"zone\", \u0026dns.ManagedZoneArgs{\n\t\t\tName: pulumi.String(\"tf-test-dns_79169\"),\n\t\t\tDnsName: pulumi.String(\"private_56529.example.com.\"),\n\t\t\tVisibility: pulumi.String(\"private\"),\n\t\t\tPrivateVisibilityConfig: \u0026dns.ManagedZonePrivateVisibilityConfigArgs{\n\t\t\t\tNetworks: dns.ManagedZonePrivateVisibilityConfigNetworkArray{\n\t\t\t\t\t\u0026dns.ManagedZonePrivateVisibilityConfigNetworkArgs{\n\t\t\t\t\t\tNetworkUrl: network.ID(),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdns,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = integrationconnectors.NewManagedZone(ctx, \"testmanagedzone\", \u0026integrationconnectors.ManagedZoneArgs{\n\t\t\tName: pulumi.String(\"test\"),\n\t\t\tDescription: pulumi.String(\"tf created description\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"intent\": pulumi.String(\"example\"),\n\t\t\t},\n\t\t\tTargetProject: targetProject.ProjectId,\n\t\t\tTargetVpc: pulumi.String(\"test\"),\n\t\t\tDns: zone.DnsName,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdnsPeerBinding,\n\t\t\tzone,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.dns.ManagedZone;\nimport com.pulumi.gcp.dns.ManagedZoneArgs;\nimport com.pulumi.gcp.dns.inputs.ManagedZonePrivateVisibilityConfigArgs;\nimport com.pulumi.gcp.integrationconnectors.ManagedZone;\nimport com.pulumi.gcp.integrationconnectors.ManagedZoneArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var targetProject = new Project(\"targetProject\", ProjectArgs.builder()\n .projectId(\"tf-test_2067\")\n .name(\"tf-test_40785\")\n .orgId(\"123456789\")\n .billingAccount(\"000000-0000000-0000000-000000\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n final var testProject = OrganizationsFunctions.getProject();\n\n var dnsPeerBinding = new IAMMember(\"dnsPeerBinding\", IAMMemberArgs.builder()\n .project(targetProject.projectId())\n .role(\"roles/dns.peer\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-connectors.iam.gserviceaccount.com\", testProject.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var dns = new Service(\"dns\", ServiceArgs.builder()\n .project(targetProject.projectId())\n .service(\"dns.googleapis.com\")\n .build());\n\n var compute = new Service(\"compute\", ServiceArgs.builder()\n .project(targetProject.projectId())\n .service(\"compute.googleapis.com\")\n .build());\n\n var network = new Network(\"network\", NetworkArgs.builder()\n .project(targetProject.projectId())\n .name(\"test\")\n .autoCreateSubnetworks(false)\n .build(), CustomResourceOptions.builder()\n .dependsOn(compute)\n .build());\n\n var zone = new ManagedZone(\"zone\", ManagedZoneArgs.builder()\n .name(\"tf-test-dns_79169\")\n .dnsName(\"private_56529.example.com.\")\n .visibility(\"private\")\n .privateVisibilityConfig(ManagedZonePrivateVisibilityConfigArgs.builder()\n .networks(ManagedZonePrivateVisibilityConfigNetworkArgs.builder()\n .networkUrl(network.id())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(dns)\n .build());\n\n var testmanagedzone = new ManagedZone(\"testmanagedzone\", ManagedZoneArgs.builder()\n .name(\"test\")\n .description(\"tf created description\")\n .labels(Map.of(\"intent\", \"example\"))\n .targetProject(targetProject.projectId())\n .targetVpc(\"test\")\n .dns(zone.dnsName())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n dnsPeerBinding,\n zone)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n targetProject:\n type: gcp:organizations:Project\n name: target_project\n properties:\n projectId: tf-test_2067\n name: tf-test_40785\n orgId: '123456789'\n billingAccount: 000000-0000000-0000000-000000\n deletionPolicy: DELETE\n dnsPeerBinding:\n type: gcp:projects:IAMMember\n name: dns_peer_binding\n properties:\n project: ${targetProject.projectId}\n role: roles/dns.peer\n member: serviceAccount:service-${testProject.number}@gcp-sa-connectors.iam.gserviceaccount.com\n dns:\n type: gcp:projects:Service\n properties:\n project: ${targetProject.projectId}\n service: dns.googleapis.com\n compute:\n type: gcp:projects:Service\n properties:\n project: ${targetProject.projectId}\n service: compute.googleapis.com\n network:\n type: gcp:compute:Network\n properties:\n project: ${targetProject.projectId}\n name: test\n autoCreateSubnetworks: false\n options:\n dependsOn:\n - ${compute}\n zone:\n type: gcp:dns:ManagedZone\n properties:\n name: tf-test-dns_79169\n dnsName: private_56529.example.com.\n visibility: private\n privateVisibilityConfig:\n networks:\n - networkUrl: ${network.id}\n options:\n dependsOn:\n - ${dns}\n testmanagedzone:\n type: gcp:integrationconnectors:ManagedZone\n properties:\n name: test\n description: tf created description\n labels:\n intent: example\n targetProject: ${targetProject.projectId}\n targetVpc: test\n dns: ${zone.dnsName}\n options:\n dependsOn:\n - ${dnsPeerBinding}\n - ${zone}\nvariables:\n testProject:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nManagedZone can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/global/managedZones/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, ManagedZone can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:integrationconnectors/managedZone:ManagedZone default projects/{{project}}/locations/global/managedZones/{{name}}\n```\n\n```sh\n$ pulumi import gcp:integrationconnectors/managedZone:ManagedZone default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:integrationconnectors/managedZone:ManagedZone default {{name}}\n```\n\n", "properties": { "createTime": { "type": "string", @@ -229642,7 +229642,7 @@ } }, "gcp:kms/autokeyConfig:AutokeyConfig": { - "description": "## Example Usage\n\n### Kms Autokey Config All\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\n// Create Folder in GCP Organization\nconst autokmsFolder = new gcp.organizations.Folder(\"autokms_folder\", {\n displayName: \"my-folder\",\n parent: \"organizations/123456789\",\n deletionProtection: false,\n});\n// Create the key project\nconst keyProject = new gcp.organizations.Project(\"key_project\", {\n projectId: \"key-proj\",\n name: \"key-proj\",\n folderId: autokmsFolder.folderId,\n billingAccount: \"000000-0000000-0000000-000000\",\n deletionPolicy: \"DELETE\",\n}, {\n dependsOn: [autokmsFolder],\n});\n// Enable the Cloud KMS API\nconst kmsApiService = new gcp.projects.Service(\"kms_api_service\", {\n service: \"cloudkms.googleapis.com\",\n project: keyProject.projectId,\n disableOnDestroy: false,\n disableDependentServices: true,\n}, {\n dependsOn: [keyProject],\n});\n// Wait delay after enabling APIs\nconst waitEnableServiceApi = new time.index.Sleep(\"wait_enable_service_api\", {createDuration: \"30s\"}, {\n dependsOn: [kmsApiService],\n});\n//Create KMS Service Agent\nconst kmsServiceAgent = new gcp.projects.ServiceIdentity(\"kms_service_agent\", {\n service: \"cloudkms.googleapis.com\",\n project: keyProject.number,\n}, {\n dependsOn: [waitEnableServiceApi],\n});\n// Wait delay after creating service agent.\nconst waitServiceAgent = new time.index.Sleep(\"wait_service_agent\", {createDuration: \"10s\"}, {\n dependsOn: [kmsServiceAgent],\n});\n//Grant the KMS Service Agent the Cloud KMS Admin role\nconst autokeyProjectAdmin = new gcp.projects.IAMMember(\"autokey_project_admin\", {\n project: keyProject.projectId,\n role: \"roles/cloudkms.admin\",\n member: pulumi.interpolate`serviceAccount:service-${keyProject.number}@gcp-sa-cloudkms.iam.gserviceaccount.com`,\n}, {\n dependsOn: [waitServiceAgent],\n});\n// Wait delay after granting IAM permissions\nconst waitSrvAccPermissions = new time.index.Sleep(\"wait_srv_acc_permissions\", {createDuration: \"10s\"}, {\n dependsOn: [autokeyProjectAdmin],\n});\nconst example_autokeyconfig = new gcp.kms.AutokeyConfig(\"example-autokeyconfig\", {\n folder: autokmsFolder.id,\n keyProject: pulumi.interpolate`projects/${keyProject.projectId}`,\n}, {\n dependsOn: [waitSrvAccPermissions],\n});\n// Wait delay after setting AutokeyConfig, to prevent diffs on reapply,\n// because setting the config takes a little to fully propagate.\nconst waitAutokeyPropagation = new time.index.Sleep(\"wait_autokey_propagation\", {createDuration: \"30s\"}, {\n dependsOn: [example_autokeyconfig],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\n# Create Folder in GCP Organization\nautokms_folder = gcp.organizations.Folder(\"autokms_folder\",\n display_name=\"my-folder\",\n parent=\"organizations/123456789\",\n deletion_protection=False)\n# Create the key project\nkey_project = gcp.organizations.Project(\"key_project\",\n project_id=\"key-proj\",\n name=\"key-proj\",\n folder_id=autokms_folder.folder_id,\n billing_account=\"000000-0000000-0000000-000000\",\n deletion_policy=\"DELETE\",\n opts = pulumi.ResourceOptions(depends_on=[autokms_folder]))\n# Enable the Cloud KMS API\nkms_api_service = gcp.projects.Service(\"kms_api_service\",\n service=\"cloudkms.googleapis.com\",\n project=key_project.project_id,\n disable_on_destroy=False,\n disable_dependent_services=True,\n opts = pulumi.ResourceOptions(depends_on=[key_project]))\n# Wait delay after enabling APIs\nwait_enable_service_api = time.index.Sleep(\"wait_enable_service_api\", create_duration=30s,\nopts = pulumi.ResourceOptions(depends_on=[kms_api_service]))\n#Create KMS Service Agent\nkms_service_agent = gcp.projects.ServiceIdentity(\"kms_service_agent\",\n service=\"cloudkms.googleapis.com\",\n project=key_project.number,\n opts = pulumi.ResourceOptions(depends_on=[wait_enable_service_api]))\n# Wait delay after creating service agent.\nwait_service_agent = time.index.Sleep(\"wait_service_agent\", create_duration=10s,\nopts = pulumi.ResourceOptions(depends_on=[kms_service_agent]))\n#Grant the KMS Service Agent the Cloud KMS Admin role\nautokey_project_admin = gcp.projects.IAMMember(\"autokey_project_admin\",\n project=key_project.project_id,\n role=\"roles/cloudkms.admin\",\n member=key_project.number.apply(lambda number: f\"serviceAccount:service-{number}@gcp-sa-cloudkms.iam.gserviceaccount.com\"),\n opts = pulumi.ResourceOptions(depends_on=[wait_service_agent]))\n# Wait delay after granting IAM permissions\nwait_srv_acc_permissions = time.index.Sleep(\"wait_srv_acc_permissions\", create_duration=10s,\nopts = pulumi.ResourceOptions(depends_on=[autokey_project_admin]))\nexample_autokeyconfig = gcp.kms.AutokeyConfig(\"example-autokeyconfig\",\n folder=autokms_folder.id,\n key_project=key_project.project_id.apply(lambda project_id: f\"projects/{project_id}\"),\n opts = pulumi.ResourceOptions(depends_on=[wait_srv_acc_permissions]))\n# Wait delay after setting AutokeyConfig, to prevent diffs on reapply,\n# because setting the config takes a little to fully propagate.\nwait_autokey_propagation = time.index.Sleep(\"wait_autokey_propagation\", create_duration=30s,\nopts = pulumi.ResourceOptions(depends_on=[example_autokeyconfig]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create Folder in GCP Organization\n var autokmsFolder = new Gcp.Organizations.Folder(\"autokms_folder\", new()\n {\n DisplayName = \"my-folder\",\n Parent = \"organizations/123456789\",\n DeletionProtection = false,\n });\n\n // Create the key project\n var keyProject = new Gcp.Organizations.Project(\"key_project\", new()\n {\n ProjectId = \"key-proj\",\n Name = \"key-proj\",\n FolderId = autokmsFolder.FolderId,\n BillingAccount = \"000000-0000000-0000000-000000\",\n DeletionPolicy = \"DELETE\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n autokmsFolder,\n },\n });\n\n // Enable the Cloud KMS API\n var kmsApiService = new Gcp.Projects.Service(\"kms_api_service\", new()\n {\n ServiceName = \"cloudkms.googleapis.com\",\n Project = keyProject.ProjectId,\n DisableOnDestroy = false,\n DisableDependentServices = true,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n keyProject,\n },\n });\n\n // Wait delay after enabling APIs\n var waitEnableServiceApi = new Time.Index.Sleep(\"wait_enable_service_api\", new()\n {\n CreateDuration = \"30s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n kmsApiService,\n },\n });\n\n //Create KMS Service Agent\n var kmsServiceAgent = new Gcp.Projects.ServiceIdentity(\"kms_service_agent\", new()\n {\n Service = \"cloudkms.googleapis.com\",\n Project = keyProject.Number,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n waitEnableServiceApi,\n },\n });\n\n // Wait delay after creating service agent.\n var waitServiceAgent = new Time.Index.Sleep(\"wait_service_agent\", new()\n {\n CreateDuration = \"10s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n kmsServiceAgent,\n },\n });\n\n //Grant the KMS Service Agent the Cloud KMS Admin role\n var autokeyProjectAdmin = new Gcp.Projects.IAMMember(\"autokey_project_admin\", new()\n {\n Project = keyProject.ProjectId,\n Role = \"roles/cloudkms.admin\",\n Member = keyProject.Number.Apply(number =\u003e $\"serviceAccount:service-{number}@gcp-sa-cloudkms.iam.gserviceaccount.com\"),\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n waitServiceAgent,\n },\n });\n\n // Wait delay after granting IAM permissions\n var waitSrvAccPermissions = new Time.Index.Sleep(\"wait_srv_acc_permissions\", new()\n {\n CreateDuration = \"10s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n autokeyProjectAdmin,\n },\n });\n\n var example_autokeyconfig = new Gcp.Kms.AutokeyConfig(\"example-autokeyconfig\", new()\n {\n Folder = autokmsFolder.Id,\n KeyProject = keyProject.ProjectId.Apply(projectId =\u003e $\"projects/{projectId}\"),\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n waitSrvAccPermissions,\n },\n });\n\n // Wait delay after setting AutokeyConfig, to prevent diffs on reapply,\n // because setting the config takes a little to fully propagate.\n var waitAutokeyPropagation = new Time.Index.Sleep(\"wait_autokey_propagation\", new()\n {\n CreateDuration = \"30s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n example_autokeyconfig,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Create Folder in GCP Organization\n\t\tautokmsFolder, err := organizations.NewFolder(ctx, \"autokms_folder\", \u0026organizations.FolderArgs{\n\t\t\tDisplayName: pulumi.String(\"my-folder\"),\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create the key project\n\t\tkeyProject, err := organizations.NewProject(ctx, \"key_project\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"key-proj\"),\n\t\t\tName: pulumi.String(\"key-proj\"),\n\t\t\tFolderId: autokmsFolder.FolderId,\n\t\t\tBillingAccount: pulumi.String(\"000000-0000000-0000000-000000\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tautokmsFolder,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Enable the Cloud KMS API\n\t\tkmsApiService, err := projects.NewService(ctx, \"kms_api_service\", \u0026projects.ServiceArgs{\n\t\t\tService: pulumi.String(\"cloudkms.googleapis.com\"),\n\t\t\tProject: keyProject.ProjectId,\n\t\t\tDisableOnDestroy: pulumi.Bool(false),\n\t\t\tDisableDependentServices: pulumi.Bool(true),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tkeyProject,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Wait delay after enabling APIs\n\t\twaitEnableServiceApi, err := time.NewSleep(ctx, \"wait_enable_service_api\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"30s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tkmsApiService,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create KMS Service Agent\n\t\tkmsServiceAgent, err := projects.NewServiceIdentity(ctx, \"kms_service_agent\", \u0026projects.ServiceIdentityArgs{\n\t\t\tService: pulumi.String(\"cloudkms.googleapis.com\"),\n\t\t\tProject: keyProject.Number,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twaitEnableServiceApi,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Wait delay after creating service agent.\n\t\twaitServiceAgent, err := time.NewSleep(ctx, \"wait_service_agent\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"10s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tkmsServiceAgent,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Grant the KMS Service Agent the Cloud KMS Admin role\n\t\tautokeyProjectAdmin, err := projects.NewIAMMember(ctx, \"autokey_project_admin\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: keyProject.ProjectId,\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: keyProject.Number.ApplyT(func(number string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:service-%v@gcp-sa-cloudkms.iam.gserviceaccount.com\", number), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twaitServiceAgent,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Wait delay after granting IAM permissions\n\t\twaitSrvAccPermissions, err := time.NewSleep(ctx, \"wait_srv_acc_permissions\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"10s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tautokeyProjectAdmin,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewAutokeyConfig(ctx, \"example-autokeyconfig\", \u0026kms.AutokeyConfigArgs{\n\t\t\tFolder: autokmsFolder.ID(),\n\t\t\tKeyProject: keyProject.ProjectId.ApplyT(func(projectId string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/%v\", projectId), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twaitSrvAccPermissions,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Wait delay after setting AutokeyConfig, to prevent diffs on reapply,\n\t\t// because setting the config takes a little to fully propagate.\n\t\t_, err = time.NewSleep(ctx, \"wait_autokey_propagation\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"30s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texample_autokeyconfig,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Folder;\nimport com.pulumi.gcp.organizations.FolderArgs;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.projects.ServiceIdentity;\nimport com.pulumi.gcp.projects.ServiceIdentityArgs;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.kms.AutokeyConfig;\nimport com.pulumi.gcp.kms.AutokeyConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Create Folder in GCP Organization\n var autokmsFolder = new Folder(\"autokmsFolder\", FolderArgs.builder()\n .displayName(\"my-folder\")\n .parent(\"organizations/123456789\")\n .deletionProtection(false)\n .build());\n\n // Create the key project\n var keyProject = new Project(\"keyProject\", ProjectArgs.builder()\n .projectId(\"key-proj\")\n .name(\"key-proj\")\n .folderId(autokmsFolder.folderId())\n .billingAccount(\"000000-0000000-0000000-000000\")\n .deletionPolicy(\"DELETE\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(autokmsFolder)\n .build());\n\n // Enable the Cloud KMS API\n var kmsApiService = new Service(\"kmsApiService\", ServiceArgs.builder()\n .service(\"cloudkms.googleapis.com\")\n .project(keyProject.projectId())\n .disableOnDestroy(false)\n .disableDependentServices(true)\n .build(), CustomResourceOptions.builder()\n .dependsOn(keyProject)\n .build());\n\n // Wait delay after enabling APIs\n var waitEnableServiceApi = new Sleep(\"waitEnableServiceApi\", SleepArgs.builder()\n .createDuration(\"30s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(kmsApiService)\n .build());\n\n //Create KMS Service Agent\n var kmsServiceAgent = new ServiceIdentity(\"kmsServiceAgent\", ServiceIdentityArgs.builder()\n .service(\"cloudkms.googleapis.com\")\n .project(keyProject.number())\n .build(), CustomResourceOptions.builder()\n .dependsOn(waitEnableServiceApi)\n .build());\n\n // Wait delay after creating service agent.\n var waitServiceAgent = new Sleep(\"waitServiceAgent\", SleepArgs.builder()\n .createDuration(\"10s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(kmsServiceAgent)\n .build());\n\n //Grant the KMS Service Agent the Cloud KMS Admin role\n var autokeyProjectAdmin = new IAMMember(\"autokeyProjectAdmin\", IAMMemberArgs.builder()\n .project(keyProject.projectId())\n .role(\"roles/cloudkms.admin\")\n .member(keyProject.number().applyValue(number -\u003e String.format(\"serviceAccount:service-%s@gcp-sa-cloudkms.iam.gserviceaccount.com\", number)))\n .build(), CustomResourceOptions.builder()\n .dependsOn(waitServiceAgent)\n .build());\n\n // Wait delay after granting IAM permissions\n var waitSrvAccPermissions = new Sleep(\"waitSrvAccPermissions\", SleepArgs.builder()\n .createDuration(\"10s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(autokeyProjectAdmin)\n .build());\n\n var example_autokeyconfig = new AutokeyConfig(\"example-autokeyconfig\", AutokeyConfigArgs.builder()\n .folder(autokmsFolder.id())\n .keyProject(keyProject.projectId().applyValue(projectId -\u003e String.format(\"projects/%s\", projectId)))\n .build(), CustomResourceOptions.builder()\n .dependsOn(waitSrvAccPermissions)\n .build());\n\n // Wait delay after setting AutokeyConfig, to prevent diffs on reapply,\n // because setting the config takes a little to fully propagate.\n var waitAutokeyPropagation = new Sleep(\"waitAutokeyPropagation\", SleepArgs.builder()\n .createDuration(\"30s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(example_autokeyconfig)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create Folder in GCP Organization\n autokmsFolder:\n type: gcp:organizations:Folder\n name: autokms_folder\n properties:\n displayName: my-folder\n parent: organizations/123456789\n deletionProtection: false\n # Create the key project\n keyProject:\n type: gcp:organizations:Project\n name: key_project\n properties:\n projectId: key-proj\n name: key-proj\n folderId: ${autokmsFolder.folderId}\n billingAccount: 000000-0000000-0000000-000000\n deletionPolicy: DELETE\n options:\n dependson:\n - ${autokmsFolder}\n # Enable the Cloud KMS API\n kmsApiService:\n type: gcp:projects:Service\n name: kms_api_service\n properties:\n service: cloudkms.googleapis.com\n project: ${keyProject.projectId}\n disableOnDestroy: false\n disableDependentServices: true\n options:\n dependson:\n - ${keyProject}\n # Wait delay after enabling APIs\n waitEnableServiceApi:\n type: time:sleep\n name: wait_enable_service_api\n properties:\n createDuration: 30s\n options:\n dependson:\n - ${kmsApiService}\n #Create KMS Service Agent\n kmsServiceAgent:\n type: gcp:projects:ServiceIdentity\n name: kms_service_agent\n properties:\n service: cloudkms.googleapis.com\n project: ${keyProject.number}\n options:\n dependson:\n - ${waitEnableServiceApi}\n # Wait delay after creating service agent.\n waitServiceAgent:\n type: time:sleep\n name: wait_service_agent\n properties:\n createDuration: 10s\n options:\n dependson:\n - ${kmsServiceAgent}\n #Grant the KMS Service Agent the Cloud KMS Admin role\n autokeyProjectAdmin:\n type: gcp:projects:IAMMember\n name: autokey_project_admin\n properties:\n project: ${keyProject.projectId}\n role: roles/cloudkms.admin\n member: serviceAccount:service-${keyProject.number}@gcp-sa-cloudkms.iam.gserviceaccount.com\n options:\n dependson:\n - ${waitServiceAgent}\n # Wait delay after granting IAM permissions\n waitSrvAccPermissions:\n type: time:sleep\n name: wait_srv_acc_permissions\n properties:\n createDuration: 10s\n options:\n dependson:\n - ${autokeyProjectAdmin}\n example-autokeyconfig:\n type: gcp:kms:AutokeyConfig\n properties:\n folder: ${autokmsFolder.id}\n keyProject: projects/${keyProject.projectId}\n options:\n dependson:\n - ${waitSrvAccPermissions}\n # Wait delay after setting AutokeyConfig, to prevent diffs on reapply,\n # because setting the config takes a little to fully propagate.\n waitAutokeyPropagation:\n type: time:sleep\n name: wait_autokey_propagation\n properties:\n createDuration: 30s\n options:\n dependson:\n - ${[\"example-autokeyconfig\"]}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAutokeyConfig can be imported using any of these accepted formats:\n\n* `folders/{{folder}}/autokeyConfig`\n\n* `{{folder}}`\n\nWhen using the `pulumi import` command, AutokeyConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:kms/autokeyConfig:AutokeyConfig default folders/{{folder}}/autokeyConfig\n```\n\n```sh\n$ pulumi import gcp:kms/autokeyConfig:AutokeyConfig default {{folder}}\n```\n\n", + "description": "## Example Usage\n\n### Kms Autokey Config All\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\n// Create Folder in GCP Organization\nconst autokmsFolder = new gcp.organizations.Folder(\"autokms_folder\", {\n displayName: \"my-folder\",\n parent: \"organizations/123456789\",\n deletionProtection: false,\n});\n// Create the key project\nconst keyProject = new gcp.organizations.Project(\"key_project\", {\n projectId: \"key-proj\",\n name: \"key-proj\",\n folderId: autokmsFolder.folderId,\n billingAccount: \"000000-0000000-0000000-000000\",\n deletionPolicy: \"DELETE\",\n}, {\n dependsOn: [autokmsFolder],\n});\n// Enable the Cloud KMS API\nconst kmsApiService = new gcp.projects.Service(\"kms_api_service\", {\n service: \"cloudkms.googleapis.com\",\n project: keyProject.projectId,\n disableOnDestroy: false,\n disableDependentServices: true,\n}, {\n dependsOn: [keyProject],\n});\n// Wait delay after enabling APIs\nconst waitEnableServiceApi = new time.index.Sleep(\"wait_enable_service_api\", {createDuration: \"30s\"}, {\n dependsOn: [kmsApiService],\n});\n//Create KMS Service Agent\nconst kmsServiceAgent = new gcp.projects.ServiceIdentity(\"kms_service_agent\", {\n service: \"cloudkms.googleapis.com\",\n project: keyProject.number,\n}, {\n dependsOn: [waitEnableServiceApi],\n});\n// Wait delay after creating service agent.\nconst waitServiceAgent = new time.index.Sleep(\"wait_service_agent\", {createDuration: \"10s\"}, {\n dependsOn: [kmsServiceAgent],\n});\n//Grant the KMS Service Agent the Cloud KMS Admin role\nconst autokeyProjectAdmin = new gcp.projects.IAMMember(\"autokey_project_admin\", {\n project: keyProject.projectId,\n role: \"roles/cloudkms.admin\",\n member: pulumi.interpolate`serviceAccount:service-${keyProject.number}@gcp-sa-cloudkms.iam.gserviceaccount.com`,\n}, {\n dependsOn: [waitServiceAgent],\n});\n// Wait delay after granting IAM permissions\nconst waitSrvAccPermissions = new time.index.Sleep(\"wait_srv_acc_permissions\", {createDuration: \"10s\"}, {\n dependsOn: [autokeyProjectAdmin],\n});\nconst example_autokeyconfig = new gcp.kms.AutokeyConfig(\"example-autokeyconfig\", {\n folder: autokmsFolder.id,\n keyProject: pulumi.interpolate`projects/${keyProject.projectId}`,\n}, {\n dependsOn: [waitSrvAccPermissions],\n});\n// Wait delay after setting AutokeyConfig, to prevent diffs on reapply,\n// because setting the config takes a little to fully propagate.\nconst waitAutokeyPropagation = new time.index.Sleep(\"wait_autokey_propagation\", {createDuration: \"30s\"}, {\n dependsOn: [example_autokeyconfig],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\n# Create Folder in GCP Organization\nautokms_folder = gcp.organizations.Folder(\"autokms_folder\",\n display_name=\"my-folder\",\n parent=\"organizations/123456789\",\n deletion_protection=False)\n# Create the key project\nkey_project = gcp.organizations.Project(\"key_project\",\n project_id=\"key-proj\",\n name=\"key-proj\",\n folder_id=autokms_folder.folder_id,\n billing_account=\"000000-0000000-0000000-000000\",\n deletion_policy=\"DELETE\",\n opts = pulumi.ResourceOptions(depends_on=[autokms_folder]))\n# Enable the Cloud KMS API\nkms_api_service = gcp.projects.Service(\"kms_api_service\",\n service=\"cloudkms.googleapis.com\",\n project=key_project.project_id,\n disable_on_destroy=False,\n disable_dependent_services=True,\n opts = pulumi.ResourceOptions(depends_on=[key_project]))\n# Wait delay after enabling APIs\nwait_enable_service_api = time.index.Sleep(\"wait_enable_service_api\", create_duration=30s,\nopts = pulumi.ResourceOptions(depends_on=[kms_api_service]))\n#Create KMS Service Agent\nkms_service_agent = gcp.projects.ServiceIdentity(\"kms_service_agent\",\n service=\"cloudkms.googleapis.com\",\n project=key_project.number,\n opts = pulumi.ResourceOptions(depends_on=[wait_enable_service_api]))\n# Wait delay after creating service agent.\nwait_service_agent = time.index.Sleep(\"wait_service_agent\", create_duration=10s,\nopts = pulumi.ResourceOptions(depends_on=[kms_service_agent]))\n#Grant the KMS Service Agent the Cloud KMS Admin role\nautokey_project_admin = gcp.projects.IAMMember(\"autokey_project_admin\",\n project=key_project.project_id,\n role=\"roles/cloudkms.admin\",\n member=key_project.number.apply(lambda number: f\"serviceAccount:service-{number}@gcp-sa-cloudkms.iam.gserviceaccount.com\"),\n opts = pulumi.ResourceOptions(depends_on=[wait_service_agent]))\n# Wait delay after granting IAM permissions\nwait_srv_acc_permissions = time.index.Sleep(\"wait_srv_acc_permissions\", create_duration=10s,\nopts = pulumi.ResourceOptions(depends_on=[autokey_project_admin]))\nexample_autokeyconfig = gcp.kms.AutokeyConfig(\"example-autokeyconfig\",\n folder=autokms_folder.id,\n key_project=key_project.project_id.apply(lambda project_id: f\"projects/{project_id}\"),\n opts = pulumi.ResourceOptions(depends_on=[wait_srv_acc_permissions]))\n# Wait delay after setting AutokeyConfig, to prevent diffs on reapply,\n# because setting the config takes a little to fully propagate.\nwait_autokey_propagation = time.index.Sleep(\"wait_autokey_propagation\", create_duration=30s,\nopts = pulumi.ResourceOptions(depends_on=[example_autokeyconfig]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create Folder in GCP Organization\n var autokmsFolder = new Gcp.Organizations.Folder(\"autokms_folder\", new()\n {\n DisplayName = \"my-folder\",\n Parent = \"organizations/123456789\",\n DeletionProtection = false,\n });\n\n // Create the key project\n var keyProject = new Gcp.Organizations.Project(\"key_project\", new()\n {\n ProjectId = \"key-proj\",\n Name = \"key-proj\",\n FolderId = autokmsFolder.FolderId,\n BillingAccount = \"000000-0000000-0000000-000000\",\n DeletionPolicy = \"DELETE\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n autokmsFolder,\n },\n });\n\n // Enable the Cloud KMS API\n var kmsApiService = new Gcp.Projects.Service(\"kms_api_service\", new()\n {\n ServiceName = \"cloudkms.googleapis.com\",\n Project = keyProject.ProjectId,\n DisableOnDestroy = false,\n DisableDependentServices = true,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n keyProject,\n },\n });\n\n // Wait delay after enabling APIs\n var waitEnableServiceApi = new Time.Index.Sleep(\"wait_enable_service_api\", new()\n {\n CreateDuration = \"30s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n kmsApiService,\n },\n });\n\n //Create KMS Service Agent\n var kmsServiceAgent = new Gcp.Projects.ServiceIdentity(\"kms_service_agent\", new()\n {\n Service = \"cloudkms.googleapis.com\",\n Project = keyProject.Number,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n waitEnableServiceApi,\n },\n });\n\n // Wait delay after creating service agent.\n var waitServiceAgent = new Time.Index.Sleep(\"wait_service_agent\", new()\n {\n CreateDuration = \"10s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n kmsServiceAgent,\n },\n });\n\n //Grant the KMS Service Agent the Cloud KMS Admin role\n var autokeyProjectAdmin = new Gcp.Projects.IAMMember(\"autokey_project_admin\", new()\n {\n Project = keyProject.ProjectId,\n Role = \"roles/cloudkms.admin\",\n Member = keyProject.Number.Apply(number =\u003e $\"serviceAccount:service-{number}@gcp-sa-cloudkms.iam.gserviceaccount.com\"),\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n waitServiceAgent,\n },\n });\n\n // Wait delay after granting IAM permissions\n var waitSrvAccPermissions = new Time.Index.Sleep(\"wait_srv_acc_permissions\", new()\n {\n CreateDuration = \"10s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n autokeyProjectAdmin,\n },\n });\n\n var example_autokeyconfig = new Gcp.Kms.AutokeyConfig(\"example-autokeyconfig\", new()\n {\n Folder = autokmsFolder.Id,\n KeyProject = keyProject.ProjectId.Apply(projectId =\u003e $\"projects/{projectId}\"),\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n waitSrvAccPermissions,\n },\n });\n\n // Wait delay after setting AutokeyConfig, to prevent diffs on reapply,\n // because setting the config takes a little to fully propagate.\n var waitAutokeyPropagation = new Time.Index.Sleep(\"wait_autokey_propagation\", new()\n {\n CreateDuration = \"30s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n example_autokeyconfig,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Create Folder in GCP Organization\n\t\tautokmsFolder, err := organizations.NewFolder(ctx, \"autokms_folder\", \u0026organizations.FolderArgs{\n\t\t\tDisplayName: pulumi.String(\"my-folder\"),\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create the key project\n\t\tkeyProject, err := organizations.NewProject(ctx, \"key_project\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"key-proj\"),\n\t\t\tName: pulumi.String(\"key-proj\"),\n\t\t\tFolderId: autokmsFolder.FolderId,\n\t\t\tBillingAccount: pulumi.String(\"000000-0000000-0000000-000000\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tautokmsFolder,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Enable the Cloud KMS API\n\t\tkmsApiService, err := projects.NewService(ctx, \"kms_api_service\", \u0026projects.ServiceArgs{\n\t\t\tService: pulumi.String(\"cloudkms.googleapis.com\"),\n\t\t\tProject: keyProject.ProjectId,\n\t\t\tDisableOnDestroy: pulumi.Bool(false),\n\t\t\tDisableDependentServices: pulumi.Bool(true),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tkeyProject,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Wait delay after enabling APIs\n\t\twaitEnableServiceApi, err := time.NewSleep(ctx, \"wait_enable_service_api\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"30s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tkmsApiService,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create KMS Service Agent\n\t\tkmsServiceAgent, err := projects.NewServiceIdentity(ctx, \"kms_service_agent\", \u0026projects.ServiceIdentityArgs{\n\t\t\tService: pulumi.String(\"cloudkms.googleapis.com\"),\n\t\t\tProject: keyProject.Number,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twaitEnableServiceApi,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Wait delay after creating service agent.\n\t\twaitServiceAgent, err := time.NewSleep(ctx, \"wait_service_agent\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"10s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tkmsServiceAgent,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Grant the KMS Service Agent the Cloud KMS Admin role\n\t\tautokeyProjectAdmin, err := projects.NewIAMMember(ctx, \"autokey_project_admin\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: keyProject.ProjectId,\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: keyProject.Number.ApplyT(func(number string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:service-%v@gcp-sa-cloudkms.iam.gserviceaccount.com\", number), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twaitServiceAgent,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Wait delay after granting IAM permissions\n\t\twaitSrvAccPermissions, err := time.NewSleep(ctx, \"wait_srv_acc_permissions\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"10s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tautokeyProjectAdmin,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewAutokeyConfig(ctx, \"example-autokeyconfig\", \u0026kms.AutokeyConfigArgs{\n\t\t\tFolder: autokmsFolder.ID(),\n\t\t\tKeyProject: keyProject.ProjectId.ApplyT(func(projectId string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/%v\", projectId), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twaitSrvAccPermissions,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Wait delay after setting AutokeyConfig, to prevent diffs on reapply,\n\t\t// because setting the config takes a little to fully propagate.\n\t\t_, err = time.NewSleep(ctx, \"wait_autokey_propagation\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"30s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texample_autokeyconfig,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Folder;\nimport com.pulumi.gcp.organizations.FolderArgs;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.projects.ServiceIdentity;\nimport com.pulumi.gcp.projects.ServiceIdentityArgs;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.kms.AutokeyConfig;\nimport com.pulumi.gcp.kms.AutokeyConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Create Folder in GCP Organization\n var autokmsFolder = new Folder(\"autokmsFolder\", FolderArgs.builder()\n .displayName(\"my-folder\")\n .parent(\"organizations/123456789\")\n .deletionProtection(false)\n .build());\n\n // Create the key project\n var keyProject = new Project(\"keyProject\", ProjectArgs.builder()\n .projectId(\"key-proj\")\n .name(\"key-proj\")\n .folderId(autokmsFolder.folderId())\n .billingAccount(\"000000-0000000-0000000-000000\")\n .deletionPolicy(\"DELETE\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(autokmsFolder)\n .build());\n\n // Enable the Cloud KMS API\n var kmsApiService = new Service(\"kmsApiService\", ServiceArgs.builder()\n .service(\"cloudkms.googleapis.com\")\n .project(keyProject.projectId())\n .disableOnDestroy(false)\n .disableDependentServices(true)\n .build(), CustomResourceOptions.builder()\n .dependsOn(keyProject)\n .build());\n\n // Wait delay after enabling APIs\n var waitEnableServiceApi = new Sleep(\"waitEnableServiceApi\", SleepArgs.builder()\n .createDuration(\"30s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(kmsApiService)\n .build());\n\n //Create KMS Service Agent\n var kmsServiceAgent = new ServiceIdentity(\"kmsServiceAgent\", ServiceIdentityArgs.builder()\n .service(\"cloudkms.googleapis.com\")\n .project(keyProject.number())\n .build(), CustomResourceOptions.builder()\n .dependsOn(waitEnableServiceApi)\n .build());\n\n // Wait delay after creating service agent.\n var waitServiceAgent = new Sleep(\"waitServiceAgent\", SleepArgs.builder()\n .createDuration(\"10s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(kmsServiceAgent)\n .build());\n\n //Grant the KMS Service Agent the Cloud KMS Admin role\n var autokeyProjectAdmin = new IAMMember(\"autokeyProjectAdmin\", IAMMemberArgs.builder()\n .project(keyProject.projectId())\n .role(\"roles/cloudkms.admin\")\n .member(keyProject.number().applyValue(number -\u003e String.format(\"serviceAccount:service-%s@gcp-sa-cloudkms.iam.gserviceaccount.com\", number)))\n .build(), CustomResourceOptions.builder()\n .dependsOn(waitServiceAgent)\n .build());\n\n // Wait delay after granting IAM permissions\n var waitSrvAccPermissions = new Sleep(\"waitSrvAccPermissions\", SleepArgs.builder()\n .createDuration(\"10s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(autokeyProjectAdmin)\n .build());\n\n var example_autokeyconfig = new AutokeyConfig(\"example-autokeyconfig\", AutokeyConfigArgs.builder()\n .folder(autokmsFolder.id())\n .keyProject(keyProject.projectId().applyValue(projectId -\u003e String.format(\"projects/%s\", projectId)))\n .build(), CustomResourceOptions.builder()\n .dependsOn(waitSrvAccPermissions)\n .build());\n\n // Wait delay after setting AutokeyConfig, to prevent diffs on reapply,\n // because setting the config takes a little to fully propagate.\n var waitAutokeyPropagation = new Sleep(\"waitAutokeyPropagation\", SleepArgs.builder()\n .createDuration(\"30s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(example_autokeyconfig)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create Folder in GCP Organization\n autokmsFolder:\n type: gcp:organizations:Folder\n name: autokms_folder\n properties:\n displayName: my-folder\n parent: organizations/123456789\n deletionProtection: false\n # Create the key project\n keyProject:\n type: gcp:organizations:Project\n name: key_project\n properties:\n projectId: key-proj\n name: key-proj\n folderId: ${autokmsFolder.folderId}\n billingAccount: 000000-0000000-0000000-000000\n deletionPolicy: DELETE\n options:\n dependsOn:\n - ${autokmsFolder}\n # Enable the Cloud KMS API\n kmsApiService:\n type: gcp:projects:Service\n name: kms_api_service\n properties:\n service: cloudkms.googleapis.com\n project: ${keyProject.projectId}\n disableOnDestroy: false\n disableDependentServices: true\n options:\n dependsOn:\n - ${keyProject}\n # Wait delay after enabling APIs\n waitEnableServiceApi:\n type: time:sleep\n name: wait_enable_service_api\n properties:\n createDuration: 30s\n options:\n dependsOn:\n - ${kmsApiService}\n #Create KMS Service Agent\n kmsServiceAgent:\n type: gcp:projects:ServiceIdentity\n name: kms_service_agent\n properties:\n service: cloudkms.googleapis.com\n project: ${keyProject.number}\n options:\n dependsOn:\n - ${waitEnableServiceApi}\n # Wait delay after creating service agent.\n waitServiceAgent:\n type: time:sleep\n name: wait_service_agent\n properties:\n createDuration: 10s\n options:\n dependsOn:\n - ${kmsServiceAgent}\n #Grant the KMS Service Agent the Cloud KMS Admin role\n autokeyProjectAdmin:\n type: gcp:projects:IAMMember\n name: autokey_project_admin\n properties:\n project: ${keyProject.projectId}\n role: roles/cloudkms.admin\n member: serviceAccount:service-${keyProject.number}@gcp-sa-cloudkms.iam.gserviceaccount.com\n options:\n dependsOn:\n - ${waitServiceAgent}\n # Wait delay after granting IAM permissions\n waitSrvAccPermissions:\n type: time:sleep\n name: wait_srv_acc_permissions\n properties:\n createDuration: 10s\n options:\n dependsOn:\n - ${autokeyProjectAdmin}\n example-autokeyconfig:\n type: gcp:kms:AutokeyConfig\n properties:\n folder: ${autokmsFolder.id}\n keyProject: projects/${keyProject.projectId}\n options:\n dependsOn:\n - ${waitSrvAccPermissions}\n # Wait delay after setting AutokeyConfig, to prevent diffs on reapply,\n # because setting the config takes a little to fully propagate.\n waitAutokeyPropagation:\n type: time:sleep\n name: wait_autokey_propagation\n properties:\n createDuration: 30s\n options:\n dependsOn:\n - ${[\"example-autokeyconfig\"]}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAutokeyConfig can be imported using any of these accepted formats:\n\n* `folders/{{folder}}/autokeyConfig`\n\n* `{{folder}}`\n\nWhen using the `pulumi import` command, AutokeyConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:kms/autokeyConfig:AutokeyConfig default folders/{{folder}}/autokeyConfig\n```\n\n```sh\n$ pulumi import gcp:kms/autokeyConfig:AutokeyConfig default {{folder}}\n```\n\n", "properties": { "folder": { "type": "string", @@ -229916,7 +229916,7 @@ } }, "gcp:kms/cryptoKeyIAMBinding:CryptoKeyIAMBinding": { - "description": "Three different resources help you manage your IAM policy for KMS crypto key. Each of these resources serves a different use case:\n\n* `gcp.kms.CryptoKeyIAMPolicy`: Authoritative. Sets the IAM policy for the crypto key and replaces any existing policy already attached.\n* `gcp.kms.CryptoKeyIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the crypto key are preserved.\n* `gcp.kms.CryptoKeyIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the crypto key are preserved.\n\n\u003e **Note:** `gcp.kms.CryptoKeyIAMPolicy` **cannot** be used in conjunction with `gcp.kms.CryptoKeyIAMBinding` and `gcp.kms.CryptoKeyIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.kms.CryptoKeyIAMBinding` resources **can be** used in conjunction with `gcp.kms.CryptoKeyIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst key = new gcp.kms.CryptoKey(\"key\", {\n name: \"crypto-key-example\",\n keyRing: keyring.id,\n rotationPeriod: \"7776000s\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst cryptoKey = new gcp.kms.CryptoKeyIAMPolicy(\"crypto_key\", {\n cryptoKeyId: key.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nkey = gcp.kms.CryptoKey(\"key\",\n name=\"crypto-key-example\",\n key_ring=keyring.id,\n rotation_period=\"7776000s\")\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/cloudkms.cryptoKeyEncrypter\",\n \"members\": [\"user:jane@example.com\"],\n}])\ncrypto_key = gcp.kms.CryptoKeyIAMPolicy(\"crypto_key\",\n crypto_key_id=key.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var key = new Gcp.Kms.CryptoKey(\"key\", new()\n {\n Name = \"crypto-key-example\",\n KeyRing = keyring.Id,\n RotationPeriod = \"7776000s\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMPolicy(\"crypto_key\", new()\n {\n CryptoKeyId = key.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkey, err := kms.NewCryptoKey(ctx, \"key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"crypto-key-example\"),\n\t\t\tKeyRing: keyring.ID(),\n\t\t\tRotationPeriod: pulumi.String(\"7776000s\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/cloudkms.cryptoKeyEncrypter\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewCryptoKeyIAMPolicy(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMPolicyArgs{\n\t\t\tCryptoKeyId: key.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMPolicy;\nimport com.pulumi.gcp.kms.CryptoKeyIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder()\n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n var key = new CryptoKey(\"key\", CryptoKeyArgs.builder()\n .name(\"crypto-key-example\")\n .keyRing(keyring.id())\n .rotationPeriod(\"7776000s\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var cryptoKey = new CryptoKeyIAMPolicy(\"cryptoKey\", CryptoKeyIAMPolicyArgs.builder()\n .cryptoKeyId(key.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n key:\n type: gcp:kms:CryptoKey\n properties:\n name: crypto-key-example\n keyRing: ${keyring.id}\n rotationPeriod: 7776000s\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMPolicy\n name: crypto_key\n properties:\n cryptoKeyId: ${key.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/cloudkms.cryptoKeyEncrypter\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/cloudkms.cryptoKeyEncrypter\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/cloudkms.cryptoKeyEncrypter\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/cloudkms.cryptoKeyEncrypter\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cryptoKey = new gcp.kms.CryptoKeyIAMBinding(\"crypto_key\", {\n cryptoKeyId: key.id,\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncrypto_key = gcp.kms.CryptoKeyIAMBinding(\"crypto_key\",\n crypto_key_id=key[\"id\"],\n role=\"roles/cloudkms.cryptoKeyEncrypter\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMBinding(\"crypto_key\", new()\n {\n CryptoKeyId = key.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewCryptoKeyIAMBinding(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMBindingArgs{\n\t\t\tCryptoKeyId: pulumi.Any(key.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypter\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBinding;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cryptoKey = new CryptoKeyIAMBinding(\"cryptoKey\", CryptoKeyIAMBindingArgs.builder()\n .cryptoKeyId(key.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMBinding\n name: crypto_key\n properties:\n cryptoKeyId: ${key.id}\n role: roles/cloudkms.cryptoKeyEncrypter\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cryptoKey = new gcp.kms.CryptoKeyIAMBinding(\"crypto_key\", {\n cryptoKeyId: key.id,\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncrypto_key = gcp.kms.CryptoKeyIAMBinding(\"crypto_key\",\n crypto_key_id=key[\"id\"],\n role=\"roles/cloudkms.cryptoKeyEncrypter\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMBinding(\"crypto_key\", new()\n {\n CryptoKeyId = key.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.CryptoKeyIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewCryptoKeyIAMBinding(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMBindingArgs{\n\t\t\tCryptoKeyId: pulumi.Any(key.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypter\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.CryptoKeyIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBinding;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;\nimport com.pulumi.gcp.kms.inputs.CryptoKeyIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cryptoKey = new CryptoKeyIAMBinding(\"cryptoKey\", CryptoKeyIAMBindingArgs.builder()\n .cryptoKeyId(key.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .members(\"user:jane@example.com\")\n .condition(CryptoKeyIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMBinding\n name: crypto_key\n properties:\n cryptoKeyId: ${key.id}\n role: roles/cloudkms.cryptoKeyEncrypter\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cryptoKey = new gcp.kms.CryptoKeyIAMMember(\"crypto_key\", {\n cryptoKeyId: key.id,\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncrypto_key = gcp.kms.CryptoKeyIAMMember(\"crypto_key\",\n crypto_key_id=key[\"id\"],\n role=\"roles/cloudkms.cryptoKeyEncrypter\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key\", new()\n {\n CryptoKeyId = key.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewCryptoKeyIAMMember(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.Any(key.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypter\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cryptoKey = new CryptoKeyIAMMember(\"cryptoKey\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(key.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key\n properties:\n cryptoKeyId: ${key.id}\n role: roles/cloudkms.cryptoKeyEncrypter\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cryptoKey = new gcp.kms.CryptoKeyIAMMember(\"crypto_key\", {\n cryptoKeyId: key.id,\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncrypto_key = gcp.kms.CryptoKeyIAMMember(\"crypto_key\",\n crypto_key_id=key[\"id\"],\n role=\"roles/cloudkms.cryptoKeyEncrypter\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key\", new()\n {\n CryptoKeyId = key.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.CryptoKeyIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewCryptoKeyIAMMember(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.Any(key.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypter\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.CryptoKeyIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.kms.inputs.CryptoKeyIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cryptoKey = new CryptoKeyIAMMember(\"cryptoKey\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(key.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .member(\"user:jane@example.com\")\n .condition(CryptoKeyIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key\n properties:\n cryptoKeyId: ${key.id}\n role: roles/cloudkms.cryptoKeyEncrypter\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the KMS crypto key only. For example:\n\n* `{{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}}\"\n\n to = google_kms_crypto_key_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:kms/cryptoKeyIAMBinding:CryptoKeyIAMBinding default {{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for KMS crypto key. Each of these resources serves a different use case:\n\n* `gcp.kms.CryptoKeyIAMPolicy`: Authoritative. Sets the IAM policy for the crypto key and replaces any existing policy already attached.\n* `gcp.kms.CryptoKeyIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the crypto key are preserved.\n* `gcp.kms.CryptoKeyIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the crypto key are preserved.\n\n\u003e **Note:** `gcp.kms.CryptoKeyIAMPolicy` **cannot** be used in conjunction with `gcp.kms.CryptoKeyIAMBinding` and `gcp.kms.CryptoKeyIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.kms.CryptoKeyIAMBinding` resources **can be** used in conjunction with `gcp.kms.CryptoKeyIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst key = new gcp.kms.CryptoKey(\"key\", {\n name: \"crypto-key-example\",\n keyRing: keyring.id,\n rotationPeriod: \"7776000s\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst cryptoKey = new gcp.kms.CryptoKeyIAMPolicy(\"crypto_key\", {\n cryptoKeyId: key.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nkey = gcp.kms.CryptoKey(\"key\",\n name=\"crypto-key-example\",\n key_ring=keyring.id,\n rotation_period=\"7776000s\")\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/cloudkms.cryptoKeyEncrypter\",\n \"members\": [\"user:jane@example.com\"],\n}])\ncrypto_key = gcp.kms.CryptoKeyIAMPolicy(\"crypto_key\",\n crypto_key_id=key.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var key = new Gcp.Kms.CryptoKey(\"key\", new()\n {\n Name = \"crypto-key-example\",\n KeyRing = keyring.Id,\n RotationPeriod = \"7776000s\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMPolicy(\"crypto_key\", new()\n {\n CryptoKeyId = key.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkey, err := kms.NewCryptoKey(ctx, \"key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"crypto-key-example\"),\n\t\t\tKeyRing: keyring.ID(),\n\t\t\tRotationPeriod: pulumi.String(\"7776000s\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/cloudkms.cryptoKeyEncrypter\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewCryptoKeyIAMPolicy(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMPolicyArgs{\n\t\t\tCryptoKeyId: key.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMPolicy;\nimport com.pulumi.gcp.kms.CryptoKeyIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder()\n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n var key = new CryptoKey(\"key\", CryptoKeyArgs.builder()\n .name(\"crypto-key-example\")\n .keyRing(keyring.id())\n .rotationPeriod(\"7776000s\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var cryptoKey = new CryptoKeyIAMPolicy(\"cryptoKey\", CryptoKeyIAMPolicyArgs.builder()\n .cryptoKeyId(key.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n key:\n type: gcp:kms:CryptoKey\n properties:\n name: crypto-key-example\n keyRing: ${keyring.id}\n rotationPeriod: 7776000s\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMPolicy\n name: crypto_key\n properties:\n cryptoKeyId: ${key.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/cloudkms.cryptoKeyEncrypter\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/cloudkms.cryptoKeyEncrypter\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/cloudkms.cryptoKeyEncrypter\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/cloudkms.cryptoKeyEncrypter\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cryptoKey = new gcp.kms.CryptoKeyIAMBinding(\"crypto_key\", {\n cryptoKeyId: key.id,\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncrypto_key = gcp.kms.CryptoKeyIAMBinding(\"crypto_key\",\n crypto_key_id=key[\"id\"],\n role=\"roles/cloudkms.cryptoKeyEncrypter\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMBinding(\"crypto_key\", new()\n {\n CryptoKeyId = key.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewCryptoKeyIAMBinding(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMBindingArgs{\n\t\t\tCryptoKeyId: pulumi.Any(key.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypter\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBinding;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cryptoKey = new CryptoKeyIAMBinding(\"cryptoKey\", CryptoKeyIAMBindingArgs.builder()\n .cryptoKeyId(key.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMBinding\n name: crypto_key\n properties:\n cryptoKeyId: ${key.id}\n role: roles/cloudkms.cryptoKeyEncrypter\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cryptoKey = new gcp.kms.CryptoKeyIAMBinding(\"crypto_key\", {\n cryptoKeyId: key.id,\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncrypto_key = gcp.kms.CryptoKeyIAMBinding(\"crypto_key\",\n crypto_key_id=key[\"id\"],\n role=\"roles/cloudkms.cryptoKeyEncrypter\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMBinding(\"crypto_key\", new()\n {\n CryptoKeyId = key.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.CryptoKeyIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewCryptoKeyIAMBinding(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMBindingArgs{\n\t\t\tCryptoKeyId: pulumi.Any(key.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypter\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.CryptoKeyIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBinding;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;\nimport com.pulumi.gcp.kms.inputs.CryptoKeyIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cryptoKey = new CryptoKeyIAMBinding(\"cryptoKey\", CryptoKeyIAMBindingArgs.builder()\n .cryptoKeyId(key.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .members(\"user:jane@example.com\")\n .condition(CryptoKeyIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMBinding\n name: crypto_key\n properties:\n cryptoKeyId: ${key.id}\n role: roles/cloudkms.cryptoKeyEncrypter\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cryptoKey = new gcp.kms.CryptoKeyIAMMember(\"crypto_key\", {\n cryptoKeyId: key.id,\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncrypto_key = gcp.kms.CryptoKeyIAMMember(\"crypto_key\",\n crypto_key_id=key[\"id\"],\n role=\"roles/cloudkms.cryptoKeyEncrypter\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key\", new()\n {\n CryptoKeyId = key.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewCryptoKeyIAMMember(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.Any(key.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypter\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cryptoKey = new CryptoKeyIAMMember(\"cryptoKey\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(key.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key\n properties:\n cryptoKeyId: ${key.id}\n role: roles/cloudkms.cryptoKeyEncrypter\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cryptoKey = new gcp.kms.CryptoKeyIAMMember(\"crypto_key\", {\n cryptoKeyId: key.id,\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncrypto_key = gcp.kms.CryptoKeyIAMMember(\"crypto_key\",\n crypto_key_id=key[\"id\"],\n role=\"roles/cloudkms.cryptoKeyEncrypter\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key\", new()\n {\n CryptoKeyId = key.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.CryptoKeyIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewCryptoKeyIAMMember(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.Any(key.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypter\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.CryptoKeyIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.kms.inputs.CryptoKeyIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cryptoKey = new CryptoKeyIAMMember(\"cryptoKey\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(key.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .member(\"user:jane@example.com\")\n .condition(CryptoKeyIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key\n properties:\n cryptoKeyId: ${key.id}\n role: roles/cloudkms.cryptoKeyEncrypter\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the KMS crypto key only. For example:\n\n* `{{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}}\"\n\n to = google_kms_crypto_key_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:kms/cryptoKeyIAMBinding:CryptoKeyIAMBinding default {{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:kms/CryptoKeyIAMBindingCondition:CryptoKeyIAMBindingCondition", @@ -230011,7 +230011,7 @@ } }, "gcp:kms/cryptoKeyIAMMember:CryptoKeyIAMMember": { - "description": "Three different resources help you manage your IAM policy for KMS crypto key. Each of these resources serves a different use case:\n\n* `gcp.kms.CryptoKeyIAMPolicy`: Authoritative. Sets the IAM policy for the crypto key and replaces any existing policy already attached.\n* `gcp.kms.CryptoKeyIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the crypto key are preserved.\n* `gcp.kms.CryptoKeyIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the crypto key are preserved.\n\n\u003e **Note:** `gcp.kms.CryptoKeyIAMPolicy` **cannot** be used in conjunction with `gcp.kms.CryptoKeyIAMBinding` and `gcp.kms.CryptoKeyIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.kms.CryptoKeyIAMBinding` resources **can be** used in conjunction with `gcp.kms.CryptoKeyIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst key = new gcp.kms.CryptoKey(\"key\", {\n name: \"crypto-key-example\",\n keyRing: keyring.id,\n rotationPeriod: \"7776000s\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst cryptoKey = new gcp.kms.CryptoKeyIAMPolicy(\"crypto_key\", {\n cryptoKeyId: key.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nkey = gcp.kms.CryptoKey(\"key\",\n name=\"crypto-key-example\",\n key_ring=keyring.id,\n rotation_period=\"7776000s\")\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/cloudkms.cryptoKeyEncrypter\",\n \"members\": [\"user:jane@example.com\"],\n}])\ncrypto_key = gcp.kms.CryptoKeyIAMPolicy(\"crypto_key\",\n crypto_key_id=key.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var key = new Gcp.Kms.CryptoKey(\"key\", new()\n {\n Name = \"crypto-key-example\",\n KeyRing = keyring.Id,\n RotationPeriod = \"7776000s\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMPolicy(\"crypto_key\", new()\n {\n CryptoKeyId = key.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkey, err := kms.NewCryptoKey(ctx, \"key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"crypto-key-example\"),\n\t\t\tKeyRing: keyring.ID(),\n\t\t\tRotationPeriod: pulumi.String(\"7776000s\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/cloudkms.cryptoKeyEncrypter\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewCryptoKeyIAMPolicy(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMPolicyArgs{\n\t\t\tCryptoKeyId: key.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMPolicy;\nimport com.pulumi.gcp.kms.CryptoKeyIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder()\n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n var key = new CryptoKey(\"key\", CryptoKeyArgs.builder()\n .name(\"crypto-key-example\")\n .keyRing(keyring.id())\n .rotationPeriod(\"7776000s\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var cryptoKey = new CryptoKeyIAMPolicy(\"cryptoKey\", CryptoKeyIAMPolicyArgs.builder()\n .cryptoKeyId(key.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n key:\n type: gcp:kms:CryptoKey\n properties:\n name: crypto-key-example\n keyRing: ${keyring.id}\n rotationPeriod: 7776000s\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMPolicy\n name: crypto_key\n properties:\n cryptoKeyId: ${key.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/cloudkms.cryptoKeyEncrypter\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/cloudkms.cryptoKeyEncrypter\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/cloudkms.cryptoKeyEncrypter\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/cloudkms.cryptoKeyEncrypter\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cryptoKey = new gcp.kms.CryptoKeyIAMBinding(\"crypto_key\", {\n cryptoKeyId: key.id,\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncrypto_key = gcp.kms.CryptoKeyIAMBinding(\"crypto_key\",\n crypto_key_id=key[\"id\"],\n role=\"roles/cloudkms.cryptoKeyEncrypter\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMBinding(\"crypto_key\", new()\n {\n CryptoKeyId = key.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewCryptoKeyIAMBinding(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMBindingArgs{\n\t\t\tCryptoKeyId: pulumi.Any(key.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypter\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBinding;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cryptoKey = new CryptoKeyIAMBinding(\"cryptoKey\", CryptoKeyIAMBindingArgs.builder()\n .cryptoKeyId(key.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMBinding\n name: crypto_key\n properties:\n cryptoKeyId: ${key.id}\n role: roles/cloudkms.cryptoKeyEncrypter\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cryptoKey = new gcp.kms.CryptoKeyIAMBinding(\"crypto_key\", {\n cryptoKeyId: key.id,\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncrypto_key = gcp.kms.CryptoKeyIAMBinding(\"crypto_key\",\n crypto_key_id=key[\"id\"],\n role=\"roles/cloudkms.cryptoKeyEncrypter\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMBinding(\"crypto_key\", new()\n {\n CryptoKeyId = key.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.CryptoKeyIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewCryptoKeyIAMBinding(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMBindingArgs{\n\t\t\tCryptoKeyId: pulumi.Any(key.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypter\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.CryptoKeyIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBinding;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;\nimport com.pulumi.gcp.kms.inputs.CryptoKeyIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cryptoKey = new CryptoKeyIAMBinding(\"cryptoKey\", CryptoKeyIAMBindingArgs.builder()\n .cryptoKeyId(key.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .members(\"user:jane@example.com\")\n .condition(CryptoKeyIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMBinding\n name: crypto_key\n properties:\n cryptoKeyId: ${key.id}\n role: roles/cloudkms.cryptoKeyEncrypter\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cryptoKey = new gcp.kms.CryptoKeyIAMMember(\"crypto_key\", {\n cryptoKeyId: key.id,\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncrypto_key = gcp.kms.CryptoKeyIAMMember(\"crypto_key\",\n crypto_key_id=key[\"id\"],\n role=\"roles/cloudkms.cryptoKeyEncrypter\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key\", new()\n {\n CryptoKeyId = key.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewCryptoKeyIAMMember(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.Any(key.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypter\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cryptoKey = new CryptoKeyIAMMember(\"cryptoKey\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(key.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key\n properties:\n cryptoKeyId: ${key.id}\n role: roles/cloudkms.cryptoKeyEncrypter\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cryptoKey = new gcp.kms.CryptoKeyIAMMember(\"crypto_key\", {\n cryptoKeyId: key.id,\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncrypto_key = gcp.kms.CryptoKeyIAMMember(\"crypto_key\",\n crypto_key_id=key[\"id\"],\n role=\"roles/cloudkms.cryptoKeyEncrypter\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key\", new()\n {\n CryptoKeyId = key.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.CryptoKeyIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewCryptoKeyIAMMember(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.Any(key.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypter\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.CryptoKeyIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.kms.inputs.CryptoKeyIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cryptoKey = new CryptoKeyIAMMember(\"cryptoKey\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(key.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .member(\"user:jane@example.com\")\n .condition(CryptoKeyIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key\n properties:\n cryptoKeyId: ${key.id}\n role: roles/cloudkms.cryptoKeyEncrypter\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the KMS crypto key only. For example:\n\n* `{{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}}\"\n\n to = google_kms_crypto_key_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:kms/cryptoKeyIAMMember:CryptoKeyIAMMember default {{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for KMS crypto key. Each of these resources serves a different use case:\n\n* `gcp.kms.CryptoKeyIAMPolicy`: Authoritative. Sets the IAM policy for the crypto key and replaces any existing policy already attached.\n* `gcp.kms.CryptoKeyIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the crypto key are preserved.\n* `gcp.kms.CryptoKeyIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the crypto key are preserved.\n\n\u003e **Note:** `gcp.kms.CryptoKeyIAMPolicy` **cannot** be used in conjunction with `gcp.kms.CryptoKeyIAMBinding` and `gcp.kms.CryptoKeyIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.kms.CryptoKeyIAMBinding` resources **can be** used in conjunction with `gcp.kms.CryptoKeyIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst key = new gcp.kms.CryptoKey(\"key\", {\n name: \"crypto-key-example\",\n keyRing: keyring.id,\n rotationPeriod: \"7776000s\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst cryptoKey = new gcp.kms.CryptoKeyIAMPolicy(\"crypto_key\", {\n cryptoKeyId: key.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nkey = gcp.kms.CryptoKey(\"key\",\n name=\"crypto-key-example\",\n key_ring=keyring.id,\n rotation_period=\"7776000s\")\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/cloudkms.cryptoKeyEncrypter\",\n \"members\": [\"user:jane@example.com\"],\n}])\ncrypto_key = gcp.kms.CryptoKeyIAMPolicy(\"crypto_key\",\n crypto_key_id=key.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var key = new Gcp.Kms.CryptoKey(\"key\", new()\n {\n Name = \"crypto-key-example\",\n KeyRing = keyring.Id,\n RotationPeriod = \"7776000s\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMPolicy(\"crypto_key\", new()\n {\n CryptoKeyId = key.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkey, err := kms.NewCryptoKey(ctx, \"key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"crypto-key-example\"),\n\t\t\tKeyRing: keyring.ID(),\n\t\t\tRotationPeriod: pulumi.String(\"7776000s\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/cloudkms.cryptoKeyEncrypter\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewCryptoKeyIAMPolicy(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMPolicyArgs{\n\t\t\tCryptoKeyId: key.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMPolicy;\nimport com.pulumi.gcp.kms.CryptoKeyIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder()\n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n var key = new CryptoKey(\"key\", CryptoKeyArgs.builder()\n .name(\"crypto-key-example\")\n .keyRing(keyring.id())\n .rotationPeriod(\"7776000s\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var cryptoKey = new CryptoKeyIAMPolicy(\"cryptoKey\", CryptoKeyIAMPolicyArgs.builder()\n .cryptoKeyId(key.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n key:\n type: gcp:kms:CryptoKey\n properties:\n name: crypto-key-example\n keyRing: ${keyring.id}\n rotationPeriod: 7776000s\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMPolicy\n name: crypto_key\n properties:\n cryptoKeyId: ${key.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/cloudkms.cryptoKeyEncrypter\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/cloudkms.cryptoKeyEncrypter\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/cloudkms.cryptoKeyEncrypter\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/cloudkms.cryptoKeyEncrypter\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cryptoKey = new gcp.kms.CryptoKeyIAMBinding(\"crypto_key\", {\n cryptoKeyId: key.id,\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncrypto_key = gcp.kms.CryptoKeyIAMBinding(\"crypto_key\",\n crypto_key_id=key[\"id\"],\n role=\"roles/cloudkms.cryptoKeyEncrypter\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMBinding(\"crypto_key\", new()\n {\n CryptoKeyId = key.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewCryptoKeyIAMBinding(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMBindingArgs{\n\t\t\tCryptoKeyId: pulumi.Any(key.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypter\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBinding;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cryptoKey = new CryptoKeyIAMBinding(\"cryptoKey\", CryptoKeyIAMBindingArgs.builder()\n .cryptoKeyId(key.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMBinding\n name: crypto_key\n properties:\n cryptoKeyId: ${key.id}\n role: roles/cloudkms.cryptoKeyEncrypter\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cryptoKey = new gcp.kms.CryptoKeyIAMBinding(\"crypto_key\", {\n cryptoKeyId: key.id,\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncrypto_key = gcp.kms.CryptoKeyIAMBinding(\"crypto_key\",\n crypto_key_id=key[\"id\"],\n role=\"roles/cloudkms.cryptoKeyEncrypter\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMBinding(\"crypto_key\", new()\n {\n CryptoKeyId = key.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.CryptoKeyIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewCryptoKeyIAMBinding(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMBindingArgs{\n\t\t\tCryptoKeyId: pulumi.Any(key.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypter\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.CryptoKeyIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBinding;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;\nimport com.pulumi.gcp.kms.inputs.CryptoKeyIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cryptoKey = new CryptoKeyIAMBinding(\"cryptoKey\", CryptoKeyIAMBindingArgs.builder()\n .cryptoKeyId(key.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .members(\"user:jane@example.com\")\n .condition(CryptoKeyIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMBinding\n name: crypto_key\n properties:\n cryptoKeyId: ${key.id}\n role: roles/cloudkms.cryptoKeyEncrypter\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cryptoKey = new gcp.kms.CryptoKeyIAMMember(\"crypto_key\", {\n cryptoKeyId: key.id,\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncrypto_key = gcp.kms.CryptoKeyIAMMember(\"crypto_key\",\n crypto_key_id=key[\"id\"],\n role=\"roles/cloudkms.cryptoKeyEncrypter\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key\", new()\n {\n CryptoKeyId = key.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewCryptoKeyIAMMember(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.Any(key.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypter\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cryptoKey = new CryptoKeyIAMMember(\"cryptoKey\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(key.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key\n properties:\n cryptoKeyId: ${key.id}\n role: roles/cloudkms.cryptoKeyEncrypter\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cryptoKey = new gcp.kms.CryptoKeyIAMMember(\"crypto_key\", {\n cryptoKeyId: key.id,\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncrypto_key = gcp.kms.CryptoKeyIAMMember(\"crypto_key\",\n crypto_key_id=key[\"id\"],\n role=\"roles/cloudkms.cryptoKeyEncrypter\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key\", new()\n {\n CryptoKeyId = key.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.CryptoKeyIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewCryptoKeyIAMMember(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.Any(key.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypter\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.CryptoKeyIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.kms.inputs.CryptoKeyIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cryptoKey = new CryptoKeyIAMMember(\"cryptoKey\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(key.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .member(\"user:jane@example.com\")\n .condition(CryptoKeyIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key\n properties:\n cryptoKeyId: ${key.id}\n role: roles/cloudkms.cryptoKeyEncrypter\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the KMS crypto key only. For example:\n\n* `{{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}}\"\n\n to = google_kms_crypto_key_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:kms/cryptoKeyIAMMember:CryptoKeyIAMMember default {{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:kms/CryptoKeyIAMMemberCondition:CryptoKeyIAMMemberCondition", @@ -230099,7 +230099,7 @@ } }, "gcp:kms/cryptoKeyIAMPolicy:CryptoKeyIAMPolicy": { - "description": "Three different resources help you manage your IAM policy for KMS crypto key. Each of these resources serves a different use case:\n\n* `gcp.kms.CryptoKeyIAMPolicy`: Authoritative. Sets the IAM policy for the crypto key and replaces any existing policy already attached.\n* `gcp.kms.CryptoKeyIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the crypto key are preserved.\n* `gcp.kms.CryptoKeyIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the crypto key are preserved.\n\n\u003e **Note:** `gcp.kms.CryptoKeyIAMPolicy` **cannot** be used in conjunction with `gcp.kms.CryptoKeyIAMBinding` and `gcp.kms.CryptoKeyIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.kms.CryptoKeyIAMBinding` resources **can be** used in conjunction with `gcp.kms.CryptoKeyIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst key = new gcp.kms.CryptoKey(\"key\", {\n name: \"crypto-key-example\",\n keyRing: keyring.id,\n rotationPeriod: \"7776000s\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst cryptoKey = new gcp.kms.CryptoKeyIAMPolicy(\"crypto_key\", {\n cryptoKeyId: key.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nkey = gcp.kms.CryptoKey(\"key\",\n name=\"crypto-key-example\",\n key_ring=keyring.id,\n rotation_period=\"7776000s\")\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/cloudkms.cryptoKeyEncrypter\",\n \"members\": [\"user:jane@example.com\"],\n}])\ncrypto_key = gcp.kms.CryptoKeyIAMPolicy(\"crypto_key\",\n crypto_key_id=key.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var key = new Gcp.Kms.CryptoKey(\"key\", new()\n {\n Name = \"crypto-key-example\",\n KeyRing = keyring.Id,\n RotationPeriod = \"7776000s\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMPolicy(\"crypto_key\", new()\n {\n CryptoKeyId = key.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkey, err := kms.NewCryptoKey(ctx, \"key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"crypto-key-example\"),\n\t\t\tKeyRing: keyring.ID(),\n\t\t\tRotationPeriod: pulumi.String(\"7776000s\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/cloudkms.cryptoKeyEncrypter\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewCryptoKeyIAMPolicy(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMPolicyArgs{\n\t\t\tCryptoKeyId: key.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMPolicy;\nimport com.pulumi.gcp.kms.CryptoKeyIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder()\n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n var key = new CryptoKey(\"key\", CryptoKeyArgs.builder()\n .name(\"crypto-key-example\")\n .keyRing(keyring.id())\n .rotationPeriod(\"7776000s\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var cryptoKey = new CryptoKeyIAMPolicy(\"cryptoKey\", CryptoKeyIAMPolicyArgs.builder()\n .cryptoKeyId(key.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n key:\n type: gcp:kms:CryptoKey\n properties:\n name: crypto-key-example\n keyRing: ${keyring.id}\n rotationPeriod: 7776000s\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMPolicy\n name: crypto_key\n properties:\n cryptoKeyId: ${key.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/cloudkms.cryptoKeyEncrypter\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/cloudkms.cryptoKeyEncrypter\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/cloudkms.cryptoKeyEncrypter\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/cloudkms.cryptoKeyEncrypter\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cryptoKey = new gcp.kms.CryptoKeyIAMBinding(\"crypto_key\", {\n cryptoKeyId: key.id,\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncrypto_key = gcp.kms.CryptoKeyIAMBinding(\"crypto_key\",\n crypto_key_id=key[\"id\"],\n role=\"roles/cloudkms.cryptoKeyEncrypter\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMBinding(\"crypto_key\", new()\n {\n CryptoKeyId = key.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewCryptoKeyIAMBinding(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMBindingArgs{\n\t\t\tCryptoKeyId: pulumi.Any(key.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypter\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBinding;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cryptoKey = new CryptoKeyIAMBinding(\"cryptoKey\", CryptoKeyIAMBindingArgs.builder()\n .cryptoKeyId(key.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMBinding\n name: crypto_key\n properties:\n cryptoKeyId: ${key.id}\n role: roles/cloudkms.cryptoKeyEncrypter\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cryptoKey = new gcp.kms.CryptoKeyIAMBinding(\"crypto_key\", {\n cryptoKeyId: key.id,\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncrypto_key = gcp.kms.CryptoKeyIAMBinding(\"crypto_key\",\n crypto_key_id=key[\"id\"],\n role=\"roles/cloudkms.cryptoKeyEncrypter\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMBinding(\"crypto_key\", new()\n {\n CryptoKeyId = key.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.CryptoKeyIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewCryptoKeyIAMBinding(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMBindingArgs{\n\t\t\tCryptoKeyId: pulumi.Any(key.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypter\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.CryptoKeyIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBinding;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;\nimport com.pulumi.gcp.kms.inputs.CryptoKeyIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cryptoKey = new CryptoKeyIAMBinding(\"cryptoKey\", CryptoKeyIAMBindingArgs.builder()\n .cryptoKeyId(key.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .members(\"user:jane@example.com\")\n .condition(CryptoKeyIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMBinding\n name: crypto_key\n properties:\n cryptoKeyId: ${key.id}\n role: roles/cloudkms.cryptoKeyEncrypter\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cryptoKey = new gcp.kms.CryptoKeyIAMMember(\"crypto_key\", {\n cryptoKeyId: key.id,\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncrypto_key = gcp.kms.CryptoKeyIAMMember(\"crypto_key\",\n crypto_key_id=key[\"id\"],\n role=\"roles/cloudkms.cryptoKeyEncrypter\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key\", new()\n {\n CryptoKeyId = key.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewCryptoKeyIAMMember(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.Any(key.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypter\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cryptoKey = new CryptoKeyIAMMember(\"cryptoKey\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(key.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key\n properties:\n cryptoKeyId: ${key.id}\n role: roles/cloudkms.cryptoKeyEncrypter\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cryptoKey = new gcp.kms.CryptoKeyIAMMember(\"crypto_key\", {\n cryptoKeyId: key.id,\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncrypto_key = gcp.kms.CryptoKeyIAMMember(\"crypto_key\",\n crypto_key_id=key[\"id\"],\n role=\"roles/cloudkms.cryptoKeyEncrypter\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key\", new()\n {\n CryptoKeyId = key.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.CryptoKeyIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewCryptoKeyIAMMember(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.Any(key.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypter\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.CryptoKeyIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.kms.inputs.CryptoKeyIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cryptoKey = new CryptoKeyIAMMember(\"cryptoKey\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(key.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .member(\"user:jane@example.com\")\n .condition(CryptoKeyIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key\n properties:\n cryptoKeyId: ${key.id}\n role: roles/cloudkms.cryptoKeyEncrypter\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the KMS crypto key only. For example:\n\n* `{{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}}\"\n\n to = google_kms_crypto_key_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:kms/cryptoKeyIAMPolicy:CryptoKeyIAMPolicy default {{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for KMS crypto key. Each of these resources serves a different use case:\n\n* `gcp.kms.CryptoKeyIAMPolicy`: Authoritative. Sets the IAM policy for the crypto key and replaces any existing policy already attached.\n* `gcp.kms.CryptoKeyIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the crypto key are preserved.\n* `gcp.kms.CryptoKeyIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the crypto key are preserved.\n\n\u003e **Note:** `gcp.kms.CryptoKeyIAMPolicy` **cannot** be used in conjunction with `gcp.kms.CryptoKeyIAMBinding` and `gcp.kms.CryptoKeyIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.kms.CryptoKeyIAMBinding` resources **can be** used in conjunction with `gcp.kms.CryptoKeyIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst key = new gcp.kms.CryptoKey(\"key\", {\n name: \"crypto-key-example\",\n keyRing: keyring.id,\n rotationPeriod: \"7776000s\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst cryptoKey = new gcp.kms.CryptoKeyIAMPolicy(\"crypto_key\", {\n cryptoKeyId: key.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nkey = gcp.kms.CryptoKey(\"key\",\n name=\"crypto-key-example\",\n key_ring=keyring.id,\n rotation_period=\"7776000s\")\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/cloudkms.cryptoKeyEncrypter\",\n \"members\": [\"user:jane@example.com\"],\n}])\ncrypto_key = gcp.kms.CryptoKeyIAMPolicy(\"crypto_key\",\n crypto_key_id=key.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var key = new Gcp.Kms.CryptoKey(\"key\", new()\n {\n Name = \"crypto-key-example\",\n KeyRing = keyring.Id,\n RotationPeriod = \"7776000s\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMPolicy(\"crypto_key\", new()\n {\n CryptoKeyId = key.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkey, err := kms.NewCryptoKey(ctx, \"key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"crypto-key-example\"),\n\t\t\tKeyRing: keyring.ID(),\n\t\t\tRotationPeriod: pulumi.String(\"7776000s\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/cloudkms.cryptoKeyEncrypter\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewCryptoKeyIAMPolicy(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMPolicyArgs{\n\t\t\tCryptoKeyId: key.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMPolicy;\nimport com.pulumi.gcp.kms.CryptoKeyIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder()\n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n var key = new CryptoKey(\"key\", CryptoKeyArgs.builder()\n .name(\"crypto-key-example\")\n .keyRing(keyring.id())\n .rotationPeriod(\"7776000s\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var cryptoKey = new CryptoKeyIAMPolicy(\"cryptoKey\", CryptoKeyIAMPolicyArgs.builder()\n .cryptoKeyId(key.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n key:\n type: gcp:kms:CryptoKey\n properties:\n name: crypto-key-example\n keyRing: ${keyring.id}\n rotationPeriod: 7776000s\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMPolicy\n name: crypto_key\n properties:\n cryptoKeyId: ${key.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/cloudkms.cryptoKeyEncrypter\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/cloudkms.cryptoKeyEncrypter\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/cloudkms.cryptoKeyEncrypter\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/cloudkms.cryptoKeyEncrypter\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cryptoKey = new gcp.kms.CryptoKeyIAMBinding(\"crypto_key\", {\n cryptoKeyId: key.id,\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncrypto_key = gcp.kms.CryptoKeyIAMBinding(\"crypto_key\",\n crypto_key_id=key[\"id\"],\n role=\"roles/cloudkms.cryptoKeyEncrypter\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMBinding(\"crypto_key\", new()\n {\n CryptoKeyId = key.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewCryptoKeyIAMBinding(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMBindingArgs{\n\t\t\tCryptoKeyId: pulumi.Any(key.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypter\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBinding;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cryptoKey = new CryptoKeyIAMBinding(\"cryptoKey\", CryptoKeyIAMBindingArgs.builder()\n .cryptoKeyId(key.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMBinding\n name: crypto_key\n properties:\n cryptoKeyId: ${key.id}\n role: roles/cloudkms.cryptoKeyEncrypter\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cryptoKey = new gcp.kms.CryptoKeyIAMBinding(\"crypto_key\", {\n cryptoKeyId: key.id,\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncrypto_key = gcp.kms.CryptoKeyIAMBinding(\"crypto_key\",\n crypto_key_id=key[\"id\"],\n role=\"roles/cloudkms.cryptoKeyEncrypter\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMBinding(\"crypto_key\", new()\n {\n CryptoKeyId = key.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.CryptoKeyIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewCryptoKeyIAMBinding(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMBindingArgs{\n\t\t\tCryptoKeyId: pulumi.Any(key.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypter\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.CryptoKeyIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBinding;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;\nimport com.pulumi.gcp.kms.inputs.CryptoKeyIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cryptoKey = new CryptoKeyIAMBinding(\"cryptoKey\", CryptoKeyIAMBindingArgs.builder()\n .cryptoKeyId(key.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .members(\"user:jane@example.com\")\n .condition(CryptoKeyIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMBinding\n name: crypto_key\n properties:\n cryptoKeyId: ${key.id}\n role: roles/cloudkms.cryptoKeyEncrypter\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cryptoKey = new gcp.kms.CryptoKeyIAMMember(\"crypto_key\", {\n cryptoKeyId: key.id,\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncrypto_key = gcp.kms.CryptoKeyIAMMember(\"crypto_key\",\n crypto_key_id=key[\"id\"],\n role=\"roles/cloudkms.cryptoKeyEncrypter\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key\", new()\n {\n CryptoKeyId = key.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewCryptoKeyIAMMember(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.Any(key.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypter\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cryptoKey = new CryptoKeyIAMMember(\"cryptoKey\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(key.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key\n properties:\n cryptoKeyId: ${key.id}\n role: roles/cloudkms.cryptoKeyEncrypter\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cryptoKey = new gcp.kms.CryptoKeyIAMMember(\"crypto_key\", {\n cryptoKeyId: key.id,\n role: \"roles/cloudkms.cryptoKeyEncrypter\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncrypto_key = gcp.kms.CryptoKeyIAMMember(\"crypto_key\",\n crypto_key_id=key[\"id\"],\n role=\"roles/cloudkms.cryptoKeyEncrypter\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key\", new()\n {\n CryptoKeyId = key.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypter\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.CryptoKeyIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewCryptoKeyIAMMember(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.Any(key.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypter\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.CryptoKeyIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.kms.inputs.CryptoKeyIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cryptoKey = new CryptoKeyIAMMember(\"cryptoKey\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(key.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypter\")\n .member(\"user:jane@example.com\")\n .condition(CryptoKeyIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key\n properties:\n cryptoKeyId: ${key.id}\n role: roles/cloudkms.cryptoKeyEncrypter\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the KMS crypto key only. For example:\n\n* `{{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}}\"\n\n to = google_kms_crypto_key_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:kms/cryptoKeyIAMPolicy:CryptoKeyIAMPolicy default {{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}}\n```\n\n", "properties": { "cryptoKeyId": { "type": "string", @@ -230394,7 +230394,7 @@ } }, "gcp:kms/ekmConnectionIamBinding:EkmConnectionIamBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud Key Management Service EkmConnection. Each of these resources serves a different use case:\n\n* `gcp.kms.EkmConnectionIamPolicy`: Authoritative. Sets the IAM policy for the ekmconnection and replaces any existing policy already attached.\n* `gcp.kms.EkmConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the ekmconnection are preserved.\n* `gcp.kms.EkmConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the ekmconnection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.kms.EkmConnectionIamPolicy`: Retrieves the IAM policy for the ekmconnection\n\n\u003e **Note:** `gcp.kms.EkmConnectionIamPolicy` **cannot** be used in conjunction with `gcp.kms.EkmConnectionIamBinding` and `gcp.kms.EkmConnectionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.kms.EkmConnectionIamBinding` resources **can be** used in conjunction with `gcp.kms.EkmConnectionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.kms.EkmConnectionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.kms.EkmConnectionIamPolicy(\"policy\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.kms.EkmConnectionIamPolicy(\"policy\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Kms.EkmConnectionIamPolicy(\"policy\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewEkmConnectionIamPolicy(ctx, \"policy\", \u0026kms.EkmConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicy;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EkmConnectionIamPolicy(\"policy\", EkmConnectionIamPolicyArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:kms:EkmConnectionIamPolicy\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.kms.EkmConnectionIamPolicy(\"policy\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.kms.EkmConnectionIamPolicy(\"policy\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Kms.EkmConnectionIamPolicy(\"policy\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewEkmConnectionIamPolicy(ctx, \"policy\", \u0026kms.EkmConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicy;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new EkmConnectionIamPolicy(\"policy\", EkmConnectionIamPolicyArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:kms:EkmConnectionIamPolicy\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.kms.EkmConnectionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.kms.EkmConnectionIamBinding(\"binding\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.kms.EkmConnectionIamBinding(\"binding\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Kms.EkmConnectionIamBinding(\"binding\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamBinding(ctx, \"binding\", \u0026kms.EkmConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamBinding;\nimport com.pulumi.gcp.kms.EkmConnectionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EkmConnectionIamBinding(\"binding\", EkmConnectionIamBindingArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:kms:EkmConnectionIamBinding\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.kms.EkmConnectionIamBinding(\"binding\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.kms.EkmConnectionIamBinding(\"binding\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Kms.EkmConnectionIamBinding(\"binding\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.EkmConnectionIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamBinding(ctx, \"binding\", \u0026kms.EkmConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.EkmConnectionIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamBinding;\nimport com.pulumi.gcp.kms.EkmConnectionIamBindingArgs;\nimport com.pulumi.gcp.kms.inputs.EkmConnectionIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EkmConnectionIamBinding(\"binding\", EkmConnectionIamBindingArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .condition(EkmConnectionIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:kms:EkmConnectionIamBinding\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.kms.EkmConnectionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.kms.EkmConnectionIamMember(\"member\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.kms.EkmConnectionIamMember(\"member\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Kms.EkmConnectionIamMember(\"member\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamMember(ctx, \"member\", \u0026kms.EkmConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamMember;\nimport com.pulumi.gcp.kms.EkmConnectionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EkmConnectionIamMember(\"member\", EkmConnectionIamMemberArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:kms:EkmConnectionIamMember\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.kms.EkmConnectionIamMember(\"member\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.kms.EkmConnectionIamMember(\"member\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Kms.EkmConnectionIamMember(\"member\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.EkmConnectionIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamMember(ctx, \"member\", \u0026kms.EkmConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.EkmConnectionIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamMember;\nimport com.pulumi.gcp.kms.EkmConnectionIamMemberArgs;\nimport com.pulumi.gcp.kms.inputs.EkmConnectionIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EkmConnectionIamMember(\"member\", EkmConnectionIamMemberArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .condition(EkmConnectionIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:kms:EkmConnectionIamMember\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Key Management Service EkmConnection\nThree different resources help you manage your IAM policy for Cloud Key Management Service EkmConnection. Each of these resources serves a different use case:\n\n* `gcp.kms.EkmConnectionIamPolicy`: Authoritative. Sets the IAM policy for the ekmconnection and replaces any existing policy already attached.\n* `gcp.kms.EkmConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the ekmconnection are preserved.\n* `gcp.kms.EkmConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the ekmconnection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.kms.EkmConnectionIamPolicy`: Retrieves the IAM policy for the ekmconnection\n\n\u003e **Note:** `gcp.kms.EkmConnectionIamPolicy` **cannot** be used in conjunction with `gcp.kms.EkmConnectionIamBinding` and `gcp.kms.EkmConnectionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.kms.EkmConnectionIamBinding` resources **can be** used in conjunction with `gcp.kms.EkmConnectionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.kms.EkmConnectionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.kms.EkmConnectionIamPolicy(\"policy\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.kms.EkmConnectionIamPolicy(\"policy\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Kms.EkmConnectionIamPolicy(\"policy\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewEkmConnectionIamPolicy(ctx, \"policy\", \u0026kms.EkmConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicy;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EkmConnectionIamPolicy(\"policy\", EkmConnectionIamPolicyArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:kms:EkmConnectionIamPolicy\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.kms.EkmConnectionIamPolicy(\"policy\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.kms.EkmConnectionIamPolicy(\"policy\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Kms.EkmConnectionIamPolicy(\"policy\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewEkmConnectionIamPolicy(ctx, \"policy\", \u0026kms.EkmConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicy;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new EkmConnectionIamPolicy(\"policy\", EkmConnectionIamPolicyArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:kms:EkmConnectionIamPolicy\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.kms.EkmConnectionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.kms.EkmConnectionIamBinding(\"binding\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.kms.EkmConnectionIamBinding(\"binding\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Kms.EkmConnectionIamBinding(\"binding\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamBinding(ctx, \"binding\", \u0026kms.EkmConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamBinding;\nimport com.pulumi.gcp.kms.EkmConnectionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EkmConnectionIamBinding(\"binding\", EkmConnectionIamBindingArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:kms:EkmConnectionIamBinding\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.kms.EkmConnectionIamBinding(\"binding\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.kms.EkmConnectionIamBinding(\"binding\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Kms.EkmConnectionIamBinding(\"binding\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.EkmConnectionIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamBinding(ctx, \"binding\", \u0026kms.EkmConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.EkmConnectionIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamBinding;\nimport com.pulumi.gcp.kms.EkmConnectionIamBindingArgs;\nimport com.pulumi.gcp.kms.inputs.EkmConnectionIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EkmConnectionIamBinding(\"binding\", EkmConnectionIamBindingArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .condition(EkmConnectionIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:kms:EkmConnectionIamBinding\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.kms.EkmConnectionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.kms.EkmConnectionIamMember(\"member\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.kms.EkmConnectionIamMember(\"member\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Kms.EkmConnectionIamMember(\"member\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamMember(ctx, \"member\", \u0026kms.EkmConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamMember;\nimport com.pulumi.gcp.kms.EkmConnectionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EkmConnectionIamMember(\"member\", EkmConnectionIamMemberArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:kms:EkmConnectionIamMember\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.kms.EkmConnectionIamMember(\"member\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.kms.EkmConnectionIamMember(\"member\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Kms.EkmConnectionIamMember(\"member\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.EkmConnectionIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamMember(ctx, \"member\", \u0026kms.EkmConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.EkmConnectionIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamMember;\nimport com.pulumi.gcp.kms.EkmConnectionIamMemberArgs;\nimport com.pulumi.gcp.kms.inputs.EkmConnectionIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EkmConnectionIamMember(\"member\", EkmConnectionIamMemberArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .condition(EkmConnectionIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:kms:EkmConnectionIamMember\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/ekmConnections/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Key Management Service ekmconnection IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:kms/ekmConnectionIamBinding:EkmConnectionIamBinding editor \"projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:kms/ekmConnectionIamBinding:EkmConnectionIamBinding editor \"projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:kms/ekmConnectionIamBinding:EkmConnectionIamBinding editor projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Key Management Service EkmConnection. Each of these resources serves a different use case:\n\n* `gcp.kms.EkmConnectionIamPolicy`: Authoritative. Sets the IAM policy for the ekmconnection and replaces any existing policy already attached.\n* `gcp.kms.EkmConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the ekmconnection are preserved.\n* `gcp.kms.EkmConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the ekmconnection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.kms.EkmConnectionIamPolicy`: Retrieves the IAM policy for the ekmconnection\n\n\u003e **Note:** `gcp.kms.EkmConnectionIamPolicy` **cannot** be used in conjunction with `gcp.kms.EkmConnectionIamBinding` and `gcp.kms.EkmConnectionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.kms.EkmConnectionIamBinding` resources **can be** used in conjunction with `gcp.kms.EkmConnectionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.kms.EkmConnectionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.kms.EkmConnectionIamPolicy(\"policy\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.kms.EkmConnectionIamPolicy(\"policy\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Kms.EkmConnectionIamPolicy(\"policy\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewEkmConnectionIamPolicy(ctx, \"policy\", \u0026kms.EkmConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicy;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EkmConnectionIamPolicy(\"policy\", EkmConnectionIamPolicyArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:kms:EkmConnectionIamPolicy\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.kms.EkmConnectionIamPolicy(\"policy\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.kms.EkmConnectionIamPolicy(\"policy\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Kms.EkmConnectionIamPolicy(\"policy\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewEkmConnectionIamPolicy(ctx, \"policy\", \u0026kms.EkmConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicy;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new EkmConnectionIamPolicy(\"policy\", EkmConnectionIamPolicyArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:kms:EkmConnectionIamPolicy\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.kms.EkmConnectionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.kms.EkmConnectionIamBinding(\"binding\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.kms.EkmConnectionIamBinding(\"binding\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Kms.EkmConnectionIamBinding(\"binding\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamBinding(ctx, \"binding\", \u0026kms.EkmConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamBinding;\nimport com.pulumi.gcp.kms.EkmConnectionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EkmConnectionIamBinding(\"binding\", EkmConnectionIamBindingArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:kms:EkmConnectionIamBinding\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.kms.EkmConnectionIamBinding(\"binding\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.kms.EkmConnectionIamBinding(\"binding\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Kms.EkmConnectionIamBinding(\"binding\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.EkmConnectionIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamBinding(ctx, \"binding\", \u0026kms.EkmConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.EkmConnectionIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamBinding;\nimport com.pulumi.gcp.kms.EkmConnectionIamBindingArgs;\nimport com.pulumi.gcp.kms.inputs.EkmConnectionIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EkmConnectionIamBinding(\"binding\", EkmConnectionIamBindingArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .condition(EkmConnectionIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:kms:EkmConnectionIamBinding\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.kms.EkmConnectionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.kms.EkmConnectionIamMember(\"member\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.kms.EkmConnectionIamMember(\"member\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Kms.EkmConnectionIamMember(\"member\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamMember(ctx, \"member\", \u0026kms.EkmConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamMember;\nimport com.pulumi.gcp.kms.EkmConnectionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EkmConnectionIamMember(\"member\", EkmConnectionIamMemberArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:kms:EkmConnectionIamMember\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.kms.EkmConnectionIamMember(\"member\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.kms.EkmConnectionIamMember(\"member\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Kms.EkmConnectionIamMember(\"member\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.EkmConnectionIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamMember(ctx, \"member\", \u0026kms.EkmConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.EkmConnectionIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamMember;\nimport com.pulumi.gcp.kms.EkmConnectionIamMemberArgs;\nimport com.pulumi.gcp.kms.inputs.EkmConnectionIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EkmConnectionIamMember(\"member\", EkmConnectionIamMemberArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .condition(EkmConnectionIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:kms:EkmConnectionIamMember\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Key Management Service EkmConnection\nThree different resources help you manage your IAM policy for Cloud Key Management Service EkmConnection. Each of these resources serves a different use case:\n\n* `gcp.kms.EkmConnectionIamPolicy`: Authoritative. Sets the IAM policy for the ekmconnection and replaces any existing policy already attached.\n* `gcp.kms.EkmConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the ekmconnection are preserved.\n* `gcp.kms.EkmConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the ekmconnection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.kms.EkmConnectionIamPolicy`: Retrieves the IAM policy for the ekmconnection\n\n\u003e **Note:** `gcp.kms.EkmConnectionIamPolicy` **cannot** be used in conjunction with `gcp.kms.EkmConnectionIamBinding` and `gcp.kms.EkmConnectionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.kms.EkmConnectionIamBinding` resources **can be** used in conjunction with `gcp.kms.EkmConnectionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.kms.EkmConnectionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.kms.EkmConnectionIamPolicy(\"policy\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.kms.EkmConnectionIamPolicy(\"policy\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Kms.EkmConnectionIamPolicy(\"policy\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewEkmConnectionIamPolicy(ctx, \"policy\", \u0026kms.EkmConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicy;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EkmConnectionIamPolicy(\"policy\", EkmConnectionIamPolicyArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:kms:EkmConnectionIamPolicy\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.kms.EkmConnectionIamPolicy(\"policy\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.kms.EkmConnectionIamPolicy(\"policy\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Kms.EkmConnectionIamPolicy(\"policy\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewEkmConnectionIamPolicy(ctx, \"policy\", \u0026kms.EkmConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicy;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new EkmConnectionIamPolicy(\"policy\", EkmConnectionIamPolicyArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:kms:EkmConnectionIamPolicy\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.kms.EkmConnectionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.kms.EkmConnectionIamBinding(\"binding\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.kms.EkmConnectionIamBinding(\"binding\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Kms.EkmConnectionIamBinding(\"binding\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamBinding(ctx, \"binding\", \u0026kms.EkmConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamBinding;\nimport com.pulumi.gcp.kms.EkmConnectionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EkmConnectionIamBinding(\"binding\", EkmConnectionIamBindingArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:kms:EkmConnectionIamBinding\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.kms.EkmConnectionIamBinding(\"binding\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.kms.EkmConnectionIamBinding(\"binding\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Kms.EkmConnectionIamBinding(\"binding\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.EkmConnectionIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamBinding(ctx, \"binding\", \u0026kms.EkmConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.EkmConnectionIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamBinding;\nimport com.pulumi.gcp.kms.EkmConnectionIamBindingArgs;\nimport com.pulumi.gcp.kms.inputs.EkmConnectionIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EkmConnectionIamBinding(\"binding\", EkmConnectionIamBindingArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .condition(EkmConnectionIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:kms:EkmConnectionIamBinding\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.kms.EkmConnectionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.kms.EkmConnectionIamMember(\"member\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.kms.EkmConnectionIamMember(\"member\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Kms.EkmConnectionIamMember(\"member\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamMember(ctx, \"member\", \u0026kms.EkmConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamMember;\nimport com.pulumi.gcp.kms.EkmConnectionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EkmConnectionIamMember(\"member\", EkmConnectionIamMemberArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:kms:EkmConnectionIamMember\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.kms.EkmConnectionIamMember(\"member\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.kms.EkmConnectionIamMember(\"member\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Kms.EkmConnectionIamMember(\"member\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.EkmConnectionIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamMember(ctx, \"member\", \u0026kms.EkmConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.EkmConnectionIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamMember;\nimport com.pulumi.gcp.kms.EkmConnectionIamMemberArgs;\nimport com.pulumi.gcp.kms.inputs.EkmConnectionIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EkmConnectionIamMember(\"member\", EkmConnectionIamMemberArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .condition(EkmConnectionIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:kms:EkmConnectionIamMember\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/ekmConnections/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Key Management Service ekmconnection IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:kms/ekmConnectionIamBinding:EkmConnectionIamBinding editor \"projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:kms/ekmConnectionIamBinding:EkmConnectionIamBinding editor \"projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:kms/ekmConnectionIamBinding:EkmConnectionIamBinding editor projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:kms/EkmConnectionIamBindingCondition:EkmConnectionIamBindingCondition", @@ -230518,7 +230518,7 @@ } }, "gcp:kms/ekmConnectionIamMember:EkmConnectionIamMember": { - "description": "Three different resources help you manage your IAM policy for Cloud Key Management Service EkmConnection. Each of these resources serves a different use case:\n\n* `gcp.kms.EkmConnectionIamPolicy`: Authoritative. Sets the IAM policy for the ekmconnection and replaces any existing policy already attached.\n* `gcp.kms.EkmConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the ekmconnection are preserved.\n* `gcp.kms.EkmConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the ekmconnection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.kms.EkmConnectionIamPolicy`: Retrieves the IAM policy for the ekmconnection\n\n\u003e **Note:** `gcp.kms.EkmConnectionIamPolicy` **cannot** be used in conjunction with `gcp.kms.EkmConnectionIamBinding` and `gcp.kms.EkmConnectionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.kms.EkmConnectionIamBinding` resources **can be** used in conjunction with `gcp.kms.EkmConnectionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.kms.EkmConnectionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.kms.EkmConnectionIamPolicy(\"policy\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.kms.EkmConnectionIamPolicy(\"policy\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Kms.EkmConnectionIamPolicy(\"policy\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewEkmConnectionIamPolicy(ctx, \"policy\", \u0026kms.EkmConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicy;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EkmConnectionIamPolicy(\"policy\", EkmConnectionIamPolicyArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:kms:EkmConnectionIamPolicy\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.kms.EkmConnectionIamPolicy(\"policy\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.kms.EkmConnectionIamPolicy(\"policy\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Kms.EkmConnectionIamPolicy(\"policy\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewEkmConnectionIamPolicy(ctx, \"policy\", \u0026kms.EkmConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicy;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new EkmConnectionIamPolicy(\"policy\", EkmConnectionIamPolicyArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:kms:EkmConnectionIamPolicy\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.kms.EkmConnectionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.kms.EkmConnectionIamBinding(\"binding\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.kms.EkmConnectionIamBinding(\"binding\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Kms.EkmConnectionIamBinding(\"binding\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamBinding(ctx, \"binding\", \u0026kms.EkmConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamBinding;\nimport com.pulumi.gcp.kms.EkmConnectionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EkmConnectionIamBinding(\"binding\", EkmConnectionIamBindingArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:kms:EkmConnectionIamBinding\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.kms.EkmConnectionIamBinding(\"binding\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.kms.EkmConnectionIamBinding(\"binding\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Kms.EkmConnectionIamBinding(\"binding\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.EkmConnectionIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamBinding(ctx, \"binding\", \u0026kms.EkmConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.EkmConnectionIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamBinding;\nimport com.pulumi.gcp.kms.EkmConnectionIamBindingArgs;\nimport com.pulumi.gcp.kms.inputs.EkmConnectionIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EkmConnectionIamBinding(\"binding\", EkmConnectionIamBindingArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .condition(EkmConnectionIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:kms:EkmConnectionIamBinding\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.kms.EkmConnectionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.kms.EkmConnectionIamMember(\"member\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.kms.EkmConnectionIamMember(\"member\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Kms.EkmConnectionIamMember(\"member\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamMember(ctx, \"member\", \u0026kms.EkmConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamMember;\nimport com.pulumi.gcp.kms.EkmConnectionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EkmConnectionIamMember(\"member\", EkmConnectionIamMemberArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:kms:EkmConnectionIamMember\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.kms.EkmConnectionIamMember(\"member\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.kms.EkmConnectionIamMember(\"member\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Kms.EkmConnectionIamMember(\"member\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.EkmConnectionIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamMember(ctx, \"member\", \u0026kms.EkmConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.EkmConnectionIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamMember;\nimport com.pulumi.gcp.kms.EkmConnectionIamMemberArgs;\nimport com.pulumi.gcp.kms.inputs.EkmConnectionIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EkmConnectionIamMember(\"member\", EkmConnectionIamMemberArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .condition(EkmConnectionIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:kms:EkmConnectionIamMember\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Key Management Service EkmConnection\nThree different resources help you manage your IAM policy for Cloud Key Management Service EkmConnection. Each of these resources serves a different use case:\n\n* `gcp.kms.EkmConnectionIamPolicy`: Authoritative. Sets the IAM policy for the ekmconnection and replaces any existing policy already attached.\n* `gcp.kms.EkmConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the ekmconnection are preserved.\n* `gcp.kms.EkmConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the ekmconnection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.kms.EkmConnectionIamPolicy`: Retrieves the IAM policy for the ekmconnection\n\n\u003e **Note:** `gcp.kms.EkmConnectionIamPolicy` **cannot** be used in conjunction with `gcp.kms.EkmConnectionIamBinding` and `gcp.kms.EkmConnectionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.kms.EkmConnectionIamBinding` resources **can be** used in conjunction with `gcp.kms.EkmConnectionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.kms.EkmConnectionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.kms.EkmConnectionIamPolicy(\"policy\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.kms.EkmConnectionIamPolicy(\"policy\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Kms.EkmConnectionIamPolicy(\"policy\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewEkmConnectionIamPolicy(ctx, \"policy\", \u0026kms.EkmConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicy;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EkmConnectionIamPolicy(\"policy\", EkmConnectionIamPolicyArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:kms:EkmConnectionIamPolicy\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.kms.EkmConnectionIamPolicy(\"policy\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.kms.EkmConnectionIamPolicy(\"policy\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Kms.EkmConnectionIamPolicy(\"policy\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewEkmConnectionIamPolicy(ctx, \"policy\", \u0026kms.EkmConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicy;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new EkmConnectionIamPolicy(\"policy\", EkmConnectionIamPolicyArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:kms:EkmConnectionIamPolicy\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.kms.EkmConnectionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.kms.EkmConnectionIamBinding(\"binding\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.kms.EkmConnectionIamBinding(\"binding\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Kms.EkmConnectionIamBinding(\"binding\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamBinding(ctx, \"binding\", \u0026kms.EkmConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamBinding;\nimport com.pulumi.gcp.kms.EkmConnectionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EkmConnectionIamBinding(\"binding\", EkmConnectionIamBindingArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:kms:EkmConnectionIamBinding\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.kms.EkmConnectionIamBinding(\"binding\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.kms.EkmConnectionIamBinding(\"binding\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Kms.EkmConnectionIamBinding(\"binding\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.EkmConnectionIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamBinding(ctx, \"binding\", \u0026kms.EkmConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.EkmConnectionIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamBinding;\nimport com.pulumi.gcp.kms.EkmConnectionIamBindingArgs;\nimport com.pulumi.gcp.kms.inputs.EkmConnectionIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EkmConnectionIamBinding(\"binding\", EkmConnectionIamBindingArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .condition(EkmConnectionIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:kms:EkmConnectionIamBinding\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.kms.EkmConnectionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.kms.EkmConnectionIamMember(\"member\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.kms.EkmConnectionIamMember(\"member\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Kms.EkmConnectionIamMember(\"member\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamMember(ctx, \"member\", \u0026kms.EkmConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamMember;\nimport com.pulumi.gcp.kms.EkmConnectionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EkmConnectionIamMember(\"member\", EkmConnectionIamMemberArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:kms:EkmConnectionIamMember\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.kms.EkmConnectionIamMember(\"member\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.kms.EkmConnectionIamMember(\"member\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Kms.EkmConnectionIamMember(\"member\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.EkmConnectionIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamMember(ctx, \"member\", \u0026kms.EkmConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.EkmConnectionIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamMember;\nimport com.pulumi.gcp.kms.EkmConnectionIamMemberArgs;\nimport com.pulumi.gcp.kms.inputs.EkmConnectionIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EkmConnectionIamMember(\"member\", EkmConnectionIamMemberArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .condition(EkmConnectionIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:kms:EkmConnectionIamMember\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/ekmConnections/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Key Management Service ekmconnection IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:kms/ekmConnectionIamMember:EkmConnectionIamMember editor \"projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:kms/ekmConnectionIamMember:EkmConnectionIamMember editor \"projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:kms/ekmConnectionIamMember:EkmConnectionIamMember editor projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Key Management Service EkmConnection. Each of these resources serves a different use case:\n\n* `gcp.kms.EkmConnectionIamPolicy`: Authoritative. Sets the IAM policy for the ekmconnection and replaces any existing policy already attached.\n* `gcp.kms.EkmConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the ekmconnection are preserved.\n* `gcp.kms.EkmConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the ekmconnection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.kms.EkmConnectionIamPolicy`: Retrieves the IAM policy for the ekmconnection\n\n\u003e **Note:** `gcp.kms.EkmConnectionIamPolicy` **cannot** be used in conjunction with `gcp.kms.EkmConnectionIamBinding` and `gcp.kms.EkmConnectionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.kms.EkmConnectionIamBinding` resources **can be** used in conjunction with `gcp.kms.EkmConnectionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.kms.EkmConnectionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.kms.EkmConnectionIamPolicy(\"policy\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.kms.EkmConnectionIamPolicy(\"policy\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Kms.EkmConnectionIamPolicy(\"policy\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewEkmConnectionIamPolicy(ctx, \"policy\", \u0026kms.EkmConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicy;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EkmConnectionIamPolicy(\"policy\", EkmConnectionIamPolicyArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:kms:EkmConnectionIamPolicy\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.kms.EkmConnectionIamPolicy(\"policy\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.kms.EkmConnectionIamPolicy(\"policy\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Kms.EkmConnectionIamPolicy(\"policy\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewEkmConnectionIamPolicy(ctx, \"policy\", \u0026kms.EkmConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicy;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new EkmConnectionIamPolicy(\"policy\", EkmConnectionIamPolicyArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:kms:EkmConnectionIamPolicy\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.kms.EkmConnectionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.kms.EkmConnectionIamBinding(\"binding\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.kms.EkmConnectionIamBinding(\"binding\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Kms.EkmConnectionIamBinding(\"binding\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamBinding(ctx, \"binding\", \u0026kms.EkmConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamBinding;\nimport com.pulumi.gcp.kms.EkmConnectionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EkmConnectionIamBinding(\"binding\", EkmConnectionIamBindingArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:kms:EkmConnectionIamBinding\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.kms.EkmConnectionIamBinding(\"binding\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.kms.EkmConnectionIamBinding(\"binding\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Kms.EkmConnectionIamBinding(\"binding\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.EkmConnectionIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamBinding(ctx, \"binding\", \u0026kms.EkmConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.EkmConnectionIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamBinding;\nimport com.pulumi.gcp.kms.EkmConnectionIamBindingArgs;\nimport com.pulumi.gcp.kms.inputs.EkmConnectionIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EkmConnectionIamBinding(\"binding\", EkmConnectionIamBindingArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .condition(EkmConnectionIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:kms:EkmConnectionIamBinding\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.kms.EkmConnectionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.kms.EkmConnectionIamMember(\"member\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.kms.EkmConnectionIamMember(\"member\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Kms.EkmConnectionIamMember(\"member\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamMember(ctx, \"member\", \u0026kms.EkmConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamMember;\nimport com.pulumi.gcp.kms.EkmConnectionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EkmConnectionIamMember(\"member\", EkmConnectionIamMemberArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:kms:EkmConnectionIamMember\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.kms.EkmConnectionIamMember(\"member\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.kms.EkmConnectionIamMember(\"member\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Kms.EkmConnectionIamMember(\"member\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.EkmConnectionIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamMember(ctx, \"member\", \u0026kms.EkmConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.EkmConnectionIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamMember;\nimport com.pulumi.gcp.kms.EkmConnectionIamMemberArgs;\nimport com.pulumi.gcp.kms.inputs.EkmConnectionIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EkmConnectionIamMember(\"member\", EkmConnectionIamMemberArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .condition(EkmConnectionIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:kms:EkmConnectionIamMember\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Key Management Service EkmConnection\nThree different resources help you manage your IAM policy for Cloud Key Management Service EkmConnection. Each of these resources serves a different use case:\n\n* `gcp.kms.EkmConnectionIamPolicy`: Authoritative. Sets the IAM policy for the ekmconnection and replaces any existing policy already attached.\n* `gcp.kms.EkmConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the ekmconnection are preserved.\n* `gcp.kms.EkmConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the ekmconnection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.kms.EkmConnectionIamPolicy`: Retrieves the IAM policy for the ekmconnection\n\n\u003e **Note:** `gcp.kms.EkmConnectionIamPolicy` **cannot** be used in conjunction with `gcp.kms.EkmConnectionIamBinding` and `gcp.kms.EkmConnectionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.kms.EkmConnectionIamBinding` resources **can be** used in conjunction with `gcp.kms.EkmConnectionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.kms.EkmConnectionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.kms.EkmConnectionIamPolicy(\"policy\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.kms.EkmConnectionIamPolicy(\"policy\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Kms.EkmConnectionIamPolicy(\"policy\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewEkmConnectionIamPolicy(ctx, \"policy\", \u0026kms.EkmConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicy;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EkmConnectionIamPolicy(\"policy\", EkmConnectionIamPolicyArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:kms:EkmConnectionIamPolicy\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.kms.EkmConnectionIamPolicy(\"policy\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.kms.EkmConnectionIamPolicy(\"policy\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Kms.EkmConnectionIamPolicy(\"policy\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewEkmConnectionIamPolicy(ctx, \"policy\", \u0026kms.EkmConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicy;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new EkmConnectionIamPolicy(\"policy\", EkmConnectionIamPolicyArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:kms:EkmConnectionIamPolicy\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.kms.EkmConnectionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.kms.EkmConnectionIamBinding(\"binding\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.kms.EkmConnectionIamBinding(\"binding\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Kms.EkmConnectionIamBinding(\"binding\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamBinding(ctx, \"binding\", \u0026kms.EkmConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamBinding;\nimport com.pulumi.gcp.kms.EkmConnectionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EkmConnectionIamBinding(\"binding\", EkmConnectionIamBindingArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:kms:EkmConnectionIamBinding\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.kms.EkmConnectionIamBinding(\"binding\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.kms.EkmConnectionIamBinding(\"binding\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Kms.EkmConnectionIamBinding(\"binding\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.EkmConnectionIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamBinding(ctx, \"binding\", \u0026kms.EkmConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.EkmConnectionIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamBinding;\nimport com.pulumi.gcp.kms.EkmConnectionIamBindingArgs;\nimport com.pulumi.gcp.kms.inputs.EkmConnectionIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EkmConnectionIamBinding(\"binding\", EkmConnectionIamBindingArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .condition(EkmConnectionIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:kms:EkmConnectionIamBinding\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.kms.EkmConnectionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.kms.EkmConnectionIamMember(\"member\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.kms.EkmConnectionIamMember(\"member\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Kms.EkmConnectionIamMember(\"member\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamMember(ctx, \"member\", \u0026kms.EkmConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamMember;\nimport com.pulumi.gcp.kms.EkmConnectionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EkmConnectionIamMember(\"member\", EkmConnectionIamMemberArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:kms:EkmConnectionIamMember\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.kms.EkmConnectionIamMember(\"member\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.kms.EkmConnectionIamMember(\"member\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Kms.EkmConnectionIamMember(\"member\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.EkmConnectionIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamMember(ctx, \"member\", \u0026kms.EkmConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.EkmConnectionIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamMember;\nimport com.pulumi.gcp.kms.EkmConnectionIamMemberArgs;\nimport com.pulumi.gcp.kms.inputs.EkmConnectionIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EkmConnectionIamMember(\"member\", EkmConnectionIamMemberArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .condition(EkmConnectionIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:kms:EkmConnectionIamMember\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/ekmConnections/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Key Management Service ekmconnection IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:kms/ekmConnectionIamMember:EkmConnectionIamMember editor \"projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:kms/ekmConnectionIamMember:EkmConnectionIamMember editor \"projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:kms/ekmConnectionIamMember:EkmConnectionIamMember editor projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:kms/EkmConnectionIamMemberCondition:EkmConnectionIamMemberCondition", @@ -230635,7 +230635,7 @@ } }, "gcp:kms/ekmConnectionIamPolicy:EkmConnectionIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud Key Management Service EkmConnection. Each of these resources serves a different use case:\n\n* `gcp.kms.EkmConnectionIamPolicy`: Authoritative. Sets the IAM policy for the ekmconnection and replaces any existing policy already attached.\n* `gcp.kms.EkmConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the ekmconnection are preserved.\n* `gcp.kms.EkmConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the ekmconnection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.kms.EkmConnectionIamPolicy`: Retrieves the IAM policy for the ekmconnection\n\n\u003e **Note:** `gcp.kms.EkmConnectionIamPolicy` **cannot** be used in conjunction with `gcp.kms.EkmConnectionIamBinding` and `gcp.kms.EkmConnectionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.kms.EkmConnectionIamBinding` resources **can be** used in conjunction with `gcp.kms.EkmConnectionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.kms.EkmConnectionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.kms.EkmConnectionIamPolicy(\"policy\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.kms.EkmConnectionIamPolicy(\"policy\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Kms.EkmConnectionIamPolicy(\"policy\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewEkmConnectionIamPolicy(ctx, \"policy\", \u0026kms.EkmConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicy;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EkmConnectionIamPolicy(\"policy\", EkmConnectionIamPolicyArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:kms:EkmConnectionIamPolicy\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.kms.EkmConnectionIamPolicy(\"policy\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.kms.EkmConnectionIamPolicy(\"policy\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Kms.EkmConnectionIamPolicy(\"policy\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewEkmConnectionIamPolicy(ctx, \"policy\", \u0026kms.EkmConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicy;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new EkmConnectionIamPolicy(\"policy\", EkmConnectionIamPolicyArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:kms:EkmConnectionIamPolicy\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.kms.EkmConnectionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.kms.EkmConnectionIamBinding(\"binding\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.kms.EkmConnectionIamBinding(\"binding\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Kms.EkmConnectionIamBinding(\"binding\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamBinding(ctx, \"binding\", \u0026kms.EkmConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamBinding;\nimport com.pulumi.gcp.kms.EkmConnectionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EkmConnectionIamBinding(\"binding\", EkmConnectionIamBindingArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:kms:EkmConnectionIamBinding\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.kms.EkmConnectionIamBinding(\"binding\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.kms.EkmConnectionIamBinding(\"binding\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Kms.EkmConnectionIamBinding(\"binding\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.EkmConnectionIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamBinding(ctx, \"binding\", \u0026kms.EkmConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.EkmConnectionIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamBinding;\nimport com.pulumi.gcp.kms.EkmConnectionIamBindingArgs;\nimport com.pulumi.gcp.kms.inputs.EkmConnectionIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EkmConnectionIamBinding(\"binding\", EkmConnectionIamBindingArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .condition(EkmConnectionIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:kms:EkmConnectionIamBinding\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.kms.EkmConnectionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.kms.EkmConnectionIamMember(\"member\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.kms.EkmConnectionIamMember(\"member\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Kms.EkmConnectionIamMember(\"member\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamMember(ctx, \"member\", \u0026kms.EkmConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamMember;\nimport com.pulumi.gcp.kms.EkmConnectionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EkmConnectionIamMember(\"member\", EkmConnectionIamMemberArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:kms:EkmConnectionIamMember\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.kms.EkmConnectionIamMember(\"member\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.kms.EkmConnectionIamMember(\"member\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Kms.EkmConnectionIamMember(\"member\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.EkmConnectionIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamMember(ctx, \"member\", \u0026kms.EkmConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.EkmConnectionIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamMember;\nimport com.pulumi.gcp.kms.EkmConnectionIamMemberArgs;\nimport com.pulumi.gcp.kms.inputs.EkmConnectionIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EkmConnectionIamMember(\"member\", EkmConnectionIamMemberArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .condition(EkmConnectionIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:kms:EkmConnectionIamMember\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Key Management Service EkmConnection\nThree different resources help you manage your IAM policy for Cloud Key Management Service EkmConnection. Each of these resources serves a different use case:\n\n* `gcp.kms.EkmConnectionIamPolicy`: Authoritative. Sets the IAM policy for the ekmconnection and replaces any existing policy already attached.\n* `gcp.kms.EkmConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the ekmconnection are preserved.\n* `gcp.kms.EkmConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the ekmconnection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.kms.EkmConnectionIamPolicy`: Retrieves the IAM policy for the ekmconnection\n\n\u003e **Note:** `gcp.kms.EkmConnectionIamPolicy` **cannot** be used in conjunction with `gcp.kms.EkmConnectionIamBinding` and `gcp.kms.EkmConnectionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.kms.EkmConnectionIamBinding` resources **can be** used in conjunction with `gcp.kms.EkmConnectionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.kms.EkmConnectionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.kms.EkmConnectionIamPolicy(\"policy\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.kms.EkmConnectionIamPolicy(\"policy\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Kms.EkmConnectionIamPolicy(\"policy\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewEkmConnectionIamPolicy(ctx, \"policy\", \u0026kms.EkmConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicy;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EkmConnectionIamPolicy(\"policy\", EkmConnectionIamPolicyArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:kms:EkmConnectionIamPolicy\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.kms.EkmConnectionIamPolicy(\"policy\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.kms.EkmConnectionIamPolicy(\"policy\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Kms.EkmConnectionIamPolicy(\"policy\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewEkmConnectionIamPolicy(ctx, \"policy\", \u0026kms.EkmConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicy;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new EkmConnectionIamPolicy(\"policy\", EkmConnectionIamPolicyArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:kms:EkmConnectionIamPolicy\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.kms.EkmConnectionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.kms.EkmConnectionIamBinding(\"binding\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.kms.EkmConnectionIamBinding(\"binding\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Kms.EkmConnectionIamBinding(\"binding\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamBinding(ctx, \"binding\", \u0026kms.EkmConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamBinding;\nimport com.pulumi.gcp.kms.EkmConnectionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EkmConnectionIamBinding(\"binding\", EkmConnectionIamBindingArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:kms:EkmConnectionIamBinding\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.kms.EkmConnectionIamBinding(\"binding\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.kms.EkmConnectionIamBinding(\"binding\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Kms.EkmConnectionIamBinding(\"binding\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.EkmConnectionIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamBinding(ctx, \"binding\", \u0026kms.EkmConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.EkmConnectionIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamBinding;\nimport com.pulumi.gcp.kms.EkmConnectionIamBindingArgs;\nimport com.pulumi.gcp.kms.inputs.EkmConnectionIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EkmConnectionIamBinding(\"binding\", EkmConnectionIamBindingArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .condition(EkmConnectionIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:kms:EkmConnectionIamBinding\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.kms.EkmConnectionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.kms.EkmConnectionIamMember(\"member\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.kms.EkmConnectionIamMember(\"member\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Kms.EkmConnectionIamMember(\"member\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamMember(ctx, \"member\", \u0026kms.EkmConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamMember;\nimport com.pulumi.gcp.kms.EkmConnectionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EkmConnectionIamMember(\"member\", EkmConnectionIamMemberArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:kms:EkmConnectionIamMember\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.kms.EkmConnectionIamMember(\"member\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.kms.EkmConnectionIamMember(\"member\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Kms.EkmConnectionIamMember(\"member\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.EkmConnectionIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamMember(ctx, \"member\", \u0026kms.EkmConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.EkmConnectionIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamMember;\nimport com.pulumi.gcp.kms.EkmConnectionIamMemberArgs;\nimport com.pulumi.gcp.kms.inputs.EkmConnectionIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EkmConnectionIamMember(\"member\", EkmConnectionIamMemberArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .condition(EkmConnectionIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:kms:EkmConnectionIamMember\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/ekmConnections/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Key Management Service ekmconnection IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:kms/ekmConnectionIamPolicy:EkmConnectionIamPolicy editor \"projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:kms/ekmConnectionIamPolicy:EkmConnectionIamPolicy editor \"projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:kms/ekmConnectionIamPolicy:EkmConnectionIamPolicy editor projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Key Management Service EkmConnection. Each of these resources serves a different use case:\n\n* `gcp.kms.EkmConnectionIamPolicy`: Authoritative. Sets the IAM policy for the ekmconnection and replaces any existing policy already attached.\n* `gcp.kms.EkmConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the ekmconnection are preserved.\n* `gcp.kms.EkmConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the ekmconnection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.kms.EkmConnectionIamPolicy`: Retrieves the IAM policy for the ekmconnection\n\n\u003e **Note:** `gcp.kms.EkmConnectionIamPolicy` **cannot** be used in conjunction with `gcp.kms.EkmConnectionIamBinding` and `gcp.kms.EkmConnectionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.kms.EkmConnectionIamBinding` resources **can be** used in conjunction with `gcp.kms.EkmConnectionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.kms.EkmConnectionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.kms.EkmConnectionIamPolicy(\"policy\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.kms.EkmConnectionIamPolicy(\"policy\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Kms.EkmConnectionIamPolicy(\"policy\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewEkmConnectionIamPolicy(ctx, \"policy\", \u0026kms.EkmConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicy;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EkmConnectionIamPolicy(\"policy\", EkmConnectionIamPolicyArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:kms:EkmConnectionIamPolicy\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.kms.EkmConnectionIamPolicy(\"policy\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.kms.EkmConnectionIamPolicy(\"policy\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Kms.EkmConnectionIamPolicy(\"policy\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewEkmConnectionIamPolicy(ctx, \"policy\", \u0026kms.EkmConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicy;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new EkmConnectionIamPolicy(\"policy\", EkmConnectionIamPolicyArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:kms:EkmConnectionIamPolicy\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.kms.EkmConnectionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.kms.EkmConnectionIamBinding(\"binding\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.kms.EkmConnectionIamBinding(\"binding\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Kms.EkmConnectionIamBinding(\"binding\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamBinding(ctx, \"binding\", \u0026kms.EkmConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamBinding;\nimport com.pulumi.gcp.kms.EkmConnectionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EkmConnectionIamBinding(\"binding\", EkmConnectionIamBindingArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:kms:EkmConnectionIamBinding\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.kms.EkmConnectionIamBinding(\"binding\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.kms.EkmConnectionIamBinding(\"binding\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Kms.EkmConnectionIamBinding(\"binding\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.EkmConnectionIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamBinding(ctx, \"binding\", \u0026kms.EkmConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.EkmConnectionIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamBinding;\nimport com.pulumi.gcp.kms.EkmConnectionIamBindingArgs;\nimport com.pulumi.gcp.kms.inputs.EkmConnectionIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EkmConnectionIamBinding(\"binding\", EkmConnectionIamBindingArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .condition(EkmConnectionIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:kms:EkmConnectionIamBinding\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.kms.EkmConnectionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.kms.EkmConnectionIamMember(\"member\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.kms.EkmConnectionIamMember(\"member\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Kms.EkmConnectionIamMember(\"member\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamMember(ctx, \"member\", \u0026kms.EkmConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamMember;\nimport com.pulumi.gcp.kms.EkmConnectionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EkmConnectionIamMember(\"member\", EkmConnectionIamMemberArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:kms:EkmConnectionIamMember\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.kms.EkmConnectionIamMember(\"member\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.kms.EkmConnectionIamMember(\"member\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Kms.EkmConnectionIamMember(\"member\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.EkmConnectionIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamMember(ctx, \"member\", \u0026kms.EkmConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.EkmConnectionIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamMember;\nimport com.pulumi.gcp.kms.EkmConnectionIamMemberArgs;\nimport com.pulumi.gcp.kms.inputs.EkmConnectionIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EkmConnectionIamMember(\"member\", EkmConnectionIamMemberArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .condition(EkmConnectionIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:kms:EkmConnectionIamMember\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Key Management Service EkmConnection\nThree different resources help you manage your IAM policy for Cloud Key Management Service EkmConnection. Each of these resources serves a different use case:\n\n* `gcp.kms.EkmConnectionIamPolicy`: Authoritative. Sets the IAM policy for the ekmconnection and replaces any existing policy already attached.\n* `gcp.kms.EkmConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the ekmconnection are preserved.\n* `gcp.kms.EkmConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the ekmconnection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.kms.EkmConnectionIamPolicy`: Retrieves the IAM policy for the ekmconnection\n\n\u003e **Note:** `gcp.kms.EkmConnectionIamPolicy` **cannot** be used in conjunction with `gcp.kms.EkmConnectionIamBinding` and `gcp.kms.EkmConnectionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.kms.EkmConnectionIamBinding` resources **can be** used in conjunction with `gcp.kms.EkmConnectionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.kms.EkmConnectionIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.kms.EkmConnectionIamPolicy(\"policy\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.kms.EkmConnectionIamPolicy(\"policy\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Kms.EkmConnectionIamPolicy(\"policy\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewEkmConnectionIamPolicy(ctx, \"policy\", \u0026kms.EkmConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicy;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EkmConnectionIamPolicy(\"policy\", EkmConnectionIamPolicyArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:kms:EkmConnectionIamPolicy\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.kms.EkmConnectionIamPolicy(\"policy\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.kms.EkmConnectionIamPolicy(\"policy\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Kms.EkmConnectionIamPolicy(\"policy\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewEkmConnectionIamPolicy(ctx, \"policy\", \u0026kms.EkmConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicy;\nimport com.pulumi.gcp.kms.EkmConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new EkmConnectionIamPolicy(\"policy\", EkmConnectionIamPolicyArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:kms:EkmConnectionIamPolicy\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.kms.EkmConnectionIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.kms.EkmConnectionIamBinding(\"binding\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.kms.EkmConnectionIamBinding(\"binding\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Kms.EkmConnectionIamBinding(\"binding\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamBinding(ctx, \"binding\", \u0026kms.EkmConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamBinding;\nimport com.pulumi.gcp.kms.EkmConnectionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EkmConnectionIamBinding(\"binding\", EkmConnectionIamBindingArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:kms:EkmConnectionIamBinding\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.kms.EkmConnectionIamBinding(\"binding\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.kms.EkmConnectionIamBinding(\"binding\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Kms.EkmConnectionIamBinding(\"binding\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.EkmConnectionIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamBinding(ctx, \"binding\", \u0026kms.EkmConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.EkmConnectionIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamBinding;\nimport com.pulumi.gcp.kms.EkmConnectionIamBindingArgs;\nimport com.pulumi.gcp.kms.inputs.EkmConnectionIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EkmConnectionIamBinding(\"binding\", EkmConnectionIamBindingArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .condition(EkmConnectionIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:kms:EkmConnectionIamBinding\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.kms.EkmConnectionIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.kms.EkmConnectionIamMember(\"member\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.kms.EkmConnectionIamMember(\"member\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Kms.EkmConnectionIamMember(\"member\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamMember(ctx, \"member\", \u0026kms.EkmConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamMember;\nimport com.pulumi.gcp.kms.EkmConnectionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EkmConnectionIamMember(\"member\", EkmConnectionIamMemberArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:kms:EkmConnectionIamMember\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.kms.EkmConnectionIamMember(\"member\", {\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.kms.EkmConnectionIamMember(\"member\",\n project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Kms.EkmConnectionIamMember(\"member\", new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.EkmConnectionIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewEkmConnectionIamMember(ctx, \"member\", \u0026kms.EkmConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.Any(example_ekmconnection.Location),\n\t\t\tName: pulumi.Any(example_ekmconnection.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.EkmConnectionIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.EkmConnectionIamMember;\nimport com.pulumi.gcp.kms.EkmConnectionIamMemberArgs;\nimport com.pulumi.gcp.kms.inputs.EkmConnectionIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EkmConnectionIamMember(\"member\", EkmConnectionIamMemberArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .condition(EkmConnectionIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:kms:EkmConnectionIamMember\n properties:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n role: roles/viewer\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/ekmConnections/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Key Management Service ekmconnection IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:kms/ekmConnectionIamPolicy:EkmConnectionIamPolicy editor \"projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:kms/ekmConnectionIamPolicy:EkmConnectionIamPolicy editor \"projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:kms/ekmConnectionIamPolicy:EkmConnectionIamPolicy editor projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -230720,7 +230720,7 @@ } }, "gcp:kms/keyHandle:KeyHandle": { - "description": "## Example Usage\n\n### Kms Key Handle Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\n// Create Folder in GCP Organization\nconst autokmsFolder = new gcp.organizations.Folder(\"autokms_folder\", {\n displayName: \"my-folder\",\n parent: \"organizations/123456789\",\n deletionProtection: false,\n});\n// Create the key project\nconst keyProject = new gcp.organizations.Project(\"key_project\", {\n projectId: \"key-proj\",\n name: \"key-proj\",\n folderId: autokmsFolder.folderId,\n billingAccount: \"000000-0000000-0000000-000000\",\n deletionPolicy: \"DELETE\",\n}, {\n dependsOn: [autokmsFolder],\n});\n// Create the resource project\nconst resourceProject = new gcp.organizations.Project(\"resource_project\", {\n projectId: \"res-proj\",\n name: \"res-proj\",\n folderId: autokmsFolder.folderId,\n billingAccount: \"000000-0000000-0000000-000000\",\n deletionPolicy: \"DELETE\",\n}, {\n dependsOn: [autokmsFolder],\n});\n// Enable the Cloud KMS API\nconst kmsApiService = new gcp.projects.Service(\"kms_api_service\", {\n service: \"cloudkms.googleapis.com\",\n project: keyProject.projectId,\n disableOnDestroy: false,\n disableDependentServices: true,\n}, {\n dependsOn: [keyProject],\n});\n// Wait delay after enabling APIs\nconst waitEnableServiceApi = new time.index.Sleep(\"wait_enable_service_api\", {createDuration: \"30s\"}, {\n dependsOn: [kmsApiService],\n});\n//Create KMS Service Agent\nconst kmsServiceAgent = new gcp.projects.ServiceIdentity(\"kms_service_agent\", {\n service: \"cloudkms.googleapis.com\",\n project: keyProject.number,\n}, {\n dependsOn: [waitEnableServiceApi],\n});\n// Wait delay after creating service agent.\nconst waitServiceAgent = new time.index.Sleep(\"wait_service_agent\", {createDuration: \"10s\"}, {\n dependsOn: [kmsServiceAgent],\n});\n//Grant the KMS Service Agent the Cloud KMS Admin role\nconst autokeyProjectAdmin = new gcp.projects.IAMMember(\"autokey_project_admin\", {\n project: keyProject.projectId,\n role: \"roles/cloudkms.admin\",\n member: pulumi.interpolate`serviceAccount:service-${keyProject.number}@gcp-sa-cloudkms.iam.gserviceaccount.com`,\n}, {\n dependsOn: [waitServiceAgent],\n});\n// Wait delay after granting IAM permissions\nconst waitSrvAccPermissions = new time.index.Sleep(\"wait_srv_acc_permissions\", {createDuration: \"10s\"}, {\n dependsOn: [autokeyProjectAdmin],\n});\nconst autokeyConfig = new gcp.kms.AutokeyConfig(\"autokey_config\", {\n folder: autokmsFolder.folderId,\n keyProject: pulumi.interpolate`projects/${keyProject.projectId}`,\n}, {\n dependsOn: [waitSrvAccPermissions],\n});\n// Wait delay for autokey config to take effect\nconst waitAutokeyConfig = new time.index.Sleep(\"wait_autokey_config\", {createDuration: \"10s\"}, {\n dependsOn: [autokeyConfig],\n});\nconst example_keyhandle = new gcp.kms.KeyHandle(\"example-keyhandle\", {\n project: resourceProject.projectId,\n name: \"tf-test-key-handle\",\n location: \"global\",\n resourceTypeSelector: \"storage.googleapis.com/Bucket\",\n}, {\n dependsOn: [waitAutokeyConfig],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\n# Create Folder in GCP Organization\nautokms_folder = gcp.organizations.Folder(\"autokms_folder\",\n display_name=\"my-folder\",\n parent=\"organizations/123456789\",\n deletion_protection=False)\n# Create the key project\nkey_project = gcp.organizations.Project(\"key_project\",\n project_id=\"key-proj\",\n name=\"key-proj\",\n folder_id=autokms_folder.folder_id,\n billing_account=\"000000-0000000-0000000-000000\",\n deletion_policy=\"DELETE\",\n opts = pulumi.ResourceOptions(depends_on=[autokms_folder]))\n# Create the resource project\nresource_project = gcp.organizations.Project(\"resource_project\",\n project_id=\"res-proj\",\n name=\"res-proj\",\n folder_id=autokms_folder.folder_id,\n billing_account=\"000000-0000000-0000000-000000\",\n deletion_policy=\"DELETE\",\n opts = pulumi.ResourceOptions(depends_on=[autokms_folder]))\n# Enable the Cloud KMS API\nkms_api_service = gcp.projects.Service(\"kms_api_service\",\n service=\"cloudkms.googleapis.com\",\n project=key_project.project_id,\n disable_on_destroy=False,\n disable_dependent_services=True,\n opts = pulumi.ResourceOptions(depends_on=[key_project]))\n# Wait delay after enabling APIs\nwait_enable_service_api = time.index.Sleep(\"wait_enable_service_api\", create_duration=30s,\nopts = pulumi.ResourceOptions(depends_on=[kms_api_service]))\n#Create KMS Service Agent\nkms_service_agent = gcp.projects.ServiceIdentity(\"kms_service_agent\",\n service=\"cloudkms.googleapis.com\",\n project=key_project.number,\n opts = pulumi.ResourceOptions(depends_on=[wait_enable_service_api]))\n# Wait delay after creating service agent.\nwait_service_agent = time.index.Sleep(\"wait_service_agent\", create_duration=10s,\nopts = pulumi.ResourceOptions(depends_on=[kms_service_agent]))\n#Grant the KMS Service Agent the Cloud KMS Admin role\nautokey_project_admin = gcp.projects.IAMMember(\"autokey_project_admin\",\n project=key_project.project_id,\n role=\"roles/cloudkms.admin\",\n member=key_project.number.apply(lambda number: f\"serviceAccount:service-{number}@gcp-sa-cloudkms.iam.gserviceaccount.com\"),\n opts = pulumi.ResourceOptions(depends_on=[wait_service_agent]))\n# Wait delay after granting IAM permissions\nwait_srv_acc_permissions = time.index.Sleep(\"wait_srv_acc_permissions\", create_duration=10s,\nopts = pulumi.ResourceOptions(depends_on=[autokey_project_admin]))\nautokey_config = gcp.kms.AutokeyConfig(\"autokey_config\",\n folder=autokms_folder.folder_id,\n key_project=key_project.project_id.apply(lambda project_id: f\"projects/{project_id}\"),\n opts = pulumi.ResourceOptions(depends_on=[wait_srv_acc_permissions]))\n# Wait delay for autokey config to take effect\nwait_autokey_config = time.index.Sleep(\"wait_autokey_config\", create_duration=10s,\nopts = pulumi.ResourceOptions(depends_on=[autokey_config]))\nexample_keyhandle = gcp.kms.KeyHandle(\"example-keyhandle\",\n project=resource_project.project_id,\n name=\"tf-test-key-handle\",\n location=\"global\",\n resource_type_selector=\"storage.googleapis.com/Bucket\",\n opts = pulumi.ResourceOptions(depends_on=[wait_autokey_config]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create Folder in GCP Organization\n var autokmsFolder = new Gcp.Organizations.Folder(\"autokms_folder\", new()\n {\n DisplayName = \"my-folder\",\n Parent = \"organizations/123456789\",\n DeletionProtection = false,\n });\n\n // Create the key project\n var keyProject = new Gcp.Organizations.Project(\"key_project\", new()\n {\n ProjectId = \"key-proj\",\n Name = \"key-proj\",\n FolderId = autokmsFolder.FolderId,\n BillingAccount = \"000000-0000000-0000000-000000\",\n DeletionPolicy = \"DELETE\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n autokmsFolder,\n },\n });\n\n // Create the resource project\n var resourceProject = new Gcp.Organizations.Project(\"resource_project\", new()\n {\n ProjectId = \"res-proj\",\n Name = \"res-proj\",\n FolderId = autokmsFolder.FolderId,\n BillingAccount = \"000000-0000000-0000000-000000\",\n DeletionPolicy = \"DELETE\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n autokmsFolder,\n },\n });\n\n // Enable the Cloud KMS API\n var kmsApiService = new Gcp.Projects.Service(\"kms_api_service\", new()\n {\n ServiceName = \"cloudkms.googleapis.com\",\n Project = keyProject.ProjectId,\n DisableOnDestroy = false,\n DisableDependentServices = true,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n keyProject,\n },\n });\n\n // Wait delay after enabling APIs\n var waitEnableServiceApi = new Time.Index.Sleep(\"wait_enable_service_api\", new()\n {\n CreateDuration = \"30s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n kmsApiService,\n },\n });\n\n //Create KMS Service Agent\n var kmsServiceAgent = new Gcp.Projects.ServiceIdentity(\"kms_service_agent\", new()\n {\n Service = \"cloudkms.googleapis.com\",\n Project = keyProject.Number,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n waitEnableServiceApi,\n },\n });\n\n // Wait delay after creating service agent.\n var waitServiceAgent = new Time.Index.Sleep(\"wait_service_agent\", new()\n {\n CreateDuration = \"10s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n kmsServiceAgent,\n },\n });\n\n //Grant the KMS Service Agent the Cloud KMS Admin role\n var autokeyProjectAdmin = new Gcp.Projects.IAMMember(\"autokey_project_admin\", new()\n {\n Project = keyProject.ProjectId,\n Role = \"roles/cloudkms.admin\",\n Member = keyProject.Number.Apply(number =\u003e $\"serviceAccount:service-{number}@gcp-sa-cloudkms.iam.gserviceaccount.com\"),\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n waitServiceAgent,\n },\n });\n\n // Wait delay after granting IAM permissions\n var waitSrvAccPermissions = new Time.Index.Sleep(\"wait_srv_acc_permissions\", new()\n {\n CreateDuration = \"10s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n autokeyProjectAdmin,\n },\n });\n\n var autokeyConfig = new Gcp.Kms.AutokeyConfig(\"autokey_config\", new()\n {\n Folder = autokmsFolder.FolderId,\n KeyProject = keyProject.ProjectId.Apply(projectId =\u003e $\"projects/{projectId}\"),\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n waitSrvAccPermissions,\n },\n });\n\n // Wait delay for autokey config to take effect\n var waitAutokeyConfig = new Time.Index.Sleep(\"wait_autokey_config\", new()\n {\n CreateDuration = \"10s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n autokeyConfig,\n },\n });\n\n var example_keyhandle = new Gcp.Kms.KeyHandle(\"example-keyhandle\", new()\n {\n Project = resourceProject.ProjectId,\n Name = \"tf-test-key-handle\",\n Location = \"global\",\n ResourceTypeSelector = \"storage.googleapis.com/Bucket\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n waitAutokeyConfig,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Create Folder in GCP Organization\n\t\tautokmsFolder, err := organizations.NewFolder(ctx, \"autokms_folder\", \u0026organizations.FolderArgs{\n\t\t\tDisplayName: pulumi.String(\"my-folder\"),\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create the key project\n\t\tkeyProject, err := organizations.NewProject(ctx, \"key_project\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"key-proj\"),\n\t\t\tName: pulumi.String(\"key-proj\"),\n\t\t\tFolderId: autokmsFolder.FolderId,\n\t\t\tBillingAccount: pulumi.String(\"000000-0000000-0000000-000000\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tautokmsFolder,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create the resource project\n\t\tresourceProject, err := organizations.NewProject(ctx, \"resource_project\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"res-proj\"),\n\t\t\tName: pulumi.String(\"res-proj\"),\n\t\t\tFolderId: autokmsFolder.FolderId,\n\t\t\tBillingAccount: pulumi.String(\"000000-0000000-0000000-000000\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tautokmsFolder,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Enable the Cloud KMS API\n\t\tkmsApiService, err := projects.NewService(ctx, \"kms_api_service\", \u0026projects.ServiceArgs{\n\t\t\tService: pulumi.String(\"cloudkms.googleapis.com\"),\n\t\t\tProject: keyProject.ProjectId,\n\t\t\tDisableOnDestroy: pulumi.Bool(false),\n\t\t\tDisableDependentServices: pulumi.Bool(true),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tkeyProject,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Wait delay after enabling APIs\n\t\twaitEnableServiceApi, err := time.NewSleep(ctx, \"wait_enable_service_api\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"30s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tkmsApiService,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create KMS Service Agent\n\t\tkmsServiceAgent, err := projects.NewServiceIdentity(ctx, \"kms_service_agent\", \u0026projects.ServiceIdentityArgs{\n\t\t\tService: pulumi.String(\"cloudkms.googleapis.com\"),\n\t\t\tProject: keyProject.Number,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twaitEnableServiceApi,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Wait delay after creating service agent.\n\t\twaitServiceAgent, err := time.NewSleep(ctx, \"wait_service_agent\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"10s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tkmsServiceAgent,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Grant the KMS Service Agent the Cloud KMS Admin role\n\t\tautokeyProjectAdmin, err := projects.NewIAMMember(ctx, \"autokey_project_admin\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: keyProject.ProjectId,\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: keyProject.Number.ApplyT(func(number string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:service-%v@gcp-sa-cloudkms.iam.gserviceaccount.com\", number), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twaitServiceAgent,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Wait delay after granting IAM permissions\n\t\twaitSrvAccPermissions, err := time.NewSleep(ctx, \"wait_srv_acc_permissions\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"10s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tautokeyProjectAdmin,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tautokeyConfig, err := kms.NewAutokeyConfig(ctx, \"autokey_config\", \u0026kms.AutokeyConfigArgs{\n\t\t\tFolder: autokmsFolder.FolderId,\n\t\t\tKeyProject: keyProject.ProjectId.ApplyT(func(projectId string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/%v\", projectId), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twaitSrvAccPermissions,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Wait delay for autokey config to take effect\n\t\twaitAutokeyConfig, err := time.NewSleep(ctx, \"wait_autokey_config\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"10s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tautokeyConfig,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewKeyHandle(ctx, \"example-keyhandle\", \u0026kms.KeyHandleArgs{\n\t\t\tProject: resourceProject.ProjectId,\n\t\t\tName: pulumi.String(\"tf-test-key-handle\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tResourceTypeSelector: pulumi.String(\"storage.googleapis.com/Bucket\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twaitAutokeyConfig,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Folder;\nimport com.pulumi.gcp.organizations.FolderArgs;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.projects.ServiceIdentity;\nimport com.pulumi.gcp.projects.ServiceIdentityArgs;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.kms.AutokeyConfig;\nimport com.pulumi.gcp.kms.AutokeyConfigArgs;\nimport com.pulumi.gcp.kms.KeyHandle;\nimport com.pulumi.gcp.kms.KeyHandleArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Create Folder in GCP Organization\n var autokmsFolder = new Folder(\"autokmsFolder\", FolderArgs.builder()\n .displayName(\"my-folder\")\n .parent(\"organizations/123456789\")\n .deletionProtection(false)\n .build());\n\n // Create the key project\n var keyProject = new Project(\"keyProject\", ProjectArgs.builder()\n .projectId(\"key-proj\")\n .name(\"key-proj\")\n .folderId(autokmsFolder.folderId())\n .billingAccount(\"000000-0000000-0000000-000000\")\n .deletionPolicy(\"DELETE\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(autokmsFolder)\n .build());\n\n // Create the resource project\n var resourceProject = new Project(\"resourceProject\", ProjectArgs.builder()\n .projectId(\"res-proj\")\n .name(\"res-proj\")\n .folderId(autokmsFolder.folderId())\n .billingAccount(\"000000-0000000-0000000-000000\")\n .deletionPolicy(\"DELETE\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(autokmsFolder)\n .build());\n\n // Enable the Cloud KMS API\n var kmsApiService = new Service(\"kmsApiService\", ServiceArgs.builder()\n .service(\"cloudkms.googleapis.com\")\n .project(keyProject.projectId())\n .disableOnDestroy(false)\n .disableDependentServices(true)\n .build(), CustomResourceOptions.builder()\n .dependsOn(keyProject)\n .build());\n\n // Wait delay after enabling APIs\n var waitEnableServiceApi = new Sleep(\"waitEnableServiceApi\", SleepArgs.builder()\n .createDuration(\"30s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(kmsApiService)\n .build());\n\n //Create KMS Service Agent\n var kmsServiceAgent = new ServiceIdentity(\"kmsServiceAgent\", ServiceIdentityArgs.builder()\n .service(\"cloudkms.googleapis.com\")\n .project(keyProject.number())\n .build(), CustomResourceOptions.builder()\n .dependsOn(waitEnableServiceApi)\n .build());\n\n // Wait delay after creating service agent.\n var waitServiceAgent = new Sleep(\"waitServiceAgent\", SleepArgs.builder()\n .createDuration(\"10s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(kmsServiceAgent)\n .build());\n\n //Grant the KMS Service Agent the Cloud KMS Admin role\n var autokeyProjectAdmin = new IAMMember(\"autokeyProjectAdmin\", IAMMemberArgs.builder()\n .project(keyProject.projectId())\n .role(\"roles/cloudkms.admin\")\n .member(keyProject.number().applyValue(number -\u003e String.format(\"serviceAccount:service-%s@gcp-sa-cloudkms.iam.gserviceaccount.com\", number)))\n .build(), CustomResourceOptions.builder()\n .dependsOn(waitServiceAgent)\n .build());\n\n // Wait delay after granting IAM permissions\n var waitSrvAccPermissions = new Sleep(\"waitSrvAccPermissions\", SleepArgs.builder()\n .createDuration(\"10s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(autokeyProjectAdmin)\n .build());\n\n var autokeyConfig = new AutokeyConfig(\"autokeyConfig\", AutokeyConfigArgs.builder()\n .folder(autokmsFolder.folderId())\n .keyProject(keyProject.projectId().applyValue(projectId -\u003e String.format(\"projects/%s\", projectId)))\n .build(), CustomResourceOptions.builder()\n .dependsOn(waitSrvAccPermissions)\n .build());\n\n // Wait delay for autokey config to take effect\n var waitAutokeyConfig = new Sleep(\"waitAutokeyConfig\", SleepArgs.builder()\n .createDuration(\"10s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(autokeyConfig)\n .build());\n\n var example_keyhandle = new KeyHandle(\"example-keyhandle\", KeyHandleArgs.builder()\n .project(resourceProject.projectId())\n .name(\"tf-test-key-handle\")\n .location(\"global\")\n .resourceTypeSelector(\"storage.googleapis.com/Bucket\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(waitAutokeyConfig)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create Folder in GCP Organization\n autokmsFolder:\n type: gcp:organizations:Folder\n name: autokms_folder\n properties:\n displayName: my-folder\n parent: organizations/123456789\n deletionProtection: false\n # Create the key project\n keyProject:\n type: gcp:organizations:Project\n name: key_project\n properties:\n projectId: key-proj\n name: key-proj\n folderId: ${autokmsFolder.folderId}\n billingAccount: 000000-0000000-0000000-000000\n deletionPolicy: DELETE\n options:\n dependson:\n - ${autokmsFolder}\n # Create the resource project\n resourceProject:\n type: gcp:organizations:Project\n name: resource_project\n properties:\n projectId: res-proj\n name: res-proj\n folderId: ${autokmsFolder.folderId}\n billingAccount: 000000-0000000-0000000-000000\n deletionPolicy: DELETE\n options:\n dependson:\n - ${autokmsFolder}\n # Enable the Cloud KMS API\n kmsApiService:\n type: gcp:projects:Service\n name: kms_api_service\n properties:\n service: cloudkms.googleapis.com\n project: ${keyProject.projectId}\n disableOnDestroy: false\n disableDependentServices: true\n options:\n dependson:\n - ${keyProject}\n # Wait delay after enabling APIs\n waitEnableServiceApi:\n type: time:sleep\n name: wait_enable_service_api\n properties:\n createDuration: 30s\n options:\n dependson:\n - ${kmsApiService}\n #Create KMS Service Agent\n kmsServiceAgent:\n type: gcp:projects:ServiceIdentity\n name: kms_service_agent\n properties:\n service: cloudkms.googleapis.com\n project: ${keyProject.number}\n options:\n dependson:\n - ${waitEnableServiceApi}\n # Wait delay after creating service agent.\n waitServiceAgent:\n type: time:sleep\n name: wait_service_agent\n properties:\n createDuration: 10s\n options:\n dependson:\n - ${kmsServiceAgent}\n #Grant the KMS Service Agent the Cloud KMS Admin role\n autokeyProjectAdmin:\n type: gcp:projects:IAMMember\n name: autokey_project_admin\n properties:\n project: ${keyProject.projectId}\n role: roles/cloudkms.admin\n member: serviceAccount:service-${keyProject.number}@gcp-sa-cloudkms.iam.gserviceaccount.com\n options:\n dependson:\n - ${waitServiceAgent}\n # Wait delay after granting IAM permissions\n waitSrvAccPermissions:\n type: time:sleep\n name: wait_srv_acc_permissions\n properties:\n createDuration: 10s\n options:\n dependson:\n - ${autokeyProjectAdmin}\n autokeyConfig:\n type: gcp:kms:AutokeyConfig\n name: autokey_config\n properties:\n folder: ${autokmsFolder.folderId}\n keyProject: projects/${keyProject.projectId}\n options:\n dependson:\n - ${waitSrvAccPermissions}\n # Wait delay for autokey config to take effect\n waitAutokeyConfig:\n type: time:sleep\n name: wait_autokey_config\n properties:\n createDuration: 10s\n options:\n dependson:\n - ${autokeyConfig}\n example-keyhandle:\n type: gcp:kms:KeyHandle\n properties:\n project: ${resourceProject.projectId}\n name: tf-test-key-handle\n location: global\n resourceTypeSelector: storage.googleapis.com/Bucket\n options:\n dependson:\n - ${waitAutokeyConfig}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nKeyHandle can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/keyHandles/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, KeyHandle can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:kms/keyHandle:KeyHandle default projects/{{project}}/locations/{{location}}/keyHandles/{{name}}\n```\n\n```sh\n$ pulumi import gcp:kms/keyHandle:KeyHandle default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:kms/keyHandle:KeyHandle default {{location}}/{{name}}\n```\n\n", + "description": "## Example Usage\n\n### Kms Key Handle Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\n// Create Folder in GCP Organization\nconst autokmsFolder = new gcp.organizations.Folder(\"autokms_folder\", {\n displayName: \"my-folder\",\n parent: \"organizations/123456789\",\n deletionProtection: false,\n});\n// Create the key project\nconst keyProject = new gcp.organizations.Project(\"key_project\", {\n projectId: \"key-proj\",\n name: \"key-proj\",\n folderId: autokmsFolder.folderId,\n billingAccount: \"000000-0000000-0000000-000000\",\n deletionPolicy: \"DELETE\",\n}, {\n dependsOn: [autokmsFolder],\n});\n// Create the resource project\nconst resourceProject = new gcp.organizations.Project(\"resource_project\", {\n projectId: \"res-proj\",\n name: \"res-proj\",\n folderId: autokmsFolder.folderId,\n billingAccount: \"000000-0000000-0000000-000000\",\n deletionPolicy: \"DELETE\",\n}, {\n dependsOn: [autokmsFolder],\n});\n// Enable the Cloud KMS API\nconst kmsApiService = new gcp.projects.Service(\"kms_api_service\", {\n service: \"cloudkms.googleapis.com\",\n project: keyProject.projectId,\n disableOnDestroy: false,\n disableDependentServices: true,\n}, {\n dependsOn: [keyProject],\n});\n// Wait delay after enabling APIs\nconst waitEnableServiceApi = new time.index.Sleep(\"wait_enable_service_api\", {createDuration: \"30s\"}, {\n dependsOn: [kmsApiService],\n});\n//Create KMS Service Agent\nconst kmsServiceAgent = new gcp.projects.ServiceIdentity(\"kms_service_agent\", {\n service: \"cloudkms.googleapis.com\",\n project: keyProject.number,\n}, {\n dependsOn: [waitEnableServiceApi],\n});\n// Wait delay after creating service agent.\nconst waitServiceAgent = new time.index.Sleep(\"wait_service_agent\", {createDuration: \"10s\"}, {\n dependsOn: [kmsServiceAgent],\n});\n//Grant the KMS Service Agent the Cloud KMS Admin role\nconst autokeyProjectAdmin = new gcp.projects.IAMMember(\"autokey_project_admin\", {\n project: keyProject.projectId,\n role: \"roles/cloudkms.admin\",\n member: pulumi.interpolate`serviceAccount:service-${keyProject.number}@gcp-sa-cloudkms.iam.gserviceaccount.com`,\n}, {\n dependsOn: [waitServiceAgent],\n});\n// Wait delay after granting IAM permissions\nconst waitSrvAccPermissions = new time.index.Sleep(\"wait_srv_acc_permissions\", {createDuration: \"10s\"}, {\n dependsOn: [autokeyProjectAdmin],\n});\nconst autokeyConfig = new gcp.kms.AutokeyConfig(\"autokey_config\", {\n folder: autokmsFolder.folderId,\n keyProject: pulumi.interpolate`projects/${keyProject.projectId}`,\n}, {\n dependsOn: [waitSrvAccPermissions],\n});\n// Wait delay for autokey config to take effect\nconst waitAutokeyConfig = new time.index.Sleep(\"wait_autokey_config\", {createDuration: \"10s\"}, {\n dependsOn: [autokeyConfig],\n});\nconst example_keyhandle = new gcp.kms.KeyHandle(\"example-keyhandle\", {\n project: resourceProject.projectId,\n name: \"tf-test-key-handle\",\n location: \"global\",\n resourceTypeSelector: \"storage.googleapis.com/Bucket\",\n}, {\n dependsOn: [waitAutokeyConfig],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\n# Create Folder in GCP Organization\nautokms_folder = gcp.organizations.Folder(\"autokms_folder\",\n display_name=\"my-folder\",\n parent=\"organizations/123456789\",\n deletion_protection=False)\n# Create the key project\nkey_project = gcp.organizations.Project(\"key_project\",\n project_id=\"key-proj\",\n name=\"key-proj\",\n folder_id=autokms_folder.folder_id,\n billing_account=\"000000-0000000-0000000-000000\",\n deletion_policy=\"DELETE\",\n opts = pulumi.ResourceOptions(depends_on=[autokms_folder]))\n# Create the resource project\nresource_project = gcp.organizations.Project(\"resource_project\",\n project_id=\"res-proj\",\n name=\"res-proj\",\n folder_id=autokms_folder.folder_id,\n billing_account=\"000000-0000000-0000000-000000\",\n deletion_policy=\"DELETE\",\n opts = pulumi.ResourceOptions(depends_on=[autokms_folder]))\n# Enable the Cloud KMS API\nkms_api_service = gcp.projects.Service(\"kms_api_service\",\n service=\"cloudkms.googleapis.com\",\n project=key_project.project_id,\n disable_on_destroy=False,\n disable_dependent_services=True,\n opts = pulumi.ResourceOptions(depends_on=[key_project]))\n# Wait delay after enabling APIs\nwait_enable_service_api = time.index.Sleep(\"wait_enable_service_api\", create_duration=30s,\nopts = pulumi.ResourceOptions(depends_on=[kms_api_service]))\n#Create KMS Service Agent\nkms_service_agent = gcp.projects.ServiceIdentity(\"kms_service_agent\",\n service=\"cloudkms.googleapis.com\",\n project=key_project.number,\n opts = pulumi.ResourceOptions(depends_on=[wait_enable_service_api]))\n# Wait delay after creating service agent.\nwait_service_agent = time.index.Sleep(\"wait_service_agent\", create_duration=10s,\nopts = pulumi.ResourceOptions(depends_on=[kms_service_agent]))\n#Grant the KMS Service Agent the Cloud KMS Admin role\nautokey_project_admin = gcp.projects.IAMMember(\"autokey_project_admin\",\n project=key_project.project_id,\n role=\"roles/cloudkms.admin\",\n member=key_project.number.apply(lambda number: f\"serviceAccount:service-{number}@gcp-sa-cloudkms.iam.gserviceaccount.com\"),\n opts = pulumi.ResourceOptions(depends_on=[wait_service_agent]))\n# Wait delay after granting IAM permissions\nwait_srv_acc_permissions = time.index.Sleep(\"wait_srv_acc_permissions\", create_duration=10s,\nopts = pulumi.ResourceOptions(depends_on=[autokey_project_admin]))\nautokey_config = gcp.kms.AutokeyConfig(\"autokey_config\",\n folder=autokms_folder.folder_id,\n key_project=key_project.project_id.apply(lambda project_id: f\"projects/{project_id}\"),\n opts = pulumi.ResourceOptions(depends_on=[wait_srv_acc_permissions]))\n# Wait delay for autokey config to take effect\nwait_autokey_config = time.index.Sleep(\"wait_autokey_config\", create_duration=10s,\nopts = pulumi.ResourceOptions(depends_on=[autokey_config]))\nexample_keyhandle = gcp.kms.KeyHandle(\"example-keyhandle\",\n project=resource_project.project_id,\n name=\"tf-test-key-handle\",\n location=\"global\",\n resource_type_selector=\"storage.googleapis.com/Bucket\",\n opts = pulumi.ResourceOptions(depends_on=[wait_autokey_config]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create Folder in GCP Organization\n var autokmsFolder = new Gcp.Organizations.Folder(\"autokms_folder\", new()\n {\n DisplayName = \"my-folder\",\n Parent = \"organizations/123456789\",\n DeletionProtection = false,\n });\n\n // Create the key project\n var keyProject = new Gcp.Organizations.Project(\"key_project\", new()\n {\n ProjectId = \"key-proj\",\n Name = \"key-proj\",\n FolderId = autokmsFolder.FolderId,\n BillingAccount = \"000000-0000000-0000000-000000\",\n DeletionPolicy = \"DELETE\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n autokmsFolder,\n },\n });\n\n // Create the resource project\n var resourceProject = new Gcp.Organizations.Project(\"resource_project\", new()\n {\n ProjectId = \"res-proj\",\n Name = \"res-proj\",\n FolderId = autokmsFolder.FolderId,\n BillingAccount = \"000000-0000000-0000000-000000\",\n DeletionPolicy = \"DELETE\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n autokmsFolder,\n },\n });\n\n // Enable the Cloud KMS API\n var kmsApiService = new Gcp.Projects.Service(\"kms_api_service\", new()\n {\n ServiceName = \"cloudkms.googleapis.com\",\n Project = keyProject.ProjectId,\n DisableOnDestroy = false,\n DisableDependentServices = true,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n keyProject,\n },\n });\n\n // Wait delay after enabling APIs\n var waitEnableServiceApi = new Time.Index.Sleep(\"wait_enable_service_api\", new()\n {\n CreateDuration = \"30s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n kmsApiService,\n },\n });\n\n //Create KMS Service Agent\n var kmsServiceAgent = new Gcp.Projects.ServiceIdentity(\"kms_service_agent\", new()\n {\n Service = \"cloudkms.googleapis.com\",\n Project = keyProject.Number,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n waitEnableServiceApi,\n },\n });\n\n // Wait delay after creating service agent.\n var waitServiceAgent = new Time.Index.Sleep(\"wait_service_agent\", new()\n {\n CreateDuration = \"10s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n kmsServiceAgent,\n },\n });\n\n //Grant the KMS Service Agent the Cloud KMS Admin role\n var autokeyProjectAdmin = new Gcp.Projects.IAMMember(\"autokey_project_admin\", new()\n {\n Project = keyProject.ProjectId,\n Role = \"roles/cloudkms.admin\",\n Member = keyProject.Number.Apply(number =\u003e $\"serviceAccount:service-{number}@gcp-sa-cloudkms.iam.gserviceaccount.com\"),\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n waitServiceAgent,\n },\n });\n\n // Wait delay after granting IAM permissions\n var waitSrvAccPermissions = new Time.Index.Sleep(\"wait_srv_acc_permissions\", new()\n {\n CreateDuration = \"10s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n autokeyProjectAdmin,\n },\n });\n\n var autokeyConfig = new Gcp.Kms.AutokeyConfig(\"autokey_config\", new()\n {\n Folder = autokmsFolder.FolderId,\n KeyProject = keyProject.ProjectId.Apply(projectId =\u003e $\"projects/{projectId}\"),\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n waitSrvAccPermissions,\n },\n });\n\n // Wait delay for autokey config to take effect\n var waitAutokeyConfig = new Time.Index.Sleep(\"wait_autokey_config\", new()\n {\n CreateDuration = \"10s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n autokeyConfig,\n },\n });\n\n var example_keyhandle = new Gcp.Kms.KeyHandle(\"example-keyhandle\", new()\n {\n Project = resourceProject.ProjectId,\n Name = \"tf-test-key-handle\",\n Location = \"global\",\n ResourceTypeSelector = \"storage.googleapis.com/Bucket\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n waitAutokeyConfig,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Create Folder in GCP Organization\n\t\tautokmsFolder, err := organizations.NewFolder(ctx, \"autokms_folder\", \u0026organizations.FolderArgs{\n\t\t\tDisplayName: pulumi.String(\"my-folder\"),\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create the key project\n\t\tkeyProject, err := organizations.NewProject(ctx, \"key_project\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"key-proj\"),\n\t\t\tName: pulumi.String(\"key-proj\"),\n\t\t\tFolderId: autokmsFolder.FolderId,\n\t\t\tBillingAccount: pulumi.String(\"000000-0000000-0000000-000000\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tautokmsFolder,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create the resource project\n\t\tresourceProject, err := organizations.NewProject(ctx, \"resource_project\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"res-proj\"),\n\t\t\tName: pulumi.String(\"res-proj\"),\n\t\t\tFolderId: autokmsFolder.FolderId,\n\t\t\tBillingAccount: pulumi.String(\"000000-0000000-0000000-000000\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tautokmsFolder,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Enable the Cloud KMS API\n\t\tkmsApiService, err := projects.NewService(ctx, \"kms_api_service\", \u0026projects.ServiceArgs{\n\t\t\tService: pulumi.String(\"cloudkms.googleapis.com\"),\n\t\t\tProject: keyProject.ProjectId,\n\t\t\tDisableOnDestroy: pulumi.Bool(false),\n\t\t\tDisableDependentServices: pulumi.Bool(true),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tkeyProject,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Wait delay after enabling APIs\n\t\twaitEnableServiceApi, err := time.NewSleep(ctx, \"wait_enable_service_api\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"30s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tkmsApiService,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create KMS Service Agent\n\t\tkmsServiceAgent, err := projects.NewServiceIdentity(ctx, \"kms_service_agent\", \u0026projects.ServiceIdentityArgs{\n\t\t\tService: pulumi.String(\"cloudkms.googleapis.com\"),\n\t\t\tProject: keyProject.Number,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twaitEnableServiceApi,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Wait delay after creating service agent.\n\t\twaitServiceAgent, err := time.NewSleep(ctx, \"wait_service_agent\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"10s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tkmsServiceAgent,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Grant the KMS Service Agent the Cloud KMS Admin role\n\t\tautokeyProjectAdmin, err := projects.NewIAMMember(ctx, \"autokey_project_admin\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: keyProject.ProjectId,\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: keyProject.Number.ApplyT(func(number string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:service-%v@gcp-sa-cloudkms.iam.gserviceaccount.com\", number), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twaitServiceAgent,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Wait delay after granting IAM permissions\n\t\twaitSrvAccPermissions, err := time.NewSleep(ctx, \"wait_srv_acc_permissions\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"10s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tautokeyProjectAdmin,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tautokeyConfig, err := kms.NewAutokeyConfig(ctx, \"autokey_config\", \u0026kms.AutokeyConfigArgs{\n\t\t\tFolder: autokmsFolder.FolderId,\n\t\t\tKeyProject: keyProject.ProjectId.ApplyT(func(projectId string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/%v\", projectId), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twaitSrvAccPermissions,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Wait delay for autokey config to take effect\n\t\twaitAutokeyConfig, err := time.NewSleep(ctx, \"wait_autokey_config\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"10s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tautokeyConfig,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewKeyHandle(ctx, \"example-keyhandle\", \u0026kms.KeyHandleArgs{\n\t\t\tProject: resourceProject.ProjectId,\n\t\t\tName: pulumi.String(\"tf-test-key-handle\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tResourceTypeSelector: pulumi.String(\"storage.googleapis.com/Bucket\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twaitAutokeyConfig,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Folder;\nimport com.pulumi.gcp.organizations.FolderArgs;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.projects.ServiceIdentity;\nimport com.pulumi.gcp.projects.ServiceIdentityArgs;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.kms.AutokeyConfig;\nimport com.pulumi.gcp.kms.AutokeyConfigArgs;\nimport com.pulumi.gcp.kms.KeyHandle;\nimport com.pulumi.gcp.kms.KeyHandleArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Create Folder in GCP Organization\n var autokmsFolder = new Folder(\"autokmsFolder\", FolderArgs.builder()\n .displayName(\"my-folder\")\n .parent(\"organizations/123456789\")\n .deletionProtection(false)\n .build());\n\n // Create the key project\n var keyProject = new Project(\"keyProject\", ProjectArgs.builder()\n .projectId(\"key-proj\")\n .name(\"key-proj\")\n .folderId(autokmsFolder.folderId())\n .billingAccount(\"000000-0000000-0000000-000000\")\n .deletionPolicy(\"DELETE\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(autokmsFolder)\n .build());\n\n // Create the resource project\n var resourceProject = new Project(\"resourceProject\", ProjectArgs.builder()\n .projectId(\"res-proj\")\n .name(\"res-proj\")\n .folderId(autokmsFolder.folderId())\n .billingAccount(\"000000-0000000-0000000-000000\")\n .deletionPolicy(\"DELETE\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(autokmsFolder)\n .build());\n\n // Enable the Cloud KMS API\n var kmsApiService = new Service(\"kmsApiService\", ServiceArgs.builder()\n .service(\"cloudkms.googleapis.com\")\n .project(keyProject.projectId())\n .disableOnDestroy(false)\n .disableDependentServices(true)\n .build(), CustomResourceOptions.builder()\n .dependsOn(keyProject)\n .build());\n\n // Wait delay after enabling APIs\n var waitEnableServiceApi = new Sleep(\"waitEnableServiceApi\", SleepArgs.builder()\n .createDuration(\"30s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(kmsApiService)\n .build());\n\n //Create KMS Service Agent\n var kmsServiceAgent = new ServiceIdentity(\"kmsServiceAgent\", ServiceIdentityArgs.builder()\n .service(\"cloudkms.googleapis.com\")\n .project(keyProject.number())\n .build(), CustomResourceOptions.builder()\n .dependsOn(waitEnableServiceApi)\n .build());\n\n // Wait delay after creating service agent.\n var waitServiceAgent = new Sleep(\"waitServiceAgent\", SleepArgs.builder()\n .createDuration(\"10s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(kmsServiceAgent)\n .build());\n\n //Grant the KMS Service Agent the Cloud KMS Admin role\n var autokeyProjectAdmin = new IAMMember(\"autokeyProjectAdmin\", IAMMemberArgs.builder()\n .project(keyProject.projectId())\n .role(\"roles/cloudkms.admin\")\n .member(keyProject.number().applyValue(number -\u003e String.format(\"serviceAccount:service-%s@gcp-sa-cloudkms.iam.gserviceaccount.com\", number)))\n .build(), CustomResourceOptions.builder()\n .dependsOn(waitServiceAgent)\n .build());\n\n // Wait delay after granting IAM permissions\n var waitSrvAccPermissions = new Sleep(\"waitSrvAccPermissions\", SleepArgs.builder()\n .createDuration(\"10s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(autokeyProjectAdmin)\n .build());\n\n var autokeyConfig = new AutokeyConfig(\"autokeyConfig\", AutokeyConfigArgs.builder()\n .folder(autokmsFolder.folderId())\n .keyProject(keyProject.projectId().applyValue(projectId -\u003e String.format(\"projects/%s\", projectId)))\n .build(), CustomResourceOptions.builder()\n .dependsOn(waitSrvAccPermissions)\n .build());\n\n // Wait delay for autokey config to take effect\n var waitAutokeyConfig = new Sleep(\"waitAutokeyConfig\", SleepArgs.builder()\n .createDuration(\"10s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(autokeyConfig)\n .build());\n\n var example_keyhandle = new KeyHandle(\"example-keyhandle\", KeyHandleArgs.builder()\n .project(resourceProject.projectId())\n .name(\"tf-test-key-handle\")\n .location(\"global\")\n .resourceTypeSelector(\"storage.googleapis.com/Bucket\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(waitAutokeyConfig)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create Folder in GCP Organization\n autokmsFolder:\n type: gcp:organizations:Folder\n name: autokms_folder\n properties:\n displayName: my-folder\n parent: organizations/123456789\n deletionProtection: false\n # Create the key project\n keyProject:\n type: gcp:organizations:Project\n name: key_project\n properties:\n projectId: key-proj\n name: key-proj\n folderId: ${autokmsFolder.folderId}\n billingAccount: 000000-0000000-0000000-000000\n deletionPolicy: DELETE\n options:\n dependsOn:\n - ${autokmsFolder}\n # Create the resource project\n resourceProject:\n type: gcp:organizations:Project\n name: resource_project\n properties:\n projectId: res-proj\n name: res-proj\n folderId: ${autokmsFolder.folderId}\n billingAccount: 000000-0000000-0000000-000000\n deletionPolicy: DELETE\n options:\n dependsOn:\n - ${autokmsFolder}\n # Enable the Cloud KMS API\n kmsApiService:\n type: gcp:projects:Service\n name: kms_api_service\n properties:\n service: cloudkms.googleapis.com\n project: ${keyProject.projectId}\n disableOnDestroy: false\n disableDependentServices: true\n options:\n dependsOn:\n - ${keyProject}\n # Wait delay after enabling APIs\n waitEnableServiceApi:\n type: time:sleep\n name: wait_enable_service_api\n properties:\n createDuration: 30s\n options:\n dependsOn:\n - ${kmsApiService}\n #Create KMS Service Agent\n kmsServiceAgent:\n type: gcp:projects:ServiceIdentity\n name: kms_service_agent\n properties:\n service: cloudkms.googleapis.com\n project: ${keyProject.number}\n options:\n dependsOn:\n - ${waitEnableServiceApi}\n # Wait delay after creating service agent.\n waitServiceAgent:\n type: time:sleep\n name: wait_service_agent\n properties:\n createDuration: 10s\n options:\n dependsOn:\n - ${kmsServiceAgent}\n #Grant the KMS Service Agent the Cloud KMS Admin role\n autokeyProjectAdmin:\n type: gcp:projects:IAMMember\n name: autokey_project_admin\n properties:\n project: ${keyProject.projectId}\n role: roles/cloudkms.admin\n member: serviceAccount:service-${keyProject.number}@gcp-sa-cloudkms.iam.gserviceaccount.com\n options:\n dependsOn:\n - ${waitServiceAgent}\n # Wait delay after granting IAM permissions\n waitSrvAccPermissions:\n type: time:sleep\n name: wait_srv_acc_permissions\n properties:\n createDuration: 10s\n options:\n dependsOn:\n - ${autokeyProjectAdmin}\n autokeyConfig:\n type: gcp:kms:AutokeyConfig\n name: autokey_config\n properties:\n folder: ${autokmsFolder.folderId}\n keyProject: projects/${keyProject.projectId}\n options:\n dependsOn:\n - ${waitSrvAccPermissions}\n # Wait delay for autokey config to take effect\n waitAutokeyConfig:\n type: time:sleep\n name: wait_autokey_config\n properties:\n createDuration: 10s\n options:\n dependsOn:\n - ${autokeyConfig}\n example-keyhandle:\n type: gcp:kms:KeyHandle\n properties:\n project: ${resourceProject.projectId}\n name: tf-test-key-handle\n location: global\n resourceTypeSelector: storage.googleapis.com/Bucket\n options:\n dependsOn:\n - ${waitAutokeyConfig}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nKeyHandle can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/keyHandles/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, KeyHandle can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:kms/keyHandle:KeyHandle default projects/{{project}}/locations/{{location}}/keyHandles/{{name}}\n```\n\n```sh\n$ pulumi import gcp:kms/keyHandle:KeyHandle default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:kms/keyHandle:KeyHandle default {{location}}/{{name}}\n```\n\n", "properties": { "kmsKey": { "type": "string", @@ -230871,7 +230871,7 @@ } }, "gcp:kms/keyRingIAMBinding:KeyRingIAMBinding": { - "description": "Three different resources help you manage your IAM policy for KMS key ring. Each of these resources serves a different use case:\n\n* `gcp.kms.KeyRingIAMPolicy`: Authoritative. Sets the IAM policy for the key ring and replaces any existing policy already attached.\n* `gcp.kms.KeyRingIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the key ring are preserved.\n* `gcp.kms.KeyRingIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the key ring are preserved.\n\n\u003e **Note:** `gcp.kms.KeyRingIAMPolicy` **cannot** be used in conjunction with `gcp.kms.KeyRingIAMBinding` and `gcp.kms.KeyRingIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.kms.KeyRingIAMBinding` resources **can be** used in conjunction with `gcp.kms.KeyRingIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.kms.KeyRingIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst keyRing = new gcp.kms.KeyRingIAMPolicy(\"key_ring\", {\n keyRingId: keyring.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nkey_ring = gcp.kms.KeyRingIAMPolicy(\"key_ring\",\n key_ring_id=keyring.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var keyRing = new Gcp.Kms.KeyRingIAMPolicy(\"key_ring\", new()\n {\n KeyRingId = keyring.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewKeyRingIAMPolicy(ctx, \"key_ring\", \u0026kms.KeyRingIAMPolicyArgs{\n\t\t\tKeyRingId: keyring.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicy;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder()\n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var keyRing = new KeyRingIAMPolicy(\"keyRing\", KeyRingIAMPolicyArgs.builder()\n .keyRingId(keyring.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n keyRing:\n type: gcp:kms:KeyRingIAMPolicy\n name: key_ring\n properties:\n keyRingId: ${keyring.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst keyRing = new gcp.kms.KeyRingIAMPolicy(\"key_ring\", {\n keyRingId: keyring.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\nkey_ring = gcp.kms.KeyRingIAMPolicy(\"key_ring\",\n key_ring_id=keyring.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var keyRing = new Gcp.Kms.KeyRingIAMPolicy(\"key_ring\", new()\n {\n KeyRingId = keyring.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewKeyRingIAMPolicy(ctx, \"key_ring\", \u0026kms.KeyRingIAMPolicyArgs{\n\t\t\tKeyRingId: keyring.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicy;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder()\n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var keyRing = new KeyRingIAMPolicy(\"keyRing\", KeyRingIAMPolicyArgs.builder()\n .keyRingId(keyring.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n keyRing:\n type: gcp:kms:KeyRingIAMPolicy\n name: key_ring\n properties:\n keyRingId: ${keyring.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.kms.KeyRingIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.KeyRingIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.KeyRingIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .condition(KeyRingIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.kms.KeyRingIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.KeyRingIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.KeyRingIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .condition(KeyRingIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.kms.KeyRingIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.KeyRingIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.KeyRingIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .condition(KeyRingIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.kms.KeyRingIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.KeyRingIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.KeyRingIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .condition(KeyRingIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Cloud KMS key ring only. For example:\n\n* `{{project_id}}/{{location}}/{{key_ring_name}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{key_ring_name}}\"\n\n to = google_kms_key_ring_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:kms/keyRingIAMBinding:KeyRingIAMBinding default {{project_id}}/{{location}}/{{key_ring_name}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for KMS key ring. Each of these resources serves a different use case:\n\n* `gcp.kms.KeyRingIAMPolicy`: Authoritative. Sets the IAM policy for the key ring and replaces any existing policy already attached.\n* `gcp.kms.KeyRingIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the key ring are preserved.\n* `gcp.kms.KeyRingIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the key ring are preserved.\n\n\u003e **Note:** `gcp.kms.KeyRingIAMPolicy` **cannot** be used in conjunction with `gcp.kms.KeyRingIAMBinding` and `gcp.kms.KeyRingIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.kms.KeyRingIAMBinding` resources **can be** used in conjunction with `gcp.kms.KeyRingIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.kms.KeyRingIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst keyRing = new gcp.kms.KeyRingIAMPolicy(\"key_ring\", {\n keyRingId: keyring.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nkey_ring = gcp.kms.KeyRingIAMPolicy(\"key_ring\",\n key_ring_id=keyring.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var keyRing = new Gcp.Kms.KeyRingIAMPolicy(\"key_ring\", new()\n {\n KeyRingId = keyring.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewKeyRingIAMPolicy(ctx, \"key_ring\", \u0026kms.KeyRingIAMPolicyArgs{\n\t\t\tKeyRingId: keyring.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicy;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder()\n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var keyRing = new KeyRingIAMPolicy(\"keyRing\", KeyRingIAMPolicyArgs.builder()\n .keyRingId(keyring.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n keyRing:\n type: gcp:kms:KeyRingIAMPolicy\n name: key_ring\n properties:\n keyRingId: ${keyring.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst keyRing = new gcp.kms.KeyRingIAMPolicy(\"key_ring\", {\n keyRingId: keyring.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\nkey_ring = gcp.kms.KeyRingIAMPolicy(\"key_ring\",\n key_ring_id=keyring.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var keyRing = new Gcp.Kms.KeyRingIAMPolicy(\"key_ring\", new()\n {\n KeyRingId = keyring.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewKeyRingIAMPolicy(ctx, \"key_ring\", \u0026kms.KeyRingIAMPolicyArgs{\n\t\t\tKeyRingId: keyring.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicy;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder()\n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var keyRing = new KeyRingIAMPolicy(\"keyRing\", KeyRingIAMPolicyArgs.builder()\n .keyRingId(keyring.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n keyRing:\n type: gcp:kms:KeyRingIAMPolicy\n name: key_ring\n properties:\n keyRingId: ${keyring.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.kms.KeyRingIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.KeyRingIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.KeyRingIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .condition(KeyRingIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.kms.KeyRingIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.KeyRingIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.KeyRingIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .condition(KeyRingIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.kms.KeyRingIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.KeyRingIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.KeyRingIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .condition(KeyRingIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.kms.KeyRingIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.KeyRingIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.KeyRingIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .condition(KeyRingIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Cloud KMS key ring only. For example:\n\n* `{{project_id}}/{{location}}/{{key_ring_name}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{key_ring_name}}\"\n\n to = google_kms_key_ring_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:kms/keyRingIAMBinding:KeyRingIAMBinding default {{project_id}}/{{location}}/{{key_ring_name}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:kms/KeyRingIAMBindingCondition:KeyRingIAMBindingCondition", @@ -230966,7 +230966,7 @@ } }, "gcp:kms/keyRingIAMMember:KeyRingIAMMember": { - "description": "Three different resources help you manage your IAM policy for KMS key ring. Each of these resources serves a different use case:\n\n* `gcp.kms.KeyRingIAMPolicy`: Authoritative. Sets the IAM policy for the key ring and replaces any existing policy already attached.\n* `gcp.kms.KeyRingIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the key ring are preserved.\n* `gcp.kms.KeyRingIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the key ring are preserved.\n\n\u003e **Note:** `gcp.kms.KeyRingIAMPolicy` **cannot** be used in conjunction with `gcp.kms.KeyRingIAMBinding` and `gcp.kms.KeyRingIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.kms.KeyRingIAMBinding` resources **can be** used in conjunction with `gcp.kms.KeyRingIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.kms.KeyRingIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst keyRing = new gcp.kms.KeyRingIAMPolicy(\"key_ring\", {\n keyRingId: keyring.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nkey_ring = gcp.kms.KeyRingIAMPolicy(\"key_ring\",\n key_ring_id=keyring.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var keyRing = new Gcp.Kms.KeyRingIAMPolicy(\"key_ring\", new()\n {\n KeyRingId = keyring.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewKeyRingIAMPolicy(ctx, \"key_ring\", \u0026kms.KeyRingIAMPolicyArgs{\n\t\t\tKeyRingId: keyring.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicy;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder()\n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var keyRing = new KeyRingIAMPolicy(\"keyRing\", KeyRingIAMPolicyArgs.builder()\n .keyRingId(keyring.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n keyRing:\n type: gcp:kms:KeyRingIAMPolicy\n name: key_ring\n properties:\n keyRingId: ${keyring.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst keyRing = new gcp.kms.KeyRingIAMPolicy(\"key_ring\", {\n keyRingId: keyring.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\nkey_ring = gcp.kms.KeyRingIAMPolicy(\"key_ring\",\n key_ring_id=keyring.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var keyRing = new Gcp.Kms.KeyRingIAMPolicy(\"key_ring\", new()\n {\n KeyRingId = keyring.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewKeyRingIAMPolicy(ctx, \"key_ring\", \u0026kms.KeyRingIAMPolicyArgs{\n\t\t\tKeyRingId: keyring.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicy;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder()\n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var keyRing = new KeyRingIAMPolicy(\"keyRing\", KeyRingIAMPolicyArgs.builder()\n .keyRingId(keyring.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n keyRing:\n type: gcp:kms:KeyRingIAMPolicy\n name: key_ring\n properties:\n keyRingId: ${keyring.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.kms.KeyRingIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.KeyRingIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.KeyRingIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .condition(KeyRingIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.kms.KeyRingIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.KeyRingIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.KeyRingIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .condition(KeyRingIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.kms.KeyRingIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.KeyRingIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.KeyRingIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .condition(KeyRingIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.kms.KeyRingIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.KeyRingIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.KeyRingIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .condition(KeyRingIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Cloud KMS key ring only. For example:\n\n* `{{project_id}}/{{location}}/{{key_ring_name}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{key_ring_name}}\"\n\n to = google_kms_key_ring_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:kms/keyRingIAMMember:KeyRingIAMMember default {{project_id}}/{{location}}/{{key_ring_name}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for KMS key ring. Each of these resources serves a different use case:\n\n* `gcp.kms.KeyRingIAMPolicy`: Authoritative. Sets the IAM policy for the key ring and replaces any existing policy already attached.\n* `gcp.kms.KeyRingIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the key ring are preserved.\n* `gcp.kms.KeyRingIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the key ring are preserved.\n\n\u003e **Note:** `gcp.kms.KeyRingIAMPolicy` **cannot** be used in conjunction with `gcp.kms.KeyRingIAMBinding` and `gcp.kms.KeyRingIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.kms.KeyRingIAMBinding` resources **can be** used in conjunction with `gcp.kms.KeyRingIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.kms.KeyRingIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst keyRing = new gcp.kms.KeyRingIAMPolicy(\"key_ring\", {\n keyRingId: keyring.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nkey_ring = gcp.kms.KeyRingIAMPolicy(\"key_ring\",\n key_ring_id=keyring.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var keyRing = new Gcp.Kms.KeyRingIAMPolicy(\"key_ring\", new()\n {\n KeyRingId = keyring.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewKeyRingIAMPolicy(ctx, \"key_ring\", \u0026kms.KeyRingIAMPolicyArgs{\n\t\t\tKeyRingId: keyring.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicy;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder()\n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var keyRing = new KeyRingIAMPolicy(\"keyRing\", KeyRingIAMPolicyArgs.builder()\n .keyRingId(keyring.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n keyRing:\n type: gcp:kms:KeyRingIAMPolicy\n name: key_ring\n properties:\n keyRingId: ${keyring.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst keyRing = new gcp.kms.KeyRingIAMPolicy(\"key_ring\", {\n keyRingId: keyring.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\nkey_ring = gcp.kms.KeyRingIAMPolicy(\"key_ring\",\n key_ring_id=keyring.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var keyRing = new Gcp.Kms.KeyRingIAMPolicy(\"key_ring\", new()\n {\n KeyRingId = keyring.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewKeyRingIAMPolicy(ctx, \"key_ring\", \u0026kms.KeyRingIAMPolicyArgs{\n\t\t\tKeyRingId: keyring.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicy;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder()\n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var keyRing = new KeyRingIAMPolicy(\"keyRing\", KeyRingIAMPolicyArgs.builder()\n .keyRingId(keyring.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n keyRing:\n type: gcp:kms:KeyRingIAMPolicy\n name: key_ring\n properties:\n keyRingId: ${keyring.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.kms.KeyRingIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.KeyRingIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.KeyRingIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .condition(KeyRingIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.kms.KeyRingIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.KeyRingIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.KeyRingIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .condition(KeyRingIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.kms.KeyRingIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.KeyRingIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.KeyRingIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .condition(KeyRingIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.kms.KeyRingIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.KeyRingIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.KeyRingIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .condition(KeyRingIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Cloud KMS key ring only. For example:\n\n* `{{project_id}}/{{location}}/{{key_ring_name}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{key_ring_name}}\"\n\n to = google_kms_key_ring_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:kms/keyRingIAMMember:KeyRingIAMMember default {{project_id}}/{{location}}/{{key_ring_name}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:kms/KeyRingIAMMemberCondition:KeyRingIAMMemberCondition", @@ -231054,7 +231054,7 @@ } }, "gcp:kms/keyRingIAMPolicy:KeyRingIAMPolicy": { - "description": "Three different resources help you manage your IAM policy for KMS key ring. Each of these resources serves a different use case:\n\n* `gcp.kms.KeyRingIAMPolicy`: Authoritative. Sets the IAM policy for the key ring and replaces any existing policy already attached.\n* `gcp.kms.KeyRingIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the key ring are preserved.\n* `gcp.kms.KeyRingIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the key ring are preserved.\n\n\u003e **Note:** `gcp.kms.KeyRingIAMPolicy` **cannot** be used in conjunction with `gcp.kms.KeyRingIAMBinding` and `gcp.kms.KeyRingIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.kms.KeyRingIAMBinding` resources **can be** used in conjunction with `gcp.kms.KeyRingIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.kms.KeyRingIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst keyRing = new gcp.kms.KeyRingIAMPolicy(\"key_ring\", {\n keyRingId: keyring.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nkey_ring = gcp.kms.KeyRingIAMPolicy(\"key_ring\",\n key_ring_id=keyring.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var keyRing = new Gcp.Kms.KeyRingIAMPolicy(\"key_ring\", new()\n {\n KeyRingId = keyring.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewKeyRingIAMPolicy(ctx, \"key_ring\", \u0026kms.KeyRingIAMPolicyArgs{\n\t\t\tKeyRingId: keyring.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicy;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder()\n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var keyRing = new KeyRingIAMPolicy(\"keyRing\", KeyRingIAMPolicyArgs.builder()\n .keyRingId(keyring.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n keyRing:\n type: gcp:kms:KeyRingIAMPolicy\n name: key_ring\n properties:\n keyRingId: ${keyring.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst keyRing = new gcp.kms.KeyRingIAMPolicy(\"key_ring\", {\n keyRingId: keyring.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\nkey_ring = gcp.kms.KeyRingIAMPolicy(\"key_ring\",\n key_ring_id=keyring.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var keyRing = new Gcp.Kms.KeyRingIAMPolicy(\"key_ring\", new()\n {\n KeyRingId = keyring.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewKeyRingIAMPolicy(ctx, \"key_ring\", \u0026kms.KeyRingIAMPolicyArgs{\n\t\t\tKeyRingId: keyring.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicy;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder()\n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var keyRing = new KeyRingIAMPolicy(\"keyRing\", KeyRingIAMPolicyArgs.builder()\n .keyRingId(keyring.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n keyRing:\n type: gcp:kms:KeyRingIAMPolicy\n name: key_ring\n properties:\n keyRingId: ${keyring.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.kms.KeyRingIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.KeyRingIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.KeyRingIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .condition(KeyRingIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.kms.KeyRingIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.KeyRingIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.KeyRingIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .condition(KeyRingIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.kms.KeyRingIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.KeyRingIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.KeyRingIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .condition(KeyRingIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.kms.KeyRingIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.KeyRingIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.KeyRingIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .condition(KeyRingIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Cloud KMS key ring only. For example:\n\n* `{{project_id}}/{{location}}/{{key_ring_name}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{key_ring_name}}\"\n\n to = google_kms_key_ring_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:kms/keyRingIAMPolicy:KeyRingIAMPolicy default {{project_id}}/{{location}}/{{key_ring_name}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for KMS key ring. Each of these resources serves a different use case:\n\n* `gcp.kms.KeyRingIAMPolicy`: Authoritative. Sets the IAM policy for the key ring and replaces any existing policy already attached.\n* `gcp.kms.KeyRingIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the key ring are preserved.\n* `gcp.kms.KeyRingIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the key ring are preserved.\n\n\u003e **Note:** `gcp.kms.KeyRingIAMPolicy` **cannot** be used in conjunction with `gcp.kms.KeyRingIAMBinding` and `gcp.kms.KeyRingIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.kms.KeyRingIAMBinding` resources **can be** used in conjunction with `gcp.kms.KeyRingIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.kms.KeyRingIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst keyRing = new gcp.kms.KeyRingIAMPolicy(\"key_ring\", {\n keyRingId: keyring.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nkey_ring = gcp.kms.KeyRingIAMPolicy(\"key_ring\",\n key_ring_id=keyring.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var keyRing = new Gcp.Kms.KeyRingIAMPolicy(\"key_ring\", new()\n {\n KeyRingId = keyring.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewKeyRingIAMPolicy(ctx, \"key_ring\", \u0026kms.KeyRingIAMPolicyArgs{\n\t\t\tKeyRingId: keyring.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicy;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder()\n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var keyRing = new KeyRingIAMPolicy(\"keyRing\", KeyRingIAMPolicyArgs.builder()\n .keyRingId(keyring.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n keyRing:\n type: gcp:kms:KeyRingIAMPolicy\n name: key_ring\n properties:\n keyRingId: ${keyring.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst keyRing = new gcp.kms.KeyRingIAMPolicy(\"key_ring\", {\n keyRingId: keyring.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\nkey_ring = gcp.kms.KeyRingIAMPolicy(\"key_ring\",\n key_ring_id=keyring.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var keyRing = new Gcp.Kms.KeyRingIAMPolicy(\"key_ring\", new()\n {\n KeyRingId = keyring.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewKeyRingIAMPolicy(ctx, \"key_ring\", \u0026kms.KeyRingIAMPolicyArgs{\n\t\t\tKeyRingId: keyring.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicy;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder()\n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var keyRing = new KeyRingIAMPolicy(\"keyRing\", KeyRingIAMPolicyArgs.builder()\n .keyRingId(keyring.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n keyRing:\n type: gcp:kms:KeyRingIAMPolicy\n name: key_ring\n properties:\n keyRingId: ${keyring.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.kms.KeyRingIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.KeyRingIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.KeyRingIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .condition(KeyRingIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.kms.KeyRingIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.KeyRingIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.KeyRingIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .condition(KeyRingIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.kms.KeyRingIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.KeyRingIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.KeyRingIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .condition(KeyRingIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.kms.KeyRingIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.KeyRingIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.KeyRingIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder()\n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .condition(KeyRingIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Cloud KMS key ring only. For example:\n\n* `{{project_id}}/{{location}}/{{key_ring_name}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{key_ring_name}}\"\n\n to = google_kms_key_ring_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:kms/keyRingIAMPolicy:KeyRingIAMPolicy default {{project_id}}/{{location}}/{{key_ring_name}}\n```\n\n", "properties": { "etag": { "type": "string", @@ -231326,7 +231326,7 @@ } }, "gcp:logging/billingAccountBucketConfig:BillingAccountBucketConfig": { - "description": "Manages a billing account level logging bucket config. For more information see\n[the official logging documentation](https://cloud.google.com/logging/docs/) and\n[Storing Logs](https://cloud.google.com/logging/docs/storage).\n\n\u003e **Note:** Logging buckets are automatically created for a given folder, project, organization, billingAccount and cannot be deleted. Creating a resource of this type will acquire and update the resource that already exists at the desired location. These buckets cannot be removed so deleting this resource will remove the bucket config from your state but will leave the logging bucket unchanged. The buckets that are currently automatically created are \"_Default\" and \"_Required\".\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.organizations.getBillingAccount({\n billingAccount: \"00AA00-000AAA-00AA0A\",\n});\nconst basic = new gcp.logging.BillingAccountBucketConfig(\"basic\", {\n billingAccount: _default.then(_default =\u003e _default.billingAccount),\n location: \"global\",\n retentionDays: 30,\n bucketId: \"_Default\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.organizations.get_billing_account(billing_account=\"00AA00-000AAA-00AA0A\")\nbasic = gcp.logging.BillingAccountBucketConfig(\"basic\",\n billing_account=default.billing_account,\n location=\"global\",\n retention_days=30,\n bucket_id=\"_Default\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Organizations.GetBillingAccount.Invoke(new()\n {\n BillingAccount = \"00AA00-000AAA-00AA0A\",\n });\n\n var basic = new Gcp.Logging.BillingAccountBucketConfig(\"basic\", new()\n {\n BillingAccount = @default.Apply(@default =\u003e @default.Apply(getBillingAccountResult =\u003e getBillingAccountResult.BillingAccount)),\n Location = \"global\",\n RetentionDays = 30,\n BucketId = \"_Default\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := organizations.GetBillingAccount(ctx, \u0026organizations.GetBillingAccountArgs{\n\t\t\tBillingAccount: pulumi.StringRef(\"00AA00-000AAA-00AA0A\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewBillingAccountBucketConfig(ctx, \"basic\", \u0026logging.BillingAccountBucketConfigArgs{\n\t\t\tBillingAccount: pulumi.String(_default.BillingAccount),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tRetentionDays: pulumi.Int(30),\n\t\t\tBucketId: pulumi.String(\"_Default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetBillingAccountArgs;\nimport com.pulumi.gcp.logging.BillingAccountBucketConfig;\nimport com.pulumi.gcp.logging.BillingAccountBucketConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = OrganizationsFunctions.getBillingAccount(GetBillingAccountArgs.builder()\n .billingAccount(\"00AA00-000AAA-00AA0A\")\n .build());\n\n var basic = new BillingAccountBucketConfig(\"basic\", BillingAccountBucketConfigArgs.builder()\n .billingAccount(default_.billingAccount())\n .location(\"global\")\n .retentionDays(30)\n .bucketId(\"_Default\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basic:\n type: gcp:logging:BillingAccountBucketConfig\n properties:\n billingAccount: ${default.billingAccount}\n location: global\n retentionDays: 30\n bucketId: _Default\nvariables:\n default:\n fn::invoke:\n Function: gcp:organizations:getBillingAccount\n Arguments:\n billingAccount: 00AA00-000AAA-00AA0A\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nCreate logging bucket with index configs\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```yaml\nresources:\n example-billing-account-bucket-index-configs:\n type: gcp:logging:BillingAccountBucketConfig\n properties:\n folder: ${default.billingAccount}\n location: global\n retentionDays: 30\n bucketId: _Default\n indexConfigs:\n - fieldPath: jsonPayload.request.status\n type: INDEX_TYPE_STRING\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource can be imported using the following format:\n\n* `billingAccounts/{{billingAccount}}/locations/{{location}}/buckets/{{bucket_id}}`\n\nWhen using the `pulumi import` command, this resource can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:logging/billingAccountBucketConfig:BillingAccountBucketConfig default billingAccounts/{{billingAccount}}/locations/{{location}}/buckets/{{bucket_id}}\n```\n\n", + "description": "Manages a billing account level logging bucket config. For more information see\n[the official logging documentation](https://cloud.google.com/logging/docs/) and\n[Storing Logs](https://cloud.google.com/logging/docs/storage).\n\n\u003e **Note:** Logging buckets are automatically created for a given folder, project, organization, billingAccount and cannot be deleted. Creating a resource of this type will acquire and update the resource that already exists at the desired location. These buckets cannot be removed so deleting this resource will remove the bucket config from your state but will leave the logging bucket unchanged. The buckets that are currently automatically created are \"_Default\" and \"_Required\".\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.organizations.getBillingAccount({\n billingAccount: \"00AA00-000AAA-00AA0A\",\n});\nconst basic = new gcp.logging.BillingAccountBucketConfig(\"basic\", {\n billingAccount: _default.then(_default =\u003e _default.billingAccount),\n location: \"global\",\n retentionDays: 30,\n bucketId: \"_Default\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.organizations.get_billing_account(billing_account=\"00AA00-000AAA-00AA0A\")\nbasic = gcp.logging.BillingAccountBucketConfig(\"basic\",\n billing_account=default.billing_account,\n location=\"global\",\n retention_days=30,\n bucket_id=\"_Default\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Organizations.GetBillingAccount.Invoke(new()\n {\n BillingAccount = \"00AA00-000AAA-00AA0A\",\n });\n\n var basic = new Gcp.Logging.BillingAccountBucketConfig(\"basic\", new()\n {\n BillingAccount = @default.Apply(@default =\u003e @default.Apply(getBillingAccountResult =\u003e getBillingAccountResult.BillingAccount)),\n Location = \"global\",\n RetentionDays = 30,\n BucketId = \"_Default\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := organizations.GetBillingAccount(ctx, \u0026organizations.GetBillingAccountArgs{\n\t\t\tBillingAccount: pulumi.StringRef(\"00AA00-000AAA-00AA0A\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewBillingAccountBucketConfig(ctx, \"basic\", \u0026logging.BillingAccountBucketConfigArgs{\n\t\t\tBillingAccount: pulumi.String(_default.BillingAccount),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tRetentionDays: pulumi.Int(30),\n\t\t\tBucketId: pulumi.String(\"_Default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetBillingAccountArgs;\nimport com.pulumi.gcp.logging.BillingAccountBucketConfig;\nimport com.pulumi.gcp.logging.BillingAccountBucketConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = OrganizationsFunctions.getBillingAccount(GetBillingAccountArgs.builder()\n .billingAccount(\"00AA00-000AAA-00AA0A\")\n .build());\n\n var basic = new BillingAccountBucketConfig(\"basic\", BillingAccountBucketConfigArgs.builder()\n .billingAccount(default_.billingAccount())\n .location(\"global\")\n .retentionDays(30)\n .bucketId(\"_Default\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basic:\n type: gcp:logging:BillingAccountBucketConfig\n properties:\n billingAccount: ${default.billingAccount}\n location: global\n retentionDays: 30\n bucketId: _Default\nvariables:\n default:\n fn::invoke:\n function: gcp:organizations:getBillingAccount\n arguments:\n billingAccount: 00AA00-000AAA-00AA0A\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nCreate logging bucket with index configs\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```yaml\nresources:\n example-billing-account-bucket-index-configs:\n type: gcp:logging:BillingAccountBucketConfig\n properties:\n folder: ${default.billingAccount}\n location: global\n retentionDays: 30\n bucketId: _Default\n indexConfigs:\n - fieldPath: jsonPayload.request.status\n type: INDEX_TYPE_STRING\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource can be imported using the following format:\n\n* `billingAccounts/{{billingAccount}}/locations/{{location}}/buckets/{{bucket_id}}`\n\nWhen using the `pulumi import` command, this resource can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:logging/billingAccountBucketConfig:BillingAccountBucketConfig default billingAccounts/{{billingAccount}}/locations/{{location}}/buckets/{{bucket_id}}\n```\n\n", "properties": { "billingAccount": { "type": "string", @@ -231923,7 +231923,7 @@ } }, "gcp:logging/folderSettings:FolderSettings": { - "description": "Default resource settings control whether CMEK is required for new log buckets. These settings also determine the storage location for the _Default and _Required log buckets, and whether the _Default sink is enabled or disabled.\n\n\nTo get more information about FolderSettings, see:\n\n* [API documentation](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getSettings)\n* How-to Guides\n * [Configure default settings for organizations and folders](https://cloud.google.com/logging/docs/default-settings)\n\n## Example Usage\n\n### Logging Folder Settings All\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myFolder = new gcp.organizations.Folder(\"my_folder\", {\n displayName: \"folder-name\",\n parent: \"organizations/123456789\",\n deletionProtection: false,\n});\nconst settings = gcp.logging.getFolderSettingsOutput({\n folder: myFolder.folderId,\n});\nconst iam = new gcp.kms.CryptoKeyIAMMember(\"iam\", {\n cryptoKeyId: \"kms-key\",\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: settings.apply(settings =\u003e `serviceAccount:${settings.kmsServiceAccountId}`),\n});\nconst example = new gcp.logging.FolderSettings(\"example\", {\n disableDefaultSink: true,\n folder: myFolder.folderId,\n kmsKeyName: \"kms-key\",\n storageLocation: \"us-central1\",\n}, {\n dependsOn: [iam],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_folder = gcp.organizations.Folder(\"my_folder\",\n display_name=\"folder-name\",\n parent=\"organizations/123456789\",\n deletion_protection=False)\nsettings = gcp.logging.get_folder_settings_output(folder=my_folder.folder_id)\niam = gcp.kms.CryptoKeyIAMMember(\"iam\",\n crypto_key_id=\"kms-key\",\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=settings.apply(lambda settings: f\"serviceAccount:{settings.kms_service_account_id}\"))\nexample = gcp.logging.FolderSettings(\"example\",\n disable_default_sink=True,\n folder=my_folder.folder_id,\n kms_key_name=\"kms-key\",\n storage_location=\"us-central1\",\n opts = pulumi.ResourceOptions(depends_on=[iam]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myFolder = new Gcp.Organizations.Folder(\"my_folder\", new()\n {\n DisplayName = \"folder-name\",\n Parent = \"organizations/123456789\",\n DeletionProtection = false,\n });\n\n var settings = Gcp.Logging.GetFolderSettings.Invoke(new()\n {\n Folder = myFolder.FolderId,\n });\n\n var iam = new Gcp.Kms.CryptoKeyIAMMember(\"iam\", new()\n {\n CryptoKeyId = \"kms-key\",\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:{settings.Apply(getFolderSettingsResult =\u003e getFolderSettingsResult.KmsServiceAccountId)}\",\n });\n\n var example = new Gcp.Logging.FolderSettings(\"example\", new()\n {\n DisableDefaultSink = true,\n Folder = myFolder.FolderId,\n KmsKeyName = \"kms-key\",\n StorageLocation = \"us-central1\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n iam,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyFolder, err := organizations.NewFolder(ctx, \"my_folder\", \u0026organizations.FolderArgs{\n\t\t\tDisplayName: pulumi.String(\"folder-name\"),\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsettings := logging.LookupFolderSettingsOutput(ctx, logging.GetFolderSettingsOutputArgs{\n\t\t\tFolder: myFolder.FolderId,\n\t\t}, nil)\n\t\tiam, err := kms.NewCryptoKeyIAMMember(ctx, \"iam\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.String(\"kms-key\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: settings.ApplyT(func(settings logging.GetFolderSettingsResult) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", settings.KmsServiceAccountId), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewFolderSettings(ctx, \"example\", \u0026logging.FolderSettingsArgs{\n\t\t\tDisableDefaultSink: pulumi.Bool(true),\n\t\t\tFolder: myFolder.FolderId,\n\t\t\tKmsKeyName: pulumi.String(\"kms-key\"),\n\t\t\tStorageLocation: pulumi.String(\"us-central1\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tiam,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Folder;\nimport com.pulumi.gcp.organizations.FolderArgs;\nimport com.pulumi.gcp.logging.LoggingFunctions;\nimport com.pulumi.gcp.logging.inputs.GetFolderSettingsArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.logging.FolderSettings;\nimport com.pulumi.gcp.logging.FolderSettingsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myFolder = new Folder(\"myFolder\", FolderArgs.builder()\n .displayName(\"folder-name\")\n .parent(\"organizations/123456789\")\n .deletionProtection(false)\n .build());\n\n final var settings = LoggingFunctions.getFolderSettings(GetFolderSettingsArgs.builder()\n .folder(myFolder.folderId())\n .build());\n\n var iam = new CryptoKeyIAMMember(\"iam\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(\"kms-key\")\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(settings.applyValue(getFolderSettingsResult -\u003e getFolderSettingsResult).applyValue(settings -\u003e String.format(\"serviceAccount:%s\", settings.applyValue(getFolderSettingsResult -\u003e getFolderSettingsResult.kmsServiceAccountId()))))\n .build());\n\n var example = new FolderSettings(\"example\", FolderSettingsArgs.builder()\n .disableDefaultSink(true)\n .folder(myFolder.folderId())\n .kmsKeyName(\"kms-key\")\n .storageLocation(\"us-central1\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(iam)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:logging:FolderSettings\n properties:\n disableDefaultSink: true\n folder: ${myFolder.folderId}\n kmsKeyName: kms-key\n storageLocation: us-central1\n options:\n dependson:\n - ${iam}\n myFolder:\n type: gcp:organizations:Folder\n name: my_folder\n properties:\n displayName: folder-name\n parent: organizations/123456789\n deletionProtection: false\n iam:\n type: gcp:kms:CryptoKeyIAMMember\n properties:\n cryptoKeyId: kms-key\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:${settings.kmsServiceAccountId}\nvariables:\n settings:\n fn::invoke:\n Function: gcp:logging:getFolderSettings\n Arguments:\n folder: ${myFolder.folderId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFolderSettings can be imported using any of these accepted formats:\n\n* `folders/{{folder}}/settings`\n\n* `{{folder}}`\n\nWhen using the `pulumi import` command, FolderSettings can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:logging/folderSettings:FolderSettings default folders/{{folder}}/settings\n```\n\n```sh\n$ pulumi import gcp:logging/folderSettings:FolderSettings default {{folder}}\n```\n\n", + "description": "Default resource settings control whether CMEK is required for new log buckets. These settings also determine the storage location for the _Default and _Required log buckets, and whether the _Default sink is enabled or disabled.\n\n\nTo get more information about FolderSettings, see:\n\n* [API documentation](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getSettings)\n* How-to Guides\n * [Configure default settings for organizations and folders](https://cloud.google.com/logging/docs/default-settings)\n\n## Example Usage\n\n### Logging Folder Settings All\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myFolder = new gcp.organizations.Folder(\"my_folder\", {\n displayName: \"folder-name\",\n parent: \"organizations/123456789\",\n deletionProtection: false,\n});\nconst settings = gcp.logging.getFolderSettingsOutput({\n folder: myFolder.folderId,\n});\nconst iam = new gcp.kms.CryptoKeyIAMMember(\"iam\", {\n cryptoKeyId: \"kms-key\",\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: settings.apply(settings =\u003e `serviceAccount:${settings.kmsServiceAccountId}`),\n});\nconst example = new gcp.logging.FolderSettings(\"example\", {\n disableDefaultSink: true,\n folder: myFolder.folderId,\n kmsKeyName: \"kms-key\",\n storageLocation: \"us-central1\",\n}, {\n dependsOn: [iam],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_folder = gcp.organizations.Folder(\"my_folder\",\n display_name=\"folder-name\",\n parent=\"organizations/123456789\",\n deletion_protection=False)\nsettings = gcp.logging.get_folder_settings_output(folder=my_folder.folder_id)\niam = gcp.kms.CryptoKeyIAMMember(\"iam\",\n crypto_key_id=\"kms-key\",\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=settings.apply(lambda settings: f\"serviceAccount:{settings.kms_service_account_id}\"))\nexample = gcp.logging.FolderSettings(\"example\",\n disable_default_sink=True,\n folder=my_folder.folder_id,\n kms_key_name=\"kms-key\",\n storage_location=\"us-central1\",\n opts = pulumi.ResourceOptions(depends_on=[iam]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myFolder = new Gcp.Organizations.Folder(\"my_folder\", new()\n {\n DisplayName = \"folder-name\",\n Parent = \"organizations/123456789\",\n DeletionProtection = false,\n });\n\n var settings = Gcp.Logging.GetFolderSettings.Invoke(new()\n {\n Folder = myFolder.FolderId,\n });\n\n var iam = new Gcp.Kms.CryptoKeyIAMMember(\"iam\", new()\n {\n CryptoKeyId = \"kms-key\",\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:{settings.Apply(getFolderSettingsResult =\u003e getFolderSettingsResult.KmsServiceAccountId)}\",\n });\n\n var example = new Gcp.Logging.FolderSettings(\"example\", new()\n {\n DisableDefaultSink = true,\n Folder = myFolder.FolderId,\n KmsKeyName = \"kms-key\",\n StorageLocation = \"us-central1\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n iam,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyFolder, err := organizations.NewFolder(ctx, \"my_folder\", \u0026organizations.FolderArgs{\n\t\t\tDisplayName: pulumi.String(\"folder-name\"),\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsettings := logging.LookupFolderSettingsOutput(ctx, logging.GetFolderSettingsOutputArgs{\n\t\t\tFolder: myFolder.FolderId,\n\t\t}, nil)\n\t\tiam, err := kms.NewCryptoKeyIAMMember(ctx, \"iam\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.String(\"kms-key\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: settings.ApplyT(func(settings logging.GetFolderSettingsResult) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", settings.KmsServiceAccountId), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewFolderSettings(ctx, \"example\", \u0026logging.FolderSettingsArgs{\n\t\t\tDisableDefaultSink: pulumi.Bool(true),\n\t\t\tFolder: myFolder.FolderId,\n\t\t\tKmsKeyName: pulumi.String(\"kms-key\"),\n\t\t\tStorageLocation: pulumi.String(\"us-central1\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tiam,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Folder;\nimport com.pulumi.gcp.organizations.FolderArgs;\nimport com.pulumi.gcp.logging.LoggingFunctions;\nimport com.pulumi.gcp.logging.inputs.GetFolderSettingsArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.logging.FolderSettings;\nimport com.pulumi.gcp.logging.FolderSettingsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myFolder = new Folder(\"myFolder\", FolderArgs.builder()\n .displayName(\"folder-name\")\n .parent(\"organizations/123456789\")\n .deletionProtection(false)\n .build());\n\n final var settings = LoggingFunctions.getFolderSettings(GetFolderSettingsArgs.builder()\n .folder(myFolder.folderId())\n .build());\n\n var iam = new CryptoKeyIAMMember(\"iam\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(\"kms-key\")\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(settings.applyValue(getFolderSettingsResult -\u003e getFolderSettingsResult).applyValue(settings -\u003e String.format(\"serviceAccount:%s\", settings.applyValue(getFolderSettingsResult -\u003e getFolderSettingsResult.kmsServiceAccountId()))))\n .build());\n\n var example = new FolderSettings(\"example\", FolderSettingsArgs.builder()\n .disableDefaultSink(true)\n .folder(myFolder.folderId())\n .kmsKeyName(\"kms-key\")\n .storageLocation(\"us-central1\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(iam)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:logging:FolderSettings\n properties:\n disableDefaultSink: true\n folder: ${myFolder.folderId}\n kmsKeyName: kms-key\n storageLocation: us-central1\n options:\n dependsOn:\n - ${iam}\n myFolder:\n type: gcp:organizations:Folder\n name: my_folder\n properties:\n displayName: folder-name\n parent: organizations/123456789\n deletionProtection: false\n iam:\n type: gcp:kms:CryptoKeyIAMMember\n properties:\n cryptoKeyId: kms-key\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:${settings.kmsServiceAccountId}\nvariables:\n settings:\n fn::invoke:\n function: gcp:logging:getFolderSettings\n arguments:\n folder: ${myFolder.folderId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFolderSettings can be imported using any of these accepted formats:\n\n* `folders/{{folder}}/settings`\n\n* `{{folder}}`\n\nWhen using the `pulumi import` command, FolderSettings can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:logging/folderSettings:FolderSettings default folders/{{folder}}/settings\n```\n\n```sh\n$ pulumi import gcp:logging/folderSettings:FolderSettings default {{folder}}\n```\n\n", "properties": { "disableDefaultSink": { "type": "boolean", @@ -232187,7 +232187,7 @@ } }, "gcp:logging/linkedDataset:LinkedDataset": { - "description": "Describes a BigQuery linked dataset\n\n\nTo get more information about LinkedDataset, see:\n\n* [API documentation](https://cloud.google.com/logging/docs/reference/v2/rest/v2/locations.buckets.links)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/logging/docs/apis)\n\n## Example Usage\n\n### Logging Linked Dataset Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst loggingLinkedDataset = new gcp.logging.ProjectBucketConfig(\"logging_linked_dataset\", {\n location: \"global\",\n project: \"my-project-name\",\n enableAnalytics: true,\n bucketId: \"my-bucket\",\n});\nconst loggingLinkedDatasetLinkedDataset = new gcp.logging.LinkedDataset(\"logging_linked_dataset\", {\n linkId: \"mylink\",\n bucket: loggingLinkedDataset.id,\n description: \"Linked dataset test\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nlogging_linked_dataset = gcp.logging.ProjectBucketConfig(\"logging_linked_dataset\",\n location=\"global\",\n project=\"my-project-name\",\n enable_analytics=True,\n bucket_id=\"my-bucket\")\nlogging_linked_dataset_linked_dataset = gcp.logging.LinkedDataset(\"logging_linked_dataset\",\n link_id=\"mylink\",\n bucket=logging_linked_dataset.id,\n description=\"Linked dataset test\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var loggingLinkedDataset = new Gcp.Logging.ProjectBucketConfig(\"logging_linked_dataset\", new()\n {\n Location = \"global\",\n Project = \"my-project-name\",\n EnableAnalytics = true,\n BucketId = \"my-bucket\",\n });\n\n var loggingLinkedDatasetLinkedDataset = new Gcp.Logging.LinkedDataset(\"logging_linked_dataset\", new()\n {\n LinkId = \"mylink\",\n Bucket = loggingLinkedDataset.Id,\n Description = \"Linked dataset test\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tloggingLinkedDataset, err := logging.NewProjectBucketConfig(ctx, \"logging_linked_dataset\", \u0026logging.ProjectBucketConfigArgs{\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tEnableAnalytics: pulumi.Bool(true),\n\t\t\tBucketId: pulumi.String(\"my-bucket\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLinkedDataset(ctx, \"logging_linked_dataset\", \u0026logging.LinkedDatasetArgs{\n\t\t\tLinkId: pulumi.String(\"mylink\"),\n\t\t\tBucket: loggingLinkedDataset.ID(),\n\t\t\tDescription: pulumi.String(\"Linked dataset test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.ProjectBucketConfig;\nimport com.pulumi.gcp.logging.ProjectBucketConfigArgs;\nimport com.pulumi.gcp.logging.LinkedDataset;\nimport com.pulumi.gcp.logging.LinkedDatasetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var loggingLinkedDataset = new ProjectBucketConfig(\"loggingLinkedDataset\", ProjectBucketConfigArgs.builder()\n .location(\"global\")\n .project(\"my-project-name\")\n .enableAnalytics(true)\n .bucketId(\"my-bucket\")\n .build());\n\n var loggingLinkedDatasetLinkedDataset = new LinkedDataset(\"loggingLinkedDatasetLinkedDataset\", LinkedDatasetArgs.builder()\n .linkId(\"mylink\")\n .bucket(loggingLinkedDataset.id())\n .description(\"Linked dataset test\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n loggingLinkedDataset:\n type: gcp:logging:ProjectBucketConfig\n name: logging_linked_dataset\n properties:\n location: global\n project: my-project-name\n enableAnalytics: true\n bucketId: my-bucket\n loggingLinkedDatasetLinkedDataset:\n type: gcp:logging:LinkedDataset\n name: logging_linked_dataset\n properties:\n linkId: mylink\n bucket: ${loggingLinkedDataset.id}\n description: Linked dataset test\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Logging Linked Dataset All Params\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst loggingLinkedDataset = new gcp.logging.ProjectBucketConfig(\"logging_linked_dataset\", {\n location: \"global\",\n project: \"my-project-name\",\n enableAnalytics: true,\n bucketId: \"my-bucket\",\n});\nconst loggingLinkedDatasetLinkedDataset = new gcp.logging.LinkedDataset(\"logging_linked_dataset\", {\n linkId: \"mylink\",\n bucket: \"my-bucket\",\n parent: \"projects/my-project-name\",\n location: \"global\",\n description: \"Linked dataset test\",\n}, {\n dependsOn: [loggingLinkedDataset],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nlogging_linked_dataset = gcp.logging.ProjectBucketConfig(\"logging_linked_dataset\",\n location=\"global\",\n project=\"my-project-name\",\n enable_analytics=True,\n bucket_id=\"my-bucket\")\nlogging_linked_dataset_linked_dataset = gcp.logging.LinkedDataset(\"logging_linked_dataset\",\n link_id=\"mylink\",\n bucket=\"my-bucket\",\n parent=\"projects/my-project-name\",\n location=\"global\",\n description=\"Linked dataset test\",\n opts = pulumi.ResourceOptions(depends_on=[logging_linked_dataset]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var loggingLinkedDataset = new Gcp.Logging.ProjectBucketConfig(\"logging_linked_dataset\", new()\n {\n Location = \"global\",\n Project = \"my-project-name\",\n EnableAnalytics = true,\n BucketId = \"my-bucket\",\n });\n\n var loggingLinkedDatasetLinkedDataset = new Gcp.Logging.LinkedDataset(\"logging_linked_dataset\", new()\n {\n LinkId = \"mylink\",\n Bucket = \"my-bucket\",\n Parent = \"projects/my-project-name\",\n Location = \"global\",\n Description = \"Linked dataset test\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n loggingLinkedDataset,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tloggingLinkedDataset, err := logging.NewProjectBucketConfig(ctx, \"logging_linked_dataset\", \u0026logging.ProjectBucketConfigArgs{\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tEnableAnalytics: pulumi.Bool(true),\n\t\t\tBucketId: pulumi.String(\"my-bucket\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLinkedDataset(ctx, \"logging_linked_dataset\", \u0026logging.LinkedDatasetArgs{\n\t\t\tLinkId: pulumi.String(\"mylink\"),\n\t\t\tBucket: pulumi.String(\"my-bucket\"),\n\t\t\tParent: pulumi.String(\"projects/my-project-name\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tDescription: pulumi.String(\"Linked dataset test\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tloggingLinkedDataset,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.ProjectBucketConfig;\nimport com.pulumi.gcp.logging.ProjectBucketConfigArgs;\nimport com.pulumi.gcp.logging.LinkedDataset;\nimport com.pulumi.gcp.logging.LinkedDatasetArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var loggingLinkedDataset = new ProjectBucketConfig(\"loggingLinkedDataset\", ProjectBucketConfigArgs.builder()\n .location(\"global\")\n .project(\"my-project-name\")\n .enableAnalytics(true)\n .bucketId(\"my-bucket\")\n .build());\n\n var loggingLinkedDatasetLinkedDataset = new LinkedDataset(\"loggingLinkedDatasetLinkedDataset\", LinkedDatasetArgs.builder()\n .linkId(\"mylink\")\n .bucket(\"my-bucket\")\n .parent(\"projects/my-project-name\")\n .location(\"global\")\n .description(\"Linked dataset test\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(loggingLinkedDataset)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n loggingLinkedDataset:\n type: gcp:logging:ProjectBucketConfig\n name: logging_linked_dataset\n properties:\n location: global\n project: my-project-name\n enableAnalytics: true\n bucketId: my-bucket\n loggingLinkedDatasetLinkedDataset:\n type: gcp:logging:LinkedDataset\n name: logging_linked_dataset\n properties:\n linkId: mylink\n bucket: my-bucket\n parent: projects/my-project-name\n location: global\n description: Linked dataset test\n options:\n dependson:\n - ${loggingLinkedDataset}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nLinkedDataset can be imported using any of these accepted formats:\n\n* `{{parent}}/locations/{{location}}/buckets/{{bucket}}/links/{{link_id}}`\n\nWhen using the `pulumi import` command, LinkedDataset can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:logging/linkedDataset:LinkedDataset default {{parent}}/locations/{{location}}/buckets/{{bucket}}/links/{{link_id}}\n```\n\n", + "description": "Describes a BigQuery linked dataset\n\n\nTo get more information about LinkedDataset, see:\n\n* [API documentation](https://cloud.google.com/logging/docs/reference/v2/rest/v2/locations.buckets.links)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/logging/docs/apis)\n\n## Example Usage\n\n### Logging Linked Dataset Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst loggingLinkedDataset = new gcp.logging.ProjectBucketConfig(\"logging_linked_dataset\", {\n location: \"global\",\n project: \"my-project-name\",\n enableAnalytics: true,\n bucketId: \"my-bucket\",\n});\nconst loggingLinkedDatasetLinkedDataset = new gcp.logging.LinkedDataset(\"logging_linked_dataset\", {\n linkId: \"mylink\",\n bucket: loggingLinkedDataset.id,\n description: \"Linked dataset test\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nlogging_linked_dataset = gcp.logging.ProjectBucketConfig(\"logging_linked_dataset\",\n location=\"global\",\n project=\"my-project-name\",\n enable_analytics=True,\n bucket_id=\"my-bucket\")\nlogging_linked_dataset_linked_dataset = gcp.logging.LinkedDataset(\"logging_linked_dataset\",\n link_id=\"mylink\",\n bucket=logging_linked_dataset.id,\n description=\"Linked dataset test\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var loggingLinkedDataset = new Gcp.Logging.ProjectBucketConfig(\"logging_linked_dataset\", new()\n {\n Location = \"global\",\n Project = \"my-project-name\",\n EnableAnalytics = true,\n BucketId = \"my-bucket\",\n });\n\n var loggingLinkedDatasetLinkedDataset = new Gcp.Logging.LinkedDataset(\"logging_linked_dataset\", new()\n {\n LinkId = \"mylink\",\n Bucket = loggingLinkedDataset.Id,\n Description = \"Linked dataset test\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tloggingLinkedDataset, err := logging.NewProjectBucketConfig(ctx, \"logging_linked_dataset\", \u0026logging.ProjectBucketConfigArgs{\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tEnableAnalytics: pulumi.Bool(true),\n\t\t\tBucketId: pulumi.String(\"my-bucket\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLinkedDataset(ctx, \"logging_linked_dataset\", \u0026logging.LinkedDatasetArgs{\n\t\t\tLinkId: pulumi.String(\"mylink\"),\n\t\t\tBucket: loggingLinkedDataset.ID(),\n\t\t\tDescription: pulumi.String(\"Linked dataset test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.ProjectBucketConfig;\nimport com.pulumi.gcp.logging.ProjectBucketConfigArgs;\nimport com.pulumi.gcp.logging.LinkedDataset;\nimport com.pulumi.gcp.logging.LinkedDatasetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var loggingLinkedDataset = new ProjectBucketConfig(\"loggingLinkedDataset\", ProjectBucketConfigArgs.builder()\n .location(\"global\")\n .project(\"my-project-name\")\n .enableAnalytics(true)\n .bucketId(\"my-bucket\")\n .build());\n\n var loggingLinkedDatasetLinkedDataset = new LinkedDataset(\"loggingLinkedDatasetLinkedDataset\", LinkedDatasetArgs.builder()\n .linkId(\"mylink\")\n .bucket(loggingLinkedDataset.id())\n .description(\"Linked dataset test\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n loggingLinkedDataset:\n type: gcp:logging:ProjectBucketConfig\n name: logging_linked_dataset\n properties:\n location: global\n project: my-project-name\n enableAnalytics: true\n bucketId: my-bucket\n loggingLinkedDatasetLinkedDataset:\n type: gcp:logging:LinkedDataset\n name: logging_linked_dataset\n properties:\n linkId: mylink\n bucket: ${loggingLinkedDataset.id}\n description: Linked dataset test\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Logging Linked Dataset All Params\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst loggingLinkedDataset = new gcp.logging.ProjectBucketConfig(\"logging_linked_dataset\", {\n location: \"global\",\n project: \"my-project-name\",\n enableAnalytics: true,\n bucketId: \"my-bucket\",\n});\nconst loggingLinkedDatasetLinkedDataset = new gcp.logging.LinkedDataset(\"logging_linked_dataset\", {\n linkId: \"mylink\",\n bucket: \"my-bucket\",\n parent: \"projects/my-project-name\",\n location: \"global\",\n description: \"Linked dataset test\",\n}, {\n dependsOn: [loggingLinkedDataset],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nlogging_linked_dataset = gcp.logging.ProjectBucketConfig(\"logging_linked_dataset\",\n location=\"global\",\n project=\"my-project-name\",\n enable_analytics=True,\n bucket_id=\"my-bucket\")\nlogging_linked_dataset_linked_dataset = gcp.logging.LinkedDataset(\"logging_linked_dataset\",\n link_id=\"mylink\",\n bucket=\"my-bucket\",\n parent=\"projects/my-project-name\",\n location=\"global\",\n description=\"Linked dataset test\",\n opts = pulumi.ResourceOptions(depends_on=[logging_linked_dataset]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var loggingLinkedDataset = new Gcp.Logging.ProjectBucketConfig(\"logging_linked_dataset\", new()\n {\n Location = \"global\",\n Project = \"my-project-name\",\n EnableAnalytics = true,\n BucketId = \"my-bucket\",\n });\n\n var loggingLinkedDatasetLinkedDataset = new Gcp.Logging.LinkedDataset(\"logging_linked_dataset\", new()\n {\n LinkId = \"mylink\",\n Bucket = \"my-bucket\",\n Parent = \"projects/my-project-name\",\n Location = \"global\",\n Description = \"Linked dataset test\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n loggingLinkedDataset,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tloggingLinkedDataset, err := logging.NewProjectBucketConfig(ctx, \"logging_linked_dataset\", \u0026logging.ProjectBucketConfigArgs{\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tEnableAnalytics: pulumi.Bool(true),\n\t\t\tBucketId: pulumi.String(\"my-bucket\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLinkedDataset(ctx, \"logging_linked_dataset\", \u0026logging.LinkedDatasetArgs{\n\t\t\tLinkId: pulumi.String(\"mylink\"),\n\t\t\tBucket: pulumi.String(\"my-bucket\"),\n\t\t\tParent: pulumi.String(\"projects/my-project-name\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tDescription: pulumi.String(\"Linked dataset test\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tloggingLinkedDataset,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.ProjectBucketConfig;\nimport com.pulumi.gcp.logging.ProjectBucketConfigArgs;\nimport com.pulumi.gcp.logging.LinkedDataset;\nimport com.pulumi.gcp.logging.LinkedDatasetArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var loggingLinkedDataset = new ProjectBucketConfig(\"loggingLinkedDataset\", ProjectBucketConfigArgs.builder()\n .location(\"global\")\n .project(\"my-project-name\")\n .enableAnalytics(true)\n .bucketId(\"my-bucket\")\n .build());\n\n var loggingLinkedDatasetLinkedDataset = new LinkedDataset(\"loggingLinkedDatasetLinkedDataset\", LinkedDatasetArgs.builder()\n .linkId(\"mylink\")\n .bucket(\"my-bucket\")\n .parent(\"projects/my-project-name\")\n .location(\"global\")\n .description(\"Linked dataset test\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(loggingLinkedDataset)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n loggingLinkedDataset:\n type: gcp:logging:ProjectBucketConfig\n name: logging_linked_dataset\n properties:\n location: global\n project: my-project-name\n enableAnalytics: true\n bucketId: my-bucket\n loggingLinkedDatasetLinkedDataset:\n type: gcp:logging:LinkedDataset\n name: logging_linked_dataset\n properties:\n linkId: mylink\n bucket: my-bucket\n parent: projects/my-project-name\n location: global\n description: Linked dataset test\n options:\n dependsOn:\n - ${loggingLinkedDataset}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nLinkedDataset can be imported using any of these accepted formats:\n\n* `{{parent}}/locations/{{location}}/buckets/{{bucket}}/links/{{link_id}}`\n\nWhen using the `pulumi import` command, LinkedDataset can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:logging/linkedDataset:LinkedDataset default {{parent}}/locations/{{location}}/buckets/{{bucket}}/links/{{link_id}}\n```\n\n", "properties": { "bigqueryDatasets": { "type": "array", @@ -232564,7 +232564,7 @@ } }, "gcp:logging/logViewIamBinding:LogViewIamBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case:\n\n* `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached.\n* `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved.\n* `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview\n\n\u003e **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.logging.LogViewIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Logging.Inputs.LogViewIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026logging.LogViewIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(LogViewIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Logging.Inputs.LogViewIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026logging.LogViewIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .condition(LogViewIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Cloud (Stackdriver) Logging LogView\nThree different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case:\n\n* `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached.\n* `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved.\n* `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview\n\n\u003e **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.logging.LogViewIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Logging.Inputs.LogViewIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026logging.LogViewIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(LogViewIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Logging.Inputs.LogViewIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026logging.LogViewIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .condition(LogViewIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud (Stackdriver) Logging logview IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamBinding:LogViewIamBinding editor \"{{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}} roles/logging.admin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamBinding:LogViewIamBinding editor \"{{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}} roles/logging.admin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamBinding:LogViewIamBinding editor {{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case:\n\n* `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached.\n* `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved.\n* `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview\n\n\u003e **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.logging.LogViewIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Logging.Inputs.LogViewIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026logging.LogViewIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(LogViewIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Logging.Inputs.LogViewIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026logging.LogViewIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .condition(LogViewIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Cloud (Stackdriver) Logging LogView\nThree different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case:\n\n* `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached.\n* `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved.\n* `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview\n\n\u003e **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.logging.LogViewIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Logging.Inputs.LogViewIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026logging.LogViewIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(LogViewIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Logging.Inputs.LogViewIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026logging.LogViewIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .condition(LogViewIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud (Stackdriver) Logging logview IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamBinding:LogViewIamBinding editor \"{{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}} roles/logging.admin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamBinding:LogViewIamBinding editor \"{{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}} roles/logging.admin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamBinding:LogViewIamBinding editor {{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "bucket": { "type": "string", @@ -232705,7 +232705,7 @@ } }, "gcp:logging/logViewIamMember:LogViewIamMember": { - "description": "Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case:\n\n* `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached.\n* `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved.\n* `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview\n\n\u003e **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.logging.LogViewIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Logging.Inputs.LogViewIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026logging.LogViewIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(LogViewIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Logging.Inputs.LogViewIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026logging.LogViewIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .condition(LogViewIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Cloud (Stackdriver) Logging LogView\nThree different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case:\n\n* `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached.\n* `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved.\n* `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview\n\n\u003e **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.logging.LogViewIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Logging.Inputs.LogViewIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026logging.LogViewIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(LogViewIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Logging.Inputs.LogViewIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026logging.LogViewIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .condition(LogViewIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud (Stackdriver) Logging logview IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamMember:LogViewIamMember editor \"{{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}} roles/logging.admin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamMember:LogViewIamMember editor \"{{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}} roles/logging.admin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamMember:LogViewIamMember editor {{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case:\n\n* `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached.\n* `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved.\n* `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview\n\n\u003e **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.logging.LogViewIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Logging.Inputs.LogViewIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026logging.LogViewIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(LogViewIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Logging.Inputs.LogViewIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026logging.LogViewIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .condition(LogViewIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Cloud (Stackdriver) Logging LogView\nThree different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case:\n\n* `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached.\n* `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved.\n* `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview\n\n\u003e **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.logging.LogViewIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Logging.Inputs.LogViewIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026logging.LogViewIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(LogViewIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Logging.Inputs.LogViewIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026logging.LogViewIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .condition(LogViewIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud (Stackdriver) Logging logview IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamMember:LogViewIamMember editor \"{{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}} roles/logging.admin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamMember:LogViewIamMember editor \"{{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}} roles/logging.admin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamMember:LogViewIamMember editor {{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "bucket": { "type": "string", @@ -232839,7 +232839,7 @@ } }, "gcp:logging/logViewIamPolicy:LogViewIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case:\n\n* `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached.\n* `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved.\n* `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview\n\n\u003e **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.logging.LogViewIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Logging.Inputs.LogViewIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026logging.LogViewIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(LogViewIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Logging.Inputs.LogViewIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026logging.LogViewIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .condition(LogViewIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Cloud (Stackdriver) Logging LogView\nThree different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case:\n\n* `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached.\n* `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved.\n* `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview\n\n\u003e **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.logging.LogViewIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Logging.Inputs.LogViewIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026logging.LogViewIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(LogViewIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Logging.Inputs.LogViewIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026logging.LogViewIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .condition(LogViewIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud (Stackdriver) Logging logview IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamPolicy:LogViewIamPolicy editor \"{{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}} roles/logging.admin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamPolicy:LogViewIamPolicy editor \"{{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}} roles/logging.admin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamPolicy:LogViewIamPolicy editor {{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case:\n\n* `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached.\n* `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved.\n* `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview\n\n\u003e **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.logging.LogViewIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Logging.Inputs.LogViewIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026logging.LogViewIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(LogViewIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Logging.Inputs.LogViewIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026logging.LogViewIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .condition(LogViewIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Cloud (Stackdriver) Logging LogView\nThree different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case:\n\n* `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached.\n* `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved.\n* `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview\n\n\u003e **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.logging.LogViewIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Logging.Inputs.LogViewIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026logging.LogViewIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(LogViewIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Logging.Inputs.LogViewIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026logging.LogViewIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .condition(LogViewIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud (Stackdriver) Logging logview IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamPolicy:LogViewIamPolicy editor \"{{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}} roles/logging.admin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamPolicy:LogViewIamPolicy editor \"{{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}} roles/logging.admin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamPolicy:LogViewIamPolicy editor {{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "bucket": { "type": "string", @@ -233094,7 +233094,7 @@ } }, "gcp:logging/organizationBucketConfig:OrganizationBucketConfig": { - "description": "Manages a organization-level logging bucket config. For more information see\n[the official logging documentation](https://cloud.google.com/logging/docs/) and\n[Storing Logs](https://cloud.google.com/logging/docs/storage).\n\n\u003e **Note:** Logging buckets are automatically created for a given folder, project, organization, billingAccount and cannot be deleted. Creating a resource of this type will acquire and update the resource that already exists at the desired location. These buckets cannot be removed so deleting this resource will remove the bucket config from your state but will leave the logging bucket unchanged. The buckets that are currently automatically created are \"_Default\" and \"_Required\".\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.organizations.getOrganization({\n organization: \"123456789\",\n});\nconst basic = new gcp.logging.OrganizationBucketConfig(\"basic\", {\n organization: _default.then(_default =\u003e _default.organization),\n location: \"global\",\n retentionDays: 30,\n bucketId: \"_Default\",\n indexConfigs: [{\n fieldPath: \"jsonPayload.request.status\",\n type: \"INDEX_TYPE_STRING\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.organizations.get_organization(organization=\"123456789\")\nbasic = gcp.logging.OrganizationBucketConfig(\"basic\",\n organization=default.organization,\n location=\"global\",\n retention_days=30,\n bucket_id=\"_Default\",\n index_configs=[{\n \"field_path\": \"jsonPayload.request.status\",\n \"type\": \"INDEX_TYPE_STRING\",\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Organizations.GetOrganization.Invoke(new()\n {\n Organization = \"123456789\",\n });\n\n var basic = new Gcp.Logging.OrganizationBucketConfig(\"basic\", new()\n {\n Organization = @default.Apply(@default =\u003e @default.Apply(getOrganizationResult =\u003e getOrganizationResult.Organization)),\n Location = \"global\",\n RetentionDays = 30,\n BucketId = \"_Default\",\n IndexConfigs = new[]\n {\n new Gcp.Logging.Inputs.OrganizationBucketConfigIndexConfigArgs\n {\n FieldPath = \"jsonPayload.request.status\",\n Type = \"INDEX_TYPE_STRING\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := organizations.GetOrganization(ctx, \u0026organizations.GetOrganizationArgs{\n\t\t\tOrganization: pulumi.StringRef(\"123456789\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewOrganizationBucketConfig(ctx, \"basic\", \u0026logging.OrganizationBucketConfigArgs{\n\t\t\tOrganization: pulumi.String(_default.Organization),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tRetentionDays: pulumi.Int(30),\n\t\t\tBucketId: pulumi.String(\"_Default\"),\n\t\t\tIndexConfigs: logging.OrganizationBucketConfigIndexConfigArray{\n\t\t\t\t\u0026logging.OrganizationBucketConfigIndexConfigArgs{\n\t\t\t\t\tFieldPath: pulumi.String(\"jsonPayload.request.status\"),\n\t\t\t\t\tType: pulumi.String(\"INDEX_TYPE_STRING\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetOrganizationArgs;\nimport com.pulumi.gcp.logging.OrganizationBucketConfig;\nimport com.pulumi.gcp.logging.OrganizationBucketConfigArgs;\nimport com.pulumi.gcp.logging.inputs.OrganizationBucketConfigIndexConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = OrganizationsFunctions.getOrganization(GetOrganizationArgs.builder()\n .organization(\"123456789\")\n .build());\n\n var basic = new OrganizationBucketConfig(\"basic\", OrganizationBucketConfigArgs.builder()\n .organization(default_.organization())\n .location(\"global\")\n .retentionDays(30)\n .bucketId(\"_Default\")\n .indexConfigs(OrganizationBucketConfigIndexConfigArgs.builder()\n .fieldPath(\"jsonPayload.request.status\")\n .type(\"INDEX_TYPE_STRING\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basic:\n type: gcp:logging:OrganizationBucketConfig\n properties:\n organization: ${default.organization}\n location: global\n retentionDays: 30\n bucketId: _Default\n indexConfigs:\n - fieldPath: jsonPayload.request.status\n type: INDEX_TYPE_STRING\nvariables:\n default:\n fn::invoke:\n Function: gcp:organizations:getOrganization\n Arguments:\n organization: '123456789'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource can be imported using the following format:\n\n* `organizations/{{organization}}/locations/{{location}}/buckets/{{bucket_id}}`\n\nWhen using the `pulumi import` command, this resource can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:logging/organizationBucketConfig:OrganizationBucketConfig default organizations/{{organization}}/locations/{{location}}/buckets/{{bucket_id}}\n```\n\n", + "description": "Manages a organization-level logging bucket config. For more information see\n[the official logging documentation](https://cloud.google.com/logging/docs/) and\n[Storing Logs](https://cloud.google.com/logging/docs/storage).\n\n\u003e **Note:** Logging buckets are automatically created for a given folder, project, organization, billingAccount and cannot be deleted. Creating a resource of this type will acquire and update the resource that already exists at the desired location. These buckets cannot be removed so deleting this resource will remove the bucket config from your state but will leave the logging bucket unchanged. The buckets that are currently automatically created are \"_Default\" and \"_Required\".\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.organizations.getOrganization({\n organization: \"123456789\",\n});\nconst basic = new gcp.logging.OrganizationBucketConfig(\"basic\", {\n organization: _default.then(_default =\u003e _default.organization),\n location: \"global\",\n retentionDays: 30,\n bucketId: \"_Default\",\n indexConfigs: [{\n fieldPath: \"jsonPayload.request.status\",\n type: \"INDEX_TYPE_STRING\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.organizations.get_organization(organization=\"123456789\")\nbasic = gcp.logging.OrganizationBucketConfig(\"basic\",\n organization=default.organization,\n location=\"global\",\n retention_days=30,\n bucket_id=\"_Default\",\n index_configs=[{\n \"field_path\": \"jsonPayload.request.status\",\n \"type\": \"INDEX_TYPE_STRING\",\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Organizations.GetOrganization.Invoke(new()\n {\n Organization = \"123456789\",\n });\n\n var basic = new Gcp.Logging.OrganizationBucketConfig(\"basic\", new()\n {\n Organization = @default.Apply(@default =\u003e @default.Apply(getOrganizationResult =\u003e getOrganizationResult.Organization)),\n Location = \"global\",\n RetentionDays = 30,\n BucketId = \"_Default\",\n IndexConfigs = new[]\n {\n new Gcp.Logging.Inputs.OrganizationBucketConfigIndexConfigArgs\n {\n FieldPath = \"jsonPayload.request.status\",\n Type = \"INDEX_TYPE_STRING\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := organizations.GetOrganization(ctx, \u0026organizations.GetOrganizationArgs{\n\t\t\tOrganization: pulumi.StringRef(\"123456789\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewOrganizationBucketConfig(ctx, \"basic\", \u0026logging.OrganizationBucketConfigArgs{\n\t\t\tOrganization: pulumi.String(_default.Organization),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tRetentionDays: pulumi.Int(30),\n\t\t\tBucketId: pulumi.String(\"_Default\"),\n\t\t\tIndexConfigs: logging.OrganizationBucketConfigIndexConfigArray{\n\t\t\t\t\u0026logging.OrganizationBucketConfigIndexConfigArgs{\n\t\t\t\t\tFieldPath: pulumi.String(\"jsonPayload.request.status\"),\n\t\t\t\t\tType: pulumi.String(\"INDEX_TYPE_STRING\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetOrganizationArgs;\nimport com.pulumi.gcp.logging.OrganizationBucketConfig;\nimport com.pulumi.gcp.logging.OrganizationBucketConfigArgs;\nimport com.pulumi.gcp.logging.inputs.OrganizationBucketConfigIndexConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = OrganizationsFunctions.getOrganization(GetOrganizationArgs.builder()\n .organization(\"123456789\")\n .build());\n\n var basic = new OrganizationBucketConfig(\"basic\", OrganizationBucketConfigArgs.builder()\n .organization(default_.organization())\n .location(\"global\")\n .retentionDays(30)\n .bucketId(\"_Default\")\n .indexConfigs(OrganizationBucketConfigIndexConfigArgs.builder()\n .fieldPath(\"jsonPayload.request.status\")\n .type(\"INDEX_TYPE_STRING\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basic:\n type: gcp:logging:OrganizationBucketConfig\n properties:\n organization: ${default.organization}\n location: global\n retentionDays: 30\n bucketId: _Default\n indexConfigs:\n - fieldPath: jsonPayload.request.status\n type: INDEX_TYPE_STRING\nvariables:\n default:\n fn::invoke:\n function: gcp:organizations:getOrganization\n arguments:\n organization: '123456789'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource can be imported using the following format:\n\n* `organizations/{{organization}}/locations/{{location}}/buckets/{{bucket_id}}`\n\nWhen using the `pulumi import` command, this resource can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:logging/organizationBucketConfig:OrganizationBucketConfig default organizations/{{organization}}/locations/{{location}}/buckets/{{bucket_id}}\n```\n\n", "properties": { "bucketId": { "type": "string", @@ -233322,7 +233322,7 @@ } }, "gcp:logging/organizationSettings:OrganizationSettings": { - "description": "Default resource settings control whether CMEK is required for new log buckets. These settings also determine the storage location for the _Default and _Required log buckets, and whether the _Default sink is enabled or disabled.\n\n\nTo get more information about OrganizationSettings, see:\n\n* [API documentation](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getSettings)\n* How-to Guides\n * [Configure default settings for organizations and folders](https://cloud.google.com/logging/docs/default-settings)\n\n## Example Usage\n\n### Logging Organization Settings All\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst settings = gcp.logging.getOrganizationSettings({\n organization: \"123456789\",\n});\nconst iam = new gcp.kms.CryptoKeyIAMMember(\"iam\", {\n cryptoKeyId: \"kms-key\",\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: settings.then(settings =\u003e `serviceAccount:${settings.kmsServiceAccountId}`),\n});\nconst example = new gcp.logging.OrganizationSettings(\"example\", {\n disableDefaultSink: true,\n kmsKeyName: \"kms-key\",\n organization: \"123456789\",\n storageLocation: \"us-central1\",\n}, {\n dependsOn: [iam],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsettings = gcp.logging.get_organization_settings(organization=\"123456789\")\niam = gcp.kms.CryptoKeyIAMMember(\"iam\",\n crypto_key_id=\"kms-key\",\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:{settings.kms_service_account_id}\")\nexample = gcp.logging.OrganizationSettings(\"example\",\n disable_default_sink=True,\n kms_key_name=\"kms-key\",\n organization=\"123456789\",\n storage_location=\"us-central1\",\n opts = pulumi.ResourceOptions(depends_on=[iam]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var settings = Gcp.Logging.GetOrganizationSettings.Invoke(new()\n {\n Organization = \"123456789\",\n });\n\n var iam = new Gcp.Kms.CryptoKeyIAMMember(\"iam\", new()\n {\n CryptoKeyId = \"kms-key\",\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:{settings.Apply(getOrganizationSettingsResult =\u003e getOrganizationSettingsResult.KmsServiceAccountId)}\",\n });\n\n var example = new Gcp.Logging.OrganizationSettings(\"example\", new()\n {\n DisableDefaultSink = true,\n KmsKeyName = \"kms-key\",\n Organization = \"123456789\",\n StorageLocation = \"us-central1\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n iam,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsettings, err := logging.LookupOrganizationSettings(ctx, \u0026logging.LookupOrganizationSettingsArgs{\n\t\t\tOrganization: \"123456789\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tiam, err := kms.NewCryptoKeyIAMMember(ctx, \"iam\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.String(\"kms-key\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v\", settings.KmsServiceAccountId),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewOrganizationSettings(ctx, \"example\", \u0026logging.OrganizationSettingsArgs{\n\t\t\tDisableDefaultSink: pulumi.Bool(true),\n\t\t\tKmsKeyName: pulumi.String(\"kms-key\"),\n\t\t\tOrganization: pulumi.String(\"123456789\"),\n\t\t\tStorageLocation: pulumi.String(\"us-central1\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tiam,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LoggingFunctions;\nimport com.pulumi.gcp.logging.inputs.GetOrganizationSettingsArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.logging.OrganizationSettings;\nimport com.pulumi.gcp.logging.OrganizationSettingsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var settings = LoggingFunctions.getOrganizationSettings(GetOrganizationSettingsArgs.builder()\n .organization(\"123456789\")\n .build());\n\n var iam = new CryptoKeyIAMMember(\"iam\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(\"kms-key\")\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:%s\", settings.applyValue(getOrganizationSettingsResult -\u003e getOrganizationSettingsResult.kmsServiceAccountId())))\n .build());\n\n var example = new OrganizationSettings(\"example\", OrganizationSettingsArgs.builder()\n .disableDefaultSink(true)\n .kmsKeyName(\"kms-key\")\n .organization(\"123456789\")\n .storageLocation(\"us-central1\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(iam)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:logging:OrganizationSettings\n properties:\n disableDefaultSink: true\n kmsKeyName: kms-key\n organization: '123456789'\n storageLocation: us-central1\n options:\n dependson:\n - ${iam}\n iam:\n type: gcp:kms:CryptoKeyIAMMember\n properties:\n cryptoKeyId: kms-key\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:${settings.kmsServiceAccountId}\nvariables:\n settings:\n fn::invoke:\n Function: gcp:logging:getOrganizationSettings\n Arguments:\n organization: '123456789'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nOrganizationSettings can be imported using any of these accepted formats:\n\n* `organizations/{{organization}}/settings`\n\n* `{{organization}}`\n\nWhen using the `pulumi import` command, OrganizationSettings can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:logging/organizationSettings:OrganizationSettings default organizations/{{organization}}/settings\n```\n\n```sh\n$ pulumi import gcp:logging/organizationSettings:OrganizationSettings default {{organization}}\n```\n\n", + "description": "Default resource settings control whether CMEK is required for new log buckets. These settings also determine the storage location for the _Default and _Required log buckets, and whether the _Default sink is enabled or disabled.\n\n\nTo get more information about OrganizationSettings, see:\n\n* [API documentation](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getSettings)\n* How-to Guides\n * [Configure default settings for organizations and folders](https://cloud.google.com/logging/docs/default-settings)\n\n## Example Usage\n\n### Logging Organization Settings All\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst settings = gcp.logging.getOrganizationSettings({\n organization: \"123456789\",\n});\nconst iam = new gcp.kms.CryptoKeyIAMMember(\"iam\", {\n cryptoKeyId: \"kms-key\",\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: settings.then(settings =\u003e `serviceAccount:${settings.kmsServiceAccountId}`),\n});\nconst example = new gcp.logging.OrganizationSettings(\"example\", {\n disableDefaultSink: true,\n kmsKeyName: \"kms-key\",\n organization: \"123456789\",\n storageLocation: \"us-central1\",\n}, {\n dependsOn: [iam],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsettings = gcp.logging.get_organization_settings(organization=\"123456789\")\niam = gcp.kms.CryptoKeyIAMMember(\"iam\",\n crypto_key_id=\"kms-key\",\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:{settings.kms_service_account_id}\")\nexample = gcp.logging.OrganizationSettings(\"example\",\n disable_default_sink=True,\n kms_key_name=\"kms-key\",\n organization=\"123456789\",\n storage_location=\"us-central1\",\n opts = pulumi.ResourceOptions(depends_on=[iam]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var settings = Gcp.Logging.GetOrganizationSettings.Invoke(new()\n {\n Organization = \"123456789\",\n });\n\n var iam = new Gcp.Kms.CryptoKeyIAMMember(\"iam\", new()\n {\n CryptoKeyId = \"kms-key\",\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:{settings.Apply(getOrganizationSettingsResult =\u003e getOrganizationSettingsResult.KmsServiceAccountId)}\",\n });\n\n var example = new Gcp.Logging.OrganizationSettings(\"example\", new()\n {\n DisableDefaultSink = true,\n KmsKeyName = \"kms-key\",\n Organization = \"123456789\",\n StorageLocation = \"us-central1\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n iam,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsettings, err := logging.LookupOrganizationSettings(ctx, \u0026logging.LookupOrganizationSettingsArgs{\n\t\t\tOrganization: \"123456789\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tiam, err := kms.NewCryptoKeyIAMMember(ctx, \"iam\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.String(\"kms-key\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v\", settings.KmsServiceAccountId),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewOrganizationSettings(ctx, \"example\", \u0026logging.OrganizationSettingsArgs{\n\t\t\tDisableDefaultSink: pulumi.Bool(true),\n\t\t\tKmsKeyName: pulumi.String(\"kms-key\"),\n\t\t\tOrganization: pulumi.String(\"123456789\"),\n\t\t\tStorageLocation: pulumi.String(\"us-central1\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tiam,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LoggingFunctions;\nimport com.pulumi.gcp.logging.inputs.GetOrganizationSettingsArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.logging.OrganizationSettings;\nimport com.pulumi.gcp.logging.OrganizationSettingsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var settings = LoggingFunctions.getOrganizationSettings(GetOrganizationSettingsArgs.builder()\n .organization(\"123456789\")\n .build());\n\n var iam = new CryptoKeyIAMMember(\"iam\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(\"kms-key\")\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:%s\", settings.applyValue(getOrganizationSettingsResult -\u003e getOrganizationSettingsResult.kmsServiceAccountId())))\n .build());\n\n var example = new OrganizationSettings(\"example\", OrganizationSettingsArgs.builder()\n .disableDefaultSink(true)\n .kmsKeyName(\"kms-key\")\n .organization(\"123456789\")\n .storageLocation(\"us-central1\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(iam)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:logging:OrganizationSettings\n properties:\n disableDefaultSink: true\n kmsKeyName: kms-key\n organization: '123456789'\n storageLocation: us-central1\n options:\n dependsOn:\n - ${iam}\n iam:\n type: gcp:kms:CryptoKeyIAMMember\n properties:\n cryptoKeyId: kms-key\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:${settings.kmsServiceAccountId}\nvariables:\n settings:\n fn::invoke:\n function: gcp:logging:getOrganizationSettings\n arguments:\n organization: '123456789'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nOrganizationSettings can be imported using any of these accepted formats:\n\n* `organizations/{{organization}}/settings`\n\n* `{{organization}}`\n\nWhen using the `pulumi import` command, OrganizationSettings can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:logging/organizationSettings:OrganizationSettings default organizations/{{organization}}/settings\n```\n\n```sh\n$ pulumi import gcp:logging/organizationSettings:OrganizationSettings default {{organization}}\n```\n\n", "properties": { "disableDefaultSink": { "type": "boolean", @@ -233584,7 +233584,7 @@ } }, "gcp:logging/projectBucketConfig:ProjectBucketConfig": { - "description": "Manages a project-level logging bucket config. For more information see\n[the official logging documentation](https://cloud.google.com/logging/docs/) and\n[Storing Logs](https://cloud.google.com/logging/docs/storage).\n\n\u003e **Note:** Logging buckets are automatically created for a given folder, project, organization, billingAccount and cannot be deleted. Creating a resource of this type will acquire and update the resource that already exists at the desired location. These buckets cannot be removed so deleting this resource will remove the bucket config from your state but will leave the logging bucket unchanged. The buckets that are currently automatically created are \"_Default\" and \"_Required\".\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.organizations.Project(\"default\", {\n projectId: \"your-project-id\",\n name: \"your-project-id\",\n orgId: \"123456789\",\n});\nconst basic = new gcp.logging.ProjectBucketConfig(\"basic\", {\n project: _default.projectId,\n location: \"global\",\n retentionDays: 30,\n bucketId: \"_Default\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.organizations.Project(\"default\",\n project_id=\"your-project-id\",\n name=\"your-project-id\",\n org_id=\"123456789\")\nbasic = gcp.logging.ProjectBucketConfig(\"basic\",\n project=default.project_id,\n location=\"global\",\n retention_days=30,\n bucket_id=\"_Default\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Organizations.Project(\"default\", new()\n {\n ProjectId = \"your-project-id\",\n Name = \"your-project-id\",\n OrgId = \"123456789\",\n });\n\n var basic = new Gcp.Logging.ProjectBucketConfig(\"basic\", new()\n {\n Project = @default.ProjectId,\n Location = \"global\",\n RetentionDays = 30,\n BucketId = \"_Default\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewProject(ctx, \"default\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"your-project-id\"),\n\t\t\tName: pulumi.String(\"your-project-id\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewProjectBucketConfig(ctx, \"basic\", \u0026logging.ProjectBucketConfigArgs{\n\t\t\tProject: _default.ProjectId,\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tRetentionDays: pulumi.Int(30),\n\t\t\tBucketId: pulumi.String(\"_Default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.logging.ProjectBucketConfig;\nimport com.pulumi.gcp.logging.ProjectBucketConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Project(\"default\", ProjectArgs.builder()\n .projectId(\"your-project-id\")\n .name(\"your-project-id\")\n .orgId(\"123456789\")\n .build());\n\n var basic = new ProjectBucketConfig(\"basic\", ProjectBucketConfigArgs.builder()\n .project(default_.projectId())\n .location(\"global\")\n .retentionDays(30)\n .bucketId(\"_Default\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:organizations:Project\n properties:\n projectId: your-project-id\n name: your-project-id\n orgId: '123456789'\n basic:\n type: gcp:logging:ProjectBucketConfig\n properties:\n project: ${default.projectId}\n location: global\n retentionDays: 30\n bucketId: _Default\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nCreate logging bucket with customId\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = new gcp.logging.ProjectBucketConfig(\"basic\", {\n project: \"project_id\",\n location: \"global\",\n retentionDays: 30,\n bucketId: \"custom-bucket\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic = gcp.logging.ProjectBucketConfig(\"basic\",\n project=\"project_id\",\n location=\"global\",\n retention_days=30,\n bucket_id=\"custom-bucket\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = new Gcp.Logging.ProjectBucketConfig(\"basic\", new()\n {\n Project = \"project_id\",\n Location = \"global\",\n RetentionDays = 30,\n BucketId = \"custom-bucket\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewProjectBucketConfig(ctx, \"basic\", \u0026logging.ProjectBucketConfigArgs{\n\t\t\tProject: pulumi.String(\"project_id\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tRetentionDays: pulumi.Int(30),\n\t\t\tBucketId: pulumi.String(\"custom-bucket\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.ProjectBucketConfig;\nimport com.pulumi.gcp.logging.ProjectBucketConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basic = new ProjectBucketConfig(\"basic\", ProjectBucketConfigArgs.builder()\n .project(\"project_id\")\n .location(\"global\")\n .retentionDays(30)\n .bucketId(\"custom-bucket\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basic:\n type: gcp:logging:ProjectBucketConfig\n properties:\n project: project_id\n location: global\n retentionDays: 30\n bucketId: custom-bucket\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nCreate logging bucket with Log Analytics enabled\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst analytics_enabled_bucket = new gcp.logging.ProjectBucketConfig(\"analytics-enabled-bucket\", {\n project: \"project_id\",\n location: \"global\",\n retentionDays: 30,\n enableAnalytics: true,\n bucketId: \"custom-bucket\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nanalytics_enabled_bucket = gcp.logging.ProjectBucketConfig(\"analytics-enabled-bucket\",\n project=\"project_id\",\n location=\"global\",\n retention_days=30,\n enable_analytics=True,\n bucket_id=\"custom-bucket\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var analytics_enabled_bucket = new Gcp.Logging.ProjectBucketConfig(\"analytics-enabled-bucket\", new()\n {\n Project = \"project_id\",\n Location = \"global\",\n RetentionDays = 30,\n EnableAnalytics = true,\n BucketId = \"custom-bucket\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewProjectBucketConfig(ctx, \"analytics-enabled-bucket\", \u0026logging.ProjectBucketConfigArgs{\n\t\t\tProject: pulumi.String(\"project_id\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tRetentionDays: pulumi.Int(30),\n\t\t\tEnableAnalytics: pulumi.Bool(true),\n\t\t\tBucketId: pulumi.String(\"custom-bucket\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.ProjectBucketConfig;\nimport com.pulumi.gcp.logging.ProjectBucketConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var analytics_enabled_bucket = new ProjectBucketConfig(\"analytics-enabled-bucket\", ProjectBucketConfigArgs.builder()\n .project(\"project_id\")\n .location(\"global\")\n .retentionDays(30)\n .enableAnalytics(true)\n .bucketId(\"custom-bucket\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n analytics-enabled-bucket:\n type: gcp:logging:ProjectBucketConfig\n properties:\n project: project_id\n location: global\n retentionDays: 30\n enableAnalytics: true\n bucketId: custom-bucket\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nCreate logging bucket with customId and cmekSettings\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cmekSettings = gcp.logging.getProjectCmekSettings({\n project: \"project_id\",\n});\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"us-central1\",\n});\nconst key = new gcp.kms.CryptoKey(\"key\", {\n name: \"crypto-key-example\",\n keyRing: keyring.id,\n rotationPeriod: \"7776000s\",\n});\nconst cryptoKeyBinding = new gcp.kms.CryptoKeyIAMBinding(\"crypto_key_binding\", {\n cryptoKeyId: key.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n members: [cmekSettings.then(cmekSettings =\u003e `serviceAccount:${cmekSettings.serviceAccountId}`)],\n});\nconst example_project_bucket_cmek_settings = new gcp.logging.ProjectBucketConfig(\"example-project-bucket-cmek-settings\", {\n project: \"project_id\",\n location: \"us-central1\",\n retentionDays: 30,\n bucketId: \"custom-bucket\",\n cmekSettings: {\n kmsKeyName: key.id,\n },\n}, {\n dependsOn: [cryptoKeyBinding],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncmek_settings = gcp.logging.get_project_cmek_settings(project=\"project_id\")\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"us-central1\")\nkey = gcp.kms.CryptoKey(\"key\",\n name=\"crypto-key-example\",\n key_ring=keyring.id,\n rotation_period=\"7776000s\")\ncrypto_key_binding = gcp.kms.CryptoKeyIAMBinding(\"crypto_key_binding\",\n crypto_key_id=key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n members=[f\"serviceAccount:{cmek_settings.service_account_id}\"])\nexample_project_bucket_cmek_settings = gcp.logging.ProjectBucketConfig(\"example-project-bucket-cmek-settings\",\n project=\"project_id\",\n location=\"us-central1\",\n retention_days=30,\n bucket_id=\"custom-bucket\",\n cmek_settings={\n \"kms_key_name\": key.id,\n },\n opts = pulumi.ResourceOptions(depends_on=[crypto_key_binding]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cmekSettings = Gcp.Logging.GetProjectCmekSettings.Invoke(new()\n {\n Project = \"project_id\",\n });\n\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"us-central1\",\n });\n\n var key = new Gcp.Kms.CryptoKey(\"key\", new()\n {\n Name = \"crypto-key-example\",\n KeyRing = keyring.Id,\n RotationPeriod = \"7776000s\",\n });\n\n var cryptoKeyBinding = new Gcp.Kms.CryptoKeyIAMBinding(\"crypto_key_binding\", new()\n {\n CryptoKeyId = key.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Members = new[]\n {\n $\"serviceAccount:{cmekSettings.Apply(getProjectCmekSettingsResult =\u003e getProjectCmekSettingsResult.ServiceAccountId)}\",\n },\n });\n\n var example_project_bucket_cmek_settings = new Gcp.Logging.ProjectBucketConfig(\"example-project-bucket-cmek-settings\", new()\n {\n Project = \"project_id\",\n Location = \"us-central1\",\n RetentionDays = 30,\n BucketId = \"custom-bucket\",\n CmekSettings = new Gcp.Logging.Inputs.ProjectBucketConfigCmekSettingsArgs\n {\n KmsKeyName = key.Id,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n cryptoKeyBinding,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcmekSettings, err := logging.GetProjectCmekSettings(ctx, \u0026logging.GetProjectCmekSettingsArgs{\n\t\t\tProject: \"project_id\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkey, err := kms.NewCryptoKey(ctx, \"key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"crypto-key-example\"),\n\t\t\tKeyRing: keyring.ID(),\n\t\t\tRotationPeriod: pulumi.String(\"7776000s\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKeyBinding, err := kms.NewCryptoKeyIAMBinding(ctx, \"crypto_key_binding\", \u0026kms.CryptoKeyIAMBindingArgs{\n\t\t\tCryptoKeyId: key.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:%v\", cmekSettings.ServiceAccountId),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewProjectBucketConfig(ctx, \"example-project-bucket-cmek-settings\", \u0026logging.ProjectBucketConfigArgs{\n\t\t\tProject: pulumi.String(\"project_id\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRetentionDays: pulumi.Int(30),\n\t\t\tBucketId: pulumi.String(\"custom-bucket\"),\n\t\t\tCmekSettings: \u0026logging.ProjectBucketConfigCmekSettingsArgs{\n\t\t\t\tKmsKeyName: key.ID(),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcryptoKeyBinding,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LoggingFunctions;\nimport com.pulumi.gcp.logging.inputs.GetProjectCmekSettingsArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBinding;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;\nimport com.pulumi.gcp.logging.ProjectBucketConfig;\nimport com.pulumi.gcp.logging.ProjectBucketConfigArgs;\nimport com.pulumi.gcp.logging.inputs.ProjectBucketConfigCmekSettingsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var cmekSettings = LoggingFunctions.getProjectCmekSettings(GetProjectCmekSettingsArgs.builder()\n .project(\"project_id\")\n .build());\n\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder()\n .name(\"keyring-example\")\n .location(\"us-central1\")\n .build());\n\n var key = new CryptoKey(\"key\", CryptoKeyArgs.builder()\n .name(\"crypto-key-example\")\n .keyRing(keyring.id())\n .rotationPeriod(\"7776000s\")\n .build());\n\n var cryptoKeyBinding = new CryptoKeyIAMBinding(\"cryptoKeyBinding\", CryptoKeyIAMBindingArgs.builder()\n .cryptoKeyId(key.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .members(String.format(\"serviceAccount:%s\", cmekSettings.applyValue(getProjectCmekSettingsResult -\u003e getProjectCmekSettingsResult.serviceAccountId())))\n .build());\n\n var example_project_bucket_cmek_settings = new ProjectBucketConfig(\"example-project-bucket-cmek-settings\", ProjectBucketConfigArgs.builder()\n .project(\"project_id\")\n .location(\"us-central1\")\n .retentionDays(30)\n .bucketId(\"custom-bucket\")\n .cmekSettings(ProjectBucketConfigCmekSettingsArgs.builder()\n .kmsKeyName(key.id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(cryptoKeyBinding)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: us-central1\n key:\n type: gcp:kms:CryptoKey\n properties:\n name: crypto-key-example\n keyRing: ${keyring.id}\n rotationPeriod: 7776000s\n cryptoKeyBinding:\n type: gcp:kms:CryptoKeyIAMBinding\n name: crypto_key_binding\n properties:\n cryptoKeyId: ${key.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n members:\n - serviceAccount:${cmekSettings.serviceAccountId}\n example-project-bucket-cmek-settings:\n type: gcp:logging:ProjectBucketConfig\n properties:\n project: project_id\n location: us-central1\n retentionDays: 30\n bucketId: custom-bucket\n cmekSettings:\n kmsKeyName: ${key.id}\n options:\n dependson:\n - ${cryptoKeyBinding}\nvariables:\n cmekSettings:\n fn::invoke:\n Function: gcp:logging:getProjectCmekSettings\n Arguments:\n project: project_id\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nCreate logging bucket with index configs\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example_project_bucket_index_configs = new gcp.logging.ProjectBucketConfig(\"example-project-bucket-index-configs\", {\n project: \"project_id\",\n location: \"global\",\n retentionDays: 30,\n bucketId: \"custom-bucket\",\n indexConfigs: [{\n fieldPath: \"jsonPayload.request.status\",\n type: \"INDEX_TYPE_STRING\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample_project_bucket_index_configs = gcp.logging.ProjectBucketConfig(\"example-project-bucket-index-configs\",\n project=\"project_id\",\n location=\"global\",\n retention_days=30,\n bucket_id=\"custom-bucket\",\n index_configs=[{\n \"field_path\": \"jsonPayload.request.status\",\n \"type\": \"INDEX_TYPE_STRING\",\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example_project_bucket_index_configs = new Gcp.Logging.ProjectBucketConfig(\"example-project-bucket-index-configs\", new()\n {\n Project = \"project_id\",\n Location = \"global\",\n RetentionDays = 30,\n BucketId = \"custom-bucket\",\n IndexConfigs = new[]\n {\n new Gcp.Logging.Inputs.ProjectBucketConfigIndexConfigArgs\n {\n FieldPath = \"jsonPayload.request.status\",\n Type = \"INDEX_TYPE_STRING\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewProjectBucketConfig(ctx, \"example-project-bucket-index-configs\", \u0026logging.ProjectBucketConfigArgs{\n\t\t\tProject: pulumi.String(\"project_id\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tRetentionDays: pulumi.Int(30),\n\t\t\tBucketId: pulumi.String(\"custom-bucket\"),\n\t\t\tIndexConfigs: logging.ProjectBucketConfigIndexConfigArray{\n\t\t\t\t\u0026logging.ProjectBucketConfigIndexConfigArgs{\n\t\t\t\t\tFieldPath: pulumi.String(\"jsonPayload.request.status\"),\n\t\t\t\t\tType: pulumi.String(\"INDEX_TYPE_STRING\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.ProjectBucketConfig;\nimport com.pulumi.gcp.logging.ProjectBucketConfigArgs;\nimport com.pulumi.gcp.logging.inputs.ProjectBucketConfigIndexConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example_project_bucket_index_configs = new ProjectBucketConfig(\"example-project-bucket-index-configs\", ProjectBucketConfigArgs.builder()\n .project(\"project_id\")\n .location(\"global\")\n .retentionDays(30)\n .bucketId(\"custom-bucket\")\n .indexConfigs(ProjectBucketConfigIndexConfigArgs.builder()\n .fieldPath(\"jsonPayload.request.status\")\n .type(\"INDEX_TYPE_STRING\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-project-bucket-index-configs:\n type: gcp:logging:ProjectBucketConfig\n properties:\n project: project_id\n location: global\n retentionDays: 30\n bucketId: custom-bucket\n indexConfigs:\n - fieldPath: jsonPayload.request.status\n type: INDEX_TYPE_STRING\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource can be imported using the following format:\n\n* `projects/{{project}}/locations/{{location}}/buckets/{{bucket_id}}`\n\nWhen using the `pulumi import` command, this resource can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:logging/projectBucketConfig:ProjectBucketConfig default projects/{{project}}/locations/{{location}}/buckets/{{bucket_id}}\n```\n\n", + "description": "Manages a project-level logging bucket config. For more information see\n[the official logging documentation](https://cloud.google.com/logging/docs/) and\n[Storing Logs](https://cloud.google.com/logging/docs/storage).\n\n\u003e **Note:** Logging buckets are automatically created for a given folder, project, organization, billingAccount and cannot be deleted. Creating a resource of this type will acquire and update the resource that already exists at the desired location. These buckets cannot be removed so deleting this resource will remove the bucket config from your state but will leave the logging bucket unchanged. The buckets that are currently automatically created are \"_Default\" and \"_Required\".\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.organizations.Project(\"default\", {\n projectId: \"your-project-id\",\n name: \"your-project-id\",\n orgId: \"123456789\",\n});\nconst basic = new gcp.logging.ProjectBucketConfig(\"basic\", {\n project: _default.projectId,\n location: \"global\",\n retentionDays: 30,\n bucketId: \"_Default\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.organizations.Project(\"default\",\n project_id=\"your-project-id\",\n name=\"your-project-id\",\n org_id=\"123456789\")\nbasic = gcp.logging.ProjectBucketConfig(\"basic\",\n project=default.project_id,\n location=\"global\",\n retention_days=30,\n bucket_id=\"_Default\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Organizations.Project(\"default\", new()\n {\n ProjectId = \"your-project-id\",\n Name = \"your-project-id\",\n OrgId = \"123456789\",\n });\n\n var basic = new Gcp.Logging.ProjectBucketConfig(\"basic\", new()\n {\n Project = @default.ProjectId,\n Location = \"global\",\n RetentionDays = 30,\n BucketId = \"_Default\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewProject(ctx, \"default\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"your-project-id\"),\n\t\t\tName: pulumi.String(\"your-project-id\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewProjectBucketConfig(ctx, \"basic\", \u0026logging.ProjectBucketConfigArgs{\n\t\t\tProject: _default.ProjectId,\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tRetentionDays: pulumi.Int(30),\n\t\t\tBucketId: pulumi.String(\"_Default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.logging.ProjectBucketConfig;\nimport com.pulumi.gcp.logging.ProjectBucketConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Project(\"default\", ProjectArgs.builder()\n .projectId(\"your-project-id\")\n .name(\"your-project-id\")\n .orgId(\"123456789\")\n .build());\n\n var basic = new ProjectBucketConfig(\"basic\", ProjectBucketConfigArgs.builder()\n .project(default_.projectId())\n .location(\"global\")\n .retentionDays(30)\n .bucketId(\"_Default\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:organizations:Project\n properties:\n projectId: your-project-id\n name: your-project-id\n orgId: '123456789'\n basic:\n type: gcp:logging:ProjectBucketConfig\n properties:\n project: ${default.projectId}\n location: global\n retentionDays: 30\n bucketId: _Default\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nCreate logging bucket with customId\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = new gcp.logging.ProjectBucketConfig(\"basic\", {\n project: \"project_id\",\n location: \"global\",\n retentionDays: 30,\n bucketId: \"custom-bucket\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic = gcp.logging.ProjectBucketConfig(\"basic\",\n project=\"project_id\",\n location=\"global\",\n retention_days=30,\n bucket_id=\"custom-bucket\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = new Gcp.Logging.ProjectBucketConfig(\"basic\", new()\n {\n Project = \"project_id\",\n Location = \"global\",\n RetentionDays = 30,\n BucketId = \"custom-bucket\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewProjectBucketConfig(ctx, \"basic\", \u0026logging.ProjectBucketConfigArgs{\n\t\t\tProject: pulumi.String(\"project_id\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tRetentionDays: pulumi.Int(30),\n\t\t\tBucketId: pulumi.String(\"custom-bucket\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.ProjectBucketConfig;\nimport com.pulumi.gcp.logging.ProjectBucketConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basic = new ProjectBucketConfig(\"basic\", ProjectBucketConfigArgs.builder()\n .project(\"project_id\")\n .location(\"global\")\n .retentionDays(30)\n .bucketId(\"custom-bucket\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basic:\n type: gcp:logging:ProjectBucketConfig\n properties:\n project: project_id\n location: global\n retentionDays: 30\n bucketId: custom-bucket\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nCreate logging bucket with Log Analytics enabled\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst analytics_enabled_bucket = new gcp.logging.ProjectBucketConfig(\"analytics-enabled-bucket\", {\n project: \"project_id\",\n location: \"global\",\n retentionDays: 30,\n enableAnalytics: true,\n bucketId: \"custom-bucket\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nanalytics_enabled_bucket = gcp.logging.ProjectBucketConfig(\"analytics-enabled-bucket\",\n project=\"project_id\",\n location=\"global\",\n retention_days=30,\n enable_analytics=True,\n bucket_id=\"custom-bucket\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var analytics_enabled_bucket = new Gcp.Logging.ProjectBucketConfig(\"analytics-enabled-bucket\", new()\n {\n Project = \"project_id\",\n Location = \"global\",\n RetentionDays = 30,\n EnableAnalytics = true,\n BucketId = \"custom-bucket\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewProjectBucketConfig(ctx, \"analytics-enabled-bucket\", \u0026logging.ProjectBucketConfigArgs{\n\t\t\tProject: pulumi.String(\"project_id\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tRetentionDays: pulumi.Int(30),\n\t\t\tEnableAnalytics: pulumi.Bool(true),\n\t\t\tBucketId: pulumi.String(\"custom-bucket\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.ProjectBucketConfig;\nimport com.pulumi.gcp.logging.ProjectBucketConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var analytics_enabled_bucket = new ProjectBucketConfig(\"analytics-enabled-bucket\", ProjectBucketConfigArgs.builder()\n .project(\"project_id\")\n .location(\"global\")\n .retentionDays(30)\n .enableAnalytics(true)\n .bucketId(\"custom-bucket\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n analytics-enabled-bucket:\n type: gcp:logging:ProjectBucketConfig\n properties:\n project: project_id\n location: global\n retentionDays: 30\n enableAnalytics: true\n bucketId: custom-bucket\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nCreate logging bucket with customId and cmekSettings\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cmekSettings = gcp.logging.getProjectCmekSettings({\n project: \"project_id\",\n});\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"us-central1\",\n});\nconst key = new gcp.kms.CryptoKey(\"key\", {\n name: \"crypto-key-example\",\n keyRing: keyring.id,\n rotationPeriod: \"7776000s\",\n});\nconst cryptoKeyBinding = new gcp.kms.CryptoKeyIAMBinding(\"crypto_key_binding\", {\n cryptoKeyId: key.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n members: [cmekSettings.then(cmekSettings =\u003e `serviceAccount:${cmekSettings.serviceAccountId}`)],\n});\nconst example_project_bucket_cmek_settings = new gcp.logging.ProjectBucketConfig(\"example-project-bucket-cmek-settings\", {\n project: \"project_id\",\n location: \"us-central1\",\n retentionDays: 30,\n bucketId: \"custom-bucket\",\n cmekSettings: {\n kmsKeyName: key.id,\n },\n}, {\n dependsOn: [cryptoKeyBinding],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncmek_settings = gcp.logging.get_project_cmek_settings(project=\"project_id\")\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"us-central1\")\nkey = gcp.kms.CryptoKey(\"key\",\n name=\"crypto-key-example\",\n key_ring=keyring.id,\n rotation_period=\"7776000s\")\ncrypto_key_binding = gcp.kms.CryptoKeyIAMBinding(\"crypto_key_binding\",\n crypto_key_id=key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n members=[f\"serviceAccount:{cmek_settings.service_account_id}\"])\nexample_project_bucket_cmek_settings = gcp.logging.ProjectBucketConfig(\"example-project-bucket-cmek-settings\",\n project=\"project_id\",\n location=\"us-central1\",\n retention_days=30,\n bucket_id=\"custom-bucket\",\n cmek_settings={\n \"kms_key_name\": key.id,\n },\n opts = pulumi.ResourceOptions(depends_on=[crypto_key_binding]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cmekSettings = Gcp.Logging.GetProjectCmekSettings.Invoke(new()\n {\n Project = \"project_id\",\n });\n\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"us-central1\",\n });\n\n var key = new Gcp.Kms.CryptoKey(\"key\", new()\n {\n Name = \"crypto-key-example\",\n KeyRing = keyring.Id,\n RotationPeriod = \"7776000s\",\n });\n\n var cryptoKeyBinding = new Gcp.Kms.CryptoKeyIAMBinding(\"crypto_key_binding\", new()\n {\n CryptoKeyId = key.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Members = new[]\n {\n $\"serviceAccount:{cmekSettings.Apply(getProjectCmekSettingsResult =\u003e getProjectCmekSettingsResult.ServiceAccountId)}\",\n },\n });\n\n var example_project_bucket_cmek_settings = new Gcp.Logging.ProjectBucketConfig(\"example-project-bucket-cmek-settings\", new()\n {\n Project = \"project_id\",\n Location = \"us-central1\",\n RetentionDays = 30,\n BucketId = \"custom-bucket\",\n CmekSettings = new Gcp.Logging.Inputs.ProjectBucketConfigCmekSettingsArgs\n {\n KmsKeyName = key.Id,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n cryptoKeyBinding,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcmekSettings, err := logging.GetProjectCmekSettings(ctx, \u0026logging.GetProjectCmekSettingsArgs{\n\t\t\tProject: \"project_id\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkey, err := kms.NewCryptoKey(ctx, \"key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"crypto-key-example\"),\n\t\t\tKeyRing: keyring.ID(),\n\t\t\tRotationPeriod: pulumi.String(\"7776000s\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKeyBinding, err := kms.NewCryptoKeyIAMBinding(ctx, \"crypto_key_binding\", \u0026kms.CryptoKeyIAMBindingArgs{\n\t\t\tCryptoKeyId: key.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:%v\", cmekSettings.ServiceAccountId),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewProjectBucketConfig(ctx, \"example-project-bucket-cmek-settings\", \u0026logging.ProjectBucketConfigArgs{\n\t\t\tProject: pulumi.String(\"project_id\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRetentionDays: pulumi.Int(30),\n\t\t\tBucketId: pulumi.String(\"custom-bucket\"),\n\t\t\tCmekSettings: \u0026logging.ProjectBucketConfigCmekSettingsArgs{\n\t\t\t\tKmsKeyName: key.ID(),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcryptoKeyBinding,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LoggingFunctions;\nimport com.pulumi.gcp.logging.inputs.GetProjectCmekSettingsArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBinding;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;\nimport com.pulumi.gcp.logging.ProjectBucketConfig;\nimport com.pulumi.gcp.logging.ProjectBucketConfigArgs;\nimport com.pulumi.gcp.logging.inputs.ProjectBucketConfigCmekSettingsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var cmekSettings = LoggingFunctions.getProjectCmekSettings(GetProjectCmekSettingsArgs.builder()\n .project(\"project_id\")\n .build());\n\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder()\n .name(\"keyring-example\")\n .location(\"us-central1\")\n .build());\n\n var key = new CryptoKey(\"key\", CryptoKeyArgs.builder()\n .name(\"crypto-key-example\")\n .keyRing(keyring.id())\n .rotationPeriod(\"7776000s\")\n .build());\n\n var cryptoKeyBinding = new CryptoKeyIAMBinding(\"cryptoKeyBinding\", CryptoKeyIAMBindingArgs.builder()\n .cryptoKeyId(key.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .members(String.format(\"serviceAccount:%s\", cmekSettings.applyValue(getProjectCmekSettingsResult -\u003e getProjectCmekSettingsResult.serviceAccountId())))\n .build());\n\n var example_project_bucket_cmek_settings = new ProjectBucketConfig(\"example-project-bucket-cmek-settings\", ProjectBucketConfigArgs.builder()\n .project(\"project_id\")\n .location(\"us-central1\")\n .retentionDays(30)\n .bucketId(\"custom-bucket\")\n .cmekSettings(ProjectBucketConfigCmekSettingsArgs.builder()\n .kmsKeyName(key.id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(cryptoKeyBinding)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: us-central1\n key:\n type: gcp:kms:CryptoKey\n properties:\n name: crypto-key-example\n keyRing: ${keyring.id}\n rotationPeriod: 7776000s\n cryptoKeyBinding:\n type: gcp:kms:CryptoKeyIAMBinding\n name: crypto_key_binding\n properties:\n cryptoKeyId: ${key.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n members:\n - serviceAccount:${cmekSettings.serviceAccountId}\n example-project-bucket-cmek-settings:\n type: gcp:logging:ProjectBucketConfig\n properties:\n project: project_id\n location: us-central1\n retentionDays: 30\n bucketId: custom-bucket\n cmekSettings:\n kmsKeyName: ${key.id}\n options:\n dependsOn:\n - ${cryptoKeyBinding}\nvariables:\n cmekSettings:\n fn::invoke:\n function: gcp:logging:getProjectCmekSettings\n arguments:\n project: project_id\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nCreate logging bucket with index configs\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example_project_bucket_index_configs = new gcp.logging.ProjectBucketConfig(\"example-project-bucket-index-configs\", {\n project: \"project_id\",\n location: \"global\",\n retentionDays: 30,\n bucketId: \"custom-bucket\",\n indexConfigs: [{\n fieldPath: \"jsonPayload.request.status\",\n type: \"INDEX_TYPE_STRING\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample_project_bucket_index_configs = gcp.logging.ProjectBucketConfig(\"example-project-bucket-index-configs\",\n project=\"project_id\",\n location=\"global\",\n retention_days=30,\n bucket_id=\"custom-bucket\",\n index_configs=[{\n \"field_path\": \"jsonPayload.request.status\",\n \"type\": \"INDEX_TYPE_STRING\",\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example_project_bucket_index_configs = new Gcp.Logging.ProjectBucketConfig(\"example-project-bucket-index-configs\", new()\n {\n Project = \"project_id\",\n Location = \"global\",\n RetentionDays = 30,\n BucketId = \"custom-bucket\",\n IndexConfigs = new[]\n {\n new Gcp.Logging.Inputs.ProjectBucketConfigIndexConfigArgs\n {\n FieldPath = \"jsonPayload.request.status\",\n Type = \"INDEX_TYPE_STRING\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewProjectBucketConfig(ctx, \"example-project-bucket-index-configs\", \u0026logging.ProjectBucketConfigArgs{\n\t\t\tProject: pulumi.String(\"project_id\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tRetentionDays: pulumi.Int(30),\n\t\t\tBucketId: pulumi.String(\"custom-bucket\"),\n\t\t\tIndexConfigs: logging.ProjectBucketConfigIndexConfigArray{\n\t\t\t\t\u0026logging.ProjectBucketConfigIndexConfigArgs{\n\t\t\t\t\tFieldPath: pulumi.String(\"jsonPayload.request.status\"),\n\t\t\t\t\tType: pulumi.String(\"INDEX_TYPE_STRING\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.ProjectBucketConfig;\nimport com.pulumi.gcp.logging.ProjectBucketConfigArgs;\nimport com.pulumi.gcp.logging.inputs.ProjectBucketConfigIndexConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example_project_bucket_index_configs = new ProjectBucketConfig(\"example-project-bucket-index-configs\", ProjectBucketConfigArgs.builder()\n .project(\"project_id\")\n .location(\"global\")\n .retentionDays(30)\n .bucketId(\"custom-bucket\")\n .indexConfigs(ProjectBucketConfigIndexConfigArgs.builder()\n .fieldPath(\"jsonPayload.request.status\")\n .type(\"INDEX_TYPE_STRING\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-project-bucket-index-configs:\n type: gcp:logging:ProjectBucketConfig\n properties:\n project: project_id\n location: global\n retentionDays: 30\n bucketId: custom-bucket\n indexConfigs:\n - fieldPath: jsonPayload.request.status\n type: INDEX_TYPE_STRING\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource can be imported using the following format:\n\n* `projects/{{project}}/locations/{{location}}/buckets/{{bucket_id}}`\n\nWhen using the `pulumi import` command, this resource can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:logging/projectBucketConfig:ProjectBucketConfig default projects/{{project}}/locations/{{location}}/buckets/{{bucket_id}}\n```\n\n", "properties": { "bucketId": { "type": "string", @@ -233998,7 +233998,7 @@ } }, "gcp:looker/instance:Instance": { - "description": "A Google Cloud Looker instance.\n\n\nTo get more information about Instance, see:\n\n* [API documentation](https://cloud.google.com/looker/docs/reference/rest/v1/projects.locations.instances)\n* How-to Guides\n * [Configure a Looker (Google Cloud core) instance](https://cloud.google.com/looker/docs/looker-core-instance-setup)\n * [Create a Looker (Google Cloud core) instance](https://cloud.google.com/looker/docs/looker-core-instance-create)\n\n## Example Usage\n\n### Looker Instance Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst looker_instance = new gcp.looker.Instance(\"looker-instance\", {\n name: \"my-instance\",\n platformEdition: \"LOOKER_CORE_STANDARD_ANNUAL\",\n region: \"us-central1\",\n oauthConfig: {\n clientId: \"my-client-id\",\n clientSecret: \"my-client-secret\",\n },\n deletionPolicy: \"DEFAULT\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nlooker_instance = gcp.looker.Instance(\"looker-instance\",\n name=\"my-instance\",\n platform_edition=\"LOOKER_CORE_STANDARD_ANNUAL\",\n region=\"us-central1\",\n oauth_config={\n \"client_id\": \"my-client-id\",\n \"client_secret\": \"my-client-secret\",\n },\n deletion_policy=\"DEFAULT\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var looker_instance = new Gcp.Looker.Instance(\"looker-instance\", new()\n {\n Name = \"my-instance\",\n PlatformEdition = \"LOOKER_CORE_STANDARD_ANNUAL\",\n Region = \"us-central1\",\n OauthConfig = new Gcp.Looker.Inputs.InstanceOauthConfigArgs\n {\n ClientId = \"my-client-id\",\n ClientSecret = \"my-client-secret\",\n },\n DeletionPolicy = \"DEFAULT\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/looker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := looker.NewInstance(ctx, \"looker-instance\", \u0026looker.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tPlatformEdition: pulumi.String(\"LOOKER_CORE_STANDARD_ANNUAL\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tOauthConfig: \u0026looker.InstanceOauthConfigArgs{\n\t\t\t\tClientId: pulumi.String(\"my-client-id\"),\n\t\t\t\tClientSecret: pulumi.String(\"my-client-secret\"),\n\t\t\t},\n\t\t\tDeletionPolicy: pulumi.String(\"DEFAULT\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.looker.Instance;\nimport com.pulumi.gcp.looker.InstanceArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceOauthConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var looker_instance = new Instance(\"looker-instance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .platformEdition(\"LOOKER_CORE_STANDARD_ANNUAL\")\n .region(\"us-central1\")\n .oauthConfig(InstanceOauthConfigArgs.builder()\n .clientId(\"my-client-id\")\n .clientSecret(\"my-client-secret\")\n .build())\n .deletionPolicy(\"DEFAULT\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n looker-instance:\n type: gcp:looker:Instance\n properties:\n name: my-instance\n platformEdition: LOOKER_CORE_STANDARD_ANNUAL\n region: us-central1\n oauthConfig:\n clientId: my-client-id\n clientSecret: my-client-secret\n deletionPolicy: DEFAULT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Looker Instance Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst looker_instance = new gcp.looker.Instance(\"looker-instance\", {\n name: \"my-instance\",\n platformEdition: \"LOOKER_CORE_STANDARD_ANNUAL\",\n region: \"us-central1\",\n publicIpEnabled: true,\n adminSettings: {\n allowedEmailDomains: [\"google.com\"],\n },\n maintenanceWindow: {\n dayOfWeek: \"THURSDAY\",\n startTime: {\n hours: 22,\n minutes: 0,\n seconds: 0,\n nanos: 0,\n },\n },\n denyMaintenancePeriod: {\n startDate: {\n year: 2050,\n month: 1,\n day: 1,\n },\n endDate: {\n year: 2050,\n month: 2,\n day: 1,\n },\n time: {\n hours: 10,\n minutes: 0,\n seconds: 0,\n nanos: 0,\n },\n },\n oauthConfig: {\n clientId: \"my-client-id\",\n clientSecret: \"my-client-secret\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nlooker_instance = gcp.looker.Instance(\"looker-instance\",\n name=\"my-instance\",\n platform_edition=\"LOOKER_CORE_STANDARD_ANNUAL\",\n region=\"us-central1\",\n public_ip_enabled=True,\n admin_settings={\n \"allowed_email_domains\": [\"google.com\"],\n },\n maintenance_window={\n \"day_of_week\": \"THURSDAY\",\n \"start_time\": {\n \"hours\": 22,\n \"minutes\": 0,\n \"seconds\": 0,\n \"nanos\": 0,\n },\n },\n deny_maintenance_period={\n \"start_date\": {\n \"year\": 2050,\n \"month\": 1,\n \"day\": 1,\n },\n \"end_date\": {\n \"year\": 2050,\n \"month\": 2,\n \"day\": 1,\n },\n \"time\": {\n \"hours\": 10,\n \"minutes\": 0,\n \"seconds\": 0,\n \"nanos\": 0,\n },\n },\n oauth_config={\n \"client_id\": \"my-client-id\",\n \"client_secret\": \"my-client-secret\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var looker_instance = new Gcp.Looker.Instance(\"looker-instance\", new()\n {\n Name = \"my-instance\",\n PlatformEdition = \"LOOKER_CORE_STANDARD_ANNUAL\",\n Region = \"us-central1\",\n PublicIpEnabled = true,\n AdminSettings = new Gcp.Looker.Inputs.InstanceAdminSettingsArgs\n {\n AllowedEmailDomains = new[]\n {\n \"google.com\",\n },\n },\n MaintenanceWindow = new Gcp.Looker.Inputs.InstanceMaintenanceWindowArgs\n {\n DayOfWeek = \"THURSDAY\",\n StartTime = new Gcp.Looker.Inputs.InstanceMaintenanceWindowStartTimeArgs\n {\n Hours = 22,\n Minutes = 0,\n Seconds = 0,\n Nanos = 0,\n },\n },\n DenyMaintenancePeriod = new Gcp.Looker.Inputs.InstanceDenyMaintenancePeriodArgs\n {\n StartDate = new Gcp.Looker.Inputs.InstanceDenyMaintenancePeriodStartDateArgs\n {\n Year = 2050,\n Month = 1,\n Day = 1,\n },\n EndDate = new Gcp.Looker.Inputs.InstanceDenyMaintenancePeriodEndDateArgs\n {\n Year = 2050,\n Month = 2,\n Day = 1,\n },\n Time = new Gcp.Looker.Inputs.InstanceDenyMaintenancePeriodTimeArgs\n {\n Hours = 10,\n Minutes = 0,\n Seconds = 0,\n Nanos = 0,\n },\n },\n OauthConfig = new Gcp.Looker.Inputs.InstanceOauthConfigArgs\n {\n ClientId = \"my-client-id\",\n ClientSecret = \"my-client-secret\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/looker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := looker.NewInstance(ctx, \"looker-instance\", \u0026looker.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tPlatformEdition: pulumi.String(\"LOOKER_CORE_STANDARD_ANNUAL\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tPublicIpEnabled: pulumi.Bool(true),\n\t\t\tAdminSettings: \u0026looker.InstanceAdminSettingsArgs{\n\t\t\t\tAllowedEmailDomains: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"google.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tMaintenanceWindow: \u0026looker.InstanceMaintenanceWindowArgs{\n\t\t\t\tDayOfWeek: pulumi.String(\"THURSDAY\"),\n\t\t\t\tStartTime: \u0026looker.InstanceMaintenanceWindowStartTimeArgs{\n\t\t\t\t\tHours: pulumi.Int(22),\n\t\t\t\t\tMinutes: pulumi.Int(0),\n\t\t\t\t\tSeconds: pulumi.Int(0),\n\t\t\t\t\tNanos: pulumi.Int(0),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDenyMaintenancePeriod: \u0026looker.InstanceDenyMaintenancePeriodArgs{\n\t\t\t\tStartDate: \u0026looker.InstanceDenyMaintenancePeriodStartDateArgs{\n\t\t\t\t\tYear: pulumi.Int(2050),\n\t\t\t\t\tMonth: pulumi.Int(1),\n\t\t\t\t\tDay: pulumi.Int(1),\n\t\t\t\t},\n\t\t\t\tEndDate: \u0026looker.InstanceDenyMaintenancePeriodEndDateArgs{\n\t\t\t\t\tYear: pulumi.Int(2050),\n\t\t\t\t\tMonth: pulumi.Int(2),\n\t\t\t\t\tDay: pulumi.Int(1),\n\t\t\t\t},\n\t\t\t\tTime: \u0026looker.InstanceDenyMaintenancePeriodTimeArgs{\n\t\t\t\t\tHours: pulumi.Int(10),\n\t\t\t\t\tMinutes: pulumi.Int(0),\n\t\t\t\t\tSeconds: pulumi.Int(0),\n\t\t\t\t\tNanos: pulumi.Int(0),\n\t\t\t\t},\n\t\t\t},\n\t\t\tOauthConfig: \u0026looker.InstanceOauthConfigArgs{\n\t\t\t\tClientId: pulumi.String(\"my-client-id\"),\n\t\t\t\tClientSecret: pulumi.String(\"my-client-secret\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.looker.Instance;\nimport com.pulumi.gcp.looker.InstanceArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceAdminSettingsArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceMaintenanceWindowArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceMaintenanceWindowStartTimeArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceDenyMaintenancePeriodArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceDenyMaintenancePeriodStartDateArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceDenyMaintenancePeriodEndDateArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceDenyMaintenancePeriodTimeArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceOauthConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var looker_instance = new Instance(\"looker-instance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .platformEdition(\"LOOKER_CORE_STANDARD_ANNUAL\")\n .region(\"us-central1\")\n .publicIpEnabled(true)\n .adminSettings(InstanceAdminSettingsArgs.builder()\n .allowedEmailDomains(\"google.com\")\n .build())\n .maintenanceWindow(InstanceMaintenanceWindowArgs.builder()\n .dayOfWeek(\"THURSDAY\")\n .startTime(InstanceMaintenanceWindowStartTimeArgs.builder()\n .hours(22)\n .minutes(0)\n .seconds(0)\n .nanos(0)\n .build())\n .build())\n .denyMaintenancePeriod(InstanceDenyMaintenancePeriodArgs.builder()\n .startDate(InstanceDenyMaintenancePeriodStartDateArgs.builder()\n .year(2050)\n .month(1)\n .day(1)\n .build())\n .endDate(InstanceDenyMaintenancePeriodEndDateArgs.builder()\n .year(2050)\n .month(2)\n .day(1)\n .build())\n .time(InstanceDenyMaintenancePeriodTimeArgs.builder()\n .hours(10)\n .minutes(0)\n .seconds(0)\n .nanos(0)\n .build())\n .build())\n .oauthConfig(InstanceOauthConfigArgs.builder()\n .clientId(\"my-client-id\")\n .clientSecret(\"my-client-secret\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n looker-instance:\n type: gcp:looker:Instance\n properties:\n name: my-instance\n platformEdition: LOOKER_CORE_STANDARD_ANNUAL\n region: us-central1\n publicIpEnabled: true\n adminSettings:\n allowedEmailDomains:\n - google.com\n maintenanceWindow:\n dayOfWeek: THURSDAY\n startTime:\n hours: 22\n minutes: 0\n seconds: 0\n nanos: 0\n denyMaintenancePeriod:\n startDate:\n year: 2050\n month: 1\n day: 1\n endDate:\n year: 2050\n month: 2\n day: 1\n time:\n hours: 10\n minutes: 0\n seconds: 0\n nanos: 0\n oauthConfig:\n clientId: my-client-id\n clientSecret: my-client-secret\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Looker Instance Fips\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst looker_instance = new gcp.looker.Instance(\"looker-instance\", {\n name: \"my-instance-fips\",\n platformEdition: \"LOOKER_CORE_ENTERPRISE_ANNUAL\",\n region: \"us-central1\",\n publicIpEnabled: true,\n fipsEnabled: true,\n oauthConfig: {\n clientId: \"my-client-id\",\n clientSecret: \"my-client-secret\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nlooker_instance = gcp.looker.Instance(\"looker-instance\",\n name=\"my-instance-fips\",\n platform_edition=\"LOOKER_CORE_ENTERPRISE_ANNUAL\",\n region=\"us-central1\",\n public_ip_enabled=True,\n fips_enabled=True,\n oauth_config={\n \"client_id\": \"my-client-id\",\n \"client_secret\": \"my-client-secret\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var looker_instance = new Gcp.Looker.Instance(\"looker-instance\", new()\n {\n Name = \"my-instance-fips\",\n PlatformEdition = \"LOOKER_CORE_ENTERPRISE_ANNUAL\",\n Region = \"us-central1\",\n PublicIpEnabled = true,\n FipsEnabled = true,\n OauthConfig = new Gcp.Looker.Inputs.InstanceOauthConfigArgs\n {\n ClientId = \"my-client-id\",\n ClientSecret = \"my-client-secret\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/looker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := looker.NewInstance(ctx, \"looker-instance\", \u0026looker.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance-fips\"),\n\t\t\tPlatformEdition: pulumi.String(\"LOOKER_CORE_ENTERPRISE_ANNUAL\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tPublicIpEnabled: pulumi.Bool(true),\n\t\t\tFipsEnabled: pulumi.Bool(true),\n\t\t\tOauthConfig: \u0026looker.InstanceOauthConfigArgs{\n\t\t\t\tClientId: pulumi.String(\"my-client-id\"),\n\t\t\t\tClientSecret: pulumi.String(\"my-client-secret\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.looker.Instance;\nimport com.pulumi.gcp.looker.InstanceArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceOauthConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var looker_instance = new Instance(\"looker-instance\", InstanceArgs.builder()\n .name(\"my-instance-fips\")\n .platformEdition(\"LOOKER_CORE_ENTERPRISE_ANNUAL\")\n .region(\"us-central1\")\n .publicIpEnabled(true)\n .fipsEnabled(true)\n .oauthConfig(InstanceOauthConfigArgs.builder()\n .clientId(\"my-client-id\")\n .clientSecret(\"my-client-secret\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n looker-instance:\n type: gcp:looker:Instance\n properties:\n name: my-instance-fips\n platformEdition: LOOKER_CORE_ENTERPRISE_ANNUAL\n region: us-central1\n publicIpEnabled: true\n fipsEnabled: true\n oauthConfig:\n clientId: my-client-id\n clientSecret: my-client-secret\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Looker Instance Enterprise Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst lookerNetwork = new gcp.compute.Network(\"looker_network\", {name: \"looker-network\"});\nconst lookerRange = new gcp.compute.GlobalAddress(\"looker_range\", {\n name: \"looker-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 20,\n network: lookerNetwork.id,\n});\nconst lookerVpcConnection = new gcp.servicenetworking.Connection(\"looker_vpc_connection\", {\n network: lookerNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [lookerRange.name],\n});\nconst looker_instance = new gcp.looker.Instance(\"looker-instance\", {\n name: \"my-instance\",\n platformEdition: \"LOOKER_CORE_ENTERPRISE_ANNUAL\",\n region: \"us-central1\",\n privateIpEnabled: true,\n publicIpEnabled: false,\n reservedRange: lookerRange.name,\n consumerNetwork: lookerNetwork.id,\n adminSettings: {\n allowedEmailDomains: [\"google.com\"],\n },\n encryptionConfig: {\n kmsKeyName: \"looker-kms-key\",\n },\n maintenanceWindow: {\n dayOfWeek: \"THURSDAY\",\n startTime: {\n hours: 22,\n minutes: 0,\n seconds: 0,\n nanos: 0,\n },\n },\n denyMaintenancePeriod: {\n startDate: {\n year: 2050,\n month: 1,\n day: 1,\n },\n endDate: {\n year: 2050,\n month: 2,\n day: 1,\n },\n time: {\n hours: 10,\n minutes: 0,\n seconds: 0,\n nanos: 0,\n },\n },\n oauthConfig: {\n clientId: \"my-client-id\",\n clientSecret: \"my-client-secret\",\n },\n}, {\n dependsOn: [lookerVpcConnection],\n});\nconst project = gcp.organizations.getProject({});\nconst cryptoKey = new gcp.kms.CryptoKeyIAMMember(\"crypto_key\", {\n cryptoKeyId: \"looker-kms-key\",\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-looker.iam.gserviceaccount.com`),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nlooker_network = gcp.compute.Network(\"looker_network\", name=\"looker-network\")\nlooker_range = gcp.compute.GlobalAddress(\"looker_range\",\n name=\"looker-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=20,\n network=looker_network.id)\nlooker_vpc_connection = gcp.servicenetworking.Connection(\"looker_vpc_connection\",\n network=looker_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[looker_range.name])\nlooker_instance = gcp.looker.Instance(\"looker-instance\",\n name=\"my-instance\",\n platform_edition=\"LOOKER_CORE_ENTERPRISE_ANNUAL\",\n region=\"us-central1\",\n private_ip_enabled=True,\n public_ip_enabled=False,\n reserved_range=looker_range.name,\n consumer_network=looker_network.id,\n admin_settings={\n \"allowed_email_domains\": [\"google.com\"],\n },\n encryption_config={\n \"kms_key_name\": \"looker-kms-key\",\n },\n maintenance_window={\n \"day_of_week\": \"THURSDAY\",\n \"start_time\": {\n \"hours\": 22,\n \"minutes\": 0,\n \"seconds\": 0,\n \"nanos\": 0,\n },\n },\n deny_maintenance_period={\n \"start_date\": {\n \"year\": 2050,\n \"month\": 1,\n \"day\": 1,\n },\n \"end_date\": {\n \"year\": 2050,\n \"month\": 2,\n \"day\": 1,\n },\n \"time\": {\n \"hours\": 10,\n \"minutes\": 0,\n \"seconds\": 0,\n \"nanos\": 0,\n },\n },\n oauth_config={\n \"client_id\": \"my-client-id\",\n \"client_secret\": \"my-client-secret\",\n },\n opts = pulumi.ResourceOptions(depends_on=[looker_vpc_connection]))\nproject = gcp.organizations.get_project()\ncrypto_key = gcp.kms.CryptoKeyIAMMember(\"crypto_key\",\n crypto_key_id=\"looker-kms-key\",\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-looker.iam.gserviceaccount.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var lookerNetwork = new Gcp.Compute.Network(\"looker_network\", new()\n {\n Name = \"looker-network\",\n });\n\n var lookerRange = new Gcp.Compute.GlobalAddress(\"looker_range\", new()\n {\n Name = \"looker-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 20,\n Network = lookerNetwork.Id,\n });\n\n var lookerVpcConnection = new Gcp.ServiceNetworking.Connection(\"looker_vpc_connection\", new()\n {\n Network = lookerNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n lookerRange.Name,\n },\n });\n\n var looker_instance = new Gcp.Looker.Instance(\"looker-instance\", new()\n {\n Name = \"my-instance\",\n PlatformEdition = \"LOOKER_CORE_ENTERPRISE_ANNUAL\",\n Region = \"us-central1\",\n PrivateIpEnabled = true,\n PublicIpEnabled = false,\n ReservedRange = lookerRange.Name,\n ConsumerNetwork = lookerNetwork.Id,\n AdminSettings = new Gcp.Looker.Inputs.InstanceAdminSettingsArgs\n {\n AllowedEmailDomains = new[]\n {\n \"google.com\",\n },\n },\n EncryptionConfig = new Gcp.Looker.Inputs.InstanceEncryptionConfigArgs\n {\n KmsKeyName = \"looker-kms-key\",\n },\n MaintenanceWindow = new Gcp.Looker.Inputs.InstanceMaintenanceWindowArgs\n {\n DayOfWeek = \"THURSDAY\",\n StartTime = new Gcp.Looker.Inputs.InstanceMaintenanceWindowStartTimeArgs\n {\n Hours = 22,\n Minutes = 0,\n Seconds = 0,\n Nanos = 0,\n },\n },\n DenyMaintenancePeriod = new Gcp.Looker.Inputs.InstanceDenyMaintenancePeriodArgs\n {\n StartDate = new Gcp.Looker.Inputs.InstanceDenyMaintenancePeriodStartDateArgs\n {\n Year = 2050,\n Month = 1,\n Day = 1,\n },\n EndDate = new Gcp.Looker.Inputs.InstanceDenyMaintenancePeriodEndDateArgs\n {\n Year = 2050,\n Month = 2,\n Day = 1,\n },\n Time = new Gcp.Looker.Inputs.InstanceDenyMaintenancePeriodTimeArgs\n {\n Hours = 10,\n Minutes = 0,\n Seconds = 0,\n Nanos = 0,\n },\n },\n OauthConfig = new Gcp.Looker.Inputs.InstanceOauthConfigArgs\n {\n ClientId = \"my-client-id\",\n ClientSecret = \"my-client-secret\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n lookerVpcConnection,\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key\", new()\n {\n CryptoKeyId = \"looker-kms-key\",\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-looker.iam.gserviceaccount.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/looker\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tlookerNetwork, err := compute.NewNetwork(ctx, \"looker_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"looker-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlookerRange, err := compute.NewGlobalAddress(ctx, \"looker_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"looker-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(20),\n\t\t\tNetwork: lookerNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlookerVpcConnection, err := servicenetworking.NewConnection(ctx, \"looker_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: lookerNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tlookerRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = looker.NewInstance(ctx, \"looker-instance\", \u0026looker.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tPlatformEdition: pulumi.String(\"LOOKER_CORE_ENTERPRISE_ANNUAL\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tPrivateIpEnabled: pulumi.Bool(true),\n\t\t\tPublicIpEnabled: pulumi.Bool(false),\n\t\t\tReservedRange: lookerRange.Name,\n\t\t\tConsumerNetwork: lookerNetwork.ID(),\n\t\t\tAdminSettings: \u0026looker.InstanceAdminSettingsArgs{\n\t\t\t\tAllowedEmailDomains: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"google.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEncryptionConfig: \u0026looker.InstanceEncryptionConfigArgs{\n\t\t\t\tKmsKeyName: pulumi.String(\"looker-kms-key\"),\n\t\t\t},\n\t\t\tMaintenanceWindow: \u0026looker.InstanceMaintenanceWindowArgs{\n\t\t\t\tDayOfWeek: pulumi.String(\"THURSDAY\"),\n\t\t\t\tStartTime: \u0026looker.InstanceMaintenanceWindowStartTimeArgs{\n\t\t\t\t\tHours: pulumi.Int(22),\n\t\t\t\t\tMinutes: pulumi.Int(0),\n\t\t\t\t\tSeconds: pulumi.Int(0),\n\t\t\t\t\tNanos: pulumi.Int(0),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDenyMaintenancePeriod: \u0026looker.InstanceDenyMaintenancePeriodArgs{\n\t\t\t\tStartDate: \u0026looker.InstanceDenyMaintenancePeriodStartDateArgs{\n\t\t\t\t\tYear: pulumi.Int(2050),\n\t\t\t\t\tMonth: pulumi.Int(1),\n\t\t\t\t\tDay: pulumi.Int(1),\n\t\t\t\t},\n\t\t\t\tEndDate: \u0026looker.InstanceDenyMaintenancePeriodEndDateArgs{\n\t\t\t\t\tYear: pulumi.Int(2050),\n\t\t\t\t\tMonth: pulumi.Int(2),\n\t\t\t\t\tDay: pulumi.Int(1),\n\t\t\t\t},\n\t\t\t\tTime: \u0026looker.InstanceDenyMaintenancePeriodTimeArgs{\n\t\t\t\t\tHours: pulumi.Int(10),\n\t\t\t\t\tMinutes: pulumi.Int(0),\n\t\t\t\t\tSeconds: pulumi.Int(0),\n\t\t\t\t\tNanos: pulumi.Int(0),\n\t\t\t\t},\n\t\t\t},\n\t\t\tOauthConfig: \u0026looker.InstanceOauthConfigArgs{\n\t\t\t\tClientId: pulumi.String(\"my-client-id\"),\n\t\t\t\tClientSecret: pulumi.String(\"my-client-secret\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tlookerVpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewCryptoKeyIAMMember(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.String(\"looker-kms-key\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-looker.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.looker.Instance;\nimport com.pulumi.gcp.looker.InstanceArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceAdminSettingsArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceEncryptionConfigArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceMaintenanceWindowArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceMaintenanceWindowStartTimeArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceDenyMaintenancePeriodArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceDenyMaintenancePeriodStartDateArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceDenyMaintenancePeriodEndDateArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceDenyMaintenancePeriodTimeArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceOauthConfigArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var lookerNetwork = new Network(\"lookerNetwork\", NetworkArgs.builder()\n .name(\"looker-network\")\n .build());\n\n var lookerRange = new GlobalAddress(\"lookerRange\", GlobalAddressArgs.builder()\n .name(\"looker-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(20)\n .network(lookerNetwork.id())\n .build());\n\n var lookerVpcConnection = new Connection(\"lookerVpcConnection\", ConnectionArgs.builder()\n .network(lookerNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(lookerRange.name())\n .build());\n\n var looker_instance = new Instance(\"looker-instance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .platformEdition(\"LOOKER_CORE_ENTERPRISE_ANNUAL\")\n .region(\"us-central1\")\n .privateIpEnabled(true)\n .publicIpEnabled(false)\n .reservedRange(lookerRange.name())\n .consumerNetwork(lookerNetwork.id())\n .adminSettings(InstanceAdminSettingsArgs.builder()\n .allowedEmailDomains(\"google.com\")\n .build())\n .encryptionConfig(InstanceEncryptionConfigArgs.builder()\n .kmsKeyName(\"looker-kms-key\")\n .build())\n .maintenanceWindow(InstanceMaintenanceWindowArgs.builder()\n .dayOfWeek(\"THURSDAY\")\n .startTime(InstanceMaintenanceWindowStartTimeArgs.builder()\n .hours(22)\n .minutes(0)\n .seconds(0)\n .nanos(0)\n .build())\n .build())\n .denyMaintenancePeriod(InstanceDenyMaintenancePeriodArgs.builder()\n .startDate(InstanceDenyMaintenancePeriodStartDateArgs.builder()\n .year(2050)\n .month(1)\n .day(1)\n .build())\n .endDate(InstanceDenyMaintenancePeriodEndDateArgs.builder()\n .year(2050)\n .month(2)\n .day(1)\n .build())\n .time(InstanceDenyMaintenancePeriodTimeArgs.builder()\n .hours(10)\n .minutes(0)\n .seconds(0)\n .nanos(0)\n .build())\n .build())\n .oauthConfig(InstanceOauthConfigArgs.builder()\n .clientId(\"my-client-id\")\n .clientSecret(\"my-client-secret\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(lookerVpcConnection)\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var cryptoKey = new CryptoKeyIAMMember(\"cryptoKey\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(\"looker-kms-key\")\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-looker.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n looker-instance:\n type: gcp:looker:Instance\n properties:\n name: my-instance\n platformEdition: LOOKER_CORE_ENTERPRISE_ANNUAL\n region: us-central1\n privateIpEnabled: true\n publicIpEnabled: false\n reservedRange: ${lookerRange.name}\n consumerNetwork: ${lookerNetwork.id}\n adminSettings:\n allowedEmailDomains:\n - google.com\n encryptionConfig:\n kmsKeyName: looker-kms-key\n maintenanceWindow:\n dayOfWeek: THURSDAY\n startTime:\n hours: 22\n minutes: 0\n seconds: 0\n nanos: 0\n denyMaintenancePeriod:\n startDate:\n year: 2050\n month: 1\n day: 1\n endDate:\n year: 2050\n month: 2\n day: 1\n time:\n hours: 10\n minutes: 0\n seconds: 0\n nanos: 0\n oauthConfig:\n clientId: my-client-id\n clientSecret: my-client-secret\n options:\n dependson:\n - ${lookerVpcConnection}\n lookerVpcConnection:\n type: gcp:servicenetworking:Connection\n name: looker_vpc_connection\n properties:\n network: ${lookerNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${lookerRange.name}\n lookerRange:\n type: gcp:compute:GlobalAddress\n name: looker_range\n properties:\n name: looker-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 20\n network: ${lookerNetwork.id}\n lookerNetwork:\n type: gcp:compute:Network\n name: looker_network\n properties:\n name: looker-network\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key\n properties:\n cryptoKeyId: looker-kms-key\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:service-${project.number}@gcp-sa-looker.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Looker Instance Custom Domain\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst looker_instance = new gcp.looker.Instance(\"looker-instance\", {\n name: \"my-instance\",\n platformEdition: \"LOOKER_CORE_STANDARD_ANNUAL\",\n region: \"us-central1\",\n oauthConfig: {\n clientId: \"my-client-id\",\n clientSecret: \"my-client-secret\",\n },\n customDomain: {\n domain: \"my-custom-domain.com\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nlooker_instance = gcp.looker.Instance(\"looker-instance\",\n name=\"my-instance\",\n platform_edition=\"LOOKER_CORE_STANDARD_ANNUAL\",\n region=\"us-central1\",\n oauth_config={\n \"client_id\": \"my-client-id\",\n \"client_secret\": \"my-client-secret\",\n },\n custom_domain={\n \"domain\": \"my-custom-domain.com\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var looker_instance = new Gcp.Looker.Instance(\"looker-instance\", new()\n {\n Name = \"my-instance\",\n PlatformEdition = \"LOOKER_CORE_STANDARD_ANNUAL\",\n Region = \"us-central1\",\n OauthConfig = new Gcp.Looker.Inputs.InstanceOauthConfigArgs\n {\n ClientId = \"my-client-id\",\n ClientSecret = \"my-client-secret\",\n },\n CustomDomain = new Gcp.Looker.Inputs.InstanceCustomDomainArgs\n {\n Domain = \"my-custom-domain.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/looker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := looker.NewInstance(ctx, \"looker-instance\", \u0026looker.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tPlatformEdition: pulumi.String(\"LOOKER_CORE_STANDARD_ANNUAL\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tOauthConfig: \u0026looker.InstanceOauthConfigArgs{\n\t\t\t\tClientId: pulumi.String(\"my-client-id\"),\n\t\t\t\tClientSecret: pulumi.String(\"my-client-secret\"),\n\t\t\t},\n\t\t\tCustomDomain: \u0026looker.InstanceCustomDomainArgs{\n\t\t\t\tDomain: pulumi.String(\"my-custom-domain.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.looker.Instance;\nimport com.pulumi.gcp.looker.InstanceArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceOauthConfigArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceCustomDomainArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var looker_instance = new Instance(\"looker-instance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .platformEdition(\"LOOKER_CORE_STANDARD_ANNUAL\")\n .region(\"us-central1\")\n .oauthConfig(InstanceOauthConfigArgs.builder()\n .clientId(\"my-client-id\")\n .clientSecret(\"my-client-secret\")\n .build())\n .customDomain(InstanceCustomDomainArgs.builder()\n .domain(\"my-custom-domain.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n looker-instance:\n type: gcp:looker:Instance\n properties:\n name: my-instance\n platformEdition: LOOKER_CORE_STANDARD_ANNUAL\n region: us-central1\n oauthConfig:\n clientId: my-client-id\n clientSecret: my-client-secret\n customDomain:\n domain: my-custom-domain.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Looker Instance Psc\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst looker_instance = new gcp.looker.Instance(\"looker-instance\", {\n name: \"my-instance\",\n platformEdition: \"LOOKER_CORE_ENTERPRISE_ANNUAL\",\n region: \"us-central1\",\n privateIpEnabled: false,\n publicIpEnabled: false,\n pscEnabled: true,\n oauthConfig: {\n clientId: \"my-client-id\",\n clientSecret: \"my-client-secret\",\n },\n pscConfig: {\n allowedVpcs: [\"projects/test-project/global/networks/test\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nlooker_instance = gcp.looker.Instance(\"looker-instance\",\n name=\"my-instance\",\n platform_edition=\"LOOKER_CORE_ENTERPRISE_ANNUAL\",\n region=\"us-central1\",\n private_ip_enabled=False,\n public_ip_enabled=False,\n psc_enabled=True,\n oauth_config={\n \"client_id\": \"my-client-id\",\n \"client_secret\": \"my-client-secret\",\n },\n psc_config={\n \"allowed_vpcs\": [\"projects/test-project/global/networks/test\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var looker_instance = new Gcp.Looker.Instance(\"looker-instance\", new()\n {\n Name = \"my-instance\",\n PlatformEdition = \"LOOKER_CORE_ENTERPRISE_ANNUAL\",\n Region = \"us-central1\",\n PrivateIpEnabled = false,\n PublicIpEnabled = false,\n PscEnabled = true,\n OauthConfig = new Gcp.Looker.Inputs.InstanceOauthConfigArgs\n {\n ClientId = \"my-client-id\",\n ClientSecret = \"my-client-secret\",\n },\n PscConfig = new Gcp.Looker.Inputs.InstancePscConfigArgs\n {\n AllowedVpcs = new[]\n {\n \"projects/test-project/global/networks/test\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/looker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := looker.NewInstance(ctx, \"looker-instance\", \u0026looker.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tPlatformEdition: pulumi.String(\"LOOKER_CORE_ENTERPRISE_ANNUAL\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tPrivateIpEnabled: pulumi.Bool(false),\n\t\t\tPublicIpEnabled: pulumi.Bool(false),\n\t\t\tPscEnabled: pulumi.Bool(true),\n\t\t\tOauthConfig: \u0026looker.InstanceOauthConfigArgs{\n\t\t\t\tClientId: pulumi.String(\"my-client-id\"),\n\t\t\t\tClientSecret: pulumi.String(\"my-client-secret\"),\n\t\t\t},\n\t\t\tPscConfig: \u0026looker.InstancePscConfigArgs{\n\t\t\t\tAllowedVpcs: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"projects/test-project/global/networks/test\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.looker.Instance;\nimport com.pulumi.gcp.looker.InstanceArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceOauthConfigArgs;\nimport com.pulumi.gcp.looker.inputs.InstancePscConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var looker_instance = new Instance(\"looker-instance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .platformEdition(\"LOOKER_CORE_ENTERPRISE_ANNUAL\")\n .region(\"us-central1\")\n .privateIpEnabled(false)\n .publicIpEnabled(false)\n .pscEnabled(true)\n .oauthConfig(InstanceOauthConfigArgs.builder()\n .clientId(\"my-client-id\")\n .clientSecret(\"my-client-secret\")\n .build())\n .pscConfig(InstancePscConfigArgs.builder()\n .allowedVpcs(\"projects/test-project/global/networks/test\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n looker-instance:\n type: gcp:looker:Instance\n properties:\n name: my-instance\n platformEdition: LOOKER_CORE_ENTERPRISE_ANNUAL\n region: us-central1\n privateIpEnabled: false\n publicIpEnabled: false\n pscEnabled: true\n oauthConfig:\n clientId: my-client-id\n clientSecret: my-client-secret\n pscConfig:\n allowedVpcs:\n - projects/test-project/global/networks/test\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Looker Instance Force Delete\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst looker_instance = new gcp.looker.Instance(\"looker-instance\", {\n name: \"my-instance\",\n platformEdition: \"LOOKER_CORE_STANDARD_ANNUAL\",\n region: \"us-central1\",\n oauthConfig: {\n clientId: \"my-client-id\",\n clientSecret: \"my-client-secret\",\n },\n deletionPolicy: \"FORCE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nlooker_instance = gcp.looker.Instance(\"looker-instance\",\n name=\"my-instance\",\n platform_edition=\"LOOKER_CORE_STANDARD_ANNUAL\",\n region=\"us-central1\",\n oauth_config={\n \"client_id\": \"my-client-id\",\n \"client_secret\": \"my-client-secret\",\n },\n deletion_policy=\"FORCE\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var looker_instance = new Gcp.Looker.Instance(\"looker-instance\", new()\n {\n Name = \"my-instance\",\n PlatformEdition = \"LOOKER_CORE_STANDARD_ANNUAL\",\n Region = \"us-central1\",\n OauthConfig = new Gcp.Looker.Inputs.InstanceOauthConfigArgs\n {\n ClientId = \"my-client-id\",\n ClientSecret = \"my-client-secret\",\n },\n DeletionPolicy = \"FORCE\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/looker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := looker.NewInstance(ctx, \"looker-instance\", \u0026looker.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tPlatformEdition: pulumi.String(\"LOOKER_CORE_STANDARD_ANNUAL\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tOauthConfig: \u0026looker.InstanceOauthConfigArgs{\n\t\t\t\tClientId: pulumi.String(\"my-client-id\"),\n\t\t\t\tClientSecret: pulumi.String(\"my-client-secret\"),\n\t\t\t},\n\t\t\tDeletionPolicy: pulumi.String(\"FORCE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.looker.Instance;\nimport com.pulumi.gcp.looker.InstanceArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceOauthConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var looker_instance = new Instance(\"looker-instance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .platformEdition(\"LOOKER_CORE_STANDARD_ANNUAL\")\n .region(\"us-central1\")\n .oauthConfig(InstanceOauthConfigArgs.builder()\n .clientId(\"my-client-id\")\n .clientSecret(\"my-client-secret\")\n .build())\n .deletionPolicy(\"FORCE\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n looker-instance:\n type: gcp:looker:Instance\n properties:\n name: my-instance\n platformEdition: LOOKER_CORE_STANDARD_ANNUAL\n region: us-central1\n oauthConfig:\n clientId: my-client-id\n clientSecret: my-client-secret\n deletionPolicy: FORCE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInstance can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/instances/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Instance can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:looker/instance:Instance default projects/{{project}}/locations/{{region}}/instances/{{name}}\n```\n\n```sh\n$ pulumi import gcp:looker/instance:Instance default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:looker/instance:Instance default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:looker/instance:Instance default {{name}}\n```\n\n", + "description": "A Google Cloud Looker instance.\n\n\nTo get more information about Instance, see:\n\n* [API documentation](https://cloud.google.com/looker/docs/reference/rest/v1/projects.locations.instances)\n* How-to Guides\n * [Configure a Looker (Google Cloud core) instance](https://cloud.google.com/looker/docs/looker-core-instance-setup)\n * [Create a Looker (Google Cloud core) instance](https://cloud.google.com/looker/docs/looker-core-instance-create)\n\n## Example Usage\n\n### Looker Instance Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst looker_instance = new gcp.looker.Instance(\"looker-instance\", {\n name: \"my-instance\",\n platformEdition: \"LOOKER_CORE_STANDARD_ANNUAL\",\n region: \"us-central1\",\n oauthConfig: {\n clientId: \"my-client-id\",\n clientSecret: \"my-client-secret\",\n },\n deletionPolicy: \"DEFAULT\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nlooker_instance = gcp.looker.Instance(\"looker-instance\",\n name=\"my-instance\",\n platform_edition=\"LOOKER_CORE_STANDARD_ANNUAL\",\n region=\"us-central1\",\n oauth_config={\n \"client_id\": \"my-client-id\",\n \"client_secret\": \"my-client-secret\",\n },\n deletion_policy=\"DEFAULT\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var looker_instance = new Gcp.Looker.Instance(\"looker-instance\", new()\n {\n Name = \"my-instance\",\n PlatformEdition = \"LOOKER_CORE_STANDARD_ANNUAL\",\n Region = \"us-central1\",\n OauthConfig = new Gcp.Looker.Inputs.InstanceOauthConfigArgs\n {\n ClientId = \"my-client-id\",\n ClientSecret = \"my-client-secret\",\n },\n DeletionPolicy = \"DEFAULT\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/looker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := looker.NewInstance(ctx, \"looker-instance\", \u0026looker.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tPlatformEdition: pulumi.String(\"LOOKER_CORE_STANDARD_ANNUAL\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tOauthConfig: \u0026looker.InstanceOauthConfigArgs{\n\t\t\t\tClientId: pulumi.String(\"my-client-id\"),\n\t\t\t\tClientSecret: pulumi.String(\"my-client-secret\"),\n\t\t\t},\n\t\t\tDeletionPolicy: pulumi.String(\"DEFAULT\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.looker.Instance;\nimport com.pulumi.gcp.looker.InstanceArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceOauthConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var looker_instance = new Instance(\"looker-instance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .platformEdition(\"LOOKER_CORE_STANDARD_ANNUAL\")\n .region(\"us-central1\")\n .oauthConfig(InstanceOauthConfigArgs.builder()\n .clientId(\"my-client-id\")\n .clientSecret(\"my-client-secret\")\n .build())\n .deletionPolicy(\"DEFAULT\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n looker-instance:\n type: gcp:looker:Instance\n properties:\n name: my-instance\n platformEdition: LOOKER_CORE_STANDARD_ANNUAL\n region: us-central1\n oauthConfig:\n clientId: my-client-id\n clientSecret: my-client-secret\n deletionPolicy: DEFAULT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Looker Instance Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst looker_instance = new gcp.looker.Instance(\"looker-instance\", {\n name: \"my-instance\",\n platformEdition: \"LOOKER_CORE_STANDARD_ANNUAL\",\n region: \"us-central1\",\n publicIpEnabled: true,\n adminSettings: {\n allowedEmailDomains: [\"google.com\"],\n },\n maintenanceWindow: {\n dayOfWeek: \"THURSDAY\",\n startTime: {\n hours: 22,\n minutes: 0,\n seconds: 0,\n nanos: 0,\n },\n },\n denyMaintenancePeriod: {\n startDate: {\n year: 2050,\n month: 1,\n day: 1,\n },\n endDate: {\n year: 2050,\n month: 2,\n day: 1,\n },\n time: {\n hours: 10,\n minutes: 0,\n seconds: 0,\n nanos: 0,\n },\n },\n oauthConfig: {\n clientId: \"my-client-id\",\n clientSecret: \"my-client-secret\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nlooker_instance = gcp.looker.Instance(\"looker-instance\",\n name=\"my-instance\",\n platform_edition=\"LOOKER_CORE_STANDARD_ANNUAL\",\n region=\"us-central1\",\n public_ip_enabled=True,\n admin_settings={\n \"allowed_email_domains\": [\"google.com\"],\n },\n maintenance_window={\n \"day_of_week\": \"THURSDAY\",\n \"start_time\": {\n \"hours\": 22,\n \"minutes\": 0,\n \"seconds\": 0,\n \"nanos\": 0,\n },\n },\n deny_maintenance_period={\n \"start_date\": {\n \"year\": 2050,\n \"month\": 1,\n \"day\": 1,\n },\n \"end_date\": {\n \"year\": 2050,\n \"month\": 2,\n \"day\": 1,\n },\n \"time\": {\n \"hours\": 10,\n \"minutes\": 0,\n \"seconds\": 0,\n \"nanos\": 0,\n },\n },\n oauth_config={\n \"client_id\": \"my-client-id\",\n \"client_secret\": \"my-client-secret\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var looker_instance = new Gcp.Looker.Instance(\"looker-instance\", new()\n {\n Name = \"my-instance\",\n PlatformEdition = \"LOOKER_CORE_STANDARD_ANNUAL\",\n Region = \"us-central1\",\n PublicIpEnabled = true,\n AdminSettings = new Gcp.Looker.Inputs.InstanceAdminSettingsArgs\n {\n AllowedEmailDomains = new[]\n {\n \"google.com\",\n },\n },\n MaintenanceWindow = new Gcp.Looker.Inputs.InstanceMaintenanceWindowArgs\n {\n DayOfWeek = \"THURSDAY\",\n StartTime = new Gcp.Looker.Inputs.InstanceMaintenanceWindowStartTimeArgs\n {\n Hours = 22,\n Minutes = 0,\n Seconds = 0,\n Nanos = 0,\n },\n },\n DenyMaintenancePeriod = new Gcp.Looker.Inputs.InstanceDenyMaintenancePeriodArgs\n {\n StartDate = new Gcp.Looker.Inputs.InstanceDenyMaintenancePeriodStartDateArgs\n {\n Year = 2050,\n Month = 1,\n Day = 1,\n },\n EndDate = new Gcp.Looker.Inputs.InstanceDenyMaintenancePeriodEndDateArgs\n {\n Year = 2050,\n Month = 2,\n Day = 1,\n },\n Time = new Gcp.Looker.Inputs.InstanceDenyMaintenancePeriodTimeArgs\n {\n Hours = 10,\n Minutes = 0,\n Seconds = 0,\n Nanos = 0,\n },\n },\n OauthConfig = new Gcp.Looker.Inputs.InstanceOauthConfigArgs\n {\n ClientId = \"my-client-id\",\n ClientSecret = \"my-client-secret\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/looker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := looker.NewInstance(ctx, \"looker-instance\", \u0026looker.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tPlatformEdition: pulumi.String(\"LOOKER_CORE_STANDARD_ANNUAL\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tPublicIpEnabled: pulumi.Bool(true),\n\t\t\tAdminSettings: \u0026looker.InstanceAdminSettingsArgs{\n\t\t\t\tAllowedEmailDomains: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"google.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tMaintenanceWindow: \u0026looker.InstanceMaintenanceWindowArgs{\n\t\t\t\tDayOfWeek: pulumi.String(\"THURSDAY\"),\n\t\t\t\tStartTime: \u0026looker.InstanceMaintenanceWindowStartTimeArgs{\n\t\t\t\t\tHours: pulumi.Int(22),\n\t\t\t\t\tMinutes: pulumi.Int(0),\n\t\t\t\t\tSeconds: pulumi.Int(0),\n\t\t\t\t\tNanos: pulumi.Int(0),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDenyMaintenancePeriod: \u0026looker.InstanceDenyMaintenancePeriodArgs{\n\t\t\t\tStartDate: \u0026looker.InstanceDenyMaintenancePeriodStartDateArgs{\n\t\t\t\t\tYear: pulumi.Int(2050),\n\t\t\t\t\tMonth: pulumi.Int(1),\n\t\t\t\t\tDay: pulumi.Int(1),\n\t\t\t\t},\n\t\t\t\tEndDate: \u0026looker.InstanceDenyMaintenancePeriodEndDateArgs{\n\t\t\t\t\tYear: pulumi.Int(2050),\n\t\t\t\t\tMonth: pulumi.Int(2),\n\t\t\t\t\tDay: pulumi.Int(1),\n\t\t\t\t},\n\t\t\t\tTime: \u0026looker.InstanceDenyMaintenancePeriodTimeArgs{\n\t\t\t\t\tHours: pulumi.Int(10),\n\t\t\t\t\tMinutes: pulumi.Int(0),\n\t\t\t\t\tSeconds: pulumi.Int(0),\n\t\t\t\t\tNanos: pulumi.Int(0),\n\t\t\t\t},\n\t\t\t},\n\t\t\tOauthConfig: \u0026looker.InstanceOauthConfigArgs{\n\t\t\t\tClientId: pulumi.String(\"my-client-id\"),\n\t\t\t\tClientSecret: pulumi.String(\"my-client-secret\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.looker.Instance;\nimport com.pulumi.gcp.looker.InstanceArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceAdminSettingsArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceMaintenanceWindowArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceMaintenanceWindowStartTimeArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceDenyMaintenancePeriodArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceDenyMaintenancePeriodStartDateArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceDenyMaintenancePeriodEndDateArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceDenyMaintenancePeriodTimeArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceOauthConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var looker_instance = new Instance(\"looker-instance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .platformEdition(\"LOOKER_CORE_STANDARD_ANNUAL\")\n .region(\"us-central1\")\n .publicIpEnabled(true)\n .adminSettings(InstanceAdminSettingsArgs.builder()\n .allowedEmailDomains(\"google.com\")\n .build())\n .maintenanceWindow(InstanceMaintenanceWindowArgs.builder()\n .dayOfWeek(\"THURSDAY\")\n .startTime(InstanceMaintenanceWindowStartTimeArgs.builder()\n .hours(22)\n .minutes(0)\n .seconds(0)\n .nanos(0)\n .build())\n .build())\n .denyMaintenancePeriod(InstanceDenyMaintenancePeriodArgs.builder()\n .startDate(InstanceDenyMaintenancePeriodStartDateArgs.builder()\n .year(2050)\n .month(1)\n .day(1)\n .build())\n .endDate(InstanceDenyMaintenancePeriodEndDateArgs.builder()\n .year(2050)\n .month(2)\n .day(1)\n .build())\n .time(InstanceDenyMaintenancePeriodTimeArgs.builder()\n .hours(10)\n .minutes(0)\n .seconds(0)\n .nanos(0)\n .build())\n .build())\n .oauthConfig(InstanceOauthConfigArgs.builder()\n .clientId(\"my-client-id\")\n .clientSecret(\"my-client-secret\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n looker-instance:\n type: gcp:looker:Instance\n properties:\n name: my-instance\n platformEdition: LOOKER_CORE_STANDARD_ANNUAL\n region: us-central1\n publicIpEnabled: true\n adminSettings:\n allowedEmailDomains:\n - google.com\n maintenanceWindow:\n dayOfWeek: THURSDAY\n startTime:\n hours: 22\n minutes: 0\n seconds: 0\n nanos: 0\n denyMaintenancePeriod:\n startDate:\n year: 2050\n month: 1\n day: 1\n endDate:\n year: 2050\n month: 2\n day: 1\n time:\n hours: 10\n minutes: 0\n seconds: 0\n nanos: 0\n oauthConfig:\n clientId: my-client-id\n clientSecret: my-client-secret\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Looker Instance Fips\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst looker_instance = new gcp.looker.Instance(\"looker-instance\", {\n name: \"my-instance-fips\",\n platformEdition: \"LOOKER_CORE_ENTERPRISE_ANNUAL\",\n region: \"us-central1\",\n publicIpEnabled: true,\n fipsEnabled: true,\n oauthConfig: {\n clientId: \"my-client-id\",\n clientSecret: \"my-client-secret\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nlooker_instance = gcp.looker.Instance(\"looker-instance\",\n name=\"my-instance-fips\",\n platform_edition=\"LOOKER_CORE_ENTERPRISE_ANNUAL\",\n region=\"us-central1\",\n public_ip_enabled=True,\n fips_enabled=True,\n oauth_config={\n \"client_id\": \"my-client-id\",\n \"client_secret\": \"my-client-secret\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var looker_instance = new Gcp.Looker.Instance(\"looker-instance\", new()\n {\n Name = \"my-instance-fips\",\n PlatformEdition = \"LOOKER_CORE_ENTERPRISE_ANNUAL\",\n Region = \"us-central1\",\n PublicIpEnabled = true,\n FipsEnabled = true,\n OauthConfig = new Gcp.Looker.Inputs.InstanceOauthConfigArgs\n {\n ClientId = \"my-client-id\",\n ClientSecret = \"my-client-secret\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/looker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := looker.NewInstance(ctx, \"looker-instance\", \u0026looker.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance-fips\"),\n\t\t\tPlatformEdition: pulumi.String(\"LOOKER_CORE_ENTERPRISE_ANNUAL\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tPublicIpEnabled: pulumi.Bool(true),\n\t\t\tFipsEnabled: pulumi.Bool(true),\n\t\t\tOauthConfig: \u0026looker.InstanceOauthConfigArgs{\n\t\t\t\tClientId: pulumi.String(\"my-client-id\"),\n\t\t\t\tClientSecret: pulumi.String(\"my-client-secret\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.looker.Instance;\nimport com.pulumi.gcp.looker.InstanceArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceOauthConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var looker_instance = new Instance(\"looker-instance\", InstanceArgs.builder()\n .name(\"my-instance-fips\")\n .platformEdition(\"LOOKER_CORE_ENTERPRISE_ANNUAL\")\n .region(\"us-central1\")\n .publicIpEnabled(true)\n .fipsEnabled(true)\n .oauthConfig(InstanceOauthConfigArgs.builder()\n .clientId(\"my-client-id\")\n .clientSecret(\"my-client-secret\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n looker-instance:\n type: gcp:looker:Instance\n properties:\n name: my-instance-fips\n platformEdition: LOOKER_CORE_ENTERPRISE_ANNUAL\n region: us-central1\n publicIpEnabled: true\n fipsEnabled: true\n oauthConfig:\n clientId: my-client-id\n clientSecret: my-client-secret\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Looker Instance Enterprise Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst lookerNetwork = new gcp.compute.Network(\"looker_network\", {name: \"looker-network\"});\nconst lookerRange = new gcp.compute.GlobalAddress(\"looker_range\", {\n name: \"looker-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 20,\n network: lookerNetwork.id,\n});\nconst lookerVpcConnection = new gcp.servicenetworking.Connection(\"looker_vpc_connection\", {\n network: lookerNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [lookerRange.name],\n});\nconst looker_instance = new gcp.looker.Instance(\"looker-instance\", {\n name: \"my-instance\",\n platformEdition: \"LOOKER_CORE_ENTERPRISE_ANNUAL\",\n region: \"us-central1\",\n privateIpEnabled: true,\n publicIpEnabled: false,\n reservedRange: lookerRange.name,\n consumerNetwork: lookerNetwork.id,\n adminSettings: {\n allowedEmailDomains: [\"google.com\"],\n },\n encryptionConfig: {\n kmsKeyName: \"looker-kms-key\",\n },\n maintenanceWindow: {\n dayOfWeek: \"THURSDAY\",\n startTime: {\n hours: 22,\n minutes: 0,\n seconds: 0,\n nanos: 0,\n },\n },\n denyMaintenancePeriod: {\n startDate: {\n year: 2050,\n month: 1,\n day: 1,\n },\n endDate: {\n year: 2050,\n month: 2,\n day: 1,\n },\n time: {\n hours: 10,\n minutes: 0,\n seconds: 0,\n nanos: 0,\n },\n },\n oauthConfig: {\n clientId: \"my-client-id\",\n clientSecret: \"my-client-secret\",\n },\n}, {\n dependsOn: [lookerVpcConnection],\n});\nconst project = gcp.organizations.getProject({});\nconst cryptoKey = new gcp.kms.CryptoKeyIAMMember(\"crypto_key\", {\n cryptoKeyId: \"looker-kms-key\",\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-looker.iam.gserviceaccount.com`),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nlooker_network = gcp.compute.Network(\"looker_network\", name=\"looker-network\")\nlooker_range = gcp.compute.GlobalAddress(\"looker_range\",\n name=\"looker-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=20,\n network=looker_network.id)\nlooker_vpc_connection = gcp.servicenetworking.Connection(\"looker_vpc_connection\",\n network=looker_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[looker_range.name])\nlooker_instance = gcp.looker.Instance(\"looker-instance\",\n name=\"my-instance\",\n platform_edition=\"LOOKER_CORE_ENTERPRISE_ANNUAL\",\n region=\"us-central1\",\n private_ip_enabled=True,\n public_ip_enabled=False,\n reserved_range=looker_range.name,\n consumer_network=looker_network.id,\n admin_settings={\n \"allowed_email_domains\": [\"google.com\"],\n },\n encryption_config={\n \"kms_key_name\": \"looker-kms-key\",\n },\n maintenance_window={\n \"day_of_week\": \"THURSDAY\",\n \"start_time\": {\n \"hours\": 22,\n \"minutes\": 0,\n \"seconds\": 0,\n \"nanos\": 0,\n },\n },\n deny_maintenance_period={\n \"start_date\": {\n \"year\": 2050,\n \"month\": 1,\n \"day\": 1,\n },\n \"end_date\": {\n \"year\": 2050,\n \"month\": 2,\n \"day\": 1,\n },\n \"time\": {\n \"hours\": 10,\n \"minutes\": 0,\n \"seconds\": 0,\n \"nanos\": 0,\n },\n },\n oauth_config={\n \"client_id\": \"my-client-id\",\n \"client_secret\": \"my-client-secret\",\n },\n opts = pulumi.ResourceOptions(depends_on=[looker_vpc_connection]))\nproject = gcp.organizations.get_project()\ncrypto_key = gcp.kms.CryptoKeyIAMMember(\"crypto_key\",\n crypto_key_id=\"looker-kms-key\",\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-looker.iam.gserviceaccount.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var lookerNetwork = new Gcp.Compute.Network(\"looker_network\", new()\n {\n Name = \"looker-network\",\n });\n\n var lookerRange = new Gcp.Compute.GlobalAddress(\"looker_range\", new()\n {\n Name = \"looker-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 20,\n Network = lookerNetwork.Id,\n });\n\n var lookerVpcConnection = new Gcp.ServiceNetworking.Connection(\"looker_vpc_connection\", new()\n {\n Network = lookerNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n lookerRange.Name,\n },\n });\n\n var looker_instance = new Gcp.Looker.Instance(\"looker-instance\", new()\n {\n Name = \"my-instance\",\n PlatformEdition = \"LOOKER_CORE_ENTERPRISE_ANNUAL\",\n Region = \"us-central1\",\n PrivateIpEnabled = true,\n PublicIpEnabled = false,\n ReservedRange = lookerRange.Name,\n ConsumerNetwork = lookerNetwork.Id,\n AdminSettings = new Gcp.Looker.Inputs.InstanceAdminSettingsArgs\n {\n AllowedEmailDomains = new[]\n {\n \"google.com\",\n },\n },\n EncryptionConfig = new Gcp.Looker.Inputs.InstanceEncryptionConfigArgs\n {\n KmsKeyName = \"looker-kms-key\",\n },\n MaintenanceWindow = new Gcp.Looker.Inputs.InstanceMaintenanceWindowArgs\n {\n DayOfWeek = \"THURSDAY\",\n StartTime = new Gcp.Looker.Inputs.InstanceMaintenanceWindowStartTimeArgs\n {\n Hours = 22,\n Minutes = 0,\n Seconds = 0,\n Nanos = 0,\n },\n },\n DenyMaintenancePeriod = new Gcp.Looker.Inputs.InstanceDenyMaintenancePeriodArgs\n {\n StartDate = new Gcp.Looker.Inputs.InstanceDenyMaintenancePeriodStartDateArgs\n {\n Year = 2050,\n Month = 1,\n Day = 1,\n },\n EndDate = new Gcp.Looker.Inputs.InstanceDenyMaintenancePeriodEndDateArgs\n {\n Year = 2050,\n Month = 2,\n Day = 1,\n },\n Time = new Gcp.Looker.Inputs.InstanceDenyMaintenancePeriodTimeArgs\n {\n Hours = 10,\n Minutes = 0,\n Seconds = 0,\n Nanos = 0,\n },\n },\n OauthConfig = new Gcp.Looker.Inputs.InstanceOauthConfigArgs\n {\n ClientId = \"my-client-id\",\n ClientSecret = \"my-client-secret\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n lookerVpcConnection,\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key\", new()\n {\n CryptoKeyId = \"looker-kms-key\",\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-looker.iam.gserviceaccount.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/looker\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tlookerNetwork, err := compute.NewNetwork(ctx, \"looker_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"looker-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlookerRange, err := compute.NewGlobalAddress(ctx, \"looker_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"looker-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(20),\n\t\t\tNetwork: lookerNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlookerVpcConnection, err := servicenetworking.NewConnection(ctx, \"looker_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: lookerNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tlookerRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = looker.NewInstance(ctx, \"looker-instance\", \u0026looker.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tPlatformEdition: pulumi.String(\"LOOKER_CORE_ENTERPRISE_ANNUAL\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tPrivateIpEnabled: pulumi.Bool(true),\n\t\t\tPublicIpEnabled: pulumi.Bool(false),\n\t\t\tReservedRange: lookerRange.Name,\n\t\t\tConsumerNetwork: lookerNetwork.ID(),\n\t\t\tAdminSettings: \u0026looker.InstanceAdminSettingsArgs{\n\t\t\t\tAllowedEmailDomains: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"google.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEncryptionConfig: \u0026looker.InstanceEncryptionConfigArgs{\n\t\t\t\tKmsKeyName: pulumi.String(\"looker-kms-key\"),\n\t\t\t},\n\t\t\tMaintenanceWindow: \u0026looker.InstanceMaintenanceWindowArgs{\n\t\t\t\tDayOfWeek: pulumi.String(\"THURSDAY\"),\n\t\t\t\tStartTime: \u0026looker.InstanceMaintenanceWindowStartTimeArgs{\n\t\t\t\t\tHours: pulumi.Int(22),\n\t\t\t\t\tMinutes: pulumi.Int(0),\n\t\t\t\t\tSeconds: pulumi.Int(0),\n\t\t\t\t\tNanos: pulumi.Int(0),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDenyMaintenancePeriod: \u0026looker.InstanceDenyMaintenancePeriodArgs{\n\t\t\t\tStartDate: \u0026looker.InstanceDenyMaintenancePeriodStartDateArgs{\n\t\t\t\t\tYear: pulumi.Int(2050),\n\t\t\t\t\tMonth: pulumi.Int(1),\n\t\t\t\t\tDay: pulumi.Int(1),\n\t\t\t\t},\n\t\t\t\tEndDate: \u0026looker.InstanceDenyMaintenancePeriodEndDateArgs{\n\t\t\t\t\tYear: pulumi.Int(2050),\n\t\t\t\t\tMonth: pulumi.Int(2),\n\t\t\t\t\tDay: pulumi.Int(1),\n\t\t\t\t},\n\t\t\t\tTime: \u0026looker.InstanceDenyMaintenancePeriodTimeArgs{\n\t\t\t\t\tHours: pulumi.Int(10),\n\t\t\t\t\tMinutes: pulumi.Int(0),\n\t\t\t\t\tSeconds: pulumi.Int(0),\n\t\t\t\t\tNanos: pulumi.Int(0),\n\t\t\t\t},\n\t\t\t},\n\t\t\tOauthConfig: \u0026looker.InstanceOauthConfigArgs{\n\t\t\t\tClientId: pulumi.String(\"my-client-id\"),\n\t\t\t\tClientSecret: pulumi.String(\"my-client-secret\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tlookerVpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewCryptoKeyIAMMember(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.String(\"looker-kms-key\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-looker.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.looker.Instance;\nimport com.pulumi.gcp.looker.InstanceArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceAdminSettingsArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceEncryptionConfigArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceMaintenanceWindowArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceMaintenanceWindowStartTimeArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceDenyMaintenancePeriodArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceDenyMaintenancePeriodStartDateArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceDenyMaintenancePeriodEndDateArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceDenyMaintenancePeriodTimeArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceOauthConfigArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var lookerNetwork = new Network(\"lookerNetwork\", NetworkArgs.builder()\n .name(\"looker-network\")\n .build());\n\n var lookerRange = new GlobalAddress(\"lookerRange\", GlobalAddressArgs.builder()\n .name(\"looker-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(20)\n .network(lookerNetwork.id())\n .build());\n\n var lookerVpcConnection = new Connection(\"lookerVpcConnection\", ConnectionArgs.builder()\n .network(lookerNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(lookerRange.name())\n .build());\n\n var looker_instance = new Instance(\"looker-instance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .platformEdition(\"LOOKER_CORE_ENTERPRISE_ANNUAL\")\n .region(\"us-central1\")\n .privateIpEnabled(true)\n .publicIpEnabled(false)\n .reservedRange(lookerRange.name())\n .consumerNetwork(lookerNetwork.id())\n .adminSettings(InstanceAdminSettingsArgs.builder()\n .allowedEmailDomains(\"google.com\")\n .build())\n .encryptionConfig(InstanceEncryptionConfigArgs.builder()\n .kmsKeyName(\"looker-kms-key\")\n .build())\n .maintenanceWindow(InstanceMaintenanceWindowArgs.builder()\n .dayOfWeek(\"THURSDAY\")\n .startTime(InstanceMaintenanceWindowStartTimeArgs.builder()\n .hours(22)\n .minutes(0)\n .seconds(0)\n .nanos(0)\n .build())\n .build())\n .denyMaintenancePeriod(InstanceDenyMaintenancePeriodArgs.builder()\n .startDate(InstanceDenyMaintenancePeriodStartDateArgs.builder()\n .year(2050)\n .month(1)\n .day(1)\n .build())\n .endDate(InstanceDenyMaintenancePeriodEndDateArgs.builder()\n .year(2050)\n .month(2)\n .day(1)\n .build())\n .time(InstanceDenyMaintenancePeriodTimeArgs.builder()\n .hours(10)\n .minutes(0)\n .seconds(0)\n .nanos(0)\n .build())\n .build())\n .oauthConfig(InstanceOauthConfigArgs.builder()\n .clientId(\"my-client-id\")\n .clientSecret(\"my-client-secret\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(lookerVpcConnection)\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var cryptoKey = new CryptoKeyIAMMember(\"cryptoKey\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(\"looker-kms-key\")\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-looker.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n looker-instance:\n type: gcp:looker:Instance\n properties:\n name: my-instance\n platformEdition: LOOKER_CORE_ENTERPRISE_ANNUAL\n region: us-central1\n privateIpEnabled: true\n publicIpEnabled: false\n reservedRange: ${lookerRange.name}\n consumerNetwork: ${lookerNetwork.id}\n adminSettings:\n allowedEmailDomains:\n - google.com\n encryptionConfig:\n kmsKeyName: looker-kms-key\n maintenanceWindow:\n dayOfWeek: THURSDAY\n startTime:\n hours: 22\n minutes: 0\n seconds: 0\n nanos: 0\n denyMaintenancePeriod:\n startDate:\n year: 2050\n month: 1\n day: 1\n endDate:\n year: 2050\n month: 2\n day: 1\n time:\n hours: 10\n minutes: 0\n seconds: 0\n nanos: 0\n oauthConfig:\n clientId: my-client-id\n clientSecret: my-client-secret\n options:\n dependsOn:\n - ${lookerVpcConnection}\n lookerVpcConnection:\n type: gcp:servicenetworking:Connection\n name: looker_vpc_connection\n properties:\n network: ${lookerNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${lookerRange.name}\n lookerRange:\n type: gcp:compute:GlobalAddress\n name: looker_range\n properties:\n name: looker-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 20\n network: ${lookerNetwork.id}\n lookerNetwork:\n type: gcp:compute:Network\n name: looker_network\n properties:\n name: looker-network\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key\n properties:\n cryptoKeyId: looker-kms-key\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:service-${project.number}@gcp-sa-looker.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Looker Instance Custom Domain\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst looker_instance = new gcp.looker.Instance(\"looker-instance\", {\n name: \"my-instance\",\n platformEdition: \"LOOKER_CORE_STANDARD_ANNUAL\",\n region: \"us-central1\",\n oauthConfig: {\n clientId: \"my-client-id\",\n clientSecret: \"my-client-secret\",\n },\n customDomain: {\n domain: \"my-custom-domain.com\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nlooker_instance = gcp.looker.Instance(\"looker-instance\",\n name=\"my-instance\",\n platform_edition=\"LOOKER_CORE_STANDARD_ANNUAL\",\n region=\"us-central1\",\n oauth_config={\n \"client_id\": \"my-client-id\",\n \"client_secret\": \"my-client-secret\",\n },\n custom_domain={\n \"domain\": \"my-custom-domain.com\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var looker_instance = new Gcp.Looker.Instance(\"looker-instance\", new()\n {\n Name = \"my-instance\",\n PlatformEdition = \"LOOKER_CORE_STANDARD_ANNUAL\",\n Region = \"us-central1\",\n OauthConfig = new Gcp.Looker.Inputs.InstanceOauthConfigArgs\n {\n ClientId = \"my-client-id\",\n ClientSecret = \"my-client-secret\",\n },\n CustomDomain = new Gcp.Looker.Inputs.InstanceCustomDomainArgs\n {\n Domain = \"my-custom-domain.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/looker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := looker.NewInstance(ctx, \"looker-instance\", \u0026looker.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tPlatformEdition: pulumi.String(\"LOOKER_CORE_STANDARD_ANNUAL\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tOauthConfig: \u0026looker.InstanceOauthConfigArgs{\n\t\t\t\tClientId: pulumi.String(\"my-client-id\"),\n\t\t\t\tClientSecret: pulumi.String(\"my-client-secret\"),\n\t\t\t},\n\t\t\tCustomDomain: \u0026looker.InstanceCustomDomainArgs{\n\t\t\t\tDomain: pulumi.String(\"my-custom-domain.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.looker.Instance;\nimport com.pulumi.gcp.looker.InstanceArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceOauthConfigArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceCustomDomainArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var looker_instance = new Instance(\"looker-instance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .platformEdition(\"LOOKER_CORE_STANDARD_ANNUAL\")\n .region(\"us-central1\")\n .oauthConfig(InstanceOauthConfigArgs.builder()\n .clientId(\"my-client-id\")\n .clientSecret(\"my-client-secret\")\n .build())\n .customDomain(InstanceCustomDomainArgs.builder()\n .domain(\"my-custom-domain.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n looker-instance:\n type: gcp:looker:Instance\n properties:\n name: my-instance\n platformEdition: LOOKER_CORE_STANDARD_ANNUAL\n region: us-central1\n oauthConfig:\n clientId: my-client-id\n clientSecret: my-client-secret\n customDomain:\n domain: my-custom-domain.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Looker Instance Psc\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst looker_instance = new gcp.looker.Instance(\"looker-instance\", {\n name: \"my-instance\",\n platformEdition: \"LOOKER_CORE_ENTERPRISE_ANNUAL\",\n region: \"us-central1\",\n privateIpEnabled: false,\n publicIpEnabled: false,\n pscEnabled: true,\n oauthConfig: {\n clientId: \"my-client-id\",\n clientSecret: \"my-client-secret\",\n },\n pscConfig: {\n allowedVpcs: [\"projects/test-project/global/networks/test\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nlooker_instance = gcp.looker.Instance(\"looker-instance\",\n name=\"my-instance\",\n platform_edition=\"LOOKER_CORE_ENTERPRISE_ANNUAL\",\n region=\"us-central1\",\n private_ip_enabled=False,\n public_ip_enabled=False,\n psc_enabled=True,\n oauth_config={\n \"client_id\": \"my-client-id\",\n \"client_secret\": \"my-client-secret\",\n },\n psc_config={\n \"allowed_vpcs\": [\"projects/test-project/global/networks/test\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var looker_instance = new Gcp.Looker.Instance(\"looker-instance\", new()\n {\n Name = \"my-instance\",\n PlatformEdition = \"LOOKER_CORE_ENTERPRISE_ANNUAL\",\n Region = \"us-central1\",\n PrivateIpEnabled = false,\n PublicIpEnabled = false,\n PscEnabled = true,\n OauthConfig = new Gcp.Looker.Inputs.InstanceOauthConfigArgs\n {\n ClientId = \"my-client-id\",\n ClientSecret = \"my-client-secret\",\n },\n PscConfig = new Gcp.Looker.Inputs.InstancePscConfigArgs\n {\n AllowedVpcs = new[]\n {\n \"projects/test-project/global/networks/test\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/looker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := looker.NewInstance(ctx, \"looker-instance\", \u0026looker.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tPlatformEdition: pulumi.String(\"LOOKER_CORE_ENTERPRISE_ANNUAL\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tPrivateIpEnabled: pulumi.Bool(false),\n\t\t\tPublicIpEnabled: pulumi.Bool(false),\n\t\t\tPscEnabled: pulumi.Bool(true),\n\t\t\tOauthConfig: \u0026looker.InstanceOauthConfigArgs{\n\t\t\t\tClientId: pulumi.String(\"my-client-id\"),\n\t\t\t\tClientSecret: pulumi.String(\"my-client-secret\"),\n\t\t\t},\n\t\t\tPscConfig: \u0026looker.InstancePscConfigArgs{\n\t\t\t\tAllowedVpcs: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"projects/test-project/global/networks/test\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.looker.Instance;\nimport com.pulumi.gcp.looker.InstanceArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceOauthConfigArgs;\nimport com.pulumi.gcp.looker.inputs.InstancePscConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var looker_instance = new Instance(\"looker-instance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .platformEdition(\"LOOKER_CORE_ENTERPRISE_ANNUAL\")\n .region(\"us-central1\")\n .privateIpEnabled(false)\n .publicIpEnabled(false)\n .pscEnabled(true)\n .oauthConfig(InstanceOauthConfigArgs.builder()\n .clientId(\"my-client-id\")\n .clientSecret(\"my-client-secret\")\n .build())\n .pscConfig(InstancePscConfigArgs.builder()\n .allowedVpcs(\"projects/test-project/global/networks/test\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n looker-instance:\n type: gcp:looker:Instance\n properties:\n name: my-instance\n platformEdition: LOOKER_CORE_ENTERPRISE_ANNUAL\n region: us-central1\n privateIpEnabled: false\n publicIpEnabled: false\n pscEnabled: true\n oauthConfig:\n clientId: my-client-id\n clientSecret: my-client-secret\n pscConfig:\n allowedVpcs:\n - projects/test-project/global/networks/test\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Looker Instance Force Delete\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst looker_instance = new gcp.looker.Instance(\"looker-instance\", {\n name: \"my-instance\",\n platformEdition: \"LOOKER_CORE_STANDARD_ANNUAL\",\n region: \"us-central1\",\n oauthConfig: {\n clientId: \"my-client-id\",\n clientSecret: \"my-client-secret\",\n },\n deletionPolicy: \"FORCE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nlooker_instance = gcp.looker.Instance(\"looker-instance\",\n name=\"my-instance\",\n platform_edition=\"LOOKER_CORE_STANDARD_ANNUAL\",\n region=\"us-central1\",\n oauth_config={\n \"client_id\": \"my-client-id\",\n \"client_secret\": \"my-client-secret\",\n },\n deletion_policy=\"FORCE\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var looker_instance = new Gcp.Looker.Instance(\"looker-instance\", new()\n {\n Name = \"my-instance\",\n PlatformEdition = \"LOOKER_CORE_STANDARD_ANNUAL\",\n Region = \"us-central1\",\n OauthConfig = new Gcp.Looker.Inputs.InstanceOauthConfigArgs\n {\n ClientId = \"my-client-id\",\n ClientSecret = \"my-client-secret\",\n },\n DeletionPolicy = \"FORCE\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/looker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := looker.NewInstance(ctx, \"looker-instance\", \u0026looker.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tPlatformEdition: pulumi.String(\"LOOKER_CORE_STANDARD_ANNUAL\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tOauthConfig: \u0026looker.InstanceOauthConfigArgs{\n\t\t\t\tClientId: pulumi.String(\"my-client-id\"),\n\t\t\t\tClientSecret: pulumi.String(\"my-client-secret\"),\n\t\t\t},\n\t\t\tDeletionPolicy: pulumi.String(\"FORCE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.looker.Instance;\nimport com.pulumi.gcp.looker.InstanceArgs;\nimport com.pulumi.gcp.looker.inputs.InstanceOauthConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var looker_instance = new Instance(\"looker-instance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .platformEdition(\"LOOKER_CORE_STANDARD_ANNUAL\")\n .region(\"us-central1\")\n .oauthConfig(InstanceOauthConfigArgs.builder()\n .clientId(\"my-client-id\")\n .clientSecret(\"my-client-secret\")\n .build())\n .deletionPolicy(\"FORCE\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n looker-instance:\n type: gcp:looker:Instance\n properties:\n name: my-instance\n platformEdition: LOOKER_CORE_STANDARD_ANNUAL\n region: us-central1\n oauthConfig:\n clientId: my-client-id\n clientSecret: my-client-secret\n deletionPolicy: FORCE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInstance can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/instances/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Instance can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:looker/instance:Instance default projects/{{project}}/locations/{{region}}/instances/{{name}}\n```\n\n```sh\n$ pulumi import gcp:looker/instance:Instance default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:looker/instance:Instance default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:looker/instance:Instance default {{name}}\n```\n\n", "properties": { "adminSettings": { "$ref": "#/types/gcp:looker/InstanceAdminSettings:InstanceAdminSettings", @@ -234317,7 +234317,7 @@ } }, "gcp:managedkafka/cluster:Cluster": { - "description": "A Managed Service for Apache Kafka cluster. Apache Kafka is a trademark owned by the Apache Software Foundation.\n\n\n\n## Example Usage\n\n### Managedkafka Cluster Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example = new gcp.managedkafka.Cluster(\"example\", {\n clusterId: \"my-cluster\",\n location: \"us-central1\",\n capacityConfig: {\n vcpuCount: \"3\",\n memoryBytes: \"3221225472\",\n },\n gcpConfig: {\n accessConfig: {\n networkConfigs: [{\n subnet: project.then(project =\u003e `projects/${project.number}/regions/us-central1/subnetworks/default`),\n }],\n },\n },\n rebalanceConfig: {\n mode: \"NO_REBALANCE\",\n },\n labels: {\n key: \"value\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample = gcp.managedkafka.Cluster(\"example\",\n cluster_id=\"my-cluster\",\n location=\"us-central1\",\n capacity_config={\n \"vcpu_count\": \"3\",\n \"memory_bytes\": \"3221225472\",\n },\n gcp_config={\n \"access_config\": {\n \"network_configs\": [{\n \"subnet\": f\"projects/{project.number}/regions/us-central1/subnetworks/default\",\n }],\n },\n },\n rebalance_config={\n \"mode\": \"NO_REBALANCE\",\n },\n labels={\n \"key\": \"value\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example = new Gcp.ManagedKafka.Cluster(\"example\", new()\n {\n ClusterId = \"my-cluster\",\n Location = \"us-central1\",\n CapacityConfig = new Gcp.ManagedKafka.Inputs.ClusterCapacityConfigArgs\n {\n VcpuCount = \"3\",\n MemoryBytes = \"3221225472\",\n },\n GcpConfig = new Gcp.ManagedKafka.Inputs.ClusterGcpConfigArgs\n {\n AccessConfig = new Gcp.ManagedKafka.Inputs.ClusterGcpConfigAccessConfigArgs\n {\n NetworkConfigs = new[]\n {\n new Gcp.ManagedKafka.Inputs.ClusterGcpConfigAccessConfigNetworkConfigArgs\n {\n Subnet = $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/regions/us-central1/subnetworks/default\",\n },\n },\n },\n },\n RebalanceConfig = new Gcp.ManagedKafka.Inputs.ClusterRebalanceConfigArgs\n {\n Mode = \"NO_REBALANCE\",\n },\n Labels = \n {\n { \"key\", \"value\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/managedkafka\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = managedkafka.NewCluster(ctx, \"example\", \u0026managedkafka.ClusterArgs{\n\t\t\tClusterId: pulumi.String(\"my-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tCapacityConfig: \u0026managedkafka.ClusterCapacityConfigArgs{\n\t\t\t\tVcpuCount: pulumi.String(\"3\"),\n\t\t\t\tMemoryBytes: pulumi.String(\"3221225472\"),\n\t\t\t},\n\t\t\tGcpConfig: \u0026managedkafka.ClusterGcpConfigArgs{\n\t\t\t\tAccessConfig: \u0026managedkafka.ClusterGcpConfigAccessConfigArgs{\n\t\t\t\t\tNetworkConfigs: managedkafka.ClusterGcpConfigAccessConfigNetworkConfigArray{\n\t\t\t\t\t\t\u0026managedkafka.ClusterGcpConfigAccessConfigNetworkConfigArgs{\n\t\t\t\t\t\t\tSubnet: pulumi.Sprintf(\"projects/%v/regions/us-central1/subnetworks/default\", project.Number),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tRebalanceConfig: \u0026managedkafka.ClusterRebalanceConfigArgs{\n\t\t\t\tMode: pulumi.String(\"NO_REBALANCE\"),\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.managedkafka.Cluster;\nimport com.pulumi.gcp.managedkafka.ClusterArgs;\nimport com.pulumi.gcp.managedkafka.inputs.ClusterCapacityConfigArgs;\nimport com.pulumi.gcp.managedkafka.inputs.ClusterGcpConfigArgs;\nimport com.pulumi.gcp.managedkafka.inputs.ClusterGcpConfigAccessConfigArgs;\nimport com.pulumi.gcp.managedkafka.inputs.ClusterRebalanceConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example = new Cluster(\"example\", ClusterArgs.builder()\n .clusterId(\"my-cluster\")\n .location(\"us-central1\")\n .capacityConfig(ClusterCapacityConfigArgs.builder()\n .vcpuCount(3)\n .memoryBytes(3221225472)\n .build())\n .gcpConfig(ClusterGcpConfigArgs.builder()\n .accessConfig(ClusterGcpConfigAccessConfigArgs.builder()\n .networkConfigs(ClusterGcpConfigAccessConfigNetworkConfigArgs.builder()\n .subnet(String.format(\"projects/%s/regions/us-central1/subnetworks/default\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build())\n .build())\n .build())\n .rebalanceConfig(ClusterRebalanceConfigArgs.builder()\n .mode(\"NO_REBALANCE\")\n .build())\n .labels(Map.of(\"key\", \"value\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:managedkafka:Cluster\n properties:\n clusterId: my-cluster\n location: us-central1\n capacityConfig:\n vcpuCount: 3\n memoryBytes: 3.221225472e+09\n gcpConfig:\n accessConfig:\n networkConfigs:\n - subnet: projects/${project.number}/regions/us-central1/subnetworks/default\n rebalanceConfig:\n mode: NO_REBALANCE\n labels:\n key: value\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Managedkafka Cluster Cmek\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRing(\"key_ring\", {\n name: \"example-key-ring\",\n location: \"us-central1\",\n});\nconst key = new gcp.kms.CryptoKey(\"key\", {\n name: \"example-key\",\n keyRing: keyRing.id,\n});\nconst project = gcp.organizations.getProject({});\nconst example = new gcp.managedkafka.Cluster(\"example\", {\n clusterId: \"my-cluster\",\n location: \"us-central1\",\n capacityConfig: {\n vcpuCount: \"3\",\n memoryBytes: \"3221225472\",\n },\n gcpConfig: {\n accessConfig: {\n networkConfigs: [{\n subnet: project.then(project =\u003e `projects/${project.number}/regions/us-central1/subnetworks/default`),\n }],\n },\n kmsKey: key.id,\n },\n});\nconst kafkaServiceIdentity = new gcp.projects.ServiceIdentity(\"kafka_service_identity\", {\n project: project.then(project =\u003e project.projectId),\n service: \"managedkafka.googleapis.com\",\n});\nconst cryptoKeyBinding = new gcp.kms.CryptoKeyIAMBinding(\"crypto_key_binding\", {\n cryptoKeyId: key.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n members: [project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-managedkafka.iam.gserviceaccount.com`)],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRing(\"key_ring\",\n name=\"example-key-ring\",\n location=\"us-central1\")\nkey = gcp.kms.CryptoKey(\"key\",\n name=\"example-key\",\n key_ring=key_ring.id)\nproject = gcp.organizations.get_project()\nexample = gcp.managedkafka.Cluster(\"example\",\n cluster_id=\"my-cluster\",\n location=\"us-central1\",\n capacity_config={\n \"vcpu_count\": \"3\",\n \"memory_bytes\": \"3221225472\",\n },\n gcp_config={\n \"access_config\": {\n \"network_configs\": [{\n \"subnet\": f\"projects/{project.number}/regions/us-central1/subnetworks/default\",\n }],\n },\n \"kms_key\": key.id,\n })\nkafka_service_identity = gcp.projects.ServiceIdentity(\"kafka_service_identity\",\n project=project.project_id,\n service=\"managedkafka.googleapis.com\")\ncrypto_key_binding = gcp.kms.CryptoKeyIAMBinding(\"crypto_key_binding\",\n crypto_key_id=key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n members=[f\"serviceAccount:service-{project.number}@gcp-sa-managedkafka.iam.gserviceaccount.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRing(\"key_ring\", new()\n {\n Name = \"example-key-ring\",\n Location = \"us-central1\",\n });\n\n var key = new Gcp.Kms.CryptoKey(\"key\", new()\n {\n Name = \"example-key\",\n KeyRing = keyRing.Id,\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example = new Gcp.ManagedKafka.Cluster(\"example\", new()\n {\n ClusterId = \"my-cluster\",\n Location = \"us-central1\",\n CapacityConfig = new Gcp.ManagedKafka.Inputs.ClusterCapacityConfigArgs\n {\n VcpuCount = \"3\",\n MemoryBytes = \"3221225472\",\n },\n GcpConfig = new Gcp.ManagedKafka.Inputs.ClusterGcpConfigArgs\n {\n AccessConfig = new Gcp.ManagedKafka.Inputs.ClusterGcpConfigAccessConfigArgs\n {\n NetworkConfigs = new[]\n {\n new Gcp.ManagedKafka.Inputs.ClusterGcpConfigAccessConfigNetworkConfigArgs\n {\n Subnet = $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/regions/us-central1/subnetworks/default\",\n },\n },\n },\n KmsKey = key.Id,\n },\n });\n\n var kafkaServiceIdentity = new Gcp.Projects.ServiceIdentity(\"kafka_service_identity\", new()\n {\n Project = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n Service = \"managedkafka.googleapis.com\",\n });\n\n var cryptoKeyBinding = new Gcp.Kms.CryptoKeyIAMBinding(\"crypto_key_binding\", new()\n {\n CryptoKeyId = key.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Members = new[]\n {\n $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-managedkafka.iam.gserviceaccount.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/managedkafka\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyRing, err := kms.NewKeyRing(ctx, \"key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"example-key-ring\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkey, err := kms.NewCryptoKey(ctx, \"key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"example-key\"),\n\t\t\tKeyRing: keyRing.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = managedkafka.NewCluster(ctx, \"example\", \u0026managedkafka.ClusterArgs{\n\t\t\tClusterId: pulumi.String(\"my-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tCapacityConfig: \u0026managedkafka.ClusterCapacityConfigArgs{\n\t\t\t\tVcpuCount: pulumi.String(\"3\"),\n\t\t\t\tMemoryBytes: pulumi.String(\"3221225472\"),\n\t\t\t},\n\t\t\tGcpConfig: \u0026managedkafka.ClusterGcpConfigArgs{\n\t\t\t\tAccessConfig: \u0026managedkafka.ClusterGcpConfigAccessConfigArgs{\n\t\t\t\t\tNetworkConfigs: managedkafka.ClusterGcpConfigAccessConfigNetworkConfigArray{\n\t\t\t\t\t\t\u0026managedkafka.ClusterGcpConfigAccessConfigNetworkConfigArgs{\n\t\t\t\t\t\t\tSubnet: pulumi.Sprintf(\"projects/%v/regions/us-central1/subnetworks/default\", project.Number),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tKmsKey: key.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewServiceIdentity(ctx, \"kafka_service_identity\", \u0026projects.ServiceIdentityArgs{\n\t\t\tProject: pulumi.String(project.ProjectId),\n\t\t\tService: pulumi.String(\"managedkafka.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewCryptoKeyIAMBinding(ctx, \"crypto_key_binding\", \u0026kms.CryptoKeyIAMBindingArgs{\n\t\t\tCryptoKeyId: key.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-managedkafka.iam.gserviceaccount.com\", project.Number),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.managedkafka.Cluster;\nimport com.pulumi.gcp.managedkafka.ClusterArgs;\nimport com.pulumi.gcp.managedkafka.inputs.ClusterCapacityConfigArgs;\nimport com.pulumi.gcp.managedkafka.inputs.ClusterGcpConfigArgs;\nimport com.pulumi.gcp.managedkafka.inputs.ClusterGcpConfigAccessConfigArgs;\nimport com.pulumi.gcp.projects.ServiceIdentity;\nimport com.pulumi.gcp.projects.ServiceIdentityArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBinding;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRing(\"keyRing\", KeyRingArgs.builder()\n .name(\"example-key-ring\")\n .location(\"us-central1\")\n .build());\n\n var key = new CryptoKey(\"key\", CryptoKeyArgs.builder()\n .name(\"example-key\")\n .keyRing(keyRing.id())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var example = new Cluster(\"example\", ClusterArgs.builder()\n .clusterId(\"my-cluster\")\n .location(\"us-central1\")\n .capacityConfig(ClusterCapacityConfigArgs.builder()\n .vcpuCount(3)\n .memoryBytes(3221225472)\n .build())\n .gcpConfig(ClusterGcpConfigArgs.builder()\n .accessConfig(ClusterGcpConfigAccessConfigArgs.builder()\n .networkConfigs(ClusterGcpConfigAccessConfigNetworkConfigArgs.builder()\n .subnet(String.format(\"projects/%s/regions/us-central1/subnetworks/default\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build())\n .build())\n .kmsKey(key.id())\n .build())\n .build());\n\n var kafkaServiceIdentity = new ServiceIdentity(\"kafkaServiceIdentity\", ServiceIdentityArgs.builder()\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .service(\"managedkafka.googleapis.com\")\n .build());\n\n var cryptoKeyBinding = new CryptoKeyIAMBinding(\"cryptoKeyBinding\", CryptoKeyIAMBindingArgs.builder()\n .cryptoKeyId(key.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .members(String.format(\"serviceAccount:service-%s@gcp-sa-managedkafka.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:managedkafka:Cluster\n properties:\n clusterId: my-cluster\n location: us-central1\n capacityConfig:\n vcpuCount: 3\n memoryBytes: 3.221225472e+09\n gcpConfig:\n accessConfig:\n networkConfigs:\n - subnet: projects/${project.number}/regions/us-central1/subnetworks/default\n kmsKey: ${key.id}\n kafkaServiceIdentity:\n type: gcp:projects:ServiceIdentity\n name: kafka_service_identity\n properties:\n project: ${project.projectId}\n service: managedkafka.googleapis.com\n key:\n type: gcp:kms:CryptoKey\n properties:\n name: example-key\n keyRing: ${keyRing.id}\n keyRing:\n type: gcp:kms:KeyRing\n name: key_ring\n properties:\n name: example-key-ring\n location: us-central1\n cryptoKeyBinding:\n type: gcp:kms:CryptoKeyIAMBinding\n name: crypto_key_binding\n properties:\n cryptoKeyId: ${key.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n members:\n - serviceAccount:service-${project.number}@gcp-sa-managedkafka.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nCluster can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/clusters/{{cluster_id}}`\n\n* `{{project}}/{{location}}/{{cluster_id}}`\n\n* `{{location}}/{{cluster_id}}`\n\nWhen using the `pulumi import` command, Cluster can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:managedkafka/cluster:Cluster default projects/{{project}}/locations/{{location}}/clusters/{{cluster_id}}\n```\n\n```sh\n$ pulumi import gcp:managedkafka/cluster:Cluster default {{project}}/{{location}}/{{cluster_id}}\n```\n\n```sh\n$ pulumi import gcp:managedkafka/cluster:Cluster default {{location}}/{{cluster_id}}\n```\n\n", + "description": "A Managed Service for Apache Kafka cluster. Apache Kafka is a trademark owned by the Apache Software Foundation.\n\n\n\n## Example Usage\n\n### Managedkafka Cluster Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example = new gcp.managedkafka.Cluster(\"example\", {\n clusterId: \"my-cluster\",\n location: \"us-central1\",\n capacityConfig: {\n vcpuCount: \"3\",\n memoryBytes: \"3221225472\",\n },\n gcpConfig: {\n accessConfig: {\n networkConfigs: [{\n subnet: project.then(project =\u003e `projects/${project.number}/regions/us-central1/subnetworks/default`),\n }],\n },\n },\n rebalanceConfig: {\n mode: \"NO_REBALANCE\",\n },\n labels: {\n key: \"value\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample = gcp.managedkafka.Cluster(\"example\",\n cluster_id=\"my-cluster\",\n location=\"us-central1\",\n capacity_config={\n \"vcpu_count\": \"3\",\n \"memory_bytes\": \"3221225472\",\n },\n gcp_config={\n \"access_config\": {\n \"network_configs\": [{\n \"subnet\": f\"projects/{project.number}/regions/us-central1/subnetworks/default\",\n }],\n },\n },\n rebalance_config={\n \"mode\": \"NO_REBALANCE\",\n },\n labels={\n \"key\": \"value\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example = new Gcp.ManagedKafka.Cluster(\"example\", new()\n {\n ClusterId = \"my-cluster\",\n Location = \"us-central1\",\n CapacityConfig = new Gcp.ManagedKafka.Inputs.ClusterCapacityConfigArgs\n {\n VcpuCount = \"3\",\n MemoryBytes = \"3221225472\",\n },\n GcpConfig = new Gcp.ManagedKafka.Inputs.ClusterGcpConfigArgs\n {\n AccessConfig = new Gcp.ManagedKafka.Inputs.ClusterGcpConfigAccessConfigArgs\n {\n NetworkConfigs = new[]\n {\n new Gcp.ManagedKafka.Inputs.ClusterGcpConfigAccessConfigNetworkConfigArgs\n {\n Subnet = $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/regions/us-central1/subnetworks/default\",\n },\n },\n },\n },\n RebalanceConfig = new Gcp.ManagedKafka.Inputs.ClusterRebalanceConfigArgs\n {\n Mode = \"NO_REBALANCE\",\n },\n Labels = \n {\n { \"key\", \"value\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/managedkafka\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = managedkafka.NewCluster(ctx, \"example\", \u0026managedkafka.ClusterArgs{\n\t\t\tClusterId: pulumi.String(\"my-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tCapacityConfig: \u0026managedkafka.ClusterCapacityConfigArgs{\n\t\t\t\tVcpuCount: pulumi.String(\"3\"),\n\t\t\t\tMemoryBytes: pulumi.String(\"3221225472\"),\n\t\t\t},\n\t\t\tGcpConfig: \u0026managedkafka.ClusterGcpConfigArgs{\n\t\t\t\tAccessConfig: \u0026managedkafka.ClusterGcpConfigAccessConfigArgs{\n\t\t\t\t\tNetworkConfigs: managedkafka.ClusterGcpConfigAccessConfigNetworkConfigArray{\n\t\t\t\t\t\t\u0026managedkafka.ClusterGcpConfigAccessConfigNetworkConfigArgs{\n\t\t\t\t\t\t\tSubnet: pulumi.Sprintf(\"projects/%v/regions/us-central1/subnetworks/default\", project.Number),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tRebalanceConfig: \u0026managedkafka.ClusterRebalanceConfigArgs{\n\t\t\t\tMode: pulumi.String(\"NO_REBALANCE\"),\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.managedkafka.Cluster;\nimport com.pulumi.gcp.managedkafka.ClusterArgs;\nimport com.pulumi.gcp.managedkafka.inputs.ClusterCapacityConfigArgs;\nimport com.pulumi.gcp.managedkafka.inputs.ClusterGcpConfigArgs;\nimport com.pulumi.gcp.managedkafka.inputs.ClusterGcpConfigAccessConfigArgs;\nimport com.pulumi.gcp.managedkafka.inputs.ClusterRebalanceConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example = new Cluster(\"example\", ClusterArgs.builder()\n .clusterId(\"my-cluster\")\n .location(\"us-central1\")\n .capacityConfig(ClusterCapacityConfigArgs.builder()\n .vcpuCount(3)\n .memoryBytes(3221225472)\n .build())\n .gcpConfig(ClusterGcpConfigArgs.builder()\n .accessConfig(ClusterGcpConfigAccessConfigArgs.builder()\n .networkConfigs(ClusterGcpConfigAccessConfigNetworkConfigArgs.builder()\n .subnet(String.format(\"projects/%s/regions/us-central1/subnetworks/default\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build())\n .build())\n .build())\n .rebalanceConfig(ClusterRebalanceConfigArgs.builder()\n .mode(\"NO_REBALANCE\")\n .build())\n .labels(Map.of(\"key\", \"value\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:managedkafka:Cluster\n properties:\n clusterId: my-cluster\n location: us-central1\n capacityConfig:\n vcpuCount: 3\n memoryBytes: 3.221225472e+09\n gcpConfig:\n accessConfig:\n networkConfigs:\n - subnet: projects/${project.number}/regions/us-central1/subnetworks/default\n rebalanceConfig:\n mode: NO_REBALANCE\n labels:\n key: value\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Managedkafka Cluster Cmek\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRing(\"key_ring\", {\n name: \"example-key-ring\",\n location: \"us-central1\",\n});\nconst key = new gcp.kms.CryptoKey(\"key\", {\n name: \"example-key\",\n keyRing: keyRing.id,\n});\nconst project = gcp.organizations.getProject({});\nconst example = new gcp.managedkafka.Cluster(\"example\", {\n clusterId: \"my-cluster\",\n location: \"us-central1\",\n capacityConfig: {\n vcpuCount: \"3\",\n memoryBytes: \"3221225472\",\n },\n gcpConfig: {\n accessConfig: {\n networkConfigs: [{\n subnet: project.then(project =\u003e `projects/${project.number}/regions/us-central1/subnetworks/default`),\n }],\n },\n kmsKey: key.id,\n },\n});\nconst kafkaServiceIdentity = new gcp.projects.ServiceIdentity(\"kafka_service_identity\", {\n project: project.then(project =\u003e project.projectId),\n service: \"managedkafka.googleapis.com\",\n});\nconst cryptoKeyBinding = new gcp.kms.CryptoKeyIAMBinding(\"crypto_key_binding\", {\n cryptoKeyId: key.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n members: [project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-managedkafka.iam.gserviceaccount.com`)],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRing(\"key_ring\",\n name=\"example-key-ring\",\n location=\"us-central1\")\nkey = gcp.kms.CryptoKey(\"key\",\n name=\"example-key\",\n key_ring=key_ring.id)\nproject = gcp.organizations.get_project()\nexample = gcp.managedkafka.Cluster(\"example\",\n cluster_id=\"my-cluster\",\n location=\"us-central1\",\n capacity_config={\n \"vcpu_count\": \"3\",\n \"memory_bytes\": \"3221225472\",\n },\n gcp_config={\n \"access_config\": {\n \"network_configs\": [{\n \"subnet\": f\"projects/{project.number}/regions/us-central1/subnetworks/default\",\n }],\n },\n \"kms_key\": key.id,\n })\nkafka_service_identity = gcp.projects.ServiceIdentity(\"kafka_service_identity\",\n project=project.project_id,\n service=\"managedkafka.googleapis.com\")\ncrypto_key_binding = gcp.kms.CryptoKeyIAMBinding(\"crypto_key_binding\",\n crypto_key_id=key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n members=[f\"serviceAccount:service-{project.number}@gcp-sa-managedkafka.iam.gserviceaccount.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRing(\"key_ring\", new()\n {\n Name = \"example-key-ring\",\n Location = \"us-central1\",\n });\n\n var key = new Gcp.Kms.CryptoKey(\"key\", new()\n {\n Name = \"example-key\",\n KeyRing = keyRing.Id,\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example = new Gcp.ManagedKafka.Cluster(\"example\", new()\n {\n ClusterId = \"my-cluster\",\n Location = \"us-central1\",\n CapacityConfig = new Gcp.ManagedKafka.Inputs.ClusterCapacityConfigArgs\n {\n VcpuCount = \"3\",\n MemoryBytes = \"3221225472\",\n },\n GcpConfig = new Gcp.ManagedKafka.Inputs.ClusterGcpConfigArgs\n {\n AccessConfig = new Gcp.ManagedKafka.Inputs.ClusterGcpConfigAccessConfigArgs\n {\n NetworkConfigs = new[]\n {\n new Gcp.ManagedKafka.Inputs.ClusterGcpConfigAccessConfigNetworkConfigArgs\n {\n Subnet = $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/regions/us-central1/subnetworks/default\",\n },\n },\n },\n KmsKey = key.Id,\n },\n });\n\n var kafkaServiceIdentity = new Gcp.Projects.ServiceIdentity(\"kafka_service_identity\", new()\n {\n Project = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n Service = \"managedkafka.googleapis.com\",\n });\n\n var cryptoKeyBinding = new Gcp.Kms.CryptoKeyIAMBinding(\"crypto_key_binding\", new()\n {\n CryptoKeyId = key.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Members = new[]\n {\n $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-managedkafka.iam.gserviceaccount.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/managedkafka\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyRing, err := kms.NewKeyRing(ctx, \"key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"example-key-ring\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkey, err := kms.NewCryptoKey(ctx, \"key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"example-key\"),\n\t\t\tKeyRing: keyRing.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = managedkafka.NewCluster(ctx, \"example\", \u0026managedkafka.ClusterArgs{\n\t\t\tClusterId: pulumi.String(\"my-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tCapacityConfig: \u0026managedkafka.ClusterCapacityConfigArgs{\n\t\t\t\tVcpuCount: pulumi.String(\"3\"),\n\t\t\t\tMemoryBytes: pulumi.String(\"3221225472\"),\n\t\t\t},\n\t\t\tGcpConfig: \u0026managedkafka.ClusterGcpConfigArgs{\n\t\t\t\tAccessConfig: \u0026managedkafka.ClusterGcpConfigAccessConfigArgs{\n\t\t\t\t\tNetworkConfigs: managedkafka.ClusterGcpConfigAccessConfigNetworkConfigArray{\n\t\t\t\t\t\t\u0026managedkafka.ClusterGcpConfigAccessConfigNetworkConfigArgs{\n\t\t\t\t\t\t\tSubnet: pulumi.Sprintf(\"projects/%v/regions/us-central1/subnetworks/default\", project.Number),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tKmsKey: key.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewServiceIdentity(ctx, \"kafka_service_identity\", \u0026projects.ServiceIdentityArgs{\n\t\t\tProject: pulumi.String(project.ProjectId),\n\t\t\tService: pulumi.String(\"managedkafka.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewCryptoKeyIAMBinding(ctx, \"crypto_key_binding\", \u0026kms.CryptoKeyIAMBindingArgs{\n\t\t\tCryptoKeyId: key.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-managedkafka.iam.gserviceaccount.com\", project.Number),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.managedkafka.Cluster;\nimport com.pulumi.gcp.managedkafka.ClusterArgs;\nimport com.pulumi.gcp.managedkafka.inputs.ClusterCapacityConfigArgs;\nimport com.pulumi.gcp.managedkafka.inputs.ClusterGcpConfigArgs;\nimport com.pulumi.gcp.managedkafka.inputs.ClusterGcpConfigAccessConfigArgs;\nimport com.pulumi.gcp.projects.ServiceIdentity;\nimport com.pulumi.gcp.projects.ServiceIdentityArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBinding;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRing(\"keyRing\", KeyRingArgs.builder()\n .name(\"example-key-ring\")\n .location(\"us-central1\")\n .build());\n\n var key = new CryptoKey(\"key\", CryptoKeyArgs.builder()\n .name(\"example-key\")\n .keyRing(keyRing.id())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var example = new Cluster(\"example\", ClusterArgs.builder()\n .clusterId(\"my-cluster\")\n .location(\"us-central1\")\n .capacityConfig(ClusterCapacityConfigArgs.builder()\n .vcpuCount(3)\n .memoryBytes(3221225472)\n .build())\n .gcpConfig(ClusterGcpConfigArgs.builder()\n .accessConfig(ClusterGcpConfigAccessConfigArgs.builder()\n .networkConfigs(ClusterGcpConfigAccessConfigNetworkConfigArgs.builder()\n .subnet(String.format(\"projects/%s/regions/us-central1/subnetworks/default\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build())\n .build())\n .kmsKey(key.id())\n .build())\n .build());\n\n var kafkaServiceIdentity = new ServiceIdentity(\"kafkaServiceIdentity\", ServiceIdentityArgs.builder()\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .service(\"managedkafka.googleapis.com\")\n .build());\n\n var cryptoKeyBinding = new CryptoKeyIAMBinding(\"cryptoKeyBinding\", CryptoKeyIAMBindingArgs.builder()\n .cryptoKeyId(key.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .members(String.format(\"serviceAccount:service-%s@gcp-sa-managedkafka.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:managedkafka:Cluster\n properties:\n clusterId: my-cluster\n location: us-central1\n capacityConfig:\n vcpuCount: 3\n memoryBytes: 3.221225472e+09\n gcpConfig:\n accessConfig:\n networkConfigs:\n - subnet: projects/${project.number}/regions/us-central1/subnetworks/default\n kmsKey: ${key.id}\n kafkaServiceIdentity:\n type: gcp:projects:ServiceIdentity\n name: kafka_service_identity\n properties:\n project: ${project.projectId}\n service: managedkafka.googleapis.com\n key:\n type: gcp:kms:CryptoKey\n properties:\n name: example-key\n keyRing: ${keyRing.id}\n keyRing:\n type: gcp:kms:KeyRing\n name: key_ring\n properties:\n name: example-key-ring\n location: us-central1\n cryptoKeyBinding:\n type: gcp:kms:CryptoKeyIAMBinding\n name: crypto_key_binding\n properties:\n cryptoKeyId: ${key.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n members:\n - serviceAccount:service-${project.number}@gcp-sa-managedkafka.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nCluster can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/clusters/{{cluster_id}}`\n\n* `{{project}}/{{location}}/{{cluster_id}}`\n\n* `{{location}}/{{cluster_id}}`\n\nWhen using the `pulumi import` command, Cluster can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:managedkafka/cluster:Cluster default projects/{{project}}/locations/{{location}}/clusters/{{cluster_id}}\n```\n\n```sh\n$ pulumi import gcp:managedkafka/cluster:Cluster default {{project}}/{{location}}/{{cluster_id}}\n```\n\n```sh\n$ pulumi import gcp:managedkafka/cluster:Cluster default {{location}}/{{cluster_id}}\n```\n\n", "properties": { "capacityConfig": { "$ref": "#/types/gcp:managedkafka/ClusterCapacityConfig:ClusterCapacityConfig", @@ -234509,7 +234509,7 @@ } }, "gcp:managedkafka/topic:Topic": { - "description": "A Managed Service for Apache Kafka topic. Apache Kafka is a trademark owned by the Apache Software Foundation.\n\n\n\n## Example Usage\n\n### Managedkafka Topic Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst cluster = new gcp.managedkafka.Cluster(\"cluster\", {\n clusterId: \"my-cluster\",\n location: \"us-central1\",\n capacityConfig: {\n vcpuCount: \"3\",\n memoryBytes: \"3221225472\",\n },\n gcpConfig: {\n accessConfig: {\n networkConfigs: [{\n subnet: project.then(project =\u003e `projects/${project.number}/regions/us-central1/subnetworks/default`),\n }],\n },\n },\n});\nconst example = new gcp.managedkafka.Topic(\"example\", {\n topicId: \"my-topic\",\n cluster: cluster.clusterId,\n location: \"us-central1\",\n partitionCount: 2,\n replicationFactor: 3,\n configs: {\n \"cleanup.policy\": \"compact\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ncluster = gcp.managedkafka.Cluster(\"cluster\",\n cluster_id=\"my-cluster\",\n location=\"us-central1\",\n capacity_config={\n \"vcpu_count\": \"3\",\n \"memory_bytes\": \"3221225472\",\n },\n gcp_config={\n \"access_config\": {\n \"network_configs\": [{\n \"subnet\": f\"projects/{project.number}/regions/us-central1/subnetworks/default\",\n }],\n },\n })\nexample = gcp.managedkafka.Topic(\"example\",\n topic_id=\"my-topic\",\n cluster=cluster.cluster_id,\n location=\"us-central1\",\n partition_count=2,\n replication_factor=3,\n configs={\n \"cleanup.policy\": \"compact\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var cluster = new Gcp.ManagedKafka.Cluster(\"cluster\", new()\n {\n ClusterId = \"my-cluster\",\n Location = \"us-central1\",\n CapacityConfig = new Gcp.ManagedKafka.Inputs.ClusterCapacityConfigArgs\n {\n VcpuCount = \"3\",\n MemoryBytes = \"3221225472\",\n },\n GcpConfig = new Gcp.ManagedKafka.Inputs.ClusterGcpConfigArgs\n {\n AccessConfig = new Gcp.ManagedKafka.Inputs.ClusterGcpConfigAccessConfigArgs\n {\n NetworkConfigs = new[]\n {\n new Gcp.ManagedKafka.Inputs.ClusterGcpConfigAccessConfigNetworkConfigArgs\n {\n Subnet = $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/regions/us-central1/subnetworks/default\",\n },\n },\n },\n },\n });\n\n var example = new Gcp.ManagedKafka.Topic(\"example\", new()\n {\n TopicId = \"my-topic\",\n Cluster = cluster.ClusterId,\n Location = \"us-central1\",\n PartitionCount = 2,\n ReplicationFactor = 3,\n Configs = \n {\n { \"cleanup.policy\", \"compact\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/managedkafka\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcluster, err := managedkafka.NewCluster(ctx, \"cluster\", \u0026managedkafka.ClusterArgs{\n\t\t\tClusterId: pulumi.String(\"my-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tCapacityConfig: \u0026managedkafka.ClusterCapacityConfigArgs{\n\t\t\t\tVcpuCount: pulumi.String(\"3\"),\n\t\t\t\tMemoryBytes: pulumi.String(\"3221225472\"),\n\t\t\t},\n\t\t\tGcpConfig: \u0026managedkafka.ClusterGcpConfigArgs{\n\t\t\t\tAccessConfig: \u0026managedkafka.ClusterGcpConfigAccessConfigArgs{\n\t\t\t\t\tNetworkConfigs: managedkafka.ClusterGcpConfigAccessConfigNetworkConfigArray{\n\t\t\t\t\t\t\u0026managedkafka.ClusterGcpConfigAccessConfigNetworkConfigArgs{\n\t\t\t\t\t\t\tSubnet: pulumi.Sprintf(\"projects/%v/regions/us-central1/subnetworks/default\", project.Number),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = managedkafka.NewTopic(ctx, \"example\", \u0026managedkafka.TopicArgs{\n\t\t\tTopicId: pulumi.String(\"my-topic\"),\n\t\t\tCluster: cluster.ClusterId,\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPartitionCount: pulumi.Int(2),\n\t\t\tReplicationFactor: pulumi.Int(3),\n\t\t\tConfigs: pulumi.StringMap{\n\t\t\t\t\"cleanup.policy\": pulumi.String(\"compact\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.managedkafka.Cluster;\nimport com.pulumi.gcp.managedkafka.ClusterArgs;\nimport com.pulumi.gcp.managedkafka.inputs.ClusterCapacityConfigArgs;\nimport com.pulumi.gcp.managedkafka.inputs.ClusterGcpConfigArgs;\nimport com.pulumi.gcp.managedkafka.inputs.ClusterGcpConfigAccessConfigArgs;\nimport com.pulumi.gcp.managedkafka.Topic;\nimport com.pulumi.gcp.managedkafka.TopicArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var cluster = new Cluster(\"cluster\", ClusterArgs.builder()\n .clusterId(\"my-cluster\")\n .location(\"us-central1\")\n .capacityConfig(ClusterCapacityConfigArgs.builder()\n .vcpuCount(3)\n .memoryBytes(3221225472)\n .build())\n .gcpConfig(ClusterGcpConfigArgs.builder()\n .accessConfig(ClusterGcpConfigAccessConfigArgs.builder()\n .networkConfigs(ClusterGcpConfigAccessConfigNetworkConfigArgs.builder()\n .subnet(String.format(\"projects/%s/regions/us-central1/subnetworks/default\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build())\n .build())\n .build())\n .build());\n\n var example = new Topic(\"example\", TopicArgs.builder()\n .topicId(\"my-topic\")\n .cluster(cluster.clusterId())\n .location(\"us-central1\")\n .partitionCount(2)\n .replicationFactor(3)\n .configs(Map.of(\"cleanup.policy\", \"compact\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cluster:\n type: gcp:managedkafka:Cluster\n properties:\n clusterId: my-cluster\n location: us-central1\n capacityConfig:\n vcpuCount: 3\n memoryBytes: 3.221225472e+09\n gcpConfig:\n accessConfig:\n networkConfigs:\n - subnet: projects/${project.number}/regions/us-central1/subnetworks/default\n example:\n type: gcp:managedkafka:Topic\n properties:\n topicId: my-topic\n cluster: ${cluster.clusterId}\n location: us-central1\n partitionCount: 2\n replicationFactor: 3\n configs:\n cleanup.policy: compact\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nTopic can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/clusters/{{cluster}}/topics/{{topic_id}}`\n\n* `{{project}}/{{location}}/{{cluster}}/{{topic_id}}`\n\n* `{{location}}/{{cluster}}/{{topic_id}}`\n\nWhen using the `pulumi import` command, Topic can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:managedkafka/topic:Topic default projects/{{project}}/locations/{{location}}/clusters/{{cluster}}/topics/{{topic_id}}\n```\n\n```sh\n$ pulumi import gcp:managedkafka/topic:Topic default {{project}}/{{location}}/{{cluster}}/{{topic_id}}\n```\n\n```sh\n$ pulumi import gcp:managedkafka/topic:Topic default {{location}}/{{cluster}}/{{topic_id}}\n```\n\n", + "description": "A Managed Service for Apache Kafka topic. Apache Kafka is a trademark owned by the Apache Software Foundation.\n\n\n\n## Example Usage\n\n### Managedkafka Topic Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst cluster = new gcp.managedkafka.Cluster(\"cluster\", {\n clusterId: \"my-cluster\",\n location: \"us-central1\",\n capacityConfig: {\n vcpuCount: \"3\",\n memoryBytes: \"3221225472\",\n },\n gcpConfig: {\n accessConfig: {\n networkConfigs: [{\n subnet: project.then(project =\u003e `projects/${project.number}/regions/us-central1/subnetworks/default`),\n }],\n },\n },\n});\nconst example = new gcp.managedkafka.Topic(\"example\", {\n topicId: \"my-topic\",\n cluster: cluster.clusterId,\n location: \"us-central1\",\n partitionCount: 2,\n replicationFactor: 3,\n configs: {\n \"cleanup.policy\": \"compact\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ncluster = gcp.managedkafka.Cluster(\"cluster\",\n cluster_id=\"my-cluster\",\n location=\"us-central1\",\n capacity_config={\n \"vcpu_count\": \"3\",\n \"memory_bytes\": \"3221225472\",\n },\n gcp_config={\n \"access_config\": {\n \"network_configs\": [{\n \"subnet\": f\"projects/{project.number}/regions/us-central1/subnetworks/default\",\n }],\n },\n })\nexample = gcp.managedkafka.Topic(\"example\",\n topic_id=\"my-topic\",\n cluster=cluster.cluster_id,\n location=\"us-central1\",\n partition_count=2,\n replication_factor=3,\n configs={\n \"cleanup.policy\": \"compact\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var cluster = new Gcp.ManagedKafka.Cluster(\"cluster\", new()\n {\n ClusterId = \"my-cluster\",\n Location = \"us-central1\",\n CapacityConfig = new Gcp.ManagedKafka.Inputs.ClusterCapacityConfigArgs\n {\n VcpuCount = \"3\",\n MemoryBytes = \"3221225472\",\n },\n GcpConfig = new Gcp.ManagedKafka.Inputs.ClusterGcpConfigArgs\n {\n AccessConfig = new Gcp.ManagedKafka.Inputs.ClusterGcpConfigAccessConfigArgs\n {\n NetworkConfigs = new[]\n {\n new Gcp.ManagedKafka.Inputs.ClusterGcpConfigAccessConfigNetworkConfigArgs\n {\n Subnet = $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/regions/us-central1/subnetworks/default\",\n },\n },\n },\n },\n });\n\n var example = new Gcp.ManagedKafka.Topic(\"example\", new()\n {\n TopicId = \"my-topic\",\n Cluster = cluster.ClusterId,\n Location = \"us-central1\",\n PartitionCount = 2,\n ReplicationFactor = 3,\n Configs = \n {\n { \"cleanup.policy\", \"compact\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/managedkafka\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcluster, err := managedkafka.NewCluster(ctx, \"cluster\", \u0026managedkafka.ClusterArgs{\n\t\t\tClusterId: pulumi.String(\"my-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tCapacityConfig: \u0026managedkafka.ClusterCapacityConfigArgs{\n\t\t\t\tVcpuCount: pulumi.String(\"3\"),\n\t\t\t\tMemoryBytes: pulumi.String(\"3221225472\"),\n\t\t\t},\n\t\t\tGcpConfig: \u0026managedkafka.ClusterGcpConfigArgs{\n\t\t\t\tAccessConfig: \u0026managedkafka.ClusterGcpConfigAccessConfigArgs{\n\t\t\t\t\tNetworkConfigs: managedkafka.ClusterGcpConfigAccessConfigNetworkConfigArray{\n\t\t\t\t\t\t\u0026managedkafka.ClusterGcpConfigAccessConfigNetworkConfigArgs{\n\t\t\t\t\t\t\tSubnet: pulumi.Sprintf(\"projects/%v/regions/us-central1/subnetworks/default\", project.Number),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = managedkafka.NewTopic(ctx, \"example\", \u0026managedkafka.TopicArgs{\n\t\t\tTopicId: pulumi.String(\"my-topic\"),\n\t\t\tCluster: cluster.ClusterId,\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPartitionCount: pulumi.Int(2),\n\t\t\tReplicationFactor: pulumi.Int(3),\n\t\t\tConfigs: pulumi.StringMap{\n\t\t\t\t\"cleanup.policy\": pulumi.String(\"compact\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.managedkafka.Cluster;\nimport com.pulumi.gcp.managedkafka.ClusterArgs;\nimport com.pulumi.gcp.managedkafka.inputs.ClusterCapacityConfigArgs;\nimport com.pulumi.gcp.managedkafka.inputs.ClusterGcpConfigArgs;\nimport com.pulumi.gcp.managedkafka.inputs.ClusterGcpConfigAccessConfigArgs;\nimport com.pulumi.gcp.managedkafka.Topic;\nimport com.pulumi.gcp.managedkafka.TopicArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var cluster = new Cluster(\"cluster\", ClusterArgs.builder()\n .clusterId(\"my-cluster\")\n .location(\"us-central1\")\n .capacityConfig(ClusterCapacityConfigArgs.builder()\n .vcpuCount(3)\n .memoryBytes(3221225472)\n .build())\n .gcpConfig(ClusterGcpConfigArgs.builder()\n .accessConfig(ClusterGcpConfigAccessConfigArgs.builder()\n .networkConfigs(ClusterGcpConfigAccessConfigNetworkConfigArgs.builder()\n .subnet(String.format(\"projects/%s/regions/us-central1/subnetworks/default\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build())\n .build())\n .build())\n .build());\n\n var example = new Topic(\"example\", TopicArgs.builder()\n .topicId(\"my-topic\")\n .cluster(cluster.clusterId())\n .location(\"us-central1\")\n .partitionCount(2)\n .replicationFactor(3)\n .configs(Map.of(\"cleanup.policy\", \"compact\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cluster:\n type: gcp:managedkafka:Cluster\n properties:\n clusterId: my-cluster\n location: us-central1\n capacityConfig:\n vcpuCount: 3\n memoryBytes: 3.221225472e+09\n gcpConfig:\n accessConfig:\n networkConfigs:\n - subnet: projects/${project.number}/regions/us-central1/subnetworks/default\n example:\n type: gcp:managedkafka:Topic\n properties:\n topicId: my-topic\n cluster: ${cluster.clusterId}\n location: us-central1\n partitionCount: 2\n replicationFactor: 3\n configs:\n cleanup.policy: compact\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nTopic can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/clusters/{{cluster}}/topics/{{topic_id}}`\n\n* `{{project}}/{{location}}/{{cluster}}/{{topic_id}}`\n\n* `{{location}}/{{cluster}}/{{topic_id}}`\n\nWhen using the `pulumi import` command, Topic can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:managedkafka/topic:Topic default projects/{{project}}/locations/{{location}}/clusters/{{cluster}}/topics/{{topic_id}}\n```\n\n```sh\n$ pulumi import gcp:managedkafka/topic:Topic default {{project}}/{{location}}/{{cluster}}/{{topic_id}}\n```\n\n```sh\n$ pulumi import gcp:managedkafka/topic:Topic default {{location}}/{{cluster}}/{{topic_id}}\n```\n\n", "properties": { "cluster": { "type": "string", @@ -234961,7 +234961,7 @@ } }, "gcp:memorystore/instance:Instance": { - "description": "A Google Cloud Memorystore instance.\n\n\n\n## Example Usage\n\n### Memorystore Instance Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst producerNet = new gcp.compute.Network(\"producer_net\", {\n name: \"my-network\",\n autoCreateSubnetworks: false,\n});\nconst producerSubnet = new gcp.compute.Subnetwork(\"producer_subnet\", {\n name: \"my-subnet\",\n ipCidrRange: \"10.0.0.248/29\",\n region: \"us-central1\",\n network: producerNet.id,\n});\nconst _default = new gcp.networkconnectivity.ServiceConnectionPolicy(\"default\", {\n name: \"my-policy\",\n location: \"us-central1\",\n serviceClass: \"gcp-memorystore\",\n description: \"my basic service connection policy\",\n network: producerNet.id,\n pscConfig: {\n subnetworks: [producerSubnet.id],\n },\n});\nconst project = gcp.organizations.getProject({});\nconst instance_basic = new gcp.memorystore.Instance(\"instance-basic\", {\n instanceId: \"basic-instance\",\n shardCount: 3,\n desiredPscAutoConnections: [{\n network: producerNet.id,\n projectId: project.then(project =\u003e project.projectId),\n }],\n location: \"us-central1\",\n deletionProtectionEnabled: false,\n}, {\n dependsOn: [_default],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproducer_net = gcp.compute.Network(\"producer_net\",\n name=\"my-network\",\n auto_create_subnetworks=False)\nproducer_subnet = gcp.compute.Subnetwork(\"producer_subnet\",\n name=\"my-subnet\",\n ip_cidr_range=\"10.0.0.248/29\",\n region=\"us-central1\",\n network=producer_net.id)\ndefault = gcp.networkconnectivity.ServiceConnectionPolicy(\"default\",\n name=\"my-policy\",\n location=\"us-central1\",\n service_class=\"gcp-memorystore\",\n description=\"my basic service connection policy\",\n network=producer_net.id,\n psc_config={\n \"subnetworks\": [producer_subnet.id],\n })\nproject = gcp.organizations.get_project()\ninstance_basic = gcp.memorystore.Instance(\"instance-basic\",\n instance_id=\"basic-instance\",\n shard_count=3,\n desired_psc_auto_connections=[{\n \"network\": producer_net.id,\n \"project_id\": project.project_id,\n }],\n location=\"us-central1\",\n deletion_protection_enabled=False,\n opts = pulumi.ResourceOptions(depends_on=[default]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var producerNet = new Gcp.Compute.Network(\"producer_net\", new()\n {\n Name = \"my-network\",\n AutoCreateSubnetworks = false,\n });\n\n var producerSubnet = new Gcp.Compute.Subnetwork(\"producer_subnet\", new()\n {\n Name = \"my-subnet\",\n IpCidrRange = \"10.0.0.248/29\",\n Region = \"us-central1\",\n Network = producerNet.Id,\n });\n\n var @default = new Gcp.NetworkConnectivity.ServiceConnectionPolicy(\"default\", new()\n {\n Name = \"my-policy\",\n Location = \"us-central1\",\n ServiceClass = \"gcp-memorystore\",\n Description = \"my basic service connection policy\",\n Network = producerNet.Id,\n PscConfig = new Gcp.NetworkConnectivity.Inputs.ServiceConnectionPolicyPscConfigArgs\n {\n Subnetworks = new[]\n {\n producerSubnet.Id,\n },\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var instance_basic = new Gcp.MemoryStore.Instance(\"instance-basic\", new()\n {\n InstanceId = \"basic-instance\",\n ShardCount = 3,\n DesiredPscAutoConnections = new[]\n {\n new Gcp.MemoryStore.Inputs.InstanceDesiredPscAutoConnectionArgs\n {\n Network = producerNet.Id,\n ProjectId = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n },\n },\n Location = \"us-central1\",\n DeletionProtectionEnabled = false,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/memorystore\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproducerNet, err := compute.NewNetwork(ctx, \"producer_net\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerSubnet, err := compute.NewSubnetwork(ctx, \"producer_subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"my-subnet\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.248/29\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewServiceConnectionPolicy(ctx, \"default\", \u0026networkconnectivity.ServiceConnectionPolicyArgs{\n\t\t\tName: pulumi.String(\"my-policy\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tServiceClass: pulumi.String(\"gcp-memorystore\"),\n\t\t\tDescription: pulumi.String(\"my basic service connection policy\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t\tPscConfig: \u0026networkconnectivity.ServiceConnectionPolicyPscConfigArgs{\n\t\t\t\tSubnetworks: pulumi.StringArray{\n\t\t\t\t\tproducerSubnet.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = memorystore.NewInstance(ctx, \"instance-basic\", \u0026memorystore.InstanceArgs{\n\t\t\tInstanceId: pulumi.String(\"basic-instance\"),\n\t\t\tShardCount: pulumi.Int(3),\n\t\t\tDesiredPscAutoConnections: memorystore.InstanceDesiredPscAutoConnectionArray{\n\t\t\t\t\u0026memorystore.InstanceDesiredPscAutoConnectionArgs{\n\t\t\t\t\tNetwork: producerNet.ID(),\n\t\t\t\t\tProjectId: pulumi.String(project.ProjectId),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtectionEnabled: pulumi.Bool(false),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicy;\nimport com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicyArgs;\nimport com.pulumi.gcp.networkconnectivity.inputs.ServiceConnectionPolicyPscConfigArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.memorystore.Instance;\nimport com.pulumi.gcp.memorystore.InstanceArgs;\nimport com.pulumi.gcp.memorystore.inputs.InstanceDesiredPscAutoConnectionArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var producerNet = new Network(\"producerNet\", NetworkArgs.builder()\n .name(\"my-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var producerSubnet = new Subnetwork(\"producerSubnet\", SubnetworkArgs.builder()\n .name(\"my-subnet\")\n .ipCidrRange(\"10.0.0.248/29\")\n .region(\"us-central1\")\n .network(producerNet.id())\n .build());\n\n var default_ = new ServiceConnectionPolicy(\"default\", ServiceConnectionPolicyArgs.builder()\n .name(\"my-policy\")\n .location(\"us-central1\")\n .serviceClass(\"gcp-memorystore\")\n .description(\"my basic service connection policy\")\n .network(producerNet.id())\n .pscConfig(ServiceConnectionPolicyPscConfigArgs.builder()\n .subnetworks(producerSubnet.id())\n .build())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var instance_basic = new Instance(\"instance-basic\", InstanceArgs.builder()\n .instanceId(\"basic-instance\")\n .shardCount(3)\n .desiredPscAutoConnections(InstanceDesiredPscAutoConnectionArgs.builder()\n .network(producerNet.id())\n .projectId(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .build())\n .location(\"us-central1\")\n .deletionProtectionEnabled(false)\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance-basic:\n type: gcp:memorystore:Instance\n properties:\n instanceId: basic-instance\n shardCount: 3\n desiredPscAutoConnections:\n - network: ${producerNet.id}\n projectId: ${project.projectId}\n location: us-central1\n deletionProtectionEnabled: false\n options:\n dependson:\n - ${default}\n default:\n type: gcp:networkconnectivity:ServiceConnectionPolicy\n properties:\n name: my-policy\n location: us-central1\n serviceClass: gcp-memorystore\n description: my basic service connection policy\n network: ${producerNet.id}\n pscConfig:\n subnetworks:\n - ${producerSubnet.id}\n producerSubnet:\n type: gcp:compute:Subnetwork\n name: producer_subnet\n properties:\n name: my-subnet\n ipCidrRange: 10.0.0.248/29\n region: us-central1\n network: ${producerNet.id}\n producerNet:\n type: gcp:compute:Network\n name: producer_net\n properties:\n name: my-network\n autoCreateSubnetworks: false\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Memorystore Instance Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst producerNet = new gcp.compute.Network(\"producer_net\", {\n name: \"my-network\",\n autoCreateSubnetworks: false,\n});\nconst producerSubnet = new gcp.compute.Subnetwork(\"producer_subnet\", {\n name: \"my-subnet\",\n ipCidrRange: \"10.0.0.248/29\",\n region: \"us-central1\",\n network: producerNet.id,\n});\nconst _default = new gcp.networkconnectivity.ServiceConnectionPolicy(\"default\", {\n name: \"my-policy\",\n location: \"us-central1\",\n serviceClass: \"gcp-memorystore\",\n description: \"my basic service connection policy\",\n network: producerNet.id,\n pscConfig: {\n subnetworks: [producerSubnet.id],\n },\n});\nconst project = gcp.organizations.getProject({});\nconst instance_full = new gcp.memorystore.Instance(\"instance-full\", {\n instanceId: \"full-instance\",\n shardCount: 3,\n desiredPscAutoConnections: [{\n network: producerNet.id,\n projectId: project.then(project =\u003e project.projectId),\n }],\n location: \"us-central1\",\n replicaCount: 2,\n nodeType: \"SHARED_CORE_NANO\",\n transitEncryptionMode: \"TRANSIT_ENCRYPTION_DISABLED\",\n authorizationMode: \"AUTH_DISABLED\",\n engineConfigs: {\n \"maxmemory-policy\": \"volatile-ttl\",\n },\n zoneDistributionConfig: {\n mode: \"SINGLE_ZONE\",\n zone: \"us-central1-b\",\n },\n engineVersion: \"VALKEY_7_2\",\n deletionProtectionEnabled: false,\n mode: \"CLUSTER\",\n persistenceConfig: {\n mode: \"RDB\",\n rdbConfig: {\n rdbSnapshotPeriod: \"ONE_HOUR\",\n rdbSnapshotStartTime: \"2024-10-02T15:01:23Z\",\n },\n },\n labels: {\n abc: \"xyz\",\n },\n}, {\n dependsOn: [_default],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproducer_net = gcp.compute.Network(\"producer_net\",\n name=\"my-network\",\n auto_create_subnetworks=False)\nproducer_subnet = gcp.compute.Subnetwork(\"producer_subnet\",\n name=\"my-subnet\",\n ip_cidr_range=\"10.0.0.248/29\",\n region=\"us-central1\",\n network=producer_net.id)\ndefault = gcp.networkconnectivity.ServiceConnectionPolicy(\"default\",\n name=\"my-policy\",\n location=\"us-central1\",\n service_class=\"gcp-memorystore\",\n description=\"my basic service connection policy\",\n network=producer_net.id,\n psc_config={\n \"subnetworks\": [producer_subnet.id],\n })\nproject = gcp.organizations.get_project()\ninstance_full = gcp.memorystore.Instance(\"instance-full\",\n instance_id=\"full-instance\",\n shard_count=3,\n desired_psc_auto_connections=[{\n \"network\": producer_net.id,\n \"project_id\": project.project_id,\n }],\n location=\"us-central1\",\n replica_count=2,\n node_type=\"SHARED_CORE_NANO\",\n transit_encryption_mode=\"TRANSIT_ENCRYPTION_DISABLED\",\n authorization_mode=\"AUTH_DISABLED\",\n engine_configs={\n \"maxmemory-policy\": \"volatile-ttl\",\n },\n zone_distribution_config={\n \"mode\": \"SINGLE_ZONE\",\n \"zone\": \"us-central1-b\",\n },\n engine_version=\"VALKEY_7_2\",\n deletion_protection_enabled=False,\n mode=\"CLUSTER\",\n persistence_config={\n \"mode\": \"RDB\",\n \"rdb_config\": {\n \"rdb_snapshot_period\": \"ONE_HOUR\",\n \"rdb_snapshot_start_time\": \"2024-10-02T15:01:23Z\",\n },\n },\n labels={\n \"abc\": \"xyz\",\n },\n opts = pulumi.ResourceOptions(depends_on=[default]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var producerNet = new Gcp.Compute.Network(\"producer_net\", new()\n {\n Name = \"my-network\",\n AutoCreateSubnetworks = false,\n });\n\n var producerSubnet = new Gcp.Compute.Subnetwork(\"producer_subnet\", new()\n {\n Name = \"my-subnet\",\n IpCidrRange = \"10.0.0.248/29\",\n Region = \"us-central1\",\n Network = producerNet.Id,\n });\n\n var @default = new Gcp.NetworkConnectivity.ServiceConnectionPolicy(\"default\", new()\n {\n Name = \"my-policy\",\n Location = \"us-central1\",\n ServiceClass = \"gcp-memorystore\",\n Description = \"my basic service connection policy\",\n Network = producerNet.Id,\n PscConfig = new Gcp.NetworkConnectivity.Inputs.ServiceConnectionPolicyPscConfigArgs\n {\n Subnetworks = new[]\n {\n producerSubnet.Id,\n },\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var instance_full = new Gcp.MemoryStore.Instance(\"instance-full\", new()\n {\n InstanceId = \"full-instance\",\n ShardCount = 3,\n DesiredPscAutoConnections = new[]\n {\n new Gcp.MemoryStore.Inputs.InstanceDesiredPscAutoConnectionArgs\n {\n Network = producerNet.Id,\n ProjectId = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n },\n },\n Location = \"us-central1\",\n ReplicaCount = 2,\n NodeType = \"SHARED_CORE_NANO\",\n TransitEncryptionMode = \"TRANSIT_ENCRYPTION_DISABLED\",\n AuthorizationMode = \"AUTH_DISABLED\",\n EngineConfigs = \n {\n { \"maxmemory-policy\", \"volatile-ttl\" },\n },\n ZoneDistributionConfig = new Gcp.MemoryStore.Inputs.InstanceZoneDistributionConfigArgs\n {\n Mode = \"SINGLE_ZONE\",\n Zone = \"us-central1-b\",\n },\n EngineVersion = \"VALKEY_7_2\",\n DeletionProtectionEnabled = false,\n Mode = \"CLUSTER\",\n PersistenceConfig = new Gcp.MemoryStore.Inputs.InstancePersistenceConfigArgs\n {\n Mode = \"RDB\",\n RdbConfig = new Gcp.MemoryStore.Inputs.InstancePersistenceConfigRdbConfigArgs\n {\n RdbSnapshotPeriod = \"ONE_HOUR\",\n RdbSnapshotStartTime = \"2024-10-02T15:01:23Z\",\n },\n },\n Labels = \n {\n { \"abc\", \"xyz\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/memorystore\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproducerNet, err := compute.NewNetwork(ctx, \"producer_net\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerSubnet, err := compute.NewSubnetwork(ctx, \"producer_subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"my-subnet\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.248/29\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewServiceConnectionPolicy(ctx, \"default\", \u0026networkconnectivity.ServiceConnectionPolicyArgs{\n\t\t\tName: pulumi.String(\"my-policy\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tServiceClass: pulumi.String(\"gcp-memorystore\"),\n\t\t\tDescription: pulumi.String(\"my basic service connection policy\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t\tPscConfig: \u0026networkconnectivity.ServiceConnectionPolicyPscConfigArgs{\n\t\t\t\tSubnetworks: pulumi.StringArray{\n\t\t\t\t\tproducerSubnet.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = memorystore.NewInstance(ctx, \"instance-full\", \u0026memorystore.InstanceArgs{\n\t\t\tInstanceId: pulumi.String(\"full-instance\"),\n\t\t\tShardCount: pulumi.Int(3),\n\t\t\tDesiredPscAutoConnections: memorystore.InstanceDesiredPscAutoConnectionArray{\n\t\t\t\t\u0026memorystore.InstanceDesiredPscAutoConnectionArgs{\n\t\t\t\t\tNetwork: producerNet.ID(),\n\t\t\t\t\tProjectId: pulumi.String(project.ProjectId),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tReplicaCount: pulumi.Int(2),\n\t\t\tNodeType: pulumi.String(\"SHARED_CORE_NANO\"),\n\t\t\tTransitEncryptionMode: pulumi.String(\"TRANSIT_ENCRYPTION_DISABLED\"),\n\t\t\tAuthorizationMode: pulumi.String(\"AUTH_DISABLED\"),\n\t\t\tEngineConfigs: pulumi.StringMap{\n\t\t\t\t\"maxmemory-policy\": pulumi.String(\"volatile-ttl\"),\n\t\t\t},\n\t\t\tZoneDistributionConfig: \u0026memorystore.InstanceZoneDistributionConfigArgs{\n\t\t\t\tMode: pulumi.String(\"SINGLE_ZONE\"),\n\t\t\t\tZone: pulumi.String(\"us-central1-b\"),\n\t\t\t},\n\t\t\tEngineVersion: pulumi.String(\"VALKEY_7_2\"),\n\t\t\tDeletionProtectionEnabled: pulumi.Bool(false),\n\t\t\tMode: pulumi.String(\"CLUSTER\"),\n\t\t\tPersistenceConfig: \u0026memorystore.InstancePersistenceConfigArgs{\n\t\t\t\tMode: pulumi.String(\"RDB\"),\n\t\t\t\tRdbConfig: \u0026memorystore.InstancePersistenceConfigRdbConfigArgs{\n\t\t\t\t\tRdbSnapshotPeriod: pulumi.String(\"ONE_HOUR\"),\n\t\t\t\t\tRdbSnapshotStartTime: pulumi.String(\"2024-10-02T15:01:23Z\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"abc\": pulumi.String(\"xyz\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicy;\nimport com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicyArgs;\nimport com.pulumi.gcp.networkconnectivity.inputs.ServiceConnectionPolicyPscConfigArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.memorystore.Instance;\nimport com.pulumi.gcp.memorystore.InstanceArgs;\nimport com.pulumi.gcp.memorystore.inputs.InstanceDesiredPscAutoConnectionArgs;\nimport com.pulumi.gcp.memorystore.inputs.InstanceZoneDistributionConfigArgs;\nimport com.pulumi.gcp.memorystore.inputs.InstancePersistenceConfigArgs;\nimport com.pulumi.gcp.memorystore.inputs.InstancePersistenceConfigRdbConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var producerNet = new Network(\"producerNet\", NetworkArgs.builder()\n .name(\"my-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var producerSubnet = new Subnetwork(\"producerSubnet\", SubnetworkArgs.builder()\n .name(\"my-subnet\")\n .ipCidrRange(\"10.0.0.248/29\")\n .region(\"us-central1\")\n .network(producerNet.id())\n .build());\n\n var default_ = new ServiceConnectionPolicy(\"default\", ServiceConnectionPolicyArgs.builder()\n .name(\"my-policy\")\n .location(\"us-central1\")\n .serviceClass(\"gcp-memorystore\")\n .description(\"my basic service connection policy\")\n .network(producerNet.id())\n .pscConfig(ServiceConnectionPolicyPscConfigArgs.builder()\n .subnetworks(producerSubnet.id())\n .build())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var instance_full = new Instance(\"instance-full\", InstanceArgs.builder()\n .instanceId(\"full-instance\")\n .shardCount(3)\n .desiredPscAutoConnections(InstanceDesiredPscAutoConnectionArgs.builder()\n .network(producerNet.id())\n .projectId(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .build())\n .location(\"us-central1\")\n .replicaCount(2)\n .nodeType(\"SHARED_CORE_NANO\")\n .transitEncryptionMode(\"TRANSIT_ENCRYPTION_DISABLED\")\n .authorizationMode(\"AUTH_DISABLED\")\n .engineConfigs(Map.of(\"maxmemory-policy\", \"volatile-ttl\"))\n .zoneDistributionConfig(InstanceZoneDistributionConfigArgs.builder()\n .mode(\"SINGLE_ZONE\")\n .zone(\"us-central1-b\")\n .build())\n .engineVersion(\"VALKEY_7_2\")\n .deletionProtectionEnabled(false)\n .mode(\"CLUSTER\")\n .persistenceConfig(InstancePersistenceConfigArgs.builder()\n .mode(\"RDB\")\n .rdbConfig(InstancePersistenceConfigRdbConfigArgs.builder()\n .rdbSnapshotPeriod(\"ONE_HOUR\")\n .rdbSnapshotStartTime(\"2024-10-02T15:01:23Z\")\n .build())\n .build())\n .labels(Map.of(\"abc\", \"xyz\"))\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance-full:\n type: gcp:memorystore:Instance\n properties:\n instanceId: full-instance\n shardCount: 3\n desiredPscAutoConnections:\n - network: ${producerNet.id}\n projectId: ${project.projectId}\n location: us-central1\n replicaCount: 2\n nodeType: SHARED_CORE_NANO\n transitEncryptionMode: TRANSIT_ENCRYPTION_DISABLED\n authorizationMode: AUTH_DISABLED\n engineConfigs:\n maxmemory-policy: volatile-ttl\n zoneDistributionConfig:\n mode: SINGLE_ZONE\n zone: us-central1-b\n engineVersion: VALKEY_7_2\n deletionProtectionEnabled: false\n mode: CLUSTER\n persistenceConfig:\n mode: RDB\n rdbConfig:\n rdbSnapshotPeriod: ONE_HOUR\n rdbSnapshotStartTime: 2024-10-02T15:01:23Z\n labels:\n abc: xyz\n options:\n dependson:\n - ${default}\n default:\n type: gcp:networkconnectivity:ServiceConnectionPolicy\n properties:\n name: my-policy\n location: us-central1\n serviceClass: gcp-memorystore\n description: my basic service connection policy\n network: ${producerNet.id}\n pscConfig:\n subnetworks:\n - ${producerSubnet.id}\n producerSubnet:\n type: gcp:compute:Subnetwork\n name: producer_subnet\n properties:\n name: my-subnet\n ipCidrRange: 10.0.0.248/29\n region: us-central1\n network: ${producerNet.id}\n producerNet:\n type: gcp:compute:Network\n name: producer_net\n properties:\n name: my-network\n autoCreateSubnetworks: false\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Memorystore Instance Persistence Aof\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst producerNet = new gcp.compute.Network(\"producer_net\", {\n name: \"my-network\",\n autoCreateSubnetworks: false,\n});\nconst producerSubnet = new gcp.compute.Subnetwork(\"producer_subnet\", {\n name: \"my-subnet\",\n ipCidrRange: \"10.0.0.248/29\",\n region: \"us-central1\",\n network: producerNet.id,\n});\nconst _default = new gcp.networkconnectivity.ServiceConnectionPolicy(\"default\", {\n name: \"my-policy\",\n location: \"us-central1\",\n serviceClass: \"gcp-memorystore\",\n description: \"my basic service connection policy\",\n network: producerNet.id,\n pscConfig: {\n subnetworks: [producerSubnet.id],\n },\n});\nconst project = gcp.organizations.getProject({});\nconst instance_persistence_aof = new gcp.memorystore.Instance(\"instance-persistence-aof\", {\n instanceId: \"aof-instance\",\n shardCount: 3,\n desiredPscAutoConnections: [{\n network: producerNet.id,\n projectId: project.then(project =\u003e project.projectId),\n }],\n location: \"us-central1\",\n persistenceConfig: {\n mode: \"AOF\",\n aofConfig: {\n appendFsync: \"EVERY_SEC\",\n },\n },\n deletionProtectionEnabled: false,\n}, {\n dependsOn: [_default],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproducer_net = gcp.compute.Network(\"producer_net\",\n name=\"my-network\",\n auto_create_subnetworks=False)\nproducer_subnet = gcp.compute.Subnetwork(\"producer_subnet\",\n name=\"my-subnet\",\n ip_cidr_range=\"10.0.0.248/29\",\n region=\"us-central1\",\n network=producer_net.id)\ndefault = gcp.networkconnectivity.ServiceConnectionPolicy(\"default\",\n name=\"my-policy\",\n location=\"us-central1\",\n service_class=\"gcp-memorystore\",\n description=\"my basic service connection policy\",\n network=producer_net.id,\n psc_config={\n \"subnetworks\": [producer_subnet.id],\n })\nproject = gcp.organizations.get_project()\ninstance_persistence_aof = gcp.memorystore.Instance(\"instance-persistence-aof\",\n instance_id=\"aof-instance\",\n shard_count=3,\n desired_psc_auto_connections=[{\n \"network\": producer_net.id,\n \"project_id\": project.project_id,\n }],\n location=\"us-central1\",\n persistence_config={\n \"mode\": \"AOF\",\n \"aof_config\": {\n \"append_fsync\": \"EVERY_SEC\",\n },\n },\n deletion_protection_enabled=False,\n opts = pulumi.ResourceOptions(depends_on=[default]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var producerNet = new Gcp.Compute.Network(\"producer_net\", new()\n {\n Name = \"my-network\",\n AutoCreateSubnetworks = false,\n });\n\n var producerSubnet = new Gcp.Compute.Subnetwork(\"producer_subnet\", new()\n {\n Name = \"my-subnet\",\n IpCidrRange = \"10.0.0.248/29\",\n Region = \"us-central1\",\n Network = producerNet.Id,\n });\n\n var @default = new Gcp.NetworkConnectivity.ServiceConnectionPolicy(\"default\", new()\n {\n Name = \"my-policy\",\n Location = \"us-central1\",\n ServiceClass = \"gcp-memorystore\",\n Description = \"my basic service connection policy\",\n Network = producerNet.Id,\n PscConfig = new Gcp.NetworkConnectivity.Inputs.ServiceConnectionPolicyPscConfigArgs\n {\n Subnetworks = new[]\n {\n producerSubnet.Id,\n },\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var instance_persistence_aof = new Gcp.MemoryStore.Instance(\"instance-persistence-aof\", new()\n {\n InstanceId = \"aof-instance\",\n ShardCount = 3,\n DesiredPscAutoConnections = new[]\n {\n new Gcp.MemoryStore.Inputs.InstanceDesiredPscAutoConnectionArgs\n {\n Network = producerNet.Id,\n ProjectId = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n },\n },\n Location = \"us-central1\",\n PersistenceConfig = new Gcp.MemoryStore.Inputs.InstancePersistenceConfigArgs\n {\n Mode = \"AOF\",\n AofConfig = new Gcp.MemoryStore.Inputs.InstancePersistenceConfigAofConfigArgs\n {\n AppendFsync = \"EVERY_SEC\",\n },\n },\n DeletionProtectionEnabled = false,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/memorystore\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproducerNet, err := compute.NewNetwork(ctx, \"producer_net\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerSubnet, err := compute.NewSubnetwork(ctx, \"producer_subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"my-subnet\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.248/29\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewServiceConnectionPolicy(ctx, \"default\", \u0026networkconnectivity.ServiceConnectionPolicyArgs{\n\t\t\tName: pulumi.String(\"my-policy\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tServiceClass: pulumi.String(\"gcp-memorystore\"),\n\t\t\tDescription: pulumi.String(\"my basic service connection policy\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t\tPscConfig: \u0026networkconnectivity.ServiceConnectionPolicyPscConfigArgs{\n\t\t\t\tSubnetworks: pulumi.StringArray{\n\t\t\t\t\tproducerSubnet.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = memorystore.NewInstance(ctx, \"instance-persistence-aof\", \u0026memorystore.InstanceArgs{\n\t\t\tInstanceId: pulumi.String(\"aof-instance\"),\n\t\t\tShardCount: pulumi.Int(3),\n\t\t\tDesiredPscAutoConnections: memorystore.InstanceDesiredPscAutoConnectionArray{\n\t\t\t\t\u0026memorystore.InstanceDesiredPscAutoConnectionArgs{\n\t\t\t\t\tNetwork: producerNet.ID(),\n\t\t\t\t\tProjectId: pulumi.String(project.ProjectId),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPersistenceConfig: \u0026memorystore.InstancePersistenceConfigArgs{\n\t\t\t\tMode: pulumi.String(\"AOF\"),\n\t\t\t\tAofConfig: \u0026memorystore.InstancePersistenceConfigAofConfigArgs{\n\t\t\t\t\tAppendFsync: pulumi.String(\"EVERY_SEC\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeletionProtectionEnabled: pulumi.Bool(false),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicy;\nimport com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicyArgs;\nimport com.pulumi.gcp.networkconnectivity.inputs.ServiceConnectionPolicyPscConfigArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.memorystore.Instance;\nimport com.pulumi.gcp.memorystore.InstanceArgs;\nimport com.pulumi.gcp.memorystore.inputs.InstanceDesiredPscAutoConnectionArgs;\nimport com.pulumi.gcp.memorystore.inputs.InstancePersistenceConfigArgs;\nimport com.pulumi.gcp.memorystore.inputs.InstancePersistenceConfigAofConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var producerNet = new Network(\"producerNet\", NetworkArgs.builder()\n .name(\"my-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var producerSubnet = new Subnetwork(\"producerSubnet\", SubnetworkArgs.builder()\n .name(\"my-subnet\")\n .ipCidrRange(\"10.0.0.248/29\")\n .region(\"us-central1\")\n .network(producerNet.id())\n .build());\n\n var default_ = new ServiceConnectionPolicy(\"default\", ServiceConnectionPolicyArgs.builder()\n .name(\"my-policy\")\n .location(\"us-central1\")\n .serviceClass(\"gcp-memorystore\")\n .description(\"my basic service connection policy\")\n .network(producerNet.id())\n .pscConfig(ServiceConnectionPolicyPscConfigArgs.builder()\n .subnetworks(producerSubnet.id())\n .build())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var instance_persistence_aof = new Instance(\"instance-persistence-aof\", InstanceArgs.builder()\n .instanceId(\"aof-instance\")\n .shardCount(3)\n .desiredPscAutoConnections(InstanceDesiredPscAutoConnectionArgs.builder()\n .network(producerNet.id())\n .projectId(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .build())\n .location(\"us-central1\")\n .persistenceConfig(InstancePersistenceConfigArgs.builder()\n .mode(\"AOF\")\n .aofConfig(InstancePersistenceConfigAofConfigArgs.builder()\n .appendFsync(\"EVERY_SEC\")\n .build())\n .build())\n .deletionProtectionEnabled(false)\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance-persistence-aof:\n type: gcp:memorystore:Instance\n properties:\n instanceId: aof-instance\n shardCount: 3\n desiredPscAutoConnections:\n - network: ${producerNet.id}\n projectId: ${project.projectId}\n location: us-central1\n persistenceConfig:\n mode: AOF\n aofConfig:\n appendFsync: EVERY_SEC\n deletionProtectionEnabled: false\n options:\n dependson:\n - ${default}\n default:\n type: gcp:networkconnectivity:ServiceConnectionPolicy\n properties:\n name: my-policy\n location: us-central1\n serviceClass: gcp-memorystore\n description: my basic service connection policy\n network: ${producerNet.id}\n pscConfig:\n subnetworks:\n - ${producerSubnet.id}\n producerSubnet:\n type: gcp:compute:Subnetwork\n name: producer_subnet\n properties:\n name: my-subnet\n ipCidrRange: 10.0.0.248/29\n region: us-central1\n network: ${producerNet.id}\n producerNet:\n type: gcp:compute:Network\n name: producer_net\n properties:\n name: my-network\n autoCreateSubnetworks: false\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInstance can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/instances/{{instance_id}}`\n\n* `{{project}}/{{location}}/{{instance_id}}`\n\n* `{{location}}/{{instance_id}}`\n\nWhen using the `pulumi import` command, Instance can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:memorystore/instance:Instance default projects/{{project}}/locations/{{location}}/instances/{{instance_id}}\n```\n\n```sh\n$ pulumi import gcp:memorystore/instance:Instance default {{project}}/{{location}}/{{instance_id}}\n```\n\n```sh\n$ pulumi import gcp:memorystore/instance:Instance default {{location}}/{{instance_id}}\n```\n\n", + "description": "A Google Cloud Memorystore instance.\n\n\n\n## Example Usage\n\n### Memorystore Instance Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst producerNet = new gcp.compute.Network(\"producer_net\", {\n name: \"my-network\",\n autoCreateSubnetworks: false,\n});\nconst producerSubnet = new gcp.compute.Subnetwork(\"producer_subnet\", {\n name: \"my-subnet\",\n ipCidrRange: \"10.0.0.248/29\",\n region: \"us-central1\",\n network: producerNet.id,\n});\nconst _default = new gcp.networkconnectivity.ServiceConnectionPolicy(\"default\", {\n name: \"my-policy\",\n location: \"us-central1\",\n serviceClass: \"gcp-memorystore\",\n description: \"my basic service connection policy\",\n network: producerNet.id,\n pscConfig: {\n subnetworks: [producerSubnet.id],\n },\n});\nconst project = gcp.organizations.getProject({});\nconst instance_basic = new gcp.memorystore.Instance(\"instance-basic\", {\n instanceId: \"basic-instance\",\n shardCount: 3,\n desiredPscAutoConnections: [{\n network: producerNet.id,\n projectId: project.then(project =\u003e project.projectId),\n }],\n location: \"us-central1\",\n deletionProtectionEnabled: false,\n}, {\n dependsOn: [_default],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproducer_net = gcp.compute.Network(\"producer_net\",\n name=\"my-network\",\n auto_create_subnetworks=False)\nproducer_subnet = gcp.compute.Subnetwork(\"producer_subnet\",\n name=\"my-subnet\",\n ip_cidr_range=\"10.0.0.248/29\",\n region=\"us-central1\",\n network=producer_net.id)\ndefault = gcp.networkconnectivity.ServiceConnectionPolicy(\"default\",\n name=\"my-policy\",\n location=\"us-central1\",\n service_class=\"gcp-memorystore\",\n description=\"my basic service connection policy\",\n network=producer_net.id,\n psc_config={\n \"subnetworks\": [producer_subnet.id],\n })\nproject = gcp.organizations.get_project()\ninstance_basic = gcp.memorystore.Instance(\"instance-basic\",\n instance_id=\"basic-instance\",\n shard_count=3,\n desired_psc_auto_connections=[{\n \"network\": producer_net.id,\n \"project_id\": project.project_id,\n }],\n location=\"us-central1\",\n deletion_protection_enabled=False,\n opts = pulumi.ResourceOptions(depends_on=[default]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var producerNet = new Gcp.Compute.Network(\"producer_net\", new()\n {\n Name = \"my-network\",\n AutoCreateSubnetworks = false,\n });\n\n var producerSubnet = new Gcp.Compute.Subnetwork(\"producer_subnet\", new()\n {\n Name = \"my-subnet\",\n IpCidrRange = \"10.0.0.248/29\",\n Region = \"us-central1\",\n Network = producerNet.Id,\n });\n\n var @default = new Gcp.NetworkConnectivity.ServiceConnectionPolicy(\"default\", new()\n {\n Name = \"my-policy\",\n Location = \"us-central1\",\n ServiceClass = \"gcp-memorystore\",\n Description = \"my basic service connection policy\",\n Network = producerNet.Id,\n PscConfig = new Gcp.NetworkConnectivity.Inputs.ServiceConnectionPolicyPscConfigArgs\n {\n Subnetworks = new[]\n {\n producerSubnet.Id,\n },\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var instance_basic = new Gcp.MemoryStore.Instance(\"instance-basic\", new()\n {\n InstanceId = \"basic-instance\",\n ShardCount = 3,\n DesiredPscAutoConnections = new[]\n {\n new Gcp.MemoryStore.Inputs.InstanceDesiredPscAutoConnectionArgs\n {\n Network = producerNet.Id,\n ProjectId = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n },\n },\n Location = \"us-central1\",\n DeletionProtectionEnabled = false,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/memorystore\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproducerNet, err := compute.NewNetwork(ctx, \"producer_net\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerSubnet, err := compute.NewSubnetwork(ctx, \"producer_subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"my-subnet\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.248/29\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewServiceConnectionPolicy(ctx, \"default\", \u0026networkconnectivity.ServiceConnectionPolicyArgs{\n\t\t\tName: pulumi.String(\"my-policy\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tServiceClass: pulumi.String(\"gcp-memorystore\"),\n\t\t\tDescription: pulumi.String(\"my basic service connection policy\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t\tPscConfig: \u0026networkconnectivity.ServiceConnectionPolicyPscConfigArgs{\n\t\t\t\tSubnetworks: pulumi.StringArray{\n\t\t\t\t\tproducerSubnet.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = memorystore.NewInstance(ctx, \"instance-basic\", \u0026memorystore.InstanceArgs{\n\t\t\tInstanceId: pulumi.String(\"basic-instance\"),\n\t\t\tShardCount: pulumi.Int(3),\n\t\t\tDesiredPscAutoConnections: memorystore.InstanceDesiredPscAutoConnectionArray{\n\t\t\t\t\u0026memorystore.InstanceDesiredPscAutoConnectionArgs{\n\t\t\t\t\tNetwork: producerNet.ID(),\n\t\t\t\t\tProjectId: pulumi.String(project.ProjectId),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDeletionProtectionEnabled: pulumi.Bool(false),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicy;\nimport com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicyArgs;\nimport com.pulumi.gcp.networkconnectivity.inputs.ServiceConnectionPolicyPscConfigArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.memorystore.Instance;\nimport com.pulumi.gcp.memorystore.InstanceArgs;\nimport com.pulumi.gcp.memorystore.inputs.InstanceDesiredPscAutoConnectionArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var producerNet = new Network(\"producerNet\", NetworkArgs.builder()\n .name(\"my-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var producerSubnet = new Subnetwork(\"producerSubnet\", SubnetworkArgs.builder()\n .name(\"my-subnet\")\n .ipCidrRange(\"10.0.0.248/29\")\n .region(\"us-central1\")\n .network(producerNet.id())\n .build());\n\n var default_ = new ServiceConnectionPolicy(\"default\", ServiceConnectionPolicyArgs.builder()\n .name(\"my-policy\")\n .location(\"us-central1\")\n .serviceClass(\"gcp-memorystore\")\n .description(\"my basic service connection policy\")\n .network(producerNet.id())\n .pscConfig(ServiceConnectionPolicyPscConfigArgs.builder()\n .subnetworks(producerSubnet.id())\n .build())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var instance_basic = new Instance(\"instance-basic\", InstanceArgs.builder()\n .instanceId(\"basic-instance\")\n .shardCount(3)\n .desiredPscAutoConnections(InstanceDesiredPscAutoConnectionArgs.builder()\n .network(producerNet.id())\n .projectId(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .build())\n .location(\"us-central1\")\n .deletionProtectionEnabled(false)\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance-basic:\n type: gcp:memorystore:Instance\n properties:\n instanceId: basic-instance\n shardCount: 3\n desiredPscAutoConnections:\n - network: ${producerNet.id}\n projectId: ${project.projectId}\n location: us-central1\n deletionProtectionEnabled: false\n options:\n dependsOn:\n - ${default}\n default:\n type: gcp:networkconnectivity:ServiceConnectionPolicy\n properties:\n name: my-policy\n location: us-central1\n serviceClass: gcp-memorystore\n description: my basic service connection policy\n network: ${producerNet.id}\n pscConfig:\n subnetworks:\n - ${producerSubnet.id}\n producerSubnet:\n type: gcp:compute:Subnetwork\n name: producer_subnet\n properties:\n name: my-subnet\n ipCidrRange: 10.0.0.248/29\n region: us-central1\n network: ${producerNet.id}\n producerNet:\n type: gcp:compute:Network\n name: producer_net\n properties:\n name: my-network\n autoCreateSubnetworks: false\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Memorystore Instance Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst producerNet = new gcp.compute.Network(\"producer_net\", {\n name: \"my-network\",\n autoCreateSubnetworks: false,\n});\nconst producerSubnet = new gcp.compute.Subnetwork(\"producer_subnet\", {\n name: \"my-subnet\",\n ipCidrRange: \"10.0.0.248/29\",\n region: \"us-central1\",\n network: producerNet.id,\n});\nconst _default = new gcp.networkconnectivity.ServiceConnectionPolicy(\"default\", {\n name: \"my-policy\",\n location: \"us-central1\",\n serviceClass: \"gcp-memorystore\",\n description: \"my basic service connection policy\",\n network: producerNet.id,\n pscConfig: {\n subnetworks: [producerSubnet.id],\n },\n});\nconst project = gcp.organizations.getProject({});\nconst instance_full = new gcp.memorystore.Instance(\"instance-full\", {\n instanceId: \"full-instance\",\n shardCount: 3,\n desiredPscAutoConnections: [{\n network: producerNet.id,\n projectId: project.then(project =\u003e project.projectId),\n }],\n location: \"us-central1\",\n replicaCount: 2,\n nodeType: \"SHARED_CORE_NANO\",\n transitEncryptionMode: \"TRANSIT_ENCRYPTION_DISABLED\",\n authorizationMode: \"AUTH_DISABLED\",\n engineConfigs: {\n \"maxmemory-policy\": \"volatile-ttl\",\n },\n zoneDistributionConfig: {\n mode: \"SINGLE_ZONE\",\n zone: \"us-central1-b\",\n },\n engineVersion: \"VALKEY_7_2\",\n deletionProtectionEnabled: false,\n mode: \"CLUSTER\",\n persistenceConfig: {\n mode: \"RDB\",\n rdbConfig: {\n rdbSnapshotPeriod: \"ONE_HOUR\",\n rdbSnapshotStartTime: \"2024-10-02T15:01:23Z\",\n },\n },\n labels: {\n abc: \"xyz\",\n },\n}, {\n dependsOn: [_default],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproducer_net = gcp.compute.Network(\"producer_net\",\n name=\"my-network\",\n auto_create_subnetworks=False)\nproducer_subnet = gcp.compute.Subnetwork(\"producer_subnet\",\n name=\"my-subnet\",\n ip_cidr_range=\"10.0.0.248/29\",\n region=\"us-central1\",\n network=producer_net.id)\ndefault = gcp.networkconnectivity.ServiceConnectionPolicy(\"default\",\n name=\"my-policy\",\n location=\"us-central1\",\n service_class=\"gcp-memorystore\",\n description=\"my basic service connection policy\",\n network=producer_net.id,\n psc_config={\n \"subnetworks\": [producer_subnet.id],\n })\nproject = gcp.organizations.get_project()\ninstance_full = gcp.memorystore.Instance(\"instance-full\",\n instance_id=\"full-instance\",\n shard_count=3,\n desired_psc_auto_connections=[{\n \"network\": producer_net.id,\n \"project_id\": project.project_id,\n }],\n location=\"us-central1\",\n replica_count=2,\n node_type=\"SHARED_CORE_NANO\",\n transit_encryption_mode=\"TRANSIT_ENCRYPTION_DISABLED\",\n authorization_mode=\"AUTH_DISABLED\",\n engine_configs={\n \"maxmemory-policy\": \"volatile-ttl\",\n },\n zone_distribution_config={\n \"mode\": \"SINGLE_ZONE\",\n \"zone\": \"us-central1-b\",\n },\n engine_version=\"VALKEY_7_2\",\n deletion_protection_enabled=False,\n mode=\"CLUSTER\",\n persistence_config={\n \"mode\": \"RDB\",\n \"rdb_config\": {\n \"rdb_snapshot_period\": \"ONE_HOUR\",\n \"rdb_snapshot_start_time\": \"2024-10-02T15:01:23Z\",\n },\n },\n labels={\n \"abc\": \"xyz\",\n },\n opts = pulumi.ResourceOptions(depends_on=[default]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var producerNet = new Gcp.Compute.Network(\"producer_net\", new()\n {\n Name = \"my-network\",\n AutoCreateSubnetworks = false,\n });\n\n var producerSubnet = new Gcp.Compute.Subnetwork(\"producer_subnet\", new()\n {\n Name = \"my-subnet\",\n IpCidrRange = \"10.0.0.248/29\",\n Region = \"us-central1\",\n Network = producerNet.Id,\n });\n\n var @default = new Gcp.NetworkConnectivity.ServiceConnectionPolicy(\"default\", new()\n {\n Name = \"my-policy\",\n Location = \"us-central1\",\n ServiceClass = \"gcp-memorystore\",\n Description = \"my basic service connection policy\",\n Network = producerNet.Id,\n PscConfig = new Gcp.NetworkConnectivity.Inputs.ServiceConnectionPolicyPscConfigArgs\n {\n Subnetworks = new[]\n {\n producerSubnet.Id,\n },\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var instance_full = new Gcp.MemoryStore.Instance(\"instance-full\", new()\n {\n InstanceId = \"full-instance\",\n ShardCount = 3,\n DesiredPscAutoConnections = new[]\n {\n new Gcp.MemoryStore.Inputs.InstanceDesiredPscAutoConnectionArgs\n {\n Network = producerNet.Id,\n ProjectId = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n },\n },\n Location = \"us-central1\",\n ReplicaCount = 2,\n NodeType = \"SHARED_CORE_NANO\",\n TransitEncryptionMode = \"TRANSIT_ENCRYPTION_DISABLED\",\n AuthorizationMode = \"AUTH_DISABLED\",\n EngineConfigs = \n {\n { \"maxmemory-policy\", \"volatile-ttl\" },\n },\n ZoneDistributionConfig = new Gcp.MemoryStore.Inputs.InstanceZoneDistributionConfigArgs\n {\n Mode = \"SINGLE_ZONE\",\n Zone = \"us-central1-b\",\n },\n EngineVersion = \"VALKEY_7_2\",\n DeletionProtectionEnabled = false,\n Mode = \"CLUSTER\",\n PersistenceConfig = new Gcp.MemoryStore.Inputs.InstancePersistenceConfigArgs\n {\n Mode = \"RDB\",\n RdbConfig = new Gcp.MemoryStore.Inputs.InstancePersistenceConfigRdbConfigArgs\n {\n RdbSnapshotPeriod = \"ONE_HOUR\",\n RdbSnapshotStartTime = \"2024-10-02T15:01:23Z\",\n },\n },\n Labels = \n {\n { \"abc\", \"xyz\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/memorystore\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproducerNet, err := compute.NewNetwork(ctx, \"producer_net\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerSubnet, err := compute.NewSubnetwork(ctx, \"producer_subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"my-subnet\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.248/29\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewServiceConnectionPolicy(ctx, \"default\", \u0026networkconnectivity.ServiceConnectionPolicyArgs{\n\t\t\tName: pulumi.String(\"my-policy\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tServiceClass: pulumi.String(\"gcp-memorystore\"),\n\t\t\tDescription: pulumi.String(\"my basic service connection policy\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t\tPscConfig: \u0026networkconnectivity.ServiceConnectionPolicyPscConfigArgs{\n\t\t\t\tSubnetworks: pulumi.StringArray{\n\t\t\t\t\tproducerSubnet.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = memorystore.NewInstance(ctx, \"instance-full\", \u0026memorystore.InstanceArgs{\n\t\t\tInstanceId: pulumi.String(\"full-instance\"),\n\t\t\tShardCount: pulumi.Int(3),\n\t\t\tDesiredPscAutoConnections: memorystore.InstanceDesiredPscAutoConnectionArray{\n\t\t\t\t\u0026memorystore.InstanceDesiredPscAutoConnectionArgs{\n\t\t\t\t\tNetwork: producerNet.ID(),\n\t\t\t\t\tProjectId: pulumi.String(project.ProjectId),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tReplicaCount: pulumi.Int(2),\n\t\t\tNodeType: pulumi.String(\"SHARED_CORE_NANO\"),\n\t\t\tTransitEncryptionMode: pulumi.String(\"TRANSIT_ENCRYPTION_DISABLED\"),\n\t\t\tAuthorizationMode: pulumi.String(\"AUTH_DISABLED\"),\n\t\t\tEngineConfigs: pulumi.StringMap{\n\t\t\t\t\"maxmemory-policy\": pulumi.String(\"volatile-ttl\"),\n\t\t\t},\n\t\t\tZoneDistributionConfig: \u0026memorystore.InstanceZoneDistributionConfigArgs{\n\t\t\t\tMode: pulumi.String(\"SINGLE_ZONE\"),\n\t\t\t\tZone: pulumi.String(\"us-central1-b\"),\n\t\t\t},\n\t\t\tEngineVersion: pulumi.String(\"VALKEY_7_2\"),\n\t\t\tDeletionProtectionEnabled: pulumi.Bool(false),\n\t\t\tMode: pulumi.String(\"CLUSTER\"),\n\t\t\tPersistenceConfig: \u0026memorystore.InstancePersistenceConfigArgs{\n\t\t\t\tMode: pulumi.String(\"RDB\"),\n\t\t\t\tRdbConfig: \u0026memorystore.InstancePersistenceConfigRdbConfigArgs{\n\t\t\t\t\tRdbSnapshotPeriod: pulumi.String(\"ONE_HOUR\"),\n\t\t\t\t\tRdbSnapshotStartTime: pulumi.String(\"2024-10-02T15:01:23Z\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"abc\": pulumi.String(\"xyz\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicy;\nimport com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicyArgs;\nimport com.pulumi.gcp.networkconnectivity.inputs.ServiceConnectionPolicyPscConfigArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.memorystore.Instance;\nimport com.pulumi.gcp.memorystore.InstanceArgs;\nimport com.pulumi.gcp.memorystore.inputs.InstanceDesiredPscAutoConnectionArgs;\nimport com.pulumi.gcp.memorystore.inputs.InstanceZoneDistributionConfigArgs;\nimport com.pulumi.gcp.memorystore.inputs.InstancePersistenceConfigArgs;\nimport com.pulumi.gcp.memorystore.inputs.InstancePersistenceConfigRdbConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var producerNet = new Network(\"producerNet\", NetworkArgs.builder()\n .name(\"my-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var producerSubnet = new Subnetwork(\"producerSubnet\", SubnetworkArgs.builder()\n .name(\"my-subnet\")\n .ipCidrRange(\"10.0.0.248/29\")\n .region(\"us-central1\")\n .network(producerNet.id())\n .build());\n\n var default_ = new ServiceConnectionPolicy(\"default\", ServiceConnectionPolicyArgs.builder()\n .name(\"my-policy\")\n .location(\"us-central1\")\n .serviceClass(\"gcp-memorystore\")\n .description(\"my basic service connection policy\")\n .network(producerNet.id())\n .pscConfig(ServiceConnectionPolicyPscConfigArgs.builder()\n .subnetworks(producerSubnet.id())\n .build())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var instance_full = new Instance(\"instance-full\", InstanceArgs.builder()\n .instanceId(\"full-instance\")\n .shardCount(3)\n .desiredPscAutoConnections(InstanceDesiredPscAutoConnectionArgs.builder()\n .network(producerNet.id())\n .projectId(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .build())\n .location(\"us-central1\")\n .replicaCount(2)\n .nodeType(\"SHARED_CORE_NANO\")\n .transitEncryptionMode(\"TRANSIT_ENCRYPTION_DISABLED\")\n .authorizationMode(\"AUTH_DISABLED\")\n .engineConfigs(Map.of(\"maxmemory-policy\", \"volatile-ttl\"))\n .zoneDistributionConfig(InstanceZoneDistributionConfigArgs.builder()\n .mode(\"SINGLE_ZONE\")\n .zone(\"us-central1-b\")\n .build())\n .engineVersion(\"VALKEY_7_2\")\n .deletionProtectionEnabled(false)\n .mode(\"CLUSTER\")\n .persistenceConfig(InstancePersistenceConfigArgs.builder()\n .mode(\"RDB\")\n .rdbConfig(InstancePersistenceConfigRdbConfigArgs.builder()\n .rdbSnapshotPeriod(\"ONE_HOUR\")\n .rdbSnapshotStartTime(\"2024-10-02T15:01:23Z\")\n .build())\n .build())\n .labels(Map.of(\"abc\", \"xyz\"))\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance-full:\n type: gcp:memorystore:Instance\n properties:\n instanceId: full-instance\n shardCount: 3\n desiredPscAutoConnections:\n - network: ${producerNet.id}\n projectId: ${project.projectId}\n location: us-central1\n replicaCount: 2\n nodeType: SHARED_CORE_NANO\n transitEncryptionMode: TRANSIT_ENCRYPTION_DISABLED\n authorizationMode: AUTH_DISABLED\n engineConfigs:\n maxmemory-policy: volatile-ttl\n zoneDistributionConfig:\n mode: SINGLE_ZONE\n zone: us-central1-b\n engineVersion: VALKEY_7_2\n deletionProtectionEnabled: false\n mode: CLUSTER\n persistenceConfig:\n mode: RDB\n rdbConfig:\n rdbSnapshotPeriod: ONE_HOUR\n rdbSnapshotStartTime: 2024-10-02T15:01:23Z\n labels:\n abc: xyz\n options:\n dependsOn:\n - ${default}\n default:\n type: gcp:networkconnectivity:ServiceConnectionPolicy\n properties:\n name: my-policy\n location: us-central1\n serviceClass: gcp-memorystore\n description: my basic service connection policy\n network: ${producerNet.id}\n pscConfig:\n subnetworks:\n - ${producerSubnet.id}\n producerSubnet:\n type: gcp:compute:Subnetwork\n name: producer_subnet\n properties:\n name: my-subnet\n ipCidrRange: 10.0.0.248/29\n region: us-central1\n network: ${producerNet.id}\n producerNet:\n type: gcp:compute:Network\n name: producer_net\n properties:\n name: my-network\n autoCreateSubnetworks: false\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Memorystore Instance Persistence Aof\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst producerNet = new gcp.compute.Network(\"producer_net\", {\n name: \"my-network\",\n autoCreateSubnetworks: false,\n});\nconst producerSubnet = new gcp.compute.Subnetwork(\"producer_subnet\", {\n name: \"my-subnet\",\n ipCidrRange: \"10.0.0.248/29\",\n region: \"us-central1\",\n network: producerNet.id,\n});\nconst _default = new gcp.networkconnectivity.ServiceConnectionPolicy(\"default\", {\n name: \"my-policy\",\n location: \"us-central1\",\n serviceClass: \"gcp-memorystore\",\n description: \"my basic service connection policy\",\n network: producerNet.id,\n pscConfig: {\n subnetworks: [producerSubnet.id],\n },\n});\nconst project = gcp.organizations.getProject({});\nconst instance_persistence_aof = new gcp.memorystore.Instance(\"instance-persistence-aof\", {\n instanceId: \"aof-instance\",\n shardCount: 3,\n desiredPscAutoConnections: [{\n network: producerNet.id,\n projectId: project.then(project =\u003e project.projectId),\n }],\n location: \"us-central1\",\n persistenceConfig: {\n mode: \"AOF\",\n aofConfig: {\n appendFsync: \"EVERY_SEC\",\n },\n },\n deletionProtectionEnabled: false,\n}, {\n dependsOn: [_default],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproducer_net = gcp.compute.Network(\"producer_net\",\n name=\"my-network\",\n auto_create_subnetworks=False)\nproducer_subnet = gcp.compute.Subnetwork(\"producer_subnet\",\n name=\"my-subnet\",\n ip_cidr_range=\"10.0.0.248/29\",\n region=\"us-central1\",\n network=producer_net.id)\ndefault = gcp.networkconnectivity.ServiceConnectionPolicy(\"default\",\n name=\"my-policy\",\n location=\"us-central1\",\n service_class=\"gcp-memorystore\",\n description=\"my basic service connection policy\",\n network=producer_net.id,\n psc_config={\n \"subnetworks\": [producer_subnet.id],\n })\nproject = gcp.organizations.get_project()\ninstance_persistence_aof = gcp.memorystore.Instance(\"instance-persistence-aof\",\n instance_id=\"aof-instance\",\n shard_count=3,\n desired_psc_auto_connections=[{\n \"network\": producer_net.id,\n \"project_id\": project.project_id,\n }],\n location=\"us-central1\",\n persistence_config={\n \"mode\": \"AOF\",\n \"aof_config\": {\n \"append_fsync\": \"EVERY_SEC\",\n },\n },\n deletion_protection_enabled=False,\n opts = pulumi.ResourceOptions(depends_on=[default]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var producerNet = new Gcp.Compute.Network(\"producer_net\", new()\n {\n Name = \"my-network\",\n AutoCreateSubnetworks = false,\n });\n\n var producerSubnet = new Gcp.Compute.Subnetwork(\"producer_subnet\", new()\n {\n Name = \"my-subnet\",\n IpCidrRange = \"10.0.0.248/29\",\n Region = \"us-central1\",\n Network = producerNet.Id,\n });\n\n var @default = new Gcp.NetworkConnectivity.ServiceConnectionPolicy(\"default\", new()\n {\n Name = \"my-policy\",\n Location = \"us-central1\",\n ServiceClass = \"gcp-memorystore\",\n Description = \"my basic service connection policy\",\n Network = producerNet.Id,\n PscConfig = new Gcp.NetworkConnectivity.Inputs.ServiceConnectionPolicyPscConfigArgs\n {\n Subnetworks = new[]\n {\n producerSubnet.Id,\n },\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var instance_persistence_aof = new Gcp.MemoryStore.Instance(\"instance-persistence-aof\", new()\n {\n InstanceId = \"aof-instance\",\n ShardCount = 3,\n DesiredPscAutoConnections = new[]\n {\n new Gcp.MemoryStore.Inputs.InstanceDesiredPscAutoConnectionArgs\n {\n Network = producerNet.Id,\n ProjectId = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n },\n },\n Location = \"us-central1\",\n PersistenceConfig = new Gcp.MemoryStore.Inputs.InstancePersistenceConfigArgs\n {\n Mode = \"AOF\",\n AofConfig = new Gcp.MemoryStore.Inputs.InstancePersistenceConfigAofConfigArgs\n {\n AppendFsync = \"EVERY_SEC\",\n },\n },\n DeletionProtectionEnabled = false,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/memorystore\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproducerNet, err := compute.NewNetwork(ctx, \"producer_net\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerSubnet, err := compute.NewSubnetwork(ctx, \"producer_subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"my-subnet\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.248/29\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewServiceConnectionPolicy(ctx, \"default\", \u0026networkconnectivity.ServiceConnectionPolicyArgs{\n\t\t\tName: pulumi.String(\"my-policy\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tServiceClass: pulumi.String(\"gcp-memorystore\"),\n\t\t\tDescription: pulumi.String(\"my basic service connection policy\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t\tPscConfig: \u0026networkconnectivity.ServiceConnectionPolicyPscConfigArgs{\n\t\t\t\tSubnetworks: pulumi.StringArray{\n\t\t\t\t\tproducerSubnet.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = memorystore.NewInstance(ctx, \"instance-persistence-aof\", \u0026memorystore.InstanceArgs{\n\t\t\tInstanceId: pulumi.String(\"aof-instance\"),\n\t\t\tShardCount: pulumi.Int(3),\n\t\t\tDesiredPscAutoConnections: memorystore.InstanceDesiredPscAutoConnectionArray{\n\t\t\t\t\u0026memorystore.InstanceDesiredPscAutoConnectionArgs{\n\t\t\t\t\tNetwork: producerNet.ID(),\n\t\t\t\t\tProjectId: pulumi.String(project.ProjectId),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPersistenceConfig: \u0026memorystore.InstancePersistenceConfigArgs{\n\t\t\t\tMode: pulumi.String(\"AOF\"),\n\t\t\t\tAofConfig: \u0026memorystore.InstancePersistenceConfigAofConfigArgs{\n\t\t\t\t\tAppendFsync: pulumi.String(\"EVERY_SEC\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeletionProtectionEnabled: pulumi.Bool(false),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicy;\nimport com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicyArgs;\nimport com.pulumi.gcp.networkconnectivity.inputs.ServiceConnectionPolicyPscConfigArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.memorystore.Instance;\nimport com.pulumi.gcp.memorystore.InstanceArgs;\nimport com.pulumi.gcp.memorystore.inputs.InstanceDesiredPscAutoConnectionArgs;\nimport com.pulumi.gcp.memorystore.inputs.InstancePersistenceConfigArgs;\nimport com.pulumi.gcp.memorystore.inputs.InstancePersistenceConfigAofConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var producerNet = new Network(\"producerNet\", NetworkArgs.builder()\n .name(\"my-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var producerSubnet = new Subnetwork(\"producerSubnet\", SubnetworkArgs.builder()\n .name(\"my-subnet\")\n .ipCidrRange(\"10.0.0.248/29\")\n .region(\"us-central1\")\n .network(producerNet.id())\n .build());\n\n var default_ = new ServiceConnectionPolicy(\"default\", ServiceConnectionPolicyArgs.builder()\n .name(\"my-policy\")\n .location(\"us-central1\")\n .serviceClass(\"gcp-memorystore\")\n .description(\"my basic service connection policy\")\n .network(producerNet.id())\n .pscConfig(ServiceConnectionPolicyPscConfigArgs.builder()\n .subnetworks(producerSubnet.id())\n .build())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var instance_persistence_aof = new Instance(\"instance-persistence-aof\", InstanceArgs.builder()\n .instanceId(\"aof-instance\")\n .shardCount(3)\n .desiredPscAutoConnections(InstanceDesiredPscAutoConnectionArgs.builder()\n .network(producerNet.id())\n .projectId(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .build())\n .location(\"us-central1\")\n .persistenceConfig(InstancePersistenceConfigArgs.builder()\n .mode(\"AOF\")\n .aofConfig(InstancePersistenceConfigAofConfigArgs.builder()\n .appendFsync(\"EVERY_SEC\")\n .build())\n .build())\n .deletionProtectionEnabled(false)\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance-persistence-aof:\n type: gcp:memorystore:Instance\n properties:\n instanceId: aof-instance\n shardCount: 3\n desiredPscAutoConnections:\n - network: ${producerNet.id}\n projectId: ${project.projectId}\n location: us-central1\n persistenceConfig:\n mode: AOF\n aofConfig:\n appendFsync: EVERY_SEC\n deletionProtectionEnabled: false\n options:\n dependsOn:\n - ${default}\n default:\n type: gcp:networkconnectivity:ServiceConnectionPolicy\n properties:\n name: my-policy\n location: us-central1\n serviceClass: gcp-memorystore\n description: my basic service connection policy\n network: ${producerNet.id}\n pscConfig:\n subnetworks:\n - ${producerSubnet.id}\n producerSubnet:\n type: gcp:compute:Subnetwork\n name: producer_subnet\n properties:\n name: my-subnet\n ipCidrRange: 10.0.0.248/29\n region: us-central1\n network: ${producerNet.id}\n producerNet:\n type: gcp:compute:Network\n name: producer_net\n properties:\n name: my-network\n autoCreateSubnetworks: false\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInstance can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/instances/{{instance_id}}`\n\n* `{{project}}/{{location}}/{{instance_id}}`\n\n* `{{location}}/{{instance_id}}`\n\nWhen using the `pulumi import` command, Instance can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:memorystore/instance:Instance default projects/{{project}}/locations/{{location}}/instances/{{instance_id}}\n```\n\n```sh\n$ pulumi import gcp:memorystore/instance:Instance default {{project}}/{{location}}/{{instance_id}}\n```\n\n```sh\n$ pulumi import gcp:memorystore/instance:Instance default {{location}}/{{instance_id}}\n```\n\n", "properties": { "authorizationMode": { "type": "string", @@ -236835,7 +236835,7 @@ } }, "gcp:monitoring/slo:Slo": { - "description": "A Service-Level Objective (SLO) describes the level of desired good\nservice. It consists of a service-level indicator (SLI), a performance\ngoal, and a period over which the objective is to be evaluated against\nthat goal. The SLO can use SLIs defined in a number of different manners.\nTypical SLOs might include \"99% of requests in each rolling week have\nlatency below 200 milliseconds\" or \"99.5% of requests in each calendar\nmonth return successfully.\"\n\n\nTo get more information about Slo, see:\n\n* [API documentation](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/services.serviceLevelObjectives)\n* How-to Guides\n * [Monitoring API Documentation](https://cloud.google.com/monitoring/api/v3/)\n * [Service Monitoring](https://cloud.google.com/monitoring/service-monitoring)\n\n## Example Usage\n\n### Monitoring Slo Appengine\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.monitoring.getAppEngineService({\n moduleId: \"default\",\n});\nconst appengSlo = new gcp.monitoring.Slo(\"appeng_slo\", {\n service: _default.then(_default =\u003e _default.serviceId),\n sloId: \"ae-slo\",\n displayName: \"Test SLO for App Engine\",\n goal: 0.9,\n calendarPeriod: \"DAY\",\n basicSli: {\n latency: {\n threshold: \"1s\",\n },\n },\n userLabels: {\n my_key: \"my_value\",\n my_other_key: \"my_other_value\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.monitoring.get_app_engine_service(module_id=\"default\")\nappeng_slo = gcp.monitoring.Slo(\"appeng_slo\",\n service=default.service_id,\n slo_id=\"ae-slo\",\n display_name=\"Test SLO for App Engine\",\n goal=0.9,\n calendar_period=\"DAY\",\n basic_sli={\n \"latency\": {\n \"threshold\": \"1s\",\n },\n },\n user_labels={\n \"my_key\": \"my_value\",\n \"my_other_key\": \"my_other_value\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Monitoring.GetAppEngineService.Invoke(new()\n {\n ModuleId = \"default\",\n });\n\n var appengSlo = new Gcp.Monitoring.Slo(\"appeng_slo\", new()\n {\n Service = @default.Apply(@default =\u003e @default.Apply(getAppEngineServiceResult =\u003e getAppEngineServiceResult.ServiceId)),\n SloId = \"ae-slo\",\n DisplayName = \"Test SLO for App Engine\",\n Goal = 0.9,\n CalendarPeriod = \"DAY\",\n BasicSli = new Gcp.Monitoring.Inputs.SloBasicSliArgs\n {\n Latency = new Gcp.Monitoring.Inputs.SloBasicSliLatencyArgs\n {\n Threshold = \"1s\",\n },\n },\n UserLabels = \n {\n { \"my_key\", \"my_value\" },\n { \"my_other_key\", \"my_other_value\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/monitoring\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := monitoring.GetAppEngineService(ctx, \u0026monitoring.GetAppEngineServiceArgs{\n\t\t\tModuleId: \"default\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = monitoring.NewSlo(ctx, \"appeng_slo\", \u0026monitoring.SloArgs{\n\t\t\tService: pulumi.String(_default.ServiceId),\n\t\t\tSloId: pulumi.String(\"ae-slo\"),\n\t\t\tDisplayName: pulumi.String(\"Test SLO for App Engine\"),\n\t\t\tGoal: pulumi.Float64(0.9),\n\t\t\tCalendarPeriod: pulumi.String(\"DAY\"),\n\t\t\tBasicSli: \u0026monitoring.SloBasicSliArgs{\n\t\t\t\tLatency: \u0026monitoring.SloBasicSliLatencyArgs{\n\t\t\t\t\tThreshold: pulumi.String(\"1s\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tUserLabels: pulumi.StringMap{\n\t\t\t\t\"my_key\": pulumi.String(\"my_value\"),\n\t\t\t\t\"my_other_key\": pulumi.String(\"my_other_value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.monitoring.MonitoringFunctions;\nimport com.pulumi.gcp.monitoring.inputs.GetAppEngineServiceArgs;\nimport com.pulumi.gcp.monitoring.Slo;\nimport com.pulumi.gcp.monitoring.SloArgs;\nimport com.pulumi.gcp.monitoring.inputs.SloBasicSliArgs;\nimport com.pulumi.gcp.monitoring.inputs.SloBasicSliLatencyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = MonitoringFunctions.getAppEngineService(GetAppEngineServiceArgs.builder()\n .moduleId(\"default\")\n .build());\n\n var appengSlo = new Slo(\"appengSlo\", SloArgs.builder()\n .service(default_.serviceId())\n .sloId(\"ae-slo\")\n .displayName(\"Test SLO for App Engine\")\n .goal(0.9)\n .calendarPeriod(\"DAY\")\n .basicSli(SloBasicSliArgs.builder()\n .latency(SloBasicSliLatencyArgs.builder()\n .threshold(\"1s\")\n .build())\n .build())\n .userLabels(Map.ofEntries(\n Map.entry(\"my_key\", \"my_value\"),\n Map.entry(\"my_other_key\", \"my_other_value\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n appengSlo:\n type: gcp:monitoring:Slo\n name: appeng_slo\n properties:\n service: ${default.serviceId}\n sloId: ae-slo\n displayName: Test SLO for App Engine\n goal: 0.9\n calendarPeriod: DAY\n basicSli:\n latency:\n threshold: 1s\n userLabels:\n my_key: my_value\n my_other_key: my_other_value\nvariables:\n default:\n fn::invoke:\n Function: gcp:monitoring:getAppEngineService\n Arguments:\n moduleId: default\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Monitoring Slo Request Based\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst customsrv = new gcp.monitoring.CustomService(\"customsrv\", {\n serviceId: \"custom-srv-request-slos\",\n displayName: \"My Custom Service\",\n});\nconst requestBasedSlo = new gcp.monitoring.Slo(\"request_based_slo\", {\n service: customsrv.serviceId,\n sloId: \"consumed-api-slo\",\n displayName: \"Test SLO with request based SLI (good total ratio)\",\n goal: 0.9,\n rollingPeriodDays: 30,\n requestBasedSli: {\n distributionCut: {\n distributionFilter: \"metric.type=\\\"serviceruntime.googleapis.com/api/request_latencies\\\" resource.type=\\\"api\\\" \",\n range: {\n max: 0.5,\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncustomsrv = gcp.monitoring.CustomService(\"customsrv\",\n service_id=\"custom-srv-request-slos\",\n display_name=\"My Custom Service\")\nrequest_based_slo = gcp.monitoring.Slo(\"request_based_slo\",\n service=customsrv.service_id,\n slo_id=\"consumed-api-slo\",\n display_name=\"Test SLO with request based SLI (good total ratio)\",\n goal=0.9,\n rolling_period_days=30,\n request_based_sli={\n \"distribution_cut\": {\n \"distribution_filter\": \"metric.type=\\\"serviceruntime.googleapis.com/api/request_latencies\\\" resource.type=\\\"api\\\" \",\n \"range\": {\n \"max\": 0.5,\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var customsrv = new Gcp.Monitoring.CustomService(\"customsrv\", new()\n {\n ServiceId = \"custom-srv-request-slos\",\n DisplayName = \"My Custom Service\",\n });\n\n var requestBasedSlo = new Gcp.Monitoring.Slo(\"request_based_slo\", new()\n {\n Service = customsrv.ServiceId,\n SloId = \"consumed-api-slo\",\n DisplayName = \"Test SLO with request based SLI (good total ratio)\",\n Goal = 0.9,\n RollingPeriodDays = 30,\n RequestBasedSli = new Gcp.Monitoring.Inputs.SloRequestBasedSliArgs\n {\n DistributionCut = new Gcp.Monitoring.Inputs.SloRequestBasedSliDistributionCutArgs\n {\n DistributionFilter = \"metric.type=\\\"serviceruntime.googleapis.com/api/request_latencies\\\" resource.type=\\\"api\\\" \",\n Range = new Gcp.Monitoring.Inputs.SloRequestBasedSliDistributionCutRangeArgs\n {\n Max = 0.5,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/monitoring\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcustomsrv, err := monitoring.NewCustomService(ctx, \"customsrv\", \u0026monitoring.CustomServiceArgs{\n\t\t\tServiceId: pulumi.String(\"custom-srv-request-slos\"),\n\t\t\tDisplayName: pulumi.String(\"My Custom Service\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = monitoring.NewSlo(ctx, \"request_based_slo\", \u0026monitoring.SloArgs{\n\t\t\tService: customsrv.ServiceId,\n\t\t\tSloId: pulumi.String(\"consumed-api-slo\"),\n\t\t\tDisplayName: pulumi.String(\"Test SLO with request based SLI (good total ratio)\"),\n\t\t\tGoal: pulumi.Float64(0.9),\n\t\t\tRollingPeriodDays: pulumi.Int(30),\n\t\t\tRequestBasedSli: \u0026monitoring.SloRequestBasedSliArgs{\n\t\t\t\tDistributionCut: \u0026monitoring.SloRequestBasedSliDistributionCutArgs{\n\t\t\t\t\tDistributionFilter: pulumi.String(\"metric.type=\\\"serviceruntime.googleapis.com/api/request_latencies\\\" resource.type=\\\"api\\\" \"),\n\t\t\t\t\tRange: \u0026monitoring.SloRequestBasedSliDistributionCutRangeArgs{\n\t\t\t\t\t\tMax: pulumi.Float64(0.5),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.monitoring.CustomService;\nimport com.pulumi.gcp.monitoring.CustomServiceArgs;\nimport com.pulumi.gcp.monitoring.Slo;\nimport com.pulumi.gcp.monitoring.SloArgs;\nimport com.pulumi.gcp.monitoring.inputs.SloRequestBasedSliArgs;\nimport com.pulumi.gcp.monitoring.inputs.SloRequestBasedSliDistributionCutArgs;\nimport com.pulumi.gcp.monitoring.inputs.SloRequestBasedSliDistributionCutRangeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var customsrv = new CustomService(\"customsrv\", CustomServiceArgs.builder()\n .serviceId(\"custom-srv-request-slos\")\n .displayName(\"My Custom Service\")\n .build());\n\n var requestBasedSlo = new Slo(\"requestBasedSlo\", SloArgs.builder()\n .service(customsrv.serviceId())\n .sloId(\"consumed-api-slo\")\n .displayName(\"Test SLO with request based SLI (good total ratio)\")\n .goal(0.9)\n .rollingPeriodDays(30)\n .requestBasedSli(SloRequestBasedSliArgs.builder()\n .distributionCut(SloRequestBasedSliDistributionCutArgs.builder()\n .distributionFilter(\"metric.type=\\\"serviceruntime.googleapis.com/api/request_latencies\\\" resource.type=\\\"api\\\" \")\n .range(SloRequestBasedSliDistributionCutRangeArgs.builder()\n .max(0.5)\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n customsrv:\n type: gcp:monitoring:CustomService\n properties:\n serviceId: custom-srv-request-slos\n displayName: My Custom Service\n requestBasedSlo:\n type: gcp:monitoring:Slo\n name: request_based_slo\n properties:\n service: ${customsrv.serviceId}\n sloId: consumed-api-slo\n displayName: Test SLO with request based SLI (good total ratio)\n goal: 0.9\n rollingPeriodDays: 30\n requestBasedSli:\n distributionCut:\n distributionFilter: 'metric.type=\"serviceruntime.googleapis.com/api/request_latencies\" resource.type=\"api\" '\n range:\n max: 0.5\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Monitoring Slo Windows Based Good Bad Metric Filter\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst customsrv = new gcp.monitoring.CustomService(\"customsrv\", {\n serviceId: \"custom-srv-windows-slos\",\n displayName: \"My Custom Service\",\n});\nconst windowsBased = new gcp.monitoring.Slo(\"windows_based\", {\n service: customsrv.serviceId,\n displayName: \"Test SLO with window based SLI\",\n goal: 0.95,\n calendarPeriod: \"FORTNIGHT\",\n windowsBasedSli: {\n windowPeriod: \"400s\",\n goodBadMetricFilter: std.join({\n separator: \" AND \",\n input: [\n \"metric.type=\\\"monitoring.googleapis.com/uptime_check/check_passed\\\"\",\n \"resource.type=\\\"uptime_url\\\"\",\n ],\n }).then(invoke =\u003e invoke.result),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ncustomsrv = gcp.monitoring.CustomService(\"customsrv\",\n service_id=\"custom-srv-windows-slos\",\n display_name=\"My Custom Service\")\nwindows_based = gcp.monitoring.Slo(\"windows_based\",\n service=customsrv.service_id,\n display_name=\"Test SLO with window based SLI\",\n goal=0.95,\n calendar_period=\"FORTNIGHT\",\n windows_based_sli={\n \"window_period\": \"400s\",\n \"good_bad_metric_filter\": std.join(separator=\" AND \",\n input=[\n \"metric.type=\\\"monitoring.googleapis.com/uptime_check/check_passed\\\"\",\n \"resource.type=\\\"uptime_url\\\"\",\n ]).result,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var customsrv = new Gcp.Monitoring.CustomService(\"customsrv\", new()\n {\n ServiceId = \"custom-srv-windows-slos\",\n DisplayName = \"My Custom Service\",\n });\n\n var windowsBased = new Gcp.Monitoring.Slo(\"windows_based\", new()\n {\n Service = customsrv.ServiceId,\n DisplayName = \"Test SLO with window based SLI\",\n Goal = 0.95,\n CalendarPeriod = \"FORTNIGHT\",\n WindowsBasedSli = new Gcp.Monitoring.Inputs.SloWindowsBasedSliArgs\n {\n WindowPeriod = \"400s\",\n GoodBadMetricFilter = Std.Join.Invoke(new()\n {\n Separator = \" AND \",\n Input = new[]\n {\n \"metric.type=\\\"monitoring.googleapis.com/uptime_check/check_passed\\\"\",\n \"resource.type=\\\"uptime_url\\\"\",\n },\n }).Apply(invoke =\u003e invoke.Result),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/monitoring\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcustomsrv, err := monitoring.NewCustomService(ctx, \"customsrv\", \u0026monitoring.CustomServiceArgs{\n\t\t\tServiceId: pulumi.String(\"custom-srv-windows-slos\"),\n\t\t\tDisplayName: pulumi.String(\"My Custom Service\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeJoin, err := std.Join(ctx, \u0026std.JoinArgs{\n\t\t\tSeparator: \" AND \",\n\t\t\tInput: []string{\n\t\t\t\t\"metric.type=\\\"monitoring.googleapis.com/uptime_check/check_passed\\\"\",\n\t\t\t\t\"resource.type=\\\"uptime_url\\\"\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = monitoring.NewSlo(ctx, \"windows_based\", \u0026monitoring.SloArgs{\n\t\t\tService: customsrv.ServiceId,\n\t\t\tDisplayName: pulumi.String(\"Test SLO with window based SLI\"),\n\t\t\tGoal: pulumi.Float64(0.95),\n\t\t\tCalendarPeriod: pulumi.String(\"FORTNIGHT\"),\n\t\t\tWindowsBasedSli: \u0026monitoring.SloWindowsBasedSliArgs{\n\t\t\t\tWindowPeriod: pulumi.String(\"400s\"),\n\t\t\t\tGoodBadMetricFilter: pulumi.String(invokeJoin.Result),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.monitoring.CustomService;\nimport com.pulumi.gcp.monitoring.CustomServiceArgs;\nimport com.pulumi.gcp.monitoring.Slo;\nimport com.pulumi.gcp.monitoring.SloArgs;\nimport com.pulumi.gcp.monitoring.inputs.SloWindowsBasedSliArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var customsrv = new CustomService(\"customsrv\", CustomServiceArgs.builder()\n .serviceId(\"custom-srv-windows-slos\")\n .displayName(\"My Custom Service\")\n .build());\n\n var windowsBased = new Slo(\"windowsBased\", SloArgs.builder()\n .service(customsrv.serviceId())\n .displayName(\"Test SLO with window based SLI\")\n .goal(0.95)\n .calendarPeriod(\"FORTNIGHT\")\n .windowsBasedSli(SloWindowsBasedSliArgs.builder()\n .windowPeriod(\"400s\")\n .goodBadMetricFilter(StdFunctions.join(JoinArgs.builder()\n .separator(\" AND \")\n .input( \n \"metric.type=\\\"monitoring.googleapis.com/uptime_check/check_passed\\\"\",\n \"resource.type=\\\"uptime_url\\\"\")\n .build()).result())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n customsrv:\n type: gcp:monitoring:CustomService\n properties:\n serviceId: custom-srv-windows-slos\n displayName: My Custom Service\n windowsBased:\n type: gcp:monitoring:Slo\n name: windows_based\n properties:\n service: ${customsrv.serviceId}\n displayName: Test SLO with window based SLI\n goal: 0.95\n calendarPeriod: FORTNIGHT\n windowsBasedSli:\n windowPeriod: 400s\n goodBadMetricFilter:\n fn::invoke:\n Function: std:join\n Arguments:\n separator: ' AND '\n input:\n - metric.type=\"monitoring.googleapis.com/uptime_check/check_passed\"\n - resource.type=\"uptime_url\"\n Return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Monitoring Slo Windows Based Metric Mean\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst customsrv = new gcp.monitoring.CustomService(\"customsrv\", {\n serviceId: \"custom-srv-windows-slos\",\n displayName: \"My Custom Service\",\n});\nconst windowsBased = new gcp.monitoring.Slo(\"windows_based\", {\n service: customsrv.serviceId,\n displayName: \"Test SLO with window based SLI\",\n goal: 0.9,\n rollingPeriodDays: 20,\n windowsBasedSli: {\n windowPeriod: \"600s\",\n metricMeanInRange: {\n timeSeries: std.join({\n separator: \" AND \",\n input: [\n \"metric.type=\\\"agent.googleapis.com/cassandra/client_request/latency/95p\\\"\",\n \"resource.type=\\\"gce_instance\\\"\",\n ],\n }).then(invoke =\u003e invoke.result),\n range: {\n max: 5,\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ncustomsrv = gcp.monitoring.CustomService(\"customsrv\",\n service_id=\"custom-srv-windows-slos\",\n display_name=\"My Custom Service\")\nwindows_based = gcp.monitoring.Slo(\"windows_based\",\n service=customsrv.service_id,\n display_name=\"Test SLO with window based SLI\",\n goal=0.9,\n rolling_period_days=20,\n windows_based_sli={\n \"window_period\": \"600s\",\n \"metric_mean_in_range\": {\n \"time_series\": std.join(separator=\" AND \",\n input=[\n \"metric.type=\\\"agent.googleapis.com/cassandra/client_request/latency/95p\\\"\",\n \"resource.type=\\\"gce_instance\\\"\",\n ]).result,\n \"range\": {\n \"max\": 5,\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var customsrv = new Gcp.Monitoring.CustomService(\"customsrv\", new()\n {\n ServiceId = \"custom-srv-windows-slos\",\n DisplayName = \"My Custom Service\",\n });\n\n var windowsBased = new Gcp.Monitoring.Slo(\"windows_based\", new()\n {\n Service = customsrv.ServiceId,\n DisplayName = \"Test SLO with window based SLI\",\n Goal = 0.9,\n RollingPeriodDays = 20,\n WindowsBasedSli = new Gcp.Monitoring.Inputs.SloWindowsBasedSliArgs\n {\n WindowPeriod = \"600s\",\n MetricMeanInRange = new Gcp.Monitoring.Inputs.SloWindowsBasedSliMetricMeanInRangeArgs\n {\n TimeSeries = Std.Join.Invoke(new()\n {\n Separator = \" AND \",\n Input = new[]\n {\n \"metric.type=\\\"agent.googleapis.com/cassandra/client_request/latency/95p\\\"\",\n \"resource.type=\\\"gce_instance\\\"\",\n },\n }).Apply(invoke =\u003e invoke.Result),\n Range = new Gcp.Monitoring.Inputs.SloWindowsBasedSliMetricMeanInRangeRangeArgs\n {\n Max = 5,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/monitoring\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcustomsrv, err := monitoring.NewCustomService(ctx, \"customsrv\", \u0026monitoring.CustomServiceArgs{\n\t\t\tServiceId: pulumi.String(\"custom-srv-windows-slos\"),\n\t\t\tDisplayName: pulumi.String(\"My Custom Service\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeJoin, err := std.Join(ctx, \u0026std.JoinArgs{\n\t\t\tSeparator: \" AND \",\n\t\t\tInput: []string{\n\t\t\t\t\"metric.type=\\\"agent.googleapis.com/cassandra/client_request/latency/95p\\\"\",\n\t\t\t\t\"resource.type=\\\"gce_instance\\\"\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = monitoring.NewSlo(ctx, \"windows_based\", \u0026monitoring.SloArgs{\n\t\t\tService: customsrv.ServiceId,\n\t\t\tDisplayName: pulumi.String(\"Test SLO with window based SLI\"),\n\t\t\tGoal: pulumi.Float64(0.9),\n\t\t\tRollingPeriodDays: pulumi.Int(20),\n\t\t\tWindowsBasedSli: \u0026monitoring.SloWindowsBasedSliArgs{\n\t\t\t\tWindowPeriod: pulumi.String(\"600s\"),\n\t\t\t\tMetricMeanInRange: \u0026monitoring.SloWindowsBasedSliMetricMeanInRangeArgs{\n\t\t\t\t\tTimeSeries: pulumi.String(invokeJoin.Result),\n\t\t\t\t\tRange: \u0026monitoring.SloWindowsBasedSliMetricMeanInRangeRangeArgs{\n\t\t\t\t\t\tMax: pulumi.Float64(5),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.monitoring.CustomService;\nimport com.pulumi.gcp.monitoring.CustomServiceArgs;\nimport com.pulumi.gcp.monitoring.Slo;\nimport com.pulumi.gcp.monitoring.SloArgs;\nimport com.pulumi.gcp.monitoring.inputs.SloWindowsBasedSliArgs;\nimport com.pulumi.gcp.monitoring.inputs.SloWindowsBasedSliMetricMeanInRangeArgs;\nimport com.pulumi.gcp.monitoring.inputs.SloWindowsBasedSliMetricMeanInRangeRangeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var customsrv = new CustomService(\"customsrv\", CustomServiceArgs.builder()\n .serviceId(\"custom-srv-windows-slos\")\n .displayName(\"My Custom Service\")\n .build());\n\n var windowsBased = new Slo(\"windowsBased\", SloArgs.builder()\n .service(customsrv.serviceId())\n .displayName(\"Test SLO with window based SLI\")\n .goal(0.9)\n .rollingPeriodDays(20)\n .windowsBasedSli(SloWindowsBasedSliArgs.builder()\n .windowPeriod(\"600s\")\n .metricMeanInRange(SloWindowsBasedSliMetricMeanInRangeArgs.builder()\n .timeSeries(StdFunctions.join(JoinArgs.builder()\n .separator(\" AND \")\n .input( \n \"metric.type=\\\"agent.googleapis.com/cassandra/client_request/latency/95p\\\"\",\n \"resource.type=\\\"gce_instance\\\"\")\n .build()).result())\n .range(SloWindowsBasedSliMetricMeanInRangeRangeArgs.builder()\n .max(5)\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n customsrv:\n type: gcp:monitoring:CustomService\n properties:\n serviceId: custom-srv-windows-slos\n displayName: My Custom Service\n windowsBased:\n type: gcp:monitoring:Slo\n name: windows_based\n properties:\n service: ${customsrv.serviceId}\n displayName: Test SLO with window based SLI\n goal: 0.9\n rollingPeriodDays: 20\n windowsBasedSli:\n windowPeriod: 600s\n metricMeanInRange:\n timeSeries:\n fn::invoke:\n Function: std:join\n Arguments:\n separator: ' AND '\n input:\n - metric.type=\"agent.googleapis.com/cassandra/client_request/latency/95p\"\n - resource.type=\"gce_instance\"\n Return: result\n range:\n max: 5\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Monitoring Slo Windows Based Metric Sum\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst customsrv = new gcp.monitoring.CustomService(\"customsrv\", {\n serviceId: \"custom-srv-windows-slos\",\n displayName: \"My Custom Service\",\n});\nconst windowsBased = new gcp.monitoring.Slo(\"windows_based\", {\n service: customsrv.serviceId,\n displayName: \"Test SLO with window based SLI\",\n goal: 0.9,\n rollingPeriodDays: 20,\n windowsBasedSli: {\n windowPeriod: \"400s\",\n metricSumInRange: {\n timeSeries: std.join({\n separator: \" AND \",\n input: [\n \"metric.type=\\\"monitoring.googleapis.com/uptime_check/request_latency\\\"\",\n \"resource.type=\\\"uptime_url\\\"\",\n ],\n }).then(invoke =\u003e invoke.result),\n range: {\n max: 5000,\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ncustomsrv = gcp.monitoring.CustomService(\"customsrv\",\n service_id=\"custom-srv-windows-slos\",\n display_name=\"My Custom Service\")\nwindows_based = gcp.monitoring.Slo(\"windows_based\",\n service=customsrv.service_id,\n display_name=\"Test SLO with window based SLI\",\n goal=0.9,\n rolling_period_days=20,\n windows_based_sli={\n \"window_period\": \"400s\",\n \"metric_sum_in_range\": {\n \"time_series\": std.join(separator=\" AND \",\n input=[\n \"metric.type=\\\"monitoring.googleapis.com/uptime_check/request_latency\\\"\",\n \"resource.type=\\\"uptime_url\\\"\",\n ]).result,\n \"range\": {\n \"max\": 5000,\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var customsrv = new Gcp.Monitoring.CustomService(\"customsrv\", new()\n {\n ServiceId = \"custom-srv-windows-slos\",\n DisplayName = \"My Custom Service\",\n });\n\n var windowsBased = new Gcp.Monitoring.Slo(\"windows_based\", new()\n {\n Service = customsrv.ServiceId,\n DisplayName = \"Test SLO with window based SLI\",\n Goal = 0.9,\n RollingPeriodDays = 20,\n WindowsBasedSli = new Gcp.Monitoring.Inputs.SloWindowsBasedSliArgs\n {\n WindowPeriod = \"400s\",\n MetricSumInRange = new Gcp.Monitoring.Inputs.SloWindowsBasedSliMetricSumInRangeArgs\n {\n TimeSeries = Std.Join.Invoke(new()\n {\n Separator = \" AND \",\n Input = new[]\n {\n \"metric.type=\\\"monitoring.googleapis.com/uptime_check/request_latency\\\"\",\n \"resource.type=\\\"uptime_url\\\"\",\n },\n }).Apply(invoke =\u003e invoke.Result),\n Range = new Gcp.Monitoring.Inputs.SloWindowsBasedSliMetricSumInRangeRangeArgs\n {\n Max = 5000,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/monitoring\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcustomsrv, err := monitoring.NewCustomService(ctx, \"customsrv\", \u0026monitoring.CustomServiceArgs{\n\t\t\tServiceId: pulumi.String(\"custom-srv-windows-slos\"),\n\t\t\tDisplayName: pulumi.String(\"My Custom Service\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeJoin, err := std.Join(ctx, \u0026std.JoinArgs{\n\t\t\tSeparator: \" AND \",\n\t\t\tInput: []string{\n\t\t\t\t\"metric.type=\\\"monitoring.googleapis.com/uptime_check/request_latency\\\"\",\n\t\t\t\t\"resource.type=\\\"uptime_url\\\"\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = monitoring.NewSlo(ctx, \"windows_based\", \u0026monitoring.SloArgs{\n\t\t\tService: customsrv.ServiceId,\n\t\t\tDisplayName: pulumi.String(\"Test SLO with window based SLI\"),\n\t\t\tGoal: pulumi.Float64(0.9),\n\t\t\tRollingPeriodDays: pulumi.Int(20),\n\t\t\tWindowsBasedSli: \u0026monitoring.SloWindowsBasedSliArgs{\n\t\t\t\tWindowPeriod: pulumi.String(\"400s\"),\n\t\t\t\tMetricSumInRange: \u0026monitoring.SloWindowsBasedSliMetricSumInRangeArgs{\n\t\t\t\t\tTimeSeries: pulumi.String(invokeJoin.Result),\n\t\t\t\t\tRange: \u0026monitoring.SloWindowsBasedSliMetricSumInRangeRangeArgs{\n\t\t\t\t\t\tMax: pulumi.Float64(5000),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.monitoring.CustomService;\nimport com.pulumi.gcp.monitoring.CustomServiceArgs;\nimport com.pulumi.gcp.monitoring.Slo;\nimport com.pulumi.gcp.monitoring.SloArgs;\nimport com.pulumi.gcp.monitoring.inputs.SloWindowsBasedSliArgs;\nimport com.pulumi.gcp.monitoring.inputs.SloWindowsBasedSliMetricSumInRangeArgs;\nimport com.pulumi.gcp.monitoring.inputs.SloWindowsBasedSliMetricSumInRangeRangeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var customsrv = new CustomService(\"customsrv\", CustomServiceArgs.builder()\n .serviceId(\"custom-srv-windows-slos\")\n .displayName(\"My Custom Service\")\n .build());\n\n var windowsBased = new Slo(\"windowsBased\", SloArgs.builder()\n .service(customsrv.serviceId())\n .displayName(\"Test SLO with window based SLI\")\n .goal(0.9)\n .rollingPeriodDays(20)\n .windowsBasedSli(SloWindowsBasedSliArgs.builder()\n .windowPeriod(\"400s\")\n .metricSumInRange(SloWindowsBasedSliMetricSumInRangeArgs.builder()\n .timeSeries(StdFunctions.join(JoinArgs.builder()\n .separator(\" AND \")\n .input( \n \"metric.type=\\\"monitoring.googleapis.com/uptime_check/request_latency\\\"\",\n \"resource.type=\\\"uptime_url\\\"\")\n .build()).result())\n .range(SloWindowsBasedSliMetricSumInRangeRangeArgs.builder()\n .max(5000)\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n customsrv:\n type: gcp:monitoring:CustomService\n properties:\n serviceId: custom-srv-windows-slos\n displayName: My Custom Service\n windowsBased:\n type: gcp:monitoring:Slo\n name: windows_based\n properties:\n service: ${customsrv.serviceId}\n displayName: Test SLO with window based SLI\n goal: 0.9\n rollingPeriodDays: 20\n windowsBasedSli:\n windowPeriod: 400s\n metricSumInRange:\n timeSeries:\n fn::invoke:\n Function: std:join\n Arguments:\n separator: ' AND '\n input:\n - metric.type=\"monitoring.googleapis.com/uptime_check/request_latency\"\n - resource.type=\"uptime_url\"\n Return: result\n range:\n max: 5000\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Monitoring Slo Windows Based Ratio Threshold\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst customsrv = new gcp.monitoring.CustomService(\"customsrv\", {\n serviceId: \"custom-srv-windows-slos\",\n displayName: \"My Custom Service\",\n});\nconst windowsBased = new gcp.monitoring.Slo(\"windows_based\", {\n service: customsrv.serviceId,\n displayName: \"Test SLO with window based SLI\",\n goal: 0.9,\n rollingPeriodDays: 20,\n windowsBasedSli: {\n windowPeriod: \"100s\",\n goodTotalRatioThreshold: {\n threshold: 0.1,\n performance: {\n distributionCut: {\n distributionFilter: std.join({\n separator: \" AND \",\n input: [\n \"metric.type=\\\"serviceruntime.googleapis.com/api/request_latencies\\\"\",\n \"resource.type=\\\"consumed_api\\\"\",\n ],\n }).then(invoke =\u003e invoke.result),\n range: {\n min: 1,\n max: 9,\n },\n },\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ncustomsrv = gcp.monitoring.CustomService(\"customsrv\",\n service_id=\"custom-srv-windows-slos\",\n display_name=\"My Custom Service\")\nwindows_based = gcp.monitoring.Slo(\"windows_based\",\n service=customsrv.service_id,\n display_name=\"Test SLO with window based SLI\",\n goal=0.9,\n rolling_period_days=20,\n windows_based_sli={\n \"window_period\": \"100s\",\n \"good_total_ratio_threshold\": {\n \"threshold\": 0.1,\n \"performance\": {\n \"distribution_cut\": {\n \"distribution_filter\": std.join(separator=\" AND \",\n input=[\n \"metric.type=\\\"serviceruntime.googleapis.com/api/request_latencies\\\"\",\n \"resource.type=\\\"consumed_api\\\"\",\n ]).result,\n \"range\": {\n \"min\": 1,\n \"max\": 9,\n },\n },\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var customsrv = new Gcp.Monitoring.CustomService(\"customsrv\", new()\n {\n ServiceId = \"custom-srv-windows-slos\",\n DisplayName = \"My Custom Service\",\n });\n\n var windowsBased = new Gcp.Monitoring.Slo(\"windows_based\", new()\n {\n Service = customsrv.ServiceId,\n DisplayName = \"Test SLO with window based SLI\",\n Goal = 0.9,\n RollingPeriodDays = 20,\n WindowsBasedSli = new Gcp.Monitoring.Inputs.SloWindowsBasedSliArgs\n {\n WindowPeriod = \"100s\",\n GoodTotalRatioThreshold = new Gcp.Monitoring.Inputs.SloWindowsBasedSliGoodTotalRatioThresholdArgs\n {\n Threshold = 0.1,\n Performance = new Gcp.Monitoring.Inputs.SloWindowsBasedSliGoodTotalRatioThresholdPerformanceArgs\n {\n DistributionCut = new Gcp.Monitoring.Inputs.SloWindowsBasedSliGoodTotalRatioThresholdPerformanceDistributionCutArgs\n {\n DistributionFilter = Std.Join.Invoke(new()\n {\n Separator = \" AND \",\n Input = new[]\n {\n \"metric.type=\\\"serviceruntime.googleapis.com/api/request_latencies\\\"\",\n \"resource.type=\\\"consumed_api\\\"\",\n },\n }).Apply(invoke =\u003e invoke.Result),\n Range = new Gcp.Monitoring.Inputs.SloWindowsBasedSliGoodTotalRatioThresholdPerformanceDistributionCutRangeArgs\n {\n Min = 1,\n Max = 9,\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/monitoring\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcustomsrv, err := monitoring.NewCustomService(ctx, \"customsrv\", \u0026monitoring.CustomServiceArgs{\n\t\t\tServiceId: pulumi.String(\"custom-srv-windows-slos\"),\n\t\t\tDisplayName: pulumi.String(\"My Custom Service\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeJoin, err := std.Join(ctx, \u0026std.JoinArgs{\n\t\t\tSeparator: \" AND \",\n\t\t\tInput: []string{\n\t\t\t\t\"metric.type=\\\"serviceruntime.googleapis.com/api/request_latencies\\\"\",\n\t\t\t\t\"resource.type=\\\"consumed_api\\\"\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = monitoring.NewSlo(ctx, \"windows_based\", \u0026monitoring.SloArgs{\n\t\t\tService: customsrv.ServiceId,\n\t\t\tDisplayName: pulumi.String(\"Test SLO with window based SLI\"),\n\t\t\tGoal: pulumi.Float64(0.9),\n\t\t\tRollingPeriodDays: pulumi.Int(20),\n\t\t\tWindowsBasedSli: \u0026monitoring.SloWindowsBasedSliArgs{\n\t\t\t\tWindowPeriod: pulumi.String(\"100s\"),\n\t\t\t\tGoodTotalRatioThreshold: \u0026monitoring.SloWindowsBasedSliGoodTotalRatioThresholdArgs{\n\t\t\t\t\tThreshold: pulumi.Float64(0.1),\n\t\t\t\t\tPerformance: \u0026monitoring.SloWindowsBasedSliGoodTotalRatioThresholdPerformanceArgs{\n\t\t\t\t\t\tDistributionCut: \u0026monitoring.SloWindowsBasedSliGoodTotalRatioThresholdPerformanceDistributionCutArgs{\n\t\t\t\t\t\t\tDistributionFilter: pulumi.String(invokeJoin.Result),\n\t\t\t\t\t\t\tRange: \u0026monitoring.SloWindowsBasedSliGoodTotalRatioThresholdPerformanceDistributionCutRangeArgs{\n\t\t\t\t\t\t\t\tMin: pulumi.Float64(1),\n\t\t\t\t\t\t\t\tMax: pulumi.Float64(9),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.monitoring.CustomService;\nimport com.pulumi.gcp.monitoring.CustomServiceArgs;\nimport com.pulumi.gcp.monitoring.Slo;\nimport com.pulumi.gcp.monitoring.SloArgs;\nimport com.pulumi.gcp.monitoring.inputs.SloWindowsBasedSliArgs;\nimport com.pulumi.gcp.monitoring.inputs.SloWindowsBasedSliGoodTotalRatioThresholdArgs;\nimport com.pulumi.gcp.monitoring.inputs.SloWindowsBasedSliGoodTotalRatioThresholdPerformanceArgs;\nimport com.pulumi.gcp.monitoring.inputs.SloWindowsBasedSliGoodTotalRatioThresholdPerformanceDistributionCutArgs;\nimport com.pulumi.gcp.monitoring.inputs.SloWindowsBasedSliGoodTotalRatioThresholdPerformanceDistributionCutRangeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var customsrv = new CustomService(\"customsrv\", CustomServiceArgs.builder()\n .serviceId(\"custom-srv-windows-slos\")\n .displayName(\"My Custom Service\")\n .build());\n\n var windowsBased = new Slo(\"windowsBased\", SloArgs.builder()\n .service(customsrv.serviceId())\n .displayName(\"Test SLO with window based SLI\")\n .goal(0.9)\n .rollingPeriodDays(20)\n .windowsBasedSli(SloWindowsBasedSliArgs.builder()\n .windowPeriod(\"100s\")\n .goodTotalRatioThreshold(SloWindowsBasedSliGoodTotalRatioThresholdArgs.builder()\n .threshold(0.1)\n .performance(SloWindowsBasedSliGoodTotalRatioThresholdPerformanceArgs.builder()\n .distributionCut(SloWindowsBasedSliGoodTotalRatioThresholdPerformanceDistributionCutArgs.builder()\n .distributionFilter(StdFunctions.join(JoinArgs.builder()\n .separator(\" AND \")\n .input( \n \"metric.type=\\\"serviceruntime.googleapis.com/api/request_latencies\\\"\",\n \"resource.type=\\\"consumed_api\\\"\")\n .build()).result())\n .range(SloWindowsBasedSliGoodTotalRatioThresholdPerformanceDistributionCutRangeArgs.builder()\n .min(1)\n .max(9)\n .build())\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n customsrv:\n type: gcp:monitoring:CustomService\n properties:\n serviceId: custom-srv-windows-slos\n displayName: My Custom Service\n windowsBased:\n type: gcp:monitoring:Slo\n name: windows_based\n properties:\n service: ${customsrv.serviceId}\n displayName: Test SLO with window based SLI\n goal: 0.9\n rollingPeriodDays: 20\n windowsBasedSli:\n windowPeriod: 100s\n goodTotalRatioThreshold:\n threshold: 0.1\n performance:\n distributionCut:\n distributionFilter:\n fn::invoke:\n Function: std:join\n Arguments:\n separator: ' AND '\n input:\n - metric.type=\"serviceruntime.googleapis.com/api/request_latencies\"\n - resource.type=\"consumed_api\"\n Return: result\n range:\n min: 1\n max: 9\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nSlo can be imported using any of these accepted formats:\n\n* `{{project}}/{{name}}`\n\n* `{{project}} {{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Slo can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:monitoring/slo:Slo default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:monitoring/slo:Slo default \"{{project}} {{name}}\"\n```\n\n```sh\n$ pulumi import gcp:monitoring/slo:Slo default {{name}}\n```\n\n", + "description": "A Service-Level Objective (SLO) describes the level of desired good\nservice. It consists of a service-level indicator (SLI), a performance\ngoal, and a period over which the objective is to be evaluated against\nthat goal. The SLO can use SLIs defined in a number of different manners.\nTypical SLOs might include \"99% of requests in each rolling week have\nlatency below 200 milliseconds\" or \"99.5% of requests in each calendar\nmonth return successfully.\"\n\n\nTo get more information about Slo, see:\n\n* [API documentation](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/services.serviceLevelObjectives)\n* How-to Guides\n * [Monitoring API Documentation](https://cloud.google.com/monitoring/api/v3/)\n * [Service Monitoring](https://cloud.google.com/monitoring/service-monitoring)\n\n## Example Usage\n\n### Monitoring Slo Appengine\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.monitoring.getAppEngineService({\n moduleId: \"default\",\n});\nconst appengSlo = new gcp.monitoring.Slo(\"appeng_slo\", {\n service: _default.then(_default =\u003e _default.serviceId),\n sloId: \"ae-slo\",\n displayName: \"Test SLO for App Engine\",\n goal: 0.9,\n calendarPeriod: \"DAY\",\n basicSli: {\n latency: {\n threshold: \"1s\",\n },\n },\n userLabels: {\n my_key: \"my_value\",\n my_other_key: \"my_other_value\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.monitoring.get_app_engine_service(module_id=\"default\")\nappeng_slo = gcp.monitoring.Slo(\"appeng_slo\",\n service=default.service_id,\n slo_id=\"ae-slo\",\n display_name=\"Test SLO for App Engine\",\n goal=0.9,\n calendar_period=\"DAY\",\n basic_sli={\n \"latency\": {\n \"threshold\": \"1s\",\n },\n },\n user_labels={\n \"my_key\": \"my_value\",\n \"my_other_key\": \"my_other_value\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Monitoring.GetAppEngineService.Invoke(new()\n {\n ModuleId = \"default\",\n });\n\n var appengSlo = new Gcp.Monitoring.Slo(\"appeng_slo\", new()\n {\n Service = @default.Apply(@default =\u003e @default.Apply(getAppEngineServiceResult =\u003e getAppEngineServiceResult.ServiceId)),\n SloId = \"ae-slo\",\n DisplayName = \"Test SLO for App Engine\",\n Goal = 0.9,\n CalendarPeriod = \"DAY\",\n BasicSli = new Gcp.Monitoring.Inputs.SloBasicSliArgs\n {\n Latency = new Gcp.Monitoring.Inputs.SloBasicSliLatencyArgs\n {\n Threshold = \"1s\",\n },\n },\n UserLabels = \n {\n { \"my_key\", \"my_value\" },\n { \"my_other_key\", \"my_other_value\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/monitoring\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := monitoring.GetAppEngineService(ctx, \u0026monitoring.GetAppEngineServiceArgs{\n\t\t\tModuleId: \"default\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = monitoring.NewSlo(ctx, \"appeng_slo\", \u0026monitoring.SloArgs{\n\t\t\tService: pulumi.String(_default.ServiceId),\n\t\t\tSloId: pulumi.String(\"ae-slo\"),\n\t\t\tDisplayName: pulumi.String(\"Test SLO for App Engine\"),\n\t\t\tGoal: pulumi.Float64(0.9),\n\t\t\tCalendarPeriod: pulumi.String(\"DAY\"),\n\t\t\tBasicSli: \u0026monitoring.SloBasicSliArgs{\n\t\t\t\tLatency: \u0026monitoring.SloBasicSliLatencyArgs{\n\t\t\t\t\tThreshold: pulumi.String(\"1s\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tUserLabels: pulumi.StringMap{\n\t\t\t\t\"my_key\": pulumi.String(\"my_value\"),\n\t\t\t\t\"my_other_key\": pulumi.String(\"my_other_value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.monitoring.MonitoringFunctions;\nimport com.pulumi.gcp.monitoring.inputs.GetAppEngineServiceArgs;\nimport com.pulumi.gcp.monitoring.Slo;\nimport com.pulumi.gcp.monitoring.SloArgs;\nimport com.pulumi.gcp.monitoring.inputs.SloBasicSliArgs;\nimport com.pulumi.gcp.monitoring.inputs.SloBasicSliLatencyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = MonitoringFunctions.getAppEngineService(GetAppEngineServiceArgs.builder()\n .moduleId(\"default\")\n .build());\n\n var appengSlo = new Slo(\"appengSlo\", SloArgs.builder()\n .service(default_.serviceId())\n .sloId(\"ae-slo\")\n .displayName(\"Test SLO for App Engine\")\n .goal(0.9)\n .calendarPeriod(\"DAY\")\n .basicSli(SloBasicSliArgs.builder()\n .latency(SloBasicSliLatencyArgs.builder()\n .threshold(\"1s\")\n .build())\n .build())\n .userLabels(Map.ofEntries(\n Map.entry(\"my_key\", \"my_value\"),\n Map.entry(\"my_other_key\", \"my_other_value\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n appengSlo:\n type: gcp:monitoring:Slo\n name: appeng_slo\n properties:\n service: ${default.serviceId}\n sloId: ae-slo\n displayName: Test SLO for App Engine\n goal: 0.9\n calendarPeriod: DAY\n basicSli:\n latency:\n threshold: 1s\n userLabels:\n my_key: my_value\n my_other_key: my_other_value\nvariables:\n default:\n fn::invoke:\n function: gcp:monitoring:getAppEngineService\n arguments:\n moduleId: default\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Monitoring Slo Request Based\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst customsrv = new gcp.monitoring.CustomService(\"customsrv\", {\n serviceId: \"custom-srv-request-slos\",\n displayName: \"My Custom Service\",\n});\nconst requestBasedSlo = new gcp.monitoring.Slo(\"request_based_slo\", {\n service: customsrv.serviceId,\n sloId: \"consumed-api-slo\",\n displayName: \"Test SLO with request based SLI (good total ratio)\",\n goal: 0.9,\n rollingPeriodDays: 30,\n requestBasedSli: {\n distributionCut: {\n distributionFilter: \"metric.type=\\\"serviceruntime.googleapis.com/api/request_latencies\\\" resource.type=\\\"api\\\" \",\n range: {\n max: 0.5,\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncustomsrv = gcp.monitoring.CustomService(\"customsrv\",\n service_id=\"custom-srv-request-slos\",\n display_name=\"My Custom Service\")\nrequest_based_slo = gcp.monitoring.Slo(\"request_based_slo\",\n service=customsrv.service_id,\n slo_id=\"consumed-api-slo\",\n display_name=\"Test SLO with request based SLI (good total ratio)\",\n goal=0.9,\n rolling_period_days=30,\n request_based_sli={\n \"distribution_cut\": {\n \"distribution_filter\": \"metric.type=\\\"serviceruntime.googleapis.com/api/request_latencies\\\" resource.type=\\\"api\\\" \",\n \"range\": {\n \"max\": 0.5,\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var customsrv = new Gcp.Monitoring.CustomService(\"customsrv\", new()\n {\n ServiceId = \"custom-srv-request-slos\",\n DisplayName = \"My Custom Service\",\n });\n\n var requestBasedSlo = new Gcp.Monitoring.Slo(\"request_based_slo\", new()\n {\n Service = customsrv.ServiceId,\n SloId = \"consumed-api-slo\",\n DisplayName = \"Test SLO with request based SLI (good total ratio)\",\n Goal = 0.9,\n RollingPeriodDays = 30,\n RequestBasedSli = new Gcp.Monitoring.Inputs.SloRequestBasedSliArgs\n {\n DistributionCut = new Gcp.Monitoring.Inputs.SloRequestBasedSliDistributionCutArgs\n {\n DistributionFilter = \"metric.type=\\\"serviceruntime.googleapis.com/api/request_latencies\\\" resource.type=\\\"api\\\" \",\n Range = new Gcp.Monitoring.Inputs.SloRequestBasedSliDistributionCutRangeArgs\n {\n Max = 0.5,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/monitoring\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcustomsrv, err := monitoring.NewCustomService(ctx, \"customsrv\", \u0026monitoring.CustomServiceArgs{\n\t\t\tServiceId: pulumi.String(\"custom-srv-request-slos\"),\n\t\t\tDisplayName: pulumi.String(\"My Custom Service\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = monitoring.NewSlo(ctx, \"request_based_slo\", \u0026monitoring.SloArgs{\n\t\t\tService: customsrv.ServiceId,\n\t\t\tSloId: pulumi.String(\"consumed-api-slo\"),\n\t\t\tDisplayName: pulumi.String(\"Test SLO with request based SLI (good total ratio)\"),\n\t\t\tGoal: pulumi.Float64(0.9),\n\t\t\tRollingPeriodDays: pulumi.Int(30),\n\t\t\tRequestBasedSli: \u0026monitoring.SloRequestBasedSliArgs{\n\t\t\t\tDistributionCut: \u0026monitoring.SloRequestBasedSliDistributionCutArgs{\n\t\t\t\t\tDistributionFilter: pulumi.String(\"metric.type=\\\"serviceruntime.googleapis.com/api/request_latencies\\\" resource.type=\\\"api\\\" \"),\n\t\t\t\t\tRange: \u0026monitoring.SloRequestBasedSliDistributionCutRangeArgs{\n\t\t\t\t\t\tMax: pulumi.Float64(0.5),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.monitoring.CustomService;\nimport com.pulumi.gcp.monitoring.CustomServiceArgs;\nimport com.pulumi.gcp.monitoring.Slo;\nimport com.pulumi.gcp.monitoring.SloArgs;\nimport com.pulumi.gcp.monitoring.inputs.SloRequestBasedSliArgs;\nimport com.pulumi.gcp.monitoring.inputs.SloRequestBasedSliDistributionCutArgs;\nimport com.pulumi.gcp.monitoring.inputs.SloRequestBasedSliDistributionCutRangeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var customsrv = new CustomService(\"customsrv\", CustomServiceArgs.builder()\n .serviceId(\"custom-srv-request-slos\")\n .displayName(\"My Custom Service\")\n .build());\n\n var requestBasedSlo = new Slo(\"requestBasedSlo\", SloArgs.builder()\n .service(customsrv.serviceId())\n .sloId(\"consumed-api-slo\")\n .displayName(\"Test SLO with request based SLI (good total ratio)\")\n .goal(0.9)\n .rollingPeriodDays(30)\n .requestBasedSli(SloRequestBasedSliArgs.builder()\n .distributionCut(SloRequestBasedSliDistributionCutArgs.builder()\n .distributionFilter(\"metric.type=\\\"serviceruntime.googleapis.com/api/request_latencies\\\" resource.type=\\\"api\\\" \")\n .range(SloRequestBasedSliDistributionCutRangeArgs.builder()\n .max(0.5)\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n customsrv:\n type: gcp:monitoring:CustomService\n properties:\n serviceId: custom-srv-request-slos\n displayName: My Custom Service\n requestBasedSlo:\n type: gcp:monitoring:Slo\n name: request_based_slo\n properties:\n service: ${customsrv.serviceId}\n sloId: consumed-api-slo\n displayName: Test SLO with request based SLI (good total ratio)\n goal: 0.9\n rollingPeriodDays: 30\n requestBasedSli:\n distributionCut:\n distributionFilter: 'metric.type=\"serviceruntime.googleapis.com/api/request_latencies\" resource.type=\"api\" '\n range:\n max: 0.5\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Monitoring Slo Windows Based Good Bad Metric Filter\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst customsrv = new gcp.monitoring.CustomService(\"customsrv\", {\n serviceId: \"custom-srv-windows-slos\",\n displayName: \"My Custom Service\",\n});\nconst windowsBased = new gcp.monitoring.Slo(\"windows_based\", {\n service: customsrv.serviceId,\n displayName: \"Test SLO with window based SLI\",\n goal: 0.95,\n calendarPeriod: \"FORTNIGHT\",\n windowsBasedSli: {\n windowPeriod: \"400s\",\n goodBadMetricFilter: std.join({\n separator: \" AND \",\n input: [\n \"metric.type=\\\"monitoring.googleapis.com/uptime_check/check_passed\\\"\",\n \"resource.type=\\\"uptime_url\\\"\",\n ],\n }).then(invoke =\u003e invoke.result),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ncustomsrv = gcp.monitoring.CustomService(\"customsrv\",\n service_id=\"custom-srv-windows-slos\",\n display_name=\"My Custom Service\")\nwindows_based = gcp.monitoring.Slo(\"windows_based\",\n service=customsrv.service_id,\n display_name=\"Test SLO with window based SLI\",\n goal=0.95,\n calendar_period=\"FORTNIGHT\",\n windows_based_sli={\n \"window_period\": \"400s\",\n \"good_bad_metric_filter\": std.join(separator=\" AND \",\n input=[\n \"metric.type=\\\"monitoring.googleapis.com/uptime_check/check_passed\\\"\",\n \"resource.type=\\\"uptime_url\\\"\",\n ]).result,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var customsrv = new Gcp.Monitoring.CustomService(\"customsrv\", new()\n {\n ServiceId = \"custom-srv-windows-slos\",\n DisplayName = \"My Custom Service\",\n });\n\n var windowsBased = new Gcp.Monitoring.Slo(\"windows_based\", new()\n {\n Service = customsrv.ServiceId,\n DisplayName = \"Test SLO with window based SLI\",\n Goal = 0.95,\n CalendarPeriod = \"FORTNIGHT\",\n WindowsBasedSli = new Gcp.Monitoring.Inputs.SloWindowsBasedSliArgs\n {\n WindowPeriod = \"400s\",\n GoodBadMetricFilter = Std.Join.Invoke(new()\n {\n Separator = \" AND \",\n Input = new[]\n {\n \"metric.type=\\\"monitoring.googleapis.com/uptime_check/check_passed\\\"\",\n \"resource.type=\\\"uptime_url\\\"\",\n },\n }).Apply(invoke =\u003e invoke.Result),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/monitoring\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcustomsrv, err := monitoring.NewCustomService(ctx, \"customsrv\", \u0026monitoring.CustomServiceArgs{\n\t\t\tServiceId: pulumi.String(\"custom-srv-windows-slos\"),\n\t\t\tDisplayName: pulumi.String(\"My Custom Service\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeJoin, err := std.Join(ctx, \u0026std.JoinArgs{\n\t\t\tSeparator: \" AND \",\n\t\t\tInput: []string{\n\t\t\t\t\"metric.type=\\\"monitoring.googleapis.com/uptime_check/check_passed\\\"\",\n\t\t\t\t\"resource.type=\\\"uptime_url\\\"\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = monitoring.NewSlo(ctx, \"windows_based\", \u0026monitoring.SloArgs{\n\t\t\tService: customsrv.ServiceId,\n\t\t\tDisplayName: pulumi.String(\"Test SLO with window based SLI\"),\n\t\t\tGoal: pulumi.Float64(0.95),\n\t\t\tCalendarPeriod: pulumi.String(\"FORTNIGHT\"),\n\t\t\tWindowsBasedSli: \u0026monitoring.SloWindowsBasedSliArgs{\n\t\t\t\tWindowPeriod: pulumi.String(\"400s\"),\n\t\t\t\tGoodBadMetricFilter: pulumi.String(invokeJoin.Result),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.monitoring.CustomService;\nimport com.pulumi.gcp.monitoring.CustomServiceArgs;\nimport com.pulumi.gcp.monitoring.Slo;\nimport com.pulumi.gcp.monitoring.SloArgs;\nimport com.pulumi.gcp.monitoring.inputs.SloWindowsBasedSliArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var customsrv = new CustomService(\"customsrv\", CustomServiceArgs.builder()\n .serviceId(\"custom-srv-windows-slos\")\n .displayName(\"My Custom Service\")\n .build());\n\n var windowsBased = new Slo(\"windowsBased\", SloArgs.builder()\n .service(customsrv.serviceId())\n .displayName(\"Test SLO with window based SLI\")\n .goal(0.95)\n .calendarPeriod(\"FORTNIGHT\")\n .windowsBasedSli(SloWindowsBasedSliArgs.builder()\n .windowPeriod(\"400s\")\n .goodBadMetricFilter(StdFunctions.join(JoinArgs.builder()\n .separator(\" AND \")\n .input( \n \"metric.type=\\\"monitoring.googleapis.com/uptime_check/check_passed\\\"\",\n \"resource.type=\\\"uptime_url\\\"\")\n .build()).result())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n customsrv:\n type: gcp:monitoring:CustomService\n properties:\n serviceId: custom-srv-windows-slos\n displayName: My Custom Service\n windowsBased:\n type: gcp:monitoring:Slo\n name: windows_based\n properties:\n service: ${customsrv.serviceId}\n displayName: Test SLO with window based SLI\n goal: 0.95\n calendarPeriod: FORTNIGHT\n windowsBasedSli:\n windowPeriod: 400s\n goodBadMetricFilter:\n fn::invoke:\n function: std:join\n arguments:\n separator: ' AND '\n input:\n - metric.type=\"monitoring.googleapis.com/uptime_check/check_passed\"\n - resource.type=\"uptime_url\"\n return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Monitoring Slo Windows Based Metric Mean\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst customsrv = new gcp.monitoring.CustomService(\"customsrv\", {\n serviceId: \"custom-srv-windows-slos\",\n displayName: \"My Custom Service\",\n});\nconst windowsBased = new gcp.monitoring.Slo(\"windows_based\", {\n service: customsrv.serviceId,\n displayName: \"Test SLO with window based SLI\",\n goal: 0.9,\n rollingPeriodDays: 20,\n windowsBasedSli: {\n windowPeriod: \"600s\",\n metricMeanInRange: {\n timeSeries: std.join({\n separator: \" AND \",\n input: [\n \"metric.type=\\\"agent.googleapis.com/cassandra/client_request/latency/95p\\\"\",\n \"resource.type=\\\"gce_instance\\\"\",\n ],\n }).then(invoke =\u003e invoke.result),\n range: {\n max: 5,\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ncustomsrv = gcp.monitoring.CustomService(\"customsrv\",\n service_id=\"custom-srv-windows-slos\",\n display_name=\"My Custom Service\")\nwindows_based = gcp.monitoring.Slo(\"windows_based\",\n service=customsrv.service_id,\n display_name=\"Test SLO with window based SLI\",\n goal=0.9,\n rolling_period_days=20,\n windows_based_sli={\n \"window_period\": \"600s\",\n \"metric_mean_in_range\": {\n \"time_series\": std.join(separator=\" AND \",\n input=[\n \"metric.type=\\\"agent.googleapis.com/cassandra/client_request/latency/95p\\\"\",\n \"resource.type=\\\"gce_instance\\\"\",\n ]).result,\n \"range\": {\n \"max\": 5,\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var customsrv = new Gcp.Monitoring.CustomService(\"customsrv\", new()\n {\n ServiceId = \"custom-srv-windows-slos\",\n DisplayName = \"My Custom Service\",\n });\n\n var windowsBased = new Gcp.Monitoring.Slo(\"windows_based\", new()\n {\n Service = customsrv.ServiceId,\n DisplayName = \"Test SLO with window based SLI\",\n Goal = 0.9,\n RollingPeriodDays = 20,\n WindowsBasedSli = new Gcp.Monitoring.Inputs.SloWindowsBasedSliArgs\n {\n WindowPeriod = \"600s\",\n MetricMeanInRange = new Gcp.Monitoring.Inputs.SloWindowsBasedSliMetricMeanInRangeArgs\n {\n TimeSeries = Std.Join.Invoke(new()\n {\n Separator = \" AND \",\n Input = new[]\n {\n \"metric.type=\\\"agent.googleapis.com/cassandra/client_request/latency/95p\\\"\",\n \"resource.type=\\\"gce_instance\\\"\",\n },\n }).Apply(invoke =\u003e invoke.Result),\n Range = new Gcp.Monitoring.Inputs.SloWindowsBasedSliMetricMeanInRangeRangeArgs\n {\n Max = 5,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/monitoring\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcustomsrv, err := monitoring.NewCustomService(ctx, \"customsrv\", \u0026monitoring.CustomServiceArgs{\n\t\t\tServiceId: pulumi.String(\"custom-srv-windows-slos\"),\n\t\t\tDisplayName: pulumi.String(\"My Custom Service\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeJoin, err := std.Join(ctx, \u0026std.JoinArgs{\n\t\t\tSeparator: \" AND \",\n\t\t\tInput: []string{\n\t\t\t\t\"metric.type=\\\"agent.googleapis.com/cassandra/client_request/latency/95p\\\"\",\n\t\t\t\t\"resource.type=\\\"gce_instance\\\"\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = monitoring.NewSlo(ctx, \"windows_based\", \u0026monitoring.SloArgs{\n\t\t\tService: customsrv.ServiceId,\n\t\t\tDisplayName: pulumi.String(\"Test SLO with window based SLI\"),\n\t\t\tGoal: pulumi.Float64(0.9),\n\t\t\tRollingPeriodDays: pulumi.Int(20),\n\t\t\tWindowsBasedSli: \u0026monitoring.SloWindowsBasedSliArgs{\n\t\t\t\tWindowPeriod: pulumi.String(\"600s\"),\n\t\t\t\tMetricMeanInRange: \u0026monitoring.SloWindowsBasedSliMetricMeanInRangeArgs{\n\t\t\t\t\tTimeSeries: pulumi.String(invokeJoin.Result),\n\t\t\t\t\tRange: \u0026monitoring.SloWindowsBasedSliMetricMeanInRangeRangeArgs{\n\t\t\t\t\t\tMax: pulumi.Float64(5),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.monitoring.CustomService;\nimport com.pulumi.gcp.monitoring.CustomServiceArgs;\nimport com.pulumi.gcp.monitoring.Slo;\nimport com.pulumi.gcp.monitoring.SloArgs;\nimport com.pulumi.gcp.monitoring.inputs.SloWindowsBasedSliArgs;\nimport com.pulumi.gcp.monitoring.inputs.SloWindowsBasedSliMetricMeanInRangeArgs;\nimport com.pulumi.gcp.monitoring.inputs.SloWindowsBasedSliMetricMeanInRangeRangeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var customsrv = new CustomService(\"customsrv\", CustomServiceArgs.builder()\n .serviceId(\"custom-srv-windows-slos\")\n .displayName(\"My Custom Service\")\n .build());\n\n var windowsBased = new Slo(\"windowsBased\", SloArgs.builder()\n .service(customsrv.serviceId())\n .displayName(\"Test SLO with window based SLI\")\n .goal(0.9)\n .rollingPeriodDays(20)\n .windowsBasedSli(SloWindowsBasedSliArgs.builder()\n .windowPeriod(\"600s\")\n .metricMeanInRange(SloWindowsBasedSliMetricMeanInRangeArgs.builder()\n .timeSeries(StdFunctions.join(JoinArgs.builder()\n .separator(\" AND \")\n .input( \n \"metric.type=\\\"agent.googleapis.com/cassandra/client_request/latency/95p\\\"\",\n \"resource.type=\\\"gce_instance\\\"\")\n .build()).result())\n .range(SloWindowsBasedSliMetricMeanInRangeRangeArgs.builder()\n .max(5)\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n customsrv:\n type: gcp:monitoring:CustomService\n properties:\n serviceId: custom-srv-windows-slos\n displayName: My Custom Service\n windowsBased:\n type: gcp:monitoring:Slo\n name: windows_based\n properties:\n service: ${customsrv.serviceId}\n displayName: Test SLO with window based SLI\n goal: 0.9\n rollingPeriodDays: 20\n windowsBasedSli:\n windowPeriod: 600s\n metricMeanInRange:\n timeSeries:\n fn::invoke:\n function: std:join\n arguments:\n separator: ' AND '\n input:\n - metric.type=\"agent.googleapis.com/cassandra/client_request/latency/95p\"\n - resource.type=\"gce_instance\"\n return: result\n range:\n max: 5\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Monitoring Slo Windows Based Metric Sum\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst customsrv = new gcp.monitoring.CustomService(\"customsrv\", {\n serviceId: \"custom-srv-windows-slos\",\n displayName: \"My Custom Service\",\n});\nconst windowsBased = new gcp.monitoring.Slo(\"windows_based\", {\n service: customsrv.serviceId,\n displayName: \"Test SLO with window based SLI\",\n goal: 0.9,\n rollingPeriodDays: 20,\n windowsBasedSli: {\n windowPeriod: \"400s\",\n metricSumInRange: {\n timeSeries: std.join({\n separator: \" AND \",\n input: [\n \"metric.type=\\\"monitoring.googleapis.com/uptime_check/request_latency\\\"\",\n \"resource.type=\\\"uptime_url\\\"\",\n ],\n }).then(invoke =\u003e invoke.result),\n range: {\n max: 5000,\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ncustomsrv = gcp.monitoring.CustomService(\"customsrv\",\n service_id=\"custom-srv-windows-slos\",\n display_name=\"My Custom Service\")\nwindows_based = gcp.monitoring.Slo(\"windows_based\",\n service=customsrv.service_id,\n display_name=\"Test SLO with window based SLI\",\n goal=0.9,\n rolling_period_days=20,\n windows_based_sli={\n \"window_period\": \"400s\",\n \"metric_sum_in_range\": {\n \"time_series\": std.join(separator=\" AND \",\n input=[\n \"metric.type=\\\"monitoring.googleapis.com/uptime_check/request_latency\\\"\",\n \"resource.type=\\\"uptime_url\\\"\",\n ]).result,\n \"range\": {\n \"max\": 5000,\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var customsrv = new Gcp.Monitoring.CustomService(\"customsrv\", new()\n {\n ServiceId = \"custom-srv-windows-slos\",\n DisplayName = \"My Custom Service\",\n });\n\n var windowsBased = new Gcp.Monitoring.Slo(\"windows_based\", new()\n {\n Service = customsrv.ServiceId,\n DisplayName = \"Test SLO with window based SLI\",\n Goal = 0.9,\n RollingPeriodDays = 20,\n WindowsBasedSli = new Gcp.Monitoring.Inputs.SloWindowsBasedSliArgs\n {\n WindowPeriod = \"400s\",\n MetricSumInRange = new Gcp.Monitoring.Inputs.SloWindowsBasedSliMetricSumInRangeArgs\n {\n TimeSeries = Std.Join.Invoke(new()\n {\n Separator = \" AND \",\n Input = new[]\n {\n \"metric.type=\\\"monitoring.googleapis.com/uptime_check/request_latency\\\"\",\n \"resource.type=\\\"uptime_url\\\"\",\n },\n }).Apply(invoke =\u003e invoke.Result),\n Range = new Gcp.Monitoring.Inputs.SloWindowsBasedSliMetricSumInRangeRangeArgs\n {\n Max = 5000,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/monitoring\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcustomsrv, err := monitoring.NewCustomService(ctx, \"customsrv\", \u0026monitoring.CustomServiceArgs{\n\t\t\tServiceId: pulumi.String(\"custom-srv-windows-slos\"),\n\t\t\tDisplayName: pulumi.String(\"My Custom Service\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeJoin, err := std.Join(ctx, \u0026std.JoinArgs{\n\t\t\tSeparator: \" AND \",\n\t\t\tInput: []string{\n\t\t\t\t\"metric.type=\\\"monitoring.googleapis.com/uptime_check/request_latency\\\"\",\n\t\t\t\t\"resource.type=\\\"uptime_url\\\"\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = monitoring.NewSlo(ctx, \"windows_based\", \u0026monitoring.SloArgs{\n\t\t\tService: customsrv.ServiceId,\n\t\t\tDisplayName: pulumi.String(\"Test SLO with window based SLI\"),\n\t\t\tGoal: pulumi.Float64(0.9),\n\t\t\tRollingPeriodDays: pulumi.Int(20),\n\t\t\tWindowsBasedSli: \u0026monitoring.SloWindowsBasedSliArgs{\n\t\t\t\tWindowPeriod: pulumi.String(\"400s\"),\n\t\t\t\tMetricSumInRange: \u0026monitoring.SloWindowsBasedSliMetricSumInRangeArgs{\n\t\t\t\t\tTimeSeries: pulumi.String(invokeJoin.Result),\n\t\t\t\t\tRange: \u0026monitoring.SloWindowsBasedSliMetricSumInRangeRangeArgs{\n\t\t\t\t\t\tMax: pulumi.Float64(5000),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.monitoring.CustomService;\nimport com.pulumi.gcp.monitoring.CustomServiceArgs;\nimport com.pulumi.gcp.monitoring.Slo;\nimport com.pulumi.gcp.monitoring.SloArgs;\nimport com.pulumi.gcp.monitoring.inputs.SloWindowsBasedSliArgs;\nimport com.pulumi.gcp.monitoring.inputs.SloWindowsBasedSliMetricSumInRangeArgs;\nimport com.pulumi.gcp.monitoring.inputs.SloWindowsBasedSliMetricSumInRangeRangeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var customsrv = new CustomService(\"customsrv\", CustomServiceArgs.builder()\n .serviceId(\"custom-srv-windows-slos\")\n .displayName(\"My Custom Service\")\n .build());\n\n var windowsBased = new Slo(\"windowsBased\", SloArgs.builder()\n .service(customsrv.serviceId())\n .displayName(\"Test SLO with window based SLI\")\n .goal(0.9)\n .rollingPeriodDays(20)\n .windowsBasedSli(SloWindowsBasedSliArgs.builder()\n .windowPeriod(\"400s\")\n .metricSumInRange(SloWindowsBasedSliMetricSumInRangeArgs.builder()\n .timeSeries(StdFunctions.join(JoinArgs.builder()\n .separator(\" AND \")\n .input( \n \"metric.type=\\\"monitoring.googleapis.com/uptime_check/request_latency\\\"\",\n \"resource.type=\\\"uptime_url\\\"\")\n .build()).result())\n .range(SloWindowsBasedSliMetricSumInRangeRangeArgs.builder()\n .max(5000)\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n customsrv:\n type: gcp:monitoring:CustomService\n properties:\n serviceId: custom-srv-windows-slos\n displayName: My Custom Service\n windowsBased:\n type: gcp:monitoring:Slo\n name: windows_based\n properties:\n service: ${customsrv.serviceId}\n displayName: Test SLO with window based SLI\n goal: 0.9\n rollingPeriodDays: 20\n windowsBasedSli:\n windowPeriod: 400s\n metricSumInRange:\n timeSeries:\n fn::invoke:\n function: std:join\n arguments:\n separator: ' AND '\n input:\n - metric.type=\"monitoring.googleapis.com/uptime_check/request_latency\"\n - resource.type=\"uptime_url\"\n return: result\n range:\n max: 5000\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Monitoring Slo Windows Based Ratio Threshold\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst customsrv = new gcp.monitoring.CustomService(\"customsrv\", {\n serviceId: \"custom-srv-windows-slos\",\n displayName: \"My Custom Service\",\n});\nconst windowsBased = new gcp.monitoring.Slo(\"windows_based\", {\n service: customsrv.serviceId,\n displayName: \"Test SLO with window based SLI\",\n goal: 0.9,\n rollingPeriodDays: 20,\n windowsBasedSli: {\n windowPeriod: \"100s\",\n goodTotalRatioThreshold: {\n threshold: 0.1,\n performance: {\n distributionCut: {\n distributionFilter: std.join({\n separator: \" AND \",\n input: [\n \"metric.type=\\\"serviceruntime.googleapis.com/api/request_latencies\\\"\",\n \"resource.type=\\\"consumed_api\\\"\",\n ],\n }).then(invoke =\u003e invoke.result),\n range: {\n min: 1,\n max: 9,\n },\n },\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ncustomsrv = gcp.monitoring.CustomService(\"customsrv\",\n service_id=\"custom-srv-windows-slos\",\n display_name=\"My Custom Service\")\nwindows_based = gcp.monitoring.Slo(\"windows_based\",\n service=customsrv.service_id,\n display_name=\"Test SLO with window based SLI\",\n goal=0.9,\n rolling_period_days=20,\n windows_based_sli={\n \"window_period\": \"100s\",\n \"good_total_ratio_threshold\": {\n \"threshold\": 0.1,\n \"performance\": {\n \"distribution_cut\": {\n \"distribution_filter\": std.join(separator=\" AND \",\n input=[\n \"metric.type=\\\"serviceruntime.googleapis.com/api/request_latencies\\\"\",\n \"resource.type=\\\"consumed_api\\\"\",\n ]).result,\n \"range\": {\n \"min\": 1,\n \"max\": 9,\n },\n },\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var customsrv = new Gcp.Monitoring.CustomService(\"customsrv\", new()\n {\n ServiceId = \"custom-srv-windows-slos\",\n DisplayName = \"My Custom Service\",\n });\n\n var windowsBased = new Gcp.Monitoring.Slo(\"windows_based\", new()\n {\n Service = customsrv.ServiceId,\n DisplayName = \"Test SLO with window based SLI\",\n Goal = 0.9,\n RollingPeriodDays = 20,\n WindowsBasedSli = new Gcp.Monitoring.Inputs.SloWindowsBasedSliArgs\n {\n WindowPeriod = \"100s\",\n GoodTotalRatioThreshold = new Gcp.Monitoring.Inputs.SloWindowsBasedSliGoodTotalRatioThresholdArgs\n {\n Threshold = 0.1,\n Performance = new Gcp.Monitoring.Inputs.SloWindowsBasedSliGoodTotalRatioThresholdPerformanceArgs\n {\n DistributionCut = new Gcp.Monitoring.Inputs.SloWindowsBasedSliGoodTotalRatioThresholdPerformanceDistributionCutArgs\n {\n DistributionFilter = Std.Join.Invoke(new()\n {\n Separator = \" AND \",\n Input = new[]\n {\n \"metric.type=\\\"serviceruntime.googleapis.com/api/request_latencies\\\"\",\n \"resource.type=\\\"consumed_api\\\"\",\n },\n }).Apply(invoke =\u003e invoke.Result),\n Range = new Gcp.Monitoring.Inputs.SloWindowsBasedSliGoodTotalRatioThresholdPerformanceDistributionCutRangeArgs\n {\n Min = 1,\n Max = 9,\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/monitoring\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcustomsrv, err := monitoring.NewCustomService(ctx, \"customsrv\", \u0026monitoring.CustomServiceArgs{\n\t\t\tServiceId: pulumi.String(\"custom-srv-windows-slos\"),\n\t\t\tDisplayName: pulumi.String(\"My Custom Service\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeJoin, err := std.Join(ctx, \u0026std.JoinArgs{\n\t\t\tSeparator: \" AND \",\n\t\t\tInput: []string{\n\t\t\t\t\"metric.type=\\\"serviceruntime.googleapis.com/api/request_latencies\\\"\",\n\t\t\t\t\"resource.type=\\\"consumed_api\\\"\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = monitoring.NewSlo(ctx, \"windows_based\", \u0026monitoring.SloArgs{\n\t\t\tService: customsrv.ServiceId,\n\t\t\tDisplayName: pulumi.String(\"Test SLO with window based SLI\"),\n\t\t\tGoal: pulumi.Float64(0.9),\n\t\t\tRollingPeriodDays: pulumi.Int(20),\n\t\t\tWindowsBasedSli: \u0026monitoring.SloWindowsBasedSliArgs{\n\t\t\t\tWindowPeriod: pulumi.String(\"100s\"),\n\t\t\t\tGoodTotalRatioThreshold: \u0026monitoring.SloWindowsBasedSliGoodTotalRatioThresholdArgs{\n\t\t\t\t\tThreshold: pulumi.Float64(0.1),\n\t\t\t\t\tPerformance: \u0026monitoring.SloWindowsBasedSliGoodTotalRatioThresholdPerformanceArgs{\n\t\t\t\t\t\tDistributionCut: \u0026monitoring.SloWindowsBasedSliGoodTotalRatioThresholdPerformanceDistributionCutArgs{\n\t\t\t\t\t\t\tDistributionFilter: pulumi.String(invokeJoin.Result),\n\t\t\t\t\t\t\tRange: \u0026monitoring.SloWindowsBasedSliGoodTotalRatioThresholdPerformanceDistributionCutRangeArgs{\n\t\t\t\t\t\t\t\tMin: pulumi.Float64(1),\n\t\t\t\t\t\t\t\tMax: pulumi.Float64(9),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.monitoring.CustomService;\nimport com.pulumi.gcp.monitoring.CustomServiceArgs;\nimport com.pulumi.gcp.monitoring.Slo;\nimport com.pulumi.gcp.monitoring.SloArgs;\nimport com.pulumi.gcp.monitoring.inputs.SloWindowsBasedSliArgs;\nimport com.pulumi.gcp.monitoring.inputs.SloWindowsBasedSliGoodTotalRatioThresholdArgs;\nimport com.pulumi.gcp.monitoring.inputs.SloWindowsBasedSliGoodTotalRatioThresholdPerformanceArgs;\nimport com.pulumi.gcp.monitoring.inputs.SloWindowsBasedSliGoodTotalRatioThresholdPerformanceDistributionCutArgs;\nimport com.pulumi.gcp.monitoring.inputs.SloWindowsBasedSliGoodTotalRatioThresholdPerformanceDistributionCutRangeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var customsrv = new CustomService(\"customsrv\", CustomServiceArgs.builder()\n .serviceId(\"custom-srv-windows-slos\")\n .displayName(\"My Custom Service\")\n .build());\n\n var windowsBased = new Slo(\"windowsBased\", SloArgs.builder()\n .service(customsrv.serviceId())\n .displayName(\"Test SLO with window based SLI\")\n .goal(0.9)\n .rollingPeriodDays(20)\n .windowsBasedSli(SloWindowsBasedSliArgs.builder()\n .windowPeriod(\"100s\")\n .goodTotalRatioThreshold(SloWindowsBasedSliGoodTotalRatioThresholdArgs.builder()\n .threshold(0.1)\n .performance(SloWindowsBasedSliGoodTotalRatioThresholdPerformanceArgs.builder()\n .distributionCut(SloWindowsBasedSliGoodTotalRatioThresholdPerformanceDistributionCutArgs.builder()\n .distributionFilter(StdFunctions.join(JoinArgs.builder()\n .separator(\" AND \")\n .input( \n \"metric.type=\\\"serviceruntime.googleapis.com/api/request_latencies\\\"\",\n \"resource.type=\\\"consumed_api\\\"\")\n .build()).result())\n .range(SloWindowsBasedSliGoodTotalRatioThresholdPerformanceDistributionCutRangeArgs.builder()\n .min(1)\n .max(9)\n .build())\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n customsrv:\n type: gcp:monitoring:CustomService\n properties:\n serviceId: custom-srv-windows-slos\n displayName: My Custom Service\n windowsBased:\n type: gcp:monitoring:Slo\n name: windows_based\n properties:\n service: ${customsrv.serviceId}\n displayName: Test SLO with window based SLI\n goal: 0.9\n rollingPeriodDays: 20\n windowsBasedSli:\n windowPeriod: 100s\n goodTotalRatioThreshold:\n threshold: 0.1\n performance:\n distributionCut:\n distributionFilter:\n fn::invoke:\n function: std:join\n arguments:\n separator: ' AND '\n input:\n - metric.type=\"serviceruntime.googleapis.com/api/request_latencies\"\n - resource.type=\"consumed_api\"\n return: result\n range:\n min: 1\n max: 9\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nSlo can be imported using any of these accepted formats:\n\n* `{{project}}/{{name}}`\n\n* `{{project}} {{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Slo can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:monitoring/slo:Slo default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:monitoring/slo:Slo default \"{{project}} {{name}}\"\n```\n\n```sh\n$ pulumi import gcp:monitoring/slo:Slo default {{name}}\n```\n\n", "properties": { "basicSli": { "$ref": "#/types/gcp:monitoring/SloBasicSli:SloBasicSli", @@ -237635,7 +237635,7 @@ } }, "gcp:netapp/backup:Backup": { - "description": "NetApp Volumes supports volume backups, which are copies of your volumes\nstored independently from the volume. Backups are stored in backup vaults,\nwhich are containers for backups. If a volume is lost or deleted, you can\nuse backups to restore your data to a new volume.\n\nWhen you create the first backup of a volume, all of the volume's used\ndata is sent to the backup vault. Subsequent backups of the same volume\nonly include data that has changed from the previous backup. This allows\nfor fast incremental-forever backups and reduces the required capacity\ninside the backup vault.\n\nYou can create manual and scheduled backups. Manual backups can be taken\nfrom a volume or from an existing volume snapshot. Scheduled backups\nrequire a backup policy.\n\n\nTo get more information about Backup, see:\n\n* [API documentation](https://cloud.google.com/netapp/volumes/docs/reference/rest/v1/projects.locations.backupVaults.backups)\n* How-to Guides\n * [Documentation](https://cloud.google.com/netapp/volumes/docs/protect-data/about-volume-backups)\n\n## Example Usage\n\n### Netapp Backup\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getNetwork({\n name: \"\",\n});\nconst defaultStoragePool = new gcp.netapp.StoragePool(\"default\", {\n name: \"backup-pool\",\n location: \"us-central1\",\n serviceLevel: \"PREMIUM\",\n capacityGib: \"2048\",\n network: _default.then(_default =\u003e _default.id),\n});\nconst defaultBackupVault = new gcp.netapp.BackupVault(\"default\", {\n name: \"backup-vault\",\n location: defaultStoragePool.location,\n});\nconst defaultVolume = new gcp.netapp.Volume(\"default\", {\n name: \"backup-volume\",\n location: defaultStoragePool.location,\n capacityGib: \"100\",\n shareName: \"backup-volume\",\n storagePool: defaultStoragePool.name,\n protocols: [\"NFSV3\"],\n deletionPolicy: \"FORCE\",\n backupConfig: {\n backupVault: defaultBackupVault.id,\n },\n});\nconst testBackup = new gcp.netapp.Backup(\"test_backup\", {\n name: \"test-backup\",\n location: defaultBackupVault.location,\n vaultName: defaultBackupVault.name,\n sourceVolume: defaultVolume.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_network(name=\"\")\ndefault_storage_pool = gcp.netapp.StoragePool(\"default\",\n name=\"backup-pool\",\n location=\"us-central1\",\n service_level=\"PREMIUM\",\n capacity_gib=\"2048\",\n network=default.id)\ndefault_backup_vault = gcp.netapp.BackupVault(\"default\",\n name=\"backup-vault\",\n location=default_storage_pool.location)\ndefault_volume = gcp.netapp.Volume(\"default\",\n name=\"backup-volume\",\n location=default_storage_pool.location,\n capacity_gib=\"100\",\n share_name=\"backup-volume\",\n storage_pool=default_storage_pool.name,\n protocols=[\"NFSV3\"],\n deletion_policy=\"FORCE\",\n backup_config={\n \"backup_vault\": default_backup_vault.id,\n })\ntest_backup = gcp.netapp.Backup(\"test_backup\",\n name=\"test-backup\",\n location=default_backup_vault.location,\n vault_name=default_backup_vault.name,\n source_volume=default_volume.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"\",\n });\n\n var defaultStoragePool = new Gcp.Netapp.StoragePool(\"default\", new()\n {\n Name = \"backup-pool\",\n Location = \"us-central1\",\n ServiceLevel = \"PREMIUM\",\n CapacityGib = \"2048\",\n Network = @default.Apply(@default =\u003e @default.Apply(getNetworkResult =\u003e getNetworkResult.Id)),\n });\n\n var defaultBackupVault = new Gcp.Netapp.BackupVault(\"default\", new()\n {\n Name = \"backup-vault\",\n Location = defaultStoragePool.Location,\n });\n\n var defaultVolume = new Gcp.Netapp.Volume(\"default\", new()\n {\n Name = \"backup-volume\",\n Location = defaultStoragePool.Location,\n CapacityGib = \"100\",\n ShareName = \"backup-volume\",\n StoragePool = defaultStoragePool.Name,\n Protocols = new[]\n {\n \"NFSV3\",\n },\n DeletionPolicy = \"FORCE\",\n BackupConfig = new Gcp.Netapp.Inputs.VolumeBackupConfigArgs\n {\n BackupVault = defaultBackupVault.Id,\n },\n });\n\n var testBackup = new Gcp.Netapp.Backup(\"test_backup\", new()\n {\n Name = \"test-backup\",\n Location = defaultBackupVault.Location,\n VaultName = defaultBackupVault.Name,\n SourceVolume = defaultVolume.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/netapp\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultStoragePool, err := netapp.NewStoragePool(ctx, \"default\", \u0026netapp.StoragePoolArgs{\n\t\t\tName: pulumi.String(\"backup-pool\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tServiceLevel: pulumi.String(\"PREMIUM\"),\n\t\t\tCapacityGib: pulumi.String(\"2048\"),\n\t\t\tNetwork: pulumi.String(_default.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultBackupVault, err := netapp.NewBackupVault(ctx, \"default\", \u0026netapp.BackupVaultArgs{\n\t\t\tName: pulumi.String(\"backup-vault\"),\n\t\t\tLocation: defaultStoragePool.Location,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultVolume, err := netapp.NewVolume(ctx, \"default\", \u0026netapp.VolumeArgs{\n\t\t\tName: pulumi.String(\"backup-volume\"),\n\t\t\tLocation: defaultStoragePool.Location,\n\t\t\tCapacityGib: pulumi.String(\"100\"),\n\t\t\tShareName: pulumi.String(\"backup-volume\"),\n\t\t\tStoragePool: defaultStoragePool.Name,\n\t\t\tProtocols: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"NFSV3\"),\n\t\t\t},\n\t\t\tDeletionPolicy: pulumi.String(\"FORCE\"),\n\t\t\tBackupConfig: \u0026netapp.VolumeBackupConfigArgs{\n\t\t\t\tBackupVault: defaultBackupVault.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = netapp.NewBackup(ctx, \"test_backup\", \u0026netapp.BackupArgs{\n\t\t\tName: pulumi.String(\"test-backup\"),\n\t\t\tLocation: defaultBackupVault.Location,\n\t\t\tVaultName: defaultBackupVault.Name,\n\t\t\tSourceVolume: defaultVolume.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport com.pulumi.gcp.netapp.StoragePool;\nimport com.pulumi.gcp.netapp.StoragePoolArgs;\nimport com.pulumi.gcp.netapp.BackupVault;\nimport com.pulumi.gcp.netapp.BackupVaultArgs;\nimport com.pulumi.gcp.netapp.Volume;\nimport com.pulumi.gcp.netapp.VolumeArgs;\nimport com.pulumi.gcp.netapp.inputs.VolumeBackupConfigArgs;\nimport com.pulumi.gcp.netapp.Backup;\nimport com.pulumi.gcp.netapp.BackupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"\")\n .build());\n\n var defaultStoragePool = new StoragePool(\"defaultStoragePool\", StoragePoolArgs.builder()\n .name(\"backup-pool\")\n .location(\"us-central1\")\n .serviceLevel(\"PREMIUM\")\n .capacityGib(\"2048\")\n .network(default_.id())\n .build());\n\n var defaultBackupVault = new BackupVault(\"defaultBackupVault\", BackupVaultArgs.builder()\n .name(\"backup-vault\")\n .location(defaultStoragePool.location())\n .build());\n\n var defaultVolume = new Volume(\"defaultVolume\", VolumeArgs.builder()\n .name(\"backup-volume\")\n .location(defaultStoragePool.location())\n .capacityGib(\"100\")\n .shareName(\"backup-volume\")\n .storagePool(defaultStoragePool.name())\n .protocols(\"NFSV3\")\n .deletionPolicy(\"FORCE\")\n .backupConfig(VolumeBackupConfigArgs.builder()\n .backupVault(defaultBackupVault.id())\n .build())\n .build());\n\n var testBackup = new Backup(\"testBackup\", BackupArgs.builder()\n .name(\"test-backup\")\n .location(defaultBackupVault.location())\n .vaultName(defaultBackupVault.name())\n .sourceVolume(defaultVolume.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n defaultStoragePool:\n type: gcp:netapp:StoragePool\n name: default\n properties:\n name: backup-pool\n location: us-central1\n serviceLevel: PREMIUM\n capacityGib: '2048'\n network: ${default.id}\n defaultVolume:\n type: gcp:netapp:Volume\n name: default\n properties:\n name: backup-volume\n location: ${defaultStoragePool.location}\n capacityGib: '100'\n shareName: backup-volume\n storagePool: ${defaultStoragePool.name}\n protocols:\n - NFSV3\n deletionPolicy: FORCE\n backupConfig:\n backupVault: ${defaultBackupVault.id}\n defaultBackupVault:\n type: gcp:netapp:BackupVault\n name: default\n properties:\n name: backup-vault\n location: ${defaultStoragePool.location}\n testBackup:\n type: gcp:netapp:Backup\n name: test_backup\n properties:\n name: test-backup\n location: ${defaultBackupVault.location}\n vaultName: ${defaultBackupVault.name}\n sourceVolume: ${defaultVolume.id}\nvariables:\n default:\n fn::invoke:\n Function: gcp:compute:getNetwork\n Arguments:\n name:\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nBackup can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/backupVaults/{{vault_name}}/backups/{{name}}`\n\n* `{{project}}/{{location}}/{{vault_name}}/{{name}}`\n\n* `{{location}}/{{vault_name}}/{{name}}`\n\nWhen using the `pulumi import` command, Backup can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:netapp/backup:Backup default projects/{{project}}/locations/{{location}}/backupVaults/{{vault_name}}/backups/{{name}}\n```\n\n```sh\n$ pulumi import gcp:netapp/backup:Backup default {{project}}/{{location}}/{{vault_name}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:netapp/backup:Backup default {{location}}/{{vault_name}}/{{name}}\n```\n\n", + "description": "NetApp Volumes supports volume backups, which are copies of your volumes\nstored independently from the volume. Backups are stored in backup vaults,\nwhich are containers for backups. If a volume is lost or deleted, you can\nuse backups to restore your data to a new volume.\n\nWhen you create the first backup of a volume, all of the volume's used\ndata is sent to the backup vault. Subsequent backups of the same volume\nonly include data that has changed from the previous backup. This allows\nfor fast incremental-forever backups and reduces the required capacity\ninside the backup vault.\n\nYou can create manual and scheduled backups. Manual backups can be taken\nfrom a volume or from an existing volume snapshot. Scheduled backups\nrequire a backup policy.\n\n\nTo get more information about Backup, see:\n\n* [API documentation](https://cloud.google.com/netapp/volumes/docs/reference/rest/v1/projects.locations.backupVaults.backups)\n* How-to Guides\n * [Documentation](https://cloud.google.com/netapp/volumes/docs/protect-data/about-volume-backups)\n\n## Example Usage\n\n### Netapp Backup\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getNetwork({\n name: \"\",\n});\nconst defaultStoragePool = new gcp.netapp.StoragePool(\"default\", {\n name: \"backup-pool\",\n location: \"us-central1\",\n serviceLevel: \"PREMIUM\",\n capacityGib: \"2048\",\n network: _default.then(_default =\u003e _default.id),\n});\nconst defaultBackupVault = new gcp.netapp.BackupVault(\"default\", {\n name: \"backup-vault\",\n location: defaultStoragePool.location,\n});\nconst defaultVolume = new gcp.netapp.Volume(\"default\", {\n name: \"backup-volume\",\n location: defaultStoragePool.location,\n capacityGib: \"100\",\n shareName: \"backup-volume\",\n storagePool: defaultStoragePool.name,\n protocols: [\"NFSV3\"],\n deletionPolicy: \"FORCE\",\n backupConfig: {\n backupVault: defaultBackupVault.id,\n },\n});\nconst testBackup = new gcp.netapp.Backup(\"test_backup\", {\n name: \"test-backup\",\n location: defaultBackupVault.location,\n vaultName: defaultBackupVault.name,\n sourceVolume: defaultVolume.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_network(name=\"\")\ndefault_storage_pool = gcp.netapp.StoragePool(\"default\",\n name=\"backup-pool\",\n location=\"us-central1\",\n service_level=\"PREMIUM\",\n capacity_gib=\"2048\",\n network=default.id)\ndefault_backup_vault = gcp.netapp.BackupVault(\"default\",\n name=\"backup-vault\",\n location=default_storage_pool.location)\ndefault_volume = gcp.netapp.Volume(\"default\",\n name=\"backup-volume\",\n location=default_storage_pool.location,\n capacity_gib=\"100\",\n share_name=\"backup-volume\",\n storage_pool=default_storage_pool.name,\n protocols=[\"NFSV3\"],\n deletion_policy=\"FORCE\",\n backup_config={\n \"backup_vault\": default_backup_vault.id,\n })\ntest_backup = gcp.netapp.Backup(\"test_backup\",\n name=\"test-backup\",\n location=default_backup_vault.location,\n vault_name=default_backup_vault.name,\n source_volume=default_volume.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"\",\n });\n\n var defaultStoragePool = new Gcp.Netapp.StoragePool(\"default\", new()\n {\n Name = \"backup-pool\",\n Location = \"us-central1\",\n ServiceLevel = \"PREMIUM\",\n CapacityGib = \"2048\",\n Network = @default.Apply(@default =\u003e @default.Apply(getNetworkResult =\u003e getNetworkResult.Id)),\n });\n\n var defaultBackupVault = new Gcp.Netapp.BackupVault(\"default\", new()\n {\n Name = \"backup-vault\",\n Location = defaultStoragePool.Location,\n });\n\n var defaultVolume = new Gcp.Netapp.Volume(\"default\", new()\n {\n Name = \"backup-volume\",\n Location = defaultStoragePool.Location,\n CapacityGib = \"100\",\n ShareName = \"backup-volume\",\n StoragePool = defaultStoragePool.Name,\n Protocols = new[]\n {\n \"NFSV3\",\n },\n DeletionPolicy = \"FORCE\",\n BackupConfig = new Gcp.Netapp.Inputs.VolumeBackupConfigArgs\n {\n BackupVault = defaultBackupVault.Id,\n },\n });\n\n var testBackup = new Gcp.Netapp.Backup(\"test_backup\", new()\n {\n Name = \"test-backup\",\n Location = defaultBackupVault.Location,\n VaultName = defaultBackupVault.Name,\n SourceVolume = defaultVolume.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/netapp\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultStoragePool, err := netapp.NewStoragePool(ctx, \"default\", \u0026netapp.StoragePoolArgs{\n\t\t\tName: pulumi.String(\"backup-pool\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tServiceLevel: pulumi.String(\"PREMIUM\"),\n\t\t\tCapacityGib: pulumi.String(\"2048\"),\n\t\t\tNetwork: pulumi.String(_default.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultBackupVault, err := netapp.NewBackupVault(ctx, \"default\", \u0026netapp.BackupVaultArgs{\n\t\t\tName: pulumi.String(\"backup-vault\"),\n\t\t\tLocation: defaultStoragePool.Location,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultVolume, err := netapp.NewVolume(ctx, \"default\", \u0026netapp.VolumeArgs{\n\t\t\tName: pulumi.String(\"backup-volume\"),\n\t\t\tLocation: defaultStoragePool.Location,\n\t\t\tCapacityGib: pulumi.String(\"100\"),\n\t\t\tShareName: pulumi.String(\"backup-volume\"),\n\t\t\tStoragePool: defaultStoragePool.Name,\n\t\t\tProtocols: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"NFSV3\"),\n\t\t\t},\n\t\t\tDeletionPolicy: pulumi.String(\"FORCE\"),\n\t\t\tBackupConfig: \u0026netapp.VolumeBackupConfigArgs{\n\t\t\t\tBackupVault: defaultBackupVault.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = netapp.NewBackup(ctx, \"test_backup\", \u0026netapp.BackupArgs{\n\t\t\tName: pulumi.String(\"test-backup\"),\n\t\t\tLocation: defaultBackupVault.Location,\n\t\t\tVaultName: defaultBackupVault.Name,\n\t\t\tSourceVolume: defaultVolume.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport com.pulumi.gcp.netapp.StoragePool;\nimport com.pulumi.gcp.netapp.StoragePoolArgs;\nimport com.pulumi.gcp.netapp.BackupVault;\nimport com.pulumi.gcp.netapp.BackupVaultArgs;\nimport com.pulumi.gcp.netapp.Volume;\nimport com.pulumi.gcp.netapp.VolumeArgs;\nimport com.pulumi.gcp.netapp.inputs.VolumeBackupConfigArgs;\nimport com.pulumi.gcp.netapp.Backup;\nimport com.pulumi.gcp.netapp.BackupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"\")\n .build());\n\n var defaultStoragePool = new StoragePool(\"defaultStoragePool\", StoragePoolArgs.builder()\n .name(\"backup-pool\")\n .location(\"us-central1\")\n .serviceLevel(\"PREMIUM\")\n .capacityGib(\"2048\")\n .network(default_.id())\n .build());\n\n var defaultBackupVault = new BackupVault(\"defaultBackupVault\", BackupVaultArgs.builder()\n .name(\"backup-vault\")\n .location(defaultStoragePool.location())\n .build());\n\n var defaultVolume = new Volume(\"defaultVolume\", VolumeArgs.builder()\n .name(\"backup-volume\")\n .location(defaultStoragePool.location())\n .capacityGib(\"100\")\n .shareName(\"backup-volume\")\n .storagePool(defaultStoragePool.name())\n .protocols(\"NFSV3\")\n .deletionPolicy(\"FORCE\")\n .backupConfig(VolumeBackupConfigArgs.builder()\n .backupVault(defaultBackupVault.id())\n .build())\n .build());\n\n var testBackup = new Backup(\"testBackup\", BackupArgs.builder()\n .name(\"test-backup\")\n .location(defaultBackupVault.location())\n .vaultName(defaultBackupVault.name())\n .sourceVolume(defaultVolume.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n defaultStoragePool:\n type: gcp:netapp:StoragePool\n name: default\n properties:\n name: backup-pool\n location: us-central1\n serviceLevel: PREMIUM\n capacityGib: '2048'\n network: ${default.id}\n defaultVolume:\n type: gcp:netapp:Volume\n name: default\n properties:\n name: backup-volume\n location: ${defaultStoragePool.location}\n capacityGib: '100'\n shareName: backup-volume\n storagePool: ${defaultStoragePool.name}\n protocols:\n - NFSV3\n deletionPolicy: FORCE\n backupConfig:\n backupVault: ${defaultBackupVault.id}\n defaultBackupVault:\n type: gcp:netapp:BackupVault\n name: default\n properties:\n name: backup-vault\n location: ${defaultStoragePool.location}\n testBackup:\n type: gcp:netapp:Backup\n name: test_backup\n properties:\n name: test-backup\n location: ${defaultBackupVault.location}\n vaultName: ${defaultBackupVault.name}\n sourceVolume: ${defaultVolume.id}\nvariables:\n default:\n fn::invoke:\n function: gcp:compute:getNetwork\n arguments:\n name: \"\"\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nBackup can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/backupVaults/{{vault_name}}/backups/{{name}}`\n\n* `{{project}}/{{location}}/{{vault_name}}/{{name}}`\n\n* `{{location}}/{{vault_name}}/{{name}}`\n\nWhen using the `pulumi import` command, Backup can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:netapp/backup:Backup default projects/{{project}}/locations/{{location}}/backupVaults/{{vault_name}}/backups/{{name}}\n```\n\n```sh\n$ pulumi import gcp:netapp/backup:Backup default {{project}}/{{location}}/{{vault_name}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:netapp/backup:Backup default {{location}}/{{vault_name}}/{{name}}\n```\n\n", "properties": { "backupType": { "type": "string", @@ -238654,7 +238654,7 @@ } }, "gcp:netapp/volume:Volume": { - "description": "A volume is a file system container in a storage pool that stores application, database, and user data.\n\nYou can create a volume's capacity using the available capacity in the storage pool and you can define and resize the capacity without disruption to any processes.\n\nStorage pool settings apply to the volumes contained within them automatically.\n\n\nTo get more information about Volume, see:\n\n* [API documentation](https://cloud.google.com/netapp/volumes/docs/reference/rest/v1/projects.locations.volumes)\n* How-to Guides\n * [Documentation](https://cloud.google.com/netapp/volumes/docs/configure-and-use/volumes/overview)\n * [Quickstart](https://cloud.google.com/netapp/volumes/docs/get-started/quickstarts/create-volume)\n\n## Example Usage\n\n### Netapp Volume Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getNetwork({\n name: \"test-network\",\n});\nconst defaultStoragePool = new gcp.netapp.StoragePool(\"default\", {\n name: \"test-pool\",\n location: \"us-west2\",\n serviceLevel: \"PREMIUM\",\n capacityGib: \"2048\",\n network: _default.then(_default =\u003e _default.id),\n});\nconst testVolume = new gcp.netapp.Volume(\"test_volume\", {\n location: \"us-west2\",\n name: \"test-volume\",\n capacityGib: \"100\",\n shareName: \"test-volume\",\n storagePool: defaultStoragePool.name,\n protocols: [\"NFSV3\"],\n deletionPolicy: \"DEFAULT\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_network(name=\"test-network\")\ndefault_storage_pool = gcp.netapp.StoragePool(\"default\",\n name=\"test-pool\",\n location=\"us-west2\",\n service_level=\"PREMIUM\",\n capacity_gib=\"2048\",\n network=default.id)\ntest_volume = gcp.netapp.Volume(\"test_volume\",\n location=\"us-west2\",\n name=\"test-volume\",\n capacity_gib=\"100\",\n share_name=\"test-volume\",\n storage_pool=default_storage_pool.name,\n protocols=[\"NFSV3\"],\n deletion_policy=\"DEFAULT\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"test-network\",\n });\n\n var defaultStoragePool = new Gcp.Netapp.StoragePool(\"default\", new()\n {\n Name = \"test-pool\",\n Location = \"us-west2\",\n ServiceLevel = \"PREMIUM\",\n CapacityGib = \"2048\",\n Network = @default.Apply(@default =\u003e @default.Apply(getNetworkResult =\u003e getNetworkResult.Id)),\n });\n\n var testVolume = new Gcp.Netapp.Volume(\"test_volume\", new()\n {\n Location = \"us-west2\",\n Name = \"test-volume\",\n CapacityGib = \"100\",\n ShareName = \"test-volume\",\n StoragePool = defaultStoragePool.Name,\n Protocols = new[]\n {\n \"NFSV3\",\n },\n DeletionPolicy = \"DEFAULT\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/netapp\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"test-network\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultStoragePool, err := netapp.NewStoragePool(ctx, \"default\", \u0026netapp.StoragePoolArgs{\n\t\t\tName: pulumi.String(\"test-pool\"),\n\t\t\tLocation: pulumi.String(\"us-west2\"),\n\t\t\tServiceLevel: pulumi.String(\"PREMIUM\"),\n\t\t\tCapacityGib: pulumi.String(\"2048\"),\n\t\t\tNetwork: pulumi.String(_default.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = netapp.NewVolume(ctx, \"test_volume\", \u0026netapp.VolumeArgs{\n\t\t\tLocation: pulumi.String(\"us-west2\"),\n\t\t\tName: pulumi.String(\"test-volume\"),\n\t\t\tCapacityGib: pulumi.String(\"100\"),\n\t\t\tShareName: pulumi.String(\"test-volume\"),\n\t\t\tStoragePool: defaultStoragePool.Name,\n\t\t\tProtocols: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"NFSV3\"),\n\t\t\t},\n\t\t\tDeletionPolicy: pulumi.String(\"DEFAULT\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport com.pulumi.gcp.netapp.StoragePool;\nimport com.pulumi.gcp.netapp.StoragePoolArgs;\nimport com.pulumi.gcp.netapp.Volume;\nimport com.pulumi.gcp.netapp.VolumeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"test-network\")\n .build());\n\n var defaultStoragePool = new StoragePool(\"defaultStoragePool\", StoragePoolArgs.builder()\n .name(\"test-pool\")\n .location(\"us-west2\")\n .serviceLevel(\"PREMIUM\")\n .capacityGib(\"2048\")\n .network(default_.id())\n .build());\n\n var testVolume = new Volume(\"testVolume\", VolumeArgs.builder()\n .location(\"us-west2\")\n .name(\"test-volume\")\n .capacityGib(\"100\")\n .shareName(\"test-volume\")\n .storagePool(defaultStoragePool.name())\n .protocols(\"NFSV3\")\n .deletionPolicy(\"DEFAULT\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n defaultStoragePool:\n type: gcp:netapp:StoragePool\n name: default\n properties:\n name: test-pool\n location: us-west2\n serviceLevel: PREMIUM\n capacityGib: '2048'\n network: ${default.id}\n testVolume:\n type: gcp:netapp:Volume\n name: test_volume\n properties:\n location: us-west2\n name: test-volume\n capacityGib: '100'\n shareName: test-volume\n storagePool: ${defaultStoragePool.name}\n protocols:\n - NFSV3\n deletionPolicy: DEFAULT\nvariables:\n default:\n fn::invoke:\n Function: gcp:compute:getNetwork\n Arguments:\n name: test-network\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nVolume can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/volumes/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Volume can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:netapp/volume:Volume default projects/{{project}}/locations/{{location}}/volumes/{{name}}\n```\n\n```sh\n$ pulumi import gcp:netapp/volume:Volume default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:netapp/volume:Volume default {{location}}/{{name}}\n```\n\n", + "description": "A volume is a file system container in a storage pool that stores application, database, and user data.\n\nYou can create a volume's capacity using the available capacity in the storage pool and you can define and resize the capacity without disruption to any processes.\n\nStorage pool settings apply to the volumes contained within them automatically.\n\n\nTo get more information about Volume, see:\n\n* [API documentation](https://cloud.google.com/netapp/volumes/docs/reference/rest/v1/projects.locations.volumes)\n* How-to Guides\n * [Documentation](https://cloud.google.com/netapp/volumes/docs/configure-and-use/volumes/overview)\n * [Quickstart](https://cloud.google.com/netapp/volumes/docs/get-started/quickstarts/create-volume)\n\n## Example Usage\n\n### Netapp Volume Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getNetwork({\n name: \"test-network\",\n});\nconst defaultStoragePool = new gcp.netapp.StoragePool(\"default\", {\n name: \"test-pool\",\n location: \"us-west2\",\n serviceLevel: \"PREMIUM\",\n capacityGib: \"2048\",\n network: _default.then(_default =\u003e _default.id),\n});\nconst testVolume = new gcp.netapp.Volume(\"test_volume\", {\n location: \"us-west2\",\n name: \"test-volume\",\n capacityGib: \"100\",\n shareName: \"test-volume\",\n storagePool: defaultStoragePool.name,\n protocols: [\"NFSV3\"],\n deletionPolicy: \"DEFAULT\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_network(name=\"test-network\")\ndefault_storage_pool = gcp.netapp.StoragePool(\"default\",\n name=\"test-pool\",\n location=\"us-west2\",\n service_level=\"PREMIUM\",\n capacity_gib=\"2048\",\n network=default.id)\ntest_volume = gcp.netapp.Volume(\"test_volume\",\n location=\"us-west2\",\n name=\"test-volume\",\n capacity_gib=\"100\",\n share_name=\"test-volume\",\n storage_pool=default_storage_pool.name,\n protocols=[\"NFSV3\"],\n deletion_policy=\"DEFAULT\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"test-network\",\n });\n\n var defaultStoragePool = new Gcp.Netapp.StoragePool(\"default\", new()\n {\n Name = \"test-pool\",\n Location = \"us-west2\",\n ServiceLevel = \"PREMIUM\",\n CapacityGib = \"2048\",\n Network = @default.Apply(@default =\u003e @default.Apply(getNetworkResult =\u003e getNetworkResult.Id)),\n });\n\n var testVolume = new Gcp.Netapp.Volume(\"test_volume\", new()\n {\n Location = \"us-west2\",\n Name = \"test-volume\",\n CapacityGib = \"100\",\n ShareName = \"test-volume\",\n StoragePool = defaultStoragePool.Name,\n Protocols = new[]\n {\n \"NFSV3\",\n },\n DeletionPolicy = \"DEFAULT\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/netapp\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"test-network\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultStoragePool, err := netapp.NewStoragePool(ctx, \"default\", \u0026netapp.StoragePoolArgs{\n\t\t\tName: pulumi.String(\"test-pool\"),\n\t\t\tLocation: pulumi.String(\"us-west2\"),\n\t\t\tServiceLevel: pulumi.String(\"PREMIUM\"),\n\t\t\tCapacityGib: pulumi.String(\"2048\"),\n\t\t\tNetwork: pulumi.String(_default.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = netapp.NewVolume(ctx, \"test_volume\", \u0026netapp.VolumeArgs{\n\t\t\tLocation: pulumi.String(\"us-west2\"),\n\t\t\tName: pulumi.String(\"test-volume\"),\n\t\t\tCapacityGib: pulumi.String(\"100\"),\n\t\t\tShareName: pulumi.String(\"test-volume\"),\n\t\t\tStoragePool: defaultStoragePool.Name,\n\t\t\tProtocols: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"NFSV3\"),\n\t\t\t},\n\t\t\tDeletionPolicy: pulumi.String(\"DEFAULT\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport com.pulumi.gcp.netapp.StoragePool;\nimport com.pulumi.gcp.netapp.StoragePoolArgs;\nimport com.pulumi.gcp.netapp.Volume;\nimport com.pulumi.gcp.netapp.VolumeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"test-network\")\n .build());\n\n var defaultStoragePool = new StoragePool(\"defaultStoragePool\", StoragePoolArgs.builder()\n .name(\"test-pool\")\n .location(\"us-west2\")\n .serviceLevel(\"PREMIUM\")\n .capacityGib(\"2048\")\n .network(default_.id())\n .build());\n\n var testVolume = new Volume(\"testVolume\", VolumeArgs.builder()\n .location(\"us-west2\")\n .name(\"test-volume\")\n .capacityGib(\"100\")\n .shareName(\"test-volume\")\n .storagePool(defaultStoragePool.name())\n .protocols(\"NFSV3\")\n .deletionPolicy(\"DEFAULT\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n defaultStoragePool:\n type: gcp:netapp:StoragePool\n name: default\n properties:\n name: test-pool\n location: us-west2\n serviceLevel: PREMIUM\n capacityGib: '2048'\n network: ${default.id}\n testVolume:\n type: gcp:netapp:Volume\n name: test_volume\n properties:\n location: us-west2\n name: test-volume\n capacityGib: '100'\n shareName: test-volume\n storagePool: ${defaultStoragePool.name}\n protocols:\n - NFSV3\n deletionPolicy: DEFAULT\nvariables:\n default:\n fn::invoke:\n function: gcp:compute:getNetwork\n arguments:\n name: test-network\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nVolume can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/volumes/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Volume can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:netapp/volume:Volume default projects/{{project}}/locations/{{location}}/volumes/{{name}}\n```\n\n```sh\n$ pulumi import gcp:netapp/volume:Volume default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:netapp/volume:Volume default {{location}}/{{name}}\n```\n\n", "properties": { "activeDirectory": { "type": "string", @@ -239198,7 +239198,7 @@ } }, "gcp:netapp/volumeReplication:VolumeReplication": { - "description": "## Example Usage\n\n### Netapp Volume Replication Create\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getNetwork({\n name: \"test-network\",\n});\nconst sourcePool = new gcp.netapp.StoragePool(\"source_pool\", {\n name: \"source-pool\",\n location: \"us-central1\",\n serviceLevel: \"PREMIUM\",\n capacityGib: \"2048\",\n network: _default.then(_default =\u003e _default.id),\n});\nconst destinationPool = new gcp.netapp.StoragePool(\"destination_pool\", {\n name: \"destination-pool\",\n location: \"us-west2\",\n serviceLevel: \"PREMIUM\",\n capacityGib: \"2048\",\n network: _default.then(_default =\u003e _default.id),\n});\nconst sourceVolume = new gcp.netapp.Volume(\"source_volume\", {\n location: sourcePool.location,\n name: \"source-volume\",\n capacityGib: \"100\",\n shareName: \"source-volume\",\n storagePool: sourcePool.name,\n protocols: [\"NFSV3\"],\n deletionPolicy: \"FORCE\",\n});\nconst testReplication = new gcp.netapp.VolumeReplication(\"test_replication\", {\n location: sourceVolume.location,\n volumeName: sourceVolume.name,\n name: \"test-replication\",\n replicationSchedule: \"EVERY_10_MINUTES\",\n description: \"This is a replication resource\",\n destinationVolumeParameters: {\n storagePool: destinationPool.id,\n volumeId: \"destination-volume\",\n shareName: \"source-volume\",\n description: \"This is a replicated volume\",\n },\n deleteDestinationVolume: true,\n waitForMirror: true,\n}, {\n dependsOn: [sourceVolume],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_network(name=\"test-network\")\nsource_pool = gcp.netapp.StoragePool(\"source_pool\",\n name=\"source-pool\",\n location=\"us-central1\",\n service_level=\"PREMIUM\",\n capacity_gib=\"2048\",\n network=default.id)\ndestination_pool = gcp.netapp.StoragePool(\"destination_pool\",\n name=\"destination-pool\",\n location=\"us-west2\",\n service_level=\"PREMIUM\",\n capacity_gib=\"2048\",\n network=default.id)\nsource_volume = gcp.netapp.Volume(\"source_volume\",\n location=source_pool.location,\n name=\"source-volume\",\n capacity_gib=\"100\",\n share_name=\"source-volume\",\n storage_pool=source_pool.name,\n protocols=[\"NFSV3\"],\n deletion_policy=\"FORCE\")\ntest_replication = gcp.netapp.VolumeReplication(\"test_replication\",\n location=source_volume.location,\n volume_name=source_volume.name,\n name=\"test-replication\",\n replication_schedule=\"EVERY_10_MINUTES\",\n description=\"This is a replication resource\",\n destination_volume_parameters={\n \"storage_pool\": destination_pool.id,\n \"volume_id\": \"destination-volume\",\n \"share_name\": \"source-volume\",\n \"description\": \"This is a replicated volume\",\n },\n delete_destination_volume=True,\n wait_for_mirror=True,\n opts = pulumi.ResourceOptions(depends_on=[source_volume]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"test-network\",\n });\n\n var sourcePool = new Gcp.Netapp.StoragePool(\"source_pool\", new()\n {\n Name = \"source-pool\",\n Location = \"us-central1\",\n ServiceLevel = \"PREMIUM\",\n CapacityGib = \"2048\",\n Network = @default.Apply(@default =\u003e @default.Apply(getNetworkResult =\u003e getNetworkResult.Id)),\n });\n\n var destinationPool = new Gcp.Netapp.StoragePool(\"destination_pool\", new()\n {\n Name = \"destination-pool\",\n Location = \"us-west2\",\n ServiceLevel = \"PREMIUM\",\n CapacityGib = \"2048\",\n Network = @default.Apply(@default =\u003e @default.Apply(getNetworkResult =\u003e getNetworkResult.Id)),\n });\n\n var sourceVolume = new Gcp.Netapp.Volume(\"source_volume\", new()\n {\n Location = sourcePool.Location,\n Name = \"source-volume\",\n CapacityGib = \"100\",\n ShareName = \"source-volume\",\n StoragePool = sourcePool.Name,\n Protocols = new[]\n {\n \"NFSV3\",\n },\n DeletionPolicy = \"FORCE\",\n });\n\n var testReplication = new Gcp.Netapp.VolumeReplication(\"test_replication\", new()\n {\n Location = sourceVolume.Location,\n VolumeName = sourceVolume.Name,\n Name = \"test-replication\",\n ReplicationSchedule = \"EVERY_10_MINUTES\",\n Description = \"This is a replication resource\",\n DestinationVolumeParameters = new Gcp.Netapp.Inputs.VolumeReplicationDestinationVolumeParametersArgs\n {\n StoragePool = destinationPool.Id,\n VolumeId = \"destination-volume\",\n ShareName = \"source-volume\",\n Description = \"This is a replicated volume\",\n },\n DeleteDestinationVolume = true,\n WaitForMirror = true,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n sourceVolume,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/netapp\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"test-network\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourcePool, err := netapp.NewStoragePool(ctx, \"source_pool\", \u0026netapp.StoragePoolArgs{\n\t\t\tName: pulumi.String(\"source-pool\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tServiceLevel: pulumi.String(\"PREMIUM\"),\n\t\t\tCapacityGib: pulumi.String(\"2048\"),\n\t\t\tNetwork: pulumi.String(_default.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestinationPool, err := netapp.NewStoragePool(ctx, \"destination_pool\", \u0026netapp.StoragePoolArgs{\n\t\t\tName: pulumi.String(\"destination-pool\"),\n\t\t\tLocation: pulumi.String(\"us-west2\"),\n\t\t\tServiceLevel: pulumi.String(\"PREMIUM\"),\n\t\t\tCapacityGib: pulumi.String(\"2048\"),\n\t\t\tNetwork: pulumi.String(_default.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceVolume, err := netapp.NewVolume(ctx, \"source_volume\", \u0026netapp.VolumeArgs{\n\t\t\tLocation: sourcePool.Location,\n\t\t\tName: pulumi.String(\"source-volume\"),\n\t\t\tCapacityGib: pulumi.String(\"100\"),\n\t\t\tShareName: pulumi.String(\"source-volume\"),\n\t\t\tStoragePool: sourcePool.Name,\n\t\t\tProtocols: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"NFSV3\"),\n\t\t\t},\n\t\t\tDeletionPolicy: pulumi.String(\"FORCE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = netapp.NewVolumeReplication(ctx, \"test_replication\", \u0026netapp.VolumeReplicationArgs{\n\t\t\tLocation: sourceVolume.Location,\n\t\t\tVolumeName: sourceVolume.Name,\n\t\t\tName: pulumi.String(\"test-replication\"),\n\t\t\tReplicationSchedule: pulumi.String(\"EVERY_10_MINUTES\"),\n\t\t\tDescription: pulumi.String(\"This is a replication resource\"),\n\t\t\tDestinationVolumeParameters: \u0026netapp.VolumeReplicationDestinationVolumeParametersArgs{\n\t\t\t\tStoragePool: destinationPool.ID(),\n\t\t\t\tVolumeId: pulumi.String(\"destination-volume\"),\n\t\t\t\tShareName: pulumi.String(\"source-volume\"),\n\t\t\t\tDescription: pulumi.String(\"This is a replicated volume\"),\n\t\t\t},\n\t\t\tDeleteDestinationVolume: pulumi.Bool(true),\n\t\t\tWaitForMirror: pulumi.Bool(true),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsourceVolume,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport com.pulumi.gcp.netapp.StoragePool;\nimport com.pulumi.gcp.netapp.StoragePoolArgs;\nimport com.pulumi.gcp.netapp.Volume;\nimport com.pulumi.gcp.netapp.VolumeArgs;\nimport com.pulumi.gcp.netapp.VolumeReplication;\nimport com.pulumi.gcp.netapp.VolumeReplicationArgs;\nimport com.pulumi.gcp.netapp.inputs.VolumeReplicationDestinationVolumeParametersArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"test-network\")\n .build());\n\n var sourcePool = new StoragePool(\"sourcePool\", StoragePoolArgs.builder()\n .name(\"source-pool\")\n .location(\"us-central1\")\n .serviceLevel(\"PREMIUM\")\n .capacityGib(2048)\n .network(default_.id())\n .build());\n\n var destinationPool = new StoragePool(\"destinationPool\", StoragePoolArgs.builder()\n .name(\"destination-pool\")\n .location(\"us-west2\")\n .serviceLevel(\"PREMIUM\")\n .capacityGib(2048)\n .network(default_.id())\n .build());\n\n var sourceVolume = new Volume(\"sourceVolume\", VolumeArgs.builder()\n .location(sourcePool.location())\n .name(\"source-volume\")\n .capacityGib(100)\n .shareName(\"source-volume\")\n .storagePool(sourcePool.name())\n .protocols(\"NFSV3\")\n .deletionPolicy(\"FORCE\")\n .build());\n\n var testReplication = new VolumeReplication(\"testReplication\", VolumeReplicationArgs.builder()\n .location(sourceVolume.location())\n .volumeName(sourceVolume.name())\n .name(\"test-replication\")\n .replicationSchedule(\"EVERY_10_MINUTES\")\n .description(\"This is a replication resource\")\n .destinationVolumeParameters(VolumeReplicationDestinationVolumeParametersArgs.builder()\n .storagePool(destinationPool.id())\n .volumeId(\"destination-volume\")\n .shareName(\"source-volume\")\n .description(\"This is a replicated volume\")\n .build())\n .deleteDestinationVolume(true)\n .waitForMirror(true)\n .build(), CustomResourceOptions.builder()\n .dependsOn(sourceVolume)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sourcePool:\n type: gcp:netapp:StoragePool\n name: source_pool\n properties:\n name: source-pool\n location: us-central1\n serviceLevel: PREMIUM\n capacityGib: 2048\n network: ${default.id}\n destinationPool:\n type: gcp:netapp:StoragePool\n name: destination_pool\n properties:\n name: destination-pool\n location: us-west2\n serviceLevel: PREMIUM\n capacityGib: 2048\n network: ${default.id}\n sourceVolume:\n type: gcp:netapp:Volume\n name: source_volume\n properties:\n location: ${sourcePool.location}\n name: source-volume\n capacityGib: 100\n shareName: source-volume\n storagePool: ${sourcePool.name}\n protocols:\n - NFSV3\n deletionPolicy: FORCE\n testReplication:\n type: gcp:netapp:VolumeReplication\n name: test_replication\n properties:\n location: ${sourceVolume.location}\n volumeName: ${sourceVolume.name}\n name: test-replication\n replicationSchedule: EVERY_10_MINUTES\n description: This is a replication resource\n destinationVolumeParameters:\n storagePool: ${destinationPool.id}\n volumeId: destination-volume\n shareName: source-volume\n description: This is a replicated volume\n deleteDestinationVolume: true\n waitForMirror: true\n options:\n dependson:\n - ${sourceVolume}\nvariables:\n default:\n fn::invoke:\n Function: gcp:compute:getNetwork\n Arguments:\n name: test-network\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nVolumeReplication can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/volumes/{{volume_name}}/replications/{{name}}`\n\n* `{{project}}/{{location}}/{{volume_name}}/{{name}}`\n\n* `{{location}}/{{volume_name}}/{{name}}`\n\nWhen using the `pulumi import` command, VolumeReplication can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:netapp/volumeReplication:VolumeReplication default projects/{{project}}/locations/{{location}}/volumes/{{volume_name}}/replications/{{name}}\n```\n\n```sh\n$ pulumi import gcp:netapp/volumeReplication:VolumeReplication default {{project}}/{{location}}/{{volume_name}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:netapp/volumeReplication:VolumeReplication default {{location}}/{{volume_name}}/{{name}}\n```\n\n", + "description": "## Example Usage\n\n### Netapp Volume Replication Create\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getNetwork({\n name: \"test-network\",\n});\nconst sourcePool = new gcp.netapp.StoragePool(\"source_pool\", {\n name: \"source-pool\",\n location: \"us-central1\",\n serviceLevel: \"PREMIUM\",\n capacityGib: \"2048\",\n network: _default.then(_default =\u003e _default.id),\n});\nconst destinationPool = new gcp.netapp.StoragePool(\"destination_pool\", {\n name: \"destination-pool\",\n location: \"us-west2\",\n serviceLevel: \"PREMIUM\",\n capacityGib: \"2048\",\n network: _default.then(_default =\u003e _default.id),\n});\nconst sourceVolume = new gcp.netapp.Volume(\"source_volume\", {\n location: sourcePool.location,\n name: \"source-volume\",\n capacityGib: \"100\",\n shareName: \"source-volume\",\n storagePool: sourcePool.name,\n protocols: [\"NFSV3\"],\n deletionPolicy: \"FORCE\",\n});\nconst testReplication = new gcp.netapp.VolumeReplication(\"test_replication\", {\n location: sourceVolume.location,\n volumeName: sourceVolume.name,\n name: \"test-replication\",\n replicationSchedule: \"EVERY_10_MINUTES\",\n description: \"This is a replication resource\",\n destinationVolumeParameters: {\n storagePool: destinationPool.id,\n volumeId: \"destination-volume\",\n shareName: \"source-volume\",\n description: \"This is a replicated volume\",\n },\n deleteDestinationVolume: true,\n waitForMirror: true,\n}, {\n dependsOn: [sourceVolume],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_network(name=\"test-network\")\nsource_pool = gcp.netapp.StoragePool(\"source_pool\",\n name=\"source-pool\",\n location=\"us-central1\",\n service_level=\"PREMIUM\",\n capacity_gib=\"2048\",\n network=default.id)\ndestination_pool = gcp.netapp.StoragePool(\"destination_pool\",\n name=\"destination-pool\",\n location=\"us-west2\",\n service_level=\"PREMIUM\",\n capacity_gib=\"2048\",\n network=default.id)\nsource_volume = gcp.netapp.Volume(\"source_volume\",\n location=source_pool.location,\n name=\"source-volume\",\n capacity_gib=\"100\",\n share_name=\"source-volume\",\n storage_pool=source_pool.name,\n protocols=[\"NFSV3\"],\n deletion_policy=\"FORCE\")\ntest_replication = gcp.netapp.VolumeReplication(\"test_replication\",\n location=source_volume.location,\n volume_name=source_volume.name,\n name=\"test-replication\",\n replication_schedule=\"EVERY_10_MINUTES\",\n description=\"This is a replication resource\",\n destination_volume_parameters={\n \"storage_pool\": destination_pool.id,\n \"volume_id\": \"destination-volume\",\n \"share_name\": \"source-volume\",\n \"description\": \"This is a replicated volume\",\n },\n delete_destination_volume=True,\n wait_for_mirror=True,\n opts = pulumi.ResourceOptions(depends_on=[source_volume]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"test-network\",\n });\n\n var sourcePool = new Gcp.Netapp.StoragePool(\"source_pool\", new()\n {\n Name = \"source-pool\",\n Location = \"us-central1\",\n ServiceLevel = \"PREMIUM\",\n CapacityGib = \"2048\",\n Network = @default.Apply(@default =\u003e @default.Apply(getNetworkResult =\u003e getNetworkResult.Id)),\n });\n\n var destinationPool = new Gcp.Netapp.StoragePool(\"destination_pool\", new()\n {\n Name = \"destination-pool\",\n Location = \"us-west2\",\n ServiceLevel = \"PREMIUM\",\n CapacityGib = \"2048\",\n Network = @default.Apply(@default =\u003e @default.Apply(getNetworkResult =\u003e getNetworkResult.Id)),\n });\n\n var sourceVolume = new Gcp.Netapp.Volume(\"source_volume\", new()\n {\n Location = sourcePool.Location,\n Name = \"source-volume\",\n CapacityGib = \"100\",\n ShareName = \"source-volume\",\n StoragePool = sourcePool.Name,\n Protocols = new[]\n {\n \"NFSV3\",\n },\n DeletionPolicy = \"FORCE\",\n });\n\n var testReplication = new Gcp.Netapp.VolumeReplication(\"test_replication\", new()\n {\n Location = sourceVolume.Location,\n VolumeName = sourceVolume.Name,\n Name = \"test-replication\",\n ReplicationSchedule = \"EVERY_10_MINUTES\",\n Description = \"This is a replication resource\",\n DestinationVolumeParameters = new Gcp.Netapp.Inputs.VolumeReplicationDestinationVolumeParametersArgs\n {\n StoragePool = destinationPool.Id,\n VolumeId = \"destination-volume\",\n ShareName = \"source-volume\",\n Description = \"This is a replicated volume\",\n },\n DeleteDestinationVolume = true,\n WaitForMirror = true,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n sourceVolume,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/netapp\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"test-network\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourcePool, err := netapp.NewStoragePool(ctx, \"source_pool\", \u0026netapp.StoragePoolArgs{\n\t\t\tName: pulumi.String(\"source-pool\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tServiceLevel: pulumi.String(\"PREMIUM\"),\n\t\t\tCapacityGib: pulumi.String(\"2048\"),\n\t\t\tNetwork: pulumi.String(_default.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestinationPool, err := netapp.NewStoragePool(ctx, \"destination_pool\", \u0026netapp.StoragePoolArgs{\n\t\t\tName: pulumi.String(\"destination-pool\"),\n\t\t\tLocation: pulumi.String(\"us-west2\"),\n\t\t\tServiceLevel: pulumi.String(\"PREMIUM\"),\n\t\t\tCapacityGib: pulumi.String(\"2048\"),\n\t\t\tNetwork: pulumi.String(_default.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceVolume, err := netapp.NewVolume(ctx, \"source_volume\", \u0026netapp.VolumeArgs{\n\t\t\tLocation: sourcePool.Location,\n\t\t\tName: pulumi.String(\"source-volume\"),\n\t\t\tCapacityGib: pulumi.String(\"100\"),\n\t\t\tShareName: pulumi.String(\"source-volume\"),\n\t\t\tStoragePool: sourcePool.Name,\n\t\t\tProtocols: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"NFSV3\"),\n\t\t\t},\n\t\t\tDeletionPolicy: pulumi.String(\"FORCE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = netapp.NewVolumeReplication(ctx, \"test_replication\", \u0026netapp.VolumeReplicationArgs{\n\t\t\tLocation: sourceVolume.Location,\n\t\t\tVolumeName: sourceVolume.Name,\n\t\t\tName: pulumi.String(\"test-replication\"),\n\t\t\tReplicationSchedule: pulumi.String(\"EVERY_10_MINUTES\"),\n\t\t\tDescription: pulumi.String(\"This is a replication resource\"),\n\t\t\tDestinationVolumeParameters: \u0026netapp.VolumeReplicationDestinationVolumeParametersArgs{\n\t\t\t\tStoragePool: destinationPool.ID(),\n\t\t\t\tVolumeId: pulumi.String(\"destination-volume\"),\n\t\t\t\tShareName: pulumi.String(\"source-volume\"),\n\t\t\t\tDescription: pulumi.String(\"This is a replicated volume\"),\n\t\t\t},\n\t\t\tDeleteDestinationVolume: pulumi.Bool(true),\n\t\t\tWaitForMirror: pulumi.Bool(true),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsourceVolume,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport com.pulumi.gcp.netapp.StoragePool;\nimport com.pulumi.gcp.netapp.StoragePoolArgs;\nimport com.pulumi.gcp.netapp.Volume;\nimport com.pulumi.gcp.netapp.VolumeArgs;\nimport com.pulumi.gcp.netapp.VolumeReplication;\nimport com.pulumi.gcp.netapp.VolumeReplicationArgs;\nimport com.pulumi.gcp.netapp.inputs.VolumeReplicationDestinationVolumeParametersArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"test-network\")\n .build());\n\n var sourcePool = new StoragePool(\"sourcePool\", StoragePoolArgs.builder()\n .name(\"source-pool\")\n .location(\"us-central1\")\n .serviceLevel(\"PREMIUM\")\n .capacityGib(2048)\n .network(default_.id())\n .build());\n\n var destinationPool = new StoragePool(\"destinationPool\", StoragePoolArgs.builder()\n .name(\"destination-pool\")\n .location(\"us-west2\")\n .serviceLevel(\"PREMIUM\")\n .capacityGib(2048)\n .network(default_.id())\n .build());\n\n var sourceVolume = new Volume(\"sourceVolume\", VolumeArgs.builder()\n .location(sourcePool.location())\n .name(\"source-volume\")\n .capacityGib(100)\n .shareName(\"source-volume\")\n .storagePool(sourcePool.name())\n .protocols(\"NFSV3\")\n .deletionPolicy(\"FORCE\")\n .build());\n\n var testReplication = new VolumeReplication(\"testReplication\", VolumeReplicationArgs.builder()\n .location(sourceVolume.location())\n .volumeName(sourceVolume.name())\n .name(\"test-replication\")\n .replicationSchedule(\"EVERY_10_MINUTES\")\n .description(\"This is a replication resource\")\n .destinationVolumeParameters(VolumeReplicationDestinationVolumeParametersArgs.builder()\n .storagePool(destinationPool.id())\n .volumeId(\"destination-volume\")\n .shareName(\"source-volume\")\n .description(\"This is a replicated volume\")\n .build())\n .deleteDestinationVolume(true)\n .waitForMirror(true)\n .build(), CustomResourceOptions.builder()\n .dependsOn(sourceVolume)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sourcePool:\n type: gcp:netapp:StoragePool\n name: source_pool\n properties:\n name: source-pool\n location: us-central1\n serviceLevel: PREMIUM\n capacityGib: 2048\n network: ${default.id}\n destinationPool:\n type: gcp:netapp:StoragePool\n name: destination_pool\n properties:\n name: destination-pool\n location: us-west2\n serviceLevel: PREMIUM\n capacityGib: 2048\n network: ${default.id}\n sourceVolume:\n type: gcp:netapp:Volume\n name: source_volume\n properties:\n location: ${sourcePool.location}\n name: source-volume\n capacityGib: 100\n shareName: source-volume\n storagePool: ${sourcePool.name}\n protocols:\n - NFSV3\n deletionPolicy: FORCE\n testReplication:\n type: gcp:netapp:VolumeReplication\n name: test_replication\n properties:\n location: ${sourceVolume.location}\n volumeName: ${sourceVolume.name}\n name: test-replication\n replicationSchedule: EVERY_10_MINUTES\n description: This is a replication resource\n destinationVolumeParameters:\n storagePool: ${destinationPool.id}\n volumeId: destination-volume\n shareName: source-volume\n description: This is a replicated volume\n deleteDestinationVolume: true\n waitForMirror: true\n options:\n dependsOn:\n - ${sourceVolume}\nvariables:\n default:\n fn::invoke:\n function: gcp:compute:getNetwork\n arguments:\n name: test-network\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nVolumeReplication can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/volumes/{{volume_name}}/replications/{{name}}`\n\n* `{{project}}/{{location}}/{{volume_name}}/{{name}}`\n\n* `{{location}}/{{volume_name}}/{{name}}`\n\nWhen using the `pulumi import` command, VolumeReplication can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:netapp/volumeReplication:VolumeReplication default projects/{{project}}/locations/{{location}}/volumes/{{volume_name}}/replications/{{name}}\n```\n\n```sh\n$ pulumi import gcp:netapp/volumeReplication:VolumeReplication default {{project}}/{{location}}/{{volume_name}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:netapp/volumeReplication:VolumeReplication default {{location}}/{{volume_name}}/{{name}}\n```\n\n", "properties": { "createTime": { "type": "string", @@ -239499,7 +239499,7 @@ } }, "gcp:netapp/volumeSnapshot:VolumeSnapshot": { - "description": "NetApp Volumes helps you manage your data usage with snapshots that can quickly restore lost data.\nSnapshots are point-in-time versions of your volume's content. They are resources of volumes and are\ninstant captures of your data that consume space only for modified data. Because data changes over\ntime, snapshots usually consume more space as they get older.\nNetApp Volumes volumes use just-in-time copy-on-write so that unmodified files in snapshots don't\nconsume any of the volume's capacity.\n\n\nTo get more information about VolumeSnapshot, see:\n\n* [API documentation](https://cloud.google.com/netapp/volumes/docs/reference/rest/v1/projects.locations.volumes.snapshots)\n* How-to Guides\n * [Documentation](https://cloud.google.com/netapp/volumes/docs/configure-and-use/volume-snapshots/overview)\n\n## Example Usage\n\n### Volume Snapshot Create\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getNetwork({\n name: \"test-network\",\n});\nconst defaultStoragePool = new gcp.netapp.StoragePool(\"default\", {\n name: \"test-pool\",\n location: \"us-west2\",\n serviceLevel: \"PREMIUM\",\n capacityGib: \"2048\",\n network: _default.then(_default =\u003e _default.id),\n});\nconst defaultVolume = new gcp.netapp.Volume(\"default\", {\n location: defaultStoragePool.location,\n name: \"test-volume\",\n capacityGib: \"100\",\n shareName: \"test-volume\",\n storagePool: defaultStoragePool.name,\n protocols: [\"NFSV3\"],\n});\nconst testSnapshot = new gcp.netapp.VolumeSnapshot(\"test_snapshot\", {\n location: defaultVolume.location,\n volumeName: defaultVolume.name,\n name: \"testvolumesnap\",\n}, {\n dependsOn: [defaultVolume],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_network(name=\"test-network\")\ndefault_storage_pool = gcp.netapp.StoragePool(\"default\",\n name=\"test-pool\",\n location=\"us-west2\",\n service_level=\"PREMIUM\",\n capacity_gib=\"2048\",\n network=default.id)\ndefault_volume = gcp.netapp.Volume(\"default\",\n location=default_storage_pool.location,\n name=\"test-volume\",\n capacity_gib=\"100\",\n share_name=\"test-volume\",\n storage_pool=default_storage_pool.name,\n protocols=[\"NFSV3\"])\ntest_snapshot = gcp.netapp.VolumeSnapshot(\"test_snapshot\",\n location=default_volume.location,\n volume_name=default_volume.name,\n name=\"testvolumesnap\",\n opts = pulumi.ResourceOptions(depends_on=[default_volume]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"test-network\",\n });\n\n var defaultStoragePool = new Gcp.Netapp.StoragePool(\"default\", new()\n {\n Name = \"test-pool\",\n Location = \"us-west2\",\n ServiceLevel = \"PREMIUM\",\n CapacityGib = \"2048\",\n Network = @default.Apply(@default =\u003e @default.Apply(getNetworkResult =\u003e getNetworkResult.Id)),\n });\n\n var defaultVolume = new Gcp.Netapp.Volume(\"default\", new()\n {\n Location = defaultStoragePool.Location,\n Name = \"test-volume\",\n CapacityGib = \"100\",\n ShareName = \"test-volume\",\n StoragePool = defaultStoragePool.Name,\n Protocols = new[]\n {\n \"NFSV3\",\n },\n });\n\n var testSnapshot = new Gcp.Netapp.VolumeSnapshot(\"test_snapshot\", new()\n {\n Location = defaultVolume.Location,\n VolumeName = defaultVolume.Name,\n Name = \"testvolumesnap\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n defaultVolume,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/netapp\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"test-network\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultStoragePool, err := netapp.NewStoragePool(ctx, \"default\", \u0026netapp.StoragePoolArgs{\n\t\t\tName: pulumi.String(\"test-pool\"),\n\t\t\tLocation: pulumi.String(\"us-west2\"),\n\t\t\tServiceLevel: pulumi.String(\"PREMIUM\"),\n\t\t\tCapacityGib: pulumi.String(\"2048\"),\n\t\t\tNetwork: pulumi.String(_default.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultVolume, err := netapp.NewVolume(ctx, \"default\", \u0026netapp.VolumeArgs{\n\t\t\tLocation: defaultStoragePool.Location,\n\t\t\tName: pulumi.String(\"test-volume\"),\n\t\t\tCapacityGib: pulumi.String(\"100\"),\n\t\t\tShareName: pulumi.String(\"test-volume\"),\n\t\t\tStoragePool: defaultStoragePool.Name,\n\t\t\tProtocols: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"NFSV3\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = netapp.NewVolumeSnapshot(ctx, \"test_snapshot\", \u0026netapp.VolumeSnapshotArgs{\n\t\t\tLocation: defaultVolume.Location,\n\t\t\tVolumeName: defaultVolume.Name,\n\t\t\tName: pulumi.String(\"testvolumesnap\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdefaultVolume,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport com.pulumi.gcp.netapp.StoragePool;\nimport com.pulumi.gcp.netapp.StoragePoolArgs;\nimport com.pulumi.gcp.netapp.Volume;\nimport com.pulumi.gcp.netapp.VolumeArgs;\nimport com.pulumi.gcp.netapp.VolumeSnapshot;\nimport com.pulumi.gcp.netapp.VolumeSnapshotArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"test-network\")\n .build());\n\n var defaultStoragePool = new StoragePool(\"defaultStoragePool\", StoragePoolArgs.builder()\n .name(\"test-pool\")\n .location(\"us-west2\")\n .serviceLevel(\"PREMIUM\")\n .capacityGib(2048)\n .network(default_.id())\n .build());\n\n var defaultVolume = new Volume(\"defaultVolume\", VolumeArgs.builder()\n .location(defaultStoragePool.location())\n .name(\"test-volume\")\n .capacityGib(100)\n .shareName(\"test-volume\")\n .storagePool(defaultStoragePool.name())\n .protocols(\"NFSV3\")\n .build());\n\n var testSnapshot = new VolumeSnapshot(\"testSnapshot\", VolumeSnapshotArgs.builder()\n .location(defaultVolume.location())\n .volumeName(defaultVolume.name())\n .name(\"testvolumesnap\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(defaultVolume)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n defaultStoragePool:\n type: gcp:netapp:StoragePool\n name: default\n properties:\n name: test-pool\n location: us-west2\n serviceLevel: PREMIUM\n capacityGib: 2048\n network: ${default.id}\n defaultVolume:\n type: gcp:netapp:Volume\n name: default\n properties:\n location: ${defaultStoragePool.location}\n name: test-volume\n capacityGib: 100\n shareName: test-volume\n storagePool: ${defaultStoragePool.name}\n protocols:\n - NFSV3\n testSnapshot:\n type: gcp:netapp:VolumeSnapshot\n name: test_snapshot\n properties:\n location: ${defaultVolume.location}\n volumeName: ${defaultVolume.name}\n name: testvolumesnap\n options:\n dependson:\n - ${defaultVolume}\nvariables:\n default:\n fn::invoke:\n Function: gcp:compute:getNetwork\n Arguments:\n name: test-network\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nVolumeSnapshot can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/volumes/{{volume_name}}/snapshots/{{name}}`\n\n* `{{project}}/{{location}}/{{volume_name}}/{{name}}`\n\n* `{{location}}/{{volume_name}}/{{name}}`\n\nWhen using the `pulumi import` command, VolumeSnapshot can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:netapp/volumeSnapshot:VolumeSnapshot default projects/{{project}}/locations/{{location}}/volumes/{{volume_name}}/snapshots/{{name}}\n```\n\n```sh\n$ pulumi import gcp:netapp/volumeSnapshot:VolumeSnapshot default {{project}}/{{location}}/{{volume_name}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:netapp/volumeSnapshot:VolumeSnapshot default {{location}}/{{volume_name}}/{{name}}\n```\n\n", + "description": "NetApp Volumes helps you manage your data usage with snapshots that can quickly restore lost data.\nSnapshots are point-in-time versions of your volume's content. They are resources of volumes and are\ninstant captures of your data that consume space only for modified data. Because data changes over\ntime, snapshots usually consume more space as they get older.\nNetApp Volumes volumes use just-in-time copy-on-write so that unmodified files in snapshots don't\nconsume any of the volume's capacity.\n\n\nTo get more information about VolumeSnapshot, see:\n\n* [API documentation](https://cloud.google.com/netapp/volumes/docs/reference/rest/v1/projects.locations.volumes.snapshots)\n* How-to Guides\n * [Documentation](https://cloud.google.com/netapp/volumes/docs/configure-and-use/volume-snapshots/overview)\n\n## Example Usage\n\n### Volume Snapshot Create\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getNetwork({\n name: \"test-network\",\n});\nconst defaultStoragePool = new gcp.netapp.StoragePool(\"default\", {\n name: \"test-pool\",\n location: \"us-west2\",\n serviceLevel: \"PREMIUM\",\n capacityGib: \"2048\",\n network: _default.then(_default =\u003e _default.id),\n});\nconst defaultVolume = new gcp.netapp.Volume(\"default\", {\n location: defaultStoragePool.location,\n name: \"test-volume\",\n capacityGib: \"100\",\n shareName: \"test-volume\",\n storagePool: defaultStoragePool.name,\n protocols: [\"NFSV3\"],\n});\nconst testSnapshot = new gcp.netapp.VolumeSnapshot(\"test_snapshot\", {\n location: defaultVolume.location,\n volumeName: defaultVolume.name,\n name: \"testvolumesnap\",\n}, {\n dependsOn: [defaultVolume],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_network(name=\"test-network\")\ndefault_storage_pool = gcp.netapp.StoragePool(\"default\",\n name=\"test-pool\",\n location=\"us-west2\",\n service_level=\"PREMIUM\",\n capacity_gib=\"2048\",\n network=default.id)\ndefault_volume = gcp.netapp.Volume(\"default\",\n location=default_storage_pool.location,\n name=\"test-volume\",\n capacity_gib=\"100\",\n share_name=\"test-volume\",\n storage_pool=default_storage_pool.name,\n protocols=[\"NFSV3\"])\ntest_snapshot = gcp.netapp.VolumeSnapshot(\"test_snapshot\",\n location=default_volume.location,\n volume_name=default_volume.name,\n name=\"testvolumesnap\",\n opts = pulumi.ResourceOptions(depends_on=[default_volume]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"test-network\",\n });\n\n var defaultStoragePool = new Gcp.Netapp.StoragePool(\"default\", new()\n {\n Name = \"test-pool\",\n Location = \"us-west2\",\n ServiceLevel = \"PREMIUM\",\n CapacityGib = \"2048\",\n Network = @default.Apply(@default =\u003e @default.Apply(getNetworkResult =\u003e getNetworkResult.Id)),\n });\n\n var defaultVolume = new Gcp.Netapp.Volume(\"default\", new()\n {\n Location = defaultStoragePool.Location,\n Name = \"test-volume\",\n CapacityGib = \"100\",\n ShareName = \"test-volume\",\n StoragePool = defaultStoragePool.Name,\n Protocols = new[]\n {\n \"NFSV3\",\n },\n });\n\n var testSnapshot = new Gcp.Netapp.VolumeSnapshot(\"test_snapshot\", new()\n {\n Location = defaultVolume.Location,\n VolumeName = defaultVolume.Name,\n Name = \"testvolumesnap\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n defaultVolume,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/netapp\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"test-network\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultStoragePool, err := netapp.NewStoragePool(ctx, \"default\", \u0026netapp.StoragePoolArgs{\n\t\t\tName: pulumi.String(\"test-pool\"),\n\t\t\tLocation: pulumi.String(\"us-west2\"),\n\t\t\tServiceLevel: pulumi.String(\"PREMIUM\"),\n\t\t\tCapacityGib: pulumi.String(\"2048\"),\n\t\t\tNetwork: pulumi.String(_default.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultVolume, err := netapp.NewVolume(ctx, \"default\", \u0026netapp.VolumeArgs{\n\t\t\tLocation: defaultStoragePool.Location,\n\t\t\tName: pulumi.String(\"test-volume\"),\n\t\t\tCapacityGib: pulumi.String(\"100\"),\n\t\t\tShareName: pulumi.String(\"test-volume\"),\n\t\t\tStoragePool: defaultStoragePool.Name,\n\t\t\tProtocols: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"NFSV3\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = netapp.NewVolumeSnapshot(ctx, \"test_snapshot\", \u0026netapp.VolumeSnapshotArgs{\n\t\t\tLocation: defaultVolume.Location,\n\t\t\tVolumeName: defaultVolume.Name,\n\t\t\tName: pulumi.String(\"testvolumesnap\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdefaultVolume,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport com.pulumi.gcp.netapp.StoragePool;\nimport com.pulumi.gcp.netapp.StoragePoolArgs;\nimport com.pulumi.gcp.netapp.Volume;\nimport com.pulumi.gcp.netapp.VolumeArgs;\nimport com.pulumi.gcp.netapp.VolumeSnapshot;\nimport com.pulumi.gcp.netapp.VolumeSnapshotArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"test-network\")\n .build());\n\n var defaultStoragePool = new StoragePool(\"defaultStoragePool\", StoragePoolArgs.builder()\n .name(\"test-pool\")\n .location(\"us-west2\")\n .serviceLevel(\"PREMIUM\")\n .capacityGib(2048)\n .network(default_.id())\n .build());\n\n var defaultVolume = new Volume(\"defaultVolume\", VolumeArgs.builder()\n .location(defaultStoragePool.location())\n .name(\"test-volume\")\n .capacityGib(100)\n .shareName(\"test-volume\")\n .storagePool(defaultStoragePool.name())\n .protocols(\"NFSV3\")\n .build());\n\n var testSnapshot = new VolumeSnapshot(\"testSnapshot\", VolumeSnapshotArgs.builder()\n .location(defaultVolume.location())\n .volumeName(defaultVolume.name())\n .name(\"testvolumesnap\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(defaultVolume)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n defaultStoragePool:\n type: gcp:netapp:StoragePool\n name: default\n properties:\n name: test-pool\n location: us-west2\n serviceLevel: PREMIUM\n capacityGib: 2048\n network: ${default.id}\n defaultVolume:\n type: gcp:netapp:Volume\n name: default\n properties:\n location: ${defaultStoragePool.location}\n name: test-volume\n capacityGib: 100\n shareName: test-volume\n storagePool: ${defaultStoragePool.name}\n protocols:\n - NFSV3\n testSnapshot:\n type: gcp:netapp:VolumeSnapshot\n name: test_snapshot\n properties:\n location: ${defaultVolume.location}\n volumeName: ${defaultVolume.name}\n name: testvolumesnap\n options:\n dependsOn:\n - ${defaultVolume}\nvariables:\n default:\n fn::invoke:\n function: gcp:compute:getNetwork\n arguments:\n name: test-network\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nVolumeSnapshot can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/volumes/{{volume_name}}/snapshots/{{name}}`\n\n* `{{project}}/{{location}}/{{volume_name}}/{{name}}`\n\n* `{{location}}/{{volume_name}}/{{name}}`\n\nWhen using the `pulumi import` command, VolumeSnapshot can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:netapp/volumeSnapshot:VolumeSnapshot default projects/{{project}}/locations/{{location}}/volumes/{{volume_name}}/snapshots/{{name}}\n```\n\n```sh\n$ pulumi import gcp:netapp/volumeSnapshot:VolumeSnapshot default {{project}}/{{location}}/{{volume_name}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:netapp/volumeSnapshot:VolumeSnapshot default {{location}}/{{volume_name}}/{{name}}\n```\n\n", "properties": { "description": { "type": "string", @@ -240017,7 +240017,7 @@ } }, "gcp:networkconnectivity/internalRange:InternalRange": { - "description": "The internal range resource for IPAM operations within a VPC network. Used to represent a private address range along with behavioral characterstics of that range (its usage and peering behavior). Networking resources can link to this range if they are created as belonging to it.\n\n\nTo get more information about InternalRange, see:\n\n* [API documentation](https://cloud.google.com/network-connectivity/docs/reference/networkconnectivity/rest/v1/projects.locations.internalRanges)\n* How-to Guides\n * [Use internal ranges](https://cloud.google.com/vpc/docs/create-use-internal-ranges)\n\n## Example Usage\n\n### Network Connectivity Internal Ranges Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultNetwork = new gcp.compute.Network(\"default\", {\n name: \"internal-ranges\",\n autoCreateSubnetworks: false,\n});\nconst _default = new gcp.networkconnectivity.InternalRange(\"default\", {\n name: \"basic\",\n description: \"Test internal range\",\n network: defaultNetwork.selfLink,\n usage: \"FOR_VPC\",\n peering: \"FOR_SELF\",\n ipCidrRange: \"10.0.0.0/24\",\n labels: {\n \"label-a\": \"b\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_network = gcp.compute.Network(\"default\",\n name=\"internal-ranges\",\n auto_create_subnetworks=False)\ndefault = gcp.networkconnectivity.InternalRange(\"default\",\n name=\"basic\",\n description=\"Test internal range\",\n network=default_network.self_link,\n usage=\"FOR_VPC\",\n peering=\"FOR_SELF\",\n ip_cidr_range=\"10.0.0.0/24\",\n labels={\n \"label-a\": \"b\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"internal-ranges\",\n AutoCreateSubnetworks = false,\n });\n\n var @default = new Gcp.NetworkConnectivity.InternalRange(\"default\", new()\n {\n Name = \"basic\",\n Description = \"Test internal range\",\n Network = defaultNetwork.SelfLink,\n Usage = \"FOR_VPC\",\n Peering = \"FOR_SELF\",\n IpCidrRange = \"10.0.0.0/24\",\n Labels = \n {\n { \"label-a\", \"b\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"internal-ranges\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewInternalRange(ctx, \"default\", \u0026networkconnectivity.InternalRangeArgs{\n\t\t\tName: pulumi.String(\"basic\"),\n\t\t\tDescription: pulumi.String(\"Test internal range\"),\n\t\t\tNetwork: defaultNetwork.SelfLink,\n\t\t\tUsage: pulumi.String(\"FOR_VPC\"),\n\t\t\tPeering: pulumi.String(\"FOR_SELF\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/24\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-a\": pulumi.String(\"b\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.networkconnectivity.InternalRange;\nimport com.pulumi.gcp.networkconnectivity.InternalRangeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"internal-ranges\")\n .autoCreateSubnetworks(false)\n .build());\n\n var default_ = new InternalRange(\"default\", InternalRangeArgs.builder()\n .name(\"basic\")\n .description(\"Test internal range\")\n .network(defaultNetwork.selfLink())\n .usage(\"FOR_VPC\")\n .peering(\"FOR_SELF\")\n .ipCidrRange(\"10.0.0.0/24\")\n .labels(Map.of(\"label-a\", \"b\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:networkconnectivity:InternalRange\n properties:\n name: basic\n description: Test internal range\n network: ${defaultNetwork.selfLink}\n usage: FOR_VPC\n peering: FOR_SELF\n ipCidrRange: 10.0.0.0/24\n labels:\n label-a: b\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: internal-ranges\n autoCreateSubnetworks: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Connectivity Internal Ranges Automatic Reservation\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultNetwork = new gcp.compute.Network(\"default\", {\n name: \"internal-ranges\",\n autoCreateSubnetworks: false,\n});\nconst _default = new gcp.networkconnectivity.InternalRange(\"default\", {\n name: \"automatic-reservation\",\n network: defaultNetwork.id,\n usage: \"FOR_VPC\",\n peering: \"FOR_SELF\",\n prefixLength: 24,\n targetCidrRanges: [\"192.16.0.0/16\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_network = gcp.compute.Network(\"default\",\n name=\"internal-ranges\",\n auto_create_subnetworks=False)\ndefault = gcp.networkconnectivity.InternalRange(\"default\",\n name=\"automatic-reservation\",\n network=default_network.id,\n usage=\"FOR_VPC\",\n peering=\"FOR_SELF\",\n prefix_length=24,\n target_cidr_ranges=[\"192.16.0.0/16\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"internal-ranges\",\n AutoCreateSubnetworks = false,\n });\n\n var @default = new Gcp.NetworkConnectivity.InternalRange(\"default\", new()\n {\n Name = \"automatic-reservation\",\n Network = defaultNetwork.Id,\n Usage = \"FOR_VPC\",\n Peering = \"FOR_SELF\",\n PrefixLength = 24,\n TargetCidrRanges = new[]\n {\n \"192.16.0.0/16\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"internal-ranges\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewInternalRange(ctx, \"default\", \u0026networkconnectivity.InternalRangeArgs{\n\t\t\tName: pulumi.String(\"automatic-reservation\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tUsage: pulumi.String(\"FOR_VPC\"),\n\t\t\tPeering: pulumi.String(\"FOR_SELF\"),\n\t\t\tPrefixLength: pulumi.Int(24),\n\t\t\tTargetCidrRanges: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"192.16.0.0/16\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.networkconnectivity.InternalRange;\nimport com.pulumi.gcp.networkconnectivity.InternalRangeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"internal-ranges\")\n .autoCreateSubnetworks(false)\n .build());\n\n var default_ = new InternalRange(\"default\", InternalRangeArgs.builder()\n .name(\"automatic-reservation\")\n .network(defaultNetwork.id())\n .usage(\"FOR_VPC\")\n .peering(\"FOR_SELF\")\n .prefixLength(24)\n .targetCidrRanges(\"192.16.0.0/16\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:networkconnectivity:InternalRange\n properties:\n name: automatic-reservation\n network: ${defaultNetwork.id}\n usage: FOR_VPC\n peering: FOR_SELF\n prefixLength: 24\n targetCidrRanges:\n - 192.16.0.0/16\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: internal-ranges\n autoCreateSubnetworks: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Connectivity Internal Ranges External Ranges\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultNetwork = new gcp.compute.Network(\"default\", {\n name: \"internal-ranges\",\n autoCreateSubnetworks: false,\n});\nconst _default = new gcp.networkconnectivity.InternalRange(\"default\", {\n name: \"external-ranges\",\n network: defaultNetwork.id,\n usage: \"EXTERNAL_TO_VPC\",\n peering: \"FOR_SELF\",\n ipCidrRange: \"172.16.0.0/24\",\n labels: {\n \"external-reserved-range\": \"on-premises\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_network = gcp.compute.Network(\"default\",\n name=\"internal-ranges\",\n auto_create_subnetworks=False)\ndefault = gcp.networkconnectivity.InternalRange(\"default\",\n name=\"external-ranges\",\n network=default_network.id,\n usage=\"EXTERNAL_TO_VPC\",\n peering=\"FOR_SELF\",\n ip_cidr_range=\"172.16.0.0/24\",\n labels={\n \"external-reserved-range\": \"on-premises\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"internal-ranges\",\n AutoCreateSubnetworks = false,\n });\n\n var @default = new Gcp.NetworkConnectivity.InternalRange(\"default\", new()\n {\n Name = \"external-ranges\",\n Network = defaultNetwork.Id,\n Usage = \"EXTERNAL_TO_VPC\",\n Peering = \"FOR_SELF\",\n IpCidrRange = \"172.16.0.0/24\",\n Labels = \n {\n { \"external-reserved-range\", \"on-premises\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"internal-ranges\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewInternalRange(ctx, \"default\", \u0026networkconnectivity.InternalRangeArgs{\n\t\t\tName: pulumi.String(\"external-ranges\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tUsage: pulumi.String(\"EXTERNAL_TO_VPC\"),\n\t\t\tPeering: pulumi.String(\"FOR_SELF\"),\n\t\t\tIpCidrRange: pulumi.String(\"172.16.0.0/24\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"external-reserved-range\": pulumi.String(\"on-premises\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.networkconnectivity.InternalRange;\nimport com.pulumi.gcp.networkconnectivity.InternalRangeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"internal-ranges\")\n .autoCreateSubnetworks(false)\n .build());\n\n var default_ = new InternalRange(\"default\", InternalRangeArgs.builder()\n .name(\"external-ranges\")\n .network(defaultNetwork.id())\n .usage(\"EXTERNAL_TO_VPC\")\n .peering(\"FOR_SELF\")\n .ipCidrRange(\"172.16.0.0/24\")\n .labels(Map.of(\"external-reserved-range\", \"on-premises\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:networkconnectivity:InternalRange\n properties:\n name: external-ranges\n network: ${defaultNetwork.id}\n usage: EXTERNAL_TO_VPC\n peering: FOR_SELF\n ipCidrRange: 172.16.0.0/24\n labels:\n external-reserved-range: on-premises\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: internal-ranges\n autoCreateSubnetworks: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Connectivity Internal Ranges Reserve With Overlap\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultNetwork = new gcp.compute.Network(\"default\", {\n name: \"internal-ranges\",\n autoCreateSubnetworks: false,\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"overlapping-subnet\",\n ipCidrRange: \"10.0.0.0/24\",\n region: \"us-central1\",\n network: defaultNetwork.id,\n});\nconst _default = new gcp.networkconnectivity.InternalRange(\"default\", {\n name: \"overlap-range\",\n description: \"Test internal range\",\n network: defaultNetwork.id,\n usage: \"FOR_VPC\",\n peering: \"FOR_SELF\",\n ipCidrRange: \"10.0.0.0/30\",\n overlaps: [\"OVERLAP_EXISTING_SUBNET_RANGE\"],\n}, {\n dependsOn: [defaultSubnetwork],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_network = gcp.compute.Network(\"default\",\n name=\"internal-ranges\",\n auto_create_subnetworks=False)\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"overlapping-subnet\",\n ip_cidr_range=\"10.0.0.0/24\",\n region=\"us-central1\",\n network=default_network.id)\ndefault = gcp.networkconnectivity.InternalRange(\"default\",\n name=\"overlap-range\",\n description=\"Test internal range\",\n network=default_network.id,\n usage=\"FOR_VPC\",\n peering=\"FOR_SELF\",\n ip_cidr_range=\"10.0.0.0/30\",\n overlaps=[\"OVERLAP_EXISTING_SUBNET_RANGE\"],\n opts = pulumi.ResourceOptions(depends_on=[default_subnetwork]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"internal-ranges\",\n AutoCreateSubnetworks = false,\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"overlapping-subnet\",\n IpCidrRange = \"10.0.0.0/24\",\n Region = \"us-central1\",\n Network = defaultNetwork.Id,\n });\n\n var @default = new Gcp.NetworkConnectivity.InternalRange(\"default\", new()\n {\n Name = \"overlap-range\",\n Description = \"Test internal range\",\n Network = defaultNetwork.Id,\n Usage = \"FOR_VPC\",\n Peering = \"FOR_SELF\",\n IpCidrRange = \"10.0.0.0/30\",\n Overlaps = new[]\n {\n \"OVERLAP_EXISTING_SUBNET_RANGE\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n defaultSubnetwork,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"internal-ranges\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"overlapping-subnet\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/24\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewInternalRange(ctx, \"default\", \u0026networkconnectivity.InternalRangeArgs{\n\t\t\tName: pulumi.String(\"overlap-range\"),\n\t\t\tDescription: pulumi.String(\"Test internal range\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tUsage: pulumi.String(\"FOR_VPC\"),\n\t\t\tPeering: pulumi.String(\"FOR_SELF\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/30\"),\n\t\t\tOverlaps: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"OVERLAP_EXISTING_SUBNET_RANGE\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdefaultSubnetwork,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.networkconnectivity.InternalRange;\nimport com.pulumi.gcp.networkconnectivity.InternalRangeArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"internal-ranges\")\n .autoCreateSubnetworks(false)\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"overlapping-subnet\")\n .ipCidrRange(\"10.0.0.0/24\")\n .region(\"us-central1\")\n .network(defaultNetwork.id())\n .build());\n\n var default_ = new InternalRange(\"default\", InternalRangeArgs.builder()\n .name(\"overlap-range\")\n .description(\"Test internal range\")\n .network(defaultNetwork.id())\n .usage(\"FOR_VPC\")\n .peering(\"FOR_SELF\")\n .ipCidrRange(\"10.0.0.0/30\")\n .overlaps(\"OVERLAP_EXISTING_SUBNET_RANGE\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(defaultSubnetwork)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:networkconnectivity:InternalRange\n properties:\n name: overlap-range\n description: Test internal range\n network: ${defaultNetwork.id}\n usage: FOR_VPC\n peering: FOR_SELF\n ipCidrRange: 10.0.0.0/30\n overlaps:\n - OVERLAP_EXISTING_SUBNET_RANGE\n options:\n dependson:\n - ${defaultSubnetwork}\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: internal-ranges\n autoCreateSubnetworks: false\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: overlapping-subnet\n ipCidrRange: 10.0.0.0/24\n region: us-central1\n network: ${defaultNetwork.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Connectivity Internal Ranges Migration\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultNetwork = new gcp.compute.Network(\"default\", {\n name: \"internal-ranges\",\n autoCreateSubnetworks: false,\n});\nconst source = new gcp.compute.Subnetwork(\"source\", {\n name: \"source-subnet\",\n ipCidrRange: \"10.1.0.0/16\",\n region: \"us-central1\",\n network: defaultNetwork.name,\n});\nconst targetProject = gcp.organizations.getProject({});\nconst _default = new gcp.networkconnectivity.InternalRange(\"default\", {\n name: \"migration\",\n description: \"Test internal range\",\n network: defaultNetwork.selfLink,\n usage: \"FOR_MIGRATION\",\n peering: \"FOR_SELF\",\n ipCidrRange: \"10.1.0.0/16\",\n migration: {\n source: source.selfLink,\n target: targetProject.then(targetProject =\u003e `projects/${targetProject.projectId}/regions/us-central1/subnetworks/target-subnet`),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_network = gcp.compute.Network(\"default\",\n name=\"internal-ranges\",\n auto_create_subnetworks=False)\nsource = gcp.compute.Subnetwork(\"source\",\n name=\"source-subnet\",\n ip_cidr_range=\"10.1.0.0/16\",\n region=\"us-central1\",\n network=default_network.name)\ntarget_project = gcp.organizations.get_project()\ndefault = gcp.networkconnectivity.InternalRange(\"default\",\n name=\"migration\",\n description=\"Test internal range\",\n network=default_network.self_link,\n usage=\"FOR_MIGRATION\",\n peering=\"FOR_SELF\",\n ip_cidr_range=\"10.1.0.0/16\",\n migration={\n \"source\": source.self_link,\n \"target\": f\"projects/{target_project.project_id}/regions/us-central1/subnetworks/target-subnet\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"internal-ranges\",\n AutoCreateSubnetworks = false,\n });\n\n var source = new Gcp.Compute.Subnetwork(\"source\", new()\n {\n Name = \"source-subnet\",\n IpCidrRange = \"10.1.0.0/16\",\n Region = \"us-central1\",\n Network = defaultNetwork.Name,\n });\n\n var targetProject = Gcp.Organizations.GetProject.Invoke();\n\n var @default = new Gcp.NetworkConnectivity.InternalRange(\"default\", new()\n {\n Name = \"migration\",\n Description = \"Test internal range\",\n Network = defaultNetwork.SelfLink,\n Usage = \"FOR_MIGRATION\",\n Peering = \"FOR_SELF\",\n IpCidrRange = \"10.1.0.0/16\",\n Migration = new Gcp.NetworkConnectivity.Inputs.InternalRangeMigrationArgs\n {\n Source = source.SelfLink,\n Target = $\"projects/{targetProject.Apply(getProjectResult =\u003e getProjectResult.ProjectId)}/regions/us-central1/subnetworks/target-subnet\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"internal-ranges\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsource, err := compute.NewSubnetwork(ctx, \"source\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"source-subnet\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.1.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: defaultNetwork.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttargetProject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewInternalRange(ctx, \"default\", \u0026networkconnectivity.InternalRangeArgs{\n\t\t\tName: pulumi.String(\"migration\"),\n\t\t\tDescription: pulumi.String(\"Test internal range\"),\n\t\t\tNetwork: defaultNetwork.SelfLink,\n\t\t\tUsage: pulumi.String(\"FOR_MIGRATION\"),\n\t\t\tPeering: pulumi.String(\"FOR_SELF\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.1.0.0/16\"),\n\t\t\tMigration: \u0026networkconnectivity.InternalRangeMigrationArgs{\n\t\t\t\tSource: source.SelfLink,\n\t\t\t\tTarget: pulumi.Sprintf(\"projects/%v/regions/us-central1/subnetworks/target-subnet\", targetProject.ProjectId),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.networkconnectivity.InternalRange;\nimport com.pulumi.gcp.networkconnectivity.InternalRangeArgs;\nimport com.pulumi.gcp.networkconnectivity.inputs.InternalRangeMigrationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"internal-ranges\")\n .autoCreateSubnetworks(false)\n .build());\n\n var source = new Subnetwork(\"source\", SubnetworkArgs.builder()\n .name(\"source-subnet\")\n .ipCidrRange(\"10.1.0.0/16\")\n .region(\"us-central1\")\n .network(defaultNetwork.name())\n .build());\n\n final var targetProject = OrganizationsFunctions.getProject();\n\n var default_ = new InternalRange(\"default\", InternalRangeArgs.builder()\n .name(\"migration\")\n .description(\"Test internal range\")\n .network(defaultNetwork.selfLink())\n .usage(\"FOR_MIGRATION\")\n .peering(\"FOR_SELF\")\n .ipCidrRange(\"10.1.0.0/16\")\n .migration(InternalRangeMigrationArgs.builder()\n .source(source.selfLink())\n .target(String.format(\"projects/%s/regions/us-central1/subnetworks/target-subnet\", targetProject.applyValue(getProjectResult -\u003e getProjectResult.projectId())))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:networkconnectivity:InternalRange\n properties:\n name: migration\n description: Test internal range\n network: ${defaultNetwork.selfLink}\n usage: FOR_MIGRATION\n peering: FOR_SELF\n ipCidrRange: 10.1.0.0/16\n migration:\n source: ${source.selfLink}\n target: projects/${targetProject.projectId}/regions/us-central1/subnetworks/target-subnet\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: internal-ranges\n autoCreateSubnetworks: false\n source:\n type: gcp:compute:Subnetwork\n properties:\n name: source-subnet\n ipCidrRange: 10.1.0.0/16\n region: us-central1\n network: ${defaultNetwork.name}\nvariables:\n targetProject:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInternalRange can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/global/internalRanges/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, InternalRange can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:networkconnectivity/internalRange:InternalRange default projects/{{project}}/locations/global/internalRanges/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networkconnectivity/internalRange:InternalRange default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networkconnectivity/internalRange:InternalRange default {{name}}\n```\n\n", + "description": "The internal range resource for IPAM operations within a VPC network. Used to represent a private address range along with behavioral characterstics of that range (its usage and peering behavior). Networking resources can link to this range if they are created as belonging to it.\n\n\nTo get more information about InternalRange, see:\n\n* [API documentation](https://cloud.google.com/network-connectivity/docs/reference/networkconnectivity/rest/v1/projects.locations.internalRanges)\n* How-to Guides\n * [Use internal ranges](https://cloud.google.com/vpc/docs/create-use-internal-ranges)\n\n## Example Usage\n\n### Network Connectivity Internal Ranges Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultNetwork = new gcp.compute.Network(\"default\", {\n name: \"internal-ranges\",\n autoCreateSubnetworks: false,\n});\nconst _default = new gcp.networkconnectivity.InternalRange(\"default\", {\n name: \"basic\",\n description: \"Test internal range\",\n network: defaultNetwork.selfLink,\n usage: \"FOR_VPC\",\n peering: \"FOR_SELF\",\n ipCidrRange: \"10.0.0.0/24\",\n labels: {\n \"label-a\": \"b\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_network = gcp.compute.Network(\"default\",\n name=\"internal-ranges\",\n auto_create_subnetworks=False)\ndefault = gcp.networkconnectivity.InternalRange(\"default\",\n name=\"basic\",\n description=\"Test internal range\",\n network=default_network.self_link,\n usage=\"FOR_VPC\",\n peering=\"FOR_SELF\",\n ip_cidr_range=\"10.0.0.0/24\",\n labels={\n \"label-a\": \"b\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"internal-ranges\",\n AutoCreateSubnetworks = false,\n });\n\n var @default = new Gcp.NetworkConnectivity.InternalRange(\"default\", new()\n {\n Name = \"basic\",\n Description = \"Test internal range\",\n Network = defaultNetwork.SelfLink,\n Usage = \"FOR_VPC\",\n Peering = \"FOR_SELF\",\n IpCidrRange = \"10.0.0.0/24\",\n Labels = \n {\n { \"label-a\", \"b\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"internal-ranges\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewInternalRange(ctx, \"default\", \u0026networkconnectivity.InternalRangeArgs{\n\t\t\tName: pulumi.String(\"basic\"),\n\t\t\tDescription: pulumi.String(\"Test internal range\"),\n\t\t\tNetwork: defaultNetwork.SelfLink,\n\t\t\tUsage: pulumi.String(\"FOR_VPC\"),\n\t\t\tPeering: pulumi.String(\"FOR_SELF\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/24\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-a\": pulumi.String(\"b\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.networkconnectivity.InternalRange;\nimport com.pulumi.gcp.networkconnectivity.InternalRangeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"internal-ranges\")\n .autoCreateSubnetworks(false)\n .build());\n\n var default_ = new InternalRange(\"default\", InternalRangeArgs.builder()\n .name(\"basic\")\n .description(\"Test internal range\")\n .network(defaultNetwork.selfLink())\n .usage(\"FOR_VPC\")\n .peering(\"FOR_SELF\")\n .ipCidrRange(\"10.0.0.0/24\")\n .labels(Map.of(\"label-a\", \"b\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:networkconnectivity:InternalRange\n properties:\n name: basic\n description: Test internal range\n network: ${defaultNetwork.selfLink}\n usage: FOR_VPC\n peering: FOR_SELF\n ipCidrRange: 10.0.0.0/24\n labels:\n label-a: b\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: internal-ranges\n autoCreateSubnetworks: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Connectivity Internal Ranges Automatic Reservation\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultNetwork = new gcp.compute.Network(\"default\", {\n name: \"internal-ranges\",\n autoCreateSubnetworks: false,\n});\nconst _default = new gcp.networkconnectivity.InternalRange(\"default\", {\n name: \"automatic-reservation\",\n network: defaultNetwork.id,\n usage: \"FOR_VPC\",\n peering: \"FOR_SELF\",\n prefixLength: 24,\n targetCidrRanges: [\"192.16.0.0/16\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_network = gcp.compute.Network(\"default\",\n name=\"internal-ranges\",\n auto_create_subnetworks=False)\ndefault = gcp.networkconnectivity.InternalRange(\"default\",\n name=\"automatic-reservation\",\n network=default_network.id,\n usage=\"FOR_VPC\",\n peering=\"FOR_SELF\",\n prefix_length=24,\n target_cidr_ranges=[\"192.16.0.0/16\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"internal-ranges\",\n AutoCreateSubnetworks = false,\n });\n\n var @default = new Gcp.NetworkConnectivity.InternalRange(\"default\", new()\n {\n Name = \"automatic-reservation\",\n Network = defaultNetwork.Id,\n Usage = \"FOR_VPC\",\n Peering = \"FOR_SELF\",\n PrefixLength = 24,\n TargetCidrRanges = new[]\n {\n \"192.16.0.0/16\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"internal-ranges\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewInternalRange(ctx, \"default\", \u0026networkconnectivity.InternalRangeArgs{\n\t\t\tName: pulumi.String(\"automatic-reservation\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tUsage: pulumi.String(\"FOR_VPC\"),\n\t\t\tPeering: pulumi.String(\"FOR_SELF\"),\n\t\t\tPrefixLength: pulumi.Int(24),\n\t\t\tTargetCidrRanges: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"192.16.0.0/16\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.networkconnectivity.InternalRange;\nimport com.pulumi.gcp.networkconnectivity.InternalRangeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"internal-ranges\")\n .autoCreateSubnetworks(false)\n .build());\n\n var default_ = new InternalRange(\"default\", InternalRangeArgs.builder()\n .name(\"automatic-reservation\")\n .network(defaultNetwork.id())\n .usage(\"FOR_VPC\")\n .peering(\"FOR_SELF\")\n .prefixLength(24)\n .targetCidrRanges(\"192.16.0.0/16\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:networkconnectivity:InternalRange\n properties:\n name: automatic-reservation\n network: ${defaultNetwork.id}\n usage: FOR_VPC\n peering: FOR_SELF\n prefixLength: 24\n targetCidrRanges:\n - 192.16.0.0/16\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: internal-ranges\n autoCreateSubnetworks: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Connectivity Internal Ranges External Ranges\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultNetwork = new gcp.compute.Network(\"default\", {\n name: \"internal-ranges\",\n autoCreateSubnetworks: false,\n});\nconst _default = new gcp.networkconnectivity.InternalRange(\"default\", {\n name: \"external-ranges\",\n network: defaultNetwork.id,\n usage: \"EXTERNAL_TO_VPC\",\n peering: \"FOR_SELF\",\n ipCidrRange: \"172.16.0.0/24\",\n labels: {\n \"external-reserved-range\": \"on-premises\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_network = gcp.compute.Network(\"default\",\n name=\"internal-ranges\",\n auto_create_subnetworks=False)\ndefault = gcp.networkconnectivity.InternalRange(\"default\",\n name=\"external-ranges\",\n network=default_network.id,\n usage=\"EXTERNAL_TO_VPC\",\n peering=\"FOR_SELF\",\n ip_cidr_range=\"172.16.0.0/24\",\n labels={\n \"external-reserved-range\": \"on-premises\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"internal-ranges\",\n AutoCreateSubnetworks = false,\n });\n\n var @default = new Gcp.NetworkConnectivity.InternalRange(\"default\", new()\n {\n Name = \"external-ranges\",\n Network = defaultNetwork.Id,\n Usage = \"EXTERNAL_TO_VPC\",\n Peering = \"FOR_SELF\",\n IpCidrRange = \"172.16.0.0/24\",\n Labels = \n {\n { \"external-reserved-range\", \"on-premises\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"internal-ranges\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewInternalRange(ctx, \"default\", \u0026networkconnectivity.InternalRangeArgs{\n\t\t\tName: pulumi.String(\"external-ranges\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tUsage: pulumi.String(\"EXTERNAL_TO_VPC\"),\n\t\t\tPeering: pulumi.String(\"FOR_SELF\"),\n\t\t\tIpCidrRange: pulumi.String(\"172.16.0.0/24\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"external-reserved-range\": pulumi.String(\"on-premises\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.networkconnectivity.InternalRange;\nimport com.pulumi.gcp.networkconnectivity.InternalRangeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"internal-ranges\")\n .autoCreateSubnetworks(false)\n .build());\n\n var default_ = new InternalRange(\"default\", InternalRangeArgs.builder()\n .name(\"external-ranges\")\n .network(defaultNetwork.id())\n .usage(\"EXTERNAL_TO_VPC\")\n .peering(\"FOR_SELF\")\n .ipCidrRange(\"172.16.0.0/24\")\n .labels(Map.of(\"external-reserved-range\", \"on-premises\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:networkconnectivity:InternalRange\n properties:\n name: external-ranges\n network: ${defaultNetwork.id}\n usage: EXTERNAL_TO_VPC\n peering: FOR_SELF\n ipCidrRange: 172.16.0.0/24\n labels:\n external-reserved-range: on-premises\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: internal-ranges\n autoCreateSubnetworks: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Connectivity Internal Ranges Reserve With Overlap\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultNetwork = new gcp.compute.Network(\"default\", {\n name: \"internal-ranges\",\n autoCreateSubnetworks: false,\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"overlapping-subnet\",\n ipCidrRange: \"10.0.0.0/24\",\n region: \"us-central1\",\n network: defaultNetwork.id,\n});\nconst _default = new gcp.networkconnectivity.InternalRange(\"default\", {\n name: \"overlap-range\",\n description: \"Test internal range\",\n network: defaultNetwork.id,\n usage: \"FOR_VPC\",\n peering: \"FOR_SELF\",\n ipCidrRange: \"10.0.0.0/30\",\n overlaps: [\"OVERLAP_EXISTING_SUBNET_RANGE\"],\n}, {\n dependsOn: [defaultSubnetwork],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_network = gcp.compute.Network(\"default\",\n name=\"internal-ranges\",\n auto_create_subnetworks=False)\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"overlapping-subnet\",\n ip_cidr_range=\"10.0.0.0/24\",\n region=\"us-central1\",\n network=default_network.id)\ndefault = gcp.networkconnectivity.InternalRange(\"default\",\n name=\"overlap-range\",\n description=\"Test internal range\",\n network=default_network.id,\n usage=\"FOR_VPC\",\n peering=\"FOR_SELF\",\n ip_cidr_range=\"10.0.0.0/30\",\n overlaps=[\"OVERLAP_EXISTING_SUBNET_RANGE\"],\n opts = pulumi.ResourceOptions(depends_on=[default_subnetwork]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"internal-ranges\",\n AutoCreateSubnetworks = false,\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"overlapping-subnet\",\n IpCidrRange = \"10.0.0.0/24\",\n Region = \"us-central1\",\n Network = defaultNetwork.Id,\n });\n\n var @default = new Gcp.NetworkConnectivity.InternalRange(\"default\", new()\n {\n Name = \"overlap-range\",\n Description = \"Test internal range\",\n Network = defaultNetwork.Id,\n Usage = \"FOR_VPC\",\n Peering = \"FOR_SELF\",\n IpCidrRange = \"10.0.0.0/30\",\n Overlaps = new[]\n {\n \"OVERLAP_EXISTING_SUBNET_RANGE\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n defaultSubnetwork,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"internal-ranges\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"overlapping-subnet\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/24\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewInternalRange(ctx, \"default\", \u0026networkconnectivity.InternalRangeArgs{\n\t\t\tName: pulumi.String(\"overlap-range\"),\n\t\t\tDescription: pulumi.String(\"Test internal range\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tUsage: pulumi.String(\"FOR_VPC\"),\n\t\t\tPeering: pulumi.String(\"FOR_SELF\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/30\"),\n\t\t\tOverlaps: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"OVERLAP_EXISTING_SUBNET_RANGE\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdefaultSubnetwork,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.networkconnectivity.InternalRange;\nimport com.pulumi.gcp.networkconnectivity.InternalRangeArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"internal-ranges\")\n .autoCreateSubnetworks(false)\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"overlapping-subnet\")\n .ipCidrRange(\"10.0.0.0/24\")\n .region(\"us-central1\")\n .network(defaultNetwork.id())\n .build());\n\n var default_ = new InternalRange(\"default\", InternalRangeArgs.builder()\n .name(\"overlap-range\")\n .description(\"Test internal range\")\n .network(defaultNetwork.id())\n .usage(\"FOR_VPC\")\n .peering(\"FOR_SELF\")\n .ipCidrRange(\"10.0.0.0/30\")\n .overlaps(\"OVERLAP_EXISTING_SUBNET_RANGE\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(defaultSubnetwork)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:networkconnectivity:InternalRange\n properties:\n name: overlap-range\n description: Test internal range\n network: ${defaultNetwork.id}\n usage: FOR_VPC\n peering: FOR_SELF\n ipCidrRange: 10.0.0.0/30\n overlaps:\n - OVERLAP_EXISTING_SUBNET_RANGE\n options:\n dependsOn:\n - ${defaultSubnetwork}\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: internal-ranges\n autoCreateSubnetworks: false\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: overlapping-subnet\n ipCidrRange: 10.0.0.0/24\n region: us-central1\n network: ${defaultNetwork.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Connectivity Internal Ranges Migration\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultNetwork = new gcp.compute.Network(\"default\", {\n name: \"internal-ranges\",\n autoCreateSubnetworks: false,\n});\nconst source = new gcp.compute.Subnetwork(\"source\", {\n name: \"source-subnet\",\n ipCidrRange: \"10.1.0.0/16\",\n region: \"us-central1\",\n network: defaultNetwork.name,\n});\nconst targetProject = gcp.organizations.getProject({});\nconst _default = new gcp.networkconnectivity.InternalRange(\"default\", {\n name: \"migration\",\n description: \"Test internal range\",\n network: defaultNetwork.selfLink,\n usage: \"FOR_MIGRATION\",\n peering: \"FOR_SELF\",\n ipCidrRange: \"10.1.0.0/16\",\n migration: {\n source: source.selfLink,\n target: targetProject.then(targetProject =\u003e `projects/${targetProject.projectId}/regions/us-central1/subnetworks/target-subnet`),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_network = gcp.compute.Network(\"default\",\n name=\"internal-ranges\",\n auto_create_subnetworks=False)\nsource = gcp.compute.Subnetwork(\"source\",\n name=\"source-subnet\",\n ip_cidr_range=\"10.1.0.0/16\",\n region=\"us-central1\",\n network=default_network.name)\ntarget_project = gcp.organizations.get_project()\ndefault = gcp.networkconnectivity.InternalRange(\"default\",\n name=\"migration\",\n description=\"Test internal range\",\n network=default_network.self_link,\n usage=\"FOR_MIGRATION\",\n peering=\"FOR_SELF\",\n ip_cidr_range=\"10.1.0.0/16\",\n migration={\n \"source\": source.self_link,\n \"target\": f\"projects/{target_project.project_id}/regions/us-central1/subnetworks/target-subnet\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"internal-ranges\",\n AutoCreateSubnetworks = false,\n });\n\n var source = new Gcp.Compute.Subnetwork(\"source\", new()\n {\n Name = \"source-subnet\",\n IpCidrRange = \"10.1.0.0/16\",\n Region = \"us-central1\",\n Network = defaultNetwork.Name,\n });\n\n var targetProject = Gcp.Organizations.GetProject.Invoke();\n\n var @default = new Gcp.NetworkConnectivity.InternalRange(\"default\", new()\n {\n Name = \"migration\",\n Description = \"Test internal range\",\n Network = defaultNetwork.SelfLink,\n Usage = \"FOR_MIGRATION\",\n Peering = \"FOR_SELF\",\n IpCidrRange = \"10.1.0.0/16\",\n Migration = new Gcp.NetworkConnectivity.Inputs.InternalRangeMigrationArgs\n {\n Source = source.SelfLink,\n Target = $\"projects/{targetProject.Apply(getProjectResult =\u003e getProjectResult.ProjectId)}/regions/us-central1/subnetworks/target-subnet\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"internal-ranges\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsource, err := compute.NewSubnetwork(ctx, \"source\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"source-subnet\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.1.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: defaultNetwork.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttargetProject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewInternalRange(ctx, \"default\", \u0026networkconnectivity.InternalRangeArgs{\n\t\t\tName: pulumi.String(\"migration\"),\n\t\t\tDescription: pulumi.String(\"Test internal range\"),\n\t\t\tNetwork: defaultNetwork.SelfLink,\n\t\t\tUsage: pulumi.String(\"FOR_MIGRATION\"),\n\t\t\tPeering: pulumi.String(\"FOR_SELF\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.1.0.0/16\"),\n\t\t\tMigration: \u0026networkconnectivity.InternalRangeMigrationArgs{\n\t\t\t\tSource: source.SelfLink,\n\t\t\t\tTarget: pulumi.Sprintf(\"projects/%v/regions/us-central1/subnetworks/target-subnet\", targetProject.ProjectId),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.networkconnectivity.InternalRange;\nimport com.pulumi.gcp.networkconnectivity.InternalRangeArgs;\nimport com.pulumi.gcp.networkconnectivity.inputs.InternalRangeMigrationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"internal-ranges\")\n .autoCreateSubnetworks(false)\n .build());\n\n var source = new Subnetwork(\"source\", SubnetworkArgs.builder()\n .name(\"source-subnet\")\n .ipCidrRange(\"10.1.0.0/16\")\n .region(\"us-central1\")\n .network(defaultNetwork.name())\n .build());\n\n final var targetProject = OrganizationsFunctions.getProject();\n\n var default_ = new InternalRange(\"default\", InternalRangeArgs.builder()\n .name(\"migration\")\n .description(\"Test internal range\")\n .network(defaultNetwork.selfLink())\n .usage(\"FOR_MIGRATION\")\n .peering(\"FOR_SELF\")\n .ipCidrRange(\"10.1.0.0/16\")\n .migration(InternalRangeMigrationArgs.builder()\n .source(source.selfLink())\n .target(String.format(\"projects/%s/regions/us-central1/subnetworks/target-subnet\", targetProject.applyValue(getProjectResult -\u003e getProjectResult.projectId())))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:networkconnectivity:InternalRange\n properties:\n name: migration\n description: Test internal range\n network: ${defaultNetwork.selfLink}\n usage: FOR_MIGRATION\n peering: FOR_SELF\n ipCidrRange: 10.1.0.0/16\n migration:\n source: ${source.selfLink}\n target: projects/${targetProject.projectId}/regions/us-central1/subnetworks/target-subnet\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: internal-ranges\n autoCreateSubnetworks: false\n source:\n type: gcp:compute:Subnetwork\n properties:\n name: source-subnet\n ipCidrRange: 10.1.0.0/16\n region: us-central1\n network: ${defaultNetwork.name}\nvariables:\n targetProject:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInternalRange can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/global/internalRanges/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, InternalRange can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:networkconnectivity/internalRange:InternalRange default projects/{{project}}/locations/global/internalRanges/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networkconnectivity/internalRange:InternalRange default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networkconnectivity/internalRange:InternalRange default {{name}}\n```\n\n", "properties": { "description": { "type": "string", @@ -240989,7 +240989,7 @@ } }, "gcp:networkconnectivity/spoke:Spoke": { - "description": "The NetworkConnectivity Spoke resource\n\n\nTo get more information about Spoke, see:\n\n* [API documentation](https://cloud.google.com/network-connectivity/docs/reference/networkconnectivity/rest/v1beta/projects.locations.spokes)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/network-connectivity/docs/network-connectivity-center/concepts/overview)\n\n## Example Usage\n\n### Network Connectivity Spoke Linked Vpc Network Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network = new gcp.compute.Network(\"network\", {\n name: \"net\",\n autoCreateSubnetworks: false,\n});\nconst basicHub = new gcp.networkconnectivity.Hub(\"basic_hub\", {\n name: \"hub1\",\n description: \"A sample hub\",\n labels: {\n \"label-two\": \"value-one\",\n },\n});\nconst primary = new gcp.networkconnectivity.Spoke(\"primary\", {\n name: \"spoke1\",\n location: \"global\",\n description: \"A sample spoke with a linked router appliance instance\",\n labels: {\n \"label-one\": \"value-one\",\n },\n hub: basicHub.id,\n linkedVpcNetwork: {\n excludeExportRanges: [\n \"198.51.100.0/24\",\n \"10.10.0.0/16\",\n ],\n includeExportRanges: [\n \"198.51.100.0/23\",\n \"10.0.0.0/8\",\n ],\n uri: network.selfLink,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork = gcp.compute.Network(\"network\",\n name=\"net\",\n auto_create_subnetworks=False)\nbasic_hub = gcp.networkconnectivity.Hub(\"basic_hub\",\n name=\"hub1\",\n description=\"A sample hub\",\n labels={\n \"label-two\": \"value-one\",\n })\nprimary = gcp.networkconnectivity.Spoke(\"primary\",\n name=\"spoke1\",\n location=\"global\",\n description=\"A sample spoke with a linked router appliance instance\",\n labels={\n \"label-one\": \"value-one\",\n },\n hub=basic_hub.id,\n linked_vpc_network={\n \"exclude_export_ranges\": [\n \"198.51.100.0/24\",\n \"10.10.0.0/16\",\n ],\n \"include_export_ranges\": [\n \"198.51.100.0/23\",\n \"10.0.0.0/8\",\n ],\n \"uri\": network.self_link,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"net\",\n AutoCreateSubnetworks = false,\n });\n\n var basicHub = new Gcp.NetworkConnectivity.Hub(\"basic_hub\", new()\n {\n Name = \"hub1\",\n Description = \"A sample hub\",\n Labels = \n {\n { \"label-two\", \"value-one\" },\n },\n });\n\n var primary = new Gcp.NetworkConnectivity.Spoke(\"primary\", new()\n {\n Name = \"spoke1\",\n Location = \"global\",\n Description = \"A sample spoke with a linked router appliance instance\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n Hub = basicHub.Id,\n LinkedVpcNetwork = new Gcp.NetworkConnectivity.Inputs.SpokeLinkedVpcNetworkArgs\n {\n ExcludeExportRanges = new[]\n {\n \"198.51.100.0/24\",\n \"10.10.0.0/16\",\n },\n IncludeExportRanges = new[]\n {\n \"198.51.100.0/23\",\n \"10.0.0.0/8\",\n },\n Uri = network.SelfLink,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"net\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasicHub, err := networkconnectivity.NewHub(ctx, \"basic_hub\", \u0026networkconnectivity.HubArgs{\n\t\t\tName: pulumi.String(\"hub1\"),\n\t\t\tDescription: pulumi.String(\"A sample hub\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-two\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewSpoke(ctx, \"primary\", \u0026networkconnectivity.SpokeArgs{\n\t\t\tName: pulumi.String(\"spoke1\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tDescription: pulumi.String(\"A sample spoke with a linked router appliance instance\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tHub: basicHub.ID(),\n\t\t\tLinkedVpcNetwork: \u0026networkconnectivity.SpokeLinkedVpcNetworkArgs{\n\t\t\t\tExcludeExportRanges: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"198.51.100.0/24\"),\n\t\t\t\t\tpulumi.String(\"10.10.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tIncludeExportRanges: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"198.51.100.0/23\"),\n\t\t\t\t\tpulumi.String(\"10.0.0.0/8\"),\n\t\t\t\t},\n\t\t\t\tUri: network.SelfLink,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.networkconnectivity.Hub;\nimport com.pulumi.gcp.networkconnectivity.HubArgs;\nimport com.pulumi.gcp.networkconnectivity.Spoke;\nimport com.pulumi.gcp.networkconnectivity.SpokeArgs;\nimport com.pulumi.gcp.networkconnectivity.inputs.SpokeLinkedVpcNetworkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"net\")\n .autoCreateSubnetworks(false)\n .build());\n\n var basicHub = new Hub(\"basicHub\", HubArgs.builder()\n .name(\"hub1\")\n .description(\"A sample hub\")\n .labels(Map.of(\"label-two\", \"value-one\"))\n .build());\n\n var primary = new Spoke(\"primary\", SpokeArgs.builder()\n .name(\"spoke1\")\n .location(\"global\")\n .description(\"A sample spoke with a linked router appliance instance\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .hub(basicHub.id())\n .linkedVpcNetwork(SpokeLinkedVpcNetworkArgs.builder()\n .excludeExportRanges( \n \"198.51.100.0/24\",\n \"10.10.0.0/16\")\n .includeExportRanges( \n \"198.51.100.0/23\",\n \"10.0.0.0/8\")\n .uri(network.selfLink())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n network:\n type: gcp:compute:Network\n properties:\n name: net\n autoCreateSubnetworks: false\n basicHub:\n type: gcp:networkconnectivity:Hub\n name: basic_hub\n properties:\n name: hub1\n description: A sample hub\n labels:\n label-two: value-one\n primary:\n type: gcp:networkconnectivity:Spoke\n properties:\n name: spoke1\n location: global\n description: A sample spoke with a linked router appliance instance\n labels:\n label-one: value-one\n hub: ${basicHub.id}\n linkedVpcNetwork:\n excludeExportRanges:\n - 198.51.100.0/24\n - 10.10.0.0/16\n includeExportRanges:\n - 198.51.100.0/23\n - 10.0.0.0/8\n uri: ${network.selfLink}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Connectivity Spoke Router Appliance Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network = new gcp.compute.Network(\"network\", {\n name: \"tf-test-network_75413\",\n autoCreateSubnetworks: false,\n});\nconst subnetwork = new gcp.compute.Subnetwork(\"subnetwork\", {\n name: \"tf-test-subnet_55138\",\n ipCidrRange: \"10.0.0.0/28\",\n region: \"us-central1\",\n network: network.selfLink,\n});\nconst instance = new gcp.compute.Instance(\"instance\", {\n name: \"tf-test-instance_37559\",\n machineType: \"e2-medium\",\n canIpForward: true,\n zone: \"us-central1-a\",\n bootDisk: {\n initializeParams: {\n image: \"projects/debian-cloud/global/images/debian-10-buster-v20210817\",\n },\n },\n networkInterfaces: [{\n subnetwork: subnetwork.name,\n networkIp: \"10.0.0.2\",\n accessConfigs: [{\n networkTier: \"PREMIUM\",\n }],\n }],\n});\nconst basicHub = new gcp.networkconnectivity.Hub(\"basic_hub\", {\n name: \"tf-test-hub_91980\",\n description: \"A sample hub\",\n labels: {\n \"label-two\": \"value-one\",\n },\n});\nconst primary = new gcp.networkconnectivity.Spoke(\"primary\", {\n name: \"tf-test-name_37118\",\n location: \"us-central1\",\n description: \"A sample spoke with a linked routher appliance instance\",\n labels: {\n \"label-one\": \"value-one\",\n },\n hub: basicHub.id,\n linkedRouterApplianceInstances: {\n instances: [{\n virtualMachine: instance.selfLink,\n ipAddress: \"10.0.0.2\",\n }],\n siteToSiteDataTransfer: true,\n includeImportRanges: [\"ALL_IPV4_RANGES\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork = gcp.compute.Network(\"network\",\n name=\"tf-test-network_75413\",\n auto_create_subnetworks=False)\nsubnetwork = gcp.compute.Subnetwork(\"subnetwork\",\n name=\"tf-test-subnet_55138\",\n ip_cidr_range=\"10.0.0.0/28\",\n region=\"us-central1\",\n network=network.self_link)\ninstance = gcp.compute.Instance(\"instance\",\n name=\"tf-test-instance_37559\",\n machine_type=\"e2-medium\",\n can_ip_forward=True,\n zone=\"us-central1-a\",\n boot_disk={\n \"initialize_params\": {\n \"image\": \"projects/debian-cloud/global/images/debian-10-buster-v20210817\",\n },\n },\n network_interfaces=[{\n \"subnetwork\": subnetwork.name,\n \"network_ip\": \"10.0.0.2\",\n \"access_configs\": [{\n \"network_tier\": \"PREMIUM\",\n }],\n }])\nbasic_hub = gcp.networkconnectivity.Hub(\"basic_hub\",\n name=\"tf-test-hub_91980\",\n description=\"A sample hub\",\n labels={\n \"label-two\": \"value-one\",\n })\nprimary = gcp.networkconnectivity.Spoke(\"primary\",\n name=\"tf-test-name_37118\",\n location=\"us-central1\",\n description=\"A sample spoke with a linked routher appliance instance\",\n labels={\n \"label-one\": \"value-one\",\n },\n hub=basic_hub.id,\n linked_router_appliance_instances={\n \"instances\": [{\n \"virtual_machine\": instance.self_link,\n \"ip_address\": \"10.0.0.2\",\n }],\n \"site_to_site_data_transfer\": True,\n \"include_import_ranges\": [\"ALL_IPV4_RANGES\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"tf-test-network_75413\",\n AutoCreateSubnetworks = false,\n });\n\n var subnetwork = new Gcp.Compute.Subnetwork(\"subnetwork\", new()\n {\n Name = \"tf-test-subnet_55138\",\n IpCidrRange = \"10.0.0.0/28\",\n Region = \"us-central1\",\n Network = network.SelfLink,\n });\n\n var instance = new Gcp.Compute.Instance(\"instance\", new()\n {\n Name = \"tf-test-instance_37559\",\n MachineType = \"e2-medium\",\n CanIpForward = true,\n Zone = \"us-central1-a\",\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = \"projects/debian-cloud/global/images/debian-10-buster-v20210817\",\n },\n },\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs\n {\n Subnetwork = subnetwork.Name,\n NetworkIp = \"10.0.0.2\",\n AccessConfigs = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceAccessConfigArgs\n {\n NetworkTier = \"PREMIUM\",\n },\n },\n },\n },\n });\n\n var basicHub = new Gcp.NetworkConnectivity.Hub(\"basic_hub\", new()\n {\n Name = \"tf-test-hub_91980\",\n Description = \"A sample hub\",\n Labels = \n {\n { \"label-two\", \"value-one\" },\n },\n });\n\n var primary = new Gcp.NetworkConnectivity.Spoke(\"primary\", new()\n {\n Name = \"tf-test-name_37118\",\n Location = \"us-central1\",\n Description = \"A sample spoke with a linked routher appliance instance\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n Hub = basicHub.Id,\n LinkedRouterApplianceInstances = new Gcp.NetworkConnectivity.Inputs.SpokeLinkedRouterApplianceInstancesArgs\n {\n Instances = new[]\n {\n new Gcp.NetworkConnectivity.Inputs.SpokeLinkedRouterApplianceInstancesInstanceArgs\n {\n VirtualMachine = instance.SelfLink,\n IpAddress = \"10.0.0.2\",\n },\n },\n SiteToSiteDataTransfer = true,\n IncludeImportRanges = new[]\n {\n \"ALL_IPV4_RANGES\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"tf-test-network_75413\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubnetwork, err := compute.NewSubnetwork(ctx, \"subnetwork\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"tf-test-subnet_55138\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/28\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: network.SelfLink,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstance, err := compute.NewInstance(ctx, \"instance\", \u0026compute.InstanceArgs{\n\t\t\tName: pulumi.String(\"tf-test-instance_37559\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tCanIpForward: pulumi.Bool(true),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\n\t\t\t\t\tImage: pulumi.String(\"projects/debian-cloud/global/images/debian-10-buster-v20210817\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworkInterfaces: compute.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tSubnetwork: subnetwork.Name,\n\t\t\t\t\tNetworkIp: pulumi.String(\"10.0.0.2\"),\n\t\t\t\t\tAccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{\n\t\t\t\t\t\t\u0026compute.InstanceNetworkInterfaceAccessConfigArgs{\n\t\t\t\t\t\t\tNetworkTier: pulumi.String(\"PREMIUM\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasicHub, err := networkconnectivity.NewHub(ctx, \"basic_hub\", \u0026networkconnectivity.HubArgs{\n\t\t\tName: pulumi.String(\"tf-test-hub_91980\"),\n\t\t\tDescription: pulumi.String(\"A sample hub\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-two\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewSpoke(ctx, \"primary\", \u0026networkconnectivity.SpokeArgs{\n\t\t\tName: pulumi.String(\"tf-test-name_37118\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"A sample spoke with a linked routher appliance instance\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tHub: basicHub.ID(),\n\t\t\tLinkedRouterApplianceInstances: \u0026networkconnectivity.SpokeLinkedRouterApplianceInstancesArgs{\n\t\t\t\tInstances: networkconnectivity.SpokeLinkedRouterApplianceInstancesInstanceArray{\n\t\t\t\t\t\u0026networkconnectivity.SpokeLinkedRouterApplianceInstancesInstanceArgs{\n\t\t\t\t\t\tVirtualMachine: instance.SelfLink,\n\t\t\t\t\t\tIpAddress: pulumi.String(\"10.0.0.2\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tSiteToSiteDataTransfer: pulumi.Bool(true),\n\t\t\t\tIncludeImportRanges: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"ALL_IPV4_RANGES\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;\nimport com.pulumi.gcp.networkconnectivity.Hub;\nimport com.pulumi.gcp.networkconnectivity.HubArgs;\nimport com.pulumi.gcp.networkconnectivity.Spoke;\nimport com.pulumi.gcp.networkconnectivity.SpokeArgs;\nimport com.pulumi.gcp.networkconnectivity.inputs.SpokeLinkedRouterApplianceInstancesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"tf-test-network_75413\")\n .autoCreateSubnetworks(false)\n .build());\n\n var subnetwork = new Subnetwork(\"subnetwork\", SubnetworkArgs.builder()\n .name(\"tf-test-subnet_55138\")\n .ipCidrRange(\"10.0.0.0/28\")\n .region(\"us-central1\")\n .network(network.selfLink())\n .build());\n\n var instance = new Instance(\"instance\", InstanceArgs.builder()\n .name(\"tf-test-instance_37559\")\n .machineType(\"e2-medium\")\n .canIpForward(true)\n .zone(\"us-central1-a\")\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(\"projects/debian-cloud/global/images/debian-10-buster-v20210817\")\n .build())\n .build())\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .subnetwork(subnetwork.name())\n .networkIp(\"10.0.0.2\")\n .accessConfigs(InstanceNetworkInterfaceAccessConfigArgs.builder()\n .networkTier(\"PREMIUM\")\n .build())\n .build())\n .build());\n\n var basicHub = new Hub(\"basicHub\", HubArgs.builder()\n .name(\"tf-test-hub_91980\")\n .description(\"A sample hub\")\n .labels(Map.of(\"label-two\", \"value-one\"))\n .build());\n\n var primary = new Spoke(\"primary\", SpokeArgs.builder()\n .name(\"tf-test-name_37118\")\n .location(\"us-central1\")\n .description(\"A sample spoke with a linked routher appliance instance\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .hub(basicHub.id())\n .linkedRouterApplianceInstances(SpokeLinkedRouterApplianceInstancesArgs.builder()\n .instances(SpokeLinkedRouterApplianceInstancesInstanceArgs.builder()\n .virtualMachine(instance.selfLink())\n .ipAddress(\"10.0.0.2\")\n .build())\n .siteToSiteDataTransfer(true)\n .includeImportRanges(\"ALL_IPV4_RANGES\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n network:\n type: gcp:compute:Network\n properties:\n name: tf-test-network_75413\n autoCreateSubnetworks: false\n subnetwork:\n type: gcp:compute:Subnetwork\n properties:\n name: tf-test-subnet_55138\n ipCidrRange: 10.0.0.0/28\n region: us-central1\n network: ${network.selfLink}\n instance:\n type: gcp:compute:Instance\n properties:\n name: tf-test-instance_37559\n machineType: e2-medium\n canIpForward: true\n zone: us-central1-a\n bootDisk:\n initializeParams:\n image: projects/debian-cloud/global/images/debian-10-buster-v20210817\n networkInterfaces:\n - subnetwork: ${subnetwork.name}\n networkIp: 10.0.0.2\n accessConfigs:\n - networkTier: PREMIUM\n basicHub:\n type: gcp:networkconnectivity:Hub\n name: basic_hub\n properties:\n name: tf-test-hub_91980\n description: A sample hub\n labels:\n label-two: value-one\n primary:\n type: gcp:networkconnectivity:Spoke\n properties:\n name: tf-test-name_37118\n location: us-central1\n description: A sample spoke with a linked routher appliance instance\n labels:\n label-one: value-one\n hub: ${basicHub.id}\n linkedRouterApplianceInstances:\n instances:\n - virtualMachine: ${instance.selfLink}\n ipAddress: 10.0.0.2\n siteToSiteDataTransfer: true\n includeImportRanges:\n - ALL_IPV4_RANGES\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Connectivity Spoke Vpn Tunnel Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basicHub = new gcp.networkconnectivity.Hub(\"basic_hub\", {\n name: \"basic-hub1\",\n description: \"A sample hub\",\n labels: {\n \"label-two\": \"value-one\",\n },\n});\nconst network = new gcp.compute.Network(\"network\", {\n name: \"basic-network\",\n autoCreateSubnetworks: false,\n});\nconst subnetwork = new gcp.compute.Subnetwork(\"subnetwork\", {\n name: \"basic-subnetwork\",\n ipCidrRange: \"10.0.0.0/28\",\n region: \"us-central1\",\n network: network.selfLink,\n});\nconst gateway = new gcp.compute.HaVpnGateway(\"gateway\", {\n name: \"vpn-gateway\",\n network: network.id,\n});\nconst externalVpnGw = new gcp.compute.ExternalVpnGateway(\"external_vpn_gw\", {\n name: \"external-vpn-gateway\",\n redundancyType: \"SINGLE_IP_INTERNALLY_REDUNDANT\",\n description: \"An externally managed VPN gateway\",\n interfaces: [{\n id: 0,\n ipAddress: \"8.8.8.8\",\n }],\n});\nconst router = new gcp.compute.Router(\"router\", {\n name: \"external-vpn-gateway\",\n region: \"us-central1\",\n network: network.name,\n bgp: {\n asn: 64514,\n },\n});\nconst tunnel1 = new gcp.compute.VPNTunnel(\"tunnel1\", {\n name: \"tunnel1\",\n region: \"us-central1\",\n vpnGateway: gateway.id,\n peerExternalGateway: externalVpnGw.id,\n peerExternalGatewayInterface: 0,\n sharedSecret: \"a secret message\",\n router: router.id,\n vpnGatewayInterface: 0,\n});\nconst tunnel2 = new gcp.compute.VPNTunnel(\"tunnel2\", {\n name: \"tunnel2\",\n region: \"us-central1\",\n vpnGateway: gateway.id,\n peerExternalGateway: externalVpnGw.id,\n peerExternalGatewayInterface: 0,\n sharedSecret: \"a secret message\",\n router: pulumi.interpolate` ${router.id}`,\n vpnGatewayInterface: 1,\n});\nconst routerInterface1 = new gcp.compute.RouterInterface(\"router_interface1\", {\n name: \"router-interface1\",\n router: router.name,\n region: \"us-central1\",\n ipRange: \"169.254.0.1/30\",\n vpnTunnel: tunnel1.name,\n});\nconst routerPeer1 = new gcp.compute.RouterPeer(\"router_peer1\", {\n name: \"router-peer1\",\n router: router.name,\n region: \"us-central1\",\n peerIpAddress: \"169.254.0.2\",\n peerAsn: 64515,\n advertisedRoutePriority: 100,\n \"interface\": routerInterface1.name,\n});\nconst routerInterface2 = new gcp.compute.RouterInterface(\"router_interface2\", {\n name: \"router-interface2\",\n router: router.name,\n region: \"us-central1\",\n ipRange: \"169.254.1.1/30\",\n vpnTunnel: tunnel2.name,\n});\nconst routerPeer2 = new gcp.compute.RouterPeer(\"router_peer2\", {\n name: \"router-peer2\",\n router: router.name,\n region: \"us-central1\",\n peerIpAddress: \"169.254.1.2\",\n peerAsn: 64515,\n advertisedRoutePriority: 100,\n \"interface\": routerInterface2.name,\n});\nconst tunnel1Spoke = new gcp.networkconnectivity.Spoke(\"tunnel1\", {\n name: \"vpn-tunnel-1-spoke\",\n location: \"us-central1\",\n description: \"A sample spoke with a linked VPN Tunnel\",\n labels: {\n \"label-one\": \"value-one\",\n },\n hub: basicHub.id,\n linkedVpnTunnels: {\n uris: [tunnel1.selfLink],\n siteToSiteDataTransfer: true,\n includeImportRanges: [\"ALL_IPV4_RANGES\"],\n },\n});\nconst tunnel2Spoke = new gcp.networkconnectivity.Spoke(\"tunnel2\", {\n name: \"vpn-tunnel-2-spoke\",\n location: \"us-central1\",\n description: \"A sample spoke with a linked VPN Tunnel\",\n labels: {\n \"label-one\": \"value-one\",\n },\n hub: basicHub.id,\n linkedVpnTunnels: {\n uris: [tunnel2.selfLink],\n siteToSiteDataTransfer: true,\n includeImportRanges: [\"ALL_IPV4_RANGES\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic_hub = gcp.networkconnectivity.Hub(\"basic_hub\",\n name=\"basic-hub1\",\n description=\"A sample hub\",\n labels={\n \"label-two\": \"value-one\",\n })\nnetwork = gcp.compute.Network(\"network\",\n name=\"basic-network\",\n auto_create_subnetworks=False)\nsubnetwork = gcp.compute.Subnetwork(\"subnetwork\",\n name=\"basic-subnetwork\",\n ip_cidr_range=\"10.0.0.0/28\",\n region=\"us-central1\",\n network=network.self_link)\ngateway = gcp.compute.HaVpnGateway(\"gateway\",\n name=\"vpn-gateway\",\n network=network.id)\nexternal_vpn_gw = gcp.compute.ExternalVpnGateway(\"external_vpn_gw\",\n name=\"external-vpn-gateway\",\n redundancy_type=\"SINGLE_IP_INTERNALLY_REDUNDANT\",\n description=\"An externally managed VPN gateway\",\n interfaces=[{\n \"id\": 0,\n \"ip_address\": \"8.8.8.8\",\n }])\nrouter = gcp.compute.Router(\"router\",\n name=\"external-vpn-gateway\",\n region=\"us-central1\",\n network=network.name,\n bgp={\n \"asn\": 64514,\n })\ntunnel1 = gcp.compute.VPNTunnel(\"tunnel1\",\n name=\"tunnel1\",\n region=\"us-central1\",\n vpn_gateway=gateway.id,\n peer_external_gateway=external_vpn_gw.id,\n peer_external_gateway_interface=0,\n shared_secret=\"a secret message\",\n router=router.id,\n vpn_gateway_interface=0)\ntunnel2 = gcp.compute.VPNTunnel(\"tunnel2\",\n name=\"tunnel2\",\n region=\"us-central1\",\n vpn_gateway=gateway.id,\n peer_external_gateway=external_vpn_gw.id,\n peer_external_gateway_interface=0,\n shared_secret=\"a secret message\",\n router=router.id.apply(lambda id: f\" {id}\"),\n vpn_gateway_interface=1)\nrouter_interface1 = gcp.compute.RouterInterface(\"router_interface1\",\n name=\"router-interface1\",\n router=router.name,\n region=\"us-central1\",\n ip_range=\"169.254.0.1/30\",\n vpn_tunnel=tunnel1.name)\nrouter_peer1 = gcp.compute.RouterPeer(\"router_peer1\",\n name=\"router-peer1\",\n router=router.name,\n region=\"us-central1\",\n peer_ip_address=\"169.254.0.2\",\n peer_asn=64515,\n advertised_route_priority=100,\n interface=router_interface1.name)\nrouter_interface2 = gcp.compute.RouterInterface(\"router_interface2\",\n name=\"router-interface2\",\n router=router.name,\n region=\"us-central1\",\n ip_range=\"169.254.1.1/30\",\n vpn_tunnel=tunnel2.name)\nrouter_peer2 = gcp.compute.RouterPeer(\"router_peer2\",\n name=\"router-peer2\",\n router=router.name,\n region=\"us-central1\",\n peer_ip_address=\"169.254.1.2\",\n peer_asn=64515,\n advertised_route_priority=100,\n interface=router_interface2.name)\ntunnel1_spoke = gcp.networkconnectivity.Spoke(\"tunnel1\",\n name=\"vpn-tunnel-1-spoke\",\n location=\"us-central1\",\n description=\"A sample spoke with a linked VPN Tunnel\",\n labels={\n \"label-one\": \"value-one\",\n },\n hub=basic_hub.id,\n linked_vpn_tunnels={\n \"uris\": [tunnel1.self_link],\n \"site_to_site_data_transfer\": True,\n \"include_import_ranges\": [\"ALL_IPV4_RANGES\"],\n })\ntunnel2_spoke = gcp.networkconnectivity.Spoke(\"tunnel2\",\n name=\"vpn-tunnel-2-spoke\",\n location=\"us-central1\",\n description=\"A sample spoke with a linked VPN Tunnel\",\n labels={\n \"label-one\": \"value-one\",\n },\n hub=basic_hub.id,\n linked_vpn_tunnels={\n \"uris\": [tunnel2.self_link],\n \"site_to_site_data_transfer\": True,\n \"include_import_ranges\": [\"ALL_IPV4_RANGES\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basicHub = new Gcp.NetworkConnectivity.Hub(\"basic_hub\", new()\n {\n Name = \"basic-hub1\",\n Description = \"A sample hub\",\n Labels = \n {\n { \"label-two\", \"value-one\" },\n },\n });\n\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"basic-network\",\n AutoCreateSubnetworks = false,\n });\n\n var subnetwork = new Gcp.Compute.Subnetwork(\"subnetwork\", new()\n {\n Name = \"basic-subnetwork\",\n IpCidrRange = \"10.0.0.0/28\",\n Region = \"us-central1\",\n Network = network.SelfLink,\n });\n\n var gateway = new Gcp.Compute.HaVpnGateway(\"gateway\", new()\n {\n Name = \"vpn-gateway\",\n Network = network.Id,\n });\n\n var externalVpnGw = new Gcp.Compute.ExternalVpnGateway(\"external_vpn_gw\", new()\n {\n Name = \"external-vpn-gateway\",\n RedundancyType = \"SINGLE_IP_INTERNALLY_REDUNDANT\",\n Description = \"An externally managed VPN gateway\",\n Interfaces = new[]\n {\n new Gcp.Compute.Inputs.ExternalVpnGatewayInterfaceArgs\n {\n Id = 0,\n IpAddress = \"8.8.8.8\",\n },\n },\n });\n\n var router = new Gcp.Compute.Router(\"router\", new()\n {\n Name = \"external-vpn-gateway\",\n Region = \"us-central1\",\n Network = network.Name,\n Bgp = new Gcp.Compute.Inputs.RouterBgpArgs\n {\n Asn = 64514,\n },\n });\n\n var tunnel1 = new Gcp.Compute.VPNTunnel(\"tunnel1\", new()\n {\n Name = \"tunnel1\",\n Region = \"us-central1\",\n VpnGateway = gateway.Id,\n PeerExternalGateway = externalVpnGw.Id,\n PeerExternalGatewayInterface = 0,\n SharedSecret = \"a secret message\",\n Router = router.Id,\n VpnGatewayInterface = 0,\n });\n\n var tunnel2 = new Gcp.Compute.VPNTunnel(\"tunnel2\", new()\n {\n Name = \"tunnel2\",\n Region = \"us-central1\",\n VpnGateway = gateway.Id,\n PeerExternalGateway = externalVpnGw.Id,\n PeerExternalGatewayInterface = 0,\n SharedSecret = \"a secret message\",\n Router = router.Id.Apply(id =\u003e $\" {id}\"),\n VpnGatewayInterface = 1,\n });\n\n var routerInterface1 = new Gcp.Compute.RouterInterface(\"router_interface1\", new()\n {\n Name = \"router-interface1\",\n Router = router.Name,\n Region = \"us-central1\",\n IpRange = \"169.254.0.1/30\",\n VpnTunnel = tunnel1.Name,\n });\n\n var routerPeer1 = new Gcp.Compute.RouterPeer(\"router_peer1\", new()\n {\n Name = \"router-peer1\",\n Router = router.Name,\n Region = \"us-central1\",\n PeerIpAddress = \"169.254.0.2\",\n PeerAsn = 64515,\n AdvertisedRoutePriority = 100,\n Interface = routerInterface1.Name,\n });\n\n var routerInterface2 = new Gcp.Compute.RouterInterface(\"router_interface2\", new()\n {\n Name = \"router-interface2\",\n Router = router.Name,\n Region = \"us-central1\",\n IpRange = \"169.254.1.1/30\",\n VpnTunnel = tunnel2.Name,\n });\n\n var routerPeer2 = new Gcp.Compute.RouterPeer(\"router_peer2\", new()\n {\n Name = \"router-peer2\",\n Router = router.Name,\n Region = \"us-central1\",\n PeerIpAddress = \"169.254.1.2\",\n PeerAsn = 64515,\n AdvertisedRoutePriority = 100,\n Interface = routerInterface2.Name,\n });\n\n var tunnel1Spoke = new Gcp.NetworkConnectivity.Spoke(\"tunnel1\", new()\n {\n Name = \"vpn-tunnel-1-spoke\",\n Location = \"us-central1\",\n Description = \"A sample spoke with a linked VPN Tunnel\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n Hub = basicHub.Id,\n LinkedVpnTunnels = new Gcp.NetworkConnectivity.Inputs.SpokeLinkedVpnTunnelsArgs\n {\n Uris = new[]\n {\n tunnel1.SelfLink,\n },\n SiteToSiteDataTransfer = true,\n IncludeImportRanges = new[]\n {\n \"ALL_IPV4_RANGES\",\n },\n },\n });\n\n var tunnel2Spoke = new Gcp.NetworkConnectivity.Spoke(\"tunnel2\", new()\n {\n Name = \"vpn-tunnel-2-spoke\",\n Location = \"us-central1\",\n Description = \"A sample spoke with a linked VPN Tunnel\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n Hub = basicHub.Id,\n LinkedVpnTunnels = new Gcp.NetworkConnectivity.Inputs.SpokeLinkedVpnTunnelsArgs\n {\n Uris = new[]\n {\n tunnel2.SelfLink,\n },\n SiteToSiteDataTransfer = true,\n IncludeImportRanges = new[]\n {\n \"ALL_IPV4_RANGES\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbasicHub, err := networkconnectivity.NewHub(ctx, \"basic_hub\", \u0026networkconnectivity.HubArgs{\n\t\t\tName: pulumi.String(\"basic-hub1\"),\n\t\t\tDescription: pulumi.String(\"A sample hub\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-two\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"basic-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetwork(ctx, \"subnetwork\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"basic-subnetwork\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/28\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: network.SelfLink,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgateway, err := compute.NewHaVpnGateway(ctx, \"gateway\", \u0026compute.HaVpnGatewayArgs{\n\t\t\tName: pulumi.String(\"vpn-gateway\"),\n\t\t\tNetwork: network.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texternalVpnGw, err := compute.NewExternalVpnGateway(ctx, \"external_vpn_gw\", \u0026compute.ExternalVpnGatewayArgs{\n\t\t\tName: pulumi.String(\"external-vpn-gateway\"),\n\t\t\tRedundancyType: pulumi.String(\"SINGLE_IP_INTERNALLY_REDUNDANT\"),\n\t\t\tDescription: pulumi.String(\"An externally managed VPN gateway\"),\n\t\t\tInterfaces: compute.ExternalVpnGatewayInterfaceArray{\n\t\t\t\t\u0026compute.ExternalVpnGatewayInterfaceArgs{\n\t\t\t\t\tId: pulumi.Int(0),\n\t\t\t\t\tIpAddress: pulumi.String(\"8.8.8.8\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trouter, err := compute.NewRouter(ctx, \"router\", \u0026compute.RouterArgs{\n\t\t\tName: pulumi.String(\"external-vpn-gateway\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: network.Name,\n\t\t\tBgp: \u0026compute.RouterBgpArgs{\n\t\t\t\tAsn: pulumi.Int(64514),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttunnel1, err := compute.NewVPNTunnel(ctx, \"tunnel1\", \u0026compute.VPNTunnelArgs{\n\t\t\tName: pulumi.String(\"tunnel1\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tVpnGateway: gateway.ID(),\n\t\t\tPeerExternalGateway: externalVpnGw.ID(),\n\t\t\tPeerExternalGatewayInterface: pulumi.Int(0),\n\t\t\tSharedSecret: pulumi.String(\"a secret message\"),\n\t\t\tRouter: router.ID(),\n\t\t\tVpnGatewayInterface: pulumi.Int(0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttunnel2, err := compute.NewVPNTunnel(ctx, \"tunnel2\", \u0026compute.VPNTunnelArgs{\n\t\t\tName: pulumi.String(\"tunnel2\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tVpnGateway: gateway.ID(),\n\t\t\tPeerExternalGateway: externalVpnGw.ID(),\n\t\t\tPeerExternalGatewayInterface: pulumi.Int(0),\n\t\t\tSharedSecret: pulumi.String(\"a secret message\"),\n\t\t\tRouter: router.ID().ApplyT(func(id string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\" %v\", id), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tVpnGatewayInterface: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trouterInterface1, err := compute.NewRouterInterface(ctx, \"router_interface1\", \u0026compute.RouterInterfaceArgs{\n\t\t\tName: pulumi.String(\"router-interface1\"),\n\t\t\tRouter: router.Name,\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tIpRange: pulumi.String(\"169.254.0.1/30\"),\n\t\t\tVpnTunnel: tunnel1.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRouterPeer(ctx, \"router_peer1\", \u0026compute.RouterPeerArgs{\n\t\t\tName: pulumi.String(\"router-peer1\"),\n\t\t\tRouter: router.Name,\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tPeerIpAddress: pulumi.String(\"169.254.0.2\"),\n\t\t\tPeerAsn: pulumi.Int(64515),\n\t\t\tAdvertisedRoutePriority: pulumi.Int(100),\n\t\t\tInterface: routerInterface1.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trouterInterface2, err := compute.NewRouterInterface(ctx, \"router_interface2\", \u0026compute.RouterInterfaceArgs{\n\t\t\tName: pulumi.String(\"router-interface2\"),\n\t\t\tRouter: router.Name,\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tIpRange: pulumi.String(\"169.254.1.1/30\"),\n\t\t\tVpnTunnel: tunnel2.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRouterPeer(ctx, \"router_peer2\", \u0026compute.RouterPeerArgs{\n\t\t\tName: pulumi.String(\"router-peer2\"),\n\t\t\tRouter: router.Name,\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tPeerIpAddress: pulumi.String(\"169.254.1.2\"),\n\t\t\tPeerAsn: pulumi.Int(64515),\n\t\t\tAdvertisedRoutePriority: pulumi.Int(100),\n\t\t\tInterface: routerInterface2.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewSpoke(ctx, \"tunnel1\", \u0026networkconnectivity.SpokeArgs{\n\t\t\tName: pulumi.String(\"vpn-tunnel-1-spoke\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"A sample spoke with a linked VPN Tunnel\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tHub: basicHub.ID(),\n\t\t\tLinkedVpnTunnels: \u0026networkconnectivity.SpokeLinkedVpnTunnelsArgs{\n\t\t\t\tUris: pulumi.StringArray{\n\t\t\t\t\ttunnel1.SelfLink,\n\t\t\t\t},\n\t\t\t\tSiteToSiteDataTransfer: pulumi.Bool(true),\n\t\t\t\tIncludeImportRanges: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"ALL_IPV4_RANGES\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewSpoke(ctx, \"tunnel2\", \u0026networkconnectivity.SpokeArgs{\n\t\t\tName: pulumi.String(\"vpn-tunnel-2-spoke\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"A sample spoke with a linked VPN Tunnel\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tHub: basicHub.ID(),\n\t\t\tLinkedVpnTunnels: \u0026networkconnectivity.SpokeLinkedVpnTunnelsArgs{\n\t\t\t\tUris: pulumi.StringArray{\n\t\t\t\t\ttunnel2.SelfLink,\n\t\t\t\t},\n\t\t\t\tSiteToSiteDataTransfer: pulumi.Bool(true),\n\t\t\t\tIncludeImportRanges: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"ALL_IPV4_RANGES\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.networkconnectivity.Hub;\nimport com.pulumi.gcp.networkconnectivity.HubArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.HaVpnGateway;\nimport com.pulumi.gcp.compute.HaVpnGatewayArgs;\nimport com.pulumi.gcp.compute.ExternalVpnGateway;\nimport com.pulumi.gcp.compute.ExternalVpnGatewayArgs;\nimport com.pulumi.gcp.compute.inputs.ExternalVpnGatewayInterfaceArgs;\nimport com.pulumi.gcp.compute.Router;\nimport com.pulumi.gcp.compute.RouterArgs;\nimport com.pulumi.gcp.compute.inputs.RouterBgpArgs;\nimport com.pulumi.gcp.compute.VPNTunnel;\nimport com.pulumi.gcp.compute.VPNTunnelArgs;\nimport com.pulumi.gcp.compute.RouterInterface;\nimport com.pulumi.gcp.compute.RouterInterfaceArgs;\nimport com.pulumi.gcp.compute.RouterPeer;\nimport com.pulumi.gcp.compute.RouterPeerArgs;\nimport com.pulumi.gcp.networkconnectivity.Spoke;\nimport com.pulumi.gcp.networkconnectivity.SpokeArgs;\nimport com.pulumi.gcp.networkconnectivity.inputs.SpokeLinkedVpnTunnelsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basicHub = new Hub(\"basicHub\", HubArgs.builder()\n .name(\"basic-hub1\")\n .description(\"A sample hub\")\n .labels(Map.of(\"label-two\", \"value-one\"))\n .build());\n\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"basic-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var subnetwork = new Subnetwork(\"subnetwork\", SubnetworkArgs.builder()\n .name(\"basic-subnetwork\")\n .ipCidrRange(\"10.0.0.0/28\")\n .region(\"us-central1\")\n .network(network.selfLink())\n .build());\n\n var gateway = new HaVpnGateway(\"gateway\", HaVpnGatewayArgs.builder()\n .name(\"vpn-gateway\")\n .network(network.id())\n .build());\n\n var externalVpnGw = new ExternalVpnGateway(\"externalVpnGw\", ExternalVpnGatewayArgs.builder()\n .name(\"external-vpn-gateway\")\n .redundancyType(\"SINGLE_IP_INTERNALLY_REDUNDANT\")\n .description(\"An externally managed VPN gateway\")\n .interfaces(ExternalVpnGatewayInterfaceArgs.builder()\n .id(0)\n .ipAddress(\"8.8.8.8\")\n .build())\n .build());\n\n var router = new Router(\"router\", RouterArgs.builder()\n .name(\"external-vpn-gateway\")\n .region(\"us-central1\")\n .network(network.name())\n .bgp(RouterBgpArgs.builder()\n .asn(64514)\n .build())\n .build());\n\n var tunnel1 = new VPNTunnel(\"tunnel1\", VPNTunnelArgs.builder()\n .name(\"tunnel1\")\n .region(\"us-central1\")\n .vpnGateway(gateway.id())\n .peerExternalGateway(externalVpnGw.id())\n .peerExternalGatewayInterface(0)\n .sharedSecret(\"a secret message\")\n .router(router.id())\n .vpnGatewayInterface(0)\n .build());\n\n var tunnel2 = new VPNTunnel(\"tunnel2\", VPNTunnelArgs.builder()\n .name(\"tunnel2\")\n .region(\"us-central1\")\n .vpnGateway(gateway.id())\n .peerExternalGateway(externalVpnGw.id())\n .peerExternalGatewayInterface(0)\n .sharedSecret(\"a secret message\")\n .router(router.id().applyValue(id -\u003e String.format(\" %s\", id)))\n .vpnGatewayInterface(1)\n .build());\n\n var routerInterface1 = new RouterInterface(\"routerInterface1\", RouterInterfaceArgs.builder()\n .name(\"router-interface1\")\n .router(router.name())\n .region(\"us-central1\")\n .ipRange(\"169.254.0.1/30\")\n .vpnTunnel(tunnel1.name())\n .build());\n\n var routerPeer1 = new RouterPeer(\"routerPeer1\", RouterPeerArgs.builder()\n .name(\"router-peer1\")\n .router(router.name())\n .region(\"us-central1\")\n .peerIpAddress(\"169.254.0.2\")\n .peerAsn(64515)\n .advertisedRoutePriority(100)\n .interface_(routerInterface1.name())\n .build());\n\n var routerInterface2 = new RouterInterface(\"routerInterface2\", RouterInterfaceArgs.builder()\n .name(\"router-interface2\")\n .router(router.name())\n .region(\"us-central1\")\n .ipRange(\"169.254.1.1/30\")\n .vpnTunnel(tunnel2.name())\n .build());\n\n var routerPeer2 = new RouterPeer(\"routerPeer2\", RouterPeerArgs.builder()\n .name(\"router-peer2\")\n .router(router.name())\n .region(\"us-central1\")\n .peerIpAddress(\"169.254.1.2\")\n .peerAsn(64515)\n .advertisedRoutePriority(100)\n .interface_(routerInterface2.name())\n .build());\n\n var tunnel1Spoke = new Spoke(\"tunnel1Spoke\", SpokeArgs.builder()\n .name(\"vpn-tunnel-1-spoke\")\n .location(\"us-central1\")\n .description(\"A sample spoke with a linked VPN Tunnel\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .hub(basicHub.id())\n .linkedVpnTunnels(SpokeLinkedVpnTunnelsArgs.builder()\n .uris(tunnel1.selfLink())\n .siteToSiteDataTransfer(true)\n .includeImportRanges(\"ALL_IPV4_RANGES\")\n .build())\n .build());\n\n var tunnel2Spoke = new Spoke(\"tunnel2Spoke\", SpokeArgs.builder()\n .name(\"vpn-tunnel-2-spoke\")\n .location(\"us-central1\")\n .description(\"A sample spoke with a linked VPN Tunnel\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .hub(basicHub.id())\n .linkedVpnTunnels(SpokeLinkedVpnTunnelsArgs.builder()\n .uris(tunnel2.selfLink())\n .siteToSiteDataTransfer(true)\n .includeImportRanges(\"ALL_IPV4_RANGES\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basicHub:\n type: gcp:networkconnectivity:Hub\n name: basic_hub\n properties:\n name: basic-hub1\n description: A sample hub\n labels:\n label-two: value-one\n network:\n type: gcp:compute:Network\n properties:\n name: basic-network\n autoCreateSubnetworks: false\n subnetwork:\n type: gcp:compute:Subnetwork\n properties:\n name: basic-subnetwork\n ipCidrRange: 10.0.0.0/28\n region: us-central1\n network: ${network.selfLink}\n gateway:\n type: gcp:compute:HaVpnGateway\n properties:\n name: vpn-gateway\n network: ${network.id}\n externalVpnGw:\n type: gcp:compute:ExternalVpnGateway\n name: external_vpn_gw\n properties:\n name: external-vpn-gateway\n redundancyType: SINGLE_IP_INTERNALLY_REDUNDANT\n description: An externally managed VPN gateway\n interfaces:\n - id: 0\n ipAddress: 8.8.8.8\n router:\n type: gcp:compute:Router\n properties:\n name: external-vpn-gateway\n region: us-central1\n network: ${network.name}\n bgp:\n asn: 64514\n tunnel1:\n type: gcp:compute:VPNTunnel\n properties:\n name: tunnel1\n region: us-central1\n vpnGateway: ${gateway.id}\n peerExternalGateway: ${externalVpnGw.id}\n peerExternalGatewayInterface: 0\n sharedSecret: a secret message\n router: ${router.id}\n vpnGatewayInterface: 0\n tunnel2:\n type: gcp:compute:VPNTunnel\n properties:\n name: tunnel2\n region: us-central1\n vpnGateway: ${gateway.id}\n peerExternalGateway: ${externalVpnGw.id}\n peerExternalGatewayInterface: 0\n sharedSecret: a secret message\n router: ' ${router.id}'\n vpnGatewayInterface: 1\n routerInterface1:\n type: gcp:compute:RouterInterface\n name: router_interface1\n properties:\n name: router-interface1\n router: ${router.name}\n region: us-central1\n ipRange: 169.254.0.1/30\n vpnTunnel: ${tunnel1.name}\n routerPeer1:\n type: gcp:compute:RouterPeer\n name: router_peer1\n properties:\n name: router-peer1\n router: ${router.name}\n region: us-central1\n peerIpAddress: 169.254.0.2\n peerAsn: 64515\n advertisedRoutePriority: 100\n interface: ${routerInterface1.name}\n routerInterface2:\n type: gcp:compute:RouterInterface\n name: router_interface2\n properties:\n name: router-interface2\n router: ${router.name}\n region: us-central1\n ipRange: 169.254.1.1/30\n vpnTunnel: ${tunnel2.name}\n routerPeer2:\n type: gcp:compute:RouterPeer\n name: router_peer2\n properties:\n name: router-peer2\n router: ${router.name}\n region: us-central1\n peerIpAddress: 169.254.1.2\n peerAsn: 64515\n advertisedRoutePriority: 100\n interface: ${routerInterface2.name}\n tunnel1Spoke:\n type: gcp:networkconnectivity:Spoke\n name: tunnel1\n properties:\n name: vpn-tunnel-1-spoke\n location: us-central1\n description: A sample spoke with a linked VPN Tunnel\n labels:\n label-one: value-one\n hub: ${basicHub.id}\n linkedVpnTunnels:\n uris:\n - ${tunnel1.selfLink}\n siteToSiteDataTransfer: true\n includeImportRanges:\n - ALL_IPV4_RANGES\n tunnel2Spoke:\n type: gcp:networkconnectivity:Spoke\n name: tunnel2\n properties:\n name: vpn-tunnel-2-spoke\n location: us-central1\n description: A sample spoke with a linked VPN Tunnel\n labels:\n label-one: value-one\n hub: ${basicHub.id}\n linkedVpnTunnels:\n uris:\n - ${tunnel2.selfLink}\n siteToSiteDataTransfer: true\n includeImportRanges:\n - ALL_IPV4_RANGES\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Connectivity Spoke Interconnect Attachment Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basicHub = new gcp.networkconnectivity.Hub(\"basic_hub\", {\n name: \"basic-hub1\",\n description: \"A sample hub\",\n labels: {\n \"label-two\": \"value-one\",\n },\n});\nconst network = new gcp.compute.Network(\"network\", {\n name: \"basic-network\",\n autoCreateSubnetworks: false,\n});\nconst router = new gcp.compute.Router(\"router\", {\n name: \"external-vpn-gateway\",\n region: \"us-central1\",\n network: network.name,\n bgp: {\n asn: 16550,\n },\n});\nconst interconnect_attachment = new gcp.compute.InterconnectAttachment(\"interconnect-attachment\", {\n name: \"partner-interconnect1\",\n edgeAvailabilityDomain: \"AVAILABILITY_DOMAIN_1\",\n type: \"PARTNER\",\n router: router.id,\n mtu: \"1500\",\n region: \"us-central1\",\n});\nconst primary = new gcp.networkconnectivity.Spoke(\"primary\", {\n name: \"interconnect-attachment-spoke\",\n location: \"us-central1\",\n description: \"A sample spoke with a linked Interconnect Attachment\",\n labels: {\n \"label-one\": \"value-one\",\n },\n hub: basicHub.id,\n linkedInterconnectAttachments: {\n uris: [interconnect_attachment.selfLink],\n siteToSiteDataTransfer: true,\n includeImportRanges: [\"ALL_IPV4_RANGES\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic_hub = gcp.networkconnectivity.Hub(\"basic_hub\",\n name=\"basic-hub1\",\n description=\"A sample hub\",\n labels={\n \"label-two\": \"value-one\",\n })\nnetwork = gcp.compute.Network(\"network\",\n name=\"basic-network\",\n auto_create_subnetworks=False)\nrouter = gcp.compute.Router(\"router\",\n name=\"external-vpn-gateway\",\n region=\"us-central1\",\n network=network.name,\n bgp={\n \"asn\": 16550,\n })\ninterconnect_attachment = gcp.compute.InterconnectAttachment(\"interconnect-attachment\",\n name=\"partner-interconnect1\",\n edge_availability_domain=\"AVAILABILITY_DOMAIN_1\",\n type=\"PARTNER\",\n router=router.id,\n mtu=\"1500\",\n region=\"us-central1\")\nprimary = gcp.networkconnectivity.Spoke(\"primary\",\n name=\"interconnect-attachment-spoke\",\n location=\"us-central1\",\n description=\"A sample spoke with a linked Interconnect Attachment\",\n labels={\n \"label-one\": \"value-one\",\n },\n hub=basic_hub.id,\n linked_interconnect_attachments={\n \"uris\": [interconnect_attachment.self_link],\n \"site_to_site_data_transfer\": True,\n \"include_import_ranges\": [\"ALL_IPV4_RANGES\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basicHub = new Gcp.NetworkConnectivity.Hub(\"basic_hub\", new()\n {\n Name = \"basic-hub1\",\n Description = \"A sample hub\",\n Labels = \n {\n { \"label-two\", \"value-one\" },\n },\n });\n\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"basic-network\",\n AutoCreateSubnetworks = false,\n });\n\n var router = new Gcp.Compute.Router(\"router\", new()\n {\n Name = \"external-vpn-gateway\",\n Region = \"us-central1\",\n Network = network.Name,\n Bgp = new Gcp.Compute.Inputs.RouterBgpArgs\n {\n Asn = 16550,\n },\n });\n\n var interconnect_attachment = new Gcp.Compute.InterconnectAttachment(\"interconnect-attachment\", new()\n {\n Name = \"partner-interconnect1\",\n EdgeAvailabilityDomain = \"AVAILABILITY_DOMAIN_1\",\n Type = \"PARTNER\",\n Router = router.Id,\n Mtu = \"1500\",\n Region = \"us-central1\",\n });\n\n var primary = new Gcp.NetworkConnectivity.Spoke(\"primary\", new()\n {\n Name = \"interconnect-attachment-spoke\",\n Location = \"us-central1\",\n Description = \"A sample spoke with a linked Interconnect Attachment\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n Hub = basicHub.Id,\n LinkedInterconnectAttachments = new Gcp.NetworkConnectivity.Inputs.SpokeLinkedInterconnectAttachmentsArgs\n {\n Uris = new[]\n {\n interconnect_attachment.SelfLink,\n },\n SiteToSiteDataTransfer = true,\n IncludeImportRanges = new[]\n {\n \"ALL_IPV4_RANGES\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbasicHub, err := networkconnectivity.NewHub(ctx, \"basic_hub\", \u0026networkconnectivity.HubArgs{\n\t\t\tName: pulumi.String(\"basic-hub1\"),\n\t\t\tDescription: pulumi.String(\"A sample hub\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-two\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"basic-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trouter, err := compute.NewRouter(ctx, \"router\", \u0026compute.RouterArgs{\n\t\t\tName: pulumi.String(\"external-vpn-gateway\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: network.Name,\n\t\t\tBgp: \u0026compute.RouterBgpArgs{\n\t\t\t\tAsn: pulumi.Int(16550),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInterconnectAttachment(ctx, \"interconnect-attachment\", \u0026compute.InterconnectAttachmentArgs{\n\t\t\tName: pulumi.String(\"partner-interconnect1\"),\n\t\t\tEdgeAvailabilityDomain: pulumi.String(\"AVAILABILITY_DOMAIN_1\"),\n\t\t\tType: pulumi.String(\"PARTNER\"),\n\t\t\tRouter: router.ID(),\n\t\t\tMtu: pulumi.String(\"1500\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewSpoke(ctx, \"primary\", \u0026networkconnectivity.SpokeArgs{\n\t\t\tName: pulumi.String(\"interconnect-attachment-spoke\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"A sample spoke with a linked Interconnect Attachment\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tHub: basicHub.ID(),\n\t\t\tLinkedInterconnectAttachments: \u0026networkconnectivity.SpokeLinkedInterconnectAttachmentsArgs{\n\t\t\t\tUris: pulumi.StringArray{\n\t\t\t\t\tinterconnect_attachment.SelfLink,\n\t\t\t\t},\n\t\t\t\tSiteToSiteDataTransfer: pulumi.Bool(true),\n\t\t\t\tIncludeImportRanges: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"ALL_IPV4_RANGES\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.networkconnectivity.Hub;\nimport com.pulumi.gcp.networkconnectivity.HubArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Router;\nimport com.pulumi.gcp.compute.RouterArgs;\nimport com.pulumi.gcp.compute.inputs.RouterBgpArgs;\nimport com.pulumi.gcp.compute.InterconnectAttachment;\nimport com.pulumi.gcp.compute.InterconnectAttachmentArgs;\nimport com.pulumi.gcp.networkconnectivity.Spoke;\nimport com.pulumi.gcp.networkconnectivity.SpokeArgs;\nimport com.pulumi.gcp.networkconnectivity.inputs.SpokeLinkedInterconnectAttachmentsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basicHub = new Hub(\"basicHub\", HubArgs.builder()\n .name(\"basic-hub1\")\n .description(\"A sample hub\")\n .labels(Map.of(\"label-two\", \"value-one\"))\n .build());\n\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"basic-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var router = new Router(\"router\", RouterArgs.builder()\n .name(\"external-vpn-gateway\")\n .region(\"us-central1\")\n .network(network.name())\n .bgp(RouterBgpArgs.builder()\n .asn(16550)\n .build())\n .build());\n\n var interconnect_attachment = new InterconnectAttachment(\"interconnect-attachment\", InterconnectAttachmentArgs.builder()\n .name(\"partner-interconnect1\")\n .edgeAvailabilityDomain(\"AVAILABILITY_DOMAIN_1\")\n .type(\"PARTNER\")\n .router(router.id())\n .mtu(1500)\n .region(\"us-central1\")\n .build());\n\n var primary = new Spoke(\"primary\", SpokeArgs.builder()\n .name(\"interconnect-attachment-spoke\")\n .location(\"us-central1\")\n .description(\"A sample spoke with a linked Interconnect Attachment\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .hub(basicHub.id())\n .linkedInterconnectAttachments(SpokeLinkedInterconnectAttachmentsArgs.builder()\n .uris(interconnect_attachment.selfLink())\n .siteToSiteDataTransfer(true)\n .includeImportRanges(\"ALL_IPV4_RANGES\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basicHub:\n type: gcp:networkconnectivity:Hub\n name: basic_hub\n properties:\n name: basic-hub1\n description: A sample hub\n labels:\n label-two: value-one\n network:\n type: gcp:compute:Network\n properties:\n name: basic-network\n autoCreateSubnetworks: false\n router:\n type: gcp:compute:Router\n properties:\n name: external-vpn-gateway\n region: us-central1\n network: ${network.name}\n bgp:\n asn: 16550\n interconnect-attachment:\n type: gcp:compute:InterconnectAttachment\n properties:\n name: partner-interconnect1\n edgeAvailabilityDomain: AVAILABILITY_DOMAIN_1\n type: PARTNER\n router: ${router.id}\n mtu: 1500\n region: us-central1\n primary:\n type: gcp:networkconnectivity:Spoke\n properties:\n name: interconnect-attachment-spoke\n location: us-central1\n description: A sample spoke with a linked Interconnect Attachment\n labels:\n label-one: value-one\n hub: ${basicHub.id}\n linkedInterconnectAttachments:\n uris:\n - ${[\"interconnect-attachment\"].selfLink}\n siteToSiteDataTransfer: true\n includeImportRanges:\n - ALL_IPV4_RANGES\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Connectivity Spoke Linked Producer Vpc Network Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network = new gcp.compute.Network(\"network\", {\n name: \"net-spoke\",\n autoCreateSubnetworks: false,\n});\nconst address = new gcp.compute.GlobalAddress(\"address\", {\n name: \"test-address\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: network.id,\n});\nconst peering = new gcp.servicenetworking.Connection(\"peering\", {\n network: network.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [address.name],\n});\nconst basicHub = new gcp.networkconnectivity.Hub(\"basic_hub\", {name: \"hub-basic\"});\nconst linkedVpcSpoke = new gcp.networkconnectivity.Spoke(\"linked_vpc_spoke\", {\n name: \"vpc-spoke\",\n location: \"global\",\n hub: basicHub.id,\n linkedVpcNetwork: {\n uri: network.selfLink,\n },\n});\nconst primary = new gcp.networkconnectivity.Spoke(\"primary\", {\n name: \"producer-spoke\",\n location: \"global\",\n description: \"A sample spoke with a linked router appliance instance\",\n labels: {\n \"label-one\": \"value-one\",\n },\n hub: basicHub.id,\n linkedProducerVpcNetwork: {\n network: network.name,\n peering: peering.peering,\n excludeExportRanges: [\n \"198.51.100.0/24\",\n \"10.10.0.0/16\",\n ],\n },\n}, {\n dependsOn: [linkedVpcSpoke],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork = gcp.compute.Network(\"network\",\n name=\"net-spoke\",\n auto_create_subnetworks=False)\naddress = gcp.compute.GlobalAddress(\"address\",\n name=\"test-address\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=network.id)\npeering = gcp.servicenetworking.Connection(\"peering\",\n network=network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[address.name])\nbasic_hub = gcp.networkconnectivity.Hub(\"basic_hub\", name=\"hub-basic\")\nlinked_vpc_spoke = gcp.networkconnectivity.Spoke(\"linked_vpc_spoke\",\n name=\"vpc-spoke\",\n location=\"global\",\n hub=basic_hub.id,\n linked_vpc_network={\n \"uri\": network.self_link,\n })\nprimary = gcp.networkconnectivity.Spoke(\"primary\",\n name=\"producer-spoke\",\n location=\"global\",\n description=\"A sample spoke with a linked router appliance instance\",\n labels={\n \"label-one\": \"value-one\",\n },\n hub=basic_hub.id,\n linked_producer_vpc_network={\n \"network\": network.name,\n \"peering\": peering.peering,\n \"exclude_export_ranges\": [\n \"198.51.100.0/24\",\n \"10.10.0.0/16\",\n ],\n },\n opts = pulumi.ResourceOptions(depends_on=[linked_vpc_spoke]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"net-spoke\",\n AutoCreateSubnetworks = false,\n });\n\n var address = new Gcp.Compute.GlobalAddress(\"address\", new()\n {\n Name = \"test-address\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = network.Id,\n });\n\n var peering = new Gcp.ServiceNetworking.Connection(\"peering\", new()\n {\n Network = network.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n address.Name,\n },\n });\n\n var basicHub = new Gcp.NetworkConnectivity.Hub(\"basic_hub\", new()\n {\n Name = \"hub-basic\",\n });\n\n var linkedVpcSpoke = new Gcp.NetworkConnectivity.Spoke(\"linked_vpc_spoke\", new()\n {\n Name = \"vpc-spoke\",\n Location = \"global\",\n Hub = basicHub.Id,\n LinkedVpcNetwork = new Gcp.NetworkConnectivity.Inputs.SpokeLinkedVpcNetworkArgs\n {\n Uri = network.SelfLink,\n },\n });\n\n var primary = new Gcp.NetworkConnectivity.Spoke(\"primary\", new()\n {\n Name = \"producer-spoke\",\n Location = \"global\",\n Description = \"A sample spoke with a linked router appliance instance\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n Hub = basicHub.Id,\n LinkedProducerVpcNetwork = new Gcp.NetworkConnectivity.Inputs.SpokeLinkedProducerVpcNetworkArgs\n {\n Network = network.Name,\n Peering = peering.Peering,\n ExcludeExportRanges = new[]\n {\n \"198.51.100.0/24\",\n \"10.10.0.0/16\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n linkedVpcSpoke,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"net-spoke\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\taddress, err := compute.NewGlobalAddress(ctx, \"address\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"test-address\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: network.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeering, err := servicenetworking.NewConnection(ctx, \"peering\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: network.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\taddress.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasicHub, err := networkconnectivity.NewHub(ctx, \"basic_hub\", \u0026networkconnectivity.HubArgs{\n\t\t\tName: pulumi.String(\"hub-basic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlinkedVpcSpoke, err := networkconnectivity.NewSpoke(ctx, \"linked_vpc_spoke\", \u0026networkconnectivity.SpokeArgs{\n\t\t\tName: pulumi.String(\"vpc-spoke\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tHub: basicHub.ID(),\n\t\t\tLinkedVpcNetwork: \u0026networkconnectivity.SpokeLinkedVpcNetworkArgs{\n\t\t\t\tUri: network.SelfLink,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewSpoke(ctx, \"primary\", \u0026networkconnectivity.SpokeArgs{\n\t\t\tName: pulumi.String(\"producer-spoke\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tDescription: pulumi.String(\"A sample spoke with a linked router appliance instance\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tHub: basicHub.ID(),\n\t\t\tLinkedProducerVpcNetwork: \u0026networkconnectivity.SpokeLinkedProducerVpcNetworkArgs{\n\t\t\t\tNetwork: network.Name,\n\t\t\t\tPeering: peering.Peering,\n\t\t\t\tExcludeExportRanges: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"198.51.100.0/24\"),\n\t\t\t\t\tpulumi.String(\"10.10.0.0/16\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tlinkedVpcSpoke,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.networkconnectivity.Hub;\nimport com.pulumi.gcp.networkconnectivity.HubArgs;\nimport com.pulumi.gcp.networkconnectivity.Spoke;\nimport com.pulumi.gcp.networkconnectivity.SpokeArgs;\nimport com.pulumi.gcp.networkconnectivity.inputs.SpokeLinkedVpcNetworkArgs;\nimport com.pulumi.gcp.networkconnectivity.inputs.SpokeLinkedProducerVpcNetworkArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"net-spoke\")\n .autoCreateSubnetworks(false)\n .build());\n\n var address = new GlobalAddress(\"address\", GlobalAddressArgs.builder()\n .name(\"test-address\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(network.id())\n .build());\n\n var peering = new Connection(\"peering\", ConnectionArgs.builder()\n .network(network.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(address.name())\n .build());\n\n var basicHub = new Hub(\"basicHub\", HubArgs.builder()\n .name(\"hub-basic\")\n .build());\n\n var linkedVpcSpoke = new Spoke(\"linkedVpcSpoke\", SpokeArgs.builder()\n .name(\"vpc-spoke\")\n .location(\"global\")\n .hub(basicHub.id())\n .linkedVpcNetwork(SpokeLinkedVpcNetworkArgs.builder()\n .uri(network.selfLink())\n .build())\n .build());\n\n var primary = new Spoke(\"primary\", SpokeArgs.builder()\n .name(\"producer-spoke\")\n .location(\"global\")\n .description(\"A sample spoke with a linked router appliance instance\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .hub(basicHub.id())\n .linkedProducerVpcNetwork(SpokeLinkedProducerVpcNetworkArgs.builder()\n .network(network.name())\n .peering(peering.peering())\n .excludeExportRanges( \n \"198.51.100.0/24\",\n \"10.10.0.0/16\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(linkedVpcSpoke)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n network:\n type: gcp:compute:Network\n properties:\n name: net-spoke\n autoCreateSubnetworks: false\n address:\n type: gcp:compute:GlobalAddress\n properties:\n name: test-address\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${network.id}\n peering:\n type: gcp:servicenetworking:Connection\n properties:\n network: ${network.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${address.name}\n basicHub:\n type: gcp:networkconnectivity:Hub\n name: basic_hub\n properties:\n name: hub-basic\n linkedVpcSpoke:\n type: gcp:networkconnectivity:Spoke\n name: linked_vpc_spoke\n properties:\n name: vpc-spoke\n location: global\n hub: ${basicHub.id}\n linkedVpcNetwork:\n uri: ${network.selfLink}\n primary:\n type: gcp:networkconnectivity:Spoke\n properties:\n name: producer-spoke\n location: global\n description: A sample spoke with a linked router appliance instance\n labels:\n label-one: value-one\n hub: ${basicHub.id}\n linkedProducerVpcNetwork:\n network: ${network.name}\n peering: ${peering.peering}\n excludeExportRanges:\n - 198.51.100.0/24\n - 10.10.0.0/16\n options:\n dependson:\n - ${linkedVpcSpoke}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nSpoke can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/spokes/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Spoke can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:networkconnectivity/spoke:Spoke default projects/{{project}}/locations/{{location}}/spokes/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networkconnectivity/spoke:Spoke default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networkconnectivity/spoke:Spoke default {{location}}/{{name}}\n```\n\n", + "description": "The NetworkConnectivity Spoke resource\n\n\nTo get more information about Spoke, see:\n\n* [API documentation](https://cloud.google.com/network-connectivity/docs/reference/networkconnectivity/rest/v1beta/projects.locations.spokes)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/network-connectivity/docs/network-connectivity-center/concepts/overview)\n\n## Example Usage\n\n### Network Connectivity Spoke Linked Vpc Network Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network = new gcp.compute.Network(\"network\", {\n name: \"net\",\n autoCreateSubnetworks: false,\n});\nconst basicHub = new gcp.networkconnectivity.Hub(\"basic_hub\", {\n name: \"hub1\",\n description: \"A sample hub\",\n labels: {\n \"label-two\": \"value-one\",\n },\n});\nconst primary = new gcp.networkconnectivity.Spoke(\"primary\", {\n name: \"spoke1\",\n location: \"global\",\n description: \"A sample spoke with a linked router appliance instance\",\n labels: {\n \"label-one\": \"value-one\",\n },\n hub: basicHub.id,\n linkedVpcNetwork: {\n excludeExportRanges: [\n \"198.51.100.0/24\",\n \"10.10.0.0/16\",\n ],\n includeExportRanges: [\n \"198.51.100.0/23\",\n \"10.0.0.0/8\",\n ],\n uri: network.selfLink,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork = gcp.compute.Network(\"network\",\n name=\"net\",\n auto_create_subnetworks=False)\nbasic_hub = gcp.networkconnectivity.Hub(\"basic_hub\",\n name=\"hub1\",\n description=\"A sample hub\",\n labels={\n \"label-two\": \"value-one\",\n })\nprimary = gcp.networkconnectivity.Spoke(\"primary\",\n name=\"spoke1\",\n location=\"global\",\n description=\"A sample spoke with a linked router appliance instance\",\n labels={\n \"label-one\": \"value-one\",\n },\n hub=basic_hub.id,\n linked_vpc_network={\n \"exclude_export_ranges\": [\n \"198.51.100.0/24\",\n \"10.10.0.0/16\",\n ],\n \"include_export_ranges\": [\n \"198.51.100.0/23\",\n \"10.0.0.0/8\",\n ],\n \"uri\": network.self_link,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"net\",\n AutoCreateSubnetworks = false,\n });\n\n var basicHub = new Gcp.NetworkConnectivity.Hub(\"basic_hub\", new()\n {\n Name = \"hub1\",\n Description = \"A sample hub\",\n Labels = \n {\n { \"label-two\", \"value-one\" },\n },\n });\n\n var primary = new Gcp.NetworkConnectivity.Spoke(\"primary\", new()\n {\n Name = \"spoke1\",\n Location = \"global\",\n Description = \"A sample spoke with a linked router appliance instance\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n Hub = basicHub.Id,\n LinkedVpcNetwork = new Gcp.NetworkConnectivity.Inputs.SpokeLinkedVpcNetworkArgs\n {\n ExcludeExportRanges = new[]\n {\n \"198.51.100.0/24\",\n \"10.10.0.0/16\",\n },\n IncludeExportRanges = new[]\n {\n \"198.51.100.0/23\",\n \"10.0.0.0/8\",\n },\n Uri = network.SelfLink,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"net\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasicHub, err := networkconnectivity.NewHub(ctx, \"basic_hub\", \u0026networkconnectivity.HubArgs{\n\t\t\tName: pulumi.String(\"hub1\"),\n\t\t\tDescription: pulumi.String(\"A sample hub\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-two\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewSpoke(ctx, \"primary\", \u0026networkconnectivity.SpokeArgs{\n\t\t\tName: pulumi.String(\"spoke1\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tDescription: pulumi.String(\"A sample spoke with a linked router appliance instance\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tHub: basicHub.ID(),\n\t\t\tLinkedVpcNetwork: \u0026networkconnectivity.SpokeLinkedVpcNetworkArgs{\n\t\t\t\tExcludeExportRanges: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"198.51.100.0/24\"),\n\t\t\t\t\tpulumi.String(\"10.10.0.0/16\"),\n\t\t\t\t},\n\t\t\t\tIncludeExportRanges: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"198.51.100.0/23\"),\n\t\t\t\t\tpulumi.String(\"10.0.0.0/8\"),\n\t\t\t\t},\n\t\t\t\tUri: network.SelfLink,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.networkconnectivity.Hub;\nimport com.pulumi.gcp.networkconnectivity.HubArgs;\nimport com.pulumi.gcp.networkconnectivity.Spoke;\nimport com.pulumi.gcp.networkconnectivity.SpokeArgs;\nimport com.pulumi.gcp.networkconnectivity.inputs.SpokeLinkedVpcNetworkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"net\")\n .autoCreateSubnetworks(false)\n .build());\n\n var basicHub = new Hub(\"basicHub\", HubArgs.builder()\n .name(\"hub1\")\n .description(\"A sample hub\")\n .labels(Map.of(\"label-two\", \"value-one\"))\n .build());\n\n var primary = new Spoke(\"primary\", SpokeArgs.builder()\n .name(\"spoke1\")\n .location(\"global\")\n .description(\"A sample spoke with a linked router appliance instance\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .hub(basicHub.id())\n .linkedVpcNetwork(SpokeLinkedVpcNetworkArgs.builder()\n .excludeExportRanges( \n \"198.51.100.0/24\",\n \"10.10.0.0/16\")\n .includeExportRanges( \n \"198.51.100.0/23\",\n \"10.0.0.0/8\")\n .uri(network.selfLink())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n network:\n type: gcp:compute:Network\n properties:\n name: net\n autoCreateSubnetworks: false\n basicHub:\n type: gcp:networkconnectivity:Hub\n name: basic_hub\n properties:\n name: hub1\n description: A sample hub\n labels:\n label-two: value-one\n primary:\n type: gcp:networkconnectivity:Spoke\n properties:\n name: spoke1\n location: global\n description: A sample spoke with a linked router appliance instance\n labels:\n label-one: value-one\n hub: ${basicHub.id}\n linkedVpcNetwork:\n excludeExportRanges:\n - 198.51.100.0/24\n - 10.10.0.0/16\n includeExportRanges:\n - 198.51.100.0/23\n - 10.0.0.0/8\n uri: ${network.selfLink}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Connectivity Spoke Router Appliance Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network = new gcp.compute.Network(\"network\", {\n name: \"tf-test-network_75413\",\n autoCreateSubnetworks: false,\n});\nconst subnetwork = new gcp.compute.Subnetwork(\"subnetwork\", {\n name: \"tf-test-subnet_55138\",\n ipCidrRange: \"10.0.0.0/28\",\n region: \"us-central1\",\n network: network.selfLink,\n});\nconst instance = new gcp.compute.Instance(\"instance\", {\n name: \"tf-test-instance_37559\",\n machineType: \"e2-medium\",\n canIpForward: true,\n zone: \"us-central1-a\",\n bootDisk: {\n initializeParams: {\n image: \"projects/debian-cloud/global/images/debian-10-buster-v20210817\",\n },\n },\n networkInterfaces: [{\n subnetwork: subnetwork.name,\n networkIp: \"10.0.0.2\",\n accessConfigs: [{\n networkTier: \"PREMIUM\",\n }],\n }],\n});\nconst basicHub = new gcp.networkconnectivity.Hub(\"basic_hub\", {\n name: \"tf-test-hub_91980\",\n description: \"A sample hub\",\n labels: {\n \"label-two\": \"value-one\",\n },\n});\nconst primary = new gcp.networkconnectivity.Spoke(\"primary\", {\n name: \"tf-test-name_37118\",\n location: \"us-central1\",\n description: \"A sample spoke with a linked routher appliance instance\",\n labels: {\n \"label-one\": \"value-one\",\n },\n hub: basicHub.id,\n linkedRouterApplianceInstances: {\n instances: [{\n virtualMachine: instance.selfLink,\n ipAddress: \"10.0.0.2\",\n }],\n siteToSiteDataTransfer: true,\n includeImportRanges: [\"ALL_IPV4_RANGES\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork = gcp.compute.Network(\"network\",\n name=\"tf-test-network_75413\",\n auto_create_subnetworks=False)\nsubnetwork = gcp.compute.Subnetwork(\"subnetwork\",\n name=\"tf-test-subnet_55138\",\n ip_cidr_range=\"10.0.0.0/28\",\n region=\"us-central1\",\n network=network.self_link)\ninstance = gcp.compute.Instance(\"instance\",\n name=\"tf-test-instance_37559\",\n machine_type=\"e2-medium\",\n can_ip_forward=True,\n zone=\"us-central1-a\",\n boot_disk={\n \"initialize_params\": {\n \"image\": \"projects/debian-cloud/global/images/debian-10-buster-v20210817\",\n },\n },\n network_interfaces=[{\n \"subnetwork\": subnetwork.name,\n \"network_ip\": \"10.0.0.2\",\n \"access_configs\": [{\n \"network_tier\": \"PREMIUM\",\n }],\n }])\nbasic_hub = gcp.networkconnectivity.Hub(\"basic_hub\",\n name=\"tf-test-hub_91980\",\n description=\"A sample hub\",\n labels={\n \"label-two\": \"value-one\",\n })\nprimary = gcp.networkconnectivity.Spoke(\"primary\",\n name=\"tf-test-name_37118\",\n location=\"us-central1\",\n description=\"A sample spoke with a linked routher appliance instance\",\n labels={\n \"label-one\": \"value-one\",\n },\n hub=basic_hub.id,\n linked_router_appliance_instances={\n \"instances\": [{\n \"virtual_machine\": instance.self_link,\n \"ip_address\": \"10.0.0.2\",\n }],\n \"site_to_site_data_transfer\": True,\n \"include_import_ranges\": [\"ALL_IPV4_RANGES\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"tf-test-network_75413\",\n AutoCreateSubnetworks = false,\n });\n\n var subnetwork = new Gcp.Compute.Subnetwork(\"subnetwork\", new()\n {\n Name = \"tf-test-subnet_55138\",\n IpCidrRange = \"10.0.0.0/28\",\n Region = \"us-central1\",\n Network = network.SelfLink,\n });\n\n var instance = new Gcp.Compute.Instance(\"instance\", new()\n {\n Name = \"tf-test-instance_37559\",\n MachineType = \"e2-medium\",\n CanIpForward = true,\n Zone = \"us-central1-a\",\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = \"projects/debian-cloud/global/images/debian-10-buster-v20210817\",\n },\n },\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs\n {\n Subnetwork = subnetwork.Name,\n NetworkIp = \"10.0.0.2\",\n AccessConfigs = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceAccessConfigArgs\n {\n NetworkTier = \"PREMIUM\",\n },\n },\n },\n },\n });\n\n var basicHub = new Gcp.NetworkConnectivity.Hub(\"basic_hub\", new()\n {\n Name = \"tf-test-hub_91980\",\n Description = \"A sample hub\",\n Labels = \n {\n { \"label-two\", \"value-one\" },\n },\n });\n\n var primary = new Gcp.NetworkConnectivity.Spoke(\"primary\", new()\n {\n Name = \"tf-test-name_37118\",\n Location = \"us-central1\",\n Description = \"A sample spoke with a linked routher appliance instance\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n Hub = basicHub.Id,\n LinkedRouterApplianceInstances = new Gcp.NetworkConnectivity.Inputs.SpokeLinkedRouterApplianceInstancesArgs\n {\n Instances = new[]\n {\n new Gcp.NetworkConnectivity.Inputs.SpokeLinkedRouterApplianceInstancesInstanceArgs\n {\n VirtualMachine = instance.SelfLink,\n IpAddress = \"10.0.0.2\",\n },\n },\n SiteToSiteDataTransfer = true,\n IncludeImportRanges = new[]\n {\n \"ALL_IPV4_RANGES\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"tf-test-network_75413\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubnetwork, err := compute.NewSubnetwork(ctx, \"subnetwork\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"tf-test-subnet_55138\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/28\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: network.SelfLink,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstance, err := compute.NewInstance(ctx, \"instance\", \u0026compute.InstanceArgs{\n\t\t\tName: pulumi.String(\"tf-test-instance_37559\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tCanIpForward: pulumi.Bool(true),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\n\t\t\t\t\tImage: pulumi.String(\"projects/debian-cloud/global/images/debian-10-buster-v20210817\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworkInterfaces: compute.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tSubnetwork: subnetwork.Name,\n\t\t\t\t\tNetworkIp: pulumi.String(\"10.0.0.2\"),\n\t\t\t\t\tAccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{\n\t\t\t\t\t\t\u0026compute.InstanceNetworkInterfaceAccessConfigArgs{\n\t\t\t\t\t\t\tNetworkTier: pulumi.String(\"PREMIUM\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasicHub, err := networkconnectivity.NewHub(ctx, \"basic_hub\", \u0026networkconnectivity.HubArgs{\n\t\t\tName: pulumi.String(\"tf-test-hub_91980\"),\n\t\t\tDescription: pulumi.String(\"A sample hub\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-two\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewSpoke(ctx, \"primary\", \u0026networkconnectivity.SpokeArgs{\n\t\t\tName: pulumi.String(\"tf-test-name_37118\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"A sample spoke with a linked routher appliance instance\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tHub: basicHub.ID(),\n\t\t\tLinkedRouterApplianceInstances: \u0026networkconnectivity.SpokeLinkedRouterApplianceInstancesArgs{\n\t\t\t\tInstances: networkconnectivity.SpokeLinkedRouterApplianceInstancesInstanceArray{\n\t\t\t\t\t\u0026networkconnectivity.SpokeLinkedRouterApplianceInstancesInstanceArgs{\n\t\t\t\t\t\tVirtualMachine: instance.SelfLink,\n\t\t\t\t\t\tIpAddress: pulumi.String(\"10.0.0.2\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tSiteToSiteDataTransfer: pulumi.Bool(true),\n\t\t\t\tIncludeImportRanges: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"ALL_IPV4_RANGES\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;\nimport com.pulumi.gcp.networkconnectivity.Hub;\nimport com.pulumi.gcp.networkconnectivity.HubArgs;\nimport com.pulumi.gcp.networkconnectivity.Spoke;\nimport com.pulumi.gcp.networkconnectivity.SpokeArgs;\nimport com.pulumi.gcp.networkconnectivity.inputs.SpokeLinkedRouterApplianceInstancesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"tf-test-network_75413\")\n .autoCreateSubnetworks(false)\n .build());\n\n var subnetwork = new Subnetwork(\"subnetwork\", SubnetworkArgs.builder()\n .name(\"tf-test-subnet_55138\")\n .ipCidrRange(\"10.0.0.0/28\")\n .region(\"us-central1\")\n .network(network.selfLink())\n .build());\n\n var instance = new Instance(\"instance\", InstanceArgs.builder()\n .name(\"tf-test-instance_37559\")\n .machineType(\"e2-medium\")\n .canIpForward(true)\n .zone(\"us-central1-a\")\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(\"projects/debian-cloud/global/images/debian-10-buster-v20210817\")\n .build())\n .build())\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .subnetwork(subnetwork.name())\n .networkIp(\"10.0.0.2\")\n .accessConfigs(InstanceNetworkInterfaceAccessConfigArgs.builder()\n .networkTier(\"PREMIUM\")\n .build())\n .build())\n .build());\n\n var basicHub = new Hub(\"basicHub\", HubArgs.builder()\n .name(\"tf-test-hub_91980\")\n .description(\"A sample hub\")\n .labels(Map.of(\"label-two\", \"value-one\"))\n .build());\n\n var primary = new Spoke(\"primary\", SpokeArgs.builder()\n .name(\"tf-test-name_37118\")\n .location(\"us-central1\")\n .description(\"A sample spoke with a linked routher appliance instance\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .hub(basicHub.id())\n .linkedRouterApplianceInstances(SpokeLinkedRouterApplianceInstancesArgs.builder()\n .instances(SpokeLinkedRouterApplianceInstancesInstanceArgs.builder()\n .virtualMachine(instance.selfLink())\n .ipAddress(\"10.0.0.2\")\n .build())\n .siteToSiteDataTransfer(true)\n .includeImportRanges(\"ALL_IPV4_RANGES\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n network:\n type: gcp:compute:Network\n properties:\n name: tf-test-network_75413\n autoCreateSubnetworks: false\n subnetwork:\n type: gcp:compute:Subnetwork\n properties:\n name: tf-test-subnet_55138\n ipCidrRange: 10.0.0.0/28\n region: us-central1\n network: ${network.selfLink}\n instance:\n type: gcp:compute:Instance\n properties:\n name: tf-test-instance_37559\n machineType: e2-medium\n canIpForward: true\n zone: us-central1-a\n bootDisk:\n initializeParams:\n image: projects/debian-cloud/global/images/debian-10-buster-v20210817\n networkInterfaces:\n - subnetwork: ${subnetwork.name}\n networkIp: 10.0.0.2\n accessConfigs:\n - networkTier: PREMIUM\n basicHub:\n type: gcp:networkconnectivity:Hub\n name: basic_hub\n properties:\n name: tf-test-hub_91980\n description: A sample hub\n labels:\n label-two: value-one\n primary:\n type: gcp:networkconnectivity:Spoke\n properties:\n name: tf-test-name_37118\n location: us-central1\n description: A sample spoke with a linked routher appliance instance\n labels:\n label-one: value-one\n hub: ${basicHub.id}\n linkedRouterApplianceInstances:\n instances:\n - virtualMachine: ${instance.selfLink}\n ipAddress: 10.0.0.2\n siteToSiteDataTransfer: true\n includeImportRanges:\n - ALL_IPV4_RANGES\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Connectivity Spoke Vpn Tunnel Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basicHub = new gcp.networkconnectivity.Hub(\"basic_hub\", {\n name: \"basic-hub1\",\n description: \"A sample hub\",\n labels: {\n \"label-two\": \"value-one\",\n },\n});\nconst network = new gcp.compute.Network(\"network\", {\n name: \"basic-network\",\n autoCreateSubnetworks: false,\n});\nconst subnetwork = new gcp.compute.Subnetwork(\"subnetwork\", {\n name: \"basic-subnetwork\",\n ipCidrRange: \"10.0.0.0/28\",\n region: \"us-central1\",\n network: network.selfLink,\n});\nconst gateway = new gcp.compute.HaVpnGateway(\"gateway\", {\n name: \"vpn-gateway\",\n network: network.id,\n});\nconst externalVpnGw = new gcp.compute.ExternalVpnGateway(\"external_vpn_gw\", {\n name: \"external-vpn-gateway\",\n redundancyType: \"SINGLE_IP_INTERNALLY_REDUNDANT\",\n description: \"An externally managed VPN gateway\",\n interfaces: [{\n id: 0,\n ipAddress: \"8.8.8.8\",\n }],\n});\nconst router = new gcp.compute.Router(\"router\", {\n name: \"external-vpn-gateway\",\n region: \"us-central1\",\n network: network.name,\n bgp: {\n asn: 64514,\n },\n});\nconst tunnel1 = new gcp.compute.VPNTunnel(\"tunnel1\", {\n name: \"tunnel1\",\n region: \"us-central1\",\n vpnGateway: gateway.id,\n peerExternalGateway: externalVpnGw.id,\n peerExternalGatewayInterface: 0,\n sharedSecret: \"a secret message\",\n router: router.id,\n vpnGatewayInterface: 0,\n});\nconst tunnel2 = new gcp.compute.VPNTunnel(\"tunnel2\", {\n name: \"tunnel2\",\n region: \"us-central1\",\n vpnGateway: gateway.id,\n peerExternalGateway: externalVpnGw.id,\n peerExternalGatewayInterface: 0,\n sharedSecret: \"a secret message\",\n router: pulumi.interpolate` ${router.id}`,\n vpnGatewayInterface: 1,\n});\nconst routerInterface1 = new gcp.compute.RouterInterface(\"router_interface1\", {\n name: \"router-interface1\",\n router: router.name,\n region: \"us-central1\",\n ipRange: \"169.254.0.1/30\",\n vpnTunnel: tunnel1.name,\n});\nconst routerPeer1 = new gcp.compute.RouterPeer(\"router_peer1\", {\n name: \"router-peer1\",\n router: router.name,\n region: \"us-central1\",\n peerIpAddress: \"169.254.0.2\",\n peerAsn: 64515,\n advertisedRoutePriority: 100,\n \"interface\": routerInterface1.name,\n});\nconst routerInterface2 = new gcp.compute.RouterInterface(\"router_interface2\", {\n name: \"router-interface2\",\n router: router.name,\n region: \"us-central1\",\n ipRange: \"169.254.1.1/30\",\n vpnTunnel: tunnel2.name,\n});\nconst routerPeer2 = new gcp.compute.RouterPeer(\"router_peer2\", {\n name: \"router-peer2\",\n router: router.name,\n region: \"us-central1\",\n peerIpAddress: \"169.254.1.2\",\n peerAsn: 64515,\n advertisedRoutePriority: 100,\n \"interface\": routerInterface2.name,\n});\nconst tunnel1Spoke = new gcp.networkconnectivity.Spoke(\"tunnel1\", {\n name: \"vpn-tunnel-1-spoke\",\n location: \"us-central1\",\n description: \"A sample spoke with a linked VPN Tunnel\",\n labels: {\n \"label-one\": \"value-one\",\n },\n hub: basicHub.id,\n linkedVpnTunnels: {\n uris: [tunnel1.selfLink],\n siteToSiteDataTransfer: true,\n includeImportRanges: [\"ALL_IPV4_RANGES\"],\n },\n});\nconst tunnel2Spoke = new gcp.networkconnectivity.Spoke(\"tunnel2\", {\n name: \"vpn-tunnel-2-spoke\",\n location: \"us-central1\",\n description: \"A sample spoke with a linked VPN Tunnel\",\n labels: {\n \"label-one\": \"value-one\",\n },\n hub: basicHub.id,\n linkedVpnTunnels: {\n uris: [tunnel2.selfLink],\n siteToSiteDataTransfer: true,\n includeImportRanges: [\"ALL_IPV4_RANGES\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic_hub = gcp.networkconnectivity.Hub(\"basic_hub\",\n name=\"basic-hub1\",\n description=\"A sample hub\",\n labels={\n \"label-two\": \"value-one\",\n })\nnetwork = gcp.compute.Network(\"network\",\n name=\"basic-network\",\n auto_create_subnetworks=False)\nsubnetwork = gcp.compute.Subnetwork(\"subnetwork\",\n name=\"basic-subnetwork\",\n ip_cidr_range=\"10.0.0.0/28\",\n region=\"us-central1\",\n network=network.self_link)\ngateway = gcp.compute.HaVpnGateway(\"gateway\",\n name=\"vpn-gateway\",\n network=network.id)\nexternal_vpn_gw = gcp.compute.ExternalVpnGateway(\"external_vpn_gw\",\n name=\"external-vpn-gateway\",\n redundancy_type=\"SINGLE_IP_INTERNALLY_REDUNDANT\",\n description=\"An externally managed VPN gateway\",\n interfaces=[{\n \"id\": 0,\n \"ip_address\": \"8.8.8.8\",\n }])\nrouter = gcp.compute.Router(\"router\",\n name=\"external-vpn-gateway\",\n region=\"us-central1\",\n network=network.name,\n bgp={\n \"asn\": 64514,\n })\ntunnel1 = gcp.compute.VPNTunnel(\"tunnel1\",\n name=\"tunnel1\",\n region=\"us-central1\",\n vpn_gateway=gateway.id,\n peer_external_gateway=external_vpn_gw.id,\n peer_external_gateway_interface=0,\n shared_secret=\"a secret message\",\n router=router.id,\n vpn_gateway_interface=0)\ntunnel2 = gcp.compute.VPNTunnel(\"tunnel2\",\n name=\"tunnel2\",\n region=\"us-central1\",\n vpn_gateway=gateway.id,\n peer_external_gateway=external_vpn_gw.id,\n peer_external_gateway_interface=0,\n shared_secret=\"a secret message\",\n router=router.id.apply(lambda id: f\" {id}\"),\n vpn_gateway_interface=1)\nrouter_interface1 = gcp.compute.RouterInterface(\"router_interface1\",\n name=\"router-interface1\",\n router=router.name,\n region=\"us-central1\",\n ip_range=\"169.254.0.1/30\",\n vpn_tunnel=tunnel1.name)\nrouter_peer1 = gcp.compute.RouterPeer(\"router_peer1\",\n name=\"router-peer1\",\n router=router.name,\n region=\"us-central1\",\n peer_ip_address=\"169.254.0.2\",\n peer_asn=64515,\n advertised_route_priority=100,\n interface=router_interface1.name)\nrouter_interface2 = gcp.compute.RouterInterface(\"router_interface2\",\n name=\"router-interface2\",\n router=router.name,\n region=\"us-central1\",\n ip_range=\"169.254.1.1/30\",\n vpn_tunnel=tunnel2.name)\nrouter_peer2 = gcp.compute.RouterPeer(\"router_peer2\",\n name=\"router-peer2\",\n router=router.name,\n region=\"us-central1\",\n peer_ip_address=\"169.254.1.2\",\n peer_asn=64515,\n advertised_route_priority=100,\n interface=router_interface2.name)\ntunnel1_spoke = gcp.networkconnectivity.Spoke(\"tunnel1\",\n name=\"vpn-tunnel-1-spoke\",\n location=\"us-central1\",\n description=\"A sample spoke with a linked VPN Tunnel\",\n labels={\n \"label-one\": \"value-one\",\n },\n hub=basic_hub.id,\n linked_vpn_tunnels={\n \"uris\": [tunnel1.self_link],\n \"site_to_site_data_transfer\": True,\n \"include_import_ranges\": [\"ALL_IPV4_RANGES\"],\n })\ntunnel2_spoke = gcp.networkconnectivity.Spoke(\"tunnel2\",\n name=\"vpn-tunnel-2-spoke\",\n location=\"us-central1\",\n description=\"A sample spoke with a linked VPN Tunnel\",\n labels={\n \"label-one\": \"value-one\",\n },\n hub=basic_hub.id,\n linked_vpn_tunnels={\n \"uris\": [tunnel2.self_link],\n \"site_to_site_data_transfer\": True,\n \"include_import_ranges\": [\"ALL_IPV4_RANGES\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basicHub = new Gcp.NetworkConnectivity.Hub(\"basic_hub\", new()\n {\n Name = \"basic-hub1\",\n Description = \"A sample hub\",\n Labels = \n {\n { \"label-two\", \"value-one\" },\n },\n });\n\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"basic-network\",\n AutoCreateSubnetworks = false,\n });\n\n var subnetwork = new Gcp.Compute.Subnetwork(\"subnetwork\", new()\n {\n Name = \"basic-subnetwork\",\n IpCidrRange = \"10.0.0.0/28\",\n Region = \"us-central1\",\n Network = network.SelfLink,\n });\n\n var gateway = new Gcp.Compute.HaVpnGateway(\"gateway\", new()\n {\n Name = \"vpn-gateway\",\n Network = network.Id,\n });\n\n var externalVpnGw = new Gcp.Compute.ExternalVpnGateway(\"external_vpn_gw\", new()\n {\n Name = \"external-vpn-gateway\",\n RedundancyType = \"SINGLE_IP_INTERNALLY_REDUNDANT\",\n Description = \"An externally managed VPN gateway\",\n Interfaces = new[]\n {\n new Gcp.Compute.Inputs.ExternalVpnGatewayInterfaceArgs\n {\n Id = 0,\n IpAddress = \"8.8.8.8\",\n },\n },\n });\n\n var router = new Gcp.Compute.Router(\"router\", new()\n {\n Name = \"external-vpn-gateway\",\n Region = \"us-central1\",\n Network = network.Name,\n Bgp = new Gcp.Compute.Inputs.RouterBgpArgs\n {\n Asn = 64514,\n },\n });\n\n var tunnel1 = new Gcp.Compute.VPNTunnel(\"tunnel1\", new()\n {\n Name = \"tunnel1\",\n Region = \"us-central1\",\n VpnGateway = gateway.Id,\n PeerExternalGateway = externalVpnGw.Id,\n PeerExternalGatewayInterface = 0,\n SharedSecret = \"a secret message\",\n Router = router.Id,\n VpnGatewayInterface = 0,\n });\n\n var tunnel2 = new Gcp.Compute.VPNTunnel(\"tunnel2\", new()\n {\n Name = \"tunnel2\",\n Region = \"us-central1\",\n VpnGateway = gateway.Id,\n PeerExternalGateway = externalVpnGw.Id,\n PeerExternalGatewayInterface = 0,\n SharedSecret = \"a secret message\",\n Router = router.Id.Apply(id =\u003e $\" {id}\"),\n VpnGatewayInterface = 1,\n });\n\n var routerInterface1 = new Gcp.Compute.RouterInterface(\"router_interface1\", new()\n {\n Name = \"router-interface1\",\n Router = router.Name,\n Region = \"us-central1\",\n IpRange = \"169.254.0.1/30\",\n VpnTunnel = tunnel1.Name,\n });\n\n var routerPeer1 = new Gcp.Compute.RouterPeer(\"router_peer1\", new()\n {\n Name = \"router-peer1\",\n Router = router.Name,\n Region = \"us-central1\",\n PeerIpAddress = \"169.254.0.2\",\n PeerAsn = 64515,\n AdvertisedRoutePriority = 100,\n Interface = routerInterface1.Name,\n });\n\n var routerInterface2 = new Gcp.Compute.RouterInterface(\"router_interface2\", new()\n {\n Name = \"router-interface2\",\n Router = router.Name,\n Region = \"us-central1\",\n IpRange = \"169.254.1.1/30\",\n VpnTunnel = tunnel2.Name,\n });\n\n var routerPeer2 = new Gcp.Compute.RouterPeer(\"router_peer2\", new()\n {\n Name = \"router-peer2\",\n Router = router.Name,\n Region = \"us-central1\",\n PeerIpAddress = \"169.254.1.2\",\n PeerAsn = 64515,\n AdvertisedRoutePriority = 100,\n Interface = routerInterface2.Name,\n });\n\n var tunnel1Spoke = new Gcp.NetworkConnectivity.Spoke(\"tunnel1\", new()\n {\n Name = \"vpn-tunnel-1-spoke\",\n Location = \"us-central1\",\n Description = \"A sample spoke with a linked VPN Tunnel\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n Hub = basicHub.Id,\n LinkedVpnTunnels = new Gcp.NetworkConnectivity.Inputs.SpokeLinkedVpnTunnelsArgs\n {\n Uris = new[]\n {\n tunnel1.SelfLink,\n },\n SiteToSiteDataTransfer = true,\n IncludeImportRanges = new[]\n {\n \"ALL_IPV4_RANGES\",\n },\n },\n });\n\n var tunnel2Spoke = new Gcp.NetworkConnectivity.Spoke(\"tunnel2\", new()\n {\n Name = \"vpn-tunnel-2-spoke\",\n Location = \"us-central1\",\n Description = \"A sample spoke with a linked VPN Tunnel\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n Hub = basicHub.Id,\n LinkedVpnTunnels = new Gcp.NetworkConnectivity.Inputs.SpokeLinkedVpnTunnelsArgs\n {\n Uris = new[]\n {\n tunnel2.SelfLink,\n },\n SiteToSiteDataTransfer = true,\n IncludeImportRanges = new[]\n {\n \"ALL_IPV4_RANGES\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbasicHub, err := networkconnectivity.NewHub(ctx, \"basic_hub\", \u0026networkconnectivity.HubArgs{\n\t\t\tName: pulumi.String(\"basic-hub1\"),\n\t\t\tDescription: pulumi.String(\"A sample hub\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-two\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"basic-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetwork(ctx, \"subnetwork\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"basic-subnetwork\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/28\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: network.SelfLink,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgateway, err := compute.NewHaVpnGateway(ctx, \"gateway\", \u0026compute.HaVpnGatewayArgs{\n\t\t\tName: pulumi.String(\"vpn-gateway\"),\n\t\t\tNetwork: network.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texternalVpnGw, err := compute.NewExternalVpnGateway(ctx, \"external_vpn_gw\", \u0026compute.ExternalVpnGatewayArgs{\n\t\t\tName: pulumi.String(\"external-vpn-gateway\"),\n\t\t\tRedundancyType: pulumi.String(\"SINGLE_IP_INTERNALLY_REDUNDANT\"),\n\t\t\tDescription: pulumi.String(\"An externally managed VPN gateway\"),\n\t\t\tInterfaces: compute.ExternalVpnGatewayInterfaceArray{\n\t\t\t\t\u0026compute.ExternalVpnGatewayInterfaceArgs{\n\t\t\t\t\tId: pulumi.Int(0),\n\t\t\t\t\tIpAddress: pulumi.String(\"8.8.8.8\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trouter, err := compute.NewRouter(ctx, \"router\", \u0026compute.RouterArgs{\n\t\t\tName: pulumi.String(\"external-vpn-gateway\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: network.Name,\n\t\t\tBgp: \u0026compute.RouterBgpArgs{\n\t\t\t\tAsn: pulumi.Int(64514),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttunnel1, err := compute.NewVPNTunnel(ctx, \"tunnel1\", \u0026compute.VPNTunnelArgs{\n\t\t\tName: pulumi.String(\"tunnel1\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tVpnGateway: gateway.ID(),\n\t\t\tPeerExternalGateway: externalVpnGw.ID(),\n\t\t\tPeerExternalGatewayInterface: pulumi.Int(0),\n\t\t\tSharedSecret: pulumi.String(\"a secret message\"),\n\t\t\tRouter: router.ID(),\n\t\t\tVpnGatewayInterface: pulumi.Int(0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttunnel2, err := compute.NewVPNTunnel(ctx, \"tunnel2\", \u0026compute.VPNTunnelArgs{\n\t\t\tName: pulumi.String(\"tunnel2\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tVpnGateway: gateway.ID(),\n\t\t\tPeerExternalGateway: externalVpnGw.ID(),\n\t\t\tPeerExternalGatewayInterface: pulumi.Int(0),\n\t\t\tSharedSecret: pulumi.String(\"a secret message\"),\n\t\t\tRouter: router.ID().ApplyT(func(id string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\" %v\", id), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tVpnGatewayInterface: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trouterInterface1, err := compute.NewRouterInterface(ctx, \"router_interface1\", \u0026compute.RouterInterfaceArgs{\n\t\t\tName: pulumi.String(\"router-interface1\"),\n\t\t\tRouter: router.Name,\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tIpRange: pulumi.String(\"169.254.0.1/30\"),\n\t\t\tVpnTunnel: tunnel1.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRouterPeer(ctx, \"router_peer1\", \u0026compute.RouterPeerArgs{\n\t\t\tName: pulumi.String(\"router-peer1\"),\n\t\t\tRouter: router.Name,\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tPeerIpAddress: pulumi.String(\"169.254.0.2\"),\n\t\t\tPeerAsn: pulumi.Int(64515),\n\t\t\tAdvertisedRoutePriority: pulumi.Int(100),\n\t\t\tInterface: routerInterface1.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trouterInterface2, err := compute.NewRouterInterface(ctx, \"router_interface2\", \u0026compute.RouterInterfaceArgs{\n\t\t\tName: pulumi.String(\"router-interface2\"),\n\t\t\tRouter: router.Name,\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tIpRange: pulumi.String(\"169.254.1.1/30\"),\n\t\t\tVpnTunnel: tunnel2.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRouterPeer(ctx, \"router_peer2\", \u0026compute.RouterPeerArgs{\n\t\t\tName: pulumi.String(\"router-peer2\"),\n\t\t\tRouter: router.Name,\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tPeerIpAddress: pulumi.String(\"169.254.1.2\"),\n\t\t\tPeerAsn: pulumi.Int(64515),\n\t\t\tAdvertisedRoutePriority: pulumi.Int(100),\n\t\t\tInterface: routerInterface2.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewSpoke(ctx, \"tunnel1\", \u0026networkconnectivity.SpokeArgs{\n\t\t\tName: pulumi.String(\"vpn-tunnel-1-spoke\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"A sample spoke with a linked VPN Tunnel\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tHub: basicHub.ID(),\n\t\t\tLinkedVpnTunnels: \u0026networkconnectivity.SpokeLinkedVpnTunnelsArgs{\n\t\t\t\tUris: pulumi.StringArray{\n\t\t\t\t\ttunnel1.SelfLink,\n\t\t\t\t},\n\t\t\t\tSiteToSiteDataTransfer: pulumi.Bool(true),\n\t\t\t\tIncludeImportRanges: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"ALL_IPV4_RANGES\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewSpoke(ctx, \"tunnel2\", \u0026networkconnectivity.SpokeArgs{\n\t\t\tName: pulumi.String(\"vpn-tunnel-2-spoke\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"A sample spoke with a linked VPN Tunnel\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tHub: basicHub.ID(),\n\t\t\tLinkedVpnTunnels: \u0026networkconnectivity.SpokeLinkedVpnTunnelsArgs{\n\t\t\t\tUris: pulumi.StringArray{\n\t\t\t\t\ttunnel2.SelfLink,\n\t\t\t\t},\n\t\t\t\tSiteToSiteDataTransfer: pulumi.Bool(true),\n\t\t\t\tIncludeImportRanges: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"ALL_IPV4_RANGES\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.networkconnectivity.Hub;\nimport com.pulumi.gcp.networkconnectivity.HubArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.HaVpnGateway;\nimport com.pulumi.gcp.compute.HaVpnGatewayArgs;\nimport com.pulumi.gcp.compute.ExternalVpnGateway;\nimport com.pulumi.gcp.compute.ExternalVpnGatewayArgs;\nimport com.pulumi.gcp.compute.inputs.ExternalVpnGatewayInterfaceArgs;\nimport com.pulumi.gcp.compute.Router;\nimport com.pulumi.gcp.compute.RouterArgs;\nimport com.pulumi.gcp.compute.inputs.RouterBgpArgs;\nimport com.pulumi.gcp.compute.VPNTunnel;\nimport com.pulumi.gcp.compute.VPNTunnelArgs;\nimport com.pulumi.gcp.compute.RouterInterface;\nimport com.pulumi.gcp.compute.RouterInterfaceArgs;\nimport com.pulumi.gcp.compute.RouterPeer;\nimport com.pulumi.gcp.compute.RouterPeerArgs;\nimport com.pulumi.gcp.networkconnectivity.Spoke;\nimport com.pulumi.gcp.networkconnectivity.SpokeArgs;\nimport com.pulumi.gcp.networkconnectivity.inputs.SpokeLinkedVpnTunnelsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basicHub = new Hub(\"basicHub\", HubArgs.builder()\n .name(\"basic-hub1\")\n .description(\"A sample hub\")\n .labels(Map.of(\"label-two\", \"value-one\"))\n .build());\n\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"basic-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var subnetwork = new Subnetwork(\"subnetwork\", SubnetworkArgs.builder()\n .name(\"basic-subnetwork\")\n .ipCidrRange(\"10.0.0.0/28\")\n .region(\"us-central1\")\n .network(network.selfLink())\n .build());\n\n var gateway = new HaVpnGateway(\"gateway\", HaVpnGatewayArgs.builder()\n .name(\"vpn-gateway\")\n .network(network.id())\n .build());\n\n var externalVpnGw = new ExternalVpnGateway(\"externalVpnGw\", ExternalVpnGatewayArgs.builder()\n .name(\"external-vpn-gateway\")\n .redundancyType(\"SINGLE_IP_INTERNALLY_REDUNDANT\")\n .description(\"An externally managed VPN gateway\")\n .interfaces(ExternalVpnGatewayInterfaceArgs.builder()\n .id(0)\n .ipAddress(\"8.8.8.8\")\n .build())\n .build());\n\n var router = new Router(\"router\", RouterArgs.builder()\n .name(\"external-vpn-gateway\")\n .region(\"us-central1\")\n .network(network.name())\n .bgp(RouterBgpArgs.builder()\n .asn(64514)\n .build())\n .build());\n\n var tunnel1 = new VPNTunnel(\"tunnel1\", VPNTunnelArgs.builder()\n .name(\"tunnel1\")\n .region(\"us-central1\")\n .vpnGateway(gateway.id())\n .peerExternalGateway(externalVpnGw.id())\n .peerExternalGatewayInterface(0)\n .sharedSecret(\"a secret message\")\n .router(router.id())\n .vpnGatewayInterface(0)\n .build());\n\n var tunnel2 = new VPNTunnel(\"tunnel2\", VPNTunnelArgs.builder()\n .name(\"tunnel2\")\n .region(\"us-central1\")\n .vpnGateway(gateway.id())\n .peerExternalGateway(externalVpnGw.id())\n .peerExternalGatewayInterface(0)\n .sharedSecret(\"a secret message\")\n .router(router.id().applyValue(id -\u003e String.format(\" %s\", id)))\n .vpnGatewayInterface(1)\n .build());\n\n var routerInterface1 = new RouterInterface(\"routerInterface1\", RouterInterfaceArgs.builder()\n .name(\"router-interface1\")\n .router(router.name())\n .region(\"us-central1\")\n .ipRange(\"169.254.0.1/30\")\n .vpnTunnel(tunnel1.name())\n .build());\n\n var routerPeer1 = new RouterPeer(\"routerPeer1\", RouterPeerArgs.builder()\n .name(\"router-peer1\")\n .router(router.name())\n .region(\"us-central1\")\n .peerIpAddress(\"169.254.0.2\")\n .peerAsn(64515)\n .advertisedRoutePriority(100)\n .interface_(routerInterface1.name())\n .build());\n\n var routerInterface2 = new RouterInterface(\"routerInterface2\", RouterInterfaceArgs.builder()\n .name(\"router-interface2\")\n .router(router.name())\n .region(\"us-central1\")\n .ipRange(\"169.254.1.1/30\")\n .vpnTunnel(tunnel2.name())\n .build());\n\n var routerPeer2 = new RouterPeer(\"routerPeer2\", RouterPeerArgs.builder()\n .name(\"router-peer2\")\n .router(router.name())\n .region(\"us-central1\")\n .peerIpAddress(\"169.254.1.2\")\n .peerAsn(64515)\n .advertisedRoutePriority(100)\n .interface_(routerInterface2.name())\n .build());\n\n var tunnel1Spoke = new Spoke(\"tunnel1Spoke\", SpokeArgs.builder()\n .name(\"vpn-tunnel-1-spoke\")\n .location(\"us-central1\")\n .description(\"A sample spoke with a linked VPN Tunnel\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .hub(basicHub.id())\n .linkedVpnTunnels(SpokeLinkedVpnTunnelsArgs.builder()\n .uris(tunnel1.selfLink())\n .siteToSiteDataTransfer(true)\n .includeImportRanges(\"ALL_IPV4_RANGES\")\n .build())\n .build());\n\n var tunnel2Spoke = new Spoke(\"tunnel2Spoke\", SpokeArgs.builder()\n .name(\"vpn-tunnel-2-spoke\")\n .location(\"us-central1\")\n .description(\"A sample spoke with a linked VPN Tunnel\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .hub(basicHub.id())\n .linkedVpnTunnels(SpokeLinkedVpnTunnelsArgs.builder()\n .uris(tunnel2.selfLink())\n .siteToSiteDataTransfer(true)\n .includeImportRanges(\"ALL_IPV4_RANGES\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basicHub:\n type: gcp:networkconnectivity:Hub\n name: basic_hub\n properties:\n name: basic-hub1\n description: A sample hub\n labels:\n label-two: value-one\n network:\n type: gcp:compute:Network\n properties:\n name: basic-network\n autoCreateSubnetworks: false\n subnetwork:\n type: gcp:compute:Subnetwork\n properties:\n name: basic-subnetwork\n ipCidrRange: 10.0.0.0/28\n region: us-central1\n network: ${network.selfLink}\n gateway:\n type: gcp:compute:HaVpnGateway\n properties:\n name: vpn-gateway\n network: ${network.id}\n externalVpnGw:\n type: gcp:compute:ExternalVpnGateway\n name: external_vpn_gw\n properties:\n name: external-vpn-gateway\n redundancyType: SINGLE_IP_INTERNALLY_REDUNDANT\n description: An externally managed VPN gateway\n interfaces:\n - id: 0\n ipAddress: 8.8.8.8\n router:\n type: gcp:compute:Router\n properties:\n name: external-vpn-gateway\n region: us-central1\n network: ${network.name}\n bgp:\n asn: 64514\n tunnel1:\n type: gcp:compute:VPNTunnel\n properties:\n name: tunnel1\n region: us-central1\n vpnGateway: ${gateway.id}\n peerExternalGateway: ${externalVpnGw.id}\n peerExternalGatewayInterface: 0\n sharedSecret: a secret message\n router: ${router.id}\n vpnGatewayInterface: 0\n tunnel2:\n type: gcp:compute:VPNTunnel\n properties:\n name: tunnel2\n region: us-central1\n vpnGateway: ${gateway.id}\n peerExternalGateway: ${externalVpnGw.id}\n peerExternalGatewayInterface: 0\n sharedSecret: a secret message\n router: ' ${router.id}'\n vpnGatewayInterface: 1\n routerInterface1:\n type: gcp:compute:RouterInterface\n name: router_interface1\n properties:\n name: router-interface1\n router: ${router.name}\n region: us-central1\n ipRange: 169.254.0.1/30\n vpnTunnel: ${tunnel1.name}\n routerPeer1:\n type: gcp:compute:RouterPeer\n name: router_peer1\n properties:\n name: router-peer1\n router: ${router.name}\n region: us-central1\n peerIpAddress: 169.254.0.2\n peerAsn: 64515\n advertisedRoutePriority: 100\n interface: ${routerInterface1.name}\n routerInterface2:\n type: gcp:compute:RouterInterface\n name: router_interface2\n properties:\n name: router-interface2\n router: ${router.name}\n region: us-central1\n ipRange: 169.254.1.1/30\n vpnTunnel: ${tunnel2.name}\n routerPeer2:\n type: gcp:compute:RouterPeer\n name: router_peer2\n properties:\n name: router-peer2\n router: ${router.name}\n region: us-central1\n peerIpAddress: 169.254.1.2\n peerAsn: 64515\n advertisedRoutePriority: 100\n interface: ${routerInterface2.name}\n tunnel1Spoke:\n type: gcp:networkconnectivity:Spoke\n name: tunnel1\n properties:\n name: vpn-tunnel-1-spoke\n location: us-central1\n description: A sample spoke with a linked VPN Tunnel\n labels:\n label-one: value-one\n hub: ${basicHub.id}\n linkedVpnTunnels:\n uris:\n - ${tunnel1.selfLink}\n siteToSiteDataTransfer: true\n includeImportRanges:\n - ALL_IPV4_RANGES\n tunnel2Spoke:\n type: gcp:networkconnectivity:Spoke\n name: tunnel2\n properties:\n name: vpn-tunnel-2-spoke\n location: us-central1\n description: A sample spoke with a linked VPN Tunnel\n labels:\n label-one: value-one\n hub: ${basicHub.id}\n linkedVpnTunnels:\n uris:\n - ${tunnel2.selfLink}\n siteToSiteDataTransfer: true\n includeImportRanges:\n - ALL_IPV4_RANGES\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Connectivity Spoke Interconnect Attachment Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basicHub = new gcp.networkconnectivity.Hub(\"basic_hub\", {\n name: \"basic-hub1\",\n description: \"A sample hub\",\n labels: {\n \"label-two\": \"value-one\",\n },\n});\nconst network = new gcp.compute.Network(\"network\", {\n name: \"basic-network\",\n autoCreateSubnetworks: false,\n});\nconst router = new gcp.compute.Router(\"router\", {\n name: \"external-vpn-gateway\",\n region: \"us-central1\",\n network: network.name,\n bgp: {\n asn: 16550,\n },\n});\nconst interconnect_attachment = new gcp.compute.InterconnectAttachment(\"interconnect-attachment\", {\n name: \"partner-interconnect1\",\n edgeAvailabilityDomain: \"AVAILABILITY_DOMAIN_1\",\n type: \"PARTNER\",\n router: router.id,\n mtu: \"1500\",\n region: \"us-central1\",\n});\nconst primary = new gcp.networkconnectivity.Spoke(\"primary\", {\n name: \"interconnect-attachment-spoke\",\n location: \"us-central1\",\n description: \"A sample spoke with a linked Interconnect Attachment\",\n labels: {\n \"label-one\": \"value-one\",\n },\n hub: basicHub.id,\n linkedInterconnectAttachments: {\n uris: [interconnect_attachment.selfLink],\n siteToSiteDataTransfer: true,\n includeImportRanges: [\"ALL_IPV4_RANGES\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic_hub = gcp.networkconnectivity.Hub(\"basic_hub\",\n name=\"basic-hub1\",\n description=\"A sample hub\",\n labels={\n \"label-two\": \"value-one\",\n })\nnetwork = gcp.compute.Network(\"network\",\n name=\"basic-network\",\n auto_create_subnetworks=False)\nrouter = gcp.compute.Router(\"router\",\n name=\"external-vpn-gateway\",\n region=\"us-central1\",\n network=network.name,\n bgp={\n \"asn\": 16550,\n })\ninterconnect_attachment = gcp.compute.InterconnectAttachment(\"interconnect-attachment\",\n name=\"partner-interconnect1\",\n edge_availability_domain=\"AVAILABILITY_DOMAIN_1\",\n type=\"PARTNER\",\n router=router.id,\n mtu=\"1500\",\n region=\"us-central1\")\nprimary = gcp.networkconnectivity.Spoke(\"primary\",\n name=\"interconnect-attachment-spoke\",\n location=\"us-central1\",\n description=\"A sample spoke with a linked Interconnect Attachment\",\n labels={\n \"label-one\": \"value-one\",\n },\n hub=basic_hub.id,\n linked_interconnect_attachments={\n \"uris\": [interconnect_attachment.self_link],\n \"site_to_site_data_transfer\": True,\n \"include_import_ranges\": [\"ALL_IPV4_RANGES\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basicHub = new Gcp.NetworkConnectivity.Hub(\"basic_hub\", new()\n {\n Name = \"basic-hub1\",\n Description = \"A sample hub\",\n Labels = \n {\n { \"label-two\", \"value-one\" },\n },\n });\n\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"basic-network\",\n AutoCreateSubnetworks = false,\n });\n\n var router = new Gcp.Compute.Router(\"router\", new()\n {\n Name = \"external-vpn-gateway\",\n Region = \"us-central1\",\n Network = network.Name,\n Bgp = new Gcp.Compute.Inputs.RouterBgpArgs\n {\n Asn = 16550,\n },\n });\n\n var interconnect_attachment = new Gcp.Compute.InterconnectAttachment(\"interconnect-attachment\", new()\n {\n Name = \"partner-interconnect1\",\n EdgeAvailabilityDomain = \"AVAILABILITY_DOMAIN_1\",\n Type = \"PARTNER\",\n Router = router.Id,\n Mtu = \"1500\",\n Region = \"us-central1\",\n });\n\n var primary = new Gcp.NetworkConnectivity.Spoke(\"primary\", new()\n {\n Name = \"interconnect-attachment-spoke\",\n Location = \"us-central1\",\n Description = \"A sample spoke with a linked Interconnect Attachment\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n Hub = basicHub.Id,\n LinkedInterconnectAttachments = new Gcp.NetworkConnectivity.Inputs.SpokeLinkedInterconnectAttachmentsArgs\n {\n Uris = new[]\n {\n interconnect_attachment.SelfLink,\n },\n SiteToSiteDataTransfer = true,\n IncludeImportRanges = new[]\n {\n \"ALL_IPV4_RANGES\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbasicHub, err := networkconnectivity.NewHub(ctx, \"basic_hub\", \u0026networkconnectivity.HubArgs{\n\t\t\tName: pulumi.String(\"basic-hub1\"),\n\t\t\tDescription: pulumi.String(\"A sample hub\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-two\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"basic-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trouter, err := compute.NewRouter(ctx, \"router\", \u0026compute.RouterArgs{\n\t\t\tName: pulumi.String(\"external-vpn-gateway\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: network.Name,\n\t\t\tBgp: \u0026compute.RouterBgpArgs{\n\t\t\t\tAsn: pulumi.Int(16550),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInterconnectAttachment(ctx, \"interconnect-attachment\", \u0026compute.InterconnectAttachmentArgs{\n\t\t\tName: pulumi.String(\"partner-interconnect1\"),\n\t\t\tEdgeAvailabilityDomain: pulumi.String(\"AVAILABILITY_DOMAIN_1\"),\n\t\t\tType: pulumi.String(\"PARTNER\"),\n\t\t\tRouter: router.ID(),\n\t\t\tMtu: pulumi.String(\"1500\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewSpoke(ctx, \"primary\", \u0026networkconnectivity.SpokeArgs{\n\t\t\tName: pulumi.String(\"interconnect-attachment-spoke\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"A sample spoke with a linked Interconnect Attachment\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tHub: basicHub.ID(),\n\t\t\tLinkedInterconnectAttachments: \u0026networkconnectivity.SpokeLinkedInterconnectAttachmentsArgs{\n\t\t\t\tUris: pulumi.StringArray{\n\t\t\t\t\tinterconnect_attachment.SelfLink,\n\t\t\t\t},\n\t\t\t\tSiteToSiteDataTransfer: pulumi.Bool(true),\n\t\t\t\tIncludeImportRanges: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"ALL_IPV4_RANGES\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.networkconnectivity.Hub;\nimport com.pulumi.gcp.networkconnectivity.HubArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Router;\nimport com.pulumi.gcp.compute.RouterArgs;\nimport com.pulumi.gcp.compute.inputs.RouterBgpArgs;\nimport com.pulumi.gcp.compute.InterconnectAttachment;\nimport com.pulumi.gcp.compute.InterconnectAttachmentArgs;\nimport com.pulumi.gcp.networkconnectivity.Spoke;\nimport com.pulumi.gcp.networkconnectivity.SpokeArgs;\nimport com.pulumi.gcp.networkconnectivity.inputs.SpokeLinkedInterconnectAttachmentsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basicHub = new Hub(\"basicHub\", HubArgs.builder()\n .name(\"basic-hub1\")\n .description(\"A sample hub\")\n .labels(Map.of(\"label-two\", \"value-one\"))\n .build());\n\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"basic-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var router = new Router(\"router\", RouterArgs.builder()\n .name(\"external-vpn-gateway\")\n .region(\"us-central1\")\n .network(network.name())\n .bgp(RouterBgpArgs.builder()\n .asn(16550)\n .build())\n .build());\n\n var interconnect_attachment = new InterconnectAttachment(\"interconnect-attachment\", InterconnectAttachmentArgs.builder()\n .name(\"partner-interconnect1\")\n .edgeAvailabilityDomain(\"AVAILABILITY_DOMAIN_1\")\n .type(\"PARTNER\")\n .router(router.id())\n .mtu(1500)\n .region(\"us-central1\")\n .build());\n\n var primary = new Spoke(\"primary\", SpokeArgs.builder()\n .name(\"interconnect-attachment-spoke\")\n .location(\"us-central1\")\n .description(\"A sample spoke with a linked Interconnect Attachment\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .hub(basicHub.id())\n .linkedInterconnectAttachments(SpokeLinkedInterconnectAttachmentsArgs.builder()\n .uris(interconnect_attachment.selfLink())\n .siteToSiteDataTransfer(true)\n .includeImportRanges(\"ALL_IPV4_RANGES\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basicHub:\n type: gcp:networkconnectivity:Hub\n name: basic_hub\n properties:\n name: basic-hub1\n description: A sample hub\n labels:\n label-two: value-one\n network:\n type: gcp:compute:Network\n properties:\n name: basic-network\n autoCreateSubnetworks: false\n router:\n type: gcp:compute:Router\n properties:\n name: external-vpn-gateway\n region: us-central1\n network: ${network.name}\n bgp:\n asn: 16550\n interconnect-attachment:\n type: gcp:compute:InterconnectAttachment\n properties:\n name: partner-interconnect1\n edgeAvailabilityDomain: AVAILABILITY_DOMAIN_1\n type: PARTNER\n router: ${router.id}\n mtu: 1500\n region: us-central1\n primary:\n type: gcp:networkconnectivity:Spoke\n properties:\n name: interconnect-attachment-spoke\n location: us-central1\n description: A sample spoke with a linked Interconnect Attachment\n labels:\n label-one: value-one\n hub: ${basicHub.id}\n linkedInterconnectAttachments:\n uris:\n - ${[\"interconnect-attachment\"].selfLink}\n siteToSiteDataTransfer: true\n includeImportRanges:\n - ALL_IPV4_RANGES\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Connectivity Spoke Linked Producer Vpc Network Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network = new gcp.compute.Network(\"network\", {\n name: \"net-spoke\",\n autoCreateSubnetworks: false,\n});\nconst address = new gcp.compute.GlobalAddress(\"address\", {\n name: \"test-address\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: network.id,\n});\nconst peering = new gcp.servicenetworking.Connection(\"peering\", {\n network: network.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [address.name],\n});\nconst basicHub = new gcp.networkconnectivity.Hub(\"basic_hub\", {name: \"hub-basic\"});\nconst linkedVpcSpoke = new gcp.networkconnectivity.Spoke(\"linked_vpc_spoke\", {\n name: \"vpc-spoke\",\n location: \"global\",\n hub: basicHub.id,\n linkedVpcNetwork: {\n uri: network.selfLink,\n },\n});\nconst primary = new gcp.networkconnectivity.Spoke(\"primary\", {\n name: \"producer-spoke\",\n location: \"global\",\n description: \"A sample spoke with a linked router appliance instance\",\n labels: {\n \"label-one\": \"value-one\",\n },\n hub: basicHub.id,\n linkedProducerVpcNetwork: {\n network: network.name,\n peering: peering.peering,\n excludeExportRanges: [\n \"198.51.100.0/24\",\n \"10.10.0.0/16\",\n ],\n },\n}, {\n dependsOn: [linkedVpcSpoke],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork = gcp.compute.Network(\"network\",\n name=\"net-spoke\",\n auto_create_subnetworks=False)\naddress = gcp.compute.GlobalAddress(\"address\",\n name=\"test-address\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=network.id)\npeering = gcp.servicenetworking.Connection(\"peering\",\n network=network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[address.name])\nbasic_hub = gcp.networkconnectivity.Hub(\"basic_hub\", name=\"hub-basic\")\nlinked_vpc_spoke = gcp.networkconnectivity.Spoke(\"linked_vpc_spoke\",\n name=\"vpc-spoke\",\n location=\"global\",\n hub=basic_hub.id,\n linked_vpc_network={\n \"uri\": network.self_link,\n })\nprimary = gcp.networkconnectivity.Spoke(\"primary\",\n name=\"producer-spoke\",\n location=\"global\",\n description=\"A sample spoke with a linked router appliance instance\",\n labels={\n \"label-one\": \"value-one\",\n },\n hub=basic_hub.id,\n linked_producer_vpc_network={\n \"network\": network.name,\n \"peering\": peering.peering,\n \"exclude_export_ranges\": [\n \"198.51.100.0/24\",\n \"10.10.0.0/16\",\n ],\n },\n opts = pulumi.ResourceOptions(depends_on=[linked_vpc_spoke]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"net-spoke\",\n AutoCreateSubnetworks = false,\n });\n\n var address = new Gcp.Compute.GlobalAddress(\"address\", new()\n {\n Name = \"test-address\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = network.Id,\n });\n\n var peering = new Gcp.ServiceNetworking.Connection(\"peering\", new()\n {\n Network = network.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n address.Name,\n },\n });\n\n var basicHub = new Gcp.NetworkConnectivity.Hub(\"basic_hub\", new()\n {\n Name = \"hub-basic\",\n });\n\n var linkedVpcSpoke = new Gcp.NetworkConnectivity.Spoke(\"linked_vpc_spoke\", new()\n {\n Name = \"vpc-spoke\",\n Location = \"global\",\n Hub = basicHub.Id,\n LinkedVpcNetwork = new Gcp.NetworkConnectivity.Inputs.SpokeLinkedVpcNetworkArgs\n {\n Uri = network.SelfLink,\n },\n });\n\n var primary = new Gcp.NetworkConnectivity.Spoke(\"primary\", new()\n {\n Name = \"producer-spoke\",\n Location = \"global\",\n Description = \"A sample spoke with a linked router appliance instance\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n Hub = basicHub.Id,\n LinkedProducerVpcNetwork = new Gcp.NetworkConnectivity.Inputs.SpokeLinkedProducerVpcNetworkArgs\n {\n Network = network.Name,\n Peering = peering.Peering,\n ExcludeExportRanges = new[]\n {\n \"198.51.100.0/24\",\n \"10.10.0.0/16\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n linkedVpcSpoke,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"net-spoke\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\taddress, err := compute.NewGlobalAddress(ctx, \"address\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"test-address\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: network.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeering, err := servicenetworking.NewConnection(ctx, \"peering\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: network.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\taddress.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbasicHub, err := networkconnectivity.NewHub(ctx, \"basic_hub\", \u0026networkconnectivity.HubArgs{\n\t\t\tName: pulumi.String(\"hub-basic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlinkedVpcSpoke, err := networkconnectivity.NewSpoke(ctx, \"linked_vpc_spoke\", \u0026networkconnectivity.SpokeArgs{\n\t\t\tName: pulumi.String(\"vpc-spoke\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tHub: basicHub.ID(),\n\t\t\tLinkedVpcNetwork: \u0026networkconnectivity.SpokeLinkedVpcNetworkArgs{\n\t\t\t\tUri: network.SelfLink,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewSpoke(ctx, \"primary\", \u0026networkconnectivity.SpokeArgs{\n\t\t\tName: pulumi.String(\"producer-spoke\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tDescription: pulumi.String(\"A sample spoke with a linked router appliance instance\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tHub: basicHub.ID(),\n\t\t\tLinkedProducerVpcNetwork: \u0026networkconnectivity.SpokeLinkedProducerVpcNetworkArgs{\n\t\t\t\tNetwork: network.Name,\n\t\t\t\tPeering: peering.Peering,\n\t\t\t\tExcludeExportRanges: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"198.51.100.0/24\"),\n\t\t\t\t\tpulumi.String(\"10.10.0.0/16\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tlinkedVpcSpoke,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.networkconnectivity.Hub;\nimport com.pulumi.gcp.networkconnectivity.HubArgs;\nimport com.pulumi.gcp.networkconnectivity.Spoke;\nimport com.pulumi.gcp.networkconnectivity.SpokeArgs;\nimport com.pulumi.gcp.networkconnectivity.inputs.SpokeLinkedVpcNetworkArgs;\nimport com.pulumi.gcp.networkconnectivity.inputs.SpokeLinkedProducerVpcNetworkArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"net-spoke\")\n .autoCreateSubnetworks(false)\n .build());\n\n var address = new GlobalAddress(\"address\", GlobalAddressArgs.builder()\n .name(\"test-address\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(network.id())\n .build());\n\n var peering = new Connection(\"peering\", ConnectionArgs.builder()\n .network(network.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(address.name())\n .build());\n\n var basicHub = new Hub(\"basicHub\", HubArgs.builder()\n .name(\"hub-basic\")\n .build());\n\n var linkedVpcSpoke = new Spoke(\"linkedVpcSpoke\", SpokeArgs.builder()\n .name(\"vpc-spoke\")\n .location(\"global\")\n .hub(basicHub.id())\n .linkedVpcNetwork(SpokeLinkedVpcNetworkArgs.builder()\n .uri(network.selfLink())\n .build())\n .build());\n\n var primary = new Spoke(\"primary\", SpokeArgs.builder()\n .name(\"producer-spoke\")\n .location(\"global\")\n .description(\"A sample spoke with a linked router appliance instance\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .hub(basicHub.id())\n .linkedProducerVpcNetwork(SpokeLinkedProducerVpcNetworkArgs.builder()\n .network(network.name())\n .peering(peering.peering())\n .excludeExportRanges( \n \"198.51.100.0/24\",\n \"10.10.0.0/16\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(linkedVpcSpoke)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n network:\n type: gcp:compute:Network\n properties:\n name: net-spoke\n autoCreateSubnetworks: false\n address:\n type: gcp:compute:GlobalAddress\n properties:\n name: test-address\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${network.id}\n peering:\n type: gcp:servicenetworking:Connection\n properties:\n network: ${network.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${address.name}\n basicHub:\n type: gcp:networkconnectivity:Hub\n name: basic_hub\n properties:\n name: hub-basic\n linkedVpcSpoke:\n type: gcp:networkconnectivity:Spoke\n name: linked_vpc_spoke\n properties:\n name: vpc-spoke\n location: global\n hub: ${basicHub.id}\n linkedVpcNetwork:\n uri: ${network.selfLink}\n primary:\n type: gcp:networkconnectivity:Spoke\n properties:\n name: producer-spoke\n location: global\n description: A sample spoke with a linked router appliance instance\n labels:\n label-one: value-one\n hub: ${basicHub.id}\n linkedProducerVpcNetwork:\n network: ${network.name}\n peering: ${peering.peering}\n excludeExportRanges:\n - 198.51.100.0/24\n - 10.10.0.0/16\n options:\n dependsOn:\n - ${linkedVpcSpoke}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nSpoke can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/spokes/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Spoke can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:networkconnectivity/spoke:Spoke default projects/{{project}}/locations/{{location}}/spokes/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networkconnectivity/spoke:Spoke default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networkconnectivity/spoke:Spoke default {{location}}/{{name}}\n```\n\n", "properties": { "createTime": { "type": "string", @@ -241241,7 +241241,7 @@ } }, "gcp:networkmanagement/connectivityTest:ConnectivityTest": { - "description": "A connectivity test are a static analysis of your resource configurations\nthat enables you to evaluate connectivity to and from Google Cloud\nresources in your Virtual Private Cloud (VPC) network.\n\n\nTo get more information about ConnectivityTest, see:\n\n* [API documentation](https://cloud.google.com/network-intelligence-center/docs/connectivity-tests/reference/networkmanagement/rest/v1/projects.locations.global.connectivityTests)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/network-intelligence-center/docs)\n\n## Example Usage\n\n### Network Management Connectivity Test Instances\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst vpc = new gcp.compute.Network(\"vpc\", {name: \"conn-test-net\"});\nconst debian9 = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst source = new gcp.compute.Instance(\"source\", {\n networkInterfaces: [{\n accessConfigs: [{}],\n network: vpc.id,\n }],\n name: \"source-vm\",\n machineType: \"e2-medium\",\n bootDisk: {\n initializeParams: {\n image: debian9.then(debian9 =\u003e debian9.id),\n },\n },\n});\nconst destination = new gcp.compute.Instance(\"destination\", {\n networkInterfaces: [{\n accessConfigs: [{}],\n network: vpc.id,\n }],\n name: \"dest-vm\",\n machineType: \"e2-medium\",\n bootDisk: {\n initializeParams: {\n image: debian9.then(debian9 =\u003e debian9.id),\n },\n },\n});\nconst instance_test = new gcp.networkmanagement.ConnectivityTest(\"instance-test\", {\n name: \"conn-test-instances\",\n source: {\n instance: source.id,\n },\n destination: {\n instance: destination.id,\n },\n protocol: \"TCP\",\n labels: {\n env: \"test\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nvpc = gcp.compute.Network(\"vpc\", name=\"conn-test-net\")\ndebian9 = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\nsource = gcp.compute.Instance(\"source\",\n network_interfaces=[{\n \"access_configs\": [{}],\n \"network\": vpc.id,\n }],\n name=\"source-vm\",\n machine_type=\"e2-medium\",\n boot_disk={\n \"initialize_params\": {\n \"image\": debian9.id,\n },\n })\ndestination = gcp.compute.Instance(\"destination\",\n network_interfaces=[{\n \"access_configs\": [{}],\n \"network\": vpc.id,\n }],\n name=\"dest-vm\",\n machine_type=\"e2-medium\",\n boot_disk={\n \"initialize_params\": {\n \"image\": debian9.id,\n },\n })\ninstance_test = gcp.networkmanagement.ConnectivityTest(\"instance-test\",\n name=\"conn-test-instances\",\n source={\n \"instance\": source.id,\n },\n destination={\n \"instance\": destination.id,\n },\n protocol=\"TCP\",\n labels={\n \"env\": \"test\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var vpc = new Gcp.Compute.Network(\"vpc\", new()\n {\n Name = \"conn-test-net\",\n });\n\n var debian9 = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var source = new Gcp.Compute.Instance(\"source\", new()\n {\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs\n {\n AccessConfigs = new[]\n {\n null,\n },\n Network = vpc.Id,\n },\n },\n Name = \"source-vm\",\n MachineType = \"e2-medium\",\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = debian9.Apply(getImageResult =\u003e getImageResult.Id),\n },\n },\n });\n\n var destination = new Gcp.Compute.Instance(\"destination\", new()\n {\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs\n {\n AccessConfigs = new[]\n {\n null,\n },\n Network = vpc.Id,\n },\n },\n Name = \"dest-vm\",\n MachineType = \"e2-medium\",\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = debian9.Apply(getImageResult =\u003e getImageResult.Id),\n },\n },\n });\n\n var instance_test = new Gcp.NetworkManagement.ConnectivityTest(\"instance-test\", new()\n {\n Name = \"conn-test-instances\",\n Source = new Gcp.NetworkManagement.Inputs.ConnectivityTestSourceArgs\n {\n Instance = source.Id,\n },\n Destination = new Gcp.NetworkManagement.Inputs.ConnectivityTestDestinationArgs\n {\n Instance = destination.Id,\n },\n Protocol = \"TCP\",\n Labels = \n {\n { \"env\", \"test\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkmanagement\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tvpc, err := compute.NewNetwork(ctx, \"vpc\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"conn-test-net\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdebian9, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsource, err := compute.NewInstance(ctx, \"source\", \u0026compute.InstanceArgs{\n\t\t\tNetworkInterfaces: compute.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tAccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{\n\t\t\t\t\t\t\u0026compute.InstanceNetworkInterfaceAccessConfigArgs{},\n\t\t\t\t\t},\n\t\t\t\t\tNetwork: vpc.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tName: pulumi.String(\"source-vm\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\n\t\t\t\t\tImage: pulumi.String(debian9.Id),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestination, err := compute.NewInstance(ctx, \"destination\", \u0026compute.InstanceArgs{\n\t\t\tNetworkInterfaces: compute.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tAccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{\n\t\t\t\t\t\t\u0026compute.InstanceNetworkInterfaceAccessConfigArgs{},\n\t\t\t\t\t},\n\t\t\t\t\tNetwork: vpc.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tName: pulumi.String(\"dest-vm\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\n\t\t\t\t\tImage: pulumi.String(debian9.Id),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkmanagement.NewConnectivityTest(ctx, \"instance-test\", \u0026networkmanagement.ConnectivityTestArgs{\n\t\t\tName: pulumi.String(\"conn-test-instances\"),\n\t\t\tSource: \u0026networkmanagement.ConnectivityTestSourceArgs{\n\t\t\t\tInstance: source.ID(),\n\t\t\t},\n\t\t\tDestination: \u0026networkmanagement.ConnectivityTestDestinationArgs{\n\t\t\t\tInstance: destination.ID(),\n\t\t\t},\n\t\t\tProtocol: pulumi.String(\"TCP\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"env\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;\nimport com.pulumi.gcp.networkmanagement.ConnectivityTest;\nimport com.pulumi.gcp.networkmanagement.ConnectivityTestArgs;\nimport com.pulumi.gcp.networkmanagement.inputs.ConnectivityTestSourceArgs;\nimport com.pulumi.gcp.networkmanagement.inputs.ConnectivityTestDestinationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var vpc = new Network(\"vpc\", NetworkArgs.builder()\n .name(\"conn-test-net\")\n .build());\n\n final var debian9 = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var source = new Instance(\"source\", InstanceArgs.builder()\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .accessConfigs()\n .network(vpc.id())\n .build())\n .name(\"source-vm\")\n .machineType(\"e2-medium\")\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(debian9.applyValue(getImageResult -\u003e getImageResult.id()))\n .build())\n .build())\n .build());\n\n var destination = new Instance(\"destination\", InstanceArgs.builder()\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .accessConfigs()\n .network(vpc.id())\n .build())\n .name(\"dest-vm\")\n .machineType(\"e2-medium\")\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(debian9.applyValue(getImageResult -\u003e getImageResult.id()))\n .build())\n .build())\n .build());\n\n var instance_test = new ConnectivityTest(\"instance-test\", ConnectivityTestArgs.builder()\n .name(\"conn-test-instances\")\n .source(ConnectivityTestSourceArgs.builder()\n .instance(source.id())\n .build())\n .destination(ConnectivityTestDestinationArgs.builder()\n .instance(destination.id())\n .build())\n .protocol(\"TCP\")\n .labels(Map.of(\"env\", \"test\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance-test:\n type: gcp:networkmanagement:ConnectivityTest\n properties:\n name: conn-test-instances\n source:\n instance: ${source.id}\n destination:\n instance: ${destination.id}\n protocol: TCP\n labels:\n env: test\n source:\n type: gcp:compute:Instance\n properties:\n networkInterfaces:\n - accessConfigs:\n - {}\n network: ${vpc.id}\n name: source-vm\n machineType: e2-medium\n bootDisk:\n initializeParams:\n image: ${debian9.id}\n destination:\n type: gcp:compute:Instance\n properties:\n networkInterfaces:\n - accessConfigs:\n - {}\n network: ${vpc.id}\n name: dest-vm\n machineType: e2-medium\n bootDisk:\n initializeParams:\n image: ${debian9.id}\n vpc:\n type: gcp:compute:Network\n properties:\n name: conn-test-net\nvariables:\n debian9:\n fn::invoke:\n Function: gcp:compute:getImage\n Arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Management Connectivity Test Addresses\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst vpc = new gcp.compute.Network(\"vpc\", {name: \"connectivity-vpc\"});\nconst subnet = new gcp.compute.Subnetwork(\"subnet\", {\n name: \"connectivity-vpc-subnet\",\n ipCidrRange: \"10.0.0.0/16\",\n region: \"us-central1\",\n network: vpc.id,\n});\nconst source_addr = new gcp.compute.Address(\"source-addr\", {\n name: \"src-addr\",\n subnetwork: subnet.id,\n addressType: \"INTERNAL\",\n address: \"10.0.42.42\",\n region: \"us-central1\",\n});\nconst dest_addr = new gcp.compute.Address(\"dest-addr\", {\n name: \"dest-addr\",\n subnetwork: subnet.id,\n addressType: \"INTERNAL\",\n address: \"10.0.43.43\",\n region: \"us-central1\",\n});\nconst address_test = new gcp.networkmanagement.ConnectivityTest(\"address-test\", {\n name: \"conn-test-addr\",\n source: {\n ipAddress: source_addr.address,\n projectId: source_addr.project,\n network: vpc.id,\n networkType: \"GCP_NETWORK\",\n },\n destination: {\n ipAddress: dest_addr.address,\n projectId: dest_addr.project,\n network: vpc.id,\n },\n protocol: \"UDP\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nvpc = gcp.compute.Network(\"vpc\", name=\"connectivity-vpc\")\nsubnet = gcp.compute.Subnetwork(\"subnet\",\n name=\"connectivity-vpc-subnet\",\n ip_cidr_range=\"10.0.0.0/16\",\n region=\"us-central1\",\n network=vpc.id)\nsource_addr = gcp.compute.Address(\"source-addr\",\n name=\"src-addr\",\n subnetwork=subnet.id,\n address_type=\"INTERNAL\",\n address=\"10.0.42.42\",\n region=\"us-central1\")\ndest_addr = gcp.compute.Address(\"dest-addr\",\n name=\"dest-addr\",\n subnetwork=subnet.id,\n address_type=\"INTERNAL\",\n address=\"10.0.43.43\",\n region=\"us-central1\")\naddress_test = gcp.networkmanagement.ConnectivityTest(\"address-test\",\n name=\"conn-test-addr\",\n source={\n \"ip_address\": source_addr.address,\n \"project_id\": source_addr.project,\n \"network\": vpc.id,\n \"network_type\": \"GCP_NETWORK\",\n },\n destination={\n \"ip_address\": dest_addr.address,\n \"project_id\": dest_addr.project,\n \"network\": vpc.id,\n },\n protocol=\"UDP\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var vpc = new Gcp.Compute.Network(\"vpc\", new()\n {\n Name = \"connectivity-vpc\",\n });\n\n var subnet = new Gcp.Compute.Subnetwork(\"subnet\", new()\n {\n Name = \"connectivity-vpc-subnet\",\n IpCidrRange = \"10.0.0.0/16\",\n Region = \"us-central1\",\n Network = vpc.Id,\n });\n\n var source_addr = new Gcp.Compute.Address(\"source-addr\", new()\n {\n Name = \"src-addr\",\n Subnetwork = subnet.Id,\n AddressType = \"INTERNAL\",\n IPAddress = \"10.0.42.42\",\n Region = \"us-central1\",\n });\n\n var dest_addr = new Gcp.Compute.Address(\"dest-addr\", new()\n {\n Name = \"dest-addr\",\n Subnetwork = subnet.Id,\n AddressType = \"INTERNAL\",\n IPAddress = \"10.0.43.43\",\n Region = \"us-central1\",\n });\n\n var address_test = new Gcp.NetworkManagement.ConnectivityTest(\"address-test\", new()\n {\n Name = \"conn-test-addr\",\n Source = new Gcp.NetworkManagement.Inputs.ConnectivityTestSourceArgs\n {\n IpAddress = source_addr.IPAddress,\n ProjectId = source_addr.Project,\n Network = vpc.Id,\n NetworkType = \"GCP_NETWORK\",\n },\n Destination = new Gcp.NetworkManagement.Inputs.ConnectivityTestDestinationArgs\n {\n IpAddress = dest_addr.IPAddress,\n ProjectId = dest_addr.Project,\n Network = vpc.Id,\n },\n Protocol = \"UDP\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkmanagement\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tvpc, err := compute.NewNetwork(ctx, \"vpc\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"connectivity-vpc\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubnet, err := compute.NewSubnetwork(ctx, \"subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"connectivity-vpc-subnet\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: vpc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewAddress(ctx, \"source-addr\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"src-addr\"),\n\t\t\tSubnetwork: subnet.ID(),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tAddress: pulumi.String(\"10.0.42.42\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewAddress(ctx, \"dest-addr\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"dest-addr\"),\n\t\t\tSubnetwork: subnet.ID(),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tAddress: pulumi.String(\"10.0.43.43\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkmanagement.NewConnectivityTest(ctx, \"address-test\", \u0026networkmanagement.ConnectivityTestArgs{\n\t\t\tName: pulumi.String(\"conn-test-addr\"),\n\t\t\tSource: \u0026networkmanagement.ConnectivityTestSourceArgs{\n\t\t\t\tIpAddress: source_addr.Address,\n\t\t\t\tProjectId: source_addr.Project,\n\t\t\t\tNetwork: vpc.ID(),\n\t\t\t\tNetworkType: pulumi.String(\"GCP_NETWORK\"),\n\t\t\t},\n\t\t\tDestination: \u0026networkmanagement.ConnectivityTestDestinationArgs{\n\t\t\t\tIpAddress: dest_addr.Address,\n\t\t\t\tProjectId: dest_addr.Project,\n\t\t\t\tNetwork: vpc.ID(),\n\t\t\t},\n\t\t\tProtocol: pulumi.String(\"UDP\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport com.pulumi.gcp.networkmanagement.ConnectivityTest;\nimport com.pulumi.gcp.networkmanagement.ConnectivityTestArgs;\nimport com.pulumi.gcp.networkmanagement.inputs.ConnectivityTestSourceArgs;\nimport com.pulumi.gcp.networkmanagement.inputs.ConnectivityTestDestinationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var vpc = new Network(\"vpc\", NetworkArgs.builder()\n .name(\"connectivity-vpc\")\n .build());\n\n var subnet = new Subnetwork(\"subnet\", SubnetworkArgs.builder()\n .name(\"connectivity-vpc-subnet\")\n .ipCidrRange(\"10.0.0.0/16\")\n .region(\"us-central1\")\n .network(vpc.id())\n .build());\n\n var source_addr = new Address(\"source-addr\", AddressArgs.builder()\n .name(\"src-addr\")\n .subnetwork(subnet.id())\n .addressType(\"INTERNAL\")\n .address(\"10.0.42.42\")\n .region(\"us-central1\")\n .build());\n\n var dest_addr = new Address(\"dest-addr\", AddressArgs.builder()\n .name(\"dest-addr\")\n .subnetwork(subnet.id())\n .addressType(\"INTERNAL\")\n .address(\"10.0.43.43\")\n .region(\"us-central1\")\n .build());\n\n var address_test = new ConnectivityTest(\"address-test\", ConnectivityTestArgs.builder()\n .name(\"conn-test-addr\")\n .source(ConnectivityTestSourceArgs.builder()\n .ipAddress(source_addr.address())\n .projectId(source_addr.project())\n .network(vpc.id())\n .networkType(\"GCP_NETWORK\")\n .build())\n .destination(ConnectivityTestDestinationArgs.builder()\n .ipAddress(dest_addr.address())\n .projectId(dest_addr.project())\n .network(vpc.id())\n .build())\n .protocol(\"UDP\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n address-test:\n type: gcp:networkmanagement:ConnectivityTest\n properties:\n name: conn-test-addr\n source:\n ipAddress: ${[\"source-addr\"].address}\n projectId: ${[\"source-addr\"].project}\n network: ${vpc.id}\n networkType: GCP_NETWORK\n destination:\n ipAddress: ${[\"dest-addr\"].address}\n projectId: ${[\"dest-addr\"].project}\n network: ${vpc.id}\n protocol: UDP\n vpc:\n type: gcp:compute:Network\n properties:\n name: connectivity-vpc\n subnet:\n type: gcp:compute:Subnetwork\n properties:\n name: connectivity-vpc-subnet\n ipCidrRange: 10.0.0.0/16\n region: us-central1\n network: ${vpc.id}\n source-addr:\n type: gcp:compute:Address\n properties:\n name: src-addr\n subnetwork: ${subnet.id}\n addressType: INTERNAL\n address: 10.0.42.42\n region: us-central1\n dest-addr:\n type: gcp:compute:Address\n properties:\n name: dest-addr\n subnetwork: ${subnet.id}\n addressType: INTERNAL\n address: 10.0.43.43\n region: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nConnectivityTest can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/global/connectivityTests/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, ConnectivityTest can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:networkmanagement/connectivityTest:ConnectivityTest default projects/{{project}}/locations/global/connectivityTests/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networkmanagement/connectivityTest:ConnectivityTest default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networkmanagement/connectivityTest:ConnectivityTest default {{name}}\n```\n\n", + "description": "A connectivity test are a static analysis of your resource configurations\nthat enables you to evaluate connectivity to and from Google Cloud\nresources in your Virtual Private Cloud (VPC) network.\n\n\nTo get more information about ConnectivityTest, see:\n\n* [API documentation](https://cloud.google.com/network-intelligence-center/docs/connectivity-tests/reference/networkmanagement/rest/v1/projects.locations.global.connectivityTests)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/network-intelligence-center/docs)\n\n## Example Usage\n\n### Network Management Connectivity Test Instances\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst vpc = new gcp.compute.Network(\"vpc\", {name: \"conn-test-net\"});\nconst debian9 = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst source = new gcp.compute.Instance(\"source\", {\n networkInterfaces: [{\n accessConfigs: [{}],\n network: vpc.id,\n }],\n name: \"source-vm\",\n machineType: \"e2-medium\",\n bootDisk: {\n initializeParams: {\n image: debian9.then(debian9 =\u003e debian9.id),\n },\n },\n});\nconst destination = new gcp.compute.Instance(\"destination\", {\n networkInterfaces: [{\n accessConfigs: [{}],\n network: vpc.id,\n }],\n name: \"dest-vm\",\n machineType: \"e2-medium\",\n bootDisk: {\n initializeParams: {\n image: debian9.then(debian9 =\u003e debian9.id),\n },\n },\n});\nconst instance_test = new gcp.networkmanagement.ConnectivityTest(\"instance-test\", {\n name: \"conn-test-instances\",\n source: {\n instance: source.id,\n },\n destination: {\n instance: destination.id,\n },\n protocol: \"TCP\",\n labels: {\n env: \"test\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nvpc = gcp.compute.Network(\"vpc\", name=\"conn-test-net\")\ndebian9 = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\nsource = gcp.compute.Instance(\"source\",\n network_interfaces=[{\n \"access_configs\": [{}],\n \"network\": vpc.id,\n }],\n name=\"source-vm\",\n machine_type=\"e2-medium\",\n boot_disk={\n \"initialize_params\": {\n \"image\": debian9.id,\n },\n })\ndestination = gcp.compute.Instance(\"destination\",\n network_interfaces=[{\n \"access_configs\": [{}],\n \"network\": vpc.id,\n }],\n name=\"dest-vm\",\n machine_type=\"e2-medium\",\n boot_disk={\n \"initialize_params\": {\n \"image\": debian9.id,\n },\n })\ninstance_test = gcp.networkmanagement.ConnectivityTest(\"instance-test\",\n name=\"conn-test-instances\",\n source={\n \"instance\": source.id,\n },\n destination={\n \"instance\": destination.id,\n },\n protocol=\"TCP\",\n labels={\n \"env\": \"test\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var vpc = new Gcp.Compute.Network(\"vpc\", new()\n {\n Name = \"conn-test-net\",\n });\n\n var debian9 = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var source = new Gcp.Compute.Instance(\"source\", new()\n {\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs\n {\n AccessConfigs = new[]\n {\n null,\n },\n Network = vpc.Id,\n },\n },\n Name = \"source-vm\",\n MachineType = \"e2-medium\",\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = debian9.Apply(getImageResult =\u003e getImageResult.Id),\n },\n },\n });\n\n var destination = new Gcp.Compute.Instance(\"destination\", new()\n {\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs\n {\n AccessConfigs = new[]\n {\n null,\n },\n Network = vpc.Id,\n },\n },\n Name = \"dest-vm\",\n MachineType = \"e2-medium\",\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = debian9.Apply(getImageResult =\u003e getImageResult.Id),\n },\n },\n });\n\n var instance_test = new Gcp.NetworkManagement.ConnectivityTest(\"instance-test\", new()\n {\n Name = \"conn-test-instances\",\n Source = new Gcp.NetworkManagement.Inputs.ConnectivityTestSourceArgs\n {\n Instance = source.Id,\n },\n Destination = new Gcp.NetworkManagement.Inputs.ConnectivityTestDestinationArgs\n {\n Instance = destination.Id,\n },\n Protocol = \"TCP\",\n Labels = \n {\n { \"env\", \"test\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkmanagement\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tvpc, err := compute.NewNetwork(ctx, \"vpc\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"conn-test-net\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdebian9, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsource, err := compute.NewInstance(ctx, \"source\", \u0026compute.InstanceArgs{\n\t\t\tNetworkInterfaces: compute.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tAccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{\n\t\t\t\t\t\t\u0026compute.InstanceNetworkInterfaceAccessConfigArgs{},\n\t\t\t\t\t},\n\t\t\t\t\tNetwork: vpc.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tName: pulumi.String(\"source-vm\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\n\t\t\t\t\tImage: pulumi.String(debian9.Id),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestination, err := compute.NewInstance(ctx, \"destination\", \u0026compute.InstanceArgs{\n\t\t\tNetworkInterfaces: compute.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tAccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{\n\t\t\t\t\t\t\u0026compute.InstanceNetworkInterfaceAccessConfigArgs{},\n\t\t\t\t\t},\n\t\t\t\t\tNetwork: vpc.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tName: pulumi.String(\"dest-vm\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\n\t\t\t\t\tImage: pulumi.String(debian9.Id),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkmanagement.NewConnectivityTest(ctx, \"instance-test\", \u0026networkmanagement.ConnectivityTestArgs{\n\t\t\tName: pulumi.String(\"conn-test-instances\"),\n\t\t\tSource: \u0026networkmanagement.ConnectivityTestSourceArgs{\n\t\t\t\tInstance: source.ID(),\n\t\t\t},\n\t\t\tDestination: \u0026networkmanagement.ConnectivityTestDestinationArgs{\n\t\t\t\tInstance: destination.ID(),\n\t\t\t},\n\t\t\tProtocol: pulumi.String(\"TCP\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"env\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;\nimport com.pulumi.gcp.networkmanagement.ConnectivityTest;\nimport com.pulumi.gcp.networkmanagement.ConnectivityTestArgs;\nimport com.pulumi.gcp.networkmanagement.inputs.ConnectivityTestSourceArgs;\nimport com.pulumi.gcp.networkmanagement.inputs.ConnectivityTestDestinationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var vpc = new Network(\"vpc\", NetworkArgs.builder()\n .name(\"conn-test-net\")\n .build());\n\n final var debian9 = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var source = new Instance(\"source\", InstanceArgs.builder()\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .accessConfigs()\n .network(vpc.id())\n .build())\n .name(\"source-vm\")\n .machineType(\"e2-medium\")\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(debian9.applyValue(getImageResult -\u003e getImageResult.id()))\n .build())\n .build())\n .build());\n\n var destination = new Instance(\"destination\", InstanceArgs.builder()\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .accessConfigs()\n .network(vpc.id())\n .build())\n .name(\"dest-vm\")\n .machineType(\"e2-medium\")\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(debian9.applyValue(getImageResult -\u003e getImageResult.id()))\n .build())\n .build())\n .build());\n\n var instance_test = new ConnectivityTest(\"instance-test\", ConnectivityTestArgs.builder()\n .name(\"conn-test-instances\")\n .source(ConnectivityTestSourceArgs.builder()\n .instance(source.id())\n .build())\n .destination(ConnectivityTestDestinationArgs.builder()\n .instance(destination.id())\n .build())\n .protocol(\"TCP\")\n .labels(Map.of(\"env\", \"test\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance-test:\n type: gcp:networkmanagement:ConnectivityTest\n properties:\n name: conn-test-instances\n source:\n instance: ${source.id}\n destination:\n instance: ${destination.id}\n protocol: TCP\n labels:\n env: test\n source:\n type: gcp:compute:Instance\n properties:\n networkInterfaces:\n - accessConfigs:\n - {}\n network: ${vpc.id}\n name: source-vm\n machineType: e2-medium\n bootDisk:\n initializeParams:\n image: ${debian9.id}\n destination:\n type: gcp:compute:Instance\n properties:\n networkInterfaces:\n - accessConfigs:\n - {}\n network: ${vpc.id}\n name: dest-vm\n machineType: e2-medium\n bootDisk:\n initializeParams:\n image: ${debian9.id}\n vpc:\n type: gcp:compute:Network\n properties:\n name: conn-test-net\nvariables:\n debian9:\n fn::invoke:\n function: gcp:compute:getImage\n arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Management Connectivity Test Addresses\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst vpc = new gcp.compute.Network(\"vpc\", {name: \"connectivity-vpc\"});\nconst subnet = new gcp.compute.Subnetwork(\"subnet\", {\n name: \"connectivity-vpc-subnet\",\n ipCidrRange: \"10.0.0.0/16\",\n region: \"us-central1\",\n network: vpc.id,\n});\nconst source_addr = new gcp.compute.Address(\"source-addr\", {\n name: \"src-addr\",\n subnetwork: subnet.id,\n addressType: \"INTERNAL\",\n address: \"10.0.42.42\",\n region: \"us-central1\",\n});\nconst dest_addr = new gcp.compute.Address(\"dest-addr\", {\n name: \"dest-addr\",\n subnetwork: subnet.id,\n addressType: \"INTERNAL\",\n address: \"10.0.43.43\",\n region: \"us-central1\",\n});\nconst address_test = new gcp.networkmanagement.ConnectivityTest(\"address-test\", {\n name: \"conn-test-addr\",\n source: {\n ipAddress: source_addr.address,\n projectId: source_addr.project,\n network: vpc.id,\n networkType: \"GCP_NETWORK\",\n },\n destination: {\n ipAddress: dest_addr.address,\n projectId: dest_addr.project,\n network: vpc.id,\n },\n protocol: \"UDP\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nvpc = gcp.compute.Network(\"vpc\", name=\"connectivity-vpc\")\nsubnet = gcp.compute.Subnetwork(\"subnet\",\n name=\"connectivity-vpc-subnet\",\n ip_cidr_range=\"10.0.0.0/16\",\n region=\"us-central1\",\n network=vpc.id)\nsource_addr = gcp.compute.Address(\"source-addr\",\n name=\"src-addr\",\n subnetwork=subnet.id,\n address_type=\"INTERNAL\",\n address=\"10.0.42.42\",\n region=\"us-central1\")\ndest_addr = gcp.compute.Address(\"dest-addr\",\n name=\"dest-addr\",\n subnetwork=subnet.id,\n address_type=\"INTERNAL\",\n address=\"10.0.43.43\",\n region=\"us-central1\")\naddress_test = gcp.networkmanagement.ConnectivityTest(\"address-test\",\n name=\"conn-test-addr\",\n source={\n \"ip_address\": source_addr.address,\n \"project_id\": source_addr.project,\n \"network\": vpc.id,\n \"network_type\": \"GCP_NETWORK\",\n },\n destination={\n \"ip_address\": dest_addr.address,\n \"project_id\": dest_addr.project,\n \"network\": vpc.id,\n },\n protocol=\"UDP\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var vpc = new Gcp.Compute.Network(\"vpc\", new()\n {\n Name = \"connectivity-vpc\",\n });\n\n var subnet = new Gcp.Compute.Subnetwork(\"subnet\", new()\n {\n Name = \"connectivity-vpc-subnet\",\n IpCidrRange = \"10.0.0.0/16\",\n Region = \"us-central1\",\n Network = vpc.Id,\n });\n\n var source_addr = new Gcp.Compute.Address(\"source-addr\", new()\n {\n Name = \"src-addr\",\n Subnetwork = subnet.Id,\n AddressType = \"INTERNAL\",\n IPAddress = \"10.0.42.42\",\n Region = \"us-central1\",\n });\n\n var dest_addr = new Gcp.Compute.Address(\"dest-addr\", new()\n {\n Name = \"dest-addr\",\n Subnetwork = subnet.Id,\n AddressType = \"INTERNAL\",\n IPAddress = \"10.0.43.43\",\n Region = \"us-central1\",\n });\n\n var address_test = new Gcp.NetworkManagement.ConnectivityTest(\"address-test\", new()\n {\n Name = \"conn-test-addr\",\n Source = new Gcp.NetworkManagement.Inputs.ConnectivityTestSourceArgs\n {\n IpAddress = source_addr.IPAddress,\n ProjectId = source_addr.Project,\n Network = vpc.Id,\n NetworkType = \"GCP_NETWORK\",\n },\n Destination = new Gcp.NetworkManagement.Inputs.ConnectivityTestDestinationArgs\n {\n IpAddress = dest_addr.IPAddress,\n ProjectId = dest_addr.Project,\n Network = vpc.Id,\n },\n Protocol = \"UDP\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkmanagement\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tvpc, err := compute.NewNetwork(ctx, \"vpc\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"connectivity-vpc\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubnet, err := compute.NewSubnetwork(ctx, \"subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"connectivity-vpc-subnet\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: vpc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewAddress(ctx, \"source-addr\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"src-addr\"),\n\t\t\tSubnetwork: subnet.ID(),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tAddress: pulumi.String(\"10.0.42.42\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewAddress(ctx, \"dest-addr\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"dest-addr\"),\n\t\t\tSubnetwork: subnet.ID(),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tAddress: pulumi.String(\"10.0.43.43\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkmanagement.NewConnectivityTest(ctx, \"address-test\", \u0026networkmanagement.ConnectivityTestArgs{\n\t\t\tName: pulumi.String(\"conn-test-addr\"),\n\t\t\tSource: \u0026networkmanagement.ConnectivityTestSourceArgs{\n\t\t\t\tIpAddress: source_addr.Address,\n\t\t\t\tProjectId: source_addr.Project,\n\t\t\t\tNetwork: vpc.ID(),\n\t\t\t\tNetworkType: pulumi.String(\"GCP_NETWORK\"),\n\t\t\t},\n\t\t\tDestination: \u0026networkmanagement.ConnectivityTestDestinationArgs{\n\t\t\t\tIpAddress: dest_addr.Address,\n\t\t\t\tProjectId: dest_addr.Project,\n\t\t\t\tNetwork: vpc.ID(),\n\t\t\t},\n\t\t\tProtocol: pulumi.String(\"UDP\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport com.pulumi.gcp.networkmanagement.ConnectivityTest;\nimport com.pulumi.gcp.networkmanagement.ConnectivityTestArgs;\nimport com.pulumi.gcp.networkmanagement.inputs.ConnectivityTestSourceArgs;\nimport com.pulumi.gcp.networkmanagement.inputs.ConnectivityTestDestinationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var vpc = new Network(\"vpc\", NetworkArgs.builder()\n .name(\"connectivity-vpc\")\n .build());\n\n var subnet = new Subnetwork(\"subnet\", SubnetworkArgs.builder()\n .name(\"connectivity-vpc-subnet\")\n .ipCidrRange(\"10.0.0.0/16\")\n .region(\"us-central1\")\n .network(vpc.id())\n .build());\n\n var source_addr = new Address(\"source-addr\", AddressArgs.builder()\n .name(\"src-addr\")\n .subnetwork(subnet.id())\n .addressType(\"INTERNAL\")\n .address(\"10.0.42.42\")\n .region(\"us-central1\")\n .build());\n\n var dest_addr = new Address(\"dest-addr\", AddressArgs.builder()\n .name(\"dest-addr\")\n .subnetwork(subnet.id())\n .addressType(\"INTERNAL\")\n .address(\"10.0.43.43\")\n .region(\"us-central1\")\n .build());\n\n var address_test = new ConnectivityTest(\"address-test\", ConnectivityTestArgs.builder()\n .name(\"conn-test-addr\")\n .source(ConnectivityTestSourceArgs.builder()\n .ipAddress(source_addr.address())\n .projectId(source_addr.project())\n .network(vpc.id())\n .networkType(\"GCP_NETWORK\")\n .build())\n .destination(ConnectivityTestDestinationArgs.builder()\n .ipAddress(dest_addr.address())\n .projectId(dest_addr.project())\n .network(vpc.id())\n .build())\n .protocol(\"UDP\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n address-test:\n type: gcp:networkmanagement:ConnectivityTest\n properties:\n name: conn-test-addr\n source:\n ipAddress: ${[\"source-addr\"].address}\n projectId: ${[\"source-addr\"].project}\n network: ${vpc.id}\n networkType: GCP_NETWORK\n destination:\n ipAddress: ${[\"dest-addr\"].address}\n projectId: ${[\"dest-addr\"].project}\n network: ${vpc.id}\n protocol: UDP\n vpc:\n type: gcp:compute:Network\n properties:\n name: connectivity-vpc\n subnet:\n type: gcp:compute:Subnetwork\n properties:\n name: connectivity-vpc-subnet\n ipCidrRange: 10.0.0.0/16\n region: us-central1\n network: ${vpc.id}\n source-addr:\n type: gcp:compute:Address\n properties:\n name: src-addr\n subnetwork: ${subnet.id}\n addressType: INTERNAL\n address: 10.0.42.42\n region: us-central1\n dest-addr:\n type: gcp:compute:Address\n properties:\n name: dest-addr\n subnetwork: ${subnet.id}\n addressType: INTERNAL\n address: 10.0.43.43\n region: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nConnectivityTest can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/global/connectivityTests/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, ConnectivityTest can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:networkmanagement/connectivityTest:ConnectivityTest default projects/{{project}}/locations/global/connectivityTests/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networkmanagement/connectivityTest:ConnectivityTest default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networkmanagement/connectivityTest:ConnectivityTest default {{name}}\n```\n\n", "properties": { "description": { "type": "string", @@ -241413,7 +241413,7 @@ } }, "gcp:networkmanagement/vpcFlowLogsConfig:VpcFlowLogsConfig": { - "description": "## Example Usage\n\n### Network Management Vpc Flow Logs Config Interconnect Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst network = new gcp.compute.Network(\"network\", {name: \"full-interconnect-test-network\"});\nconst router = new gcp.compute.Router(\"router\", {\n name: \"full-interconnect-test-router\",\n network: network.name,\n bgp: {\n asn: 16550,\n },\n});\nconst attachment = new gcp.compute.InterconnectAttachment(\"attachment\", {\n name: \"full-interconnect-test-id\",\n edgeAvailabilityDomain: \"AVAILABILITY_DOMAIN_1\",\n type: \"PARTNER\",\n router: router.id,\n mtu: \"1500\",\n});\nconst interconnect_test = new gcp.networkmanagement.VpcFlowLogsConfig(\"interconnect-test\", {\n vpcFlowLogsConfigId: \"full-interconnect-test-id\",\n location: \"global\",\n interconnectAttachment: pulumi.all([project, attachment.name]).apply(([project, name]) =\u003e `projects/${project.number}/regions/us-east4/interconnectAttachments/${name}`),\n state: \"ENABLED\",\n aggregationInterval: \"INTERVAL_5_SEC\",\n description: \"VPC Flow Logs over a VPN Gateway.\",\n flowSampling: 0.5,\n metadata: \"INCLUDE_ALL_METADATA\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nnetwork = gcp.compute.Network(\"network\", name=\"full-interconnect-test-network\")\nrouter = gcp.compute.Router(\"router\",\n name=\"full-interconnect-test-router\",\n network=network.name,\n bgp={\n \"asn\": 16550,\n })\nattachment = gcp.compute.InterconnectAttachment(\"attachment\",\n name=\"full-interconnect-test-id\",\n edge_availability_domain=\"AVAILABILITY_DOMAIN_1\",\n type=\"PARTNER\",\n router=router.id,\n mtu=\"1500\")\ninterconnect_test = gcp.networkmanagement.VpcFlowLogsConfig(\"interconnect-test\",\n vpc_flow_logs_config_id=\"full-interconnect-test-id\",\n location=\"global\",\n interconnect_attachment=attachment.name.apply(lambda name: f\"projects/{project.number}/regions/us-east4/interconnectAttachments/{name}\"),\n state=\"ENABLED\",\n aggregation_interval=\"INTERVAL_5_SEC\",\n description=\"VPC Flow Logs over a VPN Gateway.\",\n flow_sampling=0.5,\n metadata=\"INCLUDE_ALL_METADATA\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"full-interconnect-test-network\",\n });\n\n var router = new Gcp.Compute.Router(\"router\", new()\n {\n Name = \"full-interconnect-test-router\",\n Network = network.Name,\n Bgp = new Gcp.Compute.Inputs.RouterBgpArgs\n {\n Asn = 16550,\n },\n });\n\n var attachment = new Gcp.Compute.InterconnectAttachment(\"attachment\", new()\n {\n Name = \"full-interconnect-test-id\",\n EdgeAvailabilityDomain = \"AVAILABILITY_DOMAIN_1\",\n Type = \"PARTNER\",\n Router = router.Id,\n Mtu = \"1500\",\n });\n\n var interconnect_test = new Gcp.NetworkManagement.VpcFlowLogsConfig(\"interconnect-test\", new()\n {\n VpcFlowLogsConfigId = \"full-interconnect-test-id\",\n Location = \"global\",\n InterconnectAttachment = Output.Tuple(project, attachment.Name).Apply(values =\u003e\n {\n var project = values.Item1;\n var name = values.Item2;\n return $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/regions/us-east4/interconnectAttachments/{name}\";\n }),\n State = \"ENABLED\",\n AggregationInterval = \"INTERVAL_5_SEC\",\n Description = \"VPC Flow Logs over a VPN Gateway.\",\n FlowSampling = 0.5,\n Metadata = \"INCLUDE_ALL_METADATA\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkmanagement\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"full-interconnect-test-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trouter, err := compute.NewRouter(ctx, \"router\", \u0026compute.RouterArgs{\n\t\t\tName: pulumi.String(\"full-interconnect-test-router\"),\n\t\t\tNetwork: network.Name,\n\t\t\tBgp: \u0026compute.RouterBgpArgs{\n\t\t\t\tAsn: pulumi.Int(16550),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tattachment, err := compute.NewInterconnectAttachment(ctx, \"attachment\", \u0026compute.InterconnectAttachmentArgs{\n\t\t\tName: pulumi.String(\"full-interconnect-test-id\"),\n\t\t\tEdgeAvailabilityDomain: pulumi.String(\"AVAILABILITY_DOMAIN_1\"),\n\t\t\tType: pulumi.String(\"PARTNER\"),\n\t\t\tRouter: router.ID(),\n\t\t\tMtu: pulumi.String(\"1500\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkmanagement.NewVpcFlowLogsConfig(ctx, \"interconnect-test\", \u0026networkmanagement.VpcFlowLogsConfigArgs{\n\t\t\tVpcFlowLogsConfigId: pulumi.String(\"full-interconnect-test-id\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tInterconnectAttachment: attachment.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/%v/regions/us-east4/interconnectAttachments/%v\", project.Number, name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tState: pulumi.String(\"ENABLED\"),\n\t\t\tAggregationInterval: pulumi.String(\"INTERVAL_5_SEC\"),\n\t\t\tDescription: pulumi.String(\"VPC Flow Logs over a VPN Gateway.\"),\n\t\t\tFlowSampling: pulumi.Float64(0.5),\n\t\t\tMetadata: pulumi.String(\"INCLUDE_ALL_METADATA\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Router;\nimport com.pulumi.gcp.compute.RouterArgs;\nimport com.pulumi.gcp.compute.inputs.RouterBgpArgs;\nimport com.pulumi.gcp.compute.InterconnectAttachment;\nimport com.pulumi.gcp.compute.InterconnectAttachmentArgs;\nimport com.pulumi.gcp.networkmanagement.VpcFlowLogsConfig;\nimport com.pulumi.gcp.networkmanagement.VpcFlowLogsConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"full-interconnect-test-network\")\n .build());\n\n var router = new Router(\"router\", RouterArgs.builder()\n .name(\"full-interconnect-test-router\")\n .network(network.name())\n .bgp(RouterBgpArgs.builder()\n .asn(16550)\n .build())\n .build());\n\n var attachment = new InterconnectAttachment(\"attachment\", InterconnectAttachmentArgs.builder()\n .name(\"full-interconnect-test-id\")\n .edgeAvailabilityDomain(\"AVAILABILITY_DOMAIN_1\")\n .type(\"PARTNER\")\n .router(router.id())\n .mtu(1500)\n .build());\n\n var interconnect_test = new VpcFlowLogsConfig(\"interconnect-test\", VpcFlowLogsConfigArgs.builder()\n .vpcFlowLogsConfigId(\"full-interconnect-test-id\")\n .location(\"global\")\n .interconnectAttachment(attachment.name().applyValue(name -\u003e String.format(\"projects/%s/regions/us-east4/interconnectAttachments/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number()),name)))\n .state(\"ENABLED\")\n .aggregationInterval(\"INTERVAL_5_SEC\")\n .description(\"VPC Flow Logs over a VPN Gateway.\")\n .flowSampling(0.5)\n .metadata(\"INCLUDE_ALL_METADATA\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n interconnect-test:\n type: gcp:networkmanagement:VpcFlowLogsConfig\n properties:\n vpcFlowLogsConfigId: full-interconnect-test-id\n location: global\n interconnectAttachment: projects/${project.number}/regions/us-east4/interconnectAttachments/${attachment.name}\n state: ENABLED\n aggregationInterval: INTERVAL_5_SEC\n description: VPC Flow Logs over a VPN Gateway.\n flowSampling: 0.5\n metadata: INCLUDE_ALL_METADATA\n network:\n type: gcp:compute:Network\n properties:\n name: full-interconnect-test-network\n router:\n type: gcp:compute:Router\n properties:\n name: full-interconnect-test-router\n network: ${network.name}\n bgp:\n asn: 16550\n attachment:\n type: gcp:compute:InterconnectAttachment\n properties:\n name: full-interconnect-test-id\n edgeAvailabilityDomain: AVAILABILITY_DOMAIN_1\n type: PARTNER\n router: ${router.id}\n mtu: 1500\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Management Vpc Flow Logs Config Interconnect Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst network = new gcp.compute.Network(\"network\", {name: \"basic-interconnect-test-network\"});\nconst router = new gcp.compute.Router(\"router\", {\n name: \"basic-interconnect-test-router\",\n network: network.name,\n bgp: {\n asn: 16550,\n },\n});\nconst attachment = new gcp.compute.InterconnectAttachment(\"attachment\", {\n name: \"basic-interconnect-test-id\",\n edgeAvailabilityDomain: \"AVAILABILITY_DOMAIN_1\",\n type: \"PARTNER\",\n router: router.id,\n mtu: \"1500\",\n});\nconst interconnect_test = new gcp.networkmanagement.VpcFlowLogsConfig(\"interconnect-test\", {\n vpcFlowLogsConfigId: \"basic-interconnect-test-id\",\n location: \"global\",\n interconnectAttachment: pulumi.all([project, attachment.name]).apply(([project, name]) =\u003e `projects/${project.number}/regions/us-east4/interconnectAttachments/${name}`),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nnetwork = gcp.compute.Network(\"network\", name=\"basic-interconnect-test-network\")\nrouter = gcp.compute.Router(\"router\",\n name=\"basic-interconnect-test-router\",\n network=network.name,\n bgp={\n \"asn\": 16550,\n })\nattachment = gcp.compute.InterconnectAttachment(\"attachment\",\n name=\"basic-interconnect-test-id\",\n edge_availability_domain=\"AVAILABILITY_DOMAIN_1\",\n type=\"PARTNER\",\n router=router.id,\n mtu=\"1500\")\ninterconnect_test = gcp.networkmanagement.VpcFlowLogsConfig(\"interconnect-test\",\n vpc_flow_logs_config_id=\"basic-interconnect-test-id\",\n location=\"global\",\n interconnect_attachment=attachment.name.apply(lambda name: f\"projects/{project.number}/regions/us-east4/interconnectAttachments/{name}\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"basic-interconnect-test-network\",\n });\n\n var router = new Gcp.Compute.Router(\"router\", new()\n {\n Name = \"basic-interconnect-test-router\",\n Network = network.Name,\n Bgp = new Gcp.Compute.Inputs.RouterBgpArgs\n {\n Asn = 16550,\n },\n });\n\n var attachment = new Gcp.Compute.InterconnectAttachment(\"attachment\", new()\n {\n Name = \"basic-interconnect-test-id\",\n EdgeAvailabilityDomain = \"AVAILABILITY_DOMAIN_1\",\n Type = \"PARTNER\",\n Router = router.Id,\n Mtu = \"1500\",\n });\n\n var interconnect_test = new Gcp.NetworkManagement.VpcFlowLogsConfig(\"interconnect-test\", new()\n {\n VpcFlowLogsConfigId = \"basic-interconnect-test-id\",\n Location = \"global\",\n InterconnectAttachment = Output.Tuple(project, attachment.Name).Apply(values =\u003e\n {\n var project = values.Item1;\n var name = values.Item2;\n return $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/regions/us-east4/interconnectAttachments/{name}\";\n }),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkmanagement\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"basic-interconnect-test-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trouter, err := compute.NewRouter(ctx, \"router\", \u0026compute.RouterArgs{\n\t\t\tName: pulumi.String(\"basic-interconnect-test-router\"),\n\t\t\tNetwork: network.Name,\n\t\t\tBgp: \u0026compute.RouterBgpArgs{\n\t\t\t\tAsn: pulumi.Int(16550),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tattachment, err := compute.NewInterconnectAttachment(ctx, \"attachment\", \u0026compute.InterconnectAttachmentArgs{\n\t\t\tName: pulumi.String(\"basic-interconnect-test-id\"),\n\t\t\tEdgeAvailabilityDomain: pulumi.String(\"AVAILABILITY_DOMAIN_1\"),\n\t\t\tType: pulumi.String(\"PARTNER\"),\n\t\t\tRouter: router.ID(),\n\t\t\tMtu: pulumi.String(\"1500\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkmanagement.NewVpcFlowLogsConfig(ctx, \"interconnect-test\", \u0026networkmanagement.VpcFlowLogsConfigArgs{\n\t\t\tVpcFlowLogsConfigId: pulumi.String(\"basic-interconnect-test-id\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tInterconnectAttachment: attachment.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/%v/regions/us-east4/interconnectAttachments/%v\", project.Number, name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Router;\nimport com.pulumi.gcp.compute.RouterArgs;\nimport com.pulumi.gcp.compute.inputs.RouterBgpArgs;\nimport com.pulumi.gcp.compute.InterconnectAttachment;\nimport com.pulumi.gcp.compute.InterconnectAttachmentArgs;\nimport com.pulumi.gcp.networkmanagement.VpcFlowLogsConfig;\nimport com.pulumi.gcp.networkmanagement.VpcFlowLogsConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"basic-interconnect-test-network\")\n .build());\n\n var router = new Router(\"router\", RouterArgs.builder()\n .name(\"basic-interconnect-test-router\")\n .network(network.name())\n .bgp(RouterBgpArgs.builder()\n .asn(16550)\n .build())\n .build());\n\n var attachment = new InterconnectAttachment(\"attachment\", InterconnectAttachmentArgs.builder()\n .name(\"basic-interconnect-test-id\")\n .edgeAvailabilityDomain(\"AVAILABILITY_DOMAIN_1\")\n .type(\"PARTNER\")\n .router(router.id())\n .mtu(1500)\n .build());\n\n var interconnect_test = new VpcFlowLogsConfig(\"interconnect-test\", VpcFlowLogsConfigArgs.builder()\n .vpcFlowLogsConfigId(\"basic-interconnect-test-id\")\n .location(\"global\")\n .interconnectAttachment(attachment.name().applyValue(name -\u003e String.format(\"projects/%s/regions/us-east4/interconnectAttachments/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number()),name)))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n interconnect-test:\n type: gcp:networkmanagement:VpcFlowLogsConfig\n properties:\n vpcFlowLogsConfigId: basic-interconnect-test-id\n location: global\n interconnectAttachment: projects/${project.number}/regions/us-east4/interconnectAttachments/${attachment.name}\n network:\n type: gcp:compute:Network\n properties:\n name: basic-interconnect-test-network\n router:\n type: gcp:compute:Router\n properties:\n name: basic-interconnect-test-router\n network: ${network.name}\n bgp:\n asn: 16550\n attachment:\n type: gcp:compute:InterconnectAttachment\n properties:\n name: basic-interconnect-test-id\n edgeAvailabilityDomain: AVAILABILITY_DOMAIN_1\n type: PARTNER\n router: ${router.id}\n mtu: 1500\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Management Vpc Flow Logs Config Vpn Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst network = new gcp.compute.Network(\"network\", {name: \"basic-test-network\"});\nconst targetGateway = new gcp.compute.VPNGateway(\"target_gateway\", {\n name: \"basic-test-gateway\",\n network: network.id,\n});\nconst vpnStaticIp = new gcp.compute.Address(\"vpn_static_ip\", {name: \"basic-test-address\"});\nconst frEsp = new gcp.compute.ForwardingRule(\"fr_esp\", {\n name: \"basic-test-fresp\",\n ipProtocol: \"ESP\",\n ipAddress: vpnStaticIp.address,\n target: targetGateway.id,\n});\nconst frUdp500 = new gcp.compute.ForwardingRule(\"fr_udp500\", {\n name: \"basic-test-fr500\",\n ipProtocol: \"UDP\",\n portRange: \"500\",\n ipAddress: vpnStaticIp.address,\n target: targetGateway.id,\n});\nconst frUdp4500 = new gcp.compute.ForwardingRule(\"fr_udp4500\", {\n name: \"basic-test-fr4500\",\n ipProtocol: \"UDP\",\n portRange: \"4500\",\n ipAddress: vpnStaticIp.address,\n target: targetGateway.id,\n});\nconst tunnel = new gcp.compute.VPNTunnel(\"tunnel\", {\n name: \"basic-test-tunnel\",\n peerIp: \"15.0.0.120\",\n sharedSecret: \"a secret message\",\n targetVpnGateway: targetGateway.id,\n}, {\n dependsOn: [\n frEsp,\n frUdp500,\n frUdp4500,\n ],\n});\nconst vpn_test = new gcp.networkmanagement.VpcFlowLogsConfig(\"vpn-test\", {\n vpcFlowLogsConfigId: \"basic-test-id\",\n location: \"global\",\n vpnTunnel: pulumi.all([project, tunnel.name]).apply(([project, name]) =\u003e `projects/${project.number}/regions/us-central1/vpnTunnels/${name}`),\n});\nconst route = new gcp.compute.Route(\"route\", {\n name: \"basic-test-route\",\n network: network.name,\n destRange: \"15.0.0.0/24\",\n priority: 1000,\n nextHopVpnTunnel: tunnel.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nnetwork = gcp.compute.Network(\"network\", name=\"basic-test-network\")\ntarget_gateway = gcp.compute.VPNGateway(\"target_gateway\",\n name=\"basic-test-gateway\",\n network=network.id)\nvpn_static_ip = gcp.compute.Address(\"vpn_static_ip\", name=\"basic-test-address\")\nfr_esp = gcp.compute.ForwardingRule(\"fr_esp\",\n name=\"basic-test-fresp\",\n ip_protocol=\"ESP\",\n ip_address=vpn_static_ip.address,\n target=target_gateway.id)\nfr_udp500 = gcp.compute.ForwardingRule(\"fr_udp500\",\n name=\"basic-test-fr500\",\n ip_protocol=\"UDP\",\n port_range=\"500\",\n ip_address=vpn_static_ip.address,\n target=target_gateway.id)\nfr_udp4500 = gcp.compute.ForwardingRule(\"fr_udp4500\",\n name=\"basic-test-fr4500\",\n ip_protocol=\"UDP\",\n port_range=\"4500\",\n ip_address=vpn_static_ip.address,\n target=target_gateway.id)\ntunnel = gcp.compute.VPNTunnel(\"tunnel\",\n name=\"basic-test-tunnel\",\n peer_ip=\"15.0.0.120\",\n shared_secret=\"a secret message\",\n target_vpn_gateway=target_gateway.id,\n opts = pulumi.ResourceOptions(depends_on=[\n fr_esp,\n fr_udp500,\n fr_udp4500,\n ]))\nvpn_test = gcp.networkmanagement.VpcFlowLogsConfig(\"vpn-test\",\n vpc_flow_logs_config_id=\"basic-test-id\",\n location=\"global\",\n vpn_tunnel=tunnel.name.apply(lambda name: f\"projects/{project.number}/regions/us-central1/vpnTunnels/{name}\"))\nroute = gcp.compute.Route(\"route\",\n name=\"basic-test-route\",\n network=network.name,\n dest_range=\"15.0.0.0/24\",\n priority=1000,\n next_hop_vpn_tunnel=tunnel.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"basic-test-network\",\n });\n\n var targetGateway = new Gcp.Compute.VPNGateway(\"target_gateway\", new()\n {\n Name = \"basic-test-gateway\",\n Network = network.Id,\n });\n\n var vpnStaticIp = new Gcp.Compute.Address(\"vpn_static_ip\", new()\n {\n Name = \"basic-test-address\",\n });\n\n var frEsp = new Gcp.Compute.ForwardingRule(\"fr_esp\", new()\n {\n Name = \"basic-test-fresp\",\n IpProtocol = \"ESP\",\n IpAddress = vpnStaticIp.IPAddress,\n Target = targetGateway.Id,\n });\n\n var frUdp500 = new Gcp.Compute.ForwardingRule(\"fr_udp500\", new()\n {\n Name = \"basic-test-fr500\",\n IpProtocol = \"UDP\",\n PortRange = \"500\",\n IpAddress = vpnStaticIp.IPAddress,\n Target = targetGateway.Id,\n });\n\n var frUdp4500 = new Gcp.Compute.ForwardingRule(\"fr_udp4500\", new()\n {\n Name = \"basic-test-fr4500\",\n IpProtocol = \"UDP\",\n PortRange = \"4500\",\n IpAddress = vpnStaticIp.IPAddress,\n Target = targetGateway.Id,\n });\n\n var tunnel = new Gcp.Compute.VPNTunnel(\"tunnel\", new()\n {\n Name = \"basic-test-tunnel\",\n PeerIp = \"15.0.0.120\",\n SharedSecret = \"a secret message\",\n TargetVpnGateway = targetGateway.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n frEsp,\n frUdp500,\n frUdp4500,\n },\n });\n\n var vpn_test = new Gcp.NetworkManagement.VpcFlowLogsConfig(\"vpn-test\", new()\n {\n VpcFlowLogsConfigId = \"basic-test-id\",\n Location = \"global\",\n VpnTunnel = Output.Tuple(project, tunnel.Name).Apply(values =\u003e\n {\n var project = values.Item1;\n var name = values.Item2;\n return $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/regions/us-central1/vpnTunnels/{name}\";\n }),\n });\n\n var route = new Gcp.Compute.Route(\"route\", new()\n {\n Name = \"basic-test-route\",\n Network = network.Name,\n DestRange = \"15.0.0.0/24\",\n Priority = 1000,\n NextHopVpnTunnel = tunnel.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkmanagement\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"basic-test-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttargetGateway, err := compute.NewVPNGateway(ctx, \"target_gateway\", \u0026compute.VPNGatewayArgs{\n\t\t\tName: pulumi.String(\"basic-test-gateway\"),\n\t\t\tNetwork: network.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpnStaticIp, err := compute.NewAddress(ctx, \"vpn_static_ip\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"basic-test-address\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrEsp, err := compute.NewForwardingRule(ctx, \"fr_esp\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"basic-test-fresp\"),\n\t\t\tIpProtocol: pulumi.String(\"ESP\"),\n\t\t\tIpAddress: vpnStaticIp.Address,\n\t\t\tTarget: targetGateway.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrUdp500, err := compute.NewForwardingRule(ctx, \"fr_udp500\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"basic-test-fr500\"),\n\t\t\tIpProtocol: pulumi.String(\"UDP\"),\n\t\t\tPortRange: pulumi.String(\"500\"),\n\t\t\tIpAddress: vpnStaticIp.Address,\n\t\t\tTarget: targetGateway.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrUdp4500, err := compute.NewForwardingRule(ctx, \"fr_udp4500\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"basic-test-fr4500\"),\n\t\t\tIpProtocol: pulumi.String(\"UDP\"),\n\t\t\tPortRange: pulumi.String(\"4500\"),\n\t\t\tIpAddress: vpnStaticIp.Address,\n\t\t\tTarget: targetGateway.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttunnel, err := compute.NewVPNTunnel(ctx, \"tunnel\", \u0026compute.VPNTunnelArgs{\n\t\t\tName: pulumi.String(\"basic-test-tunnel\"),\n\t\t\tPeerIp: pulumi.String(\"15.0.0.120\"),\n\t\t\tSharedSecret: pulumi.String(\"a secret message\"),\n\t\t\tTargetVpnGateway: targetGateway.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfrEsp,\n\t\t\tfrUdp500,\n\t\t\tfrUdp4500,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkmanagement.NewVpcFlowLogsConfig(ctx, \"vpn-test\", \u0026networkmanagement.VpcFlowLogsConfigArgs{\n\t\t\tVpcFlowLogsConfigId: pulumi.String(\"basic-test-id\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tVpnTunnel: tunnel.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/%v/regions/us-central1/vpnTunnels/%v\", project.Number, name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRoute(ctx, \"route\", \u0026compute.RouteArgs{\n\t\t\tName: pulumi.String(\"basic-test-route\"),\n\t\t\tNetwork: network.Name,\n\t\t\tDestRange: pulumi.String(\"15.0.0.0/24\"),\n\t\t\tPriority: pulumi.Int(1000),\n\t\t\tNextHopVpnTunnel: tunnel.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.VPNGateway;\nimport com.pulumi.gcp.compute.VPNGatewayArgs;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.compute.VPNTunnel;\nimport com.pulumi.gcp.compute.VPNTunnelArgs;\nimport com.pulumi.gcp.networkmanagement.VpcFlowLogsConfig;\nimport com.pulumi.gcp.networkmanagement.VpcFlowLogsConfigArgs;\nimport com.pulumi.gcp.compute.Route;\nimport com.pulumi.gcp.compute.RouteArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"basic-test-network\")\n .build());\n\n var targetGateway = new VPNGateway(\"targetGateway\", VPNGatewayArgs.builder()\n .name(\"basic-test-gateway\")\n .network(network.id())\n .build());\n\n var vpnStaticIp = new Address(\"vpnStaticIp\", AddressArgs.builder()\n .name(\"basic-test-address\")\n .build());\n\n var frEsp = new ForwardingRule(\"frEsp\", ForwardingRuleArgs.builder()\n .name(\"basic-test-fresp\")\n .ipProtocol(\"ESP\")\n .ipAddress(vpnStaticIp.address())\n .target(targetGateway.id())\n .build());\n\n var frUdp500 = new ForwardingRule(\"frUdp500\", ForwardingRuleArgs.builder()\n .name(\"basic-test-fr500\")\n .ipProtocol(\"UDP\")\n .portRange(\"500\")\n .ipAddress(vpnStaticIp.address())\n .target(targetGateway.id())\n .build());\n\n var frUdp4500 = new ForwardingRule(\"frUdp4500\", ForwardingRuleArgs.builder()\n .name(\"basic-test-fr4500\")\n .ipProtocol(\"UDP\")\n .portRange(\"4500\")\n .ipAddress(vpnStaticIp.address())\n .target(targetGateway.id())\n .build());\n\n var tunnel = new VPNTunnel(\"tunnel\", VPNTunnelArgs.builder()\n .name(\"basic-test-tunnel\")\n .peerIp(\"15.0.0.120\")\n .sharedSecret(\"a secret message\")\n .targetVpnGateway(targetGateway.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n frEsp,\n frUdp500,\n frUdp4500)\n .build());\n\n var vpn_test = new VpcFlowLogsConfig(\"vpn-test\", VpcFlowLogsConfigArgs.builder()\n .vpcFlowLogsConfigId(\"basic-test-id\")\n .location(\"global\")\n .vpnTunnel(tunnel.name().applyValue(name -\u003e String.format(\"projects/%s/regions/us-central1/vpnTunnels/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number()),name)))\n .build());\n\n var route = new Route(\"route\", RouteArgs.builder()\n .name(\"basic-test-route\")\n .network(network.name())\n .destRange(\"15.0.0.0/24\")\n .priority(1000)\n .nextHopVpnTunnel(tunnel.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n vpn-test:\n type: gcp:networkmanagement:VpcFlowLogsConfig\n properties:\n vpcFlowLogsConfigId: basic-test-id\n location: global\n vpnTunnel: projects/${project.number}/regions/us-central1/vpnTunnels/${tunnel.name}\n tunnel:\n type: gcp:compute:VPNTunnel\n properties:\n name: basic-test-tunnel\n peerIp: 15.0.0.120\n sharedSecret: a secret message\n targetVpnGateway: ${targetGateway.id}\n options:\n dependson:\n - ${frEsp}\n - ${frUdp500}\n - ${frUdp4500}\n targetGateway:\n type: gcp:compute:VPNGateway\n name: target_gateway\n properties:\n name: basic-test-gateway\n network: ${network.id}\n network:\n type: gcp:compute:Network\n properties:\n name: basic-test-network\n vpnStaticIp:\n type: gcp:compute:Address\n name: vpn_static_ip\n properties:\n name: basic-test-address\n frEsp:\n type: gcp:compute:ForwardingRule\n name: fr_esp\n properties:\n name: basic-test-fresp\n ipProtocol: ESP\n ipAddress: ${vpnStaticIp.address}\n target: ${targetGateway.id}\n frUdp500:\n type: gcp:compute:ForwardingRule\n name: fr_udp500\n properties:\n name: basic-test-fr500\n ipProtocol: UDP\n portRange: '500'\n ipAddress: ${vpnStaticIp.address}\n target: ${targetGateway.id}\n frUdp4500:\n type: gcp:compute:ForwardingRule\n name: fr_udp4500\n properties:\n name: basic-test-fr4500\n ipProtocol: UDP\n portRange: '4500'\n ipAddress: ${vpnStaticIp.address}\n target: ${targetGateway.id}\n route:\n type: gcp:compute:Route\n properties:\n name: basic-test-route\n network: ${network.name}\n destRange: 15.0.0.0/24\n priority: 1000\n nextHopVpnTunnel: ${tunnel.id}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Management Vpc Flow Logs Config Vpn Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst network = new gcp.compute.Network(\"network\", {name: \"full-test-network\"});\nconst targetGateway = new gcp.compute.VPNGateway(\"target_gateway\", {\n name: \"full-test-gateway\",\n network: network.id,\n});\nconst vpnStaticIp = new gcp.compute.Address(\"vpn_static_ip\", {name: \"full-test-address\"});\nconst frEsp = new gcp.compute.ForwardingRule(\"fr_esp\", {\n name: \"full-test-fresp\",\n ipProtocol: \"ESP\",\n ipAddress: vpnStaticIp.address,\n target: targetGateway.id,\n});\nconst frUdp500 = new gcp.compute.ForwardingRule(\"fr_udp500\", {\n name: \"full-test-fr500\",\n ipProtocol: \"UDP\",\n portRange: \"500\",\n ipAddress: vpnStaticIp.address,\n target: targetGateway.id,\n});\nconst frUdp4500 = new gcp.compute.ForwardingRule(\"fr_udp4500\", {\n name: \"full-test-fr4500\",\n ipProtocol: \"UDP\",\n portRange: \"4500\",\n ipAddress: vpnStaticIp.address,\n target: targetGateway.id,\n});\nconst tunnel = new gcp.compute.VPNTunnel(\"tunnel\", {\n name: \"full-test-tunnel\",\n peerIp: \"15.0.0.120\",\n sharedSecret: \"a secret message\",\n targetVpnGateway: targetGateway.id,\n}, {\n dependsOn: [\n frEsp,\n frUdp500,\n frUdp4500,\n ],\n});\nconst vpn_test = new gcp.networkmanagement.VpcFlowLogsConfig(\"vpn-test\", {\n vpcFlowLogsConfigId: \"full-test-id\",\n location: \"global\",\n vpnTunnel: pulumi.all([project, tunnel.name]).apply(([project, name]) =\u003e `projects/${project.number}/regions/us-central1/vpnTunnels/${name}`),\n state: \"ENABLED\",\n aggregationInterval: \"INTERVAL_5_SEC\",\n description: \"VPC Flow Logs over a VPN Gateway.\",\n flowSampling: 0.5,\n metadata: \"INCLUDE_ALL_METADATA\",\n});\nconst route = new gcp.compute.Route(\"route\", {\n name: \"full-test-route\",\n network: network.name,\n destRange: \"15.0.0.0/24\",\n priority: 1000,\n nextHopVpnTunnel: tunnel.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nnetwork = gcp.compute.Network(\"network\", name=\"full-test-network\")\ntarget_gateway = gcp.compute.VPNGateway(\"target_gateway\",\n name=\"full-test-gateway\",\n network=network.id)\nvpn_static_ip = gcp.compute.Address(\"vpn_static_ip\", name=\"full-test-address\")\nfr_esp = gcp.compute.ForwardingRule(\"fr_esp\",\n name=\"full-test-fresp\",\n ip_protocol=\"ESP\",\n ip_address=vpn_static_ip.address,\n target=target_gateway.id)\nfr_udp500 = gcp.compute.ForwardingRule(\"fr_udp500\",\n name=\"full-test-fr500\",\n ip_protocol=\"UDP\",\n port_range=\"500\",\n ip_address=vpn_static_ip.address,\n target=target_gateway.id)\nfr_udp4500 = gcp.compute.ForwardingRule(\"fr_udp4500\",\n name=\"full-test-fr4500\",\n ip_protocol=\"UDP\",\n port_range=\"4500\",\n ip_address=vpn_static_ip.address,\n target=target_gateway.id)\ntunnel = gcp.compute.VPNTunnel(\"tunnel\",\n name=\"full-test-tunnel\",\n peer_ip=\"15.0.0.120\",\n shared_secret=\"a secret message\",\n target_vpn_gateway=target_gateway.id,\n opts = pulumi.ResourceOptions(depends_on=[\n fr_esp,\n fr_udp500,\n fr_udp4500,\n ]))\nvpn_test = gcp.networkmanagement.VpcFlowLogsConfig(\"vpn-test\",\n vpc_flow_logs_config_id=\"full-test-id\",\n location=\"global\",\n vpn_tunnel=tunnel.name.apply(lambda name: f\"projects/{project.number}/regions/us-central1/vpnTunnels/{name}\"),\n state=\"ENABLED\",\n aggregation_interval=\"INTERVAL_5_SEC\",\n description=\"VPC Flow Logs over a VPN Gateway.\",\n flow_sampling=0.5,\n metadata=\"INCLUDE_ALL_METADATA\")\nroute = gcp.compute.Route(\"route\",\n name=\"full-test-route\",\n network=network.name,\n dest_range=\"15.0.0.0/24\",\n priority=1000,\n next_hop_vpn_tunnel=tunnel.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"full-test-network\",\n });\n\n var targetGateway = new Gcp.Compute.VPNGateway(\"target_gateway\", new()\n {\n Name = \"full-test-gateway\",\n Network = network.Id,\n });\n\n var vpnStaticIp = new Gcp.Compute.Address(\"vpn_static_ip\", new()\n {\n Name = \"full-test-address\",\n });\n\n var frEsp = new Gcp.Compute.ForwardingRule(\"fr_esp\", new()\n {\n Name = \"full-test-fresp\",\n IpProtocol = \"ESP\",\n IpAddress = vpnStaticIp.IPAddress,\n Target = targetGateway.Id,\n });\n\n var frUdp500 = new Gcp.Compute.ForwardingRule(\"fr_udp500\", new()\n {\n Name = \"full-test-fr500\",\n IpProtocol = \"UDP\",\n PortRange = \"500\",\n IpAddress = vpnStaticIp.IPAddress,\n Target = targetGateway.Id,\n });\n\n var frUdp4500 = new Gcp.Compute.ForwardingRule(\"fr_udp4500\", new()\n {\n Name = \"full-test-fr4500\",\n IpProtocol = \"UDP\",\n PortRange = \"4500\",\n IpAddress = vpnStaticIp.IPAddress,\n Target = targetGateway.Id,\n });\n\n var tunnel = new Gcp.Compute.VPNTunnel(\"tunnel\", new()\n {\n Name = \"full-test-tunnel\",\n PeerIp = \"15.0.0.120\",\n SharedSecret = \"a secret message\",\n TargetVpnGateway = targetGateway.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n frEsp,\n frUdp500,\n frUdp4500,\n },\n });\n\n var vpn_test = new Gcp.NetworkManagement.VpcFlowLogsConfig(\"vpn-test\", new()\n {\n VpcFlowLogsConfigId = \"full-test-id\",\n Location = \"global\",\n VpnTunnel = Output.Tuple(project, tunnel.Name).Apply(values =\u003e\n {\n var project = values.Item1;\n var name = values.Item2;\n return $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/regions/us-central1/vpnTunnels/{name}\";\n }),\n State = \"ENABLED\",\n AggregationInterval = \"INTERVAL_5_SEC\",\n Description = \"VPC Flow Logs over a VPN Gateway.\",\n FlowSampling = 0.5,\n Metadata = \"INCLUDE_ALL_METADATA\",\n });\n\n var route = new Gcp.Compute.Route(\"route\", new()\n {\n Name = \"full-test-route\",\n Network = network.Name,\n DestRange = \"15.0.0.0/24\",\n Priority = 1000,\n NextHopVpnTunnel = tunnel.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkmanagement\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"full-test-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttargetGateway, err := compute.NewVPNGateway(ctx, \"target_gateway\", \u0026compute.VPNGatewayArgs{\n\t\t\tName: pulumi.String(\"full-test-gateway\"),\n\t\t\tNetwork: network.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpnStaticIp, err := compute.NewAddress(ctx, \"vpn_static_ip\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"full-test-address\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrEsp, err := compute.NewForwardingRule(ctx, \"fr_esp\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"full-test-fresp\"),\n\t\t\tIpProtocol: pulumi.String(\"ESP\"),\n\t\t\tIpAddress: vpnStaticIp.Address,\n\t\t\tTarget: targetGateway.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrUdp500, err := compute.NewForwardingRule(ctx, \"fr_udp500\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"full-test-fr500\"),\n\t\t\tIpProtocol: pulumi.String(\"UDP\"),\n\t\t\tPortRange: pulumi.String(\"500\"),\n\t\t\tIpAddress: vpnStaticIp.Address,\n\t\t\tTarget: targetGateway.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrUdp4500, err := compute.NewForwardingRule(ctx, \"fr_udp4500\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"full-test-fr4500\"),\n\t\t\tIpProtocol: pulumi.String(\"UDP\"),\n\t\t\tPortRange: pulumi.String(\"4500\"),\n\t\t\tIpAddress: vpnStaticIp.Address,\n\t\t\tTarget: targetGateway.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttunnel, err := compute.NewVPNTunnel(ctx, \"tunnel\", \u0026compute.VPNTunnelArgs{\n\t\t\tName: pulumi.String(\"full-test-tunnel\"),\n\t\t\tPeerIp: pulumi.String(\"15.0.0.120\"),\n\t\t\tSharedSecret: pulumi.String(\"a secret message\"),\n\t\t\tTargetVpnGateway: targetGateway.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfrEsp,\n\t\t\tfrUdp500,\n\t\t\tfrUdp4500,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkmanagement.NewVpcFlowLogsConfig(ctx, \"vpn-test\", \u0026networkmanagement.VpcFlowLogsConfigArgs{\n\t\t\tVpcFlowLogsConfigId: pulumi.String(\"full-test-id\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tVpnTunnel: tunnel.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/%v/regions/us-central1/vpnTunnels/%v\", project.Number, name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tState: pulumi.String(\"ENABLED\"),\n\t\t\tAggregationInterval: pulumi.String(\"INTERVAL_5_SEC\"),\n\t\t\tDescription: pulumi.String(\"VPC Flow Logs over a VPN Gateway.\"),\n\t\t\tFlowSampling: pulumi.Float64(0.5),\n\t\t\tMetadata: pulumi.String(\"INCLUDE_ALL_METADATA\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRoute(ctx, \"route\", \u0026compute.RouteArgs{\n\t\t\tName: pulumi.String(\"full-test-route\"),\n\t\t\tNetwork: network.Name,\n\t\t\tDestRange: pulumi.String(\"15.0.0.0/24\"),\n\t\t\tPriority: pulumi.Int(1000),\n\t\t\tNextHopVpnTunnel: tunnel.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.VPNGateway;\nimport com.pulumi.gcp.compute.VPNGatewayArgs;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.compute.VPNTunnel;\nimport com.pulumi.gcp.compute.VPNTunnelArgs;\nimport com.pulumi.gcp.networkmanagement.VpcFlowLogsConfig;\nimport com.pulumi.gcp.networkmanagement.VpcFlowLogsConfigArgs;\nimport com.pulumi.gcp.compute.Route;\nimport com.pulumi.gcp.compute.RouteArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"full-test-network\")\n .build());\n\n var targetGateway = new VPNGateway(\"targetGateway\", VPNGatewayArgs.builder()\n .name(\"full-test-gateway\")\n .network(network.id())\n .build());\n\n var vpnStaticIp = new Address(\"vpnStaticIp\", AddressArgs.builder()\n .name(\"full-test-address\")\n .build());\n\n var frEsp = new ForwardingRule(\"frEsp\", ForwardingRuleArgs.builder()\n .name(\"full-test-fresp\")\n .ipProtocol(\"ESP\")\n .ipAddress(vpnStaticIp.address())\n .target(targetGateway.id())\n .build());\n\n var frUdp500 = new ForwardingRule(\"frUdp500\", ForwardingRuleArgs.builder()\n .name(\"full-test-fr500\")\n .ipProtocol(\"UDP\")\n .portRange(\"500\")\n .ipAddress(vpnStaticIp.address())\n .target(targetGateway.id())\n .build());\n\n var frUdp4500 = new ForwardingRule(\"frUdp4500\", ForwardingRuleArgs.builder()\n .name(\"full-test-fr4500\")\n .ipProtocol(\"UDP\")\n .portRange(\"4500\")\n .ipAddress(vpnStaticIp.address())\n .target(targetGateway.id())\n .build());\n\n var tunnel = new VPNTunnel(\"tunnel\", VPNTunnelArgs.builder()\n .name(\"full-test-tunnel\")\n .peerIp(\"15.0.0.120\")\n .sharedSecret(\"a secret message\")\n .targetVpnGateway(targetGateway.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n frEsp,\n frUdp500,\n frUdp4500)\n .build());\n\n var vpn_test = new VpcFlowLogsConfig(\"vpn-test\", VpcFlowLogsConfigArgs.builder()\n .vpcFlowLogsConfigId(\"full-test-id\")\n .location(\"global\")\n .vpnTunnel(tunnel.name().applyValue(name -\u003e String.format(\"projects/%s/regions/us-central1/vpnTunnels/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number()),name)))\n .state(\"ENABLED\")\n .aggregationInterval(\"INTERVAL_5_SEC\")\n .description(\"VPC Flow Logs over a VPN Gateway.\")\n .flowSampling(0.5)\n .metadata(\"INCLUDE_ALL_METADATA\")\n .build());\n\n var route = new Route(\"route\", RouteArgs.builder()\n .name(\"full-test-route\")\n .network(network.name())\n .destRange(\"15.0.0.0/24\")\n .priority(1000)\n .nextHopVpnTunnel(tunnel.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n vpn-test:\n type: gcp:networkmanagement:VpcFlowLogsConfig\n properties:\n vpcFlowLogsConfigId: full-test-id\n location: global\n vpnTunnel: projects/${project.number}/regions/us-central1/vpnTunnels/${tunnel.name}\n state: ENABLED\n aggregationInterval: INTERVAL_5_SEC\n description: VPC Flow Logs over a VPN Gateway.\n flowSampling: 0.5\n metadata: INCLUDE_ALL_METADATA\n tunnel:\n type: gcp:compute:VPNTunnel\n properties:\n name: full-test-tunnel\n peerIp: 15.0.0.120\n sharedSecret: a secret message\n targetVpnGateway: ${targetGateway.id}\n options:\n dependson:\n - ${frEsp}\n - ${frUdp500}\n - ${frUdp4500}\n targetGateway:\n type: gcp:compute:VPNGateway\n name: target_gateway\n properties:\n name: full-test-gateway\n network: ${network.id}\n network:\n type: gcp:compute:Network\n properties:\n name: full-test-network\n vpnStaticIp:\n type: gcp:compute:Address\n name: vpn_static_ip\n properties:\n name: full-test-address\n frEsp:\n type: gcp:compute:ForwardingRule\n name: fr_esp\n properties:\n name: full-test-fresp\n ipProtocol: ESP\n ipAddress: ${vpnStaticIp.address}\n target: ${targetGateway.id}\n frUdp500:\n type: gcp:compute:ForwardingRule\n name: fr_udp500\n properties:\n name: full-test-fr500\n ipProtocol: UDP\n portRange: '500'\n ipAddress: ${vpnStaticIp.address}\n target: ${targetGateway.id}\n frUdp4500:\n type: gcp:compute:ForwardingRule\n name: fr_udp4500\n properties:\n name: full-test-fr4500\n ipProtocol: UDP\n portRange: '4500'\n ipAddress: ${vpnStaticIp.address}\n target: ${targetGateway.id}\n route:\n type: gcp:compute:Route\n properties:\n name: full-test-route\n network: ${network.name}\n destRange: 15.0.0.0/24\n priority: 1000\n nextHopVpnTunnel: ${tunnel.id}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nVpcFlowLogsConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/vpcFlowLogsConfigs/{{vpc_flow_logs_config_id}}`\n\n* `{{project}}/{{location}}/{{vpc_flow_logs_config_id}}`\n\n* `{{location}}/{{vpc_flow_logs_config_id}}`\n\nWhen using the `pulumi import` command, VpcFlowLogsConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:networkmanagement/vpcFlowLogsConfig:VpcFlowLogsConfig default projects/{{project}}/locations/{{location}}/vpcFlowLogsConfigs/{{vpc_flow_logs_config_id}}\n```\n\n```sh\n$ pulumi import gcp:networkmanagement/vpcFlowLogsConfig:VpcFlowLogsConfig default {{project}}/{{location}}/{{vpc_flow_logs_config_id}}\n```\n\n```sh\n$ pulumi import gcp:networkmanagement/vpcFlowLogsConfig:VpcFlowLogsConfig default {{location}}/{{vpc_flow_logs_config_id}}\n```\n\n", + "description": "## Example Usage\n\n### Network Management Vpc Flow Logs Config Interconnect Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst network = new gcp.compute.Network(\"network\", {name: \"full-interconnect-test-network\"});\nconst router = new gcp.compute.Router(\"router\", {\n name: \"full-interconnect-test-router\",\n network: network.name,\n bgp: {\n asn: 16550,\n },\n});\nconst attachment = new gcp.compute.InterconnectAttachment(\"attachment\", {\n name: \"full-interconnect-test-id\",\n edgeAvailabilityDomain: \"AVAILABILITY_DOMAIN_1\",\n type: \"PARTNER\",\n router: router.id,\n mtu: \"1500\",\n});\nconst interconnect_test = new gcp.networkmanagement.VpcFlowLogsConfig(\"interconnect-test\", {\n vpcFlowLogsConfigId: \"full-interconnect-test-id\",\n location: \"global\",\n interconnectAttachment: pulumi.all([project, attachment.name]).apply(([project, name]) =\u003e `projects/${project.number}/regions/us-east4/interconnectAttachments/${name}`),\n state: \"ENABLED\",\n aggregationInterval: \"INTERVAL_5_SEC\",\n description: \"VPC Flow Logs over a VPN Gateway.\",\n flowSampling: 0.5,\n metadata: \"INCLUDE_ALL_METADATA\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nnetwork = gcp.compute.Network(\"network\", name=\"full-interconnect-test-network\")\nrouter = gcp.compute.Router(\"router\",\n name=\"full-interconnect-test-router\",\n network=network.name,\n bgp={\n \"asn\": 16550,\n })\nattachment = gcp.compute.InterconnectAttachment(\"attachment\",\n name=\"full-interconnect-test-id\",\n edge_availability_domain=\"AVAILABILITY_DOMAIN_1\",\n type=\"PARTNER\",\n router=router.id,\n mtu=\"1500\")\ninterconnect_test = gcp.networkmanagement.VpcFlowLogsConfig(\"interconnect-test\",\n vpc_flow_logs_config_id=\"full-interconnect-test-id\",\n location=\"global\",\n interconnect_attachment=attachment.name.apply(lambda name: f\"projects/{project.number}/regions/us-east4/interconnectAttachments/{name}\"),\n state=\"ENABLED\",\n aggregation_interval=\"INTERVAL_5_SEC\",\n description=\"VPC Flow Logs over a VPN Gateway.\",\n flow_sampling=0.5,\n metadata=\"INCLUDE_ALL_METADATA\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"full-interconnect-test-network\",\n });\n\n var router = new Gcp.Compute.Router(\"router\", new()\n {\n Name = \"full-interconnect-test-router\",\n Network = network.Name,\n Bgp = new Gcp.Compute.Inputs.RouterBgpArgs\n {\n Asn = 16550,\n },\n });\n\n var attachment = new Gcp.Compute.InterconnectAttachment(\"attachment\", new()\n {\n Name = \"full-interconnect-test-id\",\n EdgeAvailabilityDomain = \"AVAILABILITY_DOMAIN_1\",\n Type = \"PARTNER\",\n Router = router.Id,\n Mtu = \"1500\",\n });\n\n var interconnect_test = new Gcp.NetworkManagement.VpcFlowLogsConfig(\"interconnect-test\", new()\n {\n VpcFlowLogsConfigId = \"full-interconnect-test-id\",\n Location = \"global\",\n InterconnectAttachment = Output.Tuple(project, attachment.Name).Apply(values =\u003e\n {\n var project = values.Item1;\n var name = values.Item2;\n return $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/regions/us-east4/interconnectAttachments/{name}\";\n }),\n State = \"ENABLED\",\n AggregationInterval = \"INTERVAL_5_SEC\",\n Description = \"VPC Flow Logs over a VPN Gateway.\",\n FlowSampling = 0.5,\n Metadata = \"INCLUDE_ALL_METADATA\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkmanagement\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"full-interconnect-test-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trouter, err := compute.NewRouter(ctx, \"router\", \u0026compute.RouterArgs{\n\t\t\tName: pulumi.String(\"full-interconnect-test-router\"),\n\t\t\tNetwork: network.Name,\n\t\t\tBgp: \u0026compute.RouterBgpArgs{\n\t\t\t\tAsn: pulumi.Int(16550),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tattachment, err := compute.NewInterconnectAttachment(ctx, \"attachment\", \u0026compute.InterconnectAttachmentArgs{\n\t\t\tName: pulumi.String(\"full-interconnect-test-id\"),\n\t\t\tEdgeAvailabilityDomain: pulumi.String(\"AVAILABILITY_DOMAIN_1\"),\n\t\t\tType: pulumi.String(\"PARTNER\"),\n\t\t\tRouter: router.ID(),\n\t\t\tMtu: pulumi.String(\"1500\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkmanagement.NewVpcFlowLogsConfig(ctx, \"interconnect-test\", \u0026networkmanagement.VpcFlowLogsConfigArgs{\n\t\t\tVpcFlowLogsConfigId: pulumi.String(\"full-interconnect-test-id\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tInterconnectAttachment: attachment.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/%v/regions/us-east4/interconnectAttachments/%v\", project.Number, name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tState: pulumi.String(\"ENABLED\"),\n\t\t\tAggregationInterval: pulumi.String(\"INTERVAL_5_SEC\"),\n\t\t\tDescription: pulumi.String(\"VPC Flow Logs over a VPN Gateway.\"),\n\t\t\tFlowSampling: pulumi.Float64(0.5),\n\t\t\tMetadata: pulumi.String(\"INCLUDE_ALL_METADATA\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Router;\nimport com.pulumi.gcp.compute.RouterArgs;\nimport com.pulumi.gcp.compute.inputs.RouterBgpArgs;\nimport com.pulumi.gcp.compute.InterconnectAttachment;\nimport com.pulumi.gcp.compute.InterconnectAttachmentArgs;\nimport com.pulumi.gcp.networkmanagement.VpcFlowLogsConfig;\nimport com.pulumi.gcp.networkmanagement.VpcFlowLogsConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"full-interconnect-test-network\")\n .build());\n\n var router = new Router(\"router\", RouterArgs.builder()\n .name(\"full-interconnect-test-router\")\n .network(network.name())\n .bgp(RouterBgpArgs.builder()\n .asn(16550)\n .build())\n .build());\n\n var attachment = new InterconnectAttachment(\"attachment\", InterconnectAttachmentArgs.builder()\n .name(\"full-interconnect-test-id\")\n .edgeAvailabilityDomain(\"AVAILABILITY_DOMAIN_1\")\n .type(\"PARTNER\")\n .router(router.id())\n .mtu(1500)\n .build());\n\n var interconnect_test = new VpcFlowLogsConfig(\"interconnect-test\", VpcFlowLogsConfigArgs.builder()\n .vpcFlowLogsConfigId(\"full-interconnect-test-id\")\n .location(\"global\")\n .interconnectAttachment(attachment.name().applyValue(name -\u003e String.format(\"projects/%s/regions/us-east4/interconnectAttachments/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number()),name)))\n .state(\"ENABLED\")\n .aggregationInterval(\"INTERVAL_5_SEC\")\n .description(\"VPC Flow Logs over a VPN Gateway.\")\n .flowSampling(0.5)\n .metadata(\"INCLUDE_ALL_METADATA\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n interconnect-test:\n type: gcp:networkmanagement:VpcFlowLogsConfig\n properties:\n vpcFlowLogsConfigId: full-interconnect-test-id\n location: global\n interconnectAttachment: projects/${project.number}/regions/us-east4/interconnectAttachments/${attachment.name}\n state: ENABLED\n aggregationInterval: INTERVAL_5_SEC\n description: VPC Flow Logs over a VPN Gateway.\n flowSampling: 0.5\n metadata: INCLUDE_ALL_METADATA\n network:\n type: gcp:compute:Network\n properties:\n name: full-interconnect-test-network\n router:\n type: gcp:compute:Router\n properties:\n name: full-interconnect-test-router\n network: ${network.name}\n bgp:\n asn: 16550\n attachment:\n type: gcp:compute:InterconnectAttachment\n properties:\n name: full-interconnect-test-id\n edgeAvailabilityDomain: AVAILABILITY_DOMAIN_1\n type: PARTNER\n router: ${router.id}\n mtu: 1500\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Management Vpc Flow Logs Config Interconnect Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst network = new gcp.compute.Network(\"network\", {name: \"basic-interconnect-test-network\"});\nconst router = new gcp.compute.Router(\"router\", {\n name: \"basic-interconnect-test-router\",\n network: network.name,\n bgp: {\n asn: 16550,\n },\n});\nconst attachment = new gcp.compute.InterconnectAttachment(\"attachment\", {\n name: \"basic-interconnect-test-id\",\n edgeAvailabilityDomain: \"AVAILABILITY_DOMAIN_1\",\n type: \"PARTNER\",\n router: router.id,\n mtu: \"1500\",\n});\nconst interconnect_test = new gcp.networkmanagement.VpcFlowLogsConfig(\"interconnect-test\", {\n vpcFlowLogsConfigId: \"basic-interconnect-test-id\",\n location: \"global\",\n interconnectAttachment: pulumi.all([project, attachment.name]).apply(([project, name]) =\u003e `projects/${project.number}/regions/us-east4/interconnectAttachments/${name}`),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nnetwork = gcp.compute.Network(\"network\", name=\"basic-interconnect-test-network\")\nrouter = gcp.compute.Router(\"router\",\n name=\"basic-interconnect-test-router\",\n network=network.name,\n bgp={\n \"asn\": 16550,\n })\nattachment = gcp.compute.InterconnectAttachment(\"attachment\",\n name=\"basic-interconnect-test-id\",\n edge_availability_domain=\"AVAILABILITY_DOMAIN_1\",\n type=\"PARTNER\",\n router=router.id,\n mtu=\"1500\")\ninterconnect_test = gcp.networkmanagement.VpcFlowLogsConfig(\"interconnect-test\",\n vpc_flow_logs_config_id=\"basic-interconnect-test-id\",\n location=\"global\",\n interconnect_attachment=attachment.name.apply(lambda name: f\"projects/{project.number}/regions/us-east4/interconnectAttachments/{name}\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"basic-interconnect-test-network\",\n });\n\n var router = new Gcp.Compute.Router(\"router\", new()\n {\n Name = \"basic-interconnect-test-router\",\n Network = network.Name,\n Bgp = new Gcp.Compute.Inputs.RouterBgpArgs\n {\n Asn = 16550,\n },\n });\n\n var attachment = new Gcp.Compute.InterconnectAttachment(\"attachment\", new()\n {\n Name = \"basic-interconnect-test-id\",\n EdgeAvailabilityDomain = \"AVAILABILITY_DOMAIN_1\",\n Type = \"PARTNER\",\n Router = router.Id,\n Mtu = \"1500\",\n });\n\n var interconnect_test = new Gcp.NetworkManagement.VpcFlowLogsConfig(\"interconnect-test\", new()\n {\n VpcFlowLogsConfigId = \"basic-interconnect-test-id\",\n Location = \"global\",\n InterconnectAttachment = Output.Tuple(project, attachment.Name).Apply(values =\u003e\n {\n var project = values.Item1;\n var name = values.Item2;\n return $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/regions/us-east4/interconnectAttachments/{name}\";\n }),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkmanagement\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"basic-interconnect-test-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trouter, err := compute.NewRouter(ctx, \"router\", \u0026compute.RouterArgs{\n\t\t\tName: pulumi.String(\"basic-interconnect-test-router\"),\n\t\t\tNetwork: network.Name,\n\t\t\tBgp: \u0026compute.RouterBgpArgs{\n\t\t\t\tAsn: pulumi.Int(16550),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tattachment, err := compute.NewInterconnectAttachment(ctx, \"attachment\", \u0026compute.InterconnectAttachmentArgs{\n\t\t\tName: pulumi.String(\"basic-interconnect-test-id\"),\n\t\t\tEdgeAvailabilityDomain: pulumi.String(\"AVAILABILITY_DOMAIN_1\"),\n\t\t\tType: pulumi.String(\"PARTNER\"),\n\t\t\tRouter: router.ID(),\n\t\t\tMtu: pulumi.String(\"1500\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkmanagement.NewVpcFlowLogsConfig(ctx, \"interconnect-test\", \u0026networkmanagement.VpcFlowLogsConfigArgs{\n\t\t\tVpcFlowLogsConfigId: pulumi.String(\"basic-interconnect-test-id\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tInterconnectAttachment: attachment.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/%v/regions/us-east4/interconnectAttachments/%v\", project.Number, name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Router;\nimport com.pulumi.gcp.compute.RouterArgs;\nimport com.pulumi.gcp.compute.inputs.RouterBgpArgs;\nimport com.pulumi.gcp.compute.InterconnectAttachment;\nimport com.pulumi.gcp.compute.InterconnectAttachmentArgs;\nimport com.pulumi.gcp.networkmanagement.VpcFlowLogsConfig;\nimport com.pulumi.gcp.networkmanagement.VpcFlowLogsConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"basic-interconnect-test-network\")\n .build());\n\n var router = new Router(\"router\", RouterArgs.builder()\n .name(\"basic-interconnect-test-router\")\n .network(network.name())\n .bgp(RouterBgpArgs.builder()\n .asn(16550)\n .build())\n .build());\n\n var attachment = new InterconnectAttachment(\"attachment\", InterconnectAttachmentArgs.builder()\n .name(\"basic-interconnect-test-id\")\n .edgeAvailabilityDomain(\"AVAILABILITY_DOMAIN_1\")\n .type(\"PARTNER\")\n .router(router.id())\n .mtu(1500)\n .build());\n\n var interconnect_test = new VpcFlowLogsConfig(\"interconnect-test\", VpcFlowLogsConfigArgs.builder()\n .vpcFlowLogsConfigId(\"basic-interconnect-test-id\")\n .location(\"global\")\n .interconnectAttachment(attachment.name().applyValue(name -\u003e String.format(\"projects/%s/regions/us-east4/interconnectAttachments/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number()),name)))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n interconnect-test:\n type: gcp:networkmanagement:VpcFlowLogsConfig\n properties:\n vpcFlowLogsConfigId: basic-interconnect-test-id\n location: global\n interconnectAttachment: projects/${project.number}/regions/us-east4/interconnectAttachments/${attachment.name}\n network:\n type: gcp:compute:Network\n properties:\n name: basic-interconnect-test-network\n router:\n type: gcp:compute:Router\n properties:\n name: basic-interconnect-test-router\n network: ${network.name}\n bgp:\n asn: 16550\n attachment:\n type: gcp:compute:InterconnectAttachment\n properties:\n name: basic-interconnect-test-id\n edgeAvailabilityDomain: AVAILABILITY_DOMAIN_1\n type: PARTNER\n router: ${router.id}\n mtu: 1500\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Management Vpc Flow Logs Config Vpn Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst network = new gcp.compute.Network(\"network\", {name: \"basic-test-network\"});\nconst targetGateway = new gcp.compute.VPNGateway(\"target_gateway\", {\n name: \"basic-test-gateway\",\n network: network.id,\n});\nconst vpnStaticIp = new gcp.compute.Address(\"vpn_static_ip\", {name: \"basic-test-address\"});\nconst frEsp = new gcp.compute.ForwardingRule(\"fr_esp\", {\n name: \"basic-test-fresp\",\n ipProtocol: \"ESP\",\n ipAddress: vpnStaticIp.address,\n target: targetGateway.id,\n});\nconst frUdp500 = new gcp.compute.ForwardingRule(\"fr_udp500\", {\n name: \"basic-test-fr500\",\n ipProtocol: \"UDP\",\n portRange: \"500\",\n ipAddress: vpnStaticIp.address,\n target: targetGateway.id,\n});\nconst frUdp4500 = new gcp.compute.ForwardingRule(\"fr_udp4500\", {\n name: \"basic-test-fr4500\",\n ipProtocol: \"UDP\",\n portRange: \"4500\",\n ipAddress: vpnStaticIp.address,\n target: targetGateway.id,\n});\nconst tunnel = new gcp.compute.VPNTunnel(\"tunnel\", {\n name: \"basic-test-tunnel\",\n peerIp: \"15.0.0.120\",\n sharedSecret: \"a secret message\",\n targetVpnGateway: targetGateway.id,\n}, {\n dependsOn: [\n frEsp,\n frUdp500,\n frUdp4500,\n ],\n});\nconst vpn_test = new gcp.networkmanagement.VpcFlowLogsConfig(\"vpn-test\", {\n vpcFlowLogsConfigId: \"basic-test-id\",\n location: \"global\",\n vpnTunnel: pulumi.all([project, tunnel.name]).apply(([project, name]) =\u003e `projects/${project.number}/regions/us-central1/vpnTunnels/${name}`),\n});\nconst route = new gcp.compute.Route(\"route\", {\n name: \"basic-test-route\",\n network: network.name,\n destRange: \"15.0.0.0/24\",\n priority: 1000,\n nextHopVpnTunnel: tunnel.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nnetwork = gcp.compute.Network(\"network\", name=\"basic-test-network\")\ntarget_gateway = gcp.compute.VPNGateway(\"target_gateway\",\n name=\"basic-test-gateway\",\n network=network.id)\nvpn_static_ip = gcp.compute.Address(\"vpn_static_ip\", name=\"basic-test-address\")\nfr_esp = gcp.compute.ForwardingRule(\"fr_esp\",\n name=\"basic-test-fresp\",\n ip_protocol=\"ESP\",\n ip_address=vpn_static_ip.address,\n target=target_gateway.id)\nfr_udp500 = gcp.compute.ForwardingRule(\"fr_udp500\",\n name=\"basic-test-fr500\",\n ip_protocol=\"UDP\",\n port_range=\"500\",\n ip_address=vpn_static_ip.address,\n target=target_gateway.id)\nfr_udp4500 = gcp.compute.ForwardingRule(\"fr_udp4500\",\n name=\"basic-test-fr4500\",\n ip_protocol=\"UDP\",\n port_range=\"4500\",\n ip_address=vpn_static_ip.address,\n target=target_gateway.id)\ntunnel = gcp.compute.VPNTunnel(\"tunnel\",\n name=\"basic-test-tunnel\",\n peer_ip=\"15.0.0.120\",\n shared_secret=\"a secret message\",\n target_vpn_gateway=target_gateway.id,\n opts = pulumi.ResourceOptions(depends_on=[\n fr_esp,\n fr_udp500,\n fr_udp4500,\n ]))\nvpn_test = gcp.networkmanagement.VpcFlowLogsConfig(\"vpn-test\",\n vpc_flow_logs_config_id=\"basic-test-id\",\n location=\"global\",\n vpn_tunnel=tunnel.name.apply(lambda name: f\"projects/{project.number}/regions/us-central1/vpnTunnels/{name}\"))\nroute = gcp.compute.Route(\"route\",\n name=\"basic-test-route\",\n network=network.name,\n dest_range=\"15.0.0.0/24\",\n priority=1000,\n next_hop_vpn_tunnel=tunnel.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"basic-test-network\",\n });\n\n var targetGateway = new Gcp.Compute.VPNGateway(\"target_gateway\", new()\n {\n Name = \"basic-test-gateway\",\n Network = network.Id,\n });\n\n var vpnStaticIp = new Gcp.Compute.Address(\"vpn_static_ip\", new()\n {\n Name = \"basic-test-address\",\n });\n\n var frEsp = new Gcp.Compute.ForwardingRule(\"fr_esp\", new()\n {\n Name = \"basic-test-fresp\",\n IpProtocol = \"ESP\",\n IpAddress = vpnStaticIp.IPAddress,\n Target = targetGateway.Id,\n });\n\n var frUdp500 = new Gcp.Compute.ForwardingRule(\"fr_udp500\", new()\n {\n Name = \"basic-test-fr500\",\n IpProtocol = \"UDP\",\n PortRange = \"500\",\n IpAddress = vpnStaticIp.IPAddress,\n Target = targetGateway.Id,\n });\n\n var frUdp4500 = new Gcp.Compute.ForwardingRule(\"fr_udp4500\", new()\n {\n Name = \"basic-test-fr4500\",\n IpProtocol = \"UDP\",\n PortRange = \"4500\",\n IpAddress = vpnStaticIp.IPAddress,\n Target = targetGateway.Id,\n });\n\n var tunnel = new Gcp.Compute.VPNTunnel(\"tunnel\", new()\n {\n Name = \"basic-test-tunnel\",\n PeerIp = \"15.0.0.120\",\n SharedSecret = \"a secret message\",\n TargetVpnGateway = targetGateway.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n frEsp,\n frUdp500,\n frUdp4500,\n },\n });\n\n var vpn_test = new Gcp.NetworkManagement.VpcFlowLogsConfig(\"vpn-test\", new()\n {\n VpcFlowLogsConfigId = \"basic-test-id\",\n Location = \"global\",\n VpnTunnel = Output.Tuple(project, tunnel.Name).Apply(values =\u003e\n {\n var project = values.Item1;\n var name = values.Item2;\n return $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/regions/us-central1/vpnTunnels/{name}\";\n }),\n });\n\n var route = new Gcp.Compute.Route(\"route\", new()\n {\n Name = \"basic-test-route\",\n Network = network.Name,\n DestRange = \"15.0.0.0/24\",\n Priority = 1000,\n NextHopVpnTunnel = tunnel.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkmanagement\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"basic-test-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttargetGateway, err := compute.NewVPNGateway(ctx, \"target_gateway\", \u0026compute.VPNGatewayArgs{\n\t\t\tName: pulumi.String(\"basic-test-gateway\"),\n\t\t\tNetwork: network.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpnStaticIp, err := compute.NewAddress(ctx, \"vpn_static_ip\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"basic-test-address\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrEsp, err := compute.NewForwardingRule(ctx, \"fr_esp\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"basic-test-fresp\"),\n\t\t\tIpProtocol: pulumi.String(\"ESP\"),\n\t\t\tIpAddress: vpnStaticIp.Address,\n\t\t\tTarget: targetGateway.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrUdp500, err := compute.NewForwardingRule(ctx, \"fr_udp500\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"basic-test-fr500\"),\n\t\t\tIpProtocol: pulumi.String(\"UDP\"),\n\t\t\tPortRange: pulumi.String(\"500\"),\n\t\t\tIpAddress: vpnStaticIp.Address,\n\t\t\tTarget: targetGateway.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrUdp4500, err := compute.NewForwardingRule(ctx, \"fr_udp4500\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"basic-test-fr4500\"),\n\t\t\tIpProtocol: pulumi.String(\"UDP\"),\n\t\t\tPortRange: pulumi.String(\"4500\"),\n\t\t\tIpAddress: vpnStaticIp.Address,\n\t\t\tTarget: targetGateway.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttunnel, err := compute.NewVPNTunnel(ctx, \"tunnel\", \u0026compute.VPNTunnelArgs{\n\t\t\tName: pulumi.String(\"basic-test-tunnel\"),\n\t\t\tPeerIp: pulumi.String(\"15.0.0.120\"),\n\t\t\tSharedSecret: pulumi.String(\"a secret message\"),\n\t\t\tTargetVpnGateway: targetGateway.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfrEsp,\n\t\t\tfrUdp500,\n\t\t\tfrUdp4500,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkmanagement.NewVpcFlowLogsConfig(ctx, \"vpn-test\", \u0026networkmanagement.VpcFlowLogsConfigArgs{\n\t\t\tVpcFlowLogsConfigId: pulumi.String(\"basic-test-id\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tVpnTunnel: tunnel.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/%v/regions/us-central1/vpnTunnels/%v\", project.Number, name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRoute(ctx, \"route\", \u0026compute.RouteArgs{\n\t\t\tName: pulumi.String(\"basic-test-route\"),\n\t\t\tNetwork: network.Name,\n\t\t\tDestRange: pulumi.String(\"15.0.0.0/24\"),\n\t\t\tPriority: pulumi.Int(1000),\n\t\t\tNextHopVpnTunnel: tunnel.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.VPNGateway;\nimport com.pulumi.gcp.compute.VPNGatewayArgs;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.compute.VPNTunnel;\nimport com.pulumi.gcp.compute.VPNTunnelArgs;\nimport com.pulumi.gcp.networkmanagement.VpcFlowLogsConfig;\nimport com.pulumi.gcp.networkmanagement.VpcFlowLogsConfigArgs;\nimport com.pulumi.gcp.compute.Route;\nimport com.pulumi.gcp.compute.RouteArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"basic-test-network\")\n .build());\n\n var targetGateway = new VPNGateway(\"targetGateway\", VPNGatewayArgs.builder()\n .name(\"basic-test-gateway\")\n .network(network.id())\n .build());\n\n var vpnStaticIp = new Address(\"vpnStaticIp\", AddressArgs.builder()\n .name(\"basic-test-address\")\n .build());\n\n var frEsp = new ForwardingRule(\"frEsp\", ForwardingRuleArgs.builder()\n .name(\"basic-test-fresp\")\n .ipProtocol(\"ESP\")\n .ipAddress(vpnStaticIp.address())\n .target(targetGateway.id())\n .build());\n\n var frUdp500 = new ForwardingRule(\"frUdp500\", ForwardingRuleArgs.builder()\n .name(\"basic-test-fr500\")\n .ipProtocol(\"UDP\")\n .portRange(\"500\")\n .ipAddress(vpnStaticIp.address())\n .target(targetGateway.id())\n .build());\n\n var frUdp4500 = new ForwardingRule(\"frUdp4500\", ForwardingRuleArgs.builder()\n .name(\"basic-test-fr4500\")\n .ipProtocol(\"UDP\")\n .portRange(\"4500\")\n .ipAddress(vpnStaticIp.address())\n .target(targetGateway.id())\n .build());\n\n var tunnel = new VPNTunnel(\"tunnel\", VPNTunnelArgs.builder()\n .name(\"basic-test-tunnel\")\n .peerIp(\"15.0.0.120\")\n .sharedSecret(\"a secret message\")\n .targetVpnGateway(targetGateway.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n frEsp,\n frUdp500,\n frUdp4500)\n .build());\n\n var vpn_test = new VpcFlowLogsConfig(\"vpn-test\", VpcFlowLogsConfigArgs.builder()\n .vpcFlowLogsConfigId(\"basic-test-id\")\n .location(\"global\")\n .vpnTunnel(tunnel.name().applyValue(name -\u003e String.format(\"projects/%s/regions/us-central1/vpnTunnels/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number()),name)))\n .build());\n\n var route = new Route(\"route\", RouteArgs.builder()\n .name(\"basic-test-route\")\n .network(network.name())\n .destRange(\"15.0.0.0/24\")\n .priority(1000)\n .nextHopVpnTunnel(tunnel.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n vpn-test:\n type: gcp:networkmanagement:VpcFlowLogsConfig\n properties:\n vpcFlowLogsConfigId: basic-test-id\n location: global\n vpnTunnel: projects/${project.number}/regions/us-central1/vpnTunnels/${tunnel.name}\n tunnel:\n type: gcp:compute:VPNTunnel\n properties:\n name: basic-test-tunnel\n peerIp: 15.0.0.120\n sharedSecret: a secret message\n targetVpnGateway: ${targetGateway.id}\n options:\n dependsOn:\n - ${frEsp}\n - ${frUdp500}\n - ${frUdp4500}\n targetGateway:\n type: gcp:compute:VPNGateway\n name: target_gateway\n properties:\n name: basic-test-gateway\n network: ${network.id}\n network:\n type: gcp:compute:Network\n properties:\n name: basic-test-network\n vpnStaticIp:\n type: gcp:compute:Address\n name: vpn_static_ip\n properties:\n name: basic-test-address\n frEsp:\n type: gcp:compute:ForwardingRule\n name: fr_esp\n properties:\n name: basic-test-fresp\n ipProtocol: ESP\n ipAddress: ${vpnStaticIp.address}\n target: ${targetGateway.id}\n frUdp500:\n type: gcp:compute:ForwardingRule\n name: fr_udp500\n properties:\n name: basic-test-fr500\n ipProtocol: UDP\n portRange: '500'\n ipAddress: ${vpnStaticIp.address}\n target: ${targetGateway.id}\n frUdp4500:\n type: gcp:compute:ForwardingRule\n name: fr_udp4500\n properties:\n name: basic-test-fr4500\n ipProtocol: UDP\n portRange: '4500'\n ipAddress: ${vpnStaticIp.address}\n target: ${targetGateway.id}\n route:\n type: gcp:compute:Route\n properties:\n name: basic-test-route\n network: ${network.name}\n destRange: 15.0.0.0/24\n priority: 1000\n nextHopVpnTunnel: ${tunnel.id}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Management Vpc Flow Logs Config Vpn Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst network = new gcp.compute.Network(\"network\", {name: \"full-test-network\"});\nconst targetGateway = new gcp.compute.VPNGateway(\"target_gateway\", {\n name: \"full-test-gateway\",\n network: network.id,\n});\nconst vpnStaticIp = new gcp.compute.Address(\"vpn_static_ip\", {name: \"full-test-address\"});\nconst frEsp = new gcp.compute.ForwardingRule(\"fr_esp\", {\n name: \"full-test-fresp\",\n ipProtocol: \"ESP\",\n ipAddress: vpnStaticIp.address,\n target: targetGateway.id,\n});\nconst frUdp500 = new gcp.compute.ForwardingRule(\"fr_udp500\", {\n name: \"full-test-fr500\",\n ipProtocol: \"UDP\",\n portRange: \"500\",\n ipAddress: vpnStaticIp.address,\n target: targetGateway.id,\n});\nconst frUdp4500 = new gcp.compute.ForwardingRule(\"fr_udp4500\", {\n name: \"full-test-fr4500\",\n ipProtocol: \"UDP\",\n portRange: \"4500\",\n ipAddress: vpnStaticIp.address,\n target: targetGateway.id,\n});\nconst tunnel = new gcp.compute.VPNTunnel(\"tunnel\", {\n name: \"full-test-tunnel\",\n peerIp: \"15.0.0.120\",\n sharedSecret: \"a secret message\",\n targetVpnGateway: targetGateway.id,\n}, {\n dependsOn: [\n frEsp,\n frUdp500,\n frUdp4500,\n ],\n});\nconst vpn_test = new gcp.networkmanagement.VpcFlowLogsConfig(\"vpn-test\", {\n vpcFlowLogsConfigId: \"full-test-id\",\n location: \"global\",\n vpnTunnel: pulumi.all([project, tunnel.name]).apply(([project, name]) =\u003e `projects/${project.number}/regions/us-central1/vpnTunnels/${name}`),\n state: \"ENABLED\",\n aggregationInterval: \"INTERVAL_5_SEC\",\n description: \"VPC Flow Logs over a VPN Gateway.\",\n flowSampling: 0.5,\n metadata: \"INCLUDE_ALL_METADATA\",\n});\nconst route = new gcp.compute.Route(\"route\", {\n name: \"full-test-route\",\n network: network.name,\n destRange: \"15.0.0.0/24\",\n priority: 1000,\n nextHopVpnTunnel: tunnel.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nnetwork = gcp.compute.Network(\"network\", name=\"full-test-network\")\ntarget_gateway = gcp.compute.VPNGateway(\"target_gateway\",\n name=\"full-test-gateway\",\n network=network.id)\nvpn_static_ip = gcp.compute.Address(\"vpn_static_ip\", name=\"full-test-address\")\nfr_esp = gcp.compute.ForwardingRule(\"fr_esp\",\n name=\"full-test-fresp\",\n ip_protocol=\"ESP\",\n ip_address=vpn_static_ip.address,\n target=target_gateway.id)\nfr_udp500 = gcp.compute.ForwardingRule(\"fr_udp500\",\n name=\"full-test-fr500\",\n ip_protocol=\"UDP\",\n port_range=\"500\",\n ip_address=vpn_static_ip.address,\n target=target_gateway.id)\nfr_udp4500 = gcp.compute.ForwardingRule(\"fr_udp4500\",\n name=\"full-test-fr4500\",\n ip_protocol=\"UDP\",\n port_range=\"4500\",\n ip_address=vpn_static_ip.address,\n target=target_gateway.id)\ntunnel = gcp.compute.VPNTunnel(\"tunnel\",\n name=\"full-test-tunnel\",\n peer_ip=\"15.0.0.120\",\n shared_secret=\"a secret message\",\n target_vpn_gateway=target_gateway.id,\n opts = pulumi.ResourceOptions(depends_on=[\n fr_esp,\n fr_udp500,\n fr_udp4500,\n ]))\nvpn_test = gcp.networkmanagement.VpcFlowLogsConfig(\"vpn-test\",\n vpc_flow_logs_config_id=\"full-test-id\",\n location=\"global\",\n vpn_tunnel=tunnel.name.apply(lambda name: f\"projects/{project.number}/regions/us-central1/vpnTunnels/{name}\"),\n state=\"ENABLED\",\n aggregation_interval=\"INTERVAL_5_SEC\",\n description=\"VPC Flow Logs over a VPN Gateway.\",\n flow_sampling=0.5,\n metadata=\"INCLUDE_ALL_METADATA\")\nroute = gcp.compute.Route(\"route\",\n name=\"full-test-route\",\n network=network.name,\n dest_range=\"15.0.0.0/24\",\n priority=1000,\n next_hop_vpn_tunnel=tunnel.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"full-test-network\",\n });\n\n var targetGateway = new Gcp.Compute.VPNGateway(\"target_gateway\", new()\n {\n Name = \"full-test-gateway\",\n Network = network.Id,\n });\n\n var vpnStaticIp = new Gcp.Compute.Address(\"vpn_static_ip\", new()\n {\n Name = \"full-test-address\",\n });\n\n var frEsp = new Gcp.Compute.ForwardingRule(\"fr_esp\", new()\n {\n Name = \"full-test-fresp\",\n IpProtocol = \"ESP\",\n IpAddress = vpnStaticIp.IPAddress,\n Target = targetGateway.Id,\n });\n\n var frUdp500 = new Gcp.Compute.ForwardingRule(\"fr_udp500\", new()\n {\n Name = \"full-test-fr500\",\n IpProtocol = \"UDP\",\n PortRange = \"500\",\n IpAddress = vpnStaticIp.IPAddress,\n Target = targetGateway.Id,\n });\n\n var frUdp4500 = new Gcp.Compute.ForwardingRule(\"fr_udp4500\", new()\n {\n Name = \"full-test-fr4500\",\n IpProtocol = \"UDP\",\n PortRange = \"4500\",\n IpAddress = vpnStaticIp.IPAddress,\n Target = targetGateway.Id,\n });\n\n var tunnel = new Gcp.Compute.VPNTunnel(\"tunnel\", new()\n {\n Name = \"full-test-tunnel\",\n PeerIp = \"15.0.0.120\",\n SharedSecret = \"a secret message\",\n TargetVpnGateway = targetGateway.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n frEsp,\n frUdp500,\n frUdp4500,\n },\n });\n\n var vpn_test = new Gcp.NetworkManagement.VpcFlowLogsConfig(\"vpn-test\", new()\n {\n VpcFlowLogsConfigId = \"full-test-id\",\n Location = \"global\",\n VpnTunnel = Output.Tuple(project, tunnel.Name).Apply(values =\u003e\n {\n var project = values.Item1;\n var name = values.Item2;\n return $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/regions/us-central1/vpnTunnels/{name}\";\n }),\n State = \"ENABLED\",\n AggregationInterval = \"INTERVAL_5_SEC\",\n Description = \"VPC Flow Logs over a VPN Gateway.\",\n FlowSampling = 0.5,\n Metadata = \"INCLUDE_ALL_METADATA\",\n });\n\n var route = new Gcp.Compute.Route(\"route\", new()\n {\n Name = \"full-test-route\",\n Network = network.Name,\n DestRange = \"15.0.0.0/24\",\n Priority = 1000,\n NextHopVpnTunnel = tunnel.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkmanagement\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"full-test-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttargetGateway, err := compute.NewVPNGateway(ctx, \"target_gateway\", \u0026compute.VPNGatewayArgs{\n\t\t\tName: pulumi.String(\"full-test-gateway\"),\n\t\t\tNetwork: network.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpnStaticIp, err := compute.NewAddress(ctx, \"vpn_static_ip\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"full-test-address\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrEsp, err := compute.NewForwardingRule(ctx, \"fr_esp\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"full-test-fresp\"),\n\t\t\tIpProtocol: pulumi.String(\"ESP\"),\n\t\t\tIpAddress: vpnStaticIp.Address,\n\t\t\tTarget: targetGateway.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrUdp500, err := compute.NewForwardingRule(ctx, \"fr_udp500\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"full-test-fr500\"),\n\t\t\tIpProtocol: pulumi.String(\"UDP\"),\n\t\t\tPortRange: pulumi.String(\"500\"),\n\t\t\tIpAddress: vpnStaticIp.Address,\n\t\t\tTarget: targetGateway.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrUdp4500, err := compute.NewForwardingRule(ctx, \"fr_udp4500\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"full-test-fr4500\"),\n\t\t\tIpProtocol: pulumi.String(\"UDP\"),\n\t\t\tPortRange: pulumi.String(\"4500\"),\n\t\t\tIpAddress: vpnStaticIp.Address,\n\t\t\tTarget: targetGateway.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttunnel, err := compute.NewVPNTunnel(ctx, \"tunnel\", \u0026compute.VPNTunnelArgs{\n\t\t\tName: pulumi.String(\"full-test-tunnel\"),\n\t\t\tPeerIp: pulumi.String(\"15.0.0.120\"),\n\t\t\tSharedSecret: pulumi.String(\"a secret message\"),\n\t\t\tTargetVpnGateway: targetGateway.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfrEsp,\n\t\t\tfrUdp500,\n\t\t\tfrUdp4500,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkmanagement.NewVpcFlowLogsConfig(ctx, \"vpn-test\", \u0026networkmanagement.VpcFlowLogsConfigArgs{\n\t\t\tVpcFlowLogsConfigId: pulumi.String(\"full-test-id\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tVpnTunnel: tunnel.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/%v/regions/us-central1/vpnTunnels/%v\", project.Number, name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tState: pulumi.String(\"ENABLED\"),\n\t\t\tAggregationInterval: pulumi.String(\"INTERVAL_5_SEC\"),\n\t\t\tDescription: pulumi.String(\"VPC Flow Logs over a VPN Gateway.\"),\n\t\t\tFlowSampling: pulumi.Float64(0.5),\n\t\t\tMetadata: pulumi.String(\"INCLUDE_ALL_METADATA\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewRoute(ctx, \"route\", \u0026compute.RouteArgs{\n\t\t\tName: pulumi.String(\"full-test-route\"),\n\t\t\tNetwork: network.Name,\n\t\t\tDestRange: pulumi.String(\"15.0.0.0/24\"),\n\t\t\tPriority: pulumi.Int(1000),\n\t\t\tNextHopVpnTunnel: tunnel.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.VPNGateway;\nimport com.pulumi.gcp.compute.VPNGatewayArgs;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.compute.VPNTunnel;\nimport com.pulumi.gcp.compute.VPNTunnelArgs;\nimport com.pulumi.gcp.networkmanagement.VpcFlowLogsConfig;\nimport com.pulumi.gcp.networkmanagement.VpcFlowLogsConfigArgs;\nimport com.pulumi.gcp.compute.Route;\nimport com.pulumi.gcp.compute.RouteArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"full-test-network\")\n .build());\n\n var targetGateway = new VPNGateway(\"targetGateway\", VPNGatewayArgs.builder()\n .name(\"full-test-gateway\")\n .network(network.id())\n .build());\n\n var vpnStaticIp = new Address(\"vpnStaticIp\", AddressArgs.builder()\n .name(\"full-test-address\")\n .build());\n\n var frEsp = new ForwardingRule(\"frEsp\", ForwardingRuleArgs.builder()\n .name(\"full-test-fresp\")\n .ipProtocol(\"ESP\")\n .ipAddress(vpnStaticIp.address())\n .target(targetGateway.id())\n .build());\n\n var frUdp500 = new ForwardingRule(\"frUdp500\", ForwardingRuleArgs.builder()\n .name(\"full-test-fr500\")\n .ipProtocol(\"UDP\")\n .portRange(\"500\")\n .ipAddress(vpnStaticIp.address())\n .target(targetGateway.id())\n .build());\n\n var frUdp4500 = new ForwardingRule(\"frUdp4500\", ForwardingRuleArgs.builder()\n .name(\"full-test-fr4500\")\n .ipProtocol(\"UDP\")\n .portRange(\"4500\")\n .ipAddress(vpnStaticIp.address())\n .target(targetGateway.id())\n .build());\n\n var tunnel = new VPNTunnel(\"tunnel\", VPNTunnelArgs.builder()\n .name(\"full-test-tunnel\")\n .peerIp(\"15.0.0.120\")\n .sharedSecret(\"a secret message\")\n .targetVpnGateway(targetGateway.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n frEsp,\n frUdp500,\n frUdp4500)\n .build());\n\n var vpn_test = new VpcFlowLogsConfig(\"vpn-test\", VpcFlowLogsConfigArgs.builder()\n .vpcFlowLogsConfigId(\"full-test-id\")\n .location(\"global\")\n .vpnTunnel(tunnel.name().applyValue(name -\u003e String.format(\"projects/%s/regions/us-central1/vpnTunnels/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number()),name)))\n .state(\"ENABLED\")\n .aggregationInterval(\"INTERVAL_5_SEC\")\n .description(\"VPC Flow Logs over a VPN Gateway.\")\n .flowSampling(0.5)\n .metadata(\"INCLUDE_ALL_METADATA\")\n .build());\n\n var route = new Route(\"route\", RouteArgs.builder()\n .name(\"full-test-route\")\n .network(network.name())\n .destRange(\"15.0.0.0/24\")\n .priority(1000)\n .nextHopVpnTunnel(tunnel.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n vpn-test:\n type: gcp:networkmanagement:VpcFlowLogsConfig\n properties:\n vpcFlowLogsConfigId: full-test-id\n location: global\n vpnTunnel: projects/${project.number}/regions/us-central1/vpnTunnels/${tunnel.name}\n state: ENABLED\n aggregationInterval: INTERVAL_5_SEC\n description: VPC Flow Logs over a VPN Gateway.\n flowSampling: 0.5\n metadata: INCLUDE_ALL_METADATA\n tunnel:\n type: gcp:compute:VPNTunnel\n properties:\n name: full-test-tunnel\n peerIp: 15.0.0.120\n sharedSecret: a secret message\n targetVpnGateway: ${targetGateway.id}\n options:\n dependsOn:\n - ${frEsp}\n - ${frUdp500}\n - ${frUdp4500}\n targetGateway:\n type: gcp:compute:VPNGateway\n name: target_gateway\n properties:\n name: full-test-gateway\n network: ${network.id}\n network:\n type: gcp:compute:Network\n properties:\n name: full-test-network\n vpnStaticIp:\n type: gcp:compute:Address\n name: vpn_static_ip\n properties:\n name: full-test-address\n frEsp:\n type: gcp:compute:ForwardingRule\n name: fr_esp\n properties:\n name: full-test-fresp\n ipProtocol: ESP\n ipAddress: ${vpnStaticIp.address}\n target: ${targetGateway.id}\n frUdp500:\n type: gcp:compute:ForwardingRule\n name: fr_udp500\n properties:\n name: full-test-fr500\n ipProtocol: UDP\n portRange: '500'\n ipAddress: ${vpnStaticIp.address}\n target: ${targetGateway.id}\n frUdp4500:\n type: gcp:compute:ForwardingRule\n name: fr_udp4500\n properties:\n name: full-test-fr4500\n ipProtocol: UDP\n portRange: '4500'\n ipAddress: ${vpnStaticIp.address}\n target: ${targetGateway.id}\n route:\n type: gcp:compute:Route\n properties:\n name: full-test-route\n network: ${network.name}\n destRange: 15.0.0.0/24\n priority: 1000\n nextHopVpnTunnel: ${tunnel.id}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nVpcFlowLogsConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/vpcFlowLogsConfigs/{{vpc_flow_logs_config_id}}`\n\n* `{{project}}/{{location}}/{{vpc_flow_logs_config_id}}`\n\n* `{{location}}/{{vpc_flow_logs_config_id}}`\n\nWhen using the `pulumi import` command, VpcFlowLogsConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:networkmanagement/vpcFlowLogsConfig:VpcFlowLogsConfig default projects/{{project}}/locations/{{location}}/vpcFlowLogsConfigs/{{vpc_flow_logs_config_id}}\n```\n\n```sh\n$ pulumi import gcp:networkmanagement/vpcFlowLogsConfig:VpcFlowLogsConfig default {{project}}/{{location}}/{{vpc_flow_logs_config_id}}\n```\n\n```sh\n$ pulumi import gcp:networkmanagement/vpcFlowLogsConfig:VpcFlowLogsConfig default {{location}}/{{vpc_flow_logs_config_id}}\n```\n\n", "properties": { "aggregationInterval": { "type": "string", @@ -242987,7 +242987,7 @@ } }, "gcp:networksecurity/gatewaySecurityPolicy:GatewaySecurityPolicy": { - "description": "The GatewaySecurityPolicy resource contains a collection of GatewaySecurityPolicyRules and associated metadata.\n\n\nTo get more information about GatewaySecurityPolicy, see:\n\n* [API documentation](https://cloud.google.com/secure-web-proxy/docs/reference/network-security/rest/v1/projects.locations.gatewaySecurityPolicies)\n\n## Example Usage\n\n### Network Security Gateway Security Policy Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.networksecurity.GatewaySecurityPolicy(\"default\", {\n name: \"my-gateway-security-policy\",\n location: \"us-central1\",\n description: \"my description\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.networksecurity.GatewaySecurityPolicy(\"default\",\n name=\"my-gateway-security-policy\",\n location=\"us-central1\",\n description=\"my description\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.NetworkSecurity.GatewaySecurityPolicy(\"default\", new()\n {\n Name = \"my-gateway-security-policy\",\n Location = \"us-central1\",\n Description = \"my description\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := networksecurity.NewGatewaySecurityPolicy(ctx, \"default\", \u0026networksecurity.GatewaySecurityPolicyArgs{\n\t\t\tName: pulumi.String(\"my-gateway-security-policy\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"my description\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.networksecurity.GatewaySecurityPolicy;\nimport com.pulumi.gcp.networksecurity.GatewaySecurityPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new GatewaySecurityPolicy(\"default\", GatewaySecurityPolicyArgs.builder()\n .name(\"my-gateway-security-policy\")\n .location(\"us-central1\")\n .description(\"my description\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:networksecurity:GatewaySecurityPolicy\n properties:\n name: my-gateway-security-policy\n location: us-central1\n description: my description\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Security Gateway Security Policy Tls Inspection Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.certificateauthority.CaPool(\"default\", {\n name: \"my-basic-ca-pool\",\n location: \"us-central1\",\n tier: \"DEVOPS\",\n publishingOptions: {\n publishCaCert: false,\n publishCrl: false,\n },\n issuancePolicy: {\n maximumLifetime: \"1209600s\",\n baselineValues: {\n caOptions: {\n isCa: false,\n },\n keyUsage: {\n baseKeyUsage: {},\n extendedKeyUsage: {\n serverAuth: true,\n },\n },\n },\n },\n});\nconst defaultAuthority = new gcp.certificateauthority.Authority(\"default\", {\n pool: _default.name,\n certificateAuthorityId: \"my-basic-certificate-authority\",\n location: \"us-central1\",\n lifetime: \"86400s\",\n type: \"SELF_SIGNED\",\n deletionProtection: false,\n skipGracePeriod: true,\n ignoreActiveCertificatesOnDeletion: true,\n config: {\n subjectConfig: {\n subject: {\n organization: \"Test LLC\",\n commonName: \"my-ca\",\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {\n serverAuth: false,\n },\n },\n },\n },\n keySpec: {\n algorithm: \"RSA_PKCS1_4096_SHA256\",\n },\n});\nconst project = gcp.organizations.getProject({});\nconst tlsInspectionPermission = new gcp.certificateauthority.CaPoolIamMember(\"tls_inspection_permission\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-networksecurity.iam.gserviceaccount.com`),\n});\nconst defaultTlsInspectionPolicy = new gcp.networksecurity.TlsInspectionPolicy(\"default\", {\n name: \"my-tls-inspection-policy\",\n location: \"us-central1\",\n caPool: _default.id,\n}, {\n dependsOn: [\n _default,\n defaultAuthority,\n tlsInspectionPermission,\n ],\n});\nconst defaultGatewaySecurityPolicy = new gcp.networksecurity.GatewaySecurityPolicy(\"default\", {\n name: \"my-gateway-security-policy\",\n location: \"us-central1\",\n description: \"my description\",\n tlsInspectionPolicy: defaultTlsInspectionPolicy.id,\n}, {\n dependsOn: [defaultTlsInspectionPolicy],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.certificateauthority.CaPool(\"default\",\n name=\"my-basic-ca-pool\",\n location=\"us-central1\",\n tier=\"DEVOPS\",\n publishing_options={\n \"publish_ca_cert\": False,\n \"publish_crl\": False,\n },\n issuance_policy={\n \"maximum_lifetime\": \"1209600s\",\n \"baseline_values\": {\n \"ca_options\": {\n \"is_ca\": False,\n },\n \"key_usage\": {\n \"base_key_usage\": {},\n \"extended_key_usage\": {\n \"server_auth\": True,\n },\n },\n },\n })\ndefault_authority = gcp.certificateauthority.Authority(\"default\",\n pool=default.name,\n certificate_authority_id=\"my-basic-certificate-authority\",\n location=\"us-central1\",\n lifetime=\"86400s\",\n type=\"SELF_SIGNED\",\n deletion_protection=False,\n skip_grace_period=True,\n ignore_active_certificates_on_deletion=True,\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"Test LLC\",\n \"common_name\": \"my-ca\",\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {\n \"server_auth\": False,\n },\n },\n },\n },\n key_spec={\n \"algorithm\": \"RSA_PKCS1_4096_SHA256\",\n })\nproject = gcp.organizations.get_project()\ntls_inspection_permission = gcp.certificateauthority.CaPoolIamMember(\"tls_inspection_permission\",\n ca_pool=default.id,\n role=\"roles/privateca.certificateManager\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-networksecurity.iam.gserviceaccount.com\")\ndefault_tls_inspection_policy = gcp.networksecurity.TlsInspectionPolicy(\"default\",\n name=\"my-tls-inspection-policy\",\n location=\"us-central1\",\n ca_pool=default.id,\n opts = pulumi.ResourceOptions(depends_on=[\n default,\n default_authority,\n tls_inspection_permission,\n ]))\ndefault_gateway_security_policy = gcp.networksecurity.GatewaySecurityPolicy(\"default\",\n name=\"my-gateway-security-policy\",\n location=\"us-central1\",\n description=\"my description\",\n tls_inspection_policy=default_tls_inspection_policy.id,\n opts = pulumi.ResourceOptions(depends_on=[default_tls_inspection_policy]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CertificateAuthority.CaPool(\"default\", new()\n {\n Name = \"my-basic-ca-pool\",\n Location = \"us-central1\",\n Tier = \"DEVOPS\",\n PublishingOptions = new Gcp.CertificateAuthority.Inputs.CaPoolPublishingOptionsArgs\n {\n PublishCaCert = false,\n PublishCrl = false,\n },\n IssuancePolicy = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyArgs\n {\n MaximumLifetime = \"1209600s\",\n BaselineValues = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyBaselineValuesArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyBaselineValuesCaOptionsArgs\n {\n IsCa = false,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageArgs\n {\n BaseKeyUsage = null,\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = true,\n },\n },\n },\n },\n });\n\n var defaultAuthority = new Gcp.CertificateAuthority.Authority(\"default\", new()\n {\n Pool = @default.Name,\n CertificateAuthorityId = \"my-basic-certificate-authority\",\n Location = \"us-central1\",\n Lifetime = \"86400s\",\n Type = \"SELF_SIGNED\",\n DeletionProtection = false,\n SkipGracePeriod = true,\n IgnoreActiveCertificatesOnDeletion = true,\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"Test LLC\",\n CommonName = \"my-ca\",\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = false,\n },\n },\n },\n },\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n Algorithm = \"RSA_PKCS1_4096_SHA256\",\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var tlsInspectionPermission = new Gcp.CertificateAuthority.CaPoolIamMember(\"tls_inspection_permission\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-networksecurity.iam.gserviceaccount.com\",\n });\n\n var defaultTlsInspectionPolicy = new Gcp.NetworkSecurity.TlsInspectionPolicy(\"default\", new()\n {\n Name = \"my-tls-inspection-policy\",\n Location = \"us-central1\",\n CaPool = @default.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n defaultAuthority,\n tlsInspectionPermission,\n },\n });\n\n var defaultGatewaySecurityPolicy = new Gcp.NetworkSecurity.GatewaySecurityPolicy(\"default\", new()\n {\n Name = \"my-gateway-security-policy\",\n Location = \"us-central1\",\n Description = \"my description\",\n TlsInspectionPolicy = defaultTlsInspectionPolicy.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n defaultTlsInspectionPolicy,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPool(ctx, \"default\", \u0026certificateauthority.CaPoolArgs{\n\t\t\tName: pulumi.String(\"my-basic-ca-pool\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTier: pulumi.String(\"DEVOPS\"),\n\t\t\tPublishingOptions: \u0026certificateauthority.CaPoolPublishingOptionsArgs{\n\t\t\t\tPublishCaCert: pulumi.Bool(false),\n\t\t\t\tPublishCrl: pulumi.Bool(false),\n\t\t\t},\n\t\t\tIssuancePolicy: \u0026certificateauthority.CaPoolIssuancePolicyArgs{\n\t\t\t\tMaximumLifetime: pulumi.String(\"1209600s\"),\n\t\t\t\tBaselineValues: \u0026certificateauthority.CaPoolIssuancePolicyBaselineValuesArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.CaPoolIssuancePolicyBaselineValuesCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.CaPoolIssuancePolicyBaselineValuesKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.CaPoolIssuancePolicyBaselineValuesKeyUsageBaseKeyUsageArgs{},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultAuthority, err := certificateauthority.NewAuthority(ctx, \"default\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tPool: _default.Name,\n\t\t\tCertificateAuthorityId: pulumi.String(\"my-basic-certificate-authority\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tLifetime: pulumi.String(\"86400s\"),\n\t\t\tType: pulumi.String(\"SELF_SIGNED\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tSkipGracePeriod: pulumi.Bool(true),\n\t\t\tIgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"Test LLC\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-ca\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(false),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_PKCS1_4096_SHA256\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttlsInspectionPermission, err := certificateauthority.NewCaPoolIamMember(ctx, \"tls_inspection_permission\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: _default.ID(),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-networksecurity.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTlsInspectionPolicy, err := networksecurity.NewTlsInspectionPolicy(ctx, \"default\", \u0026networksecurity.TlsInspectionPolicyArgs{\n\t\t\tName: pulumi.String(\"my-tls-inspection-policy\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tCaPool: _default.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t\tdefaultAuthority,\n\t\t\ttlsInspectionPermission,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networksecurity.NewGatewaySecurityPolicy(ctx, \"default\", \u0026networksecurity.GatewaySecurityPolicyArgs{\n\t\t\tName: pulumi.String(\"my-gateway-security-policy\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"my description\"),\n\t\t\tTlsInspectionPolicy: defaultTlsInspectionPolicy.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdefaultTlsInspectionPolicy,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPool;\nimport com.pulumi.gcp.certificateauthority.CaPoolArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolPublishingOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport com.pulumi.gcp.networksecurity.TlsInspectionPolicy;\nimport com.pulumi.gcp.networksecurity.TlsInspectionPolicyArgs;\nimport com.pulumi.gcp.networksecurity.GatewaySecurityPolicy;\nimport com.pulumi.gcp.networksecurity.GatewaySecurityPolicyArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new CaPool(\"default\", CaPoolArgs.builder()\n .name(\"my-basic-ca-pool\")\n .location(\"us-central1\")\n .tier(\"DEVOPS\")\n .publishingOptions(CaPoolPublishingOptionsArgs.builder()\n .publishCaCert(false)\n .publishCrl(false)\n .build())\n .issuancePolicy(CaPoolIssuancePolicyArgs.builder()\n .maximumLifetime(\"1209600s\")\n .baselineValues(CaPoolIssuancePolicyBaselineValuesArgs.builder()\n .caOptions(CaPoolIssuancePolicyBaselineValuesCaOptionsArgs.builder()\n .isCa(false)\n .build())\n .keyUsage(CaPoolIssuancePolicyBaselineValuesKeyUsageArgs.builder()\n .baseKeyUsage()\n .extendedKeyUsage(CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(true)\n .build())\n .build())\n .build())\n .build())\n .build());\n\n var defaultAuthority = new Authority(\"defaultAuthority\", AuthorityArgs.builder()\n .pool(default_.name())\n .certificateAuthorityId(\"my-basic-certificate-authority\")\n .location(\"us-central1\")\n .lifetime(\"86400s\")\n .type(\"SELF_SIGNED\")\n .deletionProtection(false)\n .skipGracePeriod(true)\n .ignoreActiveCertificatesOnDeletion(true)\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"Test LLC\")\n .commonName(\"my-ca\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(false)\n .build())\n .build())\n .build())\n .build())\n .keySpec(AuthorityKeySpecArgs.builder()\n .algorithm(\"RSA_PKCS1_4096_SHA256\")\n .build())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var tlsInspectionPermission = new CaPoolIamMember(\"tlsInspectionPermission\", CaPoolIamMemberArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-networksecurity.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var defaultTlsInspectionPolicy = new TlsInspectionPolicy(\"defaultTlsInspectionPolicy\", TlsInspectionPolicyArgs.builder()\n .name(\"my-tls-inspection-policy\")\n .location(\"us-central1\")\n .caPool(default_.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n default_,\n defaultAuthority,\n tlsInspectionPermission)\n .build());\n\n var defaultGatewaySecurityPolicy = new GatewaySecurityPolicy(\"defaultGatewaySecurityPolicy\", GatewaySecurityPolicyArgs.builder()\n .name(\"my-gateway-security-policy\")\n .location(\"us-central1\")\n .description(\"my description\")\n .tlsInspectionPolicy(defaultTlsInspectionPolicy.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(defaultTlsInspectionPolicy)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificateauthority:CaPool\n properties:\n name: my-basic-ca-pool\n location: us-central1\n tier: DEVOPS\n publishingOptions:\n publishCaCert: false\n publishCrl: false\n issuancePolicy:\n maximumLifetime: 1209600s\n baselineValues:\n caOptions:\n isCa: false\n keyUsage:\n baseKeyUsage: {}\n extendedKeyUsage:\n serverAuth: true\n defaultAuthority:\n type: gcp:certificateauthority:Authority\n name: default\n properties:\n pool: ${default.name}\n certificateAuthorityId: my-basic-certificate-authority\n location: us-central1\n lifetime: 86400s\n type: SELF_SIGNED\n deletionProtection: false\n skipGracePeriod: true\n ignoreActiveCertificatesOnDeletion: true\n config:\n subjectConfig:\n subject:\n organization: Test LLC\n commonName: my-ca\n x509Config:\n caOptions:\n isCa: true\n keyUsage:\n baseKeyUsage:\n certSign: true\n crlSign: true\n extendedKeyUsage:\n serverAuth: false\n keySpec:\n algorithm: RSA_PKCS1_4096_SHA256\n tlsInspectionPermission:\n type: gcp:certificateauthority:CaPoolIamMember\n name: tls_inspection_permission\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: serviceAccount:service-${project.number}@gcp-sa-networksecurity.iam.gserviceaccount.com\n defaultTlsInspectionPolicy:\n type: gcp:networksecurity:TlsInspectionPolicy\n name: default\n properties:\n name: my-tls-inspection-policy\n location: us-central1\n caPool: ${default.id}\n options:\n dependson:\n - ${default}\n - ${defaultAuthority}\n - ${tlsInspectionPermission}\n defaultGatewaySecurityPolicy:\n type: gcp:networksecurity:GatewaySecurityPolicy\n name: default\n properties:\n name: my-gateway-security-policy\n location: us-central1\n description: my description\n tlsInspectionPolicy: ${defaultTlsInspectionPolicy.id}\n options:\n dependson:\n - ${defaultTlsInspectionPolicy}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGatewaySecurityPolicy can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/gatewaySecurityPolicies/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, GatewaySecurityPolicy can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:networksecurity/gatewaySecurityPolicy:GatewaySecurityPolicy default projects/{{project}}/locations/{{location}}/gatewaySecurityPolicies/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networksecurity/gatewaySecurityPolicy:GatewaySecurityPolicy default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networksecurity/gatewaySecurityPolicy:GatewaySecurityPolicy default {{location}}/{{name}}\n```\n\n", + "description": "The GatewaySecurityPolicy resource contains a collection of GatewaySecurityPolicyRules and associated metadata.\n\n\nTo get more information about GatewaySecurityPolicy, see:\n\n* [API documentation](https://cloud.google.com/secure-web-proxy/docs/reference/network-security/rest/v1/projects.locations.gatewaySecurityPolicies)\n\n## Example Usage\n\n### Network Security Gateway Security Policy Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.networksecurity.GatewaySecurityPolicy(\"default\", {\n name: \"my-gateway-security-policy\",\n location: \"us-central1\",\n description: \"my description\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.networksecurity.GatewaySecurityPolicy(\"default\",\n name=\"my-gateway-security-policy\",\n location=\"us-central1\",\n description=\"my description\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.NetworkSecurity.GatewaySecurityPolicy(\"default\", new()\n {\n Name = \"my-gateway-security-policy\",\n Location = \"us-central1\",\n Description = \"my description\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := networksecurity.NewGatewaySecurityPolicy(ctx, \"default\", \u0026networksecurity.GatewaySecurityPolicyArgs{\n\t\t\tName: pulumi.String(\"my-gateway-security-policy\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"my description\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.networksecurity.GatewaySecurityPolicy;\nimport com.pulumi.gcp.networksecurity.GatewaySecurityPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new GatewaySecurityPolicy(\"default\", GatewaySecurityPolicyArgs.builder()\n .name(\"my-gateway-security-policy\")\n .location(\"us-central1\")\n .description(\"my description\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:networksecurity:GatewaySecurityPolicy\n properties:\n name: my-gateway-security-policy\n location: us-central1\n description: my description\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Security Gateway Security Policy Tls Inspection Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.certificateauthority.CaPool(\"default\", {\n name: \"my-basic-ca-pool\",\n location: \"us-central1\",\n tier: \"DEVOPS\",\n publishingOptions: {\n publishCaCert: false,\n publishCrl: false,\n },\n issuancePolicy: {\n maximumLifetime: \"1209600s\",\n baselineValues: {\n caOptions: {\n isCa: false,\n },\n keyUsage: {\n baseKeyUsage: {},\n extendedKeyUsage: {\n serverAuth: true,\n },\n },\n },\n },\n});\nconst defaultAuthority = new gcp.certificateauthority.Authority(\"default\", {\n pool: _default.name,\n certificateAuthorityId: \"my-basic-certificate-authority\",\n location: \"us-central1\",\n lifetime: \"86400s\",\n type: \"SELF_SIGNED\",\n deletionProtection: false,\n skipGracePeriod: true,\n ignoreActiveCertificatesOnDeletion: true,\n config: {\n subjectConfig: {\n subject: {\n organization: \"Test LLC\",\n commonName: \"my-ca\",\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {\n serverAuth: false,\n },\n },\n },\n },\n keySpec: {\n algorithm: \"RSA_PKCS1_4096_SHA256\",\n },\n});\nconst project = gcp.organizations.getProject({});\nconst tlsInspectionPermission = new gcp.certificateauthority.CaPoolIamMember(\"tls_inspection_permission\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-networksecurity.iam.gserviceaccount.com`),\n});\nconst defaultTlsInspectionPolicy = new gcp.networksecurity.TlsInspectionPolicy(\"default\", {\n name: \"my-tls-inspection-policy\",\n location: \"us-central1\",\n caPool: _default.id,\n}, {\n dependsOn: [\n _default,\n defaultAuthority,\n tlsInspectionPermission,\n ],\n});\nconst defaultGatewaySecurityPolicy = new gcp.networksecurity.GatewaySecurityPolicy(\"default\", {\n name: \"my-gateway-security-policy\",\n location: \"us-central1\",\n description: \"my description\",\n tlsInspectionPolicy: defaultTlsInspectionPolicy.id,\n}, {\n dependsOn: [defaultTlsInspectionPolicy],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.certificateauthority.CaPool(\"default\",\n name=\"my-basic-ca-pool\",\n location=\"us-central1\",\n tier=\"DEVOPS\",\n publishing_options={\n \"publish_ca_cert\": False,\n \"publish_crl\": False,\n },\n issuance_policy={\n \"maximum_lifetime\": \"1209600s\",\n \"baseline_values\": {\n \"ca_options\": {\n \"is_ca\": False,\n },\n \"key_usage\": {\n \"base_key_usage\": {},\n \"extended_key_usage\": {\n \"server_auth\": True,\n },\n },\n },\n })\ndefault_authority = gcp.certificateauthority.Authority(\"default\",\n pool=default.name,\n certificate_authority_id=\"my-basic-certificate-authority\",\n location=\"us-central1\",\n lifetime=\"86400s\",\n type=\"SELF_SIGNED\",\n deletion_protection=False,\n skip_grace_period=True,\n ignore_active_certificates_on_deletion=True,\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"Test LLC\",\n \"common_name\": \"my-ca\",\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {\n \"server_auth\": False,\n },\n },\n },\n },\n key_spec={\n \"algorithm\": \"RSA_PKCS1_4096_SHA256\",\n })\nproject = gcp.organizations.get_project()\ntls_inspection_permission = gcp.certificateauthority.CaPoolIamMember(\"tls_inspection_permission\",\n ca_pool=default.id,\n role=\"roles/privateca.certificateManager\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-networksecurity.iam.gserviceaccount.com\")\ndefault_tls_inspection_policy = gcp.networksecurity.TlsInspectionPolicy(\"default\",\n name=\"my-tls-inspection-policy\",\n location=\"us-central1\",\n ca_pool=default.id,\n opts = pulumi.ResourceOptions(depends_on=[\n default,\n default_authority,\n tls_inspection_permission,\n ]))\ndefault_gateway_security_policy = gcp.networksecurity.GatewaySecurityPolicy(\"default\",\n name=\"my-gateway-security-policy\",\n location=\"us-central1\",\n description=\"my description\",\n tls_inspection_policy=default_tls_inspection_policy.id,\n opts = pulumi.ResourceOptions(depends_on=[default_tls_inspection_policy]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CertificateAuthority.CaPool(\"default\", new()\n {\n Name = \"my-basic-ca-pool\",\n Location = \"us-central1\",\n Tier = \"DEVOPS\",\n PublishingOptions = new Gcp.CertificateAuthority.Inputs.CaPoolPublishingOptionsArgs\n {\n PublishCaCert = false,\n PublishCrl = false,\n },\n IssuancePolicy = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyArgs\n {\n MaximumLifetime = \"1209600s\",\n BaselineValues = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyBaselineValuesArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyBaselineValuesCaOptionsArgs\n {\n IsCa = false,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageArgs\n {\n BaseKeyUsage = null,\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = true,\n },\n },\n },\n },\n });\n\n var defaultAuthority = new Gcp.CertificateAuthority.Authority(\"default\", new()\n {\n Pool = @default.Name,\n CertificateAuthorityId = \"my-basic-certificate-authority\",\n Location = \"us-central1\",\n Lifetime = \"86400s\",\n Type = \"SELF_SIGNED\",\n DeletionProtection = false,\n SkipGracePeriod = true,\n IgnoreActiveCertificatesOnDeletion = true,\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"Test LLC\",\n CommonName = \"my-ca\",\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = false,\n },\n },\n },\n },\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n Algorithm = \"RSA_PKCS1_4096_SHA256\",\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var tlsInspectionPermission = new Gcp.CertificateAuthority.CaPoolIamMember(\"tls_inspection_permission\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-networksecurity.iam.gserviceaccount.com\",\n });\n\n var defaultTlsInspectionPolicy = new Gcp.NetworkSecurity.TlsInspectionPolicy(\"default\", new()\n {\n Name = \"my-tls-inspection-policy\",\n Location = \"us-central1\",\n CaPool = @default.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n defaultAuthority,\n tlsInspectionPermission,\n },\n });\n\n var defaultGatewaySecurityPolicy = new Gcp.NetworkSecurity.GatewaySecurityPolicy(\"default\", new()\n {\n Name = \"my-gateway-security-policy\",\n Location = \"us-central1\",\n Description = \"my description\",\n TlsInspectionPolicy = defaultTlsInspectionPolicy.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n defaultTlsInspectionPolicy,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPool(ctx, \"default\", \u0026certificateauthority.CaPoolArgs{\n\t\t\tName: pulumi.String(\"my-basic-ca-pool\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTier: pulumi.String(\"DEVOPS\"),\n\t\t\tPublishingOptions: \u0026certificateauthority.CaPoolPublishingOptionsArgs{\n\t\t\t\tPublishCaCert: pulumi.Bool(false),\n\t\t\t\tPublishCrl: pulumi.Bool(false),\n\t\t\t},\n\t\t\tIssuancePolicy: \u0026certificateauthority.CaPoolIssuancePolicyArgs{\n\t\t\t\tMaximumLifetime: pulumi.String(\"1209600s\"),\n\t\t\t\tBaselineValues: \u0026certificateauthority.CaPoolIssuancePolicyBaselineValuesArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.CaPoolIssuancePolicyBaselineValuesCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.CaPoolIssuancePolicyBaselineValuesKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.CaPoolIssuancePolicyBaselineValuesKeyUsageBaseKeyUsageArgs{},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultAuthority, err := certificateauthority.NewAuthority(ctx, \"default\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tPool: _default.Name,\n\t\t\tCertificateAuthorityId: pulumi.String(\"my-basic-certificate-authority\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tLifetime: pulumi.String(\"86400s\"),\n\t\t\tType: pulumi.String(\"SELF_SIGNED\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tSkipGracePeriod: pulumi.Bool(true),\n\t\t\tIgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"Test LLC\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-ca\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(false),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_PKCS1_4096_SHA256\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttlsInspectionPermission, err := certificateauthority.NewCaPoolIamMember(ctx, \"tls_inspection_permission\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: _default.ID(),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-networksecurity.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTlsInspectionPolicy, err := networksecurity.NewTlsInspectionPolicy(ctx, \"default\", \u0026networksecurity.TlsInspectionPolicyArgs{\n\t\t\tName: pulumi.String(\"my-tls-inspection-policy\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tCaPool: _default.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t\tdefaultAuthority,\n\t\t\ttlsInspectionPermission,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networksecurity.NewGatewaySecurityPolicy(ctx, \"default\", \u0026networksecurity.GatewaySecurityPolicyArgs{\n\t\t\tName: pulumi.String(\"my-gateway-security-policy\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"my description\"),\n\t\t\tTlsInspectionPolicy: defaultTlsInspectionPolicy.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdefaultTlsInspectionPolicy,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPool;\nimport com.pulumi.gcp.certificateauthority.CaPoolArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolPublishingOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport com.pulumi.gcp.networksecurity.TlsInspectionPolicy;\nimport com.pulumi.gcp.networksecurity.TlsInspectionPolicyArgs;\nimport com.pulumi.gcp.networksecurity.GatewaySecurityPolicy;\nimport com.pulumi.gcp.networksecurity.GatewaySecurityPolicyArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new CaPool(\"default\", CaPoolArgs.builder()\n .name(\"my-basic-ca-pool\")\n .location(\"us-central1\")\n .tier(\"DEVOPS\")\n .publishingOptions(CaPoolPublishingOptionsArgs.builder()\n .publishCaCert(false)\n .publishCrl(false)\n .build())\n .issuancePolicy(CaPoolIssuancePolicyArgs.builder()\n .maximumLifetime(\"1209600s\")\n .baselineValues(CaPoolIssuancePolicyBaselineValuesArgs.builder()\n .caOptions(CaPoolIssuancePolicyBaselineValuesCaOptionsArgs.builder()\n .isCa(false)\n .build())\n .keyUsage(CaPoolIssuancePolicyBaselineValuesKeyUsageArgs.builder()\n .baseKeyUsage()\n .extendedKeyUsage(CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(true)\n .build())\n .build())\n .build())\n .build())\n .build());\n\n var defaultAuthority = new Authority(\"defaultAuthority\", AuthorityArgs.builder()\n .pool(default_.name())\n .certificateAuthorityId(\"my-basic-certificate-authority\")\n .location(\"us-central1\")\n .lifetime(\"86400s\")\n .type(\"SELF_SIGNED\")\n .deletionProtection(false)\n .skipGracePeriod(true)\n .ignoreActiveCertificatesOnDeletion(true)\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"Test LLC\")\n .commonName(\"my-ca\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(false)\n .build())\n .build())\n .build())\n .build())\n .keySpec(AuthorityKeySpecArgs.builder()\n .algorithm(\"RSA_PKCS1_4096_SHA256\")\n .build())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var tlsInspectionPermission = new CaPoolIamMember(\"tlsInspectionPermission\", CaPoolIamMemberArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-networksecurity.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var defaultTlsInspectionPolicy = new TlsInspectionPolicy(\"defaultTlsInspectionPolicy\", TlsInspectionPolicyArgs.builder()\n .name(\"my-tls-inspection-policy\")\n .location(\"us-central1\")\n .caPool(default_.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n default_,\n defaultAuthority,\n tlsInspectionPermission)\n .build());\n\n var defaultGatewaySecurityPolicy = new GatewaySecurityPolicy(\"defaultGatewaySecurityPolicy\", GatewaySecurityPolicyArgs.builder()\n .name(\"my-gateway-security-policy\")\n .location(\"us-central1\")\n .description(\"my description\")\n .tlsInspectionPolicy(defaultTlsInspectionPolicy.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(defaultTlsInspectionPolicy)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificateauthority:CaPool\n properties:\n name: my-basic-ca-pool\n location: us-central1\n tier: DEVOPS\n publishingOptions:\n publishCaCert: false\n publishCrl: false\n issuancePolicy:\n maximumLifetime: 1209600s\n baselineValues:\n caOptions:\n isCa: false\n keyUsage:\n baseKeyUsage: {}\n extendedKeyUsage:\n serverAuth: true\n defaultAuthority:\n type: gcp:certificateauthority:Authority\n name: default\n properties:\n pool: ${default.name}\n certificateAuthorityId: my-basic-certificate-authority\n location: us-central1\n lifetime: 86400s\n type: SELF_SIGNED\n deletionProtection: false\n skipGracePeriod: true\n ignoreActiveCertificatesOnDeletion: true\n config:\n subjectConfig:\n subject:\n organization: Test LLC\n commonName: my-ca\n x509Config:\n caOptions:\n isCa: true\n keyUsage:\n baseKeyUsage:\n certSign: true\n crlSign: true\n extendedKeyUsage:\n serverAuth: false\n keySpec:\n algorithm: RSA_PKCS1_4096_SHA256\n tlsInspectionPermission:\n type: gcp:certificateauthority:CaPoolIamMember\n name: tls_inspection_permission\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: serviceAccount:service-${project.number}@gcp-sa-networksecurity.iam.gserviceaccount.com\n defaultTlsInspectionPolicy:\n type: gcp:networksecurity:TlsInspectionPolicy\n name: default\n properties:\n name: my-tls-inspection-policy\n location: us-central1\n caPool: ${default.id}\n options:\n dependsOn:\n - ${default}\n - ${defaultAuthority}\n - ${tlsInspectionPermission}\n defaultGatewaySecurityPolicy:\n type: gcp:networksecurity:GatewaySecurityPolicy\n name: default\n properties:\n name: my-gateway-security-policy\n location: us-central1\n description: my description\n tlsInspectionPolicy: ${defaultTlsInspectionPolicy.id}\n options:\n dependsOn:\n - ${defaultTlsInspectionPolicy}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGatewaySecurityPolicy can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/gatewaySecurityPolicies/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, GatewaySecurityPolicy can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:networksecurity/gatewaySecurityPolicy:GatewaySecurityPolicy default projects/{{project}}/locations/{{location}}/gatewaySecurityPolicies/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networksecurity/gatewaySecurityPolicy:GatewaySecurityPolicy default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networksecurity/gatewaySecurityPolicy:GatewaySecurityPolicy default {{location}}/{{name}}\n```\n\n", "properties": { "createTime": { "type": "string", @@ -243646,7 +243646,7 @@ } }, "gcp:networksecurity/serverTlsPolicy:ServerTlsPolicy": { - "description": "ServerTlsPolicy is a resource that specifies how a server should authenticate incoming requests. This resource itself does not affect configuration unless it is attached to a target HTTPS proxy or endpoint config selector resource.\n\n\nTo get more information about ServerTlsPolicy, see:\n\n* [API documentation](https://cloud.google.com/traffic-director/docs/reference/network-security/rest/v1beta1/projects.locations.serverTlsPolicies)\n\n## Example Usage\n\n### Network Security Server Tls Policy Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.networksecurity.ServerTlsPolicy(\"default\", {\n name: \"my-server-tls-policy\",\n labels: {\n foo: \"bar\",\n },\n description: \"my description\",\n allowOpen: false,\n serverCertificate: {\n certificateProviderInstance: {\n pluginInstance: \"google_cloud_private_spiffe\",\n },\n },\n mtlsPolicy: {\n clientValidationCas: [{\n grpcEndpoint: {\n targetUri: \"unix:mypath\",\n },\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.networksecurity.ServerTlsPolicy(\"default\",\n name=\"my-server-tls-policy\",\n labels={\n \"foo\": \"bar\",\n },\n description=\"my description\",\n allow_open=False,\n server_certificate={\n \"certificate_provider_instance\": {\n \"plugin_instance\": \"google_cloud_private_spiffe\",\n },\n },\n mtls_policy={\n \"client_validation_cas\": [{\n \"grpc_endpoint\": {\n \"target_uri\": \"unix:mypath\",\n },\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.NetworkSecurity.ServerTlsPolicy(\"default\", new()\n {\n Name = \"my-server-tls-policy\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Description = \"my description\",\n AllowOpen = false,\n ServerCertificate = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyServerCertificateArgs\n {\n CertificateProviderInstance = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs\n {\n PluginInstance = \"google_cloud_private_spiffe\",\n },\n },\n MtlsPolicy = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyArgs\n {\n ClientValidationCas = new[]\n {\n new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaArgs\n {\n GrpcEndpoint = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs\n {\n TargetUri = \"unix:mypath\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := networksecurity.NewServerTlsPolicy(ctx, \"default\", \u0026networksecurity.ServerTlsPolicyArgs{\n\t\t\tName: pulumi.String(\"my-server-tls-policy\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"my description\"),\n\t\t\tAllowOpen: pulumi.Bool(false),\n\t\t\tServerCertificate: \u0026networksecurity.ServerTlsPolicyServerCertificateArgs{\n\t\t\t\tCertificateProviderInstance: \u0026networksecurity.ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs{\n\t\t\t\t\tPluginInstance: pulumi.String(\"google_cloud_private_spiffe\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tMtlsPolicy: \u0026networksecurity.ServerTlsPolicyMtlsPolicyArgs{\n\t\t\t\tClientValidationCas: networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaArray{\n\t\t\t\t\t\u0026networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaArgs{\n\t\t\t\t\t\tGrpcEndpoint: \u0026networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs{\n\t\t\t\t\t\t\tTargetUri: pulumi.String(\"unix:mypath\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.networksecurity.ServerTlsPolicy;\nimport com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;\nimport com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyServerCertificateArgs;\nimport com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs;\nimport com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyMtlsPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new ServerTlsPolicy(\"default\", ServerTlsPolicyArgs.builder()\n .name(\"my-server-tls-policy\")\n .labels(Map.of(\"foo\", \"bar\"))\n .description(\"my description\")\n .allowOpen(\"false\")\n .serverCertificate(ServerTlsPolicyServerCertificateArgs.builder()\n .certificateProviderInstance(ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs.builder()\n .pluginInstance(\"google_cloud_private_spiffe\")\n .build())\n .build())\n .mtlsPolicy(ServerTlsPolicyMtlsPolicyArgs.builder()\n .clientValidationCas(ServerTlsPolicyMtlsPolicyClientValidationCaArgs.builder()\n .grpcEndpoint(ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs.builder()\n .targetUri(\"unix:mypath\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:networksecurity:ServerTlsPolicy\n properties:\n name: my-server-tls-policy\n labels:\n foo: bar\n description: my description\n allowOpen: 'false'\n serverCertificate:\n certificateProviderInstance:\n pluginInstance: google_cloud_private_spiffe\n mtlsPolicy:\n clientValidationCas:\n - grpcEndpoint:\n targetUri: unix:mypath\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Security Server Tls Policy Advanced\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.networksecurity.ServerTlsPolicy(\"default\", {\n name: \"my-server-tls-policy\",\n labels: {\n foo: \"bar\",\n },\n description: \"my description\",\n location: \"global\",\n allowOpen: false,\n mtlsPolicy: {\n clientValidationMode: \"ALLOW_INVALID_OR_MISSING_CLIENT_CERT\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.networksecurity.ServerTlsPolicy(\"default\",\n name=\"my-server-tls-policy\",\n labels={\n \"foo\": \"bar\",\n },\n description=\"my description\",\n location=\"global\",\n allow_open=False,\n mtls_policy={\n \"client_validation_mode\": \"ALLOW_INVALID_OR_MISSING_CLIENT_CERT\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.NetworkSecurity.ServerTlsPolicy(\"default\", new()\n {\n Name = \"my-server-tls-policy\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Description = \"my description\",\n Location = \"global\",\n AllowOpen = false,\n MtlsPolicy = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyArgs\n {\n ClientValidationMode = \"ALLOW_INVALID_OR_MISSING_CLIENT_CERT\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := networksecurity.NewServerTlsPolicy(ctx, \"default\", \u0026networksecurity.ServerTlsPolicyArgs{\n\t\t\tName: pulumi.String(\"my-server-tls-policy\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"my description\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tAllowOpen: pulumi.Bool(false),\n\t\t\tMtlsPolicy: \u0026networksecurity.ServerTlsPolicyMtlsPolicyArgs{\n\t\t\t\tClientValidationMode: pulumi.String(\"ALLOW_INVALID_OR_MISSING_CLIENT_CERT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.networksecurity.ServerTlsPolicy;\nimport com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;\nimport com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyMtlsPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new ServerTlsPolicy(\"default\", ServerTlsPolicyArgs.builder()\n .name(\"my-server-tls-policy\")\n .labels(Map.of(\"foo\", \"bar\"))\n .description(\"my description\")\n .location(\"global\")\n .allowOpen(\"false\")\n .mtlsPolicy(ServerTlsPolicyMtlsPolicyArgs.builder()\n .clientValidationMode(\"ALLOW_INVALID_OR_MISSING_CLIENT_CERT\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:networksecurity:ServerTlsPolicy\n properties:\n name: my-server-tls-policy\n labels:\n foo: bar\n description: my description\n location: global\n allowOpen: 'false'\n mtlsPolicy:\n clientValidationMode: ALLOW_INVALID_OR_MISSING_CLIENT_CERT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Security Server Tls Policy Server Cert\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.networksecurity.ServerTlsPolicy(\"default\", {\n name: \"my-server-tls-policy\",\n labels: {\n foo: \"bar\",\n },\n description: \"my description\",\n location: \"global\",\n allowOpen: false,\n serverCertificate: {\n grpcEndpoint: {\n targetUri: \"unix:mypath\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.networksecurity.ServerTlsPolicy(\"default\",\n name=\"my-server-tls-policy\",\n labels={\n \"foo\": \"bar\",\n },\n description=\"my description\",\n location=\"global\",\n allow_open=False,\n server_certificate={\n \"grpc_endpoint\": {\n \"target_uri\": \"unix:mypath\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.NetworkSecurity.ServerTlsPolicy(\"default\", new()\n {\n Name = \"my-server-tls-policy\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Description = \"my description\",\n Location = \"global\",\n AllowOpen = false,\n ServerCertificate = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyServerCertificateArgs\n {\n GrpcEndpoint = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyServerCertificateGrpcEndpointArgs\n {\n TargetUri = \"unix:mypath\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := networksecurity.NewServerTlsPolicy(ctx, \"default\", \u0026networksecurity.ServerTlsPolicyArgs{\n\t\t\tName: pulumi.String(\"my-server-tls-policy\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"my description\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tAllowOpen: pulumi.Bool(false),\n\t\t\tServerCertificate: \u0026networksecurity.ServerTlsPolicyServerCertificateArgs{\n\t\t\t\tGrpcEndpoint: \u0026networksecurity.ServerTlsPolicyServerCertificateGrpcEndpointArgs{\n\t\t\t\t\tTargetUri: pulumi.String(\"unix:mypath\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.networksecurity.ServerTlsPolicy;\nimport com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;\nimport com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyServerCertificateArgs;\nimport com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyServerCertificateGrpcEndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new ServerTlsPolicy(\"default\", ServerTlsPolicyArgs.builder()\n .name(\"my-server-tls-policy\")\n .labels(Map.of(\"foo\", \"bar\"))\n .description(\"my description\")\n .location(\"global\")\n .allowOpen(\"false\")\n .serverCertificate(ServerTlsPolicyServerCertificateArgs.builder()\n .grpcEndpoint(ServerTlsPolicyServerCertificateGrpcEndpointArgs.builder()\n .targetUri(\"unix:mypath\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:networksecurity:ServerTlsPolicy\n properties:\n name: my-server-tls-policy\n labels:\n foo: bar\n description: my description\n location: global\n allowOpen: 'false'\n serverCertificate:\n grpcEndpoint:\n targetUri: unix:mypath\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Security Server Tls Policy Mtls\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst project = gcp.organizations.getProject({});\nconst defaultTrustConfig = new gcp.certificatemanager.TrustConfig(\"default\", {\n name: \"my-trust-config\",\n description: \"sample trust config description\",\n location: \"global\",\n trustStores: [{\n trustAnchors: [{\n pemCertificate: std.file({\n input: \"test-fixtures/ca_cert.pem\",\n }).then(invoke =\u003e invoke.result),\n }],\n intermediateCas: [{\n pemCertificate: std.file({\n input: \"test-fixtures/ca_cert.pem\",\n }).then(invoke =\u003e invoke.result),\n }],\n }],\n labels: {\n foo: \"bar\",\n },\n});\nconst _default = new gcp.networksecurity.ServerTlsPolicy(\"default\", {\n name: \"my-server-tls-policy\",\n description: \"my description\",\n location: \"global\",\n allowOpen: false,\n mtlsPolicy: {\n clientValidationMode: \"REJECT_INVALID\",\n clientValidationTrustConfig: pulumi.all([project, defaultTrustConfig.name]).apply(([project, name]) =\u003e `projects/${project.number}/locations/global/trustConfigs/${name}`),\n },\n labels: {\n foo: \"bar\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nproject = gcp.organizations.get_project()\ndefault_trust_config = gcp.certificatemanager.TrustConfig(\"default\",\n name=\"my-trust-config\",\n description=\"sample trust config description\",\n location=\"global\",\n trust_stores=[{\n \"trust_anchors\": [{\n \"pem_certificate\": std.file(input=\"test-fixtures/ca_cert.pem\").result,\n }],\n \"intermediate_cas\": [{\n \"pem_certificate\": std.file(input=\"test-fixtures/ca_cert.pem\").result,\n }],\n }],\n labels={\n \"foo\": \"bar\",\n })\ndefault = gcp.networksecurity.ServerTlsPolicy(\"default\",\n name=\"my-server-tls-policy\",\n description=\"my description\",\n location=\"global\",\n allow_open=False,\n mtls_policy={\n \"client_validation_mode\": \"REJECT_INVALID\",\n \"client_validation_trust_config\": default_trust_config.name.apply(lambda name: f\"projects/{project.number}/locations/global/trustConfigs/{name}\"),\n },\n labels={\n \"foo\": \"bar\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var defaultTrustConfig = new Gcp.CertificateManager.TrustConfig(\"default\", new()\n {\n Name = \"my-trust-config\",\n Description = \"sample trust config description\",\n Location = \"global\",\n TrustStores = new[]\n {\n new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreArgs\n {\n TrustAnchors = new[]\n {\n new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreTrustAnchorArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/ca_cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n IntermediateCas = new[]\n {\n new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreIntermediateCaArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/ca_cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n },\n },\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n var @default = new Gcp.NetworkSecurity.ServerTlsPolicy(\"default\", new()\n {\n Name = \"my-server-tls-policy\",\n Description = \"my description\",\n Location = \"global\",\n AllowOpen = false,\n MtlsPolicy = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyArgs\n {\n ClientValidationMode = \"REJECT_INVALID\",\n ClientValidationTrustConfig = Output.Tuple(project, defaultTrustConfig.Name).Apply(values =\u003e\n {\n var project = values.Item1;\n var name = values.Item2;\n return $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/locations/global/trustConfigs/{name}\";\n }),\n },\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/ca_cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/ca_cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTrustConfig, err := certificatemanager.NewTrustConfig(ctx, \"default\", \u0026certificatemanager.TrustConfigArgs{\n\t\t\tName: pulumi.String(\"my-trust-config\"),\n\t\t\tDescription: pulumi.String(\"sample trust config description\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tTrustStores: certificatemanager.TrustConfigTrustStoreArray{\n\t\t\t\t\u0026certificatemanager.TrustConfigTrustStoreArgs{\n\t\t\t\t\tTrustAnchors: certificatemanager.TrustConfigTrustStoreTrustAnchorArray{\n\t\t\t\t\t\t\u0026certificatemanager.TrustConfigTrustStoreTrustAnchorArgs{\n\t\t\t\t\t\t\tPemCertificate: pulumi.String(invokeFile.Result),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tIntermediateCas: certificatemanager.TrustConfigTrustStoreIntermediateCaArray{\n\t\t\t\t\t\t\u0026certificatemanager.TrustConfigTrustStoreIntermediateCaArgs{\n\t\t\t\t\t\t\tPemCertificate: pulumi.String(invokeFile1.Result),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networksecurity.NewServerTlsPolicy(ctx, \"default\", \u0026networksecurity.ServerTlsPolicyArgs{\n\t\t\tName: pulumi.String(\"my-server-tls-policy\"),\n\t\t\tDescription: pulumi.String(\"my description\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tAllowOpen: pulumi.Bool(false),\n\t\t\tMtlsPolicy: \u0026networksecurity.ServerTlsPolicyMtlsPolicyArgs{\n\t\t\t\tClientValidationMode: pulumi.String(\"REJECT_INVALID\"),\n\t\t\t\tClientValidationTrustConfig: defaultTrustConfig.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"projects/%v/locations/global/trustConfigs/%v\", project.Number, name), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.certificatemanager.TrustConfig;\nimport com.pulumi.gcp.certificatemanager.TrustConfigArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.TrustConfigTrustStoreArgs;\nimport com.pulumi.gcp.networksecurity.ServerTlsPolicy;\nimport com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;\nimport com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyMtlsPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var defaultTrustConfig = new TrustConfig(\"defaultTrustConfig\", TrustConfigArgs.builder()\n .name(\"my-trust-config\")\n .description(\"sample trust config description\")\n .location(\"global\")\n .trustStores(TrustConfigTrustStoreArgs.builder()\n .trustAnchors(TrustConfigTrustStoreTrustAnchorArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/ca_cert.pem\")\n .build()).result())\n .build())\n .intermediateCas(TrustConfigTrustStoreIntermediateCaArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/ca_cert.pem\")\n .build()).result())\n .build())\n .build())\n .labels(Map.of(\"foo\", \"bar\"))\n .build());\n\n var default_ = new ServerTlsPolicy(\"default\", ServerTlsPolicyArgs.builder()\n .name(\"my-server-tls-policy\")\n .description(\"my description\")\n .location(\"global\")\n .allowOpen(\"false\")\n .mtlsPolicy(ServerTlsPolicyMtlsPolicyArgs.builder()\n .clientValidationMode(\"REJECT_INVALID\")\n .clientValidationTrustConfig(defaultTrustConfig.name().applyValue(name -\u003e String.format(\"projects/%s/locations/global/trustConfigs/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number()),name)))\n .build())\n .labels(Map.of(\"foo\", \"bar\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:networksecurity:ServerTlsPolicy\n properties:\n name: my-server-tls-policy\n description: my description\n location: global\n allowOpen: 'false'\n mtlsPolicy:\n clientValidationMode: REJECT_INVALID\n clientValidationTrustConfig: projects/${project.number}/locations/global/trustConfigs/${defaultTrustConfig.name}\n labels:\n foo: bar\n defaultTrustConfig:\n type: gcp:certificatemanager:TrustConfig\n name: default\n properties:\n name: my-trust-config\n description: sample trust config description\n location: global\n trustStores:\n - trustAnchors:\n - pemCertificate:\n fn::invoke:\n Function: std:file\n Arguments:\n input: test-fixtures/ca_cert.pem\n Return: result\n intermediateCas:\n - pemCertificate:\n fn::invoke:\n Function: std:file\n Arguments:\n input: test-fixtures/ca_cert.pem\n Return: result\n labels:\n foo: bar\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nServerTlsPolicy can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, ServerTlsPolicy can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:networksecurity/serverTlsPolicy:ServerTlsPolicy default projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networksecurity/serverTlsPolicy:ServerTlsPolicy default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networksecurity/serverTlsPolicy:ServerTlsPolicy default {{location}}/{{name}}\n```\n\n", + "description": "ServerTlsPolicy is a resource that specifies how a server should authenticate incoming requests. This resource itself does not affect configuration unless it is attached to a target HTTPS proxy or endpoint config selector resource.\n\n\nTo get more information about ServerTlsPolicy, see:\n\n* [API documentation](https://cloud.google.com/traffic-director/docs/reference/network-security/rest/v1beta1/projects.locations.serverTlsPolicies)\n\n## Example Usage\n\n### Network Security Server Tls Policy Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.networksecurity.ServerTlsPolicy(\"default\", {\n name: \"my-server-tls-policy\",\n labels: {\n foo: \"bar\",\n },\n description: \"my description\",\n allowOpen: false,\n serverCertificate: {\n certificateProviderInstance: {\n pluginInstance: \"google_cloud_private_spiffe\",\n },\n },\n mtlsPolicy: {\n clientValidationCas: [{\n grpcEndpoint: {\n targetUri: \"unix:mypath\",\n },\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.networksecurity.ServerTlsPolicy(\"default\",\n name=\"my-server-tls-policy\",\n labels={\n \"foo\": \"bar\",\n },\n description=\"my description\",\n allow_open=False,\n server_certificate={\n \"certificate_provider_instance\": {\n \"plugin_instance\": \"google_cloud_private_spiffe\",\n },\n },\n mtls_policy={\n \"client_validation_cas\": [{\n \"grpc_endpoint\": {\n \"target_uri\": \"unix:mypath\",\n },\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.NetworkSecurity.ServerTlsPolicy(\"default\", new()\n {\n Name = \"my-server-tls-policy\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Description = \"my description\",\n AllowOpen = false,\n ServerCertificate = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyServerCertificateArgs\n {\n CertificateProviderInstance = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs\n {\n PluginInstance = \"google_cloud_private_spiffe\",\n },\n },\n MtlsPolicy = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyArgs\n {\n ClientValidationCas = new[]\n {\n new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaArgs\n {\n GrpcEndpoint = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs\n {\n TargetUri = \"unix:mypath\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := networksecurity.NewServerTlsPolicy(ctx, \"default\", \u0026networksecurity.ServerTlsPolicyArgs{\n\t\t\tName: pulumi.String(\"my-server-tls-policy\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"my description\"),\n\t\t\tAllowOpen: pulumi.Bool(false),\n\t\t\tServerCertificate: \u0026networksecurity.ServerTlsPolicyServerCertificateArgs{\n\t\t\t\tCertificateProviderInstance: \u0026networksecurity.ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs{\n\t\t\t\t\tPluginInstance: pulumi.String(\"google_cloud_private_spiffe\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tMtlsPolicy: \u0026networksecurity.ServerTlsPolicyMtlsPolicyArgs{\n\t\t\t\tClientValidationCas: networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaArray{\n\t\t\t\t\t\u0026networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaArgs{\n\t\t\t\t\t\tGrpcEndpoint: \u0026networksecurity.ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs{\n\t\t\t\t\t\t\tTargetUri: pulumi.String(\"unix:mypath\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.networksecurity.ServerTlsPolicy;\nimport com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;\nimport com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyServerCertificateArgs;\nimport com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs;\nimport com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyMtlsPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new ServerTlsPolicy(\"default\", ServerTlsPolicyArgs.builder()\n .name(\"my-server-tls-policy\")\n .labels(Map.of(\"foo\", \"bar\"))\n .description(\"my description\")\n .allowOpen(\"false\")\n .serverCertificate(ServerTlsPolicyServerCertificateArgs.builder()\n .certificateProviderInstance(ServerTlsPolicyServerCertificateCertificateProviderInstanceArgs.builder()\n .pluginInstance(\"google_cloud_private_spiffe\")\n .build())\n .build())\n .mtlsPolicy(ServerTlsPolicyMtlsPolicyArgs.builder()\n .clientValidationCas(ServerTlsPolicyMtlsPolicyClientValidationCaArgs.builder()\n .grpcEndpoint(ServerTlsPolicyMtlsPolicyClientValidationCaGrpcEndpointArgs.builder()\n .targetUri(\"unix:mypath\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:networksecurity:ServerTlsPolicy\n properties:\n name: my-server-tls-policy\n labels:\n foo: bar\n description: my description\n allowOpen: 'false'\n serverCertificate:\n certificateProviderInstance:\n pluginInstance: google_cloud_private_spiffe\n mtlsPolicy:\n clientValidationCas:\n - grpcEndpoint:\n targetUri: unix:mypath\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Security Server Tls Policy Advanced\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.networksecurity.ServerTlsPolicy(\"default\", {\n name: \"my-server-tls-policy\",\n labels: {\n foo: \"bar\",\n },\n description: \"my description\",\n location: \"global\",\n allowOpen: false,\n mtlsPolicy: {\n clientValidationMode: \"ALLOW_INVALID_OR_MISSING_CLIENT_CERT\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.networksecurity.ServerTlsPolicy(\"default\",\n name=\"my-server-tls-policy\",\n labels={\n \"foo\": \"bar\",\n },\n description=\"my description\",\n location=\"global\",\n allow_open=False,\n mtls_policy={\n \"client_validation_mode\": \"ALLOW_INVALID_OR_MISSING_CLIENT_CERT\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.NetworkSecurity.ServerTlsPolicy(\"default\", new()\n {\n Name = \"my-server-tls-policy\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Description = \"my description\",\n Location = \"global\",\n AllowOpen = false,\n MtlsPolicy = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyArgs\n {\n ClientValidationMode = \"ALLOW_INVALID_OR_MISSING_CLIENT_CERT\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := networksecurity.NewServerTlsPolicy(ctx, \"default\", \u0026networksecurity.ServerTlsPolicyArgs{\n\t\t\tName: pulumi.String(\"my-server-tls-policy\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"my description\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tAllowOpen: pulumi.Bool(false),\n\t\t\tMtlsPolicy: \u0026networksecurity.ServerTlsPolicyMtlsPolicyArgs{\n\t\t\t\tClientValidationMode: pulumi.String(\"ALLOW_INVALID_OR_MISSING_CLIENT_CERT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.networksecurity.ServerTlsPolicy;\nimport com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;\nimport com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyMtlsPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new ServerTlsPolicy(\"default\", ServerTlsPolicyArgs.builder()\n .name(\"my-server-tls-policy\")\n .labels(Map.of(\"foo\", \"bar\"))\n .description(\"my description\")\n .location(\"global\")\n .allowOpen(\"false\")\n .mtlsPolicy(ServerTlsPolicyMtlsPolicyArgs.builder()\n .clientValidationMode(\"ALLOW_INVALID_OR_MISSING_CLIENT_CERT\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:networksecurity:ServerTlsPolicy\n properties:\n name: my-server-tls-policy\n labels:\n foo: bar\n description: my description\n location: global\n allowOpen: 'false'\n mtlsPolicy:\n clientValidationMode: ALLOW_INVALID_OR_MISSING_CLIENT_CERT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Security Server Tls Policy Server Cert\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.networksecurity.ServerTlsPolicy(\"default\", {\n name: \"my-server-tls-policy\",\n labels: {\n foo: \"bar\",\n },\n description: \"my description\",\n location: \"global\",\n allowOpen: false,\n serverCertificate: {\n grpcEndpoint: {\n targetUri: \"unix:mypath\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.networksecurity.ServerTlsPolicy(\"default\",\n name=\"my-server-tls-policy\",\n labels={\n \"foo\": \"bar\",\n },\n description=\"my description\",\n location=\"global\",\n allow_open=False,\n server_certificate={\n \"grpc_endpoint\": {\n \"target_uri\": \"unix:mypath\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.NetworkSecurity.ServerTlsPolicy(\"default\", new()\n {\n Name = \"my-server-tls-policy\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Description = \"my description\",\n Location = \"global\",\n AllowOpen = false,\n ServerCertificate = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyServerCertificateArgs\n {\n GrpcEndpoint = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyServerCertificateGrpcEndpointArgs\n {\n TargetUri = \"unix:mypath\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := networksecurity.NewServerTlsPolicy(ctx, \"default\", \u0026networksecurity.ServerTlsPolicyArgs{\n\t\t\tName: pulumi.String(\"my-server-tls-policy\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"my description\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tAllowOpen: pulumi.Bool(false),\n\t\t\tServerCertificate: \u0026networksecurity.ServerTlsPolicyServerCertificateArgs{\n\t\t\t\tGrpcEndpoint: \u0026networksecurity.ServerTlsPolicyServerCertificateGrpcEndpointArgs{\n\t\t\t\t\tTargetUri: pulumi.String(\"unix:mypath\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.networksecurity.ServerTlsPolicy;\nimport com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;\nimport com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyServerCertificateArgs;\nimport com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyServerCertificateGrpcEndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new ServerTlsPolicy(\"default\", ServerTlsPolicyArgs.builder()\n .name(\"my-server-tls-policy\")\n .labels(Map.of(\"foo\", \"bar\"))\n .description(\"my description\")\n .location(\"global\")\n .allowOpen(\"false\")\n .serverCertificate(ServerTlsPolicyServerCertificateArgs.builder()\n .grpcEndpoint(ServerTlsPolicyServerCertificateGrpcEndpointArgs.builder()\n .targetUri(\"unix:mypath\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:networksecurity:ServerTlsPolicy\n properties:\n name: my-server-tls-policy\n labels:\n foo: bar\n description: my description\n location: global\n allowOpen: 'false'\n serverCertificate:\n grpcEndpoint:\n targetUri: unix:mypath\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Security Server Tls Policy Mtls\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst project = gcp.organizations.getProject({});\nconst defaultTrustConfig = new gcp.certificatemanager.TrustConfig(\"default\", {\n name: \"my-trust-config\",\n description: \"sample trust config description\",\n location: \"global\",\n trustStores: [{\n trustAnchors: [{\n pemCertificate: std.file({\n input: \"test-fixtures/ca_cert.pem\",\n }).then(invoke =\u003e invoke.result),\n }],\n intermediateCas: [{\n pemCertificate: std.file({\n input: \"test-fixtures/ca_cert.pem\",\n }).then(invoke =\u003e invoke.result),\n }],\n }],\n labels: {\n foo: \"bar\",\n },\n});\nconst _default = new gcp.networksecurity.ServerTlsPolicy(\"default\", {\n name: \"my-server-tls-policy\",\n description: \"my description\",\n location: \"global\",\n allowOpen: false,\n mtlsPolicy: {\n clientValidationMode: \"REJECT_INVALID\",\n clientValidationTrustConfig: pulumi.all([project, defaultTrustConfig.name]).apply(([project, name]) =\u003e `projects/${project.number}/locations/global/trustConfigs/${name}`),\n },\n labels: {\n foo: \"bar\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nproject = gcp.organizations.get_project()\ndefault_trust_config = gcp.certificatemanager.TrustConfig(\"default\",\n name=\"my-trust-config\",\n description=\"sample trust config description\",\n location=\"global\",\n trust_stores=[{\n \"trust_anchors\": [{\n \"pem_certificate\": std.file(input=\"test-fixtures/ca_cert.pem\").result,\n }],\n \"intermediate_cas\": [{\n \"pem_certificate\": std.file(input=\"test-fixtures/ca_cert.pem\").result,\n }],\n }],\n labels={\n \"foo\": \"bar\",\n })\ndefault = gcp.networksecurity.ServerTlsPolicy(\"default\",\n name=\"my-server-tls-policy\",\n description=\"my description\",\n location=\"global\",\n allow_open=False,\n mtls_policy={\n \"client_validation_mode\": \"REJECT_INVALID\",\n \"client_validation_trust_config\": default_trust_config.name.apply(lambda name: f\"projects/{project.number}/locations/global/trustConfigs/{name}\"),\n },\n labels={\n \"foo\": \"bar\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var defaultTrustConfig = new Gcp.CertificateManager.TrustConfig(\"default\", new()\n {\n Name = \"my-trust-config\",\n Description = \"sample trust config description\",\n Location = \"global\",\n TrustStores = new[]\n {\n new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreArgs\n {\n TrustAnchors = new[]\n {\n new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreTrustAnchorArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/ca_cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n IntermediateCas = new[]\n {\n new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreIntermediateCaArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/ca_cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n },\n },\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n var @default = new Gcp.NetworkSecurity.ServerTlsPolicy(\"default\", new()\n {\n Name = \"my-server-tls-policy\",\n Description = \"my description\",\n Location = \"global\",\n AllowOpen = false,\n MtlsPolicy = new Gcp.NetworkSecurity.Inputs.ServerTlsPolicyMtlsPolicyArgs\n {\n ClientValidationMode = \"REJECT_INVALID\",\n ClientValidationTrustConfig = Output.Tuple(project, defaultTrustConfig.Name).Apply(values =\u003e\n {\n var project = values.Item1;\n var name = values.Item2;\n return $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/locations/global/trustConfigs/{name}\";\n }),\n },\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/ca_cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/ca_cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTrustConfig, err := certificatemanager.NewTrustConfig(ctx, \"default\", \u0026certificatemanager.TrustConfigArgs{\n\t\t\tName: pulumi.String(\"my-trust-config\"),\n\t\t\tDescription: pulumi.String(\"sample trust config description\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tTrustStores: certificatemanager.TrustConfigTrustStoreArray{\n\t\t\t\t\u0026certificatemanager.TrustConfigTrustStoreArgs{\n\t\t\t\t\tTrustAnchors: certificatemanager.TrustConfigTrustStoreTrustAnchorArray{\n\t\t\t\t\t\t\u0026certificatemanager.TrustConfigTrustStoreTrustAnchorArgs{\n\t\t\t\t\t\t\tPemCertificate: pulumi.String(invokeFile.Result),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tIntermediateCas: certificatemanager.TrustConfigTrustStoreIntermediateCaArray{\n\t\t\t\t\t\t\u0026certificatemanager.TrustConfigTrustStoreIntermediateCaArgs{\n\t\t\t\t\t\t\tPemCertificate: pulumi.String(invokeFile1.Result),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networksecurity.NewServerTlsPolicy(ctx, \"default\", \u0026networksecurity.ServerTlsPolicyArgs{\n\t\t\tName: pulumi.String(\"my-server-tls-policy\"),\n\t\t\tDescription: pulumi.String(\"my description\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tAllowOpen: pulumi.Bool(false),\n\t\t\tMtlsPolicy: \u0026networksecurity.ServerTlsPolicyMtlsPolicyArgs{\n\t\t\t\tClientValidationMode: pulumi.String(\"REJECT_INVALID\"),\n\t\t\t\tClientValidationTrustConfig: defaultTrustConfig.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"projects/%v/locations/global/trustConfigs/%v\", project.Number, name), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.certificatemanager.TrustConfig;\nimport com.pulumi.gcp.certificatemanager.TrustConfigArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.TrustConfigTrustStoreArgs;\nimport com.pulumi.gcp.networksecurity.ServerTlsPolicy;\nimport com.pulumi.gcp.networksecurity.ServerTlsPolicyArgs;\nimport com.pulumi.gcp.networksecurity.inputs.ServerTlsPolicyMtlsPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var defaultTrustConfig = new TrustConfig(\"defaultTrustConfig\", TrustConfigArgs.builder()\n .name(\"my-trust-config\")\n .description(\"sample trust config description\")\n .location(\"global\")\n .trustStores(TrustConfigTrustStoreArgs.builder()\n .trustAnchors(TrustConfigTrustStoreTrustAnchorArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/ca_cert.pem\")\n .build()).result())\n .build())\n .intermediateCas(TrustConfigTrustStoreIntermediateCaArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/ca_cert.pem\")\n .build()).result())\n .build())\n .build())\n .labels(Map.of(\"foo\", \"bar\"))\n .build());\n\n var default_ = new ServerTlsPolicy(\"default\", ServerTlsPolicyArgs.builder()\n .name(\"my-server-tls-policy\")\n .description(\"my description\")\n .location(\"global\")\n .allowOpen(\"false\")\n .mtlsPolicy(ServerTlsPolicyMtlsPolicyArgs.builder()\n .clientValidationMode(\"REJECT_INVALID\")\n .clientValidationTrustConfig(defaultTrustConfig.name().applyValue(name -\u003e String.format(\"projects/%s/locations/global/trustConfigs/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number()),name)))\n .build())\n .labels(Map.of(\"foo\", \"bar\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:networksecurity:ServerTlsPolicy\n properties:\n name: my-server-tls-policy\n description: my description\n location: global\n allowOpen: 'false'\n mtlsPolicy:\n clientValidationMode: REJECT_INVALID\n clientValidationTrustConfig: projects/${project.number}/locations/global/trustConfigs/${defaultTrustConfig.name}\n labels:\n foo: bar\n defaultTrustConfig:\n type: gcp:certificatemanager:TrustConfig\n name: default\n properties:\n name: my-trust-config\n description: sample trust config description\n location: global\n trustStores:\n - trustAnchors:\n - pemCertificate:\n fn::invoke:\n function: std:file\n arguments:\n input: test-fixtures/ca_cert.pem\n return: result\n intermediateCas:\n - pemCertificate:\n fn::invoke:\n function: std:file\n arguments:\n input: test-fixtures/ca_cert.pem\n return: result\n labels:\n foo: bar\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nServerTlsPolicy can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, ServerTlsPolicy can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:networksecurity/serverTlsPolicy:ServerTlsPolicy default projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networksecurity/serverTlsPolicy:ServerTlsPolicy default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networksecurity/serverTlsPolicy:ServerTlsPolicy default {{location}}/{{name}}\n```\n\n", "properties": { "allowOpen": { "type": "boolean", @@ -243824,7 +243824,7 @@ } }, "gcp:networksecurity/tlsInspectionPolicy:TlsInspectionPolicy": { - "description": "The TlsInspectionPolicy resource contains references to CA pools in Certificate Authority Service and associated metadata.\n\n\nTo get more information about TlsInspectionPolicy, see:\n\n* [API documentation](https://cloud.google.com/secure-web-proxy/docs/reference/network-security/rest/v1/projects.locations.tlsInspectionPolicies)\n* How-to Guides\n * [Use TlsInspectionPolicy](https://cloud.google.com/secure-web-proxy/docs/tls-inspection-overview)\n\n## Example Usage\n\n### Network Security Tls Inspection Policy Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.certificateauthority.CaPool(\"default\", {\n name: \"my-basic-ca-pool\",\n location: \"us-central1\",\n tier: \"DEVOPS\",\n publishingOptions: {\n publishCaCert: false,\n publishCrl: false,\n },\n issuancePolicy: {\n maximumLifetime: \"1209600s\",\n baselineValues: {\n caOptions: {\n isCa: false,\n },\n keyUsage: {\n baseKeyUsage: {},\n extendedKeyUsage: {\n serverAuth: true,\n },\n },\n },\n },\n});\nconst defaultAuthority = new gcp.certificateauthority.Authority(\"default\", {\n pool: _default.name,\n certificateAuthorityId: \"my-basic-certificate-authority\",\n location: \"us-central1\",\n lifetime: \"86400s\",\n type: \"SELF_SIGNED\",\n deletionProtection: false,\n skipGracePeriod: true,\n ignoreActiveCertificatesOnDeletion: true,\n config: {\n subjectConfig: {\n subject: {\n organization: \"Test LLC\",\n commonName: \"my-ca\",\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {\n serverAuth: false,\n },\n },\n },\n },\n keySpec: {\n algorithm: \"RSA_PKCS1_4096_SHA256\",\n },\n});\nconst project = gcp.organizations.getProject({});\nconst tlsInspectionPermission = new gcp.certificateauthority.CaPoolIamMember(\"tls_inspection_permission\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-networksecurity.iam.gserviceaccount.com`),\n});\nconst defaultTlsInspectionPolicy = new gcp.networksecurity.TlsInspectionPolicy(\"default\", {\n name: \"my-tls-inspection-policy\",\n location: \"us-central1\",\n caPool: _default.id,\n excludePublicCaSet: false,\n}, {\n dependsOn: [\n _default,\n defaultAuthority,\n tlsInspectionPermission,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.certificateauthority.CaPool(\"default\",\n name=\"my-basic-ca-pool\",\n location=\"us-central1\",\n tier=\"DEVOPS\",\n publishing_options={\n \"publish_ca_cert\": False,\n \"publish_crl\": False,\n },\n issuance_policy={\n \"maximum_lifetime\": \"1209600s\",\n \"baseline_values\": {\n \"ca_options\": {\n \"is_ca\": False,\n },\n \"key_usage\": {\n \"base_key_usage\": {},\n \"extended_key_usage\": {\n \"server_auth\": True,\n },\n },\n },\n })\ndefault_authority = gcp.certificateauthority.Authority(\"default\",\n pool=default.name,\n certificate_authority_id=\"my-basic-certificate-authority\",\n location=\"us-central1\",\n lifetime=\"86400s\",\n type=\"SELF_SIGNED\",\n deletion_protection=False,\n skip_grace_period=True,\n ignore_active_certificates_on_deletion=True,\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"Test LLC\",\n \"common_name\": \"my-ca\",\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {\n \"server_auth\": False,\n },\n },\n },\n },\n key_spec={\n \"algorithm\": \"RSA_PKCS1_4096_SHA256\",\n })\nproject = gcp.organizations.get_project()\ntls_inspection_permission = gcp.certificateauthority.CaPoolIamMember(\"tls_inspection_permission\",\n ca_pool=default.id,\n role=\"roles/privateca.certificateManager\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-networksecurity.iam.gserviceaccount.com\")\ndefault_tls_inspection_policy = gcp.networksecurity.TlsInspectionPolicy(\"default\",\n name=\"my-tls-inspection-policy\",\n location=\"us-central1\",\n ca_pool=default.id,\n exclude_public_ca_set=False,\n opts = pulumi.ResourceOptions(depends_on=[\n default,\n default_authority,\n tls_inspection_permission,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CertificateAuthority.CaPool(\"default\", new()\n {\n Name = \"my-basic-ca-pool\",\n Location = \"us-central1\",\n Tier = \"DEVOPS\",\n PublishingOptions = new Gcp.CertificateAuthority.Inputs.CaPoolPublishingOptionsArgs\n {\n PublishCaCert = false,\n PublishCrl = false,\n },\n IssuancePolicy = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyArgs\n {\n MaximumLifetime = \"1209600s\",\n BaselineValues = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyBaselineValuesArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyBaselineValuesCaOptionsArgs\n {\n IsCa = false,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageArgs\n {\n BaseKeyUsage = null,\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = true,\n },\n },\n },\n },\n });\n\n var defaultAuthority = new Gcp.CertificateAuthority.Authority(\"default\", new()\n {\n Pool = @default.Name,\n CertificateAuthorityId = \"my-basic-certificate-authority\",\n Location = \"us-central1\",\n Lifetime = \"86400s\",\n Type = \"SELF_SIGNED\",\n DeletionProtection = false,\n SkipGracePeriod = true,\n IgnoreActiveCertificatesOnDeletion = true,\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"Test LLC\",\n CommonName = \"my-ca\",\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = false,\n },\n },\n },\n },\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n Algorithm = \"RSA_PKCS1_4096_SHA256\",\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var tlsInspectionPermission = new Gcp.CertificateAuthority.CaPoolIamMember(\"tls_inspection_permission\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-networksecurity.iam.gserviceaccount.com\",\n });\n\n var defaultTlsInspectionPolicy = new Gcp.NetworkSecurity.TlsInspectionPolicy(\"default\", new()\n {\n Name = \"my-tls-inspection-policy\",\n Location = \"us-central1\",\n CaPool = @default.Id,\n ExcludePublicCaSet = false,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n defaultAuthority,\n tlsInspectionPermission,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPool(ctx, \"default\", \u0026certificateauthority.CaPoolArgs{\n\t\t\tName: pulumi.String(\"my-basic-ca-pool\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTier: pulumi.String(\"DEVOPS\"),\n\t\t\tPublishingOptions: \u0026certificateauthority.CaPoolPublishingOptionsArgs{\n\t\t\t\tPublishCaCert: pulumi.Bool(false),\n\t\t\t\tPublishCrl: pulumi.Bool(false),\n\t\t\t},\n\t\t\tIssuancePolicy: \u0026certificateauthority.CaPoolIssuancePolicyArgs{\n\t\t\t\tMaximumLifetime: pulumi.String(\"1209600s\"),\n\t\t\t\tBaselineValues: \u0026certificateauthority.CaPoolIssuancePolicyBaselineValuesArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.CaPoolIssuancePolicyBaselineValuesCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.CaPoolIssuancePolicyBaselineValuesKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.CaPoolIssuancePolicyBaselineValuesKeyUsageBaseKeyUsageArgs{},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultAuthority, err := certificateauthority.NewAuthority(ctx, \"default\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tPool: _default.Name,\n\t\t\tCertificateAuthorityId: pulumi.String(\"my-basic-certificate-authority\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tLifetime: pulumi.String(\"86400s\"),\n\t\t\tType: pulumi.String(\"SELF_SIGNED\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tSkipGracePeriod: pulumi.Bool(true),\n\t\t\tIgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"Test LLC\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-ca\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(false),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_PKCS1_4096_SHA256\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttlsInspectionPermission, err := certificateauthority.NewCaPoolIamMember(ctx, \"tls_inspection_permission\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: _default.ID(),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-networksecurity.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networksecurity.NewTlsInspectionPolicy(ctx, \"default\", \u0026networksecurity.TlsInspectionPolicyArgs{\n\t\t\tName: pulumi.String(\"my-tls-inspection-policy\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tCaPool: _default.ID(),\n\t\t\tExcludePublicCaSet: pulumi.Bool(false),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t\tdefaultAuthority,\n\t\t\ttlsInspectionPermission,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPool;\nimport com.pulumi.gcp.certificateauthority.CaPoolArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolPublishingOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport com.pulumi.gcp.networksecurity.TlsInspectionPolicy;\nimport com.pulumi.gcp.networksecurity.TlsInspectionPolicyArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new CaPool(\"default\", CaPoolArgs.builder()\n .name(\"my-basic-ca-pool\")\n .location(\"us-central1\")\n .tier(\"DEVOPS\")\n .publishingOptions(CaPoolPublishingOptionsArgs.builder()\n .publishCaCert(false)\n .publishCrl(false)\n .build())\n .issuancePolicy(CaPoolIssuancePolicyArgs.builder()\n .maximumLifetime(\"1209600s\")\n .baselineValues(CaPoolIssuancePolicyBaselineValuesArgs.builder()\n .caOptions(CaPoolIssuancePolicyBaselineValuesCaOptionsArgs.builder()\n .isCa(false)\n .build())\n .keyUsage(CaPoolIssuancePolicyBaselineValuesKeyUsageArgs.builder()\n .baseKeyUsage()\n .extendedKeyUsage(CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(true)\n .build())\n .build())\n .build())\n .build())\n .build());\n\n var defaultAuthority = new Authority(\"defaultAuthority\", AuthorityArgs.builder()\n .pool(default_.name())\n .certificateAuthorityId(\"my-basic-certificate-authority\")\n .location(\"us-central1\")\n .lifetime(\"86400s\")\n .type(\"SELF_SIGNED\")\n .deletionProtection(false)\n .skipGracePeriod(true)\n .ignoreActiveCertificatesOnDeletion(true)\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"Test LLC\")\n .commonName(\"my-ca\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(false)\n .build())\n .build())\n .build())\n .build())\n .keySpec(AuthorityKeySpecArgs.builder()\n .algorithm(\"RSA_PKCS1_4096_SHA256\")\n .build())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var tlsInspectionPermission = new CaPoolIamMember(\"tlsInspectionPermission\", CaPoolIamMemberArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-networksecurity.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var defaultTlsInspectionPolicy = new TlsInspectionPolicy(\"defaultTlsInspectionPolicy\", TlsInspectionPolicyArgs.builder()\n .name(\"my-tls-inspection-policy\")\n .location(\"us-central1\")\n .caPool(default_.id())\n .excludePublicCaSet(false)\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n default_,\n defaultAuthority,\n tlsInspectionPermission)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificateauthority:CaPool\n properties:\n name: my-basic-ca-pool\n location: us-central1\n tier: DEVOPS\n publishingOptions:\n publishCaCert: false\n publishCrl: false\n issuancePolicy:\n maximumLifetime: 1209600s\n baselineValues:\n caOptions:\n isCa: false\n keyUsage:\n baseKeyUsage: {}\n extendedKeyUsage:\n serverAuth: true\n defaultAuthority:\n type: gcp:certificateauthority:Authority\n name: default\n properties:\n pool: ${default.name}\n certificateAuthorityId: my-basic-certificate-authority\n location: us-central1\n lifetime: 86400s\n type: SELF_SIGNED\n deletionProtection: false\n skipGracePeriod: true\n ignoreActiveCertificatesOnDeletion: true\n config:\n subjectConfig:\n subject:\n organization: Test LLC\n commonName: my-ca\n x509Config:\n caOptions:\n isCa: true\n keyUsage:\n baseKeyUsage:\n certSign: true\n crlSign: true\n extendedKeyUsage:\n serverAuth: false\n keySpec:\n algorithm: RSA_PKCS1_4096_SHA256\n tlsInspectionPermission:\n type: gcp:certificateauthority:CaPoolIamMember\n name: tls_inspection_permission\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: serviceAccount:service-${project.number}@gcp-sa-networksecurity.iam.gserviceaccount.com\n defaultTlsInspectionPolicy:\n type: gcp:networksecurity:TlsInspectionPolicy\n name: default\n properties:\n name: my-tls-inspection-policy\n location: us-central1\n caPool: ${default.id}\n excludePublicCaSet: false\n options:\n dependson:\n - ${default}\n - ${defaultAuthority}\n - ${tlsInspectionPermission}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Security Tls Inspection Policy Custom\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst _default = new gcp.certificateauthority.CaPool(\"default\", {\n name: \"my-basic-ca-pool\",\n location: \"us-central1\",\n tier: \"DEVOPS\",\n publishingOptions: {\n publishCaCert: false,\n publishCrl: false,\n },\n issuancePolicy: {\n maximumLifetime: \"1209600s\",\n baselineValues: {\n caOptions: {\n isCa: false,\n },\n keyUsage: {\n baseKeyUsage: {},\n extendedKeyUsage: {\n serverAuth: true,\n },\n },\n },\n },\n});\nconst defaultAuthority = new gcp.certificateauthority.Authority(\"default\", {\n pool: _default.name,\n certificateAuthorityId: \"my-basic-certificate-authority\",\n location: \"us-central1\",\n lifetime: \"86400s\",\n type: \"SELF_SIGNED\",\n deletionProtection: false,\n skipGracePeriod: true,\n ignoreActiveCertificatesOnDeletion: true,\n config: {\n subjectConfig: {\n subject: {\n organization: \"Test LLC\",\n commonName: \"my-ca\",\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {\n serverAuth: false,\n },\n },\n },\n },\n keySpec: {\n algorithm: \"RSA_PKCS1_4096_SHA256\",\n },\n});\nconst nsSa = new gcp.projects.ServiceIdentity(\"ns_sa\", {service: \"networksecurity.googleapis.com\"});\nconst defaultCaPoolIamMember = new gcp.certificateauthority.CaPoolIamMember(\"default\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: nsSa.member,\n});\nconst defaultTrustConfig = new gcp.certificatemanager.TrustConfig(\"default\", {\n name: \"my-trust-config\",\n description: \"sample trust config description\",\n location: \"us-central1\",\n trustStores: [{\n trustAnchors: [{\n pemCertificate: std.file({\n input: \"test-fixtures/ca_cert.pem\",\n }).then(invoke =\u003e invoke.result),\n }],\n intermediateCas: [{\n pemCertificate: std.file({\n input: \"test-fixtures/ca_cert.pem\",\n }).then(invoke =\u003e invoke.result),\n }],\n }],\n});\nconst defaultTlsInspectionPolicy = new gcp.networksecurity.TlsInspectionPolicy(\"default\", {\n name: \"my-tls-inspection-policy\",\n location: \"us-central1\",\n caPool: _default.id,\n excludePublicCaSet: false,\n minTlsVersion: \"TLS_1_0\",\n trustConfig: defaultTrustConfig.id,\n tlsFeatureProfile: \"PROFILE_CUSTOM\",\n customTlsFeatures: [\n \"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\",\n \"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\",\n \"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA\",\n \"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384\",\n \"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256\",\n \"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA\",\n \"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\",\n \"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA\",\n \"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\",\n \"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\",\n \"TLS_RSA_WITH_3DES_EDE_CBC_SHA\",\n \"TLS_RSA_WITH_AES_128_CBC_SHA\",\n \"TLS_RSA_WITH_AES_128_GCM_SHA256\",\n \"TLS_RSA_WITH_AES_256_CBC_SHA\",\n \"TLS_RSA_WITH_AES_256_GCM_SHA384\",\n ],\n}, {\n dependsOn: [\n defaultAuthority,\n defaultCaPoolIamMember,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndefault = gcp.certificateauthority.CaPool(\"default\",\n name=\"my-basic-ca-pool\",\n location=\"us-central1\",\n tier=\"DEVOPS\",\n publishing_options={\n \"publish_ca_cert\": False,\n \"publish_crl\": False,\n },\n issuance_policy={\n \"maximum_lifetime\": \"1209600s\",\n \"baseline_values\": {\n \"ca_options\": {\n \"is_ca\": False,\n },\n \"key_usage\": {\n \"base_key_usage\": {},\n \"extended_key_usage\": {\n \"server_auth\": True,\n },\n },\n },\n })\ndefault_authority = gcp.certificateauthority.Authority(\"default\",\n pool=default.name,\n certificate_authority_id=\"my-basic-certificate-authority\",\n location=\"us-central1\",\n lifetime=\"86400s\",\n type=\"SELF_SIGNED\",\n deletion_protection=False,\n skip_grace_period=True,\n ignore_active_certificates_on_deletion=True,\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"Test LLC\",\n \"common_name\": \"my-ca\",\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {\n \"server_auth\": False,\n },\n },\n },\n },\n key_spec={\n \"algorithm\": \"RSA_PKCS1_4096_SHA256\",\n })\nns_sa = gcp.projects.ServiceIdentity(\"ns_sa\", service=\"networksecurity.googleapis.com\")\ndefault_ca_pool_iam_member = gcp.certificateauthority.CaPoolIamMember(\"default\",\n ca_pool=default.id,\n role=\"roles/privateca.certificateManager\",\n member=ns_sa.member)\ndefault_trust_config = gcp.certificatemanager.TrustConfig(\"default\",\n name=\"my-trust-config\",\n description=\"sample trust config description\",\n location=\"us-central1\",\n trust_stores=[{\n \"trust_anchors\": [{\n \"pem_certificate\": std.file(input=\"test-fixtures/ca_cert.pem\").result,\n }],\n \"intermediate_cas\": [{\n \"pem_certificate\": std.file(input=\"test-fixtures/ca_cert.pem\").result,\n }],\n }])\ndefault_tls_inspection_policy = gcp.networksecurity.TlsInspectionPolicy(\"default\",\n name=\"my-tls-inspection-policy\",\n location=\"us-central1\",\n ca_pool=default.id,\n exclude_public_ca_set=False,\n min_tls_version=\"TLS_1_0\",\n trust_config=default_trust_config.id,\n tls_feature_profile=\"PROFILE_CUSTOM\",\n custom_tls_features=[\n \"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\",\n \"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\",\n \"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA\",\n \"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384\",\n \"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256\",\n \"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA\",\n \"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\",\n \"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA\",\n \"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\",\n \"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\",\n \"TLS_RSA_WITH_3DES_EDE_CBC_SHA\",\n \"TLS_RSA_WITH_AES_128_CBC_SHA\",\n \"TLS_RSA_WITH_AES_128_GCM_SHA256\",\n \"TLS_RSA_WITH_AES_256_CBC_SHA\",\n \"TLS_RSA_WITH_AES_256_GCM_SHA384\",\n ],\n opts = pulumi.ResourceOptions(depends_on=[\n default_authority,\n default_ca_pool_iam_member,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CertificateAuthority.CaPool(\"default\", new()\n {\n Name = \"my-basic-ca-pool\",\n Location = \"us-central1\",\n Tier = \"DEVOPS\",\n PublishingOptions = new Gcp.CertificateAuthority.Inputs.CaPoolPublishingOptionsArgs\n {\n PublishCaCert = false,\n PublishCrl = false,\n },\n IssuancePolicy = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyArgs\n {\n MaximumLifetime = \"1209600s\",\n BaselineValues = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyBaselineValuesArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyBaselineValuesCaOptionsArgs\n {\n IsCa = false,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageArgs\n {\n BaseKeyUsage = null,\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = true,\n },\n },\n },\n },\n });\n\n var defaultAuthority = new Gcp.CertificateAuthority.Authority(\"default\", new()\n {\n Pool = @default.Name,\n CertificateAuthorityId = \"my-basic-certificate-authority\",\n Location = \"us-central1\",\n Lifetime = \"86400s\",\n Type = \"SELF_SIGNED\",\n DeletionProtection = false,\n SkipGracePeriod = true,\n IgnoreActiveCertificatesOnDeletion = true,\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"Test LLC\",\n CommonName = \"my-ca\",\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = false,\n },\n },\n },\n },\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n Algorithm = \"RSA_PKCS1_4096_SHA256\",\n },\n });\n\n var nsSa = new Gcp.Projects.ServiceIdentity(\"ns_sa\", new()\n {\n Service = \"networksecurity.googleapis.com\",\n });\n\n var defaultCaPoolIamMember = new Gcp.CertificateAuthority.CaPoolIamMember(\"default\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = nsSa.Member,\n });\n\n var defaultTrustConfig = new Gcp.CertificateManager.TrustConfig(\"default\", new()\n {\n Name = \"my-trust-config\",\n Description = \"sample trust config description\",\n Location = \"us-central1\",\n TrustStores = new[]\n {\n new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreArgs\n {\n TrustAnchors = new[]\n {\n new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreTrustAnchorArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/ca_cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n IntermediateCas = new[]\n {\n new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreIntermediateCaArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/ca_cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n },\n },\n });\n\n var defaultTlsInspectionPolicy = new Gcp.NetworkSecurity.TlsInspectionPolicy(\"default\", new()\n {\n Name = \"my-tls-inspection-policy\",\n Location = \"us-central1\",\n CaPool = @default.Id,\n ExcludePublicCaSet = false,\n MinTlsVersion = \"TLS_1_0\",\n TrustConfig = defaultTrustConfig.Id,\n TlsFeatureProfile = \"PROFILE_CUSTOM\",\n CustomTlsFeatures = new[]\n {\n \"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\",\n \"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\",\n \"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA\",\n \"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384\",\n \"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256\",\n \"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA\",\n \"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\",\n \"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA\",\n \"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\",\n \"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\",\n \"TLS_RSA_WITH_3DES_EDE_CBC_SHA\",\n \"TLS_RSA_WITH_AES_128_CBC_SHA\",\n \"TLS_RSA_WITH_AES_128_GCM_SHA256\",\n \"TLS_RSA_WITH_AES_256_CBC_SHA\",\n \"TLS_RSA_WITH_AES_256_GCM_SHA384\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n defaultAuthority,\n defaultCaPoolIamMember,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPool(ctx, \"default\", \u0026certificateauthority.CaPoolArgs{\n\t\t\tName: pulumi.String(\"my-basic-ca-pool\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTier: pulumi.String(\"DEVOPS\"),\n\t\t\tPublishingOptions: \u0026certificateauthority.CaPoolPublishingOptionsArgs{\n\t\t\t\tPublishCaCert: pulumi.Bool(false),\n\t\t\t\tPublishCrl: pulumi.Bool(false),\n\t\t\t},\n\t\t\tIssuancePolicy: \u0026certificateauthority.CaPoolIssuancePolicyArgs{\n\t\t\t\tMaximumLifetime: pulumi.String(\"1209600s\"),\n\t\t\t\tBaselineValues: \u0026certificateauthority.CaPoolIssuancePolicyBaselineValuesArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.CaPoolIssuancePolicyBaselineValuesCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.CaPoolIssuancePolicyBaselineValuesKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.CaPoolIssuancePolicyBaselineValuesKeyUsageBaseKeyUsageArgs{},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultAuthority, err := certificateauthority.NewAuthority(ctx, \"default\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tPool: _default.Name,\n\t\t\tCertificateAuthorityId: pulumi.String(\"my-basic-certificate-authority\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tLifetime: pulumi.String(\"86400s\"),\n\t\t\tType: pulumi.String(\"SELF_SIGNED\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tSkipGracePeriod: pulumi.Bool(true),\n\t\t\tIgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"Test LLC\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-ca\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(false),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_PKCS1_4096_SHA256\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnsSa, err := projects.NewServiceIdentity(ctx, \"ns_sa\", \u0026projects.ServiceIdentityArgs{\n\t\t\tService: pulumi.String(\"networksecurity.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultCaPoolIamMember, err := certificateauthority.NewCaPoolIamMember(ctx, \"default\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: _default.ID(),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: nsSa.Member,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/ca_cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/ca_cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTrustConfig, err := certificatemanager.NewTrustConfig(ctx, \"default\", \u0026certificatemanager.TrustConfigArgs{\n\t\t\tName: pulumi.String(\"my-trust-config\"),\n\t\t\tDescription: pulumi.String(\"sample trust config description\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTrustStores: certificatemanager.TrustConfigTrustStoreArray{\n\t\t\t\t\u0026certificatemanager.TrustConfigTrustStoreArgs{\n\t\t\t\t\tTrustAnchors: certificatemanager.TrustConfigTrustStoreTrustAnchorArray{\n\t\t\t\t\t\t\u0026certificatemanager.TrustConfigTrustStoreTrustAnchorArgs{\n\t\t\t\t\t\t\tPemCertificate: pulumi.String(invokeFile.Result),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tIntermediateCas: certificatemanager.TrustConfigTrustStoreIntermediateCaArray{\n\t\t\t\t\t\t\u0026certificatemanager.TrustConfigTrustStoreIntermediateCaArgs{\n\t\t\t\t\t\t\tPemCertificate: pulumi.String(invokeFile1.Result),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networksecurity.NewTlsInspectionPolicy(ctx, \"default\", \u0026networksecurity.TlsInspectionPolicyArgs{\n\t\t\tName: pulumi.String(\"my-tls-inspection-policy\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tCaPool: _default.ID(),\n\t\t\tExcludePublicCaSet: pulumi.Bool(false),\n\t\t\tMinTlsVersion: pulumi.String(\"TLS_1_0\"),\n\t\t\tTrustConfig: defaultTrustConfig.ID(),\n\t\t\tTlsFeatureProfile: pulumi.String(\"PROFILE_CUSTOM\"),\n\t\t\tCustomTlsFeatures: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\"),\n\t\t\t\tpulumi.String(\"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\"),\n\t\t\t\tpulumi.String(\"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA\"),\n\t\t\t\tpulumi.String(\"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384\"),\n\t\t\t\tpulumi.String(\"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256\"),\n\t\t\t\tpulumi.String(\"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA\"),\n\t\t\t\tpulumi.String(\"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\"),\n\t\t\t\tpulumi.String(\"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA\"),\n\t\t\t\tpulumi.String(\"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\"),\n\t\t\t\tpulumi.String(\"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"),\n\t\t\t\tpulumi.String(\"TLS_RSA_WITH_3DES_EDE_CBC_SHA\"),\n\t\t\t\tpulumi.String(\"TLS_RSA_WITH_AES_128_CBC_SHA\"),\n\t\t\t\tpulumi.String(\"TLS_RSA_WITH_AES_128_GCM_SHA256\"),\n\t\t\t\tpulumi.String(\"TLS_RSA_WITH_AES_256_CBC_SHA\"),\n\t\t\t\tpulumi.String(\"TLS_RSA_WITH_AES_256_GCM_SHA384\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdefaultAuthority,\n\t\t\tdefaultCaPoolIamMember,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPool;\nimport com.pulumi.gcp.certificateauthority.CaPoolArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolPublishingOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport com.pulumi.gcp.projects.ServiceIdentity;\nimport com.pulumi.gcp.projects.ServiceIdentityArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport com.pulumi.gcp.certificatemanager.TrustConfig;\nimport com.pulumi.gcp.certificatemanager.TrustConfigArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.TrustConfigTrustStoreArgs;\nimport com.pulumi.gcp.networksecurity.TlsInspectionPolicy;\nimport com.pulumi.gcp.networksecurity.TlsInspectionPolicyArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new CaPool(\"default\", CaPoolArgs.builder()\n .name(\"my-basic-ca-pool\")\n .location(\"us-central1\")\n .tier(\"DEVOPS\")\n .publishingOptions(CaPoolPublishingOptionsArgs.builder()\n .publishCaCert(false)\n .publishCrl(false)\n .build())\n .issuancePolicy(CaPoolIssuancePolicyArgs.builder()\n .maximumLifetime(\"1209600s\")\n .baselineValues(CaPoolIssuancePolicyBaselineValuesArgs.builder()\n .caOptions(CaPoolIssuancePolicyBaselineValuesCaOptionsArgs.builder()\n .isCa(false)\n .build())\n .keyUsage(CaPoolIssuancePolicyBaselineValuesKeyUsageArgs.builder()\n .baseKeyUsage()\n .extendedKeyUsage(CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(true)\n .build())\n .build())\n .build())\n .build())\n .build());\n\n var defaultAuthority = new Authority(\"defaultAuthority\", AuthorityArgs.builder()\n .pool(default_.name())\n .certificateAuthorityId(\"my-basic-certificate-authority\")\n .location(\"us-central1\")\n .lifetime(\"86400s\")\n .type(\"SELF_SIGNED\")\n .deletionProtection(false)\n .skipGracePeriod(true)\n .ignoreActiveCertificatesOnDeletion(true)\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"Test LLC\")\n .commonName(\"my-ca\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(false)\n .build())\n .build())\n .build())\n .build())\n .keySpec(AuthorityKeySpecArgs.builder()\n .algorithm(\"RSA_PKCS1_4096_SHA256\")\n .build())\n .build());\n\n var nsSa = new ServiceIdentity(\"nsSa\", ServiceIdentityArgs.builder()\n .service(\"networksecurity.googleapis.com\")\n .build());\n\n var defaultCaPoolIamMember = new CaPoolIamMember(\"defaultCaPoolIamMember\", CaPoolIamMemberArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(nsSa.member())\n .build());\n\n var defaultTrustConfig = new TrustConfig(\"defaultTrustConfig\", TrustConfigArgs.builder()\n .name(\"my-trust-config\")\n .description(\"sample trust config description\")\n .location(\"us-central1\")\n .trustStores(TrustConfigTrustStoreArgs.builder()\n .trustAnchors(TrustConfigTrustStoreTrustAnchorArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/ca_cert.pem\")\n .build()).result())\n .build())\n .intermediateCas(TrustConfigTrustStoreIntermediateCaArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/ca_cert.pem\")\n .build()).result())\n .build())\n .build())\n .build());\n\n var defaultTlsInspectionPolicy = new TlsInspectionPolicy(\"defaultTlsInspectionPolicy\", TlsInspectionPolicyArgs.builder()\n .name(\"my-tls-inspection-policy\")\n .location(\"us-central1\")\n .caPool(default_.id())\n .excludePublicCaSet(false)\n .minTlsVersion(\"TLS_1_0\")\n .trustConfig(defaultTrustConfig.id())\n .tlsFeatureProfile(\"PROFILE_CUSTOM\")\n .customTlsFeatures( \n \"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\",\n \"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\",\n \"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA\",\n \"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384\",\n \"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256\",\n \"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA\",\n \"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\",\n \"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA\",\n \"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\",\n \"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\",\n \"TLS_RSA_WITH_3DES_EDE_CBC_SHA\",\n \"TLS_RSA_WITH_AES_128_CBC_SHA\",\n \"TLS_RSA_WITH_AES_128_GCM_SHA256\",\n \"TLS_RSA_WITH_AES_256_CBC_SHA\",\n \"TLS_RSA_WITH_AES_256_GCM_SHA384\")\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n defaultAuthority,\n defaultCaPoolIamMember)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificateauthority:CaPool\n properties:\n name: my-basic-ca-pool\n location: us-central1\n tier: DEVOPS\n publishingOptions:\n publishCaCert: false\n publishCrl: false\n issuancePolicy:\n maximumLifetime: 1209600s\n baselineValues:\n caOptions:\n isCa: false\n keyUsage:\n baseKeyUsage: {}\n extendedKeyUsage:\n serverAuth: true\n defaultAuthority:\n type: gcp:certificateauthority:Authority\n name: default\n properties:\n pool: ${default.name}\n certificateAuthorityId: my-basic-certificate-authority\n location: us-central1\n lifetime: 86400s\n type: SELF_SIGNED\n deletionProtection: false\n skipGracePeriod: true\n ignoreActiveCertificatesOnDeletion: true\n config:\n subjectConfig:\n subject:\n organization: Test LLC\n commonName: my-ca\n x509Config:\n caOptions:\n isCa: true\n keyUsage:\n baseKeyUsage:\n certSign: true\n crlSign: true\n extendedKeyUsage:\n serverAuth: false\n keySpec:\n algorithm: RSA_PKCS1_4096_SHA256\n nsSa:\n type: gcp:projects:ServiceIdentity\n name: ns_sa\n properties:\n service: networksecurity.googleapis.com\n defaultCaPoolIamMember:\n type: gcp:certificateauthority:CaPoolIamMember\n name: default\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: ${nsSa.member}\n defaultTrustConfig:\n type: gcp:certificatemanager:TrustConfig\n name: default\n properties:\n name: my-trust-config\n description: sample trust config description\n location: us-central1\n trustStores:\n - trustAnchors:\n - pemCertificate:\n fn::invoke:\n Function: std:file\n Arguments:\n input: test-fixtures/ca_cert.pem\n Return: result\n intermediateCas:\n - pemCertificate:\n fn::invoke:\n Function: std:file\n Arguments:\n input: test-fixtures/ca_cert.pem\n Return: result\n defaultTlsInspectionPolicy:\n type: gcp:networksecurity:TlsInspectionPolicy\n name: default\n properties:\n name: my-tls-inspection-policy\n location: us-central1\n caPool: ${default.id}\n excludePublicCaSet: false\n minTlsVersion: TLS_1_0\n trustConfig: ${defaultTrustConfig.id}\n tlsFeatureProfile: PROFILE_CUSTOM\n customTlsFeatures:\n - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\n - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\n - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA\n - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384\n - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256\n - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA\n - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA\n - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\n - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\n - TLS_RSA_WITH_3DES_EDE_CBC_SHA\n - TLS_RSA_WITH_AES_128_CBC_SHA\n - TLS_RSA_WITH_AES_128_GCM_SHA256\n - TLS_RSA_WITH_AES_256_CBC_SHA\n - TLS_RSA_WITH_AES_256_GCM_SHA384\n options:\n dependson:\n - ${defaultAuthority}\n - ${defaultCaPoolIamMember}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nTlsInspectionPolicy can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/tlsInspectionPolicies/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, TlsInspectionPolicy can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:networksecurity/tlsInspectionPolicy:TlsInspectionPolicy default projects/{{project}}/locations/{{location}}/tlsInspectionPolicies/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networksecurity/tlsInspectionPolicy:TlsInspectionPolicy default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networksecurity/tlsInspectionPolicy:TlsInspectionPolicy default {{location}}/{{name}}\n```\n\n", + "description": "The TlsInspectionPolicy resource contains references to CA pools in Certificate Authority Service and associated metadata.\n\n\nTo get more information about TlsInspectionPolicy, see:\n\n* [API documentation](https://cloud.google.com/secure-web-proxy/docs/reference/network-security/rest/v1/projects.locations.tlsInspectionPolicies)\n* How-to Guides\n * [Use TlsInspectionPolicy](https://cloud.google.com/secure-web-proxy/docs/tls-inspection-overview)\n\n## Example Usage\n\n### Network Security Tls Inspection Policy Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.certificateauthority.CaPool(\"default\", {\n name: \"my-basic-ca-pool\",\n location: \"us-central1\",\n tier: \"DEVOPS\",\n publishingOptions: {\n publishCaCert: false,\n publishCrl: false,\n },\n issuancePolicy: {\n maximumLifetime: \"1209600s\",\n baselineValues: {\n caOptions: {\n isCa: false,\n },\n keyUsage: {\n baseKeyUsage: {},\n extendedKeyUsage: {\n serverAuth: true,\n },\n },\n },\n },\n});\nconst defaultAuthority = new gcp.certificateauthority.Authority(\"default\", {\n pool: _default.name,\n certificateAuthorityId: \"my-basic-certificate-authority\",\n location: \"us-central1\",\n lifetime: \"86400s\",\n type: \"SELF_SIGNED\",\n deletionProtection: false,\n skipGracePeriod: true,\n ignoreActiveCertificatesOnDeletion: true,\n config: {\n subjectConfig: {\n subject: {\n organization: \"Test LLC\",\n commonName: \"my-ca\",\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {\n serverAuth: false,\n },\n },\n },\n },\n keySpec: {\n algorithm: \"RSA_PKCS1_4096_SHA256\",\n },\n});\nconst project = gcp.organizations.getProject({});\nconst tlsInspectionPermission = new gcp.certificateauthority.CaPoolIamMember(\"tls_inspection_permission\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-networksecurity.iam.gserviceaccount.com`),\n});\nconst defaultTlsInspectionPolicy = new gcp.networksecurity.TlsInspectionPolicy(\"default\", {\n name: \"my-tls-inspection-policy\",\n location: \"us-central1\",\n caPool: _default.id,\n excludePublicCaSet: false,\n}, {\n dependsOn: [\n _default,\n defaultAuthority,\n tlsInspectionPermission,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.certificateauthority.CaPool(\"default\",\n name=\"my-basic-ca-pool\",\n location=\"us-central1\",\n tier=\"DEVOPS\",\n publishing_options={\n \"publish_ca_cert\": False,\n \"publish_crl\": False,\n },\n issuance_policy={\n \"maximum_lifetime\": \"1209600s\",\n \"baseline_values\": {\n \"ca_options\": {\n \"is_ca\": False,\n },\n \"key_usage\": {\n \"base_key_usage\": {},\n \"extended_key_usage\": {\n \"server_auth\": True,\n },\n },\n },\n })\ndefault_authority = gcp.certificateauthority.Authority(\"default\",\n pool=default.name,\n certificate_authority_id=\"my-basic-certificate-authority\",\n location=\"us-central1\",\n lifetime=\"86400s\",\n type=\"SELF_SIGNED\",\n deletion_protection=False,\n skip_grace_period=True,\n ignore_active_certificates_on_deletion=True,\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"Test LLC\",\n \"common_name\": \"my-ca\",\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {\n \"server_auth\": False,\n },\n },\n },\n },\n key_spec={\n \"algorithm\": \"RSA_PKCS1_4096_SHA256\",\n })\nproject = gcp.organizations.get_project()\ntls_inspection_permission = gcp.certificateauthority.CaPoolIamMember(\"tls_inspection_permission\",\n ca_pool=default.id,\n role=\"roles/privateca.certificateManager\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-networksecurity.iam.gserviceaccount.com\")\ndefault_tls_inspection_policy = gcp.networksecurity.TlsInspectionPolicy(\"default\",\n name=\"my-tls-inspection-policy\",\n location=\"us-central1\",\n ca_pool=default.id,\n exclude_public_ca_set=False,\n opts = pulumi.ResourceOptions(depends_on=[\n default,\n default_authority,\n tls_inspection_permission,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CertificateAuthority.CaPool(\"default\", new()\n {\n Name = \"my-basic-ca-pool\",\n Location = \"us-central1\",\n Tier = \"DEVOPS\",\n PublishingOptions = new Gcp.CertificateAuthority.Inputs.CaPoolPublishingOptionsArgs\n {\n PublishCaCert = false,\n PublishCrl = false,\n },\n IssuancePolicy = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyArgs\n {\n MaximumLifetime = \"1209600s\",\n BaselineValues = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyBaselineValuesArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyBaselineValuesCaOptionsArgs\n {\n IsCa = false,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageArgs\n {\n BaseKeyUsage = null,\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = true,\n },\n },\n },\n },\n });\n\n var defaultAuthority = new Gcp.CertificateAuthority.Authority(\"default\", new()\n {\n Pool = @default.Name,\n CertificateAuthorityId = \"my-basic-certificate-authority\",\n Location = \"us-central1\",\n Lifetime = \"86400s\",\n Type = \"SELF_SIGNED\",\n DeletionProtection = false,\n SkipGracePeriod = true,\n IgnoreActiveCertificatesOnDeletion = true,\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"Test LLC\",\n CommonName = \"my-ca\",\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = false,\n },\n },\n },\n },\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n Algorithm = \"RSA_PKCS1_4096_SHA256\",\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var tlsInspectionPermission = new Gcp.CertificateAuthority.CaPoolIamMember(\"tls_inspection_permission\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-networksecurity.iam.gserviceaccount.com\",\n });\n\n var defaultTlsInspectionPolicy = new Gcp.NetworkSecurity.TlsInspectionPolicy(\"default\", new()\n {\n Name = \"my-tls-inspection-policy\",\n Location = \"us-central1\",\n CaPool = @default.Id,\n ExcludePublicCaSet = false,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n defaultAuthority,\n tlsInspectionPermission,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPool(ctx, \"default\", \u0026certificateauthority.CaPoolArgs{\n\t\t\tName: pulumi.String(\"my-basic-ca-pool\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTier: pulumi.String(\"DEVOPS\"),\n\t\t\tPublishingOptions: \u0026certificateauthority.CaPoolPublishingOptionsArgs{\n\t\t\t\tPublishCaCert: pulumi.Bool(false),\n\t\t\t\tPublishCrl: pulumi.Bool(false),\n\t\t\t},\n\t\t\tIssuancePolicy: \u0026certificateauthority.CaPoolIssuancePolicyArgs{\n\t\t\t\tMaximumLifetime: pulumi.String(\"1209600s\"),\n\t\t\t\tBaselineValues: \u0026certificateauthority.CaPoolIssuancePolicyBaselineValuesArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.CaPoolIssuancePolicyBaselineValuesCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.CaPoolIssuancePolicyBaselineValuesKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.CaPoolIssuancePolicyBaselineValuesKeyUsageBaseKeyUsageArgs{},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultAuthority, err := certificateauthority.NewAuthority(ctx, \"default\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tPool: _default.Name,\n\t\t\tCertificateAuthorityId: pulumi.String(\"my-basic-certificate-authority\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tLifetime: pulumi.String(\"86400s\"),\n\t\t\tType: pulumi.String(\"SELF_SIGNED\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tSkipGracePeriod: pulumi.Bool(true),\n\t\t\tIgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"Test LLC\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-ca\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(false),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_PKCS1_4096_SHA256\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttlsInspectionPermission, err := certificateauthority.NewCaPoolIamMember(ctx, \"tls_inspection_permission\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: _default.ID(),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-networksecurity.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networksecurity.NewTlsInspectionPolicy(ctx, \"default\", \u0026networksecurity.TlsInspectionPolicyArgs{\n\t\t\tName: pulumi.String(\"my-tls-inspection-policy\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tCaPool: _default.ID(),\n\t\t\tExcludePublicCaSet: pulumi.Bool(false),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t\tdefaultAuthority,\n\t\t\ttlsInspectionPermission,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPool;\nimport com.pulumi.gcp.certificateauthority.CaPoolArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolPublishingOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport com.pulumi.gcp.networksecurity.TlsInspectionPolicy;\nimport com.pulumi.gcp.networksecurity.TlsInspectionPolicyArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new CaPool(\"default\", CaPoolArgs.builder()\n .name(\"my-basic-ca-pool\")\n .location(\"us-central1\")\n .tier(\"DEVOPS\")\n .publishingOptions(CaPoolPublishingOptionsArgs.builder()\n .publishCaCert(false)\n .publishCrl(false)\n .build())\n .issuancePolicy(CaPoolIssuancePolicyArgs.builder()\n .maximumLifetime(\"1209600s\")\n .baselineValues(CaPoolIssuancePolicyBaselineValuesArgs.builder()\n .caOptions(CaPoolIssuancePolicyBaselineValuesCaOptionsArgs.builder()\n .isCa(false)\n .build())\n .keyUsage(CaPoolIssuancePolicyBaselineValuesKeyUsageArgs.builder()\n .baseKeyUsage()\n .extendedKeyUsage(CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(true)\n .build())\n .build())\n .build())\n .build())\n .build());\n\n var defaultAuthority = new Authority(\"defaultAuthority\", AuthorityArgs.builder()\n .pool(default_.name())\n .certificateAuthorityId(\"my-basic-certificate-authority\")\n .location(\"us-central1\")\n .lifetime(\"86400s\")\n .type(\"SELF_SIGNED\")\n .deletionProtection(false)\n .skipGracePeriod(true)\n .ignoreActiveCertificatesOnDeletion(true)\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"Test LLC\")\n .commonName(\"my-ca\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(false)\n .build())\n .build())\n .build())\n .build())\n .keySpec(AuthorityKeySpecArgs.builder()\n .algorithm(\"RSA_PKCS1_4096_SHA256\")\n .build())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var tlsInspectionPermission = new CaPoolIamMember(\"tlsInspectionPermission\", CaPoolIamMemberArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-networksecurity.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var defaultTlsInspectionPolicy = new TlsInspectionPolicy(\"defaultTlsInspectionPolicy\", TlsInspectionPolicyArgs.builder()\n .name(\"my-tls-inspection-policy\")\n .location(\"us-central1\")\n .caPool(default_.id())\n .excludePublicCaSet(false)\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n default_,\n defaultAuthority,\n tlsInspectionPermission)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificateauthority:CaPool\n properties:\n name: my-basic-ca-pool\n location: us-central1\n tier: DEVOPS\n publishingOptions:\n publishCaCert: false\n publishCrl: false\n issuancePolicy:\n maximumLifetime: 1209600s\n baselineValues:\n caOptions:\n isCa: false\n keyUsage:\n baseKeyUsage: {}\n extendedKeyUsage:\n serverAuth: true\n defaultAuthority:\n type: gcp:certificateauthority:Authority\n name: default\n properties:\n pool: ${default.name}\n certificateAuthorityId: my-basic-certificate-authority\n location: us-central1\n lifetime: 86400s\n type: SELF_SIGNED\n deletionProtection: false\n skipGracePeriod: true\n ignoreActiveCertificatesOnDeletion: true\n config:\n subjectConfig:\n subject:\n organization: Test LLC\n commonName: my-ca\n x509Config:\n caOptions:\n isCa: true\n keyUsage:\n baseKeyUsage:\n certSign: true\n crlSign: true\n extendedKeyUsage:\n serverAuth: false\n keySpec:\n algorithm: RSA_PKCS1_4096_SHA256\n tlsInspectionPermission:\n type: gcp:certificateauthority:CaPoolIamMember\n name: tls_inspection_permission\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: serviceAccount:service-${project.number}@gcp-sa-networksecurity.iam.gserviceaccount.com\n defaultTlsInspectionPolicy:\n type: gcp:networksecurity:TlsInspectionPolicy\n name: default\n properties:\n name: my-tls-inspection-policy\n location: us-central1\n caPool: ${default.id}\n excludePublicCaSet: false\n options:\n dependsOn:\n - ${default}\n - ${defaultAuthority}\n - ${tlsInspectionPermission}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Security Tls Inspection Policy Custom\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst _default = new gcp.certificateauthority.CaPool(\"default\", {\n name: \"my-basic-ca-pool\",\n location: \"us-central1\",\n tier: \"DEVOPS\",\n publishingOptions: {\n publishCaCert: false,\n publishCrl: false,\n },\n issuancePolicy: {\n maximumLifetime: \"1209600s\",\n baselineValues: {\n caOptions: {\n isCa: false,\n },\n keyUsage: {\n baseKeyUsage: {},\n extendedKeyUsage: {\n serverAuth: true,\n },\n },\n },\n },\n});\nconst defaultAuthority = new gcp.certificateauthority.Authority(\"default\", {\n pool: _default.name,\n certificateAuthorityId: \"my-basic-certificate-authority\",\n location: \"us-central1\",\n lifetime: \"86400s\",\n type: \"SELF_SIGNED\",\n deletionProtection: false,\n skipGracePeriod: true,\n ignoreActiveCertificatesOnDeletion: true,\n config: {\n subjectConfig: {\n subject: {\n organization: \"Test LLC\",\n commonName: \"my-ca\",\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {\n serverAuth: false,\n },\n },\n },\n },\n keySpec: {\n algorithm: \"RSA_PKCS1_4096_SHA256\",\n },\n});\nconst nsSa = new gcp.projects.ServiceIdentity(\"ns_sa\", {service: \"networksecurity.googleapis.com\"});\nconst defaultCaPoolIamMember = new gcp.certificateauthority.CaPoolIamMember(\"default\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: nsSa.member,\n});\nconst defaultTrustConfig = new gcp.certificatemanager.TrustConfig(\"default\", {\n name: \"my-trust-config\",\n description: \"sample trust config description\",\n location: \"us-central1\",\n trustStores: [{\n trustAnchors: [{\n pemCertificate: std.file({\n input: \"test-fixtures/ca_cert.pem\",\n }).then(invoke =\u003e invoke.result),\n }],\n intermediateCas: [{\n pemCertificate: std.file({\n input: \"test-fixtures/ca_cert.pem\",\n }).then(invoke =\u003e invoke.result),\n }],\n }],\n});\nconst defaultTlsInspectionPolicy = new gcp.networksecurity.TlsInspectionPolicy(\"default\", {\n name: \"my-tls-inspection-policy\",\n location: \"us-central1\",\n caPool: _default.id,\n excludePublicCaSet: false,\n minTlsVersion: \"TLS_1_0\",\n trustConfig: defaultTrustConfig.id,\n tlsFeatureProfile: \"PROFILE_CUSTOM\",\n customTlsFeatures: [\n \"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\",\n \"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\",\n \"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA\",\n \"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384\",\n \"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256\",\n \"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA\",\n \"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\",\n \"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA\",\n \"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\",\n \"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\",\n \"TLS_RSA_WITH_3DES_EDE_CBC_SHA\",\n \"TLS_RSA_WITH_AES_128_CBC_SHA\",\n \"TLS_RSA_WITH_AES_128_GCM_SHA256\",\n \"TLS_RSA_WITH_AES_256_CBC_SHA\",\n \"TLS_RSA_WITH_AES_256_GCM_SHA384\",\n ],\n}, {\n dependsOn: [\n defaultAuthority,\n defaultCaPoolIamMember,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndefault = gcp.certificateauthority.CaPool(\"default\",\n name=\"my-basic-ca-pool\",\n location=\"us-central1\",\n tier=\"DEVOPS\",\n publishing_options={\n \"publish_ca_cert\": False,\n \"publish_crl\": False,\n },\n issuance_policy={\n \"maximum_lifetime\": \"1209600s\",\n \"baseline_values\": {\n \"ca_options\": {\n \"is_ca\": False,\n },\n \"key_usage\": {\n \"base_key_usage\": {},\n \"extended_key_usage\": {\n \"server_auth\": True,\n },\n },\n },\n })\ndefault_authority = gcp.certificateauthority.Authority(\"default\",\n pool=default.name,\n certificate_authority_id=\"my-basic-certificate-authority\",\n location=\"us-central1\",\n lifetime=\"86400s\",\n type=\"SELF_SIGNED\",\n deletion_protection=False,\n skip_grace_period=True,\n ignore_active_certificates_on_deletion=True,\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"Test LLC\",\n \"common_name\": \"my-ca\",\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {\n \"server_auth\": False,\n },\n },\n },\n },\n key_spec={\n \"algorithm\": \"RSA_PKCS1_4096_SHA256\",\n })\nns_sa = gcp.projects.ServiceIdentity(\"ns_sa\", service=\"networksecurity.googleapis.com\")\ndefault_ca_pool_iam_member = gcp.certificateauthority.CaPoolIamMember(\"default\",\n ca_pool=default.id,\n role=\"roles/privateca.certificateManager\",\n member=ns_sa.member)\ndefault_trust_config = gcp.certificatemanager.TrustConfig(\"default\",\n name=\"my-trust-config\",\n description=\"sample trust config description\",\n location=\"us-central1\",\n trust_stores=[{\n \"trust_anchors\": [{\n \"pem_certificate\": std.file(input=\"test-fixtures/ca_cert.pem\").result,\n }],\n \"intermediate_cas\": [{\n \"pem_certificate\": std.file(input=\"test-fixtures/ca_cert.pem\").result,\n }],\n }])\ndefault_tls_inspection_policy = gcp.networksecurity.TlsInspectionPolicy(\"default\",\n name=\"my-tls-inspection-policy\",\n location=\"us-central1\",\n ca_pool=default.id,\n exclude_public_ca_set=False,\n min_tls_version=\"TLS_1_0\",\n trust_config=default_trust_config.id,\n tls_feature_profile=\"PROFILE_CUSTOM\",\n custom_tls_features=[\n \"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\",\n \"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\",\n \"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA\",\n \"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384\",\n \"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256\",\n \"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA\",\n \"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\",\n \"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA\",\n \"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\",\n \"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\",\n \"TLS_RSA_WITH_3DES_EDE_CBC_SHA\",\n \"TLS_RSA_WITH_AES_128_CBC_SHA\",\n \"TLS_RSA_WITH_AES_128_GCM_SHA256\",\n \"TLS_RSA_WITH_AES_256_CBC_SHA\",\n \"TLS_RSA_WITH_AES_256_GCM_SHA384\",\n ],\n opts = pulumi.ResourceOptions(depends_on=[\n default_authority,\n default_ca_pool_iam_member,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CertificateAuthority.CaPool(\"default\", new()\n {\n Name = \"my-basic-ca-pool\",\n Location = \"us-central1\",\n Tier = \"DEVOPS\",\n PublishingOptions = new Gcp.CertificateAuthority.Inputs.CaPoolPublishingOptionsArgs\n {\n PublishCaCert = false,\n PublishCrl = false,\n },\n IssuancePolicy = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyArgs\n {\n MaximumLifetime = \"1209600s\",\n BaselineValues = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyBaselineValuesArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyBaselineValuesCaOptionsArgs\n {\n IsCa = false,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageArgs\n {\n BaseKeyUsage = null,\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = true,\n },\n },\n },\n },\n });\n\n var defaultAuthority = new Gcp.CertificateAuthority.Authority(\"default\", new()\n {\n Pool = @default.Name,\n CertificateAuthorityId = \"my-basic-certificate-authority\",\n Location = \"us-central1\",\n Lifetime = \"86400s\",\n Type = \"SELF_SIGNED\",\n DeletionProtection = false,\n SkipGracePeriod = true,\n IgnoreActiveCertificatesOnDeletion = true,\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"Test LLC\",\n CommonName = \"my-ca\",\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = false,\n },\n },\n },\n },\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n Algorithm = \"RSA_PKCS1_4096_SHA256\",\n },\n });\n\n var nsSa = new Gcp.Projects.ServiceIdentity(\"ns_sa\", new()\n {\n Service = \"networksecurity.googleapis.com\",\n });\n\n var defaultCaPoolIamMember = new Gcp.CertificateAuthority.CaPoolIamMember(\"default\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = nsSa.Member,\n });\n\n var defaultTrustConfig = new Gcp.CertificateManager.TrustConfig(\"default\", new()\n {\n Name = \"my-trust-config\",\n Description = \"sample trust config description\",\n Location = \"us-central1\",\n TrustStores = new[]\n {\n new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreArgs\n {\n TrustAnchors = new[]\n {\n new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreTrustAnchorArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/ca_cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n IntermediateCas = new[]\n {\n new Gcp.CertificateManager.Inputs.TrustConfigTrustStoreIntermediateCaArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/ca_cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n },\n },\n },\n });\n\n var defaultTlsInspectionPolicy = new Gcp.NetworkSecurity.TlsInspectionPolicy(\"default\", new()\n {\n Name = \"my-tls-inspection-policy\",\n Location = \"us-central1\",\n CaPool = @default.Id,\n ExcludePublicCaSet = false,\n MinTlsVersion = \"TLS_1_0\",\n TrustConfig = defaultTrustConfig.Id,\n TlsFeatureProfile = \"PROFILE_CUSTOM\",\n CustomTlsFeatures = new[]\n {\n \"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\",\n \"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\",\n \"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA\",\n \"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384\",\n \"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256\",\n \"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA\",\n \"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\",\n \"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA\",\n \"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\",\n \"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\",\n \"TLS_RSA_WITH_3DES_EDE_CBC_SHA\",\n \"TLS_RSA_WITH_AES_128_CBC_SHA\",\n \"TLS_RSA_WITH_AES_128_GCM_SHA256\",\n \"TLS_RSA_WITH_AES_256_CBC_SHA\",\n \"TLS_RSA_WITH_AES_256_GCM_SHA384\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n defaultAuthority,\n defaultCaPoolIamMember,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPool(ctx, \"default\", \u0026certificateauthority.CaPoolArgs{\n\t\t\tName: pulumi.String(\"my-basic-ca-pool\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTier: pulumi.String(\"DEVOPS\"),\n\t\t\tPublishingOptions: \u0026certificateauthority.CaPoolPublishingOptionsArgs{\n\t\t\t\tPublishCaCert: pulumi.Bool(false),\n\t\t\t\tPublishCrl: pulumi.Bool(false),\n\t\t\t},\n\t\t\tIssuancePolicy: \u0026certificateauthority.CaPoolIssuancePolicyArgs{\n\t\t\t\tMaximumLifetime: pulumi.String(\"1209600s\"),\n\t\t\t\tBaselineValues: \u0026certificateauthority.CaPoolIssuancePolicyBaselineValuesArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.CaPoolIssuancePolicyBaselineValuesCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.CaPoolIssuancePolicyBaselineValuesKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.CaPoolIssuancePolicyBaselineValuesKeyUsageBaseKeyUsageArgs{},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultAuthority, err := certificateauthority.NewAuthority(ctx, \"default\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tPool: _default.Name,\n\t\t\tCertificateAuthorityId: pulumi.String(\"my-basic-certificate-authority\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tLifetime: pulumi.String(\"86400s\"),\n\t\t\tType: pulumi.String(\"SELF_SIGNED\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tSkipGracePeriod: pulumi.Bool(true),\n\t\t\tIgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"Test LLC\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-ca\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(false),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_PKCS1_4096_SHA256\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnsSa, err := projects.NewServiceIdentity(ctx, \"ns_sa\", \u0026projects.ServiceIdentityArgs{\n\t\t\tService: pulumi.String(\"networksecurity.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultCaPoolIamMember, err := certificateauthority.NewCaPoolIamMember(ctx, \"default\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: _default.ID(),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: nsSa.Member,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/ca_cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/ca_cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTrustConfig, err := certificatemanager.NewTrustConfig(ctx, \"default\", \u0026certificatemanager.TrustConfigArgs{\n\t\t\tName: pulumi.String(\"my-trust-config\"),\n\t\t\tDescription: pulumi.String(\"sample trust config description\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTrustStores: certificatemanager.TrustConfigTrustStoreArray{\n\t\t\t\t\u0026certificatemanager.TrustConfigTrustStoreArgs{\n\t\t\t\t\tTrustAnchors: certificatemanager.TrustConfigTrustStoreTrustAnchorArray{\n\t\t\t\t\t\t\u0026certificatemanager.TrustConfigTrustStoreTrustAnchorArgs{\n\t\t\t\t\t\t\tPemCertificate: pulumi.String(invokeFile.Result),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tIntermediateCas: certificatemanager.TrustConfigTrustStoreIntermediateCaArray{\n\t\t\t\t\t\t\u0026certificatemanager.TrustConfigTrustStoreIntermediateCaArgs{\n\t\t\t\t\t\t\tPemCertificate: pulumi.String(invokeFile1.Result),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networksecurity.NewTlsInspectionPolicy(ctx, \"default\", \u0026networksecurity.TlsInspectionPolicyArgs{\n\t\t\tName: pulumi.String(\"my-tls-inspection-policy\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tCaPool: _default.ID(),\n\t\t\tExcludePublicCaSet: pulumi.Bool(false),\n\t\t\tMinTlsVersion: pulumi.String(\"TLS_1_0\"),\n\t\t\tTrustConfig: defaultTrustConfig.ID(),\n\t\t\tTlsFeatureProfile: pulumi.String(\"PROFILE_CUSTOM\"),\n\t\t\tCustomTlsFeatures: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\"),\n\t\t\t\tpulumi.String(\"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\"),\n\t\t\t\tpulumi.String(\"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA\"),\n\t\t\t\tpulumi.String(\"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384\"),\n\t\t\t\tpulumi.String(\"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256\"),\n\t\t\t\tpulumi.String(\"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA\"),\n\t\t\t\tpulumi.String(\"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\"),\n\t\t\t\tpulumi.String(\"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA\"),\n\t\t\t\tpulumi.String(\"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\"),\n\t\t\t\tpulumi.String(\"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\"),\n\t\t\t\tpulumi.String(\"TLS_RSA_WITH_3DES_EDE_CBC_SHA\"),\n\t\t\t\tpulumi.String(\"TLS_RSA_WITH_AES_128_CBC_SHA\"),\n\t\t\t\tpulumi.String(\"TLS_RSA_WITH_AES_128_GCM_SHA256\"),\n\t\t\t\tpulumi.String(\"TLS_RSA_WITH_AES_256_CBC_SHA\"),\n\t\t\t\tpulumi.String(\"TLS_RSA_WITH_AES_256_GCM_SHA384\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdefaultAuthority,\n\t\t\tdefaultCaPoolIamMember,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPool;\nimport com.pulumi.gcp.certificateauthority.CaPoolArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolPublishingOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport com.pulumi.gcp.projects.ServiceIdentity;\nimport com.pulumi.gcp.projects.ServiceIdentityArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport com.pulumi.gcp.certificatemanager.TrustConfig;\nimport com.pulumi.gcp.certificatemanager.TrustConfigArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.TrustConfigTrustStoreArgs;\nimport com.pulumi.gcp.networksecurity.TlsInspectionPolicy;\nimport com.pulumi.gcp.networksecurity.TlsInspectionPolicyArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new CaPool(\"default\", CaPoolArgs.builder()\n .name(\"my-basic-ca-pool\")\n .location(\"us-central1\")\n .tier(\"DEVOPS\")\n .publishingOptions(CaPoolPublishingOptionsArgs.builder()\n .publishCaCert(false)\n .publishCrl(false)\n .build())\n .issuancePolicy(CaPoolIssuancePolicyArgs.builder()\n .maximumLifetime(\"1209600s\")\n .baselineValues(CaPoolIssuancePolicyBaselineValuesArgs.builder()\n .caOptions(CaPoolIssuancePolicyBaselineValuesCaOptionsArgs.builder()\n .isCa(false)\n .build())\n .keyUsage(CaPoolIssuancePolicyBaselineValuesKeyUsageArgs.builder()\n .baseKeyUsage()\n .extendedKeyUsage(CaPoolIssuancePolicyBaselineValuesKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(true)\n .build())\n .build())\n .build())\n .build())\n .build());\n\n var defaultAuthority = new Authority(\"defaultAuthority\", AuthorityArgs.builder()\n .pool(default_.name())\n .certificateAuthorityId(\"my-basic-certificate-authority\")\n .location(\"us-central1\")\n .lifetime(\"86400s\")\n .type(\"SELF_SIGNED\")\n .deletionProtection(false)\n .skipGracePeriod(true)\n .ignoreActiveCertificatesOnDeletion(true)\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"Test LLC\")\n .commonName(\"my-ca\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(false)\n .build())\n .build())\n .build())\n .build())\n .keySpec(AuthorityKeySpecArgs.builder()\n .algorithm(\"RSA_PKCS1_4096_SHA256\")\n .build())\n .build());\n\n var nsSa = new ServiceIdentity(\"nsSa\", ServiceIdentityArgs.builder()\n .service(\"networksecurity.googleapis.com\")\n .build());\n\n var defaultCaPoolIamMember = new CaPoolIamMember(\"defaultCaPoolIamMember\", CaPoolIamMemberArgs.builder()\n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(nsSa.member())\n .build());\n\n var defaultTrustConfig = new TrustConfig(\"defaultTrustConfig\", TrustConfigArgs.builder()\n .name(\"my-trust-config\")\n .description(\"sample trust config description\")\n .location(\"us-central1\")\n .trustStores(TrustConfigTrustStoreArgs.builder()\n .trustAnchors(TrustConfigTrustStoreTrustAnchorArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/ca_cert.pem\")\n .build()).result())\n .build())\n .intermediateCas(TrustConfigTrustStoreIntermediateCaArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/ca_cert.pem\")\n .build()).result())\n .build())\n .build())\n .build());\n\n var defaultTlsInspectionPolicy = new TlsInspectionPolicy(\"defaultTlsInspectionPolicy\", TlsInspectionPolicyArgs.builder()\n .name(\"my-tls-inspection-policy\")\n .location(\"us-central1\")\n .caPool(default_.id())\n .excludePublicCaSet(false)\n .minTlsVersion(\"TLS_1_0\")\n .trustConfig(defaultTrustConfig.id())\n .tlsFeatureProfile(\"PROFILE_CUSTOM\")\n .customTlsFeatures( \n \"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\",\n \"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\",\n \"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA\",\n \"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384\",\n \"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256\",\n \"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA\",\n \"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\",\n \"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA\",\n \"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\",\n \"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\",\n \"TLS_RSA_WITH_3DES_EDE_CBC_SHA\",\n \"TLS_RSA_WITH_AES_128_CBC_SHA\",\n \"TLS_RSA_WITH_AES_128_GCM_SHA256\",\n \"TLS_RSA_WITH_AES_256_CBC_SHA\",\n \"TLS_RSA_WITH_AES_256_GCM_SHA384\")\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n defaultAuthority,\n defaultCaPoolIamMember)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificateauthority:CaPool\n properties:\n name: my-basic-ca-pool\n location: us-central1\n tier: DEVOPS\n publishingOptions:\n publishCaCert: false\n publishCrl: false\n issuancePolicy:\n maximumLifetime: 1209600s\n baselineValues:\n caOptions:\n isCa: false\n keyUsage:\n baseKeyUsage: {}\n extendedKeyUsage:\n serverAuth: true\n defaultAuthority:\n type: gcp:certificateauthority:Authority\n name: default\n properties:\n pool: ${default.name}\n certificateAuthorityId: my-basic-certificate-authority\n location: us-central1\n lifetime: 86400s\n type: SELF_SIGNED\n deletionProtection: false\n skipGracePeriod: true\n ignoreActiveCertificatesOnDeletion: true\n config:\n subjectConfig:\n subject:\n organization: Test LLC\n commonName: my-ca\n x509Config:\n caOptions:\n isCa: true\n keyUsage:\n baseKeyUsage:\n certSign: true\n crlSign: true\n extendedKeyUsage:\n serverAuth: false\n keySpec:\n algorithm: RSA_PKCS1_4096_SHA256\n nsSa:\n type: gcp:projects:ServiceIdentity\n name: ns_sa\n properties:\n service: networksecurity.googleapis.com\n defaultCaPoolIamMember:\n type: gcp:certificateauthority:CaPoolIamMember\n name: default\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: ${nsSa.member}\n defaultTrustConfig:\n type: gcp:certificatemanager:TrustConfig\n name: default\n properties:\n name: my-trust-config\n description: sample trust config description\n location: us-central1\n trustStores:\n - trustAnchors:\n - pemCertificate:\n fn::invoke:\n function: std:file\n arguments:\n input: test-fixtures/ca_cert.pem\n return: result\n intermediateCas:\n - pemCertificate:\n fn::invoke:\n function: std:file\n arguments:\n input: test-fixtures/ca_cert.pem\n return: result\n defaultTlsInspectionPolicy:\n type: gcp:networksecurity:TlsInspectionPolicy\n name: default\n properties:\n name: my-tls-inspection-policy\n location: us-central1\n caPool: ${default.id}\n excludePublicCaSet: false\n minTlsVersion: TLS_1_0\n trustConfig: ${defaultTrustConfig.id}\n tlsFeatureProfile: PROFILE_CUSTOM\n customTlsFeatures:\n - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\n - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\n - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA\n - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384\n - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256\n - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA\n - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA\n - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\n - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\n - TLS_RSA_WITH_3DES_EDE_CBC_SHA\n - TLS_RSA_WITH_AES_128_CBC_SHA\n - TLS_RSA_WITH_AES_128_GCM_SHA256\n - TLS_RSA_WITH_AES_256_CBC_SHA\n - TLS_RSA_WITH_AES_256_GCM_SHA384\n options:\n dependsOn:\n - ${defaultAuthority}\n - ${defaultCaPoolIamMember}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nTlsInspectionPolicy can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/tlsInspectionPolicies/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, TlsInspectionPolicy can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:networksecurity/tlsInspectionPolicy:TlsInspectionPolicy default projects/{{project}}/locations/{{location}}/tlsInspectionPolicies/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networksecurity/tlsInspectionPolicy:TlsInspectionPolicy default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networksecurity/tlsInspectionPolicy:TlsInspectionPolicy default {{location}}/{{name}}\n```\n\n", "properties": { "caPool": { "type": "string", @@ -244963,7 +244963,7 @@ } }, "gcp:networkservices/gateway:Gateway": { - "description": "Gateway represents the configuration for a proxy, typically a load balancer.\nIt captures the ip:port over which the services are exposed by the proxy,\nalong with any policy configurations. Routes have reference to to Gateways\nto dictate how requests should be routed by this Gateway.\n\n\nTo get more information about Gateway, see:\n\n* [API documentation](https://cloud.google.com/traffic-director/docs/reference/network-services/rest/v1/projects.locations.gateways)\n\n## Example Usage\n\n### Network Services Gateway Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.networkservices.Gateway(\"default\", {\n name: \"my-gateway\",\n scope: \"default-scope-basic\",\n type: \"OPEN_MESH\",\n ports: [443],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.networkservices.Gateway(\"default\",\n name=\"my-gateway\",\n scope=\"default-scope-basic\",\n type=\"OPEN_MESH\",\n ports=[443])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.NetworkServices.Gateway(\"default\", new()\n {\n Name = \"my-gateway\",\n Scope = \"default-scope-basic\",\n Type = \"OPEN_MESH\",\n Ports = new[]\n {\n 443,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkservices\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := networkservices.NewGateway(ctx, \"default\", \u0026networkservices.GatewayArgs{\n\t\t\tName: pulumi.String(\"my-gateway\"),\n\t\t\tScope: pulumi.String(\"default-scope-basic\"),\n\t\t\tType: pulumi.String(\"OPEN_MESH\"),\n\t\t\tPorts: pulumi.IntArray{\n\t\t\t\tpulumi.Int(443),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.networkservices.Gateway;\nimport com.pulumi.gcp.networkservices.GatewayArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Gateway(\"default\", GatewayArgs.builder()\n .name(\"my-gateway\")\n .scope(\"default-scope-basic\")\n .type(\"OPEN_MESH\")\n .ports(443)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:networkservices:Gateway\n properties:\n name: my-gateway\n scope: default-scope-basic\n type: OPEN_MESH\n ports:\n - 443\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Services Gateway Advanced\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.networkservices.Gateway(\"default\", {\n name: \"my-gateway\",\n labels: {\n foo: \"bar\",\n },\n description: \"my description\",\n type: \"OPEN_MESH\",\n ports: [443],\n scope: \"default-scope-advance\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.networkservices.Gateway(\"default\",\n name=\"my-gateway\",\n labels={\n \"foo\": \"bar\",\n },\n description=\"my description\",\n type=\"OPEN_MESH\",\n ports=[443],\n scope=\"default-scope-advance\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.NetworkServices.Gateway(\"default\", new()\n {\n Name = \"my-gateway\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Description = \"my description\",\n Type = \"OPEN_MESH\",\n Ports = new[]\n {\n 443,\n },\n Scope = \"default-scope-advance\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkservices\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := networkservices.NewGateway(ctx, \"default\", \u0026networkservices.GatewayArgs{\n\t\t\tName: pulumi.String(\"my-gateway\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"my description\"),\n\t\t\tType: pulumi.String(\"OPEN_MESH\"),\n\t\t\tPorts: pulumi.IntArray{\n\t\t\t\tpulumi.Int(443),\n\t\t\t},\n\t\t\tScope: pulumi.String(\"default-scope-advance\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.networkservices.Gateway;\nimport com.pulumi.gcp.networkservices.GatewayArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Gateway(\"default\", GatewayArgs.builder()\n .name(\"my-gateway\")\n .labels(Map.of(\"foo\", \"bar\"))\n .description(\"my description\")\n .type(\"OPEN_MESH\")\n .ports(443)\n .scope(\"default-scope-advance\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:networkservices:Gateway\n properties:\n name: my-gateway\n labels:\n foo: bar\n description: my description\n type: OPEN_MESH\n ports:\n - 443\n scope: default-scope-advance\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Services Gateway Secure Web Proxy\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst _default = new gcp.certificatemanager.Certificate(\"default\", {\n name: \"my-certificate\",\n location: \"us-central1\",\n selfManaged: {\n pemCertificate: std.file({\n input: \"test-fixtures/cert.pem\",\n }).then(invoke =\u003e invoke.result),\n pemPrivateKey: std.file({\n input: \"test-fixtures/private-key.pem\",\n }).then(invoke =\u003e invoke.result),\n },\n});\nconst defaultNetwork = new gcp.compute.Network(\"default\", {\n name: \"my-network\",\n routingMode: \"REGIONAL\",\n autoCreateSubnetworks: false,\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"my-subnetwork-name\",\n purpose: \"PRIVATE\",\n ipCidrRange: \"10.128.0.0/20\",\n region: \"us-central1\",\n network: defaultNetwork.id,\n role: \"ACTIVE\",\n});\nconst proxyonlysubnet = new gcp.compute.Subnetwork(\"proxyonlysubnet\", {\n name: \"my-proxy-only-subnetwork\",\n purpose: \"REGIONAL_MANAGED_PROXY\",\n ipCidrRange: \"192.168.0.0/23\",\n region: \"us-central1\",\n network: defaultNetwork.id,\n role: \"ACTIVE\",\n});\nconst defaultGatewaySecurityPolicy = new gcp.networksecurity.GatewaySecurityPolicy(\"default\", {\n name: \"my-policy-name\",\n location: \"us-central1\",\n});\nconst defaultGatewaySecurityPolicyRule = new gcp.networksecurity.GatewaySecurityPolicyRule(\"default\", {\n name: \"my-policyrule-name\",\n location: \"us-central1\",\n gatewaySecurityPolicy: defaultGatewaySecurityPolicy.name,\n enabled: true,\n priority: 1,\n sessionMatcher: \"host() == 'example.com'\",\n basicProfile: \"ALLOW\",\n});\nconst defaultGateway = new gcp.networkservices.Gateway(\"default\", {\n name: \"my-gateway1\",\n location: \"us-central1\",\n addresses: [\"10.128.0.99\"],\n type: \"SECURE_WEB_GATEWAY\",\n ports: [443],\n scope: \"my-default-scope1\",\n certificateUrls: [_default.id],\n gatewaySecurityPolicy: defaultGatewaySecurityPolicy.id,\n network: defaultNetwork.id,\n subnetwork: defaultSubnetwork.id,\n deleteSwgAutogenRouterOnDestroy: true,\n}, {\n dependsOn: [proxyonlysubnet],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndefault = gcp.certificatemanager.Certificate(\"default\",\n name=\"my-certificate\",\n location=\"us-central1\",\n self_managed={\n \"pem_certificate\": std.file(input=\"test-fixtures/cert.pem\").result,\n \"pem_private_key\": std.file(input=\"test-fixtures/private-key.pem\").result,\n })\ndefault_network = gcp.compute.Network(\"default\",\n name=\"my-network\",\n routing_mode=\"REGIONAL\",\n auto_create_subnetworks=False)\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"my-subnetwork-name\",\n purpose=\"PRIVATE\",\n ip_cidr_range=\"10.128.0.0/20\",\n region=\"us-central1\",\n network=default_network.id,\n role=\"ACTIVE\")\nproxyonlysubnet = gcp.compute.Subnetwork(\"proxyonlysubnet\",\n name=\"my-proxy-only-subnetwork\",\n purpose=\"REGIONAL_MANAGED_PROXY\",\n ip_cidr_range=\"192.168.0.0/23\",\n region=\"us-central1\",\n network=default_network.id,\n role=\"ACTIVE\")\ndefault_gateway_security_policy = gcp.networksecurity.GatewaySecurityPolicy(\"default\",\n name=\"my-policy-name\",\n location=\"us-central1\")\ndefault_gateway_security_policy_rule = gcp.networksecurity.GatewaySecurityPolicyRule(\"default\",\n name=\"my-policyrule-name\",\n location=\"us-central1\",\n gateway_security_policy=default_gateway_security_policy.name,\n enabled=True,\n priority=1,\n session_matcher=\"host() == 'example.com'\",\n basic_profile=\"ALLOW\")\ndefault_gateway = gcp.networkservices.Gateway(\"default\",\n name=\"my-gateway1\",\n location=\"us-central1\",\n addresses=[\"10.128.0.99\"],\n type=\"SECURE_WEB_GATEWAY\",\n ports=[443],\n scope=\"my-default-scope1\",\n certificate_urls=[default.id],\n gateway_security_policy=default_gateway_security_policy.id,\n network=default_network.id,\n subnetwork=default_subnetwork.id,\n delete_swg_autogen_router_on_destroy=True,\n opts = pulumi.ResourceOptions(depends_on=[proxyonlysubnet]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CertificateManager.Certificate(\"default\", new()\n {\n Name = \"my-certificate\",\n Location = \"us-central1\",\n SelfManaged = new Gcp.CertificateManager.Inputs.CertificateSelfManagedArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n PemPrivateKey = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/private-key.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n });\n\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"my-network\",\n RoutingMode = \"REGIONAL\",\n AutoCreateSubnetworks = false,\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"my-subnetwork-name\",\n Purpose = \"PRIVATE\",\n IpCidrRange = \"10.128.0.0/20\",\n Region = \"us-central1\",\n Network = defaultNetwork.Id,\n Role = \"ACTIVE\",\n });\n\n var proxyonlysubnet = new Gcp.Compute.Subnetwork(\"proxyonlysubnet\", new()\n {\n Name = \"my-proxy-only-subnetwork\",\n Purpose = \"REGIONAL_MANAGED_PROXY\",\n IpCidrRange = \"192.168.0.0/23\",\n Region = \"us-central1\",\n Network = defaultNetwork.Id,\n Role = \"ACTIVE\",\n });\n\n var defaultGatewaySecurityPolicy = new Gcp.NetworkSecurity.GatewaySecurityPolicy(\"default\", new()\n {\n Name = \"my-policy-name\",\n Location = \"us-central1\",\n });\n\n var defaultGatewaySecurityPolicyRule = new Gcp.NetworkSecurity.GatewaySecurityPolicyRule(\"default\", new()\n {\n Name = \"my-policyrule-name\",\n Location = \"us-central1\",\n GatewaySecurityPolicy = defaultGatewaySecurityPolicy.Name,\n Enabled = true,\n Priority = 1,\n SessionMatcher = \"host() == 'example.com'\",\n BasicProfile = \"ALLOW\",\n });\n\n var defaultGateway = new Gcp.NetworkServices.Gateway(\"default\", new()\n {\n Name = \"my-gateway1\",\n Location = \"us-central1\",\n Addresses = new[]\n {\n \"10.128.0.99\",\n },\n Type = \"SECURE_WEB_GATEWAY\",\n Ports = new[]\n {\n 443,\n },\n Scope = \"my-default-scope1\",\n CertificateUrls = new[]\n {\n @default.Id,\n },\n GatewaySecurityPolicy = defaultGatewaySecurityPolicy.Id,\n Network = defaultNetwork.Id,\n Subnetwork = defaultSubnetwork.Id,\n DeleteSwgAutogenRouterOnDestroy = true,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n proxyonlysubnet,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkservices\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/private-key.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificatemanager.NewCertificate(ctx, \"default\", \u0026certificatemanager.CertificateArgs{\n\t\t\tName: pulumi.String(\"my-certificate\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tSelfManaged: \u0026certificatemanager.CertificateSelfManagedArgs{\n\t\t\t\tPemCertificate: pulumi.String(invokeFile.Result),\n\t\t\t\tPemPrivateKey: pulumi.String(invokeFile1.Result),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t\tRoutingMode: pulumi.String(\"REGIONAL\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"my-subnetwork-name\"),\n\t\t\tPurpose: pulumi.String(\"PRIVATE\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.128.0.0/20\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tRole: pulumi.String(\"ACTIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproxyonlysubnet, err := compute.NewSubnetwork(ctx, \"proxyonlysubnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"my-proxy-only-subnetwork\"),\n\t\t\tPurpose: pulumi.String(\"REGIONAL_MANAGED_PROXY\"),\n\t\t\tIpCidrRange: pulumi.String(\"192.168.0.0/23\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tRole: pulumi.String(\"ACTIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultGatewaySecurityPolicy, err := networksecurity.NewGatewaySecurityPolicy(ctx, \"default\", \u0026networksecurity.GatewaySecurityPolicyArgs{\n\t\t\tName: pulumi.String(\"my-policy-name\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networksecurity.NewGatewaySecurityPolicyRule(ctx, \"default\", \u0026networksecurity.GatewaySecurityPolicyRuleArgs{\n\t\t\tName: pulumi.String(\"my-policyrule-name\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tGatewaySecurityPolicy: defaultGatewaySecurityPolicy.Name,\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tPriority: pulumi.Int(1),\n\t\t\tSessionMatcher: pulumi.String(\"host() == 'example.com'\"),\n\t\t\tBasicProfile: pulumi.String(\"ALLOW\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkservices.NewGateway(ctx, \"default\", \u0026networkservices.GatewayArgs{\n\t\t\tName: pulumi.String(\"my-gateway1\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tAddresses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"10.128.0.99\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"SECURE_WEB_GATEWAY\"),\n\t\t\tPorts: pulumi.IntArray{\n\t\t\t\tpulumi.Int(443),\n\t\t\t},\n\t\t\tScope: pulumi.String(\"my-default-scope1\"),\n\t\t\tCertificateUrls: pulumi.StringArray{\n\t\t\t\t_default.ID(),\n\t\t\t},\n\t\t\tGatewaySecurityPolicy: defaultGatewaySecurityPolicy.ID(),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\tDeleteSwgAutogenRouterOnDestroy: pulumi.Bool(true),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tproxyonlysubnet,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificatemanager.Certificate;\nimport com.pulumi.gcp.certificatemanager.CertificateArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.CertificateSelfManagedArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.networksecurity.GatewaySecurityPolicy;\nimport com.pulumi.gcp.networksecurity.GatewaySecurityPolicyArgs;\nimport com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRule;\nimport com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRuleArgs;\nimport com.pulumi.gcp.networkservices.Gateway;\nimport com.pulumi.gcp.networkservices.GatewayArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Certificate(\"default\", CertificateArgs.builder()\n .name(\"my-certificate\")\n .location(\"us-central1\")\n .selfManaged(CertificateSelfManagedArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/cert.pem\")\n .build()).result())\n .pemPrivateKey(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/private-key.pem\")\n .build()).result())\n .build())\n .build());\n\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"my-network\")\n .routingMode(\"REGIONAL\")\n .autoCreateSubnetworks(false)\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"my-subnetwork-name\")\n .purpose(\"PRIVATE\")\n .ipCidrRange(\"10.128.0.0/20\")\n .region(\"us-central1\")\n .network(defaultNetwork.id())\n .role(\"ACTIVE\")\n .build());\n\n var proxyonlysubnet = new Subnetwork(\"proxyonlysubnet\", SubnetworkArgs.builder()\n .name(\"my-proxy-only-subnetwork\")\n .purpose(\"REGIONAL_MANAGED_PROXY\")\n .ipCidrRange(\"192.168.0.0/23\")\n .region(\"us-central1\")\n .network(defaultNetwork.id())\n .role(\"ACTIVE\")\n .build());\n\n var defaultGatewaySecurityPolicy = new GatewaySecurityPolicy(\"defaultGatewaySecurityPolicy\", GatewaySecurityPolicyArgs.builder()\n .name(\"my-policy-name\")\n .location(\"us-central1\")\n .build());\n\n var defaultGatewaySecurityPolicyRule = new GatewaySecurityPolicyRule(\"defaultGatewaySecurityPolicyRule\", GatewaySecurityPolicyRuleArgs.builder()\n .name(\"my-policyrule-name\")\n .location(\"us-central1\")\n .gatewaySecurityPolicy(defaultGatewaySecurityPolicy.name())\n .enabled(true)\n .priority(1)\n .sessionMatcher(\"host() == 'example.com'\")\n .basicProfile(\"ALLOW\")\n .build());\n\n var defaultGateway = new Gateway(\"defaultGateway\", GatewayArgs.builder()\n .name(\"my-gateway1\")\n .location(\"us-central1\")\n .addresses(\"10.128.0.99\")\n .type(\"SECURE_WEB_GATEWAY\")\n .ports(443)\n .scope(\"my-default-scope1\")\n .certificateUrls(default_.id())\n .gatewaySecurityPolicy(defaultGatewaySecurityPolicy.id())\n .network(defaultNetwork.id())\n .subnetwork(defaultSubnetwork.id())\n .deleteSwgAutogenRouterOnDestroy(true)\n .build(), CustomResourceOptions.builder()\n .dependsOn(proxyonlysubnet)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificatemanager:Certificate\n properties:\n name: my-certificate\n location: us-central1\n selfManaged:\n pemCertificate:\n fn::invoke:\n Function: std:file\n Arguments:\n input: test-fixtures/cert.pem\n Return: result\n pemPrivateKey:\n fn::invoke:\n Function: std:file\n Arguments:\n input: test-fixtures/private-key.pem\n Return: result\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: my-network\n routingMode: REGIONAL\n autoCreateSubnetworks: false\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: my-subnetwork-name\n purpose: PRIVATE\n ipCidrRange: 10.128.0.0/20\n region: us-central1\n network: ${defaultNetwork.id}\n role: ACTIVE\n proxyonlysubnet:\n type: gcp:compute:Subnetwork\n properties:\n name: my-proxy-only-subnetwork\n purpose: REGIONAL_MANAGED_PROXY\n ipCidrRange: 192.168.0.0/23\n region: us-central1\n network: ${defaultNetwork.id}\n role: ACTIVE\n defaultGatewaySecurityPolicy:\n type: gcp:networksecurity:GatewaySecurityPolicy\n name: default\n properties:\n name: my-policy-name\n location: us-central1\n defaultGatewaySecurityPolicyRule:\n type: gcp:networksecurity:GatewaySecurityPolicyRule\n name: default\n properties:\n name: my-policyrule-name\n location: us-central1\n gatewaySecurityPolicy: ${defaultGatewaySecurityPolicy.name}\n enabled: true\n priority: 1\n sessionMatcher: host() == 'example.com'\n basicProfile: ALLOW\n defaultGateway:\n type: gcp:networkservices:Gateway\n name: default\n properties:\n name: my-gateway1\n location: us-central1\n addresses:\n - 10.128.0.99\n type: SECURE_WEB_GATEWAY\n ports:\n - 443\n scope: my-default-scope1\n certificateUrls:\n - ${default.id}\n gatewaySecurityPolicy: ${defaultGatewaySecurityPolicy.id}\n network: ${defaultNetwork.id}\n subnetwork: ${defaultSubnetwork.id}\n deleteSwgAutogenRouterOnDestroy: true\n options:\n dependson:\n - ${proxyonlysubnet}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Services Gateway Multiple Swp Same Network\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst _default = new gcp.certificatemanager.Certificate(\"default\", {\n name: \"my-certificate\",\n location: \"us-south1\",\n selfManaged: {\n pemCertificate: std.file({\n input: \"test-fixtures/cert.pem\",\n }).then(invoke =\u003e invoke.result),\n pemPrivateKey: std.file({\n input: \"test-fixtures/private-key.pem\",\n }).then(invoke =\u003e invoke.result),\n },\n});\nconst defaultNetwork = new gcp.compute.Network(\"default\", {\n name: \"my-network\",\n routingMode: \"REGIONAL\",\n autoCreateSubnetworks: false,\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"my-subnetwork-name\",\n purpose: \"PRIVATE\",\n ipCidrRange: \"10.128.0.0/20\",\n region: \"us-south1\",\n network: defaultNetwork.id,\n role: \"ACTIVE\",\n});\nconst proxyonlysubnet = new gcp.compute.Subnetwork(\"proxyonlysubnet\", {\n name: \"my-proxy-only-subnetwork\",\n purpose: \"REGIONAL_MANAGED_PROXY\",\n ipCidrRange: \"192.168.0.0/23\",\n region: \"us-south1\",\n network: defaultNetwork.id,\n role: \"ACTIVE\",\n});\nconst defaultGatewaySecurityPolicy = new gcp.networksecurity.GatewaySecurityPolicy(\"default\", {\n name: \"my-policy-name\",\n location: \"us-south1\",\n});\nconst defaultGatewaySecurityPolicyRule = new gcp.networksecurity.GatewaySecurityPolicyRule(\"default\", {\n name: \"my-policyrule-name\",\n location: \"us-south1\",\n gatewaySecurityPolicy: defaultGatewaySecurityPolicy.name,\n enabled: true,\n priority: 1,\n sessionMatcher: \"host() == 'example.com'\",\n basicProfile: \"ALLOW\",\n});\nconst defaultGateway = new gcp.networkservices.Gateway(\"default\", {\n name: \"my-gateway1\",\n location: \"us-south1\",\n addresses: [\"10.128.0.99\"],\n type: \"SECURE_WEB_GATEWAY\",\n ports: [443],\n scope: \"my-default-scope1\",\n certificateUrls: [_default.id],\n gatewaySecurityPolicy: defaultGatewaySecurityPolicy.id,\n network: defaultNetwork.id,\n subnetwork: defaultSubnetwork.id,\n deleteSwgAutogenRouterOnDestroy: true,\n}, {\n dependsOn: [proxyonlysubnet],\n});\nconst gateway2 = new gcp.networkservices.Gateway(\"gateway2\", {\n name: \"my-gateway2\",\n location: \"us-south1\",\n addresses: [\"10.128.0.98\"],\n type: \"SECURE_WEB_GATEWAY\",\n ports: [443],\n scope: \"my-default-scope2\",\n certificateUrls: [_default.id],\n gatewaySecurityPolicy: defaultGatewaySecurityPolicy.id,\n network: defaultNetwork.id,\n subnetwork: defaultSubnetwork.id,\n deleteSwgAutogenRouterOnDestroy: true,\n}, {\n dependsOn: [proxyonlysubnet],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndefault = gcp.certificatemanager.Certificate(\"default\",\n name=\"my-certificate\",\n location=\"us-south1\",\n self_managed={\n \"pem_certificate\": std.file(input=\"test-fixtures/cert.pem\").result,\n \"pem_private_key\": std.file(input=\"test-fixtures/private-key.pem\").result,\n })\ndefault_network = gcp.compute.Network(\"default\",\n name=\"my-network\",\n routing_mode=\"REGIONAL\",\n auto_create_subnetworks=False)\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"my-subnetwork-name\",\n purpose=\"PRIVATE\",\n ip_cidr_range=\"10.128.0.0/20\",\n region=\"us-south1\",\n network=default_network.id,\n role=\"ACTIVE\")\nproxyonlysubnet = gcp.compute.Subnetwork(\"proxyonlysubnet\",\n name=\"my-proxy-only-subnetwork\",\n purpose=\"REGIONAL_MANAGED_PROXY\",\n ip_cidr_range=\"192.168.0.0/23\",\n region=\"us-south1\",\n network=default_network.id,\n role=\"ACTIVE\")\ndefault_gateway_security_policy = gcp.networksecurity.GatewaySecurityPolicy(\"default\",\n name=\"my-policy-name\",\n location=\"us-south1\")\ndefault_gateway_security_policy_rule = gcp.networksecurity.GatewaySecurityPolicyRule(\"default\",\n name=\"my-policyrule-name\",\n location=\"us-south1\",\n gateway_security_policy=default_gateway_security_policy.name,\n enabled=True,\n priority=1,\n session_matcher=\"host() == 'example.com'\",\n basic_profile=\"ALLOW\")\ndefault_gateway = gcp.networkservices.Gateway(\"default\",\n name=\"my-gateway1\",\n location=\"us-south1\",\n addresses=[\"10.128.0.99\"],\n type=\"SECURE_WEB_GATEWAY\",\n ports=[443],\n scope=\"my-default-scope1\",\n certificate_urls=[default.id],\n gateway_security_policy=default_gateway_security_policy.id,\n network=default_network.id,\n subnetwork=default_subnetwork.id,\n delete_swg_autogen_router_on_destroy=True,\n opts = pulumi.ResourceOptions(depends_on=[proxyonlysubnet]))\ngateway2 = gcp.networkservices.Gateway(\"gateway2\",\n name=\"my-gateway2\",\n location=\"us-south1\",\n addresses=[\"10.128.0.98\"],\n type=\"SECURE_WEB_GATEWAY\",\n ports=[443],\n scope=\"my-default-scope2\",\n certificate_urls=[default.id],\n gateway_security_policy=default_gateway_security_policy.id,\n network=default_network.id,\n subnetwork=default_subnetwork.id,\n delete_swg_autogen_router_on_destroy=True,\n opts = pulumi.ResourceOptions(depends_on=[proxyonlysubnet]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CertificateManager.Certificate(\"default\", new()\n {\n Name = \"my-certificate\",\n Location = \"us-south1\",\n SelfManaged = new Gcp.CertificateManager.Inputs.CertificateSelfManagedArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n PemPrivateKey = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/private-key.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n });\n\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"my-network\",\n RoutingMode = \"REGIONAL\",\n AutoCreateSubnetworks = false,\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"my-subnetwork-name\",\n Purpose = \"PRIVATE\",\n IpCidrRange = \"10.128.0.0/20\",\n Region = \"us-south1\",\n Network = defaultNetwork.Id,\n Role = \"ACTIVE\",\n });\n\n var proxyonlysubnet = new Gcp.Compute.Subnetwork(\"proxyonlysubnet\", new()\n {\n Name = \"my-proxy-only-subnetwork\",\n Purpose = \"REGIONAL_MANAGED_PROXY\",\n IpCidrRange = \"192.168.0.0/23\",\n Region = \"us-south1\",\n Network = defaultNetwork.Id,\n Role = \"ACTIVE\",\n });\n\n var defaultGatewaySecurityPolicy = new Gcp.NetworkSecurity.GatewaySecurityPolicy(\"default\", new()\n {\n Name = \"my-policy-name\",\n Location = \"us-south1\",\n });\n\n var defaultGatewaySecurityPolicyRule = new Gcp.NetworkSecurity.GatewaySecurityPolicyRule(\"default\", new()\n {\n Name = \"my-policyrule-name\",\n Location = \"us-south1\",\n GatewaySecurityPolicy = defaultGatewaySecurityPolicy.Name,\n Enabled = true,\n Priority = 1,\n SessionMatcher = \"host() == 'example.com'\",\n BasicProfile = \"ALLOW\",\n });\n\n var defaultGateway = new Gcp.NetworkServices.Gateway(\"default\", new()\n {\n Name = \"my-gateway1\",\n Location = \"us-south1\",\n Addresses = new[]\n {\n \"10.128.0.99\",\n },\n Type = \"SECURE_WEB_GATEWAY\",\n Ports = new[]\n {\n 443,\n },\n Scope = \"my-default-scope1\",\n CertificateUrls = new[]\n {\n @default.Id,\n },\n GatewaySecurityPolicy = defaultGatewaySecurityPolicy.Id,\n Network = defaultNetwork.Id,\n Subnetwork = defaultSubnetwork.Id,\n DeleteSwgAutogenRouterOnDestroy = true,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n proxyonlysubnet,\n },\n });\n\n var gateway2 = new Gcp.NetworkServices.Gateway(\"gateway2\", new()\n {\n Name = \"my-gateway2\",\n Location = \"us-south1\",\n Addresses = new[]\n {\n \"10.128.0.98\",\n },\n Type = \"SECURE_WEB_GATEWAY\",\n Ports = new[]\n {\n 443,\n },\n Scope = \"my-default-scope2\",\n CertificateUrls = new[]\n {\n @default.Id,\n },\n GatewaySecurityPolicy = defaultGatewaySecurityPolicy.Id,\n Network = defaultNetwork.Id,\n Subnetwork = defaultSubnetwork.Id,\n DeleteSwgAutogenRouterOnDestroy = true,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n proxyonlysubnet,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkservices\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/private-key.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificatemanager.NewCertificate(ctx, \"default\", \u0026certificatemanager.CertificateArgs{\n\t\t\tName: pulumi.String(\"my-certificate\"),\n\t\t\tLocation: pulumi.String(\"us-south1\"),\n\t\t\tSelfManaged: \u0026certificatemanager.CertificateSelfManagedArgs{\n\t\t\t\tPemCertificate: pulumi.String(invokeFile.Result),\n\t\t\t\tPemPrivateKey: pulumi.String(invokeFile1.Result),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t\tRoutingMode: pulumi.String(\"REGIONAL\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"my-subnetwork-name\"),\n\t\t\tPurpose: pulumi.String(\"PRIVATE\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.128.0.0/20\"),\n\t\t\tRegion: pulumi.String(\"us-south1\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tRole: pulumi.String(\"ACTIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproxyonlysubnet, err := compute.NewSubnetwork(ctx, \"proxyonlysubnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"my-proxy-only-subnetwork\"),\n\t\t\tPurpose: pulumi.String(\"REGIONAL_MANAGED_PROXY\"),\n\t\t\tIpCidrRange: pulumi.String(\"192.168.0.0/23\"),\n\t\t\tRegion: pulumi.String(\"us-south1\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tRole: pulumi.String(\"ACTIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultGatewaySecurityPolicy, err := networksecurity.NewGatewaySecurityPolicy(ctx, \"default\", \u0026networksecurity.GatewaySecurityPolicyArgs{\n\t\t\tName: pulumi.String(\"my-policy-name\"),\n\t\t\tLocation: pulumi.String(\"us-south1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networksecurity.NewGatewaySecurityPolicyRule(ctx, \"default\", \u0026networksecurity.GatewaySecurityPolicyRuleArgs{\n\t\t\tName: pulumi.String(\"my-policyrule-name\"),\n\t\t\tLocation: pulumi.String(\"us-south1\"),\n\t\t\tGatewaySecurityPolicy: defaultGatewaySecurityPolicy.Name,\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tPriority: pulumi.Int(1),\n\t\t\tSessionMatcher: pulumi.String(\"host() == 'example.com'\"),\n\t\t\tBasicProfile: pulumi.String(\"ALLOW\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkservices.NewGateway(ctx, \"default\", \u0026networkservices.GatewayArgs{\n\t\t\tName: pulumi.String(\"my-gateway1\"),\n\t\t\tLocation: pulumi.String(\"us-south1\"),\n\t\t\tAddresses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"10.128.0.99\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"SECURE_WEB_GATEWAY\"),\n\t\t\tPorts: pulumi.IntArray{\n\t\t\t\tpulumi.Int(443),\n\t\t\t},\n\t\t\tScope: pulumi.String(\"my-default-scope1\"),\n\t\t\tCertificateUrls: pulumi.StringArray{\n\t\t\t\t_default.ID(),\n\t\t\t},\n\t\t\tGatewaySecurityPolicy: defaultGatewaySecurityPolicy.ID(),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\tDeleteSwgAutogenRouterOnDestroy: pulumi.Bool(true),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tproxyonlysubnet,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkservices.NewGateway(ctx, \"gateway2\", \u0026networkservices.GatewayArgs{\n\t\t\tName: pulumi.String(\"my-gateway2\"),\n\t\t\tLocation: pulumi.String(\"us-south1\"),\n\t\t\tAddresses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"10.128.0.98\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"SECURE_WEB_GATEWAY\"),\n\t\t\tPorts: pulumi.IntArray{\n\t\t\t\tpulumi.Int(443),\n\t\t\t},\n\t\t\tScope: pulumi.String(\"my-default-scope2\"),\n\t\t\tCertificateUrls: pulumi.StringArray{\n\t\t\t\t_default.ID(),\n\t\t\t},\n\t\t\tGatewaySecurityPolicy: defaultGatewaySecurityPolicy.ID(),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\tDeleteSwgAutogenRouterOnDestroy: pulumi.Bool(true),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tproxyonlysubnet,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificatemanager.Certificate;\nimport com.pulumi.gcp.certificatemanager.CertificateArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.CertificateSelfManagedArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.networksecurity.GatewaySecurityPolicy;\nimport com.pulumi.gcp.networksecurity.GatewaySecurityPolicyArgs;\nimport com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRule;\nimport com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRuleArgs;\nimport com.pulumi.gcp.networkservices.Gateway;\nimport com.pulumi.gcp.networkservices.GatewayArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Certificate(\"default\", CertificateArgs.builder()\n .name(\"my-certificate\")\n .location(\"us-south1\")\n .selfManaged(CertificateSelfManagedArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/cert.pem\")\n .build()).result())\n .pemPrivateKey(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/private-key.pem\")\n .build()).result())\n .build())\n .build());\n\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"my-network\")\n .routingMode(\"REGIONAL\")\n .autoCreateSubnetworks(false)\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"my-subnetwork-name\")\n .purpose(\"PRIVATE\")\n .ipCidrRange(\"10.128.0.0/20\")\n .region(\"us-south1\")\n .network(defaultNetwork.id())\n .role(\"ACTIVE\")\n .build());\n\n var proxyonlysubnet = new Subnetwork(\"proxyonlysubnet\", SubnetworkArgs.builder()\n .name(\"my-proxy-only-subnetwork\")\n .purpose(\"REGIONAL_MANAGED_PROXY\")\n .ipCidrRange(\"192.168.0.0/23\")\n .region(\"us-south1\")\n .network(defaultNetwork.id())\n .role(\"ACTIVE\")\n .build());\n\n var defaultGatewaySecurityPolicy = new GatewaySecurityPolicy(\"defaultGatewaySecurityPolicy\", GatewaySecurityPolicyArgs.builder()\n .name(\"my-policy-name\")\n .location(\"us-south1\")\n .build());\n\n var defaultGatewaySecurityPolicyRule = new GatewaySecurityPolicyRule(\"defaultGatewaySecurityPolicyRule\", GatewaySecurityPolicyRuleArgs.builder()\n .name(\"my-policyrule-name\")\n .location(\"us-south1\")\n .gatewaySecurityPolicy(defaultGatewaySecurityPolicy.name())\n .enabled(true)\n .priority(1)\n .sessionMatcher(\"host() == 'example.com'\")\n .basicProfile(\"ALLOW\")\n .build());\n\n var defaultGateway = new Gateway(\"defaultGateway\", GatewayArgs.builder()\n .name(\"my-gateway1\")\n .location(\"us-south1\")\n .addresses(\"10.128.0.99\")\n .type(\"SECURE_WEB_GATEWAY\")\n .ports(443)\n .scope(\"my-default-scope1\")\n .certificateUrls(default_.id())\n .gatewaySecurityPolicy(defaultGatewaySecurityPolicy.id())\n .network(defaultNetwork.id())\n .subnetwork(defaultSubnetwork.id())\n .deleteSwgAutogenRouterOnDestroy(true)\n .build(), CustomResourceOptions.builder()\n .dependsOn(proxyonlysubnet)\n .build());\n\n var gateway2 = new Gateway(\"gateway2\", GatewayArgs.builder()\n .name(\"my-gateway2\")\n .location(\"us-south1\")\n .addresses(\"10.128.0.98\")\n .type(\"SECURE_WEB_GATEWAY\")\n .ports(443)\n .scope(\"my-default-scope2\")\n .certificateUrls(default_.id())\n .gatewaySecurityPolicy(defaultGatewaySecurityPolicy.id())\n .network(defaultNetwork.id())\n .subnetwork(defaultSubnetwork.id())\n .deleteSwgAutogenRouterOnDestroy(true)\n .build(), CustomResourceOptions.builder()\n .dependsOn(proxyonlysubnet)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificatemanager:Certificate\n properties:\n name: my-certificate\n location: us-south1\n selfManaged:\n pemCertificate:\n fn::invoke:\n Function: std:file\n Arguments:\n input: test-fixtures/cert.pem\n Return: result\n pemPrivateKey:\n fn::invoke:\n Function: std:file\n Arguments:\n input: test-fixtures/private-key.pem\n Return: result\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: my-network\n routingMode: REGIONAL\n autoCreateSubnetworks: false\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: my-subnetwork-name\n purpose: PRIVATE\n ipCidrRange: 10.128.0.0/20\n region: us-south1\n network: ${defaultNetwork.id}\n role: ACTIVE\n proxyonlysubnet:\n type: gcp:compute:Subnetwork\n properties:\n name: my-proxy-only-subnetwork\n purpose: REGIONAL_MANAGED_PROXY\n ipCidrRange: 192.168.0.0/23\n region: us-south1\n network: ${defaultNetwork.id}\n role: ACTIVE\n defaultGatewaySecurityPolicy:\n type: gcp:networksecurity:GatewaySecurityPolicy\n name: default\n properties:\n name: my-policy-name\n location: us-south1\n defaultGatewaySecurityPolicyRule:\n type: gcp:networksecurity:GatewaySecurityPolicyRule\n name: default\n properties:\n name: my-policyrule-name\n location: us-south1\n gatewaySecurityPolicy: ${defaultGatewaySecurityPolicy.name}\n enabled: true\n priority: 1\n sessionMatcher: host() == 'example.com'\n basicProfile: ALLOW\n defaultGateway:\n type: gcp:networkservices:Gateway\n name: default\n properties:\n name: my-gateway1\n location: us-south1\n addresses:\n - 10.128.0.99\n type: SECURE_WEB_GATEWAY\n ports:\n - 443\n scope: my-default-scope1\n certificateUrls:\n - ${default.id}\n gatewaySecurityPolicy: ${defaultGatewaySecurityPolicy.id}\n network: ${defaultNetwork.id}\n subnetwork: ${defaultSubnetwork.id}\n deleteSwgAutogenRouterOnDestroy: true\n options:\n dependson:\n - ${proxyonlysubnet}\n gateway2:\n type: gcp:networkservices:Gateway\n properties:\n name: my-gateway2\n location: us-south1\n addresses:\n - 10.128.0.98\n type: SECURE_WEB_GATEWAY\n ports:\n - 443\n scope: my-default-scope2\n certificateUrls:\n - ${default.id}\n gatewaySecurityPolicy: ${defaultGatewaySecurityPolicy.id}\n network: ${defaultNetwork.id}\n subnetwork: ${defaultSubnetwork.id}\n deleteSwgAutogenRouterOnDestroy: true\n options:\n dependson:\n - ${proxyonlysubnet}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGateway can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/gateways/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Gateway can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:networkservices/gateway:Gateway default projects/{{project}}/locations/{{location}}/gateways/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networkservices/gateway:Gateway default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networkservices/gateway:Gateway default {{location}}/{{name}}\n```\n\n", + "description": "Gateway represents the configuration for a proxy, typically a load balancer.\nIt captures the ip:port over which the services are exposed by the proxy,\nalong with any policy configurations. Routes have reference to to Gateways\nto dictate how requests should be routed by this Gateway.\n\n\nTo get more information about Gateway, see:\n\n* [API documentation](https://cloud.google.com/traffic-director/docs/reference/network-services/rest/v1/projects.locations.gateways)\n\n## Example Usage\n\n### Network Services Gateway Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.networkservices.Gateway(\"default\", {\n name: \"my-gateway\",\n scope: \"default-scope-basic\",\n type: \"OPEN_MESH\",\n ports: [443],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.networkservices.Gateway(\"default\",\n name=\"my-gateway\",\n scope=\"default-scope-basic\",\n type=\"OPEN_MESH\",\n ports=[443])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.NetworkServices.Gateway(\"default\", new()\n {\n Name = \"my-gateway\",\n Scope = \"default-scope-basic\",\n Type = \"OPEN_MESH\",\n Ports = new[]\n {\n 443,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkservices\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := networkservices.NewGateway(ctx, \"default\", \u0026networkservices.GatewayArgs{\n\t\t\tName: pulumi.String(\"my-gateway\"),\n\t\t\tScope: pulumi.String(\"default-scope-basic\"),\n\t\t\tType: pulumi.String(\"OPEN_MESH\"),\n\t\t\tPorts: pulumi.IntArray{\n\t\t\t\tpulumi.Int(443),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.networkservices.Gateway;\nimport com.pulumi.gcp.networkservices.GatewayArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Gateway(\"default\", GatewayArgs.builder()\n .name(\"my-gateway\")\n .scope(\"default-scope-basic\")\n .type(\"OPEN_MESH\")\n .ports(443)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:networkservices:Gateway\n properties:\n name: my-gateway\n scope: default-scope-basic\n type: OPEN_MESH\n ports:\n - 443\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Services Gateway Advanced\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.networkservices.Gateway(\"default\", {\n name: \"my-gateway\",\n labels: {\n foo: \"bar\",\n },\n description: \"my description\",\n type: \"OPEN_MESH\",\n ports: [443],\n scope: \"default-scope-advance\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.networkservices.Gateway(\"default\",\n name=\"my-gateway\",\n labels={\n \"foo\": \"bar\",\n },\n description=\"my description\",\n type=\"OPEN_MESH\",\n ports=[443],\n scope=\"default-scope-advance\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.NetworkServices.Gateway(\"default\", new()\n {\n Name = \"my-gateway\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Description = \"my description\",\n Type = \"OPEN_MESH\",\n Ports = new[]\n {\n 443,\n },\n Scope = \"default-scope-advance\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkservices\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := networkservices.NewGateway(ctx, \"default\", \u0026networkservices.GatewayArgs{\n\t\t\tName: pulumi.String(\"my-gateway\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"my description\"),\n\t\t\tType: pulumi.String(\"OPEN_MESH\"),\n\t\t\tPorts: pulumi.IntArray{\n\t\t\t\tpulumi.Int(443),\n\t\t\t},\n\t\t\tScope: pulumi.String(\"default-scope-advance\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.networkservices.Gateway;\nimport com.pulumi.gcp.networkservices.GatewayArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Gateway(\"default\", GatewayArgs.builder()\n .name(\"my-gateway\")\n .labels(Map.of(\"foo\", \"bar\"))\n .description(\"my description\")\n .type(\"OPEN_MESH\")\n .ports(443)\n .scope(\"default-scope-advance\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:networkservices:Gateway\n properties:\n name: my-gateway\n labels:\n foo: bar\n description: my description\n type: OPEN_MESH\n ports:\n - 443\n scope: default-scope-advance\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Services Gateway Secure Web Proxy\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst _default = new gcp.certificatemanager.Certificate(\"default\", {\n name: \"my-certificate\",\n location: \"us-central1\",\n selfManaged: {\n pemCertificate: std.file({\n input: \"test-fixtures/cert.pem\",\n }).then(invoke =\u003e invoke.result),\n pemPrivateKey: std.file({\n input: \"test-fixtures/private-key.pem\",\n }).then(invoke =\u003e invoke.result),\n },\n});\nconst defaultNetwork = new gcp.compute.Network(\"default\", {\n name: \"my-network\",\n routingMode: \"REGIONAL\",\n autoCreateSubnetworks: false,\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"my-subnetwork-name\",\n purpose: \"PRIVATE\",\n ipCidrRange: \"10.128.0.0/20\",\n region: \"us-central1\",\n network: defaultNetwork.id,\n role: \"ACTIVE\",\n});\nconst proxyonlysubnet = new gcp.compute.Subnetwork(\"proxyonlysubnet\", {\n name: \"my-proxy-only-subnetwork\",\n purpose: \"REGIONAL_MANAGED_PROXY\",\n ipCidrRange: \"192.168.0.0/23\",\n region: \"us-central1\",\n network: defaultNetwork.id,\n role: \"ACTIVE\",\n});\nconst defaultGatewaySecurityPolicy = new gcp.networksecurity.GatewaySecurityPolicy(\"default\", {\n name: \"my-policy-name\",\n location: \"us-central1\",\n});\nconst defaultGatewaySecurityPolicyRule = new gcp.networksecurity.GatewaySecurityPolicyRule(\"default\", {\n name: \"my-policyrule-name\",\n location: \"us-central1\",\n gatewaySecurityPolicy: defaultGatewaySecurityPolicy.name,\n enabled: true,\n priority: 1,\n sessionMatcher: \"host() == 'example.com'\",\n basicProfile: \"ALLOW\",\n});\nconst defaultGateway = new gcp.networkservices.Gateway(\"default\", {\n name: \"my-gateway1\",\n location: \"us-central1\",\n addresses: [\"10.128.0.99\"],\n type: \"SECURE_WEB_GATEWAY\",\n ports: [443],\n scope: \"my-default-scope1\",\n certificateUrls: [_default.id],\n gatewaySecurityPolicy: defaultGatewaySecurityPolicy.id,\n network: defaultNetwork.id,\n subnetwork: defaultSubnetwork.id,\n deleteSwgAutogenRouterOnDestroy: true,\n}, {\n dependsOn: [proxyonlysubnet],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndefault = gcp.certificatemanager.Certificate(\"default\",\n name=\"my-certificate\",\n location=\"us-central1\",\n self_managed={\n \"pem_certificate\": std.file(input=\"test-fixtures/cert.pem\").result,\n \"pem_private_key\": std.file(input=\"test-fixtures/private-key.pem\").result,\n })\ndefault_network = gcp.compute.Network(\"default\",\n name=\"my-network\",\n routing_mode=\"REGIONAL\",\n auto_create_subnetworks=False)\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"my-subnetwork-name\",\n purpose=\"PRIVATE\",\n ip_cidr_range=\"10.128.0.0/20\",\n region=\"us-central1\",\n network=default_network.id,\n role=\"ACTIVE\")\nproxyonlysubnet = gcp.compute.Subnetwork(\"proxyonlysubnet\",\n name=\"my-proxy-only-subnetwork\",\n purpose=\"REGIONAL_MANAGED_PROXY\",\n ip_cidr_range=\"192.168.0.0/23\",\n region=\"us-central1\",\n network=default_network.id,\n role=\"ACTIVE\")\ndefault_gateway_security_policy = gcp.networksecurity.GatewaySecurityPolicy(\"default\",\n name=\"my-policy-name\",\n location=\"us-central1\")\ndefault_gateway_security_policy_rule = gcp.networksecurity.GatewaySecurityPolicyRule(\"default\",\n name=\"my-policyrule-name\",\n location=\"us-central1\",\n gateway_security_policy=default_gateway_security_policy.name,\n enabled=True,\n priority=1,\n session_matcher=\"host() == 'example.com'\",\n basic_profile=\"ALLOW\")\ndefault_gateway = gcp.networkservices.Gateway(\"default\",\n name=\"my-gateway1\",\n location=\"us-central1\",\n addresses=[\"10.128.0.99\"],\n type=\"SECURE_WEB_GATEWAY\",\n ports=[443],\n scope=\"my-default-scope1\",\n certificate_urls=[default.id],\n gateway_security_policy=default_gateway_security_policy.id,\n network=default_network.id,\n subnetwork=default_subnetwork.id,\n delete_swg_autogen_router_on_destroy=True,\n opts = pulumi.ResourceOptions(depends_on=[proxyonlysubnet]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CertificateManager.Certificate(\"default\", new()\n {\n Name = \"my-certificate\",\n Location = \"us-central1\",\n SelfManaged = new Gcp.CertificateManager.Inputs.CertificateSelfManagedArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n PemPrivateKey = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/private-key.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n });\n\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"my-network\",\n RoutingMode = \"REGIONAL\",\n AutoCreateSubnetworks = false,\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"my-subnetwork-name\",\n Purpose = \"PRIVATE\",\n IpCidrRange = \"10.128.0.0/20\",\n Region = \"us-central1\",\n Network = defaultNetwork.Id,\n Role = \"ACTIVE\",\n });\n\n var proxyonlysubnet = new Gcp.Compute.Subnetwork(\"proxyonlysubnet\", new()\n {\n Name = \"my-proxy-only-subnetwork\",\n Purpose = \"REGIONAL_MANAGED_PROXY\",\n IpCidrRange = \"192.168.0.0/23\",\n Region = \"us-central1\",\n Network = defaultNetwork.Id,\n Role = \"ACTIVE\",\n });\n\n var defaultGatewaySecurityPolicy = new Gcp.NetworkSecurity.GatewaySecurityPolicy(\"default\", new()\n {\n Name = \"my-policy-name\",\n Location = \"us-central1\",\n });\n\n var defaultGatewaySecurityPolicyRule = new Gcp.NetworkSecurity.GatewaySecurityPolicyRule(\"default\", new()\n {\n Name = \"my-policyrule-name\",\n Location = \"us-central1\",\n GatewaySecurityPolicy = defaultGatewaySecurityPolicy.Name,\n Enabled = true,\n Priority = 1,\n SessionMatcher = \"host() == 'example.com'\",\n BasicProfile = \"ALLOW\",\n });\n\n var defaultGateway = new Gcp.NetworkServices.Gateway(\"default\", new()\n {\n Name = \"my-gateway1\",\n Location = \"us-central1\",\n Addresses = new[]\n {\n \"10.128.0.99\",\n },\n Type = \"SECURE_WEB_GATEWAY\",\n Ports = new[]\n {\n 443,\n },\n Scope = \"my-default-scope1\",\n CertificateUrls = new[]\n {\n @default.Id,\n },\n GatewaySecurityPolicy = defaultGatewaySecurityPolicy.Id,\n Network = defaultNetwork.Id,\n Subnetwork = defaultSubnetwork.Id,\n DeleteSwgAutogenRouterOnDestroy = true,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n proxyonlysubnet,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkservices\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/private-key.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificatemanager.NewCertificate(ctx, \"default\", \u0026certificatemanager.CertificateArgs{\n\t\t\tName: pulumi.String(\"my-certificate\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tSelfManaged: \u0026certificatemanager.CertificateSelfManagedArgs{\n\t\t\t\tPemCertificate: pulumi.String(invokeFile.Result),\n\t\t\t\tPemPrivateKey: pulumi.String(invokeFile1.Result),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t\tRoutingMode: pulumi.String(\"REGIONAL\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"my-subnetwork-name\"),\n\t\t\tPurpose: pulumi.String(\"PRIVATE\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.128.0.0/20\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tRole: pulumi.String(\"ACTIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproxyonlysubnet, err := compute.NewSubnetwork(ctx, \"proxyonlysubnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"my-proxy-only-subnetwork\"),\n\t\t\tPurpose: pulumi.String(\"REGIONAL_MANAGED_PROXY\"),\n\t\t\tIpCidrRange: pulumi.String(\"192.168.0.0/23\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tRole: pulumi.String(\"ACTIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultGatewaySecurityPolicy, err := networksecurity.NewGatewaySecurityPolicy(ctx, \"default\", \u0026networksecurity.GatewaySecurityPolicyArgs{\n\t\t\tName: pulumi.String(\"my-policy-name\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networksecurity.NewGatewaySecurityPolicyRule(ctx, \"default\", \u0026networksecurity.GatewaySecurityPolicyRuleArgs{\n\t\t\tName: pulumi.String(\"my-policyrule-name\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tGatewaySecurityPolicy: defaultGatewaySecurityPolicy.Name,\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tPriority: pulumi.Int(1),\n\t\t\tSessionMatcher: pulumi.String(\"host() == 'example.com'\"),\n\t\t\tBasicProfile: pulumi.String(\"ALLOW\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkservices.NewGateway(ctx, \"default\", \u0026networkservices.GatewayArgs{\n\t\t\tName: pulumi.String(\"my-gateway1\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tAddresses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"10.128.0.99\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"SECURE_WEB_GATEWAY\"),\n\t\t\tPorts: pulumi.IntArray{\n\t\t\t\tpulumi.Int(443),\n\t\t\t},\n\t\t\tScope: pulumi.String(\"my-default-scope1\"),\n\t\t\tCertificateUrls: pulumi.StringArray{\n\t\t\t\t_default.ID(),\n\t\t\t},\n\t\t\tGatewaySecurityPolicy: defaultGatewaySecurityPolicy.ID(),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\tDeleteSwgAutogenRouterOnDestroy: pulumi.Bool(true),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tproxyonlysubnet,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificatemanager.Certificate;\nimport com.pulumi.gcp.certificatemanager.CertificateArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.CertificateSelfManagedArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.networksecurity.GatewaySecurityPolicy;\nimport com.pulumi.gcp.networksecurity.GatewaySecurityPolicyArgs;\nimport com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRule;\nimport com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRuleArgs;\nimport com.pulumi.gcp.networkservices.Gateway;\nimport com.pulumi.gcp.networkservices.GatewayArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Certificate(\"default\", CertificateArgs.builder()\n .name(\"my-certificate\")\n .location(\"us-central1\")\n .selfManaged(CertificateSelfManagedArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/cert.pem\")\n .build()).result())\n .pemPrivateKey(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/private-key.pem\")\n .build()).result())\n .build())\n .build());\n\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"my-network\")\n .routingMode(\"REGIONAL\")\n .autoCreateSubnetworks(false)\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"my-subnetwork-name\")\n .purpose(\"PRIVATE\")\n .ipCidrRange(\"10.128.0.0/20\")\n .region(\"us-central1\")\n .network(defaultNetwork.id())\n .role(\"ACTIVE\")\n .build());\n\n var proxyonlysubnet = new Subnetwork(\"proxyonlysubnet\", SubnetworkArgs.builder()\n .name(\"my-proxy-only-subnetwork\")\n .purpose(\"REGIONAL_MANAGED_PROXY\")\n .ipCidrRange(\"192.168.0.0/23\")\n .region(\"us-central1\")\n .network(defaultNetwork.id())\n .role(\"ACTIVE\")\n .build());\n\n var defaultGatewaySecurityPolicy = new GatewaySecurityPolicy(\"defaultGatewaySecurityPolicy\", GatewaySecurityPolicyArgs.builder()\n .name(\"my-policy-name\")\n .location(\"us-central1\")\n .build());\n\n var defaultGatewaySecurityPolicyRule = new GatewaySecurityPolicyRule(\"defaultGatewaySecurityPolicyRule\", GatewaySecurityPolicyRuleArgs.builder()\n .name(\"my-policyrule-name\")\n .location(\"us-central1\")\n .gatewaySecurityPolicy(defaultGatewaySecurityPolicy.name())\n .enabled(true)\n .priority(1)\n .sessionMatcher(\"host() == 'example.com'\")\n .basicProfile(\"ALLOW\")\n .build());\n\n var defaultGateway = new Gateway(\"defaultGateway\", GatewayArgs.builder()\n .name(\"my-gateway1\")\n .location(\"us-central1\")\n .addresses(\"10.128.0.99\")\n .type(\"SECURE_WEB_GATEWAY\")\n .ports(443)\n .scope(\"my-default-scope1\")\n .certificateUrls(default_.id())\n .gatewaySecurityPolicy(defaultGatewaySecurityPolicy.id())\n .network(defaultNetwork.id())\n .subnetwork(defaultSubnetwork.id())\n .deleteSwgAutogenRouterOnDestroy(true)\n .build(), CustomResourceOptions.builder()\n .dependsOn(proxyonlysubnet)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificatemanager:Certificate\n properties:\n name: my-certificate\n location: us-central1\n selfManaged:\n pemCertificate:\n fn::invoke:\n function: std:file\n arguments:\n input: test-fixtures/cert.pem\n return: result\n pemPrivateKey:\n fn::invoke:\n function: std:file\n arguments:\n input: test-fixtures/private-key.pem\n return: result\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: my-network\n routingMode: REGIONAL\n autoCreateSubnetworks: false\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: my-subnetwork-name\n purpose: PRIVATE\n ipCidrRange: 10.128.0.0/20\n region: us-central1\n network: ${defaultNetwork.id}\n role: ACTIVE\n proxyonlysubnet:\n type: gcp:compute:Subnetwork\n properties:\n name: my-proxy-only-subnetwork\n purpose: REGIONAL_MANAGED_PROXY\n ipCidrRange: 192.168.0.0/23\n region: us-central1\n network: ${defaultNetwork.id}\n role: ACTIVE\n defaultGatewaySecurityPolicy:\n type: gcp:networksecurity:GatewaySecurityPolicy\n name: default\n properties:\n name: my-policy-name\n location: us-central1\n defaultGatewaySecurityPolicyRule:\n type: gcp:networksecurity:GatewaySecurityPolicyRule\n name: default\n properties:\n name: my-policyrule-name\n location: us-central1\n gatewaySecurityPolicy: ${defaultGatewaySecurityPolicy.name}\n enabled: true\n priority: 1\n sessionMatcher: host() == 'example.com'\n basicProfile: ALLOW\n defaultGateway:\n type: gcp:networkservices:Gateway\n name: default\n properties:\n name: my-gateway1\n location: us-central1\n addresses:\n - 10.128.0.99\n type: SECURE_WEB_GATEWAY\n ports:\n - 443\n scope: my-default-scope1\n certificateUrls:\n - ${default.id}\n gatewaySecurityPolicy: ${defaultGatewaySecurityPolicy.id}\n network: ${defaultNetwork.id}\n subnetwork: ${defaultSubnetwork.id}\n deleteSwgAutogenRouterOnDestroy: true\n options:\n dependsOn:\n - ${proxyonlysubnet}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Services Gateway Multiple Swp Same Network\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst _default = new gcp.certificatemanager.Certificate(\"default\", {\n name: \"my-certificate\",\n location: \"us-south1\",\n selfManaged: {\n pemCertificate: std.file({\n input: \"test-fixtures/cert.pem\",\n }).then(invoke =\u003e invoke.result),\n pemPrivateKey: std.file({\n input: \"test-fixtures/private-key.pem\",\n }).then(invoke =\u003e invoke.result),\n },\n});\nconst defaultNetwork = new gcp.compute.Network(\"default\", {\n name: \"my-network\",\n routingMode: \"REGIONAL\",\n autoCreateSubnetworks: false,\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"my-subnetwork-name\",\n purpose: \"PRIVATE\",\n ipCidrRange: \"10.128.0.0/20\",\n region: \"us-south1\",\n network: defaultNetwork.id,\n role: \"ACTIVE\",\n});\nconst proxyonlysubnet = new gcp.compute.Subnetwork(\"proxyonlysubnet\", {\n name: \"my-proxy-only-subnetwork\",\n purpose: \"REGIONAL_MANAGED_PROXY\",\n ipCidrRange: \"192.168.0.0/23\",\n region: \"us-south1\",\n network: defaultNetwork.id,\n role: \"ACTIVE\",\n});\nconst defaultGatewaySecurityPolicy = new gcp.networksecurity.GatewaySecurityPolicy(\"default\", {\n name: \"my-policy-name\",\n location: \"us-south1\",\n});\nconst defaultGatewaySecurityPolicyRule = new gcp.networksecurity.GatewaySecurityPolicyRule(\"default\", {\n name: \"my-policyrule-name\",\n location: \"us-south1\",\n gatewaySecurityPolicy: defaultGatewaySecurityPolicy.name,\n enabled: true,\n priority: 1,\n sessionMatcher: \"host() == 'example.com'\",\n basicProfile: \"ALLOW\",\n});\nconst defaultGateway = new gcp.networkservices.Gateway(\"default\", {\n name: \"my-gateway1\",\n location: \"us-south1\",\n addresses: [\"10.128.0.99\"],\n type: \"SECURE_WEB_GATEWAY\",\n ports: [443],\n scope: \"my-default-scope1\",\n certificateUrls: [_default.id],\n gatewaySecurityPolicy: defaultGatewaySecurityPolicy.id,\n network: defaultNetwork.id,\n subnetwork: defaultSubnetwork.id,\n deleteSwgAutogenRouterOnDestroy: true,\n}, {\n dependsOn: [proxyonlysubnet],\n});\nconst gateway2 = new gcp.networkservices.Gateway(\"gateway2\", {\n name: \"my-gateway2\",\n location: \"us-south1\",\n addresses: [\"10.128.0.98\"],\n type: \"SECURE_WEB_GATEWAY\",\n ports: [443],\n scope: \"my-default-scope2\",\n certificateUrls: [_default.id],\n gatewaySecurityPolicy: defaultGatewaySecurityPolicy.id,\n network: defaultNetwork.id,\n subnetwork: defaultSubnetwork.id,\n deleteSwgAutogenRouterOnDestroy: true,\n}, {\n dependsOn: [proxyonlysubnet],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\ndefault = gcp.certificatemanager.Certificate(\"default\",\n name=\"my-certificate\",\n location=\"us-south1\",\n self_managed={\n \"pem_certificate\": std.file(input=\"test-fixtures/cert.pem\").result,\n \"pem_private_key\": std.file(input=\"test-fixtures/private-key.pem\").result,\n })\ndefault_network = gcp.compute.Network(\"default\",\n name=\"my-network\",\n routing_mode=\"REGIONAL\",\n auto_create_subnetworks=False)\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"my-subnetwork-name\",\n purpose=\"PRIVATE\",\n ip_cidr_range=\"10.128.0.0/20\",\n region=\"us-south1\",\n network=default_network.id,\n role=\"ACTIVE\")\nproxyonlysubnet = gcp.compute.Subnetwork(\"proxyonlysubnet\",\n name=\"my-proxy-only-subnetwork\",\n purpose=\"REGIONAL_MANAGED_PROXY\",\n ip_cidr_range=\"192.168.0.0/23\",\n region=\"us-south1\",\n network=default_network.id,\n role=\"ACTIVE\")\ndefault_gateway_security_policy = gcp.networksecurity.GatewaySecurityPolicy(\"default\",\n name=\"my-policy-name\",\n location=\"us-south1\")\ndefault_gateway_security_policy_rule = gcp.networksecurity.GatewaySecurityPolicyRule(\"default\",\n name=\"my-policyrule-name\",\n location=\"us-south1\",\n gateway_security_policy=default_gateway_security_policy.name,\n enabled=True,\n priority=1,\n session_matcher=\"host() == 'example.com'\",\n basic_profile=\"ALLOW\")\ndefault_gateway = gcp.networkservices.Gateway(\"default\",\n name=\"my-gateway1\",\n location=\"us-south1\",\n addresses=[\"10.128.0.99\"],\n type=\"SECURE_WEB_GATEWAY\",\n ports=[443],\n scope=\"my-default-scope1\",\n certificate_urls=[default.id],\n gateway_security_policy=default_gateway_security_policy.id,\n network=default_network.id,\n subnetwork=default_subnetwork.id,\n delete_swg_autogen_router_on_destroy=True,\n opts = pulumi.ResourceOptions(depends_on=[proxyonlysubnet]))\ngateway2 = gcp.networkservices.Gateway(\"gateway2\",\n name=\"my-gateway2\",\n location=\"us-south1\",\n addresses=[\"10.128.0.98\"],\n type=\"SECURE_WEB_GATEWAY\",\n ports=[443],\n scope=\"my-default-scope2\",\n certificate_urls=[default.id],\n gateway_security_policy=default_gateway_security_policy.id,\n network=default_network.id,\n subnetwork=default_subnetwork.id,\n delete_swg_autogen_router_on_destroy=True,\n opts = pulumi.ResourceOptions(depends_on=[proxyonlysubnet]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.CertificateManager.Certificate(\"default\", new()\n {\n Name = \"my-certificate\",\n Location = \"us-south1\",\n SelfManaged = new Gcp.CertificateManager.Inputs.CertificateSelfManagedArgs\n {\n PemCertificate = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n PemPrivateKey = Std.File.Invoke(new()\n {\n Input = \"test-fixtures/private-key.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n },\n });\n\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"my-network\",\n RoutingMode = \"REGIONAL\",\n AutoCreateSubnetworks = false,\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"my-subnetwork-name\",\n Purpose = \"PRIVATE\",\n IpCidrRange = \"10.128.0.0/20\",\n Region = \"us-south1\",\n Network = defaultNetwork.Id,\n Role = \"ACTIVE\",\n });\n\n var proxyonlysubnet = new Gcp.Compute.Subnetwork(\"proxyonlysubnet\", new()\n {\n Name = \"my-proxy-only-subnetwork\",\n Purpose = \"REGIONAL_MANAGED_PROXY\",\n IpCidrRange = \"192.168.0.0/23\",\n Region = \"us-south1\",\n Network = defaultNetwork.Id,\n Role = \"ACTIVE\",\n });\n\n var defaultGatewaySecurityPolicy = new Gcp.NetworkSecurity.GatewaySecurityPolicy(\"default\", new()\n {\n Name = \"my-policy-name\",\n Location = \"us-south1\",\n });\n\n var defaultGatewaySecurityPolicyRule = new Gcp.NetworkSecurity.GatewaySecurityPolicyRule(\"default\", new()\n {\n Name = \"my-policyrule-name\",\n Location = \"us-south1\",\n GatewaySecurityPolicy = defaultGatewaySecurityPolicy.Name,\n Enabled = true,\n Priority = 1,\n SessionMatcher = \"host() == 'example.com'\",\n BasicProfile = \"ALLOW\",\n });\n\n var defaultGateway = new Gcp.NetworkServices.Gateway(\"default\", new()\n {\n Name = \"my-gateway1\",\n Location = \"us-south1\",\n Addresses = new[]\n {\n \"10.128.0.99\",\n },\n Type = \"SECURE_WEB_GATEWAY\",\n Ports = new[]\n {\n 443,\n },\n Scope = \"my-default-scope1\",\n CertificateUrls = new[]\n {\n @default.Id,\n },\n GatewaySecurityPolicy = defaultGatewaySecurityPolicy.Id,\n Network = defaultNetwork.Id,\n Subnetwork = defaultSubnetwork.Id,\n DeleteSwgAutogenRouterOnDestroy = true,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n proxyonlysubnet,\n },\n });\n\n var gateway2 = new Gcp.NetworkServices.Gateway(\"gateway2\", new()\n {\n Name = \"my-gateway2\",\n Location = \"us-south1\",\n Addresses = new[]\n {\n \"10.128.0.98\",\n },\n Type = \"SECURE_WEB_GATEWAY\",\n Ports = new[]\n {\n 443,\n },\n Scope = \"my-default-scope2\",\n CertificateUrls = new[]\n {\n @default.Id,\n },\n GatewaySecurityPolicy = defaultGatewaySecurityPolicy.Id,\n Network = defaultNetwork.Id,\n Subnetwork = defaultSubnetwork.Id,\n DeleteSwgAutogenRouterOnDestroy = true,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n proxyonlysubnet,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkservices\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"test-fixtures/private-key.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificatemanager.NewCertificate(ctx, \"default\", \u0026certificatemanager.CertificateArgs{\n\t\t\tName: pulumi.String(\"my-certificate\"),\n\t\t\tLocation: pulumi.String(\"us-south1\"),\n\t\t\tSelfManaged: \u0026certificatemanager.CertificateSelfManagedArgs{\n\t\t\t\tPemCertificate: pulumi.String(invokeFile.Result),\n\t\t\t\tPemPrivateKey: pulumi.String(invokeFile1.Result),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t\tRoutingMode: pulumi.String(\"REGIONAL\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"my-subnetwork-name\"),\n\t\t\tPurpose: pulumi.String(\"PRIVATE\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.128.0.0/20\"),\n\t\t\tRegion: pulumi.String(\"us-south1\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tRole: pulumi.String(\"ACTIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproxyonlysubnet, err := compute.NewSubnetwork(ctx, \"proxyonlysubnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"my-proxy-only-subnetwork\"),\n\t\t\tPurpose: pulumi.String(\"REGIONAL_MANAGED_PROXY\"),\n\t\t\tIpCidrRange: pulumi.String(\"192.168.0.0/23\"),\n\t\t\tRegion: pulumi.String(\"us-south1\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tRole: pulumi.String(\"ACTIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultGatewaySecurityPolicy, err := networksecurity.NewGatewaySecurityPolicy(ctx, \"default\", \u0026networksecurity.GatewaySecurityPolicyArgs{\n\t\t\tName: pulumi.String(\"my-policy-name\"),\n\t\t\tLocation: pulumi.String(\"us-south1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networksecurity.NewGatewaySecurityPolicyRule(ctx, \"default\", \u0026networksecurity.GatewaySecurityPolicyRuleArgs{\n\t\t\tName: pulumi.String(\"my-policyrule-name\"),\n\t\t\tLocation: pulumi.String(\"us-south1\"),\n\t\t\tGatewaySecurityPolicy: defaultGatewaySecurityPolicy.Name,\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tPriority: pulumi.Int(1),\n\t\t\tSessionMatcher: pulumi.String(\"host() == 'example.com'\"),\n\t\t\tBasicProfile: pulumi.String(\"ALLOW\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkservices.NewGateway(ctx, \"default\", \u0026networkservices.GatewayArgs{\n\t\t\tName: pulumi.String(\"my-gateway1\"),\n\t\t\tLocation: pulumi.String(\"us-south1\"),\n\t\t\tAddresses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"10.128.0.99\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"SECURE_WEB_GATEWAY\"),\n\t\t\tPorts: pulumi.IntArray{\n\t\t\t\tpulumi.Int(443),\n\t\t\t},\n\t\t\tScope: pulumi.String(\"my-default-scope1\"),\n\t\t\tCertificateUrls: pulumi.StringArray{\n\t\t\t\t_default.ID(),\n\t\t\t},\n\t\t\tGatewaySecurityPolicy: defaultGatewaySecurityPolicy.ID(),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\tDeleteSwgAutogenRouterOnDestroy: pulumi.Bool(true),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tproxyonlysubnet,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkservices.NewGateway(ctx, \"gateway2\", \u0026networkservices.GatewayArgs{\n\t\t\tName: pulumi.String(\"my-gateway2\"),\n\t\t\tLocation: pulumi.String(\"us-south1\"),\n\t\t\tAddresses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"10.128.0.98\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"SECURE_WEB_GATEWAY\"),\n\t\t\tPorts: pulumi.IntArray{\n\t\t\t\tpulumi.Int(443),\n\t\t\t},\n\t\t\tScope: pulumi.String(\"my-default-scope2\"),\n\t\t\tCertificateUrls: pulumi.StringArray{\n\t\t\t\t_default.ID(),\n\t\t\t},\n\t\t\tGatewaySecurityPolicy: defaultGatewaySecurityPolicy.ID(),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\tDeleteSwgAutogenRouterOnDestroy: pulumi.Bool(true),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tproxyonlysubnet,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificatemanager.Certificate;\nimport com.pulumi.gcp.certificatemanager.CertificateArgs;\nimport com.pulumi.gcp.certificatemanager.inputs.CertificateSelfManagedArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.networksecurity.GatewaySecurityPolicy;\nimport com.pulumi.gcp.networksecurity.GatewaySecurityPolicyArgs;\nimport com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRule;\nimport com.pulumi.gcp.networksecurity.GatewaySecurityPolicyRuleArgs;\nimport com.pulumi.gcp.networkservices.Gateway;\nimport com.pulumi.gcp.networkservices.GatewayArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Certificate(\"default\", CertificateArgs.builder()\n .name(\"my-certificate\")\n .location(\"us-south1\")\n .selfManaged(CertificateSelfManagedArgs.builder()\n .pemCertificate(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/cert.pem\")\n .build()).result())\n .pemPrivateKey(StdFunctions.file(FileArgs.builder()\n .input(\"test-fixtures/private-key.pem\")\n .build()).result())\n .build())\n .build());\n\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"my-network\")\n .routingMode(\"REGIONAL\")\n .autoCreateSubnetworks(false)\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"my-subnetwork-name\")\n .purpose(\"PRIVATE\")\n .ipCidrRange(\"10.128.0.0/20\")\n .region(\"us-south1\")\n .network(defaultNetwork.id())\n .role(\"ACTIVE\")\n .build());\n\n var proxyonlysubnet = new Subnetwork(\"proxyonlysubnet\", SubnetworkArgs.builder()\n .name(\"my-proxy-only-subnetwork\")\n .purpose(\"REGIONAL_MANAGED_PROXY\")\n .ipCidrRange(\"192.168.0.0/23\")\n .region(\"us-south1\")\n .network(defaultNetwork.id())\n .role(\"ACTIVE\")\n .build());\n\n var defaultGatewaySecurityPolicy = new GatewaySecurityPolicy(\"defaultGatewaySecurityPolicy\", GatewaySecurityPolicyArgs.builder()\n .name(\"my-policy-name\")\n .location(\"us-south1\")\n .build());\n\n var defaultGatewaySecurityPolicyRule = new GatewaySecurityPolicyRule(\"defaultGatewaySecurityPolicyRule\", GatewaySecurityPolicyRuleArgs.builder()\n .name(\"my-policyrule-name\")\n .location(\"us-south1\")\n .gatewaySecurityPolicy(defaultGatewaySecurityPolicy.name())\n .enabled(true)\n .priority(1)\n .sessionMatcher(\"host() == 'example.com'\")\n .basicProfile(\"ALLOW\")\n .build());\n\n var defaultGateway = new Gateway(\"defaultGateway\", GatewayArgs.builder()\n .name(\"my-gateway1\")\n .location(\"us-south1\")\n .addresses(\"10.128.0.99\")\n .type(\"SECURE_WEB_GATEWAY\")\n .ports(443)\n .scope(\"my-default-scope1\")\n .certificateUrls(default_.id())\n .gatewaySecurityPolicy(defaultGatewaySecurityPolicy.id())\n .network(defaultNetwork.id())\n .subnetwork(defaultSubnetwork.id())\n .deleteSwgAutogenRouterOnDestroy(true)\n .build(), CustomResourceOptions.builder()\n .dependsOn(proxyonlysubnet)\n .build());\n\n var gateway2 = new Gateway(\"gateway2\", GatewayArgs.builder()\n .name(\"my-gateway2\")\n .location(\"us-south1\")\n .addresses(\"10.128.0.98\")\n .type(\"SECURE_WEB_GATEWAY\")\n .ports(443)\n .scope(\"my-default-scope2\")\n .certificateUrls(default_.id())\n .gatewaySecurityPolicy(defaultGatewaySecurityPolicy.id())\n .network(defaultNetwork.id())\n .subnetwork(defaultSubnetwork.id())\n .deleteSwgAutogenRouterOnDestroy(true)\n .build(), CustomResourceOptions.builder()\n .dependsOn(proxyonlysubnet)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:certificatemanager:Certificate\n properties:\n name: my-certificate\n location: us-south1\n selfManaged:\n pemCertificate:\n fn::invoke:\n function: std:file\n arguments:\n input: test-fixtures/cert.pem\n return: result\n pemPrivateKey:\n fn::invoke:\n function: std:file\n arguments:\n input: test-fixtures/private-key.pem\n return: result\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: my-network\n routingMode: REGIONAL\n autoCreateSubnetworks: false\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: my-subnetwork-name\n purpose: PRIVATE\n ipCidrRange: 10.128.0.0/20\n region: us-south1\n network: ${defaultNetwork.id}\n role: ACTIVE\n proxyonlysubnet:\n type: gcp:compute:Subnetwork\n properties:\n name: my-proxy-only-subnetwork\n purpose: REGIONAL_MANAGED_PROXY\n ipCidrRange: 192.168.0.0/23\n region: us-south1\n network: ${defaultNetwork.id}\n role: ACTIVE\n defaultGatewaySecurityPolicy:\n type: gcp:networksecurity:GatewaySecurityPolicy\n name: default\n properties:\n name: my-policy-name\n location: us-south1\n defaultGatewaySecurityPolicyRule:\n type: gcp:networksecurity:GatewaySecurityPolicyRule\n name: default\n properties:\n name: my-policyrule-name\n location: us-south1\n gatewaySecurityPolicy: ${defaultGatewaySecurityPolicy.name}\n enabled: true\n priority: 1\n sessionMatcher: host() == 'example.com'\n basicProfile: ALLOW\n defaultGateway:\n type: gcp:networkservices:Gateway\n name: default\n properties:\n name: my-gateway1\n location: us-south1\n addresses:\n - 10.128.0.99\n type: SECURE_WEB_GATEWAY\n ports:\n - 443\n scope: my-default-scope1\n certificateUrls:\n - ${default.id}\n gatewaySecurityPolicy: ${defaultGatewaySecurityPolicy.id}\n network: ${defaultNetwork.id}\n subnetwork: ${defaultSubnetwork.id}\n deleteSwgAutogenRouterOnDestroy: true\n options:\n dependsOn:\n - ${proxyonlysubnet}\n gateway2:\n type: gcp:networkservices:Gateway\n properties:\n name: my-gateway2\n location: us-south1\n addresses:\n - 10.128.0.98\n type: SECURE_WEB_GATEWAY\n ports:\n - 443\n scope: my-default-scope2\n certificateUrls:\n - ${default.id}\n gatewaySecurityPolicy: ${defaultGatewaySecurityPolicy.id}\n network: ${defaultNetwork.id}\n subnetwork: ${defaultSubnetwork.id}\n deleteSwgAutogenRouterOnDestroy: true\n options:\n dependsOn:\n - ${proxyonlysubnet}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGateway can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/gateways/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Gateway can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:networkservices/gateway:Gateway default projects/{{project}}/locations/{{location}}/gateways/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networkservices/gateway:Gateway default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networkservices/gateway:Gateway default {{location}}/{{name}}\n```\n\n", "properties": { "addresses": { "type": "array", @@ -247079,7 +247079,7 @@ } }, "gcp:notebooks/instance:Instance": { - "description": "\u003e **Warning:** `google_notebook_instance` is deprecated and will be removed in a future major release. Use `gcp.workbench.Instance` instead.\n\nA Cloud AI Platform Notebook instance.\n\n\n\u003e **Note:** Due to limitations of the Notebooks Instance API, many fields\nin this resource do not properly detect drift. These fields will also not\nappear in state once imported.\n\n\nTo get more information about Instance, see:\n\n* [API documentation](https://cloud.google.com/ai-platform/notebooks/docs/reference/rest)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/ai-platform-notebooks)\n\n## Example Usage\n\n### Notebook Instance Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.notebooks.Instance(\"instance\", {\n name: \"notebooks-instance\",\n location: \"us-west1-a\",\n machineType: \"e2-medium\",\n vmImage: {\n project: \"deeplearning-platform-release\",\n imageFamily: \"tf-latest-cpu\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.notebooks.Instance(\"instance\",\n name=\"notebooks-instance\",\n location=\"us-west1-a\",\n machine_type=\"e2-medium\",\n vm_image={\n \"project\": \"deeplearning-platform-release\",\n \"image_family\": \"tf-latest-cpu\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Notebooks.Instance(\"instance\", new()\n {\n Name = \"notebooks-instance\",\n Location = \"us-west1-a\",\n MachineType = \"e2-medium\",\n VmImage = new Gcp.Notebooks.Inputs.InstanceVmImageArgs\n {\n Project = \"deeplearning-platform-release\",\n ImageFamily = \"tf-latest-cpu\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstance(ctx, \"instance\", \u0026notebooks.InstanceArgs{\n\t\t\tName: pulumi.String(\"notebooks-instance\"),\n\t\t\tLocation: pulumi.String(\"us-west1-a\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tVmImage: \u0026notebooks.InstanceVmImageArgs{\n\t\t\t\tProject: pulumi.String(\"deeplearning-platform-release\"),\n\t\t\t\tImageFamily: pulumi.String(\"tf-latest-cpu\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.Instance;\nimport com.pulumi.gcp.notebooks.InstanceArgs;\nimport com.pulumi.gcp.notebooks.inputs.InstanceVmImageArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new Instance(\"instance\", InstanceArgs.builder()\n .name(\"notebooks-instance\")\n .location(\"us-west1-a\")\n .machineType(\"e2-medium\")\n .vmImage(InstanceVmImageArgs.builder()\n .project(\"deeplearning-platform-release\")\n .imageFamily(\"tf-latest-cpu\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:notebooks:Instance\n properties:\n name: notebooks-instance\n location: us-west1-a\n machineType: e2-medium\n vmImage:\n project: deeplearning-platform-release\n imageFamily: tf-latest-cpu\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Notebook Instance Basic Stopped\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.notebooks.Instance(\"instance\", {\n name: \"notebooks-instance\",\n location: \"us-west1-a\",\n machineType: \"e2-medium\",\n vmImage: {\n project: \"deeplearning-platform-release\",\n imageFamily: \"tf-latest-cpu\",\n },\n desiredState: \"STOPPED\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.notebooks.Instance(\"instance\",\n name=\"notebooks-instance\",\n location=\"us-west1-a\",\n machine_type=\"e2-medium\",\n vm_image={\n \"project\": \"deeplearning-platform-release\",\n \"image_family\": \"tf-latest-cpu\",\n },\n desired_state=\"STOPPED\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Notebooks.Instance(\"instance\", new()\n {\n Name = \"notebooks-instance\",\n Location = \"us-west1-a\",\n MachineType = \"e2-medium\",\n VmImage = new Gcp.Notebooks.Inputs.InstanceVmImageArgs\n {\n Project = \"deeplearning-platform-release\",\n ImageFamily = \"tf-latest-cpu\",\n },\n DesiredState = \"STOPPED\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstance(ctx, \"instance\", \u0026notebooks.InstanceArgs{\n\t\t\tName: pulumi.String(\"notebooks-instance\"),\n\t\t\tLocation: pulumi.String(\"us-west1-a\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tVmImage: \u0026notebooks.InstanceVmImageArgs{\n\t\t\t\tProject: pulumi.String(\"deeplearning-platform-release\"),\n\t\t\t\tImageFamily: pulumi.String(\"tf-latest-cpu\"),\n\t\t\t},\n\t\t\tDesiredState: pulumi.String(\"STOPPED\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.Instance;\nimport com.pulumi.gcp.notebooks.InstanceArgs;\nimport com.pulumi.gcp.notebooks.inputs.InstanceVmImageArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new Instance(\"instance\", InstanceArgs.builder()\n .name(\"notebooks-instance\")\n .location(\"us-west1-a\")\n .machineType(\"e2-medium\")\n .vmImage(InstanceVmImageArgs.builder()\n .project(\"deeplearning-platform-release\")\n .imageFamily(\"tf-latest-cpu\")\n .build())\n .desiredState(\"STOPPED\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:notebooks:Instance\n properties:\n name: notebooks-instance\n location: us-west1-a\n machineType: e2-medium\n vmImage:\n project: deeplearning-platform-release\n imageFamily: tf-latest-cpu\n desiredState: STOPPED\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Notebook Instance Basic Container\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.notebooks.Instance(\"instance\", {\n name: \"notebooks-instance\",\n location: \"us-west1-a\",\n machineType: \"e2-medium\",\n metadata: {\n \"proxy-mode\": \"service_account\",\n },\n containerImage: {\n repository: \"gcr.io/deeplearning-platform-release/base-cpu\",\n tag: \"latest\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.notebooks.Instance(\"instance\",\n name=\"notebooks-instance\",\n location=\"us-west1-a\",\n machine_type=\"e2-medium\",\n metadata={\n \"proxy-mode\": \"service_account\",\n },\n container_image={\n \"repository\": \"gcr.io/deeplearning-platform-release/base-cpu\",\n \"tag\": \"latest\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Notebooks.Instance(\"instance\", new()\n {\n Name = \"notebooks-instance\",\n Location = \"us-west1-a\",\n MachineType = \"e2-medium\",\n Metadata = \n {\n { \"proxy-mode\", \"service_account\" },\n },\n ContainerImage = new Gcp.Notebooks.Inputs.InstanceContainerImageArgs\n {\n Repository = \"gcr.io/deeplearning-platform-release/base-cpu\",\n Tag = \"latest\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstance(ctx, \"instance\", \u0026notebooks.InstanceArgs{\n\t\t\tName: pulumi.String(\"notebooks-instance\"),\n\t\t\tLocation: pulumi.String(\"us-west1-a\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tMetadata: pulumi.StringMap{\n\t\t\t\t\"proxy-mode\": pulumi.String(\"service_account\"),\n\t\t\t},\n\t\t\tContainerImage: \u0026notebooks.InstanceContainerImageArgs{\n\t\t\t\tRepository: pulumi.String(\"gcr.io/deeplearning-platform-release/base-cpu\"),\n\t\t\t\tTag: pulumi.String(\"latest\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.Instance;\nimport com.pulumi.gcp.notebooks.InstanceArgs;\nimport com.pulumi.gcp.notebooks.inputs.InstanceContainerImageArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new Instance(\"instance\", InstanceArgs.builder()\n .name(\"notebooks-instance\")\n .location(\"us-west1-a\")\n .machineType(\"e2-medium\")\n .metadata(Map.of(\"proxy-mode\", \"service_account\"))\n .containerImage(InstanceContainerImageArgs.builder()\n .repository(\"gcr.io/deeplearning-platform-release/base-cpu\")\n .tag(\"latest\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:notebooks:Instance\n properties:\n name: notebooks-instance\n location: us-west1-a\n machineType: e2-medium\n metadata:\n proxy-mode: service_account\n containerImage:\n repository: gcr.io/deeplearning-platform-release/base-cpu\n tag: latest\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Notebook Instance Basic Gpu\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.notebooks.Instance(\"instance\", {\n name: \"notebooks-instance\",\n location: \"us-west1-a\",\n machineType: \"n1-standard-1\",\n installGpuDriver: true,\n acceleratorConfig: {\n type: \"NVIDIA_TESLA_T4\",\n coreCount: 1,\n },\n vmImage: {\n project: \"deeplearning-platform-release\",\n imageFamily: \"tf-latest-gpu\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.notebooks.Instance(\"instance\",\n name=\"notebooks-instance\",\n location=\"us-west1-a\",\n machine_type=\"n1-standard-1\",\n install_gpu_driver=True,\n accelerator_config={\n \"type\": \"NVIDIA_TESLA_T4\",\n \"core_count\": 1,\n },\n vm_image={\n \"project\": \"deeplearning-platform-release\",\n \"image_family\": \"tf-latest-gpu\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Notebooks.Instance(\"instance\", new()\n {\n Name = \"notebooks-instance\",\n Location = \"us-west1-a\",\n MachineType = \"n1-standard-1\",\n InstallGpuDriver = true,\n AcceleratorConfig = new Gcp.Notebooks.Inputs.InstanceAcceleratorConfigArgs\n {\n Type = \"NVIDIA_TESLA_T4\",\n CoreCount = 1,\n },\n VmImage = new Gcp.Notebooks.Inputs.InstanceVmImageArgs\n {\n Project = \"deeplearning-platform-release\",\n ImageFamily = \"tf-latest-gpu\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstance(ctx, \"instance\", \u0026notebooks.InstanceArgs{\n\t\t\tName: pulumi.String(\"notebooks-instance\"),\n\t\t\tLocation: pulumi.String(\"us-west1-a\"),\n\t\t\tMachineType: pulumi.String(\"n1-standard-1\"),\n\t\t\tInstallGpuDriver: pulumi.Bool(true),\n\t\t\tAcceleratorConfig: \u0026notebooks.InstanceAcceleratorConfigArgs{\n\t\t\t\tType: pulumi.String(\"NVIDIA_TESLA_T4\"),\n\t\t\t\tCoreCount: pulumi.Int(1),\n\t\t\t},\n\t\t\tVmImage: \u0026notebooks.InstanceVmImageArgs{\n\t\t\t\tProject: pulumi.String(\"deeplearning-platform-release\"),\n\t\t\t\tImageFamily: pulumi.String(\"tf-latest-gpu\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.Instance;\nimport com.pulumi.gcp.notebooks.InstanceArgs;\nimport com.pulumi.gcp.notebooks.inputs.InstanceAcceleratorConfigArgs;\nimport com.pulumi.gcp.notebooks.inputs.InstanceVmImageArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new Instance(\"instance\", InstanceArgs.builder()\n .name(\"notebooks-instance\")\n .location(\"us-west1-a\")\n .machineType(\"n1-standard-1\")\n .installGpuDriver(true)\n .acceleratorConfig(InstanceAcceleratorConfigArgs.builder()\n .type(\"NVIDIA_TESLA_T4\")\n .coreCount(1)\n .build())\n .vmImage(InstanceVmImageArgs.builder()\n .project(\"deeplearning-platform-release\")\n .imageFamily(\"tf-latest-gpu\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:notebooks:Instance\n properties:\n name: notebooks-instance\n location: us-west1-a\n machineType: n1-standard-1\n installGpuDriver: true\n acceleratorConfig:\n type: NVIDIA_TESLA_T4\n coreCount: 1\n vmImage:\n project: deeplearning-platform-release\n imageFamily: tf-latest-gpu\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Notebook Instance Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myNetwork = gcp.compute.getNetwork({\n name: \"default\",\n});\nconst mySubnetwork = gcp.compute.getSubnetwork({\n name: \"default\",\n region: \"us-central1\",\n});\nconst instance = new gcp.notebooks.Instance(\"instance\", {\n name: \"notebooks-instance\",\n location: \"us-central1-a\",\n machineType: \"e2-medium\",\n vmImage: {\n project: \"deeplearning-platform-release\",\n imageFamily: \"tf-latest-cpu\",\n },\n instanceOwners: [\"my@service-account.com\"],\n serviceAccount: \"my@service-account.com\",\n installGpuDriver: true,\n bootDiskType: \"PD_SSD\",\n bootDiskSizeGb: 110,\n noPublicIp: true,\n noProxyAccess: true,\n network: myNetwork.then(myNetwork =\u003e myNetwork.id),\n subnet: mySubnetwork.then(mySubnetwork =\u003e mySubnetwork.id),\n labels: {\n k: \"val\",\n },\n metadata: {\n terraform: \"true\",\n },\n serviceAccountScopes: [\n \"https://www.googleapis.com/auth/bigquery\",\n \"https://www.googleapis.com/auth/devstorage.read_write\",\n \"https://www.googleapis.com/auth/cloud-platform\",\n \"https://www.googleapis.com/auth/userinfo.email\",\n ],\n tags: [\n \"foo\",\n \"bar\",\n ],\n diskEncryption: \"CMEK\",\n kmsKey: \"my-crypto-key\",\n desiredState: \"ACTIVE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_network = gcp.compute.get_network(name=\"default\")\nmy_subnetwork = gcp.compute.get_subnetwork(name=\"default\",\n region=\"us-central1\")\ninstance = gcp.notebooks.Instance(\"instance\",\n name=\"notebooks-instance\",\n location=\"us-central1-a\",\n machine_type=\"e2-medium\",\n vm_image={\n \"project\": \"deeplearning-platform-release\",\n \"image_family\": \"tf-latest-cpu\",\n },\n instance_owners=[\"my@service-account.com\"],\n service_account=\"my@service-account.com\",\n install_gpu_driver=True,\n boot_disk_type=\"PD_SSD\",\n boot_disk_size_gb=110,\n no_public_ip=True,\n no_proxy_access=True,\n network=my_network.id,\n subnet=my_subnetwork.id,\n labels={\n \"k\": \"val\",\n },\n metadata={\n \"terraform\": \"true\",\n },\n service_account_scopes=[\n \"https://www.googleapis.com/auth/bigquery\",\n \"https://www.googleapis.com/auth/devstorage.read_write\",\n \"https://www.googleapis.com/auth/cloud-platform\",\n \"https://www.googleapis.com/auth/userinfo.email\",\n ],\n tags=[\n \"foo\",\n \"bar\",\n ],\n disk_encryption=\"CMEK\",\n kms_key=\"my-crypto-key\",\n desired_state=\"ACTIVE\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myNetwork = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"default\",\n });\n\n var mySubnetwork = Gcp.Compute.GetSubnetwork.Invoke(new()\n {\n Name = \"default\",\n Region = \"us-central1\",\n });\n\n var instance = new Gcp.Notebooks.Instance(\"instance\", new()\n {\n Name = \"notebooks-instance\",\n Location = \"us-central1-a\",\n MachineType = \"e2-medium\",\n VmImage = new Gcp.Notebooks.Inputs.InstanceVmImageArgs\n {\n Project = \"deeplearning-platform-release\",\n ImageFamily = \"tf-latest-cpu\",\n },\n InstanceOwners = new[]\n {\n \"my@service-account.com\",\n },\n ServiceAccount = \"my@service-account.com\",\n InstallGpuDriver = true,\n BootDiskType = \"PD_SSD\",\n BootDiskSizeGb = 110,\n NoPublicIp = true,\n NoProxyAccess = true,\n Network = myNetwork.Apply(getNetworkResult =\u003e getNetworkResult.Id),\n Subnet = mySubnetwork.Apply(getSubnetworkResult =\u003e getSubnetworkResult.Id),\n Labels = \n {\n { \"k\", \"val\" },\n },\n Metadata = \n {\n { \"terraform\", \"true\" },\n },\n ServiceAccountScopes = new[]\n {\n \"https://www.googleapis.com/auth/bigquery\",\n \"https://www.googleapis.com/auth/devstorage.read_write\",\n \"https://www.googleapis.com/auth/cloud-platform\",\n \"https://www.googleapis.com/auth/userinfo.email\",\n },\n Tags = new[]\n {\n \"foo\",\n \"bar\",\n },\n DiskEncryption = \"CMEK\",\n KmsKey = \"my-crypto-key\",\n DesiredState = \"ACTIVE\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyNetwork, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"default\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmySubnetwork, err := compute.LookupSubnetwork(ctx, \u0026compute.LookupSubnetworkArgs{\n\t\t\tName: pulumi.StringRef(\"default\"),\n\t\t\tRegion: pulumi.StringRef(\"us-central1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewInstance(ctx, \"instance\", \u0026notebooks.InstanceArgs{\n\t\t\tName: pulumi.String(\"notebooks-instance\"),\n\t\t\tLocation: pulumi.String(\"us-central1-a\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tVmImage: \u0026notebooks.InstanceVmImageArgs{\n\t\t\t\tProject: pulumi.String(\"deeplearning-platform-release\"),\n\t\t\t\tImageFamily: pulumi.String(\"tf-latest-cpu\"),\n\t\t\t},\n\t\t\tInstanceOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"my@service-account.com\"),\n\t\t\t},\n\t\t\tServiceAccount: pulumi.String(\"my@service-account.com\"),\n\t\t\tInstallGpuDriver: pulumi.Bool(true),\n\t\t\tBootDiskType: pulumi.String(\"PD_SSD\"),\n\t\t\tBootDiskSizeGb: pulumi.Int(110),\n\t\t\tNoPublicIp: pulumi.Bool(true),\n\t\t\tNoProxyAccess: pulumi.Bool(true),\n\t\t\tNetwork: pulumi.String(myNetwork.Id),\n\t\t\tSubnet: pulumi.String(mySubnetwork.Id),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"k\": pulumi.String(\"val\"),\n\t\t\t},\n\t\t\tMetadata: pulumi.StringMap{\n\t\t\t\t\"terraform\": pulumi.String(\"true\"),\n\t\t\t},\n\t\t\tServiceAccountScopes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"https://www.googleapis.com/auth/bigquery\"),\n\t\t\t\tpulumi.String(\"https://www.googleapis.com/auth/devstorage.read_write\"),\n\t\t\t\tpulumi.String(\"https://www.googleapis.com/auth/cloud-platform\"),\n\t\t\t\tpulumi.String(\"https://www.googleapis.com/auth/userinfo.email\"),\n\t\t\t},\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"foo\"),\n\t\t\t\tpulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tDiskEncryption: pulumi.String(\"CMEK\"),\n\t\t\tKmsKey: pulumi.String(\"my-crypto-key\"),\n\t\t\tDesiredState: pulumi.String(\"ACTIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport com.pulumi.gcp.compute.inputs.GetSubnetworkArgs;\nimport com.pulumi.gcp.notebooks.Instance;\nimport com.pulumi.gcp.notebooks.InstanceArgs;\nimport com.pulumi.gcp.notebooks.inputs.InstanceVmImageArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myNetwork = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"default\")\n .build());\n\n final var mySubnetwork = ComputeFunctions.getSubnetwork(GetSubnetworkArgs.builder()\n .name(\"default\")\n .region(\"us-central1\")\n .build());\n\n var instance = new Instance(\"instance\", InstanceArgs.builder()\n .name(\"notebooks-instance\")\n .location(\"us-central1-a\")\n .machineType(\"e2-medium\")\n .vmImage(InstanceVmImageArgs.builder()\n .project(\"deeplearning-platform-release\")\n .imageFamily(\"tf-latest-cpu\")\n .build())\n .instanceOwners(\"my@service-account.com\")\n .serviceAccount(\"my@service-account.com\")\n .installGpuDriver(true)\n .bootDiskType(\"PD_SSD\")\n .bootDiskSizeGb(110)\n .noPublicIp(true)\n .noProxyAccess(true)\n .network(myNetwork.applyValue(getNetworkResult -\u003e getNetworkResult.id()))\n .subnet(mySubnetwork.applyValue(getSubnetworkResult -\u003e getSubnetworkResult.id()))\n .labels(Map.of(\"k\", \"val\"))\n .metadata(Map.of(\"terraform\", \"true\"))\n .serviceAccountScopes( \n \"https://www.googleapis.com/auth/bigquery\",\n \"https://www.googleapis.com/auth/devstorage.read_write\",\n \"https://www.googleapis.com/auth/cloud-platform\",\n \"https://www.googleapis.com/auth/userinfo.email\")\n .tags( \n \"foo\",\n \"bar\")\n .diskEncryption(\"CMEK\")\n .kmsKey(\"my-crypto-key\")\n .desiredState(\"ACTIVE\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:notebooks:Instance\n properties:\n name: notebooks-instance\n location: us-central1-a\n machineType: e2-medium\n vmImage:\n project: deeplearning-platform-release\n imageFamily: tf-latest-cpu\n instanceOwners:\n - my@service-account.com\n serviceAccount: my@service-account.com\n installGpuDriver: true\n bootDiskType: PD_SSD\n bootDiskSizeGb: 110\n noPublicIp: true\n noProxyAccess: true\n network: ${myNetwork.id}\n subnet: ${mySubnetwork.id}\n labels:\n k: val\n metadata:\n terraform: 'true'\n serviceAccountScopes:\n - https://www.googleapis.com/auth/bigquery\n - https://www.googleapis.com/auth/devstorage.read_write\n - https://www.googleapis.com/auth/cloud-platform\n - https://www.googleapis.com/auth/userinfo.email\n tags:\n - foo\n - bar\n diskEncryption: CMEK\n kmsKey: my-crypto-key\n desiredState: ACTIVE\nvariables:\n myNetwork:\n fn::invoke:\n Function: gcp:compute:getNetwork\n Arguments:\n name: default\n mySubnetwork:\n fn::invoke:\n Function: gcp:compute:getSubnetwork\n Arguments:\n name: default\n region: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInstance can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/instances/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Instance can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:notebooks/instance:Instance default projects/{{project}}/locations/{{location}}/instances/{{name}}\n```\n\n```sh\n$ pulumi import gcp:notebooks/instance:Instance default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:notebooks/instance:Instance default {{location}}/{{name}}\n```\n\n", + "description": "\u003e **Warning:** `google_notebook_instance` is deprecated and will be removed in a future major release. Use `gcp.workbench.Instance` instead.\n\nA Cloud AI Platform Notebook instance.\n\n\n\u003e **Note:** Due to limitations of the Notebooks Instance API, many fields\nin this resource do not properly detect drift. These fields will also not\nappear in state once imported.\n\n\nTo get more information about Instance, see:\n\n* [API documentation](https://cloud.google.com/ai-platform/notebooks/docs/reference/rest)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/ai-platform-notebooks)\n\n## Example Usage\n\n### Notebook Instance Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.notebooks.Instance(\"instance\", {\n name: \"notebooks-instance\",\n location: \"us-west1-a\",\n machineType: \"e2-medium\",\n vmImage: {\n project: \"deeplearning-platform-release\",\n imageFamily: \"tf-latest-cpu\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.notebooks.Instance(\"instance\",\n name=\"notebooks-instance\",\n location=\"us-west1-a\",\n machine_type=\"e2-medium\",\n vm_image={\n \"project\": \"deeplearning-platform-release\",\n \"image_family\": \"tf-latest-cpu\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Notebooks.Instance(\"instance\", new()\n {\n Name = \"notebooks-instance\",\n Location = \"us-west1-a\",\n MachineType = \"e2-medium\",\n VmImage = new Gcp.Notebooks.Inputs.InstanceVmImageArgs\n {\n Project = \"deeplearning-platform-release\",\n ImageFamily = \"tf-latest-cpu\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstance(ctx, \"instance\", \u0026notebooks.InstanceArgs{\n\t\t\tName: pulumi.String(\"notebooks-instance\"),\n\t\t\tLocation: pulumi.String(\"us-west1-a\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tVmImage: \u0026notebooks.InstanceVmImageArgs{\n\t\t\t\tProject: pulumi.String(\"deeplearning-platform-release\"),\n\t\t\t\tImageFamily: pulumi.String(\"tf-latest-cpu\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.Instance;\nimport com.pulumi.gcp.notebooks.InstanceArgs;\nimport com.pulumi.gcp.notebooks.inputs.InstanceVmImageArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new Instance(\"instance\", InstanceArgs.builder()\n .name(\"notebooks-instance\")\n .location(\"us-west1-a\")\n .machineType(\"e2-medium\")\n .vmImage(InstanceVmImageArgs.builder()\n .project(\"deeplearning-platform-release\")\n .imageFamily(\"tf-latest-cpu\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:notebooks:Instance\n properties:\n name: notebooks-instance\n location: us-west1-a\n machineType: e2-medium\n vmImage:\n project: deeplearning-platform-release\n imageFamily: tf-latest-cpu\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Notebook Instance Basic Stopped\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.notebooks.Instance(\"instance\", {\n name: \"notebooks-instance\",\n location: \"us-west1-a\",\n machineType: \"e2-medium\",\n vmImage: {\n project: \"deeplearning-platform-release\",\n imageFamily: \"tf-latest-cpu\",\n },\n desiredState: \"STOPPED\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.notebooks.Instance(\"instance\",\n name=\"notebooks-instance\",\n location=\"us-west1-a\",\n machine_type=\"e2-medium\",\n vm_image={\n \"project\": \"deeplearning-platform-release\",\n \"image_family\": \"tf-latest-cpu\",\n },\n desired_state=\"STOPPED\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Notebooks.Instance(\"instance\", new()\n {\n Name = \"notebooks-instance\",\n Location = \"us-west1-a\",\n MachineType = \"e2-medium\",\n VmImage = new Gcp.Notebooks.Inputs.InstanceVmImageArgs\n {\n Project = \"deeplearning-platform-release\",\n ImageFamily = \"tf-latest-cpu\",\n },\n DesiredState = \"STOPPED\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstance(ctx, \"instance\", \u0026notebooks.InstanceArgs{\n\t\t\tName: pulumi.String(\"notebooks-instance\"),\n\t\t\tLocation: pulumi.String(\"us-west1-a\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tVmImage: \u0026notebooks.InstanceVmImageArgs{\n\t\t\t\tProject: pulumi.String(\"deeplearning-platform-release\"),\n\t\t\t\tImageFamily: pulumi.String(\"tf-latest-cpu\"),\n\t\t\t},\n\t\t\tDesiredState: pulumi.String(\"STOPPED\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.Instance;\nimport com.pulumi.gcp.notebooks.InstanceArgs;\nimport com.pulumi.gcp.notebooks.inputs.InstanceVmImageArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new Instance(\"instance\", InstanceArgs.builder()\n .name(\"notebooks-instance\")\n .location(\"us-west1-a\")\n .machineType(\"e2-medium\")\n .vmImage(InstanceVmImageArgs.builder()\n .project(\"deeplearning-platform-release\")\n .imageFamily(\"tf-latest-cpu\")\n .build())\n .desiredState(\"STOPPED\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:notebooks:Instance\n properties:\n name: notebooks-instance\n location: us-west1-a\n machineType: e2-medium\n vmImage:\n project: deeplearning-platform-release\n imageFamily: tf-latest-cpu\n desiredState: STOPPED\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Notebook Instance Basic Container\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.notebooks.Instance(\"instance\", {\n name: \"notebooks-instance\",\n location: \"us-west1-a\",\n machineType: \"e2-medium\",\n metadata: {\n \"proxy-mode\": \"service_account\",\n },\n containerImage: {\n repository: \"gcr.io/deeplearning-platform-release/base-cpu\",\n tag: \"latest\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.notebooks.Instance(\"instance\",\n name=\"notebooks-instance\",\n location=\"us-west1-a\",\n machine_type=\"e2-medium\",\n metadata={\n \"proxy-mode\": \"service_account\",\n },\n container_image={\n \"repository\": \"gcr.io/deeplearning-platform-release/base-cpu\",\n \"tag\": \"latest\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Notebooks.Instance(\"instance\", new()\n {\n Name = \"notebooks-instance\",\n Location = \"us-west1-a\",\n MachineType = \"e2-medium\",\n Metadata = \n {\n { \"proxy-mode\", \"service_account\" },\n },\n ContainerImage = new Gcp.Notebooks.Inputs.InstanceContainerImageArgs\n {\n Repository = \"gcr.io/deeplearning-platform-release/base-cpu\",\n Tag = \"latest\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstance(ctx, \"instance\", \u0026notebooks.InstanceArgs{\n\t\t\tName: pulumi.String(\"notebooks-instance\"),\n\t\t\tLocation: pulumi.String(\"us-west1-a\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tMetadata: pulumi.StringMap{\n\t\t\t\t\"proxy-mode\": pulumi.String(\"service_account\"),\n\t\t\t},\n\t\t\tContainerImage: \u0026notebooks.InstanceContainerImageArgs{\n\t\t\t\tRepository: pulumi.String(\"gcr.io/deeplearning-platform-release/base-cpu\"),\n\t\t\t\tTag: pulumi.String(\"latest\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.Instance;\nimport com.pulumi.gcp.notebooks.InstanceArgs;\nimport com.pulumi.gcp.notebooks.inputs.InstanceContainerImageArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new Instance(\"instance\", InstanceArgs.builder()\n .name(\"notebooks-instance\")\n .location(\"us-west1-a\")\n .machineType(\"e2-medium\")\n .metadata(Map.of(\"proxy-mode\", \"service_account\"))\n .containerImage(InstanceContainerImageArgs.builder()\n .repository(\"gcr.io/deeplearning-platform-release/base-cpu\")\n .tag(\"latest\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:notebooks:Instance\n properties:\n name: notebooks-instance\n location: us-west1-a\n machineType: e2-medium\n metadata:\n proxy-mode: service_account\n containerImage:\n repository: gcr.io/deeplearning-platform-release/base-cpu\n tag: latest\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Notebook Instance Basic Gpu\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.notebooks.Instance(\"instance\", {\n name: \"notebooks-instance\",\n location: \"us-west1-a\",\n machineType: \"n1-standard-1\",\n installGpuDriver: true,\n acceleratorConfig: {\n type: \"NVIDIA_TESLA_T4\",\n coreCount: 1,\n },\n vmImage: {\n project: \"deeplearning-platform-release\",\n imageFamily: \"tf-latest-gpu\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.notebooks.Instance(\"instance\",\n name=\"notebooks-instance\",\n location=\"us-west1-a\",\n machine_type=\"n1-standard-1\",\n install_gpu_driver=True,\n accelerator_config={\n \"type\": \"NVIDIA_TESLA_T4\",\n \"core_count\": 1,\n },\n vm_image={\n \"project\": \"deeplearning-platform-release\",\n \"image_family\": \"tf-latest-gpu\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Notebooks.Instance(\"instance\", new()\n {\n Name = \"notebooks-instance\",\n Location = \"us-west1-a\",\n MachineType = \"n1-standard-1\",\n InstallGpuDriver = true,\n AcceleratorConfig = new Gcp.Notebooks.Inputs.InstanceAcceleratorConfigArgs\n {\n Type = \"NVIDIA_TESLA_T4\",\n CoreCount = 1,\n },\n VmImage = new Gcp.Notebooks.Inputs.InstanceVmImageArgs\n {\n Project = \"deeplearning-platform-release\",\n ImageFamily = \"tf-latest-gpu\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstance(ctx, \"instance\", \u0026notebooks.InstanceArgs{\n\t\t\tName: pulumi.String(\"notebooks-instance\"),\n\t\t\tLocation: pulumi.String(\"us-west1-a\"),\n\t\t\tMachineType: pulumi.String(\"n1-standard-1\"),\n\t\t\tInstallGpuDriver: pulumi.Bool(true),\n\t\t\tAcceleratorConfig: \u0026notebooks.InstanceAcceleratorConfigArgs{\n\t\t\t\tType: pulumi.String(\"NVIDIA_TESLA_T4\"),\n\t\t\t\tCoreCount: pulumi.Int(1),\n\t\t\t},\n\t\t\tVmImage: \u0026notebooks.InstanceVmImageArgs{\n\t\t\t\tProject: pulumi.String(\"deeplearning-platform-release\"),\n\t\t\t\tImageFamily: pulumi.String(\"tf-latest-gpu\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.Instance;\nimport com.pulumi.gcp.notebooks.InstanceArgs;\nimport com.pulumi.gcp.notebooks.inputs.InstanceAcceleratorConfigArgs;\nimport com.pulumi.gcp.notebooks.inputs.InstanceVmImageArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new Instance(\"instance\", InstanceArgs.builder()\n .name(\"notebooks-instance\")\n .location(\"us-west1-a\")\n .machineType(\"n1-standard-1\")\n .installGpuDriver(true)\n .acceleratorConfig(InstanceAcceleratorConfigArgs.builder()\n .type(\"NVIDIA_TESLA_T4\")\n .coreCount(1)\n .build())\n .vmImage(InstanceVmImageArgs.builder()\n .project(\"deeplearning-platform-release\")\n .imageFamily(\"tf-latest-gpu\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:notebooks:Instance\n properties:\n name: notebooks-instance\n location: us-west1-a\n machineType: n1-standard-1\n installGpuDriver: true\n acceleratorConfig:\n type: NVIDIA_TESLA_T4\n coreCount: 1\n vmImage:\n project: deeplearning-platform-release\n imageFamily: tf-latest-gpu\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Notebook Instance Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myNetwork = gcp.compute.getNetwork({\n name: \"default\",\n});\nconst mySubnetwork = gcp.compute.getSubnetwork({\n name: \"default\",\n region: \"us-central1\",\n});\nconst instance = new gcp.notebooks.Instance(\"instance\", {\n name: \"notebooks-instance\",\n location: \"us-central1-a\",\n machineType: \"e2-medium\",\n vmImage: {\n project: \"deeplearning-platform-release\",\n imageFamily: \"tf-latest-cpu\",\n },\n instanceOwners: [\"my@service-account.com\"],\n serviceAccount: \"my@service-account.com\",\n installGpuDriver: true,\n bootDiskType: \"PD_SSD\",\n bootDiskSizeGb: 110,\n noPublicIp: true,\n noProxyAccess: true,\n network: myNetwork.then(myNetwork =\u003e myNetwork.id),\n subnet: mySubnetwork.then(mySubnetwork =\u003e mySubnetwork.id),\n labels: {\n k: \"val\",\n },\n metadata: {\n terraform: \"true\",\n },\n serviceAccountScopes: [\n \"https://www.googleapis.com/auth/bigquery\",\n \"https://www.googleapis.com/auth/devstorage.read_write\",\n \"https://www.googleapis.com/auth/cloud-platform\",\n \"https://www.googleapis.com/auth/userinfo.email\",\n ],\n tags: [\n \"foo\",\n \"bar\",\n ],\n diskEncryption: \"CMEK\",\n kmsKey: \"my-crypto-key\",\n desiredState: \"ACTIVE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_network = gcp.compute.get_network(name=\"default\")\nmy_subnetwork = gcp.compute.get_subnetwork(name=\"default\",\n region=\"us-central1\")\ninstance = gcp.notebooks.Instance(\"instance\",\n name=\"notebooks-instance\",\n location=\"us-central1-a\",\n machine_type=\"e2-medium\",\n vm_image={\n \"project\": \"deeplearning-platform-release\",\n \"image_family\": \"tf-latest-cpu\",\n },\n instance_owners=[\"my@service-account.com\"],\n service_account=\"my@service-account.com\",\n install_gpu_driver=True,\n boot_disk_type=\"PD_SSD\",\n boot_disk_size_gb=110,\n no_public_ip=True,\n no_proxy_access=True,\n network=my_network.id,\n subnet=my_subnetwork.id,\n labels={\n \"k\": \"val\",\n },\n metadata={\n \"terraform\": \"true\",\n },\n service_account_scopes=[\n \"https://www.googleapis.com/auth/bigquery\",\n \"https://www.googleapis.com/auth/devstorage.read_write\",\n \"https://www.googleapis.com/auth/cloud-platform\",\n \"https://www.googleapis.com/auth/userinfo.email\",\n ],\n tags=[\n \"foo\",\n \"bar\",\n ],\n disk_encryption=\"CMEK\",\n kms_key=\"my-crypto-key\",\n desired_state=\"ACTIVE\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myNetwork = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"default\",\n });\n\n var mySubnetwork = Gcp.Compute.GetSubnetwork.Invoke(new()\n {\n Name = \"default\",\n Region = \"us-central1\",\n });\n\n var instance = new Gcp.Notebooks.Instance(\"instance\", new()\n {\n Name = \"notebooks-instance\",\n Location = \"us-central1-a\",\n MachineType = \"e2-medium\",\n VmImage = new Gcp.Notebooks.Inputs.InstanceVmImageArgs\n {\n Project = \"deeplearning-platform-release\",\n ImageFamily = \"tf-latest-cpu\",\n },\n InstanceOwners = new[]\n {\n \"my@service-account.com\",\n },\n ServiceAccount = \"my@service-account.com\",\n InstallGpuDriver = true,\n BootDiskType = \"PD_SSD\",\n BootDiskSizeGb = 110,\n NoPublicIp = true,\n NoProxyAccess = true,\n Network = myNetwork.Apply(getNetworkResult =\u003e getNetworkResult.Id),\n Subnet = mySubnetwork.Apply(getSubnetworkResult =\u003e getSubnetworkResult.Id),\n Labels = \n {\n { \"k\", \"val\" },\n },\n Metadata = \n {\n { \"terraform\", \"true\" },\n },\n ServiceAccountScopes = new[]\n {\n \"https://www.googleapis.com/auth/bigquery\",\n \"https://www.googleapis.com/auth/devstorage.read_write\",\n \"https://www.googleapis.com/auth/cloud-platform\",\n \"https://www.googleapis.com/auth/userinfo.email\",\n },\n Tags = new[]\n {\n \"foo\",\n \"bar\",\n },\n DiskEncryption = \"CMEK\",\n KmsKey = \"my-crypto-key\",\n DesiredState = \"ACTIVE\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyNetwork, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"default\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmySubnetwork, err := compute.LookupSubnetwork(ctx, \u0026compute.LookupSubnetworkArgs{\n\t\t\tName: pulumi.StringRef(\"default\"),\n\t\t\tRegion: pulumi.StringRef(\"us-central1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewInstance(ctx, \"instance\", \u0026notebooks.InstanceArgs{\n\t\t\tName: pulumi.String(\"notebooks-instance\"),\n\t\t\tLocation: pulumi.String(\"us-central1-a\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tVmImage: \u0026notebooks.InstanceVmImageArgs{\n\t\t\t\tProject: pulumi.String(\"deeplearning-platform-release\"),\n\t\t\t\tImageFamily: pulumi.String(\"tf-latest-cpu\"),\n\t\t\t},\n\t\t\tInstanceOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"my@service-account.com\"),\n\t\t\t},\n\t\t\tServiceAccount: pulumi.String(\"my@service-account.com\"),\n\t\t\tInstallGpuDriver: pulumi.Bool(true),\n\t\t\tBootDiskType: pulumi.String(\"PD_SSD\"),\n\t\t\tBootDiskSizeGb: pulumi.Int(110),\n\t\t\tNoPublicIp: pulumi.Bool(true),\n\t\t\tNoProxyAccess: pulumi.Bool(true),\n\t\t\tNetwork: pulumi.String(myNetwork.Id),\n\t\t\tSubnet: pulumi.String(mySubnetwork.Id),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"k\": pulumi.String(\"val\"),\n\t\t\t},\n\t\t\tMetadata: pulumi.StringMap{\n\t\t\t\t\"terraform\": pulumi.String(\"true\"),\n\t\t\t},\n\t\t\tServiceAccountScopes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"https://www.googleapis.com/auth/bigquery\"),\n\t\t\t\tpulumi.String(\"https://www.googleapis.com/auth/devstorage.read_write\"),\n\t\t\t\tpulumi.String(\"https://www.googleapis.com/auth/cloud-platform\"),\n\t\t\t\tpulumi.String(\"https://www.googleapis.com/auth/userinfo.email\"),\n\t\t\t},\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"foo\"),\n\t\t\t\tpulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tDiskEncryption: pulumi.String(\"CMEK\"),\n\t\t\tKmsKey: pulumi.String(\"my-crypto-key\"),\n\t\t\tDesiredState: pulumi.String(\"ACTIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport com.pulumi.gcp.compute.inputs.GetSubnetworkArgs;\nimport com.pulumi.gcp.notebooks.Instance;\nimport com.pulumi.gcp.notebooks.InstanceArgs;\nimport com.pulumi.gcp.notebooks.inputs.InstanceVmImageArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myNetwork = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"default\")\n .build());\n\n final var mySubnetwork = ComputeFunctions.getSubnetwork(GetSubnetworkArgs.builder()\n .name(\"default\")\n .region(\"us-central1\")\n .build());\n\n var instance = new Instance(\"instance\", InstanceArgs.builder()\n .name(\"notebooks-instance\")\n .location(\"us-central1-a\")\n .machineType(\"e2-medium\")\n .vmImage(InstanceVmImageArgs.builder()\n .project(\"deeplearning-platform-release\")\n .imageFamily(\"tf-latest-cpu\")\n .build())\n .instanceOwners(\"my@service-account.com\")\n .serviceAccount(\"my@service-account.com\")\n .installGpuDriver(true)\n .bootDiskType(\"PD_SSD\")\n .bootDiskSizeGb(110)\n .noPublicIp(true)\n .noProxyAccess(true)\n .network(myNetwork.applyValue(getNetworkResult -\u003e getNetworkResult.id()))\n .subnet(mySubnetwork.applyValue(getSubnetworkResult -\u003e getSubnetworkResult.id()))\n .labels(Map.of(\"k\", \"val\"))\n .metadata(Map.of(\"terraform\", \"true\"))\n .serviceAccountScopes( \n \"https://www.googleapis.com/auth/bigquery\",\n \"https://www.googleapis.com/auth/devstorage.read_write\",\n \"https://www.googleapis.com/auth/cloud-platform\",\n \"https://www.googleapis.com/auth/userinfo.email\")\n .tags( \n \"foo\",\n \"bar\")\n .diskEncryption(\"CMEK\")\n .kmsKey(\"my-crypto-key\")\n .desiredState(\"ACTIVE\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:notebooks:Instance\n properties:\n name: notebooks-instance\n location: us-central1-a\n machineType: e2-medium\n vmImage:\n project: deeplearning-platform-release\n imageFamily: tf-latest-cpu\n instanceOwners:\n - my@service-account.com\n serviceAccount: my@service-account.com\n installGpuDriver: true\n bootDiskType: PD_SSD\n bootDiskSizeGb: 110\n noPublicIp: true\n noProxyAccess: true\n network: ${myNetwork.id}\n subnet: ${mySubnetwork.id}\n labels:\n k: val\n metadata:\n terraform: 'true'\n serviceAccountScopes:\n - https://www.googleapis.com/auth/bigquery\n - https://www.googleapis.com/auth/devstorage.read_write\n - https://www.googleapis.com/auth/cloud-platform\n - https://www.googleapis.com/auth/userinfo.email\n tags:\n - foo\n - bar\n diskEncryption: CMEK\n kmsKey: my-crypto-key\n desiredState: ACTIVE\nvariables:\n myNetwork:\n fn::invoke:\n function: gcp:compute:getNetwork\n arguments:\n name: default\n mySubnetwork:\n fn::invoke:\n function: gcp:compute:getSubnetwork\n arguments:\n name: default\n region: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInstance can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/instances/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Instance can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:notebooks/instance:Instance default projects/{{project}}/locations/{{location}}/instances/{{name}}\n```\n\n```sh\n$ pulumi import gcp:notebooks/instance:Instance default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:notebooks/instance:Instance default {{location}}/{{name}}\n```\n\n", "properties": { "acceleratorConfig": { "$ref": "#/types/gcp:notebooks/InstanceAcceleratorConfig:InstanceAcceleratorConfig", @@ -247660,7 +247660,7 @@ } }, "gcp:notebooks/instanceIamBinding:InstanceIamBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud AI Notebooks Instance. Each of these resources serves a different use case:\n\n* `gcp.notebooks.InstanceIamPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.notebooks.InstanceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.notebooks.InstanceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.InstanceIamPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.notebooks.InstanceIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.InstanceIamBinding` and `gcp.notebooks.InstanceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.InstanceIamBinding` resources **can be** used in conjunction with `gcp.notebooks.InstanceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.notebooks.InstanceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.InstanceIamPolicy(\"policy\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.notebooks.InstanceIamPolicy(\"policy\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.InstanceIamPolicy(\"policy\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewInstanceIamPolicy(ctx, \"policy\", \u0026notebooks.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicy;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIamPolicy(\"policy\", InstanceIamPolicyArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:InstanceIamPolicy\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.InstanceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.InstanceIamBinding(\"binding\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.InstanceIamBinding(\"binding\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.InstanceIamBinding(\"binding\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamBinding(ctx, \"binding\", \u0026notebooks.InstanceIamBindingArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamBinding;\nimport com.pulumi.gcp.notebooks.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIamBinding(\"binding\", InstanceIamBindingArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:InstanceIamBinding\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.InstanceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.InstanceIamMember(\"member\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.InstanceIamMember(\"member\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.InstanceIamMember(\"member\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamMember(ctx, \"member\", \u0026notebooks.InstanceIamMemberArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamMember;\nimport com.pulumi.gcp.notebooks.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIamMember(\"member\", InstanceIamMemberArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:InstanceIamMember\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud AI Notebooks Instance\nThree different resources help you manage your IAM policy for Cloud AI Notebooks Instance. Each of these resources serves a different use case:\n\n* `gcp.notebooks.InstanceIamPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.notebooks.InstanceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.notebooks.InstanceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.InstanceIamPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.notebooks.InstanceIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.InstanceIamBinding` and `gcp.notebooks.InstanceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.InstanceIamBinding` resources **can be** used in conjunction with `gcp.notebooks.InstanceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.notebooks.InstanceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.InstanceIamPolicy(\"policy\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.notebooks.InstanceIamPolicy(\"policy\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.InstanceIamPolicy(\"policy\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewInstanceIamPolicy(ctx, \"policy\", \u0026notebooks.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicy;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIamPolicy(\"policy\", InstanceIamPolicyArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:InstanceIamPolicy\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.InstanceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.InstanceIamBinding(\"binding\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.InstanceIamBinding(\"binding\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.InstanceIamBinding(\"binding\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamBinding(ctx, \"binding\", \u0026notebooks.InstanceIamBindingArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamBinding;\nimport com.pulumi.gcp.notebooks.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIamBinding(\"binding\", InstanceIamBindingArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:InstanceIamBinding\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.InstanceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.InstanceIamMember(\"member\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.InstanceIamMember(\"member\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.InstanceIamMember(\"member\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamMember(ctx, \"member\", \u0026notebooks.InstanceIamMemberArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamMember;\nimport com.pulumi.gcp.notebooks.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIamMember(\"member\", InstanceIamMemberArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:InstanceIamMember\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/instances/{{instance_name}}\n\n* {{project}}/{{location}}/{{instance_name}}\n\n* {{location}}/{{instance_name}}\n\n* {{instance_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud AI Notebooks instance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamBinding:InstanceIamBinding editor \"projects/{{project}}/locations/{{location}}/instances/{{instance_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamBinding:InstanceIamBinding editor \"projects/{{project}}/locations/{{location}}/instances/{{instance_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamBinding:InstanceIamBinding editor projects/{{project}}/locations/{{location}}/instances/{{instance_name}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud AI Notebooks Instance. Each of these resources serves a different use case:\n\n* `gcp.notebooks.InstanceIamPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.notebooks.InstanceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.notebooks.InstanceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.InstanceIamPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.notebooks.InstanceIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.InstanceIamBinding` and `gcp.notebooks.InstanceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.InstanceIamBinding` resources **can be** used in conjunction with `gcp.notebooks.InstanceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.notebooks.InstanceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.InstanceIamPolicy(\"policy\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.notebooks.InstanceIamPolicy(\"policy\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.InstanceIamPolicy(\"policy\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewInstanceIamPolicy(ctx, \"policy\", \u0026notebooks.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicy;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIamPolicy(\"policy\", InstanceIamPolicyArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:InstanceIamPolicy\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.InstanceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.InstanceIamBinding(\"binding\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.InstanceIamBinding(\"binding\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.InstanceIamBinding(\"binding\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamBinding(ctx, \"binding\", \u0026notebooks.InstanceIamBindingArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamBinding;\nimport com.pulumi.gcp.notebooks.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIamBinding(\"binding\", InstanceIamBindingArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:InstanceIamBinding\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.InstanceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.InstanceIamMember(\"member\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.InstanceIamMember(\"member\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.InstanceIamMember(\"member\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamMember(ctx, \"member\", \u0026notebooks.InstanceIamMemberArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamMember;\nimport com.pulumi.gcp.notebooks.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIamMember(\"member\", InstanceIamMemberArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:InstanceIamMember\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud AI Notebooks Instance\nThree different resources help you manage your IAM policy for Cloud AI Notebooks Instance. Each of these resources serves a different use case:\n\n* `gcp.notebooks.InstanceIamPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.notebooks.InstanceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.notebooks.InstanceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.InstanceIamPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.notebooks.InstanceIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.InstanceIamBinding` and `gcp.notebooks.InstanceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.InstanceIamBinding` resources **can be** used in conjunction with `gcp.notebooks.InstanceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.notebooks.InstanceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.InstanceIamPolicy(\"policy\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.notebooks.InstanceIamPolicy(\"policy\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.InstanceIamPolicy(\"policy\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewInstanceIamPolicy(ctx, \"policy\", \u0026notebooks.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicy;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIamPolicy(\"policy\", InstanceIamPolicyArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:InstanceIamPolicy\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.InstanceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.InstanceIamBinding(\"binding\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.InstanceIamBinding(\"binding\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.InstanceIamBinding(\"binding\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamBinding(ctx, \"binding\", \u0026notebooks.InstanceIamBindingArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamBinding;\nimport com.pulumi.gcp.notebooks.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIamBinding(\"binding\", InstanceIamBindingArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:InstanceIamBinding\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.InstanceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.InstanceIamMember(\"member\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.InstanceIamMember(\"member\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.InstanceIamMember(\"member\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamMember(ctx, \"member\", \u0026notebooks.InstanceIamMemberArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamMember;\nimport com.pulumi.gcp.notebooks.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIamMember(\"member\", InstanceIamMemberArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:InstanceIamMember\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/instances/{{instance_name}}\n\n* {{project}}/{{location}}/{{instance_name}}\n\n* {{location}}/{{instance_name}}\n\n* {{instance_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud AI Notebooks instance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamBinding:InstanceIamBinding editor \"projects/{{project}}/locations/{{location}}/instances/{{instance_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamBinding:InstanceIamBinding editor \"projects/{{project}}/locations/{{location}}/instances/{{instance_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamBinding:InstanceIamBinding editor projects/{{project}}/locations/{{location}}/instances/{{instance_name}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:notebooks/InstanceIamBindingCondition:InstanceIamBindingCondition" @@ -247782,7 +247782,7 @@ } }, "gcp:notebooks/instanceIamMember:InstanceIamMember": { - "description": "Three different resources help you manage your IAM policy for Cloud AI Notebooks Instance. Each of these resources serves a different use case:\n\n* `gcp.notebooks.InstanceIamPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.notebooks.InstanceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.notebooks.InstanceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.InstanceIamPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.notebooks.InstanceIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.InstanceIamBinding` and `gcp.notebooks.InstanceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.InstanceIamBinding` resources **can be** used in conjunction with `gcp.notebooks.InstanceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.notebooks.InstanceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.InstanceIamPolicy(\"policy\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.notebooks.InstanceIamPolicy(\"policy\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.InstanceIamPolicy(\"policy\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewInstanceIamPolicy(ctx, \"policy\", \u0026notebooks.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicy;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIamPolicy(\"policy\", InstanceIamPolicyArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:InstanceIamPolicy\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.InstanceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.InstanceIamBinding(\"binding\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.InstanceIamBinding(\"binding\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.InstanceIamBinding(\"binding\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamBinding(ctx, \"binding\", \u0026notebooks.InstanceIamBindingArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamBinding;\nimport com.pulumi.gcp.notebooks.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIamBinding(\"binding\", InstanceIamBindingArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:InstanceIamBinding\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.InstanceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.InstanceIamMember(\"member\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.InstanceIamMember(\"member\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.InstanceIamMember(\"member\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamMember(ctx, \"member\", \u0026notebooks.InstanceIamMemberArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamMember;\nimport com.pulumi.gcp.notebooks.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIamMember(\"member\", InstanceIamMemberArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:InstanceIamMember\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud AI Notebooks Instance\nThree different resources help you manage your IAM policy for Cloud AI Notebooks Instance. Each of these resources serves a different use case:\n\n* `gcp.notebooks.InstanceIamPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.notebooks.InstanceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.notebooks.InstanceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.InstanceIamPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.notebooks.InstanceIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.InstanceIamBinding` and `gcp.notebooks.InstanceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.InstanceIamBinding` resources **can be** used in conjunction with `gcp.notebooks.InstanceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.notebooks.InstanceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.InstanceIamPolicy(\"policy\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.notebooks.InstanceIamPolicy(\"policy\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.InstanceIamPolicy(\"policy\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewInstanceIamPolicy(ctx, \"policy\", \u0026notebooks.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicy;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIamPolicy(\"policy\", InstanceIamPolicyArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:InstanceIamPolicy\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.InstanceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.InstanceIamBinding(\"binding\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.InstanceIamBinding(\"binding\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.InstanceIamBinding(\"binding\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamBinding(ctx, \"binding\", \u0026notebooks.InstanceIamBindingArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamBinding;\nimport com.pulumi.gcp.notebooks.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIamBinding(\"binding\", InstanceIamBindingArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:InstanceIamBinding\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.InstanceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.InstanceIamMember(\"member\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.InstanceIamMember(\"member\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.InstanceIamMember(\"member\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamMember(ctx, \"member\", \u0026notebooks.InstanceIamMemberArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamMember;\nimport com.pulumi.gcp.notebooks.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIamMember(\"member\", InstanceIamMemberArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:InstanceIamMember\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/instances/{{instance_name}}\n\n* {{project}}/{{location}}/{{instance_name}}\n\n* {{location}}/{{instance_name}}\n\n* {{instance_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud AI Notebooks instance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamMember:InstanceIamMember editor \"projects/{{project}}/locations/{{location}}/instances/{{instance_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamMember:InstanceIamMember editor \"projects/{{project}}/locations/{{location}}/instances/{{instance_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamMember:InstanceIamMember editor projects/{{project}}/locations/{{location}}/instances/{{instance_name}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud AI Notebooks Instance. Each of these resources serves a different use case:\n\n* `gcp.notebooks.InstanceIamPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.notebooks.InstanceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.notebooks.InstanceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.InstanceIamPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.notebooks.InstanceIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.InstanceIamBinding` and `gcp.notebooks.InstanceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.InstanceIamBinding` resources **can be** used in conjunction with `gcp.notebooks.InstanceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.notebooks.InstanceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.InstanceIamPolicy(\"policy\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.notebooks.InstanceIamPolicy(\"policy\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.InstanceIamPolicy(\"policy\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewInstanceIamPolicy(ctx, \"policy\", \u0026notebooks.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicy;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIamPolicy(\"policy\", InstanceIamPolicyArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:InstanceIamPolicy\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.InstanceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.InstanceIamBinding(\"binding\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.InstanceIamBinding(\"binding\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.InstanceIamBinding(\"binding\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamBinding(ctx, \"binding\", \u0026notebooks.InstanceIamBindingArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamBinding;\nimport com.pulumi.gcp.notebooks.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIamBinding(\"binding\", InstanceIamBindingArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:InstanceIamBinding\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.InstanceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.InstanceIamMember(\"member\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.InstanceIamMember(\"member\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.InstanceIamMember(\"member\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamMember(ctx, \"member\", \u0026notebooks.InstanceIamMemberArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamMember;\nimport com.pulumi.gcp.notebooks.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIamMember(\"member\", InstanceIamMemberArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:InstanceIamMember\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud AI Notebooks Instance\nThree different resources help you manage your IAM policy for Cloud AI Notebooks Instance. Each of these resources serves a different use case:\n\n* `gcp.notebooks.InstanceIamPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.notebooks.InstanceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.notebooks.InstanceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.InstanceIamPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.notebooks.InstanceIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.InstanceIamBinding` and `gcp.notebooks.InstanceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.InstanceIamBinding` resources **can be** used in conjunction with `gcp.notebooks.InstanceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.notebooks.InstanceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.InstanceIamPolicy(\"policy\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.notebooks.InstanceIamPolicy(\"policy\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.InstanceIamPolicy(\"policy\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewInstanceIamPolicy(ctx, \"policy\", \u0026notebooks.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicy;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIamPolicy(\"policy\", InstanceIamPolicyArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:InstanceIamPolicy\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.InstanceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.InstanceIamBinding(\"binding\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.InstanceIamBinding(\"binding\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.InstanceIamBinding(\"binding\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamBinding(ctx, \"binding\", \u0026notebooks.InstanceIamBindingArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamBinding;\nimport com.pulumi.gcp.notebooks.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIamBinding(\"binding\", InstanceIamBindingArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:InstanceIamBinding\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.InstanceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.InstanceIamMember(\"member\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.InstanceIamMember(\"member\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.InstanceIamMember(\"member\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamMember(ctx, \"member\", \u0026notebooks.InstanceIamMemberArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamMember;\nimport com.pulumi.gcp.notebooks.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIamMember(\"member\", InstanceIamMemberArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:InstanceIamMember\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/instances/{{instance_name}}\n\n* {{project}}/{{location}}/{{instance_name}}\n\n* {{location}}/{{instance_name}}\n\n* {{instance_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud AI Notebooks instance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamMember:InstanceIamMember editor \"projects/{{project}}/locations/{{location}}/instances/{{instance_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamMember:InstanceIamMember editor \"projects/{{project}}/locations/{{location}}/instances/{{instance_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamMember:InstanceIamMember editor projects/{{project}}/locations/{{location}}/instances/{{instance_name}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:notebooks/InstanceIamMemberCondition:InstanceIamMemberCondition" @@ -247897,7 +247897,7 @@ } }, "gcp:notebooks/instanceIamPolicy:InstanceIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud AI Notebooks Instance. Each of these resources serves a different use case:\n\n* `gcp.notebooks.InstanceIamPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.notebooks.InstanceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.notebooks.InstanceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.InstanceIamPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.notebooks.InstanceIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.InstanceIamBinding` and `gcp.notebooks.InstanceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.InstanceIamBinding` resources **can be** used in conjunction with `gcp.notebooks.InstanceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.notebooks.InstanceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.InstanceIamPolicy(\"policy\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.notebooks.InstanceIamPolicy(\"policy\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.InstanceIamPolicy(\"policy\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewInstanceIamPolicy(ctx, \"policy\", \u0026notebooks.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicy;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIamPolicy(\"policy\", InstanceIamPolicyArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:InstanceIamPolicy\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.InstanceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.InstanceIamBinding(\"binding\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.InstanceIamBinding(\"binding\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.InstanceIamBinding(\"binding\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamBinding(ctx, \"binding\", \u0026notebooks.InstanceIamBindingArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamBinding;\nimport com.pulumi.gcp.notebooks.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIamBinding(\"binding\", InstanceIamBindingArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:InstanceIamBinding\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.InstanceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.InstanceIamMember(\"member\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.InstanceIamMember(\"member\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.InstanceIamMember(\"member\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamMember(ctx, \"member\", \u0026notebooks.InstanceIamMemberArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamMember;\nimport com.pulumi.gcp.notebooks.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIamMember(\"member\", InstanceIamMemberArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:InstanceIamMember\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud AI Notebooks Instance\nThree different resources help you manage your IAM policy for Cloud AI Notebooks Instance. Each of these resources serves a different use case:\n\n* `gcp.notebooks.InstanceIamPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.notebooks.InstanceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.notebooks.InstanceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.InstanceIamPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.notebooks.InstanceIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.InstanceIamBinding` and `gcp.notebooks.InstanceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.InstanceIamBinding` resources **can be** used in conjunction with `gcp.notebooks.InstanceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.notebooks.InstanceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.InstanceIamPolicy(\"policy\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.notebooks.InstanceIamPolicy(\"policy\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.InstanceIamPolicy(\"policy\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewInstanceIamPolicy(ctx, \"policy\", \u0026notebooks.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicy;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIamPolicy(\"policy\", InstanceIamPolicyArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:InstanceIamPolicy\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.InstanceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.InstanceIamBinding(\"binding\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.InstanceIamBinding(\"binding\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.InstanceIamBinding(\"binding\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamBinding(ctx, \"binding\", \u0026notebooks.InstanceIamBindingArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamBinding;\nimport com.pulumi.gcp.notebooks.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIamBinding(\"binding\", InstanceIamBindingArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:InstanceIamBinding\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.InstanceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.InstanceIamMember(\"member\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.InstanceIamMember(\"member\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.InstanceIamMember(\"member\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamMember(ctx, \"member\", \u0026notebooks.InstanceIamMemberArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamMember;\nimport com.pulumi.gcp.notebooks.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIamMember(\"member\", InstanceIamMemberArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:InstanceIamMember\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/instances/{{instance_name}}\n\n* {{project}}/{{location}}/{{instance_name}}\n\n* {{location}}/{{instance_name}}\n\n* {{instance_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud AI Notebooks instance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamPolicy:InstanceIamPolicy editor \"projects/{{project}}/locations/{{location}}/instances/{{instance_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamPolicy:InstanceIamPolicy editor \"projects/{{project}}/locations/{{location}}/instances/{{instance_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamPolicy:InstanceIamPolicy editor projects/{{project}}/locations/{{location}}/instances/{{instance_name}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud AI Notebooks Instance. Each of these resources serves a different use case:\n\n* `gcp.notebooks.InstanceIamPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.notebooks.InstanceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.notebooks.InstanceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.InstanceIamPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.notebooks.InstanceIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.InstanceIamBinding` and `gcp.notebooks.InstanceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.InstanceIamBinding` resources **can be** used in conjunction with `gcp.notebooks.InstanceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.notebooks.InstanceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.InstanceIamPolicy(\"policy\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.notebooks.InstanceIamPolicy(\"policy\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.InstanceIamPolicy(\"policy\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewInstanceIamPolicy(ctx, \"policy\", \u0026notebooks.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicy;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIamPolicy(\"policy\", InstanceIamPolicyArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:InstanceIamPolicy\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.InstanceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.InstanceIamBinding(\"binding\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.InstanceIamBinding(\"binding\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.InstanceIamBinding(\"binding\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamBinding(ctx, \"binding\", \u0026notebooks.InstanceIamBindingArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamBinding;\nimport com.pulumi.gcp.notebooks.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIamBinding(\"binding\", InstanceIamBindingArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:InstanceIamBinding\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.InstanceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.InstanceIamMember(\"member\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.InstanceIamMember(\"member\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.InstanceIamMember(\"member\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamMember(ctx, \"member\", \u0026notebooks.InstanceIamMemberArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamMember;\nimport com.pulumi.gcp.notebooks.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIamMember(\"member\", InstanceIamMemberArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:InstanceIamMember\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud AI Notebooks Instance\nThree different resources help you manage your IAM policy for Cloud AI Notebooks Instance. Each of these resources serves a different use case:\n\n* `gcp.notebooks.InstanceIamPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.notebooks.InstanceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.notebooks.InstanceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.InstanceIamPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.notebooks.InstanceIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.InstanceIamBinding` and `gcp.notebooks.InstanceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.InstanceIamBinding` resources **can be** used in conjunction with `gcp.notebooks.InstanceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.notebooks.InstanceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.InstanceIamPolicy(\"policy\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.notebooks.InstanceIamPolicy(\"policy\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.InstanceIamPolicy(\"policy\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewInstanceIamPolicy(ctx, \"policy\", \u0026notebooks.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicy;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIamPolicy(\"policy\", InstanceIamPolicyArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:InstanceIamPolicy\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.InstanceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.InstanceIamBinding(\"binding\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.InstanceIamBinding(\"binding\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.InstanceIamBinding(\"binding\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamBinding(ctx, \"binding\", \u0026notebooks.InstanceIamBindingArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamBinding;\nimport com.pulumi.gcp.notebooks.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIamBinding(\"binding\", InstanceIamBindingArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:InstanceIamBinding\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.InstanceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.InstanceIamMember(\"member\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.InstanceIamMember(\"member\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.InstanceIamMember(\"member\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamMember(ctx, \"member\", \u0026notebooks.InstanceIamMemberArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamMember;\nimport com.pulumi.gcp.notebooks.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIamMember(\"member\", InstanceIamMemberArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:InstanceIamMember\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/instances/{{instance_name}}\n\n* {{project}}/{{location}}/{{instance_name}}\n\n* {{location}}/{{instance_name}}\n\n* {{instance_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud AI Notebooks instance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamPolicy:InstanceIamPolicy editor \"projects/{{project}}/locations/{{location}}/instances/{{instance_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamPolicy:InstanceIamPolicy editor \"projects/{{project}}/locations/{{location}}/instances/{{instance_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamPolicy:InstanceIamPolicy editor projects/{{project}}/locations/{{location}}/instances/{{instance_name}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -248223,7 +248223,7 @@ } }, "gcp:notebooks/runtimeIamBinding:RuntimeIamBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud AI Notebooks Runtime. Each of these resources serves a different use case:\n\n* `gcp.notebooks.RuntimeIamPolicy`: Authoritative. Sets the IAM policy for the runtime and replaces any existing policy already attached.\n* `gcp.notebooks.RuntimeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the runtime are preserved.\n* `gcp.notebooks.RuntimeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the runtime are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.RuntimeIamPolicy`: Retrieves the IAM policy for the runtime\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.RuntimeIamBinding` and `gcp.notebooks.RuntimeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamBinding` resources **can be** used in conjunction with `gcp.notebooks.RuntimeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.notebooks.RuntimeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.RuntimeIamPolicy(\"policy\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.notebooks.RuntimeIamPolicy(\"policy\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.RuntimeIamPolicy(\"policy\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewRuntimeIamPolicy(ctx, \"policy\", \u0026notebooks.RuntimeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicy;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RuntimeIamPolicy(\"policy\", RuntimeIamPolicyArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:RuntimeIamPolicy\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.RuntimeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.RuntimeIamBinding(\"binding\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.RuntimeIamBinding(\"binding\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.RuntimeIamBinding(\"binding\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamBinding(ctx, \"binding\", \u0026notebooks.RuntimeIamBindingArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamBinding;\nimport com.pulumi.gcp.notebooks.RuntimeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RuntimeIamBinding(\"binding\", RuntimeIamBindingArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:RuntimeIamBinding\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.RuntimeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.RuntimeIamMember(\"member\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.RuntimeIamMember(\"member\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.RuntimeIamMember(\"member\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamMember(ctx, \"member\", \u0026notebooks.RuntimeIamMemberArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamMember;\nimport com.pulumi.gcp.notebooks.RuntimeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RuntimeIamMember(\"member\", RuntimeIamMemberArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:RuntimeIamMember\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud AI Notebooks Runtime\nThree different resources help you manage your IAM policy for Cloud AI Notebooks Runtime. Each of these resources serves a different use case:\n\n* `gcp.notebooks.RuntimeIamPolicy`: Authoritative. Sets the IAM policy for the runtime and replaces any existing policy already attached.\n* `gcp.notebooks.RuntimeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the runtime are preserved.\n* `gcp.notebooks.RuntimeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the runtime are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.RuntimeIamPolicy`: Retrieves the IAM policy for the runtime\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.RuntimeIamBinding` and `gcp.notebooks.RuntimeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamBinding` resources **can be** used in conjunction with `gcp.notebooks.RuntimeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.notebooks.RuntimeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.RuntimeIamPolicy(\"policy\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.notebooks.RuntimeIamPolicy(\"policy\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.RuntimeIamPolicy(\"policy\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewRuntimeIamPolicy(ctx, \"policy\", \u0026notebooks.RuntimeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicy;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RuntimeIamPolicy(\"policy\", RuntimeIamPolicyArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:RuntimeIamPolicy\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.RuntimeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.RuntimeIamBinding(\"binding\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.RuntimeIamBinding(\"binding\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.RuntimeIamBinding(\"binding\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamBinding(ctx, \"binding\", \u0026notebooks.RuntimeIamBindingArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamBinding;\nimport com.pulumi.gcp.notebooks.RuntimeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RuntimeIamBinding(\"binding\", RuntimeIamBindingArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:RuntimeIamBinding\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.RuntimeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.RuntimeIamMember(\"member\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.RuntimeIamMember(\"member\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.RuntimeIamMember(\"member\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamMember(ctx, \"member\", \u0026notebooks.RuntimeIamMemberArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamMember;\nimport com.pulumi.gcp.notebooks.RuntimeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RuntimeIamMember(\"member\", RuntimeIamMemberArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:RuntimeIamMember\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}}\n\n* {{project}}/{{location}}/{{runtime_name}}\n\n* {{location}}/{{runtime_name}}\n\n* {{runtime_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud AI Notebooks runtime IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamBinding:RuntimeIamBinding editor \"projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamBinding:RuntimeIamBinding editor \"projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamBinding:RuntimeIamBinding editor projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud AI Notebooks Runtime. Each of these resources serves a different use case:\n\n* `gcp.notebooks.RuntimeIamPolicy`: Authoritative. Sets the IAM policy for the runtime and replaces any existing policy already attached.\n* `gcp.notebooks.RuntimeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the runtime are preserved.\n* `gcp.notebooks.RuntimeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the runtime are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.RuntimeIamPolicy`: Retrieves the IAM policy for the runtime\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.RuntimeIamBinding` and `gcp.notebooks.RuntimeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamBinding` resources **can be** used in conjunction with `gcp.notebooks.RuntimeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.notebooks.RuntimeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.RuntimeIamPolicy(\"policy\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.notebooks.RuntimeIamPolicy(\"policy\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.RuntimeIamPolicy(\"policy\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewRuntimeIamPolicy(ctx, \"policy\", \u0026notebooks.RuntimeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicy;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RuntimeIamPolicy(\"policy\", RuntimeIamPolicyArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:RuntimeIamPolicy\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.RuntimeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.RuntimeIamBinding(\"binding\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.RuntimeIamBinding(\"binding\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.RuntimeIamBinding(\"binding\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamBinding(ctx, \"binding\", \u0026notebooks.RuntimeIamBindingArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamBinding;\nimport com.pulumi.gcp.notebooks.RuntimeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RuntimeIamBinding(\"binding\", RuntimeIamBindingArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:RuntimeIamBinding\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.RuntimeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.RuntimeIamMember(\"member\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.RuntimeIamMember(\"member\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.RuntimeIamMember(\"member\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamMember(ctx, \"member\", \u0026notebooks.RuntimeIamMemberArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamMember;\nimport com.pulumi.gcp.notebooks.RuntimeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RuntimeIamMember(\"member\", RuntimeIamMemberArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:RuntimeIamMember\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud AI Notebooks Runtime\nThree different resources help you manage your IAM policy for Cloud AI Notebooks Runtime. Each of these resources serves a different use case:\n\n* `gcp.notebooks.RuntimeIamPolicy`: Authoritative. Sets the IAM policy for the runtime and replaces any existing policy already attached.\n* `gcp.notebooks.RuntimeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the runtime are preserved.\n* `gcp.notebooks.RuntimeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the runtime are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.RuntimeIamPolicy`: Retrieves the IAM policy for the runtime\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.RuntimeIamBinding` and `gcp.notebooks.RuntimeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamBinding` resources **can be** used in conjunction with `gcp.notebooks.RuntimeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.notebooks.RuntimeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.RuntimeIamPolicy(\"policy\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.notebooks.RuntimeIamPolicy(\"policy\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.RuntimeIamPolicy(\"policy\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewRuntimeIamPolicy(ctx, \"policy\", \u0026notebooks.RuntimeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicy;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RuntimeIamPolicy(\"policy\", RuntimeIamPolicyArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:RuntimeIamPolicy\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.RuntimeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.RuntimeIamBinding(\"binding\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.RuntimeIamBinding(\"binding\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.RuntimeIamBinding(\"binding\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamBinding(ctx, \"binding\", \u0026notebooks.RuntimeIamBindingArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamBinding;\nimport com.pulumi.gcp.notebooks.RuntimeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RuntimeIamBinding(\"binding\", RuntimeIamBindingArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:RuntimeIamBinding\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.RuntimeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.RuntimeIamMember(\"member\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.RuntimeIamMember(\"member\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.RuntimeIamMember(\"member\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamMember(ctx, \"member\", \u0026notebooks.RuntimeIamMemberArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamMember;\nimport com.pulumi.gcp.notebooks.RuntimeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RuntimeIamMember(\"member\", RuntimeIamMemberArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:RuntimeIamMember\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}}\n\n* {{project}}/{{location}}/{{runtime_name}}\n\n* {{location}}/{{runtime_name}}\n\n* {{runtime_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud AI Notebooks runtime IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamBinding:RuntimeIamBinding editor \"projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamBinding:RuntimeIamBinding editor \"projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamBinding:RuntimeIamBinding editor projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:notebooks/RuntimeIamBindingCondition:RuntimeIamBindingCondition" @@ -248345,7 +248345,7 @@ } }, "gcp:notebooks/runtimeIamMember:RuntimeIamMember": { - "description": "Three different resources help you manage your IAM policy for Cloud AI Notebooks Runtime. Each of these resources serves a different use case:\n\n* `gcp.notebooks.RuntimeIamPolicy`: Authoritative. Sets the IAM policy for the runtime and replaces any existing policy already attached.\n* `gcp.notebooks.RuntimeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the runtime are preserved.\n* `gcp.notebooks.RuntimeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the runtime are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.RuntimeIamPolicy`: Retrieves the IAM policy for the runtime\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.RuntimeIamBinding` and `gcp.notebooks.RuntimeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamBinding` resources **can be** used in conjunction with `gcp.notebooks.RuntimeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.notebooks.RuntimeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.RuntimeIamPolicy(\"policy\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.notebooks.RuntimeIamPolicy(\"policy\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.RuntimeIamPolicy(\"policy\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewRuntimeIamPolicy(ctx, \"policy\", \u0026notebooks.RuntimeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicy;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RuntimeIamPolicy(\"policy\", RuntimeIamPolicyArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:RuntimeIamPolicy\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.RuntimeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.RuntimeIamBinding(\"binding\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.RuntimeIamBinding(\"binding\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.RuntimeIamBinding(\"binding\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamBinding(ctx, \"binding\", \u0026notebooks.RuntimeIamBindingArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamBinding;\nimport com.pulumi.gcp.notebooks.RuntimeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RuntimeIamBinding(\"binding\", RuntimeIamBindingArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:RuntimeIamBinding\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.RuntimeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.RuntimeIamMember(\"member\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.RuntimeIamMember(\"member\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.RuntimeIamMember(\"member\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamMember(ctx, \"member\", \u0026notebooks.RuntimeIamMemberArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamMember;\nimport com.pulumi.gcp.notebooks.RuntimeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RuntimeIamMember(\"member\", RuntimeIamMemberArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:RuntimeIamMember\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud AI Notebooks Runtime\nThree different resources help you manage your IAM policy for Cloud AI Notebooks Runtime. Each of these resources serves a different use case:\n\n* `gcp.notebooks.RuntimeIamPolicy`: Authoritative. Sets the IAM policy for the runtime and replaces any existing policy already attached.\n* `gcp.notebooks.RuntimeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the runtime are preserved.\n* `gcp.notebooks.RuntimeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the runtime are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.RuntimeIamPolicy`: Retrieves the IAM policy for the runtime\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.RuntimeIamBinding` and `gcp.notebooks.RuntimeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamBinding` resources **can be** used in conjunction with `gcp.notebooks.RuntimeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.notebooks.RuntimeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.RuntimeIamPolicy(\"policy\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.notebooks.RuntimeIamPolicy(\"policy\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.RuntimeIamPolicy(\"policy\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewRuntimeIamPolicy(ctx, \"policy\", \u0026notebooks.RuntimeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicy;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RuntimeIamPolicy(\"policy\", RuntimeIamPolicyArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:RuntimeIamPolicy\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.RuntimeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.RuntimeIamBinding(\"binding\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.RuntimeIamBinding(\"binding\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.RuntimeIamBinding(\"binding\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamBinding(ctx, \"binding\", \u0026notebooks.RuntimeIamBindingArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamBinding;\nimport com.pulumi.gcp.notebooks.RuntimeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RuntimeIamBinding(\"binding\", RuntimeIamBindingArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:RuntimeIamBinding\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.RuntimeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.RuntimeIamMember(\"member\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.RuntimeIamMember(\"member\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.RuntimeIamMember(\"member\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamMember(ctx, \"member\", \u0026notebooks.RuntimeIamMemberArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamMember;\nimport com.pulumi.gcp.notebooks.RuntimeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RuntimeIamMember(\"member\", RuntimeIamMemberArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:RuntimeIamMember\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}}\n\n* {{project}}/{{location}}/{{runtime_name}}\n\n* {{location}}/{{runtime_name}}\n\n* {{runtime_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud AI Notebooks runtime IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamMember:RuntimeIamMember editor \"projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamMember:RuntimeIamMember editor \"projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamMember:RuntimeIamMember editor projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud AI Notebooks Runtime. Each of these resources serves a different use case:\n\n* `gcp.notebooks.RuntimeIamPolicy`: Authoritative. Sets the IAM policy for the runtime and replaces any existing policy already attached.\n* `gcp.notebooks.RuntimeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the runtime are preserved.\n* `gcp.notebooks.RuntimeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the runtime are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.RuntimeIamPolicy`: Retrieves the IAM policy for the runtime\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.RuntimeIamBinding` and `gcp.notebooks.RuntimeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamBinding` resources **can be** used in conjunction with `gcp.notebooks.RuntimeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.notebooks.RuntimeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.RuntimeIamPolicy(\"policy\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.notebooks.RuntimeIamPolicy(\"policy\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.RuntimeIamPolicy(\"policy\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewRuntimeIamPolicy(ctx, \"policy\", \u0026notebooks.RuntimeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicy;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RuntimeIamPolicy(\"policy\", RuntimeIamPolicyArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:RuntimeIamPolicy\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.RuntimeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.RuntimeIamBinding(\"binding\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.RuntimeIamBinding(\"binding\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.RuntimeIamBinding(\"binding\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamBinding(ctx, \"binding\", \u0026notebooks.RuntimeIamBindingArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamBinding;\nimport com.pulumi.gcp.notebooks.RuntimeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RuntimeIamBinding(\"binding\", RuntimeIamBindingArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:RuntimeIamBinding\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.RuntimeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.RuntimeIamMember(\"member\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.RuntimeIamMember(\"member\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.RuntimeIamMember(\"member\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamMember(ctx, \"member\", \u0026notebooks.RuntimeIamMemberArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamMember;\nimport com.pulumi.gcp.notebooks.RuntimeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RuntimeIamMember(\"member\", RuntimeIamMemberArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:RuntimeIamMember\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud AI Notebooks Runtime\nThree different resources help you manage your IAM policy for Cloud AI Notebooks Runtime. Each of these resources serves a different use case:\n\n* `gcp.notebooks.RuntimeIamPolicy`: Authoritative. Sets the IAM policy for the runtime and replaces any existing policy already attached.\n* `gcp.notebooks.RuntimeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the runtime are preserved.\n* `gcp.notebooks.RuntimeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the runtime are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.RuntimeIamPolicy`: Retrieves the IAM policy for the runtime\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.RuntimeIamBinding` and `gcp.notebooks.RuntimeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamBinding` resources **can be** used in conjunction with `gcp.notebooks.RuntimeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.notebooks.RuntimeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.RuntimeIamPolicy(\"policy\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.notebooks.RuntimeIamPolicy(\"policy\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.RuntimeIamPolicy(\"policy\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewRuntimeIamPolicy(ctx, \"policy\", \u0026notebooks.RuntimeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicy;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RuntimeIamPolicy(\"policy\", RuntimeIamPolicyArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:RuntimeIamPolicy\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.RuntimeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.RuntimeIamBinding(\"binding\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.RuntimeIamBinding(\"binding\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.RuntimeIamBinding(\"binding\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamBinding(ctx, \"binding\", \u0026notebooks.RuntimeIamBindingArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamBinding;\nimport com.pulumi.gcp.notebooks.RuntimeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RuntimeIamBinding(\"binding\", RuntimeIamBindingArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:RuntimeIamBinding\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.RuntimeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.RuntimeIamMember(\"member\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.RuntimeIamMember(\"member\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.RuntimeIamMember(\"member\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamMember(ctx, \"member\", \u0026notebooks.RuntimeIamMemberArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamMember;\nimport com.pulumi.gcp.notebooks.RuntimeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RuntimeIamMember(\"member\", RuntimeIamMemberArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:RuntimeIamMember\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}}\n\n* {{project}}/{{location}}/{{runtime_name}}\n\n* {{location}}/{{runtime_name}}\n\n* {{runtime_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud AI Notebooks runtime IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamMember:RuntimeIamMember editor \"projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamMember:RuntimeIamMember editor \"projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamMember:RuntimeIamMember editor projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:notebooks/RuntimeIamMemberCondition:RuntimeIamMemberCondition" @@ -248460,7 +248460,7 @@ } }, "gcp:notebooks/runtimeIamPolicy:RuntimeIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud AI Notebooks Runtime. Each of these resources serves a different use case:\n\n* `gcp.notebooks.RuntimeIamPolicy`: Authoritative. Sets the IAM policy for the runtime and replaces any existing policy already attached.\n* `gcp.notebooks.RuntimeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the runtime are preserved.\n* `gcp.notebooks.RuntimeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the runtime are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.RuntimeIamPolicy`: Retrieves the IAM policy for the runtime\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.RuntimeIamBinding` and `gcp.notebooks.RuntimeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamBinding` resources **can be** used in conjunction with `gcp.notebooks.RuntimeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.notebooks.RuntimeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.RuntimeIamPolicy(\"policy\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.notebooks.RuntimeIamPolicy(\"policy\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.RuntimeIamPolicy(\"policy\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewRuntimeIamPolicy(ctx, \"policy\", \u0026notebooks.RuntimeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicy;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RuntimeIamPolicy(\"policy\", RuntimeIamPolicyArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:RuntimeIamPolicy\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.RuntimeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.RuntimeIamBinding(\"binding\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.RuntimeIamBinding(\"binding\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.RuntimeIamBinding(\"binding\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamBinding(ctx, \"binding\", \u0026notebooks.RuntimeIamBindingArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamBinding;\nimport com.pulumi.gcp.notebooks.RuntimeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RuntimeIamBinding(\"binding\", RuntimeIamBindingArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:RuntimeIamBinding\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.RuntimeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.RuntimeIamMember(\"member\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.RuntimeIamMember(\"member\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.RuntimeIamMember(\"member\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamMember(ctx, \"member\", \u0026notebooks.RuntimeIamMemberArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamMember;\nimport com.pulumi.gcp.notebooks.RuntimeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RuntimeIamMember(\"member\", RuntimeIamMemberArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:RuntimeIamMember\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud AI Notebooks Runtime\nThree different resources help you manage your IAM policy for Cloud AI Notebooks Runtime. Each of these resources serves a different use case:\n\n* `gcp.notebooks.RuntimeIamPolicy`: Authoritative. Sets the IAM policy for the runtime and replaces any existing policy already attached.\n* `gcp.notebooks.RuntimeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the runtime are preserved.\n* `gcp.notebooks.RuntimeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the runtime are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.RuntimeIamPolicy`: Retrieves the IAM policy for the runtime\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.RuntimeIamBinding` and `gcp.notebooks.RuntimeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamBinding` resources **can be** used in conjunction with `gcp.notebooks.RuntimeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.notebooks.RuntimeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.RuntimeIamPolicy(\"policy\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.notebooks.RuntimeIamPolicy(\"policy\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.RuntimeIamPolicy(\"policy\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewRuntimeIamPolicy(ctx, \"policy\", \u0026notebooks.RuntimeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicy;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RuntimeIamPolicy(\"policy\", RuntimeIamPolicyArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:RuntimeIamPolicy\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.RuntimeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.RuntimeIamBinding(\"binding\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.RuntimeIamBinding(\"binding\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.RuntimeIamBinding(\"binding\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamBinding(ctx, \"binding\", \u0026notebooks.RuntimeIamBindingArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamBinding;\nimport com.pulumi.gcp.notebooks.RuntimeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RuntimeIamBinding(\"binding\", RuntimeIamBindingArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:RuntimeIamBinding\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.RuntimeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.RuntimeIamMember(\"member\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.RuntimeIamMember(\"member\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.RuntimeIamMember(\"member\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamMember(ctx, \"member\", \u0026notebooks.RuntimeIamMemberArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamMember;\nimport com.pulumi.gcp.notebooks.RuntimeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RuntimeIamMember(\"member\", RuntimeIamMemberArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:RuntimeIamMember\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}}\n\n* {{project}}/{{location}}/{{runtime_name}}\n\n* {{location}}/{{runtime_name}}\n\n* {{runtime_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud AI Notebooks runtime IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamPolicy:RuntimeIamPolicy editor \"projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamPolicy:RuntimeIamPolicy editor \"projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamPolicy:RuntimeIamPolicy editor projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud AI Notebooks Runtime. Each of these resources serves a different use case:\n\n* `gcp.notebooks.RuntimeIamPolicy`: Authoritative. Sets the IAM policy for the runtime and replaces any existing policy already attached.\n* `gcp.notebooks.RuntimeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the runtime are preserved.\n* `gcp.notebooks.RuntimeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the runtime are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.RuntimeIamPolicy`: Retrieves the IAM policy for the runtime\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.RuntimeIamBinding` and `gcp.notebooks.RuntimeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamBinding` resources **can be** used in conjunction with `gcp.notebooks.RuntimeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.notebooks.RuntimeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.RuntimeIamPolicy(\"policy\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.notebooks.RuntimeIamPolicy(\"policy\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.RuntimeIamPolicy(\"policy\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewRuntimeIamPolicy(ctx, \"policy\", \u0026notebooks.RuntimeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicy;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RuntimeIamPolicy(\"policy\", RuntimeIamPolicyArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:RuntimeIamPolicy\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.RuntimeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.RuntimeIamBinding(\"binding\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.RuntimeIamBinding(\"binding\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.RuntimeIamBinding(\"binding\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamBinding(ctx, \"binding\", \u0026notebooks.RuntimeIamBindingArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamBinding;\nimport com.pulumi.gcp.notebooks.RuntimeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RuntimeIamBinding(\"binding\", RuntimeIamBindingArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:RuntimeIamBinding\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.RuntimeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.RuntimeIamMember(\"member\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.RuntimeIamMember(\"member\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.RuntimeIamMember(\"member\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamMember(ctx, \"member\", \u0026notebooks.RuntimeIamMemberArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamMember;\nimport com.pulumi.gcp.notebooks.RuntimeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RuntimeIamMember(\"member\", RuntimeIamMemberArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:RuntimeIamMember\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud AI Notebooks Runtime\nThree different resources help you manage your IAM policy for Cloud AI Notebooks Runtime. Each of these resources serves a different use case:\n\n* `gcp.notebooks.RuntimeIamPolicy`: Authoritative. Sets the IAM policy for the runtime and replaces any existing policy already attached.\n* `gcp.notebooks.RuntimeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the runtime are preserved.\n* `gcp.notebooks.RuntimeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the runtime are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.RuntimeIamPolicy`: Retrieves the IAM policy for the runtime\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.RuntimeIamBinding` and `gcp.notebooks.RuntimeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamBinding` resources **can be** used in conjunction with `gcp.notebooks.RuntimeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.notebooks.RuntimeIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.RuntimeIamPolicy(\"policy\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.notebooks.RuntimeIamPolicy(\"policy\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.RuntimeIamPolicy(\"policy\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewRuntimeIamPolicy(ctx, \"policy\", \u0026notebooks.RuntimeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicy;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RuntimeIamPolicy(\"policy\", RuntimeIamPolicyArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:RuntimeIamPolicy\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.RuntimeIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.RuntimeIamBinding(\"binding\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.RuntimeIamBinding(\"binding\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.RuntimeIamBinding(\"binding\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamBinding(ctx, \"binding\", \u0026notebooks.RuntimeIamBindingArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamBinding;\nimport com.pulumi.gcp.notebooks.RuntimeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RuntimeIamBinding(\"binding\", RuntimeIamBindingArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:RuntimeIamBinding\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.notebooks.RuntimeIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.RuntimeIamMember(\"member\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.RuntimeIamMember(\"member\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.RuntimeIamMember(\"member\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamMember(ctx, \"member\", \u0026notebooks.RuntimeIamMemberArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamMember;\nimport com.pulumi.gcp.notebooks.RuntimeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RuntimeIamMember(\"member\", RuntimeIamMemberArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:RuntimeIamMember\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}}\n\n* {{project}}/{{location}}/{{runtime_name}}\n\n* {{location}}/{{runtime_name}}\n\n* {{runtime_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud AI Notebooks runtime IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamPolicy:RuntimeIamPolicy editor \"projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamPolicy:RuntimeIamPolicy editor \"projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamPolicy:RuntimeIamPolicy editor projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -248546,7 +248546,7 @@ } }, "gcp:oracledatabase/autonomousDatabase:AutonomousDatabase": { - "description": "An AutonomousDatabase resource.\n\n\nTo get more information about AutonomousDatabase, see:\n\n* [API documentation](https://cloud.google.com/oracle/database/docs/reference/rest/v1/projects.locations.autonomousDatabases)\n* How-to Guides\n * [Create Autonomous databases](https://cloud.google.com/oracle/database/docs/create-databases)\n\n## Example Usage\n\n### Oracledatabase Autonomous Database Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getNetwork({\n name: \"new\",\n project: \"my-project\",\n});\nconst myADB = new gcp.oracledatabase.AutonomousDatabase(\"myADB\", {\n autonomousDatabaseId: \"my-instance\",\n location: \"us-east4\",\n project: \"my-project\",\n database: \"testdb\",\n adminPassword: \"123Abpassword\",\n network: _default.then(_default =\u003e _default.id),\n cidr: \"10.5.0.0/24\",\n properties: {\n computeCount: 2,\n dataStorageSizeTb: 1,\n dbVersion: \"19c\",\n dbWorkload: \"OLTP\",\n licenseType: \"LICENSE_INCLUDED\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_network(name=\"new\",\n project=\"my-project\")\nmy_adb = gcp.oracledatabase.AutonomousDatabase(\"myADB\",\n autonomous_database_id=\"my-instance\",\n location=\"us-east4\",\n project=\"my-project\",\n database=\"testdb\",\n admin_password=\"123Abpassword\",\n network=default.id,\n cidr=\"10.5.0.0/24\",\n properties={\n \"compute_count\": 2,\n \"data_storage_size_tb\": 1,\n \"db_version\": \"19c\",\n \"db_workload\": \"OLTP\",\n \"license_type\": \"LICENSE_INCLUDED\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"new\",\n Project = \"my-project\",\n });\n\n var myADB = new Gcp.OracleDatabase.AutonomousDatabase(\"myADB\", new()\n {\n AutonomousDatabaseId = \"my-instance\",\n Location = \"us-east4\",\n Project = \"my-project\",\n Database = \"testdb\",\n AdminPassword = \"123Abpassword\",\n Network = @default.Apply(@default =\u003e @default.Apply(getNetworkResult =\u003e getNetworkResult.Id)),\n Cidr = \"10.5.0.0/24\",\n Properties = new Gcp.OracleDatabase.Inputs.AutonomousDatabasePropertiesArgs\n {\n ComputeCount = 2,\n DataStorageSizeTb = 1,\n DbVersion = \"19c\",\n DbWorkload = \"OLTP\",\n LicenseType = \"LICENSE_INCLUDED\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/oracledatabase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"new\",\n\t\t\tProject: pulumi.StringRef(\"my-project\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = oracledatabase.NewAutonomousDatabase(ctx, \"myADB\", \u0026oracledatabase.AutonomousDatabaseArgs{\n\t\t\tAutonomousDatabaseId: pulumi.String(\"my-instance\"),\n\t\t\tLocation: pulumi.String(\"us-east4\"),\n\t\t\tProject: pulumi.String(\"my-project\"),\n\t\t\tDatabase: pulumi.String(\"testdb\"),\n\t\t\tAdminPassword: pulumi.String(\"123Abpassword\"),\n\t\t\tNetwork: pulumi.String(_default.Id),\n\t\t\tCidr: pulumi.String(\"10.5.0.0/24\"),\n\t\t\tProperties: \u0026oracledatabase.AutonomousDatabasePropertiesArgs{\n\t\t\t\tComputeCount: pulumi.Float64(2),\n\t\t\t\tDataStorageSizeTb: pulumi.Int(1),\n\t\t\t\tDbVersion: pulumi.String(\"19c\"),\n\t\t\t\tDbWorkload: pulumi.String(\"OLTP\"),\n\t\t\t\tLicenseType: pulumi.String(\"LICENSE_INCLUDED\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport com.pulumi.gcp.oracledatabase.AutonomousDatabase;\nimport com.pulumi.gcp.oracledatabase.AutonomousDatabaseArgs;\nimport com.pulumi.gcp.oracledatabase.inputs.AutonomousDatabasePropertiesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"new\")\n .project(\"my-project\")\n .build());\n\n var myADB = new AutonomousDatabase(\"myADB\", AutonomousDatabaseArgs.builder()\n .autonomousDatabaseId(\"my-instance\")\n .location(\"us-east4\")\n .project(\"my-project\")\n .database(\"testdb\")\n .adminPassword(\"123Abpassword\")\n .network(default_.id())\n .cidr(\"10.5.0.0/24\")\n .properties(AutonomousDatabasePropertiesArgs.builder()\n .computeCount(\"2\")\n .dataStorageSizeTb(\"1\")\n .dbVersion(\"19c\")\n .dbWorkload(\"OLTP\")\n .licenseType(\"LICENSE_INCLUDED\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myADB:\n type: gcp:oracledatabase:AutonomousDatabase\n properties:\n autonomousDatabaseId: my-instance\n location: us-east4\n project: my-project\n database: testdb\n adminPassword: 123Abpassword\n network: ${default.id}\n cidr: 10.5.0.0/24\n properties:\n computeCount: '2'\n dataStorageSizeTb: '1'\n dbVersion: 19c\n dbWorkload: OLTP\n licenseType: LICENSE_INCLUDED\nvariables:\n default:\n fn::invoke:\n Function: gcp:compute:getNetwork\n Arguments:\n name: new\n project: my-project\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Oracledatabase Autonomous Database Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getNetwork({\n name: \"new\",\n project: \"my-project\",\n});\nconst myADB = new gcp.oracledatabase.AutonomousDatabase(\"myADB\", {\n autonomousDatabaseId: \"my-instance\",\n location: \"us-east4\",\n project: \"my-project\",\n displayName: \"autonomousDatabase displayname\",\n database: \"testdatabase\",\n adminPassword: \"123Abpassword\",\n network: _default.then(_default =\u003e _default.id),\n cidr: \"10.5.0.0/24\",\n labels: {\n \"label-one\": \"value-one\",\n },\n properties: {\n computeCount: 2,\n dataStorageSizeGb: 48,\n dbVersion: \"19c\",\n dbEdition: \"STANDARD_EDITION\",\n dbWorkload: \"OLTP\",\n isAutoScalingEnabled: true,\n licenseType: \"BRING_YOUR_OWN_LICENSE\",\n backupRetentionPeriodDays: 60,\n characterSet: \"AL32UTF8\",\n isStorageAutoScalingEnabled: false,\n maintenanceScheduleType: \"REGULAR\",\n mtlsConnectionRequired: false,\n nCharacterSet: \"AL16UTF16\",\n operationsInsightsState: \"NOT_ENABLED\",\n customerContacts: [{\n email: \"xyz@example.com\",\n }],\n privateEndpointIp: \"10.5.0.11\",\n privateEndpointLabel: \"testhost\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_network(name=\"new\",\n project=\"my-project\")\nmy_adb = gcp.oracledatabase.AutonomousDatabase(\"myADB\",\n autonomous_database_id=\"my-instance\",\n location=\"us-east4\",\n project=\"my-project\",\n display_name=\"autonomousDatabase displayname\",\n database=\"testdatabase\",\n admin_password=\"123Abpassword\",\n network=default.id,\n cidr=\"10.5.0.0/24\",\n labels={\n \"label-one\": \"value-one\",\n },\n properties={\n \"compute_count\": 2,\n \"data_storage_size_gb\": 48,\n \"db_version\": \"19c\",\n \"db_edition\": \"STANDARD_EDITION\",\n \"db_workload\": \"OLTP\",\n \"is_auto_scaling_enabled\": True,\n \"license_type\": \"BRING_YOUR_OWN_LICENSE\",\n \"backup_retention_period_days\": 60,\n \"character_set\": \"AL32UTF8\",\n \"is_storage_auto_scaling_enabled\": False,\n \"maintenance_schedule_type\": \"REGULAR\",\n \"mtls_connection_required\": False,\n \"n_character_set\": \"AL16UTF16\",\n \"operations_insights_state\": \"NOT_ENABLED\",\n \"customer_contacts\": [{\n \"email\": \"xyz@example.com\",\n }],\n \"private_endpoint_ip\": \"10.5.0.11\",\n \"private_endpoint_label\": \"testhost\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"new\",\n Project = \"my-project\",\n });\n\n var myADB = new Gcp.OracleDatabase.AutonomousDatabase(\"myADB\", new()\n {\n AutonomousDatabaseId = \"my-instance\",\n Location = \"us-east4\",\n Project = \"my-project\",\n DisplayName = \"autonomousDatabase displayname\",\n Database = \"testdatabase\",\n AdminPassword = \"123Abpassword\",\n Network = @default.Apply(@default =\u003e @default.Apply(getNetworkResult =\u003e getNetworkResult.Id)),\n Cidr = \"10.5.0.0/24\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n Properties = new Gcp.OracleDatabase.Inputs.AutonomousDatabasePropertiesArgs\n {\n ComputeCount = 2,\n DataStorageSizeGb = 48,\n DbVersion = \"19c\",\n DbEdition = \"STANDARD_EDITION\",\n DbWorkload = \"OLTP\",\n IsAutoScalingEnabled = true,\n LicenseType = \"BRING_YOUR_OWN_LICENSE\",\n BackupRetentionPeriodDays = 60,\n CharacterSet = \"AL32UTF8\",\n IsStorageAutoScalingEnabled = false,\n MaintenanceScheduleType = \"REGULAR\",\n MtlsConnectionRequired = false,\n NCharacterSet = \"AL16UTF16\",\n OperationsInsightsState = \"NOT_ENABLED\",\n CustomerContacts = new[]\n {\n new Gcp.OracleDatabase.Inputs.AutonomousDatabasePropertiesCustomerContactArgs\n {\n Email = \"xyz@example.com\",\n },\n },\n PrivateEndpointIp = \"10.5.0.11\",\n PrivateEndpointLabel = \"testhost\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/oracledatabase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"new\",\n\t\t\tProject: pulumi.StringRef(\"my-project\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = oracledatabase.NewAutonomousDatabase(ctx, \"myADB\", \u0026oracledatabase.AutonomousDatabaseArgs{\n\t\t\tAutonomousDatabaseId: pulumi.String(\"my-instance\"),\n\t\t\tLocation: pulumi.String(\"us-east4\"),\n\t\t\tProject: pulumi.String(\"my-project\"),\n\t\t\tDisplayName: pulumi.String(\"autonomousDatabase displayname\"),\n\t\t\tDatabase: pulumi.String(\"testdatabase\"),\n\t\t\tAdminPassword: pulumi.String(\"123Abpassword\"),\n\t\t\tNetwork: pulumi.String(_default.Id),\n\t\t\tCidr: pulumi.String(\"10.5.0.0/24\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tProperties: \u0026oracledatabase.AutonomousDatabasePropertiesArgs{\n\t\t\t\tComputeCount: pulumi.Float64(2),\n\t\t\t\tDataStorageSizeGb: pulumi.Int(48),\n\t\t\t\tDbVersion: pulumi.String(\"19c\"),\n\t\t\t\tDbEdition: pulumi.String(\"STANDARD_EDITION\"),\n\t\t\t\tDbWorkload: pulumi.String(\"OLTP\"),\n\t\t\t\tIsAutoScalingEnabled: pulumi.Bool(true),\n\t\t\t\tLicenseType: pulumi.String(\"BRING_YOUR_OWN_LICENSE\"),\n\t\t\t\tBackupRetentionPeriodDays: pulumi.Int(60),\n\t\t\t\tCharacterSet: pulumi.String(\"AL32UTF8\"),\n\t\t\t\tIsStorageAutoScalingEnabled: pulumi.Bool(false),\n\t\t\t\tMaintenanceScheduleType: pulumi.String(\"REGULAR\"),\n\t\t\t\tMtlsConnectionRequired: pulumi.Bool(false),\n\t\t\t\tNCharacterSet: pulumi.String(\"AL16UTF16\"),\n\t\t\t\tOperationsInsightsState: pulumi.String(\"NOT_ENABLED\"),\n\t\t\t\tCustomerContacts: oracledatabase.AutonomousDatabasePropertiesCustomerContactArray{\n\t\t\t\t\t\u0026oracledatabase.AutonomousDatabasePropertiesCustomerContactArgs{\n\t\t\t\t\t\tEmail: pulumi.String(\"xyz@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tPrivateEndpointIp: pulumi.String(\"10.5.0.11\"),\n\t\t\t\tPrivateEndpointLabel: pulumi.String(\"testhost\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport com.pulumi.gcp.oracledatabase.AutonomousDatabase;\nimport com.pulumi.gcp.oracledatabase.AutonomousDatabaseArgs;\nimport com.pulumi.gcp.oracledatabase.inputs.AutonomousDatabasePropertiesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"new\")\n .project(\"my-project\")\n .build());\n\n var myADB = new AutonomousDatabase(\"myADB\", AutonomousDatabaseArgs.builder()\n .autonomousDatabaseId(\"my-instance\")\n .location(\"us-east4\")\n .project(\"my-project\")\n .displayName(\"autonomousDatabase displayname\")\n .database(\"testdatabase\")\n .adminPassword(\"123Abpassword\")\n .network(default_.id())\n .cidr(\"10.5.0.0/24\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .properties(AutonomousDatabasePropertiesArgs.builder()\n .computeCount(\"2\")\n .dataStorageSizeGb(\"48\")\n .dbVersion(\"19c\")\n .dbEdition(\"STANDARD_EDITION\")\n .dbWorkload(\"OLTP\")\n .isAutoScalingEnabled(\"true\")\n .licenseType(\"BRING_YOUR_OWN_LICENSE\")\n .backupRetentionPeriodDays(\"60\")\n .characterSet(\"AL32UTF8\")\n .isStorageAutoScalingEnabled(\"false\")\n .maintenanceScheduleType(\"REGULAR\")\n .mtlsConnectionRequired(\"false\")\n .nCharacterSet(\"AL16UTF16\")\n .operationsInsightsState(\"NOT_ENABLED\")\n .customerContacts(AutonomousDatabasePropertiesCustomerContactArgs.builder()\n .email(\"xyz@example.com\")\n .build())\n .privateEndpointIp(\"10.5.0.11\")\n .privateEndpointLabel(\"testhost\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myADB:\n type: gcp:oracledatabase:AutonomousDatabase\n properties:\n autonomousDatabaseId: my-instance\n location: us-east4\n project: my-project\n displayName: autonomousDatabase displayname\n database: testdatabase\n adminPassword: 123Abpassword\n network: ${default.id}\n cidr: 10.5.0.0/24\n labels:\n label-one: value-one\n properties:\n computeCount: '2'\n dataStorageSizeGb: '48'\n dbVersion: 19c\n dbEdition: STANDARD_EDITION\n dbWorkload: OLTP\n isAutoScalingEnabled: 'true'\n licenseType: BRING_YOUR_OWN_LICENSE\n backupRetentionPeriodDays: '60'\n characterSet: AL32UTF8\n isStorageAutoScalingEnabled: 'false'\n maintenanceScheduleType: REGULAR\n mtlsConnectionRequired: 'false'\n nCharacterSet: AL16UTF16\n operationsInsightsState: NOT_ENABLED\n customerContacts:\n - email: xyz@example.com\n privateEndpointIp: 10.5.0.11\n privateEndpointLabel: testhost\nvariables:\n default:\n fn::invoke:\n Function: gcp:compute:getNetwork\n Arguments:\n name: new\n project: my-project\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAutonomousDatabase can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/autonomousDatabases/{{autonomous_database_id}}`\n\n* `{{project}}/{{location}}/{{autonomous_database_id}}`\n\n* `{{location}}/{{autonomous_database_id}}`\n\nWhen using the `pulumi import` command, AutonomousDatabase can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:oracledatabase/autonomousDatabase:AutonomousDatabase default projects/{{project}}/locations/{{location}}/autonomousDatabases/{{autonomous_database_id}}\n```\n\n```sh\n$ pulumi import gcp:oracledatabase/autonomousDatabase:AutonomousDatabase default {{project}}/{{location}}/{{autonomous_database_id}}\n```\n\n```sh\n$ pulumi import gcp:oracledatabase/autonomousDatabase:AutonomousDatabase default {{location}}/{{autonomous_database_id}}\n```\n\n", + "description": "An AutonomousDatabase resource.\n\n\nTo get more information about AutonomousDatabase, see:\n\n* [API documentation](https://cloud.google.com/oracle/database/docs/reference/rest/v1/projects.locations.autonomousDatabases)\n* How-to Guides\n * [Create Autonomous databases](https://cloud.google.com/oracle/database/docs/create-databases)\n\n## Example Usage\n\n### Oracledatabase Autonomous Database Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getNetwork({\n name: \"new\",\n project: \"my-project\",\n});\nconst myADB = new gcp.oracledatabase.AutonomousDatabase(\"myADB\", {\n autonomousDatabaseId: \"my-instance\",\n location: \"us-east4\",\n project: \"my-project\",\n database: \"testdb\",\n adminPassword: \"123Abpassword\",\n network: _default.then(_default =\u003e _default.id),\n cidr: \"10.5.0.0/24\",\n properties: {\n computeCount: 2,\n dataStorageSizeTb: 1,\n dbVersion: \"19c\",\n dbWorkload: \"OLTP\",\n licenseType: \"LICENSE_INCLUDED\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_network(name=\"new\",\n project=\"my-project\")\nmy_adb = gcp.oracledatabase.AutonomousDatabase(\"myADB\",\n autonomous_database_id=\"my-instance\",\n location=\"us-east4\",\n project=\"my-project\",\n database=\"testdb\",\n admin_password=\"123Abpassword\",\n network=default.id,\n cidr=\"10.5.0.0/24\",\n properties={\n \"compute_count\": 2,\n \"data_storage_size_tb\": 1,\n \"db_version\": \"19c\",\n \"db_workload\": \"OLTP\",\n \"license_type\": \"LICENSE_INCLUDED\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"new\",\n Project = \"my-project\",\n });\n\n var myADB = new Gcp.OracleDatabase.AutonomousDatabase(\"myADB\", new()\n {\n AutonomousDatabaseId = \"my-instance\",\n Location = \"us-east4\",\n Project = \"my-project\",\n Database = \"testdb\",\n AdminPassword = \"123Abpassword\",\n Network = @default.Apply(@default =\u003e @default.Apply(getNetworkResult =\u003e getNetworkResult.Id)),\n Cidr = \"10.5.0.0/24\",\n Properties = new Gcp.OracleDatabase.Inputs.AutonomousDatabasePropertiesArgs\n {\n ComputeCount = 2,\n DataStorageSizeTb = 1,\n DbVersion = \"19c\",\n DbWorkload = \"OLTP\",\n LicenseType = \"LICENSE_INCLUDED\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/oracledatabase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"new\",\n\t\t\tProject: pulumi.StringRef(\"my-project\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = oracledatabase.NewAutonomousDatabase(ctx, \"myADB\", \u0026oracledatabase.AutonomousDatabaseArgs{\n\t\t\tAutonomousDatabaseId: pulumi.String(\"my-instance\"),\n\t\t\tLocation: pulumi.String(\"us-east4\"),\n\t\t\tProject: pulumi.String(\"my-project\"),\n\t\t\tDatabase: pulumi.String(\"testdb\"),\n\t\t\tAdminPassword: pulumi.String(\"123Abpassword\"),\n\t\t\tNetwork: pulumi.String(_default.Id),\n\t\t\tCidr: pulumi.String(\"10.5.0.0/24\"),\n\t\t\tProperties: \u0026oracledatabase.AutonomousDatabasePropertiesArgs{\n\t\t\t\tComputeCount: pulumi.Float64(2),\n\t\t\t\tDataStorageSizeTb: pulumi.Int(1),\n\t\t\t\tDbVersion: pulumi.String(\"19c\"),\n\t\t\t\tDbWorkload: pulumi.String(\"OLTP\"),\n\t\t\t\tLicenseType: pulumi.String(\"LICENSE_INCLUDED\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport com.pulumi.gcp.oracledatabase.AutonomousDatabase;\nimport com.pulumi.gcp.oracledatabase.AutonomousDatabaseArgs;\nimport com.pulumi.gcp.oracledatabase.inputs.AutonomousDatabasePropertiesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"new\")\n .project(\"my-project\")\n .build());\n\n var myADB = new AutonomousDatabase(\"myADB\", AutonomousDatabaseArgs.builder()\n .autonomousDatabaseId(\"my-instance\")\n .location(\"us-east4\")\n .project(\"my-project\")\n .database(\"testdb\")\n .adminPassword(\"123Abpassword\")\n .network(default_.id())\n .cidr(\"10.5.0.0/24\")\n .properties(AutonomousDatabasePropertiesArgs.builder()\n .computeCount(\"2\")\n .dataStorageSizeTb(\"1\")\n .dbVersion(\"19c\")\n .dbWorkload(\"OLTP\")\n .licenseType(\"LICENSE_INCLUDED\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myADB:\n type: gcp:oracledatabase:AutonomousDatabase\n properties:\n autonomousDatabaseId: my-instance\n location: us-east4\n project: my-project\n database: testdb\n adminPassword: 123Abpassword\n network: ${default.id}\n cidr: 10.5.0.0/24\n properties:\n computeCount: '2'\n dataStorageSizeTb: '1'\n dbVersion: 19c\n dbWorkload: OLTP\n licenseType: LICENSE_INCLUDED\nvariables:\n default:\n fn::invoke:\n function: gcp:compute:getNetwork\n arguments:\n name: new\n project: my-project\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Oracledatabase Autonomous Database Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getNetwork({\n name: \"new\",\n project: \"my-project\",\n});\nconst myADB = new gcp.oracledatabase.AutonomousDatabase(\"myADB\", {\n autonomousDatabaseId: \"my-instance\",\n location: \"us-east4\",\n project: \"my-project\",\n displayName: \"autonomousDatabase displayname\",\n database: \"testdatabase\",\n adminPassword: \"123Abpassword\",\n network: _default.then(_default =\u003e _default.id),\n cidr: \"10.5.0.0/24\",\n labels: {\n \"label-one\": \"value-one\",\n },\n properties: {\n computeCount: 2,\n dataStorageSizeGb: 48,\n dbVersion: \"19c\",\n dbEdition: \"STANDARD_EDITION\",\n dbWorkload: \"OLTP\",\n isAutoScalingEnabled: true,\n licenseType: \"BRING_YOUR_OWN_LICENSE\",\n backupRetentionPeriodDays: 60,\n characterSet: \"AL32UTF8\",\n isStorageAutoScalingEnabled: false,\n maintenanceScheduleType: \"REGULAR\",\n mtlsConnectionRequired: false,\n nCharacterSet: \"AL16UTF16\",\n operationsInsightsState: \"NOT_ENABLED\",\n customerContacts: [{\n email: \"xyz@example.com\",\n }],\n privateEndpointIp: \"10.5.0.11\",\n privateEndpointLabel: \"testhost\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_network(name=\"new\",\n project=\"my-project\")\nmy_adb = gcp.oracledatabase.AutonomousDatabase(\"myADB\",\n autonomous_database_id=\"my-instance\",\n location=\"us-east4\",\n project=\"my-project\",\n display_name=\"autonomousDatabase displayname\",\n database=\"testdatabase\",\n admin_password=\"123Abpassword\",\n network=default.id,\n cidr=\"10.5.0.0/24\",\n labels={\n \"label-one\": \"value-one\",\n },\n properties={\n \"compute_count\": 2,\n \"data_storage_size_gb\": 48,\n \"db_version\": \"19c\",\n \"db_edition\": \"STANDARD_EDITION\",\n \"db_workload\": \"OLTP\",\n \"is_auto_scaling_enabled\": True,\n \"license_type\": \"BRING_YOUR_OWN_LICENSE\",\n \"backup_retention_period_days\": 60,\n \"character_set\": \"AL32UTF8\",\n \"is_storage_auto_scaling_enabled\": False,\n \"maintenance_schedule_type\": \"REGULAR\",\n \"mtls_connection_required\": False,\n \"n_character_set\": \"AL16UTF16\",\n \"operations_insights_state\": \"NOT_ENABLED\",\n \"customer_contacts\": [{\n \"email\": \"xyz@example.com\",\n }],\n \"private_endpoint_ip\": \"10.5.0.11\",\n \"private_endpoint_label\": \"testhost\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"new\",\n Project = \"my-project\",\n });\n\n var myADB = new Gcp.OracleDatabase.AutonomousDatabase(\"myADB\", new()\n {\n AutonomousDatabaseId = \"my-instance\",\n Location = \"us-east4\",\n Project = \"my-project\",\n DisplayName = \"autonomousDatabase displayname\",\n Database = \"testdatabase\",\n AdminPassword = \"123Abpassword\",\n Network = @default.Apply(@default =\u003e @default.Apply(getNetworkResult =\u003e getNetworkResult.Id)),\n Cidr = \"10.5.0.0/24\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n Properties = new Gcp.OracleDatabase.Inputs.AutonomousDatabasePropertiesArgs\n {\n ComputeCount = 2,\n DataStorageSizeGb = 48,\n DbVersion = \"19c\",\n DbEdition = \"STANDARD_EDITION\",\n DbWorkload = \"OLTP\",\n IsAutoScalingEnabled = true,\n LicenseType = \"BRING_YOUR_OWN_LICENSE\",\n BackupRetentionPeriodDays = 60,\n CharacterSet = \"AL32UTF8\",\n IsStorageAutoScalingEnabled = false,\n MaintenanceScheduleType = \"REGULAR\",\n MtlsConnectionRequired = false,\n NCharacterSet = \"AL16UTF16\",\n OperationsInsightsState = \"NOT_ENABLED\",\n CustomerContacts = new[]\n {\n new Gcp.OracleDatabase.Inputs.AutonomousDatabasePropertiesCustomerContactArgs\n {\n Email = \"xyz@example.com\",\n },\n },\n PrivateEndpointIp = \"10.5.0.11\",\n PrivateEndpointLabel = \"testhost\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/oracledatabase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"new\",\n\t\t\tProject: pulumi.StringRef(\"my-project\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = oracledatabase.NewAutonomousDatabase(ctx, \"myADB\", \u0026oracledatabase.AutonomousDatabaseArgs{\n\t\t\tAutonomousDatabaseId: pulumi.String(\"my-instance\"),\n\t\t\tLocation: pulumi.String(\"us-east4\"),\n\t\t\tProject: pulumi.String(\"my-project\"),\n\t\t\tDisplayName: pulumi.String(\"autonomousDatabase displayname\"),\n\t\t\tDatabase: pulumi.String(\"testdatabase\"),\n\t\t\tAdminPassword: pulumi.String(\"123Abpassword\"),\n\t\t\tNetwork: pulumi.String(_default.Id),\n\t\t\tCidr: pulumi.String(\"10.5.0.0/24\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tProperties: \u0026oracledatabase.AutonomousDatabasePropertiesArgs{\n\t\t\t\tComputeCount: pulumi.Float64(2),\n\t\t\t\tDataStorageSizeGb: pulumi.Int(48),\n\t\t\t\tDbVersion: pulumi.String(\"19c\"),\n\t\t\t\tDbEdition: pulumi.String(\"STANDARD_EDITION\"),\n\t\t\t\tDbWorkload: pulumi.String(\"OLTP\"),\n\t\t\t\tIsAutoScalingEnabled: pulumi.Bool(true),\n\t\t\t\tLicenseType: pulumi.String(\"BRING_YOUR_OWN_LICENSE\"),\n\t\t\t\tBackupRetentionPeriodDays: pulumi.Int(60),\n\t\t\t\tCharacterSet: pulumi.String(\"AL32UTF8\"),\n\t\t\t\tIsStorageAutoScalingEnabled: pulumi.Bool(false),\n\t\t\t\tMaintenanceScheduleType: pulumi.String(\"REGULAR\"),\n\t\t\t\tMtlsConnectionRequired: pulumi.Bool(false),\n\t\t\t\tNCharacterSet: pulumi.String(\"AL16UTF16\"),\n\t\t\t\tOperationsInsightsState: pulumi.String(\"NOT_ENABLED\"),\n\t\t\t\tCustomerContacts: oracledatabase.AutonomousDatabasePropertiesCustomerContactArray{\n\t\t\t\t\t\u0026oracledatabase.AutonomousDatabasePropertiesCustomerContactArgs{\n\t\t\t\t\t\tEmail: pulumi.String(\"xyz@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tPrivateEndpointIp: pulumi.String(\"10.5.0.11\"),\n\t\t\t\tPrivateEndpointLabel: pulumi.String(\"testhost\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport com.pulumi.gcp.oracledatabase.AutonomousDatabase;\nimport com.pulumi.gcp.oracledatabase.AutonomousDatabaseArgs;\nimport com.pulumi.gcp.oracledatabase.inputs.AutonomousDatabasePropertiesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"new\")\n .project(\"my-project\")\n .build());\n\n var myADB = new AutonomousDatabase(\"myADB\", AutonomousDatabaseArgs.builder()\n .autonomousDatabaseId(\"my-instance\")\n .location(\"us-east4\")\n .project(\"my-project\")\n .displayName(\"autonomousDatabase displayname\")\n .database(\"testdatabase\")\n .adminPassword(\"123Abpassword\")\n .network(default_.id())\n .cidr(\"10.5.0.0/24\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .properties(AutonomousDatabasePropertiesArgs.builder()\n .computeCount(\"2\")\n .dataStorageSizeGb(\"48\")\n .dbVersion(\"19c\")\n .dbEdition(\"STANDARD_EDITION\")\n .dbWorkload(\"OLTP\")\n .isAutoScalingEnabled(\"true\")\n .licenseType(\"BRING_YOUR_OWN_LICENSE\")\n .backupRetentionPeriodDays(\"60\")\n .characterSet(\"AL32UTF8\")\n .isStorageAutoScalingEnabled(\"false\")\n .maintenanceScheduleType(\"REGULAR\")\n .mtlsConnectionRequired(\"false\")\n .nCharacterSet(\"AL16UTF16\")\n .operationsInsightsState(\"NOT_ENABLED\")\n .customerContacts(AutonomousDatabasePropertiesCustomerContactArgs.builder()\n .email(\"xyz@example.com\")\n .build())\n .privateEndpointIp(\"10.5.0.11\")\n .privateEndpointLabel(\"testhost\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myADB:\n type: gcp:oracledatabase:AutonomousDatabase\n properties:\n autonomousDatabaseId: my-instance\n location: us-east4\n project: my-project\n displayName: autonomousDatabase displayname\n database: testdatabase\n adminPassword: 123Abpassword\n network: ${default.id}\n cidr: 10.5.0.0/24\n labels:\n label-one: value-one\n properties:\n computeCount: '2'\n dataStorageSizeGb: '48'\n dbVersion: 19c\n dbEdition: STANDARD_EDITION\n dbWorkload: OLTP\n isAutoScalingEnabled: 'true'\n licenseType: BRING_YOUR_OWN_LICENSE\n backupRetentionPeriodDays: '60'\n characterSet: AL32UTF8\n isStorageAutoScalingEnabled: 'false'\n maintenanceScheduleType: REGULAR\n mtlsConnectionRequired: 'false'\n nCharacterSet: AL16UTF16\n operationsInsightsState: NOT_ENABLED\n customerContacts:\n - email: xyz@example.com\n privateEndpointIp: 10.5.0.11\n privateEndpointLabel: testhost\nvariables:\n default:\n fn::invoke:\n function: gcp:compute:getNetwork\n arguments:\n name: new\n project: my-project\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAutonomousDatabase can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/autonomousDatabases/{{autonomous_database_id}}`\n\n* `{{project}}/{{location}}/{{autonomous_database_id}}`\n\n* `{{location}}/{{autonomous_database_id}}`\n\nWhen using the `pulumi import` command, AutonomousDatabase can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:oracledatabase/autonomousDatabase:AutonomousDatabase default projects/{{project}}/locations/{{location}}/autonomousDatabases/{{autonomous_database_id}}\n```\n\n```sh\n$ pulumi import gcp:oracledatabase/autonomousDatabase:AutonomousDatabase default {{project}}/{{location}}/{{autonomous_database_id}}\n```\n\n```sh\n$ pulumi import gcp:oracledatabase/autonomousDatabase:AutonomousDatabase default {{location}}/{{autonomous_database_id}}\n```\n\n", "properties": { "adminPassword": { "type": "string", @@ -248973,7 +248973,7 @@ } }, "gcp:oracledatabase/cloudVmCluster:CloudVmCluster": { - "description": "A CloudVmCluster resource.\n\n\nTo get more information about CloudVmCluster, see:\n\n* [API documentation](https://cloud.google.com/oracle/database/docs/reference/rest/v1/projects.locations.cloudVmClusters)\n* How-to Guides\n * [Create VM clusters](https://cloud.google.com/oracle/database/docs/create-clusters)\n\n## Example Usage\n\n### Oracledatabase Cloud Vmcluster Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cloudExadataInfrastructures = new gcp.oracledatabase.CloudExadataInfrastructure(\"cloudExadataInfrastructures\", {\n cloudExadataInfrastructureId: \"my-exadata\",\n displayName: \"my-exadata displayname\",\n location: \"us-east4\",\n project: \"my-project\",\n properties: {\n shape: \"Exadata.X9M\",\n computeCount: 2,\n storageCount: 3,\n },\n});\nconst default = gcp.compute.getNetwork({\n name: \"new\",\n project: \"my-project\",\n});\nconst myVmcluster = new gcp.oracledatabase.CloudVmCluster(\"my_vmcluster\", {\n cloudVmClusterId: \"my-instance\",\n displayName: \"my-instance displayname\",\n location: \"us-east4\",\n project: \"my-project\",\n exadataInfrastructure: cloudExadataInfrastructures.id,\n network: _default.then(_default =\u003e _default.id),\n cidr: \"10.5.0.0/24\",\n backupSubnetCidr: \"10.6.0.0/24\",\n properties: {\n licenseType: \"LICENSE_INCLUDED\",\n sshPublicKeys: [\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCz1X2744t+6vRLmE5u6nHi6/QWh8bQDgHmd+OIxRQIGA/IWUtCs2FnaCNZcqvZkaeyjk5v0lTA/n+9jvO42Ipib53athrfVG8gRt8fzPL66C6ZqHq+6zZophhrCdfJh/0G4x9xJh5gdMprlaCR1P8yAaVvhBQSKGc4SiIkyMNBcHJ5YTtMQMTfxaB4G1sHZ6SDAY9a6Cq/zNjDwfPapWLsiP4mRhE5SSjJX6l6EYbkm0JeLQg+AbJiNEPvrvDp1wtTxzlPJtIivthmLMThFxK7+DkrYFuLvN5AHUdo9KTDLvHtDCvV70r8v0gafsrKkM/OE9Jtzoo0e1N/5K/ZdyFRbAkFT4QSF3nwpbmBWLf2Evg//YyEuxnz4CwPqFST2mucnrCCGCVWp1vnHZ0y30nM35njLOmWdRDFy5l27pKUTwLp02y3UYiiZyP7d3/u5pKiN4vC27VuvzprSdJxWoAvluOiDeRh+/oeQDowxoT/Oop8DzB9uJmjktXw8jyMW2+Rpg+ENQqeNgF1OGlEzypaWiRskEFlkpLb4v/s3ZDYkL1oW0Nv/J8LTjTOTEaYt2Udjoe9x2xWiGnQixhdChWuG+MaoWffzUgx1tsVj/DBXijR5DjkPkrA1GA98zd3q8GKEaAdcDenJjHhNYSd4+rE9pIsnYn7fo5X/tFfcQH1XQ== nobody@google.com\"],\n cpuCoreCount: 4,\n giVersion: \"19.0.0.0\",\n hostnamePrefix: \"hostname1\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncloud_exadata_infrastructures = gcp.oracledatabase.CloudExadataInfrastructure(\"cloudExadataInfrastructures\",\n cloud_exadata_infrastructure_id=\"my-exadata\",\n display_name=\"my-exadata displayname\",\n location=\"us-east4\",\n project=\"my-project\",\n properties={\n \"shape\": \"Exadata.X9M\",\n \"compute_count\": 2,\n \"storage_count\": 3,\n })\ndefault = gcp.compute.get_network(name=\"new\",\n project=\"my-project\")\nmy_vmcluster = gcp.oracledatabase.CloudVmCluster(\"my_vmcluster\",\n cloud_vm_cluster_id=\"my-instance\",\n display_name=\"my-instance displayname\",\n location=\"us-east4\",\n project=\"my-project\",\n exadata_infrastructure=cloud_exadata_infrastructures.id,\n network=default.id,\n cidr=\"10.5.0.0/24\",\n backup_subnet_cidr=\"10.6.0.0/24\",\n properties={\n \"license_type\": \"LICENSE_INCLUDED\",\n \"ssh_public_keys\": [\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCz1X2744t+6vRLmE5u6nHi6/QWh8bQDgHmd+OIxRQIGA/IWUtCs2FnaCNZcqvZkaeyjk5v0lTA/n+9jvO42Ipib53athrfVG8gRt8fzPL66C6ZqHq+6zZophhrCdfJh/0G4x9xJh5gdMprlaCR1P8yAaVvhBQSKGc4SiIkyMNBcHJ5YTtMQMTfxaB4G1sHZ6SDAY9a6Cq/zNjDwfPapWLsiP4mRhE5SSjJX6l6EYbkm0JeLQg+AbJiNEPvrvDp1wtTxzlPJtIivthmLMThFxK7+DkrYFuLvN5AHUdo9KTDLvHtDCvV70r8v0gafsrKkM/OE9Jtzoo0e1N/5K/ZdyFRbAkFT4QSF3nwpbmBWLf2Evg//YyEuxnz4CwPqFST2mucnrCCGCVWp1vnHZ0y30nM35njLOmWdRDFy5l27pKUTwLp02y3UYiiZyP7d3/u5pKiN4vC27VuvzprSdJxWoAvluOiDeRh+/oeQDowxoT/Oop8DzB9uJmjktXw8jyMW2+Rpg+ENQqeNgF1OGlEzypaWiRskEFlkpLb4v/s3ZDYkL1oW0Nv/J8LTjTOTEaYt2Udjoe9x2xWiGnQixhdChWuG+MaoWffzUgx1tsVj/DBXijR5DjkPkrA1GA98zd3q8GKEaAdcDenJjHhNYSd4+rE9pIsnYn7fo5X/tFfcQH1XQ== nobody@google.com\"],\n \"cpu_core_count\": 4,\n \"gi_version\": \"19.0.0.0\",\n \"hostname_prefix\": \"hostname1\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cloudExadataInfrastructures = new Gcp.OracleDatabase.CloudExadataInfrastructure(\"cloudExadataInfrastructures\", new()\n {\n CloudExadataInfrastructureId = \"my-exadata\",\n DisplayName = \"my-exadata displayname\",\n Location = \"us-east4\",\n Project = \"my-project\",\n Properties = new Gcp.OracleDatabase.Inputs.CloudExadataInfrastructurePropertiesArgs\n {\n Shape = \"Exadata.X9M\",\n ComputeCount = 2,\n StorageCount = 3,\n },\n });\n\n var @default = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"new\",\n Project = \"my-project\",\n });\n\n var myVmcluster = new Gcp.OracleDatabase.CloudVmCluster(\"my_vmcluster\", new()\n {\n CloudVmClusterId = \"my-instance\",\n DisplayName = \"my-instance displayname\",\n Location = \"us-east4\",\n Project = \"my-project\",\n ExadataInfrastructure = cloudExadataInfrastructures.Id,\n Network = @default.Apply(@default =\u003e @default.Apply(getNetworkResult =\u003e getNetworkResult.Id)),\n Cidr = \"10.5.0.0/24\",\n BackupSubnetCidr = \"10.6.0.0/24\",\n Properties = new Gcp.OracleDatabase.Inputs.CloudVmClusterPropertiesArgs\n {\n LicenseType = \"LICENSE_INCLUDED\",\n SshPublicKeys = new[]\n {\n \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCz1X2744t+6vRLmE5u6nHi6/QWh8bQDgHmd+OIxRQIGA/IWUtCs2FnaCNZcqvZkaeyjk5v0lTA/n+9jvO42Ipib53athrfVG8gRt8fzPL66C6ZqHq+6zZophhrCdfJh/0G4x9xJh5gdMprlaCR1P8yAaVvhBQSKGc4SiIkyMNBcHJ5YTtMQMTfxaB4G1sHZ6SDAY9a6Cq/zNjDwfPapWLsiP4mRhE5SSjJX6l6EYbkm0JeLQg+AbJiNEPvrvDp1wtTxzlPJtIivthmLMThFxK7+DkrYFuLvN5AHUdo9KTDLvHtDCvV70r8v0gafsrKkM/OE9Jtzoo0e1N/5K/ZdyFRbAkFT4QSF3nwpbmBWLf2Evg//YyEuxnz4CwPqFST2mucnrCCGCVWp1vnHZ0y30nM35njLOmWdRDFy5l27pKUTwLp02y3UYiiZyP7d3/u5pKiN4vC27VuvzprSdJxWoAvluOiDeRh+/oeQDowxoT/Oop8DzB9uJmjktXw8jyMW2+Rpg+ENQqeNgF1OGlEzypaWiRskEFlkpLb4v/s3ZDYkL1oW0Nv/J8LTjTOTEaYt2Udjoe9x2xWiGnQixhdChWuG+MaoWffzUgx1tsVj/DBXijR5DjkPkrA1GA98zd3q8GKEaAdcDenJjHhNYSd4+rE9pIsnYn7fo5X/tFfcQH1XQ== nobody@google.com\",\n },\n CpuCoreCount = 4,\n GiVersion = \"19.0.0.0\",\n HostnamePrefix = \"hostname1\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/oracledatabase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcloudExadataInfrastructures, err := oracledatabase.NewCloudExadataInfrastructure(ctx, \"cloudExadataInfrastructures\", \u0026oracledatabase.CloudExadataInfrastructureArgs{\n\t\t\tCloudExadataInfrastructureId: pulumi.String(\"my-exadata\"),\n\t\t\tDisplayName: pulumi.String(\"my-exadata displayname\"),\n\t\t\tLocation: pulumi.String(\"us-east4\"),\n\t\t\tProject: pulumi.String(\"my-project\"),\n\t\t\tProperties: \u0026oracledatabase.CloudExadataInfrastructurePropertiesArgs{\n\t\t\t\tShape: pulumi.String(\"Exadata.X9M\"),\n\t\t\t\tComputeCount: pulumi.Int(2),\n\t\t\t\tStorageCount: pulumi.Int(3),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_default, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"new\",\n\t\t\tProject: pulumi.StringRef(\"my-project\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = oracledatabase.NewCloudVmCluster(ctx, \"my_vmcluster\", \u0026oracledatabase.CloudVmClusterArgs{\n\t\t\tCloudVmClusterId: pulumi.String(\"my-instance\"),\n\t\t\tDisplayName: pulumi.String(\"my-instance displayname\"),\n\t\t\tLocation: pulumi.String(\"us-east4\"),\n\t\t\tProject: pulumi.String(\"my-project\"),\n\t\t\tExadataInfrastructure: cloudExadataInfrastructures.ID(),\n\t\t\tNetwork: pulumi.String(_default.Id),\n\t\t\tCidr: pulumi.String(\"10.5.0.0/24\"),\n\t\t\tBackupSubnetCidr: pulumi.String(\"10.6.0.0/24\"),\n\t\t\tProperties: \u0026oracledatabase.CloudVmClusterPropertiesArgs{\n\t\t\t\tLicenseType: pulumi.String(\"LICENSE_INCLUDED\"),\n\t\t\t\tSshPublicKeys: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCz1X2744t+6vRLmE5u6nHi6/QWh8bQDgHmd+OIxRQIGA/IWUtCs2FnaCNZcqvZkaeyjk5v0lTA/n+9jvO42Ipib53athrfVG8gRt8fzPL66C6ZqHq+6zZophhrCdfJh/0G4x9xJh5gdMprlaCR1P8yAaVvhBQSKGc4SiIkyMNBcHJ5YTtMQMTfxaB4G1sHZ6SDAY9a6Cq/zNjDwfPapWLsiP4mRhE5SSjJX6l6EYbkm0JeLQg+AbJiNEPvrvDp1wtTxzlPJtIivthmLMThFxK7+DkrYFuLvN5AHUdo9KTDLvHtDCvV70r8v0gafsrKkM/OE9Jtzoo0e1N/5K/ZdyFRbAkFT4QSF3nwpbmBWLf2Evg//YyEuxnz4CwPqFST2mucnrCCGCVWp1vnHZ0y30nM35njLOmWdRDFy5l27pKUTwLp02y3UYiiZyP7d3/u5pKiN4vC27VuvzprSdJxWoAvluOiDeRh+/oeQDowxoT/Oop8DzB9uJmjktXw8jyMW2+Rpg+ENQqeNgF1OGlEzypaWiRskEFlkpLb4v/s3ZDYkL1oW0Nv/J8LTjTOTEaYt2Udjoe9x2xWiGnQixhdChWuG+MaoWffzUgx1tsVj/DBXijR5DjkPkrA1GA98zd3q8GKEaAdcDenJjHhNYSd4+rE9pIsnYn7fo5X/tFfcQH1XQ== nobody@google.com\"),\n\t\t\t\t},\n\t\t\t\tCpuCoreCount: pulumi.Int(4),\n\t\t\t\tGiVersion: pulumi.String(\"19.0.0.0\"),\n\t\t\t\tHostnamePrefix: pulumi.String(\"hostname1\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.oracledatabase.CloudExadataInfrastructure;\nimport com.pulumi.gcp.oracledatabase.CloudExadataInfrastructureArgs;\nimport com.pulumi.gcp.oracledatabase.inputs.CloudExadataInfrastructurePropertiesArgs;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport com.pulumi.gcp.oracledatabase.CloudVmCluster;\nimport com.pulumi.gcp.oracledatabase.CloudVmClusterArgs;\nimport com.pulumi.gcp.oracledatabase.inputs.CloudVmClusterPropertiesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cloudExadataInfrastructures = new CloudExadataInfrastructure(\"cloudExadataInfrastructures\", CloudExadataInfrastructureArgs.builder()\n .cloudExadataInfrastructureId(\"my-exadata\")\n .displayName(\"my-exadata displayname\")\n .location(\"us-east4\")\n .project(\"my-project\")\n .properties(CloudExadataInfrastructurePropertiesArgs.builder()\n .shape(\"Exadata.X9M\")\n .computeCount(\"2\")\n .storageCount(\"3\")\n .build())\n .build());\n\n final var default = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"new\")\n .project(\"my-project\")\n .build());\n\n var myVmcluster = new CloudVmCluster(\"myVmcluster\", CloudVmClusterArgs.builder()\n .cloudVmClusterId(\"my-instance\")\n .displayName(\"my-instance displayname\")\n .location(\"us-east4\")\n .project(\"my-project\")\n .exadataInfrastructure(cloudExadataInfrastructures.id())\n .network(default_.id())\n .cidr(\"10.5.0.0/24\")\n .backupSubnetCidr(\"10.6.0.0/24\")\n .properties(CloudVmClusterPropertiesArgs.builder()\n .licenseType(\"LICENSE_INCLUDED\")\n .sshPublicKeys(\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCz1X2744t+6vRLmE5u6nHi6/QWh8bQDgHmd+OIxRQIGA/IWUtCs2FnaCNZcqvZkaeyjk5v0lTA/n+9jvO42Ipib53athrfVG8gRt8fzPL66C6ZqHq+6zZophhrCdfJh/0G4x9xJh5gdMprlaCR1P8yAaVvhBQSKGc4SiIkyMNBcHJ5YTtMQMTfxaB4G1sHZ6SDAY9a6Cq/zNjDwfPapWLsiP4mRhE5SSjJX6l6EYbkm0JeLQg+AbJiNEPvrvDp1wtTxzlPJtIivthmLMThFxK7+DkrYFuLvN5AHUdo9KTDLvHtDCvV70r8v0gafsrKkM/OE9Jtzoo0e1N/5K/ZdyFRbAkFT4QSF3nwpbmBWLf2Evg//YyEuxnz4CwPqFST2mucnrCCGCVWp1vnHZ0y30nM35njLOmWdRDFy5l27pKUTwLp02y3UYiiZyP7d3/u5pKiN4vC27VuvzprSdJxWoAvluOiDeRh+/oeQDowxoT/Oop8DzB9uJmjktXw8jyMW2+Rpg+ENQqeNgF1OGlEzypaWiRskEFlkpLb4v/s3ZDYkL1oW0Nv/J8LTjTOTEaYt2Udjoe9x2xWiGnQixhdChWuG+MaoWffzUgx1tsVj/DBXijR5DjkPkrA1GA98zd3q8GKEaAdcDenJjHhNYSd4+rE9pIsnYn7fo5X/tFfcQH1XQ== nobody@google.com\")\n .cpuCoreCount(\"4\")\n .giVersion(\"19.0.0.0\")\n .hostnamePrefix(\"hostname1\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myVmcluster:\n type: gcp:oracledatabase:CloudVmCluster\n name: my_vmcluster\n properties:\n cloudVmClusterId: my-instance\n displayName: my-instance displayname\n location: us-east4\n project: my-project\n exadataInfrastructure: ${cloudExadataInfrastructures.id}\n network: ${default.id}\n cidr: 10.5.0.0/24\n backupSubnetCidr: 10.6.0.0/24\n properties:\n licenseType: LICENSE_INCLUDED\n sshPublicKeys:\n - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCz1X2744t+6vRLmE5u6nHi6/QWh8bQDgHmd+OIxRQIGA/IWUtCs2FnaCNZcqvZkaeyjk5v0lTA/n+9jvO42Ipib53athrfVG8gRt8fzPL66C6ZqHq+6zZophhrCdfJh/0G4x9xJh5gdMprlaCR1P8yAaVvhBQSKGc4SiIkyMNBcHJ5YTtMQMTfxaB4G1sHZ6SDAY9a6Cq/zNjDwfPapWLsiP4mRhE5SSjJX6l6EYbkm0JeLQg+AbJiNEPvrvDp1wtTxzlPJtIivthmLMThFxK7+DkrYFuLvN5AHUdo9KTDLvHtDCvV70r8v0gafsrKkM/OE9Jtzoo0e1N/5K/ZdyFRbAkFT4QSF3nwpbmBWLf2Evg//YyEuxnz4CwPqFST2mucnrCCGCVWp1vnHZ0y30nM35njLOmWdRDFy5l27pKUTwLp02y3UYiiZyP7d3/u5pKiN4vC27VuvzprSdJxWoAvluOiDeRh+/oeQDowxoT/Oop8DzB9uJmjktXw8jyMW2+Rpg+ENQqeNgF1OGlEzypaWiRskEFlkpLb4v/s3ZDYkL1oW0Nv/J8LTjTOTEaYt2Udjoe9x2xWiGnQixhdChWuG+MaoWffzUgx1tsVj/DBXijR5DjkPkrA1GA98zd3q8GKEaAdcDenJjHhNYSd4+rE9pIsnYn7fo5X/tFfcQH1XQ== nobody@google.com\n cpuCoreCount: '4'\n giVersion: 19.0.0.0\n hostnamePrefix: hostname1\n cloudExadataInfrastructures:\n type: gcp:oracledatabase:CloudExadataInfrastructure\n properties:\n cloudExadataInfrastructureId: my-exadata\n displayName: my-exadata displayname\n location: us-east4\n project: my-project\n properties:\n shape: Exadata.X9M\n computeCount: '2'\n storageCount: '3'\nvariables:\n default:\n fn::invoke:\n Function: gcp:compute:getNetwork\n Arguments:\n name: new\n project: my-project\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Oracledatabase Cloud Vmcluster Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cloudExadataInfrastructures = new gcp.oracledatabase.CloudExadataInfrastructure(\"cloudExadataInfrastructures\", {\n cloudExadataInfrastructureId: \"my-exadata\",\n displayName: \"my-exadata displayname\",\n location: \"us-east4\",\n project: \"my-project\",\n properties: {\n shape: \"Exadata.X9M\",\n computeCount: 2,\n storageCount: 3,\n },\n});\nconst default = gcp.compute.getNetwork({\n name: \"new\",\n project: \"my-project\",\n});\nconst mydbserver = gcp.oracledatabase.getDbServersOutput({\n location: \"us-east4\",\n project: \"my-project\",\n cloudExadataInfrastructure: cloudExadataInfrastructures.cloudExadataInfrastructureId,\n});\nconst myVmcluster = new gcp.oracledatabase.CloudVmCluster(\"my_vmcluster\", {\n cloudVmClusterId: \"my-instance\",\n displayName: \"my-instance displayname\",\n location: \"us-east4\",\n project: \"my-project\",\n exadataInfrastructure: cloudExadataInfrastructures.id,\n network: _default.then(_default =\u003e _default.id),\n cidr: \"10.5.0.0/24\",\n backupSubnetCidr: \"10.6.0.0/24\",\n labels: {\n \"label-one\": \"value-one\",\n },\n properties: {\n licenseType: \"LICENSE_INCLUDED\",\n sshPublicKeys: [\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCz1X2744t+6vRLmE5u6nHi6/QWh8bQDgHmd+OIxRQIGA/IWUtCs2FnaCNZcqvZkaeyjk5v0lTA/n+9jvO42Ipib53athrfVG8gRt8fzPL66C6ZqHq+6zZophhrCdfJh/0G4x9xJh5gdMprlaCR1P8yAaVvhBQSKGc4SiIkyMNBcHJ5YTtMQMTfxaB4G1sHZ6SDAY9a6Cq/zNjDwfPapWLsiP4mRhE5SSjJX6l6EYbkm0JeLQg+AbJiNEPvrvDp1wtTxzlPJtIivthmLMThFxK7+DkrYFuLvN5AHUdo9KTDLvHtDCvV70r8v0gafsrKkM/OE9Jtzoo0e1N/5K/ZdyFRbAkFT4QSF3nwpbmBWLf2Evg//YyEuxnz4CwPqFST2mucnrCCGCVWp1vnHZ0y30nM35njLOmWdRDFy5l27pKUTwLp02y3UYiiZyP7d3/u5pKiN4vC27VuvzprSdJxWoAvluOiDeRh+/oeQDowxoT/Oop8DzB9uJmjktXw8jyMW2+Rpg+ENQqeNgF1OGlEzypaWiRskEFlkpLb4v/s3ZDYkL1oW0Nv/J8LTjTOTEaYt2Udjoe9x2xWiGnQixhdChWuG+MaoWffzUgx1tsVj/DBXijR5DjkPkrA1GA98zd3q8GKEaAdcDenJjHhNYSd4+rE9pIsnYn7fo5X/tFfcQH1XQ== nobody@google.com\"],\n cpuCoreCount: 4,\n giVersion: \"19.0.0.0\",\n timeZone: {\n id: \"UTC\",\n },\n nodeCount: 2,\n ocpuCount: 4,\n dataStorageSizeTb: 2,\n dbNodeStorageSizeGb: 120,\n dbServerOcids: [\n mydbserver.apply(mydbserver =\u003e mydbserver.dbServers?.[0]?.properties?.[0]?.ocid),\n mydbserver.apply(mydbserver =\u003e mydbserver.dbServers?.[1]?.properties?.[0]?.ocid),\n ],\n diskRedundancy: \"HIGH\",\n sparseDiskgroupEnabled: false,\n localBackupEnabled: false,\n clusterName: \"pq-ppat4\",\n hostnamePrefix: \"hostname1\",\n diagnosticsDataCollectionOptions: {\n diagnosticsEventsEnabled: true,\n healthMonitoringEnabled: true,\n incidentLogsEnabled: true,\n },\n memorySizeGb: 60,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncloud_exadata_infrastructures = gcp.oracledatabase.CloudExadataInfrastructure(\"cloudExadataInfrastructures\",\n cloud_exadata_infrastructure_id=\"my-exadata\",\n display_name=\"my-exadata displayname\",\n location=\"us-east4\",\n project=\"my-project\",\n properties={\n \"shape\": \"Exadata.X9M\",\n \"compute_count\": 2,\n \"storage_count\": 3,\n })\ndefault = gcp.compute.get_network(name=\"new\",\n project=\"my-project\")\nmydbserver = gcp.oracledatabase.get_db_servers_output(location=\"us-east4\",\n project=\"my-project\",\n cloud_exadata_infrastructure=cloud_exadata_infrastructures.cloud_exadata_infrastructure_id)\nmy_vmcluster = gcp.oracledatabase.CloudVmCluster(\"my_vmcluster\",\n cloud_vm_cluster_id=\"my-instance\",\n display_name=\"my-instance displayname\",\n location=\"us-east4\",\n project=\"my-project\",\n exadata_infrastructure=cloud_exadata_infrastructures.id,\n network=default.id,\n cidr=\"10.5.0.0/24\",\n backup_subnet_cidr=\"10.6.0.0/24\",\n labels={\n \"label-one\": \"value-one\",\n },\n properties={\n \"license_type\": \"LICENSE_INCLUDED\",\n \"ssh_public_keys\": [\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCz1X2744t+6vRLmE5u6nHi6/QWh8bQDgHmd+OIxRQIGA/IWUtCs2FnaCNZcqvZkaeyjk5v0lTA/n+9jvO42Ipib53athrfVG8gRt8fzPL66C6ZqHq+6zZophhrCdfJh/0G4x9xJh5gdMprlaCR1P8yAaVvhBQSKGc4SiIkyMNBcHJ5YTtMQMTfxaB4G1sHZ6SDAY9a6Cq/zNjDwfPapWLsiP4mRhE5SSjJX6l6EYbkm0JeLQg+AbJiNEPvrvDp1wtTxzlPJtIivthmLMThFxK7+DkrYFuLvN5AHUdo9KTDLvHtDCvV70r8v0gafsrKkM/OE9Jtzoo0e1N/5K/ZdyFRbAkFT4QSF3nwpbmBWLf2Evg//YyEuxnz4CwPqFST2mucnrCCGCVWp1vnHZ0y30nM35njLOmWdRDFy5l27pKUTwLp02y3UYiiZyP7d3/u5pKiN4vC27VuvzprSdJxWoAvluOiDeRh+/oeQDowxoT/Oop8DzB9uJmjktXw8jyMW2+Rpg+ENQqeNgF1OGlEzypaWiRskEFlkpLb4v/s3ZDYkL1oW0Nv/J8LTjTOTEaYt2Udjoe9x2xWiGnQixhdChWuG+MaoWffzUgx1tsVj/DBXijR5DjkPkrA1GA98zd3q8GKEaAdcDenJjHhNYSd4+rE9pIsnYn7fo5X/tFfcQH1XQ== nobody@google.com\"],\n \"cpu_core_count\": 4,\n \"gi_version\": \"19.0.0.0\",\n \"time_zone\": {\n \"id\": \"UTC\",\n },\n \"node_count\": 2,\n \"ocpu_count\": 4,\n \"data_storage_size_tb\": 2,\n \"db_node_storage_size_gb\": 120,\n \"db_server_ocids\": [\n mydbserver.db_servers[0].properties[0].ocid,\n mydbserver.db_servers[1].properties[0].ocid,\n ],\n \"disk_redundancy\": \"HIGH\",\n \"sparse_diskgroup_enabled\": False,\n \"local_backup_enabled\": False,\n \"cluster_name\": \"pq-ppat4\",\n \"hostname_prefix\": \"hostname1\",\n \"diagnostics_data_collection_options\": {\n \"diagnostics_events_enabled\": True,\n \"health_monitoring_enabled\": True,\n \"incident_logs_enabled\": True,\n },\n \"memory_size_gb\": 60,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cloudExadataInfrastructures = new Gcp.OracleDatabase.CloudExadataInfrastructure(\"cloudExadataInfrastructures\", new()\n {\n CloudExadataInfrastructureId = \"my-exadata\",\n DisplayName = \"my-exadata displayname\",\n Location = \"us-east4\",\n Project = \"my-project\",\n Properties = new Gcp.OracleDatabase.Inputs.CloudExadataInfrastructurePropertiesArgs\n {\n Shape = \"Exadata.X9M\",\n ComputeCount = 2,\n StorageCount = 3,\n },\n });\n\n var @default = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"new\",\n Project = \"my-project\",\n });\n\n var mydbserver = Gcp.OracleDatabase.GetDbServers.Invoke(new()\n {\n Location = \"us-east4\",\n Project = \"my-project\",\n CloudExadataInfrastructure = cloudExadataInfrastructures.CloudExadataInfrastructureId,\n });\n\n var myVmcluster = new Gcp.OracleDatabase.CloudVmCluster(\"my_vmcluster\", new()\n {\n CloudVmClusterId = \"my-instance\",\n DisplayName = \"my-instance displayname\",\n Location = \"us-east4\",\n Project = \"my-project\",\n ExadataInfrastructure = cloudExadataInfrastructures.Id,\n Network = @default.Apply(@default =\u003e @default.Apply(getNetworkResult =\u003e getNetworkResult.Id)),\n Cidr = \"10.5.0.0/24\",\n BackupSubnetCidr = \"10.6.0.0/24\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n Properties = new Gcp.OracleDatabase.Inputs.CloudVmClusterPropertiesArgs\n {\n LicenseType = \"LICENSE_INCLUDED\",\n SshPublicKeys = new[]\n {\n \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCz1X2744t+6vRLmE5u6nHi6/QWh8bQDgHmd+OIxRQIGA/IWUtCs2FnaCNZcqvZkaeyjk5v0lTA/n+9jvO42Ipib53athrfVG8gRt8fzPL66C6ZqHq+6zZophhrCdfJh/0G4x9xJh5gdMprlaCR1P8yAaVvhBQSKGc4SiIkyMNBcHJ5YTtMQMTfxaB4G1sHZ6SDAY9a6Cq/zNjDwfPapWLsiP4mRhE5SSjJX6l6EYbkm0JeLQg+AbJiNEPvrvDp1wtTxzlPJtIivthmLMThFxK7+DkrYFuLvN5AHUdo9KTDLvHtDCvV70r8v0gafsrKkM/OE9Jtzoo0e1N/5K/ZdyFRbAkFT4QSF3nwpbmBWLf2Evg//YyEuxnz4CwPqFST2mucnrCCGCVWp1vnHZ0y30nM35njLOmWdRDFy5l27pKUTwLp02y3UYiiZyP7d3/u5pKiN4vC27VuvzprSdJxWoAvluOiDeRh+/oeQDowxoT/Oop8DzB9uJmjktXw8jyMW2+Rpg+ENQqeNgF1OGlEzypaWiRskEFlkpLb4v/s3ZDYkL1oW0Nv/J8LTjTOTEaYt2Udjoe9x2xWiGnQixhdChWuG+MaoWffzUgx1tsVj/DBXijR5DjkPkrA1GA98zd3q8GKEaAdcDenJjHhNYSd4+rE9pIsnYn7fo5X/tFfcQH1XQ== nobody@google.com\",\n },\n CpuCoreCount = 4,\n GiVersion = \"19.0.0.0\",\n TimeZone = new Gcp.OracleDatabase.Inputs.CloudVmClusterPropertiesTimeZoneArgs\n {\n Id = \"UTC\",\n },\n NodeCount = 2,\n OcpuCount = 4,\n DataStorageSizeTb = 2,\n DbNodeStorageSizeGb = 120,\n DbServerOcids = new[]\n {\n mydbserver.Apply(getDbServersResult =\u003e getDbServersResult.DbServers[0]?.Properties[0]?.Ocid),\n mydbserver.Apply(getDbServersResult =\u003e getDbServersResult.DbServers[1]?.Properties[0]?.Ocid),\n },\n DiskRedundancy = \"HIGH\",\n SparseDiskgroupEnabled = false,\n LocalBackupEnabled = false,\n ClusterName = \"pq-ppat4\",\n HostnamePrefix = \"hostname1\",\n DiagnosticsDataCollectionOptions = new Gcp.OracleDatabase.Inputs.CloudVmClusterPropertiesDiagnosticsDataCollectionOptionsArgs\n {\n DiagnosticsEventsEnabled = true,\n HealthMonitoringEnabled = true,\n IncidentLogsEnabled = true,\n },\n MemorySizeGb = 60,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/oracledatabase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcloudExadataInfrastructures, err := oracledatabase.NewCloudExadataInfrastructure(ctx, \"cloudExadataInfrastructures\", \u0026oracledatabase.CloudExadataInfrastructureArgs{\n\t\t\tCloudExadataInfrastructureId: pulumi.String(\"my-exadata\"),\n\t\t\tDisplayName: pulumi.String(\"my-exadata displayname\"),\n\t\t\tLocation: pulumi.String(\"us-east4\"),\n\t\t\tProject: pulumi.String(\"my-project\"),\n\t\t\tProperties: \u0026oracledatabase.CloudExadataInfrastructurePropertiesArgs{\n\t\t\t\tShape: pulumi.String(\"Exadata.X9M\"),\n\t\t\t\tComputeCount: pulumi.Int(2),\n\t\t\t\tStorageCount: pulumi.Int(3),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_default, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"new\",\n\t\t\tProject: pulumi.StringRef(\"my-project\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmydbserver := oracledatabase.GetDbServersOutput(ctx, oracledatabase.GetDbServersOutputArgs{\n\t\t\tLocation: pulumi.String(\"us-east4\"),\n\t\t\tProject: pulumi.String(\"my-project\"),\n\t\t\tCloudExadataInfrastructure: cloudExadataInfrastructures.CloudExadataInfrastructureId,\n\t\t}, nil)\n\t\t_, err = oracledatabase.NewCloudVmCluster(ctx, \"my_vmcluster\", \u0026oracledatabase.CloudVmClusterArgs{\n\t\t\tCloudVmClusterId: pulumi.String(\"my-instance\"),\n\t\t\tDisplayName: pulumi.String(\"my-instance displayname\"),\n\t\t\tLocation: pulumi.String(\"us-east4\"),\n\t\t\tProject: pulumi.String(\"my-project\"),\n\t\t\tExadataInfrastructure: cloudExadataInfrastructures.ID(),\n\t\t\tNetwork: pulumi.String(_default.Id),\n\t\t\tCidr: pulumi.String(\"10.5.0.0/24\"),\n\t\t\tBackupSubnetCidr: pulumi.String(\"10.6.0.0/24\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tProperties: \u0026oracledatabase.CloudVmClusterPropertiesArgs{\n\t\t\t\tLicenseType: pulumi.String(\"LICENSE_INCLUDED\"),\n\t\t\t\tSshPublicKeys: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCz1X2744t+6vRLmE5u6nHi6/QWh8bQDgHmd+OIxRQIGA/IWUtCs2FnaCNZcqvZkaeyjk5v0lTA/n+9jvO42Ipib53athrfVG8gRt8fzPL66C6ZqHq+6zZophhrCdfJh/0G4x9xJh5gdMprlaCR1P8yAaVvhBQSKGc4SiIkyMNBcHJ5YTtMQMTfxaB4G1sHZ6SDAY9a6Cq/zNjDwfPapWLsiP4mRhE5SSjJX6l6EYbkm0JeLQg+AbJiNEPvrvDp1wtTxzlPJtIivthmLMThFxK7+DkrYFuLvN5AHUdo9KTDLvHtDCvV70r8v0gafsrKkM/OE9Jtzoo0e1N/5K/ZdyFRbAkFT4QSF3nwpbmBWLf2Evg//YyEuxnz4CwPqFST2mucnrCCGCVWp1vnHZ0y30nM35njLOmWdRDFy5l27pKUTwLp02y3UYiiZyP7d3/u5pKiN4vC27VuvzprSdJxWoAvluOiDeRh+/oeQDowxoT/Oop8DzB9uJmjktXw8jyMW2+Rpg+ENQqeNgF1OGlEzypaWiRskEFlkpLb4v/s3ZDYkL1oW0Nv/J8LTjTOTEaYt2Udjoe9x2xWiGnQixhdChWuG+MaoWffzUgx1tsVj/DBXijR5DjkPkrA1GA98zd3q8GKEaAdcDenJjHhNYSd4+rE9pIsnYn7fo5X/tFfcQH1XQ== nobody@google.com\"),\n\t\t\t\t},\n\t\t\t\tCpuCoreCount: pulumi.Int(4),\n\t\t\t\tGiVersion: pulumi.String(\"19.0.0.0\"),\n\t\t\t\tTimeZone: \u0026oracledatabase.CloudVmClusterPropertiesTimeZoneArgs{\n\t\t\t\t\tId: pulumi.String(\"UTC\"),\n\t\t\t\t},\n\t\t\t\tNodeCount: pulumi.Int(2),\n\t\t\t\tOcpuCount: pulumi.Float64(4),\n\t\t\t\tDataStorageSizeTb: pulumi.Float64(2),\n\t\t\t\tDbNodeStorageSizeGb: pulumi.Int(120),\n\t\t\t\tDbServerOcids: pulumi.StringArray{\n\t\t\t\t\tmydbserver.ApplyT(func(mydbserver oracledatabase.GetDbServersResult) (*string, error) {\n\t\t\t\t\t\treturn \u0026mydbserver.DbServers[0].Properties[0].Ocid, nil\n\t\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\t\tmydbserver.ApplyT(func(mydbserver oracledatabase.GetDbServersResult) (*string, error) {\n\t\t\t\t\t\treturn \u0026mydbserver.DbServers[1].Properties[0].Ocid, nil\n\t\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\t},\n\t\t\t\tDiskRedundancy: pulumi.String(\"HIGH\"),\n\t\t\t\tSparseDiskgroupEnabled: pulumi.Bool(false),\n\t\t\t\tLocalBackupEnabled: pulumi.Bool(false),\n\t\t\t\tClusterName: pulumi.String(\"pq-ppat4\"),\n\t\t\t\tHostnamePrefix: pulumi.String(\"hostname1\"),\n\t\t\t\tDiagnosticsDataCollectionOptions: \u0026oracledatabase.CloudVmClusterPropertiesDiagnosticsDataCollectionOptionsArgs{\n\t\t\t\t\tDiagnosticsEventsEnabled: pulumi.Bool(true),\n\t\t\t\t\tHealthMonitoringEnabled: pulumi.Bool(true),\n\t\t\t\t\tIncidentLogsEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tMemorySizeGb: pulumi.Int(60),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.oracledatabase.CloudExadataInfrastructure;\nimport com.pulumi.gcp.oracledatabase.CloudExadataInfrastructureArgs;\nimport com.pulumi.gcp.oracledatabase.inputs.CloudExadataInfrastructurePropertiesArgs;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport com.pulumi.gcp.oracledatabase.OracledatabaseFunctions;\nimport com.pulumi.gcp.oracledatabase.inputs.GetDbServersArgs;\nimport com.pulumi.gcp.oracledatabase.CloudVmCluster;\nimport com.pulumi.gcp.oracledatabase.CloudVmClusterArgs;\nimport com.pulumi.gcp.oracledatabase.inputs.CloudVmClusterPropertiesArgs;\nimport com.pulumi.gcp.oracledatabase.inputs.CloudVmClusterPropertiesTimeZoneArgs;\nimport com.pulumi.gcp.oracledatabase.inputs.CloudVmClusterPropertiesDiagnosticsDataCollectionOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cloudExadataInfrastructures = new CloudExadataInfrastructure(\"cloudExadataInfrastructures\", CloudExadataInfrastructureArgs.builder()\n .cloudExadataInfrastructureId(\"my-exadata\")\n .displayName(\"my-exadata displayname\")\n .location(\"us-east4\")\n .project(\"my-project\")\n .properties(CloudExadataInfrastructurePropertiesArgs.builder()\n .shape(\"Exadata.X9M\")\n .computeCount(\"2\")\n .storageCount(\"3\")\n .build())\n .build());\n\n final var default = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"new\")\n .project(\"my-project\")\n .build());\n\n final var mydbserver = OracledatabaseFunctions.getDbServers(GetDbServersArgs.builder()\n .location(\"us-east4\")\n .project(\"my-project\")\n .cloudExadataInfrastructure(cloudExadataInfrastructures.cloudExadataInfrastructureId())\n .build());\n\n var myVmcluster = new CloudVmCluster(\"myVmcluster\", CloudVmClusterArgs.builder()\n .cloudVmClusterId(\"my-instance\")\n .displayName(\"my-instance displayname\")\n .location(\"us-east4\")\n .project(\"my-project\")\n .exadataInfrastructure(cloudExadataInfrastructures.id())\n .network(default_.id())\n .cidr(\"10.5.0.0/24\")\n .backupSubnetCidr(\"10.6.0.0/24\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .properties(CloudVmClusterPropertiesArgs.builder()\n .licenseType(\"LICENSE_INCLUDED\")\n .sshPublicKeys(\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCz1X2744t+6vRLmE5u6nHi6/QWh8bQDgHmd+OIxRQIGA/IWUtCs2FnaCNZcqvZkaeyjk5v0lTA/n+9jvO42Ipib53athrfVG8gRt8fzPL66C6ZqHq+6zZophhrCdfJh/0G4x9xJh5gdMprlaCR1P8yAaVvhBQSKGc4SiIkyMNBcHJ5YTtMQMTfxaB4G1sHZ6SDAY9a6Cq/zNjDwfPapWLsiP4mRhE5SSjJX6l6EYbkm0JeLQg+AbJiNEPvrvDp1wtTxzlPJtIivthmLMThFxK7+DkrYFuLvN5AHUdo9KTDLvHtDCvV70r8v0gafsrKkM/OE9Jtzoo0e1N/5K/ZdyFRbAkFT4QSF3nwpbmBWLf2Evg//YyEuxnz4CwPqFST2mucnrCCGCVWp1vnHZ0y30nM35njLOmWdRDFy5l27pKUTwLp02y3UYiiZyP7d3/u5pKiN4vC27VuvzprSdJxWoAvluOiDeRh+/oeQDowxoT/Oop8DzB9uJmjktXw8jyMW2+Rpg+ENQqeNgF1OGlEzypaWiRskEFlkpLb4v/s3ZDYkL1oW0Nv/J8LTjTOTEaYt2Udjoe9x2xWiGnQixhdChWuG+MaoWffzUgx1tsVj/DBXijR5DjkPkrA1GA98zd3q8GKEaAdcDenJjHhNYSd4+rE9pIsnYn7fo5X/tFfcQH1XQ== nobody@google.com\")\n .cpuCoreCount(\"4\")\n .giVersion(\"19.0.0.0\")\n .timeZone(CloudVmClusterPropertiesTimeZoneArgs.builder()\n .id(\"UTC\")\n .build())\n .nodeCount(\"2\")\n .ocpuCount(\"4.0\")\n .dataStorageSizeTb(2)\n .dbNodeStorageSizeGb(120)\n .dbServerOcids( \n mydbserver.applyValue(getDbServersResult -\u003e getDbServersResult).applyValue(mydbserver -\u003e mydbserver.applyValue(getDbServersResult -\u003e getDbServersResult.dbServers()[0].properties()[0].ocid())),\n mydbserver.applyValue(getDbServersResult -\u003e getDbServersResult).applyValue(mydbserver -\u003e mydbserver.applyValue(getDbServersResult -\u003e getDbServersResult.dbServers()[1].properties()[0].ocid())))\n .diskRedundancy(\"HIGH\")\n .sparseDiskgroupEnabled(false)\n .localBackupEnabled(false)\n .clusterName(\"pq-ppat4\")\n .hostnamePrefix(\"hostname1\")\n .diagnosticsDataCollectionOptions(CloudVmClusterPropertiesDiagnosticsDataCollectionOptionsArgs.builder()\n .diagnosticsEventsEnabled(true)\n .healthMonitoringEnabled(true)\n .incidentLogsEnabled(true)\n .build())\n .memorySizeGb(60)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myVmcluster:\n type: gcp:oracledatabase:CloudVmCluster\n name: my_vmcluster\n properties:\n cloudVmClusterId: my-instance\n displayName: my-instance displayname\n location: us-east4\n project: my-project\n exadataInfrastructure: ${cloudExadataInfrastructures.id}\n network: ${default.id}\n cidr: 10.5.0.0/24\n backupSubnetCidr: 10.6.0.0/24\n labels:\n label-one: value-one\n properties:\n licenseType: LICENSE_INCLUDED\n sshPublicKeys:\n - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCz1X2744t+6vRLmE5u6nHi6/QWh8bQDgHmd+OIxRQIGA/IWUtCs2FnaCNZcqvZkaeyjk5v0lTA/n+9jvO42Ipib53athrfVG8gRt8fzPL66C6ZqHq+6zZophhrCdfJh/0G4x9xJh5gdMprlaCR1P8yAaVvhBQSKGc4SiIkyMNBcHJ5YTtMQMTfxaB4G1sHZ6SDAY9a6Cq/zNjDwfPapWLsiP4mRhE5SSjJX6l6EYbkm0JeLQg+AbJiNEPvrvDp1wtTxzlPJtIivthmLMThFxK7+DkrYFuLvN5AHUdo9KTDLvHtDCvV70r8v0gafsrKkM/OE9Jtzoo0e1N/5K/ZdyFRbAkFT4QSF3nwpbmBWLf2Evg//YyEuxnz4CwPqFST2mucnrCCGCVWp1vnHZ0y30nM35njLOmWdRDFy5l27pKUTwLp02y3UYiiZyP7d3/u5pKiN4vC27VuvzprSdJxWoAvluOiDeRh+/oeQDowxoT/Oop8DzB9uJmjktXw8jyMW2+Rpg+ENQqeNgF1OGlEzypaWiRskEFlkpLb4v/s3ZDYkL1oW0Nv/J8LTjTOTEaYt2Udjoe9x2xWiGnQixhdChWuG+MaoWffzUgx1tsVj/DBXijR5DjkPkrA1GA98zd3q8GKEaAdcDenJjHhNYSd4+rE9pIsnYn7fo5X/tFfcQH1XQ== nobody@google.com\n cpuCoreCount: '4'\n giVersion: 19.0.0.0\n timeZone:\n id: UTC\n nodeCount: '2'\n ocpuCount: '4.0'\n dataStorageSizeTb: 2\n dbNodeStorageSizeGb: 120\n dbServerOcids:\n - ${mydbserver.dbServers[0].properties[0].ocid}\n - ${mydbserver.dbServers[1].properties[0].ocid}\n diskRedundancy: HIGH\n sparseDiskgroupEnabled: false\n localBackupEnabled: false\n clusterName: pq-ppat4\n hostnamePrefix: hostname1\n diagnosticsDataCollectionOptions:\n diagnosticsEventsEnabled: true\n healthMonitoringEnabled: true\n incidentLogsEnabled: true\n memorySizeGb: 60\n cloudExadataInfrastructures:\n type: gcp:oracledatabase:CloudExadataInfrastructure\n properties:\n cloudExadataInfrastructureId: my-exadata\n displayName: my-exadata displayname\n location: us-east4\n project: my-project\n properties:\n shape: Exadata.X9M\n computeCount: '2'\n storageCount: '3'\nvariables:\n default:\n fn::invoke:\n Function: gcp:compute:getNetwork\n Arguments:\n name: new\n project: my-project\n mydbserver:\n fn::invoke:\n Function: gcp:oracledatabase:getDbServers\n Arguments:\n location: us-east4\n project: my-project\n cloudExadataInfrastructure: ${cloudExadataInfrastructures.cloudExadataInfrastructureId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nCloudVmCluster can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/cloudVmClusters/{{cloud_vm_cluster_id}}`\n\n* `{{project}}/{{location}}/{{cloud_vm_cluster_id}}`\n\n* `{{location}}/{{cloud_vm_cluster_id}}`\n\nWhen using the `pulumi import` command, CloudVmCluster can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:oracledatabase/cloudVmCluster:CloudVmCluster default projects/{{project}}/locations/{{location}}/cloudVmClusters/{{cloud_vm_cluster_id}}\n```\n\n```sh\n$ pulumi import gcp:oracledatabase/cloudVmCluster:CloudVmCluster default {{project}}/{{location}}/{{cloud_vm_cluster_id}}\n```\n\n```sh\n$ pulumi import gcp:oracledatabase/cloudVmCluster:CloudVmCluster default {{location}}/{{cloud_vm_cluster_id}}\n```\n\n", + "description": "A CloudVmCluster resource.\n\n\nTo get more information about CloudVmCluster, see:\n\n* [API documentation](https://cloud.google.com/oracle/database/docs/reference/rest/v1/projects.locations.cloudVmClusters)\n* How-to Guides\n * [Create VM clusters](https://cloud.google.com/oracle/database/docs/create-clusters)\n\n## Example Usage\n\n### Oracledatabase Cloud Vmcluster Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cloudExadataInfrastructures = new gcp.oracledatabase.CloudExadataInfrastructure(\"cloudExadataInfrastructures\", {\n cloudExadataInfrastructureId: \"my-exadata\",\n displayName: \"my-exadata displayname\",\n location: \"us-east4\",\n project: \"my-project\",\n properties: {\n shape: \"Exadata.X9M\",\n computeCount: 2,\n storageCount: 3,\n },\n});\nconst default = gcp.compute.getNetwork({\n name: \"new\",\n project: \"my-project\",\n});\nconst myVmcluster = new gcp.oracledatabase.CloudVmCluster(\"my_vmcluster\", {\n cloudVmClusterId: \"my-instance\",\n displayName: \"my-instance displayname\",\n location: \"us-east4\",\n project: \"my-project\",\n exadataInfrastructure: cloudExadataInfrastructures.id,\n network: _default.then(_default =\u003e _default.id),\n cidr: \"10.5.0.0/24\",\n backupSubnetCidr: \"10.6.0.0/24\",\n properties: {\n licenseType: \"LICENSE_INCLUDED\",\n sshPublicKeys: [\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCz1X2744t+6vRLmE5u6nHi6/QWh8bQDgHmd+OIxRQIGA/IWUtCs2FnaCNZcqvZkaeyjk5v0lTA/n+9jvO42Ipib53athrfVG8gRt8fzPL66C6ZqHq+6zZophhrCdfJh/0G4x9xJh5gdMprlaCR1P8yAaVvhBQSKGc4SiIkyMNBcHJ5YTtMQMTfxaB4G1sHZ6SDAY9a6Cq/zNjDwfPapWLsiP4mRhE5SSjJX6l6EYbkm0JeLQg+AbJiNEPvrvDp1wtTxzlPJtIivthmLMThFxK7+DkrYFuLvN5AHUdo9KTDLvHtDCvV70r8v0gafsrKkM/OE9Jtzoo0e1N/5K/ZdyFRbAkFT4QSF3nwpbmBWLf2Evg//YyEuxnz4CwPqFST2mucnrCCGCVWp1vnHZ0y30nM35njLOmWdRDFy5l27pKUTwLp02y3UYiiZyP7d3/u5pKiN4vC27VuvzprSdJxWoAvluOiDeRh+/oeQDowxoT/Oop8DzB9uJmjktXw8jyMW2+Rpg+ENQqeNgF1OGlEzypaWiRskEFlkpLb4v/s3ZDYkL1oW0Nv/J8LTjTOTEaYt2Udjoe9x2xWiGnQixhdChWuG+MaoWffzUgx1tsVj/DBXijR5DjkPkrA1GA98zd3q8GKEaAdcDenJjHhNYSd4+rE9pIsnYn7fo5X/tFfcQH1XQ== nobody@google.com\"],\n cpuCoreCount: 4,\n giVersion: \"19.0.0.0\",\n hostnamePrefix: \"hostname1\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncloud_exadata_infrastructures = gcp.oracledatabase.CloudExadataInfrastructure(\"cloudExadataInfrastructures\",\n cloud_exadata_infrastructure_id=\"my-exadata\",\n display_name=\"my-exadata displayname\",\n location=\"us-east4\",\n project=\"my-project\",\n properties={\n \"shape\": \"Exadata.X9M\",\n \"compute_count\": 2,\n \"storage_count\": 3,\n })\ndefault = gcp.compute.get_network(name=\"new\",\n project=\"my-project\")\nmy_vmcluster = gcp.oracledatabase.CloudVmCluster(\"my_vmcluster\",\n cloud_vm_cluster_id=\"my-instance\",\n display_name=\"my-instance displayname\",\n location=\"us-east4\",\n project=\"my-project\",\n exadata_infrastructure=cloud_exadata_infrastructures.id,\n network=default.id,\n cidr=\"10.5.0.0/24\",\n backup_subnet_cidr=\"10.6.0.0/24\",\n properties={\n \"license_type\": \"LICENSE_INCLUDED\",\n \"ssh_public_keys\": [\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCz1X2744t+6vRLmE5u6nHi6/QWh8bQDgHmd+OIxRQIGA/IWUtCs2FnaCNZcqvZkaeyjk5v0lTA/n+9jvO42Ipib53athrfVG8gRt8fzPL66C6ZqHq+6zZophhrCdfJh/0G4x9xJh5gdMprlaCR1P8yAaVvhBQSKGc4SiIkyMNBcHJ5YTtMQMTfxaB4G1sHZ6SDAY9a6Cq/zNjDwfPapWLsiP4mRhE5SSjJX6l6EYbkm0JeLQg+AbJiNEPvrvDp1wtTxzlPJtIivthmLMThFxK7+DkrYFuLvN5AHUdo9KTDLvHtDCvV70r8v0gafsrKkM/OE9Jtzoo0e1N/5K/ZdyFRbAkFT4QSF3nwpbmBWLf2Evg//YyEuxnz4CwPqFST2mucnrCCGCVWp1vnHZ0y30nM35njLOmWdRDFy5l27pKUTwLp02y3UYiiZyP7d3/u5pKiN4vC27VuvzprSdJxWoAvluOiDeRh+/oeQDowxoT/Oop8DzB9uJmjktXw8jyMW2+Rpg+ENQqeNgF1OGlEzypaWiRskEFlkpLb4v/s3ZDYkL1oW0Nv/J8LTjTOTEaYt2Udjoe9x2xWiGnQixhdChWuG+MaoWffzUgx1tsVj/DBXijR5DjkPkrA1GA98zd3q8GKEaAdcDenJjHhNYSd4+rE9pIsnYn7fo5X/tFfcQH1XQ== nobody@google.com\"],\n \"cpu_core_count\": 4,\n \"gi_version\": \"19.0.0.0\",\n \"hostname_prefix\": \"hostname1\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cloudExadataInfrastructures = new Gcp.OracleDatabase.CloudExadataInfrastructure(\"cloudExadataInfrastructures\", new()\n {\n CloudExadataInfrastructureId = \"my-exadata\",\n DisplayName = \"my-exadata displayname\",\n Location = \"us-east4\",\n Project = \"my-project\",\n Properties = new Gcp.OracleDatabase.Inputs.CloudExadataInfrastructurePropertiesArgs\n {\n Shape = \"Exadata.X9M\",\n ComputeCount = 2,\n StorageCount = 3,\n },\n });\n\n var @default = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"new\",\n Project = \"my-project\",\n });\n\n var myVmcluster = new Gcp.OracleDatabase.CloudVmCluster(\"my_vmcluster\", new()\n {\n CloudVmClusterId = \"my-instance\",\n DisplayName = \"my-instance displayname\",\n Location = \"us-east4\",\n Project = \"my-project\",\n ExadataInfrastructure = cloudExadataInfrastructures.Id,\n Network = @default.Apply(@default =\u003e @default.Apply(getNetworkResult =\u003e getNetworkResult.Id)),\n Cidr = \"10.5.0.0/24\",\n BackupSubnetCidr = \"10.6.0.0/24\",\n Properties = new Gcp.OracleDatabase.Inputs.CloudVmClusterPropertiesArgs\n {\n LicenseType = \"LICENSE_INCLUDED\",\n SshPublicKeys = new[]\n {\n \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCz1X2744t+6vRLmE5u6nHi6/QWh8bQDgHmd+OIxRQIGA/IWUtCs2FnaCNZcqvZkaeyjk5v0lTA/n+9jvO42Ipib53athrfVG8gRt8fzPL66C6ZqHq+6zZophhrCdfJh/0G4x9xJh5gdMprlaCR1P8yAaVvhBQSKGc4SiIkyMNBcHJ5YTtMQMTfxaB4G1sHZ6SDAY9a6Cq/zNjDwfPapWLsiP4mRhE5SSjJX6l6EYbkm0JeLQg+AbJiNEPvrvDp1wtTxzlPJtIivthmLMThFxK7+DkrYFuLvN5AHUdo9KTDLvHtDCvV70r8v0gafsrKkM/OE9Jtzoo0e1N/5K/ZdyFRbAkFT4QSF3nwpbmBWLf2Evg//YyEuxnz4CwPqFST2mucnrCCGCVWp1vnHZ0y30nM35njLOmWdRDFy5l27pKUTwLp02y3UYiiZyP7d3/u5pKiN4vC27VuvzprSdJxWoAvluOiDeRh+/oeQDowxoT/Oop8DzB9uJmjktXw8jyMW2+Rpg+ENQqeNgF1OGlEzypaWiRskEFlkpLb4v/s3ZDYkL1oW0Nv/J8LTjTOTEaYt2Udjoe9x2xWiGnQixhdChWuG+MaoWffzUgx1tsVj/DBXijR5DjkPkrA1GA98zd3q8GKEaAdcDenJjHhNYSd4+rE9pIsnYn7fo5X/tFfcQH1XQ== nobody@google.com\",\n },\n CpuCoreCount = 4,\n GiVersion = \"19.0.0.0\",\n HostnamePrefix = \"hostname1\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/oracledatabase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcloudExadataInfrastructures, err := oracledatabase.NewCloudExadataInfrastructure(ctx, \"cloudExadataInfrastructures\", \u0026oracledatabase.CloudExadataInfrastructureArgs{\n\t\t\tCloudExadataInfrastructureId: pulumi.String(\"my-exadata\"),\n\t\t\tDisplayName: pulumi.String(\"my-exadata displayname\"),\n\t\t\tLocation: pulumi.String(\"us-east4\"),\n\t\t\tProject: pulumi.String(\"my-project\"),\n\t\t\tProperties: \u0026oracledatabase.CloudExadataInfrastructurePropertiesArgs{\n\t\t\t\tShape: pulumi.String(\"Exadata.X9M\"),\n\t\t\t\tComputeCount: pulumi.Int(2),\n\t\t\t\tStorageCount: pulumi.Int(3),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_default, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"new\",\n\t\t\tProject: pulumi.StringRef(\"my-project\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = oracledatabase.NewCloudVmCluster(ctx, \"my_vmcluster\", \u0026oracledatabase.CloudVmClusterArgs{\n\t\t\tCloudVmClusterId: pulumi.String(\"my-instance\"),\n\t\t\tDisplayName: pulumi.String(\"my-instance displayname\"),\n\t\t\tLocation: pulumi.String(\"us-east4\"),\n\t\t\tProject: pulumi.String(\"my-project\"),\n\t\t\tExadataInfrastructure: cloudExadataInfrastructures.ID(),\n\t\t\tNetwork: pulumi.String(_default.Id),\n\t\t\tCidr: pulumi.String(\"10.5.0.0/24\"),\n\t\t\tBackupSubnetCidr: pulumi.String(\"10.6.0.0/24\"),\n\t\t\tProperties: \u0026oracledatabase.CloudVmClusterPropertiesArgs{\n\t\t\t\tLicenseType: pulumi.String(\"LICENSE_INCLUDED\"),\n\t\t\t\tSshPublicKeys: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCz1X2744t+6vRLmE5u6nHi6/QWh8bQDgHmd+OIxRQIGA/IWUtCs2FnaCNZcqvZkaeyjk5v0lTA/n+9jvO42Ipib53athrfVG8gRt8fzPL66C6ZqHq+6zZophhrCdfJh/0G4x9xJh5gdMprlaCR1P8yAaVvhBQSKGc4SiIkyMNBcHJ5YTtMQMTfxaB4G1sHZ6SDAY9a6Cq/zNjDwfPapWLsiP4mRhE5SSjJX6l6EYbkm0JeLQg+AbJiNEPvrvDp1wtTxzlPJtIivthmLMThFxK7+DkrYFuLvN5AHUdo9KTDLvHtDCvV70r8v0gafsrKkM/OE9Jtzoo0e1N/5K/ZdyFRbAkFT4QSF3nwpbmBWLf2Evg//YyEuxnz4CwPqFST2mucnrCCGCVWp1vnHZ0y30nM35njLOmWdRDFy5l27pKUTwLp02y3UYiiZyP7d3/u5pKiN4vC27VuvzprSdJxWoAvluOiDeRh+/oeQDowxoT/Oop8DzB9uJmjktXw8jyMW2+Rpg+ENQqeNgF1OGlEzypaWiRskEFlkpLb4v/s3ZDYkL1oW0Nv/J8LTjTOTEaYt2Udjoe9x2xWiGnQixhdChWuG+MaoWffzUgx1tsVj/DBXijR5DjkPkrA1GA98zd3q8GKEaAdcDenJjHhNYSd4+rE9pIsnYn7fo5X/tFfcQH1XQ== nobody@google.com\"),\n\t\t\t\t},\n\t\t\t\tCpuCoreCount: pulumi.Int(4),\n\t\t\t\tGiVersion: pulumi.String(\"19.0.0.0\"),\n\t\t\t\tHostnamePrefix: pulumi.String(\"hostname1\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.oracledatabase.CloudExadataInfrastructure;\nimport com.pulumi.gcp.oracledatabase.CloudExadataInfrastructureArgs;\nimport com.pulumi.gcp.oracledatabase.inputs.CloudExadataInfrastructurePropertiesArgs;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport com.pulumi.gcp.oracledatabase.CloudVmCluster;\nimport com.pulumi.gcp.oracledatabase.CloudVmClusterArgs;\nimport com.pulumi.gcp.oracledatabase.inputs.CloudVmClusterPropertiesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cloudExadataInfrastructures = new CloudExadataInfrastructure(\"cloudExadataInfrastructures\", CloudExadataInfrastructureArgs.builder()\n .cloudExadataInfrastructureId(\"my-exadata\")\n .displayName(\"my-exadata displayname\")\n .location(\"us-east4\")\n .project(\"my-project\")\n .properties(CloudExadataInfrastructurePropertiesArgs.builder()\n .shape(\"Exadata.X9M\")\n .computeCount(\"2\")\n .storageCount(\"3\")\n .build())\n .build());\n\n final var default = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"new\")\n .project(\"my-project\")\n .build());\n\n var myVmcluster = new CloudVmCluster(\"myVmcluster\", CloudVmClusterArgs.builder()\n .cloudVmClusterId(\"my-instance\")\n .displayName(\"my-instance displayname\")\n .location(\"us-east4\")\n .project(\"my-project\")\n .exadataInfrastructure(cloudExadataInfrastructures.id())\n .network(default_.id())\n .cidr(\"10.5.0.0/24\")\n .backupSubnetCidr(\"10.6.0.0/24\")\n .properties(CloudVmClusterPropertiesArgs.builder()\n .licenseType(\"LICENSE_INCLUDED\")\n .sshPublicKeys(\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCz1X2744t+6vRLmE5u6nHi6/QWh8bQDgHmd+OIxRQIGA/IWUtCs2FnaCNZcqvZkaeyjk5v0lTA/n+9jvO42Ipib53athrfVG8gRt8fzPL66C6ZqHq+6zZophhrCdfJh/0G4x9xJh5gdMprlaCR1P8yAaVvhBQSKGc4SiIkyMNBcHJ5YTtMQMTfxaB4G1sHZ6SDAY9a6Cq/zNjDwfPapWLsiP4mRhE5SSjJX6l6EYbkm0JeLQg+AbJiNEPvrvDp1wtTxzlPJtIivthmLMThFxK7+DkrYFuLvN5AHUdo9KTDLvHtDCvV70r8v0gafsrKkM/OE9Jtzoo0e1N/5K/ZdyFRbAkFT4QSF3nwpbmBWLf2Evg//YyEuxnz4CwPqFST2mucnrCCGCVWp1vnHZ0y30nM35njLOmWdRDFy5l27pKUTwLp02y3UYiiZyP7d3/u5pKiN4vC27VuvzprSdJxWoAvluOiDeRh+/oeQDowxoT/Oop8DzB9uJmjktXw8jyMW2+Rpg+ENQqeNgF1OGlEzypaWiRskEFlkpLb4v/s3ZDYkL1oW0Nv/J8LTjTOTEaYt2Udjoe9x2xWiGnQixhdChWuG+MaoWffzUgx1tsVj/DBXijR5DjkPkrA1GA98zd3q8GKEaAdcDenJjHhNYSd4+rE9pIsnYn7fo5X/tFfcQH1XQ== nobody@google.com\")\n .cpuCoreCount(\"4\")\n .giVersion(\"19.0.0.0\")\n .hostnamePrefix(\"hostname1\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myVmcluster:\n type: gcp:oracledatabase:CloudVmCluster\n name: my_vmcluster\n properties:\n cloudVmClusterId: my-instance\n displayName: my-instance displayname\n location: us-east4\n project: my-project\n exadataInfrastructure: ${cloudExadataInfrastructures.id}\n network: ${default.id}\n cidr: 10.5.0.0/24\n backupSubnetCidr: 10.6.0.0/24\n properties:\n licenseType: LICENSE_INCLUDED\n sshPublicKeys:\n - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCz1X2744t+6vRLmE5u6nHi6/QWh8bQDgHmd+OIxRQIGA/IWUtCs2FnaCNZcqvZkaeyjk5v0lTA/n+9jvO42Ipib53athrfVG8gRt8fzPL66C6ZqHq+6zZophhrCdfJh/0G4x9xJh5gdMprlaCR1P8yAaVvhBQSKGc4SiIkyMNBcHJ5YTtMQMTfxaB4G1sHZ6SDAY9a6Cq/zNjDwfPapWLsiP4mRhE5SSjJX6l6EYbkm0JeLQg+AbJiNEPvrvDp1wtTxzlPJtIivthmLMThFxK7+DkrYFuLvN5AHUdo9KTDLvHtDCvV70r8v0gafsrKkM/OE9Jtzoo0e1N/5K/ZdyFRbAkFT4QSF3nwpbmBWLf2Evg//YyEuxnz4CwPqFST2mucnrCCGCVWp1vnHZ0y30nM35njLOmWdRDFy5l27pKUTwLp02y3UYiiZyP7d3/u5pKiN4vC27VuvzprSdJxWoAvluOiDeRh+/oeQDowxoT/Oop8DzB9uJmjktXw8jyMW2+Rpg+ENQqeNgF1OGlEzypaWiRskEFlkpLb4v/s3ZDYkL1oW0Nv/J8LTjTOTEaYt2Udjoe9x2xWiGnQixhdChWuG+MaoWffzUgx1tsVj/DBXijR5DjkPkrA1GA98zd3q8GKEaAdcDenJjHhNYSd4+rE9pIsnYn7fo5X/tFfcQH1XQ== nobody@google.com\n cpuCoreCount: '4'\n giVersion: 19.0.0.0\n hostnamePrefix: hostname1\n cloudExadataInfrastructures:\n type: gcp:oracledatabase:CloudExadataInfrastructure\n properties:\n cloudExadataInfrastructureId: my-exadata\n displayName: my-exadata displayname\n location: us-east4\n project: my-project\n properties:\n shape: Exadata.X9M\n computeCount: '2'\n storageCount: '3'\nvariables:\n default:\n fn::invoke:\n function: gcp:compute:getNetwork\n arguments:\n name: new\n project: my-project\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Oracledatabase Cloud Vmcluster Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cloudExadataInfrastructures = new gcp.oracledatabase.CloudExadataInfrastructure(\"cloudExadataInfrastructures\", {\n cloudExadataInfrastructureId: \"my-exadata\",\n displayName: \"my-exadata displayname\",\n location: \"us-east4\",\n project: \"my-project\",\n properties: {\n shape: \"Exadata.X9M\",\n computeCount: 2,\n storageCount: 3,\n },\n});\nconst default = gcp.compute.getNetwork({\n name: \"new\",\n project: \"my-project\",\n});\nconst mydbserver = gcp.oracledatabase.getDbServersOutput({\n location: \"us-east4\",\n project: \"my-project\",\n cloudExadataInfrastructure: cloudExadataInfrastructures.cloudExadataInfrastructureId,\n});\nconst myVmcluster = new gcp.oracledatabase.CloudVmCluster(\"my_vmcluster\", {\n cloudVmClusterId: \"my-instance\",\n displayName: \"my-instance displayname\",\n location: \"us-east4\",\n project: \"my-project\",\n exadataInfrastructure: cloudExadataInfrastructures.id,\n network: _default.then(_default =\u003e _default.id),\n cidr: \"10.5.0.0/24\",\n backupSubnetCidr: \"10.6.0.0/24\",\n labels: {\n \"label-one\": \"value-one\",\n },\n properties: {\n licenseType: \"LICENSE_INCLUDED\",\n sshPublicKeys: [\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCz1X2744t+6vRLmE5u6nHi6/QWh8bQDgHmd+OIxRQIGA/IWUtCs2FnaCNZcqvZkaeyjk5v0lTA/n+9jvO42Ipib53athrfVG8gRt8fzPL66C6ZqHq+6zZophhrCdfJh/0G4x9xJh5gdMprlaCR1P8yAaVvhBQSKGc4SiIkyMNBcHJ5YTtMQMTfxaB4G1sHZ6SDAY9a6Cq/zNjDwfPapWLsiP4mRhE5SSjJX6l6EYbkm0JeLQg+AbJiNEPvrvDp1wtTxzlPJtIivthmLMThFxK7+DkrYFuLvN5AHUdo9KTDLvHtDCvV70r8v0gafsrKkM/OE9Jtzoo0e1N/5K/ZdyFRbAkFT4QSF3nwpbmBWLf2Evg//YyEuxnz4CwPqFST2mucnrCCGCVWp1vnHZ0y30nM35njLOmWdRDFy5l27pKUTwLp02y3UYiiZyP7d3/u5pKiN4vC27VuvzprSdJxWoAvluOiDeRh+/oeQDowxoT/Oop8DzB9uJmjktXw8jyMW2+Rpg+ENQqeNgF1OGlEzypaWiRskEFlkpLb4v/s3ZDYkL1oW0Nv/J8LTjTOTEaYt2Udjoe9x2xWiGnQixhdChWuG+MaoWffzUgx1tsVj/DBXijR5DjkPkrA1GA98zd3q8GKEaAdcDenJjHhNYSd4+rE9pIsnYn7fo5X/tFfcQH1XQ== nobody@google.com\"],\n cpuCoreCount: 4,\n giVersion: \"19.0.0.0\",\n timeZone: {\n id: \"UTC\",\n },\n nodeCount: 2,\n ocpuCount: 4,\n dataStorageSizeTb: 2,\n dbNodeStorageSizeGb: 120,\n dbServerOcids: [\n mydbserver.apply(mydbserver =\u003e mydbserver.dbServers?.[0]?.properties?.[0]?.ocid),\n mydbserver.apply(mydbserver =\u003e mydbserver.dbServers?.[1]?.properties?.[0]?.ocid),\n ],\n diskRedundancy: \"HIGH\",\n sparseDiskgroupEnabled: false,\n localBackupEnabled: false,\n clusterName: \"pq-ppat4\",\n hostnamePrefix: \"hostname1\",\n diagnosticsDataCollectionOptions: {\n diagnosticsEventsEnabled: true,\n healthMonitoringEnabled: true,\n incidentLogsEnabled: true,\n },\n memorySizeGb: 60,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncloud_exadata_infrastructures = gcp.oracledatabase.CloudExadataInfrastructure(\"cloudExadataInfrastructures\",\n cloud_exadata_infrastructure_id=\"my-exadata\",\n display_name=\"my-exadata displayname\",\n location=\"us-east4\",\n project=\"my-project\",\n properties={\n \"shape\": \"Exadata.X9M\",\n \"compute_count\": 2,\n \"storage_count\": 3,\n })\ndefault = gcp.compute.get_network(name=\"new\",\n project=\"my-project\")\nmydbserver = gcp.oracledatabase.get_db_servers_output(location=\"us-east4\",\n project=\"my-project\",\n cloud_exadata_infrastructure=cloud_exadata_infrastructures.cloud_exadata_infrastructure_id)\nmy_vmcluster = gcp.oracledatabase.CloudVmCluster(\"my_vmcluster\",\n cloud_vm_cluster_id=\"my-instance\",\n display_name=\"my-instance displayname\",\n location=\"us-east4\",\n project=\"my-project\",\n exadata_infrastructure=cloud_exadata_infrastructures.id,\n network=default.id,\n cidr=\"10.5.0.0/24\",\n backup_subnet_cidr=\"10.6.0.0/24\",\n labels={\n \"label-one\": \"value-one\",\n },\n properties={\n \"license_type\": \"LICENSE_INCLUDED\",\n \"ssh_public_keys\": [\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCz1X2744t+6vRLmE5u6nHi6/QWh8bQDgHmd+OIxRQIGA/IWUtCs2FnaCNZcqvZkaeyjk5v0lTA/n+9jvO42Ipib53athrfVG8gRt8fzPL66C6ZqHq+6zZophhrCdfJh/0G4x9xJh5gdMprlaCR1P8yAaVvhBQSKGc4SiIkyMNBcHJ5YTtMQMTfxaB4G1sHZ6SDAY9a6Cq/zNjDwfPapWLsiP4mRhE5SSjJX6l6EYbkm0JeLQg+AbJiNEPvrvDp1wtTxzlPJtIivthmLMThFxK7+DkrYFuLvN5AHUdo9KTDLvHtDCvV70r8v0gafsrKkM/OE9Jtzoo0e1N/5K/ZdyFRbAkFT4QSF3nwpbmBWLf2Evg//YyEuxnz4CwPqFST2mucnrCCGCVWp1vnHZ0y30nM35njLOmWdRDFy5l27pKUTwLp02y3UYiiZyP7d3/u5pKiN4vC27VuvzprSdJxWoAvluOiDeRh+/oeQDowxoT/Oop8DzB9uJmjktXw8jyMW2+Rpg+ENQqeNgF1OGlEzypaWiRskEFlkpLb4v/s3ZDYkL1oW0Nv/J8LTjTOTEaYt2Udjoe9x2xWiGnQixhdChWuG+MaoWffzUgx1tsVj/DBXijR5DjkPkrA1GA98zd3q8GKEaAdcDenJjHhNYSd4+rE9pIsnYn7fo5X/tFfcQH1XQ== nobody@google.com\"],\n \"cpu_core_count\": 4,\n \"gi_version\": \"19.0.0.0\",\n \"time_zone\": {\n \"id\": \"UTC\",\n },\n \"node_count\": 2,\n \"ocpu_count\": 4,\n \"data_storage_size_tb\": 2,\n \"db_node_storage_size_gb\": 120,\n \"db_server_ocids\": [\n mydbserver.db_servers[0].properties[0].ocid,\n mydbserver.db_servers[1].properties[0].ocid,\n ],\n \"disk_redundancy\": \"HIGH\",\n \"sparse_diskgroup_enabled\": False,\n \"local_backup_enabled\": False,\n \"cluster_name\": \"pq-ppat4\",\n \"hostname_prefix\": \"hostname1\",\n \"diagnostics_data_collection_options\": {\n \"diagnostics_events_enabled\": True,\n \"health_monitoring_enabled\": True,\n \"incident_logs_enabled\": True,\n },\n \"memory_size_gb\": 60,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cloudExadataInfrastructures = new Gcp.OracleDatabase.CloudExadataInfrastructure(\"cloudExadataInfrastructures\", new()\n {\n CloudExadataInfrastructureId = \"my-exadata\",\n DisplayName = \"my-exadata displayname\",\n Location = \"us-east4\",\n Project = \"my-project\",\n Properties = new Gcp.OracleDatabase.Inputs.CloudExadataInfrastructurePropertiesArgs\n {\n Shape = \"Exadata.X9M\",\n ComputeCount = 2,\n StorageCount = 3,\n },\n });\n\n var @default = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"new\",\n Project = \"my-project\",\n });\n\n var mydbserver = Gcp.OracleDatabase.GetDbServers.Invoke(new()\n {\n Location = \"us-east4\",\n Project = \"my-project\",\n CloudExadataInfrastructure = cloudExadataInfrastructures.CloudExadataInfrastructureId,\n });\n\n var myVmcluster = new Gcp.OracleDatabase.CloudVmCluster(\"my_vmcluster\", new()\n {\n CloudVmClusterId = \"my-instance\",\n DisplayName = \"my-instance displayname\",\n Location = \"us-east4\",\n Project = \"my-project\",\n ExadataInfrastructure = cloudExadataInfrastructures.Id,\n Network = @default.Apply(@default =\u003e @default.Apply(getNetworkResult =\u003e getNetworkResult.Id)),\n Cidr = \"10.5.0.0/24\",\n BackupSubnetCidr = \"10.6.0.0/24\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n Properties = new Gcp.OracleDatabase.Inputs.CloudVmClusterPropertiesArgs\n {\n LicenseType = \"LICENSE_INCLUDED\",\n SshPublicKeys = new[]\n {\n \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCz1X2744t+6vRLmE5u6nHi6/QWh8bQDgHmd+OIxRQIGA/IWUtCs2FnaCNZcqvZkaeyjk5v0lTA/n+9jvO42Ipib53athrfVG8gRt8fzPL66C6ZqHq+6zZophhrCdfJh/0G4x9xJh5gdMprlaCR1P8yAaVvhBQSKGc4SiIkyMNBcHJ5YTtMQMTfxaB4G1sHZ6SDAY9a6Cq/zNjDwfPapWLsiP4mRhE5SSjJX6l6EYbkm0JeLQg+AbJiNEPvrvDp1wtTxzlPJtIivthmLMThFxK7+DkrYFuLvN5AHUdo9KTDLvHtDCvV70r8v0gafsrKkM/OE9Jtzoo0e1N/5K/ZdyFRbAkFT4QSF3nwpbmBWLf2Evg//YyEuxnz4CwPqFST2mucnrCCGCVWp1vnHZ0y30nM35njLOmWdRDFy5l27pKUTwLp02y3UYiiZyP7d3/u5pKiN4vC27VuvzprSdJxWoAvluOiDeRh+/oeQDowxoT/Oop8DzB9uJmjktXw8jyMW2+Rpg+ENQqeNgF1OGlEzypaWiRskEFlkpLb4v/s3ZDYkL1oW0Nv/J8LTjTOTEaYt2Udjoe9x2xWiGnQixhdChWuG+MaoWffzUgx1tsVj/DBXijR5DjkPkrA1GA98zd3q8GKEaAdcDenJjHhNYSd4+rE9pIsnYn7fo5X/tFfcQH1XQ== nobody@google.com\",\n },\n CpuCoreCount = 4,\n GiVersion = \"19.0.0.0\",\n TimeZone = new Gcp.OracleDatabase.Inputs.CloudVmClusterPropertiesTimeZoneArgs\n {\n Id = \"UTC\",\n },\n NodeCount = 2,\n OcpuCount = 4,\n DataStorageSizeTb = 2,\n DbNodeStorageSizeGb = 120,\n DbServerOcids = new[]\n {\n mydbserver.Apply(getDbServersResult =\u003e getDbServersResult.DbServers[0]?.Properties[0]?.Ocid),\n mydbserver.Apply(getDbServersResult =\u003e getDbServersResult.DbServers[1]?.Properties[0]?.Ocid),\n },\n DiskRedundancy = \"HIGH\",\n SparseDiskgroupEnabled = false,\n LocalBackupEnabled = false,\n ClusterName = \"pq-ppat4\",\n HostnamePrefix = \"hostname1\",\n DiagnosticsDataCollectionOptions = new Gcp.OracleDatabase.Inputs.CloudVmClusterPropertiesDiagnosticsDataCollectionOptionsArgs\n {\n DiagnosticsEventsEnabled = true,\n HealthMonitoringEnabled = true,\n IncidentLogsEnabled = true,\n },\n MemorySizeGb = 60,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/oracledatabase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcloudExadataInfrastructures, err := oracledatabase.NewCloudExadataInfrastructure(ctx, \"cloudExadataInfrastructures\", \u0026oracledatabase.CloudExadataInfrastructureArgs{\n\t\t\tCloudExadataInfrastructureId: pulumi.String(\"my-exadata\"),\n\t\t\tDisplayName: pulumi.String(\"my-exadata displayname\"),\n\t\t\tLocation: pulumi.String(\"us-east4\"),\n\t\t\tProject: pulumi.String(\"my-project\"),\n\t\t\tProperties: \u0026oracledatabase.CloudExadataInfrastructurePropertiesArgs{\n\t\t\t\tShape: pulumi.String(\"Exadata.X9M\"),\n\t\t\t\tComputeCount: pulumi.Int(2),\n\t\t\t\tStorageCount: pulumi.Int(3),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_default, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"new\",\n\t\t\tProject: pulumi.StringRef(\"my-project\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmydbserver := oracledatabase.GetDbServersOutput(ctx, oracledatabase.GetDbServersOutputArgs{\n\t\t\tLocation: pulumi.String(\"us-east4\"),\n\t\t\tProject: pulumi.String(\"my-project\"),\n\t\t\tCloudExadataInfrastructure: cloudExadataInfrastructures.CloudExadataInfrastructureId,\n\t\t}, nil)\n\t\t_, err = oracledatabase.NewCloudVmCluster(ctx, \"my_vmcluster\", \u0026oracledatabase.CloudVmClusterArgs{\n\t\t\tCloudVmClusterId: pulumi.String(\"my-instance\"),\n\t\t\tDisplayName: pulumi.String(\"my-instance displayname\"),\n\t\t\tLocation: pulumi.String(\"us-east4\"),\n\t\t\tProject: pulumi.String(\"my-project\"),\n\t\t\tExadataInfrastructure: cloudExadataInfrastructures.ID(),\n\t\t\tNetwork: pulumi.String(_default.Id),\n\t\t\tCidr: pulumi.String(\"10.5.0.0/24\"),\n\t\t\tBackupSubnetCidr: pulumi.String(\"10.6.0.0/24\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tProperties: \u0026oracledatabase.CloudVmClusterPropertiesArgs{\n\t\t\t\tLicenseType: pulumi.String(\"LICENSE_INCLUDED\"),\n\t\t\t\tSshPublicKeys: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCz1X2744t+6vRLmE5u6nHi6/QWh8bQDgHmd+OIxRQIGA/IWUtCs2FnaCNZcqvZkaeyjk5v0lTA/n+9jvO42Ipib53athrfVG8gRt8fzPL66C6ZqHq+6zZophhrCdfJh/0G4x9xJh5gdMprlaCR1P8yAaVvhBQSKGc4SiIkyMNBcHJ5YTtMQMTfxaB4G1sHZ6SDAY9a6Cq/zNjDwfPapWLsiP4mRhE5SSjJX6l6EYbkm0JeLQg+AbJiNEPvrvDp1wtTxzlPJtIivthmLMThFxK7+DkrYFuLvN5AHUdo9KTDLvHtDCvV70r8v0gafsrKkM/OE9Jtzoo0e1N/5K/ZdyFRbAkFT4QSF3nwpbmBWLf2Evg//YyEuxnz4CwPqFST2mucnrCCGCVWp1vnHZ0y30nM35njLOmWdRDFy5l27pKUTwLp02y3UYiiZyP7d3/u5pKiN4vC27VuvzprSdJxWoAvluOiDeRh+/oeQDowxoT/Oop8DzB9uJmjktXw8jyMW2+Rpg+ENQqeNgF1OGlEzypaWiRskEFlkpLb4v/s3ZDYkL1oW0Nv/J8LTjTOTEaYt2Udjoe9x2xWiGnQixhdChWuG+MaoWffzUgx1tsVj/DBXijR5DjkPkrA1GA98zd3q8GKEaAdcDenJjHhNYSd4+rE9pIsnYn7fo5X/tFfcQH1XQ== nobody@google.com\"),\n\t\t\t\t},\n\t\t\t\tCpuCoreCount: pulumi.Int(4),\n\t\t\t\tGiVersion: pulumi.String(\"19.0.0.0\"),\n\t\t\t\tTimeZone: \u0026oracledatabase.CloudVmClusterPropertiesTimeZoneArgs{\n\t\t\t\t\tId: pulumi.String(\"UTC\"),\n\t\t\t\t},\n\t\t\t\tNodeCount: pulumi.Int(2),\n\t\t\t\tOcpuCount: pulumi.Float64(4),\n\t\t\t\tDataStorageSizeTb: pulumi.Float64(2),\n\t\t\t\tDbNodeStorageSizeGb: pulumi.Int(120),\n\t\t\t\tDbServerOcids: pulumi.StringArray{\n\t\t\t\t\tmydbserver.ApplyT(func(mydbserver oracledatabase.GetDbServersResult) (*string, error) {\n\t\t\t\t\t\treturn \u0026mydbserver.DbServers[0].Properties[0].Ocid, nil\n\t\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\t\tmydbserver.ApplyT(func(mydbserver oracledatabase.GetDbServersResult) (*string, error) {\n\t\t\t\t\t\treturn \u0026mydbserver.DbServers[1].Properties[0].Ocid, nil\n\t\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\t},\n\t\t\t\tDiskRedundancy: pulumi.String(\"HIGH\"),\n\t\t\t\tSparseDiskgroupEnabled: pulumi.Bool(false),\n\t\t\t\tLocalBackupEnabled: pulumi.Bool(false),\n\t\t\t\tClusterName: pulumi.String(\"pq-ppat4\"),\n\t\t\t\tHostnamePrefix: pulumi.String(\"hostname1\"),\n\t\t\t\tDiagnosticsDataCollectionOptions: \u0026oracledatabase.CloudVmClusterPropertiesDiagnosticsDataCollectionOptionsArgs{\n\t\t\t\t\tDiagnosticsEventsEnabled: pulumi.Bool(true),\n\t\t\t\t\tHealthMonitoringEnabled: pulumi.Bool(true),\n\t\t\t\t\tIncidentLogsEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tMemorySizeGb: pulumi.Int(60),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.oracledatabase.CloudExadataInfrastructure;\nimport com.pulumi.gcp.oracledatabase.CloudExadataInfrastructureArgs;\nimport com.pulumi.gcp.oracledatabase.inputs.CloudExadataInfrastructurePropertiesArgs;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport com.pulumi.gcp.oracledatabase.OracledatabaseFunctions;\nimport com.pulumi.gcp.oracledatabase.inputs.GetDbServersArgs;\nimport com.pulumi.gcp.oracledatabase.CloudVmCluster;\nimport com.pulumi.gcp.oracledatabase.CloudVmClusterArgs;\nimport com.pulumi.gcp.oracledatabase.inputs.CloudVmClusterPropertiesArgs;\nimport com.pulumi.gcp.oracledatabase.inputs.CloudVmClusterPropertiesTimeZoneArgs;\nimport com.pulumi.gcp.oracledatabase.inputs.CloudVmClusterPropertiesDiagnosticsDataCollectionOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cloudExadataInfrastructures = new CloudExadataInfrastructure(\"cloudExadataInfrastructures\", CloudExadataInfrastructureArgs.builder()\n .cloudExadataInfrastructureId(\"my-exadata\")\n .displayName(\"my-exadata displayname\")\n .location(\"us-east4\")\n .project(\"my-project\")\n .properties(CloudExadataInfrastructurePropertiesArgs.builder()\n .shape(\"Exadata.X9M\")\n .computeCount(\"2\")\n .storageCount(\"3\")\n .build())\n .build());\n\n final var default = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"new\")\n .project(\"my-project\")\n .build());\n\n final var mydbserver = OracledatabaseFunctions.getDbServers(GetDbServersArgs.builder()\n .location(\"us-east4\")\n .project(\"my-project\")\n .cloudExadataInfrastructure(cloudExadataInfrastructures.cloudExadataInfrastructureId())\n .build());\n\n var myVmcluster = new CloudVmCluster(\"myVmcluster\", CloudVmClusterArgs.builder()\n .cloudVmClusterId(\"my-instance\")\n .displayName(\"my-instance displayname\")\n .location(\"us-east4\")\n .project(\"my-project\")\n .exadataInfrastructure(cloudExadataInfrastructures.id())\n .network(default_.id())\n .cidr(\"10.5.0.0/24\")\n .backupSubnetCidr(\"10.6.0.0/24\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .properties(CloudVmClusterPropertiesArgs.builder()\n .licenseType(\"LICENSE_INCLUDED\")\n .sshPublicKeys(\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCz1X2744t+6vRLmE5u6nHi6/QWh8bQDgHmd+OIxRQIGA/IWUtCs2FnaCNZcqvZkaeyjk5v0lTA/n+9jvO42Ipib53athrfVG8gRt8fzPL66C6ZqHq+6zZophhrCdfJh/0G4x9xJh5gdMprlaCR1P8yAaVvhBQSKGc4SiIkyMNBcHJ5YTtMQMTfxaB4G1sHZ6SDAY9a6Cq/zNjDwfPapWLsiP4mRhE5SSjJX6l6EYbkm0JeLQg+AbJiNEPvrvDp1wtTxzlPJtIivthmLMThFxK7+DkrYFuLvN5AHUdo9KTDLvHtDCvV70r8v0gafsrKkM/OE9Jtzoo0e1N/5K/ZdyFRbAkFT4QSF3nwpbmBWLf2Evg//YyEuxnz4CwPqFST2mucnrCCGCVWp1vnHZ0y30nM35njLOmWdRDFy5l27pKUTwLp02y3UYiiZyP7d3/u5pKiN4vC27VuvzprSdJxWoAvluOiDeRh+/oeQDowxoT/Oop8DzB9uJmjktXw8jyMW2+Rpg+ENQqeNgF1OGlEzypaWiRskEFlkpLb4v/s3ZDYkL1oW0Nv/J8LTjTOTEaYt2Udjoe9x2xWiGnQixhdChWuG+MaoWffzUgx1tsVj/DBXijR5DjkPkrA1GA98zd3q8GKEaAdcDenJjHhNYSd4+rE9pIsnYn7fo5X/tFfcQH1XQ== nobody@google.com\")\n .cpuCoreCount(\"4\")\n .giVersion(\"19.0.0.0\")\n .timeZone(CloudVmClusterPropertiesTimeZoneArgs.builder()\n .id(\"UTC\")\n .build())\n .nodeCount(\"2\")\n .ocpuCount(\"4.0\")\n .dataStorageSizeTb(2)\n .dbNodeStorageSizeGb(120)\n .dbServerOcids( \n mydbserver.applyValue(getDbServersResult -\u003e getDbServersResult).applyValue(mydbserver -\u003e mydbserver.applyValue(getDbServersResult -\u003e getDbServersResult.dbServers()[0].properties()[0].ocid())),\n mydbserver.applyValue(getDbServersResult -\u003e getDbServersResult).applyValue(mydbserver -\u003e mydbserver.applyValue(getDbServersResult -\u003e getDbServersResult.dbServers()[1].properties()[0].ocid())))\n .diskRedundancy(\"HIGH\")\n .sparseDiskgroupEnabled(false)\n .localBackupEnabled(false)\n .clusterName(\"pq-ppat4\")\n .hostnamePrefix(\"hostname1\")\n .diagnosticsDataCollectionOptions(CloudVmClusterPropertiesDiagnosticsDataCollectionOptionsArgs.builder()\n .diagnosticsEventsEnabled(true)\n .healthMonitoringEnabled(true)\n .incidentLogsEnabled(true)\n .build())\n .memorySizeGb(60)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myVmcluster:\n type: gcp:oracledatabase:CloudVmCluster\n name: my_vmcluster\n properties:\n cloudVmClusterId: my-instance\n displayName: my-instance displayname\n location: us-east4\n project: my-project\n exadataInfrastructure: ${cloudExadataInfrastructures.id}\n network: ${default.id}\n cidr: 10.5.0.0/24\n backupSubnetCidr: 10.6.0.0/24\n labels:\n label-one: value-one\n properties:\n licenseType: LICENSE_INCLUDED\n sshPublicKeys:\n - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCz1X2744t+6vRLmE5u6nHi6/QWh8bQDgHmd+OIxRQIGA/IWUtCs2FnaCNZcqvZkaeyjk5v0lTA/n+9jvO42Ipib53athrfVG8gRt8fzPL66C6ZqHq+6zZophhrCdfJh/0G4x9xJh5gdMprlaCR1P8yAaVvhBQSKGc4SiIkyMNBcHJ5YTtMQMTfxaB4G1sHZ6SDAY9a6Cq/zNjDwfPapWLsiP4mRhE5SSjJX6l6EYbkm0JeLQg+AbJiNEPvrvDp1wtTxzlPJtIivthmLMThFxK7+DkrYFuLvN5AHUdo9KTDLvHtDCvV70r8v0gafsrKkM/OE9Jtzoo0e1N/5K/ZdyFRbAkFT4QSF3nwpbmBWLf2Evg//YyEuxnz4CwPqFST2mucnrCCGCVWp1vnHZ0y30nM35njLOmWdRDFy5l27pKUTwLp02y3UYiiZyP7d3/u5pKiN4vC27VuvzprSdJxWoAvluOiDeRh+/oeQDowxoT/Oop8DzB9uJmjktXw8jyMW2+Rpg+ENQqeNgF1OGlEzypaWiRskEFlkpLb4v/s3ZDYkL1oW0Nv/J8LTjTOTEaYt2Udjoe9x2xWiGnQixhdChWuG+MaoWffzUgx1tsVj/DBXijR5DjkPkrA1GA98zd3q8GKEaAdcDenJjHhNYSd4+rE9pIsnYn7fo5X/tFfcQH1XQ== nobody@google.com\n cpuCoreCount: '4'\n giVersion: 19.0.0.0\n timeZone:\n id: UTC\n nodeCount: '2'\n ocpuCount: '4.0'\n dataStorageSizeTb: 2\n dbNodeStorageSizeGb: 120\n dbServerOcids:\n - ${mydbserver.dbServers[0].properties[0].ocid}\n - ${mydbserver.dbServers[1].properties[0].ocid}\n diskRedundancy: HIGH\n sparseDiskgroupEnabled: false\n localBackupEnabled: false\n clusterName: pq-ppat4\n hostnamePrefix: hostname1\n diagnosticsDataCollectionOptions:\n diagnosticsEventsEnabled: true\n healthMonitoringEnabled: true\n incidentLogsEnabled: true\n memorySizeGb: 60\n cloudExadataInfrastructures:\n type: gcp:oracledatabase:CloudExadataInfrastructure\n properties:\n cloudExadataInfrastructureId: my-exadata\n displayName: my-exadata displayname\n location: us-east4\n project: my-project\n properties:\n shape: Exadata.X9M\n computeCount: '2'\n storageCount: '3'\nvariables:\n default:\n fn::invoke:\n function: gcp:compute:getNetwork\n arguments:\n name: new\n project: my-project\n mydbserver:\n fn::invoke:\n function: gcp:oracledatabase:getDbServers\n arguments:\n location: us-east4\n project: my-project\n cloudExadataInfrastructure: ${cloudExadataInfrastructures.cloudExadataInfrastructureId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nCloudVmCluster can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/cloudVmClusters/{{cloud_vm_cluster_id}}`\n\n* `{{project}}/{{location}}/{{cloud_vm_cluster_id}}`\n\n* `{{location}}/{{cloud_vm_cluster_id}}`\n\nWhen using the `pulumi import` command, CloudVmCluster can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:oracledatabase/cloudVmCluster:CloudVmCluster default projects/{{project}}/locations/{{location}}/cloudVmClusters/{{cloud_vm_cluster_id}}\n```\n\n```sh\n$ pulumi import gcp:oracledatabase/cloudVmCluster:CloudVmCluster default {{project}}/{{location}}/{{cloud_vm_cluster_id}}\n```\n\n```sh\n$ pulumi import gcp:oracledatabase/cloudVmCluster:CloudVmCluster default {{location}}/{{cloud_vm_cluster_id}}\n```\n\n", "properties": { "backupSubnetCidr": { "type": "string", @@ -249212,7 +249212,7 @@ } }, "gcp:organizations/accessApprovalSettings:AccessApprovalSettings": { - "description": "Access Approval enables you to require your explicit approval whenever Google support and engineering need to access your customer content.\n\n\nTo get more information about OrganizationSettings, see:\n\n* [API documentation](https://cloud.google.com/access-approval/docs/reference/rest/v1/organizations)\n\n## Example Usage\n\n### Organization Access Approval Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organizationAccessApproval = new gcp.organizations.AccessApprovalSettings(\"organization_access_approval\", {\n organizationId: \"123456789\",\n notificationEmails: [\n \"testuser@example.com\",\n \"example.user@example.com\",\n ],\n enrolledServices: [\n {\n cloudProduct: \"appengine.googleapis.com\",\n },\n {\n cloudProduct: \"dataflow.googleapis.com\",\n enrollmentLevel: \"BLOCK_ALL\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization_access_approval = gcp.organizations.AccessApprovalSettings(\"organization_access_approval\",\n organization_id=\"123456789\",\n notification_emails=[\n \"testuser@example.com\",\n \"example.user@example.com\",\n ],\n enrolled_services=[\n {\n \"cloud_product\": \"appengine.googleapis.com\",\n },\n {\n \"cloud_product\": \"dataflow.googleapis.com\",\n \"enrollment_level\": \"BLOCK_ALL\",\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organizationAccessApproval = new Gcp.Organizations.AccessApprovalSettings(\"organization_access_approval\", new()\n {\n OrganizationId = \"123456789\",\n NotificationEmails = new[]\n {\n \"testuser@example.com\",\n \"example.user@example.com\",\n },\n EnrolledServices = new[]\n {\n new Gcp.Organizations.Inputs.AccessApprovalSettingsEnrolledServiceArgs\n {\n CloudProduct = \"appengine.googleapis.com\",\n },\n new Gcp.Organizations.Inputs.AccessApprovalSettingsEnrolledServiceArgs\n {\n CloudProduct = \"dataflow.googleapis.com\",\n EnrollmentLevel = \"BLOCK_ALL\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewAccessApprovalSettings(ctx, \"organization_access_approval\", \u0026organizations.AccessApprovalSettingsArgs{\n\t\t\tOrganizationId: pulumi.String(\"123456789\"),\n\t\t\tNotificationEmails: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"testuser@example.com\"),\n\t\t\t\tpulumi.String(\"example.user@example.com\"),\n\t\t\t},\n\t\t\tEnrolledServices: organizations.AccessApprovalSettingsEnrolledServiceArray{\n\t\t\t\t\u0026organizations.AccessApprovalSettingsEnrolledServiceArgs{\n\t\t\t\t\tCloudProduct: pulumi.String(\"appengine.googleapis.com\"),\n\t\t\t\t},\n\t\t\t\t\u0026organizations.AccessApprovalSettingsEnrolledServiceArgs{\n\t\t\t\t\tCloudProduct: pulumi.String(\"dataflow.googleapis.com\"),\n\t\t\t\t\tEnrollmentLevel: pulumi.String(\"BLOCK_ALL\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.AccessApprovalSettings;\nimport com.pulumi.gcp.organizations.AccessApprovalSettingsArgs;\nimport com.pulumi.gcp.organizations.inputs.AccessApprovalSettingsEnrolledServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organizationAccessApproval = new AccessApprovalSettings(\"organizationAccessApproval\", AccessApprovalSettingsArgs.builder()\n .organizationId(\"123456789\")\n .notificationEmails( \n \"testuser@example.com\",\n \"example.user@example.com\")\n .enrolledServices( \n AccessApprovalSettingsEnrolledServiceArgs.builder()\n .cloudProduct(\"appengine.googleapis.com\")\n .build(),\n AccessApprovalSettingsEnrolledServiceArgs.builder()\n .cloudProduct(\"dataflow.googleapis.com\")\n .enrollmentLevel(\"BLOCK_ALL\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organizationAccessApproval:\n type: gcp:organizations:AccessApprovalSettings\n name: organization_access_approval\n properties:\n organizationId: '123456789'\n notificationEmails:\n - testuser@example.com\n - example.user@example.com\n enrolledServices:\n - cloudProduct: appengine.googleapis.com\n - cloudProduct: dataflow.googleapis.com\n enrollmentLevel: BLOCK_ALL\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Organization Access Approval Active Key Version\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myProject = new gcp.organizations.Project(\"my_project\", {\n name: \"My Project\",\n projectId: \"your-project-id\",\n orgId: \"123456789\",\n deletionPolicy: \"DELETE\",\n});\nconst keyRing = new gcp.kms.KeyRing(\"key_ring\", {\n name: \"key-ring\",\n location: \"global\",\n project: myProject.projectId,\n});\nconst cryptoKey = new gcp.kms.CryptoKey(\"crypto_key\", {\n name: \"crypto-key\",\n keyRing: keyRing.id,\n purpose: \"ASYMMETRIC_SIGN\",\n versionTemplate: {\n algorithm: \"EC_SIGN_P384_SHA384\",\n },\n});\nconst serviceAccount = gcp.accessapproval.getOrganizationServiceAccount({\n organizationId: \"123456789\",\n});\nconst iam = new gcp.kms.CryptoKeyIAMMember(\"iam\", {\n cryptoKeyId: cryptoKey.id,\n role: \"roles/cloudkms.signerVerifier\",\n member: serviceAccount.then(serviceAccount =\u003e `serviceAccount:${serviceAccount.accountEmail}`),\n});\nconst cryptoKeyVersion = gcp.kms.getKMSCryptoKeyVersionOutput({\n cryptoKey: cryptoKey.id,\n});\nconst organizationAccessApproval = new gcp.organizations.AccessApprovalSettings(\"organization_access_approval\", {\n organizationId: \"123456789\",\n activeKeyVersion: cryptoKeyVersion.apply(cryptoKeyVersion =\u003e cryptoKeyVersion.name),\n enrolledServices: [{\n cloudProduct: \"all\",\n }],\n}, {\n dependsOn: [iam],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_project = gcp.organizations.Project(\"my_project\",\n name=\"My Project\",\n project_id=\"your-project-id\",\n org_id=\"123456789\",\n deletion_policy=\"DELETE\")\nkey_ring = gcp.kms.KeyRing(\"key_ring\",\n name=\"key-ring\",\n location=\"global\",\n project=my_project.project_id)\ncrypto_key = gcp.kms.CryptoKey(\"crypto_key\",\n name=\"crypto-key\",\n key_ring=key_ring.id,\n purpose=\"ASYMMETRIC_SIGN\",\n version_template={\n \"algorithm\": \"EC_SIGN_P384_SHA384\",\n })\nservice_account = gcp.accessapproval.get_organization_service_account(organization_id=\"123456789\")\niam = gcp.kms.CryptoKeyIAMMember(\"iam\",\n crypto_key_id=crypto_key.id,\n role=\"roles/cloudkms.signerVerifier\",\n member=f\"serviceAccount:{service_account.account_email}\")\ncrypto_key_version = gcp.kms.get_kms_crypto_key_version_output(crypto_key=crypto_key.id)\norganization_access_approval = gcp.organizations.AccessApprovalSettings(\"organization_access_approval\",\n organization_id=\"123456789\",\n active_key_version=crypto_key_version.name,\n enrolled_services=[{\n \"cloud_product\": \"all\",\n }],\n opts = pulumi.ResourceOptions(depends_on=[iam]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myProject = new Gcp.Organizations.Project(\"my_project\", new()\n {\n Name = \"My Project\",\n ProjectId = \"your-project-id\",\n OrgId = \"123456789\",\n DeletionPolicy = \"DELETE\",\n });\n\n var keyRing = new Gcp.Kms.KeyRing(\"key_ring\", new()\n {\n Name = \"key-ring\",\n Location = \"global\",\n Project = myProject.ProjectId,\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKey(\"crypto_key\", new()\n {\n Name = \"crypto-key\",\n KeyRing = keyRing.Id,\n Purpose = \"ASYMMETRIC_SIGN\",\n VersionTemplate = new Gcp.Kms.Inputs.CryptoKeyVersionTemplateArgs\n {\n Algorithm = \"EC_SIGN_P384_SHA384\",\n },\n });\n\n var serviceAccount = Gcp.AccessApproval.GetOrganizationServiceAccount.Invoke(new()\n {\n OrganizationId = \"123456789\",\n });\n\n var iam = new Gcp.Kms.CryptoKeyIAMMember(\"iam\", new()\n {\n CryptoKeyId = cryptoKey.Id,\n Role = \"roles/cloudkms.signerVerifier\",\n Member = $\"serviceAccount:{serviceAccount.Apply(getOrganizationServiceAccountResult =\u003e getOrganizationServiceAccountResult.AccountEmail)}\",\n });\n\n var cryptoKeyVersion = Gcp.Kms.GetKMSCryptoKeyVersion.Invoke(new()\n {\n CryptoKey = cryptoKey.Id,\n });\n\n var organizationAccessApproval = new Gcp.Organizations.AccessApprovalSettings(\"organization_access_approval\", new()\n {\n OrganizationId = \"123456789\",\n ActiveKeyVersion = cryptoKeyVersion.Apply(getKMSCryptoKeyVersionResult =\u003e getKMSCryptoKeyVersionResult.Name),\n EnrolledServices = new[]\n {\n new Gcp.Organizations.Inputs.AccessApprovalSettingsEnrolledServiceArgs\n {\n CloudProduct = \"all\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n iam,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accessapproval\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyProject, err := organizations.NewProject(ctx, \"my_project\", \u0026organizations.ProjectArgs{\n\t\t\tName: pulumi.String(\"My Project\"),\n\t\t\tProjectId: pulumi.String(\"your-project-id\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkeyRing, err := kms.NewKeyRing(ctx, \"key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"key-ring\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tProject: myProject.ProjectId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKey(ctx, \"crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"crypto-key\"),\n\t\t\tKeyRing: keyRing.ID(),\n\t\t\tPurpose: pulumi.String(\"ASYMMETRIC_SIGN\"),\n\t\t\tVersionTemplate: \u0026kms.CryptoKeyVersionTemplateArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"EC_SIGN_P384_SHA384\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tserviceAccount, err := accessapproval.GetOrganizationServiceAccount(ctx, \u0026accessapproval.GetOrganizationServiceAccountArgs{\n\t\t\tOrganizationId: \"123456789\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tiam, err := kms.NewCryptoKeyIAMMember(ctx, \"iam\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: cryptoKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.signerVerifier\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v\", serviceAccount.AccountEmail),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKeyVersion := kms.GetKMSCryptoKeyVersionOutput(ctx, kms.GetKMSCryptoKeyVersionOutputArgs{\n\t\t\tCryptoKey: cryptoKey.ID(),\n\t\t}, nil)\n\t\t_, err = organizations.NewAccessApprovalSettings(ctx, \"organization_access_approval\", \u0026organizations.AccessApprovalSettingsArgs{\n\t\t\tOrganizationId: pulumi.String(\"123456789\"),\n\t\t\tActiveKeyVersion: pulumi.String(cryptoKeyVersion.ApplyT(func(cryptoKeyVersion kms.GetKMSCryptoKeyVersionResult) (*string, error) {\n\t\t\t\treturn \u0026cryptoKeyVersion.Name, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\tEnrolledServices: organizations.AccessApprovalSettingsEnrolledServiceArray{\n\t\t\t\t\u0026organizations.AccessApprovalSettingsEnrolledServiceArgs{\n\t\t\t\t\tCloudProduct: pulumi.String(\"all\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tiam,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.kms.inputs.CryptoKeyVersionTemplateArgs;\nimport com.pulumi.gcp.accessapproval.AccessapprovalFunctions;\nimport com.pulumi.gcp.accessapproval.inputs.GetOrganizationServiceAccountArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyVersionArgs;\nimport com.pulumi.gcp.organizations.AccessApprovalSettings;\nimport com.pulumi.gcp.organizations.AccessApprovalSettingsArgs;\nimport com.pulumi.gcp.organizations.inputs.AccessApprovalSettingsEnrolledServiceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myProject = new Project(\"myProject\", ProjectArgs.builder()\n .name(\"My Project\")\n .projectId(\"your-project-id\")\n .orgId(\"123456789\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var keyRing = new KeyRing(\"keyRing\", KeyRingArgs.builder()\n .name(\"key-ring\")\n .location(\"global\")\n .project(myProject.projectId())\n .build());\n\n var cryptoKey = new CryptoKey(\"cryptoKey\", CryptoKeyArgs.builder()\n .name(\"crypto-key\")\n .keyRing(keyRing.id())\n .purpose(\"ASYMMETRIC_SIGN\")\n .versionTemplate(CryptoKeyVersionTemplateArgs.builder()\n .algorithm(\"EC_SIGN_P384_SHA384\")\n .build())\n .build());\n\n final var serviceAccount = AccessapprovalFunctions.getOrganizationServiceAccount(GetOrganizationServiceAccountArgs.builder()\n .organizationId(\"123456789\")\n .build());\n\n var iam = new CryptoKeyIAMMember(\"iam\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(cryptoKey.id())\n .role(\"roles/cloudkms.signerVerifier\")\n .member(String.format(\"serviceAccount:%s\", serviceAccount.applyValue(getOrganizationServiceAccountResult -\u003e getOrganizationServiceAccountResult.accountEmail())))\n .build());\n\n final var cryptoKeyVersion = KmsFunctions.getKMSCryptoKeyVersion(GetKMSCryptoKeyVersionArgs.builder()\n .cryptoKey(cryptoKey.id())\n .build());\n\n var organizationAccessApproval = new AccessApprovalSettings(\"organizationAccessApproval\", AccessApprovalSettingsArgs.builder()\n .organizationId(\"123456789\")\n .activeKeyVersion(cryptoKeyVersion.applyValue(getKMSCryptoKeyVersionResult -\u003e getKMSCryptoKeyVersionResult).applyValue(cryptoKeyVersion -\u003e cryptoKeyVersion.applyValue(getKMSCryptoKeyVersionResult -\u003e getKMSCryptoKeyVersionResult.name())))\n .enrolledServices(AccessApprovalSettingsEnrolledServiceArgs.builder()\n .cloudProduct(\"all\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(iam)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myProject:\n type: gcp:organizations:Project\n name: my_project\n properties:\n name: My Project\n projectId: your-project-id\n orgId: '123456789'\n deletionPolicy: DELETE\n keyRing:\n type: gcp:kms:KeyRing\n name: key_ring\n properties:\n name: key-ring\n location: global\n project: ${myProject.projectId}\n cryptoKey:\n type: gcp:kms:CryptoKey\n name: crypto_key\n properties:\n name: crypto-key\n keyRing: ${keyRing.id}\n purpose: ASYMMETRIC_SIGN\n versionTemplate:\n algorithm: EC_SIGN_P384_SHA384\n iam:\n type: gcp:kms:CryptoKeyIAMMember\n properties:\n cryptoKeyId: ${cryptoKey.id}\n role: roles/cloudkms.signerVerifier\n member: serviceAccount:${serviceAccount.accountEmail}\n organizationAccessApproval:\n type: gcp:organizations:AccessApprovalSettings\n name: organization_access_approval\n properties:\n organizationId: '123456789'\n activeKeyVersion: ${cryptoKeyVersion.name}\n enrolledServices:\n - cloudProduct: all\n options:\n dependson:\n - ${iam}\nvariables:\n serviceAccount:\n fn::invoke:\n Function: gcp:accessapproval:getOrganizationServiceAccount\n Arguments:\n organizationId: '123456789'\n cryptoKeyVersion:\n fn::invoke:\n Function: gcp:kms:getKMSCryptoKeyVersion\n Arguments:\n cryptoKey: ${cryptoKey.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nOrganizationSettings can be imported using any of these accepted formats:\n\n* `organizations/{{organization_id}}/accessApprovalSettings`\n\n* `{{organization_id}}`\n\nWhen using the `pulumi import` command, OrganizationSettings can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:organizations/accessApprovalSettings:AccessApprovalSettings default organizations/{{organization_id}}/accessApprovalSettings\n```\n\n```sh\n$ pulumi import gcp:organizations/accessApprovalSettings:AccessApprovalSettings default {{organization_id}}\n```\n\n", + "description": "Access Approval enables you to require your explicit approval whenever Google support and engineering need to access your customer content.\n\n\nTo get more information about OrganizationSettings, see:\n\n* [API documentation](https://cloud.google.com/access-approval/docs/reference/rest/v1/organizations)\n\n## Example Usage\n\n### Organization Access Approval Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organizationAccessApproval = new gcp.organizations.AccessApprovalSettings(\"organization_access_approval\", {\n organizationId: \"123456789\",\n notificationEmails: [\n \"testuser@example.com\",\n \"example.user@example.com\",\n ],\n enrolledServices: [\n {\n cloudProduct: \"appengine.googleapis.com\",\n },\n {\n cloudProduct: \"dataflow.googleapis.com\",\n enrollmentLevel: \"BLOCK_ALL\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization_access_approval = gcp.organizations.AccessApprovalSettings(\"organization_access_approval\",\n organization_id=\"123456789\",\n notification_emails=[\n \"testuser@example.com\",\n \"example.user@example.com\",\n ],\n enrolled_services=[\n {\n \"cloud_product\": \"appengine.googleapis.com\",\n },\n {\n \"cloud_product\": \"dataflow.googleapis.com\",\n \"enrollment_level\": \"BLOCK_ALL\",\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organizationAccessApproval = new Gcp.Organizations.AccessApprovalSettings(\"organization_access_approval\", new()\n {\n OrganizationId = \"123456789\",\n NotificationEmails = new[]\n {\n \"testuser@example.com\",\n \"example.user@example.com\",\n },\n EnrolledServices = new[]\n {\n new Gcp.Organizations.Inputs.AccessApprovalSettingsEnrolledServiceArgs\n {\n CloudProduct = \"appengine.googleapis.com\",\n },\n new Gcp.Organizations.Inputs.AccessApprovalSettingsEnrolledServiceArgs\n {\n CloudProduct = \"dataflow.googleapis.com\",\n EnrollmentLevel = \"BLOCK_ALL\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewAccessApprovalSettings(ctx, \"organization_access_approval\", \u0026organizations.AccessApprovalSettingsArgs{\n\t\t\tOrganizationId: pulumi.String(\"123456789\"),\n\t\t\tNotificationEmails: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"testuser@example.com\"),\n\t\t\t\tpulumi.String(\"example.user@example.com\"),\n\t\t\t},\n\t\t\tEnrolledServices: organizations.AccessApprovalSettingsEnrolledServiceArray{\n\t\t\t\t\u0026organizations.AccessApprovalSettingsEnrolledServiceArgs{\n\t\t\t\t\tCloudProduct: pulumi.String(\"appengine.googleapis.com\"),\n\t\t\t\t},\n\t\t\t\t\u0026organizations.AccessApprovalSettingsEnrolledServiceArgs{\n\t\t\t\t\tCloudProduct: pulumi.String(\"dataflow.googleapis.com\"),\n\t\t\t\t\tEnrollmentLevel: pulumi.String(\"BLOCK_ALL\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.AccessApprovalSettings;\nimport com.pulumi.gcp.organizations.AccessApprovalSettingsArgs;\nimport com.pulumi.gcp.organizations.inputs.AccessApprovalSettingsEnrolledServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organizationAccessApproval = new AccessApprovalSettings(\"organizationAccessApproval\", AccessApprovalSettingsArgs.builder()\n .organizationId(\"123456789\")\n .notificationEmails( \n \"testuser@example.com\",\n \"example.user@example.com\")\n .enrolledServices( \n AccessApprovalSettingsEnrolledServiceArgs.builder()\n .cloudProduct(\"appengine.googleapis.com\")\n .build(),\n AccessApprovalSettingsEnrolledServiceArgs.builder()\n .cloudProduct(\"dataflow.googleapis.com\")\n .enrollmentLevel(\"BLOCK_ALL\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organizationAccessApproval:\n type: gcp:organizations:AccessApprovalSettings\n name: organization_access_approval\n properties:\n organizationId: '123456789'\n notificationEmails:\n - testuser@example.com\n - example.user@example.com\n enrolledServices:\n - cloudProduct: appengine.googleapis.com\n - cloudProduct: dataflow.googleapis.com\n enrollmentLevel: BLOCK_ALL\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Organization Access Approval Active Key Version\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myProject = new gcp.organizations.Project(\"my_project\", {\n name: \"My Project\",\n projectId: \"your-project-id\",\n orgId: \"123456789\",\n deletionPolicy: \"DELETE\",\n});\nconst keyRing = new gcp.kms.KeyRing(\"key_ring\", {\n name: \"key-ring\",\n location: \"global\",\n project: myProject.projectId,\n});\nconst cryptoKey = new gcp.kms.CryptoKey(\"crypto_key\", {\n name: \"crypto-key\",\n keyRing: keyRing.id,\n purpose: \"ASYMMETRIC_SIGN\",\n versionTemplate: {\n algorithm: \"EC_SIGN_P384_SHA384\",\n },\n});\nconst serviceAccount = gcp.accessapproval.getOrganizationServiceAccount({\n organizationId: \"123456789\",\n});\nconst iam = new gcp.kms.CryptoKeyIAMMember(\"iam\", {\n cryptoKeyId: cryptoKey.id,\n role: \"roles/cloudkms.signerVerifier\",\n member: serviceAccount.then(serviceAccount =\u003e `serviceAccount:${serviceAccount.accountEmail}`),\n});\nconst cryptoKeyVersion = gcp.kms.getKMSCryptoKeyVersionOutput({\n cryptoKey: cryptoKey.id,\n});\nconst organizationAccessApproval = new gcp.organizations.AccessApprovalSettings(\"organization_access_approval\", {\n organizationId: \"123456789\",\n activeKeyVersion: cryptoKeyVersion.apply(cryptoKeyVersion =\u003e cryptoKeyVersion.name),\n enrolledServices: [{\n cloudProduct: \"all\",\n }],\n}, {\n dependsOn: [iam],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_project = gcp.organizations.Project(\"my_project\",\n name=\"My Project\",\n project_id=\"your-project-id\",\n org_id=\"123456789\",\n deletion_policy=\"DELETE\")\nkey_ring = gcp.kms.KeyRing(\"key_ring\",\n name=\"key-ring\",\n location=\"global\",\n project=my_project.project_id)\ncrypto_key = gcp.kms.CryptoKey(\"crypto_key\",\n name=\"crypto-key\",\n key_ring=key_ring.id,\n purpose=\"ASYMMETRIC_SIGN\",\n version_template={\n \"algorithm\": \"EC_SIGN_P384_SHA384\",\n })\nservice_account = gcp.accessapproval.get_organization_service_account(organization_id=\"123456789\")\niam = gcp.kms.CryptoKeyIAMMember(\"iam\",\n crypto_key_id=crypto_key.id,\n role=\"roles/cloudkms.signerVerifier\",\n member=f\"serviceAccount:{service_account.account_email}\")\ncrypto_key_version = gcp.kms.get_kms_crypto_key_version_output(crypto_key=crypto_key.id)\norganization_access_approval = gcp.organizations.AccessApprovalSettings(\"organization_access_approval\",\n organization_id=\"123456789\",\n active_key_version=crypto_key_version.name,\n enrolled_services=[{\n \"cloud_product\": \"all\",\n }],\n opts = pulumi.ResourceOptions(depends_on=[iam]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myProject = new Gcp.Organizations.Project(\"my_project\", new()\n {\n Name = \"My Project\",\n ProjectId = \"your-project-id\",\n OrgId = \"123456789\",\n DeletionPolicy = \"DELETE\",\n });\n\n var keyRing = new Gcp.Kms.KeyRing(\"key_ring\", new()\n {\n Name = \"key-ring\",\n Location = \"global\",\n Project = myProject.ProjectId,\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKey(\"crypto_key\", new()\n {\n Name = \"crypto-key\",\n KeyRing = keyRing.Id,\n Purpose = \"ASYMMETRIC_SIGN\",\n VersionTemplate = new Gcp.Kms.Inputs.CryptoKeyVersionTemplateArgs\n {\n Algorithm = \"EC_SIGN_P384_SHA384\",\n },\n });\n\n var serviceAccount = Gcp.AccessApproval.GetOrganizationServiceAccount.Invoke(new()\n {\n OrganizationId = \"123456789\",\n });\n\n var iam = new Gcp.Kms.CryptoKeyIAMMember(\"iam\", new()\n {\n CryptoKeyId = cryptoKey.Id,\n Role = \"roles/cloudkms.signerVerifier\",\n Member = $\"serviceAccount:{serviceAccount.Apply(getOrganizationServiceAccountResult =\u003e getOrganizationServiceAccountResult.AccountEmail)}\",\n });\n\n var cryptoKeyVersion = Gcp.Kms.GetKMSCryptoKeyVersion.Invoke(new()\n {\n CryptoKey = cryptoKey.Id,\n });\n\n var organizationAccessApproval = new Gcp.Organizations.AccessApprovalSettings(\"organization_access_approval\", new()\n {\n OrganizationId = \"123456789\",\n ActiveKeyVersion = cryptoKeyVersion.Apply(getKMSCryptoKeyVersionResult =\u003e getKMSCryptoKeyVersionResult.Name),\n EnrolledServices = new[]\n {\n new Gcp.Organizations.Inputs.AccessApprovalSettingsEnrolledServiceArgs\n {\n CloudProduct = \"all\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n iam,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accessapproval\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyProject, err := organizations.NewProject(ctx, \"my_project\", \u0026organizations.ProjectArgs{\n\t\t\tName: pulumi.String(\"My Project\"),\n\t\t\tProjectId: pulumi.String(\"your-project-id\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkeyRing, err := kms.NewKeyRing(ctx, \"key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"key-ring\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tProject: myProject.ProjectId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKey(ctx, \"crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"crypto-key\"),\n\t\t\tKeyRing: keyRing.ID(),\n\t\t\tPurpose: pulumi.String(\"ASYMMETRIC_SIGN\"),\n\t\t\tVersionTemplate: \u0026kms.CryptoKeyVersionTemplateArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"EC_SIGN_P384_SHA384\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tserviceAccount, err := accessapproval.GetOrganizationServiceAccount(ctx, \u0026accessapproval.GetOrganizationServiceAccountArgs{\n\t\t\tOrganizationId: \"123456789\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tiam, err := kms.NewCryptoKeyIAMMember(ctx, \"iam\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: cryptoKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.signerVerifier\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v\", serviceAccount.AccountEmail),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKeyVersion := kms.GetKMSCryptoKeyVersionOutput(ctx, kms.GetKMSCryptoKeyVersionOutputArgs{\n\t\t\tCryptoKey: cryptoKey.ID(),\n\t\t}, nil)\n\t\t_, err = organizations.NewAccessApprovalSettings(ctx, \"organization_access_approval\", \u0026organizations.AccessApprovalSettingsArgs{\n\t\t\tOrganizationId: pulumi.String(\"123456789\"),\n\t\t\tActiveKeyVersion: pulumi.String(cryptoKeyVersion.ApplyT(func(cryptoKeyVersion kms.GetKMSCryptoKeyVersionResult) (*string, error) {\n\t\t\t\treturn \u0026cryptoKeyVersion.Name, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\tEnrolledServices: organizations.AccessApprovalSettingsEnrolledServiceArray{\n\t\t\t\t\u0026organizations.AccessApprovalSettingsEnrolledServiceArgs{\n\t\t\t\t\tCloudProduct: pulumi.String(\"all\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tiam,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.kms.inputs.CryptoKeyVersionTemplateArgs;\nimport com.pulumi.gcp.accessapproval.AccessapprovalFunctions;\nimport com.pulumi.gcp.accessapproval.inputs.GetOrganizationServiceAccountArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyVersionArgs;\nimport com.pulumi.gcp.organizations.AccessApprovalSettings;\nimport com.pulumi.gcp.organizations.AccessApprovalSettingsArgs;\nimport com.pulumi.gcp.organizations.inputs.AccessApprovalSettingsEnrolledServiceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myProject = new Project(\"myProject\", ProjectArgs.builder()\n .name(\"My Project\")\n .projectId(\"your-project-id\")\n .orgId(\"123456789\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var keyRing = new KeyRing(\"keyRing\", KeyRingArgs.builder()\n .name(\"key-ring\")\n .location(\"global\")\n .project(myProject.projectId())\n .build());\n\n var cryptoKey = new CryptoKey(\"cryptoKey\", CryptoKeyArgs.builder()\n .name(\"crypto-key\")\n .keyRing(keyRing.id())\n .purpose(\"ASYMMETRIC_SIGN\")\n .versionTemplate(CryptoKeyVersionTemplateArgs.builder()\n .algorithm(\"EC_SIGN_P384_SHA384\")\n .build())\n .build());\n\n final var serviceAccount = AccessapprovalFunctions.getOrganizationServiceAccount(GetOrganizationServiceAccountArgs.builder()\n .organizationId(\"123456789\")\n .build());\n\n var iam = new CryptoKeyIAMMember(\"iam\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(cryptoKey.id())\n .role(\"roles/cloudkms.signerVerifier\")\n .member(String.format(\"serviceAccount:%s\", serviceAccount.applyValue(getOrganizationServiceAccountResult -\u003e getOrganizationServiceAccountResult.accountEmail())))\n .build());\n\n final var cryptoKeyVersion = KmsFunctions.getKMSCryptoKeyVersion(GetKMSCryptoKeyVersionArgs.builder()\n .cryptoKey(cryptoKey.id())\n .build());\n\n var organizationAccessApproval = new AccessApprovalSettings(\"organizationAccessApproval\", AccessApprovalSettingsArgs.builder()\n .organizationId(\"123456789\")\n .activeKeyVersion(cryptoKeyVersion.applyValue(getKMSCryptoKeyVersionResult -\u003e getKMSCryptoKeyVersionResult).applyValue(cryptoKeyVersion -\u003e cryptoKeyVersion.applyValue(getKMSCryptoKeyVersionResult -\u003e getKMSCryptoKeyVersionResult.name())))\n .enrolledServices(AccessApprovalSettingsEnrolledServiceArgs.builder()\n .cloudProduct(\"all\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(iam)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myProject:\n type: gcp:organizations:Project\n name: my_project\n properties:\n name: My Project\n projectId: your-project-id\n orgId: '123456789'\n deletionPolicy: DELETE\n keyRing:\n type: gcp:kms:KeyRing\n name: key_ring\n properties:\n name: key-ring\n location: global\n project: ${myProject.projectId}\n cryptoKey:\n type: gcp:kms:CryptoKey\n name: crypto_key\n properties:\n name: crypto-key\n keyRing: ${keyRing.id}\n purpose: ASYMMETRIC_SIGN\n versionTemplate:\n algorithm: EC_SIGN_P384_SHA384\n iam:\n type: gcp:kms:CryptoKeyIAMMember\n properties:\n cryptoKeyId: ${cryptoKey.id}\n role: roles/cloudkms.signerVerifier\n member: serviceAccount:${serviceAccount.accountEmail}\n organizationAccessApproval:\n type: gcp:organizations:AccessApprovalSettings\n name: organization_access_approval\n properties:\n organizationId: '123456789'\n activeKeyVersion: ${cryptoKeyVersion.name}\n enrolledServices:\n - cloudProduct: all\n options:\n dependsOn:\n - ${iam}\nvariables:\n serviceAccount:\n fn::invoke:\n function: gcp:accessapproval:getOrganizationServiceAccount\n arguments:\n organizationId: '123456789'\n cryptoKeyVersion:\n fn::invoke:\n function: gcp:kms:getKMSCryptoKeyVersion\n arguments:\n cryptoKey: ${cryptoKey.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nOrganizationSettings can be imported using any of these accepted formats:\n\n* `organizations/{{organization_id}}/accessApprovalSettings`\n\n* `{{organization_id}}`\n\nWhen using the `pulumi import` command, OrganizationSettings can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:organizations/accessApprovalSettings:AccessApprovalSettings default organizations/{{organization_id}}/accessApprovalSettings\n```\n\n```sh\n$ pulumi import gcp:organizations/accessApprovalSettings:AccessApprovalSettings default {{organization_id}}\n```\n\n", "properties": { "activeKeyVersion": { "type": "string", @@ -249670,7 +249670,7 @@ } }, "gcp:organizations/iAMMember:IAMMember": { - "description": "Four different resources help you manage your IAM policy for a organization. Each of these resources serves a different use case:\n\n* `gcp.organizations.IAMPolicy`: Authoritative. Sets the IAM policy for the organization and replaces any existing policy already attached.\n* `gcp.organizations.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organization are preserved.\n* `gcp.organizations.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organization are preserved.\n* `gcp.organizations.IamAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\n\u003e **Note:** `gcp.organizations.IAMPolicy` **cannot** be used in conjunction with `gcp.organizations.IAMBinding`, `gcp.organizations.IAMMember`, or `gcp.organizations.IamAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.organizations.IAMBinding` resources **can be** used in conjunction with `gcp.organizations.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.organizations.IAMPolicy\n\n!\u003e **Warning:** New organizations have several default policies which will,\n without extreme caution, be **overwritten** by use of this resource.\n The safest alternative is to use multiple `gcp.organizations.IAMBinding`\n resources. This resource makes it easy to remove your own access to\n an organization, which will require a call to Google Support to have\n fixed, and can take multiple days to resolve.\n\n\n In general, this resource should only be used with organizations\n fully managed by this provider.I f you do use this resource,\n the best way to be sure that you are not making dangerous changes is to start\n by **importing** your existing policy, and examining the diff very closely.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst organization = new gcp.organizations.IAMPolicy(\"organization\", {\n orgId: \"1234567890\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\norganization = gcp.organizations.IAMPolicy(\"organization\",\n org_id=\"1234567890\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var organization = new Gcp.Organizations.IAMPolicy(\"organization\", new()\n {\n OrgId = \"1234567890\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.NewIAMPolicy(ctx, \"organization\", \u0026organizations.IAMPolicyArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.organizations.IAMPolicy;\nimport com.pulumi.gcp.organizations.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var organization = new IAMPolicy(\"organization\", IAMPolicyArgs.builder()\n .orgId(\"1234567890\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMPolicy\n properties:\n orgId: '1234567890'\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst organization = new gcp.organizations.IAMPolicy(\"organization\", {\n orgId: \"1234567890\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\norganization = gcp.organizations.IAMPolicy(\"organization\",\n org_id=\"1234567890\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var organization = new Gcp.Organizations.IAMPolicy(\"organization\", new()\n {\n OrgId = \"1234567890\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.NewIAMPolicy(ctx, \"organization\", \u0026organizations.IAMPolicyArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.organizations.IAMPolicy;\nimport com.pulumi.gcp.organizations.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var organization = new IAMPolicy(\"organization\", IAMPolicyArgs.builder()\n .orgId(\"1234567890\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMPolicy\n properties:\n orgId: '1234567890'\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.organizations.IAMBinding\n\n\u003e **Note:** If `role` is set to `roles/owner` and you don't specify a user or service account you have access to in `members`, you can lock yourself out of your organization.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMBinding(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMBinding(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMBinding(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMBinding(ctx, \"organization\", \u0026organizations.IAMBindingArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMBinding;\nimport com.pulumi.gcp.organizations.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMBinding(\"organization\", IAMBindingArgs.builder()\n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMBinding\n properties:\n orgId: '1234567890'\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMBinding(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMBinding(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMBinding(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMBinding(ctx, \"organization\", \u0026organizations.IAMBindingArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026organizations.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMBinding;\nimport com.pulumi.gcp.organizations.IAMBindingArgs;\nimport com.pulumi.gcp.organizations.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMBinding(\"organization\", IAMBindingArgs.builder()\n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMBinding\n properties:\n orgId: '1234567890'\n role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.organizations.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMMember(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMMember(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMMember(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMMember(ctx, \"organization\", \u0026organizations.IAMMemberArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMMember;\nimport com.pulumi.gcp.organizations.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMMember(\"organization\", IAMMemberArgs.builder()\n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMMember\n properties:\n orgId: '1234567890'\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMMember(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMMember(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMMember(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Organizations.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMMember(ctx, \"organization\", \u0026organizations.IAMMemberArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026organizations.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMMember;\nimport com.pulumi.gcp.organizations.IAMMemberArgs;\nimport com.pulumi.gcp.organizations.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMMember(\"organization\", IAMMemberArgs.builder()\n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMMember\n properties:\n orgId: '1234567890'\n role: roles/editor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.organizations.IamAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IamAuditConfig(\"organization\", {\n orgId: \"1234567890\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IamAuditConfig(\"organization\",\n org_id=\"1234567890\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IamAuditConfig(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Organizations.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Organizations.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIamAuditConfig(ctx, \"organization\", \u0026organizations.IamAuditConfigArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: organizations.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026organizations.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026organizations.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IamAuditConfig;\nimport com.pulumi.gcp.organizations.IamAuditConfigArgs;\nimport com.pulumi.gcp.organizations.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IamAuditConfig(\"organization\", IamAuditConfigArgs.builder()\n .orgId(\"1234567890\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IamAuditConfig\n properties:\n orgId: '1234567890'\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.organizations.IAMBinding\n\n\u003e **Note:** If `role` is set to `roles/owner` and you don't specify a user or service account you have access to in `members`, you can lock yourself out of your organization.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMBinding(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMBinding(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMBinding(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMBinding(ctx, \"organization\", \u0026organizations.IAMBindingArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMBinding;\nimport com.pulumi.gcp.organizations.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMBinding(\"organization\", IAMBindingArgs.builder()\n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMBinding\n properties:\n orgId: '1234567890'\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMBinding(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMBinding(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMBinding(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMBinding(ctx, \"organization\", \u0026organizations.IAMBindingArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026organizations.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMBinding;\nimport com.pulumi.gcp.organizations.IAMBindingArgs;\nimport com.pulumi.gcp.organizations.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMBinding(\"organization\", IAMBindingArgs.builder()\n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMBinding\n properties:\n orgId: '1234567890'\n role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.organizations.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMMember(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMMember(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMMember(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMMember(ctx, \"organization\", \u0026organizations.IAMMemberArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMMember;\nimport com.pulumi.gcp.organizations.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMMember(\"organization\", IAMMemberArgs.builder()\n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMMember\n properties:\n orgId: '1234567890'\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMMember(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMMember(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMMember(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Organizations.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMMember(ctx, \"organization\", \u0026organizations.IAMMemberArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026organizations.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMMember;\nimport com.pulumi.gcp.organizations.IAMMemberArgs;\nimport com.pulumi.gcp.organizations.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMMember(\"organization\", IAMMemberArgs.builder()\n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMMember\n properties:\n orgId: '1234567890'\n role: roles/editor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.organizations.IamAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IamAuditConfig(\"organization\", {\n orgId: \"1234567890\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IamAuditConfig(\"organization\",\n org_id=\"1234567890\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IamAuditConfig(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Organizations.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Organizations.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIamAuditConfig(ctx, \"organization\", \u0026organizations.IamAuditConfigArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: organizations.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026organizations.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026organizations.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IamAuditConfig;\nimport com.pulumi.gcp.organizations.IamAuditConfigArgs;\nimport com.pulumi.gcp.organizations.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IamAuditConfig(\"organization\", IamAuditConfigArgs.builder()\n .orgId(\"1234567890\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IamAuditConfig\n properties:\n orgId: '1234567890'\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_organization_iam_audit_config` resource using the resource's `org_id` and the `service`, e.g:\n\n* `\"{{org_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"{{org_id}} foo.googleapis.com\"\n\n to = google_organization_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:organizations/iAMMember:IAMMember default \"{{org_id}} foo.googleapis.com\"\n```\n\n", + "description": "Four different resources help you manage your IAM policy for a organization. Each of these resources serves a different use case:\n\n* `gcp.organizations.IAMPolicy`: Authoritative. Sets the IAM policy for the organization and replaces any existing policy already attached.\n* `gcp.organizations.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organization are preserved.\n* `gcp.organizations.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organization are preserved.\n* `gcp.organizations.IamAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\n\u003e **Note:** `gcp.organizations.IAMPolicy` **cannot** be used in conjunction with `gcp.organizations.IAMBinding`, `gcp.organizations.IAMMember`, or `gcp.organizations.IamAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.organizations.IAMBinding` resources **can be** used in conjunction with `gcp.organizations.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.organizations.IAMPolicy\n\n!\u003e **Warning:** New organizations have several default policies which will,\n without extreme caution, be **overwritten** by use of this resource.\n The safest alternative is to use multiple `gcp.organizations.IAMBinding`\n resources. This resource makes it easy to remove your own access to\n an organization, which will require a call to Google Support to have\n fixed, and can take multiple days to resolve.\n\n\n In general, this resource should only be used with organizations\n fully managed by this provider.I f you do use this resource,\n the best way to be sure that you are not making dangerous changes is to start\n by **importing** your existing policy, and examining the diff very closely.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst organization = new gcp.organizations.IAMPolicy(\"organization\", {\n orgId: \"1234567890\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\norganization = gcp.organizations.IAMPolicy(\"organization\",\n org_id=\"1234567890\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var organization = new Gcp.Organizations.IAMPolicy(\"organization\", new()\n {\n OrgId = \"1234567890\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.NewIAMPolicy(ctx, \"organization\", \u0026organizations.IAMPolicyArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.organizations.IAMPolicy;\nimport com.pulumi.gcp.organizations.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var organization = new IAMPolicy(\"organization\", IAMPolicyArgs.builder()\n .orgId(\"1234567890\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMPolicy\n properties:\n orgId: '1234567890'\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst organization = new gcp.organizations.IAMPolicy(\"organization\", {\n orgId: \"1234567890\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\norganization = gcp.organizations.IAMPolicy(\"organization\",\n org_id=\"1234567890\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var organization = new Gcp.Organizations.IAMPolicy(\"organization\", new()\n {\n OrgId = \"1234567890\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.NewIAMPolicy(ctx, \"organization\", \u0026organizations.IAMPolicyArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.organizations.IAMPolicy;\nimport com.pulumi.gcp.organizations.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var organization = new IAMPolicy(\"organization\", IAMPolicyArgs.builder()\n .orgId(\"1234567890\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMPolicy\n properties:\n orgId: '1234567890'\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.organizations.IAMBinding\n\n\u003e **Note:** If `role` is set to `roles/owner` and you don't specify a user or service account you have access to in `members`, you can lock yourself out of your organization.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMBinding(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMBinding(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMBinding(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMBinding(ctx, \"organization\", \u0026organizations.IAMBindingArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMBinding;\nimport com.pulumi.gcp.organizations.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMBinding(\"organization\", IAMBindingArgs.builder()\n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMBinding\n properties:\n orgId: '1234567890'\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMBinding(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMBinding(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMBinding(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMBinding(ctx, \"organization\", \u0026organizations.IAMBindingArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026organizations.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMBinding;\nimport com.pulumi.gcp.organizations.IAMBindingArgs;\nimport com.pulumi.gcp.organizations.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMBinding(\"organization\", IAMBindingArgs.builder()\n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMBinding\n properties:\n orgId: '1234567890'\n role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.organizations.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMMember(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMMember(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMMember(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMMember(ctx, \"organization\", \u0026organizations.IAMMemberArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMMember;\nimport com.pulumi.gcp.organizations.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMMember(\"organization\", IAMMemberArgs.builder()\n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMMember\n properties:\n orgId: '1234567890'\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMMember(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMMember(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMMember(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Organizations.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMMember(ctx, \"organization\", \u0026organizations.IAMMemberArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026organizations.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMMember;\nimport com.pulumi.gcp.organizations.IAMMemberArgs;\nimport com.pulumi.gcp.organizations.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMMember(\"organization\", IAMMemberArgs.builder()\n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMMember\n properties:\n orgId: '1234567890'\n role: roles/editor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.organizations.IamAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IamAuditConfig(\"organization\", {\n orgId: \"1234567890\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IamAuditConfig(\"organization\",\n org_id=\"1234567890\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IamAuditConfig(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Organizations.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Organizations.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIamAuditConfig(ctx, \"organization\", \u0026organizations.IamAuditConfigArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: organizations.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026organizations.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026organizations.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IamAuditConfig;\nimport com.pulumi.gcp.organizations.IamAuditConfigArgs;\nimport com.pulumi.gcp.organizations.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IamAuditConfig(\"organization\", IamAuditConfigArgs.builder()\n .orgId(\"1234567890\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IamAuditConfig\n properties:\n orgId: '1234567890'\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.organizations.IAMBinding\n\n\u003e **Note:** If `role` is set to `roles/owner` and you don't specify a user or service account you have access to in `members`, you can lock yourself out of your organization.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMBinding(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMBinding(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMBinding(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMBinding(ctx, \"organization\", \u0026organizations.IAMBindingArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMBinding;\nimport com.pulumi.gcp.organizations.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMBinding(\"organization\", IAMBindingArgs.builder()\n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMBinding\n properties:\n orgId: '1234567890'\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMBinding(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMBinding(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMBinding(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMBinding(ctx, \"organization\", \u0026organizations.IAMBindingArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026organizations.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMBinding;\nimport com.pulumi.gcp.organizations.IAMBindingArgs;\nimport com.pulumi.gcp.organizations.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMBinding(\"organization\", IAMBindingArgs.builder()\n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMBinding\n properties:\n orgId: '1234567890'\n role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.organizations.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMMember(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMMember(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMMember(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMMember(ctx, \"organization\", \u0026organizations.IAMMemberArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMMember;\nimport com.pulumi.gcp.organizations.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMMember(\"organization\", IAMMemberArgs.builder()\n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMMember\n properties:\n orgId: '1234567890'\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMMember(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMMember(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMMember(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Organizations.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMMember(ctx, \"organization\", \u0026organizations.IAMMemberArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026organizations.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMMember;\nimport com.pulumi.gcp.organizations.IAMMemberArgs;\nimport com.pulumi.gcp.organizations.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMMember(\"organization\", IAMMemberArgs.builder()\n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMMember\n properties:\n orgId: '1234567890'\n role: roles/editor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.organizations.IamAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IamAuditConfig(\"organization\", {\n orgId: \"1234567890\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IamAuditConfig(\"organization\",\n org_id=\"1234567890\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IamAuditConfig(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Organizations.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Organizations.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIamAuditConfig(ctx, \"organization\", \u0026organizations.IamAuditConfigArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: organizations.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026organizations.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026organizations.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IamAuditConfig;\nimport com.pulumi.gcp.organizations.IamAuditConfigArgs;\nimport com.pulumi.gcp.organizations.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IamAuditConfig(\"organization\", IamAuditConfigArgs.builder()\n .orgId(\"1234567890\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IamAuditConfig\n properties:\n orgId: '1234567890'\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_organization_iam_audit_config` resource using the resource's `org_id` and the `service`, e.g:\n\n* `\"{{org_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"{{org_id}} foo.googleapis.com\"\n\n to = google_organization_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:organizations/iAMMember:IAMMember default \"{{org_id}} foo.googleapis.com\"\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:organizations/IAMMemberCondition:IAMMemberCondition", @@ -249758,7 +249758,7 @@ } }, "gcp:organizations/iAMPolicy:IAMPolicy": { - "description": "Four different resources help you manage your IAM policy for a organization. Each of these resources serves a different use case:\n\n* `gcp.organizations.IAMPolicy`: Authoritative. Sets the IAM policy for the organization and replaces any existing policy already attached.\n* `gcp.organizations.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organization are preserved.\n* `gcp.organizations.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organization are preserved.\n* `gcp.organizations.IamAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\n\u003e **Note:** `gcp.organizations.IAMPolicy` **cannot** be used in conjunction with `gcp.organizations.IAMBinding`, `gcp.organizations.IAMMember`, or `gcp.organizations.IamAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.organizations.IAMBinding` resources **can be** used in conjunction with `gcp.organizations.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.organizations.IAMPolicy\n\n!\u003e **Warning:** New organizations have several default policies which will,\n without extreme caution, be **overwritten** by use of this resource.\n The safest alternative is to use multiple `gcp.organizations.IAMBinding`\n resources. This resource makes it easy to remove your own access to\n an organization, which will require a call to Google Support to have\n fixed, and can take multiple days to resolve.\n\n\n In general, this resource should only be used with organizations\n fully managed by this provider.I f you do use this resource,\n the best way to be sure that you are not making dangerous changes is to start\n by **importing** your existing policy, and examining the diff very closely.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst organization = new gcp.organizations.IAMPolicy(\"organization\", {\n orgId: \"1234567890\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\norganization = gcp.organizations.IAMPolicy(\"organization\",\n org_id=\"1234567890\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var organization = new Gcp.Organizations.IAMPolicy(\"organization\", new()\n {\n OrgId = \"1234567890\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.NewIAMPolicy(ctx, \"organization\", \u0026organizations.IAMPolicyArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.organizations.IAMPolicy;\nimport com.pulumi.gcp.organizations.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var organization = new IAMPolicy(\"organization\", IAMPolicyArgs.builder()\n .orgId(\"1234567890\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMPolicy\n properties:\n orgId: '1234567890'\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst organization = new gcp.organizations.IAMPolicy(\"organization\", {\n orgId: \"1234567890\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\norganization = gcp.organizations.IAMPolicy(\"organization\",\n org_id=\"1234567890\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var organization = new Gcp.Organizations.IAMPolicy(\"organization\", new()\n {\n OrgId = \"1234567890\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.NewIAMPolicy(ctx, \"organization\", \u0026organizations.IAMPolicyArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.organizations.IAMPolicy;\nimport com.pulumi.gcp.organizations.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var organization = new IAMPolicy(\"organization\", IAMPolicyArgs.builder()\n .orgId(\"1234567890\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMPolicy\n properties:\n orgId: '1234567890'\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.organizations.IAMBinding\n\n\u003e **Note:** If `role` is set to `roles/owner` and you don't specify a user or service account you have access to in `members`, you can lock yourself out of your organization.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMBinding(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMBinding(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMBinding(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMBinding(ctx, \"organization\", \u0026organizations.IAMBindingArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMBinding;\nimport com.pulumi.gcp.organizations.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMBinding(\"organization\", IAMBindingArgs.builder()\n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMBinding\n properties:\n orgId: '1234567890'\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMBinding(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMBinding(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMBinding(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMBinding(ctx, \"organization\", \u0026organizations.IAMBindingArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026organizations.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMBinding;\nimport com.pulumi.gcp.organizations.IAMBindingArgs;\nimport com.pulumi.gcp.organizations.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMBinding(\"organization\", IAMBindingArgs.builder()\n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMBinding\n properties:\n orgId: '1234567890'\n role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.organizations.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMMember(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMMember(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMMember(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMMember(ctx, \"organization\", \u0026organizations.IAMMemberArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMMember;\nimport com.pulumi.gcp.organizations.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMMember(\"organization\", IAMMemberArgs.builder()\n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMMember\n properties:\n orgId: '1234567890'\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMMember(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMMember(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMMember(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Organizations.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMMember(ctx, \"organization\", \u0026organizations.IAMMemberArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026organizations.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMMember;\nimport com.pulumi.gcp.organizations.IAMMemberArgs;\nimport com.pulumi.gcp.organizations.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMMember(\"organization\", IAMMemberArgs.builder()\n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMMember\n properties:\n orgId: '1234567890'\n role: roles/editor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.organizations.IamAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IamAuditConfig(\"organization\", {\n orgId: \"1234567890\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IamAuditConfig(\"organization\",\n org_id=\"1234567890\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IamAuditConfig(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Organizations.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Organizations.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIamAuditConfig(ctx, \"organization\", \u0026organizations.IamAuditConfigArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: organizations.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026organizations.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026organizations.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IamAuditConfig;\nimport com.pulumi.gcp.organizations.IamAuditConfigArgs;\nimport com.pulumi.gcp.organizations.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IamAuditConfig(\"organization\", IamAuditConfigArgs.builder()\n .orgId(\"1234567890\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IamAuditConfig\n properties:\n orgId: '1234567890'\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.organizations.IAMBinding\n\n\u003e **Note:** If `role` is set to `roles/owner` and you don't specify a user or service account you have access to in `members`, you can lock yourself out of your organization.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMBinding(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMBinding(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMBinding(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMBinding(ctx, \"organization\", \u0026organizations.IAMBindingArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMBinding;\nimport com.pulumi.gcp.organizations.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMBinding(\"organization\", IAMBindingArgs.builder()\n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMBinding\n properties:\n orgId: '1234567890'\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMBinding(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMBinding(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMBinding(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMBinding(ctx, \"organization\", \u0026organizations.IAMBindingArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026organizations.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMBinding;\nimport com.pulumi.gcp.organizations.IAMBindingArgs;\nimport com.pulumi.gcp.organizations.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMBinding(\"organization\", IAMBindingArgs.builder()\n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMBinding\n properties:\n orgId: '1234567890'\n role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.organizations.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMMember(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMMember(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMMember(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMMember(ctx, \"organization\", \u0026organizations.IAMMemberArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMMember;\nimport com.pulumi.gcp.organizations.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMMember(\"organization\", IAMMemberArgs.builder()\n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMMember\n properties:\n orgId: '1234567890'\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMMember(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMMember(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMMember(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Organizations.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMMember(ctx, \"organization\", \u0026organizations.IAMMemberArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026organizations.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMMember;\nimport com.pulumi.gcp.organizations.IAMMemberArgs;\nimport com.pulumi.gcp.organizations.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMMember(\"organization\", IAMMemberArgs.builder()\n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMMember\n properties:\n orgId: '1234567890'\n role: roles/editor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.organizations.IamAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IamAuditConfig(\"organization\", {\n orgId: \"1234567890\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IamAuditConfig(\"organization\",\n org_id=\"1234567890\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IamAuditConfig(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Organizations.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Organizations.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIamAuditConfig(ctx, \"organization\", \u0026organizations.IamAuditConfigArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: organizations.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026organizations.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026organizations.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IamAuditConfig;\nimport com.pulumi.gcp.organizations.IamAuditConfigArgs;\nimport com.pulumi.gcp.organizations.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IamAuditConfig(\"organization\", IamAuditConfigArgs.builder()\n .orgId(\"1234567890\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IamAuditConfig\n properties:\n orgId: '1234567890'\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_organization_iam_audit_config` resource using the resource's `org_id` and the `service`, e.g:\n\n* `\"{{org_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"{{org_id}} foo.googleapis.com\"\n\n to = google_organization_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:organizations/iAMPolicy:IAMPolicy default \"{{org_id}} foo.googleapis.com\"\n```\n\n", + "description": "Four different resources help you manage your IAM policy for a organization. Each of these resources serves a different use case:\n\n* `gcp.organizations.IAMPolicy`: Authoritative. Sets the IAM policy for the organization and replaces any existing policy already attached.\n* `gcp.organizations.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organization are preserved.\n* `gcp.organizations.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organization are preserved.\n* `gcp.organizations.IamAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\n\u003e **Note:** `gcp.organizations.IAMPolicy` **cannot** be used in conjunction with `gcp.organizations.IAMBinding`, `gcp.organizations.IAMMember`, or `gcp.organizations.IamAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.organizations.IAMBinding` resources **can be** used in conjunction with `gcp.organizations.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.organizations.IAMPolicy\n\n!\u003e **Warning:** New organizations have several default policies which will,\n without extreme caution, be **overwritten** by use of this resource.\n The safest alternative is to use multiple `gcp.organizations.IAMBinding`\n resources. This resource makes it easy to remove your own access to\n an organization, which will require a call to Google Support to have\n fixed, and can take multiple days to resolve.\n\n\n In general, this resource should only be used with organizations\n fully managed by this provider.I f you do use this resource,\n the best way to be sure that you are not making dangerous changes is to start\n by **importing** your existing policy, and examining the diff very closely.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst organization = new gcp.organizations.IAMPolicy(\"organization\", {\n orgId: \"1234567890\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\norganization = gcp.organizations.IAMPolicy(\"organization\",\n org_id=\"1234567890\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var organization = new Gcp.Organizations.IAMPolicy(\"organization\", new()\n {\n OrgId = \"1234567890\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.NewIAMPolicy(ctx, \"organization\", \u0026organizations.IAMPolicyArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.organizations.IAMPolicy;\nimport com.pulumi.gcp.organizations.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var organization = new IAMPolicy(\"organization\", IAMPolicyArgs.builder()\n .orgId(\"1234567890\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMPolicy\n properties:\n orgId: '1234567890'\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst organization = new gcp.organizations.IAMPolicy(\"organization\", {\n orgId: \"1234567890\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\norganization = gcp.organizations.IAMPolicy(\"organization\",\n org_id=\"1234567890\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var organization = new Gcp.Organizations.IAMPolicy(\"organization\", new()\n {\n OrgId = \"1234567890\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.NewIAMPolicy(ctx, \"organization\", \u0026organizations.IAMPolicyArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.organizations.IAMPolicy;\nimport com.pulumi.gcp.organizations.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var organization = new IAMPolicy(\"organization\", IAMPolicyArgs.builder()\n .orgId(\"1234567890\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMPolicy\n properties:\n orgId: '1234567890'\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.organizations.IAMBinding\n\n\u003e **Note:** If `role` is set to `roles/owner` and you don't specify a user or service account you have access to in `members`, you can lock yourself out of your organization.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMBinding(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMBinding(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMBinding(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMBinding(ctx, \"organization\", \u0026organizations.IAMBindingArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMBinding;\nimport com.pulumi.gcp.organizations.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMBinding(\"organization\", IAMBindingArgs.builder()\n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMBinding\n properties:\n orgId: '1234567890'\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMBinding(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMBinding(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMBinding(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMBinding(ctx, \"organization\", \u0026organizations.IAMBindingArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026organizations.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMBinding;\nimport com.pulumi.gcp.organizations.IAMBindingArgs;\nimport com.pulumi.gcp.organizations.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMBinding(\"organization\", IAMBindingArgs.builder()\n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMBinding\n properties:\n orgId: '1234567890'\n role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.organizations.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMMember(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMMember(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMMember(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMMember(ctx, \"organization\", \u0026organizations.IAMMemberArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMMember;\nimport com.pulumi.gcp.organizations.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMMember(\"organization\", IAMMemberArgs.builder()\n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMMember\n properties:\n orgId: '1234567890'\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMMember(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMMember(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMMember(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Organizations.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMMember(ctx, \"organization\", \u0026organizations.IAMMemberArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026organizations.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMMember;\nimport com.pulumi.gcp.organizations.IAMMemberArgs;\nimport com.pulumi.gcp.organizations.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMMember(\"organization\", IAMMemberArgs.builder()\n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMMember\n properties:\n orgId: '1234567890'\n role: roles/editor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.organizations.IamAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IamAuditConfig(\"organization\", {\n orgId: \"1234567890\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IamAuditConfig(\"organization\",\n org_id=\"1234567890\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IamAuditConfig(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Organizations.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Organizations.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIamAuditConfig(ctx, \"organization\", \u0026organizations.IamAuditConfigArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: organizations.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026organizations.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026organizations.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IamAuditConfig;\nimport com.pulumi.gcp.organizations.IamAuditConfigArgs;\nimport com.pulumi.gcp.organizations.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IamAuditConfig(\"organization\", IamAuditConfigArgs.builder()\n .orgId(\"1234567890\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IamAuditConfig\n properties:\n orgId: '1234567890'\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.organizations.IAMBinding\n\n\u003e **Note:** If `role` is set to `roles/owner` and you don't specify a user or service account you have access to in `members`, you can lock yourself out of your organization.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMBinding(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMBinding(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMBinding(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMBinding(ctx, \"organization\", \u0026organizations.IAMBindingArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMBinding;\nimport com.pulumi.gcp.organizations.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMBinding(\"organization\", IAMBindingArgs.builder()\n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMBinding\n properties:\n orgId: '1234567890'\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMBinding(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMBinding(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMBinding(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMBinding(ctx, \"organization\", \u0026organizations.IAMBindingArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026organizations.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMBinding;\nimport com.pulumi.gcp.organizations.IAMBindingArgs;\nimport com.pulumi.gcp.organizations.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMBinding(\"organization\", IAMBindingArgs.builder()\n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMBinding\n properties:\n orgId: '1234567890'\n role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.organizations.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMMember(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMMember(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMMember(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMMember(ctx, \"organization\", \u0026organizations.IAMMemberArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMMember;\nimport com.pulumi.gcp.organizations.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMMember(\"organization\", IAMMemberArgs.builder()\n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMMember\n properties:\n orgId: '1234567890'\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMMember(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMMember(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMMember(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Organizations.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMMember(ctx, \"organization\", \u0026organizations.IAMMemberArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026organizations.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMMember;\nimport com.pulumi.gcp.organizations.IAMMemberArgs;\nimport com.pulumi.gcp.organizations.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMMember(\"organization\", IAMMemberArgs.builder()\n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMMember\n properties:\n orgId: '1234567890'\n role: roles/editor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.organizations.IamAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IamAuditConfig(\"organization\", {\n orgId: \"1234567890\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IamAuditConfig(\"organization\",\n org_id=\"1234567890\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IamAuditConfig(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Organizations.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Organizations.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIamAuditConfig(ctx, \"organization\", \u0026organizations.IamAuditConfigArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: organizations.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026organizations.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026organizations.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IamAuditConfig;\nimport com.pulumi.gcp.organizations.IamAuditConfigArgs;\nimport com.pulumi.gcp.organizations.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IamAuditConfig(\"organization\", IamAuditConfigArgs.builder()\n .orgId(\"1234567890\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IamAuditConfig\n properties:\n orgId: '1234567890'\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_organization_iam_audit_config` resource using the resource's `org_id` and the `service`, e.g:\n\n* `\"{{org_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"{{org_id}} foo.googleapis.com\"\n\n to = google_organization_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:organizations/iAMPolicy:IAMPolicy default \"{{org_id}} foo.googleapis.com\"\n```\n\n", "properties": { "etag": { "type": "string", @@ -250434,7 +250434,7 @@ } }, "gcp:osconfig/guestPolicies:GuestPolicies": { - "description": "An OS Config resource representing a guest configuration policy. These policies represent\nthe desired state for VM instance guest environments including packages to install or remove,\npackage repository configurations, and software to install.\n\nTo get more information about GuestPolicies, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/osconfig/rest)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/compute/docs/os-config-management)\n\n## Example Usage\n\n### Os Config Guest Policies Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst foobar = new gcp.compute.Instance(\"foobar\", {\n name: \"guest-policy-inst\",\n machineType: \"e2-medium\",\n zone: \"us-central1-a\",\n canIpForward: false,\n tags: [\n \"foo\",\n \"bar\",\n ],\n bootDisk: {\n initializeParams: {\n image: myImage.then(myImage =\u003e myImage.selfLink),\n },\n },\n networkInterfaces: [{\n network: \"default\",\n }],\n metadata: {\n foo: \"bar\",\n },\n});\nconst guestPolicies = new gcp.osconfig.GuestPolicies(\"guest_policies\", {\n guestPolicyId: \"guest-policy\",\n assignment: {\n instances: [foobar.id],\n },\n packages: [{\n name: \"my-package\",\n desiredState: \"UPDATED\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\nfoobar = gcp.compute.Instance(\"foobar\",\n name=\"guest-policy-inst\",\n machine_type=\"e2-medium\",\n zone=\"us-central1-a\",\n can_ip_forward=False,\n tags=[\n \"foo\",\n \"bar\",\n ],\n boot_disk={\n \"initialize_params\": {\n \"image\": my_image.self_link,\n },\n },\n network_interfaces=[{\n \"network\": \"default\",\n }],\n metadata={\n \"foo\": \"bar\",\n })\nguest_policies = gcp.osconfig.GuestPolicies(\"guest_policies\",\n guest_policy_id=\"guest-policy\",\n assignment={\n \"instances\": [foobar.id],\n },\n packages=[{\n \"name\": \"my-package\",\n \"desired_state\": \"UPDATED\",\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var foobar = new Gcp.Compute.Instance(\"foobar\", new()\n {\n Name = \"guest-policy-inst\",\n MachineType = \"e2-medium\",\n Zone = \"us-central1-a\",\n CanIpForward = false,\n Tags = new[]\n {\n \"foo\",\n \"bar\",\n },\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = myImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n },\n },\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs\n {\n Network = \"default\",\n },\n },\n Metadata = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n var guestPolicies = new Gcp.OsConfig.GuestPolicies(\"guest_policies\", new()\n {\n GuestPolicyId = \"guest-policy\",\n Assignment = new Gcp.OsConfig.Inputs.GuestPoliciesAssignmentArgs\n {\n Instances = new[]\n {\n foobar.Id,\n },\n },\n Packages = new[]\n {\n new Gcp.OsConfig.Inputs.GuestPoliciesPackageArgs\n {\n Name = \"my-package\",\n DesiredState = \"UPDATED\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/osconfig\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoobar, err := compute.NewInstance(ctx, \"foobar\", \u0026compute.InstanceArgs{\n\t\t\tName: pulumi.String(\"guest-policy-inst\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tCanIpForward: pulumi.Bool(false),\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"foo\"),\n\t\t\t\tpulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\n\t\t\t\t\tImage: pulumi.String(myImage.SelfLink),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworkInterfaces: compute.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tMetadata: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = osconfig.NewGuestPolicies(ctx, \"guest_policies\", \u0026osconfig.GuestPoliciesArgs{\n\t\t\tGuestPolicyId: pulumi.String(\"guest-policy\"),\n\t\t\tAssignment: \u0026osconfig.GuestPoliciesAssignmentArgs{\n\t\t\t\tInstances: pulumi.StringArray{\n\t\t\t\t\tfoobar.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPackages: osconfig.GuestPoliciesPackageArray{\n\t\t\t\t\u0026osconfig.GuestPoliciesPackageArgs{\n\t\t\t\t\tName: pulumi.String(\"my-package\"),\n\t\t\t\t\tDesiredState: pulumi.String(\"UPDATED\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;\nimport com.pulumi.gcp.osconfig.GuestPolicies;\nimport com.pulumi.gcp.osconfig.GuestPoliciesArgs;\nimport com.pulumi.gcp.osconfig.inputs.GuestPoliciesAssignmentArgs;\nimport com.pulumi.gcp.osconfig.inputs.GuestPoliciesPackageArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var foobar = new Instance(\"foobar\", InstanceArgs.builder()\n .name(\"guest-policy-inst\")\n .machineType(\"e2-medium\")\n .zone(\"us-central1-a\")\n .canIpForward(false)\n .tags( \n \"foo\",\n \"bar\")\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(myImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .build())\n .build())\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .network(\"default\")\n .build())\n .metadata(Map.of(\"foo\", \"bar\"))\n .build());\n\n var guestPolicies = new GuestPolicies(\"guestPolicies\", GuestPoliciesArgs.builder()\n .guestPolicyId(\"guest-policy\")\n .assignment(GuestPoliciesAssignmentArgs.builder()\n .instances(foobar.id())\n .build())\n .packages(GuestPoliciesPackageArgs.builder()\n .name(\"my-package\")\n .desiredState(\"UPDATED\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foobar:\n type: gcp:compute:Instance\n properties:\n name: guest-policy-inst\n machineType: e2-medium\n zone: us-central1-a\n canIpForward: false\n tags:\n - foo\n - bar\n bootDisk:\n initializeParams:\n image: ${myImage.selfLink}\n networkInterfaces:\n - network: default\n metadata:\n foo: bar\n guestPolicies:\n type: gcp:osconfig:GuestPolicies\n name: guest_policies\n properties:\n guestPolicyId: guest-policy\n assignment:\n instances:\n - ${foobar.id}\n packages:\n - name: my-package\n desiredState: UPDATED\nvariables:\n myImage:\n fn::invoke:\n Function: gcp:compute:getImage\n Arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Os Config Guest Policies Packages\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst guestPolicies = new gcp.osconfig.GuestPolicies(\"guest_policies\", {\n guestPolicyId: \"guest-policy\",\n assignment: {\n groupLabels: [\n {\n labels: {\n color: \"red\",\n env: \"test\",\n },\n },\n {\n labels: {\n color: \"blue\",\n env: \"test\",\n },\n },\n ],\n },\n packages: [\n {\n name: \"my-package\",\n desiredState: \"INSTALLED\",\n },\n {\n name: \"bad-package-1\",\n desiredState: \"REMOVED\",\n },\n {\n name: \"bad-package-2\",\n desiredState: \"REMOVED\",\n manager: \"APT\",\n },\n ],\n packageRepositories: [\n {\n apt: {\n uri: \"https://packages.cloud.google.com/apt\",\n archiveType: \"DEB\",\n distribution: \"cloud-sdk-stretch\",\n components: [\"main\"],\n },\n },\n {\n yum: {\n id: \"google-cloud-sdk\",\n displayName: \"Google Cloud SDK\",\n baseUrl: \"https://packages.cloud.google.com/yum/repos/cloud-sdk-el7-x86_64\",\n gpgKeys: [\n \"https://packages.cloud.google.com/yum/doc/yum-key.gpg\",\n \"https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg\",\n ],\n },\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nguest_policies = gcp.osconfig.GuestPolicies(\"guest_policies\",\n guest_policy_id=\"guest-policy\",\n assignment={\n \"group_labels\": [\n {\n \"labels\": {\n \"color\": \"red\",\n \"env\": \"test\",\n },\n },\n {\n \"labels\": {\n \"color\": \"blue\",\n \"env\": \"test\",\n },\n },\n ],\n },\n packages=[\n {\n \"name\": \"my-package\",\n \"desired_state\": \"INSTALLED\",\n },\n {\n \"name\": \"bad-package-1\",\n \"desired_state\": \"REMOVED\",\n },\n {\n \"name\": \"bad-package-2\",\n \"desired_state\": \"REMOVED\",\n \"manager\": \"APT\",\n },\n ],\n package_repositories=[\n {\n \"apt\": {\n \"uri\": \"https://packages.cloud.google.com/apt\",\n \"archive_type\": \"DEB\",\n \"distribution\": \"cloud-sdk-stretch\",\n \"components\": [\"main\"],\n },\n },\n {\n \"yum\": {\n \"id\": \"google-cloud-sdk\",\n \"display_name\": \"Google Cloud SDK\",\n \"base_url\": \"https://packages.cloud.google.com/yum/repos/cloud-sdk-el7-x86_64\",\n \"gpg_keys\": [\n \"https://packages.cloud.google.com/yum/doc/yum-key.gpg\",\n \"https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg\",\n ],\n },\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var guestPolicies = new Gcp.OsConfig.GuestPolicies(\"guest_policies\", new()\n {\n GuestPolicyId = \"guest-policy\",\n Assignment = new Gcp.OsConfig.Inputs.GuestPoliciesAssignmentArgs\n {\n GroupLabels = new[]\n {\n new Gcp.OsConfig.Inputs.GuestPoliciesAssignmentGroupLabelArgs\n {\n Labels = \n {\n { \"color\", \"red\" },\n { \"env\", \"test\" },\n },\n },\n new Gcp.OsConfig.Inputs.GuestPoliciesAssignmentGroupLabelArgs\n {\n Labels = \n {\n { \"color\", \"blue\" },\n { \"env\", \"test\" },\n },\n },\n },\n },\n Packages = new[]\n {\n new Gcp.OsConfig.Inputs.GuestPoliciesPackageArgs\n {\n Name = \"my-package\",\n DesiredState = \"INSTALLED\",\n },\n new Gcp.OsConfig.Inputs.GuestPoliciesPackageArgs\n {\n Name = \"bad-package-1\",\n DesiredState = \"REMOVED\",\n },\n new Gcp.OsConfig.Inputs.GuestPoliciesPackageArgs\n {\n Name = \"bad-package-2\",\n DesiredState = \"REMOVED\",\n Manager = \"APT\",\n },\n },\n PackageRepositories = new[]\n {\n new Gcp.OsConfig.Inputs.GuestPoliciesPackageRepositoryArgs\n {\n Apt = new Gcp.OsConfig.Inputs.GuestPoliciesPackageRepositoryAptArgs\n {\n Uri = \"https://packages.cloud.google.com/apt\",\n ArchiveType = \"DEB\",\n Distribution = \"cloud-sdk-stretch\",\n Components = new[]\n {\n \"main\",\n },\n },\n },\n new Gcp.OsConfig.Inputs.GuestPoliciesPackageRepositoryArgs\n {\n Yum = new Gcp.OsConfig.Inputs.GuestPoliciesPackageRepositoryYumArgs\n {\n Id = \"google-cloud-sdk\",\n DisplayName = \"Google Cloud SDK\",\n BaseUrl = \"https://packages.cloud.google.com/yum/repos/cloud-sdk-el7-x86_64\",\n GpgKeys = new[]\n {\n \"https://packages.cloud.google.com/yum/doc/yum-key.gpg\",\n \"https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/osconfig\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := osconfig.NewGuestPolicies(ctx, \"guest_policies\", \u0026osconfig.GuestPoliciesArgs{\n\t\t\tGuestPolicyId: pulumi.String(\"guest-policy\"),\n\t\t\tAssignment: \u0026osconfig.GuestPoliciesAssignmentArgs{\n\t\t\t\tGroupLabels: osconfig.GuestPoliciesAssignmentGroupLabelArray{\n\t\t\t\t\t\u0026osconfig.GuestPoliciesAssignmentGroupLabelArgs{\n\t\t\t\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\t\t\t\"color\": pulumi.String(\"red\"),\n\t\t\t\t\t\t\t\"env\": pulumi.String(\"test\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026osconfig.GuestPoliciesAssignmentGroupLabelArgs{\n\t\t\t\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\t\t\t\"color\": pulumi.String(\"blue\"),\n\t\t\t\t\t\t\t\"env\": pulumi.String(\"test\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tPackages: osconfig.GuestPoliciesPackageArray{\n\t\t\t\t\u0026osconfig.GuestPoliciesPackageArgs{\n\t\t\t\t\tName: pulumi.String(\"my-package\"),\n\t\t\t\t\tDesiredState: pulumi.String(\"INSTALLED\"),\n\t\t\t\t},\n\t\t\t\t\u0026osconfig.GuestPoliciesPackageArgs{\n\t\t\t\t\tName: pulumi.String(\"bad-package-1\"),\n\t\t\t\t\tDesiredState: pulumi.String(\"REMOVED\"),\n\t\t\t\t},\n\t\t\t\t\u0026osconfig.GuestPoliciesPackageArgs{\n\t\t\t\t\tName: pulumi.String(\"bad-package-2\"),\n\t\t\t\t\tDesiredState: pulumi.String(\"REMOVED\"),\n\t\t\t\t\tManager: pulumi.String(\"APT\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPackageRepositories: osconfig.GuestPoliciesPackageRepositoryArray{\n\t\t\t\t\u0026osconfig.GuestPoliciesPackageRepositoryArgs{\n\t\t\t\t\tApt: \u0026osconfig.GuestPoliciesPackageRepositoryAptArgs{\n\t\t\t\t\t\tUri: pulumi.String(\"https://packages.cloud.google.com/apt\"),\n\t\t\t\t\t\tArchiveType: pulumi.String(\"DEB\"),\n\t\t\t\t\t\tDistribution: pulumi.String(\"cloud-sdk-stretch\"),\n\t\t\t\t\t\tComponents: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"main\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026osconfig.GuestPoliciesPackageRepositoryArgs{\n\t\t\t\t\tYum: \u0026osconfig.GuestPoliciesPackageRepositoryYumArgs{\n\t\t\t\t\t\tId: pulumi.String(\"google-cloud-sdk\"),\n\t\t\t\t\t\tDisplayName: pulumi.String(\"Google Cloud SDK\"),\n\t\t\t\t\t\tBaseUrl: pulumi.String(\"https://packages.cloud.google.com/yum/repos/cloud-sdk-el7-x86_64\"),\n\t\t\t\t\t\tGpgKeys: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"https://packages.cloud.google.com/yum/doc/yum-key.gpg\"),\n\t\t\t\t\t\t\tpulumi.String(\"https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.osconfig.GuestPolicies;\nimport com.pulumi.gcp.osconfig.GuestPoliciesArgs;\nimport com.pulumi.gcp.osconfig.inputs.GuestPoliciesAssignmentArgs;\nimport com.pulumi.gcp.osconfig.inputs.GuestPoliciesPackageArgs;\nimport com.pulumi.gcp.osconfig.inputs.GuestPoliciesPackageRepositoryArgs;\nimport com.pulumi.gcp.osconfig.inputs.GuestPoliciesPackageRepositoryAptArgs;\nimport com.pulumi.gcp.osconfig.inputs.GuestPoliciesPackageRepositoryYumArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var guestPolicies = new GuestPolicies(\"guestPolicies\", GuestPoliciesArgs.builder()\n .guestPolicyId(\"guest-policy\")\n .assignment(GuestPoliciesAssignmentArgs.builder()\n .groupLabels( \n GuestPoliciesAssignmentGroupLabelArgs.builder()\n .labels(Map.ofEntries(\n Map.entry(\"color\", \"red\"),\n Map.entry(\"env\", \"test\")\n ))\n .build(),\n GuestPoliciesAssignmentGroupLabelArgs.builder()\n .labels(Map.ofEntries(\n Map.entry(\"color\", \"blue\"),\n Map.entry(\"env\", \"test\")\n ))\n .build())\n .build())\n .packages( \n GuestPoliciesPackageArgs.builder()\n .name(\"my-package\")\n .desiredState(\"INSTALLED\")\n .build(),\n GuestPoliciesPackageArgs.builder()\n .name(\"bad-package-1\")\n .desiredState(\"REMOVED\")\n .build(),\n GuestPoliciesPackageArgs.builder()\n .name(\"bad-package-2\")\n .desiredState(\"REMOVED\")\n .manager(\"APT\")\n .build())\n .packageRepositories( \n GuestPoliciesPackageRepositoryArgs.builder()\n .apt(GuestPoliciesPackageRepositoryAptArgs.builder()\n .uri(\"https://packages.cloud.google.com/apt\")\n .archiveType(\"DEB\")\n .distribution(\"cloud-sdk-stretch\")\n .components(\"main\")\n .build())\n .build(),\n GuestPoliciesPackageRepositoryArgs.builder()\n .yum(GuestPoliciesPackageRepositoryYumArgs.builder()\n .id(\"google-cloud-sdk\")\n .displayName(\"Google Cloud SDK\")\n .baseUrl(\"https://packages.cloud.google.com/yum/repos/cloud-sdk-el7-x86_64\")\n .gpgKeys( \n \"https://packages.cloud.google.com/yum/doc/yum-key.gpg\",\n \"https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n guestPolicies:\n type: gcp:osconfig:GuestPolicies\n name: guest_policies\n properties:\n guestPolicyId: guest-policy\n assignment:\n groupLabels:\n - labels:\n color: red\n env: test\n - labels:\n color: blue\n env: test\n packages:\n - name: my-package\n desiredState: INSTALLED\n - name: bad-package-1\n desiredState: REMOVED\n - name: bad-package-2\n desiredState: REMOVED\n manager: APT\n packageRepositories:\n - apt:\n uri: https://packages.cloud.google.com/apt\n archiveType: DEB\n distribution: cloud-sdk-stretch\n components:\n - main\n - yum:\n id: google-cloud-sdk\n displayName: Google Cloud SDK\n baseUrl: https://packages.cloud.google.com/yum/repos/cloud-sdk-el7-x86_64\n gpgKeys:\n - https://packages.cloud.google.com/yum/doc/yum-key.gpg\n - https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Os Config Guest Policies Recipes\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst guestPolicies = new gcp.osconfig.GuestPolicies(\"guest_policies\", {\n guestPolicyId: \"guest-policy\",\n assignment: {\n zones: [\n \"us-east1-b\",\n \"us-east1-d\",\n ],\n },\n recipes: [{\n name: \"guest-policy-recipe\",\n desiredState: \"INSTALLED\",\n artifacts: [{\n id: \"guest-policy-artifact-id\",\n gcs: {\n bucket: \"my-bucket\",\n object: \"executable.msi\",\n generation: 1546030865175603,\n },\n }],\n installSteps: [{\n msiInstallation: {\n artifactId: \"guest-policy-artifact-id\",\n },\n }],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nguest_policies = gcp.osconfig.GuestPolicies(\"guest_policies\",\n guest_policy_id=\"guest-policy\",\n assignment={\n \"zones\": [\n \"us-east1-b\",\n \"us-east1-d\",\n ],\n },\n recipes=[{\n \"name\": \"guest-policy-recipe\",\n \"desired_state\": \"INSTALLED\",\n \"artifacts\": [{\n \"id\": \"guest-policy-artifact-id\",\n \"gcs\": {\n \"bucket\": \"my-bucket\",\n \"object\": \"executable.msi\",\n \"generation\": 1546030865175603,\n },\n }],\n \"install_steps\": [{\n \"msi_installation\": {\n \"artifact_id\": \"guest-policy-artifact-id\",\n },\n }],\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var guestPolicies = new Gcp.OsConfig.GuestPolicies(\"guest_policies\", new()\n {\n GuestPolicyId = \"guest-policy\",\n Assignment = new Gcp.OsConfig.Inputs.GuestPoliciesAssignmentArgs\n {\n Zones = new[]\n {\n \"us-east1-b\",\n \"us-east1-d\",\n },\n },\n Recipes = new[]\n {\n new Gcp.OsConfig.Inputs.GuestPoliciesRecipeArgs\n {\n Name = \"guest-policy-recipe\",\n DesiredState = \"INSTALLED\",\n Artifacts = new[]\n {\n new Gcp.OsConfig.Inputs.GuestPoliciesRecipeArtifactArgs\n {\n Id = \"guest-policy-artifact-id\",\n Gcs = new Gcp.OsConfig.Inputs.GuestPoliciesRecipeArtifactGcsArgs\n {\n Bucket = \"my-bucket\",\n Object = \"executable.msi\",\n Generation = 1546030865175603,\n },\n },\n },\n InstallSteps = new[]\n {\n new Gcp.OsConfig.Inputs.GuestPoliciesRecipeInstallStepArgs\n {\n MsiInstallation = new Gcp.OsConfig.Inputs.GuestPoliciesRecipeInstallStepMsiInstallationArgs\n {\n ArtifactId = \"guest-policy-artifact-id\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/osconfig\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := osconfig.NewGuestPolicies(ctx, \"guest_policies\", \u0026osconfig.GuestPoliciesArgs{\n\t\t\tGuestPolicyId: pulumi.String(\"guest-policy\"),\n\t\t\tAssignment: \u0026osconfig.GuestPoliciesAssignmentArgs{\n\t\t\t\tZones: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"us-east1-b\"),\n\t\t\t\t\tpulumi.String(\"us-east1-d\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tRecipes: osconfig.GuestPoliciesRecipeArray{\n\t\t\t\t\u0026osconfig.GuestPoliciesRecipeArgs{\n\t\t\t\t\tName: pulumi.String(\"guest-policy-recipe\"),\n\t\t\t\t\tDesiredState: pulumi.String(\"INSTALLED\"),\n\t\t\t\t\tArtifacts: osconfig.GuestPoliciesRecipeArtifactArray{\n\t\t\t\t\t\t\u0026osconfig.GuestPoliciesRecipeArtifactArgs{\n\t\t\t\t\t\t\tId: pulumi.String(\"guest-policy-artifact-id\"),\n\t\t\t\t\t\t\tGcs: \u0026osconfig.GuestPoliciesRecipeArtifactGcsArgs{\n\t\t\t\t\t\t\t\tBucket: pulumi.String(\"my-bucket\"),\n\t\t\t\t\t\t\t\tObject: pulumi.String(\"executable.msi\"),\n\t\t\t\t\t\t\t\tGeneration: pulumi.Int(1546030865175603),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tInstallSteps: osconfig.GuestPoliciesRecipeInstallStepArray{\n\t\t\t\t\t\t\u0026osconfig.GuestPoliciesRecipeInstallStepArgs{\n\t\t\t\t\t\t\tMsiInstallation: \u0026osconfig.GuestPoliciesRecipeInstallStepMsiInstallationArgs{\n\t\t\t\t\t\t\t\tArtifactId: pulumi.String(\"guest-policy-artifact-id\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.osconfig.GuestPolicies;\nimport com.pulumi.gcp.osconfig.GuestPoliciesArgs;\nimport com.pulumi.gcp.osconfig.inputs.GuestPoliciesAssignmentArgs;\nimport com.pulumi.gcp.osconfig.inputs.GuestPoliciesRecipeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var guestPolicies = new GuestPolicies(\"guestPolicies\", GuestPoliciesArgs.builder()\n .guestPolicyId(\"guest-policy\")\n .assignment(GuestPoliciesAssignmentArgs.builder()\n .zones( \n \"us-east1-b\",\n \"us-east1-d\")\n .build())\n .recipes(GuestPoliciesRecipeArgs.builder()\n .name(\"guest-policy-recipe\")\n .desiredState(\"INSTALLED\")\n .artifacts(GuestPoliciesRecipeArtifactArgs.builder()\n .id(\"guest-policy-artifact-id\")\n .gcs(GuestPoliciesRecipeArtifactGcsArgs.builder()\n .bucket(\"my-bucket\")\n .object(\"executable.msi\")\n .generation(1546030865175603)\n .build())\n .build())\n .installSteps(GuestPoliciesRecipeInstallStepArgs.builder()\n .msiInstallation(GuestPoliciesRecipeInstallStepMsiInstallationArgs.builder()\n .artifactId(\"guest-policy-artifact-id\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n guestPolicies:\n type: gcp:osconfig:GuestPolicies\n name: guest_policies\n properties:\n guestPolicyId: guest-policy\n assignment:\n zones:\n - us-east1-b\n - us-east1-d\n recipes:\n - name: guest-policy-recipe\n desiredState: INSTALLED\n artifacts:\n - id: guest-policy-artifact-id\n gcs:\n bucket: my-bucket\n object: executable.msi\n generation: 1.546030865175603e+15\n installSteps:\n - msiInstallation:\n artifactId: guest-policy-artifact-id\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGuestPolicies can be imported using any of these accepted formats:\n\n* `projects/{{project}}/guestPolicies/{{guest_policy_id}}`\n\n* `{{project}}/{{guest_policy_id}}`\n\n* `{{guest_policy_id}}`\n\nWhen using the `pulumi import` command, GuestPolicies can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:osconfig/guestPolicies:GuestPolicies default projects/{{project}}/guestPolicies/{{guest_policy_id}}\n```\n\n```sh\n$ pulumi import gcp:osconfig/guestPolicies:GuestPolicies default {{project}}/{{guest_policy_id}}\n```\n\n```sh\n$ pulumi import gcp:osconfig/guestPolicies:GuestPolicies default {{guest_policy_id}}\n```\n\n", + "description": "An OS Config resource representing a guest configuration policy. These policies represent\nthe desired state for VM instance guest environments including packages to install or remove,\npackage repository configurations, and software to install.\n\nTo get more information about GuestPolicies, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/osconfig/rest)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/compute/docs/os-config-management)\n\n## Example Usage\n\n### Os Config Guest Policies Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst foobar = new gcp.compute.Instance(\"foobar\", {\n name: \"guest-policy-inst\",\n machineType: \"e2-medium\",\n zone: \"us-central1-a\",\n canIpForward: false,\n tags: [\n \"foo\",\n \"bar\",\n ],\n bootDisk: {\n initializeParams: {\n image: myImage.then(myImage =\u003e myImage.selfLink),\n },\n },\n networkInterfaces: [{\n network: \"default\",\n }],\n metadata: {\n foo: \"bar\",\n },\n});\nconst guestPolicies = new gcp.osconfig.GuestPolicies(\"guest_policies\", {\n guestPolicyId: \"guest-policy\",\n assignment: {\n instances: [foobar.id],\n },\n packages: [{\n name: \"my-package\",\n desiredState: \"UPDATED\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\nfoobar = gcp.compute.Instance(\"foobar\",\n name=\"guest-policy-inst\",\n machine_type=\"e2-medium\",\n zone=\"us-central1-a\",\n can_ip_forward=False,\n tags=[\n \"foo\",\n \"bar\",\n ],\n boot_disk={\n \"initialize_params\": {\n \"image\": my_image.self_link,\n },\n },\n network_interfaces=[{\n \"network\": \"default\",\n }],\n metadata={\n \"foo\": \"bar\",\n })\nguest_policies = gcp.osconfig.GuestPolicies(\"guest_policies\",\n guest_policy_id=\"guest-policy\",\n assignment={\n \"instances\": [foobar.id],\n },\n packages=[{\n \"name\": \"my-package\",\n \"desired_state\": \"UPDATED\",\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var foobar = new Gcp.Compute.Instance(\"foobar\", new()\n {\n Name = \"guest-policy-inst\",\n MachineType = \"e2-medium\",\n Zone = \"us-central1-a\",\n CanIpForward = false,\n Tags = new[]\n {\n \"foo\",\n \"bar\",\n },\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = myImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n },\n },\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs\n {\n Network = \"default\",\n },\n },\n Metadata = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n var guestPolicies = new Gcp.OsConfig.GuestPolicies(\"guest_policies\", new()\n {\n GuestPolicyId = \"guest-policy\",\n Assignment = new Gcp.OsConfig.Inputs.GuestPoliciesAssignmentArgs\n {\n Instances = new[]\n {\n foobar.Id,\n },\n },\n Packages = new[]\n {\n new Gcp.OsConfig.Inputs.GuestPoliciesPackageArgs\n {\n Name = \"my-package\",\n DesiredState = \"UPDATED\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/osconfig\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoobar, err := compute.NewInstance(ctx, \"foobar\", \u0026compute.InstanceArgs{\n\t\t\tName: pulumi.String(\"guest-policy-inst\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tCanIpForward: pulumi.Bool(false),\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"foo\"),\n\t\t\t\tpulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\n\t\t\t\t\tImage: pulumi.String(myImage.SelfLink),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworkInterfaces: compute.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tMetadata: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = osconfig.NewGuestPolicies(ctx, \"guest_policies\", \u0026osconfig.GuestPoliciesArgs{\n\t\t\tGuestPolicyId: pulumi.String(\"guest-policy\"),\n\t\t\tAssignment: \u0026osconfig.GuestPoliciesAssignmentArgs{\n\t\t\t\tInstances: pulumi.StringArray{\n\t\t\t\t\tfoobar.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPackages: osconfig.GuestPoliciesPackageArray{\n\t\t\t\t\u0026osconfig.GuestPoliciesPackageArgs{\n\t\t\t\t\tName: pulumi.String(\"my-package\"),\n\t\t\t\t\tDesiredState: pulumi.String(\"UPDATED\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;\nimport com.pulumi.gcp.osconfig.GuestPolicies;\nimport com.pulumi.gcp.osconfig.GuestPoliciesArgs;\nimport com.pulumi.gcp.osconfig.inputs.GuestPoliciesAssignmentArgs;\nimport com.pulumi.gcp.osconfig.inputs.GuestPoliciesPackageArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var foobar = new Instance(\"foobar\", InstanceArgs.builder()\n .name(\"guest-policy-inst\")\n .machineType(\"e2-medium\")\n .zone(\"us-central1-a\")\n .canIpForward(false)\n .tags( \n \"foo\",\n \"bar\")\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(myImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .build())\n .build())\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .network(\"default\")\n .build())\n .metadata(Map.of(\"foo\", \"bar\"))\n .build());\n\n var guestPolicies = new GuestPolicies(\"guestPolicies\", GuestPoliciesArgs.builder()\n .guestPolicyId(\"guest-policy\")\n .assignment(GuestPoliciesAssignmentArgs.builder()\n .instances(foobar.id())\n .build())\n .packages(GuestPoliciesPackageArgs.builder()\n .name(\"my-package\")\n .desiredState(\"UPDATED\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foobar:\n type: gcp:compute:Instance\n properties:\n name: guest-policy-inst\n machineType: e2-medium\n zone: us-central1-a\n canIpForward: false\n tags:\n - foo\n - bar\n bootDisk:\n initializeParams:\n image: ${myImage.selfLink}\n networkInterfaces:\n - network: default\n metadata:\n foo: bar\n guestPolicies:\n type: gcp:osconfig:GuestPolicies\n name: guest_policies\n properties:\n guestPolicyId: guest-policy\n assignment:\n instances:\n - ${foobar.id}\n packages:\n - name: my-package\n desiredState: UPDATED\nvariables:\n myImage:\n fn::invoke:\n function: gcp:compute:getImage\n arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Os Config Guest Policies Packages\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst guestPolicies = new gcp.osconfig.GuestPolicies(\"guest_policies\", {\n guestPolicyId: \"guest-policy\",\n assignment: {\n groupLabels: [\n {\n labels: {\n color: \"red\",\n env: \"test\",\n },\n },\n {\n labels: {\n color: \"blue\",\n env: \"test\",\n },\n },\n ],\n },\n packages: [\n {\n name: \"my-package\",\n desiredState: \"INSTALLED\",\n },\n {\n name: \"bad-package-1\",\n desiredState: \"REMOVED\",\n },\n {\n name: \"bad-package-2\",\n desiredState: \"REMOVED\",\n manager: \"APT\",\n },\n ],\n packageRepositories: [\n {\n apt: {\n uri: \"https://packages.cloud.google.com/apt\",\n archiveType: \"DEB\",\n distribution: \"cloud-sdk-stretch\",\n components: [\"main\"],\n },\n },\n {\n yum: {\n id: \"google-cloud-sdk\",\n displayName: \"Google Cloud SDK\",\n baseUrl: \"https://packages.cloud.google.com/yum/repos/cloud-sdk-el7-x86_64\",\n gpgKeys: [\n \"https://packages.cloud.google.com/yum/doc/yum-key.gpg\",\n \"https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg\",\n ],\n },\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nguest_policies = gcp.osconfig.GuestPolicies(\"guest_policies\",\n guest_policy_id=\"guest-policy\",\n assignment={\n \"group_labels\": [\n {\n \"labels\": {\n \"color\": \"red\",\n \"env\": \"test\",\n },\n },\n {\n \"labels\": {\n \"color\": \"blue\",\n \"env\": \"test\",\n },\n },\n ],\n },\n packages=[\n {\n \"name\": \"my-package\",\n \"desired_state\": \"INSTALLED\",\n },\n {\n \"name\": \"bad-package-1\",\n \"desired_state\": \"REMOVED\",\n },\n {\n \"name\": \"bad-package-2\",\n \"desired_state\": \"REMOVED\",\n \"manager\": \"APT\",\n },\n ],\n package_repositories=[\n {\n \"apt\": {\n \"uri\": \"https://packages.cloud.google.com/apt\",\n \"archive_type\": \"DEB\",\n \"distribution\": \"cloud-sdk-stretch\",\n \"components\": [\"main\"],\n },\n },\n {\n \"yum\": {\n \"id\": \"google-cloud-sdk\",\n \"display_name\": \"Google Cloud SDK\",\n \"base_url\": \"https://packages.cloud.google.com/yum/repos/cloud-sdk-el7-x86_64\",\n \"gpg_keys\": [\n \"https://packages.cloud.google.com/yum/doc/yum-key.gpg\",\n \"https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg\",\n ],\n },\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var guestPolicies = new Gcp.OsConfig.GuestPolicies(\"guest_policies\", new()\n {\n GuestPolicyId = \"guest-policy\",\n Assignment = new Gcp.OsConfig.Inputs.GuestPoliciesAssignmentArgs\n {\n GroupLabels = new[]\n {\n new Gcp.OsConfig.Inputs.GuestPoliciesAssignmentGroupLabelArgs\n {\n Labels = \n {\n { \"color\", \"red\" },\n { \"env\", \"test\" },\n },\n },\n new Gcp.OsConfig.Inputs.GuestPoliciesAssignmentGroupLabelArgs\n {\n Labels = \n {\n { \"color\", \"blue\" },\n { \"env\", \"test\" },\n },\n },\n },\n },\n Packages = new[]\n {\n new Gcp.OsConfig.Inputs.GuestPoliciesPackageArgs\n {\n Name = \"my-package\",\n DesiredState = \"INSTALLED\",\n },\n new Gcp.OsConfig.Inputs.GuestPoliciesPackageArgs\n {\n Name = \"bad-package-1\",\n DesiredState = \"REMOVED\",\n },\n new Gcp.OsConfig.Inputs.GuestPoliciesPackageArgs\n {\n Name = \"bad-package-2\",\n DesiredState = \"REMOVED\",\n Manager = \"APT\",\n },\n },\n PackageRepositories = new[]\n {\n new Gcp.OsConfig.Inputs.GuestPoliciesPackageRepositoryArgs\n {\n Apt = new Gcp.OsConfig.Inputs.GuestPoliciesPackageRepositoryAptArgs\n {\n Uri = \"https://packages.cloud.google.com/apt\",\n ArchiveType = \"DEB\",\n Distribution = \"cloud-sdk-stretch\",\n Components = new[]\n {\n \"main\",\n },\n },\n },\n new Gcp.OsConfig.Inputs.GuestPoliciesPackageRepositoryArgs\n {\n Yum = new Gcp.OsConfig.Inputs.GuestPoliciesPackageRepositoryYumArgs\n {\n Id = \"google-cloud-sdk\",\n DisplayName = \"Google Cloud SDK\",\n BaseUrl = \"https://packages.cloud.google.com/yum/repos/cloud-sdk-el7-x86_64\",\n GpgKeys = new[]\n {\n \"https://packages.cloud.google.com/yum/doc/yum-key.gpg\",\n \"https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/osconfig\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := osconfig.NewGuestPolicies(ctx, \"guest_policies\", \u0026osconfig.GuestPoliciesArgs{\n\t\t\tGuestPolicyId: pulumi.String(\"guest-policy\"),\n\t\t\tAssignment: \u0026osconfig.GuestPoliciesAssignmentArgs{\n\t\t\t\tGroupLabels: osconfig.GuestPoliciesAssignmentGroupLabelArray{\n\t\t\t\t\t\u0026osconfig.GuestPoliciesAssignmentGroupLabelArgs{\n\t\t\t\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\t\t\t\"color\": pulumi.String(\"red\"),\n\t\t\t\t\t\t\t\"env\": pulumi.String(\"test\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026osconfig.GuestPoliciesAssignmentGroupLabelArgs{\n\t\t\t\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\t\t\t\"color\": pulumi.String(\"blue\"),\n\t\t\t\t\t\t\t\"env\": pulumi.String(\"test\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tPackages: osconfig.GuestPoliciesPackageArray{\n\t\t\t\t\u0026osconfig.GuestPoliciesPackageArgs{\n\t\t\t\t\tName: pulumi.String(\"my-package\"),\n\t\t\t\t\tDesiredState: pulumi.String(\"INSTALLED\"),\n\t\t\t\t},\n\t\t\t\t\u0026osconfig.GuestPoliciesPackageArgs{\n\t\t\t\t\tName: pulumi.String(\"bad-package-1\"),\n\t\t\t\t\tDesiredState: pulumi.String(\"REMOVED\"),\n\t\t\t\t},\n\t\t\t\t\u0026osconfig.GuestPoliciesPackageArgs{\n\t\t\t\t\tName: pulumi.String(\"bad-package-2\"),\n\t\t\t\t\tDesiredState: pulumi.String(\"REMOVED\"),\n\t\t\t\t\tManager: pulumi.String(\"APT\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPackageRepositories: osconfig.GuestPoliciesPackageRepositoryArray{\n\t\t\t\t\u0026osconfig.GuestPoliciesPackageRepositoryArgs{\n\t\t\t\t\tApt: \u0026osconfig.GuestPoliciesPackageRepositoryAptArgs{\n\t\t\t\t\t\tUri: pulumi.String(\"https://packages.cloud.google.com/apt\"),\n\t\t\t\t\t\tArchiveType: pulumi.String(\"DEB\"),\n\t\t\t\t\t\tDistribution: pulumi.String(\"cloud-sdk-stretch\"),\n\t\t\t\t\t\tComponents: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"main\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026osconfig.GuestPoliciesPackageRepositoryArgs{\n\t\t\t\t\tYum: \u0026osconfig.GuestPoliciesPackageRepositoryYumArgs{\n\t\t\t\t\t\tId: pulumi.String(\"google-cloud-sdk\"),\n\t\t\t\t\t\tDisplayName: pulumi.String(\"Google Cloud SDK\"),\n\t\t\t\t\t\tBaseUrl: pulumi.String(\"https://packages.cloud.google.com/yum/repos/cloud-sdk-el7-x86_64\"),\n\t\t\t\t\t\tGpgKeys: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"https://packages.cloud.google.com/yum/doc/yum-key.gpg\"),\n\t\t\t\t\t\t\tpulumi.String(\"https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.osconfig.GuestPolicies;\nimport com.pulumi.gcp.osconfig.GuestPoliciesArgs;\nimport com.pulumi.gcp.osconfig.inputs.GuestPoliciesAssignmentArgs;\nimport com.pulumi.gcp.osconfig.inputs.GuestPoliciesPackageArgs;\nimport com.pulumi.gcp.osconfig.inputs.GuestPoliciesPackageRepositoryArgs;\nimport com.pulumi.gcp.osconfig.inputs.GuestPoliciesPackageRepositoryAptArgs;\nimport com.pulumi.gcp.osconfig.inputs.GuestPoliciesPackageRepositoryYumArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var guestPolicies = new GuestPolicies(\"guestPolicies\", GuestPoliciesArgs.builder()\n .guestPolicyId(\"guest-policy\")\n .assignment(GuestPoliciesAssignmentArgs.builder()\n .groupLabels( \n GuestPoliciesAssignmentGroupLabelArgs.builder()\n .labels(Map.ofEntries(\n Map.entry(\"color\", \"red\"),\n Map.entry(\"env\", \"test\")\n ))\n .build(),\n GuestPoliciesAssignmentGroupLabelArgs.builder()\n .labels(Map.ofEntries(\n Map.entry(\"color\", \"blue\"),\n Map.entry(\"env\", \"test\")\n ))\n .build())\n .build())\n .packages( \n GuestPoliciesPackageArgs.builder()\n .name(\"my-package\")\n .desiredState(\"INSTALLED\")\n .build(),\n GuestPoliciesPackageArgs.builder()\n .name(\"bad-package-1\")\n .desiredState(\"REMOVED\")\n .build(),\n GuestPoliciesPackageArgs.builder()\n .name(\"bad-package-2\")\n .desiredState(\"REMOVED\")\n .manager(\"APT\")\n .build())\n .packageRepositories( \n GuestPoliciesPackageRepositoryArgs.builder()\n .apt(GuestPoliciesPackageRepositoryAptArgs.builder()\n .uri(\"https://packages.cloud.google.com/apt\")\n .archiveType(\"DEB\")\n .distribution(\"cloud-sdk-stretch\")\n .components(\"main\")\n .build())\n .build(),\n GuestPoliciesPackageRepositoryArgs.builder()\n .yum(GuestPoliciesPackageRepositoryYumArgs.builder()\n .id(\"google-cloud-sdk\")\n .displayName(\"Google Cloud SDK\")\n .baseUrl(\"https://packages.cloud.google.com/yum/repos/cloud-sdk-el7-x86_64\")\n .gpgKeys( \n \"https://packages.cloud.google.com/yum/doc/yum-key.gpg\",\n \"https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n guestPolicies:\n type: gcp:osconfig:GuestPolicies\n name: guest_policies\n properties:\n guestPolicyId: guest-policy\n assignment:\n groupLabels:\n - labels:\n color: red\n env: test\n - labels:\n color: blue\n env: test\n packages:\n - name: my-package\n desiredState: INSTALLED\n - name: bad-package-1\n desiredState: REMOVED\n - name: bad-package-2\n desiredState: REMOVED\n manager: APT\n packageRepositories:\n - apt:\n uri: https://packages.cloud.google.com/apt\n archiveType: DEB\n distribution: cloud-sdk-stretch\n components:\n - main\n - yum:\n id: google-cloud-sdk\n displayName: Google Cloud SDK\n baseUrl: https://packages.cloud.google.com/yum/repos/cloud-sdk-el7-x86_64\n gpgKeys:\n - https://packages.cloud.google.com/yum/doc/yum-key.gpg\n - https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Os Config Guest Policies Recipes\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst guestPolicies = new gcp.osconfig.GuestPolicies(\"guest_policies\", {\n guestPolicyId: \"guest-policy\",\n assignment: {\n zones: [\n \"us-east1-b\",\n \"us-east1-d\",\n ],\n },\n recipes: [{\n name: \"guest-policy-recipe\",\n desiredState: \"INSTALLED\",\n artifacts: [{\n id: \"guest-policy-artifact-id\",\n gcs: {\n bucket: \"my-bucket\",\n object: \"executable.msi\",\n generation: 1546030865175603,\n },\n }],\n installSteps: [{\n msiInstallation: {\n artifactId: \"guest-policy-artifact-id\",\n },\n }],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nguest_policies = gcp.osconfig.GuestPolicies(\"guest_policies\",\n guest_policy_id=\"guest-policy\",\n assignment={\n \"zones\": [\n \"us-east1-b\",\n \"us-east1-d\",\n ],\n },\n recipes=[{\n \"name\": \"guest-policy-recipe\",\n \"desired_state\": \"INSTALLED\",\n \"artifacts\": [{\n \"id\": \"guest-policy-artifact-id\",\n \"gcs\": {\n \"bucket\": \"my-bucket\",\n \"object\": \"executable.msi\",\n \"generation\": 1546030865175603,\n },\n }],\n \"install_steps\": [{\n \"msi_installation\": {\n \"artifact_id\": \"guest-policy-artifact-id\",\n },\n }],\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var guestPolicies = new Gcp.OsConfig.GuestPolicies(\"guest_policies\", new()\n {\n GuestPolicyId = \"guest-policy\",\n Assignment = new Gcp.OsConfig.Inputs.GuestPoliciesAssignmentArgs\n {\n Zones = new[]\n {\n \"us-east1-b\",\n \"us-east1-d\",\n },\n },\n Recipes = new[]\n {\n new Gcp.OsConfig.Inputs.GuestPoliciesRecipeArgs\n {\n Name = \"guest-policy-recipe\",\n DesiredState = \"INSTALLED\",\n Artifacts = new[]\n {\n new Gcp.OsConfig.Inputs.GuestPoliciesRecipeArtifactArgs\n {\n Id = \"guest-policy-artifact-id\",\n Gcs = new Gcp.OsConfig.Inputs.GuestPoliciesRecipeArtifactGcsArgs\n {\n Bucket = \"my-bucket\",\n Object = \"executable.msi\",\n Generation = 1546030865175603,\n },\n },\n },\n InstallSteps = new[]\n {\n new Gcp.OsConfig.Inputs.GuestPoliciesRecipeInstallStepArgs\n {\n MsiInstallation = new Gcp.OsConfig.Inputs.GuestPoliciesRecipeInstallStepMsiInstallationArgs\n {\n ArtifactId = \"guest-policy-artifact-id\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/osconfig\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := osconfig.NewGuestPolicies(ctx, \"guest_policies\", \u0026osconfig.GuestPoliciesArgs{\n\t\t\tGuestPolicyId: pulumi.String(\"guest-policy\"),\n\t\t\tAssignment: \u0026osconfig.GuestPoliciesAssignmentArgs{\n\t\t\t\tZones: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"us-east1-b\"),\n\t\t\t\t\tpulumi.String(\"us-east1-d\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tRecipes: osconfig.GuestPoliciesRecipeArray{\n\t\t\t\t\u0026osconfig.GuestPoliciesRecipeArgs{\n\t\t\t\t\tName: pulumi.String(\"guest-policy-recipe\"),\n\t\t\t\t\tDesiredState: pulumi.String(\"INSTALLED\"),\n\t\t\t\t\tArtifacts: osconfig.GuestPoliciesRecipeArtifactArray{\n\t\t\t\t\t\t\u0026osconfig.GuestPoliciesRecipeArtifactArgs{\n\t\t\t\t\t\t\tId: pulumi.String(\"guest-policy-artifact-id\"),\n\t\t\t\t\t\t\tGcs: \u0026osconfig.GuestPoliciesRecipeArtifactGcsArgs{\n\t\t\t\t\t\t\t\tBucket: pulumi.String(\"my-bucket\"),\n\t\t\t\t\t\t\t\tObject: pulumi.String(\"executable.msi\"),\n\t\t\t\t\t\t\t\tGeneration: pulumi.Int(1546030865175603),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tInstallSteps: osconfig.GuestPoliciesRecipeInstallStepArray{\n\t\t\t\t\t\t\u0026osconfig.GuestPoliciesRecipeInstallStepArgs{\n\t\t\t\t\t\t\tMsiInstallation: \u0026osconfig.GuestPoliciesRecipeInstallStepMsiInstallationArgs{\n\t\t\t\t\t\t\t\tArtifactId: pulumi.String(\"guest-policy-artifact-id\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.osconfig.GuestPolicies;\nimport com.pulumi.gcp.osconfig.GuestPoliciesArgs;\nimport com.pulumi.gcp.osconfig.inputs.GuestPoliciesAssignmentArgs;\nimport com.pulumi.gcp.osconfig.inputs.GuestPoliciesRecipeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var guestPolicies = new GuestPolicies(\"guestPolicies\", GuestPoliciesArgs.builder()\n .guestPolicyId(\"guest-policy\")\n .assignment(GuestPoliciesAssignmentArgs.builder()\n .zones( \n \"us-east1-b\",\n \"us-east1-d\")\n .build())\n .recipes(GuestPoliciesRecipeArgs.builder()\n .name(\"guest-policy-recipe\")\n .desiredState(\"INSTALLED\")\n .artifacts(GuestPoliciesRecipeArtifactArgs.builder()\n .id(\"guest-policy-artifact-id\")\n .gcs(GuestPoliciesRecipeArtifactGcsArgs.builder()\n .bucket(\"my-bucket\")\n .object(\"executable.msi\")\n .generation(1546030865175603)\n .build())\n .build())\n .installSteps(GuestPoliciesRecipeInstallStepArgs.builder()\n .msiInstallation(GuestPoliciesRecipeInstallStepMsiInstallationArgs.builder()\n .artifactId(\"guest-policy-artifact-id\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n guestPolicies:\n type: gcp:osconfig:GuestPolicies\n name: guest_policies\n properties:\n guestPolicyId: guest-policy\n assignment:\n zones:\n - us-east1-b\n - us-east1-d\n recipes:\n - name: guest-policy-recipe\n desiredState: INSTALLED\n artifacts:\n - id: guest-policy-artifact-id\n gcs:\n bucket: my-bucket\n object: executable.msi\n generation: 1.546030865175603e+15\n installSteps:\n - msiInstallation:\n artifactId: guest-policy-artifact-id\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGuestPolicies can be imported using any of these accepted formats:\n\n* `projects/{{project}}/guestPolicies/{{guest_policy_id}}`\n\n* `{{project}}/{{guest_policy_id}}`\n\n* `{{guest_policy_id}}`\n\nWhen using the `pulumi import` command, GuestPolicies can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:osconfig/guestPolicies:GuestPolicies default projects/{{project}}/guestPolicies/{{guest_policy_id}}\n```\n\n```sh\n$ pulumi import gcp:osconfig/guestPolicies:GuestPolicies default {{project}}/{{guest_policy_id}}\n```\n\n```sh\n$ pulumi import gcp:osconfig/guestPolicies:GuestPolicies default {{guest_policy_id}}\n```\n\n", "properties": { "assignment": { "$ref": "#/types/gcp:osconfig/GuestPoliciesAssignment:GuestPoliciesAssignment", @@ -250816,7 +250816,7 @@ } }, "gcp:osconfig/patchDeployment:PatchDeployment": { - "description": "Patch deployments are configurations that individual patch jobs use to complete a patch.\nThese configurations include instance filter, package repository settings, and a schedule.\n\n\nTo get more information about PatchDeployment, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/osconfig/rest)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/compute/docs/os-patch-management)\n\n## Example Usage\n\n### Os Config Patch Deployment Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst patch = new gcp.osconfig.PatchDeployment(\"patch\", {\n patchDeploymentId: \"patch-deploy\",\n instanceFilter: {\n all: true,\n },\n oneTimeSchedule: {\n executeTime: \"2999-10-10T10:10:10.045123456Z\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npatch = gcp.osconfig.PatchDeployment(\"patch\",\n patch_deployment_id=\"patch-deploy\",\n instance_filter={\n \"all\": True,\n },\n one_time_schedule={\n \"execute_time\": \"2999-10-10T10:10:10.045123456Z\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var patch = new Gcp.OsConfig.PatchDeployment(\"patch\", new()\n {\n PatchDeploymentId = \"patch-deploy\",\n InstanceFilter = new Gcp.OsConfig.Inputs.PatchDeploymentInstanceFilterArgs\n {\n All = true,\n },\n OneTimeSchedule = new Gcp.OsConfig.Inputs.PatchDeploymentOneTimeScheduleArgs\n {\n ExecuteTime = \"2999-10-10T10:10:10.045123456Z\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/osconfig\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := osconfig.NewPatchDeployment(ctx, \"patch\", \u0026osconfig.PatchDeploymentArgs{\n\t\t\tPatchDeploymentId: pulumi.String(\"patch-deploy\"),\n\t\t\tInstanceFilter: \u0026osconfig.PatchDeploymentInstanceFilterArgs{\n\t\t\t\tAll: pulumi.Bool(true),\n\t\t\t},\n\t\t\tOneTimeSchedule: \u0026osconfig.PatchDeploymentOneTimeScheduleArgs{\n\t\t\t\tExecuteTime: pulumi.String(\"2999-10-10T10:10:10.045123456Z\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.osconfig.PatchDeployment;\nimport com.pulumi.gcp.osconfig.PatchDeploymentArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentInstanceFilterArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentOneTimeScheduleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var patch = new PatchDeployment(\"patch\", PatchDeploymentArgs.builder()\n .patchDeploymentId(\"patch-deploy\")\n .instanceFilter(PatchDeploymentInstanceFilterArgs.builder()\n .all(true)\n .build())\n .oneTimeSchedule(PatchDeploymentOneTimeScheduleArgs.builder()\n .executeTime(\"2999-10-10T10:10:10.045123456Z\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n patch:\n type: gcp:osconfig:PatchDeployment\n properties:\n patchDeploymentId: patch-deploy\n instanceFilter:\n all: true\n oneTimeSchedule:\n executeTime: 2999-10-10T10:10:10.045123456Z\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Os Config Patch Deployment Daily\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst patch = new gcp.osconfig.PatchDeployment(\"patch\", {\n patchDeploymentId: \"patch-deploy\",\n instanceFilter: {\n all: true,\n },\n recurringSchedule: {\n timeZone: {\n id: \"America/New_York\",\n },\n timeOfDay: {\n hours: 0,\n minutes: 30,\n seconds: 30,\n nanos: 20,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npatch = gcp.osconfig.PatchDeployment(\"patch\",\n patch_deployment_id=\"patch-deploy\",\n instance_filter={\n \"all\": True,\n },\n recurring_schedule={\n \"time_zone\": {\n \"id\": \"America/New_York\",\n },\n \"time_of_day\": {\n \"hours\": 0,\n \"minutes\": 30,\n \"seconds\": 30,\n \"nanos\": 20,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var patch = new Gcp.OsConfig.PatchDeployment(\"patch\", new()\n {\n PatchDeploymentId = \"patch-deploy\",\n InstanceFilter = new Gcp.OsConfig.Inputs.PatchDeploymentInstanceFilterArgs\n {\n All = true,\n },\n RecurringSchedule = new Gcp.OsConfig.Inputs.PatchDeploymentRecurringScheduleArgs\n {\n TimeZone = new Gcp.OsConfig.Inputs.PatchDeploymentRecurringScheduleTimeZoneArgs\n {\n Id = \"America/New_York\",\n },\n TimeOfDay = new Gcp.OsConfig.Inputs.PatchDeploymentRecurringScheduleTimeOfDayArgs\n {\n Hours = 0,\n Minutes = 30,\n Seconds = 30,\n Nanos = 20,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/osconfig\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := osconfig.NewPatchDeployment(ctx, \"patch\", \u0026osconfig.PatchDeploymentArgs{\n\t\t\tPatchDeploymentId: pulumi.String(\"patch-deploy\"),\n\t\t\tInstanceFilter: \u0026osconfig.PatchDeploymentInstanceFilterArgs{\n\t\t\t\tAll: pulumi.Bool(true),\n\t\t\t},\n\t\t\tRecurringSchedule: \u0026osconfig.PatchDeploymentRecurringScheduleArgs{\n\t\t\t\tTimeZone: \u0026osconfig.PatchDeploymentRecurringScheduleTimeZoneArgs{\n\t\t\t\t\tId: pulumi.String(\"America/New_York\"),\n\t\t\t\t},\n\t\t\t\tTimeOfDay: \u0026osconfig.PatchDeploymentRecurringScheduleTimeOfDayArgs{\n\t\t\t\t\tHours: pulumi.Int(0),\n\t\t\t\t\tMinutes: pulumi.Int(30),\n\t\t\t\t\tSeconds: pulumi.Int(30),\n\t\t\t\t\tNanos: pulumi.Int(20),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.osconfig.PatchDeployment;\nimport com.pulumi.gcp.osconfig.PatchDeploymentArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentInstanceFilterArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentRecurringScheduleArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentRecurringScheduleTimeZoneArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentRecurringScheduleTimeOfDayArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var patch = new PatchDeployment(\"patch\", PatchDeploymentArgs.builder()\n .patchDeploymentId(\"patch-deploy\")\n .instanceFilter(PatchDeploymentInstanceFilterArgs.builder()\n .all(true)\n .build())\n .recurringSchedule(PatchDeploymentRecurringScheduleArgs.builder()\n .timeZone(PatchDeploymentRecurringScheduleTimeZoneArgs.builder()\n .id(\"America/New_York\")\n .build())\n .timeOfDay(PatchDeploymentRecurringScheduleTimeOfDayArgs.builder()\n .hours(0)\n .minutes(30)\n .seconds(30)\n .nanos(20)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n patch:\n type: gcp:osconfig:PatchDeployment\n properties:\n patchDeploymentId: patch-deploy\n instanceFilter:\n all: true\n recurringSchedule:\n timeZone:\n id: America/New_York\n timeOfDay:\n hours: 0\n minutes: 30\n seconds: 30\n nanos: 20\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Os Config Patch Deployment Daily Midnight\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst patch = new gcp.osconfig.PatchDeployment(\"patch\", {\n patchDeploymentId: \"patch-deploy\",\n instanceFilter: {\n all: true,\n },\n recurringSchedule: {\n timeZone: {\n id: \"America/New_York\",\n },\n timeOfDay: {\n hours: 0,\n minutes: 0,\n seconds: 0,\n nanos: 0,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npatch = gcp.osconfig.PatchDeployment(\"patch\",\n patch_deployment_id=\"patch-deploy\",\n instance_filter={\n \"all\": True,\n },\n recurring_schedule={\n \"time_zone\": {\n \"id\": \"America/New_York\",\n },\n \"time_of_day\": {\n \"hours\": 0,\n \"minutes\": 0,\n \"seconds\": 0,\n \"nanos\": 0,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var patch = new Gcp.OsConfig.PatchDeployment(\"patch\", new()\n {\n PatchDeploymentId = \"patch-deploy\",\n InstanceFilter = new Gcp.OsConfig.Inputs.PatchDeploymentInstanceFilterArgs\n {\n All = true,\n },\n RecurringSchedule = new Gcp.OsConfig.Inputs.PatchDeploymentRecurringScheduleArgs\n {\n TimeZone = new Gcp.OsConfig.Inputs.PatchDeploymentRecurringScheduleTimeZoneArgs\n {\n Id = \"America/New_York\",\n },\n TimeOfDay = new Gcp.OsConfig.Inputs.PatchDeploymentRecurringScheduleTimeOfDayArgs\n {\n Hours = 0,\n Minutes = 0,\n Seconds = 0,\n Nanos = 0,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/osconfig\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := osconfig.NewPatchDeployment(ctx, \"patch\", \u0026osconfig.PatchDeploymentArgs{\n\t\t\tPatchDeploymentId: pulumi.String(\"patch-deploy\"),\n\t\t\tInstanceFilter: \u0026osconfig.PatchDeploymentInstanceFilterArgs{\n\t\t\t\tAll: pulumi.Bool(true),\n\t\t\t},\n\t\t\tRecurringSchedule: \u0026osconfig.PatchDeploymentRecurringScheduleArgs{\n\t\t\t\tTimeZone: \u0026osconfig.PatchDeploymentRecurringScheduleTimeZoneArgs{\n\t\t\t\t\tId: pulumi.String(\"America/New_York\"),\n\t\t\t\t},\n\t\t\t\tTimeOfDay: \u0026osconfig.PatchDeploymentRecurringScheduleTimeOfDayArgs{\n\t\t\t\t\tHours: pulumi.Int(0),\n\t\t\t\t\tMinutes: pulumi.Int(0),\n\t\t\t\t\tSeconds: pulumi.Int(0),\n\t\t\t\t\tNanos: pulumi.Int(0),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.osconfig.PatchDeployment;\nimport com.pulumi.gcp.osconfig.PatchDeploymentArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentInstanceFilterArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentRecurringScheduleArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentRecurringScheduleTimeZoneArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentRecurringScheduleTimeOfDayArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var patch = new PatchDeployment(\"patch\", PatchDeploymentArgs.builder()\n .patchDeploymentId(\"patch-deploy\")\n .instanceFilter(PatchDeploymentInstanceFilterArgs.builder()\n .all(true)\n .build())\n .recurringSchedule(PatchDeploymentRecurringScheduleArgs.builder()\n .timeZone(PatchDeploymentRecurringScheduleTimeZoneArgs.builder()\n .id(\"America/New_York\")\n .build())\n .timeOfDay(PatchDeploymentRecurringScheduleTimeOfDayArgs.builder()\n .hours(0)\n .minutes(0)\n .seconds(0)\n .nanos(0)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n patch:\n type: gcp:osconfig:PatchDeployment\n properties:\n patchDeploymentId: patch-deploy\n instanceFilter:\n all: true\n recurringSchedule:\n timeZone:\n id: America/New_York\n timeOfDay:\n hours: 0\n minutes: 0\n seconds: 0\n nanos: 0\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Os Config Patch Deployment Instance\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst foobar = new gcp.compute.Instance(\"foobar\", {\n name: \"patch-deploy-inst\",\n machineType: \"e2-medium\",\n zone: \"us-central1-a\",\n canIpForward: false,\n tags: [\n \"foo\",\n \"bar\",\n ],\n bootDisk: {\n initializeParams: {\n image: myImage.then(myImage =\u003e myImage.selfLink),\n },\n },\n networkInterfaces: [{\n network: \"default\",\n }],\n metadata: {\n foo: \"bar\",\n },\n});\nconst patch = new gcp.osconfig.PatchDeployment(\"patch\", {\n patchDeploymentId: \"patch-deploy\",\n instanceFilter: {\n instances: [foobar.id],\n },\n patchConfig: {\n yum: {\n security: true,\n minimal: true,\n excludes: [\"bash\"],\n },\n },\n recurringSchedule: {\n timeZone: {\n id: \"America/New_York\",\n },\n timeOfDay: {\n hours: 0,\n minutes: 30,\n seconds: 30,\n nanos: 20,\n },\n monthly: {\n monthDay: 1,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\nfoobar = gcp.compute.Instance(\"foobar\",\n name=\"patch-deploy-inst\",\n machine_type=\"e2-medium\",\n zone=\"us-central1-a\",\n can_ip_forward=False,\n tags=[\n \"foo\",\n \"bar\",\n ],\n boot_disk={\n \"initialize_params\": {\n \"image\": my_image.self_link,\n },\n },\n network_interfaces=[{\n \"network\": \"default\",\n }],\n metadata={\n \"foo\": \"bar\",\n })\npatch = gcp.osconfig.PatchDeployment(\"patch\",\n patch_deployment_id=\"patch-deploy\",\n instance_filter={\n \"instances\": [foobar.id],\n },\n patch_config={\n \"yum\": {\n \"security\": True,\n \"minimal\": True,\n \"excludes\": [\"bash\"],\n },\n },\n recurring_schedule={\n \"time_zone\": {\n \"id\": \"America/New_York\",\n },\n \"time_of_day\": {\n \"hours\": 0,\n \"minutes\": 30,\n \"seconds\": 30,\n \"nanos\": 20,\n },\n \"monthly\": {\n \"month_day\": 1,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var foobar = new Gcp.Compute.Instance(\"foobar\", new()\n {\n Name = \"patch-deploy-inst\",\n MachineType = \"e2-medium\",\n Zone = \"us-central1-a\",\n CanIpForward = false,\n Tags = new[]\n {\n \"foo\",\n \"bar\",\n },\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = myImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n },\n },\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs\n {\n Network = \"default\",\n },\n },\n Metadata = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n var patch = new Gcp.OsConfig.PatchDeployment(\"patch\", new()\n {\n PatchDeploymentId = \"patch-deploy\",\n InstanceFilter = new Gcp.OsConfig.Inputs.PatchDeploymentInstanceFilterArgs\n {\n Instances = new[]\n {\n foobar.Id,\n },\n },\n PatchConfig = new Gcp.OsConfig.Inputs.PatchDeploymentPatchConfigArgs\n {\n Yum = new Gcp.OsConfig.Inputs.PatchDeploymentPatchConfigYumArgs\n {\n Security = true,\n Minimal = true,\n Excludes = new[]\n {\n \"bash\",\n },\n },\n },\n RecurringSchedule = new Gcp.OsConfig.Inputs.PatchDeploymentRecurringScheduleArgs\n {\n TimeZone = new Gcp.OsConfig.Inputs.PatchDeploymentRecurringScheduleTimeZoneArgs\n {\n Id = \"America/New_York\",\n },\n TimeOfDay = new Gcp.OsConfig.Inputs.PatchDeploymentRecurringScheduleTimeOfDayArgs\n {\n Hours = 0,\n Minutes = 30,\n Seconds = 30,\n Nanos = 20,\n },\n Monthly = new Gcp.OsConfig.Inputs.PatchDeploymentRecurringScheduleMonthlyArgs\n {\n MonthDay = 1,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/osconfig\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoobar, err := compute.NewInstance(ctx, \"foobar\", \u0026compute.InstanceArgs{\n\t\t\tName: pulumi.String(\"patch-deploy-inst\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tCanIpForward: pulumi.Bool(false),\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"foo\"),\n\t\t\t\tpulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\n\t\t\t\t\tImage: pulumi.String(myImage.SelfLink),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworkInterfaces: compute.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tMetadata: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = osconfig.NewPatchDeployment(ctx, \"patch\", \u0026osconfig.PatchDeploymentArgs{\n\t\t\tPatchDeploymentId: pulumi.String(\"patch-deploy\"),\n\t\t\tInstanceFilter: \u0026osconfig.PatchDeploymentInstanceFilterArgs{\n\t\t\t\tInstances: pulumi.StringArray{\n\t\t\t\t\tfoobar.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPatchConfig: \u0026osconfig.PatchDeploymentPatchConfigArgs{\n\t\t\t\tYum: \u0026osconfig.PatchDeploymentPatchConfigYumArgs{\n\t\t\t\t\tSecurity: pulumi.Bool(true),\n\t\t\t\t\tMinimal: pulumi.Bool(true),\n\t\t\t\t\tExcludes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"bash\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tRecurringSchedule: \u0026osconfig.PatchDeploymentRecurringScheduleArgs{\n\t\t\t\tTimeZone: \u0026osconfig.PatchDeploymentRecurringScheduleTimeZoneArgs{\n\t\t\t\t\tId: pulumi.String(\"America/New_York\"),\n\t\t\t\t},\n\t\t\t\tTimeOfDay: \u0026osconfig.PatchDeploymentRecurringScheduleTimeOfDayArgs{\n\t\t\t\t\tHours: pulumi.Int(0),\n\t\t\t\t\tMinutes: pulumi.Int(30),\n\t\t\t\t\tSeconds: pulumi.Int(30),\n\t\t\t\t\tNanos: pulumi.Int(20),\n\t\t\t\t},\n\t\t\t\tMonthly: \u0026osconfig.PatchDeploymentRecurringScheduleMonthlyArgs{\n\t\t\t\t\tMonthDay: pulumi.Int(1),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;\nimport com.pulumi.gcp.osconfig.PatchDeployment;\nimport com.pulumi.gcp.osconfig.PatchDeploymentArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentInstanceFilterArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentPatchConfigArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentPatchConfigYumArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentRecurringScheduleArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentRecurringScheduleTimeZoneArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentRecurringScheduleTimeOfDayArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentRecurringScheduleMonthlyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var foobar = new Instance(\"foobar\", InstanceArgs.builder()\n .name(\"patch-deploy-inst\")\n .machineType(\"e2-medium\")\n .zone(\"us-central1-a\")\n .canIpForward(false)\n .tags( \n \"foo\",\n \"bar\")\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(myImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .build())\n .build())\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .network(\"default\")\n .build())\n .metadata(Map.of(\"foo\", \"bar\"))\n .build());\n\n var patch = new PatchDeployment(\"patch\", PatchDeploymentArgs.builder()\n .patchDeploymentId(\"patch-deploy\")\n .instanceFilter(PatchDeploymentInstanceFilterArgs.builder()\n .instances(foobar.id())\n .build())\n .patchConfig(PatchDeploymentPatchConfigArgs.builder()\n .yum(PatchDeploymentPatchConfigYumArgs.builder()\n .security(true)\n .minimal(true)\n .excludes(\"bash\")\n .build())\n .build())\n .recurringSchedule(PatchDeploymentRecurringScheduleArgs.builder()\n .timeZone(PatchDeploymentRecurringScheduleTimeZoneArgs.builder()\n .id(\"America/New_York\")\n .build())\n .timeOfDay(PatchDeploymentRecurringScheduleTimeOfDayArgs.builder()\n .hours(0)\n .minutes(30)\n .seconds(30)\n .nanos(20)\n .build())\n .monthly(PatchDeploymentRecurringScheduleMonthlyArgs.builder()\n .monthDay(1)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foobar:\n type: gcp:compute:Instance\n properties:\n name: patch-deploy-inst\n machineType: e2-medium\n zone: us-central1-a\n canIpForward: false\n tags:\n - foo\n - bar\n bootDisk:\n initializeParams:\n image: ${myImage.selfLink}\n networkInterfaces:\n - network: default\n metadata:\n foo: bar\n patch:\n type: gcp:osconfig:PatchDeployment\n properties:\n patchDeploymentId: patch-deploy\n instanceFilter:\n instances:\n - ${foobar.id}\n patchConfig:\n yum:\n security: true\n minimal: true\n excludes:\n - bash\n recurringSchedule:\n timeZone:\n id: America/New_York\n timeOfDay:\n hours: 0\n minutes: 30\n seconds: 30\n nanos: 20\n monthly:\n monthDay: 1\nvariables:\n myImage:\n fn::invoke:\n Function: gcp:compute:getImage\n Arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Os Config Patch Deployment Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst patch = new gcp.osconfig.PatchDeployment(\"patch\", {\n patchDeploymentId: \"patch-deploy\",\n instanceFilter: {\n groupLabels: [{\n labels: {\n env: \"dev\",\n app: \"web\",\n },\n }],\n instanceNamePrefixes: [\"test-\"],\n zones: [\n \"us-central1-a\",\n \"us-central-1c\",\n ],\n },\n patchConfig: {\n migInstancesAllowed: true,\n rebootConfig: \"ALWAYS\",\n apt: {\n type: \"DIST\",\n excludes: [\"python\"],\n },\n yum: {\n security: true,\n minimal: true,\n excludes: [\"bash\"],\n },\n goo: {\n enabled: true,\n },\n zypper: {\n categories: [\"security\"],\n },\n windowsUpdate: {\n classifications: [\n \"CRITICAL\",\n \"SECURITY\",\n \"UPDATE\",\n ],\n excludes: [\"5012170\"],\n },\n preStep: {\n linuxExecStepConfig: {\n allowedSuccessCodes: [\n 0,\n 3,\n ],\n localPath: \"/tmp/pre_patch_script.sh\",\n },\n windowsExecStepConfig: {\n interpreter: \"SHELL\",\n allowedSuccessCodes: [\n 0,\n 2,\n ],\n localPath: \"C:\\\\Users\\\\user\\\\pre-patch-script.cmd\",\n },\n },\n postStep: {\n linuxExecStepConfig: {\n gcsObject: {\n bucket: \"my-patch-scripts\",\n generationNumber: \"1523477886880\",\n object: \"linux/post_patch_script\",\n },\n },\n windowsExecStepConfig: {\n interpreter: \"POWERSHELL\",\n gcsObject: {\n bucket: \"my-patch-scripts\",\n generationNumber: \"135920493447\",\n object: \"windows/post_patch_script.ps1\",\n },\n },\n },\n },\n duration: \"10s\",\n recurringSchedule: {\n timeZone: {\n id: \"America/New_York\",\n },\n timeOfDay: {\n hours: 0,\n minutes: 30,\n seconds: 30,\n nanos: 20,\n },\n monthly: {\n weekDayOfMonth: {\n weekOrdinal: -1,\n dayOfWeek: \"TUESDAY\",\n dayOffset: 3,\n },\n },\n },\n rollout: {\n mode: \"ZONE_BY_ZONE\",\n disruptionBudget: {\n fixed: 1,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npatch = gcp.osconfig.PatchDeployment(\"patch\",\n patch_deployment_id=\"patch-deploy\",\n instance_filter={\n \"group_labels\": [{\n \"labels\": {\n \"env\": \"dev\",\n \"app\": \"web\",\n },\n }],\n \"instance_name_prefixes\": [\"test-\"],\n \"zones\": [\n \"us-central1-a\",\n \"us-central-1c\",\n ],\n },\n patch_config={\n \"mig_instances_allowed\": True,\n \"reboot_config\": \"ALWAYS\",\n \"apt\": {\n \"type\": \"DIST\",\n \"excludes\": [\"python\"],\n },\n \"yum\": {\n \"security\": True,\n \"minimal\": True,\n \"excludes\": [\"bash\"],\n },\n \"goo\": {\n \"enabled\": True,\n },\n \"zypper\": {\n \"categories\": [\"security\"],\n },\n \"windows_update\": {\n \"classifications\": [\n \"CRITICAL\",\n \"SECURITY\",\n \"UPDATE\",\n ],\n \"excludes\": [\"5012170\"],\n },\n \"pre_step\": {\n \"linux_exec_step_config\": {\n \"allowed_success_codes\": [\n 0,\n 3,\n ],\n \"local_path\": \"/tmp/pre_patch_script.sh\",\n },\n \"windows_exec_step_config\": {\n \"interpreter\": \"SHELL\",\n \"allowed_success_codes\": [\n 0,\n 2,\n ],\n \"local_path\": \"C:\\\\Users\\\\user\\\\pre-patch-script.cmd\",\n },\n },\n \"post_step\": {\n \"linux_exec_step_config\": {\n \"gcs_object\": {\n \"bucket\": \"my-patch-scripts\",\n \"generation_number\": \"1523477886880\",\n \"object\": \"linux/post_patch_script\",\n },\n },\n \"windows_exec_step_config\": {\n \"interpreter\": \"POWERSHELL\",\n \"gcs_object\": {\n \"bucket\": \"my-patch-scripts\",\n \"generation_number\": \"135920493447\",\n \"object\": \"windows/post_patch_script.ps1\",\n },\n },\n },\n },\n duration=\"10s\",\n recurring_schedule={\n \"time_zone\": {\n \"id\": \"America/New_York\",\n },\n \"time_of_day\": {\n \"hours\": 0,\n \"minutes\": 30,\n \"seconds\": 30,\n \"nanos\": 20,\n },\n \"monthly\": {\n \"week_day_of_month\": {\n \"week_ordinal\": -1,\n \"day_of_week\": \"TUESDAY\",\n \"day_offset\": 3,\n },\n },\n },\n rollout={\n \"mode\": \"ZONE_BY_ZONE\",\n \"disruption_budget\": {\n \"fixed\": 1,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var patch = new Gcp.OsConfig.PatchDeployment(\"patch\", new()\n {\n PatchDeploymentId = \"patch-deploy\",\n InstanceFilter = new Gcp.OsConfig.Inputs.PatchDeploymentInstanceFilterArgs\n {\n GroupLabels = new[]\n {\n new Gcp.OsConfig.Inputs.PatchDeploymentInstanceFilterGroupLabelArgs\n {\n Labels = \n {\n { \"env\", \"dev\" },\n { \"app\", \"web\" },\n },\n },\n },\n InstanceNamePrefixes = new[]\n {\n \"test-\",\n },\n Zones = new[]\n {\n \"us-central1-a\",\n \"us-central-1c\",\n },\n },\n PatchConfig = new Gcp.OsConfig.Inputs.PatchDeploymentPatchConfigArgs\n {\n MigInstancesAllowed = true,\n RebootConfig = \"ALWAYS\",\n Apt = new Gcp.OsConfig.Inputs.PatchDeploymentPatchConfigAptArgs\n {\n Type = \"DIST\",\n Excludes = new[]\n {\n \"python\",\n },\n },\n Yum = new Gcp.OsConfig.Inputs.PatchDeploymentPatchConfigYumArgs\n {\n Security = true,\n Minimal = true,\n Excludes = new[]\n {\n \"bash\",\n },\n },\n Goo = new Gcp.OsConfig.Inputs.PatchDeploymentPatchConfigGooArgs\n {\n Enabled = true,\n },\n Zypper = new Gcp.OsConfig.Inputs.PatchDeploymentPatchConfigZypperArgs\n {\n Categories = new[]\n {\n \"security\",\n },\n },\n WindowsUpdate = new Gcp.OsConfig.Inputs.PatchDeploymentPatchConfigWindowsUpdateArgs\n {\n Classifications = new[]\n {\n \"CRITICAL\",\n \"SECURITY\",\n \"UPDATE\",\n },\n Excludes = new[]\n {\n \"5012170\",\n },\n },\n PreStep = new Gcp.OsConfig.Inputs.PatchDeploymentPatchConfigPreStepArgs\n {\n LinuxExecStepConfig = new Gcp.OsConfig.Inputs.PatchDeploymentPatchConfigPreStepLinuxExecStepConfigArgs\n {\n AllowedSuccessCodes = new[]\n {\n 0,\n 3,\n },\n LocalPath = \"/tmp/pre_patch_script.sh\",\n },\n WindowsExecStepConfig = new Gcp.OsConfig.Inputs.PatchDeploymentPatchConfigPreStepWindowsExecStepConfigArgs\n {\n Interpreter = \"SHELL\",\n AllowedSuccessCodes = new[]\n {\n 0,\n 2,\n },\n LocalPath = \"C:\\\\Users\\\\user\\\\pre-patch-script.cmd\",\n },\n },\n PostStep = new Gcp.OsConfig.Inputs.PatchDeploymentPatchConfigPostStepArgs\n {\n LinuxExecStepConfig = new Gcp.OsConfig.Inputs.PatchDeploymentPatchConfigPostStepLinuxExecStepConfigArgs\n {\n GcsObject = new Gcp.OsConfig.Inputs.PatchDeploymentPatchConfigPostStepLinuxExecStepConfigGcsObjectArgs\n {\n Bucket = \"my-patch-scripts\",\n GenerationNumber = \"1523477886880\",\n Object = \"linux/post_patch_script\",\n },\n },\n WindowsExecStepConfig = new Gcp.OsConfig.Inputs.PatchDeploymentPatchConfigPostStepWindowsExecStepConfigArgs\n {\n Interpreter = \"POWERSHELL\",\n GcsObject = new Gcp.OsConfig.Inputs.PatchDeploymentPatchConfigPostStepWindowsExecStepConfigGcsObjectArgs\n {\n Bucket = \"my-patch-scripts\",\n GenerationNumber = \"135920493447\",\n Object = \"windows/post_patch_script.ps1\",\n },\n },\n },\n },\n Duration = \"10s\",\n RecurringSchedule = new Gcp.OsConfig.Inputs.PatchDeploymentRecurringScheduleArgs\n {\n TimeZone = new Gcp.OsConfig.Inputs.PatchDeploymentRecurringScheduleTimeZoneArgs\n {\n Id = \"America/New_York\",\n },\n TimeOfDay = new Gcp.OsConfig.Inputs.PatchDeploymentRecurringScheduleTimeOfDayArgs\n {\n Hours = 0,\n Minutes = 30,\n Seconds = 30,\n Nanos = 20,\n },\n Monthly = new Gcp.OsConfig.Inputs.PatchDeploymentRecurringScheduleMonthlyArgs\n {\n WeekDayOfMonth = new Gcp.OsConfig.Inputs.PatchDeploymentRecurringScheduleMonthlyWeekDayOfMonthArgs\n {\n WeekOrdinal = -1,\n DayOfWeek = \"TUESDAY\",\n DayOffset = 3,\n },\n },\n },\n Rollout = new Gcp.OsConfig.Inputs.PatchDeploymentRolloutArgs\n {\n Mode = \"ZONE_BY_ZONE\",\n DisruptionBudget = new Gcp.OsConfig.Inputs.PatchDeploymentRolloutDisruptionBudgetArgs\n {\n Fixed = 1,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/osconfig\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := osconfig.NewPatchDeployment(ctx, \"patch\", \u0026osconfig.PatchDeploymentArgs{\n\t\t\tPatchDeploymentId: pulumi.String(\"patch-deploy\"),\n\t\t\tInstanceFilter: \u0026osconfig.PatchDeploymentInstanceFilterArgs{\n\t\t\t\tGroupLabels: osconfig.PatchDeploymentInstanceFilterGroupLabelArray{\n\t\t\t\t\t\u0026osconfig.PatchDeploymentInstanceFilterGroupLabelArgs{\n\t\t\t\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\t\t\t\"env\": pulumi.String(\"dev\"),\n\t\t\t\t\t\t\t\"app\": pulumi.String(\"web\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tInstanceNamePrefixes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"test-\"),\n\t\t\t\t},\n\t\t\t\tZones: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"us-central1-a\"),\n\t\t\t\t\tpulumi.String(\"us-central-1c\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPatchConfig: \u0026osconfig.PatchDeploymentPatchConfigArgs{\n\t\t\t\tMigInstancesAllowed: pulumi.Bool(true),\n\t\t\t\tRebootConfig: pulumi.String(\"ALWAYS\"),\n\t\t\t\tApt: \u0026osconfig.PatchDeploymentPatchConfigAptArgs{\n\t\t\t\t\tType: pulumi.String(\"DIST\"),\n\t\t\t\t\tExcludes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"python\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tYum: \u0026osconfig.PatchDeploymentPatchConfigYumArgs{\n\t\t\t\t\tSecurity: pulumi.Bool(true),\n\t\t\t\t\tMinimal: pulumi.Bool(true),\n\t\t\t\t\tExcludes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"bash\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tGoo: \u0026osconfig.PatchDeploymentPatchConfigGooArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tZypper: \u0026osconfig.PatchDeploymentPatchConfigZypperArgs{\n\t\t\t\t\tCategories: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"security\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tWindowsUpdate: \u0026osconfig.PatchDeploymentPatchConfigWindowsUpdateArgs{\n\t\t\t\t\tClassifications: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"CRITICAL\"),\n\t\t\t\t\t\tpulumi.String(\"SECURITY\"),\n\t\t\t\t\t\tpulumi.String(\"UPDATE\"),\n\t\t\t\t\t},\n\t\t\t\t\tExcludes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"5012170\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tPreStep: \u0026osconfig.PatchDeploymentPatchConfigPreStepArgs{\n\t\t\t\t\tLinuxExecStepConfig: \u0026osconfig.PatchDeploymentPatchConfigPreStepLinuxExecStepConfigArgs{\n\t\t\t\t\t\tAllowedSuccessCodes: pulumi.IntArray{\n\t\t\t\t\t\t\tpulumi.Int(0),\n\t\t\t\t\t\t\tpulumi.Int(3),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tLocalPath: pulumi.String(\"/tmp/pre_patch_script.sh\"),\n\t\t\t\t\t},\n\t\t\t\t\tWindowsExecStepConfig: \u0026osconfig.PatchDeploymentPatchConfigPreStepWindowsExecStepConfigArgs{\n\t\t\t\t\t\tInterpreter: pulumi.String(\"SHELL\"),\n\t\t\t\t\t\tAllowedSuccessCodes: pulumi.IntArray{\n\t\t\t\t\t\t\tpulumi.Int(0),\n\t\t\t\t\t\t\tpulumi.Int(2),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tLocalPath: pulumi.String(\"C:\\\\Users\\\\user\\\\pre-patch-script.cmd\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tPostStep: \u0026osconfig.PatchDeploymentPatchConfigPostStepArgs{\n\t\t\t\t\tLinuxExecStepConfig: \u0026osconfig.PatchDeploymentPatchConfigPostStepLinuxExecStepConfigArgs{\n\t\t\t\t\t\tGcsObject: \u0026osconfig.PatchDeploymentPatchConfigPostStepLinuxExecStepConfigGcsObjectArgs{\n\t\t\t\t\t\t\tBucket: pulumi.String(\"my-patch-scripts\"),\n\t\t\t\t\t\t\tGenerationNumber: pulumi.String(\"1523477886880\"),\n\t\t\t\t\t\t\tObject: pulumi.String(\"linux/post_patch_script\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tWindowsExecStepConfig: \u0026osconfig.PatchDeploymentPatchConfigPostStepWindowsExecStepConfigArgs{\n\t\t\t\t\t\tInterpreter: pulumi.String(\"POWERSHELL\"),\n\t\t\t\t\t\tGcsObject: \u0026osconfig.PatchDeploymentPatchConfigPostStepWindowsExecStepConfigGcsObjectArgs{\n\t\t\t\t\t\t\tBucket: pulumi.String(\"my-patch-scripts\"),\n\t\t\t\t\t\t\tGenerationNumber: pulumi.String(\"135920493447\"),\n\t\t\t\t\t\t\tObject: pulumi.String(\"windows/post_patch_script.ps1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDuration: pulumi.String(\"10s\"),\n\t\t\tRecurringSchedule: \u0026osconfig.PatchDeploymentRecurringScheduleArgs{\n\t\t\t\tTimeZone: \u0026osconfig.PatchDeploymentRecurringScheduleTimeZoneArgs{\n\t\t\t\t\tId: pulumi.String(\"America/New_York\"),\n\t\t\t\t},\n\t\t\t\tTimeOfDay: \u0026osconfig.PatchDeploymentRecurringScheduleTimeOfDayArgs{\n\t\t\t\t\tHours: pulumi.Int(0),\n\t\t\t\t\tMinutes: pulumi.Int(30),\n\t\t\t\t\tSeconds: pulumi.Int(30),\n\t\t\t\t\tNanos: pulumi.Int(20),\n\t\t\t\t},\n\t\t\t\tMonthly: \u0026osconfig.PatchDeploymentRecurringScheduleMonthlyArgs{\n\t\t\t\t\tWeekDayOfMonth: \u0026osconfig.PatchDeploymentRecurringScheduleMonthlyWeekDayOfMonthArgs{\n\t\t\t\t\t\tWeekOrdinal: pulumi.Int(-1),\n\t\t\t\t\t\tDayOfWeek: pulumi.String(\"TUESDAY\"),\n\t\t\t\t\t\tDayOffset: pulumi.Int(3),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tRollout: \u0026osconfig.PatchDeploymentRolloutArgs{\n\t\t\t\tMode: pulumi.String(\"ZONE_BY_ZONE\"),\n\t\t\t\tDisruptionBudget: \u0026osconfig.PatchDeploymentRolloutDisruptionBudgetArgs{\n\t\t\t\t\tFixed: pulumi.Int(1),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.osconfig.PatchDeployment;\nimport com.pulumi.gcp.osconfig.PatchDeploymentArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentInstanceFilterArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentPatchConfigArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentPatchConfigAptArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentPatchConfigYumArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentPatchConfigGooArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentPatchConfigZypperArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentPatchConfigWindowsUpdateArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentPatchConfigPreStepArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentPatchConfigPreStepLinuxExecStepConfigArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentPatchConfigPreStepWindowsExecStepConfigArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentPatchConfigPostStepArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentPatchConfigPostStepLinuxExecStepConfigArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentPatchConfigPostStepLinuxExecStepConfigGcsObjectArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentPatchConfigPostStepWindowsExecStepConfigArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentPatchConfigPostStepWindowsExecStepConfigGcsObjectArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentRecurringScheduleArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentRecurringScheduleTimeZoneArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentRecurringScheduleTimeOfDayArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentRecurringScheduleMonthlyArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentRecurringScheduleMonthlyWeekDayOfMonthArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentRolloutArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentRolloutDisruptionBudgetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var patch = new PatchDeployment(\"patch\", PatchDeploymentArgs.builder()\n .patchDeploymentId(\"patch-deploy\")\n .instanceFilter(PatchDeploymentInstanceFilterArgs.builder()\n .groupLabels(PatchDeploymentInstanceFilterGroupLabelArgs.builder()\n .labels(Map.ofEntries(\n Map.entry(\"env\", \"dev\"),\n Map.entry(\"app\", \"web\")\n ))\n .build())\n .instanceNamePrefixes(\"test-\")\n .zones( \n \"us-central1-a\",\n \"us-central-1c\")\n .build())\n .patchConfig(PatchDeploymentPatchConfigArgs.builder()\n .migInstancesAllowed(true)\n .rebootConfig(\"ALWAYS\")\n .apt(PatchDeploymentPatchConfigAptArgs.builder()\n .type(\"DIST\")\n .excludes(\"python\")\n .build())\n .yum(PatchDeploymentPatchConfigYumArgs.builder()\n .security(true)\n .minimal(true)\n .excludes(\"bash\")\n .build())\n .goo(PatchDeploymentPatchConfigGooArgs.builder()\n .enabled(true)\n .build())\n .zypper(PatchDeploymentPatchConfigZypperArgs.builder()\n .categories(\"security\")\n .build())\n .windowsUpdate(PatchDeploymentPatchConfigWindowsUpdateArgs.builder()\n .classifications( \n \"CRITICAL\",\n \"SECURITY\",\n \"UPDATE\")\n .excludes(\"5012170\")\n .build())\n .preStep(PatchDeploymentPatchConfigPreStepArgs.builder()\n .linuxExecStepConfig(PatchDeploymentPatchConfigPreStepLinuxExecStepConfigArgs.builder()\n .allowedSuccessCodes( \n 0,\n 3)\n .localPath(\"/tmp/pre_patch_script.sh\")\n .build())\n .windowsExecStepConfig(PatchDeploymentPatchConfigPreStepWindowsExecStepConfigArgs.builder()\n .interpreter(\"SHELL\")\n .allowedSuccessCodes( \n 0,\n 2)\n .localPath(\"C:\\\\Users\\\\user\\\\pre-patch-script.cmd\")\n .build())\n .build())\n .postStep(PatchDeploymentPatchConfigPostStepArgs.builder()\n .linuxExecStepConfig(PatchDeploymentPatchConfigPostStepLinuxExecStepConfigArgs.builder()\n .gcsObject(PatchDeploymentPatchConfigPostStepLinuxExecStepConfigGcsObjectArgs.builder()\n .bucket(\"my-patch-scripts\")\n .generationNumber(\"1523477886880\")\n .object(\"linux/post_patch_script\")\n .build())\n .build())\n .windowsExecStepConfig(PatchDeploymentPatchConfigPostStepWindowsExecStepConfigArgs.builder()\n .interpreter(\"POWERSHELL\")\n .gcsObject(PatchDeploymentPatchConfigPostStepWindowsExecStepConfigGcsObjectArgs.builder()\n .bucket(\"my-patch-scripts\")\n .generationNumber(\"135920493447\")\n .object(\"windows/post_patch_script.ps1\")\n .build())\n .build())\n .build())\n .build())\n .duration(\"10s\")\n .recurringSchedule(PatchDeploymentRecurringScheduleArgs.builder()\n .timeZone(PatchDeploymentRecurringScheduleTimeZoneArgs.builder()\n .id(\"America/New_York\")\n .build())\n .timeOfDay(PatchDeploymentRecurringScheduleTimeOfDayArgs.builder()\n .hours(0)\n .minutes(30)\n .seconds(30)\n .nanos(20)\n .build())\n .monthly(PatchDeploymentRecurringScheduleMonthlyArgs.builder()\n .weekDayOfMonth(PatchDeploymentRecurringScheduleMonthlyWeekDayOfMonthArgs.builder()\n .weekOrdinal(-1)\n .dayOfWeek(\"TUESDAY\")\n .dayOffset(3)\n .build())\n .build())\n .build())\n .rollout(PatchDeploymentRolloutArgs.builder()\n .mode(\"ZONE_BY_ZONE\")\n .disruptionBudget(PatchDeploymentRolloutDisruptionBudgetArgs.builder()\n .fixed(1)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n patch:\n type: gcp:osconfig:PatchDeployment\n properties:\n patchDeploymentId: patch-deploy\n instanceFilter:\n groupLabels:\n - labels:\n env: dev\n app: web\n instanceNamePrefixes:\n - test-\n zones:\n - us-central1-a\n - us-central-1c\n patchConfig:\n migInstancesAllowed: true\n rebootConfig: ALWAYS\n apt:\n type: DIST\n excludes:\n - python\n yum:\n security: true\n minimal: true\n excludes:\n - bash\n goo:\n enabled: true\n zypper:\n categories:\n - security\n windowsUpdate:\n classifications:\n - CRITICAL\n - SECURITY\n - UPDATE\n excludes:\n - '5012170'\n preStep:\n linuxExecStepConfig:\n allowedSuccessCodes:\n - 0\n - 3\n localPath: /tmp/pre_patch_script.sh\n windowsExecStepConfig:\n interpreter: SHELL\n allowedSuccessCodes:\n - 0\n - 2\n localPath: C:\\Users\\user\\pre-patch-script.cmd\n postStep:\n linuxExecStepConfig:\n gcsObject:\n bucket: my-patch-scripts\n generationNumber: '1523477886880'\n object: linux/post_patch_script\n windowsExecStepConfig:\n interpreter: POWERSHELL\n gcsObject:\n bucket: my-patch-scripts\n generationNumber: '135920493447'\n object: windows/post_patch_script.ps1\n duration: 10s\n recurringSchedule:\n timeZone:\n id: America/New_York\n timeOfDay:\n hours: 0\n minutes: 30\n seconds: 30\n nanos: 20\n monthly:\n weekDayOfMonth:\n weekOrdinal: -1\n dayOfWeek: TUESDAY\n dayOffset: 3\n rollout:\n mode: ZONE_BY_ZONE\n disruptionBudget:\n fixed: 1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nPatchDeployment can be imported using any of these accepted formats:\n\n* `{{project}}/{{name}}`\n\n* `{{project}} {{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, PatchDeployment can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:osconfig/patchDeployment:PatchDeployment default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:osconfig/patchDeployment:PatchDeployment default \"{{project}} {{name}}\"\n```\n\n```sh\n$ pulumi import gcp:osconfig/patchDeployment:PatchDeployment default {{name}}\n```\n\n", + "description": "Patch deployments are configurations that individual patch jobs use to complete a patch.\nThese configurations include instance filter, package repository settings, and a schedule.\n\n\nTo get more information about PatchDeployment, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/osconfig/rest)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/compute/docs/os-patch-management)\n\n## Example Usage\n\n### Os Config Patch Deployment Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst patch = new gcp.osconfig.PatchDeployment(\"patch\", {\n patchDeploymentId: \"patch-deploy\",\n instanceFilter: {\n all: true,\n },\n oneTimeSchedule: {\n executeTime: \"2999-10-10T10:10:10.045123456Z\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npatch = gcp.osconfig.PatchDeployment(\"patch\",\n patch_deployment_id=\"patch-deploy\",\n instance_filter={\n \"all\": True,\n },\n one_time_schedule={\n \"execute_time\": \"2999-10-10T10:10:10.045123456Z\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var patch = new Gcp.OsConfig.PatchDeployment(\"patch\", new()\n {\n PatchDeploymentId = \"patch-deploy\",\n InstanceFilter = new Gcp.OsConfig.Inputs.PatchDeploymentInstanceFilterArgs\n {\n All = true,\n },\n OneTimeSchedule = new Gcp.OsConfig.Inputs.PatchDeploymentOneTimeScheduleArgs\n {\n ExecuteTime = \"2999-10-10T10:10:10.045123456Z\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/osconfig\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := osconfig.NewPatchDeployment(ctx, \"patch\", \u0026osconfig.PatchDeploymentArgs{\n\t\t\tPatchDeploymentId: pulumi.String(\"patch-deploy\"),\n\t\t\tInstanceFilter: \u0026osconfig.PatchDeploymentInstanceFilterArgs{\n\t\t\t\tAll: pulumi.Bool(true),\n\t\t\t},\n\t\t\tOneTimeSchedule: \u0026osconfig.PatchDeploymentOneTimeScheduleArgs{\n\t\t\t\tExecuteTime: pulumi.String(\"2999-10-10T10:10:10.045123456Z\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.osconfig.PatchDeployment;\nimport com.pulumi.gcp.osconfig.PatchDeploymentArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentInstanceFilterArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentOneTimeScheduleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var patch = new PatchDeployment(\"patch\", PatchDeploymentArgs.builder()\n .patchDeploymentId(\"patch-deploy\")\n .instanceFilter(PatchDeploymentInstanceFilterArgs.builder()\n .all(true)\n .build())\n .oneTimeSchedule(PatchDeploymentOneTimeScheduleArgs.builder()\n .executeTime(\"2999-10-10T10:10:10.045123456Z\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n patch:\n type: gcp:osconfig:PatchDeployment\n properties:\n patchDeploymentId: patch-deploy\n instanceFilter:\n all: true\n oneTimeSchedule:\n executeTime: 2999-10-10T10:10:10.045123456Z\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Os Config Patch Deployment Daily\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst patch = new gcp.osconfig.PatchDeployment(\"patch\", {\n patchDeploymentId: \"patch-deploy\",\n instanceFilter: {\n all: true,\n },\n recurringSchedule: {\n timeZone: {\n id: \"America/New_York\",\n },\n timeOfDay: {\n hours: 0,\n minutes: 30,\n seconds: 30,\n nanos: 20,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npatch = gcp.osconfig.PatchDeployment(\"patch\",\n patch_deployment_id=\"patch-deploy\",\n instance_filter={\n \"all\": True,\n },\n recurring_schedule={\n \"time_zone\": {\n \"id\": \"America/New_York\",\n },\n \"time_of_day\": {\n \"hours\": 0,\n \"minutes\": 30,\n \"seconds\": 30,\n \"nanos\": 20,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var patch = new Gcp.OsConfig.PatchDeployment(\"patch\", new()\n {\n PatchDeploymentId = \"patch-deploy\",\n InstanceFilter = new Gcp.OsConfig.Inputs.PatchDeploymentInstanceFilterArgs\n {\n All = true,\n },\n RecurringSchedule = new Gcp.OsConfig.Inputs.PatchDeploymentRecurringScheduleArgs\n {\n TimeZone = new Gcp.OsConfig.Inputs.PatchDeploymentRecurringScheduleTimeZoneArgs\n {\n Id = \"America/New_York\",\n },\n TimeOfDay = new Gcp.OsConfig.Inputs.PatchDeploymentRecurringScheduleTimeOfDayArgs\n {\n Hours = 0,\n Minutes = 30,\n Seconds = 30,\n Nanos = 20,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/osconfig\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := osconfig.NewPatchDeployment(ctx, \"patch\", \u0026osconfig.PatchDeploymentArgs{\n\t\t\tPatchDeploymentId: pulumi.String(\"patch-deploy\"),\n\t\t\tInstanceFilter: \u0026osconfig.PatchDeploymentInstanceFilterArgs{\n\t\t\t\tAll: pulumi.Bool(true),\n\t\t\t},\n\t\t\tRecurringSchedule: \u0026osconfig.PatchDeploymentRecurringScheduleArgs{\n\t\t\t\tTimeZone: \u0026osconfig.PatchDeploymentRecurringScheduleTimeZoneArgs{\n\t\t\t\t\tId: pulumi.String(\"America/New_York\"),\n\t\t\t\t},\n\t\t\t\tTimeOfDay: \u0026osconfig.PatchDeploymentRecurringScheduleTimeOfDayArgs{\n\t\t\t\t\tHours: pulumi.Int(0),\n\t\t\t\t\tMinutes: pulumi.Int(30),\n\t\t\t\t\tSeconds: pulumi.Int(30),\n\t\t\t\t\tNanos: pulumi.Int(20),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.osconfig.PatchDeployment;\nimport com.pulumi.gcp.osconfig.PatchDeploymentArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentInstanceFilterArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentRecurringScheduleArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentRecurringScheduleTimeZoneArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentRecurringScheduleTimeOfDayArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var patch = new PatchDeployment(\"patch\", PatchDeploymentArgs.builder()\n .patchDeploymentId(\"patch-deploy\")\n .instanceFilter(PatchDeploymentInstanceFilterArgs.builder()\n .all(true)\n .build())\n .recurringSchedule(PatchDeploymentRecurringScheduleArgs.builder()\n .timeZone(PatchDeploymentRecurringScheduleTimeZoneArgs.builder()\n .id(\"America/New_York\")\n .build())\n .timeOfDay(PatchDeploymentRecurringScheduleTimeOfDayArgs.builder()\n .hours(0)\n .minutes(30)\n .seconds(30)\n .nanos(20)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n patch:\n type: gcp:osconfig:PatchDeployment\n properties:\n patchDeploymentId: patch-deploy\n instanceFilter:\n all: true\n recurringSchedule:\n timeZone:\n id: America/New_York\n timeOfDay:\n hours: 0\n minutes: 30\n seconds: 30\n nanos: 20\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Os Config Patch Deployment Daily Midnight\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst patch = new gcp.osconfig.PatchDeployment(\"patch\", {\n patchDeploymentId: \"patch-deploy\",\n instanceFilter: {\n all: true,\n },\n recurringSchedule: {\n timeZone: {\n id: \"America/New_York\",\n },\n timeOfDay: {\n hours: 0,\n minutes: 0,\n seconds: 0,\n nanos: 0,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npatch = gcp.osconfig.PatchDeployment(\"patch\",\n patch_deployment_id=\"patch-deploy\",\n instance_filter={\n \"all\": True,\n },\n recurring_schedule={\n \"time_zone\": {\n \"id\": \"America/New_York\",\n },\n \"time_of_day\": {\n \"hours\": 0,\n \"minutes\": 0,\n \"seconds\": 0,\n \"nanos\": 0,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var patch = new Gcp.OsConfig.PatchDeployment(\"patch\", new()\n {\n PatchDeploymentId = \"patch-deploy\",\n InstanceFilter = new Gcp.OsConfig.Inputs.PatchDeploymentInstanceFilterArgs\n {\n All = true,\n },\n RecurringSchedule = new Gcp.OsConfig.Inputs.PatchDeploymentRecurringScheduleArgs\n {\n TimeZone = new Gcp.OsConfig.Inputs.PatchDeploymentRecurringScheduleTimeZoneArgs\n {\n Id = \"America/New_York\",\n },\n TimeOfDay = new Gcp.OsConfig.Inputs.PatchDeploymentRecurringScheduleTimeOfDayArgs\n {\n Hours = 0,\n Minutes = 0,\n Seconds = 0,\n Nanos = 0,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/osconfig\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := osconfig.NewPatchDeployment(ctx, \"patch\", \u0026osconfig.PatchDeploymentArgs{\n\t\t\tPatchDeploymentId: pulumi.String(\"patch-deploy\"),\n\t\t\tInstanceFilter: \u0026osconfig.PatchDeploymentInstanceFilterArgs{\n\t\t\t\tAll: pulumi.Bool(true),\n\t\t\t},\n\t\t\tRecurringSchedule: \u0026osconfig.PatchDeploymentRecurringScheduleArgs{\n\t\t\t\tTimeZone: \u0026osconfig.PatchDeploymentRecurringScheduleTimeZoneArgs{\n\t\t\t\t\tId: pulumi.String(\"America/New_York\"),\n\t\t\t\t},\n\t\t\t\tTimeOfDay: \u0026osconfig.PatchDeploymentRecurringScheduleTimeOfDayArgs{\n\t\t\t\t\tHours: pulumi.Int(0),\n\t\t\t\t\tMinutes: pulumi.Int(0),\n\t\t\t\t\tSeconds: pulumi.Int(0),\n\t\t\t\t\tNanos: pulumi.Int(0),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.osconfig.PatchDeployment;\nimport com.pulumi.gcp.osconfig.PatchDeploymentArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentInstanceFilterArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentRecurringScheduleArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentRecurringScheduleTimeZoneArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentRecurringScheduleTimeOfDayArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var patch = new PatchDeployment(\"patch\", PatchDeploymentArgs.builder()\n .patchDeploymentId(\"patch-deploy\")\n .instanceFilter(PatchDeploymentInstanceFilterArgs.builder()\n .all(true)\n .build())\n .recurringSchedule(PatchDeploymentRecurringScheduleArgs.builder()\n .timeZone(PatchDeploymentRecurringScheduleTimeZoneArgs.builder()\n .id(\"America/New_York\")\n .build())\n .timeOfDay(PatchDeploymentRecurringScheduleTimeOfDayArgs.builder()\n .hours(0)\n .minutes(0)\n .seconds(0)\n .nanos(0)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n patch:\n type: gcp:osconfig:PatchDeployment\n properties:\n patchDeploymentId: patch-deploy\n instanceFilter:\n all: true\n recurringSchedule:\n timeZone:\n id: America/New_York\n timeOfDay:\n hours: 0\n minutes: 0\n seconds: 0\n nanos: 0\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Os Config Patch Deployment Instance\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst foobar = new gcp.compute.Instance(\"foobar\", {\n name: \"patch-deploy-inst\",\n machineType: \"e2-medium\",\n zone: \"us-central1-a\",\n canIpForward: false,\n tags: [\n \"foo\",\n \"bar\",\n ],\n bootDisk: {\n initializeParams: {\n image: myImage.then(myImage =\u003e myImage.selfLink),\n },\n },\n networkInterfaces: [{\n network: \"default\",\n }],\n metadata: {\n foo: \"bar\",\n },\n});\nconst patch = new gcp.osconfig.PatchDeployment(\"patch\", {\n patchDeploymentId: \"patch-deploy\",\n instanceFilter: {\n instances: [foobar.id],\n },\n patchConfig: {\n yum: {\n security: true,\n minimal: true,\n excludes: [\"bash\"],\n },\n },\n recurringSchedule: {\n timeZone: {\n id: \"America/New_York\",\n },\n timeOfDay: {\n hours: 0,\n minutes: 30,\n seconds: 30,\n nanos: 20,\n },\n monthly: {\n monthDay: 1,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\nfoobar = gcp.compute.Instance(\"foobar\",\n name=\"patch-deploy-inst\",\n machine_type=\"e2-medium\",\n zone=\"us-central1-a\",\n can_ip_forward=False,\n tags=[\n \"foo\",\n \"bar\",\n ],\n boot_disk={\n \"initialize_params\": {\n \"image\": my_image.self_link,\n },\n },\n network_interfaces=[{\n \"network\": \"default\",\n }],\n metadata={\n \"foo\": \"bar\",\n })\npatch = gcp.osconfig.PatchDeployment(\"patch\",\n patch_deployment_id=\"patch-deploy\",\n instance_filter={\n \"instances\": [foobar.id],\n },\n patch_config={\n \"yum\": {\n \"security\": True,\n \"minimal\": True,\n \"excludes\": [\"bash\"],\n },\n },\n recurring_schedule={\n \"time_zone\": {\n \"id\": \"America/New_York\",\n },\n \"time_of_day\": {\n \"hours\": 0,\n \"minutes\": 30,\n \"seconds\": 30,\n \"nanos\": 20,\n },\n \"monthly\": {\n \"month_day\": 1,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var foobar = new Gcp.Compute.Instance(\"foobar\", new()\n {\n Name = \"patch-deploy-inst\",\n MachineType = \"e2-medium\",\n Zone = \"us-central1-a\",\n CanIpForward = false,\n Tags = new[]\n {\n \"foo\",\n \"bar\",\n },\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = myImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n },\n },\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs\n {\n Network = \"default\",\n },\n },\n Metadata = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n var patch = new Gcp.OsConfig.PatchDeployment(\"patch\", new()\n {\n PatchDeploymentId = \"patch-deploy\",\n InstanceFilter = new Gcp.OsConfig.Inputs.PatchDeploymentInstanceFilterArgs\n {\n Instances = new[]\n {\n foobar.Id,\n },\n },\n PatchConfig = new Gcp.OsConfig.Inputs.PatchDeploymentPatchConfigArgs\n {\n Yum = new Gcp.OsConfig.Inputs.PatchDeploymentPatchConfigYumArgs\n {\n Security = true,\n Minimal = true,\n Excludes = new[]\n {\n \"bash\",\n },\n },\n },\n RecurringSchedule = new Gcp.OsConfig.Inputs.PatchDeploymentRecurringScheduleArgs\n {\n TimeZone = new Gcp.OsConfig.Inputs.PatchDeploymentRecurringScheduleTimeZoneArgs\n {\n Id = \"America/New_York\",\n },\n TimeOfDay = new Gcp.OsConfig.Inputs.PatchDeploymentRecurringScheduleTimeOfDayArgs\n {\n Hours = 0,\n Minutes = 30,\n Seconds = 30,\n Nanos = 20,\n },\n Monthly = new Gcp.OsConfig.Inputs.PatchDeploymentRecurringScheduleMonthlyArgs\n {\n MonthDay = 1,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/osconfig\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoobar, err := compute.NewInstance(ctx, \"foobar\", \u0026compute.InstanceArgs{\n\t\t\tName: pulumi.String(\"patch-deploy-inst\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tCanIpForward: pulumi.Bool(false),\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"foo\"),\n\t\t\t\tpulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\n\t\t\t\t\tImage: pulumi.String(myImage.SelfLink),\n\t\t\t\t},\n\t\t\t},\n\t\t\tNetworkInterfaces: compute.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tMetadata: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = osconfig.NewPatchDeployment(ctx, \"patch\", \u0026osconfig.PatchDeploymentArgs{\n\t\t\tPatchDeploymentId: pulumi.String(\"patch-deploy\"),\n\t\t\tInstanceFilter: \u0026osconfig.PatchDeploymentInstanceFilterArgs{\n\t\t\t\tInstances: pulumi.StringArray{\n\t\t\t\t\tfoobar.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPatchConfig: \u0026osconfig.PatchDeploymentPatchConfigArgs{\n\t\t\t\tYum: \u0026osconfig.PatchDeploymentPatchConfigYumArgs{\n\t\t\t\t\tSecurity: pulumi.Bool(true),\n\t\t\t\t\tMinimal: pulumi.Bool(true),\n\t\t\t\t\tExcludes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"bash\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tRecurringSchedule: \u0026osconfig.PatchDeploymentRecurringScheduleArgs{\n\t\t\t\tTimeZone: \u0026osconfig.PatchDeploymentRecurringScheduleTimeZoneArgs{\n\t\t\t\t\tId: pulumi.String(\"America/New_York\"),\n\t\t\t\t},\n\t\t\t\tTimeOfDay: \u0026osconfig.PatchDeploymentRecurringScheduleTimeOfDayArgs{\n\t\t\t\t\tHours: pulumi.Int(0),\n\t\t\t\t\tMinutes: pulumi.Int(30),\n\t\t\t\t\tSeconds: pulumi.Int(30),\n\t\t\t\t\tNanos: pulumi.Int(20),\n\t\t\t\t},\n\t\t\t\tMonthly: \u0026osconfig.PatchDeploymentRecurringScheduleMonthlyArgs{\n\t\t\t\t\tMonthDay: pulumi.Int(1),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;\nimport com.pulumi.gcp.osconfig.PatchDeployment;\nimport com.pulumi.gcp.osconfig.PatchDeploymentArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentInstanceFilterArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentPatchConfigArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentPatchConfigYumArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentRecurringScheduleArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentRecurringScheduleTimeZoneArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentRecurringScheduleTimeOfDayArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentRecurringScheduleMonthlyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var foobar = new Instance(\"foobar\", InstanceArgs.builder()\n .name(\"patch-deploy-inst\")\n .machineType(\"e2-medium\")\n .zone(\"us-central1-a\")\n .canIpForward(false)\n .tags( \n \"foo\",\n \"bar\")\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(myImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .build())\n .build())\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .network(\"default\")\n .build())\n .metadata(Map.of(\"foo\", \"bar\"))\n .build());\n\n var patch = new PatchDeployment(\"patch\", PatchDeploymentArgs.builder()\n .patchDeploymentId(\"patch-deploy\")\n .instanceFilter(PatchDeploymentInstanceFilterArgs.builder()\n .instances(foobar.id())\n .build())\n .patchConfig(PatchDeploymentPatchConfigArgs.builder()\n .yum(PatchDeploymentPatchConfigYumArgs.builder()\n .security(true)\n .minimal(true)\n .excludes(\"bash\")\n .build())\n .build())\n .recurringSchedule(PatchDeploymentRecurringScheduleArgs.builder()\n .timeZone(PatchDeploymentRecurringScheduleTimeZoneArgs.builder()\n .id(\"America/New_York\")\n .build())\n .timeOfDay(PatchDeploymentRecurringScheduleTimeOfDayArgs.builder()\n .hours(0)\n .minutes(30)\n .seconds(30)\n .nanos(20)\n .build())\n .monthly(PatchDeploymentRecurringScheduleMonthlyArgs.builder()\n .monthDay(1)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foobar:\n type: gcp:compute:Instance\n properties:\n name: patch-deploy-inst\n machineType: e2-medium\n zone: us-central1-a\n canIpForward: false\n tags:\n - foo\n - bar\n bootDisk:\n initializeParams:\n image: ${myImage.selfLink}\n networkInterfaces:\n - network: default\n metadata:\n foo: bar\n patch:\n type: gcp:osconfig:PatchDeployment\n properties:\n patchDeploymentId: patch-deploy\n instanceFilter:\n instances:\n - ${foobar.id}\n patchConfig:\n yum:\n security: true\n minimal: true\n excludes:\n - bash\n recurringSchedule:\n timeZone:\n id: America/New_York\n timeOfDay:\n hours: 0\n minutes: 30\n seconds: 30\n nanos: 20\n monthly:\n monthDay: 1\nvariables:\n myImage:\n fn::invoke:\n function: gcp:compute:getImage\n arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Os Config Patch Deployment Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst patch = new gcp.osconfig.PatchDeployment(\"patch\", {\n patchDeploymentId: \"patch-deploy\",\n instanceFilter: {\n groupLabels: [{\n labels: {\n env: \"dev\",\n app: \"web\",\n },\n }],\n instanceNamePrefixes: [\"test-\"],\n zones: [\n \"us-central1-a\",\n \"us-central-1c\",\n ],\n },\n patchConfig: {\n migInstancesAllowed: true,\n rebootConfig: \"ALWAYS\",\n apt: {\n type: \"DIST\",\n excludes: [\"python\"],\n },\n yum: {\n security: true,\n minimal: true,\n excludes: [\"bash\"],\n },\n goo: {\n enabled: true,\n },\n zypper: {\n categories: [\"security\"],\n },\n windowsUpdate: {\n classifications: [\n \"CRITICAL\",\n \"SECURITY\",\n \"UPDATE\",\n ],\n excludes: [\"5012170\"],\n },\n preStep: {\n linuxExecStepConfig: {\n allowedSuccessCodes: [\n 0,\n 3,\n ],\n localPath: \"/tmp/pre_patch_script.sh\",\n },\n windowsExecStepConfig: {\n interpreter: \"SHELL\",\n allowedSuccessCodes: [\n 0,\n 2,\n ],\n localPath: \"C:\\\\Users\\\\user\\\\pre-patch-script.cmd\",\n },\n },\n postStep: {\n linuxExecStepConfig: {\n gcsObject: {\n bucket: \"my-patch-scripts\",\n generationNumber: \"1523477886880\",\n object: \"linux/post_patch_script\",\n },\n },\n windowsExecStepConfig: {\n interpreter: \"POWERSHELL\",\n gcsObject: {\n bucket: \"my-patch-scripts\",\n generationNumber: \"135920493447\",\n object: \"windows/post_patch_script.ps1\",\n },\n },\n },\n },\n duration: \"10s\",\n recurringSchedule: {\n timeZone: {\n id: \"America/New_York\",\n },\n timeOfDay: {\n hours: 0,\n minutes: 30,\n seconds: 30,\n nanos: 20,\n },\n monthly: {\n weekDayOfMonth: {\n weekOrdinal: -1,\n dayOfWeek: \"TUESDAY\",\n dayOffset: 3,\n },\n },\n },\n rollout: {\n mode: \"ZONE_BY_ZONE\",\n disruptionBudget: {\n fixed: 1,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npatch = gcp.osconfig.PatchDeployment(\"patch\",\n patch_deployment_id=\"patch-deploy\",\n instance_filter={\n \"group_labels\": [{\n \"labels\": {\n \"env\": \"dev\",\n \"app\": \"web\",\n },\n }],\n \"instance_name_prefixes\": [\"test-\"],\n \"zones\": [\n \"us-central1-a\",\n \"us-central-1c\",\n ],\n },\n patch_config={\n \"mig_instances_allowed\": True,\n \"reboot_config\": \"ALWAYS\",\n \"apt\": {\n \"type\": \"DIST\",\n \"excludes\": [\"python\"],\n },\n \"yum\": {\n \"security\": True,\n \"minimal\": True,\n \"excludes\": [\"bash\"],\n },\n \"goo\": {\n \"enabled\": True,\n },\n \"zypper\": {\n \"categories\": [\"security\"],\n },\n \"windows_update\": {\n \"classifications\": [\n \"CRITICAL\",\n \"SECURITY\",\n \"UPDATE\",\n ],\n \"excludes\": [\"5012170\"],\n },\n \"pre_step\": {\n \"linux_exec_step_config\": {\n \"allowed_success_codes\": [\n 0,\n 3,\n ],\n \"local_path\": \"/tmp/pre_patch_script.sh\",\n },\n \"windows_exec_step_config\": {\n \"interpreter\": \"SHELL\",\n \"allowed_success_codes\": [\n 0,\n 2,\n ],\n \"local_path\": \"C:\\\\Users\\\\user\\\\pre-patch-script.cmd\",\n },\n },\n \"post_step\": {\n \"linux_exec_step_config\": {\n \"gcs_object\": {\n \"bucket\": \"my-patch-scripts\",\n \"generation_number\": \"1523477886880\",\n \"object\": \"linux/post_patch_script\",\n },\n },\n \"windows_exec_step_config\": {\n \"interpreter\": \"POWERSHELL\",\n \"gcs_object\": {\n \"bucket\": \"my-patch-scripts\",\n \"generation_number\": \"135920493447\",\n \"object\": \"windows/post_patch_script.ps1\",\n },\n },\n },\n },\n duration=\"10s\",\n recurring_schedule={\n \"time_zone\": {\n \"id\": \"America/New_York\",\n },\n \"time_of_day\": {\n \"hours\": 0,\n \"minutes\": 30,\n \"seconds\": 30,\n \"nanos\": 20,\n },\n \"monthly\": {\n \"week_day_of_month\": {\n \"week_ordinal\": -1,\n \"day_of_week\": \"TUESDAY\",\n \"day_offset\": 3,\n },\n },\n },\n rollout={\n \"mode\": \"ZONE_BY_ZONE\",\n \"disruption_budget\": {\n \"fixed\": 1,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var patch = new Gcp.OsConfig.PatchDeployment(\"patch\", new()\n {\n PatchDeploymentId = \"patch-deploy\",\n InstanceFilter = new Gcp.OsConfig.Inputs.PatchDeploymentInstanceFilterArgs\n {\n GroupLabels = new[]\n {\n new Gcp.OsConfig.Inputs.PatchDeploymentInstanceFilterGroupLabelArgs\n {\n Labels = \n {\n { \"env\", \"dev\" },\n { \"app\", \"web\" },\n },\n },\n },\n InstanceNamePrefixes = new[]\n {\n \"test-\",\n },\n Zones = new[]\n {\n \"us-central1-a\",\n \"us-central-1c\",\n },\n },\n PatchConfig = new Gcp.OsConfig.Inputs.PatchDeploymentPatchConfigArgs\n {\n MigInstancesAllowed = true,\n RebootConfig = \"ALWAYS\",\n Apt = new Gcp.OsConfig.Inputs.PatchDeploymentPatchConfigAptArgs\n {\n Type = \"DIST\",\n Excludes = new[]\n {\n \"python\",\n },\n },\n Yum = new Gcp.OsConfig.Inputs.PatchDeploymentPatchConfigYumArgs\n {\n Security = true,\n Minimal = true,\n Excludes = new[]\n {\n \"bash\",\n },\n },\n Goo = new Gcp.OsConfig.Inputs.PatchDeploymentPatchConfigGooArgs\n {\n Enabled = true,\n },\n Zypper = new Gcp.OsConfig.Inputs.PatchDeploymentPatchConfigZypperArgs\n {\n Categories = new[]\n {\n \"security\",\n },\n },\n WindowsUpdate = new Gcp.OsConfig.Inputs.PatchDeploymentPatchConfigWindowsUpdateArgs\n {\n Classifications = new[]\n {\n \"CRITICAL\",\n \"SECURITY\",\n \"UPDATE\",\n },\n Excludes = new[]\n {\n \"5012170\",\n },\n },\n PreStep = new Gcp.OsConfig.Inputs.PatchDeploymentPatchConfigPreStepArgs\n {\n LinuxExecStepConfig = new Gcp.OsConfig.Inputs.PatchDeploymentPatchConfigPreStepLinuxExecStepConfigArgs\n {\n AllowedSuccessCodes = new[]\n {\n 0,\n 3,\n },\n LocalPath = \"/tmp/pre_patch_script.sh\",\n },\n WindowsExecStepConfig = new Gcp.OsConfig.Inputs.PatchDeploymentPatchConfigPreStepWindowsExecStepConfigArgs\n {\n Interpreter = \"SHELL\",\n AllowedSuccessCodes = new[]\n {\n 0,\n 2,\n },\n LocalPath = \"C:\\\\Users\\\\user\\\\pre-patch-script.cmd\",\n },\n },\n PostStep = new Gcp.OsConfig.Inputs.PatchDeploymentPatchConfigPostStepArgs\n {\n LinuxExecStepConfig = new Gcp.OsConfig.Inputs.PatchDeploymentPatchConfigPostStepLinuxExecStepConfigArgs\n {\n GcsObject = new Gcp.OsConfig.Inputs.PatchDeploymentPatchConfigPostStepLinuxExecStepConfigGcsObjectArgs\n {\n Bucket = \"my-patch-scripts\",\n GenerationNumber = \"1523477886880\",\n Object = \"linux/post_patch_script\",\n },\n },\n WindowsExecStepConfig = new Gcp.OsConfig.Inputs.PatchDeploymentPatchConfigPostStepWindowsExecStepConfigArgs\n {\n Interpreter = \"POWERSHELL\",\n GcsObject = new Gcp.OsConfig.Inputs.PatchDeploymentPatchConfigPostStepWindowsExecStepConfigGcsObjectArgs\n {\n Bucket = \"my-patch-scripts\",\n GenerationNumber = \"135920493447\",\n Object = \"windows/post_patch_script.ps1\",\n },\n },\n },\n },\n Duration = \"10s\",\n RecurringSchedule = new Gcp.OsConfig.Inputs.PatchDeploymentRecurringScheduleArgs\n {\n TimeZone = new Gcp.OsConfig.Inputs.PatchDeploymentRecurringScheduleTimeZoneArgs\n {\n Id = \"America/New_York\",\n },\n TimeOfDay = new Gcp.OsConfig.Inputs.PatchDeploymentRecurringScheduleTimeOfDayArgs\n {\n Hours = 0,\n Minutes = 30,\n Seconds = 30,\n Nanos = 20,\n },\n Monthly = new Gcp.OsConfig.Inputs.PatchDeploymentRecurringScheduleMonthlyArgs\n {\n WeekDayOfMonth = new Gcp.OsConfig.Inputs.PatchDeploymentRecurringScheduleMonthlyWeekDayOfMonthArgs\n {\n WeekOrdinal = -1,\n DayOfWeek = \"TUESDAY\",\n DayOffset = 3,\n },\n },\n },\n Rollout = new Gcp.OsConfig.Inputs.PatchDeploymentRolloutArgs\n {\n Mode = \"ZONE_BY_ZONE\",\n DisruptionBudget = new Gcp.OsConfig.Inputs.PatchDeploymentRolloutDisruptionBudgetArgs\n {\n Fixed = 1,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/osconfig\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := osconfig.NewPatchDeployment(ctx, \"patch\", \u0026osconfig.PatchDeploymentArgs{\n\t\t\tPatchDeploymentId: pulumi.String(\"patch-deploy\"),\n\t\t\tInstanceFilter: \u0026osconfig.PatchDeploymentInstanceFilterArgs{\n\t\t\t\tGroupLabels: osconfig.PatchDeploymentInstanceFilterGroupLabelArray{\n\t\t\t\t\t\u0026osconfig.PatchDeploymentInstanceFilterGroupLabelArgs{\n\t\t\t\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\t\t\t\"env\": pulumi.String(\"dev\"),\n\t\t\t\t\t\t\t\"app\": pulumi.String(\"web\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tInstanceNamePrefixes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"test-\"),\n\t\t\t\t},\n\t\t\t\tZones: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"us-central1-a\"),\n\t\t\t\t\tpulumi.String(\"us-central-1c\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPatchConfig: \u0026osconfig.PatchDeploymentPatchConfigArgs{\n\t\t\t\tMigInstancesAllowed: pulumi.Bool(true),\n\t\t\t\tRebootConfig: pulumi.String(\"ALWAYS\"),\n\t\t\t\tApt: \u0026osconfig.PatchDeploymentPatchConfigAptArgs{\n\t\t\t\t\tType: pulumi.String(\"DIST\"),\n\t\t\t\t\tExcludes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"python\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tYum: \u0026osconfig.PatchDeploymentPatchConfigYumArgs{\n\t\t\t\t\tSecurity: pulumi.Bool(true),\n\t\t\t\t\tMinimal: pulumi.Bool(true),\n\t\t\t\t\tExcludes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"bash\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tGoo: \u0026osconfig.PatchDeploymentPatchConfigGooArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tZypper: \u0026osconfig.PatchDeploymentPatchConfigZypperArgs{\n\t\t\t\t\tCategories: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"security\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tWindowsUpdate: \u0026osconfig.PatchDeploymentPatchConfigWindowsUpdateArgs{\n\t\t\t\t\tClassifications: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"CRITICAL\"),\n\t\t\t\t\t\tpulumi.String(\"SECURITY\"),\n\t\t\t\t\t\tpulumi.String(\"UPDATE\"),\n\t\t\t\t\t},\n\t\t\t\t\tExcludes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"5012170\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tPreStep: \u0026osconfig.PatchDeploymentPatchConfigPreStepArgs{\n\t\t\t\t\tLinuxExecStepConfig: \u0026osconfig.PatchDeploymentPatchConfigPreStepLinuxExecStepConfigArgs{\n\t\t\t\t\t\tAllowedSuccessCodes: pulumi.IntArray{\n\t\t\t\t\t\t\tpulumi.Int(0),\n\t\t\t\t\t\t\tpulumi.Int(3),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tLocalPath: pulumi.String(\"/tmp/pre_patch_script.sh\"),\n\t\t\t\t\t},\n\t\t\t\t\tWindowsExecStepConfig: \u0026osconfig.PatchDeploymentPatchConfigPreStepWindowsExecStepConfigArgs{\n\t\t\t\t\t\tInterpreter: pulumi.String(\"SHELL\"),\n\t\t\t\t\t\tAllowedSuccessCodes: pulumi.IntArray{\n\t\t\t\t\t\t\tpulumi.Int(0),\n\t\t\t\t\t\t\tpulumi.Int(2),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tLocalPath: pulumi.String(\"C:\\\\Users\\\\user\\\\pre-patch-script.cmd\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tPostStep: \u0026osconfig.PatchDeploymentPatchConfigPostStepArgs{\n\t\t\t\t\tLinuxExecStepConfig: \u0026osconfig.PatchDeploymentPatchConfigPostStepLinuxExecStepConfigArgs{\n\t\t\t\t\t\tGcsObject: \u0026osconfig.PatchDeploymentPatchConfigPostStepLinuxExecStepConfigGcsObjectArgs{\n\t\t\t\t\t\t\tBucket: pulumi.String(\"my-patch-scripts\"),\n\t\t\t\t\t\t\tGenerationNumber: pulumi.String(\"1523477886880\"),\n\t\t\t\t\t\t\tObject: pulumi.String(\"linux/post_patch_script\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tWindowsExecStepConfig: \u0026osconfig.PatchDeploymentPatchConfigPostStepWindowsExecStepConfigArgs{\n\t\t\t\t\t\tInterpreter: pulumi.String(\"POWERSHELL\"),\n\t\t\t\t\t\tGcsObject: \u0026osconfig.PatchDeploymentPatchConfigPostStepWindowsExecStepConfigGcsObjectArgs{\n\t\t\t\t\t\t\tBucket: pulumi.String(\"my-patch-scripts\"),\n\t\t\t\t\t\t\tGenerationNumber: pulumi.String(\"135920493447\"),\n\t\t\t\t\t\t\tObject: pulumi.String(\"windows/post_patch_script.ps1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDuration: pulumi.String(\"10s\"),\n\t\t\tRecurringSchedule: \u0026osconfig.PatchDeploymentRecurringScheduleArgs{\n\t\t\t\tTimeZone: \u0026osconfig.PatchDeploymentRecurringScheduleTimeZoneArgs{\n\t\t\t\t\tId: pulumi.String(\"America/New_York\"),\n\t\t\t\t},\n\t\t\t\tTimeOfDay: \u0026osconfig.PatchDeploymentRecurringScheduleTimeOfDayArgs{\n\t\t\t\t\tHours: pulumi.Int(0),\n\t\t\t\t\tMinutes: pulumi.Int(30),\n\t\t\t\t\tSeconds: pulumi.Int(30),\n\t\t\t\t\tNanos: pulumi.Int(20),\n\t\t\t\t},\n\t\t\t\tMonthly: \u0026osconfig.PatchDeploymentRecurringScheduleMonthlyArgs{\n\t\t\t\t\tWeekDayOfMonth: \u0026osconfig.PatchDeploymentRecurringScheduleMonthlyWeekDayOfMonthArgs{\n\t\t\t\t\t\tWeekOrdinal: pulumi.Int(-1),\n\t\t\t\t\t\tDayOfWeek: pulumi.String(\"TUESDAY\"),\n\t\t\t\t\t\tDayOffset: pulumi.Int(3),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tRollout: \u0026osconfig.PatchDeploymentRolloutArgs{\n\t\t\t\tMode: pulumi.String(\"ZONE_BY_ZONE\"),\n\t\t\t\tDisruptionBudget: \u0026osconfig.PatchDeploymentRolloutDisruptionBudgetArgs{\n\t\t\t\t\tFixed: pulumi.Int(1),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.osconfig.PatchDeployment;\nimport com.pulumi.gcp.osconfig.PatchDeploymentArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentInstanceFilterArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentPatchConfigArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentPatchConfigAptArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentPatchConfigYumArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentPatchConfigGooArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentPatchConfigZypperArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentPatchConfigWindowsUpdateArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentPatchConfigPreStepArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentPatchConfigPreStepLinuxExecStepConfigArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentPatchConfigPreStepWindowsExecStepConfigArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentPatchConfigPostStepArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentPatchConfigPostStepLinuxExecStepConfigArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentPatchConfigPostStepLinuxExecStepConfigGcsObjectArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentPatchConfigPostStepWindowsExecStepConfigArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentPatchConfigPostStepWindowsExecStepConfigGcsObjectArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentRecurringScheduleArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentRecurringScheduleTimeZoneArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentRecurringScheduleTimeOfDayArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentRecurringScheduleMonthlyArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentRecurringScheduleMonthlyWeekDayOfMonthArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentRolloutArgs;\nimport com.pulumi.gcp.osconfig.inputs.PatchDeploymentRolloutDisruptionBudgetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var patch = new PatchDeployment(\"patch\", PatchDeploymentArgs.builder()\n .patchDeploymentId(\"patch-deploy\")\n .instanceFilter(PatchDeploymentInstanceFilterArgs.builder()\n .groupLabels(PatchDeploymentInstanceFilterGroupLabelArgs.builder()\n .labels(Map.ofEntries(\n Map.entry(\"env\", \"dev\"),\n Map.entry(\"app\", \"web\")\n ))\n .build())\n .instanceNamePrefixes(\"test-\")\n .zones( \n \"us-central1-a\",\n \"us-central-1c\")\n .build())\n .patchConfig(PatchDeploymentPatchConfigArgs.builder()\n .migInstancesAllowed(true)\n .rebootConfig(\"ALWAYS\")\n .apt(PatchDeploymentPatchConfigAptArgs.builder()\n .type(\"DIST\")\n .excludes(\"python\")\n .build())\n .yum(PatchDeploymentPatchConfigYumArgs.builder()\n .security(true)\n .minimal(true)\n .excludes(\"bash\")\n .build())\n .goo(PatchDeploymentPatchConfigGooArgs.builder()\n .enabled(true)\n .build())\n .zypper(PatchDeploymentPatchConfigZypperArgs.builder()\n .categories(\"security\")\n .build())\n .windowsUpdate(PatchDeploymentPatchConfigWindowsUpdateArgs.builder()\n .classifications( \n \"CRITICAL\",\n \"SECURITY\",\n \"UPDATE\")\n .excludes(\"5012170\")\n .build())\n .preStep(PatchDeploymentPatchConfigPreStepArgs.builder()\n .linuxExecStepConfig(PatchDeploymentPatchConfigPreStepLinuxExecStepConfigArgs.builder()\n .allowedSuccessCodes( \n 0,\n 3)\n .localPath(\"/tmp/pre_patch_script.sh\")\n .build())\n .windowsExecStepConfig(PatchDeploymentPatchConfigPreStepWindowsExecStepConfigArgs.builder()\n .interpreter(\"SHELL\")\n .allowedSuccessCodes( \n 0,\n 2)\n .localPath(\"C:\\\\Users\\\\user\\\\pre-patch-script.cmd\")\n .build())\n .build())\n .postStep(PatchDeploymentPatchConfigPostStepArgs.builder()\n .linuxExecStepConfig(PatchDeploymentPatchConfigPostStepLinuxExecStepConfigArgs.builder()\n .gcsObject(PatchDeploymentPatchConfigPostStepLinuxExecStepConfigGcsObjectArgs.builder()\n .bucket(\"my-patch-scripts\")\n .generationNumber(\"1523477886880\")\n .object(\"linux/post_patch_script\")\n .build())\n .build())\n .windowsExecStepConfig(PatchDeploymentPatchConfigPostStepWindowsExecStepConfigArgs.builder()\n .interpreter(\"POWERSHELL\")\n .gcsObject(PatchDeploymentPatchConfigPostStepWindowsExecStepConfigGcsObjectArgs.builder()\n .bucket(\"my-patch-scripts\")\n .generationNumber(\"135920493447\")\n .object(\"windows/post_patch_script.ps1\")\n .build())\n .build())\n .build())\n .build())\n .duration(\"10s\")\n .recurringSchedule(PatchDeploymentRecurringScheduleArgs.builder()\n .timeZone(PatchDeploymentRecurringScheduleTimeZoneArgs.builder()\n .id(\"America/New_York\")\n .build())\n .timeOfDay(PatchDeploymentRecurringScheduleTimeOfDayArgs.builder()\n .hours(0)\n .minutes(30)\n .seconds(30)\n .nanos(20)\n .build())\n .monthly(PatchDeploymentRecurringScheduleMonthlyArgs.builder()\n .weekDayOfMonth(PatchDeploymentRecurringScheduleMonthlyWeekDayOfMonthArgs.builder()\n .weekOrdinal(-1)\n .dayOfWeek(\"TUESDAY\")\n .dayOffset(3)\n .build())\n .build())\n .build())\n .rollout(PatchDeploymentRolloutArgs.builder()\n .mode(\"ZONE_BY_ZONE\")\n .disruptionBudget(PatchDeploymentRolloutDisruptionBudgetArgs.builder()\n .fixed(1)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n patch:\n type: gcp:osconfig:PatchDeployment\n properties:\n patchDeploymentId: patch-deploy\n instanceFilter:\n groupLabels:\n - labels:\n env: dev\n app: web\n instanceNamePrefixes:\n - test-\n zones:\n - us-central1-a\n - us-central-1c\n patchConfig:\n migInstancesAllowed: true\n rebootConfig: ALWAYS\n apt:\n type: DIST\n excludes:\n - python\n yum:\n security: true\n minimal: true\n excludes:\n - bash\n goo:\n enabled: true\n zypper:\n categories:\n - security\n windowsUpdate:\n classifications:\n - CRITICAL\n - SECURITY\n - UPDATE\n excludes:\n - '5012170'\n preStep:\n linuxExecStepConfig:\n allowedSuccessCodes:\n - 0\n - 3\n localPath: /tmp/pre_patch_script.sh\n windowsExecStepConfig:\n interpreter: SHELL\n allowedSuccessCodes:\n - 0\n - 2\n localPath: C:\\Users\\user\\pre-patch-script.cmd\n postStep:\n linuxExecStepConfig:\n gcsObject:\n bucket: my-patch-scripts\n generationNumber: '1523477886880'\n object: linux/post_patch_script\n windowsExecStepConfig:\n interpreter: POWERSHELL\n gcsObject:\n bucket: my-patch-scripts\n generationNumber: '135920493447'\n object: windows/post_patch_script.ps1\n duration: 10s\n recurringSchedule:\n timeZone:\n id: America/New_York\n timeOfDay:\n hours: 0\n minutes: 30\n seconds: 30\n nanos: 20\n monthly:\n weekDayOfMonth:\n weekOrdinal: -1\n dayOfWeek: TUESDAY\n dayOffset: 3\n rollout:\n mode: ZONE_BY_ZONE\n disruptionBudget:\n fixed: 1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nPatchDeployment can be imported using any of these accepted formats:\n\n* `{{project}}/{{name}}`\n\n* `{{project}} {{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, PatchDeployment can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:osconfig/patchDeployment:PatchDeployment default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:osconfig/patchDeployment:PatchDeployment default \"{{project}} {{name}}\"\n```\n\n```sh\n$ pulumi import gcp:osconfig/patchDeployment:PatchDeployment default {{name}}\n```\n\n", "properties": { "createTime": { "type": "string", @@ -250997,7 +250997,7 @@ } }, "gcp:oslogin/sshPublicKey:SshPublicKey": { - "description": "The SSH public key information associated with a Google account.\n\n\nTo get more information about SSHPublicKey, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/oslogin/rest/v1/users.sshPublicKeys)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/compute/docs/oslogin)\n\n## Example Usage\n\n### Os Login Ssh Key Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst me = gcp.organizations.getClientOpenIdUserInfo({});\nconst cache = new gcp.oslogin.SshPublicKey(\"cache\", {\n user: me.then(me =\u003e me.email),\n key: std.file({\n input: \"path/to/id_rsa.pub\",\n }).then(invoke =\u003e invoke.result),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nme = gcp.organizations.get_client_open_id_user_info()\ncache = gcp.oslogin.SshPublicKey(\"cache\",\n user=me.email,\n key=std.file(input=\"path/to/id_rsa.pub\").result)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var me = Gcp.Organizations.GetClientOpenIdUserInfo.Invoke();\n\n var cache = new Gcp.OsLogin.SshPublicKey(\"cache\", new()\n {\n User = me.Apply(getClientOpenIdUserInfoResult =\u003e getClientOpenIdUserInfoResult.Email),\n Key = Std.File.Invoke(new()\n {\n Input = \"path/to/id_rsa.pub\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/oslogin\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tme, err := organizations.GetClientOpenIdUserInfo(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"path/to/id_rsa.pub\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = oslogin.NewSshPublicKey(ctx, \"cache\", \u0026oslogin.SshPublicKeyArgs{\n\t\t\tUser: pulumi.String(me.Email),\n\t\t\tKey: pulumi.String(invokeFile.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.oslogin.SshPublicKey;\nimport com.pulumi.gcp.oslogin.SshPublicKeyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var me = OrganizationsFunctions.getClientOpenIdUserInfo();\n\n var cache = new SshPublicKey(\"cache\", SshPublicKeyArgs.builder()\n .user(me.applyValue(getClientOpenIdUserInfoResult -\u003e getClientOpenIdUserInfoResult.email()))\n .key(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/id_rsa.pub\")\n .build()).result())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cache:\n type: gcp:oslogin:SshPublicKey\n properties:\n user: ${me.email}\n key:\n fn::invoke:\n Function: std:file\n Arguments:\n input: path/to/id_rsa.pub\n Return: result\nvariables:\n me:\n fn::invoke:\n Function: gcp:organizations:getClientOpenIdUserInfo\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nSSHPublicKey can be imported using any of these accepted formats:\n\n* `users/{{user}}/sshPublicKeys/{{fingerprint}}`\n\n* `{{user}}/{{fingerprint}}`\n\nWhen using the `pulumi import` command, SSHPublicKey can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:oslogin/sshPublicKey:SshPublicKey default users/{{user}}/sshPublicKeys/{{fingerprint}}\n```\n\n```sh\n$ pulumi import gcp:oslogin/sshPublicKey:SshPublicKey default {{user}}/{{fingerprint}}\n```\n\n", + "description": "The SSH public key information associated with a Google account.\n\n\nTo get more information about SSHPublicKey, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/oslogin/rest/v1/users.sshPublicKeys)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/compute/docs/oslogin)\n\n## Example Usage\n\n### Os Login Ssh Key Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst me = gcp.organizations.getClientOpenIdUserInfo({});\nconst cache = new gcp.oslogin.SshPublicKey(\"cache\", {\n user: me.then(me =\u003e me.email),\n key: std.file({\n input: \"path/to/id_rsa.pub\",\n }).then(invoke =\u003e invoke.result),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nme = gcp.organizations.get_client_open_id_user_info()\ncache = gcp.oslogin.SshPublicKey(\"cache\",\n user=me.email,\n key=std.file(input=\"path/to/id_rsa.pub\").result)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var me = Gcp.Organizations.GetClientOpenIdUserInfo.Invoke();\n\n var cache = new Gcp.OsLogin.SshPublicKey(\"cache\", new()\n {\n User = me.Apply(getClientOpenIdUserInfoResult =\u003e getClientOpenIdUserInfoResult.Email),\n Key = Std.File.Invoke(new()\n {\n Input = \"path/to/id_rsa.pub\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/oslogin\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tme, err := organizations.GetClientOpenIdUserInfo(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"path/to/id_rsa.pub\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = oslogin.NewSshPublicKey(ctx, \"cache\", \u0026oslogin.SshPublicKeyArgs{\n\t\t\tUser: pulumi.String(me.Email),\n\t\t\tKey: pulumi.String(invokeFile.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.oslogin.SshPublicKey;\nimport com.pulumi.gcp.oslogin.SshPublicKeyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var me = OrganizationsFunctions.getClientOpenIdUserInfo();\n\n var cache = new SshPublicKey(\"cache\", SshPublicKeyArgs.builder()\n .user(me.applyValue(getClientOpenIdUserInfoResult -\u003e getClientOpenIdUserInfoResult.email()))\n .key(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/id_rsa.pub\")\n .build()).result())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cache:\n type: gcp:oslogin:SshPublicKey\n properties:\n user: ${me.email}\n key:\n fn::invoke:\n function: std:file\n arguments:\n input: path/to/id_rsa.pub\n return: result\nvariables:\n me:\n fn::invoke:\n function: gcp:organizations:getClientOpenIdUserInfo\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nSSHPublicKey can be imported using any of these accepted formats:\n\n* `users/{{user}}/sshPublicKeys/{{fingerprint}}`\n\n* `{{user}}/{{fingerprint}}`\n\nWhen using the `pulumi import` command, SSHPublicKey can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:oslogin/sshPublicKey:SshPublicKey default users/{{user}}/sshPublicKeys/{{fingerprint}}\n```\n\n```sh\n$ pulumi import gcp:oslogin/sshPublicKey:SshPublicKey default {{user}}/{{fingerprint}}\n```\n\n", "properties": { "expirationTimeUsec": { "type": "string", @@ -251081,7 +251081,7 @@ } }, "gcp:parallelstore/instance:Instance": { - "description": "## Example Usage\n\n### Parallelstore Instance Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network = new gcp.compute.Network(\"network\", {\n name: \"network\",\n autoCreateSubnetworks: true,\n mtu: 8896,\n});\n// Create an IP address\nconst privateIpAlloc = new gcp.compute.GlobalAddress(\"private_ip_alloc\", {\n name: \"address\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 24,\n network: network.id,\n});\n// Create a private connection\nconst _default = new gcp.servicenetworking.Connection(\"default\", {\n network: network.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [privateIpAlloc.name],\n});\nconst instance = new gcp.parallelstore.Instance(\"instance\", {\n instanceId: \"instance\",\n location: \"us-central1-a\",\n description: \"test instance\",\n capacityGib: \"12000\",\n network: network.name,\n fileStripeLevel: \"FILE_STRIPE_LEVEL_MIN\",\n directoryStripeLevel: \"DIRECTORY_STRIPE_LEVEL_MIN\",\n labels: {\n test: \"value\",\n },\n}, {\n dependsOn: [_default],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork = gcp.compute.Network(\"network\",\n name=\"network\",\n auto_create_subnetworks=True,\n mtu=8896)\n# Create an IP address\nprivate_ip_alloc = gcp.compute.GlobalAddress(\"private_ip_alloc\",\n name=\"address\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=24,\n network=network.id)\n# Create a private connection\ndefault = gcp.servicenetworking.Connection(\"default\",\n network=network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[private_ip_alloc.name])\ninstance = gcp.parallelstore.Instance(\"instance\",\n instance_id=\"instance\",\n location=\"us-central1-a\",\n description=\"test instance\",\n capacity_gib=\"12000\",\n network=network.name,\n file_stripe_level=\"FILE_STRIPE_LEVEL_MIN\",\n directory_stripe_level=\"DIRECTORY_STRIPE_LEVEL_MIN\",\n labels={\n \"test\": \"value\",\n },\n opts = pulumi.ResourceOptions(depends_on=[default]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"network\",\n AutoCreateSubnetworks = true,\n Mtu = 8896,\n });\n\n // Create an IP address\n var privateIpAlloc = new Gcp.Compute.GlobalAddress(\"private_ip_alloc\", new()\n {\n Name = \"address\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 24,\n Network = network.Id,\n });\n\n // Create a private connection\n var @default = new Gcp.ServiceNetworking.Connection(\"default\", new()\n {\n Network = network.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n privateIpAlloc.Name,\n },\n });\n\n var instance = new Gcp.ParallelStore.Instance(\"instance\", new()\n {\n InstanceId = \"instance\",\n Location = \"us-central1-a\",\n Description = \"test instance\",\n CapacityGib = \"12000\",\n Network = network.Name,\n FileStripeLevel = \"FILE_STRIPE_LEVEL_MIN\",\n DirectoryStripeLevel = \"DIRECTORY_STRIPE_LEVEL_MIN\",\n Labels = \n {\n { \"test\", \"value\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/parallelstore\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(true),\n\t\t\tMtu: pulumi.Int(8896),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create an IP address\n\t\tprivateIpAlloc, err := compute.NewGlobalAddress(ctx, \"private_ip_alloc\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"address\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(24),\n\t\t\tNetwork: network.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a private connection\n\t\t_, err = servicenetworking.NewConnection(ctx, \"default\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: network.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tprivateIpAlloc.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = parallelstore.NewInstance(ctx, \"instance\", \u0026parallelstore.InstanceArgs{\n\t\t\tInstanceId: pulumi.String(\"instance\"),\n\t\t\tLocation: pulumi.String(\"us-central1-a\"),\n\t\t\tDescription: pulumi.String(\"test instance\"),\n\t\t\tCapacityGib: pulumi.String(\"12000\"),\n\t\t\tNetwork: network.Name,\n\t\t\tFileStripeLevel: pulumi.String(\"FILE_STRIPE_LEVEL_MIN\"),\n\t\t\tDirectoryStripeLevel: pulumi.String(\"DIRECTORY_STRIPE_LEVEL_MIN\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"test\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.parallelstore.Instance;\nimport com.pulumi.gcp.parallelstore.InstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"network\")\n .autoCreateSubnetworks(true)\n .mtu(8896)\n .build());\n\n // Create an IP address\n var privateIpAlloc = new GlobalAddress(\"privateIpAlloc\", GlobalAddressArgs.builder()\n .name(\"address\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(24)\n .network(network.id())\n .build());\n\n // Create a private connection\n var default_ = new Connection(\"default\", ConnectionArgs.builder()\n .network(network.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(privateIpAlloc.name())\n .build());\n\n var instance = new Instance(\"instance\", InstanceArgs.builder()\n .instanceId(\"instance\")\n .location(\"us-central1-a\")\n .description(\"test instance\")\n .capacityGib(12000)\n .network(network.name())\n .fileStripeLevel(\"FILE_STRIPE_LEVEL_MIN\")\n .directoryStripeLevel(\"DIRECTORY_STRIPE_LEVEL_MIN\")\n .labels(Map.of(\"test\", \"value\"))\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:parallelstore:Instance\n properties:\n instanceId: instance\n location: us-central1-a\n description: test instance\n capacityGib: 12000\n network: ${network.name}\n fileStripeLevel: FILE_STRIPE_LEVEL_MIN\n directoryStripeLevel: DIRECTORY_STRIPE_LEVEL_MIN\n labels:\n test: value\n options:\n dependson:\n - ${default}\n network:\n type: gcp:compute:Network\n properties:\n name: network\n autoCreateSubnetworks: true\n mtu: 8896\n # Create an IP address\n privateIpAlloc:\n type: gcp:compute:GlobalAddress\n name: private_ip_alloc\n properties:\n name: address\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 24\n network: ${network.id}\n # Create a private connection\n default:\n type: gcp:servicenetworking:Connection\n properties:\n network: ${network.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${privateIpAlloc.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInstance can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/instances/{{instance_id}}`\n\n* `{{project}}/{{location}}/{{instance_id}}`\n\n* `{{location}}/{{instance_id}}`\n\nWhen using the `pulumi import` command, Instance can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:parallelstore/instance:Instance default projects/{{project}}/locations/{{location}}/instances/{{instance_id}}\n```\n\n```sh\n$ pulumi import gcp:parallelstore/instance:Instance default {{project}}/{{location}}/{{instance_id}}\n```\n\n```sh\n$ pulumi import gcp:parallelstore/instance:Instance default {{location}}/{{instance_id}}\n```\n\n", + "description": "## Example Usage\n\n### Parallelstore Instance Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network = new gcp.compute.Network(\"network\", {\n name: \"network\",\n autoCreateSubnetworks: true,\n mtu: 8896,\n});\n// Create an IP address\nconst privateIpAlloc = new gcp.compute.GlobalAddress(\"private_ip_alloc\", {\n name: \"address\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 24,\n network: network.id,\n});\n// Create a private connection\nconst _default = new gcp.servicenetworking.Connection(\"default\", {\n network: network.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [privateIpAlloc.name],\n});\nconst instance = new gcp.parallelstore.Instance(\"instance\", {\n instanceId: \"instance\",\n location: \"us-central1-a\",\n description: \"test instance\",\n capacityGib: \"12000\",\n network: network.name,\n fileStripeLevel: \"FILE_STRIPE_LEVEL_MIN\",\n directoryStripeLevel: \"DIRECTORY_STRIPE_LEVEL_MIN\",\n labels: {\n test: \"value\",\n },\n}, {\n dependsOn: [_default],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork = gcp.compute.Network(\"network\",\n name=\"network\",\n auto_create_subnetworks=True,\n mtu=8896)\n# Create an IP address\nprivate_ip_alloc = gcp.compute.GlobalAddress(\"private_ip_alloc\",\n name=\"address\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=24,\n network=network.id)\n# Create a private connection\ndefault = gcp.servicenetworking.Connection(\"default\",\n network=network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[private_ip_alloc.name])\ninstance = gcp.parallelstore.Instance(\"instance\",\n instance_id=\"instance\",\n location=\"us-central1-a\",\n description=\"test instance\",\n capacity_gib=\"12000\",\n network=network.name,\n file_stripe_level=\"FILE_STRIPE_LEVEL_MIN\",\n directory_stripe_level=\"DIRECTORY_STRIPE_LEVEL_MIN\",\n labels={\n \"test\": \"value\",\n },\n opts = pulumi.ResourceOptions(depends_on=[default]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"network\",\n AutoCreateSubnetworks = true,\n Mtu = 8896,\n });\n\n // Create an IP address\n var privateIpAlloc = new Gcp.Compute.GlobalAddress(\"private_ip_alloc\", new()\n {\n Name = \"address\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 24,\n Network = network.Id,\n });\n\n // Create a private connection\n var @default = new Gcp.ServiceNetworking.Connection(\"default\", new()\n {\n Network = network.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n privateIpAlloc.Name,\n },\n });\n\n var instance = new Gcp.ParallelStore.Instance(\"instance\", new()\n {\n InstanceId = \"instance\",\n Location = \"us-central1-a\",\n Description = \"test instance\",\n CapacityGib = \"12000\",\n Network = network.Name,\n FileStripeLevel = \"FILE_STRIPE_LEVEL_MIN\",\n DirectoryStripeLevel = \"DIRECTORY_STRIPE_LEVEL_MIN\",\n Labels = \n {\n { \"test\", \"value\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/parallelstore\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(true),\n\t\t\tMtu: pulumi.Int(8896),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create an IP address\n\t\tprivateIpAlloc, err := compute.NewGlobalAddress(ctx, \"private_ip_alloc\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"address\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(24),\n\t\t\tNetwork: network.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a private connection\n\t\t_, err = servicenetworking.NewConnection(ctx, \"default\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: network.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tprivateIpAlloc.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = parallelstore.NewInstance(ctx, \"instance\", \u0026parallelstore.InstanceArgs{\n\t\t\tInstanceId: pulumi.String(\"instance\"),\n\t\t\tLocation: pulumi.String(\"us-central1-a\"),\n\t\t\tDescription: pulumi.String(\"test instance\"),\n\t\t\tCapacityGib: pulumi.String(\"12000\"),\n\t\t\tNetwork: network.Name,\n\t\t\tFileStripeLevel: pulumi.String(\"FILE_STRIPE_LEVEL_MIN\"),\n\t\t\tDirectoryStripeLevel: pulumi.String(\"DIRECTORY_STRIPE_LEVEL_MIN\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"test\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.parallelstore.Instance;\nimport com.pulumi.gcp.parallelstore.InstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"network\")\n .autoCreateSubnetworks(true)\n .mtu(8896)\n .build());\n\n // Create an IP address\n var privateIpAlloc = new GlobalAddress(\"privateIpAlloc\", GlobalAddressArgs.builder()\n .name(\"address\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(24)\n .network(network.id())\n .build());\n\n // Create a private connection\n var default_ = new Connection(\"default\", ConnectionArgs.builder()\n .network(network.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(privateIpAlloc.name())\n .build());\n\n var instance = new Instance(\"instance\", InstanceArgs.builder()\n .instanceId(\"instance\")\n .location(\"us-central1-a\")\n .description(\"test instance\")\n .capacityGib(12000)\n .network(network.name())\n .fileStripeLevel(\"FILE_STRIPE_LEVEL_MIN\")\n .directoryStripeLevel(\"DIRECTORY_STRIPE_LEVEL_MIN\")\n .labels(Map.of(\"test\", \"value\"))\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:parallelstore:Instance\n properties:\n instanceId: instance\n location: us-central1-a\n description: test instance\n capacityGib: 12000\n network: ${network.name}\n fileStripeLevel: FILE_STRIPE_LEVEL_MIN\n directoryStripeLevel: DIRECTORY_STRIPE_LEVEL_MIN\n labels:\n test: value\n options:\n dependsOn:\n - ${default}\n network:\n type: gcp:compute:Network\n properties:\n name: network\n autoCreateSubnetworks: true\n mtu: 8896\n # Create an IP address\n privateIpAlloc:\n type: gcp:compute:GlobalAddress\n name: private_ip_alloc\n properties:\n name: address\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 24\n network: ${network.id}\n # Create a private connection\n default:\n type: gcp:servicenetworking:Connection\n properties:\n network: ${network.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${privateIpAlloc.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInstance can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/instances/{{instance_id}}`\n\n* `{{project}}/{{location}}/{{instance_id}}`\n\n* `{{location}}/{{instance_id}}`\n\nWhen using the `pulumi import` command, Instance can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:parallelstore/instance:Instance default projects/{{project}}/locations/{{location}}/instances/{{instance_id}}\n```\n\n```sh\n$ pulumi import gcp:parallelstore/instance:Instance default {{project}}/{{location}}/{{instance_id}}\n```\n\n```sh\n$ pulumi import gcp:parallelstore/instance:Instance default {{location}}/{{instance_id}}\n```\n\n", "properties": { "accessPoints": { "type": "array", @@ -251550,7 +251550,7 @@ } }, "gcp:projects/accessApprovalSettings:AccessApprovalSettings": { - "description": "Access Approval enables you to require your explicit approval whenever Google support and engineering need to access your customer content.\n\n\nTo get more information about ProjectSettings, see:\n\n* [API documentation](https://cloud.google.com/access-approval/docs/reference/rest/v1/projects)\n\n## Example Usage\n\n### Project Access Approval Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst projectAccessApproval = new gcp.projects.AccessApprovalSettings(\"project_access_approval\", {\n projectId: \"my-project-name\",\n notificationEmails: [\n \"testuser@example.com\",\n \"example.user@example.com\",\n ],\n enrolledServices: [{\n cloudProduct: \"all\",\n enrollmentLevel: \"BLOCK_ALL\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject_access_approval = gcp.projects.AccessApprovalSettings(\"project_access_approval\",\n project_id=\"my-project-name\",\n notification_emails=[\n \"testuser@example.com\",\n \"example.user@example.com\",\n ],\n enrolled_services=[{\n \"cloud_product\": \"all\",\n \"enrollment_level\": \"BLOCK_ALL\",\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var projectAccessApproval = new Gcp.Projects.AccessApprovalSettings(\"project_access_approval\", new()\n {\n ProjectId = \"my-project-name\",\n NotificationEmails = new[]\n {\n \"testuser@example.com\",\n \"example.user@example.com\",\n },\n EnrolledServices = new[]\n {\n new Gcp.Projects.Inputs.AccessApprovalSettingsEnrolledServiceArgs\n {\n CloudProduct = \"all\",\n EnrollmentLevel = \"BLOCK_ALL\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewAccessApprovalSettings(ctx, \"project_access_approval\", \u0026projects.AccessApprovalSettingsArgs{\n\t\t\tProjectId: pulumi.String(\"my-project-name\"),\n\t\t\tNotificationEmails: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"testuser@example.com\"),\n\t\t\t\tpulumi.String(\"example.user@example.com\"),\n\t\t\t},\n\t\t\tEnrolledServices: projects.AccessApprovalSettingsEnrolledServiceArray{\n\t\t\t\t\u0026projects.AccessApprovalSettingsEnrolledServiceArgs{\n\t\t\t\t\tCloudProduct: pulumi.String(\"all\"),\n\t\t\t\t\tEnrollmentLevel: pulumi.String(\"BLOCK_ALL\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.AccessApprovalSettings;\nimport com.pulumi.gcp.projects.AccessApprovalSettingsArgs;\nimport com.pulumi.gcp.projects.inputs.AccessApprovalSettingsEnrolledServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var projectAccessApproval = new AccessApprovalSettings(\"projectAccessApproval\", AccessApprovalSettingsArgs.builder()\n .projectId(\"my-project-name\")\n .notificationEmails( \n \"testuser@example.com\",\n \"example.user@example.com\")\n .enrolledServices(AccessApprovalSettingsEnrolledServiceArgs.builder()\n .cloudProduct(\"all\")\n .enrollmentLevel(\"BLOCK_ALL\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n projectAccessApproval:\n type: gcp:projects:AccessApprovalSettings\n name: project_access_approval\n properties:\n projectId: my-project-name\n notificationEmails:\n - testuser@example.com\n - example.user@example.com\n enrolledServices:\n - cloudProduct: all\n enrollmentLevel: BLOCK_ALL\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Project Access Approval Active Key Version\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRing(\"key_ring\", {\n name: \"key-ring\",\n location: \"global\",\n project: \"my-project-name\",\n});\nconst cryptoKey = new gcp.kms.CryptoKey(\"crypto_key\", {\n name: \"crypto-key\",\n keyRing: keyRing.id,\n purpose: \"ASYMMETRIC_SIGN\",\n versionTemplate: {\n algorithm: \"EC_SIGN_P384_SHA384\",\n },\n});\nconst serviceAccount = gcp.accessapproval.getProjectServiceAccount({\n projectId: \"my-project-name\",\n});\nconst iam = new gcp.kms.CryptoKeyIAMMember(\"iam\", {\n cryptoKeyId: cryptoKey.id,\n role: \"roles/cloudkms.signerVerifier\",\n member: serviceAccount.then(serviceAccount =\u003e `serviceAccount:${serviceAccount.accountEmail}`),\n});\nconst cryptoKeyVersion = gcp.kms.getKMSCryptoKeyVersionOutput({\n cryptoKey: cryptoKey.id,\n});\nconst projectAccessApproval = new gcp.projects.AccessApprovalSettings(\"project_access_approval\", {\n projectId: \"my-project-name\",\n activeKeyVersion: cryptoKeyVersion.apply(cryptoKeyVersion =\u003e cryptoKeyVersion.name),\n enrolledServices: [{\n cloudProduct: \"all\",\n }],\n}, {\n dependsOn: [iam],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRing(\"key_ring\",\n name=\"key-ring\",\n location=\"global\",\n project=\"my-project-name\")\ncrypto_key = gcp.kms.CryptoKey(\"crypto_key\",\n name=\"crypto-key\",\n key_ring=key_ring.id,\n purpose=\"ASYMMETRIC_SIGN\",\n version_template={\n \"algorithm\": \"EC_SIGN_P384_SHA384\",\n })\nservice_account = gcp.accessapproval.get_project_service_account(project_id=\"my-project-name\")\niam = gcp.kms.CryptoKeyIAMMember(\"iam\",\n crypto_key_id=crypto_key.id,\n role=\"roles/cloudkms.signerVerifier\",\n member=f\"serviceAccount:{service_account.account_email}\")\ncrypto_key_version = gcp.kms.get_kms_crypto_key_version_output(crypto_key=crypto_key.id)\nproject_access_approval = gcp.projects.AccessApprovalSettings(\"project_access_approval\",\n project_id=\"my-project-name\",\n active_key_version=crypto_key_version.name,\n enrolled_services=[{\n \"cloud_product\": \"all\",\n }],\n opts = pulumi.ResourceOptions(depends_on=[iam]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRing(\"key_ring\", new()\n {\n Name = \"key-ring\",\n Location = \"global\",\n Project = \"my-project-name\",\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKey(\"crypto_key\", new()\n {\n Name = \"crypto-key\",\n KeyRing = keyRing.Id,\n Purpose = \"ASYMMETRIC_SIGN\",\n VersionTemplate = new Gcp.Kms.Inputs.CryptoKeyVersionTemplateArgs\n {\n Algorithm = \"EC_SIGN_P384_SHA384\",\n },\n });\n\n var serviceAccount = Gcp.AccessApproval.GetProjectServiceAccount.Invoke(new()\n {\n ProjectId = \"my-project-name\",\n });\n\n var iam = new Gcp.Kms.CryptoKeyIAMMember(\"iam\", new()\n {\n CryptoKeyId = cryptoKey.Id,\n Role = \"roles/cloudkms.signerVerifier\",\n Member = $\"serviceAccount:{serviceAccount.Apply(getProjectServiceAccountResult =\u003e getProjectServiceAccountResult.AccountEmail)}\",\n });\n\n var cryptoKeyVersion = Gcp.Kms.GetKMSCryptoKeyVersion.Invoke(new()\n {\n CryptoKey = cryptoKey.Id,\n });\n\n var projectAccessApproval = new Gcp.Projects.AccessApprovalSettings(\"project_access_approval\", new()\n {\n ProjectId = \"my-project-name\",\n ActiveKeyVersion = cryptoKeyVersion.Apply(getKMSCryptoKeyVersionResult =\u003e getKMSCryptoKeyVersionResult.Name),\n EnrolledServices = new[]\n {\n new Gcp.Projects.Inputs.AccessApprovalSettingsEnrolledServiceArgs\n {\n CloudProduct = \"all\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n iam,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accessapproval\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyRing, err := kms.NewKeyRing(ctx, \"key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"key-ring\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKey(ctx, \"crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"crypto-key\"),\n\t\t\tKeyRing: keyRing.ID(),\n\t\t\tPurpose: pulumi.String(\"ASYMMETRIC_SIGN\"),\n\t\t\tVersionTemplate: \u0026kms.CryptoKeyVersionTemplateArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"EC_SIGN_P384_SHA384\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tserviceAccount, err := accessapproval.GetProjectServiceAccount(ctx, \u0026accessapproval.GetProjectServiceAccountArgs{\n\t\t\tProjectId: \"my-project-name\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tiam, err := kms.NewCryptoKeyIAMMember(ctx, \"iam\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: cryptoKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.signerVerifier\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v\", serviceAccount.AccountEmail),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKeyVersion := kms.GetKMSCryptoKeyVersionOutput(ctx, kms.GetKMSCryptoKeyVersionOutputArgs{\n\t\t\tCryptoKey: cryptoKey.ID(),\n\t\t}, nil)\n\t\t_, err = projects.NewAccessApprovalSettings(ctx, \"project_access_approval\", \u0026projects.AccessApprovalSettingsArgs{\n\t\t\tProjectId: pulumi.String(\"my-project-name\"),\n\t\t\tActiveKeyVersion: pulumi.String(cryptoKeyVersion.ApplyT(func(cryptoKeyVersion kms.GetKMSCryptoKeyVersionResult) (*string, error) {\n\t\t\t\treturn \u0026cryptoKeyVersion.Name, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\tEnrolledServices: projects.AccessApprovalSettingsEnrolledServiceArray{\n\t\t\t\t\u0026projects.AccessApprovalSettingsEnrolledServiceArgs{\n\t\t\t\t\tCloudProduct: pulumi.String(\"all\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tiam,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.kms.inputs.CryptoKeyVersionTemplateArgs;\nimport com.pulumi.gcp.accessapproval.AccessapprovalFunctions;\nimport com.pulumi.gcp.accessapproval.inputs.GetProjectServiceAccountArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyVersionArgs;\nimport com.pulumi.gcp.projects.AccessApprovalSettings;\nimport com.pulumi.gcp.projects.AccessApprovalSettingsArgs;\nimport com.pulumi.gcp.projects.inputs.AccessApprovalSettingsEnrolledServiceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRing(\"keyRing\", KeyRingArgs.builder()\n .name(\"key-ring\")\n .location(\"global\")\n .project(\"my-project-name\")\n .build());\n\n var cryptoKey = new CryptoKey(\"cryptoKey\", CryptoKeyArgs.builder()\n .name(\"crypto-key\")\n .keyRing(keyRing.id())\n .purpose(\"ASYMMETRIC_SIGN\")\n .versionTemplate(CryptoKeyVersionTemplateArgs.builder()\n .algorithm(\"EC_SIGN_P384_SHA384\")\n .build())\n .build());\n\n final var serviceAccount = AccessapprovalFunctions.getProjectServiceAccount(GetProjectServiceAccountArgs.builder()\n .projectId(\"my-project-name\")\n .build());\n\n var iam = new CryptoKeyIAMMember(\"iam\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(cryptoKey.id())\n .role(\"roles/cloudkms.signerVerifier\")\n .member(String.format(\"serviceAccount:%s\", serviceAccount.applyValue(getProjectServiceAccountResult -\u003e getProjectServiceAccountResult.accountEmail())))\n .build());\n\n final var cryptoKeyVersion = KmsFunctions.getKMSCryptoKeyVersion(GetKMSCryptoKeyVersionArgs.builder()\n .cryptoKey(cryptoKey.id())\n .build());\n\n var projectAccessApproval = new AccessApprovalSettings(\"projectAccessApproval\", AccessApprovalSettingsArgs.builder()\n .projectId(\"my-project-name\")\n .activeKeyVersion(cryptoKeyVersion.applyValue(getKMSCryptoKeyVersionResult -\u003e getKMSCryptoKeyVersionResult).applyValue(cryptoKeyVersion -\u003e cryptoKeyVersion.applyValue(getKMSCryptoKeyVersionResult -\u003e getKMSCryptoKeyVersionResult.name())))\n .enrolledServices(AccessApprovalSettingsEnrolledServiceArgs.builder()\n .cloudProduct(\"all\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(iam)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRing\n name: key_ring\n properties:\n name: key-ring\n location: global\n project: my-project-name\n cryptoKey:\n type: gcp:kms:CryptoKey\n name: crypto_key\n properties:\n name: crypto-key\n keyRing: ${keyRing.id}\n purpose: ASYMMETRIC_SIGN\n versionTemplate:\n algorithm: EC_SIGN_P384_SHA384\n iam:\n type: gcp:kms:CryptoKeyIAMMember\n properties:\n cryptoKeyId: ${cryptoKey.id}\n role: roles/cloudkms.signerVerifier\n member: serviceAccount:${serviceAccount.accountEmail}\n projectAccessApproval:\n type: gcp:projects:AccessApprovalSettings\n name: project_access_approval\n properties:\n projectId: my-project-name\n activeKeyVersion: ${cryptoKeyVersion.name}\n enrolledServices:\n - cloudProduct: all\n options:\n dependson:\n - ${iam}\nvariables:\n serviceAccount:\n fn::invoke:\n Function: gcp:accessapproval:getProjectServiceAccount\n Arguments:\n projectId: my-project-name\n cryptoKeyVersion:\n fn::invoke:\n Function: gcp:kms:getKMSCryptoKeyVersion\n Arguments:\n cryptoKey: ${cryptoKey.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProjectSettings can be imported using any of these accepted formats:\n\n* `projects/{{project_id}}/accessApprovalSettings`\n\n* `{{project_id}}`\n\nWhen using the `pulumi import` command, ProjectSettings can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:projects/accessApprovalSettings:AccessApprovalSettings default projects/{{project_id}}/accessApprovalSettings\n```\n\n```sh\n$ pulumi import gcp:projects/accessApprovalSettings:AccessApprovalSettings default {{project_id}}\n```\n\n", + "description": "Access Approval enables you to require your explicit approval whenever Google support and engineering need to access your customer content.\n\n\nTo get more information about ProjectSettings, see:\n\n* [API documentation](https://cloud.google.com/access-approval/docs/reference/rest/v1/projects)\n\n## Example Usage\n\n### Project Access Approval Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst projectAccessApproval = new gcp.projects.AccessApprovalSettings(\"project_access_approval\", {\n projectId: \"my-project-name\",\n notificationEmails: [\n \"testuser@example.com\",\n \"example.user@example.com\",\n ],\n enrolledServices: [{\n cloudProduct: \"all\",\n enrollmentLevel: \"BLOCK_ALL\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject_access_approval = gcp.projects.AccessApprovalSettings(\"project_access_approval\",\n project_id=\"my-project-name\",\n notification_emails=[\n \"testuser@example.com\",\n \"example.user@example.com\",\n ],\n enrolled_services=[{\n \"cloud_product\": \"all\",\n \"enrollment_level\": \"BLOCK_ALL\",\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var projectAccessApproval = new Gcp.Projects.AccessApprovalSettings(\"project_access_approval\", new()\n {\n ProjectId = \"my-project-name\",\n NotificationEmails = new[]\n {\n \"testuser@example.com\",\n \"example.user@example.com\",\n },\n EnrolledServices = new[]\n {\n new Gcp.Projects.Inputs.AccessApprovalSettingsEnrolledServiceArgs\n {\n CloudProduct = \"all\",\n EnrollmentLevel = \"BLOCK_ALL\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewAccessApprovalSettings(ctx, \"project_access_approval\", \u0026projects.AccessApprovalSettingsArgs{\n\t\t\tProjectId: pulumi.String(\"my-project-name\"),\n\t\t\tNotificationEmails: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"testuser@example.com\"),\n\t\t\t\tpulumi.String(\"example.user@example.com\"),\n\t\t\t},\n\t\t\tEnrolledServices: projects.AccessApprovalSettingsEnrolledServiceArray{\n\t\t\t\t\u0026projects.AccessApprovalSettingsEnrolledServiceArgs{\n\t\t\t\t\tCloudProduct: pulumi.String(\"all\"),\n\t\t\t\t\tEnrollmentLevel: pulumi.String(\"BLOCK_ALL\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.AccessApprovalSettings;\nimport com.pulumi.gcp.projects.AccessApprovalSettingsArgs;\nimport com.pulumi.gcp.projects.inputs.AccessApprovalSettingsEnrolledServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var projectAccessApproval = new AccessApprovalSettings(\"projectAccessApproval\", AccessApprovalSettingsArgs.builder()\n .projectId(\"my-project-name\")\n .notificationEmails( \n \"testuser@example.com\",\n \"example.user@example.com\")\n .enrolledServices(AccessApprovalSettingsEnrolledServiceArgs.builder()\n .cloudProduct(\"all\")\n .enrollmentLevel(\"BLOCK_ALL\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n projectAccessApproval:\n type: gcp:projects:AccessApprovalSettings\n name: project_access_approval\n properties:\n projectId: my-project-name\n notificationEmails:\n - testuser@example.com\n - example.user@example.com\n enrolledServices:\n - cloudProduct: all\n enrollmentLevel: BLOCK_ALL\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Project Access Approval Active Key Version\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRing(\"key_ring\", {\n name: \"key-ring\",\n location: \"global\",\n project: \"my-project-name\",\n});\nconst cryptoKey = new gcp.kms.CryptoKey(\"crypto_key\", {\n name: \"crypto-key\",\n keyRing: keyRing.id,\n purpose: \"ASYMMETRIC_SIGN\",\n versionTemplate: {\n algorithm: \"EC_SIGN_P384_SHA384\",\n },\n});\nconst serviceAccount = gcp.accessapproval.getProjectServiceAccount({\n projectId: \"my-project-name\",\n});\nconst iam = new gcp.kms.CryptoKeyIAMMember(\"iam\", {\n cryptoKeyId: cryptoKey.id,\n role: \"roles/cloudkms.signerVerifier\",\n member: serviceAccount.then(serviceAccount =\u003e `serviceAccount:${serviceAccount.accountEmail}`),\n});\nconst cryptoKeyVersion = gcp.kms.getKMSCryptoKeyVersionOutput({\n cryptoKey: cryptoKey.id,\n});\nconst projectAccessApproval = new gcp.projects.AccessApprovalSettings(\"project_access_approval\", {\n projectId: \"my-project-name\",\n activeKeyVersion: cryptoKeyVersion.apply(cryptoKeyVersion =\u003e cryptoKeyVersion.name),\n enrolledServices: [{\n cloudProduct: \"all\",\n }],\n}, {\n dependsOn: [iam],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRing(\"key_ring\",\n name=\"key-ring\",\n location=\"global\",\n project=\"my-project-name\")\ncrypto_key = gcp.kms.CryptoKey(\"crypto_key\",\n name=\"crypto-key\",\n key_ring=key_ring.id,\n purpose=\"ASYMMETRIC_SIGN\",\n version_template={\n \"algorithm\": \"EC_SIGN_P384_SHA384\",\n })\nservice_account = gcp.accessapproval.get_project_service_account(project_id=\"my-project-name\")\niam = gcp.kms.CryptoKeyIAMMember(\"iam\",\n crypto_key_id=crypto_key.id,\n role=\"roles/cloudkms.signerVerifier\",\n member=f\"serviceAccount:{service_account.account_email}\")\ncrypto_key_version = gcp.kms.get_kms_crypto_key_version_output(crypto_key=crypto_key.id)\nproject_access_approval = gcp.projects.AccessApprovalSettings(\"project_access_approval\",\n project_id=\"my-project-name\",\n active_key_version=crypto_key_version.name,\n enrolled_services=[{\n \"cloud_product\": \"all\",\n }],\n opts = pulumi.ResourceOptions(depends_on=[iam]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRing(\"key_ring\", new()\n {\n Name = \"key-ring\",\n Location = \"global\",\n Project = \"my-project-name\",\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKey(\"crypto_key\", new()\n {\n Name = \"crypto-key\",\n KeyRing = keyRing.Id,\n Purpose = \"ASYMMETRIC_SIGN\",\n VersionTemplate = new Gcp.Kms.Inputs.CryptoKeyVersionTemplateArgs\n {\n Algorithm = \"EC_SIGN_P384_SHA384\",\n },\n });\n\n var serviceAccount = Gcp.AccessApproval.GetProjectServiceAccount.Invoke(new()\n {\n ProjectId = \"my-project-name\",\n });\n\n var iam = new Gcp.Kms.CryptoKeyIAMMember(\"iam\", new()\n {\n CryptoKeyId = cryptoKey.Id,\n Role = \"roles/cloudkms.signerVerifier\",\n Member = $\"serviceAccount:{serviceAccount.Apply(getProjectServiceAccountResult =\u003e getProjectServiceAccountResult.AccountEmail)}\",\n });\n\n var cryptoKeyVersion = Gcp.Kms.GetKMSCryptoKeyVersion.Invoke(new()\n {\n CryptoKey = cryptoKey.Id,\n });\n\n var projectAccessApproval = new Gcp.Projects.AccessApprovalSettings(\"project_access_approval\", new()\n {\n ProjectId = \"my-project-name\",\n ActiveKeyVersion = cryptoKeyVersion.Apply(getKMSCryptoKeyVersionResult =\u003e getKMSCryptoKeyVersionResult.Name),\n EnrolledServices = new[]\n {\n new Gcp.Projects.Inputs.AccessApprovalSettingsEnrolledServiceArgs\n {\n CloudProduct = \"all\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n iam,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accessapproval\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyRing, err := kms.NewKeyRing(ctx, \"key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"key-ring\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKey(ctx, \"crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"crypto-key\"),\n\t\t\tKeyRing: keyRing.ID(),\n\t\t\tPurpose: pulumi.String(\"ASYMMETRIC_SIGN\"),\n\t\t\tVersionTemplate: \u0026kms.CryptoKeyVersionTemplateArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"EC_SIGN_P384_SHA384\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tserviceAccount, err := accessapproval.GetProjectServiceAccount(ctx, \u0026accessapproval.GetProjectServiceAccountArgs{\n\t\t\tProjectId: \"my-project-name\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tiam, err := kms.NewCryptoKeyIAMMember(ctx, \"iam\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: cryptoKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.signerVerifier\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v\", serviceAccount.AccountEmail),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKeyVersion := kms.GetKMSCryptoKeyVersionOutput(ctx, kms.GetKMSCryptoKeyVersionOutputArgs{\n\t\t\tCryptoKey: cryptoKey.ID(),\n\t\t}, nil)\n\t\t_, err = projects.NewAccessApprovalSettings(ctx, \"project_access_approval\", \u0026projects.AccessApprovalSettingsArgs{\n\t\t\tProjectId: pulumi.String(\"my-project-name\"),\n\t\t\tActiveKeyVersion: pulumi.String(cryptoKeyVersion.ApplyT(func(cryptoKeyVersion kms.GetKMSCryptoKeyVersionResult) (*string, error) {\n\t\t\t\treturn \u0026cryptoKeyVersion.Name, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\tEnrolledServices: projects.AccessApprovalSettingsEnrolledServiceArray{\n\t\t\t\t\u0026projects.AccessApprovalSettingsEnrolledServiceArgs{\n\t\t\t\t\tCloudProduct: pulumi.String(\"all\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tiam,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.kms.inputs.CryptoKeyVersionTemplateArgs;\nimport com.pulumi.gcp.accessapproval.AccessapprovalFunctions;\nimport com.pulumi.gcp.accessapproval.inputs.GetProjectServiceAccountArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyVersionArgs;\nimport com.pulumi.gcp.projects.AccessApprovalSettings;\nimport com.pulumi.gcp.projects.AccessApprovalSettingsArgs;\nimport com.pulumi.gcp.projects.inputs.AccessApprovalSettingsEnrolledServiceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRing(\"keyRing\", KeyRingArgs.builder()\n .name(\"key-ring\")\n .location(\"global\")\n .project(\"my-project-name\")\n .build());\n\n var cryptoKey = new CryptoKey(\"cryptoKey\", CryptoKeyArgs.builder()\n .name(\"crypto-key\")\n .keyRing(keyRing.id())\n .purpose(\"ASYMMETRIC_SIGN\")\n .versionTemplate(CryptoKeyVersionTemplateArgs.builder()\n .algorithm(\"EC_SIGN_P384_SHA384\")\n .build())\n .build());\n\n final var serviceAccount = AccessapprovalFunctions.getProjectServiceAccount(GetProjectServiceAccountArgs.builder()\n .projectId(\"my-project-name\")\n .build());\n\n var iam = new CryptoKeyIAMMember(\"iam\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(cryptoKey.id())\n .role(\"roles/cloudkms.signerVerifier\")\n .member(String.format(\"serviceAccount:%s\", serviceAccount.applyValue(getProjectServiceAccountResult -\u003e getProjectServiceAccountResult.accountEmail())))\n .build());\n\n final var cryptoKeyVersion = KmsFunctions.getKMSCryptoKeyVersion(GetKMSCryptoKeyVersionArgs.builder()\n .cryptoKey(cryptoKey.id())\n .build());\n\n var projectAccessApproval = new AccessApprovalSettings(\"projectAccessApproval\", AccessApprovalSettingsArgs.builder()\n .projectId(\"my-project-name\")\n .activeKeyVersion(cryptoKeyVersion.applyValue(getKMSCryptoKeyVersionResult -\u003e getKMSCryptoKeyVersionResult).applyValue(cryptoKeyVersion -\u003e cryptoKeyVersion.applyValue(getKMSCryptoKeyVersionResult -\u003e getKMSCryptoKeyVersionResult.name())))\n .enrolledServices(AccessApprovalSettingsEnrolledServiceArgs.builder()\n .cloudProduct(\"all\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(iam)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRing\n name: key_ring\n properties:\n name: key-ring\n location: global\n project: my-project-name\n cryptoKey:\n type: gcp:kms:CryptoKey\n name: crypto_key\n properties:\n name: crypto-key\n keyRing: ${keyRing.id}\n purpose: ASYMMETRIC_SIGN\n versionTemplate:\n algorithm: EC_SIGN_P384_SHA384\n iam:\n type: gcp:kms:CryptoKeyIAMMember\n properties:\n cryptoKeyId: ${cryptoKey.id}\n role: roles/cloudkms.signerVerifier\n member: serviceAccount:${serviceAccount.accountEmail}\n projectAccessApproval:\n type: gcp:projects:AccessApprovalSettings\n name: project_access_approval\n properties:\n projectId: my-project-name\n activeKeyVersion: ${cryptoKeyVersion.name}\n enrolledServices:\n - cloudProduct: all\n options:\n dependsOn:\n - ${iam}\nvariables:\n serviceAccount:\n fn::invoke:\n function: gcp:accessapproval:getProjectServiceAccount\n arguments:\n projectId: my-project-name\n cryptoKeyVersion:\n fn::invoke:\n function: gcp:kms:getKMSCryptoKeyVersion\n arguments:\n cryptoKey: ${cryptoKey.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProjectSettings can be imported using any of these accepted formats:\n\n* `projects/{{project_id}}/accessApprovalSettings`\n\n* `{{project_id}}`\n\nWhen using the `pulumi import` command, ProjectSettings can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:projects/accessApprovalSettings:AccessApprovalSettings default projects/{{project_id}}/accessApprovalSettings\n```\n\n```sh\n$ pulumi import gcp:projects/accessApprovalSettings:AccessApprovalSettings default {{project_id}}\n```\n\n", "properties": { "activeKeyVersion": { "type": "string", @@ -251856,7 +251856,7 @@ } }, "gcp:projects/iAMAuditConfig:IAMAuditConfig": { - "description": "Four different resources help you manage your IAM policy for a project. Each of these resources serves a different use case:\n\n* `gcp.projects.IAMPolicy`: Authoritative. Sets the IAM policy for the project and replaces any existing policy already attached.\n* `gcp.projects.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the project are preserved.\n* `gcp.projects.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the project are preserved.\n* `gcp.projects.IAMAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\u003e **Note:** `gcp.projects.IAMPolicy` **cannot** be used in conjunction with `gcp.projects.IAMBinding`, `gcp.projects.IAMMember`, or `gcp.projects.IAMAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.projects.IAMBinding` resources **can be** used in conjunction with `gcp.projects.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** The underlying API method `projects.setIamPolicy` has a lot of constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints, \n IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning 400 error code so please review these if you encounter errors with this resource.\n\n## gcp.projects.IAMPolicy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your project\n using this resource. Deleting a `gcp.projects.IAMPolicy` removes access\n from anyone without organization-level access to the project. Proceed with caution.\n It's not recommended to use `gcp.projects.IAMPolicy` with your provider project\n to avoid locking yourself out, and it should generally only be used with projects\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder()\n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder()\n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Projects.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026projects.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport com.pulumi.gcp.projects.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Projects.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026projects.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.projects.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMAuditConfig(\"project\", {\n project: \"your-project-id\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMAuditConfig(\"project\",\n project=\"your-project-id\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMAuditConfig(\"project\", new()\n {\n Project = \"your-project-id\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMAuditConfig(ctx, \"project\", \u0026projects.IAMAuditConfigArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMAuditConfig;\nimport com.pulumi.gcp.projects.IAMAuditConfigArgs;\nimport com.pulumi.gcp.projects.inputs.IAMAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMAuditConfig(\"project\", IAMAuditConfigArgs.builder()\n .project(\"your-project-id\")\n .service(\"allServices\")\n .auditLogConfigs( \n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMAuditConfig\n properties:\n project: your-project-id\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMPolicy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your project\n using this resource. Deleting a `gcp.projects.IAMPolicy` removes access\n from anyone without organization-level access to the project. Proceed with caution.\n It's not recommended to use `gcp.projects.IAMPolicy` with your provider project\n to avoid locking yourself out, and it should generally only be used with projects\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder()\n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder()\n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Projects.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026projects.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport com.pulumi.gcp.projects.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Projects.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026projects.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.projects.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMAuditConfig(\"project\", {\n project: \"your-project-id\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMAuditConfig(\"project\",\n project=\"your-project-id\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMAuditConfig(\"project\", new()\n {\n Project = \"your-project-id\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMAuditConfig(ctx, \"project\", \u0026projects.IAMAuditConfigArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMAuditConfig;\nimport com.pulumi.gcp.projects.IAMAuditConfigArgs;\nimport com.pulumi.gcp.projects.inputs.IAMAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMAuditConfig(\"project\", IAMAuditConfigArgs.builder()\n .project(\"your-project-id\")\n .service(\"allServices\")\n .auditLogConfigs( \n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMAuditConfig\n properties:\n project: your-project-id\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_project_iam_audit_config` resource using the resource's `project_id` and the `service`, e.g:\n\n* `\"{{project_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"{{project_id}} foo.googleapis.com\"\n\n to = google_project_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:projects/iAMAuditConfig:IAMAuditConfig default \"{{project_id}} foo.googleapis.com\"\n```\n\n", + "description": "Four different resources help you manage your IAM policy for a project. Each of these resources serves a different use case:\n\n* `gcp.projects.IAMPolicy`: Authoritative. Sets the IAM policy for the project and replaces any existing policy already attached.\n* `gcp.projects.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the project are preserved.\n* `gcp.projects.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the project are preserved.\n* `gcp.projects.IAMAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\u003e **Note:** `gcp.projects.IAMPolicy` **cannot** be used in conjunction with `gcp.projects.IAMBinding`, `gcp.projects.IAMMember`, or `gcp.projects.IAMAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.projects.IAMBinding` resources **can be** used in conjunction with `gcp.projects.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** The underlying API method `projects.setIamPolicy` has a lot of constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints, \n IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning 400 error code so please review these if you encounter errors with this resource.\n\n## gcp.projects.IAMPolicy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your project\n using this resource. Deleting a `gcp.projects.IAMPolicy` removes access\n from anyone without organization-level access to the project. Proceed with caution.\n It's not recommended to use `gcp.projects.IAMPolicy` with your provider project\n to avoid locking yourself out, and it should generally only be used with projects\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder()\n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder()\n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Projects.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026projects.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport com.pulumi.gcp.projects.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Projects.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026projects.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.projects.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMAuditConfig(\"project\", {\n project: \"your-project-id\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMAuditConfig(\"project\",\n project=\"your-project-id\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMAuditConfig(\"project\", new()\n {\n Project = \"your-project-id\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMAuditConfig(ctx, \"project\", \u0026projects.IAMAuditConfigArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMAuditConfig;\nimport com.pulumi.gcp.projects.IAMAuditConfigArgs;\nimport com.pulumi.gcp.projects.inputs.IAMAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMAuditConfig(\"project\", IAMAuditConfigArgs.builder()\n .project(\"your-project-id\")\n .service(\"allServices\")\n .auditLogConfigs( \n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMAuditConfig\n properties:\n project: your-project-id\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMPolicy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your project\n using this resource. Deleting a `gcp.projects.IAMPolicy` removes access\n from anyone without organization-level access to the project. Proceed with caution.\n It's not recommended to use `gcp.projects.IAMPolicy` with your provider project\n to avoid locking yourself out, and it should generally only be used with projects\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder()\n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder()\n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Projects.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026projects.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport com.pulumi.gcp.projects.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Projects.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026projects.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.projects.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMAuditConfig(\"project\", {\n project: \"your-project-id\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMAuditConfig(\"project\",\n project=\"your-project-id\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMAuditConfig(\"project\", new()\n {\n Project = \"your-project-id\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMAuditConfig(ctx, \"project\", \u0026projects.IAMAuditConfigArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMAuditConfig;\nimport com.pulumi.gcp.projects.IAMAuditConfigArgs;\nimport com.pulumi.gcp.projects.inputs.IAMAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMAuditConfig(\"project\", IAMAuditConfigArgs.builder()\n .project(\"your-project-id\")\n .service(\"allServices\")\n .auditLogConfigs( \n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMAuditConfig\n properties:\n project: your-project-id\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_project_iam_audit_config` resource using the resource's `project_id` and the `service`, e.g:\n\n* `\"{{project_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"{{project_id}} foo.googleapis.com\"\n\n to = google_project_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:projects/iAMAuditConfig:IAMAuditConfig default \"{{project_id}} foo.googleapis.com\"\n```\n\n", "properties": { "auditLogConfigs": { "type": "array", @@ -251935,7 +251935,7 @@ } }, "gcp:projects/iAMBinding:IAMBinding": { - "description": "Four different resources help you manage your IAM policy for a project. Each of these resources serves a different use case:\n\n* `gcp.projects.IAMPolicy`: Authoritative. Sets the IAM policy for the project and replaces any existing policy already attached.\n* `gcp.projects.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the project are preserved.\n* `gcp.projects.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the project are preserved.\n* `gcp.projects.IAMAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\u003e **Note:** `gcp.projects.IAMPolicy` **cannot** be used in conjunction with `gcp.projects.IAMBinding`, `gcp.projects.IAMMember`, or `gcp.projects.IAMAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.projects.IAMBinding` resources **can be** used in conjunction with `gcp.projects.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** The underlying API method `projects.setIamPolicy` has a lot of constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints, \n IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning 400 error code so please review these if you encounter errors with this resource.\n\n## gcp.projects.IAMPolicy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your project\n using this resource. Deleting a `gcp.projects.IAMPolicy` removes access\n from anyone without organization-level access to the project. Proceed with caution.\n It's not recommended to use `gcp.projects.IAMPolicy` with your provider project\n to avoid locking yourself out, and it should generally only be used with projects\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder()\n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder()\n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Projects.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026projects.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport com.pulumi.gcp.projects.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Projects.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026projects.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.projects.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMAuditConfig(\"project\", {\n project: \"your-project-id\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMAuditConfig(\"project\",\n project=\"your-project-id\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMAuditConfig(\"project\", new()\n {\n Project = \"your-project-id\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMAuditConfig(ctx, \"project\", \u0026projects.IAMAuditConfigArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMAuditConfig;\nimport com.pulumi.gcp.projects.IAMAuditConfigArgs;\nimport com.pulumi.gcp.projects.inputs.IAMAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMAuditConfig(\"project\", IAMAuditConfigArgs.builder()\n .project(\"your-project-id\")\n .service(\"allServices\")\n .auditLogConfigs( \n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMAuditConfig\n properties:\n project: your-project-id\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMPolicy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your project\n using this resource. Deleting a `gcp.projects.IAMPolicy` removes access\n from anyone without organization-level access to the project. Proceed with caution.\n It's not recommended to use `gcp.projects.IAMPolicy` with your provider project\n to avoid locking yourself out, and it should generally only be used with projects\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder()\n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder()\n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Projects.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026projects.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport com.pulumi.gcp.projects.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Projects.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026projects.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.projects.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMAuditConfig(\"project\", {\n project: \"your-project-id\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMAuditConfig(\"project\",\n project=\"your-project-id\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMAuditConfig(\"project\", new()\n {\n Project = \"your-project-id\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMAuditConfig(ctx, \"project\", \u0026projects.IAMAuditConfigArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMAuditConfig;\nimport com.pulumi.gcp.projects.IAMAuditConfigArgs;\nimport com.pulumi.gcp.projects.inputs.IAMAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMAuditConfig(\"project\", IAMAuditConfigArgs.builder()\n .project(\"your-project-id\")\n .service(\"allServices\")\n .auditLogConfigs( \n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMAuditConfig\n properties:\n project: your-project-id\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_project_iam_audit_config` resource using the resource's `project_id` and the `service`, e.g:\n\n* `\"{{project_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"{{project_id}} foo.googleapis.com\"\n\n to = google_project_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:projects/iAMBinding:IAMBinding default \"{{project_id}} foo.googleapis.com\"\n```\n\n", + "description": "Four different resources help you manage your IAM policy for a project. Each of these resources serves a different use case:\n\n* `gcp.projects.IAMPolicy`: Authoritative. Sets the IAM policy for the project and replaces any existing policy already attached.\n* `gcp.projects.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the project are preserved.\n* `gcp.projects.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the project are preserved.\n* `gcp.projects.IAMAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\u003e **Note:** `gcp.projects.IAMPolicy` **cannot** be used in conjunction with `gcp.projects.IAMBinding`, `gcp.projects.IAMMember`, or `gcp.projects.IAMAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.projects.IAMBinding` resources **can be** used in conjunction with `gcp.projects.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** The underlying API method `projects.setIamPolicy` has a lot of constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints, \n IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning 400 error code so please review these if you encounter errors with this resource.\n\n## gcp.projects.IAMPolicy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your project\n using this resource. Deleting a `gcp.projects.IAMPolicy` removes access\n from anyone without organization-level access to the project. Proceed with caution.\n It's not recommended to use `gcp.projects.IAMPolicy` with your provider project\n to avoid locking yourself out, and it should generally only be used with projects\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder()\n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder()\n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Projects.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026projects.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport com.pulumi.gcp.projects.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Projects.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026projects.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.projects.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMAuditConfig(\"project\", {\n project: \"your-project-id\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMAuditConfig(\"project\",\n project=\"your-project-id\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMAuditConfig(\"project\", new()\n {\n Project = \"your-project-id\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMAuditConfig(ctx, \"project\", \u0026projects.IAMAuditConfigArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMAuditConfig;\nimport com.pulumi.gcp.projects.IAMAuditConfigArgs;\nimport com.pulumi.gcp.projects.inputs.IAMAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMAuditConfig(\"project\", IAMAuditConfigArgs.builder()\n .project(\"your-project-id\")\n .service(\"allServices\")\n .auditLogConfigs( \n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMAuditConfig\n properties:\n project: your-project-id\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMPolicy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your project\n using this resource. Deleting a `gcp.projects.IAMPolicy` removes access\n from anyone without organization-level access to the project. Proceed with caution.\n It's not recommended to use `gcp.projects.IAMPolicy` with your provider project\n to avoid locking yourself out, and it should generally only be used with projects\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder()\n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder()\n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Projects.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026projects.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport com.pulumi.gcp.projects.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Projects.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026projects.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.projects.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMAuditConfig(\"project\", {\n project: \"your-project-id\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMAuditConfig(\"project\",\n project=\"your-project-id\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMAuditConfig(\"project\", new()\n {\n Project = \"your-project-id\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMAuditConfig(ctx, \"project\", \u0026projects.IAMAuditConfigArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMAuditConfig;\nimport com.pulumi.gcp.projects.IAMAuditConfigArgs;\nimport com.pulumi.gcp.projects.inputs.IAMAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMAuditConfig(\"project\", IAMAuditConfigArgs.builder()\n .project(\"your-project-id\")\n .service(\"allServices\")\n .auditLogConfigs( \n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMAuditConfig\n properties:\n project: your-project-id\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_project_iam_audit_config` resource using the resource's `project_id` and the `service`, e.g:\n\n* `\"{{project_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"{{project_id}} foo.googleapis.com\"\n\n to = google_project_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:projects/iAMBinding:IAMBinding default \"{{project_id}} foo.googleapis.com\"\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:projects/IAMBindingCondition:IAMBindingCondition", @@ -252156,7 +252156,7 @@ } }, "gcp:projects/iAMMember:IAMMember": { - "description": "Four different resources help you manage your IAM policy for a project. Each of these resources serves a different use case:\n\n* `gcp.projects.IAMPolicy`: Authoritative. Sets the IAM policy for the project and replaces any existing policy already attached.\n* `gcp.projects.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the project are preserved.\n* `gcp.projects.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the project are preserved.\n* `gcp.projects.IAMAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\u003e **Note:** `gcp.projects.IAMPolicy` **cannot** be used in conjunction with `gcp.projects.IAMBinding`, `gcp.projects.IAMMember`, or `gcp.projects.IAMAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.projects.IAMBinding` resources **can be** used in conjunction with `gcp.projects.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** The underlying API method `projects.setIamPolicy` has a lot of constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints, \n IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning 400 error code so please review these if you encounter errors with this resource.\n\n## gcp.projects.IAMPolicy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your project\n using this resource. Deleting a `gcp.projects.IAMPolicy` removes access\n from anyone without organization-level access to the project. Proceed with caution.\n It's not recommended to use `gcp.projects.IAMPolicy` with your provider project\n to avoid locking yourself out, and it should generally only be used with projects\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder()\n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder()\n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Projects.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026projects.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport com.pulumi.gcp.projects.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Projects.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026projects.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.projects.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMAuditConfig(\"project\", {\n project: \"your-project-id\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMAuditConfig(\"project\",\n project=\"your-project-id\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMAuditConfig(\"project\", new()\n {\n Project = \"your-project-id\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMAuditConfig(ctx, \"project\", \u0026projects.IAMAuditConfigArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMAuditConfig;\nimport com.pulumi.gcp.projects.IAMAuditConfigArgs;\nimport com.pulumi.gcp.projects.inputs.IAMAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMAuditConfig(\"project\", IAMAuditConfigArgs.builder()\n .project(\"your-project-id\")\n .service(\"allServices\")\n .auditLogConfigs( \n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMAuditConfig\n properties:\n project: your-project-id\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMPolicy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your project\n using this resource. Deleting a `gcp.projects.IAMPolicy` removes access\n from anyone without organization-level access to the project. Proceed with caution.\n It's not recommended to use `gcp.projects.IAMPolicy` with your provider project\n to avoid locking yourself out, and it should generally only be used with projects\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder()\n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder()\n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Projects.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026projects.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport com.pulumi.gcp.projects.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Projects.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026projects.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.projects.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMAuditConfig(\"project\", {\n project: \"your-project-id\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMAuditConfig(\"project\",\n project=\"your-project-id\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMAuditConfig(\"project\", new()\n {\n Project = \"your-project-id\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMAuditConfig(ctx, \"project\", \u0026projects.IAMAuditConfigArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMAuditConfig;\nimport com.pulumi.gcp.projects.IAMAuditConfigArgs;\nimport com.pulumi.gcp.projects.inputs.IAMAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMAuditConfig(\"project\", IAMAuditConfigArgs.builder()\n .project(\"your-project-id\")\n .service(\"allServices\")\n .auditLogConfigs( \n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMAuditConfig\n properties:\n project: your-project-id\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_project_iam_audit_config` resource using the resource's `project_id` and the `service`, e.g:\n\n* `\"{{project_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"{{project_id}} foo.googleapis.com\"\n\n to = google_project_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:projects/iAMMember:IAMMember default \"{{project_id}} foo.googleapis.com\"\n```\n\n", + "description": "Four different resources help you manage your IAM policy for a project. Each of these resources serves a different use case:\n\n* `gcp.projects.IAMPolicy`: Authoritative. Sets the IAM policy for the project and replaces any existing policy already attached.\n* `gcp.projects.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the project are preserved.\n* `gcp.projects.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the project are preserved.\n* `gcp.projects.IAMAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\u003e **Note:** `gcp.projects.IAMPolicy` **cannot** be used in conjunction with `gcp.projects.IAMBinding`, `gcp.projects.IAMMember`, or `gcp.projects.IAMAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.projects.IAMBinding` resources **can be** used in conjunction with `gcp.projects.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** The underlying API method `projects.setIamPolicy` has a lot of constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints, \n IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning 400 error code so please review these if you encounter errors with this resource.\n\n## gcp.projects.IAMPolicy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your project\n using this resource. Deleting a `gcp.projects.IAMPolicy` removes access\n from anyone without organization-level access to the project. Proceed with caution.\n It's not recommended to use `gcp.projects.IAMPolicy` with your provider project\n to avoid locking yourself out, and it should generally only be used with projects\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder()\n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder()\n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Projects.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026projects.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport com.pulumi.gcp.projects.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Projects.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026projects.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.projects.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMAuditConfig(\"project\", {\n project: \"your-project-id\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMAuditConfig(\"project\",\n project=\"your-project-id\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMAuditConfig(\"project\", new()\n {\n Project = \"your-project-id\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMAuditConfig(ctx, \"project\", \u0026projects.IAMAuditConfigArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMAuditConfig;\nimport com.pulumi.gcp.projects.IAMAuditConfigArgs;\nimport com.pulumi.gcp.projects.inputs.IAMAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMAuditConfig(\"project\", IAMAuditConfigArgs.builder()\n .project(\"your-project-id\")\n .service(\"allServices\")\n .auditLogConfigs( \n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMAuditConfig\n properties:\n project: your-project-id\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMPolicy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your project\n using this resource. Deleting a `gcp.projects.IAMPolicy` removes access\n from anyone without organization-level access to the project. Proceed with caution.\n It's not recommended to use `gcp.projects.IAMPolicy` with your provider project\n to avoid locking yourself out, and it should generally only be used with projects\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder()\n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder()\n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Projects.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026projects.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport com.pulumi.gcp.projects.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Projects.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026projects.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.projects.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMAuditConfig(\"project\", {\n project: \"your-project-id\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMAuditConfig(\"project\",\n project=\"your-project-id\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMAuditConfig(\"project\", new()\n {\n Project = \"your-project-id\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMAuditConfig(ctx, \"project\", \u0026projects.IAMAuditConfigArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMAuditConfig;\nimport com.pulumi.gcp.projects.IAMAuditConfigArgs;\nimport com.pulumi.gcp.projects.inputs.IAMAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMAuditConfig(\"project\", IAMAuditConfigArgs.builder()\n .project(\"your-project-id\")\n .service(\"allServices\")\n .auditLogConfigs( \n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMAuditConfig\n properties:\n project: your-project-id\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_project_iam_audit_config` resource using the resource's `project_id` and the `service`, e.g:\n\n* `\"{{project_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"{{project_id}} foo.googleapis.com\"\n\n to = google_project_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:projects/iAMMember:IAMMember default \"{{project_id}} foo.googleapis.com\"\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:projects/IAMMemberCondition:IAMMemberCondition", @@ -252244,7 +252244,7 @@ } }, "gcp:projects/iAMPolicy:IAMPolicy": { - "description": "Four different resources help you manage your IAM policy for a project. Each of these resources serves a different use case:\n\n* `gcp.projects.IAMPolicy`: Authoritative. Sets the IAM policy for the project and replaces any existing policy already attached.\n* `gcp.projects.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the project are preserved.\n* `gcp.projects.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the project are preserved.\n* `gcp.projects.IAMAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\u003e **Note:** `gcp.projects.IAMPolicy` **cannot** be used in conjunction with `gcp.projects.IAMBinding`, `gcp.projects.IAMMember`, or `gcp.projects.IAMAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.projects.IAMBinding` resources **can be** used in conjunction with `gcp.projects.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** The underlying API method `projects.setIamPolicy` has a lot of constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints, \n IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning 400 error code so please review these if you encounter errors with this resource.\n\n## gcp.projects.IAMPolicy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your project\n using this resource. Deleting a `gcp.projects.IAMPolicy` removes access\n from anyone without organization-level access to the project. Proceed with caution.\n It's not recommended to use `gcp.projects.IAMPolicy` with your provider project\n to avoid locking yourself out, and it should generally only be used with projects\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder()\n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder()\n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Projects.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026projects.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport com.pulumi.gcp.projects.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Projects.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026projects.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.projects.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMAuditConfig(\"project\", {\n project: \"your-project-id\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMAuditConfig(\"project\",\n project=\"your-project-id\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMAuditConfig(\"project\", new()\n {\n Project = \"your-project-id\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMAuditConfig(ctx, \"project\", \u0026projects.IAMAuditConfigArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMAuditConfig;\nimport com.pulumi.gcp.projects.IAMAuditConfigArgs;\nimport com.pulumi.gcp.projects.inputs.IAMAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMAuditConfig(\"project\", IAMAuditConfigArgs.builder()\n .project(\"your-project-id\")\n .service(\"allServices\")\n .auditLogConfigs( \n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMAuditConfig\n properties:\n project: your-project-id\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMPolicy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your project\n using this resource. Deleting a `gcp.projects.IAMPolicy` removes access\n from anyone without organization-level access to the project. Proceed with caution.\n It's not recommended to use `gcp.projects.IAMPolicy` with your provider project\n to avoid locking yourself out, and it should generally only be used with projects\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder()\n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder()\n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Projects.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026projects.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport com.pulumi.gcp.projects.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Projects.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026projects.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.projects.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMAuditConfig(\"project\", {\n project: \"your-project-id\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMAuditConfig(\"project\",\n project=\"your-project-id\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMAuditConfig(\"project\", new()\n {\n Project = \"your-project-id\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMAuditConfig(ctx, \"project\", \u0026projects.IAMAuditConfigArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMAuditConfig;\nimport com.pulumi.gcp.projects.IAMAuditConfigArgs;\nimport com.pulumi.gcp.projects.inputs.IAMAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMAuditConfig(\"project\", IAMAuditConfigArgs.builder()\n .project(\"your-project-id\")\n .service(\"allServices\")\n .auditLogConfigs( \n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMAuditConfig\n properties:\n project: your-project-id\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_project_iam_audit_config` resource using the resource's `project_id` and the `service`, e.g:\n\n* `\"{{project_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"{{project_id}} foo.googleapis.com\"\n\n to = google_project_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:projects/iAMPolicy:IAMPolicy default \"{{project_id}} foo.googleapis.com\"\n```\n\n", + "description": "Four different resources help you manage your IAM policy for a project. Each of these resources serves a different use case:\n\n* `gcp.projects.IAMPolicy`: Authoritative. Sets the IAM policy for the project and replaces any existing policy already attached.\n* `gcp.projects.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the project are preserved.\n* `gcp.projects.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the project are preserved.\n* `gcp.projects.IAMAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\u003e **Note:** `gcp.projects.IAMPolicy` **cannot** be used in conjunction with `gcp.projects.IAMBinding`, `gcp.projects.IAMMember`, or `gcp.projects.IAMAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.projects.IAMBinding` resources **can be** used in conjunction with `gcp.projects.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** The underlying API method `projects.setIamPolicy` has a lot of constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints, \n IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning 400 error code so please review these if you encounter errors with this resource.\n\n## gcp.projects.IAMPolicy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your project\n using this resource. Deleting a `gcp.projects.IAMPolicy` removes access\n from anyone without organization-level access to the project. Proceed with caution.\n It's not recommended to use `gcp.projects.IAMPolicy` with your provider project\n to avoid locking yourself out, and it should generally only be used with projects\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder()\n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder()\n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Projects.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026projects.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport com.pulumi.gcp.projects.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Projects.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026projects.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.projects.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMAuditConfig(\"project\", {\n project: \"your-project-id\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMAuditConfig(\"project\",\n project=\"your-project-id\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMAuditConfig(\"project\", new()\n {\n Project = \"your-project-id\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMAuditConfig(ctx, \"project\", \u0026projects.IAMAuditConfigArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMAuditConfig;\nimport com.pulumi.gcp.projects.IAMAuditConfigArgs;\nimport com.pulumi.gcp.projects.inputs.IAMAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMAuditConfig(\"project\", IAMAuditConfigArgs.builder()\n .project(\"your-project-id\")\n .service(\"allServices\")\n .auditLogConfigs( \n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMAuditConfig\n properties:\n project: your-project-id\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMPolicy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your project\n using this resource. Deleting a `gcp.projects.IAMPolicy` removes access\n from anyone without organization-level access to the project. Proceed with caution.\n It's not recommended to use `gcp.projects.IAMPolicy` with your provider project\n to avoid locking yourself out, and it should generally only be used with projects\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder()\n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/compute.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder()\n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Projects.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026projects.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport com.pulumi.gcp.projects.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Projects.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026projects.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.projects.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder()\n .project(\"your-project-id\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.projects.IAMAuditConfig\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMAuditConfig(\"project\", {\n project: \"your-project-id\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMAuditConfig(\"project\",\n project=\"your-project-id\",\n service=\"allServices\",\n audit_log_configs=[\n {\n \"log_type\": \"ADMIN_READ\",\n },\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\"user:joebloggs@example.com\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMAuditConfig(\"project\", new()\n {\n Project = \"your-project-id\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMAuditConfig(ctx, \"project\", \u0026projects.IAMAuditConfigArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMAuditConfig;\nimport com.pulumi.gcp.projects.IAMAuditConfigArgs;\nimport com.pulumi.gcp.projects.inputs.IAMAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMAuditConfig(\"project\", IAMAuditConfigArgs.builder()\n .project(\"your-project-id\")\n .service(\"allServices\")\n .auditLogConfigs( \n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMAuditConfig\n properties:\n project: your-project-id\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_project_iam_audit_config` resource using the resource's `project_id` and the `service`, e.g:\n\n* `\"{{project_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"{{project_id}} foo.googleapis.com\"\n\n to = google_project_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:projects/iAMPolicy:IAMPolicy default \"{{project_id}} foo.googleapis.com\"\n```\n\n", "properties": { "etag": { "type": "string", @@ -252300,7 +252300,7 @@ } }, "gcp:projects/iamMemberRemove:IamMemberRemove": { - "description": "Ensures that a member:role pairing does not exist in a project's IAM policy. \n\nOn create, this resource will modify the policy to remove the `member` from the\n`role`. If the membership is ever re-added, the next refresh will clear this\nresource from state, proposing re-adding it to correct the membership. Import is\nnot supported- this resource will acquire the current policy and modify it as\npart of creating the resource.\n\nThis resource will conflict with `gcp.projects.IAMPolicy` and\n`gcp.projects.IAMBinding` resources that share a role, as well as\n`gcp.projects.IAMMember` resources that target the same membership. When\nmultiple resources conflict the final state is not guaranteed to include or omit\nthe membership. Subsequent `pulumi up` calls will always show a diff\nuntil the configuration is corrected.\n\nFor more information see\n[the official documentation](https://cloud.google.com/iam/docs/granting-changing-revoking-access)\nand\n[API reference](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst targetProject = gcp.organizations.getProject({});\nconst foo = new gcp.projects.IamMemberRemove(\"foo\", {\n role: \"roles/editor\",\n project: targetProjectGoogleProject.projectId,\n member: `serviceAccount:${targetProjectGoogleProject.number}-compute@developer.gserviceaccount.com`,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntarget_project = gcp.organizations.get_project()\nfoo = gcp.projects.IamMemberRemove(\"foo\",\n role=\"roles/editor\",\n project=target_project_google_project[\"projectId\"],\n member=f\"serviceAccount:{target_project_google_project['number']}-compute@developer.gserviceaccount.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var targetProject = Gcp.Organizations.GetProject.Invoke();\n\n var foo = new Gcp.Projects.IamMemberRemove(\"foo\", new()\n {\n Role = \"roles/editor\",\n Project = targetProjectGoogleProject.ProjectId,\n Member = $\"serviceAccount:{targetProjectGoogleProject.Number}-compute@developer.gserviceaccount.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIamMemberRemove(ctx, \"foo\", \u0026projects.IamMemberRemoveArgs{\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tProject: pulumi.Any(targetProjectGoogleProject.ProjectId),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v-compute@developer.gserviceaccount.com\", targetProjectGoogleProject.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.projects.IamMemberRemove;\nimport com.pulumi.gcp.projects.IamMemberRemoveArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var targetProject = OrganizationsFunctions.getProject();\n\n var foo = new IamMemberRemove(\"foo\", IamMemberRemoveArgs.builder()\n .role(\"roles/editor\")\n .project(targetProjectGoogleProject.projectId())\n .member(String.format(\"serviceAccount:%s-compute@developer.gserviceaccount.com\", targetProjectGoogleProject.number()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: gcp:projects:IamMemberRemove\n properties:\n role: roles/editor\n project: ${targetProjectGoogleProject.projectId}\n member: serviceAccount:${targetProjectGoogleProject.number}-compute@developer.gserviceaccount.com\nvariables:\n targetProject:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Ensures that a member:role pairing does not exist in a project's IAM policy. \n\nOn create, this resource will modify the policy to remove the `member` from the\n`role`. If the membership is ever re-added, the next refresh will clear this\nresource from state, proposing re-adding it to correct the membership. Import is\nnot supported- this resource will acquire the current policy and modify it as\npart of creating the resource.\n\nThis resource will conflict with `gcp.projects.IAMPolicy` and\n`gcp.projects.IAMBinding` resources that share a role, as well as\n`gcp.projects.IAMMember` resources that target the same membership. When\nmultiple resources conflict the final state is not guaranteed to include or omit\nthe membership. Subsequent `pulumi up` calls will always show a diff\nuntil the configuration is corrected.\n\nFor more information see\n[the official documentation](https://cloud.google.com/iam/docs/granting-changing-revoking-access)\nand\n[API reference](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst targetProject = gcp.organizations.getProject({});\nconst foo = new gcp.projects.IamMemberRemove(\"foo\", {\n role: \"roles/editor\",\n project: targetProjectGoogleProject.projectId,\n member: `serviceAccount:${targetProjectGoogleProject.number}-compute@developer.gserviceaccount.com`,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntarget_project = gcp.organizations.get_project()\nfoo = gcp.projects.IamMemberRemove(\"foo\",\n role=\"roles/editor\",\n project=target_project_google_project[\"projectId\"],\n member=f\"serviceAccount:{target_project_google_project['number']}-compute@developer.gserviceaccount.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var targetProject = Gcp.Organizations.GetProject.Invoke();\n\n var foo = new Gcp.Projects.IamMemberRemove(\"foo\", new()\n {\n Role = \"roles/editor\",\n Project = targetProjectGoogleProject.ProjectId,\n Member = $\"serviceAccount:{targetProjectGoogleProject.Number}-compute@developer.gserviceaccount.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIamMemberRemove(ctx, \"foo\", \u0026projects.IamMemberRemoveArgs{\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tProject: pulumi.Any(targetProjectGoogleProject.ProjectId),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v-compute@developer.gserviceaccount.com\", targetProjectGoogleProject.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.projects.IamMemberRemove;\nimport com.pulumi.gcp.projects.IamMemberRemoveArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var targetProject = OrganizationsFunctions.getProject();\n\n var foo = new IamMemberRemove(\"foo\", IamMemberRemoveArgs.builder()\n .role(\"roles/editor\")\n .project(targetProjectGoogleProject.projectId())\n .member(String.format(\"serviceAccount:%s-compute@developer.gserviceaccount.com\", targetProjectGoogleProject.number()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: gcp:projects:IamMemberRemove\n properties:\n role: roles/editor\n project: ${targetProjectGoogleProject.projectId}\n member: serviceAccount:${targetProjectGoogleProject.number}-compute@developer.gserviceaccount.com\nvariables:\n targetProject:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "properties": { "member": { "type": "string", @@ -252577,7 +252577,7 @@ } }, "gcp:projects/serviceIdentity:ServiceIdentity": { - "description": "Generate service identity for a service.\n\n\u003e **Note:** Once created, this resource cannot be updated or destroyed. These\nactions are a no-op.\n\n\u003e **Note:** This resource can be used to retrieve the emails of the [Google-managed service accounts](https://cloud.google.com/iam/docs/service-agents) \nof the APIs that Google has configured with a Service Identity. You can run `gcloud beta services identity create --service SERVICE_NAME.googleapis.com` to\nverify if an API supports this.\n\nTo get more information about Service Identity, see:\n\n* [API documentation](https://cloud.google.com/service-usage/docs/reference/rest/v1beta1/services/generateServiceIdentity)\n\n## Example Usage\n\n### Service Identity Basic\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst hcSa = new gcp.projects.ServiceIdentity(\"hc_sa\", {\n project: project.then(project =\u003e project.projectId),\n service: \"healthcare.googleapis.com\",\n});\nconst hcSaBqJobuser = new gcp.projects.IAMMember(\"hc_sa_bq_jobuser\", {\n project: project.then(project =\u003e project.projectId),\n role: \"roles/bigquery.jobUser\",\n member: hcSa.member,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nhc_sa = gcp.projects.ServiceIdentity(\"hc_sa\",\n project=project.project_id,\n service=\"healthcare.googleapis.com\")\nhc_sa_bq_jobuser = gcp.projects.IAMMember(\"hc_sa_bq_jobuser\",\n project=project.project_id,\n role=\"roles/bigquery.jobUser\",\n member=hc_sa.member)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var hcSa = new Gcp.Projects.ServiceIdentity(\"hc_sa\", new()\n {\n Project = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n Service = \"healthcare.googleapis.com\",\n });\n\n var hcSaBqJobuser = new Gcp.Projects.IAMMember(\"hc_sa_bq_jobuser\", new()\n {\n Project = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n Role = \"roles/bigquery.jobUser\",\n Member = hcSa.Member,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\thcSa, err := projects.NewServiceIdentity(ctx, \"hc_sa\", \u0026projects.ServiceIdentityArgs{\n\t\t\tProject: pulumi.String(project.ProjectId),\n\t\t\tService: pulumi.String(\"healthcare.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMMember(ctx, \"hc_sa_bq_jobuser\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(project.ProjectId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.jobUser\"),\n\t\t\tMember: hcSa.Member,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.projects.ServiceIdentity;\nimport com.pulumi.gcp.projects.ServiceIdentityArgs;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var hcSa = new ServiceIdentity(\"hcSa\", ServiceIdentityArgs.builder()\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .service(\"healthcare.googleapis.com\")\n .build());\n\n var hcSaBqJobuser = new IAMMember(\"hcSaBqJobuser\", IAMMemberArgs.builder()\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .role(\"roles/bigquery.jobUser\")\n .member(hcSa.member())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hcSa:\n type: gcp:projects:ServiceIdentity\n name: hc_sa\n properties:\n project: ${project.projectId}\n service: healthcare.googleapis.com\n hcSaBqJobuser:\n type: gcp:projects:IAMMember\n name: hc_sa_bq_jobuser\n properties:\n project: ${project.projectId}\n role: roles/bigquery.jobUser\n member: ${hcSa.member}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource does not support import.\n\n", + "description": "Generate service identity for a service.\n\n\u003e **Note:** Once created, this resource cannot be updated or destroyed. These\nactions are a no-op.\n\n\u003e **Note:** This resource can be used to retrieve the emails of the [Google-managed service accounts](https://cloud.google.com/iam/docs/service-agents) \nof the APIs that Google has configured with a Service Identity. You can run `gcloud beta services identity create --service SERVICE_NAME.googleapis.com` to\nverify if an API supports this.\n\nTo get more information about Service Identity, see:\n\n* [API documentation](https://cloud.google.com/service-usage/docs/reference/rest/v1beta1/services/generateServiceIdentity)\n\n## Example Usage\n\n### Service Identity Basic\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst hcSa = new gcp.projects.ServiceIdentity(\"hc_sa\", {\n project: project.then(project =\u003e project.projectId),\n service: \"healthcare.googleapis.com\",\n});\nconst hcSaBqJobuser = new gcp.projects.IAMMember(\"hc_sa_bq_jobuser\", {\n project: project.then(project =\u003e project.projectId),\n role: \"roles/bigquery.jobUser\",\n member: hcSa.member,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nhc_sa = gcp.projects.ServiceIdentity(\"hc_sa\",\n project=project.project_id,\n service=\"healthcare.googleapis.com\")\nhc_sa_bq_jobuser = gcp.projects.IAMMember(\"hc_sa_bq_jobuser\",\n project=project.project_id,\n role=\"roles/bigquery.jobUser\",\n member=hc_sa.member)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var hcSa = new Gcp.Projects.ServiceIdentity(\"hc_sa\", new()\n {\n Project = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n Service = \"healthcare.googleapis.com\",\n });\n\n var hcSaBqJobuser = new Gcp.Projects.IAMMember(\"hc_sa_bq_jobuser\", new()\n {\n Project = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n Role = \"roles/bigquery.jobUser\",\n Member = hcSa.Member,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\thcSa, err := projects.NewServiceIdentity(ctx, \"hc_sa\", \u0026projects.ServiceIdentityArgs{\n\t\t\tProject: pulumi.String(project.ProjectId),\n\t\t\tService: pulumi.String(\"healthcare.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMMember(ctx, \"hc_sa_bq_jobuser\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(project.ProjectId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.jobUser\"),\n\t\t\tMember: hcSa.Member,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.projects.ServiceIdentity;\nimport com.pulumi.gcp.projects.ServiceIdentityArgs;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var hcSa = new ServiceIdentity(\"hcSa\", ServiceIdentityArgs.builder()\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .service(\"healthcare.googleapis.com\")\n .build());\n\n var hcSaBqJobuser = new IAMMember(\"hcSaBqJobuser\", IAMMemberArgs.builder()\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .role(\"roles/bigquery.jobUser\")\n .member(hcSa.member())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hcSa:\n type: gcp:projects:ServiceIdentity\n name: hc_sa\n properties:\n project: ${project.projectId}\n service: healthcare.googleapis.com\n hcSaBqJobuser:\n type: gcp:projects:IAMMember\n name: hc_sa_bq_jobuser\n properties:\n project: ${project.projectId}\n role: roles/bigquery.jobUser\n member: ${hcSa.member}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource does not support import.\n\n", "properties": { "email": { "type": "string", @@ -252705,7 +252705,7 @@ } }, "gcp:pubsub/liteReservation:LiteReservation": { - "description": "A named resource representing a shared pool of capacity.\n\n\nTo get more information about Reservation, see:\n\n* [API documentation](https://cloud.google.com/pubsub/lite/docs/reference/rest/v1/admin.projects.locations.reservations)\n* How-to Guides\n * [Managing Reservations](https://cloud.google.com/pubsub/lite/docs/reservations)\n\n## Example Usage\n\n### Pubsub Lite Reservation Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example = new gcp.pubsub.LiteReservation(\"example\", {\n name: \"example-reservation\",\n project: project.then(project =\u003e project.number),\n throughputCapacity: 2,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample = gcp.pubsub.LiteReservation(\"example\",\n name=\"example-reservation\",\n project=project.number,\n throughput_capacity=2)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example = new Gcp.PubSub.LiteReservation(\"example\", new()\n {\n Name = \"example-reservation\",\n Project = project.Apply(getProjectResult =\u003e getProjectResult.Number),\n ThroughputCapacity = 2,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewLiteReservation(ctx, \"example\", \u0026pubsub.LiteReservationArgs{\n\t\t\tName: pulumi.String(\"example-reservation\"),\n\t\t\tProject: pulumi.String(project.Number),\n\t\t\tThroughputCapacity: pulumi.Int(2),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.pubsub.LiteReservation;\nimport com.pulumi.gcp.pubsub.LiteReservationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example = new LiteReservation(\"example\", LiteReservationArgs.builder()\n .name(\"example-reservation\")\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.number()))\n .throughputCapacity(2)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:LiteReservation\n properties:\n name: example-reservation\n project: ${project.number}\n throughputCapacity: 2\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nReservation can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/reservations/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Reservation can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:pubsub/liteReservation:LiteReservation default projects/{{project}}/locations/{{region}}/reservations/{{name}}\n```\n\n```sh\n$ pulumi import gcp:pubsub/liteReservation:LiteReservation default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:pubsub/liteReservation:LiteReservation default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:pubsub/liteReservation:LiteReservation default {{name}}\n```\n\n", + "description": "A named resource representing a shared pool of capacity.\n\n\nTo get more information about Reservation, see:\n\n* [API documentation](https://cloud.google.com/pubsub/lite/docs/reference/rest/v1/admin.projects.locations.reservations)\n* How-to Guides\n * [Managing Reservations](https://cloud.google.com/pubsub/lite/docs/reservations)\n\n## Example Usage\n\n### Pubsub Lite Reservation Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example = new gcp.pubsub.LiteReservation(\"example\", {\n name: \"example-reservation\",\n project: project.then(project =\u003e project.number),\n throughputCapacity: 2,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample = gcp.pubsub.LiteReservation(\"example\",\n name=\"example-reservation\",\n project=project.number,\n throughput_capacity=2)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example = new Gcp.PubSub.LiteReservation(\"example\", new()\n {\n Name = \"example-reservation\",\n Project = project.Apply(getProjectResult =\u003e getProjectResult.Number),\n ThroughputCapacity = 2,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewLiteReservation(ctx, \"example\", \u0026pubsub.LiteReservationArgs{\n\t\t\tName: pulumi.String(\"example-reservation\"),\n\t\t\tProject: pulumi.String(project.Number),\n\t\t\tThroughputCapacity: pulumi.Int(2),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.pubsub.LiteReservation;\nimport com.pulumi.gcp.pubsub.LiteReservationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example = new LiteReservation(\"example\", LiteReservationArgs.builder()\n .name(\"example-reservation\")\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.number()))\n .throughputCapacity(2)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:LiteReservation\n properties:\n name: example-reservation\n project: ${project.number}\n throughputCapacity: 2\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nReservation can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/reservations/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Reservation can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:pubsub/liteReservation:LiteReservation default projects/{{project}}/locations/{{region}}/reservations/{{name}}\n```\n\n```sh\n$ pulumi import gcp:pubsub/liteReservation:LiteReservation default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:pubsub/liteReservation:LiteReservation default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:pubsub/liteReservation:LiteReservation default {{name}}\n```\n\n", "properties": { "name": { "type": "string", @@ -252778,7 +252778,7 @@ } }, "gcp:pubsub/liteSubscription:LiteSubscription": { - "description": "A named resource representing the stream of messages from a single,\nspecific topic, to be delivered to the subscribing application.\n\n\nTo get more information about Subscription, see:\n\n* [API documentation](https://cloud.google.com/pubsub/lite/docs/reference/rest/v1/admin.projects.locations.subscriptions)\n* How-to Guides\n * [Managing Subscriptions](https://cloud.google.com/pubsub/lite/docs/subscriptions)\n\n## Example Usage\n\n### Pubsub Lite Subscription Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example = new gcp.pubsub.LiteTopic(\"example\", {\n name: \"example-topic\",\n project: project.then(project =\u003e project.number),\n partitionConfig: {\n count: 1,\n capacity: {\n publishMibPerSec: 4,\n subscribeMibPerSec: 8,\n },\n },\n retentionConfig: {\n perPartitionBytes: \"32212254720\",\n },\n});\nconst exampleLiteSubscription = new gcp.pubsub.LiteSubscription(\"example\", {\n name: \"example-subscription\",\n topic: example.name,\n deliveryConfig: {\n deliveryRequirement: \"DELIVER_AFTER_STORED\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample = gcp.pubsub.LiteTopic(\"example\",\n name=\"example-topic\",\n project=project.number,\n partition_config={\n \"count\": 1,\n \"capacity\": {\n \"publish_mib_per_sec\": 4,\n \"subscribe_mib_per_sec\": 8,\n },\n },\n retention_config={\n \"per_partition_bytes\": \"32212254720\",\n })\nexample_lite_subscription = gcp.pubsub.LiteSubscription(\"example\",\n name=\"example-subscription\",\n topic=example.name,\n delivery_config={\n \"delivery_requirement\": \"DELIVER_AFTER_STORED\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example = new Gcp.PubSub.LiteTopic(\"example\", new()\n {\n Name = \"example-topic\",\n Project = project.Apply(getProjectResult =\u003e getProjectResult.Number),\n PartitionConfig = new Gcp.PubSub.Inputs.LiteTopicPartitionConfigArgs\n {\n Count = 1,\n Capacity = new Gcp.PubSub.Inputs.LiteTopicPartitionConfigCapacityArgs\n {\n PublishMibPerSec = 4,\n SubscribeMibPerSec = 8,\n },\n },\n RetentionConfig = new Gcp.PubSub.Inputs.LiteTopicRetentionConfigArgs\n {\n PerPartitionBytes = \"32212254720\",\n },\n });\n\n var exampleLiteSubscription = new Gcp.PubSub.LiteSubscription(\"example\", new()\n {\n Name = \"example-subscription\",\n Topic = example.Name,\n DeliveryConfig = new Gcp.PubSub.Inputs.LiteSubscriptionDeliveryConfigArgs\n {\n DeliveryRequirement = \"DELIVER_AFTER_STORED\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := pubsub.NewLiteTopic(ctx, \"example\", \u0026pubsub.LiteTopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t\tProject: pulumi.String(project.Number),\n\t\t\tPartitionConfig: \u0026pubsub.LiteTopicPartitionConfigArgs{\n\t\t\t\tCount: pulumi.Int(1),\n\t\t\t\tCapacity: \u0026pubsub.LiteTopicPartitionConfigCapacityArgs{\n\t\t\t\t\tPublishMibPerSec: pulumi.Int(4),\n\t\t\t\t\tSubscribeMibPerSec: pulumi.Int(8),\n\t\t\t\t},\n\t\t\t},\n\t\t\tRetentionConfig: \u0026pubsub.LiteTopicRetentionConfigArgs{\n\t\t\t\tPerPartitionBytes: pulumi.String(\"32212254720\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewLiteSubscription(ctx, \"example\", \u0026pubsub.LiteSubscriptionArgs{\n\t\t\tName: pulumi.String(\"example-subscription\"),\n\t\t\tTopic: example.Name,\n\t\t\tDeliveryConfig: \u0026pubsub.LiteSubscriptionDeliveryConfigArgs{\n\t\t\t\tDeliveryRequirement: pulumi.String(\"DELIVER_AFTER_STORED\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.pubsub.LiteTopic;\nimport com.pulumi.gcp.pubsub.LiteTopicArgs;\nimport com.pulumi.gcp.pubsub.inputs.LiteTopicPartitionConfigArgs;\nimport com.pulumi.gcp.pubsub.inputs.LiteTopicPartitionConfigCapacityArgs;\nimport com.pulumi.gcp.pubsub.inputs.LiteTopicRetentionConfigArgs;\nimport com.pulumi.gcp.pubsub.LiteSubscription;\nimport com.pulumi.gcp.pubsub.LiteSubscriptionArgs;\nimport com.pulumi.gcp.pubsub.inputs.LiteSubscriptionDeliveryConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example = new LiteTopic(\"example\", LiteTopicArgs.builder()\n .name(\"example-topic\")\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.number()))\n .partitionConfig(LiteTopicPartitionConfigArgs.builder()\n .count(1)\n .capacity(LiteTopicPartitionConfigCapacityArgs.builder()\n .publishMibPerSec(4)\n .subscribeMibPerSec(8)\n .build())\n .build())\n .retentionConfig(LiteTopicRetentionConfigArgs.builder()\n .perPartitionBytes(32212254720)\n .build())\n .build());\n\n var exampleLiteSubscription = new LiteSubscription(\"exampleLiteSubscription\", LiteSubscriptionArgs.builder()\n .name(\"example-subscription\")\n .topic(example.name())\n .deliveryConfig(LiteSubscriptionDeliveryConfigArgs.builder()\n .deliveryRequirement(\"DELIVER_AFTER_STORED\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:LiteTopic\n properties:\n name: example-topic\n project: ${project.number}\n partitionConfig:\n count: 1\n capacity:\n publishMibPerSec: 4\n subscribeMibPerSec: 8\n retentionConfig:\n perPartitionBytes: 3.221225472e+10\n exampleLiteSubscription:\n type: gcp:pubsub:LiteSubscription\n name: example\n properties:\n name: example-subscription\n topic: ${example.name}\n deliveryConfig:\n deliveryRequirement: DELIVER_AFTER_STORED\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nSubscription can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{zone}}/subscriptions/{{name}}`\n\n* `{{project}}/{{zone}}/{{name}}`\n\n* `{{zone}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Subscription can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:pubsub/liteSubscription:LiteSubscription default projects/{{project}}/locations/{{zone}}/subscriptions/{{name}}\n```\n\n```sh\n$ pulumi import gcp:pubsub/liteSubscription:LiteSubscription default {{project}}/{{zone}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:pubsub/liteSubscription:LiteSubscription default {{zone}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:pubsub/liteSubscription:LiteSubscription default {{name}}\n```\n\n", + "description": "A named resource representing the stream of messages from a single,\nspecific topic, to be delivered to the subscribing application.\n\n\nTo get more information about Subscription, see:\n\n* [API documentation](https://cloud.google.com/pubsub/lite/docs/reference/rest/v1/admin.projects.locations.subscriptions)\n* How-to Guides\n * [Managing Subscriptions](https://cloud.google.com/pubsub/lite/docs/subscriptions)\n\n## Example Usage\n\n### Pubsub Lite Subscription Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example = new gcp.pubsub.LiteTopic(\"example\", {\n name: \"example-topic\",\n project: project.then(project =\u003e project.number),\n partitionConfig: {\n count: 1,\n capacity: {\n publishMibPerSec: 4,\n subscribeMibPerSec: 8,\n },\n },\n retentionConfig: {\n perPartitionBytes: \"32212254720\",\n },\n});\nconst exampleLiteSubscription = new gcp.pubsub.LiteSubscription(\"example\", {\n name: \"example-subscription\",\n topic: example.name,\n deliveryConfig: {\n deliveryRequirement: \"DELIVER_AFTER_STORED\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample = gcp.pubsub.LiteTopic(\"example\",\n name=\"example-topic\",\n project=project.number,\n partition_config={\n \"count\": 1,\n \"capacity\": {\n \"publish_mib_per_sec\": 4,\n \"subscribe_mib_per_sec\": 8,\n },\n },\n retention_config={\n \"per_partition_bytes\": \"32212254720\",\n })\nexample_lite_subscription = gcp.pubsub.LiteSubscription(\"example\",\n name=\"example-subscription\",\n topic=example.name,\n delivery_config={\n \"delivery_requirement\": \"DELIVER_AFTER_STORED\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example = new Gcp.PubSub.LiteTopic(\"example\", new()\n {\n Name = \"example-topic\",\n Project = project.Apply(getProjectResult =\u003e getProjectResult.Number),\n PartitionConfig = new Gcp.PubSub.Inputs.LiteTopicPartitionConfigArgs\n {\n Count = 1,\n Capacity = new Gcp.PubSub.Inputs.LiteTopicPartitionConfigCapacityArgs\n {\n PublishMibPerSec = 4,\n SubscribeMibPerSec = 8,\n },\n },\n RetentionConfig = new Gcp.PubSub.Inputs.LiteTopicRetentionConfigArgs\n {\n PerPartitionBytes = \"32212254720\",\n },\n });\n\n var exampleLiteSubscription = new Gcp.PubSub.LiteSubscription(\"example\", new()\n {\n Name = \"example-subscription\",\n Topic = example.Name,\n DeliveryConfig = new Gcp.PubSub.Inputs.LiteSubscriptionDeliveryConfigArgs\n {\n DeliveryRequirement = \"DELIVER_AFTER_STORED\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := pubsub.NewLiteTopic(ctx, \"example\", \u0026pubsub.LiteTopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t\tProject: pulumi.String(project.Number),\n\t\t\tPartitionConfig: \u0026pubsub.LiteTopicPartitionConfigArgs{\n\t\t\t\tCount: pulumi.Int(1),\n\t\t\t\tCapacity: \u0026pubsub.LiteTopicPartitionConfigCapacityArgs{\n\t\t\t\t\tPublishMibPerSec: pulumi.Int(4),\n\t\t\t\t\tSubscribeMibPerSec: pulumi.Int(8),\n\t\t\t\t},\n\t\t\t},\n\t\t\tRetentionConfig: \u0026pubsub.LiteTopicRetentionConfigArgs{\n\t\t\t\tPerPartitionBytes: pulumi.String(\"32212254720\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewLiteSubscription(ctx, \"example\", \u0026pubsub.LiteSubscriptionArgs{\n\t\t\tName: pulumi.String(\"example-subscription\"),\n\t\t\tTopic: example.Name,\n\t\t\tDeliveryConfig: \u0026pubsub.LiteSubscriptionDeliveryConfigArgs{\n\t\t\t\tDeliveryRequirement: pulumi.String(\"DELIVER_AFTER_STORED\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.pubsub.LiteTopic;\nimport com.pulumi.gcp.pubsub.LiteTopicArgs;\nimport com.pulumi.gcp.pubsub.inputs.LiteTopicPartitionConfigArgs;\nimport com.pulumi.gcp.pubsub.inputs.LiteTopicPartitionConfigCapacityArgs;\nimport com.pulumi.gcp.pubsub.inputs.LiteTopicRetentionConfigArgs;\nimport com.pulumi.gcp.pubsub.LiteSubscription;\nimport com.pulumi.gcp.pubsub.LiteSubscriptionArgs;\nimport com.pulumi.gcp.pubsub.inputs.LiteSubscriptionDeliveryConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example = new LiteTopic(\"example\", LiteTopicArgs.builder()\n .name(\"example-topic\")\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.number()))\n .partitionConfig(LiteTopicPartitionConfigArgs.builder()\n .count(1)\n .capacity(LiteTopicPartitionConfigCapacityArgs.builder()\n .publishMibPerSec(4)\n .subscribeMibPerSec(8)\n .build())\n .build())\n .retentionConfig(LiteTopicRetentionConfigArgs.builder()\n .perPartitionBytes(32212254720)\n .build())\n .build());\n\n var exampleLiteSubscription = new LiteSubscription(\"exampleLiteSubscription\", LiteSubscriptionArgs.builder()\n .name(\"example-subscription\")\n .topic(example.name())\n .deliveryConfig(LiteSubscriptionDeliveryConfigArgs.builder()\n .deliveryRequirement(\"DELIVER_AFTER_STORED\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:LiteTopic\n properties:\n name: example-topic\n project: ${project.number}\n partitionConfig:\n count: 1\n capacity:\n publishMibPerSec: 4\n subscribeMibPerSec: 8\n retentionConfig:\n perPartitionBytes: 3.221225472e+10\n exampleLiteSubscription:\n type: gcp:pubsub:LiteSubscription\n name: example\n properties:\n name: example-subscription\n topic: ${example.name}\n deliveryConfig:\n deliveryRequirement: DELIVER_AFTER_STORED\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nSubscription can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{zone}}/subscriptions/{{name}}`\n\n* `{{project}}/{{zone}}/{{name}}`\n\n* `{{zone}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Subscription can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:pubsub/liteSubscription:LiteSubscription default projects/{{project}}/locations/{{zone}}/subscriptions/{{name}}\n```\n\n```sh\n$ pulumi import gcp:pubsub/liteSubscription:LiteSubscription default {{project}}/{{zone}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:pubsub/liteSubscription:LiteSubscription default {{zone}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:pubsub/liteSubscription:LiteSubscription default {{name}}\n```\n\n", "properties": { "deliveryConfig": { "$ref": "#/types/gcp:pubsub/LiteSubscriptionDeliveryConfig:LiteSubscriptionDeliveryConfig", @@ -252877,7 +252877,7 @@ } }, "gcp:pubsub/liteTopic:LiteTopic": { - "description": "A named resource to which messages are sent by publishers.\n\n\nTo get more information about Topic, see:\n\n* [API documentation](https://cloud.google.com/pubsub/lite/docs/reference/rest/v1/admin.projects.locations.topics)\n* How-to Guides\n * [Managing Topics](https://cloud.google.com/pubsub/lite/docs/topics)\n\n## Example Usage\n\n### Pubsub Lite Topic Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example = new gcp.pubsub.LiteReservation(\"example\", {\n name: \"example-reservation\",\n project: project.then(project =\u003e project.number),\n throughputCapacity: 2,\n});\nconst exampleLiteTopic = new gcp.pubsub.LiteTopic(\"example\", {\n name: \"example-topic\",\n project: project.then(project =\u003e project.number),\n partitionConfig: {\n count: 1,\n capacity: {\n publishMibPerSec: 4,\n subscribeMibPerSec: 8,\n },\n },\n retentionConfig: {\n perPartitionBytes: \"32212254720\",\n },\n reservationConfig: {\n throughputReservation: example.name,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample = gcp.pubsub.LiteReservation(\"example\",\n name=\"example-reservation\",\n project=project.number,\n throughput_capacity=2)\nexample_lite_topic = gcp.pubsub.LiteTopic(\"example\",\n name=\"example-topic\",\n project=project.number,\n partition_config={\n \"count\": 1,\n \"capacity\": {\n \"publish_mib_per_sec\": 4,\n \"subscribe_mib_per_sec\": 8,\n },\n },\n retention_config={\n \"per_partition_bytes\": \"32212254720\",\n },\n reservation_config={\n \"throughput_reservation\": example.name,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example = new Gcp.PubSub.LiteReservation(\"example\", new()\n {\n Name = \"example-reservation\",\n Project = project.Apply(getProjectResult =\u003e getProjectResult.Number),\n ThroughputCapacity = 2,\n });\n\n var exampleLiteTopic = new Gcp.PubSub.LiteTopic(\"example\", new()\n {\n Name = \"example-topic\",\n Project = project.Apply(getProjectResult =\u003e getProjectResult.Number),\n PartitionConfig = new Gcp.PubSub.Inputs.LiteTopicPartitionConfigArgs\n {\n Count = 1,\n Capacity = new Gcp.PubSub.Inputs.LiteTopicPartitionConfigCapacityArgs\n {\n PublishMibPerSec = 4,\n SubscribeMibPerSec = 8,\n },\n },\n RetentionConfig = new Gcp.PubSub.Inputs.LiteTopicRetentionConfigArgs\n {\n PerPartitionBytes = \"32212254720\",\n },\n ReservationConfig = new Gcp.PubSub.Inputs.LiteTopicReservationConfigArgs\n {\n ThroughputReservation = example.Name,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := pubsub.NewLiteReservation(ctx, \"example\", \u0026pubsub.LiteReservationArgs{\n\t\t\tName: pulumi.String(\"example-reservation\"),\n\t\t\tProject: pulumi.String(project.Number),\n\t\t\tThroughputCapacity: pulumi.Int(2),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewLiteTopic(ctx, \"example\", \u0026pubsub.LiteTopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t\tProject: pulumi.String(project.Number),\n\t\t\tPartitionConfig: \u0026pubsub.LiteTopicPartitionConfigArgs{\n\t\t\t\tCount: pulumi.Int(1),\n\t\t\t\tCapacity: \u0026pubsub.LiteTopicPartitionConfigCapacityArgs{\n\t\t\t\t\tPublishMibPerSec: pulumi.Int(4),\n\t\t\t\t\tSubscribeMibPerSec: pulumi.Int(8),\n\t\t\t\t},\n\t\t\t},\n\t\t\tRetentionConfig: \u0026pubsub.LiteTopicRetentionConfigArgs{\n\t\t\t\tPerPartitionBytes: pulumi.String(\"32212254720\"),\n\t\t\t},\n\t\t\tReservationConfig: \u0026pubsub.LiteTopicReservationConfigArgs{\n\t\t\t\tThroughputReservation: example.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.pubsub.LiteReservation;\nimport com.pulumi.gcp.pubsub.LiteReservationArgs;\nimport com.pulumi.gcp.pubsub.LiteTopic;\nimport com.pulumi.gcp.pubsub.LiteTopicArgs;\nimport com.pulumi.gcp.pubsub.inputs.LiteTopicPartitionConfigArgs;\nimport com.pulumi.gcp.pubsub.inputs.LiteTopicPartitionConfigCapacityArgs;\nimport com.pulumi.gcp.pubsub.inputs.LiteTopicRetentionConfigArgs;\nimport com.pulumi.gcp.pubsub.inputs.LiteTopicReservationConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example = new LiteReservation(\"example\", LiteReservationArgs.builder()\n .name(\"example-reservation\")\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.number()))\n .throughputCapacity(2)\n .build());\n\n var exampleLiteTopic = new LiteTopic(\"exampleLiteTopic\", LiteTopicArgs.builder()\n .name(\"example-topic\")\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.number()))\n .partitionConfig(LiteTopicPartitionConfigArgs.builder()\n .count(1)\n .capacity(LiteTopicPartitionConfigCapacityArgs.builder()\n .publishMibPerSec(4)\n .subscribeMibPerSec(8)\n .build())\n .build())\n .retentionConfig(LiteTopicRetentionConfigArgs.builder()\n .perPartitionBytes(32212254720)\n .build())\n .reservationConfig(LiteTopicReservationConfigArgs.builder()\n .throughputReservation(example.name())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:LiteReservation\n properties:\n name: example-reservation\n project: ${project.number}\n throughputCapacity: 2\n exampleLiteTopic:\n type: gcp:pubsub:LiteTopic\n name: example\n properties:\n name: example-topic\n project: ${project.number}\n partitionConfig:\n count: 1\n capacity:\n publishMibPerSec: 4\n subscribeMibPerSec: 8\n retentionConfig:\n perPartitionBytes: 3.221225472e+10\n reservationConfig:\n throughputReservation: ${example.name}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nTopic can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{zone}}/topics/{{name}}`\n\n* `{{project}}/{{zone}}/{{name}}`\n\n* `{{zone}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Topic can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:pubsub/liteTopic:LiteTopic default projects/{{project}}/locations/{{zone}}/topics/{{name}}\n```\n\n```sh\n$ pulumi import gcp:pubsub/liteTopic:LiteTopic default {{project}}/{{zone}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:pubsub/liteTopic:LiteTopic default {{zone}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:pubsub/liteTopic:LiteTopic default {{name}}\n```\n\n", + "description": "A named resource to which messages are sent by publishers.\n\n\nTo get more information about Topic, see:\n\n* [API documentation](https://cloud.google.com/pubsub/lite/docs/reference/rest/v1/admin.projects.locations.topics)\n* How-to Guides\n * [Managing Topics](https://cloud.google.com/pubsub/lite/docs/topics)\n\n## Example Usage\n\n### Pubsub Lite Topic Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example = new gcp.pubsub.LiteReservation(\"example\", {\n name: \"example-reservation\",\n project: project.then(project =\u003e project.number),\n throughputCapacity: 2,\n});\nconst exampleLiteTopic = new gcp.pubsub.LiteTopic(\"example\", {\n name: \"example-topic\",\n project: project.then(project =\u003e project.number),\n partitionConfig: {\n count: 1,\n capacity: {\n publishMibPerSec: 4,\n subscribeMibPerSec: 8,\n },\n },\n retentionConfig: {\n perPartitionBytes: \"32212254720\",\n },\n reservationConfig: {\n throughputReservation: example.name,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample = gcp.pubsub.LiteReservation(\"example\",\n name=\"example-reservation\",\n project=project.number,\n throughput_capacity=2)\nexample_lite_topic = gcp.pubsub.LiteTopic(\"example\",\n name=\"example-topic\",\n project=project.number,\n partition_config={\n \"count\": 1,\n \"capacity\": {\n \"publish_mib_per_sec\": 4,\n \"subscribe_mib_per_sec\": 8,\n },\n },\n retention_config={\n \"per_partition_bytes\": \"32212254720\",\n },\n reservation_config={\n \"throughput_reservation\": example.name,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example = new Gcp.PubSub.LiteReservation(\"example\", new()\n {\n Name = \"example-reservation\",\n Project = project.Apply(getProjectResult =\u003e getProjectResult.Number),\n ThroughputCapacity = 2,\n });\n\n var exampleLiteTopic = new Gcp.PubSub.LiteTopic(\"example\", new()\n {\n Name = \"example-topic\",\n Project = project.Apply(getProjectResult =\u003e getProjectResult.Number),\n PartitionConfig = new Gcp.PubSub.Inputs.LiteTopicPartitionConfigArgs\n {\n Count = 1,\n Capacity = new Gcp.PubSub.Inputs.LiteTopicPartitionConfigCapacityArgs\n {\n PublishMibPerSec = 4,\n SubscribeMibPerSec = 8,\n },\n },\n RetentionConfig = new Gcp.PubSub.Inputs.LiteTopicRetentionConfigArgs\n {\n PerPartitionBytes = \"32212254720\",\n },\n ReservationConfig = new Gcp.PubSub.Inputs.LiteTopicReservationConfigArgs\n {\n ThroughputReservation = example.Name,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := pubsub.NewLiteReservation(ctx, \"example\", \u0026pubsub.LiteReservationArgs{\n\t\t\tName: pulumi.String(\"example-reservation\"),\n\t\t\tProject: pulumi.String(project.Number),\n\t\t\tThroughputCapacity: pulumi.Int(2),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewLiteTopic(ctx, \"example\", \u0026pubsub.LiteTopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t\tProject: pulumi.String(project.Number),\n\t\t\tPartitionConfig: \u0026pubsub.LiteTopicPartitionConfigArgs{\n\t\t\t\tCount: pulumi.Int(1),\n\t\t\t\tCapacity: \u0026pubsub.LiteTopicPartitionConfigCapacityArgs{\n\t\t\t\t\tPublishMibPerSec: pulumi.Int(4),\n\t\t\t\t\tSubscribeMibPerSec: pulumi.Int(8),\n\t\t\t\t},\n\t\t\t},\n\t\t\tRetentionConfig: \u0026pubsub.LiteTopicRetentionConfigArgs{\n\t\t\t\tPerPartitionBytes: pulumi.String(\"32212254720\"),\n\t\t\t},\n\t\t\tReservationConfig: \u0026pubsub.LiteTopicReservationConfigArgs{\n\t\t\t\tThroughputReservation: example.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.pubsub.LiteReservation;\nimport com.pulumi.gcp.pubsub.LiteReservationArgs;\nimport com.pulumi.gcp.pubsub.LiteTopic;\nimport com.pulumi.gcp.pubsub.LiteTopicArgs;\nimport com.pulumi.gcp.pubsub.inputs.LiteTopicPartitionConfigArgs;\nimport com.pulumi.gcp.pubsub.inputs.LiteTopicPartitionConfigCapacityArgs;\nimport com.pulumi.gcp.pubsub.inputs.LiteTopicRetentionConfigArgs;\nimport com.pulumi.gcp.pubsub.inputs.LiteTopicReservationConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example = new LiteReservation(\"example\", LiteReservationArgs.builder()\n .name(\"example-reservation\")\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.number()))\n .throughputCapacity(2)\n .build());\n\n var exampleLiteTopic = new LiteTopic(\"exampleLiteTopic\", LiteTopicArgs.builder()\n .name(\"example-topic\")\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.number()))\n .partitionConfig(LiteTopicPartitionConfigArgs.builder()\n .count(1)\n .capacity(LiteTopicPartitionConfigCapacityArgs.builder()\n .publishMibPerSec(4)\n .subscribeMibPerSec(8)\n .build())\n .build())\n .retentionConfig(LiteTopicRetentionConfigArgs.builder()\n .perPartitionBytes(32212254720)\n .build())\n .reservationConfig(LiteTopicReservationConfigArgs.builder()\n .throughputReservation(example.name())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:LiteReservation\n properties:\n name: example-reservation\n project: ${project.number}\n throughputCapacity: 2\n exampleLiteTopic:\n type: gcp:pubsub:LiteTopic\n name: example\n properties:\n name: example-topic\n project: ${project.number}\n partitionConfig:\n count: 1\n capacity:\n publishMibPerSec: 4\n subscribeMibPerSec: 8\n retentionConfig:\n perPartitionBytes: 3.221225472e+10\n reservationConfig:\n throughputReservation: ${example.name}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nTopic can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{zone}}/topics/{{name}}`\n\n* `{{project}}/{{zone}}/{{name}}`\n\n* `{{zone}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Topic can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:pubsub/liteTopic:LiteTopic default projects/{{project}}/locations/{{zone}}/topics/{{name}}\n```\n\n```sh\n$ pulumi import gcp:pubsub/liteTopic:LiteTopic default {{project}}/{{zone}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:pubsub/liteTopic:LiteTopic default {{zone}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:pubsub/liteTopic:LiteTopic default {{name}}\n```\n\n", "properties": { "name": { "type": "string", @@ -252982,7 +252982,7 @@ } }, "gcp:pubsub/schema:Schema": { - "description": "A schema is a format that messages must follow,\ncreating a contract between publisher and subscriber that Pub/Sub will enforce.\n\n\nTo get more information about Schema, see:\n\n* [API documentation](https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.schemas)\n* How-to Guides\n * [Creating and managing schemas](https://cloud.google.com/pubsub/docs/schemas)\n\n## Example Usage\n\n### Pubsub Schema Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.pubsub.Schema(\"example\", {\n name: \"example-schema\",\n type: \"AVRO\",\n definition: `{\n \"type\" : \"record\",\n \"name\" : \"Avro\",\n \"fields\" : [\n {\n \"name\" : \"StringField\",\n \"type\" : \"string\"\n },\n {\n \"name\" : \"IntField\",\n \"type\" : \"int\"\n }\n ]\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.pubsub.Schema(\"example\",\n name=\"example-schema\",\n type=\"AVRO\",\n definition=\"\"\"{\n \"type\" : \"record\",\n \"name\" : \"Avro\",\n \"fields\" : [\n {\n \"name\" : \"StringField\",\n \"type\" : \"string\"\n },\n {\n \"name\" : \"IntField\",\n \"type\" : \"int\"\n }\n ]\n}\n\"\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.PubSub.Schema(\"example\", new()\n {\n Name = \"example-schema\",\n Type = \"AVRO\",\n Definition = @\"{\n \"\"type\"\" : \"\"record\"\",\n \"\"name\"\" : \"\"Avro\"\",\n \"\"fields\"\" : [\n {\n \"\"name\"\" : \"\"StringField\"\",\n \"\"type\"\" : \"\"string\"\"\n },\n {\n \"\"name\"\" : \"\"IntField\"\",\n \"\"type\"\" : \"\"int\"\"\n }\n ]\n}\n\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchema(ctx, \"example\", \u0026pubsub.SchemaArgs{\n\t\t\tName: pulumi.String(\"example-schema\"),\n\t\t\tType: pulumi.String(\"AVRO\"),\n\t\t\tDefinition: pulumi.String(`{\n \"type\" : \"record\",\n \"name\" : \"Avro\",\n \"fields\" : [\n {\n \"name\" : \"StringField\",\n \"type\" : \"string\"\n },\n {\n \"name\" : \"IntField\",\n \"type\" : \"int\"\n }\n ]\n}\n`),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Schema;\nimport com.pulumi.gcp.pubsub.SchemaArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Schema(\"example\", SchemaArgs.builder()\n .name(\"example-schema\")\n .type(\"AVRO\")\n .definition(\"\"\"\n{\n \"type\" : \"record\",\n \"name\" : \"Avro\",\n \"fields\" : [\n {\n \"name\" : \"StringField\",\n \"type\" : \"string\"\n },\n {\n \"name\" : \"IntField\",\n \"type\" : \"int\"\n }\n ]\n}\n \"\"\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:Schema\n properties:\n name: example-schema\n type: AVRO\n definition: |\n {\n \"type\" : \"record\",\n \"name\" : \"Avro\",\n \"fields\" : [\n {\n \"name\" : \"StringField\",\n \"type\" : \"string\"\n },\n {\n \"name\" : \"IntField\",\n \"type\" : \"int\"\n }\n ]\n }\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Pubsub Schema Protobuf\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.pubsub.Schema(\"example\", {\n name: \"example\",\n type: \"PROTOCOL_BUFFER\",\n definition: `syntax = \"proto3\";\nmessage Results {\nstring message_request = 1;\nstring message_response = 2;\nstring timestamp_request = 3;\nstring timestamp_response = 4;\n}`,\n});\nconst exampleTopic = new gcp.pubsub.Topic(\"example\", {\n name: \"example-topic\",\n schemaSettings: {\n schema: \"projects/my-project-name/schemas/example\",\n encoding: \"JSON\",\n },\n}, {\n dependsOn: [example],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.pubsub.Schema(\"example\",\n name=\"example\",\n type=\"PROTOCOL_BUFFER\",\n definition=\"\"\"syntax = \"proto3\";\nmessage Results {\nstring message_request = 1;\nstring message_response = 2;\nstring timestamp_request = 3;\nstring timestamp_response = 4;\n}\"\"\")\nexample_topic = gcp.pubsub.Topic(\"example\",\n name=\"example-topic\",\n schema_settings={\n \"schema\": \"projects/my-project-name/schemas/example\",\n \"encoding\": \"JSON\",\n },\n opts = pulumi.ResourceOptions(depends_on=[example]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.PubSub.Schema(\"example\", new()\n {\n Name = \"example\",\n Type = \"PROTOCOL_BUFFER\",\n Definition = @\"syntax = \"\"proto3\"\";\nmessage Results {\nstring message_request = 1;\nstring message_response = 2;\nstring timestamp_request = 3;\nstring timestamp_response = 4;\n}\",\n });\n\n var exampleTopic = new Gcp.PubSub.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n SchemaSettings = new Gcp.PubSub.Inputs.TopicSchemaSettingsArgs\n {\n Schema = \"projects/my-project-name/schemas/example\",\n Encoding = \"JSON\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n example,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := pubsub.NewSchema(ctx, \"example\", \u0026pubsub.SchemaArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tType: pulumi.String(\"PROTOCOL_BUFFER\"),\n\t\t\tDefinition: pulumi.String(`syntax = \"proto3\";\nmessage Results {\nstring message_request = 1;\nstring message_response = 2;\nstring timestamp_request = 3;\nstring timestamp_response = 4;\n}`),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopic(ctx, \"example\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t\tSchemaSettings: \u0026pubsub.TopicSchemaSettingsArgs{\n\t\t\t\tSchema: pulumi.String(\"projects/my-project-name/schemas/example\"),\n\t\t\t\tEncoding: pulumi.String(\"JSON\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texample,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Schema;\nimport com.pulumi.gcp.pubsub.SchemaArgs;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.pubsub.inputs.TopicSchemaSettingsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Schema(\"example\", SchemaArgs.builder()\n .name(\"example\")\n .type(\"PROTOCOL_BUFFER\")\n .definition(\"\"\"\nsyntax = \"proto3\";\nmessage Results {\nstring message_request = 1;\nstring message_response = 2;\nstring timestamp_request = 3;\nstring timestamp_response = 4;\n} \"\"\")\n .build());\n\n var exampleTopic = new Topic(\"exampleTopic\", TopicArgs.builder()\n .name(\"example-topic\")\n .schemaSettings(TopicSchemaSettingsArgs.builder()\n .schema(\"projects/my-project-name/schemas/example\")\n .encoding(\"JSON\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(example)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:Schema\n properties:\n name: example\n type: PROTOCOL_BUFFER\n definition: |-\n syntax = \"proto3\";\n message Results {\n string message_request = 1;\n string message_response = 2;\n string timestamp_request = 3;\n string timestamp_response = 4;\n }\n exampleTopic:\n type: gcp:pubsub:Topic\n name: example\n properties:\n name: example-topic\n schemaSettings:\n schema: projects/my-project-name/schemas/example\n encoding: JSON\n options:\n dependson:\n - ${example}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nSchema can be imported using any of these accepted formats:\n\n* `projects/{{project}}/schemas/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Schema can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:pubsub/schema:Schema default projects/{{project}}/schemas/{{name}}\n```\n\n```sh\n$ pulumi import gcp:pubsub/schema:Schema default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:pubsub/schema:Schema default {{name}}\n```\n\n", + "description": "A schema is a format that messages must follow,\ncreating a contract between publisher and subscriber that Pub/Sub will enforce.\n\n\nTo get more information about Schema, see:\n\n* [API documentation](https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.schemas)\n* How-to Guides\n * [Creating and managing schemas](https://cloud.google.com/pubsub/docs/schemas)\n\n## Example Usage\n\n### Pubsub Schema Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.pubsub.Schema(\"example\", {\n name: \"example-schema\",\n type: \"AVRO\",\n definition: `{\n \"type\" : \"record\",\n \"name\" : \"Avro\",\n \"fields\" : [\n {\n \"name\" : \"StringField\",\n \"type\" : \"string\"\n },\n {\n \"name\" : \"IntField\",\n \"type\" : \"int\"\n }\n ]\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.pubsub.Schema(\"example\",\n name=\"example-schema\",\n type=\"AVRO\",\n definition=\"\"\"{\n \"type\" : \"record\",\n \"name\" : \"Avro\",\n \"fields\" : [\n {\n \"name\" : \"StringField\",\n \"type\" : \"string\"\n },\n {\n \"name\" : \"IntField\",\n \"type\" : \"int\"\n }\n ]\n}\n\"\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.PubSub.Schema(\"example\", new()\n {\n Name = \"example-schema\",\n Type = \"AVRO\",\n Definition = @\"{\n \"\"type\"\" : \"\"record\"\",\n \"\"name\"\" : \"\"Avro\"\",\n \"\"fields\"\" : [\n {\n \"\"name\"\" : \"\"StringField\"\",\n \"\"type\"\" : \"\"string\"\"\n },\n {\n \"\"name\"\" : \"\"IntField\"\",\n \"\"type\"\" : \"\"int\"\"\n }\n ]\n}\n\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchema(ctx, \"example\", \u0026pubsub.SchemaArgs{\n\t\t\tName: pulumi.String(\"example-schema\"),\n\t\t\tType: pulumi.String(\"AVRO\"),\n\t\t\tDefinition: pulumi.String(`{\n \"type\" : \"record\",\n \"name\" : \"Avro\",\n \"fields\" : [\n {\n \"name\" : \"StringField\",\n \"type\" : \"string\"\n },\n {\n \"name\" : \"IntField\",\n \"type\" : \"int\"\n }\n ]\n}\n`),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Schema;\nimport com.pulumi.gcp.pubsub.SchemaArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Schema(\"example\", SchemaArgs.builder()\n .name(\"example-schema\")\n .type(\"AVRO\")\n .definition(\"\"\"\n{\n \"type\" : \"record\",\n \"name\" : \"Avro\",\n \"fields\" : [\n {\n \"name\" : \"StringField\",\n \"type\" : \"string\"\n },\n {\n \"name\" : \"IntField\",\n \"type\" : \"int\"\n }\n ]\n}\n \"\"\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:Schema\n properties:\n name: example-schema\n type: AVRO\n definition: |\n {\n \"type\" : \"record\",\n \"name\" : \"Avro\",\n \"fields\" : [\n {\n \"name\" : \"StringField\",\n \"type\" : \"string\"\n },\n {\n \"name\" : \"IntField\",\n \"type\" : \"int\"\n }\n ]\n }\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Pubsub Schema Protobuf\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.pubsub.Schema(\"example\", {\n name: \"example\",\n type: \"PROTOCOL_BUFFER\",\n definition: `syntax = \"proto3\";\nmessage Results {\nstring message_request = 1;\nstring message_response = 2;\nstring timestamp_request = 3;\nstring timestamp_response = 4;\n}`,\n});\nconst exampleTopic = new gcp.pubsub.Topic(\"example\", {\n name: \"example-topic\",\n schemaSettings: {\n schema: \"projects/my-project-name/schemas/example\",\n encoding: \"JSON\",\n },\n}, {\n dependsOn: [example],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.pubsub.Schema(\"example\",\n name=\"example\",\n type=\"PROTOCOL_BUFFER\",\n definition=\"\"\"syntax = \"proto3\";\nmessage Results {\nstring message_request = 1;\nstring message_response = 2;\nstring timestamp_request = 3;\nstring timestamp_response = 4;\n}\"\"\")\nexample_topic = gcp.pubsub.Topic(\"example\",\n name=\"example-topic\",\n schema_settings={\n \"schema\": \"projects/my-project-name/schemas/example\",\n \"encoding\": \"JSON\",\n },\n opts = pulumi.ResourceOptions(depends_on=[example]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.PubSub.Schema(\"example\", new()\n {\n Name = \"example\",\n Type = \"PROTOCOL_BUFFER\",\n Definition = @\"syntax = \"\"proto3\"\";\nmessage Results {\nstring message_request = 1;\nstring message_response = 2;\nstring timestamp_request = 3;\nstring timestamp_response = 4;\n}\",\n });\n\n var exampleTopic = new Gcp.PubSub.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n SchemaSettings = new Gcp.PubSub.Inputs.TopicSchemaSettingsArgs\n {\n Schema = \"projects/my-project-name/schemas/example\",\n Encoding = \"JSON\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n example,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := pubsub.NewSchema(ctx, \"example\", \u0026pubsub.SchemaArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tType: pulumi.String(\"PROTOCOL_BUFFER\"),\n\t\t\tDefinition: pulumi.String(`syntax = \"proto3\";\nmessage Results {\nstring message_request = 1;\nstring message_response = 2;\nstring timestamp_request = 3;\nstring timestamp_response = 4;\n}`),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopic(ctx, \"example\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t\tSchemaSettings: \u0026pubsub.TopicSchemaSettingsArgs{\n\t\t\t\tSchema: pulumi.String(\"projects/my-project-name/schemas/example\"),\n\t\t\t\tEncoding: pulumi.String(\"JSON\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texample,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Schema;\nimport com.pulumi.gcp.pubsub.SchemaArgs;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.pubsub.inputs.TopicSchemaSettingsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Schema(\"example\", SchemaArgs.builder()\n .name(\"example\")\n .type(\"PROTOCOL_BUFFER\")\n .definition(\"\"\"\nsyntax = \"proto3\";\nmessage Results {\nstring message_request = 1;\nstring message_response = 2;\nstring timestamp_request = 3;\nstring timestamp_response = 4;\n} \"\"\")\n .build());\n\n var exampleTopic = new Topic(\"exampleTopic\", TopicArgs.builder()\n .name(\"example-topic\")\n .schemaSettings(TopicSchemaSettingsArgs.builder()\n .schema(\"projects/my-project-name/schemas/example\")\n .encoding(\"JSON\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(example)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:Schema\n properties:\n name: example\n type: PROTOCOL_BUFFER\n definition: |-\n syntax = \"proto3\";\n message Results {\n string message_request = 1;\n string message_response = 2;\n string timestamp_request = 3;\n string timestamp_response = 4;\n }\n exampleTopic:\n type: gcp:pubsub:Topic\n name: example\n properties:\n name: example-topic\n schemaSettings:\n schema: projects/my-project-name/schemas/example\n encoding: JSON\n options:\n dependsOn:\n - ${example}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nSchema can be imported using any of these accepted formats:\n\n* `projects/{{project}}/schemas/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Schema can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:pubsub/schema:Schema default projects/{{project}}/schemas/{{name}}\n```\n\n```sh\n$ pulumi import gcp:pubsub/schema:Schema default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:pubsub/schema:Schema default {{name}}\n```\n\n", "properties": { "definition": { "type": "string", @@ -253051,7 +253051,7 @@ } }, "gcp:pubsub/schemaIamBinding:SchemaIamBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud Pub/Sub Schema. Each of these resources serves a different use case:\n\n* `gcp.pubsub.SchemaIamPolicy`: Authoritative. Sets the IAM policy for the schema and replaces any existing policy already attached.\n* `gcp.pubsub.SchemaIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the schema are preserved.\n* `gcp.pubsub.SchemaIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the schema are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.SchemaIamPolicy`: Retrieves the IAM policy for the schema\n\n\u003e **Note:** `gcp.pubsub.SchemaIamPolicy` **cannot** be used in conjunction with `gcp.pubsub.SchemaIamBinding` and `gcp.pubsub.SchemaIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.SchemaIamBinding` resources **can be** used in conjunction with `gcp.pubsub.SchemaIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.pubsub.SchemaIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.SchemaIamPolicy(\"policy\", {\n project: example.project,\n schema: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.pubsub.SchemaIamPolicy(\"policy\",\n project=example[\"project\"],\n schema=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.SchemaIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSchemaIamPolicy(ctx, \"policy\", \u0026pubsub.SchemaIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicy;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SchemaIamPolicy(\"policy\", SchemaIamPolicyArgs.builder()\n .project(example.project())\n .schema(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:SchemaIamPolicy\n properties:\n project: ${example.project}\n schema: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SchemaIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.SchemaIamBinding(\"binding\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.SchemaIamBinding(\"binding\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.SchemaIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamBinding(ctx, \"binding\", \u0026pubsub.SchemaIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamBinding;\nimport com.pulumi.gcp.pubsub.SchemaIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SchemaIamBinding(\"binding\", SchemaIamBindingArgs.builder()\n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:SchemaIamBinding\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SchemaIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.SchemaIamMember(\"member\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.SchemaIamMember(\"member\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.SchemaIamMember(\"member\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamMember(ctx, \"member\", \u0026pubsub.SchemaIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamMember;\nimport com.pulumi.gcp.pubsub.SchemaIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SchemaIamMember(\"member\", SchemaIamMemberArgs.builder()\n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:SchemaIamMember\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Pub/Sub Schema\nThree different resources help you manage your IAM policy for Cloud Pub/Sub Schema. Each of these resources serves a different use case:\n\n* `gcp.pubsub.SchemaIamPolicy`: Authoritative. Sets the IAM policy for the schema and replaces any existing policy already attached.\n* `gcp.pubsub.SchemaIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the schema are preserved.\n* `gcp.pubsub.SchemaIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the schema are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.SchemaIamPolicy`: Retrieves the IAM policy for the schema\n\n\u003e **Note:** `gcp.pubsub.SchemaIamPolicy` **cannot** be used in conjunction with `gcp.pubsub.SchemaIamBinding` and `gcp.pubsub.SchemaIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.SchemaIamBinding` resources **can be** used in conjunction with `gcp.pubsub.SchemaIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.pubsub.SchemaIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.SchemaIamPolicy(\"policy\", {\n project: example.project,\n schema: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.pubsub.SchemaIamPolicy(\"policy\",\n project=example[\"project\"],\n schema=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.SchemaIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSchemaIamPolicy(ctx, \"policy\", \u0026pubsub.SchemaIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicy;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SchemaIamPolicy(\"policy\", SchemaIamPolicyArgs.builder()\n .project(example.project())\n .schema(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:SchemaIamPolicy\n properties:\n project: ${example.project}\n schema: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SchemaIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.SchemaIamBinding(\"binding\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.SchemaIamBinding(\"binding\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.SchemaIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamBinding(ctx, \"binding\", \u0026pubsub.SchemaIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamBinding;\nimport com.pulumi.gcp.pubsub.SchemaIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SchemaIamBinding(\"binding\", SchemaIamBindingArgs.builder()\n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:SchemaIamBinding\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SchemaIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.SchemaIamMember(\"member\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.SchemaIamMember(\"member\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.SchemaIamMember(\"member\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamMember(ctx, \"member\", \u0026pubsub.SchemaIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamMember;\nimport com.pulumi.gcp.pubsub.SchemaIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SchemaIamMember(\"member\", SchemaIamMemberArgs.builder()\n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:SchemaIamMember\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/schemas/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Pub/Sub schema IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamBinding:SchemaIamBinding editor \"projects/{{project}}/schemas/{{schema}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamBinding:SchemaIamBinding editor \"projects/{{project}}/schemas/{{schema}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamBinding:SchemaIamBinding editor projects/{{project}}/schemas/{{schema}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Pub/Sub Schema. Each of these resources serves a different use case:\n\n* `gcp.pubsub.SchemaIamPolicy`: Authoritative. Sets the IAM policy for the schema and replaces any existing policy already attached.\n* `gcp.pubsub.SchemaIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the schema are preserved.\n* `gcp.pubsub.SchemaIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the schema are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.SchemaIamPolicy`: Retrieves the IAM policy for the schema\n\n\u003e **Note:** `gcp.pubsub.SchemaIamPolicy` **cannot** be used in conjunction with `gcp.pubsub.SchemaIamBinding` and `gcp.pubsub.SchemaIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.SchemaIamBinding` resources **can be** used in conjunction with `gcp.pubsub.SchemaIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.pubsub.SchemaIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.SchemaIamPolicy(\"policy\", {\n project: example.project,\n schema: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.pubsub.SchemaIamPolicy(\"policy\",\n project=example[\"project\"],\n schema=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.SchemaIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSchemaIamPolicy(ctx, \"policy\", \u0026pubsub.SchemaIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicy;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SchemaIamPolicy(\"policy\", SchemaIamPolicyArgs.builder()\n .project(example.project())\n .schema(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:SchemaIamPolicy\n properties:\n project: ${example.project}\n schema: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SchemaIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.SchemaIamBinding(\"binding\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.SchemaIamBinding(\"binding\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.SchemaIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamBinding(ctx, \"binding\", \u0026pubsub.SchemaIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamBinding;\nimport com.pulumi.gcp.pubsub.SchemaIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SchemaIamBinding(\"binding\", SchemaIamBindingArgs.builder()\n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:SchemaIamBinding\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SchemaIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.SchemaIamMember(\"member\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.SchemaIamMember(\"member\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.SchemaIamMember(\"member\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamMember(ctx, \"member\", \u0026pubsub.SchemaIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamMember;\nimport com.pulumi.gcp.pubsub.SchemaIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SchemaIamMember(\"member\", SchemaIamMemberArgs.builder()\n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:SchemaIamMember\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Pub/Sub Schema\nThree different resources help you manage your IAM policy for Cloud Pub/Sub Schema. Each of these resources serves a different use case:\n\n* `gcp.pubsub.SchemaIamPolicy`: Authoritative. Sets the IAM policy for the schema and replaces any existing policy already attached.\n* `gcp.pubsub.SchemaIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the schema are preserved.\n* `gcp.pubsub.SchemaIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the schema are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.SchemaIamPolicy`: Retrieves the IAM policy for the schema\n\n\u003e **Note:** `gcp.pubsub.SchemaIamPolicy` **cannot** be used in conjunction with `gcp.pubsub.SchemaIamBinding` and `gcp.pubsub.SchemaIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.SchemaIamBinding` resources **can be** used in conjunction with `gcp.pubsub.SchemaIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.pubsub.SchemaIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.SchemaIamPolicy(\"policy\", {\n project: example.project,\n schema: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.pubsub.SchemaIamPolicy(\"policy\",\n project=example[\"project\"],\n schema=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.SchemaIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSchemaIamPolicy(ctx, \"policy\", \u0026pubsub.SchemaIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicy;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SchemaIamPolicy(\"policy\", SchemaIamPolicyArgs.builder()\n .project(example.project())\n .schema(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:SchemaIamPolicy\n properties:\n project: ${example.project}\n schema: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SchemaIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.SchemaIamBinding(\"binding\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.SchemaIamBinding(\"binding\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.SchemaIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamBinding(ctx, \"binding\", \u0026pubsub.SchemaIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamBinding;\nimport com.pulumi.gcp.pubsub.SchemaIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SchemaIamBinding(\"binding\", SchemaIamBindingArgs.builder()\n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:SchemaIamBinding\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SchemaIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.SchemaIamMember(\"member\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.SchemaIamMember(\"member\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.SchemaIamMember(\"member\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamMember(ctx, \"member\", \u0026pubsub.SchemaIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamMember;\nimport com.pulumi.gcp.pubsub.SchemaIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SchemaIamMember(\"member\", SchemaIamMemberArgs.builder()\n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:SchemaIamMember\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/schemas/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Pub/Sub schema IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamBinding:SchemaIamBinding editor \"projects/{{project}}/schemas/{{schema}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamBinding:SchemaIamBinding editor \"projects/{{project}}/schemas/{{schema}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamBinding:SchemaIamBinding editor projects/{{project}}/schemas/{{schema}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:pubsub/SchemaIamBindingCondition:SchemaIamBindingCondition" @@ -253158,7 +253158,7 @@ } }, "gcp:pubsub/schemaIamMember:SchemaIamMember": { - "description": "Three different resources help you manage your IAM policy for Cloud Pub/Sub Schema. Each of these resources serves a different use case:\n\n* `gcp.pubsub.SchemaIamPolicy`: Authoritative. Sets the IAM policy for the schema and replaces any existing policy already attached.\n* `gcp.pubsub.SchemaIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the schema are preserved.\n* `gcp.pubsub.SchemaIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the schema are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.SchemaIamPolicy`: Retrieves the IAM policy for the schema\n\n\u003e **Note:** `gcp.pubsub.SchemaIamPolicy` **cannot** be used in conjunction with `gcp.pubsub.SchemaIamBinding` and `gcp.pubsub.SchemaIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.SchemaIamBinding` resources **can be** used in conjunction with `gcp.pubsub.SchemaIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.pubsub.SchemaIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.SchemaIamPolicy(\"policy\", {\n project: example.project,\n schema: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.pubsub.SchemaIamPolicy(\"policy\",\n project=example[\"project\"],\n schema=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.SchemaIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSchemaIamPolicy(ctx, \"policy\", \u0026pubsub.SchemaIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicy;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SchemaIamPolicy(\"policy\", SchemaIamPolicyArgs.builder()\n .project(example.project())\n .schema(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:SchemaIamPolicy\n properties:\n project: ${example.project}\n schema: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SchemaIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.SchemaIamBinding(\"binding\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.SchemaIamBinding(\"binding\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.SchemaIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamBinding(ctx, \"binding\", \u0026pubsub.SchemaIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamBinding;\nimport com.pulumi.gcp.pubsub.SchemaIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SchemaIamBinding(\"binding\", SchemaIamBindingArgs.builder()\n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:SchemaIamBinding\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SchemaIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.SchemaIamMember(\"member\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.SchemaIamMember(\"member\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.SchemaIamMember(\"member\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamMember(ctx, \"member\", \u0026pubsub.SchemaIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamMember;\nimport com.pulumi.gcp.pubsub.SchemaIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SchemaIamMember(\"member\", SchemaIamMemberArgs.builder()\n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:SchemaIamMember\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Pub/Sub Schema\nThree different resources help you manage your IAM policy for Cloud Pub/Sub Schema. Each of these resources serves a different use case:\n\n* `gcp.pubsub.SchemaIamPolicy`: Authoritative. Sets the IAM policy for the schema and replaces any existing policy already attached.\n* `gcp.pubsub.SchemaIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the schema are preserved.\n* `gcp.pubsub.SchemaIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the schema are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.SchemaIamPolicy`: Retrieves the IAM policy for the schema\n\n\u003e **Note:** `gcp.pubsub.SchemaIamPolicy` **cannot** be used in conjunction with `gcp.pubsub.SchemaIamBinding` and `gcp.pubsub.SchemaIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.SchemaIamBinding` resources **can be** used in conjunction with `gcp.pubsub.SchemaIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.pubsub.SchemaIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.SchemaIamPolicy(\"policy\", {\n project: example.project,\n schema: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.pubsub.SchemaIamPolicy(\"policy\",\n project=example[\"project\"],\n schema=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.SchemaIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSchemaIamPolicy(ctx, \"policy\", \u0026pubsub.SchemaIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicy;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SchemaIamPolicy(\"policy\", SchemaIamPolicyArgs.builder()\n .project(example.project())\n .schema(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:SchemaIamPolicy\n properties:\n project: ${example.project}\n schema: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SchemaIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.SchemaIamBinding(\"binding\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.SchemaIamBinding(\"binding\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.SchemaIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamBinding(ctx, \"binding\", \u0026pubsub.SchemaIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamBinding;\nimport com.pulumi.gcp.pubsub.SchemaIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SchemaIamBinding(\"binding\", SchemaIamBindingArgs.builder()\n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:SchemaIamBinding\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SchemaIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.SchemaIamMember(\"member\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.SchemaIamMember(\"member\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.SchemaIamMember(\"member\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamMember(ctx, \"member\", \u0026pubsub.SchemaIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamMember;\nimport com.pulumi.gcp.pubsub.SchemaIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SchemaIamMember(\"member\", SchemaIamMemberArgs.builder()\n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:SchemaIamMember\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/schemas/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Pub/Sub schema IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamMember:SchemaIamMember editor \"projects/{{project}}/schemas/{{schema}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamMember:SchemaIamMember editor \"projects/{{project}}/schemas/{{schema}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamMember:SchemaIamMember editor projects/{{project}}/schemas/{{schema}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Pub/Sub Schema. Each of these resources serves a different use case:\n\n* `gcp.pubsub.SchemaIamPolicy`: Authoritative. Sets the IAM policy for the schema and replaces any existing policy already attached.\n* `gcp.pubsub.SchemaIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the schema are preserved.\n* `gcp.pubsub.SchemaIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the schema are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.SchemaIamPolicy`: Retrieves the IAM policy for the schema\n\n\u003e **Note:** `gcp.pubsub.SchemaIamPolicy` **cannot** be used in conjunction with `gcp.pubsub.SchemaIamBinding` and `gcp.pubsub.SchemaIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.SchemaIamBinding` resources **can be** used in conjunction with `gcp.pubsub.SchemaIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.pubsub.SchemaIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.SchemaIamPolicy(\"policy\", {\n project: example.project,\n schema: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.pubsub.SchemaIamPolicy(\"policy\",\n project=example[\"project\"],\n schema=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.SchemaIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSchemaIamPolicy(ctx, \"policy\", \u0026pubsub.SchemaIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicy;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SchemaIamPolicy(\"policy\", SchemaIamPolicyArgs.builder()\n .project(example.project())\n .schema(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:SchemaIamPolicy\n properties:\n project: ${example.project}\n schema: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SchemaIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.SchemaIamBinding(\"binding\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.SchemaIamBinding(\"binding\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.SchemaIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamBinding(ctx, \"binding\", \u0026pubsub.SchemaIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamBinding;\nimport com.pulumi.gcp.pubsub.SchemaIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SchemaIamBinding(\"binding\", SchemaIamBindingArgs.builder()\n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:SchemaIamBinding\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SchemaIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.SchemaIamMember(\"member\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.SchemaIamMember(\"member\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.SchemaIamMember(\"member\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamMember(ctx, \"member\", \u0026pubsub.SchemaIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamMember;\nimport com.pulumi.gcp.pubsub.SchemaIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SchemaIamMember(\"member\", SchemaIamMemberArgs.builder()\n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:SchemaIamMember\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Pub/Sub Schema\nThree different resources help you manage your IAM policy for Cloud Pub/Sub Schema. Each of these resources serves a different use case:\n\n* `gcp.pubsub.SchemaIamPolicy`: Authoritative. Sets the IAM policy for the schema and replaces any existing policy already attached.\n* `gcp.pubsub.SchemaIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the schema are preserved.\n* `gcp.pubsub.SchemaIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the schema are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.SchemaIamPolicy`: Retrieves the IAM policy for the schema\n\n\u003e **Note:** `gcp.pubsub.SchemaIamPolicy` **cannot** be used in conjunction with `gcp.pubsub.SchemaIamBinding` and `gcp.pubsub.SchemaIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.SchemaIamBinding` resources **can be** used in conjunction with `gcp.pubsub.SchemaIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.pubsub.SchemaIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.SchemaIamPolicy(\"policy\", {\n project: example.project,\n schema: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.pubsub.SchemaIamPolicy(\"policy\",\n project=example[\"project\"],\n schema=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.SchemaIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSchemaIamPolicy(ctx, \"policy\", \u0026pubsub.SchemaIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicy;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SchemaIamPolicy(\"policy\", SchemaIamPolicyArgs.builder()\n .project(example.project())\n .schema(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:SchemaIamPolicy\n properties:\n project: ${example.project}\n schema: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SchemaIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.SchemaIamBinding(\"binding\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.SchemaIamBinding(\"binding\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.SchemaIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamBinding(ctx, \"binding\", \u0026pubsub.SchemaIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamBinding;\nimport com.pulumi.gcp.pubsub.SchemaIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SchemaIamBinding(\"binding\", SchemaIamBindingArgs.builder()\n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:SchemaIamBinding\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SchemaIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.SchemaIamMember(\"member\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.SchemaIamMember(\"member\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.SchemaIamMember(\"member\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamMember(ctx, \"member\", \u0026pubsub.SchemaIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamMember;\nimport com.pulumi.gcp.pubsub.SchemaIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SchemaIamMember(\"member\", SchemaIamMemberArgs.builder()\n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:SchemaIamMember\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/schemas/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Pub/Sub schema IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamMember:SchemaIamMember editor \"projects/{{project}}/schemas/{{schema}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamMember:SchemaIamMember editor \"projects/{{project}}/schemas/{{schema}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamMember:SchemaIamMember editor projects/{{project}}/schemas/{{schema}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:pubsub/SchemaIamMemberCondition:SchemaIamMemberCondition" @@ -253258,7 +253258,7 @@ } }, "gcp:pubsub/schemaIamPolicy:SchemaIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud Pub/Sub Schema. Each of these resources serves a different use case:\n\n* `gcp.pubsub.SchemaIamPolicy`: Authoritative. Sets the IAM policy for the schema and replaces any existing policy already attached.\n* `gcp.pubsub.SchemaIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the schema are preserved.\n* `gcp.pubsub.SchemaIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the schema are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.SchemaIamPolicy`: Retrieves the IAM policy for the schema\n\n\u003e **Note:** `gcp.pubsub.SchemaIamPolicy` **cannot** be used in conjunction with `gcp.pubsub.SchemaIamBinding` and `gcp.pubsub.SchemaIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.SchemaIamBinding` resources **can be** used in conjunction with `gcp.pubsub.SchemaIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.pubsub.SchemaIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.SchemaIamPolicy(\"policy\", {\n project: example.project,\n schema: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.pubsub.SchemaIamPolicy(\"policy\",\n project=example[\"project\"],\n schema=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.SchemaIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSchemaIamPolicy(ctx, \"policy\", \u0026pubsub.SchemaIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicy;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SchemaIamPolicy(\"policy\", SchemaIamPolicyArgs.builder()\n .project(example.project())\n .schema(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:SchemaIamPolicy\n properties:\n project: ${example.project}\n schema: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SchemaIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.SchemaIamBinding(\"binding\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.SchemaIamBinding(\"binding\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.SchemaIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamBinding(ctx, \"binding\", \u0026pubsub.SchemaIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamBinding;\nimport com.pulumi.gcp.pubsub.SchemaIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SchemaIamBinding(\"binding\", SchemaIamBindingArgs.builder()\n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:SchemaIamBinding\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SchemaIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.SchemaIamMember(\"member\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.SchemaIamMember(\"member\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.SchemaIamMember(\"member\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamMember(ctx, \"member\", \u0026pubsub.SchemaIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamMember;\nimport com.pulumi.gcp.pubsub.SchemaIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SchemaIamMember(\"member\", SchemaIamMemberArgs.builder()\n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:SchemaIamMember\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Pub/Sub Schema\nThree different resources help you manage your IAM policy for Cloud Pub/Sub Schema. Each of these resources serves a different use case:\n\n* `gcp.pubsub.SchemaIamPolicy`: Authoritative. Sets the IAM policy for the schema and replaces any existing policy already attached.\n* `gcp.pubsub.SchemaIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the schema are preserved.\n* `gcp.pubsub.SchemaIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the schema are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.SchemaIamPolicy`: Retrieves the IAM policy for the schema\n\n\u003e **Note:** `gcp.pubsub.SchemaIamPolicy` **cannot** be used in conjunction with `gcp.pubsub.SchemaIamBinding` and `gcp.pubsub.SchemaIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.SchemaIamBinding` resources **can be** used in conjunction with `gcp.pubsub.SchemaIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.pubsub.SchemaIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.SchemaIamPolicy(\"policy\", {\n project: example.project,\n schema: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.pubsub.SchemaIamPolicy(\"policy\",\n project=example[\"project\"],\n schema=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.SchemaIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSchemaIamPolicy(ctx, \"policy\", \u0026pubsub.SchemaIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicy;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SchemaIamPolicy(\"policy\", SchemaIamPolicyArgs.builder()\n .project(example.project())\n .schema(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:SchemaIamPolicy\n properties:\n project: ${example.project}\n schema: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SchemaIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.SchemaIamBinding(\"binding\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.SchemaIamBinding(\"binding\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.SchemaIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamBinding(ctx, \"binding\", \u0026pubsub.SchemaIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamBinding;\nimport com.pulumi.gcp.pubsub.SchemaIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SchemaIamBinding(\"binding\", SchemaIamBindingArgs.builder()\n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:SchemaIamBinding\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SchemaIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.SchemaIamMember(\"member\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.SchemaIamMember(\"member\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.SchemaIamMember(\"member\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamMember(ctx, \"member\", \u0026pubsub.SchemaIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamMember;\nimport com.pulumi.gcp.pubsub.SchemaIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SchemaIamMember(\"member\", SchemaIamMemberArgs.builder()\n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:SchemaIamMember\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/schemas/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Pub/Sub schema IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamPolicy:SchemaIamPolicy editor \"projects/{{project}}/schemas/{{schema}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamPolicy:SchemaIamPolicy editor \"projects/{{project}}/schemas/{{schema}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamPolicy:SchemaIamPolicy editor projects/{{project}}/schemas/{{schema}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Pub/Sub Schema. Each of these resources serves a different use case:\n\n* `gcp.pubsub.SchemaIamPolicy`: Authoritative. Sets the IAM policy for the schema and replaces any existing policy already attached.\n* `gcp.pubsub.SchemaIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the schema are preserved.\n* `gcp.pubsub.SchemaIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the schema are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.SchemaIamPolicy`: Retrieves the IAM policy for the schema\n\n\u003e **Note:** `gcp.pubsub.SchemaIamPolicy` **cannot** be used in conjunction with `gcp.pubsub.SchemaIamBinding` and `gcp.pubsub.SchemaIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.SchemaIamBinding` resources **can be** used in conjunction with `gcp.pubsub.SchemaIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.pubsub.SchemaIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.SchemaIamPolicy(\"policy\", {\n project: example.project,\n schema: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.pubsub.SchemaIamPolicy(\"policy\",\n project=example[\"project\"],\n schema=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.SchemaIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSchemaIamPolicy(ctx, \"policy\", \u0026pubsub.SchemaIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicy;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SchemaIamPolicy(\"policy\", SchemaIamPolicyArgs.builder()\n .project(example.project())\n .schema(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:SchemaIamPolicy\n properties:\n project: ${example.project}\n schema: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SchemaIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.SchemaIamBinding(\"binding\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.SchemaIamBinding(\"binding\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.SchemaIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamBinding(ctx, \"binding\", \u0026pubsub.SchemaIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamBinding;\nimport com.pulumi.gcp.pubsub.SchemaIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SchemaIamBinding(\"binding\", SchemaIamBindingArgs.builder()\n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:SchemaIamBinding\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SchemaIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.SchemaIamMember(\"member\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.SchemaIamMember(\"member\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.SchemaIamMember(\"member\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamMember(ctx, \"member\", \u0026pubsub.SchemaIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamMember;\nimport com.pulumi.gcp.pubsub.SchemaIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SchemaIamMember(\"member\", SchemaIamMemberArgs.builder()\n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:SchemaIamMember\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Pub/Sub Schema\nThree different resources help you manage your IAM policy for Cloud Pub/Sub Schema. Each of these resources serves a different use case:\n\n* `gcp.pubsub.SchemaIamPolicy`: Authoritative. Sets the IAM policy for the schema and replaces any existing policy already attached.\n* `gcp.pubsub.SchemaIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the schema are preserved.\n* `gcp.pubsub.SchemaIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the schema are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.SchemaIamPolicy`: Retrieves the IAM policy for the schema\n\n\u003e **Note:** `gcp.pubsub.SchemaIamPolicy` **cannot** be used in conjunction with `gcp.pubsub.SchemaIamBinding` and `gcp.pubsub.SchemaIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.SchemaIamBinding` resources **can be** used in conjunction with `gcp.pubsub.SchemaIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.pubsub.SchemaIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.SchemaIamPolicy(\"policy\", {\n project: example.project,\n schema: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.pubsub.SchemaIamPolicy(\"policy\",\n project=example[\"project\"],\n schema=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.SchemaIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSchemaIamPolicy(ctx, \"policy\", \u0026pubsub.SchemaIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicy;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SchemaIamPolicy(\"policy\", SchemaIamPolicyArgs.builder()\n .project(example.project())\n .schema(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:SchemaIamPolicy\n properties:\n project: ${example.project}\n schema: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SchemaIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.SchemaIamBinding(\"binding\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.SchemaIamBinding(\"binding\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.SchemaIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamBinding(ctx, \"binding\", \u0026pubsub.SchemaIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamBinding;\nimport com.pulumi.gcp.pubsub.SchemaIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SchemaIamBinding(\"binding\", SchemaIamBindingArgs.builder()\n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:SchemaIamBinding\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SchemaIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.SchemaIamMember(\"member\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.SchemaIamMember(\"member\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.SchemaIamMember(\"member\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamMember(ctx, \"member\", \u0026pubsub.SchemaIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamMember;\nimport com.pulumi.gcp.pubsub.SchemaIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SchemaIamMember(\"member\", SchemaIamMemberArgs.builder()\n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:SchemaIamMember\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/schemas/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Pub/Sub schema IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamPolicy:SchemaIamPolicy editor \"projects/{{project}}/schemas/{{schema}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamPolicy:SchemaIamPolicy editor \"projects/{{project}}/schemas/{{schema}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamPolicy:SchemaIamPolicy editor projects/{{project}}/schemas/{{schema}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -253329,7 +253329,7 @@ } }, "gcp:pubsub/subscription:Subscription": { - "description": "A named resource representing the stream of messages from a single,\nspecific topic, to be delivered to the subscribing application.\n\n\nTo get more information about Subscription, see:\n\n* [API documentation](https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.subscriptions)\n* How-to Guides\n * [Managing Subscriptions](https://cloud.google.com/pubsub/docs/admin#managing_subscriptions)\n\n\u003e **Note:** You can retrieve the email of the Google Managed Pub/Sub Service Account used for forwarding\nby using the `gcp.projects.ServiceIdentity` resource.\n\n## Example Usage\n\n### Pubsub Subscription Push\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.pubsub.Topic(\"example\", {name: \"example-topic\"});\nconst exampleSubscription = new gcp.pubsub.Subscription(\"example\", {\n name: \"example-subscription\",\n topic: example.id,\n ackDeadlineSeconds: 20,\n labels: {\n foo: \"bar\",\n },\n pushConfig: {\n pushEndpoint: \"https://example.com/push\",\n attributes: {\n \"x-goog-version\": \"v1\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.pubsub.Topic(\"example\", name=\"example-topic\")\nexample_subscription = gcp.pubsub.Subscription(\"example\",\n name=\"example-subscription\",\n topic=example.id,\n ack_deadline_seconds=20,\n labels={\n \"foo\": \"bar\",\n },\n push_config={\n \"push_endpoint\": \"https://example.com/push\",\n \"attributes\": {\n \"x-goog-version\": \"v1\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.PubSub.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n });\n\n var exampleSubscription = new Gcp.PubSub.Subscription(\"example\", new()\n {\n Name = \"example-subscription\",\n Topic = example.Id,\n AckDeadlineSeconds = 20,\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n PushConfig = new Gcp.PubSub.Inputs.SubscriptionPushConfigArgs\n {\n PushEndpoint = \"https://example.com/push\",\n Attributes = \n {\n { \"x-goog-version\", \"v1\" },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := pubsub.NewTopic(ctx, \"example\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscription(ctx, \"example\", \u0026pubsub.SubscriptionArgs{\n\t\t\tName: pulumi.String(\"example-subscription\"),\n\t\t\tTopic: example.ID(),\n\t\t\tAckDeadlineSeconds: pulumi.Int(20),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tPushConfig: \u0026pubsub.SubscriptionPushConfigArgs{\n\t\t\t\tPushEndpoint: pulumi.String(\"https://example.com/push\"),\n\t\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\t\"x-goog-version\": pulumi.String(\"v1\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.pubsub.Subscription;\nimport com.pulumi.gcp.pubsub.SubscriptionArgs;\nimport com.pulumi.gcp.pubsub.inputs.SubscriptionPushConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Topic(\"example\", TopicArgs.builder()\n .name(\"example-topic\")\n .build());\n\n var exampleSubscription = new Subscription(\"exampleSubscription\", SubscriptionArgs.builder()\n .name(\"example-subscription\")\n .topic(example.id())\n .ackDeadlineSeconds(20)\n .labels(Map.of(\"foo\", \"bar\"))\n .pushConfig(SubscriptionPushConfigArgs.builder()\n .pushEndpoint(\"https://example.com/push\")\n .attributes(Map.of(\"x-goog-version\", \"v1\"))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:Topic\n properties:\n name: example-topic\n exampleSubscription:\n type: gcp:pubsub:Subscription\n name: example\n properties:\n name: example-subscription\n topic: ${example.id}\n ackDeadlineSeconds: 20\n labels:\n foo: bar\n pushConfig:\n pushEndpoint: https://example.com/push\n attributes:\n x-goog-version: v1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Pubsub Subscription Pull\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.pubsub.Topic(\"example\", {name: \"example-topic\"});\nconst exampleSubscription = new gcp.pubsub.Subscription(\"example\", {\n name: \"example-subscription\",\n topic: example.id,\n labels: {\n foo: \"bar\",\n },\n messageRetentionDuration: \"1200s\",\n retainAckedMessages: true,\n ackDeadlineSeconds: 20,\n expirationPolicy: {\n ttl: \"300000.5s\",\n },\n retryPolicy: {\n minimumBackoff: \"10s\",\n },\n enableMessageOrdering: false,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.pubsub.Topic(\"example\", name=\"example-topic\")\nexample_subscription = gcp.pubsub.Subscription(\"example\",\n name=\"example-subscription\",\n topic=example.id,\n labels={\n \"foo\": \"bar\",\n },\n message_retention_duration=\"1200s\",\n retain_acked_messages=True,\n ack_deadline_seconds=20,\n expiration_policy={\n \"ttl\": \"300000.5s\",\n },\n retry_policy={\n \"minimum_backoff\": \"10s\",\n },\n enable_message_ordering=False)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.PubSub.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n });\n\n var exampleSubscription = new Gcp.PubSub.Subscription(\"example\", new()\n {\n Name = \"example-subscription\",\n Topic = example.Id,\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n MessageRetentionDuration = \"1200s\",\n RetainAckedMessages = true,\n AckDeadlineSeconds = 20,\n ExpirationPolicy = new Gcp.PubSub.Inputs.SubscriptionExpirationPolicyArgs\n {\n Ttl = \"300000.5s\",\n },\n RetryPolicy = new Gcp.PubSub.Inputs.SubscriptionRetryPolicyArgs\n {\n MinimumBackoff = \"10s\",\n },\n EnableMessageOrdering = false,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := pubsub.NewTopic(ctx, \"example\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscription(ctx, \"example\", \u0026pubsub.SubscriptionArgs{\n\t\t\tName: pulumi.String(\"example-subscription\"),\n\t\t\tTopic: example.ID(),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tMessageRetentionDuration: pulumi.String(\"1200s\"),\n\t\t\tRetainAckedMessages: pulumi.Bool(true),\n\t\t\tAckDeadlineSeconds: pulumi.Int(20),\n\t\t\tExpirationPolicy: \u0026pubsub.SubscriptionExpirationPolicyArgs{\n\t\t\t\tTtl: pulumi.String(\"300000.5s\"),\n\t\t\t},\n\t\t\tRetryPolicy: \u0026pubsub.SubscriptionRetryPolicyArgs{\n\t\t\t\tMinimumBackoff: pulumi.String(\"10s\"),\n\t\t\t},\n\t\t\tEnableMessageOrdering: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.pubsub.Subscription;\nimport com.pulumi.gcp.pubsub.SubscriptionArgs;\nimport com.pulumi.gcp.pubsub.inputs.SubscriptionExpirationPolicyArgs;\nimport com.pulumi.gcp.pubsub.inputs.SubscriptionRetryPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Topic(\"example\", TopicArgs.builder()\n .name(\"example-topic\")\n .build());\n\n var exampleSubscription = new Subscription(\"exampleSubscription\", SubscriptionArgs.builder()\n .name(\"example-subscription\")\n .topic(example.id())\n .labels(Map.of(\"foo\", \"bar\"))\n .messageRetentionDuration(\"1200s\")\n .retainAckedMessages(true)\n .ackDeadlineSeconds(20)\n .expirationPolicy(SubscriptionExpirationPolicyArgs.builder()\n .ttl(\"300000.5s\")\n .build())\n .retryPolicy(SubscriptionRetryPolicyArgs.builder()\n .minimumBackoff(\"10s\")\n .build())\n .enableMessageOrdering(false)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:Topic\n properties:\n name: example-topic\n exampleSubscription:\n type: gcp:pubsub:Subscription\n name: example\n properties:\n name: example-subscription\n topic: ${example.id}\n labels:\n foo: bar\n messageRetentionDuration: 1200s\n retainAckedMessages: true\n ackDeadlineSeconds: 20\n expirationPolicy:\n ttl: 300000.5s\n retryPolicy:\n minimumBackoff: 10s\n enableMessageOrdering: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Pubsub Subscription Pull Filter\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.pubsub.Topic(\"example\", {name: \"example-topic\"});\nconst exampleSubscription = new gcp.pubsub.Subscription(\"example\", {\n name: \"example-subscription\",\n topic: example.id,\n labels: {\n foo: \"bar\",\n },\n filter: ` attributes.foo = \"foo\"\n AND attributes.bar = \"bar\"\n`,\n ackDeadlineSeconds: 20,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.pubsub.Topic(\"example\", name=\"example-topic\")\nexample_subscription = gcp.pubsub.Subscription(\"example\",\n name=\"example-subscription\",\n topic=example.id,\n labels={\n \"foo\": \"bar\",\n },\n filter=\"\"\" attributes.foo = \"foo\"\n AND attributes.bar = \"bar\"\n\"\"\",\n ack_deadline_seconds=20)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.PubSub.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n });\n\n var exampleSubscription = new Gcp.PubSub.Subscription(\"example\", new()\n {\n Name = \"example-subscription\",\n Topic = example.Id,\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Filter = @\" attributes.foo = \"\"foo\"\"\n AND attributes.bar = \"\"bar\"\"\n\",\n AckDeadlineSeconds = 20,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := pubsub.NewTopic(ctx, \"example\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscription(ctx, \"example\", \u0026pubsub.SubscriptionArgs{\n\t\t\tName: pulumi.String(\"example-subscription\"),\n\t\t\tTopic: example.ID(),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tFilter: pulumi.String(\" attributes.foo = \\\"foo\\\"\\n AND attributes.bar = \\\"bar\\\"\\n\"),\n\t\t\tAckDeadlineSeconds: pulumi.Int(20),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.pubsub.Subscription;\nimport com.pulumi.gcp.pubsub.SubscriptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Topic(\"example\", TopicArgs.builder()\n .name(\"example-topic\")\n .build());\n\n var exampleSubscription = new Subscription(\"exampleSubscription\", SubscriptionArgs.builder()\n .name(\"example-subscription\")\n .topic(example.id())\n .labels(Map.of(\"foo\", \"bar\"))\n .filter(\"\"\"\n attributes.foo = \"foo\"\n AND attributes.bar = \"bar\"\n \"\"\")\n .ackDeadlineSeconds(20)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:Topic\n properties:\n name: example-topic\n exampleSubscription:\n type: gcp:pubsub:Subscription\n name: example\n properties:\n name: example-subscription\n topic: ${example.id}\n labels:\n foo: bar\n filter: |2\n attributes.foo = \"foo\"\n AND attributes.bar = \"bar\"\n ackDeadlineSeconds: 20\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Pubsub Subscription Dead Letter\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.pubsub.Topic(\"example\", {name: \"example-topic\"});\nconst exampleDeadLetter = new gcp.pubsub.Topic(\"example_dead_letter\", {name: \"example-topic-dead-letter\"});\nconst exampleSubscription = new gcp.pubsub.Subscription(\"example\", {\n name: \"example-subscription\",\n topic: example.id,\n deadLetterPolicy: {\n deadLetterTopic: exampleDeadLetter.id,\n maxDeliveryAttempts: 10,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.pubsub.Topic(\"example\", name=\"example-topic\")\nexample_dead_letter = gcp.pubsub.Topic(\"example_dead_letter\", name=\"example-topic-dead-letter\")\nexample_subscription = gcp.pubsub.Subscription(\"example\",\n name=\"example-subscription\",\n topic=example.id,\n dead_letter_policy={\n \"dead_letter_topic\": example_dead_letter.id,\n \"max_delivery_attempts\": 10,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.PubSub.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n });\n\n var exampleDeadLetter = new Gcp.PubSub.Topic(\"example_dead_letter\", new()\n {\n Name = \"example-topic-dead-letter\",\n });\n\n var exampleSubscription = new Gcp.PubSub.Subscription(\"example\", new()\n {\n Name = \"example-subscription\",\n Topic = example.Id,\n DeadLetterPolicy = new Gcp.PubSub.Inputs.SubscriptionDeadLetterPolicyArgs\n {\n DeadLetterTopic = exampleDeadLetter.Id,\n MaxDeliveryAttempts = 10,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := pubsub.NewTopic(ctx, \"example\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDeadLetter, err := pubsub.NewTopic(ctx, \"example_dead_letter\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic-dead-letter\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscription(ctx, \"example\", \u0026pubsub.SubscriptionArgs{\n\t\t\tName: pulumi.String(\"example-subscription\"),\n\t\t\tTopic: example.ID(),\n\t\t\tDeadLetterPolicy: \u0026pubsub.SubscriptionDeadLetterPolicyArgs{\n\t\t\t\tDeadLetterTopic: exampleDeadLetter.ID(),\n\t\t\t\tMaxDeliveryAttempts: pulumi.Int(10),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.pubsub.Subscription;\nimport com.pulumi.gcp.pubsub.SubscriptionArgs;\nimport com.pulumi.gcp.pubsub.inputs.SubscriptionDeadLetterPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Topic(\"example\", TopicArgs.builder()\n .name(\"example-topic\")\n .build());\n\n var exampleDeadLetter = new Topic(\"exampleDeadLetter\", TopicArgs.builder()\n .name(\"example-topic-dead-letter\")\n .build());\n\n var exampleSubscription = new Subscription(\"exampleSubscription\", SubscriptionArgs.builder()\n .name(\"example-subscription\")\n .topic(example.id())\n .deadLetterPolicy(SubscriptionDeadLetterPolicyArgs.builder()\n .deadLetterTopic(exampleDeadLetter.id())\n .maxDeliveryAttempts(10)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:Topic\n properties:\n name: example-topic\n exampleDeadLetter:\n type: gcp:pubsub:Topic\n name: example_dead_letter\n properties:\n name: example-topic-dead-letter\n exampleSubscription:\n type: gcp:pubsub:Subscription\n name: example\n properties:\n name: example-subscription\n topic: ${example.id}\n deadLetterPolicy:\n deadLetterTopic: ${exampleDeadLetter.id}\n maxDeliveryAttempts: 10\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Pubsub Subscription Push Bq\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.pubsub.Topic(\"example\", {name: \"example-topic\"});\nconst test = new gcp.bigquery.Dataset(\"test\", {datasetId: \"example_dataset\"});\nconst testTable = new gcp.bigquery.Table(\"test\", {\n tableId: \"example_table\",\n datasetId: test.datasetId,\n schema: `[\n {\n \"name\": \"data\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The data\"\n }\n]\n`,\n deletionProtection: false,\n});\nconst exampleSubscription = new gcp.pubsub.Subscription(\"example\", {\n name: \"example-subscription\",\n topic: example.id,\n bigqueryConfig: {\n table: pulumi.interpolate`${testTable.project}.${testTable.datasetId}.${testTable.tableId}`,\n },\n});\nconst project = gcp.organizations.getProject({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.pubsub.Topic(\"example\", name=\"example-topic\")\ntest = gcp.bigquery.Dataset(\"test\", dataset_id=\"example_dataset\")\ntest_table = gcp.bigquery.Table(\"test\",\n table_id=\"example_table\",\n dataset_id=test.dataset_id,\n schema=\"\"\"[\n {\n \"name\": \"data\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The data\"\n }\n]\n\"\"\",\n deletion_protection=False)\nexample_subscription = gcp.pubsub.Subscription(\"example\",\n name=\"example-subscription\",\n topic=example.id,\n bigquery_config={\n \"table\": pulumi.Output.all(\n project=test_table.project,\n dataset_id=test_table.dataset_id,\n table_id=test_table.table_id\n).apply(lambda resolved_outputs: f\"{resolved_outputs['project']}.{resolved_outputs['dataset_id']}.{resolved_outputs['table_id']}\")\n,\n })\nproject = gcp.organizations.get_project()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.PubSub.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n });\n\n var test = new Gcp.BigQuery.Dataset(\"test\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var testTable = new Gcp.BigQuery.Table(\"test\", new()\n {\n TableId = \"example_table\",\n DatasetId = test.DatasetId,\n Schema = @\"[\n {\n \"\"name\"\": \"\"data\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"mode\"\": \"\"NULLABLE\"\",\n \"\"description\"\": \"\"The data\"\"\n }\n]\n\",\n DeletionProtection = false,\n });\n\n var exampleSubscription = new Gcp.PubSub.Subscription(\"example\", new()\n {\n Name = \"example-subscription\",\n Topic = example.Id,\n BigqueryConfig = new Gcp.PubSub.Inputs.SubscriptionBigqueryConfigArgs\n {\n Table = Output.Tuple(testTable.Project, testTable.DatasetId, testTable.TableId).Apply(values =\u003e\n {\n var project = values.Item1;\n var datasetId = values.Item2;\n var tableId = values.Item3;\n return $\"{project}.{datasetId}.{tableId}\";\n }),\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := pubsub.NewTopic(ctx, \"example\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := bigquery.NewDataset(ctx, \"test\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestTable, err := bigquery.NewTable(ctx, \"test\", \u0026bigquery.TableArgs{\n\t\t\tTableId: pulumi.String(\"example_table\"),\n\t\t\tDatasetId: test.DatasetId,\n\t\t\tSchema: pulumi.String(`[\n {\n \"name\": \"data\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The data\"\n }\n]\n`),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscription(ctx, \"example\", \u0026pubsub.SubscriptionArgs{\n\t\t\tName: pulumi.String(\"example-subscription\"),\n\t\t\tTopic: example.ID(),\n\t\t\tBigqueryConfig: \u0026pubsub.SubscriptionBigqueryConfigArgs{\n\t\t\t\tTable: pulumi.All(testTable.Project, testTable.DatasetId, testTable.TableId).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\tproject := _args[0].(string)\n\t\t\t\t\tdatasetId := _args[1].(string)\n\t\t\t\t\ttableId := _args[2].(string)\n\t\t\t\t\treturn fmt.Sprintf(\"%v.%v.%v\", project, datasetId, tableId), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Table;\nimport com.pulumi.gcp.bigquery.TableArgs;\nimport com.pulumi.gcp.pubsub.Subscription;\nimport com.pulumi.gcp.pubsub.SubscriptionArgs;\nimport com.pulumi.gcp.pubsub.inputs.SubscriptionBigqueryConfigArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Topic(\"example\", TopicArgs.builder()\n .name(\"example-topic\")\n .build());\n\n var test = new Dataset(\"test\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var testTable = new Table(\"testTable\", TableArgs.builder()\n .tableId(\"example_table\")\n .datasetId(test.datasetId())\n .schema(\"\"\"\n[\n {\n \"name\": \"data\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The data\"\n }\n]\n \"\"\")\n .deletionProtection(false)\n .build());\n\n var exampleSubscription = new Subscription(\"exampleSubscription\", SubscriptionArgs.builder()\n .name(\"example-subscription\")\n .topic(example.id())\n .bigqueryConfig(SubscriptionBigqueryConfigArgs.builder()\n .table(Output.tuple(testTable.project(), testTable.datasetId(), testTable.tableId()).applyValue(values -\u003e {\n var project = values.t1;\n var datasetId = values.t2;\n var tableId = values.t3;\n return String.format(\"%s.%s.%s\", project,datasetId,tableId);\n }))\n .build())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:Topic\n properties:\n name: example-topic\n exampleSubscription:\n type: gcp:pubsub:Subscription\n name: example\n properties:\n name: example-subscription\n topic: ${example.id}\n bigqueryConfig:\n table: ${testTable.project}.${testTable.datasetId}.${testTable.tableId}\n test:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n testTable:\n type: gcp:bigquery:Table\n name: test\n properties:\n tableId: example_table\n datasetId: ${test.datasetId}\n schema: |\n [\n {\n \"name\": \"data\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The data\"\n }\n ]\n deletionProtection: false\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Pubsub Subscription Push Bq Table Schema\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.pubsub.Topic(\"example\", {name: \"example-topic\"});\nconst test = new gcp.bigquery.Dataset(\"test\", {datasetId: \"example_dataset\"});\nconst testTable = new gcp.bigquery.Table(\"test\", {\n tableId: \"example_table\",\n datasetId: test.datasetId,\n schema: `[\n {\n \"name\": \"data\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The data\"\n }\n]\n`,\n deletionProtection: false,\n});\nconst exampleSubscription = new gcp.pubsub.Subscription(\"example\", {\n name: \"example-subscription\",\n topic: example.id,\n bigqueryConfig: {\n table: pulumi.interpolate`${testTable.project}.${testTable.datasetId}.${testTable.tableId}`,\n useTableSchema: true,\n },\n});\nconst project = gcp.organizations.getProject({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.pubsub.Topic(\"example\", name=\"example-topic\")\ntest = gcp.bigquery.Dataset(\"test\", dataset_id=\"example_dataset\")\ntest_table = gcp.bigquery.Table(\"test\",\n table_id=\"example_table\",\n dataset_id=test.dataset_id,\n schema=\"\"\"[\n {\n \"name\": \"data\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The data\"\n }\n]\n\"\"\",\n deletion_protection=False)\nexample_subscription = gcp.pubsub.Subscription(\"example\",\n name=\"example-subscription\",\n topic=example.id,\n bigquery_config={\n \"table\": pulumi.Output.all(\n project=test_table.project,\n dataset_id=test_table.dataset_id,\n table_id=test_table.table_id\n).apply(lambda resolved_outputs: f\"{resolved_outputs['project']}.{resolved_outputs['dataset_id']}.{resolved_outputs['table_id']}\")\n,\n \"use_table_schema\": True,\n })\nproject = gcp.organizations.get_project()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.PubSub.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n });\n\n var test = new Gcp.BigQuery.Dataset(\"test\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var testTable = new Gcp.BigQuery.Table(\"test\", new()\n {\n TableId = \"example_table\",\n DatasetId = test.DatasetId,\n Schema = @\"[\n {\n \"\"name\"\": \"\"data\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"mode\"\": \"\"NULLABLE\"\",\n \"\"description\"\": \"\"The data\"\"\n }\n]\n\",\n DeletionProtection = false,\n });\n\n var exampleSubscription = new Gcp.PubSub.Subscription(\"example\", new()\n {\n Name = \"example-subscription\",\n Topic = example.Id,\n BigqueryConfig = new Gcp.PubSub.Inputs.SubscriptionBigqueryConfigArgs\n {\n Table = Output.Tuple(testTable.Project, testTable.DatasetId, testTable.TableId).Apply(values =\u003e\n {\n var project = values.Item1;\n var datasetId = values.Item2;\n var tableId = values.Item3;\n return $\"{project}.{datasetId}.{tableId}\";\n }),\n UseTableSchema = true,\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := pubsub.NewTopic(ctx, \"example\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := bigquery.NewDataset(ctx, \"test\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestTable, err := bigquery.NewTable(ctx, \"test\", \u0026bigquery.TableArgs{\n\t\t\tTableId: pulumi.String(\"example_table\"),\n\t\t\tDatasetId: test.DatasetId,\n\t\t\tSchema: pulumi.String(`[\n {\n \"name\": \"data\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The data\"\n }\n]\n`),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscription(ctx, \"example\", \u0026pubsub.SubscriptionArgs{\n\t\t\tName: pulumi.String(\"example-subscription\"),\n\t\t\tTopic: example.ID(),\n\t\t\tBigqueryConfig: \u0026pubsub.SubscriptionBigqueryConfigArgs{\n\t\t\t\tTable: pulumi.All(testTable.Project, testTable.DatasetId, testTable.TableId).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\tproject := _args[0].(string)\n\t\t\t\t\tdatasetId := _args[1].(string)\n\t\t\t\t\ttableId := _args[2].(string)\n\t\t\t\t\treturn fmt.Sprintf(\"%v.%v.%v\", project, datasetId, tableId), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\tUseTableSchema: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Table;\nimport com.pulumi.gcp.bigquery.TableArgs;\nimport com.pulumi.gcp.pubsub.Subscription;\nimport com.pulumi.gcp.pubsub.SubscriptionArgs;\nimport com.pulumi.gcp.pubsub.inputs.SubscriptionBigqueryConfigArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Topic(\"example\", TopicArgs.builder()\n .name(\"example-topic\")\n .build());\n\n var test = new Dataset(\"test\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var testTable = new Table(\"testTable\", TableArgs.builder()\n .tableId(\"example_table\")\n .datasetId(test.datasetId())\n .schema(\"\"\"\n[\n {\n \"name\": \"data\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The data\"\n }\n]\n \"\"\")\n .deletionProtection(false)\n .build());\n\n var exampleSubscription = new Subscription(\"exampleSubscription\", SubscriptionArgs.builder()\n .name(\"example-subscription\")\n .topic(example.id())\n .bigqueryConfig(SubscriptionBigqueryConfigArgs.builder()\n .table(Output.tuple(testTable.project(), testTable.datasetId(), testTable.tableId()).applyValue(values -\u003e {\n var project = values.t1;\n var datasetId = values.t2;\n var tableId = values.t3;\n return String.format(\"%s.%s.%s\", project,datasetId,tableId);\n }))\n .useTableSchema(true)\n .build())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:Topic\n properties:\n name: example-topic\n exampleSubscription:\n type: gcp:pubsub:Subscription\n name: example\n properties:\n name: example-subscription\n topic: ${example.id}\n bigqueryConfig:\n table: ${testTable.project}.${testTable.datasetId}.${testTable.tableId}\n useTableSchema: true\n test:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n testTable:\n type: gcp:bigquery:Table\n name: test\n properties:\n tableId: example_table\n datasetId: ${test.datasetId}\n schema: |\n [\n {\n \"name\": \"data\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The data\"\n }\n ]\n deletionProtection: false\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Pubsub Subscription Push Bq Service Account\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.pubsub.Topic(\"example\", {name: \"example-topic\"});\nconst bqWriteServiceAccount = new gcp.serviceaccount.Account(\"bq_write_service_account\", {\n accountId: \"example-bqw\",\n displayName: \"BQ Write Service Account\",\n});\nconst project = gcp.organizations.getProject({});\nconst bigqueryMetadataViewer = new gcp.projects.IAMMember(\"bigquery_metadata_viewer\", {\n project: project.then(project =\u003e project.projectId),\n role: \"roles/bigquery.metadataViewer\",\n member: pulumi.interpolate`serviceAccount:${bqWriteServiceAccount.email}`,\n});\nconst bigqueryDataEditor = new gcp.projects.IAMMember(\"bigquery_data_editor\", {\n project: project.then(project =\u003e project.projectId),\n role: \"roles/bigquery.dataEditor\",\n member: pulumi.interpolate`serviceAccount:${bqWriteServiceAccount.email}`,\n});\nconst test = new gcp.bigquery.Dataset(\"test\", {datasetId: \"example_dataset\"});\nconst testTable = new gcp.bigquery.Table(\"test\", {\n deletionProtection: false,\n tableId: \"example_table\",\n datasetId: test.datasetId,\n schema: `[\n {\n \"name\": \"data\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The data\"\n }\n]\n`,\n});\nconst exampleSubscription = new gcp.pubsub.Subscription(\"example\", {\n name: \"example-subscription\",\n topic: example.id,\n bigqueryConfig: {\n table: pulumi.interpolate`${testTable.project}.${testTable.datasetId}.${testTable.tableId}`,\n serviceAccountEmail: bqWriteServiceAccount.email,\n },\n}, {\n dependsOn: [\n bqWriteServiceAccount,\n bigqueryMetadataViewer,\n bigqueryDataEditor,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.pubsub.Topic(\"example\", name=\"example-topic\")\nbq_write_service_account = gcp.serviceaccount.Account(\"bq_write_service_account\",\n account_id=\"example-bqw\",\n display_name=\"BQ Write Service Account\")\nproject = gcp.organizations.get_project()\nbigquery_metadata_viewer = gcp.projects.IAMMember(\"bigquery_metadata_viewer\",\n project=project.project_id,\n role=\"roles/bigquery.metadataViewer\",\n member=bq_write_service_account.email.apply(lambda email: f\"serviceAccount:{email}\"))\nbigquery_data_editor = gcp.projects.IAMMember(\"bigquery_data_editor\",\n project=project.project_id,\n role=\"roles/bigquery.dataEditor\",\n member=bq_write_service_account.email.apply(lambda email: f\"serviceAccount:{email}\"))\ntest = gcp.bigquery.Dataset(\"test\", dataset_id=\"example_dataset\")\ntest_table = gcp.bigquery.Table(\"test\",\n deletion_protection=False,\n table_id=\"example_table\",\n dataset_id=test.dataset_id,\n schema=\"\"\"[\n {\n \"name\": \"data\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The data\"\n }\n]\n\"\"\")\nexample_subscription = gcp.pubsub.Subscription(\"example\",\n name=\"example-subscription\",\n topic=example.id,\n bigquery_config={\n \"table\": pulumi.Output.all(\n project=test_table.project,\n dataset_id=test_table.dataset_id,\n table_id=test_table.table_id\n).apply(lambda resolved_outputs: f\"{resolved_outputs['project']}.{resolved_outputs['dataset_id']}.{resolved_outputs['table_id']}\")\n,\n \"service_account_email\": bq_write_service_account.email,\n },\n opts = pulumi.ResourceOptions(depends_on=[\n bq_write_service_account,\n bigquery_metadata_viewer,\n bigquery_data_editor,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.PubSub.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n });\n\n var bqWriteServiceAccount = new Gcp.ServiceAccount.Account(\"bq_write_service_account\", new()\n {\n AccountId = \"example-bqw\",\n DisplayName = \"BQ Write Service Account\",\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var bigqueryMetadataViewer = new Gcp.Projects.IAMMember(\"bigquery_metadata_viewer\", new()\n {\n Project = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n Role = \"roles/bigquery.metadataViewer\",\n Member = bqWriteServiceAccount.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n var bigqueryDataEditor = new Gcp.Projects.IAMMember(\"bigquery_data_editor\", new()\n {\n Project = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n Role = \"roles/bigquery.dataEditor\",\n Member = bqWriteServiceAccount.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n var test = new Gcp.BigQuery.Dataset(\"test\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var testTable = new Gcp.BigQuery.Table(\"test\", new()\n {\n DeletionProtection = false,\n TableId = \"example_table\",\n DatasetId = test.DatasetId,\n Schema = @\"[\n {\n \"\"name\"\": \"\"data\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"mode\"\": \"\"NULLABLE\"\",\n \"\"description\"\": \"\"The data\"\"\n }\n]\n\",\n });\n\n var exampleSubscription = new Gcp.PubSub.Subscription(\"example\", new()\n {\n Name = \"example-subscription\",\n Topic = example.Id,\n BigqueryConfig = new Gcp.PubSub.Inputs.SubscriptionBigqueryConfigArgs\n {\n Table = Output.Tuple(testTable.Project, testTable.DatasetId, testTable.TableId).Apply(values =\u003e\n {\n var project = values.Item1;\n var datasetId = values.Item2;\n var tableId = values.Item3;\n return $\"{project}.{datasetId}.{tableId}\";\n }),\n ServiceAccountEmail = bqWriteServiceAccount.Email,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n bqWriteServiceAccount,\n bigqueryMetadataViewer,\n bigqueryDataEditor,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := pubsub.NewTopic(ctx, \"example\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbqWriteServiceAccount, err := serviceaccount.NewAccount(ctx, \"bq_write_service_account\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"example-bqw\"),\n\t\t\tDisplayName: pulumi.String(\"BQ Write Service Account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbigqueryMetadataViewer, err := projects.NewIAMMember(ctx, \"bigquery_metadata_viewer\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(project.ProjectId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.metadataViewer\"),\n\t\t\tMember: bqWriteServiceAccount.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbigqueryDataEditor, err := projects.NewIAMMember(ctx, \"bigquery_data_editor\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(project.ProjectId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataEditor\"),\n\t\t\tMember: bqWriteServiceAccount.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := bigquery.NewDataset(ctx, \"test\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestTable, err := bigquery.NewTable(ctx, \"test\", \u0026bigquery.TableArgs{\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tTableId: pulumi.String(\"example_table\"),\n\t\t\tDatasetId: test.DatasetId,\n\t\t\tSchema: pulumi.String(`[\n {\n \"name\": \"data\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The data\"\n }\n]\n`),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscription(ctx, \"example\", \u0026pubsub.SubscriptionArgs{\n\t\t\tName: pulumi.String(\"example-subscription\"),\n\t\t\tTopic: example.ID(),\n\t\t\tBigqueryConfig: \u0026pubsub.SubscriptionBigqueryConfigArgs{\n\t\t\t\tTable: pulumi.All(testTable.Project, testTable.DatasetId, testTable.TableId).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\tproject := _args[0].(string)\n\t\t\t\t\tdatasetId := _args[1].(string)\n\t\t\t\t\ttableId := _args[2].(string)\n\t\t\t\t\treturn fmt.Sprintf(\"%v.%v.%v\", project, datasetId, tableId), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\tServiceAccountEmail: bqWriteServiceAccount.Email,\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tbqWriteServiceAccount,\n\t\t\tbigqueryMetadataViewer,\n\t\t\tbigqueryDataEditor,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Table;\nimport com.pulumi.gcp.bigquery.TableArgs;\nimport com.pulumi.gcp.pubsub.Subscription;\nimport com.pulumi.gcp.pubsub.SubscriptionArgs;\nimport com.pulumi.gcp.pubsub.inputs.SubscriptionBigqueryConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Topic(\"example\", TopicArgs.builder()\n .name(\"example-topic\")\n .build());\n\n var bqWriteServiceAccount = new Account(\"bqWriteServiceAccount\", AccountArgs.builder()\n .accountId(\"example-bqw\")\n .displayName(\"BQ Write Service Account\")\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var bigqueryMetadataViewer = new IAMMember(\"bigqueryMetadataViewer\", IAMMemberArgs.builder()\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .role(\"roles/bigquery.metadataViewer\")\n .member(bqWriteServiceAccount.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n var bigqueryDataEditor = new IAMMember(\"bigqueryDataEditor\", IAMMemberArgs.builder()\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .role(\"roles/bigquery.dataEditor\")\n .member(bqWriteServiceAccount.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n var test = new Dataset(\"test\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var testTable = new Table(\"testTable\", TableArgs.builder()\n .deletionProtection(false)\n .tableId(\"example_table\")\n .datasetId(test.datasetId())\n .schema(\"\"\"\n[\n {\n \"name\": \"data\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The data\"\n }\n]\n \"\"\")\n .build());\n\n var exampleSubscription = new Subscription(\"exampleSubscription\", SubscriptionArgs.builder()\n .name(\"example-subscription\")\n .topic(example.id())\n .bigqueryConfig(SubscriptionBigqueryConfigArgs.builder()\n .table(Output.tuple(testTable.project(), testTable.datasetId(), testTable.tableId()).applyValue(values -\u003e {\n var project = values.t1;\n var datasetId = values.t2;\n var tableId = values.t3;\n return String.format(\"%s.%s.%s\", project.applyValue(getProjectResult -\u003e getProjectResult),datasetId,tableId);\n }))\n .serviceAccountEmail(bqWriteServiceAccount.email())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n bqWriteServiceAccount,\n bigqueryMetadataViewer,\n bigqueryDataEditor)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:Topic\n properties:\n name: example-topic\n exampleSubscription:\n type: gcp:pubsub:Subscription\n name: example\n properties:\n name: example-subscription\n topic: ${example.id}\n bigqueryConfig:\n table: ${testTable.project}.${testTable.datasetId}.${testTable.tableId}\n serviceAccountEmail: ${bqWriteServiceAccount.email}\n options:\n dependson:\n - ${bqWriteServiceAccount}\n - ${bigqueryMetadataViewer}\n - ${bigqueryDataEditor}\n bqWriteServiceAccount:\n type: gcp:serviceaccount:Account\n name: bq_write_service_account\n properties:\n accountId: example-bqw\n displayName: BQ Write Service Account\n bigqueryMetadataViewer:\n type: gcp:projects:IAMMember\n name: bigquery_metadata_viewer\n properties:\n project: ${project.projectId}\n role: roles/bigquery.metadataViewer\n member: serviceAccount:${bqWriteServiceAccount.email}\n bigqueryDataEditor:\n type: gcp:projects:IAMMember\n name: bigquery_data_editor\n properties:\n project: ${project.projectId}\n role: roles/bigquery.dataEditor\n member: serviceAccount:${bqWriteServiceAccount.email}\n test:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n testTable:\n type: gcp:bigquery:Table\n name: test\n properties:\n deletionProtection: false\n tableId: example_table\n datasetId: ${test.datasetId}\n schema: |\n [\n {\n \"name\": \"data\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The data\"\n }\n ]\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Pubsub Subscription Push Cloudstorage\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.storage.Bucket(\"example\", {\n name: \"example-bucket\",\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst exampleTopic = new gcp.pubsub.Topic(\"example\", {name: \"example-topic\"});\nconst project = gcp.organizations.getProject({});\nconst admin = new gcp.storage.BucketIAMMember(\"admin\", {\n bucket: example.name,\n role: \"roles/storage.admin\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-pubsub.iam.gserviceaccount.com`),\n});\nconst exampleSubscription = new gcp.pubsub.Subscription(\"example\", {\n name: \"example-subscription\",\n topic: exampleTopic.id,\n cloudStorageConfig: {\n bucket: example.name,\n filenamePrefix: \"pre-\",\n filenameSuffix: \"-_40289\",\n filenameDatetimeFormat: \"YYYY-MM-DD/hh_mm_ssZ\",\n maxBytes: 1000,\n maxDuration: \"300s\",\n maxMessages: 1000,\n },\n}, {\n dependsOn: [\n example,\n admin,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.storage.Bucket(\"example\",\n name=\"example-bucket\",\n location=\"US\",\n uniform_bucket_level_access=True)\nexample_topic = gcp.pubsub.Topic(\"example\", name=\"example-topic\")\nproject = gcp.organizations.get_project()\nadmin = gcp.storage.BucketIAMMember(\"admin\",\n bucket=example.name,\n role=\"roles/storage.admin\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-pubsub.iam.gserviceaccount.com\")\nexample_subscription = gcp.pubsub.Subscription(\"example\",\n name=\"example-subscription\",\n topic=example_topic.id,\n cloud_storage_config={\n \"bucket\": example.name,\n \"filename_prefix\": \"pre-\",\n \"filename_suffix\": \"-_40289\",\n \"filename_datetime_format\": \"YYYY-MM-DD/hh_mm_ssZ\",\n \"max_bytes\": 1000,\n \"max_duration\": \"300s\",\n \"max_messages\": 1000,\n },\n opts = pulumi.ResourceOptions(depends_on=[\n example,\n admin,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.Storage.Bucket(\"example\", new()\n {\n Name = \"example-bucket\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var exampleTopic = new Gcp.PubSub.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var admin = new Gcp.Storage.BucketIAMMember(\"admin\", new()\n {\n Bucket = example.Name,\n Role = \"roles/storage.admin\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-pubsub.iam.gserviceaccount.com\",\n });\n\n var exampleSubscription = new Gcp.PubSub.Subscription(\"example\", new()\n {\n Name = \"example-subscription\",\n Topic = exampleTopic.Id,\n CloudStorageConfig = new Gcp.PubSub.Inputs.SubscriptionCloudStorageConfigArgs\n {\n Bucket = example.Name,\n FilenamePrefix = \"pre-\",\n FilenameSuffix = \"-_40289\",\n FilenameDatetimeFormat = \"YYYY-MM-DD/hh_mm_ssZ\",\n MaxBytes = 1000,\n MaxDuration = \"300s\",\n MaxMessages = 1000,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n example,\n admin,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := storage.NewBucket(ctx, \"example\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"example-bucket\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleTopic, err := pubsub.NewTopic(ctx, \"example\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := storage.NewBucketIAMMember(ctx, \"admin\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: example.Name,\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-pubsub.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscription(ctx, \"example\", \u0026pubsub.SubscriptionArgs{\n\t\t\tName: pulumi.String(\"example-subscription\"),\n\t\t\tTopic: exampleTopic.ID(),\n\t\t\tCloudStorageConfig: \u0026pubsub.SubscriptionCloudStorageConfigArgs{\n\t\t\t\tBucket: example.Name,\n\t\t\t\tFilenamePrefix: pulumi.String(\"pre-\"),\n\t\t\t\tFilenameSuffix: pulumi.String(\"-_40289\"),\n\t\t\t\tFilenameDatetimeFormat: pulumi.String(\"YYYY-MM-DD/hh_mm_ssZ\"),\n\t\t\t\tMaxBytes: pulumi.Int(1000),\n\t\t\t\tMaxDuration: pulumi.String(\"300s\"),\n\t\t\t\tMaxMessages: pulumi.Int(1000),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texample,\n\t\t\tadmin,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.gcp.pubsub.Subscription;\nimport com.pulumi.gcp.pubsub.SubscriptionArgs;\nimport com.pulumi.gcp.pubsub.inputs.SubscriptionCloudStorageConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Bucket(\"example\", BucketArgs.builder()\n .name(\"example-bucket\")\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var exampleTopic = new Topic(\"exampleTopic\", TopicArgs.builder()\n .name(\"example-topic\")\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var admin = new BucketIAMMember(\"admin\", BucketIAMMemberArgs.builder()\n .bucket(example.name())\n .role(\"roles/storage.admin\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-pubsub.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var exampleSubscription = new Subscription(\"exampleSubscription\", SubscriptionArgs.builder()\n .name(\"example-subscription\")\n .topic(exampleTopic.id())\n .cloudStorageConfig(SubscriptionCloudStorageConfigArgs.builder()\n .bucket(example.name())\n .filenamePrefix(\"pre-\")\n .filenameSuffix(\"-_40289\")\n .filenameDatetimeFormat(\"YYYY-MM-DD/hh_mm_ssZ\")\n .maxBytes(1000)\n .maxDuration(\"300s\")\n .maxMessages(1000)\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n example,\n admin)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:storage:Bucket\n properties:\n name: example-bucket\n location: US\n uniformBucketLevelAccess: true\n exampleTopic:\n type: gcp:pubsub:Topic\n name: example\n properties:\n name: example-topic\n exampleSubscription:\n type: gcp:pubsub:Subscription\n name: example\n properties:\n name: example-subscription\n topic: ${exampleTopic.id}\n cloudStorageConfig:\n bucket: ${example.name}\n filenamePrefix: pre-\n filenameSuffix: -_40289\n filenameDatetimeFormat: YYYY-MM-DD/hh_mm_ssZ\n maxBytes: 1000\n maxDuration: 300s\n maxMessages: 1000\n options:\n dependson:\n - ${example}\n - ${admin}\n admin:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${example.name}\n role: roles/storage.admin\n member: serviceAccount:service-${project.number}@gcp-sa-pubsub.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Pubsub Subscription Push Cloudstorage Avro\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.storage.Bucket(\"example\", {\n name: \"example-bucket\",\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst exampleTopic = new gcp.pubsub.Topic(\"example\", {name: \"example-topic\"});\nconst project = gcp.organizations.getProject({});\nconst admin = new gcp.storage.BucketIAMMember(\"admin\", {\n bucket: example.name,\n role: \"roles/storage.admin\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-pubsub.iam.gserviceaccount.com`),\n});\nconst exampleSubscription = new gcp.pubsub.Subscription(\"example\", {\n name: \"example-subscription\",\n topic: exampleTopic.id,\n cloudStorageConfig: {\n bucket: example.name,\n filenamePrefix: \"pre-\",\n filenameSuffix: \"-_33395\",\n filenameDatetimeFormat: \"YYYY-MM-DD/hh_mm_ssZ\",\n maxBytes: 1000,\n maxDuration: \"300s\",\n maxMessages: 1000,\n avroConfig: {\n writeMetadata: true,\n useTopicSchema: true,\n },\n },\n}, {\n dependsOn: [\n example,\n admin,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.storage.Bucket(\"example\",\n name=\"example-bucket\",\n location=\"US\",\n uniform_bucket_level_access=True)\nexample_topic = gcp.pubsub.Topic(\"example\", name=\"example-topic\")\nproject = gcp.organizations.get_project()\nadmin = gcp.storage.BucketIAMMember(\"admin\",\n bucket=example.name,\n role=\"roles/storage.admin\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-pubsub.iam.gserviceaccount.com\")\nexample_subscription = gcp.pubsub.Subscription(\"example\",\n name=\"example-subscription\",\n topic=example_topic.id,\n cloud_storage_config={\n \"bucket\": example.name,\n \"filename_prefix\": \"pre-\",\n \"filename_suffix\": \"-_33395\",\n \"filename_datetime_format\": \"YYYY-MM-DD/hh_mm_ssZ\",\n \"max_bytes\": 1000,\n \"max_duration\": \"300s\",\n \"max_messages\": 1000,\n \"avro_config\": {\n \"write_metadata\": True,\n \"use_topic_schema\": True,\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[\n example,\n admin,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.Storage.Bucket(\"example\", new()\n {\n Name = \"example-bucket\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var exampleTopic = new Gcp.PubSub.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var admin = new Gcp.Storage.BucketIAMMember(\"admin\", new()\n {\n Bucket = example.Name,\n Role = \"roles/storage.admin\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-pubsub.iam.gserviceaccount.com\",\n });\n\n var exampleSubscription = new Gcp.PubSub.Subscription(\"example\", new()\n {\n Name = \"example-subscription\",\n Topic = exampleTopic.Id,\n CloudStorageConfig = new Gcp.PubSub.Inputs.SubscriptionCloudStorageConfigArgs\n {\n Bucket = example.Name,\n FilenamePrefix = \"pre-\",\n FilenameSuffix = \"-_33395\",\n FilenameDatetimeFormat = \"YYYY-MM-DD/hh_mm_ssZ\",\n MaxBytes = 1000,\n MaxDuration = \"300s\",\n MaxMessages = 1000,\n AvroConfig = new Gcp.PubSub.Inputs.SubscriptionCloudStorageConfigAvroConfigArgs\n {\n WriteMetadata = true,\n UseTopicSchema = true,\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n example,\n admin,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := storage.NewBucket(ctx, \"example\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"example-bucket\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleTopic, err := pubsub.NewTopic(ctx, \"example\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := storage.NewBucketIAMMember(ctx, \"admin\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: example.Name,\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-pubsub.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscription(ctx, \"example\", \u0026pubsub.SubscriptionArgs{\n\t\t\tName: pulumi.String(\"example-subscription\"),\n\t\t\tTopic: exampleTopic.ID(),\n\t\t\tCloudStorageConfig: \u0026pubsub.SubscriptionCloudStorageConfigArgs{\n\t\t\t\tBucket: example.Name,\n\t\t\t\tFilenamePrefix: pulumi.String(\"pre-\"),\n\t\t\t\tFilenameSuffix: pulumi.String(\"-_33395\"),\n\t\t\t\tFilenameDatetimeFormat: pulumi.String(\"YYYY-MM-DD/hh_mm_ssZ\"),\n\t\t\t\tMaxBytes: pulumi.Int(1000),\n\t\t\t\tMaxDuration: pulumi.String(\"300s\"),\n\t\t\t\tMaxMessages: pulumi.Int(1000),\n\t\t\t\tAvroConfig: \u0026pubsub.SubscriptionCloudStorageConfigAvroConfigArgs{\n\t\t\t\t\tWriteMetadata: pulumi.Bool(true),\n\t\t\t\t\tUseTopicSchema: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texample,\n\t\t\tadmin,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.gcp.pubsub.Subscription;\nimport com.pulumi.gcp.pubsub.SubscriptionArgs;\nimport com.pulumi.gcp.pubsub.inputs.SubscriptionCloudStorageConfigArgs;\nimport com.pulumi.gcp.pubsub.inputs.SubscriptionCloudStorageConfigAvroConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Bucket(\"example\", BucketArgs.builder()\n .name(\"example-bucket\")\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var exampleTopic = new Topic(\"exampleTopic\", TopicArgs.builder()\n .name(\"example-topic\")\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var admin = new BucketIAMMember(\"admin\", BucketIAMMemberArgs.builder()\n .bucket(example.name())\n .role(\"roles/storage.admin\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-pubsub.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var exampleSubscription = new Subscription(\"exampleSubscription\", SubscriptionArgs.builder()\n .name(\"example-subscription\")\n .topic(exampleTopic.id())\n .cloudStorageConfig(SubscriptionCloudStorageConfigArgs.builder()\n .bucket(example.name())\n .filenamePrefix(\"pre-\")\n .filenameSuffix(\"-_33395\")\n .filenameDatetimeFormat(\"YYYY-MM-DD/hh_mm_ssZ\")\n .maxBytes(1000)\n .maxDuration(\"300s\")\n .maxMessages(1000)\n .avroConfig(SubscriptionCloudStorageConfigAvroConfigArgs.builder()\n .writeMetadata(true)\n .useTopicSchema(true)\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n example,\n admin)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:storage:Bucket\n properties:\n name: example-bucket\n location: US\n uniformBucketLevelAccess: true\n exampleTopic:\n type: gcp:pubsub:Topic\n name: example\n properties:\n name: example-topic\n exampleSubscription:\n type: gcp:pubsub:Subscription\n name: example\n properties:\n name: example-subscription\n topic: ${exampleTopic.id}\n cloudStorageConfig:\n bucket: ${example.name}\n filenamePrefix: pre-\n filenameSuffix: -_33395\n filenameDatetimeFormat: YYYY-MM-DD/hh_mm_ssZ\n maxBytes: 1000\n maxDuration: 300s\n maxMessages: 1000\n avroConfig:\n writeMetadata: true\n useTopicSchema: true\n options:\n dependson:\n - ${example}\n - ${admin}\n admin:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${example.name}\n role: roles/storage.admin\n member: serviceAccount:service-${project.number}@gcp-sa-pubsub.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Pubsub Subscription Push Cloudstorage Service Account\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.storage.Bucket(\"example\", {\n name: \"example-bucket\",\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst exampleTopic = new gcp.pubsub.Topic(\"example\", {name: \"example-topic\"});\nconst storageWriteServiceAccount = new gcp.serviceaccount.Account(\"storage_write_service_account\", {\n accountId: \"example-stw\",\n displayName: \"Storage Write Service Account\",\n});\nconst admin = new gcp.storage.BucketIAMMember(\"admin\", {\n bucket: example.name,\n role: \"roles/storage.admin\",\n member: pulumi.interpolate`serviceAccount:${storageWriteServiceAccount.email}`,\n});\nconst exampleSubscription = new gcp.pubsub.Subscription(\"example\", {\n name: \"example-subscription\",\n topic: exampleTopic.id,\n cloudStorageConfig: {\n bucket: example.name,\n filenamePrefix: \"pre-\",\n filenameSuffix: \"-_76044\",\n filenameDatetimeFormat: \"YYYY-MM-DD/hh_mm_ssZ\",\n maxBytes: 1000,\n maxDuration: \"300s\",\n serviceAccountEmail: storageWriteServiceAccount.email,\n },\n}, {\n dependsOn: [\n storageWriteServiceAccount,\n example,\n admin,\n ],\n});\nconst project = gcp.organizations.getProject({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.storage.Bucket(\"example\",\n name=\"example-bucket\",\n location=\"US\",\n uniform_bucket_level_access=True)\nexample_topic = gcp.pubsub.Topic(\"example\", name=\"example-topic\")\nstorage_write_service_account = gcp.serviceaccount.Account(\"storage_write_service_account\",\n account_id=\"example-stw\",\n display_name=\"Storage Write Service Account\")\nadmin = gcp.storage.BucketIAMMember(\"admin\",\n bucket=example.name,\n role=\"roles/storage.admin\",\n member=storage_write_service_account.email.apply(lambda email: f\"serviceAccount:{email}\"))\nexample_subscription = gcp.pubsub.Subscription(\"example\",\n name=\"example-subscription\",\n topic=example_topic.id,\n cloud_storage_config={\n \"bucket\": example.name,\n \"filename_prefix\": \"pre-\",\n \"filename_suffix\": \"-_76044\",\n \"filename_datetime_format\": \"YYYY-MM-DD/hh_mm_ssZ\",\n \"max_bytes\": 1000,\n \"max_duration\": \"300s\",\n \"service_account_email\": storage_write_service_account.email,\n },\n opts = pulumi.ResourceOptions(depends_on=[\n storage_write_service_account,\n example,\n admin,\n ]))\nproject = gcp.organizations.get_project()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.Storage.Bucket(\"example\", new()\n {\n Name = \"example-bucket\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var exampleTopic = new Gcp.PubSub.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n });\n\n var storageWriteServiceAccount = new Gcp.ServiceAccount.Account(\"storage_write_service_account\", new()\n {\n AccountId = \"example-stw\",\n DisplayName = \"Storage Write Service Account\",\n });\n\n var admin = new Gcp.Storage.BucketIAMMember(\"admin\", new()\n {\n Bucket = example.Name,\n Role = \"roles/storage.admin\",\n Member = storageWriteServiceAccount.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n var exampleSubscription = new Gcp.PubSub.Subscription(\"example\", new()\n {\n Name = \"example-subscription\",\n Topic = exampleTopic.Id,\n CloudStorageConfig = new Gcp.PubSub.Inputs.SubscriptionCloudStorageConfigArgs\n {\n Bucket = example.Name,\n FilenamePrefix = \"pre-\",\n FilenameSuffix = \"-_76044\",\n FilenameDatetimeFormat = \"YYYY-MM-DD/hh_mm_ssZ\",\n MaxBytes = 1000,\n MaxDuration = \"300s\",\n ServiceAccountEmail = storageWriteServiceAccount.Email,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n storageWriteServiceAccount,\n example,\n admin,\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := storage.NewBucket(ctx, \"example\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"example-bucket\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleTopic, err := pubsub.NewTopic(ctx, \"example\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tstorageWriteServiceAccount, err := serviceaccount.NewAccount(ctx, \"storage_write_service_account\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"example-stw\"),\n\t\t\tDisplayName: pulumi.String(\"Storage Write Service Account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := storage.NewBucketIAMMember(ctx, \"admin\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: example.Name,\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: storageWriteServiceAccount.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscription(ctx, \"example\", \u0026pubsub.SubscriptionArgs{\n\t\t\tName: pulumi.String(\"example-subscription\"),\n\t\t\tTopic: exampleTopic.ID(),\n\t\t\tCloudStorageConfig: \u0026pubsub.SubscriptionCloudStorageConfigArgs{\n\t\t\t\tBucket: example.Name,\n\t\t\t\tFilenamePrefix: pulumi.String(\"pre-\"),\n\t\t\t\tFilenameSuffix: pulumi.String(\"-_76044\"),\n\t\t\t\tFilenameDatetimeFormat: pulumi.String(\"YYYY-MM-DD/hh_mm_ssZ\"),\n\t\t\t\tMaxBytes: pulumi.Int(1000),\n\t\t\t\tMaxDuration: pulumi.String(\"300s\"),\n\t\t\t\tServiceAccountEmail: storageWriteServiceAccount.Email,\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tstorageWriteServiceAccount,\n\t\t\texample,\n\t\t\tadmin,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.gcp.pubsub.Subscription;\nimport com.pulumi.gcp.pubsub.SubscriptionArgs;\nimport com.pulumi.gcp.pubsub.inputs.SubscriptionCloudStorageConfigArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Bucket(\"example\", BucketArgs.builder()\n .name(\"example-bucket\")\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var exampleTopic = new Topic(\"exampleTopic\", TopicArgs.builder()\n .name(\"example-topic\")\n .build());\n\n var storageWriteServiceAccount = new Account(\"storageWriteServiceAccount\", AccountArgs.builder()\n .accountId(\"example-stw\")\n .displayName(\"Storage Write Service Account\")\n .build());\n\n var admin = new BucketIAMMember(\"admin\", BucketIAMMemberArgs.builder()\n .bucket(example.name())\n .role(\"roles/storage.admin\")\n .member(storageWriteServiceAccount.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n var exampleSubscription = new Subscription(\"exampleSubscription\", SubscriptionArgs.builder()\n .name(\"example-subscription\")\n .topic(exampleTopic.id())\n .cloudStorageConfig(SubscriptionCloudStorageConfigArgs.builder()\n .bucket(example.name())\n .filenamePrefix(\"pre-\")\n .filenameSuffix(\"-_76044\")\n .filenameDatetimeFormat(\"YYYY-MM-DD/hh_mm_ssZ\")\n .maxBytes(1000)\n .maxDuration(\"300s\")\n .serviceAccountEmail(storageWriteServiceAccount.email())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n storageWriteServiceAccount,\n example,\n admin)\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:storage:Bucket\n properties:\n name: example-bucket\n location: US\n uniformBucketLevelAccess: true\n exampleTopic:\n type: gcp:pubsub:Topic\n name: example\n properties:\n name: example-topic\n exampleSubscription:\n type: gcp:pubsub:Subscription\n name: example\n properties:\n name: example-subscription\n topic: ${exampleTopic.id}\n cloudStorageConfig:\n bucket: ${example.name}\n filenamePrefix: pre-\n filenameSuffix: -_76044\n filenameDatetimeFormat: YYYY-MM-DD/hh_mm_ssZ\n maxBytes: 1000\n maxDuration: 300s\n serviceAccountEmail: ${storageWriteServiceAccount.email}\n options:\n dependson:\n - ${storageWriteServiceAccount}\n - ${example}\n - ${admin}\n storageWriteServiceAccount:\n type: gcp:serviceaccount:Account\n name: storage_write_service_account\n properties:\n accountId: example-stw\n displayName: Storage Write Service Account\n admin:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${example.name}\n role: roles/storage.admin\n member: serviceAccount:${storageWriteServiceAccount.email}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nSubscription can be imported using any of these accepted formats:\n\n* `projects/{{project}}/subscriptions/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Subscription can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:pubsub/subscription:Subscription default projects/{{project}}/subscriptions/{{name}}\n```\n\n```sh\n$ pulumi import gcp:pubsub/subscription:Subscription default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:pubsub/subscription:Subscription default {{name}}\n```\n\n", + "description": "A named resource representing the stream of messages from a single,\nspecific topic, to be delivered to the subscribing application.\n\n\nTo get more information about Subscription, see:\n\n* [API documentation](https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.subscriptions)\n* How-to Guides\n * [Managing Subscriptions](https://cloud.google.com/pubsub/docs/admin#managing_subscriptions)\n\n\u003e **Note:** You can retrieve the email of the Google Managed Pub/Sub Service Account used for forwarding\nby using the `gcp.projects.ServiceIdentity` resource.\n\n## Example Usage\n\n### Pubsub Subscription Push\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.pubsub.Topic(\"example\", {name: \"example-topic\"});\nconst exampleSubscription = new gcp.pubsub.Subscription(\"example\", {\n name: \"example-subscription\",\n topic: example.id,\n ackDeadlineSeconds: 20,\n labels: {\n foo: \"bar\",\n },\n pushConfig: {\n pushEndpoint: \"https://example.com/push\",\n attributes: {\n \"x-goog-version\": \"v1\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.pubsub.Topic(\"example\", name=\"example-topic\")\nexample_subscription = gcp.pubsub.Subscription(\"example\",\n name=\"example-subscription\",\n topic=example.id,\n ack_deadline_seconds=20,\n labels={\n \"foo\": \"bar\",\n },\n push_config={\n \"push_endpoint\": \"https://example.com/push\",\n \"attributes\": {\n \"x-goog-version\": \"v1\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.PubSub.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n });\n\n var exampleSubscription = new Gcp.PubSub.Subscription(\"example\", new()\n {\n Name = \"example-subscription\",\n Topic = example.Id,\n AckDeadlineSeconds = 20,\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n PushConfig = new Gcp.PubSub.Inputs.SubscriptionPushConfigArgs\n {\n PushEndpoint = \"https://example.com/push\",\n Attributes = \n {\n { \"x-goog-version\", \"v1\" },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := pubsub.NewTopic(ctx, \"example\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscription(ctx, \"example\", \u0026pubsub.SubscriptionArgs{\n\t\t\tName: pulumi.String(\"example-subscription\"),\n\t\t\tTopic: example.ID(),\n\t\t\tAckDeadlineSeconds: pulumi.Int(20),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tPushConfig: \u0026pubsub.SubscriptionPushConfigArgs{\n\t\t\t\tPushEndpoint: pulumi.String(\"https://example.com/push\"),\n\t\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\t\"x-goog-version\": pulumi.String(\"v1\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.pubsub.Subscription;\nimport com.pulumi.gcp.pubsub.SubscriptionArgs;\nimport com.pulumi.gcp.pubsub.inputs.SubscriptionPushConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Topic(\"example\", TopicArgs.builder()\n .name(\"example-topic\")\n .build());\n\n var exampleSubscription = new Subscription(\"exampleSubscription\", SubscriptionArgs.builder()\n .name(\"example-subscription\")\n .topic(example.id())\n .ackDeadlineSeconds(20)\n .labels(Map.of(\"foo\", \"bar\"))\n .pushConfig(SubscriptionPushConfigArgs.builder()\n .pushEndpoint(\"https://example.com/push\")\n .attributes(Map.of(\"x-goog-version\", \"v1\"))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:Topic\n properties:\n name: example-topic\n exampleSubscription:\n type: gcp:pubsub:Subscription\n name: example\n properties:\n name: example-subscription\n topic: ${example.id}\n ackDeadlineSeconds: 20\n labels:\n foo: bar\n pushConfig:\n pushEndpoint: https://example.com/push\n attributes:\n x-goog-version: v1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Pubsub Subscription Pull\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.pubsub.Topic(\"example\", {name: \"example-topic\"});\nconst exampleSubscription = new gcp.pubsub.Subscription(\"example\", {\n name: \"example-subscription\",\n topic: example.id,\n labels: {\n foo: \"bar\",\n },\n messageRetentionDuration: \"1200s\",\n retainAckedMessages: true,\n ackDeadlineSeconds: 20,\n expirationPolicy: {\n ttl: \"300000.5s\",\n },\n retryPolicy: {\n minimumBackoff: \"10s\",\n },\n enableMessageOrdering: false,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.pubsub.Topic(\"example\", name=\"example-topic\")\nexample_subscription = gcp.pubsub.Subscription(\"example\",\n name=\"example-subscription\",\n topic=example.id,\n labels={\n \"foo\": \"bar\",\n },\n message_retention_duration=\"1200s\",\n retain_acked_messages=True,\n ack_deadline_seconds=20,\n expiration_policy={\n \"ttl\": \"300000.5s\",\n },\n retry_policy={\n \"minimum_backoff\": \"10s\",\n },\n enable_message_ordering=False)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.PubSub.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n });\n\n var exampleSubscription = new Gcp.PubSub.Subscription(\"example\", new()\n {\n Name = \"example-subscription\",\n Topic = example.Id,\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n MessageRetentionDuration = \"1200s\",\n RetainAckedMessages = true,\n AckDeadlineSeconds = 20,\n ExpirationPolicy = new Gcp.PubSub.Inputs.SubscriptionExpirationPolicyArgs\n {\n Ttl = \"300000.5s\",\n },\n RetryPolicy = new Gcp.PubSub.Inputs.SubscriptionRetryPolicyArgs\n {\n MinimumBackoff = \"10s\",\n },\n EnableMessageOrdering = false,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := pubsub.NewTopic(ctx, \"example\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscription(ctx, \"example\", \u0026pubsub.SubscriptionArgs{\n\t\t\tName: pulumi.String(\"example-subscription\"),\n\t\t\tTopic: example.ID(),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tMessageRetentionDuration: pulumi.String(\"1200s\"),\n\t\t\tRetainAckedMessages: pulumi.Bool(true),\n\t\t\tAckDeadlineSeconds: pulumi.Int(20),\n\t\t\tExpirationPolicy: \u0026pubsub.SubscriptionExpirationPolicyArgs{\n\t\t\t\tTtl: pulumi.String(\"300000.5s\"),\n\t\t\t},\n\t\t\tRetryPolicy: \u0026pubsub.SubscriptionRetryPolicyArgs{\n\t\t\t\tMinimumBackoff: pulumi.String(\"10s\"),\n\t\t\t},\n\t\t\tEnableMessageOrdering: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.pubsub.Subscription;\nimport com.pulumi.gcp.pubsub.SubscriptionArgs;\nimport com.pulumi.gcp.pubsub.inputs.SubscriptionExpirationPolicyArgs;\nimport com.pulumi.gcp.pubsub.inputs.SubscriptionRetryPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Topic(\"example\", TopicArgs.builder()\n .name(\"example-topic\")\n .build());\n\n var exampleSubscription = new Subscription(\"exampleSubscription\", SubscriptionArgs.builder()\n .name(\"example-subscription\")\n .topic(example.id())\n .labels(Map.of(\"foo\", \"bar\"))\n .messageRetentionDuration(\"1200s\")\n .retainAckedMessages(true)\n .ackDeadlineSeconds(20)\n .expirationPolicy(SubscriptionExpirationPolicyArgs.builder()\n .ttl(\"300000.5s\")\n .build())\n .retryPolicy(SubscriptionRetryPolicyArgs.builder()\n .minimumBackoff(\"10s\")\n .build())\n .enableMessageOrdering(false)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:Topic\n properties:\n name: example-topic\n exampleSubscription:\n type: gcp:pubsub:Subscription\n name: example\n properties:\n name: example-subscription\n topic: ${example.id}\n labels:\n foo: bar\n messageRetentionDuration: 1200s\n retainAckedMessages: true\n ackDeadlineSeconds: 20\n expirationPolicy:\n ttl: 300000.5s\n retryPolicy:\n minimumBackoff: 10s\n enableMessageOrdering: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Pubsub Subscription Pull Filter\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.pubsub.Topic(\"example\", {name: \"example-topic\"});\nconst exampleSubscription = new gcp.pubsub.Subscription(\"example\", {\n name: \"example-subscription\",\n topic: example.id,\n labels: {\n foo: \"bar\",\n },\n filter: ` attributes.foo = \"foo\"\n AND attributes.bar = \"bar\"\n`,\n ackDeadlineSeconds: 20,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.pubsub.Topic(\"example\", name=\"example-topic\")\nexample_subscription = gcp.pubsub.Subscription(\"example\",\n name=\"example-subscription\",\n topic=example.id,\n labels={\n \"foo\": \"bar\",\n },\n filter=\"\"\" attributes.foo = \"foo\"\n AND attributes.bar = \"bar\"\n\"\"\",\n ack_deadline_seconds=20)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.PubSub.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n });\n\n var exampleSubscription = new Gcp.PubSub.Subscription(\"example\", new()\n {\n Name = \"example-subscription\",\n Topic = example.Id,\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Filter = @\" attributes.foo = \"\"foo\"\"\n AND attributes.bar = \"\"bar\"\"\n\",\n AckDeadlineSeconds = 20,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := pubsub.NewTopic(ctx, \"example\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscription(ctx, \"example\", \u0026pubsub.SubscriptionArgs{\n\t\t\tName: pulumi.String(\"example-subscription\"),\n\t\t\tTopic: example.ID(),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tFilter: pulumi.String(\" attributes.foo = \\\"foo\\\"\\n AND attributes.bar = \\\"bar\\\"\\n\"),\n\t\t\tAckDeadlineSeconds: pulumi.Int(20),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.pubsub.Subscription;\nimport com.pulumi.gcp.pubsub.SubscriptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Topic(\"example\", TopicArgs.builder()\n .name(\"example-topic\")\n .build());\n\n var exampleSubscription = new Subscription(\"exampleSubscription\", SubscriptionArgs.builder()\n .name(\"example-subscription\")\n .topic(example.id())\n .labels(Map.of(\"foo\", \"bar\"))\n .filter(\"\"\"\n attributes.foo = \"foo\"\n AND attributes.bar = \"bar\"\n \"\"\")\n .ackDeadlineSeconds(20)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:Topic\n properties:\n name: example-topic\n exampleSubscription:\n type: gcp:pubsub:Subscription\n name: example\n properties:\n name: example-subscription\n topic: ${example.id}\n labels:\n foo: bar\n filter: |2\n attributes.foo = \"foo\"\n AND attributes.bar = \"bar\"\n ackDeadlineSeconds: 20\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Pubsub Subscription Dead Letter\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.pubsub.Topic(\"example\", {name: \"example-topic\"});\nconst exampleDeadLetter = new gcp.pubsub.Topic(\"example_dead_letter\", {name: \"example-topic-dead-letter\"});\nconst exampleSubscription = new gcp.pubsub.Subscription(\"example\", {\n name: \"example-subscription\",\n topic: example.id,\n deadLetterPolicy: {\n deadLetterTopic: exampleDeadLetter.id,\n maxDeliveryAttempts: 10,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.pubsub.Topic(\"example\", name=\"example-topic\")\nexample_dead_letter = gcp.pubsub.Topic(\"example_dead_letter\", name=\"example-topic-dead-letter\")\nexample_subscription = gcp.pubsub.Subscription(\"example\",\n name=\"example-subscription\",\n topic=example.id,\n dead_letter_policy={\n \"dead_letter_topic\": example_dead_letter.id,\n \"max_delivery_attempts\": 10,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.PubSub.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n });\n\n var exampleDeadLetter = new Gcp.PubSub.Topic(\"example_dead_letter\", new()\n {\n Name = \"example-topic-dead-letter\",\n });\n\n var exampleSubscription = new Gcp.PubSub.Subscription(\"example\", new()\n {\n Name = \"example-subscription\",\n Topic = example.Id,\n DeadLetterPolicy = new Gcp.PubSub.Inputs.SubscriptionDeadLetterPolicyArgs\n {\n DeadLetterTopic = exampleDeadLetter.Id,\n MaxDeliveryAttempts = 10,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := pubsub.NewTopic(ctx, \"example\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDeadLetter, err := pubsub.NewTopic(ctx, \"example_dead_letter\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic-dead-letter\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscription(ctx, \"example\", \u0026pubsub.SubscriptionArgs{\n\t\t\tName: pulumi.String(\"example-subscription\"),\n\t\t\tTopic: example.ID(),\n\t\t\tDeadLetterPolicy: \u0026pubsub.SubscriptionDeadLetterPolicyArgs{\n\t\t\t\tDeadLetterTopic: exampleDeadLetter.ID(),\n\t\t\t\tMaxDeliveryAttempts: pulumi.Int(10),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.pubsub.Subscription;\nimport com.pulumi.gcp.pubsub.SubscriptionArgs;\nimport com.pulumi.gcp.pubsub.inputs.SubscriptionDeadLetterPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Topic(\"example\", TopicArgs.builder()\n .name(\"example-topic\")\n .build());\n\n var exampleDeadLetter = new Topic(\"exampleDeadLetter\", TopicArgs.builder()\n .name(\"example-topic-dead-letter\")\n .build());\n\n var exampleSubscription = new Subscription(\"exampleSubscription\", SubscriptionArgs.builder()\n .name(\"example-subscription\")\n .topic(example.id())\n .deadLetterPolicy(SubscriptionDeadLetterPolicyArgs.builder()\n .deadLetterTopic(exampleDeadLetter.id())\n .maxDeliveryAttempts(10)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:Topic\n properties:\n name: example-topic\n exampleDeadLetter:\n type: gcp:pubsub:Topic\n name: example_dead_letter\n properties:\n name: example-topic-dead-letter\n exampleSubscription:\n type: gcp:pubsub:Subscription\n name: example\n properties:\n name: example-subscription\n topic: ${example.id}\n deadLetterPolicy:\n deadLetterTopic: ${exampleDeadLetter.id}\n maxDeliveryAttempts: 10\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Pubsub Subscription Push Bq\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.pubsub.Topic(\"example\", {name: \"example-topic\"});\nconst test = new gcp.bigquery.Dataset(\"test\", {datasetId: \"example_dataset\"});\nconst testTable = new gcp.bigquery.Table(\"test\", {\n tableId: \"example_table\",\n datasetId: test.datasetId,\n schema: `[\n {\n \"name\": \"data\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The data\"\n }\n]\n`,\n deletionProtection: false,\n});\nconst exampleSubscription = new gcp.pubsub.Subscription(\"example\", {\n name: \"example-subscription\",\n topic: example.id,\n bigqueryConfig: {\n table: pulumi.interpolate`${testTable.project}.${testTable.datasetId}.${testTable.tableId}`,\n },\n});\nconst project = gcp.organizations.getProject({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.pubsub.Topic(\"example\", name=\"example-topic\")\ntest = gcp.bigquery.Dataset(\"test\", dataset_id=\"example_dataset\")\ntest_table = gcp.bigquery.Table(\"test\",\n table_id=\"example_table\",\n dataset_id=test.dataset_id,\n schema=\"\"\"[\n {\n \"name\": \"data\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The data\"\n }\n]\n\"\"\",\n deletion_protection=False)\nexample_subscription = gcp.pubsub.Subscription(\"example\",\n name=\"example-subscription\",\n topic=example.id,\n bigquery_config={\n \"table\": pulumi.Output.all(\n project=test_table.project,\n dataset_id=test_table.dataset_id,\n table_id=test_table.table_id\n).apply(lambda resolved_outputs: f\"{resolved_outputs['project']}.{resolved_outputs['dataset_id']}.{resolved_outputs['table_id']}\")\n,\n })\nproject = gcp.organizations.get_project()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.PubSub.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n });\n\n var test = new Gcp.BigQuery.Dataset(\"test\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var testTable = new Gcp.BigQuery.Table(\"test\", new()\n {\n TableId = \"example_table\",\n DatasetId = test.DatasetId,\n Schema = @\"[\n {\n \"\"name\"\": \"\"data\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"mode\"\": \"\"NULLABLE\"\",\n \"\"description\"\": \"\"The data\"\"\n }\n]\n\",\n DeletionProtection = false,\n });\n\n var exampleSubscription = new Gcp.PubSub.Subscription(\"example\", new()\n {\n Name = \"example-subscription\",\n Topic = example.Id,\n BigqueryConfig = new Gcp.PubSub.Inputs.SubscriptionBigqueryConfigArgs\n {\n Table = Output.Tuple(testTable.Project, testTable.DatasetId, testTable.TableId).Apply(values =\u003e\n {\n var project = values.Item1;\n var datasetId = values.Item2;\n var tableId = values.Item3;\n return $\"{project}.{datasetId}.{tableId}\";\n }),\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := pubsub.NewTopic(ctx, \"example\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := bigquery.NewDataset(ctx, \"test\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestTable, err := bigquery.NewTable(ctx, \"test\", \u0026bigquery.TableArgs{\n\t\t\tTableId: pulumi.String(\"example_table\"),\n\t\t\tDatasetId: test.DatasetId,\n\t\t\tSchema: pulumi.String(`[\n {\n \"name\": \"data\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The data\"\n }\n]\n`),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscription(ctx, \"example\", \u0026pubsub.SubscriptionArgs{\n\t\t\tName: pulumi.String(\"example-subscription\"),\n\t\t\tTopic: example.ID(),\n\t\t\tBigqueryConfig: \u0026pubsub.SubscriptionBigqueryConfigArgs{\n\t\t\t\tTable: pulumi.All(testTable.Project, testTable.DatasetId, testTable.TableId).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\tproject := _args[0].(string)\n\t\t\t\t\tdatasetId := _args[1].(string)\n\t\t\t\t\ttableId := _args[2].(string)\n\t\t\t\t\treturn fmt.Sprintf(\"%v.%v.%v\", project, datasetId, tableId), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Table;\nimport com.pulumi.gcp.bigquery.TableArgs;\nimport com.pulumi.gcp.pubsub.Subscription;\nimport com.pulumi.gcp.pubsub.SubscriptionArgs;\nimport com.pulumi.gcp.pubsub.inputs.SubscriptionBigqueryConfigArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Topic(\"example\", TopicArgs.builder()\n .name(\"example-topic\")\n .build());\n\n var test = new Dataset(\"test\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var testTable = new Table(\"testTable\", TableArgs.builder()\n .tableId(\"example_table\")\n .datasetId(test.datasetId())\n .schema(\"\"\"\n[\n {\n \"name\": \"data\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The data\"\n }\n]\n \"\"\")\n .deletionProtection(false)\n .build());\n\n var exampleSubscription = new Subscription(\"exampleSubscription\", SubscriptionArgs.builder()\n .name(\"example-subscription\")\n .topic(example.id())\n .bigqueryConfig(SubscriptionBigqueryConfigArgs.builder()\n .table(Output.tuple(testTable.project(), testTable.datasetId(), testTable.tableId()).applyValue(values -\u003e {\n var project = values.t1;\n var datasetId = values.t2;\n var tableId = values.t3;\n return String.format(\"%s.%s.%s\", project,datasetId,tableId);\n }))\n .build())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:Topic\n properties:\n name: example-topic\n exampleSubscription:\n type: gcp:pubsub:Subscription\n name: example\n properties:\n name: example-subscription\n topic: ${example.id}\n bigqueryConfig:\n table: ${testTable.project}.${testTable.datasetId}.${testTable.tableId}\n test:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n testTable:\n type: gcp:bigquery:Table\n name: test\n properties:\n tableId: example_table\n datasetId: ${test.datasetId}\n schema: |\n [\n {\n \"name\": \"data\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The data\"\n }\n ]\n deletionProtection: false\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Pubsub Subscription Push Bq Table Schema\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.pubsub.Topic(\"example\", {name: \"example-topic\"});\nconst test = new gcp.bigquery.Dataset(\"test\", {datasetId: \"example_dataset\"});\nconst testTable = new gcp.bigquery.Table(\"test\", {\n tableId: \"example_table\",\n datasetId: test.datasetId,\n schema: `[\n {\n \"name\": \"data\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The data\"\n }\n]\n`,\n deletionProtection: false,\n});\nconst exampleSubscription = new gcp.pubsub.Subscription(\"example\", {\n name: \"example-subscription\",\n topic: example.id,\n bigqueryConfig: {\n table: pulumi.interpolate`${testTable.project}.${testTable.datasetId}.${testTable.tableId}`,\n useTableSchema: true,\n },\n});\nconst project = gcp.organizations.getProject({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.pubsub.Topic(\"example\", name=\"example-topic\")\ntest = gcp.bigquery.Dataset(\"test\", dataset_id=\"example_dataset\")\ntest_table = gcp.bigquery.Table(\"test\",\n table_id=\"example_table\",\n dataset_id=test.dataset_id,\n schema=\"\"\"[\n {\n \"name\": \"data\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The data\"\n }\n]\n\"\"\",\n deletion_protection=False)\nexample_subscription = gcp.pubsub.Subscription(\"example\",\n name=\"example-subscription\",\n topic=example.id,\n bigquery_config={\n \"table\": pulumi.Output.all(\n project=test_table.project,\n dataset_id=test_table.dataset_id,\n table_id=test_table.table_id\n).apply(lambda resolved_outputs: f\"{resolved_outputs['project']}.{resolved_outputs['dataset_id']}.{resolved_outputs['table_id']}\")\n,\n \"use_table_schema\": True,\n })\nproject = gcp.organizations.get_project()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.PubSub.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n });\n\n var test = new Gcp.BigQuery.Dataset(\"test\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var testTable = new Gcp.BigQuery.Table(\"test\", new()\n {\n TableId = \"example_table\",\n DatasetId = test.DatasetId,\n Schema = @\"[\n {\n \"\"name\"\": \"\"data\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"mode\"\": \"\"NULLABLE\"\",\n \"\"description\"\": \"\"The data\"\"\n }\n]\n\",\n DeletionProtection = false,\n });\n\n var exampleSubscription = new Gcp.PubSub.Subscription(\"example\", new()\n {\n Name = \"example-subscription\",\n Topic = example.Id,\n BigqueryConfig = new Gcp.PubSub.Inputs.SubscriptionBigqueryConfigArgs\n {\n Table = Output.Tuple(testTable.Project, testTable.DatasetId, testTable.TableId).Apply(values =\u003e\n {\n var project = values.Item1;\n var datasetId = values.Item2;\n var tableId = values.Item3;\n return $\"{project}.{datasetId}.{tableId}\";\n }),\n UseTableSchema = true,\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := pubsub.NewTopic(ctx, \"example\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := bigquery.NewDataset(ctx, \"test\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestTable, err := bigquery.NewTable(ctx, \"test\", \u0026bigquery.TableArgs{\n\t\t\tTableId: pulumi.String(\"example_table\"),\n\t\t\tDatasetId: test.DatasetId,\n\t\t\tSchema: pulumi.String(`[\n {\n \"name\": \"data\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The data\"\n }\n]\n`),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscription(ctx, \"example\", \u0026pubsub.SubscriptionArgs{\n\t\t\tName: pulumi.String(\"example-subscription\"),\n\t\t\tTopic: example.ID(),\n\t\t\tBigqueryConfig: \u0026pubsub.SubscriptionBigqueryConfigArgs{\n\t\t\t\tTable: pulumi.All(testTable.Project, testTable.DatasetId, testTable.TableId).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\tproject := _args[0].(string)\n\t\t\t\t\tdatasetId := _args[1].(string)\n\t\t\t\t\ttableId := _args[2].(string)\n\t\t\t\t\treturn fmt.Sprintf(\"%v.%v.%v\", project, datasetId, tableId), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\tUseTableSchema: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Table;\nimport com.pulumi.gcp.bigquery.TableArgs;\nimport com.pulumi.gcp.pubsub.Subscription;\nimport com.pulumi.gcp.pubsub.SubscriptionArgs;\nimport com.pulumi.gcp.pubsub.inputs.SubscriptionBigqueryConfigArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Topic(\"example\", TopicArgs.builder()\n .name(\"example-topic\")\n .build());\n\n var test = new Dataset(\"test\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var testTable = new Table(\"testTable\", TableArgs.builder()\n .tableId(\"example_table\")\n .datasetId(test.datasetId())\n .schema(\"\"\"\n[\n {\n \"name\": \"data\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The data\"\n }\n]\n \"\"\")\n .deletionProtection(false)\n .build());\n\n var exampleSubscription = new Subscription(\"exampleSubscription\", SubscriptionArgs.builder()\n .name(\"example-subscription\")\n .topic(example.id())\n .bigqueryConfig(SubscriptionBigqueryConfigArgs.builder()\n .table(Output.tuple(testTable.project(), testTable.datasetId(), testTable.tableId()).applyValue(values -\u003e {\n var project = values.t1;\n var datasetId = values.t2;\n var tableId = values.t3;\n return String.format(\"%s.%s.%s\", project,datasetId,tableId);\n }))\n .useTableSchema(true)\n .build())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:Topic\n properties:\n name: example-topic\n exampleSubscription:\n type: gcp:pubsub:Subscription\n name: example\n properties:\n name: example-subscription\n topic: ${example.id}\n bigqueryConfig:\n table: ${testTable.project}.${testTable.datasetId}.${testTable.tableId}\n useTableSchema: true\n test:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n testTable:\n type: gcp:bigquery:Table\n name: test\n properties:\n tableId: example_table\n datasetId: ${test.datasetId}\n schema: |\n [\n {\n \"name\": \"data\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The data\"\n }\n ]\n deletionProtection: false\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Pubsub Subscription Push Bq Service Account\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.pubsub.Topic(\"example\", {name: \"example-topic\"});\nconst bqWriteServiceAccount = new gcp.serviceaccount.Account(\"bq_write_service_account\", {\n accountId: \"example-bqw\",\n displayName: \"BQ Write Service Account\",\n});\nconst project = gcp.organizations.getProject({});\nconst bigqueryMetadataViewer = new gcp.projects.IAMMember(\"bigquery_metadata_viewer\", {\n project: project.then(project =\u003e project.projectId),\n role: \"roles/bigquery.metadataViewer\",\n member: pulumi.interpolate`serviceAccount:${bqWriteServiceAccount.email}`,\n});\nconst bigqueryDataEditor = new gcp.projects.IAMMember(\"bigquery_data_editor\", {\n project: project.then(project =\u003e project.projectId),\n role: \"roles/bigquery.dataEditor\",\n member: pulumi.interpolate`serviceAccount:${bqWriteServiceAccount.email}`,\n});\nconst test = new gcp.bigquery.Dataset(\"test\", {datasetId: \"example_dataset\"});\nconst testTable = new gcp.bigquery.Table(\"test\", {\n deletionProtection: false,\n tableId: \"example_table\",\n datasetId: test.datasetId,\n schema: `[\n {\n \"name\": \"data\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The data\"\n }\n]\n`,\n});\nconst exampleSubscription = new gcp.pubsub.Subscription(\"example\", {\n name: \"example-subscription\",\n topic: example.id,\n bigqueryConfig: {\n table: pulumi.interpolate`${testTable.project}.${testTable.datasetId}.${testTable.tableId}`,\n serviceAccountEmail: bqWriteServiceAccount.email,\n },\n}, {\n dependsOn: [\n bqWriteServiceAccount,\n bigqueryMetadataViewer,\n bigqueryDataEditor,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.pubsub.Topic(\"example\", name=\"example-topic\")\nbq_write_service_account = gcp.serviceaccount.Account(\"bq_write_service_account\",\n account_id=\"example-bqw\",\n display_name=\"BQ Write Service Account\")\nproject = gcp.organizations.get_project()\nbigquery_metadata_viewer = gcp.projects.IAMMember(\"bigquery_metadata_viewer\",\n project=project.project_id,\n role=\"roles/bigquery.metadataViewer\",\n member=bq_write_service_account.email.apply(lambda email: f\"serviceAccount:{email}\"))\nbigquery_data_editor = gcp.projects.IAMMember(\"bigquery_data_editor\",\n project=project.project_id,\n role=\"roles/bigquery.dataEditor\",\n member=bq_write_service_account.email.apply(lambda email: f\"serviceAccount:{email}\"))\ntest = gcp.bigquery.Dataset(\"test\", dataset_id=\"example_dataset\")\ntest_table = gcp.bigquery.Table(\"test\",\n deletion_protection=False,\n table_id=\"example_table\",\n dataset_id=test.dataset_id,\n schema=\"\"\"[\n {\n \"name\": \"data\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The data\"\n }\n]\n\"\"\")\nexample_subscription = gcp.pubsub.Subscription(\"example\",\n name=\"example-subscription\",\n topic=example.id,\n bigquery_config={\n \"table\": pulumi.Output.all(\n project=test_table.project,\n dataset_id=test_table.dataset_id,\n table_id=test_table.table_id\n).apply(lambda resolved_outputs: f\"{resolved_outputs['project']}.{resolved_outputs['dataset_id']}.{resolved_outputs['table_id']}\")\n,\n \"service_account_email\": bq_write_service_account.email,\n },\n opts = pulumi.ResourceOptions(depends_on=[\n bq_write_service_account,\n bigquery_metadata_viewer,\n bigquery_data_editor,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.PubSub.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n });\n\n var bqWriteServiceAccount = new Gcp.ServiceAccount.Account(\"bq_write_service_account\", new()\n {\n AccountId = \"example-bqw\",\n DisplayName = \"BQ Write Service Account\",\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var bigqueryMetadataViewer = new Gcp.Projects.IAMMember(\"bigquery_metadata_viewer\", new()\n {\n Project = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n Role = \"roles/bigquery.metadataViewer\",\n Member = bqWriteServiceAccount.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n var bigqueryDataEditor = new Gcp.Projects.IAMMember(\"bigquery_data_editor\", new()\n {\n Project = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n Role = \"roles/bigquery.dataEditor\",\n Member = bqWriteServiceAccount.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n var test = new Gcp.BigQuery.Dataset(\"test\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var testTable = new Gcp.BigQuery.Table(\"test\", new()\n {\n DeletionProtection = false,\n TableId = \"example_table\",\n DatasetId = test.DatasetId,\n Schema = @\"[\n {\n \"\"name\"\": \"\"data\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"mode\"\": \"\"NULLABLE\"\",\n \"\"description\"\": \"\"The data\"\"\n }\n]\n\",\n });\n\n var exampleSubscription = new Gcp.PubSub.Subscription(\"example\", new()\n {\n Name = \"example-subscription\",\n Topic = example.Id,\n BigqueryConfig = new Gcp.PubSub.Inputs.SubscriptionBigqueryConfigArgs\n {\n Table = Output.Tuple(testTable.Project, testTable.DatasetId, testTable.TableId).Apply(values =\u003e\n {\n var project = values.Item1;\n var datasetId = values.Item2;\n var tableId = values.Item3;\n return $\"{project}.{datasetId}.{tableId}\";\n }),\n ServiceAccountEmail = bqWriteServiceAccount.Email,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n bqWriteServiceAccount,\n bigqueryMetadataViewer,\n bigqueryDataEditor,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := pubsub.NewTopic(ctx, \"example\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbqWriteServiceAccount, err := serviceaccount.NewAccount(ctx, \"bq_write_service_account\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"example-bqw\"),\n\t\t\tDisplayName: pulumi.String(\"BQ Write Service Account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbigqueryMetadataViewer, err := projects.NewIAMMember(ctx, \"bigquery_metadata_viewer\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(project.ProjectId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.metadataViewer\"),\n\t\t\tMember: bqWriteServiceAccount.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbigqueryDataEditor, err := projects.NewIAMMember(ctx, \"bigquery_data_editor\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(project.ProjectId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataEditor\"),\n\t\t\tMember: bqWriteServiceAccount.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := bigquery.NewDataset(ctx, \"test\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestTable, err := bigquery.NewTable(ctx, \"test\", \u0026bigquery.TableArgs{\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tTableId: pulumi.String(\"example_table\"),\n\t\t\tDatasetId: test.DatasetId,\n\t\t\tSchema: pulumi.String(`[\n {\n \"name\": \"data\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The data\"\n }\n]\n`),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscription(ctx, \"example\", \u0026pubsub.SubscriptionArgs{\n\t\t\tName: pulumi.String(\"example-subscription\"),\n\t\t\tTopic: example.ID(),\n\t\t\tBigqueryConfig: \u0026pubsub.SubscriptionBigqueryConfigArgs{\n\t\t\t\tTable: pulumi.All(testTable.Project, testTable.DatasetId, testTable.TableId).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\tproject := _args[0].(string)\n\t\t\t\t\tdatasetId := _args[1].(string)\n\t\t\t\t\ttableId := _args[2].(string)\n\t\t\t\t\treturn fmt.Sprintf(\"%v.%v.%v\", project, datasetId, tableId), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\tServiceAccountEmail: bqWriteServiceAccount.Email,\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tbqWriteServiceAccount,\n\t\t\tbigqueryMetadataViewer,\n\t\t\tbigqueryDataEditor,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Table;\nimport com.pulumi.gcp.bigquery.TableArgs;\nimport com.pulumi.gcp.pubsub.Subscription;\nimport com.pulumi.gcp.pubsub.SubscriptionArgs;\nimport com.pulumi.gcp.pubsub.inputs.SubscriptionBigqueryConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Topic(\"example\", TopicArgs.builder()\n .name(\"example-topic\")\n .build());\n\n var bqWriteServiceAccount = new Account(\"bqWriteServiceAccount\", AccountArgs.builder()\n .accountId(\"example-bqw\")\n .displayName(\"BQ Write Service Account\")\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var bigqueryMetadataViewer = new IAMMember(\"bigqueryMetadataViewer\", IAMMemberArgs.builder()\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .role(\"roles/bigquery.metadataViewer\")\n .member(bqWriteServiceAccount.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n var bigqueryDataEditor = new IAMMember(\"bigqueryDataEditor\", IAMMemberArgs.builder()\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .role(\"roles/bigquery.dataEditor\")\n .member(bqWriteServiceAccount.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n var test = new Dataset(\"test\", DatasetArgs.builder()\n .datasetId(\"example_dataset\")\n .build());\n\n var testTable = new Table(\"testTable\", TableArgs.builder()\n .deletionProtection(false)\n .tableId(\"example_table\")\n .datasetId(test.datasetId())\n .schema(\"\"\"\n[\n {\n \"name\": \"data\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The data\"\n }\n]\n \"\"\")\n .build());\n\n var exampleSubscription = new Subscription(\"exampleSubscription\", SubscriptionArgs.builder()\n .name(\"example-subscription\")\n .topic(example.id())\n .bigqueryConfig(SubscriptionBigqueryConfigArgs.builder()\n .table(Output.tuple(testTable.project(), testTable.datasetId(), testTable.tableId()).applyValue(values -\u003e {\n var project = values.t1;\n var datasetId = values.t2;\n var tableId = values.t3;\n return String.format(\"%s.%s.%s\", project.applyValue(getProjectResult -\u003e getProjectResult),datasetId,tableId);\n }))\n .serviceAccountEmail(bqWriteServiceAccount.email())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n bqWriteServiceAccount,\n bigqueryMetadataViewer,\n bigqueryDataEditor)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:Topic\n properties:\n name: example-topic\n exampleSubscription:\n type: gcp:pubsub:Subscription\n name: example\n properties:\n name: example-subscription\n topic: ${example.id}\n bigqueryConfig:\n table: ${testTable.project}.${testTable.datasetId}.${testTable.tableId}\n serviceAccountEmail: ${bqWriteServiceAccount.email}\n options:\n dependsOn:\n - ${bqWriteServiceAccount}\n - ${bigqueryMetadataViewer}\n - ${bigqueryDataEditor}\n bqWriteServiceAccount:\n type: gcp:serviceaccount:Account\n name: bq_write_service_account\n properties:\n accountId: example-bqw\n displayName: BQ Write Service Account\n bigqueryMetadataViewer:\n type: gcp:projects:IAMMember\n name: bigquery_metadata_viewer\n properties:\n project: ${project.projectId}\n role: roles/bigquery.metadataViewer\n member: serviceAccount:${bqWriteServiceAccount.email}\n bigqueryDataEditor:\n type: gcp:projects:IAMMember\n name: bigquery_data_editor\n properties:\n project: ${project.projectId}\n role: roles/bigquery.dataEditor\n member: serviceAccount:${bqWriteServiceAccount.email}\n test:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n testTable:\n type: gcp:bigquery:Table\n name: test\n properties:\n deletionProtection: false\n tableId: example_table\n datasetId: ${test.datasetId}\n schema: |\n [\n {\n \"name\": \"data\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The data\"\n }\n ]\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Pubsub Subscription Push Cloudstorage\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.storage.Bucket(\"example\", {\n name: \"example-bucket\",\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst exampleTopic = new gcp.pubsub.Topic(\"example\", {name: \"example-topic\"});\nconst project = gcp.organizations.getProject({});\nconst admin = new gcp.storage.BucketIAMMember(\"admin\", {\n bucket: example.name,\n role: \"roles/storage.admin\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-pubsub.iam.gserviceaccount.com`),\n});\nconst exampleSubscription = new gcp.pubsub.Subscription(\"example\", {\n name: \"example-subscription\",\n topic: exampleTopic.id,\n cloudStorageConfig: {\n bucket: example.name,\n filenamePrefix: \"pre-\",\n filenameSuffix: \"-_40289\",\n filenameDatetimeFormat: \"YYYY-MM-DD/hh_mm_ssZ\",\n maxBytes: 1000,\n maxDuration: \"300s\",\n maxMessages: 1000,\n },\n}, {\n dependsOn: [\n example,\n admin,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.storage.Bucket(\"example\",\n name=\"example-bucket\",\n location=\"US\",\n uniform_bucket_level_access=True)\nexample_topic = gcp.pubsub.Topic(\"example\", name=\"example-topic\")\nproject = gcp.organizations.get_project()\nadmin = gcp.storage.BucketIAMMember(\"admin\",\n bucket=example.name,\n role=\"roles/storage.admin\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-pubsub.iam.gserviceaccount.com\")\nexample_subscription = gcp.pubsub.Subscription(\"example\",\n name=\"example-subscription\",\n topic=example_topic.id,\n cloud_storage_config={\n \"bucket\": example.name,\n \"filename_prefix\": \"pre-\",\n \"filename_suffix\": \"-_40289\",\n \"filename_datetime_format\": \"YYYY-MM-DD/hh_mm_ssZ\",\n \"max_bytes\": 1000,\n \"max_duration\": \"300s\",\n \"max_messages\": 1000,\n },\n opts = pulumi.ResourceOptions(depends_on=[\n example,\n admin,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.Storage.Bucket(\"example\", new()\n {\n Name = \"example-bucket\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var exampleTopic = new Gcp.PubSub.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var admin = new Gcp.Storage.BucketIAMMember(\"admin\", new()\n {\n Bucket = example.Name,\n Role = \"roles/storage.admin\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-pubsub.iam.gserviceaccount.com\",\n });\n\n var exampleSubscription = new Gcp.PubSub.Subscription(\"example\", new()\n {\n Name = \"example-subscription\",\n Topic = exampleTopic.Id,\n CloudStorageConfig = new Gcp.PubSub.Inputs.SubscriptionCloudStorageConfigArgs\n {\n Bucket = example.Name,\n FilenamePrefix = \"pre-\",\n FilenameSuffix = \"-_40289\",\n FilenameDatetimeFormat = \"YYYY-MM-DD/hh_mm_ssZ\",\n MaxBytes = 1000,\n MaxDuration = \"300s\",\n MaxMessages = 1000,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n example,\n admin,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := storage.NewBucket(ctx, \"example\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"example-bucket\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleTopic, err := pubsub.NewTopic(ctx, \"example\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := storage.NewBucketIAMMember(ctx, \"admin\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: example.Name,\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-pubsub.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscription(ctx, \"example\", \u0026pubsub.SubscriptionArgs{\n\t\t\tName: pulumi.String(\"example-subscription\"),\n\t\t\tTopic: exampleTopic.ID(),\n\t\t\tCloudStorageConfig: \u0026pubsub.SubscriptionCloudStorageConfigArgs{\n\t\t\t\tBucket: example.Name,\n\t\t\t\tFilenamePrefix: pulumi.String(\"pre-\"),\n\t\t\t\tFilenameSuffix: pulumi.String(\"-_40289\"),\n\t\t\t\tFilenameDatetimeFormat: pulumi.String(\"YYYY-MM-DD/hh_mm_ssZ\"),\n\t\t\t\tMaxBytes: pulumi.Int(1000),\n\t\t\t\tMaxDuration: pulumi.String(\"300s\"),\n\t\t\t\tMaxMessages: pulumi.Int(1000),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texample,\n\t\t\tadmin,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.gcp.pubsub.Subscription;\nimport com.pulumi.gcp.pubsub.SubscriptionArgs;\nimport com.pulumi.gcp.pubsub.inputs.SubscriptionCloudStorageConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Bucket(\"example\", BucketArgs.builder()\n .name(\"example-bucket\")\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var exampleTopic = new Topic(\"exampleTopic\", TopicArgs.builder()\n .name(\"example-topic\")\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var admin = new BucketIAMMember(\"admin\", BucketIAMMemberArgs.builder()\n .bucket(example.name())\n .role(\"roles/storage.admin\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-pubsub.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var exampleSubscription = new Subscription(\"exampleSubscription\", SubscriptionArgs.builder()\n .name(\"example-subscription\")\n .topic(exampleTopic.id())\n .cloudStorageConfig(SubscriptionCloudStorageConfigArgs.builder()\n .bucket(example.name())\n .filenamePrefix(\"pre-\")\n .filenameSuffix(\"-_40289\")\n .filenameDatetimeFormat(\"YYYY-MM-DD/hh_mm_ssZ\")\n .maxBytes(1000)\n .maxDuration(\"300s\")\n .maxMessages(1000)\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n example,\n admin)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:storage:Bucket\n properties:\n name: example-bucket\n location: US\n uniformBucketLevelAccess: true\n exampleTopic:\n type: gcp:pubsub:Topic\n name: example\n properties:\n name: example-topic\n exampleSubscription:\n type: gcp:pubsub:Subscription\n name: example\n properties:\n name: example-subscription\n topic: ${exampleTopic.id}\n cloudStorageConfig:\n bucket: ${example.name}\n filenamePrefix: pre-\n filenameSuffix: -_40289\n filenameDatetimeFormat: YYYY-MM-DD/hh_mm_ssZ\n maxBytes: 1000\n maxDuration: 300s\n maxMessages: 1000\n options:\n dependsOn:\n - ${example}\n - ${admin}\n admin:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${example.name}\n role: roles/storage.admin\n member: serviceAccount:service-${project.number}@gcp-sa-pubsub.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Pubsub Subscription Push Cloudstorage Avro\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.storage.Bucket(\"example\", {\n name: \"example-bucket\",\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst exampleTopic = new gcp.pubsub.Topic(\"example\", {name: \"example-topic\"});\nconst project = gcp.organizations.getProject({});\nconst admin = new gcp.storage.BucketIAMMember(\"admin\", {\n bucket: example.name,\n role: \"roles/storage.admin\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-pubsub.iam.gserviceaccount.com`),\n});\nconst exampleSubscription = new gcp.pubsub.Subscription(\"example\", {\n name: \"example-subscription\",\n topic: exampleTopic.id,\n cloudStorageConfig: {\n bucket: example.name,\n filenamePrefix: \"pre-\",\n filenameSuffix: \"-_33395\",\n filenameDatetimeFormat: \"YYYY-MM-DD/hh_mm_ssZ\",\n maxBytes: 1000,\n maxDuration: \"300s\",\n maxMessages: 1000,\n avroConfig: {\n writeMetadata: true,\n useTopicSchema: true,\n },\n },\n}, {\n dependsOn: [\n example,\n admin,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.storage.Bucket(\"example\",\n name=\"example-bucket\",\n location=\"US\",\n uniform_bucket_level_access=True)\nexample_topic = gcp.pubsub.Topic(\"example\", name=\"example-topic\")\nproject = gcp.organizations.get_project()\nadmin = gcp.storage.BucketIAMMember(\"admin\",\n bucket=example.name,\n role=\"roles/storage.admin\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-pubsub.iam.gserviceaccount.com\")\nexample_subscription = gcp.pubsub.Subscription(\"example\",\n name=\"example-subscription\",\n topic=example_topic.id,\n cloud_storage_config={\n \"bucket\": example.name,\n \"filename_prefix\": \"pre-\",\n \"filename_suffix\": \"-_33395\",\n \"filename_datetime_format\": \"YYYY-MM-DD/hh_mm_ssZ\",\n \"max_bytes\": 1000,\n \"max_duration\": \"300s\",\n \"max_messages\": 1000,\n \"avro_config\": {\n \"write_metadata\": True,\n \"use_topic_schema\": True,\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[\n example,\n admin,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.Storage.Bucket(\"example\", new()\n {\n Name = \"example-bucket\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var exampleTopic = new Gcp.PubSub.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var admin = new Gcp.Storage.BucketIAMMember(\"admin\", new()\n {\n Bucket = example.Name,\n Role = \"roles/storage.admin\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-pubsub.iam.gserviceaccount.com\",\n });\n\n var exampleSubscription = new Gcp.PubSub.Subscription(\"example\", new()\n {\n Name = \"example-subscription\",\n Topic = exampleTopic.Id,\n CloudStorageConfig = new Gcp.PubSub.Inputs.SubscriptionCloudStorageConfigArgs\n {\n Bucket = example.Name,\n FilenamePrefix = \"pre-\",\n FilenameSuffix = \"-_33395\",\n FilenameDatetimeFormat = \"YYYY-MM-DD/hh_mm_ssZ\",\n MaxBytes = 1000,\n MaxDuration = \"300s\",\n MaxMessages = 1000,\n AvroConfig = new Gcp.PubSub.Inputs.SubscriptionCloudStorageConfigAvroConfigArgs\n {\n WriteMetadata = true,\n UseTopicSchema = true,\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n example,\n admin,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := storage.NewBucket(ctx, \"example\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"example-bucket\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleTopic, err := pubsub.NewTopic(ctx, \"example\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := storage.NewBucketIAMMember(ctx, \"admin\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: example.Name,\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-pubsub.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscription(ctx, \"example\", \u0026pubsub.SubscriptionArgs{\n\t\t\tName: pulumi.String(\"example-subscription\"),\n\t\t\tTopic: exampleTopic.ID(),\n\t\t\tCloudStorageConfig: \u0026pubsub.SubscriptionCloudStorageConfigArgs{\n\t\t\t\tBucket: example.Name,\n\t\t\t\tFilenamePrefix: pulumi.String(\"pre-\"),\n\t\t\t\tFilenameSuffix: pulumi.String(\"-_33395\"),\n\t\t\t\tFilenameDatetimeFormat: pulumi.String(\"YYYY-MM-DD/hh_mm_ssZ\"),\n\t\t\t\tMaxBytes: pulumi.Int(1000),\n\t\t\t\tMaxDuration: pulumi.String(\"300s\"),\n\t\t\t\tMaxMessages: pulumi.Int(1000),\n\t\t\t\tAvroConfig: \u0026pubsub.SubscriptionCloudStorageConfigAvroConfigArgs{\n\t\t\t\t\tWriteMetadata: pulumi.Bool(true),\n\t\t\t\t\tUseTopicSchema: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texample,\n\t\t\tadmin,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.gcp.pubsub.Subscription;\nimport com.pulumi.gcp.pubsub.SubscriptionArgs;\nimport com.pulumi.gcp.pubsub.inputs.SubscriptionCloudStorageConfigArgs;\nimport com.pulumi.gcp.pubsub.inputs.SubscriptionCloudStorageConfigAvroConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Bucket(\"example\", BucketArgs.builder()\n .name(\"example-bucket\")\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var exampleTopic = new Topic(\"exampleTopic\", TopicArgs.builder()\n .name(\"example-topic\")\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var admin = new BucketIAMMember(\"admin\", BucketIAMMemberArgs.builder()\n .bucket(example.name())\n .role(\"roles/storage.admin\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-pubsub.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var exampleSubscription = new Subscription(\"exampleSubscription\", SubscriptionArgs.builder()\n .name(\"example-subscription\")\n .topic(exampleTopic.id())\n .cloudStorageConfig(SubscriptionCloudStorageConfigArgs.builder()\n .bucket(example.name())\n .filenamePrefix(\"pre-\")\n .filenameSuffix(\"-_33395\")\n .filenameDatetimeFormat(\"YYYY-MM-DD/hh_mm_ssZ\")\n .maxBytes(1000)\n .maxDuration(\"300s\")\n .maxMessages(1000)\n .avroConfig(SubscriptionCloudStorageConfigAvroConfigArgs.builder()\n .writeMetadata(true)\n .useTopicSchema(true)\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n example,\n admin)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:storage:Bucket\n properties:\n name: example-bucket\n location: US\n uniformBucketLevelAccess: true\n exampleTopic:\n type: gcp:pubsub:Topic\n name: example\n properties:\n name: example-topic\n exampleSubscription:\n type: gcp:pubsub:Subscription\n name: example\n properties:\n name: example-subscription\n topic: ${exampleTopic.id}\n cloudStorageConfig:\n bucket: ${example.name}\n filenamePrefix: pre-\n filenameSuffix: -_33395\n filenameDatetimeFormat: YYYY-MM-DD/hh_mm_ssZ\n maxBytes: 1000\n maxDuration: 300s\n maxMessages: 1000\n avroConfig:\n writeMetadata: true\n useTopicSchema: true\n options:\n dependsOn:\n - ${example}\n - ${admin}\n admin:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${example.name}\n role: roles/storage.admin\n member: serviceAccount:service-${project.number}@gcp-sa-pubsub.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Pubsub Subscription Push Cloudstorage Service Account\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.storage.Bucket(\"example\", {\n name: \"example-bucket\",\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst exampleTopic = new gcp.pubsub.Topic(\"example\", {name: \"example-topic\"});\nconst storageWriteServiceAccount = new gcp.serviceaccount.Account(\"storage_write_service_account\", {\n accountId: \"example-stw\",\n displayName: \"Storage Write Service Account\",\n});\nconst admin = new gcp.storage.BucketIAMMember(\"admin\", {\n bucket: example.name,\n role: \"roles/storage.admin\",\n member: pulumi.interpolate`serviceAccount:${storageWriteServiceAccount.email}`,\n});\nconst exampleSubscription = new gcp.pubsub.Subscription(\"example\", {\n name: \"example-subscription\",\n topic: exampleTopic.id,\n cloudStorageConfig: {\n bucket: example.name,\n filenamePrefix: \"pre-\",\n filenameSuffix: \"-_76044\",\n filenameDatetimeFormat: \"YYYY-MM-DD/hh_mm_ssZ\",\n maxBytes: 1000,\n maxDuration: \"300s\",\n serviceAccountEmail: storageWriteServiceAccount.email,\n },\n}, {\n dependsOn: [\n storageWriteServiceAccount,\n example,\n admin,\n ],\n});\nconst project = gcp.organizations.getProject({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.storage.Bucket(\"example\",\n name=\"example-bucket\",\n location=\"US\",\n uniform_bucket_level_access=True)\nexample_topic = gcp.pubsub.Topic(\"example\", name=\"example-topic\")\nstorage_write_service_account = gcp.serviceaccount.Account(\"storage_write_service_account\",\n account_id=\"example-stw\",\n display_name=\"Storage Write Service Account\")\nadmin = gcp.storage.BucketIAMMember(\"admin\",\n bucket=example.name,\n role=\"roles/storage.admin\",\n member=storage_write_service_account.email.apply(lambda email: f\"serviceAccount:{email}\"))\nexample_subscription = gcp.pubsub.Subscription(\"example\",\n name=\"example-subscription\",\n topic=example_topic.id,\n cloud_storage_config={\n \"bucket\": example.name,\n \"filename_prefix\": \"pre-\",\n \"filename_suffix\": \"-_76044\",\n \"filename_datetime_format\": \"YYYY-MM-DD/hh_mm_ssZ\",\n \"max_bytes\": 1000,\n \"max_duration\": \"300s\",\n \"service_account_email\": storage_write_service_account.email,\n },\n opts = pulumi.ResourceOptions(depends_on=[\n storage_write_service_account,\n example,\n admin,\n ]))\nproject = gcp.organizations.get_project()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.Storage.Bucket(\"example\", new()\n {\n Name = \"example-bucket\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var exampleTopic = new Gcp.PubSub.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n });\n\n var storageWriteServiceAccount = new Gcp.ServiceAccount.Account(\"storage_write_service_account\", new()\n {\n AccountId = \"example-stw\",\n DisplayName = \"Storage Write Service Account\",\n });\n\n var admin = new Gcp.Storage.BucketIAMMember(\"admin\", new()\n {\n Bucket = example.Name,\n Role = \"roles/storage.admin\",\n Member = storageWriteServiceAccount.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n var exampleSubscription = new Gcp.PubSub.Subscription(\"example\", new()\n {\n Name = \"example-subscription\",\n Topic = exampleTopic.Id,\n CloudStorageConfig = new Gcp.PubSub.Inputs.SubscriptionCloudStorageConfigArgs\n {\n Bucket = example.Name,\n FilenamePrefix = \"pre-\",\n FilenameSuffix = \"-_76044\",\n FilenameDatetimeFormat = \"YYYY-MM-DD/hh_mm_ssZ\",\n MaxBytes = 1000,\n MaxDuration = \"300s\",\n ServiceAccountEmail = storageWriteServiceAccount.Email,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n storageWriteServiceAccount,\n example,\n admin,\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := storage.NewBucket(ctx, \"example\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"example-bucket\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleTopic, err := pubsub.NewTopic(ctx, \"example\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tstorageWriteServiceAccount, err := serviceaccount.NewAccount(ctx, \"storage_write_service_account\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"example-stw\"),\n\t\t\tDisplayName: pulumi.String(\"Storage Write Service Account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := storage.NewBucketIAMMember(ctx, \"admin\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: example.Name,\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: storageWriteServiceAccount.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscription(ctx, \"example\", \u0026pubsub.SubscriptionArgs{\n\t\t\tName: pulumi.String(\"example-subscription\"),\n\t\t\tTopic: exampleTopic.ID(),\n\t\t\tCloudStorageConfig: \u0026pubsub.SubscriptionCloudStorageConfigArgs{\n\t\t\t\tBucket: example.Name,\n\t\t\t\tFilenamePrefix: pulumi.String(\"pre-\"),\n\t\t\t\tFilenameSuffix: pulumi.String(\"-_76044\"),\n\t\t\t\tFilenameDatetimeFormat: pulumi.String(\"YYYY-MM-DD/hh_mm_ssZ\"),\n\t\t\t\tMaxBytes: pulumi.Int(1000),\n\t\t\t\tMaxDuration: pulumi.String(\"300s\"),\n\t\t\t\tServiceAccountEmail: storageWriteServiceAccount.Email,\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tstorageWriteServiceAccount,\n\t\t\texample,\n\t\t\tadmin,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.gcp.pubsub.Subscription;\nimport com.pulumi.gcp.pubsub.SubscriptionArgs;\nimport com.pulumi.gcp.pubsub.inputs.SubscriptionCloudStorageConfigArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Bucket(\"example\", BucketArgs.builder()\n .name(\"example-bucket\")\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var exampleTopic = new Topic(\"exampleTopic\", TopicArgs.builder()\n .name(\"example-topic\")\n .build());\n\n var storageWriteServiceAccount = new Account(\"storageWriteServiceAccount\", AccountArgs.builder()\n .accountId(\"example-stw\")\n .displayName(\"Storage Write Service Account\")\n .build());\n\n var admin = new BucketIAMMember(\"admin\", BucketIAMMemberArgs.builder()\n .bucket(example.name())\n .role(\"roles/storage.admin\")\n .member(storageWriteServiceAccount.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n var exampleSubscription = new Subscription(\"exampleSubscription\", SubscriptionArgs.builder()\n .name(\"example-subscription\")\n .topic(exampleTopic.id())\n .cloudStorageConfig(SubscriptionCloudStorageConfigArgs.builder()\n .bucket(example.name())\n .filenamePrefix(\"pre-\")\n .filenameSuffix(\"-_76044\")\n .filenameDatetimeFormat(\"YYYY-MM-DD/hh_mm_ssZ\")\n .maxBytes(1000)\n .maxDuration(\"300s\")\n .serviceAccountEmail(storageWriteServiceAccount.email())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n storageWriteServiceAccount,\n example,\n admin)\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:storage:Bucket\n properties:\n name: example-bucket\n location: US\n uniformBucketLevelAccess: true\n exampleTopic:\n type: gcp:pubsub:Topic\n name: example\n properties:\n name: example-topic\n exampleSubscription:\n type: gcp:pubsub:Subscription\n name: example\n properties:\n name: example-subscription\n topic: ${exampleTopic.id}\n cloudStorageConfig:\n bucket: ${example.name}\n filenamePrefix: pre-\n filenameSuffix: -_76044\n filenameDatetimeFormat: YYYY-MM-DD/hh_mm_ssZ\n maxBytes: 1000\n maxDuration: 300s\n serviceAccountEmail: ${storageWriteServiceAccount.email}\n options:\n dependsOn:\n - ${storageWriteServiceAccount}\n - ${example}\n - ${admin}\n storageWriteServiceAccount:\n type: gcp:serviceaccount:Account\n name: storage_write_service_account\n properties:\n accountId: example-stw\n displayName: Storage Write Service Account\n admin:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${example.name}\n role: roles/storage.admin\n member: serviceAccount:${storageWriteServiceAccount.email}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nSubscription can be imported using any of these accepted formats:\n\n* `projects/{{project}}/subscriptions/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Subscription can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:pubsub/subscription:Subscription default projects/{{project}}/subscriptions/{{name}}\n```\n\n```sh\n$ pulumi import gcp:pubsub/subscription:Subscription default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:pubsub/subscription:Subscription default {{name}}\n```\n\n", "properties": { "ackDeadlineSeconds": { "type": "integer", @@ -253597,7 +253597,7 @@ } }, "gcp:pubsub/subscriptionIAMBinding:SubscriptionIAMBinding": { - "description": "Three different resources help you manage your IAM policy for pubsub subscription. Each of these resources serves a different use case:\n\n* `gcp.pubsub.SubscriptionIAMPolicy`: Authoritative. Sets the IAM policy for the subscription and replaces any existing policy already attached.\n* `gcp.pubsub.SubscriptionIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the subscription are preserved.\n* `gcp.pubsub.SubscriptionIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the subscription are preserved.\n\n\u003e **Note:** `gcp.pubsub.SubscriptionIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.SubscriptionIAMBinding` and `gcp.pubsub.SubscriptionIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.SubscriptionIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.SubscriptionIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.pubsub.SubscriptionIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.pubsub.SubscriptionIAMPolicy(\"editor\", {\n subscription: \"your-subscription-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.pubsub.SubscriptionIAMPolicy(\"editor\",\n subscription=\"your-subscription-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.PubSub.SubscriptionIAMPolicy(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscriptionIAMPolicy(ctx, \"editor\", \u0026pubsub.SubscriptionIAMPolicyArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMPolicy;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new SubscriptionIAMPolicy(\"editor\", SubscriptionIAMPolicyArgs.builder()\n .subscription(\"your-subscription-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMPolicy\n properties:\n subscription: your-subscription-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SubscriptionIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMBinding(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMBinding(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMBinding(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMBinding(ctx, \"editor\", \u0026pubsub.SubscriptionIAMBindingArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBinding;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMBinding(\"editor\", SubscriptionIAMBindingArgs.builder()\n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMBinding\n properties:\n subscription: your-subscription-name\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SubscriptionIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMMember(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMMember(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMMember(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMMember(ctx, \"editor\", \u0026pubsub.SubscriptionIAMMemberArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMember;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMMember(\"editor\", SubscriptionIAMMemberArgs.builder()\n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMMember\n properties:\n subscription: your-subscription-name\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SubscriptionIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMBinding(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMBinding(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMBinding(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMBinding(ctx, \"editor\", \u0026pubsub.SubscriptionIAMBindingArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBinding;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMBinding(\"editor\", SubscriptionIAMBindingArgs.builder()\n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMBinding\n properties:\n subscription: your-subscription-name\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SubscriptionIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMMember(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMMember(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMMember(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMMember(ctx, \"editor\", \u0026pubsub.SubscriptionIAMMemberArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMember;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMMember(\"editor\", SubscriptionIAMMemberArgs.builder()\n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMMember\n properties:\n subscription: your-subscription-name\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Pubsub Subscription resource. For example:\n\n* `\"projects/{{project_id}}/subscriptions/{{subscription}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{{project_id}}/subscriptions/{{subscription}}\"\n\n to = google_pubsub_subscription_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:pubsub/subscriptionIAMBinding:SubscriptionIAMBinding default projects/{{project_id}}/subscriptions/{{subscription}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for pubsub subscription. Each of these resources serves a different use case:\n\n* `gcp.pubsub.SubscriptionIAMPolicy`: Authoritative. Sets the IAM policy for the subscription and replaces any existing policy already attached.\n* `gcp.pubsub.SubscriptionIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the subscription are preserved.\n* `gcp.pubsub.SubscriptionIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the subscription are preserved.\n\n\u003e **Note:** `gcp.pubsub.SubscriptionIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.SubscriptionIAMBinding` and `gcp.pubsub.SubscriptionIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.SubscriptionIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.SubscriptionIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.pubsub.SubscriptionIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.pubsub.SubscriptionIAMPolicy(\"editor\", {\n subscription: \"your-subscription-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.pubsub.SubscriptionIAMPolicy(\"editor\",\n subscription=\"your-subscription-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.PubSub.SubscriptionIAMPolicy(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscriptionIAMPolicy(ctx, \"editor\", \u0026pubsub.SubscriptionIAMPolicyArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMPolicy;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new SubscriptionIAMPolicy(\"editor\", SubscriptionIAMPolicyArgs.builder()\n .subscription(\"your-subscription-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMPolicy\n properties:\n subscription: your-subscription-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SubscriptionIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMBinding(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMBinding(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMBinding(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMBinding(ctx, \"editor\", \u0026pubsub.SubscriptionIAMBindingArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBinding;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMBinding(\"editor\", SubscriptionIAMBindingArgs.builder()\n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMBinding\n properties:\n subscription: your-subscription-name\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SubscriptionIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMMember(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMMember(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMMember(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMMember(ctx, \"editor\", \u0026pubsub.SubscriptionIAMMemberArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMember;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMMember(\"editor\", SubscriptionIAMMemberArgs.builder()\n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMMember\n properties:\n subscription: your-subscription-name\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SubscriptionIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMBinding(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMBinding(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMBinding(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMBinding(ctx, \"editor\", \u0026pubsub.SubscriptionIAMBindingArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBinding;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMBinding(\"editor\", SubscriptionIAMBindingArgs.builder()\n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMBinding\n properties:\n subscription: your-subscription-name\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SubscriptionIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMMember(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMMember(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMMember(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMMember(ctx, \"editor\", \u0026pubsub.SubscriptionIAMMemberArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMember;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMMember(\"editor\", SubscriptionIAMMemberArgs.builder()\n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMMember\n properties:\n subscription: your-subscription-name\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Pubsub Subscription resource. For example:\n\n* `\"projects/{{project_id}}/subscriptions/{{subscription}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{{project_id}}/subscriptions/{{subscription}}\"\n\n to = google_pubsub_subscription_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:pubsub/subscriptionIAMBinding:SubscriptionIAMBinding default projects/{{project_id}}/subscriptions/{{subscription}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:pubsub/SubscriptionIAMBindingCondition:SubscriptionIAMBindingCondition" @@ -253704,7 +253704,7 @@ } }, "gcp:pubsub/subscriptionIAMMember:SubscriptionIAMMember": { - "description": "Three different resources help you manage your IAM policy for pubsub subscription. Each of these resources serves a different use case:\n\n* `gcp.pubsub.SubscriptionIAMPolicy`: Authoritative. Sets the IAM policy for the subscription and replaces any existing policy already attached.\n* `gcp.pubsub.SubscriptionIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the subscription are preserved.\n* `gcp.pubsub.SubscriptionIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the subscription are preserved.\n\n\u003e **Note:** `gcp.pubsub.SubscriptionIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.SubscriptionIAMBinding` and `gcp.pubsub.SubscriptionIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.SubscriptionIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.SubscriptionIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.pubsub.SubscriptionIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.pubsub.SubscriptionIAMPolicy(\"editor\", {\n subscription: \"your-subscription-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.pubsub.SubscriptionIAMPolicy(\"editor\",\n subscription=\"your-subscription-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.PubSub.SubscriptionIAMPolicy(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscriptionIAMPolicy(ctx, \"editor\", \u0026pubsub.SubscriptionIAMPolicyArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMPolicy;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new SubscriptionIAMPolicy(\"editor\", SubscriptionIAMPolicyArgs.builder()\n .subscription(\"your-subscription-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMPolicy\n properties:\n subscription: your-subscription-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SubscriptionIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMBinding(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMBinding(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMBinding(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMBinding(ctx, \"editor\", \u0026pubsub.SubscriptionIAMBindingArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBinding;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMBinding(\"editor\", SubscriptionIAMBindingArgs.builder()\n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMBinding\n properties:\n subscription: your-subscription-name\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SubscriptionIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMMember(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMMember(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMMember(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMMember(ctx, \"editor\", \u0026pubsub.SubscriptionIAMMemberArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMember;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMMember(\"editor\", SubscriptionIAMMemberArgs.builder()\n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMMember\n properties:\n subscription: your-subscription-name\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SubscriptionIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMBinding(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMBinding(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMBinding(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMBinding(ctx, \"editor\", \u0026pubsub.SubscriptionIAMBindingArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBinding;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMBinding(\"editor\", SubscriptionIAMBindingArgs.builder()\n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMBinding\n properties:\n subscription: your-subscription-name\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SubscriptionIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMMember(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMMember(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMMember(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMMember(ctx, \"editor\", \u0026pubsub.SubscriptionIAMMemberArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMember;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMMember(\"editor\", SubscriptionIAMMemberArgs.builder()\n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMMember\n properties:\n subscription: your-subscription-name\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Pubsub Subscription resource. For example:\n\n* `\"projects/{{project_id}}/subscriptions/{{subscription}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{{project_id}}/subscriptions/{{subscription}}\"\n\n to = google_pubsub_subscription_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:pubsub/subscriptionIAMMember:SubscriptionIAMMember default projects/{{project_id}}/subscriptions/{{subscription}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for pubsub subscription. Each of these resources serves a different use case:\n\n* `gcp.pubsub.SubscriptionIAMPolicy`: Authoritative. Sets the IAM policy for the subscription and replaces any existing policy already attached.\n* `gcp.pubsub.SubscriptionIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the subscription are preserved.\n* `gcp.pubsub.SubscriptionIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the subscription are preserved.\n\n\u003e **Note:** `gcp.pubsub.SubscriptionIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.SubscriptionIAMBinding` and `gcp.pubsub.SubscriptionIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.SubscriptionIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.SubscriptionIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.pubsub.SubscriptionIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.pubsub.SubscriptionIAMPolicy(\"editor\", {\n subscription: \"your-subscription-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.pubsub.SubscriptionIAMPolicy(\"editor\",\n subscription=\"your-subscription-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.PubSub.SubscriptionIAMPolicy(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscriptionIAMPolicy(ctx, \"editor\", \u0026pubsub.SubscriptionIAMPolicyArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMPolicy;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new SubscriptionIAMPolicy(\"editor\", SubscriptionIAMPolicyArgs.builder()\n .subscription(\"your-subscription-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMPolicy\n properties:\n subscription: your-subscription-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SubscriptionIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMBinding(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMBinding(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMBinding(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMBinding(ctx, \"editor\", \u0026pubsub.SubscriptionIAMBindingArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBinding;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMBinding(\"editor\", SubscriptionIAMBindingArgs.builder()\n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMBinding\n properties:\n subscription: your-subscription-name\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SubscriptionIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMMember(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMMember(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMMember(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMMember(ctx, \"editor\", \u0026pubsub.SubscriptionIAMMemberArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMember;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMMember(\"editor\", SubscriptionIAMMemberArgs.builder()\n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMMember\n properties:\n subscription: your-subscription-name\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SubscriptionIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMBinding(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMBinding(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMBinding(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMBinding(ctx, \"editor\", \u0026pubsub.SubscriptionIAMBindingArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBinding;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMBinding(\"editor\", SubscriptionIAMBindingArgs.builder()\n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMBinding\n properties:\n subscription: your-subscription-name\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SubscriptionIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMMember(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMMember(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMMember(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMMember(ctx, \"editor\", \u0026pubsub.SubscriptionIAMMemberArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMember;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMMember(\"editor\", SubscriptionIAMMemberArgs.builder()\n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMMember\n properties:\n subscription: your-subscription-name\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Pubsub Subscription resource. For example:\n\n* `\"projects/{{project_id}}/subscriptions/{{subscription}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{{project_id}}/subscriptions/{{subscription}}\"\n\n to = google_pubsub_subscription_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:pubsub/subscriptionIAMMember:SubscriptionIAMMember default projects/{{project_id}}/subscriptions/{{subscription}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:pubsub/SubscriptionIAMMemberCondition:SubscriptionIAMMemberCondition" @@ -253804,7 +253804,7 @@ } }, "gcp:pubsub/subscriptionIAMPolicy:SubscriptionIAMPolicy": { - "description": "Three different resources help you manage your IAM policy for pubsub subscription. Each of these resources serves a different use case:\n\n* `gcp.pubsub.SubscriptionIAMPolicy`: Authoritative. Sets the IAM policy for the subscription and replaces any existing policy already attached.\n* `gcp.pubsub.SubscriptionIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the subscription are preserved.\n* `gcp.pubsub.SubscriptionIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the subscription are preserved.\n\n\u003e **Note:** `gcp.pubsub.SubscriptionIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.SubscriptionIAMBinding` and `gcp.pubsub.SubscriptionIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.SubscriptionIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.SubscriptionIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.pubsub.SubscriptionIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.pubsub.SubscriptionIAMPolicy(\"editor\", {\n subscription: \"your-subscription-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.pubsub.SubscriptionIAMPolicy(\"editor\",\n subscription=\"your-subscription-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.PubSub.SubscriptionIAMPolicy(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscriptionIAMPolicy(ctx, \"editor\", \u0026pubsub.SubscriptionIAMPolicyArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMPolicy;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new SubscriptionIAMPolicy(\"editor\", SubscriptionIAMPolicyArgs.builder()\n .subscription(\"your-subscription-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMPolicy\n properties:\n subscription: your-subscription-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SubscriptionIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMBinding(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMBinding(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMBinding(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMBinding(ctx, \"editor\", \u0026pubsub.SubscriptionIAMBindingArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBinding;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMBinding(\"editor\", SubscriptionIAMBindingArgs.builder()\n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMBinding\n properties:\n subscription: your-subscription-name\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SubscriptionIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMMember(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMMember(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMMember(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMMember(ctx, \"editor\", \u0026pubsub.SubscriptionIAMMemberArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMember;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMMember(\"editor\", SubscriptionIAMMemberArgs.builder()\n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMMember\n properties:\n subscription: your-subscription-name\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SubscriptionIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMBinding(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMBinding(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMBinding(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMBinding(ctx, \"editor\", \u0026pubsub.SubscriptionIAMBindingArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBinding;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMBinding(\"editor\", SubscriptionIAMBindingArgs.builder()\n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMBinding\n properties:\n subscription: your-subscription-name\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SubscriptionIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMMember(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMMember(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMMember(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMMember(ctx, \"editor\", \u0026pubsub.SubscriptionIAMMemberArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMember;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMMember(\"editor\", SubscriptionIAMMemberArgs.builder()\n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMMember\n properties:\n subscription: your-subscription-name\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Pubsub Subscription resource. For example:\n\n* `\"projects/{{project_id}}/subscriptions/{{subscription}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{{project_id}}/subscriptions/{{subscription}}\"\n\n to = google_pubsub_subscription_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:pubsub/subscriptionIAMPolicy:SubscriptionIAMPolicy default projects/{{project_id}}/subscriptions/{{subscription}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for pubsub subscription. Each of these resources serves a different use case:\n\n* `gcp.pubsub.SubscriptionIAMPolicy`: Authoritative. Sets the IAM policy for the subscription and replaces any existing policy already attached.\n* `gcp.pubsub.SubscriptionIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the subscription are preserved.\n* `gcp.pubsub.SubscriptionIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the subscription are preserved.\n\n\u003e **Note:** `gcp.pubsub.SubscriptionIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.SubscriptionIAMBinding` and `gcp.pubsub.SubscriptionIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.SubscriptionIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.SubscriptionIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.pubsub.SubscriptionIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.pubsub.SubscriptionIAMPolicy(\"editor\", {\n subscription: \"your-subscription-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\neditor = gcp.pubsub.SubscriptionIAMPolicy(\"editor\",\n subscription=\"your-subscription-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.PubSub.SubscriptionIAMPolicy(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscriptionIAMPolicy(ctx, \"editor\", \u0026pubsub.SubscriptionIAMPolicyArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMPolicy;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new SubscriptionIAMPolicy(\"editor\", SubscriptionIAMPolicyArgs.builder()\n .subscription(\"your-subscription-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMPolicy\n properties:\n subscription: your-subscription-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SubscriptionIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMBinding(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMBinding(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMBinding(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMBinding(ctx, \"editor\", \u0026pubsub.SubscriptionIAMBindingArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBinding;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMBinding(\"editor\", SubscriptionIAMBindingArgs.builder()\n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMBinding\n properties:\n subscription: your-subscription-name\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SubscriptionIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMMember(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMMember(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMMember(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMMember(ctx, \"editor\", \u0026pubsub.SubscriptionIAMMemberArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMember;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMMember(\"editor\", SubscriptionIAMMemberArgs.builder()\n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMMember\n properties:\n subscription: your-subscription-name\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SubscriptionIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMBinding(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMBinding(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMBinding(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMBinding(ctx, \"editor\", \u0026pubsub.SubscriptionIAMBindingArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBinding;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMBinding(\"editor\", SubscriptionIAMBindingArgs.builder()\n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMBinding\n properties:\n subscription: your-subscription-name\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.SubscriptionIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMMember(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMMember(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMMember(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMMember(ctx, \"editor\", \u0026pubsub.SubscriptionIAMMemberArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMember;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMMember(\"editor\", SubscriptionIAMMemberArgs.builder()\n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMMember\n properties:\n subscription: your-subscription-name\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Pubsub Subscription resource. For example:\n\n* `\"projects/{{project_id}}/subscriptions/{{subscription}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{{project_id}}/subscriptions/{{subscription}}\"\n\n to = google_pubsub_subscription_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:pubsub/subscriptionIAMPolicy:SubscriptionIAMPolicy default projects/{{project_id}}/subscriptions/{{subscription}}\n```\n\n", "properties": { "etag": { "type": "string", @@ -253875,7 +253875,7 @@ } }, "gcp:pubsub/topic:Topic": { - "description": "A named resource to which messages are sent by publishers.\n\n\nTo get more information about Topic, see:\n\n* [API documentation](https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.topics)\n* How-to Guides\n * [Managing Topics](https://cloud.google.com/pubsub/docs/admin#managing_topics)\n\n\u003e **Note:** You can retrieve the email of the Google Managed Pub/Sub Service Account used for forwarding\nby using the `gcp.projects.ServiceIdentity` resource.\n\n## Example Usage\n\n### Pubsub Topic Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.pubsub.Topic(\"example\", {\n name: \"example-topic\",\n labels: {\n foo: \"bar\",\n },\n messageRetentionDuration: \"86600s\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.pubsub.Topic(\"example\",\n name=\"example-topic\",\n labels={\n \"foo\": \"bar\",\n },\n message_retention_duration=\"86600s\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.PubSub.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n MessageRetentionDuration = \"86600s\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopic(ctx, \"example\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tMessageRetentionDuration: pulumi.String(\"86600s\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Topic(\"example\", TopicArgs.builder()\n .name(\"example-topic\")\n .labels(Map.of(\"foo\", \"bar\"))\n .messageRetentionDuration(\"86600s\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:Topic\n properties:\n name: example-topic\n labels:\n foo: bar\n messageRetentionDuration: 86600s\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Pubsub Topic Cmek\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRing(\"key_ring\", {\n name: \"example-keyring\",\n location: \"global\",\n});\nconst cryptoKey = new gcp.kms.CryptoKey(\"crypto_key\", {\n name: \"example-key\",\n keyRing: keyRing.id,\n});\nconst example = new gcp.pubsub.Topic(\"example\", {\n name: \"example-topic\",\n kmsKeyName: cryptoKey.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRing(\"key_ring\",\n name=\"example-keyring\",\n location=\"global\")\ncrypto_key = gcp.kms.CryptoKey(\"crypto_key\",\n name=\"example-key\",\n key_ring=key_ring.id)\nexample = gcp.pubsub.Topic(\"example\",\n name=\"example-topic\",\n kms_key_name=crypto_key.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRing(\"key_ring\", new()\n {\n Name = \"example-keyring\",\n Location = \"global\",\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKey(\"crypto_key\", new()\n {\n Name = \"example-key\",\n KeyRing = keyRing.Id,\n });\n\n var example = new Gcp.PubSub.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n KmsKeyName = cryptoKey.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyRing, err := kms.NewKeyRing(ctx, \"key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"example-keyring\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKey(ctx, \"crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"example-key\"),\n\t\t\tKeyRing: keyRing.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopic(ctx, \"example\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t\tKmsKeyName: cryptoKey.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRing(\"keyRing\", KeyRingArgs.builder()\n .name(\"example-keyring\")\n .location(\"global\")\n .build());\n\n var cryptoKey = new CryptoKey(\"cryptoKey\", CryptoKeyArgs.builder()\n .name(\"example-key\")\n .keyRing(keyRing.id())\n .build());\n\n var example = new Topic(\"example\", TopicArgs.builder()\n .name(\"example-topic\")\n .kmsKeyName(cryptoKey.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:Topic\n properties:\n name: example-topic\n kmsKeyName: ${cryptoKey.id}\n cryptoKey:\n type: gcp:kms:CryptoKey\n name: crypto_key\n properties:\n name: example-key\n keyRing: ${keyRing.id}\n keyRing:\n type: gcp:kms:KeyRing\n name: key_ring\n properties:\n name: example-keyring\n location: global\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Pubsub Topic Geo Restricted\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.pubsub.Topic(\"example\", {\n name: \"example-topic\",\n messageStoragePolicy: {\n allowedPersistenceRegions: [\"europe-west3\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.pubsub.Topic(\"example\",\n name=\"example-topic\",\n message_storage_policy={\n \"allowed_persistence_regions\": [\"europe-west3\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.PubSub.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n MessageStoragePolicy = new Gcp.PubSub.Inputs.TopicMessageStoragePolicyArgs\n {\n AllowedPersistenceRegions = new[]\n {\n \"europe-west3\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopic(ctx, \"example\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t\tMessageStoragePolicy: \u0026pubsub.TopicMessageStoragePolicyArgs{\n\t\t\t\tAllowedPersistenceRegions: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"europe-west3\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.pubsub.inputs.TopicMessageStoragePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Topic(\"example\", TopicArgs.builder()\n .name(\"example-topic\")\n .messageStoragePolicy(TopicMessageStoragePolicyArgs.builder()\n .allowedPersistenceRegions(\"europe-west3\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:Topic\n properties:\n name: example-topic\n messageStoragePolicy:\n allowedPersistenceRegions:\n - europe-west3\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Pubsub Topic Schema Settings\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.pubsub.Schema(\"example\", {\n name: \"example\",\n type: \"AVRO\",\n definition: `{\n \"type\" : \"record\",\n \"name\" : \"Avro\",\n \"fields\" : [\n {\n \"name\" : \"StringField\",\n \"type\" : \"string\"\n },\n {\n \"name\" : \"IntField\",\n \"type\" : \"int\"\n }\n ]\n}\n`,\n});\nconst exampleTopic = new gcp.pubsub.Topic(\"example\", {\n name: \"example-topic\",\n schemaSettings: {\n schema: \"projects/my-project-name/schemas/example\",\n encoding: \"JSON\",\n },\n}, {\n dependsOn: [example],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.pubsub.Schema(\"example\",\n name=\"example\",\n type=\"AVRO\",\n definition=\"\"\"{\n \"type\" : \"record\",\n \"name\" : \"Avro\",\n \"fields\" : [\n {\n \"name\" : \"StringField\",\n \"type\" : \"string\"\n },\n {\n \"name\" : \"IntField\",\n \"type\" : \"int\"\n }\n ]\n}\n\"\"\")\nexample_topic = gcp.pubsub.Topic(\"example\",\n name=\"example-topic\",\n schema_settings={\n \"schema\": \"projects/my-project-name/schemas/example\",\n \"encoding\": \"JSON\",\n },\n opts = pulumi.ResourceOptions(depends_on=[example]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.PubSub.Schema(\"example\", new()\n {\n Name = \"example\",\n Type = \"AVRO\",\n Definition = @\"{\n \"\"type\"\" : \"\"record\"\",\n \"\"name\"\" : \"\"Avro\"\",\n \"\"fields\"\" : [\n {\n \"\"name\"\" : \"\"StringField\"\",\n \"\"type\"\" : \"\"string\"\"\n },\n {\n \"\"name\"\" : \"\"IntField\"\",\n \"\"type\"\" : \"\"int\"\"\n }\n ]\n}\n\",\n });\n\n var exampleTopic = new Gcp.PubSub.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n SchemaSettings = new Gcp.PubSub.Inputs.TopicSchemaSettingsArgs\n {\n Schema = \"projects/my-project-name/schemas/example\",\n Encoding = \"JSON\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n example,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := pubsub.NewSchema(ctx, \"example\", \u0026pubsub.SchemaArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tType: pulumi.String(\"AVRO\"),\n\t\t\tDefinition: pulumi.String(`{\n \"type\" : \"record\",\n \"name\" : \"Avro\",\n \"fields\" : [\n {\n \"name\" : \"StringField\",\n \"type\" : \"string\"\n },\n {\n \"name\" : \"IntField\",\n \"type\" : \"int\"\n }\n ]\n}\n`),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopic(ctx, \"example\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t\tSchemaSettings: \u0026pubsub.TopicSchemaSettingsArgs{\n\t\t\t\tSchema: pulumi.String(\"projects/my-project-name/schemas/example\"),\n\t\t\t\tEncoding: pulumi.String(\"JSON\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texample,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Schema;\nimport com.pulumi.gcp.pubsub.SchemaArgs;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.pubsub.inputs.TopicSchemaSettingsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Schema(\"example\", SchemaArgs.builder()\n .name(\"example\")\n .type(\"AVRO\")\n .definition(\"\"\"\n{\n \"type\" : \"record\",\n \"name\" : \"Avro\",\n \"fields\" : [\n {\n \"name\" : \"StringField\",\n \"type\" : \"string\"\n },\n {\n \"name\" : \"IntField\",\n \"type\" : \"int\"\n }\n ]\n}\n \"\"\")\n .build());\n\n var exampleTopic = new Topic(\"exampleTopic\", TopicArgs.builder()\n .name(\"example-topic\")\n .schemaSettings(TopicSchemaSettingsArgs.builder()\n .schema(\"projects/my-project-name/schemas/example\")\n .encoding(\"JSON\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(example)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:Schema\n properties:\n name: example\n type: AVRO\n definition: |\n {\n \"type\" : \"record\",\n \"name\" : \"Avro\",\n \"fields\" : [\n {\n \"name\" : \"StringField\",\n \"type\" : \"string\"\n },\n {\n \"name\" : \"IntField\",\n \"type\" : \"int\"\n }\n ]\n }\n exampleTopic:\n type: gcp:pubsub:Topic\n name: example\n properties:\n name: example-topic\n schemaSettings:\n schema: projects/my-project-name/schemas/example\n encoding: JSON\n options:\n dependson:\n - ${example}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Pubsub Topic Ingestion Kinesis\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.pubsub.Topic(\"example\", {\n name: \"example-topic\",\n ingestionDataSourceSettings: {\n awsKinesis: {\n streamArn: \"arn:aws:kinesis:us-west-2:111111111111:stream/fake-stream-name\",\n consumerArn: \"arn:aws:kinesis:us-west-2:111111111111:stream/fake-stream-name/consumer/consumer-1:1111111111\",\n awsRoleArn: \"arn:aws:iam::111111111111:role/fake-role-name\",\n gcpServiceAccount: \"fake-service-account@fake-gcp-project.iam.gserviceaccount.com\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.pubsub.Topic(\"example\",\n name=\"example-topic\",\n ingestion_data_source_settings={\n \"aws_kinesis\": {\n \"stream_arn\": \"arn:aws:kinesis:us-west-2:111111111111:stream/fake-stream-name\",\n \"consumer_arn\": \"arn:aws:kinesis:us-west-2:111111111111:stream/fake-stream-name/consumer/consumer-1:1111111111\",\n \"aws_role_arn\": \"arn:aws:iam::111111111111:role/fake-role-name\",\n \"gcp_service_account\": \"fake-service-account@fake-gcp-project.iam.gserviceaccount.com\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.PubSub.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n IngestionDataSourceSettings = new Gcp.PubSub.Inputs.TopicIngestionDataSourceSettingsArgs\n {\n AwsKinesis = new Gcp.PubSub.Inputs.TopicIngestionDataSourceSettingsAwsKinesisArgs\n {\n StreamArn = \"arn:aws:kinesis:us-west-2:111111111111:stream/fake-stream-name\",\n ConsumerArn = \"arn:aws:kinesis:us-west-2:111111111111:stream/fake-stream-name/consumer/consumer-1:1111111111\",\n AwsRoleArn = \"arn:aws:iam::111111111111:role/fake-role-name\",\n GcpServiceAccount = \"fake-service-account@fake-gcp-project.iam.gserviceaccount.com\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopic(ctx, \"example\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t\tIngestionDataSourceSettings: \u0026pubsub.TopicIngestionDataSourceSettingsArgs{\n\t\t\t\tAwsKinesis: \u0026pubsub.TopicIngestionDataSourceSettingsAwsKinesisArgs{\n\t\t\t\t\tStreamArn: pulumi.String(\"arn:aws:kinesis:us-west-2:111111111111:stream/fake-stream-name\"),\n\t\t\t\t\tConsumerArn: pulumi.String(\"arn:aws:kinesis:us-west-2:111111111111:stream/fake-stream-name/consumer/consumer-1:1111111111\"),\n\t\t\t\t\tAwsRoleArn: pulumi.String(\"arn:aws:iam::111111111111:role/fake-role-name\"),\n\t\t\t\t\tGcpServiceAccount: pulumi.String(\"fake-service-account@fake-gcp-project.iam.gserviceaccount.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.pubsub.inputs.TopicIngestionDataSourceSettingsArgs;\nimport com.pulumi.gcp.pubsub.inputs.TopicIngestionDataSourceSettingsAwsKinesisArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Topic(\"example\", TopicArgs.builder()\n .name(\"example-topic\")\n .ingestionDataSourceSettings(TopicIngestionDataSourceSettingsArgs.builder()\n .awsKinesis(TopicIngestionDataSourceSettingsAwsKinesisArgs.builder()\n .streamArn(\"arn:aws:kinesis:us-west-2:111111111111:stream/fake-stream-name\")\n .consumerArn(\"arn:aws:kinesis:us-west-2:111111111111:stream/fake-stream-name/consumer/consumer-1:1111111111\")\n .awsRoleArn(\"arn:aws:iam::111111111111:role/fake-role-name\")\n .gcpServiceAccount(\"fake-service-account@fake-gcp-project.iam.gserviceaccount.com\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:Topic\n properties:\n name: example-topic\n ingestionDataSourceSettings:\n awsKinesis:\n streamArn: arn:aws:kinesis:us-west-2:111111111111:stream/fake-stream-name\n consumerArn: arn:aws:kinesis:us-west-2:111111111111:stream/fake-stream-name/consumer/consumer-1:1111111111\n awsRoleArn: arn:aws:iam::111111111111:role/fake-role-name\n gcpServiceAccount: fake-service-account@fake-gcp-project.iam.gserviceaccount.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Pubsub Topic Ingestion Cloud Storage\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.pubsub.Topic(\"example\", {\n name: \"example-topic\",\n ingestionDataSourceSettings: {\n cloudStorage: {\n bucket: \"test-bucket\",\n textFormat: {\n delimiter: \" \",\n },\n minimumObjectCreateTime: \"2024-01-01T00:00:00Z\",\n matchGlob: \"foo/**\",\n },\n platformLogsSettings: {\n severity: \"WARNING\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.pubsub.Topic(\"example\",\n name=\"example-topic\",\n ingestion_data_source_settings={\n \"cloud_storage\": {\n \"bucket\": \"test-bucket\",\n \"text_format\": {\n \"delimiter\": \" \",\n },\n \"minimum_object_create_time\": \"2024-01-01T00:00:00Z\",\n \"match_glob\": \"foo/**\",\n },\n \"platform_logs_settings\": {\n \"severity\": \"WARNING\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.PubSub.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n IngestionDataSourceSettings = new Gcp.PubSub.Inputs.TopicIngestionDataSourceSettingsArgs\n {\n CloudStorage = new Gcp.PubSub.Inputs.TopicIngestionDataSourceSettingsCloudStorageArgs\n {\n Bucket = \"test-bucket\",\n TextFormat = new Gcp.PubSub.Inputs.TopicIngestionDataSourceSettingsCloudStorageTextFormatArgs\n {\n Delimiter = \" \",\n },\n MinimumObjectCreateTime = \"2024-01-01T00:00:00Z\",\n MatchGlob = \"foo/**\",\n },\n PlatformLogsSettings = new Gcp.PubSub.Inputs.TopicIngestionDataSourceSettingsPlatformLogsSettingsArgs\n {\n Severity = \"WARNING\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopic(ctx, \"example\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t\tIngestionDataSourceSettings: \u0026pubsub.TopicIngestionDataSourceSettingsArgs{\n\t\t\t\tCloudStorage: \u0026pubsub.TopicIngestionDataSourceSettingsCloudStorageArgs{\n\t\t\t\t\tBucket: pulumi.String(\"test-bucket\"),\n\t\t\t\t\tTextFormat: \u0026pubsub.TopicIngestionDataSourceSettingsCloudStorageTextFormatArgs{\n\t\t\t\t\t\tDelimiter: pulumi.String(\" \"),\n\t\t\t\t\t},\n\t\t\t\t\tMinimumObjectCreateTime: pulumi.String(\"2024-01-01T00:00:00Z\"),\n\t\t\t\t\tMatchGlob: pulumi.String(\"foo/**\"),\n\t\t\t\t},\n\t\t\t\tPlatformLogsSettings: \u0026pubsub.TopicIngestionDataSourceSettingsPlatformLogsSettingsArgs{\n\t\t\t\t\tSeverity: pulumi.String(\"WARNING\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.pubsub.inputs.TopicIngestionDataSourceSettingsArgs;\nimport com.pulumi.gcp.pubsub.inputs.TopicIngestionDataSourceSettingsCloudStorageArgs;\nimport com.pulumi.gcp.pubsub.inputs.TopicIngestionDataSourceSettingsCloudStorageTextFormatArgs;\nimport com.pulumi.gcp.pubsub.inputs.TopicIngestionDataSourceSettingsPlatformLogsSettingsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Topic(\"example\", TopicArgs.builder()\n .name(\"example-topic\")\n .ingestionDataSourceSettings(TopicIngestionDataSourceSettingsArgs.builder()\n .cloudStorage(TopicIngestionDataSourceSettingsCloudStorageArgs.builder()\n .bucket(\"test-bucket\")\n .textFormat(TopicIngestionDataSourceSettingsCloudStorageTextFormatArgs.builder()\n .delimiter(\" \")\n .build())\n .minimumObjectCreateTime(\"2024-01-01T00:00:00Z\")\n .matchGlob(\"foo/**\")\n .build())\n .platformLogsSettings(TopicIngestionDataSourceSettingsPlatformLogsSettingsArgs.builder()\n .severity(\"WARNING\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:Topic\n properties:\n name: example-topic\n ingestionDataSourceSettings:\n cloudStorage:\n bucket: test-bucket\n textFormat:\n delimiter: ' '\n minimumObjectCreateTime: 2024-01-01T00:00:00Z\n matchGlob: foo/**\n platformLogsSettings:\n severity: WARNING\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nTopic can be imported using any of these accepted formats:\n\n* `projects/{{project}}/topics/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Topic can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:pubsub/topic:Topic default projects/{{project}}/topics/{{name}}\n```\n\n```sh\n$ pulumi import gcp:pubsub/topic:Topic default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:pubsub/topic:Topic default {{name}}\n```\n\n", + "description": "A named resource to which messages are sent by publishers.\n\n\nTo get more information about Topic, see:\n\n* [API documentation](https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.topics)\n* How-to Guides\n * [Managing Topics](https://cloud.google.com/pubsub/docs/admin#managing_topics)\n\n\u003e **Note:** You can retrieve the email of the Google Managed Pub/Sub Service Account used for forwarding\nby using the `gcp.projects.ServiceIdentity` resource.\n\n## Example Usage\n\n### Pubsub Topic Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.pubsub.Topic(\"example\", {\n name: \"example-topic\",\n labels: {\n foo: \"bar\",\n },\n messageRetentionDuration: \"86600s\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.pubsub.Topic(\"example\",\n name=\"example-topic\",\n labels={\n \"foo\": \"bar\",\n },\n message_retention_duration=\"86600s\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.PubSub.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n MessageRetentionDuration = \"86600s\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopic(ctx, \"example\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tMessageRetentionDuration: pulumi.String(\"86600s\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Topic(\"example\", TopicArgs.builder()\n .name(\"example-topic\")\n .labels(Map.of(\"foo\", \"bar\"))\n .messageRetentionDuration(\"86600s\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:Topic\n properties:\n name: example-topic\n labels:\n foo: bar\n messageRetentionDuration: 86600s\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Pubsub Topic Cmek\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRing(\"key_ring\", {\n name: \"example-keyring\",\n location: \"global\",\n});\nconst cryptoKey = new gcp.kms.CryptoKey(\"crypto_key\", {\n name: \"example-key\",\n keyRing: keyRing.id,\n});\nconst example = new gcp.pubsub.Topic(\"example\", {\n name: \"example-topic\",\n kmsKeyName: cryptoKey.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRing(\"key_ring\",\n name=\"example-keyring\",\n location=\"global\")\ncrypto_key = gcp.kms.CryptoKey(\"crypto_key\",\n name=\"example-key\",\n key_ring=key_ring.id)\nexample = gcp.pubsub.Topic(\"example\",\n name=\"example-topic\",\n kms_key_name=crypto_key.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRing(\"key_ring\", new()\n {\n Name = \"example-keyring\",\n Location = \"global\",\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKey(\"crypto_key\", new()\n {\n Name = \"example-key\",\n KeyRing = keyRing.Id,\n });\n\n var example = new Gcp.PubSub.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n KmsKeyName = cryptoKey.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyRing, err := kms.NewKeyRing(ctx, \"key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"example-keyring\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKey(ctx, \"crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"example-key\"),\n\t\t\tKeyRing: keyRing.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopic(ctx, \"example\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t\tKmsKeyName: cryptoKey.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRing(\"keyRing\", KeyRingArgs.builder()\n .name(\"example-keyring\")\n .location(\"global\")\n .build());\n\n var cryptoKey = new CryptoKey(\"cryptoKey\", CryptoKeyArgs.builder()\n .name(\"example-key\")\n .keyRing(keyRing.id())\n .build());\n\n var example = new Topic(\"example\", TopicArgs.builder()\n .name(\"example-topic\")\n .kmsKeyName(cryptoKey.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:Topic\n properties:\n name: example-topic\n kmsKeyName: ${cryptoKey.id}\n cryptoKey:\n type: gcp:kms:CryptoKey\n name: crypto_key\n properties:\n name: example-key\n keyRing: ${keyRing.id}\n keyRing:\n type: gcp:kms:KeyRing\n name: key_ring\n properties:\n name: example-keyring\n location: global\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Pubsub Topic Geo Restricted\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.pubsub.Topic(\"example\", {\n name: \"example-topic\",\n messageStoragePolicy: {\n allowedPersistenceRegions: [\"europe-west3\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.pubsub.Topic(\"example\",\n name=\"example-topic\",\n message_storage_policy={\n \"allowed_persistence_regions\": [\"europe-west3\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.PubSub.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n MessageStoragePolicy = new Gcp.PubSub.Inputs.TopicMessageStoragePolicyArgs\n {\n AllowedPersistenceRegions = new[]\n {\n \"europe-west3\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopic(ctx, \"example\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t\tMessageStoragePolicy: \u0026pubsub.TopicMessageStoragePolicyArgs{\n\t\t\t\tAllowedPersistenceRegions: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"europe-west3\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.pubsub.inputs.TopicMessageStoragePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Topic(\"example\", TopicArgs.builder()\n .name(\"example-topic\")\n .messageStoragePolicy(TopicMessageStoragePolicyArgs.builder()\n .allowedPersistenceRegions(\"europe-west3\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:Topic\n properties:\n name: example-topic\n messageStoragePolicy:\n allowedPersistenceRegions:\n - europe-west3\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Pubsub Topic Schema Settings\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.pubsub.Schema(\"example\", {\n name: \"example\",\n type: \"AVRO\",\n definition: `{\n \"type\" : \"record\",\n \"name\" : \"Avro\",\n \"fields\" : [\n {\n \"name\" : \"StringField\",\n \"type\" : \"string\"\n },\n {\n \"name\" : \"IntField\",\n \"type\" : \"int\"\n }\n ]\n}\n`,\n});\nconst exampleTopic = new gcp.pubsub.Topic(\"example\", {\n name: \"example-topic\",\n schemaSettings: {\n schema: \"projects/my-project-name/schemas/example\",\n encoding: \"JSON\",\n },\n}, {\n dependsOn: [example],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.pubsub.Schema(\"example\",\n name=\"example\",\n type=\"AVRO\",\n definition=\"\"\"{\n \"type\" : \"record\",\n \"name\" : \"Avro\",\n \"fields\" : [\n {\n \"name\" : \"StringField\",\n \"type\" : \"string\"\n },\n {\n \"name\" : \"IntField\",\n \"type\" : \"int\"\n }\n ]\n}\n\"\"\")\nexample_topic = gcp.pubsub.Topic(\"example\",\n name=\"example-topic\",\n schema_settings={\n \"schema\": \"projects/my-project-name/schemas/example\",\n \"encoding\": \"JSON\",\n },\n opts = pulumi.ResourceOptions(depends_on=[example]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.PubSub.Schema(\"example\", new()\n {\n Name = \"example\",\n Type = \"AVRO\",\n Definition = @\"{\n \"\"type\"\" : \"\"record\"\",\n \"\"name\"\" : \"\"Avro\"\",\n \"\"fields\"\" : [\n {\n \"\"name\"\" : \"\"StringField\"\",\n \"\"type\"\" : \"\"string\"\"\n },\n {\n \"\"name\"\" : \"\"IntField\"\",\n \"\"type\"\" : \"\"int\"\"\n }\n ]\n}\n\",\n });\n\n var exampleTopic = new Gcp.PubSub.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n SchemaSettings = new Gcp.PubSub.Inputs.TopicSchemaSettingsArgs\n {\n Schema = \"projects/my-project-name/schemas/example\",\n Encoding = \"JSON\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n example,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := pubsub.NewSchema(ctx, \"example\", \u0026pubsub.SchemaArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tType: pulumi.String(\"AVRO\"),\n\t\t\tDefinition: pulumi.String(`{\n \"type\" : \"record\",\n \"name\" : \"Avro\",\n \"fields\" : [\n {\n \"name\" : \"StringField\",\n \"type\" : \"string\"\n },\n {\n \"name\" : \"IntField\",\n \"type\" : \"int\"\n }\n ]\n}\n`),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopic(ctx, \"example\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t\tSchemaSettings: \u0026pubsub.TopicSchemaSettingsArgs{\n\t\t\t\tSchema: pulumi.String(\"projects/my-project-name/schemas/example\"),\n\t\t\t\tEncoding: pulumi.String(\"JSON\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texample,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Schema;\nimport com.pulumi.gcp.pubsub.SchemaArgs;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.pubsub.inputs.TopicSchemaSettingsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Schema(\"example\", SchemaArgs.builder()\n .name(\"example\")\n .type(\"AVRO\")\n .definition(\"\"\"\n{\n \"type\" : \"record\",\n \"name\" : \"Avro\",\n \"fields\" : [\n {\n \"name\" : \"StringField\",\n \"type\" : \"string\"\n },\n {\n \"name\" : \"IntField\",\n \"type\" : \"int\"\n }\n ]\n}\n \"\"\")\n .build());\n\n var exampleTopic = new Topic(\"exampleTopic\", TopicArgs.builder()\n .name(\"example-topic\")\n .schemaSettings(TopicSchemaSettingsArgs.builder()\n .schema(\"projects/my-project-name/schemas/example\")\n .encoding(\"JSON\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(example)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:Schema\n properties:\n name: example\n type: AVRO\n definition: |\n {\n \"type\" : \"record\",\n \"name\" : \"Avro\",\n \"fields\" : [\n {\n \"name\" : \"StringField\",\n \"type\" : \"string\"\n },\n {\n \"name\" : \"IntField\",\n \"type\" : \"int\"\n }\n ]\n }\n exampleTopic:\n type: gcp:pubsub:Topic\n name: example\n properties:\n name: example-topic\n schemaSettings:\n schema: projects/my-project-name/schemas/example\n encoding: JSON\n options:\n dependsOn:\n - ${example}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Pubsub Topic Ingestion Kinesis\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.pubsub.Topic(\"example\", {\n name: \"example-topic\",\n ingestionDataSourceSettings: {\n awsKinesis: {\n streamArn: \"arn:aws:kinesis:us-west-2:111111111111:stream/fake-stream-name\",\n consumerArn: \"arn:aws:kinesis:us-west-2:111111111111:stream/fake-stream-name/consumer/consumer-1:1111111111\",\n awsRoleArn: \"arn:aws:iam::111111111111:role/fake-role-name\",\n gcpServiceAccount: \"fake-service-account@fake-gcp-project.iam.gserviceaccount.com\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.pubsub.Topic(\"example\",\n name=\"example-topic\",\n ingestion_data_source_settings={\n \"aws_kinesis\": {\n \"stream_arn\": \"arn:aws:kinesis:us-west-2:111111111111:stream/fake-stream-name\",\n \"consumer_arn\": \"arn:aws:kinesis:us-west-2:111111111111:stream/fake-stream-name/consumer/consumer-1:1111111111\",\n \"aws_role_arn\": \"arn:aws:iam::111111111111:role/fake-role-name\",\n \"gcp_service_account\": \"fake-service-account@fake-gcp-project.iam.gserviceaccount.com\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.PubSub.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n IngestionDataSourceSettings = new Gcp.PubSub.Inputs.TopicIngestionDataSourceSettingsArgs\n {\n AwsKinesis = new Gcp.PubSub.Inputs.TopicIngestionDataSourceSettingsAwsKinesisArgs\n {\n StreamArn = \"arn:aws:kinesis:us-west-2:111111111111:stream/fake-stream-name\",\n ConsumerArn = \"arn:aws:kinesis:us-west-2:111111111111:stream/fake-stream-name/consumer/consumer-1:1111111111\",\n AwsRoleArn = \"arn:aws:iam::111111111111:role/fake-role-name\",\n GcpServiceAccount = \"fake-service-account@fake-gcp-project.iam.gserviceaccount.com\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopic(ctx, \"example\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t\tIngestionDataSourceSettings: \u0026pubsub.TopicIngestionDataSourceSettingsArgs{\n\t\t\t\tAwsKinesis: \u0026pubsub.TopicIngestionDataSourceSettingsAwsKinesisArgs{\n\t\t\t\t\tStreamArn: pulumi.String(\"arn:aws:kinesis:us-west-2:111111111111:stream/fake-stream-name\"),\n\t\t\t\t\tConsumerArn: pulumi.String(\"arn:aws:kinesis:us-west-2:111111111111:stream/fake-stream-name/consumer/consumer-1:1111111111\"),\n\t\t\t\t\tAwsRoleArn: pulumi.String(\"arn:aws:iam::111111111111:role/fake-role-name\"),\n\t\t\t\t\tGcpServiceAccount: pulumi.String(\"fake-service-account@fake-gcp-project.iam.gserviceaccount.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.pubsub.inputs.TopicIngestionDataSourceSettingsArgs;\nimport com.pulumi.gcp.pubsub.inputs.TopicIngestionDataSourceSettingsAwsKinesisArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Topic(\"example\", TopicArgs.builder()\n .name(\"example-topic\")\n .ingestionDataSourceSettings(TopicIngestionDataSourceSettingsArgs.builder()\n .awsKinesis(TopicIngestionDataSourceSettingsAwsKinesisArgs.builder()\n .streamArn(\"arn:aws:kinesis:us-west-2:111111111111:stream/fake-stream-name\")\n .consumerArn(\"arn:aws:kinesis:us-west-2:111111111111:stream/fake-stream-name/consumer/consumer-1:1111111111\")\n .awsRoleArn(\"arn:aws:iam::111111111111:role/fake-role-name\")\n .gcpServiceAccount(\"fake-service-account@fake-gcp-project.iam.gserviceaccount.com\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:Topic\n properties:\n name: example-topic\n ingestionDataSourceSettings:\n awsKinesis:\n streamArn: arn:aws:kinesis:us-west-2:111111111111:stream/fake-stream-name\n consumerArn: arn:aws:kinesis:us-west-2:111111111111:stream/fake-stream-name/consumer/consumer-1:1111111111\n awsRoleArn: arn:aws:iam::111111111111:role/fake-role-name\n gcpServiceAccount: fake-service-account@fake-gcp-project.iam.gserviceaccount.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Pubsub Topic Ingestion Cloud Storage\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.pubsub.Topic(\"example\", {\n name: \"example-topic\",\n ingestionDataSourceSettings: {\n cloudStorage: {\n bucket: \"test-bucket\",\n textFormat: {\n delimiter: \" \",\n },\n minimumObjectCreateTime: \"2024-01-01T00:00:00Z\",\n matchGlob: \"foo/**\",\n },\n platformLogsSettings: {\n severity: \"WARNING\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.pubsub.Topic(\"example\",\n name=\"example-topic\",\n ingestion_data_source_settings={\n \"cloud_storage\": {\n \"bucket\": \"test-bucket\",\n \"text_format\": {\n \"delimiter\": \" \",\n },\n \"minimum_object_create_time\": \"2024-01-01T00:00:00Z\",\n \"match_glob\": \"foo/**\",\n },\n \"platform_logs_settings\": {\n \"severity\": \"WARNING\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.PubSub.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n IngestionDataSourceSettings = new Gcp.PubSub.Inputs.TopicIngestionDataSourceSettingsArgs\n {\n CloudStorage = new Gcp.PubSub.Inputs.TopicIngestionDataSourceSettingsCloudStorageArgs\n {\n Bucket = \"test-bucket\",\n TextFormat = new Gcp.PubSub.Inputs.TopicIngestionDataSourceSettingsCloudStorageTextFormatArgs\n {\n Delimiter = \" \",\n },\n MinimumObjectCreateTime = \"2024-01-01T00:00:00Z\",\n MatchGlob = \"foo/**\",\n },\n PlatformLogsSettings = new Gcp.PubSub.Inputs.TopicIngestionDataSourceSettingsPlatformLogsSettingsArgs\n {\n Severity = \"WARNING\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopic(ctx, \"example\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t\tIngestionDataSourceSettings: \u0026pubsub.TopicIngestionDataSourceSettingsArgs{\n\t\t\t\tCloudStorage: \u0026pubsub.TopicIngestionDataSourceSettingsCloudStorageArgs{\n\t\t\t\t\tBucket: pulumi.String(\"test-bucket\"),\n\t\t\t\t\tTextFormat: \u0026pubsub.TopicIngestionDataSourceSettingsCloudStorageTextFormatArgs{\n\t\t\t\t\t\tDelimiter: pulumi.String(\" \"),\n\t\t\t\t\t},\n\t\t\t\t\tMinimumObjectCreateTime: pulumi.String(\"2024-01-01T00:00:00Z\"),\n\t\t\t\t\tMatchGlob: pulumi.String(\"foo/**\"),\n\t\t\t\t},\n\t\t\t\tPlatformLogsSettings: \u0026pubsub.TopicIngestionDataSourceSettingsPlatformLogsSettingsArgs{\n\t\t\t\t\tSeverity: pulumi.String(\"WARNING\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.pubsub.inputs.TopicIngestionDataSourceSettingsArgs;\nimport com.pulumi.gcp.pubsub.inputs.TopicIngestionDataSourceSettingsCloudStorageArgs;\nimport com.pulumi.gcp.pubsub.inputs.TopicIngestionDataSourceSettingsCloudStorageTextFormatArgs;\nimport com.pulumi.gcp.pubsub.inputs.TopicIngestionDataSourceSettingsPlatformLogsSettingsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Topic(\"example\", TopicArgs.builder()\n .name(\"example-topic\")\n .ingestionDataSourceSettings(TopicIngestionDataSourceSettingsArgs.builder()\n .cloudStorage(TopicIngestionDataSourceSettingsCloudStorageArgs.builder()\n .bucket(\"test-bucket\")\n .textFormat(TopicIngestionDataSourceSettingsCloudStorageTextFormatArgs.builder()\n .delimiter(\" \")\n .build())\n .minimumObjectCreateTime(\"2024-01-01T00:00:00Z\")\n .matchGlob(\"foo/**\")\n .build())\n .platformLogsSettings(TopicIngestionDataSourceSettingsPlatformLogsSettingsArgs.builder()\n .severity(\"WARNING\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:pubsub:Topic\n properties:\n name: example-topic\n ingestionDataSourceSettings:\n cloudStorage:\n bucket: test-bucket\n textFormat:\n delimiter: ' '\n minimumObjectCreateTime: 2024-01-01T00:00:00Z\n matchGlob: foo/**\n platformLogsSettings:\n severity: WARNING\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nTopic can be imported using any of these accepted formats:\n\n* `projects/{{project}}/topics/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Topic can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:pubsub/topic:Topic default projects/{{project}}/topics/{{name}}\n```\n\n```sh\n$ pulumi import gcp:pubsub/topic:Topic default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:pubsub/topic:Topic default {{name}}\n```\n\n", "properties": { "effectiveLabels": { "type": "object", @@ -254036,7 +254036,7 @@ } }, "gcp:pubsub/topicIAMBinding:TopicIAMBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud Pub/Sub Topic. Each of these resources serves a different use case:\n\n* `gcp.pubsub.TopicIAMPolicy`: Authoritative. Sets the IAM policy for the topic and replaces any existing policy already attached.\n* `gcp.pubsub.TopicIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the topic are preserved.\n* `gcp.pubsub.TopicIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the topic are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.TopicIAMPolicy`: Retrieves the IAM policy for the topic\n\n\u003e **Note:** `gcp.pubsub.TopicIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.TopicIAMBinding` and `gcp.pubsub.TopicIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.TopicIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.TopicIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.pubsub.TopicIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.TopicIAMPolicy(\"policy\", {\n project: example.project,\n topic: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.pubsub.TopicIAMPolicy(\"policy\",\n project=example[\"project\"],\n topic=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.TopicIAMPolicy(\"policy\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopicIAMPolicy(ctx, \"policy\", \u0026pubsub.TopicIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicy;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TopicIAMPolicy(\"policy\", TopicIAMPolicyArgs.builder()\n .project(example.project())\n .topic(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:TopicIAMPolicy\n properties:\n project: ${example.project}\n topic: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.TopicIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.TopicIAMBinding(\"binding\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.TopicIAMBinding(\"binding\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.TopicIAMBinding(\"binding\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMBinding(ctx, \"binding\", \u0026pubsub.TopicIAMBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMBinding;\nimport com.pulumi.gcp.pubsub.TopicIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TopicIAMBinding(\"binding\", TopicIAMBindingArgs.builder()\n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:TopicIAMBinding\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.TopicIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.TopicIAMMember(\"member\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.TopicIAMMember(\"member\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.TopicIAMMember(\"member\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMMember(ctx, \"member\", \u0026pubsub.TopicIAMMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMMember;\nimport com.pulumi.gcp.pubsub.TopicIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TopicIAMMember(\"member\", TopicIAMMemberArgs.builder()\n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:TopicIAMMember\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Pub/Sub Topic\nThree different resources help you manage your IAM policy for Cloud Pub/Sub Topic. Each of these resources serves a different use case:\n\n* `gcp.pubsub.TopicIAMPolicy`: Authoritative. Sets the IAM policy for the topic and replaces any existing policy already attached.\n* `gcp.pubsub.TopicIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the topic are preserved.\n* `gcp.pubsub.TopicIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the topic are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.TopicIAMPolicy`: Retrieves the IAM policy for the topic\n\n\u003e **Note:** `gcp.pubsub.TopicIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.TopicIAMBinding` and `gcp.pubsub.TopicIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.TopicIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.TopicIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.pubsub.TopicIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.TopicIAMPolicy(\"policy\", {\n project: example.project,\n topic: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.pubsub.TopicIAMPolicy(\"policy\",\n project=example[\"project\"],\n topic=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.TopicIAMPolicy(\"policy\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopicIAMPolicy(ctx, \"policy\", \u0026pubsub.TopicIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicy;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TopicIAMPolicy(\"policy\", TopicIAMPolicyArgs.builder()\n .project(example.project())\n .topic(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:TopicIAMPolicy\n properties:\n project: ${example.project}\n topic: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.TopicIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.TopicIAMBinding(\"binding\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.TopicIAMBinding(\"binding\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.TopicIAMBinding(\"binding\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMBinding(ctx, \"binding\", \u0026pubsub.TopicIAMBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMBinding;\nimport com.pulumi.gcp.pubsub.TopicIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TopicIAMBinding(\"binding\", TopicIAMBindingArgs.builder()\n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:TopicIAMBinding\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.TopicIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.TopicIAMMember(\"member\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.TopicIAMMember(\"member\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.TopicIAMMember(\"member\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMMember(ctx, \"member\", \u0026pubsub.TopicIAMMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMMember;\nimport com.pulumi.gcp.pubsub.TopicIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TopicIAMMember(\"member\", TopicIAMMemberArgs.builder()\n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:TopicIAMMember\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/topics/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Pub/Sub topic IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMBinding:TopicIAMBinding editor \"projects/{{project}}/topics/{{topic}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMBinding:TopicIAMBinding editor \"projects/{{project}}/topics/{{topic}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMBinding:TopicIAMBinding editor projects/{{project}}/topics/{{topic}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Pub/Sub Topic. Each of these resources serves a different use case:\n\n* `gcp.pubsub.TopicIAMPolicy`: Authoritative. Sets the IAM policy for the topic and replaces any existing policy already attached.\n* `gcp.pubsub.TopicIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the topic are preserved.\n* `gcp.pubsub.TopicIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the topic are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.TopicIAMPolicy`: Retrieves the IAM policy for the topic\n\n\u003e **Note:** `gcp.pubsub.TopicIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.TopicIAMBinding` and `gcp.pubsub.TopicIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.TopicIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.TopicIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.pubsub.TopicIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.TopicIAMPolicy(\"policy\", {\n project: example.project,\n topic: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.pubsub.TopicIAMPolicy(\"policy\",\n project=example[\"project\"],\n topic=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.TopicIAMPolicy(\"policy\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopicIAMPolicy(ctx, \"policy\", \u0026pubsub.TopicIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicy;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TopicIAMPolicy(\"policy\", TopicIAMPolicyArgs.builder()\n .project(example.project())\n .topic(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:TopicIAMPolicy\n properties:\n project: ${example.project}\n topic: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.TopicIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.TopicIAMBinding(\"binding\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.TopicIAMBinding(\"binding\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.TopicIAMBinding(\"binding\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMBinding(ctx, \"binding\", \u0026pubsub.TopicIAMBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMBinding;\nimport com.pulumi.gcp.pubsub.TopicIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TopicIAMBinding(\"binding\", TopicIAMBindingArgs.builder()\n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:TopicIAMBinding\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.TopicIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.TopicIAMMember(\"member\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.TopicIAMMember(\"member\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.TopicIAMMember(\"member\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMMember(ctx, \"member\", \u0026pubsub.TopicIAMMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMMember;\nimport com.pulumi.gcp.pubsub.TopicIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TopicIAMMember(\"member\", TopicIAMMemberArgs.builder()\n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:TopicIAMMember\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Pub/Sub Topic\nThree different resources help you manage your IAM policy for Cloud Pub/Sub Topic. Each of these resources serves a different use case:\n\n* `gcp.pubsub.TopicIAMPolicy`: Authoritative. Sets the IAM policy for the topic and replaces any existing policy already attached.\n* `gcp.pubsub.TopicIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the topic are preserved.\n* `gcp.pubsub.TopicIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the topic are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.TopicIAMPolicy`: Retrieves the IAM policy for the topic\n\n\u003e **Note:** `gcp.pubsub.TopicIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.TopicIAMBinding` and `gcp.pubsub.TopicIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.TopicIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.TopicIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.pubsub.TopicIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.TopicIAMPolicy(\"policy\", {\n project: example.project,\n topic: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.pubsub.TopicIAMPolicy(\"policy\",\n project=example[\"project\"],\n topic=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.TopicIAMPolicy(\"policy\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopicIAMPolicy(ctx, \"policy\", \u0026pubsub.TopicIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicy;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TopicIAMPolicy(\"policy\", TopicIAMPolicyArgs.builder()\n .project(example.project())\n .topic(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:TopicIAMPolicy\n properties:\n project: ${example.project}\n topic: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.TopicIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.TopicIAMBinding(\"binding\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.TopicIAMBinding(\"binding\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.TopicIAMBinding(\"binding\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMBinding(ctx, \"binding\", \u0026pubsub.TopicIAMBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMBinding;\nimport com.pulumi.gcp.pubsub.TopicIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TopicIAMBinding(\"binding\", TopicIAMBindingArgs.builder()\n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:TopicIAMBinding\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.TopicIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.TopicIAMMember(\"member\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.TopicIAMMember(\"member\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.TopicIAMMember(\"member\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMMember(ctx, \"member\", \u0026pubsub.TopicIAMMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMMember;\nimport com.pulumi.gcp.pubsub.TopicIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TopicIAMMember(\"member\", TopicIAMMemberArgs.builder()\n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:TopicIAMMember\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/topics/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Pub/Sub topic IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMBinding:TopicIAMBinding editor \"projects/{{project}}/topics/{{topic}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMBinding:TopicIAMBinding editor \"projects/{{project}}/topics/{{topic}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMBinding:TopicIAMBinding editor projects/{{project}}/topics/{{topic}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:pubsub/TopicIAMBindingCondition:TopicIAMBindingCondition" @@ -254143,7 +254143,7 @@ } }, "gcp:pubsub/topicIAMMember:TopicIAMMember": { - "description": "Three different resources help you manage your IAM policy for Cloud Pub/Sub Topic. Each of these resources serves a different use case:\n\n* `gcp.pubsub.TopicIAMPolicy`: Authoritative. Sets the IAM policy for the topic and replaces any existing policy already attached.\n* `gcp.pubsub.TopicIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the topic are preserved.\n* `gcp.pubsub.TopicIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the topic are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.TopicIAMPolicy`: Retrieves the IAM policy for the topic\n\n\u003e **Note:** `gcp.pubsub.TopicIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.TopicIAMBinding` and `gcp.pubsub.TopicIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.TopicIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.TopicIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.pubsub.TopicIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.TopicIAMPolicy(\"policy\", {\n project: example.project,\n topic: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.pubsub.TopicIAMPolicy(\"policy\",\n project=example[\"project\"],\n topic=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.TopicIAMPolicy(\"policy\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopicIAMPolicy(ctx, \"policy\", \u0026pubsub.TopicIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicy;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TopicIAMPolicy(\"policy\", TopicIAMPolicyArgs.builder()\n .project(example.project())\n .topic(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:TopicIAMPolicy\n properties:\n project: ${example.project}\n topic: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.TopicIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.TopicIAMBinding(\"binding\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.TopicIAMBinding(\"binding\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.TopicIAMBinding(\"binding\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMBinding(ctx, \"binding\", \u0026pubsub.TopicIAMBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMBinding;\nimport com.pulumi.gcp.pubsub.TopicIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TopicIAMBinding(\"binding\", TopicIAMBindingArgs.builder()\n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:TopicIAMBinding\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.TopicIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.TopicIAMMember(\"member\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.TopicIAMMember(\"member\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.TopicIAMMember(\"member\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMMember(ctx, \"member\", \u0026pubsub.TopicIAMMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMMember;\nimport com.pulumi.gcp.pubsub.TopicIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TopicIAMMember(\"member\", TopicIAMMemberArgs.builder()\n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:TopicIAMMember\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Pub/Sub Topic\nThree different resources help you manage your IAM policy for Cloud Pub/Sub Topic. Each of these resources serves a different use case:\n\n* `gcp.pubsub.TopicIAMPolicy`: Authoritative. Sets the IAM policy for the topic and replaces any existing policy already attached.\n* `gcp.pubsub.TopicIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the topic are preserved.\n* `gcp.pubsub.TopicIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the topic are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.TopicIAMPolicy`: Retrieves the IAM policy for the topic\n\n\u003e **Note:** `gcp.pubsub.TopicIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.TopicIAMBinding` and `gcp.pubsub.TopicIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.TopicIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.TopicIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.pubsub.TopicIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.TopicIAMPolicy(\"policy\", {\n project: example.project,\n topic: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.pubsub.TopicIAMPolicy(\"policy\",\n project=example[\"project\"],\n topic=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.TopicIAMPolicy(\"policy\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopicIAMPolicy(ctx, \"policy\", \u0026pubsub.TopicIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicy;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TopicIAMPolicy(\"policy\", TopicIAMPolicyArgs.builder()\n .project(example.project())\n .topic(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:TopicIAMPolicy\n properties:\n project: ${example.project}\n topic: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.TopicIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.TopicIAMBinding(\"binding\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.TopicIAMBinding(\"binding\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.TopicIAMBinding(\"binding\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMBinding(ctx, \"binding\", \u0026pubsub.TopicIAMBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMBinding;\nimport com.pulumi.gcp.pubsub.TopicIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TopicIAMBinding(\"binding\", TopicIAMBindingArgs.builder()\n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:TopicIAMBinding\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.TopicIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.TopicIAMMember(\"member\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.TopicIAMMember(\"member\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.TopicIAMMember(\"member\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMMember(ctx, \"member\", \u0026pubsub.TopicIAMMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMMember;\nimport com.pulumi.gcp.pubsub.TopicIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TopicIAMMember(\"member\", TopicIAMMemberArgs.builder()\n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:TopicIAMMember\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/topics/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Pub/Sub topic IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMMember:TopicIAMMember editor \"projects/{{project}}/topics/{{topic}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMMember:TopicIAMMember editor \"projects/{{project}}/topics/{{topic}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMMember:TopicIAMMember editor projects/{{project}}/topics/{{topic}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Pub/Sub Topic. Each of these resources serves a different use case:\n\n* `gcp.pubsub.TopicIAMPolicy`: Authoritative. Sets the IAM policy for the topic and replaces any existing policy already attached.\n* `gcp.pubsub.TopicIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the topic are preserved.\n* `gcp.pubsub.TopicIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the topic are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.TopicIAMPolicy`: Retrieves the IAM policy for the topic\n\n\u003e **Note:** `gcp.pubsub.TopicIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.TopicIAMBinding` and `gcp.pubsub.TopicIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.TopicIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.TopicIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.pubsub.TopicIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.TopicIAMPolicy(\"policy\", {\n project: example.project,\n topic: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.pubsub.TopicIAMPolicy(\"policy\",\n project=example[\"project\"],\n topic=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.TopicIAMPolicy(\"policy\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopicIAMPolicy(ctx, \"policy\", \u0026pubsub.TopicIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicy;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TopicIAMPolicy(\"policy\", TopicIAMPolicyArgs.builder()\n .project(example.project())\n .topic(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:TopicIAMPolicy\n properties:\n project: ${example.project}\n topic: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.TopicIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.TopicIAMBinding(\"binding\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.TopicIAMBinding(\"binding\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.TopicIAMBinding(\"binding\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMBinding(ctx, \"binding\", \u0026pubsub.TopicIAMBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMBinding;\nimport com.pulumi.gcp.pubsub.TopicIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TopicIAMBinding(\"binding\", TopicIAMBindingArgs.builder()\n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:TopicIAMBinding\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.TopicIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.TopicIAMMember(\"member\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.TopicIAMMember(\"member\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.TopicIAMMember(\"member\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMMember(ctx, \"member\", \u0026pubsub.TopicIAMMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMMember;\nimport com.pulumi.gcp.pubsub.TopicIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TopicIAMMember(\"member\", TopicIAMMemberArgs.builder()\n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:TopicIAMMember\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Pub/Sub Topic\nThree different resources help you manage your IAM policy for Cloud Pub/Sub Topic. Each of these resources serves a different use case:\n\n* `gcp.pubsub.TopicIAMPolicy`: Authoritative. Sets the IAM policy for the topic and replaces any existing policy already attached.\n* `gcp.pubsub.TopicIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the topic are preserved.\n* `gcp.pubsub.TopicIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the topic are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.TopicIAMPolicy`: Retrieves the IAM policy for the topic\n\n\u003e **Note:** `gcp.pubsub.TopicIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.TopicIAMBinding` and `gcp.pubsub.TopicIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.TopicIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.TopicIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.pubsub.TopicIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.TopicIAMPolicy(\"policy\", {\n project: example.project,\n topic: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.pubsub.TopicIAMPolicy(\"policy\",\n project=example[\"project\"],\n topic=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.TopicIAMPolicy(\"policy\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopicIAMPolicy(ctx, \"policy\", \u0026pubsub.TopicIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicy;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TopicIAMPolicy(\"policy\", TopicIAMPolicyArgs.builder()\n .project(example.project())\n .topic(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:TopicIAMPolicy\n properties:\n project: ${example.project}\n topic: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.TopicIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.TopicIAMBinding(\"binding\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.TopicIAMBinding(\"binding\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.TopicIAMBinding(\"binding\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMBinding(ctx, \"binding\", \u0026pubsub.TopicIAMBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMBinding;\nimport com.pulumi.gcp.pubsub.TopicIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TopicIAMBinding(\"binding\", TopicIAMBindingArgs.builder()\n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:TopicIAMBinding\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.TopicIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.TopicIAMMember(\"member\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.TopicIAMMember(\"member\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.TopicIAMMember(\"member\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMMember(ctx, \"member\", \u0026pubsub.TopicIAMMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMMember;\nimport com.pulumi.gcp.pubsub.TopicIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TopicIAMMember(\"member\", TopicIAMMemberArgs.builder()\n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:TopicIAMMember\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/topics/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Pub/Sub topic IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMMember:TopicIAMMember editor \"projects/{{project}}/topics/{{topic}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMMember:TopicIAMMember editor \"projects/{{project}}/topics/{{topic}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMMember:TopicIAMMember editor projects/{{project}}/topics/{{topic}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:pubsub/TopicIAMMemberCondition:TopicIAMMemberCondition" @@ -254243,7 +254243,7 @@ } }, "gcp:pubsub/topicIAMPolicy:TopicIAMPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud Pub/Sub Topic. Each of these resources serves a different use case:\n\n* `gcp.pubsub.TopicIAMPolicy`: Authoritative. Sets the IAM policy for the topic and replaces any existing policy already attached.\n* `gcp.pubsub.TopicIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the topic are preserved.\n* `gcp.pubsub.TopicIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the topic are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.TopicIAMPolicy`: Retrieves the IAM policy for the topic\n\n\u003e **Note:** `gcp.pubsub.TopicIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.TopicIAMBinding` and `gcp.pubsub.TopicIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.TopicIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.TopicIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.pubsub.TopicIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.TopicIAMPolicy(\"policy\", {\n project: example.project,\n topic: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.pubsub.TopicIAMPolicy(\"policy\",\n project=example[\"project\"],\n topic=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.TopicIAMPolicy(\"policy\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopicIAMPolicy(ctx, \"policy\", \u0026pubsub.TopicIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicy;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TopicIAMPolicy(\"policy\", TopicIAMPolicyArgs.builder()\n .project(example.project())\n .topic(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:TopicIAMPolicy\n properties:\n project: ${example.project}\n topic: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.TopicIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.TopicIAMBinding(\"binding\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.TopicIAMBinding(\"binding\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.TopicIAMBinding(\"binding\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMBinding(ctx, \"binding\", \u0026pubsub.TopicIAMBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMBinding;\nimport com.pulumi.gcp.pubsub.TopicIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TopicIAMBinding(\"binding\", TopicIAMBindingArgs.builder()\n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:TopicIAMBinding\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.TopicIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.TopicIAMMember(\"member\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.TopicIAMMember(\"member\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.TopicIAMMember(\"member\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMMember(ctx, \"member\", \u0026pubsub.TopicIAMMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMMember;\nimport com.pulumi.gcp.pubsub.TopicIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TopicIAMMember(\"member\", TopicIAMMemberArgs.builder()\n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:TopicIAMMember\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Pub/Sub Topic\nThree different resources help you manage your IAM policy for Cloud Pub/Sub Topic. Each of these resources serves a different use case:\n\n* `gcp.pubsub.TopicIAMPolicy`: Authoritative. Sets the IAM policy for the topic and replaces any existing policy already attached.\n* `gcp.pubsub.TopicIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the topic are preserved.\n* `gcp.pubsub.TopicIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the topic are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.TopicIAMPolicy`: Retrieves the IAM policy for the topic\n\n\u003e **Note:** `gcp.pubsub.TopicIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.TopicIAMBinding` and `gcp.pubsub.TopicIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.TopicIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.TopicIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.pubsub.TopicIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.TopicIAMPolicy(\"policy\", {\n project: example.project,\n topic: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.pubsub.TopicIAMPolicy(\"policy\",\n project=example[\"project\"],\n topic=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.TopicIAMPolicy(\"policy\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopicIAMPolicy(ctx, \"policy\", \u0026pubsub.TopicIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicy;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TopicIAMPolicy(\"policy\", TopicIAMPolicyArgs.builder()\n .project(example.project())\n .topic(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:TopicIAMPolicy\n properties:\n project: ${example.project}\n topic: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.TopicIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.TopicIAMBinding(\"binding\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.TopicIAMBinding(\"binding\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.TopicIAMBinding(\"binding\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMBinding(ctx, \"binding\", \u0026pubsub.TopicIAMBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMBinding;\nimport com.pulumi.gcp.pubsub.TopicIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TopicIAMBinding(\"binding\", TopicIAMBindingArgs.builder()\n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:TopicIAMBinding\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.TopicIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.TopicIAMMember(\"member\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.TopicIAMMember(\"member\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.TopicIAMMember(\"member\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMMember(ctx, \"member\", \u0026pubsub.TopicIAMMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMMember;\nimport com.pulumi.gcp.pubsub.TopicIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TopicIAMMember(\"member\", TopicIAMMemberArgs.builder()\n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:TopicIAMMember\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/topics/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Pub/Sub topic IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMPolicy:TopicIAMPolicy editor \"projects/{{project}}/topics/{{topic}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMPolicy:TopicIAMPolicy editor \"projects/{{project}}/topics/{{topic}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMPolicy:TopicIAMPolicy editor projects/{{project}}/topics/{{topic}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Pub/Sub Topic. Each of these resources serves a different use case:\n\n* `gcp.pubsub.TopicIAMPolicy`: Authoritative. Sets the IAM policy for the topic and replaces any existing policy already attached.\n* `gcp.pubsub.TopicIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the topic are preserved.\n* `gcp.pubsub.TopicIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the topic are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.TopicIAMPolicy`: Retrieves the IAM policy for the topic\n\n\u003e **Note:** `gcp.pubsub.TopicIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.TopicIAMBinding` and `gcp.pubsub.TopicIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.TopicIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.TopicIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.pubsub.TopicIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.TopicIAMPolicy(\"policy\", {\n project: example.project,\n topic: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.pubsub.TopicIAMPolicy(\"policy\",\n project=example[\"project\"],\n topic=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.TopicIAMPolicy(\"policy\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopicIAMPolicy(ctx, \"policy\", \u0026pubsub.TopicIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicy;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TopicIAMPolicy(\"policy\", TopicIAMPolicyArgs.builder()\n .project(example.project())\n .topic(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:TopicIAMPolicy\n properties:\n project: ${example.project}\n topic: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.TopicIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.TopicIAMBinding(\"binding\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.TopicIAMBinding(\"binding\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.TopicIAMBinding(\"binding\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMBinding(ctx, \"binding\", \u0026pubsub.TopicIAMBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMBinding;\nimport com.pulumi.gcp.pubsub.TopicIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TopicIAMBinding(\"binding\", TopicIAMBindingArgs.builder()\n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:TopicIAMBinding\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.TopicIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.TopicIAMMember(\"member\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.TopicIAMMember(\"member\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.TopicIAMMember(\"member\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMMember(ctx, \"member\", \u0026pubsub.TopicIAMMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMMember;\nimport com.pulumi.gcp.pubsub.TopicIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TopicIAMMember(\"member\", TopicIAMMemberArgs.builder()\n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:TopicIAMMember\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Pub/Sub Topic\nThree different resources help you manage your IAM policy for Cloud Pub/Sub Topic. Each of these resources serves a different use case:\n\n* `gcp.pubsub.TopicIAMPolicy`: Authoritative. Sets the IAM policy for the topic and replaces any existing policy already attached.\n* `gcp.pubsub.TopicIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the topic are preserved.\n* `gcp.pubsub.TopicIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the topic are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.TopicIAMPolicy`: Retrieves the IAM policy for the topic\n\n\u003e **Note:** `gcp.pubsub.TopicIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.TopicIAMBinding` and `gcp.pubsub.TopicIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.TopicIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.TopicIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.pubsub.TopicIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.TopicIAMPolicy(\"policy\", {\n project: example.project,\n topic: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.pubsub.TopicIAMPolicy(\"policy\",\n project=example[\"project\"],\n topic=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.TopicIAMPolicy(\"policy\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopicIAMPolicy(ctx, \"policy\", \u0026pubsub.TopicIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicy;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TopicIAMPolicy(\"policy\", TopicIAMPolicyArgs.builder()\n .project(example.project())\n .topic(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:TopicIAMPolicy\n properties:\n project: ${example.project}\n topic: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.TopicIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.TopicIAMBinding(\"binding\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.TopicIAMBinding(\"binding\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.TopicIAMBinding(\"binding\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMBinding(ctx, \"binding\", \u0026pubsub.TopicIAMBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMBinding;\nimport com.pulumi.gcp.pubsub.TopicIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TopicIAMBinding(\"binding\", TopicIAMBindingArgs.builder()\n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:TopicIAMBinding\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.pubsub.TopicIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.TopicIAMMember(\"member\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.TopicIAMMember(\"member\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.TopicIAMMember(\"member\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMMember(ctx, \"member\", \u0026pubsub.TopicIAMMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMMember;\nimport com.pulumi.gcp.pubsub.TopicIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TopicIAMMember(\"member\", TopicIAMMemberArgs.builder()\n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:TopicIAMMember\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/topics/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Pub/Sub topic IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMPolicy:TopicIAMPolicy editor \"projects/{{project}}/topics/{{topic}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMPolicy:TopicIAMPolicy editor \"projects/{{project}}/topics/{{topic}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMPolicy:TopicIAMPolicy editor projects/{{project}}/topics/{{topic}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -254497,7 +254497,7 @@ } }, "gcp:redis/cluster:Cluster": { - "description": "A Google Cloud Redis Cluster instance.\n\n\nTo get more information about Cluster, see:\n\n* [API documentation](https://cloud.google.com/memorystore/docs/cluster/reference/rest/v1/projects.locations.clusters)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/memorystore/docs/cluster/)\n\n## Example Usage\n\n### Redis Cluster Ha\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst producerNet = new gcp.compute.Network(\"producer_net\", {\n name: \"mynetwork\",\n autoCreateSubnetworks: false,\n});\nconst producerSubnet = new gcp.compute.Subnetwork(\"producer_subnet\", {\n name: \"mysubnet\",\n ipCidrRange: \"10.0.0.248/29\",\n region: \"us-central1\",\n network: producerNet.id,\n});\nconst _default = new gcp.networkconnectivity.ServiceConnectionPolicy(\"default\", {\n name: \"mypolicy\",\n location: \"us-central1\",\n serviceClass: \"gcp-memorystore-redis\",\n description: \"my basic service connection policy\",\n network: producerNet.id,\n pscConfig: {\n subnetworks: [producerSubnet.id],\n },\n});\nconst cluster_ha = new gcp.redis.Cluster(\"cluster-ha\", {\n name: \"ha-cluster\",\n shardCount: 3,\n pscConfigs: [{\n network: producerNet.id,\n }],\n region: \"us-central1\",\n replicaCount: 1,\n nodeType: \"REDIS_SHARED_CORE_NANO\",\n transitEncryptionMode: \"TRANSIT_ENCRYPTION_MODE_DISABLED\",\n authorizationMode: \"AUTH_MODE_DISABLED\",\n redisConfigs: {\n \"maxmemory-policy\": \"volatile-ttl\",\n },\n deletionProtectionEnabled: true,\n zoneDistributionConfig: {\n mode: \"MULTI_ZONE\",\n },\n maintenancePolicy: {\n weeklyMaintenanceWindows: [{\n day: \"MONDAY\",\n startTime: {\n hours: 1,\n minutes: 0,\n seconds: 0,\n nanos: 0,\n },\n }],\n },\n}, {\n dependsOn: [_default],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproducer_net = gcp.compute.Network(\"producer_net\",\n name=\"mynetwork\",\n auto_create_subnetworks=False)\nproducer_subnet = gcp.compute.Subnetwork(\"producer_subnet\",\n name=\"mysubnet\",\n ip_cidr_range=\"10.0.0.248/29\",\n region=\"us-central1\",\n network=producer_net.id)\ndefault = gcp.networkconnectivity.ServiceConnectionPolicy(\"default\",\n name=\"mypolicy\",\n location=\"us-central1\",\n service_class=\"gcp-memorystore-redis\",\n description=\"my basic service connection policy\",\n network=producer_net.id,\n psc_config={\n \"subnetworks\": [producer_subnet.id],\n })\ncluster_ha = gcp.redis.Cluster(\"cluster-ha\",\n name=\"ha-cluster\",\n shard_count=3,\n psc_configs=[{\n \"network\": producer_net.id,\n }],\n region=\"us-central1\",\n replica_count=1,\n node_type=\"REDIS_SHARED_CORE_NANO\",\n transit_encryption_mode=\"TRANSIT_ENCRYPTION_MODE_DISABLED\",\n authorization_mode=\"AUTH_MODE_DISABLED\",\n redis_configs={\n \"maxmemory-policy\": \"volatile-ttl\",\n },\n deletion_protection_enabled=True,\n zone_distribution_config={\n \"mode\": \"MULTI_ZONE\",\n },\n maintenance_policy={\n \"weekly_maintenance_windows\": [{\n \"day\": \"MONDAY\",\n \"start_time\": {\n \"hours\": 1,\n \"minutes\": 0,\n \"seconds\": 0,\n \"nanos\": 0,\n },\n }],\n },\n opts = pulumi.ResourceOptions(depends_on=[default]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var producerNet = new Gcp.Compute.Network(\"producer_net\", new()\n {\n Name = \"mynetwork\",\n AutoCreateSubnetworks = false,\n });\n\n var producerSubnet = new Gcp.Compute.Subnetwork(\"producer_subnet\", new()\n {\n Name = \"mysubnet\",\n IpCidrRange = \"10.0.0.248/29\",\n Region = \"us-central1\",\n Network = producerNet.Id,\n });\n\n var @default = new Gcp.NetworkConnectivity.ServiceConnectionPolicy(\"default\", new()\n {\n Name = \"mypolicy\",\n Location = \"us-central1\",\n ServiceClass = \"gcp-memorystore-redis\",\n Description = \"my basic service connection policy\",\n Network = producerNet.Id,\n PscConfig = new Gcp.NetworkConnectivity.Inputs.ServiceConnectionPolicyPscConfigArgs\n {\n Subnetworks = new[]\n {\n producerSubnet.Id,\n },\n },\n });\n\n var cluster_ha = new Gcp.Redis.Cluster(\"cluster-ha\", new()\n {\n Name = \"ha-cluster\",\n ShardCount = 3,\n PscConfigs = new[]\n {\n new Gcp.Redis.Inputs.ClusterPscConfigArgs\n {\n Network = producerNet.Id,\n },\n },\n Region = \"us-central1\",\n ReplicaCount = 1,\n NodeType = \"REDIS_SHARED_CORE_NANO\",\n TransitEncryptionMode = \"TRANSIT_ENCRYPTION_MODE_DISABLED\",\n AuthorizationMode = \"AUTH_MODE_DISABLED\",\n RedisConfigs = \n {\n { \"maxmemory-policy\", \"volatile-ttl\" },\n },\n DeletionProtectionEnabled = true,\n ZoneDistributionConfig = new Gcp.Redis.Inputs.ClusterZoneDistributionConfigArgs\n {\n Mode = \"MULTI_ZONE\",\n },\n MaintenancePolicy = new Gcp.Redis.Inputs.ClusterMaintenancePolicyArgs\n {\n WeeklyMaintenanceWindows = new[]\n {\n new Gcp.Redis.Inputs.ClusterMaintenancePolicyWeeklyMaintenanceWindowArgs\n {\n Day = \"MONDAY\",\n StartTime = new Gcp.Redis.Inputs.ClusterMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs\n {\n Hours = 1,\n Minutes = 0,\n Seconds = 0,\n Nanos = 0,\n },\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/redis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproducerNet, err := compute.NewNetwork(ctx, \"producer_net\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"mynetwork\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerSubnet, err := compute.NewSubnetwork(ctx, \"producer_subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"mysubnet\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.248/29\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewServiceConnectionPolicy(ctx, \"default\", \u0026networkconnectivity.ServiceConnectionPolicyArgs{\n\t\t\tName: pulumi.String(\"mypolicy\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tServiceClass: pulumi.String(\"gcp-memorystore-redis\"),\n\t\t\tDescription: pulumi.String(\"my basic service connection policy\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t\tPscConfig: \u0026networkconnectivity.ServiceConnectionPolicyPscConfigArgs{\n\t\t\t\tSubnetworks: pulumi.StringArray{\n\t\t\t\t\tproducerSubnet.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = redis.NewCluster(ctx, \"cluster-ha\", \u0026redis.ClusterArgs{\n\t\t\tName: pulumi.String(\"ha-cluster\"),\n\t\t\tShardCount: pulumi.Int(3),\n\t\t\tPscConfigs: redis.ClusterPscConfigArray{\n\t\t\t\t\u0026redis.ClusterPscConfigArgs{\n\t\t\t\t\tNetwork: producerNet.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tReplicaCount: pulumi.Int(1),\n\t\t\tNodeType: pulumi.String(\"REDIS_SHARED_CORE_NANO\"),\n\t\t\tTransitEncryptionMode: pulumi.String(\"TRANSIT_ENCRYPTION_MODE_DISABLED\"),\n\t\t\tAuthorizationMode: pulumi.String(\"AUTH_MODE_DISABLED\"),\n\t\t\tRedisConfigs: pulumi.StringMap{\n\t\t\t\t\"maxmemory-policy\": pulumi.String(\"volatile-ttl\"),\n\t\t\t},\n\t\t\tDeletionProtectionEnabled: pulumi.Bool(true),\n\t\t\tZoneDistributionConfig: \u0026redis.ClusterZoneDistributionConfigArgs{\n\t\t\t\tMode: pulumi.String(\"MULTI_ZONE\"),\n\t\t\t},\n\t\t\tMaintenancePolicy: \u0026redis.ClusterMaintenancePolicyArgs{\n\t\t\t\tWeeklyMaintenanceWindows: redis.ClusterMaintenancePolicyWeeklyMaintenanceWindowArray{\n\t\t\t\t\t\u0026redis.ClusterMaintenancePolicyWeeklyMaintenanceWindowArgs{\n\t\t\t\t\t\tDay: pulumi.String(\"MONDAY\"),\n\t\t\t\t\t\tStartTime: \u0026redis.ClusterMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs{\n\t\t\t\t\t\t\tHours: pulumi.Int(1),\n\t\t\t\t\t\t\tMinutes: pulumi.Int(0),\n\t\t\t\t\t\t\tSeconds: pulumi.Int(0),\n\t\t\t\t\t\t\tNanos: pulumi.Int(0),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicy;\nimport com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicyArgs;\nimport com.pulumi.gcp.networkconnectivity.inputs.ServiceConnectionPolicyPscConfigArgs;\nimport com.pulumi.gcp.redis.Cluster;\nimport com.pulumi.gcp.redis.ClusterArgs;\nimport com.pulumi.gcp.redis.inputs.ClusterPscConfigArgs;\nimport com.pulumi.gcp.redis.inputs.ClusterZoneDistributionConfigArgs;\nimport com.pulumi.gcp.redis.inputs.ClusterMaintenancePolicyArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var producerNet = new Network(\"producerNet\", NetworkArgs.builder()\n .name(\"mynetwork\")\n .autoCreateSubnetworks(false)\n .build());\n\n var producerSubnet = new Subnetwork(\"producerSubnet\", SubnetworkArgs.builder()\n .name(\"mysubnet\")\n .ipCidrRange(\"10.0.0.248/29\")\n .region(\"us-central1\")\n .network(producerNet.id())\n .build());\n\n var default_ = new ServiceConnectionPolicy(\"default\", ServiceConnectionPolicyArgs.builder()\n .name(\"mypolicy\")\n .location(\"us-central1\")\n .serviceClass(\"gcp-memorystore-redis\")\n .description(\"my basic service connection policy\")\n .network(producerNet.id())\n .pscConfig(ServiceConnectionPolicyPscConfigArgs.builder()\n .subnetworks(producerSubnet.id())\n .build())\n .build());\n\n var cluster_ha = new Cluster(\"cluster-ha\", ClusterArgs.builder()\n .name(\"ha-cluster\")\n .shardCount(3)\n .pscConfigs(ClusterPscConfigArgs.builder()\n .network(producerNet.id())\n .build())\n .region(\"us-central1\")\n .replicaCount(1)\n .nodeType(\"REDIS_SHARED_CORE_NANO\")\n .transitEncryptionMode(\"TRANSIT_ENCRYPTION_MODE_DISABLED\")\n .authorizationMode(\"AUTH_MODE_DISABLED\")\n .redisConfigs(Map.of(\"maxmemory-policy\", \"volatile-ttl\"))\n .deletionProtectionEnabled(true)\n .zoneDistributionConfig(ClusterZoneDistributionConfigArgs.builder()\n .mode(\"MULTI_ZONE\")\n .build())\n .maintenancePolicy(ClusterMaintenancePolicyArgs.builder()\n .weeklyMaintenanceWindows(ClusterMaintenancePolicyWeeklyMaintenanceWindowArgs.builder()\n .day(\"MONDAY\")\n .startTime(ClusterMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs.builder()\n .hours(1)\n .minutes(0)\n .seconds(0)\n .nanos(0)\n .build())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cluster-ha:\n type: gcp:redis:Cluster\n properties:\n name: ha-cluster\n shardCount: 3\n pscConfigs:\n - network: ${producerNet.id}\n region: us-central1\n replicaCount: 1\n nodeType: REDIS_SHARED_CORE_NANO\n transitEncryptionMode: TRANSIT_ENCRYPTION_MODE_DISABLED\n authorizationMode: AUTH_MODE_DISABLED\n redisConfigs:\n maxmemory-policy: volatile-ttl\n deletionProtectionEnabled: true\n zoneDistributionConfig:\n mode: MULTI_ZONE\n maintenancePolicy:\n weeklyMaintenanceWindows:\n - day: MONDAY\n startTime:\n hours: 1\n minutes: 0\n seconds: 0\n nanos: 0\n options:\n dependson:\n - ${default}\n default:\n type: gcp:networkconnectivity:ServiceConnectionPolicy\n properties:\n name: mypolicy\n location: us-central1\n serviceClass: gcp-memorystore-redis\n description: my basic service connection policy\n network: ${producerNet.id}\n pscConfig:\n subnetworks:\n - ${producerSubnet.id}\n producerSubnet:\n type: gcp:compute:Subnetwork\n name: producer_subnet\n properties:\n name: mysubnet\n ipCidrRange: 10.0.0.248/29\n region: us-central1\n network: ${producerNet.id}\n producerNet:\n type: gcp:compute:Network\n name: producer_net\n properties:\n name: mynetwork\n autoCreateSubnetworks: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Redis Cluster Ha Single Zone\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst producerNet = new gcp.compute.Network(\"producer_net\", {\n name: \"mynetwork\",\n autoCreateSubnetworks: false,\n});\nconst producerSubnet = new gcp.compute.Subnetwork(\"producer_subnet\", {\n name: \"mysubnet\",\n ipCidrRange: \"10.0.0.248/29\",\n region: \"us-central1\",\n network: producerNet.id,\n});\nconst _default = new gcp.networkconnectivity.ServiceConnectionPolicy(\"default\", {\n name: \"mypolicy\",\n location: \"us-central1\",\n serviceClass: \"gcp-memorystore-redis\",\n description: \"my basic service connection policy\",\n network: producerNet.id,\n pscConfig: {\n subnetworks: [producerSubnet.id],\n },\n});\nconst cluster_ha_single_zone = new gcp.redis.Cluster(\"cluster-ha-single-zone\", {\n name: \"ha-cluster-single-zone\",\n shardCount: 3,\n pscConfigs: [{\n network: producerNet.id,\n }],\n region: \"us-central1\",\n zoneDistributionConfig: {\n mode: \"SINGLE_ZONE\",\n zone: \"us-central1-f\",\n },\n maintenancePolicy: {\n weeklyMaintenanceWindows: [{\n day: \"MONDAY\",\n startTime: {\n hours: 1,\n minutes: 0,\n seconds: 0,\n nanos: 0,\n },\n }],\n },\n deletionProtectionEnabled: true,\n}, {\n dependsOn: [_default],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproducer_net = gcp.compute.Network(\"producer_net\",\n name=\"mynetwork\",\n auto_create_subnetworks=False)\nproducer_subnet = gcp.compute.Subnetwork(\"producer_subnet\",\n name=\"mysubnet\",\n ip_cidr_range=\"10.0.0.248/29\",\n region=\"us-central1\",\n network=producer_net.id)\ndefault = gcp.networkconnectivity.ServiceConnectionPolicy(\"default\",\n name=\"mypolicy\",\n location=\"us-central1\",\n service_class=\"gcp-memorystore-redis\",\n description=\"my basic service connection policy\",\n network=producer_net.id,\n psc_config={\n \"subnetworks\": [producer_subnet.id],\n })\ncluster_ha_single_zone = gcp.redis.Cluster(\"cluster-ha-single-zone\",\n name=\"ha-cluster-single-zone\",\n shard_count=3,\n psc_configs=[{\n \"network\": producer_net.id,\n }],\n region=\"us-central1\",\n zone_distribution_config={\n \"mode\": \"SINGLE_ZONE\",\n \"zone\": \"us-central1-f\",\n },\n maintenance_policy={\n \"weekly_maintenance_windows\": [{\n \"day\": \"MONDAY\",\n \"start_time\": {\n \"hours\": 1,\n \"minutes\": 0,\n \"seconds\": 0,\n \"nanos\": 0,\n },\n }],\n },\n deletion_protection_enabled=True,\n opts = pulumi.ResourceOptions(depends_on=[default]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var producerNet = new Gcp.Compute.Network(\"producer_net\", new()\n {\n Name = \"mynetwork\",\n AutoCreateSubnetworks = false,\n });\n\n var producerSubnet = new Gcp.Compute.Subnetwork(\"producer_subnet\", new()\n {\n Name = \"mysubnet\",\n IpCidrRange = \"10.0.0.248/29\",\n Region = \"us-central1\",\n Network = producerNet.Id,\n });\n\n var @default = new Gcp.NetworkConnectivity.ServiceConnectionPolicy(\"default\", new()\n {\n Name = \"mypolicy\",\n Location = \"us-central1\",\n ServiceClass = \"gcp-memorystore-redis\",\n Description = \"my basic service connection policy\",\n Network = producerNet.Id,\n PscConfig = new Gcp.NetworkConnectivity.Inputs.ServiceConnectionPolicyPscConfigArgs\n {\n Subnetworks = new[]\n {\n producerSubnet.Id,\n },\n },\n });\n\n var cluster_ha_single_zone = new Gcp.Redis.Cluster(\"cluster-ha-single-zone\", new()\n {\n Name = \"ha-cluster-single-zone\",\n ShardCount = 3,\n PscConfigs = new[]\n {\n new Gcp.Redis.Inputs.ClusterPscConfigArgs\n {\n Network = producerNet.Id,\n },\n },\n Region = \"us-central1\",\n ZoneDistributionConfig = new Gcp.Redis.Inputs.ClusterZoneDistributionConfigArgs\n {\n Mode = \"SINGLE_ZONE\",\n Zone = \"us-central1-f\",\n },\n MaintenancePolicy = new Gcp.Redis.Inputs.ClusterMaintenancePolicyArgs\n {\n WeeklyMaintenanceWindows = new[]\n {\n new Gcp.Redis.Inputs.ClusterMaintenancePolicyWeeklyMaintenanceWindowArgs\n {\n Day = \"MONDAY\",\n StartTime = new Gcp.Redis.Inputs.ClusterMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs\n {\n Hours = 1,\n Minutes = 0,\n Seconds = 0,\n Nanos = 0,\n },\n },\n },\n },\n DeletionProtectionEnabled = true,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/redis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproducerNet, err := compute.NewNetwork(ctx, \"producer_net\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"mynetwork\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerSubnet, err := compute.NewSubnetwork(ctx, \"producer_subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"mysubnet\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.248/29\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewServiceConnectionPolicy(ctx, \"default\", \u0026networkconnectivity.ServiceConnectionPolicyArgs{\n\t\t\tName: pulumi.String(\"mypolicy\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tServiceClass: pulumi.String(\"gcp-memorystore-redis\"),\n\t\t\tDescription: pulumi.String(\"my basic service connection policy\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t\tPscConfig: \u0026networkconnectivity.ServiceConnectionPolicyPscConfigArgs{\n\t\t\t\tSubnetworks: pulumi.StringArray{\n\t\t\t\t\tproducerSubnet.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = redis.NewCluster(ctx, \"cluster-ha-single-zone\", \u0026redis.ClusterArgs{\n\t\t\tName: pulumi.String(\"ha-cluster-single-zone\"),\n\t\t\tShardCount: pulumi.Int(3),\n\t\t\tPscConfigs: redis.ClusterPscConfigArray{\n\t\t\t\t\u0026redis.ClusterPscConfigArgs{\n\t\t\t\t\tNetwork: producerNet.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tZoneDistributionConfig: \u0026redis.ClusterZoneDistributionConfigArgs{\n\t\t\t\tMode: pulumi.String(\"SINGLE_ZONE\"),\n\t\t\t\tZone: pulumi.String(\"us-central1-f\"),\n\t\t\t},\n\t\t\tMaintenancePolicy: \u0026redis.ClusterMaintenancePolicyArgs{\n\t\t\t\tWeeklyMaintenanceWindows: redis.ClusterMaintenancePolicyWeeklyMaintenanceWindowArray{\n\t\t\t\t\t\u0026redis.ClusterMaintenancePolicyWeeklyMaintenanceWindowArgs{\n\t\t\t\t\t\tDay: pulumi.String(\"MONDAY\"),\n\t\t\t\t\t\tStartTime: \u0026redis.ClusterMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs{\n\t\t\t\t\t\t\tHours: pulumi.Int(1),\n\t\t\t\t\t\t\tMinutes: pulumi.Int(0),\n\t\t\t\t\t\t\tSeconds: pulumi.Int(0),\n\t\t\t\t\t\t\tNanos: pulumi.Int(0),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeletionProtectionEnabled: pulumi.Bool(true),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicy;\nimport com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicyArgs;\nimport com.pulumi.gcp.networkconnectivity.inputs.ServiceConnectionPolicyPscConfigArgs;\nimport com.pulumi.gcp.redis.Cluster;\nimport com.pulumi.gcp.redis.ClusterArgs;\nimport com.pulumi.gcp.redis.inputs.ClusterPscConfigArgs;\nimport com.pulumi.gcp.redis.inputs.ClusterZoneDistributionConfigArgs;\nimport com.pulumi.gcp.redis.inputs.ClusterMaintenancePolicyArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var producerNet = new Network(\"producerNet\", NetworkArgs.builder()\n .name(\"mynetwork\")\n .autoCreateSubnetworks(false)\n .build());\n\n var producerSubnet = new Subnetwork(\"producerSubnet\", SubnetworkArgs.builder()\n .name(\"mysubnet\")\n .ipCidrRange(\"10.0.0.248/29\")\n .region(\"us-central1\")\n .network(producerNet.id())\n .build());\n\n var default_ = new ServiceConnectionPolicy(\"default\", ServiceConnectionPolicyArgs.builder()\n .name(\"mypolicy\")\n .location(\"us-central1\")\n .serviceClass(\"gcp-memorystore-redis\")\n .description(\"my basic service connection policy\")\n .network(producerNet.id())\n .pscConfig(ServiceConnectionPolicyPscConfigArgs.builder()\n .subnetworks(producerSubnet.id())\n .build())\n .build());\n\n var cluster_ha_single_zone = new Cluster(\"cluster-ha-single-zone\", ClusterArgs.builder()\n .name(\"ha-cluster-single-zone\")\n .shardCount(3)\n .pscConfigs(ClusterPscConfigArgs.builder()\n .network(producerNet.id())\n .build())\n .region(\"us-central1\")\n .zoneDistributionConfig(ClusterZoneDistributionConfigArgs.builder()\n .mode(\"SINGLE_ZONE\")\n .zone(\"us-central1-f\")\n .build())\n .maintenancePolicy(ClusterMaintenancePolicyArgs.builder()\n .weeklyMaintenanceWindows(ClusterMaintenancePolicyWeeklyMaintenanceWindowArgs.builder()\n .day(\"MONDAY\")\n .startTime(ClusterMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs.builder()\n .hours(1)\n .minutes(0)\n .seconds(0)\n .nanos(0)\n .build())\n .build())\n .build())\n .deletionProtectionEnabled(true)\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cluster-ha-single-zone:\n type: gcp:redis:Cluster\n properties:\n name: ha-cluster-single-zone\n shardCount: 3\n pscConfigs:\n - network: ${producerNet.id}\n region: us-central1\n zoneDistributionConfig:\n mode: SINGLE_ZONE\n zone: us-central1-f\n maintenancePolicy:\n weeklyMaintenanceWindows:\n - day: MONDAY\n startTime:\n hours: 1\n minutes: 0\n seconds: 0\n nanos: 0\n deletionProtectionEnabled: true\n options:\n dependson:\n - ${default}\n default:\n type: gcp:networkconnectivity:ServiceConnectionPolicy\n properties:\n name: mypolicy\n location: us-central1\n serviceClass: gcp-memorystore-redis\n description: my basic service connection policy\n network: ${producerNet.id}\n pscConfig:\n subnetworks:\n - ${producerSubnet.id}\n producerSubnet:\n type: gcp:compute:Subnetwork\n name: producer_subnet\n properties:\n name: mysubnet\n ipCidrRange: 10.0.0.248/29\n region: us-central1\n network: ${producerNet.id}\n producerNet:\n type: gcp:compute:Network\n name: producer_net\n properties:\n name: mynetwork\n autoCreateSubnetworks: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Redis Cluster Rdb\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst producerNet = new gcp.compute.Network(\"producer_net\", {\n name: \"mynetwork\",\n autoCreateSubnetworks: false,\n});\nconst producerSubnet = new gcp.compute.Subnetwork(\"producer_subnet\", {\n name: \"mysubnet\",\n ipCidrRange: \"10.0.0.248/29\",\n region: \"us-central1\",\n network: producerNet.id,\n});\nconst _default = new gcp.networkconnectivity.ServiceConnectionPolicy(\"default\", {\n name: \"mypolicy\",\n location: \"us-central1\",\n serviceClass: \"gcp-memorystore-redis\",\n description: \"my basic service connection policy\",\n network: producerNet.id,\n pscConfig: {\n subnetworks: [producerSubnet.id],\n },\n});\nconst cluster_rdb = new gcp.redis.Cluster(\"cluster-rdb\", {\n name: \"rdb-cluster\",\n shardCount: 3,\n pscConfigs: [{\n network: producerNet.id,\n }],\n region: \"us-central1\",\n replicaCount: 0,\n nodeType: \"REDIS_SHARED_CORE_NANO\",\n transitEncryptionMode: \"TRANSIT_ENCRYPTION_MODE_DISABLED\",\n authorizationMode: \"AUTH_MODE_DISABLED\",\n redisConfigs: {\n \"maxmemory-policy\": \"volatile-ttl\",\n },\n deletionProtectionEnabled: true,\n zoneDistributionConfig: {\n mode: \"MULTI_ZONE\",\n },\n maintenancePolicy: {\n weeklyMaintenanceWindows: [{\n day: \"MONDAY\",\n startTime: {\n hours: 1,\n minutes: 0,\n seconds: 0,\n nanos: 0,\n },\n }],\n },\n persistenceConfig: {\n mode: \"RDB\",\n rdbConfig: {\n rdbSnapshotPeriod: \"ONE_HOUR\",\n rdbSnapshotStartTime: \"2024-10-02T15:01:23Z\",\n },\n },\n}, {\n dependsOn: [_default],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproducer_net = gcp.compute.Network(\"producer_net\",\n name=\"mynetwork\",\n auto_create_subnetworks=False)\nproducer_subnet = gcp.compute.Subnetwork(\"producer_subnet\",\n name=\"mysubnet\",\n ip_cidr_range=\"10.0.0.248/29\",\n region=\"us-central1\",\n network=producer_net.id)\ndefault = gcp.networkconnectivity.ServiceConnectionPolicy(\"default\",\n name=\"mypolicy\",\n location=\"us-central1\",\n service_class=\"gcp-memorystore-redis\",\n description=\"my basic service connection policy\",\n network=producer_net.id,\n psc_config={\n \"subnetworks\": [producer_subnet.id],\n })\ncluster_rdb = gcp.redis.Cluster(\"cluster-rdb\",\n name=\"rdb-cluster\",\n shard_count=3,\n psc_configs=[{\n \"network\": producer_net.id,\n }],\n region=\"us-central1\",\n replica_count=0,\n node_type=\"REDIS_SHARED_CORE_NANO\",\n transit_encryption_mode=\"TRANSIT_ENCRYPTION_MODE_DISABLED\",\n authorization_mode=\"AUTH_MODE_DISABLED\",\n redis_configs={\n \"maxmemory-policy\": \"volatile-ttl\",\n },\n deletion_protection_enabled=True,\n zone_distribution_config={\n \"mode\": \"MULTI_ZONE\",\n },\n maintenance_policy={\n \"weekly_maintenance_windows\": [{\n \"day\": \"MONDAY\",\n \"start_time\": {\n \"hours\": 1,\n \"minutes\": 0,\n \"seconds\": 0,\n \"nanos\": 0,\n },\n }],\n },\n persistence_config={\n \"mode\": \"RDB\",\n \"rdb_config\": {\n \"rdb_snapshot_period\": \"ONE_HOUR\",\n \"rdb_snapshot_start_time\": \"2024-10-02T15:01:23Z\",\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[default]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var producerNet = new Gcp.Compute.Network(\"producer_net\", new()\n {\n Name = \"mynetwork\",\n AutoCreateSubnetworks = false,\n });\n\n var producerSubnet = new Gcp.Compute.Subnetwork(\"producer_subnet\", new()\n {\n Name = \"mysubnet\",\n IpCidrRange = \"10.0.0.248/29\",\n Region = \"us-central1\",\n Network = producerNet.Id,\n });\n\n var @default = new Gcp.NetworkConnectivity.ServiceConnectionPolicy(\"default\", new()\n {\n Name = \"mypolicy\",\n Location = \"us-central1\",\n ServiceClass = \"gcp-memorystore-redis\",\n Description = \"my basic service connection policy\",\n Network = producerNet.Id,\n PscConfig = new Gcp.NetworkConnectivity.Inputs.ServiceConnectionPolicyPscConfigArgs\n {\n Subnetworks = new[]\n {\n producerSubnet.Id,\n },\n },\n });\n\n var cluster_rdb = new Gcp.Redis.Cluster(\"cluster-rdb\", new()\n {\n Name = \"rdb-cluster\",\n ShardCount = 3,\n PscConfigs = new[]\n {\n new Gcp.Redis.Inputs.ClusterPscConfigArgs\n {\n Network = producerNet.Id,\n },\n },\n Region = \"us-central1\",\n ReplicaCount = 0,\n NodeType = \"REDIS_SHARED_CORE_NANO\",\n TransitEncryptionMode = \"TRANSIT_ENCRYPTION_MODE_DISABLED\",\n AuthorizationMode = \"AUTH_MODE_DISABLED\",\n RedisConfigs = \n {\n { \"maxmemory-policy\", \"volatile-ttl\" },\n },\n DeletionProtectionEnabled = true,\n ZoneDistributionConfig = new Gcp.Redis.Inputs.ClusterZoneDistributionConfigArgs\n {\n Mode = \"MULTI_ZONE\",\n },\n MaintenancePolicy = new Gcp.Redis.Inputs.ClusterMaintenancePolicyArgs\n {\n WeeklyMaintenanceWindows = new[]\n {\n new Gcp.Redis.Inputs.ClusterMaintenancePolicyWeeklyMaintenanceWindowArgs\n {\n Day = \"MONDAY\",\n StartTime = new Gcp.Redis.Inputs.ClusterMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs\n {\n Hours = 1,\n Minutes = 0,\n Seconds = 0,\n Nanos = 0,\n },\n },\n },\n },\n PersistenceConfig = new Gcp.Redis.Inputs.ClusterPersistenceConfigArgs\n {\n Mode = \"RDB\",\n RdbConfig = new Gcp.Redis.Inputs.ClusterPersistenceConfigRdbConfigArgs\n {\n RdbSnapshotPeriod = \"ONE_HOUR\",\n RdbSnapshotStartTime = \"2024-10-02T15:01:23Z\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/redis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproducerNet, err := compute.NewNetwork(ctx, \"producer_net\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"mynetwork\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerSubnet, err := compute.NewSubnetwork(ctx, \"producer_subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"mysubnet\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.248/29\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewServiceConnectionPolicy(ctx, \"default\", \u0026networkconnectivity.ServiceConnectionPolicyArgs{\n\t\t\tName: pulumi.String(\"mypolicy\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tServiceClass: pulumi.String(\"gcp-memorystore-redis\"),\n\t\t\tDescription: pulumi.String(\"my basic service connection policy\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t\tPscConfig: \u0026networkconnectivity.ServiceConnectionPolicyPscConfigArgs{\n\t\t\t\tSubnetworks: pulumi.StringArray{\n\t\t\t\t\tproducerSubnet.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = redis.NewCluster(ctx, \"cluster-rdb\", \u0026redis.ClusterArgs{\n\t\t\tName: pulumi.String(\"rdb-cluster\"),\n\t\t\tShardCount: pulumi.Int(3),\n\t\t\tPscConfigs: redis.ClusterPscConfigArray{\n\t\t\t\t\u0026redis.ClusterPscConfigArgs{\n\t\t\t\t\tNetwork: producerNet.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tReplicaCount: pulumi.Int(0),\n\t\t\tNodeType: pulumi.String(\"REDIS_SHARED_CORE_NANO\"),\n\t\t\tTransitEncryptionMode: pulumi.String(\"TRANSIT_ENCRYPTION_MODE_DISABLED\"),\n\t\t\tAuthorizationMode: pulumi.String(\"AUTH_MODE_DISABLED\"),\n\t\t\tRedisConfigs: pulumi.StringMap{\n\t\t\t\t\"maxmemory-policy\": pulumi.String(\"volatile-ttl\"),\n\t\t\t},\n\t\t\tDeletionProtectionEnabled: pulumi.Bool(true),\n\t\t\tZoneDistributionConfig: \u0026redis.ClusterZoneDistributionConfigArgs{\n\t\t\t\tMode: pulumi.String(\"MULTI_ZONE\"),\n\t\t\t},\n\t\t\tMaintenancePolicy: \u0026redis.ClusterMaintenancePolicyArgs{\n\t\t\t\tWeeklyMaintenanceWindows: redis.ClusterMaintenancePolicyWeeklyMaintenanceWindowArray{\n\t\t\t\t\t\u0026redis.ClusterMaintenancePolicyWeeklyMaintenanceWindowArgs{\n\t\t\t\t\t\tDay: pulumi.String(\"MONDAY\"),\n\t\t\t\t\t\tStartTime: \u0026redis.ClusterMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs{\n\t\t\t\t\t\t\tHours: pulumi.Int(1),\n\t\t\t\t\t\t\tMinutes: pulumi.Int(0),\n\t\t\t\t\t\t\tSeconds: pulumi.Int(0),\n\t\t\t\t\t\t\tNanos: pulumi.Int(0),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tPersistenceConfig: \u0026redis.ClusterPersistenceConfigArgs{\n\t\t\t\tMode: pulumi.String(\"RDB\"),\n\t\t\t\tRdbConfig: \u0026redis.ClusterPersistenceConfigRdbConfigArgs{\n\t\t\t\t\tRdbSnapshotPeriod: pulumi.String(\"ONE_HOUR\"),\n\t\t\t\t\tRdbSnapshotStartTime: pulumi.String(\"2024-10-02T15:01:23Z\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicy;\nimport com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicyArgs;\nimport com.pulumi.gcp.networkconnectivity.inputs.ServiceConnectionPolicyPscConfigArgs;\nimport com.pulumi.gcp.redis.Cluster;\nimport com.pulumi.gcp.redis.ClusterArgs;\nimport com.pulumi.gcp.redis.inputs.ClusterPscConfigArgs;\nimport com.pulumi.gcp.redis.inputs.ClusterZoneDistributionConfigArgs;\nimport com.pulumi.gcp.redis.inputs.ClusterMaintenancePolicyArgs;\nimport com.pulumi.gcp.redis.inputs.ClusterPersistenceConfigArgs;\nimport com.pulumi.gcp.redis.inputs.ClusterPersistenceConfigRdbConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var producerNet = new Network(\"producerNet\", NetworkArgs.builder()\n .name(\"mynetwork\")\n .autoCreateSubnetworks(false)\n .build());\n\n var producerSubnet = new Subnetwork(\"producerSubnet\", SubnetworkArgs.builder()\n .name(\"mysubnet\")\n .ipCidrRange(\"10.0.0.248/29\")\n .region(\"us-central1\")\n .network(producerNet.id())\n .build());\n\n var default_ = new ServiceConnectionPolicy(\"default\", ServiceConnectionPolicyArgs.builder()\n .name(\"mypolicy\")\n .location(\"us-central1\")\n .serviceClass(\"gcp-memorystore-redis\")\n .description(\"my basic service connection policy\")\n .network(producerNet.id())\n .pscConfig(ServiceConnectionPolicyPscConfigArgs.builder()\n .subnetworks(producerSubnet.id())\n .build())\n .build());\n\n var cluster_rdb = new Cluster(\"cluster-rdb\", ClusterArgs.builder()\n .name(\"rdb-cluster\")\n .shardCount(3)\n .pscConfigs(ClusterPscConfigArgs.builder()\n .network(producerNet.id())\n .build())\n .region(\"us-central1\")\n .replicaCount(0)\n .nodeType(\"REDIS_SHARED_CORE_NANO\")\n .transitEncryptionMode(\"TRANSIT_ENCRYPTION_MODE_DISABLED\")\n .authorizationMode(\"AUTH_MODE_DISABLED\")\n .redisConfigs(Map.of(\"maxmemory-policy\", \"volatile-ttl\"))\n .deletionProtectionEnabled(true)\n .zoneDistributionConfig(ClusterZoneDistributionConfigArgs.builder()\n .mode(\"MULTI_ZONE\")\n .build())\n .maintenancePolicy(ClusterMaintenancePolicyArgs.builder()\n .weeklyMaintenanceWindows(ClusterMaintenancePolicyWeeklyMaintenanceWindowArgs.builder()\n .day(\"MONDAY\")\n .startTime(ClusterMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs.builder()\n .hours(1)\n .minutes(0)\n .seconds(0)\n .nanos(0)\n .build())\n .build())\n .build())\n .persistenceConfig(ClusterPersistenceConfigArgs.builder()\n .mode(\"RDB\")\n .rdbConfig(ClusterPersistenceConfigRdbConfigArgs.builder()\n .rdbSnapshotPeriod(\"ONE_HOUR\")\n .rdbSnapshotStartTime(\"2024-10-02T15:01:23Z\")\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cluster-rdb:\n type: gcp:redis:Cluster\n properties:\n name: rdb-cluster\n shardCount: 3\n pscConfigs:\n - network: ${producerNet.id}\n region: us-central1\n replicaCount: 0\n nodeType: REDIS_SHARED_CORE_NANO\n transitEncryptionMode: TRANSIT_ENCRYPTION_MODE_DISABLED\n authorizationMode: AUTH_MODE_DISABLED\n redisConfigs:\n maxmemory-policy: volatile-ttl\n deletionProtectionEnabled: true\n zoneDistributionConfig:\n mode: MULTI_ZONE\n maintenancePolicy:\n weeklyMaintenanceWindows:\n - day: MONDAY\n startTime:\n hours: 1\n minutes: 0\n seconds: 0\n nanos: 0\n persistenceConfig:\n mode: RDB\n rdbConfig:\n rdbSnapshotPeriod: ONE_HOUR\n rdbSnapshotStartTime: 2024-10-02T15:01:23Z\n options:\n dependson:\n - ${default}\n default:\n type: gcp:networkconnectivity:ServiceConnectionPolicy\n properties:\n name: mypolicy\n location: us-central1\n serviceClass: gcp-memorystore-redis\n description: my basic service connection policy\n network: ${producerNet.id}\n pscConfig:\n subnetworks:\n - ${producerSubnet.id}\n producerSubnet:\n type: gcp:compute:Subnetwork\n name: producer_subnet\n properties:\n name: mysubnet\n ipCidrRange: 10.0.0.248/29\n region: us-central1\n network: ${producerNet.id}\n producerNet:\n type: gcp:compute:Network\n name: producer_net\n properties:\n name: mynetwork\n autoCreateSubnetworks: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Redis Cluster Aof\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst producerNet = new gcp.compute.Network(\"producer_net\", {\n name: \"mynetwork\",\n autoCreateSubnetworks: false,\n});\nconst producerSubnet = new gcp.compute.Subnetwork(\"producer_subnet\", {\n name: \"mysubnet\",\n ipCidrRange: \"10.0.0.248/29\",\n region: \"us-central1\",\n network: producerNet.id,\n});\nconst _default = new gcp.networkconnectivity.ServiceConnectionPolicy(\"default\", {\n name: \"mypolicy\",\n location: \"us-central1\",\n serviceClass: \"gcp-memorystore-redis\",\n description: \"my basic service connection policy\",\n network: producerNet.id,\n pscConfig: {\n subnetworks: [producerSubnet.id],\n },\n});\nconst cluster_aof = new gcp.redis.Cluster(\"cluster-aof\", {\n name: \"aof-cluster\",\n shardCount: 3,\n pscConfigs: [{\n network: producerNet.id,\n }],\n region: \"us-central1\",\n replicaCount: 0,\n nodeType: \"REDIS_SHARED_CORE_NANO\",\n transitEncryptionMode: \"TRANSIT_ENCRYPTION_MODE_DISABLED\",\n authorizationMode: \"AUTH_MODE_DISABLED\",\n redisConfigs: {\n \"maxmemory-policy\": \"volatile-ttl\",\n },\n deletionProtectionEnabled: true,\n zoneDistributionConfig: {\n mode: \"MULTI_ZONE\",\n },\n maintenancePolicy: {\n weeklyMaintenanceWindows: [{\n day: \"MONDAY\",\n startTime: {\n hours: 1,\n minutes: 0,\n seconds: 0,\n nanos: 0,\n },\n }],\n },\n persistenceConfig: {\n mode: \"AOF\",\n aofConfig: {\n appendFsync: \"EVERYSEC\",\n },\n },\n}, {\n dependsOn: [_default],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproducer_net = gcp.compute.Network(\"producer_net\",\n name=\"mynetwork\",\n auto_create_subnetworks=False)\nproducer_subnet = gcp.compute.Subnetwork(\"producer_subnet\",\n name=\"mysubnet\",\n ip_cidr_range=\"10.0.0.248/29\",\n region=\"us-central1\",\n network=producer_net.id)\ndefault = gcp.networkconnectivity.ServiceConnectionPolicy(\"default\",\n name=\"mypolicy\",\n location=\"us-central1\",\n service_class=\"gcp-memorystore-redis\",\n description=\"my basic service connection policy\",\n network=producer_net.id,\n psc_config={\n \"subnetworks\": [producer_subnet.id],\n })\ncluster_aof = gcp.redis.Cluster(\"cluster-aof\",\n name=\"aof-cluster\",\n shard_count=3,\n psc_configs=[{\n \"network\": producer_net.id,\n }],\n region=\"us-central1\",\n replica_count=0,\n node_type=\"REDIS_SHARED_CORE_NANO\",\n transit_encryption_mode=\"TRANSIT_ENCRYPTION_MODE_DISABLED\",\n authorization_mode=\"AUTH_MODE_DISABLED\",\n redis_configs={\n \"maxmemory-policy\": \"volatile-ttl\",\n },\n deletion_protection_enabled=True,\n zone_distribution_config={\n \"mode\": \"MULTI_ZONE\",\n },\n maintenance_policy={\n \"weekly_maintenance_windows\": [{\n \"day\": \"MONDAY\",\n \"start_time\": {\n \"hours\": 1,\n \"minutes\": 0,\n \"seconds\": 0,\n \"nanos\": 0,\n },\n }],\n },\n persistence_config={\n \"mode\": \"AOF\",\n \"aof_config\": {\n \"append_fsync\": \"EVERYSEC\",\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[default]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var producerNet = new Gcp.Compute.Network(\"producer_net\", new()\n {\n Name = \"mynetwork\",\n AutoCreateSubnetworks = false,\n });\n\n var producerSubnet = new Gcp.Compute.Subnetwork(\"producer_subnet\", new()\n {\n Name = \"mysubnet\",\n IpCidrRange = \"10.0.0.248/29\",\n Region = \"us-central1\",\n Network = producerNet.Id,\n });\n\n var @default = new Gcp.NetworkConnectivity.ServiceConnectionPolicy(\"default\", new()\n {\n Name = \"mypolicy\",\n Location = \"us-central1\",\n ServiceClass = \"gcp-memorystore-redis\",\n Description = \"my basic service connection policy\",\n Network = producerNet.Id,\n PscConfig = new Gcp.NetworkConnectivity.Inputs.ServiceConnectionPolicyPscConfigArgs\n {\n Subnetworks = new[]\n {\n producerSubnet.Id,\n },\n },\n });\n\n var cluster_aof = new Gcp.Redis.Cluster(\"cluster-aof\", new()\n {\n Name = \"aof-cluster\",\n ShardCount = 3,\n PscConfigs = new[]\n {\n new Gcp.Redis.Inputs.ClusterPscConfigArgs\n {\n Network = producerNet.Id,\n },\n },\n Region = \"us-central1\",\n ReplicaCount = 0,\n NodeType = \"REDIS_SHARED_CORE_NANO\",\n TransitEncryptionMode = \"TRANSIT_ENCRYPTION_MODE_DISABLED\",\n AuthorizationMode = \"AUTH_MODE_DISABLED\",\n RedisConfigs = \n {\n { \"maxmemory-policy\", \"volatile-ttl\" },\n },\n DeletionProtectionEnabled = true,\n ZoneDistributionConfig = new Gcp.Redis.Inputs.ClusterZoneDistributionConfigArgs\n {\n Mode = \"MULTI_ZONE\",\n },\n MaintenancePolicy = new Gcp.Redis.Inputs.ClusterMaintenancePolicyArgs\n {\n WeeklyMaintenanceWindows = new[]\n {\n new Gcp.Redis.Inputs.ClusterMaintenancePolicyWeeklyMaintenanceWindowArgs\n {\n Day = \"MONDAY\",\n StartTime = new Gcp.Redis.Inputs.ClusterMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs\n {\n Hours = 1,\n Minutes = 0,\n Seconds = 0,\n Nanos = 0,\n },\n },\n },\n },\n PersistenceConfig = new Gcp.Redis.Inputs.ClusterPersistenceConfigArgs\n {\n Mode = \"AOF\",\n AofConfig = new Gcp.Redis.Inputs.ClusterPersistenceConfigAofConfigArgs\n {\n AppendFsync = \"EVERYSEC\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/redis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproducerNet, err := compute.NewNetwork(ctx, \"producer_net\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"mynetwork\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerSubnet, err := compute.NewSubnetwork(ctx, \"producer_subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"mysubnet\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.248/29\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewServiceConnectionPolicy(ctx, \"default\", \u0026networkconnectivity.ServiceConnectionPolicyArgs{\n\t\t\tName: pulumi.String(\"mypolicy\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tServiceClass: pulumi.String(\"gcp-memorystore-redis\"),\n\t\t\tDescription: pulumi.String(\"my basic service connection policy\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t\tPscConfig: \u0026networkconnectivity.ServiceConnectionPolicyPscConfigArgs{\n\t\t\t\tSubnetworks: pulumi.StringArray{\n\t\t\t\t\tproducerSubnet.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = redis.NewCluster(ctx, \"cluster-aof\", \u0026redis.ClusterArgs{\n\t\t\tName: pulumi.String(\"aof-cluster\"),\n\t\t\tShardCount: pulumi.Int(3),\n\t\t\tPscConfigs: redis.ClusterPscConfigArray{\n\t\t\t\t\u0026redis.ClusterPscConfigArgs{\n\t\t\t\t\tNetwork: producerNet.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tReplicaCount: pulumi.Int(0),\n\t\t\tNodeType: pulumi.String(\"REDIS_SHARED_CORE_NANO\"),\n\t\t\tTransitEncryptionMode: pulumi.String(\"TRANSIT_ENCRYPTION_MODE_DISABLED\"),\n\t\t\tAuthorizationMode: pulumi.String(\"AUTH_MODE_DISABLED\"),\n\t\t\tRedisConfigs: pulumi.StringMap{\n\t\t\t\t\"maxmemory-policy\": pulumi.String(\"volatile-ttl\"),\n\t\t\t},\n\t\t\tDeletionProtectionEnabled: pulumi.Bool(true),\n\t\t\tZoneDistributionConfig: \u0026redis.ClusterZoneDistributionConfigArgs{\n\t\t\t\tMode: pulumi.String(\"MULTI_ZONE\"),\n\t\t\t},\n\t\t\tMaintenancePolicy: \u0026redis.ClusterMaintenancePolicyArgs{\n\t\t\t\tWeeklyMaintenanceWindows: redis.ClusterMaintenancePolicyWeeklyMaintenanceWindowArray{\n\t\t\t\t\t\u0026redis.ClusterMaintenancePolicyWeeklyMaintenanceWindowArgs{\n\t\t\t\t\t\tDay: pulumi.String(\"MONDAY\"),\n\t\t\t\t\t\tStartTime: \u0026redis.ClusterMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs{\n\t\t\t\t\t\t\tHours: pulumi.Int(1),\n\t\t\t\t\t\t\tMinutes: pulumi.Int(0),\n\t\t\t\t\t\t\tSeconds: pulumi.Int(0),\n\t\t\t\t\t\t\tNanos: pulumi.Int(0),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tPersistenceConfig: \u0026redis.ClusterPersistenceConfigArgs{\n\t\t\t\tMode: pulumi.String(\"AOF\"),\n\t\t\t\tAofConfig: \u0026redis.ClusterPersistenceConfigAofConfigArgs{\n\t\t\t\t\tAppendFsync: pulumi.String(\"EVERYSEC\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicy;\nimport com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicyArgs;\nimport com.pulumi.gcp.networkconnectivity.inputs.ServiceConnectionPolicyPscConfigArgs;\nimport com.pulumi.gcp.redis.Cluster;\nimport com.pulumi.gcp.redis.ClusterArgs;\nimport com.pulumi.gcp.redis.inputs.ClusterPscConfigArgs;\nimport com.pulumi.gcp.redis.inputs.ClusterZoneDistributionConfigArgs;\nimport com.pulumi.gcp.redis.inputs.ClusterMaintenancePolicyArgs;\nimport com.pulumi.gcp.redis.inputs.ClusterPersistenceConfigArgs;\nimport com.pulumi.gcp.redis.inputs.ClusterPersistenceConfigAofConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var producerNet = new Network(\"producerNet\", NetworkArgs.builder()\n .name(\"mynetwork\")\n .autoCreateSubnetworks(false)\n .build());\n\n var producerSubnet = new Subnetwork(\"producerSubnet\", SubnetworkArgs.builder()\n .name(\"mysubnet\")\n .ipCidrRange(\"10.0.0.248/29\")\n .region(\"us-central1\")\n .network(producerNet.id())\n .build());\n\n var default_ = new ServiceConnectionPolicy(\"default\", ServiceConnectionPolicyArgs.builder()\n .name(\"mypolicy\")\n .location(\"us-central1\")\n .serviceClass(\"gcp-memorystore-redis\")\n .description(\"my basic service connection policy\")\n .network(producerNet.id())\n .pscConfig(ServiceConnectionPolicyPscConfigArgs.builder()\n .subnetworks(producerSubnet.id())\n .build())\n .build());\n\n var cluster_aof = new Cluster(\"cluster-aof\", ClusterArgs.builder()\n .name(\"aof-cluster\")\n .shardCount(3)\n .pscConfigs(ClusterPscConfigArgs.builder()\n .network(producerNet.id())\n .build())\n .region(\"us-central1\")\n .replicaCount(0)\n .nodeType(\"REDIS_SHARED_CORE_NANO\")\n .transitEncryptionMode(\"TRANSIT_ENCRYPTION_MODE_DISABLED\")\n .authorizationMode(\"AUTH_MODE_DISABLED\")\n .redisConfigs(Map.of(\"maxmemory-policy\", \"volatile-ttl\"))\n .deletionProtectionEnabled(true)\n .zoneDistributionConfig(ClusterZoneDistributionConfigArgs.builder()\n .mode(\"MULTI_ZONE\")\n .build())\n .maintenancePolicy(ClusterMaintenancePolicyArgs.builder()\n .weeklyMaintenanceWindows(ClusterMaintenancePolicyWeeklyMaintenanceWindowArgs.builder()\n .day(\"MONDAY\")\n .startTime(ClusterMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs.builder()\n .hours(1)\n .minutes(0)\n .seconds(0)\n .nanos(0)\n .build())\n .build())\n .build())\n .persistenceConfig(ClusterPersistenceConfigArgs.builder()\n .mode(\"AOF\")\n .aofConfig(ClusterPersistenceConfigAofConfigArgs.builder()\n .appendFsync(\"EVERYSEC\")\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cluster-aof:\n type: gcp:redis:Cluster\n properties:\n name: aof-cluster\n shardCount: 3\n pscConfigs:\n - network: ${producerNet.id}\n region: us-central1\n replicaCount: 0\n nodeType: REDIS_SHARED_CORE_NANO\n transitEncryptionMode: TRANSIT_ENCRYPTION_MODE_DISABLED\n authorizationMode: AUTH_MODE_DISABLED\n redisConfigs:\n maxmemory-policy: volatile-ttl\n deletionProtectionEnabled: true\n zoneDistributionConfig:\n mode: MULTI_ZONE\n maintenancePolicy:\n weeklyMaintenanceWindows:\n - day: MONDAY\n startTime:\n hours: 1\n minutes: 0\n seconds: 0\n nanos: 0\n persistenceConfig:\n mode: AOF\n aofConfig:\n appendFsync: EVERYSEC\n options:\n dependson:\n - ${default}\n default:\n type: gcp:networkconnectivity:ServiceConnectionPolicy\n properties:\n name: mypolicy\n location: us-central1\n serviceClass: gcp-memorystore-redis\n description: my basic service connection policy\n network: ${producerNet.id}\n pscConfig:\n subnetworks:\n - ${producerSubnet.id}\n producerSubnet:\n type: gcp:compute:Subnetwork\n name: producer_subnet\n properties:\n name: mysubnet\n ipCidrRange: 10.0.0.248/29\n region: us-central1\n network: ${producerNet.id}\n producerNet:\n type: gcp:compute:Network\n name: producer_net\n properties:\n name: mynetwork\n autoCreateSubnetworks: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nCluster can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/clusters/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Cluster can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:redis/cluster:Cluster default projects/{{project}}/locations/{{region}}/clusters/{{name}}\n```\n\n```sh\n$ pulumi import gcp:redis/cluster:Cluster default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:redis/cluster:Cluster default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:redis/cluster:Cluster default {{name}}\n```\n\n", + "description": "A Google Cloud Redis Cluster instance.\n\n\nTo get more information about Cluster, see:\n\n* [API documentation](https://cloud.google.com/memorystore/docs/cluster/reference/rest/v1/projects.locations.clusters)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/memorystore/docs/cluster/)\n\n## Example Usage\n\n### Redis Cluster Ha\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst producerNet = new gcp.compute.Network(\"producer_net\", {\n name: \"mynetwork\",\n autoCreateSubnetworks: false,\n});\nconst producerSubnet = new gcp.compute.Subnetwork(\"producer_subnet\", {\n name: \"mysubnet\",\n ipCidrRange: \"10.0.0.248/29\",\n region: \"us-central1\",\n network: producerNet.id,\n});\nconst _default = new gcp.networkconnectivity.ServiceConnectionPolicy(\"default\", {\n name: \"mypolicy\",\n location: \"us-central1\",\n serviceClass: \"gcp-memorystore-redis\",\n description: \"my basic service connection policy\",\n network: producerNet.id,\n pscConfig: {\n subnetworks: [producerSubnet.id],\n },\n});\nconst cluster_ha = new gcp.redis.Cluster(\"cluster-ha\", {\n name: \"ha-cluster\",\n shardCount: 3,\n pscConfigs: [{\n network: producerNet.id,\n }],\n region: \"us-central1\",\n replicaCount: 1,\n nodeType: \"REDIS_SHARED_CORE_NANO\",\n transitEncryptionMode: \"TRANSIT_ENCRYPTION_MODE_DISABLED\",\n authorizationMode: \"AUTH_MODE_DISABLED\",\n redisConfigs: {\n \"maxmemory-policy\": \"volatile-ttl\",\n },\n deletionProtectionEnabled: true,\n zoneDistributionConfig: {\n mode: \"MULTI_ZONE\",\n },\n maintenancePolicy: {\n weeklyMaintenanceWindows: [{\n day: \"MONDAY\",\n startTime: {\n hours: 1,\n minutes: 0,\n seconds: 0,\n nanos: 0,\n },\n }],\n },\n}, {\n dependsOn: [_default],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproducer_net = gcp.compute.Network(\"producer_net\",\n name=\"mynetwork\",\n auto_create_subnetworks=False)\nproducer_subnet = gcp.compute.Subnetwork(\"producer_subnet\",\n name=\"mysubnet\",\n ip_cidr_range=\"10.0.0.248/29\",\n region=\"us-central1\",\n network=producer_net.id)\ndefault = gcp.networkconnectivity.ServiceConnectionPolicy(\"default\",\n name=\"mypolicy\",\n location=\"us-central1\",\n service_class=\"gcp-memorystore-redis\",\n description=\"my basic service connection policy\",\n network=producer_net.id,\n psc_config={\n \"subnetworks\": [producer_subnet.id],\n })\ncluster_ha = gcp.redis.Cluster(\"cluster-ha\",\n name=\"ha-cluster\",\n shard_count=3,\n psc_configs=[{\n \"network\": producer_net.id,\n }],\n region=\"us-central1\",\n replica_count=1,\n node_type=\"REDIS_SHARED_CORE_NANO\",\n transit_encryption_mode=\"TRANSIT_ENCRYPTION_MODE_DISABLED\",\n authorization_mode=\"AUTH_MODE_DISABLED\",\n redis_configs={\n \"maxmemory-policy\": \"volatile-ttl\",\n },\n deletion_protection_enabled=True,\n zone_distribution_config={\n \"mode\": \"MULTI_ZONE\",\n },\n maintenance_policy={\n \"weekly_maintenance_windows\": [{\n \"day\": \"MONDAY\",\n \"start_time\": {\n \"hours\": 1,\n \"minutes\": 0,\n \"seconds\": 0,\n \"nanos\": 0,\n },\n }],\n },\n opts = pulumi.ResourceOptions(depends_on=[default]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var producerNet = new Gcp.Compute.Network(\"producer_net\", new()\n {\n Name = \"mynetwork\",\n AutoCreateSubnetworks = false,\n });\n\n var producerSubnet = new Gcp.Compute.Subnetwork(\"producer_subnet\", new()\n {\n Name = \"mysubnet\",\n IpCidrRange = \"10.0.0.248/29\",\n Region = \"us-central1\",\n Network = producerNet.Id,\n });\n\n var @default = new Gcp.NetworkConnectivity.ServiceConnectionPolicy(\"default\", new()\n {\n Name = \"mypolicy\",\n Location = \"us-central1\",\n ServiceClass = \"gcp-memorystore-redis\",\n Description = \"my basic service connection policy\",\n Network = producerNet.Id,\n PscConfig = new Gcp.NetworkConnectivity.Inputs.ServiceConnectionPolicyPscConfigArgs\n {\n Subnetworks = new[]\n {\n producerSubnet.Id,\n },\n },\n });\n\n var cluster_ha = new Gcp.Redis.Cluster(\"cluster-ha\", new()\n {\n Name = \"ha-cluster\",\n ShardCount = 3,\n PscConfigs = new[]\n {\n new Gcp.Redis.Inputs.ClusterPscConfigArgs\n {\n Network = producerNet.Id,\n },\n },\n Region = \"us-central1\",\n ReplicaCount = 1,\n NodeType = \"REDIS_SHARED_CORE_NANO\",\n TransitEncryptionMode = \"TRANSIT_ENCRYPTION_MODE_DISABLED\",\n AuthorizationMode = \"AUTH_MODE_DISABLED\",\n RedisConfigs = \n {\n { \"maxmemory-policy\", \"volatile-ttl\" },\n },\n DeletionProtectionEnabled = true,\n ZoneDistributionConfig = new Gcp.Redis.Inputs.ClusterZoneDistributionConfigArgs\n {\n Mode = \"MULTI_ZONE\",\n },\n MaintenancePolicy = new Gcp.Redis.Inputs.ClusterMaintenancePolicyArgs\n {\n WeeklyMaintenanceWindows = new[]\n {\n new Gcp.Redis.Inputs.ClusterMaintenancePolicyWeeklyMaintenanceWindowArgs\n {\n Day = \"MONDAY\",\n StartTime = new Gcp.Redis.Inputs.ClusterMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs\n {\n Hours = 1,\n Minutes = 0,\n Seconds = 0,\n Nanos = 0,\n },\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/redis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproducerNet, err := compute.NewNetwork(ctx, \"producer_net\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"mynetwork\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerSubnet, err := compute.NewSubnetwork(ctx, \"producer_subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"mysubnet\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.248/29\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewServiceConnectionPolicy(ctx, \"default\", \u0026networkconnectivity.ServiceConnectionPolicyArgs{\n\t\t\tName: pulumi.String(\"mypolicy\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tServiceClass: pulumi.String(\"gcp-memorystore-redis\"),\n\t\t\tDescription: pulumi.String(\"my basic service connection policy\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t\tPscConfig: \u0026networkconnectivity.ServiceConnectionPolicyPscConfigArgs{\n\t\t\t\tSubnetworks: pulumi.StringArray{\n\t\t\t\t\tproducerSubnet.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = redis.NewCluster(ctx, \"cluster-ha\", \u0026redis.ClusterArgs{\n\t\t\tName: pulumi.String(\"ha-cluster\"),\n\t\t\tShardCount: pulumi.Int(3),\n\t\t\tPscConfigs: redis.ClusterPscConfigArray{\n\t\t\t\t\u0026redis.ClusterPscConfigArgs{\n\t\t\t\t\tNetwork: producerNet.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tReplicaCount: pulumi.Int(1),\n\t\t\tNodeType: pulumi.String(\"REDIS_SHARED_CORE_NANO\"),\n\t\t\tTransitEncryptionMode: pulumi.String(\"TRANSIT_ENCRYPTION_MODE_DISABLED\"),\n\t\t\tAuthorizationMode: pulumi.String(\"AUTH_MODE_DISABLED\"),\n\t\t\tRedisConfigs: pulumi.StringMap{\n\t\t\t\t\"maxmemory-policy\": pulumi.String(\"volatile-ttl\"),\n\t\t\t},\n\t\t\tDeletionProtectionEnabled: pulumi.Bool(true),\n\t\t\tZoneDistributionConfig: \u0026redis.ClusterZoneDistributionConfigArgs{\n\t\t\t\tMode: pulumi.String(\"MULTI_ZONE\"),\n\t\t\t},\n\t\t\tMaintenancePolicy: \u0026redis.ClusterMaintenancePolicyArgs{\n\t\t\t\tWeeklyMaintenanceWindows: redis.ClusterMaintenancePolicyWeeklyMaintenanceWindowArray{\n\t\t\t\t\t\u0026redis.ClusterMaintenancePolicyWeeklyMaintenanceWindowArgs{\n\t\t\t\t\t\tDay: pulumi.String(\"MONDAY\"),\n\t\t\t\t\t\tStartTime: \u0026redis.ClusterMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs{\n\t\t\t\t\t\t\tHours: pulumi.Int(1),\n\t\t\t\t\t\t\tMinutes: pulumi.Int(0),\n\t\t\t\t\t\t\tSeconds: pulumi.Int(0),\n\t\t\t\t\t\t\tNanos: pulumi.Int(0),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicy;\nimport com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicyArgs;\nimport com.pulumi.gcp.networkconnectivity.inputs.ServiceConnectionPolicyPscConfigArgs;\nimport com.pulumi.gcp.redis.Cluster;\nimport com.pulumi.gcp.redis.ClusterArgs;\nimport com.pulumi.gcp.redis.inputs.ClusterPscConfigArgs;\nimport com.pulumi.gcp.redis.inputs.ClusterZoneDistributionConfigArgs;\nimport com.pulumi.gcp.redis.inputs.ClusterMaintenancePolicyArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var producerNet = new Network(\"producerNet\", NetworkArgs.builder()\n .name(\"mynetwork\")\n .autoCreateSubnetworks(false)\n .build());\n\n var producerSubnet = new Subnetwork(\"producerSubnet\", SubnetworkArgs.builder()\n .name(\"mysubnet\")\n .ipCidrRange(\"10.0.0.248/29\")\n .region(\"us-central1\")\n .network(producerNet.id())\n .build());\n\n var default_ = new ServiceConnectionPolicy(\"default\", ServiceConnectionPolicyArgs.builder()\n .name(\"mypolicy\")\n .location(\"us-central1\")\n .serviceClass(\"gcp-memorystore-redis\")\n .description(\"my basic service connection policy\")\n .network(producerNet.id())\n .pscConfig(ServiceConnectionPolicyPscConfigArgs.builder()\n .subnetworks(producerSubnet.id())\n .build())\n .build());\n\n var cluster_ha = new Cluster(\"cluster-ha\", ClusterArgs.builder()\n .name(\"ha-cluster\")\n .shardCount(3)\n .pscConfigs(ClusterPscConfigArgs.builder()\n .network(producerNet.id())\n .build())\n .region(\"us-central1\")\n .replicaCount(1)\n .nodeType(\"REDIS_SHARED_CORE_NANO\")\n .transitEncryptionMode(\"TRANSIT_ENCRYPTION_MODE_DISABLED\")\n .authorizationMode(\"AUTH_MODE_DISABLED\")\n .redisConfigs(Map.of(\"maxmemory-policy\", \"volatile-ttl\"))\n .deletionProtectionEnabled(true)\n .zoneDistributionConfig(ClusterZoneDistributionConfigArgs.builder()\n .mode(\"MULTI_ZONE\")\n .build())\n .maintenancePolicy(ClusterMaintenancePolicyArgs.builder()\n .weeklyMaintenanceWindows(ClusterMaintenancePolicyWeeklyMaintenanceWindowArgs.builder()\n .day(\"MONDAY\")\n .startTime(ClusterMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs.builder()\n .hours(1)\n .minutes(0)\n .seconds(0)\n .nanos(0)\n .build())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cluster-ha:\n type: gcp:redis:Cluster\n properties:\n name: ha-cluster\n shardCount: 3\n pscConfigs:\n - network: ${producerNet.id}\n region: us-central1\n replicaCount: 1\n nodeType: REDIS_SHARED_CORE_NANO\n transitEncryptionMode: TRANSIT_ENCRYPTION_MODE_DISABLED\n authorizationMode: AUTH_MODE_DISABLED\n redisConfigs:\n maxmemory-policy: volatile-ttl\n deletionProtectionEnabled: true\n zoneDistributionConfig:\n mode: MULTI_ZONE\n maintenancePolicy:\n weeklyMaintenanceWindows:\n - day: MONDAY\n startTime:\n hours: 1\n minutes: 0\n seconds: 0\n nanos: 0\n options:\n dependsOn:\n - ${default}\n default:\n type: gcp:networkconnectivity:ServiceConnectionPolicy\n properties:\n name: mypolicy\n location: us-central1\n serviceClass: gcp-memorystore-redis\n description: my basic service connection policy\n network: ${producerNet.id}\n pscConfig:\n subnetworks:\n - ${producerSubnet.id}\n producerSubnet:\n type: gcp:compute:Subnetwork\n name: producer_subnet\n properties:\n name: mysubnet\n ipCidrRange: 10.0.0.248/29\n region: us-central1\n network: ${producerNet.id}\n producerNet:\n type: gcp:compute:Network\n name: producer_net\n properties:\n name: mynetwork\n autoCreateSubnetworks: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Redis Cluster Ha Single Zone\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst producerNet = new gcp.compute.Network(\"producer_net\", {\n name: \"mynetwork\",\n autoCreateSubnetworks: false,\n});\nconst producerSubnet = new gcp.compute.Subnetwork(\"producer_subnet\", {\n name: \"mysubnet\",\n ipCidrRange: \"10.0.0.248/29\",\n region: \"us-central1\",\n network: producerNet.id,\n});\nconst _default = new gcp.networkconnectivity.ServiceConnectionPolicy(\"default\", {\n name: \"mypolicy\",\n location: \"us-central1\",\n serviceClass: \"gcp-memorystore-redis\",\n description: \"my basic service connection policy\",\n network: producerNet.id,\n pscConfig: {\n subnetworks: [producerSubnet.id],\n },\n});\nconst cluster_ha_single_zone = new gcp.redis.Cluster(\"cluster-ha-single-zone\", {\n name: \"ha-cluster-single-zone\",\n shardCount: 3,\n pscConfigs: [{\n network: producerNet.id,\n }],\n region: \"us-central1\",\n zoneDistributionConfig: {\n mode: \"SINGLE_ZONE\",\n zone: \"us-central1-f\",\n },\n maintenancePolicy: {\n weeklyMaintenanceWindows: [{\n day: \"MONDAY\",\n startTime: {\n hours: 1,\n minutes: 0,\n seconds: 0,\n nanos: 0,\n },\n }],\n },\n deletionProtectionEnabled: true,\n}, {\n dependsOn: [_default],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproducer_net = gcp.compute.Network(\"producer_net\",\n name=\"mynetwork\",\n auto_create_subnetworks=False)\nproducer_subnet = gcp.compute.Subnetwork(\"producer_subnet\",\n name=\"mysubnet\",\n ip_cidr_range=\"10.0.0.248/29\",\n region=\"us-central1\",\n network=producer_net.id)\ndefault = gcp.networkconnectivity.ServiceConnectionPolicy(\"default\",\n name=\"mypolicy\",\n location=\"us-central1\",\n service_class=\"gcp-memorystore-redis\",\n description=\"my basic service connection policy\",\n network=producer_net.id,\n psc_config={\n \"subnetworks\": [producer_subnet.id],\n })\ncluster_ha_single_zone = gcp.redis.Cluster(\"cluster-ha-single-zone\",\n name=\"ha-cluster-single-zone\",\n shard_count=3,\n psc_configs=[{\n \"network\": producer_net.id,\n }],\n region=\"us-central1\",\n zone_distribution_config={\n \"mode\": \"SINGLE_ZONE\",\n \"zone\": \"us-central1-f\",\n },\n maintenance_policy={\n \"weekly_maintenance_windows\": [{\n \"day\": \"MONDAY\",\n \"start_time\": {\n \"hours\": 1,\n \"minutes\": 0,\n \"seconds\": 0,\n \"nanos\": 0,\n },\n }],\n },\n deletion_protection_enabled=True,\n opts = pulumi.ResourceOptions(depends_on=[default]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var producerNet = new Gcp.Compute.Network(\"producer_net\", new()\n {\n Name = \"mynetwork\",\n AutoCreateSubnetworks = false,\n });\n\n var producerSubnet = new Gcp.Compute.Subnetwork(\"producer_subnet\", new()\n {\n Name = \"mysubnet\",\n IpCidrRange = \"10.0.0.248/29\",\n Region = \"us-central1\",\n Network = producerNet.Id,\n });\n\n var @default = new Gcp.NetworkConnectivity.ServiceConnectionPolicy(\"default\", new()\n {\n Name = \"mypolicy\",\n Location = \"us-central1\",\n ServiceClass = \"gcp-memorystore-redis\",\n Description = \"my basic service connection policy\",\n Network = producerNet.Id,\n PscConfig = new Gcp.NetworkConnectivity.Inputs.ServiceConnectionPolicyPscConfigArgs\n {\n Subnetworks = new[]\n {\n producerSubnet.Id,\n },\n },\n });\n\n var cluster_ha_single_zone = new Gcp.Redis.Cluster(\"cluster-ha-single-zone\", new()\n {\n Name = \"ha-cluster-single-zone\",\n ShardCount = 3,\n PscConfigs = new[]\n {\n new Gcp.Redis.Inputs.ClusterPscConfigArgs\n {\n Network = producerNet.Id,\n },\n },\n Region = \"us-central1\",\n ZoneDistributionConfig = new Gcp.Redis.Inputs.ClusterZoneDistributionConfigArgs\n {\n Mode = \"SINGLE_ZONE\",\n Zone = \"us-central1-f\",\n },\n MaintenancePolicy = new Gcp.Redis.Inputs.ClusterMaintenancePolicyArgs\n {\n WeeklyMaintenanceWindows = new[]\n {\n new Gcp.Redis.Inputs.ClusterMaintenancePolicyWeeklyMaintenanceWindowArgs\n {\n Day = \"MONDAY\",\n StartTime = new Gcp.Redis.Inputs.ClusterMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs\n {\n Hours = 1,\n Minutes = 0,\n Seconds = 0,\n Nanos = 0,\n },\n },\n },\n },\n DeletionProtectionEnabled = true,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/redis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproducerNet, err := compute.NewNetwork(ctx, \"producer_net\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"mynetwork\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerSubnet, err := compute.NewSubnetwork(ctx, \"producer_subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"mysubnet\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.248/29\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewServiceConnectionPolicy(ctx, \"default\", \u0026networkconnectivity.ServiceConnectionPolicyArgs{\n\t\t\tName: pulumi.String(\"mypolicy\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tServiceClass: pulumi.String(\"gcp-memorystore-redis\"),\n\t\t\tDescription: pulumi.String(\"my basic service connection policy\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t\tPscConfig: \u0026networkconnectivity.ServiceConnectionPolicyPscConfigArgs{\n\t\t\t\tSubnetworks: pulumi.StringArray{\n\t\t\t\t\tproducerSubnet.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = redis.NewCluster(ctx, \"cluster-ha-single-zone\", \u0026redis.ClusterArgs{\n\t\t\tName: pulumi.String(\"ha-cluster-single-zone\"),\n\t\t\tShardCount: pulumi.Int(3),\n\t\t\tPscConfigs: redis.ClusterPscConfigArray{\n\t\t\t\t\u0026redis.ClusterPscConfigArgs{\n\t\t\t\t\tNetwork: producerNet.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tZoneDistributionConfig: \u0026redis.ClusterZoneDistributionConfigArgs{\n\t\t\t\tMode: pulumi.String(\"SINGLE_ZONE\"),\n\t\t\t\tZone: pulumi.String(\"us-central1-f\"),\n\t\t\t},\n\t\t\tMaintenancePolicy: \u0026redis.ClusterMaintenancePolicyArgs{\n\t\t\t\tWeeklyMaintenanceWindows: redis.ClusterMaintenancePolicyWeeklyMaintenanceWindowArray{\n\t\t\t\t\t\u0026redis.ClusterMaintenancePolicyWeeklyMaintenanceWindowArgs{\n\t\t\t\t\t\tDay: pulumi.String(\"MONDAY\"),\n\t\t\t\t\t\tStartTime: \u0026redis.ClusterMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs{\n\t\t\t\t\t\t\tHours: pulumi.Int(1),\n\t\t\t\t\t\t\tMinutes: pulumi.Int(0),\n\t\t\t\t\t\t\tSeconds: pulumi.Int(0),\n\t\t\t\t\t\t\tNanos: pulumi.Int(0),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeletionProtectionEnabled: pulumi.Bool(true),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicy;\nimport com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicyArgs;\nimport com.pulumi.gcp.networkconnectivity.inputs.ServiceConnectionPolicyPscConfigArgs;\nimport com.pulumi.gcp.redis.Cluster;\nimport com.pulumi.gcp.redis.ClusterArgs;\nimport com.pulumi.gcp.redis.inputs.ClusterPscConfigArgs;\nimport com.pulumi.gcp.redis.inputs.ClusterZoneDistributionConfigArgs;\nimport com.pulumi.gcp.redis.inputs.ClusterMaintenancePolicyArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var producerNet = new Network(\"producerNet\", NetworkArgs.builder()\n .name(\"mynetwork\")\n .autoCreateSubnetworks(false)\n .build());\n\n var producerSubnet = new Subnetwork(\"producerSubnet\", SubnetworkArgs.builder()\n .name(\"mysubnet\")\n .ipCidrRange(\"10.0.0.248/29\")\n .region(\"us-central1\")\n .network(producerNet.id())\n .build());\n\n var default_ = new ServiceConnectionPolicy(\"default\", ServiceConnectionPolicyArgs.builder()\n .name(\"mypolicy\")\n .location(\"us-central1\")\n .serviceClass(\"gcp-memorystore-redis\")\n .description(\"my basic service connection policy\")\n .network(producerNet.id())\n .pscConfig(ServiceConnectionPolicyPscConfigArgs.builder()\n .subnetworks(producerSubnet.id())\n .build())\n .build());\n\n var cluster_ha_single_zone = new Cluster(\"cluster-ha-single-zone\", ClusterArgs.builder()\n .name(\"ha-cluster-single-zone\")\n .shardCount(3)\n .pscConfigs(ClusterPscConfigArgs.builder()\n .network(producerNet.id())\n .build())\n .region(\"us-central1\")\n .zoneDistributionConfig(ClusterZoneDistributionConfigArgs.builder()\n .mode(\"SINGLE_ZONE\")\n .zone(\"us-central1-f\")\n .build())\n .maintenancePolicy(ClusterMaintenancePolicyArgs.builder()\n .weeklyMaintenanceWindows(ClusterMaintenancePolicyWeeklyMaintenanceWindowArgs.builder()\n .day(\"MONDAY\")\n .startTime(ClusterMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs.builder()\n .hours(1)\n .minutes(0)\n .seconds(0)\n .nanos(0)\n .build())\n .build())\n .build())\n .deletionProtectionEnabled(true)\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cluster-ha-single-zone:\n type: gcp:redis:Cluster\n properties:\n name: ha-cluster-single-zone\n shardCount: 3\n pscConfigs:\n - network: ${producerNet.id}\n region: us-central1\n zoneDistributionConfig:\n mode: SINGLE_ZONE\n zone: us-central1-f\n maintenancePolicy:\n weeklyMaintenanceWindows:\n - day: MONDAY\n startTime:\n hours: 1\n minutes: 0\n seconds: 0\n nanos: 0\n deletionProtectionEnabled: true\n options:\n dependsOn:\n - ${default}\n default:\n type: gcp:networkconnectivity:ServiceConnectionPolicy\n properties:\n name: mypolicy\n location: us-central1\n serviceClass: gcp-memorystore-redis\n description: my basic service connection policy\n network: ${producerNet.id}\n pscConfig:\n subnetworks:\n - ${producerSubnet.id}\n producerSubnet:\n type: gcp:compute:Subnetwork\n name: producer_subnet\n properties:\n name: mysubnet\n ipCidrRange: 10.0.0.248/29\n region: us-central1\n network: ${producerNet.id}\n producerNet:\n type: gcp:compute:Network\n name: producer_net\n properties:\n name: mynetwork\n autoCreateSubnetworks: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Redis Cluster Rdb\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst producerNet = new gcp.compute.Network(\"producer_net\", {\n name: \"mynetwork\",\n autoCreateSubnetworks: false,\n});\nconst producerSubnet = new gcp.compute.Subnetwork(\"producer_subnet\", {\n name: \"mysubnet\",\n ipCidrRange: \"10.0.0.248/29\",\n region: \"us-central1\",\n network: producerNet.id,\n});\nconst _default = new gcp.networkconnectivity.ServiceConnectionPolicy(\"default\", {\n name: \"mypolicy\",\n location: \"us-central1\",\n serviceClass: \"gcp-memorystore-redis\",\n description: \"my basic service connection policy\",\n network: producerNet.id,\n pscConfig: {\n subnetworks: [producerSubnet.id],\n },\n});\nconst cluster_rdb = new gcp.redis.Cluster(\"cluster-rdb\", {\n name: \"rdb-cluster\",\n shardCount: 3,\n pscConfigs: [{\n network: producerNet.id,\n }],\n region: \"us-central1\",\n replicaCount: 0,\n nodeType: \"REDIS_SHARED_CORE_NANO\",\n transitEncryptionMode: \"TRANSIT_ENCRYPTION_MODE_DISABLED\",\n authorizationMode: \"AUTH_MODE_DISABLED\",\n redisConfigs: {\n \"maxmemory-policy\": \"volatile-ttl\",\n },\n deletionProtectionEnabled: true,\n zoneDistributionConfig: {\n mode: \"MULTI_ZONE\",\n },\n maintenancePolicy: {\n weeklyMaintenanceWindows: [{\n day: \"MONDAY\",\n startTime: {\n hours: 1,\n minutes: 0,\n seconds: 0,\n nanos: 0,\n },\n }],\n },\n persistenceConfig: {\n mode: \"RDB\",\n rdbConfig: {\n rdbSnapshotPeriod: \"ONE_HOUR\",\n rdbSnapshotStartTime: \"2024-10-02T15:01:23Z\",\n },\n },\n}, {\n dependsOn: [_default],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproducer_net = gcp.compute.Network(\"producer_net\",\n name=\"mynetwork\",\n auto_create_subnetworks=False)\nproducer_subnet = gcp.compute.Subnetwork(\"producer_subnet\",\n name=\"mysubnet\",\n ip_cidr_range=\"10.0.0.248/29\",\n region=\"us-central1\",\n network=producer_net.id)\ndefault = gcp.networkconnectivity.ServiceConnectionPolicy(\"default\",\n name=\"mypolicy\",\n location=\"us-central1\",\n service_class=\"gcp-memorystore-redis\",\n description=\"my basic service connection policy\",\n network=producer_net.id,\n psc_config={\n \"subnetworks\": [producer_subnet.id],\n })\ncluster_rdb = gcp.redis.Cluster(\"cluster-rdb\",\n name=\"rdb-cluster\",\n shard_count=3,\n psc_configs=[{\n \"network\": producer_net.id,\n }],\n region=\"us-central1\",\n replica_count=0,\n node_type=\"REDIS_SHARED_CORE_NANO\",\n transit_encryption_mode=\"TRANSIT_ENCRYPTION_MODE_DISABLED\",\n authorization_mode=\"AUTH_MODE_DISABLED\",\n redis_configs={\n \"maxmemory-policy\": \"volatile-ttl\",\n },\n deletion_protection_enabled=True,\n zone_distribution_config={\n \"mode\": \"MULTI_ZONE\",\n },\n maintenance_policy={\n \"weekly_maintenance_windows\": [{\n \"day\": \"MONDAY\",\n \"start_time\": {\n \"hours\": 1,\n \"minutes\": 0,\n \"seconds\": 0,\n \"nanos\": 0,\n },\n }],\n },\n persistence_config={\n \"mode\": \"RDB\",\n \"rdb_config\": {\n \"rdb_snapshot_period\": \"ONE_HOUR\",\n \"rdb_snapshot_start_time\": \"2024-10-02T15:01:23Z\",\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[default]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var producerNet = new Gcp.Compute.Network(\"producer_net\", new()\n {\n Name = \"mynetwork\",\n AutoCreateSubnetworks = false,\n });\n\n var producerSubnet = new Gcp.Compute.Subnetwork(\"producer_subnet\", new()\n {\n Name = \"mysubnet\",\n IpCidrRange = \"10.0.0.248/29\",\n Region = \"us-central1\",\n Network = producerNet.Id,\n });\n\n var @default = new Gcp.NetworkConnectivity.ServiceConnectionPolicy(\"default\", new()\n {\n Name = \"mypolicy\",\n Location = \"us-central1\",\n ServiceClass = \"gcp-memorystore-redis\",\n Description = \"my basic service connection policy\",\n Network = producerNet.Id,\n PscConfig = new Gcp.NetworkConnectivity.Inputs.ServiceConnectionPolicyPscConfigArgs\n {\n Subnetworks = new[]\n {\n producerSubnet.Id,\n },\n },\n });\n\n var cluster_rdb = new Gcp.Redis.Cluster(\"cluster-rdb\", new()\n {\n Name = \"rdb-cluster\",\n ShardCount = 3,\n PscConfigs = new[]\n {\n new Gcp.Redis.Inputs.ClusterPscConfigArgs\n {\n Network = producerNet.Id,\n },\n },\n Region = \"us-central1\",\n ReplicaCount = 0,\n NodeType = \"REDIS_SHARED_CORE_NANO\",\n TransitEncryptionMode = \"TRANSIT_ENCRYPTION_MODE_DISABLED\",\n AuthorizationMode = \"AUTH_MODE_DISABLED\",\n RedisConfigs = \n {\n { \"maxmemory-policy\", \"volatile-ttl\" },\n },\n DeletionProtectionEnabled = true,\n ZoneDistributionConfig = new Gcp.Redis.Inputs.ClusterZoneDistributionConfigArgs\n {\n Mode = \"MULTI_ZONE\",\n },\n MaintenancePolicy = new Gcp.Redis.Inputs.ClusterMaintenancePolicyArgs\n {\n WeeklyMaintenanceWindows = new[]\n {\n new Gcp.Redis.Inputs.ClusterMaintenancePolicyWeeklyMaintenanceWindowArgs\n {\n Day = \"MONDAY\",\n StartTime = new Gcp.Redis.Inputs.ClusterMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs\n {\n Hours = 1,\n Minutes = 0,\n Seconds = 0,\n Nanos = 0,\n },\n },\n },\n },\n PersistenceConfig = new Gcp.Redis.Inputs.ClusterPersistenceConfigArgs\n {\n Mode = \"RDB\",\n RdbConfig = new Gcp.Redis.Inputs.ClusterPersistenceConfigRdbConfigArgs\n {\n RdbSnapshotPeriod = \"ONE_HOUR\",\n RdbSnapshotStartTime = \"2024-10-02T15:01:23Z\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/redis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproducerNet, err := compute.NewNetwork(ctx, \"producer_net\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"mynetwork\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerSubnet, err := compute.NewSubnetwork(ctx, \"producer_subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"mysubnet\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.248/29\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewServiceConnectionPolicy(ctx, \"default\", \u0026networkconnectivity.ServiceConnectionPolicyArgs{\n\t\t\tName: pulumi.String(\"mypolicy\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tServiceClass: pulumi.String(\"gcp-memorystore-redis\"),\n\t\t\tDescription: pulumi.String(\"my basic service connection policy\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t\tPscConfig: \u0026networkconnectivity.ServiceConnectionPolicyPscConfigArgs{\n\t\t\t\tSubnetworks: pulumi.StringArray{\n\t\t\t\t\tproducerSubnet.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = redis.NewCluster(ctx, \"cluster-rdb\", \u0026redis.ClusterArgs{\n\t\t\tName: pulumi.String(\"rdb-cluster\"),\n\t\t\tShardCount: pulumi.Int(3),\n\t\t\tPscConfigs: redis.ClusterPscConfigArray{\n\t\t\t\t\u0026redis.ClusterPscConfigArgs{\n\t\t\t\t\tNetwork: producerNet.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tReplicaCount: pulumi.Int(0),\n\t\t\tNodeType: pulumi.String(\"REDIS_SHARED_CORE_NANO\"),\n\t\t\tTransitEncryptionMode: pulumi.String(\"TRANSIT_ENCRYPTION_MODE_DISABLED\"),\n\t\t\tAuthorizationMode: pulumi.String(\"AUTH_MODE_DISABLED\"),\n\t\t\tRedisConfigs: pulumi.StringMap{\n\t\t\t\t\"maxmemory-policy\": pulumi.String(\"volatile-ttl\"),\n\t\t\t},\n\t\t\tDeletionProtectionEnabled: pulumi.Bool(true),\n\t\t\tZoneDistributionConfig: \u0026redis.ClusterZoneDistributionConfigArgs{\n\t\t\t\tMode: pulumi.String(\"MULTI_ZONE\"),\n\t\t\t},\n\t\t\tMaintenancePolicy: \u0026redis.ClusterMaintenancePolicyArgs{\n\t\t\t\tWeeklyMaintenanceWindows: redis.ClusterMaintenancePolicyWeeklyMaintenanceWindowArray{\n\t\t\t\t\t\u0026redis.ClusterMaintenancePolicyWeeklyMaintenanceWindowArgs{\n\t\t\t\t\t\tDay: pulumi.String(\"MONDAY\"),\n\t\t\t\t\t\tStartTime: \u0026redis.ClusterMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs{\n\t\t\t\t\t\t\tHours: pulumi.Int(1),\n\t\t\t\t\t\t\tMinutes: pulumi.Int(0),\n\t\t\t\t\t\t\tSeconds: pulumi.Int(0),\n\t\t\t\t\t\t\tNanos: pulumi.Int(0),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tPersistenceConfig: \u0026redis.ClusterPersistenceConfigArgs{\n\t\t\t\tMode: pulumi.String(\"RDB\"),\n\t\t\t\tRdbConfig: \u0026redis.ClusterPersistenceConfigRdbConfigArgs{\n\t\t\t\t\tRdbSnapshotPeriod: pulumi.String(\"ONE_HOUR\"),\n\t\t\t\t\tRdbSnapshotStartTime: pulumi.String(\"2024-10-02T15:01:23Z\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicy;\nimport com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicyArgs;\nimport com.pulumi.gcp.networkconnectivity.inputs.ServiceConnectionPolicyPscConfigArgs;\nimport com.pulumi.gcp.redis.Cluster;\nimport com.pulumi.gcp.redis.ClusterArgs;\nimport com.pulumi.gcp.redis.inputs.ClusterPscConfigArgs;\nimport com.pulumi.gcp.redis.inputs.ClusterZoneDistributionConfigArgs;\nimport com.pulumi.gcp.redis.inputs.ClusterMaintenancePolicyArgs;\nimport com.pulumi.gcp.redis.inputs.ClusterPersistenceConfigArgs;\nimport com.pulumi.gcp.redis.inputs.ClusterPersistenceConfigRdbConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var producerNet = new Network(\"producerNet\", NetworkArgs.builder()\n .name(\"mynetwork\")\n .autoCreateSubnetworks(false)\n .build());\n\n var producerSubnet = new Subnetwork(\"producerSubnet\", SubnetworkArgs.builder()\n .name(\"mysubnet\")\n .ipCidrRange(\"10.0.0.248/29\")\n .region(\"us-central1\")\n .network(producerNet.id())\n .build());\n\n var default_ = new ServiceConnectionPolicy(\"default\", ServiceConnectionPolicyArgs.builder()\n .name(\"mypolicy\")\n .location(\"us-central1\")\n .serviceClass(\"gcp-memorystore-redis\")\n .description(\"my basic service connection policy\")\n .network(producerNet.id())\n .pscConfig(ServiceConnectionPolicyPscConfigArgs.builder()\n .subnetworks(producerSubnet.id())\n .build())\n .build());\n\n var cluster_rdb = new Cluster(\"cluster-rdb\", ClusterArgs.builder()\n .name(\"rdb-cluster\")\n .shardCount(3)\n .pscConfigs(ClusterPscConfigArgs.builder()\n .network(producerNet.id())\n .build())\n .region(\"us-central1\")\n .replicaCount(0)\n .nodeType(\"REDIS_SHARED_CORE_NANO\")\n .transitEncryptionMode(\"TRANSIT_ENCRYPTION_MODE_DISABLED\")\n .authorizationMode(\"AUTH_MODE_DISABLED\")\n .redisConfigs(Map.of(\"maxmemory-policy\", \"volatile-ttl\"))\n .deletionProtectionEnabled(true)\n .zoneDistributionConfig(ClusterZoneDistributionConfigArgs.builder()\n .mode(\"MULTI_ZONE\")\n .build())\n .maintenancePolicy(ClusterMaintenancePolicyArgs.builder()\n .weeklyMaintenanceWindows(ClusterMaintenancePolicyWeeklyMaintenanceWindowArgs.builder()\n .day(\"MONDAY\")\n .startTime(ClusterMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs.builder()\n .hours(1)\n .minutes(0)\n .seconds(0)\n .nanos(0)\n .build())\n .build())\n .build())\n .persistenceConfig(ClusterPersistenceConfigArgs.builder()\n .mode(\"RDB\")\n .rdbConfig(ClusterPersistenceConfigRdbConfigArgs.builder()\n .rdbSnapshotPeriod(\"ONE_HOUR\")\n .rdbSnapshotStartTime(\"2024-10-02T15:01:23Z\")\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cluster-rdb:\n type: gcp:redis:Cluster\n properties:\n name: rdb-cluster\n shardCount: 3\n pscConfigs:\n - network: ${producerNet.id}\n region: us-central1\n replicaCount: 0\n nodeType: REDIS_SHARED_CORE_NANO\n transitEncryptionMode: TRANSIT_ENCRYPTION_MODE_DISABLED\n authorizationMode: AUTH_MODE_DISABLED\n redisConfigs:\n maxmemory-policy: volatile-ttl\n deletionProtectionEnabled: true\n zoneDistributionConfig:\n mode: MULTI_ZONE\n maintenancePolicy:\n weeklyMaintenanceWindows:\n - day: MONDAY\n startTime:\n hours: 1\n minutes: 0\n seconds: 0\n nanos: 0\n persistenceConfig:\n mode: RDB\n rdbConfig:\n rdbSnapshotPeriod: ONE_HOUR\n rdbSnapshotStartTime: 2024-10-02T15:01:23Z\n options:\n dependsOn:\n - ${default}\n default:\n type: gcp:networkconnectivity:ServiceConnectionPolicy\n properties:\n name: mypolicy\n location: us-central1\n serviceClass: gcp-memorystore-redis\n description: my basic service connection policy\n network: ${producerNet.id}\n pscConfig:\n subnetworks:\n - ${producerSubnet.id}\n producerSubnet:\n type: gcp:compute:Subnetwork\n name: producer_subnet\n properties:\n name: mysubnet\n ipCidrRange: 10.0.0.248/29\n region: us-central1\n network: ${producerNet.id}\n producerNet:\n type: gcp:compute:Network\n name: producer_net\n properties:\n name: mynetwork\n autoCreateSubnetworks: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Redis Cluster Aof\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst producerNet = new gcp.compute.Network(\"producer_net\", {\n name: \"mynetwork\",\n autoCreateSubnetworks: false,\n});\nconst producerSubnet = new gcp.compute.Subnetwork(\"producer_subnet\", {\n name: \"mysubnet\",\n ipCidrRange: \"10.0.0.248/29\",\n region: \"us-central1\",\n network: producerNet.id,\n});\nconst _default = new gcp.networkconnectivity.ServiceConnectionPolicy(\"default\", {\n name: \"mypolicy\",\n location: \"us-central1\",\n serviceClass: \"gcp-memorystore-redis\",\n description: \"my basic service connection policy\",\n network: producerNet.id,\n pscConfig: {\n subnetworks: [producerSubnet.id],\n },\n});\nconst cluster_aof = new gcp.redis.Cluster(\"cluster-aof\", {\n name: \"aof-cluster\",\n shardCount: 3,\n pscConfigs: [{\n network: producerNet.id,\n }],\n region: \"us-central1\",\n replicaCount: 0,\n nodeType: \"REDIS_SHARED_CORE_NANO\",\n transitEncryptionMode: \"TRANSIT_ENCRYPTION_MODE_DISABLED\",\n authorizationMode: \"AUTH_MODE_DISABLED\",\n redisConfigs: {\n \"maxmemory-policy\": \"volatile-ttl\",\n },\n deletionProtectionEnabled: true,\n zoneDistributionConfig: {\n mode: \"MULTI_ZONE\",\n },\n maintenancePolicy: {\n weeklyMaintenanceWindows: [{\n day: \"MONDAY\",\n startTime: {\n hours: 1,\n minutes: 0,\n seconds: 0,\n nanos: 0,\n },\n }],\n },\n persistenceConfig: {\n mode: \"AOF\",\n aofConfig: {\n appendFsync: \"EVERYSEC\",\n },\n },\n}, {\n dependsOn: [_default],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproducer_net = gcp.compute.Network(\"producer_net\",\n name=\"mynetwork\",\n auto_create_subnetworks=False)\nproducer_subnet = gcp.compute.Subnetwork(\"producer_subnet\",\n name=\"mysubnet\",\n ip_cidr_range=\"10.0.0.248/29\",\n region=\"us-central1\",\n network=producer_net.id)\ndefault = gcp.networkconnectivity.ServiceConnectionPolicy(\"default\",\n name=\"mypolicy\",\n location=\"us-central1\",\n service_class=\"gcp-memorystore-redis\",\n description=\"my basic service connection policy\",\n network=producer_net.id,\n psc_config={\n \"subnetworks\": [producer_subnet.id],\n })\ncluster_aof = gcp.redis.Cluster(\"cluster-aof\",\n name=\"aof-cluster\",\n shard_count=3,\n psc_configs=[{\n \"network\": producer_net.id,\n }],\n region=\"us-central1\",\n replica_count=0,\n node_type=\"REDIS_SHARED_CORE_NANO\",\n transit_encryption_mode=\"TRANSIT_ENCRYPTION_MODE_DISABLED\",\n authorization_mode=\"AUTH_MODE_DISABLED\",\n redis_configs={\n \"maxmemory-policy\": \"volatile-ttl\",\n },\n deletion_protection_enabled=True,\n zone_distribution_config={\n \"mode\": \"MULTI_ZONE\",\n },\n maintenance_policy={\n \"weekly_maintenance_windows\": [{\n \"day\": \"MONDAY\",\n \"start_time\": {\n \"hours\": 1,\n \"minutes\": 0,\n \"seconds\": 0,\n \"nanos\": 0,\n },\n }],\n },\n persistence_config={\n \"mode\": \"AOF\",\n \"aof_config\": {\n \"append_fsync\": \"EVERYSEC\",\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[default]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var producerNet = new Gcp.Compute.Network(\"producer_net\", new()\n {\n Name = \"mynetwork\",\n AutoCreateSubnetworks = false,\n });\n\n var producerSubnet = new Gcp.Compute.Subnetwork(\"producer_subnet\", new()\n {\n Name = \"mysubnet\",\n IpCidrRange = \"10.0.0.248/29\",\n Region = \"us-central1\",\n Network = producerNet.Id,\n });\n\n var @default = new Gcp.NetworkConnectivity.ServiceConnectionPolicy(\"default\", new()\n {\n Name = \"mypolicy\",\n Location = \"us-central1\",\n ServiceClass = \"gcp-memorystore-redis\",\n Description = \"my basic service connection policy\",\n Network = producerNet.Id,\n PscConfig = new Gcp.NetworkConnectivity.Inputs.ServiceConnectionPolicyPscConfigArgs\n {\n Subnetworks = new[]\n {\n producerSubnet.Id,\n },\n },\n });\n\n var cluster_aof = new Gcp.Redis.Cluster(\"cluster-aof\", new()\n {\n Name = \"aof-cluster\",\n ShardCount = 3,\n PscConfigs = new[]\n {\n new Gcp.Redis.Inputs.ClusterPscConfigArgs\n {\n Network = producerNet.Id,\n },\n },\n Region = \"us-central1\",\n ReplicaCount = 0,\n NodeType = \"REDIS_SHARED_CORE_NANO\",\n TransitEncryptionMode = \"TRANSIT_ENCRYPTION_MODE_DISABLED\",\n AuthorizationMode = \"AUTH_MODE_DISABLED\",\n RedisConfigs = \n {\n { \"maxmemory-policy\", \"volatile-ttl\" },\n },\n DeletionProtectionEnabled = true,\n ZoneDistributionConfig = new Gcp.Redis.Inputs.ClusterZoneDistributionConfigArgs\n {\n Mode = \"MULTI_ZONE\",\n },\n MaintenancePolicy = new Gcp.Redis.Inputs.ClusterMaintenancePolicyArgs\n {\n WeeklyMaintenanceWindows = new[]\n {\n new Gcp.Redis.Inputs.ClusterMaintenancePolicyWeeklyMaintenanceWindowArgs\n {\n Day = \"MONDAY\",\n StartTime = new Gcp.Redis.Inputs.ClusterMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs\n {\n Hours = 1,\n Minutes = 0,\n Seconds = 0,\n Nanos = 0,\n },\n },\n },\n },\n PersistenceConfig = new Gcp.Redis.Inputs.ClusterPersistenceConfigArgs\n {\n Mode = \"AOF\",\n AofConfig = new Gcp.Redis.Inputs.ClusterPersistenceConfigAofConfigArgs\n {\n AppendFsync = \"EVERYSEC\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n @default,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/redis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproducerNet, err := compute.NewNetwork(ctx, \"producer_net\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"mynetwork\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproducerSubnet, err := compute.NewSubnetwork(ctx, \"producer_subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"mysubnet\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.248/29\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewServiceConnectionPolicy(ctx, \"default\", \u0026networkconnectivity.ServiceConnectionPolicyArgs{\n\t\t\tName: pulumi.String(\"mypolicy\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tServiceClass: pulumi.String(\"gcp-memorystore-redis\"),\n\t\t\tDescription: pulumi.String(\"my basic service connection policy\"),\n\t\t\tNetwork: producerNet.ID(),\n\t\t\tPscConfig: \u0026networkconnectivity.ServiceConnectionPolicyPscConfigArgs{\n\t\t\t\tSubnetworks: pulumi.StringArray{\n\t\t\t\t\tproducerSubnet.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = redis.NewCluster(ctx, \"cluster-aof\", \u0026redis.ClusterArgs{\n\t\t\tName: pulumi.String(\"aof-cluster\"),\n\t\t\tShardCount: pulumi.Int(3),\n\t\t\tPscConfigs: redis.ClusterPscConfigArray{\n\t\t\t\t\u0026redis.ClusterPscConfigArgs{\n\t\t\t\t\tNetwork: producerNet.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tReplicaCount: pulumi.Int(0),\n\t\t\tNodeType: pulumi.String(\"REDIS_SHARED_CORE_NANO\"),\n\t\t\tTransitEncryptionMode: pulumi.String(\"TRANSIT_ENCRYPTION_MODE_DISABLED\"),\n\t\t\tAuthorizationMode: pulumi.String(\"AUTH_MODE_DISABLED\"),\n\t\t\tRedisConfigs: pulumi.StringMap{\n\t\t\t\t\"maxmemory-policy\": pulumi.String(\"volatile-ttl\"),\n\t\t\t},\n\t\t\tDeletionProtectionEnabled: pulumi.Bool(true),\n\t\t\tZoneDistributionConfig: \u0026redis.ClusterZoneDistributionConfigArgs{\n\t\t\t\tMode: pulumi.String(\"MULTI_ZONE\"),\n\t\t\t},\n\t\t\tMaintenancePolicy: \u0026redis.ClusterMaintenancePolicyArgs{\n\t\t\t\tWeeklyMaintenanceWindows: redis.ClusterMaintenancePolicyWeeklyMaintenanceWindowArray{\n\t\t\t\t\t\u0026redis.ClusterMaintenancePolicyWeeklyMaintenanceWindowArgs{\n\t\t\t\t\t\tDay: pulumi.String(\"MONDAY\"),\n\t\t\t\t\t\tStartTime: \u0026redis.ClusterMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs{\n\t\t\t\t\t\t\tHours: pulumi.Int(1),\n\t\t\t\t\t\t\tMinutes: pulumi.Int(0),\n\t\t\t\t\t\t\tSeconds: pulumi.Int(0),\n\t\t\t\t\t\t\tNanos: pulumi.Int(0),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tPersistenceConfig: \u0026redis.ClusterPersistenceConfigArgs{\n\t\t\t\tMode: pulumi.String(\"AOF\"),\n\t\t\t\tAofConfig: \u0026redis.ClusterPersistenceConfigAofConfigArgs{\n\t\t\t\t\tAppendFsync: pulumi.String(\"EVERYSEC\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\t_default,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicy;\nimport com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicyArgs;\nimport com.pulumi.gcp.networkconnectivity.inputs.ServiceConnectionPolicyPscConfigArgs;\nimport com.pulumi.gcp.redis.Cluster;\nimport com.pulumi.gcp.redis.ClusterArgs;\nimport com.pulumi.gcp.redis.inputs.ClusterPscConfigArgs;\nimport com.pulumi.gcp.redis.inputs.ClusterZoneDistributionConfigArgs;\nimport com.pulumi.gcp.redis.inputs.ClusterMaintenancePolicyArgs;\nimport com.pulumi.gcp.redis.inputs.ClusterPersistenceConfigArgs;\nimport com.pulumi.gcp.redis.inputs.ClusterPersistenceConfigAofConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var producerNet = new Network(\"producerNet\", NetworkArgs.builder()\n .name(\"mynetwork\")\n .autoCreateSubnetworks(false)\n .build());\n\n var producerSubnet = new Subnetwork(\"producerSubnet\", SubnetworkArgs.builder()\n .name(\"mysubnet\")\n .ipCidrRange(\"10.0.0.248/29\")\n .region(\"us-central1\")\n .network(producerNet.id())\n .build());\n\n var default_ = new ServiceConnectionPolicy(\"default\", ServiceConnectionPolicyArgs.builder()\n .name(\"mypolicy\")\n .location(\"us-central1\")\n .serviceClass(\"gcp-memorystore-redis\")\n .description(\"my basic service connection policy\")\n .network(producerNet.id())\n .pscConfig(ServiceConnectionPolicyPscConfigArgs.builder()\n .subnetworks(producerSubnet.id())\n .build())\n .build());\n\n var cluster_aof = new Cluster(\"cluster-aof\", ClusterArgs.builder()\n .name(\"aof-cluster\")\n .shardCount(3)\n .pscConfigs(ClusterPscConfigArgs.builder()\n .network(producerNet.id())\n .build())\n .region(\"us-central1\")\n .replicaCount(0)\n .nodeType(\"REDIS_SHARED_CORE_NANO\")\n .transitEncryptionMode(\"TRANSIT_ENCRYPTION_MODE_DISABLED\")\n .authorizationMode(\"AUTH_MODE_DISABLED\")\n .redisConfigs(Map.of(\"maxmemory-policy\", \"volatile-ttl\"))\n .deletionProtectionEnabled(true)\n .zoneDistributionConfig(ClusterZoneDistributionConfigArgs.builder()\n .mode(\"MULTI_ZONE\")\n .build())\n .maintenancePolicy(ClusterMaintenancePolicyArgs.builder()\n .weeklyMaintenanceWindows(ClusterMaintenancePolicyWeeklyMaintenanceWindowArgs.builder()\n .day(\"MONDAY\")\n .startTime(ClusterMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs.builder()\n .hours(1)\n .minutes(0)\n .seconds(0)\n .nanos(0)\n .build())\n .build())\n .build())\n .persistenceConfig(ClusterPersistenceConfigArgs.builder()\n .mode(\"AOF\")\n .aofConfig(ClusterPersistenceConfigAofConfigArgs.builder()\n .appendFsync(\"EVERYSEC\")\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(default_)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cluster-aof:\n type: gcp:redis:Cluster\n properties:\n name: aof-cluster\n shardCount: 3\n pscConfigs:\n - network: ${producerNet.id}\n region: us-central1\n replicaCount: 0\n nodeType: REDIS_SHARED_CORE_NANO\n transitEncryptionMode: TRANSIT_ENCRYPTION_MODE_DISABLED\n authorizationMode: AUTH_MODE_DISABLED\n redisConfigs:\n maxmemory-policy: volatile-ttl\n deletionProtectionEnabled: true\n zoneDistributionConfig:\n mode: MULTI_ZONE\n maintenancePolicy:\n weeklyMaintenanceWindows:\n - day: MONDAY\n startTime:\n hours: 1\n minutes: 0\n seconds: 0\n nanos: 0\n persistenceConfig:\n mode: AOF\n aofConfig:\n appendFsync: EVERYSEC\n options:\n dependsOn:\n - ${default}\n default:\n type: gcp:networkconnectivity:ServiceConnectionPolicy\n properties:\n name: mypolicy\n location: us-central1\n serviceClass: gcp-memorystore-redis\n description: my basic service connection policy\n network: ${producerNet.id}\n pscConfig:\n subnetworks:\n - ${producerSubnet.id}\n producerSubnet:\n type: gcp:compute:Subnetwork\n name: producer_subnet\n properties:\n name: mysubnet\n ipCidrRange: 10.0.0.248/29\n region: us-central1\n network: ${producerNet.id}\n producerNet:\n type: gcp:compute:Network\n name: producer_net\n properties:\n name: mynetwork\n autoCreateSubnetworks: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nCluster can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/clusters/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Cluster can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:redis/cluster:Cluster default projects/{{project}}/locations/{{region}}/clusters/{{name}}\n```\n\n```sh\n$ pulumi import gcp:redis/cluster:Cluster default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:redis/cluster:Cluster default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:redis/cluster:Cluster default {{name}}\n```\n\n", "properties": { "authorizationMode": { "type": "string", @@ -254825,7 +254825,7 @@ } }, "gcp:redis/instance:Instance": { - "description": "A Google Cloud Redis instance.\n\n\nTo get more information about Instance, see:\n\n* [API documentation](https://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/memorystore/docs/redis/)\n\n## Example Usage\n\n### Redis Instance Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cache = new gcp.redis.Instance(\"cache\", {\n name: \"memory-cache\",\n memorySizeGb: 1,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncache = gcp.redis.Instance(\"cache\",\n name=\"memory-cache\",\n memory_size_gb=1)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cache = new Gcp.Redis.Instance(\"cache\", new()\n {\n Name = \"memory-cache\",\n MemorySizeGb = 1,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/redis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := redis.NewInstance(ctx, \"cache\", \u0026redis.InstanceArgs{\n\t\t\tName: pulumi.String(\"memory-cache\"),\n\t\t\tMemorySizeGb: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.redis.Instance;\nimport com.pulumi.gcp.redis.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cache = new Instance(\"cache\", InstanceArgs.builder()\n .name(\"memory-cache\")\n .memorySizeGb(1)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cache:\n type: gcp:redis:Instance\n properties:\n name: memory-cache\n memorySizeGb: 1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Redis Instance Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n// This example assumes this network already exists.\n// The API creates a tenant network per network authorized for a\n// Redis instance and that network is not deleted when the user-created\n// network (authorized_network) is deleted, so this prevents issues\n// with tenant network quota.\n// If this network hasn't been created and you are using this example in your\n// config, add an additional network resource or change\n// this from \"data\"to \"resource\"\nconst redis-network = gcp.compute.getNetwork({\n name: \"redis-test-network\",\n});\nconst cache = new gcp.redis.Instance(\"cache\", {\n name: \"ha-memory-cache\",\n tier: \"STANDARD_HA\",\n memorySizeGb: 1,\n locationId: \"us-central1-a\",\n alternativeLocationId: \"us-central1-f\",\n authorizedNetwork: redis_network.then(redis_network =\u003e redis_network.id),\n redisVersion: \"REDIS_4_0\",\n displayName: \"Test Instance\",\n reservedIpRange: \"192.168.0.0/29\",\n labels: {\n my_key: \"my_val\",\n other_key: \"other_val\",\n },\n maintenancePolicy: {\n weeklyMaintenanceWindows: [{\n day: \"TUESDAY\",\n startTime: {\n hours: 0,\n minutes: 30,\n seconds: 0,\n nanos: 0,\n },\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n# This example assumes this network already exists.\n# The API creates a tenant network per network authorized for a\n# Redis instance and that network is not deleted when the user-created\n# network (authorized_network) is deleted, so this prevents issues\n# with tenant network quota.\n# If this network hasn't been created and you are using this example in your\n# config, add an additional network resource or change\n# this from \"data\"to \"resource\"\nredis_network = gcp.compute.get_network(name=\"redis-test-network\")\ncache = gcp.redis.Instance(\"cache\",\n name=\"ha-memory-cache\",\n tier=\"STANDARD_HA\",\n memory_size_gb=1,\n location_id=\"us-central1-a\",\n alternative_location_id=\"us-central1-f\",\n authorized_network=redis_network.id,\n redis_version=\"REDIS_4_0\",\n display_name=\"Test Instance\",\n reserved_ip_range=\"192.168.0.0/29\",\n labels={\n \"my_key\": \"my_val\",\n \"other_key\": \"other_val\",\n },\n maintenance_policy={\n \"weekly_maintenance_windows\": [{\n \"day\": \"TUESDAY\",\n \"start_time\": {\n \"hours\": 0,\n \"minutes\": 30,\n \"seconds\": 0,\n \"nanos\": 0,\n },\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // This example assumes this network already exists.\n // The API creates a tenant network per network authorized for a\n // Redis instance and that network is not deleted when the user-created\n // network (authorized_network) is deleted, so this prevents issues\n // with tenant network quota.\n // If this network hasn't been created and you are using this example in your\n // config, add an additional network resource or change\n // this from \"data\"to \"resource\"\n var redis_network = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"redis-test-network\",\n });\n\n var cache = new Gcp.Redis.Instance(\"cache\", new()\n {\n Name = \"ha-memory-cache\",\n Tier = \"STANDARD_HA\",\n MemorySizeGb = 1,\n LocationId = \"us-central1-a\",\n AlternativeLocationId = \"us-central1-f\",\n AuthorizedNetwork = redis_network.Apply(redis_network =\u003e redis_network.Apply(getNetworkResult =\u003e getNetworkResult.Id)),\n RedisVersion = \"REDIS_4_0\",\n DisplayName = \"Test Instance\",\n ReservedIpRange = \"192.168.0.0/29\",\n Labels = \n {\n { \"my_key\", \"my_val\" },\n { \"other_key\", \"other_val\" },\n },\n MaintenancePolicy = new Gcp.Redis.Inputs.InstanceMaintenancePolicyArgs\n {\n WeeklyMaintenanceWindows = new[]\n {\n new Gcp.Redis.Inputs.InstanceMaintenancePolicyWeeklyMaintenanceWindowArgs\n {\n Day = \"TUESDAY\",\n StartTime = new Gcp.Redis.Inputs.InstanceMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs\n {\n Hours = 0,\n Minutes = 30,\n Seconds = 0,\n Nanos = 0,\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/redis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// This example assumes this network already exists.\n\t\t// The API creates a tenant network per network authorized for a\n\t\t// Redis instance and that network is not deleted when the user-created\n\t\t// network (authorized_network) is deleted, so this prevents issues\n\t\t// with tenant network quota.\n\t\t// If this network hasn't been created and you are using this example in your\n\t\t// config, add an additional network resource or change\n\t\t// this from \"data\"to \"resource\"\n\t\tredis_network, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"redis-test-network\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = redis.NewInstance(ctx, \"cache\", \u0026redis.InstanceArgs{\n\t\t\tName: pulumi.String(\"ha-memory-cache\"),\n\t\t\tTier: pulumi.String(\"STANDARD_HA\"),\n\t\t\tMemorySizeGb: pulumi.Int(1),\n\t\t\tLocationId: pulumi.String(\"us-central1-a\"),\n\t\t\tAlternativeLocationId: pulumi.String(\"us-central1-f\"),\n\t\t\tAuthorizedNetwork: pulumi.String(redis_network.Id),\n\t\t\tRedisVersion: pulumi.String(\"REDIS_4_0\"),\n\t\t\tDisplayName: pulumi.String(\"Test Instance\"),\n\t\t\tReservedIpRange: pulumi.String(\"192.168.0.0/29\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"my_key\": pulumi.String(\"my_val\"),\n\t\t\t\t\"other_key\": pulumi.String(\"other_val\"),\n\t\t\t},\n\t\t\tMaintenancePolicy: \u0026redis.InstanceMaintenancePolicyArgs{\n\t\t\t\tWeeklyMaintenanceWindows: redis.InstanceMaintenancePolicyWeeklyMaintenanceWindowArray{\n\t\t\t\t\t\u0026redis.InstanceMaintenancePolicyWeeklyMaintenanceWindowArgs{\n\t\t\t\t\t\tDay: pulumi.String(\"TUESDAY\"),\n\t\t\t\t\t\tStartTime: \u0026redis.InstanceMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs{\n\t\t\t\t\t\t\tHours: pulumi.Int(0),\n\t\t\t\t\t\t\tMinutes: pulumi.Int(30),\n\t\t\t\t\t\t\tSeconds: pulumi.Int(0),\n\t\t\t\t\t\t\tNanos: pulumi.Int(0),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport com.pulumi.gcp.redis.Instance;\nimport com.pulumi.gcp.redis.InstanceArgs;\nimport com.pulumi.gcp.redis.inputs.InstanceMaintenancePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // This example assumes this network already exists.\n // The API creates a tenant network per network authorized for a\n // Redis instance and that network is not deleted when the user-created\n // network (authorized_network) is deleted, so this prevents issues\n // with tenant network quota.\n // If this network hasn't been created and you are using this example in your\n // config, add an additional network resource or change\n // this from \"data\"to \"resource\"\n final var redis-network = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"redis-test-network\")\n .build());\n\n var cache = new Instance(\"cache\", InstanceArgs.builder()\n .name(\"ha-memory-cache\")\n .tier(\"STANDARD_HA\")\n .memorySizeGb(1)\n .locationId(\"us-central1-a\")\n .alternativeLocationId(\"us-central1-f\")\n .authorizedNetwork(redis_network.id())\n .redisVersion(\"REDIS_4_0\")\n .displayName(\"Test Instance\")\n .reservedIpRange(\"192.168.0.0/29\")\n .labels(Map.ofEntries(\n Map.entry(\"my_key\", \"my_val\"),\n Map.entry(\"other_key\", \"other_val\")\n ))\n .maintenancePolicy(InstanceMaintenancePolicyArgs.builder()\n .weeklyMaintenanceWindows(InstanceMaintenancePolicyWeeklyMaintenanceWindowArgs.builder()\n .day(\"TUESDAY\")\n .startTime(InstanceMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs.builder()\n .hours(0)\n .minutes(30)\n .seconds(0)\n .nanos(0)\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cache:\n type: gcp:redis:Instance\n properties:\n name: ha-memory-cache\n tier: STANDARD_HA\n memorySizeGb: 1\n locationId: us-central1-a\n alternativeLocationId: us-central1-f\n authorizedNetwork: ${[\"redis-network\"].id}\n redisVersion: REDIS_4_0\n displayName: Test Instance\n reservedIpRange: 192.168.0.0/29\n labels:\n my_key: my_val\n other_key: other_val\n maintenancePolicy:\n weeklyMaintenanceWindows:\n - day: TUESDAY\n startTime:\n hours: 0\n minutes: 30\n seconds: 0\n nanos: 0\nvariables:\n # This example assumes this network already exists.\n # // The API creates a tenant network per network authorized for a\n # // Redis instance and that network is not deleted when the user-created\n # // network (authorized_network) is deleted, so this prevents issues\n # // with tenant network quota.\n # // If this network hasn't been created and you are using this example in your\n # // config, add an additional network resource or change\n # // this from \"data\"to \"resource\"\n redis-network:\n fn::invoke:\n Function: gcp:compute:getNetwork\n Arguments:\n name: redis-test-network\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Redis Instance Full With Persistence Config\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cache_persis = new gcp.redis.Instance(\"cache-persis\", {\n name: \"ha-memory-cache-persis\",\n tier: \"STANDARD_HA\",\n memorySizeGb: 1,\n locationId: \"us-central1-a\",\n alternativeLocationId: \"us-central1-f\",\n persistenceConfig: {\n persistenceMode: \"RDB\",\n rdbSnapshotPeriod: \"TWELVE_HOURS\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncache_persis = gcp.redis.Instance(\"cache-persis\",\n name=\"ha-memory-cache-persis\",\n tier=\"STANDARD_HA\",\n memory_size_gb=1,\n location_id=\"us-central1-a\",\n alternative_location_id=\"us-central1-f\",\n persistence_config={\n \"persistence_mode\": \"RDB\",\n \"rdb_snapshot_period\": \"TWELVE_HOURS\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cache_persis = new Gcp.Redis.Instance(\"cache-persis\", new()\n {\n Name = \"ha-memory-cache-persis\",\n Tier = \"STANDARD_HA\",\n MemorySizeGb = 1,\n LocationId = \"us-central1-a\",\n AlternativeLocationId = \"us-central1-f\",\n PersistenceConfig = new Gcp.Redis.Inputs.InstancePersistenceConfigArgs\n {\n PersistenceMode = \"RDB\",\n RdbSnapshotPeriod = \"TWELVE_HOURS\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/redis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := redis.NewInstance(ctx, \"cache-persis\", \u0026redis.InstanceArgs{\n\t\t\tName: pulumi.String(\"ha-memory-cache-persis\"),\n\t\t\tTier: pulumi.String(\"STANDARD_HA\"),\n\t\t\tMemorySizeGb: pulumi.Int(1),\n\t\t\tLocationId: pulumi.String(\"us-central1-a\"),\n\t\t\tAlternativeLocationId: pulumi.String(\"us-central1-f\"),\n\t\t\tPersistenceConfig: \u0026redis.InstancePersistenceConfigArgs{\n\t\t\t\tPersistenceMode: pulumi.String(\"RDB\"),\n\t\t\t\tRdbSnapshotPeriod: pulumi.String(\"TWELVE_HOURS\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.redis.Instance;\nimport com.pulumi.gcp.redis.InstanceArgs;\nimport com.pulumi.gcp.redis.inputs.InstancePersistenceConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cache_persis = new Instance(\"cache-persis\", InstanceArgs.builder()\n .name(\"ha-memory-cache-persis\")\n .tier(\"STANDARD_HA\")\n .memorySizeGb(1)\n .locationId(\"us-central1-a\")\n .alternativeLocationId(\"us-central1-f\")\n .persistenceConfig(InstancePersistenceConfigArgs.builder()\n .persistenceMode(\"RDB\")\n .rdbSnapshotPeriod(\"TWELVE_HOURS\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cache-persis:\n type: gcp:redis:Instance\n properties:\n name: ha-memory-cache-persis\n tier: STANDARD_HA\n memorySizeGb: 1\n locationId: us-central1-a\n alternativeLocationId: us-central1-f\n persistenceConfig:\n persistenceMode: RDB\n rdbSnapshotPeriod: TWELVE_HOURS\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Redis Instance Private Service\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n// This example assumes this network already exists.\n// The API creates a tenant network per network authorized for a\n// Redis instance and that network is not deleted when the user-created\n// network (authorized_network) is deleted, so this prevents issues\n// with tenant network quota.\n// If this network hasn't been created and you are using this example in your\n// config, add an additional network resource or change\n// this from \"data\"to \"resource\"\nconst redis_network = new gcp.compute.Network(\"redis-network\", {name: \"redis-test-network\"});\nconst serviceRange = new gcp.compute.GlobalAddress(\"service_range\", {\n name: \"address\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: redis_network.id,\n});\nconst privateServiceConnection = new gcp.servicenetworking.Connection(\"private_service_connection\", {\n network: redis_network.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [serviceRange.name],\n});\nconst cache = new gcp.redis.Instance(\"cache\", {\n name: \"private-cache\",\n tier: \"STANDARD_HA\",\n memorySizeGb: 1,\n locationId: \"us-central1-a\",\n alternativeLocationId: \"us-central1-f\",\n authorizedNetwork: redis_network.id,\n connectMode: \"PRIVATE_SERVICE_ACCESS\",\n redisVersion: \"REDIS_4_0\",\n displayName: \"Test Instance\",\n}, {\n dependsOn: [privateServiceConnection],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n# This example assumes this network already exists.\n# The API creates a tenant network per network authorized for a\n# Redis instance and that network is not deleted when the user-created\n# network (authorized_network) is deleted, so this prevents issues\n# with tenant network quota.\n# If this network hasn't been created and you are using this example in your\n# config, add an additional network resource or change\n# this from \"data\"to \"resource\"\nredis_network = gcp.compute.Network(\"redis-network\", name=\"redis-test-network\")\nservice_range = gcp.compute.GlobalAddress(\"service_range\",\n name=\"address\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=redis_network.id)\nprivate_service_connection = gcp.servicenetworking.Connection(\"private_service_connection\",\n network=redis_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[service_range.name])\ncache = gcp.redis.Instance(\"cache\",\n name=\"private-cache\",\n tier=\"STANDARD_HA\",\n memory_size_gb=1,\n location_id=\"us-central1-a\",\n alternative_location_id=\"us-central1-f\",\n authorized_network=redis_network.id,\n connect_mode=\"PRIVATE_SERVICE_ACCESS\",\n redis_version=\"REDIS_4_0\",\n display_name=\"Test Instance\",\n opts = pulumi.ResourceOptions(depends_on=[private_service_connection]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // This example assumes this network already exists.\n // The API creates a tenant network per network authorized for a\n // Redis instance and that network is not deleted when the user-created\n // network (authorized_network) is deleted, so this prevents issues\n // with tenant network quota.\n // If this network hasn't been created and you are using this example in your\n // config, add an additional network resource or change\n // this from \"data\"to \"resource\"\n var redis_network = new Gcp.Compute.Network(\"redis-network\", new()\n {\n Name = \"redis-test-network\",\n });\n\n var serviceRange = new Gcp.Compute.GlobalAddress(\"service_range\", new()\n {\n Name = \"address\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = redis_network.Id,\n });\n\n var privateServiceConnection = new Gcp.ServiceNetworking.Connection(\"private_service_connection\", new()\n {\n Network = redis_network.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n serviceRange.Name,\n },\n });\n\n var cache = new Gcp.Redis.Instance(\"cache\", new()\n {\n Name = \"private-cache\",\n Tier = \"STANDARD_HA\",\n MemorySizeGb = 1,\n LocationId = \"us-central1-a\",\n AlternativeLocationId = \"us-central1-f\",\n AuthorizedNetwork = redis_network.Id,\n ConnectMode = \"PRIVATE_SERVICE_ACCESS\",\n RedisVersion = \"REDIS_4_0\",\n DisplayName = \"Test Instance\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n privateServiceConnection,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/redis\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// This example assumes this network already exists.\n\t\t// The API creates a tenant network per network authorized for a\n\t\t// Redis instance and that network is not deleted when the user-created\n\t\t// network (authorized_network) is deleted, so this prevents issues\n\t\t// with tenant network quota.\n\t\t// If this network hasn't been created and you are using this example in your\n\t\t// config, add an additional network resource or change\n\t\t// this from \"data\"to \"resource\"\n\t\t_, err := compute.NewNetwork(ctx, \"redis-network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"redis-test-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tserviceRange, err := compute.NewGlobalAddress(ctx, \"service_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"address\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: redis_network.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateServiceConnection, err := servicenetworking.NewConnection(ctx, \"private_service_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: redis_network.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tserviceRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = redis.NewInstance(ctx, \"cache\", \u0026redis.InstanceArgs{\n\t\t\tName: pulumi.String(\"private-cache\"),\n\t\t\tTier: pulumi.String(\"STANDARD_HA\"),\n\t\t\tMemorySizeGb: pulumi.Int(1),\n\t\t\tLocationId: pulumi.String(\"us-central1-a\"),\n\t\t\tAlternativeLocationId: pulumi.String(\"us-central1-f\"),\n\t\t\tAuthorizedNetwork: redis_network.ID(),\n\t\t\tConnectMode: pulumi.String(\"PRIVATE_SERVICE_ACCESS\"),\n\t\t\tRedisVersion: pulumi.String(\"REDIS_4_0\"),\n\t\t\tDisplayName: pulumi.String(\"Test Instance\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tprivateServiceConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.redis.Instance;\nimport com.pulumi.gcp.redis.InstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // This example assumes this network already exists.\n // The API creates a tenant network per network authorized for a\n // Redis instance and that network is not deleted when the user-created\n // network (authorized_network) is deleted, so this prevents issues\n // with tenant network quota.\n // If this network hasn't been created and you are using this example in your\n // config, add an additional network resource or change\n // this from \"data\"to \"resource\"\n var redis_network = new Network(\"redis-network\", NetworkArgs.builder()\n .name(\"redis-test-network\")\n .build());\n\n var serviceRange = new GlobalAddress(\"serviceRange\", GlobalAddressArgs.builder()\n .name(\"address\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(redis_network.id())\n .build());\n\n var privateServiceConnection = new Connection(\"privateServiceConnection\", ConnectionArgs.builder()\n .network(redis_network.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(serviceRange.name())\n .build());\n\n var cache = new Instance(\"cache\", InstanceArgs.builder()\n .name(\"private-cache\")\n .tier(\"STANDARD_HA\")\n .memorySizeGb(1)\n .locationId(\"us-central1-a\")\n .alternativeLocationId(\"us-central1-f\")\n .authorizedNetwork(redis_network.id())\n .connectMode(\"PRIVATE_SERVICE_ACCESS\")\n .redisVersion(\"REDIS_4_0\")\n .displayName(\"Test Instance\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(privateServiceConnection)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # This example assumes this network already exists.\n # // The API creates a tenant network per network authorized for a\n # // Redis instance and that network is not deleted when the user-created\n # // network (authorized_network) is deleted, so this prevents issues\n # // with tenant network quota.\n # // If this network hasn't been created and you are using this example in your\n # // config, add an additional network resource or change\n # // this from \"data\"to \"resource\"\n redis-network:\n type: gcp:compute:Network\n properties:\n name: redis-test-network\n serviceRange:\n type: gcp:compute:GlobalAddress\n name: service_range\n properties:\n name: address\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${[\"redis-network\"].id}\n privateServiceConnection:\n type: gcp:servicenetworking:Connection\n name: private_service_connection\n properties:\n network: ${[\"redis-network\"].id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${serviceRange.name}\n cache:\n type: gcp:redis:Instance\n properties:\n name: private-cache\n tier: STANDARD_HA\n memorySizeGb: 1\n locationId: us-central1-a\n alternativeLocationId: us-central1-f\n authorizedNetwork: ${[\"redis-network\"].id}\n connectMode: PRIVATE_SERVICE_ACCESS\n redisVersion: REDIS_4_0\n displayName: Test Instance\n options:\n dependson:\n - ${privateServiceConnection}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Redis Instance Mrr\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n// This example assumes this network already exists.\n// The API creates a tenant network per network authorized for a\n// Redis instance and that network is not deleted when the user-created\n// network (authorized_network) is deleted, so this prevents issues\n// with tenant network quota.\n// If this network hasn't been created and you are using this example in your\n// config, add an additional network resource or change\n// this from \"data\"to \"resource\"\nconst redis-network = gcp.compute.getNetwork({\n name: \"redis-test-network\",\n});\nconst cache = new gcp.redis.Instance(\"cache\", {\n name: \"mrr-memory-cache\",\n tier: \"STANDARD_HA\",\n memorySizeGb: 5,\n locationId: \"us-central1-a\",\n alternativeLocationId: \"us-central1-f\",\n authorizedNetwork: redis_network.then(redis_network =\u003e redis_network.id),\n redisVersion: \"REDIS_6_X\",\n displayName: \"Terraform Test Instance\",\n reservedIpRange: \"192.168.0.0/28\",\n replicaCount: 5,\n readReplicasMode: \"READ_REPLICAS_ENABLED\",\n labels: {\n my_key: \"my_val\",\n other_key: \"other_val\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n# This example assumes this network already exists.\n# The API creates a tenant network per network authorized for a\n# Redis instance and that network is not deleted when the user-created\n# network (authorized_network) is deleted, so this prevents issues\n# with tenant network quota.\n# If this network hasn't been created and you are using this example in your\n# config, add an additional network resource or change\n# this from \"data\"to \"resource\"\nredis_network = gcp.compute.get_network(name=\"redis-test-network\")\ncache = gcp.redis.Instance(\"cache\",\n name=\"mrr-memory-cache\",\n tier=\"STANDARD_HA\",\n memory_size_gb=5,\n location_id=\"us-central1-a\",\n alternative_location_id=\"us-central1-f\",\n authorized_network=redis_network.id,\n redis_version=\"REDIS_6_X\",\n display_name=\"Terraform Test Instance\",\n reserved_ip_range=\"192.168.0.0/28\",\n replica_count=5,\n read_replicas_mode=\"READ_REPLICAS_ENABLED\",\n labels={\n \"my_key\": \"my_val\",\n \"other_key\": \"other_val\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // This example assumes this network already exists.\n // The API creates a tenant network per network authorized for a\n // Redis instance and that network is not deleted when the user-created\n // network (authorized_network) is deleted, so this prevents issues\n // with tenant network quota.\n // If this network hasn't been created and you are using this example in your\n // config, add an additional network resource or change\n // this from \"data\"to \"resource\"\n var redis_network = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"redis-test-network\",\n });\n\n var cache = new Gcp.Redis.Instance(\"cache\", new()\n {\n Name = \"mrr-memory-cache\",\n Tier = \"STANDARD_HA\",\n MemorySizeGb = 5,\n LocationId = \"us-central1-a\",\n AlternativeLocationId = \"us-central1-f\",\n AuthorizedNetwork = redis_network.Apply(redis_network =\u003e redis_network.Apply(getNetworkResult =\u003e getNetworkResult.Id)),\n RedisVersion = \"REDIS_6_X\",\n DisplayName = \"Terraform Test Instance\",\n ReservedIpRange = \"192.168.0.0/28\",\n ReplicaCount = 5,\n ReadReplicasMode = \"READ_REPLICAS_ENABLED\",\n Labels = \n {\n { \"my_key\", \"my_val\" },\n { \"other_key\", \"other_val\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/redis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// This example assumes this network already exists.\n\t\t// The API creates a tenant network per network authorized for a\n\t\t// Redis instance and that network is not deleted when the user-created\n\t\t// network (authorized_network) is deleted, so this prevents issues\n\t\t// with tenant network quota.\n\t\t// If this network hasn't been created and you are using this example in your\n\t\t// config, add an additional network resource or change\n\t\t// this from \"data\"to \"resource\"\n\t\tredis_network, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"redis-test-network\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = redis.NewInstance(ctx, \"cache\", \u0026redis.InstanceArgs{\n\t\t\tName: pulumi.String(\"mrr-memory-cache\"),\n\t\t\tTier: pulumi.String(\"STANDARD_HA\"),\n\t\t\tMemorySizeGb: pulumi.Int(5),\n\t\t\tLocationId: pulumi.String(\"us-central1-a\"),\n\t\t\tAlternativeLocationId: pulumi.String(\"us-central1-f\"),\n\t\t\tAuthorizedNetwork: pulumi.String(redis_network.Id),\n\t\t\tRedisVersion: pulumi.String(\"REDIS_6_X\"),\n\t\t\tDisplayName: pulumi.String(\"Terraform Test Instance\"),\n\t\t\tReservedIpRange: pulumi.String(\"192.168.0.0/28\"),\n\t\t\tReplicaCount: pulumi.Int(5),\n\t\t\tReadReplicasMode: pulumi.String(\"READ_REPLICAS_ENABLED\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"my_key\": pulumi.String(\"my_val\"),\n\t\t\t\t\"other_key\": pulumi.String(\"other_val\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport com.pulumi.gcp.redis.Instance;\nimport com.pulumi.gcp.redis.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // This example assumes this network already exists.\n // The API creates a tenant network per network authorized for a\n // Redis instance and that network is not deleted when the user-created\n // network (authorized_network) is deleted, so this prevents issues\n // with tenant network quota.\n // If this network hasn't been created and you are using this example in your\n // config, add an additional network resource or change\n // this from \"data\"to \"resource\"\n final var redis-network = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"redis-test-network\")\n .build());\n\n var cache = new Instance(\"cache\", InstanceArgs.builder()\n .name(\"mrr-memory-cache\")\n .tier(\"STANDARD_HA\")\n .memorySizeGb(5)\n .locationId(\"us-central1-a\")\n .alternativeLocationId(\"us-central1-f\")\n .authorizedNetwork(redis_network.id())\n .redisVersion(\"REDIS_6_X\")\n .displayName(\"Terraform Test Instance\")\n .reservedIpRange(\"192.168.0.0/28\")\n .replicaCount(5)\n .readReplicasMode(\"READ_REPLICAS_ENABLED\")\n .labels(Map.ofEntries(\n Map.entry(\"my_key\", \"my_val\"),\n Map.entry(\"other_key\", \"other_val\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cache:\n type: gcp:redis:Instance\n properties:\n name: mrr-memory-cache\n tier: STANDARD_HA\n memorySizeGb: 5\n locationId: us-central1-a\n alternativeLocationId: us-central1-f\n authorizedNetwork: ${[\"redis-network\"].id}\n redisVersion: REDIS_6_X\n displayName: Terraform Test Instance\n reservedIpRange: 192.168.0.0/28\n replicaCount: 5\n readReplicasMode: READ_REPLICAS_ENABLED\n labels:\n my_key: my_val\n other_key: other_val\nvariables:\n # This example assumes this network already exists.\n # // The API creates a tenant network per network authorized for a\n # // Redis instance and that network is not deleted when the user-created\n # // network (authorized_network) is deleted, so this prevents issues\n # // with tenant network quota.\n # // If this network hasn't been created and you are using this example in your\n # // config, add an additional network resource or change\n # // this from \"data\"to \"resource\"\n redis-network:\n fn::invoke:\n Function: gcp:compute:getNetwork\n Arguments:\n name: redis-test-network\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Redis Instance Cmek\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst redisKeyring = new gcp.kms.KeyRing(\"redis_keyring\", {\n name: \"redis-keyring\",\n location: \"us-central1\",\n});\nconst redisKey = new gcp.kms.CryptoKey(\"redis_key\", {\n name: \"redis-key\",\n keyRing: redisKeyring.id,\n});\n// This example assumes this network already exists.\n// The API creates a tenant network per network authorized for a\n// Redis instance and that network is not deleted when the user-created\n// network (authorized_network) is deleted, so this prevents issues\n// with tenant network quota.\n// If this network hasn't been created and you are using this example in your\n// config, add an additional network resource or change\n// this from \"data\"to \"resource\"\nconst redis-network = gcp.compute.getNetwork({\n name: \"redis-test-network\",\n});\nconst cache = new gcp.redis.Instance(\"cache\", {\n name: \"cmek-memory-cache\",\n tier: \"STANDARD_HA\",\n memorySizeGb: 1,\n locationId: \"us-central1-a\",\n alternativeLocationId: \"us-central1-f\",\n authorizedNetwork: redis_network.then(redis_network =\u003e redis_network.id),\n redisVersion: \"REDIS_6_X\",\n displayName: \"Terraform Test Instance\",\n reservedIpRange: \"192.168.0.0/29\",\n labels: {\n my_key: \"my_val\",\n other_key: \"other_val\",\n },\n customerManagedKey: redisKey.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nredis_keyring = gcp.kms.KeyRing(\"redis_keyring\",\n name=\"redis-keyring\",\n location=\"us-central1\")\nredis_key = gcp.kms.CryptoKey(\"redis_key\",\n name=\"redis-key\",\n key_ring=redis_keyring.id)\n# This example assumes this network already exists.\n# The API creates a tenant network per network authorized for a\n# Redis instance and that network is not deleted when the user-created\n# network (authorized_network) is deleted, so this prevents issues\n# with tenant network quota.\n# If this network hasn't been created and you are using this example in your\n# config, add an additional network resource or change\n# this from \"data\"to \"resource\"\nredis_network = gcp.compute.get_network(name=\"redis-test-network\")\ncache = gcp.redis.Instance(\"cache\",\n name=\"cmek-memory-cache\",\n tier=\"STANDARD_HA\",\n memory_size_gb=1,\n location_id=\"us-central1-a\",\n alternative_location_id=\"us-central1-f\",\n authorized_network=redis_network.id,\n redis_version=\"REDIS_6_X\",\n display_name=\"Terraform Test Instance\",\n reserved_ip_range=\"192.168.0.0/29\",\n labels={\n \"my_key\": \"my_val\",\n \"other_key\": \"other_val\",\n },\n customer_managed_key=redis_key.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var redisKeyring = new Gcp.Kms.KeyRing(\"redis_keyring\", new()\n {\n Name = \"redis-keyring\",\n Location = \"us-central1\",\n });\n\n var redisKey = new Gcp.Kms.CryptoKey(\"redis_key\", new()\n {\n Name = \"redis-key\",\n KeyRing = redisKeyring.Id,\n });\n\n // This example assumes this network already exists.\n // The API creates a tenant network per network authorized for a\n // Redis instance and that network is not deleted when the user-created\n // network (authorized_network) is deleted, so this prevents issues\n // with tenant network quota.\n // If this network hasn't been created and you are using this example in your\n // config, add an additional network resource or change\n // this from \"data\"to \"resource\"\n var redis_network = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"redis-test-network\",\n });\n\n var cache = new Gcp.Redis.Instance(\"cache\", new()\n {\n Name = \"cmek-memory-cache\",\n Tier = \"STANDARD_HA\",\n MemorySizeGb = 1,\n LocationId = \"us-central1-a\",\n AlternativeLocationId = \"us-central1-f\",\n AuthorizedNetwork = redis_network.Apply(redis_network =\u003e redis_network.Apply(getNetworkResult =\u003e getNetworkResult.Id)),\n RedisVersion = \"REDIS_6_X\",\n DisplayName = \"Terraform Test Instance\",\n ReservedIpRange = \"192.168.0.0/29\",\n Labels = \n {\n { \"my_key\", \"my_val\" },\n { \"other_key\", \"other_val\" },\n },\n CustomerManagedKey = redisKey.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/redis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tredisKeyring, err := kms.NewKeyRing(ctx, \"redis_keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"redis-keyring\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tredisKey, err := kms.NewCryptoKey(ctx, \"redis_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"redis-key\"),\n\t\t\tKeyRing: redisKeyring.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// This example assumes this network already exists.\n\t\t// The API creates a tenant network per network authorized for a\n\t\t// Redis instance and that network is not deleted when the user-created\n\t\t// network (authorized_network) is deleted, so this prevents issues\n\t\t// with tenant network quota.\n\t\t// If this network hasn't been created and you are using this example in your\n\t\t// config, add an additional network resource or change\n\t\t// this from \"data\"to \"resource\"\n\t\tredis_network, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"redis-test-network\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = redis.NewInstance(ctx, \"cache\", \u0026redis.InstanceArgs{\n\t\t\tName: pulumi.String(\"cmek-memory-cache\"),\n\t\t\tTier: pulumi.String(\"STANDARD_HA\"),\n\t\t\tMemorySizeGb: pulumi.Int(1),\n\t\t\tLocationId: pulumi.String(\"us-central1-a\"),\n\t\t\tAlternativeLocationId: pulumi.String(\"us-central1-f\"),\n\t\t\tAuthorizedNetwork: pulumi.String(redis_network.Id),\n\t\t\tRedisVersion: pulumi.String(\"REDIS_6_X\"),\n\t\t\tDisplayName: pulumi.String(\"Terraform Test Instance\"),\n\t\t\tReservedIpRange: pulumi.String(\"192.168.0.0/29\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"my_key\": pulumi.String(\"my_val\"),\n\t\t\t\t\"other_key\": pulumi.String(\"other_val\"),\n\t\t\t},\n\t\t\tCustomerManagedKey: redisKey.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport com.pulumi.gcp.redis.Instance;\nimport com.pulumi.gcp.redis.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var redisKeyring = new KeyRing(\"redisKeyring\", KeyRingArgs.builder()\n .name(\"redis-keyring\")\n .location(\"us-central1\")\n .build());\n\n var redisKey = new CryptoKey(\"redisKey\", CryptoKeyArgs.builder()\n .name(\"redis-key\")\n .keyRing(redisKeyring.id())\n .build());\n\n // This example assumes this network already exists.\n // The API creates a tenant network per network authorized for a\n // Redis instance and that network is not deleted when the user-created\n // network (authorized_network) is deleted, so this prevents issues\n // with tenant network quota.\n // If this network hasn't been created and you are using this example in your\n // config, add an additional network resource or change\n // this from \"data\"to \"resource\"\n final var redis-network = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"redis-test-network\")\n .build());\n\n var cache = new Instance(\"cache\", InstanceArgs.builder()\n .name(\"cmek-memory-cache\")\n .tier(\"STANDARD_HA\")\n .memorySizeGb(1)\n .locationId(\"us-central1-a\")\n .alternativeLocationId(\"us-central1-f\")\n .authorizedNetwork(redis_network.id())\n .redisVersion(\"REDIS_6_X\")\n .displayName(\"Terraform Test Instance\")\n .reservedIpRange(\"192.168.0.0/29\")\n .labels(Map.ofEntries(\n Map.entry(\"my_key\", \"my_val\"),\n Map.entry(\"other_key\", \"other_val\")\n ))\n .customerManagedKey(redisKey.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cache:\n type: gcp:redis:Instance\n properties:\n name: cmek-memory-cache\n tier: STANDARD_HA\n memorySizeGb: 1\n locationId: us-central1-a\n alternativeLocationId: us-central1-f\n authorizedNetwork: ${[\"redis-network\"].id}\n redisVersion: REDIS_6_X\n displayName: Terraform Test Instance\n reservedIpRange: 192.168.0.0/29\n labels:\n my_key: my_val\n other_key: other_val\n customerManagedKey: ${redisKey.id}\n redisKeyring:\n type: gcp:kms:KeyRing\n name: redis_keyring\n properties:\n name: redis-keyring\n location: us-central1\n redisKey:\n type: gcp:kms:CryptoKey\n name: redis_key\n properties:\n name: redis-key\n keyRing: ${redisKeyring.id}\nvariables:\n # This example assumes this network already exists.\n # // The API creates a tenant network per network authorized for a\n # // Redis instance and that network is not deleted when the user-created\n # // network (authorized_network) is deleted, so this prevents issues\n # // with tenant network quota.\n # // If this network hasn't been created and you are using this example in your\n # // config, add an additional network resource or change\n # // this from \"data\"to \"resource\"\n redis-network:\n fn::invoke:\n Function: gcp:compute:getNetwork\n Arguments:\n name: redis-test-network\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInstance can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/instances/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Instance can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:redis/instance:Instance default projects/{{project}}/locations/{{region}}/instances/{{name}}\n```\n\n```sh\n$ pulumi import gcp:redis/instance:Instance default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:redis/instance:Instance default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:redis/instance:Instance default {{name}}\n```\n\n", + "description": "A Google Cloud Redis instance.\n\n\nTo get more information about Instance, see:\n\n* [API documentation](https://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/memorystore/docs/redis/)\n\n## Example Usage\n\n### Redis Instance Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cache = new gcp.redis.Instance(\"cache\", {\n name: \"memory-cache\",\n memorySizeGb: 1,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncache = gcp.redis.Instance(\"cache\",\n name=\"memory-cache\",\n memory_size_gb=1)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cache = new Gcp.Redis.Instance(\"cache\", new()\n {\n Name = \"memory-cache\",\n MemorySizeGb = 1,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/redis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := redis.NewInstance(ctx, \"cache\", \u0026redis.InstanceArgs{\n\t\t\tName: pulumi.String(\"memory-cache\"),\n\t\t\tMemorySizeGb: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.redis.Instance;\nimport com.pulumi.gcp.redis.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cache = new Instance(\"cache\", InstanceArgs.builder()\n .name(\"memory-cache\")\n .memorySizeGb(1)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cache:\n type: gcp:redis:Instance\n properties:\n name: memory-cache\n memorySizeGb: 1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Redis Instance Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n// This example assumes this network already exists.\n// The API creates a tenant network per network authorized for a\n// Redis instance and that network is not deleted when the user-created\n// network (authorized_network) is deleted, so this prevents issues\n// with tenant network quota.\n// If this network hasn't been created and you are using this example in your\n// config, add an additional network resource or change\n// this from \"data\"to \"resource\"\nconst redis-network = gcp.compute.getNetwork({\n name: \"redis-test-network\",\n});\nconst cache = new gcp.redis.Instance(\"cache\", {\n name: \"ha-memory-cache\",\n tier: \"STANDARD_HA\",\n memorySizeGb: 1,\n locationId: \"us-central1-a\",\n alternativeLocationId: \"us-central1-f\",\n authorizedNetwork: redis_network.then(redis_network =\u003e redis_network.id),\n redisVersion: \"REDIS_4_0\",\n displayName: \"Test Instance\",\n reservedIpRange: \"192.168.0.0/29\",\n labels: {\n my_key: \"my_val\",\n other_key: \"other_val\",\n },\n maintenancePolicy: {\n weeklyMaintenanceWindows: [{\n day: \"TUESDAY\",\n startTime: {\n hours: 0,\n minutes: 30,\n seconds: 0,\n nanos: 0,\n },\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n# This example assumes this network already exists.\n# The API creates a tenant network per network authorized for a\n# Redis instance and that network is not deleted when the user-created\n# network (authorized_network) is deleted, so this prevents issues\n# with tenant network quota.\n# If this network hasn't been created and you are using this example in your\n# config, add an additional network resource or change\n# this from \"data\"to \"resource\"\nredis_network = gcp.compute.get_network(name=\"redis-test-network\")\ncache = gcp.redis.Instance(\"cache\",\n name=\"ha-memory-cache\",\n tier=\"STANDARD_HA\",\n memory_size_gb=1,\n location_id=\"us-central1-a\",\n alternative_location_id=\"us-central1-f\",\n authorized_network=redis_network.id,\n redis_version=\"REDIS_4_0\",\n display_name=\"Test Instance\",\n reserved_ip_range=\"192.168.0.0/29\",\n labels={\n \"my_key\": \"my_val\",\n \"other_key\": \"other_val\",\n },\n maintenance_policy={\n \"weekly_maintenance_windows\": [{\n \"day\": \"TUESDAY\",\n \"start_time\": {\n \"hours\": 0,\n \"minutes\": 30,\n \"seconds\": 0,\n \"nanos\": 0,\n },\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // This example assumes this network already exists.\n // The API creates a tenant network per network authorized for a\n // Redis instance and that network is not deleted when the user-created\n // network (authorized_network) is deleted, so this prevents issues\n // with tenant network quota.\n // If this network hasn't been created and you are using this example in your\n // config, add an additional network resource or change\n // this from \"data\"to \"resource\"\n var redis_network = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"redis-test-network\",\n });\n\n var cache = new Gcp.Redis.Instance(\"cache\", new()\n {\n Name = \"ha-memory-cache\",\n Tier = \"STANDARD_HA\",\n MemorySizeGb = 1,\n LocationId = \"us-central1-a\",\n AlternativeLocationId = \"us-central1-f\",\n AuthorizedNetwork = redis_network.Apply(redis_network =\u003e redis_network.Apply(getNetworkResult =\u003e getNetworkResult.Id)),\n RedisVersion = \"REDIS_4_0\",\n DisplayName = \"Test Instance\",\n ReservedIpRange = \"192.168.0.0/29\",\n Labels = \n {\n { \"my_key\", \"my_val\" },\n { \"other_key\", \"other_val\" },\n },\n MaintenancePolicy = new Gcp.Redis.Inputs.InstanceMaintenancePolicyArgs\n {\n WeeklyMaintenanceWindows = new[]\n {\n new Gcp.Redis.Inputs.InstanceMaintenancePolicyWeeklyMaintenanceWindowArgs\n {\n Day = \"TUESDAY\",\n StartTime = new Gcp.Redis.Inputs.InstanceMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs\n {\n Hours = 0,\n Minutes = 30,\n Seconds = 0,\n Nanos = 0,\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/redis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// This example assumes this network already exists.\n\t\t// The API creates a tenant network per network authorized for a\n\t\t// Redis instance and that network is not deleted when the user-created\n\t\t// network (authorized_network) is deleted, so this prevents issues\n\t\t// with tenant network quota.\n\t\t// If this network hasn't been created and you are using this example in your\n\t\t// config, add an additional network resource or change\n\t\t// this from \"data\"to \"resource\"\n\t\tredis_network, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"redis-test-network\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = redis.NewInstance(ctx, \"cache\", \u0026redis.InstanceArgs{\n\t\t\tName: pulumi.String(\"ha-memory-cache\"),\n\t\t\tTier: pulumi.String(\"STANDARD_HA\"),\n\t\t\tMemorySizeGb: pulumi.Int(1),\n\t\t\tLocationId: pulumi.String(\"us-central1-a\"),\n\t\t\tAlternativeLocationId: pulumi.String(\"us-central1-f\"),\n\t\t\tAuthorizedNetwork: pulumi.String(redis_network.Id),\n\t\t\tRedisVersion: pulumi.String(\"REDIS_4_0\"),\n\t\t\tDisplayName: pulumi.String(\"Test Instance\"),\n\t\t\tReservedIpRange: pulumi.String(\"192.168.0.0/29\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"my_key\": pulumi.String(\"my_val\"),\n\t\t\t\t\"other_key\": pulumi.String(\"other_val\"),\n\t\t\t},\n\t\t\tMaintenancePolicy: \u0026redis.InstanceMaintenancePolicyArgs{\n\t\t\t\tWeeklyMaintenanceWindows: redis.InstanceMaintenancePolicyWeeklyMaintenanceWindowArray{\n\t\t\t\t\t\u0026redis.InstanceMaintenancePolicyWeeklyMaintenanceWindowArgs{\n\t\t\t\t\t\tDay: pulumi.String(\"TUESDAY\"),\n\t\t\t\t\t\tStartTime: \u0026redis.InstanceMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs{\n\t\t\t\t\t\t\tHours: pulumi.Int(0),\n\t\t\t\t\t\t\tMinutes: pulumi.Int(30),\n\t\t\t\t\t\t\tSeconds: pulumi.Int(0),\n\t\t\t\t\t\t\tNanos: pulumi.Int(0),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport com.pulumi.gcp.redis.Instance;\nimport com.pulumi.gcp.redis.InstanceArgs;\nimport com.pulumi.gcp.redis.inputs.InstanceMaintenancePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // This example assumes this network already exists.\n // The API creates a tenant network per network authorized for a\n // Redis instance and that network is not deleted when the user-created\n // network (authorized_network) is deleted, so this prevents issues\n // with tenant network quota.\n // If this network hasn't been created and you are using this example in your\n // config, add an additional network resource or change\n // this from \"data\"to \"resource\"\n final var redis-network = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"redis-test-network\")\n .build());\n\n var cache = new Instance(\"cache\", InstanceArgs.builder()\n .name(\"ha-memory-cache\")\n .tier(\"STANDARD_HA\")\n .memorySizeGb(1)\n .locationId(\"us-central1-a\")\n .alternativeLocationId(\"us-central1-f\")\n .authorizedNetwork(redis_network.id())\n .redisVersion(\"REDIS_4_0\")\n .displayName(\"Test Instance\")\n .reservedIpRange(\"192.168.0.0/29\")\n .labels(Map.ofEntries(\n Map.entry(\"my_key\", \"my_val\"),\n Map.entry(\"other_key\", \"other_val\")\n ))\n .maintenancePolicy(InstanceMaintenancePolicyArgs.builder()\n .weeklyMaintenanceWindows(InstanceMaintenancePolicyWeeklyMaintenanceWindowArgs.builder()\n .day(\"TUESDAY\")\n .startTime(InstanceMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs.builder()\n .hours(0)\n .minutes(30)\n .seconds(0)\n .nanos(0)\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cache:\n type: gcp:redis:Instance\n properties:\n name: ha-memory-cache\n tier: STANDARD_HA\n memorySizeGb: 1\n locationId: us-central1-a\n alternativeLocationId: us-central1-f\n authorizedNetwork: ${[\"redis-network\"].id}\n redisVersion: REDIS_4_0\n displayName: Test Instance\n reservedIpRange: 192.168.0.0/29\n labels:\n my_key: my_val\n other_key: other_val\n maintenancePolicy:\n weeklyMaintenanceWindows:\n - day: TUESDAY\n startTime:\n hours: 0\n minutes: 30\n seconds: 0\n nanos: 0\nvariables:\n # This example assumes this network already exists.\n # // The API creates a tenant network per network authorized for a\n # // Redis instance and that network is not deleted when the user-created\n # // network (authorized_network) is deleted, so this prevents issues\n # // with tenant network quota.\n # // If this network hasn't been created and you are using this example in your\n # // config, add an additional network resource or change\n # // this from \"data\"to \"resource\"\n redis-network:\n fn::invoke:\n function: gcp:compute:getNetwork\n arguments:\n name: redis-test-network\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Redis Instance Full With Persistence Config\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cache_persis = new gcp.redis.Instance(\"cache-persis\", {\n name: \"ha-memory-cache-persis\",\n tier: \"STANDARD_HA\",\n memorySizeGb: 1,\n locationId: \"us-central1-a\",\n alternativeLocationId: \"us-central1-f\",\n persistenceConfig: {\n persistenceMode: \"RDB\",\n rdbSnapshotPeriod: \"TWELVE_HOURS\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncache_persis = gcp.redis.Instance(\"cache-persis\",\n name=\"ha-memory-cache-persis\",\n tier=\"STANDARD_HA\",\n memory_size_gb=1,\n location_id=\"us-central1-a\",\n alternative_location_id=\"us-central1-f\",\n persistence_config={\n \"persistence_mode\": \"RDB\",\n \"rdb_snapshot_period\": \"TWELVE_HOURS\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cache_persis = new Gcp.Redis.Instance(\"cache-persis\", new()\n {\n Name = \"ha-memory-cache-persis\",\n Tier = \"STANDARD_HA\",\n MemorySizeGb = 1,\n LocationId = \"us-central1-a\",\n AlternativeLocationId = \"us-central1-f\",\n PersistenceConfig = new Gcp.Redis.Inputs.InstancePersistenceConfigArgs\n {\n PersistenceMode = \"RDB\",\n RdbSnapshotPeriod = \"TWELVE_HOURS\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/redis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := redis.NewInstance(ctx, \"cache-persis\", \u0026redis.InstanceArgs{\n\t\t\tName: pulumi.String(\"ha-memory-cache-persis\"),\n\t\t\tTier: pulumi.String(\"STANDARD_HA\"),\n\t\t\tMemorySizeGb: pulumi.Int(1),\n\t\t\tLocationId: pulumi.String(\"us-central1-a\"),\n\t\t\tAlternativeLocationId: pulumi.String(\"us-central1-f\"),\n\t\t\tPersistenceConfig: \u0026redis.InstancePersistenceConfigArgs{\n\t\t\t\tPersistenceMode: pulumi.String(\"RDB\"),\n\t\t\t\tRdbSnapshotPeriod: pulumi.String(\"TWELVE_HOURS\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.redis.Instance;\nimport com.pulumi.gcp.redis.InstanceArgs;\nimport com.pulumi.gcp.redis.inputs.InstancePersistenceConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cache_persis = new Instance(\"cache-persis\", InstanceArgs.builder()\n .name(\"ha-memory-cache-persis\")\n .tier(\"STANDARD_HA\")\n .memorySizeGb(1)\n .locationId(\"us-central1-a\")\n .alternativeLocationId(\"us-central1-f\")\n .persistenceConfig(InstancePersistenceConfigArgs.builder()\n .persistenceMode(\"RDB\")\n .rdbSnapshotPeriod(\"TWELVE_HOURS\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cache-persis:\n type: gcp:redis:Instance\n properties:\n name: ha-memory-cache-persis\n tier: STANDARD_HA\n memorySizeGb: 1\n locationId: us-central1-a\n alternativeLocationId: us-central1-f\n persistenceConfig:\n persistenceMode: RDB\n rdbSnapshotPeriod: TWELVE_HOURS\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Redis Instance Private Service\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n// This example assumes this network already exists.\n// The API creates a tenant network per network authorized for a\n// Redis instance and that network is not deleted when the user-created\n// network (authorized_network) is deleted, so this prevents issues\n// with tenant network quota.\n// If this network hasn't been created and you are using this example in your\n// config, add an additional network resource or change\n// this from \"data\"to \"resource\"\nconst redis_network = new gcp.compute.Network(\"redis-network\", {name: \"redis-test-network\"});\nconst serviceRange = new gcp.compute.GlobalAddress(\"service_range\", {\n name: \"address\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: redis_network.id,\n});\nconst privateServiceConnection = new gcp.servicenetworking.Connection(\"private_service_connection\", {\n network: redis_network.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [serviceRange.name],\n});\nconst cache = new gcp.redis.Instance(\"cache\", {\n name: \"private-cache\",\n tier: \"STANDARD_HA\",\n memorySizeGb: 1,\n locationId: \"us-central1-a\",\n alternativeLocationId: \"us-central1-f\",\n authorizedNetwork: redis_network.id,\n connectMode: \"PRIVATE_SERVICE_ACCESS\",\n redisVersion: \"REDIS_4_0\",\n displayName: \"Test Instance\",\n}, {\n dependsOn: [privateServiceConnection],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n# This example assumes this network already exists.\n# The API creates a tenant network per network authorized for a\n# Redis instance and that network is not deleted when the user-created\n# network (authorized_network) is deleted, so this prevents issues\n# with tenant network quota.\n# If this network hasn't been created and you are using this example in your\n# config, add an additional network resource or change\n# this from \"data\"to \"resource\"\nredis_network = gcp.compute.Network(\"redis-network\", name=\"redis-test-network\")\nservice_range = gcp.compute.GlobalAddress(\"service_range\",\n name=\"address\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=redis_network.id)\nprivate_service_connection = gcp.servicenetworking.Connection(\"private_service_connection\",\n network=redis_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[service_range.name])\ncache = gcp.redis.Instance(\"cache\",\n name=\"private-cache\",\n tier=\"STANDARD_HA\",\n memory_size_gb=1,\n location_id=\"us-central1-a\",\n alternative_location_id=\"us-central1-f\",\n authorized_network=redis_network.id,\n connect_mode=\"PRIVATE_SERVICE_ACCESS\",\n redis_version=\"REDIS_4_0\",\n display_name=\"Test Instance\",\n opts = pulumi.ResourceOptions(depends_on=[private_service_connection]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // This example assumes this network already exists.\n // The API creates a tenant network per network authorized for a\n // Redis instance and that network is not deleted when the user-created\n // network (authorized_network) is deleted, so this prevents issues\n // with tenant network quota.\n // If this network hasn't been created and you are using this example in your\n // config, add an additional network resource or change\n // this from \"data\"to \"resource\"\n var redis_network = new Gcp.Compute.Network(\"redis-network\", new()\n {\n Name = \"redis-test-network\",\n });\n\n var serviceRange = new Gcp.Compute.GlobalAddress(\"service_range\", new()\n {\n Name = \"address\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = redis_network.Id,\n });\n\n var privateServiceConnection = new Gcp.ServiceNetworking.Connection(\"private_service_connection\", new()\n {\n Network = redis_network.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n serviceRange.Name,\n },\n });\n\n var cache = new Gcp.Redis.Instance(\"cache\", new()\n {\n Name = \"private-cache\",\n Tier = \"STANDARD_HA\",\n MemorySizeGb = 1,\n LocationId = \"us-central1-a\",\n AlternativeLocationId = \"us-central1-f\",\n AuthorizedNetwork = redis_network.Id,\n ConnectMode = \"PRIVATE_SERVICE_ACCESS\",\n RedisVersion = \"REDIS_4_0\",\n DisplayName = \"Test Instance\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n privateServiceConnection,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/redis\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// This example assumes this network already exists.\n\t\t// The API creates a tenant network per network authorized for a\n\t\t// Redis instance and that network is not deleted when the user-created\n\t\t// network (authorized_network) is deleted, so this prevents issues\n\t\t// with tenant network quota.\n\t\t// If this network hasn't been created and you are using this example in your\n\t\t// config, add an additional network resource or change\n\t\t// this from \"data\"to \"resource\"\n\t\t_, err := compute.NewNetwork(ctx, \"redis-network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"redis-test-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tserviceRange, err := compute.NewGlobalAddress(ctx, \"service_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"address\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: redis_network.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateServiceConnection, err := servicenetworking.NewConnection(ctx, \"private_service_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: redis_network.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tserviceRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = redis.NewInstance(ctx, \"cache\", \u0026redis.InstanceArgs{\n\t\t\tName: pulumi.String(\"private-cache\"),\n\t\t\tTier: pulumi.String(\"STANDARD_HA\"),\n\t\t\tMemorySizeGb: pulumi.Int(1),\n\t\t\tLocationId: pulumi.String(\"us-central1-a\"),\n\t\t\tAlternativeLocationId: pulumi.String(\"us-central1-f\"),\n\t\t\tAuthorizedNetwork: redis_network.ID(),\n\t\t\tConnectMode: pulumi.String(\"PRIVATE_SERVICE_ACCESS\"),\n\t\t\tRedisVersion: pulumi.String(\"REDIS_4_0\"),\n\t\t\tDisplayName: pulumi.String(\"Test Instance\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tprivateServiceConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.redis.Instance;\nimport com.pulumi.gcp.redis.InstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // This example assumes this network already exists.\n // The API creates a tenant network per network authorized for a\n // Redis instance and that network is not deleted when the user-created\n // network (authorized_network) is deleted, so this prevents issues\n // with tenant network quota.\n // If this network hasn't been created and you are using this example in your\n // config, add an additional network resource or change\n // this from \"data\"to \"resource\"\n var redis_network = new Network(\"redis-network\", NetworkArgs.builder()\n .name(\"redis-test-network\")\n .build());\n\n var serviceRange = new GlobalAddress(\"serviceRange\", GlobalAddressArgs.builder()\n .name(\"address\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(redis_network.id())\n .build());\n\n var privateServiceConnection = new Connection(\"privateServiceConnection\", ConnectionArgs.builder()\n .network(redis_network.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(serviceRange.name())\n .build());\n\n var cache = new Instance(\"cache\", InstanceArgs.builder()\n .name(\"private-cache\")\n .tier(\"STANDARD_HA\")\n .memorySizeGb(1)\n .locationId(\"us-central1-a\")\n .alternativeLocationId(\"us-central1-f\")\n .authorizedNetwork(redis_network.id())\n .connectMode(\"PRIVATE_SERVICE_ACCESS\")\n .redisVersion(\"REDIS_4_0\")\n .displayName(\"Test Instance\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(privateServiceConnection)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # This example assumes this network already exists.\n # // The API creates a tenant network per network authorized for a\n # // Redis instance and that network is not deleted when the user-created\n # // network (authorized_network) is deleted, so this prevents issues\n # // with tenant network quota.\n # // If this network hasn't been created and you are using this example in your\n # // config, add an additional network resource or change\n # // this from \"data\"to \"resource\"\n redis-network:\n type: gcp:compute:Network\n properties:\n name: redis-test-network\n serviceRange:\n type: gcp:compute:GlobalAddress\n name: service_range\n properties:\n name: address\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${[\"redis-network\"].id}\n privateServiceConnection:\n type: gcp:servicenetworking:Connection\n name: private_service_connection\n properties:\n network: ${[\"redis-network\"].id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${serviceRange.name}\n cache:\n type: gcp:redis:Instance\n properties:\n name: private-cache\n tier: STANDARD_HA\n memorySizeGb: 1\n locationId: us-central1-a\n alternativeLocationId: us-central1-f\n authorizedNetwork: ${[\"redis-network\"].id}\n connectMode: PRIVATE_SERVICE_ACCESS\n redisVersion: REDIS_4_0\n displayName: Test Instance\n options:\n dependsOn:\n - ${privateServiceConnection}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Redis Instance Mrr\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n// This example assumes this network already exists.\n// The API creates a tenant network per network authorized for a\n// Redis instance and that network is not deleted when the user-created\n// network (authorized_network) is deleted, so this prevents issues\n// with tenant network quota.\n// If this network hasn't been created and you are using this example in your\n// config, add an additional network resource or change\n// this from \"data\"to \"resource\"\nconst redis-network = gcp.compute.getNetwork({\n name: \"redis-test-network\",\n});\nconst cache = new gcp.redis.Instance(\"cache\", {\n name: \"mrr-memory-cache\",\n tier: \"STANDARD_HA\",\n memorySizeGb: 5,\n locationId: \"us-central1-a\",\n alternativeLocationId: \"us-central1-f\",\n authorizedNetwork: redis_network.then(redis_network =\u003e redis_network.id),\n redisVersion: \"REDIS_6_X\",\n displayName: \"Terraform Test Instance\",\n reservedIpRange: \"192.168.0.0/28\",\n replicaCount: 5,\n readReplicasMode: \"READ_REPLICAS_ENABLED\",\n labels: {\n my_key: \"my_val\",\n other_key: \"other_val\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n# This example assumes this network already exists.\n# The API creates a tenant network per network authorized for a\n# Redis instance and that network is not deleted when the user-created\n# network (authorized_network) is deleted, so this prevents issues\n# with tenant network quota.\n# If this network hasn't been created and you are using this example in your\n# config, add an additional network resource or change\n# this from \"data\"to \"resource\"\nredis_network = gcp.compute.get_network(name=\"redis-test-network\")\ncache = gcp.redis.Instance(\"cache\",\n name=\"mrr-memory-cache\",\n tier=\"STANDARD_HA\",\n memory_size_gb=5,\n location_id=\"us-central1-a\",\n alternative_location_id=\"us-central1-f\",\n authorized_network=redis_network.id,\n redis_version=\"REDIS_6_X\",\n display_name=\"Terraform Test Instance\",\n reserved_ip_range=\"192.168.0.0/28\",\n replica_count=5,\n read_replicas_mode=\"READ_REPLICAS_ENABLED\",\n labels={\n \"my_key\": \"my_val\",\n \"other_key\": \"other_val\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // This example assumes this network already exists.\n // The API creates a tenant network per network authorized for a\n // Redis instance and that network is not deleted when the user-created\n // network (authorized_network) is deleted, so this prevents issues\n // with tenant network quota.\n // If this network hasn't been created and you are using this example in your\n // config, add an additional network resource or change\n // this from \"data\"to \"resource\"\n var redis_network = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"redis-test-network\",\n });\n\n var cache = new Gcp.Redis.Instance(\"cache\", new()\n {\n Name = \"mrr-memory-cache\",\n Tier = \"STANDARD_HA\",\n MemorySizeGb = 5,\n LocationId = \"us-central1-a\",\n AlternativeLocationId = \"us-central1-f\",\n AuthorizedNetwork = redis_network.Apply(redis_network =\u003e redis_network.Apply(getNetworkResult =\u003e getNetworkResult.Id)),\n RedisVersion = \"REDIS_6_X\",\n DisplayName = \"Terraform Test Instance\",\n ReservedIpRange = \"192.168.0.0/28\",\n ReplicaCount = 5,\n ReadReplicasMode = \"READ_REPLICAS_ENABLED\",\n Labels = \n {\n { \"my_key\", \"my_val\" },\n { \"other_key\", \"other_val\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/redis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// This example assumes this network already exists.\n\t\t// The API creates a tenant network per network authorized for a\n\t\t// Redis instance and that network is not deleted when the user-created\n\t\t// network (authorized_network) is deleted, so this prevents issues\n\t\t// with tenant network quota.\n\t\t// If this network hasn't been created and you are using this example in your\n\t\t// config, add an additional network resource or change\n\t\t// this from \"data\"to \"resource\"\n\t\tredis_network, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"redis-test-network\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = redis.NewInstance(ctx, \"cache\", \u0026redis.InstanceArgs{\n\t\t\tName: pulumi.String(\"mrr-memory-cache\"),\n\t\t\tTier: pulumi.String(\"STANDARD_HA\"),\n\t\t\tMemorySizeGb: pulumi.Int(5),\n\t\t\tLocationId: pulumi.String(\"us-central1-a\"),\n\t\t\tAlternativeLocationId: pulumi.String(\"us-central1-f\"),\n\t\t\tAuthorizedNetwork: pulumi.String(redis_network.Id),\n\t\t\tRedisVersion: pulumi.String(\"REDIS_6_X\"),\n\t\t\tDisplayName: pulumi.String(\"Terraform Test Instance\"),\n\t\t\tReservedIpRange: pulumi.String(\"192.168.0.0/28\"),\n\t\t\tReplicaCount: pulumi.Int(5),\n\t\t\tReadReplicasMode: pulumi.String(\"READ_REPLICAS_ENABLED\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"my_key\": pulumi.String(\"my_val\"),\n\t\t\t\t\"other_key\": pulumi.String(\"other_val\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport com.pulumi.gcp.redis.Instance;\nimport com.pulumi.gcp.redis.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // This example assumes this network already exists.\n // The API creates a tenant network per network authorized for a\n // Redis instance and that network is not deleted when the user-created\n // network (authorized_network) is deleted, so this prevents issues\n // with tenant network quota.\n // If this network hasn't been created and you are using this example in your\n // config, add an additional network resource or change\n // this from \"data\"to \"resource\"\n final var redis-network = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"redis-test-network\")\n .build());\n\n var cache = new Instance(\"cache\", InstanceArgs.builder()\n .name(\"mrr-memory-cache\")\n .tier(\"STANDARD_HA\")\n .memorySizeGb(5)\n .locationId(\"us-central1-a\")\n .alternativeLocationId(\"us-central1-f\")\n .authorizedNetwork(redis_network.id())\n .redisVersion(\"REDIS_6_X\")\n .displayName(\"Terraform Test Instance\")\n .reservedIpRange(\"192.168.0.0/28\")\n .replicaCount(5)\n .readReplicasMode(\"READ_REPLICAS_ENABLED\")\n .labels(Map.ofEntries(\n Map.entry(\"my_key\", \"my_val\"),\n Map.entry(\"other_key\", \"other_val\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cache:\n type: gcp:redis:Instance\n properties:\n name: mrr-memory-cache\n tier: STANDARD_HA\n memorySizeGb: 5\n locationId: us-central1-a\n alternativeLocationId: us-central1-f\n authorizedNetwork: ${[\"redis-network\"].id}\n redisVersion: REDIS_6_X\n displayName: Terraform Test Instance\n reservedIpRange: 192.168.0.0/28\n replicaCount: 5\n readReplicasMode: READ_REPLICAS_ENABLED\n labels:\n my_key: my_val\n other_key: other_val\nvariables:\n # This example assumes this network already exists.\n # // The API creates a tenant network per network authorized for a\n # // Redis instance and that network is not deleted when the user-created\n # // network (authorized_network) is deleted, so this prevents issues\n # // with tenant network quota.\n # // If this network hasn't been created and you are using this example in your\n # // config, add an additional network resource or change\n # // this from \"data\"to \"resource\"\n redis-network:\n fn::invoke:\n function: gcp:compute:getNetwork\n arguments:\n name: redis-test-network\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Redis Instance Cmek\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst redisKeyring = new gcp.kms.KeyRing(\"redis_keyring\", {\n name: \"redis-keyring\",\n location: \"us-central1\",\n});\nconst redisKey = new gcp.kms.CryptoKey(\"redis_key\", {\n name: \"redis-key\",\n keyRing: redisKeyring.id,\n});\n// This example assumes this network already exists.\n// The API creates a tenant network per network authorized for a\n// Redis instance and that network is not deleted when the user-created\n// network (authorized_network) is deleted, so this prevents issues\n// with tenant network quota.\n// If this network hasn't been created and you are using this example in your\n// config, add an additional network resource or change\n// this from \"data\"to \"resource\"\nconst redis-network = gcp.compute.getNetwork({\n name: \"redis-test-network\",\n});\nconst cache = new gcp.redis.Instance(\"cache\", {\n name: \"cmek-memory-cache\",\n tier: \"STANDARD_HA\",\n memorySizeGb: 1,\n locationId: \"us-central1-a\",\n alternativeLocationId: \"us-central1-f\",\n authorizedNetwork: redis_network.then(redis_network =\u003e redis_network.id),\n redisVersion: \"REDIS_6_X\",\n displayName: \"Terraform Test Instance\",\n reservedIpRange: \"192.168.0.0/29\",\n labels: {\n my_key: \"my_val\",\n other_key: \"other_val\",\n },\n customerManagedKey: redisKey.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nredis_keyring = gcp.kms.KeyRing(\"redis_keyring\",\n name=\"redis-keyring\",\n location=\"us-central1\")\nredis_key = gcp.kms.CryptoKey(\"redis_key\",\n name=\"redis-key\",\n key_ring=redis_keyring.id)\n# This example assumes this network already exists.\n# The API creates a tenant network per network authorized for a\n# Redis instance and that network is not deleted when the user-created\n# network (authorized_network) is deleted, so this prevents issues\n# with tenant network quota.\n# If this network hasn't been created and you are using this example in your\n# config, add an additional network resource or change\n# this from \"data\"to \"resource\"\nredis_network = gcp.compute.get_network(name=\"redis-test-network\")\ncache = gcp.redis.Instance(\"cache\",\n name=\"cmek-memory-cache\",\n tier=\"STANDARD_HA\",\n memory_size_gb=1,\n location_id=\"us-central1-a\",\n alternative_location_id=\"us-central1-f\",\n authorized_network=redis_network.id,\n redis_version=\"REDIS_6_X\",\n display_name=\"Terraform Test Instance\",\n reserved_ip_range=\"192.168.0.0/29\",\n labels={\n \"my_key\": \"my_val\",\n \"other_key\": \"other_val\",\n },\n customer_managed_key=redis_key.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var redisKeyring = new Gcp.Kms.KeyRing(\"redis_keyring\", new()\n {\n Name = \"redis-keyring\",\n Location = \"us-central1\",\n });\n\n var redisKey = new Gcp.Kms.CryptoKey(\"redis_key\", new()\n {\n Name = \"redis-key\",\n KeyRing = redisKeyring.Id,\n });\n\n // This example assumes this network already exists.\n // The API creates a tenant network per network authorized for a\n // Redis instance and that network is not deleted when the user-created\n // network (authorized_network) is deleted, so this prevents issues\n // with tenant network quota.\n // If this network hasn't been created and you are using this example in your\n // config, add an additional network resource or change\n // this from \"data\"to \"resource\"\n var redis_network = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"redis-test-network\",\n });\n\n var cache = new Gcp.Redis.Instance(\"cache\", new()\n {\n Name = \"cmek-memory-cache\",\n Tier = \"STANDARD_HA\",\n MemorySizeGb = 1,\n LocationId = \"us-central1-a\",\n AlternativeLocationId = \"us-central1-f\",\n AuthorizedNetwork = redis_network.Apply(redis_network =\u003e redis_network.Apply(getNetworkResult =\u003e getNetworkResult.Id)),\n RedisVersion = \"REDIS_6_X\",\n DisplayName = \"Terraform Test Instance\",\n ReservedIpRange = \"192.168.0.0/29\",\n Labels = \n {\n { \"my_key\", \"my_val\" },\n { \"other_key\", \"other_val\" },\n },\n CustomerManagedKey = redisKey.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/redis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tredisKeyring, err := kms.NewKeyRing(ctx, \"redis_keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"redis-keyring\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tredisKey, err := kms.NewCryptoKey(ctx, \"redis_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"redis-key\"),\n\t\t\tKeyRing: redisKeyring.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// This example assumes this network already exists.\n\t\t// The API creates a tenant network per network authorized for a\n\t\t// Redis instance and that network is not deleted when the user-created\n\t\t// network (authorized_network) is deleted, so this prevents issues\n\t\t// with tenant network quota.\n\t\t// If this network hasn't been created and you are using this example in your\n\t\t// config, add an additional network resource or change\n\t\t// this from \"data\"to \"resource\"\n\t\tredis_network, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"redis-test-network\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = redis.NewInstance(ctx, \"cache\", \u0026redis.InstanceArgs{\n\t\t\tName: pulumi.String(\"cmek-memory-cache\"),\n\t\t\tTier: pulumi.String(\"STANDARD_HA\"),\n\t\t\tMemorySizeGb: pulumi.Int(1),\n\t\t\tLocationId: pulumi.String(\"us-central1-a\"),\n\t\t\tAlternativeLocationId: pulumi.String(\"us-central1-f\"),\n\t\t\tAuthorizedNetwork: pulumi.String(redis_network.Id),\n\t\t\tRedisVersion: pulumi.String(\"REDIS_6_X\"),\n\t\t\tDisplayName: pulumi.String(\"Terraform Test Instance\"),\n\t\t\tReservedIpRange: pulumi.String(\"192.168.0.0/29\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"my_key\": pulumi.String(\"my_val\"),\n\t\t\t\t\"other_key\": pulumi.String(\"other_val\"),\n\t\t\t},\n\t\t\tCustomerManagedKey: redisKey.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport com.pulumi.gcp.redis.Instance;\nimport com.pulumi.gcp.redis.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var redisKeyring = new KeyRing(\"redisKeyring\", KeyRingArgs.builder()\n .name(\"redis-keyring\")\n .location(\"us-central1\")\n .build());\n\n var redisKey = new CryptoKey(\"redisKey\", CryptoKeyArgs.builder()\n .name(\"redis-key\")\n .keyRing(redisKeyring.id())\n .build());\n\n // This example assumes this network already exists.\n // The API creates a tenant network per network authorized for a\n // Redis instance and that network is not deleted when the user-created\n // network (authorized_network) is deleted, so this prevents issues\n // with tenant network quota.\n // If this network hasn't been created and you are using this example in your\n // config, add an additional network resource or change\n // this from \"data\"to \"resource\"\n final var redis-network = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"redis-test-network\")\n .build());\n\n var cache = new Instance(\"cache\", InstanceArgs.builder()\n .name(\"cmek-memory-cache\")\n .tier(\"STANDARD_HA\")\n .memorySizeGb(1)\n .locationId(\"us-central1-a\")\n .alternativeLocationId(\"us-central1-f\")\n .authorizedNetwork(redis_network.id())\n .redisVersion(\"REDIS_6_X\")\n .displayName(\"Terraform Test Instance\")\n .reservedIpRange(\"192.168.0.0/29\")\n .labels(Map.ofEntries(\n Map.entry(\"my_key\", \"my_val\"),\n Map.entry(\"other_key\", \"other_val\")\n ))\n .customerManagedKey(redisKey.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cache:\n type: gcp:redis:Instance\n properties:\n name: cmek-memory-cache\n tier: STANDARD_HA\n memorySizeGb: 1\n locationId: us-central1-a\n alternativeLocationId: us-central1-f\n authorizedNetwork: ${[\"redis-network\"].id}\n redisVersion: REDIS_6_X\n displayName: Terraform Test Instance\n reservedIpRange: 192.168.0.0/29\n labels:\n my_key: my_val\n other_key: other_val\n customerManagedKey: ${redisKey.id}\n redisKeyring:\n type: gcp:kms:KeyRing\n name: redis_keyring\n properties:\n name: redis-keyring\n location: us-central1\n redisKey:\n type: gcp:kms:CryptoKey\n name: redis_key\n properties:\n name: redis-key\n keyRing: ${redisKeyring.id}\nvariables:\n # This example assumes this network already exists.\n # // The API creates a tenant network per network authorized for a\n # // Redis instance and that network is not deleted when the user-created\n # // network (authorized_network) is deleted, so this prevents issues\n # // with tenant network quota.\n # // If this network hasn't been created and you are using this example in your\n # // config, add an additional network resource or change\n # // this from \"data\"to \"resource\"\n redis-network:\n fn::invoke:\n function: gcp:compute:getNetwork\n arguments:\n name: redis-test-network\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInstance can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/instances/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Instance can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:redis/instance:Instance default projects/{{project}}/locations/{{region}}/instances/{{name}}\n```\n\n```sh\n$ pulumi import gcp:redis/instance:Instance default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:redis/instance:Instance default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:redis/instance:Instance default {{name}}\n```\n\n", "properties": { "alternativeLocationId": { "type": "string", @@ -255769,7 +255769,7 @@ } }, "gcp:runtimeconfig/variable:Variable": { - "description": "## Example Usage\n\nExample creating a RuntimeConfig variable.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_runtime_config = new gcp.runtimeconfig.Config(\"my-runtime-config\", {\n name: \"my-service-runtime-config\",\n description: \"Runtime configuration values for my service\",\n});\nconst environment = new gcp.runtimeconfig.Variable(\"environment\", {\n parent: my_runtime_config.name,\n name: \"prod-variables/hostname\",\n text: \"example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_runtime_config = gcp.runtimeconfig.Config(\"my-runtime-config\",\n name=\"my-service-runtime-config\",\n description=\"Runtime configuration values for my service\")\nenvironment = gcp.runtimeconfig.Variable(\"environment\",\n parent=my_runtime_config.name,\n name=\"prod-variables/hostname\",\n text=\"example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_runtime_config = new Gcp.RuntimeConfig.Config(\"my-runtime-config\", new()\n {\n Name = \"my-service-runtime-config\",\n Description = \"Runtime configuration values for my service\",\n });\n\n var environment = new Gcp.RuntimeConfig.Variable(\"environment\", new()\n {\n Parent = my_runtime_config.Name,\n Name = \"prod-variables/hostname\",\n Text = \"example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/runtimeconfig\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := runtimeconfig.NewConfig(ctx, \"my-runtime-config\", \u0026runtimeconfig.ConfigArgs{\n\t\t\tName: pulumi.String(\"my-service-runtime-config\"),\n\t\t\tDescription: pulumi.String(\"Runtime configuration values for my service\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = runtimeconfig.NewVariable(ctx, \"environment\", \u0026runtimeconfig.VariableArgs{\n\t\t\tParent: my_runtime_config.Name,\n\t\t\tName: pulumi.String(\"prod-variables/hostname\"),\n\t\t\tText: pulumi.String(\"example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.runtimeconfig.Config;\nimport com.pulumi.gcp.runtimeconfig.ConfigArgs;\nimport com.pulumi.gcp.runtimeconfig.Variable;\nimport com.pulumi.gcp.runtimeconfig.VariableArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_runtime_config = new Config(\"my-runtime-config\", ConfigArgs.builder()\n .name(\"my-service-runtime-config\")\n .description(\"Runtime configuration values for my service\")\n .build());\n\n var environment = new Variable(\"environment\", VariableArgs.builder()\n .parent(my_runtime_config.name())\n .name(\"prod-variables/hostname\")\n .text(\"example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-runtime-config:\n type: gcp:runtimeconfig:Config\n properties:\n name: my-service-runtime-config\n description: Runtime configuration values for my service\n environment:\n type: gcp:runtimeconfig:Variable\n properties:\n parent: ${[\"my-runtime-config\"].name}\n name: prod-variables/hostname\n text: example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nYou can also encode binary content using the `value` argument instead. The\nvalue must be base64 encoded.\n\nExample of using the `value` argument.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst my_runtime_config = new gcp.runtimeconfig.Config(\"my-runtime-config\", {\n name: \"my-service-runtime-config\",\n description: \"Runtime configuration values for my service\",\n});\nconst my_secret = new gcp.runtimeconfig.Variable(\"my-secret\", {\n parent: my_runtime_config.name,\n name: \"secret\",\n value: std.filebase64({\n input: \"my-encrypted-secret.dat\",\n }).then(invoke =\u003e invoke.result),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nmy_runtime_config = gcp.runtimeconfig.Config(\"my-runtime-config\",\n name=\"my-service-runtime-config\",\n description=\"Runtime configuration values for my service\")\nmy_secret = gcp.runtimeconfig.Variable(\"my-secret\",\n parent=my_runtime_config.name,\n name=\"secret\",\n value=std.filebase64(input=\"my-encrypted-secret.dat\").result)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_runtime_config = new Gcp.RuntimeConfig.Config(\"my-runtime-config\", new()\n {\n Name = \"my-service-runtime-config\",\n Description = \"Runtime configuration values for my service\",\n });\n\n var my_secret = new Gcp.RuntimeConfig.Variable(\"my-secret\", new()\n {\n Parent = my_runtime_config.Name,\n Name = \"secret\",\n Value = Std.Filebase64.Invoke(new()\n {\n Input = \"my-encrypted-secret.dat\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/runtimeconfig\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := runtimeconfig.NewConfig(ctx, \"my-runtime-config\", \u0026runtimeconfig.ConfigArgs{\n\t\t\tName: pulumi.String(\"my-service-runtime-config\"),\n\t\t\tDescription: pulumi.String(\"Runtime configuration values for my service\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFilebase64, err := std.Filebase64(ctx, \u0026std.Filebase64Args{\n\t\t\tInput: \"my-encrypted-secret.dat\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = runtimeconfig.NewVariable(ctx, \"my-secret\", \u0026runtimeconfig.VariableArgs{\n\t\t\tParent: my_runtime_config.Name,\n\t\t\tName: pulumi.String(\"secret\"),\n\t\t\tValue: pulumi.String(invokeFilebase64.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.runtimeconfig.Config;\nimport com.pulumi.gcp.runtimeconfig.ConfigArgs;\nimport com.pulumi.gcp.runtimeconfig.Variable;\nimport com.pulumi.gcp.runtimeconfig.VariableArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_runtime_config = new Config(\"my-runtime-config\", ConfigArgs.builder()\n .name(\"my-service-runtime-config\")\n .description(\"Runtime configuration values for my service\")\n .build());\n\n var my_secret = new Variable(\"my-secret\", VariableArgs.builder()\n .parent(my_runtime_config.name())\n .name(\"secret\")\n .value(StdFunctions.filebase64(Filebase64Args.builder()\n .input(\"my-encrypted-secret.dat\")\n .build()).result())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-runtime-config:\n type: gcp:runtimeconfig:Config\n properties:\n name: my-service-runtime-config\n description: Runtime configuration values for my service\n my-secret:\n type: gcp:runtimeconfig:Variable\n properties:\n parent: ${[\"my-runtime-config\"].name}\n name: secret\n value:\n fn::invoke:\n Function: std:filebase64\n Arguments:\n input: my-encrypted-secret.dat\n Return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRuntime Config Variables can be imported using the `name` or full variable name, e.g.\n\n* `projects/my-gcp-project/configs/{{config_id}}/variables/{{name}}`\n\n* `{{config_id}}/{{name}}`\n\nWhen using the `pulumi import` command, Runtime Config Variables can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:runtimeconfig/variable:Variable default projects/my-gcp-project/configs/{{config_id}}/variables/{{name}}\n```\n\n```sh\n$ pulumi import gcp:runtimeconfig/variable:Variable default {{config_id}}/{{name}}\n```\n\nWhen importing using only the name, the provider project must be set.\n\n", + "description": "## Example Usage\n\nExample creating a RuntimeConfig variable.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_runtime_config = new gcp.runtimeconfig.Config(\"my-runtime-config\", {\n name: \"my-service-runtime-config\",\n description: \"Runtime configuration values for my service\",\n});\nconst environment = new gcp.runtimeconfig.Variable(\"environment\", {\n parent: my_runtime_config.name,\n name: \"prod-variables/hostname\",\n text: \"example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_runtime_config = gcp.runtimeconfig.Config(\"my-runtime-config\",\n name=\"my-service-runtime-config\",\n description=\"Runtime configuration values for my service\")\nenvironment = gcp.runtimeconfig.Variable(\"environment\",\n parent=my_runtime_config.name,\n name=\"prod-variables/hostname\",\n text=\"example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_runtime_config = new Gcp.RuntimeConfig.Config(\"my-runtime-config\", new()\n {\n Name = \"my-service-runtime-config\",\n Description = \"Runtime configuration values for my service\",\n });\n\n var environment = new Gcp.RuntimeConfig.Variable(\"environment\", new()\n {\n Parent = my_runtime_config.Name,\n Name = \"prod-variables/hostname\",\n Text = \"example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/runtimeconfig\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := runtimeconfig.NewConfig(ctx, \"my-runtime-config\", \u0026runtimeconfig.ConfigArgs{\n\t\t\tName: pulumi.String(\"my-service-runtime-config\"),\n\t\t\tDescription: pulumi.String(\"Runtime configuration values for my service\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = runtimeconfig.NewVariable(ctx, \"environment\", \u0026runtimeconfig.VariableArgs{\n\t\t\tParent: my_runtime_config.Name,\n\t\t\tName: pulumi.String(\"prod-variables/hostname\"),\n\t\t\tText: pulumi.String(\"example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.runtimeconfig.Config;\nimport com.pulumi.gcp.runtimeconfig.ConfigArgs;\nimport com.pulumi.gcp.runtimeconfig.Variable;\nimport com.pulumi.gcp.runtimeconfig.VariableArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_runtime_config = new Config(\"my-runtime-config\", ConfigArgs.builder()\n .name(\"my-service-runtime-config\")\n .description(\"Runtime configuration values for my service\")\n .build());\n\n var environment = new Variable(\"environment\", VariableArgs.builder()\n .parent(my_runtime_config.name())\n .name(\"prod-variables/hostname\")\n .text(\"example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-runtime-config:\n type: gcp:runtimeconfig:Config\n properties:\n name: my-service-runtime-config\n description: Runtime configuration values for my service\n environment:\n type: gcp:runtimeconfig:Variable\n properties:\n parent: ${[\"my-runtime-config\"].name}\n name: prod-variables/hostname\n text: example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nYou can also encode binary content using the `value` argument instead. The\nvalue must be base64 encoded.\n\nExample of using the `value` argument.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst my_runtime_config = new gcp.runtimeconfig.Config(\"my-runtime-config\", {\n name: \"my-service-runtime-config\",\n description: \"Runtime configuration values for my service\",\n});\nconst my_secret = new gcp.runtimeconfig.Variable(\"my-secret\", {\n parent: my_runtime_config.name,\n name: \"secret\",\n value: std.filebase64({\n input: \"my-encrypted-secret.dat\",\n }).then(invoke =\u003e invoke.result),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nmy_runtime_config = gcp.runtimeconfig.Config(\"my-runtime-config\",\n name=\"my-service-runtime-config\",\n description=\"Runtime configuration values for my service\")\nmy_secret = gcp.runtimeconfig.Variable(\"my-secret\",\n parent=my_runtime_config.name,\n name=\"secret\",\n value=std.filebase64(input=\"my-encrypted-secret.dat\").result)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_runtime_config = new Gcp.RuntimeConfig.Config(\"my-runtime-config\", new()\n {\n Name = \"my-service-runtime-config\",\n Description = \"Runtime configuration values for my service\",\n });\n\n var my_secret = new Gcp.RuntimeConfig.Variable(\"my-secret\", new()\n {\n Parent = my_runtime_config.Name,\n Name = \"secret\",\n Value = Std.Filebase64.Invoke(new()\n {\n Input = \"my-encrypted-secret.dat\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/runtimeconfig\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := runtimeconfig.NewConfig(ctx, \"my-runtime-config\", \u0026runtimeconfig.ConfigArgs{\n\t\t\tName: pulumi.String(\"my-service-runtime-config\"),\n\t\t\tDescription: pulumi.String(\"Runtime configuration values for my service\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFilebase64, err := std.Filebase64(ctx, \u0026std.Filebase64Args{\n\t\t\tInput: \"my-encrypted-secret.dat\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = runtimeconfig.NewVariable(ctx, \"my-secret\", \u0026runtimeconfig.VariableArgs{\n\t\t\tParent: my_runtime_config.Name,\n\t\t\tName: pulumi.String(\"secret\"),\n\t\t\tValue: pulumi.String(invokeFilebase64.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.runtimeconfig.Config;\nimport com.pulumi.gcp.runtimeconfig.ConfigArgs;\nimport com.pulumi.gcp.runtimeconfig.Variable;\nimport com.pulumi.gcp.runtimeconfig.VariableArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_runtime_config = new Config(\"my-runtime-config\", ConfigArgs.builder()\n .name(\"my-service-runtime-config\")\n .description(\"Runtime configuration values for my service\")\n .build());\n\n var my_secret = new Variable(\"my-secret\", VariableArgs.builder()\n .parent(my_runtime_config.name())\n .name(\"secret\")\n .value(StdFunctions.filebase64(Filebase64Args.builder()\n .input(\"my-encrypted-secret.dat\")\n .build()).result())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-runtime-config:\n type: gcp:runtimeconfig:Config\n properties:\n name: my-service-runtime-config\n description: Runtime configuration values for my service\n my-secret:\n type: gcp:runtimeconfig:Variable\n properties:\n parent: ${[\"my-runtime-config\"].name}\n name: secret\n value:\n fn::invoke:\n function: std:filebase64\n arguments:\n input: my-encrypted-secret.dat\n return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRuntime Config Variables can be imported using the `name` or full variable name, e.g.\n\n* `projects/my-gcp-project/configs/{{config_id}}/variables/{{name}}`\n\n* `{{config_id}}/{{name}}`\n\nWhen using the `pulumi import` command, Runtime Config Variables can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:runtimeconfig/variable:Variable default projects/my-gcp-project/configs/{{config_id}}/variables/{{name}}\n```\n\n```sh\n$ pulumi import gcp:runtimeconfig/variable:Variable default {{config_id}}/{{name}}\n```\n\nWhen importing using only the name, the provider project must be set.\n\n", "properties": { "name": { "type": "string", @@ -255868,7 +255868,7 @@ } }, "gcp:secretmanager/regionalSecret:RegionalSecret": { - "description": "A Regional Secret is a logical secret whose value and versions can be created and accessed within a region only.\n\n\nTo get more information about RegionalSecret, see:\n\n* [API documentation](https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.locations.secrets)\n\n## Example Usage\n\n### Regional Secret Config Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst regional_secret_basic = new gcp.secretmanager.RegionalSecret(\"regional-secret-basic\", {\n secretId: \"tf-reg-secret\",\n location: \"us-central1\",\n labels: {\n label: \"my-label\",\n },\n annotations: {\n key1: \"value1\",\n key2: \"value2\",\n key3: \"value3\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nregional_secret_basic = gcp.secretmanager.RegionalSecret(\"regional-secret-basic\",\n secret_id=\"tf-reg-secret\",\n location=\"us-central1\",\n labels={\n \"label\": \"my-label\",\n },\n annotations={\n \"key1\": \"value1\",\n \"key2\": \"value2\",\n \"key3\": \"value3\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var regional_secret_basic = new Gcp.SecretManager.RegionalSecret(\"regional-secret-basic\", new()\n {\n SecretId = \"tf-reg-secret\",\n Location = \"us-central1\",\n Labels = \n {\n { \"label\", \"my-label\" },\n },\n Annotations = \n {\n { \"key1\", \"value1\" },\n { \"key2\", \"value2\" },\n { \"key3\", \"value3\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecret(ctx, \"regional-secret-basic\", \u0026secretmanager.RegionalSecretArgs{\n\t\t\tSecretId: pulumi.String(\"tf-reg-secret\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label\": pulumi.String(\"my-label\"),\n\t\t\t},\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"key1\": pulumi.String(\"value1\"),\n\t\t\t\t\"key2\": pulumi.String(\"value2\"),\n\t\t\t\t\"key3\": pulumi.String(\"value3\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecret;\nimport com.pulumi.gcp.secretmanager.RegionalSecretArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var regional_secret_basic = new RegionalSecret(\"regional-secret-basic\", RegionalSecretArgs.builder()\n .secretId(\"tf-reg-secret\")\n .location(\"us-central1\")\n .labels(Map.of(\"label\", \"my-label\"))\n .annotations(Map.ofEntries(\n Map.entry(\"key1\", \"value1\"),\n Map.entry(\"key2\", \"value2\"),\n Map.entry(\"key3\", \"value3\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n regional-secret-basic:\n type: gcp:secretmanager:RegionalSecret\n properties:\n secretId: tf-reg-secret\n location: us-central1\n labels:\n label: my-label\n annotations:\n key1: value1\n key2: value2\n key3: value3\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Regional Secret With Cmek\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst kms_secret_binding = new gcp.kms.CryptoKeyIAMMember(\"kms-secret-binding\", {\n cryptoKeyId: \"kms-key\",\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com`),\n});\nconst regional_secret_with_cmek = new gcp.secretmanager.RegionalSecret(\"regional-secret-with-cmek\", {\n secretId: \"tf-reg-secret\",\n location: \"us-central1\",\n customerManagedEncryption: {\n kmsKeyName: \"kms-key\",\n },\n}, {\n dependsOn: [kms_secret_binding],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nkms_secret_binding = gcp.kms.CryptoKeyIAMMember(\"kms-secret-binding\",\n crypto_key_id=\"kms-key\",\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com\")\nregional_secret_with_cmek = gcp.secretmanager.RegionalSecret(\"regional-secret-with-cmek\",\n secret_id=\"tf-reg-secret\",\n location=\"us-central1\",\n customer_managed_encryption={\n \"kms_key_name\": \"kms-key\",\n },\n opts = pulumi.ResourceOptions(depends_on=[kms_secret_binding]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var kms_secret_binding = new Gcp.Kms.CryptoKeyIAMMember(\"kms-secret-binding\", new()\n {\n CryptoKeyId = \"kms-key\",\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-secretmanager.iam.gserviceaccount.com\",\n });\n\n var regional_secret_with_cmek = new Gcp.SecretManager.RegionalSecret(\"regional-secret-with-cmek\", new()\n {\n SecretId = \"tf-reg-secret\",\n Location = \"us-central1\",\n CustomerManagedEncryption = new Gcp.SecretManager.Inputs.RegionalSecretCustomerManagedEncryptionArgs\n {\n KmsKeyName = \"kms-key\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n kms_secret_binding,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewCryptoKeyIAMMember(ctx, \"kms-secret-binding\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.String(\"kms-key\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-secretmanager.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecret(ctx, \"regional-secret-with-cmek\", \u0026secretmanager.RegionalSecretArgs{\n\t\t\tSecretId: pulumi.String(\"tf-reg-secret\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tCustomerManagedEncryption: \u0026secretmanager.RegionalSecretCustomerManagedEncryptionArgs{\n\t\t\t\tKmsKeyName: pulumi.String(\"kms-key\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tkms_secret_binding,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecret;\nimport com.pulumi.gcp.secretmanager.RegionalSecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.RegionalSecretCustomerManagedEncryptionArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var kms_secret_binding = new CryptoKeyIAMMember(\"kms-secret-binding\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(\"kms-key\")\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-secretmanager.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var regional_secret_with_cmek = new RegionalSecret(\"regional-secret-with-cmek\", RegionalSecretArgs.builder()\n .secretId(\"tf-reg-secret\")\n .location(\"us-central1\")\n .customerManagedEncryption(RegionalSecretCustomerManagedEncryptionArgs.builder()\n .kmsKeyName(\"kms-key\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(kms_secret_binding)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n kms-secret-binding:\n type: gcp:kms:CryptoKeyIAMMember\n properties:\n cryptoKeyId: kms-key\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:service-${project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com\n regional-secret-with-cmek:\n type: gcp:secretmanager:RegionalSecret\n properties:\n secretId: tf-reg-secret\n location: us-central1\n customerManagedEncryption:\n kmsKeyName: kms-key\n options:\n dependson:\n - ${[\"kms-secret-binding\"]}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Regional Secret With Rotation\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst topic = new gcp.pubsub.Topic(\"topic\", {name: \"tf-topic\"});\nconst secretsManagerAccess = new gcp.pubsub.TopicIAMMember(\"secrets_manager_access\", {\n topic: topic.name,\n role: \"roles/pubsub.publisher\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com`),\n});\nconst regional_secret_with_rotation = new gcp.secretmanager.RegionalSecret(\"regional-secret-with-rotation\", {\n secretId: \"tf-reg-secret\",\n location: \"us-central1\",\n topics: [{\n name: topic.id,\n }],\n rotation: {\n rotationPeriod: \"3600s\",\n nextRotationTime: \"2045-11-30T00:00:00Z\",\n },\n}, {\n dependsOn: [secretsManagerAccess],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ntopic = gcp.pubsub.Topic(\"topic\", name=\"tf-topic\")\nsecrets_manager_access = gcp.pubsub.TopicIAMMember(\"secrets_manager_access\",\n topic=topic.name,\n role=\"roles/pubsub.publisher\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com\")\nregional_secret_with_rotation = gcp.secretmanager.RegionalSecret(\"regional-secret-with-rotation\",\n secret_id=\"tf-reg-secret\",\n location=\"us-central1\",\n topics=[{\n \"name\": topic.id,\n }],\n rotation={\n \"rotation_period\": \"3600s\",\n \"next_rotation_time\": \"2045-11-30T00:00:00Z\",\n },\n opts = pulumi.ResourceOptions(depends_on=[secrets_manager_access]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var topic = new Gcp.PubSub.Topic(\"topic\", new()\n {\n Name = \"tf-topic\",\n });\n\n var secretsManagerAccess = new Gcp.PubSub.TopicIAMMember(\"secrets_manager_access\", new()\n {\n Topic = topic.Name,\n Role = \"roles/pubsub.publisher\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-secretmanager.iam.gserviceaccount.com\",\n });\n\n var regional_secret_with_rotation = new Gcp.SecretManager.RegionalSecret(\"regional-secret-with-rotation\", new()\n {\n SecretId = \"tf-reg-secret\",\n Location = \"us-central1\",\n Topics = new[]\n {\n new Gcp.SecretManager.Inputs.RegionalSecretTopicArgs\n {\n Name = topic.Id,\n },\n },\n Rotation = new Gcp.SecretManager.Inputs.RegionalSecretRotationArgs\n {\n RotationPeriod = \"3600s\",\n NextRotationTime = \"2045-11-30T00:00:00Z\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n secretsManagerAccess,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttopic, err := pubsub.NewTopic(ctx, \"topic\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"tf-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecretsManagerAccess, err := pubsub.NewTopicIAMMember(ctx, \"secrets_manager_access\", \u0026pubsub.TopicIAMMemberArgs{\n\t\t\tTopic: topic.Name,\n\t\t\tRole: pulumi.String(\"roles/pubsub.publisher\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-secretmanager.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecret(ctx, \"regional-secret-with-rotation\", \u0026secretmanager.RegionalSecretArgs{\n\t\t\tSecretId: pulumi.String(\"tf-reg-secret\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTopics: secretmanager.RegionalSecretTopicArray{\n\t\t\t\t\u0026secretmanager.RegionalSecretTopicArgs{\n\t\t\t\t\tName: topic.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tRotation: \u0026secretmanager.RegionalSecretRotationArgs{\n\t\t\t\tRotationPeriod: pulumi.String(\"3600s\"),\n\t\t\t\tNextRotationTime: pulumi.String(\"2045-11-30T00:00:00Z\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsecretsManagerAccess,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMMember;\nimport com.pulumi.gcp.pubsub.TopicIAMMemberArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecret;\nimport com.pulumi.gcp.secretmanager.RegionalSecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.RegionalSecretTopicArgs;\nimport com.pulumi.gcp.secretmanager.inputs.RegionalSecretRotationArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var topic = new Topic(\"topic\", TopicArgs.builder()\n .name(\"tf-topic\")\n .build());\n\n var secretsManagerAccess = new TopicIAMMember(\"secretsManagerAccess\", TopicIAMMemberArgs.builder()\n .topic(topic.name())\n .role(\"roles/pubsub.publisher\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-secretmanager.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var regional_secret_with_rotation = new RegionalSecret(\"regional-secret-with-rotation\", RegionalSecretArgs.builder()\n .secretId(\"tf-reg-secret\")\n .location(\"us-central1\")\n .topics(RegionalSecretTopicArgs.builder()\n .name(topic.id())\n .build())\n .rotation(RegionalSecretRotationArgs.builder()\n .rotationPeriod(\"3600s\")\n .nextRotationTime(\"2045-11-30T00:00:00Z\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(secretsManagerAccess)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n topic:\n type: gcp:pubsub:Topic\n properties:\n name: tf-topic\n secretsManagerAccess:\n type: gcp:pubsub:TopicIAMMember\n name: secrets_manager_access\n properties:\n topic: ${topic.name}\n role: roles/pubsub.publisher\n member: serviceAccount:service-${project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com\n regional-secret-with-rotation:\n type: gcp:secretmanager:RegionalSecret\n properties:\n secretId: tf-reg-secret\n location: us-central1\n topics:\n - name: ${topic.id}\n rotation:\n rotationPeriod: 3600s\n nextRotationTime: 2045-11-30T00:00:00Z\n options:\n dependson:\n - ${secretsManagerAccess}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Regional Secret With Ttl\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst regional_secret_with_ttl = new gcp.secretmanager.RegionalSecret(\"regional-secret-with-ttl\", {\n secretId: \"tf-reg-secret\",\n location: \"us-central1\",\n labels: {\n label: \"my-label\",\n },\n annotations: {\n key1: \"value1\",\n key2: \"value2\",\n key3: \"value3\",\n },\n ttl: \"36000s\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nregional_secret_with_ttl = gcp.secretmanager.RegionalSecret(\"regional-secret-with-ttl\",\n secret_id=\"tf-reg-secret\",\n location=\"us-central1\",\n labels={\n \"label\": \"my-label\",\n },\n annotations={\n \"key1\": \"value1\",\n \"key2\": \"value2\",\n \"key3\": \"value3\",\n },\n ttl=\"36000s\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var regional_secret_with_ttl = new Gcp.SecretManager.RegionalSecret(\"regional-secret-with-ttl\", new()\n {\n SecretId = \"tf-reg-secret\",\n Location = \"us-central1\",\n Labels = \n {\n { \"label\", \"my-label\" },\n },\n Annotations = \n {\n { \"key1\", \"value1\" },\n { \"key2\", \"value2\" },\n { \"key3\", \"value3\" },\n },\n Ttl = \"36000s\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecret(ctx, \"regional-secret-with-ttl\", \u0026secretmanager.RegionalSecretArgs{\n\t\t\tSecretId: pulumi.String(\"tf-reg-secret\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label\": pulumi.String(\"my-label\"),\n\t\t\t},\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"key1\": pulumi.String(\"value1\"),\n\t\t\t\t\"key2\": pulumi.String(\"value2\"),\n\t\t\t\t\"key3\": pulumi.String(\"value3\"),\n\t\t\t},\n\t\t\tTtl: pulumi.String(\"36000s\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecret;\nimport com.pulumi.gcp.secretmanager.RegionalSecretArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var regional_secret_with_ttl = new RegionalSecret(\"regional-secret-with-ttl\", RegionalSecretArgs.builder()\n .secretId(\"tf-reg-secret\")\n .location(\"us-central1\")\n .labels(Map.of(\"label\", \"my-label\"))\n .annotations(Map.ofEntries(\n Map.entry(\"key1\", \"value1\"),\n Map.entry(\"key2\", \"value2\"),\n Map.entry(\"key3\", \"value3\")\n ))\n .ttl(\"36000s\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n regional-secret-with-ttl:\n type: gcp:secretmanager:RegionalSecret\n properties:\n secretId: tf-reg-secret\n location: us-central1\n labels:\n label: my-label\n annotations:\n key1: value1\n key2: value2\n key3: value3\n ttl: 36000s\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Regional Secret With Expire Time\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst regional_secret_with_expire_time = new gcp.secretmanager.RegionalSecret(\"regional-secret-with-expire-time\", {\n secretId: \"tf-reg-secret\",\n location: \"us-central1\",\n labels: {\n label: \"my-label\",\n },\n annotations: {\n key1: \"value1\",\n key2: \"value2\",\n key3: \"value3\",\n },\n expireTime: \"2055-11-30T00:00:00Z\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nregional_secret_with_expire_time = gcp.secretmanager.RegionalSecret(\"regional-secret-with-expire-time\",\n secret_id=\"tf-reg-secret\",\n location=\"us-central1\",\n labels={\n \"label\": \"my-label\",\n },\n annotations={\n \"key1\": \"value1\",\n \"key2\": \"value2\",\n \"key3\": \"value3\",\n },\n expire_time=\"2055-11-30T00:00:00Z\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var regional_secret_with_expire_time = new Gcp.SecretManager.RegionalSecret(\"regional-secret-with-expire-time\", new()\n {\n SecretId = \"tf-reg-secret\",\n Location = \"us-central1\",\n Labels = \n {\n { \"label\", \"my-label\" },\n },\n Annotations = \n {\n { \"key1\", \"value1\" },\n { \"key2\", \"value2\" },\n { \"key3\", \"value3\" },\n },\n ExpireTime = \"2055-11-30T00:00:00Z\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecret(ctx, \"regional-secret-with-expire-time\", \u0026secretmanager.RegionalSecretArgs{\n\t\t\tSecretId: pulumi.String(\"tf-reg-secret\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label\": pulumi.String(\"my-label\"),\n\t\t\t},\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"key1\": pulumi.String(\"value1\"),\n\t\t\t\t\"key2\": pulumi.String(\"value2\"),\n\t\t\t\t\"key3\": pulumi.String(\"value3\"),\n\t\t\t},\n\t\t\tExpireTime: pulumi.String(\"2055-11-30T00:00:00Z\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecret;\nimport com.pulumi.gcp.secretmanager.RegionalSecretArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var regional_secret_with_expire_time = new RegionalSecret(\"regional-secret-with-expire-time\", RegionalSecretArgs.builder()\n .secretId(\"tf-reg-secret\")\n .location(\"us-central1\")\n .labels(Map.of(\"label\", \"my-label\"))\n .annotations(Map.ofEntries(\n Map.entry(\"key1\", \"value1\"),\n Map.entry(\"key2\", \"value2\"),\n Map.entry(\"key3\", \"value3\")\n ))\n .expireTime(\"2055-11-30T00:00:00Z\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n regional-secret-with-expire-time:\n type: gcp:secretmanager:RegionalSecret\n properties:\n secretId: tf-reg-secret\n location: us-central1\n labels:\n label: my-label\n annotations:\n key1: value1\n key2: value2\n key3: value3\n expireTime: 2055-11-30T00:00:00Z\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Regional Secret With Version Destroy Ttl\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst regional_secret_with_version_destroy_ttl = new gcp.secretmanager.RegionalSecret(\"regional-secret-with-version-destroy-ttl\", {\n secretId: \"tf-reg-secret\",\n location: \"us-central1\",\n labels: {\n label: \"my-label\",\n },\n annotations: {\n key1: \"value1\",\n key2: \"value2\",\n key3: \"value3\",\n },\n versionDestroyTtl: \"86400s\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nregional_secret_with_version_destroy_ttl = gcp.secretmanager.RegionalSecret(\"regional-secret-with-version-destroy-ttl\",\n secret_id=\"tf-reg-secret\",\n location=\"us-central1\",\n labels={\n \"label\": \"my-label\",\n },\n annotations={\n \"key1\": \"value1\",\n \"key2\": \"value2\",\n \"key3\": \"value3\",\n },\n version_destroy_ttl=\"86400s\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var regional_secret_with_version_destroy_ttl = new Gcp.SecretManager.RegionalSecret(\"regional-secret-with-version-destroy-ttl\", new()\n {\n SecretId = \"tf-reg-secret\",\n Location = \"us-central1\",\n Labels = \n {\n { \"label\", \"my-label\" },\n },\n Annotations = \n {\n { \"key1\", \"value1\" },\n { \"key2\", \"value2\" },\n { \"key3\", \"value3\" },\n },\n VersionDestroyTtl = \"86400s\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecret(ctx, \"regional-secret-with-version-destroy-ttl\", \u0026secretmanager.RegionalSecretArgs{\n\t\t\tSecretId: pulumi.String(\"tf-reg-secret\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label\": pulumi.String(\"my-label\"),\n\t\t\t},\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"key1\": pulumi.String(\"value1\"),\n\t\t\t\t\"key2\": pulumi.String(\"value2\"),\n\t\t\t\t\"key3\": pulumi.String(\"value3\"),\n\t\t\t},\n\t\t\tVersionDestroyTtl: pulumi.String(\"86400s\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecret;\nimport com.pulumi.gcp.secretmanager.RegionalSecretArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var regional_secret_with_version_destroy_ttl = new RegionalSecret(\"regional-secret-with-version-destroy-ttl\", RegionalSecretArgs.builder()\n .secretId(\"tf-reg-secret\")\n .location(\"us-central1\")\n .labels(Map.of(\"label\", \"my-label\"))\n .annotations(Map.ofEntries(\n Map.entry(\"key1\", \"value1\"),\n Map.entry(\"key2\", \"value2\"),\n Map.entry(\"key3\", \"value3\")\n ))\n .versionDestroyTtl(\"86400s\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n regional-secret-with-version-destroy-ttl:\n type: gcp:secretmanager:RegionalSecret\n properties:\n secretId: tf-reg-secret\n location: us-central1\n labels:\n label: my-label\n annotations:\n key1: value1\n key2: value2\n key3: value3\n versionDestroyTtl: 86400s\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRegionalSecret can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/secrets/{{secret_id}}`\n\n* `{{project}}/{{location}}/{{secret_id}}`\n\n* `{{location}}/{{secret_id}}`\n\nWhen using the `pulumi import` command, RegionalSecret can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:secretmanager/regionalSecret:RegionalSecret default projects/{{project}}/locations/{{location}}/secrets/{{secret_id}}\n```\n\n```sh\n$ pulumi import gcp:secretmanager/regionalSecret:RegionalSecret default {{project}}/{{location}}/{{secret_id}}\n```\n\n```sh\n$ pulumi import gcp:secretmanager/regionalSecret:RegionalSecret default {{location}}/{{secret_id}}\n```\n\n", + "description": "A Regional Secret is a logical secret whose value and versions can be created and accessed within a region only.\n\n\nTo get more information about RegionalSecret, see:\n\n* [API documentation](https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.locations.secrets)\n\n## Example Usage\n\n### Regional Secret Config Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst regional_secret_basic = new gcp.secretmanager.RegionalSecret(\"regional-secret-basic\", {\n secretId: \"tf-reg-secret\",\n location: \"us-central1\",\n labels: {\n label: \"my-label\",\n },\n annotations: {\n key1: \"value1\",\n key2: \"value2\",\n key3: \"value3\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nregional_secret_basic = gcp.secretmanager.RegionalSecret(\"regional-secret-basic\",\n secret_id=\"tf-reg-secret\",\n location=\"us-central1\",\n labels={\n \"label\": \"my-label\",\n },\n annotations={\n \"key1\": \"value1\",\n \"key2\": \"value2\",\n \"key3\": \"value3\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var regional_secret_basic = new Gcp.SecretManager.RegionalSecret(\"regional-secret-basic\", new()\n {\n SecretId = \"tf-reg-secret\",\n Location = \"us-central1\",\n Labels = \n {\n { \"label\", \"my-label\" },\n },\n Annotations = \n {\n { \"key1\", \"value1\" },\n { \"key2\", \"value2\" },\n { \"key3\", \"value3\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecret(ctx, \"regional-secret-basic\", \u0026secretmanager.RegionalSecretArgs{\n\t\t\tSecretId: pulumi.String(\"tf-reg-secret\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label\": pulumi.String(\"my-label\"),\n\t\t\t},\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"key1\": pulumi.String(\"value1\"),\n\t\t\t\t\"key2\": pulumi.String(\"value2\"),\n\t\t\t\t\"key3\": pulumi.String(\"value3\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecret;\nimport com.pulumi.gcp.secretmanager.RegionalSecretArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var regional_secret_basic = new RegionalSecret(\"regional-secret-basic\", RegionalSecretArgs.builder()\n .secretId(\"tf-reg-secret\")\n .location(\"us-central1\")\n .labels(Map.of(\"label\", \"my-label\"))\n .annotations(Map.ofEntries(\n Map.entry(\"key1\", \"value1\"),\n Map.entry(\"key2\", \"value2\"),\n Map.entry(\"key3\", \"value3\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n regional-secret-basic:\n type: gcp:secretmanager:RegionalSecret\n properties:\n secretId: tf-reg-secret\n location: us-central1\n labels:\n label: my-label\n annotations:\n key1: value1\n key2: value2\n key3: value3\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Regional Secret With Cmek\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst kms_secret_binding = new gcp.kms.CryptoKeyIAMMember(\"kms-secret-binding\", {\n cryptoKeyId: \"kms-key\",\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com`),\n});\nconst regional_secret_with_cmek = new gcp.secretmanager.RegionalSecret(\"regional-secret-with-cmek\", {\n secretId: \"tf-reg-secret\",\n location: \"us-central1\",\n customerManagedEncryption: {\n kmsKeyName: \"kms-key\",\n },\n}, {\n dependsOn: [kms_secret_binding],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nkms_secret_binding = gcp.kms.CryptoKeyIAMMember(\"kms-secret-binding\",\n crypto_key_id=\"kms-key\",\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com\")\nregional_secret_with_cmek = gcp.secretmanager.RegionalSecret(\"regional-secret-with-cmek\",\n secret_id=\"tf-reg-secret\",\n location=\"us-central1\",\n customer_managed_encryption={\n \"kms_key_name\": \"kms-key\",\n },\n opts = pulumi.ResourceOptions(depends_on=[kms_secret_binding]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var kms_secret_binding = new Gcp.Kms.CryptoKeyIAMMember(\"kms-secret-binding\", new()\n {\n CryptoKeyId = \"kms-key\",\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-secretmanager.iam.gserviceaccount.com\",\n });\n\n var regional_secret_with_cmek = new Gcp.SecretManager.RegionalSecret(\"regional-secret-with-cmek\", new()\n {\n SecretId = \"tf-reg-secret\",\n Location = \"us-central1\",\n CustomerManagedEncryption = new Gcp.SecretManager.Inputs.RegionalSecretCustomerManagedEncryptionArgs\n {\n KmsKeyName = \"kms-key\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n kms_secret_binding,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewCryptoKeyIAMMember(ctx, \"kms-secret-binding\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.String(\"kms-key\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-secretmanager.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecret(ctx, \"regional-secret-with-cmek\", \u0026secretmanager.RegionalSecretArgs{\n\t\t\tSecretId: pulumi.String(\"tf-reg-secret\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tCustomerManagedEncryption: \u0026secretmanager.RegionalSecretCustomerManagedEncryptionArgs{\n\t\t\t\tKmsKeyName: pulumi.String(\"kms-key\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tkms_secret_binding,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecret;\nimport com.pulumi.gcp.secretmanager.RegionalSecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.RegionalSecretCustomerManagedEncryptionArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var kms_secret_binding = new CryptoKeyIAMMember(\"kms-secret-binding\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(\"kms-key\")\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-secretmanager.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var regional_secret_with_cmek = new RegionalSecret(\"regional-secret-with-cmek\", RegionalSecretArgs.builder()\n .secretId(\"tf-reg-secret\")\n .location(\"us-central1\")\n .customerManagedEncryption(RegionalSecretCustomerManagedEncryptionArgs.builder()\n .kmsKeyName(\"kms-key\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(kms_secret_binding)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n kms-secret-binding:\n type: gcp:kms:CryptoKeyIAMMember\n properties:\n cryptoKeyId: kms-key\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:service-${project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com\n regional-secret-with-cmek:\n type: gcp:secretmanager:RegionalSecret\n properties:\n secretId: tf-reg-secret\n location: us-central1\n customerManagedEncryption:\n kmsKeyName: kms-key\n options:\n dependsOn:\n - ${[\"kms-secret-binding\"]}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Regional Secret With Rotation\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst topic = new gcp.pubsub.Topic(\"topic\", {name: \"tf-topic\"});\nconst secretsManagerAccess = new gcp.pubsub.TopicIAMMember(\"secrets_manager_access\", {\n topic: topic.name,\n role: \"roles/pubsub.publisher\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com`),\n});\nconst regional_secret_with_rotation = new gcp.secretmanager.RegionalSecret(\"regional-secret-with-rotation\", {\n secretId: \"tf-reg-secret\",\n location: \"us-central1\",\n topics: [{\n name: topic.id,\n }],\n rotation: {\n rotationPeriod: \"3600s\",\n nextRotationTime: \"2045-11-30T00:00:00Z\",\n },\n}, {\n dependsOn: [secretsManagerAccess],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ntopic = gcp.pubsub.Topic(\"topic\", name=\"tf-topic\")\nsecrets_manager_access = gcp.pubsub.TopicIAMMember(\"secrets_manager_access\",\n topic=topic.name,\n role=\"roles/pubsub.publisher\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com\")\nregional_secret_with_rotation = gcp.secretmanager.RegionalSecret(\"regional-secret-with-rotation\",\n secret_id=\"tf-reg-secret\",\n location=\"us-central1\",\n topics=[{\n \"name\": topic.id,\n }],\n rotation={\n \"rotation_period\": \"3600s\",\n \"next_rotation_time\": \"2045-11-30T00:00:00Z\",\n },\n opts = pulumi.ResourceOptions(depends_on=[secrets_manager_access]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var topic = new Gcp.PubSub.Topic(\"topic\", new()\n {\n Name = \"tf-topic\",\n });\n\n var secretsManagerAccess = new Gcp.PubSub.TopicIAMMember(\"secrets_manager_access\", new()\n {\n Topic = topic.Name,\n Role = \"roles/pubsub.publisher\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-secretmanager.iam.gserviceaccount.com\",\n });\n\n var regional_secret_with_rotation = new Gcp.SecretManager.RegionalSecret(\"regional-secret-with-rotation\", new()\n {\n SecretId = \"tf-reg-secret\",\n Location = \"us-central1\",\n Topics = new[]\n {\n new Gcp.SecretManager.Inputs.RegionalSecretTopicArgs\n {\n Name = topic.Id,\n },\n },\n Rotation = new Gcp.SecretManager.Inputs.RegionalSecretRotationArgs\n {\n RotationPeriod = \"3600s\",\n NextRotationTime = \"2045-11-30T00:00:00Z\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n secretsManagerAccess,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttopic, err := pubsub.NewTopic(ctx, \"topic\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"tf-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecretsManagerAccess, err := pubsub.NewTopicIAMMember(ctx, \"secrets_manager_access\", \u0026pubsub.TopicIAMMemberArgs{\n\t\t\tTopic: topic.Name,\n\t\t\tRole: pulumi.String(\"roles/pubsub.publisher\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-secretmanager.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecret(ctx, \"regional-secret-with-rotation\", \u0026secretmanager.RegionalSecretArgs{\n\t\t\tSecretId: pulumi.String(\"tf-reg-secret\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTopics: secretmanager.RegionalSecretTopicArray{\n\t\t\t\t\u0026secretmanager.RegionalSecretTopicArgs{\n\t\t\t\t\tName: topic.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tRotation: \u0026secretmanager.RegionalSecretRotationArgs{\n\t\t\t\tRotationPeriod: pulumi.String(\"3600s\"),\n\t\t\t\tNextRotationTime: pulumi.String(\"2045-11-30T00:00:00Z\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsecretsManagerAccess,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMMember;\nimport com.pulumi.gcp.pubsub.TopicIAMMemberArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecret;\nimport com.pulumi.gcp.secretmanager.RegionalSecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.RegionalSecretTopicArgs;\nimport com.pulumi.gcp.secretmanager.inputs.RegionalSecretRotationArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var topic = new Topic(\"topic\", TopicArgs.builder()\n .name(\"tf-topic\")\n .build());\n\n var secretsManagerAccess = new TopicIAMMember(\"secretsManagerAccess\", TopicIAMMemberArgs.builder()\n .topic(topic.name())\n .role(\"roles/pubsub.publisher\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-secretmanager.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var regional_secret_with_rotation = new RegionalSecret(\"regional-secret-with-rotation\", RegionalSecretArgs.builder()\n .secretId(\"tf-reg-secret\")\n .location(\"us-central1\")\n .topics(RegionalSecretTopicArgs.builder()\n .name(topic.id())\n .build())\n .rotation(RegionalSecretRotationArgs.builder()\n .rotationPeriod(\"3600s\")\n .nextRotationTime(\"2045-11-30T00:00:00Z\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(secretsManagerAccess)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n topic:\n type: gcp:pubsub:Topic\n properties:\n name: tf-topic\n secretsManagerAccess:\n type: gcp:pubsub:TopicIAMMember\n name: secrets_manager_access\n properties:\n topic: ${topic.name}\n role: roles/pubsub.publisher\n member: serviceAccount:service-${project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com\n regional-secret-with-rotation:\n type: gcp:secretmanager:RegionalSecret\n properties:\n secretId: tf-reg-secret\n location: us-central1\n topics:\n - name: ${topic.id}\n rotation:\n rotationPeriod: 3600s\n nextRotationTime: 2045-11-30T00:00:00Z\n options:\n dependsOn:\n - ${secretsManagerAccess}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Regional Secret With Ttl\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst regional_secret_with_ttl = new gcp.secretmanager.RegionalSecret(\"regional-secret-with-ttl\", {\n secretId: \"tf-reg-secret\",\n location: \"us-central1\",\n labels: {\n label: \"my-label\",\n },\n annotations: {\n key1: \"value1\",\n key2: \"value2\",\n key3: \"value3\",\n },\n ttl: \"36000s\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nregional_secret_with_ttl = gcp.secretmanager.RegionalSecret(\"regional-secret-with-ttl\",\n secret_id=\"tf-reg-secret\",\n location=\"us-central1\",\n labels={\n \"label\": \"my-label\",\n },\n annotations={\n \"key1\": \"value1\",\n \"key2\": \"value2\",\n \"key3\": \"value3\",\n },\n ttl=\"36000s\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var regional_secret_with_ttl = new Gcp.SecretManager.RegionalSecret(\"regional-secret-with-ttl\", new()\n {\n SecretId = \"tf-reg-secret\",\n Location = \"us-central1\",\n Labels = \n {\n { \"label\", \"my-label\" },\n },\n Annotations = \n {\n { \"key1\", \"value1\" },\n { \"key2\", \"value2\" },\n { \"key3\", \"value3\" },\n },\n Ttl = \"36000s\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecret(ctx, \"regional-secret-with-ttl\", \u0026secretmanager.RegionalSecretArgs{\n\t\t\tSecretId: pulumi.String(\"tf-reg-secret\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label\": pulumi.String(\"my-label\"),\n\t\t\t},\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"key1\": pulumi.String(\"value1\"),\n\t\t\t\t\"key2\": pulumi.String(\"value2\"),\n\t\t\t\t\"key3\": pulumi.String(\"value3\"),\n\t\t\t},\n\t\t\tTtl: pulumi.String(\"36000s\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecret;\nimport com.pulumi.gcp.secretmanager.RegionalSecretArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var regional_secret_with_ttl = new RegionalSecret(\"regional-secret-with-ttl\", RegionalSecretArgs.builder()\n .secretId(\"tf-reg-secret\")\n .location(\"us-central1\")\n .labels(Map.of(\"label\", \"my-label\"))\n .annotations(Map.ofEntries(\n Map.entry(\"key1\", \"value1\"),\n Map.entry(\"key2\", \"value2\"),\n Map.entry(\"key3\", \"value3\")\n ))\n .ttl(\"36000s\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n regional-secret-with-ttl:\n type: gcp:secretmanager:RegionalSecret\n properties:\n secretId: tf-reg-secret\n location: us-central1\n labels:\n label: my-label\n annotations:\n key1: value1\n key2: value2\n key3: value3\n ttl: 36000s\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Regional Secret With Expire Time\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst regional_secret_with_expire_time = new gcp.secretmanager.RegionalSecret(\"regional-secret-with-expire-time\", {\n secretId: \"tf-reg-secret\",\n location: \"us-central1\",\n labels: {\n label: \"my-label\",\n },\n annotations: {\n key1: \"value1\",\n key2: \"value2\",\n key3: \"value3\",\n },\n expireTime: \"2055-11-30T00:00:00Z\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nregional_secret_with_expire_time = gcp.secretmanager.RegionalSecret(\"regional-secret-with-expire-time\",\n secret_id=\"tf-reg-secret\",\n location=\"us-central1\",\n labels={\n \"label\": \"my-label\",\n },\n annotations={\n \"key1\": \"value1\",\n \"key2\": \"value2\",\n \"key3\": \"value3\",\n },\n expire_time=\"2055-11-30T00:00:00Z\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var regional_secret_with_expire_time = new Gcp.SecretManager.RegionalSecret(\"regional-secret-with-expire-time\", new()\n {\n SecretId = \"tf-reg-secret\",\n Location = \"us-central1\",\n Labels = \n {\n { \"label\", \"my-label\" },\n },\n Annotations = \n {\n { \"key1\", \"value1\" },\n { \"key2\", \"value2\" },\n { \"key3\", \"value3\" },\n },\n ExpireTime = \"2055-11-30T00:00:00Z\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecret(ctx, \"regional-secret-with-expire-time\", \u0026secretmanager.RegionalSecretArgs{\n\t\t\tSecretId: pulumi.String(\"tf-reg-secret\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label\": pulumi.String(\"my-label\"),\n\t\t\t},\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"key1\": pulumi.String(\"value1\"),\n\t\t\t\t\"key2\": pulumi.String(\"value2\"),\n\t\t\t\t\"key3\": pulumi.String(\"value3\"),\n\t\t\t},\n\t\t\tExpireTime: pulumi.String(\"2055-11-30T00:00:00Z\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecret;\nimport com.pulumi.gcp.secretmanager.RegionalSecretArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var regional_secret_with_expire_time = new RegionalSecret(\"regional-secret-with-expire-time\", RegionalSecretArgs.builder()\n .secretId(\"tf-reg-secret\")\n .location(\"us-central1\")\n .labels(Map.of(\"label\", \"my-label\"))\n .annotations(Map.ofEntries(\n Map.entry(\"key1\", \"value1\"),\n Map.entry(\"key2\", \"value2\"),\n Map.entry(\"key3\", \"value3\")\n ))\n .expireTime(\"2055-11-30T00:00:00Z\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n regional-secret-with-expire-time:\n type: gcp:secretmanager:RegionalSecret\n properties:\n secretId: tf-reg-secret\n location: us-central1\n labels:\n label: my-label\n annotations:\n key1: value1\n key2: value2\n key3: value3\n expireTime: 2055-11-30T00:00:00Z\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Regional Secret With Version Destroy Ttl\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst regional_secret_with_version_destroy_ttl = new gcp.secretmanager.RegionalSecret(\"regional-secret-with-version-destroy-ttl\", {\n secretId: \"tf-reg-secret\",\n location: \"us-central1\",\n labels: {\n label: \"my-label\",\n },\n annotations: {\n key1: \"value1\",\n key2: \"value2\",\n key3: \"value3\",\n },\n versionDestroyTtl: \"86400s\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nregional_secret_with_version_destroy_ttl = gcp.secretmanager.RegionalSecret(\"regional-secret-with-version-destroy-ttl\",\n secret_id=\"tf-reg-secret\",\n location=\"us-central1\",\n labels={\n \"label\": \"my-label\",\n },\n annotations={\n \"key1\": \"value1\",\n \"key2\": \"value2\",\n \"key3\": \"value3\",\n },\n version_destroy_ttl=\"86400s\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var regional_secret_with_version_destroy_ttl = new Gcp.SecretManager.RegionalSecret(\"regional-secret-with-version-destroy-ttl\", new()\n {\n SecretId = \"tf-reg-secret\",\n Location = \"us-central1\",\n Labels = \n {\n { \"label\", \"my-label\" },\n },\n Annotations = \n {\n { \"key1\", \"value1\" },\n { \"key2\", \"value2\" },\n { \"key3\", \"value3\" },\n },\n VersionDestroyTtl = \"86400s\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecret(ctx, \"regional-secret-with-version-destroy-ttl\", \u0026secretmanager.RegionalSecretArgs{\n\t\t\tSecretId: pulumi.String(\"tf-reg-secret\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label\": pulumi.String(\"my-label\"),\n\t\t\t},\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"key1\": pulumi.String(\"value1\"),\n\t\t\t\t\"key2\": pulumi.String(\"value2\"),\n\t\t\t\t\"key3\": pulumi.String(\"value3\"),\n\t\t\t},\n\t\t\tVersionDestroyTtl: pulumi.String(\"86400s\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecret;\nimport com.pulumi.gcp.secretmanager.RegionalSecretArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var regional_secret_with_version_destroy_ttl = new RegionalSecret(\"regional-secret-with-version-destroy-ttl\", RegionalSecretArgs.builder()\n .secretId(\"tf-reg-secret\")\n .location(\"us-central1\")\n .labels(Map.of(\"label\", \"my-label\"))\n .annotations(Map.ofEntries(\n Map.entry(\"key1\", \"value1\"),\n Map.entry(\"key2\", \"value2\"),\n Map.entry(\"key3\", \"value3\")\n ))\n .versionDestroyTtl(\"86400s\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n regional-secret-with-version-destroy-ttl:\n type: gcp:secretmanager:RegionalSecret\n properties:\n secretId: tf-reg-secret\n location: us-central1\n labels:\n label: my-label\n annotations:\n key1: value1\n key2: value2\n key3: value3\n versionDestroyTtl: 86400s\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRegionalSecret can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/secrets/{{secret_id}}`\n\n* `{{project}}/{{location}}/{{secret_id}}`\n\n* `{{location}}/{{secret_id}}`\n\nWhen using the `pulumi import` command, RegionalSecret can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:secretmanager/regionalSecret:RegionalSecret default projects/{{project}}/locations/{{location}}/secrets/{{secret_id}}\n```\n\n```sh\n$ pulumi import gcp:secretmanager/regionalSecret:RegionalSecret default {{project}}/{{location}}/{{secret_id}}\n```\n\n```sh\n$ pulumi import gcp:secretmanager/regionalSecret:RegionalSecret default {{location}}/{{secret_id}}\n```\n\n", "properties": { "annotations": { "type": "object", @@ -256142,7 +256142,7 @@ } }, "gcp:secretmanager/regionalSecretIamBinding:RegionalSecretIamBinding": { - "description": "Three different resources help you manage your IAM policy for Secret Manager RegionalSecret. Each of these resources serves a different use case:\n\n* `gcp.secretmanager.RegionalSecretIamPolicy`: Authoritative. Sets the IAM policy for the regionalsecret and replaces any existing policy already attached.\n* `gcp.secretmanager.RegionalSecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the regionalsecret are preserved.\n* `gcp.secretmanager.RegionalSecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the regionalsecret are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.secretmanager.RegionalSecretIamPolicy`: Retrieves the IAM policy for the regionalsecret\n\n\u003e **Note:** `gcp.secretmanager.RegionalSecretIamPolicy` **cannot** be used in conjunction with `gcp.secretmanager.RegionalSecretIamBinding` and `gcp.secretmanager.RegionalSecretIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.secretmanager.RegionalSecretIamBinding` resources **can be** used in conjunction with `gcp.secretmanager.RegionalSecretIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.secretmanager.RegionalSecretIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.RegionalSecretIamPolicy(\"policy\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.secretmanager.RegionalSecretIamPolicy(\"policy\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.RegionalSecretIamPolicy(\"policy\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.RegionalSecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RegionalSecretIamPolicy(\"policy\", RegionalSecretIamPolicyArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:RegionalSecretIamPolicy\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.secretmanager.RegionalSecretIamPolicy(\"policy\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.secretmanager.RegionalSecretIamPolicy(\"policy\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.RegionalSecretIamPolicy(\"policy\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.RegionalSecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new RegionalSecretIamPolicy(\"policy\", RegionalSecretIamPolicyArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:RegionalSecretIamPolicy\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.RegionalSecretIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.RegionalSecretIamBinding(\"binding\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.RegionalSecretIamBinding(\"binding\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.RegionalSecretIamBinding(\"binding\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamBinding(ctx, \"binding\", \u0026secretmanager.RegionalSecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBinding;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionalSecretIamBinding(\"binding\", RegionalSecretIamBindingArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:RegionalSecretIamBinding\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.RegionalSecretIamBinding(\"binding\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.RegionalSecretIamBinding(\"binding\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.RegionalSecretIamBinding(\"binding\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.SecretManager.Inputs.RegionalSecretIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamBinding(ctx, \"binding\", \u0026secretmanager.RegionalSecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026secretmanager.RegionalSecretIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBinding;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBindingArgs;\nimport com.pulumi.gcp.secretmanager.inputs.RegionalSecretIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionalSecretIamBinding(\"binding\", RegionalSecretIamBindingArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(RegionalSecretIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:RegionalSecretIamBinding\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.RegionalSecretIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.RegionalSecretIamMember(\"member\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.RegionalSecretIamMember(\"member\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.RegionalSecretIamMember(\"member\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamMember(ctx, \"member\", \u0026secretmanager.RegionalSecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMember;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionalSecretIamMember(\"member\", RegionalSecretIamMemberArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:RegionalSecretIamMember\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.RegionalSecretIamMember(\"member\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.RegionalSecretIamMember(\"member\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.RegionalSecretIamMember(\"member\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.SecretManager.Inputs.RegionalSecretIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamMember(ctx, \"member\", \u0026secretmanager.RegionalSecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026secretmanager.RegionalSecretIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMember;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMemberArgs;\nimport com.pulumi.gcp.secretmanager.inputs.RegionalSecretIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionalSecretIamMember(\"member\", RegionalSecretIamMemberArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .condition(RegionalSecretIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:RegionalSecretIamMember\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Secret Manager RegionalSecret\nThree different resources help you manage your IAM policy for Secret Manager RegionalSecret. Each of these resources serves a different use case:\n\n* `gcp.secretmanager.RegionalSecretIamPolicy`: Authoritative. Sets the IAM policy for the regionalsecret and replaces any existing policy already attached.\n* `gcp.secretmanager.RegionalSecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the regionalsecret are preserved.\n* `gcp.secretmanager.RegionalSecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the regionalsecret are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.secretmanager.RegionalSecretIamPolicy`: Retrieves the IAM policy for the regionalsecret\n\n\u003e **Note:** `gcp.secretmanager.RegionalSecretIamPolicy` **cannot** be used in conjunction with `gcp.secretmanager.RegionalSecretIamBinding` and `gcp.secretmanager.RegionalSecretIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.secretmanager.RegionalSecretIamBinding` resources **can be** used in conjunction with `gcp.secretmanager.RegionalSecretIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.secretmanager.RegionalSecretIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.RegionalSecretIamPolicy(\"policy\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.secretmanager.RegionalSecretIamPolicy(\"policy\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.RegionalSecretIamPolicy(\"policy\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.RegionalSecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RegionalSecretIamPolicy(\"policy\", RegionalSecretIamPolicyArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:RegionalSecretIamPolicy\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.secretmanager.RegionalSecretIamPolicy(\"policy\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.secretmanager.RegionalSecretIamPolicy(\"policy\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.RegionalSecretIamPolicy(\"policy\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.RegionalSecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new RegionalSecretIamPolicy(\"policy\", RegionalSecretIamPolicyArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:RegionalSecretIamPolicy\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.RegionalSecretIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.RegionalSecretIamBinding(\"binding\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.RegionalSecretIamBinding(\"binding\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.RegionalSecretIamBinding(\"binding\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamBinding(ctx, \"binding\", \u0026secretmanager.RegionalSecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBinding;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionalSecretIamBinding(\"binding\", RegionalSecretIamBindingArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:RegionalSecretIamBinding\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.RegionalSecretIamBinding(\"binding\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.RegionalSecretIamBinding(\"binding\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.RegionalSecretIamBinding(\"binding\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.SecretManager.Inputs.RegionalSecretIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamBinding(ctx, \"binding\", \u0026secretmanager.RegionalSecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026secretmanager.RegionalSecretIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBinding;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBindingArgs;\nimport com.pulumi.gcp.secretmanager.inputs.RegionalSecretIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionalSecretIamBinding(\"binding\", RegionalSecretIamBindingArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(RegionalSecretIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:RegionalSecretIamBinding\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.RegionalSecretIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.RegionalSecretIamMember(\"member\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.RegionalSecretIamMember(\"member\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.RegionalSecretIamMember(\"member\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamMember(ctx, \"member\", \u0026secretmanager.RegionalSecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMember;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionalSecretIamMember(\"member\", RegionalSecretIamMemberArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:RegionalSecretIamMember\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.RegionalSecretIamMember(\"member\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.RegionalSecretIamMember(\"member\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.RegionalSecretIamMember(\"member\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.SecretManager.Inputs.RegionalSecretIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamMember(ctx, \"member\", \u0026secretmanager.RegionalSecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026secretmanager.RegionalSecretIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMember;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMemberArgs;\nimport com.pulumi.gcp.secretmanager.inputs.RegionalSecretIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionalSecretIamMember(\"member\", RegionalSecretIamMemberArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .condition(RegionalSecretIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:RegionalSecretIamMember\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/secrets/{{secret_id}}\n\n* {{project}}/{{location}}/{{secret_id}}\n\n* {{location}}/{{secret_id}}\n\n* {{secret_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nSecret Manager regionalsecret IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/regionalSecretIamBinding:RegionalSecretIamBinding editor \"projects/{{project}}/locations/{{location}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/regionalSecretIamBinding:RegionalSecretIamBinding editor \"projects/{{project}}/locations/{{location}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/regionalSecretIamBinding:RegionalSecretIamBinding editor projects/{{project}}/locations/{{location}}/secrets/{{secret_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Secret Manager RegionalSecret. Each of these resources serves a different use case:\n\n* `gcp.secretmanager.RegionalSecretIamPolicy`: Authoritative. Sets the IAM policy for the regionalsecret and replaces any existing policy already attached.\n* `gcp.secretmanager.RegionalSecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the regionalsecret are preserved.\n* `gcp.secretmanager.RegionalSecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the regionalsecret are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.secretmanager.RegionalSecretIamPolicy`: Retrieves the IAM policy for the regionalsecret\n\n\u003e **Note:** `gcp.secretmanager.RegionalSecretIamPolicy` **cannot** be used in conjunction with `gcp.secretmanager.RegionalSecretIamBinding` and `gcp.secretmanager.RegionalSecretIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.secretmanager.RegionalSecretIamBinding` resources **can be** used in conjunction with `gcp.secretmanager.RegionalSecretIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.secretmanager.RegionalSecretIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.RegionalSecretIamPolicy(\"policy\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.secretmanager.RegionalSecretIamPolicy(\"policy\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.RegionalSecretIamPolicy(\"policy\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.RegionalSecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RegionalSecretIamPolicy(\"policy\", RegionalSecretIamPolicyArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:RegionalSecretIamPolicy\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.secretmanager.RegionalSecretIamPolicy(\"policy\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.secretmanager.RegionalSecretIamPolicy(\"policy\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.RegionalSecretIamPolicy(\"policy\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.RegionalSecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new RegionalSecretIamPolicy(\"policy\", RegionalSecretIamPolicyArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:RegionalSecretIamPolicy\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.RegionalSecretIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.RegionalSecretIamBinding(\"binding\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.RegionalSecretIamBinding(\"binding\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.RegionalSecretIamBinding(\"binding\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamBinding(ctx, \"binding\", \u0026secretmanager.RegionalSecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBinding;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionalSecretIamBinding(\"binding\", RegionalSecretIamBindingArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:RegionalSecretIamBinding\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.RegionalSecretIamBinding(\"binding\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.RegionalSecretIamBinding(\"binding\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.RegionalSecretIamBinding(\"binding\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.SecretManager.Inputs.RegionalSecretIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamBinding(ctx, \"binding\", \u0026secretmanager.RegionalSecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026secretmanager.RegionalSecretIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBinding;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBindingArgs;\nimport com.pulumi.gcp.secretmanager.inputs.RegionalSecretIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionalSecretIamBinding(\"binding\", RegionalSecretIamBindingArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(RegionalSecretIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:RegionalSecretIamBinding\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.RegionalSecretIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.RegionalSecretIamMember(\"member\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.RegionalSecretIamMember(\"member\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.RegionalSecretIamMember(\"member\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamMember(ctx, \"member\", \u0026secretmanager.RegionalSecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMember;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionalSecretIamMember(\"member\", RegionalSecretIamMemberArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:RegionalSecretIamMember\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.RegionalSecretIamMember(\"member\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.RegionalSecretIamMember(\"member\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.RegionalSecretIamMember(\"member\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.SecretManager.Inputs.RegionalSecretIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamMember(ctx, \"member\", \u0026secretmanager.RegionalSecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026secretmanager.RegionalSecretIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMember;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMemberArgs;\nimport com.pulumi.gcp.secretmanager.inputs.RegionalSecretIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionalSecretIamMember(\"member\", RegionalSecretIamMemberArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .condition(RegionalSecretIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:RegionalSecretIamMember\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Secret Manager RegionalSecret\nThree different resources help you manage your IAM policy for Secret Manager RegionalSecret. Each of these resources serves a different use case:\n\n* `gcp.secretmanager.RegionalSecretIamPolicy`: Authoritative. Sets the IAM policy for the regionalsecret and replaces any existing policy already attached.\n* `gcp.secretmanager.RegionalSecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the regionalsecret are preserved.\n* `gcp.secretmanager.RegionalSecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the regionalsecret are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.secretmanager.RegionalSecretIamPolicy`: Retrieves the IAM policy for the regionalsecret\n\n\u003e **Note:** `gcp.secretmanager.RegionalSecretIamPolicy` **cannot** be used in conjunction with `gcp.secretmanager.RegionalSecretIamBinding` and `gcp.secretmanager.RegionalSecretIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.secretmanager.RegionalSecretIamBinding` resources **can be** used in conjunction with `gcp.secretmanager.RegionalSecretIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.secretmanager.RegionalSecretIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.RegionalSecretIamPolicy(\"policy\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.secretmanager.RegionalSecretIamPolicy(\"policy\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.RegionalSecretIamPolicy(\"policy\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.RegionalSecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RegionalSecretIamPolicy(\"policy\", RegionalSecretIamPolicyArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:RegionalSecretIamPolicy\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.secretmanager.RegionalSecretIamPolicy(\"policy\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.secretmanager.RegionalSecretIamPolicy(\"policy\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.RegionalSecretIamPolicy(\"policy\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.RegionalSecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new RegionalSecretIamPolicy(\"policy\", RegionalSecretIamPolicyArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:RegionalSecretIamPolicy\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.RegionalSecretIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.RegionalSecretIamBinding(\"binding\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.RegionalSecretIamBinding(\"binding\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.RegionalSecretIamBinding(\"binding\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamBinding(ctx, \"binding\", \u0026secretmanager.RegionalSecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBinding;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionalSecretIamBinding(\"binding\", RegionalSecretIamBindingArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:RegionalSecretIamBinding\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.RegionalSecretIamBinding(\"binding\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.RegionalSecretIamBinding(\"binding\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.RegionalSecretIamBinding(\"binding\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.SecretManager.Inputs.RegionalSecretIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamBinding(ctx, \"binding\", \u0026secretmanager.RegionalSecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026secretmanager.RegionalSecretIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBinding;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBindingArgs;\nimport com.pulumi.gcp.secretmanager.inputs.RegionalSecretIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionalSecretIamBinding(\"binding\", RegionalSecretIamBindingArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(RegionalSecretIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:RegionalSecretIamBinding\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.RegionalSecretIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.RegionalSecretIamMember(\"member\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.RegionalSecretIamMember(\"member\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.RegionalSecretIamMember(\"member\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamMember(ctx, \"member\", \u0026secretmanager.RegionalSecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMember;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionalSecretIamMember(\"member\", RegionalSecretIamMemberArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:RegionalSecretIamMember\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.RegionalSecretIamMember(\"member\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.RegionalSecretIamMember(\"member\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.RegionalSecretIamMember(\"member\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.SecretManager.Inputs.RegionalSecretIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamMember(ctx, \"member\", \u0026secretmanager.RegionalSecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026secretmanager.RegionalSecretIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMember;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMemberArgs;\nimport com.pulumi.gcp.secretmanager.inputs.RegionalSecretIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionalSecretIamMember(\"member\", RegionalSecretIamMemberArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .condition(RegionalSecretIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:RegionalSecretIamMember\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/secrets/{{secret_id}}\n\n* {{project}}/{{location}}/{{secret_id}}\n\n* {{location}}/{{secret_id}}\n\n* {{secret_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nSecret Manager regionalsecret IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/regionalSecretIamBinding:RegionalSecretIamBinding editor \"projects/{{project}}/locations/{{location}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/regionalSecretIamBinding:RegionalSecretIamBinding editor \"projects/{{project}}/locations/{{location}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/regionalSecretIamBinding:RegionalSecretIamBinding editor projects/{{project}}/locations/{{location}}/secrets/{{secret_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:secretmanager/RegionalSecretIamBindingCondition:RegionalSecretIamBindingCondition", @@ -256264,7 +256264,7 @@ } }, "gcp:secretmanager/regionalSecretIamMember:RegionalSecretIamMember": { - "description": "Three different resources help you manage your IAM policy for Secret Manager RegionalSecret. Each of these resources serves a different use case:\n\n* `gcp.secretmanager.RegionalSecretIamPolicy`: Authoritative. Sets the IAM policy for the regionalsecret and replaces any existing policy already attached.\n* `gcp.secretmanager.RegionalSecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the regionalsecret are preserved.\n* `gcp.secretmanager.RegionalSecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the regionalsecret are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.secretmanager.RegionalSecretIamPolicy`: Retrieves the IAM policy for the regionalsecret\n\n\u003e **Note:** `gcp.secretmanager.RegionalSecretIamPolicy` **cannot** be used in conjunction with `gcp.secretmanager.RegionalSecretIamBinding` and `gcp.secretmanager.RegionalSecretIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.secretmanager.RegionalSecretIamBinding` resources **can be** used in conjunction with `gcp.secretmanager.RegionalSecretIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.secretmanager.RegionalSecretIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.RegionalSecretIamPolicy(\"policy\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.secretmanager.RegionalSecretIamPolicy(\"policy\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.RegionalSecretIamPolicy(\"policy\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.RegionalSecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RegionalSecretIamPolicy(\"policy\", RegionalSecretIamPolicyArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:RegionalSecretIamPolicy\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.secretmanager.RegionalSecretIamPolicy(\"policy\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.secretmanager.RegionalSecretIamPolicy(\"policy\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.RegionalSecretIamPolicy(\"policy\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.RegionalSecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new RegionalSecretIamPolicy(\"policy\", RegionalSecretIamPolicyArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:RegionalSecretIamPolicy\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.RegionalSecretIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.RegionalSecretIamBinding(\"binding\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.RegionalSecretIamBinding(\"binding\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.RegionalSecretIamBinding(\"binding\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamBinding(ctx, \"binding\", \u0026secretmanager.RegionalSecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBinding;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionalSecretIamBinding(\"binding\", RegionalSecretIamBindingArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:RegionalSecretIamBinding\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.RegionalSecretIamBinding(\"binding\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.RegionalSecretIamBinding(\"binding\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.RegionalSecretIamBinding(\"binding\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.SecretManager.Inputs.RegionalSecretIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamBinding(ctx, \"binding\", \u0026secretmanager.RegionalSecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026secretmanager.RegionalSecretIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBinding;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBindingArgs;\nimport com.pulumi.gcp.secretmanager.inputs.RegionalSecretIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionalSecretIamBinding(\"binding\", RegionalSecretIamBindingArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(RegionalSecretIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:RegionalSecretIamBinding\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.RegionalSecretIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.RegionalSecretIamMember(\"member\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.RegionalSecretIamMember(\"member\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.RegionalSecretIamMember(\"member\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamMember(ctx, \"member\", \u0026secretmanager.RegionalSecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMember;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionalSecretIamMember(\"member\", RegionalSecretIamMemberArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:RegionalSecretIamMember\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.RegionalSecretIamMember(\"member\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.RegionalSecretIamMember(\"member\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.RegionalSecretIamMember(\"member\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.SecretManager.Inputs.RegionalSecretIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamMember(ctx, \"member\", \u0026secretmanager.RegionalSecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026secretmanager.RegionalSecretIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMember;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMemberArgs;\nimport com.pulumi.gcp.secretmanager.inputs.RegionalSecretIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionalSecretIamMember(\"member\", RegionalSecretIamMemberArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .condition(RegionalSecretIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:RegionalSecretIamMember\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Secret Manager RegionalSecret\nThree different resources help you manage your IAM policy for Secret Manager RegionalSecret. Each of these resources serves a different use case:\n\n* `gcp.secretmanager.RegionalSecretIamPolicy`: Authoritative. Sets the IAM policy for the regionalsecret and replaces any existing policy already attached.\n* `gcp.secretmanager.RegionalSecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the regionalsecret are preserved.\n* `gcp.secretmanager.RegionalSecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the regionalsecret are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.secretmanager.RegionalSecretIamPolicy`: Retrieves the IAM policy for the regionalsecret\n\n\u003e **Note:** `gcp.secretmanager.RegionalSecretIamPolicy` **cannot** be used in conjunction with `gcp.secretmanager.RegionalSecretIamBinding` and `gcp.secretmanager.RegionalSecretIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.secretmanager.RegionalSecretIamBinding` resources **can be** used in conjunction with `gcp.secretmanager.RegionalSecretIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.secretmanager.RegionalSecretIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.RegionalSecretIamPolicy(\"policy\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.secretmanager.RegionalSecretIamPolicy(\"policy\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.RegionalSecretIamPolicy(\"policy\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.RegionalSecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RegionalSecretIamPolicy(\"policy\", RegionalSecretIamPolicyArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:RegionalSecretIamPolicy\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.secretmanager.RegionalSecretIamPolicy(\"policy\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.secretmanager.RegionalSecretIamPolicy(\"policy\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.RegionalSecretIamPolicy(\"policy\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.RegionalSecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new RegionalSecretIamPolicy(\"policy\", RegionalSecretIamPolicyArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:RegionalSecretIamPolicy\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.RegionalSecretIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.RegionalSecretIamBinding(\"binding\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.RegionalSecretIamBinding(\"binding\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.RegionalSecretIamBinding(\"binding\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamBinding(ctx, \"binding\", \u0026secretmanager.RegionalSecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBinding;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionalSecretIamBinding(\"binding\", RegionalSecretIamBindingArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:RegionalSecretIamBinding\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.RegionalSecretIamBinding(\"binding\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.RegionalSecretIamBinding(\"binding\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.RegionalSecretIamBinding(\"binding\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.SecretManager.Inputs.RegionalSecretIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamBinding(ctx, \"binding\", \u0026secretmanager.RegionalSecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026secretmanager.RegionalSecretIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBinding;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBindingArgs;\nimport com.pulumi.gcp.secretmanager.inputs.RegionalSecretIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionalSecretIamBinding(\"binding\", RegionalSecretIamBindingArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(RegionalSecretIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:RegionalSecretIamBinding\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.RegionalSecretIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.RegionalSecretIamMember(\"member\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.RegionalSecretIamMember(\"member\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.RegionalSecretIamMember(\"member\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamMember(ctx, \"member\", \u0026secretmanager.RegionalSecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMember;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionalSecretIamMember(\"member\", RegionalSecretIamMemberArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:RegionalSecretIamMember\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.RegionalSecretIamMember(\"member\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.RegionalSecretIamMember(\"member\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.RegionalSecretIamMember(\"member\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.SecretManager.Inputs.RegionalSecretIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamMember(ctx, \"member\", \u0026secretmanager.RegionalSecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026secretmanager.RegionalSecretIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMember;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMemberArgs;\nimport com.pulumi.gcp.secretmanager.inputs.RegionalSecretIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionalSecretIamMember(\"member\", RegionalSecretIamMemberArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .condition(RegionalSecretIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:RegionalSecretIamMember\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/secrets/{{secret_id}}\n\n* {{project}}/{{location}}/{{secret_id}}\n\n* {{location}}/{{secret_id}}\n\n* {{secret_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nSecret Manager regionalsecret IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/regionalSecretIamMember:RegionalSecretIamMember editor \"projects/{{project}}/locations/{{location}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/regionalSecretIamMember:RegionalSecretIamMember editor \"projects/{{project}}/locations/{{location}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/regionalSecretIamMember:RegionalSecretIamMember editor projects/{{project}}/locations/{{location}}/secrets/{{secret_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Secret Manager RegionalSecret. Each of these resources serves a different use case:\n\n* `gcp.secretmanager.RegionalSecretIamPolicy`: Authoritative. Sets the IAM policy for the regionalsecret and replaces any existing policy already attached.\n* `gcp.secretmanager.RegionalSecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the regionalsecret are preserved.\n* `gcp.secretmanager.RegionalSecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the regionalsecret are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.secretmanager.RegionalSecretIamPolicy`: Retrieves the IAM policy for the regionalsecret\n\n\u003e **Note:** `gcp.secretmanager.RegionalSecretIamPolicy` **cannot** be used in conjunction with `gcp.secretmanager.RegionalSecretIamBinding` and `gcp.secretmanager.RegionalSecretIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.secretmanager.RegionalSecretIamBinding` resources **can be** used in conjunction with `gcp.secretmanager.RegionalSecretIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.secretmanager.RegionalSecretIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.RegionalSecretIamPolicy(\"policy\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.secretmanager.RegionalSecretIamPolicy(\"policy\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.RegionalSecretIamPolicy(\"policy\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.RegionalSecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RegionalSecretIamPolicy(\"policy\", RegionalSecretIamPolicyArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:RegionalSecretIamPolicy\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.secretmanager.RegionalSecretIamPolicy(\"policy\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.secretmanager.RegionalSecretIamPolicy(\"policy\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.RegionalSecretIamPolicy(\"policy\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.RegionalSecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new RegionalSecretIamPolicy(\"policy\", RegionalSecretIamPolicyArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:RegionalSecretIamPolicy\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.RegionalSecretIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.RegionalSecretIamBinding(\"binding\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.RegionalSecretIamBinding(\"binding\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.RegionalSecretIamBinding(\"binding\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamBinding(ctx, \"binding\", \u0026secretmanager.RegionalSecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBinding;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionalSecretIamBinding(\"binding\", RegionalSecretIamBindingArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:RegionalSecretIamBinding\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.RegionalSecretIamBinding(\"binding\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.RegionalSecretIamBinding(\"binding\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.RegionalSecretIamBinding(\"binding\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.SecretManager.Inputs.RegionalSecretIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamBinding(ctx, \"binding\", \u0026secretmanager.RegionalSecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026secretmanager.RegionalSecretIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBinding;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBindingArgs;\nimport com.pulumi.gcp.secretmanager.inputs.RegionalSecretIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionalSecretIamBinding(\"binding\", RegionalSecretIamBindingArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(RegionalSecretIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:RegionalSecretIamBinding\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.RegionalSecretIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.RegionalSecretIamMember(\"member\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.RegionalSecretIamMember(\"member\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.RegionalSecretIamMember(\"member\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamMember(ctx, \"member\", \u0026secretmanager.RegionalSecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMember;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionalSecretIamMember(\"member\", RegionalSecretIamMemberArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:RegionalSecretIamMember\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.RegionalSecretIamMember(\"member\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.RegionalSecretIamMember(\"member\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.RegionalSecretIamMember(\"member\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.SecretManager.Inputs.RegionalSecretIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamMember(ctx, \"member\", \u0026secretmanager.RegionalSecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026secretmanager.RegionalSecretIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMember;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMemberArgs;\nimport com.pulumi.gcp.secretmanager.inputs.RegionalSecretIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionalSecretIamMember(\"member\", RegionalSecretIamMemberArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .condition(RegionalSecretIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:RegionalSecretIamMember\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Secret Manager RegionalSecret\nThree different resources help you manage your IAM policy for Secret Manager RegionalSecret. Each of these resources serves a different use case:\n\n* `gcp.secretmanager.RegionalSecretIamPolicy`: Authoritative. Sets the IAM policy for the regionalsecret and replaces any existing policy already attached.\n* `gcp.secretmanager.RegionalSecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the regionalsecret are preserved.\n* `gcp.secretmanager.RegionalSecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the regionalsecret are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.secretmanager.RegionalSecretIamPolicy`: Retrieves the IAM policy for the regionalsecret\n\n\u003e **Note:** `gcp.secretmanager.RegionalSecretIamPolicy` **cannot** be used in conjunction with `gcp.secretmanager.RegionalSecretIamBinding` and `gcp.secretmanager.RegionalSecretIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.secretmanager.RegionalSecretIamBinding` resources **can be** used in conjunction with `gcp.secretmanager.RegionalSecretIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.secretmanager.RegionalSecretIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.RegionalSecretIamPolicy(\"policy\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.secretmanager.RegionalSecretIamPolicy(\"policy\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.RegionalSecretIamPolicy(\"policy\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.RegionalSecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RegionalSecretIamPolicy(\"policy\", RegionalSecretIamPolicyArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:RegionalSecretIamPolicy\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.secretmanager.RegionalSecretIamPolicy(\"policy\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.secretmanager.RegionalSecretIamPolicy(\"policy\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.RegionalSecretIamPolicy(\"policy\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.RegionalSecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new RegionalSecretIamPolicy(\"policy\", RegionalSecretIamPolicyArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:RegionalSecretIamPolicy\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.RegionalSecretIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.RegionalSecretIamBinding(\"binding\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.RegionalSecretIamBinding(\"binding\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.RegionalSecretIamBinding(\"binding\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamBinding(ctx, \"binding\", \u0026secretmanager.RegionalSecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBinding;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionalSecretIamBinding(\"binding\", RegionalSecretIamBindingArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:RegionalSecretIamBinding\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.RegionalSecretIamBinding(\"binding\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.RegionalSecretIamBinding(\"binding\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.RegionalSecretIamBinding(\"binding\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.SecretManager.Inputs.RegionalSecretIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamBinding(ctx, \"binding\", \u0026secretmanager.RegionalSecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026secretmanager.RegionalSecretIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBinding;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBindingArgs;\nimport com.pulumi.gcp.secretmanager.inputs.RegionalSecretIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionalSecretIamBinding(\"binding\", RegionalSecretIamBindingArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(RegionalSecretIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:RegionalSecretIamBinding\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.RegionalSecretIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.RegionalSecretIamMember(\"member\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.RegionalSecretIamMember(\"member\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.RegionalSecretIamMember(\"member\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamMember(ctx, \"member\", \u0026secretmanager.RegionalSecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMember;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionalSecretIamMember(\"member\", RegionalSecretIamMemberArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:RegionalSecretIamMember\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.RegionalSecretIamMember(\"member\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.RegionalSecretIamMember(\"member\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.RegionalSecretIamMember(\"member\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.SecretManager.Inputs.RegionalSecretIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamMember(ctx, \"member\", \u0026secretmanager.RegionalSecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026secretmanager.RegionalSecretIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMember;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMemberArgs;\nimport com.pulumi.gcp.secretmanager.inputs.RegionalSecretIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionalSecretIamMember(\"member\", RegionalSecretIamMemberArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .condition(RegionalSecretIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:RegionalSecretIamMember\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/secrets/{{secret_id}}\n\n* {{project}}/{{location}}/{{secret_id}}\n\n* {{location}}/{{secret_id}}\n\n* {{secret_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nSecret Manager regionalsecret IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/regionalSecretIamMember:RegionalSecretIamMember editor \"projects/{{project}}/locations/{{location}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/regionalSecretIamMember:RegionalSecretIamMember editor \"projects/{{project}}/locations/{{location}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/regionalSecretIamMember:RegionalSecretIamMember editor projects/{{project}}/locations/{{location}}/secrets/{{secret_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:secretmanager/RegionalSecretIamMemberCondition:RegionalSecretIamMemberCondition", @@ -256379,7 +256379,7 @@ } }, "gcp:secretmanager/regionalSecretIamPolicy:RegionalSecretIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Secret Manager RegionalSecret. Each of these resources serves a different use case:\n\n* `gcp.secretmanager.RegionalSecretIamPolicy`: Authoritative. Sets the IAM policy for the regionalsecret and replaces any existing policy already attached.\n* `gcp.secretmanager.RegionalSecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the regionalsecret are preserved.\n* `gcp.secretmanager.RegionalSecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the regionalsecret are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.secretmanager.RegionalSecretIamPolicy`: Retrieves the IAM policy for the regionalsecret\n\n\u003e **Note:** `gcp.secretmanager.RegionalSecretIamPolicy` **cannot** be used in conjunction with `gcp.secretmanager.RegionalSecretIamBinding` and `gcp.secretmanager.RegionalSecretIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.secretmanager.RegionalSecretIamBinding` resources **can be** used in conjunction with `gcp.secretmanager.RegionalSecretIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.secretmanager.RegionalSecretIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.RegionalSecretIamPolicy(\"policy\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.secretmanager.RegionalSecretIamPolicy(\"policy\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.RegionalSecretIamPolicy(\"policy\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.RegionalSecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RegionalSecretIamPolicy(\"policy\", RegionalSecretIamPolicyArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:RegionalSecretIamPolicy\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.secretmanager.RegionalSecretIamPolicy(\"policy\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.secretmanager.RegionalSecretIamPolicy(\"policy\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.RegionalSecretIamPolicy(\"policy\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.RegionalSecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new RegionalSecretIamPolicy(\"policy\", RegionalSecretIamPolicyArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:RegionalSecretIamPolicy\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.RegionalSecretIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.RegionalSecretIamBinding(\"binding\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.RegionalSecretIamBinding(\"binding\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.RegionalSecretIamBinding(\"binding\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamBinding(ctx, \"binding\", \u0026secretmanager.RegionalSecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBinding;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionalSecretIamBinding(\"binding\", RegionalSecretIamBindingArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:RegionalSecretIamBinding\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.RegionalSecretIamBinding(\"binding\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.RegionalSecretIamBinding(\"binding\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.RegionalSecretIamBinding(\"binding\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.SecretManager.Inputs.RegionalSecretIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamBinding(ctx, \"binding\", \u0026secretmanager.RegionalSecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026secretmanager.RegionalSecretIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBinding;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBindingArgs;\nimport com.pulumi.gcp.secretmanager.inputs.RegionalSecretIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionalSecretIamBinding(\"binding\", RegionalSecretIamBindingArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(RegionalSecretIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:RegionalSecretIamBinding\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.RegionalSecretIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.RegionalSecretIamMember(\"member\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.RegionalSecretIamMember(\"member\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.RegionalSecretIamMember(\"member\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamMember(ctx, \"member\", \u0026secretmanager.RegionalSecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMember;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionalSecretIamMember(\"member\", RegionalSecretIamMemberArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:RegionalSecretIamMember\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.RegionalSecretIamMember(\"member\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.RegionalSecretIamMember(\"member\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.RegionalSecretIamMember(\"member\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.SecretManager.Inputs.RegionalSecretIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamMember(ctx, \"member\", \u0026secretmanager.RegionalSecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026secretmanager.RegionalSecretIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMember;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMemberArgs;\nimport com.pulumi.gcp.secretmanager.inputs.RegionalSecretIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionalSecretIamMember(\"member\", RegionalSecretIamMemberArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .condition(RegionalSecretIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:RegionalSecretIamMember\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Secret Manager RegionalSecret\nThree different resources help you manage your IAM policy for Secret Manager RegionalSecret. Each of these resources serves a different use case:\n\n* `gcp.secretmanager.RegionalSecretIamPolicy`: Authoritative. Sets the IAM policy for the regionalsecret and replaces any existing policy already attached.\n* `gcp.secretmanager.RegionalSecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the regionalsecret are preserved.\n* `gcp.secretmanager.RegionalSecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the regionalsecret are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.secretmanager.RegionalSecretIamPolicy`: Retrieves the IAM policy for the regionalsecret\n\n\u003e **Note:** `gcp.secretmanager.RegionalSecretIamPolicy` **cannot** be used in conjunction with `gcp.secretmanager.RegionalSecretIamBinding` and `gcp.secretmanager.RegionalSecretIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.secretmanager.RegionalSecretIamBinding` resources **can be** used in conjunction with `gcp.secretmanager.RegionalSecretIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.secretmanager.RegionalSecretIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.RegionalSecretIamPolicy(\"policy\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.secretmanager.RegionalSecretIamPolicy(\"policy\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.RegionalSecretIamPolicy(\"policy\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.RegionalSecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RegionalSecretIamPolicy(\"policy\", RegionalSecretIamPolicyArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:RegionalSecretIamPolicy\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.secretmanager.RegionalSecretIamPolicy(\"policy\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.secretmanager.RegionalSecretIamPolicy(\"policy\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.RegionalSecretIamPolicy(\"policy\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.RegionalSecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new RegionalSecretIamPolicy(\"policy\", RegionalSecretIamPolicyArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:RegionalSecretIamPolicy\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.RegionalSecretIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.RegionalSecretIamBinding(\"binding\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.RegionalSecretIamBinding(\"binding\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.RegionalSecretIamBinding(\"binding\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamBinding(ctx, \"binding\", \u0026secretmanager.RegionalSecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBinding;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionalSecretIamBinding(\"binding\", RegionalSecretIamBindingArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:RegionalSecretIamBinding\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.RegionalSecretIamBinding(\"binding\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.RegionalSecretIamBinding(\"binding\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.RegionalSecretIamBinding(\"binding\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.SecretManager.Inputs.RegionalSecretIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamBinding(ctx, \"binding\", \u0026secretmanager.RegionalSecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026secretmanager.RegionalSecretIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBinding;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBindingArgs;\nimport com.pulumi.gcp.secretmanager.inputs.RegionalSecretIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionalSecretIamBinding(\"binding\", RegionalSecretIamBindingArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(RegionalSecretIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:RegionalSecretIamBinding\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.RegionalSecretIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.RegionalSecretIamMember(\"member\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.RegionalSecretIamMember(\"member\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.RegionalSecretIamMember(\"member\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamMember(ctx, \"member\", \u0026secretmanager.RegionalSecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMember;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionalSecretIamMember(\"member\", RegionalSecretIamMemberArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:RegionalSecretIamMember\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.RegionalSecretIamMember(\"member\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.RegionalSecretIamMember(\"member\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.RegionalSecretIamMember(\"member\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.SecretManager.Inputs.RegionalSecretIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamMember(ctx, \"member\", \u0026secretmanager.RegionalSecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026secretmanager.RegionalSecretIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMember;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMemberArgs;\nimport com.pulumi.gcp.secretmanager.inputs.RegionalSecretIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionalSecretIamMember(\"member\", RegionalSecretIamMemberArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .condition(RegionalSecretIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:RegionalSecretIamMember\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/secrets/{{secret_id}}\n\n* {{project}}/{{location}}/{{secret_id}}\n\n* {{location}}/{{secret_id}}\n\n* {{secret_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nSecret Manager regionalsecret IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/regionalSecretIamPolicy:RegionalSecretIamPolicy editor \"projects/{{project}}/locations/{{location}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/regionalSecretIamPolicy:RegionalSecretIamPolicy editor \"projects/{{project}}/locations/{{location}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/regionalSecretIamPolicy:RegionalSecretIamPolicy editor projects/{{project}}/locations/{{location}}/secrets/{{secret_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Secret Manager RegionalSecret. Each of these resources serves a different use case:\n\n* `gcp.secretmanager.RegionalSecretIamPolicy`: Authoritative. Sets the IAM policy for the regionalsecret and replaces any existing policy already attached.\n* `gcp.secretmanager.RegionalSecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the regionalsecret are preserved.\n* `gcp.secretmanager.RegionalSecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the regionalsecret are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.secretmanager.RegionalSecretIamPolicy`: Retrieves the IAM policy for the regionalsecret\n\n\u003e **Note:** `gcp.secretmanager.RegionalSecretIamPolicy` **cannot** be used in conjunction with `gcp.secretmanager.RegionalSecretIamBinding` and `gcp.secretmanager.RegionalSecretIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.secretmanager.RegionalSecretIamBinding` resources **can be** used in conjunction with `gcp.secretmanager.RegionalSecretIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.secretmanager.RegionalSecretIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.RegionalSecretIamPolicy(\"policy\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.secretmanager.RegionalSecretIamPolicy(\"policy\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.RegionalSecretIamPolicy(\"policy\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.RegionalSecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RegionalSecretIamPolicy(\"policy\", RegionalSecretIamPolicyArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:RegionalSecretIamPolicy\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.secretmanager.RegionalSecretIamPolicy(\"policy\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.secretmanager.RegionalSecretIamPolicy(\"policy\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.RegionalSecretIamPolicy(\"policy\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.RegionalSecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new RegionalSecretIamPolicy(\"policy\", RegionalSecretIamPolicyArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:RegionalSecretIamPolicy\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.RegionalSecretIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.RegionalSecretIamBinding(\"binding\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.RegionalSecretIamBinding(\"binding\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.RegionalSecretIamBinding(\"binding\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamBinding(ctx, \"binding\", \u0026secretmanager.RegionalSecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBinding;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionalSecretIamBinding(\"binding\", RegionalSecretIamBindingArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:RegionalSecretIamBinding\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.RegionalSecretIamBinding(\"binding\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.RegionalSecretIamBinding(\"binding\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.RegionalSecretIamBinding(\"binding\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.SecretManager.Inputs.RegionalSecretIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamBinding(ctx, \"binding\", \u0026secretmanager.RegionalSecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026secretmanager.RegionalSecretIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBinding;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBindingArgs;\nimport com.pulumi.gcp.secretmanager.inputs.RegionalSecretIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionalSecretIamBinding(\"binding\", RegionalSecretIamBindingArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(RegionalSecretIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:RegionalSecretIamBinding\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.RegionalSecretIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.RegionalSecretIamMember(\"member\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.RegionalSecretIamMember(\"member\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.RegionalSecretIamMember(\"member\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamMember(ctx, \"member\", \u0026secretmanager.RegionalSecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMember;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionalSecretIamMember(\"member\", RegionalSecretIamMemberArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:RegionalSecretIamMember\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.RegionalSecretIamMember(\"member\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.RegionalSecretIamMember(\"member\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.RegionalSecretIamMember(\"member\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.SecretManager.Inputs.RegionalSecretIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamMember(ctx, \"member\", \u0026secretmanager.RegionalSecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026secretmanager.RegionalSecretIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMember;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMemberArgs;\nimport com.pulumi.gcp.secretmanager.inputs.RegionalSecretIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionalSecretIamMember(\"member\", RegionalSecretIamMemberArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .condition(RegionalSecretIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:RegionalSecretIamMember\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Secret Manager RegionalSecret\nThree different resources help you manage your IAM policy for Secret Manager RegionalSecret. Each of these resources serves a different use case:\n\n* `gcp.secretmanager.RegionalSecretIamPolicy`: Authoritative. Sets the IAM policy for the regionalsecret and replaces any existing policy already attached.\n* `gcp.secretmanager.RegionalSecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the regionalsecret are preserved.\n* `gcp.secretmanager.RegionalSecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the regionalsecret are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.secretmanager.RegionalSecretIamPolicy`: Retrieves the IAM policy for the regionalsecret\n\n\u003e **Note:** `gcp.secretmanager.RegionalSecretIamPolicy` **cannot** be used in conjunction with `gcp.secretmanager.RegionalSecretIamBinding` and `gcp.secretmanager.RegionalSecretIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.secretmanager.RegionalSecretIamBinding` resources **can be** used in conjunction with `gcp.secretmanager.RegionalSecretIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.secretmanager.RegionalSecretIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.RegionalSecretIamPolicy(\"policy\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.secretmanager.RegionalSecretIamPolicy(\"policy\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.RegionalSecretIamPolicy(\"policy\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.RegionalSecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RegionalSecretIamPolicy(\"policy\", RegionalSecretIamPolicyArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:RegionalSecretIamPolicy\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.secretmanager.RegionalSecretIamPolicy(\"policy\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.secretmanager.RegionalSecretIamPolicy(\"policy\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.RegionalSecretIamPolicy(\"policy\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.RegionalSecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new RegionalSecretIamPolicy(\"policy\", RegionalSecretIamPolicyArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:RegionalSecretIamPolicy\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.RegionalSecretIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.RegionalSecretIamBinding(\"binding\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.RegionalSecretIamBinding(\"binding\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.RegionalSecretIamBinding(\"binding\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamBinding(ctx, \"binding\", \u0026secretmanager.RegionalSecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBinding;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionalSecretIamBinding(\"binding\", RegionalSecretIamBindingArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:RegionalSecretIamBinding\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.RegionalSecretIamBinding(\"binding\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.RegionalSecretIamBinding(\"binding\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.RegionalSecretIamBinding(\"binding\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.SecretManager.Inputs.RegionalSecretIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamBinding(ctx, \"binding\", \u0026secretmanager.RegionalSecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026secretmanager.RegionalSecretIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBinding;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamBindingArgs;\nimport com.pulumi.gcp.secretmanager.inputs.RegionalSecretIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RegionalSecretIamBinding(\"binding\", RegionalSecretIamBindingArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(RegionalSecretIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:RegionalSecretIamBinding\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.RegionalSecretIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.RegionalSecretIamMember(\"member\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.RegionalSecretIamMember(\"member\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.RegionalSecretIamMember(\"member\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamMember(ctx, \"member\", \u0026secretmanager.RegionalSecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMember;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionalSecretIamMember(\"member\", RegionalSecretIamMemberArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:RegionalSecretIamMember\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.RegionalSecretIamMember(\"member\", {\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.RegionalSecretIamMember(\"member\",\n project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.RegionalSecretIamMember(\"member\", new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.SecretManager.Inputs.RegionalSecretIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecretIamMember(ctx, \"member\", \u0026secretmanager.RegionalSecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.Any(regional_secret_basic.Location),\n\t\t\tSecretId: pulumi.Any(regional_secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026secretmanager.RegionalSecretIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMember;\nimport com.pulumi.gcp.secretmanager.RegionalSecretIamMemberArgs;\nimport com.pulumi.gcp.secretmanager.inputs.RegionalSecretIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RegionalSecretIamMember(\"member\", RegionalSecretIamMemberArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .condition(RegionalSecretIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:RegionalSecretIamMember\n properties:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/secrets/{{secret_id}}\n\n* {{project}}/{{location}}/{{secret_id}}\n\n* {{location}}/{{secret_id}}\n\n* {{secret_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nSecret Manager regionalsecret IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/regionalSecretIamPolicy:RegionalSecretIamPolicy editor \"projects/{{project}}/locations/{{location}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/regionalSecretIamPolicy:RegionalSecretIamPolicy editor \"projects/{{project}}/locations/{{location}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/regionalSecretIamPolicy:RegionalSecretIamPolicy editor projects/{{project}}/locations/{{location}}/secrets/{{secret_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -256462,7 +256462,7 @@ } }, "gcp:secretmanager/regionalSecretVersion:RegionalSecretVersion": { - "description": "A regional secret version resource.\n\n\n\n\n\n## Example Usage\n\n### Regional Secret Version Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secret_basic = new gcp.secretmanager.RegionalSecret(\"secret-basic\", {\n secretId: \"secret-version\",\n location: \"us-central1\",\n});\nconst regionalSecretVersionBasic = new gcp.secretmanager.RegionalSecretVersion(\"regional_secret_version_basic\", {\n secret: secret_basic.id,\n secretData: \"secret-data\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret_basic = gcp.secretmanager.RegionalSecret(\"secret-basic\",\n secret_id=\"secret-version\",\n location=\"us-central1\")\nregional_secret_version_basic = gcp.secretmanager.RegionalSecretVersion(\"regional_secret_version_basic\",\n secret=secret_basic.id,\n secret_data=\"secret-data\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret_basic = new Gcp.SecretManager.RegionalSecret(\"secret-basic\", new()\n {\n SecretId = \"secret-version\",\n Location = \"us-central1\",\n });\n\n var regionalSecretVersionBasic = new Gcp.SecretManager.RegionalSecretVersion(\"regional_secret_version_basic\", new()\n {\n Secret = secret_basic.Id,\n SecretData = \"secret-data\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecret(ctx, \"secret-basic\", \u0026secretmanager.RegionalSecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret-version\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecretVersion(ctx, \"regional_secret_version_basic\", \u0026secretmanager.RegionalSecretVersionArgs{\n\t\t\tSecret: secret_basic.ID(),\n\t\t\tSecretData: pulumi.String(\"secret-data\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecret;\nimport com.pulumi.gcp.secretmanager.RegionalSecretArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecretVersion;\nimport com.pulumi.gcp.secretmanager.RegionalSecretVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret_basic = new RegionalSecret(\"secret-basic\", RegionalSecretArgs.builder()\n .secretId(\"secret-version\")\n .location(\"us-central1\")\n .build());\n\n var regionalSecretVersionBasic = new RegionalSecretVersion(\"regionalSecretVersionBasic\", RegionalSecretVersionArgs.builder()\n .secret(secret_basic.id())\n .secretData(\"secret-data\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n secret-basic:\n type: gcp:secretmanager:RegionalSecret\n properties:\n secretId: secret-version\n location: us-central1\n regionalSecretVersionBasic:\n type: gcp:secretmanager:RegionalSecretVersion\n name: regional_secret_version_basic\n properties:\n secret: ${[\"secret-basic\"].id}\n secretData: secret-data\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Regional Secret Version With Base64 Data\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst secret_basic = new gcp.secretmanager.RegionalSecret(\"secret-basic\", {\n secretId: \"secret-version\",\n location: \"us-central1\",\n});\nconst regionalSecretVersionBase64 = new gcp.secretmanager.RegionalSecretVersion(\"regional_secret_version_base64\", {\n secret: secret_basic.id,\n secretData: std.filebase64({\n input: \"secret-data.pfx\",\n }).then(invoke =\u003e invoke.result),\n isSecretDataBase64: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nsecret_basic = gcp.secretmanager.RegionalSecret(\"secret-basic\",\n secret_id=\"secret-version\",\n location=\"us-central1\")\nregional_secret_version_base64 = gcp.secretmanager.RegionalSecretVersion(\"regional_secret_version_base64\",\n secret=secret_basic.id,\n secret_data=std.filebase64(input=\"secret-data.pfx\").result,\n is_secret_data_base64=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret_basic = new Gcp.SecretManager.RegionalSecret(\"secret-basic\", new()\n {\n SecretId = \"secret-version\",\n Location = \"us-central1\",\n });\n\n var regionalSecretVersionBase64 = new Gcp.SecretManager.RegionalSecretVersion(\"regional_secret_version_base64\", new()\n {\n Secret = secret_basic.Id,\n SecretData = Std.Filebase64.Invoke(new()\n {\n Input = \"secret-data.pfx\",\n }).Apply(invoke =\u003e invoke.Result),\n IsSecretDataBase64 = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecret(ctx, \"secret-basic\", \u0026secretmanager.RegionalSecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret-version\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFilebase64, err := std.Filebase64(ctx, \u0026std.Filebase64Args{\n\t\t\tInput: \"secret-data.pfx\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecretVersion(ctx, \"regional_secret_version_base64\", \u0026secretmanager.RegionalSecretVersionArgs{\n\t\t\tSecret: secret_basic.ID(),\n\t\t\tSecretData: pulumi.String(invokeFilebase64.Result),\n\t\t\tIsSecretDataBase64: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecret;\nimport com.pulumi.gcp.secretmanager.RegionalSecretArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecretVersion;\nimport com.pulumi.gcp.secretmanager.RegionalSecretVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret_basic = new RegionalSecret(\"secret-basic\", RegionalSecretArgs.builder()\n .secretId(\"secret-version\")\n .location(\"us-central1\")\n .build());\n\n var regionalSecretVersionBase64 = new RegionalSecretVersion(\"regionalSecretVersionBase64\", RegionalSecretVersionArgs.builder()\n .secret(secret_basic.id())\n .secretData(StdFunctions.filebase64(Filebase64Args.builder()\n .input(\"secret-data.pfx\")\n .build()).result())\n .isSecretDataBase64(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n secret-basic:\n type: gcp:secretmanager:RegionalSecret\n properties:\n secretId: secret-version\n location: us-central1\n regionalSecretVersionBase64:\n type: gcp:secretmanager:RegionalSecretVersion\n name: regional_secret_version_base64\n properties:\n secret: ${[\"secret-basic\"].id}\n secretData:\n fn::invoke:\n Function: std:filebase64\n Arguments:\n input: secret-data.pfx\n Return: result\n isSecretDataBase64: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Regional Secret Version Disabled\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secret_basic = new gcp.secretmanager.RegionalSecret(\"secret-basic\", {\n secretId: \"secret-version\",\n location: \"us-central1\",\n});\nconst regionalSecretVersionDisabled = new gcp.secretmanager.RegionalSecretVersion(\"regional_secret_version_disabled\", {\n secret: secret_basic.id,\n secretData: \"secret-data\",\n enabled: false,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret_basic = gcp.secretmanager.RegionalSecret(\"secret-basic\",\n secret_id=\"secret-version\",\n location=\"us-central1\")\nregional_secret_version_disabled = gcp.secretmanager.RegionalSecretVersion(\"regional_secret_version_disabled\",\n secret=secret_basic.id,\n secret_data=\"secret-data\",\n enabled=False)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret_basic = new Gcp.SecretManager.RegionalSecret(\"secret-basic\", new()\n {\n SecretId = \"secret-version\",\n Location = \"us-central1\",\n });\n\n var regionalSecretVersionDisabled = new Gcp.SecretManager.RegionalSecretVersion(\"regional_secret_version_disabled\", new()\n {\n Secret = secret_basic.Id,\n SecretData = \"secret-data\",\n Enabled = false,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecret(ctx, \"secret-basic\", \u0026secretmanager.RegionalSecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret-version\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecretVersion(ctx, \"regional_secret_version_disabled\", \u0026secretmanager.RegionalSecretVersionArgs{\n\t\t\tSecret: secret_basic.ID(),\n\t\t\tSecretData: pulumi.String(\"secret-data\"),\n\t\t\tEnabled: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecret;\nimport com.pulumi.gcp.secretmanager.RegionalSecretArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecretVersion;\nimport com.pulumi.gcp.secretmanager.RegionalSecretVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret_basic = new RegionalSecret(\"secret-basic\", RegionalSecretArgs.builder()\n .secretId(\"secret-version\")\n .location(\"us-central1\")\n .build());\n\n var regionalSecretVersionDisabled = new RegionalSecretVersion(\"regionalSecretVersionDisabled\", RegionalSecretVersionArgs.builder()\n .secret(secret_basic.id())\n .secretData(\"secret-data\")\n .enabled(false)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n secret-basic:\n type: gcp:secretmanager:RegionalSecret\n properties:\n secretId: secret-version\n location: us-central1\n regionalSecretVersionDisabled:\n type: gcp:secretmanager:RegionalSecretVersion\n name: regional_secret_version_disabled\n properties:\n secret: ${[\"secret-basic\"].id}\n secretData: secret-data\n enabled: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Regional Secret Version Deletion Policy Abandon\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secret_basic = new gcp.secretmanager.RegionalSecret(\"secret-basic\", {\n secretId: \"secret-version\",\n location: \"us-central1\",\n});\nconst regionalSecretVersionDeletionPolicy = new gcp.secretmanager.RegionalSecretVersion(\"regional_secret_version_deletion_policy\", {\n secret: secret_basic.id,\n secretData: \"secret-data\",\n deletionPolicy: \"ABANDON\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret_basic = gcp.secretmanager.RegionalSecret(\"secret-basic\",\n secret_id=\"secret-version\",\n location=\"us-central1\")\nregional_secret_version_deletion_policy = gcp.secretmanager.RegionalSecretVersion(\"regional_secret_version_deletion_policy\",\n secret=secret_basic.id,\n secret_data=\"secret-data\",\n deletion_policy=\"ABANDON\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret_basic = new Gcp.SecretManager.RegionalSecret(\"secret-basic\", new()\n {\n SecretId = \"secret-version\",\n Location = \"us-central1\",\n });\n\n var regionalSecretVersionDeletionPolicy = new Gcp.SecretManager.RegionalSecretVersion(\"regional_secret_version_deletion_policy\", new()\n {\n Secret = secret_basic.Id,\n SecretData = \"secret-data\",\n DeletionPolicy = \"ABANDON\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecret(ctx, \"secret-basic\", \u0026secretmanager.RegionalSecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret-version\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecretVersion(ctx, \"regional_secret_version_deletion_policy\", \u0026secretmanager.RegionalSecretVersionArgs{\n\t\t\tSecret: secret_basic.ID(),\n\t\t\tSecretData: pulumi.String(\"secret-data\"),\n\t\t\tDeletionPolicy: pulumi.String(\"ABANDON\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecret;\nimport com.pulumi.gcp.secretmanager.RegionalSecretArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecretVersion;\nimport com.pulumi.gcp.secretmanager.RegionalSecretVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret_basic = new RegionalSecret(\"secret-basic\", RegionalSecretArgs.builder()\n .secretId(\"secret-version\")\n .location(\"us-central1\")\n .build());\n\n var regionalSecretVersionDeletionPolicy = new RegionalSecretVersion(\"regionalSecretVersionDeletionPolicy\", RegionalSecretVersionArgs.builder()\n .secret(secret_basic.id())\n .secretData(\"secret-data\")\n .deletionPolicy(\"ABANDON\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n secret-basic:\n type: gcp:secretmanager:RegionalSecret\n properties:\n secretId: secret-version\n location: us-central1\n regionalSecretVersionDeletionPolicy:\n type: gcp:secretmanager:RegionalSecretVersion\n name: regional_secret_version_deletion_policy\n properties:\n secret: ${[\"secret-basic\"].id}\n secretData: secret-data\n deletionPolicy: ABANDON\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Regional Secret Version Deletion Policy Disable\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secret_basic = new gcp.secretmanager.RegionalSecret(\"secret-basic\", {\n secretId: \"secret-version\",\n location: \"us-central1\",\n});\nconst regionalSecretVersionDeletionPolicy = new gcp.secretmanager.RegionalSecretVersion(\"regional_secret_version_deletion_policy\", {\n secret: secret_basic.id,\n secretData: \"secret-data\",\n deletionPolicy: \"DISABLE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret_basic = gcp.secretmanager.RegionalSecret(\"secret-basic\",\n secret_id=\"secret-version\",\n location=\"us-central1\")\nregional_secret_version_deletion_policy = gcp.secretmanager.RegionalSecretVersion(\"regional_secret_version_deletion_policy\",\n secret=secret_basic.id,\n secret_data=\"secret-data\",\n deletion_policy=\"DISABLE\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret_basic = new Gcp.SecretManager.RegionalSecret(\"secret-basic\", new()\n {\n SecretId = \"secret-version\",\n Location = \"us-central1\",\n });\n\n var regionalSecretVersionDeletionPolicy = new Gcp.SecretManager.RegionalSecretVersion(\"regional_secret_version_deletion_policy\", new()\n {\n Secret = secret_basic.Id,\n SecretData = \"secret-data\",\n DeletionPolicy = \"DISABLE\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecret(ctx, \"secret-basic\", \u0026secretmanager.RegionalSecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret-version\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecretVersion(ctx, \"regional_secret_version_deletion_policy\", \u0026secretmanager.RegionalSecretVersionArgs{\n\t\t\tSecret: secret_basic.ID(),\n\t\t\tSecretData: pulumi.String(\"secret-data\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DISABLE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecret;\nimport com.pulumi.gcp.secretmanager.RegionalSecretArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecretVersion;\nimport com.pulumi.gcp.secretmanager.RegionalSecretVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret_basic = new RegionalSecret(\"secret-basic\", RegionalSecretArgs.builder()\n .secretId(\"secret-version\")\n .location(\"us-central1\")\n .build());\n\n var regionalSecretVersionDeletionPolicy = new RegionalSecretVersion(\"regionalSecretVersionDeletionPolicy\", RegionalSecretVersionArgs.builder()\n .secret(secret_basic.id())\n .secretData(\"secret-data\")\n .deletionPolicy(\"DISABLE\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n secret-basic:\n type: gcp:secretmanager:RegionalSecret\n properties:\n secretId: secret-version\n location: us-central1\n regionalSecretVersionDeletionPolicy:\n type: gcp:secretmanager:RegionalSecretVersion\n name: regional_secret_version_deletion_policy\n properties:\n secret: ${[\"secret-basic\"].id}\n secretData: secret-data\n deletionPolicy: DISABLE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRegionalSecretVersion can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/secrets/{{secret_id}}/versions/{{version}}`\n\nWhen using the `pulumi import` command, RegionalSecretVersion can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:secretmanager/regionalSecretVersion:RegionalSecretVersion default projects/{{project}}/locations/{{location}}/secrets/{{secret_id}}/versions/{{version}}\n```\n\n", + "description": "A regional secret version resource.\n\n\n\n\n\n## Example Usage\n\n### Regional Secret Version Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secret_basic = new gcp.secretmanager.RegionalSecret(\"secret-basic\", {\n secretId: \"secret-version\",\n location: \"us-central1\",\n});\nconst regionalSecretVersionBasic = new gcp.secretmanager.RegionalSecretVersion(\"regional_secret_version_basic\", {\n secret: secret_basic.id,\n secretData: \"secret-data\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret_basic = gcp.secretmanager.RegionalSecret(\"secret-basic\",\n secret_id=\"secret-version\",\n location=\"us-central1\")\nregional_secret_version_basic = gcp.secretmanager.RegionalSecretVersion(\"regional_secret_version_basic\",\n secret=secret_basic.id,\n secret_data=\"secret-data\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret_basic = new Gcp.SecretManager.RegionalSecret(\"secret-basic\", new()\n {\n SecretId = \"secret-version\",\n Location = \"us-central1\",\n });\n\n var regionalSecretVersionBasic = new Gcp.SecretManager.RegionalSecretVersion(\"regional_secret_version_basic\", new()\n {\n Secret = secret_basic.Id,\n SecretData = \"secret-data\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecret(ctx, \"secret-basic\", \u0026secretmanager.RegionalSecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret-version\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecretVersion(ctx, \"regional_secret_version_basic\", \u0026secretmanager.RegionalSecretVersionArgs{\n\t\t\tSecret: secret_basic.ID(),\n\t\t\tSecretData: pulumi.String(\"secret-data\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecret;\nimport com.pulumi.gcp.secretmanager.RegionalSecretArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecretVersion;\nimport com.pulumi.gcp.secretmanager.RegionalSecretVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret_basic = new RegionalSecret(\"secret-basic\", RegionalSecretArgs.builder()\n .secretId(\"secret-version\")\n .location(\"us-central1\")\n .build());\n\n var regionalSecretVersionBasic = new RegionalSecretVersion(\"regionalSecretVersionBasic\", RegionalSecretVersionArgs.builder()\n .secret(secret_basic.id())\n .secretData(\"secret-data\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n secret-basic:\n type: gcp:secretmanager:RegionalSecret\n properties:\n secretId: secret-version\n location: us-central1\n regionalSecretVersionBasic:\n type: gcp:secretmanager:RegionalSecretVersion\n name: regional_secret_version_basic\n properties:\n secret: ${[\"secret-basic\"].id}\n secretData: secret-data\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Regional Secret Version With Base64 Data\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst secret_basic = new gcp.secretmanager.RegionalSecret(\"secret-basic\", {\n secretId: \"secret-version\",\n location: \"us-central1\",\n});\nconst regionalSecretVersionBase64 = new gcp.secretmanager.RegionalSecretVersion(\"regional_secret_version_base64\", {\n secret: secret_basic.id,\n secretData: std.filebase64({\n input: \"secret-data.pfx\",\n }).then(invoke =\u003e invoke.result),\n isSecretDataBase64: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nsecret_basic = gcp.secretmanager.RegionalSecret(\"secret-basic\",\n secret_id=\"secret-version\",\n location=\"us-central1\")\nregional_secret_version_base64 = gcp.secretmanager.RegionalSecretVersion(\"regional_secret_version_base64\",\n secret=secret_basic.id,\n secret_data=std.filebase64(input=\"secret-data.pfx\").result,\n is_secret_data_base64=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret_basic = new Gcp.SecretManager.RegionalSecret(\"secret-basic\", new()\n {\n SecretId = \"secret-version\",\n Location = \"us-central1\",\n });\n\n var regionalSecretVersionBase64 = new Gcp.SecretManager.RegionalSecretVersion(\"regional_secret_version_base64\", new()\n {\n Secret = secret_basic.Id,\n SecretData = Std.Filebase64.Invoke(new()\n {\n Input = \"secret-data.pfx\",\n }).Apply(invoke =\u003e invoke.Result),\n IsSecretDataBase64 = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecret(ctx, \"secret-basic\", \u0026secretmanager.RegionalSecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret-version\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFilebase64, err := std.Filebase64(ctx, \u0026std.Filebase64Args{\n\t\t\tInput: \"secret-data.pfx\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecretVersion(ctx, \"regional_secret_version_base64\", \u0026secretmanager.RegionalSecretVersionArgs{\n\t\t\tSecret: secret_basic.ID(),\n\t\t\tSecretData: pulumi.String(invokeFilebase64.Result),\n\t\t\tIsSecretDataBase64: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecret;\nimport com.pulumi.gcp.secretmanager.RegionalSecretArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecretVersion;\nimport com.pulumi.gcp.secretmanager.RegionalSecretVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret_basic = new RegionalSecret(\"secret-basic\", RegionalSecretArgs.builder()\n .secretId(\"secret-version\")\n .location(\"us-central1\")\n .build());\n\n var regionalSecretVersionBase64 = new RegionalSecretVersion(\"regionalSecretVersionBase64\", RegionalSecretVersionArgs.builder()\n .secret(secret_basic.id())\n .secretData(StdFunctions.filebase64(Filebase64Args.builder()\n .input(\"secret-data.pfx\")\n .build()).result())\n .isSecretDataBase64(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n secret-basic:\n type: gcp:secretmanager:RegionalSecret\n properties:\n secretId: secret-version\n location: us-central1\n regionalSecretVersionBase64:\n type: gcp:secretmanager:RegionalSecretVersion\n name: regional_secret_version_base64\n properties:\n secret: ${[\"secret-basic\"].id}\n secretData:\n fn::invoke:\n function: std:filebase64\n arguments:\n input: secret-data.pfx\n return: result\n isSecretDataBase64: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Regional Secret Version Disabled\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secret_basic = new gcp.secretmanager.RegionalSecret(\"secret-basic\", {\n secretId: \"secret-version\",\n location: \"us-central1\",\n});\nconst regionalSecretVersionDisabled = new gcp.secretmanager.RegionalSecretVersion(\"regional_secret_version_disabled\", {\n secret: secret_basic.id,\n secretData: \"secret-data\",\n enabled: false,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret_basic = gcp.secretmanager.RegionalSecret(\"secret-basic\",\n secret_id=\"secret-version\",\n location=\"us-central1\")\nregional_secret_version_disabled = gcp.secretmanager.RegionalSecretVersion(\"regional_secret_version_disabled\",\n secret=secret_basic.id,\n secret_data=\"secret-data\",\n enabled=False)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret_basic = new Gcp.SecretManager.RegionalSecret(\"secret-basic\", new()\n {\n SecretId = \"secret-version\",\n Location = \"us-central1\",\n });\n\n var regionalSecretVersionDisabled = new Gcp.SecretManager.RegionalSecretVersion(\"regional_secret_version_disabled\", new()\n {\n Secret = secret_basic.Id,\n SecretData = \"secret-data\",\n Enabled = false,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecret(ctx, \"secret-basic\", \u0026secretmanager.RegionalSecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret-version\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecretVersion(ctx, \"regional_secret_version_disabled\", \u0026secretmanager.RegionalSecretVersionArgs{\n\t\t\tSecret: secret_basic.ID(),\n\t\t\tSecretData: pulumi.String(\"secret-data\"),\n\t\t\tEnabled: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecret;\nimport com.pulumi.gcp.secretmanager.RegionalSecretArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecretVersion;\nimport com.pulumi.gcp.secretmanager.RegionalSecretVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret_basic = new RegionalSecret(\"secret-basic\", RegionalSecretArgs.builder()\n .secretId(\"secret-version\")\n .location(\"us-central1\")\n .build());\n\n var regionalSecretVersionDisabled = new RegionalSecretVersion(\"regionalSecretVersionDisabled\", RegionalSecretVersionArgs.builder()\n .secret(secret_basic.id())\n .secretData(\"secret-data\")\n .enabled(false)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n secret-basic:\n type: gcp:secretmanager:RegionalSecret\n properties:\n secretId: secret-version\n location: us-central1\n regionalSecretVersionDisabled:\n type: gcp:secretmanager:RegionalSecretVersion\n name: regional_secret_version_disabled\n properties:\n secret: ${[\"secret-basic\"].id}\n secretData: secret-data\n enabled: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Regional Secret Version Deletion Policy Abandon\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secret_basic = new gcp.secretmanager.RegionalSecret(\"secret-basic\", {\n secretId: \"secret-version\",\n location: \"us-central1\",\n});\nconst regionalSecretVersionDeletionPolicy = new gcp.secretmanager.RegionalSecretVersion(\"regional_secret_version_deletion_policy\", {\n secret: secret_basic.id,\n secretData: \"secret-data\",\n deletionPolicy: \"ABANDON\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret_basic = gcp.secretmanager.RegionalSecret(\"secret-basic\",\n secret_id=\"secret-version\",\n location=\"us-central1\")\nregional_secret_version_deletion_policy = gcp.secretmanager.RegionalSecretVersion(\"regional_secret_version_deletion_policy\",\n secret=secret_basic.id,\n secret_data=\"secret-data\",\n deletion_policy=\"ABANDON\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret_basic = new Gcp.SecretManager.RegionalSecret(\"secret-basic\", new()\n {\n SecretId = \"secret-version\",\n Location = \"us-central1\",\n });\n\n var regionalSecretVersionDeletionPolicy = new Gcp.SecretManager.RegionalSecretVersion(\"regional_secret_version_deletion_policy\", new()\n {\n Secret = secret_basic.Id,\n SecretData = \"secret-data\",\n DeletionPolicy = \"ABANDON\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecret(ctx, \"secret-basic\", \u0026secretmanager.RegionalSecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret-version\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecretVersion(ctx, \"regional_secret_version_deletion_policy\", \u0026secretmanager.RegionalSecretVersionArgs{\n\t\t\tSecret: secret_basic.ID(),\n\t\t\tSecretData: pulumi.String(\"secret-data\"),\n\t\t\tDeletionPolicy: pulumi.String(\"ABANDON\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecret;\nimport com.pulumi.gcp.secretmanager.RegionalSecretArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecretVersion;\nimport com.pulumi.gcp.secretmanager.RegionalSecretVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret_basic = new RegionalSecret(\"secret-basic\", RegionalSecretArgs.builder()\n .secretId(\"secret-version\")\n .location(\"us-central1\")\n .build());\n\n var regionalSecretVersionDeletionPolicy = new RegionalSecretVersion(\"regionalSecretVersionDeletionPolicy\", RegionalSecretVersionArgs.builder()\n .secret(secret_basic.id())\n .secretData(\"secret-data\")\n .deletionPolicy(\"ABANDON\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n secret-basic:\n type: gcp:secretmanager:RegionalSecret\n properties:\n secretId: secret-version\n location: us-central1\n regionalSecretVersionDeletionPolicy:\n type: gcp:secretmanager:RegionalSecretVersion\n name: regional_secret_version_deletion_policy\n properties:\n secret: ${[\"secret-basic\"].id}\n secretData: secret-data\n deletionPolicy: ABANDON\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Regional Secret Version Deletion Policy Disable\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secret_basic = new gcp.secretmanager.RegionalSecret(\"secret-basic\", {\n secretId: \"secret-version\",\n location: \"us-central1\",\n});\nconst regionalSecretVersionDeletionPolicy = new gcp.secretmanager.RegionalSecretVersion(\"regional_secret_version_deletion_policy\", {\n secret: secret_basic.id,\n secretData: \"secret-data\",\n deletionPolicy: \"DISABLE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret_basic = gcp.secretmanager.RegionalSecret(\"secret-basic\",\n secret_id=\"secret-version\",\n location=\"us-central1\")\nregional_secret_version_deletion_policy = gcp.secretmanager.RegionalSecretVersion(\"regional_secret_version_deletion_policy\",\n secret=secret_basic.id,\n secret_data=\"secret-data\",\n deletion_policy=\"DISABLE\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret_basic = new Gcp.SecretManager.RegionalSecret(\"secret-basic\", new()\n {\n SecretId = \"secret-version\",\n Location = \"us-central1\",\n });\n\n var regionalSecretVersionDeletionPolicy = new Gcp.SecretManager.RegionalSecretVersion(\"regional_secret_version_deletion_policy\", new()\n {\n Secret = secret_basic.Id,\n SecretData = \"secret-data\",\n DeletionPolicy = \"DISABLE\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewRegionalSecret(ctx, \"secret-basic\", \u0026secretmanager.RegionalSecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret-version\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewRegionalSecretVersion(ctx, \"regional_secret_version_deletion_policy\", \u0026secretmanager.RegionalSecretVersionArgs{\n\t\t\tSecret: secret_basic.ID(),\n\t\t\tSecretData: pulumi.String(\"secret-data\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DISABLE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.RegionalSecret;\nimport com.pulumi.gcp.secretmanager.RegionalSecretArgs;\nimport com.pulumi.gcp.secretmanager.RegionalSecretVersion;\nimport com.pulumi.gcp.secretmanager.RegionalSecretVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret_basic = new RegionalSecret(\"secret-basic\", RegionalSecretArgs.builder()\n .secretId(\"secret-version\")\n .location(\"us-central1\")\n .build());\n\n var regionalSecretVersionDeletionPolicy = new RegionalSecretVersion(\"regionalSecretVersionDeletionPolicy\", RegionalSecretVersionArgs.builder()\n .secret(secret_basic.id())\n .secretData(\"secret-data\")\n .deletionPolicy(\"DISABLE\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n secret-basic:\n type: gcp:secretmanager:RegionalSecret\n properties:\n secretId: secret-version\n location: us-central1\n regionalSecretVersionDeletionPolicy:\n type: gcp:secretmanager:RegionalSecretVersion\n name: regional_secret_version_deletion_policy\n properties:\n secret: ${[\"secret-basic\"].id}\n secretData: secret-data\n deletionPolicy: DISABLE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRegionalSecretVersion can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/secrets/{{secret_id}}/versions/{{version}}`\n\nWhen using the `pulumi import` command, RegionalSecretVersion can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:secretmanager/regionalSecretVersion:RegionalSecretVersion default projects/{{project}}/locations/{{location}}/secrets/{{secret_id}}/versions/{{version}}\n```\n\n", "properties": { "createTime": { "type": "string", @@ -256612,7 +256612,7 @@ } }, "gcp:secretmanager/secret:Secret": { - "description": "A Secret is a logical secret whose value and versions can be accessed.\n\n\nTo get more information about Secret, see:\n\n* [API documentation](https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.secrets)\n\n## Example Usage\n\n### Secret Config Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secret_basic = new gcp.secretmanager.Secret(\"secret-basic\", {\n secretId: \"secret\",\n labels: {\n label: \"my-label\",\n },\n replication: {\n userManaged: {\n replicas: [\n {\n location: \"us-central1\",\n },\n {\n location: \"us-east1\",\n },\n ],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret_basic = gcp.secretmanager.Secret(\"secret-basic\",\n secret_id=\"secret\",\n labels={\n \"label\": \"my-label\",\n },\n replication={\n \"user_managed\": {\n \"replicas\": [\n {\n \"location\": \"us-central1\",\n },\n {\n \"location\": \"us-east1\",\n },\n ],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret_basic = new Gcp.SecretManager.Secret(\"secret-basic\", new()\n {\n SecretId = \"secret\",\n Labels = \n {\n { \"label\", \"my-label\" },\n },\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n UserManaged = new Gcp.SecretManager.Inputs.SecretReplicationUserManagedArgs\n {\n Replicas = new[]\n {\n new Gcp.SecretManager.Inputs.SecretReplicationUserManagedReplicaArgs\n {\n Location = \"us-central1\",\n },\n new Gcp.SecretManager.Inputs.SecretReplicationUserManagedReplicaArgs\n {\n Location = \"us-east1\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecret(ctx, \"secret-basic\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label\": pulumi.String(\"my-label\"),\n\t\t\t},\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tUserManaged: \u0026secretmanager.SecretReplicationUserManagedArgs{\n\t\t\t\t\tReplicas: secretmanager.SecretReplicationUserManagedReplicaArray{\n\t\t\t\t\t\t\u0026secretmanager.SecretReplicationUserManagedReplicaArgs{\n\t\t\t\t\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026secretmanager.SecretReplicationUserManagedReplicaArgs{\n\t\t\t\t\t\t\tLocation: pulumi.String(\"us-east1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationUserManagedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret_basic = new Secret(\"secret-basic\", SecretArgs.builder()\n .secretId(\"secret\")\n .labels(Map.of(\"label\", \"my-label\"))\n .replication(SecretReplicationArgs.builder()\n .userManaged(SecretReplicationUserManagedArgs.builder()\n .replicas( \n SecretReplicationUserManagedReplicaArgs.builder()\n .location(\"us-central1\")\n .build(),\n SecretReplicationUserManagedReplicaArgs.builder()\n .location(\"us-east1\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n secret-basic:\n type: gcp:secretmanager:Secret\n properties:\n secretId: secret\n labels:\n label: my-label\n replication:\n userManaged:\n replicas:\n - location: us-central1\n - location: us-east1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Secret With Annotations\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secret_with_annotations = new gcp.secretmanager.Secret(\"secret-with-annotations\", {\n secretId: \"secret\",\n labels: {\n label: \"my-label\",\n },\n annotations: {\n key1: \"someval\",\n key2: \"someval2\",\n key3: \"someval3\",\n key4: \"someval4\",\n key5: \"someval5\",\n },\n replication: {\n auto: {},\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret_with_annotations = gcp.secretmanager.Secret(\"secret-with-annotations\",\n secret_id=\"secret\",\n labels={\n \"label\": \"my-label\",\n },\n annotations={\n \"key1\": \"someval\",\n \"key2\": \"someval2\",\n \"key3\": \"someval3\",\n \"key4\": \"someval4\",\n \"key5\": \"someval5\",\n },\n replication={\n \"auto\": {},\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret_with_annotations = new Gcp.SecretManager.Secret(\"secret-with-annotations\", new()\n {\n SecretId = \"secret\",\n Labels = \n {\n { \"label\", \"my-label\" },\n },\n Annotations = \n {\n { \"key1\", \"someval\" },\n { \"key2\", \"someval2\" },\n { \"key3\", \"someval3\" },\n { \"key4\", \"someval4\" },\n { \"key5\", \"someval5\" },\n },\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecret(ctx, \"secret-with-annotations\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label\": pulumi.String(\"my-label\"),\n\t\t\t},\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"key1\": pulumi.String(\"someval\"),\n\t\t\t\t\"key2\": pulumi.String(\"someval2\"),\n\t\t\t\t\"key3\": pulumi.String(\"someval3\"),\n\t\t\t\t\"key4\": pulumi.String(\"someval4\"),\n\t\t\t\t\"key5\": pulumi.String(\"someval5\"),\n\t\t\t},\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret_with_annotations = new Secret(\"secret-with-annotations\", SecretArgs.builder()\n .secretId(\"secret\")\n .labels(Map.of(\"label\", \"my-label\"))\n .annotations(Map.ofEntries(\n Map.entry(\"key1\", \"someval\"),\n Map.entry(\"key2\", \"someval2\"),\n Map.entry(\"key3\", \"someval3\"),\n Map.entry(\"key4\", \"someval4\"),\n Map.entry(\"key5\", \"someval5\")\n ))\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n secret-with-annotations:\n type: gcp:secretmanager:Secret\n properties:\n secretId: secret\n labels:\n label: my-label\n annotations:\n key1: someval\n key2: someval2\n key3: someval3\n key4: someval4\n key5: someval5\n replication:\n auto: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Secret With Version Destroy Ttl\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secret_with_version_destroy_ttl = new gcp.secretmanager.Secret(\"secret-with-version-destroy-ttl\", {\n secretId: \"secret\",\n versionDestroyTtl: \"2592000s\",\n replication: {\n auto: {},\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret_with_version_destroy_ttl = gcp.secretmanager.Secret(\"secret-with-version-destroy-ttl\",\n secret_id=\"secret\",\n version_destroy_ttl=\"2592000s\",\n replication={\n \"auto\": {},\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret_with_version_destroy_ttl = new Gcp.SecretManager.Secret(\"secret-with-version-destroy-ttl\", new()\n {\n SecretId = \"secret\",\n VersionDestroyTtl = \"2592000s\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecret(ctx, \"secret-with-version-destroy-ttl\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret\"),\n\t\t\tVersionDestroyTtl: pulumi.String(\"2592000s\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret_with_version_destroy_ttl = new Secret(\"secret-with-version-destroy-ttl\", SecretArgs.builder()\n .secretId(\"secret\")\n .versionDestroyTtl(\"2592000s\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n secret-with-version-destroy-ttl:\n type: gcp:secretmanager:Secret\n properties:\n secretId: secret\n versionDestroyTtl: 2592000s\n replication:\n auto: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Secret With Automatic Cmek\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst kms_secret_binding = new gcp.kms.CryptoKeyIAMMember(\"kms-secret-binding\", {\n cryptoKeyId: \"kms-key\",\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com`),\n});\nconst secret_with_automatic_cmek = new gcp.secretmanager.Secret(\"secret-with-automatic-cmek\", {\n secretId: \"secret\",\n replication: {\n auto: {\n customerManagedEncryption: {\n kmsKeyName: \"kms-key\",\n },\n },\n },\n}, {\n dependsOn: [kms_secret_binding],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nkms_secret_binding = gcp.kms.CryptoKeyIAMMember(\"kms-secret-binding\",\n crypto_key_id=\"kms-key\",\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com\")\nsecret_with_automatic_cmek = gcp.secretmanager.Secret(\"secret-with-automatic-cmek\",\n secret_id=\"secret\",\n replication={\n \"auto\": {\n \"customer_managed_encryption\": {\n \"kms_key_name\": \"kms-key\",\n },\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[kms_secret_binding]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var kms_secret_binding = new Gcp.Kms.CryptoKeyIAMMember(\"kms-secret-binding\", new()\n {\n CryptoKeyId = \"kms-key\",\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-secretmanager.iam.gserviceaccount.com\",\n });\n\n var secret_with_automatic_cmek = new Gcp.SecretManager.Secret(\"secret-with-automatic-cmek\", new()\n {\n SecretId = \"secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = new Gcp.SecretManager.Inputs.SecretReplicationAutoArgs\n {\n CustomerManagedEncryption = new Gcp.SecretManager.Inputs.SecretReplicationAutoCustomerManagedEncryptionArgs\n {\n KmsKeyName = \"kms-key\",\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n kms_secret_binding,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewCryptoKeyIAMMember(ctx, \"kms-secret-binding\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.String(\"kms-key\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-secretmanager.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecret(ctx, \"secret-with-automatic-cmek\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{\n\t\t\t\t\tCustomerManagedEncryption: \u0026secretmanager.SecretReplicationAutoCustomerManagedEncryptionArgs{\n\t\t\t\t\t\tKmsKeyName: pulumi.String(\"kms-key\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tkms_secret_binding,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoCustomerManagedEncryptionArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var kms_secret_binding = new CryptoKeyIAMMember(\"kms-secret-binding\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(\"kms-key\")\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-secretmanager.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var secret_with_automatic_cmek = new Secret(\"secret-with-automatic-cmek\", SecretArgs.builder()\n .secretId(\"secret\")\n .replication(SecretReplicationArgs.builder()\n .auto(SecretReplicationAutoArgs.builder()\n .customerManagedEncryption(SecretReplicationAutoCustomerManagedEncryptionArgs.builder()\n .kmsKeyName(\"kms-key\")\n .build())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(kms_secret_binding)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n kms-secret-binding:\n type: gcp:kms:CryptoKeyIAMMember\n properties:\n cryptoKeyId: kms-key\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:service-${project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com\n secret-with-automatic-cmek:\n type: gcp:secretmanager:Secret\n properties:\n secretId: secret\n replication:\n auto:\n customerManagedEncryption:\n kmsKeyName: kms-key\n options:\n dependson:\n - ${[\"kms-secret-binding\"]}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nSecret can be imported using any of these accepted formats:\n\n* `projects/{{project}}/secrets/{{secret_id}}`\n\n* `{{project}}/{{secret_id}}`\n\n* `{{secret_id}}`\n\nWhen using the `pulumi import` command, Secret can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:secretmanager/secret:Secret default projects/{{project}}/secrets/{{secret_id}}\n```\n\n```sh\n$ pulumi import gcp:secretmanager/secret:Secret default {{project}}/{{secret_id}}\n```\n\n```sh\n$ pulumi import gcp:secretmanager/secret:Secret default {{secret_id}}\n```\n\n", + "description": "A Secret is a logical secret whose value and versions can be accessed.\n\n\nTo get more information about Secret, see:\n\n* [API documentation](https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.secrets)\n\n## Example Usage\n\n### Secret Config Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secret_basic = new gcp.secretmanager.Secret(\"secret-basic\", {\n secretId: \"secret\",\n labels: {\n label: \"my-label\",\n },\n replication: {\n userManaged: {\n replicas: [\n {\n location: \"us-central1\",\n },\n {\n location: \"us-east1\",\n },\n ],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret_basic = gcp.secretmanager.Secret(\"secret-basic\",\n secret_id=\"secret\",\n labels={\n \"label\": \"my-label\",\n },\n replication={\n \"user_managed\": {\n \"replicas\": [\n {\n \"location\": \"us-central1\",\n },\n {\n \"location\": \"us-east1\",\n },\n ],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret_basic = new Gcp.SecretManager.Secret(\"secret-basic\", new()\n {\n SecretId = \"secret\",\n Labels = \n {\n { \"label\", \"my-label\" },\n },\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n UserManaged = new Gcp.SecretManager.Inputs.SecretReplicationUserManagedArgs\n {\n Replicas = new[]\n {\n new Gcp.SecretManager.Inputs.SecretReplicationUserManagedReplicaArgs\n {\n Location = \"us-central1\",\n },\n new Gcp.SecretManager.Inputs.SecretReplicationUserManagedReplicaArgs\n {\n Location = \"us-east1\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecret(ctx, \"secret-basic\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label\": pulumi.String(\"my-label\"),\n\t\t\t},\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tUserManaged: \u0026secretmanager.SecretReplicationUserManagedArgs{\n\t\t\t\t\tReplicas: secretmanager.SecretReplicationUserManagedReplicaArray{\n\t\t\t\t\t\t\u0026secretmanager.SecretReplicationUserManagedReplicaArgs{\n\t\t\t\t\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026secretmanager.SecretReplicationUserManagedReplicaArgs{\n\t\t\t\t\t\t\tLocation: pulumi.String(\"us-east1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationUserManagedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret_basic = new Secret(\"secret-basic\", SecretArgs.builder()\n .secretId(\"secret\")\n .labels(Map.of(\"label\", \"my-label\"))\n .replication(SecretReplicationArgs.builder()\n .userManaged(SecretReplicationUserManagedArgs.builder()\n .replicas( \n SecretReplicationUserManagedReplicaArgs.builder()\n .location(\"us-central1\")\n .build(),\n SecretReplicationUserManagedReplicaArgs.builder()\n .location(\"us-east1\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n secret-basic:\n type: gcp:secretmanager:Secret\n properties:\n secretId: secret\n labels:\n label: my-label\n replication:\n userManaged:\n replicas:\n - location: us-central1\n - location: us-east1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Secret With Annotations\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secret_with_annotations = new gcp.secretmanager.Secret(\"secret-with-annotations\", {\n secretId: \"secret\",\n labels: {\n label: \"my-label\",\n },\n annotations: {\n key1: \"someval\",\n key2: \"someval2\",\n key3: \"someval3\",\n key4: \"someval4\",\n key5: \"someval5\",\n },\n replication: {\n auto: {},\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret_with_annotations = gcp.secretmanager.Secret(\"secret-with-annotations\",\n secret_id=\"secret\",\n labels={\n \"label\": \"my-label\",\n },\n annotations={\n \"key1\": \"someval\",\n \"key2\": \"someval2\",\n \"key3\": \"someval3\",\n \"key4\": \"someval4\",\n \"key5\": \"someval5\",\n },\n replication={\n \"auto\": {},\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret_with_annotations = new Gcp.SecretManager.Secret(\"secret-with-annotations\", new()\n {\n SecretId = \"secret\",\n Labels = \n {\n { \"label\", \"my-label\" },\n },\n Annotations = \n {\n { \"key1\", \"someval\" },\n { \"key2\", \"someval2\" },\n { \"key3\", \"someval3\" },\n { \"key4\", \"someval4\" },\n { \"key5\", \"someval5\" },\n },\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecret(ctx, \"secret-with-annotations\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label\": pulumi.String(\"my-label\"),\n\t\t\t},\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"key1\": pulumi.String(\"someval\"),\n\t\t\t\t\"key2\": pulumi.String(\"someval2\"),\n\t\t\t\t\"key3\": pulumi.String(\"someval3\"),\n\t\t\t\t\"key4\": pulumi.String(\"someval4\"),\n\t\t\t\t\"key5\": pulumi.String(\"someval5\"),\n\t\t\t},\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret_with_annotations = new Secret(\"secret-with-annotations\", SecretArgs.builder()\n .secretId(\"secret\")\n .labels(Map.of(\"label\", \"my-label\"))\n .annotations(Map.ofEntries(\n Map.entry(\"key1\", \"someval\"),\n Map.entry(\"key2\", \"someval2\"),\n Map.entry(\"key3\", \"someval3\"),\n Map.entry(\"key4\", \"someval4\"),\n Map.entry(\"key5\", \"someval5\")\n ))\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n secret-with-annotations:\n type: gcp:secretmanager:Secret\n properties:\n secretId: secret\n labels:\n label: my-label\n annotations:\n key1: someval\n key2: someval2\n key3: someval3\n key4: someval4\n key5: someval5\n replication:\n auto: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Secret With Version Destroy Ttl\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secret_with_version_destroy_ttl = new gcp.secretmanager.Secret(\"secret-with-version-destroy-ttl\", {\n secretId: \"secret\",\n versionDestroyTtl: \"2592000s\",\n replication: {\n auto: {},\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret_with_version_destroy_ttl = gcp.secretmanager.Secret(\"secret-with-version-destroy-ttl\",\n secret_id=\"secret\",\n version_destroy_ttl=\"2592000s\",\n replication={\n \"auto\": {},\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret_with_version_destroy_ttl = new Gcp.SecretManager.Secret(\"secret-with-version-destroy-ttl\", new()\n {\n SecretId = \"secret\",\n VersionDestroyTtl = \"2592000s\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecret(ctx, \"secret-with-version-destroy-ttl\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret\"),\n\t\t\tVersionDestroyTtl: pulumi.String(\"2592000s\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret_with_version_destroy_ttl = new Secret(\"secret-with-version-destroy-ttl\", SecretArgs.builder()\n .secretId(\"secret\")\n .versionDestroyTtl(\"2592000s\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n secret-with-version-destroy-ttl:\n type: gcp:secretmanager:Secret\n properties:\n secretId: secret\n versionDestroyTtl: 2592000s\n replication:\n auto: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Secret With Automatic Cmek\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst kms_secret_binding = new gcp.kms.CryptoKeyIAMMember(\"kms-secret-binding\", {\n cryptoKeyId: \"kms-key\",\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com`),\n});\nconst secret_with_automatic_cmek = new gcp.secretmanager.Secret(\"secret-with-automatic-cmek\", {\n secretId: \"secret\",\n replication: {\n auto: {\n customerManagedEncryption: {\n kmsKeyName: \"kms-key\",\n },\n },\n },\n}, {\n dependsOn: [kms_secret_binding],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nkms_secret_binding = gcp.kms.CryptoKeyIAMMember(\"kms-secret-binding\",\n crypto_key_id=\"kms-key\",\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com\")\nsecret_with_automatic_cmek = gcp.secretmanager.Secret(\"secret-with-automatic-cmek\",\n secret_id=\"secret\",\n replication={\n \"auto\": {\n \"customer_managed_encryption\": {\n \"kms_key_name\": \"kms-key\",\n },\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[kms_secret_binding]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var kms_secret_binding = new Gcp.Kms.CryptoKeyIAMMember(\"kms-secret-binding\", new()\n {\n CryptoKeyId = \"kms-key\",\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-secretmanager.iam.gserviceaccount.com\",\n });\n\n var secret_with_automatic_cmek = new Gcp.SecretManager.Secret(\"secret-with-automatic-cmek\", new()\n {\n SecretId = \"secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = new Gcp.SecretManager.Inputs.SecretReplicationAutoArgs\n {\n CustomerManagedEncryption = new Gcp.SecretManager.Inputs.SecretReplicationAutoCustomerManagedEncryptionArgs\n {\n KmsKeyName = \"kms-key\",\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n kms_secret_binding,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewCryptoKeyIAMMember(ctx, \"kms-secret-binding\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.String(\"kms-key\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-secretmanager.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecret(ctx, \"secret-with-automatic-cmek\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{\n\t\t\t\t\tCustomerManagedEncryption: \u0026secretmanager.SecretReplicationAutoCustomerManagedEncryptionArgs{\n\t\t\t\t\t\tKmsKeyName: pulumi.String(\"kms-key\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tkms_secret_binding,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoCustomerManagedEncryptionArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var kms_secret_binding = new CryptoKeyIAMMember(\"kms-secret-binding\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(\"kms-key\")\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-secretmanager.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var secret_with_automatic_cmek = new Secret(\"secret-with-automatic-cmek\", SecretArgs.builder()\n .secretId(\"secret\")\n .replication(SecretReplicationArgs.builder()\n .auto(SecretReplicationAutoArgs.builder()\n .customerManagedEncryption(SecretReplicationAutoCustomerManagedEncryptionArgs.builder()\n .kmsKeyName(\"kms-key\")\n .build())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(kms_secret_binding)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n kms-secret-binding:\n type: gcp:kms:CryptoKeyIAMMember\n properties:\n cryptoKeyId: kms-key\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:service-${project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com\n secret-with-automatic-cmek:\n type: gcp:secretmanager:Secret\n properties:\n secretId: secret\n replication:\n auto:\n customerManagedEncryption:\n kmsKeyName: kms-key\n options:\n dependsOn:\n - ${[\"kms-secret-binding\"]}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nSecret can be imported using any of these accepted formats:\n\n* `projects/{{project}}/secrets/{{secret_id}}`\n\n* `{{project}}/{{secret_id}}`\n\n* `{{secret_id}}`\n\nWhen using the `pulumi import` command, Secret can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:secretmanager/secret:Secret default projects/{{project}}/secrets/{{secret_id}}\n```\n\n```sh\n$ pulumi import gcp:secretmanager/secret:Secret default {{project}}/{{secret_id}}\n```\n\n```sh\n$ pulumi import gcp:secretmanager/secret:Secret default {{secret_id}}\n```\n\n", "properties": { "annotations": { "type": "object", @@ -256871,7 +256871,7 @@ } }, "gcp:secretmanager/secretIamBinding:SecretIamBinding": { - "description": "Three different resources help you manage your IAM policy for Secret Manager Secret. Each of these resources serves a different use case:\n\n* `gcp.secretmanager.SecretIamPolicy`: Authoritative. Sets the IAM policy for the secret and replaces any existing policy already attached.\n* `gcp.secretmanager.SecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the secret are preserved.\n* `gcp.secretmanager.SecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the secret are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.secretmanager.SecretIamPolicy`: Retrieves the IAM policy for the secret\n\n\u003e **Note:** `gcp.secretmanager.SecretIamPolicy` **cannot** be used in conjunction with `gcp.secretmanager.SecretIamBinding` and `gcp.secretmanager.SecretIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.secretmanager.SecretIamBinding` resources **can be** used in conjunction with `gcp.secretmanager.SecretIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.secretmanager.SecretIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.SecretIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.SecretIamBinding(\"binding\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.SecretIamBinding(\"binding\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.SecretIamBinding(\"binding\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamBinding(ctx, \"binding\", \u0026secretmanager.SecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamBinding;\nimport com.pulumi.gcp.secretmanager.SecretIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SecretIamBinding(\"binding\", SecretIamBindingArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:SecretIamBinding\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.SecretIamBinding(\"binding\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.SecretIamBinding(\"binding\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.SecretIamBinding(\"binding\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.SecretManager.Inputs.SecretIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamBinding(ctx, \"binding\", \u0026secretmanager.SecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026secretmanager.SecretIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamBinding;\nimport com.pulumi.gcp.secretmanager.SecretIamBindingArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SecretIamBinding(\"binding\", SecretIamBindingArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(SecretIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:SecretIamBinding\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.SecretIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.SecretIamMember(\"member\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.SecretIamMember(\"member\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.SecretIamMember(\"member\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamMember(ctx, \"member\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SecretIamMember(\"member\", SecretIamMemberArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:SecretIamMember\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.SecretIamMember(\"member\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.SecretIamMember(\"member\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.SecretIamMember(\"member\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.SecretManager.Inputs.SecretIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamMember(ctx, \"member\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026secretmanager.SecretIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SecretIamMember(\"member\", SecretIamMemberArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .condition(SecretIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:SecretIamMember\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Secret Manager Secret\nThree different resources help you manage your IAM policy for Secret Manager Secret. Each of these resources serves a different use case:\n\n* `gcp.secretmanager.SecretIamPolicy`: Authoritative. Sets the IAM policy for the secret and replaces any existing policy already attached.\n* `gcp.secretmanager.SecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the secret are preserved.\n* `gcp.secretmanager.SecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the secret are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.secretmanager.SecretIamPolicy`: Retrieves the IAM policy for the secret\n\n\u003e **Note:** `gcp.secretmanager.SecretIamPolicy` **cannot** be used in conjunction with `gcp.secretmanager.SecretIamBinding` and `gcp.secretmanager.SecretIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.secretmanager.SecretIamBinding` resources **can be** used in conjunction with `gcp.secretmanager.SecretIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.secretmanager.SecretIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.SecretIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.SecretIamBinding(\"binding\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.SecretIamBinding(\"binding\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.SecretIamBinding(\"binding\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamBinding(ctx, \"binding\", \u0026secretmanager.SecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamBinding;\nimport com.pulumi.gcp.secretmanager.SecretIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SecretIamBinding(\"binding\", SecretIamBindingArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:SecretIamBinding\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.SecretIamBinding(\"binding\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.SecretIamBinding(\"binding\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.SecretIamBinding(\"binding\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.SecretManager.Inputs.SecretIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamBinding(ctx, \"binding\", \u0026secretmanager.SecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026secretmanager.SecretIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamBinding;\nimport com.pulumi.gcp.secretmanager.SecretIamBindingArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SecretIamBinding(\"binding\", SecretIamBindingArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(SecretIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:SecretIamBinding\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.SecretIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.SecretIamMember(\"member\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.SecretIamMember(\"member\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.SecretIamMember(\"member\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamMember(ctx, \"member\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SecretIamMember(\"member\", SecretIamMemberArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:SecretIamMember\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.SecretIamMember(\"member\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.SecretIamMember(\"member\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.SecretIamMember(\"member\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.SecretManager.Inputs.SecretIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamMember(ctx, \"member\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026secretmanager.SecretIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SecretIamMember(\"member\", SecretIamMemberArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .condition(SecretIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:SecretIamMember\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/secrets/{{secret_id}}\n\n* {{project}}/{{secret_id}}\n\n* {{secret_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nSecret Manager secret IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamBinding:SecretIamBinding editor \"projects/{{project}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamBinding:SecretIamBinding editor \"projects/{{project}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamBinding:SecretIamBinding editor projects/{{project}}/secrets/{{secret_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Secret Manager Secret. Each of these resources serves a different use case:\n\n* `gcp.secretmanager.SecretIamPolicy`: Authoritative. Sets the IAM policy for the secret and replaces any existing policy already attached.\n* `gcp.secretmanager.SecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the secret are preserved.\n* `gcp.secretmanager.SecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the secret are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.secretmanager.SecretIamPolicy`: Retrieves the IAM policy for the secret\n\n\u003e **Note:** `gcp.secretmanager.SecretIamPolicy` **cannot** be used in conjunction with `gcp.secretmanager.SecretIamBinding` and `gcp.secretmanager.SecretIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.secretmanager.SecretIamBinding` resources **can be** used in conjunction with `gcp.secretmanager.SecretIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.secretmanager.SecretIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.SecretIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.SecretIamBinding(\"binding\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.SecretIamBinding(\"binding\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.SecretIamBinding(\"binding\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamBinding(ctx, \"binding\", \u0026secretmanager.SecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamBinding;\nimport com.pulumi.gcp.secretmanager.SecretIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SecretIamBinding(\"binding\", SecretIamBindingArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:SecretIamBinding\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.SecretIamBinding(\"binding\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.SecretIamBinding(\"binding\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.SecretIamBinding(\"binding\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.SecretManager.Inputs.SecretIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamBinding(ctx, \"binding\", \u0026secretmanager.SecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026secretmanager.SecretIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamBinding;\nimport com.pulumi.gcp.secretmanager.SecretIamBindingArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SecretIamBinding(\"binding\", SecretIamBindingArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(SecretIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:SecretIamBinding\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.SecretIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.SecretIamMember(\"member\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.SecretIamMember(\"member\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.SecretIamMember(\"member\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamMember(ctx, \"member\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SecretIamMember(\"member\", SecretIamMemberArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:SecretIamMember\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.SecretIamMember(\"member\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.SecretIamMember(\"member\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.SecretIamMember(\"member\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.SecretManager.Inputs.SecretIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamMember(ctx, \"member\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026secretmanager.SecretIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SecretIamMember(\"member\", SecretIamMemberArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .condition(SecretIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:SecretIamMember\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Secret Manager Secret\nThree different resources help you manage your IAM policy for Secret Manager Secret. Each of these resources serves a different use case:\n\n* `gcp.secretmanager.SecretIamPolicy`: Authoritative. Sets the IAM policy for the secret and replaces any existing policy already attached.\n* `gcp.secretmanager.SecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the secret are preserved.\n* `gcp.secretmanager.SecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the secret are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.secretmanager.SecretIamPolicy`: Retrieves the IAM policy for the secret\n\n\u003e **Note:** `gcp.secretmanager.SecretIamPolicy` **cannot** be used in conjunction with `gcp.secretmanager.SecretIamBinding` and `gcp.secretmanager.SecretIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.secretmanager.SecretIamBinding` resources **can be** used in conjunction with `gcp.secretmanager.SecretIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.secretmanager.SecretIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.SecretIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.SecretIamBinding(\"binding\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.SecretIamBinding(\"binding\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.SecretIamBinding(\"binding\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamBinding(ctx, \"binding\", \u0026secretmanager.SecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamBinding;\nimport com.pulumi.gcp.secretmanager.SecretIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SecretIamBinding(\"binding\", SecretIamBindingArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:SecretIamBinding\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.SecretIamBinding(\"binding\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.SecretIamBinding(\"binding\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.SecretIamBinding(\"binding\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.SecretManager.Inputs.SecretIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamBinding(ctx, \"binding\", \u0026secretmanager.SecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026secretmanager.SecretIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamBinding;\nimport com.pulumi.gcp.secretmanager.SecretIamBindingArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SecretIamBinding(\"binding\", SecretIamBindingArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(SecretIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:SecretIamBinding\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.SecretIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.SecretIamMember(\"member\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.SecretIamMember(\"member\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.SecretIamMember(\"member\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamMember(ctx, \"member\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SecretIamMember(\"member\", SecretIamMemberArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:SecretIamMember\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.SecretIamMember(\"member\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.SecretIamMember(\"member\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.SecretIamMember(\"member\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.SecretManager.Inputs.SecretIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamMember(ctx, \"member\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026secretmanager.SecretIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SecretIamMember(\"member\", SecretIamMemberArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .condition(SecretIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:SecretIamMember\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/secrets/{{secret_id}}\n\n* {{project}}/{{secret_id}}\n\n* {{secret_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nSecret Manager secret IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamBinding:SecretIamBinding editor \"projects/{{project}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamBinding:SecretIamBinding editor \"projects/{{project}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamBinding:SecretIamBinding editor projects/{{project}}/secrets/{{secret_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:secretmanager/SecretIamBindingCondition:SecretIamBindingCondition", @@ -256978,7 +256978,7 @@ } }, "gcp:secretmanager/secretIamMember:SecretIamMember": { - "description": "Three different resources help you manage your IAM policy for Secret Manager Secret. Each of these resources serves a different use case:\n\n* `gcp.secretmanager.SecretIamPolicy`: Authoritative. Sets the IAM policy for the secret and replaces any existing policy already attached.\n* `gcp.secretmanager.SecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the secret are preserved.\n* `gcp.secretmanager.SecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the secret are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.secretmanager.SecretIamPolicy`: Retrieves the IAM policy for the secret\n\n\u003e **Note:** `gcp.secretmanager.SecretIamPolicy` **cannot** be used in conjunction with `gcp.secretmanager.SecretIamBinding` and `gcp.secretmanager.SecretIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.secretmanager.SecretIamBinding` resources **can be** used in conjunction with `gcp.secretmanager.SecretIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.secretmanager.SecretIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.SecretIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.SecretIamBinding(\"binding\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.SecretIamBinding(\"binding\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.SecretIamBinding(\"binding\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamBinding(ctx, \"binding\", \u0026secretmanager.SecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamBinding;\nimport com.pulumi.gcp.secretmanager.SecretIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SecretIamBinding(\"binding\", SecretIamBindingArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:SecretIamBinding\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.SecretIamBinding(\"binding\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.SecretIamBinding(\"binding\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.SecretIamBinding(\"binding\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.SecretManager.Inputs.SecretIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamBinding(ctx, \"binding\", \u0026secretmanager.SecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026secretmanager.SecretIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamBinding;\nimport com.pulumi.gcp.secretmanager.SecretIamBindingArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SecretIamBinding(\"binding\", SecretIamBindingArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(SecretIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:SecretIamBinding\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.SecretIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.SecretIamMember(\"member\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.SecretIamMember(\"member\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.SecretIamMember(\"member\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamMember(ctx, \"member\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SecretIamMember(\"member\", SecretIamMemberArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:SecretIamMember\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.SecretIamMember(\"member\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.SecretIamMember(\"member\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.SecretIamMember(\"member\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.SecretManager.Inputs.SecretIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamMember(ctx, \"member\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026secretmanager.SecretIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SecretIamMember(\"member\", SecretIamMemberArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .condition(SecretIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:SecretIamMember\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Secret Manager Secret\nThree different resources help you manage your IAM policy for Secret Manager Secret. Each of these resources serves a different use case:\n\n* `gcp.secretmanager.SecretIamPolicy`: Authoritative. Sets the IAM policy for the secret and replaces any existing policy already attached.\n* `gcp.secretmanager.SecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the secret are preserved.\n* `gcp.secretmanager.SecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the secret are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.secretmanager.SecretIamPolicy`: Retrieves the IAM policy for the secret\n\n\u003e **Note:** `gcp.secretmanager.SecretIamPolicy` **cannot** be used in conjunction with `gcp.secretmanager.SecretIamBinding` and `gcp.secretmanager.SecretIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.secretmanager.SecretIamBinding` resources **can be** used in conjunction with `gcp.secretmanager.SecretIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.secretmanager.SecretIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.SecretIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.SecretIamBinding(\"binding\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.SecretIamBinding(\"binding\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.SecretIamBinding(\"binding\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamBinding(ctx, \"binding\", \u0026secretmanager.SecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamBinding;\nimport com.pulumi.gcp.secretmanager.SecretIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SecretIamBinding(\"binding\", SecretIamBindingArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:SecretIamBinding\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.SecretIamBinding(\"binding\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.SecretIamBinding(\"binding\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.SecretIamBinding(\"binding\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.SecretManager.Inputs.SecretIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamBinding(ctx, \"binding\", \u0026secretmanager.SecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026secretmanager.SecretIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamBinding;\nimport com.pulumi.gcp.secretmanager.SecretIamBindingArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SecretIamBinding(\"binding\", SecretIamBindingArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(SecretIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:SecretIamBinding\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.SecretIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.SecretIamMember(\"member\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.SecretIamMember(\"member\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.SecretIamMember(\"member\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamMember(ctx, \"member\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SecretIamMember(\"member\", SecretIamMemberArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:SecretIamMember\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.SecretIamMember(\"member\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.SecretIamMember(\"member\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.SecretIamMember(\"member\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.SecretManager.Inputs.SecretIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamMember(ctx, \"member\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026secretmanager.SecretIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SecretIamMember(\"member\", SecretIamMemberArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .condition(SecretIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:SecretIamMember\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/secrets/{{secret_id}}\n\n* {{project}}/{{secret_id}}\n\n* {{secret_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nSecret Manager secret IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamMember:SecretIamMember editor \"projects/{{project}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamMember:SecretIamMember editor \"projects/{{project}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamMember:SecretIamMember editor projects/{{project}}/secrets/{{secret_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Secret Manager Secret. Each of these resources serves a different use case:\n\n* `gcp.secretmanager.SecretIamPolicy`: Authoritative. Sets the IAM policy for the secret and replaces any existing policy already attached.\n* `gcp.secretmanager.SecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the secret are preserved.\n* `gcp.secretmanager.SecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the secret are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.secretmanager.SecretIamPolicy`: Retrieves the IAM policy for the secret\n\n\u003e **Note:** `gcp.secretmanager.SecretIamPolicy` **cannot** be used in conjunction with `gcp.secretmanager.SecretIamBinding` and `gcp.secretmanager.SecretIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.secretmanager.SecretIamBinding` resources **can be** used in conjunction with `gcp.secretmanager.SecretIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.secretmanager.SecretIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.SecretIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.SecretIamBinding(\"binding\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.SecretIamBinding(\"binding\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.SecretIamBinding(\"binding\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamBinding(ctx, \"binding\", \u0026secretmanager.SecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamBinding;\nimport com.pulumi.gcp.secretmanager.SecretIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SecretIamBinding(\"binding\", SecretIamBindingArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:SecretIamBinding\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.SecretIamBinding(\"binding\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.SecretIamBinding(\"binding\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.SecretIamBinding(\"binding\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.SecretManager.Inputs.SecretIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamBinding(ctx, \"binding\", \u0026secretmanager.SecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026secretmanager.SecretIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamBinding;\nimport com.pulumi.gcp.secretmanager.SecretIamBindingArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SecretIamBinding(\"binding\", SecretIamBindingArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(SecretIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:SecretIamBinding\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.SecretIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.SecretIamMember(\"member\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.SecretIamMember(\"member\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.SecretIamMember(\"member\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamMember(ctx, \"member\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SecretIamMember(\"member\", SecretIamMemberArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:SecretIamMember\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.SecretIamMember(\"member\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.SecretIamMember(\"member\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.SecretIamMember(\"member\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.SecretManager.Inputs.SecretIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamMember(ctx, \"member\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026secretmanager.SecretIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SecretIamMember(\"member\", SecretIamMemberArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .condition(SecretIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:SecretIamMember\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Secret Manager Secret\nThree different resources help you manage your IAM policy for Secret Manager Secret. Each of these resources serves a different use case:\n\n* `gcp.secretmanager.SecretIamPolicy`: Authoritative. Sets the IAM policy for the secret and replaces any existing policy already attached.\n* `gcp.secretmanager.SecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the secret are preserved.\n* `gcp.secretmanager.SecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the secret are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.secretmanager.SecretIamPolicy`: Retrieves the IAM policy for the secret\n\n\u003e **Note:** `gcp.secretmanager.SecretIamPolicy` **cannot** be used in conjunction with `gcp.secretmanager.SecretIamBinding` and `gcp.secretmanager.SecretIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.secretmanager.SecretIamBinding` resources **can be** used in conjunction with `gcp.secretmanager.SecretIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.secretmanager.SecretIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.SecretIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.SecretIamBinding(\"binding\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.SecretIamBinding(\"binding\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.SecretIamBinding(\"binding\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamBinding(ctx, \"binding\", \u0026secretmanager.SecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamBinding;\nimport com.pulumi.gcp.secretmanager.SecretIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SecretIamBinding(\"binding\", SecretIamBindingArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:SecretIamBinding\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.SecretIamBinding(\"binding\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.SecretIamBinding(\"binding\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.SecretIamBinding(\"binding\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.SecretManager.Inputs.SecretIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamBinding(ctx, \"binding\", \u0026secretmanager.SecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026secretmanager.SecretIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamBinding;\nimport com.pulumi.gcp.secretmanager.SecretIamBindingArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SecretIamBinding(\"binding\", SecretIamBindingArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(SecretIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:SecretIamBinding\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.SecretIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.SecretIamMember(\"member\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.SecretIamMember(\"member\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.SecretIamMember(\"member\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamMember(ctx, \"member\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SecretIamMember(\"member\", SecretIamMemberArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:SecretIamMember\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.SecretIamMember(\"member\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.SecretIamMember(\"member\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.SecretIamMember(\"member\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.SecretManager.Inputs.SecretIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamMember(ctx, \"member\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026secretmanager.SecretIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SecretIamMember(\"member\", SecretIamMemberArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .condition(SecretIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:SecretIamMember\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/secrets/{{secret_id}}\n\n* {{project}}/{{secret_id}}\n\n* {{secret_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nSecret Manager secret IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamMember:SecretIamMember editor \"projects/{{project}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamMember:SecretIamMember editor \"projects/{{project}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamMember:SecretIamMember editor projects/{{project}}/secrets/{{secret_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:secretmanager/SecretIamMemberCondition:SecretIamMemberCondition", @@ -257078,7 +257078,7 @@ } }, "gcp:secretmanager/secretIamPolicy:SecretIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Secret Manager Secret. Each of these resources serves a different use case:\n\n* `gcp.secretmanager.SecretIamPolicy`: Authoritative. Sets the IAM policy for the secret and replaces any existing policy already attached.\n* `gcp.secretmanager.SecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the secret are preserved.\n* `gcp.secretmanager.SecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the secret are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.secretmanager.SecretIamPolicy`: Retrieves the IAM policy for the secret\n\n\u003e **Note:** `gcp.secretmanager.SecretIamPolicy` **cannot** be used in conjunction with `gcp.secretmanager.SecretIamBinding` and `gcp.secretmanager.SecretIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.secretmanager.SecretIamBinding` resources **can be** used in conjunction with `gcp.secretmanager.SecretIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.secretmanager.SecretIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.SecretIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.SecretIamBinding(\"binding\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.SecretIamBinding(\"binding\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.SecretIamBinding(\"binding\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamBinding(ctx, \"binding\", \u0026secretmanager.SecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamBinding;\nimport com.pulumi.gcp.secretmanager.SecretIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SecretIamBinding(\"binding\", SecretIamBindingArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:SecretIamBinding\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.SecretIamBinding(\"binding\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.SecretIamBinding(\"binding\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.SecretIamBinding(\"binding\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.SecretManager.Inputs.SecretIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamBinding(ctx, \"binding\", \u0026secretmanager.SecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026secretmanager.SecretIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamBinding;\nimport com.pulumi.gcp.secretmanager.SecretIamBindingArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SecretIamBinding(\"binding\", SecretIamBindingArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(SecretIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:SecretIamBinding\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.SecretIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.SecretIamMember(\"member\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.SecretIamMember(\"member\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.SecretIamMember(\"member\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamMember(ctx, \"member\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SecretIamMember(\"member\", SecretIamMemberArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:SecretIamMember\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.SecretIamMember(\"member\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.SecretIamMember(\"member\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.SecretIamMember(\"member\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.SecretManager.Inputs.SecretIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamMember(ctx, \"member\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026secretmanager.SecretIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SecretIamMember(\"member\", SecretIamMemberArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .condition(SecretIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:SecretIamMember\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Secret Manager Secret\nThree different resources help you manage your IAM policy for Secret Manager Secret. Each of these resources serves a different use case:\n\n* `gcp.secretmanager.SecretIamPolicy`: Authoritative. Sets the IAM policy for the secret and replaces any existing policy already attached.\n* `gcp.secretmanager.SecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the secret are preserved.\n* `gcp.secretmanager.SecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the secret are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.secretmanager.SecretIamPolicy`: Retrieves the IAM policy for the secret\n\n\u003e **Note:** `gcp.secretmanager.SecretIamPolicy` **cannot** be used in conjunction with `gcp.secretmanager.SecretIamBinding` and `gcp.secretmanager.SecretIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.secretmanager.SecretIamBinding` resources **can be** used in conjunction with `gcp.secretmanager.SecretIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.secretmanager.SecretIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.SecretIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.SecretIamBinding(\"binding\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.SecretIamBinding(\"binding\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.SecretIamBinding(\"binding\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamBinding(ctx, \"binding\", \u0026secretmanager.SecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamBinding;\nimport com.pulumi.gcp.secretmanager.SecretIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SecretIamBinding(\"binding\", SecretIamBindingArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:SecretIamBinding\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.SecretIamBinding(\"binding\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.SecretIamBinding(\"binding\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.SecretIamBinding(\"binding\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.SecretManager.Inputs.SecretIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamBinding(ctx, \"binding\", \u0026secretmanager.SecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026secretmanager.SecretIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamBinding;\nimport com.pulumi.gcp.secretmanager.SecretIamBindingArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SecretIamBinding(\"binding\", SecretIamBindingArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(SecretIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:SecretIamBinding\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.SecretIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.SecretIamMember(\"member\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.SecretIamMember(\"member\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.SecretIamMember(\"member\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamMember(ctx, \"member\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SecretIamMember(\"member\", SecretIamMemberArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:SecretIamMember\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.SecretIamMember(\"member\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.SecretIamMember(\"member\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.SecretIamMember(\"member\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.SecretManager.Inputs.SecretIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamMember(ctx, \"member\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026secretmanager.SecretIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SecretIamMember(\"member\", SecretIamMemberArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .condition(SecretIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:SecretIamMember\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/secrets/{{secret_id}}\n\n* {{project}}/{{secret_id}}\n\n* {{secret_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nSecret Manager secret IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamPolicy:SecretIamPolicy editor \"projects/{{project}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamPolicy:SecretIamPolicy editor \"projects/{{project}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamPolicy:SecretIamPolicy editor projects/{{project}}/secrets/{{secret_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Secret Manager Secret. Each of these resources serves a different use case:\n\n* `gcp.secretmanager.SecretIamPolicy`: Authoritative. Sets the IAM policy for the secret and replaces any existing policy already attached.\n* `gcp.secretmanager.SecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the secret are preserved.\n* `gcp.secretmanager.SecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the secret are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.secretmanager.SecretIamPolicy`: Retrieves the IAM policy for the secret\n\n\u003e **Note:** `gcp.secretmanager.SecretIamPolicy` **cannot** be used in conjunction with `gcp.secretmanager.SecretIamBinding` and `gcp.secretmanager.SecretIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.secretmanager.SecretIamBinding` resources **can be** used in conjunction with `gcp.secretmanager.SecretIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.secretmanager.SecretIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.SecretIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.SecretIamBinding(\"binding\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.SecretIamBinding(\"binding\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.SecretIamBinding(\"binding\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamBinding(ctx, \"binding\", \u0026secretmanager.SecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamBinding;\nimport com.pulumi.gcp.secretmanager.SecretIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SecretIamBinding(\"binding\", SecretIamBindingArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:SecretIamBinding\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.SecretIamBinding(\"binding\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.SecretIamBinding(\"binding\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.SecretIamBinding(\"binding\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.SecretManager.Inputs.SecretIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamBinding(ctx, \"binding\", \u0026secretmanager.SecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026secretmanager.SecretIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamBinding;\nimport com.pulumi.gcp.secretmanager.SecretIamBindingArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SecretIamBinding(\"binding\", SecretIamBindingArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(SecretIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:SecretIamBinding\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.SecretIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.SecretIamMember(\"member\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.SecretIamMember(\"member\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.SecretIamMember(\"member\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamMember(ctx, \"member\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SecretIamMember(\"member\", SecretIamMemberArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:SecretIamMember\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.SecretIamMember(\"member\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.SecretIamMember(\"member\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.SecretIamMember(\"member\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.SecretManager.Inputs.SecretIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamMember(ctx, \"member\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026secretmanager.SecretIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SecretIamMember(\"member\", SecretIamMemberArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .condition(SecretIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:SecretIamMember\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Secret Manager Secret\nThree different resources help you manage your IAM policy for Secret Manager Secret. Each of these resources serves a different use case:\n\n* `gcp.secretmanager.SecretIamPolicy`: Authoritative. Sets the IAM policy for the secret and replaces any existing policy already attached.\n* `gcp.secretmanager.SecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the secret are preserved.\n* `gcp.secretmanager.SecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the secret are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.secretmanager.SecretIamPolicy`: Retrieves the IAM policy for the secret\n\n\u003e **Note:** `gcp.secretmanager.SecretIamPolicy` **cannot** be used in conjunction with `gcp.secretmanager.SecretIamBinding` and `gcp.secretmanager.SecretIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.secretmanager.SecretIamBinding` resources **can be** used in conjunction with `gcp.secretmanager.SecretIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.secretmanager.SecretIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/secretmanager.secretAccessor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.SecretIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.SecretIamBinding(\"binding\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.SecretIamBinding(\"binding\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.SecretIamBinding(\"binding\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamBinding(ctx, \"binding\", \u0026secretmanager.SecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamBinding;\nimport com.pulumi.gcp.secretmanager.SecretIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SecretIamBinding(\"binding\", SecretIamBindingArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:SecretIamBinding\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.SecretIamBinding(\"binding\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.SecretIamBinding(\"binding\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.SecretIamBinding(\"binding\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.SecretManager.Inputs.SecretIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamBinding(ctx, \"binding\", \u0026secretmanager.SecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026secretmanager.SecretIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamBinding;\nimport com.pulumi.gcp.secretmanager.SecretIamBindingArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SecretIamBinding(\"binding\", SecretIamBindingArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .condition(SecretIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:SecretIamBinding\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.secretmanager.SecretIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.SecretIamMember(\"member\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.SecretIamMember(\"member\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.SecretIamMember(\"member\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamMember(ctx, \"member\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SecretIamMember(\"member\", SecretIamMemberArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:SecretIamMember\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.SecretIamMember(\"member\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.SecretIamMember(\"member\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.SecretIamMember(\"member\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.SecretManager.Inputs.SecretIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamMember(ctx, \"member\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026secretmanager.SecretIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SecretIamMember(\"member\", SecretIamMemberArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .condition(SecretIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:SecretIamMember\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/secrets/{{secret_id}}\n\n* {{project}}/{{secret_id}}\n\n* {{secret_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nSecret Manager secret IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamPolicy:SecretIamPolicy editor \"projects/{{project}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamPolicy:SecretIamPolicy editor \"projects/{{project}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamPolicy:SecretIamPolicy editor projects/{{project}}/secrets/{{secret_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -257146,7 +257146,7 @@ } }, "gcp:secretmanager/secretVersion:SecretVersion": { - "description": "A secret version resource.\n\n\n\n\n\n## Example Usage\n\n### Secret Version Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secret_basic = new gcp.secretmanager.Secret(\"secret-basic\", {\n secretId: \"secret-version\",\n labels: {\n label: \"my-label\",\n },\n replication: {\n auto: {},\n },\n});\nconst secret_version_basic = new gcp.secretmanager.SecretVersion(\"secret-version-basic\", {\n secret: secret_basic.id,\n secretData: \"secret-data\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret_basic = gcp.secretmanager.Secret(\"secret-basic\",\n secret_id=\"secret-version\",\n labels={\n \"label\": \"my-label\",\n },\n replication={\n \"auto\": {},\n })\nsecret_version_basic = gcp.secretmanager.SecretVersion(\"secret-version-basic\",\n secret=secret_basic.id,\n secret_data=\"secret-data\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret_basic = new Gcp.SecretManager.Secret(\"secret-basic\", new()\n {\n SecretId = \"secret-version\",\n Labels = \n {\n { \"label\", \"my-label\" },\n },\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var secret_version_basic = new Gcp.SecretManager.SecretVersion(\"secret-version-basic\", new()\n {\n Secret = secret_basic.Id,\n SecretData = \"secret-data\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecret(ctx, \"secret-basic\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret-version\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label\": pulumi.String(\"my-label\"),\n\t\t\t},\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"secret-version-basic\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: secret_basic.ID(),\n\t\t\tSecretData: pulumi.String(\"secret-data\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret_basic = new Secret(\"secret-basic\", SecretArgs.builder()\n .secretId(\"secret-version\")\n .labels(Map.of(\"label\", \"my-label\"))\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var secret_version_basic = new SecretVersion(\"secret-version-basic\", SecretVersionArgs.builder()\n .secret(secret_basic.id())\n .secretData(\"secret-data\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n secret-basic:\n type: gcp:secretmanager:Secret\n properties:\n secretId: secret-version\n labels:\n label: my-label\n replication:\n auto: {}\n secret-version-basic:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${[\"secret-basic\"].id}\n secretData: secret-data\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Secret Version Deletion Policy Abandon\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secret_basic = new gcp.secretmanager.Secret(\"secret-basic\", {\n secretId: \"secret-version\",\n replication: {\n userManaged: {\n replicas: [{\n location: \"us-central1\",\n }],\n },\n },\n});\nconst secret_version_deletion_policy = new gcp.secretmanager.SecretVersion(\"secret-version-deletion-policy\", {\n secret: secret_basic.id,\n secretData: \"secret-data\",\n deletionPolicy: \"ABANDON\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret_basic = gcp.secretmanager.Secret(\"secret-basic\",\n secret_id=\"secret-version\",\n replication={\n \"user_managed\": {\n \"replicas\": [{\n \"location\": \"us-central1\",\n }],\n },\n })\nsecret_version_deletion_policy = gcp.secretmanager.SecretVersion(\"secret-version-deletion-policy\",\n secret=secret_basic.id,\n secret_data=\"secret-data\",\n deletion_policy=\"ABANDON\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret_basic = new Gcp.SecretManager.Secret(\"secret-basic\", new()\n {\n SecretId = \"secret-version\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n UserManaged = new Gcp.SecretManager.Inputs.SecretReplicationUserManagedArgs\n {\n Replicas = new[]\n {\n new Gcp.SecretManager.Inputs.SecretReplicationUserManagedReplicaArgs\n {\n Location = \"us-central1\",\n },\n },\n },\n },\n });\n\n var secret_version_deletion_policy = new Gcp.SecretManager.SecretVersion(\"secret-version-deletion-policy\", new()\n {\n Secret = secret_basic.Id,\n SecretData = \"secret-data\",\n DeletionPolicy = \"ABANDON\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecret(ctx, \"secret-basic\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret-version\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tUserManaged: \u0026secretmanager.SecretReplicationUserManagedArgs{\n\t\t\t\t\tReplicas: secretmanager.SecretReplicationUserManagedReplicaArray{\n\t\t\t\t\t\t\u0026secretmanager.SecretReplicationUserManagedReplicaArgs{\n\t\t\t\t\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"secret-version-deletion-policy\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: secret_basic.ID(),\n\t\t\tSecretData: pulumi.String(\"secret-data\"),\n\t\t\tDeletionPolicy: pulumi.String(\"ABANDON\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationUserManagedArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret_basic = new Secret(\"secret-basic\", SecretArgs.builder()\n .secretId(\"secret-version\")\n .replication(SecretReplicationArgs.builder()\n .userManaged(SecretReplicationUserManagedArgs.builder()\n .replicas(SecretReplicationUserManagedReplicaArgs.builder()\n .location(\"us-central1\")\n .build())\n .build())\n .build())\n .build());\n\n var secret_version_deletion_policy = new SecretVersion(\"secret-version-deletion-policy\", SecretVersionArgs.builder()\n .secret(secret_basic.id())\n .secretData(\"secret-data\")\n .deletionPolicy(\"ABANDON\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n secret-basic:\n type: gcp:secretmanager:Secret\n properties:\n secretId: secret-version\n replication:\n userManaged:\n replicas:\n - location: us-central1\n secret-version-deletion-policy:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${[\"secret-basic\"].id}\n secretData: secret-data\n deletionPolicy: ABANDON\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Secret Version Deletion Policy Disable\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secret_basic = new gcp.secretmanager.Secret(\"secret-basic\", {\n secretId: \"secret-version\",\n replication: {\n userManaged: {\n replicas: [{\n location: \"us-central1\",\n }],\n },\n },\n});\nconst secret_version_deletion_policy = new gcp.secretmanager.SecretVersion(\"secret-version-deletion-policy\", {\n secret: secret_basic.id,\n secretData: \"secret-data\",\n deletionPolicy: \"DISABLE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret_basic = gcp.secretmanager.Secret(\"secret-basic\",\n secret_id=\"secret-version\",\n replication={\n \"user_managed\": {\n \"replicas\": [{\n \"location\": \"us-central1\",\n }],\n },\n })\nsecret_version_deletion_policy = gcp.secretmanager.SecretVersion(\"secret-version-deletion-policy\",\n secret=secret_basic.id,\n secret_data=\"secret-data\",\n deletion_policy=\"DISABLE\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret_basic = new Gcp.SecretManager.Secret(\"secret-basic\", new()\n {\n SecretId = \"secret-version\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n UserManaged = new Gcp.SecretManager.Inputs.SecretReplicationUserManagedArgs\n {\n Replicas = new[]\n {\n new Gcp.SecretManager.Inputs.SecretReplicationUserManagedReplicaArgs\n {\n Location = \"us-central1\",\n },\n },\n },\n },\n });\n\n var secret_version_deletion_policy = new Gcp.SecretManager.SecretVersion(\"secret-version-deletion-policy\", new()\n {\n Secret = secret_basic.Id,\n SecretData = \"secret-data\",\n DeletionPolicy = \"DISABLE\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecret(ctx, \"secret-basic\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret-version\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tUserManaged: \u0026secretmanager.SecretReplicationUserManagedArgs{\n\t\t\t\t\tReplicas: secretmanager.SecretReplicationUserManagedReplicaArray{\n\t\t\t\t\t\t\u0026secretmanager.SecretReplicationUserManagedReplicaArgs{\n\t\t\t\t\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"secret-version-deletion-policy\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: secret_basic.ID(),\n\t\t\tSecretData: pulumi.String(\"secret-data\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DISABLE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationUserManagedArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret_basic = new Secret(\"secret-basic\", SecretArgs.builder()\n .secretId(\"secret-version\")\n .replication(SecretReplicationArgs.builder()\n .userManaged(SecretReplicationUserManagedArgs.builder()\n .replicas(SecretReplicationUserManagedReplicaArgs.builder()\n .location(\"us-central1\")\n .build())\n .build())\n .build())\n .build());\n\n var secret_version_deletion_policy = new SecretVersion(\"secret-version-deletion-policy\", SecretVersionArgs.builder()\n .secret(secret_basic.id())\n .secretData(\"secret-data\")\n .deletionPolicy(\"DISABLE\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n secret-basic:\n type: gcp:secretmanager:Secret\n properties:\n secretId: secret-version\n replication:\n userManaged:\n replicas:\n - location: us-central1\n secret-version-deletion-policy:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${[\"secret-basic\"].id}\n secretData: secret-data\n deletionPolicy: DISABLE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Secret Version With Base64 String Secret Data\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst secret_basic = new gcp.secretmanager.Secret(\"secret-basic\", {\n secretId: \"secret-version\",\n replication: {\n userManaged: {\n replicas: [{\n location: \"us-central1\",\n }],\n },\n },\n});\nconst secret_version_base64 = new gcp.secretmanager.SecretVersion(\"secret-version-base64\", {\n secret: secret_basic.id,\n isSecretDataBase64: true,\n secretData: std.filebase64({\n input: \"secret-data.pfx\",\n }).then(invoke =\u003e invoke.result),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nsecret_basic = gcp.secretmanager.Secret(\"secret-basic\",\n secret_id=\"secret-version\",\n replication={\n \"user_managed\": {\n \"replicas\": [{\n \"location\": \"us-central1\",\n }],\n },\n })\nsecret_version_base64 = gcp.secretmanager.SecretVersion(\"secret-version-base64\",\n secret=secret_basic.id,\n is_secret_data_base64=True,\n secret_data=std.filebase64(input=\"secret-data.pfx\").result)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret_basic = new Gcp.SecretManager.Secret(\"secret-basic\", new()\n {\n SecretId = \"secret-version\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n UserManaged = new Gcp.SecretManager.Inputs.SecretReplicationUserManagedArgs\n {\n Replicas = new[]\n {\n new Gcp.SecretManager.Inputs.SecretReplicationUserManagedReplicaArgs\n {\n Location = \"us-central1\",\n },\n },\n },\n },\n });\n\n var secret_version_base64 = new Gcp.SecretManager.SecretVersion(\"secret-version-base64\", new()\n {\n Secret = secret_basic.Id,\n IsSecretDataBase64 = true,\n SecretData = Std.Filebase64.Invoke(new()\n {\n Input = \"secret-data.pfx\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecret(ctx, \"secret-basic\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret-version\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tUserManaged: \u0026secretmanager.SecretReplicationUserManagedArgs{\n\t\t\t\t\tReplicas: secretmanager.SecretReplicationUserManagedReplicaArray{\n\t\t\t\t\t\t\u0026secretmanager.SecretReplicationUserManagedReplicaArgs{\n\t\t\t\t\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFilebase64, err := std.Filebase64(ctx, \u0026std.Filebase64Args{\n\t\t\tInput: \"secret-data.pfx\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"secret-version-base64\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: secret_basic.ID(),\n\t\t\tIsSecretDataBase64: pulumi.Bool(true),\n\t\t\tSecretData: pulumi.String(invokeFilebase64.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationUserManagedArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret_basic = new Secret(\"secret-basic\", SecretArgs.builder()\n .secretId(\"secret-version\")\n .replication(SecretReplicationArgs.builder()\n .userManaged(SecretReplicationUserManagedArgs.builder()\n .replicas(SecretReplicationUserManagedReplicaArgs.builder()\n .location(\"us-central1\")\n .build())\n .build())\n .build())\n .build());\n\n var secret_version_base64 = new SecretVersion(\"secret-version-base64\", SecretVersionArgs.builder()\n .secret(secret_basic.id())\n .isSecretDataBase64(true)\n .secretData(StdFunctions.filebase64(Filebase64Args.builder()\n .input(\"secret-data.pfx\")\n .build()).result())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n secret-basic:\n type: gcp:secretmanager:Secret\n properties:\n secretId: secret-version\n replication:\n userManaged:\n replicas:\n - location: us-central1\n secret-version-base64:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${[\"secret-basic\"].id}\n isSecretDataBase64: true\n secretData:\n fn::invoke:\n Function: std:filebase64\n Arguments:\n input: secret-data.pfx\n Return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nSecretVersion can be imported using any of these accepted formats:\n\n* `projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}`\n\nWhen using the `pulumi import` command, SecretVersion can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:secretmanager/secretVersion:SecretVersion default projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}\n```\n\n", + "description": "A secret version resource.\n\n\n\n\n\n## Example Usage\n\n### Secret Version Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secret_basic = new gcp.secretmanager.Secret(\"secret-basic\", {\n secretId: \"secret-version\",\n labels: {\n label: \"my-label\",\n },\n replication: {\n auto: {},\n },\n});\nconst secret_version_basic = new gcp.secretmanager.SecretVersion(\"secret-version-basic\", {\n secret: secret_basic.id,\n secretData: \"secret-data\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret_basic = gcp.secretmanager.Secret(\"secret-basic\",\n secret_id=\"secret-version\",\n labels={\n \"label\": \"my-label\",\n },\n replication={\n \"auto\": {},\n })\nsecret_version_basic = gcp.secretmanager.SecretVersion(\"secret-version-basic\",\n secret=secret_basic.id,\n secret_data=\"secret-data\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret_basic = new Gcp.SecretManager.Secret(\"secret-basic\", new()\n {\n SecretId = \"secret-version\",\n Labels = \n {\n { \"label\", \"my-label\" },\n },\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var secret_version_basic = new Gcp.SecretManager.SecretVersion(\"secret-version-basic\", new()\n {\n Secret = secret_basic.Id,\n SecretData = \"secret-data\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecret(ctx, \"secret-basic\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret-version\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label\": pulumi.String(\"my-label\"),\n\t\t\t},\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"secret-version-basic\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: secret_basic.ID(),\n\t\t\tSecretData: pulumi.String(\"secret-data\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret_basic = new Secret(\"secret-basic\", SecretArgs.builder()\n .secretId(\"secret-version\")\n .labels(Map.of(\"label\", \"my-label\"))\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var secret_version_basic = new SecretVersion(\"secret-version-basic\", SecretVersionArgs.builder()\n .secret(secret_basic.id())\n .secretData(\"secret-data\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n secret-basic:\n type: gcp:secretmanager:Secret\n properties:\n secretId: secret-version\n labels:\n label: my-label\n replication:\n auto: {}\n secret-version-basic:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${[\"secret-basic\"].id}\n secretData: secret-data\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Secret Version Deletion Policy Abandon\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secret_basic = new gcp.secretmanager.Secret(\"secret-basic\", {\n secretId: \"secret-version\",\n replication: {\n userManaged: {\n replicas: [{\n location: \"us-central1\",\n }],\n },\n },\n});\nconst secret_version_deletion_policy = new gcp.secretmanager.SecretVersion(\"secret-version-deletion-policy\", {\n secret: secret_basic.id,\n secretData: \"secret-data\",\n deletionPolicy: \"ABANDON\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret_basic = gcp.secretmanager.Secret(\"secret-basic\",\n secret_id=\"secret-version\",\n replication={\n \"user_managed\": {\n \"replicas\": [{\n \"location\": \"us-central1\",\n }],\n },\n })\nsecret_version_deletion_policy = gcp.secretmanager.SecretVersion(\"secret-version-deletion-policy\",\n secret=secret_basic.id,\n secret_data=\"secret-data\",\n deletion_policy=\"ABANDON\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret_basic = new Gcp.SecretManager.Secret(\"secret-basic\", new()\n {\n SecretId = \"secret-version\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n UserManaged = new Gcp.SecretManager.Inputs.SecretReplicationUserManagedArgs\n {\n Replicas = new[]\n {\n new Gcp.SecretManager.Inputs.SecretReplicationUserManagedReplicaArgs\n {\n Location = \"us-central1\",\n },\n },\n },\n },\n });\n\n var secret_version_deletion_policy = new Gcp.SecretManager.SecretVersion(\"secret-version-deletion-policy\", new()\n {\n Secret = secret_basic.Id,\n SecretData = \"secret-data\",\n DeletionPolicy = \"ABANDON\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecret(ctx, \"secret-basic\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret-version\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tUserManaged: \u0026secretmanager.SecretReplicationUserManagedArgs{\n\t\t\t\t\tReplicas: secretmanager.SecretReplicationUserManagedReplicaArray{\n\t\t\t\t\t\t\u0026secretmanager.SecretReplicationUserManagedReplicaArgs{\n\t\t\t\t\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"secret-version-deletion-policy\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: secret_basic.ID(),\n\t\t\tSecretData: pulumi.String(\"secret-data\"),\n\t\t\tDeletionPolicy: pulumi.String(\"ABANDON\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationUserManagedArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret_basic = new Secret(\"secret-basic\", SecretArgs.builder()\n .secretId(\"secret-version\")\n .replication(SecretReplicationArgs.builder()\n .userManaged(SecretReplicationUserManagedArgs.builder()\n .replicas(SecretReplicationUserManagedReplicaArgs.builder()\n .location(\"us-central1\")\n .build())\n .build())\n .build())\n .build());\n\n var secret_version_deletion_policy = new SecretVersion(\"secret-version-deletion-policy\", SecretVersionArgs.builder()\n .secret(secret_basic.id())\n .secretData(\"secret-data\")\n .deletionPolicy(\"ABANDON\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n secret-basic:\n type: gcp:secretmanager:Secret\n properties:\n secretId: secret-version\n replication:\n userManaged:\n replicas:\n - location: us-central1\n secret-version-deletion-policy:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${[\"secret-basic\"].id}\n secretData: secret-data\n deletionPolicy: ABANDON\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Secret Version Deletion Policy Disable\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secret_basic = new gcp.secretmanager.Secret(\"secret-basic\", {\n secretId: \"secret-version\",\n replication: {\n userManaged: {\n replicas: [{\n location: \"us-central1\",\n }],\n },\n },\n});\nconst secret_version_deletion_policy = new gcp.secretmanager.SecretVersion(\"secret-version-deletion-policy\", {\n secret: secret_basic.id,\n secretData: \"secret-data\",\n deletionPolicy: \"DISABLE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret_basic = gcp.secretmanager.Secret(\"secret-basic\",\n secret_id=\"secret-version\",\n replication={\n \"user_managed\": {\n \"replicas\": [{\n \"location\": \"us-central1\",\n }],\n },\n })\nsecret_version_deletion_policy = gcp.secretmanager.SecretVersion(\"secret-version-deletion-policy\",\n secret=secret_basic.id,\n secret_data=\"secret-data\",\n deletion_policy=\"DISABLE\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret_basic = new Gcp.SecretManager.Secret(\"secret-basic\", new()\n {\n SecretId = \"secret-version\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n UserManaged = new Gcp.SecretManager.Inputs.SecretReplicationUserManagedArgs\n {\n Replicas = new[]\n {\n new Gcp.SecretManager.Inputs.SecretReplicationUserManagedReplicaArgs\n {\n Location = \"us-central1\",\n },\n },\n },\n },\n });\n\n var secret_version_deletion_policy = new Gcp.SecretManager.SecretVersion(\"secret-version-deletion-policy\", new()\n {\n Secret = secret_basic.Id,\n SecretData = \"secret-data\",\n DeletionPolicy = \"DISABLE\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecret(ctx, \"secret-basic\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret-version\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tUserManaged: \u0026secretmanager.SecretReplicationUserManagedArgs{\n\t\t\t\t\tReplicas: secretmanager.SecretReplicationUserManagedReplicaArray{\n\t\t\t\t\t\t\u0026secretmanager.SecretReplicationUserManagedReplicaArgs{\n\t\t\t\t\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"secret-version-deletion-policy\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: secret_basic.ID(),\n\t\t\tSecretData: pulumi.String(\"secret-data\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DISABLE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationUserManagedArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret_basic = new Secret(\"secret-basic\", SecretArgs.builder()\n .secretId(\"secret-version\")\n .replication(SecretReplicationArgs.builder()\n .userManaged(SecretReplicationUserManagedArgs.builder()\n .replicas(SecretReplicationUserManagedReplicaArgs.builder()\n .location(\"us-central1\")\n .build())\n .build())\n .build())\n .build());\n\n var secret_version_deletion_policy = new SecretVersion(\"secret-version-deletion-policy\", SecretVersionArgs.builder()\n .secret(secret_basic.id())\n .secretData(\"secret-data\")\n .deletionPolicy(\"DISABLE\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n secret-basic:\n type: gcp:secretmanager:Secret\n properties:\n secretId: secret-version\n replication:\n userManaged:\n replicas:\n - location: us-central1\n secret-version-deletion-policy:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${[\"secret-basic\"].id}\n secretData: secret-data\n deletionPolicy: DISABLE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Secret Version With Base64 String Secret Data\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst secret_basic = new gcp.secretmanager.Secret(\"secret-basic\", {\n secretId: \"secret-version\",\n replication: {\n userManaged: {\n replicas: [{\n location: \"us-central1\",\n }],\n },\n },\n});\nconst secret_version_base64 = new gcp.secretmanager.SecretVersion(\"secret-version-base64\", {\n secret: secret_basic.id,\n isSecretDataBase64: true,\n secretData: std.filebase64({\n input: \"secret-data.pfx\",\n }).then(invoke =\u003e invoke.result),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nsecret_basic = gcp.secretmanager.Secret(\"secret-basic\",\n secret_id=\"secret-version\",\n replication={\n \"user_managed\": {\n \"replicas\": [{\n \"location\": \"us-central1\",\n }],\n },\n })\nsecret_version_base64 = gcp.secretmanager.SecretVersion(\"secret-version-base64\",\n secret=secret_basic.id,\n is_secret_data_base64=True,\n secret_data=std.filebase64(input=\"secret-data.pfx\").result)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret_basic = new Gcp.SecretManager.Secret(\"secret-basic\", new()\n {\n SecretId = \"secret-version\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n UserManaged = new Gcp.SecretManager.Inputs.SecretReplicationUserManagedArgs\n {\n Replicas = new[]\n {\n new Gcp.SecretManager.Inputs.SecretReplicationUserManagedReplicaArgs\n {\n Location = \"us-central1\",\n },\n },\n },\n },\n });\n\n var secret_version_base64 = new Gcp.SecretManager.SecretVersion(\"secret-version-base64\", new()\n {\n Secret = secret_basic.Id,\n IsSecretDataBase64 = true,\n SecretData = Std.Filebase64.Invoke(new()\n {\n Input = \"secret-data.pfx\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecret(ctx, \"secret-basic\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret-version\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tUserManaged: \u0026secretmanager.SecretReplicationUserManagedArgs{\n\t\t\t\t\tReplicas: secretmanager.SecretReplicationUserManagedReplicaArray{\n\t\t\t\t\t\t\u0026secretmanager.SecretReplicationUserManagedReplicaArgs{\n\t\t\t\t\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFilebase64, err := std.Filebase64(ctx, \u0026std.Filebase64Args{\n\t\t\tInput: \"secret-data.pfx\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"secret-version-base64\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: secret_basic.ID(),\n\t\t\tIsSecretDataBase64: pulumi.Bool(true),\n\t\t\tSecretData: pulumi.String(invokeFilebase64.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationUserManagedArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret_basic = new Secret(\"secret-basic\", SecretArgs.builder()\n .secretId(\"secret-version\")\n .replication(SecretReplicationArgs.builder()\n .userManaged(SecretReplicationUserManagedArgs.builder()\n .replicas(SecretReplicationUserManagedReplicaArgs.builder()\n .location(\"us-central1\")\n .build())\n .build())\n .build())\n .build());\n\n var secret_version_base64 = new SecretVersion(\"secret-version-base64\", SecretVersionArgs.builder()\n .secret(secret_basic.id())\n .isSecretDataBase64(true)\n .secretData(StdFunctions.filebase64(Filebase64Args.builder()\n .input(\"secret-data.pfx\")\n .build()).result())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n secret-basic:\n type: gcp:secretmanager:Secret\n properties:\n secretId: secret-version\n replication:\n userManaged:\n replicas:\n - location: us-central1\n secret-version-base64:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${[\"secret-basic\"].id}\n isSecretDataBase64: true\n secretData:\n fn::invoke:\n function: std:filebase64\n arguments:\n input: secret-data.pfx\n return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nSecretVersion can be imported using any of these accepted formats:\n\n* `projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}`\n\nWhen using the `pulumi import` command, SecretVersion can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:secretmanager/secretVersion:SecretVersion default projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}\n```\n\n", "properties": { "createTime": { "type": "string", @@ -257480,7 +257480,7 @@ } }, "gcp:securesourcemanager/instance:Instance": { - "description": "Instances are deployed to an available Google Cloud region and are accessible via their web interface.\n\n\nTo get more information about Instance, see:\n\n* [API documentation](https://cloud.google.com/secure-source-manager/docs/reference/rest/v1/projects.locations.instances)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/secure-source-manager/docs/create-instance)\n\n## Example Usage\n\n### Secure Source Manager Instance Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.securesourcemanager.Instance(\"default\", {\n location: \"us-central1\",\n instanceId: \"my-instance\",\n labels: {\n foo: \"bar\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.securesourcemanager.Instance(\"default\",\n location=\"us-central1\",\n instance_id=\"my-instance\",\n labels={\n \"foo\": \"bar\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.SecureSourceManager.Instance(\"default\", new()\n {\n Location = \"us-central1\",\n InstanceId = \"my-instance\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securesourcemanager.NewInstance(ctx, \"default\", \u0026securesourcemanager.InstanceArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tInstanceId: pulumi.String(\"my-instance\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securesourcemanager.Instance;\nimport com.pulumi.gcp.securesourcemanager.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Instance(\"default\", InstanceArgs.builder()\n .location(\"us-central1\")\n .instanceId(\"my-instance\")\n .labels(Map.of(\"foo\", \"bar\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:securesourcemanager:Instance\n properties:\n location: us-central1\n instanceId: my-instance\n labels:\n foo: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Secure Source Manager Instance Cmek\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRing(\"key_ring\", {\n name: \"my-keyring\",\n location: \"us-central1\",\n});\nconst cryptoKey = new gcp.kms.CryptoKey(\"crypto_key\", {\n name: \"my-key\",\n keyRing: keyRing.id,\n});\nconst project = gcp.organizations.getProject({});\nconst cryptoKeyBinding = new gcp.kms.CryptoKeyIAMMember(\"crypto_key_binding\", {\n cryptoKeyId: cryptoKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com`),\n});\nconst _default = new gcp.securesourcemanager.Instance(\"default\", {\n location: \"us-central1\",\n instanceId: \"my-instance\",\n kmsKey: cryptoKey.id,\n}, {\n dependsOn: [cryptoKeyBinding],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRing(\"key_ring\",\n name=\"my-keyring\",\n location=\"us-central1\")\ncrypto_key = gcp.kms.CryptoKey(\"crypto_key\",\n name=\"my-key\",\n key_ring=key_ring.id)\nproject = gcp.organizations.get_project()\ncrypto_key_binding = gcp.kms.CryptoKeyIAMMember(\"crypto_key_binding\",\n crypto_key_id=crypto_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com\")\ndefault = gcp.securesourcemanager.Instance(\"default\",\n location=\"us-central1\",\n instance_id=\"my-instance\",\n kms_key=crypto_key.id,\n opts = pulumi.ResourceOptions(depends_on=[crypto_key_binding]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRing(\"key_ring\", new()\n {\n Name = \"my-keyring\",\n Location = \"us-central1\",\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKey(\"crypto_key\", new()\n {\n Name = \"my-key\",\n KeyRing = keyRing.Id,\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var cryptoKeyBinding = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key_binding\", new()\n {\n CryptoKeyId = cryptoKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-sourcemanager.iam.gserviceaccount.com\",\n });\n\n var @default = new Gcp.SecureSourceManager.Instance(\"default\", new()\n {\n Location = \"us-central1\",\n InstanceId = \"my-instance\",\n KmsKey = cryptoKey.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n cryptoKeyBinding,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyRing, err := kms.NewKeyRing(ctx, \"key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"my-keyring\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKey(ctx, \"crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"my-key\"),\n\t\t\tKeyRing: keyRing.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKeyBinding, err := kms.NewCryptoKeyIAMMember(ctx, \"crypto_key_binding\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: cryptoKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-sourcemanager.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securesourcemanager.NewInstance(ctx, \"default\", \u0026securesourcemanager.InstanceArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tInstanceId: pulumi.String(\"my-instance\"),\n\t\t\tKmsKey: cryptoKey.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcryptoKeyBinding,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.securesourcemanager.Instance;\nimport com.pulumi.gcp.securesourcemanager.InstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRing(\"keyRing\", KeyRingArgs.builder()\n .name(\"my-keyring\")\n .location(\"us-central1\")\n .build());\n\n var cryptoKey = new CryptoKey(\"cryptoKey\", CryptoKeyArgs.builder()\n .name(\"my-key\")\n .keyRing(keyRing.id())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var cryptoKeyBinding = new CryptoKeyIAMMember(\"cryptoKeyBinding\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(cryptoKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-sourcemanager.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var default_ = new Instance(\"default\", InstanceArgs.builder()\n .location(\"us-central1\")\n .instanceId(\"my-instance\")\n .kmsKey(cryptoKey.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(cryptoKeyBinding)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRing\n name: key_ring\n properties:\n name: my-keyring\n location: us-central1\n cryptoKey:\n type: gcp:kms:CryptoKey\n name: crypto_key\n properties:\n name: my-key\n keyRing: ${keyRing.id}\n cryptoKeyBinding:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key_binding\n properties:\n cryptoKeyId: ${cryptoKey.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:service-${project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com\n default:\n type: gcp:securesourcemanager:Instance\n properties:\n location: us-central1\n instanceId: my-instance\n kmsKey: ${cryptoKey.id}\n options:\n dependson:\n - ${cryptoKeyBinding}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Secure Source Manager Instance Private\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst caPool = new gcp.certificateauthority.CaPool(\"ca_pool\", {\n name: \"ca-pool\",\n location: \"us-central1\",\n tier: \"ENTERPRISE\",\n publishingOptions: {\n publishCaCert: true,\n publishCrl: true,\n },\n});\nconst rootCa = new gcp.certificateauthority.Authority(\"root_ca\", {\n pool: caPool.name,\n certificateAuthorityId: \"root-ca\",\n location: \"us-central1\",\n config: {\n subjectConfig: {\n subject: {\n organization: \"google\",\n commonName: \"my-certificate-authority\",\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {\n serverAuth: true,\n },\n },\n },\n },\n keySpec: {\n algorithm: \"RSA_PKCS1_4096_SHA256\",\n },\n deletionProtection: false,\n ignoreActiveCertificatesOnDeletion: true,\n skipGracePeriod: true,\n});\nconst project = gcp.organizations.getProject({});\nconst caPoolBinding = new gcp.certificateauthority.CaPoolIamBinding(\"ca_pool_binding\", {\n caPool: caPool.id,\n role: \"roles/privateca.certificateRequester\",\n members: [project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com`)],\n});\n// ca pool IAM permissions can take time to propagate\nconst wait120Seconds = new time.index.Sleep(\"wait_120_seconds\", {createDuration: \"120s\"}, {\n dependsOn: [caPoolBinding],\n});\nconst _default = new gcp.securesourcemanager.Instance(\"default\", {\n instanceId: \"my-instance\",\n location: \"us-central1\",\n privateConfig: {\n isPrivate: true,\n caPool: caPool.id,\n },\n}, {\n dependsOn: [\n rootCa,\n wait120Seconds,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\nca_pool = gcp.certificateauthority.CaPool(\"ca_pool\",\n name=\"ca-pool\",\n location=\"us-central1\",\n tier=\"ENTERPRISE\",\n publishing_options={\n \"publish_ca_cert\": True,\n \"publish_crl\": True,\n })\nroot_ca = gcp.certificateauthority.Authority(\"root_ca\",\n pool=ca_pool.name,\n certificate_authority_id=\"root-ca\",\n location=\"us-central1\",\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"google\",\n \"common_name\": \"my-certificate-authority\",\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {\n \"server_auth\": True,\n },\n },\n },\n },\n key_spec={\n \"algorithm\": \"RSA_PKCS1_4096_SHA256\",\n },\n deletion_protection=False,\n ignore_active_certificates_on_deletion=True,\n skip_grace_period=True)\nproject = gcp.organizations.get_project()\nca_pool_binding = gcp.certificateauthority.CaPoolIamBinding(\"ca_pool_binding\",\n ca_pool=ca_pool.id,\n role=\"roles/privateca.certificateRequester\",\n members=[f\"serviceAccount:service-{project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com\"])\n# ca pool IAM permissions can take time to propagate\nwait120_seconds = time.index.Sleep(\"wait_120_seconds\", create_duration=120s,\nopts = pulumi.ResourceOptions(depends_on=[ca_pool_binding]))\ndefault = gcp.securesourcemanager.Instance(\"default\",\n instance_id=\"my-instance\",\n location=\"us-central1\",\n private_config={\n \"is_private\": True,\n \"ca_pool\": ca_pool.id,\n },\n opts = pulumi.ResourceOptions(depends_on=[\n root_ca,\n wait120_seconds,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var caPool = new Gcp.CertificateAuthority.CaPool(\"ca_pool\", new()\n {\n Name = \"ca-pool\",\n Location = \"us-central1\",\n Tier = \"ENTERPRISE\",\n PublishingOptions = new Gcp.CertificateAuthority.Inputs.CaPoolPublishingOptionsArgs\n {\n PublishCaCert = true,\n PublishCrl = true,\n },\n });\n\n var rootCa = new Gcp.CertificateAuthority.Authority(\"root_ca\", new()\n {\n Pool = caPool.Name,\n CertificateAuthorityId = \"root-ca\",\n Location = \"us-central1\",\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"google\",\n CommonName = \"my-certificate-authority\",\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = true,\n },\n },\n },\n },\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n Algorithm = \"RSA_PKCS1_4096_SHA256\",\n },\n DeletionProtection = false,\n IgnoreActiveCertificatesOnDeletion = true,\n SkipGracePeriod = true,\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var caPoolBinding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"ca_pool_binding\", new()\n {\n CaPool = caPool.Id,\n Role = \"roles/privateca.certificateRequester\",\n Members = new[]\n {\n $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-sourcemanager.iam.gserviceaccount.com\",\n },\n });\n\n // ca pool IAM permissions can take time to propagate\n var wait120Seconds = new Time.Index.Sleep(\"wait_120_seconds\", new()\n {\n CreateDuration = \"120s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n caPoolBinding,\n },\n });\n\n var @default = new Gcp.SecureSourceManager.Instance(\"default\", new()\n {\n InstanceId = \"my-instance\",\n Location = \"us-central1\",\n PrivateConfig = new Gcp.SecureSourceManager.Inputs.InstancePrivateConfigArgs\n {\n IsPrivate = true,\n CaPool = caPool.Id,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n rootCa,\n wait120Seconds,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcaPool, err := certificateauthority.NewCaPool(ctx, \"ca_pool\", \u0026certificateauthority.CaPoolArgs{\n\t\t\tName: pulumi.String(\"ca-pool\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTier: pulumi.String(\"ENTERPRISE\"),\n\t\t\tPublishingOptions: \u0026certificateauthority.CaPoolPublishingOptionsArgs{\n\t\t\t\tPublishCaCert: pulumi.Bool(true),\n\t\t\t\tPublishCrl: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trootCa, err := certificateauthority.NewAuthority(ctx, \"root_ca\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tPool: caPool.Name,\n\t\t\tCertificateAuthorityId: pulumi.String(\"root-ca\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"google\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-certificate-authority\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_PKCS1_4096_SHA256\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tIgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),\n\t\t\tSkipGracePeriod: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcaPoolBinding, err := certificateauthority.NewCaPoolIamBinding(ctx, \"ca_pool_binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: caPool.ID(),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateRequester\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-sourcemanager.iam.gserviceaccount.com\", project.Number),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// ca pool IAM permissions can take time to propagate\n\t\twait120Seconds, err := time.NewSleep(ctx, \"wait_120_seconds\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"120s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcaPoolBinding,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securesourcemanager.NewInstance(ctx, \"default\", \u0026securesourcemanager.InstanceArgs{\n\t\t\tInstanceId: pulumi.String(\"my-instance\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPrivateConfig: \u0026securesourcemanager.InstancePrivateConfigArgs{\n\t\t\t\tIsPrivate: pulumi.Bool(true),\n\t\t\t\tCaPool: caPool.ID(),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\trootCa,\n\t\t\twait120Seconds,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPool;\nimport com.pulumi.gcp.certificateauthority.CaPoolArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolPublishingOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.securesourcemanager.Instance;\nimport com.pulumi.gcp.securesourcemanager.InstanceArgs;\nimport com.pulumi.gcp.securesourcemanager.inputs.InstancePrivateConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var caPool = new CaPool(\"caPool\", CaPoolArgs.builder()\n .name(\"ca-pool\")\n .location(\"us-central1\")\n .tier(\"ENTERPRISE\")\n .publishingOptions(CaPoolPublishingOptionsArgs.builder()\n .publishCaCert(true)\n .publishCrl(true)\n .build())\n .build());\n\n var rootCa = new Authority(\"rootCa\", AuthorityArgs.builder()\n .pool(caPool.name())\n .certificateAuthorityId(\"root-ca\")\n .location(\"us-central1\")\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"google\")\n .commonName(\"my-certificate-authority\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(true)\n .build())\n .build())\n .build())\n .build())\n .keySpec(AuthorityKeySpecArgs.builder()\n .algorithm(\"RSA_PKCS1_4096_SHA256\")\n .build())\n .deletionProtection(false)\n .ignoreActiveCertificatesOnDeletion(true)\n .skipGracePeriod(true)\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var caPoolBinding = new CaPoolIamBinding(\"caPoolBinding\", CaPoolIamBindingArgs.builder()\n .caPool(caPool.id())\n .role(\"roles/privateca.certificateRequester\")\n .members(String.format(\"serviceAccount:service-%s@gcp-sa-sourcemanager.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n // ca pool IAM permissions can take time to propagate\n var wait120Seconds = new Sleep(\"wait120Seconds\", SleepArgs.builder()\n .createDuration(\"120s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(caPoolBinding)\n .build());\n\n var default_ = new Instance(\"default\", InstanceArgs.builder()\n .instanceId(\"my-instance\")\n .location(\"us-central1\")\n .privateConfig(InstancePrivateConfigArgs.builder()\n .isPrivate(true)\n .caPool(caPool.id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n rootCa,\n wait120Seconds)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n caPool:\n type: gcp:certificateauthority:CaPool\n name: ca_pool\n properties:\n name: ca-pool\n location: us-central1\n tier: ENTERPRISE\n publishingOptions:\n publishCaCert: true\n publishCrl: true\n rootCa:\n type: gcp:certificateauthority:Authority\n name: root_ca\n properties:\n pool: ${caPool.name}\n certificateAuthorityId: root-ca\n location: us-central1\n config:\n subjectConfig:\n subject:\n organization: google\n commonName: my-certificate-authority\n x509Config:\n caOptions:\n isCa: true\n keyUsage:\n baseKeyUsage:\n certSign: true\n crlSign: true\n extendedKeyUsage:\n serverAuth: true\n keySpec:\n algorithm: RSA_PKCS1_4096_SHA256\n deletionProtection: false\n ignoreActiveCertificatesOnDeletion: true\n skipGracePeriod: true\n caPoolBinding:\n type: gcp:certificateauthority:CaPoolIamBinding\n name: ca_pool_binding\n properties:\n caPool: ${caPool.id}\n role: roles/privateca.certificateRequester\n members:\n - serviceAccount:service-${project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com\n default:\n type: gcp:securesourcemanager:Instance\n properties:\n instanceId: my-instance\n location: us-central1\n privateConfig:\n isPrivate: true\n caPool: ${caPool.id}\n options:\n dependson:\n - ${rootCa}\n - ${wait120Seconds}\n # ca pool IAM permissions can take time to propagate\n wait120Seconds:\n type: time:sleep\n name: wait_120_seconds\n properties:\n createDuration: 120s\n options:\n dependson:\n - ${caPoolBinding}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Secure Source Manager Instance Private Psc Backend\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst project = gcp.organizations.getProject({});\nconst caPool = new gcp.certificateauthority.CaPool(\"ca_pool\", {\n name: \"ca-pool\",\n location: \"us-central1\",\n tier: \"ENTERPRISE\",\n publishingOptions: {\n publishCaCert: true,\n publishCrl: true,\n },\n});\nconst rootCa = new gcp.certificateauthority.Authority(\"root_ca\", {\n pool: caPool.name,\n certificateAuthorityId: \"root-ca\",\n location: \"us-central1\",\n config: {\n subjectConfig: {\n subject: {\n organization: \"google\",\n commonName: \"my-certificate-authority\",\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {\n serverAuth: true,\n },\n },\n },\n },\n keySpec: {\n algorithm: \"RSA_PKCS1_4096_SHA256\",\n },\n deletionProtection: false,\n ignoreActiveCertificatesOnDeletion: true,\n skipGracePeriod: true,\n});\nconst caPoolBinding = new gcp.certificateauthority.CaPoolIamBinding(\"ca_pool_binding\", {\n caPool: caPool.id,\n role: \"roles/privateca.certificateRequester\",\n members: [project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com`)],\n});\n// ca pool IAM permissions can take time to propagate\nconst wait120Seconds = new time.index.Sleep(\"wait_120_seconds\", {createDuration: \"120s\"}, {\n dependsOn: [caPoolBinding],\n});\n// See https://cloud.google.com/secure-source-manager/docs/create-private-service-connect-instance#root-ca-api\nconst _default = new gcp.securesourcemanager.Instance(\"default\", {\n instanceId: \"my-instance\",\n location: \"us-central1\",\n privateConfig: {\n isPrivate: true,\n caPool: caPool.id,\n },\n}, {\n dependsOn: [\n rootCa,\n wait120Seconds,\n ],\n});\n// Connect SSM private instance with L4 proxy ILB.\nconst network = new gcp.compute.Network(\"network\", {\n name: \"my-network\",\n autoCreateSubnetworks: false,\n});\nconst subnet = new gcp.compute.Subnetwork(\"subnet\", {\n name: \"my-subnet\",\n region: \"us-central1\",\n network: network.id,\n ipCidrRange: \"10.0.1.0/24\",\n privateIpGoogleAccess: true,\n});\nconst pscNeg = new gcp.compute.RegionNetworkEndpointGroup(\"psc_neg\", {\n name: \"my-neg\",\n region: \"us-central1\",\n networkEndpointType: \"PRIVATE_SERVICE_CONNECT\",\n pscTargetService: _default.privateConfig.apply(privateConfig =\u003e privateConfig?.httpServiceAttachment),\n network: network.id,\n subnetwork: subnet.id,\n});\nconst backendService = new gcp.compute.RegionBackendService(\"backend_service\", {\n name: \"my-backend-service\",\n region: \"us-central1\",\n protocol: \"TCP\",\n loadBalancingScheme: \"INTERNAL_MANAGED\",\n backends: [{\n group: pscNeg.id,\n balancingMode: \"UTILIZATION\",\n capacityScaler: 1,\n }],\n});\nconst proxySubnet = new gcp.compute.Subnetwork(\"proxy_subnet\", {\n name: \"my-proxy-subnet\",\n region: \"us-central1\",\n network: network.id,\n ipCidrRange: \"10.0.2.0/24\",\n purpose: \"REGIONAL_MANAGED_PROXY\",\n role: \"ACTIVE\",\n});\nconst targetProxy = new gcp.compute.RegionTargetTcpProxy(\"target_proxy\", {\n name: \"my-target-proxy\",\n region: \"us-central1\",\n backendService: backendService.id,\n});\nconst fwRuleTargetProxy = new gcp.compute.ForwardingRule(\"fw_rule_target_proxy\", {\n name: \"fw-rule-target-proxy\",\n region: \"us-central1\",\n loadBalancingScheme: \"INTERNAL_MANAGED\",\n ipProtocol: \"TCP\",\n portRange: \"443\",\n target: targetProxy.id,\n network: network.id,\n subnetwork: subnet.id,\n networkTier: \"PREMIUM\",\n}, {\n dependsOn: [proxySubnet],\n});\nconst privateZone = new gcp.dns.ManagedZone(\"private_zone\", {\n name: \"my-dns-zone\",\n dnsName: \"p.sourcemanager.dev.\",\n visibility: \"private\",\n privateVisibilityConfig: {\n networks: [{\n networkUrl: network.id,\n }],\n },\n});\nconst ssmInstanceHtmlRecord = new gcp.dns.RecordSet(\"ssm_instance_html_record\", {\n name: _default.hostConfigs.apply(hostConfigs =\u003e `${hostConfigs[0].html}.`),\n type: \"A\",\n ttl: 300,\n managedZone: privateZone.name,\n rrdatas: [fwRuleTargetProxy.ipAddress],\n});\nconst ssmInstanceApiRecord = new gcp.dns.RecordSet(\"ssm_instance_api_record\", {\n name: _default.hostConfigs.apply(hostConfigs =\u003e `${hostConfigs[0].api}.`),\n type: \"A\",\n ttl: 300,\n managedZone: privateZone.name,\n rrdatas: [fwRuleTargetProxy.ipAddress],\n});\nconst ssmInstanceGitRecord = new gcp.dns.RecordSet(\"ssm_instance_git_record\", {\n name: _default.hostConfigs.apply(hostConfigs =\u003e `${hostConfigs[0].gitHttp}.`),\n type: \"A\",\n ttl: 300,\n managedZone: privateZone.name,\n rrdatas: [fwRuleTargetProxy.ipAddress],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\nproject = gcp.organizations.get_project()\nca_pool = gcp.certificateauthority.CaPool(\"ca_pool\",\n name=\"ca-pool\",\n location=\"us-central1\",\n tier=\"ENTERPRISE\",\n publishing_options={\n \"publish_ca_cert\": True,\n \"publish_crl\": True,\n })\nroot_ca = gcp.certificateauthority.Authority(\"root_ca\",\n pool=ca_pool.name,\n certificate_authority_id=\"root-ca\",\n location=\"us-central1\",\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"google\",\n \"common_name\": \"my-certificate-authority\",\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {\n \"server_auth\": True,\n },\n },\n },\n },\n key_spec={\n \"algorithm\": \"RSA_PKCS1_4096_SHA256\",\n },\n deletion_protection=False,\n ignore_active_certificates_on_deletion=True,\n skip_grace_period=True)\nca_pool_binding = gcp.certificateauthority.CaPoolIamBinding(\"ca_pool_binding\",\n ca_pool=ca_pool.id,\n role=\"roles/privateca.certificateRequester\",\n members=[f\"serviceAccount:service-{project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com\"])\n# ca pool IAM permissions can take time to propagate\nwait120_seconds = time.index.Sleep(\"wait_120_seconds\", create_duration=120s,\nopts = pulumi.ResourceOptions(depends_on=[ca_pool_binding]))\n# See https://cloud.google.com/secure-source-manager/docs/create-private-service-connect-instance#root-ca-api\ndefault = gcp.securesourcemanager.Instance(\"default\",\n instance_id=\"my-instance\",\n location=\"us-central1\",\n private_config={\n \"is_private\": True,\n \"ca_pool\": ca_pool.id,\n },\n opts = pulumi.ResourceOptions(depends_on=[\n root_ca,\n wait120_seconds,\n ]))\n# Connect SSM private instance with L4 proxy ILB.\nnetwork = gcp.compute.Network(\"network\",\n name=\"my-network\",\n auto_create_subnetworks=False)\nsubnet = gcp.compute.Subnetwork(\"subnet\",\n name=\"my-subnet\",\n region=\"us-central1\",\n network=network.id,\n ip_cidr_range=\"10.0.1.0/24\",\n private_ip_google_access=True)\npsc_neg = gcp.compute.RegionNetworkEndpointGroup(\"psc_neg\",\n name=\"my-neg\",\n region=\"us-central1\",\n network_endpoint_type=\"PRIVATE_SERVICE_CONNECT\",\n psc_target_service=default.private_config.http_service_attachment,\n network=network.id,\n subnetwork=subnet.id)\nbackend_service = gcp.compute.RegionBackendService(\"backend_service\",\n name=\"my-backend-service\",\n region=\"us-central1\",\n protocol=\"TCP\",\n load_balancing_scheme=\"INTERNAL_MANAGED\",\n backends=[{\n \"group\": psc_neg.id,\n \"balancing_mode\": \"UTILIZATION\",\n \"capacity_scaler\": 1,\n }])\nproxy_subnet = gcp.compute.Subnetwork(\"proxy_subnet\",\n name=\"my-proxy-subnet\",\n region=\"us-central1\",\n network=network.id,\n ip_cidr_range=\"10.0.2.0/24\",\n purpose=\"REGIONAL_MANAGED_PROXY\",\n role=\"ACTIVE\")\ntarget_proxy = gcp.compute.RegionTargetTcpProxy(\"target_proxy\",\n name=\"my-target-proxy\",\n region=\"us-central1\",\n backend_service=backend_service.id)\nfw_rule_target_proxy = gcp.compute.ForwardingRule(\"fw_rule_target_proxy\",\n name=\"fw-rule-target-proxy\",\n region=\"us-central1\",\n load_balancing_scheme=\"INTERNAL_MANAGED\",\n ip_protocol=\"TCP\",\n port_range=\"443\",\n target=target_proxy.id,\n network=network.id,\n subnetwork=subnet.id,\n network_tier=\"PREMIUM\",\n opts = pulumi.ResourceOptions(depends_on=[proxy_subnet]))\nprivate_zone = gcp.dns.ManagedZone(\"private_zone\",\n name=\"my-dns-zone\",\n dns_name=\"p.sourcemanager.dev.\",\n visibility=\"private\",\n private_visibility_config={\n \"networks\": [{\n \"network_url\": network.id,\n }],\n })\nssm_instance_html_record = gcp.dns.RecordSet(\"ssm_instance_html_record\",\n name=default.host_configs.apply(lambda host_configs: f\"{host_configs[0].html}.\"),\n type=\"A\",\n ttl=300,\n managed_zone=private_zone.name,\n rrdatas=[fw_rule_target_proxy.ip_address])\nssm_instance_api_record = gcp.dns.RecordSet(\"ssm_instance_api_record\",\n name=default.host_configs.apply(lambda host_configs: f\"{host_configs[0].api}.\"),\n type=\"A\",\n ttl=300,\n managed_zone=private_zone.name,\n rrdatas=[fw_rule_target_proxy.ip_address])\nssm_instance_git_record = gcp.dns.RecordSet(\"ssm_instance_git_record\",\n name=default.host_configs.apply(lambda host_configs: f\"{host_configs[0].git_http}.\"),\n type=\"A\",\n ttl=300,\n managed_zone=private_zone.name,\n rrdatas=[fw_rule_target_proxy.ip_address])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var caPool = new Gcp.CertificateAuthority.CaPool(\"ca_pool\", new()\n {\n Name = \"ca-pool\",\n Location = \"us-central1\",\n Tier = \"ENTERPRISE\",\n PublishingOptions = new Gcp.CertificateAuthority.Inputs.CaPoolPublishingOptionsArgs\n {\n PublishCaCert = true,\n PublishCrl = true,\n },\n });\n\n var rootCa = new Gcp.CertificateAuthority.Authority(\"root_ca\", new()\n {\n Pool = caPool.Name,\n CertificateAuthorityId = \"root-ca\",\n Location = \"us-central1\",\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"google\",\n CommonName = \"my-certificate-authority\",\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = true,\n },\n },\n },\n },\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n Algorithm = \"RSA_PKCS1_4096_SHA256\",\n },\n DeletionProtection = false,\n IgnoreActiveCertificatesOnDeletion = true,\n SkipGracePeriod = true,\n });\n\n var caPoolBinding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"ca_pool_binding\", new()\n {\n CaPool = caPool.Id,\n Role = \"roles/privateca.certificateRequester\",\n Members = new[]\n {\n $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-sourcemanager.iam.gserviceaccount.com\",\n },\n });\n\n // ca pool IAM permissions can take time to propagate\n var wait120Seconds = new Time.Index.Sleep(\"wait_120_seconds\", new()\n {\n CreateDuration = \"120s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n caPoolBinding,\n },\n });\n\n // See https://cloud.google.com/secure-source-manager/docs/create-private-service-connect-instance#root-ca-api\n var @default = new Gcp.SecureSourceManager.Instance(\"default\", new()\n {\n InstanceId = \"my-instance\",\n Location = \"us-central1\",\n PrivateConfig = new Gcp.SecureSourceManager.Inputs.InstancePrivateConfigArgs\n {\n IsPrivate = true,\n CaPool = caPool.Id,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n rootCa,\n wait120Seconds,\n },\n });\n\n // Connect SSM private instance with L4 proxy ILB.\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"my-network\",\n AutoCreateSubnetworks = false,\n });\n\n var subnet = new Gcp.Compute.Subnetwork(\"subnet\", new()\n {\n Name = \"my-subnet\",\n Region = \"us-central1\",\n Network = network.Id,\n IpCidrRange = \"10.0.1.0/24\",\n PrivateIpGoogleAccess = true,\n });\n\n var pscNeg = new Gcp.Compute.RegionNetworkEndpointGroup(\"psc_neg\", new()\n {\n Name = \"my-neg\",\n Region = \"us-central1\",\n NetworkEndpointType = \"PRIVATE_SERVICE_CONNECT\",\n PscTargetService = @default.PrivateConfig.Apply(privateConfig =\u003e privateConfig?.HttpServiceAttachment),\n Network = network.Id,\n Subnetwork = subnet.Id,\n });\n\n var backendService = new Gcp.Compute.RegionBackendService(\"backend_service\", new()\n {\n Name = \"my-backend-service\",\n Region = \"us-central1\",\n Protocol = \"TCP\",\n LoadBalancingScheme = \"INTERNAL_MANAGED\",\n Backends = new[]\n {\n new Gcp.Compute.Inputs.RegionBackendServiceBackendArgs\n {\n Group = pscNeg.Id,\n BalancingMode = \"UTILIZATION\",\n CapacityScaler = 1,\n },\n },\n });\n\n var proxySubnet = new Gcp.Compute.Subnetwork(\"proxy_subnet\", new()\n {\n Name = \"my-proxy-subnet\",\n Region = \"us-central1\",\n Network = network.Id,\n IpCidrRange = \"10.0.2.0/24\",\n Purpose = \"REGIONAL_MANAGED_PROXY\",\n Role = \"ACTIVE\",\n });\n\n var targetProxy = new Gcp.Compute.RegionTargetTcpProxy(\"target_proxy\", new()\n {\n Name = \"my-target-proxy\",\n Region = \"us-central1\",\n BackendService = backendService.Id,\n });\n\n var fwRuleTargetProxy = new Gcp.Compute.ForwardingRule(\"fw_rule_target_proxy\", new()\n {\n Name = \"fw-rule-target-proxy\",\n Region = \"us-central1\",\n LoadBalancingScheme = \"INTERNAL_MANAGED\",\n IpProtocol = \"TCP\",\n PortRange = \"443\",\n Target = targetProxy.Id,\n Network = network.Id,\n Subnetwork = subnet.Id,\n NetworkTier = \"PREMIUM\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n proxySubnet,\n },\n });\n\n var privateZone = new Gcp.Dns.ManagedZone(\"private_zone\", new()\n {\n Name = \"my-dns-zone\",\n DnsName = \"p.sourcemanager.dev.\",\n Visibility = \"private\",\n PrivateVisibilityConfig = new Gcp.Dns.Inputs.ManagedZonePrivateVisibilityConfigArgs\n {\n Networks = new[]\n {\n new Gcp.Dns.Inputs.ManagedZonePrivateVisibilityConfigNetworkArgs\n {\n NetworkUrl = network.Id,\n },\n },\n },\n });\n\n var ssmInstanceHtmlRecord = new Gcp.Dns.RecordSet(\"ssm_instance_html_record\", new()\n {\n Name = @default.HostConfigs.Apply(hostConfigs =\u003e $\"{hostConfigs[0].Html}.\"),\n Type = \"A\",\n Ttl = 300,\n ManagedZone = privateZone.Name,\n Rrdatas = new[]\n {\n fwRuleTargetProxy.IpAddress,\n },\n });\n\n var ssmInstanceApiRecord = new Gcp.Dns.RecordSet(\"ssm_instance_api_record\", new()\n {\n Name = @default.HostConfigs.Apply(hostConfigs =\u003e $\"{hostConfigs[0].Api}.\"),\n Type = \"A\",\n Ttl = 300,\n ManagedZone = privateZone.Name,\n Rrdatas = new[]\n {\n fwRuleTargetProxy.IpAddress,\n },\n });\n\n var ssmInstanceGitRecord = new Gcp.Dns.RecordSet(\"ssm_instance_git_record\", new()\n {\n Name = @default.HostConfigs.Apply(hostConfigs =\u003e $\"{hostConfigs[0].GitHttp}.\"),\n Type = \"A\",\n Ttl = 300,\n ManagedZone = privateZone.Name,\n Rrdatas = new[]\n {\n fwRuleTargetProxy.IpAddress,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcaPool, err := certificateauthority.NewCaPool(ctx, \"ca_pool\", \u0026certificateauthority.CaPoolArgs{\n\t\t\tName: pulumi.String(\"ca-pool\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTier: pulumi.String(\"ENTERPRISE\"),\n\t\t\tPublishingOptions: \u0026certificateauthority.CaPoolPublishingOptionsArgs{\n\t\t\t\tPublishCaCert: pulumi.Bool(true),\n\t\t\t\tPublishCrl: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trootCa, err := certificateauthority.NewAuthority(ctx, \"root_ca\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tPool: caPool.Name,\n\t\t\tCertificateAuthorityId: pulumi.String(\"root-ca\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"google\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-certificate-authority\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_PKCS1_4096_SHA256\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tIgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),\n\t\t\tSkipGracePeriod: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcaPoolBinding, err := certificateauthority.NewCaPoolIamBinding(ctx, \"ca_pool_binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: caPool.ID(),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateRequester\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-sourcemanager.iam.gserviceaccount.com\", project.Number),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// ca pool IAM permissions can take time to propagate\n\t\twait120Seconds, err := time.NewSleep(ctx, \"wait_120_seconds\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"120s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcaPoolBinding,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// See https://cloud.google.com/secure-source-manager/docs/create-private-service-connect-instance#root-ca-api\n\t\t_, err = securesourcemanager.NewInstance(ctx, \"default\", \u0026securesourcemanager.InstanceArgs{\n\t\t\tInstanceId: pulumi.String(\"my-instance\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPrivateConfig: \u0026securesourcemanager.InstancePrivateConfigArgs{\n\t\t\t\tIsPrivate: pulumi.Bool(true),\n\t\t\t\tCaPool: caPool.ID(),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\trootCa,\n\t\t\twait120Seconds,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Connect SSM private instance with L4 proxy ILB.\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubnet, err := compute.NewSubnetwork(ctx, \"subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"my-subnet\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: network.ID(),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.1.0/24\"),\n\t\t\tPrivateIpGoogleAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscNeg, err := compute.NewRegionNetworkEndpointGroup(ctx, \"psc_neg\", \u0026compute.RegionNetworkEndpointGroupArgs{\n\t\t\tName: pulumi.String(\"my-neg\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetworkEndpointType: pulumi.String(\"PRIVATE_SERVICE_CONNECT\"),\n\t\t\tPscTargetService: pulumi.String(_default.PrivateConfig.ApplyT(func(privateConfig securesourcemanager.InstancePrivateConfig) (*string, error) {\n\t\t\t\treturn \u0026privateConfig.HttpServiceAttachment, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\tNetwork: network.ID(),\n\t\t\tSubnetwork: subnet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbackendService, err := compute.NewRegionBackendService(ctx, \"backend_service\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"my-backend-service\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tProtocol: pulumi.String(\"TCP\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_MANAGED\"),\n\t\t\tBackends: compute.RegionBackendServiceBackendArray{\n\t\t\t\t\u0026compute.RegionBackendServiceBackendArgs{\n\t\t\t\t\tGroup: pscNeg.ID(),\n\t\t\t\t\tBalancingMode: pulumi.String(\"UTILIZATION\"),\n\t\t\t\t\tCapacityScaler: pulumi.Float64(1),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproxySubnet, err := compute.NewSubnetwork(ctx, \"proxy_subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"my-proxy-subnet\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: network.ID(),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.2.0/24\"),\n\t\t\tPurpose: pulumi.String(\"REGIONAL_MANAGED_PROXY\"),\n\t\t\tRole: pulumi.String(\"ACTIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttargetProxy, err := compute.NewRegionTargetTcpProxy(ctx, \"target_proxy\", \u0026compute.RegionTargetTcpProxyArgs{\n\t\t\tName: pulumi.String(\"my-target-proxy\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tBackendService: backendService.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfwRuleTargetProxy, err := compute.NewForwardingRule(ctx, \"fw_rule_target_proxy\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"fw-rule-target-proxy\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_MANAGED\"),\n\t\t\tIpProtocol: pulumi.String(\"TCP\"),\n\t\t\tPortRange: pulumi.String(\"443\"),\n\t\t\tTarget: targetProxy.ID(),\n\t\t\tNetwork: network.ID(),\n\t\t\tSubnetwork: subnet.ID(),\n\t\t\tNetworkTier: pulumi.String(\"PREMIUM\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tproxySubnet,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateZone, err := dns.NewManagedZone(ctx, \"private_zone\", \u0026dns.ManagedZoneArgs{\n\t\t\tName: pulumi.String(\"my-dns-zone\"),\n\t\t\tDnsName: pulumi.String(\"p.sourcemanager.dev.\"),\n\t\t\tVisibility: pulumi.String(\"private\"),\n\t\t\tPrivateVisibilityConfig: \u0026dns.ManagedZonePrivateVisibilityConfigArgs{\n\t\t\t\tNetworks: dns.ManagedZonePrivateVisibilityConfigNetworkArray{\n\t\t\t\t\t\u0026dns.ManagedZonePrivateVisibilityConfigNetworkArgs{\n\t\t\t\t\t\tNetworkUrl: network.ID(),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewRecordSet(ctx, \"ssm_instance_html_record\", \u0026dns.RecordSetArgs{\n\t\t\tName: _default.HostConfigs.ApplyT(func(hostConfigs []securesourcemanager.InstanceHostConfig) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v.\", hostConfigs[0].Html), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tTtl: pulumi.Int(300),\n\t\t\tManagedZone: privateZone.Name,\n\t\t\tRrdatas: pulumi.StringArray{\n\t\t\t\tfwRuleTargetProxy.IpAddress,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewRecordSet(ctx, \"ssm_instance_api_record\", \u0026dns.RecordSetArgs{\n\t\t\tName: _default.HostConfigs.ApplyT(func(hostConfigs []securesourcemanager.InstanceHostConfig) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v.\", hostConfigs[0].Api), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tTtl: pulumi.Int(300),\n\t\t\tManagedZone: privateZone.Name,\n\t\t\tRrdatas: pulumi.StringArray{\n\t\t\t\tfwRuleTargetProxy.IpAddress,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewRecordSet(ctx, \"ssm_instance_git_record\", \u0026dns.RecordSetArgs{\n\t\t\tName: _default.HostConfigs.ApplyT(func(hostConfigs []securesourcemanager.InstanceHostConfig) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v.\", hostConfigs[0].GitHttp), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tTtl: pulumi.Int(300),\n\t\t\tManagedZone: privateZone.Name,\n\t\t\tRrdatas: pulumi.StringArray{\n\t\t\t\tfwRuleTargetProxy.IpAddress,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.certificateauthority.CaPool;\nimport com.pulumi.gcp.certificateauthority.CaPoolArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolPublishingOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.securesourcemanager.Instance;\nimport com.pulumi.gcp.securesourcemanager.InstanceArgs;\nimport com.pulumi.gcp.securesourcemanager.inputs.InstancePrivateConfigArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.RegionNetworkEndpointGroup;\nimport com.pulumi.gcp.compute.RegionNetworkEndpointGroupArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs;\nimport com.pulumi.gcp.compute.RegionTargetTcpProxy;\nimport com.pulumi.gcp.compute.RegionTargetTcpProxyArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.dns.ManagedZone;\nimport com.pulumi.gcp.dns.ManagedZoneArgs;\nimport com.pulumi.gcp.dns.inputs.ManagedZonePrivateVisibilityConfigArgs;\nimport com.pulumi.gcp.dns.RecordSet;\nimport com.pulumi.gcp.dns.RecordSetArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var caPool = new CaPool(\"caPool\", CaPoolArgs.builder()\n .name(\"ca-pool\")\n .location(\"us-central1\")\n .tier(\"ENTERPRISE\")\n .publishingOptions(CaPoolPublishingOptionsArgs.builder()\n .publishCaCert(true)\n .publishCrl(true)\n .build())\n .build());\n\n var rootCa = new Authority(\"rootCa\", AuthorityArgs.builder()\n .pool(caPool.name())\n .certificateAuthorityId(\"root-ca\")\n .location(\"us-central1\")\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"google\")\n .commonName(\"my-certificate-authority\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(true)\n .build())\n .build())\n .build())\n .build())\n .keySpec(AuthorityKeySpecArgs.builder()\n .algorithm(\"RSA_PKCS1_4096_SHA256\")\n .build())\n .deletionProtection(false)\n .ignoreActiveCertificatesOnDeletion(true)\n .skipGracePeriod(true)\n .build());\n\n var caPoolBinding = new CaPoolIamBinding(\"caPoolBinding\", CaPoolIamBindingArgs.builder()\n .caPool(caPool.id())\n .role(\"roles/privateca.certificateRequester\")\n .members(String.format(\"serviceAccount:service-%s@gcp-sa-sourcemanager.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n // ca pool IAM permissions can take time to propagate\n var wait120Seconds = new Sleep(\"wait120Seconds\", SleepArgs.builder()\n .createDuration(\"120s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(caPoolBinding)\n .build());\n\n // See https://cloud.google.com/secure-source-manager/docs/create-private-service-connect-instance#root-ca-api\n var default_ = new Instance(\"default\", InstanceArgs.builder()\n .instanceId(\"my-instance\")\n .location(\"us-central1\")\n .privateConfig(InstancePrivateConfigArgs.builder()\n .isPrivate(true)\n .caPool(caPool.id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n rootCa,\n wait120Seconds)\n .build());\n\n // Connect SSM private instance with L4 proxy ILB.\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"my-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var subnet = new Subnetwork(\"subnet\", SubnetworkArgs.builder()\n .name(\"my-subnet\")\n .region(\"us-central1\")\n .network(network.id())\n .ipCidrRange(\"10.0.1.0/24\")\n .privateIpGoogleAccess(true)\n .build());\n\n var pscNeg = new RegionNetworkEndpointGroup(\"pscNeg\", RegionNetworkEndpointGroupArgs.builder()\n .name(\"my-neg\")\n .region(\"us-central1\")\n .networkEndpointType(\"PRIVATE_SERVICE_CONNECT\")\n .pscTargetService(default_.privateConfig().applyValue(privateConfig -\u003e privateConfig.httpServiceAttachment()))\n .network(network.id())\n .subnetwork(subnet.id())\n .build());\n\n var backendService = new RegionBackendService(\"backendService\", RegionBackendServiceArgs.builder()\n .name(\"my-backend-service\")\n .region(\"us-central1\")\n .protocol(\"TCP\")\n .loadBalancingScheme(\"INTERNAL_MANAGED\")\n .backends(RegionBackendServiceBackendArgs.builder()\n .group(pscNeg.id())\n .balancingMode(\"UTILIZATION\")\n .capacityScaler(1)\n .build())\n .build());\n\n var proxySubnet = new Subnetwork(\"proxySubnet\", SubnetworkArgs.builder()\n .name(\"my-proxy-subnet\")\n .region(\"us-central1\")\n .network(network.id())\n .ipCidrRange(\"10.0.2.0/24\")\n .purpose(\"REGIONAL_MANAGED_PROXY\")\n .role(\"ACTIVE\")\n .build());\n\n var targetProxy = new RegionTargetTcpProxy(\"targetProxy\", RegionTargetTcpProxyArgs.builder()\n .name(\"my-target-proxy\")\n .region(\"us-central1\")\n .backendService(backendService.id())\n .build());\n\n var fwRuleTargetProxy = new ForwardingRule(\"fwRuleTargetProxy\", ForwardingRuleArgs.builder()\n .name(\"fw-rule-target-proxy\")\n .region(\"us-central1\")\n .loadBalancingScheme(\"INTERNAL_MANAGED\")\n .ipProtocol(\"TCP\")\n .portRange(\"443\")\n .target(targetProxy.id())\n .network(network.id())\n .subnetwork(subnet.id())\n .networkTier(\"PREMIUM\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(proxySubnet)\n .build());\n\n var privateZone = new ManagedZone(\"privateZone\", ManagedZoneArgs.builder()\n .name(\"my-dns-zone\")\n .dnsName(\"p.sourcemanager.dev.\")\n .visibility(\"private\")\n .privateVisibilityConfig(ManagedZonePrivateVisibilityConfigArgs.builder()\n .networks(ManagedZonePrivateVisibilityConfigNetworkArgs.builder()\n .networkUrl(network.id())\n .build())\n .build())\n .build());\n\n var ssmInstanceHtmlRecord = new RecordSet(\"ssmInstanceHtmlRecord\", RecordSetArgs.builder()\n .name(default_.hostConfigs().applyValue(hostConfigs -\u003e String.format(\"%s.\", hostConfigs[0].html())))\n .type(\"A\")\n .ttl(300)\n .managedZone(privateZone.name())\n .rrdatas(fwRuleTargetProxy.ipAddress())\n .build());\n\n var ssmInstanceApiRecord = new RecordSet(\"ssmInstanceApiRecord\", RecordSetArgs.builder()\n .name(default_.hostConfigs().applyValue(hostConfigs -\u003e String.format(\"%s.\", hostConfigs[0].api())))\n .type(\"A\")\n .ttl(300)\n .managedZone(privateZone.name())\n .rrdatas(fwRuleTargetProxy.ipAddress())\n .build());\n\n var ssmInstanceGitRecord = new RecordSet(\"ssmInstanceGitRecord\", RecordSetArgs.builder()\n .name(default_.hostConfigs().applyValue(hostConfigs -\u003e String.format(\"%s.\", hostConfigs[0].gitHttp())))\n .type(\"A\")\n .ttl(300)\n .managedZone(privateZone.name())\n .rrdatas(fwRuleTargetProxy.ipAddress())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n caPool:\n type: gcp:certificateauthority:CaPool\n name: ca_pool\n properties:\n name: ca-pool\n location: us-central1\n tier: ENTERPRISE\n publishingOptions:\n publishCaCert: true\n publishCrl: true\n rootCa:\n type: gcp:certificateauthority:Authority\n name: root_ca\n properties:\n pool: ${caPool.name}\n certificateAuthorityId: root-ca\n location: us-central1\n config:\n subjectConfig:\n subject:\n organization: google\n commonName: my-certificate-authority\n x509Config:\n caOptions:\n isCa: true\n keyUsage:\n baseKeyUsage:\n certSign: true\n crlSign: true\n extendedKeyUsage:\n serverAuth: true\n keySpec:\n algorithm: RSA_PKCS1_4096_SHA256\n deletionProtection: false\n ignoreActiveCertificatesOnDeletion: true\n skipGracePeriod: true\n caPoolBinding:\n type: gcp:certificateauthority:CaPoolIamBinding\n name: ca_pool_binding\n properties:\n caPool: ${caPool.id}\n role: roles/privateca.certificateRequester\n members:\n - serviceAccount:service-${project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com\n # See https://cloud.google.com/secure-source-manager/docs/create-private-service-connect-instance#root-ca-api\n default:\n type: gcp:securesourcemanager:Instance\n properties:\n instanceId: my-instance\n location: us-central1\n privateConfig:\n isPrivate: true\n caPool: ${caPool.id}\n options:\n dependson:\n - ${rootCa}\n - ${wait120Seconds}\n # ca pool IAM permissions can take time to propagate\n wait120Seconds:\n type: time:sleep\n name: wait_120_seconds\n properties:\n createDuration: 120s\n options:\n dependson:\n - ${caPoolBinding}\n # Connect SSM private instance with L4 proxy ILB.\n network:\n type: gcp:compute:Network\n properties:\n name: my-network\n autoCreateSubnetworks: false\n subnet:\n type: gcp:compute:Subnetwork\n properties:\n name: my-subnet\n region: us-central1\n network: ${network.id}\n ipCidrRange: 10.0.1.0/24\n privateIpGoogleAccess: true\n pscNeg:\n type: gcp:compute:RegionNetworkEndpointGroup\n name: psc_neg\n properties:\n name: my-neg\n region: us-central1\n networkEndpointType: PRIVATE_SERVICE_CONNECT\n pscTargetService: ${default.privateConfig.httpServiceAttachment}\n network: ${network.id}\n subnetwork: ${subnet.id}\n backendService:\n type: gcp:compute:RegionBackendService\n name: backend_service\n properties:\n name: my-backend-service\n region: us-central1\n protocol: TCP\n loadBalancingScheme: INTERNAL_MANAGED\n backends:\n - group: ${pscNeg.id}\n balancingMode: UTILIZATION\n capacityScaler: 1\n proxySubnet:\n type: gcp:compute:Subnetwork\n name: proxy_subnet\n properties:\n name: my-proxy-subnet\n region: us-central1\n network: ${network.id}\n ipCidrRange: 10.0.2.0/24\n purpose: REGIONAL_MANAGED_PROXY\n role: ACTIVE\n targetProxy:\n type: gcp:compute:RegionTargetTcpProxy\n name: target_proxy\n properties:\n name: my-target-proxy\n region: us-central1\n backendService: ${backendService.id}\n fwRuleTargetProxy:\n type: gcp:compute:ForwardingRule\n name: fw_rule_target_proxy\n properties:\n name: fw-rule-target-proxy\n region: us-central1\n loadBalancingScheme: INTERNAL_MANAGED\n ipProtocol: TCP\n portRange: '443'\n target: ${targetProxy.id}\n network: ${network.id}\n subnetwork: ${subnet.id}\n networkTier: PREMIUM\n options:\n dependson:\n - ${proxySubnet}\n privateZone:\n type: gcp:dns:ManagedZone\n name: private_zone\n properties:\n name: my-dns-zone\n dnsName: p.sourcemanager.dev.\n visibility: private\n privateVisibilityConfig:\n networks:\n - networkUrl: ${network.id}\n ssmInstanceHtmlRecord:\n type: gcp:dns:RecordSet\n name: ssm_instance_html_record\n properties:\n name: ${default.hostConfigs[0].html}.\n type: A\n ttl: 300\n managedZone: ${privateZone.name}\n rrdatas:\n - ${fwRuleTargetProxy.ipAddress}\n ssmInstanceApiRecord:\n type: gcp:dns:RecordSet\n name: ssm_instance_api_record\n properties:\n name: ${default.hostConfigs[0].api}.\n type: A\n ttl: 300\n managedZone: ${privateZone.name}\n rrdatas:\n - ${fwRuleTargetProxy.ipAddress}\n ssmInstanceGitRecord:\n type: gcp:dns:RecordSet\n name: ssm_instance_git_record\n properties:\n name: ${default.hostConfigs[0].gitHttp}.\n type: A\n ttl: 300\n managedZone: ${privateZone.name}\n rrdatas:\n - ${fwRuleTargetProxy.ipAddress}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Secure Source Manager Instance Private Psc Endpoint\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst project = gcp.organizations.getProject({});\nconst caPool = new gcp.certificateauthority.CaPool(\"ca_pool\", {\n name: \"ca-pool\",\n location: \"us-central1\",\n tier: \"ENTERPRISE\",\n publishingOptions: {\n publishCaCert: true,\n publishCrl: true,\n },\n});\nconst rootCa = new gcp.certificateauthority.Authority(\"root_ca\", {\n pool: caPool.name,\n certificateAuthorityId: \"root-ca\",\n location: \"us-central1\",\n config: {\n subjectConfig: {\n subject: {\n organization: \"google\",\n commonName: \"my-certificate-authority\",\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {\n serverAuth: true,\n },\n },\n },\n },\n keySpec: {\n algorithm: \"RSA_PKCS1_4096_SHA256\",\n },\n deletionProtection: false,\n ignoreActiveCertificatesOnDeletion: true,\n skipGracePeriod: true,\n});\nconst caPoolBinding = new gcp.certificateauthority.CaPoolIamBinding(\"ca_pool_binding\", {\n caPool: caPool.id,\n role: \"roles/privateca.certificateRequester\",\n members: [project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com`)],\n});\n// ca pool IAM permissions can take time to propagate\nconst wait120Seconds = new time.index.Sleep(\"wait_120_seconds\", {createDuration: \"120s\"}, {\n dependsOn: [caPoolBinding],\n});\n// See https://cloud.google.com/secure-source-manager/docs/create-private-service-connect-instance#root-ca-api\nconst _default = new gcp.securesourcemanager.Instance(\"default\", {\n instanceId: \"my-instance\",\n location: \"us-central1\",\n privateConfig: {\n isPrivate: true,\n caPool: caPool.id,\n },\n}, {\n dependsOn: [\n rootCa,\n wait120Seconds,\n ],\n});\n// Connect SSM private instance with endpoint.\nconst network = new gcp.compute.Network(\"network\", {\n name: \"my-network\",\n autoCreateSubnetworks: false,\n});\nconst subnet = new gcp.compute.Subnetwork(\"subnet\", {\n name: \"my-subnet\",\n region: \"us-central1\",\n network: network.id,\n ipCidrRange: \"10.0.60.0/24\",\n privateIpGoogleAccess: true,\n});\nconst address = new gcp.compute.Address(\"address\", {\n name: \"my-address\",\n region: \"us-central1\",\n address: \"10.0.60.100\",\n addressType: \"INTERNAL\",\n subnetwork: subnet.id,\n});\nconst fwRuleServiceAttachment = new gcp.compute.ForwardingRule(\"fw_rule_service_attachment\", {\n name: \"fw-rule-service-attachment\",\n region: \"us-central1\",\n loadBalancingScheme: \"\",\n ipAddress: address.id,\n network: network.id,\n target: _default.privateConfig.apply(privateConfig =\u003e privateConfig?.httpServiceAttachment),\n});\nconst privateZone = new gcp.dns.ManagedZone(\"private_zone\", {\n name: \"my-dns-zone\",\n dnsName: \"p.sourcemanager.dev.\",\n visibility: \"private\",\n privateVisibilityConfig: {\n networks: [{\n networkUrl: network.id,\n }],\n },\n});\nconst ssmInstanceHtmlRecord = new gcp.dns.RecordSet(\"ssm_instance_html_record\", {\n name: _default.hostConfigs.apply(hostConfigs =\u003e `${hostConfigs[0].html}.`),\n type: \"A\",\n ttl: 300,\n managedZone: privateZone.name,\n rrdatas: [fwRuleServiceAttachment.ipAddress],\n});\nconst ssmInstanceApiRecord = new gcp.dns.RecordSet(\"ssm_instance_api_record\", {\n name: _default.hostConfigs.apply(hostConfigs =\u003e `${hostConfigs[0].api}.`),\n type: \"A\",\n ttl: 300,\n managedZone: privateZone.name,\n rrdatas: [fwRuleServiceAttachment.ipAddress],\n});\nconst ssmInstanceGitRecord = new gcp.dns.RecordSet(\"ssm_instance_git_record\", {\n name: _default.hostConfigs.apply(hostConfigs =\u003e `${hostConfigs[0].gitHttp}.`),\n type: \"A\",\n ttl: 300,\n managedZone: privateZone.name,\n rrdatas: [fwRuleServiceAttachment.ipAddress],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\nproject = gcp.organizations.get_project()\nca_pool = gcp.certificateauthority.CaPool(\"ca_pool\",\n name=\"ca-pool\",\n location=\"us-central1\",\n tier=\"ENTERPRISE\",\n publishing_options={\n \"publish_ca_cert\": True,\n \"publish_crl\": True,\n })\nroot_ca = gcp.certificateauthority.Authority(\"root_ca\",\n pool=ca_pool.name,\n certificate_authority_id=\"root-ca\",\n location=\"us-central1\",\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"google\",\n \"common_name\": \"my-certificate-authority\",\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {\n \"server_auth\": True,\n },\n },\n },\n },\n key_spec={\n \"algorithm\": \"RSA_PKCS1_4096_SHA256\",\n },\n deletion_protection=False,\n ignore_active_certificates_on_deletion=True,\n skip_grace_period=True)\nca_pool_binding = gcp.certificateauthority.CaPoolIamBinding(\"ca_pool_binding\",\n ca_pool=ca_pool.id,\n role=\"roles/privateca.certificateRequester\",\n members=[f\"serviceAccount:service-{project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com\"])\n# ca pool IAM permissions can take time to propagate\nwait120_seconds = time.index.Sleep(\"wait_120_seconds\", create_duration=120s,\nopts = pulumi.ResourceOptions(depends_on=[ca_pool_binding]))\n# See https://cloud.google.com/secure-source-manager/docs/create-private-service-connect-instance#root-ca-api\ndefault = gcp.securesourcemanager.Instance(\"default\",\n instance_id=\"my-instance\",\n location=\"us-central1\",\n private_config={\n \"is_private\": True,\n \"ca_pool\": ca_pool.id,\n },\n opts = pulumi.ResourceOptions(depends_on=[\n root_ca,\n wait120_seconds,\n ]))\n# Connect SSM private instance with endpoint.\nnetwork = gcp.compute.Network(\"network\",\n name=\"my-network\",\n auto_create_subnetworks=False)\nsubnet = gcp.compute.Subnetwork(\"subnet\",\n name=\"my-subnet\",\n region=\"us-central1\",\n network=network.id,\n ip_cidr_range=\"10.0.60.0/24\",\n private_ip_google_access=True)\naddress = gcp.compute.Address(\"address\",\n name=\"my-address\",\n region=\"us-central1\",\n address=\"10.0.60.100\",\n address_type=\"INTERNAL\",\n subnetwork=subnet.id)\nfw_rule_service_attachment = gcp.compute.ForwardingRule(\"fw_rule_service_attachment\",\n name=\"fw-rule-service-attachment\",\n region=\"us-central1\",\n load_balancing_scheme=\"\",\n ip_address=address.id,\n network=network.id,\n target=default.private_config.http_service_attachment)\nprivate_zone = gcp.dns.ManagedZone(\"private_zone\",\n name=\"my-dns-zone\",\n dns_name=\"p.sourcemanager.dev.\",\n visibility=\"private\",\n private_visibility_config={\n \"networks\": [{\n \"network_url\": network.id,\n }],\n })\nssm_instance_html_record = gcp.dns.RecordSet(\"ssm_instance_html_record\",\n name=default.host_configs.apply(lambda host_configs: f\"{host_configs[0].html}.\"),\n type=\"A\",\n ttl=300,\n managed_zone=private_zone.name,\n rrdatas=[fw_rule_service_attachment.ip_address])\nssm_instance_api_record = gcp.dns.RecordSet(\"ssm_instance_api_record\",\n name=default.host_configs.apply(lambda host_configs: f\"{host_configs[0].api}.\"),\n type=\"A\",\n ttl=300,\n managed_zone=private_zone.name,\n rrdatas=[fw_rule_service_attachment.ip_address])\nssm_instance_git_record = gcp.dns.RecordSet(\"ssm_instance_git_record\",\n name=default.host_configs.apply(lambda host_configs: f\"{host_configs[0].git_http}.\"),\n type=\"A\",\n ttl=300,\n managed_zone=private_zone.name,\n rrdatas=[fw_rule_service_attachment.ip_address])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var caPool = new Gcp.CertificateAuthority.CaPool(\"ca_pool\", new()\n {\n Name = \"ca-pool\",\n Location = \"us-central1\",\n Tier = \"ENTERPRISE\",\n PublishingOptions = new Gcp.CertificateAuthority.Inputs.CaPoolPublishingOptionsArgs\n {\n PublishCaCert = true,\n PublishCrl = true,\n },\n });\n\n var rootCa = new Gcp.CertificateAuthority.Authority(\"root_ca\", new()\n {\n Pool = caPool.Name,\n CertificateAuthorityId = \"root-ca\",\n Location = \"us-central1\",\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"google\",\n CommonName = \"my-certificate-authority\",\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = true,\n },\n },\n },\n },\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n Algorithm = \"RSA_PKCS1_4096_SHA256\",\n },\n DeletionProtection = false,\n IgnoreActiveCertificatesOnDeletion = true,\n SkipGracePeriod = true,\n });\n\n var caPoolBinding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"ca_pool_binding\", new()\n {\n CaPool = caPool.Id,\n Role = \"roles/privateca.certificateRequester\",\n Members = new[]\n {\n $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-sourcemanager.iam.gserviceaccount.com\",\n },\n });\n\n // ca pool IAM permissions can take time to propagate\n var wait120Seconds = new Time.Index.Sleep(\"wait_120_seconds\", new()\n {\n CreateDuration = \"120s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n caPoolBinding,\n },\n });\n\n // See https://cloud.google.com/secure-source-manager/docs/create-private-service-connect-instance#root-ca-api\n var @default = new Gcp.SecureSourceManager.Instance(\"default\", new()\n {\n InstanceId = \"my-instance\",\n Location = \"us-central1\",\n PrivateConfig = new Gcp.SecureSourceManager.Inputs.InstancePrivateConfigArgs\n {\n IsPrivate = true,\n CaPool = caPool.Id,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n rootCa,\n wait120Seconds,\n },\n });\n\n // Connect SSM private instance with endpoint.\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"my-network\",\n AutoCreateSubnetworks = false,\n });\n\n var subnet = new Gcp.Compute.Subnetwork(\"subnet\", new()\n {\n Name = \"my-subnet\",\n Region = \"us-central1\",\n Network = network.Id,\n IpCidrRange = \"10.0.60.0/24\",\n PrivateIpGoogleAccess = true,\n });\n\n var address = new Gcp.Compute.Address(\"address\", new()\n {\n Name = \"my-address\",\n Region = \"us-central1\",\n IPAddress = \"10.0.60.100\",\n AddressType = \"INTERNAL\",\n Subnetwork = subnet.Id,\n });\n\n var fwRuleServiceAttachment = new Gcp.Compute.ForwardingRule(\"fw_rule_service_attachment\", new()\n {\n Name = \"fw-rule-service-attachment\",\n Region = \"us-central1\",\n LoadBalancingScheme = \"\",\n IpAddress = address.Id,\n Network = network.Id,\n Target = @default.PrivateConfig.Apply(privateConfig =\u003e privateConfig?.HttpServiceAttachment),\n });\n\n var privateZone = new Gcp.Dns.ManagedZone(\"private_zone\", new()\n {\n Name = \"my-dns-zone\",\n DnsName = \"p.sourcemanager.dev.\",\n Visibility = \"private\",\n PrivateVisibilityConfig = new Gcp.Dns.Inputs.ManagedZonePrivateVisibilityConfigArgs\n {\n Networks = new[]\n {\n new Gcp.Dns.Inputs.ManagedZonePrivateVisibilityConfigNetworkArgs\n {\n NetworkUrl = network.Id,\n },\n },\n },\n });\n\n var ssmInstanceHtmlRecord = new Gcp.Dns.RecordSet(\"ssm_instance_html_record\", new()\n {\n Name = @default.HostConfigs.Apply(hostConfigs =\u003e $\"{hostConfigs[0].Html}.\"),\n Type = \"A\",\n Ttl = 300,\n ManagedZone = privateZone.Name,\n Rrdatas = new[]\n {\n fwRuleServiceAttachment.IpAddress,\n },\n });\n\n var ssmInstanceApiRecord = new Gcp.Dns.RecordSet(\"ssm_instance_api_record\", new()\n {\n Name = @default.HostConfigs.Apply(hostConfigs =\u003e $\"{hostConfigs[0].Api}.\"),\n Type = \"A\",\n Ttl = 300,\n ManagedZone = privateZone.Name,\n Rrdatas = new[]\n {\n fwRuleServiceAttachment.IpAddress,\n },\n });\n\n var ssmInstanceGitRecord = new Gcp.Dns.RecordSet(\"ssm_instance_git_record\", new()\n {\n Name = @default.HostConfigs.Apply(hostConfigs =\u003e $\"{hostConfigs[0].GitHttp}.\"),\n Type = \"A\",\n Ttl = 300,\n ManagedZone = privateZone.Name,\n Rrdatas = new[]\n {\n fwRuleServiceAttachment.IpAddress,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcaPool, err := certificateauthority.NewCaPool(ctx, \"ca_pool\", \u0026certificateauthority.CaPoolArgs{\n\t\t\tName: pulumi.String(\"ca-pool\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTier: pulumi.String(\"ENTERPRISE\"),\n\t\t\tPublishingOptions: \u0026certificateauthority.CaPoolPublishingOptionsArgs{\n\t\t\t\tPublishCaCert: pulumi.Bool(true),\n\t\t\t\tPublishCrl: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trootCa, err := certificateauthority.NewAuthority(ctx, \"root_ca\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tPool: caPool.Name,\n\t\t\tCertificateAuthorityId: pulumi.String(\"root-ca\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"google\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-certificate-authority\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_PKCS1_4096_SHA256\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tIgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),\n\t\t\tSkipGracePeriod: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcaPoolBinding, err := certificateauthority.NewCaPoolIamBinding(ctx, \"ca_pool_binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: caPool.ID(),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateRequester\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-sourcemanager.iam.gserviceaccount.com\", project.Number),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// ca pool IAM permissions can take time to propagate\n\t\twait120Seconds, err := time.NewSleep(ctx, \"wait_120_seconds\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"120s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcaPoolBinding,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// See https://cloud.google.com/secure-source-manager/docs/create-private-service-connect-instance#root-ca-api\n\t\t_, err = securesourcemanager.NewInstance(ctx, \"default\", \u0026securesourcemanager.InstanceArgs{\n\t\t\tInstanceId: pulumi.String(\"my-instance\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPrivateConfig: \u0026securesourcemanager.InstancePrivateConfigArgs{\n\t\t\t\tIsPrivate: pulumi.Bool(true),\n\t\t\t\tCaPool: caPool.ID(),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\trootCa,\n\t\t\twait120Seconds,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Connect SSM private instance with endpoint.\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubnet, err := compute.NewSubnetwork(ctx, \"subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"my-subnet\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: network.ID(),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.60.0/24\"),\n\t\t\tPrivateIpGoogleAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\taddress, err := compute.NewAddress(ctx, \"address\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"my-address\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tAddress: pulumi.String(\"10.0.60.100\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tSubnetwork: subnet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfwRuleServiceAttachment, err := compute.NewForwardingRule(ctx, \"fw_rule_service_attachment\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"fw-rule-service-attachment\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"\"),\n\t\t\tIpAddress: address.ID(),\n\t\t\tNetwork: network.ID(),\n\t\t\tTarget: pulumi.String(_default.PrivateConfig.ApplyT(func(privateConfig securesourcemanager.InstancePrivateConfig) (*string, error) {\n\t\t\t\treturn \u0026privateConfig.HttpServiceAttachment, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateZone, err := dns.NewManagedZone(ctx, \"private_zone\", \u0026dns.ManagedZoneArgs{\n\t\t\tName: pulumi.String(\"my-dns-zone\"),\n\t\t\tDnsName: pulumi.String(\"p.sourcemanager.dev.\"),\n\t\t\tVisibility: pulumi.String(\"private\"),\n\t\t\tPrivateVisibilityConfig: \u0026dns.ManagedZonePrivateVisibilityConfigArgs{\n\t\t\t\tNetworks: dns.ManagedZonePrivateVisibilityConfigNetworkArray{\n\t\t\t\t\t\u0026dns.ManagedZonePrivateVisibilityConfigNetworkArgs{\n\t\t\t\t\t\tNetworkUrl: network.ID(),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewRecordSet(ctx, \"ssm_instance_html_record\", \u0026dns.RecordSetArgs{\n\t\t\tName: _default.HostConfigs.ApplyT(func(hostConfigs []securesourcemanager.InstanceHostConfig) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v.\", hostConfigs[0].Html), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tTtl: pulumi.Int(300),\n\t\t\tManagedZone: privateZone.Name,\n\t\t\tRrdatas: pulumi.StringArray{\n\t\t\t\tfwRuleServiceAttachment.IpAddress,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewRecordSet(ctx, \"ssm_instance_api_record\", \u0026dns.RecordSetArgs{\n\t\t\tName: _default.HostConfigs.ApplyT(func(hostConfigs []securesourcemanager.InstanceHostConfig) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v.\", hostConfigs[0].Api), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tTtl: pulumi.Int(300),\n\t\t\tManagedZone: privateZone.Name,\n\t\t\tRrdatas: pulumi.StringArray{\n\t\t\t\tfwRuleServiceAttachment.IpAddress,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewRecordSet(ctx, \"ssm_instance_git_record\", \u0026dns.RecordSetArgs{\n\t\t\tName: _default.HostConfigs.ApplyT(func(hostConfigs []securesourcemanager.InstanceHostConfig) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v.\", hostConfigs[0].GitHttp), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tTtl: pulumi.Int(300),\n\t\t\tManagedZone: privateZone.Name,\n\t\t\tRrdatas: pulumi.StringArray{\n\t\t\t\tfwRuleServiceAttachment.IpAddress,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.certificateauthority.CaPool;\nimport com.pulumi.gcp.certificateauthority.CaPoolArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolPublishingOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.securesourcemanager.Instance;\nimport com.pulumi.gcp.securesourcemanager.InstanceArgs;\nimport com.pulumi.gcp.securesourcemanager.inputs.InstancePrivateConfigArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.dns.ManagedZone;\nimport com.pulumi.gcp.dns.ManagedZoneArgs;\nimport com.pulumi.gcp.dns.inputs.ManagedZonePrivateVisibilityConfigArgs;\nimport com.pulumi.gcp.dns.RecordSet;\nimport com.pulumi.gcp.dns.RecordSetArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var caPool = new CaPool(\"caPool\", CaPoolArgs.builder()\n .name(\"ca-pool\")\n .location(\"us-central1\")\n .tier(\"ENTERPRISE\")\n .publishingOptions(CaPoolPublishingOptionsArgs.builder()\n .publishCaCert(true)\n .publishCrl(true)\n .build())\n .build());\n\n var rootCa = new Authority(\"rootCa\", AuthorityArgs.builder()\n .pool(caPool.name())\n .certificateAuthorityId(\"root-ca\")\n .location(\"us-central1\")\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"google\")\n .commonName(\"my-certificate-authority\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(true)\n .build())\n .build())\n .build())\n .build())\n .keySpec(AuthorityKeySpecArgs.builder()\n .algorithm(\"RSA_PKCS1_4096_SHA256\")\n .build())\n .deletionProtection(false)\n .ignoreActiveCertificatesOnDeletion(true)\n .skipGracePeriod(true)\n .build());\n\n var caPoolBinding = new CaPoolIamBinding(\"caPoolBinding\", CaPoolIamBindingArgs.builder()\n .caPool(caPool.id())\n .role(\"roles/privateca.certificateRequester\")\n .members(String.format(\"serviceAccount:service-%s@gcp-sa-sourcemanager.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n // ca pool IAM permissions can take time to propagate\n var wait120Seconds = new Sleep(\"wait120Seconds\", SleepArgs.builder()\n .createDuration(\"120s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(caPoolBinding)\n .build());\n\n // See https://cloud.google.com/secure-source-manager/docs/create-private-service-connect-instance#root-ca-api\n var default_ = new Instance(\"default\", InstanceArgs.builder()\n .instanceId(\"my-instance\")\n .location(\"us-central1\")\n .privateConfig(InstancePrivateConfigArgs.builder()\n .isPrivate(true)\n .caPool(caPool.id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n rootCa,\n wait120Seconds)\n .build());\n\n // Connect SSM private instance with endpoint.\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"my-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var subnet = new Subnetwork(\"subnet\", SubnetworkArgs.builder()\n .name(\"my-subnet\")\n .region(\"us-central1\")\n .network(network.id())\n .ipCidrRange(\"10.0.60.0/24\")\n .privateIpGoogleAccess(true)\n .build());\n\n var address = new Address(\"address\", AddressArgs.builder()\n .name(\"my-address\")\n .region(\"us-central1\")\n .address(\"10.0.60.100\")\n .addressType(\"INTERNAL\")\n .subnetwork(subnet.id())\n .build());\n\n var fwRuleServiceAttachment = new ForwardingRule(\"fwRuleServiceAttachment\", ForwardingRuleArgs.builder()\n .name(\"fw-rule-service-attachment\")\n .region(\"us-central1\")\n .loadBalancingScheme(\"\")\n .ipAddress(address.id())\n .network(network.id())\n .target(default_.privateConfig().applyValue(privateConfig -\u003e privateConfig.httpServiceAttachment()))\n .build());\n\n var privateZone = new ManagedZone(\"privateZone\", ManagedZoneArgs.builder()\n .name(\"my-dns-zone\")\n .dnsName(\"p.sourcemanager.dev.\")\n .visibility(\"private\")\n .privateVisibilityConfig(ManagedZonePrivateVisibilityConfigArgs.builder()\n .networks(ManagedZonePrivateVisibilityConfigNetworkArgs.builder()\n .networkUrl(network.id())\n .build())\n .build())\n .build());\n\n var ssmInstanceHtmlRecord = new RecordSet(\"ssmInstanceHtmlRecord\", RecordSetArgs.builder()\n .name(default_.hostConfigs().applyValue(hostConfigs -\u003e String.format(\"%s.\", hostConfigs[0].html())))\n .type(\"A\")\n .ttl(300)\n .managedZone(privateZone.name())\n .rrdatas(fwRuleServiceAttachment.ipAddress())\n .build());\n\n var ssmInstanceApiRecord = new RecordSet(\"ssmInstanceApiRecord\", RecordSetArgs.builder()\n .name(default_.hostConfigs().applyValue(hostConfigs -\u003e String.format(\"%s.\", hostConfigs[0].api())))\n .type(\"A\")\n .ttl(300)\n .managedZone(privateZone.name())\n .rrdatas(fwRuleServiceAttachment.ipAddress())\n .build());\n\n var ssmInstanceGitRecord = new RecordSet(\"ssmInstanceGitRecord\", RecordSetArgs.builder()\n .name(default_.hostConfigs().applyValue(hostConfigs -\u003e String.format(\"%s.\", hostConfigs[0].gitHttp())))\n .type(\"A\")\n .ttl(300)\n .managedZone(privateZone.name())\n .rrdatas(fwRuleServiceAttachment.ipAddress())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n caPool:\n type: gcp:certificateauthority:CaPool\n name: ca_pool\n properties:\n name: ca-pool\n location: us-central1\n tier: ENTERPRISE\n publishingOptions:\n publishCaCert: true\n publishCrl: true\n rootCa:\n type: gcp:certificateauthority:Authority\n name: root_ca\n properties:\n pool: ${caPool.name}\n certificateAuthorityId: root-ca\n location: us-central1\n config:\n subjectConfig:\n subject:\n organization: google\n commonName: my-certificate-authority\n x509Config:\n caOptions:\n isCa: true\n keyUsage:\n baseKeyUsage:\n certSign: true\n crlSign: true\n extendedKeyUsage:\n serverAuth: true\n keySpec:\n algorithm: RSA_PKCS1_4096_SHA256\n deletionProtection: false\n ignoreActiveCertificatesOnDeletion: true\n skipGracePeriod: true\n caPoolBinding:\n type: gcp:certificateauthority:CaPoolIamBinding\n name: ca_pool_binding\n properties:\n caPool: ${caPool.id}\n role: roles/privateca.certificateRequester\n members:\n - serviceAccount:service-${project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com\n # See https://cloud.google.com/secure-source-manager/docs/create-private-service-connect-instance#root-ca-api\n default:\n type: gcp:securesourcemanager:Instance\n properties:\n instanceId: my-instance\n location: us-central1\n privateConfig:\n isPrivate: true\n caPool: ${caPool.id}\n options:\n dependson:\n - ${rootCa}\n - ${wait120Seconds}\n # ca pool IAM permissions can take time to propagate\n wait120Seconds:\n type: time:sleep\n name: wait_120_seconds\n properties:\n createDuration: 120s\n options:\n dependson:\n - ${caPoolBinding}\n # Connect SSM private instance with endpoint.\n network:\n type: gcp:compute:Network\n properties:\n name: my-network\n autoCreateSubnetworks: false\n subnet:\n type: gcp:compute:Subnetwork\n properties:\n name: my-subnet\n region: us-central1\n network: ${network.id}\n ipCidrRange: 10.0.60.0/24\n privateIpGoogleAccess: true\n address:\n type: gcp:compute:Address\n properties:\n name: my-address\n region: us-central1\n address: 10.0.60.100\n addressType: INTERNAL\n subnetwork: ${subnet.id}\n fwRuleServiceAttachment:\n type: gcp:compute:ForwardingRule\n name: fw_rule_service_attachment\n properties:\n name: fw-rule-service-attachment\n region: us-central1\n loadBalancingScheme:\n ipAddress: ${address.id}\n network: ${network.id}\n target: ${default.privateConfig.httpServiceAttachment}\n privateZone:\n type: gcp:dns:ManagedZone\n name: private_zone\n properties:\n name: my-dns-zone\n dnsName: p.sourcemanager.dev.\n visibility: private\n privateVisibilityConfig:\n networks:\n - networkUrl: ${network.id}\n ssmInstanceHtmlRecord:\n type: gcp:dns:RecordSet\n name: ssm_instance_html_record\n properties:\n name: ${default.hostConfigs[0].html}.\n type: A\n ttl: 300\n managedZone: ${privateZone.name}\n rrdatas:\n - ${fwRuleServiceAttachment.ipAddress}\n ssmInstanceApiRecord:\n type: gcp:dns:RecordSet\n name: ssm_instance_api_record\n properties:\n name: ${default.hostConfigs[0].api}.\n type: A\n ttl: 300\n managedZone: ${privateZone.name}\n rrdatas:\n - ${fwRuleServiceAttachment.ipAddress}\n ssmInstanceGitRecord:\n type: gcp:dns:RecordSet\n name: ssm_instance_git_record\n properties:\n name: ${default.hostConfigs[0].gitHttp}.\n type: A\n ttl: 300\n managedZone: ${privateZone.name}\n rrdatas:\n - ${fwRuleServiceAttachment.ipAddress}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Secure Source Manager Instance Workforce Identity Federation\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.securesourcemanager.Instance(\"default\", {\n location: \"us-central1\",\n instanceId: \"my-instance\",\n workforceIdentityFederationConfig: {\n enabled: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.securesourcemanager.Instance(\"default\",\n location=\"us-central1\",\n instance_id=\"my-instance\",\n workforce_identity_federation_config={\n \"enabled\": True,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.SecureSourceManager.Instance(\"default\", new()\n {\n Location = \"us-central1\",\n InstanceId = \"my-instance\",\n WorkforceIdentityFederationConfig = new Gcp.SecureSourceManager.Inputs.InstanceWorkforceIdentityFederationConfigArgs\n {\n Enabled = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securesourcemanager.NewInstance(ctx, \"default\", \u0026securesourcemanager.InstanceArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tInstanceId: pulumi.String(\"my-instance\"),\n\t\t\tWorkforceIdentityFederationConfig: \u0026securesourcemanager.InstanceWorkforceIdentityFederationConfigArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securesourcemanager.Instance;\nimport com.pulumi.gcp.securesourcemanager.InstanceArgs;\nimport com.pulumi.gcp.securesourcemanager.inputs.InstanceWorkforceIdentityFederationConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Instance(\"default\", InstanceArgs.builder()\n .location(\"us-central1\")\n .instanceId(\"my-instance\")\n .workforceIdentityFederationConfig(InstanceWorkforceIdentityFederationConfigArgs.builder()\n .enabled(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:securesourcemanager:Instance\n properties:\n location: us-central1\n instanceId: my-instance\n workforceIdentityFederationConfig:\n enabled: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInstance can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/instances/{{instance_id}}`\n\n* `{{project}}/{{location}}/{{instance_id}}`\n\n* `{{location}}/{{instance_id}}`\n\n* `{{instance_id}}`\n\nWhen using the `pulumi import` command, Instance can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:securesourcemanager/instance:Instance default projects/{{project}}/locations/{{location}}/instances/{{instance_id}}\n```\n\n```sh\n$ pulumi import gcp:securesourcemanager/instance:Instance default {{project}}/{{location}}/{{instance_id}}\n```\n\n```sh\n$ pulumi import gcp:securesourcemanager/instance:Instance default {{location}}/{{instance_id}}\n```\n\n```sh\n$ pulumi import gcp:securesourcemanager/instance:Instance default {{instance_id}}\n```\n\n", + "description": "Instances are deployed to an available Google Cloud region and are accessible via their web interface.\n\n\nTo get more information about Instance, see:\n\n* [API documentation](https://cloud.google.com/secure-source-manager/docs/reference/rest/v1/projects.locations.instances)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/secure-source-manager/docs/create-instance)\n\n## Example Usage\n\n### Secure Source Manager Instance Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.securesourcemanager.Instance(\"default\", {\n location: \"us-central1\",\n instanceId: \"my-instance\",\n labels: {\n foo: \"bar\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.securesourcemanager.Instance(\"default\",\n location=\"us-central1\",\n instance_id=\"my-instance\",\n labels={\n \"foo\": \"bar\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.SecureSourceManager.Instance(\"default\", new()\n {\n Location = \"us-central1\",\n InstanceId = \"my-instance\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securesourcemanager.NewInstance(ctx, \"default\", \u0026securesourcemanager.InstanceArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tInstanceId: pulumi.String(\"my-instance\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securesourcemanager.Instance;\nimport com.pulumi.gcp.securesourcemanager.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Instance(\"default\", InstanceArgs.builder()\n .location(\"us-central1\")\n .instanceId(\"my-instance\")\n .labels(Map.of(\"foo\", \"bar\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:securesourcemanager:Instance\n properties:\n location: us-central1\n instanceId: my-instance\n labels:\n foo: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Secure Source Manager Instance Cmek\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRing(\"key_ring\", {\n name: \"my-keyring\",\n location: \"us-central1\",\n});\nconst cryptoKey = new gcp.kms.CryptoKey(\"crypto_key\", {\n name: \"my-key\",\n keyRing: keyRing.id,\n});\nconst project = gcp.organizations.getProject({});\nconst cryptoKeyBinding = new gcp.kms.CryptoKeyIAMMember(\"crypto_key_binding\", {\n cryptoKeyId: cryptoKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com`),\n});\nconst _default = new gcp.securesourcemanager.Instance(\"default\", {\n location: \"us-central1\",\n instanceId: \"my-instance\",\n kmsKey: cryptoKey.id,\n}, {\n dependsOn: [cryptoKeyBinding],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRing(\"key_ring\",\n name=\"my-keyring\",\n location=\"us-central1\")\ncrypto_key = gcp.kms.CryptoKey(\"crypto_key\",\n name=\"my-key\",\n key_ring=key_ring.id)\nproject = gcp.organizations.get_project()\ncrypto_key_binding = gcp.kms.CryptoKeyIAMMember(\"crypto_key_binding\",\n crypto_key_id=crypto_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com\")\ndefault = gcp.securesourcemanager.Instance(\"default\",\n location=\"us-central1\",\n instance_id=\"my-instance\",\n kms_key=crypto_key.id,\n opts = pulumi.ResourceOptions(depends_on=[crypto_key_binding]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRing(\"key_ring\", new()\n {\n Name = \"my-keyring\",\n Location = \"us-central1\",\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKey(\"crypto_key\", new()\n {\n Name = \"my-key\",\n KeyRing = keyRing.Id,\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var cryptoKeyBinding = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key_binding\", new()\n {\n CryptoKeyId = cryptoKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-sourcemanager.iam.gserviceaccount.com\",\n });\n\n var @default = new Gcp.SecureSourceManager.Instance(\"default\", new()\n {\n Location = \"us-central1\",\n InstanceId = \"my-instance\",\n KmsKey = cryptoKey.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n cryptoKeyBinding,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyRing, err := kms.NewKeyRing(ctx, \"key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"my-keyring\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKey(ctx, \"crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"my-key\"),\n\t\t\tKeyRing: keyRing.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKeyBinding, err := kms.NewCryptoKeyIAMMember(ctx, \"crypto_key_binding\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: cryptoKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-sourcemanager.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securesourcemanager.NewInstance(ctx, \"default\", \u0026securesourcemanager.InstanceArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tInstanceId: pulumi.String(\"my-instance\"),\n\t\t\tKmsKey: cryptoKey.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcryptoKeyBinding,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.securesourcemanager.Instance;\nimport com.pulumi.gcp.securesourcemanager.InstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRing(\"keyRing\", KeyRingArgs.builder()\n .name(\"my-keyring\")\n .location(\"us-central1\")\n .build());\n\n var cryptoKey = new CryptoKey(\"cryptoKey\", CryptoKeyArgs.builder()\n .name(\"my-key\")\n .keyRing(keyRing.id())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var cryptoKeyBinding = new CryptoKeyIAMMember(\"cryptoKeyBinding\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(cryptoKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-sourcemanager.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var default_ = new Instance(\"default\", InstanceArgs.builder()\n .location(\"us-central1\")\n .instanceId(\"my-instance\")\n .kmsKey(cryptoKey.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(cryptoKeyBinding)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRing\n name: key_ring\n properties:\n name: my-keyring\n location: us-central1\n cryptoKey:\n type: gcp:kms:CryptoKey\n name: crypto_key\n properties:\n name: my-key\n keyRing: ${keyRing.id}\n cryptoKeyBinding:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key_binding\n properties:\n cryptoKeyId: ${cryptoKey.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:service-${project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com\n default:\n type: gcp:securesourcemanager:Instance\n properties:\n location: us-central1\n instanceId: my-instance\n kmsKey: ${cryptoKey.id}\n options:\n dependsOn:\n - ${cryptoKeyBinding}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Secure Source Manager Instance Private\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst caPool = new gcp.certificateauthority.CaPool(\"ca_pool\", {\n name: \"ca-pool\",\n location: \"us-central1\",\n tier: \"ENTERPRISE\",\n publishingOptions: {\n publishCaCert: true,\n publishCrl: true,\n },\n});\nconst rootCa = new gcp.certificateauthority.Authority(\"root_ca\", {\n pool: caPool.name,\n certificateAuthorityId: \"root-ca\",\n location: \"us-central1\",\n config: {\n subjectConfig: {\n subject: {\n organization: \"google\",\n commonName: \"my-certificate-authority\",\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {\n serverAuth: true,\n },\n },\n },\n },\n keySpec: {\n algorithm: \"RSA_PKCS1_4096_SHA256\",\n },\n deletionProtection: false,\n ignoreActiveCertificatesOnDeletion: true,\n skipGracePeriod: true,\n});\nconst project = gcp.organizations.getProject({});\nconst caPoolBinding = new gcp.certificateauthority.CaPoolIamBinding(\"ca_pool_binding\", {\n caPool: caPool.id,\n role: \"roles/privateca.certificateRequester\",\n members: [project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com`)],\n});\n// ca pool IAM permissions can take time to propagate\nconst wait120Seconds = new time.index.Sleep(\"wait_120_seconds\", {createDuration: \"120s\"}, {\n dependsOn: [caPoolBinding],\n});\nconst _default = new gcp.securesourcemanager.Instance(\"default\", {\n instanceId: \"my-instance\",\n location: \"us-central1\",\n privateConfig: {\n isPrivate: true,\n caPool: caPool.id,\n },\n}, {\n dependsOn: [\n rootCa,\n wait120Seconds,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\nca_pool = gcp.certificateauthority.CaPool(\"ca_pool\",\n name=\"ca-pool\",\n location=\"us-central1\",\n tier=\"ENTERPRISE\",\n publishing_options={\n \"publish_ca_cert\": True,\n \"publish_crl\": True,\n })\nroot_ca = gcp.certificateauthority.Authority(\"root_ca\",\n pool=ca_pool.name,\n certificate_authority_id=\"root-ca\",\n location=\"us-central1\",\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"google\",\n \"common_name\": \"my-certificate-authority\",\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {\n \"server_auth\": True,\n },\n },\n },\n },\n key_spec={\n \"algorithm\": \"RSA_PKCS1_4096_SHA256\",\n },\n deletion_protection=False,\n ignore_active_certificates_on_deletion=True,\n skip_grace_period=True)\nproject = gcp.organizations.get_project()\nca_pool_binding = gcp.certificateauthority.CaPoolIamBinding(\"ca_pool_binding\",\n ca_pool=ca_pool.id,\n role=\"roles/privateca.certificateRequester\",\n members=[f\"serviceAccount:service-{project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com\"])\n# ca pool IAM permissions can take time to propagate\nwait120_seconds = time.index.Sleep(\"wait_120_seconds\", create_duration=120s,\nopts = pulumi.ResourceOptions(depends_on=[ca_pool_binding]))\ndefault = gcp.securesourcemanager.Instance(\"default\",\n instance_id=\"my-instance\",\n location=\"us-central1\",\n private_config={\n \"is_private\": True,\n \"ca_pool\": ca_pool.id,\n },\n opts = pulumi.ResourceOptions(depends_on=[\n root_ca,\n wait120_seconds,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var caPool = new Gcp.CertificateAuthority.CaPool(\"ca_pool\", new()\n {\n Name = \"ca-pool\",\n Location = \"us-central1\",\n Tier = \"ENTERPRISE\",\n PublishingOptions = new Gcp.CertificateAuthority.Inputs.CaPoolPublishingOptionsArgs\n {\n PublishCaCert = true,\n PublishCrl = true,\n },\n });\n\n var rootCa = new Gcp.CertificateAuthority.Authority(\"root_ca\", new()\n {\n Pool = caPool.Name,\n CertificateAuthorityId = \"root-ca\",\n Location = \"us-central1\",\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"google\",\n CommonName = \"my-certificate-authority\",\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = true,\n },\n },\n },\n },\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n Algorithm = \"RSA_PKCS1_4096_SHA256\",\n },\n DeletionProtection = false,\n IgnoreActiveCertificatesOnDeletion = true,\n SkipGracePeriod = true,\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var caPoolBinding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"ca_pool_binding\", new()\n {\n CaPool = caPool.Id,\n Role = \"roles/privateca.certificateRequester\",\n Members = new[]\n {\n $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-sourcemanager.iam.gserviceaccount.com\",\n },\n });\n\n // ca pool IAM permissions can take time to propagate\n var wait120Seconds = new Time.Index.Sleep(\"wait_120_seconds\", new()\n {\n CreateDuration = \"120s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n caPoolBinding,\n },\n });\n\n var @default = new Gcp.SecureSourceManager.Instance(\"default\", new()\n {\n InstanceId = \"my-instance\",\n Location = \"us-central1\",\n PrivateConfig = new Gcp.SecureSourceManager.Inputs.InstancePrivateConfigArgs\n {\n IsPrivate = true,\n CaPool = caPool.Id,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n rootCa,\n wait120Seconds,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcaPool, err := certificateauthority.NewCaPool(ctx, \"ca_pool\", \u0026certificateauthority.CaPoolArgs{\n\t\t\tName: pulumi.String(\"ca-pool\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTier: pulumi.String(\"ENTERPRISE\"),\n\t\t\tPublishingOptions: \u0026certificateauthority.CaPoolPublishingOptionsArgs{\n\t\t\t\tPublishCaCert: pulumi.Bool(true),\n\t\t\t\tPublishCrl: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trootCa, err := certificateauthority.NewAuthority(ctx, \"root_ca\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tPool: caPool.Name,\n\t\t\tCertificateAuthorityId: pulumi.String(\"root-ca\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"google\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-certificate-authority\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_PKCS1_4096_SHA256\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tIgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),\n\t\t\tSkipGracePeriod: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcaPoolBinding, err := certificateauthority.NewCaPoolIamBinding(ctx, \"ca_pool_binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: caPool.ID(),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateRequester\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-sourcemanager.iam.gserviceaccount.com\", project.Number),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// ca pool IAM permissions can take time to propagate\n\t\twait120Seconds, err := time.NewSleep(ctx, \"wait_120_seconds\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"120s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcaPoolBinding,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securesourcemanager.NewInstance(ctx, \"default\", \u0026securesourcemanager.InstanceArgs{\n\t\t\tInstanceId: pulumi.String(\"my-instance\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPrivateConfig: \u0026securesourcemanager.InstancePrivateConfigArgs{\n\t\t\t\tIsPrivate: pulumi.Bool(true),\n\t\t\t\tCaPool: caPool.ID(),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\trootCa,\n\t\t\twait120Seconds,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPool;\nimport com.pulumi.gcp.certificateauthority.CaPoolArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolPublishingOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.securesourcemanager.Instance;\nimport com.pulumi.gcp.securesourcemanager.InstanceArgs;\nimport com.pulumi.gcp.securesourcemanager.inputs.InstancePrivateConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var caPool = new CaPool(\"caPool\", CaPoolArgs.builder()\n .name(\"ca-pool\")\n .location(\"us-central1\")\n .tier(\"ENTERPRISE\")\n .publishingOptions(CaPoolPublishingOptionsArgs.builder()\n .publishCaCert(true)\n .publishCrl(true)\n .build())\n .build());\n\n var rootCa = new Authority(\"rootCa\", AuthorityArgs.builder()\n .pool(caPool.name())\n .certificateAuthorityId(\"root-ca\")\n .location(\"us-central1\")\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"google\")\n .commonName(\"my-certificate-authority\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(true)\n .build())\n .build())\n .build())\n .build())\n .keySpec(AuthorityKeySpecArgs.builder()\n .algorithm(\"RSA_PKCS1_4096_SHA256\")\n .build())\n .deletionProtection(false)\n .ignoreActiveCertificatesOnDeletion(true)\n .skipGracePeriod(true)\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var caPoolBinding = new CaPoolIamBinding(\"caPoolBinding\", CaPoolIamBindingArgs.builder()\n .caPool(caPool.id())\n .role(\"roles/privateca.certificateRequester\")\n .members(String.format(\"serviceAccount:service-%s@gcp-sa-sourcemanager.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n // ca pool IAM permissions can take time to propagate\n var wait120Seconds = new Sleep(\"wait120Seconds\", SleepArgs.builder()\n .createDuration(\"120s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(caPoolBinding)\n .build());\n\n var default_ = new Instance(\"default\", InstanceArgs.builder()\n .instanceId(\"my-instance\")\n .location(\"us-central1\")\n .privateConfig(InstancePrivateConfigArgs.builder()\n .isPrivate(true)\n .caPool(caPool.id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n rootCa,\n wait120Seconds)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n caPool:\n type: gcp:certificateauthority:CaPool\n name: ca_pool\n properties:\n name: ca-pool\n location: us-central1\n tier: ENTERPRISE\n publishingOptions:\n publishCaCert: true\n publishCrl: true\n rootCa:\n type: gcp:certificateauthority:Authority\n name: root_ca\n properties:\n pool: ${caPool.name}\n certificateAuthorityId: root-ca\n location: us-central1\n config:\n subjectConfig:\n subject:\n organization: google\n commonName: my-certificate-authority\n x509Config:\n caOptions:\n isCa: true\n keyUsage:\n baseKeyUsage:\n certSign: true\n crlSign: true\n extendedKeyUsage:\n serverAuth: true\n keySpec:\n algorithm: RSA_PKCS1_4096_SHA256\n deletionProtection: false\n ignoreActiveCertificatesOnDeletion: true\n skipGracePeriod: true\n caPoolBinding:\n type: gcp:certificateauthority:CaPoolIamBinding\n name: ca_pool_binding\n properties:\n caPool: ${caPool.id}\n role: roles/privateca.certificateRequester\n members:\n - serviceAccount:service-${project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com\n default:\n type: gcp:securesourcemanager:Instance\n properties:\n instanceId: my-instance\n location: us-central1\n privateConfig:\n isPrivate: true\n caPool: ${caPool.id}\n options:\n dependsOn:\n - ${rootCa}\n - ${wait120Seconds}\n # ca pool IAM permissions can take time to propagate\n wait120Seconds:\n type: time:sleep\n name: wait_120_seconds\n properties:\n createDuration: 120s\n options:\n dependsOn:\n - ${caPoolBinding}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Secure Source Manager Instance Private Psc Backend\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst project = gcp.organizations.getProject({});\nconst caPool = new gcp.certificateauthority.CaPool(\"ca_pool\", {\n name: \"ca-pool\",\n location: \"us-central1\",\n tier: \"ENTERPRISE\",\n publishingOptions: {\n publishCaCert: true,\n publishCrl: true,\n },\n});\nconst rootCa = new gcp.certificateauthority.Authority(\"root_ca\", {\n pool: caPool.name,\n certificateAuthorityId: \"root-ca\",\n location: \"us-central1\",\n config: {\n subjectConfig: {\n subject: {\n organization: \"google\",\n commonName: \"my-certificate-authority\",\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {\n serverAuth: true,\n },\n },\n },\n },\n keySpec: {\n algorithm: \"RSA_PKCS1_4096_SHA256\",\n },\n deletionProtection: false,\n ignoreActiveCertificatesOnDeletion: true,\n skipGracePeriod: true,\n});\nconst caPoolBinding = new gcp.certificateauthority.CaPoolIamBinding(\"ca_pool_binding\", {\n caPool: caPool.id,\n role: \"roles/privateca.certificateRequester\",\n members: [project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com`)],\n});\n// ca pool IAM permissions can take time to propagate\nconst wait120Seconds = new time.index.Sleep(\"wait_120_seconds\", {createDuration: \"120s\"}, {\n dependsOn: [caPoolBinding],\n});\n// See https://cloud.google.com/secure-source-manager/docs/create-private-service-connect-instance#root-ca-api\nconst _default = new gcp.securesourcemanager.Instance(\"default\", {\n instanceId: \"my-instance\",\n location: \"us-central1\",\n privateConfig: {\n isPrivate: true,\n caPool: caPool.id,\n },\n}, {\n dependsOn: [\n rootCa,\n wait120Seconds,\n ],\n});\n// Connect SSM private instance with L4 proxy ILB.\nconst network = new gcp.compute.Network(\"network\", {\n name: \"my-network\",\n autoCreateSubnetworks: false,\n});\nconst subnet = new gcp.compute.Subnetwork(\"subnet\", {\n name: \"my-subnet\",\n region: \"us-central1\",\n network: network.id,\n ipCidrRange: \"10.0.1.0/24\",\n privateIpGoogleAccess: true,\n});\nconst pscNeg = new gcp.compute.RegionNetworkEndpointGroup(\"psc_neg\", {\n name: \"my-neg\",\n region: \"us-central1\",\n networkEndpointType: \"PRIVATE_SERVICE_CONNECT\",\n pscTargetService: _default.privateConfig.apply(privateConfig =\u003e privateConfig?.httpServiceAttachment),\n network: network.id,\n subnetwork: subnet.id,\n});\nconst backendService = new gcp.compute.RegionBackendService(\"backend_service\", {\n name: \"my-backend-service\",\n region: \"us-central1\",\n protocol: \"TCP\",\n loadBalancingScheme: \"INTERNAL_MANAGED\",\n backends: [{\n group: pscNeg.id,\n balancingMode: \"UTILIZATION\",\n capacityScaler: 1,\n }],\n});\nconst proxySubnet = new gcp.compute.Subnetwork(\"proxy_subnet\", {\n name: \"my-proxy-subnet\",\n region: \"us-central1\",\n network: network.id,\n ipCidrRange: \"10.0.2.0/24\",\n purpose: \"REGIONAL_MANAGED_PROXY\",\n role: \"ACTIVE\",\n});\nconst targetProxy = new gcp.compute.RegionTargetTcpProxy(\"target_proxy\", {\n name: \"my-target-proxy\",\n region: \"us-central1\",\n backendService: backendService.id,\n});\nconst fwRuleTargetProxy = new gcp.compute.ForwardingRule(\"fw_rule_target_proxy\", {\n name: \"fw-rule-target-proxy\",\n region: \"us-central1\",\n loadBalancingScheme: \"INTERNAL_MANAGED\",\n ipProtocol: \"TCP\",\n portRange: \"443\",\n target: targetProxy.id,\n network: network.id,\n subnetwork: subnet.id,\n networkTier: \"PREMIUM\",\n}, {\n dependsOn: [proxySubnet],\n});\nconst privateZone = new gcp.dns.ManagedZone(\"private_zone\", {\n name: \"my-dns-zone\",\n dnsName: \"p.sourcemanager.dev.\",\n visibility: \"private\",\n privateVisibilityConfig: {\n networks: [{\n networkUrl: network.id,\n }],\n },\n});\nconst ssmInstanceHtmlRecord = new gcp.dns.RecordSet(\"ssm_instance_html_record\", {\n name: _default.hostConfigs.apply(hostConfigs =\u003e `${hostConfigs[0].html}.`),\n type: \"A\",\n ttl: 300,\n managedZone: privateZone.name,\n rrdatas: [fwRuleTargetProxy.ipAddress],\n});\nconst ssmInstanceApiRecord = new gcp.dns.RecordSet(\"ssm_instance_api_record\", {\n name: _default.hostConfigs.apply(hostConfigs =\u003e `${hostConfigs[0].api}.`),\n type: \"A\",\n ttl: 300,\n managedZone: privateZone.name,\n rrdatas: [fwRuleTargetProxy.ipAddress],\n});\nconst ssmInstanceGitRecord = new gcp.dns.RecordSet(\"ssm_instance_git_record\", {\n name: _default.hostConfigs.apply(hostConfigs =\u003e `${hostConfigs[0].gitHttp}.`),\n type: \"A\",\n ttl: 300,\n managedZone: privateZone.name,\n rrdatas: [fwRuleTargetProxy.ipAddress],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\nproject = gcp.organizations.get_project()\nca_pool = gcp.certificateauthority.CaPool(\"ca_pool\",\n name=\"ca-pool\",\n location=\"us-central1\",\n tier=\"ENTERPRISE\",\n publishing_options={\n \"publish_ca_cert\": True,\n \"publish_crl\": True,\n })\nroot_ca = gcp.certificateauthority.Authority(\"root_ca\",\n pool=ca_pool.name,\n certificate_authority_id=\"root-ca\",\n location=\"us-central1\",\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"google\",\n \"common_name\": \"my-certificate-authority\",\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {\n \"server_auth\": True,\n },\n },\n },\n },\n key_spec={\n \"algorithm\": \"RSA_PKCS1_4096_SHA256\",\n },\n deletion_protection=False,\n ignore_active_certificates_on_deletion=True,\n skip_grace_period=True)\nca_pool_binding = gcp.certificateauthority.CaPoolIamBinding(\"ca_pool_binding\",\n ca_pool=ca_pool.id,\n role=\"roles/privateca.certificateRequester\",\n members=[f\"serviceAccount:service-{project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com\"])\n# ca pool IAM permissions can take time to propagate\nwait120_seconds = time.index.Sleep(\"wait_120_seconds\", create_duration=120s,\nopts = pulumi.ResourceOptions(depends_on=[ca_pool_binding]))\n# See https://cloud.google.com/secure-source-manager/docs/create-private-service-connect-instance#root-ca-api\ndefault = gcp.securesourcemanager.Instance(\"default\",\n instance_id=\"my-instance\",\n location=\"us-central1\",\n private_config={\n \"is_private\": True,\n \"ca_pool\": ca_pool.id,\n },\n opts = pulumi.ResourceOptions(depends_on=[\n root_ca,\n wait120_seconds,\n ]))\n# Connect SSM private instance with L4 proxy ILB.\nnetwork = gcp.compute.Network(\"network\",\n name=\"my-network\",\n auto_create_subnetworks=False)\nsubnet = gcp.compute.Subnetwork(\"subnet\",\n name=\"my-subnet\",\n region=\"us-central1\",\n network=network.id,\n ip_cidr_range=\"10.0.1.0/24\",\n private_ip_google_access=True)\npsc_neg = gcp.compute.RegionNetworkEndpointGroup(\"psc_neg\",\n name=\"my-neg\",\n region=\"us-central1\",\n network_endpoint_type=\"PRIVATE_SERVICE_CONNECT\",\n psc_target_service=default.private_config.http_service_attachment,\n network=network.id,\n subnetwork=subnet.id)\nbackend_service = gcp.compute.RegionBackendService(\"backend_service\",\n name=\"my-backend-service\",\n region=\"us-central1\",\n protocol=\"TCP\",\n load_balancing_scheme=\"INTERNAL_MANAGED\",\n backends=[{\n \"group\": psc_neg.id,\n \"balancing_mode\": \"UTILIZATION\",\n \"capacity_scaler\": 1,\n }])\nproxy_subnet = gcp.compute.Subnetwork(\"proxy_subnet\",\n name=\"my-proxy-subnet\",\n region=\"us-central1\",\n network=network.id,\n ip_cidr_range=\"10.0.2.0/24\",\n purpose=\"REGIONAL_MANAGED_PROXY\",\n role=\"ACTIVE\")\ntarget_proxy = gcp.compute.RegionTargetTcpProxy(\"target_proxy\",\n name=\"my-target-proxy\",\n region=\"us-central1\",\n backend_service=backend_service.id)\nfw_rule_target_proxy = gcp.compute.ForwardingRule(\"fw_rule_target_proxy\",\n name=\"fw-rule-target-proxy\",\n region=\"us-central1\",\n load_balancing_scheme=\"INTERNAL_MANAGED\",\n ip_protocol=\"TCP\",\n port_range=\"443\",\n target=target_proxy.id,\n network=network.id,\n subnetwork=subnet.id,\n network_tier=\"PREMIUM\",\n opts = pulumi.ResourceOptions(depends_on=[proxy_subnet]))\nprivate_zone = gcp.dns.ManagedZone(\"private_zone\",\n name=\"my-dns-zone\",\n dns_name=\"p.sourcemanager.dev.\",\n visibility=\"private\",\n private_visibility_config={\n \"networks\": [{\n \"network_url\": network.id,\n }],\n })\nssm_instance_html_record = gcp.dns.RecordSet(\"ssm_instance_html_record\",\n name=default.host_configs.apply(lambda host_configs: f\"{host_configs[0].html}.\"),\n type=\"A\",\n ttl=300,\n managed_zone=private_zone.name,\n rrdatas=[fw_rule_target_proxy.ip_address])\nssm_instance_api_record = gcp.dns.RecordSet(\"ssm_instance_api_record\",\n name=default.host_configs.apply(lambda host_configs: f\"{host_configs[0].api}.\"),\n type=\"A\",\n ttl=300,\n managed_zone=private_zone.name,\n rrdatas=[fw_rule_target_proxy.ip_address])\nssm_instance_git_record = gcp.dns.RecordSet(\"ssm_instance_git_record\",\n name=default.host_configs.apply(lambda host_configs: f\"{host_configs[0].git_http}.\"),\n type=\"A\",\n ttl=300,\n managed_zone=private_zone.name,\n rrdatas=[fw_rule_target_proxy.ip_address])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var caPool = new Gcp.CertificateAuthority.CaPool(\"ca_pool\", new()\n {\n Name = \"ca-pool\",\n Location = \"us-central1\",\n Tier = \"ENTERPRISE\",\n PublishingOptions = new Gcp.CertificateAuthority.Inputs.CaPoolPublishingOptionsArgs\n {\n PublishCaCert = true,\n PublishCrl = true,\n },\n });\n\n var rootCa = new Gcp.CertificateAuthority.Authority(\"root_ca\", new()\n {\n Pool = caPool.Name,\n CertificateAuthorityId = \"root-ca\",\n Location = \"us-central1\",\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"google\",\n CommonName = \"my-certificate-authority\",\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = true,\n },\n },\n },\n },\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n Algorithm = \"RSA_PKCS1_4096_SHA256\",\n },\n DeletionProtection = false,\n IgnoreActiveCertificatesOnDeletion = true,\n SkipGracePeriod = true,\n });\n\n var caPoolBinding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"ca_pool_binding\", new()\n {\n CaPool = caPool.Id,\n Role = \"roles/privateca.certificateRequester\",\n Members = new[]\n {\n $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-sourcemanager.iam.gserviceaccount.com\",\n },\n });\n\n // ca pool IAM permissions can take time to propagate\n var wait120Seconds = new Time.Index.Sleep(\"wait_120_seconds\", new()\n {\n CreateDuration = \"120s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n caPoolBinding,\n },\n });\n\n // See https://cloud.google.com/secure-source-manager/docs/create-private-service-connect-instance#root-ca-api\n var @default = new Gcp.SecureSourceManager.Instance(\"default\", new()\n {\n InstanceId = \"my-instance\",\n Location = \"us-central1\",\n PrivateConfig = new Gcp.SecureSourceManager.Inputs.InstancePrivateConfigArgs\n {\n IsPrivate = true,\n CaPool = caPool.Id,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n rootCa,\n wait120Seconds,\n },\n });\n\n // Connect SSM private instance with L4 proxy ILB.\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"my-network\",\n AutoCreateSubnetworks = false,\n });\n\n var subnet = new Gcp.Compute.Subnetwork(\"subnet\", new()\n {\n Name = \"my-subnet\",\n Region = \"us-central1\",\n Network = network.Id,\n IpCidrRange = \"10.0.1.0/24\",\n PrivateIpGoogleAccess = true,\n });\n\n var pscNeg = new Gcp.Compute.RegionNetworkEndpointGroup(\"psc_neg\", new()\n {\n Name = \"my-neg\",\n Region = \"us-central1\",\n NetworkEndpointType = \"PRIVATE_SERVICE_CONNECT\",\n PscTargetService = @default.PrivateConfig.Apply(privateConfig =\u003e privateConfig?.HttpServiceAttachment),\n Network = network.Id,\n Subnetwork = subnet.Id,\n });\n\n var backendService = new Gcp.Compute.RegionBackendService(\"backend_service\", new()\n {\n Name = \"my-backend-service\",\n Region = \"us-central1\",\n Protocol = \"TCP\",\n LoadBalancingScheme = \"INTERNAL_MANAGED\",\n Backends = new[]\n {\n new Gcp.Compute.Inputs.RegionBackendServiceBackendArgs\n {\n Group = pscNeg.Id,\n BalancingMode = \"UTILIZATION\",\n CapacityScaler = 1,\n },\n },\n });\n\n var proxySubnet = new Gcp.Compute.Subnetwork(\"proxy_subnet\", new()\n {\n Name = \"my-proxy-subnet\",\n Region = \"us-central1\",\n Network = network.Id,\n IpCidrRange = \"10.0.2.0/24\",\n Purpose = \"REGIONAL_MANAGED_PROXY\",\n Role = \"ACTIVE\",\n });\n\n var targetProxy = new Gcp.Compute.RegionTargetTcpProxy(\"target_proxy\", new()\n {\n Name = \"my-target-proxy\",\n Region = \"us-central1\",\n BackendService = backendService.Id,\n });\n\n var fwRuleTargetProxy = new Gcp.Compute.ForwardingRule(\"fw_rule_target_proxy\", new()\n {\n Name = \"fw-rule-target-proxy\",\n Region = \"us-central1\",\n LoadBalancingScheme = \"INTERNAL_MANAGED\",\n IpProtocol = \"TCP\",\n PortRange = \"443\",\n Target = targetProxy.Id,\n Network = network.Id,\n Subnetwork = subnet.Id,\n NetworkTier = \"PREMIUM\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n proxySubnet,\n },\n });\n\n var privateZone = new Gcp.Dns.ManagedZone(\"private_zone\", new()\n {\n Name = \"my-dns-zone\",\n DnsName = \"p.sourcemanager.dev.\",\n Visibility = \"private\",\n PrivateVisibilityConfig = new Gcp.Dns.Inputs.ManagedZonePrivateVisibilityConfigArgs\n {\n Networks = new[]\n {\n new Gcp.Dns.Inputs.ManagedZonePrivateVisibilityConfigNetworkArgs\n {\n NetworkUrl = network.Id,\n },\n },\n },\n });\n\n var ssmInstanceHtmlRecord = new Gcp.Dns.RecordSet(\"ssm_instance_html_record\", new()\n {\n Name = @default.HostConfigs.Apply(hostConfigs =\u003e $\"{hostConfigs[0].Html}.\"),\n Type = \"A\",\n Ttl = 300,\n ManagedZone = privateZone.Name,\n Rrdatas = new[]\n {\n fwRuleTargetProxy.IpAddress,\n },\n });\n\n var ssmInstanceApiRecord = new Gcp.Dns.RecordSet(\"ssm_instance_api_record\", new()\n {\n Name = @default.HostConfigs.Apply(hostConfigs =\u003e $\"{hostConfigs[0].Api}.\"),\n Type = \"A\",\n Ttl = 300,\n ManagedZone = privateZone.Name,\n Rrdatas = new[]\n {\n fwRuleTargetProxy.IpAddress,\n },\n });\n\n var ssmInstanceGitRecord = new Gcp.Dns.RecordSet(\"ssm_instance_git_record\", new()\n {\n Name = @default.HostConfigs.Apply(hostConfigs =\u003e $\"{hostConfigs[0].GitHttp}.\"),\n Type = \"A\",\n Ttl = 300,\n ManagedZone = privateZone.Name,\n Rrdatas = new[]\n {\n fwRuleTargetProxy.IpAddress,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcaPool, err := certificateauthority.NewCaPool(ctx, \"ca_pool\", \u0026certificateauthority.CaPoolArgs{\n\t\t\tName: pulumi.String(\"ca-pool\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTier: pulumi.String(\"ENTERPRISE\"),\n\t\t\tPublishingOptions: \u0026certificateauthority.CaPoolPublishingOptionsArgs{\n\t\t\t\tPublishCaCert: pulumi.Bool(true),\n\t\t\t\tPublishCrl: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trootCa, err := certificateauthority.NewAuthority(ctx, \"root_ca\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tPool: caPool.Name,\n\t\t\tCertificateAuthorityId: pulumi.String(\"root-ca\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"google\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-certificate-authority\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_PKCS1_4096_SHA256\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tIgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),\n\t\t\tSkipGracePeriod: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcaPoolBinding, err := certificateauthority.NewCaPoolIamBinding(ctx, \"ca_pool_binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: caPool.ID(),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateRequester\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-sourcemanager.iam.gserviceaccount.com\", project.Number),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// ca pool IAM permissions can take time to propagate\n\t\twait120Seconds, err := time.NewSleep(ctx, \"wait_120_seconds\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"120s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcaPoolBinding,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// See https://cloud.google.com/secure-source-manager/docs/create-private-service-connect-instance#root-ca-api\n\t\t_, err = securesourcemanager.NewInstance(ctx, \"default\", \u0026securesourcemanager.InstanceArgs{\n\t\t\tInstanceId: pulumi.String(\"my-instance\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPrivateConfig: \u0026securesourcemanager.InstancePrivateConfigArgs{\n\t\t\t\tIsPrivate: pulumi.Bool(true),\n\t\t\t\tCaPool: caPool.ID(),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\trootCa,\n\t\t\twait120Seconds,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Connect SSM private instance with L4 proxy ILB.\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubnet, err := compute.NewSubnetwork(ctx, \"subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"my-subnet\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: network.ID(),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.1.0/24\"),\n\t\t\tPrivateIpGoogleAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscNeg, err := compute.NewRegionNetworkEndpointGroup(ctx, \"psc_neg\", \u0026compute.RegionNetworkEndpointGroupArgs{\n\t\t\tName: pulumi.String(\"my-neg\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetworkEndpointType: pulumi.String(\"PRIVATE_SERVICE_CONNECT\"),\n\t\t\tPscTargetService: pulumi.String(_default.PrivateConfig.ApplyT(func(privateConfig securesourcemanager.InstancePrivateConfig) (*string, error) {\n\t\t\t\treturn \u0026privateConfig.HttpServiceAttachment, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\tNetwork: network.ID(),\n\t\t\tSubnetwork: subnet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbackendService, err := compute.NewRegionBackendService(ctx, \"backend_service\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"my-backend-service\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tProtocol: pulumi.String(\"TCP\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_MANAGED\"),\n\t\t\tBackends: compute.RegionBackendServiceBackendArray{\n\t\t\t\t\u0026compute.RegionBackendServiceBackendArgs{\n\t\t\t\t\tGroup: pscNeg.ID(),\n\t\t\t\t\tBalancingMode: pulumi.String(\"UTILIZATION\"),\n\t\t\t\t\tCapacityScaler: pulumi.Float64(1),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproxySubnet, err := compute.NewSubnetwork(ctx, \"proxy_subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"my-proxy-subnet\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: network.ID(),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.2.0/24\"),\n\t\t\tPurpose: pulumi.String(\"REGIONAL_MANAGED_PROXY\"),\n\t\t\tRole: pulumi.String(\"ACTIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttargetProxy, err := compute.NewRegionTargetTcpProxy(ctx, \"target_proxy\", \u0026compute.RegionTargetTcpProxyArgs{\n\t\t\tName: pulumi.String(\"my-target-proxy\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tBackendService: backendService.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfwRuleTargetProxy, err := compute.NewForwardingRule(ctx, \"fw_rule_target_proxy\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"fw-rule-target-proxy\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_MANAGED\"),\n\t\t\tIpProtocol: pulumi.String(\"TCP\"),\n\t\t\tPortRange: pulumi.String(\"443\"),\n\t\t\tTarget: targetProxy.ID(),\n\t\t\tNetwork: network.ID(),\n\t\t\tSubnetwork: subnet.ID(),\n\t\t\tNetworkTier: pulumi.String(\"PREMIUM\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tproxySubnet,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateZone, err := dns.NewManagedZone(ctx, \"private_zone\", \u0026dns.ManagedZoneArgs{\n\t\t\tName: pulumi.String(\"my-dns-zone\"),\n\t\t\tDnsName: pulumi.String(\"p.sourcemanager.dev.\"),\n\t\t\tVisibility: pulumi.String(\"private\"),\n\t\t\tPrivateVisibilityConfig: \u0026dns.ManagedZonePrivateVisibilityConfigArgs{\n\t\t\t\tNetworks: dns.ManagedZonePrivateVisibilityConfigNetworkArray{\n\t\t\t\t\t\u0026dns.ManagedZonePrivateVisibilityConfigNetworkArgs{\n\t\t\t\t\t\tNetworkUrl: network.ID(),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewRecordSet(ctx, \"ssm_instance_html_record\", \u0026dns.RecordSetArgs{\n\t\t\tName: _default.HostConfigs.ApplyT(func(hostConfigs []securesourcemanager.InstanceHostConfig) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v.\", hostConfigs[0].Html), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tTtl: pulumi.Int(300),\n\t\t\tManagedZone: privateZone.Name,\n\t\t\tRrdatas: pulumi.StringArray{\n\t\t\t\tfwRuleTargetProxy.IpAddress,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewRecordSet(ctx, \"ssm_instance_api_record\", \u0026dns.RecordSetArgs{\n\t\t\tName: _default.HostConfigs.ApplyT(func(hostConfigs []securesourcemanager.InstanceHostConfig) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v.\", hostConfigs[0].Api), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tTtl: pulumi.Int(300),\n\t\t\tManagedZone: privateZone.Name,\n\t\t\tRrdatas: pulumi.StringArray{\n\t\t\t\tfwRuleTargetProxy.IpAddress,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewRecordSet(ctx, \"ssm_instance_git_record\", \u0026dns.RecordSetArgs{\n\t\t\tName: _default.HostConfigs.ApplyT(func(hostConfigs []securesourcemanager.InstanceHostConfig) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v.\", hostConfigs[0].GitHttp), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tTtl: pulumi.Int(300),\n\t\t\tManagedZone: privateZone.Name,\n\t\t\tRrdatas: pulumi.StringArray{\n\t\t\t\tfwRuleTargetProxy.IpAddress,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.certificateauthority.CaPool;\nimport com.pulumi.gcp.certificateauthority.CaPoolArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolPublishingOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.securesourcemanager.Instance;\nimport com.pulumi.gcp.securesourcemanager.InstanceArgs;\nimport com.pulumi.gcp.securesourcemanager.inputs.InstancePrivateConfigArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.RegionNetworkEndpointGroup;\nimport com.pulumi.gcp.compute.RegionNetworkEndpointGroupArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs;\nimport com.pulumi.gcp.compute.RegionTargetTcpProxy;\nimport com.pulumi.gcp.compute.RegionTargetTcpProxyArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.dns.ManagedZone;\nimport com.pulumi.gcp.dns.ManagedZoneArgs;\nimport com.pulumi.gcp.dns.inputs.ManagedZonePrivateVisibilityConfigArgs;\nimport com.pulumi.gcp.dns.RecordSet;\nimport com.pulumi.gcp.dns.RecordSetArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var caPool = new CaPool(\"caPool\", CaPoolArgs.builder()\n .name(\"ca-pool\")\n .location(\"us-central1\")\n .tier(\"ENTERPRISE\")\n .publishingOptions(CaPoolPublishingOptionsArgs.builder()\n .publishCaCert(true)\n .publishCrl(true)\n .build())\n .build());\n\n var rootCa = new Authority(\"rootCa\", AuthorityArgs.builder()\n .pool(caPool.name())\n .certificateAuthorityId(\"root-ca\")\n .location(\"us-central1\")\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"google\")\n .commonName(\"my-certificate-authority\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(true)\n .build())\n .build())\n .build())\n .build())\n .keySpec(AuthorityKeySpecArgs.builder()\n .algorithm(\"RSA_PKCS1_4096_SHA256\")\n .build())\n .deletionProtection(false)\n .ignoreActiveCertificatesOnDeletion(true)\n .skipGracePeriod(true)\n .build());\n\n var caPoolBinding = new CaPoolIamBinding(\"caPoolBinding\", CaPoolIamBindingArgs.builder()\n .caPool(caPool.id())\n .role(\"roles/privateca.certificateRequester\")\n .members(String.format(\"serviceAccount:service-%s@gcp-sa-sourcemanager.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n // ca pool IAM permissions can take time to propagate\n var wait120Seconds = new Sleep(\"wait120Seconds\", SleepArgs.builder()\n .createDuration(\"120s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(caPoolBinding)\n .build());\n\n // See https://cloud.google.com/secure-source-manager/docs/create-private-service-connect-instance#root-ca-api\n var default_ = new Instance(\"default\", InstanceArgs.builder()\n .instanceId(\"my-instance\")\n .location(\"us-central1\")\n .privateConfig(InstancePrivateConfigArgs.builder()\n .isPrivate(true)\n .caPool(caPool.id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n rootCa,\n wait120Seconds)\n .build());\n\n // Connect SSM private instance with L4 proxy ILB.\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"my-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var subnet = new Subnetwork(\"subnet\", SubnetworkArgs.builder()\n .name(\"my-subnet\")\n .region(\"us-central1\")\n .network(network.id())\n .ipCidrRange(\"10.0.1.0/24\")\n .privateIpGoogleAccess(true)\n .build());\n\n var pscNeg = new RegionNetworkEndpointGroup(\"pscNeg\", RegionNetworkEndpointGroupArgs.builder()\n .name(\"my-neg\")\n .region(\"us-central1\")\n .networkEndpointType(\"PRIVATE_SERVICE_CONNECT\")\n .pscTargetService(default_.privateConfig().applyValue(privateConfig -\u003e privateConfig.httpServiceAttachment()))\n .network(network.id())\n .subnetwork(subnet.id())\n .build());\n\n var backendService = new RegionBackendService(\"backendService\", RegionBackendServiceArgs.builder()\n .name(\"my-backend-service\")\n .region(\"us-central1\")\n .protocol(\"TCP\")\n .loadBalancingScheme(\"INTERNAL_MANAGED\")\n .backends(RegionBackendServiceBackendArgs.builder()\n .group(pscNeg.id())\n .balancingMode(\"UTILIZATION\")\n .capacityScaler(1)\n .build())\n .build());\n\n var proxySubnet = new Subnetwork(\"proxySubnet\", SubnetworkArgs.builder()\n .name(\"my-proxy-subnet\")\n .region(\"us-central1\")\n .network(network.id())\n .ipCidrRange(\"10.0.2.0/24\")\n .purpose(\"REGIONAL_MANAGED_PROXY\")\n .role(\"ACTIVE\")\n .build());\n\n var targetProxy = new RegionTargetTcpProxy(\"targetProxy\", RegionTargetTcpProxyArgs.builder()\n .name(\"my-target-proxy\")\n .region(\"us-central1\")\n .backendService(backendService.id())\n .build());\n\n var fwRuleTargetProxy = new ForwardingRule(\"fwRuleTargetProxy\", ForwardingRuleArgs.builder()\n .name(\"fw-rule-target-proxy\")\n .region(\"us-central1\")\n .loadBalancingScheme(\"INTERNAL_MANAGED\")\n .ipProtocol(\"TCP\")\n .portRange(\"443\")\n .target(targetProxy.id())\n .network(network.id())\n .subnetwork(subnet.id())\n .networkTier(\"PREMIUM\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(proxySubnet)\n .build());\n\n var privateZone = new ManagedZone(\"privateZone\", ManagedZoneArgs.builder()\n .name(\"my-dns-zone\")\n .dnsName(\"p.sourcemanager.dev.\")\n .visibility(\"private\")\n .privateVisibilityConfig(ManagedZonePrivateVisibilityConfigArgs.builder()\n .networks(ManagedZonePrivateVisibilityConfigNetworkArgs.builder()\n .networkUrl(network.id())\n .build())\n .build())\n .build());\n\n var ssmInstanceHtmlRecord = new RecordSet(\"ssmInstanceHtmlRecord\", RecordSetArgs.builder()\n .name(default_.hostConfigs().applyValue(hostConfigs -\u003e String.format(\"%s.\", hostConfigs[0].html())))\n .type(\"A\")\n .ttl(300)\n .managedZone(privateZone.name())\n .rrdatas(fwRuleTargetProxy.ipAddress())\n .build());\n\n var ssmInstanceApiRecord = new RecordSet(\"ssmInstanceApiRecord\", RecordSetArgs.builder()\n .name(default_.hostConfigs().applyValue(hostConfigs -\u003e String.format(\"%s.\", hostConfigs[0].api())))\n .type(\"A\")\n .ttl(300)\n .managedZone(privateZone.name())\n .rrdatas(fwRuleTargetProxy.ipAddress())\n .build());\n\n var ssmInstanceGitRecord = new RecordSet(\"ssmInstanceGitRecord\", RecordSetArgs.builder()\n .name(default_.hostConfigs().applyValue(hostConfigs -\u003e String.format(\"%s.\", hostConfigs[0].gitHttp())))\n .type(\"A\")\n .ttl(300)\n .managedZone(privateZone.name())\n .rrdatas(fwRuleTargetProxy.ipAddress())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n caPool:\n type: gcp:certificateauthority:CaPool\n name: ca_pool\n properties:\n name: ca-pool\n location: us-central1\n tier: ENTERPRISE\n publishingOptions:\n publishCaCert: true\n publishCrl: true\n rootCa:\n type: gcp:certificateauthority:Authority\n name: root_ca\n properties:\n pool: ${caPool.name}\n certificateAuthorityId: root-ca\n location: us-central1\n config:\n subjectConfig:\n subject:\n organization: google\n commonName: my-certificate-authority\n x509Config:\n caOptions:\n isCa: true\n keyUsage:\n baseKeyUsage:\n certSign: true\n crlSign: true\n extendedKeyUsage:\n serverAuth: true\n keySpec:\n algorithm: RSA_PKCS1_4096_SHA256\n deletionProtection: false\n ignoreActiveCertificatesOnDeletion: true\n skipGracePeriod: true\n caPoolBinding:\n type: gcp:certificateauthority:CaPoolIamBinding\n name: ca_pool_binding\n properties:\n caPool: ${caPool.id}\n role: roles/privateca.certificateRequester\n members:\n - serviceAccount:service-${project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com\n # See https://cloud.google.com/secure-source-manager/docs/create-private-service-connect-instance#root-ca-api\n default:\n type: gcp:securesourcemanager:Instance\n properties:\n instanceId: my-instance\n location: us-central1\n privateConfig:\n isPrivate: true\n caPool: ${caPool.id}\n options:\n dependsOn:\n - ${rootCa}\n - ${wait120Seconds}\n # ca pool IAM permissions can take time to propagate\n wait120Seconds:\n type: time:sleep\n name: wait_120_seconds\n properties:\n createDuration: 120s\n options:\n dependsOn:\n - ${caPoolBinding}\n # Connect SSM private instance with L4 proxy ILB.\n network:\n type: gcp:compute:Network\n properties:\n name: my-network\n autoCreateSubnetworks: false\n subnet:\n type: gcp:compute:Subnetwork\n properties:\n name: my-subnet\n region: us-central1\n network: ${network.id}\n ipCidrRange: 10.0.1.0/24\n privateIpGoogleAccess: true\n pscNeg:\n type: gcp:compute:RegionNetworkEndpointGroup\n name: psc_neg\n properties:\n name: my-neg\n region: us-central1\n networkEndpointType: PRIVATE_SERVICE_CONNECT\n pscTargetService: ${default.privateConfig.httpServiceAttachment}\n network: ${network.id}\n subnetwork: ${subnet.id}\n backendService:\n type: gcp:compute:RegionBackendService\n name: backend_service\n properties:\n name: my-backend-service\n region: us-central1\n protocol: TCP\n loadBalancingScheme: INTERNAL_MANAGED\n backends:\n - group: ${pscNeg.id}\n balancingMode: UTILIZATION\n capacityScaler: 1\n proxySubnet:\n type: gcp:compute:Subnetwork\n name: proxy_subnet\n properties:\n name: my-proxy-subnet\n region: us-central1\n network: ${network.id}\n ipCidrRange: 10.0.2.0/24\n purpose: REGIONAL_MANAGED_PROXY\n role: ACTIVE\n targetProxy:\n type: gcp:compute:RegionTargetTcpProxy\n name: target_proxy\n properties:\n name: my-target-proxy\n region: us-central1\n backendService: ${backendService.id}\n fwRuleTargetProxy:\n type: gcp:compute:ForwardingRule\n name: fw_rule_target_proxy\n properties:\n name: fw-rule-target-proxy\n region: us-central1\n loadBalancingScheme: INTERNAL_MANAGED\n ipProtocol: TCP\n portRange: '443'\n target: ${targetProxy.id}\n network: ${network.id}\n subnetwork: ${subnet.id}\n networkTier: PREMIUM\n options:\n dependsOn:\n - ${proxySubnet}\n privateZone:\n type: gcp:dns:ManagedZone\n name: private_zone\n properties:\n name: my-dns-zone\n dnsName: p.sourcemanager.dev.\n visibility: private\n privateVisibilityConfig:\n networks:\n - networkUrl: ${network.id}\n ssmInstanceHtmlRecord:\n type: gcp:dns:RecordSet\n name: ssm_instance_html_record\n properties:\n name: ${default.hostConfigs[0].html}.\n type: A\n ttl: 300\n managedZone: ${privateZone.name}\n rrdatas:\n - ${fwRuleTargetProxy.ipAddress}\n ssmInstanceApiRecord:\n type: gcp:dns:RecordSet\n name: ssm_instance_api_record\n properties:\n name: ${default.hostConfigs[0].api}.\n type: A\n ttl: 300\n managedZone: ${privateZone.name}\n rrdatas:\n - ${fwRuleTargetProxy.ipAddress}\n ssmInstanceGitRecord:\n type: gcp:dns:RecordSet\n name: ssm_instance_git_record\n properties:\n name: ${default.hostConfigs[0].gitHttp}.\n type: A\n ttl: 300\n managedZone: ${privateZone.name}\n rrdatas:\n - ${fwRuleTargetProxy.ipAddress}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Secure Source Manager Instance Private Psc Endpoint\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst project = gcp.organizations.getProject({});\nconst caPool = new gcp.certificateauthority.CaPool(\"ca_pool\", {\n name: \"ca-pool\",\n location: \"us-central1\",\n tier: \"ENTERPRISE\",\n publishingOptions: {\n publishCaCert: true,\n publishCrl: true,\n },\n});\nconst rootCa = new gcp.certificateauthority.Authority(\"root_ca\", {\n pool: caPool.name,\n certificateAuthorityId: \"root-ca\",\n location: \"us-central1\",\n config: {\n subjectConfig: {\n subject: {\n organization: \"google\",\n commonName: \"my-certificate-authority\",\n },\n },\n x509Config: {\n caOptions: {\n isCa: true,\n },\n keyUsage: {\n baseKeyUsage: {\n certSign: true,\n crlSign: true,\n },\n extendedKeyUsage: {\n serverAuth: true,\n },\n },\n },\n },\n keySpec: {\n algorithm: \"RSA_PKCS1_4096_SHA256\",\n },\n deletionProtection: false,\n ignoreActiveCertificatesOnDeletion: true,\n skipGracePeriod: true,\n});\nconst caPoolBinding = new gcp.certificateauthority.CaPoolIamBinding(\"ca_pool_binding\", {\n caPool: caPool.id,\n role: \"roles/privateca.certificateRequester\",\n members: [project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com`)],\n});\n// ca pool IAM permissions can take time to propagate\nconst wait120Seconds = new time.index.Sleep(\"wait_120_seconds\", {createDuration: \"120s\"}, {\n dependsOn: [caPoolBinding],\n});\n// See https://cloud.google.com/secure-source-manager/docs/create-private-service-connect-instance#root-ca-api\nconst _default = new gcp.securesourcemanager.Instance(\"default\", {\n instanceId: \"my-instance\",\n location: \"us-central1\",\n privateConfig: {\n isPrivate: true,\n caPool: caPool.id,\n },\n}, {\n dependsOn: [\n rootCa,\n wait120Seconds,\n ],\n});\n// Connect SSM private instance with endpoint.\nconst network = new gcp.compute.Network(\"network\", {\n name: \"my-network\",\n autoCreateSubnetworks: false,\n});\nconst subnet = new gcp.compute.Subnetwork(\"subnet\", {\n name: \"my-subnet\",\n region: \"us-central1\",\n network: network.id,\n ipCidrRange: \"10.0.60.0/24\",\n privateIpGoogleAccess: true,\n});\nconst address = new gcp.compute.Address(\"address\", {\n name: \"my-address\",\n region: \"us-central1\",\n address: \"10.0.60.100\",\n addressType: \"INTERNAL\",\n subnetwork: subnet.id,\n});\nconst fwRuleServiceAttachment = new gcp.compute.ForwardingRule(\"fw_rule_service_attachment\", {\n name: \"fw-rule-service-attachment\",\n region: \"us-central1\",\n loadBalancingScheme: \"\",\n ipAddress: address.id,\n network: network.id,\n target: _default.privateConfig.apply(privateConfig =\u003e privateConfig?.httpServiceAttachment),\n});\nconst privateZone = new gcp.dns.ManagedZone(\"private_zone\", {\n name: \"my-dns-zone\",\n dnsName: \"p.sourcemanager.dev.\",\n visibility: \"private\",\n privateVisibilityConfig: {\n networks: [{\n networkUrl: network.id,\n }],\n },\n});\nconst ssmInstanceHtmlRecord = new gcp.dns.RecordSet(\"ssm_instance_html_record\", {\n name: _default.hostConfigs.apply(hostConfigs =\u003e `${hostConfigs[0].html}.`),\n type: \"A\",\n ttl: 300,\n managedZone: privateZone.name,\n rrdatas: [fwRuleServiceAttachment.ipAddress],\n});\nconst ssmInstanceApiRecord = new gcp.dns.RecordSet(\"ssm_instance_api_record\", {\n name: _default.hostConfigs.apply(hostConfigs =\u003e `${hostConfigs[0].api}.`),\n type: \"A\",\n ttl: 300,\n managedZone: privateZone.name,\n rrdatas: [fwRuleServiceAttachment.ipAddress],\n});\nconst ssmInstanceGitRecord = new gcp.dns.RecordSet(\"ssm_instance_git_record\", {\n name: _default.hostConfigs.apply(hostConfigs =\u003e `${hostConfigs[0].gitHttp}.`),\n type: \"A\",\n ttl: 300,\n managedZone: privateZone.name,\n rrdatas: [fwRuleServiceAttachment.ipAddress],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\nproject = gcp.organizations.get_project()\nca_pool = gcp.certificateauthority.CaPool(\"ca_pool\",\n name=\"ca-pool\",\n location=\"us-central1\",\n tier=\"ENTERPRISE\",\n publishing_options={\n \"publish_ca_cert\": True,\n \"publish_crl\": True,\n })\nroot_ca = gcp.certificateauthority.Authority(\"root_ca\",\n pool=ca_pool.name,\n certificate_authority_id=\"root-ca\",\n location=\"us-central1\",\n config={\n \"subject_config\": {\n \"subject\": {\n \"organization\": \"google\",\n \"common_name\": \"my-certificate-authority\",\n },\n },\n \"x509_config\": {\n \"ca_options\": {\n \"is_ca\": True,\n },\n \"key_usage\": {\n \"base_key_usage\": {\n \"cert_sign\": True,\n \"crl_sign\": True,\n },\n \"extended_key_usage\": {\n \"server_auth\": True,\n },\n },\n },\n },\n key_spec={\n \"algorithm\": \"RSA_PKCS1_4096_SHA256\",\n },\n deletion_protection=False,\n ignore_active_certificates_on_deletion=True,\n skip_grace_period=True)\nca_pool_binding = gcp.certificateauthority.CaPoolIamBinding(\"ca_pool_binding\",\n ca_pool=ca_pool.id,\n role=\"roles/privateca.certificateRequester\",\n members=[f\"serviceAccount:service-{project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com\"])\n# ca pool IAM permissions can take time to propagate\nwait120_seconds = time.index.Sleep(\"wait_120_seconds\", create_duration=120s,\nopts = pulumi.ResourceOptions(depends_on=[ca_pool_binding]))\n# See https://cloud.google.com/secure-source-manager/docs/create-private-service-connect-instance#root-ca-api\ndefault = gcp.securesourcemanager.Instance(\"default\",\n instance_id=\"my-instance\",\n location=\"us-central1\",\n private_config={\n \"is_private\": True,\n \"ca_pool\": ca_pool.id,\n },\n opts = pulumi.ResourceOptions(depends_on=[\n root_ca,\n wait120_seconds,\n ]))\n# Connect SSM private instance with endpoint.\nnetwork = gcp.compute.Network(\"network\",\n name=\"my-network\",\n auto_create_subnetworks=False)\nsubnet = gcp.compute.Subnetwork(\"subnet\",\n name=\"my-subnet\",\n region=\"us-central1\",\n network=network.id,\n ip_cidr_range=\"10.0.60.0/24\",\n private_ip_google_access=True)\naddress = gcp.compute.Address(\"address\",\n name=\"my-address\",\n region=\"us-central1\",\n address=\"10.0.60.100\",\n address_type=\"INTERNAL\",\n subnetwork=subnet.id)\nfw_rule_service_attachment = gcp.compute.ForwardingRule(\"fw_rule_service_attachment\",\n name=\"fw-rule-service-attachment\",\n region=\"us-central1\",\n load_balancing_scheme=\"\",\n ip_address=address.id,\n network=network.id,\n target=default.private_config.http_service_attachment)\nprivate_zone = gcp.dns.ManagedZone(\"private_zone\",\n name=\"my-dns-zone\",\n dns_name=\"p.sourcemanager.dev.\",\n visibility=\"private\",\n private_visibility_config={\n \"networks\": [{\n \"network_url\": network.id,\n }],\n })\nssm_instance_html_record = gcp.dns.RecordSet(\"ssm_instance_html_record\",\n name=default.host_configs.apply(lambda host_configs: f\"{host_configs[0].html}.\"),\n type=\"A\",\n ttl=300,\n managed_zone=private_zone.name,\n rrdatas=[fw_rule_service_attachment.ip_address])\nssm_instance_api_record = gcp.dns.RecordSet(\"ssm_instance_api_record\",\n name=default.host_configs.apply(lambda host_configs: f\"{host_configs[0].api}.\"),\n type=\"A\",\n ttl=300,\n managed_zone=private_zone.name,\n rrdatas=[fw_rule_service_attachment.ip_address])\nssm_instance_git_record = gcp.dns.RecordSet(\"ssm_instance_git_record\",\n name=default.host_configs.apply(lambda host_configs: f\"{host_configs[0].git_http}.\"),\n type=\"A\",\n ttl=300,\n managed_zone=private_zone.name,\n rrdatas=[fw_rule_service_attachment.ip_address])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var caPool = new Gcp.CertificateAuthority.CaPool(\"ca_pool\", new()\n {\n Name = \"ca-pool\",\n Location = \"us-central1\",\n Tier = \"ENTERPRISE\",\n PublishingOptions = new Gcp.CertificateAuthority.Inputs.CaPoolPublishingOptionsArgs\n {\n PublishCaCert = true,\n PublishCrl = true,\n },\n });\n\n var rootCa = new Gcp.CertificateAuthority.Authority(\"root_ca\", new()\n {\n Pool = caPool.Name,\n CertificateAuthorityId = \"root-ca\",\n Location = \"us-central1\",\n Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs\n {\n SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs\n {\n Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs\n {\n Organization = \"google\",\n CommonName = \"my-certificate-authority\",\n },\n },\n X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs\n {\n CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs\n {\n IsCa = true,\n },\n KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs\n {\n BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs\n {\n CertSign = true,\n CrlSign = true,\n },\n ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs\n {\n ServerAuth = true,\n },\n },\n },\n },\n KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs\n {\n Algorithm = \"RSA_PKCS1_4096_SHA256\",\n },\n DeletionProtection = false,\n IgnoreActiveCertificatesOnDeletion = true,\n SkipGracePeriod = true,\n });\n\n var caPoolBinding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"ca_pool_binding\", new()\n {\n CaPool = caPool.Id,\n Role = \"roles/privateca.certificateRequester\",\n Members = new[]\n {\n $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-sourcemanager.iam.gserviceaccount.com\",\n },\n });\n\n // ca pool IAM permissions can take time to propagate\n var wait120Seconds = new Time.Index.Sleep(\"wait_120_seconds\", new()\n {\n CreateDuration = \"120s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n caPoolBinding,\n },\n });\n\n // See https://cloud.google.com/secure-source-manager/docs/create-private-service-connect-instance#root-ca-api\n var @default = new Gcp.SecureSourceManager.Instance(\"default\", new()\n {\n InstanceId = \"my-instance\",\n Location = \"us-central1\",\n PrivateConfig = new Gcp.SecureSourceManager.Inputs.InstancePrivateConfigArgs\n {\n IsPrivate = true,\n CaPool = caPool.Id,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n rootCa,\n wait120Seconds,\n },\n });\n\n // Connect SSM private instance with endpoint.\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"my-network\",\n AutoCreateSubnetworks = false,\n });\n\n var subnet = new Gcp.Compute.Subnetwork(\"subnet\", new()\n {\n Name = \"my-subnet\",\n Region = \"us-central1\",\n Network = network.Id,\n IpCidrRange = \"10.0.60.0/24\",\n PrivateIpGoogleAccess = true,\n });\n\n var address = new Gcp.Compute.Address(\"address\", new()\n {\n Name = \"my-address\",\n Region = \"us-central1\",\n IPAddress = \"10.0.60.100\",\n AddressType = \"INTERNAL\",\n Subnetwork = subnet.Id,\n });\n\n var fwRuleServiceAttachment = new Gcp.Compute.ForwardingRule(\"fw_rule_service_attachment\", new()\n {\n Name = \"fw-rule-service-attachment\",\n Region = \"us-central1\",\n LoadBalancingScheme = \"\",\n IpAddress = address.Id,\n Network = network.Id,\n Target = @default.PrivateConfig.Apply(privateConfig =\u003e privateConfig?.HttpServiceAttachment),\n });\n\n var privateZone = new Gcp.Dns.ManagedZone(\"private_zone\", new()\n {\n Name = \"my-dns-zone\",\n DnsName = \"p.sourcemanager.dev.\",\n Visibility = \"private\",\n PrivateVisibilityConfig = new Gcp.Dns.Inputs.ManagedZonePrivateVisibilityConfigArgs\n {\n Networks = new[]\n {\n new Gcp.Dns.Inputs.ManagedZonePrivateVisibilityConfigNetworkArgs\n {\n NetworkUrl = network.Id,\n },\n },\n },\n });\n\n var ssmInstanceHtmlRecord = new Gcp.Dns.RecordSet(\"ssm_instance_html_record\", new()\n {\n Name = @default.HostConfigs.Apply(hostConfigs =\u003e $\"{hostConfigs[0].Html}.\"),\n Type = \"A\",\n Ttl = 300,\n ManagedZone = privateZone.Name,\n Rrdatas = new[]\n {\n fwRuleServiceAttachment.IpAddress,\n },\n });\n\n var ssmInstanceApiRecord = new Gcp.Dns.RecordSet(\"ssm_instance_api_record\", new()\n {\n Name = @default.HostConfigs.Apply(hostConfigs =\u003e $\"{hostConfigs[0].Api}.\"),\n Type = \"A\",\n Ttl = 300,\n ManagedZone = privateZone.Name,\n Rrdatas = new[]\n {\n fwRuleServiceAttachment.IpAddress,\n },\n });\n\n var ssmInstanceGitRecord = new Gcp.Dns.RecordSet(\"ssm_instance_git_record\", new()\n {\n Name = @default.HostConfigs.Apply(hostConfigs =\u003e $\"{hostConfigs[0].GitHttp}.\"),\n Type = \"A\",\n Ttl = 300,\n ManagedZone = privateZone.Name,\n Rrdatas = new[]\n {\n fwRuleServiceAttachment.IpAddress,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcaPool, err := certificateauthority.NewCaPool(ctx, \"ca_pool\", \u0026certificateauthority.CaPoolArgs{\n\t\t\tName: pulumi.String(\"ca-pool\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTier: pulumi.String(\"ENTERPRISE\"),\n\t\t\tPublishingOptions: \u0026certificateauthority.CaPoolPublishingOptionsArgs{\n\t\t\t\tPublishCaCert: pulumi.Bool(true),\n\t\t\t\tPublishCrl: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trootCa, err := certificateauthority.NewAuthority(ctx, \"root_ca\", \u0026certificateauthority.AuthorityArgs{\n\t\t\tPool: caPool.Name,\n\t\t\tCertificateAuthorityId: pulumi.String(\"root-ca\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConfig: \u0026certificateauthority.AuthorityConfigArgs{\n\t\t\t\tSubjectConfig: \u0026certificateauthority.AuthorityConfigSubjectConfigArgs{\n\t\t\t\t\tSubject: \u0026certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{\n\t\t\t\t\t\tOrganization: pulumi.String(\"google\"),\n\t\t\t\t\t\tCommonName: pulumi.String(\"my-certificate-authority\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tX509Config: \u0026certificateauthority.AuthorityConfigX509ConfigArgs{\n\t\t\t\t\tCaOptions: \u0026certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{\n\t\t\t\t\t\tIsCa: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{\n\t\t\t\t\t\tBaseKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{\n\t\t\t\t\t\t\tCertSign: pulumi.Bool(true),\n\t\t\t\t\t\t\tCrlSign: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExtendedKeyUsage: \u0026certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{\n\t\t\t\t\t\t\tServerAuth: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tKeySpec: \u0026certificateauthority.AuthorityKeySpecArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_PKCS1_4096_SHA256\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tIgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),\n\t\t\tSkipGracePeriod: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcaPoolBinding, err := certificateauthority.NewCaPoolIamBinding(ctx, \"ca_pool_binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: caPool.ID(),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateRequester\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-sourcemanager.iam.gserviceaccount.com\", project.Number),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// ca pool IAM permissions can take time to propagate\n\t\twait120Seconds, err := time.NewSleep(ctx, \"wait_120_seconds\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"120s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcaPoolBinding,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// See https://cloud.google.com/secure-source-manager/docs/create-private-service-connect-instance#root-ca-api\n\t\t_, err = securesourcemanager.NewInstance(ctx, \"default\", \u0026securesourcemanager.InstanceArgs{\n\t\t\tInstanceId: pulumi.String(\"my-instance\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPrivateConfig: \u0026securesourcemanager.InstancePrivateConfigArgs{\n\t\t\t\tIsPrivate: pulumi.Bool(true),\n\t\t\t\tCaPool: caPool.ID(),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\trootCa,\n\t\t\twait120Seconds,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Connect SSM private instance with endpoint.\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubnet, err := compute.NewSubnetwork(ctx, \"subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"my-subnet\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: network.ID(),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.60.0/24\"),\n\t\t\tPrivateIpGoogleAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\taddress, err := compute.NewAddress(ctx, \"address\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"my-address\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tAddress: pulumi.String(\"10.0.60.100\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tSubnetwork: subnet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfwRuleServiceAttachment, err := compute.NewForwardingRule(ctx, \"fw_rule_service_attachment\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"fw-rule-service-attachment\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"\"),\n\t\t\tIpAddress: address.ID(),\n\t\t\tNetwork: network.ID(),\n\t\t\tTarget: pulumi.String(_default.PrivateConfig.ApplyT(func(privateConfig securesourcemanager.InstancePrivateConfig) (*string, error) {\n\t\t\t\treturn \u0026privateConfig.HttpServiceAttachment, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateZone, err := dns.NewManagedZone(ctx, \"private_zone\", \u0026dns.ManagedZoneArgs{\n\t\t\tName: pulumi.String(\"my-dns-zone\"),\n\t\t\tDnsName: pulumi.String(\"p.sourcemanager.dev.\"),\n\t\t\tVisibility: pulumi.String(\"private\"),\n\t\t\tPrivateVisibilityConfig: \u0026dns.ManagedZonePrivateVisibilityConfigArgs{\n\t\t\t\tNetworks: dns.ManagedZonePrivateVisibilityConfigNetworkArray{\n\t\t\t\t\t\u0026dns.ManagedZonePrivateVisibilityConfigNetworkArgs{\n\t\t\t\t\t\tNetworkUrl: network.ID(),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewRecordSet(ctx, \"ssm_instance_html_record\", \u0026dns.RecordSetArgs{\n\t\t\tName: _default.HostConfigs.ApplyT(func(hostConfigs []securesourcemanager.InstanceHostConfig) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v.\", hostConfigs[0].Html), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tTtl: pulumi.Int(300),\n\t\t\tManagedZone: privateZone.Name,\n\t\t\tRrdatas: pulumi.StringArray{\n\t\t\t\tfwRuleServiceAttachment.IpAddress,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewRecordSet(ctx, \"ssm_instance_api_record\", \u0026dns.RecordSetArgs{\n\t\t\tName: _default.HostConfigs.ApplyT(func(hostConfigs []securesourcemanager.InstanceHostConfig) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v.\", hostConfigs[0].Api), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tTtl: pulumi.Int(300),\n\t\t\tManagedZone: privateZone.Name,\n\t\t\tRrdatas: pulumi.StringArray{\n\t\t\t\tfwRuleServiceAttachment.IpAddress,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewRecordSet(ctx, \"ssm_instance_git_record\", \u0026dns.RecordSetArgs{\n\t\t\tName: _default.HostConfigs.ApplyT(func(hostConfigs []securesourcemanager.InstanceHostConfig) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v.\", hostConfigs[0].GitHttp), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tTtl: pulumi.Int(300),\n\t\t\tManagedZone: privateZone.Name,\n\t\t\tRrdatas: pulumi.StringArray{\n\t\t\t\tfwRuleServiceAttachment.IpAddress,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.certificateauthority.CaPool;\nimport com.pulumi.gcp.certificateauthority.CaPoolArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolPublishingOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.Authority;\nimport com.pulumi.gcp.certificateauthority.AuthorityArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.securesourcemanager.Instance;\nimport com.pulumi.gcp.securesourcemanager.InstanceArgs;\nimport com.pulumi.gcp.securesourcemanager.inputs.InstancePrivateConfigArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.dns.ManagedZone;\nimport com.pulumi.gcp.dns.ManagedZoneArgs;\nimport com.pulumi.gcp.dns.inputs.ManagedZonePrivateVisibilityConfigArgs;\nimport com.pulumi.gcp.dns.RecordSet;\nimport com.pulumi.gcp.dns.RecordSetArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var caPool = new CaPool(\"caPool\", CaPoolArgs.builder()\n .name(\"ca-pool\")\n .location(\"us-central1\")\n .tier(\"ENTERPRISE\")\n .publishingOptions(CaPoolPublishingOptionsArgs.builder()\n .publishCaCert(true)\n .publishCrl(true)\n .build())\n .build());\n\n var rootCa = new Authority(\"rootCa\", AuthorityArgs.builder()\n .pool(caPool.name())\n .certificateAuthorityId(\"root-ca\")\n .location(\"us-central1\")\n .config(AuthorityConfigArgs.builder()\n .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()\n .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()\n .organization(\"google\")\n .commonName(\"my-certificate-authority\")\n .build())\n .build())\n .x509Config(AuthorityConfigX509ConfigArgs.builder()\n .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()\n .isCa(true)\n .build())\n .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()\n .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()\n .certSign(true)\n .crlSign(true)\n .build())\n .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()\n .serverAuth(true)\n .build())\n .build())\n .build())\n .build())\n .keySpec(AuthorityKeySpecArgs.builder()\n .algorithm(\"RSA_PKCS1_4096_SHA256\")\n .build())\n .deletionProtection(false)\n .ignoreActiveCertificatesOnDeletion(true)\n .skipGracePeriod(true)\n .build());\n\n var caPoolBinding = new CaPoolIamBinding(\"caPoolBinding\", CaPoolIamBindingArgs.builder()\n .caPool(caPool.id())\n .role(\"roles/privateca.certificateRequester\")\n .members(String.format(\"serviceAccount:service-%s@gcp-sa-sourcemanager.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n // ca pool IAM permissions can take time to propagate\n var wait120Seconds = new Sleep(\"wait120Seconds\", SleepArgs.builder()\n .createDuration(\"120s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(caPoolBinding)\n .build());\n\n // See https://cloud.google.com/secure-source-manager/docs/create-private-service-connect-instance#root-ca-api\n var default_ = new Instance(\"default\", InstanceArgs.builder()\n .instanceId(\"my-instance\")\n .location(\"us-central1\")\n .privateConfig(InstancePrivateConfigArgs.builder()\n .isPrivate(true)\n .caPool(caPool.id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n rootCa,\n wait120Seconds)\n .build());\n\n // Connect SSM private instance with endpoint.\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"my-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var subnet = new Subnetwork(\"subnet\", SubnetworkArgs.builder()\n .name(\"my-subnet\")\n .region(\"us-central1\")\n .network(network.id())\n .ipCidrRange(\"10.0.60.0/24\")\n .privateIpGoogleAccess(true)\n .build());\n\n var address = new Address(\"address\", AddressArgs.builder()\n .name(\"my-address\")\n .region(\"us-central1\")\n .address(\"10.0.60.100\")\n .addressType(\"INTERNAL\")\n .subnetwork(subnet.id())\n .build());\n\n var fwRuleServiceAttachment = new ForwardingRule(\"fwRuleServiceAttachment\", ForwardingRuleArgs.builder()\n .name(\"fw-rule-service-attachment\")\n .region(\"us-central1\")\n .loadBalancingScheme(\"\")\n .ipAddress(address.id())\n .network(network.id())\n .target(default_.privateConfig().applyValue(privateConfig -\u003e privateConfig.httpServiceAttachment()))\n .build());\n\n var privateZone = new ManagedZone(\"privateZone\", ManagedZoneArgs.builder()\n .name(\"my-dns-zone\")\n .dnsName(\"p.sourcemanager.dev.\")\n .visibility(\"private\")\n .privateVisibilityConfig(ManagedZonePrivateVisibilityConfigArgs.builder()\n .networks(ManagedZonePrivateVisibilityConfigNetworkArgs.builder()\n .networkUrl(network.id())\n .build())\n .build())\n .build());\n\n var ssmInstanceHtmlRecord = new RecordSet(\"ssmInstanceHtmlRecord\", RecordSetArgs.builder()\n .name(default_.hostConfigs().applyValue(hostConfigs -\u003e String.format(\"%s.\", hostConfigs[0].html())))\n .type(\"A\")\n .ttl(300)\n .managedZone(privateZone.name())\n .rrdatas(fwRuleServiceAttachment.ipAddress())\n .build());\n\n var ssmInstanceApiRecord = new RecordSet(\"ssmInstanceApiRecord\", RecordSetArgs.builder()\n .name(default_.hostConfigs().applyValue(hostConfigs -\u003e String.format(\"%s.\", hostConfigs[0].api())))\n .type(\"A\")\n .ttl(300)\n .managedZone(privateZone.name())\n .rrdatas(fwRuleServiceAttachment.ipAddress())\n .build());\n\n var ssmInstanceGitRecord = new RecordSet(\"ssmInstanceGitRecord\", RecordSetArgs.builder()\n .name(default_.hostConfigs().applyValue(hostConfigs -\u003e String.format(\"%s.\", hostConfigs[0].gitHttp())))\n .type(\"A\")\n .ttl(300)\n .managedZone(privateZone.name())\n .rrdatas(fwRuleServiceAttachment.ipAddress())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n caPool:\n type: gcp:certificateauthority:CaPool\n name: ca_pool\n properties:\n name: ca-pool\n location: us-central1\n tier: ENTERPRISE\n publishingOptions:\n publishCaCert: true\n publishCrl: true\n rootCa:\n type: gcp:certificateauthority:Authority\n name: root_ca\n properties:\n pool: ${caPool.name}\n certificateAuthorityId: root-ca\n location: us-central1\n config:\n subjectConfig:\n subject:\n organization: google\n commonName: my-certificate-authority\n x509Config:\n caOptions:\n isCa: true\n keyUsage:\n baseKeyUsage:\n certSign: true\n crlSign: true\n extendedKeyUsage:\n serverAuth: true\n keySpec:\n algorithm: RSA_PKCS1_4096_SHA256\n deletionProtection: false\n ignoreActiveCertificatesOnDeletion: true\n skipGracePeriod: true\n caPoolBinding:\n type: gcp:certificateauthority:CaPoolIamBinding\n name: ca_pool_binding\n properties:\n caPool: ${caPool.id}\n role: roles/privateca.certificateRequester\n members:\n - serviceAccount:service-${project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com\n # See https://cloud.google.com/secure-source-manager/docs/create-private-service-connect-instance#root-ca-api\n default:\n type: gcp:securesourcemanager:Instance\n properties:\n instanceId: my-instance\n location: us-central1\n privateConfig:\n isPrivate: true\n caPool: ${caPool.id}\n options:\n dependsOn:\n - ${rootCa}\n - ${wait120Seconds}\n # ca pool IAM permissions can take time to propagate\n wait120Seconds:\n type: time:sleep\n name: wait_120_seconds\n properties:\n createDuration: 120s\n options:\n dependsOn:\n - ${caPoolBinding}\n # Connect SSM private instance with endpoint.\n network:\n type: gcp:compute:Network\n properties:\n name: my-network\n autoCreateSubnetworks: false\n subnet:\n type: gcp:compute:Subnetwork\n properties:\n name: my-subnet\n region: us-central1\n network: ${network.id}\n ipCidrRange: 10.0.60.0/24\n privateIpGoogleAccess: true\n address:\n type: gcp:compute:Address\n properties:\n name: my-address\n region: us-central1\n address: 10.0.60.100\n addressType: INTERNAL\n subnetwork: ${subnet.id}\n fwRuleServiceAttachment:\n type: gcp:compute:ForwardingRule\n name: fw_rule_service_attachment\n properties:\n name: fw-rule-service-attachment\n region: us-central1\n loadBalancingScheme: \"\"\n ipAddress: ${address.id}\n network: ${network.id}\n target: ${default.privateConfig.httpServiceAttachment}\n privateZone:\n type: gcp:dns:ManagedZone\n name: private_zone\n properties:\n name: my-dns-zone\n dnsName: p.sourcemanager.dev.\n visibility: private\n privateVisibilityConfig:\n networks:\n - networkUrl: ${network.id}\n ssmInstanceHtmlRecord:\n type: gcp:dns:RecordSet\n name: ssm_instance_html_record\n properties:\n name: ${default.hostConfigs[0].html}.\n type: A\n ttl: 300\n managedZone: ${privateZone.name}\n rrdatas:\n - ${fwRuleServiceAttachment.ipAddress}\n ssmInstanceApiRecord:\n type: gcp:dns:RecordSet\n name: ssm_instance_api_record\n properties:\n name: ${default.hostConfigs[0].api}.\n type: A\n ttl: 300\n managedZone: ${privateZone.name}\n rrdatas:\n - ${fwRuleServiceAttachment.ipAddress}\n ssmInstanceGitRecord:\n type: gcp:dns:RecordSet\n name: ssm_instance_git_record\n properties:\n name: ${default.hostConfigs[0].gitHttp}.\n type: A\n ttl: 300\n managedZone: ${privateZone.name}\n rrdatas:\n - ${fwRuleServiceAttachment.ipAddress}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Secure Source Manager Instance Workforce Identity Federation\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.securesourcemanager.Instance(\"default\", {\n location: \"us-central1\",\n instanceId: \"my-instance\",\n workforceIdentityFederationConfig: {\n enabled: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.securesourcemanager.Instance(\"default\",\n location=\"us-central1\",\n instance_id=\"my-instance\",\n workforce_identity_federation_config={\n \"enabled\": True,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.SecureSourceManager.Instance(\"default\", new()\n {\n Location = \"us-central1\",\n InstanceId = \"my-instance\",\n WorkforceIdentityFederationConfig = new Gcp.SecureSourceManager.Inputs.InstanceWorkforceIdentityFederationConfigArgs\n {\n Enabled = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securesourcemanager.NewInstance(ctx, \"default\", \u0026securesourcemanager.InstanceArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tInstanceId: pulumi.String(\"my-instance\"),\n\t\t\tWorkforceIdentityFederationConfig: \u0026securesourcemanager.InstanceWorkforceIdentityFederationConfigArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securesourcemanager.Instance;\nimport com.pulumi.gcp.securesourcemanager.InstanceArgs;\nimport com.pulumi.gcp.securesourcemanager.inputs.InstanceWorkforceIdentityFederationConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Instance(\"default\", InstanceArgs.builder()\n .location(\"us-central1\")\n .instanceId(\"my-instance\")\n .workforceIdentityFederationConfig(InstanceWorkforceIdentityFederationConfigArgs.builder()\n .enabled(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:securesourcemanager:Instance\n properties:\n location: us-central1\n instanceId: my-instance\n workforceIdentityFederationConfig:\n enabled: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInstance can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/instances/{{instance_id}}`\n\n* `{{project}}/{{location}}/{{instance_id}}`\n\n* `{{location}}/{{instance_id}}`\n\n* `{{instance_id}}`\n\nWhen using the `pulumi import` command, Instance can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:securesourcemanager/instance:Instance default projects/{{project}}/locations/{{location}}/instances/{{instance_id}}\n```\n\n```sh\n$ pulumi import gcp:securesourcemanager/instance:Instance default {{project}}/{{location}}/{{instance_id}}\n```\n\n```sh\n$ pulumi import gcp:securesourcemanager/instance:Instance default {{location}}/{{instance_id}}\n```\n\n```sh\n$ pulumi import gcp:securesourcemanager/instance:Instance default {{instance_id}}\n```\n\n", "properties": { "createTime": { "type": "string", @@ -258133,7 +258133,7 @@ } }, "gcp:securesourcemanager/repositoryIamBinding:RepositoryIamBinding": { - "description": "Three different resources help you manage your IAM policy for Secure Source Manager Repository. Each of these resources serves a different use case:\n\n* `gcp.securesourcemanager.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.securesourcemanager.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.securesourcemanager.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.securesourcemanager.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.securesourcemanager.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.securesourcemanager.RepositoryIamBinding` and `gcp.securesourcemanager.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.securesourcemanager.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.securesourcemanager.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.securesourcemanager.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/securesourcemanager.repoAdmin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.securesourcemanager.RepositoryIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/securesourcemanager.repoAdmin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.securesourcemanager.RepositoryIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/securesourcemanager.repoAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecureSourceManager.RepositoryIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/securesourcemanager.repoAdmin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securesourcemanager.NewRepositoryIamPolicy(ctx, \"policy\", \u0026securesourcemanager.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamPolicy;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/securesourcemanager.repoAdmin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:securesourcemanager:RepositoryIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/securesourcemanager.repoAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securesourcemanager.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.securesourcemanager.RepositoryIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n role: \"roles/securesourcemanager.repoAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.securesourcemanager.RepositoryIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n role=\"roles/securesourcemanager.repoAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecureSourceManager.RepositoryIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n Role = \"roles/securesourcemanager.repoAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securesourcemanager.NewRepositoryIamBinding(ctx, \"binding\", \u0026securesourcemanager.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tRole: pulumi.String(\"roles/securesourcemanager.repoAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamBinding;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .role(\"roles/securesourcemanager.repoAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:securesourcemanager:RepositoryIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n role: roles/securesourcemanager.repoAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securesourcemanager.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.securesourcemanager.RepositoryIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n role: \"roles/securesourcemanager.repoAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.securesourcemanager.RepositoryIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n role=\"roles/securesourcemanager.repoAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecureSourceManager.RepositoryIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n Role = \"roles/securesourcemanager.repoAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securesourcemanager.NewRepositoryIamMember(ctx, \"member\", \u0026securesourcemanager.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tRole: pulumi.String(\"roles/securesourcemanager.repoAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamMember;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .role(\"roles/securesourcemanager.repoAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:securesourcemanager:RepositoryIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n role: roles/securesourcemanager.repoAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Secure Source Manager Repository\nThree different resources help you manage your IAM policy for Secure Source Manager Repository. Each of these resources serves a different use case:\n\n* `gcp.securesourcemanager.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.securesourcemanager.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.securesourcemanager.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.securesourcemanager.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.securesourcemanager.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.securesourcemanager.RepositoryIamBinding` and `gcp.securesourcemanager.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.securesourcemanager.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.securesourcemanager.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.securesourcemanager.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/securesourcemanager.repoAdmin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.securesourcemanager.RepositoryIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/securesourcemanager.repoAdmin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.securesourcemanager.RepositoryIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/securesourcemanager.repoAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecureSourceManager.RepositoryIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/securesourcemanager.repoAdmin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securesourcemanager.NewRepositoryIamPolicy(ctx, \"policy\", \u0026securesourcemanager.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamPolicy;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/securesourcemanager.repoAdmin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:securesourcemanager:RepositoryIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/securesourcemanager.repoAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securesourcemanager.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.securesourcemanager.RepositoryIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n role: \"roles/securesourcemanager.repoAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.securesourcemanager.RepositoryIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n role=\"roles/securesourcemanager.repoAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecureSourceManager.RepositoryIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n Role = \"roles/securesourcemanager.repoAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securesourcemanager.NewRepositoryIamBinding(ctx, \"binding\", \u0026securesourcemanager.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tRole: pulumi.String(\"roles/securesourcemanager.repoAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamBinding;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .role(\"roles/securesourcemanager.repoAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:securesourcemanager:RepositoryIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n role: roles/securesourcemanager.repoAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securesourcemanager.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.securesourcemanager.RepositoryIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n role: \"roles/securesourcemanager.repoAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.securesourcemanager.RepositoryIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n role=\"roles/securesourcemanager.repoAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecureSourceManager.RepositoryIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n Role = \"roles/securesourcemanager.repoAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securesourcemanager.NewRepositoryIamMember(ctx, \"member\", \u0026securesourcemanager.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tRole: pulumi.String(\"roles/securesourcemanager.repoAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamMember;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .role(\"roles/securesourcemanager.repoAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:securesourcemanager:RepositoryIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n role: roles/securesourcemanager.repoAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}\n\n* {{project}}/{{location}}/{{repository_id}}\n\n* {{location}}/{{repository_id}}\n\n* {{repository_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nSecure Source Manager repository IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:securesourcemanager/repositoryIamBinding:RepositoryIamBinding editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository_id}} roles/securesourcemanager.repoAdmin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:securesourcemanager/repositoryIamBinding:RepositoryIamBinding editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository_id}} roles/securesourcemanager.repoAdmin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:securesourcemanager/repositoryIamBinding:RepositoryIamBinding editor projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Secure Source Manager Repository. Each of these resources serves a different use case:\n\n* `gcp.securesourcemanager.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.securesourcemanager.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.securesourcemanager.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.securesourcemanager.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.securesourcemanager.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.securesourcemanager.RepositoryIamBinding` and `gcp.securesourcemanager.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.securesourcemanager.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.securesourcemanager.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.securesourcemanager.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/securesourcemanager.repoAdmin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.securesourcemanager.RepositoryIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/securesourcemanager.repoAdmin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.securesourcemanager.RepositoryIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/securesourcemanager.repoAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecureSourceManager.RepositoryIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/securesourcemanager.repoAdmin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securesourcemanager.NewRepositoryIamPolicy(ctx, \"policy\", \u0026securesourcemanager.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamPolicy;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/securesourcemanager.repoAdmin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:securesourcemanager:RepositoryIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/securesourcemanager.repoAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securesourcemanager.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.securesourcemanager.RepositoryIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n role: \"roles/securesourcemanager.repoAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.securesourcemanager.RepositoryIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n role=\"roles/securesourcemanager.repoAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecureSourceManager.RepositoryIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n Role = \"roles/securesourcemanager.repoAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securesourcemanager.NewRepositoryIamBinding(ctx, \"binding\", \u0026securesourcemanager.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tRole: pulumi.String(\"roles/securesourcemanager.repoAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamBinding;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .role(\"roles/securesourcemanager.repoAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:securesourcemanager:RepositoryIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n role: roles/securesourcemanager.repoAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securesourcemanager.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.securesourcemanager.RepositoryIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n role: \"roles/securesourcemanager.repoAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.securesourcemanager.RepositoryIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n role=\"roles/securesourcemanager.repoAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecureSourceManager.RepositoryIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n Role = \"roles/securesourcemanager.repoAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securesourcemanager.NewRepositoryIamMember(ctx, \"member\", \u0026securesourcemanager.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tRole: pulumi.String(\"roles/securesourcemanager.repoAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamMember;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .role(\"roles/securesourcemanager.repoAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:securesourcemanager:RepositoryIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n role: roles/securesourcemanager.repoAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Secure Source Manager Repository\nThree different resources help you manage your IAM policy for Secure Source Manager Repository. Each of these resources serves a different use case:\n\n* `gcp.securesourcemanager.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.securesourcemanager.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.securesourcemanager.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.securesourcemanager.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.securesourcemanager.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.securesourcemanager.RepositoryIamBinding` and `gcp.securesourcemanager.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.securesourcemanager.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.securesourcemanager.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.securesourcemanager.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/securesourcemanager.repoAdmin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.securesourcemanager.RepositoryIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/securesourcemanager.repoAdmin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.securesourcemanager.RepositoryIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/securesourcemanager.repoAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecureSourceManager.RepositoryIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/securesourcemanager.repoAdmin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securesourcemanager.NewRepositoryIamPolicy(ctx, \"policy\", \u0026securesourcemanager.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamPolicy;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/securesourcemanager.repoAdmin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:securesourcemanager:RepositoryIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/securesourcemanager.repoAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securesourcemanager.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.securesourcemanager.RepositoryIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n role: \"roles/securesourcemanager.repoAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.securesourcemanager.RepositoryIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n role=\"roles/securesourcemanager.repoAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecureSourceManager.RepositoryIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n Role = \"roles/securesourcemanager.repoAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securesourcemanager.NewRepositoryIamBinding(ctx, \"binding\", \u0026securesourcemanager.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tRole: pulumi.String(\"roles/securesourcemanager.repoAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamBinding;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .role(\"roles/securesourcemanager.repoAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:securesourcemanager:RepositoryIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n role: roles/securesourcemanager.repoAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securesourcemanager.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.securesourcemanager.RepositoryIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n role: \"roles/securesourcemanager.repoAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.securesourcemanager.RepositoryIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n role=\"roles/securesourcemanager.repoAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecureSourceManager.RepositoryIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n Role = \"roles/securesourcemanager.repoAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securesourcemanager.NewRepositoryIamMember(ctx, \"member\", \u0026securesourcemanager.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tRole: pulumi.String(\"roles/securesourcemanager.repoAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamMember;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .role(\"roles/securesourcemanager.repoAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:securesourcemanager:RepositoryIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n role: roles/securesourcemanager.repoAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}\n\n* {{project}}/{{location}}/{{repository_id}}\n\n* {{location}}/{{repository_id}}\n\n* {{repository_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nSecure Source Manager repository IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:securesourcemanager/repositoryIamBinding:RepositoryIamBinding editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository_id}} roles/securesourcemanager.repoAdmin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:securesourcemanager/repositoryIamBinding:RepositoryIamBinding editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository_id}} roles/securesourcemanager.repoAdmin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:securesourcemanager/repositoryIamBinding:RepositoryIamBinding editor projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:securesourcemanager/RepositoryIamBindingCondition:RepositoryIamBindingCondition" @@ -258255,7 +258255,7 @@ } }, "gcp:securesourcemanager/repositoryIamMember:RepositoryIamMember": { - "description": "Three different resources help you manage your IAM policy for Secure Source Manager Repository. Each of these resources serves a different use case:\n\n* `gcp.securesourcemanager.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.securesourcemanager.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.securesourcemanager.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.securesourcemanager.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.securesourcemanager.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.securesourcemanager.RepositoryIamBinding` and `gcp.securesourcemanager.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.securesourcemanager.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.securesourcemanager.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.securesourcemanager.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/securesourcemanager.repoAdmin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.securesourcemanager.RepositoryIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/securesourcemanager.repoAdmin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.securesourcemanager.RepositoryIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/securesourcemanager.repoAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecureSourceManager.RepositoryIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/securesourcemanager.repoAdmin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securesourcemanager.NewRepositoryIamPolicy(ctx, \"policy\", \u0026securesourcemanager.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamPolicy;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/securesourcemanager.repoAdmin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:securesourcemanager:RepositoryIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/securesourcemanager.repoAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securesourcemanager.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.securesourcemanager.RepositoryIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n role: \"roles/securesourcemanager.repoAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.securesourcemanager.RepositoryIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n role=\"roles/securesourcemanager.repoAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecureSourceManager.RepositoryIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n Role = \"roles/securesourcemanager.repoAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securesourcemanager.NewRepositoryIamBinding(ctx, \"binding\", \u0026securesourcemanager.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tRole: pulumi.String(\"roles/securesourcemanager.repoAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamBinding;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .role(\"roles/securesourcemanager.repoAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:securesourcemanager:RepositoryIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n role: roles/securesourcemanager.repoAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securesourcemanager.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.securesourcemanager.RepositoryIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n role: \"roles/securesourcemanager.repoAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.securesourcemanager.RepositoryIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n role=\"roles/securesourcemanager.repoAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecureSourceManager.RepositoryIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n Role = \"roles/securesourcemanager.repoAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securesourcemanager.NewRepositoryIamMember(ctx, \"member\", \u0026securesourcemanager.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tRole: pulumi.String(\"roles/securesourcemanager.repoAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamMember;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .role(\"roles/securesourcemanager.repoAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:securesourcemanager:RepositoryIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n role: roles/securesourcemanager.repoAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Secure Source Manager Repository\nThree different resources help you manage your IAM policy for Secure Source Manager Repository. Each of these resources serves a different use case:\n\n* `gcp.securesourcemanager.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.securesourcemanager.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.securesourcemanager.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.securesourcemanager.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.securesourcemanager.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.securesourcemanager.RepositoryIamBinding` and `gcp.securesourcemanager.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.securesourcemanager.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.securesourcemanager.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.securesourcemanager.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/securesourcemanager.repoAdmin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.securesourcemanager.RepositoryIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/securesourcemanager.repoAdmin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.securesourcemanager.RepositoryIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/securesourcemanager.repoAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecureSourceManager.RepositoryIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/securesourcemanager.repoAdmin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securesourcemanager.NewRepositoryIamPolicy(ctx, \"policy\", \u0026securesourcemanager.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamPolicy;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/securesourcemanager.repoAdmin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:securesourcemanager:RepositoryIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/securesourcemanager.repoAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securesourcemanager.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.securesourcemanager.RepositoryIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n role: \"roles/securesourcemanager.repoAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.securesourcemanager.RepositoryIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n role=\"roles/securesourcemanager.repoAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecureSourceManager.RepositoryIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n Role = \"roles/securesourcemanager.repoAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securesourcemanager.NewRepositoryIamBinding(ctx, \"binding\", \u0026securesourcemanager.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tRole: pulumi.String(\"roles/securesourcemanager.repoAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamBinding;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .role(\"roles/securesourcemanager.repoAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:securesourcemanager:RepositoryIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n role: roles/securesourcemanager.repoAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securesourcemanager.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.securesourcemanager.RepositoryIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n role: \"roles/securesourcemanager.repoAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.securesourcemanager.RepositoryIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n role=\"roles/securesourcemanager.repoAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecureSourceManager.RepositoryIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n Role = \"roles/securesourcemanager.repoAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securesourcemanager.NewRepositoryIamMember(ctx, \"member\", \u0026securesourcemanager.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tRole: pulumi.String(\"roles/securesourcemanager.repoAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamMember;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .role(\"roles/securesourcemanager.repoAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:securesourcemanager:RepositoryIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n role: roles/securesourcemanager.repoAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}\n\n* {{project}}/{{location}}/{{repository_id}}\n\n* {{location}}/{{repository_id}}\n\n* {{repository_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nSecure Source Manager repository IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:securesourcemanager/repositoryIamMember:RepositoryIamMember editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository_id}} roles/securesourcemanager.repoAdmin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:securesourcemanager/repositoryIamMember:RepositoryIamMember editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository_id}} roles/securesourcemanager.repoAdmin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:securesourcemanager/repositoryIamMember:RepositoryIamMember editor projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Secure Source Manager Repository. Each of these resources serves a different use case:\n\n* `gcp.securesourcemanager.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.securesourcemanager.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.securesourcemanager.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.securesourcemanager.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.securesourcemanager.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.securesourcemanager.RepositoryIamBinding` and `gcp.securesourcemanager.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.securesourcemanager.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.securesourcemanager.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.securesourcemanager.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/securesourcemanager.repoAdmin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.securesourcemanager.RepositoryIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/securesourcemanager.repoAdmin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.securesourcemanager.RepositoryIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/securesourcemanager.repoAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecureSourceManager.RepositoryIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/securesourcemanager.repoAdmin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securesourcemanager.NewRepositoryIamPolicy(ctx, \"policy\", \u0026securesourcemanager.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamPolicy;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/securesourcemanager.repoAdmin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:securesourcemanager:RepositoryIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/securesourcemanager.repoAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securesourcemanager.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.securesourcemanager.RepositoryIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n role: \"roles/securesourcemanager.repoAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.securesourcemanager.RepositoryIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n role=\"roles/securesourcemanager.repoAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecureSourceManager.RepositoryIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n Role = \"roles/securesourcemanager.repoAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securesourcemanager.NewRepositoryIamBinding(ctx, \"binding\", \u0026securesourcemanager.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tRole: pulumi.String(\"roles/securesourcemanager.repoAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamBinding;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .role(\"roles/securesourcemanager.repoAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:securesourcemanager:RepositoryIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n role: roles/securesourcemanager.repoAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securesourcemanager.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.securesourcemanager.RepositoryIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n role: \"roles/securesourcemanager.repoAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.securesourcemanager.RepositoryIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n role=\"roles/securesourcemanager.repoAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecureSourceManager.RepositoryIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n Role = \"roles/securesourcemanager.repoAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securesourcemanager.NewRepositoryIamMember(ctx, \"member\", \u0026securesourcemanager.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tRole: pulumi.String(\"roles/securesourcemanager.repoAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamMember;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .role(\"roles/securesourcemanager.repoAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:securesourcemanager:RepositoryIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n role: roles/securesourcemanager.repoAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Secure Source Manager Repository\nThree different resources help you manage your IAM policy for Secure Source Manager Repository. Each of these resources serves a different use case:\n\n* `gcp.securesourcemanager.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.securesourcemanager.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.securesourcemanager.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.securesourcemanager.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.securesourcemanager.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.securesourcemanager.RepositoryIamBinding` and `gcp.securesourcemanager.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.securesourcemanager.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.securesourcemanager.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.securesourcemanager.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/securesourcemanager.repoAdmin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.securesourcemanager.RepositoryIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/securesourcemanager.repoAdmin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.securesourcemanager.RepositoryIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/securesourcemanager.repoAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecureSourceManager.RepositoryIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/securesourcemanager.repoAdmin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securesourcemanager.NewRepositoryIamPolicy(ctx, \"policy\", \u0026securesourcemanager.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamPolicy;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/securesourcemanager.repoAdmin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:securesourcemanager:RepositoryIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/securesourcemanager.repoAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securesourcemanager.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.securesourcemanager.RepositoryIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n role: \"roles/securesourcemanager.repoAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.securesourcemanager.RepositoryIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n role=\"roles/securesourcemanager.repoAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecureSourceManager.RepositoryIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n Role = \"roles/securesourcemanager.repoAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securesourcemanager.NewRepositoryIamBinding(ctx, \"binding\", \u0026securesourcemanager.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tRole: pulumi.String(\"roles/securesourcemanager.repoAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamBinding;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .role(\"roles/securesourcemanager.repoAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:securesourcemanager:RepositoryIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n role: roles/securesourcemanager.repoAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securesourcemanager.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.securesourcemanager.RepositoryIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n role: \"roles/securesourcemanager.repoAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.securesourcemanager.RepositoryIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n role=\"roles/securesourcemanager.repoAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecureSourceManager.RepositoryIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n Role = \"roles/securesourcemanager.repoAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securesourcemanager.NewRepositoryIamMember(ctx, \"member\", \u0026securesourcemanager.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tRole: pulumi.String(\"roles/securesourcemanager.repoAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamMember;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .role(\"roles/securesourcemanager.repoAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:securesourcemanager:RepositoryIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n role: roles/securesourcemanager.repoAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}\n\n* {{project}}/{{location}}/{{repository_id}}\n\n* {{location}}/{{repository_id}}\n\n* {{repository_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nSecure Source Manager repository IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:securesourcemanager/repositoryIamMember:RepositoryIamMember editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository_id}} roles/securesourcemanager.repoAdmin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:securesourcemanager/repositoryIamMember:RepositoryIamMember editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository_id}} roles/securesourcemanager.repoAdmin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:securesourcemanager/repositoryIamMember:RepositoryIamMember editor projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:securesourcemanager/RepositoryIamMemberCondition:RepositoryIamMemberCondition" @@ -258370,7 +258370,7 @@ } }, "gcp:securesourcemanager/repositoryIamPolicy:RepositoryIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Secure Source Manager Repository. Each of these resources serves a different use case:\n\n* `gcp.securesourcemanager.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.securesourcemanager.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.securesourcemanager.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.securesourcemanager.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.securesourcemanager.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.securesourcemanager.RepositoryIamBinding` and `gcp.securesourcemanager.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.securesourcemanager.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.securesourcemanager.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.securesourcemanager.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/securesourcemanager.repoAdmin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.securesourcemanager.RepositoryIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/securesourcemanager.repoAdmin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.securesourcemanager.RepositoryIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/securesourcemanager.repoAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecureSourceManager.RepositoryIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/securesourcemanager.repoAdmin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securesourcemanager.NewRepositoryIamPolicy(ctx, \"policy\", \u0026securesourcemanager.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamPolicy;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/securesourcemanager.repoAdmin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:securesourcemanager:RepositoryIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/securesourcemanager.repoAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securesourcemanager.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.securesourcemanager.RepositoryIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n role: \"roles/securesourcemanager.repoAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.securesourcemanager.RepositoryIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n role=\"roles/securesourcemanager.repoAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecureSourceManager.RepositoryIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n Role = \"roles/securesourcemanager.repoAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securesourcemanager.NewRepositoryIamBinding(ctx, \"binding\", \u0026securesourcemanager.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tRole: pulumi.String(\"roles/securesourcemanager.repoAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamBinding;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .role(\"roles/securesourcemanager.repoAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:securesourcemanager:RepositoryIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n role: roles/securesourcemanager.repoAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securesourcemanager.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.securesourcemanager.RepositoryIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n role: \"roles/securesourcemanager.repoAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.securesourcemanager.RepositoryIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n role=\"roles/securesourcemanager.repoAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecureSourceManager.RepositoryIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n Role = \"roles/securesourcemanager.repoAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securesourcemanager.NewRepositoryIamMember(ctx, \"member\", \u0026securesourcemanager.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tRole: pulumi.String(\"roles/securesourcemanager.repoAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamMember;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .role(\"roles/securesourcemanager.repoAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:securesourcemanager:RepositoryIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n role: roles/securesourcemanager.repoAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Secure Source Manager Repository\nThree different resources help you manage your IAM policy for Secure Source Manager Repository. Each of these resources serves a different use case:\n\n* `gcp.securesourcemanager.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.securesourcemanager.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.securesourcemanager.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.securesourcemanager.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.securesourcemanager.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.securesourcemanager.RepositoryIamBinding` and `gcp.securesourcemanager.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.securesourcemanager.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.securesourcemanager.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.securesourcemanager.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/securesourcemanager.repoAdmin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.securesourcemanager.RepositoryIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/securesourcemanager.repoAdmin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.securesourcemanager.RepositoryIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/securesourcemanager.repoAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecureSourceManager.RepositoryIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/securesourcemanager.repoAdmin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securesourcemanager.NewRepositoryIamPolicy(ctx, \"policy\", \u0026securesourcemanager.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamPolicy;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/securesourcemanager.repoAdmin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:securesourcemanager:RepositoryIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/securesourcemanager.repoAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securesourcemanager.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.securesourcemanager.RepositoryIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n role: \"roles/securesourcemanager.repoAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.securesourcemanager.RepositoryIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n role=\"roles/securesourcemanager.repoAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecureSourceManager.RepositoryIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n Role = \"roles/securesourcemanager.repoAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securesourcemanager.NewRepositoryIamBinding(ctx, \"binding\", \u0026securesourcemanager.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tRole: pulumi.String(\"roles/securesourcemanager.repoAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamBinding;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .role(\"roles/securesourcemanager.repoAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:securesourcemanager:RepositoryIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n role: roles/securesourcemanager.repoAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securesourcemanager.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.securesourcemanager.RepositoryIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n role: \"roles/securesourcemanager.repoAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.securesourcemanager.RepositoryIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n role=\"roles/securesourcemanager.repoAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecureSourceManager.RepositoryIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n Role = \"roles/securesourcemanager.repoAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securesourcemanager.NewRepositoryIamMember(ctx, \"member\", \u0026securesourcemanager.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tRole: pulumi.String(\"roles/securesourcemanager.repoAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamMember;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .role(\"roles/securesourcemanager.repoAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:securesourcemanager:RepositoryIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n role: roles/securesourcemanager.repoAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}\n\n* {{project}}/{{location}}/{{repository_id}}\n\n* {{location}}/{{repository_id}}\n\n* {{repository_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nSecure Source Manager repository IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:securesourcemanager/repositoryIamPolicy:RepositoryIamPolicy editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository_id}} roles/securesourcemanager.repoAdmin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:securesourcemanager/repositoryIamPolicy:RepositoryIamPolicy editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository_id}} roles/securesourcemanager.repoAdmin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:securesourcemanager/repositoryIamPolicy:RepositoryIamPolicy editor projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Secure Source Manager Repository. Each of these resources serves a different use case:\n\n* `gcp.securesourcemanager.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.securesourcemanager.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.securesourcemanager.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.securesourcemanager.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.securesourcemanager.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.securesourcemanager.RepositoryIamBinding` and `gcp.securesourcemanager.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.securesourcemanager.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.securesourcemanager.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.securesourcemanager.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/securesourcemanager.repoAdmin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.securesourcemanager.RepositoryIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/securesourcemanager.repoAdmin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.securesourcemanager.RepositoryIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/securesourcemanager.repoAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecureSourceManager.RepositoryIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/securesourcemanager.repoAdmin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securesourcemanager.NewRepositoryIamPolicy(ctx, \"policy\", \u0026securesourcemanager.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamPolicy;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/securesourcemanager.repoAdmin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:securesourcemanager:RepositoryIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/securesourcemanager.repoAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securesourcemanager.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.securesourcemanager.RepositoryIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n role: \"roles/securesourcemanager.repoAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.securesourcemanager.RepositoryIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n role=\"roles/securesourcemanager.repoAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecureSourceManager.RepositoryIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n Role = \"roles/securesourcemanager.repoAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securesourcemanager.NewRepositoryIamBinding(ctx, \"binding\", \u0026securesourcemanager.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tRole: pulumi.String(\"roles/securesourcemanager.repoAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamBinding;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .role(\"roles/securesourcemanager.repoAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:securesourcemanager:RepositoryIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n role: roles/securesourcemanager.repoAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securesourcemanager.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.securesourcemanager.RepositoryIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n role: \"roles/securesourcemanager.repoAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.securesourcemanager.RepositoryIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n role=\"roles/securesourcemanager.repoAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecureSourceManager.RepositoryIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n Role = \"roles/securesourcemanager.repoAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securesourcemanager.NewRepositoryIamMember(ctx, \"member\", \u0026securesourcemanager.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tRole: pulumi.String(\"roles/securesourcemanager.repoAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamMember;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .role(\"roles/securesourcemanager.repoAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:securesourcemanager:RepositoryIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n role: roles/securesourcemanager.repoAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Secure Source Manager Repository\nThree different resources help you manage your IAM policy for Secure Source Manager Repository. Each of these resources serves a different use case:\n\n* `gcp.securesourcemanager.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.securesourcemanager.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.securesourcemanager.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.securesourcemanager.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.securesourcemanager.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.securesourcemanager.RepositoryIamBinding` and `gcp.securesourcemanager.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.securesourcemanager.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.securesourcemanager.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.securesourcemanager.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/securesourcemanager.repoAdmin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.securesourcemanager.RepositoryIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/securesourcemanager.repoAdmin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.securesourcemanager.RepositoryIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/securesourcemanager.repoAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecureSourceManager.RepositoryIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/securesourcemanager.repoAdmin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securesourcemanager.NewRepositoryIamPolicy(ctx, \"policy\", \u0026securesourcemanager.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamPolicy;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/securesourcemanager.repoAdmin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:securesourcemanager:RepositoryIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/securesourcemanager.repoAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securesourcemanager.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.securesourcemanager.RepositoryIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n role: \"roles/securesourcemanager.repoAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.securesourcemanager.RepositoryIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n role=\"roles/securesourcemanager.repoAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecureSourceManager.RepositoryIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n Role = \"roles/securesourcemanager.repoAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securesourcemanager.NewRepositoryIamBinding(ctx, \"binding\", \u0026securesourcemanager.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tRole: pulumi.String(\"roles/securesourcemanager.repoAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamBinding;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .role(\"roles/securesourcemanager.repoAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:securesourcemanager:RepositoryIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n role: roles/securesourcemanager.repoAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securesourcemanager.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.securesourcemanager.RepositoryIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n role: \"roles/securesourcemanager.repoAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.securesourcemanager.RepositoryIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"],\n role=\"roles/securesourcemanager.repoAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecureSourceManager.RepositoryIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n Role = \"roles/securesourcemanager.repoAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securesourcemanager.NewRepositoryIamMember(ctx, \"member\", \u0026securesourcemanager.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tRepositoryId: pulumi.Any(_default.RepositoryId),\n\t\t\tRole: pulumi.String(\"roles/securesourcemanager.repoAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamMember;\nimport com.pulumi.gcp.securesourcemanager.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .role(\"roles/securesourcemanager.repoAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:securesourcemanager:RepositoryIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n role: roles/securesourcemanager.repoAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}\n\n* {{project}}/{{location}}/{{repository_id}}\n\n* {{location}}/{{repository_id}}\n\n* {{repository_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nSecure Source Manager repository IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:securesourcemanager/repositoryIamPolicy:RepositoryIamPolicy editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository_id}} roles/securesourcemanager.repoAdmin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:securesourcemanager/repositoryIamPolicy:RepositoryIamPolicy editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository_id}} roles/securesourcemanager.repoAdmin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:securesourcemanager/repositoryIamPolicy:RepositoryIamPolicy editor projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -258928,7 +258928,7 @@ } }, "gcp:securitycenter/instanceIamBinding:InstanceIamBinding": { - "description": "Represents a Data Fusion instance.\n\n\nTo get more information about Instance, see:\n\n* [API documentation](https://cloud.google.com/data-fusion/docs/reference/rest/v1beta1/projects.locations.instances)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/data-fusion/docs/)\n\n## Example Usage\n\n### Data Fusion Instance Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basicInstance = new gcp.datafusion.Instance(\"basic_instance\", {\n name: \"my-instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic_instance = gcp.datafusion.Instance(\"basic_instance\",\n name=\"my-instance\",\n region=\"us-central1\",\n type=\"BASIC\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basicInstance = new Gcp.DataFusion.Instance(\"basic_instance\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datafusion.NewInstance(ctx, \"basic_instance\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basicInstance = new Instance(\"basicInstance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basicInstance:\n type: gcp:datafusion:Instance\n name: basic_instance\n properties:\n name: my-instance\n region: us-central1\n type: BASIC\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.appengine.getDefaultServiceAccount({});\nconst network = new gcp.compute.Network(\"network\", {name: \"datafusion-full-network\"});\nconst privateIpAlloc = new gcp.compute.GlobalAddress(\"private_ip_alloc\", {\n name: \"datafusion-ip-alloc\",\n addressType: \"INTERNAL\",\n purpose: \"VPC_PEERING\",\n prefixLength: 22,\n network: network.id,\n});\nconst extendedInstance = new gcp.datafusion.Instance(\"extended_instance\", {\n name: \"my-instance\",\n description: \"My Data Fusion instance\",\n displayName: \"My Data Fusion instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n enableStackdriverLogging: true,\n enableStackdriverMonitoring: true,\n privateInstance: true,\n dataprocServiceAccount: _default.then(_default =\u003e _default.email),\n labels: {\n example_key: \"example_value\",\n },\n networkConfig: {\n network: \"default\",\n ipAllocation: pulumi.interpolate`${privateIpAlloc.address}/${privateIpAlloc.prefixLength}`,\n },\n accelerators: [{\n acceleratorType: \"CDC\",\n state: \"ENABLED\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.appengine.get_default_service_account()\nnetwork = gcp.compute.Network(\"network\", name=\"datafusion-full-network\")\nprivate_ip_alloc = gcp.compute.GlobalAddress(\"private_ip_alloc\",\n name=\"datafusion-ip-alloc\",\n address_type=\"INTERNAL\",\n purpose=\"VPC_PEERING\",\n prefix_length=22,\n network=network.id)\nextended_instance = gcp.datafusion.Instance(\"extended_instance\",\n name=\"my-instance\",\n description=\"My Data Fusion instance\",\n display_name=\"My Data Fusion instance\",\n region=\"us-central1\",\n type=\"BASIC\",\n enable_stackdriver_logging=True,\n enable_stackdriver_monitoring=True,\n private_instance=True,\n dataproc_service_account=default.email,\n labels={\n \"example_key\": \"example_value\",\n },\n network_config={\n \"network\": \"default\",\n \"ip_allocation\": pulumi.Output.all(\n address=private_ip_alloc.address,\n prefix_length=private_ip_alloc.prefix_length\n).apply(lambda resolved_outputs: f\"{resolved_outputs['address']}/{resolved_outputs['prefix_length']}\")\n,\n },\n accelerators=[{\n \"accelerator_type\": \"CDC\",\n \"state\": \"ENABLED\",\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.AppEngine.GetDefaultServiceAccount.Invoke();\n\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"datafusion-full-network\",\n });\n\n var privateIpAlloc = new Gcp.Compute.GlobalAddress(\"private_ip_alloc\", new()\n {\n Name = \"datafusion-ip-alloc\",\n AddressType = \"INTERNAL\",\n Purpose = \"VPC_PEERING\",\n PrefixLength = 22,\n Network = network.Id,\n });\n\n var extendedInstance = new Gcp.DataFusion.Instance(\"extended_instance\", new()\n {\n Name = \"my-instance\",\n Description = \"My Data Fusion instance\",\n DisplayName = \"My Data Fusion instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n EnableStackdriverLogging = true,\n EnableStackdriverMonitoring = true,\n PrivateInstance = true,\n DataprocServiceAccount = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Email)),\n Labels = \n {\n { \"example_key\", \"example_value\" },\n },\n NetworkConfig = new Gcp.DataFusion.Inputs.InstanceNetworkConfigArgs\n {\n Network = \"default\",\n IpAllocation = Output.Tuple(privateIpAlloc.Address, privateIpAlloc.PrefixLength).Apply(values =\u003e\n {\n var address = values.Item1;\n var prefixLength = values.Item2;\n return $\"{address}/{prefixLength}\";\n }),\n },\n Accelerators = new[]\n {\n new Gcp.DataFusion.Inputs.InstanceAcceleratorArgs\n {\n AcceleratorType = \"CDC\",\n State = \"ENABLED\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/appengine\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := appengine.GetDefaultServiceAccount(ctx, \u0026appengine.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"datafusion-full-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateIpAlloc, err := compute.NewGlobalAddress(ctx, \"private_ip_alloc\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"datafusion-ip-alloc\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tPrefixLength: pulumi.Int(22),\n\t\t\tNetwork: network.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datafusion.NewInstance(ctx, \"extended_instance\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tDescription: pulumi.String(\"My Data Fusion instance\"),\n\t\t\tDisplayName: pulumi.String(\"My Data Fusion instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t\tEnableStackdriverLogging: pulumi.Bool(true),\n\t\t\tEnableStackdriverMonitoring: pulumi.Bool(true),\n\t\t\tPrivateInstance: pulumi.Bool(true),\n\t\t\tDataprocServiceAccount: pulumi.String(_default.Email),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"example_key\": pulumi.String(\"example_value\"),\n\t\t\t},\n\t\t\tNetworkConfig: \u0026datafusion.InstanceNetworkConfigArgs{\n\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\tIpAllocation: pulumi.All(privateIpAlloc.Address, privateIpAlloc.PrefixLength).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\taddress := _args[0].(string)\n\t\t\t\t\tprefixLength := _args[1].(int)\n\t\t\t\t\treturn fmt.Sprintf(\"%v/%v\", address, prefixLength), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t\tAccelerators: datafusion.InstanceAcceleratorArray{\n\t\t\t\t\u0026datafusion.InstanceAcceleratorArgs{\n\t\t\t\t\tAcceleratorType: pulumi.String(\"CDC\"),\n\t\t\t\t\tState: pulumi.String(\"ENABLED\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.appengine.AppengineFunctions;\nimport com.pulumi.gcp.appengine.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceNetworkConfigArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceAcceleratorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = AppengineFunctions.getDefaultServiceAccount();\n\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"datafusion-full-network\")\n .build());\n\n var privateIpAlloc = new GlobalAddress(\"privateIpAlloc\", GlobalAddressArgs.builder()\n .name(\"datafusion-ip-alloc\")\n .addressType(\"INTERNAL\")\n .purpose(\"VPC_PEERING\")\n .prefixLength(22)\n .network(network.id())\n .build());\n\n var extendedInstance = new Instance(\"extendedInstance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .description(\"My Data Fusion instance\")\n .displayName(\"My Data Fusion instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .enableStackdriverLogging(true)\n .enableStackdriverMonitoring(true)\n .privateInstance(true)\n .dataprocServiceAccount(default_.email())\n .labels(Map.of(\"example_key\", \"example_value\"))\n .networkConfig(InstanceNetworkConfigArgs.builder()\n .network(\"default\")\n .ipAllocation(Output.tuple(privateIpAlloc.address(), privateIpAlloc.prefixLength()).applyValue(values -\u003e {\n var address = values.t1;\n var prefixLength = values.t2;\n return String.format(\"%s/%s\", address,prefixLength);\n }))\n .build())\n .accelerators(InstanceAcceleratorArgs.builder()\n .acceleratorType(\"CDC\")\n .state(\"ENABLED\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n extendedInstance:\n type: gcp:datafusion:Instance\n name: extended_instance\n properties:\n name: my-instance\n description: My Data Fusion instance\n displayName: My Data Fusion instance\n region: us-central1\n type: BASIC\n enableStackdriverLogging: true\n enableStackdriverMonitoring: true\n privateInstance: true\n dataprocServiceAccount: ${default.email}\n labels:\n example_key: example_value\n networkConfig:\n network: default\n ipAllocation: ${privateIpAlloc.address}/${privateIpAlloc.prefixLength}\n accelerators:\n - acceleratorType: CDC\n state: ENABLED\n network:\n type: gcp:compute:Network\n properties:\n name: datafusion-full-network\n privateIpAlloc:\n type: gcp:compute:GlobalAddress\n name: private_ip_alloc\n properties:\n name: datafusion-ip-alloc\n addressType: INTERNAL\n purpose: VPC_PEERING\n prefixLength: 22\n network: ${network.id}\nvariables:\n default:\n fn::invoke:\n Function: gcp:appengine:getDefaultServiceAccount\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Psc\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst psc = new gcp.compute.Network(\"psc\", {\n name: \"datafusion-psc-network\",\n autoCreateSubnetworks: false,\n});\nconst pscSubnetwork = new gcp.compute.Subnetwork(\"psc\", {\n name: \"datafusion-psc-subnet\",\n region: \"us-central1\",\n network: psc.id,\n ipCidrRange: \"10.0.0.0/16\",\n});\nconst pscNetworkAttachment = new gcp.compute.NetworkAttachment(\"psc\", {\n name: \"datafusion-psc-attachment\",\n region: \"us-central1\",\n connectionPreference: \"ACCEPT_AUTOMATIC\",\n subnetworks: [pscSubnetwork.selfLink],\n});\nconst pscInstance = new gcp.datafusion.Instance(\"psc_instance\", {\n name: \"psc-instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n privateInstance: true,\n networkConfig: {\n connectionType: \"PRIVATE_SERVICE_CONNECT_INTERFACES\",\n privateServiceConnectConfig: {\n networkAttachment: pscNetworkAttachment.id,\n unreachableCidrBlock: \"192.168.0.0/25\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npsc = gcp.compute.Network(\"psc\",\n name=\"datafusion-psc-network\",\n auto_create_subnetworks=False)\npsc_subnetwork = gcp.compute.Subnetwork(\"psc\",\n name=\"datafusion-psc-subnet\",\n region=\"us-central1\",\n network=psc.id,\n ip_cidr_range=\"10.0.0.0/16\")\npsc_network_attachment = gcp.compute.NetworkAttachment(\"psc\",\n name=\"datafusion-psc-attachment\",\n region=\"us-central1\",\n connection_preference=\"ACCEPT_AUTOMATIC\",\n subnetworks=[psc_subnetwork.self_link])\npsc_instance = gcp.datafusion.Instance(\"psc_instance\",\n name=\"psc-instance\",\n region=\"us-central1\",\n type=\"BASIC\",\n private_instance=True,\n network_config={\n \"connection_type\": \"PRIVATE_SERVICE_CONNECT_INTERFACES\",\n \"private_service_connect_config\": {\n \"network_attachment\": psc_network_attachment.id,\n \"unreachable_cidr_block\": \"192.168.0.0/25\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var psc = new Gcp.Compute.Network(\"psc\", new()\n {\n Name = \"datafusion-psc-network\",\n AutoCreateSubnetworks = false,\n });\n\n var pscSubnetwork = new Gcp.Compute.Subnetwork(\"psc\", new()\n {\n Name = \"datafusion-psc-subnet\",\n Region = \"us-central1\",\n Network = psc.Id,\n IpCidrRange = \"10.0.0.0/16\",\n });\n\n var pscNetworkAttachment = new Gcp.Compute.NetworkAttachment(\"psc\", new()\n {\n Name = \"datafusion-psc-attachment\",\n Region = \"us-central1\",\n ConnectionPreference = \"ACCEPT_AUTOMATIC\",\n Subnetworks = new[]\n {\n pscSubnetwork.SelfLink,\n },\n });\n\n var pscInstance = new Gcp.DataFusion.Instance(\"psc_instance\", new()\n {\n Name = \"psc-instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n PrivateInstance = true,\n NetworkConfig = new Gcp.DataFusion.Inputs.InstanceNetworkConfigArgs\n {\n ConnectionType = \"PRIVATE_SERVICE_CONNECT_INTERFACES\",\n PrivateServiceConnectConfig = new Gcp.DataFusion.Inputs.InstanceNetworkConfigPrivateServiceConnectConfigArgs\n {\n NetworkAttachment = pscNetworkAttachment.Id,\n UnreachableCidrBlock = \"192.168.0.0/25\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpsc, err := compute.NewNetwork(ctx, \"psc\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"datafusion-psc-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscSubnetwork, err := compute.NewSubnetwork(ctx, \"psc\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"datafusion-psc-subnet\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: psc.ID(),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscNetworkAttachment, err := compute.NewNetworkAttachment(ctx, \"psc\", \u0026compute.NetworkAttachmentArgs{\n\t\t\tName: pulumi.String(\"datafusion-psc-attachment\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tConnectionPreference: pulumi.String(\"ACCEPT_AUTOMATIC\"),\n\t\t\tSubnetworks: pulumi.StringArray{\n\t\t\t\tpscSubnetwork.SelfLink,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datafusion.NewInstance(ctx, \"psc_instance\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"psc-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t\tPrivateInstance: pulumi.Bool(true),\n\t\t\tNetworkConfig: \u0026datafusion.InstanceNetworkConfigArgs{\n\t\t\t\tConnectionType: pulumi.String(\"PRIVATE_SERVICE_CONNECT_INTERFACES\"),\n\t\t\t\tPrivateServiceConnectConfig: \u0026datafusion.InstanceNetworkConfigPrivateServiceConnectConfigArgs{\n\t\t\t\t\tNetworkAttachment: pscNetworkAttachment.ID(),\n\t\t\t\t\tUnreachableCidrBlock: pulumi.String(\"192.168.0.0/25\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.NetworkAttachment;\nimport com.pulumi.gcp.compute.NetworkAttachmentArgs;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceNetworkConfigArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceNetworkConfigPrivateServiceConnectConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var psc = new Network(\"psc\", NetworkArgs.builder()\n .name(\"datafusion-psc-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var pscSubnetwork = new Subnetwork(\"pscSubnetwork\", SubnetworkArgs.builder()\n .name(\"datafusion-psc-subnet\")\n .region(\"us-central1\")\n .network(psc.id())\n .ipCidrRange(\"10.0.0.0/16\")\n .build());\n\n var pscNetworkAttachment = new NetworkAttachment(\"pscNetworkAttachment\", NetworkAttachmentArgs.builder()\n .name(\"datafusion-psc-attachment\")\n .region(\"us-central1\")\n .connectionPreference(\"ACCEPT_AUTOMATIC\")\n .subnetworks(pscSubnetwork.selfLink())\n .build());\n\n var pscInstance = new Instance(\"pscInstance\", InstanceArgs.builder()\n .name(\"psc-instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .privateInstance(true)\n .networkConfig(InstanceNetworkConfigArgs.builder()\n .connectionType(\"PRIVATE_SERVICE_CONNECT_INTERFACES\")\n .privateServiceConnectConfig(InstanceNetworkConfigPrivateServiceConnectConfigArgs.builder()\n .networkAttachment(pscNetworkAttachment.id())\n .unreachableCidrBlock(\"192.168.0.0/25\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pscInstance:\n type: gcp:datafusion:Instance\n name: psc_instance\n properties:\n name: psc-instance\n region: us-central1\n type: BASIC\n privateInstance: true\n networkConfig:\n connectionType: PRIVATE_SERVICE_CONNECT_INTERFACES\n privateServiceConnectConfig:\n networkAttachment: ${pscNetworkAttachment.id}\n unreachableCidrBlock: 192.168.0.0/25\n psc:\n type: gcp:compute:Network\n properties:\n name: datafusion-psc-network\n autoCreateSubnetworks: false\n pscSubnetwork:\n type: gcp:compute:Subnetwork\n name: psc\n properties:\n name: datafusion-psc-subnet\n region: us-central1\n network: ${psc.id}\n ipCidrRange: 10.0.0.0/16\n pscNetworkAttachment:\n type: gcp:compute:NetworkAttachment\n name: psc\n properties:\n name: datafusion-psc-attachment\n region: us-central1\n connectionPreference: ACCEPT_AUTOMATIC\n subnetworks:\n - ${pscSubnetwork.selfLink}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Cmek\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRing(\"key_ring\", {\n name: \"my-instance\",\n location: \"us-central1\",\n});\nconst cryptoKey = new gcp.kms.CryptoKey(\"crypto_key\", {\n name: \"my-instance\",\n keyRing: keyRing.id,\n});\nconst project = gcp.organizations.getProject({});\nconst cryptoKeyMember = new gcp.kms.CryptoKeyIAMMember(\"crypto_key_member\", {\n cryptoKeyId: cryptoKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-datafusion.iam.gserviceaccount.com`),\n});\nconst cmek = new gcp.datafusion.Instance(\"cmek\", {\n name: \"my-instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n cryptoKeyConfig: {\n keyReference: cryptoKey.id,\n },\n}, {\n dependsOn: [cryptoKeyMember],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRing(\"key_ring\",\n name=\"my-instance\",\n location=\"us-central1\")\ncrypto_key = gcp.kms.CryptoKey(\"crypto_key\",\n name=\"my-instance\",\n key_ring=key_ring.id)\nproject = gcp.organizations.get_project()\ncrypto_key_member = gcp.kms.CryptoKeyIAMMember(\"crypto_key_member\",\n crypto_key_id=crypto_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-datafusion.iam.gserviceaccount.com\")\ncmek = gcp.datafusion.Instance(\"cmek\",\n name=\"my-instance\",\n region=\"us-central1\",\n type=\"BASIC\",\n crypto_key_config={\n \"key_reference\": crypto_key.id,\n },\n opts = pulumi.ResourceOptions(depends_on=[crypto_key_member]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRing(\"key_ring\", new()\n {\n Name = \"my-instance\",\n Location = \"us-central1\",\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKey(\"crypto_key\", new()\n {\n Name = \"my-instance\",\n KeyRing = keyRing.Id,\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var cryptoKeyMember = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key_member\", new()\n {\n CryptoKeyId = cryptoKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-datafusion.iam.gserviceaccount.com\",\n });\n\n var cmek = new Gcp.DataFusion.Instance(\"cmek\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n CryptoKeyConfig = new Gcp.DataFusion.Inputs.InstanceCryptoKeyConfigArgs\n {\n KeyReference = cryptoKey.Id,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n cryptoKeyMember,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyRing, err := kms.NewKeyRing(ctx, \"key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKey(ctx, \"crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tKeyRing: keyRing.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKeyMember, err := kms.NewCryptoKeyIAMMember(ctx, \"crypto_key_member\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: cryptoKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-datafusion.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datafusion.NewInstance(ctx, \"cmek\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t\tCryptoKeyConfig: \u0026datafusion.InstanceCryptoKeyConfigArgs{\n\t\t\t\tKeyReference: cryptoKey.ID(),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcryptoKeyMember,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceCryptoKeyConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRing(\"keyRing\", KeyRingArgs.builder()\n .name(\"my-instance\")\n .location(\"us-central1\")\n .build());\n\n var cryptoKey = new CryptoKey(\"cryptoKey\", CryptoKeyArgs.builder()\n .name(\"my-instance\")\n .keyRing(keyRing.id())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var cryptoKeyMember = new CryptoKeyIAMMember(\"cryptoKeyMember\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(cryptoKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-datafusion.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var cmek = new Instance(\"cmek\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .cryptoKeyConfig(InstanceCryptoKeyConfigArgs.builder()\n .keyReference(cryptoKey.id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(cryptoKeyMember)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cmek:\n type: gcp:datafusion:Instance\n properties:\n name: my-instance\n region: us-central1\n type: BASIC\n cryptoKeyConfig:\n keyReference: ${cryptoKey.id}\n options:\n dependson:\n - ${cryptoKeyMember}\n cryptoKey:\n type: gcp:kms:CryptoKey\n name: crypto_key\n properties:\n name: my-instance\n keyRing: ${keyRing.id}\n keyRing:\n type: gcp:kms:KeyRing\n name: key_ring\n properties:\n name: my-instance\n location: us-central1\n cryptoKeyMember:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key_member\n properties:\n cryptoKeyId: ${cryptoKey.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:service-${project.number}@gcp-sa-datafusion.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Enterprise\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst enterpriseInstance = new gcp.datafusion.Instance(\"enterprise_instance\", {\n name: \"my-instance\",\n region: \"us-central1\",\n type: \"ENTERPRISE\",\n enableRbac: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nenterprise_instance = gcp.datafusion.Instance(\"enterprise_instance\",\n name=\"my-instance\",\n region=\"us-central1\",\n type=\"ENTERPRISE\",\n enable_rbac=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var enterpriseInstance = new Gcp.DataFusion.Instance(\"enterprise_instance\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Type = \"ENTERPRISE\",\n EnableRbac = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datafusion.NewInstance(ctx, \"enterprise_instance\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"ENTERPRISE\"),\n\t\t\tEnableRbac: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var enterpriseInstance = new Instance(\"enterpriseInstance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .type(\"ENTERPRISE\")\n .enableRbac(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n enterpriseInstance:\n type: gcp:datafusion:Instance\n name: enterprise_instance\n properties:\n name: my-instance\n region: us-central1\n type: ENTERPRISE\n enableRbac: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Event\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst eventTopic = new gcp.pubsub.Topic(\"event\", {name: \"my-instance\"});\nconst event = new gcp.datafusion.Instance(\"event\", {\n name: \"my-instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n eventPublishConfig: {\n enabled: true,\n topic: eventTopic.id,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nevent_topic = gcp.pubsub.Topic(\"event\", name=\"my-instance\")\nevent = gcp.datafusion.Instance(\"event\",\n name=\"my-instance\",\n region=\"us-central1\",\n type=\"BASIC\",\n event_publish_config={\n \"enabled\": True,\n \"topic\": event_topic.id,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var eventTopic = new Gcp.PubSub.Topic(\"event\", new()\n {\n Name = \"my-instance\",\n });\n\n var @event = new Gcp.DataFusion.Instance(\"event\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n EventPublishConfig = new Gcp.DataFusion.Inputs.InstanceEventPublishConfigArgs\n {\n Enabled = true,\n Topic = eventTopic.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\teventTopic, err := pubsub.NewTopic(ctx, \"event\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datafusion.NewInstance(ctx, \"event\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t\tEventPublishConfig: \u0026datafusion.InstanceEventPublishConfigArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tTopic: eventTopic.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceEventPublishConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var eventTopic = new Topic(\"eventTopic\", TopicArgs.builder()\n .name(\"my-instance\")\n .build());\n\n var event = new Instance(\"event\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .eventPublishConfig(InstanceEventPublishConfigArgs.builder()\n .enabled(true)\n .topic(eventTopic.id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n event:\n type: gcp:datafusion:Instance\n properties:\n name: my-instance\n region: us-central1\n type: BASIC\n eventPublishConfig:\n enabled: true\n topic: ${eventTopic.id}\n eventTopic:\n type: gcp:pubsub:Topic\n name: event\n properties:\n name: my-instance\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Zone\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst zone = new gcp.datafusion.Instance(\"zone\", {\n name: \"my-instance\",\n region: \"us-central1\",\n zone: \"us-central1-a\",\n type: \"DEVELOPER\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nzone = gcp.datafusion.Instance(\"zone\",\n name=\"my-instance\",\n region=\"us-central1\",\n zone=\"us-central1-a\",\n type=\"DEVELOPER\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var zone = new Gcp.DataFusion.Instance(\"zone\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Zone = \"us-central1-a\",\n Type = \"DEVELOPER\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datafusion.NewInstance(ctx, \"zone\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tType: pulumi.String(\"DEVELOPER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var zone = new Instance(\"zone\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .zone(\"us-central1-a\")\n .type(\"DEVELOPER\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n zone:\n type: gcp:datafusion:Instance\n properties:\n name: my-instance\n region: us-central1\n zone: us-central1-a\n type: DEVELOPER\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInstance can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/instances/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Instance can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:securitycenter/instanceIamBinding:InstanceIamBinding default projects/{{project}}/locations/{{region}}/instances/{{name}}\n```\n\n```sh\n$ pulumi import gcp:securitycenter/instanceIamBinding:InstanceIamBinding default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:securitycenter/instanceIamBinding:InstanceIamBinding default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:securitycenter/instanceIamBinding:InstanceIamBinding default {{name}}\n```\n\n", + "description": "Represents a Data Fusion instance.\n\n\nTo get more information about Instance, see:\n\n* [API documentation](https://cloud.google.com/data-fusion/docs/reference/rest/v1beta1/projects.locations.instances)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/data-fusion/docs/)\n\n## Example Usage\n\n### Data Fusion Instance Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basicInstance = new gcp.datafusion.Instance(\"basic_instance\", {\n name: \"my-instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic_instance = gcp.datafusion.Instance(\"basic_instance\",\n name=\"my-instance\",\n region=\"us-central1\",\n type=\"BASIC\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basicInstance = new Gcp.DataFusion.Instance(\"basic_instance\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datafusion.NewInstance(ctx, \"basic_instance\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basicInstance = new Instance(\"basicInstance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basicInstance:\n type: gcp:datafusion:Instance\n name: basic_instance\n properties:\n name: my-instance\n region: us-central1\n type: BASIC\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.appengine.getDefaultServiceAccount({});\nconst network = new gcp.compute.Network(\"network\", {name: \"datafusion-full-network\"});\nconst privateIpAlloc = new gcp.compute.GlobalAddress(\"private_ip_alloc\", {\n name: \"datafusion-ip-alloc\",\n addressType: \"INTERNAL\",\n purpose: \"VPC_PEERING\",\n prefixLength: 22,\n network: network.id,\n});\nconst extendedInstance = new gcp.datafusion.Instance(\"extended_instance\", {\n name: \"my-instance\",\n description: \"My Data Fusion instance\",\n displayName: \"My Data Fusion instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n enableStackdriverLogging: true,\n enableStackdriverMonitoring: true,\n privateInstance: true,\n dataprocServiceAccount: _default.then(_default =\u003e _default.email),\n labels: {\n example_key: \"example_value\",\n },\n networkConfig: {\n network: \"default\",\n ipAllocation: pulumi.interpolate`${privateIpAlloc.address}/${privateIpAlloc.prefixLength}`,\n },\n accelerators: [{\n acceleratorType: \"CDC\",\n state: \"ENABLED\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.appengine.get_default_service_account()\nnetwork = gcp.compute.Network(\"network\", name=\"datafusion-full-network\")\nprivate_ip_alloc = gcp.compute.GlobalAddress(\"private_ip_alloc\",\n name=\"datafusion-ip-alloc\",\n address_type=\"INTERNAL\",\n purpose=\"VPC_PEERING\",\n prefix_length=22,\n network=network.id)\nextended_instance = gcp.datafusion.Instance(\"extended_instance\",\n name=\"my-instance\",\n description=\"My Data Fusion instance\",\n display_name=\"My Data Fusion instance\",\n region=\"us-central1\",\n type=\"BASIC\",\n enable_stackdriver_logging=True,\n enable_stackdriver_monitoring=True,\n private_instance=True,\n dataproc_service_account=default.email,\n labels={\n \"example_key\": \"example_value\",\n },\n network_config={\n \"network\": \"default\",\n \"ip_allocation\": pulumi.Output.all(\n address=private_ip_alloc.address,\n prefix_length=private_ip_alloc.prefix_length\n).apply(lambda resolved_outputs: f\"{resolved_outputs['address']}/{resolved_outputs['prefix_length']}\")\n,\n },\n accelerators=[{\n \"accelerator_type\": \"CDC\",\n \"state\": \"ENABLED\",\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.AppEngine.GetDefaultServiceAccount.Invoke();\n\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"datafusion-full-network\",\n });\n\n var privateIpAlloc = new Gcp.Compute.GlobalAddress(\"private_ip_alloc\", new()\n {\n Name = \"datafusion-ip-alloc\",\n AddressType = \"INTERNAL\",\n Purpose = \"VPC_PEERING\",\n PrefixLength = 22,\n Network = network.Id,\n });\n\n var extendedInstance = new Gcp.DataFusion.Instance(\"extended_instance\", new()\n {\n Name = \"my-instance\",\n Description = \"My Data Fusion instance\",\n DisplayName = \"My Data Fusion instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n EnableStackdriverLogging = true,\n EnableStackdriverMonitoring = true,\n PrivateInstance = true,\n DataprocServiceAccount = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Email)),\n Labels = \n {\n { \"example_key\", \"example_value\" },\n },\n NetworkConfig = new Gcp.DataFusion.Inputs.InstanceNetworkConfigArgs\n {\n Network = \"default\",\n IpAllocation = Output.Tuple(privateIpAlloc.Address, privateIpAlloc.PrefixLength).Apply(values =\u003e\n {\n var address = values.Item1;\n var prefixLength = values.Item2;\n return $\"{address}/{prefixLength}\";\n }),\n },\n Accelerators = new[]\n {\n new Gcp.DataFusion.Inputs.InstanceAcceleratorArgs\n {\n AcceleratorType = \"CDC\",\n State = \"ENABLED\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/appengine\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := appengine.GetDefaultServiceAccount(ctx, \u0026appengine.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"datafusion-full-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateIpAlloc, err := compute.NewGlobalAddress(ctx, \"private_ip_alloc\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"datafusion-ip-alloc\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tPrefixLength: pulumi.Int(22),\n\t\t\tNetwork: network.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datafusion.NewInstance(ctx, \"extended_instance\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tDescription: pulumi.String(\"My Data Fusion instance\"),\n\t\t\tDisplayName: pulumi.String(\"My Data Fusion instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t\tEnableStackdriverLogging: pulumi.Bool(true),\n\t\t\tEnableStackdriverMonitoring: pulumi.Bool(true),\n\t\t\tPrivateInstance: pulumi.Bool(true),\n\t\t\tDataprocServiceAccount: pulumi.String(_default.Email),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"example_key\": pulumi.String(\"example_value\"),\n\t\t\t},\n\t\t\tNetworkConfig: \u0026datafusion.InstanceNetworkConfigArgs{\n\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\tIpAllocation: pulumi.All(privateIpAlloc.Address, privateIpAlloc.PrefixLength).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\taddress := _args[0].(string)\n\t\t\t\t\tprefixLength := _args[1].(int)\n\t\t\t\t\treturn fmt.Sprintf(\"%v/%v\", address, prefixLength), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t\tAccelerators: datafusion.InstanceAcceleratorArray{\n\t\t\t\t\u0026datafusion.InstanceAcceleratorArgs{\n\t\t\t\t\tAcceleratorType: pulumi.String(\"CDC\"),\n\t\t\t\t\tState: pulumi.String(\"ENABLED\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.appengine.AppengineFunctions;\nimport com.pulumi.gcp.appengine.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceNetworkConfigArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceAcceleratorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = AppengineFunctions.getDefaultServiceAccount();\n\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"datafusion-full-network\")\n .build());\n\n var privateIpAlloc = new GlobalAddress(\"privateIpAlloc\", GlobalAddressArgs.builder()\n .name(\"datafusion-ip-alloc\")\n .addressType(\"INTERNAL\")\n .purpose(\"VPC_PEERING\")\n .prefixLength(22)\n .network(network.id())\n .build());\n\n var extendedInstance = new Instance(\"extendedInstance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .description(\"My Data Fusion instance\")\n .displayName(\"My Data Fusion instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .enableStackdriverLogging(true)\n .enableStackdriverMonitoring(true)\n .privateInstance(true)\n .dataprocServiceAccount(default_.email())\n .labels(Map.of(\"example_key\", \"example_value\"))\n .networkConfig(InstanceNetworkConfigArgs.builder()\n .network(\"default\")\n .ipAllocation(Output.tuple(privateIpAlloc.address(), privateIpAlloc.prefixLength()).applyValue(values -\u003e {\n var address = values.t1;\n var prefixLength = values.t2;\n return String.format(\"%s/%s\", address,prefixLength);\n }))\n .build())\n .accelerators(InstanceAcceleratorArgs.builder()\n .acceleratorType(\"CDC\")\n .state(\"ENABLED\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n extendedInstance:\n type: gcp:datafusion:Instance\n name: extended_instance\n properties:\n name: my-instance\n description: My Data Fusion instance\n displayName: My Data Fusion instance\n region: us-central1\n type: BASIC\n enableStackdriverLogging: true\n enableStackdriverMonitoring: true\n privateInstance: true\n dataprocServiceAccount: ${default.email}\n labels:\n example_key: example_value\n networkConfig:\n network: default\n ipAllocation: ${privateIpAlloc.address}/${privateIpAlloc.prefixLength}\n accelerators:\n - acceleratorType: CDC\n state: ENABLED\n network:\n type: gcp:compute:Network\n properties:\n name: datafusion-full-network\n privateIpAlloc:\n type: gcp:compute:GlobalAddress\n name: private_ip_alloc\n properties:\n name: datafusion-ip-alloc\n addressType: INTERNAL\n purpose: VPC_PEERING\n prefixLength: 22\n network: ${network.id}\nvariables:\n default:\n fn::invoke:\n function: gcp:appengine:getDefaultServiceAccount\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Psc\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst psc = new gcp.compute.Network(\"psc\", {\n name: \"datafusion-psc-network\",\n autoCreateSubnetworks: false,\n});\nconst pscSubnetwork = new gcp.compute.Subnetwork(\"psc\", {\n name: \"datafusion-psc-subnet\",\n region: \"us-central1\",\n network: psc.id,\n ipCidrRange: \"10.0.0.0/16\",\n});\nconst pscNetworkAttachment = new gcp.compute.NetworkAttachment(\"psc\", {\n name: \"datafusion-psc-attachment\",\n region: \"us-central1\",\n connectionPreference: \"ACCEPT_AUTOMATIC\",\n subnetworks: [pscSubnetwork.selfLink],\n});\nconst pscInstance = new gcp.datafusion.Instance(\"psc_instance\", {\n name: \"psc-instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n privateInstance: true,\n networkConfig: {\n connectionType: \"PRIVATE_SERVICE_CONNECT_INTERFACES\",\n privateServiceConnectConfig: {\n networkAttachment: pscNetworkAttachment.id,\n unreachableCidrBlock: \"192.168.0.0/25\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npsc = gcp.compute.Network(\"psc\",\n name=\"datafusion-psc-network\",\n auto_create_subnetworks=False)\npsc_subnetwork = gcp.compute.Subnetwork(\"psc\",\n name=\"datafusion-psc-subnet\",\n region=\"us-central1\",\n network=psc.id,\n ip_cidr_range=\"10.0.0.0/16\")\npsc_network_attachment = gcp.compute.NetworkAttachment(\"psc\",\n name=\"datafusion-psc-attachment\",\n region=\"us-central1\",\n connection_preference=\"ACCEPT_AUTOMATIC\",\n subnetworks=[psc_subnetwork.self_link])\npsc_instance = gcp.datafusion.Instance(\"psc_instance\",\n name=\"psc-instance\",\n region=\"us-central1\",\n type=\"BASIC\",\n private_instance=True,\n network_config={\n \"connection_type\": \"PRIVATE_SERVICE_CONNECT_INTERFACES\",\n \"private_service_connect_config\": {\n \"network_attachment\": psc_network_attachment.id,\n \"unreachable_cidr_block\": \"192.168.0.0/25\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var psc = new Gcp.Compute.Network(\"psc\", new()\n {\n Name = \"datafusion-psc-network\",\n AutoCreateSubnetworks = false,\n });\n\n var pscSubnetwork = new Gcp.Compute.Subnetwork(\"psc\", new()\n {\n Name = \"datafusion-psc-subnet\",\n Region = \"us-central1\",\n Network = psc.Id,\n IpCidrRange = \"10.0.0.0/16\",\n });\n\n var pscNetworkAttachment = new Gcp.Compute.NetworkAttachment(\"psc\", new()\n {\n Name = \"datafusion-psc-attachment\",\n Region = \"us-central1\",\n ConnectionPreference = \"ACCEPT_AUTOMATIC\",\n Subnetworks = new[]\n {\n pscSubnetwork.SelfLink,\n },\n });\n\n var pscInstance = new Gcp.DataFusion.Instance(\"psc_instance\", new()\n {\n Name = \"psc-instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n PrivateInstance = true,\n NetworkConfig = new Gcp.DataFusion.Inputs.InstanceNetworkConfigArgs\n {\n ConnectionType = \"PRIVATE_SERVICE_CONNECT_INTERFACES\",\n PrivateServiceConnectConfig = new Gcp.DataFusion.Inputs.InstanceNetworkConfigPrivateServiceConnectConfigArgs\n {\n NetworkAttachment = pscNetworkAttachment.Id,\n UnreachableCidrBlock = \"192.168.0.0/25\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpsc, err := compute.NewNetwork(ctx, \"psc\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"datafusion-psc-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscSubnetwork, err := compute.NewSubnetwork(ctx, \"psc\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"datafusion-psc-subnet\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: psc.ID(),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscNetworkAttachment, err := compute.NewNetworkAttachment(ctx, \"psc\", \u0026compute.NetworkAttachmentArgs{\n\t\t\tName: pulumi.String(\"datafusion-psc-attachment\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tConnectionPreference: pulumi.String(\"ACCEPT_AUTOMATIC\"),\n\t\t\tSubnetworks: pulumi.StringArray{\n\t\t\t\tpscSubnetwork.SelfLink,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datafusion.NewInstance(ctx, \"psc_instance\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"psc-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t\tPrivateInstance: pulumi.Bool(true),\n\t\t\tNetworkConfig: \u0026datafusion.InstanceNetworkConfigArgs{\n\t\t\t\tConnectionType: pulumi.String(\"PRIVATE_SERVICE_CONNECT_INTERFACES\"),\n\t\t\t\tPrivateServiceConnectConfig: \u0026datafusion.InstanceNetworkConfigPrivateServiceConnectConfigArgs{\n\t\t\t\t\tNetworkAttachment: pscNetworkAttachment.ID(),\n\t\t\t\t\tUnreachableCidrBlock: pulumi.String(\"192.168.0.0/25\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.NetworkAttachment;\nimport com.pulumi.gcp.compute.NetworkAttachmentArgs;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceNetworkConfigArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceNetworkConfigPrivateServiceConnectConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var psc = new Network(\"psc\", NetworkArgs.builder()\n .name(\"datafusion-psc-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var pscSubnetwork = new Subnetwork(\"pscSubnetwork\", SubnetworkArgs.builder()\n .name(\"datafusion-psc-subnet\")\n .region(\"us-central1\")\n .network(psc.id())\n .ipCidrRange(\"10.0.0.0/16\")\n .build());\n\n var pscNetworkAttachment = new NetworkAttachment(\"pscNetworkAttachment\", NetworkAttachmentArgs.builder()\n .name(\"datafusion-psc-attachment\")\n .region(\"us-central1\")\n .connectionPreference(\"ACCEPT_AUTOMATIC\")\n .subnetworks(pscSubnetwork.selfLink())\n .build());\n\n var pscInstance = new Instance(\"pscInstance\", InstanceArgs.builder()\n .name(\"psc-instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .privateInstance(true)\n .networkConfig(InstanceNetworkConfigArgs.builder()\n .connectionType(\"PRIVATE_SERVICE_CONNECT_INTERFACES\")\n .privateServiceConnectConfig(InstanceNetworkConfigPrivateServiceConnectConfigArgs.builder()\n .networkAttachment(pscNetworkAttachment.id())\n .unreachableCidrBlock(\"192.168.0.0/25\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pscInstance:\n type: gcp:datafusion:Instance\n name: psc_instance\n properties:\n name: psc-instance\n region: us-central1\n type: BASIC\n privateInstance: true\n networkConfig:\n connectionType: PRIVATE_SERVICE_CONNECT_INTERFACES\n privateServiceConnectConfig:\n networkAttachment: ${pscNetworkAttachment.id}\n unreachableCidrBlock: 192.168.0.0/25\n psc:\n type: gcp:compute:Network\n properties:\n name: datafusion-psc-network\n autoCreateSubnetworks: false\n pscSubnetwork:\n type: gcp:compute:Subnetwork\n name: psc\n properties:\n name: datafusion-psc-subnet\n region: us-central1\n network: ${psc.id}\n ipCidrRange: 10.0.0.0/16\n pscNetworkAttachment:\n type: gcp:compute:NetworkAttachment\n name: psc\n properties:\n name: datafusion-psc-attachment\n region: us-central1\n connectionPreference: ACCEPT_AUTOMATIC\n subnetworks:\n - ${pscSubnetwork.selfLink}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Cmek\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRing(\"key_ring\", {\n name: \"my-instance\",\n location: \"us-central1\",\n});\nconst cryptoKey = new gcp.kms.CryptoKey(\"crypto_key\", {\n name: \"my-instance\",\n keyRing: keyRing.id,\n});\nconst project = gcp.organizations.getProject({});\nconst cryptoKeyMember = new gcp.kms.CryptoKeyIAMMember(\"crypto_key_member\", {\n cryptoKeyId: cryptoKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-datafusion.iam.gserviceaccount.com`),\n});\nconst cmek = new gcp.datafusion.Instance(\"cmek\", {\n name: \"my-instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n cryptoKeyConfig: {\n keyReference: cryptoKey.id,\n },\n}, {\n dependsOn: [cryptoKeyMember],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRing(\"key_ring\",\n name=\"my-instance\",\n location=\"us-central1\")\ncrypto_key = gcp.kms.CryptoKey(\"crypto_key\",\n name=\"my-instance\",\n key_ring=key_ring.id)\nproject = gcp.organizations.get_project()\ncrypto_key_member = gcp.kms.CryptoKeyIAMMember(\"crypto_key_member\",\n crypto_key_id=crypto_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-datafusion.iam.gserviceaccount.com\")\ncmek = gcp.datafusion.Instance(\"cmek\",\n name=\"my-instance\",\n region=\"us-central1\",\n type=\"BASIC\",\n crypto_key_config={\n \"key_reference\": crypto_key.id,\n },\n opts = pulumi.ResourceOptions(depends_on=[crypto_key_member]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRing(\"key_ring\", new()\n {\n Name = \"my-instance\",\n Location = \"us-central1\",\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKey(\"crypto_key\", new()\n {\n Name = \"my-instance\",\n KeyRing = keyRing.Id,\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var cryptoKeyMember = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key_member\", new()\n {\n CryptoKeyId = cryptoKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-datafusion.iam.gserviceaccount.com\",\n });\n\n var cmek = new Gcp.DataFusion.Instance(\"cmek\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n CryptoKeyConfig = new Gcp.DataFusion.Inputs.InstanceCryptoKeyConfigArgs\n {\n KeyReference = cryptoKey.Id,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n cryptoKeyMember,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyRing, err := kms.NewKeyRing(ctx, \"key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKey(ctx, \"crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tKeyRing: keyRing.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKeyMember, err := kms.NewCryptoKeyIAMMember(ctx, \"crypto_key_member\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: cryptoKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-datafusion.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datafusion.NewInstance(ctx, \"cmek\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t\tCryptoKeyConfig: \u0026datafusion.InstanceCryptoKeyConfigArgs{\n\t\t\t\tKeyReference: cryptoKey.ID(),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcryptoKeyMember,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceCryptoKeyConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRing(\"keyRing\", KeyRingArgs.builder()\n .name(\"my-instance\")\n .location(\"us-central1\")\n .build());\n\n var cryptoKey = new CryptoKey(\"cryptoKey\", CryptoKeyArgs.builder()\n .name(\"my-instance\")\n .keyRing(keyRing.id())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var cryptoKeyMember = new CryptoKeyIAMMember(\"cryptoKeyMember\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(cryptoKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-datafusion.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var cmek = new Instance(\"cmek\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .cryptoKeyConfig(InstanceCryptoKeyConfigArgs.builder()\n .keyReference(cryptoKey.id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(cryptoKeyMember)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cmek:\n type: gcp:datafusion:Instance\n properties:\n name: my-instance\n region: us-central1\n type: BASIC\n cryptoKeyConfig:\n keyReference: ${cryptoKey.id}\n options:\n dependsOn:\n - ${cryptoKeyMember}\n cryptoKey:\n type: gcp:kms:CryptoKey\n name: crypto_key\n properties:\n name: my-instance\n keyRing: ${keyRing.id}\n keyRing:\n type: gcp:kms:KeyRing\n name: key_ring\n properties:\n name: my-instance\n location: us-central1\n cryptoKeyMember:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key_member\n properties:\n cryptoKeyId: ${cryptoKey.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:service-${project.number}@gcp-sa-datafusion.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Enterprise\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst enterpriseInstance = new gcp.datafusion.Instance(\"enterprise_instance\", {\n name: \"my-instance\",\n region: \"us-central1\",\n type: \"ENTERPRISE\",\n enableRbac: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nenterprise_instance = gcp.datafusion.Instance(\"enterprise_instance\",\n name=\"my-instance\",\n region=\"us-central1\",\n type=\"ENTERPRISE\",\n enable_rbac=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var enterpriseInstance = new Gcp.DataFusion.Instance(\"enterprise_instance\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Type = \"ENTERPRISE\",\n EnableRbac = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datafusion.NewInstance(ctx, \"enterprise_instance\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"ENTERPRISE\"),\n\t\t\tEnableRbac: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var enterpriseInstance = new Instance(\"enterpriseInstance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .type(\"ENTERPRISE\")\n .enableRbac(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n enterpriseInstance:\n type: gcp:datafusion:Instance\n name: enterprise_instance\n properties:\n name: my-instance\n region: us-central1\n type: ENTERPRISE\n enableRbac: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Event\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst eventTopic = new gcp.pubsub.Topic(\"event\", {name: \"my-instance\"});\nconst event = new gcp.datafusion.Instance(\"event\", {\n name: \"my-instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n eventPublishConfig: {\n enabled: true,\n topic: eventTopic.id,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nevent_topic = gcp.pubsub.Topic(\"event\", name=\"my-instance\")\nevent = gcp.datafusion.Instance(\"event\",\n name=\"my-instance\",\n region=\"us-central1\",\n type=\"BASIC\",\n event_publish_config={\n \"enabled\": True,\n \"topic\": event_topic.id,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var eventTopic = new Gcp.PubSub.Topic(\"event\", new()\n {\n Name = \"my-instance\",\n });\n\n var @event = new Gcp.DataFusion.Instance(\"event\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n EventPublishConfig = new Gcp.DataFusion.Inputs.InstanceEventPublishConfigArgs\n {\n Enabled = true,\n Topic = eventTopic.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\teventTopic, err := pubsub.NewTopic(ctx, \"event\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datafusion.NewInstance(ctx, \"event\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t\tEventPublishConfig: \u0026datafusion.InstanceEventPublishConfigArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tTopic: eventTopic.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceEventPublishConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var eventTopic = new Topic(\"eventTopic\", TopicArgs.builder()\n .name(\"my-instance\")\n .build());\n\n var event = new Instance(\"event\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .eventPublishConfig(InstanceEventPublishConfigArgs.builder()\n .enabled(true)\n .topic(eventTopic.id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n event:\n type: gcp:datafusion:Instance\n properties:\n name: my-instance\n region: us-central1\n type: BASIC\n eventPublishConfig:\n enabled: true\n topic: ${eventTopic.id}\n eventTopic:\n type: gcp:pubsub:Topic\n name: event\n properties:\n name: my-instance\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Zone\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst zone = new gcp.datafusion.Instance(\"zone\", {\n name: \"my-instance\",\n region: \"us-central1\",\n zone: \"us-central1-a\",\n type: \"DEVELOPER\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nzone = gcp.datafusion.Instance(\"zone\",\n name=\"my-instance\",\n region=\"us-central1\",\n zone=\"us-central1-a\",\n type=\"DEVELOPER\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var zone = new Gcp.DataFusion.Instance(\"zone\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Zone = \"us-central1-a\",\n Type = \"DEVELOPER\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datafusion.NewInstance(ctx, \"zone\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tType: pulumi.String(\"DEVELOPER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var zone = new Instance(\"zone\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .zone(\"us-central1-a\")\n .type(\"DEVELOPER\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n zone:\n type: gcp:datafusion:Instance\n properties:\n name: my-instance\n region: us-central1\n zone: us-central1-a\n type: DEVELOPER\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInstance can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/instances/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Instance can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:securitycenter/instanceIamBinding:InstanceIamBinding default projects/{{project}}/locations/{{region}}/instances/{{name}}\n```\n\n```sh\n$ pulumi import gcp:securitycenter/instanceIamBinding:InstanceIamBinding default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:securitycenter/instanceIamBinding:InstanceIamBinding default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:securitycenter/instanceIamBinding:InstanceIamBinding default {{name}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:securitycenter/InstanceIamBindingCondition:InstanceIamBindingCondition" @@ -259041,7 +259041,7 @@ } }, "gcp:securitycenter/instanceIamMember:InstanceIamMember": { - "description": "Represents a Data Fusion instance.\n\n\nTo get more information about Instance, see:\n\n* [API documentation](https://cloud.google.com/data-fusion/docs/reference/rest/v1beta1/projects.locations.instances)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/data-fusion/docs/)\n\n## Example Usage\n\n### Data Fusion Instance Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basicInstance = new gcp.datafusion.Instance(\"basic_instance\", {\n name: \"my-instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic_instance = gcp.datafusion.Instance(\"basic_instance\",\n name=\"my-instance\",\n region=\"us-central1\",\n type=\"BASIC\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basicInstance = new Gcp.DataFusion.Instance(\"basic_instance\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datafusion.NewInstance(ctx, \"basic_instance\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basicInstance = new Instance(\"basicInstance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basicInstance:\n type: gcp:datafusion:Instance\n name: basic_instance\n properties:\n name: my-instance\n region: us-central1\n type: BASIC\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.appengine.getDefaultServiceAccount({});\nconst network = new gcp.compute.Network(\"network\", {name: \"datafusion-full-network\"});\nconst privateIpAlloc = new gcp.compute.GlobalAddress(\"private_ip_alloc\", {\n name: \"datafusion-ip-alloc\",\n addressType: \"INTERNAL\",\n purpose: \"VPC_PEERING\",\n prefixLength: 22,\n network: network.id,\n});\nconst extendedInstance = new gcp.datafusion.Instance(\"extended_instance\", {\n name: \"my-instance\",\n description: \"My Data Fusion instance\",\n displayName: \"My Data Fusion instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n enableStackdriverLogging: true,\n enableStackdriverMonitoring: true,\n privateInstance: true,\n dataprocServiceAccount: _default.then(_default =\u003e _default.email),\n labels: {\n example_key: \"example_value\",\n },\n networkConfig: {\n network: \"default\",\n ipAllocation: pulumi.interpolate`${privateIpAlloc.address}/${privateIpAlloc.prefixLength}`,\n },\n accelerators: [{\n acceleratorType: \"CDC\",\n state: \"ENABLED\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.appengine.get_default_service_account()\nnetwork = gcp.compute.Network(\"network\", name=\"datafusion-full-network\")\nprivate_ip_alloc = gcp.compute.GlobalAddress(\"private_ip_alloc\",\n name=\"datafusion-ip-alloc\",\n address_type=\"INTERNAL\",\n purpose=\"VPC_PEERING\",\n prefix_length=22,\n network=network.id)\nextended_instance = gcp.datafusion.Instance(\"extended_instance\",\n name=\"my-instance\",\n description=\"My Data Fusion instance\",\n display_name=\"My Data Fusion instance\",\n region=\"us-central1\",\n type=\"BASIC\",\n enable_stackdriver_logging=True,\n enable_stackdriver_monitoring=True,\n private_instance=True,\n dataproc_service_account=default.email,\n labels={\n \"example_key\": \"example_value\",\n },\n network_config={\n \"network\": \"default\",\n \"ip_allocation\": pulumi.Output.all(\n address=private_ip_alloc.address,\n prefix_length=private_ip_alloc.prefix_length\n).apply(lambda resolved_outputs: f\"{resolved_outputs['address']}/{resolved_outputs['prefix_length']}\")\n,\n },\n accelerators=[{\n \"accelerator_type\": \"CDC\",\n \"state\": \"ENABLED\",\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.AppEngine.GetDefaultServiceAccount.Invoke();\n\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"datafusion-full-network\",\n });\n\n var privateIpAlloc = new Gcp.Compute.GlobalAddress(\"private_ip_alloc\", new()\n {\n Name = \"datafusion-ip-alloc\",\n AddressType = \"INTERNAL\",\n Purpose = \"VPC_PEERING\",\n PrefixLength = 22,\n Network = network.Id,\n });\n\n var extendedInstance = new Gcp.DataFusion.Instance(\"extended_instance\", new()\n {\n Name = \"my-instance\",\n Description = \"My Data Fusion instance\",\n DisplayName = \"My Data Fusion instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n EnableStackdriverLogging = true,\n EnableStackdriverMonitoring = true,\n PrivateInstance = true,\n DataprocServiceAccount = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Email)),\n Labels = \n {\n { \"example_key\", \"example_value\" },\n },\n NetworkConfig = new Gcp.DataFusion.Inputs.InstanceNetworkConfigArgs\n {\n Network = \"default\",\n IpAllocation = Output.Tuple(privateIpAlloc.Address, privateIpAlloc.PrefixLength).Apply(values =\u003e\n {\n var address = values.Item1;\n var prefixLength = values.Item2;\n return $\"{address}/{prefixLength}\";\n }),\n },\n Accelerators = new[]\n {\n new Gcp.DataFusion.Inputs.InstanceAcceleratorArgs\n {\n AcceleratorType = \"CDC\",\n State = \"ENABLED\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/appengine\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := appengine.GetDefaultServiceAccount(ctx, \u0026appengine.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"datafusion-full-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateIpAlloc, err := compute.NewGlobalAddress(ctx, \"private_ip_alloc\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"datafusion-ip-alloc\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tPrefixLength: pulumi.Int(22),\n\t\t\tNetwork: network.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datafusion.NewInstance(ctx, \"extended_instance\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tDescription: pulumi.String(\"My Data Fusion instance\"),\n\t\t\tDisplayName: pulumi.String(\"My Data Fusion instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t\tEnableStackdriverLogging: pulumi.Bool(true),\n\t\t\tEnableStackdriverMonitoring: pulumi.Bool(true),\n\t\t\tPrivateInstance: pulumi.Bool(true),\n\t\t\tDataprocServiceAccount: pulumi.String(_default.Email),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"example_key\": pulumi.String(\"example_value\"),\n\t\t\t},\n\t\t\tNetworkConfig: \u0026datafusion.InstanceNetworkConfigArgs{\n\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\tIpAllocation: pulumi.All(privateIpAlloc.Address, privateIpAlloc.PrefixLength).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\taddress := _args[0].(string)\n\t\t\t\t\tprefixLength := _args[1].(int)\n\t\t\t\t\treturn fmt.Sprintf(\"%v/%v\", address, prefixLength), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t\tAccelerators: datafusion.InstanceAcceleratorArray{\n\t\t\t\t\u0026datafusion.InstanceAcceleratorArgs{\n\t\t\t\t\tAcceleratorType: pulumi.String(\"CDC\"),\n\t\t\t\t\tState: pulumi.String(\"ENABLED\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.appengine.AppengineFunctions;\nimport com.pulumi.gcp.appengine.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceNetworkConfigArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceAcceleratorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = AppengineFunctions.getDefaultServiceAccount();\n\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"datafusion-full-network\")\n .build());\n\n var privateIpAlloc = new GlobalAddress(\"privateIpAlloc\", GlobalAddressArgs.builder()\n .name(\"datafusion-ip-alloc\")\n .addressType(\"INTERNAL\")\n .purpose(\"VPC_PEERING\")\n .prefixLength(22)\n .network(network.id())\n .build());\n\n var extendedInstance = new Instance(\"extendedInstance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .description(\"My Data Fusion instance\")\n .displayName(\"My Data Fusion instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .enableStackdriverLogging(true)\n .enableStackdriverMonitoring(true)\n .privateInstance(true)\n .dataprocServiceAccount(default_.email())\n .labels(Map.of(\"example_key\", \"example_value\"))\n .networkConfig(InstanceNetworkConfigArgs.builder()\n .network(\"default\")\n .ipAllocation(Output.tuple(privateIpAlloc.address(), privateIpAlloc.prefixLength()).applyValue(values -\u003e {\n var address = values.t1;\n var prefixLength = values.t2;\n return String.format(\"%s/%s\", address,prefixLength);\n }))\n .build())\n .accelerators(InstanceAcceleratorArgs.builder()\n .acceleratorType(\"CDC\")\n .state(\"ENABLED\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n extendedInstance:\n type: gcp:datafusion:Instance\n name: extended_instance\n properties:\n name: my-instance\n description: My Data Fusion instance\n displayName: My Data Fusion instance\n region: us-central1\n type: BASIC\n enableStackdriverLogging: true\n enableStackdriverMonitoring: true\n privateInstance: true\n dataprocServiceAccount: ${default.email}\n labels:\n example_key: example_value\n networkConfig:\n network: default\n ipAllocation: ${privateIpAlloc.address}/${privateIpAlloc.prefixLength}\n accelerators:\n - acceleratorType: CDC\n state: ENABLED\n network:\n type: gcp:compute:Network\n properties:\n name: datafusion-full-network\n privateIpAlloc:\n type: gcp:compute:GlobalAddress\n name: private_ip_alloc\n properties:\n name: datafusion-ip-alloc\n addressType: INTERNAL\n purpose: VPC_PEERING\n prefixLength: 22\n network: ${network.id}\nvariables:\n default:\n fn::invoke:\n Function: gcp:appengine:getDefaultServiceAccount\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Psc\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst psc = new gcp.compute.Network(\"psc\", {\n name: \"datafusion-psc-network\",\n autoCreateSubnetworks: false,\n});\nconst pscSubnetwork = new gcp.compute.Subnetwork(\"psc\", {\n name: \"datafusion-psc-subnet\",\n region: \"us-central1\",\n network: psc.id,\n ipCidrRange: \"10.0.0.0/16\",\n});\nconst pscNetworkAttachment = new gcp.compute.NetworkAttachment(\"psc\", {\n name: \"datafusion-psc-attachment\",\n region: \"us-central1\",\n connectionPreference: \"ACCEPT_AUTOMATIC\",\n subnetworks: [pscSubnetwork.selfLink],\n});\nconst pscInstance = new gcp.datafusion.Instance(\"psc_instance\", {\n name: \"psc-instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n privateInstance: true,\n networkConfig: {\n connectionType: \"PRIVATE_SERVICE_CONNECT_INTERFACES\",\n privateServiceConnectConfig: {\n networkAttachment: pscNetworkAttachment.id,\n unreachableCidrBlock: \"192.168.0.0/25\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npsc = gcp.compute.Network(\"psc\",\n name=\"datafusion-psc-network\",\n auto_create_subnetworks=False)\npsc_subnetwork = gcp.compute.Subnetwork(\"psc\",\n name=\"datafusion-psc-subnet\",\n region=\"us-central1\",\n network=psc.id,\n ip_cidr_range=\"10.0.0.0/16\")\npsc_network_attachment = gcp.compute.NetworkAttachment(\"psc\",\n name=\"datafusion-psc-attachment\",\n region=\"us-central1\",\n connection_preference=\"ACCEPT_AUTOMATIC\",\n subnetworks=[psc_subnetwork.self_link])\npsc_instance = gcp.datafusion.Instance(\"psc_instance\",\n name=\"psc-instance\",\n region=\"us-central1\",\n type=\"BASIC\",\n private_instance=True,\n network_config={\n \"connection_type\": \"PRIVATE_SERVICE_CONNECT_INTERFACES\",\n \"private_service_connect_config\": {\n \"network_attachment\": psc_network_attachment.id,\n \"unreachable_cidr_block\": \"192.168.0.0/25\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var psc = new Gcp.Compute.Network(\"psc\", new()\n {\n Name = \"datafusion-psc-network\",\n AutoCreateSubnetworks = false,\n });\n\n var pscSubnetwork = new Gcp.Compute.Subnetwork(\"psc\", new()\n {\n Name = \"datafusion-psc-subnet\",\n Region = \"us-central1\",\n Network = psc.Id,\n IpCidrRange = \"10.0.0.0/16\",\n });\n\n var pscNetworkAttachment = new Gcp.Compute.NetworkAttachment(\"psc\", new()\n {\n Name = \"datafusion-psc-attachment\",\n Region = \"us-central1\",\n ConnectionPreference = \"ACCEPT_AUTOMATIC\",\n Subnetworks = new[]\n {\n pscSubnetwork.SelfLink,\n },\n });\n\n var pscInstance = new Gcp.DataFusion.Instance(\"psc_instance\", new()\n {\n Name = \"psc-instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n PrivateInstance = true,\n NetworkConfig = new Gcp.DataFusion.Inputs.InstanceNetworkConfigArgs\n {\n ConnectionType = \"PRIVATE_SERVICE_CONNECT_INTERFACES\",\n PrivateServiceConnectConfig = new Gcp.DataFusion.Inputs.InstanceNetworkConfigPrivateServiceConnectConfigArgs\n {\n NetworkAttachment = pscNetworkAttachment.Id,\n UnreachableCidrBlock = \"192.168.0.0/25\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpsc, err := compute.NewNetwork(ctx, \"psc\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"datafusion-psc-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscSubnetwork, err := compute.NewSubnetwork(ctx, \"psc\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"datafusion-psc-subnet\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: psc.ID(),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscNetworkAttachment, err := compute.NewNetworkAttachment(ctx, \"psc\", \u0026compute.NetworkAttachmentArgs{\n\t\t\tName: pulumi.String(\"datafusion-psc-attachment\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tConnectionPreference: pulumi.String(\"ACCEPT_AUTOMATIC\"),\n\t\t\tSubnetworks: pulumi.StringArray{\n\t\t\t\tpscSubnetwork.SelfLink,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datafusion.NewInstance(ctx, \"psc_instance\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"psc-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t\tPrivateInstance: pulumi.Bool(true),\n\t\t\tNetworkConfig: \u0026datafusion.InstanceNetworkConfigArgs{\n\t\t\t\tConnectionType: pulumi.String(\"PRIVATE_SERVICE_CONNECT_INTERFACES\"),\n\t\t\t\tPrivateServiceConnectConfig: \u0026datafusion.InstanceNetworkConfigPrivateServiceConnectConfigArgs{\n\t\t\t\t\tNetworkAttachment: pscNetworkAttachment.ID(),\n\t\t\t\t\tUnreachableCidrBlock: pulumi.String(\"192.168.0.0/25\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.NetworkAttachment;\nimport com.pulumi.gcp.compute.NetworkAttachmentArgs;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceNetworkConfigArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceNetworkConfigPrivateServiceConnectConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var psc = new Network(\"psc\", NetworkArgs.builder()\n .name(\"datafusion-psc-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var pscSubnetwork = new Subnetwork(\"pscSubnetwork\", SubnetworkArgs.builder()\n .name(\"datafusion-psc-subnet\")\n .region(\"us-central1\")\n .network(psc.id())\n .ipCidrRange(\"10.0.0.0/16\")\n .build());\n\n var pscNetworkAttachment = new NetworkAttachment(\"pscNetworkAttachment\", NetworkAttachmentArgs.builder()\n .name(\"datafusion-psc-attachment\")\n .region(\"us-central1\")\n .connectionPreference(\"ACCEPT_AUTOMATIC\")\n .subnetworks(pscSubnetwork.selfLink())\n .build());\n\n var pscInstance = new Instance(\"pscInstance\", InstanceArgs.builder()\n .name(\"psc-instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .privateInstance(true)\n .networkConfig(InstanceNetworkConfigArgs.builder()\n .connectionType(\"PRIVATE_SERVICE_CONNECT_INTERFACES\")\n .privateServiceConnectConfig(InstanceNetworkConfigPrivateServiceConnectConfigArgs.builder()\n .networkAttachment(pscNetworkAttachment.id())\n .unreachableCidrBlock(\"192.168.0.0/25\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pscInstance:\n type: gcp:datafusion:Instance\n name: psc_instance\n properties:\n name: psc-instance\n region: us-central1\n type: BASIC\n privateInstance: true\n networkConfig:\n connectionType: PRIVATE_SERVICE_CONNECT_INTERFACES\n privateServiceConnectConfig:\n networkAttachment: ${pscNetworkAttachment.id}\n unreachableCidrBlock: 192.168.0.0/25\n psc:\n type: gcp:compute:Network\n properties:\n name: datafusion-psc-network\n autoCreateSubnetworks: false\n pscSubnetwork:\n type: gcp:compute:Subnetwork\n name: psc\n properties:\n name: datafusion-psc-subnet\n region: us-central1\n network: ${psc.id}\n ipCidrRange: 10.0.0.0/16\n pscNetworkAttachment:\n type: gcp:compute:NetworkAttachment\n name: psc\n properties:\n name: datafusion-psc-attachment\n region: us-central1\n connectionPreference: ACCEPT_AUTOMATIC\n subnetworks:\n - ${pscSubnetwork.selfLink}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Cmek\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRing(\"key_ring\", {\n name: \"my-instance\",\n location: \"us-central1\",\n});\nconst cryptoKey = new gcp.kms.CryptoKey(\"crypto_key\", {\n name: \"my-instance\",\n keyRing: keyRing.id,\n});\nconst project = gcp.organizations.getProject({});\nconst cryptoKeyMember = new gcp.kms.CryptoKeyIAMMember(\"crypto_key_member\", {\n cryptoKeyId: cryptoKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-datafusion.iam.gserviceaccount.com`),\n});\nconst cmek = new gcp.datafusion.Instance(\"cmek\", {\n name: \"my-instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n cryptoKeyConfig: {\n keyReference: cryptoKey.id,\n },\n}, {\n dependsOn: [cryptoKeyMember],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRing(\"key_ring\",\n name=\"my-instance\",\n location=\"us-central1\")\ncrypto_key = gcp.kms.CryptoKey(\"crypto_key\",\n name=\"my-instance\",\n key_ring=key_ring.id)\nproject = gcp.organizations.get_project()\ncrypto_key_member = gcp.kms.CryptoKeyIAMMember(\"crypto_key_member\",\n crypto_key_id=crypto_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-datafusion.iam.gserviceaccount.com\")\ncmek = gcp.datafusion.Instance(\"cmek\",\n name=\"my-instance\",\n region=\"us-central1\",\n type=\"BASIC\",\n crypto_key_config={\n \"key_reference\": crypto_key.id,\n },\n opts = pulumi.ResourceOptions(depends_on=[crypto_key_member]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRing(\"key_ring\", new()\n {\n Name = \"my-instance\",\n Location = \"us-central1\",\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKey(\"crypto_key\", new()\n {\n Name = \"my-instance\",\n KeyRing = keyRing.Id,\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var cryptoKeyMember = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key_member\", new()\n {\n CryptoKeyId = cryptoKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-datafusion.iam.gserviceaccount.com\",\n });\n\n var cmek = new Gcp.DataFusion.Instance(\"cmek\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n CryptoKeyConfig = new Gcp.DataFusion.Inputs.InstanceCryptoKeyConfigArgs\n {\n KeyReference = cryptoKey.Id,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n cryptoKeyMember,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyRing, err := kms.NewKeyRing(ctx, \"key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKey(ctx, \"crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tKeyRing: keyRing.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKeyMember, err := kms.NewCryptoKeyIAMMember(ctx, \"crypto_key_member\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: cryptoKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-datafusion.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datafusion.NewInstance(ctx, \"cmek\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t\tCryptoKeyConfig: \u0026datafusion.InstanceCryptoKeyConfigArgs{\n\t\t\t\tKeyReference: cryptoKey.ID(),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcryptoKeyMember,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceCryptoKeyConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRing(\"keyRing\", KeyRingArgs.builder()\n .name(\"my-instance\")\n .location(\"us-central1\")\n .build());\n\n var cryptoKey = new CryptoKey(\"cryptoKey\", CryptoKeyArgs.builder()\n .name(\"my-instance\")\n .keyRing(keyRing.id())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var cryptoKeyMember = new CryptoKeyIAMMember(\"cryptoKeyMember\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(cryptoKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-datafusion.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var cmek = new Instance(\"cmek\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .cryptoKeyConfig(InstanceCryptoKeyConfigArgs.builder()\n .keyReference(cryptoKey.id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(cryptoKeyMember)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cmek:\n type: gcp:datafusion:Instance\n properties:\n name: my-instance\n region: us-central1\n type: BASIC\n cryptoKeyConfig:\n keyReference: ${cryptoKey.id}\n options:\n dependson:\n - ${cryptoKeyMember}\n cryptoKey:\n type: gcp:kms:CryptoKey\n name: crypto_key\n properties:\n name: my-instance\n keyRing: ${keyRing.id}\n keyRing:\n type: gcp:kms:KeyRing\n name: key_ring\n properties:\n name: my-instance\n location: us-central1\n cryptoKeyMember:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key_member\n properties:\n cryptoKeyId: ${cryptoKey.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:service-${project.number}@gcp-sa-datafusion.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Enterprise\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst enterpriseInstance = new gcp.datafusion.Instance(\"enterprise_instance\", {\n name: \"my-instance\",\n region: \"us-central1\",\n type: \"ENTERPRISE\",\n enableRbac: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nenterprise_instance = gcp.datafusion.Instance(\"enterprise_instance\",\n name=\"my-instance\",\n region=\"us-central1\",\n type=\"ENTERPRISE\",\n enable_rbac=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var enterpriseInstance = new Gcp.DataFusion.Instance(\"enterprise_instance\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Type = \"ENTERPRISE\",\n EnableRbac = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datafusion.NewInstance(ctx, \"enterprise_instance\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"ENTERPRISE\"),\n\t\t\tEnableRbac: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var enterpriseInstance = new Instance(\"enterpriseInstance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .type(\"ENTERPRISE\")\n .enableRbac(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n enterpriseInstance:\n type: gcp:datafusion:Instance\n name: enterprise_instance\n properties:\n name: my-instance\n region: us-central1\n type: ENTERPRISE\n enableRbac: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Event\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst eventTopic = new gcp.pubsub.Topic(\"event\", {name: \"my-instance\"});\nconst event = new gcp.datafusion.Instance(\"event\", {\n name: \"my-instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n eventPublishConfig: {\n enabled: true,\n topic: eventTopic.id,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nevent_topic = gcp.pubsub.Topic(\"event\", name=\"my-instance\")\nevent = gcp.datafusion.Instance(\"event\",\n name=\"my-instance\",\n region=\"us-central1\",\n type=\"BASIC\",\n event_publish_config={\n \"enabled\": True,\n \"topic\": event_topic.id,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var eventTopic = new Gcp.PubSub.Topic(\"event\", new()\n {\n Name = \"my-instance\",\n });\n\n var @event = new Gcp.DataFusion.Instance(\"event\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n EventPublishConfig = new Gcp.DataFusion.Inputs.InstanceEventPublishConfigArgs\n {\n Enabled = true,\n Topic = eventTopic.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\teventTopic, err := pubsub.NewTopic(ctx, \"event\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datafusion.NewInstance(ctx, \"event\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t\tEventPublishConfig: \u0026datafusion.InstanceEventPublishConfigArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tTopic: eventTopic.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceEventPublishConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var eventTopic = new Topic(\"eventTopic\", TopicArgs.builder()\n .name(\"my-instance\")\n .build());\n\n var event = new Instance(\"event\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .eventPublishConfig(InstanceEventPublishConfigArgs.builder()\n .enabled(true)\n .topic(eventTopic.id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n event:\n type: gcp:datafusion:Instance\n properties:\n name: my-instance\n region: us-central1\n type: BASIC\n eventPublishConfig:\n enabled: true\n topic: ${eventTopic.id}\n eventTopic:\n type: gcp:pubsub:Topic\n name: event\n properties:\n name: my-instance\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Zone\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst zone = new gcp.datafusion.Instance(\"zone\", {\n name: \"my-instance\",\n region: \"us-central1\",\n zone: \"us-central1-a\",\n type: \"DEVELOPER\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nzone = gcp.datafusion.Instance(\"zone\",\n name=\"my-instance\",\n region=\"us-central1\",\n zone=\"us-central1-a\",\n type=\"DEVELOPER\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var zone = new Gcp.DataFusion.Instance(\"zone\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Zone = \"us-central1-a\",\n Type = \"DEVELOPER\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datafusion.NewInstance(ctx, \"zone\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tType: pulumi.String(\"DEVELOPER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var zone = new Instance(\"zone\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .zone(\"us-central1-a\")\n .type(\"DEVELOPER\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n zone:\n type: gcp:datafusion:Instance\n properties:\n name: my-instance\n region: us-central1\n zone: us-central1-a\n type: DEVELOPER\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInstance can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/instances/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Instance can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:securitycenter/instanceIamMember:InstanceIamMember default projects/{{project}}/locations/{{region}}/instances/{{name}}\n```\n\n```sh\n$ pulumi import gcp:securitycenter/instanceIamMember:InstanceIamMember default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:securitycenter/instanceIamMember:InstanceIamMember default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:securitycenter/instanceIamMember:InstanceIamMember default {{name}}\n```\n\n", + "description": "Represents a Data Fusion instance.\n\n\nTo get more information about Instance, see:\n\n* [API documentation](https://cloud.google.com/data-fusion/docs/reference/rest/v1beta1/projects.locations.instances)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/data-fusion/docs/)\n\n## Example Usage\n\n### Data Fusion Instance Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basicInstance = new gcp.datafusion.Instance(\"basic_instance\", {\n name: \"my-instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic_instance = gcp.datafusion.Instance(\"basic_instance\",\n name=\"my-instance\",\n region=\"us-central1\",\n type=\"BASIC\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basicInstance = new Gcp.DataFusion.Instance(\"basic_instance\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datafusion.NewInstance(ctx, \"basic_instance\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basicInstance = new Instance(\"basicInstance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basicInstance:\n type: gcp:datafusion:Instance\n name: basic_instance\n properties:\n name: my-instance\n region: us-central1\n type: BASIC\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.appengine.getDefaultServiceAccount({});\nconst network = new gcp.compute.Network(\"network\", {name: \"datafusion-full-network\"});\nconst privateIpAlloc = new gcp.compute.GlobalAddress(\"private_ip_alloc\", {\n name: \"datafusion-ip-alloc\",\n addressType: \"INTERNAL\",\n purpose: \"VPC_PEERING\",\n prefixLength: 22,\n network: network.id,\n});\nconst extendedInstance = new gcp.datafusion.Instance(\"extended_instance\", {\n name: \"my-instance\",\n description: \"My Data Fusion instance\",\n displayName: \"My Data Fusion instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n enableStackdriverLogging: true,\n enableStackdriverMonitoring: true,\n privateInstance: true,\n dataprocServiceAccount: _default.then(_default =\u003e _default.email),\n labels: {\n example_key: \"example_value\",\n },\n networkConfig: {\n network: \"default\",\n ipAllocation: pulumi.interpolate`${privateIpAlloc.address}/${privateIpAlloc.prefixLength}`,\n },\n accelerators: [{\n acceleratorType: \"CDC\",\n state: \"ENABLED\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.appengine.get_default_service_account()\nnetwork = gcp.compute.Network(\"network\", name=\"datafusion-full-network\")\nprivate_ip_alloc = gcp.compute.GlobalAddress(\"private_ip_alloc\",\n name=\"datafusion-ip-alloc\",\n address_type=\"INTERNAL\",\n purpose=\"VPC_PEERING\",\n prefix_length=22,\n network=network.id)\nextended_instance = gcp.datafusion.Instance(\"extended_instance\",\n name=\"my-instance\",\n description=\"My Data Fusion instance\",\n display_name=\"My Data Fusion instance\",\n region=\"us-central1\",\n type=\"BASIC\",\n enable_stackdriver_logging=True,\n enable_stackdriver_monitoring=True,\n private_instance=True,\n dataproc_service_account=default.email,\n labels={\n \"example_key\": \"example_value\",\n },\n network_config={\n \"network\": \"default\",\n \"ip_allocation\": pulumi.Output.all(\n address=private_ip_alloc.address,\n prefix_length=private_ip_alloc.prefix_length\n).apply(lambda resolved_outputs: f\"{resolved_outputs['address']}/{resolved_outputs['prefix_length']}\")\n,\n },\n accelerators=[{\n \"accelerator_type\": \"CDC\",\n \"state\": \"ENABLED\",\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.AppEngine.GetDefaultServiceAccount.Invoke();\n\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"datafusion-full-network\",\n });\n\n var privateIpAlloc = new Gcp.Compute.GlobalAddress(\"private_ip_alloc\", new()\n {\n Name = \"datafusion-ip-alloc\",\n AddressType = \"INTERNAL\",\n Purpose = \"VPC_PEERING\",\n PrefixLength = 22,\n Network = network.Id,\n });\n\n var extendedInstance = new Gcp.DataFusion.Instance(\"extended_instance\", new()\n {\n Name = \"my-instance\",\n Description = \"My Data Fusion instance\",\n DisplayName = \"My Data Fusion instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n EnableStackdriverLogging = true,\n EnableStackdriverMonitoring = true,\n PrivateInstance = true,\n DataprocServiceAccount = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Email)),\n Labels = \n {\n { \"example_key\", \"example_value\" },\n },\n NetworkConfig = new Gcp.DataFusion.Inputs.InstanceNetworkConfigArgs\n {\n Network = \"default\",\n IpAllocation = Output.Tuple(privateIpAlloc.Address, privateIpAlloc.PrefixLength).Apply(values =\u003e\n {\n var address = values.Item1;\n var prefixLength = values.Item2;\n return $\"{address}/{prefixLength}\";\n }),\n },\n Accelerators = new[]\n {\n new Gcp.DataFusion.Inputs.InstanceAcceleratorArgs\n {\n AcceleratorType = \"CDC\",\n State = \"ENABLED\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/appengine\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := appengine.GetDefaultServiceAccount(ctx, \u0026appengine.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"datafusion-full-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateIpAlloc, err := compute.NewGlobalAddress(ctx, \"private_ip_alloc\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"datafusion-ip-alloc\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tPrefixLength: pulumi.Int(22),\n\t\t\tNetwork: network.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datafusion.NewInstance(ctx, \"extended_instance\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tDescription: pulumi.String(\"My Data Fusion instance\"),\n\t\t\tDisplayName: pulumi.String(\"My Data Fusion instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t\tEnableStackdriverLogging: pulumi.Bool(true),\n\t\t\tEnableStackdriverMonitoring: pulumi.Bool(true),\n\t\t\tPrivateInstance: pulumi.Bool(true),\n\t\t\tDataprocServiceAccount: pulumi.String(_default.Email),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"example_key\": pulumi.String(\"example_value\"),\n\t\t\t},\n\t\t\tNetworkConfig: \u0026datafusion.InstanceNetworkConfigArgs{\n\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\tIpAllocation: pulumi.All(privateIpAlloc.Address, privateIpAlloc.PrefixLength).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\taddress := _args[0].(string)\n\t\t\t\t\tprefixLength := _args[1].(int)\n\t\t\t\t\treturn fmt.Sprintf(\"%v/%v\", address, prefixLength), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t\tAccelerators: datafusion.InstanceAcceleratorArray{\n\t\t\t\t\u0026datafusion.InstanceAcceleratorArgs{\n\t\t\t\t\tAcceleratorType: pulumi.String(\"CDC\"),\n\t\t\t\t\tState: pulumi.String(\"ENABLED\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.appengine.AppengineFunctions;\nimport com.pulumi.gcp.appengine.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceNetworkConfigArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceAcceleratorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = AppengineFunctions.getDefaultServiceAccount();\n\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"datafusion-full-network\")\n .build());\n\n var privateIpAlloc = new GlobalAddress(\"privateIpAlloc\", GlobalAddressArgs.builder()\n .name(\"datafusion-ip-alloc\")\n .addressType(\"INTERNAL\")\n .purpose(\"VPC_PEERING\")\n .prefixLength(22)\n .network(network.id())\n .build());\n\n var extendedInstance = new Instance(\"extendedInstance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .description(\"My Data Fusion instance\")\n .displayName(\"My Data Fusion instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .enableStackdriverLogging(true)\n .enableStackdriverMonitoring(true)\n .privateInstance(true)\n .dataprocServiceAccount(default_.email())\n .labels(Map.of(\"example_key\", \"example_value\"))\n .networkConfig(InstanceNetworkConfigArgs.builder()\n .network(\"default\")\n .ipAllocation(Output.tuple(privateIpAlloc.address(), privateIpAlloc.prefixLength()).applyValue(values -\u003e {\n var address = values.t1;\n var prefixLength = values.t2;\n return String.format(\"%s/%s\", address,prefixLength);\n }))\n .build())\n .accelerators(InstanceAcceleratorArgs.builder()\n .acceleratorType(\"CDC\")\n .state(\"ENABLED\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n extendedInstance:\n type: gcp:datafusion:Instance\n name: extended_instance\n properties:\n name: my-instance\n description: My Data Fusion instance\n displayName: My Data Fusion instance\n region: us-central1\n type: BASIC\n enableStackdriverLogging: true\n enableStackdriverMonitoring: true\n privateInstance: true\n dataprocServiceAccount: ${default.email}\n labels:\n example_key: example_value\n networkConfig:\n network: default\n ipAllocation: ${privateIpAlloc.address}/${privateIpAlloc.prefixLength}\n accelerators:\n - acceleratorType: CDC\n state: ENABLED\n network:\n type: gcp:compute:Network\n properties:\n name: datafusion-full-network\n privateIpAlloc:\n type: gcp:compute:GlobalAddress\n name: private_ip_alloc\n properties:\n name: datafusion-ip-alloc\n addressType: INTERNAL\n purpose: VPC_PEERING\n prefixLength: 22\n network: ${network.id}\nvariables:\n default:\n fn::invoke:\n function: gcp:appengine:getDefaultServiceAccount\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Psc\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst psc = new gcp.compute.Network(\"psc\", {\n name: \"datafusion-psc-network\",\n autoCreateSubnetworks: false,\n});\nconst pscSubnetwork = new gcp.compute.Subnetwork(\"psc\", {\n name: \"datafusion-psc-subnet\",\n region: \"us-central1\",\n network: psc.id,\n ipCidrRange: \"10.0.0.0/16\",\n});\nconst pscNetworkAttachment = new gcp.compute.NetworkAttachment(\"psc\", {\n name: \"datafusion-psc-attachment\",\n region: \"us-central1\",\n connectionPreference: \"ACCEPT_AUTOMATIC\",\n subnetworks: [pscSubnetwork.selfLink],\n});\nconst pscInstance = new gcp.datafusion.Instance(\"psc_instance\", {\n name: \"psc-instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n privateInstance: true,\n networkConfig: {\n connectionType: \"PRIVATE_SERVICE_CONNECT_INTERFACES\",\n privateServiceConnectConfig: {\n networkAttachment: pscNetworkAttachment.id,\n unreachableCidrBlock: \"192.168.0.0/25\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npsc = gcp.compute.Network(\"psc\",\n name=\"datafusion-psc-network\",\n auto_create_subnetworks=False)\npsc_subnetwork = gcp.compute.Subnetwork(\"psc\",\n name=\"datafusion-psc-subnet\",\n region=\"us-central1\",\n network=psc.id,\n ip_cidr_range=\"10.0.0.0/16\")\npsc_network_attachment = gcp.compute.NetworkAttachment(\"psc\",\n name=\"datafusion-psc-attachment\",\n region=\"us-central1\",\n connection_preference=\"ACCEPT_AUTOMATIC\",\n subnetworks=[psc_subnetwork.self_link])\npsc_instance = gcp.datafusion.Instance(\"psc_instance\",\n name=\"psc-instance\",\n region=\"us-central1\",\n type=\"BASIC\",\n private_instance=True,\n network_config={\n \"connection_type\": \"PRIVATE_SERVICE_CONNECT_INTERFACES\",\n \"private_service_connect_config\": {\n \"network_attachment\": psc_network_attachment.id,\n \"unreachable_cidr_block\": \"192.168.0.0/25\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var psc = new Gcp.Compute.Network(\"psc\", new()\n {\n Name = \"datafusion-psc-network\",\n AutoCreateSubnetworks = false,\n });\n\n var pscSubnetwork = new Gcp.Compute.Subnetwork(\"psc\", new()\n {\n Name = \"datafusion-psc-subnet\",\n Region = \"us-central1\",\n Network = psc.Id,\n IpCidrRange = \"10.0.0.0/16\",\n });\n\n var pscNetworkAttachment = new Gcp.Compute.NetworkAttachment(\"psc\", new()\n {\n Name = \"datafusion-psc-attachment\",\n Region = \"us-central1\",\n ConnectionPreference = \"ACCEPT_AUTOMATIC\",\n Subnetworks = new[]\n {\n pscSubnetwork.SelfLink,\n },\n });\n\n var pscInstance = new Gcp.DataFusion.Instance(\"psc_instance\", new()\n {\n Name = \"psc-instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n PrivateInstance = true,\n NetworkConfig = new Gcp.DataFusion.Inputs.InstanceNetworkConfigArgs\n {\n ConnectionType = \"PRIVATE_SERVICE_CONNECT_INTERFACES\",\n PrivateServiceConnectConfig = new Gcp.DataFusion.Inputs.InstanceNetworkConfigPrivateServiceConnectConfigArgs\n {\n NetworkAttachment = pscNetworkAttachment.Id,\n UnreachableCidrBlock = \"192.168.0.0/25\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpsc, err := compute.NewNetwork(ctx, \"psc\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"datafusion-psc-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscSubnetwork, err := compute.NewSubnetwork(ctx, \"psc\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"datafusion-psc-subnet\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: psc.ID(),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscNetworkAttachment, err := compute.NewNetworkAttachment(ctx, \"psc\", \u0026compute.NetworkAttachmentArgs{\n\t\t\tName: pulumi.String(\"datafusion-psc-attachment\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tConnectionPreference: pulumi.String(\"ACCEPT_AUTOMATIC\"),\n\t\t\tSubnetworks: pulumi.StringArray{\n\t\t\t\tpscSubnetwork.SelfLink,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datafusion.NewInstance(ctx, \"psc_instance\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"psc-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t\tPrivateInstance: pulumi.Bool(true),\n\t\t\tNetworkConfig: \u0026datafusion.InstanceNetworkConfigArgs{\n\t\t\t\tConnectionType: pulumi.String(\"PRIVATE_SERVICE_CONNECT_INTERFACES\"),\n\t\t\t\tPrivateServiceConnectConfig: \u0026datafusion.InstanceNetworkConfigPrivateServiceConnectConfigArgs{\n\t\t\t\t\tNetworkAttachment: pscNetworkAttachment.ID(),\n\t\t\t\t\tUnreachableCidrBlock: pulumi.String(\"192.168.0.0/25\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.NetworkAttachment;\nimport com.pulumi.gcp.compute.NetworkAttachmentArgs;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceNetworkConfigArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceNetworkConfigPrivateServiceConnectConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var psc = new Network(\"psc\", NetworkArgs.builder()\n .name(\"datafusion-psc-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var pscSubnetwork = new Subnetwork(\"pscSubnetwork\", SubnetworkArgs.builder()\n .name(\"datafusion-psc-subnet\")\n .region(\"us-central1\")\n .network(psc.id())\n .ipCidrRange(\"10.0.0.0/16\")\n .build());\n\n var pscNetworkAttachment = new NetworkAttachment(\"pscNetworkAttachment\", NetworkAttachmentArgs.builder()\n .name(\"datafusion-psc-attachment\")\n .region(\"us-central1\")\n .connectionPreference(\"ACCEPT_AUTOMATIC\")\n .subnetworks(pscSubnetwork.selfLink())\n .build());\n\n var pscInstance = new Instance(\"pscInstance\", InstanceArgs.builder()\n .name(\"psc-instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .privateInstance(true)\n .networkConfig(InstanceNetworkConfigArgs.builder()\n .connectionType(\"PRIVATE_SERVICE_CONNECT_INTERFACES\")\n .privateServiceConnectConfig(InstanceNetworkConfigPrivateServiceConnectConfigArgs.builder()\n .networkAttachment(pscNetworkAttachment.id())\n .unreachableCidrBlock(\"192.168.0.0/25\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pscInstance:\n type: gcp:datafusion:Instance\n name: psc_instance\n properties:\n name: psc-instance\n region: us-central1\n type: BASIC\n privateInstance: true\n networkConfig:\n connectionType: PRIVATE_SERVICE_CONNECT_INTERFACES\n privateServiceConnectConfig:\n networkAttachment: ${pscNetworkAttachment.id}\n unreachableCidrBlock: 192.168.0.0/25\n psc:\n type: gcp:compute:Network\n properties:\n name: datafusion-psc-network\n autoCreateSubnetworks: false\n pscSubnetwork:\n type: gcp:compute:Subnetwork\n name: psc\n properties:\n name: datafusion-psc-subnet\n region: us-central1\n network: ${psc.id}\n ipCidrRange: 10.0.0.0/16\n pscNetworkAttachment:\n type: gcp:compute:NetworkAttachment\n name: psc\n properties:\n name: datafusion-psc-attachment\n region: us-central1\n connectionPreference: ACCEPT_AUTOMATIC\n subnetworks:\n - ${pscSubnetwork.selfLink}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Cmek\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRing(\"key_ring\", {\n name: \"my-instance\",\n location: \"us-central1\",\n});\nconst cryptoKey = new gcp.kms.CryptoKey(\"crypto_key\", {\n name: \"my-instance\",\n keyRing: keyRing.id,\n});\nconst project = gcp.organizations.getProject({});\nconst cryptoKeyMember = new gcp.kms.CryptoKeyIAMMember(\"crypto_key_member\", {\n cryptoKeyId: cryptoKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-datafusion.iam.gserviceaccount.com`),\n});\nconst cmek = new gcp.datafusion.Instance(\"cmek\", {\n name: \"my-instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n cryptoKeyConfig: {\n keyReference: cryptoKey.id,\n },\n}, {\n dependsOn: [cryptoKeyMember],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRing(\"key_ring\",\n name=\"my-instance\",\n location=\"us-central1\")\ncrypto_key = gcp.kms.CryptoKey(\"crypto_key\",\n name=\"my-instance\",\n key_ring=key_ring.id)\nproject = gcp.organizations.get_project()\ncrypto_key_member = gcp.kms.CryptoKeyIAMMember(\"crypto_key_member\",\n crypto_key_id=crypto_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-datafusion.iam.gserviceaccount.com\")\ncmek = gcp.datafusion.Instance(\"cmek\",\n name=\"my-instance\",\n region=\"us-central1\",\n type=\"BASIC\",\n crypto_key_config={\n \"key_reference\": crypto_key.id,\n },\n opts = pulumi.ResourceOptions(depends_on=[crypto_key_member]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRing(\"key_ring\", new()\n {\n Name = \"my-instance\",\n Location = \"us-central1\",\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKey(\"crypto_key\", new()\n {\n Name = \"my-instance\",\n KeyRing = keyRing.Id,\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var cryptoKeyMember = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key_member\", new()\n {\n CryptoKeyId = cryptoKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-datafusion.iam.gserviceaccount.com\",\n });\n\n var cmek = new Gcp.DataFusion.Instance(\"cmek\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n CryptoKeyConfig = new Gcp.DataFusion.Inputs.InstanceCryptoKeyConfigArgs\n {\n KeyReference = cryptoKey.Id,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n cryptoKeyMember,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyRing, err := kms.NewKeyRing(ctx, \"key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKey(ctx, \"crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tKeyRing: keyRing.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKeyMember, err := kms.NewCryptoKeyIAMMember(ctx, \"crypto_key_member\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: cryptoKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-datafusion.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datafusion.NewInstance(ctx, \"cmek\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t\tCryptoKeyConfig: \u0026datafusion.InstanceCryptoKeyConfigArgs{\n\t\t\t\tKeyReference: cryptoKey.ID(),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcryptoKeyMember,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceCryptoKeyConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRing(\"keyRing\", KeyRingArgs.builder()\n .name(\"my-instance\")\n .location(\"us-central1\")\n .build());\n\n var cryptoKey = new CryptoKey(\"cryptoKey\", CryptoKeyArgs.builder()\n .name(\"my-instance\")\n .keyRing(keyRing.id())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var cryptoKeyMember = new CryptoKeyIAMMember(\"cryptoKeyMember\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(cryptoKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-datafusion.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var cmek = new Instance(\"cmek\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .cryptoKeyConfig(InstanceCryptoKeyConfigArgs.builder()\n .keyReference(cryptoKey.id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(cryptoKeyMember)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cmek:\n type: gcp:datafusion:Instance\n properties:\n name: my-instance\n region: us-central1\n type: BASIC\n cryptoKeyConfig:\n keyReference: ${cryptoKey.id}\n options:\n dependsOn:\n - ${cryptoKeyMember}\n cryptoKey:\n type: gcp:kms:CryptoKey\n name: crypto_key\n properties:\n name: my-instance\n keyRing: ${keyRing.id}\n keyRing:\n type: gcp:kms:KeyRing\n name: key_ring\n properties:\n name: my-instance\n location: us-central1\n cryptoKeyMember:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key_member\n properties:\n cryptoKeyId: ${cryptoKey.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:service-${project.number}@gcp-sa-datafusion.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Enterprise\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst enterpriseInstance = new gcp.datafusion.Instance(\"enterprise_instance\", {\n name: \"my-instance\",\n region: \"us-central1\",\n type: \"ENTERPRISE\",\n enableRbac: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nenterprise_instance = gcp.datafusion.Instance(\"enterprise_instance\",\n name=\"my-instance\",\n region=\"us-central1\",\n type=\"ENTERPRISE\",\n enable_rbac=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var enterpriseInstance = new Gcp.DataFusion.Instance(\"enterprise_instance\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Type = \"ENTERPRISE\",\n EnableRbac = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datafusion.NewInstance(ctx, \"enterprise_instance\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"ENTERPRISE\"),\n\t\t\tEnableRbac: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var enterpriseInstance = new Instance(\"enterpriseInstance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .type(\"ENTERPRISE\")\n .enableRbac(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n enterpriseInstance:\n type: gcp:datafusion:Instance\n name: enterprise_instance\n properties:\n name: my-instance\n region: us-central1\n type: ENTERPRISE\n enableRbac: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Event\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst eventTopic = new gcp.pubsub.Topic(\"event\", {name: \"my-instance\"});\nconst event = new gcp.datafusion.Instance(\"event\", {\n name: \"my-instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n eventPublishConfig: {\n enabled: true,\n topic: eventTopic.id,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nevent_topic = gcp.pubsub.Topic(\"event\", name=\"my-instance\")\nevent = gcp.datafusion.Instance(\"event\",\n name=\"my-instance\",\n region=\"us-central1\",\n type=\"BASIC\",\n event_publish_config={\n \"enabled\": True,\n \"topic\": event_topic.id,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var eventTopic = new Gcp.PubSub.Topic(\"event\", new()\n {\n Name = \"my-instance\",\n });\n\n var @event = new Gcp.DataFusion.Instance(\"event\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n EventPublishConfig = new Gcp.DataFusion.Inputs.InstanceEventPublishConfigArgs\n {\n Enabled = true,\n Topic = eventTopic.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\teventTopic, err := pubsub.NewTopic(ctx, \"event\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datafusion.NewInstance(ctx, \"event\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t\tEventPublishConfig: \u0026datafusion.InstanceEventPublishConfigArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tTopic: eventTopic.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceEventPublishConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var eventTopic = new Topic(\"eventTopic\", TopicArgs.builder()\n .name(\"my-instance\")\n .build());\n\n var event = new Instance(\"event\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .eventPublishConfig(InstanceEventPublishConfigArgs.builder()\n .enabled(true)\n .topic(eventTopic.id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n event:\n type: gcp:datafusion:Instance\n properties:\n name: my-instance\n region: us-central1\n type: BASIC\n eventPublishConfig:\n enabled: true\n topic: ${eventTopic.id}\n eventTopic:\n type: gcp:pubsub:Topic\n name: event\n properties:\n name: my-instance\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Zone\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst zone = new gcp.datafusion.Instance(\"zone\", {\n name: \"my-instance\",\n region: \"us-central1\",\n zone: \"us-central1-a\",\n type: \"DEVELOPER\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nzone = gcp.datafusion.Instance(\"zone\",\n name=\"my-instance\",\n region=\"us-central1\",\n zone=\"us-central1-a\",\n type=\"DEVELOPER\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var zone = new Gcp.DataFusion.Instance(\"zone\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Zone = \"us-central1-a\",\n Type = \"DEVELOPER\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datafusion.NewInstance(ctx, \"zone\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tType: pulumi.String(\"DEVELOPER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var zone = new Instance(\"zone\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .zone(\"us-central1-a\")\n .type(\"DEVELOPER\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n zone:\n type: gcp:datafusion:Instance\n properties:\n name: my-instance\n region: us-central1\n zone: us-central1-a\n type: DEVELOPER\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInstance can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/instances/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Instance can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:securitycenter/instanceIamMember:InstanceIamMember default projects/{{project}}/locations/{{region}}/instances/{{name}}\n```\n\n```sh\n$ pulumi import gcp:securitycenter/instanceIamMember:InstanceIamMember default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:securitycenter/instanceIamMember:InstanceIamMember default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:securitycenter/instanceIamMember:InstanceIamMember default {{name}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:securitycenter/InstanceIamMemberCondition:InstanceIamMemberCondition" @@ -259147,7 +259147,7 @@ } }, "gcp:securitycenter/instanceIamPolicy:InstanceIamPolicy": { - "description": "Represents a Data Fusion instance.\n\n\nTo get more information about Instance, see:\n\n* [API documentation](https://cloud.google.com/data-fusion/docs/reference/rest/v1beta1/projects.locations.instances)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/data-fusion/docs/)\n\n## Example Usage\n\n### Data Fusion Instance Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basicInstance = new gcp.datafusion.Instance(\"basic_instance\", {\n name: \"my-instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic_instance = gcp.datafusion.Instance(\"basic_instance\",\n name=\"my-instance\",\n region=\"us-central1\",\n type=\"BASIC\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basicInstance = new Gcp.DataFusion.Instance(\"basic_instance\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datafusion.NewInstance(ctx, \"basic_instance\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basicInstance = new Instance(\"basicInstance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basicInstance:\n type: gcp:datafusion:Instance\n name: basic_instance\n properties:\n name: my-instance\n region: us-central1\n type: BASIC\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.appengine.getDefaultServiceAccount({});\nconst network = new gcp.compute.Network(\"network\", {name: \"datafusion-full-network\"});\nconst privateIpAlloc = new gcp.compute.GlobalAddress(\"private_ip_alloc\", {\n name: \"datafusion-ip-alloc\",\n addressType: \"INTERNAL\",\n purpose: \"VPC_PEERING\",\n prefixLength: 22,\n network: network.id,\n});\nconst extendedInstance = new gcp.datafusion.Instance(\"extended_instance\", {\n name: \"my-instance\",\n description: \"My Data Fusion instance\",\n displayName: \"My Data Fusion instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n enableStackdriverLogging: true,\n enableStackdriverMonitoring: true,\n privateInstance: true,\n dataprocServiceAccount: _default.then(_default =\u003e _default.email),\n labels: {\n example_key: \"example_value\",\n },\n networkConfig: {\n network: \"default\",\n ipAllocation: pulumi.interpolate`${privateIpAlloc.address}/${privateIpAlloc.prefixLength}`,\n },\n accelerators: [{\n acceleratorType: \"CDC\",\n state: \"ENABLED\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.appengine.get_default_service_account()\nnetwork = gcp.compute.Network(\"network\", name=\"datafusion-full-network\")\nprivate_ip_alloc = gcp.compute.GlobalAddress(\"private_ip_alloc\",\n name=\"datafusion-ip-alloc\",\n address_type=\"INTERNAL\",\n purpose=\"VPC_PEERING\",\n prefix_length=22,\n network=network.id)\nextended_instance = gcp.datafusion.Instance(\"extended_instance\",\n name=\"my-instance\",\n description=\"My Data Fusion instance\",\n display_name=\"My Data Fusion instance\",\n region=\"us-central1\",\n type=\"BASIC\",\n enable_stackdriver_logging=True,\n enable_stackdriver_monitoring=True,\n private_instance=True,\n dataproc_service_account=default.email,\n labels={\n \"example_key\": \"example_value\",\n },\n network_config={\n \"network\": \"default\",\n \"ip_allocation\": pulumi.Output.all(\n address=private_ip_alloc.address,\n prefix_length=private_ip_alloc.prefix_length\n).apply(lambda resolved_outputs: f\"{resolved_outputs['address']}/{resolved_outputs['prefix_length']}\")\n,\n },\n accelerators=[{\n \"accelerator_type\": \"CDC\",\n \"state\": \"ENABLED\",\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.AppEngine.GetDefaultServiceAccount.Invoke();\n\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"datafusion-full-network\",\n });\n\n var privateIpAlloc = new Gcp.Compute.GlobalAddress(\"private_ip_alloc\", new()\n {\n Name = \"datafusion-ip-alloc\",\n AddressType = \"INTERNAL\",\n Purpose = \"VPC_PEERING\",\n PrefixLength = 22,\n Network = network.Id,\n });\n\n var extendedInstance = new Gcp.DataFusion.Instance(\"extended_instance\", new()\n {\n Name = \"my-instance\",\n Description = \"My Data Fusion instance\",\n DisplayName = \"My Data Fusion instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n EnableStackdriverLogging = true,\n EnableStackdriverMonitoring = true,\n PrivateInstance = true,\n DataprocServiceAccount = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Email)),\n Labels = \n {\n { \"example_key\", \"example_value\" },\n },\n NetworkConfig = new Gcp.DataFusion.Inputs.InstanceNetworkConfigArgs\n {\n Network = \"default\",\n IpAllocation = Output.Tuple(privateIpAlloc.Address, privateIpAlloc.PrefixLength).Apply(values =\u003e\n {\n var address = values.Item1;\n var prefixLength = values.Item2;\n return $\"{address}/{prefixLength}\";\n }),\n },\n Accelerators = new[]\n {\n new Gcp.DataFusion.Inputs.InstanceAcceleratorArgs\n {\n AcceleratorType = \"CDC\",\n State = \"ENABLED\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/appengine\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := appengine.GetDefaultServiceAccount(ctx, \u0026appengine.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"datafusion-full-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateIpAlloc, err := compute.NewGlobalAddress(ctx, \"private_ip_alloc\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"datafusion-ip-alloc\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tPrefixLength: pulumi.Int(22),\n\t\t\tNetwork: network.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datafusion.NewInstance(ctx, \"extended_instance\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tDescription: pulumi.String(\"My Data Fusion instance\"),\n\t\t\tDisplayName: pulumi.String(\"My Data Fusion instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t\tEnableStackdriverLogging: pulumi.Bool(true),\n\t\t\tEnableStackdriverMonitoring: pulumi.Bool(true),\n\t\t\tPrivateInstance: pulumi.Bool(true),\n\t\t\tDataprocServiceAccount: pulumi.String(_default.Email),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"example_key\": pulumi.String(\"example_value\"),\n\t\t\t},\n\t\t\tNetworkConfig: \u0026datafusion.InstanceNetworkConfigArgs{\n\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\tIpAllocation: pulumi.All(privateIpAlloc.Address, privateIpAlloc.PrefixLength).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\taddress := _args[0].(string)\n\t\t\t\t\tprefixLength := _args[1].(int)\n\t\t\t\t\treturn fmt.Sprintf(\"%v/%v\", address, prefixLength), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t\tAccelerators: datafusion.InstanceAcceleratorArray{\n\t\t\t\t\u0026datafusion.InstanceAcceleratorArgs{\n\t\t\t\t\tAcceleratorType: pulumi.String(\"CDC\"),\n\t\t\t\t\tState: pulumi.String(\"ENABLED\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.appengine.AppengineFunctions;\nimport com.pulumi.gcp.appengine.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceNetworkConfigArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceAcceleratorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = AppengineFunctions.getDefaultServiceAccount();\n\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"datafusion-full-network\")\n .build());\n\n var privateIpAlloc = new GlobalAddress(\"privateIpAlloc\", GlobalAddressArgs.builder()\n .name(\"datafusion-ip-alloc\")\n .addressType(\"INTERNAL\")\n .purpose(\"VPC_PEERING\")\n .prefixLength(22)\n .network(network.id())\n .build());\n\n var extendedInstance = new Instance(\"extendedInstance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .description(\"My Data Fusion instance\")\n .displayName(\"My Data Fusion instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .enableStackdriverLogging(true)\n .enableStackdriverMonitoring(true)\n .privateInstance(true)\n .dataprocServiceAccount(default_.email())\n .labels(Map.of(\"example_key\", \"example_value\"))\n .networkConfig(InstanceNetworkConfigArgs.builder()\n .network(\"default\")\n .ipAllocation(Output.tuple(privateIpAlloc.address(), privateIpAlloc.prefixLength()).applyValue(values -\u003e {\n var address = values.t1;\n var prefixLength = values.t2;\n return String.format(\"%s/%s\", address,prefixLength);\n }))\n .build())\n .accelerators(InstanceAcceleratorArgs.builder()\n .acceleratorType(\"CDC\")\n .state(\"ENABLED\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n extendedInstance:\n type: gcp:datafusion:Instance\n name: extended_instance\n properties:\n name: my-instance\n description: My Data Fusion instance\n displayName: My Data Fusion instance\n region: us-central1\n type: BASIC\n enableStackdriverLogging: true\n enableStackdriverMonitoring: true\n privateInstance: true\n dataprocServiceAccount: ${default.email}\n labels:\n example_key: example_value\n networkConfig:\n network: default\n ipAllocation: ${privateIpAlloc.address}/${privateIpAlloc.prefixLength}\n accelerators:\n - acceleratorType: CDC\n state: ENABLED\n network:\n type: gcp:compute:Network\n properties:\n name: datafusion-full-network\n privateIpAlloc:\n type: gcp:compute:GlobalAddress\n name: private_ip_alloc\n properties:\n name: datafusion-ip-alloc\n addressType: INTERNAL\n purpose: VPC_PEERING\n prefixLength: 22\n network: ${network.id}\nvariables:\n default:\n fn::invoke:\n Function: gcp:appengine:getDefaultServiceAccount\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Psc\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst psc = new gcp.compute.Network(\"psc\", {\n name: \"datafusion-psc-network\",\n autoCreateSubnetworks: false,\n});\nconst pscSubnetwork = new gcp.compute.Subnetwork(\"psc\", {\n name: \"datafusion-psc-subnet\",\n region: \"us-central1\",\n network: psc.id,\n ipCidrRange: \"10.0.0.0/16\",\n});\nconst pscNetworkAttachment = new gcp.compute.NetworkAttachment(\"psc\", {\n name: \"datafusion-psc-attachment\",\n region: \"us-central1\",\n connectionPreference: \"ACCEPT_AUTOMATIC\",\n subnetworks: [pscSubnetwork.selfLink],\n});\nconst pscInstance = new gcp.datafusion.Instance(\"psc_instance\", {\n name: \"psc-instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n privateInstance: true,\n networkConfig: {\n connectionType: \"PRIVATE_SERVICE_CONNECT_INTERFACES\",\n privateServiceConnectConfig: {\n networkAttachment: pscNetworkAttachment.id,\n unreachableCidrBlock: \"192.168.0.0/25\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npsc = gcp.compute.Network(\"psc\",\n name=\"datafusion-psc-network\",\n auto_create_subnetworks=False)\npsc_subnetwork = gcp.compute.Subnetwork(\"psc\",\n name=\"datafusion-psc-subnet\",\n region=\"us-central1\",\n network=psc.id,\n ip_cidr_range=\"10.0.0.0/16\")\npsc_network_attachment = gcp.compute.NetworkAttachment(\"psc\",\n name=\"datafusion-psc-attachment\",\n region=\"us-central1\",\n connection_preference=\"ACCEPT_AUTOMATIC\",\n subnetworks=[psc_subnetwork.self_link])\npsc_instance = gcp.datafusion.Instance(\"psc_instance\",\n name=\"psc-instance\",\n region=\"us-central1\",\n type=\"BASIC\",\n private_instance=True,\n network_config={\n \"connection_type\": \"PRIVATE_SERVICE_CONNECT_INTERFACES\",\n \"private_service_connect_config\": {\n \"network_attachment\": psc_network_attachment.id,\n \"unreachable_cidr_block\": \"192.168.0.0/25\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var psc = new Gcp.Compute.Network(\"psc\", new()\n {\n Name = \"datafusion-psc-network\",\n AutoCreateSubnetworks = false,\n });\n\n var pscSubnetwork = new Gcp.Compute.Subnetwork(\"psc\", new()\n {\n Name = \"datafusion-psc-subnet\",\n Region = \"us-central1\",\n Network = psc.Id,\n IpCidrRange = \"10.0.0.0/16\",\n });\n\n var pscNetworkAttachment = new Gcp.Compute.NetworkAttachment(\"psc\", new()\n {\n Name = \"datafusion-psc-attachment\",\n Region = \"us-central1\",\n ConnectionPreference = \"ACCEPT_AUTOMATIC\",\n Subnetworks = new[]\n {\n pscSubnetwork.SelfLink,\n },\n });\n\n var pscInstance = new Gcp.DataFusion.Instance(\"psc_instance\", new()\n {\n Name = \"psc-instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n PrivateInstance = true,\n NetworkConfig = new Gcp.DataFusion.Inputs.InstanceNetworkConfigArgs\n {\n ConnectionType = \"PRIVATE_SERVICE_CONNECT_INTERFACES\",\n PrivateServiceConnectConfig = new Gcp.DataFusion.Inputs.InstanceNetworkConfigPrivateServiceConnectConfigArgs\n {\n NetworkAttachment = pscNetworkAttachment.Id,\n UnreachableCidrBlock = \"192.168.0.0/25\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpsc, err := compute.NewNetwork(ctx, \"psc\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"datafusion-psc-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscSubnetwork, err := compute.NewSubnetwork(ctx, \"psc\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"datafusion-psc-subnet\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: psc.ID(),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscNetworkAttachment, err := compute.NewNetworkAttachment(ctx, \"psc\", \u0026compute.NetworkAttachmentArgs{\n\t\t\tName: pulumi.String(\"datafusion-psc-attachment\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tConnectionPreference: pulumi.String(\"ACCEPT_AUTOMATIC\"),\n\t\t\tSubnetworks: pulumi.StringArray{\n\t\t\t\tpscSubnetwork.SelfLink,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datafusion.NewInstance(ctx, \"psc_instance\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"psc-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t\tPrivateInstance: pulumi.Bool(true),\n\t\t\tNetworkConfig: \u0026datafusion.InstanceNetworkConfigArgs{\n\t\t\t\tConnectionType: pulumi.String(\"PRIVATE_SERVICE_CONNECT_INTERFACES\"),\n\t\t\t\tPrivateServiceConnectConfig: \u0026datafusion.InstanceNetworkConfigPrivateServiceConnectConfigArgs{\n\t\t\t\t\tNetworkAttachment: pscNetworkAttachment.ID(),\n\t\t\t\t\tUnreachableCidrBlock: pulumi.String(\"192.168.0.0/25\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.NetworkAttachment;\nimport com.pulumi.gcp.compute.NetworkAttachmentArgs;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceNetworkConfigArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceNetworkConfigPrivateServiceConnectConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var psc = new Network(\"psc\", NetworkArgs.builder()\n .name(\"datafusion-psc-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var pscSubnetwork = new Subnetwork(\"pscSubnetwork\", SubnetworkArgs.builder()\n .name(\"datafusion-psc-subnet\")\n .region(\"us-central1\")\n .network(psc.id())\n .ipCidrRange(\"10.0.0.0/16\")\n .build());\n\n var pscNetworkAttachment = new NetworkAttachment(\"pscNetworkAttachment\", NetworkAttachmentArgs.builder()\n .name(\"datafusion-psc-attachment\")\n .region(\"us-central1\")\n .connectionPreference(\"ACCEPT_AUTOMATIC\")\n .subnetworks(pscSubnetwork.selfLink())\n .build());\n\n var pscInstance = new Instance(\"pscInstance\", InstanceArgs.builder()\n .name(\"psc-instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .privateInstance(true)\n .networkConfig(InstanceNetworkConfigArgs.builder()\n .connectionType(\"PRIVATE_SERVICE_CONNECT_INTERFACES\")\n .privateServiceConnectConfig(InstanceNetworkConfigPrivateServiceConnectConfigArgs.builder()\n .networkAttachment(pscNetworkAttachment.id())\n .unreachableCidrBlock(\"192.168.0.0/25\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pscInstance:\n type: gcp:datafusion:Instance\n name: psc_instance\n properties:\n name: psc-instance\n region: us-central1\n type: BASIC\n privateInstance: true\n networkConfig:\n connectionType: PRIVATE_SERVICE_CONNECT_INTERFACES\n privateServiceConnectConfig:\n networkAttachment: ${pscNetworkAttachment.id}\n unreachableCidrBlock: 192.168.0.0/25\n psc:\n type: gcp:compute:Network\n properties:\n name: datafusion-psc-network\n autoCreateSubnetworks: false\n pscSubnetwork:\n type: gcp:compute:Subnetwork\n name: psc\n properties:\n name: datafusion-psc-subnet\n region: us-central1\n network: ${psc.id}\n ipCidrRange: 10.0.0.0/16\n pscNetworkAttachment:\n type: gcp:compute:NetworkAttachment\n name: psc\n properties:\n name: datafusion-psc-attachment\n region: us-central1\n connectionPreference: ACCEPT_AUTOMATIC\n subnetworks:\n - ${pscSubnetwork.selfLink}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Cmek\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRing(\"key_ring\", {\n name: \"my-instance\",\n location: \"us-central1\",\n});\nconst cryptoKey = new gcp.kms.CryptoKey(\"crypto_key\", {\n name: \"my-instance\",\n keyRing: keyRing.id,\n});\nconst project = gcp.organizations.getProject({});\nconst cryptoKeyMember = new gcp.kms.CryptoKeyIAMMember(\"crypto_key_member\", {\n cryptoKeyId: cryptoKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-datafusion.iam.gserviceaccount.com`),\n});\nconst cmek = new gcp.datafusion.Instance(\"cmek\", {\n name: \"my-instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n cryptoKeyConfig: {\n keyReference: cryptoKey.id,\n },\n}, {\n dependsOn: [cryptoKeyMember],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRing(\"key_ring\",\n name=\"my-instance\",\n location=\"us-central1\")\ncrypto_key = gcp.kms.CryptoKey(\"crypto_key\",\n name=\"my-instance\",\n key_ring=key_ring.id)\nproject = gcp.organizations.get_project()\ncrypto_key_member = gcp.kms.CryptoKeyIAMMember(\"crypto_key_member\",\n crypto_key_id=crypto_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-datafusion.iam.gserviceaccount.com\")\ncmek = gcp.datafusion.Instance(\"cmek\",\n name=\"my-instance\",\n region=\"us-central1\",\n type=\"BASIC\",\n crypto_key_config={\n \"key_reference\": crypto_key.id,\n },\n opts = pulumi.ResourceOptions(depends_on=[crypto_key_member]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRing(\"key_ring\", new()\n {\n Name = \"my-instance\",\n Location = \"us-central1\",\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKey(\"crypto_key\", new()\n {\n Name = \"my-instance\",\n KeyRing = keyRing.Id,\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var cryptoKeyMember = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key_member\", new()\n {\n CryptoKeyId = cryptoKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-datafusion.iam.gserviceaccount.com\",\n });\n\n var cmek = new Gcp.DataFusion.Instance(\"cmek\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n CryptoKeyConfig = new Gcp.DataFusion.Inputs.InstanceCryptoKeyConfigArgs\n {\n KeyReference = cryptoKey.Id,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n cryptoKeyMember,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyRing, err := kms.NewKeyRing(ctx, \"key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKey(ctx, \"crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tKeyRing: keyRing.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKeyMember, err := kms.NewCryptoKeyIAMMember(ctx, \"crypto_key_member\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: cryptoKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-datafusion.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datafusion.NewInstance(ctx, \"cmek\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t\tCryptoKeyConfig: \u0026datafusion.InstanceCryptoKeyConfigArgs{\n\t\t\t\tKeyReference: cryptoKey.ID(),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcryptoKeyMember,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceCryptoKeyConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRing(\"keyRing\", KeyRingArgs.builder()\n .name(\"my-instance\")\n .location(\"us-central1\")\n .build());\n\n var cryptoKey = new CryptoKey(\"cryptoKey\", CryptoKeyArgs.builder()\n .name(\"my-instance\")\n .keyRing(keyRing.id())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var cryptoKeyMember = new CryptoKeyIAMMember(\"cryptoKeyMember\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(cryptoKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-datafusion.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var cmek = new Instance(\"cmek\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .cryptoKeyConfig(InstanceCryptoKeyConfigArgs.builder()\n .keyReference(cryptoKey.id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(cryptoKeyMember)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cmek:\n type: gcp:datafusion:Instance\n properties:\n name: my-instance\n region: us-central1\n type: BASIC\n cryptoKeyConfig:\n keyReference: ${cryptoKey.id}\n options:\n dependson:\n - ${cryptoKeyMember}\n cryptoKey:\n type: gcp:kms:CryptoKey\n name: crypto_key\n properties:\n name: my-instance\n keyRing: ${keyRing.id}\n keyRing:\n type: gcp:kms:KeyRing\n name: key_ring\n properties:\n name: my-instance\n location: us-central1\n cryptoKeyMember:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key_member\n properties:\n cryptoKeyId: ${cryptoKey.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:service-${project.number}@gcp-sa-datafusion.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Enterprise\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst enterpriseInstance = new gcp.datafusion.Instance(\"enterprise_instance\", {\n name: \"my-instance\",\n region: \"us-central1\",\n type: \"ENTERPRISE\",\n enableRbac: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nenterprise_instance = gcp.datafusion.Instance(\"enterprise_instance\",\n name=\"my-instance\",\n region=\"us-central1\",\n type=\"ENTERPRISE\",\n enable_rbac=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var enterpriseInstance = new Gcp.DataFusion.Instance(\"enterprise_instance\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Type = \"ENTERPRISE\",\n EnableRbac = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datafusion.NewInstance(ctx, \"enterprise_instance\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"ENTERPRISE\"),\n\t\t\tEnableRbac: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var enterpriseInstance = new Instance(\"enterpriseInstance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .type(\"ENTERPRISE\")\n .enableRbac(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n enterpriseInstance:\n type: gcp:datafusion:Instance\n name: enterprise_instance\n properties:\n name: my-instance\n region: us-central1\n type: ENTERPRISE\n enableRbac: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Event\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst eventTopic = new gcp.pubsub.Topic(\"event\", {name: \"my-instance\"});\nconst event = new gcp.datafusion.Instance(\"event\", {\n name: \"my-instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n eventPublishConfig: {\n enabled: true,\n topic: eventTopic.id,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nevent_topic = gcp.pubsub.Topic(\"event\", name=\"my-instance\")\nevent = gcp.datafusion.Instance(\"event\",\n name=\"my-instance\",\n region=\"us-central1\",\n type=\"BASIC\",\n event_publish_config={\n \"enabled\": True,\n \"topic\": event_topic.id,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var eventTopic = new Gcp.PubSub.Topic(\"event\", new()\n {\n Name = \"my-instance\",\n });\n\n var @event = new Gcp.DataFusion.Instance(\"event\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n EventPublishConfig = new Gcp.DataFusion.Inputs.InstanceEventPublishConfigArgs\n {\n Enabled = true,\n Topic = eventTopic.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\teventTopic, err := pubsub.NewTopic(ctx, \"event\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datafusion.NewInstance(ctx, \"event\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t\tEventPublishConfig: \u0026datafusion.InstanceEventPublishConfigArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tTopic: eventTopic.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceEventPublishConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var eventTopic = new Topic(\"eventTopic\", TopicArgs.builder()\n .name(\"my-instance\")\n .build());\n\n var event = new Instance(\"event\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .eventPublishConfig(InstanceEventPublishConfigArgs.builder()\n .enabled(true)\n .topic(eventTopic.id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n event:\n type: gcp:datafusion:Instance\n properties:\n name: my-instance\n region: us-central1\n type: BASIC\n eventPublishConfig:\n enabled: true\n topic: ${eventTopic.id}\n eventTopic:\n type: gcp:pubsub:Topic\n name: event\n properties:\n name: my-instance\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Zone\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst zone = new gcp.datafusion.Instance(\"zone\", {\n name: \"my-instance\",\n region: \"us-central1\",\n zone: \"us-central1-a\",\n type: \"DEVELOPER\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nzone = gcp.datafusion.Instance(\"zone\",\n name=\"my-instance\",\n region=\"us-central1\",\n zone=\"us-central1-a\",\n type=\"DEVELOPER\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var zone = new Gcp.DataFusion.Instance(\"zone\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Zone = \"us-central1-a\",\n Type = \"DEVELOPER\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datafusion.NewInstance(ctx, \"zone\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tType: pulumi.String(\"DEVELOPER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var zone = new Instance(\"zone\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .zone(\"us-central1-a\")\n .type(\"DEVELOPER\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n zone:\n type: gcp:datafusion:Instance\n properties:\n name: my-instance\n region: us-central1\n zone: us-central1-a\n type: DEVELOPER\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInstance can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/instances/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Instance can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:securitycenter/instanceIamPolicy:InstanceIamPolicy default projects/{{project}}/locations/{{region}}/instances/{{name}}\n```\n\n```sh\n$ pulumi import gcp:securitycenter/instanceIamPolicy:InstanceIamPolicy default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:securitycenter/instanceIamPolicy:InstanceIamPolicy default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:securitycenter/instanceIamPolicy:InstanceIamPolicy default {{name}}\n```\n\n", + "description": "Represents a Data Fusion instance.\n\n\nTo get more information about Instance, see:\n\n* [API documentation](https://cloud.google.com/data-fusion/docs/reference/rest/v1beta1/projects.locations.instances)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/data-fusion/docs/)\n\n## Example Usage\n\n### Data Fusion Instance Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basicInstance = new gcp.datafusion.Instance(\"basic_instance\", {\n name: \"my-instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic_instance = gcp.datafusion.Instance(\"basic_instance\",\n name=\"my-instance\",\n region=\"us-central1\",\n type=\"BASIC\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basicInstance = new Gcp.DataFusion.Instance(\"basic_instance\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datafusion.NewInstance(ctx, \"basic_instance\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basicInstance = new Instance(\"basicInstance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basicInstance:\n type: gcp:datafusion:Instance\n name: basic_instance\n properties:\n name: my-instance\n region: us-central1\n type: BASIC\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.appengine.getDefaultServiceAccount({});\nconst network = new gcp.compute.Network(\"network\", {name: \"datafusion-full-network\"});\nconst privateIpAlloc = new gcp.compute.GlobalAddress(\"private_ip_alloc\", {\n name: \"datafusion-ip-alloc\",\n addressType: \"INTERNAL\",\n purpose: \"VPC_PEERING\",\n prefixLength: 22,\n network: network.id,\n});\nconst extendedInstance = new gcp.datafusion.Instance(\"extended_instance\", {\n name: \"my-instance\",\n description: \"My Data Fusion instance\",\n displayName: \"My Data Fusion instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n enableStackdriverLogging: true,\n enableStackdriverMonitoring: true,\n privateInstance: true,\n dataprocServiceAccount: _default.then(_default =\u003e _default.email),\n labels: {\n example_key: \"example_value\",\n },\n networkConfig: {\n network: \"default\",\n ipAllocation: pulumi.interpolate`${privateIpAlloc.address}/${privateIpAlloc.prefixLength}`,\n },\n accelerators: [{\n acceleratorType: \"CDC\",\n state: \"ENABLED\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.appengine.get_default_service_account()\nnetwork = gcp.compute.Network(\"network\", name=\"datafusion-full-network\")\nprivate_ip_alloc = gcp.compute.GlobalAddress(\"private_ip_alloc\",\n name=\"datafusion-ip-alloc\",\n address_type=\"INTERNAL\",\n purpose=\"VPC_PEERING\",\n prefix_length=22,\n network=network.id)\nextended_instance = gcp.datafusion.Instance(\"extended_instance\",\n name=\"my-instance\",\n description=\"My Data Fusion instance\",\n display_name=\"My Data Fusion instance\",\n region=\"us-central1\",\n type=\"BASIC\",\n enable_stackdriver_logging=True,\n enable_stackdriver_monitoring=True,\n private_instance=True,\n dataproc_service_account=default.email,\n labels={\n \"example_key\": \"example_value\",\n },\n network_config={\n \"network\": \"default\",\n \"ip_allocation\": pulumi.Output.all(\n address=private_ip_alloc.address,\n prefix_length=private_ip_alloc.prefix_length\n).apply(lambda resolved_outputs: f\"{resolved_outputs['address']}/{resolved_outputs['prefix_length']}\")\n,\n },\n accelerators=[{\n \"accelerator_type\": \"CDC\",\n \"state\": \"ENABLED\",\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.AppEngine.GetDefaultServiceAccount.Invoke();\n\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"datafusion-full-network\",\n });\n\n var privateIpAlloc = new Gcp.Compute.GlobalAddress(\"private_ip_alloc\", new()\n {\n Name = \"datafusion-ip-alloc\",\n AddressType = \"INTERNAL\",\n Purpose = \"VPC_PEERING\",\n PrefixLength = 22,\n Network = network.Id,\n });\n\n var extendedInstance = new Gcp.DataFusion.Instance(\"extended_instance\", new()\n {\n Name = \"my-instance\",\n Description = \"My Data Fusion instance\",\n DisplayName = \"My Data Fusion instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n EnableStackdriverLogging = true,\n EnableStackdriverMonitoring = true,\n PrivateInstance = true,\n DataprocServiceAccount = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Email)),\n Labels = \n {\n { \"example_key\", \"example_value\" },\n },\n NetworkConfig = new Gcp.DataFusion.Inputs.InstanceNetworkConfigArgs\n {\n Network = \"default\",\n IpAllocation = Output.Tuple(privateIpAlloc.Address, privateIpAlloc.PrefixLength).Apply(values =\u003e\n {\n var address = values.Item1;\n var prefixLength = values.Item2;\n return $\"{address}/{prefixLength}\";\n }),\n },\n Accelerators = new[]\n {\n new Gcp.DataFusion.Inputs.InstanceAcceleratorArgs\n {\n AcceleratorType = \"CDC\",\n State = \"ENABLED\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/appengine\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := appengine.GetDefaultServiceAccount(ctx, \u0026appengine.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"datafusion-full-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateIpAlloc, err := compute.NewGlobalAddress(ctx, \"private_ip_alloc\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"datafusion-ip-alloc\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tPrefixLength: pulumi.Int(22),\n\t\t\tNetwork: network.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datafusion.NewInstance(ctx, \"extended_instance\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tDescription: pulumi.String(\"My Data Fusion instance\"),\n\t\t\tDisplayName: pulumi.String(\"My Data Fusion instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t\tEnableStackdriverLogging: pulumi.Bool(true),\n\t\t\tEnableStackdriverMonitoring: pulumi.Bool(true),\n\t\t\tPrivateInstance: pulumi.Bool(true),\n\t\t\tDataprocServiceAccount: pulumi.String(_default.Email),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"example_key\": pulumi.String(\"example_value\"),\n\t\t\t},\n\t\t\tNetworkConfig: \u0026datafusion.InstanceNetworkConfigArgs{\n\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\tIpAllocation: pulumi.All(privateIpAlloc.Address, privateIpAlloc.PrefixLength).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\taddress := _args[0].(string)\n\t\t\t\t\tprefixLength := _args[1].(int)\n\t\t\t\t\treturn fmt.Sprintf(\"%v/%v\", address, prefixLength), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t\tAccelerators: datafusion.InstanceAcceleratorArray{\n\t\t\t\t\u0026datafusion.InstanceAcceleratorArgs{\n\t\t\t\t\tAcceleratorType: pulumi.String(\"CDC\"),\n\t\t\t\t\tState: pulumi.String(\"ENABLED\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.appengine.AppengineFunctions;\nimport com.pulumi.gcp.appengine.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceNetworkConfigArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceAcceleratorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = AppengineFunctions.getDefaultServiceAccount();\n\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"datafusion-full-network\")\n .build());\n\n var privateIpAlloc = new GlobalAddress(\"privateIpAlloc\", GlobalAddressArgs.builder()\n .name(\"datafusion-ip-alloc\")\n .addressType(\"INTERNAL\")\n .purpose(\"VPC_PEERING\")\n .prefixLength(22)\n .network(network.id())\n .build());\n\n var extendedInstance = new Instance(\"extendedInstance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .description(\"My Data Fusion instance\")\n .displayName(\"My Data Fusion instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .enableStackdriverLogging(true)\n .enableStackdriverMonitoring(true)\n .privateInstance(true)\n .dataprocServiceAccount(default_.email())\n .labels(Map.of(\"example_key\", \"example_value\"))\n .networkConfig(InstanceNetworkConfigArgs.builder()\n .network(\"default\")\n .ipAllocation(Output.tuple(privateIpAlloc.address(), privateIpAlloc.prefixLength()).applyValue(values -\u003e {\n var address = values.t1;\n var prefixLength = values.t2;\n return String.format(\"%s/%s\", address,prefixLength);\n }))\n .build())\n .accelerators(InstanceAcceleratorArgs.builder()\n .acceleratorType(\"CDC\")\n .state(\"ENABLED\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n extendedInstance:\n type: gcp:datafusion:Instance\n name: extended_instance\n properties:\n name: my-instance\n description: My Data Fusion instance\n displayName: My Data Fusion instance\n region: us-central1\n type: BASIC\n enableStackdriverLogging: true\n enableStackdriverMonitoring: true\n privateInstance: true\n dataprocServiceAccount: ${default.email}\n labels:\n example_key: example_value\n networkConfig:\n network: default\n ipAllocation: ${privateIpAlloc.address}/${privateIpAlloc.prefixLength}\n accelerators:\n - acceleratorType: CDC\n state: ENABLED\n network:\n type: gcp:compute:Network\n properties:\n name: datafusion-full-network\n privateIpAlloc:\n type: gcp:compute:GlobalAddress\n name: private_ip_alloc\n properties:\n name: datafusion-ip-alloc\n addressType: INTERNAL\n purpose: VPC_PEERING\n prefixLength: 22\n network: ${network.id}\nvariables:\n default:\n fn::invoke:\n function: gcp:appengine:getDefaultServiceAccount\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Psc\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst psc = new gcp.compute.Network(\"psc\", {\n name: \"datafusion-psc-network\",\n autoCreateSubnetworks: false,\n});\nconst pscSubnetwork = new gcp.compute.Subnetwork(\"psc\", {\n name: \"datafusion-psc-subnet\",\n region: \"us-central1\",\n network: psc.id,\n ipCidrRange: \"10.0.0.0/16\",\n});\nconst pscNetworkAttachment = new gcp.compute.NetworkAttachment(\"psc\", {\n name: \"datafusion-psc-attachment\",\n region: \"us-central1\",\n connectionPreference: \"ACCEPT_AUTOMATIC\",\n subnetworks: [pscSubnetwork.selfLink],\n});\nconst pscInstance = new gcp.datafusion.Instance(\"psc_instance\", {\n name: \"psc-instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n privateInstance: true,\n networkConfig: {\n connectionType: \"PRIVATE_SERVICE_CONNECT_INTERFACES\",\n privateServiceConnectConfig: {\n networkAttachment: pscNetworkAttachment.id,\n unreachableCidrBlock: \"192.168.0.0/25\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npsc = gcp.compute.Network(\"psc\",\n name=\"datafusion-psc-network\",\n auto_create_subnetworks=False)\npsc_subnetwork = gcp.compute.Subnetwork(\"psc\",\n name=\"datafusion-psc-subnet\",\n region=\"us-central1\",\n network=psc.id,\n ip_cidr_range=\"10.0.0.0/16\")\npsc_network_attachment = gcp.compute.NetworkAttachment(\"psc\",\n name=\"datafusion-psc-attachment\",\n region=\"us-central1\",\n connection_preference=\"ACCEPT_AUTOMATIC\",\n subnetworks=[psc_subnetwork.self_link])\npsc_instance = gcp.datafusion.Instance(\"psc_instance\",\n name=\"psc-instance\",\n region=\"us-central1\",\n type=\"BASIC\",\n private_instance=True,\n network_config={\n \"connection_type\": \"PRIVATE_SERVICE_CONNECT_INTERFACES\",\n \"private_service_connect_config\": {\n \"network_attachment\": psc_network_attachment.id,\n \"unreachable_cidr_block\": \"192.168.0.0/25\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var psc = new Gcp.Compute.Network(\"psc\", new()\n {\n Name = \"datafusion-psc-network\",\n AutoCreateSubnetworks = false,\n });\n\n var pscSubnetwork = new Gcp.Compute.Subnetwork(\"psc\", new()\n {\n Name = \"datafusion-psc-subnet\",\n Region = \"us-central1\",\n Network = psc.Id,\n IpCidrRange = \"10.0.0.0/16\",\n });\n\n var pscNetworkAttachment = new Gcp.Compute.NetworkAttachment(\"psc\", new()\n {\n Name = \"datafusion-psc-attachment\",\n Region = \"us-central1\",\n ConnectionPreference = \"ACCEPT_AUTOMATIC\",\n Subnetworks = new[]\n {\n pscSubnetwork.SelfLink,\n },\n });\n\n var pscInstance = new Gcp.DataFusion.Instance(\"psc_instance\", new()\n {\n Name = \"psc-instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n PrivateInstance = true,\n NetworkConfig = new Gcp.DataFusion.Inputs.InstanceNetworkConfigArgs\n {\n ConnectionType = \"PRIVATE_SERVICE_CONNECT_INTERFACES\",\n PrivateServiceConnectConfig = new Gcp.DataFusion.Inputs.InstanceNetworkConfigPrivateServiceConnectConfigArgs\n {\n NetworkAttachment = pscNetworkAttachment.Id,\n UnreachableCidrBlock = \"192.168.0.0/25\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpsc, err := compute.NewNetwork(ctx, \"psc\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"datafusion-psc-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscSubnetwork, err := compute.NewSubnetwork(ctx, \"psc\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"datafusion-psc-subnet\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: psc.ID(),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpscNetworkAttachment, err := compute.NewNetworkAttachment(ctx, \"psc\", \u0026compute.NetworkAttachmentArgs{\n\t\t\tName: pulumi.String(\"datafusion-psc-attachment\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tConnectionPreference: pulumi.String(\"ACCEPT_AUTOMATIC\"),\n\t\t\tSubnetworks: pulumi.StringArray{\n\t\t\t\tpscSubnetwork.SelfLink,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datafusion.NewInstance(ctx, \"psc_instance\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"psc-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t\tPrivateInstance: pulumi.Bool(true),\n\t\t\tNetworkConfig: \u0026datafusion.InstanceNetworkConfigArgs{\n\t\t\t\tConnectionType: pulumi.String(\"PRIVATE_SERVICE_CONNECT_INTERFACES\"),\n\t\t\t\tPrivateServiceConnectConfig: \u0026datafusion.InstanceNetworkConfigPrivateServiceConnectConfigArgs{\n\t\t\t\t\tNetworkAttachment: pscNetworkAttachment.ID(),\n\t\t\t\t\tUnreachableCidrBlock: pulumi.String(\"192.168.0.0/25\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.NetworkAttachment;\nimport com.pulumi.gcp.compute.NetworkAttachmentArgs;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceNetworkConfigArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceNetworkConfigPrivateServiceConnectConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var psc = new Network(\"psc\", NetworkArgs.builder()\n .name(\"datafusion-psc-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var pscSubnetwork = new Subnetwork(\"pscSubnetwork\", SubnetworkArgs.builder()\n .name(\"datafusion-psc-subnet\")\n .region(\"us-central1\")\n .network(psc.id())\n .ipCidrRange(\"10.0.0.0/16\")\n .build());\n\n var pscNetworkAttachment = new NetworkAttachment(\"pscNetworkAttachment\", NetworkAttachmentArgs.builder()\n .name(\"datafusion-psc-attachment\")\n .region(\"us-central1\")\n .connectionPreference(\"ACCEPT_AUTOMATIC\")\n .subnetworks(pscSubnetwork.selfLink())\n .build());\n\n var pscInstance = new Instance(\"pscInstance\", InstanceArgs.builder()\n .name(\"psc-instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .privateInstance(true)\n .networkConfig(InstanceNetworkConfigArgs.builder()\n .connectionType(\"PRIVATE_SERVICE_CONNECT_INTERFACES\")\n .privateServiceConnectConfig(InstanceNetworkConfigPrivateServiceConnectConfigArgs.builder()\n .networkAttachment(pscNetworkAttachment.id())\n .unreachableCidrBlock(\"192.168.0.0/25\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pscInstance:\n type: gcp:datafusion:Instance\n name: psc_instance\n properties:\n name: psc-instance\n region: us-central1\n type: BASIC\n privateInstance: true\n networkConfig:\n connectionType: PRIVATE_SERVICE_CONNECT_INTERFACES\n privateServiceConnectConfig:\n networkAttachment: ${pscNetworkAttachment.id}\n unreachableCidrBlock: 192.168.0.0/25\n psc:\n type: gcp:compute:Network\n properties:\n name: datafusion-psc-network\n autoCreateSubnetworks: false\n pscSubnetwork:\n type: gcp:compute:Subnetwork\n name: psc\n properties:\n name: datafusion-psc-subnet\n region: us-central1\n network: ${psc.id}\n ipCidrRange: 10.0.0.0/16\n pscNetworkAttachment:\n type: gcp:compute:NetworkAttachment\n name: psc\n properties:\n name: datafusion-psc-attachment\n region: us-central1\n connectionPreference: ACCEPT_AUTOMATIC\n subnetworks:\n - ${pscSubnetwork.selfLink}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Cmek\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRing(\"key_ring\", {\n name: \"my-instance\",\n location: \"us-central1\",\n});\nconst cryptoKey = new gcp.kms.CryptoKey(\"crypto_key\", {\n name: \"my-instance\",\n keyRing: keyRing.id,\n});\nconst project = gcp.organizations.getProject({});\nconst cryptoKeyMember = new gcp.kms.CryptoKeyIAMMember(\"crypto_key_member\", {\n cryptoKeyId: cryptoKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-datafusion.iam.gserviceaccount.com`),\n});\nconst cmek = new gcp.datafusion.Instance(\"cmek\", {\n name: \"my-instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n cryptoKeyConfig: {\n keyReference: cryptoKey.id,\n },\n}, {\n dependsOn: [cryptoKeyMember],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRing(\"key_ring\",\n name=\"my-instance\",\n location=\"us-central1\")\ncrypto_key = gcp.kms.CryptoKey(\"crypto_key\",\n name=\"my-instance\",\n key_ring=key_ring.id)\nproject = gcp.organizations.get_project()\ncrypto_key_member = gcp.kms.CryptoKeyIAMMember(\"crypto_key_member\",\n crypto_key_id=crypto_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-datafusion.iam.gserviceaccount.com\")\ncmek = gcp.datafusion.Instance(\"cmek\",\n name=\"my-instance\",\n region=\"us-central1\",\n type=\"BASIC\",\n crypto_key_config={\n \"key_reference\": crypto_key.id,\n },\n opts = pulumi.ResourceOptions(depends_on=[crypto_key_member]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRing(\"key_ring\", new()\n {\n Name = \"my-instance\",\n Location = \"us-central1\",\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKey(\"crypto_key\", new()\n {\n Name = \"my-instance\",\n KeyRing = keyRing.Id,\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var cryptoKeyMember = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key_member\", new()\n {\n CryptoKeyId = cryptoKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-datafusion.iam.gserviceaccount.com\",\n });\n\n var cmek = new Gcp.DataFusion.Instance(\"cmek\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n CryptoKeyConfig = new Gcp.DataFusion.Inputs.InstanceCryptoKeyConfigArgs\n {\n KeyReference = cryptoKey.Id,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n cryptoKeyMember,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyRing, err := kms.NewKeyRing(ctx, \"key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKey(ctx, \"crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tKeyRing: keyRing.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKeyMember, err := kms.NewCryptoKeyIAMMember(ctx, \"crypto_key_member\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: cryptoKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-datafusion.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datafusion.NewInstance(ctx, \"cmek\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t\tCryptoKeyConfig: \u0026datafusion.InstanceCryptoKeyConfigArgs{\n\t\t\t\tKeyReference: cryptoKey.ID(),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcryptoKeyMember,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceCryptoKeyConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRing(\"keyRing\", KeyRingArgs.builder()\n .name(\"my-instance\")\n .location(\"us-central1\")\n .build());\n\n var cryptoKey = new CryptoKey(\"cryptoKey\", CryptoKeyArgs.builder()\n .name(\"my-instance\")\n .keyRing(keyRing.id())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var cryptoKeyMember = new CryptoKeyIAMMember(\"cryptoKeyMember\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(cryptoKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-datafusion.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var cmek = new Instance(\"cmek\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .cryptoKeyConfig(InstanceCryptoKeyConfigArgs.builder()\n .keyReference(cryptoKey.id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(cryptoKeyMember)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cmek:\n type: gcp:datafusion:Instance\n properties:\n name: my-instance\n region: us-central1\n type: BASIC\n cryptoKeyConfig:\n keyReference: ${cryptoKey.id}\n options:\n dependsOn:\n - ${cryptoKeyMember}\n cryptoKey:\n type: gcp:kms:CryptoKey\n name: crypto_key\n properties:\n name: my-instance\n keyRing: ${keyRing.id}\n keyRing:\n type: gcp:kms:KeyRing\n name: key_ring\n properties:\n name: my-instance\n location: us-central1\n cryptoKeyMember:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key_member\n properties:\n cryptoKeyId: ${cryptoKey.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:service-${project.number}@gcp-sa-datafusion.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Enterprise\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst enterpriseInstance = new gcp.datafusion.Instance(\"enterprise_instance\", {\n name: \"my-instance\",\n region: \"us-central1\",\n type: \"ENTERPRISE\",\n enableRbac: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nenterprise_instance = gcp.datafusion.Instance(\"enterprise_instance\",\n name=\"my-instance\",\n region=\"us-central1\",\n type=\"ENTERPRISE\",\n enable_rbac=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var enterpriseInstance = new Gcp.DataFusion.Instance(\"enterprise_instance\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Type = \"ENTERPRISE\",\n EnableRbac = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datafusion.NewInstance(ctx, \"enterprise_instance\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"ENTERPRISE\"),\n\t\t\tEnableRbac: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var enterpriseInstance = new Instance(\"enterpriseInstance\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .type(\"ENTERPRISE\")\n .enableRbac(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n enterpriseInstance:\n type: gcp:datafusion:Instance\n name: enterprise_instance\n properties:\n name: my-instance\n region: us-central1\n type: ENTERPRISE\n enableRbac: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Event\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst eventTopic = new gcp.pubsub.Topic(\"event\", {name: \"my-instance\"});\nconst event = new gcp.datafusion.Instance(\"event\", {\n name: \"my-instance\",\n region: \"us-central1\",\n type: \"BASIC\",\n eventPublishConfig: {\n enabled: true,\n topic: eventTopic.id,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nevent_topic = gcp.pubsub.Topic(\"event\", name=\"my-instance\")\nevent = gcp.datafusion.Instance(\"event\",\n name=\"my-instance\",\n region=\"us-central1\",\n type=\"BASIC\",\n event_publish_config={\n \"enabled\": True,\n \"topic\": event_topic.id,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var eventTopic = new Gcp.PubSub.Topic(\"event\", new()\n {\n Name = \"my-instance\",\n });\n\n var @event = new Gcp.DataFusion.Instance(\"event\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Type = \"BASIC\",\n EventPublishConfig = new Gcp.DataFusion.Inputs.InstanceEventPublishConfigArgs\n {\n Enabled = true,\n Topic = eventTopic.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\teventTopic, err := pubsub.NewTopic(ctx, \"event\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datafusion.NewInstance(ctx, \"event\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tType: pulumi.String(\"BASIC\"),\n\t\t\tEventPublishConfig: \u0026datafusion.InstanceEventPublishConfigArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tTopic: eventTopic.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport com.pulumi.gcp.datafusion.inputs.InstanceEventPublishConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var eventTopic = new Topic(\"eventTopic\", TopicArgs.builder()\n .name(\"my-instance\")\n .build());\n\n var event = new Instance(\"event\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .type(\"BASIC\")\n .eventPublishConfig(InstanceEventPublishConfigArgs.builder()\n .enabled(true)\n .topic(eventTopic.id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n event:\n type: gcp:datafusion:Instance\n properties:\n name: my-instance\n region: us-central1\n type: BASIC\n eventPublishConfig:\n enabled: true\n topic: ${eventTopic.id}\n eventTopic:\n type: gcp:pubsub:Topic\n name: event\n properties:\n name: my-instance\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Data Fusion Instance Zone\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst zone = new gcp.datafusion.Instance(\"zone\", {\n name: \"my-instance\",\n region: \"us-central1\",\n zone: \"us-central1-a\",\n type: \"DEVELOPER\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nzone = gcp.datafusion.Instance(\"zone\",\n name=\"my-instance\",\n region=\"us-central1\",\n zone=\"us-central1-a\",\n type=\"DEVELOPER\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var zone = new Gcp.DataFusion.Instance(\"zone\", new()\n {\n Name = \"my-instance\",\n Region = \"us-central1\",\n Zone = \"us-central1-a\",\n Type = \"DEVELOPER\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datafusion.NewInstance(ctx, \"zone\", \u0026datafusion.InstanceArgs{\n\t\t\tName: pulumi.String(\"my-instance\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tType: pulumi.String(\"DEVELOPER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datafusion.Instance;\nimport com.pulumi.gcp.datafusion.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var zone = new Instance(\"zone\", InstanceArgs.builder()\n .name(\"my-instance\")\n .region(\"us-central1\")\n .zone(\"us-central1-a\")\n .type(\"DEVELOPER\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n zone:\n type: gcp:datafusion:Instance\n properties:\n name: my-instance\n region: us-central1\n zone: us-central1-a\n type: DEVELOPER\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInstance can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/instances/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Instance can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:securitycenter/instanceIamPolicy:InstanceIamPolicy default projects/{{project}}/locations/{{region}}/instances/{{name}}\n```\n\n```sh\n$ pulumi import gcp:securitycenter/instanceIamPolicy:InstanceIamPolicy default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:securitycenter/instanceIamPolicy:InstanceIamPolicy default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:securitycenter/instanceIamPolicy:InstanceIamPolicy default {{name}}\n```\n\n", "properties": { "etag": { "type": "string" @@ -260042,7 +260042,7 @@ } }, "gcp:securitycenter/organizationSccBigQueryExport:OrganizationSccBigQueryExport": { - "description": "A Cloud Security Command Center (Cloud SCC) Big Query Export Config.\nIt represents exporting Security Command Center data, including assets, findings, and security marks\nusing gcloud scc bqexports\n\u003e **Note:** In order to use Cloud SCC resources, your organization must be enrolled\nin [SCC Standard/Premium](https://cloud.google.com/security-command-center/docs/quickstart-security-command-center).\nWithout doing so, you may run into errors during resource creation.\n\n\nTo get more information about OrganizationSccBigQueryExport, see:\n\n* [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v1/organizations.bigQueryExports)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/security-command-center/docs/how-to-analyze-findings-in-big-query)\n\n## Example Usage\n\n### Scc Organization Big Query Export Config Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```yaml\nresources:\n default:\n type: gcp:bigquery:Dataset\n properties:\n datasetId:\n friendlyName: test\n description: This is a test description\n location: US\n defaultTableExpirationMs: 3.6e+06\n defaultPartitionExpirationMs: null\n labels:\n env: default\n customBigQueryExportConfig:\n type: gcp:securitycenter:OrganizationSccBigQueryExport\n name: custom_big_query_export_config\n properties:\n name: my-export\n bigQueryExportId: my-export\n organization: '123456789'\n dataset: ${default.id}\n description: Cloud Security Command Center Findings Big Query Export Config\n filter: state=\"ACTIVE\" AND NOT mute=\"MUTED\"\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nOrganizationSccBigQueryExport can be imported using any of these accepted formats:\n\n* `organizations/{{organization}}/bigQueryExports/{{big_query_export_id}}`\n\n* `{{organization}}/{{big_query_export_id}}`\n\nWhen using the `pulumi import` command, OrganizationSccBigQueryExport can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:securitycenter/organizationSccBigQueryExport:OrganizationSccBigQueryExport default organizations/{{organization}}/bigQueryExports/{{big_query_export_id}}\n```\n\n```sh\n$ pulumi import gcp:securitycenter/organizationSccBigQueryExport:OrganizationSccBigQueryExport default {{organization}}/{{big_query_export_id}}\n```\n\n", + "description": "A Cloud Security Command Center (Cloud SCC) Big Query Export Config.\nIt represents exporting Security Command Center data, including assets, findings, and security marks\nusing gcloud scc bqexports\n\u003e **Note:** In order to use Cloud SCC resources, your organization must be enrolled\nin [SCC Standard/Premium](https://cloud.google.com/security-command-center/docs/quickstart-security-command-center).\nWithout doing so, you may run into errors during resource creation.\n\n\nTo get more information about OrganizationSccBigQueryExport, see:\n\n* [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v1/organizations.bigQueryExports)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/security-command-center/docs/how-to-analyze-findings-in-big-query)\n\n## Example Usage\n\n### Scc Organization Big Query Export Config Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```yaml\nresources:\n default:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: \"\"\n friendlyName: test\n description: This is a test description\n location: US\n defaultTableExpirationMs: 3.6e+06\n defaultPartitionExpirationMs: null\n labels:\n env: default\n customBigQueryExportConfig:\n type: gcp:securitycenter:OrganizationSccBigQueryExport\n name: custom_big_query_export_config\n properties:\n name: my-export\n bigQueryExportId: my-export\n organization: '123456789'\n dataset: ${default.id}\n description: Cloud Security Command Center Findings Big Query Export Config\n filter: state=\"ACTIVE\" AND NOT mute=\"MUTED\"\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nOrganizationSccBigQueryExport can be imported using any of these accepted formats:\n\n* `organizations/{{organization}}/bigQueryExports/{{big_query_export_id}}`\n\n* `{{organization}}/{{big_query_export_id}}`\n\nWhen using the `pulumi import` command, OrganizationSccBigQueryExport can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:securitycenter/organizationSccBigQueryExport:OrganizationSccBigQueryExport default organizations/{{organization}}/bigQueryExports/{{big_query_export_id}}\n```\n\n```sh\n$ pulumi import gcp:securitycenter/organizationSccBigQueryExport:OrganizationSccBigQueryExport default {{organization}}/{{big_query_export_id}}\n```\n\n", "properties": { "bigQueryExportId": { "type": "string", @@ -261496,7 +261496,7 @@ } }, "gcp:securitycenter/v2OrganizationSccBigQueryExport:V2OrganizationSccBigQueryExport": { - "description": "A Cloud Security Command Center (Cloud SCC) Big Query Export Config.\nIt represents exporting Security Command Center data, including assets, findings, and security marks\nusing gcloud scc bqexports\n\u003e **Note:** In order to use Cloud SCC resources, your organization must be enrolled\nin [SCC Standard/Premium](https://cloud.google.com/security-command-center/docs/quickstart-security-command-center).\nWithout doing so, you may run into errors during resource creation.\n\n\nTo get more information about OrganizationSccBigQueryExport, see:\n\n* [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v2/organizations.locations.bigQueryExports)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/security-command-center/docs/how-to-analyze-findings-in-big-query)\n\n## Example Usage\n\n### Scc V2 Organization Big Query Export Config Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.bigquery.Dataset(\"default\", {\n datasetId: \"\",\n friendlyName: \"test\",\n description: \"This is a test description\",\n location: \"US\",\n defaultTableExpirationMs: 3600000,\n defaultPartitionExpirationMs: undefined,\n labels: {\n env: \"default\",\n },\n});\nconst customBigQueryExportConfig = new gcp.securitycenter.V2OrganizationSccBigQueryExport(\"custom_big_query_export_config\", {\n name: \"my-export\",\n bigQueryExportId: \"my-export\",\n organization: \"123456789\",\n dataset: _default.id,\n location: \"global\",\n description: \"Cloud Security Command Center Findings Big Query Export Config\",\n filter: \"state=\\\"ACTIVE\\\" AND NOT mute=\\\"MUTED\\\"\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.bigquery.Dataset(\"default\",\n dataset_id=\"\",\n friendly_name=\"test\",\n description=\"This is a test description\",\n location=\"US\",\n default_table_expiration_ms=3600000,\n default_partition_expiration_ms=None,\n labels={\n \"env\": \"default\",\n })\ncustom_big_query_export_config = gcp.securitycenter.V2OrganizationSccBigQueryExport(\"custom_big_query_export_config\",\n name=\"my-export\",\n big_query_export_id=\"my-export\",\n organization=\"123456789\",\n dataset=default.id,\n location=\"global\",\n description=\"Cloud Security Command Center Findings Big Query Export Config\",\n filter=\"state=\\\"ACTIVE\\\" AND NOT mute=\\\"MUTED\\\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.BigQuery.Dataset(\"default\", new()\n {\n DatasetId = \"\",\n FriendlyName = \"test\",\n Description = \"This is a test description\",\n Location = \"US\",\n DefaultTableExpirationMs = 3600000,\n DefaultPartitionExpirationMs = null,\n Labels = \n {\n { \"env\", \"default\" },\n },\n });\n\n var customBigQueryExportConfig = new Gcp.SecurityCenter.V2OrganizationSccBigQueryExport(\"custom_big_query_export_config\", new()\n {\n Name = \"my-export\",\n BigQueryExportId = \"my-export\",\n Organization = \"123456789\",\n Dataset = @default.Id,\n Location = \"global\",\n Description = \"Cloud Security Command Center Findings Big Query Export Config\",\n Filter = \"state=\\\"ACTIVE\\\" AND NOT mute=\\\"MUTED\\\"\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewDataset(ctx, \"default\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"\"),\n\t\t\tFriendlyName: pulumi.String(\"test\"),\n\t\t\tDescription: pulumi.String(\"This is a test description\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tDefaultTableExpirationMs: pulumi.Int(3600000),\n\t\t\tDefaultPartitionExpirationMs: nil,\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"env\": pulumi.String(\"default\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securitycenter.NewV2OrganizationSccBigQueryExport(ctx, \"custom_big_query_export_config\", \u0026securitycenter.V2OrganizationSccBigQueryExportArgs{\n\t\t\tName: pulumi.String(\"my-export\"),\n\t\t\tBigQueryExportId: pulumi.String(\"my-export\"),\n\t\t\tOrganization: pulumi.String(\"123456789\"),\n\t\t\tDataset: _default.ID(),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tDescription: pulumi.String(\"Cloud Security Command Center Findings Big Query Export Config\"),\n\t\t\tFilter: pulumi.String(\"state=\\\"ACTIVE\\\" AND NOT mute=\\\"MUTED\\\"\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSccBigQueryExport;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSccBigQueryExportArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Dataset(\"default\", DatasetArgs.builder()\n .datasetId(\"\")\n .friendlyName(\"test\")\n .description(\"This is a test description\")\n .location(\"US\")\n .defaultTableExpirationMs(3600000)\n .defaultPartitionExpirationMs(null)\n .labels(Map.of(\"env\", \"default\"))\n .build());\n\n var customBigQueryExportConfig = new V2OrganizationSccBigQueryExport(\"customBigQueryExportConfig\", V2OrganizationSccBigQueryExportArgs.builder()\n .name(\"my-export\")\n .bigQueryExportId(\"my-export\")\n .organization(\"123456789\")\n .dataset(default_.id())\n .location(\"global\")\n .description(\"Cloud Security Command Center Findings Big Query Export Config\")\n .filter(\"state=\\\"ACTIVE\\\" AND NOT mute=\\\"MUTED\\\"\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:bigquery:Dataset\n properties:\n datasetId:\n friendlyName: test\n description: This is a test description\n location: US\n defaultTableExpirationMs: 3.6e+06\n defaultPartitionExpirationMs: null\n labels:\n env: default\n customBigQueryExportConfig:\n type: gcp:securitycenter:V2OrganizationSccBigQueryExport\n name: custom_big_query_export_config\n properties:\n name: my-export\n bigQueryExportId: my-export\n organization: '123456789'\n dataset: ${default.id}\n location: global\n description: Cloud Security Command Center Findings Big Query Export Config\n filter: state=\"ACTIVE\" AND NOT mute=\"MUTED\"\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nOrganizationSccBigQueryExport can be imported using any of these accepted formats:\n\n* `organizations/{{organization}}/locations/{{location}}/bigQueryExports/{{big_query_export_id}}`\n\n* `{{organization}}/{{location}}/{{big_query_export_id}}`\n\nWhen using the `pulumi import` command, OrganizationSccBigQueryExport can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSccBigQueryExport:V2OrganizationSccBigQueryExport default organizations/{{organization}}/locations/{{location}}/bigQueryExports/{{big_query_export_id}}\n```\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSccBigQueryExport:V2OrganizationSccBigQueryExport default {{organization}}/{{location}}/{{big_query_export_id}}\n```\n\n", + "description": "A Cloud Security Command Center (Cloud SCC) Big Query Export Config.\nIt represents exporting Security Command Center data, including assets, findings, and security marks\nusing gcloud scc bqexports\n\u003e **Note:** In order to use Cloud SCC resources, your organization must be enrolled\nin [SCC Standard/Premium](https://cloud.google.com/security-command-center/docs/quickstart-security-command-center).\nWithout doing so, you may run into errors during resource creation.\n\n\nTo get more information about OrganizationSccBigQueryExport, see:\n\n* [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v2/organizations.locations.bigQueryExports)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/security-command-center/docs/how-to-analyze-findings-in-big-query)\n\n## Example Usage\n\n### Scc V2 Organization Big Query Export Config Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.bigquery.Dataset(\"default\", {\n datasetId: \"\",\n friendlyName: \"test\",\n description: \"This is a test description\",\n location: \"US\",\n defaultTableExpirationMs: 3600000,\n defaultPartitionExpirationMs: undefined,\n labels: {\n env: \"default\",\n },\n});\nconst customBigQueryExportConfig = new gcp.securitycenter.V2OrganizationSccBigQueryExport(\"custom_big_query_export_config\", {\n name: \"my-export\",\n bigQueryExportId: \"my-export\",\n organization: \"123456789\",\n dataset: _default.id,\n location: \"global\",\n description: \"Cloud Security Command Center Findings Big Query Export Config\",\n filter: \"state=\\\"ACTIVE\\\" AND NOT mute=\\\"MUTED\\\"\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.bigquery.Dataset(\"default\",\n dataset_id=\"\",\n friendly_name=\"test\",\n description=\"This is a test description\",\n location=\"US\",\n default_table_expiration_ms=3600000,\n default_partition_expiration_ms=None,\n labels={\n \"env\": \"default\",\n })\ncustom_big_query_export_config = gcp.securitycenter.V2OrganizationSccBigQueryExport(\"custom_big_query_export_config\",\n name=\"my-export\",\n big_query_export_id=\"my-export\",\n organization=\"123456789\",\n dataset=default.id,\n location=\"global\",\n description=\"Cloud Security Command Center Findings Big Query Export Config\",\n filter=\"state=\\\"ACTIVE\\\" AND NOT mute=\\\"MUTED\\\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.BigQuery.Dataset(\"default\", new()\n {\n DatasetId = \"\",\n FriendlyName = \"test\",\n Description = \"This is a test description\",\n Location = \"US\",\n DefaultTableExpirationMs = 3600000,\n DefaultPartitionExpirationMs = null,\n Labels = \n {\n { \"env\", \"default\" },\n },\n });\n\n var customBigQueryExportConfig = new Gcp.SecurityCenter.V2OrganizationSccBigQueryExport(\"custom_big_query_export_config\", new()\n {\n Name = \"my-export\",\n BigQueryExportId = \"my-export\",\n Organization = \"123456789\",\n Dataset = @default.Id,\n Location = \"global\",\n Description = \"Cloud Security Command Center Findings Big Query Export Config\",\n Filter = \"state=\\\"ACTIVE\\\" AND NOT mute=\\\"MUTED\\\"\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewDataset(ctx, \"default\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"\"),\n\t\t\tFriendlyName: pulumi.String(\"test\"),\n\t\t\tDescription: pulumi.String(\"This is a test description\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tDefaultTableExpirationMs: pulumi.Int(3600000),\n\t\t\tDefaultPartitionExpirationMs: nil,\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"env\": pulumi.String(\"default\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securitycenter.NewV2OrganizationSccBigQueryExport(ctx, \"custom_big_query_export_config\", \u0026securitycenter.V2OrganizationSccBigQueryExportArgs{\n\t\t\tName: pulumi.String(\"my-export\"),\n\t\t\tBigQueryExportId: pulumi.String(\"my-export\"),\n\t\t\tOrganization: pulumi.String(\"123456789\"),\n\t\t\tDataset: _default.ID(),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tDescription: pulumi.String(\"Cloud Security Command Center Findings Big Query Export Config\"),\n\t\t\tFilter: pulumi.String(\"state=\\\"ACTIVE\\\" AND NOT mute=\\\"MUTED\\\"\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSccBigQueryExport;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSccBigQueryExportArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Dataset(\"default\", DatasetArgs.builder()\n .datasetId(\"\")\n .friendlyName(\"test\")\n .description(\"This is a test description\")\n .location(\"US\")\n .defaultTableExpirationMs(3600000)\n .defaultPartitionExpirationMs(null)\n .labels(Map.of(\"env\", \"default\"))\n .build());\n\n var customBigQueryExportConfig = new V2OrganizationSccBigQueryExport(\"customBigQueryExportConfig\", V2OrganizationSccBigQueryExportArgs.builder()\n .name(\"my-export\")\n .bigQueryExportId(\"my-export\")\n .organization(\"123456789\")\n .dataset(default_.id())\n .location(\"global\")\n .description(\"Cloud Security Command Center Findings Big Query Export Config\")\n .filter(\"state=\\\"ACTIVE\\\" AND NOT mute=\\\"MUTED\\\"\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: \"\"\n friendlyName: test\n description: This is a test description\n location: US\n defaultTableExpirationMs: 3.6e+06\n defaultPartitionExpirationMs: null\n labels:\n env: default\n customBigQueryExportConfig:\n type: gcp:securitycenter:V2OrganizationSccBigQueryExport\n name: custom_big_query_export_config\n properties:\n name: my-export\n bigQueryExportId: my-export\n organization: '123456789'\n dataset: ${default.id}\n location: global\n description: Cloud Security Command Center Findings Big Query Export Config\n filter: state=\"ACTIVE\" AND NOT mute=\"MUTED\"\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nOrganizationSccBigQueryExport can be imported using any of these accepted formats:\n\n* `organizations/{{organization}}/locations/{{location}}/bigQueryExports/{{big_query_export_id}}`\n\n* `{{organization}}/{{location}}/{{big_query_export_id}}`\n\nWhen using the `pulumi import` command, OrganizationSccBigQueryExport can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSccBigQueryExport:V2OrganizationSccBigQueryExport default organizations/{{organization}}/locations/{{location}}/bigQueryExports/{{big_query_export_id}}\n```\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSccBigQueryExport:V2OrganizationSccBigQueryExport default {{organization}}/{{location}}/{{big_query_export_id}}\n```\n\n", "properties": { "bigQueryExportId": { "type": "string", @@ -261644,7 +261644,7 @@ } }, "gcp:securitycenter/v2OrganizationSccBigQueryExports:V2OrganizationSccBigQueryExports": { - "description": "\u003e **Warning:** `gcp.securitycenter.V2OrganizationSccBigQueryExports` is deprecated and will be removed in a future major release. Use `gcp.securitycenter.V2OrganizationSccBigQueryExport` instead.\n\nA Cloud Security Command Center (Cloud SCC) Big Query Export Config.\nIt represents exporting Security Command Center data, including assets, findings, and security marks\nusing gcloud scc bqexports\n\u003e **Note:** In order to use Cloud SCC resources, your organization must be enrolled\nin [SCC Standard/Premium](https://cloud.google.com/security-command-center/docs/quickstart-security-command-center).\nWithout doing so, you may run into errors during resource creation.\n\n\nTo get more information about OrganizationSccBigQueryExports, see:\n\n* [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v2/organizations.locations.bigQueryExports)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/security-command-center/docs/how-to-analyze-findings-in-big-query)\n\n## Example Usage\n\n### Scc V2 Organization Big Query Exports Config Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.bigquery.Dataset(\"default\", {\n datasetId: \"\",\n friendlyName: \"test\",\n description: \"This is a test description\",\n location: \"US\",\n defaultTableExpirationMs: 3600000,\n defaultPartitionExpirationMs: undefined,\n labels: {\n env: \"default\",\n },\n});\nconst customBigQueryExportConfig = new gcp.securitycenter.V2OrganizationSccBigQueryExports(\"custom_big_query_export_config\", {\n name: \"my-export\",\n bigQueryExportId: \"my-export\",\n organization: \"123456789\",\n dataset: _default.id,\n location: \"global\",\n description: \"Cloud Security Command Center Findings Big Query Export Config\",\n filter: \"state=\\\"ACTIVE\\\" AND NOT mute=\\\"MUTED\\\"\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.bigquery.Dataset(\"default\",\n dataset_id=\"\",\n friendly_name=\"test\",\n description=\"This is a test description\",\n location=\"US\",\n default_table_expiration_ms=3600000,\n default_partition_expiration_ms=None,\n labels={\n \"env\": \"default\",\n })\ncustom_big_query_export_config = gcp.securitycenter.V2OrganizationSccBigQueryExports(\"custom_big_query_export_config\",\n name=\"my-export\",\n big_query_export_id=\"my-export\",\n organization=\"123456789\",\n dataset=default.id,\n location=\"global\",\n description=\"Cloud Security Command Center Findings Big Query Export Config\",\n filter=\"state=\\\"ACTIVE\\\" AND NOT mute=\\\"MUTED\\\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.BigQuery.Dataset(\"default\", new()\n {\n DatasetId = \"\",\n FriendlyName = \"test\",\n Description = \"This is a test description\",\n Location = \"US\",\n DefaultTableExpirationMs = 3600000,\n DefaultPartitionExpirationMs = null,\n Labels = \n {\n { \"env\", \"default\" },\n },\n });\n\n var customBigQueryExportConfig = new Gcp.SecurityCenter.V2OrganizationSccBigQueryExports(\"custom_big_query_export_config\", new()\n {\n Name = \"my-export\",\n BigQueryExportId = \"my-export\",\n Organization = \"123456789\",\n Dataset = @default.Id,\n Location = \"global\",\n Description = \"Cloud Security Command Center Findings Big Query Export Config\",\n Filter = \"state=\\\"ACTIVE\\\" AND NOT mute=\\\"MUTED\\\"\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewDataset(ctx, \"default\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"\"),\n\t\t\tFriendlyName: pulumi.String(\"test\"),\n\t\t\tDescription: pulumi.String(\"This is a test description\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tDefaultTableExpirationMs: pulumi.Int(3600000),\n\t\t\tDefaultPartitionExpirationMs: nil,\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"env\": pulumi.String(\"default\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securitycenter.NewV2OrganizationSccBigQueryExports(ctx, \"custom_big_query_export_config\", \u0026securitycenter.V2OrganizationSccBigQueryExportsArgs{\n\t\t\tName: pulumi.String(\"my-export\"),\n\t\t\tBigQueryExportId: pulumi.String(\"my-export\"),\n\t\t\tOrganization: pulumi.String(\"123456789\"),\n\t\t\tDataset: _default.ID(),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tDescription: pulumi.String(\"Cloud Security Command Center Findings Big Query Export Config\"),\n\t\t\tFilter: pulumi.String(\"state=\\\"ACTIVE\\\" AND NOT mute=\\\"MUTED\\\"\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSccBigQueryExports;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSccBigQueryExportsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Dataset(\"default\", DatasetArgs.builder()\n .datasetId(\"\")\n .friendlyName(\"test\")\n .description(\"This is a test description\")\n .location(\"US\")\n .defaultTableExpirationMs(3600000)\n .defaultPartitionExpirationMs(null)\n .labels(Map.of(\"env\", \"default\"))\n .build());\n\n var customBigQueryExportConfig = new V2OrganizationSccBigQueryExports(\"customBigQueryExportConfig\", V2OrganizationSccBigQueryExportsArgs.builder()\n .name(\"my-export\")\n .bigQueryExportId(\"my-export\")\n .organization(\"123456789\")\n .dataset(default_.id())\n .location(\"global\")\n .description(\"Cloud Security Command Center Findings Big Query Export Config\")\n .filter(\"state=\\\"ACTIVE\\\" AND NOT mute=\\\"MUTED\\\"\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:bigquery:Dataset\n properties:\n datasetId:\n friendlyName: test\n description: This is a test description\n location: US\n defaultTableExpirationMs: 3.6e+06\n defaultPartitionExpirationMs: null\n labels:\n env: default\n customBigQueryExportConfig:\n type: gcp:securitycenter:V2OrganizationSccBigQueryExports\n name: custom_big_query_export_config\n properties:\n name: my-export\n bigQueryExportId: my-export\n organization: '123456789'\n dataset: ${default.id}\n location: global\n description: Cloud Security Command Center Findings Big Query Export Config\n filter: state=\"ACTIVE\" AND NOT mute=\"MUTED\"\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nOrganizationSccBigQueryExports can be imported using any of these accepted formats:\n\n* `organizations/{{organization}}/locations/{{location}}/bigQueryExports/{{big_query_export_id}}`\n\n* `{{organization}}/{{location}}/{{big_query_export_id}}`\n\nWhen using the `pulumi import` command, OrganizationSccBigQueryExports can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSccBigQueryExports:V2OrganizationSccBigQueryExports default organizations/{{organization}}/locations/{{location}}/bigQueryExports/{{big_query_export_id}}\n```\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSccBigQueryExports:V2OrganizationSccBigQueryExports default {{organization}}/{{location}}/{{big_query_export_id}}\n```\n\n", + "description": "\u003e **Warning:** `gcp.securitycenter.V2OrganizationSccBigQueryExports` is deprecated and will be removed in a future major release. Use `gcp.securitycenter.V2OrganizationSccBigQueryExport` instead.\n\nA Cloud Security Command Center (Cloud SCC) Big Query Export Config.\nIt represents exporting Security Command Center data, including assets, findings, and security marks\nusing gcloud scc bqexports\n\u003e **Note:** In order to use Cloud SCC resources, your organization must be enrolled\nin [SCC Standard/Premium](https://cloud.google.com/security-command-center/docs/quickstart-security-command-center).\nWithout doing so, you may run into errors during resource creation.\n\n\nTo get more information about OrganizationSccBigQueryExports, see:\n\n* [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v2/organizations.locations.bigQueryExports)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/security-command-center/docs/how-to-analyze-findings-in-big-query)\n\n## Example Usage\n\n### Scc V2 Organization Big Query Exports Config Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.bigquery.Dataset(\"default\", {\n datasetId: \"\",\n friendlyName: \"test\",\n description: \"This is a test description\",\n location: \"US\",\n defaultTableExpirationMs: 3600000,\n defaultPartitionExpirationMs: undefined,\n labels: {\n env: \"default\",\n },\n});\nconst customBigQueryExportConfig = new gcp.securitycenter.V2OrganizationSccBigQueryExports(\"custom_big_query_export_config\", {\n name: \"my-export\",\n bigQueryExportId: \"my-export\",\n organization: \"123456789\",\n dataset: _default.id,\n location: \"global\",\n description: \"Cloud Security Command Center Findings Big Query Export Config\",\n filter: \"state=\\\"ACTIVE\\\" AND NOT mute=\\\"MUTED\\\"\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.bigquery.Dataset(\"default\",\n dataset_id=\"\",\n friendly_name=\"test\",\n description=\"This is a test description\",\n location=\"US\",\n default_table_expiration_ms=3600000,\n default_partition_expiration_ms=None,\n labels={\n \"env\": \"default\",\n })\ncustom_big_query_export_config = gcp.securitycenter.V2OrganizationSccBigQueryExports(\"custom_big_query_export_config\",\n name=\"my-export\",\n big_query_export_id=\"my-export\",\n organization=\"123456789\",\n dataset=default.id,\n location=\"global\",\n description=\"Cloud Security Command Center Findings Big Query Export Config\",\n filter=\"state=\\\"ACTIVE\\\" AND NOT mute=\\\"MUTED\\\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.BigQuery.Dataset(\"default\", new()\n {\n DatasetId = \"\",\n FriendlyName = \"test\",\n Description = \"This is a test description\",\n Location = \"US\",\n DefaultTableExpirationMs = 3600000,\n DefaultPartitionExpirationMs = null,\n Labels = \n {\n { \"env\", \"default\" },\n },\n });\n\n var customBigQueryExportConfig = new Gcp.SecurityCenter.V2OrganizationSccBigQueryExports(\"custom_big_query_export_config\", new()\n {\n Name = \"my-export\",\n BigQueryExportId = \"my-export\",\n Organization = \"123456789\",\n Dataset = @default.Id,\n Location = \"global\",\n Description = \"Cloud Security Command Center Findings Big Query Export Config\",\n Filter = \"state=\\\"ACTIVE\\\" AND NOT mute=\\\"MUTED\\\"\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewDataset(ctx, \"default\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"\"),\n\t\t\tFriendlyName: pulumi.String(\"test\"),\n\t\t\tDescription: pulumi.String(\"This is a test description\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tDefaultTableExpirationMs: pulumi.Int(3600000),\n\t\t\tDefaultPartitionExpirationMs: nil,\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"env\": pulumi.String(\"default\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securitycenter.NewV2OrganizationSccBigQueryExports(ctx, \"custom_big_query_export_config\", \u0026securitycenter.V2OrganizationSccBigQueryExportsArgs{\n\t\t\tName: pulumi.String(\"my-export\"),\n\t\t\tBigQueryExportId: pulumi.String(\"my-export\"),\n\t\t\tOrganization: pulumi.String(\"123456789\"),\n\t\t\tDataset: _default.ID(),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tDescription: pulumi.String(\"Cloud Security Command Center Findings Big Query Export Config\"),\n\t\t\tFilter: pulumi.String(\"state=\\\"ACTIVE\\\" AND NOT mute=\\\"MUTED\\\"\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSccBigQueryExports;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSccBigQueryExportsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Dataset(\"default\", DatasetArgs.builder()\n .datasetId(\"\")\n .friendlyName(\"test\")\n .description(\"This is a test description\")\n .location(\"US\")\n .defaultTableExpirationMs(3600000)\n .defaultPartitionExpirationMs(null)\n .labels(Map.of(\"env\", \"default\"))\n .build());\n\n var customBigQueryExportConfig = new V2OrganizationSccBigQueryExports(\"customBigQueryExportConfig\", V2OrganizationSccBigQueryExportsArgs.builder()\n .name(\"my-export\")\n .bigQueryExportId(\"my-export\")\n .organization(\"123456789\")\n .dataset(default_.id())\n .location(\"global\")\n .description(\"Cloud Security Command Center Findings Big Query Export Config\")\n .filter(\"state=\\\"ACTIVE\\\" AND NOT mute=\\\"MUTED\\\"\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: \"\"\n friendlyName: test\n description: This is a test description\n location: US\n defaultTableExpirationMs: 3.6e+06\n defaultPartitionExpirationMs: null\n labels:\n env: default\n customBigQueryExportConfig:\n type: gcp:securitycenter:V2OrganizationSccBigQueryExports\n name: custom_big_query_export_config\n properties:\n name: my-export\n bigQueryExportId: my-export\n organization: '123456789'\n dataset: ${default.id}\n location: global\n description: Cloud Security Command Center Findings Big Query Export Config\n filter: state=\"ACTIVE\" AND NOT mute=\"MUTED\"\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nOrganizationSccBigQueryExports can be imported using any of these accepted formats:\n\n* `organizations/{{organization}}/locations/{{location}}/bigQueryExports/{{big_query_export_id}}`\n\n* `{{organization}}/{{location}}/{{big_query_export_id}}`\n\nWhen using the `pulumi import` command, OrganizationSccBigQueryExports can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSccBigQueryExports:V2OrganizationSccBigQueryExports default organizations/{{organization}}/locations/{{location}}/bigQueryExports/{{big_query_export_id}}\n```\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSccBigQueryExports:V2OrganizationSccBigQueryExports default {{organization}}/{{location}}/{{big_query_export_id}}\n```\n\n", "properties": { "bigQueryExportId": { "type": "string", @@ -261860,7 +261860,7 @@ } }, "gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding": { - "description": "Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case:\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached.\n* `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved.\n* `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.securitycenter.V2OrganizationSourceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\", {\n source: customSource.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\",\n source=custom_source[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecurityCenter.V2OrganizationSourceIamPolicy(\"policy\", new()\n {\n Source = customSource.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securitycenter.NewV2OrganizationSourceIamPolicy(ctx, \"policy\", \u0026securitycenter.V2OrganizationSourceIamPolicyArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicy;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new V2OrganizationSourceIamPolicy(\"policy\", V2OrganizationSourceIamPolicyArgs.builder()\n .source(customSource.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:securitycenter:V2OrganizationSourceIamPolicy\n properties:\n source: ${customSource.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\", {\n source: customSource.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecurityCenter.V2OrganizationSourceIamBinding(\"binding\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamBinding(ctx, \"binding\", \u0026securitycenter.V2OrganizationSourceIamBindingArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBinding;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new V2OrganizationSourceIamBinding(\"binding\", V2OrganizationSourceIamBindingArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:securitycenter:V2OrganizationSourceIamBinding\n properties:\n source: ${customSource.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.securitycenter.V2OrganizationSourceIamMember(\"member\", {\n source: customSource.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.securitycenter.V2OrganizationSourceIamMember(\"member\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecurityCenter.V2OrganizationSourceIamMember(\"member\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamMember(ctx, \"member\", \u0026securitycenter.V2OrganizationSourceIamMemberArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMember;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new V2OrganizationSourceIamMember(\"member\", V2OrganizationSourceIamMemberArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:securitycenter:V2OrganizationSourceIamMember\n properties:\n source: ${customSource.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Security Command Center (SCC)v2 API OrganizationSource\nThree different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case:\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached.\n* `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved.\n* `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.securitycenter.V2OrganizationSourceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\", {\n source: customSource.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\",\n source=custom_source[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecurityCenter.V2OrganizationSourceIamPolicy(\"policy\", new()\n {\n Source = customSource.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securitycenter.NewV2OrganizationSourceIamPolicy(ctx, \"policy\", \u0026securitycenter.V2OrganizationSourceIamPolicyArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicy;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new V2OrganizationSourceIamPolicy(\"policy\", V2OrganizationSourceIamPolicyArgs.builder()\n .source(customSource.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:securitycenter:V2OrganizationSourceIamPolicy\n properties:\n source: ${customSource.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\", {\n source: customSource.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecurityCenter.V2OrganizationSourceIamBinding(\"binding\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamBinding(ctx, \"binding\", \u0026securitycenter.V2OrganizationSourceIamBindingArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBinding;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new V2OrganizationSourceIamBinding(\"binding\", V2OrganizationSourceIamBindingArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:securitycenter:V2OrganizationSourceIamBinding\n properties:\n source: ${customSource.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.securitycenter.V2OrganizationSourceIamMember(\"member\", {\n source: customSource.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.securitycenter.V2OrganizationSourceIamMember(\"member\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecurityCenter.V2OrganizationSourceIamMember(\"member\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamMember(ctx, \"member\", \u0026securitycenter.V2OrganizationSourceIamMemberArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMember;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new V2OrganizationSourceIamMember(\"member\", V2OrganizationSourceIamMemberArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:securitycenter:V2OrganizationSourceIamMember\n properties:\n source: ${customSource.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* organizations/{{organization}}/sources/{{source}}\n\n* {{organization}}/{{source}}\n\n* {{source}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nSecurity Command Center (SCC)v2 API organizationsource IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding editor \"organizations/{{organization}}/sources/{{source}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding editor \"organizations/{{organization}}/sources/{{source}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding editor organizations/{{organization}}/sources/{{source}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case:\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached.\n* `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved.\n* `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.securitycenter.V2OrganizationSourceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\", {\n source: customSource.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\",\n source=custom_source[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecurityCenter.V2OrganizationSourceIamPolicy(\"policy\", new()\n {\n Source = customSource.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securitycenter.NewV2OrganizationSourceIamPolicy(ctx, \"policy\", \u0026securitycenter.V2OrganizationSourceIamPolicyArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicy;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new V2OrganizationSourceIamPolicy(\"policy\", V2OrganizationSourceIamPolicyArgs.builder()\n .source(customSource.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:securitycenter:V2OrganizationSourceIamPolicy\n properties:\n source: ${customSource.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\", {\n source: customSource.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecurityCenter.V2OrganizationSourceIamBinding(\"binding\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamBinding(ctx, \"binding\", \u0026securitycenter.V2OrganizationSourceIamBindingArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBinding;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new V2OrganizationSourceIamBinding(\"binding\", V2OrganizationSourceIamBindingArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:securitycenter:V2OrganizationSourceIamBinding\n properties:\n source: ${customSource.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.securitycenter.V2OrganizationSourceIamMember(\"member\", {\n source: customSource.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.securitycenter.V2OrganizationSourceIamMember(\"member\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecurityCenter.V2OrganizationSourceIamMember(\"member\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamMember(ctx, \"member\", \u0026securitycenter.V2OrganizationSourceIamMemberArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMember;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new V2OrganizationSourceIamMember(\"member\", V2OrganizationSourceIamMemberArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:securitycenter:V2OrganizationSourceIamMember\n properties:\n source: ${customSource.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Security Command Center (SCC)v2 API OrganizationSource\nThree different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case:\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached.\n* `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved.\n* `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.securitycenter.V2OrganizationSourceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\", {\n source: customSource.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\",\n source=custom_source[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecurityCenter.V2OrganizationSourceIamPolicy(\"policy\", new()\n {\n Source = customSource.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securitycenter.NewV2OrganizationSourceIamPolicy(ctx, \"policy\", \u0026securitycenter.V2OrganizationSourceIamPolicyArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicy;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new V2OrganizationSourceIamPolicy(\"policy\", V2OrganizationSourceIamPolicyArgs.builder()\n .source(customSource.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:securitycenter:V2OrganizationSourceIamPolicy\n properties:\n source: ${customSource.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\", {\n source: customSource.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecurityCenter.V2OrganizationSourceIamBinding(\"binding\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamBinding(ctx, \"binding\", \u0026securitycenter.V2OrganizationSourceIamBindingArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBinding;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new V2OrganizationSourceIamBinding(\"binding\", V2OrganizationSourceIamBindingArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:securitycenter:V2OrganizationSourceIamBinding\n properties:\n source: ${customSource.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.securitycenter.V2OrganizationSourceIamMember(\"member\", {\n source: customSource.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.securitycenter.V2OrganizationSourceIamMember(\"member\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecurityCenter.V2OrganizationSourceIamMember(\"member\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamMember(ctx, \"member\", \u0026securitycenter.V2OrganizationSourceIamMemberArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMember;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new V2OrganizationSourceIamMember(\"member\", V2OrganizationSourceIamMemberArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:securitycenter:V2OrganizationSourceIamMember\n properties:\n source: ${customSource.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* organizations/{{organization}}/sources/{{source}}\n\n* {{organization}}/{{source}}\n\n* {{source}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nSecurity Command Center (SCC)v2 API organizationsource IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding editor \"organizations/{{organization}}/sources/{{source}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding editor \"organizations/{{organization}}/sources/{{source}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding editor organizations/{{organization}}/sources/{{source}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:securitycenter/V2OrganizationSourceIamBindingCondition:V2OrganizationSourceIamBindingCondition" @@ -261965,7 +261965,7 @@ } }, "gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember": { - "description": "Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case:\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached.\n* `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved.\n* `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.securitycenter.V2OrganizationSourceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\", {\n source: customSource.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\",\n source=custom_source[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecurityCenter.V2OrganizationSourceIamPolicy(\"policy\", new()\n {\n Source = customSource.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securitycenter.NewV2OrganizationSourceIamPolicy(ctx, \"policy\", \u0026securitycenter.V2OrganizationSourceIamPolicyArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicy;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new V2OrganizationSourceIamPolicy(\"policy\", V2OrganizationSourceIamPolicyArgs.builder()\n .source(customSource.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:securitycenter:V2OrganizationSourceIamPolicy\n properties:\n source: ${customSource.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\", {\n source: customSource.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecurityCenter.V2OrganizationSourceIamBinding(\"binding\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamBinding(ctx, \"binding\", \u0026securitycenter.V2OrganizationSourceIamBindingArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBinding;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new V2OrganizationSourceIamBinding(\"binding\", V2OrganizationSourceIamBindingArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:securitycenter:V2OrganizationSourceIamBinding\n properties:\n source: ${customSource.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.securitycenter.V2OrganizationSourceIamMember(\"member\", {\n source: customSource.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.securitycenter.V2OrganizationSourceIamMember(\"member\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecurityCenter.V2OrganizationSourceIamMember(\"member\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamMember(ctx, \"member\", \u0026securitycenter.V2OrganizationSourceIamMemberArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMember;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new V2OrganizationSourceIamMember(\"member\", V2OrganizationSourceIamMemberArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:securitycenter:V2OrganizationSourceIamMember\n properties:\n source: ${customSource.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Security Command Center (SCC)v2 API OrganizationSource\nThree different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case:\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached.\n* `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved.\n* `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.securitycenter.V2OrganizationSourceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\", {\n source: customSource.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\",\n source=custom_source[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecurityCenter.V2OrganizationSourceIamPolicy(\"policy\", new()\n {\n Source = customSource.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securitycenter.NewV2OrganizationSourceIamPolicy(ctx, \"policy\", \u0026securitycenter.V2OrganizationSourceIamPolicyArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicy;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new V2OrganizationSourceIamPolicy(\"policy\", V2OrganizationSourceIamPolicyArgs.builder()\n .source(customSource.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:securitycenter:V2OrganizationSourceIamPolicy\n properties:\n source: ${customSource.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\", {\n source: customSource.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecurityCenter.V2OrganizationSourceIamBinding(\"binding\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamBinding(ctx, \"binding\", \u0026securitycenter.V2OrganizationSourceIamBindingArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBinding;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new V2OrganizationSourceIamBinding(\"binding\", V2OrganizationSourceIamBindingArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:securitycenter:V2OrganizationSourceIamBinding\n properties:\n source: ${customSource.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.securitycenter.V2OrganizationSourceIamMember(\"member\", {\n source: customSource.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.securitycenter.V2OrganizationSourceIamMember(\"member\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecurityCenter.V2OrganizationSourceIamMember(\"member\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamMember(ctx, \"member\", \u0026securitycenter.V2OrganizationSourceIamMemberArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMember;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new V2OrganizationSourceIamMember(\"member\", V2OrganizationSourceIamMemberArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:securitycenter:V2OrganizationSourceIamMember\n properties:\n source: ${customSource.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* organizations/{{organization}}/sources/{{source}}\n\n* {{organization}}/{{source}}\n\n* {{source}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nSecurity Command Center (SCC)v2 API organizationsource IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember editor \"organizations/{{organization}}/sources/{{source}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember editor \"organizations/{{organization}}/sources/{{source}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember editor organizations/{{organization}}/sources/{{source}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case:\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached.\n* `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved.\n* `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.securitycenter.V2OrganizationSourceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\", {\n source: customSource.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\",\n source=custom_source[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecurityCenter.V2OrganizationSourceIamPolicy(\"policy\", new()\n {\n Source = customSource.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securitycenter.NewV2OrganizationSourceIamPolicy(ctx, \"policy\", \u0026securitycenter.V2OrganizationSourceIamPolicyArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicy;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new V2OrganizationSourceIamPolicy(\"policy\", V2OrganizationSourceIamPolicyArgs.builder()\n .source(customSource.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:securitycenter:V2OrganizationSourceIamPolicy\n properties:\n source: ${customSource.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\", {\n source: customSource.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecurityCenter.V2OrganizationSourceIamBinding(\"binding\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamBinding(ctx, \"binding\", \u0026securitycenter.V2OrganizationSourceIamBindingArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBinding;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new V2OrganizationSourceIamBinding(\"binding\", V2OrganizationSourceIamBindingArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:securitycenter:V2OrganizationSourceIamBinding\n properties:\n source: ${customSource.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.securitycenter.V2OrganizationSourceIamMember(\"member\", {\n source: customSource.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.securitycenter.V2OrganizationSourceIamMember(\"member\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecurityCenter.V2OrganizationSourceIamMember(\"member\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamMember(ctx, \"member\", \u0026securitycenter.V2OrganizationSourceIamMemberArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMember;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new V2OrganizationSourceIamMember(\"member\", V2OrganizationSourceIamMemberArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:securitycenter:V2OrganizationSourceIamMember\n properties:\n source: ${customSource.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Security Command Center (SCC)v2 API OrganizationSource\nThree different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case:\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached.\n* `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved.\n* `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.securitycenter.V2OrganizationSourceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\", {\n source: customSource.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\",\n source=custom_source[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecurityCenter.V2OrganizationSourceIamPolicy(\"policy\", new()\n {\n Source = customSource.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securitycenter.NewV2OrganizationSourceIamPolicy(ctx, \"policy\", \u0026securitycenter.V2OrganizationSourceIamPolicyArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicy;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new V2OrganizationSourceIamPolicy(\"policy\", V2OrganizationSourceIamPolicyArgs.builder()\n .source(customSource.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:securitycenter:V2OrganizationSourceIamPolicy\n properties:\n source: ${customSource.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\", {\n source: customSource.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecurityCenter.V2OrganizationSourceIamBinding(\"binding\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamBinding(ctx, \"binding\", \u0026securitycenter.V2OrganizationSourceIamBindingArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBinding;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new V2OrganizationSourceIamBinding(\"binding\", V2OrganizationSourceIamBindingArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:securitycenter:V2OrganizationSourceIamBinding\n properties:\n source: ${customSource.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.securitycenter.V2OrganizationSourceIamMember(\"member\", {\n source: customSource.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.securitycenter.V2OrganizationSourceIamMember(\"member\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecurityCenter.V2OrganizationSourceIamMember(\"member\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamMember(ctx, \"member\", \u0026securitycenter.V2OrganizationSourceIamMemberArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMember;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new V2OrganizationSourceIamMember(\"member\", V2OrganizationSourceIamMemberArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:securitycenter:V2OrganizationSourceIamMember\n properties:\n source: ${customSource.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* organizations/{{organization}}/sources/{{source}}\n\n* {{organization}}/{{source}}\n\n* {{source}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nSecurity Command Center (SCC)v2 API organizationsource IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember editor \"organizations/{{organization}}/sources/{{source}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember editor \"organizations/{{organization}}/sources/{{source}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember editor organizations/{{organization}}/sources/{{source}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:securitycenter/V2OrganizationSourceIamMemberCondition:V2OrganizationSourceIamMemberCondition" @@ -262063,7 +262063,7 @@ } }, "gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case:\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached.\n* `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved.\n* `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.securitycenter.V2OrganizationSourceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\", {\n source: customSource.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\",\n source=custom_source[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecurityCenter.V2OrganizationSourceIamPolicy(\"policy\", new()\n {\n Source = customSource.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securitycenter.NewV2OrganizationSourceIamPolicy(ctx, \"policy\", \u0026securitycenter.V2OrganizationSourceIamPolicyArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicy;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new V2OrganizationSourceIamPolicy(\"policy\", V2OrganizationSourceIamPolicyArgs.builder()\n .source(customSource.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:securitycenter:V2OrganizationSourceIamPolicy\n properties:\n source: ${customSource.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\", {\n source: customSource.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecurityCenter.V2OrganizationSourceIamBinding(\"binding\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamBinding(ctx, \"binding\", \u0026securitycenter.V2OrganizationSourceIamBindingArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBinding;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new V2OrganizationSourceIamBinding(\"binding\", V2OrganizationSourceIamBindingArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:securitycenter:V2OrganizationSourceIamBinding\n properties:\n source: ${customSource.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.securitycenter.V2OrganizationSourceIamMember(\"member\", {\n source: customSource.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.securitycenter.V2OrganizationSourceIamMember(\"member\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecurityCenter.V2OrganizationSourceIamMember(\"member\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamMember(ctx, \"member\", \u0026securitycenter.V2OrganizationSourceIamMemberArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMember;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new V2OrganizationSourceIamMember(\"member\", V2OrganizationSourceIamMemberArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:securitycenter:V2OrganizationSourceIamMember\n properties:\n source: ${customSource.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Security Command Center (SCC)v2 API OrganizationSource\nThree different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case:\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached.\n* `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved.\n* `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.securitycenter.V2OrganizationSourceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\", {\n source: customSource.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\",\n source=custom_source[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecurityCenter.V2OrganizationSourceIamPolicy(\"policy\", new()\n {\n Source = customSource.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securitycenter.NewV2OrganizationSourceIamPolicy(ctx, \"policy\", \u0026securitycenter.V2OrganizationSourceIamPolicyArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicy;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new V2OrganizationSourceIamPolicy(\"policy\", V2OrganizationSourceIamPolicyArgs.builder()\n .source(customSource.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:securitycenter:V2OrganizationSourceIamPolicy\n properties:\n source: ${customSource.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\", {\n source: customSource.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecurityCenter.V2OrganizationSourceIamBinding(\"binding\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamBinding(ctx, \"binding\", \u0026securitycenter.V2OrganizationSourceIamBindingArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBinding;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new V2OrganizationSourceIamBinding(\"binding\", V2OrganizationSourceIamBindingArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:securitycenter:V2OrganizationSourceIamBinding\n properties:\n source: ${customSource.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.securitycenter.V2OrganizationSourceIamMember(\"member\", {\n source: customSource.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.securitycenter.V2OrganizationSourceIamMember(\"member\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecurityCenter.V2OrganizationSourceIamMember(\"member\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamMember(ctx, \"member\", \u0026securitycenter.V2OrganizationSourceIamMemberArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMember;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new V2OrganizationSourceIamMember(\"member\", V2OrganizationSourceIamMemberArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:securitycenter:V2OrganizationSourceIamMember\n properties:\n source: ${customSource.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* organizations/{{organization}}/sources/{{source}}\n\n* {{organization}}/{{source}}\n\n* {{source}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nSecurity Command Center (SCC)v2 API organizationsource IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy editor \"organizations/{{organization}}/sources/{{source}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy editor \"organizations/{{organization}}/sources/{{source}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy editor organizations/{{organization}}/sources/{{source}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case:\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached.\n* `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved.\n* `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.securitycenter.V2OrganizationSourceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\", {\n source: customSource.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\",\n source=custom_source[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecurityCenter.V2OrganizationSourceIamPolicy(\"policy\", new()\n {\n Source = customSource.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securitycenter.NewV2OrganizationSourceIamPolicy(ctx, \"policy\", \u0026securitycenter.V2OrganizationSourceIamPolicyArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicy;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new V2OrganizationSourceIamPolicy(\"policy\", V2OrganizationSourceIamPolicyArgs.builder()\n .source(customSource.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:securitycenter:V2OrganizationSourceIamPolicy\n properties:\n source: ${customSource.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\", {\n source: customSource.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecurityCenter.V2OrganizationSourceIamBinding(\"binding\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamBinding(ctx, \"binding\", \u0026securitycenter.V2OrganizationSourceIamBindingArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBinding;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new V2OrganizationSourceIamBinding(\"binding\", V2OrganizationSourceIamBindingArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:securitycenter:V2OrganizationSourceIamBinding\n properties:\n source: ${customSource.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.securitycenter.V2OrganizationSourceIamMember(\"member\", {\n source: customSource.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.securitycenter.V2OrganizationSourceIamMember(\"member\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecurityCenter.V2OrganizationSourceIamMember(\"member\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamMember(ctx, \"member\", \u0026securitycenter.V2OrganizationSourceIamMemberArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMember;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new V2OrganizationSourceIamMember(\"member\", V2OrganizationSourceIamMemberArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:securitycenter:V2OrganizationSourceIamMember\n properties:\n source: ${customSource.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Security Command Center (SCC)v2 API OrganizationSource\nThree different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case:\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached.\n* `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved.\n* `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.securitycenter.V2OrganizationSourceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\", {\n source: customSource.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\",\n source=custom_source[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecurityCenter.V2OrganizationSourceIamPolicy(\"policy\", new()\n {\n Source = customSource.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securitycenter.NewV2OrganizationSourceIamPolicy(ctx, \"policy\", \u0026securitycenter.V2OrganizationSourceIamPolicyArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicy;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new V2OrganizationSourceIamPolicy(\"policy\", V2OrganizationSourceIamPolicyArgs.builder()\n .source(customSource.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:securitycenter:V2OrganizationSourceIamPolicy\n properties:\n source: ${customSource.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\", {\n source: customSource.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecurityCenter.V2OrganizationSourceIamBinding(\"binding\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamBinding(ctx, \"binding\", \u0026securitycenter.V2OrganizationSourceIamBindingArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBinding;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new V2OrganizationSourceIamBinding(\"binding\", V2OrganizationSourceIamBindingArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:securitycenter:V2OrganizationSourceIamBinding\n properties:\n source: ${customSource.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.securitycenter.V2OrganizationSourceIamMember(\"member\", {\n source: customSource.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.securitycenter.V2OrganizationSourceIamMember(\"member\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecurityCenter.V2OrganizationSourceIamMember(\"member\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamMember(ctx, \"member\", \u0026securitycenter.V2OrganizationSourceIamMemberArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMember;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new V2OrganizationSourceIamMember(\"member\", V2OrganizationSourceIamMemberArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:securitycenter:V2OrganizationSourceIamMember\n properties:\n source: ${customSource.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* organizations/{{organization}}/sources/{{source}}\n\n* {{organization}}/{{source}}\n\n* {{source}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nSecurity Command Center (SCC)v2 API organizationsource IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy editor \"organizations/{{organization}}/sources/{{source}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy editor \"organizations/{{organization}}/sources/{{source}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy editor organizations/{{organization}}/sources/{{source}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -263032,7 +263032,7 @@ ] }, "gcp:serviceaccount/iAMBinding:IAMBinding": { - "description": "When managing IAM roles, you can treat a service account either as a resource or as an identity. This resource is to add iam policy bindings to a service account resource, such as allowing the members to run operations as or modify the service account. To configure permissions for a service account on other GCP resources, use the google_project_iam set of resources.\n\nThree different resources help you manage your IAM policy for a service account. Each of these resources serves a different use case:\n\n* `gcp.serviceaccount.IAMPolicy`: Authoritative. Sets the IAM policy for the service account and replaces any existing policy already attached.\n* `gcp.serviceaccount.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service account are preserved.\n* `gcp.serviceaccount.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service account are preserved.\n\n\u003e **Note:** `gcp.serviceaccount.IAMPolicy` **cannot** be used in conjunction with `gcp.serviceaccount.IAMBinding` and `gcp.serviceaccount.IAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.serviceaccount.IAMBinding` resources **can be** used in conjunction with `gcp.serviceaccount.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n## Example Usage\n\n### Service Account IAM Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can interact with\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMPolicy(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iam.serviceAccountUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can interact with\")\nadmin_account_iam = gcp.serviceaccount.IAMPolicy(\"admin-account-iam\",\n service_account_id=sa.name,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can interact with\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMPolicy(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iam.serviceAccountUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can interact with\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMPolicy(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMPolicyArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMPolicy;\nimport com.pulumi.gcp.serviceaccount.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can interact with\")\n .build());\n\n var admin_account_iam = new IAMPolicy(\"admin-account-iam\", IAMPolicyArgs.builder()\n .serviceAccountId(sa.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can interact with\n admin-account-iam:\n type: gcp:serviceaccount:IAMPolicy\n properties:\n serviceAccountId: ${sa.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.ServiceAccount.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026serviceaccount.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getDefaultServiceAccount({});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n});\n// Allow SA service account use the default GCE account\nconst gce_default_account_iam = new gcp.serviceaccount.IAMMember(\"gce-default-account-iam\", {\n serviceAccountId: _default.then(_default =\u003e _default.name),\n role: \"roles/iam.serviceAccountUser\",\n member: pulumi.interpolate`serviceAccount:${sa.email}`,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_default_service_account()\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\")\n# Allow SA service account use the default GCE account\ngce_default_account_iam = gcp.serviceaccount.IAMMember(\"gce-default-account-iam\",\n service_account_id=default.name,\n role=\"roles/iam.serviceAccountUser\",\n member=sa.email.apply(lambda email: f\"serviceAccount:{email}\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetDefaultServiceAccount.Invoke();\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n });\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new Gcp.ServiceAccount.IAMMember(\"gce-default-account-iam\", new()\n {\n ServiceAccountId = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Name)),\n Role = \"roles/iam.serviceAccountUser\",\n Member = sa.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.GetDefaultServiceAccount(ctx, \u0026compute.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Allow SA service account use the default GCE account\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"gce-default-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: pulumi.String(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: sa.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getDefaultServiceAccount();\n\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new IAMMember(\"gce-default-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(default_.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(sa.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n # Allow SA service account use the default GCE account\n gce-default-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${default.name}\n role: roles/iam.serviceAccountUser\n member: serviceAccount:${sa.email}\nvariables:\n default:\n fn::invoke:\n Function: gcp:compute:getDefaultServiceAccount\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.ServiceAccount.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026serviceaccount.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Additional Examples\n\n### Service Account IAM Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can interact with\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMPolicy(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iam.serviceAccountUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can interact with\")\nadmin_account_iam = gcp.serviceaccount.IAMPolicy(\"admin-account-iam\",\n service_account_id=sa.name,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can interact with\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMPolicy(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iam.serviceAccountUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can interact with\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMPolicy(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMPolicyArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMPolicy;\nimport com.pulumi.gcp.serviceaccount.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can interact with\")\n .build());\n\n var admin_account_iam = new IAMPolicy(\"admin-account-iam\", IAMPolicyArgs.builder()\n .serviceAccountId(sa.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can interact with\n admin-account-iam:\n type: gcp:serviceaccount:IAMPolicy\n properties:\n serviceAccountId: ${sa.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.ServiceAccount.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026serviceaccount.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getDefaultServiceAccount({});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n});\n// Allow SA service account use the default GCE account\nconst gce_default_account_iam = new gcp.serviceaccount.IAMMember(\"gce-default-account-iam\", {\n serviceAccountId: _default.then(_default =\u003e _default.name),\n role: \"roles/iam.serviceAccountUser\",\n member: pulumi.interpolate`serviceAccount:${sa.email}`,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_default_service_account()\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\")\n# Allow SA service account use the default GCE account\ngce_default_account_iam = gcp.serviceaccount.IAMMember(\"gce-default-account-iam\",\n service_account_id=default.name,\n role=\"roles/iam.serviceAccountUser\",\n member=sa.email.apply(lambda email: f\"serviceAccount:{email}\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetDefaultServiceAccount.Invoke();\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n });\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new Gcp.ServiceAccount.IAMMember(\"gce-default-account-iam\", new()\n {\n ServiceAccountId = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Name)),\n Role = \"roles/iam.serviceAccountUser\",\n Member = sa.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.GetDefaultServiceAccount(ctx, \u0026compute.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Allow SA service account use the default GCE account\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"gce-default-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: pulumi.String(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: sa.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getDefaultServiceAccount();\n\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new IAMMember(\"gce-default-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(default_.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(sa.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n # Allow SA service account use the default GCE account\n gce-default-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${default.name}\n role: roles/iam.serviceAccountUser\n member: serviceAccount:${sa.email}\nvariables:\n default:\n fn::invoke:\n Function: gcp:compute:getDefaultServiceAccount\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.ServiceAccount.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026serviceaccount.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing with conditions:\n\nHere are examples of importing IAM memberships and bindings that include conditions:\n\n```sh\n$ pulumi import gcp:serviceaccount/iAMBinding:IAMBinding admin-account-iam \"projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser expires_after_2019_12_31\"\n```\n\n```sh\n$ pulumi import gcp:serviceaccount/iAMBinding:IAMBinding admin-account-iam \"projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser user:foo@example.com expires_after_2019_12_31\"\n```\n\n", + "description": "When managing IAM roles, you can treat a service account either as a resource or as an identity. This resource is to add iam policy bindings to a service account resource, such as allowing the members to run operations as or modify the service account. To configure permissions for a service account on other GCP resources, use the google_project_iam set of resources.\n\nThree different resources help you manage your IAM policy for a service account. Each of these resources serves a different use case:\n\n* `gcp.serviceaccount.IAMPolicy`: Authoritative. Sets the IAM policy for the service account and replaces any existing policy already attached.\n* `gcp.serviceaccount.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service account are preserved.\n* `gcp.serviceaccount.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service account are preserved.\n\n\u003e **Note:** `gcp.serviceaccount.IAMPolicy` **cannot** be used in conjunction with `gcp.serviceaccount.IAMBinding` and `gcp.serviceaccount.IAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.serviceaccount.IAMBinding` resources **can be** used in conjunction with `gcp.serviceaccount.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n## Example Usage\n\n### Service Account IAM Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can interact with\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMPolicy(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iam.serviceAccountUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can interact with\")\nadmin_account_iam = gcp.serviceaccount.IAMPolicy(\"admin-account-iam\",\n service_account_id=sa.name,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can interact with\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMPolicy(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iam.serviceAccountUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can interact with\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMPolicy(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMPolicyArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMPolicy;\nimport com.pulumi.gcp.serviceaccount.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can interact with\")\n .build());\n\n var admin_account_iam = new IAMPolicy(\"admin-account-iam\", IAMPolicyArgs.builder()\n .serviceAccountId(sa.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can interact with\n admin-account-iam:\n type: gcp:serviceaccount:IAMPolicy\n properties:\n serviceAccountId: ${sa.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.ServiceAccount.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026serviceaccount.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getDefaultServiceAccount({});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n});\n// Allow SA service account use the default GCE account\nconst gce_default_account_iam = new gcp.serviceaccount.IAMMember(\"gce-default-account-iam\", {\n serviceAccountId: _default.then(_default =\u003e _default.name),\n role: \"roles/iam.serviceAccountUser\",\n member: pulumi.interpolate`serviceAccount:${sa.email}`,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_default_service_account()\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\")\n# Allow SA service account use the default GCE account\ngce_default_account_iam = gcp.serviceaccount.IAMMember(\"gce-default-account-iam\",\n service_account_id=default.name,\n role=\"roles/iam.serviceAccountUser\",\n member=sa.email.apply(lambda email: f\"serviceAccount:{email}\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetDefaultServiceAccount.Invoke();\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n });\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new Gcp.ServiceAccount.IAMMember(\"gce-default-account-iam\", new()\n {\n ServiceAccountId = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Name)),\n Role = \"roles/iam.serviceAccountUser\",\n Member = sa.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.GetDefaultServiceAccount(ctx, \u0026compute.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Allow SA service account use the default GCE account\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"gce-default-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: pulumi.String(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: sa.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getDefaultServiceAccount();\n\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new IAMMember(\"gce-default-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(default_.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(sa.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n # Allow SA service account use the default GCE account\n gce-default-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${default.name}\n role: roles/iam.serviceAccountUser\n member: serviceAccount:${sa.email}\nvariables:\n default:\n fn::invoke:\n function: gcp:compute:getDefaultServiceAccount\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.ServiceAccount.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026serviceaccount.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Additional Examples\n\n### Service Account IAM Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can interact with\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMPolicy(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iam.serviceAccountUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can interact with\")\nadmin_account_iam = gcp.serviceaccount.IAMPolicy(\"admin-account-iam\",\n service_account_id=sa.name,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can interact with\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMPolicy(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iam.serviceAccountUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can interact with\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMPolicy(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMPolicyArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMPolicy;\nimport com.pulumi.gcp.serviceaccount.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can interact with\")\n .build());\n\n var admin_account_iam = new IAMPolicy(\"admin-account-iam\", IAMPolicyArgs.builder()\n .serviceAccountId(sa.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can interact with\n admin-account-iam:\n type: gcp:serviceaccount:IAMPolicy\n properties:\n serviceAccountId: ${sa.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.ServiceAccount.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026serviceaccount.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getDefaultServiceAccount({});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n});\n// Allow SA service account use the default GCE account\nconst gce_default_account_iam = new gcp.serviceaccount.IAMMember(\"gce-default-account-iam\", {\n serviceAccountId: _default.then(_default =\u003e _default.name),\n role: \"roles/iam.serviceAccountUser\",\n member: pulumi.interpolate`serviceAccount:${sa.email}`,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_default_service_account()\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\")\n# Allow SA service account use the default GCE account\ngce_default_account_iam = gcp.serviceaccount.IAMMember(\"gce-default-account-iam\",\n service_account_id=default.name,\n role=\"roles/iam.serviceAccountUser\",\n member=sa.email.apply(lambda email: f\"serviceAccount:{email}\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetDefaultServiceAccount.Invoke();\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n });\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new Gcp.ServiceAccount.IAMMember(\"gce-default-account-iam\", new()\n {\n ServiceAccountId = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Name)),\n Role = \"roles/iam.serviceAccountUser\",\n Member = sa.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.GetDefaultServiceAccount(ctx, \u0026compute.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Allow SA service account use the default GCE account\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"gce-default-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: pulumi.String(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: sa.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getDefaultServiceAccount();\n\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new IAMMember(\"gce-default-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(default_.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(sa.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n # Allow SA service account use the default GCE account\n gce-default-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${default.name}\n role: roles/iam.serviceAccountUser\n member: serviceAccount:${sa.email}\nvariables:\n default:\n fn::invoke:\n function: gcp:compute:getDefaultServiceAccount\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.ServiceAccount.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026serviceaccount.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing with conditions:\n\nHere are examples of importing IAM memberships and bindings that include conditions:\n\n```sh\n$ pulumi import gcp:serviceaccount/iAMBinding:IAMBinding admin-account-iam \"projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser expires_after_2019_12_31\"\n```\n\n```sh\n$ pulumi import gcp:serviceaccount/iAMBinding:IAMBinding admin-account-iam \"projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser user:foo@example.com expires_after_2019_12_31\"\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:serviceaccount/IAMBindingCondition:IAMBindingCondition", @@ -263132,7 +263132,7 @@ ] }, "gcp:serviceaccount/iAMMember:IAMMember": { - "description": "When managing IAM roles, you can treat a service account either as a resource or as an identity. This resource is to add iam policy bindings to a service account resource, such as allowing the members to run operations as or modify the service account. To configure permissions for a service account on other GCP resources, use the google_project_iam set of resources.\n\nThree different resources help you manage your IAM policy for a service account. Each of these resources serves a different use case:\n\n* `gcp.serviceaccount.IAMPolicy`: Authoritative. Sets the IAM policy for the service account and replaces any existing policy already attached.\n* `gcp.serviceaccount.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service account are preserved.\n* `gcp.serviceaccount.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service account are preserved.\n\n\u003e **Note:** `gcp.serviceaccount.IAMPolicy` **cannot** be used in conjunction with `gcp.serviceaccount.IAMBinding` and `gcp.serviceaccount.IAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.serviceaccount.IAMBinding` resources **can be** used in conjunction with `gcp.serviceaccount.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n## Example Usage\n\n### Service Account IAM Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can interact with\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMPolicy(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iam.serviceAccountUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can interact with\")\nadmin_account_iam = gcp.serviceaccount.IAMPolicy(\"admin-account-iam\",\n service_account_id=sa.name,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can interact with\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMPolicy(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iam.serviceAccountUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can interact with\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMPolicy(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMPolicyArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMPolicy;\nimport com.pulumi.gcp.serviceaccount.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can interact with\")\n .build());\n\n var admin_account_iam = new IAMPolicy(\"admin-account-iam\", IAMPolicyArgs.builder()\n .serviceAccountId(sa.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can interact with\n admin-account-iam:\n type: gcp:serviceaccount:IAMPolicy\n properties:\n serviceAccountId: ${sa.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.ServiceAccount.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026serviceaccount.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getDefaultServiceAccount({});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n});\n// Allow SA service account use the default GCE account\nconst gce_default_account_iam = new gcp.serviceaccount.IAMMember(\"gce-default-account-iam\", {\n serviceAccountId: _default.then(_default =\u003e _default.name),\n role: \"roles/iam.serviceAccountUser\",\n member: pulumi.interpolate`serviceAccount:${sa.email}`,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_default_service_account()\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\")\n# Allow SA service account use the default GCE account\ngce_default_account_iam = gcp.serviceaccount.IAMMember(\"gce-default-account-iam\",\n service_account_id=default.name,\n role=\"roles/iam.serviceAccountUser\",\n member=sa.email.apply(lambda email: f\"serviceAccount:{email}\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetDefaultServiceAccount.Invoke();\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n });\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new Gcp.ServiceAccount.IAMMember(\"gce-default-account-iam\", new()\n {\n ServiceAccountId = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Name)),\n Role = \"roles/iam.serviceAccountUser\",\n Member = sa.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.GetDefaultServiceAccount(ctx, \u0026compute.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Allow SA service account use the default GCE account\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"gce-default-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: pulumi.String(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: sa.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getDefaultServiceAccount();\n\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new IAMMember(\"gce-default-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(default_.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(sa.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n # Allow SA service account use the default GCE account\n gce-default-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${default.name}\n role: roles/iam.serviceAccountUser\n member: serviceAccount:${sa.email}\nvariables:\n default:\n fn::invoke:\n Function: gcp:compute:getDefaultServiceAccount\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.ServiceAccount.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026serviceaccount.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Additional Examples\n\n### Service Account IAM Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can interact with\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMPolicy(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iam.serviceAccountUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can interact with\")\nadmin_account_iam = gcp.serviceaccount.IAMPolicy(\"admin-account-iam\",\n service_account_id=sa.name,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can interact with\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMPolicy(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iam.serviceAccountUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can interact with\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMPolicy(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMPolicyArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMPolicy;\nimport com.pulumi.gcp.serviceaccount.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can interact with\")\n .build());\n\n var admin_account_iam = new IAMPolicy(\"admin-account-iam\", IAMPolicyArgs.builder()\n .serviceAccountId(sa.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can interact with\n admin-account-iam:\n type: gcp:serviceaccount:IAMPolicy\n properties:\n serviceAccountId: ${sa.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.ServiceAccount.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026serviceaccount.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getDefaultServiceAccount({});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n});\n// Allow SA service account use the default GCE account\nconst gce_default_account_iam = new gcp.serviceaccount.IAMMember(\"gce-default-account-iam\", {\n serviceAccountId: _default.then(_default =\u003e _default.name),\n role: \"roles/iam.serviceAccountUser\",\n member: pulumi.interpolate`serviceAccount:${sa.email}`,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_default_service_account()\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\")\n# Allow SA service account use the default GCE account\ngce_default_account_iam = gcp.serviceaccount.IAMMember(\"gce-default-account-iam\",\n service_account_id=default.name,\n role=\"roles/iam.serviceAccountUser\",\n member=sa.email.apply(lambda email: f\"serviceAccount:{email}\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetDefaultServiceAccount.Invoke();\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n });\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new Gcp.ServiceAccount.IAMMember(\"gce-default-account-iam\", new()\n {\n ServiceAccountId = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Name)),\n Role = \"roles/iam.serviceAccountUser\",\n Member = sa.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.GetDefaultServiceAccount(ctx, \u0026compute.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Allow SA service account use the default GCE account\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"gce-default-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: pulumi.String(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: sa.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getDefaultServiceAccount();\n\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new IAMMember(\"gce-default-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(default_.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(sa.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n # Allow SA service account use the default GCE account\n gce-default-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${default.name}\n role: roles/iam.serviceAccountUser\n member: serviceAccount:${sa.email}\nvariables:\n default:\n fn::invoke:\n Function: gcp:compute:getDefaultServiceAccount\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.ServiceAccount.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026serviceaccount.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing with conditions:\n\nHere are examples of importing IAM memberships and bindings that include conditions:\n\n```sh\n$ pulumi import gcp:serviceaccount/iAMMember:IAMMember admin-account-iam \"projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser expires_after_2019_12_31\"\n```\n\n```sh\n$ pulumi import gcp:serviceaccount/iAMMember:IAMMember admin-account-iam \"projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser user:foo@example.com expires_after_2019_12_31\"\n```\n\n", + "description": "When managing IAM roles, you can treat a service account either as a resource or as an identity. This resource is to add iam policy bindings to a service account resource, such as allowing the members to run operations as or modify the service account. To configure permissions for a service account on other GCP resources, use the google_project_iam set of resources.\n\nThree different resources help you manage your IAM policy for a service account. Each of these resources serves a different use case:\n\n* `gcp.serviceaccount.IAMPolicy`: Authoritative. Sets the IAM policy for the service account and replaces any existing policy already attached.\n* `gcp.serviceaccount.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service account are preserved.\n* `gcp.serviceaccount.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service account are preserved.\n\n\u003e **Note:** `gcp.serviceaccount.IAMPolicy` **cannot** be used in conjunction with `gcp.serviceaccount.IAMBinding` and `gcp.serviceaccount.IAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.serviceaccount.IAMBinding` resources **can be** used in conjunction with `gcp.serviceaccount.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n## Example Usage\n\n### Service Account IAM Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can interact with\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMPolicy(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iam.serviceAccountUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can interact with\")\nadmin_account_iam = gcp.serviceaccount.IAMPolicy(\"admin-account-iam\",\n service_account_id=sa.name,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can interact with\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMPolicy(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iam.serviceAccountUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can interact with\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMPolicy(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMPolicyArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMPolicy;\nimport com.pulumi.gcp.serviceaccount.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can interact with\")\n .build());\n\n var admin_account_iam = new IAMPolicy(\"admin-account-iam\", IAMPolicyArgs.builder()\n .serviceAccountId(sa.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can interact with\n admin-account-iam:\n type: gcp:serviceaccount:IAMPolicy\n properties:\n serviceAccountId: ${sa.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.ServiceAccount.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026serviceaccount.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getDefaultServiceAccount({});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n});\n// Allow SA service account use the default GCE account\nconst gce_default_account_iam = new gcp.serviceaccount.IAMMember(\"gce-default-account-iam\", {\n serviceAccountId: _default.then(_default =\u003e _default.name),\n role: \"roles/iam.serviceAccountUser\",\n member: pulumi.interpolate`serviceAccount:${sa.email}`,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_default_service_account()\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\")\n# Allow SA service account use the default GCE account\ngce_default_account_iam = gcp.serviceaccount.IAMMember(\"gce-default-account-iam\",\n service_account_id=default.name,\n role=\"roles/iam.serviceAccountUser\",\n member=sa.email.apply(lambda email: f\"serviceAccount:{email}\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetDefaultServiceAccount.Invoke();\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n });\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new Gcp.ServiceAccount.IAMMember(\"gce-default-account-iam\", new()\n {\n ServiceAccountId = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Name)),\n Role = \"roles/iam.serviceAccountUser\",\n Member = sa.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.GetDefaultServiceAccount(ctx, \u0026compute.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Allow SA service account use the default GCE account\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"gce-default-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: pulumi.String(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: sa.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getDefaultServiceAccount();\n\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new IAMMember(\"gce-default-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(default_.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(sa.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n # Allow SA service account use the default GCE account\n gce-default-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${default.name}\n role: roles/iam.serviceAccountUser\n member: serviceAccount:${sa.email}\nvariables:\n default:\n fn::invoke:\n function: gcp:compute:getDefaultServiceAccount\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.ServiceAccount.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026serviceaccount.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Additional Examples\n\n### Service Account IAM Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can interact with\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMPolicy(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iam.serviceAccountUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can interact with\")\nadmin_account_iam = gcp.serviceaccount.IAMPolicy(\"admin-account-iam\",\n service_account_id=sa.name,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can interact with\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMPolicy(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iam.serviceAccountUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can interact with\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMPolicy(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMPolicyArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMPolicy;\nimport com.pulumi.gcp.serviceaccount.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can interact with\")\n .build());\n\n var admin_account_iam = new IAMPolicy(\"admin-account-iam\", IAMPolicyArgs.builder()\n .serviceAccountId(sa.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can interact with\n admin-account-iam:\n type: gcp:serviceaccount:IAMPolicy\n properties:\n serviceAccountId: ${sa.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.ServiceAccount.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026serviceaccount.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getDefaultServiceAccount({});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n});\n// Allow SA service account use the default GCE account\nconst gce_default_account_iam = new gcp.serviceaccount.IAMMember(\"gce-default-account-iam\", {\n serviceAccountId: _default.then(_default =\u003e _default.name),\n role: \"roles/iam.serviceAccountUser\",\n member: pulumi.interpolate`serviceAccount:${sa.email}`,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_default_service_account()\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\")\n# Allow SA service account use the default GCE account\ngce_default_account_iam = gcp.serviceaccount.IAMMember(\"gce-default-account-iam\",\n service_account_id=default.name,\n role=\"roles/iam.serviceAccountUser\",\n member=sa.email.apply(lambda email: f\"serviceAccount:{email}\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetDefaultServiceAccount.Invoke();\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n });\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new Gcp.ServiceAccount.IAMMember(\"gce-default-account-iam\", new()\n {\n ServiceAccountId = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Name)),\n Role = \"roles/iam.serviceAccountUser\",\n Member = sa.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.GetDefaultServiceAccount(ctx, \u0026compute.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Allow SA service account use the default GCE account\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"gce-default-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: pulumi.String(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: sa.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getDefaultServiceAccount();\n\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new IAMMember(\"gce-default-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(default_.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(sa.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n # Allow SA service account use the default GCE account\n gce-default-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${default.name}\n role: roles/iam.serviceAccountUser\n member: serviceAccount:${sa.email}\nvariables:\n default:\n fn::invoke:\n function: gcp:compute:getDefaultServiceAccount\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.ServiceAccount.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026serviceaccount.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing with conditions:\n\nHere are examples of importing IAM memberships and bindings that include conditions:\n\n```sh\n$ pulumi import gcp:serviceaccount/iAMMember:IAMMember admin-account-iam \"projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser expires_after_2019_12_31\"\n```\n\n```sh\n$ pulumi import gcp:serviceaccount/iAMMember:IAMMember admin-account-iam \"projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser user:foo@example.com expires_after_2019_12_31\"\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:serviceaccount/IAMMemberCondition:IAMMemberCondition", @@ -263225,7 +263225,7 @@ ] }, "gcp:serviceaccount/iAMPolicy:IAMPolicy": { - "description": "When managing IAM roles, you can treat a service account either as a resource or as an identity. This resource is to add iam policy bindings to a service account resource, such as allowing the members to run operations as or modify the service account. To configure permissions for a service account on other GCP resources, use the google_project_iam set of resources.\n\nThree different resources help you manage your IAM policy for a service account. Each of these resources serves a different use case:\n\n* `gcp.serviceaccount.IAMPolicy`: Authoritative. Sets the IAM policy for the service account and replaces any existing policy already attached.\n* `gcp.serviceaccount.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service account are preserved.\n* `gcp.serviceaccount.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service account are preserved.\n\n\u003e **Note:** `gcp.serviceaccount.IAMPolicy` **cannot** be used in conjunction with `gcp.serviceaccount.IAMBinding` and `gcp.serviceaccount.IAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.serviceaccount.IAMBinding` resources **can be** used in conjunction with `gcp.serviceaccount.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n## Example Usage\n\n### Service Account IAM Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can interact with\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMPolicy(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iam.serviceAccountUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can interact with\")\nadmin_account_iam = gcp.serviceaccount.IAMPolicy(\"admin-account-iam\",\n service_account_id=sa.name,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can interact with\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMPolicy(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iam.serviceAccountUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can interact with\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMPolicy(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMPolicyArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMPolicy;\nimport com.pulumi.gcp.serviceaccount.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can interact with\")\n .build());\n\n var admin_account_iam = new IAMPolicy(\"admin-account-iam\", IAMPolicyArgs.builder()\n .serviceAccountId(sa.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can interact with\n admin-account-iam:\n type: gcp:serviceaccount:IAMPolicy\n properties:\n serviceAccountId: ${sa.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.ServiceAccount.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026serviceaccount.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getDefaultServiceAccount({});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n});\n// Allow SA service account use the default GCE account\nconst gce_default_account_iam = new gcp.serviceaccount.IAMMember(\"gce-default-account-iam\", {\n serviceAccountId: _default.then(_default =\u003e _default.name),\n role: \"roles/iam.serviceAccountUser\",\n member: pulumi.interpolate`serviceAccount:${sa.email}`,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_default_service_account()\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\")\n# Allow SA service account use the default GCE account\ngce_default_account_iam = gcp.serviceaccount.IAMMember(\"gce-default-account-iam\",\n service_account_id=default.name,\n role=\"roles/iam.serviceAccountUser\",\n member=sa.email.apply(lambda email: f\"serviceAccount:{email}\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetDefaultServiceAccount.Invoke();\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n });\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new Gcp.ServiceAccount.IAMMember(\"gce-default-account-iam\", new()\n {\n ServiceAccountId = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Name)),\n Role = \"roles/iam.serviceAccountUser\",\n Member = sa.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.GetDefaultServiceAccount(ctx, \u0026compute.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Allow SA service account use the default GCE account\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"gce-default-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: pulumi.String(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: sa.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getDefaultServiceAccount();\n\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new IAMMember(\"gce-default-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(default_.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(sa.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n # Allow SA service account use the default GCE account\n gce-default-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${default.name}\n role: roles/iam.serviceAccountUser\n member: serviceAccount:${sa.email}\nvariables:\n default:\n fn::invoke:\n Function: gcp:compute:getDefaultServiceAccount\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.ServiceAccount.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026serviceaccount.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Additional Examples\n\n### Service Account IAM Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can interact with\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMPolicy(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iam.serviceAccountUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can interact with\")\nadmin_account_iam = gcp.serviceaccount.IAMPolicy(\"admin-account-iam\",\n service_account_id=sa.name,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can interact with\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMPolicy(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iam.serviceAccountUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can interact with\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMPolicy(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMPolicyArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMPolicy;\nimport com.pulumi.gcp.serviceaccount.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can interact with\")\n .build());\n\n var admin_account_iam = new IAMPolicy(\"admin-account-iam\", IAMPolicyArgs.builder()\n .serviceAccountId(sa.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can interact with\n admin-account-iam:\n type: gcp:serviceaccount:IAMPolicy\n properties:\n serviceAccountId: ${sa.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.ServiceAccount.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026serviceaccount.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getDefaultServiceAccount({});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n});\n// Allow SA service account use the default GCE account\nconst gce_default_account_iam = new gcp.serviceaccount.IAMMember(\"gce-default-account-iam\", {\n serviceAccountId: _default.then(_default =\u003e _default.name),\n role: \"roles/iam.serviceAccountUser\",\n member: pulumi.interpolate`serviceAccount:${sa.email}`,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_default_service_account()\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\")\n# Allow SA service account use the default GCE account\ngce_default_account_iam = gcp.serviceaccount.IAMMember(\"gce-default-account-iam\",\n service_account_id=default.name,\n role=\"roles/iam.serviceAccountUser\",\n member=sa.email.apply(lambda email: f\"serviceAccount:{email}\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetDefaultServiceAccount.Invoke();\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n });\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new Gcp.ServiceAccount.IAMMember(\"gce-default-account-iam\", new()\n {\n ServiceAccountId = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Name)),\n Role = \"roles/iam.serviceAccountUser\",\n Member = sa.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.GetDefaultServiceAccount(ctx, \u0026compute.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Allow SA service account use the default GCE account\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"gce-default-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: pulumi.String(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: sa.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getDefaultServiceAccount();\n\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new IAMMember(\"gce-default-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(default_.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(sa.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n # Allow SA service account use the default GCE account\n gce-default-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${default.name}\n role: roles/iam.serviceAccountUser\n member: serviceAccount:${sa.email}\nvariables:\n default:\n fn::invoke:\n Function: gcp:compute:getDefaultServiceAccount\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.ServiceAccount.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026serviceaccount.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing with conditions:\n\nHere are examples of importing IAM memberships and bindings that include conditions:\n\n```sh\n$ pulumi import gcp:serviceaccount/iAMPolicy:IAMPolicy admin-account-iam \"projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser expires_after_2019_12_31\"\n```\n\n```sh\n$ pulumi import gcp:serviceaccount/iAMPolicy:IAMPolicy admin-account-iam \"projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser user:foo@example.com expires_after_2019_12_31\"\n```\n\n", + "description": "When managing IAM roles, you can treat a service account either as a resource or as an identity. This resource is to add iam policy bindings to a service account resource, such as allowing the members to run operations as or modify the service account. To configure permissions for a service account on other GCP resources, use the google_project_iam set of resources.\n\nThree different resources help you manage your IAM policy for a service account. Each of these resources serves a different use case:\n\n* `gcp.serviceaccount.IAMPolicy`: Authoritative. Sets the IAM policy for the service account and replaces any existing policy already attached.\n* `gcp.serviceaccount.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service account are preserved.\n* `gcp.serviceaccount.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service account are preserved.\n\n\u003e **Note:** `gcp.serviceaccount.IAMPolicy` **cannot** be used in conjunction with `gcp.serviceaccount.IAMBinding` and `gcp.serviceaccount.IAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.serviceaccount.IAMBinding` resources **can be** used in conjunction with `gcp.serviceaccount.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n## Example Usage\n\n### Service Account IAM Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can interact with\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMPolicy(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iam.serviceAccountUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can interact with\")\nadmin_account_iam = gcp.serviceaccount.IAMPolicy(\"admin-account-iam\",\n service_account_id=sa.name,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can interact with\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMPolicy(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iam.serviceAccountUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can interact with\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMPolicy(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMPolicyArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMPolicy;\nimport com.pulumi.gcp.serviceaccount.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can interact with\")\n .build());\n\n var admin_account_iam = new IAMPolicy(\"admin-account-iam\", IAMPolicyArgs.builder()\n .serviceAccountId(sa.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can interact with\n admin-account-iam:\n type: gcp:serviceaccount:IAMPolicy\n properties:\n serviceAccountId: ${sa.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.ServiceAccount.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026serviceaccount.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getDefaultServiceAccount({});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n});\n// Allow SA service account use the default GCE account\nconst gce_default_account_iam = new gcp.serviceaccount.IAMMember(\"gce-default-account-iam\", {\n serviceAccountId: _default.then(_default =\u003e _default.name),\n role: \"roles/iam.serviceAccountUser\",\n member: pulumi.interpolate`serviceAccount:${sa.email}`,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_default_service_account()\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\")\n# Allow SA service account use the default GCE account\ngce_default_account_iam = gcp.serviceaccount.IAMMember(\"gce-default-account-iam\",\n service_account_id=default.name,\n role=\"roles/iam.serviceAccountUser\",\n member=sa.email.apply(lambda email: f\"serviceAccount:{email}\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetDefaultServiceAccount.Invoke();\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n });\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new Gcp.ServiceAccount.IAMMember(\"gce-default-account-iam\", new()\n {\n ServiceAccountId = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Name)),\n Role = \"roles/iam.serviceAccountUser\",\n Member = sa.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.GetDefaultServiceAccount(ctx, \u0026compute.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Allow SA service account use the default GCE account\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"gce-default-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: pulumi.String(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: sa.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getDefaultServiceAccount();\n\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new IAMMember(\"gce-default-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(default_.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(sa.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n # Allow SA service account use the default GCE account\n gce-default-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${default.name}\n role: roles/iam.serviceAccountUser\n member: serviceAccount:${sa.email}\nvariables:\n default:\n fn::invoke:\n function: gcp:compute:getDefaultServiceAccount\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.ServiceAccount.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026serviceaccount.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Additional Examples\n\n### Service Account IAM Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can interact with\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMPolicy(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/iam.serviceAccountUser\",\n \"members\": [\"user:jane@example.com\"],\n}])\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can interact with\")\nadmin_account_iam = gcp.serviceaccount.IAMPolicy(\"admin-account-iam\",\n service_account_id=sa.name,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can interact with\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMPolicy(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iam.serviceAccountUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can interact with\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMPolicy(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMPolicyArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMPolicy;\nimport com.pulumi.gcp.serviceaccount.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can interact with\")\n .build());\n\n var admin_account_iam = new IAMPolicy(\"admin-account-iam\", IAMPolicyArgs.builder()\n .serviceAccountId(sa.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can interact with\n admin-account-iam:\n type: gcp:serviceaccount:IAMPolicy\n properties:\n serviceAccountId: ${sa.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.ServiceAccount.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026serviceaccount.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getDefaultServiceAccount({});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n});\n// Allow SA service account use the default GCE account\nconst gce_default_account_iam = new gcp.serviceaccount.IAMMember(\"gce-default-account-iam\", {\n serviceAccountId: _default.then(_default =\u003e _default.name),\n role: \"roles/iam.serviceAccountUser\",\n member: pulumi.interpolate`serviceAccount:${sa.email}`,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_default_service_account()\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\")\n# Allow SA service account use the default GCE account\ngce_default_account_iam = gcp.serviceaccount.IAMMember(\"gce-default-account-iam\",\n service_account_id=default.name,\n role=\"roles/iam.serviceAccountUser\",\n member=sa.email.apply(lambda email: f\"serviceAccount:{email}\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetDefaultServiceAccount.Invoke();\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n });\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new Gcp.ServiceAccount.IAMMember(\"gce-default-account-iam\", new()\n {\n ServiceAccountId = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Name)),\n Role = \"roles/iam.serviceAccountUser\",\n Member = sa.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.GetDefaultServiceAccount(ctx, \u0026compute.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Allow SA service account use the default GCE account\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"gce-default-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: pulumi.String(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: sa.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getDefaultServiceAccount();\n\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new IAMMember(\"gce-default-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(default_.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(sa.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n # Allow SA service account use the default GCE account\n gce-default-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${default.name}\n role: roles/iam.serviceAccountUser\n member: serviceAccount:${sa.email}\nvariables:\n default:\n fn::invoke:\n function: gcp:compute:getDefaultServiceAccount\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.ServiceAccount.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026serviceaccount.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder()\n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing with conditions:\n\nHere are examples of importing IAM memberships and bindings that include conditions:\n\n```sh\n$ pulumi import gcp:serviceaccount/iAMPolicy:IAMPolicy admin-account-iam \"projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser expires_after_2019_12_31\"\n```\n\n```sh\n$ pulumi import gcp:serviceaccount/iAMPolicy:IAMPolicy admin-account-iam \"projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser user:foo@example.com expires_after_2019_12_31\"\n```\n\n", "properties": { "etag": { "type": "string", @@ -263286,7 +263286,7 @@ ] }, "gcp:serviceaccount/key:Key": { - "description": "## Example Usage\n\n### Creating A New Key\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myaccount = new gcp.serviceaccount.Account(\"myaccount\", {\n accountId: \"myaccount\",\n displayName: \"My Service Account\",\n});\nconst mykey = new gcp.serviceaccount.Key(\"mykey\", {\n serviceAccountId: myaccount.name,\n publicKeyType: \"TYPE_X509_PEM_FILE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmyaccount = gcp.serviceaccount.Account(\"myaccount\",\n account_id=\"myaccount\",\n display_name=\"My Service Account\")\nmykey = gcp.serviceaccount.Key(\"mykey\",\n service_account_id=myaccount.name,\n public_key_type=\"TYPE_X509_PEM_FILE\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myaccount = new Gcp.ServiceAccount.Account(\"myaccount\", new()\n {\n AccountId = \"myaccount\",\n DisplayName = \"My Service Account\",\n });\n\n var mykey = new Gcp.ServiceAccount.Key(\"mykey\", new()\n {\n ServiceAccountId = myaccount.Name,\n PublicKeyType = \"TYPE_X509_PEM_FILE\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyaccount, err := serviceaccount.NewAccount(ctx, \"myaccount\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"myaccount\"),\n\t\t\tDisplayName: pulumi.String(\"My Service Account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewKey(ctx, \"mykey\", \u0026serviceaccount.KeyArgs{\n\t\t\tServiceAccountId: myaccount.Name,\n\t\t\tPublicKeyType: pulumi.String(\"TYPE_X509_PEM_FILE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.Key;\nimport com.pulumi.gcp.serviceaccount.KeyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myaccount = new Account(\"myaccount\", AccountArgs.builder()\n .accountId(\"myaccount\")\n .displayName(\"My Service Account\")\n .build());\n\n var mykey = new Key(\"mykey\", KeyArgs.builder()\n .serviceAccountId(myaccount.name())\n .publicKeyType(\"TYPE_X509_PEM_FILE\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myaccount:\n type: gcp:serviceaccount:Account\n properties:\n accountId: myaccount\n displayName: My Service Account\n mykey:\n type: gcp:serviceaccount:Key\n properties:\n serviceAccountId: ${myaccount.name}\n publicKeyType: TYPE_X509_PEM_FILE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Creating And Regularly Rotating A Key\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumiverse/time\";\n\nconst myaccount = new gcp.serviceaccount.Account(\"myaccount\", {\n accountId: \"myaccount\",\n displayName: \"My Service Account\",\n});\n// note this requires the terraform to be run regularly\nconst mykeyRotation = new time.Rotating(\"mykey_rotation\", {rotationDays: 30});\nconst mykey = new gcp.serviceaccount.Key(\"mykey\", {\n serviceAccountId: myaccount.name,\n keepers: {\n rotation_time: mykeyRotation.rotationRfc3339,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumiverse_time as time\n\nmyaccount = gcp.serviceaccount.Account(\"myaccount\",\n account_id=\"myaccount\",\n display_name=\"My Service Account\")\n# note this requires the terraform to be run regularly\nmykey_rotation = time.Rotating(\"mykey_rotation\", rotation_days=30)\nmykey = gcp.serviceaccount.Key(\"mykey\",\n service_account_id=myaccount.name,\n keepers={\n \"rotation_time\": mykey_rotation.rotation_rfc3339,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumiverse.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myaccount = new Gcp.ServiceAccount.Account(\"myaccount\", new()\n {\n AccountId = \"myaccount\",\n DisplayName = \"My Service Account\",\n });\n\n // note this requires the terraform to be run regularly\n var mykeyRotation = new Time.Rotating(\"mykey_rotation\", new()\n {\n RotationDays = 30,\n });\n\n var mykey = new Gcp.ServiceAccount.Key(\"mykey\", new()\n {\n ServiceAccountId = myaccount.Name,\n Keepers = \n {\n { \"rotation_time\", mykeyRotation.RotationRfc3339 },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyaccount, err := serviceaccount.NewAccount(ctx, \"myaccount\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"myaccount\"),\n\t\t\tDisplayName: pulumi.String(\"My Service Account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// note this requires the terraform to be run regularly\n\t\tmykeyRotation, err := time.NewRotating(ctx, \"mykey_rotation\", \u0026time.RotatingArgs{\n\t\t\tRotationDays: pulumi.Int(30),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewKey(ctx, \"mykey\", \u0026serviceaccount.KeyArgs{\n\t\t\tServiceAccountId: myaccount.Name,\n\t\t\tKeepers: pulumi.StringMap{\n\t\t\t\t\"rotation_time\": mykeyRotation.RotationRfc3339,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.time.Rotating;\nimport com.pulumi.time.RotatingArgs;\nimport com.pulumi.gcp.serviceaccount.Key;\nimport com.pulumi.gcp.serviceaccount.KeyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myaccount = new Account(\"myaccount\", AccountArgs.builder()\n .accountId(\"myaccount\")\n .displayName(\"My Service Account\")\n .build());\n\n // note this requires the terraform to be run regularly\n var mykeyRotation = new Rotating(\"mykeyRotation\", RotatingArgs.builder()\n .rotationDays(30)\n .build());\n\n var mykey = new Key(\"mykey\", KeyArgs.builder()\n .serviceAccountId(myaccount.name())\n .keepers(Map.of(\"rotation_time\", mykeyRotation.rotationRfc3339()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myaccount:\n type: gcp:serviceaccount:Account\n properties:\n accountId: myaccount\n displayName: My Service Account\n # note this requires the terraform to be run regularly\n mykeyRotation:\n type: time:Rotating\n name: mykey_rotation\n properties:\n rotationDays: 30\n mykey:\n type: gcp:serviceaccount:Key\n properties:\n serviceAccountId: ${myaccount.name}\n keepers:\n rotation_time: ${mykeyRotation.rotationRfc3339}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Save Key In Kubernetes Secret - DEPRECATED\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as kubernetes from \"@pulumi/kubernetes\";\nimport * as std from \"@pulumi/std\";\n\n// Workload Identity is the recommended way of accessing Google Cloud APIs from pods.\n// https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity\nconst myaccount = new gcp.serviceaccount.Account(\"myaccount\", {\n accountId: \"myaccount\",\n displayName: \"My Service Account\",\n});\nconst mykey = new gcp.serviceaccount.Key(\"mykey\", {serviceAccountId: myaccount.name});\nconst google_application_credentials = new kubernetes.core.v1.Secret(\"google-application-credentials\", {\n metadata: {\n name: \"google-application-credentials\",\n },\n data: {\n \"credentials.json\": std.base64decodeOutput({\n input: mykey.privateKey,\n }).apply(invoke =\u003e invoke.result),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_kubernetes as kubernetes\nimport pulumi_std as std\n\n# Workload Identity is the recommended way of accessing Google Cloud APIs from pods.\n# https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity\nmyaccount = gcp.serviceaccount.Account(\"myaccount\",\n account_id=\"myaccount\",\n display_name=\"My Service Account\")\nmykey = gcp.serviceaccount.Key(\"mykey\", service_account_id=myaccount.name)\ngoogle_application_credentials = kubernetes.core.v1.Secret(\"google-application-credentials\",\n metadata={\n \"name\": \"google-application-credentials\",\n },\n data={\n \"credentials.json\": std.base64decode_output(input=mykey.private_key).apply(lambda invoke: invoke.result),\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Kubernetes = Pulumi.Kubernetes;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Workload Identity is the recommended way of accessing Google Cloud APIs from pods.\n // https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity\n var myaccount = new Gcp.ServiceAccount.Account(\"myaccount\", new()\n {\n AccountId = \"myaccount\",\n DisplayName = \"My Service Account\",\n });\n\n var mykey = new Gcp.ServiceAccount.Key(\"mykey\", new()\n {\n ServiceAccountId = myaccount.Name,\n });\n\n var google_application_credentials = new Kubernetes.Core.V1.Secret(\"google-application-credentials\", new()\n {\n Metadata = new Kubernetes.Types.Inputs.Meta.V1.ObjectMetaArgs\n {\n Name = \"google-application-credentials\",\n },\n Data = \n {\n { \"credentials.json\", Std.Base64decode.Invoke(new()\n {\n Input = mykey.PrivateKey,\n }).Apply(invoke =\u003e invoke.Result) },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\tcorev1 \"github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/core/v1\"\n\tmetav1 \"github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/meta/v1\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Workload Identity is the recommended way of accessing Google Cloud APIs from pods.\n\t\t// https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity\n\t\tmyaccount, err := serviceaccount.NewAccount(ctx, \"myaccount\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"myaccount\"),\n\t\t\tDisplayName: pulumi.String(\"My Service Account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmykey, err := serviceaccount.NewKey(ctx, \"mykey\", \u0026serviceaccount.KeyArgs{\n\t\t\tServiceAccountId: myaccount.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = corev1.NewSecret(ctx, \"google-application-credentials\", \u0026corev1.SecretArgs{\n\t\t\tMetadata: \u0026metav1.ObjectMetaArgs{\n\t\t\t\tName: pulumi.String(\"google-application-credentials\"),\n\t\t\t},\n\t\t\tData: pulumi.StringMap{\n\t\t\t\t\"credentials.json\": pulumi.String(std.Base64decodeOutput(ctx, std.Base64decodeOutputArgs{\n\t\t\t\t\tInput: mykey.PrivateKey,\n\t\t\t\t}, nil).ApplyT(func(invoke std.Base64decodeResult) (*string, error) {\n\t\t\t\t\treturn invoke.Result, nil\n\t\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.Key;\nimport com.pulumi.gcp.serviceaccount.KeyArgs;\nimport com.pulumi.kubernetes.core_v1.Secret;\nimport com.pulumi.kubernetes.core_v1.SecretArgs;\nimport com.pulumi.kubernetes.meta_v1.inputs.ObjectMetaArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Workload Identity is the recommended way of accessing Google Cloud APIs from pods.\n // https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity\n var myaccount = new Account(\"myaccount\", AccountArgs.builder()\n .accountId(\"myaccount\")\n .displayName(\"My Service Account\")\n .build());\n\n var mykey = new Key(\"mykey\", KeyArgs.builder()\n .serviceAccountId(myaccount.name())\n .build());\n\n var google_application_credentials = new Secret(\"google-application-credentials\", SecretArgs.builder()\n .metadata(ObjectMetaArgs.builder()\n .name(\"google-application-credentials\")\n .build())\n .data(Map.of(\"credentials.json\", StdFunctions.base64decode().applyValue(invoke -\u003e invoke.result())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Workload Identity is the recommended way of accessing Google Cloud APIs from pods.\n # https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity\n myaccount:\n type: gcp:serviceaccount:Account\n properties:\n accountId: myaccount\n displayName: My Service Account\n mykey:\n type: gcp:serviceaccount:Key\n properties:\n serviceAccountId: ${myaccount.name}\n google-application-credentials:\n type: kubernetes:core/v1:Secret\n properties:\n metadata:\n name: google-application-credentials\n data:\n credentials.json:\n fn::invoke:\n Function: std:base64decode\n Arguments:\n input: ${mykey.privateKey}\n Return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource does not support import.\n\n", + "description": "## Example Usage\n\n### Creating A New Key\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myaccount = new gcp.serviceaccount.Account(\"myaccount\", {\n accountId: \"myaccount\",\n displayName: \"My Service Account\",\n});\nconst mykey = new gcp.serviceaccount.Key(\"mykey\", {\n serviceAccountId: myaccount.name,\n publicKeyType: \"TYPE_X509_PEM_FILE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmyaccount = gcp.serviceaccount.Account(\"myaccount\",\n account_id=\"myaccount\",\n display_name=\"My Service Account\")\nmykey = gcp.serviceaccount.Key(\"mykey\",\n service_account_id=myaccount.name,\n public_key_type=\"TYPE_X509_PEM_FILE\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myaccount = new Gcp.ServiceAccount.Account(\"myaccount\", new()\n {\n AccountId = \"myaccount\",\n DisplayName = \"My Service Account\",\n });\n\n var mykey = new Gcp.ServiceAccount.Key(\"mykey\", new()\n {\n ServiceAccountId = myaccount.Name,\n PublicKeyType = \"TYPE_X509_PEM_FILE\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyaccount, err := serviceaccount.NewAccount(ctx, \"myaccount\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"myaccount\"),\n\t\t\tDisplayName: pulumi.String(\"My Service Account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewKey(ctx, \"mykey\", \u0026serviceaccount.KeyArgs{\n\t\t\tServiceAccountId: myaccount.Name,\n\t\t\tPublicKeyType: pulumi.String(\"TYPE_X509_PEM_FILE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.Key;\nimport com.pulumi.gcp.serviceaccount.KeyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myaccount = new Account(\"myaccount\", AccountArgs.builder()\n .accountId(\"myaccount\")\n .displayName(\"My Service Account\")\n .build());\n\n var mykey = new Key(\"mykey\", KeyArgs.builder()\n .serviceAccountId(myaccount.name())\n .publicKeyType(\"TYPE_X509_PEM_FILE\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myaccount:\n type: gcp:serviceaccount:Account\n properties:\n accountId: myaccount\n displayName: My Service Account\n mykey:\n type: gcp:serviceaccount:Key\n properties:\n serviceAccountId: ${myaccount.name}\n publicKeyType: TYPE_X509_PEM_FILE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Creating And Regularly Rotating A Key\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumiverse/time\";\n\nconst myaccount = new gcp.serviceaccount.Account(\"myaccount\", {\n accountId: \"myaccount\",\n displayName: \"My Service Account\",\n});\n// note this requires the terraform to be run regularly\nconst mykeyRotation = new time.Rotating(\"mykey_rotation\", {rotationDays: 30});\nconst mykey = new gcp.serviceaccount.Key(\"mykey\", {\n serviceAccountId: myaccount.name,\n keepers: {\n rotation_time: mykeyRotation.rotationRfc3339,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumiverse_time as time\n\nmyaccount = gcp.serviceaccount.Account(\"myaccount\",\n account_id=\"myaccount\",\n display_name=\"My Service Account\")\n# note this requires the terraform to be run regularly\nmykey_rotation = time.Rotating(\"mykey_rotation\", rotation_days=30)\nmykey = gcp.serviceaccount.Key(\"mykey\",\n service_account_id=myaccount.name,\n keepers={\n \"rotation_time\": mykey_rotation.rotation_rfc3339,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumiverse.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myaccount = new Gcp.ServiceAccount.Account(\"myaccount\", new()\n {\n AccountId = \"myaccount\",\n DisplayName = \"My Service Account\",\n });\n\n // note this requires the terraform to be run regularly\n var mykeyRotation = new Time.Rotating(\"mykey_rotation\", new()\n {\n RotationDays = 30,\n });\n\n var mykey = new Gcp.ServiceAccount.Key(\"mykey\", new()\n {\n ServiceAccountId = myaccount.Name,\n Keepers = \n {\n { \"rotation_time\", mykeyRotation.RotationRfc3339 },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyaccount, err := serviceaccount.NewAccount(ctx, \"myaccount\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"myaccount\"),\n\t\t\tDisplayName: pulumi.String(\"My Service Account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// note this requires the terraform to be run regularly\n\t\tmykeyRotation, err := time.NewRotating(ctx, \"mykey_rotation\", \u0026time.RotatingArgs{\n\t\t\tRotationDays: pulumi.Int(30),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewKey(ctx, \"mykey\", \u0026serviceaccount.KeyArgs{\n\t\t\tServiceAccountId: myaccount.Name,\n\t\t\tKeepers: pulumi.StringMap{\n\t\t\t\t\"rotation_time\": mykeyRotation.RotationRfc3339,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.time.Rotating;\nimport com.pulumi.time.RotatingArgs;\nimport com.pulumi.gcp.serviceaccount.Key;\nimport com.pulumi.gcp.serviceaccount.KeyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myaccount = new Account(\"myaccount\", AccountArgs.builder()\n .accountId(\"myaccount\")\n .displayName(\"My Service Account\")\n .build());\n\n // note this requires the terraform to be run regularly\n var mykeyRotation = new Rotating(\"mykeyRotation\", RotatingArgs.builder()\n .rotationDays(30)\n .build());\n\n var mykey = new Key(\"mykey\", KeyArgs.builder()\n .serviceAccountId(myaccount.name())\n .keepers(Map.of(\"rotation_time\", mykeyRotation.rotationRfc3339()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myaccount:\n type: gcp:serviceaccount:Account\n properties:\n accountId: myaccount\n displayName: My Service Account\n # note this requires the terraform to be run regularly\n mykeyRotation:\n type: time:Rotating\n name: mykey_rotation\n properties:\n rotationDays: 30\n mykey:\n type: gcp:serviceaccount:Key\n properties:\n serviceAccountId: ${myaccount.name}\n keepers:\n rotation_time: ${mykeyRotation.rotationRfc3339}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Save Key In Kubernetes Secret - DEPRECATED\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as kubernetes from \"@pulumi/kubernetes\";\nimport * as std from \"@pulumi/std\";\n\n// Workload Identity is the recommended way of accessing Google Cloud APIs from pods.\n// https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity\nconst myaccount = new gcp.serviceaccount.Account(\"myaccount\", {\n accountId: \"myaccount\",\n displayName: \"My Service Account\",\n});\nconst mykey = new gcp.serviceaccount.Key(\"mykey\", {serviceAccountId: myaccount.name});\nconst google_application_credentials = new kubernetes.core.v1.Secret(\"google-application-credentials\", {\n metadata: {\n name: \"google-application-credentials\",\n },\n data: {\n \"credentials.json\": std.base64decodeOutput({\n input: mykey.privateKey,\n }).apply(invoke =\u003e invoke.result),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_kubernetes as kubernetes\nimport pulumi_std as std\n\n# Workload Identity is the recommended way of accessing Google Cloud APIs from pods.\n# https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity\nmyaccount = gcp.serviceaccount.Account(\"myaccount\",\n account_id=\"myaccount\",\n display_name=\"My Service Account\")\nmykey = gcp.serviceaccount.Key(\"mykey\", service_account_id=myaccount.name)\ngoogle_application_credentials = kubernetes.core.v1.Secret(\"google-application-credentials\",\n metadata={\n \"name\": \"google-application-credentials\",\n },\n data={\n \"credentials.json\": std.base64decode_output(input=mykey.private_key).apply(lambda invoke: invoke.result),\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Kubernetes = Pulumi.Kubernetes;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Workload Identity is the recommended way of accessing Google Cloud APIs from pods.\n // https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity\n var myaccount = new Gcp.ServiceAccount.Account(\"myaccount\", new()\n {\n AccountId = \"myaccount\",\n DisplayName = \"My Service Account\",\n });\n\n var mykey = new Gcp.ServiceAccount.Key(\"mykey\", new()\n {\n ServiceAccountId = myaccount.Name,\n });\n\n var google_application_credentials = new Kubernetes.Core.V1.Secret(\"google-application-credentials\", new()\n {\n Metadata = new Kubernetes.Types.Inputs.Meta.V1.ObjectMetaArgs\n {\n Name = \"google-application-credentials\",\n },\n Data = \n {\n { \"credentials.json\", Std.Base64decode.Invoke(new()\n {\n Input = mykey.PrivateKey,\n }).Apply(invoke =\u003e invoke.Result) },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\tcorev1 \"github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/core/v1\"\n\tmetav1 \"github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/meta/v1\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Workload Identity is the recommended way of accessing Google Cloud APIs from pods.\n\t\t// https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity\n\t\tmyaccount, err := serviceaccount.NewAccount(ctx, \"myaccount\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"myaccount\"),\n\t\t\tDisplayName: pulumi.String(\"My Service Account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmykey, err := serviceaccount.NewKey(ctx, \"mykey\", \u0026serviceaccount.KeyArgs{\n\t\t\tServiceAccountId: myaccount.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = corev1.NewSecret(ctx, \"google-application-credentials\", \u0026corev1.SecretArgs{\n\t\t\tMetadata: \u0026metav1.ObjectMetaArgs{\n\t\t\t\tName: pulumi.String(\"google-application-credentials\"),\n\t\t\t},\n\t\t\tData: pulumi.StringMap{\n\t\t\t\t\"credentials.json\": pulumi.String(std.Base64decodeOutput(ctx, std.Base64decodeOutputArgs{\n\t\t\t\t\tInput: mykey.PrivateKey,\n\t\t\t\t}, nil).ApplyT(func(invoke std.Base64decodeResult) (*string, error) {\n\t\t\t\t\treturn invoke.Result, nil\n\t\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.Key;\nimport com.pulumi.gcp.serviceaccount.KeyArgs;\nimport com.pulumi.kubernetes.core_v1.Secret;\nimport com.pulumi.kubernetes.core_v1.SecretArgs;\nimport com.pulumi.kubernetes.meta_v1.inputs.ObjectMetaArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Workload Identity is the recommended way of accessing Google Cloud APIs from pods.\n // https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity\n var myaccount = new Account(\"myaccount\", AccountArgs.builder()\n .accountId(\"myaccount\")\n .displayName(\"My Service Account\")\n .build());\n\n var mykey = new Key(\"mykey\", KeyArgs.builder()\n .serviceAccountId(myaccount.name())\n .build());\n\n var google_application_credentials = new Secret(\"google-application-credentials\", SecretArgs.builder()\n .metadata(ObjectMetaArgs.builder()\n .name(\"google-application-credentials\")\n .build())\n .data(Map.of(\"credentials.json\", StdFunctions.base64decode().applyValue(invoke -\u003e invoke.result())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Workload Identity is the recommended way of accessing Google Cloud APIs from pods.\n # https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity\n myaccount:\n type: gcp:serviceaccount:Account\n properties:\n accountId: myaccount\n displayName: My Service Account\n mykey:\n type: gcp:serviceaccount:Key\n properties:\n serviceAccountId: ${myaccount.name}\n google-application-credentials:\n type: kubernetes:core/v1:Secret\n properties:\n metadata:\n name: google-application-credentials\n data:\n credentials.json:\n fn::invoke:\n function: std:base64decode\n arguments:\n input: ${mykey.privateKey}\n return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource does not support import.\n\n", "properties": { "keepers": { "type": "object", @@ -263452,7 +263452,7 @@ ] }, "gcp:servicedirectory/endpoint:Endpoint": { - "description": "An individual endpoint that provides a service.\n\nTo get more information about Endpoint, see:\n\n* [API documentation](https://cloud.google.com/service-directory/docs/reference/rest/v1beta1/projects.locations.namespaces.services.endpoints)\n* How-to Guides\n * [Configuring an endpoint](https://cloud.google.com/service-directory/docs/configuring-service-directory#configuring_an_endpoint)\n\n## Example Usage\n\n### Service Directory Endpoint Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.servicedirectory.Namespace(\"example\", {\n namespaceId: \"example-namespace\",\n location: \"us-central1\",\n});\nconst exampleService = new gcp.servicedirectory.Service(\"example\", {\n serviceId: \"example-service\",\n namespace: example.id,\n});\nconst exampleEndpoint = new gcp.servicedirectory.Endpoint(\"example\", {\n endpointId: \"example-endpoint\",\n service: exampleService.id,\n metadata: {\n stage: \"prod\",\n region: \"us-central1\",\n },\n address: \"1.2.3.4\",\n port: 5353,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.servicedirectory.Namespace(\"example\",\n namespace_id=\"example-namespace\",\n location=\"us-central1\")\nexample_service = gcp.servicedirectory.Service(\"example\",\n service_id=\"example-service\",\n namespace=example.id)\nexample_endpoint = gcp.servicedirectory.Endpoint(\"example\",\n endpoint_id=\"example-endpoint\",\n service=example_service.id,\n metadata={\n \"stage\": \"prod\",\n \"region\": \"us-central1\",\n },\n address=\"1.2.3.4\",\n port=5353)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.ServiceDirectory.Namespace(\"example\", new()\n {\n NamespaceId = \"example-namespace\",\n Location = \"us-central1\",\n });\n\n var exampleService = new Gcp.ServiceDirectory.Service(\"example\", new()\n {\n ServiceId = \"example-service\",\n Namespace = example.Id,\n });\n\n var exampleEndpoint = new Gcp.ServiceDirectory.Endpoint(\"example\", new()\n {\n EndpointId = \"example-endpoint\",\n Service = exampleService.Id,\n Metadata = \n {\n { \"stage\", \"prod\" },\n { \"region\", \"us-central1\" },\n },\n Address = \"1.2.3.4\",\n Port = 5353,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := servicedirectory.NewNamespace(ctx, \"example\", \u0026servicedirectory.NamespaceArgs{\n\t\t\tNamespaceId: pulumi.String(\"example-namespace\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleService, err := servicedirectory.NewService(ctx, \"example\", \u0026servicedirectory.ServiceArgs{\n\t\t\tServiceId: pulumi.String(\"example-service\"),\n\t\t\tNamespace: example.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewEndpoint(ctx, \"example\", \u0026servicedirectory.EndpointArgs{\n\t\t\tEndpointId: pulumi.String(\"example-endpoint\"),\n\t\t\tService: exampleService.ID(),\n\t\t\tMetadata: pulumi.StringMap{\n\t\t\t\t\"stage\": pulumi.String(\"prod\"),\n\t\t\t\t\"region\": pulumi.String(\"us-central1\"),\n\t\t\t},\n\t\t\tAddress: pulumi.String(\"1.2.3.4\"),\n\t\t\tPort: pulumi.Int(5353),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.Namespace;\nimport com.pulumi.gcp.servicedirectory.NamespaceArgs;\nimport com.pulumi.gcp.servicedirectory.Service;\nimport com.pulumi.gcp.servicedirectory.ServiceArgs;\nimport com.pulumi.gcp.servicedirectory.Endpoint;\nimport com.pulumi.gcp.servicedirectory.EndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Namespace(\"example\", NamespaceArgs.builder()\n .namespaceId(\"example-namespace\")\n .location(\"us-central1\")\n .build());\n\n var exampleService = new Service(\"exampleService\", ServiceArgs.builder()\n .serviceId(\"example-service\")\n .namespace(example.id())\n .build());\n\n var exampleEndpoint = new Endpoint(\"exampleEndpoint\", EndpointArgs.builder()\n .endpointId(\"example-endpoint\")\n .service(exampleService.id())\n .metadata(Map.ofEntries(\n Map.entry(\"stage\", \"prod\"),\n Map.entry(\"region\", \"us-central1\")\n ))\n .address(\"1.2.3.4\")\n .port(5353)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:servicedirectory:Namespace\n properties:\n namespaceId: example-namespace\n location: us-central1\n exampleService:\n type: gcp:servicedirectory:Service\n name: example\n properties:\n serviceId: example-service\n namespace: ${example.id}\n exampleEndpoint:\n type: gcp:servicedirectory:Endpoint\n name: example\n properties:\n endpointId: example-endpoint\n service: ${exampleService.id}\n metadata:\n stage: prod\n region: us-central1\n address: 1.2.3.4\n port: 5353\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Service Directory Endpoint With Network\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example = new gcp.compute.Network(\"example\", {name: \"example-network\"});\nconst exampleNamespace = new gcp.servicedirectory.Namespace(\"example\", {\n namespaceId: \"example-namespace\",\n location: \"us-central1\",\n});\nconst exampleService = new gcp.servicedirectory.Service(\"example\", {\n serviceId: \"example-service\",\n namespace: exampleNamespace.id,\n});\nconst exampleEndpoint = new gcp.servicedirectory.Endpoint(\"example\", {\n endpointId: \"example-endpoint\",\n service: exampleService.id,\n metadata: {\n stage: \"prod\",\n region: \"us-central1\",\n },\n network: pulumi.all([project, example.name]).apply(([project, name]) =\u003e `projects/${project.number}/locations/global/networks/${name}`),\n address: \"1.2.3.4\",\n port: 5353,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample = gcp.compute.Network(\"example\", name=\"example-network\")\nexample_namespace = gcp.servicedirectory.Namespace(\"example\",\n namespace_id=\"example-namespace\",\n location=\"us-central1\")\nexample_service = gcp.servicedirectory.Service(\"example\",\n service_id=\"example-service\",\n namespace=example_namespace.id)\nexample_endpoint = gcp.servicedirectory.Endpoint(\"example\",\n endpoint_id=\"example-endpoint\",\n service=example_service.id,\n metadata={\n \"stage\": \"prod\",\n \"region\": \"us-central1\",\n },\n network=example.name.apply(lambda name: f\"projects/{project.number}/locations/global/networks/{name}\"),\n address=\"1.2.3.4\",\n port=5353)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example = new Gcp.Compute.Network(\"example\", new()\n {\n Name = \"example-network\",\n });\n\n var exampleNamespace = new Gcp.ServiceDirectory.Namespace(\"example\", new()\n {\n NamespaceId = \"example-namespace\",\n Location = \"us-central1\",\n });\n\n var exampleService = new Gcp.ServiceDirectory.Service(\"example\", new()\n {\n ServiceId = \"example-service\",\n Namespace = exampleNamespace.Id,\n });\n\n var exampleEndpoint = new Gcp.ServiceDirectory.Endpoint(\"example\", new()\n {\n EndpointId = \"example-endpoint\",\n Service = exampleService.Id,\n Metadata = \n {\n { \"stage\", \"prod\" },\n { \"region\", \"us-central1\" },\n },\n Network = Output.Tuple(project, example.Name).Apply(values =\u003e\n {\n var project = values.Item1;\n var name = values.Item2;\n return $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/locations/global/networks/{name}\";\n }),\n Address = \"1.2.3.4\",\n Port = 5353,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := compute.NewNetwork(ctx, \"example\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"example-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleNamespace, err := servicedirectory.NewNamespace(ctx, \"example\", \u0026servicedirectory.NamespaceArgs{\n\t\t\tNamespaceId: pulumi.String(\"example-namespace\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleService, err := servicedirectory.NewService(ctx, \"example\", \u0026servicedirectory.ServiceArgs{\n\t\t\tServiceId: pulumi.String(\"example-service\"),\n\t\t\tNamespace: exampleNamespace.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewEndpoint(ctx, \"example\", \u0026servicedirectory.EndpointArgs{\n\t\t\tEndpointId: pulumi.String(\"example-endpoint\"),\n\t\t\tService: exampleService.ID(),\n\t\t\tMetadata: pulumi.StringMap{\n\t\t\t\t\"stage\": pulumi.String(\"prod\"),\n\t\t\t\t\"region\": pulumi.String(\"us-central1\"),\n\t\t\t},\n\t\t\tNetwork: example.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/%v/locations/global/networks/%v\", project.Number, name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tAddress: pulumi.String(\"1.2.3.4\"),\n\t\t\tPort: pulumi.Int(5353),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.servicedirectory.Namespace;\nimport com.pulumi.gcp.servicedirectory.NamespaceArgs;\nimport com.pulumi.gcp.servicedirectory.Service;\nimport com.pulumi.gcp.servicedirectory.ServiceArgs;\nimport com.pulumi.gcp.servicedirectory.Endpoint;\nimport com.pulumi.gcp.servicedirectory.EndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example = new Network(\"example\", NetworkArgs.builder()\n .name(\"example-network\")\n .build());\n\n var exampleNamespace = new Namespace(\"exampleNamespace\", NamespaceArgs.builder()\n .namespaceId(\"example-namespace\")\n .location(\"us-central1\")\n .build());\n\n var exampleService = new Service(\"exampleService\", ServiceArgs.builder()\n .serviceId(\"example-service\")\n .namespace(exampleNamespace.id())\n .build());\n\n var exampleEndpoint = new Endpoint(\"exampleEndpoint\", EndpointArgs.builder()\n .endpointId(\"example-endpoint\")\n .service(exampleService.id())\n .metadata(Map.ofEntries(\n Map.entry(\"stage\", \"prod\"),\n Map.entry(\"region\", \"us-central1\")\n ))\n .network(example.name().applyValue(name -\u003e String.format(\"projects/%s/locations/global/networks/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number()),name)))\n .address(\"1.2.3.4\")\n .port(5353)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:compute:Network\n properties:\n name: example-network\n exampleNamespace:\n type: gcp:servicedirectory:Namespace\n name: example\n properties:\n namespaceId: example-namespace\n location: us-central1\n exampleService:\n type: gcp:servicedirectory:Service\n name: example\n properties:\n serviceId: example-service\n namespace: ${exampleNamespace.id}\n exampleEndpoint:\n type: gcp:servicedirectory:Endpoint\n name: example\n properties:\n endpointId: example-endpoint\n service: ${exampleService.id}\n metadata:\n stage: prod\n region: us-central1\n network: projects/${project.number}/locations/global/networks/${example.name}\n address: 1.2.3.4\n port: 5353\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nEndpoint can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}}/endpoints/{{endpoint_id}}`\n\n* `{{project}}/{{location}}/{{namespace_id}}/{{service_id}}/{{endpoint_id}}`\n\n* `{{location}}/{{namespace_id}}/{{service_id}}/{{endpoint_id}}`\n\nWhen using the `pulumi import` command, Endpoint can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:servicedirectory/endpoint:Endpoint default projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}}/endpoints/{{endpoint_id}}\n```\n\n```sh\n$ pulumi import gcp:servicedirectory/endpoint:Endpoint default {{project}}/{{location}}/{{namespace_id}}/{{service_id}}/{{endpoint_id}}\n```\n\n```sh\n$ pulumi import gcp:servicedirectory/endpoint:Endpoint default {{location}}/{{namespace_id}}/{{service_id}}/{{endpoint_id}}\n```\n\n", + "description": "An individual endpoint that provides a service.\n\nTo get more information about Endpoint, see:\n\n* [API documentation](https://cloud.google.com/service-directory/docs/reference/rest/v1beta1/projects.locations.namespaces.services.endpoints)\n* How-to Guides\n * [Configuring an endpoint](https://cloud.google.com/service-directory/docs/configuring-service-directory#configuring_an_endpoint)\n\n## Example Usage\n\n### Service Directory Endpoint Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.servicedirectory.Namespace(\"example\", {\n namespaceId: \"example-namespace\",\n location: \"us-central1\",\n});\nconst exampleService = new gcp.servicedirectory.Service(\"example\", {\n serviceId: \"example-service\",\n namespace: example.id,\n});\nconst exampleEndpoint = new gcp.servicedirectory.Endpoint(\"example\", {\n endpointId: \"example-endpoint\",\n service: exampleService.id,\n metadata: {\n stage: \"prod\",\n region: \"us-central1\",\n },\n address: \"1.2.3.4\",\n port: 5353,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.servicedirectory.Namespace(\"example\",\n namespace_id=\"example-namespace\",\n location=\"us-central1\")\nexample_service = gcp.servicedirectory.Service(\"example\",\n service_id=\"example-service\",\n namespace=example.id)\nexample_endpoint = gcp.servicedirectory.Endpoint(\"example\",\n endpoint_id=\"example-endpoint\",\n service=example_service.id,\n metadata={\n \"stage\": \"prod\",\n \"region\": \"us-central1\",\n },\n address=\"1.2.3.4\",\n port=5353)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.ServiceDirectory.Namespace(\"example\", new()\n {\n NamespaceId = \"example-namespace\",\n Location = \"us-central1\",\n });\n\n var exampleService = new Gcp.ServiceDirectory.Service(\"example\", new()\n {\n ServiceId = \"example-service\",\n Namespace = example.Id,\n });\n\n var exampleEndpoint = new Gcp.ServiceDirectory.Endpoint(\"example\", new()\n {\n EndpointId = \"example-endpoint\",\n Service = exampleService.Id,\n Metadata = \n {\n { \"stage\", \"prod\" },\n { \"region\", \"us-central1\" },\n },\n Address = \"1.2.3.4\",\n Port = 5353,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := servicedirectory.NewNamespace(ctx, \"example\", \u0026servicedirectory.NamespaceArgs{\n\t\t\tNamespaceId: pulumi.String(\"example-namespace\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleService, err := servicedirectory.NewService(ctx, \"example\", \u0026servicedirectory.ServiceArgs{\n\t\t\tServiceId: pulumi.String(\"example-service\"),\n\t\t\tNamespace: example.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewEndpoint(ctx, \"example\", \u0026servicedirectory.EndpointArgs{\n\t\t\tEndpointId: pulumi.String(\"example-endpoint\"),\n\t\t\tService: exampleService.ID(),\n\t\t\tMetadata: pulumi.StringMap{\n\t\t\t\t\"stage\": pulumi.String(\"prod\"),\n\t\t\t\t\"region\": pulumi.String(\"us-central1\"),\n\t\t\t},\n\t\t\tAddress: pulumi.String(\"1.2.3.4\"),\n\t\t\tPort: pulumi.Int(5353),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.Namespace;\nimport com.pulumi.gcp.servicedirectory.NamespaceArgs;\nimport com.pulumi.gcp.servicedirectory.Service;\nimport com.pulumi.gcp.servicedirectory.ServiceArgs;\nimport com.pulumi.gcp.servicedirectory.Endpoint;\nimport com.pulumi.gcp.servicedirectory.EndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Namespace(\"example\", NamespaceArgs.builder()\n .namespaceId(\"example-namespace\")\n .location(\"us-central1\")\n .build());\n\n var exampleService = new Service(\"exampleService\", ServiceArgs.builder()\n .serviceId(\"example-service\")\n .namespace(example.id())\n .build());\n\n var exampleEndpoint = new Endpoint(\"exampleEndpoint\", EndpointArgs.builder()\n .endpointId(\"example-endpoint\")\n .service(exampleService.id())\n .metadata(Map.ofEntries(\n Map.entry(\"stage\", \"prod\"),\n Map.entry(\"region\", \"us-central1\")\n ))\n .address(\"1.2.3.4\")\n .port(5353)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:servicedirectory:Namespace\n properties:\n namespaceId: example-namespace\n location: us-central1\n exampleService:\n type: gcp:servicedirectory:Service\n name: example\n properties:\n serviceId: example-service\n namespace: ${example.id}\n exampleEndpoint:\n type: gcp:servicedirectory:Endpoint\n name: example\n properties:\n endpointId: example-endpoint\n service: ${exampleService.id}\n metadata:\n stage: prod\n region: us-central1\n address: 1.2.3.4\n port: 5353\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Service Directory Endpoint With Network\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example = new gcp.compute.Network(\"example\", {name: \"example-network\"});\nconst exampleNamespace = new gcp.servicedirectory.Namespace(\"example\", {\n namespaceId: \"example-namespace\",\n location: \"us-central1\",\n});\nconst exampleService = new gcp.servicedirectory.Service(\"example\", {\n serviceId: \"example-service\",\n namespace: exampleNamespace.id,\n});\nconst exampleEndpoint = new gcp.servicedirectory.Endpoint(\"example\", {\n endpointId: \"example-endpoint\",\n service: exampleService.id,\n metadata: {\n stage: \"prod\",\n region: \"us-central1\",\n },\n network: pulumi.all([project, example.name]).apply(([project, name]) =\u003e `projects/${project.number}/locations/global/networks/${name}`),\n address: \"1.2.3.4\",\n port: 5353,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample = gcp.compute.Network(\"example\", name=\"example-network\")\nexample_namespace = gcp.servicedirectory.Namespace(\"example\",\n namespace_id=\"example-namespace\",\n location=\"us-central1\")\nexample_service = gcp.servicedirectory.Service(\"example\",\n service_id=\"example-service\",\n namespace=example_namespace.id)\nexample_endpoint = gcp.servicedirectory.Endpoint(\"example\",\n endpoint_id=\"example-endpoint\",\n service=example_service.id,\n metadata={\n \"stage\": \"prod\",\n \"region\": \"us-central1\",\n },\n network=example.name.apply(lambda name: f\"projects/{project.number}/locations/global/networks/{name}\"),\n address=\"1.2.3.4\",\n port=5353)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example = new Gcp.Compute.Network(\"example\", new()\n {\n Name = \"example-network\",\n });\n\n var exampleNamespace = new Gcp.ServiceDirectory.Namespace(\"example\", new()\n {\n NamespaceId = \"example-namespace\",\n Location = \"us-central1\",\n });\n\n var exampleService = new Gcp.ServiceDirectory.Service(\"example\", new()\n {\n ServiceId = \"example-service\",\n Namespace = exampleNamespace.Id,\n });\n\n var exampleEndpoint = new Gcp.ServiceDirectory.Endpoint(\"example\", new()\n {\n EndpointId = \"example-endpoint\",\n Service = exampleService.Id,\n Metadata = \n {\n { \"stage\", \"prod\" },\n { \"region\", \"us-central1\" },\n },\n Network = Output.Tuple(project, example.Name).Apply(values =\u003e\n {\n var project = values.Item1;\n var name = values.Item2;\n return $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/locations/global/networks/{name}\";\n }),\n Address = \"1.2.3.4\",\n Port = 5353,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := compute.NewNetwork(ctx, \"example\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"example-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleNamespace, err := servicedirectory.NewNamespace(ctx, \"example\", \u0026servicedirectory.NamespaceArgs{\n\t\t\tNamespaceId: pulumi.String(\"example-namespace\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleService, err := servicedirectory.NewService(ctx, \"example\", \u0026servicedirectory.ServiceArgs{\n\t\t\tServiceId: pulumi.String(\"example-service\"),\n\t\t\tNamespace: exampleNamespace.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewEndpoint(ctx, \"example\", \u0026servicedirectory.EndpointArgs{\n\t\t\tEndpointId: pulumi.String(\"example-endpoint\"),\n\t\t\tService: exampleService.ID(),\n\t\t\tMetadata: pulumi.StringMap{\n\t\t\t\t\"stage\": pulumi.String(\"prod\"),\n\t\t\t\t\"region\": pulumi.String(\"us-central1\"),\n\t\t\t},\n\t\t\tNetwork: example.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/%v/locations/global/networks/%v\", project.Number, name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tAddress: pulumi.String(\"1.2.3.4\"),\n\t\t\tPort: pulumi.Int(5353),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.servicedirectory.Namespace;\nimport com.pulumi.gcp.servicedirectory.NamespaceArgs;\nimport com.pulumi.gcp.servicedirectory.Service;\nimport com.pulumi.gcp.servicedirectory.ServiceArgs;\nimport com.pulumi.gcp.servicedirectory.Endpoint;\nimport com.pulumi.gcp.servicedirectory.EndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example = new Network(\"example\", NetworkArgs.builder()\n .name(\"example-network\")\n .build());\n\n var exampleNamespace = new Namespace(\"exampleNamespace\", NamespaceArgs.builder()\n .namespaceId(\"example-namespace\")\n .location(\"us-central1\")\n .build());\n\n var exampleService = new Service(\"exampleService\", ServiceArgs.builder()\n .serviceId(\"example-service\")\n .namespace(exampleNamespace.id())\n .build());\n\n var exampleEndpoint = new Endpoint(\"exampleEndpoint\", EndpointArgs.builder()\n .endpointId(\"example-endpoint\")\n .service(exampleService.id())\n .metadata(Map.ofEntries(\n Map.entry(\"stage\", \"prod\"),\n Map.entry(\"region\", \"us-central1\")\n ))\n .network(example.name().applyValue(name -\u003e String.format(\"projects/%s/locations/global/networks/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number()),name)))\n .address(\"1.2.3.4\")\n .port(5353)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:compute:Network\n properties:\n name: example-network\n exampleNamespace:\n type: gcp:servicedirectory:Namespace\n name: example\n properties:\n namespaceId: example-namespace\n location: us-central1\n exampleService:\n type: gcp:servicedirectory:Service\n name: example\n properties:\n serviceId: example-service\n namespace: ${exampleNamespace.id}\n exampleEndpoint:\n type: gcp:servicedirectory:Endpoint\n name: example\n properties:\n endpointId: example-endpoint\n service: ${exampleService.id}\n metadata:\n stage: prod\n region: us-central1\n network: projects/${project.number}/locations/global/networks/${example.name}\n address: 1.2.3.4\n port: 5353\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nEndpoint can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}}/endpoints/{{endpoint_id}}`\n\n* `{{project}}/{{location}}/{{namespace_id}}/{{service_id}}/{{endpoint_id}}`\n\n* `{{location}}/{{namespace_id}}/{{service_id}}/{{endpoint_id}}`\n\nWhen using the `pulumi import` command, Endpoint can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:servicedirectory/endpoint:Endpoint default projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}}/endpoints/{{endpoint_id}}\n```\n\n```sh\n$ pulumi import gcp:servicedirectory/endpoint:Endpoint default {{project}}/{{location}}/{{namespace_id}}/{{service_id}}/{{endpoint_id}}\n```\n\n```sh\n$ pulumi import gcp:servicedirectory/endpoint:Endpoint default {{location}}/{{namespace_id}}/{{service_id}}/{{endpoint_id}}\n```\n\n", "properties": { "address": { "type": "string", @@ -263697,7 +263697,7 @@ } }, "gcp:servicedirectory/namespaceIamBinding:NamespaceIamBinding": { - "description": "Three different resources help you manage your IAM policy for Service Directory Namespace. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Authoritative. Sets the IAM policy for the namespace and replaces any existing policy already attached.\n* `gcp.servicedirectory.NamespaceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the namespace are preserved.\n* `gcp.servicedirectory.NamespaceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the namespace are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Retrieves the IAM policy for the namespace\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.NamespaceIamBinding` and `gcp.servicedirectory.NamespaceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.NamespaceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_namespace\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.NamespaceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.servicedirectory.NamespaceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.NamespaceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewNamespaceIamPolicy(ctx, \"policy\", \u0026servicedirectory.NamespaceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NamespaceIamPolicy(\"policy\", NamespaceIamPolicyArgs.builder()\n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:NamespaceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.NamespaceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.NamespaceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.NamespaceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.NamespaceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamBinding(ctx, \"binding\", \u0026servicedirectory.NamespaceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBinding;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NamespaceIamBinding(\"binding\", NamespaceIamBindingArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:NamespaceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.NamespaceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.NamespaceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.NamespaceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.NamespaceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamMember(ctx, \"member\", \u0026servicedirectory.NamespaceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMember;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NamespaceIamMember(\"member\", NamespaceIamMemberArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:NamespaceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Service Directory Namespace\nThree different resources help you manage your IAM policy for Service Directory Namespace. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Authoritative. Sets the IAM policy for the namespace and replaces any existing policy already attached.\n* `gcp.servicedirectory.NamespaceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the namespace are preserved.\n* `gcp.servicedirectory.NamespaceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the namespace are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Retrieves the IAM policy for the namespace\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.NamespaceIamBinding` and `gcp.servicedirectory.NamespaceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.NamespaceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_namespace\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.NamespaceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.servicedirectory.NamespaceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.NamespaceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewNamespaceIamPolicy(ctx, \"policy\", \u0026servicedirectory.NamespaceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NamespaceIamPolicy(\"policy\", NamespaceIamPolicyArgs.builder()\n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:NamespaceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.NamespaceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.NamespaceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.NamespaceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.NamespaceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamBinding(ctx, \"binding\", \u0026servicedirectory.NamespaceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBinding;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NamespaceIamBinding(\"binding\", NamespaceIamBindingArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:NamespaceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.NamespaceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.NamespaceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.NamespaceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.NamespaceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamMember(ctx, \"member\", \u0026servicedirectory.NamespaceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMember;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NamespaceIamMember(\"member\", NamespaceIamMemberArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:NamespaceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}\n\n* {{project}}/{{location}}/{{namespace_id}}\n\n* {{location}}/{{namespace_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nService Directory namespace IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamBinding:NamespaceIamBinding editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamBinding:NamespaceIamBinding editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamBinding:NamespaceIamBinding editor projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Service Directory Namespace. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Authoritative. Sets the IAM policy for the namespace and replaces any existing policy already attached.\n* `gcp.servicedirectory.NamespaceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the namespace are preserved.\n* `gcp.servicedirectory.NamespaceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the namespace are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Retrieves the IAM policy for the namespace\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.NamespaceIamBinding` and `gcp.servicedirectory.NamespaceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.NamespaceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_namespace\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.NamespaceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.servicedirectory.NamespaceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.NamespaceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewNamespaceIamPolicy(ctx, \"policy\", \u0026servicedirectory.NamespaceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NamespaceIamPolicy(\"policy\", NamespaceIamPolicyArgs.builder()\n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:NamespaceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.NamespaceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.NamespaceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.NamespaceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.NamespaceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamBinding(ctx, \"binding\", \u0026servicedirectory.NamespaceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBinding;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NamespaceIamBinding(\"binding\", NamespaceIamBindingArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:NamespaceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.NamespaceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.NamespaceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.NamespaceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.NamespaceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamMember(ctx, \"member\", \u0026servicedirectory.NamespaceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMember;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NamespaceIamMember(\"member\", NamespaceIamMemberArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:NamespaceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Service Directory Namespace\nThree different resources help you manage your IAM policy for Service Directory Namespace. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Authoritative. Sets the IAM policy for the namespace and replaces any existing policy already attached.\n* `gcp.servicedirectory.NamespaceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the namespace are preserved.\n* `gcp.servicedirectory.NamespaceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the namespace are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Retrieves the IAM policy for the namespace\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.NamespaceIamBinding` and `gcp.servicedirectory.NamespaceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.NamespaceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_namespace\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.NamespaceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.servicedirectory.NamespaceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.NamespaceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewNamespaceIamPolicy(ctx, \"policy\", \u0026servicedirectory.NamespaceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NamespaceIamPolicy(\"policy\", NamespaceIamPolicyArgs.builder()\n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:NamespaceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.NamespaceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.NamespaceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.NamespaceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.NamespaceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamBinding(ctx, \"binding\", \u0026servicedirectory.NamespaceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBinding;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NamespaceIamBinding(\"binding\", NamespaceIamBindingArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:NamespaceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.NamespaceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.NamespaceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.NamespaceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.NamespaceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamMember(ctx, \"member\", \u0026servicedirectory.NamespaceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMember;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NamespaceIamMember(\"member\", NamespaceIamMemberArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:NamespaceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}\n\n* {{project}}/{{location}}/{{namespace_id}}\n\n* {{location}}/{{namespace_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nService Directory namespace IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamBinding:NamespaceIamBinding editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamBinding:NamespaceIamBinding editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamBinding:NamespaceIamBinding editor projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:servicedirectory/NamespaceIamBindingCondition:NamespaceIamBindingCondition" @@ -263788,7 +263788,7 @@ } }, "gcp:servicedirectory/namespaceIamMember:NamespaceIamMember": { - "description": "Three different resources help you manage your IAM policy for Service Directory Namespace. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Authoritative. Sets the IAM policy for the namespace and replaces any existing policy already attached.\n* `gcp.servicedirectory.NamespaceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the namespace are preserved.\n* `gcp.servicedirectory.NamespaceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the namespace are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Retrieves the IAM policy for the namespace\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.NamespaceIamBinding` and `gcp.servicedirectory.NamespaceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.NamespaceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_namespace\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.NamespaceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.servicedirectory.NamespaceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.NamespaceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewNamespaceIamPolicy(ctx, \"policy\", \u0026servicedirectory.NamespaceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NamespaceIamPolicy(\"policy\", NamespaceIamPolicyArgs.builder()\n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:NamespaceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.NamespaceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.NamespaceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.NamespaceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.NamespaceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamBinding(ctx, \"binding\", \u0026servicedirectory.NamespaceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBinding;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NamespaceIamBinding(\"binding\", NamespaceIamBindingArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:NamespaceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.NamespaceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.NamespaceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.NamespaceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.NamespaceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamMember(ctx, \"member\", \u0026servicedirectory.NamespaceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMember;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NamespaceIamMember(\"member\", NamespaceIamMemberArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:NamespaceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Service Directory Namespace\nThree different resources help you manage your IAM policy for Service Directory Namespace. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Authoritative. Sets the IAM policy for the namespace and replaces any existing policy already attached.\n* `gcp.servicedirectory.NamespaceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the namespace are preserved.\n* `gcp.servicedirectory.NamespaceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the namespace are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Retrieves the IAM policy for the namespace\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.NamespaceIamBinding` and `gcp.servicedirectory.NamespaceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.NamespaceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_namespace\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.NamespaceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.servicedirectory.NamespaceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.NamespaceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewNamespaceIamPolicy(ctx, \"policy\", \u0026servicedirectory.NamespaceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NamespaceIamPolicy(\"policy\", NamespaceIamPolicyArgs.builder()\n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:NamespaceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.NamespaceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.NamespaceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.NamespaceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.NamespaceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamBinding(ctx, \"binding\", \u0026servicedirectory.NamespaceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBinding;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NamespaceIamBinding(\"binding\", NamespaceIamBindingArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:NamespaceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.NamespaceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.NamespaceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.NamespaceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.NamespaceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamMember(ctx, \"member\", \u0026servicedirectory.NamespaceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMember;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NamespaceIamMember(\"member\", NamespaceIamMemberArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:NamespaceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}\n\n* {{project}}/{{location}}/{{namespace_id}}\n\n* {{location}}/{{namespace_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nService Directory namespace IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamMember:NamespaceIamMember editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamMember:NamespaceIamMember editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamMember:NamespaceIamMember editor projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Service Directory Namespace. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Authoritative. Sets the IAM policy for the namespace and replaces any existing policy already attached.\n* `gcp.servicedirectory.NamespaceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the namespace are preserved.\n* `gcp.servicedirectory.NamespaceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the namespace are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Retrieves the IAM policy for the namespace\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.NamespaceIamBinding` and `gcp.servicedirectory.NamespaceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.NamespaceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_namespace\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.NamespaceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.servicedirectory.NamespaceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.NamespaceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewNamespaceIamPolicy(ctx, \"policy\", \u0026servicedirectory.NamespaceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NamespaceIamPolicy(\"policy\", NamespaceIamPolicyArgs.builder()\n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:NamespaceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.NamespaceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.NamespaceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.NamespaceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.NamespaceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamBinding(ctx, \"binding\", \u0026servicedirectory.NamespaceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBinding;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NamespaceIamBinding(\"binding\", NamespaceIamBindingArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:NamespaceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.NamespaceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.NamespaceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.NamespaceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.NamespaceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamMember(ctx, \"member\", \u0026servicedirectory.NamespaceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMember;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NamespaceIamMember(\"member\", NamespaceIamMemberArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:NamespaceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Service Directory Namespace\nThree different resources help you manage your IAM policy for Service Directory Namespace. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Authoritative. Sets the IAM policy for the namespace and replaces any existing policy already attached.\n* `gcp.servicedirectory.NamespaceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the namespace are preserved.\n* `gcp.servicedirectory.NamespaceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the namespace are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Retrieves the IAM policy for the namespace\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.NamespaceIamBinding` and `gcp.servicedirectory.NamespaceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.NamespaceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_namespace\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.NamespaceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.servicedirectory.NamespaceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.NamespaceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewNamespaceIamPolicy(ctx, \"policy\", \u0026servicedirectory.NamespaceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NamespaceIamPolicy(\"policy\", NamespaceIamPolicyArgs.builder()\n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:NamespaceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.NamespaceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.NamespaceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.NamespaceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.NamespaceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamBinding(ctx, \"binding\", \u0026servicedirectory.NamespaceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBinding;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NamespaceIamBinding(\"binding\", NamespaceIamBindingArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:NamespaceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.NamespaceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.NamespaceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.NamespaceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.NamespaceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamMember(ctx, \"member\", \u0026servicedirectory.NamespaceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMember;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NamespaceIamMember(\"member\", NamespaceIamMemberArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:NamespaceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}\n\n* {{project}}/{{location}}/{{namespace_id}}\n\n* {{location}}/{{namespace_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nService Directory namespace IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamMember:NamespaceIamMember editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamMember:NamespaceIamMember editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamMember:NamespaceIamMember editor projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:servicedirectory/NamespaceIamMemberCondition:NamespaceIamMemberCondition" @@ -263872,7 +263872,7 @@ } }, "gcp:servicedirectory/namespaceIamPolicy:NamespaceIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Service Directory Namespace. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Authoritative. Sets the IAM policy for the namespace and replaces any existing policy already attached.\n* `gcp.servicedirectory.NamespaceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the namespace are preserved.\n* `gcp.servicedirectory.NamespaceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the namespace are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Retrieves the IAM policy for the namespace\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.NamespaceIamBinding` and `gcp.servicedirectory.NamespaceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.NamespaceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_namespace\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.NamespaceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.servicedirectory.NamespaceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.NamespaceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewNamespaceIamPolicy(ctx, \"policy\", \u0026servicedirectory.NamespaceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NamespaceIamPolicy(\"policy\", NamespaceIamPolicyArgs.builder()\n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:NamespaceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.NamespaceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.NamespaceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.NamespaceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.NamespaceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamBinding(ctx, \"binding\", \u0026servicedirectory.NamespaceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBinding;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NamespaceIamBinding(\"binding\", NamespaceIamBindingArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:NamespaceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.NamespaceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.NamespaceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.NamespaceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.NamespaceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamMember(ctx, \"member\", \u0026servicedirectory.NamespaceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMember;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NamespaceIamMember(\"member\", NamespaceIamMemberArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:NamespaceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Service Directory Namespace\nThree different resources help you manage your IAM policy for Service Directory Namespace. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Authoritative. Sets the IAM policy for the namespace and replaces any existing policy already attached.\n* `gcp.servicedirectory.NamespaceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the namespace are preserved.\n* `gcp.servicedirectory.NamespaceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the namespace are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Retrieves the IAM policy for the namespace\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.NamespaceIamBinding` and `gcp.servicedirectory.NamespaceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.NamespaceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_namespace\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.NamespaceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.servicedirectory.NamespaceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.NamespaceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewNamespaceIamPolicy(ctx, \"policy\", \u0026servicedirectory.NamespaceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NamespaceIamPolicy(\"policy\", NamespaceIamPolicyArgs.builder()\n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:NamespaceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.NamespaceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.NamespaceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.NamespaceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.NamespaceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamBinding(ctx, \"binding\", \u0026servicedirectory.NamespaceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBinding;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NamespaceIamBinding(\"binding\", NamespaceIamBindingArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:NamespaceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.NamespaceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.NamespaceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.NamespaceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.NamespaceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamMember(ctx, \"member\", \u0026servicedirectory.NamespaceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMember;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NamespaceIamMember(\"member\", NamespaceIamMemberArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:NamespaceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}\n\n* {{project}}/{{location}}/{{namespace_id}}\n\n* {{location}}/{{namespace_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nService Directory namespace IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamPolicy:NamespaceIamPolicy editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamPolicy:NamespaceIamPolicy editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamPolicy:NamespaceIamPolicy editor projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Service Directory Namespace. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Authoritative. Sets the IAM policy for the namespace and replaces any existing policy already attached.\n* `gcp.servicedirectory.NamespaceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the namespace are preserved.\n* `gcp.servicedirectory.NamespaceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the namespace are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Retrieves the IAM policy for the namespace\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.NamespaceIamBinding` and `gcp.servicedirectory.NamespaceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.NamespaceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_namespace\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.NamespaceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.servicedirectory.NamespaceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.NamespaceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewNamespaceIamPolicy(ctx, \"policy\", \u0026servicedirectory.NamespaceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NamespaceIamPolicy(\"policy\", NamespaceIamPolicyArgs.builder()\n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:NamespaceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.NamespaceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.NamespaceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.NamespaceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.NamespaceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamBinding(ctx, \"binding\", \u0026servicedirectory.NamespaceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBinding;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NamespaceIamBinding(\"binding\", NamespaceIamBindingArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:NamespaceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.NamespaceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.NamespaceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.NamespaceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.NamespaceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamMember(ctx, \"member\", \u0026servicedirectory.NamespaceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMember;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NamespaceIamMember(\"member\", NamespaceIamMemberArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:NamespaceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Service Directory Namespace\nThree different resources help you manage your IAM policy for Service Directory Namespace. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Authoritative. Sets the IAM policy for the namespace and replaces any existing policy already attached.\n* `gcp.servicedirectory.NamespaceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the namespace are preserved.\n* `gcp.servicedirectory.NamespaceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the namespace are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Retrieves the IAM policy for the namespace\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.NamespaceIamBinding` and `gcp.servicedirectory.NamespaceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.NamespaceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_namespace\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.NamespaceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.servicedirectory.NamespaceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.NamespaceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewNamespaceIamPolicy(ctx, \"policy\", \u0026servicedirectory.NamespaceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NamespaceIamPolicy(\"policy\", NamespaceIamPolicyArgs.builder()\n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:NamespaceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.NamespaceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.NamespaceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.NamespaceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.NamespaceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamBinding(ctx, \"binding\", \u0026servicedirectory.NamespaceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBinding;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NamespaceIamBinding(\"binding\", NamespaceIamBindingArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:NamespaceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.NamespaceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.NamespaceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.NamespaceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.NamespaceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamMember(ctx, \"member\", \u0026servicedirectory.NamespaceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMember;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NamespaceIamMember(\"member\", NamespaceIamMemberArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:NamespaceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}\n\n* {{project}}/{{location}}/{{namespace_id}}\n\n* {{location}}/{{namespace_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nService Directory namespace IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamPolicy:NamespaceIamPolicy editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamPolicy:NamespaceIamPolicy editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamPolicy:NamespaceIamPolicy editor projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -264004,7 +264004,7 @@ } }, "gcp:servicedirectory/serviceIamBinding:ServiceIamBinding": { - "description": "Three different resources help you manage your IAM policy for Service Directory Service. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.servicedirectory.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.servicedirectory.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.ServiceIamBinding` and `gcp.servicedirectory.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.ServiceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.servicedirectory.ServiceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.ServiceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewServiceIamPolicy(ctx, \"policy\", \u0026servicedirectory.ServiceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:ServiceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.ServiceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.ServiceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.ServiceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamBinding(ctx, \"binding\", \u0026servicedirectory.ServiceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBinding;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:ServiceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.ServiceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.ServiceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.ServiceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamMember(ctx, \"member\", \u0026servicedirectory.ServiceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMember;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:ServiceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Service Directory Service\nThree different resources help you manage your IAM policy for Service Directory Service. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.servicedirectory.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.servicedirectory.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.ServiceIamBinding` and `gcp.servicedirectory.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.ServiceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.servicedirectory.ServiceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.ServiceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewServiceIamPolicy(ctx, \"policy\", \u0026servicedirectory.ServiceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:ServiceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.ServiceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.ServiceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.ServiceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamBinding(ctx, \"binding\", \u0026servicedirectory.ServiceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBinding;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:ServiceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.ServiceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.ServiceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.ServiceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamMember(ctx, \"member\", \u0026servicedirectory.ServiceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMember;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:ServiceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}}\n\n* {{project}}/{{location}}/{{namespace_id}}/{{service_id}}\n\n* {{location}}/{{namespace_id}}/{{service_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nService Directory service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamBinding:ServiceIamBinding editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamBinding:ServiceIamBinding editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamBinding:ServiceIamBinding editor projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Service Directory Service. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.servicedirectory.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.servicedirectory.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.ServiceIamBinding` and `gcp.servicedirectory.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.ServiceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.servicedirectory.ServiceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.ServiceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewServiceIamPolicy(ctx, \"policy\", \u0026servicedirectory.ServiceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:ServiceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.ServiceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.ServiceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.ServiceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamBinding(ctx, \"binding\", \u0026servicedirectory.ServiceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBinding;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:ServiceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.ServiceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.ServiceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.ServiceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamMember(ctx, \"member\", \u0026servicedirectory.ServiceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMember;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:ServiceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Service Directory Service\nThree different resources help you manage your IAM policy for Service Directory Service. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.servicedirectory.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.servicedirectory.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.ServiceIamBinding` and `gcp.servicedirectory.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.ServiceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.servicedirectory.ServiceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.ServiceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewServiceIamPolicy(ctx, \"policy\", \u0026servicedirectory.ServiceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:ServiceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.ServiceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.ServiceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.ServiceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamBinding(ctx, \"binding\", \u0026servicedirectory.ServiceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBinding;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:ServiceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.ServiceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.ServiceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.ServiceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamMember(ctx, \"member\", \u0026servicedirectory.ServiceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMember;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:ServiceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}}\n\n* {{project}}/{{location}}/{{namespace_id}}/{{service_id}}\n\n* {{location}}/{{namespace_id}}/{{service_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nService Directory service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamBinding:ServiceIamBinding editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamBinding:ServiceIamBinding editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamBinding:ServiceIamBinding editor projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:servicedirectory/ServiceIamBindingCondition:ServiceIamBindingCondition" @@ -264095,7 +264095,7 @@ } }, "gcp:servicedirectory/serviceIamMember:ServiceIamMember": { - "description": "Three different resources help you manage your IAM policy for Service Directory Service. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.servicedirectory.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.servicedirectory.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.ServiceIamBinding` and `gcp.servicedirectory.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.ServiceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.servicedirectory.ServiceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.ServiceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewServiceIamPolicy(ctx, \"policy\", \u0026servicedirectory.ServiceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:ServiceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.ServiceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.ServiceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.ServiceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamBinding(ctx, \"binding\", \u0026servicedirectory.ServiceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBinding;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:ServiceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.ServiceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.ServiceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.ServiceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamMember(ctx, \"member\", \u0026servicedirectory.ServiceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMember;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:ServiceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Service Directory Service\nThree different resources help you manage your IAM policy for Service Directory Service. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.servicedirectory.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.servicedirectory.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.ServiceIamBinding` and `gcp.servicedirectory.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.ServiceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.servicedirectory.ServiceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.ServiceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewServiceIamPolicy(ctx, \"policy\", \u0026servicedirectory.ServiceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:ServiceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.ServiceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.ServiceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.ServiceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamBinding(ctx, \"binding\", \u0026servicedirectory.ServiceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBinding;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:ServiceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.ServiceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.ServiceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.ServiceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamMember(ctx, \"member\", \u0026servicedirectory.ServiceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMember;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:ServiceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}}\n\n* {{project}}/{{location}}/{{namespace_id}}/{{service_id}}\n\n* {{location}}/{{namespace_id}}/{{service_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nService Directory service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamMember:ServiceIamMember editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamMember:ServiceIamMember editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamMember:ServiceIamMember editor projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Service Directory Service. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.servicedirectory.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.servicedirectory.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.ServiceIamBinding` and `gcp.servicedirectory.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.ServiceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.servicedirectory.ServiceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.ServiceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewServiceIamPolicy(ctx, \"policy\", \u0026servicedirectory.ServiceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:ServiceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.ServiceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.ServiceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.ServiceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamBinding(ctx, \"binding\", \u0026servicedirectory.ServiceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBinding;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:ServiceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.ServiceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.ServiceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.ServiceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamMember(ctx, \"member\", \u0026servicedirectory.ServiceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMember;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:ServiceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Service Directory Service\nThree different resources help you manage your IAM policy for Service Directory Service. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.servicedirectory.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.servicedirectory.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.ServiceIamBinding` and `gcp.servicedirectory.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.ServiceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.servicedirectory.ServiceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.ServiceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewServiceIamPolicy(ctx, \"policy\", \u0026servicedirectory.ServiceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:ServiceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.ServiceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.ServiceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.ServiceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamBinding(ctx, \"binding\", \u0026servicedirectory.ServiceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBinding;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:ServiceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.ServiceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.ServiceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.ServiceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamMember(ctx, \"member\", \u0026servicedirectory.ServiceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMember;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:ServiceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}}\n\n* {{project}}/{{location}}/{{namespace_id}}/{{service_id}}\n\n* {{location}}/{{namespace_id}}/{{service_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nService Directory service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamMember:ServiceIamMember editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamMember:ServiceIamMember editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamMember:ServiceIamMember editor projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:servicedirectory/ServiceIamMemberCondition:ServiceIamMemberCondition" @@ -264179,7 +264179,7 @@ } }, "gcp:servicedirectory/serviceIamPolicy:ServiceIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Service Directory Service. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.servicedirectory.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.servicedirectory.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.ServiceIamBinding` and `gcp.servicedirectory.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.ServiceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.servicedirectory.ServiceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.ServiceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewServiceIamPolicy(ctx, \"policy\", \u0026servicedirectory.ServiceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:ServiceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.ServiceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.ServiceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.ServiceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamBinding(ctx, \"binding\", \u0026servicedirectory.ServiceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBinding;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:ServiceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.ServiceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.ServiceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.ServiceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamMember(ctx, \"member\", \u0026servicedirectory.ServiceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMember;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:ServiceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Service Directory Service\nThree different resources help you manage your IAM policy for Service Directory Service. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.servicedirectory.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.servicedirectory.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.ServiceIamBinding` and `gcp.servicedirectory.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.ServiceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.servicedirectory.ServiceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.ServiceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewServiceIamPolicy(ctx, \"policy\", \u0026servicedirectory.ServiceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:ServiceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.ServiceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.ServiceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.ServiceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamBinding(ctx, \"binding\", \u0026servicedirectory.ServiceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBinding;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:ServiceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.ServiceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.ServiceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.ServiceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamMember(ctx, \"member\", \u0026servicedirectory.ServiceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMember;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:ServiceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}}\n\n* {{project}}/{{location}}/{{namespace_id}}/{{service_id}}\n\n* {{location}}/{{namespace_id}}/{{service_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nService Directory service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamPolicy:ServiceIamPolicy editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamPolicy:ServiceIamPolicy editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamPolicy:ServiceIamPolicy editor projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Service Directory Service. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.servicedirectory.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.servicedirectory.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.ServiceIamBinding` and `gcp.servicedirectory.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.ServiceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.servicedirectory.ServiceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.ServiceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewServiceIamPolicy(ctx, \"policy\", \u0026servicedirectory.ServiceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:ServiceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.ServiceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.ServiceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.ServiceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamBinding(ctx, \"binding\", \u0026servicedirectory.ServiceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBinding;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:ServiceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.ServiceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.ServiceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.ServiceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamMember(ctx, \"member\", \u0026servicedirectory.ServiceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMember;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:ServiceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Service Directory Service\nThree different resources help you manage your IAM policy for Service Directory Service. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.servicedirectory.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.servicedirectory.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.ServiceIamBinding` and `gcp.servicedirectory.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.ServiceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.servicedirectory.ServiceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.ServiceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewServiceIamPolicy(ctx, \"policy\", \u0026servicedirectory.ServiceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder()\n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:ServiceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.ServiceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.ServiceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.ServiceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.ServiceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamBinding(ctx, \"binding\", \u0026servicedirectory.ServiceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBinding;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:ServiceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.servicedirectory.ServiceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.ServiceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.ServiceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.ServiceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamMember(ctx, \"member\", \u0026servicedirectory.ServiceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMember;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder()\n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:ServiceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}}\n\n* {{project}}/{{location}}/{{namespace_id}}/{{service_id}}\n\n* {{location}}/{{namespace_id}}/{{service_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nService Directory service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamPolicy:ServiceIamPolicy editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamPolicy:ServiceIamPolicy editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamPolicy:ServiceIamPolicy editor projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -264438,7 +264438,7 @@ } }, "gcp:servicenetworking/vpcServiceControls:VpcServiceControls": { - "description": "Manages the VPC Service Controls configuration for a service\nnetworking connection\n\nWhen enabled, Google Cloud makes the following\nroute configuration changes in the service producer VPC network:\n- Removes the IPv4 default route (destination 0.0.0.0/0,\n next hop default internet gateway), Google Cloud then creates an\n IPv4 route for destination 199.36.153.4/30 using the default\n internet gateway next hop.\n- Creates Cloud DNS managed private zones and authorizes those zones\n for the service producer VPC network. The zones include\n googleapis.com, gcr.io, pkg.dev, notebooks.cloud.google.com,\n kernels.googleusercontent.com, backupdr.cloud.google.com, and\n backupdr.googleusercontent.com as necessary domains or host names\n for Google APIs and services that are compatible with VPC Service\n Controls. Record data in the zones resolves all host names to\n 199.36.153.4, 199.36.153.5, 199.36.153.6, and 199.36.153.7.\n\nWhen disabled, Google Cloud makes the following route configuration\nchanges in the service producer VPC network:\n- Restores a default route (destination 0.0.0.0/0, next hop default\n internet gateway)\n- Deletes the Cloud DNS managed private zones that provided the host\n name overrides.\n\n\nTo get more information about VPCServiceControls, see:\n\n* [API documentation](https://cloud.google.com/service-infrastructure/docs/service-networking/reference/rest/v1/services)\n* How-to Guides\n * [Enable VPC Service Controls for service networking](https://cloud.google.com/sdk/gcloud/reference/services/vpc-peerings/enable-vpc-service-controls)\n * [Private Google Access with VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/private-connectivity)\n * [Set up private connectivity to Google APIs and services](https://cloud.google.com/vpc-service-controls/docs/set-up-private-connectivity)\n\n\u003e **Note:** Destroying a `gcp.servicenetworking.VpcServiceControls`\nresource will remove it from state, but will not change the\nunderlying VPC Service Controls configuration for the service\nproducer network.\n\n## Example Usage\n\n### Service Networking Vpc Service Controls Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n// Create a VPC\nconst _default = new gcp.compute.Network(\"default\", {name: \"example-network\"});\n// Create an IP address\nconst defaultGlobalAddress = new gcp.compute.GlobalAddress(\"default\", {\n name: \"psa-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: _default.id,\n});\n// Create a private connection\nconst defaultConnection = new gcp.servicenetworking.Connection(\"default\", {\n network: _default.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [defaultGlobalAddress.name],\n});\n// Enable VPC-SC on the producer network\nconst defaultVpcServiceControls = new gcp.servicenetworking.VpcServiceControls(\"default\", {\n network: _default.name,\n service: \"servicenetworking.googleapis.com\",\n enabled: true,\n}, {\n dependsOn: [defaultConnection],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n# Create a VPC\ndefault = gcp.compute.Network(\"default\", name=\"example-network\")\n# Create an IP address\ndefault_global_address = gcp.compute.GlobalAddress(\"default\",\n name=\"psa-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=default.id)\n# Create a private connection\ndefault_connection = gcp.servicenetworking.Connection(\"default\",\n network=default.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[default_global_address.name])\n# Enable VPC-SC on the producer network\ndefault_vpc_service_controls = gcp.servicenetworking.VpcServiceControls(\"default\",\n network=default.name,\n service=\"servicenetworking.googleapis.com\",\n enabled=True,\n opts = pulumi.ResourceOptions(depends_on=[default_connection]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create a VPC\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"example-network\",\n });\n\n // Create an IP address\n var defaultGlobalAddress = new Gcp.Compute.GlobalAddress(\"default\", new()\n {\n Name = \"psa-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = @default.Id,\n });\n\n // Create a private connection\n var defaultConnection = new Gcp.ServiceNetworking.Connection(\"default\", new()\n {\n Network = @default.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n defaultGlobalAddress.Name,\n },\n });\n\n // Enable VPC-SC on the producer network\n var defaultVpcServiceControls = new Gcp.ServiceNetworking.VpcServiceControls(\"default\", new()\n {\n Network = @default.Name,\n Service = \"servicenetworking.googleapis.com\",\n Enabled = true,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n defaultConnection,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Create a VPC\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"example-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create an IP address\n\t\tdefaultGlobalAddress, err := compute.NewGlobalAddress(ctx, \"default\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"psa-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a private connection\n\t\tdefaultConnection, err := servicenetworking.NewConnection(ctx, \"default\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: _default.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tdefaultGlobalAddress.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Enable VPC-SC on the producer network\n\t\t_, err = servicenetworking.NewVpcServiceControls(ctx, \"default\", \u0026servicenetworking.VpcServiceControlsArgs{\n\t\t\tNetwork: _default.Name,\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdefaultConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.servicenetworking.VpcServiceControls;\nimport com.pulumi.gcp.servicenetworking.VpcServiceControlsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Create a VPC\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"example-network\")\n .build());\n\n // Create an IP address\n var defaultGlobalAddress = new GlobalAddress(\"defaultGlobalAddress\", GlobalAddressArgs.builder()\n .name(\"psa-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(default_.id())\n .build());\n\n // Create a private connection\n var defaultConnection = new Connection(\"defaultConnection\", ConnectionArgs.builder()\n .network(default_.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(defaultGlobalAddress.name())\n .build());\n\n // Enable VPC-SC on the producer network\n var defaultVpcServiceControls = new VpcServiceControls(\"defaultVpcServiceControls\", VpcServiceControlsArgs.builder()\n .network(default_.name())\n .service(\"servicenetworking.googleapis.com\")\n .enabled(true)\n .build(), CustomResourceOptions.builder()\n .dependsOn(defaultConnection)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a VPC\n default:\n type: gcp:compute:Network\n properties:\n name: example-network\n # Create an IP address\n defaultGlobalAddress:\n type: gcp:compute:GlobalAddress\n name: default\n properties:\n name: psa-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${default.id}\n # Create a private connection\n defaultConnection:\n type: gcp:servicenetworking:Connection\n name: default\n properties:\n network: ${default.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${defaultGlobalAddress.name}\n # Enable VPC-SC on the producer network\n defaultVpcServiceControls:\n type: gcp:servicenetworking:VpcServiceControls\n name: default\n properties:\n network: ${default.name}\n service: servicenetworking.googleapis.com\n enabled: true\n options:\n dependson:\n - ${defaultConnection}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nVPCServiceControls can be imported using any of these accepted formats:\n\n* `services/{{service}}/projects/{{project}}/networks/{{network}}`\n\n* `{{service}}/{{project}}/{{network}}`\n\n* `{{service}}/{{network}}`\n\nWhen using the `pulumi import` command, VPCServiceControls can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:servicenetworking/vpcServiceControls:VpcServiceControls default services/{{service}}/projects/{{project}}/networks/{{network}}\n```\n\n```sh\n$ pulumi import gcp:servicenetworking/vpcServiceControls:VpcServiceControls default {{service}}/{{project}}/{{network}}\n```\n\n```sh\n$ pulumi import gcp:servicenetworking/vpcServiceControls:VpcServiceControls default {{service}}/{{network}}\n```\n\n", + "description": "Manages the VPC Service Controls configuration for a service\nnetworking connection\n\nWhen enabled, Google Cloud makes the following\nroute configuration changes in the service producer VPC network:\n- Removes the IPv4 default route (destination 0.0.0.0/0,\n next hop default internet gateway), Google Cloud then creates an\n IPv4 route for destination 199.36.153.4/30 using the default\n internet gateway next hop.\n- Creates Cloud DNS managed private zones and authorizes those zones\n for the service producer VPC network. The zones include\n googleapis.com, gcr.io, pkg.dev, notebooks.cloud.google.com,\n kernels.googleusercontent.com, backupdr.cloud.google.com, and\n backupdr.googleusercontent.com as necessary domains or host names\n for Google APIs and services that are compatible with VPC Service\n Controls. Record data in the zones resolves all host names to\n 199.36.153.4, 199.36.153.5, 199.36.153.6, and 199.36.153.7.\n\nWhen disabled, Google Cloud makes the following route configuration\nchanges in the service producer VPC network:\n- Restores a default route (destination 0.0.0.0/0, next hop default\n internet gateway)\n- Deletes the Cloud DNS managed private zones that provided the host\n name overrides.\n\n\nTo get more information about VPCServiceControls, see:\n\n* [API documentation](https://cloud.google.com/service-infrastructure/docs/service-networking/reference/rest/v1/services)\n* How-to Guides\n * [Enable VPC Service Controls for service networking](https://cloud.google.com/sdk/gcloud/reference/services/vpc-peerings/enable-vpc-service-controls)\n * [Private Google Access with VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/private-connectivity)\n * [Set up private connectivity to Google APIs and services](https://cloud.google.com/vpc-service-controls/docs/set-up-private-connectivity)\n\n\u003e **Note:** Destroying a `gcp.servicenetworking.VpcServiceControls`\nresource will remove it from state, but will not change the\nunderlying VPC Service Controls configuration for the service\nproducer network.\n\n## Example Usage\n\n### Service Networking Vpc Service Controls Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n// Create a VPC\nconst _default = new gcp.compute.Network(\"default\", {name: \"example-network\"});\n// Create an IP address\nconst defaultGlobalAddress = new gcp.compute.GlobalAddress(\"default\", {\n name: \"psa-range\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: _default.id,\n});\n// Create a private connection\nconst defaultConnection = new gcp.servicenetworking.Connection(\"default\", {\n network: _default.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [defaultGlobalAddress.name],\n});\n// Enable VPC-SC on the producer network\nconst defaultVpcServiceControls = new gcp.servicenetworking.VpcServiceControls(\"default\", {\n network: _default.name,\n service: \"servicenetworking.googleapis.com\",\n enabled: true,\n}, {\n dependsOn: [defaultConnection],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n# Create a VPC\ndefault = gcp.compute.Network(\"default\", name=\"example-network\")\n# Create an IP address\ndefault_global_address = gcp.compute.GlobalAddress(\"default\",\n name=\"psa-range\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=default.id)\n# Create a private connection\ndefault_connection = gcp.servicenetworking.Connection(\"default\",\n network=default.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[default_global_address.name])\n# Enable VPC-SC on the producer network\ndefault_vpc_service_controls = gcp.servicenetworking.VpcServiceControls(\"default\",\n network=default.name,\n service=\"servicenetworking.googleapis.com\",\n enabled=True,\n opts = pulumi.ResourceOptions(depends_on=[default_connection]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create a VPC\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"example-network\",\n });\n\n // Create an IP address\n var defaultGlobalAddress = new Gcp.Compute.GlobalAddress(\"default\", new()\n {\n Name = \"psa-range\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = @default.Id,\n });\n\n // Create a private connection\n var defaultConnection = new Gcp.ServiceNetworking.Connection(\"default\", new()\n {\n Network = @default.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n defaultGlobalAddress.Name,\n },\n });\n\n // Enable VPC-SC on the producer network\n var defaultVpcServiceControls = new Gcp.ServiceNetworking.VpcServiceControls(\"default\", new()\n {\n Network = @default.Name,\n Service = \"servicenetworking.googleapis.com\",\n Enabled = true,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n defaultConnection,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Create a VPC\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"example-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create an IP address\n\t\tdefaultGlobalAddress, err := compute.NewGlobalAddress(ctx, \"default\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"psa-range\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a private connection\n\t\tdefaultConnection, err := servicenetworking.NewConnection(ctx, \"default\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: _default.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tdefaultGlobalAddress.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Enable VPC-SC on the producer network\n\t\t_, err = servicenetworking.NewVpcServiceControls(ctx, \"default\", \u0026servicenetworking.VpcServiceControlsArgs{\n\t\t\tNetwork: _default.Name,\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdefaultConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.servicenetworking.VpcServiceControls;\nimport com.pulumi.gcp.servicenetworking.VpcServiceControlsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Create a VPC\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"example-network\")\n .build());\n\n // Create an IP address\n var defaultGlobalAddress = new GlobalAddress(\"defaultGlobalAddress\", GlobalAddressArgs.builder()\n .name(\"psa-range\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(default_.id())\n .build());\n\n // Create a private connection\n var defaultConnection = new Connection(\"defaultConnection\", ConnectionArgs.builder()\n .network(default_.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(defaultGlobalAddress.name())\n .build());\n\n // Enable VPC-SC on the producer network\n var defaultVpcServiceControls = new VpcServiceControls(\"defaultVpcServiceControls\", VpcServiceControlsArgs.builder()\n .network(default_.name())\n .service(\"servicenetworking.googleapis.com\")\n .enabled(true)\n .build(), CustomResourceOptions.builder()\n .dependsOn(defaultConnection)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a VPC\n default:\n type: gcp:compute:Network\n properties:\n name: example-network\n # Create an IP address\n defaultGlobalAddress:\n type: gcp:compute:GlobalAddress\n name: default\n properties:\n name: psa-range\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${default.id}\n # Create a private connection\n defaultConnection:\n type: gcp:servicenetworking:Connection\n name: default\n properties:\n network: ${default.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${defaultGlobalAddress.name}\n # Enable VPC-SC on the producer network\n defaultVpcServiceControls:\n type: gcp:servicenetworking:VpcServiceControls\n name: default\n properties:\n network: ${default.name}\n service: servicenetworking.googleapis.com\n enabled: true\n options:\n dependsOn:\n - ${defaultConnection}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nVPCServiceControls can be imported using any of these accepted formats:\n\n* `services/{{service}}/projects/{{project}}/networks/{{network}}`\n\n* `{{service}}/{{project}}/{{network}}`\n\n* `{{service}}/{{network}}`\n\nWhen using the `pulumi import` command, VPCServiceControls can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:servicenetworking/vpcServiceControls:VpcServiceControls default services/{{service}}/projects/{{project}}/networks/{{network}}\n```\n\n```sh\n$ pulumi import gcp:servicenetworking/vpcServiceControls:VpcServiceControls default {{service}}/{{project}}/{{network}}\n```\n\n```sh\n$ pulumi import gcp:servicenetworking/vpcServiceControls:VpcServiceControls default {{service}}/{{network}}\n```\n\n", "properties": { "enabled": { "type": "boolean", @@ -264515,7 +264515,7 @@ } }, "gcp:serviceusage/consumerQuotaOverride:ConsumerQuotaOverride": { - "description": "A consumer override is applied to the consumer on its own authority to limit its own quota usage.\nConsumer overrides cannot be used to grant more quota than would be allowed by admin overrides,\nproducer overrides, or the default limit of the service.\n\nTo get more information about ConsumerQuotaOverride, see:\n* How-to Guides\n * [Managing Service Quota](https://cloud.google.com/service-usage/docs/manage-quota )\n * [REST API documentation](https://cloud.google.com/service-usage/docs/reference/rest/v1beta1/services.consumerQuotaMetrics.limits.consumerOverrides)\n\n## Example Usage\n\n### Consumer Quota Override\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst myProject = new gcp.organizations.Project(\"my_project\", {\n name: \"tf-test-project\",\n projectId: \"quota\",\n orgId: \"123456789\",\n deletionPolicy: \"DELETE\",\n});\nconst override = new gcp.serviceusage.ConsumerQuotaOverride(\"override\", {\n project: myProject.projectId,\n service: \"servicemanagement.googleapis.com\",\n metric: std.urlencode({\n input: \"servicemanagement.googleapis.com/default_requests\",\n }).then(invoke =\u003e invoke.result),\n limit: std.urlencode({\n input: \"/min/project\",\n }).then(invoke =\u003e invoke.result),\n overrideValue: \"95\",\n force: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nmy_project = gcp.organizations.Project(\"my_project\",\n name=\"tf-test-project\",\n project_id=\"quota\",\n org_id=\"123456789\",\n deletion_policy=\"DELETE\")\noverride = gcp.serviceusage.ConsumerQuotaOverride(\"override\",\n project=my_project.project_id,\n service=\"servicemanagement.googleapis.com\",\n metric=std.urlencode(input=\"servicemanagement.googleapis.com/default_requests\").result,\n limit=std.urlencode(input=\"/min/project\").result,\n override_value=\"95\",\n force=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myProject = new Gcp.Organizations.Project(\"my_project\", new()\n {\n Name = \"tf-test-project\",\n ProjectId = \"quota\",\n OrgId = \"123456789\",\n DeletionPolicy = \"DELETE\",\n });\n\n var @override = new Gcp.ServiceUsage.ConsumerQuotaOverride(\"override\", new()\n {\n Project = myProject.ProjectId,\n Service = \"servicemanagement.googleapis.com\",\n Metric = Std.Urlencode.Invoke(new()\n {\n Input = \"servicemanagement.googleapis.com/default_requests\",\n }).Apply(invoke =\u003e invoke.Result),\n Limit = Std.Urlencode.Invoke(new()\n {\n Input = \"/min/project\",\n }).Apply(invoke =\u003e invoke.Result),\n OverrideValue = \"95\",\n Force = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceusage\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyProject, err := organizations.NewProject(ctx, \"my_project\", \u0026organizations.ProjectArgs{\n\t\t\tName: pulumi.String(\"tf-test-project\"),\n\t\t\tProjectId: pulumi.String(\"quota\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeUrlencode, err := std.Urlencode(ctx, \u0026std.UrlencodeArgs{\n\t\t\tInput: \"servicemanagement.googleapis.com/default_requests\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeUrlencode1, err := std.Urlencode(ctx, \u0026std.UrlencodeArgs{\n\t\t\tInput: \"/min/project\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceusage.NewConsumerQuotaOverride(ctx, \"override\", \u0026serviceusage.ConsumerQuotaOverrideArgs{\n\t\t\tProject: myProject.ProjectId,\n\t\t\tService: pulumi.String(\"servicemanagement.googleapis.com\"),\n\t\t\tMetric: pulumi.String(invokeUrlencode.Result),\n\t\t\tLimit: pulumi.String(invokeUrlencode1.Result),\n\t\t\tOverrideValue: pulumi.String(\"95\"),\n\t\t\tForce: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.serviceusage.ConsumerQuotaOverride;\nimport com.pulumi.gcp.serviceusage.ConsumerQuotaOverrideArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myProject = new Project(\"myProject\", ProjectArgs.builder()\n .name(\"tf-test-project\")\n .projectId(\"quota\")\n .orgId(\"123456789\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var override = new ConsumerQuotaOverride(\"override\", ConsumerQuotaOverrideArgs.builder()\n .project(myProject.projectId())\n .service(\"servicemanagement.googleapis.com\")\n .metric(StdFunctions.urlencode(UrlencodeArgs.builder()\n .input(\"servicemanagement.googleapis.com/default_requests\")\n .build()).result())\n .limit(StdFunctions.urlencode(UrlencodeArgs.builder()\n .input(\"/min/project\")\n .build()).result())\n .overrideValue(\"95\")\n .force(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myProject:\n type: gcp:organizations:Project\n name: my_project\n properties:\n name: tf-test-project\n projectId: quota\n orgId: '123456789'\n deletionPolicy: DELETE\n override:\n type: gcp:serviceusage:ConsumerQuotaOverride\n properties:\n project: ${myProject.projectId}\n service: servicemanagement.googleapis.com\n metric:\n fn::invoke:\n Function: std:urlencode\n Arguments:\n input: servicemanagement.googleapis.com/default_requests\n Return: result\n limit:\n fn::invoke:\n Function: std:urlencode\n Arguments:\n input: /min/project\n Return: result\n overrideValue: '95'\n force: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Consumer Quota Override\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst myProject = new gcp.organizations.Project(\"my_project\", {\n name: \"tf-test-project\",\n projectId: \"quota\",\n orgId: \"123456789\",\n deletionPolicy: \"DELETE\",\n});\nconst override = new gcp.serviceusage.ConsumerQuotaOverride(\"override\", {\n dimensions: {\n region: \"us-central1\",\n },\n project: myProject.projectId,\n service: \"compute.googleapis.com\",\n metric: std.urlencode({\n input: \"compute.googleapis.com/n2_cpus\",\n }).then(invoke =\u003e invoke.result),\n limit: std.urlencode({\n input: \"/project/region\",\n }).then(invoke =\u003e invoke.result),\n overrideValue: \"8\",\n force: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nmy_project = gcp.organizations.Project(\"my_project\",\n name=\"tf-test-project\",\n project_id=\"quota\",\n org_id=\"123456789\",\n deletion_policy=\"DELETE\")\noverride = gcp.serviceusage.ConsumerQuotaOverride(\"override\",\n dimensions={\n \"region\": \"us-central1\",\n },\n project=my_project.project_id,\n service=\"compute.googleapis.com\",\n metric=std.urlencode(input=\"compute.googleapis.com/n2_cpus\").result,\n limit=std.urlencode(input=\"/project/region\").result,\n override_value=\"8\",\n force=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myProject = new Gcp.Organizations.Project(\"my_project\", new()\n {\n Name = \"tf-test-project\",\n ProjectId = \"quota\",\n OrgId = \"123456789\",\n DeletionPolicy = \"DELETE\",\n });\n\n var @override = new Gcp.ServiceUsage.ConsumerQuotaOverride(\"override\", new()\n {\n Dimensions = \n {\n { \"region\", \"us-central1\" },\n },\n Project = myProject.ProjectId,\n Service = \"compute.googleapis.com\",\n Metric = Std.Urlencode.Invoke(new()\n {\n Input = \"compute.googleapis.com/n2_cpus\",\n }).Apply(invoke =\u003e invoke.Result),\n Limit = Std.Urlencode.Invoke(new()\n {\n Input = \"/project/region\",\n }).Apply(invoke =\u003e invoke.Result),\n OverrideValue = \"8\",\n Force = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceusage\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyProject, err := organizations.NewProject(ctx, \"my_project\", \u0026organizations.ProjectArgs{\n\t\t\tName: pulumi.String(\"tf-test-project\"),\n\t\t\tProjectId: pulumi.String(\"quota\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeUrlencode, err := std.Urlencode(ctx, \u0026std.UrlencodeArgs{\n\t\t\tInput: \"compute.googleapis.com/n2_cpus\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeUrlencode1, err := std.Urlencode(ctx, \u0026std.UrlencodeArgs{\n\t\t\tInput: \"/project/region\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceusage.NewConsumerQuotaOverride(ctx, \"override\", \u0026serviceusage.ConsumerQuotaOverrideArgs{\n\t\t\tDimensions: pulumi.StringMap{\n\t\t\t\t\"region\": pulumi.String(\"us-central1\"),\n\t\t\t},\n\t\t\tProject: myProject.ProjectId,\n\t\t\tService: pulumi.String(\"compute.googleapis.com\"),\n\t\t\tMetric: pulumi.String(invokeUrlencode.Result),\n\t\t\tLimit: pulumi.String(invokeUrlencode1.Result),\n\t\t\tOverrideValue: pulumi.String(\"8\"),\n\t\t\tForce: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.serviceusage.ConsumerQuotaOverride;\nimport com.pulumi.gcp.serviceusage.ConsumerQuotaOverrideArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myProject = new Project(\"myProject\", ProjectArgs.builder()\n .name(\"tf-test-project\")\n .projectId(\"quota\")\n .orgId(\"123456789\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var override = new ConsumerQuotaOverride(\"override\", ConsumerQuotaOverrideArgs.builder()\n .dimensions(Map.of(\"region\", \"us-central1\"))\n .project(myProject.projectId())\n .service(\"compute.googleapis.com\")\n .metric(StdFunctions.urlencode(UrlencodeArgs.builder()\n .input(\"compute.googleapis.com/n2_cpus\")\n .build()).result())\n .limit(StdFunctions.urlencode(UrlencodeArgs.builder()\n .input(\"/project/region\")\n .build()).result())\n .overrideValue(\"8\")\n .force(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myProject:\n type: gcp:organizations:Project\n name: my_project\n properties:\n name: tf-test-project\n projectId: quota\n orgId: '123456789'\n deletionPolicy: DELETE\n override:\n type: gcp:serviceusage:ConsumerQuotaOverride\n properties:\n dimensions:\n region: us-central1\n project: ${myProject.projectId}\n service: compute.googleapis.com\n metric:\n fn::invoke:\n Function: std:urlencode\n Arguments:\n input: compute.googleapis.com/n2_cpus\n Return: result\n limit:\n fn::invoke:\n Function: std:urlencode\n Arguments:\n input: /project/region\n Return: result\n overrideValue: '8'\n force: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Consumer Quota Override Custom Dimension\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst myProject = new gcp.organizations.Project(\"my_project\", {\n name: \"tf-test-project\",\n projectId: \"quota\",\n orgId: \"123456789\",\n deletionPolicy: \"DELETE\",\n});\nconst override = new gcp.serviceusage.ConsumerQuotaOverride(\"override\", {\n project: myProject.projectId,\n service: \"libraryagent.googleapis.com\",\n metric: std.urlencode({\n input: \"libraryagent.googleapis.com/borrows\",\n }).then(invoke =\u003e invoke.result),\n limit: std.urlencode({\n input: \"/author/project\",\n }).then(invoke =\u003e invoke.result),\n overrideValue: \"1\",\n force: true,\n dimensions: {\n author: \"larry\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nmy_project = gcp.organizations.Project(\"my_project\",\n name=\"tf-test-project\",\n project_id=\"quota\",\n org_id=\"123456789\",\n deletion_policy=\"DELETE\")\noverride = gcp.serviceusage.ConsumerQuotaOverride(\"override\",\n project=my_project.project_id,\n service=\"libraryagent.googleapis.com\",\n metric=std.urlencode(input=\"libraryagent.googleapis.com/borrows\").result,\n limit=std.urlencode(input=\"/author/project\").result,\n override_value=\"1\",\n force=True,\n dimensions={\n \"author\": \"larry\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myProject = new Gcp.Organizations.Project(\"my_project\", new()\n {\n Name = \"tf-test-project\",\n ProjectId = \"quota\",\n OrgId = \"123456789\",\n DeletionPolicy = \"DELETE\",\n });\n\n var @override = new Gcp.ServiceUsage.ConsumerQuotaOverride(\"override\", new()\n {\n Project = myProject.ProjectId,\n Service = \"libraryagent.googleapis.com\",\n Metric = Std.Urlencode.Invoke(new()\n {\n Input = \"libraryagent.googleapis.com/borrows\",\n }).Apply(invoke =\u003e invoke.Result),\n Limit = Std.Urlencode.Invoke(new()\n {\n Input = \"/author/project\",\n }).Apply(invoke =\u003e invoke.Result),\n OverrideValue = \"1\",\n Force = true,\n Dimensions = \n {\n { \"author\", \"larry\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceusage\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyProject, err := organizations.NewProject(ctx, \"my_project\", \u0026organizations.ProjectArgs{\n\t\t\tName: pulumi.String(\"tf-test-project\"),\n\t\t\tProjectId: pulumi.String(\"quota\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeUrlencode, err := std.Urlencode(ctx, \u0026std.UrlencodeArgs{\n\t\t\tInput: \"libraryagent.googleapis.com/borrows\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeUrlencode1, err := std.Urlencode(ctx, \u0026std.UrlencodeArgs{\n\t\t\tInput: \"/author/project\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceusage.NewConsumerQuotaOverride(ctx, \"override\", \u0026serviceusage.ConsumerQuotaOverrideArgs{\n\t\t\tProject: myProject.ProjectId,\n\t\t\tService: pulumi.String(\"libraryagent.googleapis.com\"),\n\t\t\tMetric: pulumi.String(invokeUrlencode.Result),\n\t\t\tLimit: pulumi.String(invokeUrlencode1.Result),\n\t\t\tOverrideValue: pulumi.String(\"1\"),\n\t\t\tForce: pulumi.Bool(true),\n\t\t\tDimensions: pulumi.StringMap{\n\t\t\t\t\"author\": pulumi.String(\"larry\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.serviceusage.ConsumerQuotaOverride;\nimport com.pulumi.gcp.serviceusage.ConsumerQuotaOverrideArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myProject = new Project(\"myProject\", ProjectArgs.builder()\n .name(\"tf-test-project\")\n .projectId(\"quota\")\n .orgId(\"123456789\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var override = new ConsumerQuotaOverride(\"override\", ConsumerQuotaOverrideArgs.builder()\n .project(myProject.projectId())\n .service(\"libraryagent.googleapis.com\")\n .metric(StdFunctions.urlencode(UrlencodeArgs.builder()\n .input(\"libraryagent.googleapis.com/borrows\")\n .build()).result())\n .limit(StdFunctions.urlencode(UrlencodeArgs.builder()\n .input(\"/author/project\")\n .build()).result())\n .overrideValue(\"1\")\n .force(true)\n .dimensions(Map.of(\"author\", \"larry\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myProject:\n type: gcp:organizations:Project\n name: my_project\n properties:\n name: tf-test-project\n projectId: quota\n orgId: '123456789'\n deletionPolicy: DELETE\n override:\n type: gcp:serviceusage:ConsumerQuotaOverride\n properties:\n project: ${myProject.projectId}\n service: libraryagent.googleapis.com\n metric:\n fn::invoke:\n Function: std:urlencode\n Arguments:\n input: libraryagent.googleapis.com/borrows\n Return: result\n limit:\n fn::invoke:\n Function: std:urlencode\n Arguments:\n input: /author/project\n Return: result\n overrideValue: '1'\n force: true\n dimensions:\n author: larry\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nConsumerQuotaOverride can be imported using any of these accepted formats:\n\n* `projects/{{project}}/services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/consumerOverrides/{{name}}`\n\n* `services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/consumerOverrides/{{name}}`\n\n* `{{service}}/{{metric}}/{{limit}}/{{name}}`\n\nWhen using the `pulumi import` command, ConsumerQuotaOverride can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:serviceusage/consumerQuotaOverride:ConsumerQuotaOverride default projects/{{project}}/services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/consumerOverrides/{{name}}\n```\n\n```sh\n$ pulumi import gcp:serviceusage/consumerQuotaOverride:ConsumerQuotaOverride default services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/consumerOverrides/{{name}}\n```\n\n```sh\n$ pulumi import gcp:serviceusage/consumerQuotaOverride:ConsumerQuotaOverride default {{service}}/{{metric}}/{{limit}}/{{name}}\n```\n\n", + "description": "A consumer override is applied to the consumer on its own authority to limit its own quota usage.\nConsumer overrides cannot be used to grant more quota than would be allowed by admin overrides,\nproducer overrides, or the default limit of the service.\n\nTo get more information about ConsumerQuotaOverride, see:\n* How-to Guides\n * [Managing Service Quota](https://cloud.google.com/service-usage/docs/manage-quota )\n * [REST API documentation](https://cloud.google.com/service-usage/docs/reference/rest/v1beta1/services.consumerQuotaMetrics.limits.consumerOverrides)\n\n## Example Usage\n\n### Consumer Quota Override\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst myProject = new gcp.organizations.Project(\"my_project\", {\n name: \"tf-test-project\",\n projectId: \"quota\",\n orgId: \"123456789\",\n deletionPolicy: \"DELETE\",\n});\nconst override = new gcp.serviceusage.ConsumerQuotaOverride(\"override\", {\n project: myProject.projectId,\n service: \"servicemanagement.googleapis.com\",\n metric: std.urlencode({\n input: \"servicemanagement.googleapis.com/default_requests\",\n }).then(invoke =\u003e invoke.result),\n limit: std.urlencode({\n input: \"/min/project\",\n }).then(invoke =\u003e invoke.result),\n overrideValue: \"95\",\n force: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nmy_project = gcp.organizations.Project(\"my_project\",\n name=\"tf-test-project\",\n project_id=\"quota\",\n org_id=\"123456789\",\n deletion_policy=\"DELETE\")\noverride = gcp.serviceusage.ConsumerQuotaOverride(\"override\",\n project=my_project.project_id,\n service=\"servicemanagement.googleapis.com\",\n metric=std.urlencode(input=\"servicemanagement.googleapis.com/default_requests\").result,\n limit=std.urlencode(input=\"/min/project\").result,\n override_value=\"95\",\n force=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myProject = new Gcp.Organizations.Project(\"my_project\", new()\n {\n Name = \"tf-test-project\",\n ProjectId = \"quota\",\n OrgId = \"123456789\",\n DeletionPolicy = \"DELETE\",\n });\n\n var @override = new Gcp.ServiceUsage.ConsumerQuotaOverride(\"override\", new()\n {\n Project = myProject.ProjectId,\n Service = \"servicemanagement.googleapis.com\",\n Metric = Std.Urlencode.Invoke(new()\n {\n Input = \"servicemanagement.googleapis.com/default_requests\",\n }).Apply(invoke =\u003e invoke.Result),\n Limit = Std.Urlencode.Invoke(new()\n {\n Input = \"/min/project\",\n }).Apply(invoke =\u003e invoke.Result),\n OverrideValue = \"95\",\n Force = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceusage\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyProject, err := organizations.NewProject(ctx, \"my_project\", \u0026organizations.ProjectArgs{\n\t\t\tName: pulumi.String(\"tf-test-project\"),\n\t\t\tProjectId: pulumi.String(\"quota\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeUrlencode, err := std.Urlencode(ctx, \u0026std.UrlencodeArgs{\n\t\t\tInput: \"servicemanagement.googleapis.com/default_requests\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeUrlencode1, err := std.Urlencode(ctx, \u0026std.UrlencodeArgs{\n\t\t\tInput: \"/min/project\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceusage.NewConsumerQuotaOverride(ctx, \"override\", \u0026serviceusage.ConsumerQuotaOverrideArgs{\n\t\t\tProject: myProject.ProjectId,\n\t\t\tService: pulumi.String(\"servicemanagement.googleapis.com\"),\n\t\t\tMetric: pulumi.String(invokeUrlencode.Result),\n\t\t\tLimit: pulumi.String(invokeUrlencode1.Result),\n\t\t\tOverrideValue: pulumi.String(\"95\"),\n\t\t\tForce: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.serviceusage.ConsumerQuotaOverride;\nimport com.pulumi.gcp.serviceusage.ConsumerQuotaOverrideArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myProject = new Project(\"myProject\", ProjectArgs.builder()\n .name(\"tf-test-project\")\n .projectId(\"quota\")\n .orgId(\"123456789\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var override = new ConsumerQuotaOverride(\"override\", ConsumerQuotaOverrideArgs.builder()\n .project(myProject.projectId())\n .service(\"servicemanagement.googleapis.com\")\n .metric(StdFunctions.urlencode(UrlencodeArgs.builder()\n .input(\"servicemanagement.googleapis.com/default_requests\")\n .build()).result())\n .limit(StdFunctions.urlencode(UrlencodeArgs.builder()\n .input(\"/min/project\")\n .build()).result())\n .overrideValue(\"95\")\n .force(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myProject:\n type: gcp:organizations:Project\n name: my_project\n properties:\n name: tf-test-project\n projectId: quota\n orgId: '123456789'\n deletionPolicy: DELETE\n override:\n type: gcp:serviceusage:ConsumerQuotaOverride\n properties:\n project: ${myProject.projectId}\n service: servicemanagement.googleapis.com\n metric:\n fn::invoke:\n function: std:urlencode\n arguments:\n input: servicemanagement.googleapis.com/default_requests\n return: result\n limit:\n fn::invoke:\n function: std:urlencode\n arguments:\n input: /min/project\n return: result\n overrideValue: '95'\n force: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Region Consumer Quota Override\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst myProject = new gcp.organizations.Project(\"my_project\", {\n name: \"tf-test-project\",\n projectId: \"quota\",\n orgId: \"123456789\",\n deletionPolicy: \"DELETE\",\n});\nconst override = new gcp.serviceusage.ConsumerQuotaOverride(\"override\", {\n dimensions: {\n region: \"us-central1\",\n },\n project: myProject.projectId,\n service: \"compute.googleapis.com\",\n metric: std.urlencode({\n input: \"compute.googleapis.com/n2_cpus\",\n }).then(invoke =\u003e invoke.result),\n limit: std.urlencode({\n input: \"/project/region\",\n }).then(invoke =\u003e invoke.result),\n overrideValue: \"8\",\n force: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nmy_project = gcp.organizations.Project(\"my_project\",\n name=\"tf-test-project\",\n project_id=\"quota\",\n org_id=\"123456789\",\n deletion_policy=\"DELETE\")\noverride = gcp.serviceusage.ConsumerQuotaOverride(\"override\",\n dimensions={\n \"region\": \"us-central1\",\n },\n project=my_project.project_id,\n service=\"compute.googleapis.com\",\n metric=std.urlencode(input=\"compute.googleapis.com/n2_cpus\").result,\n limit=std.urlencode(input=\"/project/region\").result,\n override_value=\"8\",\n force=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myProject = new Gcp.Organizations.Project(\"my_project\", new()\n {\n Name = \"tf-test-project\",\n ProjectId = \"quota\",\n OrgId = \"123456789\",\n DeletionPolicy = \"DELETE\",\n });\n\n var @override = new Gcp.ServiceUsage.ConsumerQuotaOverride(\"override\", new()\n {\n Dimensions = \n {\n { \"region\", \"us-central1\" },\n },\n Project = myProject.ProjectId,\n Service = \"compute.googleapis.com\",\n Metric = Std.Urlencode.Invoke(new()\n {\n Input = \"compute.googleapis.com/n2_cpus\",\n }).Apply(invoke =\u003e invoke.Result),\n Limit = Std.Urlencode.Invoke(new()\n {\n Input = \"/project/region\",\n }).Apply(invoke =\u003e invoke.Result),\n OverrideValue = \"8\",\n Force = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceusage\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyProject, err := organizations.NewProject(ctx, \"my_project\", \u0026organizations.ProjectArgs{\n\t\t\tName: pulumi.String(\"tf-test-project\"),\n\t\t\tProjectId: pulumi.String(\"quota\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeUrlencode, err := std.Urlencode(ctx, \u0026std.UrlencodeArgs{\n\t\t\tInput: \"compute.googleapis.com/n2_cpus\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeUrlencode1, err := std.Urlencode(ctx, \u0026std.UrlencodeArgs{\n\t\t\tInput: \"/project/region\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceusage.NewConsumerQuotaOverride(ctx, \"override\", \u0026serviceusage.ConsumerQuotaOverrideArgs{\n\t\t\tDimensions: pulumi.StringMap{\n\t\t\t\t\"region\": pulumi.String(\"us-central1\"),\n\t\t\t},\n\t\t\tProject: myProject.ProjectId,\n\t\t\tService: pulumi.String(\"compute.googleapis.com\"),\n\t\t\tMetric: pulumi.String(invokeUrlencode.Result),\n\t\t\tLimit: pulumi.String(invokeUrlencode1.Result),\n\t\t\tOverrideValue: pulumi.String(\"8\"),\n\t\t\tForce: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.serviceusage.ConsumerQuotaOverride;\nimport com.pulumi.gcp.serviceusage.ConsumerQuotaOverrideArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myProject = new Project(\"myProject\", ProjectArgs.builder()\n .name(\"tf-test-project\")\n .projectId(\"quota\")\n .orgId(\"123456789\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var override = new ConsumerQuotaOverride(\"override\", ConsumerQuotaOverrideArgs.builder()\n .dimensions(Map.of(\"region\", \"us-central1\"))\n .project(myProject.projectId())\n .service(\"compute.googleapis.com\")\n .metric(StdFunctions.urlencode(UrlencodeArgs.builder()\n .input(\"compute.googleapis.com/n2_cpus\")\n .build()).result())\n .limit(StdFunctions.urlencode(UrlencodeArgs.builder()\n .input(\"/project/region\")\n .build()).result())\n .overrideValue(\"8\")\n .force(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myProject:\n type: gcp:organizations:Project\n name: my_project\n properties:\n name: tf-test-project\n projectId: quota\n orgId: '123456789'\n deletionPolicy: DELETE\n override:\n type: gcp:serviceusage:ConsumerQuotaOverride\n properties:\n dimensions:\n region: us-central1\n project: ${myProject.projectId}\n service: compute.googleapis.com\n metric:\n fn::invoke:\n function: std:urlencode\n arguments:\n input: compute.googleapis.com/n2_cpus\n return: result\n limit:\n fn::invoke:\n function: std:urlencode\n arguments:\n input: /project/region\n return: result\n overrideValue: '8'\n force: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Consumer Quota Override Custom Dimension\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst myProject = new gcp.organizations.Project(\"my_project\", {\n name: \"tf-test-project\",\n projectId: \"quota\",\n orgId: \"123456789\",\n deletionPolicy: \"DELETE\",\n});\nconst override = new gcp.serviceusage.ConsumerQuotaOverride(\"override\", {\n project: myProject.projectId,\n service: \"libraryagent.googleapis.com\",\n metric: std.urlencode({\n input: \"libraryagent.googleapis.com/borrows\",\n }).then(invoke =\u003e invoke.result),\n limit: std.urlencode({\n input: \"/author/project\",\n }).then(invoke =\u003e invoke.result),\n overrideValue: \"1\",\n force: true,\n dimensions: {\n author: \"larry\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nmy_project = gcp.organizations.Project(\"my_project\",\n name=\"tf-test-project\",\n project_id=\"quota\",\n org_id=\"123456789\",\n deletion_policy=\"DELETE\")\noverride = gcp.serviceusage.ConsumerQuotaOverride(\"override\",\n project=my_project.project_id,\n service=\"libraryagent.googleapis.com\",\n metric=std.urlencode(input=\"libraryagent.googleapis.com/borrows\").result,\n limit=std.urlencode(input=\"/author/project\").result,\n override_value=\"1\",\n force=True,\n dimensions={\n \"author\": \"larry\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myProject = new Gcp.Organizations.Project(\"my_project\", new()\n {\n Name = \"tf-test-project\",\n ProjectId = \"quota\",\n OrgId = \"123456789\",\n DeletionPolicy = \"DELETE\",\n });\n\n var @override = new Gcp.ServiceUsage.ConsumerQuotaOverride(\"override\", new()\n {\n Project = myProject.ProjectId,\n Service = \"libraryagent.googleapis.com\",\n Metric = Std.Urlencode.Invoke(new()\n {\n Input = \"libraryagent.googleapis.com/borrows\",\n }).Apply(invoke =\u003e invoke.Result),\n Limit = Std.Urlencode.Invoke(new()\n {\n Input = \"/author/project\",\n }).Apply(invoke =\u003e invoke.Result),\n OverrideValue = \"1\",\n Force = true,\n Dimensions = \n {\n { \"author\", \"larry\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceusage\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyProject, err := organizations.NewProject(ctx, \"my_project\", \u0026organizations.ProjectArgs{\n\t\t\tName: pulumi.String(\"tf-test-project\"),\n\t\t\tProjectId: pulumi.String(\"quota\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeUrlencode, err := std.Urlencode(ctx, \u0026std.UrlencodeArgs{\n\t\t\tInput: \"libraryagent.googleapis.com/borrows\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeUrlencode1, err := std.Urlencode(ctx, \u0026std.UrlencodeArgs{\n\t\t\tInput: \"/author/project\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceusage.NewConsumerQuotaOverride(ctx, \"override\", \u0026serviceusage.ConsumerQuotaOverrideArgs{\n\t\t\tProject: myProject.ProjectId,\n\t\t\tService: pulumi.String(\"libraryagent.googleapis.com\"),\n\t\t\tMetric: pulumi.String(invokeUrlencode.Result),\n\t\t\tLimit: pulumi.String(invokeUrlencode1.Result),\n\t\t\tOverrideValue: pulumi.String(\"1\"),\n\t\t\tForce: pulumi.Bool(true),\n\t\t\tDimensions: pulumi.StringMap{\n\t\t\t\t\"author\": pulumi.String(\"larry\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.serviceusage.ConsumerQuotaOverride;\nimport com.pulumi.gcp.serviceusage.ConsumerQuotaOverrideArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myProject = new Project(\"myProject\", ProjectArgs.builder()\n .name(\"tf-test-project\")\n .projectId(\"quota\")\n .orgId(\"123456789\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var override = new ConsumerQuotaOverride(\"override\", ConsumerQuotaOverrideArgs.builder()\n .project(myProject.projectId())\n .service(\"libraryagent.googleapis.com\")\n .metric(StdFunctions.urlencode(UrlencodeArgs.builder()\n .input(\"libraryagent.googleapis.com/borrows\")\n .build()).result())\n .limit(StdFunctions.urlencode(UrlencodeArgs.builder()\n .input(\"/author/project\")\n .build()).result())\n .overrideValue(\"1\")\n .force(true)\n .dimensions(Map.of(\"author\", \"larry\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myProject:\n type: gcp:organizations:Project\n name: my_project\n properties:\n name: tf-test-project\n projectId: quota\n orgId: '123456789'\n deletionPolicy: DELETE\n override:\n type: gcp:serviceusage:ConsumerQuotaOverride\n properties:\n project: ${myProject.projectId}\n service: libraryagent.googleapis.com\n metric:\n fn::invoke:\n function: std:urlencode\n arguments:\n input: libraryagent.googleapis.com/borrows\n return: result\n limit:\n fn::invoke:\n function: std:urlencode\n arguments:\n input: /author/project\n return: result\n overrideValue: '1'\n force: true\n dimensions:\n author: larry\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nConsumerQuotaOverride can be imported using any of these accepted formats:\n\n* `projects/{{project}}/services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/consumerOverrides/{{name}}`\n\n* `services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/consumerOverrides/{{name}}`\n\n* `{{service}}/{{metric}}/{{limit}}/{{name}}`\n\nWhen using the `pulumi import` command, ConsumerQuotaOverride can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:serviceusage/consumerQuotaOverride:ConsumerQuotaOverride default projects/{{project}}/services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/consumerOverrides/{{name}}\n```\n\n```sh\n$ pulumi import gcp:serviceusage/consumerQuotaOverride:ConsumerQuotaOverride default services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/consumerOverrides/{{name}}\n```\n\n```sh\n$ pulumi import gcp:serviceusage/consumerQuotaOverride:ConsumerQuotaOverride default {{service}}/{{metric}}/{{limit}}/{{name}}\n```\n\n", "properties": { "dimensions": { "type": "object", @@ -264653,7 +264653,7 @@ } }, "gcp:siteverification/owner:Owner": { - "description": "An owner is an additional user that may manage a verified web site in the\n[Google Search Console](https://www.google.com/webmasters/tools/). There\nare two types of web resource owners:\n\n* Verified owners, which are added to a web resource automatically when it\n is created (i.e., when the resource is verified). A verified owner is\n determined by the identity of the user requesting verification.\n* Additional owners, which can be added to the resource by verified owners.\n\n`gcp.siteverification.Owner` creates additional owners. If your web site\nwas verified using the\n`gcp.siteverification.WebResource`\nresource then you (or the identity was used to create the resource, such as a\nservice account) are already an owner.\n\n\u003e **Note:** The email address of the owner must belong to a Google account,\nsuch as a Gmail account, a Google Workspace account, or a GCP service account.\n\nWorking with site verification requires the `https://www.googleapis.com/auth/siteverification`\nauthentication scope. See the\nGoogle Provider authentication documentation\nto learn how to configure additional scopes.\n\nTo get more information about site owners, see:\n\n* [API documentation](https://developers.google.com/site-verification/v1)\n* How-to Guides\n * [Getting Started](https://developers.google.com/site-verification/v1/getting_started)\n\n## Example Usage\n\n### Site Verification Storage Bucket\n\nThis example uses the `FILE` verification method to verify ownership of web site hosted\nin a Google Cloud Storage bucket. Ownership is proved by creating a file with a Google-provided\nvalue in a known location. The user applying this configuration will automatically be\nadded as a verified owner, and the `gcp.siteverification.Owner` resource will add\n`user@example.com` as an additional owner.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: \"example-storage-bucket\",\n location: \"US\",\n});\nconst token = gcp.siteverification.getTokenOutput({\n type: \"SITE\",\n identifier: pulumi.interpolate`https://${bucket.name}.storage.googleapis.com/`,\n verificationMethod: \"FILE\",\n});\nconst object = new gcp.storage.BucketObject(\"object\", {\n name: token.apply(token =\u003e token.token),\n content: token.apply(token =\u003e `google-site-verification: ${token.token}`),\n bucket: bucket.name,\n});\nconst publicRule = new gcp.storage.ObjectAccessControl(\"public_rule\", {\n bucket: bucket.name,\n object: object.name,\n role: \"READER\",\n entity: \"allUsers\",\n});\nconst example = new gcp.siteverification.WebResource(\"example\", {\n site: {\n type: token.apply(token =\u003e token.type),\n identifier: token.apply(token =\u003e token.identifier),\n },\n verificationMethod: token.apply(token =\u003e token.verificationMethod),\n});\nconst exampleOwner = new gcp.siteverification.Owner(\"example\", {\n webResourceId: example.id,\n email: \"user@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbucket = gcp.storage.Bucket(\"bucket\",\n name=\"example-storage-bucket\",\n location=\"US\")\ntoken = gcp.siteverification.get_token_output(type=\"SITE\",\n identifier=bucket.name.apply(lambda name: f\"https://{name}.storage.googleapis.com/\"),\n verification_method=\"FILE\")\nobject = gcp.storage.BucketObject(\"object\",\n name=token.token,\n content=token.apply(lambda token: f\"google-site-verification: {token.token}\"),\n bucket=bucket.name)\npublic_rule = gcp.storage.ObjectAccessControl(\"public_rule\",\n bucket=bucket.name,\n object=object.name,\n role=\"READER\",\n entity=\"allUsers\")\nexample = gcp.siteverification.WebResource(\"example\",\n site={\n \"type\": token.type,\n \"identifier\": token.identifier,\n },\n verification_method=token.verification_method)\nexample_owner = gcp.siteverification.Owner(\"example\",\n web_resource_id=example.id,\n email=\"user@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = \"example-storage-bucket\",\n Location = \"US\",\n });\n\n var token = Gcp.SiteVerification.GetToken.Invoke(new()\n {\n Type = \"SITE\",\n Identifier = $\"https://{bucket.Name}.storage.googleapis.com/\",\n VerificationMethod = \"FILE\",\n });\n\n var @object = new Gcp.Storage.BucketObject(\"object\", new()\n {\n Name = token.Apply(getTokenResult =\u003e getTokenResult.Token),\n Content = $\"google-site-verification: {token.Apply(getTokenResult =\u003e getTokenResult.Token)}\",\n Bucket = bucket.Name,\n });\n\n var publicRule = new Gcp.Storage.ObjectAccessControl(\"public_rule\", new()\n {\n Bucket = bucket.Name,\n Object = @object.Name,\n Role = \"READER\",\n Entity = \"allUsers\",\n });\n\n var example = new Gcp.SiteVerification.WebResource(\"example\", new()\n {\n Site = new Gcp.SiteVerification.Inputs.WebResourceSiteArgs\n {\n Type = token.Apply(getTokenResult =\u003e getTokenResult.Type),\n Identifier = token.Apply(getTokenResult =\u003e getTokenResult.Identifier),\n },\n VerificationMethod = token.Apply(getTokenResult =\u003e getTokenResult.VerificationMethod),\n });\n\n var exampleOwner = new Gcp.SiteVerification.Owner(\"example\", new()\n {\n WebResourceId = example.Id,\n Email = \"user@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/siteverification\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"example-storage-bucket\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttoken := siteverification.GetTokenOutput(ctx, siteverification.GetTokenOutputArgs{\n\t\t\tType: pulumi.String(\"SITE\"),\n\t\t\tIdentifier: bucket.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"https://%v.storage.googleapis.com/\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tVerificationMethod: pulumi.String(\"FILE\"),\n\t\t}, nil)\n\t\tobject, err := storage.NewBucketObject(ctx, \"object\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(token.ApplyT(func(token siteverification.GetTokenResult) (*string, error) {\n\t\t\t\treturn \u0026token.Token, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\tContent: token.ApplyT(func(token siteverification.GetTokenResult) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"google-site-verification: %v\", token.Token), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tBucket: bucket.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewObjectAccessControl(ctx, \"public_rule\", \u0026storage.ObjectAccessControlArgs{\n\t\t\tBucket: bucket.Name,\n\t\t\tObject: object.Name,\n\t\t\tRole: pulumi.String(\"READER\"),\n\t\t\tEntity: pulumi.String(\"allUsers\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := siteverification.NewWebResource(ctx, \"example\", \u0026siteverification.WebResourceArgs{\n\t\t\tSite: \u0026siteverification.WebResourceSiteArgs{\n\t\t\t\tType: token.ApplyT(func(token siteverification.GetTokenResult) (*string, error) {\n\t\t\t\t\treturn \u0026token.Type, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\tIdentifier: token.ApplyT(func(token siteverification.GetTokenResult) (*string, error) {\n\t\t\t\t\treturn \u0026token.Identifier, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t},\n\t\t\tVerificationMethod: pulumi.String(token.ApplyT(func(token siteverification.GetTokenResult) (*string, error) {\n\t\t\t\treturn \u0026token.VerificationMethod, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = siteverification.NewOwner(ctx, \"example\", \u0026siteverification.OwnerArgs{\n\t\t\tWebResourceId: example.ID(),\n\t\t\tEmail: pulumi.String(\"user@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.siteverification.SiteverificationFunctions;\nimport com.pulumi.gcp.siteverification.inputs.GetTokenArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.storage.ObjectAccessControl;\nimport com.pulumi.gcp.storage.ObjectAccessControlArgs;\nimport com.pulumi.gcp.siteverification.WebResource;\nimport com.pulumi.gcp.siteverification.WebResourceArgs;\nimport com.pulumi.gcp.siteverification.inputs.WebResourceSiteArgs;\nimport com.pulumi.gcp.siteverification.Owner;\nimport com.pulumi.gcp.siteverification.OwnerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(\"example-storage-bucket\")\n .location(\"US\")\n .build());\n\n final var token = SiteverificationFunctions.getToken(GetTokenArgs.builder()\n .type(\"SITE\")\n .identifier(bucket.name().applyValue(name -\u003e String.format(\"https://%s.storage.googleapis.com/\", name)))\n .verificationMethod(\"FILE\")\n .build());\n\n var object = new BucketObject(\"object\", BucketObjectArgs.builder()\n .name(token.applyValue(getTokenResult -\u003e getTokenResult).applyValue(token -\u003e token.applyValue(getTokenResult -\u003e getTokenResult.token())))\n .content(token.applyValue(getTokenResult -\u003e getTokenResult).applyValue(token -\u003e String.format(\"google-site-verification: %s\", token.applyValue(getTokenResult -\u003e getTokenResult.token()))))\n .bucket(bucket.name())\n .build());\n\n var publicRule = new ObjectAccessControl(\"publicRule\", ObjectAccessControlArgs.builder()\n .bucket(bucket.name())\n .object(object.name())\n .role(\"READER\")\n .entity(\"allUsers\")\n .build());\n\n var example = new WebResource(\"example\", WebResourceArgs.builder()\n .site(WebResourceSiteArgs.builder()\n .type(token.applyValue(getTokenResult -\u003e getTokenResult).applyValue(token -\u003e token.applyValue(getTokenResult -\u003e getTokenResult.type())))\n .identifier(token.applyValue(getTokenResult -\u003e getTokenResult).applyValue(token -\u003e token.applyValue(getTokenResult -\u003e getTokenResult.identifier())))\n .build())\n .verificationMethod(token.applyValue(getTokenResult -\u003e getTokenResult).applyValue(token -\u003e token.applyValue(getTokenResult -\u003e getTokenResult.verificationMethod())))\n .build());\n\n var exampleOwner = new Owner(\"exampleOwner\", OwnerArgs.builder()\n .webResourceId(example.id())\n .email(\"user@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: example-storage-bucket\n location: US\n object:\n type: gcp:storage:BucketObject\n properties:\n name: ${token.token}\n content: 'google-site-verification: ${token.token}'\n bucket: ${bucket.name}\n publicRule:\n type: gcp:storage:ObjectAccessControl\n name: public_rule\n properties:\n bucket: ${bucket.name}\n object: ${object.name}\n role: READER\n entity: allUsers\n example:\n type: gcp:siteverification:WebResource\n properties:\n site:\n type: ${token.type}\n identifier: ${token.identifier}\n verificationMethod: ${token.verificationMethod}\n exampleOwner:\n type: gcp:siteverification:Owner\n name: example\n properties:\n webResourceId: ${example.id}\n email: user@example.com\nvariables:\n token:\n fn::invoke:\n Function: gcp:siteverification:getToken\n Arguments:\n type: SITE\n identifier: https://${bucket.name}.storage.googleapis.com/\n verificationMethod: FILE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nOwner can be imported using this format:\n\n* `webResource/{{web_resource_id}}/{{email}}`\n\nWhen using the `pulumi import` command, Site owners can be imported using the format above. For example:\n\n```sh\n$ pulumi import gcp:siteverification/owner:Owner default webResource/{{web_resource_id}}/{{email}}\n```\n\nverified owners is to delete the web resource itself.\n\n", + "description": "An owner is an additional user that may manage a verified web site in the\n[Google Search Console](https://www.google.com/webmasters/tools/). There\nare two types of web resource owners:\n\n* Verified owners, which are added to a web resource automatically when it\n is created (i.e., when the resource is verified). A verified owner is\n determined by the identity of the user requesting verification.\n* Additional owners, which can be added to the resource by verified owners.\n\n`gcp.siteverification.Owner` creates additional owners. If your web site\nwas verified using the\n`gcp.siteverification.WebResource`\nresource then you (or the identity was used to create the resource, such as a\nservice account) are already an owner.\n\n\u003e **Note:** The email address of the owner must belong to a Google account,\nsuch as a Gmail account, a Google Workspace account, or a GCP service account.\n\nWorking with site verification requires the `https://www.googleapis.com/auth/siteverification`\nauthentication scope. See the\nGoogle Provider authentication documentation\nto learn how to configure additional scopes.\n\nTo get more information about site owners, see:\n\n* [API documentation](https://developers.google.com/site-verification/v1)\n* How-to Guides\n * [Getting Started](https://developers.google.com/site-verification/v1/getting_started)\n\n## Example Usage\n\n### Site Verification Storage Bucket\n\nThis example uses the `FILE` verification method to verify ownership of web site hosted\nin a Google Cloud Storage bucket. Ownership is proved by creating a file with a Google-provided\nvalue in a known location. The user applying this configuration will automatically be\nadded as a verified owner, and the `gcp.siteverification.Owner` resource will add\n`user@example.com` as an additional owner.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: \"example-storage-bucket\",\n location: \"US\",\n});\nconst token = gcp.siteverification.getTokenOutput({\n type: \"SITE\",\n identifier: pulumi.interpolate`https://${bucket.name}.storage.googleapis.com/`,\n verificationMethod: \"FILE\",\n});\nconst object = new gcp.storage.BucketObject(\"object\", {\n name: token.apply(token =\u003e token.token),\n content: token.apply(token =\u003e `google-site-verification: ${token.token}`),\n bucket: bucket.name,\n});\nconst publicRule = new gcp.storage.ObjectAccessControl(\"public_rule\", {\n bucket: bucket.name,\n object: object.name,\n role: \"READER\",\n entity: \"allUsers\",\n});\nconst example = new gcp.siteverification.WebResource(\"example\", {\n site: {\n type: token.apply(token =\u003e token.type),\n identifier: token.apply(token =\u003e token.identifier),\n },\n verificationMethod: token.apply(token =\u003e token.verificationMethod),\n});\nconst exampleOwner = new gcp.siteverification.Owner(\"example\", {\n webResourceId: example.id,\n email: \"user@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbucket = gcp.storage.Bucket(\"bucket\",\n name=\"example-storage-bucket\",\n location=\"US\")\ntoken = gcp.siteverification.get_token_output(type=\"SITE\",\n identifier=bucket.name.apply(lambda name: f\"https://{name}.storage.googleapis.com/\"),\n verification_method=\"FILE\")\nobject = gcp.storage.BucketObject(\"object\",\n name=token.token,\n content=token.apply(lambda token: f\"google-site-verification: {token.token}\"),\n bucket=bucket.name)\npublic_rule = gcp.storage.ObjectAccessControl(\"public_rule\",\n bucket=bucket.name,\n object=object.name,\n role=\"READER\",\n entity=\"allUsers\")\nexample = gcp.siteverification.WebResource(\"example\",\n site={\n \"type\": token.type,\n \"identifier\": token.identifier,\n },\n verification_method=token.verification_method)\nexample_owner = gcp.siteverification.Owner(\"example\",\n web_resource_id=example.id,\n email=\"user@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = \"example-storage-bucket\",\n Location = \"US\",\n });\n\n var token = Gcp.SiteVerification.GetToken.Invoke(new()\n {\n Type = \"SITE\",\n Identifier = $\"https://{bucket.Name}.storage.googleapis.com/\",\n VerificationMethod = \"FILE\",\n });\n\n var @object = new Gcp.Storage.BucketObject(\"object\", new()\n {\n Name = token.Apply(getTokenResult =\u003e getTokenResult.Token),\n Content = $\"google-site-verification: {token.Apply(getTokenResult =\u003e getTokenResult.Token)}\",\n Bucket = bucket.Name,\n });\n\n var publicRule = new Gcp.Storage.ObjectAccessControl(\"public_rule\", new()\n {\n Bucket = bucket.Name,\n Object = @object.Name,\n Role = \"READER\",\n Entity = \"allUsers\",\n });\n\n var example = new Gcp.SiteVerification.WebResource(\"example\", new()\n {\n Site = new Gcp.SiteVerification.Inputs.WebResourceSiteArgs\n {\n Type = token.Apply(getTokenResult =\u003e getTokenResult.Type),\n Identifier = token.Apply(getTokenResult =\u003e getTokenResult.Identifier),\n },\n VerificationMethod = token.Apply(getTokenResult =\u003e getTokenResult.VerificationMethod),\n });\n\n var exampleOwner = new Gcp.SiteVerification.Owner(\"example\", new()\n {\n WebResourceId = example.Id,\n Email = \"user@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/siteverification\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"example-storage-bucket\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttoken := siteverification.GetTokenOutput(ctx, siteverification.GetTokenOutputArgs{\n\t\t\tType: pulumi.String(\"SITE\"),\n\t\t\tIdentifier: bucket.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"https://%v.storage.googleapis.com/\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tVerificationMethod: pulumi.String(\"FILE\"),\n\t\t}, nil)\n\t\tobject, err := storage.NewBucketObject(ctx, \"object\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(token.ApplyT(func(token siteverification.GetTokenResult) (*string, error) {\n\t\t\t\treturn \u0026token.Token, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\tContent: token.ApplyT(func(token siteverification.GetTokenResult) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"google-site-verification: %v\", token.Token), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tBucket: bucket.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewObjectAccessControl(ctx, \"public_rule\", \u0026storage.ObjectAccessControlArgs{\n\t\t\tBucket: bucket.Name,\n\t\t\tObject: object.Name,\n\t\t\tRole: pulumi.String(\"READER\"),\n\t\t\tEntity: pulumi.String(\"allUsers\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := siteverification.NewWebResource(ctx, \"example\", \u0026siteverification.WebResourceArgs{\n\t\t\tSite: \u0026siteverification.WebResourceSiteArgs{\n\t\t\t\tType: token.ApplyT(func(token siteverification.GetTokenResult) (*string, error) {\n\t\t\t\t\treturn \u0026token.Type, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\tIdentifier: token.ApplyT(func(token siteverification.GetTokenResult) (*string, error) {\n\t\t\t\t\treturn \u0026token.Identifier, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t},\n\t\t\tVerificationMethod: pulumi.String(token.ApplyT(func(token siteverification.GetTokenResult) (*string, error) {\n\t\t\t\treturn \u0026token.VerificationMethod, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = siteverification.NewOwner(ctx, \"example\", \u0026siteverification.OwnerArgs{\n\t\t\tWebResourceId: example.ID(),\n\t\t\tEmail: pulumi.String(\"user@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.siteverification.SiteverificationFunctions;\nimport com.pulumi.gcp.siteverification.inputs.GetTokenArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.storage.ObjectAccessControl;\nimport com.pulumi.gcp.storage.ObjectAccessControlArgs;\nimport com.pulumi.gcp.siteverification.WebResource;\nimport com.pulumi.gcp.siteverification.WebResourceArgs;\nimport com.pulumi.gcp.siteverification.inputs.WebResourceSiteArgs;\nimport com.pulumi.gcp.siteverification.Owner;\nimport com.pulumi.gcp.siteverification.OwnerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(\"example-storage-bucket\")\n .location(\"US\")\n .build());\n\n final var token = SiteverificationFunctions.getToken(GetTokenArgs.builder()\n .type(\"SITE\")\n .identifier(bucket.name().applyValue(name -\u003e String.format(\"https://%s.storage.googleapis.com/\", name)))\n .verificationMethod(\"FILE\")\n .build());\n\n var object = new BucketObject(\"object\", BucketObjectArgs.builder()\n .name(token.applyValue(getTokenResult -\u003e getTokenResult).applyValue(token -\u003e token.applyValue(getTokenResult -\u003e getTokenResult.token())))\n .content(token.applyValue(getTokenResult -\u003e getTokenResult).applyValue(token -\u003e String.format(\"google-site-verification: %s\", token.applyValue(getTokenResult -\u003e getTokenResult.token()))))\n .bucket(bucket.name())\n .build());\n\n var publicRule = new ObjectAccessControl(\"publicRule\", ObjectAccessControlArgs.builder()\n .bucket(bucket.name())\n .object(object.name())\n .role(\"READER\")\n .entity(\"allUsers\")\n .build());\n\n var example = new WebResource(\"example\", WebResourceArgs.builder()\n .site(WebResourceSiteArgs.builder()\n .type(token.applyValue(getTokenResult -\u003e getTokenResult).applyValue(token -\u003e token.applyValue(getTokenResult -\u003e getTokenResult.type())))\n .identifier(token.applyValue(getTokenResult -\u003e getTokenResult).applyValue(token -\u003e token.applyValue(getTokenResult -\u003e getTokenResult.identifier())))\n .build())\n .verificationMethod(token.applyValue(getTokenResult -\u003e getTokenResult).applyValue(token -\u003e token.applyValue(getTokenResult -\u003e getTokenResult.verificationMethod())))\n .build());\n\n var exampleOwner = new Owner(\"exampleOwner\", OwnerArgs.builder()\n .webResourceId(example.id())\n .email(\"user@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: example-storage-bucket\n location: US\n object:\n type: gcp:storage:BucketObject\n properties:\n name: ${token.token}\n content: 'google-site-verification: ${token.token}'\n bucket: ${bucket.name}\n publicRule:\n type: gcp:storage:ObjectAccessControl\n name: public_rule\n properties:\n bucket: ${bucket.name}\n object: ${object.name}\n role: READER\n entity: allUsers\n example:\n type: gcp:siteverification:WebResource\n properties:\n site:\n type: ${token.type}\n identifier: ${token.identifier}\n verificationMethod: ${token.verificationMethod}\n exampleOwner:\n type: gcp:siteverification:Owner\n name: example\n properties:\n webResourceId: ${example.id}\n email: user@example.com\nvariables:\n token:\n fn::invoke:\n function: gcp:siteverification:getToken\n arguments:\n type: SITE\n identifier: https://${bucket.name}.storage.googleapis.com/\n verificationMethod: FILE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nOwner can be imported using this format:\n\n* `webResource/{{web_resource_id}}/{{email}}`\n\nWhen using the `pulumi import` command, Site owners can be imported using the format above. For example:\n\n```sh\n$ pulumi import gcp:siteverification/owner:Owner default webResource/{{web_resource_id}}/{{email}}\n```\n\nverified owners is to delete the web resource itself.\n\n", "properties": { "email": { "type": "string", @@ -264702,7 +264702,7 @@ } }, "gcp:siteverification/webResource:WebResource": { - "description": "A web resource is a website or domain with verified ownership. Once your\nownership is verified you will be able to manage your website in the\n[Google Search Console](https://www.google.com/webmasters/tools/).\n\n\u003e **Note:** The verification data (DNS `TXT` record, HTML file, `meta` tag, etc.)\nmust already exist before the web resource is created, and must be deleted before\nthe web resource is destroyed. The Google Site Verification API checks that the\nverification data exists at creation time and does not exist at destruction time\nand will fail if the required condition is not met.\n\n\nTo get more information about WebResource, see:\n\n* [API documentation](https://developers.google.com/site-verification/v1)\n* How-to Guides\n * [Getting Started](https://developers.google.com/site-verification/v1/getting_started)\n\n## Example Usage\n\n### Site Verification Domain Record\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst token = gcp.siteverification.getToken({\n type: \"INET_DOMAIN\",\n identifier: \"www.example.com\",\n verificationMethod: \"DNS_TXT\",\n});\nconst example = new gcp.dns.RecordSet(\"example\", {\n managedZone: \"example.com\",\n name: \"www.example.com.\",\n type: \"TXT\",\n rrdatas: [token.then(token =\u003e token.token)],\n ttl: 86400,\n});\nconst exampleWebResource = new gcp.siteverification.WebResource(\"example\", {\n site: {\n type: token.then(token =\u003e token.type),\n identifier: token.then(token =\u003e token.identifier),\n },\n verificationMethod: token.then(token =\u003e token.verificationMethod),\n}, {\n dependsOn: [example],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntoken = gcp.siteverification.get_token(type=\"INET_DOMAIN\",\n identifier=\"www.example.com\",\n verification_method=\"DNS_TXT\")\nexample = gcp.dns.RecordSet(\"example\",\n managed_zone=\"example.com\",\n name=\"www.example.com.\",\n type=\"TXT\",\n rrdatas=[token.token],\n ttl=86400)\nexample_web_resource = gcp.siteverification.WebResource(\"example\",\n site={\n \"type\": token.type,\n \"identifier\": token.identifier,\n },\n verification_method=token.verification_method,\n opts = pulumi.ResourceOptions(depends_on=[example]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var token = Gcp.SiteVerification.GetToken.Invoke(new()\n {\n Type = \"INET_DOMAIN\",\n Identifier = \"www.example.com\",\n VerificationMethod = \"DNS_TXT\",\n });\n\n var example = new Gcp.Dns.RecordSet(\"example\", new()\n {\n ManagedZone = \"example.com\",\n Name = \"www.example.com.\",\n Type = \"TXT\",\n Rrdatas = new[]\n {\n token.Apply(getTokenResult =\u003e getTokenResult.Token),\n },\n Ttl = 86400,\n });\n\n var exampleWebResource = new Gcp.SiteVerification.WebResource(\"example\", new()\n {\n Site = new Gcp.SiteVerification.Inputs.WebResourceSiteArgs\n {\n Type = token.Apply(getTokenResult =\u003e getTokenResult.Type),\n Identifier = token.Apply(getTokenResult =\u003e getTokenResult.Identifier),\n },\n VerificationMethod = token.Apply(getTokenResult =\u003e getTokenResult.VerificationMethod),\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n example,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/siteverification\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttoken, err := siteverification.GetToken(ctx, \u0026siteverification.GetTokenArgs{\n\t\t\tType: \"INET_DOMAIN\",\n\t\t\tIdentifier: \"www.example.com\",\n\t\t\tVerificationMethod: \"DNS_TXT\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := dns.NewRecordSet(ctx, \"example\", \u0026dns.RecordSetArgs{\n\t\t\tManagedZone: pulumi.String(\"example.com\"),\n\t\t\tName: pulumi.String(\"www.example.com.\"),\n\t\t\tType: pulumi.String(\"TXT\"),\n\t\t\tRrdatas: pulumi.StringArray{\n\t\t\t\tpulumi.String(token.Token),\n\t\t\t},\n\t\t\tTtl: pulumi.Int(86400),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = siteverification.NewWebResource(ctx, \"example\", \u0026siteverification.WebResourceArgs{\n\t\t\tSite: \u0026siteverification.WebResourceSiteArgs{\n\t\t\t\tType: pulumi.String(token.Type),\n\t\t\t\tIdentifier: pulumi.String(token.Identifier),\n\t\t\t},\n\t\t\tVerificationMethod: pulumi.String(token.VerificationMethod),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texample,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.siteverification.SiteverificationFunctions;\nimport com.pulumi.gcp.siteverification.inputs.GetTokenArgs;\nimport com.pulumi.gcp.dns.RecordSet;\nimport com.pulumi.gcp.dns.RecordSetArgs;\nimport com.pulumi.gcp.siteverification.WebResource;\nimport com.pulumi.gcp.siteverification.WebResourceArgs;\nimport com.pulumi.gcp.siteverification.inputs.WebResourceSiteArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var token = SiteverificationFunctions.getToken(GetTokenArgs.builder()\n .type(\"INET_DOMAIN\")\n .identifier(\"www.example.com\")\n .verificationMethod(\"DNS_TXT\")\n .build());\n\n var example = new RecordSet(\"example\", RecordSetArgs.builder()\n .managedZone(\"example.com\")\n .name(\"www.example.com.\")\n .type(\"TXT\")\n .rrdatas(token.applyValue(getTokenResult -\u003e getTokenResult.token()))\n .ttl(86400)\n .build());\n\n var exampleWebResource = new WebResource(\"exampleWebResource\", WebResourceArgs.builder()\n .site(WebResourceSiteArgs.builder()\n .type(token.applyValue(getTokenResult -\u003e getTokenResult.type()))\n .identifier(token.applyValue(getTokenResult -\u003e getTokenResult.identifier()))\n .build())\n .verificationMethod(token.applyValue(getTokenResult -\u003e getTokenResult.verificationMethod()))\n .build(), CustomResourceOptions.builder()\n .dependsOn(example)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:dns:RecordSet\n properties:\n managedZone: example.com\n name: www.example.com.\n type: TXT\n rrdatas:\n - ${token.token}\n ttl: 86400\n exampleWebResource:\n type: gcp:siteverification:WebResource\n name: example\n properties:\n site:\n type: ${token.type}\n identifier: ${token.identifier}\n verificationMethod: ${token.verificationMethod}\n options:\n dependson:\n - ${example}\nvariables:\n token:\n fn::invoke:\n Function: gcp:siteverification:getToken\n Arguments:\n type: INET_DOMAIN\n identifier: www.example.com\n verificationMethod: DNS_TXT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nWebResource can be imported using any of these accepted formats:\n\n* `webResource/{{web_resource_id}}`\n\n* `{{web_resource_id}}`\n\nWhen using the `pulumi import` command, WebResource can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:siteverification/webResource:WebResource default webResource/{{web_resource_id}}\n```\n\n```sh\n$ pulumi import gcp:siteverification/webResource:WebResource default {{web_resource_id}}\n```\n\n", + "description": "A web resource is a website or domain with verified ownership. Once your\nownership is verified you will be able to manage your website in the\n[Google Search Console](https://www.google.com/webmasters/tools/).\n\n\u003e **Note:** The verification data (DNS `TXT` record, HTML file, `meta` tag, etc.)\nmust already exist before the web resource is created, and must be deleted before\nthe web resource is destroyed. The Google Site Verification API checks that the\nverification data exists at creation time and does not exist at destruction time\nand will fail if the required condition is not met.\n\n\nTo get more information about WebResource, see:\n\n* [API documentation](https://developers.google.com/site-verification/v1)\n* How-to Guides\n * [Getting Started](https://developers.google.com/site-verification/v1/getting_started)\n\n## Example Usage\n\n### Site Verification Domain Record\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst token = gcp.siteverification.getToken({\n type: \"INET_DOMAIN\",\n identifier: \"www.example.com\",\n verificationMethod: \"DNS_TXT\",\n});\nconst example = new gcp.dns.RecordSet(\"example\", {\n managedZone: \"example.com\",\n name: \"www.example.com.\",\n type: \"TXT\",\n rrdatas: [token.then(token =\u003e token.token)],\n ttl: 86400,\n});\nconst exampleWebResource = new gcp.siteverification.WebResource(\"example\", {\n site: {\n type: token.then(token =\u003e token.type),\n identifier: token.then(token =\u003e token.identifier),\n },\n verificationMethod: token.then(token =\u003e token.verificationMethod),\n}, {\n dependsOn: [example],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntoken = gcp.siteverification.get_token(type=\"INET_DOMAIN\",\n identifier=\"www.example.com\",\n verification_method=\"DNS_TXT\")\nexample = gcp.dns.RecordSet(\"example\",\n managed_zone=\"example.com\",\n name=\"www.example.com.\",\n type=\"TXT\",\n rrdatas=[token.token],\n ttl=86400)\nexample_web_resource = gcp.siteverification.WebResource(\"example\",\n site={\n \"type\": token.type,\n \"identifier\": token.identifier,\n },\n verification_method=token.verification_method,\n opts = pulumi.ResourceOptions(depends_on=[example]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var token = Gcp.SiteVerification.GetToken.Invoke(new()\n {\n Type = \"INET_DOMAIN\",\n Identifier = \"www.example.com\",\n VerificationMethod = \"DNS_TXT\",\n });\n\n var example = new Gcp.Dns.RecordSet(\"example\", new()\n {\n ManagedZone = \"example.com\",\n Name = \"www.example.com.\",\n Type = \"TXT\",\n Rrdatas = new[]\n {\n token.Apply(getTokenResult =\u003e getTokenResult.Token),\n },\n Ttl = 86400,\n });\n\n var exampleWebResource = new Gcp.SiteVerification.WebResource(\"example\", new()\n {\n Site = new Gcp.SiteVerification.Inputs.WebResourceSiteArgs\n {\n Type = token.Apply(getTokenResult =\u003e getTokenResult.Type),\n Identifier = token.Apply(getTokenResult =\u003e getTokenResult.Identifier),\n },\n VerificationMethod = token.Apply(getTokenResult =\u003e getTokenResult.VerificationMethod),\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n example,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/siteverification\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttoken, err := siteverification.GetToken(ctx, \u0026siteverification.GetTokenArgs{\n\t\t\tType: \"INET_DOMAIN\",\n\t\t\tIdentifier: \"www.example.com\",\n\t\t\tVerificationMethod: \"DNS_TXT\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := dns.NewRecordSet(ctx, \"example\", \u0026dns.RecordSetArgs{\n\t\t\tManagedZone: pulumi.String(\"example.com\"),\n\t\t\tName: pulumi.String(\"www.example.com.\"),\n\t\t\tType: pulumi.String(\"TXT\"),\n\t\t\tRrdatas: pulumi.StringArray{\n\t\t\t\tpulumi.String(token.Token),\n\t\t\t},\n\t\t\tTtl: pulumi.Int(86400),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = siteverification.NewWebResource(ctx, \"example\", \u0026siteverification.WebResourceArgs{\n\t\t\tSite: \u0026siteverification.WebResourceSiteArgs{\n\t\t\t\tType: pulumi.String(token.Type),\n\t\t\t\tIdentifier: pulumi.String(token.Identifier),\n\t\t\t},\n\t\t\tVerificationMethod: pulumi.String(token.VerificationMethod),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texample,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.siteverification.SiteverificationFunctions;\nimport com.pulumi.gcp.siteverification.inputs.GetTokenArgs;\nimport com.pulumi.gcp.dns.RecordSet;\nimport com.pulumi.gcp.dns.RecordSetArgs;\nimport com.pulumi.gcp.siteverification.WebResource;\nimport com.pulumi.gcp.siteverification.WebResourceArgs;\nimport com.pulumi.gcp.siteverification.inputs.WebResourceSiteArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var token = SiteverificationFunctions.getToken(GetTokenArgs.builder()\n .type(\"INET_DOMAIN\")\n .identifier(\"www.example.com\")\n .verificationMethod(\"DNS_TXT\")\n .build());\n\n var example = new RecordSet(\"example\", RecordSetArgs.builder()\n .managedZone(\"example.com\")\n .name(\"www.example.com.\")\n .type(\"TXT\")\n .rrdatas(token.applyValue(getTokenResult -\u003e getTokenResult.token()))\n .ttl(86400)\n .build());\n\n var exampleWebResource = new WebResource(\"exampleWebResource\", WebResourceArgs.builder()\n .site(WebResourceSiteArgs.builder()\n .type(token.applyValue(getTokenResult -\u003e getTokenResult.type()))\n .identifier(token.applyValue(getTokenResult -\u003e getTokenResult.identifier()))\n .build())\n .verificationMethod(token.applyValue(getTokenResult -\u003e getTokenResult.verificationMethod()))\n .build(), CustomResourceOptions.builder()\n .dependsOn(example)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:dns:RecordSet\n properties:\n managedZone: example.com\n name: www.example.com.\n type: TXT\n rrdatas:\n - ${token.token}\n ttl: 86400\n exampleWebResource:\n type: gcp:siteverification:WebResource\n name: example\n properties:\n site:\n type: ${token.type}\n identifier: ${token.identifier}\n verificationMethod: ${token.verificationMethod}\n options:\n dependsOn:\n - ${example}\nvariables:\n token:\n fn::invoke:\n function: gcp:siteverification:getToken\n arguments:\n type: INET_DOMAIN\n identifier: www.example.com\n verificationMethod: DNS_TXT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nWebResource can be imported using any of these accepted formats:\n\n* `webResource/{{web_resource_id}}`\n\n* `{{web_resource_id}}`\n\nWhen using the `pulumi import` command, WebResource can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:siteverification/webResource:WebResource default webResource/{{web_resource_id}}\n```\n\n```sh\n$ pulumi import gcp:siteverification/webResource:WebResource default {{web_resource_id}}\n```\n\n", "properties": { "owners": { "type": "array", @@ -264871,7 +264871,7 @@ } }, "gcp:sourcerepo/repositoryIamBinding:RepositoryIamBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud Source Repositories Repository. Each of these resources serves a different use case:\n\n* `gcp.sourcerepo.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.sourcerepo.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.sourcerepo.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.sourcerepo.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.sourcerepo.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.sourcerepo.RepositoryIamBinding` and `gcp.sourcerepo.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.sourcerepo.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.sourcerepo.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.sourcerepo.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.sourcerepo.RepositoryIamPolicy(\"policy\", {\n project: my_repo.project,\n repository: my_repo.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.sourcerepo.RepositoryIamPolicy(\"policy\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SourceRepo.RepositoryIamPolicy(\"policy\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sourcerepo.NewRepositoryIamPolicy(ctx, \"policy\", \u0026sourcerepo.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamPolicy;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:sourcerepo:RepositoryIamPolicy\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.sourcerepo.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.sourcerepo.RepositoryIamBinding(\"binding\", {\n project: my_repo.project,\n repository: my_repo.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.sourcerepo.RepositoryIamBinding(\"binding\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SourceRepo.RepositoryIamBinding(\"binding\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sourcerepo.NewRepositoryIamBinding(ctx, \"binding\", \u0026sourcerepo.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamBinding;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:sourcerepo:RepositoryIamBinding\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.sourcerepo.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.sourcerepo.RepositoryIamMember(\"member\", {\n project: my_repo.project,\n repository: my_repo.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.sourcerepo.RepositoryIamMember(\"member\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SourceRepo.RepositoryIamMember(\"member\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sourcerepo.NewRepositoryIamMember(ctx, \"member\", \u0026sourcerepo.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamMember;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:sourcerepo:RepositoryIamMember\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Source Repositories Repository\nThree different resources help you manage your IAM policy for Cloud Source Repositories Repository. Each of these resources serves a different use case:\n\n* `gcp.sourcerepo.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.sourcerepo.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.sourcerepo.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.sourcerepo.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.sourcerepo.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.sourcerepo.RepositoryIamBinding` and `gcp.sourcerepo.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.sourcerepo.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.sourcerepo.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.sourcerepo.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.sourcerepo.RepositoryIamPolicy(\"policy\", {\n project: my_repo.project,\n repository: my_repo.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.sourcerepo.RepositoryIamPolicy(\"policy\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SourceRepo.RepositoryIamPolicy(\"policy\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sourcerepo.NewRepositoryIamPolicy(ctx, \"policy\", \u0026sourcerepo.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamPolicy;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:sourcerepo:RepositoryIamPolicy\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.sourcerepo.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.sourcerepo.RepositoryIamBinding(\"binding\", {\n project: my_repo.project,\n repository: my_repo.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.sourcerepo.RepositoryIamBinding(\"binding\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SourceRepo.RepositoryIamBinding(\"binding\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sourcerepo.NewRepositoryIamBinding(ctx, \"binding\", \u0026sourcerepo.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamBinding;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:sourcerepo:RepositoryIamBinding\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.sourcerepo.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.sourcerepo.RepositoryIamMember(\"member\", {\n project: my_repo.project,\n repository: my_repo.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.sourcerepo.RepositoryIamMember(\"member\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SourceRepo.RepositoryIamMember(\"member\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sourcerepo.NewRepositoryIamMember(ctx, \"member\", \u0026sourcerepo.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamMember;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:sourcerepo:RepositoryIamMember\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/repos/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Source Repositories repository IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamBinding:RepositoryIamBinding editor \"projects/{{project}}/repos/{{repository}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamBinding:RepositoryIamBinding editor \"projects/{{project}}/repos/{{repository}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamBinding:RepositoryIamBinding editor projects/{{project}}/repos/{{repository}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Source Repositories Repository. Each of these resources serves a different use case:\n\n* `gcp.sourcerepo.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.sourcerepo.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.sourcerepo.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.sourcerepo.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.sourcerepo.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.sourcerepo.RepositoryIamBinding` and `gcp.sourcerepo.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.sourcerepo.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.sourcerepo.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.sourcerepo.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.sourcerepo.RepositoryIamPolicy(\"policy\", {\n project: my_repo.project,\n repository: my_repo.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.sourcerepo.RepositoryIamPolicy(\"policy\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SourceRepo.RepositoryIamPolicy(\"policy\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sourcerepo.NewRepositoryIamPolicy(ctx, \"policy\", \u0026sourcerepo.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamPolicy;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:sourcerepo:RepositoryIamPolicy\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.sourcerepo.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.sourcerepo.RepositoryIamBinding(\"binding\", {\n project: my_repo.project,\n repository: my_repo.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.sourcerepo.RepositoryIamBinding(\"binding\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SourceRepo.RepositoryIamBinding(\"binding\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sourcerepo.NewRepositoryIamBinding(ctx, \"binding\", \u0026sourcerepo.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamBinding;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:sourcerepo:RepositoryIamBinding\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.sourcerepo.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.sourcerepo.RepositoryIamMember(\"member\", {\n project: my_repo.project,\n repository: my_repo.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.sourcerepo.RepositoryIamMember(\"member\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SourceRepo.RepositoryIamMember(\"member\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sourcerepo.NewRepositoryIamMember(ctx, \"member\", \u0026sourcerepo.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamMember;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:sourcerepo:RepositoryIamMember\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Source Repositories Repository\nThree different resources help you manage your IAM policy for Cloud Source Repositories Repository. Each of these resources serves a different use case:\n\n* `gcp.sourcerepo.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.sourcerepo.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.sourcerepo.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.sourcerepo.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.sourcerepo.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.sourcerepo.RepositoryIamBinding` and `gcp.sourcerepo.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.sourcerepo.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.sourcerepo.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.sourcerepo.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.sourcerepo.RepositoryIamPolicy(\"policy\", {\n project: my_repo.project,\n repository: my_repo.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.sourcerepo.RepositoryIamPolicy(\"policy\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SourceRepo.RepositoryIamPolicy(\"policy\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sourcerepo.NewRepositoryIamPolicy(ctx, \"policy\", \u0026sourcerepo.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamPolicy;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:sourcerepo:RepositoryIamPolicy\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.sourcerepo.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.sourcerepo.RepositoryIamBinding(\"binding\", {\n project: my_repo.project,\n repository: my_repo.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.sourcerepo.RepositoryIamBinding(\"binding\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SourceRepo.RepositoryIamBinding(\"binding\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sourcerepo.NewRepositoryIamBinding(ctx, \"binding\", \u0026sourcerepo.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamBinding;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:sourcerepo:RepositoryIamBinding\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.sourcerepo.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.sourcerepo.RepositoryIamMember(\"member\", {\n project: my_repo.project,\n repository: my_repo.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.sourcerepo.RepositoryIamMember(\"member\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SourceRepo.RepositoryIamMember(\"member\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sourcerepo.NewRepositoryIamMember(ctx, \"member\", \u0026sourcerepo.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamMember;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:sourcerepo:RepositoryIamMember\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/repos/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Source Repositories repository IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamBinding:RepositoryIamBinding editor \"projects/{{project}}/repos/{{repository}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamBinding:RepositoryIamBinding editor \"projects/{{project}}/repos/{{repository}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamBinding:RepositoryIamBinding editor projects/{{project}}/repos/{{repository}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:sourcerepo/RepositoryIamBindingCondition:RepositoryIamBindingCondition" @@ -264978,7 +264978,7 @@ } }, "gcp:sourcerepo/repositoryIamMember:RepositoryIamMember": { - "description": "Three different resources help you manage your IAM policy for Cloud Source Repositories Repository. Each of these resources serves a different use case:\n\n* `gcp.sourcerepo.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.sourcerepo.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.sourcerepo.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.sourcerepo.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.sourcerepo.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.sourcerepo.RepositoryIamBinding` and `gcp.sourcerepo.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.sourcerepo.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.sourcerepo.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.sourcerepo.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.sourcerepo.RepositoryIamPolicy(\"policy\", {\n project: my_repo.project,\n repository: my_repo.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.sourcerepo.RepositoryIamPolicy(\"policy\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SourceRepo.RepositoryIamPolicy(\"policy\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sourcerepo.NewRepositoryIamPolicy(ctx, \"policy\", \u0026sourcerepo.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamPolicy;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:sourcerepo:RepositoryIamPolicy\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.sourcerepo.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.sourcerepo.RepositoryIamBinding(\"binding\", {\n project: my_repo.project,\n repository: my_repo.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.sourcerepo.RepositoryIamBinding(\"binding\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SourceRepo.RepositoryIamBinding(\"binding\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sourcerepo.NewRepositoryIamBinding(ctx, \"binding\", \u0026sourcerepo.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamBinding;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:sourcerepo:RepositoryIamBinding\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.sourcerepo.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.sourcerepo.RepositoryIamMember(\"member\", {\n project: my_repo.project,\n repository: my_repo.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.sourcerepo.RepositoryIamMember(\"member\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SourceRepo.RepositoryIamMember(\"member\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sourcerepo.NewRepositoryIamMember(ctx, \"member\", \u0026sourcerepo.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamMember;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:sourcerepo:RepositoryIamMember\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Source Repositories Repository\nThree different resources help you manage your IAM policy for Cloud Source Repositories Repository. Each of these resources serves a different use case:\n\n* `gcp.sourcerepo.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.sourcerepo.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.sourcerepo.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.sourcerepo.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.sourcerepo.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.sourcerepo.RepositoryIamBinding` and `gcp.sourcerepo.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.sourcerepo.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.sourcerepo.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.sourcerepo.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.sourcerepo.RepositoryIamPolicy(\"policy\", {\n project: my_repo.project,\n repository: my_repo.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.sourcerepo.RepositoryIamPolicy(\"policy\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SourceRepo.RepositoryIamPolicy(\"policy\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sourcerepo.NewRepositoryIamPolicy(ctx, \"policy\", \u0026sourcerepo.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamPolicy;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:sourcerepo:RepositoryIamPolicy\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.sourcerepo.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.sourcerepo.RepositoryIamBinding(\"binding\", {\n project: my_repo.project,\n repository: my_repo.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.sourcerepo.RepositoryIamBinding(\"binding\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SourceRepo.RepositoryIamBinding(\"binding\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sourcerepo.NewRepositoryIamBinding(ctx, \"binding\", \u0026sourcerepo.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamBinding;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:sourcerepo:RepositoryIamBinding\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.sourcerepo.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.sourcerepo.RepositoryIamMember(\"member\", {\n project: my_repo.project,\n repository: my_repo.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.sourcerepo.RepositoryIamMember(\"member\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SourceRepo.RepositoryIamMember(\"member\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sourcerepo.NewRepositoryIamMember(ctx, \"member\", \u0026sourcerepo.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamMember;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:sourcerepo:RepositoryIamMember\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/repos/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Source Repositories repository IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamMember:RepositoryIamMember editor \"projects/{{project}}/repos/{{repository}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamMember:RepositoryIamMember editor \"projects/{{project}}/repos/{{repository}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamMember:RepositoryIamMember editor projects/{{project}}/repos/{{repository}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Source Repositories Repository. Each of these resources serves a different use case:\n\n* `gcp.sourcerepo.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.sourcerepo.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.sourcerepo.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.sourcerepo.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.sourcerepo.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.sourcerepo.RepositoryIamBinding` and `gcp.sourcerepo.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.sourcerepo.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.sourcerepo.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.sourcerepo.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.sourcerepo.RepositoryIamPolicy(\"policy\", {\n project: my_repo.project,\n repository: my_repo.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.sourcerepo.RepositoryIamPolicy(\"policy\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SourceRepo.RepositoryIamPolicy(\"policy\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sourcerepo.NewRepositoryIamPolicy(ctx, \"policy\", \u0026sourcerepo.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamPolicy;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:sourcerepo:RepositoryIamPolicy\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.sourcerepo.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.sourcerepo.RepositoryIamBinding(\"binding\", {\n project: my_repo.project,\n repository: my_repo.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.sourcerepo.RepositoryIamBinding(\"binding\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SourceRepo.RepositoryIamBinding(\"binding\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sourcerepo.NewRepositoryIamBinding(ctx, \"binding\", \u0026sourcerepo.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamBinding;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:sourcerepo:RepositoryIamBinding\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.sourcerepo.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.sourcerepo.RepositoryIamMember(\"member\", {\n project: my_repo.project,\n repository: my_repo.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.sourcerepo.RepositoryIamMember(\"member\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SourceRepo.RepositoryIamMember(\"member\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sourcerepo.NewRepositoryIamMember(ctx, \"member\", \u0026sourcerepo.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamMember;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:sourcerepo:RepositoryIamMember\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Source Repositories Repository\nThree different resources help you manage your IAM policy for Cloud Source Repositories Repository. Each of these resources serves a different use case:\n\n* `gcp.sourcerepo.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.sourcerepo.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.sourcerepo.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.sourcerepo.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.sourcerepo.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.sourcerepo.RepositoryIamBinding` and `gcp.sourcerepo.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.sourcerepo.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.sourcerepo.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.sourcerepo.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.sourcerepo.RepositoryIamPolicy(\"policy\", {\n project: my_repo.project,\n repository: my_repo.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.sourcerepo.RepositoryIamPolicy(\"policy\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SourceRepo.RepositoryIamPolicy(\"policy\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sourcerepo.NewRepositoryIamPolicy(ctx, \"policy\", \u0026sourcerepo.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamPolicy;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:sourcerepo:RepositoryIamPolicy\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.sourcerepo.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.sourcerepo.RepositoryIamBinding(\"binding\", {\n project: my_repo.project,\n repository: my_repo.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.sourcerepo.RepositoryIamBinding(\"binding\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SourceRepo.RepositoryIamBinding(\"binding\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sourcerepo.NewRepositoryIamBinding(ctx, \"binding\", \u0026sourcerepo.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamBinding;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:sourcerepo:RepositoryIamBinding\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.sourcerepo.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.sourcerepo.RepositoryIamMember(\"member\", {\n project: my_repo.project,\n repository: my_repo.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.sourcerepo.RepositoryIamMember(\"member\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SourceRepo.RepositoryIamMember(\"member\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sourcerepo.NewRepositoryIamMember(ctx, \"member\", \u0026sourcerepo.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamMember;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:sourcerepo:RepositoryIamMember\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/repos/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Source Repositories repository IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamMember:RepositoryIamMember editor \"projects/{{project}}/repos/{{repository}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamMember:RepositoryIamMember editor \"projects/{{project}}/repos/{{repository}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamMember:RepositoryIamMember editor projects/{{project}}/repos/{{repository}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:sourcerepo/RepositoryIamMemberCondition:RepositoryIamMemberCondition" @@ -265078,7 +265078,7 @@ } }, "gcp:sourcerepo/repositoryIamPolicy:RepositoryIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud Source Repositories Repository. Each of these resources serves a different use case:\n\n* `gcp.sourcerepo.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.sourcerepo.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.sourcerepo.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.sourcerepo.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.sourcerepo.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.sourcerepo.RepositoryIamBinding` and `gcp.sourcerepo.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.sourcerepo.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.sourcerepo.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.sourcerepo.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.sourcerepo.RepositoryIamPolicy(\"policy\", {\n project: my_repo.project,\n repository: my_repo.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.sourcerepo.RepositoryIamPolicy(\"policy\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SourceRepo.RepositoryIamPolicy(\"policy\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sourcerepo.NewRepositoryIamPolicy(ctx, \"policy\", \u0026sourcerepo.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamPolicy;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:sourcerepo:RepositoryIamPolicy\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.sourcerepo.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.sourcerepo.RepositoryIamBinding(\"binding\", {\n project: my_repo.project,\n repository: my_repo.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.sourcerepo.RepositoryIamBinding(\"binding\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SourceRepo.RepositoryIamBinding(\"binding\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sourcerepo.NewRepositoryIamBinding(ctx, \"binding\", \u0026sourcerepo.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamBinding;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:sourcerepo:RepositoryIamBinding\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.sourcerepo.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.sourcerepo.RepositoryIamMember(\"member\", {\n project: my_repo.project,\n repository: my_repo.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.sourcerepo.RepositoryIamMember(\"member\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SourceRepo.RepositoryIamMember(\"member\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sourcerepo.NewRepositoryIamMember(ctx, \"member\", \u0026sourcerepo.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamMember;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:sourcerepo:RepositoryIamMember\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Source Repositories Repository\nThree different resources help you manage your IAM policy for Cloud Source Repositories Repository. Each of these resources serves a different use case:\n\n* `gcp.sourcerepo.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.sourcerepo.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.sourcerepo.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.sourcerepo.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.sourcerepo.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.sourcerepo.RepositoryIamBinding` and `gcp.sourcerepo.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.sourcerepo.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.sourcerepo.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.sourcerepo.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.sourcerepo.RepositoryIamPolicy(\"policy\", {\n project: my_repo.project,\n repository: my_repo.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.sourcerepo.RepositoryIamPolicy(\"policy\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SourceRepo.RepositoryIamPolicy(\"policy\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sourcerepo.NewRepositoryIamPolicy(ctx, \"policy\", \u0026sourcerepo.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamPolicy;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:sourcerepo:RepositoryIamPolicy\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.sourcerepo.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.sourcerepo.RepositoryIamBinding(\"binding\", {\n project: my_repo.project,\n repository: my_repo.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.sourcerepo.RepositoryIamBinding(\"binding\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SourceRepo.RepositoryIamBinding(\"binding\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sourcerepo.NewRepositoryIamBinding(ctx, \"binding\", \u0026sourcerepo.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamBinding;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:sourcerepo:RepositoryIamBinding\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.sourcerepo.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.sourcerepo.RepositoryIamMember(\"member\", {\n project: my_repo.project,\n repository: my_repo.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.sourcerepo.RepositoryIamMember(\"member\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SourceRepo.RepositoryIamMember(\"member\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sourcerepo.NewRepositoryIamMember(ctx, \"member\", \u0026sourcerepo.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamMember;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:sourcerepo:RepositoryIamMember\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/repos/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Source Repositories repository IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamPolicy:RepositoryIamPolicy editor \"projects/{{project}}/repos/{{repository}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamPolicy:RepositoryIamPolicy editor \"projects/{{project}}/repos/{{repository}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamPolicy:RepositoryIamPolicy editor projects/{{project}}/repos/{{repository}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Source Repositories Repository. Each of these resources serves a different use case:\n\n* `gcp.sourcerepo.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.sourcerepo.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.sourcerepo.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.sourcerepo.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.sourcerepo.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.sourcerepo.RepositoryIamBinding` and `gcp.sourcerepo.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.sourcerepo.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.sourcerepo.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.sourcerepo.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.sourcerepo.RepositoryIamPolicy(\"policy\", {\n project: my_repo.project,\n repository: my_repo.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.sourcerepo.RepositoryIamPolicy(\"policy\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SourceRepo.RepositoryIamPolicy(\"policy\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sourcerepo.NewRepositoryIamPolicy(ctx, \"policy\", \u0026sourcerepo.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamPolicy;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:sourcerepo:RepositoryIamPolicy\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.sourcerepo.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.sourcerepo.RepositoryIamBinding(\"binding\", {\n project: my_repo.project,\n repository: my_repo.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.sourcerepo.RepositoryIamBinding(\"binding\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SourceRepo.RepositoryIamBinding(\"binding\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sourcerepo.NewRepositoryIamBinding(ctx, \"binding\", \u0026sourcerepo.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamBinding;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:sourcerepo:RepositoryIamBinding\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.sourcerepo.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.sourcerepo.RepositoryIamMember(\"member\", {\n project: my_repo.project,\n repository: my_repo.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.sourcerepo.RepositoryIamMember(\"member\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SourceRepo.RepositoryIamMember(\"member\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sourcerepo.NewRepositoryIamMember(ctx, \"member\", \u0026sourcerepo.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamMember;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:sourcerepo:RepositoryIamMember\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Source Repositories Repository\nThree different resources help you manage your IAM policy for Cloud Source Repositories Repository. Each of these resources serves a different use case:\n\n* `gcp.sourcerepo.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.sourcerepo.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.sourcerepo.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.sourcerepo.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.sourcerepo.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.sourcerepo.RepositoryIamBinding` and `gcp.sourcerepo.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.sourcerepo.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.sourcerepo.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.sourcerepo.RepositoryIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.sourcerepo.RepositoryIamPolicy(\"policy\", {\n project: my_repo.project,\n repository: my_repo.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.sourcerepo.RepositoryIamPolicy(\"policy\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SourceRepo.RepositoryIamPolicy(\"policy\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sourcerepo.NewRepositoryIamPolicy(ctx, \"policy\", \u0026sourcerepo.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamPolicy;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:sourcerepo:RepositoryIamPolicy\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.sourcerepo.RepositoryIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.sourcerepo.RepositoryIamBinding(\"binding\", {\n project: my_repo.project,\n repository: my_repo.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.sourcerepo.RepositoryIamBinding(\"binding\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SourceRepo.RepositoryIamBinding(\"binding\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sourcerepo.NewRepositoryIamBinding(ctx, \"binding\", \u0026sourcerepo.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamBinding;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:sourcerepo:RepositoryIamBinding\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.sourcerepo.RepositoryIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.sourcerepo.RepositoryIamMember(\"member\", {\n project: my_repo.project,\n repository: my_repo.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.sourcerepo.RepositoryIamMember(\"member\",\n project=my_repo[\"project\"],\n repository=my_repo[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SourceRepo.RepositoryIamMember(\"member\", new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sourcerepo.NewRepositoryIamMember(ctx, \"member\", \u0026sourcerepo.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamMember;\nimport com.pulumi.gcp.sourcerepo.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:sourcerepo:RepositoryIamMember\n properties:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/repos/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Source Repositories repository IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamPolicy:RepositoryIamPolicy editor \"projects/{{project}}/repos/{{repository}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamPolicy:RepositoryIamPolicy editor \"projects/{{project}}/repos/{{repository}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamPolicy:RepositoryIamPolicy editor projects/{{project}}/repos/{{repository}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -265438,7 +265438,7 @@ } }, "gcp:spanner/databaseIAMBinding:DatabaseIAMBinding": { - "description": "Three different resources help you manage your IAM policy for a Spanner database. Each of these resources serves a different use case:\n\n* `gcp.spanner.DatabaseIAMPolicy`: Authoritative. Sets the IAM policy for the database and replaces any existing policy already attached.\n\n\u003e **Warning:** It's entirely possibly to lock yourself out of your database using `gcp.spanner.DatabaseIAMPolicy`. Any permissions granted by default will be removed unless you include them in your config.\n\n* `gcp.spanner.DatabaseIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the database are preserved.\n* `gcp.spanner.DatabaseIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the database are preserved.\n\n\u003e **Note:** `gcp.spanner.DatabaseIAMPolicy` **cannot** be used in conjunction with `gcp.spanner.DatabaseIAMBinding` and `gcp.spanner.DatabaseIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.spanner.DatabaseIAMBinding` resources **can be** used in conjunction with `gcp.spanner.DatabaseIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.spanner.DatabaseIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst database = new gcp.spanner.DatabaseIAMPolicy(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\ndatabase = gcp.spanner.DatabaseIAMPolicy(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var database = new Gcp.Spanner.DatabaseIAMPolicy(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewDatabaseIAMPolicy(ctx, \"database\", \u0026spanner.DatabaseIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicy;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var database = new DatabaseIAMPolicy(\"database\", DatabaseIAMPolicyArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMPolicy\n properties:\n instance: your-instance-name\n database: your-database-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n }],\n});\nconst database = new gcp.spanner.DatabaseIAMPolicy(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"My Role\",\n \"description\": \"Grant permissions on my_role\",\n \"expression\": \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n}])\ndatabase = gcp.spanner.DatabaseIAMPolicy(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n },\n },\n });\n\n var database = new Gcp.Spanner.DatabaseIAMPolicy(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"My Role\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Grant permissions on my_role\"),\n\t\t\t\t\t\tExpression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewDatabaseIAMPolicy(ctx, \"database\", \u0026spanner.DatabaseIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicy;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build())\n .build());\n\n var database = new DatabaseIAMPolicy(\"database\", DatabaseIAMPolicyArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMPolicy\n properties:\n instance: your-instance-name\n database: your-database-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.DatabaseIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"My Role\",\n \"description\": \"Grant permissions on my_role\",\n \"expression\": \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMBindingConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026spanner.DatabaseIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(DatabaseIAMBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.DatabaseIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"My Role\",\n \"description\": \"Grant permissions on my_role\",\n \"expression\": \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMMemberConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026spanner.DatabaseIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(DatabaseIAMMemberConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.DatabaseIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"My Role\",\n \"description\": \"Grant permissions on my_role\",\n \"expression\": \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMBindingConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026spanner.DatabaseIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(DatabaseIAMBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.DatabaseIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"My Role\",\n \"description\": \"Grant permissions on my_role\",\n \"expression\": \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMMemberConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026spanner.DatabaseIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(DatabaseIAMMemberConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Spanner Database resource in question. For example:\n\n* `{{project}}/{{instance}}/{{database}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{project}}/{{instance}}/{{database}}\n\n to = google_spanner_database_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:spanner/databaseIAMBinding:DatabaseIAMBinding default {{project}}/{{instance}}/{{database}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for a Spanner database. Each of these resources serves a different use case:\n\n* `gcp.spanner.DatabaseIAMPolicy`: Authoritative. Sets the IAM policy for the database and replaces any existing policy already attached.\n\n\u003e **Warning:** It's entirely possibly to lock yourself out of your database using `gcp.spanner.DatabaseIAMPolicy`. Any permissions granted by default will be removed unless you include them in your config.\n\n* `gcp.spanner.DatabaseIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the database are preserved.\n* `gcp.spanner.DatabaseIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the database are preserved.\n\n\u003e **Note:** `gcp.spanner.DatabaseIAMPolicy` **cannot** be used in conjunction with `gcp.spanner.DatabaseIAMBinding` and `gcp.spanner.DatabaseIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.spanner.DatabaseIAMBinding` resources **can be** used in conjunction with `gcp.spanner.DatabaseIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.spanner.DatabaseIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst database = new gcp.spanner.DatabaseIAMPolicy(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\ndatabase = gcp.spanner.DatabaseIAMPolicy(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var database = new Gcp.Spanner.DatabaseIAMPolicy(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewDatabaseIAMPolicy(ctx, \"database\", \u0026spanner.DatabaseIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicy;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var database = new DatabaseIAMPolicy(\"database\", DatabaseIAMPolicyArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMPolicy\n properties:\n instance: your-instance-name\n database: your-database-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n }],\n});\nconst database = new gcp.spanner.DatabaseIAMPolicy(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"My Role\",\n \"description\": \"Grant permissions on my_role\",\n \"expression\": \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n}])\ndatabase = gcp.spanner.DatabaseIAMPolicy(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n },\n },\n });\n\n var database = new Gcp.Spanner.DatabaseIAMPolicy(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"My Role\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Grant permissions on my_role\"),\n\t\t\t\t\t\tExpression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewDatabaseIAMPolicy(ctx, \"database\", \u0026spanner.DatabaseIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicy;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build())\n .build());\n\n var database = new DatabaseIAMPolicy(\"database\", DatabaseIAMPolicyArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMPolicy\n properties:\n instance: your-instance-name\n database: your-database-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.DatabaseIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"My Role\",\n \"description\": \"Grant permissions on my_role\",\n \"expression\": \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMBindingConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026spanner.DatabaseIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(DatabaseIAMBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.DatabaseIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"My Role\",\n \"description\": \"Grant permissions on my_role\",\n \"expression\": \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMMemberConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026spanner.DatabaseIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(DatabaseIAMMemberConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.DatabaseIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"My Role\",\n \"description\": \"Grant permissions on my_role\",\n \"expression\": \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMBindingConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026spanner.DatabaseIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(DatabaseIAMBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.DatabaseIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"My Role\",\n \"description\": \"Grant permissions on my_role\",\n \"expression\": \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMMemberConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026spanner.DatabaseIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(DatabaseIAMMemberConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Spanner Database resource in question. For example:\n\n* `{{project}}/{{instance}}/{{database}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{project}}/{{instance}}/{{database}}\n\n to = google_spanner_database_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:spanner/databaseIAMBinding:DatabaseIAMBinding default {{project}}/{{instance}}/{{database}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:spanner/DatabaseIAMBindingCondition:DatabaseIAMBindingCondition", @@ -265564,7 +265564,7 @@ } }, "gcp:spanner/databaseIAMMember:DatabaseIAMMember": { - "description": "Three different resources help you manage your IAM policy for a Spanner database. Each of these resources serves a different use case:\n\n* `gcp.spanner.DatabaseIAMPolicy`: Authoritative. Sets the IAM policy for the database and replaces any existing policy already attached.\n\n\u003e **Warning:** It's entirely possibly to lock yourself out of your database using `gcp.spanner.DatabaseIAMPolicy`. Any permissions granted by default will be removed unless you include them in your config.\n\n* `gcp.spanner.DatabaseIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the database are preserved.\n* `gcp.spanner.DatabaseIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the database are preserved.\n\n\u003e **Note:** `gcp.spanner.DatabaseIAMPolicy` **cannot** be used in conjunction with `gcp.spanner.DatabaseIAMBinding` and `gcp.spanner.DatabaseIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.spanner.DatabaseIAMBinding` resources **can be** used in conjunction with `gcp.spanner.DatabaseIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.spanner.DatabaseIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst database = new gcp.spanner.DatabaseIAMPolicy(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\ndatabase = gcp.spanner.DatabaseIAMPolicy(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var database = new Gcp.Spanner.DatabaseIAMPolicy(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewDatabaseIAMPolicy(ctx, \"database\", \u0026spanner.DatabaseIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicy;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var database = new DatabaseIAMPolicy(\"database\", DatabaseIAMPolicyArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMPolicy\n properties:\n instance: your-instance-name\n database: your-database-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n }],\n});\nconst database = new gcp.spanner.DatabaseIAMPolicy(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"My Role\",\n \"description\": \"Grant permissions on my_role\",\n \"expression\": \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n}])\ndatabase = gcp.spanner.DatabaseIAMPolicy(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n },\n },\n });\n\n var database = new Gcp.Spanner.DatabaseIAMPolicy(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"My Role\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Grant permissions on my_role\"),\n\t\t\t\t\t\tExpression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewDatabaseIAMPolicy(ctx, \"database\", \u0026spanner.DatabaseIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicy;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build())\n .build());\n\n var database = new DatabaseIAMPolicy(\"database\", DatabaseIAMPolicyArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMPolicy\n properties:\n instance: your-instance-name\n database: your-database-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.DatabaseIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"My Role\",\n \"description\": \"Grant permissions on my_role\",\n \"expression\": \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMBindingConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026spanner.DatabaseIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(DatabaseIAMBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.DatabaseIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"My Role\",\n \"description\": \"Grant permissions on my_role\",\n \"expression\": \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMMemberConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026spanner.DatabaseIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(DatabaseIAMMemberConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.DatabaseIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"My Role\",\n \"description\": \"Grant permissions on my_role\",\n \"expression\": \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMBindingConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026spanner.DatabaseIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(DatabaseIAMBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.DatabaseIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"My Role\",\n \"description\": \"Grant permissions on my_role\",\n \"expression\": \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMMemberConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026spanner.DatabaseIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(DatabaseIAMMemberConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Spanner Database resource in question. For example:\n\n* `{{project}}/{{instance}}/{{database}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{project}}/{{instance}}/{{database}}\n\n to = google_spanner_database_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:spanner/databaseIAMMember:DatabaseIAMMember default {{project}}/{{instance}}/{{database}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for a Spanner database. Each of these resources serves a different use case:\n\n* `gcp.spanner.DatabaseIAMPolicy`: Authoritative. Sets the IAM policy for the database and replaces any existing policy already attached.\n\n\u003e **Warning:** It's entirely possibly to lock yourself out of your database using `gcp.spanner.DatabaseIAMPolicy`. Any permissions granted by default will be removed unless you include them in your config.\n\n* `gcp.spanner.DatabaseIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the database are preserved.\n* `gcp.spanner.DatabaseIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the database are preserved.\n\n\u003e **Note:** `gcp.spanner.DatabaseIAMPolicy` **cannot** be used in conjunction with `gcp.spanner.DatabaseIAMBinding` and `gcp.spanner.DatabaseIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.spanner.DatabaseIAMBinding` resources **can be** used in conjunction with `gcp.spanner.DatabaseIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.spanner.DatabaseIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst database = new gcp.spanner.DatabaseIAMPolicy(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\ndatabase = gcp.spanner.DatabaseIAMPolicy(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var database = new Gcp.Spanner.DatabaseIAMPolicy(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewDatabaseIAMPolicy(ctx, \"database\", \u0026spanner.DatabaseIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicy;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var database = new DatabaseIAMPolicy(\"database\", DatabaseIAMPolicyArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMPolicy\n properties:\n instance: your-instance-name\n database: your-database-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n }],\n});\nconst database = new gcp.spanner.DatabaseIAMPolicy(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"My Role\",\n \"description\": \"Grant permissions on my_role\",\n \"expression\": \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n}])\ndatabase = gcp.spanner.DatabaseIAMPolicy(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n },\n },\n });\n\n var database = new Gcp.Spanner.DatabaseIAMPolicy(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"My Role\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Grant permissions on my_role\"),\n\t\t\t\t\t\tExpression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewDatabaseIAMPolicy(ctx, \"database\", \u0026spanner.DatabaseIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicy;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build())\n .build());\n\n var database = new DatabaseIAMPolicy(\"database\", DatabaseIAMPolicyArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMPolicy\n properties:\n instance: your-instance-name\n database: your-database-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.DatabaseIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"My Role\",\n \"description\": \"Grant permissions on my_role\",\n \"expression\": \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMBindingConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026spanner.DatabaseIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(DatabaseIAMBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.DatabaseIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"My Role\",\n \"description\": \"Grant permissions on my_role\",\n \"expression\": \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMMemberConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026spanner.DatabaseIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(DatabaseIAMMemberConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.DatabaseIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"My Role\",\n \"description\": \"Grant permissions on my_role\",\n \"expression\": \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMBindingConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026spanner.DatabaseIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(DatabaseIAMBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.DatabaseIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"My Role\",\n \"description\": \"Grant permissions on my_role\",\n \"expression\": \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMMemberConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026spanner.DatabaseIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(DatabaseIAMMemberConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Spanner Database resource in question. For example:\n\n* `{{project}}/{{instance}}/{{database}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{project}}/{{instance}}/{{database}}\n\n to = google_spanner_database_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:spanner/databaseIAMMember:DatabaseIAMMember default {{project}}/{{instance}}/{{database}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:spanner/DatabaseIAMMemberCondition:DatabaseIAMMemberCondition", @@ -265683,7 +265683,7 @@ } }, "gcp:spanner/databaseIAMPolicy:DatabaseIAMPolicy": { - "description": "Three different resources help you manage your IAM policy for a Spanner database. Each of these resources serves a different use case:\n\n* `gcp.spanner.DatabaseIAMPolicy`: Authoritative. Sets the IAM policy for the database and replaces any existing policy already attached.\n\n\u003e **Warning:** It's entirely possibly to lock yourself out of your database using `gcp.spanner.DatabaseIAMPolicy`. Any permissions granted by default will be removed unless you include them in your config.\n\n* `gcp.spanner.DatabaseIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the database are preserved.\n* `gcp.spanner.DatabaseIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the database are preserved.\n\n\u003e **Note:** `gcp.spanner.DatabaseIAMPolicy` **cannot** be used in conjunction with `gcp.spanner.DatabaseIAMBinding` and `gcp.spanner.DatabaseIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.spanner.DatabaseIAMBinding` resources **can be** used in conjunction with `gcp.spanner.DatabaseIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.spanner.DatabaseIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst database = new gcp.spanner.DatabaseIAMPolicy(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\ndatabase = gcp.spanner.DatabaseIAMPolicy(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var database = new Gcp.Spanner.DatabaseIAMPolicy(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewDatabaseIAMPolicy(ctx, \"database\", \u0026spanner.DatabaseIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicy;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var database = new DatabaseIAMPolicy(\"database\", DatabaseIAMPolicyArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMPolicy\n properties:\n instance: your-instance-name\n database: your-database-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n }],\n});\nconst database = new gcp.spanner.DatabaseIAMPolicy(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"My Role\",\n \"description\": \"Grant permissions on my_role\",\n \"expression\": \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n}])\ndatabase = gcp.spanner.DatabaseIAMPolicy(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n },\n },\n });\n\n var database = new Gcp.Spanner.DatabaseIAMPolicy(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"My Role\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Grant permissions on my_role\"),\n\t\t\t\t\t\tExpression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewDatabaseIAMPolicy(ctx, \"database\", \u0026spanner.DatabaseIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicy;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build())\n .build());\n\n var database = new DatabaseIAMPolicy(\"database\", DatabaseIAMPolicyArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMPolicy\n properties:\n instance: your-instance-name\n database: your-database-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.DatabaseIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"My Role\",\n \"description\": \"Grant permissions on my_role\",\n \"expression\": \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMBindingConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026spanner.DatabaseIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(DatabaseIAMBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.DatabaseIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"My Role\",\n \"description\": \"Grant permissions on my_role\",\n \"expression\": \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMMemberConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026spanner.DatabaseIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(DatabaseIAMMemberConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.DatabaseIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"My Role\",\n \"description\": \"Grant permissions on my_role\",\n \"expression\": \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMBindingConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026spanner.DatabaseIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(DatabaseIAMBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.DatabaseIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"My Role\",\n \"description\": \"Grant permissions on my_role\",\n \"expression\": \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMMemberConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026spanner.DatabaseIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(DatabaseIAMMemberConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Spanner Database resource in question. For example:\n\n* `{{project}}/{{instance}}/{{database}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{project}}/{{instance}}/{{database}}\n\n to = google_spanner_database_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:spanner/databaseIAMPolicy:DatabaseIAMPolicy default {{project}}/{{instance}}/{{database}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for a Spanner database. Each of these resources serves a different use case:\n\n* `gcp.spanner.DatabaseIAMPolicy`: Authoritative. Sets the IAM policy for the database and replaces any existing policy already attached.\n\n\u003e **Warning:** It's entirely possibly to lock yourself out of your database using `gcp.spanner.DatabaseIAMPolicy`. Any permissions granted by default will be removed unless you include them in your config.\n\n* `gcp.spanner.DatabaseIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the database are preserved.\n* `gcp.spanner.DatabaseIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the database are preserved.\n\n\u003e **Note:** `gcp.spanner.DatabaseIAMPolicy` **cannot** be used in conjunction with `gcp.spanner.DatabaseIAMBinding` and `gcp.spanner.DatabaseIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.spanner.DatabaseIAMBinding` resources **can be** used in conjunction with `gcp.spanner.DatabaseIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.spanner.DatabaseIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst database = new gcp.spanner.DatabaseIAMPolicy(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\ndatabase = gcp.spanner.DatabaseIAMPolicy(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var database = new Gcp.Spanner.DatabaseIAMPolicy(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewDatabaseIAMPolicy(ctx, \"database\", \u0026spanner.DatabaseIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicy;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var database = new DatabaseIAMPolicy(\"database\", DatabaseIAMPolicyArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMPolicy\n properties:\n instance: your-instance-name\n database: your-database-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n }],\n});\nconst database = new gcp.spanner.DatabaseIAMPolicy(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"My Role\",\n \"description\": \"Grant permissions on my_role\",\n \"expression\": \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n}])\ndatabase = gcp.spanner.DatabaseIAMPolicy(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n },\n },\n });\n\n var database = new Gcp.Spanner.DatabaseIAMPolicy(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"My Role\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Grant permissions on my_role\"),\n\t\t\t\t\t\tExpression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewDatabaseIAMPolicy(ctx, \"database\", \u0026spanner.DatabaseIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicy;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build())\n .build());\n\n var database = new DatabaseIAMPolicy(\"database\", DatabaseIAMPolicyArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMPolicy\n properties:\n instance: your-instance-name\n database: your-database-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.DatabaseIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"My Role\",\n \"description\": \"Grant permissions on my_role\",\n \"expression\": \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMBindingConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026spanner.DatabaseIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(DatabaseIAMBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.DatabaseIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"My Role\",\n \"description\": \"Grant permissions on my_role\",\n \"expression\": \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMMemberConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026spanner.DatabaseIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(DatabaseIAMMemberConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.DatabaseIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"My Role\",\n \"description\": \"Grant permissions on my_role\",\n \"expression\": \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMBindingConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026spanner.DatabaseIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(DatabaseIAMBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.DatabaseIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"My Role\",\n \"description\": \"Grant permissions on my_role\",\n \"expression\": \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMMemberConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026spanner.DatabaseIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(DatabaseIAMMemberConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Spanner Database resource in question. For example:\n\n* `{{project}}/{{instance}}/{{database}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{project}}/{{instance}}/{{database}}\n\n to = google_spanner_database_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:spanner/databaseIAMPolicy:DatabaseIAMPolicy default {{project}}/{{instance}}/{{database}}\n```\n\n", "properties": { "database": { "type": "string", @@ -266143,7 +266143,7 @@ } }, "gcp:spanner/instanceIAMBinding:InstanceIAMBinding": { - "description": "Three different resources help you manage your IAM policy for a Spanner instance. Each of these resources serves a different use case:\n\n* `gcp.spanner.InstanceIAMPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n\n\u003e **Warning:** It's entirely possibly to lock yourself out of your instance using `gcp.spanner.InstanceIAMPolicy`. Any permissions granted by default will be removed unless you include them in your config.\n\n* `gcp.spanner.InstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.spanner.InstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\n\u003e **Note:** `gcp.spanner.InstanceIAMPolicy` **cannot** be used in conjunction with `gcp.spanner.InstanceIAMBinding` and `gcp.spanner.InstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.spanner.InstanceIAMBinding` resources **can be** used in conjunction with `gcp.spanner.InstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.spanner.InstanceIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst instance = new gcp.spanner.InstanceIAMPolicy(\"instance\", {\n instance: \"your-instance-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\ninstance = gcp.spanner.InstanceIAMPolicy(\"instance\",\n instance=\"your-instance-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var instance = new Gcp.Spanner.InstanceIAMPolicy(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewInstanceIAMPolicy(ctx, \"instance\", \u0026spanner.InstanceIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.InstanceIAMPolicy;\nimport com.pulumi.gcp.spanner.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var instance = new InstanceIAMPolicy(\"instance\", InstanceIAMPolicyArgs.builder()\n .instance(\"your-instance-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMPolicy\n properties:\n instance: your-instance-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.InstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMBinding(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMBinding(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMBinding(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMBinding(ctx, \"instance\", \u0026spanner.InstanceIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMBinding;\nimport com.pulumi.gcp.spanner.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMBinding(\"instance\", InstanceIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMBinding\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.InstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMMember(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMMember(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMMember(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMMember(ctx, \"instance\", \u0026spanner.InstanceIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMMember;\nimport com.pulumi.gcp.spanner.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMMember(\"instance\", InstanceIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMMember\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.InstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMBinding(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMBinding(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMBinding(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMBinding(ctx, \"instance\", \u0026spanner.InstanceIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMBinding;\nimport com.pulumi.gcp.spanner.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMBinding(\"instance\", InstanceIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMBinding\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.InstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMMember(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMMember(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMMember(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMMember(ctx, \"instance\", \u0026spanner.InstanceIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMMember;\nimport com.pulumi.gcp.spanner.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMMember(\"instance\", InstanceIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMMember\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Spanner Instances resource . For example:\n\n* `{{project}}/{{instance}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{project}}/{{instance}}\n\n to = google_spanner_instance_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:spanner/instanceIAMBinding:InstanceIAMBinding default {{project}}/{{instance}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for a Spanner instance. Each of these resources serves a different use case:\n\n* `gcp.spanner.InstanceIAMPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n\n\u003e **Warning:** It's entirely possibly to lock yourself out of your instance using `gcp.spanner.InstanceIAMPolicy`. Any permissions granted by default will be removed unless you include them in your config.\n\n* `gcp.spanner.InstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.spanner.InstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\n\u003e **Note:** `gcp.spanner.InstanceIAMPolicy` **cannot** be used in conjunction with `gcp.spanner.InstanceIAMBinding` and `gcp.spanner.InstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.spanner.InstanceIAMBinding` resources **can be** used in conjunction with `gcp.spanner.InstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.spanner.InstanceIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst instance = new gcp.spanner.InstanceIAMPolicy(\"instance\", {\n instance: \"your-instance-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\ninstance = gcp.spanner.InstanceIAMPolicy(\"instance\",\n instance=\"your-instance-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var instance = new Gcp.Spanner.InstanceIAMPolicy(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewInstanceIAMPolicy(ctx, \"instance\", \u0026spanner.InstanceIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.InstanceIAMPolicy;\nimport com.pulumi.gcp.spanner.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var instance = new InstanceIAMPolicy(\"instance\", InstanceIAMPolicyArgs.builder()\n .instance(\"your-instance-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMPolicy\n properties:\n instance: your-instance-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.InstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMBinding(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMBinding(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMBinding(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMBinding(ctx, \"instance\", \u0026spanner.InstanceIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMBinding;\nimport com.pulumi.gcp.spanner.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMBinding(\"instance\", InstanceIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMBinding\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.InstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMMember(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMMember(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMMember(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMMember(ctx, \"instance\", \u0026spanner.InstanceIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMMember;\nimport com.pulumi.gcp.spanner.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMMember(\"instance\", InstanceIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMMember\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.InstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMBinding(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMBinding(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMBinding(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMBinding(ctx, \"instance\", \u0026spanner.InstanceIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMBinding;\nimport com.pulumi.gcp.spanner.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMBinding(\"instance\", InstanceIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMBinding\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.InstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMMember(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMMember(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMMember(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMMember(ctx, \"instance\", \u0026spanner.InstanceIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMMember;\nimport com.pulumi.gcp.spanner.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMMember(\"instance\", InstanceIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMMember\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Spanner Instances resource . For example:\n\n* `{{project}}/{{instance}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{project}}/{{instance}}\n\n to = google_spanner_instance_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:spanner/instanceIAMBinding:InstanceIAMBinding default {{project}}/{{instance}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:spanner/InstanceIAMBindingCondition:InstanceIAMBindingCondition" @@ -266250,7 +266250,7 @@ } }, "gcp:spanner/instanceIAMMember:InstanceIAMMember": { - "description": "Three different resources help you manage your IAM policy for a Spanner instance. Each of these resources serves a different use case:\n\n* `gcp.spanner.InstanceIAMPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n\n\u003e **Warning:** It's entirely possibly to lock yourself out of your instance using `gcp.spanner.InstanceIAMPolicy`. Any permissions granted by default will be removed unless you include them in your config.\n\n* `gcp.spanner.InstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.spanner.InstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\n\u003e **Note:** `gcp.spanner.InstanceIAMPolicy` **cannot** be used in conjunction with `gcp.spanner.InstanceIAMBinding` and `gcp.spanner.InstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.spanner.InstanceIAMBinding` resources **can be** used in conjunction with `gcp.spanner.InstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.spanner.InstanceIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst instance = new gcp.spanner.InstanceIAMPolicy(\"instance\", {\n instance: \"your-instance-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\ninstance = gcp.spanner.InstanceIAMPolicy(\"instance\",\n instance=\"your-instance-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var instance = new Gcp.Spanner.InstanceIAMPolicy(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewInstanceIAMPolicy(ctx, \"instance\", \u0026spanner.InstanceIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.InstanceIAMPolicy;\nimport com.pulumi.gcp.spanner.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var instance = new InstanceIAMPolicy(\"instance\", InstanceIAMPolicyArgs.builder()\n .instance(\"your-instance-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMPolicy\n properties:\n instance: your-instance-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.InstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMBinding(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMBinding(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMBinding(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMBinding(ctx, \"instance\", \u0026spanner.InstanceIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMBinding;\nimport com.pulumi.gcp.spanner.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMBinding(\"instance\", InstanceIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMBinding\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.InstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMMember(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMMember(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMMember(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMMember(ctx, \"instance\", \u0026spanner.InstanceIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMMember;\nimport com.pulumi.gcp.spanner.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMMember(\"instance\", InstanceIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMMember\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.InstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMBinding(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMBinding(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMBinding(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMBinding(ctx, \"instance\", \u0026spanner.InstanceIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMBinding;\nimport com.pulumi.gcp.spanner.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMBinding(\"instance\", InstanceIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMBinding\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.InstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMMember(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMMember(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMMember(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMMember(ctx, \"instance\", \u0026spanner.InstanceIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMMember;\nimport com.pulumi.gcp.spanner.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMMember(\"instance\", InstanceIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMMember\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Spanner Instances resource . For example:\n\n* `{{project}}/{{instance}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{project}}/{{instance}}\n\n to = google_spanner_instance_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:spanner/instanceIAMMember:InstanceIAMMember default {{project}}/{{instance}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for a Spanner instance. Each of these resources serves a different use case:\n\n* `gcp.spanner.InstanceIAMPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n\n\u003e **Warning:** It's entirely possibly to lock yourself out of your instance using `gcp.spanner.InstanceIAMPolicy`. Any permissions granted by default will be removed unless you include them in your config.\n\n* `gcp.spanner.InstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.spanner.InstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\n\u003e **Note:** `gcp.spanner.InstanceIAMPolicy` **cannot** be used in conjunction with `gcp.spanner.InstanceIAMBinding` and `gcp.spanner.InstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.spanner.InstanceIAMBinding` resources **can be** used in conjunction with `gcp.spanner.InstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.spanner.InstanceIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst instance = new gcp.spanner.InstanceIAMPolicy(\"instance\", {\n instance: \"your-instance-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\ninstance = gcp.spanner.InstanceIAMPolicy(\"instance\",\n instance=\"your-instance-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var instance = new Gcp.Spanner.InstanceIAMPolicy(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewInstanceIAMPolicy(ctx, \"instance\", \u0026spanner.InstanceIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.InstanceIAMPolicy;\nimport com.pulumi.gcp.spanner.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var instance = new InstanceIAMPolicy(\"instance\", InstanceIAMPolicyArgs.builder()\n .instance(\"your-instance-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMPolicy\n properties:\n instance: your-instance-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.InstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMBinding(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMBinding(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMBinding(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMBinding(ctx, \"instance\", \u0026spanner.InstanceIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMBinding;\nimport com.pulumi.gcp.spanner.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMBinding(\"instance\", InstanceIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMBinding\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.InstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMMember(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMMember(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMMember(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMMember(ctx, \"instance\", \u0026spanner.InstanceIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMMember;\nimport com.pulumi.gcp.spanner.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMMember(\"instance\", InstanceIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMMember\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.InstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMBinding(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMBinding(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMBinding(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMBinding(ctx, \"instance\", \u0026spanner.InstanceIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMBinding;\nimport com.pulumi.gcp.spanner.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMBinding(\"instance\", InstanceIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMBinding\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.InstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMMember(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMMember(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMMember(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMMember(ctx, \"instance\", \u0026spanner.InstanceIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMMember;\nimport com.pulumi.gcp.spanner.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMMember(\"instance\", InstanceIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMMember\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Spanner Instances resource . For example:\n\n* `{{project}}/{{instance}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{project}}/{{instance}}\n\n to = google_spanner_instance_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:spanner/instanceIAMMember:InstanceIAMMember default {{project}}/{{instance}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:spanner/InstanceIAMMemberCondition:InstanceIAMMemberCondition" @@ -266350,7 +266350,7 @@ } }, "gcp:spanner/instanceIAMPolicy:InstanceIAMPolicy": { - "description": "Three different resources help you manage your IAM policy for a Spanner instance. Each of these resources serves a different use case:\n\n* `gcp.spanner.InstanceIAMPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n\n\u003e **Warning:** It's entirely possibly to lock yourself out of your instance using `gcp.spanner.InstanceIAMPolicy`. Any permissions granted by default will be removed unless you include them in your config.\n\n* `gcp.spanner.InstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.spanner.InstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\n\u003e **Note:** `gcp.spanner.InstanceIAMPolicy` **cannot** be used in conjunction with `gcp.spanner.InstanceIAMBinding` and `gcp.spanner.InstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.spanner.InstanceIAMBinding` resources **can be** used in conjunction with `gcp.spanner.InstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.spanner.InstanceIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst instance = new gcp.spanner.InstanceIAMPolicy(\"instance\", {\n instance: \"your-instance-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\ninstance = gcp.spanner.InstanceIAMPolicy(\"instance\",\n instance=\"your-instance-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var instance = new Gcp.Spanner.InstanceIAMPolicy(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewInstanceIAMPolicy(ctx, \"instance\", \u0026spanner.InstanceIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.InstanceIAMPolicy;\nimport com.pulumi.gcp.spanner.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var instance = new InstanceIAMPolicy(\"instance\", InstanceIAMPolicyArgs.builder()\n .instance(\"your-instance-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMPolicy\n properties:\n instance: your-instance-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.InstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMBinding(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMBinding(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMBinding(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMBinding(ctx, \"instance\", \u0026spanner.InstanceIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMBinding;\nimport com.pulumi.gcp.spanner.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMBinding(\"instance\", InstanceIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMBinding\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.InstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMMember(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMMember(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMMember(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMMember(ctx, \"instance\", \u0026spanner.InstanceIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMMember;\nimport com.pulumi.gcp.spanner.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMMember(\"instance\", InstanceIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMMember\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.InstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMBinding(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMBinding(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMBinding(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMBinding(ctx, \"instance\", \u0026spanner.InstanceIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMBinding;\nimport com.pulumi.gcp.spanner.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMBinding(\"instance\", InstanceIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMBinding\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.InstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMMember(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMMember(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMMember(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMMember(ctx, \"instance\", \u0026spanner.InstanceIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMMember;\nimport com.pulumi.gcp.spanner.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMMember(\"instance\", InstanceIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMMember\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Spanner Instances resource . For example:\n\n* `{{project}}/{{instance}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{project}}/{{instance}}\n\n to = google_spanner_instance_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:spanner/instanceIAMPolicy:InstanceIAMPolicy default {{project}}/{{instance}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for a Spanner instance. Each of these resources serves a different use case:\n\n* `gcp.spanner.InstanceIAMPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n\n\u003e **Warning:** It's entirely possibly to lock yourself out of your instance using `gcp.spanner.InstanceIAMPolicy`. Any permissions granted by default will be removed unless you include them in your config.\n\n* `gcp.spanner.InstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.spanner.InstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\n\u003e **Note:** `gcp.spanner.InstanceIAMPolicy` **cannot** be used in conjunction with `gcp.spanner.InstanceIAMBinding` and `gcp.spanner.InstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.spanner.InstanceIAMBinding` resources **can be** used in conjunction with `gcp.spanner.InstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## gcp.spanner.InstanceIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst instance = new gcp.spanner.InstanceIAMPolicy(\"instance\", {\n instance: \"your-instance-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/editor\",\n \"members\": [\"user:jane@example.com\"],\n}])\ninstance = gcp.spanner.InstanceIAMPolicy(\"instance\",\n instance=\"your-instance-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var instance = new Gcp.Spanner.InstanceIAMPolicy(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewInstanceIAMPolicy(ctx, \"instance\", \u0026spanner.InstanceIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.InstanceIAMPolicy;\nimport com.pulumi.gcp.spanner.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var instance = new InstanceIAMPolicy(\"instance\", InstanceIAMPolicyArgs.builder()\n .instance(\"your-instance-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMPolicy\n properties:\n instance: your-instance-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.InstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMBinding(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMBinding(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMBinding(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMBinding(ctx, \"instance\", \u0026spanner.InstanceIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMBinding;\nimport com.pulumi.gcp.spanner.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMBinding(\"instance\", InstanceIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMBinding\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.InstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMMember(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMMember(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMMember(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMMember(ctx, \"instance\", \u0026spanner.InstanceIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMMember;\nimport com.pulumi.gcp.spanner.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMMember(\"instance\", InstanceIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMMember\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.InstanceIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMBinding(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMBinding(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMBinding(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMBinding(ctx, \"instance\", \u0026spanner.InstanceIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMBinding;\nimport com.pulumi.gcp.spanner.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMBinding(\"instance\", InstanceIAMBindingArgs.builder()\n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMBinding\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.spanner.InstanceIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMMember(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMMember(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMMember(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMMember(ctx, \"instance\", \u0026spanner.InstanceIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMMember;\nimport com.pulumi.gcp.spanner.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMMember(\"instance\", InstanceIAMMemberArgs.builder()\n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMMember\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Spanner Instances resource . For example:\n\n* `{{project}}/{{instance}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{project}}/{{instance}}\n\n to = google_spanner_instance_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:spanner/instanceIAMPolicy:InstanceIAMPolicy default {{project}}/{{instance}}\n```\n\n", "properties": { "etag": { "type": "string", @@ -266531,7 +266531,7 @@ } }, "gcp:sql/databaseInstance:DatabaseInstance": { - "description": "Creates a new Google SQL Database Instance. For more information, see the [official documentation](https://cloud.google.com/sql/),\nor the [JSON API](https://cloud.google.com/sql/docs/admin-api/v1beta4/instances).\n\n\u003e **NOTE on `gcp.sql.DatabaseInstance`:** - Second-generation instances include a\ndefault 'root'@'%' user with no password. This user will be deleted by the provider on\ninstance creation. You should use `gcp.sql.User` to define a custom user with\na restricted host and strong password.\n\n\u003e **Note**: On newer versions of the provider, you must explicitly set `deletion_protection=false`\n(and run `pulumi update` to write the field to state) in order to destroy an instance.\nIt is recommended to not set this field (or set it to true) until you're ready to destroy the instance and its databases.\n\n## Example Usage\n\n### SQL Second Generation Instance\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst main = new gcp.sql.DatabaseInstance(\"main\", {\n name: \"main-instance\",\n databaseVersion: \"POSTGRES_15\",\n region: \"us-central1\",\n settings: {\n tier: \"db-f1-micro\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmain = gcp.sql.DatabaseInstance(\"main\",\n name=\"main-instance\",\n database_version=\"POSTGRES_15\",\n region=\"us-central1\",\n settings={\n \"tier\": \"db-f1-micro\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var main = new Gcp.Sql.DatabaseInstance(\"main\", new()\n {\n Name = \"main-instance\",\n DatabaseVersion = \"POSTGRES_15\",\n Region = \"us-central1\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sql.NewDatabaseInstance(ctx, \"main\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"main-instance\"),\n\t\t\tDatabaseVersion: pulumi.String(\"POSTGRES_15\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var main = new DatabaseInstance(\"main\", DatabaseInstanceArgs.builder()\n .name(\"main-instance\")\n .databaseVersion(\"POSTGRES_15\")\n .region(\"us-central1\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: gcp:sql:DatabaseInstance\n properties:\n name: main-instance\n databaseVersion: POSTGRES_15\n region: us-central1\n settings:\n tier: db-f1-micro\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Private IP Instance\n\u003e **NOTE:** For private IP instance setup, note that the `gcp.sql.DatabaseInstance` does not actually interpolate values from `gcp.servicenetworking.Connection`. You must explicitly add a `depends_on`reference as shown below.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as random from \"@pulumi/random\";\n\nconst privateNetwork = new gcp.compute.Network(\"private_network\", {name: \"private-network\"});\nconst privateIpAddress = new gcp.compute.GlobalAddress(\"private_ip_address\", {\n name: \"private-ip-address\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: privateNetwork.id,\n});\nconst privateVpcConnection = new gcp.servicenetworking.Connection(\"private_vpc_connection\", {\n network: privateNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [privateIpAddress.name],\n});\nconst dbNameSuffix = new random.RandomId(\"db_name_suffix\", {byteLength: 4});\nconst instance = new gcp.sql.DatabaseInstance(\"instance\", {\n name: pulumi.interpolate`private-instance-${dbNameSuffix.hex}`,\n region: \"us-central1\",\n databaseVersion: \"MYSQL_5_7\",\n settings: {\n tier: \"db-f1-micro\",\n ipConfiguration: {\n ipv4Enabled: false,\n privateNetwork: privateNetwork.selfLink,\n enablePrivatePathForGoogleCloudServices: true,\n },\n },\n}, {\n dependsOn: [privateVpcConnection],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_random as random\n\nprivate_network = gcp.compute.Network(\"private_network\", name=\"private-network\")\nprivate_ip_address = gcp.compute.GlobalAddress(\"private_ip_address\",\n name=\"private-ip-address\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=private_network.id)\nprivate_vpc_connection = gcp.servicenetworking.Connection(\"private_vpc_connection\",\n network=private_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[private_ip_address.name])\ndb_name_suffix = random.RandomId(\"db_name_suffix\", byte_length=4)\ninstance = gcp.sql.DatabaseInstance(\"instance\",\n name=db_name_suffix.hex.apply(lambda hex: f\"private-instance-{hex}\"),\n region=\"us-central1\",\n database_version=\"MYSQL_5_7\",\n settings={\n \"tier\": \"db-f1-micro\",\n \"ip_configuration\": {\n \"ipv4_enabled\": False,\n \"private_network\": private_network.self_link,\n \"enable_private_path_for_google_cloud_services\": True,\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[private_vpc_connection]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Random = Pulumi.Random;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var privateNetwork = new Gcp.Compute.Network(\"private_network\", new()\n {\n Name = \"private-network\",\n });\n\n var privateIpAddress = new Gcp.Compute.GlobalAddress(\"private_ip_address\", new()\n {\n Name = \"private-ip-address\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = privateNetwork.Id,\n });\n\n var privateVpcConnection = new Gcp.ServiceNetworking.Connection(\"private_vpc_connection\", new()\n {\n Network = privateNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n privateIpAddress.Name,\n },\n });\n\n var dbNameSuffix = new Random.RandomId(\"db_name_suffix\", new()\n {\n ByteLength = 4,\n });\n\n var instance = new Gcp.Sql.DatabaseInstance(\"instance\", new()\n {\n Name = dbNameSuffix.Hex.Apply(hex =\u003e $\"private-instance-{hex}\"),\n Region = \"us-central1\",\n DatabaseVersion = \"MYSQL_5_7\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n IpConfiguration = new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationArgs\n {\n Ipv4Enabled = false,\n PrivateNetwork = privateNetwork.SelfLink,\n EnablePrivatePathForGoogleCloudServices = true,\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n privateVpcConnection,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi-random/sdk/v4/go/random\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprivateNetwork, err := compute.NewNetwork(ctx, \"private_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"private-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateIpAddress, err := compute.NewGlobalAddress(ctx, \"private_ip_address\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"private-ip-address\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: privateNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateVpcConnection, err := servicenetworking.NewConnection(ctx, \"private_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: privateNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tprivateIpAddress.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdbNameSuffix, err := random.NewRandomId(ctx, \"db_name_suffix\", \u0026random.RandomIdArgs{\n\t\t\tByteLength: pulumi.Int(4),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sql.NewDatabaseInstance(ctx, \"instance\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: dbNameSuffix.Hex.ApplyT(func(hex string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"private-instance-%v\", hex), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_5_7\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t\tIpConfiguration: \u0026sql.DatabaseInstanceSettingsIpConfigurationArgs{\n\t\t\t\t\tIpv4Enabled: pulumi.Bool(false),\n\t\t\t\t\tPrivateNetwork: privateNetwork.SelfLink,\n\t\t\t\t\tEnablePrivatePathForGoogleCloudServices: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tprivateVpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.random.RandomId;\nimport com.pulumi.random.RandomIdArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsIpConfigurationArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var privateNetwork = new Network(\"privateNetwork\", NetworkArgs.builder()\n .name(\"private-network\")\n .build());\n\n var privateIpAddress = new GlobalAddress(\"privateIpAddress\", GlobalAddressArgs.builder()\n .name(\"private-ip-address\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(privateNetwork.id())\n .build());\n\n var privateVpcConnection = new Connection(\"privateVpcConnection\", ConnectionArgs.builder()\n .network(privateNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(privateIpAddress.name())\n .build());\n\n var dbNameSuffix = new RandomId(\"dbNameSuffix\", RandomIdArgs.builder()\n .byteLength(4)\n .build());\n\n var instance = new DatabaseInstance(\"instance\", DatabaseInstanceArgs.builder()\n .name(dbNameSuffix.hex().applyValue(hex -\u003e String.format(\"private-instance-%s\", hex)))\n .region(\"us-central1\")\n .databaseVersion(\"MYSQL_5_7\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .ipConfiguration(DatabaseInstanceSettingsIpConfigurationArgs.builder()\n .ipv4Enabled(false)\n .privateNetwork(privateNetwork.selfLink())\n .enablePrivatePathForGoogleCloudServices(true)\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(privateVpcConnection)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n privateNetwork:\n type: gcp:compute:Network\n name: private_network\n properties:\n name: private-network\n privateIpAddress:\n type: gcp:compute:GlobalAddress\n name: private_ip_address\n properties:\n name: private-ip-address\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${privateNetwork.id}\n privateVpcConnection:\n type: gcp:servicenetworking:Connection\n name: private_vpc_connection\n properties:\n network: ${privateNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${privateIpAddress.name}\n dbNameSuffix:\n type: random:RandomId\n name: db_name_suffix\n properties:\n byteLength: 4\n instance:\n type: gcp:sql:DatabaseInstance\n properties:\n name: private-instance-${dbNameSuffix.hex}\n region: us-central1\n databaseVersion: MYSQL_5_7\n settings:\n tier: db-f1-micro\n ipConfiguration:\n ipv4Enabled: false\n privateNetwork: ${privateNetwork.selfLink}\n enablePrivatePathForGoogleCloudServices: true\n options:\n dependson:\n - ${privateVpcConnection}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### ENTERPRISE_PLUS Instance with data_cache_config\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst main = new gcp.sql.DatabaseInstance(\"main\", {\n name: \"enterprise-plus-main-instance\",\n databaseVersion: \"MYSQL_8_0_31\",\n settings: {\n tier: \"db-perf-optimized-N-2\",\n edition: \"ENTERPRISE_PLUS\",\n dataCacheConfig: {\n dataCacheEnabled: true,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmain = gcp.sql.DatabaseInstance(\"main\",\n name=\"enterprise-plus-main-instance\",\n database_version=\"MYSQL_8_0_31\",\n settings={\n \"tier\": \"db-perf-optimized-N-2\",\n \"edition\": \"ENTERPRISE_PLUS\",\n \"data_cache_config\": {\n \"data_cache_enabled\": True,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var main = new Gcp.Sql.DatabaseInstance(\"main\", new()\n {\n Name = \"enterprise-plus-main-instance\",\n DatabaseVersion = \"MYSQL_8_0_31\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-perf-optimized-N-2\",\n Edition = \"ENTERPRISE_PLUS\",\n DataCacheConfig = new Gcp.Sql.Inputs.DatabaseInstanceSettingsDataCacheConfigArgs\n {\n DataCacheEnabled = true,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sql.NewDatabaseInstance(ctx, \"main\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"enterprise-plus-main-instance\"),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_8_0_31\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-perf-optimized-N-2\"),\n\t\t\t\tEdition: pulumi.String(\"ENTERPRISE_PLUS\"),\n\t\t\t\tDataCacheConfig: \u0026sql.DatabaseInstanceSettingsDataCacheConfigArgs{\n\t\t\t\t\tDataCacheEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsDataCacheConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var main = new DatabaseInstance(\"main\", DatabaseInstanceArgs.builder()\n .name(\"enterprise-plus-main-instance\")\n .databaseVersion(\"MYSQL_8_0_31\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-perf-optimized-N-2\")\n .edition(\"ENTERPRISE_PLUS\")\n .dataCacheConfig(DatabaseInstanceSettingsDataCacheConfigArgs.builder()\n .dataCacheEnabled(true)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: gcp:sql:DatabaseInstance\n properties:\n name: enterprise-plus-main-instance\n databaseVersion: MYSQL_8_0_31\n settings:\n tier: db-perf-optimized-N-2\n edition: ENTERPRISE_PLUS\n dataCacheConfig:\n dataCacheEnabled: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Cloud SQL Instance with PSC connectivity\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst main = new gcp.sql.DatabaseInstance(\"main\", {\n name: \"psc-enabled-main-instance\",\n databaseVersion: \"MYSQL_8_0\",\n settings: {\n tier: \"db-f1-micro\",\n ipConfiguration: {\n pscConfigs: [{\n pscEnabled: true,\n allowedConsumerProjects: [\"allowed-consumer-project-name\"],\n }],\n ipv4Enabled: false,\n },\n backupConfiguration: {\n enabled: true,\n binaryLogEnabled: true,\n },\n availabilityType: \"REGIONAL\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmain = gcp.sql.DatabaseInstance(\"main\",\n name=\"psc-enabled-main-instance\",\n database_version=\"MYSQL_8_0\",\n settings={\n \"tier\": \"db-f1-micro\",\n \"ip_configuration\": {\n \"psc_configs\": [{\n \"psc_enabled\": True,\n \"allowed_consumer_projects\": [\"allowed-consumer-project-name\"],\n }],\n \"ipv4_enabled\": False,\n },\n \"backup_configuration\": {\n \"enabled\": True,\n \"binary_log_enabled\": True,\n },\n \"availability_type\": \"REGIONAL\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var main = new Gcp.Sql.DatabaseInstance(\"main\", new()\n {\n Name = \"psc-enabled-main-instance\",\n DatabaseVersion = \"MYSQL_8_0\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n IpConfiguration = new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationArgs\n {\n PscConfigs = new[]\n {\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationPscConfigArgs\n {\n PscEnabled = true,\n AllowedConsumerProjects = new[]\n {\n \"allowed-consumer-project-name\",\n },\n },\n },\n Ipv4Enabled = false,\n },\n BackupConfiguration = new Gcp.Sql.Inputs.DatabaseInstanceSettingsBackupConfigurationArgs\n {\n Enabled = true,\n BinaryLogEnabled = true,\n },\n AvailabilityType = \"REGIONAL\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sql.NewDatabaseInstance(ctx, \"main\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"psc-enabled-main-instance\"),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_8_0\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t\tIpConfiguration: \u0026sql.DatabaseInstanceSettingsIpConfigurationArgs{\n\t\t\t\t\tPscConfigs: sql.DatabaseInstanceSettingsIpConfigurationPscConfigArray{\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationPscConfigArgs{\n\t\t\t\t\t\t\tPscEnabled: pulumi.Bool(true),\n\t\t\t\t\t\t\tAllowedConsumerProjects: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"allowed-consumer-project-name\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tIpv4Enabled: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t\tBackupConfiguration: \u0026sql.DatabaseInstanceSettingsBackupConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tBinaryLogEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tAvailabilityType: pulumi.String(\"REGIONAL\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsIpConfigurationArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsBackupConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var main = new DatabaseInstance(\"main\", DatabaseInstanceArgs.builder()\n .name(\"psc-enabled-main-instance\")\n .databaseVersion(\"MYSQL_8_0\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .ipConfiguration(DatabaseInstanceSettingsIpConfigurationArgs.builder()\n .pscConfigs(DatabaseInstanceSettingsIpConfigurationPscConfigArgs.builder()\n .pscEnabled(true)\n .allowedConsumerProjects(\"allowed-consumer-project-name\")\n .build())\n .ipv4Enabled(false)\n .build())\n .backupConfiguration(DatabaseInstanceSettingsBackupConfigurationArgs.builder()\n .enabled(true)\n .binaryLogEnabled(true)\n .build())\n .availabilityType(\"REGIONAL\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: gcp:sql:DatabaseInstance\n properties:\n name: psc-enabled-main-instance\n databaseVersion: MYSQL_8_0\n settings:\n tier: db-f1-micro\n ipConfiguration:\n pscConfigs:\n - pscEnabled: true\n allowedConsumerProjects:\n - allowed-consumer-project-name\n ipv4Enabled: false\n backupConfiguration:\n enabled: true\n binaryLogEnabled: true\n availabilityType: REGIONAL\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Cloud SQL Instance with PSC auto connections\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst main = new gcp.sql.DatabaseInstance(\"main\", {\n name: \"psc-enabled-main-instance\",\n databaseVersion: \"MYSQL_8_0\",\n settings: {\n tier: \"db-f1-micro\",\n ipConfiguration: {\n pscConfigs: [{\n pscEnabled: true,\n allowedConsumerProjects: [\"allowed-consumer-project-name\"],\n pscAutoConnections: [{\n consumerNetwork: \"network-name\",\n consumerServiceProjectId: \"project-id\",\n }],\n }],\n ipv4Enabled: false,\n },\n backupConfiguration: {\n enabled: true,\n binaryLogEnabled: true,\n },\n availabilityType: \"REGIONAL\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmain = gcp.sql.DatabaseInstance(\"main\",\n name=\"psc-enabled-main-instance\",\n database_version=\"MYSQL_8_0\",\n settings={\n \"tier\": \"db-f1-micro\",\n \"ip_configuration\": {\n \"psc_configs\": [{\n \"psc_enabled\": True,\n \"allowed_consumer_projects\": [\"allowed-consumer-project-name\"],\n \"psc_auto_connections\": [{\n \"consumer_network\": \"network-name\",\n \"consumer_service_project_id\": \"project-id\",\n }],\n }],\n \"ipv4_enabled\": False,\n },\n \"backup_configuration\": {\n \"enabled\": True,\n \"binary_log_enabled\": True,\n },\n \"availability_type\": \"REGIONAL\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var main = new Gcp.Sql.DatabaseInstance(\"main\", new()\n {\n Name = \"psc-enabled-main-instance\",\n DatabaseVersion = \"MYSQL_8_0\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n IpConfiguration = new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationArgs\n {\n PscConfigs = new[]\n {\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationPscConfigArgs\n {\n PscEnabled = true,\n AllowedConsumerProjects = new[]\n {\n \"allowed-consumer-project-name\",\n },\n PscAutoConnections = new[]\n {\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationPscConfigPscAutoConnectionArgs\n {\n ConsumerNetwork = \"network-name\",\n ConsumerServiceProjectId = \"project-id\",\n },\n },\n },\n },\n Ipv4Enabled = false,\n },\n BackupConfiguration = new Gcp.Sql.Inputs.DatabaseInstanceSettingsBackupConfigurationArgs\n {\n Enabled = true,\n BinaryLogEnabled = true,\n },\n AvailabilityType = \"REGIONAL\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sql.NewDatabaseInstance(ctx, \"main\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"psc-enabled-main-instance\"),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_8_0\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t\tIpConfiguration: \u0026sql.DatabaseInstanceSettingsIpConfigurationArgs{\n\t\t\t\t\tPscConfigs: sql.DatabaseInstanceSettingsIpConfigurationPscConfigArray{\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationPscConfigArgs{\n\t\t\t\t\t\t\tPscEnabled: pulumi.Bool(true),\n\t\t\t\t\t\t\tAllowedConsumerProjects: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"allowed-consumer-project-name\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tPscAutoConnections: sql.DatabaseInstanceSettingsIpConfigurationPscConfigPscAutoConnectionArray{\n\t\t\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationPscConfigPscAutoConnectionArgs{\n\t\t\t\t\t\t\t\t\tConsumerNetwork: pulumi.String(\"network-name\"),\n\t\t\t\t\t\t\t\t\tConsumerServiceProjectId: pulumi.String(\"project-id\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tIpv4Enabled: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t\tBackupConfiguration: \u0026sql.DatabaseInstanceSettingsBackupConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tBinaryLogEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tAvailabilityType: pulumi.String(\"REGIONAL\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsIpConfigurationArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsBackupConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var main = new DatabaseInstance(\"main\", DatabaseInstanceArgs.builder()\n .name(\"psc-enabled-main-instance\")\n .databaseVersion(\"MYSQL_8_0\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .ipConfiguration(DatabaseInstanceSettingsIpConfigurationArgs.builder()\n .pscConfigs(DatabaseInstanceSettingsIpConfigurationPscConfigArgs.builder()\n .pscEnabled(true)\n .allowedConsumerProjects(\"allowed-consumer-project-name\")\n .pscAutoConnections(DatabaseInstanceSettingsIpConfigurationPscConfigPscAutoConnectionArgs.builder()\n .consumerNetwork(\"network-name\")\n .consumerServiceProjectId(\"project-id\")\n .build())\n .build())\n .ipv4Enabled(false)\n .build())\n .backupConfiguration(DatabaseInstanceSettingsBackupConfigurationArgs.builder()\n .enabled(true)\n .binaryLogEnabled(true)\n .build())\n .availabilityType(\"REGIONAL\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: gcp:sql:DatabaseInstance\n properties:\n name: psc-enabled-main-instance\n databaseVersion: MYSQL_8_0\n settings:\n tier: db-f1-micro\n ipConfiguration:\n pscConfigs:\n - pscEnabled: true\n allowedConsumerProjects:\n - allowed-consumer-project-name\n pscAutoConnections:\n - consumerNetwork: network-name\n consumerServiceProjectId: project-id\n ipv4Enabled: false\n backupConfiguration:\n enabled: true\n binaryLogEnabled: true\n availabilityType: REGIONAL\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Switchover (SQL Server Only)\n\nUsers can perform a switchover on any direct `cascadable` replica by following the steps below.\n\n ~\u003e**WARNING:** Failure to follow these steps can lead to data loss (You will be warned during plan stage). To prevent data loss during a switchover, please verify your plan with the checklist below.\n\nFor a more in-depth walkthrough with example code, see the Switchover Guide\n\n### Steps to Invoke Switchover\n\nCreate a `cascadable` replica in a different region from the primary (`cascadable_replica` is set to true in `replica_configuration`)\n\n#### Invoking switchover in the replica resource:\n1. Change instance_type from `READ_REPLICA_INSTANCE` to `CLOUD_SQL_INSTANCE`\n2. Remove `master_instance_name`\n3. Remove `replica_configuration`\n4. Add current primary's name to the replica's `replica_names` list\n\n#### Updating the primary resource:\n1. Change `instance_type` from `CLOUD_SQL_INSTANCE` to `READ_REPLICA_INSTANCE`\n2. Set `master_instance_name` to the original replica (which will be primary after switchover)\n3. Set `replica_configuration` and set `cascadable_replica` to `true`\n4. Remove original replica from `replica_names`\n\n \u003e **NOTE**: Do **not** delete the replica_names field, even if it has no replicas remaining. Set replica_names = [ ] to indicate it having no replicas.\n\n#### Plan and verify that:\n- `pulumi preview` outputs **\"0 to add, 0 to destroy\"**\n- `pulumi preview` does not say **\"must be replaced\"** for any resource\n- Every resource **\"will be updated in-place\"**\n- Only the 2 instances involved in switchover have planned changes\n- (Recommended) Use `deletion_protection` on instances as a safety measure\n\n## Import\n\nDatabase instances can be imported using one of any of these accepted formats:\n\n* `projects/{{project}}/instances/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Database instances can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:sql/databaseInstance:DatabaseInstance default projects/{{project}}/instances/{{name}}\n```\n\n```sh\n$ pulumi import gcp:sql/databaseInstance:DatabaseInstance default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:sql/databaseInstance:DatabaseInstance default {{name}}\n```\n\nconfig and set on the server.\n\nWhen importing, double-check that your config has all the fields set that you expect- just seeing\n\nno diff isn't sufficient to know that your config could reproduce the imported resource.\n\n", + "description": "Creates a new Google SQL Database Instance. For more information, see the [official documentation](https://cloud.google.com/sql/),\nor the [JSON API](https://cloud.google.com/sql/docs/admin-api/v1beta4/instances).\n\n\u003e **NOTE on `gcp.sql.DatabaseInstance`:** - Second-generation instances include a\ndefault 'root'@'%' user with no password. This user will be deleted by the provider on\ninstance creation. You should use `gcp.sql.User` to define a custom user with\na restricted host and strong password.\n\n\u003e **Note**: On newer versions of the provider, you must explicitly set `deletion_protection=false`\n(and run `pulumi update` to write the field to state) in order to destroy an instance.\nIt is recommended to not set this field (or set it to true) until you're ready to destroy the instance and its databases.\n\n## Example Usage\n\n### SQL Second Generation Instance\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst main = new gcp.sql.DatabaseInstance(\"main\", {\n name: \"main-instance\",\n databaseVersion: \"POSTGRES_15\",\n region: \"us-central1\",\n settings: {\n tier: \"db-f1-micro\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmain = gcp.sql.DatabaseInstance(\"main\",\n name=\"main-instance\",\n database_version=\"POSTGRES_15\",\n region=\"us-central1\",\n settings={\n \"tier\": \"db-f1-micro\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var main = new Gcp.Sql.DatabaseInstance(\"main\", new()\n {\n Name = \"main-instance\",\n DatabaseVersion = \"POSTGRES_15\",\n Region = \"us-central1\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sql.NewDatabaseInstance(ctx, \"main\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"main-instance\"),\n\t\t\tDatabaseVersion: pulumi.String(\"POSTGRES_15\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var main = new DatabaseInstance(\"main\", DatabaseInstanceArgs.builder()\n .name(\"main-instance\")\n .databaseVersion(\"POSTGRES_15\")\n .region(\"us-central1\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: gcp:sql:DatabaseInstance\n properties:\n name: main-instance\n databaseVersion: POSTGRES_15\n region: us-central1\n settings:\n tier: db-f1-micro\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Private IP Instance\n\u003e **NOTE:** For private IP instance setup, note that the `gcp.sql.DatabaseInstance` does not actually interpolate values from `gcp.servicenetworking.Connection`. You must explicitly add a `depends_on`reference as shown below.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as random from \"@pulumi/random\";\n\nconst privateNetwork = new gcp.compute.Network(\"private_network\", {name: \"private-network\"});\nconst privateIpAddress = new gcp.compute.GlobalAddress(\"private_ip_address\", {\n name: \"private-ip-address\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: privateNetwork.id,\n});\nconst privateVpcConnection = new gcp.servicenetworking.Connection(\"private_vpc_connection\", {\n network: privateNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [privateIpAddress.name],\n});\nconst dbNameSuffix = new random.RandomId(\"db_name_suffix\", {byteLength: 4});\nconst instance = new gcp.sql.DatabaseInstance(\"instance\", {\n name: pulumi.interpolate`private-instance-${dbNameSuffix.hex}`,\n region: \"us-central1\",\n databaseVersion: \"MYSQL_5_7\",\n settings: {\n tier: \"db-f1-micro\",\n ipConfiguration: {\n ipv4Enabled: false,\n privateNetwork: privateNetwork.selfLink,\n enablePrivatePathForGoogleCloudServices: true,\n },\n },\n}, {\n dependsOn: [privateVpcConnection],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_random as random\n\nprivate_network = gcp.compute.Network(\"private_network\", name=\"private-network\")\nprivate_ip_address = gcp.compute.GlobalAddress(\"private_ip_address\",\n name=\"private-ip-address\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=private_network.id)\nprivate_vpc_connection = gcp.servicenetworking.Connection(\"private_vpc_connection\",\n network=private_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[private_ip_address.name])\ndb_name_suffix = random.RandomId(\"db_name_suffix\", byte_length=4)\ninstance = gcp.sql.DatabaseInstance(\"instance\",\n name=db_name_suffix.hex.apply(lambda hex: f\"private-instance-{hex}\"),\n region=\"us-central1\",\n database_version=\"MYSQL_5_7\",\n settings={\n \"tier\": \"db-f1-micro\",\n \"ip_configuration\": {\n \"ipv4_enabled\": False,\n \"private_network\": private_network.self_link,\n \"enable_private_path_for_google_cloud_services\": True,\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[private_vpc_connection]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Random = Pulumi.Random;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var privateNetwork = new Gcp.Compute.Network(\"private_network\", new()\n {\n Name = \"private-network\",\n });\n\n var privateIpAddress = new Gcp.Compute.GlobalAddress(\"private_ip_address\", new()\n {\n Name = \"private-ip-address\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = privateNetwork.Id,\n });\n\n var privateVpcConnection = new Gcp.ServiceNetworking.Connection(\"private_vpc_connection\", new()\n {\n Network = privateNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n privateIpAddress.Name,\n },\n });\n\n var dbNameSuffix = new Random.RandomId(\"db_name_suffix\", new()\n {\n ByteLength = 4,\n });\n\n var instance = new Gcp.Sql.DatabaseInstance(\"instance\", new()\n {\n Name = dbNameSuffix.Hex.Apply(hex =\u003e $\"private-instance-{hex}\"),\n Region = \"us-central1\",\n DatabaseVersion = \"MYSQL_5_7\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n IpConfiguration = new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationArgs\n {\n Ipv4Enabled = false,\n PrivateNetwork = privateNetwork.SelfLink,\n EnablePrivatePathForGoogleCloudServices = true,\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n privateVpcConnection,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi-random/sdk/v4/go/random\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprivateNetwork, err := compute.NewNetwork(ctx, \"private_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"private-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateIpAddress, err := compute.NewGlobalAddress(ctx, \"private_ip_address\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"private-ip-address\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: privateNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateVpcConnection, err := servicenetworking.NewConnection(ctx, \"private_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: privateNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tprivateIpAddress.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdbNameSuffix, err := random.NewRandomId(ctx, \"db_name_suffix\", \u0026random.RandomIdArgs{\n\t\t\tByteLength: pulumi.Int(4),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sql.NewDatabaseInstance(ctx, \"instance\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: dbNameSuffix.Hex.ApplyT(func(hex string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"private-instance-%v\", hex), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_5_7\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t\tIpConfiguration: \u0026sql.DatabaseInstanceSettingsIpConfigurationArgs{\n\t\t\t\t\tIpv4Enabled: pulumi.Bool(false),\n\t\t\t\t\tPrivateNetwork: privateNetwork.SelfLink,\n\t\t\t\t\tEnablePrivatePathForGoogleCloudServices: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tprivateVpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.random.RandomId;\nimport com.pulumi.random.RandomIdArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsIpConfigurationArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var privateNetwork = new Network(\"privateNetwork\", NetworkArgs.builder()\n .name(\"private-network\")\n .build());\n\n var privateIpAddress = new GlobalAddress(\"privateIpAddress\", GlobalAddressArgs.builder()\n .name(\"private-ip-address\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(privateNetwork.id())\n .build());\n\n var privateVpcConnection = new Connection(\"privateVpcConnection\", ConnectionArgs.builder()\n .network(privateNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(privateIpAddress.name())\n .build());\n\n var dbNameSuffix = new RandomId(\"dbNameSuffix\", RandomIdArgs.builder()\n .byteLength(4)\n .build());\n\n var instance = new DatabaseInstance(\"instance\", DatabaseInstanceArgs.builder()\n .name(dbNameSuffix.hex().applyValue(hex -\u003e String.format(\"private-instance-%s\", hex)))\n .region(\"us-central1\")\n .databaseVersion(\"MYSQL_5_7\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .ipConfiguration(DatabaseInstanceSettingsIpConfigurationArgs.builder()\n .ipv4Enabled(false)\n .privateNetwork(privateNetwork.selfLink())\n .enablePrivatePathForGoogleCloudServices(true)\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(privateVpcConnection)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n privateNetwork:\n type: gcp:compute:Network\n name: private_network\n properties:\n name: private-network\n privateIpAddress:\n type: gcp:compute:GlobalAddress\n name: private_ip_address\n properties:\n name: private-ip-address\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${privateNetwork.id}\n privateVpcConnection:\n type: gcp:servicenetworking:Connection\n name: private_vpc_connection\n properties:\n network: ${privateNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${privateIpAddress.name}\n dbNameSuffix:\n type: random:RandomId\n name: db_name_suffix\n properties:\n byteLength: 4\n instance:\n type: gcp:sql:DatabaseInstance\n properties:\n name: private-instance-${dbNameSuffix.hex}\n region: us-central1\n databaseVersion: MYSQL_5_7\n settings:\n tier: db-f1-micro\n ipConfiguration:\n ipv4Enabled: false\n privateNetwork: ${privateNetwork.selfLink}\n enablePrivatePathForGoogleCloudServices: true\n options:\n dependsOn:\n - ${privateVpcConnection}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### ENTERPRISE_PLUS Instance with data_cache_config\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst main = new gcp.sql.DatabaseInstance(\"main\", {\n name: \"enterprise-plus-main-instance\",\n databaseVersion: \"MYSQL_8_0_31\",\n settings: {\n tier: \"db-perf-optimized-N-2\",\n edition: \"ENTERPRISE_PLUS\",\n dataCacheConfig: {\n dataCacheEnabled: true,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmain = gcp.sql.DatabaseInstance(\"main\",\n name=\"enterprise-plus-main-instance\",\n database_version=\"MYSQL_8_0_31\",\n settings={\n \"tier\": \"db-perf-optimized-N-2\",\n \"edition\": \"ENTERPRISE_PLUS\",\n \"data_cache_config\": {\n \"data_cache_enabled\": True,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var main = new Gcp.Sql.DatabaseInstance(\"main\", new()\n {\n Name = \"enterprise-plus-main-instance\",\n DatabaseVersion = \"MYSQL_8_0_31\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-perf-optimized-N-2\",\n Edition = \"ENTERPRISE_PLUS\",\n DataCacheConfig = new Gcp.Sql.Inputs.DatabaseInstanceSettingsDataCacheConfigArgs\n {\n DataCacheEnabled = true,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sql.NewDatabaseInstance(ctx, \"main\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"enterprise-plus-main-instance\"),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_8_0_31\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-perf-optimized-N-2\"),\n\t\t\t\tEdition: pulumi.String(\"ENTERPRISE_PLUS\"),\n\t\t\t\tDataCacheConfig: \u0026sql.DatabaseInstanceSettingsDataCacheConfigArgs{\n\t\t\t\t\tDataCacheEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsDataCacheConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var main = new DatabaseInstance(\"main\", DatabaseInstanceArgs.builder()\n .name(\"enterprise-plus-main-instance\")\n .databaseVersion(\"MYSQL_8_0_31\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-perf-optimized-N-2\")\n .edition(\"ENTERPRISE_PLUS\")\n .dataCacheConfig(DatabaseInstanceSettingsDataCacheConfigArgs.builder()\n .dataCacheEnabled(true)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: gcp:sql:DatabaseInstance\n properties:\n name: enterprise-plus-main-instance\n databaseVersion: MYSQL_8_0_31\n settings:\n tier: db-perf-optimized-N-2\n edition: ENTERPRISE_PLUS\n dataCacheConfig:\n dataCacheEnabled: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Cloud SQL Instance with PSC connectivity\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst main = new gcp.sql.DatabaseInstance(\"main\", {\n name: \"psc-enabled-main-instance\",\n databaseVersion: \"MYSQL_8_0\",\n settings: {\n tier: \"db-f1-micro\",\n ipConfiguration: {\n pscConfigs: [{\n pscEnabled: true,\n allowedConsumerProjects: [\"allowed-consumer-project-name\"],\n }],\n ipv4Enabled: false,\n },\n backupConfiguration: {\n enabled: true,\n binaryLogEnabled: true,\n },\n availabilityType: \"REGIONAL\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmain = gcp.sql.DatabaseInstance(\"main\",\n name=\"psc-enabled-main-instance\",\n database_version=\"MYSQL_8_0\",\n settings={\n \"tier\": \"db-f1-micro\",\n \"ip_configuration\": {\n \"psc_configs\": [{\n \"psc_enabled\": True,\n \"allowed_consumer_projects\": [\"allowed-consumer-project-name\"],\n }],\n \"ipv4_enabled\": False,\n },\n \"backup_configuration\": {\n \"enabled\": True,\n \"binary_log_enabled\": True,\n },\n \"availability_type\": \"REGIONAL\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var main = new Gcp.Sql.DatabaseInstance(\"main\", new()\n {\n Name = \"psc-enabled-main-instance\",\n DatabaseVersion = \"MYSQL_8_0\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n IpConfiguration = new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationArgs\n {\n PscConfigs = new[]\n {\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationPscConfigArgs\n {\n PscEnabled = true,\n AllowedConsumerProjects = new[]\n {\n \"allowed-consumer-project-name\",\n },\n },\n },\n Ipv4Enabled = false,\n },\n BackupConfiguration = new Gcp.Sql.Inputs.DatabaseInstanceSettingsBackupConfigurationArgs\n {\n Enabled = true,\n BinaryLogEnabled = true,\n },\n AvailabilityType = \"REGIONAL\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sql.NewDatabaseInstance(ctx, \"main\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"psc-enabled-main-instance\"),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_8_0\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t\tIpConfiguration: \u0026sql.DatabaseInstanceSettingsIpConfigurationArgs{\n\t\t\t\t\tPscConfigs: sql.DatabaseInstanceSettingsIpConfigurationPscConfigArray{\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationPscConfigArgs{\n\t\t\t\t\t\t\tPscEnabled: pulumi.Bool(true),\n\t\t\t\t\t\t\tAllowedConsumerProjects: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"allowed-consumer-project-name\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tIpv4Enabled: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t\tBackupConfiguration: \u0026sql.DatabaseInstanceSettingsBackupConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tBinaryLogEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tAvailabilityType: pulumi.String(\"REGIONAL\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsIpConfigurationArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsBackupConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var main = new DatabaseInstance(\"main\", DatabaseInstanceArgs.builder()\n .name(\"psc-enabled-main-instance\")\n .databaseVersion(\"MYSQL_8_0\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .ipConfiguration(DatabaseInstanceSettingsIpConfigurationArgs.builder()\n .pscConfigs(DatabaseInstanceSettingsIpConfigurationPscConfigArgs.builder()\n .pscEnabled(true)\n .allowedConsumerProjects(\"allowed-consumer-project-name\")\n .build())\n .ipv4Enabled(false)\n .build())\n .backupConfiguration(DatabaseInstanceSettingsBackupConfigurationArgs.builder()\n .enabled(true)\n .binaryLogEnabled(true)\n .build())\n .availabilityType(\"REGIONAL\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: gcp:sql:DatabaseInstance\n properties:\n name: psc-enabled-main-instance\n databaseVersion: MYSQL_8_0\n settings:\n tier: db-f1-micro\n ipConfiguration:\n pscConfigs:\n - pscEnabled: true\n allowedConsumerProjects:\n - allowed-consumer-project-name\n ipv4Enabled: false\n backupConfiguration:\n enabled: true\n binaryLogEnabled: true\n availabilityType: REGIONAL\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Cloud SQL Instance with PSC auto connections\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst main = new gcp.sql.DatabaseInstance(\"main\", {\n name: \"psc-enabled-main-instance\",\n databaseVersion: \"MYSQL_8_0\",\n settings: {\n tier: \"db-f1-micro\",\n ipConfiguration: {\n pscConfigs: [{\n pscEnabled: true,\n allowedConsumerProjects: [\"allowed-consumer-project-name\"],\n pscAutoConnections: [{\n consumerNetwork: \"network-name\",\n consumerServiceProjectId: \"project-id\",\n }],\n }],\n ipv4Enabled: false,\n },\n backupConfiguration: {\n enabled: true,\n binaryLogEnabled: true,\n },\n availabilityType: \"REGIONAL\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmain = gcp.sql.DatabaseInstance(\"main\",\n name=\"psc-enabled-main-instance\",\n database_version=\"MYSQL_8_0\",\n settings={\n \"tier\": \"db-f1-micro\",\n \"ip_configuration\": {\n \"psc_configs\": [{\n \"psc_enabled\": True,\n \"allowed_consumer_projects\": [\"allowed-consumer-project-name\"],\n \"psc_auto_connections\": [{\n \"consumer_network\": \"network-name\",\n \"consumer_service_project_id\": \"project-id\",\n }],\n }],\n \"ipv4_enabled\": False,\n },\n \"backup_configuration\": {\n \"enabled\": True,\n \"binary_log_enabled\": True,\n },\n \"availability_type\": \"REGIONAL\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var main = new Gcp.Sql.DatabaseInstance(\"main\", new()\n {\n Name = \"psc-enabled-main-instance\",\n DatabaseVersion = \"MYSQL_8_0\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n IpConfiguration = new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationArgs\n {\n PscConfigs = new[]\n {\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationPscConfigArgs\n {\n PscEnabled = true,\n AllowedConsumerProjects = new[]\n {\n \"allowed-consumer-project-name\",\n },\n PscAutoConnections = new[]\n {\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsIpConfigurationPscConfigPscAutoConnectionArgs\n {\n ConsumerNetwork = \"network-name\",\n ConsumerServiceProjectId = \"project-id\",\n },\n },\n },\n },\n Ipv4Enabled = false,\n },\n BackupConfiguration = new Gcp.Sql.Inputs.DatabaseInstanceSettingsBackupConfigurationArgs\n {\n Enabled = true,\n BinaryLogEnabled = true,\n },\n AvailabilityType = \"REGIONAL\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sql.NewDatabaseInstance(ctx, \"main\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: pulumi.String(\"psc-enabled-main-instance\"),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_8_0\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t\tIpConfiguration: \u0026sql.DatabaseInstanceSettingsIpConfigurationArgs{\n\t\t\t\t\tPscConfigs: sql.DatabaseInstanceSettingsIpConfigurationPscConfigArray{\n\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationPscConfigArgs{\n\t\t\t\t\t\t\tPscEnabled: pulumi.Bool(true),\n\t\t\t\t\t\t\tAllowedConsumerProjects: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"allowed-consumer-project-name\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tPscAutoConnections: sql.DatabaseInstanceSettingsIpConfigurationPscConfigPscAutoConnectionArray{\n\t\t\t\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsIpConfigurationPscConfigPscAutoConnectionArgs{\n\t\t\t\t\t\t\t\t\tConsumerNetwork: pulumi.String(\"network-name\"),\n\t\t\t\t\t\t\t\t\tConsumerServiceProjectId: pulumi.String(\"project-id\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tIpv4Enabled: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t\tBackupConfiguration: \u0026sql.DatabaseInstanceSettingsBackupConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tBinaryLogEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tAvailabilityType: pulumi.String(\"REGIONAL\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsIpConfigurationArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsBackupConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var main = new DatabaseInstance(\"main\", DatabaseInstanceArgs.builder()\n .name(\"psc-enabled-main-instance\")\n .databaseVersion(\"MYSQL_8_0\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .ipConfiguration(DatabaseInstanceSettingsIpConfigurationArgs.builder()\n .pscConfigs(DatabaseInstanceSettingsIpConfigurationPscConfigArgs.builder()\n .pscEnabled(true)\n .allowedConsumerProjects(\"allowed-consumer-project-name\")\n .pscAutoConnections(DatabaseInstanceSettingsIpConfigurationPscConfigPscAutoConnectionArgs.builder()\n .consumerNetwork(\"network-name\")\n .consumerServiceProjectId(\"project-id\")\n .build())\n .build())\n .ipv4Enabled(false)\n .build())\n .backupConfiguration(DatabaseInstanceSettingsBackupConfigurationArgs.builder()\n .enabled(true)\n .binaryLogEnabled(true)\n .build())\n .availabilityType(\"REGIONAL\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: gcp:sql:DatabaseInstance\n properties:\n name: psc-enabled-main-instance\n databaseVersion: MYSQL_8_0\n settings:\n tier: db-f1-micro\n ipConfiguration:\n pscConfigs:\n - pscEnabled: true\n allowedConsumerProjects:\n - allowed-consumer-project-name\n pscAutoConnections:\n - consumerNetwork: network-name\n consumerServiceProjectId: project-id\n ipv4Enabled: false\n backupConfiguration:\n enabled: true\n binaryLogEnabled: true\n availabilityType: REGIONAL\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Switchover (SQL Server Only)\n\nUsers can perform a switchover on any direct `cascadable` replica by following the steps below.\n\n ~\u003e**WARNING:** Failure to follow these steps can lead to data loss (You will be warned during plan stage). To prevent data loss during a switchover, please verify your plan with the checklist below.\n\nFor a more in-depth walkthrough with example code, see the Switchover Guide\n\n### Steps to Invoke Switchover\n\nCreate a `cascadable` replica in a different region from the primary (`cascadable_replica` is set to true in `replica_configuration`)\n\n#### Invoking switchover in the replica resource:\n1. Change instance_type from `READ_REPLICA_INSTANCE` to `CLOUD_SQL_INSTANCE`\n2. Remove `master_instance_name`\n3. Remove `replica_configuration`\n4. Add current primary's name to the replica's `replica_names` list\n\n#### Updating the primary resource:\n1. Change `instance_type` from `CLOUD_SQL_INSTANCE` to `READ_REPLICA_INSTANCE`\n2. Set `master_instance_name` to the original replica (which will be primary after switchover)\n3. Set `replica_configuration` and set `cascadable_replica` to `true`\n4. Remove original replica from `replica_names`\n\n \u003e **NOTE**: Do **not** delete the replica_names field, even if it has no replicas remaining. Set replica_names = [ ] to indicate it having no replicas.\n\n#### Plan and verify that:\n- `pulumi preview` outputs **\"0 to add, 0 to destroy\"**\n- `pulumi preview` does not say **\"must be replaced\"** for any resource\n- Every resource **\"will be updated in-place\"**\n- Only the 2 instances involved in switchover have planned changes\n- (Recommended) Use `deletion_protection` on instances as a safety measure\n\n## Import\n\nDatabase instances can be imported using one of any of these accepted formats:\n\n* `projects/{{project}}/instances/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Database instances can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:sql/databaseInstance:DatabaseInstance default projects/{{project}}/instances/{{name}}\n```\n\n```sh\n$ pulumi import gcp:sql/databaseInstance:DatabaseInstance default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:sql/databaseInstance:DatabaseInstance default {{name}}\n```\n\nconfig and set on the server.\n\nWhen importing, double-check that your config has all the fields set that you expect- just seeing\n\nno diff isn't sufficient to know that your config could reproduce the imported resource.\n\n", "properties": { "availableMaintenanceVersions": { "type": "array", @@ -267206,7 +267206,7 @@ } }, "gcp:sql/user:User": { - "description": "Creates a new Google SQL User on a Google SQL User Instance. For more information, see the [official documentation](https://cloud.google.com/sql/), or the [JSON API](https://cloud.google.com/sql/docs/admin-api/v1beta4/users).\n\n\n\n## Example Usage\n\nExample creating a SQL User.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as random from \"@pulumi/random\";\n\nconst dbNameSuffix = new random.RandomId(\"db_name_suffix\", {byteLength: 4});\nconst main = new gcp.sql.DatabaseInstance(\"main\", {\n name: pulumi.interpolate`main-instance-${dbNameSuffix.hex}`,\n databaseVersion: \"MYSQL_5_7\",\n settings: {\n tier: \"db-f1-micro\",\n },\n});\nconst users = new gcp.sql.User(\"users\", {\n name: \"me\",\n instance: main.name,\n host: \"me.com\",\n password: \"changeme\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_random as random\n\ndb_name_suffix = random.RandomId(\"db_name_suffix\", byte_length=4)\nmain = gcp.sql.DatabaseInstance(\"main\",\n name=db_name_suffix.hex.apply(lambda hex: f\"main-instance-{hex}\"),\n database_version=\"MYSQL_5_7\",\n settings={\n \"tier\": \"db-f1-micro\",\n })\nusers = gcp.sql.User(\"users\",\n name=\"me\",\n instance=main.name,\n host=\"me.com\",\n password=\"changeme\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Random = Pulumi.Random;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dbNameSuffix = new Random.RandomId(\"db_name_suffix\", new()\n {\n ByteLength = 4,\n });\n\n var main = new Gcp.Sql.DatabaseInstance(\"main\", new()\n {\n Name = dbNameSuffix.Hex.Apply(hex =\u003e $\"main-instance-{hex}\"),\n DatabaseVersion = \"MYSQL_5_7\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n },\n });\n\n var users = new Gcp.Sql.User(\"users\", new()\n {\n Name = \"me\",\n Instance = main.Name,\n Host = \"me.com\",\n Password = \"changeme\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi-random/sdk/v4/go/random\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdbNameSuffix, err := random.NewRandomId(ctx, \"db_name_suffix\", \u0026random.RandomIdArgs{\n\t\t\tByteLength: pulumi.Int(4),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmain, err := sql.NewDatabaseInstance(ctx, \"main\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: dbNameSuffix.Hex.ApplyT(func(hex string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"main-instance-%v\", hex), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_5_7\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sql.NewUser(ctx, \"users\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"me\"),\n\t\t\tInstance: main.Name,\n\t\t\tHost: pulumi.String(\"me.com\"),\n\t\t\tPassword: pulumi.String(\"changeme\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.random.RandomId;\nimport com.pulumi.random.RandomIdArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dbNameSuffix = new RandomId(\"dbNameSuffix\", RandomIdArgs.builder()\n .byteLength(4)\n .build());\n\n var main = new DatabaseInstance(\"main\", DatabaseInstanceArgs.builder()\n .name(dbNameSuffix.hex().applyValue(hex -\u003e String.format(\"main-instance-%s\", hex)))\n .databaseVersion(\"MYSQL_5_7\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .build())\n .build());\n\n var users = new User(\"users\", UserArgs.builder()\n .name(\"me\")\n .instance(main.name())\n .host(\"me.com\")\n .password(\"changeme\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dbNameSuffix:\n type: random:RandomId\n name: db_name_suffix\n properties:\n byteLength: 4\n main:\n type: gcp:sql:DatabaseInstance\n properties:\n name: main-instance-${dbNameSuffix.hex}\n databaseVersion: MYSQL_5_7\n settings:\n tier: db-f1-micro\n users:\n type: gcp:sql:User\n properties:\n name: me\n instance: ${main.name}\n host: me.com\n password: changeme\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nExample using [Cloud SQL IAM database authentication](https://cloud.google.com/sql/docs/mysql/authentication).\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as random from \"@pulumi/random\";\nimport * as std from \"@pulumi/std\";\n\nconst dbNameSuffix = new random.RandomId(\"db_name_suffix\", {byteLength: 4});\nconst main = new gcp.sql.DatabaseInstance(\"main\", {\n name: pulumi.interpolate`main-instance-${dbNameSuffix.hex}`,\n databaseVersion: \"POSTGRES_15\",\n settings: {\n tier: \"db-f1-micro\",\n databaseFlags: [{\n name: \"cloudsql.iam_authentication\",\n value: \"on\",\n }],\n },\n});\nconst iamUser = new gcp.sql.User(\"iam_user\", {\n name: \"me@example.com\",\n instance: main.name,\n type: \"CLOUD_IAM_USER\",\n});\nconst iamServiceAccountUser = new gcp.sql.User(\"iam_service_account_user\", {\n name: std.trimsuffix({\n input: serviceAccount.email,\n suffix: \".gserviceaccount.com\",\n }).then(invoke =\u003e invoke.result),\n instance: main.name,\n type: \"CLOUD_IAM_SERVICE_ACCOUNT\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_random as random\nimport pulumi_std as std\n\ndb_name_suffix = random.RandomId(\"db_name_suffix\", byte_length=4)\nmain = gcp.sql.DatabaseInstance(\"main\",\n name=db_name_suffix.hex.apply(lambda hex: f\"main-instance-{hex}\"),\n database_version=\"POSTGRES_15\",\n settings={\n \"tier\": \"db-f1-micro\",\n \"database_flags\": [{\n \"name\": \"cloudsql.iam_authentication\",\n \"value\": \"on\",\n }],\n })\niam_user = gcp.sql.User(\"iam_user\",\n name=\"me@example.com\",\n instance=main.name,\n type=\"CLOUD_IAM_USER\")\niam_service_account_user = gcp.sql.User(\"iam_service_account_user\",\n name=std.trimsuffix(input=service_account[\"email\"],\n suffix=\".gserviceaccount.com\").result,\n instance=main.name,\n type=\"CLOUD_IAM_SERVICE_ACCOUNT\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Random = Pulumi.Random;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dbNameSuffix = new Random.RandomId(\"db_name_suffix\", new()\n {\n ByteLength = 4,\n });\n\n var main = new Gcp.Sql.DatabaseInstance(\"main\", new()\n {\n Name = dbNameSuffix.Hex.Apply(hex =\u003e $\"main-instance-{hex}\"),\n DatabaseVersion = \"POSTGRES_15\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n DatabaseFlags = new[]\n {\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsDatabaseFlagArgs\n {\n Name = \"cloudsql.iam_authentication\",\n Value = \"on\",\n },\n },\n },\n });\n\n var iamUser = new Gcp.Sql.User(\"iam_user\", new()\n {\n Name = \"me@example.com\",\n Instance = main.Name,\n Type = \"CLOUD_IAM_USER\",\n });\n\n var iamServiceAccountUser = new Gcp.Sql.User(\"iam_service_account_user\", new()\n {\n Name = Std.Trimsuffix.Invoke(new()\n {\n Input = serviceAccount.Email,\n Suffix = \".gserviceaccount.com\",\n }).Apply(invoke =\u003e invoke.Result),\n Instance = main.Name,\n Type = \"CLOUD_IAM_SERVICE_ACCOUNT\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi-random/sdk/v4/go/random\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdbNameSuffix, err := random.NewRandomId(ctx, \"db_name_suffix\", \u0026random.RandomIdArgs{\n\t\t\tByteLength: pulumi.Int(4),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmain, err := sql.NewDatabaseInstance(ctx, \"main\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: dbNameSuffix.Hex.ApplyT(func(hex string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"main-instance-%v\", hex), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tDatabaseVersion: pulumi.String(\"POSTGRES_15\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t\tDatabaseFlags: sql.DatabaseInstanceSettingsDatabaseFlagArray{\n\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsDatabaseFlagArgs{\n\t\t\t\t\t\tName: pulumi.String(\"cloudsql.iam_authentication\"),\n\t\t\t\t\t\tValue: pulumi.String(\"on\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sql.NewUser(ctx, \"iam_user\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"me@example.com\"),\n\t\t\tInstance: main.Name,\n\t\t\tType: pulumi.String(\"CLOUD_IAM_USER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeTrimsuffix, err := std.Trimsuffix(ctx, \u0026std.TrimsuffixArgs{\n\t\t\tInput: serviceAccount.Email,\n\t\t\tSuffix: \".gserviceaccount.com\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sql.NewUser(ctx, \"iam_service_account_user\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(invokeTrimsuffix.Result),\n\t\t\tInstance: main.Name,\n\t\t\tType: pulumi.String(\"CLOUD_IAM_SERVICE_ACCOUNT\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.random.RandomId;\nimport com.pulumi.random.RandomIdArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dbNameSuffix = new RandomId(\"dbNameSuffix\", RandomIdArgs.builder()\n .byteLength(4)\n .build());\n\n var main = new DatabaseInstance(\"main\", DatabaseInstanceArgs.builder()\n .name(dbNameSuffix.hex().applyValue(hex -\u003e String.format(\"main-instance-%s\", hex)))\n .databaseVersion(\"POSTGRES_15\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .databaseFlags(DatabaseInstanceSettingsDatabaseFlagArgs.builder()\n .name(\"cloudsql.iam_authentication\")\n .value(\"on\")\n .build())\n .build())\n .build());\n\n var iamUser = new User(\"iamUser\", UserArgs.builder()\n .name(\"me@example.com\")\n .instance(main.name())\n .type(\"CLOUD_IAM_USER\")\n .build());\n\n var iamServiceAccountUser = new User(\"iamServiceAccountUser\", UserArgs.builder()\n .name(StdFunctions.trimsuffix(TrimsuffixArgs.builder()\n .input(serviceAccount.email())\n .suffix(\".gserviceaccount.com\")\n .build()).result())\n .instance(main.name())\n .type(\"CLOUD_IAM_SERVICE_ACCOUNT\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dbNameSuffix:\n type: random:RandomId\n name: db_name_suffix\n properties:\n byteLength: 4\n main:\n type: gcp:sql:DatabaseInstance\n properties:\n name: main-instance-${dbNameSuffix.hex}\n databaseVersion: POSTGRES_15\n settings:\n tier: db-f1-micro\n databaseFlags:\n - name: cloudsql.iam_authentication\n value: on\n iamUser:\n type: gcp:sql:User\n name: iam_user\n properties:\n name: me@example.com\n instance: ${main.name}\n type: CLOUD_IAM_USER\n iamServiceAccountUser:\n type: gcp:sql:User\n name: iam_service_account_user\n properties:\n name:\n fn::invoke:\n Function: std:trimsuffix\n Arguments:\n input: ${serviceAccount.email}\n suffix: .gserviceaccount.com\n Return: result\n instance: ${main.name}\n type: CLOUD_IAM_SERVICE_ACCOUNT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nExample using [Cloud SQL IAM Group authentication](https://cloud.google.com/sql/docs/mysql/iam-authentication#iam-group-auth).\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as random from \"@pulumi/random\";\n\nconst dbNameSuffix = new random.RandomId(\"db_name_suffix\", {byteLength: 4});\nconst main = new gcp.sql.DatabaseInstance(\"main\", {\n name: pulumi.interpolate`main-instance-${dbNameSuffix.hex}`,\n databaseVersion: \"MYSQL_8_0\",\n settings: {\n tier: \"db-f1-micro\",\n databaseFlags: [{\n name: \"cloudsql_iam_authentication\",\n value: \"on\",\n }],\n },\n});\nconst iamGroupUser = new gcp.sql.User(\"iam_group_user\", {\n name: \"iam_group@example.com\",\n instance: main.name,\n type: \"CLOUD_IAM_GROUP\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_random as random\n\ndb_name_suffix = random.RandomId(\"db_name_suffix\", byte_length=4)\nmain = gcp.sql.DatabaseInstance(\"main\",\n name=db_name_suffix.hex.apply(lambda hex: f\"main-instance-{hex}\"),\n database_version=\"MYSQL_8_0\",\n settings={\n \"tier\": \"db-f1-micro\",\n \"database_flags\": [{\n \"name\": \"cloudsql_iam_authentication\",\n \"value\": \"on\",\n }],\n })\niam_group_user = gcp.sql.User(\"iam_group_user\",\n name=\"iam_group@example.com\",\n instance=main.name,\n type=\"CLOUD_IAM_GROUP\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Random = Pulumi.Random;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dbNameSuffix = new Random.RandomId(\"db_name_suffix\", new()\n {\n ByteLength = 4,\n });\n\n var main = new Gcp.Sql.DatabaseInstance(\"main\", new()\n {\n Name = dbNameSuffix.Hex.Apply(hex =\u003e $\"main-instance-{hex}\"),\n DatabaseVersion = \"MYSQL_8_0\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n DatabaseFlags = new[]\n {\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsDatabaseFlagArgs\n {\n Name = \"cloudsql_iam_authentication\",\n Value = \"on\",\n },\n },\n },\n });\n\n var iamGroupUser = new Gcp.Sql.User(\"iam_group_user\", new()\n {\n Name = \"iam_group@example.com\",\n Instance = main.Name,\n Type = \"CLOUD_IAM_GROUP\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi-random/sdk/v4/go/random\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdbNameSuffix, err := random.NewRandomId(ctx, \"db_name_suffix\", \u0026random.RandomIdArgs{\n\t\t\tByteLength: pulumi.Int(4),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmain, err := sql.NewDatabaseInstance(ctx, \"main\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: dbNameSuffix.Hex.ApplyT(func(hex string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"main-instance-%v\", hex), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_8_0\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t\tDatabaseFlags: sql.DatabaseInstanceSettingsDatabaseFlagArray{\n\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsDatabaseFlagArgs{\n\t\t\t\t\t\tName: pulumi.String(\"cloudsql_iam_authentication\"),\n\t\t\t\t\t\tValue: pulumi.String(\"on\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sql.NewUser(ctx, \"iam_group_user\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"iam_group@example.com\"),\n\t\t\tInstance: main.Name,\n\t\t\tType: pulumi.String(\"CLOUD_IAM_GROUP\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.random.RandomId;\nimport com.pulumi.random.RandomIdArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dbNameSuffix = new RandomId(\"dbNameSuffix\", RandomIdArgs.builder()\n .byteLength(4)\n .build());\n\n var main = new DatabaseInstance(\"main\", DatabaseInstanceArgs.builder()\n .name(dbNameSuffix.hex().applyValue(hex -\u003e String.format(\"main-instance-%s\", hex)))\n .databaseVersion(\"MYSQL_8_0\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .databaseFlags(DatabaseInstanceSettingsDatabaseFlagArgs.builder()\n .name(\"cloudsql_iam_authentication\")\n .value(\"on\")\n .build())\n .build())\n .build());\n\n var iamGroupUser = new User(\"iamGroupUser\", UserArgs.builder()\n .name(\"iam_group@example.com\")\n .instance(main.name())\n .type(\"CLOUD_IAM_GROUP\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dbNameSuffix:\n type: random:RandomId\n name: db_name_suffix\n properties:\n byteLength: 4\n main:\n type: gcp:sql:DatabaseInstance\n properties:\n name: main-instance-${dbNameSuffix.hex}\n databaseVersion: MYSQL_8_0\n settings:\n tier: db-f1-micro\n databaseFlags:\n - name: cloudsql_iam_authentication\n value: on\n iamGroupUser:\n type: gcp:sql:User\n name: iam_group_user\n properties:\n name: iam_group@example.com\n instance: ${main.name}\n type: CLOUD_IAM_GROUP\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nSQL users for MySQL databases can be imported using the `project`, `instance`, `host` and `name`, e.g.\n\n* `{{project_id}}/{{instance}}/{{host}}/{{name}}`\n\nSQL users for PostgreSQL databases can be imported using the `project`, `instance` and `name`, e.g.\n\n* `{{project_id}}/{{instance}}/{{name}}`\n\nWhen using the `pulumi import` command, NAME_HERE can be imported using one of the formats above. For example:\n\nMySQL database\n\n```sh\n$ pulumi import gcp:sql/user:User default {{project_id}}/{{instance}}/{{host}}/{{name}}\n```\n\nPostgreSQL database\n\n```sh\n$ pulumi import gcp:sql/user:User default {{project_id}}/{{instance}}/{{name}}\n```\n\n", + "description": "Creates a new Google SQL User on a Google SQL User Instance. For more information, see the [official documentation](https://cloud.google.com/sql/), or the [JSON API](https://cloud.google.com/sql/docs/admin-api/v1beta4/users).\n\n\n\n## Example Usage\n\nExample creating a SQL User.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as random from \"@pulumi/random\";\n\nconst dbNameSuffix = new random.RandomId(\"db_name_suffix\", {byteLength: 4});\nconst main = new gcp.sql.DatabaseInstance(\"main\", {\n name: pulumi.interpolate`main-instance-${dbNameSuffix.hex}`,\n databaseVersion: \"MYSQL_5_7\",\n settings: {\n tier: \"db-f1-micro\",\n },\n});\nconst users = new gcp.sql.User(\"users\", {\n name: \"me\",\n instance: main.name,\n host: \"me.com\",\n password: \"changeme\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_random as random\n\ndb_name_suffix = random.RandomId(\"db_name_suffix\", byte_length=4)\nmain = gcp.sql.DatabaseInstance(\"main\",\n name=db_name_suffix.hex.apply(lambda hex: f\"main-instance-{hex}\"),\n database_version=\"MYSQL_5_7\",\n settings={\n \"tier\": \"db-f1-micro\",\n })\nusers = gcp.sql.User(\"users\",\n name=\"me\",\n instance=main.name,\n host=\"me.com\",\n password=\"changeme\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Random = Pulumi.Random;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dbNameSuffix = new Random.RandomId(\"db_name_suffix\", new()\n {\n ByteLength = 4,\n });\n\n var main = new Gcp.Sql.DatabaseInstance(\"main\", new()\n {\n Name = dbNameSuffix.Hex.Apply(hex =\u003e $\"main-instance-{hex}\"),\n DatabaseVersion = \"MYSQL_5_7\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n },\n });\n\n var users = new Gcp.Sql.User(\"users\", new()\n {\n Name = \"me\",\n Instance = main.Name,\n Host = \"me.com\",\n Password = \"changeme\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi-random/sdk/v4/go/random\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdbNameSuffix, err := random.NewRandomId(ctx, \"db_name_suffix\", \u0026random.RandomIdArgs{\n\t\t\tByteLength: pulumi.Int(4),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmain, err := sql.NewDatabaseInstance(ctx, \"main\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: dbNameSuffix.Hex.ApplyT(func(hex string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"main-instance-%v\", hex), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_5_7\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sql.NewUser(ctx, \"users\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"me\"),\n\t\t\tInstance: main.Name,\n\t\t\tHost: pulumi.String(\"me.com\"),\n\t\t\tPassword: pulumi.String(\"changeme\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.random.RandomId;\nimport com.pulumi.random.RandomIdArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dbNameSuffix = new RandomId(\"dbNameSuffix\", RandomIdArgs.builder()\n .byteLength(4)\n .build());\n\n var main = new DatabaseInstance(\"main\", DatabaseInstanceArgs.builder()\n .name(dbNameSuffix.hex().applyValue(hex -\u003e String.format(\"main-instance-%s\", hex)))\n .databaseVersion(\"MYSQL_5_7\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .build())\n .build());\n\n var users = new User(\"users\", UserArgs.builder()\n .name(\"me\")\n .instance(main.name())\n .host(\"me.com\")\n .password(\"changeme\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dbNameSuffix:\n type: random:RandomId\n name: db_name_suffix\n properties:\n byteLength: 4\n main:\n type: gcp:sql:DatabaseInstance\n properties:\n name: main-instance-${dbNameSuffix.hex}\n databaseVersion: MYSQL_5_7\n settings:\n tier: db-f1-micro\n users:\n type: gcp:sql:User\n properties:\n name: me\n instance: ${main.name}\n host: me.com\n password: changeme\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nExample using [Cloud SQL IAM database authentication](https://cloud.google.com/sql/docs/mysql/authentication).\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as random from \"@pulumi/random\";\nimport * as std from \"@pulumi/std\";\n\nconst dbNameSuffix = new random.RandomId(\"db_name_suffix\", {byteLength: 4});\nconst main = new gcp.sql.DatabaseInstance(\"main\", {\n name: pulumi.interpolate`main-instance-${dbNameSuffix.hex}`,\n databaseVersion: \"POSTGRES_15\",\n settings: {\n tier: \"db-f1-micro\",\n databaseFlags: [{\n name: \"cloudsql.iam_authentication\",\n value: \"on\",\n }],\n },\n});\nconst iamUser = new gcp.sql.User(\"iam_user\", {\n name: \"me@example.com\",\n instance: main.name,\n type: \"CLOUD_IAM_USER\",\n});\nconst iamServiceAccountUser = new gcp.sql.User(\"iam_service_account_user\", {\n name: std.trimsuffix({\n input: serviceAccount.email,\n suffix: \".gserviceaccount.com\",\n }).then(invoke =\u003e invoke.result),\n instance: main.name,\n type: \"CLOUD_IAM_SERVICE_ACCOUNT\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_random as random\nimport pulumi_std as std\n\ndb_name_suffix = random.RandomId(\"db_name_suffix\", byte_length=4)\nmain = gcp.sql.DatabaseInstance(\"main\",\n name=db_name_suffix.hex.apply(lambda hex: f\"main-instance-{hex}\"),\n database_version=\"POSTGRES_15\",\n settings={\n \"tier\": \"db-f1-micro\",\n \"database_flags\": [{\n \"name\": \"cloudsql.iam_authentication\",\n \"value\": \"on\",\n }],\n })\niam_user = gcp.sql.User(\"iam_user\",\n name=\"me@example.com\",\n instance=main.name,\n type=\"CLOUD_IAM_USER\")\niam_service_account_user = gcp.sql.User(\"iam_service_account_user\",\n name=std.trimsuffix(input=service_account[\"email\"],\n suffix=\".gserviceaccount.com\").result,\n instance=main.name,\n type=\"CLOUD_IAM_SERVICE_ACCOUNT\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Random = Pulumi.Random;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dbNameSuffix = new Random.RandomId(\"db_name_suffix\", new()\n {\n ByteLength = 4,\n });\n\n var main = new Gcp.Sql.DatabaseInstance(\"main\", new()\n {\n Name = dbNameSuffix.Hex.Apply(hex =\u003e $\"main-instance-{hex}\"),\n DatabaseVersion = \"POSTGRES_15\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n DatabaseFlags = new[]\n {\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsDatabaseFlagArgs\n {\n Name = \"cloudsql.iam_authentication\",\n Value = \"on\",\n },\n },\n },\n });\n\n var iamUser = new Gcp.Sql.User(\"iam_user\", new()\n {\n Name = \"me@example.com\",\n Instance = main.Name,\n Type = \"CLOUD_IAM_USER\",\n });\n\n var iamServiceAccountUser = new Gcp.Sql.User(\"iam_service_account_user\", new()\n {\n Name = Std.Trimsuffix.Invoke(new()\n {\n Input = serviceAccount.Email,\n Suffix = \".gserviceaccount.com\",\n }).Apply(invoke =\u003e invoke.Result),\n Instance = main.Name,\n Type = \"CLOUD_IAM_SERVICE_ACCOUNT\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi-random/sdk/v4/go/random\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdbNameSuffix, err := random.NewRandomId(ctx, \"db_name_suffix\", \u0026random.RandomIdArgs{\n\t\t\tByteLength: pulumi.Int(4),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmain, err := sql.NewDatabaseInstance(ctx, \"main\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: dbNameSuffix.Hex.ApplyT(func(hex string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"main-instance-%v\", hex), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tDatabaseVersion: pulumi.String(\"POSTGRES_15\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t\tDatabaseFlags: sql.DatabaseInstanceSettingsDatabaseFlagArray{\n\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsDatabaseFlagArgs{\n\t\t\t\t\t\tName: pulumi.String(\"cloudsql.iam_authentication\"),\n\t\t\t\t\t\tValue: pulumi.String(\"on\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sql.NewUser(ctx, \"iam_user\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"me@example.com\"),\n\t\t\tInstance: main.Name,\n\t\t\tType: pulumi.String(\"CLOUD_IAM_USER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeTrimsuffix, err := std.Trimsuffix(ctx, \u0026std.TrimsuffixArgs{\n\t\t\tInput: serviceAccount.Email,\n\t\t\tSuffix: \".gserviceaccount.com\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sql.NewUser(ctx, \"iam_service_account_user\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(invokeTrimsuffix.Result),\n\t\t\tInstance: main.Name,\n\t\t\tType: pulumi.String(\"CLOUD_IAM_SERVICE_ACCOUNT\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.random.RandomId;\nimport com.pulumi.random.RandomIdArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dbNameSuffix = new RandomId(\"dbNameSuffix\", RandomIdArgs.builder()\n .byteLength(4)\n .build());\n\n var main = new DatabaseInstance(\"main\", DatabaseInstanceArgs.builder()\n .name(dbNameSuffix.hex().applyValue(hex -\u003e String.format(\"main-instance-%s\", hex)))\n .databaseVersion(\"POSTGRES_15\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .databaseFlags(DatabaseInstanceSettingsDatabaseFlagArgs.builder()\n .name(\"cloudsql.iam_authentication\")\n .value(\"on\")\n .build())\n .build())\n .build());\n\n var iamUser = new User(\"iamUser\", UserArgs.builder()\n .name(\"me@example.com\")\n .instance(main.name())\n .type(\"CLOUD_IAM_USER\")\n .build());\n\n var iamServiceAccountUser = new User(\"iamServiceAccountUser\", UserArgs.builder()\n .name(StdFunctions.trimsuffix(TrimsuffixArgs.builder()\n .input(serviceAccount.email())\n .suffix(\".gserviceaccount.com\")\n .build()).result())\n .instance(main.name())\n .type(\"CLOUD_IAM_SERVICE_ACCOUNT\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dbNameSuffix:\n type: random:RandomId\n name: db_name_suffix\n properties:\n byteLength: 4\n main:\n type: gcp:sql:DatabaseInstance\n properties:\n name: main-instance-${dbNameSuffix.hex}\n databaseVersion: POSTGRES_15\n settings:\n tier: db-f1-micro\n databaseFlags:\n - name: cloudsql.iam_authentication\n value: on\n iamUser:\n type: gcp:sql:User\n name: iam_user\n properties:\n name: me@example.com\n instance: ${main.name}\n type: CLOUD_IAM_USER\n iamServiceAccountUser:\n type: gcp:sql:User\n name: iam_service_account_user\n properties:\n name:\n fn::invoke:\n function: std:trimsuffix\n arguments:\n input: ${serviceAccount.email}\n suffix: .gserviceaccount.com\n return: result\n instance: ${main.name}\n type: CLOUD_IAM_SERVICE_ACCOUNT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nExample using [Cloud SQL IAM Group authentication](https://cloud.google.com/sql/docs/mysql/iam-authentication#iam-group-auth).\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as random from \"@pulumi/random\";\n\nconst dbNameSuffix = new random.RandomId(\"db_name_suffix\", {byteLength: 4});\nconst main = new gcp.sql.DatabaseInstance(\"main\", {\n name: pulumi.interpolate`main-instance-${dbNameSuffix.hex}`,\n databaseVersion: \"MYSQL_8_0\",\n settings: {\n tier: \"db-f1-micro\",\n databaseFlags: [{\n name: \"cloudsql_iam_authentication\",\n value: \"on\",\n }],\n },\n});\nconst iamGroupUser = new gcp.sql.User(\"iam_group_user\", {\n name: \"iam_group@example.com\",\n instance: main.name,\n type: \"CLOUD_IAM_GROUP\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_random as random\n\ndb_name_suffix = random.RandomId(\"db_name_suffix\", byte_length=4)\nmain = gcp.sql.DatabaseInstance(\"main\",\n name=db_name_suffix.hex.apply(lambda hex: f\"main-instance-{hex}\"),\n database_version=\"MYSQL_8_0\",\n settings={\n \"tier\": \"db-f1-micro\",\n \"database_flags\": [{\n \"name\": \"cloudsql_iam_authentication\",\n \"value\": \"on\",\n }],\n })\niam_group_user = gcp.sql.User(\"iam_group_user\",\n name=\"iam_group@example.com\",\n instance=main.name,\n type=\"CLOUD_IAM_GROUP\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Random = Pulumi.Random;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dbNameSuffix = new Random.RandomId(\"db_name_suffix\", new()\n {\n ByteLength = 4,\n });\n\n var main = new Gcp.Sql.DatabaseInstance(\"main\", new()\n {\n Name = dbNameSuffix.Hex.Apply(hex =\u003e $\"main-instance-{hex}\"),\n DatabaseVersion = \"MYSQL_8_0\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n DatabaseFlags = new[]\n {\n new Gcp.Sql.Inputs.DatabaseInstanceSettingsDatabaseFlagArgs\n {\n Name = \"cloudsql_iam_authentication\",\n Value = \"on\",\n },\n },\n },\n });\n\n var iamGroupUser = new Gcp.Sql.User(\"iam_group_user\", new()\n {\n Name = \"iam_group@example.com\",\n Instance = main.Name,\n Type = \"CLOUD_IAM_GROUP\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi-random/sdk/v4/go/random\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdbNameSuffix, err := random.NewRandomId(ctx, \"db_name_suffix\", \u0026random.RandomIdArgs{\n\t\t\tByteLength: pulumi.Int(4),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmain, err := sql.NewDatabaseInstance(ctx, \"main\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: dbNameSuffix.Hex.ApplyT(func(hex string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"main-instance-%v\", hex), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_8_0\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t\tDatabaseFlags: sql.DatabaseInstanceSettingsDatabaseFlagArray{\n\t\t\t\t\t\u0026sql.DatabaseInstanceSettingsDatabaseFlagArgs{\n\t\t\t\t\t\tName: pulumi.String(\"cloudsql_iam_authentication\"),\n\t\t\t\t\t\tValue: pulumi.String(\"on\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sql.NewUser(ctx, \"iam_group_user\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"iam_group@example.com\"),\n\t\t\tInstance: main.Name,\n\t\t\tType: pulumi.String(\"CLOUD_IAM_GROUP\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.random.RandomId;\nimport com.pulumi.random.RandomIdArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dbNameSuffix = new RandomId(\"dbNameSuffix\", RandomIdArgs.builder()\n .byteLength(4)\n .build());\n\n var main = new DatabaseInstance(\"main\", DatabaseInstanceArgs.builder()\n .name(dbNameSuffix.hex().applyValue(hex -\u003e String.format(\"main-instance-%s\", hex)))\n .databaseVersion(\"MYSQL_8_0\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .databaseFlags(DatabaseInstanceSettingsDatabaseFlagArgs.builder()\n .name(\"cloudsql_iam_authentication\")\n .value(\"on\")\n .build())\n .build())\n .build());\n\n var iamGroupUser = new User(\"iamGroupUser\", UserArgs.builder()\n .name(\"iam_group@example.com\")\n .instance(main.name())\n .type(\"CLOUD_IAM_GROUP\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dbNameSuffix:\n type: random:RandomId\n name: db_name_suffix\n properties:\n byteLength: 4\n main:\n type: gcp:sql:DatabaseInstance\n properties:\n name: main-instance-${dbNameSuffix.hex}\n databaseVersion: MYSQL_8_0\n settings:\n tier: db-f1-micro\n databaseFlags:\n - name: cloudsql_iam_authentication\n value: on\n iamGroupUser:\n type: gcp:sql:User\n name: iam_group_user\n properties:\n name: iam_group@example.com\n instance: ${main.name}\n type: CLOUD_IAM_GROUP\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nSQL users for MySQL databases can be imported using the `project`, `instance`, `host` and `name`, e.g.\n\n* `{{project_id}}/{{instance}}/{{host}}/{{name}}`\n\nSQL users for PostgreSQL databases can be imported using the `project`, `instance` and `name`, e.g.\n\n* `{{project_id}}/{{instance}}/{{name}}`\n\nWhen using the `pulumi import` command, NAME_HERE can be imported using one of the formats above. For example:\n\nMySQL database\n\n```sh\n$ pulumi import gcp:sql/user:User default {{project_id}}/{{instance}}/{{host}}/{{name}}\n```\n\nPostgreSQL database\n\n```sh\n$ pulumi import gcp:sql/user:User default {{project_id}}/{{instance}}/{{name}}\n```\n\n", "properties": { "deletionPolicy": { "type": "string", @@ -267906,7 +267906,7 @@ } }, "gcp:storage/bucketIAMBinding:BucketIAMBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud Storage Bucket. Each of these resources serves a different use case:\n\n* `gcp.storage.BucketIAMPolicy`: Authoritative. Sets the IAM policy for the bucket and replaces any existing policy already attached.\n* `gcp.storage.BucketIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the bucket are preserved.\n* `gcp.storage.BucketIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the bucket are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.storage.BucketIAMPolicy`: Retrieves the IAM policy for the bucket\n\n\u003e **Note:** `gcp.storage.BucketIAMPolicy` **cannot** be used in conjunction with `gcp.storage.BucketIAMBinding` and `gcp.storage.BucketIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.storage.BucketIAMBinding` resources **can be** used in conjunction with `gcp.storage.BucketIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.storage.BucketIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder()\n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder()\n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.BucketIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Storage.Inputs.BucketIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026storage.BucketIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(BucketIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.BucketIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Storage.Inputs.BucketIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026storage.BucketIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .condition(BucketIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Storage Bucket\nThree different resources help you manage your IAM policy for Cloud Storage Bucket. Each of these resources serves a different use case:\n\n* `gcp.storage.BucketIAMPolicy`: Authoritative. Sets the IAM policy for the bucket and replaces any existing policy already attached.\n* `gcp.storage.BucketIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the bucket are preserved.\n* `gcp.storage.BucketIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the bucket are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.storage.BucketIAMPolicy`: Retrieves the IAM policy for the bucket\n\n\u003e **Note:** `gcp.storage.BucketIAMPolicy` **cannot** be used in conjunction with `gcp.storage.BucketIAMBinding` and `gcp.storage.BucketIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.storage.BucketIAMBinding` resources **can be** used in conjunction with `gcp.storage.BucketIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.storage.BucketIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder()\n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder()\n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.BucketIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Storage.Inputs.BucketIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026storage.BucketIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(BucketIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.BucketIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Storage.Inputs.BucketIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026storage.BucketIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .condition(BucketIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* b/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Storage bucket IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMBinding:BucketIAMBinding editor \"b/{{bucket}} roles/storage.objectViewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMBinding:BucketIAMBinding editor \"b/{{bucket}} roles/storage.objectViewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMBinding:BucketIAMBinding editor b/{{bucket}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Storage Bucket. Each of these resources serves a different use case:\n\n* `gcp.storage.BucketIAMPolicy`: Authoritative. Sets the IAM policy for the bucket and replaces any existing policy already attached.\n* `gcp.storage.BucketIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the bucket are preserved.\n* `gcp.storage.BucketIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the bucket are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.storage.BucketIAMPolicy`: Retrieves the IAM policy for the bucket\n\n\u003e **Note:** `gcp.storage.BucketIAMPolicy` **cannot** be used in conjunction with `gcp.storage.BucketIAMBinding` and `gcp.storage.BucketIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.storage.BucketIAMBinding` resources **can be** used in conjunction with `gcp.storage.BucketIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.storage.BucketIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder()\n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder()\n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.BucketIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Storage.Inputs.BucketIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026storage.BucketIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(BucketIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.BucketIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Storage.Inputs.BucketIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026storage.BucketIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .condition(BucketIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Storage Bucket\nThree different resources help you manage your IAM policy for Cloud Storage Bucket. Each of these resources serves a different use case:\n\n* `gcp.storage.BucketIAMPolicy`: Authoritative. Sets the IAM policy for the bucket and replaces any existing policy already attached.\n* `gcp.storage.BucketIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the bucket are preserved.\n* `gcp.storage.BucketIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the bucket are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.storage.BucketIAMPolicy`: Retrieves the IAM policy for the bucket\n\n\u003e **Note:** `gcp.storage.BucketIAMPolicy` **cannot** be used in conjunction with `gcp.storage.BucketIAMBinding` and `gcp.storage.BucketIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.storage.BucketIAMBinding` resources **can be** used in conjunction with `gcp.storage.BucketIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.storage.BucketIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder()\n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder()\n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.BucketIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Storage.Inputs.BucketIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026storage.BucketIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(BucketIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.BucketIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Storage.Inputs.BucketIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026storage.BucketIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .condition(BucketIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* b/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Storage bucket IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMBinding:BucketIAMBinding editor \"b/{{bucket}} roles/storage.objectViewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMBinding:BucketIAMBinding editor \"b/{{bucket}} roles/storage.objectViewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMBinding:BucketIAMBinding editor b/{{bucket}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "bucket": { "type": "string", @@ -268001,7 +268001,7 @@ } }, "gcp:storage/bucketIAMMember:BucketIAMMember": { - "description": "Three different resources help you manage your IAM policy for Cloud Storage Bucket. Each of these resources serves a different use case:\n\n* `gcp.storage.BucketIAMPolicy`: Authoritative. Sets the IAM policy for the bucket and replaces any existing policy already attached.\n* `gcp.storage.BucketIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the bucket are preserved.\n* `gcp.storage.BucketIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the bucket are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.storage.BucketIAMPolicy`: Retrieves the IAM policy for the bucket\n\n\u003e **Note:** `gcp.storage.BucketIAMPolicy` **cannot** be used in conjunction with `gcp.storage.BucketIAMBinding` and `gcp.storage.BucketIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.storage.BucketIAMBinding` resources **can be** used in conjunction with `gcp.storage.BucketIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.storage.BucketIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder()\n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder()\n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.BucketIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Storage.Inputs.BucketIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026storage.BucketIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(BucketIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.BucketIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Storage.Inputs.BucketIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026storage.BucketIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .condition(BucketIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Storage Bucket\nThree different resources help you manage your IAM policy for Cloud Storage Bucket. Each of these resources serves a different use case:\n\n* `gcp.storage.BucketIAMPolicy`: Authoritative. Sets the IAM policy for the bucket and replaces any existing policy already attached.\n* `gcp.storage.BucketIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the bucket are preserved.\n* `gcp.storage.BucketIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the bucket are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.storage.BucketIAMPolicy`: Retrieves the IAM policy for the bucket\n\n\u003e **Note:** `gcp.storage.BucketIAMPolicy` **cannot** be used in conjunction with `gcp.storage.BucketIAMBinding` and `gcp.storage.BucketIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.storage.BucketIAMBinding` resources **can be** used in conjunction with `gcp.storage.BucketIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.storage.BucketIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder()\n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder()\n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.BucketIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Storage.Inputs.BucketIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026storage.BucketIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(BucketIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.BucketIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Storage.Inputs.BucketIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026storage.BucketIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .condition(BucketIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* b/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Storage bucket IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMMember:BucketIAMMember editor \"b/{{bucket}} roles/storage.objectViewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMMember:BucketIAMMember editor \"b/{{bucket}} roles/storage.objectViewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMMember:BucketIAMMember editor b/{{bucket}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Storage Bucket. Each of these resources serves a different use case:\n\n* `gcp.storage.BucketIAMPolicy`: Authoritative. Sets the IAM policy for the bucket and replaces any existing policy already attached.\n* `gcp.storage.BucketIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the bucket are preserved.\n* `gcp.storage.BucketIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the bucket are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.storage.BucketIAMPolicy`: Retrieves the IAM policy for the bucket\n\n\u003e **Note:** `gcp.storage.BucketIAMPolicy` **cannot** be used in conjunction with `gcp.storage.BucketIAMBinding` and `gcp.storage.BucketIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.storage.BucketIAMBinding` resources **can be** used in conjunction with `gcp.storage.BucketIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.storage.BucketIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder()\n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder()\n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.BucketIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Storage.Inputs.BucketIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026storage.BucketIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(BucketIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.BucketIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Storage.Inputs.BucketIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026storage.BucketIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .condition(BucketIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Storage Bucket\nThree different resources help you manage your IAM policy for Cloud Storage Bucket. Each of these resources serves a different use case:\n\n* `gcp.storage.BucketIAMPolicy`: Authoritative. Sets the IAM policy for the bucket and replaces any existing policy already attached.\n* `gcp.storage.BucketIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the bucket are preserved.\n* `gcp.storage.BucketIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the bucket are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.storage.BucketIAMPolicy`: Retrieves the IAM policy for the bucket\n\n\u003e **Note:** `gcp.storage.BucketIAMPolicy` **cannot** be used in conjunction with `gcp.storage.BucketIAMBinding` and `gcp.storage.BucketIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.storage.BucketIAMBinding` resources **can be** used in conjunction with `gcp.storage.BucketIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.storage.BucketIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder()\n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder()\n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.BucketIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Storage.Inputs.BucketIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026storage.BucketIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(BucketIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.BucketIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Storage.Inputs.BucketIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026storage.BucketIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .condition(BucketIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* b/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Storage bucket IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMMember:BucketIAMMember editor \"b/{{bucket}} roles/storage.objectViewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMMember:BucketIAMMember editor \"b/{{bucket}} roles/storage.objectViewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMMember:BucketIAMMember editor b/{{bucket}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "bucket": { "type": "string", @@ -268089,7 +268089,7 @@ } }, "gcp:storage/bucketIAMPolicy:BucketIAMPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud Storage Bucket. Each of these resources serves a different use case:\n\n* `gcp.storage.BucketIAMPolicy`: Authoritative. Sets the IAM policy for the bucket and replaces any existing policy already attached.\n* `gcp.storage.BucketIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the bucket are preserved.\n* `gcp.storage.BucketIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the bucket are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.storage.BucketIAMPolicy`: Retrieves the IAM policy for the bucket\n\n\u003e **Note:** `gcp.storage.BucketIAMPolicy` **cannot** be used in conjunction with `gcp.storage.BucketIAMBinding` and `gcp.storage.BucketIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.storage.BucketIAMBinding` resources **can be** used in conjunction with `gcp.storage.BucketIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.storage.BucketIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder()\n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder()\n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.BucketIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Storage.Inputs.BucketIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026storage.BucketIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(BucketIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.BucketIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Storage.Inputs.BucketIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026storage.BucketIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .condition(BucketIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Storage Bucket\nThree different resources help you manage your IAM policy for Cloud Storage Bucket. Each of these resources serves a different use case:\n\n* `gcp.storage.BucketIAMPolicy`: Authoritative. Sets the IAM policy for the bucket and replaces any existing policy already attached.\n* `gcp.storage.BucketIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the bucket are preserved.\n* `gcp.storage.BucketIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the bucket are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.storage.BucketIAMPolicy`: Retrieves the IAM policy for the bucket\n\n\u003e **Note:** `gcp.storage.BucketIAMPolicy` **cannot** be used in conjunction with `gcp.storage.BucketIAMBinding` and `gcp.storage.BucketIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.storage.BucketIAMBinding` resources **can be** used in conjunction with `gcp.storage.BucketIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.storage.BucketIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder()\n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder()\n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.BucketIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Storage.Inputs.BucketIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026storage.BucketIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(BucketIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.BucketIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Storage.Inputs.BucketIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026storage.BucketIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .condition(BucketIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* b/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Storage bucket IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMPolicy:BucketIAMPolicy editor \"b/{{bucket}} roles/storage.objectViewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMPolicy:BucketIAMPolicy editor \"b/{{bucket}} roles/storage.objectViewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMPolicy:BucketIAMPolicy editor b/{{bucket}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Storage Bucket. Each of these resources serves a different use case:\n\n* `gcp.storage.BucketIAMPolicy`: Authoritative. Sets the IAM policy for the bucket and replaces any existing policy already attached.\n* `gcp.storage.BucketIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the bucket are preserved.\n* `gcp.storage.BucketIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the bucket are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.storage.BucketIAMPolicy`: Retrieves the IAM policy for the bucket\n\n\u003e **Note:** `gcp.storage.BucketIAMPolicy` **cannot** be used in conjunction with `gcp.storage.BucketIAMBinding` and `gcp.storage.BucketIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.storage.BucketIAMBinding` resources **can be** used in conjunction with `gcp.storage.BucketIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.storage.BucketIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder()\n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder()\n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.BucketIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Storage.Inputs.BucketIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026storage.BucketIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(BucketIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.BucketIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Storage.Inputs.BucketIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026storage.BucketIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .condition(BucketIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## This resource supports User Project Overrides.\n\n-\n\n# IAM policy for Cloud Storage Bucket\nThree different resources help you manage your IAM policy for Cloud Storage Bucket. Each of these resources serves a different use case:\n\n* `gcp.storage.BucketIAMPolicy`: Authoritative. Sets the IAM policy for the bucket and replaces any existing policy already attached.\n* `gcp.storage.BucketIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the bucket are preserved.\n* `gcp.storage.BucketIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the bucket are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.storage.BucketIAMPolicy`: Retrieves the IAM policy for the bucket\n\n\u003e **Note:** `gcp.storage.BucketIAMPolicy` **cannot** be used in conjunction with `gcp.storage.BucketIAMBinding` and `gcp.storage.BucketIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.storage.BucketIAMBinding` resources **can be** used in conjunction with `gcp.storage.BucketIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.storage.BucketIAMPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder()\n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder()\n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.BucketIAMBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Storage.Inputs.BucketIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026storage.BucketIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(BucketIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.BucketIAMMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Storage.Inputs.BucketIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026storage.BucketIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder()\n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .condition(BucketIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* b/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Storage bucket IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMPolicy:BucketIAMPolicy editor \"b/{{bucket}} roles/storage.objectViewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMPolicy:BucketIAMPolicy editor \"b/{{bucket}} roles/storage.objectViewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMPolicy:BucketIAMPolicy editor b/{{bucket}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "bucket": { "type": "string", @@ -268736,7 +268736,7 @@ } }, "gcp:storage/insightsReportConfig:InsightsReportConfig": { - "description": "Represents an inventory report configuration.\n\n\nTo get more information about ReportConfig, see:\n\n* [API documentation](https://cloud.google.com/storage/docs/json_api/v1/reportConfig)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/storage/docs/insights/using-storage-insights)\n\n## Example Usage\n\n### Storage Insights Report Config\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst reportBucket = new gcp.storage.Bucket(\"report_bucket\", {\n name: \"my-bucket\",\n location: \"us-central1\",\n forceDestroy: true,\n uniformBucketLevelAccess: true,\n});\nconst admin = new gcp.storage.BucketIAMMember(\"admin\", {\n bucket: reportBucket.name,\n role: \"roles/storage.admin\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-storageinsights.iam.gserviceaccount.com`),\n});\nconst config = new gcp.storage.InsightsReportConfig(\"config\", {\n displayName: \"Test Report Config\",\n location: \"us-central1\",\n frequencyOptions: {\n frequency: \"WEEKLY\",\n startDate: {\n day: 15,\n month: 3,\n year: 2050,\n },\n endDate: {\n day: 15,\n month: 4,\n year: 2050,\n },\n },\n csvOptions: {\n recordSeparator: \"\\n\",\n delimiter: \",\",\n headerRequired: false,\n },\n objectMetadataReportOptions: {\n metadataFields: [\n \"bucket\",\n \"name\",\n \"project\",\n ],\n storageFilters: {\n bucket: reportBucket.name,\n },\n storageDestinationOptions: {\n bucket: reportBucket.name,\n destinationPath: \"test-insights-reports\",\n },\n },\n}, {\n dependsOn: [admin],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nreport_bucket = gcp.storage.Bucket(\"report_bucket\",\n name=\"my-bucket\",\n location=\"us-central1\",\n force_destroy=True,\n uniform_bucket_level_access=True)\nadmin = gcp.storage.BucketIAMMember(\"admin\",\n bucket=report_bucket.name,\n role=\"roles/storage.admin\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-storageinsights.iam.gserviceaccount.com\")\nconfig = gcp.storage.InsightsReportConfig(\"config\",\n display_name=\"Test Report Config\",\n location=\"us-central1\",\n frequency_options={\n \"frequency\": \"WEEKLY\",\n \"start_date\": {\n \"day\": 15,\n \"month\": 3,\n \"year\": 2050,\n },\n \"end_date\": {\n \"day\": 15,\n \"month\": 4,\n \"year\": 2050,\n },\n },\n csv_options={\n \"record_separator\": \"\\n\",\n \"delimiter\": \",\",\n \"header_required\": False,\n },\n object_metadata_report_options={\n \"metadata_fields\": [\n \"bucket\",\n \"name\",\n \"project\",\n ],\n \"storage_filters\": {\n \"bucket\": report_bucket.name,\n },\n \"storage_destination_options\": {\n \"bucket\": report_bucket.name,\n \"destination_path\": \"test-insights-reports\",\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[admin]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var reportBucket = new Gcp.Storage.Bucket(\"report_bucket\", new()\n {\n Name = \"my-bucket\",\n Location = \"us-central1\",\n ForceDestroy = true,\n UniformBucketLevelAccess = true,\n });\n\n var admin = new Gcp.Storage.BucketIAMMember(\"admin\", new()\n {\n Bucket = reportBucket.Name,\n Role = \"roles/storage.admin\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-storageinsights.iam.gserviceaccount.com\",\n });\n\n var config = new Gcp.Storage.InsightsReportConfig(\"config\", new()\n {\n DisplayName = \"Test Report Config\",\n Location = \"us-central1\",\n FrequencyOptions = new Gcp.Storage.Inputs.InsightsReportConfigFrequencyOptionsArgs\n {\n Frequency = \"WEEKLY\",\n StartDate = new Gcp.Storage.Inputs.InsightsReportConfigFrequencyOptionsStartDateArgs\n {\n Day = 15,\n Month = 3,\n Year = 2050,\n },\n EndDate = new Gcp.Storage.Inputs.InsightsReportConfigFrequencyOptionsEndDateArgs\n {\n Day = 15,\n Month = 4,\n Year = 2050,\n },\n },\n CsvOptions = new Gcp.Storage.Inputs.InsightsReportConfigCsvOptionsArgs\n {\n RecordSeparator = @\"\n\",\n Delimiter = \",\",\n HeaderRequired = false,\n },\n ObjectMetadataReportOptions = new Gcp.Storage.Inputs.InsightsReportConfigObjectMetadataReportOptionsArgs\n {\n MetadataFields = new[]\n {\n \"bucket\",\n \"name\",\n \"project\",\n },\n StorageFilters = new Gcp.Storage.Inputs.InsightsReportConfigObjectMetadataReportOptionsStorageFiltersArgs\n {\n Bucket = reportBucket.Name,\n },\n StorageDestinationOptions = new Gcp.Storage.Inputs.InsightsReportConfigObjectMetadataReportOptionsStorageDestinationOptionsArgs\n {\n Bucket = reportBucket.Name,\n DestinationPath = \"test-insights-reports\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n admin,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treportBucket, err := storage.NewBucket(ctx, \"report_bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"my-bucket\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := storage.NewBucketIAMMember(ctx, \"admin\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: reportBucket.Name,\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-storageinsights.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewInsightsReportConfig(ctx, \"config\", \u0026storage.InsightsReportConfigArgs{\n\t\t\tDisplayName: pulumi.String(\"Test Report Config\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tFrequencyOptions: \u0026storage.InsightsReportConfigFrequencyOptionsArgs{\n\t\t\t\tFrequency: pulumi.String(\"WEEKLY\"),\n\t\t\t\tStartDate: \u0026storage.InsightsReportConfigFrequencyOptionsStartDateArgs{\n\t\t\t\t\tDay: pulumi.Int(15),\n\t\t\t\t\tMonth: pulumi.Int(3),\n\t\t\t\t\tYear: pulumi.Int(2050),\n\t\t\t\t},\n\t\t\t\tEndDate: \u0026storage.InsightsReportConfigFrequencyOptionsEndDateArgs{\n\t\t\t\t\tDay: pulumi.Int(15),\n\t\t\t\t\tMonth: pulumi.Int(4),\n\t\t\t\t\tYear: pulumi.Int(2050),\n\t\t\t\t},\n\t\t\t},\n\t\t\tCsvOptions: \u0026storage.InsightsReportConfigCsvOptionsArgs{\n\t\t\t\tRecordSeparator: pulumi.String(\"\\n\"),\n\t\t\t\tDelimiter: pulumi.String(\",\"),\n\t\t\t\tHeaderRequired: pulumi.Bool(false),\n\t\t\t},\n\t\t\tObjectMetadataReportOptions: \u0026storage.InsightsReportConfigObjectMetadataReportOptionsArgs{\n\t\t\t\tMetadataFields: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"bucket\"),\n\t\t\t\t\tpulumi.String(\"name\"),\n\t\t\t\t\tpulumi.String(\"project\"),\n\t\t\t\t},\n\t\t\t\tStorageFilters: \u0026storage.InsightsReportConfigObjectMetadataReportOptionsStorageFiltersArgs{\n\t\t\t\t\tBucket: reportBucket.Name,\n\t\t\t\t},\n\t\t\t\tStorageDestinationOptions: \u0026storage.InsightsReportConfigObjectMetadataReportOptionsStorageDestinationOptionsArgs{\n\t\t\t\t\tBucket: reportBucket.Name,\n\t\t\t\t\tDestinationPath: pulumi.String(\"test-insights-reports\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tadmin,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.gcp.storage.InsightsReportConfig;\nimport com.pulumi.gcp.storage.InsightsReportConfigArgs;\nimport com.pulumi.gcp.storage.inputs.InsightsReportConfigFrequencyOptionsArgs;\nimport com.pulumi.gcp.storage.inputs.InsightsReportConfigFrequencyOptionsStartDateArgs;\nimport com.pulumi.gcp.storage.inputs.InsightsReportConfigFrequencyOptionsEndDateArgs;\nimport com.pulumi.gcp.storage.inputs.InsightsReportConfigCsvOptionsArgs;\nimport com.pulumi.gcp.storage.inputs.InsightsReportConfigObjectMetadataReportOptionsArgs;\nimport com.pulumi.gcp.storage.inputs.InsightsReportConfigObjectMetadataReportOptionsStorageFiltersArgs;\nimport com.pulumi.gcp.storage.inputs.InsightsReportConfigObjectMetadataReportOptionsStorageDestinationOptionsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var reportBucket = new Bucket(\"reportBucket\", BucketArgs.builder()\n .name(\"my-bucket\")\n .location(\"us-central1\")\n .forceDestroy(true)\n .uniformBucketLevelAccess(true)\n .build());\n\n var admin = new BucketIAMMember(\"admin\", BucketIAMMemberArgs.builder()\n .bucket(reportBucket.name())\n .role(\"roles/storage.admin\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-storageinsights.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var config = new InsightsReportConfig(\"config\", InsightsReportConfigArgs.builder()\n .displayName(\"Test Report Config\")\n .location(\"us-central1\")\n .frequencyOptions(InsightsReportConfigFrequencyOptionsArgs.builder()\n .frequency(\"WEEKLY\")\n .startDate(InsightsReportConfigFrequencyOptionsStartDateArgs.builder()\n .day(15)\n .month(3)\n .year(2050)\n .build())\n .endDate(InsightsReportConfigFrequencyOptionsEndDateArgs.builder()\n .day(15)\n .month(4)\n .year(2050)\n .build())\n .build())\n .csvOptions(InsightsReportConfigCsvOptionsArgs.builder()\n .recordSeparator(\"\"\"\n\n \"\"\")\n .delimiter(\",\")\n .headerRequired(false)\n .build())\n .objectMetadataReportOptions(InsightsReportConfigObjectMetadataReportOptionsArgs.builder()\n .metadataFields( \n \"bucket\",\n \"name\",\n \"project\")\n .storageFilters(InsightsReportConfigObjectMetadataReportOptionsStorageFiltersArgs.builder()\n .bucket(reportBucket.name())\n .build())\n .storageDestinationOptions(InsightsReportConfigObjectMetadataReportOptionsStorageDestinationOptionsArgs.builder()\n .bucket(reportBucket.name())\n .destinationPath(\"test-insights-reports\")\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(admin)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n config:\n type: gcp:storage:InsightsReportConfig\n properties:\n displayName: Test Report Config\n location: us-central1\n frequencyOptions:\n frequency: WEEKLY\n startDate:\n day: 15\n month: 3\n year: 2050\n endDate:\n day: 15\n month: 4\n year: 2050\n csvOptions:\n recordSeparator: |2+\n delimiter: ','\n headerRequired: false\n objectMetadataReportOptions:\n metadataFields:\n - bucket\n - name\n - project\n storageFilters:\n bucket: ${reportBucket.name}\n storageDestinationOptions:\n bucket: ${reportBucket.name}\n destinationPath: test-insights-reports\n options:\n dependson:\n - ${admin}\n reportBucket:\n type: gcp:storage:Bucket\n name: report_bucket\n properties:\n name: my-bucket\n location: us-central1\n forceDestroy: true\n uniformBucketLevelAccess: true\n admin:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${reportBucket.name}\n role: roles/storage.admin\n member: serviceAccount:service-${project.number}@gcp-sa-storageinsights.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nReportConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/reportConfigs/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, ReportConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:storage/insightsReportConfig:InsightsReportConfig default projects/{{project}}/locations/{{location}}/reportConfigs/{{name}}\n```\n\n```sh\n$ pulumi import gcp:storage/insightsReportConfig:InsightsReportConfig default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:storage/insightsReportConfig:InsightsReportConfig default {{location}}/{{name}}\n```\n\n", + "description": "Represents an inventory report configuration.\n\n\nTo get more information about ReportConfig, see:\n\n* [API documentation](https://cloud.google.com/storage/docs/json_api/v1/reportConfig)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/storage/docs/insights/using-storage-insights)\n\n## Example Usage\n\n### Storage Insights Report Config\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst reportBucket = new gcp.storage.Bucket(\"report_bucket\", {\n name: \"my-bucket\",\n location: \"us-central1\",\n forceDestroy: true,\n uniformBucketLevelAccess: true,\n});\nconst admin = new gcp.storage.BucketIAMMember(\"admin\", {\n bucket: reportBucket.name,\n role: \"roles/storage.admin\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-storageinsights.iam.gserviceaccount.com`),\n});\nconst config = new gcp.storage.InsightsReportConfig(\"config\", {\n displayName: \"Test Report Config\",\n location: \"us-central1\",\n frequencyOptions: {\n frequency: \"WEEKLY\",\n startDate: {\n day: 15,\n month: 3,\n year: 2050,\n },\n endDate: {\n day: 15,\n month: 4,\n year: 2050,\n },\n },\n csvOptions: {\n recordSeparator: \"\\n\",\n delimiter: \",\",\n headerRequired: false,\n },\n objectMetadataReportOptions: {\n metadataFields: [\n \"bucket\",\n \"name\",\n \"project\",\n ],\n storageFilters: {\n bucket: reportBucket.name,\n },\n storageDestinationOptions: {\n bucket: reportBucket.name,\n destinationPath: \"test-insights-reports\",\n },\n },\n}, {\n dependsOn: [admin],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nreport_bucket = gcp.storage.Bucket(\"report_bucket\",\n name=\"my-bucket\",\n location=\"us-central1\",\n force_destroy=True,\n uniform_bucket_level_access=True)\nadmin = gcp.storage.BucketIAMMember(\"admin\",\n bucket=report_bucket.name,\n role=\"roles/storage.admin\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-storageinsights.iam.gserviceaccount.com\")\nconfig = gcp.storage.InsightsReportConfig(\"config\",\n display_name=\"Test Report Config\",\n location=\"us-central1\",\n frequency_options={\n \"frequency\": \"WEEKLY\",\n \"start_date\": {\n \"day\": 15,\n \"month\": 3,\n \"year\": 2050,\n },\n \"end_date\": {\n \"day\": 15,\n \"month\": 4,\n \"year\": 2050,\n },\n },\n csv_options={\n \"record_separator\": \"\\n\",\n \"delimiter\": \",\",\n \"header_required\": False,\n },\n object_metadata_report_options={\n \"metadata_fields\": [\n \"bucket\",\n \"name\",\n \"project\",\n ],\n \"storage_filters\": {\n \"bucket\": report_bucket.name,\n },\n \"storage_destination_options\": {\n \"bucket\": report_bucket.name,\n \"destination_path\": \"test-insights-reports\",\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[admin]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var reportBucket = new Gcp.Storage.Bucket(\"report_bucket\", new()\n {\n Name = \"my-bucket\",\n Location = \"us-central1\",\n ForceDestroy = true,\n UniformBucketLevelAccess = true,\n });\n\n var admin = new Gcp.Storage.BucketIAMMember(\"admin\", new()\n {\n Bucket = reportBucket.Name,\n Role = \"roles/storage.admin\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-storageinsights.iam.gserviceaccount.com\",\n });\n\n var config = new Gcp.Storage.InsightsReportConfig(\"config\", new()\n {\n DisplayName = \"Test Report Config\",\n Location = \"us-central1\",\n FrequencyOptions = new Gcp.Storage.Inputs.InsightsReportConfigFrequencyOptionsArgs\n {\n Frequency = \"WEEKLY\",\n StartDate = new Gcp.Storage.Inputs.InsightsReportConfigFrequencyOptionsStartDateArgs\n {\n Day = 15,\n Month = 3,\n Year = 2050,\n },\n EndDate = new Gcp.Storage.Inputs.InsightsReportConfigFrequencyOptionsEndDateArgs\n {\n Day = 15,\n Month = 4,\n Year = 2050,\n },\n },\n CsvOptions = new Gcp.Storage.Inputs.InsightsReportConfigCsvOptionsArgs\n {\n RecordSeparator = @\"\n\",\n Delimiter = \",\",\n HeaderRequired = false,\n },\n ObjectMetadataReportOptions = new Gcp.Storage.Inputs.InsightsReportConfigObjectMetadataReportOptionsArgs\n {\n MetadataFields = new[]\n {\n \"bucket\",\n \"name\",\n \"project\",\n },\n StorageFilters = new Gcp.Storage.Inputs.InsightsReportConfigObjectMetadataReportOptionsStorageFiltersArgs\n {\n Bucket = reportBucket.Name,\n },\n StorageDestinationOptions = new Gcp.Storage.Inputs.InsightsReportConfigObjectMetadataReportOptionsStorageDestinationOptionsArgs\n {\n Bucket = reportBucket.Name,\n DestinationPath = \"test-insights-reports\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n admin,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treportBucket, err := storage.NewBucket(ctx, \"report_bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"my-bucket\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := storage.NewBucketIAMMember(ctx, \"admin\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: reportBucket.Name,\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-storageinsights.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewInsightsReportConfig(ctx, \"config\", \u0026storage.InsightsReportConfigArgs{\n\t\t\tDisplayName: pulumi.String(\"Test Report Config\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tFrequencyOptions: \u0026storage.InsightsReportConfigFrequencyOptionsArgs{\n\t\t\t\tFrequency: pulumi.String(\"WEEKLY\"),\n\t\t\t\tStartDate: \u0026storage.InsightsReportConfigFrequencyOptionsStartDateArgs{\n\t\t\t\t\tDay: pulumi.Int(15),\n\t\t\t\t\tMonth: pulumi.Int(3),\n\t\t\t\t\tYear: pulumi.Int(2050),\n\t\t\t\t},\n\t\t\t\tEndDate: \u0026storage.InsightsReportConfigFrequencyOptionsEndDateArgs{\n\t\t\t\t\tDay: pulumi.Int(15),\n\t\t\t\t\tMonth: pulumi.Int(4),\n\t\t\t\t\tYear: pulumi.Int(2050),\n\t\t\t\t},\n\t\t\t},\n\t\t\tCsvOptions: \u0026storage.InsightsReportConfigCsvOptionsArgs{\n\t\t\t\tRecordSeparator: pulumi.String(\"\\n\"),\n\t\t\t\tDelimiter: pulumi.String(\",\"),\n\t\t\t\tHeaderRequired: pulumi.Bool(false),\n\t\t\t},\n\t\t\tObjectMetadataReportOptions: \u0026storage.InsightsReportConfigObjectMetadataReportOptionsArgs{\n\t\t\t\tMetadataFields: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"bucket\"),\n\t\t\t\t\tpulumi.String(\"name\"),\n\t\t\t\t\tpulumi.String(\"project\"),\n\t\t\t\t},\n\t\t\t\tStorageFilters: \u0026storage.InsightsReportConfigObjectMetadataReportOptionsStorageFiltersArgs{\n\t\t\t\t\tBucket: reportBucket.Name,\n\t\t\t\t},\n\t\t\t\tStorageDestinationOptions: \u0026storage.InsightsReportConfigObjectMetadataReportOptionsStorageDestinationOptionsArgs{\n\t\t\t\t\tBucket: reportBucket.Name,\n\t\t\t\t\tDestinationPath: pulumi.String(\"test-insights-reports\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tadmin,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.gcp.storage.InsightsReportConfig;\nimport com.pulumi.gcp.storage.InsightsReportConfigArgs;\nimport com.pulumi.gcp.storage.inputs.InsightsReportConfigFrequencyOptionsArgs;\nimport com.pulumi.gcp.storage.inputs.InsightsReportConfigFrequencyOptionsStartDateArgs;\nimport com.pulumi.gcp.storage.inputs.InsightsReportConfigFrequencyOptionsEndDateArgs;\nimport com.pulumi.gcp.storage.inputs.InsightsReportConfigCsvOptionsArgs;\nimport com.pulumi.gcp.storage.inputs.InsightsReportConfigObjectMetadataReportOptionsArgs;\nimport com.pulumi.gcp.storage.inputs.InsightsReportConfigObjectMetadataReportOptionsStorageFiltersArgs;\nimport com.pulumi.gcp.storage.inputs.InsightsReportConfigObjectMetadataReportOptionsStorageDestinationOptionsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var reportBucket = new Bucket(\"reportBucket\", BucketArgs.builder()\n .name(\"my-bucket\")\n .location(\"us-central1\")\n .forceDestroy(true)\n .uniformBucketLevelAccess(true)\n .build());\n\n var admin = new BucketIAMMember(\"admin\", BucketIAMMemberArgs.builder()\n .bucket(reportBucket.name())\n .role(\"roles/storage.admin\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-storageinsights.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var config = new InsightsReportConfig(\"config\", InsightsReportConfigArgs.builder()\n .displayName(\"Test Report Config\")\n .location(\"us-central1\")\n .frequencyOptions(InsightsReportConfigFrequencyOptionsArgs.builder()\n .frequency(\"WEEKLY\")\n .startDate(InsightsReportConfigFrequencyOptionsStartDateArgs.builder()\n .day(15)\n .month(3)\n .year(2050)\n .build())\n .endDate(InsightsReportConfigFrequencyOptionsEndDateArgs.builder()\n .day(15)\n .month(4)\n .year(2050)\n .build())\n .build())\n .csvOptions(InsightsReportConfigCsvOptionsArgs.builder()\n .recordSeparator(\"\"\"\n\n \"\"\")\n .delimiter(\",\")\n .headerRequired(false)\n .build())\n .objectMetadataReportOptions(InsightsReportConfigObjectMetadataReportOptionsArgs.builder()\n .metadataFields( \n \"bucket\",\n \"name\",\n \"project\")\n .storageFilters(InsightsReportConfigObjectMetadataReportOptionsStorageFiltersArgs.builder()\n .bucket(reportBucket.name())\n .build())\n .storageDestinationOptions(InsightsReportConfigObjectMetadataReportOptionsStorageDestinationOptionsArgs.builder()\n .bucket(reportBucket.name())\n .destinationPath(\"test-insights-reports\")\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(admin)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n config:\n type: gcp:storage:InsightsReportConfig\n properties:\n displayName: Test Report Config\n location: us-central1\n frequencyOptions:\n frequency: WEEKLY\n startDate:\n day: 15\n month: 3\n year: 2050\n endDate:\n day: 15\n month: 4\n year: 2050\n csvOptions:\n recordSeparator: |2+\n delimiter: ','\n headerRequired: false\n objectMetadataReportOptions:\n metadataFields:\n - bucket\n - name\n - project\n storageFilters:\n bucket: ${reportBucket.name}\n storageDestinationOptions:\n bucket: ${reportBucket.name}\n destinationPath: test-insights-reports\n options:\n dependsOn:\n - ${admin}\n reportBucket:\n type: gcp:storage:Bucket\n name: report_bucket\n properties:\n name: my-bucket\n location: us-central1\n forceDestroy: true\n uniformBucketLevelAccess: true\n admin:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${reportBucket.name}\n role: roles/storage.admin\n member: serviceAccount:service-${project.number}@gcp-sa-storageinsights.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nReportConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/reportConfigs/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, ReportConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:storage/insightsReportConfig:InsightsReportConfig default projects/{{project}}/locations/{{location}}/reportConfigs/{{name}}\n```\n\n```sh\n$ pulumi import gcp:storage/insightsReportConfig:InsightsReportConfig default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:storage/insightsReportConfig:InsightsReportConfig default {{location}}/{{name}}\n```\n\n", "properties": { "csvOptions": { "$ref": "#/types/gcp:storage/InsightsReportConfigCsvOptions:InsightsReportConfigCsvOptions", @@ -268936,7 +268936,7 @@ } }, "gcp:storage/managedFolderIamBinding:ManagedFolderIamBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud Storage ManagedFolder. Each of these resources serves a different use case:\n\n* `gcp.storage.ManagedFolderIamPolicy`: Authoritative. Sets the IAM policy for the managedfolder and replaces any existing policy already attached.\n* `gcp.storage.ManagedFolderIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedfolder are preserved.\n* `gcp.storage.ManagedFolderIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedfolder are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.storage.ManagedFolderIamPolicy`: Retrieves the IAM policy for the managedfolder\n\n\u003e **Note:** `gcp.storage.ManagedFolderIamPolicy` **cannot** be used in conjunction with `gcp.storage.ManagedFolderIamBinding` and `gcp.storage.ManagedFolderIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.storage.ManagedFolderIamBinding` resources **can be** used in conjunction with `gcp.storage.ManagedFolderIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.storage.ManagedFolderIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.storage.ManagedFolderIamPolicy(\"policy\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.storage.ManagedFolderIamPolicy(\"policy\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.ManagedFolderIamPolicy(\"policy\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewManagedFolderIamPolicy(ctx, \"policy\", \u0026storage.ManagedFolderIamPolicyArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicy;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ManagedFolderIamPolicy(\"policy\", ManagedFolderIamPolicyArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:ManagedFolderIamPolicy\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.storage.ManagedFolderIamPolicy(\"policy\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.storage.ManagedFolderIamPolicy(\"policy\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.ManagedFolderIamPolicy(\"policy\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewManagedFolderIamPolicy(ctx, \"policy\", \u0026storage.ManagedFolderIamPolicyArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicy;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new ManagedFolderIamPolicy(\"policy\", ManagedFolderIamPolicyArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:ManagedFolderIamPolicy\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.ManagedFolderIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.ManagedFolderIamBinding(\"binding\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.ManagedFolderIamBinding(\"binding\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.ManagedFolderIamBinding(\"binding\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamBinding(ctx, \"binding\", \u0026storage.ManagedFolderIamBindingArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamBinding;\nimport com.pulumi.gcp.storage.ManagedFolderIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ManagedFolderIamBinding(\"binding\", ManagedFolderIamBindingArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:ManagedFolderIamBinding\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.ManagedFolderIamBinding(\"binding\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.ManagedFolderIamBinding(\"binding\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.ManagedFolderIamBinding(\"binding\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Storage.Inputs.ManagedFolderIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamBinding(ctx, \"binding\", \u0026storage.ManagedFolderIamBindingArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026storage.ManagedFolderIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamBinding;\nimport com.pulumi.gcp.storage.ManagedFolderIamBindingArgs;\nimport com.pulumi.gcp.storage.inputs.ManagedFolderIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ManagedFolderIamBinding(\"binding\", ManagedFolderIamBindingArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(ManagedFolderIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:ManagedFolderIamBinding\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.ManagedFolderIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.ManagedFolderIamMember(\"member\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.ManagedFolderIamMember(\"member\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.ManagedFolderIamMember(\"member\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamMember(ctx, \"member\", \u0026storage.ManagedFolderIamMemberArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamMember;\nimport com.pulumi.gcp.storage.ManagedFolderIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ManagedFolderIamMember(\"member\", ManagedFolderIamMemberArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:ManagedFolderIamMember\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.ManagedFolderIamMember(\"member\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.ManagedFolderIamMember(\"member\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.ManagedFolderIamMember(\"member\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Storage.Inputs.ManagedFolderIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamMember(ctx, \"member\", \u0026storage.ManagedFolderIamMemberArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026storage.ManagedFolderIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamMember;\nimport com.pulumi.gcp.storage.ManagedFolderIamMemberArgs;\nimport com.pulumi.gcp.storage.inputs.ManagedFolderIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ManagedFolderIamMember(\"member\", ManagedFolderIamMemberArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .condition(ManagedFolderIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:ManagedFolderIamMember\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Cloud Storage ManagedFolder\nThree different resources help you manage your IAM policy for Cloud Storage ManagedFolder. Each of these resources serves a different use case:\n\n* `gcp.storage.ManagedFolderIamPolicy`: Authoritative. Sets the IAM policy for the managedfolder and replaces any existing policy already attached.\n* `gcp.storage.ManagedFolderIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedfolder are preserved.\n* `gcp.storage.ManagedFolderIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedfolder are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.storage.ManagedFolderIamPolicy`: Retrieves the IAM policy for the managedfolder\n\n\u003e **Note:** `gcp.storage.ManagedFolderIamPolicy` **cannot** be used in conjunction with `gcp.storage.ManagedFolderIamBinding` and `gcp.storage.ManagedFolderIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.storage.ManagedFolderIamBinding` resources **can be** used in conjunction with `gcp.storage.ManagedFolderIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.storage.ManagedFolderIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.storage.ManagedFolderIamPolicy(\"policy\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.storage.ManagedFolderIamPolicy(\"policy\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.ManagedFolderIamPolicy(\"policy\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewManagedFolderIamPolicy(ctx, \"policy\", \u0026storage.ManagedFolderIamPolicyArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicy;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ManagedFolderIamPolicy(\"policy\", ManagedFolderIamPolicyArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:ManagedFolderIamPolicy\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.storage.ManagedFolderIamPolicy(\"policy\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.storage.ManagedFolderIamPolicy(\"policy\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.ManagedFolderIamPolicy(\"policy\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewManagedFolderIamPolicy(ctx, \"policy\", \u0026storage.ManagedFolderIamPolicyArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicy;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new ManagedFolderIamPolicy(\"policy\", ManagedFolderIamPolicyArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:ManagedFolderIamPolicy\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.ManagedFolderIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.ManagedFolderIamBinding(\"binding\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.ManagedFolderIamBinding(\"binding\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.ManagedFolderIamBinding(\"binding\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamBinding(ctx, \"binding\", \u0026storage.ManagedFolderIamBindingArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamBinding;\nimport com.pulumi.gcp.storage.ManagedFolderIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ManagedFolderIamBinding(\"binding\", ManagedFolderIamBindingArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:ManagedFolderIamBinding\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.ManagedFolderIamBinding(\"binding\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.ManagedFolderIamBinding(\"binding\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.ManagedFolderIamBinding(\"binding\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Storage.Inputs.ManagedFolderIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamBinding(ctx, \"binding\", \u0026storage.ManagedFolderIamBindingArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026storage.ManagedFolderIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamBinding;\nimport com.pulumi.gcp.storage.ManagedFolderIamBindingArgs;\nimport com.pulumi.gcp.storage.inputs.ManagedFolderIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ManagedFolderIamBinding(\"binding\", ManagedFolderIamBindingArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(ManagedFolderIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:ManagedFolderIamBinding\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.ManagedFolderIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.ManagedFolderIamMember(\"member\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.ManagedFolderIamMember(\"member\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.ManagedFolderIamMember(\"member\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamMember(ctx, \"member\", \u0026storage.ManagedFolderIamMemberArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamMember;\nimport com.pulumi.gcp.storage.ManagedFolderIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ManagedFolderIamMember(\"member\", ManagedFolderIamMemberArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:ManagedFolderIamMember\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.ManagedFolderIamMember(\"member\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.ManagedFolderIamMember(\"member\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.ManagedFolderIamMember(\"member\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Storage.Inputs.ManagedFolderIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamMember(ctx, \"member\", \u0026storage.ManagedFolderIamMemberArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026storage.ManagedFolderIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamMember;\nimport com.pulumi.gcp.storage.ManagedFolderIamMemberArgs;\nimport com.pulumi.gcp.storage.inputs.ManagedFolderIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ManagedFolderIamMember(\"member\", ManagedFolderIamMemberArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .condition(ManagedFolderIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:ManagedFolderIamMember\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* b/{{bucket}}/managedFolders/{{managed_folder}}\n\n* {{bucket}}/{{managed_folder}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Storage managedfolder IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:storage/managedFolderIamBinding:ManagedFolderIamBinding editor \"b/{{bucket}}/managedFolders/{{managed_folder}} roles/storage.objectViewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:storage/managedFolderIamBinding:ManagedFolderIamBinding editor \"b/{{bucket}}/managedFolders/{{managed_folder}} roles/storage.objectViewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:storage/managedFolderIamBinding:ManagedFolderIamBinding editor b/{{bucket}}/managedFolders/{{managed_folder}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Storage ManagedFolder. Each of these resources serves a different use case:\n\n* `gcp.storage.ManagedFolderIamPolicy`: Authoritative. Sets the IAM policy for the managedfolder and replaces any existing policy already attached.\n* `gcp.storage.ManagedFolderIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedfolder are preserved.\n* `gcp.storage.ManagedFolderIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedfolder are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.storage.ManagedFolderIamPolicy`: Retrieves the IAM policy for the managedfolder\n\n\u003e **Note:** `gcp.storage.ManagedFolderIamPolicy` **cannot** be used in conjunction with `gcp.storage.ManagedFolderIamBinding` and `gcp.storage.ManagedFolderIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.storage.ManagedFolderIamBinding` resources **can be** used in conjunction with `gcp.storage.ManagedFolderIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.storage.ManagedFolderIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.storage.ManagedFolderIamPolicy(\"policy\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.storage.ManagedFolderIamPolicy(\"policy\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.ManagedFolderIamPolicy(\"policy\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewManagedFolderIamPolicy(ctx, \"policy\", \u0026storage.ManagedFolderIamPolicyArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicy;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ManagedFolderIamPolicy(\"policy\", ManagedFolderIamPolicyArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:ManagedFolderIamPolicy\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.storage.ManagedFolderIamPolicy(\"policy\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.storage.ManagedFolderIamPolicy(\"policy\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.ManagedFolderIamPolicy(\"policy\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewManagedFolderIamPolicy(ctx, \"policy\", \u0026storage.ManagedFolderIamPolicyArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicy;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new ManagedFolderIamPolicy(\"policy\", ManagedFolderIamPolicyArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:ManagedFolderIamPolicy\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.ManagedFolderIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.ManagedFolderIamBinding(\"binding\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.ManagedFolderIamBinding(\"binding\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.ManagedFolderIamBinding(\"binding\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamBinding(ctx, \"binding\", \u0026storage.ManagedFolderIamBindingArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamBinding;\nimport com.pulumi.gcp.storage.ManagedFolderIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ManagedFolderIamBinding(\"binding\", ManagedFolderIamBindingArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:ManagedFolderIamBinding\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.ManagedFolderIamBinding(\"binding\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.ManagedFolderIamBinding(\"binding\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.ManagedFolderIamBinding(\"binding\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Storage.Inputs.ManagedFolderIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamBinding(ctx, \"binding\", \u0026storage.ManagedFolderIamBindingArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026storage.ManagedFolderIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamBinding;\nimport com.pulumi.gcp.storage.ManagedFolderIamBindingArgs;\nimport com.pulumi.gcp.storage.inputs.ManagedFolderIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ManagedFolderIamBinding(\"binding\", ManagedFolderIamBindingArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(ManagedFolderIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:ManagedFolderIamBinding\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.ManagedFolderIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.ManagedFolderIamMember(\"member\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.ManagedFolderIamMember(\"member\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.ManagedFolderIamMember(\"member\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamMember(ctx, \"member\", \u0026storage.ManagedFolderIamMemberArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamMember;\nimport com.pulumi.gcp.storage.ManagedFolderIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ManagedFolderIamMember(\"member\", ManagedFolderIamMemberArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:ManagedFolderIamMember\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.ManagedFolderIamMember(\"member\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.ManagedFolderIamMember(\"member\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.ManagedFolderIamMember(\"member\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Storage.Inputs.ManagedFolderIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamMember(ctx, \"member\", \u0026storage.ManagedFolderIamMemberArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026storage.ManagedFolderIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamMember;\nimport com.pulumi.gcp.storage.ManagedFolderIamMemberArgs;\nimport com.pulumi.gcp.storage.inputs.ManagedFolderIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ManagedFolderIamMember(\"member\", ManagedFolderIamMemberArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .condition(ManagedFolderIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:ManagedFolderIamMember\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Cloud Storage ManagedFolder\nThree different resources help you manage your IAM policy for Cloud Storage ManagedFolder. Each of these resources serves a different use case:\n\n* `gcp.storage.ManagedFolderIamPolicy`: Authoritative. Sets the IAM policy for the managedfolder and replaces any existing policy already attached.\n* `gcp.storage.ManagedFolderIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedfolder are preserved.\n* `gcp.storage.ManagedFolderIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedfolder are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.storage.ManagedFolderIamPolicy`: Retrieves the IAM policy for the managedfolder\n\n\u003e **Note:** `gcp.storage.ManagedFolderIamPolicy` **cannot** be used in conjunction with `gcp.storage.ManagedFolderIamBinding` and `gcp.storage.ManagedFolderIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.storage.ManagedFolderIamBinding` resources **can be** used in conjunction with `gcp.storage.ManagedFolderIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.storage.ManagedFolderIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.storage.ManagedFolderIamPolicy(\"policy\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.storage.ManagedFolderIamPolicy(\"policy\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.ManagedFolderIamPolicy(\"policy\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewManagedFolderIamPolicy(ctx, \"policy\", \u0026storage.ManagedFolderIamPolicyArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicy;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ManagedFolderIamPolicy(\"policy\", ManagedFolderIamPolicyArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:ManagedFolderIamPolicy\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.storage.ManagedFolderIamPolicy(\"policy\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.storage.ManagedFolderIamPolicy(\"policy\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.ManagedFolderIamPolicy(\"policy\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewManagedFolderIamPolicy(ctx, \"policy\", \u0026storage.ManagedFolderIamPolicyArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicy;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new ManagedFolderIamPolicy(\"policy\", ManagedFolderIamPolicyArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:ManagedFolderIamPolicy\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.ManagedFolderIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.ManagedFolderIamBinding(\"binding\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.ManagedFolderIamBinding(\"binding\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.ManagedFolderIamBinding(\"binding\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamBinding(ctx, \"binding\", \u0026storage.ManagedFolderIamBindingArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamBinding;\nimport com.pulumi.gcp.storage.ManagedFolderIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ManagedFolderIamBinding(\"binding\", ManagedFolderIamBindingArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:ManagedFolderIamBinding\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.ManagedFolderIamBinding(\"binding\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.ManagedFolderIamBinding(\"binding\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.ManagedFolderIamBinding(\"binding\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Storage.Inputs.ManagedFolderIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamBinding(ctx, \"binding\", \u0026storage.ManagedFolderIamBindingArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026storage.ManagedFolderIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamBinding;\nimport com.pulumi.gcp.storage.ManagedFolderIamBindingArgs;\nimport com.pulumi.gcp.storage.inputs.ManagedFolderIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ManagedFolderIamBinding(\"binding\", ManagedFolderIamBindingArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(ManagedFolderIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:ManagedFolderIamBinding\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.ManagedFolderIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.ManagedFolderIamMember(\"member\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.ManagedFolderIamMember(\"member\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.ManagedFolderIamMember(\"member\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamMember(ctx, \"member\", \u0026storage.ManagedFolderIamMemberArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamMember;\nimport com.pulumi.gcp.storage.ManagedFolderIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ManagedFolderIamMember(\"member\", ManagedFolderIamMemberArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:ManagedFolderIamMember\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.ManagedFolderIamMember(\"member\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.ManagedFolderIamMember(\"member\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.ManagedFolderIamMember(\"member\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Storage.Inputs.ManagedFolderIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamMember(ctx, \"member\", \u0026storage.ManagedFolderIamMemberArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026storage.ManagedFolderIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamMember;\nimport com.pulumi.gcp.storage.ManagedFolderIamMemberArgs;\nimport com.pulumi.gcp.storage.inputs.ManagedFolderIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ManagedFolderIamMember(\"member\", ManagedFolderIamMemberArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .condition(ManagedFolderIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:ManagedFolderIamMember\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* b/{{bucket}}/managedFolders/{{managed_folder}}\n\n* {{bucket}}/{{managed_folder}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Storage managedfolder IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:storage/managedFolderIamBinding:ManagedFolderIamBinding editor \"b/{{bucket}}/managedFolders/{{managed_folder}} roles/storage.objectViewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:storage/managedFolderIamBinding:ManagedFolderIamBinding editor \"b/{{bucket}}/managedFolders/{{managed_folder}} roles/storage.objectViewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:storage/managedFolderIamBinding:ManagedFolderIamBinding editor b/{{bucket}}/managedFolders/{{managed_folder}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "bucket": { "type": "string", @@ -269047,7 +269047,7 @@ } }, "gcp:storage/managedFolderIamMember:ManagedFolderIamMember": { - "description": "Three different resources help you manage your IAM policy for Cloud Storage ManagedFolder. Each of these resources serves a different use case:\n\n* `gcp.storage.ManagedFolderIamPolicy`: Authoritative. Sets the IAM policy for the managedfolder and replaces any existing policy already attached.\n* `gcp.storage.ManagedFolderIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedfolder are preserved.\n* `gcp.storage.ManagedFolderIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedfolder are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.storage.ManagedFolderIamPolicy`: Retrieves the IAM policy for the managedfolder\n\n\u003e **Note:** `gcp.storage.ManagedFolderIamPolicy` **cannot** be used in conjunction with `gcp.storage.ManagedFolderIamBinding` and `gcp.storage.ManagedFolderIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.storage.ManagedFolderIamBinding` resources **can be** used in conjunction with `gcp.storage.ManagedFolderIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.storage.ManagedFolderIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.storage.ManagedFolderIamPolicy(\"policy\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.storage.ManagedFolderIamPolicy(\"policy\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.ManagedFolderIamPolicy(\"policy\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewManagedFolderIamPolicy(ctx, \"policy\", \u0026storage.ManagedFolderIamPolicyArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicy;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ManagedFolderIamPolicy(\"policy\", ManagedFolderIamPolicyArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:ManagedFolderIamPolicy\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.storage.ManagedFolderIamPolicy(\"policy\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.storage.ManagedFolderIamPolicy(\"policy\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.ManagedFolderIamPolicy(\"policy\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewManagedFolderIamPolicy(ctx, \"policy\", \u0026storage.ManagedFolderIamPolicyArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicy;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new ManagedFolderIamPolicy(\"policy\", ManagedFolderIamPolicyArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:ManagedFolderIamPolicy\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.ManagedFolderIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.ManagedFolderIamBinding(\"binding\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.ManagedFolderIamBinding(\"binding\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.ManagedFolderIamBinding(\"binding\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamBinding(ctx, \"binding\", \u0026storage.ManagedFolderIamBindingArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamBinding;\nimport com.pulumi.gcp.storage.ManagedFolderIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ManagedFolderIamBinding(\"binding\", ManagedFolderIamBindingArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:ManagedFolderIamBinding\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.ManagedFolderIamBinding(\"binding\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.ManagedFolderIamBinding(\"binding\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.ManagedFolderIamBinding(\"binding\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Storage.Inputs.ManagedFolderIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamBinding(ctx, \"binding\", \u0026storage.ManagedFolderIamBindingArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026storage.ManagedFolderIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamBinding;\nimport com.pulumi.gcp.storage.ManagedFolderIamBindingArgs;\nimport com.pulumi.gcp.storage.inputs.ManagedFolderIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ManagedFolderIamBinding(\"binding\", ManagedFolderIamBindingArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(ManagedFolderIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:ManagedFolderIamBinding\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.ManagedFolderIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.ManagedFolderIamMember(\"member\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.ManagedFolderIamMember(\"member\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.ManagedFolderIamMember(\"member\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamMember(ctx, \"member\", \u0026storage.ManagedFolderIamMemberArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamMember;\nimport com.pulumi.gcp.storage.ManagedFolderIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ManagedFolderIamMember(\"member\", ManagedFolderIamMemberArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:ManagedFolderIamMember\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.ManagedFolderIamMember(\"member\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.ManagedFolderIamMember(\"member\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.ManagedFolderIamMember(\"member\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Storage.Inputs.ManagedFolderIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamMember(ctx, \"member\", \u0026storage.ManagedFolderIamMemberArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026storage.ManagedFolderIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamMember;\nimport com.pulumi.gcp.storage.ManagedFolderIamMemberArgs;\nimport com.pulumi.gcp.storage.inputs.ManagedFolderIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ManagedFolderIamMember(\"member\", ManagedFolderIamMemberArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .condition(ManagedFolderIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:ManagedFolderIamMember\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Cloud Storage ManagedFolder\nThree different resources help you manage your IAM policy for Cloud Storage ManagedFolder. Each of these resources serves a different use case:\n\n* `gcp.storage.ManagedFolderIamPolicy`: Authoritative. Sets the IAM policy for the managedfolder and replaces any existing policy already attached.\n* `gcp.storage.ManagedFolderIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedfolder are preserved.\n* `gcp.storage.ManagedFolderIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedfolder are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.storage.ManagedFolderIamPolicy`: Retrieves the IAM policy for the managedfolder\n\n\u003e **Note:** `gcp.storage.ManagedFolderIamPolicy` **cannot** be used in conjunction with `gcp.storage.ManagedFolderIamBinding` and `gcp.storage.ManagedFolderIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.storage.ManagedFolderIamBinding` resources **can be** used in conjunction with `gcp.storage.ManagedFolderIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.storage.ManagedFolderIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.storage.ManagedFolderIamPolicy(\"policy\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.storage.ManagedFolderIamPolicy(\"policy\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.ManagedFolderIamPolicy(\"policy\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewManagedFolderIamPolicy(ctx, \"policy\", \u0026storage.ManagedFolderIamPolicyArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicy;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ManagedFolderIamPolicy(\"policy\", ManagedFolderIamPolicyArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:ManagedFolderIamPolicy\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.storage.ManagedFolderIamPolicy(\"policy\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.storage.ManagedFolderIamPolicy(\"policy\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.ManagedFolderIamPolicy(\"policy\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewManagedFolderIamPolicy(ctx, \"policy\", \u0026storage.ManagedFolderIamPolicyArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicy;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new ManagedFolderIamPolicy(\"policy\", ManagedFolderIamPolicyArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:ManagedFolderIamPolicy\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.ManagedFolderIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.ManagedFolderIamBinding(\"binding\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.ManagedFolderIamBinding(\"binding\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.ManagedFolderIamBinding(\"binding\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamBinding(ctx, \"binding\", \u0026storage.ManagedFolderIamBindingArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamBinding;\nimport com.pulumi.gcp.storage.ManagedFolderIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ManagedFolderIamBinding(\"binding\", ManagedFolderIamBindingArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:ManagedFolderIamBinding\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.ManagedFolderIamBinding(\"binding\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.ManagedFolderIamBinding(\"binding\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.ManagedFolderIamBinding(\"binding\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Storage.Inputs.ManagedFolderIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamBinding(ctx, \"binding\", \u0026storage.ManagedFolderIamBindingArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026storage.ManagedFolderIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamBinding;\nimport com.pulumi.gcp.storage.ManagedFolderIamBindingArgs;\nimport com.pulumi.gcp.storage.inputs.ManagedFolderIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ManagedFolderIamBinding(\"binding\", ManagedFolderIamBindingArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(ManagedFolderIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:ManagedFolderIamBinding\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.ManagedFolderIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.ManagedFolderIamMember(\"member\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.ManagedFolderIamMember(\"member\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.ManagedFolderIamMember(\"member\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamMember(ctx, \"member\", \u0026storage.ManagedFolderIamMemberArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamMember;\nimport com.pulumi.gcp.storage.ManagedFolderIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ManagedFolderIamMember(\"member\", ManagedFolderIamMemberArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:ManagedFolderIamMember\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.ManagedFolderIamMember(\"member\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.ManagedFolderIamMember(\"member\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.ManagedFolderIamMember(\"member\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Storage.Inputs.ManagedFolderIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamMember(ctx, \"member\", \u0026storage.ManagedFolderIamMemberArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026storage.ManagedFolderIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamMember;\nimport com.pulumi.gcp.storage.ManagedFolderIamMemberArgs;\nimport com.pulumi.gcp.storage.inputs.ManagedFolderIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ManagedFolderIamMember(\"member\", ManagedFolderIamMemberArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .condition(ManagedFolderIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:ManagedFolderIamMember\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* b/{{bucket}}/managedFolders/{{managed_folder}}\n\n* {{bucket}}/{{managed_folder}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Storage managedfolder IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:storage/managedFolderIamMember:ManagedFolderIamMember editor \"b/{{bucket}}/managedFolders/{{managed_folder}} roles/storage.objectViewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:storage/managedFolderIamMember:ManagedFolderIamMember editor \"b/{{bucket}}/managedFolders/{{managed_folder}} roles/storage.objectViewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:storage/managedFolderIamMember:ManagedFolderIamMember editor b/{{bucket}}/managedFolders/{{managed_folder}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Storage ManagedFolder. Each of these resources serves a different use case:\n\n* `gcp.storage.ManagedFolderIamPolicy`: Authoritative. Sets the IAM policy for the managedfolder and replaces any existing policy already attached.\n* `gcp.storage.ManagedFolderIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedfolder are preserved.\n* `gcp.storage.ManagedFolderIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedfolder are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.storage.ManagedFolderIamPolicy`: Retrieves the IAM policy for the managedfolder\n\n\u003e **Note:** `gcp.storage.ManagedFolderIamPolicy` **cannot** be used in conjunction with `gcp.storage.ManagedFolderIamBinding` and `gcp.storage.ManagedFolderIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.storage.ManagedFolderIamBinding` resources **can be** used in conjunction with `gcp.storage.ManagedFolderIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.storage.ManagedFolderIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.storage.ManagedFolderIamPolicy(\"policy\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.storage.ManagedFolderIamPolicy(\"policy\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.ManagedFolderIamPolicy(\"policy\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewManagedFolderIamPolicy(ctx, \"policy\", \u0026storage.ManagedFolderIamPolicyArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicy;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ManagedFolderIamPolicy(\"policy\", ManagedFolderIamPolicyArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:ManagedFolderIamPolicy\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.storage.ManagedFolderIamPolicy(\"policy\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.storage.ManagedFolderIamPolicy(\"policy\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.ManagedFolderIamPolicy(\"policy\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewManagedFolderIamPolicy(ctx, \"policy\", \u0026storage.ManagedFolderIamPolicyArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicy;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new ManagedFolderIamPolicy(\"policy\", ManagedFolderIamPolicyArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:ManagedFolderIamPolicy\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.ManagedFolderIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.ManagedFolderIamBinding(\"binding\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.ManagedFolderIamBinding(\"binding\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.ManagedFolderIamBinding(\"binding\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamBinding(ctx, \"binding\", \u0026storage.ManagedFolderIamBindingArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamBinding;\nimport com.pulumi.gcp.storage.ManagedFolderIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ManagedFolderIamBinding(\"binding\", ManagedFolderIamBindingArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:ManagedFolderIamBinding\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.ManagedFolderIamBinding(\"binding\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.ManagedFolderIamBinding(\"binding\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.ManagedFolderIamBinding(\"binding\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Storage.Inputs.ManagedFolderIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamBinding(ctx, \"binding\", \u0026storage.ManagedFolderIamBindingArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026storage.ManagedFolderIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamBinding;\nimport com.pulumi.gcp.storage.ManagedFolderIamBindingArgs;\nimport com.pulumi.gcp.storage.inputs.ManagedFolderIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ManagedFolderIamBinding(\"binding\", ManagedFolderIamBindingArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(ManagedFolderIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:ManagedFolderIamBinding\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.ManagedFolderIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.ManagedFolderIamMember(\"member\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.ManagedFolderIamMember(\"member\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.ManagedFolderIamMember(\"member\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamMember(ctx, \"member\", \u0026storage.ManagedFolderIamMemberArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamMember;\nimport com.pulumi.gcp.storage.ManagedFolderIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ManagedFolderIamMember(\"member\", ManagedFolderIamMemberArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:ManagedFolderIamMember\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.ManagedFolderIamMember(\"member\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.ManagedFolderIamMember(\"member\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.ManagedFolderIamMember(\"member\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Storage.Inputs.ManagedFolderIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamMember(ctx, \"member\", \u0026storage.ManagedFolderIamMemberArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026storage.ManagedFolderIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamMember;\nimport com.pulumi.gcp.storage.ManagedFolderIamMemberArgs;\nimport com.pulumi.gcp.storage.inputs.ManagedFolderIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ManagedFolderIamMember(\"member\", ManagedFolderIamMemberArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .condition(ManagedFolderIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:ManagedFolderIamMember\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Cloud Storage ManagedFolder\nThree different resources help you manage your IAM policy for Cloud Storage ManagedFolder. Each of these resources serves a different use case:\n\n* `gcp.storage.ManagedFolderIamPolicy`: Authoritative. Sets the IAM policy for the managedfolder and replaces any existing policy already attached.\n* `gcp.storage.ManagedFolderIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedfolder are preserved.\n* `gcp.storage.ManagedFolderIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedfolder are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.storage.ManagedFolderIamPolicy`: Retrieves the IAM policy for the managedfolder\n\n\u003e **Note:** `gcp.storage.ManagedFolderIamPolicy` **cannot** be used in conjunction with `gcp.storage.ManagedFolderIamBinding` and `gcp.storage.ManagedFolderIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.storage.ManagedFolderIamBinding` resources **can be** used in conjunction with `gcp.storage.ManagedFolderIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.storage.ManagedFolderIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.storage.ManagedFolderIamPolicy(\"policy\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.storage.ManagedFolderIamPolicy(\"policy\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.ManagedFolderIamPolicy(\"policy\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewManagedFolderIamPolicy(ctx, \"policy\", \u0026storage.ManagedFolderIamPolicyArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicy;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ManagedFolderIamPolicy(\"policy\", ManagedFolderIamPolicyArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:ManagedFolderIamPolicy\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.storage.ManagedFolderIamPolicy(\"policy\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.storage.ManagedFolderIamPolicy(\"policy\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.ManagedFolderIamPolicy(\"policy\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewManagedFolderIamPolicy(ctx, \"policy\", \u0026storage.ManagedFolderIamPolicyArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicy;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new ManagedFolderIamPolicy(\"policy\", ManagedFolderIamPolicyArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:ManagedFolderIamPolicy\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.ManagedFolderIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.ManagedFolderIamBinding(\"binding\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.ManagedFolderIamBinding(\"binding\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.ManagedFolderIamBinding(\"binding\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamBinding(ctx, \"binding\", \u0026storage.ManagedFolderIamBindingArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamBinding;\nimport com.pulumi.gcp.storage.ManagedFolderIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ManagedFolderIamBinding(\"binding\", ManagedFolderIamBindingArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:ManagedFolderIamBinding\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.ManagedFolderIamBinding(\"binding\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.ManagedFolderIamBinding(\"binding\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.ManagedFolderIamBinding(\"binding\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Storage.Inputs.ManagedFolderIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamBinding(ctx, \"binding\", \u0026storage.ManagedFolderIamBindingArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026storage.ManagedFolderIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamBinding;\nimport com.pulumi.gcp.storage.ManagedFolderIamBindingArgs;\nimport com.pulumi.gcp.storage.inputs.ManagedFolderIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ManagedFolderIamBinding(\"binding\", ManagedFolderIamBindingArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(ManagedFolderIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:ManagedFolderIamBinding\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.ManagedFolderIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.ManagedFolderIamMember(\"member\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.ManagedFolderIamMember(\"member\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.ManagedFolderIamMember(\"member\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamMember(ctx, \"member\", \u0026storage.ManagedFolderIamMemberArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamMember;\nimport com.pulumi.gcp.storage.ManagedFolderIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ManagedFolderIamMember(\"member\", ManagedFolderIamMemberArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:ManagedFolderIamMember\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.ManagedFolderIamMember(\"member\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.ManagedFolderIamMember(\"member\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.ManagedFolderIamMember(\"member\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Storage.Inputs.ManagedFolderIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamMember(ctx, \"member\", \u0026storage.ManagedFolderIamMemberArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026storage.ManagedFolderIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamMember;\nimport com.pulumi.gcp.storage.ManagedFolderIamMemberArgs;\nimport com.pulumi.gcp.storage.inputs.ManagedFolderIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ManagedFolderIamMember(\"member\", ManagedFolderIamMemberArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .condition(ManagedFolderIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:ManagedFolderIamMember\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* b/{{bucket}}/managedFolders/{{managed_folder}}\n\n* {{bucket}}/{{managed_folder}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Storage managedfolder IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:storage/managedFolderIamMember:ManagedFolderIamMember editor \"b/{{bucket}}/managedFolders/{{managed_folder}} roles/storage.objectViewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:storage/managedFolderIamMember:ManagedFolderIamMember editor \"b/{{bucket}}/managedFolders/{{managed_folder}} roles/storage.objectViewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:storage/managedFolderIamMember:ManagedFolderIamMember editor b/{{bucket}}/managedFolders/{{managed_folder}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "bucket": { "type": "string", @@ -269151,7 +269151,7 @@ } }, "gcp:storage/managedFolderIamPolicy:ManagedFolderIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud Storage ManagedFolder. Each of these resources serves a different use case:\n\n* `gcp.storage.ManagedFolderIamPolicy`: Authoritative. Sets the IAM policy for the managedfolder and replaces any existing policy already attached.\n* `gcp.storage.ManagedFolderIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedfolder are preserved.\n* `gcp.storage.ManagedFolderIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedfolder are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.storage.ManagedFolderIamPolicy`: Retrieves the IAM policy for the managedfolder\n\n\u003e **Note:** `gcp.storage.ManagedFolderIamPolicy` **cannot** be used in conjunction with `gcp.storage.ManagedFolderIamBinding` and `gcp.storage.ManagedFolderIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.storage.ManagedFolderIamBinding` resources **can be** used in conjunction with `gcp.storage.ManagedFolderIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.storage.ManagedFolderIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.storage.ManagedFolderIamPolicy(\"policy\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.storage.ManagedFolderIamPolicy(\"policy\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.ManagedFolderIamPolicy(\"policy\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewManagedFolderIamPolicy(ctx, \"policy\", \u0026storage.ManagedFolderIamPolicyArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicy;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ManagedFolderIamPolicy(\"policy\", ManagedFolderIamPolicyArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:ManagedFolderIamPolicy\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.storage.ManagedFolderIamPolicy(\"policy\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.storage.ManagedFolderIamPolicy(\"policy\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.ManagedFolderIamPolicy(\"policy\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewManagedFolderIamPolicy(ctx, \"policy\", \u0026storage.ManagedFolderIamPolicyArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicy;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new ManagedFolderIamPolicy(\"policy\", ManagedFolderIamPolicyArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:ManagedFolderIamPolicy\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.ManagedFolderIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.ManagedFolderIamBinding(\"binding\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.ManagedFolderIamBinding(\"binding\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.ManagedFolderIamBinding(\"binding\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamBinding(ctx, \"binding\", \u0026storage.ManagedFolderIamBindingArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamBinding;\nimport com.pulumi.gcp.storage.ManagedFolderIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ManagedFolderIamBinding(\"binding\", ManagedFolderIamBindingArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:ManagedFolderIamBinding\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.ManagedFolderIamBinding(\"binding\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.ManagedFolderIamBinding(\"binding\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.ManagedFolderIamBinding(\"binding\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Storage.Inputs.ManagedFolderIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamBinding(ctx, \"binding\", \u0026storage.ManagedFolderIamBindingArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026storage.ManagedFolderIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamBinding;\nimport com.pulumi.gcp.storage.ManagedFolderIamBindingArgs;\nimport com.pulumi.gcp.storage.inputs.ManagedFolderIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ManagedFolderIamBinding(\"binding\", ManagedFolderIamBindingArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(ManagedFolderIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:ManagedFolderIamBinding\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.ManagedFolderIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.ManagedFolderIamMember(\"member\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.ManagedFolderIamMember(\"member\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.ManagedFolderIamMember(\"member\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamMember(ctx, \"member\", \u0026storage.ManagedFolderIamMemberArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamMember;\nimport com.pulumi.gcp.storage.ManagedFolderIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ManagedFolderIamMember(\"member\", ManagedFolderIamMemberArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:ManagedFolderIamMember\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.ManagedFolderIamMember(\"member\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.ManagedFolderIamMember(\"member\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.ManagedFolderIamMember(\"member\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Storage.Inputs.ManagedFolderIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamMember(ctx, \"member\", \u0026storage.ManagedFolderIamMemberArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026storage.ManagedFolderIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamMember;\nimport com.pulumi.gcp.storage.ManagedFolderIamMemberArgs;\nimport com.pulumi.gcp.storage.inputs.ManagedFolderIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ManagedFolderIamMember(\"member\", ManagedFolderIamMemberArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .condition(ManagedFolderIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:ManagedFolderIamMember\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Cloud Storage ManagedFolder\nThree different resources help you manage your IAM policy for Cloud Storage ManagedFolder. Each of these resources serves a different use case:\n\n* `gcp.storage.ManagedFolderIamPolicy`: Authoritative. Sets the IAM policy for the managedfolder and replaces any existing policy already attached.\n* `gcp.storage.ManagedFolderIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedfolder are preserved.\n* `gcp.storage.ManagedFolderIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedfolder are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.storage.ManagedFolderIamPolicy`: Retrieves the IAM policy for the managedfolder\n\n\u003e **Note:** `gcp.storage.ManagedFolderIamPolicy` **cannot** be used in conjunction with `gcp.storage.ManagedFolderIamBinding` and `gcp.storage.ManagedFolderIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.storage.ManagedFolderIamBinding` resources **can be** used in conjunction with `gcp.storage.ManagedFolderIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.storage.ManagedFolderIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.storage.ManagedFolderIamPolicy(\"policy\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.storage.ManagedFolderIamPolicy(\"policy\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.ManagedFolderIamPolicy(\"policy\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewManagedFolderIamPolicy(ctx, \"policy\", \u0026storage.ManagedFolderIamPolicyArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicy;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ManagedFolderIamPolicy(\"policy\", ManagedFolderIamPolicyArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:ManagedFolderIamPolicy\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.storage.ManagedFolderIamPolicy(\"policy\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.storage.ManagedFolderIamPolicy(\"policy\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.ManagedFolderIamPolicy(\"policy\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewManagedFolderIamPolicy(ctx, \"policy\", \u0026storage.ManagedFolderIamPolicyArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicy;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new ManagedFolderIamPolicy(\"policy\", ManagedFolderIamPolicyArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:ManagedFolderIamPolicy\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.ManagedFolderIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.ManagedFolderIamBinding(\"binding\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.ManagedFolderIamBinding(\"binding\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.ManagedFolderIamBinding(\"binding\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamBinding(ctx, \"binding\", \u0026storage.ManagedFolderIamBindingArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamBinding;\nimport com.pulumi.gcp.storage.ManagedFolderIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ManagedFolderIamBinding(\"binding\", ManagedFolderIamBindingArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:ManagedFolderIamBinding\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.ManagedFolderIamBinding(\"binding\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.ManagedFolderIamBinding(\"binding\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.ManagedFolderIamBinding(\"binding\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Storage.Inputs.ManagedFolderIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamBinding(ctx, \"binding\", \u0026storage.ManagedFolderIamBindingArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026storage.ManagedFolderIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamBinding;\nimport com.pulumi.gcp.storage.ManagedFolderIamBindingArgs;\nimport com.pulumi.gcp.storage.inputs.ManagedFolderIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ManagedFolderIamBinding(\"binding\", ManagedFolderIamBindingArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(ManagedFolderIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:ManagedFolderIamBinding\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.ManagedFolderIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.ManagedFolderIamMember(\"member\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.ManagedFolderIamMember(\"member\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.ManagedFolderIamMember(\"member\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamMember(ctx, \"member\", \u0026storage.ManagedFolderIamMemberArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamMember;\nimport com.pulumi.gcp.storage.ManagedFolderIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ManagedFolderIamMember(\"member\", ManagedFolderIamMemberArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:ManagedFolderIamMember\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.ManagedFolderIamMember(\"member\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.ManagedFolderIamMember(\"member\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.ManagedFolderIamMember(\"member\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Storage.Inputs.ManagedFolderIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamMember(ctx, \"member\", \u0026storage.ManagedFolderIamMemberArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026storage.ManagedFolderIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamMember;\nimport com.pulumi.gcp.storage.ManagedFolderIamMemberArgs;\nimport com.pulumi.gcp.storage.inputs.ManagedFolderIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ManagedFolderIamMember(\"member\", ManagedFolderIamMemberArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .condition(ManagedFolderIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:ManagedFolderIamMember\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* b/{{bucket}}/managedFolders/{{managed_folder}}\n\n* {{bucket}}/{{managed_folder}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Storage managedfolder IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:storage/managedFolderIamPolicy:ManagedFolderIamPolicy editor \"b/{{bucket}}/managedFolders/{{managed_folder}} roles/storage.objectViewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:storage/managedFolderIamPolicy:ManagedFolderIamPolicy editor \"b/{{bucket}}/managedFolders/{{managed_folder}} roles/storage.objectViewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:storage/managedFolderIamPolicy:ManagedFolderIamPolicy editor b/{{bucket}}/managedFolders/{{managed_folder}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Storage ManagedFolder. Each of these resources serves a different use case:\n\n* `gcp.storage.ManagedFolderIamPolicy`: Authoritative. Sets the IAM policy for the managedfolder and replaces any existing policy already attached.\n* `gcp.storage.ManagedFolderIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedfolder are preserved.\n* `gcp.storage.ManagedFolderIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedfolder are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.storage.ManagedFolderIamPolicy`: Retrieves the IAM policy for the managedfolder\n\n\u003e **Note:** `gcp.storage.ManagedFolderIamPolicy` **cannot** be used in conjunction with `gcp.storage.ManagedFolderIamBinding` and `gcp.storage.ManagedFolderIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.storage.ManagedFolderIamBinding` resources **can be** used in conjunction with `gcp.storage.ManagedFolderIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.storage.ManagedFolderIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.storage.ManagedFolderIamPolicy(\"policy\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.storage.ManagedFolderIamPolicy(\"policy\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.ManagedFolderIamPolicy(\"policy\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewManagedFolderIamPolicy(ctx, \"policy\", \u0026storage.ManagedFolderIamPolicyArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicy;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ManagedFolderIamPolicy(\"policy\", ManagedFolderIamPolicyArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:ManagedFolderIamPolicy\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.storage.ManagedFolderIamPolicy(\"policy\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.storage.ManagedFolderIamPolicy(\"policy\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.ManagedFolderIamPolicy(\"policy\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewManagedFolderIamPolicy(ctx, \"policy\", \u0026storage.ManagedFolderIamPolicyArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicy;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new ManagedFolderIamPolicy(\"policy\", ManagedFolderIamPolicyArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:ManagedFolderIamPolicy\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.ManagedFolderIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.ManagedFolderIamBinding(\"binding\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.ManagedFolderIamBinding(\"binding\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.ManagedFolderIamBinding(\"binding\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamBinding(ctx, \"binding\", \u0026storage.ManagedFolderIamBindingArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamBinding;\nimport com.pulumi.gcp.storage.ManagedFolderIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ManagedFolderIamBinding(\"binding\", ManagedFolderIamBindingArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:ManagedFolderIamBinding\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.ManagedFolderIamBinding(\"binding\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.ManagedFolderIamBinding(\"binding\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.ManagedFolderIamBinding(\"binding\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Storage.Inputs.ManagedFolderIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamBinding(ctx, \"binding\", \u0026storage.ManagedFolderIamBindingArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026storage.ManagedFolderIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamBinding;\nimport com.pulumi.gcp.storage.ManagedFolderIamBindingArgs;\nimport com.pulumi.gcp.storage.inputs.ManagedFolderIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ManagedFolderIamBinding(\"binding\", ManagedFolderIamBindingArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(ManagedFolderIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:ManagedFolderIamBinding\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.ManagedFolderIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.ManagedFolderIamMember(\"member\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.ManagedFolderIamMember(\"member\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.ManagedFolderIamMember(\"member\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamMember(ctx, \"member\", \u0026storage.ManagedFolderIamMemberArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamMember;\nimport com.pulumi.gcp.storage.ManagedFolderIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ManagedFolderIamMember(\"member\", ManagedFolderIamMemberArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:ManagedFolderIamMember\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.ManagedFolderIamMember(\"member\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.ManagedFolderIamMember(\"member\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.ManagedFolderIamMember(\"member\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Storage.Inputs.ManagedFolderIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamMember(ctx, \"member\", \u0026storage.ManagedFolderIamMemberArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026storage.ManagedFolderIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamMember;\nimport com.pulumi.gcp.storage.ManagedFolderIamMemberArgs;\nimport com.pulumi.gcp.storage.inputs.ManagedFolderIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ManagedFolderIamMember(\"member\", ManagedFolderIamMemberArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .condition(ManagedFolderIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:ManagedFolderIamMember\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Cloud Storage ManagedFolder\nThree different resources help you manage your IAM policy for Cloud Storage ManagedFolder. Each of these resources serves a different use case:\n\n* `gcp.storage.ManagedFolderIamPolicy`: Authoritative. Sets the IAM policy for the managedfolder and replaces any existing policy already attached.\n* `gcp.storage.ManagedFolderIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedfolder are preserved.\n* `gcp.storage.ManagedFolderIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedfolder are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.storage.ManagedFolderIamPolicy`: Retrieves the IAM policy for the managedfolder\n\n\u003e **Note:** `gcp.storage.ManagedFolderIamPolicy` **cannot** be used in conjunction with `gcp.storage.ManagedFolderIamBinding` and `gcp.storage.ManagedFolderIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.storage.ManagedFolderIamBinding` resources **can be** used in conjunction with `gcp.storage.ManagedFolderIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.storage.ManagedFolderIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.storage.ManagedFolderIamPolicy(\"policy\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.storage.ManagedFolderIamPolicy(\"policy\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.ManagedFolderIamPolicy(\"policy\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewManagedFolderIamPolicy(ctx, \"policy\", \u0026storage.ManagedFolderIamPolicyArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicy;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ManagedFolderIamPolicy(\"policy\", ManagedFolderIamPolicyArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:ManagedFolderIamPolicy\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.storage.ManagedFolderIamPolicy(\"policy\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/storage.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.storage.ManagedFolderIamPolicy(\"policy\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.ManagedFolderIamPolicy(\"policy\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewManagedFolderIamPolicy(ctx, \"policy\", \u0026storage.ManagedFolderIamPolicyArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicy;\nimport com.pulumi.gcp.storage.ManagedFolderIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new ManagedFolderIamPolicy(\"policy\", ManagedFolderIamPolicyArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:ManagedFolderIamPolicy\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.ManagedFolderIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.ManagedFolderIamBinding(\"binding\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.ManagedFolderIamBinding(\"binding\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.ManagedFolderIamBinding(\"binding\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamBinding(ctx, \"binding\", \u0026storage.ManagedFolderIamBindingArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamBinding;\nimport com.pulumi.gcp.storage.ManagedFolderIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ManagedFolderIamBinding(\"binding\", ManagedFolderIamBindingArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:ManagedFolderIamBinding\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.ManagedFolderIamBinding(\"binding\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.ManagedFolderIamBinding(\"binding\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.ManagedFolderIamBinding(\"binding\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Storage.Inputs.ManagedFolderIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamBinding(ctx, \"binding\", \u0026storage.ManagedFolderIamBindingArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026storage.ManagedFolderIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamBinding;\nimport com.pulumi.gcp.storage.ManagedFolderIamBindingArgs;\nimport com.pulumi.gcp.storage.inputs.ManagedFolderIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ManagedFolderIamBinding(\"binding\", ManagedFolderIamBindingArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(ManagedFolderIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:ManagedFolderIamBinding\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.storage.ManagedFolderIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.ManagedFolderIamMember(\"member\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.ManagedFolderIamMember(\"member\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.ManagedFolderIamMember(\"member\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamMember(ctx, \"member\", \u0026storage.ManagedFolderIamMemberArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamMember;\nimport com.pulumi.gcp.storage.ManagedFolderIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ManagedFolderIamMember(\"member\", ManagedFolderIamMemberArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:ManagedFolderIamMember\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.ManagedFolderIamMember(\"member\", {\n bucket: folder.bucket,\n managedFolder: folder.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.ManagedFolderIamMember(\"member\",\n bucket=folder[\"bucket\"],\n managed_folder=folder[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.ManagedFolderIamMember(\"member\", new()\n {\n Bucket = folder.Bucket,\n ManagedFolder = folder.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Storage.Inputs.ManagedFolderIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewManagedFolderIamMember(ctx, \"member\", \u0026storage.ManagedFolderIamMemberArgs{\n\t\t\tBucket: pulumi.Any(folder.Bucket),\n\t\t\tManagedFolder: pulumi.Any(folder.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026storage.ManagedFolderIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.ManagedFolderIamMember;\nimport com.pulumi.gcp.storage.ManagedFolderIamMemberArgs;\nimport com.pulumi.gcp.storage.inputs.ManagedFolderIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ManagedFolderIamMember(\"member\", ManagedFolderIamMemberArgs.builder()\n .bucket(folder.bucket())\n .managedFolder(folder.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .condition(ManagedFolderIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:ManagedFolderIamMember\n properties:\n bucket: ${folder.bucket}\n managedFolder: ${folder.name}\n role: roles/storage.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* b/{{bucket}}/managedFolders/{{managed_folder}}\n\n* {{bucket}}/{{managed_folder}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Storage managedfolder IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:storage/managedFolderIamPolicy:ManagedFolderIamPolicy editor \"b/{{bucket}}/managedFolders/{{managed_folder}} roles/storage.objectViewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:storage/managedFolderIamPolicy:ManagedFolderIamPolicy editor \"b/{{bucket}}/managedFolders/{{managed_folder}} roles/storage.objectViewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:storage/managedFolderIamPolicy:ManagedFolderIamPolicy editor b/{{bucket}}/managedFolders/{{managed_folder}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "bucket": { "type": "string", @@ -269223,7 +269223,7 @@ } }, "gcp:storage/notification:Notification": { - "description": "Creates a new notification configuration on a specified bucket, establishing a flow of event notifications from GCS to a Cloud Pub/Sub topic.\n For more information see\n[the official documentation](https://cloud.google.com/storage/docs/pubsub-notifications)\nand\n[API](https://cloud.google.com/storage/docs/json_api/v1/notifications).\n\nIn order to enable notifications, a special Google Cloud Storage service account unique to the project\nmust exist and have the IAM permission \"projects.topics.publish\" for a Cloud Pub/Sub topic in the project.\nThis service account is not created automatically when a project is created.\nTo ensure the service account exists and obtain its email address for use in granting the correct IAM permission, use the\n[`gcp.storage.getProjectServiceAccount`](https://www.terraform.io/docs/providers/google/d/storage_project_service_account.html)\ndatasource's `email_address` value, and see below for an example of enabling notifications by granting the correct IAM permission.\nSee [the notifications documentation](https://cloud.google.com/storage/docs/gsutil/commands/notification) for more details.\n\n\u003e**NOTE**: This resource can affect your storage IAM policy. If you are using this in the same config as your storage IAM policy resources, consider\nmaking this resource dependent on those IAM resources via `depends_on`. This will safeguard against errors due to IAM race conditions.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n// Enable notifications by giving the correct IAM permission to the unique service account.\nconst gcsAccount = gcp.storage.getProjectServiceAccount({});\nconst topic = new gcp.pubsub.Topic(\"topic\", {name: \"default_topic\"});\nconst binding = new gcp.pubsub.TopicIAMBinding(\"binding\", {\n topic: topic.id,\n role: \"roles/pubsub.publisher\",\n members: [gcsAccount.then(gcsAccount =\u003e `serviceAccount:${gcsAccount.emailAddress}`)],\n});\n// End enabling notifications\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: \"default_bucket\",\n location: \"US\",\n});\nconst notification = new gcp.storage.Notification(\"notification\", {\n bucket: bucket.name,\n payloadFormat: \"JSON_API_V1\",\n topic: topic.id,\n eventTypes: [\n \"OBJECT_FINALIZE\",\n \"OBJECT_METADATA_UPDATE\",\n ],\n customAttributes: {\n \"new-attribute\": \"new-attribute-value\",\n },\n}, {\n dependsOn: [binding],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n# Enable notifications by giving the correct IAM permission to the unique service account.\ngcs_account = gcp.storage.get_project_service_account()\ntopic = gcp.pubsub.Topic(\"topic\", name=\"default_topic\")\nbinding = gcp.pubsub.TopicIAMBinding(\"binding\",\n topic=topic.id,\n role=\"roles/pubsub.publisher\",\n members=[f\"serviceAccount:{gcs_account.email_address}\"])\n# End enabling notifications\nbucket = gcp.storage.Bucket(\"bucket\",\n name=\"default_bucket\",\n location=\"US\")\nnotification = gcp.storage.Notification(\"notification\",\n bucket=bucket.name,\n payload_format=\"JSON_API_V1\",\n topic=topic.id,\n event_types=[\n \"OBJECT_FINALIZE\",\n \"OBJECT_METADATA_UPDATE\",\n ],\n custom_attributes={\n \"new-attribute\": \"new-attribute-value\",\n },\n opts = pulumi.ResourceOptions(depends_on=[binding]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Enable notifications by giving the correct IAM permission to the unique service account.\n var gcsAccount = Gcp.Storage.GetProjectServiceAccount.Invoke();\n\n var topic = new Gcp.PubSub.Topic(\"topic\", new()\n {\n Name = \"default_topic\",\n });\n\n var binding = new Gcp.PubSub.TopicIAMBinding(\"binding\", new()\n {\n Topic = topic.Id,\n Role = \"roles/pubsub.publisher\",\n Members = new[]\n {\n $\"serviceAccount:{gcsAccount.Apply(getProjectServiceAccountResult =\u003e getProjectServiceAccountResult.EmailAddress)}\",\n },\n });\n\n // End enabling notifications\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = \"default_bucket\",\n Location = \"US\",\n });\n\n var notification = new Gcp.Storage.Notification(\"notification\", new()\n {\n Bucket = bucket.Name,\n PayloadFormat = \"JSON_API_V1\",\n Topic = topic.Id,\n EventTypes = new[]\n {\n \"OBJECT_FINALIZE\",\n \"OBJECT_METADATA_UPDATE\",\n },\n CustomAttributes = \n {\n { \"new-attribute\", \"new-attribute-value\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n binding,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Enable notifications by giving the correct IAM permission to the unique service account.\n\t\tgcsAccount, err := storage.GetProjectServiceAccount(ctx, \u0026storage.GetProjectServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttopic, err := pubsub.NewTopic(ctx, \"topic\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"default_topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbinding, err := pubsub.NewTopicIAMBinding(ctx, \"binding\", \u0026pubsub.TopicIAMBindingArgs{\n\t\t\tTopic: topic.ID(),\n\t\t\tRole: pulumi.String(\"roles/pubsub.publisher\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:%v\", gcsAccount.EmailAddress),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// End enabling notifications\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"default_bucket\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewNotification(ctx, \"notification\", \u0026storage.NotificationArgs{\n\t\t\tBucket: bucket.Name,\n\t\t\tPayloadFormat: pulumi.String(\"JSON_API_V1\"),\n\t\t\tTopic: topic.ID(),\n\t\t\tEventTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"OBJECT_FINALIZE\"),\n\t\t\t\tpulumi.String(\"OBJECT_METADATA_UPDATE\"),\n\t\t\t},\n\t\t\tCustomAttributes: pulumi.StringMap{\n\t\t\t\t\"new-attribute\": pulumi.String(\"new-attribute-value\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tbinding,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.StorageFunctions;\nimport com.pulumi.gcp.storage.inputs.GetProjectServiceAccountArgs;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMBinding;\nimport com.pulumi.gcp.pubsub.TopicIAMBindingArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.Notification;\nimport com.pulumi.gcp.storage.NotificationArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Enable notifications by giving the correct IAM permission to the unique service account.\n final var gcsAccount = StorageFunctions.getProjectServiceAccount();\n\n var topic = new Topic(\"topic\", TopicArgs.builder()\n .name(\"default_topic\")\n .build());\n\n var binding = new TopicIAMBinding(\"binding\", TopicIAMBindingArgs.builder()\n .topic(topic.id())\n .role(\"roles/pubsub.publisher\")\n .members(String.format(\"serviceAccount:%s\", gcsAccount.applyValue(getProjectServiceAccountResult -\u003e getProjectServiceAccountResult.emailAddress())))\n .build());\n\n // End enabling notifications\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(\"default_bucket\")\n .location(\"US\")\n .build());\n\n var notification = new Notification(\"notification\", NotificationArgs.builder()\n .bucket(bucket.name())\n .payloadFormat(\"JSON_API_V1\")\n .topic(topic.id())\n .eventTypes( \n \"OBJECT_FINALIZE\",\n \"OBJECT_METADATA_UPDATE\")\n .customAttributes(Map.of(\"new-attribute\", \"new-attribute-value\"))\n .build(), CustomResourceOptions.builder()\n .dependsOn(binding)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n notification:\n type: gcp:storage:Notification\n properties:\n bucket: ${bucket.name}\n payloadFormat: JSON_API_V1\n topic: ${topic.id}\n eventTypes:\n - OBJECT_FINALIZE\n - OBJECT_METADATA_UPDATE\n customAttributes:\n new-attribute: new-attribute-value\n options:\n dependson:\n - ${binding}\n binding:\n type: gcp:pubsub:TopicIAMBinding\n properties:\n topic: ${topic.id}\n role: roles/pubsub.publisher\n members:\n - serviceAccount:${gcsAccount.emailAddress}\n # End enabling notifications\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: default_bucket\n location: US\n topic:\n type: gcp:pubsub:Topic\n properties:\n name: default_topic\nvariables:\n # Enable notifications by giving the correct IAM permission to the unique service account.\n gcsAccount:\n fn::invoke:\n Function: gcp:storage:getProjectServiceAccount\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nStorage notifications can be imported using any of these accepted formats:\n\n* `{{bucket_name}}/notificationConfigs/{{id}}`\n\nWhen using the `pulumi import` command, Storage notifications can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:storage/notification:Notification default {{bucket_name}}/notificationConfigs/{{id}}\n```\n\n", + "description": "Creates a new notification configuration on a specified bucket, establishing a flow of event notifications from GCS to a Cloud Pub/Sub topic.\n For more information see\n[the official documentation](https://cloud.google.com/storage/docs/pubsub-notifications)\nand\n[API](https://cloud.google.com/storage/docs/json_api/v1/notifications).\n\nIn order to enable notifications, a special Google Cloud Storage service account unique to the project\nmust exist and have the IAM permission \"projects.topics.publish\" for a Cloud Pub/Sub topic in the project.\nThis service account is not created automatically when a project is created.\nTo ensure the service account exists and obtain its email address for use in granting the correct IAM permission, use the\n[`gcp.storage.getProjectServiceAccount`](https://www.terraform.io/docs/providers/google/d/storage_project_service_account.html)\ndatasource's `email_address` value, and see below for an example of enabling notifications by granting the correct IAM permission.\nSee [the notifications documentation](https://cloud.google.com/storage/docs/gsutil/commands/notification) for more details.\n\n\u003e**NOTE**: This resource can affect your storage IAM policy. If you are using this in the same config as your storage IAM policy resources, consider\nmaking this resource dependent on those IAM resources via `depends_on`. This will safeguard against errors due to IAM race conditions.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n// Enable notifications by giving the correct IAM permission to the unique service account.\nconst gcsAccount = gcp.storage.getProjectServiceAccount({});\nconst topic = new gcp.pubsub.Topic(\"topic\", {name: \"default_topic\"});\nconst binding = new gcp.pubsub.TopicIAMBinding(\"binding\", {\n topic: topic.id,\n role: \"roles/pubsub.publisher\",\n members: [gcsAccount.then(gcsAccount =\u003e `serviceAccount:${gcsAccount.emailAddress}`)],\n});\n// End enabling notifications\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: \"default_bucket\",\n location: \"US\",\n});\nconst notification = new gcp.storage.Notification(\"notification\", {\n bucket: bucket.name,\n payloadFormat: \"JSON_API_V1\",\n topic: topic.id,\n eventTypes: [\n \"OBJECT_FINALIZE\",\n \"OBJECT_METADATA_UPDATE\",\n ],\n customAttributes: {\n \"new-attribute\": \"new-attribute-value\",\n },\n}, {\n dependsOn: [binding],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n# Enable notifications by giving the correct IAM permission to the unique service account.\ngcs_account = gcp.storage.get_project_service_account()\ntopic = gcp.pubsub.Topic(\"topic\", name=\"default_topic\")\nbinding = gcp.pubsub.TopicIAMBinding(\"binding\",\n topic=topic.id,\n role=\"roles/pubsub.publisher\",\n members=[f\"serviceAccount:{gcs_account.email_address}\"])\n# End enabling notifications\nbucket = gcp.storage.Bucket(\"bucket\",\n name=\"default_bucket\",\n location=\"US\")\nnotification = gcp.storage.Notification(\"notification\",\n bucket=bucket.name,\n payload_format=\"JSON_API_V1\",\n topic=topic.id,\n event_types=[\n \"OBJECT_FINALIZE\",\n \"OBJECT_METADATA_UPDATE\",\n ],\n custom_attributes={\n \"new-attribute\": \"new-attribute-value\",\n },\n opts = pulumi.ResourceOptions(depends_on=[binding]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Enable notifications by giving the correct IAM permission to the unique service account.\n var gcsAccount = Gcp.Storage.GetProjectServiceAccount.Invoke();\n\n var topic = new Gcp.PubSub.Topic(\"topic\", new()\n {\n Name = \"default_topic\",\n });\n\n var binding = new Gcp.PubSub.TopicIAMBinding(\"binding\", new()\n {\n Topic = topic.Id,\n Role = \"roles/pubsub.publisher\",\n Members = new[]\n {\n $\"serviceAccount:{gcsAccount.Apply(getProjectServiceAccountResult =\u003e getProjectServiceAccountResult.EmailAddress)}\",\n },\n });\n\n // End enabling notifications\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = \"default_bucket\",\n Location = \"US\",\n });\n\n var notification = new Gcp.Storage.Notification(\"notification\", new()\n {\n Bucket = bucket.Name,\n PayloadFormat = \"JSON_API_V1\",\n Topic = topic.Id,\n EventTypes = new[]\n {\n \"OBJECT_FINALIZE\",\n \"OBJECT_METADATA_UPDATE\",\n },\n CustomAttributes = \n {\n { \"new-attribute\", \"new-attribute-value\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n binding,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Enable notifications by giving the correct IAM permission to the unique service account.\n\t\tgcsAccount, err := storage.GetProjectServiceAccount(ctx, \u0026storage.GetProjectServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttopic, err := pubsub.NewTopic(ctx, \"topic\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"default_topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbinding, err := pubsub.NewTopicIAMBinding(ctx, \"binding\", \u0026pubsub.TopicIAMBindingArgs{\n\t\t\tTopic: topic.ID(),\n\t\t\tRole: pulumi.String(\"roles/pubsub.publisher\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:%v\", gcsAccount.EmailAddress),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// End enabling notifications\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"default_bucket\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewNotification(ctx, \"notification\", \u0026storage.NotificationArgs{\n\t\t\tBucket: bucket.Name,\n\t\t\tPayloadFormat: pulumi.String(\"JSON_API_V1\"),\n\t\t\tTopic: topic.ID(),\n\t\t\tEventTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"OBJECT_FINALIZE\"),\n\t\t\t\tpulumi.String(\"OBJECT_METADATA_UPDATE\"),\n\t\t\t},\n\t\t\tCustomAttributes: pulumi.StringMap{\n\t\t\t\t\"new-attribute\": pulumi.String(\"new-attribute-value\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tbinding,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.StorageFunctions;\nimport com.pulumi.gcp.storage.inputs.GetProjectServiceAccountArgs;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMBinding;\nimport com.pulumi.gcp.pubsub.TopicIAMBindingArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.Notification;\nimport com.pulumi.gcp.storage.NotificationArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Enable notifications by giving the correct IAM permission to the unique service account.\n final var gcsAccount = StorageFunctions.getProjectServiceAccount();\n\n var topic = new Topic(\"topic\", TopicArgs.builder()\n .name(\"default_topic\")\n .build());\n\n var binding = new TopicIAMBinding(\"binding\", TopicIAMBindingArgs.builder()\n .topic(topic.id())\n .role(\"roles/pubsub.publisher\")\n .members(String.format(\"serviceAccount:%s\", gcsAccount.applyValue(getProjectServiceAccountResult -\u003e getProjectServiceAccountResult.emailAddress())))\n .build());\n\n // End enabling notifications\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(\"default_bucket\")\n .location(\"US\")\n .build());\n\n var notification = new Notification(\"notification\", NotificationArgs.builder()\n .bucket(bucket.name())\n .payloadFormat(\"JSON_API_V1\")\n .topic(topic.id())\n .eventTypes( \n \"OBJECT_FINALIZE\",\n \"OBJECT_METADATA_UPDATE\")\n .customAttributes(Map.of(\"new-attribute\", \"new-attribute-value\"))\n .build(), CustomResourceOptions.builder()\n .dependsOn(binding)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n notification:\n type: gcp:storage:Notification\n properties:\n bucket: ${bucket.name}\n payloadFormat: JSON_API_V1\n topic: ${topic.id}\n eventTypes:\n - OBJECT_FINALIZE\n - OBJECT_METADATA_UPDATE\n customAttributes:\n new-attribute: new-attribute-value\n options:\n dependsOn:\n - ${binding}\n binding:\n type: gcp:pubsub:TopicIAMBinding\n properties:\n topic: ${topic.id}\n role: roles/pubsub.publisher\n members:\n - serviceAccount:${gcsAccount.emailAddress}\n # End enabling notifications\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: default_bucket\n location: US\n topic:\n type: gcp:pubsub:Topic\n properties:\n name: default_topic\nvariables:\n # Enable notifications by giving the correct IAM permission to the unique service account.\n gcsAccount:\n fn::invoke:\n function: gcp:storage:getProjectServiceAccount\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nStorage notifications can be imported using any of these accepted formats:\n\n* `{{bucket_name}}/notificationConfigs/{{id}}`\n\nWhen using the `pulumi import` command, Storage notifications can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:storage/notification:Notification default {{bucket_name}}/notificationConfigs/{{id}}\n```\n\n", "properties": { "bucket": { "type": "string", @@ -269573,7 +269573,7 @@ } }, "gcp:storage/transferAgentPool:TransferAgentPool": { - "description": "Represents an On-Premises Agent pool.\n\n\nTo get more information about AgentPool, see:\n\n* [API documentation](https://cloud.google.com/storage-transfer/docs/reference/rest/v1/projects.agentPools)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/storage-transfer/docs/on-prem-agent-pools)\n\n## Example Usage\n\n### Agent Pool Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.storage.getTransferProjectServiceAccount({\n project: \"my-project-name\",\n});\nconst pubsubEditorRole = new gcp.projects.IAMMember(\"pubsub_editor_role\", {\n project: \"my-project-name\",\n role: \"roles/pubsub.editor\",\n member: _default.then(_default =\u003e `serviceAccount:${_default.email}`),\n});\nconst example = new gcp.storage.TransferAgentPool(\"example\", {\n name: \"agent-pool-example\",\n displayName: \"Source A to destination Z\",\n bandwidthLimit: {\n limitMbps: \"120\",\n },\n}, {\n dependsOn: [pubsubEditorRole],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.storage.get_transfer_project_service_account(project=\"my-project-name\")\npubsub_editor_role = gcp.projects.IAMMember(\"pubsub_editor_role\",\n project=\"my-project-name\",\n role=\"roles/pubsub.editor\",\n member=f\"serviceAccount:{default.email}\")\nexample = gcp.storage.TransferAgentPool(\"example\",\n name=\"agent-pool-example\",\n display_name=\"Source A to destination Z\",\n bandwidth_limit={\n \"limit_mbps\": \"120\",\n },\n opts = pulumi.ResourceOptions(depends_on=[pubsub_editor_role]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Storage.GetTransferProjectServiceAccount.Invoke(new()\n {\n Project = \"my-project-name\",\n });\n\n var pubsubEditorRole = new Gcp.Projects.IAMMember(\"pubsub_editor_role\", new()\n {\n Project = \"my-project-name\",\n Role = \"roles/pubsub.editor\",\n Member = @default.Apply(@default =\u003e $\"serviceAccount:{@default.Apply(getTransferProjectServiceAccountResult =\u003e getTransferProjectServiceAccountResult.Email)}\"),\n });\n\n var example = new Gcp.Storage.TransferAgentPool(\"example\", new()\n {\n Name = \"agent-pool-example\",\n DisplayName = \"Source A to destination Z\",\n BandwidthLimit = new Gcp.Storage.Inputs.TransferAgentPoolBandwidthLimitArgs\n {\n LimitMbps = \"120\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n pubsubEditorRole,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := storage.GetTransferProjectServiceAccount(ctx, \u0026storage.GetTransferProjectServiceAccountArgs{\n\t\t\tProject: pulumi.StringRef(\"my-project-name\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpubsubEditorRole, err := projects.NewIAMMember(ctx, \"pubsub_editor_role\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tRole: pulumi.String(\"roles/pubsub.editor\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v\", _default.Email),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewTransferAgentPool(ctx, \"example\", \u0026storage.TransferAgentPoolArgs{\n\t\t\tName: pulumi.String(\"agent-pool-example\"),\n\t\t\tDisplayName: pulumi.String(\"Source A to destination Z\"),\n\t\t\tBandwidthLimit: \u0026storage.TransferAgentPoolBandwidthLimitArgs{\n\t\t\t\tLimitMbps: pulumi.String(\"120\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tpubsubEditorRole,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.StorageFunctions;\nimport com.pulumi.gcp.storage.inputs.GetTransferProjectServiceAccountArgs;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.storage.TransferAgentPool;\nimport com.pulumi.gcp.storage.TransferAgentPoolArgs;\nimport com.pulumi.gcp.storage.inputs.TransferAgentPoolBandwidthLimitArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = StorageFunctions.getTransferProjectServiceAccount(GetTransferProjectServiceAccountArgs.builder()\n .project(\"my-project-name\")\n .build());\n\n var pubsubEditorRole = new IAMMember(\"pubsubEditorRole\", IAMMemberArgs.builder()\n .project(\"my-project-name\")\n .role(\"roles/pubsub.editor\")\n .member(String.format(\"serviceAccount:%s\", default_.email()))\n .build());\n\n var example = new TransferAgentPool(\"example\", TransferAgentPoolArgs.builder()\n .name(\"agent-pool-example\")\n .displayName(\"Source A to destination Z\")\n .bandwidthLimit(TransferAgentPoolBandwidthLimitArgs.builder()\n .limitMbps(\"120\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(pubsubEditorRole)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pubsubEditorRole:\n type: gcp:projects:IAMMember\n name: pubsub_editor_role\n properties:\n project: my-project-name\n role: roles/pubsub.editor\n member: serviceAccount:${default.email}\n example:\n type: gcp:storage:TransferAgentPool\n properties:\n name: agent-pool-example\n displayName: Source A to destination Z\n bandwidthLimit:\n limitMbps: '120'\n options:\n dependson:\n - ${pubsubEditorRole}\nvariables:\n default:\n fn::invoke:\n Function: gcp:storage:getTransferProjectServiceAccount\n Arguments:\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAgentPool can be imported using any of these accepted formats:\n\n* `projects/{{project}}/agentPools/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, AgentPool can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:storage/transferAgentPool:TransferAgentPool default projects/{{project}}/agentPools/{{name}}\n```\n\n```sh\n$ pulumi import gcp:storage/transferAgentPool:TransferAgentPool default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:storage/transferAgentPool:TransferAgentPool default {{name}}\n```\n\n", + "description": "Represents an On-Premises Agent pool.\n\n\nTo get more information about AgentPool, see:\n\n* [API documentation](https://cloud.google.com/storage-transfer/docs/reference/rest/v1/projects.agentPools)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/storage-transfer/docs/on-prem-agent-pools)\n\n## Example Usage\n\n### Agent Pool Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.storage.getTransferProjectServiceAccount({\n project: \"my-project-name\",\n});\nconst pubsubEditorRole = new gcp.projects.IAMMember(\"pubsub_editor_role\", {\n project: \"my-project-name\",\n role: \"roles/pubsub.editor\",\n member: _default.then(_default =\u003e `serviceAccount:${_default.email}`),\n});\nconst example = new gcp.storage.TransferAgentPool(\"example\", {\n name: \"agent-pool-example\",\n displayName: \"Source A to destination Z\",\n bandwidthLimit: {\n limitMbps: \"120\",\n },\n}, {\n dependsOn: [pubsubEditorRole],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.storage.get_transfer_project_service_account(project=\"my-project-name\")\npubsub_editor_role = gcp.projects.IAMMember(\"pubsub_editor_role\",\n project=\"my-project-name\",\n role=\"roles/pubsub.editor\",\n member=f\"serviceAccount:{default.email}\")\nexample = gcp.storage.TransferAgentPool(\"example\",\n name=\"agent-pool-example\",\n display_name=\"Source A to destination Z\",\n bandwidth_limit={\n \"limit_mbps\": \"120\",\n },\n opts = pulumi.ResourceOptions(depends_on=[pubsub_editor_role]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Storage.GetTransferProjectServiceAccount.Invoke(new()\n {\n Project = \"my-project-name\",\n });\n\n var pubsubEditorRole = new Gcp.Projects.IAMMember(\"pubsub_editor_role\", new()\n {\n Project = \"my-project-name\",\n Role = \"roles/pubsub.editor\",\n Member = @default.Apply(@default =\u003e $\"serviceAccount:{@default.Apply(getTransferProjectServiceAccountResult =\u003e getTransferProjectServiceAccountResult.Email)}\"),\n });\n\n var example = new Gcp.Storage.TransferAgentPool(\"example\", new()\n {\n Name = \"agent-pool-example\",\n DisplayName = \"Source A to destination Z\",\n BandwidthLimit = new Gcp.Storage.Inputs.TransferAgentPoolBandwidthLimitArgs\n {\n LimitMbps = \"120\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n pubsubEditorRole,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := storage.GetTransferProjectServiceAccount(ctx, \u0026storage.GetTransferProjectServiceAccountArgs{\n\t\t\tProject: pulumi.StringRef(\"my-project-name\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpubsubEditorRole, err := projects.NewIAMMember(ctx, \"pubsub_editor_role\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tRole: pulumi.String(\"roles/pubsub.editor\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v\", _default.Email),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewTransferAgentPool(ctx, \"example\", \u0026storage.TransferAgentPoolArgs{\n\t\t\tName: pulumi.String(\"agent-pool-example\"),\n\t\t\tDisplayName: pulumi.String(\"Source A to destination Z\"),\n\t\t\tBandwidthLimit: \u0026storage.TransferAgentPoolBandwidthLimitArgs{\n\t\t\t\tLimitMbps: pulumi.String(\"120\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tpubsubEditorRole,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.StorageFunctions;\nimport com.pulumi.gcp.storage.inputs.GetTransferProjectServiceAccountArgs;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.storage.TransferAgentPool;\nimport com.pulumi.gcp.storage.TransferAgentPoolArgs;\nimport com.pulumi.gcp.storage.inputs.TransferAgentPoolBandwidthLimitArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = StorageFunctions.getTransferProjectServiceAccount(GetTransferProjectServiceAccountArgs.builder()\n .project(\"my-project-name\")\n .build());\n\n var pubsubEditorRole = new IAMMember(\"pubsubEditorRole\", IAMMemberArgs.builder()\n .project(\"my-project-name\")\n .role(\"roles/pubsub.editor\")\n .member(String.format(\"serviceAccount:%s\", default_.email()))\n .build());\n\n var example = new TransferAgentPool(\"example\", TransferAgentPoolArgs.builder()\n .name(\"agent-pool-example\")\n .displayName(\"Source A to destination Z\")\n .bandwidthLimit(TransferAgentPoolBandwidthLimitArgs.builder()\n .limitMbps(\"120\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(pubsubEditorRole)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pubsubEditorRole:\n type: gcp:projects:IAMMember\n name: pubsub_editor_role\n properties:\n project: my-project-name\n role: roles/pubsub.editor\n member: serviceAccount:${default.email}\n example:\n type: gcp:storage:TransferAgentPool\n properties:\n name: agent-pool-example\n displayName: Source A to destination Z\n bandwidthLimit:\n limitMbps: '120'\n options:\n dependsOn:\n - ${pubsubEditorRole}\nvariables:\n default:\n fn::invoke:\n function: gcp:storage:getTransferProjectServiceAccount\n arguments:\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAgentPool can be imported using any of these accepted formats:\n\n* `projects/{{project}}/agentPools/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, AgentPool can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:storage/transferAgentPool:TransferAgentPool default projects/{{project}}/agentPools/{{name}}\n```\n\n```sh\n$ pulumi import gcp:storage/transferAgentPool:TransferAgentPool default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:storage/transferAgentPool:TransferAgentPool default {{name}}\n```\n\n", "properties": { "bandwidthLimit": { "$ref": "#/types/gcp:storage/TransferAgentPoolBandwidthLimit:TransferAgentPoolBandwidthLimit", @@ -269651,7 +269651,7 @@ } }, "gcp:storage/transferJob:TransferJob": { - "description": "Creates a new Transfer Job in Google Cloud Storage Transfer.\n\nTo get more information about Google Cloud Storage Transfer, see:\n\n* [Overview](https://cloud.google.com/storage-transfer/docs/overview)\n* [API documentation](https://cloud.google.com/storage-transfer/docs/reference/rest/v1/transferJobs)\n* How-to Guides\n * [Configuring Access to Data Sources and Sinks](https://cloud.google.com/storage-transfer/docs/configure-access)\n\n## Example Usage\n\nExample creating a nightly Transfer Job from an AWS S3 Bucket to a GCS bucket.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.storage.getTransferProjectServiceAccount({\n project: project,\n});\nconst s3_backup_bucket = new gcp.storage.Bucket(\"s3-backup-bucket\", {\n name: `${awsS3Bucket}-backup`,\n storageClass: \"NEARLINE\",\n project: project,\n location: \"US\",\n});\nconst s3_backup_bucketBucketIAMMember = new gcp.storage.BucketIAMMember(\"s3-backup-bucket\", {\n bucket: s3_backup_bucket.name,\n role: \"roles/storage.admin\",\n member: _default.then(_default =\u003e `serviceAccount:${_default.email}`),\n}, {\n dependsOn: [s3_backup_bucket],\n});\nconst topic = new gcp.pubsub.Topic(\"topic\", {name: pubsubTopicName});\nconst notificationConfig = new gcp.pubsub.TopicIAMMember(\"notification_config\", {\n topic: topic.id,\n role: \"roles/pubsub.publisher\",\n member: _default.then(_default =\u003e `serviceAccount:${_default.email}`),\n});\nconst s3_bucket_nightly_backup = new gcp.storage.TransferJob(\"s3-bucket-nightly-backup\", {\n description: \"Nightly backup of S3 bucket\",\n project: project,\n transferSpec: {\n objectConditions: {\n maxTimeElapsedSinceLastModification: \"600s\",\n excludePrefixes: [\"requests.gz\"],\n },\n transferOptions: {\n deleteObjectsUniqueInSink: false,\n },\n awsS3DataSource: {\n bucketName: awsS3Bucket,\n awsAccessKey: {\n accessKeyId: awsAccessKey,\n secretAccessKey: awsSecretKey,\n },\n },\n gcsDataSink: {\n bucketName: s3_backup_bucket.name,\n path: \"foo/bar/\",\n },\n },\n schedule: {\n scheduleStartDate: {\n year: 2018,\n month: 10,\n day: 1,\n },\n scheduleEndDate: {\n year: 2019,\n month: 1,\n day: 15,\n },\n startTimeOfDay: {\n hours: 23,\n minutes: 30,\n seconds: 0,\n nanos: 0,\n },\n repeatInterval: \"604800s\",\n },\n notificationConfig: {\n pubsubTopic: topic.id,\n eventTypes: [\n \"TRANSFER_OPERATION_SUCCESS\",\n \"TRANSFER_OPERATION_FAILED\",\n ],\n payloadFormat: \"JSON\",\n },\n}, {\n dependsOn: [\n s3_backup_bucketBucketIAMMember,\n notificationConfig,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.storage.get_transfer_project_service_account(project=project)\ns3_backup_bucket = gcp.storage.Bucket(\"s3-backup-bucket\",\n name=f\"{aws_s3_bucket}-backup\",\n storage_class=\"NEARLINE\",\n project=project,\n location=\"US\")\ns3_backup_bucket_bucket_iam_member = gcp.storage.BucketIAMMember(\"s3-backup-bucket\",\n bucket=s3_backup_bucket.name,\n role=\"roles/storage.admin\",\n member=f\"serviceAccount:{default.email}\",\n opts = pulumi.ResourceOptions(depends_on=[s3_backup_bucket]))\ntopic = gcp.pubsub.Topic(\"topic\", name=pubsub_topic_name)\nnotification_config = gcp.pubsub.TopicIAMMember(\"notification_config\",\n topic=topic.id,\n role=\"roles/pubsub.publisher\",\n member=f\"serviceAccount:{default.email}\")\ns3_bucket_nightly_backup = gcp.storage.TransferJob(\"s3-bucket-nightly-backup\",\n description=\"Nightly backup of S3 bucket\",\n project=project,\n transfer_spec={\n \"object_conditions\": {\n \"max_time_elapsed_since_last_modification\": \"600s\",\n \"exclude_prefixes\": [\"requests.gz\"],\n },\n \"transfer_options\": {\n \"delete_objects_unique_in_sink\": False,\n },\n \"aws_s3_data_source\": {\n \"bucket_name\": aws_s3_bucket,\n \"aws_access_key\": {\n \"access_key_id\": aws_access_key,\n \"secret_access_key\": aws_secret_key,\n },\n },\n \"gcs_data_sink\": {\n \"bucket_name\": s3_backup_bucket.name,\n \"path\": \"foo/bar/\",\n },\n },\n schedule={\n \"schedule_start_date\": {\n \"year\": 2018,\n \"month\": 10,\n \"day\": 1,\n },\n \"schedule_end_date\": {\n \"year\": 2019,\n \"month\": 1,\n \"day\": 15,\n },\n \"start_time_of_day\": {\n \"hours\": 23,\n \"minutes\": 30,\n \"seconds\": 0,\n \"nanos\": 0,\n },\n \"repeat_interval\": \"604800s\",\n },\n notification_config={\n \"pubsub_topic\": topic.id,\n \"event_types\": [\n \"TRANSFER_OPERATION_SUCCESS\",\n \"TRANSFER_OPERATION_FAILED\",\n ],\n \"payload_format\": \"JSON\",\n },\n opts = pulumi.ResourceOptions(depends_on=[\n s3_backup_bucket_bucket_iam_member,\n notification_config,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Storage.GetTransferProjectServiceAccount.Invoke(new()\n {\n Project = project,\n });\n\n var s3_backup_bucket = new Gcp.Storage.Bucket(\"s3-backup-bucket\", new()\n {\n Name = $\"{awsS3Bucket}-backup\",\n StorageClass = \"NEARLINE\",\n Project = project,\n Location = \"US\",\n });\n\n var s3_backup_bucketBucketIAMMember = new Gcp.Storage.BucketIAMMember(\"s3-backup-bucket\", new()\n {\n Bucket = s3_backup_bucket.Name,\n Role = \"roles/storage.admin\",\n Member = @default.Apply(@default =\u003e $\"serviceAccount:{@default.Apply(getTransferProjectServiceAccountResult =\u003e getTransferProjectServiceAccountResult.Email)}\"),\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n s3_backup_bucket,\n },\n });\n\n var topic = new Gcp.PubSub.Topic(\"topic\", new()\n {\n Name = pubsubTopicName,\n });\n\n var notificationConfig = new Gcp.PubSub.TopicIAMMember(\"notification_config\", new()\n {\n Topic = topic.Id,\n Role = \"roles/pubsub.publisher\",\n Member = @default.Apply(@default =\u003e $\"serviceAccount:{@default.Apply(getTransferProjectServiceAccountResult =\u003e getTransferProjectServiceAccountResult.Email)}\"),\n });\n\n var s3_bucket_nightly_backup = new Gcp.Storage.TransferJob(\"s3-bucket-nightly-backup\", new()\n {\n Description = \"Nightly backup of S3 bucket\",\n Project = project,\n TransferSpec = new Gcp.Storage.Inputs.TransferJobTransferSpecArgs\n {\n ObjectConditions = new Gcp.Storage.Inputs.TransferJobTransferSpecObjectConditionsArgs\n {\n MaxTimeElapsedSinceLastModification = \"600s\",\n ExcludePrefixes = new[]\n {\n \"requests.gz\",\n },\n },\n TransferOptions = new Gcp.Storage.Inputs.TransferJobTransferSpecTransferOptionsArgs\n {\n DeleteObjectsUniqueInSink = false,\n },\n AwsS3DataSource = new Gcp.Storage.Inputs.TransferJobTransferSpecAwsS3DataSourceArgs\n {\n BucketName = awsS3Bucket,\n AwsAccessKey = new Gcp.Storage.Inputs.TransferJobTransferSpecAwsS3DataSourceAwsAccessKeyArgs\n {\n AccessKeyId = awsAccessKey,\n SecretAccessKey = awsSecretKey,\n },\n },\n GcsDataSink = new Gcp.Storage.Inputs.TransferJobTransferSpecGcsDataSinkArgs\n {\n BucketName = s3_backup_bucket.Name,\n Path = \"foo/bar/\",\n },\n },\n Schedule = new Gcp.Storage.Inputs.TransferJobScheduleArgs\n {\n ScheduleStartDate = new Gcp.Storage.Inputs.TransferJobScheduleScheduleStartDateArgs\n {\n Year = 2018,\n Month = 10,\n Day = 1,\n },\n ScheduleEndDate = new Gcp.Storage.Inputs.TransferJobScheduleScheduleEndDateArgs\n {\n Year = 2019,\n Month = 1,\n Day = 15,\n },\n StartTimeOfDay = new Gcp.Storage.Inputs.TransferJobScheduleStartTimeOfDayArgs\n {\n Hours = 23,\n Minutes = 30,\n Seconds = 0,\n Nanos = 0,\n },\n RepeatInterval = \"604800s\",\n },\n NotificationConfig = new Gcp.Storage.Inputs.TransferJobNotificationConfigArgs\n {\n PubsubTopic = topic.Id,\n EventTypes = new[]\n {\n \"TRANSFER_OPERATION_SUCCESS\",\n \"TRANSFER_OPERATION_FAILED\",\n },\n PayloadFormat = \"JSON\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n s3_backup_bucketBucketIAMMember,\n notificationConfig,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := storage.GetTransferProjectServiceAccount(ctx, \u0026storage.GetTransferProjectServiceAccountArgs{\n\t\t\tProject: pulumi.StringRef(project),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucket(ctx, \"s3-backup-bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.Sprintf(\"%v-backup\", awsS3Bucket),\n\t\t\tStorageClass: pulumi.String(\"NEARLINE\"),\n\t\t\tProject: pulumi.Any(project),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMMember(ctx, \"s3-backup-bucket\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: s3_backup_bucket.Name,\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v\", _default.Email),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\ts3_backup_bucket,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttopic, err := pubsub.NewTopic(ctx, \"topic\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.Any(pubsubTopicName),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnotificationConfig, err := pubsub.NewTopicIAMMember(ctx, \"notification_config\", \u0026pubsub.TopicIAMMemberArgs{\n\t\t\tTopic: topic.ID(),\n\t\t\tRole: pulumi.String(\"roles/pubsub.publisher\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v\", _default.Email),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewTransferJob(ctx, \"s3-bucket-nightly-backup\", \u0026storage.TransferJobArgs{\n\t\t\tDescription: pulumi.String(\"Nightly backup of S3 bucket\"),\n\t\t\tProject: pulumi.Any(project),\n\t\t\tTransferSpec: \u0026storage.TransferJobTransferSpecArgs{\n\t\t\t\tObjectConditions: \u0026storage.TransferJobTransferSpecObjectConditionsArgs{\n\t\t\t\t\tMaxTimeElapsedSinceLastModification: pulumi.String(\"600s\"),\n\t\t\t\t\tExcludePrefixes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"requests.gz\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tTransferOptions: \u0026storage.TransferJobTransferSpecTransferOptionsArgs{\n\t\t\t\t\tDeleteObjectsUniqueInSink: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t\tAwsS3DataSource: \u0026storage.TransferJobTransferSpecAwsS3DataSourceArgs{\n\t\t\t\t\tBucketName: pulumi.Any(awsS3Bucket),\n\t\t\t\t\tAwsAccessKey: \u0026storage.TransferJobTransferSpecAwsS3DataSourceAwsAccessKeyArgs{\n\t\t\t\t\t\tAccessKeyId: pulumi.Any(awsAccessKey),\n\t\t\t\t\t\tSecretAccessKey: pulumi.Any(awsSecretKey),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tGcsDataSink: \u0026storage.TransferJobTransferSpecGcsDataSinkArgs{\n\t\t\t\t\tBucketName: s3_backup_bucket.Name,\n\t\t\t\t\tPath: pulumi.String(\"foo/bar/\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tSchedule: \u0026storage.TransferJobScheduleArgs{\n\t\t\t\tScheduleStartDate: \u0026storage.TransferJobScheduleScheduleStartDateArgs{\n\t\t\t\t\tYear: pulumi.Int(2018),\n\t\t\t\t\tMonth: pulumi.Int(10),\n\t\t\t\t\tDay: pulumi.Int(1),\n\t\t\t\t},\n\t\t\t\tScheduleEndDate: \u0026storage.TransferJobScheduleScheduleEndDateArgs{\n\t\t\t\t\tYear: pulumi.Int(2019),\n\t\t\t\t\tMonth: pulumi.Int(1),\n\t\t\t\t\tDay: pulumi.Int(15),\n\t\t\t\t},\n\t\t\t\tStartTimeOfDay: \u0026storage.TransferJobScheduleStartTimeOfDayArgs{\n\t\t\t\t\tHours: pulumi.Int(23),\n\t\t\t\t\tMinutes: pulumi.Int(30),\n\t\t\t\t\tSeconds: pulumi.Int(0),\n\t\t\t\t\tNanos: pulumi.Int(0),\n\t\t\t\t},\n\t\t\t\tRepeatInterval: pulumi.String(\"604800s\"),\n\t\t\t},\n\t\t\tNotificationConfig: \u0026storage.TransferJobNotificationConfigArgs{\n\t\t\t\tPubsubTopic: topic.ID(),\n\t\t\t\tEventTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"TRANSFER_OPERATION_SUCCESS\"),\n\t\t\t\t\tpulumi.String(\"TRANSFER_OPERATION_FAILED\"),\n\t\t\t\t},\n\t\t\t\tPayloadFormat: pulumi.String(\"JSON\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\ts3_backup_bucketBucketIAMMember,\n\t\t\tnotificationConfig,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.StorageFunctions;\nimport com.pulumi.gcp.storage.inputs.GetTransferProjectServiceAccountArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMMember;\nimport com.pulumi.gcp.pubsub.TopicIAMMemberArgs;\nimport com.pulumi.gcp.storage.TransferJob;\nimport com.pulumi.gcp.storage.TransferJobArgs;\nimport com.pulumi.gcp.storage.inputs.TransferJobTransferSpecArgs;\nimport com.pulumi.gcp.storage.inputs.TransferJobTransferSpecObjectConditionsArgs;\nimport com.pulumi.gcp.storage.inputs.TransferJobTransferSpecTransferOptionsArgs;\nimport com.pulumi.gcp.storage.inputs.TransferJobTransferSpecAwsS3DataSourceArgs;\nimport com.pulumi.gcp.storage.inputs.TransferJobTransferSpecAwsS3DataSourceAwsAccessKeyArgs;\nimport com.pulumi.gcp.storage.inputs.TransferJobTransferSpecGcsDataSinkArgs;\nimport com.pulumi.gcp.storage.inputs.TransferJobScheduleArgs;\nimport com.pulumi.gcp.storage.inputs.TransferJobScheduleScheduleStartDateArgs;\nimport com.pulumi.gcp.storage.inputs.TransferJobScheduleScheduleEndDateArgs;\nimport com.pulumi.gcp.storage.inputs.TransferJobScheduleStartTimeOfDayArgs;\nimport com.pulumi.gcp.storage.inputs.TransferJobNotificationConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = StorageFunctions.getTransferProjectServiceAccount(GetTransferProjectServiceAccountArgs.builder()\n .project(project)\n .build());\n\n var s3_backup_bucket = new Bucket(\"s3-backup-bucket\", BucketArgs.builder()\n .name(String.format(\"%s-backup\", awsS3Bucket))\n .storageClass(\"NEARLINE\")\n .project(project)\n .location(\"US\")\n .build());\n\n var s3_backup_bucketBucketIAMMember = new BucketIAMMember(\"s3-backup-bucketBucketIAMMember\", BucketIAMMemberArgs.builder()\n .bucket(s3_backup_bucket.name())\n .role(\"roles/storage.admin\")\n .member(String.format(\"serviceAccount:%s\", default_.email()))\n .build(), CustomResourceOptions.builder()\n .dependsOn(s3_backup_bucket)\n .build());\n\n var topic = new Topic(\"topic\", TopicArgs.builder()\n .name(pubsubTopicName)\n .build());\n\n var notificationConfig = new TopicIAMMember(\"notificationConfig\", TopicIAMMemberArgs.builder()\n .topic(topic.id())\n .role(\"roles/pubsub.publisher\")\n .member(String.format(\"serviceAccount:%s\", default_.email()))\n .build());\n\n var s3_bucket_nightly_backup = new TransferJob(\"s3-bucket-nightly-backup\", TransferJobArgs.builder()\n .description(\"Nightly backup of S3 bucket\")\n .project(project)\n .transferSpec(TransferJobTransferSpecArgs.builder()\n .objectConditions(TransferJobTransferSpecObjectConditionsArgs.builder()\n .maxTimeElapsedSinceLastModification(\"600s\")\n .excludePrefixes(\"requests.gz\")\n .build())\n .transferOptions(TransferJobTransferSpecTransferOptionsArgs.builder()\n .deleteObjectsUniqueInSink(false)\n .build())\n .awsS3DataSource(TransferJobTransferSpecAwsS3DataSourceArgs.builder()\n .bucketName(awsS3Bucket)\n .awsAccessKey(TransferJobTransferSpecAwsS3DataSourceAwsAccessKeyArgs.builder()\n .accessKeyId(awsAccessKey)\n .secretAccessKey(awsSecretKey)\n .build())\n .build())\n .gcsDataSink(TransferJobTransferSpecGcsDataSinkArgs.builder()\n .bucketName(s3_backup_bucket.name())\n .path(\"foo/bar/\")\n .build())\n .build())\n .schedule(TransferJobScheduleArgs.builder()\n .scheduleStartDate(TransferJobScheduleScheduleStartDateArgs.builder()\n .year(2018)\n .month(10)\n .day(1)\n .build())\n .scheduleEndDate(TransferJobScheduleScheduleEndDateArgs.builder()\n .year(2019)\n .month(1)\n .day(15)\n .build())\n .startTimeOfDay(TransferJobScheduleStartTimeOfDayArgs.builder()\n .hours(23)\n .minutes(30)\n .seconds(0)\n .nanos(0)\n .build())\n .repeatInterval(\"604800s\")\n .build())\n .notificationConfig(TransferJobNotificationConfigArgs.builder()\n .pubsubTopic(topic.id())\n .eventTypes( \n \"TRANSFER_OPERATION_SUCCESS\",\n \"TRANSFER_OPERATION_FAILED\")\n .payloadFormat(\"JSON\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n s3_backup_bucketBucketIAMMember,\n notificationConfig)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n s3-backup-bucket:\n type: gcp:storage:Bucket\n properties:\n name: ${awsS3Bucket}-backup\n storageClass: NEARLINE\n project: ${project}\n location: US\n s3-backup-bucketBucketIAMMember:\n type: gcp:storage:BucketIAMMember\n name: s3-backup-bucket\n properties:\n bucket: ${[\"s3-backup-bucket\"].name}\n role: roles/storage.admin\n member: serviceAccount:${default.email}\n options:\n dependson:\n - ${[\"s3-backup-bucket\"]}\n topic:\n type: gcp:pubsub:Topic\n properties:\n name: ${pubsubTopicName}\n notificationConfig:\n type: gcp:pubsub:TopicIAMMember\n name: notification_config\n properties:\n topic: ${topic.id}\n role: roles/pubsub.publisher\n member: serviceAccount:${default.email}\n s3-bucket-nightly-backup:\n type: gcp:storage:TransferJob\n properties:\n description: Nightly backup of S3 bucket\n project: ${project}\n transferSpec:\n objectConditions:\n maxTimeElapsedSinceLastModification: 600s\n excludePrefixes:\n - requests.gz\n transferOptions:\n deleteObjectsUniqueInSink: false\n awsS3DataSource:\n bucketName: ${awsS3Bucket}\n awsAccessKey:\n accessKeyId: ${awsAccessKey}\n secretAccessKey: ${awsSecretKey}\n gcsDataSink:\n bucketName: ${[\"s3-backup-bucket\"].name}\n path: foo/bar/\n schedule:\n scheduleStartDate:\n year: 2018\n month: 10\n day: 1\n scheduleEndDate:\n year: 2019\n month: 1\n day: 15\n startTimeOfDay:\n hours: 23\n minutes: 30\n seconds: 0\n nanos: 0\n repeatInterval: 604800s\n notificationConfig:\n pubsubTopic: ${topic.id}\n eventTypes:\n - TRANSFER_OPERATION_SUCCESS\n - TRANSFER_OPERATION_FAILED\n payloadFormat: JSON\n options:\n dependson:\n - ${[\"s3-backup-bucketBucketIAMMember\"]}\n - ${notificationConfig}\nvariables:\n default:\n fn::invoke:\n Function: gcp:storage:getTransferProjectServiceAccount\n Arguments:\n project: ${project}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nStorage Transfer Jobs can be imported using the Transfer Job's `project` and `name` (without the `transferJob/` prefix), e.g.\n\n* `{{project_id}}/{{name}}`, where `name` is a numeric value.\n\nWhen using the `pulumi import` command, Storage Transfer Jobs can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:storage/transferJob:TransferJob default {{project_id}}/123456789\n```\n\n", + "description": "Creates a new Transfer Job in Google Cloud Storage Transfer.\n\nTo get more information about Google Cloud Storage Transfer, see:\n\n* [Overview](https://cloud.google.com/storage-transfer/docs/overview)\n* [API documentation](https://cloud.google.com/storage-transfer/docs/reference/rest/v1/transferJobs)\n* How-to Guides\n * [Configuring Access to Data Sources and Sinks](https://cloud.google.com/storage-transfer/docs/configure-access)\n\n## Example Usage\n\nExample creating a nightly Transfer Job from an AWS S3 Bucket to a GCS bucket.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.storage.getTransferProjectServiceAccount({\n project: project,\n});\nconst s3_backup_bucket = new gcp.storage.Bucket(\"s3-backup-bucket\", {\n name: `${awsS3Bucket}-backup`,\n storageClass: \"NEARLINE\",\n project: project,\n location: \"US\",\n});\nconst s3_backup_bucketBucketIAMMember = new gcp.storage.BucketIAMMember(\"s3-backup-bucket\", {\n bucket: s3_backup_bucket.name,\n role: \"roles/storage.admin\",\n member: _default.then(_default =\u003e `serviceAccount:${_default.email}`),\n}, {\n dependsOn: [s3_backup_bucket],\n});\nconst topic = new gcp.pubsub.Topic(\"topic\", {name: pubsubTopicName});\nconst notificationConfig = new gcp.pubsub.TopicIAMMember(\"notification_config\", {\n topic: topic.id,\n role: \"roles/pubsub.publisher\",\n member: _default.then(_default =\u003e `serviceAccount:${_default.email}`),\n});\nconst s3_bucket_nightly_backup = new gcp.storage.TransferJob(\"s3-bucket-nightly-backup\", {\n description: \"Nightly backup of S3 bucket\",\n project: project,\n transferSpec: {\n objectConditions: {\n maxTimeElapsedSinceLastModification: \"600s\",\n excludePrefixes: [\"requests.gz\"],\n },\n transferOptions: {\n deleteObjectsUniqueInSink: false,\n },\n awsS3DataSource: {\n bucketName: awsS3Bucket,\n awsAccessKey: {\n accessKeyId: awsAccessKey,\n secretAccessKey: awsSecretKey,\n },\n },\n gcsDataSink: {\n bucketName: s3_backup_bucket.name,\n path: \"foo/bar/\",\n },\n },\n schedule: {\n scheduleStartDate: {\n year: 2018,\n month: 10,\n day: 1,\n },\n scheduleEndDate: {\n year: 2019,\n month: 1,\n day: 15,\n },\n startTimeOfDay: {\n hours: 23,\n minutes: 30,\n seconds: 0,\n nanos: 0,\n },\n repeatInterval: \"604800s\",\n },\n notificationConfig: {\n pubsubTopic: topic.id,\n eventTypes: [\n \"TRANSFER_OPERATION_SUCCESS\",\n \"TRANSFER_OPERATION_FAILED\",\n ],\n payloadFormat: \"JSON\",\n },\n}, {\n dependsOn: [\n s3_backup_bucketBucketIAMMember,\n notificationConfig,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.storage.get_transfer_project_service_account(project=project)\ns3_backup_bucket = gcp.storage.Bucket(\"s3-backup-bucket\",\n name=f\"{aws_s3_bucket}-backup\",\n storage_class=\"NEARLINE\",\n project=project,\n location=\"US\")\ns3_backup_bucket_bucket_iam_member = gcp.storage.BucketIAMMember(\"s3-backup-bucket\",\n bucket=s3_backup_bucket.name,\n role=\"roles/storage.admin\",\n member=f\"serviceAccount:{default.email}\",\n opts = pulumi.ResourceOptions(depends_on=[s3_backup_bucket]))\ntopic = gcp.pubsub.Topic(\"topic\", name=pubsub_topic_name)\nnotification_config = gcp.pubsub.TopicIAMMember(\"notification_config\",\n topic=topic.id,\n role=\"roles/pubsub.publisher\",\n member=f\"serviceAccount:{default.email}\")\ns3_bucket_nightly_backup = gcp.storage.TransferJob(\"s3-bucket-nightly-backup\",\n description=\"Nightly backup of S3 bucket\",\n project=project,\n transfer_spec={\n \"object_conditions\": {\n \"max_time_elapsed_since_last_modification\": \"600s\",\n \"exclude_prefixes\": [\"requests.gz\"],\n },\n \"transfer_options\": {\n \"delete_objects_unique_in_sink\": False,\n },\n \"aws_s3_data_source\": {\n \"bucket_name\": aws_s3_bucket,\n \"aws_access_key\": {\n \"access_key_id\": aws_access_key,\n \"secret_access_key\": aws_secret_key,\n },\n },\n \"gcs_data_sink\": {\n \"bucket_name\": s3_backup_bucket.name,\n \"path\": \"foo/bar/\",\n },\n },\n schedule={\n \"schedule_start_date\": {\n \"year\": 2018,\n \"month\": 10,\n \"day\": 1,\n },\n \"schedule_end_date\": {\n \"year\": 2019,\n \"month\": 1,\n \"day\": 15,\n },\n \"start_time_of_day\": {\n \"hours\": 23,\n \"minutes\": 30,\n \"seconds\": 0,\n \"nanos\": 0,\n },\n \"repeat_interval\": \"604800s\",\n },\n notification_config={\n \"pubsub_topic\": topic.id,\n \"event_types\": [\n \"TRANSFER_OPERATION_SUCCESS\",\n \"TRANSFER_OPERATION_FAILED\",\n ],\n \"payload_format\": \"JSON\",\n },\n opts = pulumi.ResourceOptions(depends_on=[\n s3_backup_bucket_bucket_iam_member,\n notification_config,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Storage.GetTransferProjectServiceAccount.Invoke(new()\n {\n Project = project,\n });\n\n var s3_backup_bucket = new Gcp.Storage.Bucket(\"s3-backup-bucket\", new()\n {\n Name = $\"{awsS3Bucket}-backup\",\n StorageClass = \"NEARLINE\",\n Project = project,\n Location = \"US\",\n });\n\n var s3_backup_bucketBucketIAMMember = new Gcp.Storage.BucketIAMMember(\"s3-backup-bucket\", new()\n {\n Bucket = s3_backup_bucket.Name,\n Role = \"roles/storage.admin\",\n Member = @default.Apply(@default =\u003e $\"serviceAccount:{@default.Apply(getTransferProjectServiceAccountResult =\u003e getTransferProjectServiceAccountResult.Email)}\"),\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n s3_backup_bucket,\n },\n });\n\n var topic = new Gcp.PubSub.Topic(\"topic\", new()\n {\n Name = pubsubTopicName,\n });\n\n var notificationConfig = new Gcp.PubSub.TopicIAMMember(\"notification_config\", new()\n {\n Topic = topic.Id,\n Role = \"roles/pubsub.publisher\",\n Member = @default.Apply(@default =\u003e $\"serviceAccount:{@default.Apply(getTransferProjectServiceAccountResult =\u003e getTransferProjectServiceAccountResult.Email)}\"),\n });\n\n var s3_bucket_nightly_backup = new Gcp.Storage.TransferJob(\"s3-bucket-nightly-backup\", new()\n {\n Description = \"Nightly backup of S3 bucket\",\n Project = project,\n TransferSpec = new Gcp.Storage.Inputs.TransferJobTransferSpecArgs\n {\n ObjectConditions = new Gcp.Storage.Inputs.TransferJobTransferSpecObjectConditionsArgs\n {\n MaxTimeElapsedSinceLastModification = \"600s\",\n ExcludePrefixes = new[]\n {\n \"requests.gz\",\n },\n },\n TransferOptions = new Gcp.Storage.Inputs.TransferJobTransferSpecTransferOptionsArgs\n {\n DeleteObjectsUniqueInSink = false,\n },\n AwsS3DataSource = new Gcp.Storage.Inputs.TransferJobTransferSpecAwsS3DataSourceArgs\n {\n BucketName = awsS3Bucket,\n AwsAccessKey = new Gcp.Storage.Inputs.TransferJobTransferSpecAwsS3DataSourceAwsAccessKeyArgs\n {\n AccessKeyId = awsAccessKey,\n SecretAccessKey = awsSecretKey,\n },\n },\n GcsDataSink = new Gcp.Storage.Inputs.TransferJobTransferSpecGcsDataSinkArgs\n {\n BucketName = s3_backup_bucket.Name,\n Path = \"foo/bar/\",\n },\n },\n Schedule = new Gcp.Storage.Inputs.TransferJobScheduleArgs\n {\n ScheduleStartDate = new Gcp.Storage.Inputs.TransferJobScheduleScheduleStartDateArgs\n {\n Year = 2018,\n Month = 10,\n Day = 1,\n },\n ScheduleEndDate = new Gcp.Storage.Inputs.TransferJobScheduleScheduleEndDateArgs\n {\n Year = 2019,\n Month = 1,\n Day = 15,\n },\n StartTimeOfDay = new Gcp.Storage.Inputs.TransferJobScheduleStartTimeOfDayArgs\n {\n Hours = 23,\n Minutes = 30,\n Seconds = 0,\n Nanos = 0,\n },\n RepeatInterval = \"604800s\",\n },\n NotificationConfig = new Gcp.Storage.Inputs.TransferJobNotificationConfigArgs\n {\n PubsubTopic = topic.Id,\n EventTypes = new[]\n {\n \"TRANSFER_OPERATION_SUCCESS\",\n \"TRANSFER_OPERATION_FAILED\",\n },\n PayloadFormat = \"JSON\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n s3_backup_bucketBucketIAMMember,\n notificationConfig,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := storage.GetTransferProjectServiceAccount(ctx, \u0026storage.GetTransferProjectServiceAccountArgs{\n\t\t\tProject: pulumi.StringRef(project),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucket(ctx, \"s3-backup-bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.Sprintf(\"%v-backup\", awsS3Bucket),\n\t\t\tStorageClass: pulumi.String(\"NEARLINE\"),\n\t\t\tProject: pulumi.Any(project),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMMember(ctx, \"s3-backup-bucket\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: s3_backup_bucket.Name,\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v\", _default.Email),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\ts3_backup_bucket,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttopic, err := pubsub.NewTopic(ctx, \"topic\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.Any(pubsubTopicName),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnotificationConfig, err := pubsub.NewTopicIAMMember(ctx, \"notification_config\", \u0026pubsub.TopicIAMMemberArgs{\n\t\t\tTopic: topic.ID(),\n\t\t\tRole: pulumi.String(\"roles/pubsub.publisher\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v\", _default.Email),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewTransferJob(ctx, \"s3-bucket-nightly-backup\", \u0026storage.TransferJobArgs{\n\t\t\tDescription: pulumi.String(\"Nightly backup of S3 bucket\"),\n\t\t\tProject: pulumi.Any(project),\n\t\t\tTransferSpec: \u0026storage.TransferJobTransferSpecArgs{\n\t\t\t\tObjectConditions: \u0026storage.TransferJobTransferSpecObjectConditionsArgs{\n\t\t\t\t\tMaxTimeElapsedSinceLastModification: pulumi.String(\"600s\"),\n\t\t\t\t\tExcludePrefixes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"requests.gz\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tTransferOptions: \u0026storage.TransferJobTransferSpecTransferOptionsArgs{\n\t\t\t\t\tDeleteObjectsUniqueInSink: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t\tAwsS3DataSource: \u0026storage.TransferJobTransferSpecAwsS3DataSourceArgs{\n\t\t\t\t\tBucketName: pulumi.Any(awsS3Bucket),\n\t\t\t\t\tAwsAccessKey: \u0026storage.TransferJobTransferSpecAwsS3DataSourceAwsAccessKeyArgs{\n\t\t\t\t\t\tAccessKeyId: pulumi.Any(awsAccessKey),\n\t\t\t\t\t\tSecretAccessKey: pulumi.Any(awsSecretKey),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tGcsDataSink: \u0026storage.TransferJobTransferSpecGcsDataSinkArgs{\n\t\t\t\t\tBucketName: s3_backup_bucket.Name,\n\t\t\t\t\tPath: pulumi.String(\"foo/bar/\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tSchedule: \u0026storage.TransferJobScheduleArgs{\n\t\t\t\tScheduleStartDate: \u0026storage.TransferJobScheduleScheduleStartDateArgs{\n\t\t\t\t\tYear: pulumi.Int(2018),\n\t\t\t\t\tMonth: pulumi.Int(10),\n\t\t\t\t\tDay: pulumi.Int(1),\n\t\t\t\t},\n\t\t\t\tScheduleEndDate: \u0026storage.TransferJobScheduleScheduleEndDateArgs{\n\t\t\t\t\tYear: pulumi.Int(2019),\n\t\t\t\t\tMonth: pulumi.Int(1),\n\t\t\t\t\tDay: pulumi.Int(15),\n\t\t\t\t},\n\t\t\t\tStartTimeOfDay: \u0026storage.TransferJobScheduleStartTimeOfDayArgs{\n\t\t\t\t\tHours: pulumi.Int(23),\n\t\t\t\t\tMinutes: pulumi.Int(30),\n\t\t\t\t\tSeconds: pulumi.Int(0),\n\t\t\t\t\tNanos: pulumi.Int(0),\n\t\t\t\t},\n\t\t\t\tRepeatInterval: pulumi.String(\"604800s\"),\n\t\t\t},\n\t\t\tNotificationConfig: \u0026storage.TransferJobNotificationConfigArgs{\n\t\t\t\tPubsubTopic: topic.ID(),\n\t\t\t\tEventTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"TRANSFER_OPERATION_SUCCESS\"),\n\t\t\t\t\tpulumi.String(\"TRANSFER_OPERATION_FAILED\"),\n\t\t\t\t},\n\t\t\t\tPayloadFormat: pulumi.String(\"JSON\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\ts3_backup_bucketBucketIAMMember,\n\t\t\tnotificationConfig,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.StorageFunctions;\nimport com.pulumi.gcp.storage.inputs.GetTransferProjectServiceAccountArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMMember;\nimport com.pulumi.gcp.pubsub.TopicIAMMemberArgs;\nimport com.pulumi.gcp.storage.TransferJob;\nimport com.pulumi.gcp.storage.TransferJobArgs;\nimport com.pulumi.gcp.storage.inputs.TransferJobTransferSpecArgs;\nimport com.pulumi.gcp.storage.inputs.TransferJobTransferSpecObjectConditionsArgs;\nimport com.pulumi.gcp.storage.inputs.TransferJobTransferSpecTransferOptionsArgs;\nimport com.pulumi.gcp.storage.inputs.TransferJobTransferSpecAwsS3DataSourceArgs;\nimport com.pulumi.gcp.storage.inputs.TransferJobTransferSpecAwsS3DataSourceAwsAccessKeyArgs;\nimport com.pulumi.gcp.storage.inputs.TransferJobTransferSpecGcsDataSinkArgs;\nimport com.pulumi.gcp.storage.inputs.TransferJobScheduleArgs;\nimport com.pulumi.gcp.storage.inputs.TransferJobScheduleScheduleStartDateArgs;\nimport com.pulumi.gcp.storage.inputs.TransferJobScheduleScheduleEndDateArgs;\nimport com.pulumi.gcp.storage.inputs.TransferJobScheduleStartTimeOfDayArgs;\nimport com.pulumi.gcp.storage.inputs.TransferJobNotificationConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = StorageFunctions.getTransferProjectServiceAccount(GetTransferProjectServiceAccountArgs.builder()\n .project(project)\n .build());\n\n var s3_backup_bucket = new Bucket(\"s3-backup-bucket\", BucketArgs.builder()\n .name(String.format(\"%s-backup\", awsS3Bucket))\n .storageClass(\"NEARLINE\")\n .project(project)\n .location(\"US\")\n .build());\n\n var s3_backup_bucketBucketIAMMember = new BucketIAMMember(\"s3-backup-bucketBucketIAMMember\", BucketIAMMemberArgs.builder()\n .bucket(s3_backup_bucket.name())\n .role(\"roles/storage.admin\")\n .member(String.format(\"serviceAccount:%s\", default_.email()))\n .build(), CustomResourceOptions.builder()\n .dependsOn(s3_backup_bucket)\n .build());\n\n var topic = new Topic(\"topic\", TopicArgs.builder()\n .name(pubsubTopicName)\n .build());\n\n var notificationConfig = new TopicIAMMember(\"notificationConfig\", TopicIAMMemberArgs.builder()\n .topic(topic.id())\n .role(\"roles/pubsub.publisher\")\n .member(String.format(\"serviceAccount:%s\", default_.email()))\n .build());\n\n var s3_bucket_nightly_backup = new TransferJob(\"s3-bucket-nightly-backup\", TransferJobArgs.builder()\n .description(\"Nightly backup of S3 bucket\")\n .project(project)\n .transferSpec(TransferJobTransferSpecArgs.builder()\n .objectConditions(TransferJobTransferSpecObjectConditionsArgs.builder()\n .maxTimeElapsedSinceLastModification(\"600s\")\n .excludePrefixes(\"requests.gz\")\n .build())\n .transferOptions(TransferJobTransferSpecTransferOptionsArgs.builder()\n .deleteObjectsUniqueInSink(false)\n .build())\n .awsS3DataSource(TransferJobTransferSpecAwsS3DataSourceArgs.builder()\n .bucketName(awsS3Bucket)\n .awsAccessKey(TransferJobTransferSpecAwsS3DataSourceAwsAccessKeyArgs.builder()\n .accessKeyId(awsAccessKey)\n .secretAccessKey(awsSecretKey)\n .build())\n .build())\n .gcsDataSink(TransferJobTransferSpecGcsDataSinkArgs.builder()\n .bucketName(s3_backup_bucket.name())\n .path(\"foo/bar/\")\n .build())\n .build())\n .schedule(TransferJobScheduleArgs.builder()\n .scheduleStartDate(TransferJobScheduleScheduleStartDateArgs.builder()\n .year(2018)\n .month(10)\n .day(1)\n .build())\n .scheduleEndDate(TransferJobScheduleScheduleEndDateArgs.builder()\n .year(2019)\n .month(1)\n .day(15)\n .build())\n .startTimeOfDay(TransferJobScheduleStartTimeOfDayArgs.builder()\n .hours(23)\n .minutes(30)\n .seconds(0)\n .nanos(0)\n .build())\n .repeatInterval(\"604800s\")\n .build())\n .notificationConfig(TransferJobNotificationConfigArgs.builder()\n .pubsubTopic(topic.id())\n .eventTypes( \n \"TRANSFER_OPERATION_SUCCESS\",\n \"TRANSFER_OPERATION_FAILED\")\n .payloadFormat(\"JSON\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n s3_backup_bucketBucketIAMMember,\n notificationConfig)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n s3-backup-bucket:\n type: gcp:storage:Bucket\n properties:\n name: ${awsS3Bucket}-backup\n storageClass: NEARLINE\n project: ${project}\n location: US\n s3-backup-bucketBucketIAMMember:\n type: gcp:storage:BucketIAMMember\n name: s3-backup-bucket\n properties:\n bucket: ${[\"s3-backup-bucket\"].name}\n role: roles/storage.admin\n member: serviceAccount:${default.email}\n options:\n dependsOn:\n - ${[\"s3-backup-bucket\"]}\n topic:\n type: gcp:pubsub:Topic\n properties:\n name: ${pubsubTopicName}\n notificationConfig:\n type: gcp:pubsub:TopicIAMMember\n name: notification_config\n properties:\n topic: ${topic.id}\n role: roles/pubsub.publisher\n member: serviceAccount:${default.email}\n s3-bucket-nightly-backup:\n type: gcp:storage:TransferJob\n properties:\n description: Nightly backup of S3 bucket\n project: ${project}\n transferSpec:\n objectConditions:\n maxTimeElapsedSinceLastModification: 600s\n excludePrefixes:\n - requests.gz\n transferOptions:\n deleteObjectsUniqueInSink: false\n awsS3DataSource:\n bucketName: ${awsS3Bucket}\n awsAccessKey:\n accessKeyId: ${awsAccessKey}\n secretAccessKey: ${awsSecretKey}\n gcsDataSink:\n bucketName: ${[\"s3-backup-bucket\"].name}\n path: foo/bar/\n schedule:\n scheduleStartDate:\n year: 2018\n month: 10\n day: 1\n scheduleEndDate:\n year: 2019\n month: 1\n day: 15\n startTimeOfDay:\n hours: 23\n minutes: 30\n seconds: 0\n nanos: 0\n repeatInterval: 604800s\n notificationConfig:\n pubsubTopic: ${topic.id}\n eventTypes:\n - TRANSFER_OPERATION_SUCCESS\n - TRANSFER_OPERATION_FAILED\n payloadFormat: JSON\n options:\n dependsOn:\n - ${[\"s3-backup-bucketBucketIAMMember\"]}\n - ${notificationConfig}\nvariables:\n default:\n fn::invoke:\n function: gcp:storage:getTransferProjectServiceAccount\n arguments:\n project: ${project}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nStorage Transfer Jobs can be imported using the Transfer Job's `project` and `name` (without the `transferJob/` prefix), e.g.\n\n* `{{project_id}}/{{name}}`, where `name` is a numeric value.\n\nWhen using the `pulumi import` command, Storage Transfer Jobs can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:storage/transferJob:TransferJob default {{project_id}}/123456789\n```\n\n", "properties": { "creationTime": { "type": "string", @@ -270063,7 +270063,7 @@ } }, "gcp:tags/tagKeyIamBinding:TagKeyIamBinding": { - "description": "Three different resources help you manage your IAM policy for Tags TagKey. Each of these resources serves a different use case:\n\n* `gcp.tags.TagKeyIamPolicy`: Authoritative. Sets the IAM policy for the tagkey and replaces any existing policy already attached.\n* `gcp.tags.TagKeyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagkey are preserved.\n* `gcp.tags.TagKeyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagkey are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagKeyIamPolicy`: Retrieves the IAM policy for the tagkey\n\n\u003e **Note:** `gcp.tags.TagKeyIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagKeyIamBinding` and `gcp.tags.TagKeyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagKeyIamBinding` resources **can be** used in conjunction with `gcp.tags.TagKeyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.tags.TagKeyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagKeyIamPolicy(\"policy\", {\n tagKey: key.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.tags.TagKeyIamPolicy(\"policy\",\n tag_key=key[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagKeyIamPolicy(\"policy\", new()\n {\n TagKey = key.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagKeyIamPolicy(ctx, \"policy\", \u0026tags.TagKeyIamPolicyArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagKeyIamPolicy;\nimport com.pulumi.gcp.tags.TagKeyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagKeyIamPolicy(\"policy\", TagKeyIamPolicyArgs.builder()\n .tagKey(key.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagKeyIamPolicy\n properties:\n tagKey: ${key.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagKeyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagKeyIamBinding(\"binding\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagKeyIamBinding(\"binding\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagKeyIamBinding(\"binding\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamBinding(ctx, \"binding\", \u0026tags.TagKeyIamBindingArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamBinding;\nimport com.pulumi.gcp.tags.TagKeyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagKeyIamBinding(\"binding\", TagKeyIamBindingArgs.builder()\n .tagKey(key.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagKeyIamBinding\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagKeyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagKeyIamMember(\"member\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagKeyIamMember(\"member\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagKeyIamMember(\"member\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamMember(ctx, \"member\", \u0026tags.TagKeyIamMemberArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamMember;\nimport com.pulumi.gcp.tags.TagKeyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagKeyIamMember(\"member\", TagKeyIamMemberArgs.builder()\n .tagKey(key.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagKeyIamMember\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Tags TagKey\nThree different resources help you manage your IAM policy for Tags TagKey. Each of these resources serves a different use case:\n\n* `gcp.tags.TagKeyIamPolicy`: Authoritative. Sets the IAM policy for the tagkey and replaces any existing policy already attached.\n* `gcp.tags.TagKeyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagkey are preserved.\n* `gcp.tags.TagKeyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagkey are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagKeyIamPolicy`: Retrieves the IAM policy for the tagkey\n\n\u003e **Note:** `gcp.tags.TagKeyIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagKeyIamBinding` and `gcp.tags.TagKeyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagKeyIamBinding` resources **can be** used in conjunction with `gcp.tags.TagKeyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.tags.TagKeyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagKeyIamPolicy(\"policy\", {\n tagKey: key.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.tags.TagKeyIamPolicy(\"policy\",\n tag_key=key[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagKeyIamPolicy(\"policy\", new()\n {\n TagKey = key.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagKeyIamPolicy(ctx, \"policy\", \u0026tags.TagKeyIamPolicyArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagKeyIamPolicy;\nimport com.pulumi.gcp.tags.TagKeyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagKeyIamPolicy(\"policy\", TagKeyIamPolicyArgs.builder()\n .tagKey(key.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagKeyIamPolicy\n properties:\n tagKey: ${key.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagKeyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagKeyIamBinding(\"binding\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagKeyIamBinding(\"binding\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagKeyIamBinding(\"binding\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamBinding(ctx, \"binding\", \u0026tags.TagKeyIamBindingArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamBinding;\nimport com.pulumi.gcp.tags.TagKeyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagKeyIamBinding(\"binding\", TagKeyIamBindingArgs.builder()\n .tagKey(key.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagKeyIamBinding\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagKeyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagKeyIamMember(\"member\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagKeyIamMember(\"member\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagKeyIamMember(\"member\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamMember(ctx, \"member\", \u0026tags.TagKeyIamMemberArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamMember;\nimport com.pulumi.gcp.tags.TagKeyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagKeyIamMember(\"member\", TagKeyIamMemberArgs.builder()\n .tagKey(key.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagKeyIamMember\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* tagKeys/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nTags tagkey IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamBinding:TagKeyIamBinding editor \"tagKeys/{{tag_key}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamBinding:TagKeyIamBinding editor \"tagKeys/{{tag_key}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamBinding:TagKeyIamBinding editor tagKeys/{{tag_key}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Tags TagKey. Each of these resources serves a different use case:\n\n* `gcp.tags.TagKeyIamPolicy`: Authoritative. Sets the IAM policy for the tagkey and replaces any existing policy already attached.\n* `gcp.tags.TagKeyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagkey are preserved.\n* `gcp.tags.TagKeyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagkey are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagKeyIamPolicy`: Retrieves the IAM policy for the tagkey\n\n\u003e **Note:** `gcp.tags.TagKeyIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagKeyIamBinding` and `gcp.tags.TagKeyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagKeyIamBinding` resources **can be** used in conjunction with `gcp.tags.TagKeyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.tags.TagKeyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagKeyIamPolicy(\"policy\", {\n tagKey: key.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.tags.TagKeyIamPolicy(\"policy\",\n tag_key=key[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagKeyIamPolicy(\"policy\", new()\n {\n TagKey = key.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagKeyIamPolicy(ctx, \"policy\", \u0026tags.TagKeyIamPolicyArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagKeyIamPolicy;\nimport com.pulumi.gcp.tags.TagKeyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagKeyIamPolicy(\"policy\", TagKeyIamPolicyArgs.builder()\n .tagKey(key.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagKeyIamPolicy\n properties:\n tagKey: ${key.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagKeyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagKeyIamBinding(\"binding\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagKeyIamBinding(\"binding\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagKeyIamBinding(\"binding\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamBinding(ctx, \"binding\", \u0026tags.TagKeyIamBindingArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamBinding;\nimport com.pulumi.gcp.tags.TagKeyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagKeyIamBinding(\"binding\", TagKeyIamBindingArgs.builder()\n .tagKey(key.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagKeyIamBinding\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagKeyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagKeyIamMember(\"member\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagKeyIamMember(\"member\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagKeyIamMember(\"member\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamMember(ctx, \"member\", \u0026tags.TagKeyIamMemberArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamMember;\nimport com.pulumi.gcp.tags.TagKeyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagKeyIamMember(\"member\", TagKeyIamMemberArgs.builder()\n .tagKey(key.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagKeyIamMember\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Tags TagKey\nThree different resources help you manage your IAM policy for Tags TagKey. Each of these resources serves a different use case:\n\n* `gcp.tags.TagKeyIamPolicy`: Authoritative. Sets the IAM policy for the tagkey and replaces any existing policy already attached.\n* `gcp.tags.TagKeyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagkey are preserved.\n* `gcp.tags.TagKeyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagkey are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagKeyIamPolicy`: Retrieves the IAM policy for the tagkey\n\n\u003e **Note:** `gcp.tags.TagKeyIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagKeyIamBinding` and `gcp.tags.TagKeyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagKeyIamBinding` resources **can be** used in conjunction with `gcp.tags.TagKeyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.tags.TagKeyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagKeyIamPolicy(\"policy\", {\n tagKey: key.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.tags.TagKeyIamPolicy(\"policy\",\n tag_key=key[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagKeyIamPolicy(\"policy\", new()\n {\n TagKey = key.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagKeyIamPolicy(ctx, \"policy\", \u0026tags.TagKeyIamPolicyArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagKeyIamPolicy;\nimport com.pulumi.gcp.tags.TagKeyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagKeyIamPolicy(\"policy\", TagKeyIamPolicyArgs.builder()\n .tagKey(key.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagKeyIamPolicy\n properties:\n tagKey: ${key.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagKeyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagKeyIamBinding(\"binding\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagKeyIamBinding(\"binding\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagKeyIamBinding(\"binding\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamBinding(ctx, \"binding\", \u0026tags.TagKeyIamBindingArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamBinding;\nimport com.pulumi.gcp.tags.TagKeyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagKeyIamBinding(\"binding\", TagKeyIamBindingArgs.builder()\n .tagKey(key.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagKeyIamBinding\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagKeyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagKeyIamMember(\"member\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagKeyIamMember(\"member\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagKeyIamMember(\"member\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamMember(ctx, \"member\", \u0026tags.TagKeyIamMemberArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamMember;\nimport com.pulumi.gcp.tags.TagKeyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagKeyIamMember(\"member\", TagKeyIamMemberArgs.builder()\n .tagKey(key.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagKeyIamMember\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* tagKeys/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nTags tagkey IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamBinding:TagKeyIamBinding editor \"tagKeys/{{tag_key}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamBinding:TagKeyIamBinding editor \"tagKeys/{{tag_key}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamBinding:TagKeyIamBinding editor tagKeys/{{tag_key}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:tags/TagKeyIamBindingCondition:TagKeyIamBindingCondition" @@ -270155,7 +270155,7 @@ } }, "gcp:tags/tagKeyIamMember:TagKeyIamMember": { - "description": "Three different resources help you manage your IAM policy for Tags TagKey. Each of these resources serves a different use case:\n\n* `gcp.tags.TagKeyIamPolicy`: Authoritative. Sets the IAM policy for the tagkey and replaces any existing policy already attached.\n* `gcp.tags.TagKeyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagkey are preserved.\n* `gcp.tags.TagKeyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagkey are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagKeyIamPolicy`: Retrieves the IAM policy for the tagkey\n\n\u003e **Note:** `gcp.tags.TagKeyIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagKeyIamBinding` and `gcp.tags.TagKeyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagKeyIamBinding` resources **can be** used in conjunction with `gcp.tags.TagKeyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.tags.TagKeyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagKeyIamPolicy(\"policy\", {\n tagKey: key.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.tags.TagKeyIamPolicy(\"policy\",\n tag_key=key[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagKeyIamPolicy(\"policy\", new()\n {\n TagKey = key.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagKeyIamPolicy(ctx, \"policy\", \u0026tags.TagKeyIamPolicyArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagKeyIamPolicy;\nimport com.pulumi.gcp.tags.TagKeyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagKeyIamPolicy(\"policy\", TagKeyIamPolicyArgs.builder()\n .tagKey(key.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagKeyIamPolicy\n properties:\n tagKey: ${key.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagKeyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagKeyIamBinding(\"binding\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagKeyIamBinding(\"binding\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagKeyIamBinding(\"binding\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamBinding(ctx, \"binding\", \u0026tags.TagKeyIamBindingArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamBinding;\nimport com.pulumi.gcp.tags.TagKeyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagKeyIamBinding(\"binding\", TagKeyIamBindingArgs.builder()\n .tagKey(key.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagKeyIamBinding\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagKeyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagKeyIamMember(\"member\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagKeyIamMember(\"member\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagKeyIamMember(\"member\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamMember(ctx, \"member\", \u0026tags.TagKeyIamMemberArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamMember;\nimport com.pulumi.gcp.tags.TagKeyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagKeyIamMember(\"member\", TagKeyIamMemberArgs.builder()\n .tagKey(key.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagKeyIamMember\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Tags TagKey\nThree different resources help you manage your IAM policy for Tags TagKey. Each of these resources serves a different use case:\n\n* `gcp.tags.TagKeyIamPolicy`: Authoritative. Sets the IAM policy for the tagkey and replaces any existing policy already attached.\n* `gcp.tags.TagKeyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagkey are preserved.\n* `gcp.tags.TagKeyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagkey are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagKeyIamPolicy`: Retrieves the IAM policy for the tagkey\n\n\u003e **Note:** `gcp.tags.TagKeyIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagKeyIamBinding` and `gcp.tags.TagKeyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagKeyIamBinding` resources **can be** used in conjunction with `gcp.tags.TagKeyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.tags.TagKeyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagKeyIamPolicy(\"policy\", {\n tagKey: key.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.tags.TagKeyIamPolicy(\"policy\",\n tag_key=key[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagKeyIamPolicy(\"policy\", new()\n {\n TagKey = key.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagKeyIamPolicy(ctx, \"policy\", \u0026tags.TagKeyIamPolicyArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagKeyIamPolicy;\nimport com.pulumi.gcp.tags.TagKeyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagKeyIamPolicy(\"policy\", TagKeyIamPolicyArgs.builder()\n .tagKey(key.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagKeyIamPolicy\n properties:\n tagKey: ${key.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagKeyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagKeyIamBinding(\"binding\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagKeyIamBinding(\"binding\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagKeyIamBinding(\"binding\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamBinding(ctx, \"binding\", \u0026tags.TagKeyIamBindingArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamBinding;\nimport com.pulumi.gcp.tags.TagKeyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagKeyIamBinding(\"binding\", TagKeyIamBindingArgs.builder()\n .tagKey(key.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagKeyIamBinding\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagKeyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagKeyIamMember(\"member\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagKeyIamMember(\"member\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagKeyIamMember(\"member\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamMember(ctx, \"member\", \u0026tags.TagKeyIamMemberArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamMember;\nimport com.pulumi.gcp.tags.TagKeyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagKeyIamMember(\"member\", TagKeyIamMemberArgs.builder()\n .tagKey(key.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagKeyIamMember\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* tagKeys/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nTags tagkey IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamMember:TagKeyIamMember editor \"tagKeys/{{tag_key}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamMember:TagKeyIamMember editor \"tagKeys/{{tag_key}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamMember:TagKeyIamMember editor tagKeys/{{tag_key}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Tags TagKey. Each of these resources serves a different use case:\n\n* `gcp.tags.TagKeyIamPolicy`: Authoritative. Sets the IAM policy for the tagkey and replaces any existing policy already attached.\n* `gcp.tags.TagKeyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagkey are preserved.\n* `gcp.tags.TagKeyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagkey are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagKeyIamPolicy`: Retrieves the IAM policy for the tagkey\n\n\u003e **Note:** `gcp.tags.TagKeyIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagKeyIamBinding` and `gcp.tags.TagKeyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagKeyIamBinding` resources **can be** used in conjunction with `gcp.tags.TagKeyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.tags.TagKeyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagKeyIamPolicy(\"policy\", {\n tagKey: key.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.tags.TagKeyIamPolicy(\"policy\",\n tag_key=key[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagKeyIamPolicy(\"policy\", new()\n {\n TagKey = key.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagKeyIamPolicy(ctx, \"policy\", \u0026tags.TagKeyIamPolicyArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagKeyIamPolicy;\nimport com.pulumi.gcp.tags.TagKeyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagKeyIamPolicy(\"policy\", TagKeyIamPolicyArgs.builder()\n .tagKey(key.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagKeyIamPolicy\n properties:\n tagKey: ${key.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagKeyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagKeyIamBinding(\"binding\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagKeyIamBinding(\"binding\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagKeyIamBinding(\"binding\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamBinding(ctx, \"binding\", \u0026tags.TagKeyIamBindingArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamBinding;\nimport com.pulumi.gcp.tags.TagKeyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagKeyIamBinding(\"binding\", TagKeyIamBindingArgs.builder()\n .tagKey(key.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagKeyIamBinding\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagKeyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagKeyIamMember(\"member\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagKeyIamMember(\"member\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagKeyIamMember(\"member\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamMember(ctx, \"member\", \u0026tags.TagKeyIamMemberArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamMember;\nimport com.pulumi.gcp.tags.TagKeyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagKeyIamMember(\"member\", TagKeyIamMemberArgs.builder()\n .tagKey(key.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagKeyIamMember\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Tags TagKey\nThree different resources help you manage your IAM policy for Tags TagKey. Each of these resources serves a different use case:\n\n* `gcp.tags.TagKeyIamPolicy`: Authoritative. Sets the IAM policy for the tagkey and replaces any existing policy already attached.\n* `gcp.tags.TagKeyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagkey are preserved.\n* `gcp.tags.TagKeyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagkey are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagKeyIamPolicy`: Retrieves the IAM policy for the tagkey\n\n\u003e **Note:** `gcp.tags.TagKeyIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagKeyIamBinding` and `gcp.tags.TagKeyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagKeyIamBinding` resources **can be** used in conjunction with `gcp.tags.TagKeyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.tags.TagKeyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagKeyIamPolicy(\"policy\", {\n tagKey: key.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.tags.TagKeyIamPolicy(\"policy\",\n tag_key=key[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagKeyIamPolicy(\"policy\", new()\n {\n TagKey = key.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagKeyIamPolicy(ctx, \"policy\", \u0026tags.TagKeyIamPolicyArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagKeyIamPolicy;\nimport com.pulumi.gcp.tags.TagKeyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagKeyIamPolicy(\"policy\", TagKeyIamPolicyArgs.builder()\n .tagKey(key.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagKeyIamPolicy\n properties:\n tagKey: ${key.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagKeyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagKeyIamBinding(\"binding\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagKeyIamBinding(\"binding\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagKeyIamBinding(\"binding\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamBinding(ctx, \"binding\", \u0026tags.TagKeyIamBindingArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamBinding;\nimport com.pulumi.gcp.tags.TagKeyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagKeyIamBinding(\"binding\", TagKeyIamBindingArgs.builder()\n .tagKey(key.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagKeyIamBinding\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagKeyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagKeyIamMember(\"member\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagKeyIamMember(\"member\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagKeyIamMember(\"member\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamMember(ctx, \"member\", \u0026tags.TagKeyIamMemberArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamMember;\nimport com.pulumi.gcp.tags.TagKeyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagKeyIamMember(\"member\", TagKeyIamMemberArgs.builder()\n .tagKey(key.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagKeyIamMember\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* tagKeys/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nTags tagkey IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamMember:TagKeyIamMember editor \"tagKeys/{{tag_key}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamMember:TagKeyIamMember editor \"tagKeys/{{tag_key}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamMember:TagKeyIamMember editor tagKeys/{{tag_key}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:tags/TagKeyIamMemberCondition:TagKeyIamMemberCondition" @@ -270240,7 +270240,7 @@ } }, "gcp:tags/tagKeyIamPolicy:TagKeyIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Tags TagKey. Each of these resources serves a different use case:\n\n* `gcp.tags.TagKeyIamPolicy`: Authoritative. Sets the IAM policy for the tagkey and replaces any existing policy already attached.\n* `gcp.tags.TagKeyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagkey are preserved.\n* `gcp.tags.TagKeyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagkey are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagKeyIamPolicy`: Retrieves the IAM policy for the tagkey\n\n\u003e **Note:** `gcp.tags.TagKeyIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagKeyIamBinding` and `gcp.tags.TagKeyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagKeyIamBinding` resources **can be** used in conjunction with `gcp.tags.TagKeyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.tags.TagKeyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagKeyIamPolicy(\"policy\", {\n tagKey: key.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.tags.TagKeyIamPolicy(\"policy\",\n tag_key=key[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagKeyIamPolicy(\"policy\", new()\n {\n TagKey = key.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagKeyIamPolicy(ctx, \"policy\", \u0026tags.TagKeyIamPolicyArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagKeyIamPolicy;\nimport com.pulumi.gcp.tags.TagKeyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagKeyIamPolicy(\"policy\", TagKeyIamPolicyArgs.builder()\n .tagKey(key.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagKeyIamPolicy\n properties:\n tagKey: ${key.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagKeyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagKeyIamBinding(\"binding\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagKeyIamBinding(\"binding\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagKeyIamBinding(\"binding\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamBinding(ctx, \"binding\", \u0026tags.TagKeyIamBindingArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamBinding;\nimport com.pulumi.gcp.tags.TagKeyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagKeyIamBinding(\"binding\", TagKeyIamBindingArgs.builder()\n .tagKey(key.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagKeyIamBinding\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagKeyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagKeyIamMember(\"member\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagKeyIamMember(\"member\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagKeyIamMember(\"member\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamMember(ctx, \"member\", \u0026tags.TagKeyIamMemberArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamMember;\nimport com.pulumi.gcp.tags.TagKeyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagKeyIamMember(\"member\", TagKeyIamMemberArgs.builder()\n .tagKey(key.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagKeyIamMember\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Tags TagKey\nThree different resources help you manage your IAM policy for Tags TagKey. Each of these resources serves a different use case:\n\n* `gcp.tags.TagKeyIamPolicy`: Authoritative. Sets the IAM policy for the tagkey and replaces any existing policy already attached.\n* `gcp.tags.TagKeyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagkey are preserved.\n* `gcp.tags.TagKeyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagkey are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagKeyIamPolicy`: Retrieves the IAM policy for the tagkey\n\n\u003e **Note:** `gcp.tags.TagKeyIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagKeyIamBinding` and `gcp.tags.TagKeyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagKeyIamBinding` resources **can be** used in conjunction with `gcp.tags.TagKeyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.tags.TagKeyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagKeyIamPolicy(\"policy\", {\n tagKey: key.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.tags.TagKeyIamPolicy(\"policy\",\n tag_key=key[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagKeyIamPolicy(\"policy\", new()\n {\n TagKey = key.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagKeyIamPolicy(ctx, \"policy\", \u0026tags.TagKeyIamPolicyArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagKeyIamPolicy;\nimport com.pulumi.gcp.tags.TagKeyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagKeyIamPolicy(\"policy\", TagKeyIamPolicyArgs.builder()\n .tagKey(key.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagKeyIamPolicy\n properties:\n tagKey: ${key.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagKeyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagKeyIamBinding(\"binding\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagKeyIamBinding(\"binding\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagKeyIamBinding(\"binding\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamBinding(ctx, \"binding\", \u0026tags.TagKeyIamBindingArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamBinding;\nimport com.pulumi.gcp.tags.TagKeyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagKeyIamBinding(\"binding\", TagKeyIamBindingArgs.builder()\n .tagKey(key.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagKeyIamBinding\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagKeyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagKeyIamMember(\"member\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagKeyIamMember(\"member\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagKeyIamMember(\"member\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamMember(ctx, \"member\", \u0026tags.TagKeyIamMemberArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamMember;\nimport com.pulumi.gcp.tags.TagKeyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagKeyIamMember(\"member\", TagKeyIamMemberArgs.builder()\n .tagKey(key.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagKeyIamMember\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* tagKeys/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nTags tagkey IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamPolicy:TagKeyIamPolicy editor \"tagKeys/{{tag_key}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamPolicy:TagKeyIamPolicy editor \"tagKeys/{{tag_key}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamPolicy:TagKeyIamPolicy editor tagKeys/{{tag_key}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Tags TagKey. Each of these resources serves a different use case:\n\n* `gcp.tags.TagKeyIamPolicy`: Authoritative. Sets the IAM policy for the tagkey and replaces any existing policy already attached.\n* `gcp.tags.TagKeyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagkey are preserved.\n* `gcp.tags.TagKeyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagkey are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagKeyIamPolicy`: Retrieves the IAM policy for the tagkey\n\n\u003e **Note:** `gcp.tags.TagKeyIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagKeyIamBinding` and `gcp.tags.TagKeyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagKeyIamBinding` resources **can be** used in conjunction with `gcp.tags.TagKeyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.tags.TagKeyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagKeyIamPolicy(\"policy\", {\n tagKey: key.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.tags.TagKeyIamPolicy(\"policy\",\n tag_key=key[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagKeyIamPolicy(\"policy\", new()\n {\n TagKey = key.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagKeyIamPolicy(ctx, \"policy\", \u0026tags.TagKeyIamPolicyArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagKeyIamPolicy;\nimport com.pulumi.gcp.tags.TagKeyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagKeyIamPolicy(\"policy\", TagKeyIamPolicyArgs.builder()\n .tagKey(key.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagKeyIamPolicy\n properties:\n tagKey: ${key.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagKeyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagKeyIamBinding(\"binding\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagKeyIamBinding(\"binding\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagKeyIamBinding(\"binding\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamBinding(ctx, \"binding\", \u0026tags.TagKeyIamBindingArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamBinding;\nimport com.pulumi.gcp.tags.TagKeyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagKeyIamBinding(\"binding\", TagKeyIamBindingArgs.builder()\n .tagKey(key.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagKeyIamBinding\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagKeyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagKeyIamMember(\"member\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagKeyIamMember(\"member\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagKeyIamMember(\"member\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamMember(ctx, \"member\", \u0026tags.TagKeyIamMemberArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamMember;\nimport com.pulumi.gcp.tags.TagKeyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagKeyIamMember(\"member\", TagKeyIamMemberArgs.builder()\n .tagKey(key.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagKeyIamMember\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Tags TagKey\nThree different resources help you manage your IAM policy for Tags TagKey. Each of these resources serves a different use case:\n\n* `gcp.tags.TagKeyIamPolicy`: Authoritative. Sets the IAM policy for the tagkey and replaces any existing policy already attached.\n* `gcp.tags.TagKeyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagkey are preserved.\n* `gcp.tags.TagKeyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagkey are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagKeyIamPolicy`: Retrieves the IAM policy for the tagkey\n\n\u003e **Note:** `gcp.tags.TagKeyIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagKeyIamBinding` and `gcp.tags.TagKeyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagKeyIamBinding` resources **can be** used in conjunction with `gcp.tags.TagKeyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.tags.TagKeyIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagKeyIamPolicy(\"policy\", {\n tagKey: key.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.tags.TagKeyIamPolicy(\"policy\",\n tag_key=key[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagKeyIamPolicy(\"policy\", new()\n {\n TagKey = key.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagKeyIamPolicy(ctx, \"policy\", \u0026tags.TagKeyIamPolicyArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagKeyIamPolicy;\nimport com.pulumi.gcp.tags.TagKeyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagKeyIamPolicy(\"policy\", TagKeyIamPolicyArgs.builder()\n .tagKey(key.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagKeyIamPolicy\n properties:\n tagKey: ${key.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagKeyIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagKeyIamBinding(\"binding\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagKeyIamBinding(\"binding\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagKeyIamBinding(\"binding\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamBinding(ctx, \"binding\", \u0026tags.TagKeyIamBindingArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamBinding;\nimport com.pulumi.gcp.tags.TagKeyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagKeyIamBinding(\"binding\", TagKeyIamBindingArgs.builder()\n .tagKey(key.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagKeyIamBinding\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagKeyIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagKeyIamMember(\"member\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagKeyIamMember(\"member\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagKeyIamMember(\"member\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamMember(ctx, \"member\", \u0026tags.TagKeyIamMemberArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamMember;\nimport com.pulumi.gcp.tags.TagKeyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagKeyIamMember(\"member\", TagKeyIamMemberArgs.builder()\n .tagKey(key.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagKeyIamMember\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* tagKeys/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nTags tagkey IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamPolicy:TagKeyIamPolicy editor \"tagKeys/{{tag_key}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamPolicy:TagKeyIamPolicy editor \"tagKeys/{{tag_key}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamPolicy:TagKeyIamPolicy editor tagKeys/{{tag_key}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -270393,7 +270393,7 @@ } }, "gcp:tags/tagValueIamBinding:TagValueIamBinding": { - "description": "Three different resources help you manage your IAM policy for Tags TagValue. Each of these resources serves a different use case:\n\n* `gcp.tags.TagValueIamPolicy`: Authoritative. Sets the IAM policy for the tagvalue and replaces any existing policy already attached.\n* `gcp.tags.TagValueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagvalue are preserved.\n* `gcp.tags.TagValueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagvalue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagValueIamPolicy`: Retrieves the IAM policy for the tagvalue\n\n\u003e **Note:** `gcp.tags.TagValueIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagValueIamBinding` and `gcp.tags.TagValueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagValueIamBinding` resources **can be** used in conjunction with `gcp.tags.TagValueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.tags.TagValueIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagValueIamPolicy(\"policy\", {\n tagValue: value.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.tags.TagValueIamPolicy(\"policy\",\n tag_value=value[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagValueIamPolicy(\"policy\", new()\n {\n TagValue = @value.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagValueIamPolicy(ctx, \"policy\", \u0026tags.TagValueIamPolicyArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagValueIamPolicy;\nimport com.pulumi.gcp.tags.TagValueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagValueIamPolicy(\"policy\", TagValueIamPolicyArgs.builder()\n .tagValue(value.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagValueIamPolicy\n properties:\n tagValue: ${value.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagValueIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagValueIamBinding(\"binding\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagValueIamBinding(\"binding\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagValueIamBinding(\"binding\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamBinding(ctx, \"binding\", \u0026tags.TagValueIamBindingArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamBinding;\nimport com.pulumi.gcp.tags.TagValueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagValueIamBinding(\"binding\", TagValueIamBindingArgs.builder()\n .tagValue(value.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagValueIamBinding\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagValueIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagValueIamMember(\"member\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagValueIamMember(\"member\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagValueIamMember(\"member\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamMember(ctx, \"member\", \u0026tags.TagValueIamMemberArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamMember;\nimport com.pulumi.gcp.tags.TagValueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagValueIamMember(\"member\", TagValueIamMemberArgs.builder()\n .tagValue(value.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagValueIamMember\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Tags TagValue\nThree different resources help you manage your IAM policy for Tags TagValue. Each of these resources serves a different use case:\n\n* `gcp.tags.TagValueIamPolicy`: Authoritative. Sets the IAM policy for the tagvalue and replaces any existing policy already attached.\n* `gcp.tags.TagValueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagvalue are preserved.\n* `gcp.tags.TagValueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagvalue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagValueIamPolicy`: Retrieves the IAM policy for the tagvalue\n\n\u003e **Note:** `gcp.tags.TagValueIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagValueIamBinding` and `gcp.tags.TagValueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagValueIamBinding` resources **can be** used in conjunction with `gcp.tags.TagValueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.tags.TagValueIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagValueIamPolicy(\"policy\", {\n tagValue: value.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.tags.TagValueIamPolicy(\"policy\",\n tag_value=value[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagValueIamPolicy(\"policy\", new()\n {\n TagValue = @value.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagValueIamPolicy(ctx, \"policy\", \u0026tags.TagValueIamPolicyArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagValueIamPolicy;\nimport com.pulumi.gcp.tags.TagValueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagValueIamPolicy(\"policy\", TagValueIamPolicyArgs.builder()\n .tagValue(value.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagValueIamPolicy\n properties:\n tagValue: ${value.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagValueIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagValueIamBinding(\"binding\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagValueIamBinding(\"binding\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagValueIamBinding(\"binding\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamBinding(ctx, \"binding\", \u0026tags.TagValueIamBindingArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamBinding;\nimport com.pulumi.gcp.tags.TagValueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagValueIamBinding(\"binding\", TagValueIamBindingArgs.builder()\n .tagValue(value.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagValueIamBinding\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagValueIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagValueIamMember(\"member\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagValueIamMember(\"member\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagValueIamMember(\"member\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamMember(ctx, \"member\", \u0026tags.TagValueIamMemberArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamMember;\nimport com.pulumi.gcp.tags.TagValueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagValueIamMember(\"member\", TagValueIamMemberArgs.builder()\n .tagValue(value.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagValueIamMember\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* tagValues/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nTags tagvalue IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamBinding:TagValueIamBinding editor \"tagValues/{{tag_value}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamBinding:TagValueIamBinding editor \"tagValues/{{tag_value}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamBinding:TagValueIamBinding editor tagValues/{{tag_value}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Tags TagValue. Each of these resources serves a different use case:\n\n* `gcp.tags.TagValueIamPolicy`: Authoritative. Sets the IAM policy for the tagvalue and replaces any existing policy already attached.\n* `gcp.tags.TagValueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagvalue are preserved.\n* `gcp.tags.TagValueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagvalue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagValueIamPolicy`: Retrieves the IAM policy for the tagvalue\n\n\u003e **Note:** `gcp.tags.TagValueIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagValueIamBinding` and `gcp.tags.TagValueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagValueIamBinding` resources **can be** used in conjunction with `gcp.tags.TagValueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.tags.TagValueIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagValueIamPolicy(\"policy\", {\n tagValue: value.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.tags.TagValueIamPolicy(\"policy\",\n tag_value=value[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagValueIamPolicy(\"policy\", new()\n {\n TagValue = @value.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagValueIamPolicy(ctx, \"policy\", \u0026tags.TagValueIamPolicyArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagValueIamPolicy;\nimport com.pulumi.gcp.tags.TagValueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagValueIamPolicy(\"policy\", TagValueIamPolicyArgs.builder()\n .tagValue(value.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagValueIamPolicy\n properties:\n tagValue: ${value.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagValueIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagValueIamBinding(\"binding\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagValueIamBinding(\"binding\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagValueIamBinding(\"binding\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamBinding(ctx, \"binding\", \u0026tags.TagValueIamBindingArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamBinding;\nimport com.pulumi.gcp.tags.TagValueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagValueIamBinding(\"binding\", TagValueIamBindingArgs.builder()\n .tagValue(value.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagValueIamBinding\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagValueIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagValueIamMember(\"member\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagValueIamMember(\"member\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagValueIamMember(\"member\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamMember(ctx, \"member\", \u0026tags.TagValueIamMemberArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamMember;\nimport com.pulumi.gcp.tags.TagValueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagValueIamMember(\"member\", TagValueIamMemberArgs.builder()\n .tagValue(value.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagValueIamMember\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Tags TagValue\nThree different resources help you manage your IAM policy for Tags TagValue. Each of these resources serves a different use case:\n\n* `gcp.tags.TagValueIamPolicy`: Authoritative. Sets the IAM policy for the tagvalue and replaces any existing policy already attached.\n* `gcp.tags.TagValueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagvalue are preserved.\n* `gcp.tags.TagValueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagvalue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagValueIamPolicy`: Retrieves the IAM policy for the tagvalue\n\n\u003e **Note:** `gcp.tags.TagValueIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagValueIamBinding` and `gcp.tags.TagValueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagValueIamBinding` resources **can be** used in conjunction with `gcp.tags.TagValueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.tags.TagValueIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagValueIamPolicy(\"policy\", {\n tagValue: value.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.tags.TagValueIamPolicy(\"policy\",\n tag_value=value[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagValueIamPolicy(\"policy\", new()\n {\n TagValue = @value.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagValueIamPolicy(ctx, \"policy\", \u0026tags.TagValueIamPolicyArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagValueIamPolicy;\nimport com.pulumi.gcp.tags.TagValueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagValueIamPolicy(\"policy\", TagValueIamPolicyArgs.builder()\n .tagValue(value.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagValueIamPolicy\n properties:\n tagValue: ${value.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagValueIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagValueIamBinding(\"binding\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagValueIamBinding(\"binding\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagValueIamBinding(\"binding\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamBinding(ctx, \"binding\", \u0026tags.TagValueIamBindingArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamBinding;\nimport com.pulumi.gcp.tags.TagValueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagValueIamBinding(\"binding\", TagValueIamBindingArgs.builder()\n .tagValue(value.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagValueIamBinding\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagValueIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagValueIamMember(\"member\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagValueIamMember(\"member\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagValueIamMember(\"member\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamMember(ctx, \"member\", \u0026tags.TagValueIamMemberArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamMember;\nimport com.pulumi.gcp.tags.TagValueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagValueIamMember(\"member\", TagValueIamMemberArgs.builder()\n .tagValue(value.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagValueIamMember\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* tagValues/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nTags tagvalue IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamBinding:TagValueIamBinding editor \"tagValues/{{tag_value}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamBinding:TagValueIamBinding editor \"tagValues/{{tag_value}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamBinding:TagValueIamBinding editor tagValues/{{tag_value}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:tags/TagValueIamBindingCondition:TagValueIamBindingCondition" @@ -270485,7 +270485,7 @@ } }, "gcp:tags/tagValueIamMember:TagValueIamMember": { - "description": "Three different resources help you manage your IAM policy for Tags TagValue. Each of these resources serves a different use case:\n\n* `gcp.tags.TagValueIamPolicy`: Authoritative. Sets the IAM policy for the tagvalue and replaces any existing policy already attached.\n* `gcp.tags.TagValueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagvalue are preserved.\n* `gcp.tags.TagValueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagvalue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagValueIamPolicy`: Retrieves the IAM policy for the tagvalue\n\n\u003e **Note:** `gcp.tags.TagValueIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagValueIamBinding` and `gcp.tags.TagValueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagValueIamBinding` resources **can be** used in conjunction with `gcp.tags.TagValueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.tags.TagValueIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagValueIamPolicy(\"policy\", {\n tagValue: value.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.tags.TagValueIamPolicy(\"policy\",\n tag_value=value[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagValueIamPolicy(\"policy\", new()\n {\n TagValue = @value.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagValueIamPolicy(ctx, \"policy\", \u0026tags.TagValueIamPolicyArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagValueIamPolicy;\nimport com.pulumi.gcp.tags.TagValueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagValueIamPolicy(\"policy\", TagValueIamPolicyArgs.builder()\n .tagValue(value.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagValueIamPolicy\n properties:\n tagValue: ${value.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagValueIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagValueIamBinding(\"binding\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagValueIamBinding(\"binding\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagValueIamBinding(\"binding\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamBinding(ctx, \"binding\", \u0026tags.TagValueIamBindingArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamBinding;\nimport com.pulumi.gcp.tags.TagValueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagValueIamBinding(\"binding\", TagValueIamBindingArgs.builder()\n .tagValue(value.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagValueIamBinding\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagValueIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagValueIamMember(\"member\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagValueIamMember(\"member\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagValueIamMember(\"member\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamMember(ctx, \"member\", \u0026tags.TagValueIamMemberArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamMember;\nimport com.pulumi.gcp.tags.TagValueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagValueIamMember(\"member\", TagValueIamMemberArgs.builder()\n .tagValue(value.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagValueIamMember\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Tags TagValue\nThree different resources help you manage your IAM policy for Tags TagValue. Each of these resources serves a different use case:\n\n* `gcp.tags.TagValueIamPolicy`: Authoritative. Sets the IAM policy for the tagvalue and replaces any existing policy already attached.\n* `gcp.tags.TagValueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagvalue are preserved.\n* `gcp.tags.TagValueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagvalue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagValueIamPolicy`: Retrieves the IAM policy for the tagvalue\n\n\u003e **Note:** `gcp.tags.TagValueIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagValueIamBinding` and `gcp.tags.TagValueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagValueIamBinding` resources **can be** used in conjunction with `gcp.tags.TagValueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.tags.TagValueIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagValueIamPolicy(\"policy\", {\n tagValue: value.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.tags.TagValueIamPolicy(\"policy\",\n tag_value=value[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagValueIamPolicy(\"policy\", new()\n {\n TagValue = @value.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagValueIamPolicy(ctx, \"policy\", \u0026tags.TagValueIamPolicyArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagValueIamPolicy;\nimport com.pulumi.gcp.tags.TagValueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagValueIamPolicy(\"policy\", TagValueIamPolicyArgs.builder()\n .tagValue(value.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagValueIamPolicy\n properties:\n tagValue: ${value.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagValueIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagValueIamBinding(\"binding\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagValueIamBinding(\"binding\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagValueIamBinding(\"binding\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamBinding(ctx, \"binding\", \u0026tags.TagValueIamBindingArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamBinding;\nimport com.pulumi.gcp.tags.TagValueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagValueIamBinding(\"binding\", TagValueIamBindingArgs.builder()\n .tagValue(value.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagValueIamBinding\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagValueIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagValueIamMember(\"member\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagValueIamMember(\"member\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagValueIamMember(\"member\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamMember(ctx, \"member\", \u0026tags.TagValueIamMemberArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamMember;\nimport com.pulumi.gcp.tags.TagValueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagValueIamMember(\"member\", TagValueIamMemberArgs.builder()\n .tagValue(value.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagValueIamMember\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* tagValues/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nTags tagvalue IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamMember:TagValueIamMember editor \"tagValues/{{tag_value}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamMember:TagValueIamMember editor \"tagValues/{{tag_value}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamMember:TagValueIamMember editor tagValues/{{tag_value}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Tags TagValue. Each of these resources serves a different use case:\n\n* `gcp.tags.TagValueIamPolicy`: Authoritative. Sets the IAM policy for the tagvalue and replaces any existing policy already attached.\n* `gcp.tags.TagValueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagvalue are preserved.\n* `gcp.tags.TagValueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagvalue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagValueIamPolicy`: Retrieves the IAM policy for the tagvalue\n\n\u003e **Note:** `gcp.tags.TagValueIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagValueIamBinding` and `gcp.tags.TagValueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagValueIamBinding` resources **can be** used in conjunction with `gcp.tags.TagValueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.tags.TagValueIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagValueIamPolicy(\"policy\", {\n tagValue: value.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.tags.TagValueIamPolicy(\"policy\",\n tag_value=value[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagValueIamPolicy(\"policy\", new()\n {\n TagValue = @value.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagValueIamPolicy(ctx, \"policy\", \u0026tags.TagValueIamPolicyArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagValueIamPolicy;\nimport com.pulumi.gcp.tags.TagValueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagValueIamPolicy(\"policy\", TagValueIamPolicyArgs.builder()\n .tagValue(value.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagValueIamPolicy\n properties:\n tagValue: ${value.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagValueIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagValueIamBinding(\"binding\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagValueIamBinding(\"binding\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagValueIamBinding(\"binding\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamBinding(ctx, \"binding\", \u0026tags.TagValueIamBindingArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamBinding;\nimport com.pulumi.gcp.tags.TagValueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagValueIamBinding(\"binding\", TagValueIamBindingArgs.builder()\n .tagValue(value.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagValueIamBinding\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagValueIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagValueIamMember(\"member\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagValueIamMember(\"member\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagValueIamMember(\"member\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamMember(ctx, \"member\", \u0026tags.TagValueIamMemberArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamMember;\nimport com.pulumi.gcp.tags.TagValueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagValueIamMember(\"member\", TagValueIamMemberArgs.builder()\n .tagValue(value.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagValueIamMember\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Tags TagValue\nThree different resources help you manage your IAM policy for Tags TagValue. Each of these resources serves a different use case:\n\n* `gcp.tags.TagValueIamPolicy`: Authoritative. Sets the IAM policy for the tagvalue and replaces any existing policy already attached.\n* `gcp.tags.TagValueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagvalue are preserved.\n* `gcp.tags.TagValueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagvalue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagValueIamPolicy`: Retrieves the IAM policy for the tagvalue\n\n\u003e **Note:** `gcp.tags.TagValueIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagValueIamBinding` and `gcp.tags.TagValueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagValueIamBinding` resources **can be** used in conjunction with `gcp.tags.TagValueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.tags.TagValueIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagValueIamPolicy(\"policy\", {\n tagValue: value.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.tags.TagValueIamPolicy(\"policy\",\n tag_value=value[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagValueIamPolicy(\"policy\", new()\n {\n TagValue = @value.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagValueIamPolicy(ctx, \"policy\", \u0026tags.TagValueIamPolicyArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagValueIamPolicy;\nimport com.pulumi.gcp.tags.TagValueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagValueIamPolicy(\"policy\", TagValueIamPolicyArgs.builder()\n .tagValue(value.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagValueIamPolicy\n properties:\n tagValue: ${value.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagValueIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagValueIamBinding(\"binding\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagValueIamBinding(\"binding\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagValueIamBinding(\"binding\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamBinding(ctx, \"binding\", \u0026tags.TagValueIamBindingArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamBinding;\nimport com.pulumi.gcp.tags.TagValueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagValueIamBinding(\"binding\", TagValueIamBindingArgs.builder()\n .tagValue(value.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagValueIamBinding\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagValueIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagValueIamMember(\"member\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagValueIamMember(\"member\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagValueIamMember(\"member\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamMember(ctx, \"member\", \u0026tags.TagValueIamMemberArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamMember;\nimport com.pulumi.gcp.tags.TagValueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagValueIamMember(\"member\", TagValueIamMemberArgs.builder()\n .tagValue(value.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagValueIamMember\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* tagValues/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nTags tagvalue IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamMember:TagValueIamMember editor \"tagValues/{{tag_value}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamMember:TagValueIamMember editor \"tagValues/{{tag_value}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamMember:TagValueIamMember editor tagValues/{{tag_value}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:tags/TagValueIamMemberCondition:TagValueIamMemberCondition" @@ -270570,7 +270570,7 @@ } }, "gcp:tags/tagValueIamPolicy:TagValueIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Tags TagValue. Each of these resources serves a different use case:\n\n* `gcp.tags.TagValueIamPolicy`: Authoritative. Sets the IAM policy for the tagvalue and replaces any existing policy already attached.\n* `gcp.tags.TagValueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagvalue are preserved.\n* `gcp.tags.TagValueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagvalue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagValueIamPolicy`: Retrieves the IAM policy for the tagvalue\n\n\u003e **Note:** `gcp.tags.TagValueIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagValueIamBinding` and `gcp.tags.TagValueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagValueIamBinding` resources **can be** used in conjunction with `gcp.tags.TagValueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.tags.TagValueIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagValueIamPolicy(\"policy\", {\n tagValue: value.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.tags.TagValueIamPolicy(\"policy\",\n tag_value=value[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagValueIamPolicy(\"policy\", new()\n {\n TagValue = @value.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagValueIamPolicy(ctx, \"policy\", \u0026tags.TagValueIamPolicyArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagValueIamPolicy;\nimport com.pulumi.gcp.tags.TagValueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagValueIamPolicy(\"policy\", TagValueIamPolicyArgs.builder()\n .tagValue(value.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagValueIamPolicy\n properties:\n tagValue: ${value.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagValueIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagValueIamBinding(\"binding\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagValueIamBinding(\"binding\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagValueIamBinding(\"binding\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamBinding(ctx, \"binding\", \u0026tags.TagValueIamBindingArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamBinding;\nimport com.pulumi.gcp.tags.TagValueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagValueIamBinding(\"binding\", TagValueIamBindingArgs.builder()\n .tagValue(value.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagValueIamBinding\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagValueIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagValueIamMember(\"member\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagValueIamMember(\"member\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagValueIamMember(\"member\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamMember(ctx, \"member\", \u0026tags.TagValueIamMemberArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamMember;\nimport com.pulumi.gcp.tags.TagValueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagValueIamMember(\"member\", TagValueIamMemberArgs.builder()\n .tagValue(value.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagValueIamMember\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Tags TagValue\nThree different resources help you manage your IAM policy for Tags TagValue. Each of these resources serves a different use case:\n\n* `gcp.tags.TagValueIamPolicy`: Authoritative. Sets the IAM policy for the tagvalue and replaces any existing policy already attached.\n* `gcp.tags.TagValueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagvalue are preserved.\n* `gcp.tags.TagValueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagvalue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagValueIamPolicy`: Retrieves the IAM policy for the tagvalue\n\n\u003e **Note:** `gcp.tags.TagValueIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagValueIamBinding` and `gcp.tags.TagValueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagValueIamBinding` resources **can be** used in conjunction with `gcp.tags.TagValueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.tags.TagValueIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagValueIamPolicy(\"policy\", {\n tagValue: value.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.tags.TagValueIamPolicy(\"policy\",\n tag_value=value[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagValueIamPolicy(\"policy\", new()\n {\n TagValue = @value.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagValueIamPolicy(ctx, \"policy\", \u0026tags.TagValueIamPolicyArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagValueIamPolicy;\nimport com.pulumi.gcp.tags.TagValueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagValueIamPolicy(\"policy\", TagValueIamPolicyArgs.builder()\n .tagValue(value.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagValueIamPolicy\n properties:\n tagValue: ${value.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagValueIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagValueIamBinding(\"binding\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagValueIamBinding(\"binding\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagValueIamBinding(\"binding\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamBinding(ctx, \"binding\", \u0026tags.TagValueIamBindingArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamBinding;\nimport com.pulumi.gcp.tags.TagValueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagValueIamBinding(\"binding\", TagValueIamBindingArgs.builder()\n .tagValue(value.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagValueIamBinding\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagValueIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagValueIamMember(\"member\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagValueIamMember(\"member\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagValueIamMember(\"member\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamMember(ctx, \"member\", \u0026tags.TagValueIamMemberArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamMember;\nimport com.pulumi.gcp.tags.TagValueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagValueIamMember(\"member\", TagValueIamMemberArgs.builder()\n .tagValue(value.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagValueIamMember\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* tagValues/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nTags tagvalue IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamPolicy:TagValueIamPolicy editor \"tagValues/{{tag_value}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamPolicy:TagValueIamPolicy editor \"tagValues/{{tag_value}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamPolicy:TagValueIamPolicy editor tagValues/{{tag_value}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Tags TagValue. Each of these resources serves a different use case:\n\n* `gcp.tags.TagValueIamPolicy`: Authoritative. Sets the IAM policy for the tagvalue and replaces any existing policy already attached.\n* `gcp.tags.TagValueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagvalue are preserved.\n* `gcp.tags.TagValueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagvalue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagValueIamPolicy`: Retrieves the IAM policy for the tagvalue\n\n\u003e **Note:** `gcp.tags.TagValueIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagValueIamBinding` and `gcp.tags.TagValueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagValueIamBinding` resources **can be** used in conjunction with `gcp.tags.TagValueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.tags.TagValueIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagValueIamPolicy(\"policy\", {\n tagValue: value.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.tags.TagValueIamPolicy(\"policy\",\n tag_value=value[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagValueIamPolicy(\"policy\", new()\n {\n TagValue = @value.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagValueIamPolicy(ctx, \"policy\", \u0026tags.TagValueIamPolicyArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagValueIamPolicy;\nimport com.pulumi.gcp.tags.TagValueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagValueIamPolicy(\"policy\", TagValueIamPolicyArgs.builder()\n .tagValue(value.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagValueIamPolicy\n properties:\n tagValue: ${value.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagValueIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagValueIamBinding(\"binding\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagValueIamBinding(\"binding\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagValueIamBinding(\"binding\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamBinding(ctx, \"binding\", \u0026tags.TagValueIamBindingArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamBinding;\nimport com.pulumi.gcp.tags.TagValueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagValueIamBinding(\"binding\", TagValueIamBindingArgs.builder()\n .tagValue(value.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagValueIamBinding\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagValueIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagValueIamMember(\"member\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagValueIamMember(\"member\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagValueIamMember(\"member\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamMember(ctx, \"member\", \u0026tags.TagValueIamMemberArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamMember;\nimport com.pulumi.gcp.tags.TagValueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagValueIamMember(\"member\", TagValueIamMemberArgs.builder()\n .tagValue(value.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagValueIamMember\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Tags TagValue\nThree different resources help you manage your IAM policy for Tags TagValue. Each of these resources serves a different use case:\n\n* `gcp.tags.TagValueIamPolicy`: Authoritative. Sets the IAM policy for the tagvalue and replaces any existing policy already attached.\n* `gcp.tags.TagValueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagvalue are preserved.\n* `gcp.tags.TagValueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagvalue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagValueIamPolicy`: Retrieves the IAM policy for the tagvalue\n\n\u003e **Note:** `gcp.tags.TagValueIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagValueIamBinding` and `gcp.tags.TagValueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagValueIamBinding` resources **can be** used in conjunction with `gcp.tags.TagValueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.tags.TagValueIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagValueIamPolicy(\"policy\", {\n tagValue: value.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.tags.TagValueIamPolicy(\"policy\",\n tag_value=value[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagValueIamPolicy(\"policy\", new()\n {\n TagValue = @value.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagValueIamPolicy(ctx, \"policy\", \u0026tags.TagValueIamPolicyArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagValueIamPolicy;\nimport com.pulumi.gcp.tags.TagValueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagValueIamPolicy(\"policy\", TagValueIamPolicyArgs.builder()\n .tagValue(value.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagValueIamPolicy\n properties:\n tagValue: ${value.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n function: gcp:organizations:getIAMPolicy\n arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagValueIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagValueIamBinding(\"binding\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagValueIamBinding(\"binding\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagValueIamBinding(\"binding\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamBinding(ctx, \"binding\", \u0026tags.TagValueIamBindingArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamBinding;\nimport com.pulumi.gcp.tags.TagValueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagValueIamBinding(\"binding\", TagValueIamBindingArgs.builder()\n .tagValue(value.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagValueIamBinding\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.tags.TagValueIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagValueIamMember(\"member\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagValueIamMember(\"member\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagValueIamMember(\"member\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamMember(ctx, \"member\", \u0026tags.TagValueIamMemberArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamMember;\nimport com.pulumi.gcp.tags.TagValueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagValueIamMember(\"member\", TagValueIamMemberArgs.builder()\n .tagValue(value.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagValueIamMember\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* tagValues/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nTags tagvalue IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamPolicy:TagValueIamPolicy editor \"tagValues/{{tag_value}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamPolicy:TagValueIamPolicy editor \"tagValues/{{tag_value}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamPolicy:TagValueIamPolicy editor tagValues/{{tag_value}}\n```\n\n-\u003e **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -270626,7 +270626,7 @@ } }, "gcp:tpu/node:Node": { - "description": "A Cloud TPU instance.\n\n\nTo get more information about Node, see:\n\n* [API documentation](https://cloud.google.com/tpu/docs/reference/rest/v1/projects.locations.nodes)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/tpu/docs/)\n\n## Example Usage\n\n### Tpu Node Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst available = gcp.tpu.getTensorflowVersions({});\nconst tpu = new gcp.tpu.Node(\"tpu\", {\n name: \"test-tpu\",\n zone: \"us-central1-b\",\n acceleratorType: \"v3-8\",\n tensorflowVersion: available.then(available =\u003e available.versions?.[0]),\n cidrBlock: \"10.2.0.0/29\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\navailable = gcp.tpu.get_tensorflow_versions()\ntpu = gcp.tpu.Node(\"tpu\",\n name=\"test-tpu\",\n zone=\"us-central1-b\",\n accelerator_type=\"v3-8\",\n tensorflow_version=available.versions[0],\n cidr_block=\"10.2.0.0/29\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Gcp.Tpu.GetTensorflowVersions.Invoke();\n\n var tpu = new Gcp.Tpu.Node(\"tpu\", new()\n {\n Name = \"test-tpu\",\n Zone = \"us-central1-b\",\n AcceleratorType = \"v3-8\",\n TensorflowVersion = available.Apply(getTensorflowVersionsResult =\u003e getTensorflowVersionsResult.Versions[0]),\n CidrBlock = \"10.2.0.0/29\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tpu\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tavailable, err := tpu.GetTensorflowVersions(ctx, \u0026tpu.GetTensorflowVersionsArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tpu.NewNode(ctx, \"tpu\", \u0026tpu.NodeArgs{\n\t\t\tName: pulumi.String(\"test-tpu\"),\n\t\t\tZone: pulumi.String(\"us-central1-b\"),\n\t\t\tAcceleratorType: pulumi.String(\"v3-8\"),\n\t\t\tTensorflowVersion: pulumi.String(available.Versions[0]),\n\t\t\tCidrBlock: pulumi.String(\"10.2.0.0/29\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tpu.TpuFunctions;\nimport com.pulumi.gcp.tpu.inputs.GetTensorflowVersionsArgs;\nimport com.pulumi.gcp.tpu.Node;\nimport com.pulumi.gcp.tpu.NodeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = TpuFunctions.getTensorflowVersions();\n\n var tpu = new Node(\"tpu\", NodeArgs.builder()\n .name(\"test-tpu\")\n .zone(\"us-central1-b\")\n .acceleratorType(\"v3-8\")\n .tensorflowVersion(available.applyValue(getTensorflowVersionsResult -\u003e getTensorflowVersionsResult.versions()[0]))\n .cidrBlock(\"10.2.0.0/29\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tpu:\n type: gcp:tpu:Node\n properties:\n name: test-tpu\n zone: us-central1-b\n acceleratorType: v3-8\n tensorflowVersion: ${available.versions[0]}\n cidrBlock: 10.2.0.0/29\nvariables:\n available:\n fn::invoke:\n Function: gcp:tpu:getTensorflowVersions\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Tpu Node Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst available = gcp.tpu.getTensorflowVersions({});\nconst network = new gcp.compute.Network(\"network\", {name: \"tpu-node-network\"});\nconst serviceRange = new gcp.compute.GlobalAddress(\"service_range\", {\n name: \"my-global-address\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: network.id,\n});\nconst privateServiceConnection = new gcp.servicenetworking.Connection(\"private_service_connection\", {\n network: network.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [serviceRange.name],\n});\nconst tpu = new gcp.tpu.Node(\"tpu\", {\n name: \"test-tpu\",\n zone: \"us-central1-b\",\n acceleratorType: \"v3-8\",\n tensorflowVersion: available.then(available =\u003e available.versions?.[0]),\n description: \"Google Provider test TPU\",\n useServiceNetworking: true,\n network: privateServiceConnection.network,\n labels: {\n foo: \"bar\",\n },\n schedulingConfig: {\n preemptible: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\navailable = gcp.tpu.get_tensorflow_versions()\nnetwork = gcp.compute.Network(\"network\", name=\"tpu-node-network\")\nservice_range = gcp.compute.GlobalAddress(\"service_range\",\n name=\"my-global-address\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=network.id)\nprivate_service_connection = gcp.servicenetworking.Connection(\"private_service_connection\",\n network=network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[service_range.name])\ntpu = gcp.tpu.Node(\"tpu\",\n name=\"test-tpu\",\n zone=\"us-central1-b\",\n accelerator_type=\"v3-8\",\n tensorflow_version=available.versions[0],\n description=\"Google Provider test TPU\",\n use_service_networking=True,\n network=private_service_connection.network,\n labels={\n \"foo\": \"bar\",\n },\n scheduling_config={\n \"preemptible\": True,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Gcp.Tpu.GetTensorflowVersions.Invoke();\n\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"tpu-node-network\",\n });\n\n var serviceRange = new Gcp.Compute.GlobalAddress(\"service_range\", new()\n {\n Name = \"my-global-address\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = network.Id,\n });\n\n var privateServiceConnection = new Gcp.ServiceNetworking.Connection(\"private_service_connection\", new()\n {\n Network = network.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n serviceRange.Name,\n },\n });\n\n var tpu = new Gcp.Tpu.Node(\"tpu\", new()\n {\n Name = \"test-tpu\",\n Zone = \"us-central1-b\",\n AcceleratorType = \"v3-8\",\n TensorflowVersion = available.Apply(getTensorflowVersionsResult =\u003e getTensorflowVersionsResult.Versions[0]),\n Description = \"Google Provider test TPU\",\n UseServiceNetworking = true,\n Network = privateServiceConnection.Network,\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n SchedulingConfig = new Gcp.Tpu.Inputs.NodeSchedulingConfigArgs\n {\n Preemptible = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tpu\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tavailable, err := tpu.GetTensorflowVersions(ctx, \u0026tpu.GetTensorflowVersionsArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"tpu-node-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tserviceRange, err := compute.NewGlobalAddress(ctx, \"service_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"my-global-address\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: network.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateServiceConnection, err := servicenetworking.NewConnection(ctx, \"private_service_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: network.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tserviceRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tpu.NewNode(ctx, \"tpu\", \u0026tpu.NodeArgs{\n\t\t\tName: pulumi.String(\"test-tpu\"),\n\t\t\tZone: pulumi.String(\"us-central1-b\"),\n\t\t\tAcceleratorType: pulumi.String(\"v3-8\"),\n\t\t\tTensorflowVersion: pulumi.String(available.Versions[0]),\n\t\t\tDescription: pulumi.String(\"Google Provider test TPU\"),\n\t\t\tUseServiceNetworking: pulumi.Bool(true),\n\t\t\tNetwork: privateServiceConnection.Network,\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tSchedulingConfig: \u0026tpu.NodeSchedulingConfigArgs{\n\t\t\t\tPreemptible: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tpu.TpuFunctions;\nimport com.pulumi.gcp.tpu.inputs.GetTensorflowVersionsArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.tpu.Node;\nimport com.pulumi.gcp.tpu.NodeArgs;\nimport com.pulumi.gcp.tpu.inputs.NodeSchedulingConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = TpuFunctions.getTensorflowVersions();\n\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"tpu-node-network\")\n .build());\n\n var serviceRange = new GlobalAddress(\"serviceRange\", GlobalAddressArgs.builder()\n .name(\"my-global-address\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(network.id())\n .build());\n\n var privateServiceConnection = new Connection(\"privateServiceConnection\", ConnectionArgs.builder()\n .network(network.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(serviceRange.name())\n .build());\n\n var tpu = new Node(\"tpu\", NodeArgs.builder()\n .name(\"test-tpu\")\n .zone(\"us-central1-b\")\n .acceleratorType(\"v3-8\")\n .tensorflowVersion(available.applyValue(getTensorflowVersionsResult -\u003e getTensorflowVersionsResult.versions()[0]))\n .description(\"Google Provider test TPU\")\n .useServiceNetworking(true)\n .network(privateServiceConnection.network())\n .labels(Map.of(\"foo\", \"bar\"))\n .schedulingConfig(NodeSchedulingConfigArgs.builder()\n .preemptible(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tpu:\n type: gcp:tpu:Node\n properties:\n name: test-tpu\n zone: us-central1-b\n acceleratorType: v3-8\n tensorflowVersion: ${available.versions[0]}\n description: Google Provider test TPU\n useServiceNetworking: true\n network: ${privateServiceConnection.network}\n labels:\n foo: bar\n schedulingConfig:\n preemptible: true\n network:\n type: gcp:compute:Network\n properties:\n name: tpu-node-network\n serviceRange:\n type: gcp:compute:GlobalAddress\n name: service_range\n properties:\n name: my-global-address\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${network.id}\n privateServiceConnection:\n type: gcp:servicenetworking:Connection\n name: private_service_connection\n properties:\n network: ${network.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${serviceRange.name}\nvariables:\n available:\n fn::invoke:\n Function: gcp:tpu:getTensorflowVersions\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nNode can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{zone}}/nodes/{{name}}`\n\n* `{{project}}/{{zone}}/{{name}}`\n\n* `{{zone}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Node can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:tpu/node:Node default projects/{{project}}/locations/{{zone}}/nodes/{{name}}\n```\n\n```sh\n$ pulumi import gcp:tpu/node:Node default {{project}}/{{zone}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:tpu/node:Node default {{zone}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:tpu/node:Node default {{name}}\n```\n\n", + "description": "A Cloud TPU instance.\n\n\nTo get more information about Node, see:\n\n* [API documentation](https://cloud.google.com/tpu/docs/reference/rest/v1/projects.locations.nodes)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/tpu/docs/)\n\n## Example Usage\n\n### Tpu Node Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst available = gcp.tpu.getTensorflowVersions({});\nconst tpu = new gcp.tpu.Node(\"tpu\", {\n name: \"test-tpu\",\n zone: \"us-central1-b\",\n acceleratorType: \"v3-8\",\n tensorflowVersion: available.then(available =\u003e available.versions?.[0]),\n cidrBlock: \"10.2.0.0/29\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\navailable = gcp.tpu.get_tensorflow_versions()\ntpu = gcp.tpu.Node(\"tpu\",\n name=\"test-tpu\",\n zone=\"us-central1-b\",\n accelerator_type=\"v3-8\",\n tensorflow_version=available.versions[0],\n cidr_block=\"10.2.0.0/29\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Gcp.Tpu.GetTensorflowVersions.Invoke();\n\n var tpu = new Gcp.Tpu.Node(\"tpu\", new()\n {\n Name = \"test-tpu\",\n Zone = \"us-central1-b\",\n AcceleratorType = \"v3-8\",\n TensorflowVersion = available.Apply(getTensorflowVersionsResult =\u003e getTensorflowVersionsResult.Versions[0]),\n CidrBlock = \"10.2.0.0/29\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tpu\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tavailable, err := tpu.GetTensorflowVersions(ctx, \u0026tpu.GetTensorflowVersionsArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tpu.NewNode(ctx, \"tpu\", \u0026tpu.NodeArgs{\n\t\t\tName: pulumi.String(\"test-tpu\"),\n\t\t\tZone: pulumi.String(\"us-central1-b\"),\n\t\t\tAcceleratorType: pulumi.String(\"v3-8\"),\n\t\t\tTensorflowVersion: pulumi.String(available.Versions[0]),\n\t\t\tCidrBlock: pulumi.String(\"10.2.0.0/29\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tpu.TpuFunctions;\nimport com.pulumi.gcp.tpu.inputs.GetTensorflowVersionsArgs;\nimport com.pulumi.gcp.tpu.Node;\nimport com.pulumi.gcp.tpu.NodeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = TpuFunctions.getTensorflowVersions();\n\n var tpu = new Node(\"tpu\", NodeArgs.builder()\n .name(\"test-tpu\")\n .zone(\"us-central1-b\")\n .acceleratorType(\"v3-8\")\n .tensorflowVersion(available.applyValue(getTensorflowVersionsResult -\u003e getTensorflowVersionsResult.versions()[0]))\n .cidrBlock(\"10.2.0.0/29\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tpu:\n type: gcp:tpu:Node\n properties:\n name: test-tpu\n zone: us-central1-b\n acceleratorType: v3-8\n tensorflowVersion: ${available.versions[0]}\n cidrBlock: 10.2.0.0/29\nvariables:\n available:\n fn::invoke:\n function: gcp:tpu:getTensorflowVersions\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Tpu Node Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst available = gcp.tpu.getTensorflowVersions({});\nconst network = new gcp.compute.Network(\"network\", {name: \"tpu-node-network\"});\nconst serviceRange = new gcp.compute.GlobalAddress(\"service_range\", {\n name: \"my-global-address\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 16,\n network: network.id,\n});\nconst privateServiceConnection = new gcp.servicenetworking.Connection(\"private_service_connection\", {\n network: network.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [serviceRange.name],\n});\nconst tpu = new gcp.tpu.Node(\"tpu\", {\n name: \"test-tpu\",\n zone: \"us-central1-b\",\n acceleratorType: \"v3-8\",\n tensorflowVersion: available.then(available =\u003e available.versions?.[0]),\n description: \"Google Provider test TPU\",\n useServiceNetworking: true,\n network: privateServiceConnection.network,\n labels: {\n foo: \"bar\",\n },\n schedulingConfig: {\n preemptible: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\navailable = gcp.tpu.get_tensorflow_versions()\nnetwork = gcp.compute.Network(\"network\", name=\"tpu-node-network\")\nservice_range = gcp.compute.GlobalAddress(\"service_range\",\n name=\"my-global-address\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=16,\n network=network.id)\nprivate_service_connection = gcp.servicenetworking.Connection(\"private_service_connection\",\n network=network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[service_range.name])\ntpu = gcp.tpu.Node(\"tpu\",\n name=\"test-tpu\",\n zone=\"us-central1-b\",\n accelerator_type=\"v3-8\",\n tensorflow_version=available.versions[0],\n description=\"Google Provider test TPU\",\n use_service_networking=True,\n network=private_service_connection.network,\n labels={\n \"foo\": \"bar\",\n },\n scheduling_config={\n \"preemptible\": True,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Gcp.Tpu.GetTensorflowVersions.Invoke();\n\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"tpu-node-network\",\n });\n\n var serviceRange = new Gcp.Compute.GlobalAddress(\"service_range\", new()\n {\n Name = \"my-global-address\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 16,\n Network = network.Id,\n });\n\n var privateServiceConnection = new Gcp.ServiceNetworking.Connection(\"private_service_connection\", new()\n {\n Network = network.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n serviceRange.Name,\n },\n });\n\n var tpu = new Gcp.Tpu.Node(\"tpu\", new()\n {\n Name = \"test-tpu\",\n Zone = \"us-central1-b\",\n AcceleratorType = \"v3-8\",\n TensorflowVersion = available.Apply(getTensorflowVersionsResult =\u003e getTensorflowVersionsResult.Versions[0]),\n Description = \"Google Provider test TPU\",\n UseServiceNetworking = true,\n Network = privateServiceConnection.Network,\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n SchedulingConfig = new Gcp.Tpu.Inputs.NodeSchedulingConfigArgs\n {\n Preemptible = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tpu\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tavailable, err := tpu.GetTensorflowVersions(ctx, \u0026tpu.GetTensorflowVersionsArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"tpu-node-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tserviceRange, err := compute.NewGlobalAddress(ctx, \"service_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"my-global-address\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(16),\n\t\t\tNetwork: network.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprivateServiceConnection, err := servicenetworking.NewConnection(ctx, \"private_service_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: network.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tserviceRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tpu.NewNode(ctx, \"tpu\", \u0026tpu.NodeArgs{\n\t\t\tName: pulumi.String(\"test-tpu\"),\n\t\t\tZone: pulumi.String(\"us-central1-b\"),\n\t\t\tAcceleratorType: pulumi.String(\"v3-8\"),\n\t\t\tTensorflowVersion: pulumi.String(available.Versions[0]),\n\t\t\tDescription: pulumi.String(\"Google Provider test TPU\"),\n\t\t\tUseServiceNetworking: pulumi.Bool(true),\n\t\t\tNetwork: privateServiceConnection.Network,\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tSchedulingConfig: \u0026tpu.NodeSchedulingConfigArgs{\n\t\t\t\tPreemptible: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tpu.TpuFunctions;\nimport com.pulumi.gcp.tpu.inputs.GetTensorflowVersionsArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.tpu.Node;\nimport com.pulumi.gcp.tpu.NodeArgs;\nimport com.pulumi.gcp.tpu.inputs.NodeSchedulingConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = TpuFunctions.getTensorflowVersions();\n\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"tpu-node-network\")\n .build());\n\n var serviceRange = new GlobalAddress(\"serviceRange\", GlobalAddressArgs.builder()\n .name(\"my-global-address\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(16)\n .network(network.id())\n .build());\n\n var privateServiceConnection = new Connection(\"privateServiceConnection\", ConnectionArgs.builder()\n .network(network.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(serviceRange.name())\n .build());\n\n var tpu = new Node(\"tpu\", NodeArgs.builder()\n .name(\"test-tpu\")\n .zone(\"us-central1-b\")\n .acceleratorType(\"v3-8\")\n .tensorflowVersion(available.applyValue(getTensorflowVersionsResult -\u003e getTensorflowVersionsResult.versions()[0]))\n .description(\"Google Provider test TPU\")\n .useServiceNetworking(true)\n .network(privateServiceConnection.network())\n .labels(Map.of(\"foo\", \"bar\"))\n .schedulingConfig(NodeSchedulingConfigArgs.builder()\n .preemptible(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tpu:\n type: gcp:tpu:Node\n properties:\n name: test-tpu\n zone: us-central1-b\n acceleratorType: v3-8\n tensorflowVersion: ${available.versions[0]}\n description: Google Provider test TPU\n useServiceNetworking: true\n network: ${privateServiceConnection.network}\n labels:\n foo: bar\n schedulingConfig:\n preemptible: true\n network:\n type: gcp:compute:Network\n properties:\n name: tpu-node-network\n serviceRange:\n type: gcp:compute:GlobalAddress\n name: service_range\n properties:\n name: my-global-address\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 16\n network: ${network.id}\n privateServiceConnection:\n type: gcp:servicenetworking:Connection\n name: private_service_connection\n properties:\n network: ${network.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${serviceRange.name}\nvariables:\n available:\n fn::invoke:\n function: gcp:tpu:getTensorflowVersions\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nNode can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{zone}}/nodes/{{name}}`\n\n* `{{project}}/{{zone}}/{{name}}`\n\n* `{{zone}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Node can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:tpu/node:Node default projects/{{project}}/locations/{{zone}}/nodes/{{name}}\n```\n\n```sh\n$ pulumi import gcp:tpu/node:Node default {{project}}/{{zone}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:tpu/node:Node default {{zone}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:tpu/node:Node default {{name}}\n```\n\n", "properties": { "acceleratorType": { "type": "string", @@ -270870,7 +270870,7 @@ } }, "gcp:tpu/v2Vm:V2Vm": { - "description": "## Example Usage\n\n### Tpu V2 Vm Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst available = gcp.tpu.getV2RuntimeVersions({});\nconst tpu = new gcp.tpu.V2Vm(\"tpu\", {\n name: \"test-tpu\",\n zone: \"us-central1-c\",\n runtimeVersion: \"tpu-vm-tf-2.13.0\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\navailable = gcp.tpu.get_v2_runtime_versions()\ntpu = gcp.tpu.V2Vm(\"tpu\",\n name=\"test-tpu\",\n zone=\"us-central1-c\",\n runtime_version=\"tpu-vm-tf-2.13.0\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Gcp.Tpu.GetV2RuntimeVersions.Invoke();\n\n var tpu = new Gcp.Tpu.V2Vm(\"tpu\", new()\n {\n Name = \"test-tpu\",\n Zone = \"us-central1-c\",\n RuntimeVersion = \"tpu-vm-tf-2.13.0\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tpu\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tpu.GetV2RuntimeVersions(ctx, \u0026tpu.GetV2RuntimeVersionsArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tpu.NewV2Vm(ctx, \"tpu\", \u0026tpu.V2VmArgs{\n\t\t\tName: pulumi.String(\"test-tpu\"),\n\t\t\tZone: pulumi.String(\"us-central1-c\"),\n\t\t\tRuntimeVersion: pulumi.String(\"tpu-vm-tf-2.13.0\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tpu.TpuFunctions;\nimport com.pulumi.gcp.tpu.inputs.GetV2RuntimeVersionsArgs;\nimport com.pulumi.gcp.tpu.V2Vm;\nimport com.pulumi.gcp.tpu.V2VmArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = TpuFunctions.getV2RuntimeVersions();\n\n var tpu = new V2Vm(\"tpu\", V2VmArgs.builder()\n .name(\"test-tpu\")\n .zone(\"us-central1-c\")\n .runtimeVersion(\"tpu-vm-tf-2.13.0\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tpu:\n type: gcp:tpu:V2Vm\n properties:\n name: test-tpu\n zone: us-central1-c\n runtimeVersion: tpu-vm-tf-2.13.0\nvariables:\n available:\n fn::invoke:\n Function: gcp:tpu:getV2RuntimeVersions\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Tpu V2 Vm Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst available = gcp.tpu.getV2RuntimeVersions({});\nconst availableGetV2AcceleratorTypes = gcp.tpu.getV2AcceleratorTypes({});\nconst network = new gcp.compute.Network(\"network\", {\n name: \"tpu-net\",\n autoCreateSubnetworks: false,\n});\nconst subnet = new gcp.compute.Subnetwork(\"subnet\", {\n name: \"tpu-subnet\",\n ipCidrRange: \"10.0.0.0/16\",\n region: \"us-central1\",\n network: network.id,\n});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"tpu-sa\",\n displayName: \"Test TPU VM\",\n});\nconst disk = new gcp.compute.Disk(\"disk\", {\n name: \"tpu-disk\",\n image: \"debian-cloud/debian-11\",\n size: 10,\n type: \"pd-ssd\",\n zone: \"us-central1-c\",\n});\n// Wait after service account creation to limit eventual consistency errors.\nconst wait60Seconds = new time.index.Sleep(\"wait_60_seconds\", {createDuration: \"60s\"}, {\n dependsOn: [sa],\n});\nconst tpu = new gcp.tpu.V2Vm(\"tpu\", {\n name: \"test-tpu\",\n zone: \"us-central1-c\",\n description: \"Text description of the TPU.\",\n runtimeVersion: \"tpu-vm-tf-2.13.0\",\n acceleratorConfig: {\n type: \"V2\",\n topology: \"2x2\",\n },\n cidrBlock: \"10.0.0.0/29\",\n networkConfig: {\n canIpForward: true,\n enableExternalIps: true,\n network: network.id,\n subnetwork: subnet.id,\n },\n schedulingConfig: {\n preemptible: true,\n },\n shieldedInstanceConfig: {\n enableSecureBoot: true,\n },\n serviceAccount: {\n email: sa.email,\n scopes: [\"https://www.googleapis.com/auth/cloud-platform\"],\n },\n dataDisks: [{\n sourceDisk: disk.id,\n mode: \"READ_ONLY\",\n }],\n labels: {\n foo: \"bar\",\n },\n metadata: {\n foo: \"bar\",\n },\n tags: [\"foo\"],\n}, {\n dependsOn: [wait60Seconds],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\navailable = gcp.tpu.get_v2_runtime_versions()\navailable_get_v2_accelerator_types = gcp.tpu.get_v2_accelerator_types()\nnetwork = gcp.compute.Network(\"network\",\n name=\"tpu-net\",\n auto_create_subnetworks=False)\nsubnet = gcp.compute.Subnetwork(\"subnet\",\n name=\"tpu-subnet\",\n ip_cidr_range=\"10.0.0.0/16\",\n region=\"us-central1\",\n network=network.id)\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"tpu-sa\",\n display_name=\"Test TPU VM\")\ndisk = gcp.compute.Disk(\"disk\",\n name=\"tpu-disk\",\n image=\"debian-cloud/debian-11\",\n size=10,\n type=\"pd-ssd\",\n zone=\"us-central1-c\")\n# Wait after service account creation to limit eventual consistency errors.\nwait60_seconds = time.index.Sleep(\"wait_60_seconds\", create_duration=60s,\nopts = pulumi.ResourceOptions(depends_on=[sa]))\ntpu = gcp.tpu.V2Vm(\"tpu\",\n name=\"test-tpu\",\n zone=\"us-central1-c\",\n description=\"Text description of the TPU.\",\n runtime_version=\"tpu-vm-tf-2.13.0\",\n accelerator_config={\n \"type\": \"V2\",\n \"topology\": \"2x2\",\n },\n cidr_block=\"10.0.0.0/29\",\n network_config={\n \"can_ip_forward\": True,\n \"enable_external_ips\": True,\n \"network\": network.id,\n \"subnetwork\": subnet.id,\n },\n scheduling_config={\n \"preemptible\": True,\n },\n shielded_instance_config={\n \"enable_secure_boot\": True,\n },\n service_account={\n \"email\": sa.email,\n \"scopes\": [\"https://www.googleapis.com/auth/cloud-platform\"],\n },\n data_disks=[{\n \"source_disk\": disk.id,\n \"mode\": \"READ_ONLY\",\n }],\n labels={\n \"foo\": \"bar\",\n },\n metadata={\n \"foo\": \"bar\",\n },\n tags=[\"foo\"],\n opts = pulumi.ResourceOptions(depends_on=[wait60_seconds]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Gcp.Tpu.GetV2RuntimeVersions.Invoke();\n\n var availableGetV2AcceleratorTypes = Gcp.Tpu.GetV2AcceleratorTypes.Invoke();\n\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"tpu-net\",\n AutoCreateSubnetworks = false,\n });\n\n var subnet = new Gcp.Compute.Subnetwork(\"subnet\", new()\n {\n Name = \"tpu-subnet\",\n IpCidrRange = \"10.0.0.0/16\",\n Region = \"us-central1\",\n Network = network.Id,\n });\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"tpu-sa\",\n DisplayName = \"Test TPU VM\",\n });\n\n var disk = new Gcp.Compute.Disk(\"disk\", new()\n {\n Name = \"tpu-disk\",\n Image = \"debian-cloud/debian-11\",\n Size = 10,\n Type = \"pd-ssd\",\n Zone = \"us-central1-c\",\n });\n\n // Wait after service account creation to limit eventual consistency errors.\n var wait60Seconds = new Time.Index.Sleep(\"wait_60_seconds\", new()\n {\n CreateDuration = \"60s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n sa,\n },\n });\n\n var tpu = new Gcp.Tpu.V2Vm(\"tpu\", new()\n {\n Name = \"test-tpu\",\n Zone = \"us-central1-c\",\n Description = \"Text description of the TPU.\",\n RuntimeVersion = \"tpu-vm-tf-2.13.0\",\n AcceleratorConfig = new Gcp.Tpu.Inputs.V2VmAcceleratorConfigArgs\n {\n Type = \"V2\",\n Topology = \"2x2\",\n },\n CidrBlock = \"10.0.0.0/29\",\n NetworkConfig = new Gcp.Tpu.Inputs.V2VmNetworkConfigArgs\n {\n CanIpForward = true,\n EnableExternalIps = true,\n Network = network.Id,\n Subnetwork = subnet.Id,\n },\n SchedulingConfig = new Gcp.Tpu.Inputs.V2VmSchedulingConfigArgs\n {\n Preemptible = true,\n },\n ShieldedInstanceConfig = new Gcp.Tpu.Inputs.V2VmShieldedInstanceConfigArgs\n {\n EnableSecureBoot = true,\n },\n ServiceAccount = new Gcp.Tpu.Inputs.V2VmServiceAccountArgs\n {\n Email = sa.Email,\n Scopes = new[]\n {\n \"https://www.googleapis.com/auth/cloud-platform\",\n },\n },\n DataDisks = new[]\n {\n new Gcp.Tpu.Inputs.V2VmDataDiskArgs\n {\n SourceDisk = disk.Id,\n Mode = \"READ_ONLY\",\n },\n },\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Metadata = \n {\n { \"foo\", \"bar\" },\n },\n Tags = new[]\n {\n \"foo\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait60Seconds,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tpu\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tpu.GetV2RuntimeVersions(ctx, \u0026tpu.GetV2RuntimeVersionsArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tpu.GetV2AcceleratorTypes(ctx, \u0026tpu.GetV2AcceleratorTypesArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"tpu-net\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubnet, err := compute.NewSubnetwork(ctx, \"subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"tpu-subnet\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: network.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"tpu-sa\"),\n\t\t\tDisplayName: pulumi.String(\"Test TPU VM\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdisk, err := compute.NewDisk(ctx, \"disk\", \u0026compute.DiskArgs{\n\t\t\tName: pulumi.String(\"tpu-disk\"),\n\t\t\tImage: pulumi.String(\"debian-cloud/debian-11\"),\n\t\t\tSize: pulumi.Int(10),\n\t\t\tType: pulumi.String(\"pd-ssd\"),\n\t\t\tZone: pulumi.String(\"us-central1-c\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Wait after service account creation to limit eventual consistency errors.\n\t\twait60Seconds, err := time.NewSleep(ctx, \"wait_60_seconds\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"60s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsa,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tpu.NewV2Vm(ctx, \"tpu\", \u0026tpu.V2VmArgs{\n\t\t\tName: pulumi.String(\"test-tpu\"),\n\t\t\tZone: pulumi.String(\"us-central1-c\"),\n\t\t\tDescription: pulumi.String(\"Text description of the TPU.\"),\n\t\t\tRuntimeVersion: pulumi.String(\"tpu-vm-tf-2.13.0\"),\n\t\t\tAcceleratorConfig: \u0026tpu.V2VmAcceleratorConfigArgs{\n\t\t\t\tType: pulumi.String(\"V2\"),\n\t\t\t\tTopology: pulumi.String(\"2x2\"),\n\t\t\t},\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/29\"),\n\t\t\tNetworkConfig: \u0026tpu.V2VmNetworkConfigArgs{\n\t\t\t\tCanIpForward: pulumi.Bool(true),\n\t\t\t\tEnableExternalIps: pulumi.Bool(true),\n\t\t\t\tNetwork: network.ID(),\n\t\t\t\tSubnetwork: subnet.ID(),\n\t\t\t},\n\t\t\tSchedulingConfig: \u0026tpu.V2VmSchedulingConfigArgs{\n\t\t\t\tPreemptible: pulumi.Bool(true),\n\t\t\t},\n\t\t\tShieldedInstanceConfig: \u0026tpu.V2VmShieldedInstanceConfigArgs{\n\t\t\t\tEnableSecureBoot: pulumi.Bool(true),\n\t\t\t},\n\t\t\tServiceAccount: \u0026tpu.V2VmServiceAccountArgs{\n\t\t\t\tEmail: sa.Email,\n\t\t\t\tScopes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"https://www.googleapis.com/auth/cloud-platform\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDataDisks: tpu.V2VmDataDiskArray{\n\t\t\t\t\u0026tpu.V2VmDataDiskArgs{\n\t\t\t\t\tSourceDisk: disk.ID(),\n\t\t\t\t\tMode: pulumi.String(\"READ_ONLY\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tMetadata: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"foo\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait60Seconds,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tpu.TpuFunctions;\nimport com.pulumi.gcp.tpu.inputs.GetV2RuntimeVersionsArgs;\nimport com.pulumi.gcp.tpu.inputs.GetV2AcceleratorTypesArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.compute.Disk;\nimport com.pulumi.gcp.compute.DiskArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.tpu.V2Vm;\nimport com.pulumi.gcp.tpu.V2VmArgs;\nimport com.pulumi.gcp.tpu.inputs.V2VmAcceleratorConfigArgs;\nimport com.pulumi.gcp.tpu.inputs.V2VmNetworkConfigArgs;\nimport com.pulumi.gcp.tpu.inputs.V2VmSchedulingConfigArgs;\nimport com.pulumi.gcp.tpu.inputs.V2VmShieldedInstanceConfigArgs;\nimport com.pulumi.gcp.tpu.inputs.V2VmServiceAccountArgs;\nimport com.pulumi.gcp.tpu.inputs.V2VmDataDiskArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = TpuFunctions.getV2RuntimeVersions();\n\n final var availableGetV2AcceleratorTypes = TpuFunctions.getV2AcceleratorTypes();\n\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"tpu-net\")\n .autoCreateSubnetworks(false)\n .build());\n\n var subnet = new Subnetwork(\"subnet\", SubnetworkArgs.builder()\n .name(\"tpu-subnet\")\n .ipCidrRange(\"10.0.0.0/16\")\n .region(\"us-central1\")\n .network(network.id())\n .build());\n\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"tpu-sa\")\n .displayName(\"Test TPU VM\")\n .build());\n\n var disk = new Disk(\"disk\", DiskArgs.builder()\n .name(\"tpu-disk\")\n .image(\"debian-cloud/debian-11\")\n .size(10)\n .type(\"pd-ssd\")\n .zone(\"us-central1-c\")\n .build());\n\n // Wait after service account creation to limit eventual consistency errors.\n var wait60Seconds = new Sleep(\"wait60Seconds\", SleepArgs.builder()\n .createDuration(\"60s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(sa)\n .build());\n\n var tpu = new V2Vm(\"tpu\", V2VmArgs.builder()\n .name(\"test-tpu\")\n .zone(\"us-central1-c\")\n .description(\"Text description of the TPU.\")\n .runtimeVersion(\"tpu-vm-tf-2.13.0\")\n .acceleratorConfig(V2VmAcceleratorConfigArgs.builder()\n .type(\"V2\")\n .topology(\"2x2\")\n .build())\n .cidrBlock(\"10.0.0.0/29\")\n .networkConfig(V2VmNetworkConfigArgs.builder()\n .canIpForward(true)\n .enableExternalIps(true)\n .network(network.id())\n .subnetwork(subnet.id())\n .build())\n .schedulingConfig(V2VmSchedulingConfigArgs.builder()\n .preemptible(true)\n .build())\n .shieldedInstanceConfig(V2VmShieldedInstanceConfigArgs.builder()\n .enableSecureBoot(true)\n .build())\n .serviceAccount(V2VmServiceAccountArgs.builder()\n .email(sa.email())\n .scopes(\"https://www.googleapis.com/auth/cloud-platform\")\n .build())\n .dataDisks(V2VmDataDiskArgs.builder()\n .sourceDisk(disk.id())\n .mode(\"READ_ONLY\")\n .build())\n .labels(Map.of(\"foo\", \"bar\"))\n .metadata(Map.of(\"foo\", \"bar\"))\n .tags(\"foo\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait60Seconds)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tpu:\n type: gcp:tpu:V2Vm\n properties:\n name: test-tpu\n zone: us-central1-c\n description: Text description of the TPU.\n runtimeVersion: tpu-vm-tf-2.13.0\n acceleratorConfig:\n type: V2\n topology: 2x2\n cidrBlock: 10.0.0.0/29\n networkConfig:\n canIpForward: true\n enableExternalIps: true\n network: ${network.id}\n subnetwork: ${subnet.id}\n schedulingConfig:\n preemptible: true\n shieldedInstanceConfig:\n enableSecureBoot: true\n serviceAccount:\n email: ${sa.email}\n scopes:\n - https://www.googleapis.com/auth/cloud-platform\n dataDisks:\n - sourceDisk: ${disk.id}\n mode: READ_ONLY\n labels:\n foo: bar\n metadata:\n foo: bar\n tags:\n - foo\n options:\n dependson:\n - ${wait60Seconds}\n subnet:\n type: gcp:compute:Subnetwork\n properties:\n name: tpu-subnet\n ipCidrRange: 10.0.0.0/16\n region: us-central1\n network: ${network.id}\n network:\n type: gcp:compute:Network\n properties:\n name: tpu-net\n autoCreateSubnetworks: false\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: tpu-sa\n displayName: Test TPU VM\n disk:\n type: gcp:compute:Disk\n properties:\n name: tpu-disk\n image: debian-cloud/debian-11\n size: 10\n type: pd-ssd\n zone: us-central1-c\n # Wait after service account creation to limit eventual consistency errors.\n wait60Seconds:\n type: time:sleep\n name: wait_60_seconds\n properties:\n createDuration: 60s\n options:\n dependson:\n - ${sa}\nvariables:\n available:\n fn::invoke:\n Function: gcp:tpu:getV2RuntimeVersions\n Arguments: {}\n availableGetV2AcceleratorTypes:\n fn::invoke:\n Function: gcp:tpu:getV2AcceleratorTypes\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nVm can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{zone}}/nodes/{{name}}`\n\n* `{{project}}/{{zone}}/{{name}}`\n\n* `{{zone}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Vm can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:tpu/v2Vm:V2Vm default projects/{{project}}/locations/{{zone}}/nodes/{{name}}\n```\n\n```sh\n$ pulumi import gcp:tpu/v2Vm:V2Vm default {{project}}/{{zone}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:tpu/v2Vm:V2Vm default {{zone}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:tpu/v2Vm:V2Vm default {{name}}\n```\n\n", + "description": "## Example Usage\n\n### Tpu V2 Vm Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst available = gcp.tpu.getV2RuntimeVersions({});\nconst tpu = new gcp.tpu.V2Vm(\"tpu\", {\n name: \"test-tpu\",\n zone: \"us-central1-c\",\n runtimeVersion: \"tpu-vm-tf-2.13.0\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\navailable = gcp.tpu.get_v2_runtime_versions()\ntpu = gcp.tpu.V2Vm(\"tpu\",\n name=\"test-tpu\",\n zone=\"us-central1-c\",\n runtime_version=\"tpu-vm-tf-2.13.0\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Gcp.Tpu.GetV2RuntimeVersions.Invoke();\n\n var tpu = new Gcp.Tpu.V2Vm(\"tpu\", new()\n {\n Name = \"test-tpu\",\n Zone = \"us-central1-c\",\n RuntimeVersion = \"tpu-vm-tf-2.13.0\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tpu\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tpu.GetV2RuntimeVersions(ctx, \u0026tpu.GetV2RuntimeVersionsArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tpu.NewV2Vm(ctx, \"tpu\", \u0026tpu.V2VmArgs{\n\t\t\tName: pulumi.String(\"test-tpu\"),\n\t\t\tZone: pulumi.String(\"us-central1-c\"),\n\t\t\tRuntimeVersion: pulumi.String(\"tpu-vm-tf-2.13.0\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tpu.TpuFunctions;\nimport com.pulumi.gcp.tpu.inputs.GetV2RuntimeVersionsArgs;\nimport com.pulumi.gcp.tpu.V2Vm;\nimport com.pulumi.gcp.tpu.V2VmArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = TpuFunctions.getV2RuntimeVersions();\n\n var tpu = new V2Vm(\"tpu\", V2VmArgs.builder()\n .name(\"test-tpu\")\n .zone(\"us-central1-c\")\n .runtimeVersion(\"tpu-vm-tf-2.13.0\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tpu:\n type: gcp:tpu:V2Vm\n properties:\n name: test-tpu\n zone: us-central1-c\n runtimeVersion: tpu-vm-tf-2.13.0\nvariables:\n available:\n fn::invoke:\n function: gcp:tpu:getV2RuntimeVersions\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Tpu V2 Vm Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst available = gcp.tpu.getV2RuntimeVersions({});\nconst availableGetV2AcceleratorTypes = gcp.tpu.getV2AcceleratorTypes({});\nconst network = new gcp.compute.Network(\"network\", {\n name: \"tpu-net\",\n autoCreateSubnetworks: false,\n});\nconst subnet = new gcp.compute.Subnetwork(\"subnet\", {\n name: \"tpu-subnet\",\n ipCidrRange: \"10.0.0.0/16\",\n region: \"us-central1\",\n network: network.id,\n});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"tpu-sa\",\n displayName: \"Test TPU VM\",\n});\nconst disk = new gcp.compute.Disk(\"disk\", {\n name: \"tpu-disk\",\n image: \"debian-cloud/debian-11\",\n size: 10,\n type: \"pd-ssd\",\n zone: \"us-central1-c\",\n});\n// Wait after service account creation to limit eventual consistency errors.\nconst wait60Seconds = new time.index.Sleep(\"wait_60_seconds\", {createDuration: \"60s\"}, {\n dependsOn: [sa],\n});\nconst tpu = new gcp.tpu.V2Vm(\"tpu\", {\n name: \"test-tpu\",\n zone: \"us-central1-c\",\n description: \"Text description of the TPU.\",\n runtimeVersion: \"tpu-vm-tf-2.13.0\",\n acceleratorConfig: {\n type: \"V2\",\n topology: \"2x2\",\n },\n cidrBlock: \"10.0.0.0/29\",\n networkConfig: {\n canIpForward: true,\n enableExternalIps: true,\n network: network.id,\n subnetwork: subnet.id,\n },\n schedulingConfig: {\n preemptible: true,\n },\n shieldedInstanceConfig: {\n enableSecureBoot: true,\n },\n serviceAccount: {\n email: sa.email,\n scopes: [\"https://www.googleapis.com/auth/cloud-platform\"],\n },\n dataDisks: [{\n sourceDisk: disk.id,\n mode: \"READ_ONLY\",\n }],\n labels: {\n foo: \"bar\",\n },\n metadata: {\n foo: \"bar\",\n },\n tags: [\"foo\"],\n}, {\n dependsOn: [wait60Seconds],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\navailable = gcp.tpu.get_v2_runtime_versions()\navailable_get_v2_accelerator_types = gcp.tpu.get_v2_accelerator_types()\nnetwork = gcp.compute.Network(\"network\",\n name=\"tpu-net\",\n auto_create_subnetworks=False)\nsubnet = gcp.compute.Subnetwork(\"subnet\",\n name=\"tpu-subnet\",\n ip_cidr_range=\"10.0.0.0/16\",\n region=\"us-central1\",\n network=network.id)\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"tpu-sa\",\n display_name=\"Test TPU VM\")\ndisk = gcp.compute.Disk(\"disk\",\n name=\"tpu-disk\",\n image=\"debian-cloud/debian-11\",\n size=10,\n type=\"pd-ssd\",\n zone=\"us-central1-c\")\n# Wait after service account creation to limit eventual consistency errors.\nwait60_seconds = time.index.Sleep(\"wait_60_seconds\", create_duration=60s,\nopts = pulumi.ResourceOptions(depends_on=[sa]))\ntpu = gcp.tpu.V2Vm(\"tpu\",\n name=\"test-tpu\",\n zone=\"us-central1-c\",\n description=\"Text description of the TPU.\",\n runtime_version=\"tpu-vm-tf-2.13.0\",\n accelerator_config={\n \"type\": \"V2\",\n \"topology\": \"2x2\",\n },\n cidr_block=\"10.0.0.0/29\",\n network_config={\n \"can_ip_forward\": True,\n \"enable_external_ips\": True,\n \"network\": network.id,\n \"subnetwork\": subnet.id,\n },\n scheduling_config={\n \"preemptible\": True,\n },\n shielded_instance_config={\n \"enable_secure_boot\": True,\n },\n service_account={\n \"email\": sa.email,\n \"scopes\": [\"https://www.googleapis.com/auth/cloud-platform\"],\n },\n data_disks=[{\n \"source_disk\": disk.id,\n \"mode\": \"READ_ONLY\",\n }],\n labels={\n \"foo\": \"bar\",\n },\n metadata={\n \"foo\": \"bar\",\n },\n tags=[\"foo\"],\n opts = pulumi.ResourceOptions(depends_on=[wait60_seconds]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Gcp.Tpu.GetV2RuntimeVersions.Invoke();\n\n var availableGetV2AcceleratorTypes = Gcp.Tpu.GetV2AcceleratorTypes.Invoke();\n\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"tpu-net\",\n AutoCreateSubnetworks = false,\n });\n\n var subnet = new Gcp.Compute.Subnetwork(\"subnet\", new()\n {\n Name = \"tpu-subnet\",\n IpCidrRange = \"10.0.0.0/16\",\n Region = \"us-central1\",\n Network = network.Id,\n });\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"tpu-sa\",\n DisplayName = \"Test TPU VM\",\n });\n\n var disk = new Gcp.Compute.Disk(\"disk\", new()\n {\n Name = \"tpu-disk\",\n Image = \"debian-cloud/debian-11\",\n Size = 10,\n Type = \"pd-ssd\",\n Zone = \"us-central1-c\",\n });\n\n // Wait after service account creation to limit eventual consistency errors.\n var wait60Seconds = new Time.Index.Sleep(\"wait_60_seconds\", new()\n {\n CreateDuration = \"60s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n sa,\n },\n });\n\n var tpu = new Gcp.Tpu.V2Vm(\"tpu\", new()\n {\n Name = \"test-tpu\",\n Zone = \"us-central1-c\",\n Description = \"Text description of the TPU.\",\n RuntimeVersion = \"tpu-vm-tf-2.13.0\",\n AcceleratorConfig = new Gcp.Tpu.Inputs.V2VmAcceleratorConfigArgs\n {\n Type = \"V2\",\n Topology = \"2x2\",\n },\n CidrBlock = \"10.0.0.0/29\",\n NetworkConfig = new Gcp.Tpu.Inputs.V2VmNetworkConfigArgs\n {\n CanIpForward = true,\n EnableExternalIps = true,\n Network = network.Id,\n Subnetwork = subnet.Id,\n },\n SchedulingConfig = new Gcp.Tpu.Inputs.V2VmSchedulingConfigArgs\n {\n Preemptible = true,\n },\n ShieldedInstanceConfig = new Gcp.Tpu.Inputs.V2VmShieldedInstanceConfigArgs\n {\n EnableSecureBoot = true,\n },\n ServiceAccount = new Gcp.Tpu.Inputs.V2VmServiceAccountArgs\n {\n Email = sa.Email,\n Scopes = new[]\n {\n \"https://www.googleapis.com/auth/cloud-platform\",\n },\n },\n DataDisks = new[]\n {\n new Gcp.Tpu.Inputs.V2VmDataDiskArgs\n {\n SourceDisk = disk.Id,\n Mode = \"READ_ONLY\",\n },\n },\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Metadata = \n {\n { \"foo\", \"bar\" },\n },\n Tags = new[]\n {\n \"foo\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait60Seconds,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tpu\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tpu.GetV2RuntimeVersions(ctx, \u0026tpu.GetV2RuntimeVersionsArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tpu.GetV2AcceleratorTypes(ctx, \u0026tpu.GetV2AcceleratorTypesArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"tpu-net\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubnet, err := compute.NewSubnetwork(ctx, \"subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"tpu-subnet\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: network.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"tpu-sa\"),\n\t\t\tDisplayName: pulumi.String(\"Test TPU VM\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdisk, err := compute.NewDisk(ctx, \"disk\", \u0026compute.DiskArgs{\n\t\t\tName: pulumi.String(\"tpu-disk\"),\n\t\t\tImage: pulumi.String(\"debian-cloud/debian-11\"),\n\t\t\tSize: pulumi.Int(10),\n\t\t\tType: pulumi.String(\"pd-ssd\"),\n\t\t\tZone: pulumi.String(\"us-central1-c\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Wait after service account creation to limit eventual consistency errors.\n\t\twait60Seconds, err := time.NewSleep(ctx, \"wait_60_seconds\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"60s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsa,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tpu.NewV2Vm(ctx, \"tpu\", \u0026tpu.V2VmArgs{\n\t\t\tName: pulumi.String(\"test-tpu\"),\n\t\t\tZone: pulumi.String(\"us-central1-c\"),\n\t\t\tDescription: pulumi.String(\"Text description of the TPU.\"),\n\t\t\tRuntimeVersion: pulumi.String(\"tpu-vm-tf-2.13.0\"),\n\t\t\tAcceleratorConfig: \u0026tpu.V2VmAcceleratorConfigArgs{\n\t\t\t\tType: pulumi.String(\"V2\"),\n\t\t\t\tTopology: pulumi.String(\"2x2\"),\n\t\t\t},\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/29\"),\n\t\t\tNetworkConfig: \u0026tpu.V2VmNetworkConfigArgs{\n\t\t\t\tCanIpForward: pulumi.Bool(true),\n\t\t\t\tEnableExternalIps: pulumi.Bool(true),\n\t\t\t\tNetwork: network.ID(),\n\t\t\t\tSubnetwork: subnet.ID(),\n\t\t\t},\n\t\t\tSchedulingConfig: \u0026tpu.V2VmSchedulingConfigArgs{\n\t\t\t\tPreemptible: pulumi.Bool(true),\n\t\t\t},\n\t\t\tShieldedInstanceConfig: \u0026tpu.V2VmShieldedInstanceConfigArgs{\n\t\t\t\tEnableSecureBoot: pulumi.Bool(true),\n\t\t\t},\n\t\t\tServiceAccount: \u0026tpu.V2VmServiceAccountArgs{\n\t\t\t\tEmail: sa.Email,\n\t\t\t\tScopes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"https://www.googleapis.com/auth/cloud-platform\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDataDisks: tpu.V2VmDataDiskArray{\n\t\t\t\t\u0026tpu.V2VmDataDiskArgs{\n\t\t\t\t\tSourceDisk: disk.ID(),\n\t\t\t\t\tMode: pulumi.String(\"READ_ONLY\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tMetadata: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"foo\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait60Seconds,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tpu.TpuFunctions;\nimport com.pulumi.gcp.tpu.inputs.GetV2RuntimeVersionsArgs;\nimport com.pulumi.gcp.tpu.inputs.GetV2AcceleratorTypesArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.compute.Disk;\nimport com.pulumi.gcp.compute.DiskArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.tpu.V2Vm;\nimport com.pulumi.gcp.tpu.V2VmArgs;\nimport com.pulumi.gcp.tpu.inputs.V2VmAcceleratorConfigArgs;\nimport com.pulumi.gcp.tpu.inputs.V2VmNetworkConfigArgs;\nimport com.pulumi.gcp.tpu.inputs.V2VmSchedulingConfigArgs;\nimport com.pulumi.gcp.tpu.inputs.V2VmShieldedInstanceConfigArgs;\nimport com.pulumi.gcp.tpu.inputs.V2VmServiceAccountArgs;\nimport com.pulumi.gcp.tpu.inputs.V2VmDataDiskArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = TpuFunctions.getV2RuntimeVersions();\n\n final var availableGetV2AcceleratorTypes = TpuFunctions.getV2AcceleratorTypes();\n\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"tpu-net\")\n .autoCreateSubnetworks(false)\n .build());\n\n var subnet = new Subnetwork(\"subnet\", SubnetworkArgs.builder()\n .name(\"tpu-subnet\")\n .ipCidrRange(\"10.0.0.0/16\")\n .region(\"us-central1\")\n .network(network.id())\n .build());\n\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"tpu-sa\")\n .displayName(\"Test TPU VM\")\n .build());\n\n var disk = new Disk(\"disk\", DiskArgs.builder()\n .name(\"tpu-disk\")\n .image(\"debian-cloud/debian-11\")\n .size(10)\n .type(\"pd-ssd\")\n .zone(\"us-central1-c\")\n .build());\n\n // Wait after service account creation to limit eventual consistency errors.\n var wait60Seconds = new Sleep(\"wait60Seconds\", SleepArgs.builder()\n .createDuration(\"60s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(sa)\n .build());\n\n var tpu = new V2Vm(\"tpu\", V2VmArgs.builder()\n .name(\"test-tpu\")\n .zone(\"us-central1-c\")\n .description(\"Text description of the TPU.\")\n .runtimeVersion(\"tpu-vm-tf-2.13.0\")\n .acceleratorConfig(V2VmAcceleratorConfigArgs.builder()\n .type(\"V2\")\n .topology(\"2x2\")\n .build())\n .cidrBlock(\"10.0.0.0/29\")\n .networkConfig(V2VmNetworkConfigArgs.builder()\n .canIpForward(true)\n .enableExternalIps(true)\n .network(network.id())\n .subnetwork(subnet.id())\n .build())\n .schedulingConfig(V2VmSchedulingConfigArgs.builder()\n .preemptible(true)\n .build())\n .shieldedInstanceConfig(V2VmShieldedInstanceConfigArgs.builder()\n .enableSecureBoot(true)\n .build())\n .serviceAccount(V2VmServiceAccountArgs.builder()\n .email(sa.email())\n .scopes(\"https://www.googleapis.com/auth/cloud-platform\")\n .build())\n .dataDisks(V2VmDataDiskArgs.builder()\n .sourceDisk(disk.id())\n .mode(\"READ_ONLY\")\n .build())\n .labels(Map.of(\"foo\", \"bar\"))\n .metadata(Map.of(\"foo\", \"bar\"))\n .tags(\"foo\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait60Seconds)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tpu:\n type: gcp:tpu:V2Vm\n properties:\n name: test-tpu\n zone: us-central1-c\n description: Text description of the TPU.\n runtimeVersion: tpu-vm-tf-2.13.0\n acceleratorConfig:\n type: V2\n topology: 2x2\n cidrBlock: 10.0.0.0/29\n networkConfig:\n canIpForward: true\n enableExternalIps: true\n network: ${network.id}\n subnetwork: ${subnet.id}\n schedulingConfig:\n preemptible: true\n shieldedInstanceConfig:\n enableSecureBoot: true\n serviceAccount:\n email: ${sa.email}\n scopes:\n - https://www.googleapis.com/auth/cloud-platform\n dataDisks:\n - sourceDisk: ${disk.id}\n mode: READ_ONLY\n labels:\n foo: bar\n metadata:\n foo: bar\n tags:\n - foo\n options:\n dependsOn:\n - ${wait60Seconds}\n subnet:\n type: gcp:compute:Subnetwork\n properties:\n name: tpu-subnet\n ipCidrRange: 10.0.0.0/16\n region: us-central1\n network: ${network.id}\n network:\n type: gcp:compute:Network\n properties:\n name: tpu-net\n autoCreateSubnetworks: false\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: tpu-sa\n displayName: Test TPU VM\n disk:\n type: gcp:compute:Disk\n properties:\n name: tpu-disk\n image: debian-cloud/debian-11\n size: 10\n type: pd-ssd\n zone: us-central1-c\n # Wait after service account creation to limit eventual consistency errors.\n wait60Seconds:\n type: time:sleep\n name: wait_60_seconds\n properties:\n createDuration: 60s\n options:\n dependsOn:\n - ${sa}\nvariables:\n available:\n fn::invoke:\n function: gcp:tpu:getV2RuntimeVersions\n arguments: {}\n availableGetV2AcceleratorTypes:\n fn::invoke:\n function: gcp:tpu:getV2AcceleratorTypes\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nVm can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{zone}}/nodes/{{name}}`\n\n* `{{project}}/{{zone}}/{{name}}`\n\n* `{{zone}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Vm can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:tpu/v2Vm:V2Vm default projects/{{project}}/locations/{{zone}}/nodes/{{name}}\n```\n\n```sh\n$ pulumi import gcp:tpu/v2Vm:V2Vm default {{project}}/{{zone}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:tpu/v2Vm:V2Vm default {{zone}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:tpu/v2Vm:V2Vm default {{name}}\n```\n\n", "properties": { "acceleratorConfig": { "$ref": "#/types/gcp:tpu/V2VmAcceleratorConfig:V2VmAcceleratorConfig", @@ -271265,7 +271265,7 @@ } }, "gcp:transcoder/job:Job": { - "description": "Transcoding Job Resource\n\n\nTo get more information about Job, see:\n\n* [API documentation](https://cloud.google.com/transcoder/docs/reference/rest/v1/projects.locations.jobs)\n* How-to Guides\n * [Transcoder](https://cloud.google.com/transcoder/docs/)\n\n## Example Usage\n\n### Transcoder Job Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.storage.Bucket(\"default\", {\n name: \"transcoder-job\",\n location: \"US\",\n forceDestroy: true,\n uniformBucketLevelAccess: true,\n publicAccessPrevention: \"enforced\",\n});\nconst exampleMp4 = new gcp.storage.BucketObject(\"example_mp4\", {\n name: \"example.mp4\",\n source: new pulumi.asset.FileAsset(\"./test-fixtures/example.mp4\"),\n bucket: _default.name,\n});\nconst defaultJobTemplate = new gcp.transcoder.JobTemplate(\"default\", {\n jobTemplateId: \"example-job-template\",\n location: \"us-central1\",\n config: {\n inputs: [{\n key: \"input0\",\n uri: pulumi.interpolate`gs://${_default.name}/${exampleMp4.name}`,\n }],\n output: {\n uri: pulumi.interpolate`gs://${_default.name}/outputs/`,\n },\n editLists: [{\n key: \"atom0\",\n inputs: [\"input0\"],\n startTimeOffset: \"0s\",\n }],\n elementaryStreams: [\n {\n key: \"video-stream0\",\n videoStream: {\n h264: {\n widthPixels: 640,\n heightPixels: 360,\n bitrateBps: 550000,\n frameRate: 60,\n pixelFormat: \"yuv420p\",\n rateControlMode: \"vbr\",\n crfLevel: 21,\n gopDuration: \"3s\",\n vbvSizeBits: 550000,\n vbvFullnessBits: 495000,\n entropyCoder: \"cabac\",\n profile: \"high\",\n preset: \"veryfast\",\n },\n },\n },\n {\n key: \"video-stream1\",\n videoStream: {\n h264: {\n widthPixels: 1280,\n heightPixels: 720,\n bitrateBps: 550000,\n frameRate: 60,\n pixelFormat: \"yuv420p\",\n rateControlMode: \"vbr\",\n crfLevel: 21,\n gopDuration: \"3s\",\n vbvSizeBits: 2500000,\n vbvFullnessBits: 2250000,\n entropyCoder: \"cabac\",\n profile: \"high\",\n preset: \"veryfast\",\n },\n },\n },\n {\n key: \"audio-stream0\",\n audioStream: {\n codec: \"aac\",\n bitrateBps: 64000,\n channelCount: 2,\n channelLayouts: [\n \"fl\",\n \"fr\",\n ],\n sampleRateHertz: 48000,\n },\n },\n ],\n muxStreams: [\n {\n key: \"sd\",\n fileName: \"sd.mp4\",\n container: \"mp4\",\n elementaryStreams: [\n \"video-stream0\",\n \"audio-stream0\",\n ],\n },\n {\n key: \"hd\",\n fileName: \"hd.mp4\",\n container: \"mp4\",\n elementaryStreams: [\n \"video-stream1\",\n \"audio-stream0\",\n ],\n },\n ],\n },\n labels: {\n label: \"key\",\n },\n});\nconst defaultJob = new gcp.transcoder.Job(\"default\", {\n templateId: defaultJobTemplate.name,\n location: \"us-central1\",\n labels: {\n label: \"key\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.storage.Bucket(\"default\",\n name=\"transcoder-job\",\n location=\"US\",\n force_destroy=True,\n uniform_bucket_level_access=True,\n public_access_prevention=\"enforced\")\nexample_mp4 = gcp.storage.BucketObject(\"example_mp4\",\n name=\"example.mp4\",\n source=pulumi.FileAsset(\"./test-fixtures/example.mp4\"),\n bucket=default.name)\ndefault_job_template = gcp.transcoder.JobTemplate(\"default\",\n job_template_id=\"example-job-template\",\n location=\"us-central1\",\n config={\n \"inputs\": [{\n \"key\": \"input0\",\n \"uri\": pulumi.Output.all(\n defaultName=default.name,\n exampleMp4Name=example_mp4.name\n).apply(lambda resolved_outputs: f\"gs://{resolved_outputs['defaultName']}/{resolved_outputs['exampleMp4Name']}\")\n,\n }],\n \"output\": {\n \"uri\": default.name.apply(lambda name: f\"gs://{name}/outputs/\"),\n },\n \"edit_lists\": [{\n \"key\": \"atom0\",\n \"inputs\": [\"input0\"],\n \"start_time_offset\": \"0s\",\n }],\n \"elementary_streams\": [\n {\n \"key\": \"video-stream0\",\n \"video_stream\": {\n \"h264\": {\n \"width_pixels\": 640,\n \"height_pixels\": 360,\n \"bitrate_bps\": 550000,\n \"frame_rate\": 60,\n \"pixel_format\": \"yuv420p\",\n \"rate_control_mode\": \"vbr\",\n \"crf_level\": 21,\n \"gop_duration\": \"3s\",\n \"vbv_size_bits\": 550000,\n \"vbv_fullness_bits\": 495000,\n \"entropy_coder\": \"cabac\",\n \"profile\": \"high\",\n \"preset\": \"veryfast\",\n },\n },\n },\n {\n \"key\": \"video-stream1\",\n \"video_stream\": {\n \"h264\": {\n \"width_pixels\": 1280,\n \"height_pixels\": 720,\n \"bitrate_bps\": 550000,\n \"frame_rate\": 60,\n \"pixel_format\": \"yuv420p\",\n \"rate_control_mode\": \"vbr\",\n \"crf_level\": 21,\n \"gop_duration\": \"3s\",\n \"vbv_size_bits\": 2500000,\n \"vbv_fullness_bits\": 2250000,\n \"entropy_coder\": \"cabac\",\n \"profile\": \"high\",\n \"preset\": \"veryfast\",\n },\n },\n },\n {\n \"key\": \"audio-stream0\",\n \"audio_stream\": {\n \"codec\": \"aac\",\n \"bitrate_bps\": 64000,\n \"channel_count\": 2,\n \"channel_layouts\": [\n \"fl\",\n \"fr\",\n ],\n \"sample_rate_hertz\": 48000,\n },\n },\n ],\n \"mux_streams\": [\n {\n \"key\": \"sd\",\n \"file_name\": \"sd.mp4\",\n \"container\": \"mp4\",\n \"elementary_streams\": [\n \"video-stream0\",\n \"audio-stream0\",\n ],\n },\n {\n \"key\": \"hd\",\n \"file_name\": \"hd.mp4\",\n \"container\": \"mp4\",\n \"elementary_streams\": [\n \"video-stream1\",\n \"audio-stream0\",\n ],\n },\n ],\n },\n labels={\n \"label\": \"key\",\n })\ndefault_job = gcp.transcoder.Job(\"default\",\n template_id=default_job_template.name,\n location=\"us-central1\",\n labels={\n \"label\": \"key\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Storage.Bucket(\"default\", new()\n {\n Name = \"transcoder-job\",\n Location = \"US\",\n ForceDestroy = true,\n UniformBucketLevelAccess = true,\n PublicAccessPrevention = \"enforced\",\n });\n\n var exampleMp4 = new Gcp.Storage.BucketObject(\"example_mp4\", new()\n {\n Name = \"example.mp4\",\n Source = new FileAsset(\"./test-fixtures/example.mp4\"),\n Bucket = @default.Name,\n });\n\n var defaultJobTemplate = new Gcp.Transcoder.JobTemplate(\"default\", new()\n {\n JobTemplateId = \"example-job-template\",\n Location = \"us-central1\",\n Config = new Gcp.Transcoder.Inputs.JobTemplateConfigArgs\n {\n Inputs = new[]\n {\n new Gcp.Transcoder.Inputs.JobTemplateConfigInputArgs\n {\n Key = \"input0\",\n Uri = Output.Tuple(@default.Name, exampleMp4.Name).Apply(values =\u003e\n {\n var defaultName = values.Item1;\n var exampleMp4Name = values.Item2;\n return $\"gs://{defaultName}/{exampleMp4Name}\";\n }),\n },\n },\n Output = new Gcp.Transcoder.Inputs.JobTemplateConfigOutputArgs\n {\n Uri = @default.Name.Apply(name =\u003e $\"gs://{name}/outputs/\"),\n },\n EditLists = new[]\n {\n new Gcp.Transcoder.Inputs.JobTemplateConfigEditListArgs\n {\n Key = \"atom0\",\n Inputs = new[]\n {\n \"input0\",\n },\n StartTimeOffset = \"0s\",\n },\n },\n ElementaryStreams = new[]\n {\n new Gcp.Transcoder.Inputs.JobTemplateConfigElementaryStreamArgs\n {\n Key = \"video-stream0\",\n VideoStream = new Gcp.Transcoder.Inputs.JobTemplateConfigElementaryStreamVideoStreamArgs\n {\n H264 = new Gcp.Transcoder.Inputs.JobTemplateConfigElementaryStreamVideoStreamH264Args\n {\n WidthPixels = 640,\n HeightPixels = 360,\n BitrateBps = 550000,\n FrameRate = 60,\n PixelFormat = \"yuv420p\",\n RateControlMode = \"vbr\",\n CrfLevel = 21,\n GopDuration = \"3s\",\n VbvSizeBits = 550000,\n VbvFullnessBits = 495000,\n EntropyCoder = \"cabac\",\n Profile = \"high\",\n Preset = \"veryfast\",\n },\n },\n },\n new Gcp.Transcoder.Inputs.JobTemplateConfigElementaryStreamArgs\n {\n Key = \"video-stream1\",\n VideoStream = new Gcp.Transcoder.Inputs.JobTemplateConfigElementaryStreamVideoStreamArgs\n {\n H264 = new Gcp.Transcoder.Inputs.JobTemplateConfigElementaryStreamVideoStreamH264Args\n {\n WidthPixels = 1280,\n HeightPixels = 720,\n BitrateBps = 550000,\n FrameRate = 60,\n PixelFormat = \"yuv420p\",\n RateControlMode = \"vbr\",\n CrfLevel = 21,\n GopDuration = \"3s\",\n VbvSizeBits = 2500000,\n VbvFullnessBits = 2250000,\n EntropyCoder = \"cabac\",\n Profile = \"high\",\n Preset = \"veryfast\",\n },\n },\n },\n new Gcp.Transcoder.Inputs.JobTemplateConfigElementaryStreamArgs\n {\n Key = \"audio-stream0\",\n AudioStream = new Gcp.Transcoder.Inputs.JobTemplateConfigElementaryStreamAudioStreamArgs\n {\n Codec = \"aac\",\n BitrateBps = 64000,\n ChannelCount = 2,\n ChannelLayouts = new[]\n {\n \"fl\",\n \"fr\",\n },\n SampleRateHertz = 48000,\n },\n },\n },\n MuxStreams = new[]\n {\n new Gcp.Transcoder.Inputs.JobTemplateConfigMuxStreamArgs\n {\n Key = \"sd\",\n FileName = \"sd.mp4\",\n Container = \"mp4\",\n ElementaryStreams = new[]\n {\n \"video-stream0\",\n \"audio-stream0\",\n },\n },\n new Gcp.Transcoder.Inputs.JobTemplateConfigMuxStreamArgs\n {\n Key = \"hd\",\n FileName = \"hd.mp4\",\n Container = \"mp4\",\n ElementaryStreams = new[]\n {\n \"video-stream1\",\n \"audio-stream0\",\n },\n },\n },\n },\n Labels = \n {\n { \"label\", \"key\" },\n },\n });\n\n var defaultJob = new Gcp.Transcoder.Job(\"default\", new()\n {\n TemplateId = defaultJobTemplate.Name,\n Location = \"us-central1\",\n Labels = \n {\n { \"label\", \"key\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/transcoder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucket(ctx, \"default\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"transcoder-job\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t\tPublicAccessPrevention: pulumi.String(\"enforced\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleMp4, err := storage.NewBucketObject(ctx, \"example_mp4\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"example.mp4\"),\n\t\t\tSource: pulumi.NewFileAsset(\"./test-fixtures/example.mp4\"),\n\t\t\tBucket: _default.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultJobTemplate, err := transcoder.NewJobTemplate(ctx, \"default\", \u0026transcoder.JobTemplateArgs{\n\t\t\tJobTemplateId: pulumi.String(\"example-job-template\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConfig: \u0026transcoder.JobTemplateConfigArgs{\n\t\t\t\tInputs: transcoder.JobTemplateConfigInputTypeArray{\n\t\t\t\t\t\u0026transcoder.JobTemplateConfigInputTypeArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"input0\"),\n\t\t\t\t\t\tUri: pulumi.All(_default.Name, exampleMp4.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\t\tdefaultName := _args[0].(string)\n\t\t\t\t\t\t\texampleMp4Name := _args[1].(string)\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/%v\", defaultName, exampleMp4Name), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tOutput: \u0026transcoder.JobTemplateConfigOutputTypeArgs{\n\t\t\t\t\tUri: _default.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/outputs/\", name), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t},\n\t\t\t\tEditLists: transcoder.JobTemplateConfigEditListArray{\n\t\t\t\t\t\u0026transcoder.JobTemplateConfigEditListArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"atom0\"),\n\t\t\t\t\t\tInputs: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"input0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tStartTimeOffset: pulumi.String(\"0s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tElementaryStreams: transcoder.JobTemplateConfigElementaryStreamArray{\n\t\t\t\t\t\u0026transcoder.JobTemplateConfigElementaryStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"video-stream0\"),\n\t\t\t\t\t\tVideoStream: \u0026transcoder.JobTemplateConfigElementaryStreamVideoStreamArgs{\n\t\t\t\t\t\t\tH264: \u0026transcoder.JobTemplateConfigElementaryStreamVideoStreamH264Args{\n\t\t\t\t\t\t\t\tWidthPixels: pulumi.Int(640),\n\t\t\t\t\t\t\t\tHeightPixels: pulumi.Int(360),\n\t\t\t\t\t\t\t\tBitrateBps: pulumi.Int(550000),\n\t\t\t\t\t\t\t\tFrameRate: pulumi.Int(60),\n\t\t\t\t\t\t\t\tPixelFormat: pulumi.String(\"yuv420p\"),\n\t\t\t\t\t\t\t\tRateControlMode: pulumi.String(\"vbr\"),\n\t\t\t\t\t\t\t\tCrfLevel: pulumi.Int(21),\n\t\t\t\t\t\t\t\tGopDuration: pulumi.String(\"3s\"),\n\t\t\t\t\t\t\t\tVbvSizeBits: pulumi.Int(550000),\n\t\t\t\t\t\t\t\tVbvFullnessBits: pulumi.Int(495000),\n\t\t\t\t\t\t\t\tEntropyCoder: pulumi.String(\"cabac\"),\n\t\t\t\t\t\t\t\tProfile: pulumi.String(\"high\"),\n\t\t\t\t\t\t\t\tPreset: pulumi.String(\"veryfast\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobTemplateConfigElementaryStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"video-stream1\"),\n\t\t\t\t\t\tVideoStream: \u0026transcoder.JobTemplateConfigElementaryStreamVideoStreamArgs{\n\t\t\t\t\t\t\tH264: \u0026transcoder.JobTemplateConfigElementaryStreamVideoStreamH264Args{\n\t\t\t\t\t\t\t\tWidthPixels: pulumi.Int(1280),\n\t\t\t\t\t\t\t\tHeightPixels: pulumi.Int(720),\n\t\t\t\t\t\t\t\tBitrateBps: pulumi.Int(550000),\n\t\t\t\t\t\t\t\tFrameRate: pulumi.Int(60),\n\t\t\t\t\t\t\t\tPixelFormat: pulumi.String(\"yuv420p\"),\n\t\t\t\t\t\t\t\tRateControlMode: pulumi.String(\"vbr\"),\n\t\t\t\t\t\t\t\tCrfLevel: pulumi.Int(21),\n\t\t\t\t\t\t\t\tGopDuration: pulumi.String(\"3s\"),\n\t\t\t\t\t\t\t\tVbvSizeBits: pulumi.Int(2500000),\n\t\t\t\t\t\t\t\tVbvFullnessBits: pulumi.Int(2250000),\n\t\t\t\t\t\t\t\tEntropyCoder: pulumi.String(\"cabac\"),\n\t\t\t\t\t\t\t\tProfile: pulumi.String(\"high\"),\n\t\t\t\t\t\t\t\tPreset: pulumi.String(\"veryfast\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobTemplateConfigElementaryStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"audio-stream0\"),\n\t\t\t\t\t\tAudioStream: \u0026transcoder.JobTemplateConfigElementaryStreamAudioStreamArgs{\n\t\t\t\t\t\t\tCodec: pulumi.String(\"aac\"),\n\t\t\t\t\t\t\tBitrateBps: pulumi.Int(64000),\n\t\t\t\t\t\t\tChannelCount: pulumi.Int(2),\n\t\t\t\t\t\t\tChannelLayouts: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"fl\"),\n\t\t\t\t\t\t\t\tpulumi.String(\"fr\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tSampleRateHertz: pulumi.Int(48000),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tMuxStreams: transcoder.JobTemplateConfigMuxStreamArray{\n\t\t\t\t\t\u0026transcoder.JobTemplateConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sd\"),\n\t\t\t\t\t\tFileName: pulumi.String(\"sd.mp4\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"mp4\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"video-stream0\"),\n\t\t\t\t\t\t\tpulumi.String(\"audio-stream0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobTemplateConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"hd\"),\n\t\t\t\t\t\tFileName: pulumi.String(\"hd.mp4\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"mp4\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"video-stream1\"),\n\t\t\t\t\t\t\tpulumi.String(\"audio-stream0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label\": pulumi.String(\"key\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = transcoder.NewJob(ctx, \"default\", \u0026transcoder.JobArgs{\n\t\t\tTemplateId: defaultJobTemplate.Name,\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label\": pulumi.String(\"key\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.transcoder.JobTemplate;\nimport com.pulumi.gcp.transcoder.JobTemplateArgs;\nimport com.pulumi.gcp.transcoder.inputs.JobTemplateConfigArgs;\nimport com.pulumi.gcp.transcoder.inputs.JobTemplateConfigOutputArgs;\nimport com.pulumi.gcp.transcoder.Job;\nimport com.pulumi.gcp.transcoder.JobArgs;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Bucket(\"default\", BucketArgs.builder()\n .name(\"transcoder-job\")\n .location(\"US\")\n .forceDestroy(true)\n .uniformBucketLevelAccess(true)\n .publicAccessPrevention(\"enforced\")\n .build());\n\n var exampleMp4 = new BucketObject(\"exampleMp4\", BucketObjectArgs.builder()\n .name(\"example.mp4\")\n .source(new FileAsset(\"./test-fixtures/example.mp4\"))\n .bucket(default_.name())\n .build());\n\n var defaultJobTemplate = new JobTemplate(\"defaultJobTemplate\", JobTemplateArgs.builder()\n .jobTemplateId(\"example-job-template\")\n .location(\"us-central1\")\n .config(JobTemplateConfigArgs.builder()\n .inputs(JobTemplateConfigInputArgs.builder()\n .key(\"input0\")\n .uri(Output.tuple(default_.name(), exampleMp4.name()).applyValue(values -\u003e {\n var defaultName = values.t1;\n var exampleMp4Name = values.t2;\n return String.format(\"gs://%s/%s\", defaultName,exampleMp4Name);\n }))\n .build())\n .output(JobTemplateConfigOutputArgs.builder()\n .uri(default_.name().applyValue(name -\u003e String.format(\"gs://%s/outputs/\", name)))\n .build())\n .editLists(JobTemplateConfigEditListArgs.builder()\n .key(\"atom0\")\n .inputs(\"input0\")\n .startTimeOffset(\"0s\")\n .build())\n .elementaryStreams( \n JobTemplateConfigElementaryStreamArgs.builder()\n .key(\"video-stream0\")\n .videoStream(JobTemplateConfigElementaryStreamVideoStreamArgs.builder()\n .h264(JobTemplateConfigElementaryStreamVideoStreamH264Args.builder()\n .widthPixels(640)\n .heightPixels(360)\n .bitrateBps(550000)\n .frameRate(60)\n .pixelFormat(\"yuv420p\")\n .rateControlMode(\"vbr\")\n .crfLevel(21)\n .gopDuration(\"3s\")\n .vbvSizeBits(550000)\n .vbvFullnessBits(495000)\n .entropyCoder(\"cabac\")\n .profile(\"high\")\n .preset(\"veryfast\")\n .build())\n .build())\n .build(),\n JobTemplateConfigElementaryStreamArgs.builder()\n .key(\"video-stream1\")\n .videoStream(JobTemplateConfigElementaryStreamVideoStreamArgs.builder()\n .h264(JobTemplateConfigElementaryStreamVideoStreamH264Args.builder()\n .widthPixels(1280)\n .heightPixels(720)\n .bitrateBps(550000)\n .frameRate(60)\n .pixelFormat(\"yuv420p\")\n .rateControlMode(\"vbr\")\n .crfLevel(21)\n .gopDuration(\"3s\")\n .vbvSizeBits(2500000)\n .vbvFullnessBits(2250000)\n .entropyCoder(\"cabac\")\n .profile(\"high\")\n .preset(\"veryfast\")\n .build())\n .build())\n .build(),\n JobTemplateConfigElementaryStreamArgs.builder()\n .key(\"audio-stream0\")\n .audioStream(JobTemplateConfigElementaryStreamAudioStreamArgs.builder()\n .codec(\"aac\")\n .bitrateBps(64000)\n .channelCount(2)\n .channelLayouts( \n \"fl\",\n \"fr\")\n .sampleRateHertz(48000)\n .build())\n .build())\n .muxStreams( \n JobTemplateConfigMuxStreamArgs.builder()\n .key(\"sd\")\n .fileName(\"sd.mp4\")\n .container(\"mp4\")\n .elementaryStreams( \n \"video-stream0\",\n \"audio-stream0\")\n .build(),\n JobTemplateConfigMuxStreamArgs.builder()\n .key(\"hd\")\n .fileName(\"hd.mp4\")\n .container(\"mp4\")\n .elementaryStreams( \n \"video-stream1\",\n \"audio-stream0\")\n .build())\n .build())\n .labels(Map.of(\"label\", \"key\"))\n .build());\n\n var defaultJob = new Job(\"defaultJob\", JobArgs.builder()\n .templateId(defaultJobTemplate.name())\n .location(\"us-central1\")\n .labels(Map.of(\"label\", \"key\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:storage:Bucket\n properties:\n name: transcoder-job\n location: US\n forceDestroy: true\n uniformBucketLevelAccess: true\n publicAccessPrevention: enforced\n exampleMp4:\n type: gcp:storage:BucketObject\n name: example_mp4\n properties:\n name: example.mp4\n source:\n fn::FileAsset: ./test-fixtures/example.mp4\n bucket: ${default.name}\n defaultJob:\n type: gcp:transcoder:Job\n name: default\n properties:\n templateId: ${defaultJobTemplate.name}\n location: us-central1\n labels:\n label: key\n defaultJobTemplate:\n type: gcp:transcoder:JobTemplate\n name: default\n properties:\n jobTemplateId: example-job-template\n location: us-central1\n config:\n inputs:\n - key: input0\n uri: gs://${default.name}/${exampleMp4.name}\n output:\n uri: gs://${default.name}/outputs/\n editLists:\n - key: atom0\n inputs:\n - input0\n startTimeOffset: 0s\n elementaryStreams:\n - key: video-stream0\n videoStream:\n h264:\n widthPixels: 640\n heightPixels: 360\n bitrateBps: 550000\n frameRate: 60\n pixelFormat: yuv420p\n rateControlMode: vbr\n crfLevel: 21\n gopDuration: 3s\n vbvSizeBits: 550000\n vbvFullnessBits: 495000\n entropyCoder: cabac\n profile: high\n preset: veryfast\n - key: video-stream1\n videoStream:\n h264:\n widthPixels: 1280\n heightPixels: 720\n bitrateBps: 550000\n frameRate: 60\n pixelFormat: yuv420p\n rateControlMode: vbr\n crfLevel: 21\n gopDuration: 3s\n vbvSizeBits: 2.5e+06\n vbvFullnessBits: 2.25e+06\n entropyCoder: cabac\n profile: high\n preset: veryfast\n - key: audio-stream0\n audioStream:\n codec: aac\n bitrateBps: 64000\n channelCount: 2\n channelLayouts:\n - fl\n - fr\n sampleRateHertz: 48000\n muxStreams:\n - key: sd\n fileName: sd.mp4\n container: mp4\n elementaryStreams:\n - video-stream0\n - audio-stream0\n - key: hd\n fileName: hd.mp4\n container: mp4\n elementaryStreams:\n - video-stream1\n - audio-stream0\n labels:\n label: key\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Transcoder Job Pubsub\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.storage.Bucket(\"default\", {\n name: \"transcoder-job\",\n location: \"US\",\n forceDestroy: true,\n uniformBucketLevelAccess: true,\n publicAccessPrevention: \"enforced\",\n});\nconst exampleMp4 = new gcp.storage.BucketObject(\"example_mp4\", {\n name: \"example.mp4\",\n source: new pulumi.asset.FileAsset(\"./test-fixtures/example.mp4\"),\n bucket: _default.name,\n});\nconst transcoderNotifications = new gcp.pubsub.Topic(\"transcoder_notifications\", {name: \"transcoder-notifications\"});\nconst defaultJob = new gcp.transcoder.Job(\"default\", {\n location: \"us-central1\",\n config: {\n inputs: [{\n key: \"input0\",\n uri: pulumi.interpolate`gs://${_default.name}/${exampleMp4.name}`,\n }],\n editLists: [{\n key: \"atom0\",\n inputs: [\"input0\"],\n startTimeOffset: \"0s\",\n }],\n adBreaks: [{\n startTimeOffset: \"3.500s\",\n }],\n elementaryStreams: [\n {\n key: \"video-stream0\",\n videoStream: {\n h264: {\n widthPixels: 640,\n heightPixels: 360,\n bitrateBps: 550000,\n frameRate: 60,\n pixelFormat: \"yuv420p\",\n rateControlMode: \"vbr\",\n crfLevel: 21,\n gopDuration: \"3s\",\n vbvSizeBits: 550000,\n vbvFullnessBits: 495000,\n entropyCoder: \"cabac\",\n profile: \"high\",\n preset: \"veryfast\",\n },\n },\n },\n {\n key: \"video-stream1\",\n videoStream: {\n h264: {\n widthPixels: 1280,\n heightPixels: 720,\n bitrateBps: 550000,\n frameRate: 60,\n pixelFormat: \"yuv420p\",\n rateControlMode: \"vbr\",\n crfLevel: 21,\n gopDuration: \"3s\",\n vbvSizeBits: 2500000,\n vbvFullnessBits: 2250000,\n entropyCoder: \"cabac\",\n profile: \"high\",\n preset: \"veryfast\",\n },\n },\n },\n {\n key: \"audio-stream0\",\n audioStream: {\n codec: \"aac\",\n bitrateBps: 64000,\n channelCount: 2,\n channelLayouts: [\n \"fl\",\n \"fr\",\n ],\n sampleRateHertz: 48000,\n },\n },\n ],\n muxStreams: [\n {\n key: \"sd\",\n fileName: \"sd.mp4\",\n container: \"mp4\",\n elementaryStreams: [\n \"video-stream0\",\n \"audio-stream0\",\n ],\n },\n {\n key: \"hd\",\n fileName: \"hd.mp4\",\n container: \"mp4\",\n elementaryStreams: [\n \"video-stream1\",\n \"audio-stream0\",\n ],\n },\n ],\n pubsubDestination: {\n topic: transcoderNotifications.id,\n },\n output: {\n uri: pulumi.interpolate`gs://${_default.name}/outputs/`,\n },\n },\n labels: {\n label: \"key\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.storage.Bucket(\"default\",\n name=\"transcoder-job\",\n location=\"US\",\n force_destroy=True,\n uniform_bucket_level_access=True,\n public_access_prevention=\"enforced\")\nexample_mp4 = gcp.storage.BucketObject(\"example_mp4\",\n name=\"example.mp4\",\n source=pulumi.FileAsset(\"./test-fixtures/example.mp4\"),\n bucket=default.name)\ntranscoder_notifications = gcp.pubsub.Topic(\"transcoder_notifications\", name=\"transcoder-notifications\")\ndefault_job = gcp.transcoder.Job(\"default\",\n location=\"us-central1\",\n config={\n \"inputs\": [{\n \"key\": \"input0\",\n \"uri\": pulumi.Output.all(\n defaultName=default.name,\n exampleMp4Name=example_mp4.name\n).apply(lambda resolved_outputs: f\"gs://{resolved_outputs['defaultName']}/{resolved_outputs['exampleMp4Name']}\")\n,\n }],\n \"edit_lists\": [{\n \"key\": \"atom0\",\n \"inputs\": [\"input0\"],\n \"start_time_offset\": \"0s\",\n }],\n \"ad_breaks\": [{\n \"start_time_offset\": \"3.500s\",\n }],\n \"elementary_streams\": [\n {\n \"key\": \"video-stream0\",\n \"video_stream\": {\n \"h264\": {\n \"width_pixels\": 640,\n \"height_pixels\": 360,\n \"bitrate_bps\": 550000,\n \"frame_rate\": 60,\n \"pixel_format\": \"yuv420p\",\n \"rate_control_mode\": \"vbr\",\n \"crf_level\": 21,\n \"gop_duration\": \"3s\",\n \"vbv_size_bits\": 550000,\n \"vbv_fullness_bits\": 495000,\n \"entropy_coder\": \"cabac\",\n \"profile\": \"high\",\n \"preset\": \"veryfast\",\n },\n },\n },\n {\n \"key\": \"video-stream1\",\n \"video_stream\": {\n \"h264\": {\n \"width_pixels\": 1280,\n \"height_pixels\": 720,\n \"bitrate_bps\": 550000,\n \"frame_rate\": 60,\n \"pixel_format\": \"yuv420p\",\n \"rate_control_mode\": \"vbr\",\n \"crf_level\": 21,\n \"gop_duration\": \"3s\",\n \"vbv_size_bits\": 2500000,\n \"vbv_fullness_bits\": 2250000,\n \"entropy_coder\": \"cabac\",\n \"profile\": \"high\",\n \"preset\": \"veryfast\",\n },\n },\n },\n {\n \"key\": \"audio-stream0\",\n \"audio_stream\": {\n \"codec\": \"aac\",\n \"bitrate_bps\": 64000,\n \"channel_count\": 2,\n \"channel_layouts\": [\n \"fl\",\n \"fr\",\n ],\n \"sample_rate_hertz\": 48000,\n },\n },\n ],\n \"mux_streams\": [\n {\n \"key\": \"sd\",\n \"file_name\": \"sd.mp4\",\n \"container\": \"mp4\",\n \"elementary_streams\": [\n \"video-stream0\",\n \"audio-stream0\",\n ],\n },\n {\n \"key\": \"hd\",\n \"file_name\": \"hd.mp4\",\n \"container\": \"mp4\",\n \"elementary_streams\": [\n \"video-stream1\",\n \"audio-stream0\",\n ],\n },\n ],\n \"pubsub_destination\": {\n \"topic\": transcoder_notifications.id,\n },\n \"output\": {\n \"uri\": default.name.apply(lambda name: f\"gs://{name}/outputs/\"),\n },\n },\n labels={\n \"label\": \"key\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Storage.Bucket(\"default\", new()\n {\n Name = \"transcoder-job\",\n Location = \"US\",\n ForceDestroy = true,\n UniformBucketLevelAccess = true,\n PublicAccessPrevention = \"enforced\",\n });\n\n var exampleMp4 = new Gcp.Storage.BucketObject(\"example_mp4\", new()\n {\n Name = \"example.mp4\",\n Source = new FileAsset(\"./test-fixtures/example.mp4\"),\n Bucket = @default.Name,\n });\n\n var transcoderNotifications = new Gcp.PubSub.Topic(\"transcoder_notifications\", new()\n {\n Name = \"transcoder-notifications\",\n });\n\n var defaultJob = new Gcp.Transcoder.Job(\"default\", new()\n {\n Location = \"us-central1\",\n Config = new Gcp.Transcoder.Inputs.JobConfigArgs\n {\n Inputs = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigInputArgs\n {\n Key = \"input0\",\n Uri = Output.Tuple(@default.Name, exampleMp4.Name).Apply(values =\u003e\n {\n var defaultName = values.Item1;\n var exampleMp4Name = values.Item2;\n return $\"gs://{defaultName}/{exampleMp4Name}\";\n }),\n },\n },\n EditLists = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigEditListArgs\n {\n Key = \"atom0\",\n Inputs = new[]\n {\n \"input0\",\n },\n StartTimeOffset = \"0s\",\n },\n },\n AdBreaks = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigAdBreakArgs\n {\n StartTimeOffset = \"3.500s\",\n },\n },\n ElementaryStreams = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigElementaryStreamArgs\n {\n Key = \"video-stream0\",\n VideoStream = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamVideoStreamArgs\n {\n H264 = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamVideoStreamH264Args\n {\n WidthPixels = 640,\n HeightPixels = 360,\n BitrateBps = 550000,\n FrameRate = 60,\n PixelFormat = \"yuv420p\",\n RateControlMode = \"vbr\",\n CrfLevel = 21,\n GopDuration = \"3s\",\n VbvSizeBits = 550000,\n VbvFullnessBits = 495000,\n EntropyCoder = \"cabac\",\n Profile = \"high\",\n Preset = \"veryfast\",\n },\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigElementaryStreamArgs\n {\n Key = \"video-stream1\",\n VideoStream = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamVideoStreamArgs\n {\n H264 = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamVideoStreamH264Args\n {\n WidthPixels = 1280,\n HeightPixels = 720,\n BitrateBps = 550000,\n FrameRate = 60,\n PixelFormat = \"yuv420p\",\n RateControlMode = \"vbr\",\n CrfLevel = 21,\n GopDuration = \"3s\",\n VbvSizeBits = 2500000,\n VbvFullnessBits = 2250000,\n EntropyCoder = \"cabac\",\n Profile = \"high\",\n Preset = \"veryfast\",\n },\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigElementaryStreamArgs\n {\n Key = \"audio-stream0\",\n AudioStream = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamAudioStreamArgs\n {\n Codec = \"aac\",\n BitrateBps = 64000,\n ChannelCount = 2,\n ChannelLayouts = new[]\n {\n \"fl\",\n \"fr\",\n },\n SampleRateHertz = 48000,\n },\n },\n },\n MuxStreams = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigMuxStreamArgs\n {\n Key = \"sd\",\n FileName = \"sd.mp4\",\n Container = \"mp4\",\n ElementaryStreams = new[]\n {\n \"video-stream0\",\n \"audio-stream0\",\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigMuxStreamArgs\n {\n Key = \"hd\",\n FileName = \"hd.mp4\",\n Container = \"mp4\",\n ElementaryStreams = new[]\n {\n \"video-stream1\",\n \"audio-stream0\",\n },\n },\n },\n PubsubDestination = new Gcp.Transcoder.Inputs.JobConfigPubsubDestinationArgs\n {\n Topic = transcoderNotifications.Id,\n },\n Output = new Gcp.Transcoder.Inputs.JobConfigOutputArgs\n {\n Uri = @default.Name.Apply(name =\u003e $\"gs://{name}/outputs/\"),\n },\n },\n Labels = \n {\n { \"label\", \"key\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/transcoder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucket(ctx, \"default\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"transcoder-job\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t\tPublicAccessPrevention: pulumi.String(\"enforced\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleMp4, err := storage.NewBucketObject(ctx, \"example_mp4\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"example.mp4\"),\n\t\t\tSource: pulumi.NewFileAsset(\"./test-fixtures/example.mp4\"),\n\t\t\tBucket: _default.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttranscoderNotifications, err := pubsub.NewTopic(ctx, \"transcoder_notifications\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"transcoder-notifications\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = transcoder.NewJob(ctx, \"default\", \u0026transcoder.JobArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConfig: \u0026transcoder.JobConfigArgs{\n\t\t\t\tInputs: transcoder.JobConfigInputTypeArray{\n\t\t\t\t\t\u0026transcoder.JobConfigInputTypeArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"input0\"),\n\t\t\t\t\t\tUri: pulumi.All(_default.Name, exampleMp4.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\t\tdefaultName := _args[0].(string)\n\t\t\t\t\t\t\texampleMp4Name := _args[1].(string)\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/%v\", defaultName, exampleMp4Name), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tEditLists: transcoder.JobConfigEditListArray{\n\t\t\t\t\t\u0026transcoder.JobConfigEditListArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"atom0\"),\n\t\t\t\t\t\tInputs: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"input0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tStartTimeOffset: pulumi.String(\"0s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tAdBreaks: transcoder.JobConfigAdBreakArray{\n\t\t\t\t\t\u0026transcoder.JobConfigAdBreakArgs{\n\t\t\t\t\t\tStartTimeOffset: pulumi.String(\"3.500s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tElementaryStreams: transcoder.JobConfigElementaryStreamArray{\n\t\t\t\t\t\u0026transcoder.JobConfigElementaryStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"video-stream0\"),\n\t\t\t\t\t\tVideoStream: \u0026transcoder.JobConfigElementaryStreamVideoStreamArgs{\n\t\t\t\t\t\t\tH264: \u0026transcoder.JobConfigElementaryStreamVideoStreamH264Args{\n\t\t\t\t\t\t\t\tWidthPixels: pulumi.Int(640),\n\t\t\t\t\t\t\t\tHeightPixels: pulumi.Int(360),\n\t\t\t\t\t\t\t\tBitrateBps: pulumi.Int(550000),\n\t\t\t\t\t\t\t\tFrameRate: pulumi.Int(60),\n\t\t\t\t\t\t\t\tPixelFormat: pulumi.String(\"yuv420p\"),\n\t\t\t\t\t\t\t\tRateControlMode: pulumi.String(\"vbr\"),\n\t\t\t\t\t\t\t\tCrfLevel: pulumi.Int(21),\n\t\t\t\t\t\t\t\tGopDuration: pulumi.String(\"3s\"),\n\t\t\t\t\t\t\t\tVbvSizeBits: pulumi.Int(550000),\n\t\t\t\t\t\t\t\tVbvFullnessBits: pulumi.Int(495000),\n\t\t\t\t\t\t\t\tEntropyCoder: pulumi.String(\"cabac\"),\n\t\t\t\t\t\t\t\tProfile: pulumi.String(\"high\"),\n\t\t\t\t\t\t\t\tPreset: pulumi.String(\"veryfast\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigElementaryStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"video-stream1\"),\n\t\t\t\t\t\tVideoStream: \u0026transcoder.JobConfigElementaryStreamVideoStreamArgs{\n\t\t\t\t\t\t\tH264: \u0026transcoder.JobConfigElementaryStreamVideoStreamH264Args{\n\t\t\t\t\t\t\t\tWidthPixels: pulumi.Int(1280),\n\t\t\t\t\t\t\t\tHeightPixels: pulumi.Int(720),\n\t\t\t\t\t\t\t\tBitrateBps: pulumi.Int(550000),\n\t\t\t\t\t\t\t\tFrameRate: pulumi.Int(60),\n\t\t\t\t\t\t\t\tPixelFormat: pulumi.String(\"yuv420p\"),\n\t\t\t\t\t\t\t\tRateControlMode: pulumi.String(\"vbr\"),\n\t\t\t\t\t\t\t\tCrfLevel: pulumi.Int(21),\n\t\t\t\t\t\t\t\tGopDuration: pulumi.String(\"3s\"),\n\t\t\t\t\t\t\t\tVbvSizeBits: pulumi.Int(2500000),\n\t\t\t\t\t\t\t\tVbvFullnessBits: pulumi.Int(2250000),\n\t\t\t\t\t\t\t\tEntropyCoder: pulumi.String(\"cabac\"),\n\t\t\t\t\t\t\t\tProfile: pulumi.String(\"high\"),\n\t\t\t\t\t\t\t\tPreset: pulumi.String(\"veryfast\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigElementaryStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"audio-stream0\"),\n\t\t\t\t\t\tAudioStream: \u0026transcoder.JobConfigElementaryStreamAudioStreamArgs{\n\t\t\t\t\t\t\tCodec: pulumi.String(\"aac\"),\n\t\t\t\t\t\t\tBitrateBps: pulumi.Int(64000),\n\t\t\t\t\t\t\tChannelCount: pulumi.Int(2),\n\t\t\t\t\t\t\tChannelLayouts: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"fl\"),\n\t\t\t\t\t\t\t\tpulumi.String(\"fr\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tSampleRateHertz: pulumi.Int(48000),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tMuxStreams: transcoder.JobConfigMuxStreamArray{\n\t\t\t\t\t\u0026transcoder.JobConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sd\"),\n\t\t\t\t\t\tFileName: pulumi.String(\"sd.mp4\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"mp4\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"video-stream0\"),\n\t\t\t\t\t\t\tpulumi.String(\"audio-stream0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"hd\"),\n\t\t\t\t\t\tFileName: pulumi.String(\"hd.mp4\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"mp4\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"video-stream1\"),\n\t\t\t\t\t\t\tpulumi.String(\"audio-stream0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tPubsubDestination: \u0026transcoder.JobConfigPubsubDestinationArgs{\n\t\t\t\t\tTopic: transcoderNotifications.ID(),\n\t\t\t\t},\n\t\t\t\tOutput: \u0026transcoder.JobConfigOutputTypeArgs{\n\t\t\t\t\tUri: _default.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/outputs/\", name), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label\": pulumi.String(\"key\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.transcoder.Job;\nimport com.pulumi.gcp.transcoder.JobArgs;\nimport com.pulumi.gcp.transcoder.inputs.JobConfigArgs;\nimport com.pulumi.gcp.transcoder.inputs.JobConfigPubsubDestinationArgs;\nimport com.pulumi.gcp.transcoder.inputs.JobConfigOutputArgs;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Bucket(\"default\", BucketArgs.builder()\n .name(\"transcoder-job\")\n .location(\"US\")\n .forceDestroy(true)\n .uniformBucketLevelAccess(true)\n .publicAccessPrevention(\"enforced\")\n .build());\n\n var exampleMp4 = new BucketObject(\"exampleMp4\", BucketObjectArgs.builder()\n .name(\"example.mp4\")\n .source(new FileAsset(\"./test-fixtures/example.mp4\"))\n .bucket(default_.name())\n .build());\n\n var transcoderNotifications = new Topic(\"transcoderNotifications\", TopicArgs.builder()\n .name(\"transcoder-notifications\")\n .build());\n\n var defaultJob = new Job(\"defaultJob\", JobArgs.builder()\n .location(\"us-central1\")\n .config(JobConfigArgs.builder()\n .inputs(JobConfigInputArgs.builder()\n .key(\"input0\")\n .uri(Output.tuple(default_.name(), exampleMp4.name()).applyValue(values -\u003e {\n var defaultName = values.t1;\n var exampleMp4Name = values.t2;\n return String.format(\"gs://%s/%s\", defaultName,exampleMp4Name);\n }))\n .build())\n .editLists(JobConfigEditListArgs.builder()\n .key(\"atom0\")\n .inputs(\"input0\")\n .startTimeOffset(\"0s\")\n .build())\n .adBreaks(JobConfigAdBreakArgs.builder()\n .startTimeOffset(\"3.500s\")\n .build())\n .elementaryStreams( \n JobConfigElementaryStreamArgs.builder()\n .key(\"video-stream0\")\n .videoStream(JobConfigElementaryStreamVideoStreamArgs.builder()\n .h264(JobConfigElementaryStreamVideoStreamH264Args.builder()\n .widthPixels(640)\n .heightPixels(360)\n .bitrateBps(550000)\n .frameRate(60)\n .pixelFormat(\"yuv420p\")\n .rateControlMode(\"vbr\")\n .crfLevel(21)\n .gopDuration(\"3s\")\n .vbvSizeBits(550000)\n .vbvFullnessBits(495000)\n .entropyCoder(\"cabac\")\n .profile(\"high\")\n .preset(\"veryfast\")\n .build())\n .build())\n .build(),\n JobConfigElementaryStreamArgs.builder()\n .key(\"video-stream1\")\n .videoStream(JobConfigElementaryStreamVideoStreamArgs.builder()\n .h264(JobConfigElementaryStreamVideoStreamH264Args.builder()\n .widthPixels(1280)\n .heightPixels(720)\n .bitrateBps(550000)\n .frameRate(60)\n .pixelFormat(\"yuv420p\")\n .rateControlMode(\"vbr\")\n .crfLevel(21)\n .gopDuration(\"3s\")\n .vbvSizeBits(2500000)\n .vbvFullnessBits(2250000)\n .entropyCoder(\"cabac\")\n .profile(\"high\")\n .preset(\"veryfast\")\n .build())\n .build())\n .build(),\n JobConfigElementaryStreamArgs.builder()\n .key(\"audio-stream0\")\n .audioStream(JobConfigElementaryStreamAudioStreamArgs.builder()\n .codec(\"aac\")\n .bitrateBps(64000)\n .channelCount(2)\n .channelLayouts( \n \"fl\",\n \"fr\")\n .sampleRateHertz(48000)\n .build())\n .build())\n .muxStreams( \n JobConfigMuxStreamArgs.builder()\n .key(\"sd\")\n .fileName(\"sd.mp4\")\n .container(\"mp4\")\n .elementaryStreams( \n \"video-stream0\",\n \"audio-stream0\")\n .build(),\n JobConfigMuxStreamArgs.builder()\n .key(\"hd\")\n .fileName(\"hd.mp4\")\n .container(\"mp4\")\n .elementaryStreams( \n \"video-stream1\",\n \"audio-stream0\")\n .build())\n .pubsubDestination(JobConfigPubsubDestinationArgs.builder()\n .topic(transcoderNotifications.id())\n .build())\n .output(JobConfigOutputArgs.builder()\n .uri(default_.name().applyValue(name -\u003e String.format(\"gs://%s/outputs/\", name)))\n .build())\n .build())\n .labels(Map.of(\"label\", \"key\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:storage:Bucket\n properties:\n name: transcoder-job\n location: US\n forceDestroy: true\n uniformBucketLevelAccess: true\n publicAccessPrevention: enforced\n exampleMp4:\n type: gcp:storage:BucketObject\n name: example_mp4\n properties:\n name: example.mp4\n source:\n fn::FileAsset: ./test-fixtures/example.mp4\n bucket: ${default.name}\n transcoderNotifications:\n type: gcp:pubsub:Topic\n name: transcoder_notifications\n properties:\n name: transcoder-notifications\n defaultJob:\n type: gcp:transcoder:Job\n name: default\n properties:\n location: us-central1\n config:\n inputs:\n - key: input0\n uri: gs://${default.name}/${exampleMp4.name}\n editLists:\n - key: atom0\n inputs:\n - input0\n startTimeOffset: 0s\n adBreaks:\n - startTimeOffset: 3.500s\n elementaryStreams:\n - key: video-stream0\n videoStream:\n h264:\n widthPixels: 640\n heightPixels: 360\n bitrateBps: 550000\n frameRate: 60\n pixelFormat: yuv420p\n rateControlMode: vbr\n crfLevel: 21\n gopDuration: 3s\n vbvSizeBits: 550000\n vbvFullnessBits: 495000\n entropyCoder: cabac\n profile: high\n preset: veryfast\n - key: video-stream1\n videoStream:\n h264:\n widthPixels: 1280\n heightPixels: 720\n bitrateBps: 550000\n frameRate: 60\n pixelFormat: yuv420p\n rateControlMode: vbr\n crfLevel: 21\n gopDuration: 3s\n vbvSizeBits: 2.5e+06\n vbvFullnessBits: 2.25e+06\n entropyCoder: cabac\n profile: high\n preset: veryfast\n - key: audio-stream0\n audioStream:\n codec: aac\n bitrateBps: 64000\n channelCount: 2\n channelLayouts:\n - fl\n - fr\n sampleRateHertz: 48000\n muxStreams:\n - key: sd\n fileName: sd.mp4\n container: mp4\n elementaryStreams:\n - video-stream0\n - audio-stream0\n - key: hd\n fileName: hd.mp4\n container: mp4\n elementaryStreams:\n - video-stream1\n - audio-stream0\n pubsubDestination:\n topic: ${transcoderNotifications.id}\n output:\n uri: gs://${default.name}/outputs/\n labels:\n label: key\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Transcoder Job Encryptions\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.storage.Bucket(\"default\", {\n name: \"transcoder-job\",\n location: \"US\",\n forceDestroy: true,\n uniformBucketLevelAccess: true,\n publicAccessPrevention: \"enforced\",\n});\nconst exampleMp4 = new gcp.storage.BucketObject(\"example_mp4\", {\n name: \"example.mp4\",\n source: new pulumi.asset.FileAsset(\"./test-fixtures/example.mp4\"),\n bucket: _default.name,\n});\nconst encryptionKey = new gcp.secretmanager.Secret(\"encryption_key\", {\n secretId: \"transcoder-encryption-key\",\n replication: {\n auto: {},\n },\n});\nconst encryptionKeySecretVersion = new gcp.secretmanager.SecretVersion(\"encryption_key\", {\n secret: encryptionKey.name,\n secretData: \"4A67F2C1B8E93A4F6D3E7890A1BC23DF\",\n});\nconst project = gcp.organizations.getProject({});\n// this is required to allow the transcoder service identity to access the secret\nconst transcoder = new gcp.projects.ServiceIdentity(\"transcoder\", {\n project: project.then(project =\u003e project.projectId),\n service: \"transcoder.googleapis.com\",\n});\nconst transcoderEncryptionKeyAccessor = new gcp.secretmanager.SecretIamMember(\"transcoder_encryption_key_accessor\", {\n secretId: encryptionKey.secretId,\n project: encryptionKey.project,\n role: \"roles/secretmanager.secretAccessor\",\n member: pulumi.interpolate`serviceAccount:${transcoder.email}`,\n});\nconst defaultJob = new gcp.transcoder.Job(\"default\", {\n location: \"us-central1\",\n config: {\n inputs: [{\n key: \"input0\",\n uri: pulumi.interpolate`gs://${_default.name}/${exampleMp4.name}`,\n }],\n elementaryStreams: [\n {\n key: \"es_video\",\n videoStream: {\n h264: {\n profile: \"main\",\n heightPixels: 600,\n widthPixels: 800,\n bitrateBps: 1000000,\n frameRate: 60,\n },\n },\n },\n {\n key: \"es_audio\",\n audioStream: {\n codec: \"aac\",\n channelCount: 2,\n bitrateBps: 160000,\n },\n },\n ],\n encryptions: [\n {\n id: \"aes-128\",\n secretManagerKeySource: {\n secretVersion: encryptionKeySecretVersion.name,\n },\n drmSystems: {\n clearkey: {},\n },\n aes128: {},\n },\n {\n id: \"cenc\",\n secretManagerKeySource: {\n secretVersion: encryptionKeySecretVersion.name,\n },\n drmSystems: {\n widevine: {},\n },\n mpegCenc: {\n scheme: \"cenc\",\n },\n },\n {\n id: \"cbcs\",\n secretManagerKeySource: {\n secretVersion: encryptionKeySecretVersion.name,\n },\n drmSystems: {\n widevine: {},\n },\n mpegCenc: {\n scheme: \"cbcs\",\n },\n },\n ],\n muxStreams: [\n {\n key: \"ts_aes128\",\n container: \"ts\",\n elementaryStreams: [\n \"es_video\",\n \"es_audio\",\n ],\n segmentSettings: {\n segmentDuration: \"6s\",\n },\n encryptionId: \"aes-128\",\n },\n {\n key: \"fmp4_cenc_video\",\n container: \"fmp4\",\n elementaryStreams: [\"es_video\"],\n segmentSettings: {\n segmentDuration: \"6s\",\n },\n encryptionId: \"cenc\",\n },\n {\n key: \"fmp4_cenc_audio\",\n container: \"fmp4\",\n elementaryStreams: [\"es_audio\"],\n segmentSettings: {\n segmentDuration: \"6s\",\n },\n encryptionId: \"cenc\",\n },\n {\n key: \"fmp4_cbcs_video\",\n container: \"fmp4\",\n elementaryStreams: [\"es_video\"],\n segmentSettings: {\n segmentDuration: \"6s\",\n },\n encryptionId: \"cbcs\",\n },\n {\n key: \"fmp4_cbcs_audio\",\n container: \"fmp4\",\n elementaryStreams: [\"es_audio\"],\n segmentSettings: {\n segmentDuration: \"6s\",\n },\n encryptionId: \"cbcs\",\n },\n ],\n manifests: [\n {\n fileName: \"manifest_aes128.m3u8\",\n type: \"HLS\",\n muxStreams: [\"ts_aes128\"],\n },\n {\n fileName: \"manifest_cenc.mpd\",\n type: \"DASH\",\n muxStreams: [\n \"fmp4_cenc_video\",\n \"fmp4_cenc_audio\",\n ],\n },\n {\n fileName: \"manifest_cbcs.mpd\",\n type: \"DASH\",\n muxStreams: [\n \"fmp4_cbcs_video\",\n \"fmp4_cbcs_audio\",\n ],\n },\n ],\n output: {\n uri: pulumi.interpolate`gs://${_default.name}/outputs/`,\n },\n },\n labels: {\n label: \"key\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.storage.Bucket(\"default\",\n name=\"transcoder-job\",\n location=\"US\",\n force_destroy=True,\n uniform_bucket_level_access=True,\n public_access_prevention=\"enforced\")\nexample_mp4 = gcp.storage.BucketObject(\"example_mp4\",\n name=\"example.mp4\",\n source=pulumi.FileAsset(\"./test-fixtures/example.mp4\"),\n bucket=default.name)\nencryption_key = gcp.secretmanager.Secret(\"encryption_key\",\n secret_id=\"transcoder-encryption-key\",\n replication={\n \"auto\": {},\n })\nencryption_key_secret_version = gcp.secretmanager.SecretVersion(\"encryption_key\",\n secret=encryption_key.name,\n secret_data=\"4A67F2C1B8E93A4F6D3E7890A1BC23DF\")\nproject = gcp.organizations.get_project()\n# this is required to allow the transcoder service identity to access the secret\ntranscoder = gcp.projects.ServiceIdentity(\"transcoder\",\n project=project.project_id,\n service=\"transcoder.googleapis.com\")\ntranscoder_encryption_key_accessor = gcp.secretmanager.SecretIamMember(\"transcoder_encryption_key_accessor\",\n secret_id=encryption_key.secret_id,\n project=encryption_key.project,\n role=\"roles/secretmanager.secretAccessor\",\n member=transcoder.email.apply(lambda email: f\"serviceAccount:{email}\"))\ndefault_job = gcp.transcoder.Job(\"default\",\n location=\"us-central1\",\n config={\n \"inputs\": [{\n \"key\": \"input0\",\n \"uri\": pulumi.Output.all(\n defaultName=default.name,\n exampleMp4Name=example_mp4.name\n).apply(lambda resolved_outputs: f\"gs://{resolved_outputs['defaultName']}/{resolved_outputs['exampleMp4Name']}\")\n,\n }],\n \"elementary_streams\": [\n {\n \"key\": \"es_video\",\n \"video_stream\": {\n \"h264\": {\n \"profile\": \"main\",\n \"height_pixels\": 600,\n \"width_pixels\": 800,\n \"bitrate_bps\": 1000000,\n \"frame_rate\": 60,\n },\n },\n },\n {\n \"key\": \"es_audio\",\n \"audio_stream\": {\n \"codec\": \"aac\",\n \"channel_count\": 2,\n \"bitrate_bps\": 160000,\n },\n },\n ],\n \"encryptions\": [\n {\n \"id\": \"aes-128\",\n \"secret_manager_key_source\": {\n \"secret_version\": encryption_key_secret_version.name,\n },\n \"drm_systems\": {\n \"clearkey\": {},\n },\n \"aes128\": {},\n },\n {\n \"id\": \"cenc\",\n \"secret_manager_key_source\": {\n \"secret_version\": encryption_key_secret_version.name,\n },\n \"drm_systems\": {\n \"widevine\": {},\n },\n \"mpeg_cenc\": {\n \"scheme\": \"cenc\",\n },\n },\n {\n \"id\": \"cbcs\",\n \"secret_manager_key_source\": {\n \"secret_version\": encryption_key_secret_version.name,\n },\n \"drm_systems\": {\n \"widevine\": {},\n },\n \"mpeg_cenc\": {\n \"scheme\": \"cbcs\",\n },\n },\n ],\n \"mux_streams\": [\n {\n \"key\": \"ts_aes128\",\n \"container\": \"ts\",\n \"elementary_streams\": [\n \"es_video\",\n \"es_audio\",\n ],\n \"segment_settings\": {\n \"segment_duration\": \"6s\",\n },\n \"encryption_id\": \"aes-128\",\n },\n {\n \"key\": \"fmp4_cenc_video\",\n \"container\": \"fmp4\",\n \"elementary_streams\": [\"es_video\"],\n \"segment_settings\": {\n \"segment_duration\": \"6s\",\n },\n \"encryption_id\": \"cenc\",\n },\n {\n \"key\": \"fmp4_cenc_audio\",\n \"container\": \"fmp4\",\n \"elementary_streams\": [\"es_audio\"],\n \"segment_settings\": {\n \"segment_duration\": \"6s\",\n },\n \"encryption_id\": \"cenc\",\n },\n {\n \"key\": \"fmp4_cbcs_video\",\n \"container\": \"fmp4\",\n \"elementary_streams\": [\"es_video\"],\n \"segment_settings\": {\n \"segment_duration\": \"6s\",\n },\n \"encryption_id\": \"cbcs\",\n },\n {\n \"key\": \"fmp4_cbcs_audio\",\n \"container\": \"fmp4\",\n \"elementary_streams\": [\"es_audio\"],\n \"segment_settings\": {\n \"segment_duration\": \"6s\",\n },\n \"encryption_id\": \"cbcs\",\n },\n ],\n \"manifests\": [\n {\n \"file_name\": \"manifest_aes128.m3u8\",\n \"type\": \"HLS\",\n \"mux_streams\": [\"ts_aes128\"],\n },\n {\n \"file_name\": \"manifest_cenc.mpd\",\n \"type\": \"DASH\",\n \"mux_streams\": [\n \"fmp4_cenc_video\",\n \"fmp4_cenc_audio\",\n ],\n },\n {\n \"file_name\": \"manifest_cbcs.mpd\",\n \"type\": \"DASH\",\n \"mux_streams\": [\n \"fmp4_cbcs_video\",\n \"fmp4_cbcs_audio\",\n ],\n },\n ],\n \"output\": {\n \"uri\": default.name.apply(lambda name: f\"gs://{name}/outputs/\"),\n },\n },\n labels={\n \"label\": \"key\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Storage.Bucket(\"default\", new()\n {\n Name = \"transcoder-job\",\n Location = \"US\",\n ForceDestroy = true,\n UniformBucketLevelAccess = true,\n PublicAccessPrevention = \"enforced\",\n });\n\n var exampleMp4 = new Gcp.Storage.BucketObject(\"example_mp4\", new()\n {\n Name = \"example.mp4\",\n Source = new FileAsset(\"./test-fixtures/example.mp4\"),\n Bucket = @default.Name,\n });\n\n var encryptionKey = new Gcp.SecretManager.Secret(\"encryption_key\", new()\n {\n SecretId = \"transcoder-encryption-key\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var encryptionKeySecretVersion = new Gcp.SecretManager.SecretVersion(\"encryption_key\", new()\n {\n Secret = encryptionKey.Name,\n SecretData = \"4A67F2C1B8E93A4F6D3E7890A1BC23DF\",\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n // this is required to allow the transcoder service identity to access the secret\n var transcoder = new Gcp.Projects.ServiceIdentity(\"transcoder\", new()\n {\n Project = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n Service = \"transcoder.googleapis.com\",\n });\n\n var transcoderEncryptionKeyAccessor = new Gcp.SecretManager.SecretIamMember(\"transcoder_encryption_key_accessor\", new()\n {\n SecretId = encryptionKey.SecretId,\n Project = encryptionKey.Project,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = transcoder.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n var defaultJob = new Gcp.Transcoder.Job(\"default\", new()\n {\n Location = \"us-central1\",\n Config = new Gcp.Transcoder.Inputs.JobConfigArgs\n {\n Inputs = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigInputArgs\n {\n Key = \"input0\",\n Uri = Output.Tuple(@default.Name, exampleMp4.Name).Apply(values =\u003e\n {\n var defaultName = values.Item1;\n var exampleMp4Name = values.Item2;\n return $\"gs://{defaultName}/{exampleMp4Name}\";\n }),\n },\n },\n ElementaryStreams = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigElementaryStreamArgs\n {\n Key = \"es_video\",\n VideoStream = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamVideoStreamArgs\n {\n H264 = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamVideoStreamH264Args\n {\n Profile = \"main\",\n HeightPixels = 600,\n WidthPixels = 800,\n BitrateBps = 1000000,\n FrameRate = 60,\n },\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigElementaryStreamArgs\n {\n Key = \"es_audio\",\n AudioStream = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamAudioStreamArgs\n {\n Codec = \"aac\",\n ChannelCount = 2,\n BitrateBps = 160000,\n },\n },\n },\n Encryptions = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigEncryptionArgs\n {\n Id = \"aes-128\",\n SecretManagerKeySource = new Gcp.Transcoder.Inputs.JobConfigEncryptionSecretManagerKeySourceArgs\n {\n SecretVersion = encryptionKeySecretVersion.Name,\n },\n DrmSystems = new Gcp.Transcoder.Inputs.JobConfigEncryptionDrmSystemsArgs\n {\n Clearkey = null,\n },\n Aes128 = null,\n },\n new Gcp.Transcoder.Inputs.JobConfigEncryptionArgs\n {\n Id = \"cenc\",\n SecretManagerKeySource = new Gcp.Transcoder.Inputs.JobConfigEncryptionSecretManagerKeySourceArgs\n {\n SecretVersion = encryptionKeySecretVersion.Name,\n },\n DrmSystems = new Gcp.Transcoder.Inputs.JobConfigEncryptionDrmSystemsArgs\n {\n Widevine = null,\n },\n MpegCenc = new Gcp.Transcoder.Inputs.JobConfigEncryptionMpegCencArgs\n {\n Scheme = \"cenc\",\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigEncryptionArgs\n {\n Id = \"cbcs\",\n SecretManagerKeySource = new Gcp.Transcoder.Inputs.JobConfigEncryptionSecretManagerKeySourceArgs\n {\n SecretVersion = encryptionKeySecretVersion.Name,\n },\n DrmSystems = new Gcp.Transcoder.Inputs.JobConfigEncryptionDrmSystemsArgs\n {\n Widevine = null,\n },\n MpegCenc = new Gcp.Transcoder.Inputs.JobConfigEncryptionMpegCencArgs\n {\n Scheme = \"cbcs\",\n },\n },\n },\n MuxStreams = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigMuxStreamArgs\n {\n Key = \"ts_aes128\",\n Container = \"ts\",\n ElementaryStreams = new[]\n {\n \"es_video\",\n \"es_audio\",\n },\n SegmentSettings = new Gcp.Transcoder.Inputs.JobConfigMuxStreamSegmentSettingsArgs\n {\n SegmentDuration = \"6s\",\n },\n EncryptionId = \"aes-128\",\n },\n new Gcp.Transcoder.Inputs.JobConfigMuxStreamArgs\n {\n Key = \"fmp4_cenc_video\",\n Container = \"fmp4\",\n ElementaryStreams = new[]\n {\n \"es_video\",\n },\n SegmentSettings = new Gcp.Transcoder.Inputs.JobConfigMuxStreamSegmentSettingsArgs\n {\n SegmentDuration = \"6s\",\n },\n EncryptionId = \"cenc\",\n },\n new Gcp.Transcoder.Inputs.JobConfigMuxStreamArgs\n {\n Key = \"fmp4_cenc_audio\",\n Container = \"fmp4\",\n ElementaryStreams = new[]\n {\n \"es_audio\",\n },\n SegmentSettings = new Gcp.Transcoder.Inputs.JobConfigMuxStreamSegmentSettingsArgs\n {\n SegmentDuration = \"6s\",\n },\n EncryptionId = \"cenc\",\n },\n new Gcp.Transcoder.Inputs.JobConfigMuxStreamArgs\n {\n Key = \"fmp4_cbcs_video\",\n Container = \"fmp4\",\n ElementaryStreams = new[]\n {\n \"es_video\",\n },\n SegmentSettings = new Gcp.Transcoder.Inputs.JobConfigMuxStreamSegmentSettingsArgs\n {\n SegmentDuration = \"6s\",\n },\n EncryptionId = \"cbcs\",\n },\n new Gcp.Transcoder.Inputs.JobConfigMuxStreamArgs\n {\n Key = \"fmp4_cbcs_audio\",\n Container = \"fmp4\",\n ElementaryStreams = new[]\n {\n \"es_audio\",\n },\n SegmentSettings = new Gcp.Transcoder.Inputs.JobConfigMuxStreamSegmentSettingsArgs\n {\n SegmentDuration = \"6s\",\n },\n EncryptionId = \"cbcs\",\n },\n },\n Manifests = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigManifestArgs\n {\n FileName = \"manifest_aes128.m3u8\",\n Type = \"HLS\",\n MuxStreams = new[]\n {\n \"ts_aes128\",\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigManifestArgs\n {\n FileName = \"manifest_cenc.mpd\",\n Type = \"DASH\",\n MuxStreams = new[]\n {\n \"fmp4_cenc_video\",\n \"fmp4_cenc_audio\",\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigManifestArgs\n {\n FileName = \"manifest_cbcs.mpd\",\n Type = \"DASH\",\n MuxStreams = new[]\n {\n \"fmp4_cbcs_video\",\n \"fmp4_cbcs_audio\",\n },\n },\n },\n Output = new Gcp.Transcoder.Inputs.JobConfigOutputArgs\n {\n Uri = @default.Name.Apply(name =\u003e $\"gs://{name}/outputs/\"),\n },\n },\n Labels = \n {\n { \"label\", \"key\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/transcoder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucket(ctx, \"default\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"transcoder-job\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t\tPublicAccessPrevention: pulumi.String(\"enforced\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleMp4, err := storage.NewBucketObject(ctx, \"example_mp4\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"example.mp4\"),\n\t\t\tSource: pulumi.NewFileAsset(\"./test-fixtures/example.mp4\"),\n\t\t\tBucket: _default.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tencryptionKey, err := secretmanager.NewSecret(ctx, \"encryption_key\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"transcoder-encryption-key\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tencryptionKeySecretVersion, err := secretmanager.NewSecretVersion(ctx, \"encryption_key\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: encryptionKey.Name,\n\t\t\tSecretData: pulumi.String(\"4A67F2C1B8E93A4F6D3E7890A1BC23DF\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// this is required to allow the transcoder service identity to access the secret\n\t\ttranscoder, err := projects.NewServiceIdentity(ctx, \"transcoder\", \u0026projects.ServiceIdentityArgs{\n\t\t\tProject: pulumi.String(project.ProjectId),\n\t\t\tService: pulumi.String(\"transcoder.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamMember(ctx, \"transcoder_encryption_key_accessor\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tSecretId: encryptionKey.SecretId,\n\t\t\tProject: encryptionKey.Project,\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: transcoder.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = transcoder.NewJob(ctx, \"default\", \u0026transcoder.JobArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConfig: \u0026transcoder.JobConfigArgs{\n\t\t\t\tInputs: transcoder.JobConfigInputTypeArray{\n\t\t\t\t\t\u0026transcoder.JobConfigInputTypeArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"input0\"),\n\t\t\t\t\t\tUri: pulumi.All(_default.Name, exampleMp4.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\t\tdefaultName := _args[0].(string)\n\t\t\t\t\t\t\texampleMp4Name := _args[1].(string)\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/%v\", defaultName, exampleMp4Name), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tElementaryStreams: transcoder.JobConfigElementaryStreamArray{\n\t\t\t\t\t\u0026transcoder.JobConfigElementaryStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"es_video\"),\n\t\t\t\t\t\tVideoStream: \u0026transcoder.JobConfigElementaryStreamVideoStreamArgs{\n\t\t\t\t\t\t\tH264: \u0026transcoder.JobConfigElementaryStreamVideoStreamH264Args{\n\t\t\t\t\t\t\t\tProfile: pulumi.String(\"main\"),\n\t\t\t\t\t\t\t\tHeightPixels: pulumi.Int(600),\n\t\t\t\t\t\t\t\tWidthPixels: pulumi.Int(800),\n\t\t\t\t\t\t\t\tBitrateBps: pulumi.Int(1000000),\n\t\t\t\t\t\t\t\tFrameRate: pulumi.Int(60),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigElementaryStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"es_audio\"),\n\t\t\t\t\t\tAudioStream: \u0026transcoder.JobConfigElementaryStreamAudioStreamArgs{\n\t\t\t\t\t\t\tCodec: pulumi.String(\"aac\"),\n\t\t\t\t\t\t\tChannelCount: pulumi.Int(2),\n\t\t\t\t\t\t\tBitrateBps: pulumi.Int(160000),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tEncryptions: transcoder.JobConfigEncryptionArray{\n\t\t\t\t\t\u0026transcoder.JobConfigEncryptionArgs{\n\t\t\t\t\t\tId: pulumi.String(\"aes-128\"),\n\t\t\t\t\t\tSecretManagerKeySource: \u0026transcoder.JobConfigEncryptionSecretManagerKeySourceArgs{\n\t\t\t\t\t\t\tSecretVersion: encryptionKeySecretVersion.Name,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDrmSystems: \u0026transcoder.JobConfigEncryptionDrmSystemsArgs{\n\t\t\t\t\t\t\tClearkey: \u0026transcoder.JobConfigEncryptionDrmSystemsClearkeyArgs{},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tAes128: \u0026transcoder.JobConfigEncryptionAes128Args{},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigEncryptionArgs{\n\t\t\t\t\t\tId: pulumi.String(\"cenc\"),\n\t\t\t\t\t\tSecretManagerKeySource: \u0026transcoder.JobConfigEncryptionSecretManagerKeySourceArgs{\n\t\t\t\t\t\t\tSecretVersion: encryptionKeySecretVersion.Name,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDrmSystems: \u0026transcoder.JobConfigEncryptionDrmSystemsArgs{\n\t\t\t\t\t\t\tWidevine: \u0026transcoder.JobConfigEncryptionDrmSystemsWidevineArgs{},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tMpegCenc: \u0026transcoder.JobConfigEncryptionMpegCencArgs{\n\t\t\t\t\t\t\tScheme: pulumi.String(\"cenc\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigEncryptionArgs{\n\t\t\t\t\t\tId: pulumi.String(\"cbcs\"),\n\t\t\t\t\t\tSecretManagerKeySource: \u0026transcoder.JobConfigEncryptionSecretManagerKeySourceArgs{\n\t\t\t\t\t\t\tSecretVersion: encryptionKeySecretVersion.Name,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDrmSystems: \u0026transcoder.JobConfigEncryptionDrmSystemsArgs{\n\t\t\t\t\t\t\tWidevine: \u0026transcoder.JobConfigEncryptionDrmSystemsWidevineArgs{},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tMpegCenc: \u0026transcoder.JobConfigEncryptionMpegCencArgs{\n\t\t\t\t\t\t\tScheme: pulumi.String(\"cbcs\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tMuxStreams: transcoder.JobConfigMuxStreamArray{\n\t\t\t\t\t\u0026transcoder.JobConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"ts_aes128\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"ts\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"es_video\"),\n\t\t\t\t\t\t\tpulumi.String(\"es_audio\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSegmentSettings: \u0026transcoder.JobConfigMuxStreamSegmentSettingsArgs{\n\t\t\t\t\t\t\tSegmentDuration: pulumi.String(\"6s\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tEncryptionId: pulumi.String(\"aes-128\"),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"fmp4_cenc_video\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"fmp4\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"es_video\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSegmentSettings: \u0026transcoder.JobConfigMuxStreamSegmentSettingsArgs{\n\t\t\t\t\t\t\tSegmentDuration: pulumi.String(\"6s\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tEncryptionId: pulumi.String(\"cenc\"),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"fmp4_cenc_audio\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"fmp4\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"es_audio\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSegmentSettings: \u0026transcoder.JobConfigMuxStreamSegmentSettingsArgs{\n\t\t\t\t\t\t\tSegmentDuration: pulumi.String(\"6s\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tEncryptionId: pulumi.String(\"cenc\"),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"fmp4_cbcs_video\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"fmp4\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"es_video\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSegmentSettings: \u0026transcoder.JobConfigMuxStreamSegmentSettingsArgs{\n\t\t\t\t\t\t\tSegmentDuration: pulumi.String(\"6s\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tEncryptionId: pulumi.String(\"cbcs\"),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"fmp4_cbcs_audio\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"fmp4\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"es_audio\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSegmentSettings: \u0026transcoder.JobConfigMuxStreamSegmentSettingsArgs{\n\t\t\t\t\t\t\tSegmentDuration: pulumi.String(\"6s\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tEncryptionId: pulumi.String(\"cbcs\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tManifests: transcoder.JobConfigManifestArray{\n\t\t\t\t\t\u0026transcoder.JobConfigManifestArgs{\n\t\t\t\t\t\tFileName: pulumi.String(\"manifest_aes128.m3u8\"),\n\t\t\t\t\t\tType: pulumi.String(\"HLS\"),\n\t\t\t\t\t\tMuxStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"ts_aes128\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigManifestArgs{\n\t\t\t\t\t\tFileName: pulumi.String(\"manifest_cenc.mpd\"),\n\t\t\t\t\t\tType: pulumi.String(\"DASH\"),\n\t\t\t\t\t\tMuxStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"fmp4_cenc_video\"),\n\t\t\t\t\t\t\tpulumi.String(\"fmp4_cenc_audio\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigManifestArgs{\n\t\t\t\t\t\tFileName: pulumi.String(\"manifest_cbcs.mpd\"),\n\t\t\t\t\t\tType: pulumi.String(\"DASH\"),\n\t\t\t\t\t\tMuxStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"fmp4_cbcs_video\"),\n\t\t\t\t\t\t\tpulumi.String(\"fmp4_cbcs_audio\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tOutput: \u0026transcoder.JobConfigOutputTypeArgs{\n\t\t\t\t\tUri: _default.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/outputs/\", name), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label\": pulumi.String(\"key\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.projects.ServiceIdentity;\nimport com.pulumi.gcp.projects.ServiceIdentityArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.transcoder.Job;\nimport com.pulumi.gcp.transcoder.JobArgs;\nimport com.pulumi.gcp.transcoder.inputs.JobConfigArgs;\nimport com.pulumi.gcp.transcoder.inputs.JobConfigOutputArgs;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Bucket(\"default\", BucketArgs.builder()\n .name(\"transcoder-job\")\n .location(\"US\")\n .forceDestroy(true)\n .uniformBucketLevelAccess(true)\n .publicAccessPrevention(\"enforced\")\n .build());\n\n var exampleMp4 = new BucketObject(\"exampleMp4\", BucketObjectArgs.builder()\n .name(\"example.mp4\")\n .source(new FileAsset(\"./test-fixtures/example.mp4\"))\n .bucket(default_.name())\n .build());\n\n var encryptionKey = new Secret(\"encryptionKey\", SecretArgs.builder()\n .secretId(\"transcoder-encryption-key\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var encryptionKeySecretVersion = new SecretVersion(\"encryptionKeySecretVersion\", SecretVersionArgs.builder()\n .secret(encryptionKey.name())\n .secretData(\"4A67F2C1B8E93A4F6D3E7890A1BC23DF\")\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n // this is required to allow the transcoder service identity to access the secret\n var transcoder = new ServiceIdentity(\"transcoder\", ServiceIdentityArgs.builder()\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .service(\"transcoder.googleapis.com\")\n .build());\n\n var transcoderEncryptionKeyAccessor = new SecretIamMember(\"transcoderEncryptionKeyAccessor\", SecretIamMemberArgs.builder()\n .secretId(encryptionKey.secretId())\n .project(encryptionKey.project())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(transcoder.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n var defaultJob = new Job(\"defaultJob\", JobArgs.builder()\n .location(\"us-central1\")\n .config(JobConfigArgs.builder()\n .inputs(JobConfigInputArgs.builder()\n .key(\"input0\")\n .uri(Output.tuple(default_.name(), exampleMp4.name()).applyValue(values -\u003e {\n var defaultName = values.t1;\n var exampleMp4Name = values.t2;\n return String.format(\"gs://%s/%s\", defaultName,exampleMp4Name);\n }))\n .build())\n .elementaryStreams( \n JobConfigElementaryStreamArgs.builder()\n .key(\"es_video\")\n .videoStream(JobConfigElementaryStreamVideoStreamArgs.builder()\n .h264(JobConfigElementaryStreamVideoStreamH264Args.builder()\n .profile(\"main\")\n .heightPixels(600)\n .widthPixels(800)\n .bitrateBps(1000000)\n .frameRate(60)\n .build())\n .build())\n .build(),\n JobConfigElementaryStreamArgs.builder()\n .key(\"es_audio\")\n .audioStream(JobConfigElementaryStreamAudioStreamArgs.builder()\n .codec(\"aac\")\n .channelCount(2)\n .bitrateBps(160000)\n .build())\n .build())\n .encryptions( \n JobConfigEncryptionArgs.builder()\n .id(\"aes-128\")\n .secretManagerKeySource(JobConfigEncryptionSecretManagerKeySourceArgs.builder()\n .secretVersion(encryptionKeySecretVersion.name())\n .build())\n .drmSystems(JobConfigEncryptionDrmSystemsArgs.builder()\n .clearkey()\n .build())\n .aes128()\n .build(),\n JobConfigEncryptionArgs.builder()\n .id(\"cenc\")\n .secretManagerKeySource(JobConfigEncryptionSecretManagerKeySourceArgs.builder()\n .secretVersion(encryptionKeySecretVersion.name())\n .build())\n .drmSystems(JobConfigEncryptionDrmSystemsArgs.builder()\n .widevine()\n .build())\n .mpegCenc(JobConfigEncryptionMpegCencArgs.builder()\n .scheme(\"cenc\")\n .build())\n .build(),\n JobConfigEncryptionArgs.builder()\n .id(\"cbcs\")\n .secretManagerKeySource(JobConfigEncryptionSecretManagerKeySourceArgs.builder()\n .secretVersion(encryptionKeySecretVersion.name())\n .build())\n .drmSystems(JobConfigEncryptionDrmSystemsArgs.builder()\n .widevine()\n .build())\n .mpegCenc(JobConfigEncryptionMpegCencArgs.builder()\n .scheme(\"cbcs\")\n .build())\n .build())\n .muxStreams( \n JobConfigMuxStreamArgs.builder()\n .key(\"ts_aes128\")\n .container(\"ts\")\n .elementaryStreams( \n \"es_video\",\n \"es_audio\")\n .segmentSettings(JobConfigMuxStreamSegmentSettingsArgs.builder()\n .segmentDuration(\"6s\")\n .build())\n .encryptionId(\"aes-128\")\n .build(),\n JobConfigMuxStreamArgs.builder()\n .key(\"fmp4_cenc_video\")\n .container(\"fmp4\")\n .elementaryStreams(\"es_video\")\n .segmentSettings(JobConfigMuxStreamSegmentSettingsArgs.builder()\n .segmentDuration(\"6s\")\n .build())\n .encryptionId(\"cenc\")\n .build(),\n JobConfigMuxStreamArgs.builder()\n .key(\"fmp4_cenc_audio\")\n .container(\"fmp4\")\n .elementaryStreams(\"es_audio\")\n .segmentSettings(JobConfigMuxStreamSegmentSettingsArgs.builder()\n .segmentDuration(\"6s\")\n .build())\n .encryptionId(\"cenc\")\n .build(),\n JobConfigMuxStreamArgs.builder()\n .key(\"fmp4_cbcs_video\")\n .container(\"fmp4\")\n .elementaryStreams(\"es_video\")\n .segmentSettings(JobConfigMuxStreamSegmentSettingsArgs.builder()\n .segmentDuration(\"6s\")\n .build())\n .encryptionId(\"cbcs\")\n .build(),\n JobConfigMuxStreamArgs.builder()\n .key(\"fmp4_cbcs_audio\")\n .container(\"fmp4\")\n .elementaryStreams(\"es_audio\")\n .segmentSettings(JobConfigMuxStreamSegmentSettingsArgs.builder()\n .segmentDuration(\"6s\")\n .build())\n .encryptionId(\"cbcs\")\n .build())\n .manifests( \n JobConfigManifestArgs.builder()\n .fileName(\"manifest_aes128.m3u8\")\n .type(\"HLS\")\n .muxStreams(\"ts_aes128\")\n .build(),\n JobConfigManifestArgs.builder()\n .fileName(\"manifest_cenc.mpd\")\n .type(\"DASH\")\n .muxStreams( \n \"fmp4_cenc_video\",\n \"fmp4_cenc_audio\")\n .build(),\n JobConfigManifestArgs.builder()\n .fileName(\"manifest_cbcs.mpd\")\n .type(\"DASH\")\n .muxStreams( \n \"fmp4_cbcs_video\",\n \"fmp4_cbcs_audio\")\n .build())\n .output(JobConfigOutputArgs.builder()\n .uri(default_.name().applyValue(name -\u003e String.format(\"gs://%s/outputs/\", name)))\n .build())\n .build())\n .labels(Map.of(\"label\", \"key\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:storage:Bucket\n properties:\n name: transcoder-job\n location: US\n forceDestroy: true\n uniformBucketLevelAccess: true\n publicAccessPrevention: enforced\n exampleMp4:\n type: gcp:storage:BucketObject\n name: example_mp4\n properties:\n name: example.mp4\n source:\n fn::FileAsset: ./test-fixtures/example.mp4\n bucket: ${default.name}\n encryptionKey:\n type: gcp:secretmanager:Secret\n name: encryption_key\n properties:\n secretId: transcoder-encryption-key\n replication:\n auto: {}\n encryptionKeySecretVersion:\n type: gcp:secretmanager:SecretVersion\n name: encryption_key\n properties:\n secret: ${encryptionKey.name}\n secretData: 4A67F2C1B8E93A4F6D3E7890A1BC23DF\n # this is required to allow the transcoder service identity to access the secret\n transcoder:\n type: gcp:projects:ServiceIdentity\n properties:\n project: ${project.projectId}\n service: transcoder.googleapis.com\n transcoderEncryptionKeyAccessor:\n type: gcp:secretmanager:SecretIamMember\n name: transcoder_encryption_key_accessor\n properties:\n secretId: ${encryptionKey.secretId}\n project: ${encryptionKey.project}\n role: roles/secretmanager.secretAccessor\n member: serviceAccount:${transcoder.email}\n defaultJob:\n type: gcp:transcoder:Job\n name: default\n properties:\n location: us-central1\n config:\n inputs:\n - key: input0\n uri: gs://${default.name}/${exampleMp4.name}\n elementaryStreams:\n - key: es_video\n videoStream:\n h264:\n profile: main\n heightPixels: 600\n widthPixels: 800\n bitrateBps: 1e+06\n frameRate: 60\n - key: es_audio\n audioStream:\n codec: aac\n channelCount: 2\n bitrateBps: 160000\n encryptions:\n - id: aes-128\n secretManagerKeySource:\n secretVersion: ${encryptionKeySecretVersion.name}\n drmSystems:\n clearkey: {}\n aes128: {}\n - id: cenc\n secretManagerKeySource:\n secretVersion: ${encryptionKeySecretVersion.name}\n drmSystems:\n widevine: {}\n mpegCenc:\n scheme: cenc\n - id: cbcs\n secretManagerKeySource:\n secretVersion: ${encryptionKeySecretVersion.name}\n drmSystems:\n widevine: {}\n mpegCenc:\n scheme: cbcs\n muxStreams:\n - key: ts_aes128\n container: ts\n elementaryStreams:\n - es_video\n - es_audio\n segmentSettings:\n segmentDuration: 6s\n encryptionId: aes-128\n - key: fmp4_cenc_video\n container: fmp4\n elementaryStreams:\n - es_video\n segmentSettings:\n segmentDuration: 6s\n encryptionId: cenc\n - key: fmp4_cenc_audio\n container: fmp4\n elementaryStreams:\n - es_audio\n segmentSettings:\n segmentDuration: 6s\n encryptionId: cenc\n - key: fmp4_cbcs_video\n container: fmp4\n elementaryStreams:\n - es_video\n segmentSettings:\n segmentDuration: 6s\n encryptionId: cbcs\n - key: fmp4_cbcs_audio\n container: fmp4\n elementaryStreams:\n - es_audio\n segmentSettings:\n segmentDuration: 6s\n encryptionId: cbcs\n manifests:\n - fileName: manifest_aes128.m3u8\n type: HLS\n muxStreams:\n - ts_aes128\n - fileName: manifest_cenc.mpd\n type: DASH\n muxStreams:\n - fmp4_cenc_video\n - fmp4_cenc_audio\n - fileName: manifest_cbcs.mpd\n type: DASH\n muxStreams:\n - fmp4_cbcs_video\n - fmp4_cbcs_audio\n output:\n uri: gs://${default.name}/outputs/\n labels:\n label: key\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Transcoder Job Overlays\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.storage.Bucket(\"default\", {\n name: \"transcoder-job\",\n location: \"US\",\n forceDestroy: true,\n uniformBucketLevelAccess: true,\n publicAccessPrevention: \"enforced\",\n});\nconst exampleMp4 = new gcp.storage.BucketObject(\"example_mp4\", {\n name: \"example.mp4\",\n source: new pulumi.asset.FileAsset(\"./test-fixtures/example.mp4\"),\n bucket: _default.name,\n});\nconst overlayPng = new gcp.storage.BucketObject(\"overlay_png\", {\n name: \"overlay.png\",\n source: new pulumi.asset.FileAsset(\"./test-fixtures/overlay.png\"),\n bucket: _default.name,\n});\nconst defaultJob = new gcp.transcoder.Job(\"default\", {\n location: \"us-central1\",\n config: {\n inputs: [{\n key: \"input0\",\n uri: pulumi.interpolate`gs://${_default.name}/${exampleMp4.name}`,\n }],\n editLists: [{\n key: \"atom0\",\n inputs: [\"input0\"],\n startTimeOffset: \"0s\",\n }],\n adBreaks: [{\n startTimeOffset: \"3.500s\",\n }],\n overlays: [{\n animations: [{\n animationFade: {\n fadeType: \"FADE_IN\",\n startTimeOffset: \"1.500s\",\n endTimeOffset: \"3.500s\",\n xy: {\n x: 1,\n y: 0.5,\n },\n },\n }],\n image: {\n uri: pulumi.interpolate`gs://${_default.name}/${overlayPng.name}`,\n },\n }],\n elementaryStreams: [\n {\n key: \"video-stream0\",\n videoStream: {\n h264: {\n widthPixels: 640,\n heightPixels: 360,\n bitrateBps: 550000,\n frameRate: 60,\n pixelFormat: \"yuv420p\",\n rateControlMode: \"vbr\",\n crfLevel: 21,\n gopDuration: \"3s\",\n vbvSizeBits: 550000,\n vbvFullnessBits: 495000,\n entropyCoder: \"cabac\",\n profile: \"high\",\n preset: \"veryfast\",\n },\n },\n },\n {\n key: \"video-stream1\",\n videoStream: {\n h264: {\n widthPixels: 1280,\n heightPixels: 720,\n bitrateBps: 550000,\n frameRate: 60,\n pixelFormat: \"yuv420p\",\n rateControlMode: \"vbr\",\n crfLevel: 21,\n gopDuration: \"3s\",\n vbvSizeBits: 2500000,\n vbvFullnessBits: 2250000,\n entropyCoder: \"cabac\",\n profile: \"high\",\n preset: \"veryfast\",\n },\n },\n },\n {\n key: \"audio-stream0\",\n audioStream: {\n codec: \"aac\",\n bitrateBps: 64000,\n channelCount: 2,\n channelLayouts: [\n \"fl\",\n \"fr\",\n ],\n sampleRateHertz: 48000,\n },\n },\n ],\n muxStreams: [\n {\n key: \"sd\",\n fileName: \"sd.mp4\",\n container: \"mp4\",\n elementaryStreams: [\n \"video-stream0\",\n \"audio-stream0\",\n ],\n },\n {\n key: \"hd\",\n fileName: \"hd.mp4\",\n container: \"mp4\",\n elementaryStreams: [\n \"video-stream1\",\n \"audio-stream0\",\n ],\n },\n ],\n output: {\n uri: pulumi.interpolate`gs://${_default.name}/outputs/`,\n },\n },\n labels: {\n label: \"key\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.storage.Bucket(\"default\",\n name=\"transcoder-job\",\n location=\"US\",\n force_destroy=True,\n uniform_bucket_level_access=True,\n public_access_prevention=\"enforced\")\nexample_mp4 = gcp.storage.BucketObject(\"example_mp4\",\n name=\"example.mp4\",\n source=pulumi.FileAsset(\"./test-fixtures/example.mp4\"),\n bucket=default.name)\noverlay_png = gcp.storage.BucketObject(\"overlay_png\",\n name=\"overlay.png\",\n source=pulumi.FileAsset(\"./test-fixtures/overlay.png\"),\n bucket=default.name)\ndefault_job = gcp.transcoder.Job(\"default\",\n location=\"us-central1\",\n config={\n \"inputs\": [{\n \"key\": \"input0\",\n \"uri\": pulumi.Output.all(\n defaultName=default.name,\n exampleMp4Name=example_mp4.name\n).apply(lambda resolved_outputs: f\"gs://{resolved_outputs['defaultName']}/{resolved_outputs['exampleMp4Name']}\")\n,\n }],\n \"edit_lists\": [{\n \"key\": \"atom0\",\n \"inputs\": [\"input0\"],\n \"start_time_offset\": \"0s\",\n }],\n \"ad_breaks\": [{\n \"start_time_offset\": \"3.500s\",\n }],\n \"overlays\": [{\n \"animations\": [{\n \"animation_fade\": {\n \"fade_type\": \"FADE_IN\",\n \"start_time_offset\": \"1.500s\",\n \"end_time_offset\": \"3.500s\",\n \"xy\": {\n \"x\": 1,\n \"y\": 0.5,\n },\n },\n }],\n \"image\": {\n \"uri\": pulumi.Output.all(\n defaultName=default.name,\n overlayPngName=overlay_png.name\n).apply(lambda resolved_outputs: f\"gs://{resolved_outputs['defaultName']}/{resolved_outputs['overlayPngName']}\")\n,\n },\n }],\n \"elementary_streams\": [\n {\n \"key\": \"video-stream0\",\n \"video_stream\": {\n \"h264\": {\n \"width_pixels\": 640,\n \"height_pixels\": 360,\n \"bitrate_bps\": 550000,\n \"frame_rate\": 60,\n \"pixel_format\": \"yuv420p\",\n \"rate_control_mode\": \"vbr\",\n \"crf_level\": 21,\n \"gop_duration\": \"3s\",\n \"vbv_size_bits\": 550000,\n \"vbv_fullness_bits\": 495000,\n \"entropy_coder\": \"cabac\",\n \"profile\": \"high\",\n \"preset\": \"veryfast\",\n },\n },\n },\n {\n \"key\": \"video-stream1\",\n \"video_stream\": {\n \"h264\": {\n \"width_pixels\": 1280,\n \"height_pixels\": 720,\n \"bitrate_bps\": 550000,\n \"frame_rate\": 60,\n \"pixel_format\": \"yuv420p\",\n \"rate_control_mode\": \"vbr\",\n \"crf_level\": 21,\n \"gop_duration\": \"3s\",\n \"vbv_size_bits\": 2500000,\n \"vbv_fullness_bits\": 2250000,\n \"entropy_coder\": \"cabac\",\n \"profile\": \"high\",\n \"preset\": \"veryfast\",\n },\n },\n },\n {\n \"key\": \"audio-stream0\",\n \"audio_stream\": {\n \"codec\": \"aac\",\n \"bitrate_bps\": 64000,\n \"channel_count\": 2,\n \"channel_layouts\": [\n \"fl\",\n \"fr\",\n ],\n \"sample_rate_hertz\": 48000,\n },\n },\n ],\n \"mux_streams\": [\n {\n \"key\": \"sd\",\n \"file_name\": \"sd.mp4\",\n \"container\": \"mp4\",\n \"elementary_streams\": [\n \"video-stream0\",\n \"audio-stream0\",\n ],\n },\n {\n \"key\": \"hd\",\n \"file_name\": \"hd.mp4\",\n \"container\": \"mp4\",\n \"elementary_streams\": [\n \"video-stream1\",\n \"audio-stream0\",\n ],\n },\n ],\n \"output\": {\n \"uri\": default.name.apply(lambda name: f\"gs://{name}/outputs/\"),\n },\n },\n labels={\n \"label\": \"key\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Storage.Bucket(\"default\", new()\n {\n Name = \"transcoder-job\",\n Location = \"US\",\n ForceDestroy = true,\n UniformBucketLevelAccess = true,\n PublicAccessPrevention = \"enforced\",\n });\n\n var exampleMp4 = new Gcp.Storage.BucketObject(\"example_mp4\", new()\n {\n Name = \"example.mp4\",\n Source = new FileAsset(\"./test-fixtures/example.mp4\"),\n Bucket = @default.Name,\n });\n\n var overlayPng = new Gcp.Storage.BucketObject(\"overlay_png\", new()\n {\n Name = \"overlay.png\",\n Source = new FileAsset(\"./test-fixtures/overlay.png\"),\n Bucket = @default.Name,\n });\n\n var defaultJob = new Gcp.Transcoder.Job(\"default\", new()\n {\n Location = \"us-central1\",\n Config = new Gcp.Transcoder.Inputs.JobConfigArgs\n {\n Inputs = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigInputArgs\n {\n Key = \"input0\",\n Uri = Output.Tuple(@default.Name, exampleMp4.Name).Apply(values =\u003e\n {\n var defaultName = values.Item1;\n var exampleMp4Name = values.Item2;\n return $\"gs://{defaultName}/{exampleMp4Name}\";\n }),\n },\n },\n EditLists = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigEditListArgs\n {\n Key = \"atom0\",\n Inputs = new[]\n {\n \"input0\",\n },\n StartTimeOffset = \"0s\",\n },\n },\n AdBreaks = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigAdBreakArgs\n {\n StartTimeOffset = \"3.500s\",\n },\n },\n Overlays = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigOverlayArgs\n {\n Animations = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigOverlayAnimationArgs\n {\n AnimationFade = new Gcp.Transcoder.Inputs.JobConfigOverlayAnimationAnimationFadeArgs\n {\n FadeType = \"FADE_IN\",\n StartTimeOffset = \"1.500s\",\n EndTimeOffset = \"3.500s\",\n Xy = new Gcp.Transcoder.Inputs.JobConfigOverlayAnimationAnimationFadeXyArgs\n {\n X = 1,\n Y = 0.5,\n },\n },\n },\n },\n Image = new Gcp.Transcoder.Inputs.JobConfigOverlayImageArgs\n {\n Uri = Output.Tuple(@default.Name, overlayPng.Name).Apply(values =\u003e\n {\n var defaultName = values.Item1;\n var overlayPngName = values.Item2;\n return $\"gs://{defaultName}/{overlayPngName}\";\n }),\n },\n },\n },\n ElementaryStreams = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigElementaryStreamArgs\n {\n Key = \"video-stream0\",\n VideoStream = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamVideoStreamArgs\n {\n H264 = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamVideoStreamH264Args\n {\n WidthPixels = 640,\n HeightPixels = 360,\n BitrateBps = 550000,\n FrameRate = 60,\n PixelFormat = \"yuv420p\",\n RateControlMode = \"vbr\",\n CrfLevel = 21,\n GopDuration = \"3s\",\n VbvSizeBits = 550000,\n VbvFullnessBits = 495000,\n EntropyCoder = \"cabac\",\n Profile = \"high\",\n Preset = \"veryfast\",\n },\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigElementaryStreamArgs\n {\n Key = \"video-stream1\",\n VideoStream = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamVideoStreamArgs\n {\n H264 = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamVideoStreamH264Args\n {\n WidthPixels = 1280,\n HeightPixels = 720,\n BitrateBps = 550000,\n FrameRate = 60,\n PixelFormat = \"yuv420p\",\n RateControlMode = \"vbr\",\n CrfLevel = 21,\n GopDuration = \"3s\",\n VbvSizeBits = 2500000,\n VbvFullnessBits = 2250000,\n EntropyCoder = \"cabac\",\n Profile = \"high\",\n Preset = \"veryfast\",\n },\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigElementaryStreamArgs\n {\n Key = \"audio-stream0\",\n AudioStream = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamAudioStreamArgs\n {\n Codec = \"aac\",\n BitrateBps = 64000,\n ChannelCount = 2,\n ChannelLayouts = new[]\n {\n \"fl\",\n \"fr\",\n },\n SampleRateHertz = 48000,\n },\n },\n },\n MuxStreams = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigMuxStreamArgs\n {\n Key = \"sd\",\n FileName = \"sd.mp4\",\n Container = \"mp4\",\n ElementaryStreams = new[]\n {\n \"video-stream0\",\n \"audio-stream0\",\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigMuxStreamArgs\n {\n Key = \"hd\",\n FileName = \"hd.mp4\",\n Container = \"mp4\",\n ElementaryStreams = new[]\n {\n \"video-stream1\",\n \"audio-stream0\",\n },\n },\n },\n Output = new Gcp.Transcoder.Inputs.JobConfigOutputArgs\n {\n Uri = @default.Name.Apply(name =\u003e $\"gs://{name}/outputs/\"),\n },\n },\n Labels = \n {\n { \"label\", \"key\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/transcoder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucket(ctx, \"default\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"transcoder-job\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t\tPublicAccessPrevention: pulumi.String(\"enforced\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleMp4, err := storage.NewBucketObject(ctx, \"example_mp4\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"example.mp4\"),\n\t\t\tSource: pulumi.NewFileAsset(\"./test-fixtures/example.mp4\"),\n\t\t\tBucket: _default.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\toverlayPng, err := storage.NewBucketObject(ctx, \"overlay_png\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"overlay.png\"),\n\t\t\tSource: pulumi.NewFileAsset(\"./test-fixtures/overlay.png\"),\n\t\t\tBucket: _default.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = transcoder.NewJob(ctx, \"default\", \u0026transcoder.JobArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConfig: \u0026transcoder.JobConfigArgs{\n\t\t\t\tInputs: transcoder.JobConfigInputTypeArray{\n\t\t\t\t\t\u0026transcoder.JobConfigInputTypeArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"input0\"),\n\t\t\t\t\t\tUri: pulumi.All(_default.Name, exampleMp4.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\t\tdefaultName := _args[0].(string)\n\t\t\t\t\t\t\texampleMp4Name := _args[1].(string)\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/%v\", defaultName, exampleMp4Name), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tEditLists: transcoder.JobConfigEditListArray{\n\t\t\t\t\t\u0026transcoder.JobConfigEditListArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"atom0\"),\n\t\t\t\t\t\tInputs: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"input0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tStartTimeOffset: pulumi.String(\"0s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tAdBreaks: transcoder.JobConfigAdBreakArray{\n\t\t\t\t\t\u0026transcoder.JobConfigAdBreakArgs{\n\t\t\t\t\t\tStartTimeOffset: pulumi.String(\"3.500s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tOverlays: transcoder.JobConfigOverlayArray{\n\t\t\t\t\t\u0026transcoder.JobConfigOverlayArgs{\n\t\t\t\t\t\tAnimations: transcoder.JobConfigOverlayAnimationArray{\n\t\t\t\t\t\t\t\u0026transcoder.JobConfigOverlayAnimationArgs{\n\t\t\t\t\t\t\t\tAnimationFade: \u0026transcoder.JobConfigOverlayAnimationAnimationFadeArgs{\n\t\t\t\t\t\t\t\t\tFadeType: pulumi.String(\"FADE_IN\"),\n\t\t\t\t\t\t\t\t\tStartTimeOffset: pulumi.String(\"1.500s\"),\n\t\t\t\t\t\t\t\t\tEndTimeOffset: pulumi.String(\"3.500s\"),\n\t\t\t\t\t\t\t\t\tXy: \u0026transcoder.JobConfigOverlayAnimationAnimationFadeXyArgs{\n\t\t\t\t\t\t\t\t\t\tX: pulumi.Float64(1),\n\t\t\t\t\t\t\t\t\t\tY: pulumi.Float64(0.5),\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tImage: \u0026transcoder.JobConfigOverlayImageArgs{\n\t\t\t\t\t\t\tUri: pulumi.All(_default.Name, overlayPng.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\t\t\tdefaultName := _args[0].(string)\n\t\t\t\t\t\t\t\toverlayPngName := _args[1].(string)\n\t\t\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/%v\", defaultName, overlayPngName), nil\n\t\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tElementaryStreams: transcoder.JobConfigElementaryStreamArray{\n\t\t\t\t\t\u0026transcoder.JobConfigElementaryStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"video-stream0\"),\n\t\t\t\t\t\tVideoStream: \u0026transcoder.JobConfigElementaryStreamVideoStreamArgs{\n\t\t\t\t\t\t\tH264: \u0026transcoder.JobConfigElementaryStreamVideoStreamH264Args{\n\t\t\t\t\t\t\t\tWidthPixels: pulumi.Int(640),\n\t\t\t\t\t\t\t\tHeightPixels: pulumi.Int(360),\n\t\t\t\t\t\t\t\tBitrateBps: pulumi.Int(550000),\n\t\t\t\t\t\t\t\tFrameRate: pulumi.Int(60),\n\t\t\t\t\t\t\t\tPixelFormat: pulumi.String(\"yuv420p\"),\n\t\t\t\t\t\t\t\tRateControlMode: pulumi.String(\"vbr\"),\n\t\t\t\t\t\t\t\tCrfLevel: pulumi.Int(21),\n\t\t\t\t\t\t\t\tGopDuration: pulumi.String(\"3s\"),\n\t\t\t\t\t\t\t\tVbvSizeBits: pulumi.Int(550000),\n\t\t\t\t\t\t\t\tVbvFullnessBits: pulumi.Int(495000),\n\t\t\t\t\t\t\t\tEntropyCoder: pulumi.String(\"cabac\"),\n\t\t\t\t\t\t\t\tProfile: pulumi.String(\"high\"),\n\t\t\t\t\t\t\t\tPreset: pulumi.String(\"veryfast\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigElementaryStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"video-stream1\"),\n\t\t\t\t\t\tVideoStream: \u0026transcoder.JobConfigElementaryStreamVideoStreamArgs{\n\t\t\t\t\t\t\tH264: \u0026transcoder.JobConfigElementaryStreamVideoStreamH264Args{\n\t\t\t\t\t\t\t\tWidthPixels: pulumi.Int(1280),\n\t\t\t\t\t\t\t\tHeightPixels: pulumi.Int(720),\n\t\t\t\t\t\t\t\tBitrateBps: pulumi.Int(550000),\n\t\t\t\t\t\t\t\tFrameRate: pulumi.Int(60),\n\t\t\t\t\t\t\t\tPixelFormat: pulumi.String(\"yuv420p\"),\n\t\t\t\t\t\t\t\tRateControlMode: pulumi.String(\"vbr\"),\n\t\t\t\t\t\t\t\tCrfLevel: pulumi.Int(21),\n\t\t\t\t\t\t\t\tGopDuration: pulumi.String(\"3s\"),\n\t\t\t\t\t\t\t\tVbvSizeBits: pulumi.Int(2500000),\n\t\t\t\t\t\t\t\tVbvFullnessBits: pulumi.Int(2250000),\n\t\t\t\t\t\t\t\tEntropyCoder: pulumi.String(\"cabac\"),\n\t\t\t\t\t\t\t\tProfile: pulumi.String(\"high\"),\n\t\t\t\t\t\t\t\tPreset: pulumi.String(\"veryfast\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigElementaryStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"audio-stream0\"),\n\t\t\t\t\t\tAudioStream: \u0026transcoder.JobConfigElementaryStreamAudioStreamArgs{\n\t\t\t\t\t\t\tCodec: pulumi.String(\"aac\"),\n\t\t\t\t\t\t\tBitrateBps: pulumi.Int(64000),\n\t\t\t\t\t\t\tChannelCount: pulumi.Int(2),\n\t\t\t\t\t\t\tChannelLayouts: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"fl\"),\n\t\t\t\t\t\t\t\tpulumi.String(\"fr\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tSampleRateHertz: pulumi.Int(48000),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tMuxStreams: transcoder.JobConfigMuxStreamArray{\n\t\t\t\t\t\u0026transcoder.JobConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sd\"),\n\t\t\t\t\t\tFileName: pulumi.String(\"sd.mp4\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"mp4\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"video-stream0\"),\n\t\t\t\t\t\t\tpulumi.String(\"audio-stream0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"hd\"),\n\t\t\t\t\t\tFileName: pulumi.String(\"hd.mp4\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"mp4\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"video-stream1\"),\n\t\t\t\t\t\t\tpulumi.String(\"audio-stream0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tOutput: \u0026transcoder.JobConfigOutputTypeArgs{\n\t\t\t\t\tUri: _default.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/outputs/\", name), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label\": pulumi.String(\"key\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.transcoder.Job;\nimport com.pulumi.gcp.transcoder.JobArgs;\nimport com.pulumi.gcp.transcoder.inputs.JobConfigArgs;\nimport com.pulumi.gcp.transcoder.inputs.JobConfigOutputArgs;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Bucket(\"default\", BucketArgs.builder()\n .name(\"transcoder-job\")\n .location(\"US\")\n .forceDestroy(true)\n .uniformBucketLevelAccess(true)\n .publicAccessPrevention(\"enforced\")\n .build());\n\n var exampleMp4 = new BucketObject(\"exampleMp4\", BucketObjectArgs.builder()\n .name(\"example.mp4\")\n .source(new FileAsset(\"./test-fixtures/example.mp4\"))\n .bucket(default_.name())\n .build());\n\n var overlayPng = new BucketObject(\"overlayPng\", BucketObjectArgs.builder()\n .name(\"overlay.png\")\n .source(new FileAsset(\"./test-fixtures/overlay.png\"))\n .bucket(default_.name())\n .build());\n\n var defaultJob = new Job(\"defaultJob\", JobArgs.builder()\n .location(\"us-central1\")\n .config(JobConfigArgs.builder()\n .inputs(JobConfigInputArgs.builder()\n .key(\"input0\")\n .uri(Output.tuple(default_.name(), exampleMp4.name()).applyValue(values -\u003e {\n var defaultName = values.t1;\n var exampleMp4Name = values.t2;\n return String.format(\"gs://%s/%s\", defaultName,exampleMp4Name);\n }))\n .build())\n .editLists(JobConfigEditListArgs.builder()\n .key(\"atom0\")\n .inputs(\"input0\")\n .startTimeOffset(\"0s\")\n .build())\n .adBreaks(JobConfigAdBreakArgs.builder()\n .startTimeOffset(\"3.500s\")\n .build())\n .overlays(JobConfigOverlayArgs.builder()\n .animations(JobConfigOverlayAnimationArgs.builder()\n .animationFade(JobConfigOverlayAnimationAnimationFadeArgs.builder()\n .fadeType(\"FADE_IN\")\n .startTimeOffset(\"1.500s\")\n .endTimeOffset(\"3.500s\")\n .xy(JobConfigOverlayAnimationAnimationFadeXyArgs.builder()\n .x(1)\n .y(0.5)\n .build())\n .build())\n .build())\n .image(JobConfigOverlayImageArgs.builder()\n .uri(Output.tuple(default_.name(), overlayPng.name()).applyValue(values -\u003e {\n var defaultName = values.t1;\n var overlayPngName = values.t2;\n return String.format(\"gs://%s/%s\", defaultName,overlayPngName);\n }))\n .build())\n .build())\n .elementaryStreams( \n JobConfigElementaryStreamArgs.builder()\n .key(\"video-stream0\")\n .videoStream(JobConfigElementaryStreamVideoStreamArgs.builder()\n .h264(JobConfigElementaryStreamVideoStreamH264Args.builder()\n .widthPixels(640)\n .heightPixels(360)\n .bitrateBps(550000)\n .frameRate(60)\n .pixelFormat(\"yuv420p\")\n .rateControlMode(\"vbr\")\n .crfLevel(21)\n .gopDuration(\"3s\")\n .vbvSizeBits(550000)\n .vbvFullnessBits(495000)\n .entropyCoder(\"cabac\")\n .profile(\"high\")\n .preset(\"veryfast\")\n .build())\n .build())\n .build(),\n JobConfigElementaryStreamArgs.builder()\n .key(\"video-stream1\")\n .videoStream(JobConfigElementaryStreamVideoStreamArgs.builder()\n .h264(JobConfigElementaryStreamVideoStreamH264Args.builder()\n .widthPixels(1280)\n .heightPixels(720)\n .bitrateBps(550000)\n .frameRate(60)\n .pixelFormat(\"yuv420p\")\n .rateControlMode(\"vbr\")\n .crfLevel(21)\n .gopDuration(\"3s\")\n .vbvSizeBits(2500000)\n .vbvFullnessBits(2250000)\n .entropyCoder(\"cabac\")\n .profile(\"high\")\n .preset(\"veryfast\")\n .build())\n .build())\n .build(),\n JobConfigElementaryStreamArgs.builder()\n .key(\"audio-stream0\")\n .audioStream(JobConfigElementaryStreamAudioStreamArgs.builder()\n .codec(\"aac\")\n .bitrateBps(64000)\n .channelCount(2)\n .channelLayouts( \n \"fl\",\n \"fr\")\n .sampleRateHertz(48000)\n .build())\n .build())\n .muxStreams( \n JobConfigMuxStreamArgs.builder()\n .key(\"sd\")\n .fileName(\"sd.mp4\")\n .container(\"mp4\")\n .elementaryStreams( \n \"video-stream0\",\n \"audio-stream0\")\n .build(),\n JobConfigMuxStreamArgs.builder()\n .key(\"hd\")\n .fileName(\"hd.mp4\")\n .container(\"mp4\")\n .elementaryStreams( \n \"video-stream1\",\n \"audio-stream0\")\n .build())\n .output(JobConfigOutputArgs.builder()\n .uri(default_.name().applyValue(name -\u003e String.format(\"gs://%s/outputs/\", name)))\n .build())\n .build())\n .labels(Map.of(\"label\", \"key\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:storage:Bucket\n properties:\n name: transcoder-job\n location: US\n forceDestroy: true\n uniformBucketLevelAccess: true\n publicAccessPrevention: enforced\n exampleMp4:\n type: gcp:storage:BucketObject\n name: example_mp4\n properties:\n name: example.mp4\n source:\n fn::FileAsset: ./test-fixtures/example.mp4\n bucket: ${default.name}\n overlayPng:\n type: gcp:storage:BucketObject\n name: overlay_png\n properties:\n name: overlay.png\n source:\n fn::FileAsset: ./test-fixtures/overlay.png\n bucket: ${default.name}\n defaultJob:\n type: gcp:transcoder:Job\n name: default\n properties:\n location: us-central1\n config:\n inputs:\n - key: input0\n uri: gs://${default.name}/${exampleMp4.name}\n editLists:\n - key: atom0\n inputs:\n - input0\n startTimeOffset: 0s\n adBreaks:\n - startTimeOffset: 3.500s\n overlays:\n - animations:\n - animationFade:\n fadeType: FADE_IN\n startTimeOffset: 1.500s\n endTimeOffset: 3.500s\n xy:\n x: 1\n y: 0.5\n image:\n uri: gs://${default.name}/${overlayPng.name}\n elementaryStreams:\n - key: video-stream0\n videoStream:\n h264:\n widthPixels: 640\n heightPixels: 360\n bitrateBps: 550000\n frameRate: 60\n pixelFormat: yuv420p\n rateControlMode: vbr\n crfLevel: 21\n gopDuration: 3s\n vbvSizeBits: 550000\n vbvFullnessBits: 495000\n entropyCoder: cabac\n profile: high\n preset: veryfast\n - key: video-stream1\n videoStream:\n h264:\n widthPixels: 1280\n heightPixels: 720\n bitrateBps: 550000\n frameRate: 60\n pixelFormat: yuv420p\n rateControlMode: vbr\n crfLevel: 21\n gopDuration: 3s\n vbvSizeBits: 2.5e+06\n vbvFullnessBits: 2.25e+06\n entropyCoder: cabac\n profile: high\n preset: veryfast\n - key: audio-stream0\n audioStream:\n codec: aac\n bitrateBps: 64000\n channelCount: 2\n channelLayouts:\n - fl\n - fr\n sampleRateHertz: 48000\n muxStreams:\n - key: sd\n fileName: sd.mp4\n container: mp4\n elementaryStreams:\n - video-stream0\n - audio-stream0\n - key: hd\n fileName: hd.mp4\n container: mp4\n elementaryStreams:\n - video-stream1\n - audio-stream0\n output:\n uri: gs://${default.name}/outputs/\n labels:\n label: key\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Transcoder Job Manifests\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.storage.Bucket(\"default\", {\n name: \"transcoder-job\",\n location: \"US\",\n forceDestroy: true,\n uniformBucketLevelAccess: true,\n publicAccessPrevention: \"enforced\",\n});\nconst exampleMp4 = new gcp.storage.BucketObject(\"example_mp4\", {\n name: \"example.mp4\",\n source: new pulumi.asset.FileAsset(\"./test-fixtures/example.mp4\"),\n bucket: _default.name,\n});\nconst defaultJob = new gcp.transcoder.Job(\"default\", {\n location: \"us-central1\",\n config: {\n inputs: [{\n key: \"input0\",\n uri: pulumi.interpolate`gs://${_default.name}/${exampleMp4.name}`,\n }],\n editLists: [{\n key: \"atom0\",\n startTimeOffset: \"0s\",\n inputs: [\"input0\"],\n }],\n adBreaks: [{\n startTimeOffset: \"3.500s\",\n }],\n elementaryStreams: [\n {\n key: \"video-stream0\",\n videoStream: {\n h264: {\n widthPixels: 640,\n heightPixels: 360,\n bitrateBps: 550000,\n frameRate: 60,\n pixelFormat: \"yuv420p\",\n rateControlMode: \"vbr\",\n crfLevel: 21,\n gopDuration: \"3s\",\n vbvSizeBits: 550000,\n vbvFullnessBits: 495000,\n entropyCoder: \"cabac\",\n profile: \"high\",\n preset: \"veryfast\",\n },\n },\n },\n {\n key: \"video-stream1\",\n videoStream: {\n h264: {\n widthPixels: 1280,\n heightPixels: 720,\n bitrateBps: 550000,\n frameRate: 60,\n pixelFormat: \"yuv420p\",\n rateControlMode: \"vbr\",\n crfLevel: 21,\n gopDuration: \"3s\",\n vbvSizeBits: 2500000,\n vbvFullnessBits: 2250000,\n entropyCoder: \"cabac\",\n profile: \"high\",\n preset: \"veryfast\",\n },\n },\n },\n {\n key: \"audio-stream0\",\n audioStream: {\n codec: \"aac\",\n bitrateBps: 64000,\n channelCount: 2,\n channelLayouts: [\n \"fl\",\n \"fr\",\n ],\n sampleRateHertz: 48000,\n },\n },\n ],\n muxStreams: [\n {\n key: \"sd\",\n fileName: \"sd.mp4\",\n container: \"mp4\",\n elementaryStreams: [\n \"video-stream0\",\n \"audio-stream0\",\n ],\n },\n {\n key: \"hd\",\n fileName: \"hd.mp4\",\n container: \"mp4\",\n elementaryStreams: [\n \"video-stream1\",\n \"audio-stream0\",\n ],\n },\n {\n key: \"media-sd\",\n fileName: \"media-sd.ts\",\n container: \"ts\",\n elementaryStreams: [\n \"video-stream0\",\n \"audio-stream0\",\n ],\n },\n {\n key: \"media-hd\",\n fileName: \"media-hd.ts\",\n container: \"ts\",\n elementaryStreams: [\n \"video-stream1\",\n \"audio-stream0\",\n ],\n },\n {\n key: \"video-only-sd\",\n fileName: \"video-only-sd.m4s\",\n container: \"fmp4\",\n elementaryStreams: [\"video-stream0\"],\n },\n {\n key: \"video-only-hd\",\n fileName: \"video-only-hd.m4s\",\n container: \"fmp4\",\n elementaryStreams: [\"video-stream1\"],\n },\n {\n key: \"audio-only\",\n fileName: \"audio-only.m4s\",\n container: \"fmp4\",\n elementaryStreams: [\"audio-stream0\"],\n },\n ],\n manifests: [\n {\n fileName: \"manifest.m3u8\",\n type: \"HLS\",\n muxStreams: [\n \"media-sd\",\n \"media-hd\",\n ],\n },\n {\n fileName: \"manifest.mpd\",\n type: \"DASH\",\n muxStreams: [\n \"video-only-sd\",\n \"video-only-hd\",\n \"audio-only\",\n ],\n },\n ],\n output: {\n uri: pulumi.interpolate`gs://${_default.name}/outputs/`,\n },\n },\n labels: {\n label: \"key\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.storage.Bucket(\"default\",\n name=\"transcoder-job\",\n location=\"US\",\n force_destroy=True,\n uniform_bucket_level_access=True,\n public_access_prevention=\"enforced\")\nexample_mp4 = gcp.storage.BucketObject(\"example_mp4\",\n name=\"example.mp4\",\n source=pulumi.FileAsset(\"./test-fixtures/example.mp4\"),\n bucket=default.name)\ndefault_job = gcp.transcoder.Job(\"default\",\n location=\"us-central1\",\n config={\n \"inputs\": [{\n \"key\": \"input0\",\n \"uri\": pulumi.Output.all(\n defaultName=default.name,\n exampleMp4Name=example_mp4.name\n).apply(lambda resolved_outputs: f\"gs://{resolved_outputs['defaultName']}/{resolved_outputs['exampleMp4Name']}\")\n,\n }],\n \"edit_lists\": [{\n \"key\": \"atom0\",\n \"start_time_offset\": \"0s\",\n \"inputs\": [\"input0\"],\n }],\n \"ad_breaks\": [{\n \"start_time_offset\": \"3.500s\",\n }],\n \"elementary_streams\": [\n {\n \"key\": \"video-stream0\",\n \"video_stream\": {\n \"h264\": {\n \"width_pixels\": 640,\n \"height_pixels\": 360,\n \"bitrate_bps\": 550000,\n \"frame_rate\": 60,\n \"pixel_format\": \"yuv420p\",\n \"rate_control_mode\": \"vbr\",\n \"crf_level\": 21,\n \"gop_duration\": \"3s\",\n \"vbv_size_bits\": 550000,\n \"vbv_fullness_bits\": 495000,\n \"entropy_coder\": \"cabac\",\n \"profile\": \"high\",\n \"preset\": \"veryfast\",\n },\n },\n },\n {\n \"key\": \"video-stream1\",\n \"video_stream\": {\n \"h264\": {\n \"width_pixels\": 1280,\n \"height_pixels\": 720,\n \"bitrate_bps\": 550000,\n \"frame_rate\": 60,\n \"pixel_format\": \"yuv420p\",\n \"rate_control_mode\": \"vbr\",\n \"crf_level\": 21,\n \"gop_duration\": \"3s\",\n \"vbv_size_bits\": 2500000,\n \"vbv_fullness_bits\": 2250000,\n \"entropy_coder\": \"cabac\",\n \"profile\": \"high\",\n \"preset\": \"veryfast\",\n },\n },\n },\n {\n \"key\": \"audio-stream0\",\n \"audio_stream\": {\n \"codec\": \"aac\",\n \"bitrate_bps\": 64000,\n \"channel_count\": 2,\n \"channel_layouts\": [\n \"fl\",\n \"fr\",\n ],\n \"sample_rate_hertz\": 48000,\n },\n },\n ],\n \"mux_streams\": [\n {\n \"key\": \"sd\",\n \"file_name\": \"sd.mp4\",\n \"container\": \"mp4\",\n \"elementary_streams\": [\n \"video-stream0\",\n \"audio-stream0\",\n ],\n },\n {\n \"key\": \"hd\",\n \"file_name\": \"hd.mp4\",\n \"container\": \"mp4\",\n \"elementary_streams\": [\n \"video-stream1\",\n \"audio-stream0\",\n ],\n },\n {\n \"key\": \"media-sd\",\n \"file_name\": \"media-sd.ts\",\n \"container\": \"ts\",\n \"elementary_streams\": [\n \"video-stream0\",\n \"audio-stream0\",\n ],\n },\n {\n \"key\": \"media-hd\",\n \"file_name\": \"media-hd.ts\",\n \"container\": \"ts\",\n \"elementary_streams\": [\n \"video-stream1\",\n \"audio-stream0\",\n ],\n },\n {\n \"key\": \"video-only-sd\",\n \"file_name\": \"video-only-sd.m4s\",\n \"container\": \"fmp4\",\n \"elementary_streams\": [\"video-stream0\"],\n },\n {\n \"key\": \"video-only-hd\",\n \"file_name\": \"video-only-hd.m4s\",\n \"container\": \"fmp4\",\n \"elementary_streams\": [\"video-stream1\"],\n },\n {\n \"key\": \"audio-only\",\n \"file_name\": \"audio-only.m4s\",\n \"container\": \"fmp4\",\n \"elementary_streams\": [\"audio-stream0\"],\n },\n ],\n \"manifests\": [\n {\n \"file_name\": \"manifest.m3u8\",\n \"type\": \"HLS\",\n \"mux_streams\": [\n \"media-sd\",\n \"media-hd\",\n ],\n },\n {\n \"file_name\": \"manifest.mpd\",\n \"type\": \"DASH\",\n \"mux_streams\": [\n \"video-only-sd\",\n \"video-only-hd\",\n \"audio-only\",\n ],\n },\n ],\n \"output\": {\n \"uri\": default.name.apply(lambda name: f\"gs://{name}/outputs/\"),\n },\n },\n labels={\n \"label\": \"key\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Storage.Bucket(\"default\", new()\n {\n Name = \"transcoder-job\",\n Location = \"US\",\n ForceDestroy = true,\n UniformBucketLevelAccess = true,\n PublicAccessPrevention = \"enforced\",\n });\n\n var exampleMp4 = new Gcp.Storage.BucketObject(\"example_mp4\", new()\n {\n Name = \"example.mp4\",\n Source = new FileAsset(\"./test-fixtures/example.mp4\"),\n Bucket = @default.Name,\n });\n\n var defaultJob = new Gcp.Transcoder.Job(\"default\", new()\n {\n Location = \"us-central1\",\n Config = new Gcp.Transcoder.Inputs.JobConfigArgs\n {\n Inputs = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigInputArgs\n {\n Key = \"input0\",\n Uri = Output.Tuple(@default.Name, exampleMp4.Name).Apply(values =\u003e\n {\n var defaultName = values.Item1;\n var exampleMp4Name = values.Item2;\n return $\"gs://{defaultName}/{exampleMp4Name}\";\n }),\n },\n },\n EditLists = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigEditListArgs\n {\n Key = \"atom0\",\n StartTimeOffset = \"0s\",\n Inputs = new[]\n {\n \"input0\",\n },\n },\n },\n AdBreaks = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigAdBreakArgs\n {\n StartTimeOffset = \"3.500s\",\n },\n },\n ElementaryStreams = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigElementaryStreamArgs\n {\n Key = \"video-stream0\",\n VideoStream = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamVideoStreamArgs\n {\n H264 = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamVideoStreamH264Args\n {\n WidthPixels = 640,\n HeightPixels = 360,\n BitrateBps = 550000,\n FrameRate = 60,\n PixelFormat = \"yuv420p\",\n RateControlMode = \"vbr\",\n CrfLevel = 21,\n GopDuration = \"3s\",\n VbvSizeBits = 550000,\n VbvFullnessBits = 495000,\n EntropyCoder = \"cabac\",\n Profile = \"high\",\n Preset = \"veryfast\",\n },\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigElementaryStreamArgs\n {\n Key = \"video-stream1\",\n VideoStream = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamVideoStreamArgs\n {\n H264 = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamVideoStreamH264Args\n {\n WidthPixels = 1280,\n HeightPixels = 720,\n BitrateBps = 550000,\n FrameRate = 60,\n PixelFormat = \"yuv420p\",\n RateControlMode = \"vbr\",\n CrfLevel = 21,\n GopDuration = \"3s\",\n VbvSizeBits = 2500000,\n VbvFullnessBits = 2250000,\n EntropyCoder = \"cabac\",\n Profile = \"high\",\n Preset = \"veryfast\",\n },\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigElementaryStreamArgs\n {\n Key = \"audio-stream0\",\n AudioStream = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamAudioStreamArgs\n {\n Codec = \"aac\",\n BitrateBps = 64000,\n ChannelCount = 2,\n ChannelLayouts = new[]\n {\n \"fl\",\n \"fr\",\n },\n SampleRateHertz = 48000,\n },\n },\n },\n MuxStreams = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigMuxStreamArgs\n {\n Key = \"sd\",\n FileName = \"sd.mp4\",\n Container = \"mp4\",\n ElementaryStreams = new[]\n {\n \"video-stream0\",\n \"audio-stream0\",\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigMuxStreamArgs\n {\n Key = \"hd\",\n FileName = \"hd.mp4\",\n Container = \"mp4\",\n ElementaryStreams = new[]\n {\n \"video-stream1\",\n \"audio-stream0\",\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigMuxStreamArgs\n {\n Key = \"media-sd\",\n FileName = \"media-sd.ts\",\n Container = \"ts\",\n ElementaryStreams = new[]\n {\n \"video-stream0\",\n \"audio-stream0\",\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigMuxStreamArgs\n {\n Key = \"media-hd\",\n FileName = \"media-hd.ts\",\n Container = \"ts\",\n ElementaryStreams = new[]\n {\n \"video-stream1\",\n \"audio-stream0\",\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigMuxStreamArgs\n {\n Key = \"video-only-sd\",\n FileName = \"video-only-sd.m4s\",\n Container = \"fmp4\",\n ElementaryStreams = new[]\n {\n \"video-stream0\",\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigMuxStreamArgs\n {\n Key = \"video-only-hd\",\n FileName = \"video-only-hd.m4s\",\n Container = \"fmp4\",\n ElementaryStreams = new[]\n {\n \"video-stream1\",\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigMuxStreamArgs\n {\n Key = \"audio-only\",\n FileName = \"audio-only.m4s\",\n Container = \"fmp4\",\n ElementaryStreams = new[]\n {\n \"audio-stream0\",\n },\n },\n },\n Manifests = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigManifestArgs\n {\n FileName = \"manifest.m3u8\",\n Type = \"HLS\",\n MuxStreams = new[]\n {\n \"media-sd\",\n \"media-hd\",\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigManifestArgs\n {\n FileName = \"manifest.mpd\",\n Type = \"DASH\",\n MuxStreams = new[]\n {\n \"video-only-sd\",\n \"video-only-hd\",\n \"audio-only\",\n },\n },\n },\n Output = new Gcp.Transcoder.Inputs.JobConfigOutputArgs\n {\n Uri = @default.Name.Apply(name =\u003e $\"gs://{name}/outputs/\"),\n },\n },\n Labels = \n {\n { \"label\", \"key\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/transcoder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucket(ctx, \"default\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"transcoder-job\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t\tPublicAccessPrevention: pulumi.String(\"enforced\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleMp4, err := storage.NewBucketObject(ctx, \"example_mp4\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"example.mp4\"),\n\t\t\tSource: pulumi.NewFileAsset(\"./test-fixtures/example.mp4\"),\n\t\t\tBucket: _default.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = transcoder.NewJob(ctx, \"default\", \u0026transcoder.JobArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConfig: \u0026transcoder.JobConfigArgs{\n\t\t\t\tInputs: transcoder.JobConfigInputTypeArray{\n\t\t\t\t\t\u0026transcoder.JobConfigInputTypeArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"input0\"),\n\t\t\t\t\t\tUri: pulumi.All(_default.Name, exampleMp4.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\t\tdefaultName := _args[0].(string)\n\t\t\t\t\t\t\texampleMp4Name := _args[1].(string)\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/%v\", defaultName, exampleMp4Name), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tEditLists: transcoder.JobConfigEditListArray{\n\t\t\t\t\t\u0026transcoder.JobConfigEditListArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"atom0\"),\n\t\t\t\t\t\tStartTimeOffset: pulumi.String(\"0s\"),\n\t\t\t\t\t\tInputs: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"input0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tAdBreaks: transcoder.JobConfigAdBreakArray{\n\t\t\t\t\t\u0026transcoder.JobConfigAdBreakArgs{\n\t\t\t\t\t\tStartTimeOffset: pulumi.String(\"3.500s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tElementaryStreams: transcoder.JobConfigElementaryStreamArray{\n\t\t\t\t\t\u0026transcoder.JobConfigElementaryStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"video-stream0\"),\n\t\t\t\t\t\tVideoStream: \u0026transcoder.JobConfigElementaryStreamVideoStreamArgs{\n\t\t\t\t\t\t\tH264: \u0026transcoder.JobConfigElementaryStreamVideoStreamH264Args{\n\t\t\t\t\t\t\t\tWidthPixels: pulumi.Int(640),\n\t\t\t\t\t\t\t\tHeightPixels: pulumi.Int(360),\n\t\t\t\t\t\t\t\tBitrateBps: pulumi.Int(550000),\n\t\t\t\t\t\t\t\tFrameRate: pulumi.Int(60),\n\t\t\t\t\t\t\t\tPixelFormat: pulumi.String(\"yuv420p\"),\n\t\t\t\t\t\t\t\tRateControlMode: pulumi.String(\"vbr\"),\n\t\t\t\t\t\t\t\tCrfLevel: pulumi.Int(21),\n\t\t\t\t\t\t\t\tGopDuration: pulumi.String(\"3s\"),\n\t\t\t\t\t\t\t\tVbvSizeBits: pulumi.Int(550000),\n\t\t\t\t\t\t\t\tVbvFullnessBits: pulumi.Int(495000),\n\t\t\t\t\t\t\t\tEntropyCoder: pulumi.String(\"cabac\"),\n\t\t\t\t\t\t\t\tProfile: pulumi.String(\"high\"),\n\t\t\t\t\t\t\t\tPreset: pulumi.String(\"veryfast\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigElementaryStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"video-stream1\"),\n\t\t\t\t\t\tVideoStream: \u0026transcoder.JobConfigElementaryStreamVideoStreamArgs{\n\t\t\t\t\t\t\tH264: \u0026transcoder.JobConfigElementaryStreamVideoStreamH264Args{\n\t\t\t\t\t\t\t\tWidthPixels: pulumi.Int(1280),\n\t\t\t\t\t\t\t\tHeightPixels: pulumi.Int(720),\n\t\t\t\t\t\t\t\tBitrateBps: pulumi.Int(550000),\n\t\t\t\t\t\t\t\tFrameRate: pulumi.Int(60),\n\t\t\t\t\t\t\t\tPixelFormat: pulumi.String(\"yuv420p\"),\n\t\t\t\t\t\t\t\tRateControlMode: pulumi.String(\"vbr\"),\n\t\t\t\t\t\t\t\tCrfLevel: pulumi.Int(21),\n\t\t\t\t\t\t\t\tGopDuration: pulumi.String(\"3s\"),\n\t\t\t\t\t\t\t\tVbvSizeBits: pulumi.Int(2500000),\n\t\t\t\t\t\t\t\tVbvFullnessBits: pulumi.Int(2250000),\n\t\t\t\t\t\t\t\tEntropyCoder: pulumi.String(\"cabac\"),\n\t\t\t\t\t\t\t\tProfile: pulumi.String(\"high\"),\n\t\t\t\t\t\t\t\tPreset: pulumi.String(\"veryfast\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigElementaryStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"audio-stream0\"),\n\t\t\t\t\t\tAudioStream: \u0026transcoder.JobConfigElementaryStreamAudioStreamArgs{\n\t\t\t\t\t\t\tCodec: pulumi.String(\"aac\"),\n\t\t\t\t\t\t\tBitrateBps: pulumi.Int(64000),\n\t\t\t\t\t\t\tChannelCount: pulumi.Int(2),\n\t\t\t\t\t\t\tChannelLayouts: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"fl\"),\n\t\t\t\t\t\t\t\tpulumi.String(\"fr\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tSampleRateHertz: pulumi.Int(48000),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tMuxStreams: transcoder.JobConfigMuxStreamArray{\n\t\t\t\t\t\u0026transcoder.JobConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sd\"),\n\t\t\t\t\t\tFileName: pulumi.String(\"sd.mp4\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"mp4\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"video-stream0\"),\n\t\t\t\t\t\t\tpulumi.String(\"audio-stream0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"hd\"),\n\t\t\t\t\t\tFileName: pulumi.String(\"hd.mp4\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"mp4\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"video-stream1\"),\n\t\t\t\t\t\t\tpulumi.String(\"audio-stream0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"media-sd\"),\n\t\t\t\t\t\tFileName: pulumi.String(\"media-sd.ts\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"ts\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"video-stream0\"),\n\t\t\t\t\t\t\tpulumi.String(\"audio-stream0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"media-hd\"),\n\t\t\t\t\t\tFileName: pulumi.String(\"media-hd.ts\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"ts\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"video-stream1\"),\n\t\t\t\t\t\t\tpulumi.String(\"audio-stream0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"video-only-sd\"),\n\t\t\t\t\t\tFileName: pulumi.String(\"video-only-sd.m4s\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"fmp4\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"video-stream0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"video-only-hd\"),\n\t\t\t\t\t\tFileName: pulumi.String(\"video-only-hd.m4s\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"fmp4\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"video-stream1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"audio-only\"),\n\t\t\t\t\t\tFileName: pulumi.String(\"audio-only.m4s\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"fmp4\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"audio-stream0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tManifests: transcoder.JobConfigManifestArray{\n\t\t\t\t\t\u0026transcoder.JobConfigManifestArgs{\n\t\t\t\t\t\tFileName: pulumi.String(\"manifest.m3u8\"),\n\t\t\t\t\t\tType: pulumi.String(\"HLS\"),\n\t\t\t\t\t\tMuxStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"media-sd\"),\n\t\t\t\t\t\t\tpulumi.String(\"media-hd\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigManifestArgs{\n\t\t\t\t\t\tFileName: pulumi.String(\"manifest.mpd\"),\n\t\t\t\t\t\tType: pulumi.String(\"DASH\"),\n\t\t\t\t\t\tMuxStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"video-only-sd\"),\n\t\t\t\t\t\t\tpulumi.String(\"video-only-hd\"),\n\t\t\t\t\t\t\tpulumi.String(\"audio-only\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tOutput: \u0026transcoder.JobConfigOutputTypeArgs{\n\t\t\t\t\tUri: _default.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/outputs/\", name), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label\": pulumi.String(\"key\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.transcoder.Job;\nimport com.pulumi.gcp.transcoder.JobArgs;\nimport com.pulumi.gcp.transcoder.inputs.JobConfigArgs;\nimport com.pulumi.gcp.transcoder.inputs.JobConfigOutputArgs;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Bucket(\"default\", BucketArgs.builder()\n .name(\"transcoder-job\")\n .location(\"US\")\n .forceDestroy(true)\n .uniformBucketLevelAccess(true)\n .publicAccessPrevention(\"enforced\")\n .build());\n\n var exampleMp4 = new BucketObject(\"exampleMp4\", BucketObjectArgs.builder()\n .name(\"example.mp4\")\n .source(new FileAsset(\"./test-fixtures/example.mp4\"))\n .bucket(default_.name())\n .build());\n\n var defaultJob = new Job(\"defaultJob\", JobArgs.builder()\n .location(\"us-central1\")\n .config(JobConfigArgs.builder()\n .inputs(JobConfigInputArgs.builder()\n .key(\"input0\")\n .uri(Output.tuple(default_.name(), exampleMp4.name()).applyValue(values -\u003e {\n var defaultName = values.t1;\n var exampleMp4Name = values.t2;\n return String.format(\"gs://%s/%s\", defaultName,exampleMp4Name);\n }))\n .build())\n .editLists(JobConfigEditListArgs.builder()\n .key(\"atom0\")\n .startTimeOffset(\"0s\")\n .inputs(\"input0\")\n .build())\n .adBreaks(JobConfigAdBreakArgs.builder()\n .startTimeOffset(\"3.500s\")\n .build())\n .elementaryStreams( \n JobConfigElementaryStreamArgs.builder()\n .key(\"video-stream0\")\n .videoStream(JobConfigElementaryStreamVideoStreamArgs.builder()\n .h264(JobConfigElementaryStreamVideoStreamH264Args.builder()\n .widthPixels(640)\n .heightPixels(360)\n .bitrateBps(550000)\n .frameRate(60)\n .pixelFormat(\"yuv420p\")\n .rateControlMode(\"vbr\")\n .crfLevel(21)\n .gopDuration(\"3s\")\n .vbvSizeBits(550000)\n .vbvFullnessBits(495000)\n .entropyCoder(\"cabac\")\n .profile(\"high\")\n .preset(\"veryfast\")\n .build())\n .build())\n .build(),\n JobConfigElementaryStreamArgs.builder()\n .key(\"video-stream1\")\n .videoStream(JobConfigElementaryStreamVideoStreamArgs.builder()\n .h264(JobConfigElementaryStreamVideoStreamH264Args.builder()\n .widthPixels(1280)\n .heightPixels(720)\n .bitrateBps(550000)\n .frameRate(60)\n .pixelFormat(\"yuv420p\")\n .rateControlMode(\"vbr\")\n .crfLevel(21)\n .gopDuration(\"3s\")\n .vbvSizeBits(2500000)\n .vbvFullnessBits(2250000)\n .entropyCoder(\"cabac\")\n .profile(\"high\")\n .preset(\"veryfast\")\n .build())\n .build())\n .build(),\n JobConfigElementaryStreamArgs.builder()\n .key(\"audio-stream0\")\n .audioStream(JobConfigElementaryStreamAudioStreamArgs.builder()\n .codec(\"aac\")\n .bitrateBps(64000)\n .channelCount(2)\n .channelLayouts( \n \"fl\",\n \"fr\")\n .sampleRateHertz(48000)\n .build())\n .build())\n .muxStreams( \n JobConfigMuxStreamArgs.builder()\n .key(\"sd\")\n .fileName(\"sd.mp4\")\n .container(\"mp4\")\n .elementaryStreams( \n \"video-stream0\",\n \"audio-stream0\")\n .build(),\n JobConfigMuxStreamArgs.builder()\n .key(\"hd\")\n .fileName(\"hd.mp4\")\n .container(\"mp4\")\n .elementaryStreams( \n \"video-stream1\",\n \"audio-stream0\")\n .build(),\n JobConfigMuxStreamArgs.builder()\n .key(\"media-sd\")\n .fileName(\"media-sd.ts\")\n .container(\"ts\")\n .elementaryStreams( \n \"video-stream0\",\n \"audio-stream0\")\n .build(),\n JobConfigMuxStreamArgs.builder()\n .key(\"media-hd\")\n .fileName(\"media-hd.ts\")\n .container(\"ts\")\n .elementaryStreams( \n \"video-stream1\",\n \"audio-stream0\")\n .build(),\n JobConfigMuxStreamArgs.builder()\n .key(\"video-only-sd\")\n .fileName(\"video-only-sd.m4s\")\n .container(\"fmp4\")\n .elementaryStreams(\"video-stream0\")\n .build(),\n JobConfigMuxStreamArgs.builder()\n .key(\"video-only-hd\")\n .fileName(\"video-only-hd.m4s\")\n .container(\"fmp4\")\n .elementaryStreams(\"video-stream1\")\n .build(),\n JobConfigMuxStreamArgs.builder()\n .key(\"audio-only\")\n .fileName(\"audio-only.m4s\")\n .container(\"fmp4\")\n .elementaryStreams(\"audio-stream0\")\n .build())\n .manifests( \n JobConfigManifestArgs.builder()\n .fileName(\"manifest.m3u8\")\n .type(\"HLS\")\n .muxStreams( \n \"media-sd\",\n \"media-hd\")\n .build(),\n JobConfigManifestArgs.builder()\n .fileName(\"manifest.mpd\")\n .type(\"DASH\")\n .muxStreams( \n \"video-only-sd\",\n \"video-only-hd\",\n \"audio-only\")\n .build())\n .output(JobConfigOutputArgs.builder()\n .uri(default_.name().applyValue(name -\u003e String.format(\"gs://%s/outputs/\", name)))\n .build())\n .build())\n .labels(Map.of(\"label\", \"key\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:storage:Bucket\n properties:\n name: transcoder-job\n location: US\n forceDestroy: true\n uniformBucketLevelAccess: true\n publicAccessPrevention: enforced\n exampleMp4:\n type: gcp:storage:BucketObject\n name: example_mp4\n properties:\n name: example.mp4\n source:\n fn::FileAsset: ./test-fixtures/example.mp4\n bucket: ${default.name}\n defaultJob:\n type: gcp:transcoder:Job\n name: default\n properties:\n location: us-central1\n config:\n inputs:\n - key: input0\n uri: gs://${default.name}/${exampleMp4.name}\n editLists:\n - key: atom0\n startTimeOffset: 0s\n inputs:\n - input0\n adBreaks:\n - startTimeOffset: 3.500s\n elementaryStreams:\n - key: video-stream0\n videoStream:\n h264:\n widthPixels: 640\n heightPixels: 360\n bitrateBps: 550000\n frameRate: 60\n pixelFormat: yuv420p\n rateControlMode: vbr\n crfLevel: 21\n gopDuration: 3s\n vbvSizeBits: 550000\n vbvFullnessBits: 495000\n entropyCoder: cabac\n profile: high\n preset: veryfast\n - key: video-stream1\n videoStream:\n h264:\n widthPixels: 1280\n heightPixels: 720\n bitrateBps: 550000\n frameRate: 60\n pixelFormat: yuv420p\n rateControlMode: vbr\n crfLevel: 21\n gopDuration: 3s\n vbvSizeBits: 2.5e+06\n vbvFullnessBits: 2.25e+06\n entropyCoder: cabac\n profile: high\n preset: veryfast\n - key: audio-stream0\n audioStream:\n codec: aac\n bitrateBps: 64000\n channelCount: 2\n channelLayouts:\n - fl\n - fr\n sampleRateHertz: 48000\n muxStreams:\n - key: sd\n fileName: sd.mp4\n container: mp4\n elementaryStreams:\n - video-stream0\n - audio-stream0\n - key: hd\n fileName: hd.mp4\n container: mp4\n elementaryStreams:\n - video-stream1\n - audio-stream0\n - key: media-sd\n fileName: media-sd.ts\n container: ts\n elementaryStreams:\n - video-stream0\n - audio-stream0\n - key: media-hd\n fileName: media-hd.ts\n container: ts\n elementaryStreams:\n - video-stream1\n - audio-stream0\n - key: video-only-sd\n fileName: video-only-sd.m4s\n container: fmp4\n elementaryStreams:\n - video-stream0\n - key: video-only-hd\n fileName: video-only-hd.m4s\n container: fmp4\n elementaryStreams:\n - video-stream1\n - key: audio-only\n fileName: audio-only.m4s\n container: fmp4\n elementaryStreams:\n - audio-stream0\n manifests:\n - fileName: manifest.m3u8\n type: HLS\n muxStreams:\n - media-sd\n - media-hd\n - fileName: manifest.mpd\n type: DASH\n muxStreams:\n - video-only-sd\n - video-only-hd\n - audio-only\n output:\n uri: gs://${default.name}/outputs/\n labels:\n label: key\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nJob can be imported using any of these accepted formats:\n\n* `{{project}}/{{name}}`\n\n* `{{project}} {{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Job can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:transcoder/job:Job default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:transcoder/job:Job default \"{{project}} {{name}}\"\n```\n\n```sh\n$ pulumi import gcp:transcoder/job:Job default {{name}}\n```\n\n", + "description": "Transcoding Job Resource\n\n\nTo get more information about Job, see:\n\n* [API documentation](https://cloud.google.com/transcoder/docs/reference/rest/v1/projects.locations.jobs)\n* How-to Guides\n * [Transcoder](https://cloud.google.com/transcoder/docs/)\n\n## Example Usage\n\n### Transcoder Job Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.storage.Bucket(\"default\", {\n name: \"transcoder-job\",\n location: \"US\",\n forceDestroy: true,\n uniformBucketLevelAccess: true,\n publicAccessPrevention: \"enforced\",\n});\nconst exampleMp4 = new gcp.storage.BucketObject(\"example_mp4\", {\n name: \"example.mp4\",\n source: new pulumi.asset.FileAsset(\"./test-fixtures/example.mp4\"),\n bucket: _default.name,\n});\nconst defaultJobTemplate = new gcp.transcoder.JobTemplate(\"default\", {\n jobTemplateId: \"example-job-template\",\n location: \"us-central1\",\n config: {\n inputs: [{\n key: \"input0\",\n uri: pulumi.interpolate`gs://${_default.name}/${exampleMp4.name}`,\n }],\n output: {\n uri: pulumi.interpolate`gs://${_default.name}/outputs/`,\n },\n editLists: [{\n key: \"atom0\",\n inputs: [\"input0\"],\n startTimeOffset: \"0s\",\n }],\n elementaryStreams: [\n {\n key: \"video-stream0\",\n videoStream: {\n h264: {\n widthPixels: 640,\n heightPixels: 360,\n bitrateBps: 550000,\n frameRate: 60,\n pixelFormat: \"yuv420p\",\n rateControlMode: \"vbr\",\n crfLevel: 21,\n gopDuration: \"3s\",\n vbvSizeBits: 550000,\n vbvFullnessBits: 495000,\n entropyCoder: \"cabac\",\n profile: \"high\",\n preset: \"veryfast\",\n },\n },\n },\n {\n key: \"video-stream1\",\n videoStream: {\n h264: {\n widthPixels: 1280,\n heightPixels: 720,\n bitrateBps: 550000,\n frameRate: 60,\n pixelFormat: \"yuv420p\",\n rateControlMode: \"vbr\",\n crfLevel: 21,\n gopDuration: \"3s\",\n vbvSizeBits: 2500000,\n vbvFullnessBits: 2250000,\n entropyCoder: \"cabac\",\n profile: \"high\",\n preset: \"veryfast\",\n },\n },\n },\n {\n key: \"audio-stream0\",\n audioStream: {\n codec: \"aac\",\n bitrateBps: 64000,\n channelCount: 2,\n channelLayouts: [\n \"fl\",\n \"fr\",\n ],\n sampleRateHertz: 48000,\n },\n },\n ],\n muxStreams: [\n {\n key: \"sd\",\n fileName: \"sd.mp4\",\n container: \"mp4\",\n elementaryStreams: [\n \"video-stream0\",\n \"audio-stream0\",\n ],\n },\n {\n key: \"hd\",\n fileName: \"hd.mp4\",\n container: \"mp4\",\n elementaryStreams: [\n \"video-stream1\",\n \"audio-stream0\",\n ],\n },\n ],\n },\n labels: {\n label: \"key\",\n },\n});\nconst defaultJob = new gcp.transcoder.Job(\"default\", {\n templateId: defaultJobTemplate.name,\n location: \"us-central1\",\n labels: {\n label: \"key\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.storage.Bucket(\"default\",\n name=\"transcoder-job\",\n location=\"US\",\n force_destroy=True,\n uniform_bucket_level_access=True,\n public_access_prevention=\"enforced\")\nexample_mp4 = gcp.storage.BucketObject(\"example_mp4\",\n name=\"example.mp4\",\n source=pulumi.FileAsset(\"./test-fixtures/example.mp4\"),\n bucket=default.name)\ndefault_job_template = gcp.transcoder.JobTemplate(\"default\",\n job_template_id=\"example-job-template\",\n location=\"us-central1\",\n config={\n \"inputs\": [{\n \"key\": \"input0\",\n \"uri\": pulumi.Output.all(\n defaultName=default.name,\n exampleMp4Name=example_mp4.name\n).apply(lambda resolved_outputs: f\"gs://{resolved_outputs['defaultName']}/{resolved_outputs['exampleMp4Name']}\")\n,\n }],\n \"output\": {\n \"uri\": default.name.apply(lambda name: f\"gs://{name}/outputs/\"),\n },\n \"edit_lists\": [{\n \"key\": \"atom0\",\n \"inputs\": [\"input0\"],\n \"start_time_offset\": \"0s\",\n }],\n \"elementary_streams\": [\n {\n \"key\": \"video-stream0\",\n \"video_stream\": {\n \"h264\": {\n \"width_pixels\": 640,\n \"height_pixels\": 360,\n \"bitrate_bps\": 550000,\n \"frame_rate\": 60,\n \"pixel_format\": \"yuv420p\",\n \"rate_control_mode\": \"vbr\",\n \"crf_level\": 21,\n \"gop_duration\": \"3s\",\n \"vbv_size_bits\": 550000,\n \"vbv_fullness_bits\": 495000,\n \"entropy_coder\": \"cabac\",\n \"profile\": \"high\",\n \"preset\": \"veryfast\",\n },\n },\n },\n {\n \"key\": \"video-stream1\",\n \"video_stream\": {\n \"h264\": {\n \"width_pixels\": 1280,\n \"height_pixels\": 720,\n \"bitrate_bps\": 550000,\n \"frame_rate\": 60,\n \"pixel_format\": \"yuv420p\",\n \"rate_control_mode\": \"vbr\",\n \"crf_level\": 21,\n \"gop_duration\": \"3s\",\n \"vbv_size_bits\": 2500000,\n \"vbv_fullness_bits\": 2250000,\n \"entropy_coder\": \"cabac\",\n \"profile\": \"high\",\n \"preset\": \"veryfast\",\n },\n },\n },\n {\n \"key\": \"audio-stream0\",\n \"audio_stream\": {\n \"codec\": \"aac\",\n \"bitrate_bps\": 64000,\n \"channel_count\": 2,\n \"channel_layouts\": [\n \"fl\",\n \"fr\",\n ],\n \"sample_rate_hertz\": 48000,\n },\n },\n ],\n \"mux_streams\": [\n {\n \"key\": \"sd\",\n \"file_name\": \"sd.mp4\",\n \"container\": \"mp4\",\n \"elementary_streams\": [\n \"video-stream0\",\n \"audio-stream0\",\n ],\n },\n {\n \"key\": \"hd\",\n \"file_name\": \"hd.mp4\",\n \"container\": \"mp4\",\n \"elementary_streams\": [\n \"video-stream1\",\n \"audio-stream0\",\n ],\n },\n ],\n },\n labels={\n \"label\": \"key\",\n })\ndefault_job = gcp.transcoder.Job(\"default\",\n template_id=default_job_template.name,\n location=\"us-central1\",\n labels={\n \"label\": \"key\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Storage.Bucket(\"default\", new()\n {\n Name = \"transcoder-job\",\n Location = \"US\",\n ForceDestroy = true,\n UniformBucketLevelAccess = true,\n PublicAccessPrevention = \"enforced\",\n });\n\n var exampleMp4 = new Gcp.Storage.BucketObject(\"example_mp4\", new()\n {\n Name = \"example.mp4\",\n Source = new FileAsset(\"./test-fixtures/example.mp4\"),\n Bucket = @default.Name,\n });\n\n var defaultJobTemplate = new Gcp.Transcoder.JobTemplate(\"default\", new()\n {\n JobTemplateId = \"example-job-template\",\n Location = \"us-central1\",\n Config = new Gcp.Transcoder.Inputs.JobTemplateConfigArgs\n {\n Inputs = new[]\n {\n new Gcp.Transcoder.Inputs.JobTemplateConfigInputArgs\n {\n Key = \"input0\",\n Uri = Output.Tuple(@default.Name, exampleMp4.Name).Apply(values =\u003e\n {\n var defaultName = values.Item1;\n var exampleMp4Name = values.Item2;\n return $\"gs://{defaultName}/{exampleMp4Name}\";\n }),\n },\n },\n Output = new Gcp.Transcoder.Inputs.JobTemplateConfigOutputArgs\n {\n Uri = @default.Name.Apply(name =\u003e $\"gs://{name}/outputs/\"),\n },\n EditLists = new[]\n {\n new Gcp.Transcoder.Inputs.JobTemplateConfigEditListArgs\n {\n Key = \"atom0\",\n Inputs = new[]\n {\n \"input0\",\n },\n StartTimeOffset = \"0s\",\n },\n },\n ElementaryStreams = new[]\n {\n new Gcp.Transcoder.Inputs.JobTemplateConfigElementaryStreamArgs\n {\n Key = \"video-stream0\",\n VideoStream = new Gcp.Transcoder.Inputs.JobTemplateConfigElementaryStreamVideoStreamArgs\n {\n H264 = new Gcp.Transcoder.Inputs.JobTemplateConfigElementaryStreamVideoStreamH264Args\n {\n WidthPixels = 640,\n HeightPixels = 360,\n BitrateBps = 550000,\n FrameRate = 60,\n PixelFormat = \"yuv420p\",\n RateControlMode = \"vbr\",\n CrfLevel = 21,\n GopDuration = \"3s\",\n VbvSizeBits = 550000,\n VbvFullnessBits = 495000,\n EntropyCoder = \"cabac\",\n Profile = \"high\",\n Preset = \"veryfast\",\n },\n },\n },\n new Gcp.Transcoder.Inputs.JobTemplateConfigElementaryStreamArgs\n {\n Key = \"video-stream1\",\n VideoStream = new Gcp.Transcoder.Inputs.JobTemplateConfigElementaryStreamVideoStreamArgs\n {\n H264 = new Gcp.Transcoder.Inputs.JobTemplateConfigElementaryStreamVideoStreamH264Args\n {\n WidthPixels = 1280,\n HeightPixels = 720,\n BitrateBps = 550000,\n FrameRate = 60,\n PixelFormat = \"yuv420p\",\n RateControlMode = \"vbr\",\n CrfLevel = 21,\n GopDuration = \"3s\",\n VbvSizeBits = 2500000,\n VbvFullnessBits = 2250000,\n EntropyCoder = \"cabac\",\n Profile = \"high\",\n Preset = \"veryfast\",\n },\n },\n },\n new Gcp.Transcoder.Inputs.JobTemplateConfigElementaryStreamArgs\n {\n Key = \"audio-stream0\",\n AudioStream = new Gcp.Transcoder.Inputs.JobTemplateConfigElementaryStreamAudioStreamArgs\n {\n Codec = \"aac\",\n BitrateBps = 64000,\n ChannelCount = 2,\n ChannelLayouts = new[]\n {\n \"fl\",\n \"fr\",\n },\n SampleRateHertz = 48000,\n },\n },\n },\n MuxStreams = new[]\n {\n new Gcp.Transcoder.Inputs.JobTemplateConfigMuxStreamArgs\n {\n Key = \"sd\",\n FileName = \"sd.mp4\",\n Container = \"mp4\",\n ElementaryStreams = new[]\n {\n \"video-stream0\",\n \"audio-stream0\",\n },\n },\n new Gcp.Transcoder.Inputs.JobTemplateConfigMuxStreamArgs\n {\n Key = \"hd\",\n FileName = \"hd.mp4\",\n Container = \"mp4\",\n ElementaryStreams = new[]\n {\n \"video-stream1\",\n \"audio-stream0\",\n },\n },\n },\n },\n Labels = \n {\n { \"label\", \"key\" },\n },\n });\n\n var defaultJob = new Gcp.Transcoder.Job(\"default\", new()\n {\n TemplateId = defaultJobTemplate.Name,\n Location = \"us-central1\",\n Labels = \n {\n { \"label\", \"key\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/transcoder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucket(ctx, \"default\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"transcoder-job\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t\tPublicAccessPrevention: pulumi.String(\"enforced\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleMp4, err := storage.NewBucketObject(ctx, \"example_mp4\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"example.mp4\"),\n\t\t\tSource: pulumi.NewFileAsset(\"./test-fixtures/example.mp4\"),\n\t\t\tBucket: _default.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultJobTemplate, err := transcoder.NewJobTemplate(ctx, \"default\", \u0026transcoder.JobTemplateArgs{\n\t\t\tJobTemplateId: pulumi.String(\"example-job-template\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConfig: \u0026transcoder.JobTemplateConfigArgs{\n\t\t\t\tInputs: transcoder.JobTemplateConfigInputTypeArray{\n\t\t\t\t\t\u0026transcoder.JobTemplateConfigInputTypeArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"input0\"),\n\t\t\t\t\t\tUri: pulumi.All(_default.Name, exampleMp4.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\t\tdefaultName := _args[0].(string)\n\t\t\t\t\t\t\texampleMp4Name := _args[1].(string)\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/%v\", defaultName, exampleMp4Name), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tOutput: \u0026transcoder.JobTemplateConfigOutputTypeArgs{\n\t\t\t\t\tUri: _default.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/outputs/\", name), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t},\n\t\t\t\tEditLists: transcoder.JobTemplateConfigEditListArray{\n\t\t\t\t\t\u0026transcoder.JobTemplateConfigEditListArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"atom0\"),\n\t\t\t\t\t\tInputs: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"input0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tStartTimeOffset: pulumi.String(\"0s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tElementaryStreams: transcoder.JobTemplateConfigElementaryStreamArray{\n\t\t\t\t\t\u0026transcoder.JobTemplateConfigElementaryStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"video-stream0\"),\n\t\t\t\t\t\tVideoStream: \u0026transcoder.JobTemplateConfigElementaryStreamVideoStreamArgs{\n\t\t\t\t\t\t\tH264: \u0026transcoder.JobTemplateConfigElementaryStreamVideoStreamH264Args{\n\t\t\t\t\t\t\t\tWidthPixels: pulumi.Int(640),\n\t\t\t\t\t\t\t\tHeightPixels: pulumi.Int(360),\n\t\t\t\t\t\t\t\tBitrateBps: pulumi.Int(550000),\n\t\t\t\t\t\t\t\tFrameRate: pulumi.Int(60),\n\t\t\t\t\t\t\t\tPixelFormat: pulumi.String(\"yuv420p\"),\n\t\t\t\t\t\t\t\tRateControlMode: pulumi.String(\"vbr\"),\n\t\t\t\t\t\t\t\tCrfLevel: pulumi.Int(21),\n\t\t\t\t\t\t\t\tGopDuration: pulumi.String(\"3s\"),\n\t\t\t\t\t\t\t\tVbvSizeBits: pulumi.Int(550000),\n\t\t\t\t\t\t\t\tVbvFullnessBits: pulumi.Int(495000),\n\t\t\t\t\t\t\t\tEntropyCoder: pulumi.String(\"cabac\"),\n\t\t\t\t\t\t\t\tProfile: pulumi.String(\"high\"),\n\t\t\t\t\t\t\t\tPreset: pulumi.String(\"veryfast\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobTemplateConfigElementaryStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"video-stream1\"),\n\t\t\t\t\t\tVideoStream: \u0026transcoder.JobTemplateConfigElementaryStreamVideoStreamArgs{\n\t\t\t\t\t\t\tH264: \u0026transcoder.JobTemplateConfigElementaryStreamVideoStreamH264Args{\n\t\t\t\t\t\t\t\tWidthPixels: pulumi.Int(1280),\n\t\t\t\t\t\t\t\tHeightPixels: pulumi.Int(720),\n\t\t\t\t\t\t\t\tBitrateBps: pulumi.Int(550000),\n\t\t\t\t\t\t\t\tFrameRate: pulumi.Int(60),\n\t\t\t\t\t\t\t\tPixelFormat: pulumi.String(\"yuv420p\"),\n\t\t\t\t\t\t\t\tRateControlMode: pulumi.String(\"vbr\"),\n\t\t\t\t\t\t\t\tCrfLevel: pulumi.Int(21),\n\t\t\t\t\t\t\t\tGopDuration: pulumi.String(\"3s\"),\n\t\t\t\t\t\t\t\tVbvSizeBits: pulumi.Int(2500000),\n\t\t\t\t\t\t\t\tVbvFullnessBits: pulumi.Int(2250000),\n\t\t\t\t\t\t\t\tEntropyCoder: pulumi.String(\"cabac\"),\n\t\t\t\t\t\t\t\tProfile: pulumi.String(\"high\"),\n\t\t\t\t\t\t\t\tPreset: pulumi.String(\"veryfast\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobTemplateConfigElementaryStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"audio-stream0\"),\n\t\t\t\t\t\tAudioStream: \u0026transcoder.JobTemplateConfigElementaryStreamAudioStreamArgs{\n\t\t\t\t\t\t\tCodec: pulumi.String(\"aac\"),\n\t\t\t\t\t\t\tBitrateBps: pulumi.Int(64000),\n\t\t\t\t\t\t\tChannelCount: pulumi.Int(2),\n\t\t\t\t\t\t\tChannelLayouts: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"fl\"),\n\t\t\t\t\t\t\t\tpulumi.String(\"fr\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tSampleRateHertz: pulumi.Int(48000),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tMuxStreams: transcoder.JobTemplateConfigMuxStreamArray{\n\t\t\t\t\t\u0026transcoder.JobTemplateConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sd\"),\n\t\t\t\t\t\tFileName: pulumi.String(\"sd.mp4\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"mp4\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"video-stream0\"),\n\t\t\t\t\t\t\tpulumi.String(\"audio-stream0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobTemplateConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"hd\"),\n\t\t\t\t\t\tFileName: pulumi.String(\"hd.mp4\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"mp4\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"video-stream1\"),\n\t\t\t\t\t\t\tpulumi.String(\"audio-stream0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label\": pulumi.String(\"key\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = transcoder.NewJob(ctx, \"default\", \u0026transcoder.JobArgs{\n\t\t\tTemplateId: defaultJobTemplate.Name,\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label\": pulumi.String(\"key\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.transcoder.JobTemplate;\nimport com.pulumi.gcp.transcoder.JobTemplateArgs;\nimport com.pulumi.gcp.transcoder.inputs.JobTemplateConfigArgs;\nimport com.pulumi.gcp.transcoder.inputs.JobTemplateConfigOutputArgs;\nimport com.pulumi.gcp.transcoder.Job;\nimport com.pulumi.gcp.transcoder.JobArgs;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Bucket(\"default\", BucketArgs.builder()\n .name(\"transcoder-job\")\n .location(\"US\")\n .forceDestroy(true)\n .uniformBucketLevelAccess(true)\n .publicAccessPrevention(\"enforced\")\n .build());\n\n var exampleMp4 = new BucketObject(\"exampleMp4\", BucketObjectArgs.builder()\n .name(\"example.mp4\")\n .source(new FileAsset(\"./test-fixtures/example.mp4\"))\n .bucket(default_.name())\n .build());\n\n var defaultJobTemplate = new JobTemplate(\"defaultJobTemplate\", JobTemplateArgs.builder()\n .jobTemplateId(\"example-job-template\")\n .location(\"us-central1\")\n .config(JobTemplateConfigArgs.builder()\n .inputs(JobTemplateConfigInputArgs.builder()\n .key(\"input0\")\n .uri(Output.tuple(default_.name(), exampleMp4.name()).applyValue(values -\u003e {\n var defaultName = values.t1;\n var exampleMp4Name = values.t2;\n return String.format(\"gs://%s/%s\", defaultName,exampleMp4Name);\n }))\n .build())\n .output(JobTemplateConfigOutputArgs.builder()\n .uri(default_.name().applyValue(name -\u003e String.format(\"gs://%s/outputs/\", name)))\n .build())\n .editLists(JobTemplateConfigEditListArgs.builder()\n .key(\"atom0\")\n .inputs(\"input0\")\n .startTimeOffset(\"0s\")\n .build())\n .elementaryStreams( \n JobTemplateConfigElementaryStreamArgs.builder()\n .key(\"video-stream0\")\n .videoStream(JobTemplateConfigElementaryStreamVideoStreamArgs.builder()\n .h264(JobTemplateConfigElementaryStreamVideoStreamH264Args.builder()\n .widthPixels(640)\n .heightPixels(360)\n .bitrateBps(550000)\n .frameRate(60)\n .pixelFormat(\"yuv420p\")\n .rateControlMode(\"vbr\")\n .crfLevel(21)\n .gopDuration(\"3s\")\n .vbvSizeBits(550000)\n .vbvFullnessBits(495000)\n .entropyCoder(\"cabac\")\n .profile(\"high\")\n .preset(\"veryfast\")\n .build())\n .build())\n .build(),\n JobTemplateConfigElementaryStreamArgs.builder()\n .key(\"video-stream1\")\n .videoStream(JobTemplateConfigElementaryStreamVideoStreamArgs.builder()\n .h264(JobTemplateConfigElementaryStreamVideoStreamH264Args.builder()\n .widthPixels(1280)\n .heightPixels(720)\n .bitrateBps(550000)\n .frameRate(60)\n .pixelFormat(\"yuv420p\")\n .rateControlMode(\"vbr\")\n .crfLevel(21)\n .gopDuration(\"3s\")\n .vbvSizeBits(2500000)\n .vbvFullnessBits(2250000)\n .entropyCoder(\"cabac\")\n .profile(\"high\")\n .preset(\"veryfast\")\n .build())\n .build())\n .build(),\n JobTemplateConfigElementaryStreamArgs.builder()\n .key(\"audio-stream0\")\n .audioStream(JobTemplateConfigElementaryStreamAudioStreamArgs.builder()\n .codec(\"aac\")\n .bitrateBps(64000)\n .channelCount(2)\n .channelLayouts( \n \"fl\",\n \"fr\")\n .sampleRateHertz(48000)\n .build())\n .build())\n .muxStreams( \n JobTemplateConfigMuxStreamArgs.builder()\n .key(\"sd\")\n .fileName(\"sd.mp4\")\n .container(\"mp4\")\n .elementaryStreams( \n \"video-stream0\",\n \"audio-stream0\")\n .build(),\n JobTemplateConfigMuxStreamArgs.builder()\n .key(\"hd\")\n .fileName(\"hd.mp4\")\n .container(\"mp4\")\n .elementaryStreams( \n \"video-stream1\",\n \"audio-stream0\")\n .build())\n .build())\n .labels(Map.of(\"label\", \"key\"))\n .build());\n\n var defaultJob = new Job(\"defaultJob\", JobArgs.builder()\n .templateId(defaultJobTemplate.name())\n .location(\"us-central1\")\n .labels(Map.of(\"label\", \"key\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:storage:Bucket\n properties:\n name: transcoder-job\n location: US\n forceDestroy: true\n uniformBucketLevelAccess: true\n publicAccessPrevention: enforced\n exampleMp4:\n type: gcp:storage:BucketObject\n name: example_mp4\n properties:\n name: example.mp4\n source:\n fn::FileAsset: ./test-fixtures/example.mp4\n bucket: ${default.name}\n defaultJob:\n type: gcp:transcoder:Job\n name: default\n properties:\n templateId: ${defaultJobTemplate.name}\n location: us-central1\n labels:\n label: key\n defaultJobTemplate:\n type: gcp:transcoder:JobTemplate\n name: default\n properties:\n jobTemplateId: example-job-template\n location: us-central1\n config:\n inputs:\n - key: input0\n uri: gs://${default.name}/${exampleMp4.name}\n output:\n uri: gs://${default.name}/outputs/\n editLists:\n - key: atom0\n inputs:\n - input0\n startTimeOffset: 0s\n elementaryStreams:\n - key: video-stream0\n videoStream:\n h264:\n widthPixels: 640\n heightPixels: 360\n bitrateBps: 550000\n frameRate: 60\n pixelFormat: yuv420p\n rateControlMode: vbr\n crfLevel: 21\n gopDuration: 3s\n vbvSizeBits: 550000\n vbvFullnessBits: 495000\n entropyCoder: cabac\n profile: high\n preset: veryfast\n - key: video-stream1\n videoStream:\n h264:\n widthPixels: 1280\n heightPixels: 720\n bitrateBps: 550000\n frameRate: 60\n pixelFormat: yuv420p\n rateControlMode: vbr\n crfLevel: 21\n gopDuration: 3s\n vbvSizeBits: 2.5e+06\n vbvFullnessBits: 2.25e+06\n entropyCoder: cabac\n profile: high\n preset: veryfast\n - key: audio-stream0\n audioStream:\n codec: aac\n bitrateBps: 64000\n channelCount: 2\n channelLayouts:\n - fl\n - fr\n sampleRateHertz: 48000\n muxStreams:\n - key: sd\n fileName: sd.mp4\n container: mp4\n elementaryStreams:\n - video-stream0\n - audio-stream0\n - key: hd\n fileName: hd.mp4\n container: mp4\n elementaryStreams:\n - video-stream1\n - audio-stream0\n labels:\n label: key\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Transcoder Job Pubsub\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.storage.Bucket(\"default\", {\n name: \"transcoder-job\",\n location: \"US\",\n forceDestroy: true,\n uniformBucketLevelAccess: true,\n publicAccessPrevention: \"enforced\",\n});\nconst exampleMp4 = new gcp.storage.BucketObject(\"example_mp4\", {\n name: \"example.mp4\",\n source: new pulumi.asset.FileAsset(\"./test-fixtures/example.mp4\"),\n bucket: _default.name,\n});\nconst transcoderNotifications = new gcp.pubsub.Topic(\"transcoder_notifications\", {name: \"transcoder-notifications\"});\nconst defaultJob = new gcp.transcoder.Job(\"default\", {\n location: \"us-central1\",\n config: {\n inputs: [{\n key: \"input0\",\n uri: pulumi.interpolate`gs://${_default.name}/${exampleMp4.name}`,\n }],\n editLists: [{\n key: \"atom0\",\n inputs: [\"input0\"],\n startTimeOffset: \"0s\",\n }],\n adBreaks: [{\n startTimeOffset: \"3.500s\",\n }],\n elementaryStreams: [\n {\n key: \"video-stream0\",\n videoStream: {\n h264: {\n widthPixels: 640,\n heightPixels: 360,\n bitrateBps: 550000,\n frameRate: 60,\n pixelFormat: \"yuv420p\",\n rateControlMode: \"vbr\",\n crfLevel: 21,\n gopDuration: \"3s\",\n vbvSizeBits: 550000,\n vbvFullnessBits: 495000,\n entropyCoder: \"cabac\",\n profile: \"high\",\n preset: \"veryfast\",\n },\n },\n },\n {\n key: \"video-stream1\",\n videoStream: {\n h264: {\n widthPixels: 1280,\n heightPixels: 720,\n bitrateBps: 550000,\n frameRate: 60,\n pixelFormat: \"yuv420p\",\n rateControlMode: \"vbr\",\n crfLevel: 21,\n gopDuration: \"3s\",\n vbvSizeBits: 2500000,\n vbvFullnessBits: 2250000,\n entropyCoder: \"cabac\",\n profile: \"high\",\n preset: \"veryfast\",\n },\n },\n },\n {\n key: \"audio-stream0\",\n audioStream: {\n codec: \"aac\",\n bitrateBps: 64000,\n channelCount: 2,\n channelLayouts: [\n \"fl\",\n \"fr\",\n ],\n sampleRateHertz: 48000,\n },\n },\n ],\n muxStreams: [\n {\n key: \"sd\",\n fileName: \"sd.mp4\",\n container: \"mp4\",\n elementaryStreams: [\n \"video-stream0\",\n \"audio-stream0\",\n ],\n },\n {\n key: \"hd\",\n fileName: \"hd.mp4\",\n container: \"mp4\",\n elementaryStreams: [\n \"video-stream1\",\n \"audio-stream0\",\n ],\n },\n ],\n pubsubDestination: {\n topic: transcoderNotifications.id,\n },\n output: {\n uri: pulumi.interpolate`gs://${_default.name}/outputs/`,\n },\n },\n labels: {\n label: \"key\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.storage.Bucket(\"default\",\n name=\"transcoder-job\",\n location=\"US\",\n force_destroy=True,\n uniform_bucket_level_access=True,\n public_access_prevention=\"enforced\")\nexample_mp4 = gcp.storage.BucketObject(\"example_mp4\",\n name=\"example.mp4\",\n source=pulumi.FileAsset(\"./test-fixtures/example.mp4\"),\n bucket=default.name)\ntranscoder_notifications = gcp.pubsub.Topic(\"transcoder_notifications\", name=\"transcoder-notifications\")\ndefault_job = gcp.transcoder.Job(\"default\",\n location=\"us-central1\",\n config={\n \"inputs\": [{\n \"key\": \"input0\",\n \"uri\": pulumi.Output.all(\n defaultName=default.name,\n exampleMp4Name=example_mp4.name\n).apply(lambda resolved_outputs: f\"gs://{resolved_outputs['defaultName']}/{resolved_outputs['exampleMp4Name']}\")\n,\n }],\n \"edit_lists\": [{\n \"key\": \"atom0\",\n \"inputs\": [\"input0\"],\n \"start_time_offset\": \"0s\",\n }],\n \"ad_breaks\": [{\n \"start_time_offset\": \"3.500s\",\n }],\n \"elementary_streams\": [\n {\n \"key\": \"video-stream0\",\n \"video_stream\": {\n \"h264\": {\n \"width_pixels\": 640,\n \"height_pixels\": 360,\n \"bitrate_bps\": 550000,\n \"frame_rate\": 60,\n \"pixel_format\": \"yuv420p\",\n \"rate_control_mode\": \"vbr\",\n \"crf_level\": 21,\n \"gop_duration\": \"3s\",\n \"vbv_size_bits\": 550000,\n \"vbv_fullness_bits\": 495000,\n \"entropy_coder\": \"cabac\",\n \"profile\": \"high\",\n \"preset\": \"veryfast\",\n },\n },\n },\n {\n \"key\": \"video-stream1\",\n \"video_stream\": {\n \"h264\": {\n \"width_pixels\": 1280,\n \"height_pixels\": 720,\n \"bitrate_bps\": 550000,\n \"frame_rate\": 60,\n \"pixel_format\": \"yuv420p\",\n \"rate_control_mode\": \"vbr\",\n \"crf_level\": 21,\n \"gop_duration\": \"3s\",\n \"vbv_size_bits\": 2500000,\n \"vbv_fullness_bits\": 2250000,\n \"entropy_coder\": \"cabac\",\n \"profile\": \"high\",\n \"preset\": \"veryfast\",\n },\n },\n },\n {\n \"key\": \"audio-stream0\",\n \"audio_stream\": {\n \"codec\": \"aac\",\n \"bitrate_bps\": 64000,\n \"channel_count\": 2,\n \"channel_layouts\": [\n \"fl\",\n \"fr\",\n ],\n \"sample_rate_hertz\": 48000,\n },\n },\n ],\n \"mux_streams\": [\n {\n \"key\": \"sd\",\n \"file_name\": \"sd.mp4\",\n \"container\": \"mp4\",\n \"elementary_streams\": [\n \"video-stream0\",\n \"audio-stream0\",\n ],\n },\n {\n \"key\": \"hd\",\n \"file_name\": \"hd.mp4\",\n \"container\": \"mp4\",\n \"elementary_streams\": [\n \"video-stream1\",\n \"audio-stream0\",\n ],\n },\n ],\n \"pubsub_destination\": {\n \"topic\": transcoder_notifications.id,\n },\n \"output\": {\n \"uri\": default.name.apply(lambda name: f\"gs://{name}/outputs/\"),\n },\n },\n labels={\n \"label\": \"key\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Storage.Bucket(\"default\", new()\n {\n Name = \"transcoder-job\",\n Location = \"US\",\n ForceDestroy = true,\n UniformBucketLevelAccess = true,\n PublicAccessPrevention = \"enforced\",\n });\n\n var exampleMp4 = new Gcp.Storage.BucketObject(\"example_mp4\", new()\n {\n Name = \"example.mp4\",\n Source = new FileAsset(\"./test-fixtures/example.mp4\"),\n Bucket = @default.Name,\n });\n\n var transcoderNotifications = new Gcp.PubSub.Topic(\"transcoder_notifications\", new()\n {\n Name = \"transcoder-notifications\",\n });\n\n var defaultJob = new Gcp.Transcoder.Job(\"default\", new()\n {\n Location = \"us-central1\",\n Config = new Gcp.Transcoder.Inputs.JobConfigArgs\n {\n Inputs = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigInputArgs\n {\n Key = \"input0\",\n Uri = Output.Tuple(@default.Name, exampleMp4.Name).Apply(values =\u003e\n {\n var defaultName = values.Item1;\n var exampleMp4Name = values.Item2;\n return $\"gs://{defaultName}/{exampleMp4Name}\";\n }),\n },\n },\n EditLists = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigEditListArgs\n {\n Key = \"atom0\",\n Inputs = new[]\n {\n \"input0\",\n },\n StartTimeOffset = \"0s\",\n },\n },\n AdBreaks = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigAdBreakArgs\n {\n StartTimeOffset = \"3.500s\",\n },\n },\n ElementaryStreams = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigElementaryStreamArgs\n {\n Key = \"video-stream0\",\n VideoStream = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamVideoStreamArgs\n {\n H264 = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamVideoStreamH264Args\n {\n WidthPixels = 640,\n HeightPixels = 360,\n BitrateBps = 550000,\n FrameRate = 60,\n PixelFormat = \"yuv420p\",\n RateControlMode = \"vbr\",\n CrfLevel = 21,\n GopDuration = \"3s\",\n VbvSizeBits = 550000,\n VbvFullnessBits = 495000,\n EntropyCoder = \"cabac\",\n Profile = \"high\",\n Preset = \"veryfast\",\n },\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigElementaryStreamArgs\n {\n Key = \"video-stream1\",\n VideoStream = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamVideoStreamArgs\n {\n H264 = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamVideoStreamH264Args\n {\n WidthPixels = 1280,\n HeightPixels = 720,\n BitrateBps = 550000,\n FrameRate = 60,\n PixelFormat = \"yuv420p\",\n RateControlMode = \"vbr\",\n CrfLevel = 21,\n GopDuration = \"3s\",\n VbvSizeBits = 2500000,\n VbvFullnessBits = 2250000,\n EntropyCoder = \"cabac\",\n Profile = \"high\",\n Preset = \"veryfast\",\n },\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigElementaryStreamArgs\n {\n Key = \"audio-stream0\",\n AudioStream = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamAudioStreamArgs\n {\n Codec = \"aac\",\n BitrateBps = 64000,\n ChannelCount = 2,\n ChannelLayouts = new[]\n {\n \"fl\",\n \"fr\",\n },\n SampleRateHertz = 48000,\n },\n },\n },\n MuxStreams = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigMuxStreamArgs\n {\n Key = \"sd\",\n FileName = \"sd.mp4\",\n Container = \"mp4\",\n ElementaryStreams = new[]\n {\n \"video-stream0\",\n \"audio-stream0\",\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigMuxStreamArgs\n {\n Key = \"hd\",\n FileName = \"hd.mp4\",\n Container = \"mp4\",\n ElementaryStreams = new[]\n {\n \"video-stream1\",\n \"audio-stream0\",\n },\n },\n },\n PubsubDestination = new Gcp.Transcoder.Inputs.JobConfigPubsubDestinationArgs\n {\n Topic = transcoderNotifications.Id,\n },\n Output = new Gcp.Transcoder.Inputs.JobConfigOutputArgs\n {\n Uri = @default.Name.Apply(name =\u003e $\"gs://{name}/outputs/\"),\n },\n },\n Labels = \n {\n { \"label\", \"key\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/transcoder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucket(ctx, \"default\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"transcoder-job\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t\tPublicAccessPrevention: pulumi.String(\"enforced\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleMp4, err := storage.NewBucketObject(ctx, \"example_mp4\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"example.mp4\"),\n\t\t\tSource: pulumi.NewFileAsset(\"./test-fixtures/example.mp4\"),\n\t\t\tBucket: _default.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttranscoderNotifications, err := pubsub.NewTopic(ctx, \"transcoder_notifications\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"transcoder-notifications\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = transcoder.NewJob(ctx, \"default\", \u0026transcoder.JobArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConfig: \u0026transcoder.JobConfigArgs{\n\t\t\t\tInputs: transcoder.JobConfigInputTypeArray{\n\t\t\t\t\t\u0026transcoder.JobConfigInputTypeArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"input0\"),\n\t\t\t\t\t\tUri: pulumi.All(_default.Name, exampleMp4.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\t\tdefaultName := _args[0].(string)\n\t\t\t\t\t\t\texampleMp4Name := _args[1].(string)\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/%v\", defaultName, exampleMp4Name), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tEditLists: transcoder.JobConfigEditListArray{\n\t\t\t\t\t\u0026transcoder.JobConfigEditListArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"atom0\"),\n\t\t\t\t\t\tInputs: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"input0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tStartTimeOffset: pulumi.String(\"0s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tAdBreaks: transcoder.JobConfigAdBreakArray{\n\t\t\t\t\t\u0026transcoder.JobConfigAdBreakArgs{\n\t\t\t\t\t\tStartTimeOffset: pulumi.String(\"3.500s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tElementaryStreams: transcoder.JobConfigElementaryStreamArray{\n\t\t\t\t\t\u0026transcoder.JobConfigElementaryStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"video-stream0\"),\n\t\t\t\t\t\tVideoStream: \u0026transcoder.JobConfigElementaryStreamVideoStreamArgs{\n\t\t\t\t\t\t\tH264: \u0026transcoder.JobConfigElementaryStreamVideoStreamH264Args{\n\t\t\t\t\t\t\t\tWidthPixels: pulumi.Int(640),\n\t\t\t\t\t\t\t\tHeightPixels: pulumi.Int(360),\n\t\t\t\t\t\t\t\tBitrateBps: pulumi.Int(550000),\n\t\t\t\t\t\t\t\tFrameRate: pulumi.Int(60),\n\t\t\t\t\t\t\t\tPixelFormat: pulumi.String(\"yuv420p\"),\n\t\t\t\t\t\t\t\tRateControlMode: pulumi.String(\"vbr\"),\n\t\t\t\t\t\t\t\tCrfLevel: pulumi.Int(21),\n\t\t\t\t\t\t\t\tGopDuration: pulumi.String(\"3s\"),\n\t\t\t\t\t\t\t\tVbvSizeBits: pulumi.Int(550000),\n\t\t\t\t\t\t\t\tVbvFullnessBits: pulumi.Int(495000),\n\t\t\t\t\t\t\t\tEntropyCoder: pulumi.String(\"cabac\"),\n\t\t\t\t\t\t\t\tProfile: pulumi.String(\"high\"),\n\t\t\t\t\t\t\t\tPreset: pulumi.String(\"veryfast\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigElementaryStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"video-stream1\"),\n\t\t\t\t\t\tVideoStream: \u0026transcoder.JobConfigElementaryStreamVideoStreamArgs{\n\t\t\t\t\t\t\tH264: \u0026transcoder.JobConfigElementaryStreamVideoStreamH264Args{\n\t\t\t\t\t\t\t\tWidthPixels: pulumi.Int(1280),\n\t\t\t\t\t\t\t\tHeightPixels: pulumi.Int(720),\n\t\t\t\t\t\t\t\tBitrateBps: pulumi.Int(550000),\n\t\t\t\t\t\t\t\tFrameRate: pulumi.Int(60),\n\t\t\t\t\t\t\t\tPixelFormat: pulumi.String(\"yuv420p\"),\n\t\t\t\t\t\t\t\tRateControlMode: pulumi.String(\"vbr\"),\n\t\t\t\t\t\t\t\tCrfLevel: pulumi.Int(21),\n\t\t\t\t\t\t\t\tGopDuration: pulumi.String(\"3s\"),\n\t\t\t\t\t\t\t\tVbvSizeBits: pulumi.Int(2500000),\n\t\t\t\t\t\t\t\tVbvFullnessBits: pulumi.Int(2250000),\n\t\t\t\t\t\t\t\tEntropyCoder: pulumi.String(\"cabac\"),\n\t\t\t\t\t\t\t\tProfile: pulumi.String(\"high\"),\n\t\t\t\t\t\t\t\tPreset: pulumi.String(\"veryfast\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigElementaryStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"audio-stream0\"),\n\t\t\t\t\t\tAudioStream: \u0026transcoder.JobConfigElementaryStreamAudioStreamArgs{\n\t\t\t\t\t\t\tCodec: pulumi.String(\"aac\"),\n\t\t\t\t\t\t\tBitrateBps: pulumi.Int(64000),\n\t\t\t\t\t\t\tChannelCount: pulumi.Int(2),\n\t\t\t\t\t\t\tChannelLayouts: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"fl\"),\n\t\t\t\t\t\t\t\tpulumi.String(\"fr\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tSampleRateHertz: pulumi.Int(48000),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tMuxStreams: transcoder.JobConfigMuxStreamArray{\n\t\t\t\t\t\u0026transcoder.JobConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sd\"),\n\t\t\t\t\t\tFileName: pulumi.String(\"sd.mp4\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"mp4\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"video-stream0\"),\n\t\t\t\t\t\t\tpulumi.String(\"audio-stream0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"hd\"),\n\t\t\t\t\t\tFileName: pulumi.String(\"hd.mp4\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"mp4\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"video-stream1\"),\n\t\t\t\t\t\t\tpulumi.String(\"audio-stream0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tPubsubDestination: \u0026transcoder.JobConfigPubsubDestinationArgs{\n\t\t\t\t\tTopic: transcoderNotifications.ID(),\n\t\t\t\t},\n\t\t\t\tOutput: \u0026transcoder.JobConfigOutputTypeArgs{\n\t\t\t\t\tUri: _default.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/outputs/\", name), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label\": pulumi.String(\"key\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.transcoder.Job;\nimport com.pulumi.gcp.transcoder.JobArgs;\nimport com.pulumi.gcp.transcoder.inputs.JobConfigArgs;\nimport com.pulumi.gcp.transcoder.inputs.JobConfigPubsubDestinationArgs;\nimport com.pulumi.gcp.transcoder.inputs.JobConfigOutputArgs;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Bucket(\"default\", BucketArgs.builder()\n .name(\"transcoder-job\")\n .location(\"US\")\n .forceDestroy(true)\n .uniformBucketLevelAccess(true)\n .publicAccessPrevention(\"enforced\")\n .build());\n\n var exampleMp4 = new BucketObject(\"exampleMp4\", BucketObjectArgs.builder()\n .name(\"example.mp4\")\n .source(new FileAsset(\"./test-fixtures/example.mp4\"))\n .bucket(default_.name())\n .build());\n\n var transcoderNotifications = new Topic(\"transcoderNotifications\", TopicArgs.builder()\n .name(\"transcoder-notifications\")\n .build());\n\n var defaultJob = new Job(\"defaultJob\", JobArgs.builder()\n .location(\"us-central1\")\n .config(JobConfigArgs.builder()\n .inputs(JobConfigInputArgs.builder()\n .key(\"input0\")\n .uri(Output.tuple(default_.name(), exampleMp4.name()).applyValue(values -\u003e {\n var defaultName = values.t1;\n var exampleMp4Name = values.t2;\n return String.format(\"gs://%s/%s\", defaultName,exampleMp4Name);\n }))\n .build())\n .editLists(JobConfigEditListArgs.builder()\n .key(\"atom0\")\n .inputs(\"input0\")\n .startTimeOffset(\"0s\")\n .build())\n .adBreaks(JobConfigAdBreakArgs.builder()\n .startTimeOffset(\"3.500s\")\n .build())\n .elementaryStreams( \n JobConfigElementaryStreamArgs.builder()\n .key(\"video-stream0\")\n .videoStream(JobConfigElementaryStreamVideoStreamArgs.builder()\n .h264(JobConfigElementaryStreamVideoStreamH264Args.builder()\n .widthPixels(640)\n .heightPixels(360)\n .bitrateBps(550000)\n .frameRate(60)\n .pixelFormat(\"yuv420p\")\n .rateControlMode(\"vbr\")\n .crfLevel(21)\n .gopDuration(\"3s\")\n .vbvSizeBits(550000)\n .vbvFullnessBits(495000)\n .entropyCoder(\"cabac\")\n .profile(\"high\")\n .preset(\"veryfast\")\n .build())\n .build())\n .build(),\n JobConfigElementaryStreamArgs.builder()\n .key(\"video-stream1\")\n .videoStream(JobConfigElementaryStreamVideoStreamArgs.builder()\n .h264(JobConfigElementaryStreamVideoStreamH264Args.builder()\n .widthPixels(1280)\n .heightPixels(720)\n .bitrateBps(550000)\n .frameRate(60)\n .pixelFormat(\"yuv420p\")\n .rateControlMode(\"vbr\")\n .crfLevel(21)\n .gopDuration(\"3s\")\n .vbvSizeBits(2500000)\n .vbvFullnessBits(2250000)\n .entropyCoder(\"cabac\")\n .profile(\"high\")\n .preset(\"veryfast\")\n .build())\n .build())\n .build(),\n JobConfigElementaryStreamArgs.builder()\n .key(\"audio-stream0\")\n .audioStream(JobConfigElementaryStreamAudioStreamArgs.builder()\n .codec(\"aac\")\n .bitrateBps(64000)\n .channelCount(2)\n .channelLayouts( \n \"fl\",\n \"fr\")\n .sampleRateHertz(48000)\n .build())\n .build())\n .muxStreams( \n JobConfigMuxStreamArgs.builder()\n .key(\"sd\")\n .fileName(\"sd.mp4\")\n .container(\"mp4\")\n .elementaryStreams( \n \"video-stream0\",\n \"audio-stream0\")\n .build(),\n JobConfigMuxStreamArgs.builder()\n .key(\"hd\")\n .fileName(\"hd.mp4\")\n .container(\"mp4\")\n .elementaryStreams( \n \"video-stream1\",\n \"audio-stream0\")\n .build())\n .pubsubDestination(JobConfigPubsubDestinationArgs.builder()\n .topic(transcoderNotifications.id())\n .build())\n .output(JobConfigOutputArgs.builder()\n .uri(default_.name().applyValue(name -\u003e String.format(\"gs://%s/outputs/\", name)))\n .build())\n .build())\n .labels(Map.of(\"label\", \"key\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:storage:Bucket\n properties:\n name: transcoder-job\n location: US\n forceDestroy: true\n uniformBucketLevelAccess: true\n publicAccessPrevention: enforced\n exampleMp4:\n type: gcp:storage:BucketObject\n name: example_mp4\n properties:\n name: example.mp4\n source:\n fn::FileAsset: ./test-fixtures/example.mp4\n bucket: ${default.name}\n transcoderNotifications:\n type: gcp:pubsub:Topic\n name: transcoder_notifications\n properties:\n name: transcoder-notifications\n defaultJob:\n type: gcp:transcoder:Job\n name: default\n properties:\n location: us-central1\n config:\n inputs:\n - key: input0\n uri: gs://${default.name}/${exampleMp4.name}\n editLists:\n - key: atom0\n inputs:\n - input0\n startTimeOffset: 0s\n adBreaks:\n - startTimeOffset: 3.500s\n elementaryStreams:\n - key: video-stream0\n videoStream:\n h264:\n widthPixels: 640\n heightPixels: 360\n bitrateBps: 550000\n frameRate: 60\n pixelFormat: yuv420p\n rateControlMode: vbr\n crfLevel: 21\n gopDuration: 3s\n vbvSizeBits: 550000\n vbvFullnessBits: 495000\n entropyCoder: cabac\n profile: high\n preset: veryfast\n - key: video-stream1\n videoStream:\n h264:\n widthPixels: 1280\n heightPixels: 720\n bitrateBps: 550000\n frameRate: 60\n pixelFormat: yuv420p\n rateControlMode: vbr\n crfLevel: 21\n gopDuration: 3s\n vbvSizeBits: 2.5e+06\n vbvFullnessBits: 2.25e+06\n entropyCoder: cabac\n profile: high\n preset: veryfast\n - key: audio-stream0\n audioStream:\n codec: aac\n bitrateBps: 64000\n channelCount: 2\n channelLayouts:\n - fl\n - fr\n sampleRateHertz: 48000\n muxStreams:\n - key: sd\n fileName: sd.mp4\n container: mp4\n elementaryStreams:\n - video-stream0\n - audio-stream0\n - key: hd\n fileName: hd.mp4\n container: mp4\n elementaryStreams:\n - video-stream1\n - audio-stream0\n pubsubDestination:\n topic: ${transcoderNotifications.id}\n output:\n uri: gs://${default.name}/outputs/\n labels:\n label: key\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Transcoder Job Encryptions\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.storage.Bucket(\"default\", {\n name: \"transcoder-job\",\n location: \"US\",\n forceDestroy: true,\n uniformBucketLevelAccess: true,\n publicAccessPrevention: \"enforced\",\n});\nconst exampleMp4 = new gcp.storage.BucketObject(\"example_mp4\", {\n name: \"example.mp4\",\n source: new pulumi.asset.FileAsset(\"./test-fixtures/example.mp4\"),\n bucket: _default.name,\n});\nconst encryptionKey = new gcp.secretmanager.Secret(\"encryption_key\", {\n secretId: \"transcoder-encryption-key\",\n replication: {\n auto: {},\n },\n});\nconst encryptionKeySecretVersion = new gcp.secretmanager.SecretVersion(\"encryption_key\", {\n secret: encryptionKey.name,\n secretData: \"4A67F2C1B8E93A4F6D3E7890A1BC23DF\",\n});\nconst project = gcp.organizations.getProject({});\n// this is required to allow the transcoder service identity to access the secret\nconst transcoder = new gcp.projects.ServiceIdentity(\"transcoder\", {\n project: project.then(project =\u003e project.projectId),\n service: \"transcoder.googleapis.com\",\n});\nconst transcoderEncryptionKeyAccessor = new gcp.secretmanager.SecretIamMember(\"transcoder_encryption_key_accessor\", {\n secretId: encryptionKey.secretId,\n project: encryptionKey.project,\n role: \"roles/secretmanager.secretAccessor\",\n member: pulumi.interpolate`serviceAccount:${transcoder.email}`,\n});\nconst defaultJob = new gcp.transcoder.Job(\"default\", {\n location: \"us-central1\",\n config: {\n inputs: [{\n key: \"input0\",\n uri: pulumi.interpolate`gs://${_default.name}/${exampleMp4.name}`,\n }],\n elementaryStreams: [\n {\n key: \"es_video\",\n videoStream: {\n h264: {\n profile: \"main\",\n heightPixels: 600,\n widthPixels: 800,\n bitrateBps: 1000000,\n frameRate: 60,\n },\n },\n },\n {\n key: \"es_audio\",\n audioStream: {\n codec: \"aac\",\n channelCount: 2,\n bitrateBps: 160000,\n },\n },\n ],\n encryptions: [\n {\n id: \"aes-128\",\n secretManagerKeySource: {\n secretVersion: encryptionKeySecretVersion.name,\n },\n drmSystems: {\n clearkey: {},\n },\n aes128: {},\n },\n {\n id: \"cenc\",\n secretManagerKeySource: {\n secretVersion: encryptionKeySecretVersion.name,\n },\n drmSystems: {\n widevine: {},\n },\n mpegCenc: {\n scheme: \"cenc\",\n },\n },\n {\n id: \"cbcs\",\n secretManagerKeySource: {\n secretVersion: encryptionKeySecretVersion.name,\n },\n drmSystems: {\n widevine: {},\n },\n mpegCenc: {\n scheme: \"cbcs\",\n },\n },\n ],\n muxStreams: [\n {\n key: \"ts_aes128\",\n container: \"ts\",\n elementaryStreams: [\n \"es_video\",\n \"es_audio\",\n ],\n segmentSettings: {\n segmentDuration: \"6s\",\n },\n encryptionId: \"aes-128\",\n },\n {\n key: \"fmp4_cenc_video\",\n container: \"fmp4\",\n elementaryStreams: [\"es_video\"],\n segmentSettings: {\n segmentDuration: \"6s\",\n },\n encryptionId: \"cenc\",\n },\n {\n key: \"fmp4_cenc_audio\",\n container: \"fmp4\",\n elementaryStreams: [\"es_audio\"],\n segmentSettings: {\n segmentDuration: \"6s\",\n },\n encryptionId: \"cenc\",\n },\n {\n key: \"fmp4_cbcs_video\",\n container: \"fmp4\",\n elementaryStreams: [\"es_video\"],\n segmentSettings: {\n segmentDuration: \"6s\",\n },\n encryptionId: \"cbcs\",\n },\n {\n key: \"fmp4_cbcs_audio\",\n container: \"fmp4\",\n elementaryStreams: [\"es_audio\"],\n segmentSettings: {\n segmentDuration: \"6s\",\n },\n encryptionId: \"cbcs\",\n },\n ],\n manifests: [\n {\n fileName: \"manifest_aes128.m3u8\",\n type: \"HLS\",\n muxStreams: [\"ts_aes128\"],\n },\n {\n fileName: \"manifest_cenc.mpd\",\n type: \"DASH\",\n muxStreams: [\n \"fmp4_cenc_video\",\n \"fmp4_cenc_audio\",\n ],\n },\n {\n fileName: \"manifest_cbcs.mpd\",\n type: \"DASH\",\n muxStreams: [\n \"fmp4_cbcs_video\",\n \"fmp4_cbcs_audio\",\n ],\n },\n ],\n output: {\n uri: pulumi.interpolate`gs://${_default.name}/outputs/`,\n },\n },\n labels: {\n label: \"key\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.storage.Bucket(\"default\",\n name=\"transcoder-job\",\n location=\"US\",\n force_destroy=True,\n uniform_bucket_level_access=True,\n public_access_prevention=\"enforced\")\nexample_mp4 = gcp.storage.BucketObject(\"example_mp4\",\n name=\"example.mp4\",\n source=pulumi.FileAsset(\"./test-fixtures/example.mp4\"),\n bucket=default.name)\nencryption_key = gcp.secretmanager.Secret(\"encryption_key\",\n secret_id=\"transcoder-encryption-key\",\n replication={\n \"auto\": {},\n })\nencryption_key_secret_version = gcp.secretmanager.SecretVersion(\"encryption_key\",\n secret=encryption_key.name,\n secret_data=\"4A67F2C1B8E93A4F6D3E7890A1BC23DF\")\nproject = gcp.organizations.get_project()\n# this is required to allow the transcoder service identity to access the secret\ntranscoder = gcp.projects.ServiceIdentity(\"transcoder\",\n project=project.project_id,\n service=\"transcoder.googleapis.com\")\ntranscoder_encryption_key_accessor = gcp.secretmanager.SecretIamMember(\"transcoder_encryption_key_accessor\",\n secret_id=encryption_key.secret_id,\n project=encryption_key.project,\n role=\"roles/secretmanager.secretAccessor\",\n member=transcoder.email.apply(lambda email: f\"serviceAccount:{email}\"))\ndefault_job = gcp.transcoder.Job(\"default\",\n location=\"us-central1\",\n config={\n \"inputs\": [{\n \"key\": \"input0\",\n \"uri\": pulumi.Output.all(\n defaultName=default.name,\n exampleMp4Name=example_mp4.name\n).apply(lambda resolved_outputs: f\"gs://{resolved_outputs['defaultName']}/{resolved_outputs['exampleMp4Name']}\")\n,\n }],\n \"elementary_streams\": [\n {\n \"key\": \"es_video\",\n \"video_stream\": {\n \"h264\": {\n \"profile\": \"main\",\n \"height_pixels\": 600,\n \"width_pixels\": 800,\n \"bitrate_bps\": 1000000,\n \"frame_rate\": 60,\n },\n },\n },\n {\n \"key\": \"es_audio\",\n \"audio_stream\": {\n \"codec\": \"aac\",\n \"channel_count\": 2,\n \"bitrate_bps\": 160000,\n },\n },\n ],\n \"encryptions\": [\n {\n \"id\": \"aes-128\",\n \"secret_manager_key_source\": {\n \"secret_version\": encryption_key_secret_version.name,\n },\n \"drm_systems\": {\n \"clearkey\": {},\n },\n \"aes128\": {},\n },\n {\n \"id\": \"cenc\",\n \"secret_manager_key_source\": {\n \"secret_version\": encryption_key_secret_version.name,\n },\n \"drm_systems\": {\n \"widevine\": {},\n },\n \"mpeg_cenc\": {\n \"scheme\": \"cenc\",\n },\n },\n {\n \"id\": \"cbcs\",\n \"secret_manager_key_source\": {\n \"secret_version\": encryption_key_secret_version.name,\n },\n \"drm_systems\": {\n \"widevine\": {},\n },\n \"mpeg_cenc\": {\n \"scheme\": \"cbcs\",\n },\n },\n ],\n \"mux_streams\": [\n {\n \"key\": \"ts_aes128\",\n \"container\": \"ts\",\n \"elementary_streams\": [\n \"es_video\",\n \"es_audio\",\n ],\n \"segment_settings\": {\n \"segment_duration\": \"6s\",\n },\n \"encryption_id\": \"aes-128\",\n },\n {\n \"key\": \"fmp4_cenc_video\",\n \"container\": \"fmp4\",\n \"elementary_streams\": [\"es_video\"],\n \"segment_settings\": {\n \"segment_duration\": \"6s\",\n },\n \"encryption_id\": \"cenc\",\n },\n {\n \"key\": \"fmp4_cenc_audio\",\n \"container\": \"fmp4\",\n \"elementary_streams\": [\"es_audio\"],\n \"segment_settings\": {\n \"segment_duration\": \"6s\",\n },\n \"encryption_id\": \"cenc\",\n },\n {\n \"key\": \"fmp4_cbcs_video\",\n \"container\": \"fmp4\",\n \"elementary_streams\": [\"es_video\"],\n \"segment_settings\": {\n \"segment_duration\": \"6s\",\n },\n \"encryption_id\": \"cbcs\",\n },\n {\n \"key\": \"fmp4_cbcs_audio\",\n \"container\": \"fmp4\",\n \"elementary_streams\": [\"es_audio\"],\n \"segment_settings\": {\n \"segment_duration\": \"6s\",\n },\n \"encryption_id\": \"cbcs\",\n },\n ],\n \"manifests\": [\n {\n \"file_name\": \"manifest_aes128.m3u8\",\n \"type\": \"HLS\",\n \"mux_streams\": [\"ts_aes128\"],\n },\n {\n \"file_name\": \"manifest_cenc.mpd\",\n \"type\": \"DASH\",\n \"mux_streams\": [\n \"fmp4_cenc_video\",\n \"fmp4_cenc_audio\",\n ],\n },\n {\n \"file_name\": \"manifest_cbcs.mpd\",\n \"type\": \"DASH\",\n \"mux_streams\": [\n \"fmp4_cbcs_video\",\n \"fmp4_cbcs_audio\",\n ],\n },\n ],\n \"output\": {\n \"uri\": default.name.apply(lambda name: f\"gs://{name}/outputs/\"),\n },\n },\n labels={\n \"label\": \"key\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Storage.Bucket(\"default\", new()\n {\n Name = \"transcoder-job\",\n Location = \"US\",\n ForceDestroy = true,\n UniformBucketLevelAccess = true,\n PublicAccessPrevention = \"enforced\",\n });\n\n var exampleMp4 = new Gcp.Storage.BucketObject(\"example_mp4\", new()\n {\n Name = \"example.mp4\",\n Source = new FileAsset(\"./test-fixtures/example.mp4\"),\n Bucket = @default.Name,\n });\n\n var encryptionKey = new Gcp.SecretManager.Secret(\"encryption_key\", new()\n {\n SecretId = \"transcoder-encryption-key\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var encryptionKeySecretVersion = new Gcp.SecretManager.SecretVersion(\"encryption_key\", new()\n {\n Secret = encryptionKey.Name,\n SecretData = \"4A67F2C1B8E93A4F6D3E7890A1BC23DF\",\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n // this is required to allow the transcoder service identity to access the secret\n var transcoder = new Gcp.Projects.ServiceIdentity(\"transcoder\", new()\n {\n Project = project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n Service = \"transcoder.googleapis.com\",\n });\n\n var transcoderEncryptionKeyAccessor = new Gcp.SecretManager.SecretIamMember(\"transcoder_encryption_key_accessor\", new()\n {\n SecretId = encryptionKey.SecretId,\n Project = encryptionKey.Project,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = transcoder.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n var defaultJob = new Gcp.Transcoder.Job(\"default\", new()\n {\n Location = \"us-central1\",\n Config = new Gcp.Transcoder.Inputs.JobConfigArgs\n {\n Inputs = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigInputArgs\n {\n Key = \"input0\",\n Uri = Output.Tuple(@default.Name, exampleMp4.Name).Apply(values =\u003e\n {\n var defaultName = values.Item1;\n var exampleMp4Name = values.Item2;\n return $\"gs://{defaultName}/{exampleMp4Name}\";\n }),\n },\n },\n ElementaryStreams = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigElementaryStreamArgs\n {\n Key = \"es_video\",\n VideoStream = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamVideoStreamArgs\n {\n H264 = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamVideoStreamH264Args\n {\n Profile = \"main\",\n HeightPixels = 600,\n WidthPixels = 800,\n BitrateBps = 1000000,\n FrameRate = 60,\n },\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigElementaryStreamArgs\n {\n Key = \"es_audio\",\n AudioStream = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamAudioStreamArgs\n {\n Codec = \"aac\",\n ChannelCount = 2,\n BitrateBps = 160000,\n },\n },\n },\n Encryptions = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigEncryptionArgs\n {\n Id = \"aes-128\",\n SecretManagerKeySource = new Gcp.Transcoder.Inputs.JobConfigEncryptionSecretManagerKeySourceArgs\n {\n SecretVersion = encryptionKeySecretVersion.Name,\n },\n DrmSystems = new Gcp.Transcoder.Inputs.JobConfigEncryptionDrmSystemsArgs\n {\n Clearkey = null,\n },\n Aes128 = null,\n },\n new Gcp.Transcoder.Inputs.JobConfigEncryptionArgs\n {\n Id = \"cenc\",\n SecretManagerKeySource = new Gcp.Transcoder.Inputs.JobConfigEncryptionSecretManagerKeySourceArgs\n {\n SecretVersion = encryptionKeySecretVersion.Name,\n },\n DrmSystems = new Gcp.Transcoder.Inputs.JobConfigEncryptionDrmSystemsArgs\n {\n Widevine = null,\n },\n MpegCenc = new Gcp.Transcoder.Inputs.JobConfigEncryptionMpegCencArgs\n {\n Scheme = \"cenc\",\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigEncryptionArgs\n {\n Id = \"cbcs\",\n SecretManagerKeySource = new Gcp.Transcoder.Inputs.JobConfigEncryptionSecretManagerKeySourceArgs\n {\n SecretVersion = encryptionKeySecretVersion.Name,\n },\n DrmSystems = new Gcp.Transcoder.Inputs.JobConfigEncryptionDrmSystemsArgs\n {\n Widevine = null,\n },\n MpegCenc = new Gcp.Transcoder.Inputs.JobConfigEncryptionMpegCencArgs\n {\n Scheme = \"cbcs\",\n },\n },\n },\n MuxStreams = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigMuxStreamArgs\n {\n Key = \"ts_aes128\",\n Container = \"ts\",\n ElementaryStreams = new[]\n {\n \"es_video\",\n \"es_audio\",\n },\n SegmentSettings = new Gcp.Transcoder.Inputs.JobConfigMuxStreamSegmentSettingsArgs\n {\n SegmentDuration = \"6s\",\n },\n EncryptionId = \"aes-128\",\n },\n new Gcp.Transcoder.Inputs.JobConfigMuxStreamArgs\n {\n Key = \"fmp4_cenc_video\",\n Container = \"fmp4\",\n ElementaryStreams = new[]\n {\n \"es_video\",\n },\n SegmentSettings = new Gcp.Transcoder.Inputs.JobConfigMuxStreamSegmentSettingsArgs\n {\n SegmentDuration = \"6s\",\n },\n EncryptionId = \"cenc\",\n },\n new Gcp.Transcoder.Inputs.JobConfigMuxStreamArgs\n {\n Key = \"fmp4_cenc_audio\",\n Container = \"fmp4\",\n ElementaryStreams = new[]\n {\n \"es_audio\",\n },\n SegmentSettings = new Gcp.Transcoder.Inputs.JobConfigMuxStreamSegmentSettingsArgs\n {\n SegmentDuration = \"6s\",\n },\n EncryptionId = \"cenc\",\n },\n new Gcp.Transcoder.Inputs.JobConfigMuxStreamArgs\n {\n Key = \"fmp4_cbcs_video\",\n Container = \"fmp4\",\n ElementaryStreams = new[]\n {\n \"es_video\",\n },\n SegmentSettings = new Gcp.Transcoder.Inputs.JobConfigMuxStreamSegmentSettingsArgs\n {\n SegmentDuration = \"6s\",\n },\n EncryptionId = \"cbcs\",\n },\n new Gcp.Transcoder.Inputs.JobConfigMuxStreamArgs\n {\n Key = \"fmp4_cbcs_audio\",\n Container = \"fmp4\",\n ElementaryStreams = new[]\n {\n \"es_audio\",\n },\n SegmentSettings = new Gcp.Transcoder.Inputs.JobConfigMuxStreamSegmentSettingsArgs\n {\n SegmentDuration = \"6s\",\n },\n EncryptionId = \"cbcs\",\n },\n },\n Manifests = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigManifestArgs\n {\n FileName = \"manifest_aes128.m3u8\",\n Type = \"HLS\",\n MuxStreams = new[]\n {\n \"ts_aes128\",\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigManifestArgs\n {\n FileName = \"manifest_cenc.mpd\",\n Type = \"DASH\",\n MuxStreams = new[]\n {\n \"fmp4_cenc_video\",\n \"fmp4_cenc_audio\",\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigManifestArgs\n {\n FileName = \"manifest_cbcs.mpd\",\n Type = \"DASH\",\n MuxStreams = new[]\n {\n \"fmp4_cbcs_video\",\n \"fmp4_cbcs_audio\",\n },\n },\n },\n Output = new Gcp.Transcoder.Inputs.JobConfigOutputArgs\n {\n Uri = @default.Name.Apply(name =\u003e $\"gs://{name}/outputs/\"),\n },\n },\n Labels = \n {\n { \"label\", \"key\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/transcoder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucket(ctx, \"default\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"transcoder-job\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t\tPublicAccessPrevention: pulumi.String(\"enforced\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleMp4, err := storage.NewBucketObject(ctx, \"example_mp4\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"example.mp4\"),\n\t\t\tSource: pulumi.NewFileAsset(\"./test-fixtures/example.mp4\"),\n\t\t\tBucket: _default.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tencryptionKey, err := secretmanager.NewSecret(ctx, \"encryption_key\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"transcoder-encryption-key\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tencryptionKeySecretVersion, err := secretmanager.NewSecretVersion(ctx, \"encryption_key\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: encryptionKey.Name,\n\t\t\tSecretData: pulumi.String(\"4A67F2C1B8E93A4F6D3E7890A1BC23DF\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// this is required to allow the transcoder service identity to access the secret\n\t\ttranscoder, err := projects.NewServiceIdentity(ctx, \"transcoder\", \u0026projects.ServiceIdentityArgs{\n\t\t\tProject: pulumi.String(project.ProjectId),\n\t\t\tService: pulumi.String(\"transcoder.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamMember(ctx, \"transcoder_encryption_key_accessor\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tSecretId: encryptionKey.SecretId,\n\t\t\tProject: encryptionKey.Project,\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: transcoder.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = transcoder.NewJob(ctx, \"default\", \u0026transcoder.JobArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConfig: \u0026transcoder.JobConfigArgs{\n\t\t\t\tInputs: transcoder.JobConfigInputTypeArray{\n\t\t\t\t\t\u0026transcoder.JobConfigInputTypeArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"input0\"),\n\t\t\t\t\t\tUri: pulumi.All(_default.Name, exampleMp4.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\t\tdefaultName := _args[0].(string)\n\t\t\t\t\t\t\texampleMp4Name := _args[1].(string)\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/%v\", defaultName, exampleMp4Name), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tElementaryStreams: transcoder.JobConfigElementaryStreamArray{\n\t\t\t\t\t\u0026transcoder.JobConfigElementaryStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"es_video\"),\n\t\t\t\t\t\tVideoStream: \u0026transcoder.JobConfigElementaryStreamVideoStreamArgs{\n\t\t\t\t\t\t\tH264: \u0026transcoder.JobConfigElementaryStreamVideoStreamH264Args{\n\t\t\t\t\t\t\t\tProfile: pulumi.String(\"main\"),\n\t\t\t\t\t\t\t\tHeightPixels: pulumi.Int(600),\n\t\t\t\t\t\t\t\tWidthPixels: pulumi.Int(800),\n\t\t\t\t\t\t\t\tBitrateBps: pulumi.Int(1000000),\n\t\t\t\t\t\t\t\tFrameRate: pulumi.Int(60),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigElementaryStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"es_audio\"),\n\t\t\t\t\t\tAudioStream: \u0026transcoder.JobConfigElementaryStreamAudioStreamArgs{\n\t\t\t\t\t\t\tCodec: pulumi.String(\"aac\"),\n\t\t\t\t\t\t\tChannelCount: pulumi.Int(2),\n\t\t\t\t\t\t\tBitrateBps: pulumi.Int(160000),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tEncryptions: transcoder.JobConfigEncryptionArray{\n\t\t\t\t\t\u0026transcoder.JobConfigEncryptionArgs{\n\t\t\t\t\t\tId: pulumi.String(\"aes-128\"),\n\t\t\t\t\t\tSecretManagerKeySource: \u0026transcoder.JobConfigEncryptionSecretManagerKeySourceArgs{\n\t\t\t\t\t\t\tSecretVersion: encryptionKeySecretVersion.Name,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDrmSystems: \u0026transcoder.JobConfigEncryptionDrmSystemsArgs{\n\t\t\t\t\t\t\tClearkey: \u0026transcoder.JobConfigEncryptionDrmSystemsClearkeyArgs{},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tAes128: \u0026transcoder.JobConfigEncryptionAes128Args{},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigEncryptionArgs{\n\t\t\t\t\t\tId: pulumi.String(\"cenc\"),\n\t\t\t\t\t\tSecretManagerKeySource: \u0026transcoder.JobConfigEncryptionSecretManagerKeySourceArgs{\n\t\t\t\t\t\t\tSecretVersion: encryptionKeySecretVersion.Name,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDrmSystems: \u0026transcoder.JobConfigEncryptionDrmSystemsArgs{\n\t\t\t\t\t\t\tWidevine: \u0026transcoder.JobConfigEncryptionDrmSystemsWidevineArgs{},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tMpegCenc: \u0026transcoder.JobConfigEncryptionMpegCencArgs{\n\t\t\t\t\t\t\tScheme: pulumi.String(\"cenc\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigEncryptionArgs{\n\t\t\t\t\t\tId: pulumi.String(\"cbcs\"),\n\t\t\t\t\t\tSecretManagerKeySource: \u0026transcoder.JobConfigEncryptionSecretManagerKeySourceArgs{\n\t\t\t\t\t\t\tSecretVersion: encryptionKeySecretVersion.Name,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDrmSystems: \u0026transcoder.JobConfigEncryptionDrmSystemsArgs{\n\t\t\t\t\t\t\tWidevine: \u0026transcoder.JobConfigEncryptionDrmSystemsWidevineArgs{},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tMpegCenc: \u0026transcoder.JobConfigEncryptionMpegCencArgs{\n\t\t\t\t\t\t\tScheme: pulumi.String(\"cbcs\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tMuxStreams: transcoder.JobConfigMuxStreamArray{\n\t\t\t\t\t\u0026transcoder.JobConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"ts_aes128\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"ts\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"es_video\"),\n\t\t\t\t\t\t\tpulumi.String(\"es_audio\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSegmentSettings: \u0026transcoder.JobConfigMuxStreamSegmentSettingsArgs{\n\t\t\t\t\t\t\tSegmentDuration: pulumi.String(\"6s\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tEncryptionId: pulumi.String(\"aes-128\"),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"fmp4_cenc_video\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"fmp4\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"es_video\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSegmentSettings: \u0026transcoder.JobConfigMuxStreamSegmentSettingsArgs{\n\t\t\t\t\t\t\tSegmentDuration: pulumi.String(\"6s\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tEncryptionId: pulumi.String(\"cenc\"),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"fmp4_cenc_audio\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"fmp4\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"es_audio\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSegmentSettings: \u0026transcoder.JobConfigMuxStreamSegmentSettingsArgs{\n\t\t\t\t\t\t\tSegmentDuration: pulumi.String(\"6s\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tEncryptionId: pulumi.String(\"cenc\"),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"fmp4_cbcs_video\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"fmp4\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"es_video\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSegmentSettings: \u0026transcoder.JobConfigMuxStreamSegmentSettingsArgs{\n\t\t\t\t\t\t\tSegmentDuration: pulumi.String(\"6s\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tEncryptionId: pulumi.String(\"cbcs\"),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"fmp4_cbcs_audio\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"fmp4\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"es_audio\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tSegmentSettings: \u0026transcoder.JobConfigMuxStreamSegmentSettingsArgs{\n\t\t\t\t\t\t\tSegmentDuration: pulumi.String(\"6s\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tEncryptionId: pulumi.String(\"cbcs\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tManifests: transcoder.JobConfigManifestArray{\n\t\t\t\t\t\u0026transcoder.JobConfigManifestArgs{\n\t\t\t\t\t\tFileName: pulumi.String(\"manifest_aes128.m3u8\"),\n\t\t\t\t\t\tType: pulumi.String(\"HLS\"),\n\t\t\t\t\t\tMuxStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"ts_aes128\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigManifestArgs{\n\t\t\t\t\t\tFileName: pulumi.String(\"manifest_cenc.mpd\"),\n\t\t\t\t\t\tType: pulumi.String(\"DASH\"),\n\t\t\t\t\t\tMuxStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"fmp4_cenc_video\"),\n\t\t\t\t\t\t\tpulumi.String(\"fmp4_cenc_audio\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigManifestArgs{\n\t\t\t\t\t\tFileName: pulumi.String(\"manifest_cbcs.mpd\"),\n\t\t\t\t\t\tType: pulumi.String(\"DASH\"),\n\t\t\t\t\t\tMuxStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"fmp4_cbcs_video\"),\n\t\t\t\t\t\t\tpulumi.String(\"fmp4_cbcs_audio\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tOutput: \u0026transcoder.JobConfigOutputTypeArgs{\n\t\t\t\t\tUri: _default.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/outputs/\", name), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label\": pulumi.String(\"key\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.projects.ServiceIdentity;\nimport com.pulumi.gcp.projects.ServiceIdentityArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.transcoder.Job;\nimport com.pulumi.gcp.transcoder.JobArgs;\nimport com.pulumi.gcp.transcoder.inputs.JobConfigArgs;\nimport com.pulumi.gcp.transcoder.inputs.JobConfigOutputArgs;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Bucket(\"default\", BucketArgs.builder()\n .name(\"transcoder-job\")\n .location(\"US\")\n .forceDestroy(true)\n .uniformBucketLevelAccess(true)\n .publicAccessPrevention(\"enforced\")\n .build());\n\n var exampleMp4 = new BucketObject(\"exampleMp4\", BucketObjectArgs.builder()\n .name(\"example.mp4\")\n .source(new FileAsset(\"./test-fixtures/example.mp4\"))\n .bucket(default_.name())\n .build());\n\n var encryptionKey = new Secret(\"encryptionKey\", SecretArgs.builder()\n .secretId(\"transcoder-encryption-key\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var encryptionKeySecretVersion = new SecretVersion(\"encryptionKeySecretVersion\", SecretVersionArgs.builder()\n .secret(encryptionKey.name())\n .secretData(\"4A67F2C1B8E93A4F6D3E7890A1BC23DF\")\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n // this is required to allow the transcoder service identity to access the secret\n var transcoder = new ServiceIdentity(\"transcoder\", ServiceIdentityArgs.builder()\n .project(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .service(\"transcoder.googleapis.com\")\n .build());\n\n var transcoderEncryptionKeyAccessor = new SecretIamMember(\"transcoderEncryptionKeyAccessor\", SecretIamMemberArgs.builder()\n .secretId(encryptionKey.secretId())\n .project(encryptionKey.project())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(transcoder.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n var defaultJob = new Job(\"defaultJob\", JobArgs.builder()\n .location(\"us-central1\")\n .config(JobConfigArgs.builder()\n .inputs(JobConfigInputArgs.builder()\n .key(\"input0\")\n .uri(Output.tuple(default_.name(), exampleMp4.name()).applyValue(values -\u003e {\n var defaultName = values.t1;\n var exampleMp4Name = values.t2;\n return String.format(\"gs://%s/%s\", defaultName,exampleMp4Name);\n }))\n .build())\n .elementaryStreams( \n JobConfigElementaryStreamArgs.builder()\n .key(\"es_video\")\n .videoStream(JobConfigElementaryStreamVideoStreamArgs.builder()\n .h264(JobConfigElementaryStreamVideoStreamH264Args.builder()\n .profile(\"main\")\n .heightPixels(600)\n .widthPixels(800)\n .bitrateBps(1000000)\n .frameRate(60)\n .build())\n .build())\n .build(),\n JobConfigElementaryStreamArgs.builder()\n .key(\"es_audio\")\n .audioStream(JobConfigElementaryStreamAudioStreamArgs.builder()\n .codec(\"aac\")\n .channelCount(2)\n .bitrateBps(160000)\n .build())\n .build())\n .encryptions( \n JobConfigEncryptionArgs.builder()\n .id(\"aes-128\")\n .secretManagerKeySource(JobConfigEncryptionSecretManagerKeySourceArgs.builder()\n .secretVersion(encryptionKeySecretVersion.name())\n .build())\n .drmSystems(JobConfigEncryptionDrmSystemsArgs.builder()\n .clearkey()\n .build())\n .aes128()\n .build(),\n JobConfigEncryptionArgs.builder()\n .id(\"cenc\")\n .secretManagerKeySource(JobConfigEncryptionSecretManagerKeySourceArgs.builder()\n .secretVersion(encryptionKeySecretVersion.name())\n .build())\n .drmSystems(JobConfigEncryptionDrmSystemsArgs.builder()\n .widevine()\n .build())\n .mpegCenc(JobConfigEncryptionMpegCencArgs.builder()\n .scheme(\"cenc\")\n .build())\n .build(),\n JobConfigEncryptionArgs.builder()\n .id(\"cbcs\")\n .secretManagerKeySource(JobConfigEncryptionSecretManagerKeySourceArgs.builder()\n .secretVersion(encryptionKeySecretVersion.name())\n .build())\n .drmSystems(JobConfigEncryptionDrmSystemsArgs.builder()\n .widevine()\n .build())\n .mpegCenc(JobConfigEncryptionMpegCencArgs.builder()\n .scheme(\"cbcs\")\n .build())\n .build())\n .muxStreams( \n JobConfigMuxStreamArgs.builder()\n .key(\"ts_aes128\")\n .container(\"ts\")\n .elementaryStreams( \n \"es_video\",\n \"es_audio\")\n .segmentSettings(JobConfigMuxStreamSegmentSettingsArgs.builder()\n .segmentDuration(\"6s\")\n .build())\n .encryptionId(\"aes-128\")\n .build(),\n JobConfigMuxStreamArgs.builder()\n .key(\"fmp4_cenc_video\")\n .container(\"fmp4\")\n .elementaryStreams(\"es_video\")\n .segmentSettings(JobConfigMuxStreamSegmentSettingsArgs.builder()\n .segmentDuration(\"6s\")\n .build())\n .encryptionId(\"cenc\")\n .build(),\n JobConfigMuxStreamArgs.builder()\n .key(\"fmp4_cenc_audio\")\n .container(\"fmp4\")\n .elementaryStreams(\"es_audio\")\n .segmentSettings(JobConfigMuxStreamSegmentSettingsArgs.builder()\n .segmentDuration(\"6s\")\n .build())\n .encryptionId(\"cenc\")\n .build(),\n JobConfigMuxStreamArgs.builder()\n .key(\"fmp4_cbcs_video\")\n .container(\"fmp4\")\n .elementaryStreams(\"es_video\")\n .segmentSettings(JobConfigMuxStreamSegmentSettingsArgs.builder()\n .segmentDuration(\"6s\")\n .build())\n .encryptionId(\"cbcs\")\n .build(),\n JobConfigMuxStreamArgs.builder()\n .key(\"fmp4_cbcs_audio\")\n .container(\"fmp4\")\n .elementaryStreams(\"es_audio\")\n .segmentSettings(JobConfigMuxStreamSegmentSettingsArgs.builder()\n .segmentDuration(\"6s\")\n .build())\n .encryptionId(\"cbcs\")\n .build())\n .manifests( \n JobConfigManifestArgs.builder()\n .fileName(\"manifest_aes128.m3u8\")\n .type(\"HLS\")\n .muxStreams(\"ts_aes128\")\n .build(),\n JobConfigManifestArgs.builder()\n .fileName(\"manifest_cenc.mpd\")\n .type(\"DASH\")\n .muxStreams( \n \"fmp4_cenc_video\",\n \"fmp4_cenc_audio\")\n .build(),\n JobConfigManifestArgs.builder()\n .fileName(\"manifest_cbcs.mpd\")\n .type(\"DASH\")\n .muxStreams( \n \"fmp4_cbcs_video\",\n \"fmp4_cbcs_audio\")\n .build())\n .output(JobConfigOutputArgs.builder()\n .uri(default_.name().applyValue(name -\u003e String.format(\"gs://%s/outputs/\", name)))\n .build())\n .build())\n .labels(Map.of(\"label\", \"key\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:storage:Bucket\n properties:\n name: transcoder-job\n location: US\n forceDestroy: true\n uniformBucketLevelAccess: true\n publicAccessPrevention: enforced\n exampleMp4:\n type: gcp:storage:BucketObject\n name: example_mp4\n properties:\n name: example.mp4\n source:\n fn::FileAsset: ./test-fixtures/example.mp4\n bucket: ${default.name}\n encryptionKey:\n type: gcp:secretmanager:Secret\n name: encryption_key\n properties:\n secretId: transcoder-encryption-key\n replication:\n auto: {}\n encryptionKeySecretVersion:\n type: gcp:secretmanager:SecretVersion\n name: encryption_key\n properties:\n secret: ${encryptionKey.name}\n secretData: 4A67F2C1B8E93A4F6D3E7890A1BC23DF\n # this is required to allow the transcoder service identity to access the secret\n transcoder:\n type: gcp:projects:ServiceIdentity\n properties:\n project: ${project.projectId}\n service: transcoder.googleapis.com\n transcoderEncryptionKeyAccessor:\n type: gcp:secretmanager:SecretIamMember\n name: transcoder_encryption_key_accessor\n properties:\n secretId: ${encryptionKey.secretId}\n project: ${encryptionKey.project}\n role: roles/secretmanager.secretAccessor\n member: serviceAccount:${transcoder.email}\n defaultJob:\n type: gcp:transcoder:Job\n name: default\n properties:\n location: us-central1\n config:\n inputs:\n - key: input0\n uri: gs://${default.name}/${exampleMp4.name}\n elementaryStreams:\n - key: es_video\n videoStream:\n h264:\n profile: main\n heightPixels: 600\n widthPixels: 800\n bitrateBps: 1e+06\n frameRate: 60\n - key: es_audio\n audioStream:\n codec: aac\n channelCount: 2\n bitrateBps: 160000\n encryptions:\n - id: aes-128\n secretManagerKeySource:\n secretVersion: ${encryptionKeySecretVersion.name}\n drmSystems:\n clearkey: {}\n aes128: {}\n - id: cenc\n secretManagerKeySource:\n secretVersion: ${encryptionKeySecretVersion.name}\n drmSystems:\n widevine: {}\n mpegCenc:\n scheme: cenc\n - id: cbcs\n secretManagerKeySource:\n secretVersion: ${encryptionKeySecretVersion.name}\n drmSystems:\n widevine: {}\n mpegCenc:\n scheme: cbcs\n muxStreams:\n - key: ts_aes128\n container: ts\n elementaryStreams:\n - es_video\n - es_audio\n segmentSettings:\n segmentDuration: 6s\n encryptionId: aes-128\n - key: fmp4_cenc_video\n container: fmp4\n elementaryStreams:\n - es_video\n segmentSettings:\n segmentDuration: 6s\n encryptionId: cenc\n - key: fmp4_cenc_audio\n container: fmp4\n elementaryStreams:\n - es_audio\n segmentSettings:\n segmentDuration: 6s\n encryptionId: cenc\n - key: fmp4_cbcs_video\n container: fmp4\n elementaryStreams:\n - es_video\n segmentSettings:\n segmentDuration: 6s\n encryptionId: cbcs\n - key: fmp4_cbcs_audio\n container: fmp4\n elementaryStreams:\n - es_audio\n segmentSettings:\n segmentDuration: 6s\n encryptionId: cbcs\n manifests:\n - fileName: manifest_aes128.m3u8\n type: HLS\n muxStreams:\n - ts_aes128\n - fileName: manifest_cenc.mpd\n type: DASH\n muxStreams:\n - fmp4_cenc_video\n - fmp4_cenc_audio\n - fileName: manifest_cbcs.mpd\n type: DASH\n muxStreams:\n - fmp4_cbcs_video\n - fmp4_cbcs_audio\n output:\n uri: gs://${default.name}/outputs/\n labels:\n label: key\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Transcoder Job Overlays\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.storage.Bucket(\"default\", {\n name: \"transcoder-job\",\n location: \"US\",\n forceDestroy: true,\n uniformBucketLevelAccess: true,\n publicAccessPrevention: \"enforced\",\n});\nconst exampleMp4 = new gcp.storage.BucketObject(\"example_mp4\", {\n name: \"example.mp4\",\n source: new pulumi.asset.FileAsset(\"./test-fixtures/example.mp4\"),\n bucket: _default.name,\n});\nconst overlayPng = new gcp.storage.BucketObject(\"overlay_png\", {\n name: \"overlay.png\",\n source: new pulumi.asset.FileAsset(\"./test-fixtures/overlay.png\"),\n bucket: _default.name,\n});\nconst defaultJob = new gcp.transcoder.Job(\"default\", {\n location: \"us-central1\",\n config: {\n inputs: [{\n key: \"input0\",\n uri: pulumi.interpolate`gs://${_default.name}/${exampleMp4.name}`,\n }],\n editLists: [{\n key: \"atom0\",\n inputs: [\"input0\"],\n startTimeOffset: \"0s\",\n }],\n adBreaks: [{\n startTimeOffset: \"3.500s\",\n }],\n overlays: [{\n animations: [{\n animationFade: {\n fadeType: \"FADE_IN\",\n startTimeOffset: \"1.500s\",\n endTimeOffset: \"3.500s\",\n xy: {\n x: 1,\n y: 0.5,\n },\n },\n }],\n image: {\n uri: pulumi.interpolate`gs://${_default.name}/${overlayPng.name}`,\n },\n }],\n elementaryStreams: [\n {\n key: \"video-stream0\",\n videoStream: {\n h264: {\n widthPixels: 640,\n heightPixels: 360,\n bitrateBps: 550000,\n frameRate: 60,\n pixelFormat: \"yuv420p\",\n rateControlMode: \"vbr\",\n crfLevel: 21,\n gopDuration: \"3s\",\n vbvSizeBits: 550000,\n vbvFullnessBits: 495000,\n entropyCoder: \"cabac\",\n profile: \"high\",\n preset: \"veryfast\",\n },\n },\n },\n {\n key: \"video-stream1\",\n videoStream: {\n h264: {\n widthPixels: 1280,\n heightPixels: 720,\n bitrateBps: 550000,\n frameRate: 60,\n pixelFormat: \"yuv420p\",\n rateControlMode: \"vbr\",\n crfLevel: 21,\n gopDuration: \"3s\",\n vbvSizeBits: 2500000,\n vbvFullnessBits: 2250000,\n entropyCoder: \"cabac\",\n profile: \"high\",\n preset: \"veryfast\",\n },\n },\n },\n {\n key: \"audio-stream0\",\n audioStream: {\n codec: \"aac\",\n bitrateBps: 64000,\n channelCount: 2,\n channelLayouts: [\n \"fl\",\n \"fr\",\n ],\n sampleRateHertz: 48000,\n },\n },\n ],\n muxStreams: [\n {\n key: \"sd\",\n fileName: \"sd.mp4\",\n container: \"mp4\",\n elementaryStreams: [\n \"video-stream0\",\n \"audio-stream0\",\n ],\n },\n {\n key: \"hd\",\n fileName: \"hd.mp4\",\n container: \"mp4\",\n elementaryStreams: [\n \"video-stream1\",\n \"audio-stream0\",\n ],\n },\n ],\n output: {\n uri: pulumi.interpolate`gs://${_default.name}/outputs/`,\n },\n },\n labels: {\n label: \"key\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.storage.Bucket(\"default\",\n name=\"transcoder-job\",\n location=\"US\",\n force_destroy=True,\n uniform_bucket_level_access=True,\n public_access_prevention=\"enforced\")\nexample_mp4 = gcp.storage.BucketObject(\"example_mp4\",\n name=\"example.mp4\",\n source=pulumi.FileAsset(\"./test-fixtures/example.mp4\"),\n bucket=default.name)\noverlay_png = gcp.storage.BucketObject(\"overlay_png\",\n name=\"overlay.png\",\n source=pulumi.FileAsset(\"./test-fixtures/overlay.png\"),\n bucket=default.name)\ndefault_job = gcp.transcoder.Job(\"default\",\n location=\"us-central1\",\n config={\n \"inputs\": [{\n \"key\": \"input0\",\n \"uri\": pulumi.Output.all(\n defaultName=default.name,\n exampleMp4Name=example_mp4.name\n).apply(lambda resolved_outputs: f\"gs://{resolved_outputs['defaultName']}/{resolved_outputs['exampleMp4Name']}\")\n,\n }],\n \"edit_lists\": [{\n \"key\": \"atom0\",\n \"inputs\": [\"input0\"],\n \"start_time_offset\": \"0s\",\n }],\n \"ad_breaks\": [{\n \"start_time_offset\": \"3.500s\",\n }],\n \"overlays\": [{\n \"animations\": [{\n \"animation_fade\": {\n \"fade_type\": \"FADE_IN\",\n \"start_time_offset\": \"1.500s\",\n \"end_time_offset\": \"3.500s\",\n \"xy\": {\n \"x\": 1,\n \"y\": 0.5,\n },\n },\n }],\n \"image\": {\n \"uri\": pulumi.Output.all(\n defaultName=default.name,\n overlayPngName=overlay_png.name\n).apply(lambda resolved_outputs: f\"gs://{resolved_outputs['defaultName']}/{resolved_outputs['overlayPngName']}\")\n,\n },\n }],\n \"elementary_streams\": [\n {\n \"key\": \"video-stream0\",\n \"video_stream\": {\n \"h264\": {\n \"width_pixels\": 640,\n \"height_pixels\": 360,\n \"bitrate_bps\": 550000,\n \"frame_rate\": 60,\n \"pixel_format\": \"yuv420p\",\n \"rate_control_mode\": \"vbr\",\n \"crf_level\": 21,\n \"gop_duration\": \"3s\",\n \"vbv_size_bits\": 550000,\n \"vbv_fullness_bits\": 495000,\n \"entropy_coder\": \"cabac\",\n \"profile\": \"high\",\n \"preset\": \"veryfast\",\n },\n },\n },\n {\n \"key\": \"video-stream1\",\n \"video_stream\": {\n \"h264\": {\n \"width_pixels\": 1280,\n \"height_pixels\": 720,\n \"bitrate_bps\": 550000,\n \"frame_rate\": 60,\n \"pixel_format\": \"yuv420p\",\n \"rate_control_mode\": \"vbr\",\n \"crf_level\": 21,\n \"gop_duration\": \"3s\",\n \"vbv_size_bits\": 2500000,\n \"vbv_fullness_bits\": 2250000,\n \"entropy_coder\": \"cabac\",\n \"profile\": \"high\",\n \"preset\": \"veryfast\",\n },\n },\n },\n {\n \"key\": \"audio-stream0\",\n \"audio_stream\": {\n \"codec\": \"aac\",\n \"bitrate_bps\": 64000,\n \"channel_count\": 2,\n \"channel_layouts\": [\n \"fl\",\n \"fr\",\n ],\n \"sample_rate_hertz\": 48000,\n },\n },\n ],\n \"mux_streams\": [\n {\n \"key\": \"sd\",\n \"file_name\": \"sd.mp4\",\n \"container\": \"mp4\",\n \"elementary_streams\": [\n \"video-stream0\",\n \"audio-stream0\",\n ],\n },\n {\n \"key\": \"hd\",\n \"file_name\": \"hd.mp4\",\n \"container\": \"mp4\",\n \"elementary_streams\": [\n \"video-stream1\",\n \"audio-stream0\",\n ],\n },\n ],\n \"output\": {\n \"uri\": default.name.apply(lambda name: f\"gs://{name}/outputs/\"),\n },\n },\n labels={\n \"label\": \"key\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Storage.Bucket(\"default\", new()\n {\n Name = \"transcoder-job\",\n Location = \"US\",\n ForceDestroy = true,\n UniformBucketLevelAccess = true,\n PublicAccessPrevention = \"enforced\",\n });\n\n var exampleMp4 = new Gcp.Storage.BucketObject(\"example_mp4\", new()\n {\n Name = \"example.mp4\",\n Source = new FileAsset(\"./test-fixtures/example.mp4\"),\n Bucket = @default.Name,\n });\n\n var overlayPng = new Gcp.Storage.BucketObject(\"overlay_png\", new()\n {\n Name = \"overlay.png\",\n Source = new FileAsset(\"./test-fixtures/overlay.png\"),\n Bucket = @default.Name,\n });\n\n var defaultJob = new Gcp.Transcoder.Job(\"default\", new()\n {\n Location = \"us-central1\",\n Config = new Gcp.Transcoder.Inputs.JobConfigArgs\n {\n Inputs = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigInputArgs\n {\n Key = \"input0\",\n Uri = Output.Tuple(@default.Name, exampleMp4.Name).Apply(values =\u003e\n {\n var defaultName = values.Item1;\n var exampleMp4Name = values.Item2;\n return $\"gs://{defaultName}/{exampleMp4Name}\";\n }),\n },\n },\n EditLists = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigEditListArgs\n {\n Key = \"atom0\",\n Inputs = new[]\n {\n \"input0\",\n },\n StartTimeOffset = \"0s\",\n },\n },\n AdBreaks = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigAdBreakArgs\n {\n StartTimeOffset = \"3.500s\",\n },\n },\n Overlays = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigOverlayArgs\n {\n Animations = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigOverlayAnimationArgs\n {\n AnimationFade = new Gcp.Transcoder.Inputs.JobConfigOverlayAnimationAnimationFadeArgs\n {\n FadeType = \"FADE_IN\",\n StartTimeOffset = \"1.500s\",\n EndTimeOffset = \"3.500s\",\n Xy = new Gcp.Transcoder.Inputs.JobConfigOverlayAnimationAnimationFadeXyArgs\n {\n X = 1,\n Y = 0.5,\n },\n },\n },\n },\n Image = new Gcp.Transcoder.Inputs.JobConfigOverlayImageArgs\n {\n Uri = Output.Tuple(@default.Name, overlayPng.Name).Apply(values =\u003e\n {\n var defaultName = values.Item1;\n var overlayPngName = values.Item2;\n return $\"gs://{defaultName}/{overlayPngName}\";\n }),\n },\n },\n },\n ElementaryStreams = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigElementaryStreamArgs\n {\n Key = \"video-stream0\",\n VideoStream = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamVideoStreamArgs\n {\n H264 = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamVideoStreamH264Args\n {\n WidthPixels = 640,\n HeightPixels = 360,\n BitrateBps = 550000,\n FrameRate = 60,\n PixelFormat = \"yuv420p\",\n RateControlMode = \"vbr\",\n CrfLevel = 21,\n GopDuration = \"3s\",\n VbvSizeBits = 550000,\n VbvFullnessBits = 495000,\n EntropyCoder = \"cabac\",\n Profile = \"high\",\n Preset = \"veryfast\",\n },\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigElementaryStreamArgs\n {\n Key = \"video-stream1\",\n VideoStream = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamVideoStreamArgs\n {\n H264 = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamVideoStreamH264Args\n {\n WidthPixels = 1280,\n HeightPixels = 720,\n BitrateBps = 550000,\n FrameRate = 60,\n PixelFormat = \"yuv420p\",\n RateControlMode = \"vbr\",\n CrfLevel = 21,\n GopDuration = \"3s\",\n VbvSizeBits = 2500000,\n VbvFullnessBits = 2250000,\n EntropyCoder = \"cabac\",\n Profile = \"high\",\n Preset = \"veryfast\",\n },\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigElementaryStreamArgs\n {\n Key = \"audio-stream0\",\n AudioStream = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamAudioStreamArgs\n {\n Codec = \"aac\",\n BitrateBps = 64000,\n ChannelCount = 2,\n ChannelLayouts = new[]\n {\n \"fl\",\n \"fr\",\n },\n SampleRateHertz = 48000,\n },\n },\n },\n MuxStreams = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigMuxStreamArgs\n {\n Key = \"sd\",\n FileName = \"sd.mp4\",\n Container = \"mp4\",\n ElementaryStreams = new[]\n {\n \"video-stream0\",\n \"audio-stream0\",\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigMuxStreamArgs\n {\n Key = \"hd\",\n FileName = \"hd.mp4\",\n Container = \"mp4\",\n ElementaryStreams = new[]\n {\n \"video-stream1\",\n \"audio-stream0\",\n },\n },\n },\n Output = new Gcp.Transcoder.Inputs.JobConfigOutputArgs\n {\n Uri = @default.Name.Apply(name =\u003e $\"gs://{name}/outputs/\"),\n },\n },\n Labels = \n {\n { \"label\", \"key\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/transcoder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucket(ctx, \"default\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"transcoder-job\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t\tPublicAccessPrevention: pulumi.String(\"enforced\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleMp4, err := storage.NewBucketObject(ctx, \"example_mp4\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"example.mp4\"),\n\t\t\tSource: pulumi.NewFileAsset(\"./test-fixtures/example.mp4\"),\n\t\t\tBucket: _default.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\toverlayPng, err := storage.NewBucketObject(ctx, \"overlay_png\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"overlay.png\"),\n\t\t\tSource: pulumi.NewFileAsset(\"./test-fixtures/overlay.png\"),\n\t\t\tBucket: _default.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = transcoder.NewJob(ctx, \"default\", \u0026transcoder.JobArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConfig: \u0026transcoder.JobConfigArgs{\n\t\t\t\tInputs: transcoder.JobConfigInputTypeArray{\n\t\t\t\t\t\u0026transcoder.JobConfigInputTypeArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"input0\"),\n\t\t\t\t\t\tUri: pulumi.All(_default.Name, exampleMp4.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\t\tdefaultName := _args[0].(string)\n\t\t\t\t\t\t\texampleMp4Name := _args[1].(string)\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/%v\", defaultName, exampleMp4Name), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tEditLists: transcoder.JobConfigEditListArray{\n\t\t\t\t\t\u0026transcoder.JobConfigEditListArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"atom0\"),\n\t\t\t\t\t\tInputs: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"input0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tStartTimeOffset: pulumi.String(\"0s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tAdBreaks: transcoder.JobConfigAdBreakArray{\n\t\t\t\t\t\u0026transcoder.JobConfigAdBreakArgs{\n\t\t\t\t\t\tStartTimeOffset: pulumi.String(\"3.500s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tOverlays: transcoder.JobConfigOverlayArray{\n\t\t\t\t\t\u0026transcoder.JobConfigOverlayArgs{\n\t\t\t\t\t\tAnimations: transcoder.JobConfigOverlayAnimationArray{\n\t\t\t\t\t\t\t\u0026transcoder.JobConfigOverlayAnimationArgs{\n\t\t\t\t\t\t\t\tAnimationFade: \u0026transcoder.JobConfigOverlayAnimationAnimationFadeArgs{\n\t\t\t\t\t\t\t\t\tFadeType: pulumi.String(\"FADE_IN\"),\n\t\t\t\t\t\t\t\t\tStartTimeOffset: pulumi.String(\"1.500s\"),\n\t\t\t\t\t\t\t\t\tEndTimeOffset: pulumi.String(\"3.500s\"),\n\t\t\t\t\t\t\t\t\tXy: \u0026transcoder.JobConfigOverlayAnimationAnimationFadeXyArgs{\n\t\t\t\t\t\t\t\t\t\tX: pulumi.Float64(1),\n\t\t\t\t\t\t\t\t\t\tY: pulumi.Float64(0.5),\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tImage: \u0026transcoder.JobConfigOverlayImageArgs{\n\t\t\t\t\t\t\tUri: pulumi.All(_default.Name, overlayPng.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\t\t\tdefaultName := _args[0].(string)\n\t\t\t\t\t\t\t\toverlayPngName := _args[1].(string)\n\t\t\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/%v\", defaultName, overlayPngName), nil\n\t\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tElementaryStreams: transcoder.JobConfigElementaryStreamArray{\n\t\t\t\t\t\u0026transcoder.JobConfigElementaryStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"video-stream0\"),\n\t\t\t\t\t\tVideoStream: \u0026transcoder.JobConfigElementaryStreamVideoStreamArgs{\n\t\t\t\t\t\t\tH264: \u0026transcoder.JobConfigElementaryStreamVideoStreamH264Args{\n\t\t\t\t\t\t\t\tWidthPixels: pulumi.Int(640),\n\t\t\t\t\t\t\t\tHeightPixels: pulumi.Int(360),\n\t\t\t\t\t\t\t\tBitrateBps: pulumi.Int(550000),\n\t\t\t\t\t\t\t\tFrameRate: pulumi.Int(60),\n\t\t\t\t\t\t\t\tPixelFormat: pulumi.String(\"yuv420p\"),\n\t\t\t\t\t\t\t\tRateControlMode: pulumi.String(\"vbr\"),\n\t\t\t\t\t\t\t\tCrfLevel: pulumi.Int(21),\n\t\t\t\t\t\t\t\tGopDuration: pulumi.String(\"3s\"),\n\t\t\t\t\t\t\t\tVbvSizeBits: pulumi.Int(550000),\n\t\t\t\t\t\t\t\tVbvFullnessBits: pulumi.Int(495000),\n\t\t\t\t\t\t\t\tEntropyCoder: pulumi.String(\"cabac\"),\n\t\t\t\t\t\t\t\tProfile: pulumi.String(\"high\"),\n\t\t\t\t\t\t\t\tPreset: pulumi.String(\"veryfast\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigElementaryStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"video-stream1\"),\n\t\t\t\t\t\tVideoStream: \u0026transcoder.JobConfigElementaryStreamVideoStreamArgs{\n\t\t\t\t\t\t\tH264: \u0026transcoder.JobConfigElementaryStreamVideoStreamH264Args{\n\t\t\t\t\t\t\t\tWidthPixels: pulumi.Int(1280),\n\t\t\t\t\t\t\t\tHeightPixels: pulumi.Int(720),\n\t\t\t\t\t\t\t\tBitrateBps: pulumi.Int(550000),\n\t\t\t\t\t\t\t\tFrameRate: pulumi.Int(60),\n\t\t\t\t\t\t\t\tPixelFormat: pulumi.String(\"yuv420p\"),\n\t\t\t\t\t\t\t\tRateControlMode: pulumi.String(\"vbr\"),\n\t\t\t\t\t\t\t\tCrfLevel: pulumi.Int(21),\n\t\t\t\t\t\t\t\tGopDuration: pulumi.String(\"3s\"),\n\t\t\t\t\t\t\t\tVbvSizeBits: pulumi.Int(2500000),\n\t\t\t\t\t\t\t\tVbvFullnessBits: pulumi.Int(2250000),\n\t\t\t\t\t\t\t\tEntropyCoder: pulumi.String(\"cabac\"),\n\t\t\t\t\t\t\t\tProfile: pulumi.String(\"high\"),\n\t\t\t\t\t\t\t\tPreset: pulumi.String(\"veryfast\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigElementaryStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"audio-stream0\"),\n\t\t\t\t\t\tAudioStream: \u0026transcoder.JobConfigElementaryStreamAudioStreamArgs{\n\t\t\t\t\t\t\tCodec: pulumi.String(\"aac\"),\n\t\t\t\t\t\t\tBitrateBps: pulumi.Int(64000),\n\t\t\t\t\t\t\tChannelCount: pulumi.Int(2),\n\t\t\t\t\t\t\tChannelLayouts: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"fl\"),\n\t\t\t\t\t\t\t\tpulumi.String(\"fr\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tSampleRateHertz: pulumi.Int(48000),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tMuxStreams: transcoder.JobConfigMuxStreamArray{\n\t\t\t\t\t\u0026transcoder.JobConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sd\"),\n\t\t\t\t\t\tFileName: pulumi.String(\"sd.mp4\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"mp4\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"video-stream0\"),\n\t\t\t\t\t\t\tpulumi.String(\"audio-stream0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"hd\"),\n\t\t\t\t\t\tFileName: pulumi.String(\"hd.mp4\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"mp4\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"video-stream1\"),\n\t\t\t\t\t\t\tpulumi.String(\"audio-stream0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tOutput: \u0026transcoder.JobConfigOutputTypeArgs{\n\t\t\t\t\tUri: _default.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/outputs/\", name), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label\": pulumi.String(\"key\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.transcoder.Job;\nimport com.pulumi.gcp.transcoder.JobArgs;\nimport com.pulumi.gcp.transcoder.inputs.JobConfigArgs;\nimport com.pulumi.gcp.transcoder.inputs.JobConfigOutputArgs;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Bucket(\"default\", BucketArgs.builder()\n .name(\"transcoder-job\")\n .location(\"US\")\n .forceDestroy(true)\n .uniformBucketLevelAccess(true)\n .publicAccessPrevention(\"enforced\")\n .build());\n\n var exampleMp4 = new BucketObject(\"exampleMp4\", BucketObjectArgs.builder()\n .name(\"example.mp4\")\n .source(new FileAsset(\"./test-fixtures/example.mp4\"))\n .bucket(default_.name())\n .build());\n\n var overlayPng = new BucketObject(\"overlayPng\", BucketObjectArgs.builder()\n .name(\"overlay.png\")\n .source(new FileAsset(\"./test-fixtures/overlay.png\"))\n .bucket(default_.name())\n .build());\n\n var defaultJob = new Job(\"defaultJob\", JobArgs.builder()\n .location(\"us-central1\")\n .config(JobConfigArgs.builder()\n .inputs(JobConfigInputArgs.builder()\n .key(\"input0\")\n .uri(Output.tuple(default_.name(), exampleMp4.name()).applyValue(values -\u003e {\n var defaultName = values.t1;\n var exampleMp4Name = values.t2;\n return String.format(\"gs://%s/%s\", defaultName,exampleMp4Name);\n }))\n .build())\n .editLists(JobConfigEditListArgs.builder()\n .key(\"atom0\")\n .inputs(\"input0\")\n .startTimeOffset(\"0s\")\n .build())\n .adBreaks(JobConfigAdBreakArgs.builder()\n .startTimeOffset(\"3.500s\")\n .build())\n .overlays(JobConfigOverlayArgs.builder()\n .animations(JobConfigOverlayAnimationArgs.builder()\n .animationFade(JobConfigOverlayAnimationAnimationFadeArgs.builder()\n .fadeType(\"FADE_IN\")\n .startTimeOffset(\"1.500s\")\n .endTimeOffset(\"3.500s\")\n .xy(JobConfigOverlayAnimationAnimationFadeXyArgs.builder()\n .x(1)\n .y(0.5)\n .build())\n .build())\n .build())\n .image(JobConfigOverlayImageArgs.builder()\n .uri(Output.tuple(default_.name(), overlayPng.name()).applyValue(values -\u003e {\n var defaultName = values.t1;\n var overlayPngName = values.t2;\n return String.format(\"gs://%s/%s\", defaultName,overlayPngName);\n }))\n .build())\n .build())\n .elementaryStreams( \n JobConfigElementaryStreamArgs.builder()\n .key(\"video-stream0\")\n .videoStream(JobConfigElementaryStreamVideoStreamArgs.builder()\n .h264(JobConfigElementaryStreamVideoStreamH264Args.builder()\n .widthPixels(640)\n .heightPixels(360)\n .bitrateBps(550000)\n .frameRate(60)\n .pixelFormat(\"yuv420p\")\n .rateControlMode(\"vbr\")\n .crfLevel(21)\n .gopDuration(\"3s\")\n .vbvSizeBits(550000)\n .vbvFullnessBits(495000)\n .entropyCoder(\"cabac\")\n .profile(\"high\")\n .preset(\"veryfast\")\n .build())\n .build())\n .build(),\n JobConfigElementaryStreamArgs.builder()\n .key(\"video-stream1\")\n .videoStream(JobConfigElementaryStreamVideoStreamArgs.builder()\n .h264(JobConfigElementaryStreamVideoStreamH264Args.builder()\n .widthPixels(1280)\n .heightPixels(720)\n .bitrateBps(550000)\n .frameRate(60)\n .pixelFormat(\"yuv420p\")\n .rateControlMode(\"vbr\")\n .crfLevel(21)\n .gopDuration(\"3s\")\n .vbvSizeBits(2500000)\n .vbvFullnessBits(2250000)\n .entropyCoder(\"cabac\")\n .profile(\"high\")\n .preset(\"veryfast\")\n .build())\n .build())\n .build(),\n JobConfigElementaryStreamArgs.builder()\n .key(\"audio-stream0\")\n .audioStream(JobConfigElementaryStreamAudioStreamArgs.builder()\n .codec(\"aac\")\n .bitrateBps(64000)\n .channelCount(2)\n .channelLayouts( \n \"fl\",\n \"fr\")\n .sampleRateHertz(48000)\n .build())\n .build())\n .muxStreams( \n JobConfigMuxStreamArgs.builder()\n .key(\"sd\")\n .fileName(\"sd.mp4\")\n .container(\"mp4\")\n .elementaryStreams( \n \"video-stream0\",\n \"audio-stream0\")\n .build(),\n JobConfigMuxStreamArgs.builder()\n .key(\"hd\")\n .fileName(\"hd.mp4\")\n .container(\"mp4\")\n .elementaryStreams( \n \"video-stream1\",\n \"audio-stream0\")\n .build())\n .output(JobConfigOutputArgs.builder()\n .uri(default_.name().applyValue(name -\u003e String.format(\"gs://%s/outputs/\", name)))\n .build())\n .build())\n .labels(Map.of(\"label\", \"key\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:storage:Bucket\n properties:\n name: transcoder-job\n location: US\n forceDestroy: true\n uniformBucketLevelAccess: true\n publicAccessPrevention: enforced\n exampleMp4:\n type: gcp:storage:BucketObject\n name: example_mp4\n properties:\n name: example.mp4\n source:\n fn::FileAsset: ./test-fixtures/example.mp4\n bucket: ${default.name}\n overlayPng:\n type: gcp:storage:BucketObject\n name: overlay_png\n properties:\n name: overlay.png\n source:\n fn::FileAsset: ./test-fixtures/overlay.png\n bucket: ${default.name}\n defaultJob:\n type: gcp:transcoder:Job\n name: default\n properties:\n location: us-central1\n config:\n inputs:\n - key: input0\n uri: gs://${default.name}/${exampleMp4.name}\n editLists:\n - key: atom0\n inputs:\n - input0\n startTimeOffset: 0s\n adBreaks:\n - startTimeOffset: 3.500s\n overlays:\n - animations:\n - animationFade:\n fadeType: FADE_IN\n startTimeOffset: 1.500s\n endTimeOffset: 3.500s\n xy:\n x: 1\n y: 0.5\n image:\n uri: gs://${default.name}/${overlayPng.name}\n elementaryStreams:\n - key: video-stream0\n videoStream:\n h264:\n widthPixels: 640\n heightPixels: 360\n bitrateBps: 550000\n frameRate: 60\n pixelFormat: yuv420p\n rateControlMode: vbr\n crfLevel: 21\n gopDuration: 3s\n vbvSizeBits: 550000\n vbvFullnessBits: 495000\n entropyCoder: cabac\n profile: high\n preset: veryfast\n - key: video-stream1\n videoStream:\n h264:\n widthPixels: 1280\n heightPixels: 720\n bitrateBps: 550000\n frameRate: 60\n pixelFormat: yuv420p\n rateControlMode: vbr\n crfLevel: 21\n gopDuration: 3s\n vbvSizeBits: 2.5e+06\n vbvFullnessBits: 2.25e+06\n entropyCoder: cabac\n profile: high\n preset: veryfast\n - key: audio-stream0\n audioStream:\n codec: aac\n bitrateBps: 64000\n channelCount: 2\n channelLayouts:\n - fl\n - fr\n sampleRateHertz: 48000\n muxStreams:\n - key: sd\n fileName: sd.mp4\n container: mp4\n elementaryStreams:\n - video-stream0\n - audio-stream0\n - key: hd\n fileName: hd.mp4\n container: mp4\n elementaryStreams:\n - video-stream1\n - audio-stream0\n output:\n uri: gs://${default.name}/outputs/\n labels:\n label: key\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Transcoder Job Manifests\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.storage.Bucket(\"default\", {\n name: \"transcoder-job\",\n location: \"US\",\n forceDestroy: true,\n uniformBucketLevelAccess: true,\n publicAccessPrevention: \"enforced\",\n});\nconst exampleMp4 = new gcp.storage.BucketObject(\"example_mp4\", {\n name: \"example.mp4\",\n source: new pulumi.asset.FileAsset(\"./test-fixtures/example.mp4\"),\n bucket: _default.name,\n});\nconst defaultJob = new gcp.transcoder.Job(\"default\", {\n location: \"us-central1\",\n config: {\n inputs: [{\n key: \"input0\",\n uri: pulumi.interpolate`gs://${_default.name}/${exampleMp4.name}`,\n }],\n editLists: [{\n key: \"atom0\",\n startTimeOffset: \"0s\",\n inputs: [\"input0\"],\n }],\n adBreaks: [{\n startTimeOffset: \"3.500s\",\n }],\n elementaryStreams: [\n {\n key: \"video-stream0\",\n videoStream: {\n h264: {\n widthPixels: 640,\n heightPixels: 360,\n bitrateBps: 550000,\n frameRate: 60,\n pixelFormat: \"yuv420p\",\n rateControlMode: \"vbr\",\n crfLevel: 21,\n gopDuration: \"3s\",\n vbvSizeBits: 550000,\n vbvFullnessBits: 495000,\n entropyCoder: \"cabac\",\n profile: \"high\",\n preset: \"veryfast\",\n },\n },\n },\n {\n key: \"video-stream1\",\n videoStream: {\n h264: {\n widthPixels: 1280,\n heightPixels: 720,\n bitrateBps: 550000,\n frameRate: 60,\n pixelFormat: \"yuv420p\",\n rateControlMode: \"vbr\",\n crfLevel: 21,\n gopDuration: \"3s\",\n vbvSizeBits: 2500000,\n vbvFullnessBits: 2250000,\n entropyCoder: \"cabac\",\n profile: \"high\",\n preset: \"veryfast\",\n },\n },\n },\n {\n key: \"audio-stream0\",\n audioStream: {\n codec: \"aac\",\n bitrateBps: 64000,\n channelCount: 2,\n channelLayouts: [\n \"fl\",\n \"fr\",\n ],\n sampleRateHertz: 48000,\n },\n },\n ],\n muxStreams: [\n {\n key: \"sd\",\n fileName: \"sd.mp4\",\n container: \"mp4\",\n elementaryStreams: [\n \"video-stream0\",\n \"audio-stream0\",\n ],\n },\n {\n key: \"hd\",\n fileName: \"hd.mp4\",\n container: \"mp4\",\n elementaryStreams: [\n \"video-stream1\",\n \"audio-stream0\",\n ],\n },\n {\n key: \"media-sd\",\n fileName: \"media-sd.ts\",\n container: \"ts\",\n elementaryStreams: [\n \"video-stream0\",\n \"audio-stream0\",\n ],\n },\n {\n key: \"media-hd\",\n fileName: \"media-hd.ts\",\n container: \"ts\",\n elementaryStreams: [\n \"video-stream1\",\n \"audio-stream0\",\n ],\n },\n {\n key: \"video-only-sd\",\n fileName: \"video-only-sd.m4s\",\n container: \"fmp4\",\n elementaryStreams: [\"video-stream0\"],\n },\n {\n key: \"video-only-hd\",\n fileName: \"video-only-hd.m4s\",\n container: \"fmp4\",\n elementaryStreams: [\"video-stream1\"],\n },\n {\n key: \"audio-only\",\n fileName: \"audio-only.m4s\",\n container: \"fmp4\",\n elementaryStreams: [\"audio-stream0\"],\n },\n ],\n manifests: [\n {\n fileName: \"manifest.m3u8\",\n type: \"HLS\",\n muxStreams: [\n \"media-sd\",\n \"media-hd\",\n ],\n },\n {\n fileName: \"manifest.mpd\",\n type: \"DASH\",\n muxStreams: [\n \"video-only-sd\",\n \"video-only-hd\",\n \"audio-only\",\n ],\n },\n ],\n output: {\n uri: pulumi.interpolate`gs://${_default.name}/outputs/`,\n },\n },\n labels: {\n label: \"key\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.storage.Bucket(\"default\",\n name=\"transcoder-job\",\n location=\"US\",\n force_destroy=True,\n uniform_bucket_level_access=True,\n public_access_prevention=\"enforced\")\nexample_mp4 = gcp.storage.BucketObject(\"example_mp4\",\n name=\"example.mp4\",\n source=pulumi.FileAsset(\"./test-fixtures/example.mp4\"),\n bucket=default.name)\ndefault_job = gcp.transcoder.Job(\"default\",\n location=\"us-central1\",\n config={\n \"inputs\": [{\n \"key\": \"input0\",\n \"uri\": pulumi.Output.all(\n defaultName=default.name,\n exampleMp4Name=example_mp4.name\n).apply(lambda resolved_outputs: f\"gs://{resolved_outputs['defaultName']}/{resolved_outputs['exampleMp4Name']}\")\n,\n }],\n \"edit_lists\": [{\n \"key\": \"atom0\",\n \"start_time_offset\": \"0s\",\n \"inputs\": [\"input0\"],\n }],\n \"ad_breaks\": [{\n \"start_time_offset\": \"3.500s\",\n }],\n \"elementary_streams\": [\n {\n \"key\": \"video-stream0\",\n \"video_stream\": {\n \"h264\": {\n \"width_pixels\": 640,\n \"height_pixels\": 360,\n \"bitrate_bps\": 550000,\n \"frame_rate\": 60,\n \"pixel_format\": \"yuv420p\",\n \"rate_control_mode\": \"vbr\",\n \"crf_level\": 21,\n \"gop_duration\": \"3s\",\n \"vbv_size_bits\": 550000,\n \"vbv_fullness_bits\": 495000,\n \"entropy_coder\": \"cabac\",\n \"profile\": \"high\",\n \"preset\": \"veryfast\",\n },\n },\n },\n {\n \"key\": \"video-stream1\",\n \"video_stream\": {\n \"h264\": {\n \"width_pixels\": 1280,\n \"height_pixels\": 720,\n \"bitrate_bps\": 550000,\n \"frame_rate\": 60,\n \"pixel_format\": \"yuv420p\",\n \"rate_control_mode\": \"vbr\",\n \"crf_level\": 21,\n \"gop_duration\": \"3s\",\n \"vbv_size_bits\": 2500000,\n \"vbv_fullness_bits\": 2250000,\n \"entropy_coder\": \"cabac\",\n \"profile\": \"high\",\n \"preset\": \"veryfast\",\n },\n },\n },\n {\n \"key\": \"audio-stream0\",\n \"audio_stream\": {\n \"codec\": \"aac\",\n \"bitrate_bps\": 64000,\n \"channel_count\": 2,\n \"channel_layouts\": [\n \"fl\",\n \"fr\",\n ],\n \"sample_rate_hertz\": 48000,\n },\n },\n ],\n \"mux_streams\": [\n {\n \"key\": \"sd\",\n \"file_name\": \"sd.mp4\",\n \"container\": \"mp4\",\n \"elementary_streams\": [\n \"video-stream0\",\n \"audio-stream0\",\n ],\n },\n {\n \"key\": \"hd\",\n \"file_name\": \"hd.mp4\",\n \"container\": \"mp4\",\n \"elementary_streams\": [\n \"video-stream1\",\n \"audio-stream0\",\n ],\n },\n {\n \"key\": \"media-sd\",\n \"file_name\": \"media-sd.ts\",\n \"container\": \"ts\",\n \"elementary_streams\": [\n \"video-stream0\",\n \"audio-stream0\",\n ],\n },\n {\n \"key\": \"media-hd\",\n \"file_name\": \"media-hd.ts\",\n \"container\": \"ts\",\n \"elementary_streams\": [\n \"video-stream1\",\n \"audio-stream0\",\n ],\n },\n {\n \"key\": \"video-only-sd\",\n \"file_name\": \"video-only-sd.m4s\",\n \"container\": \"fmp4\",\n \"elementary_streams\": [\"video-stream0\"],\n },\n {\n \"key\": \"video-only-hd\",\n \"file_name\": \"video-only-hd.m4s\",\n \"container\": \"fmp4\",\n \"elementary_streams\": [\"video-stream1\"],\n },\n {\n \"key\": \"audio-only\",\n \"file_name\": \"audio-only.m4s\",\n \"container\": \"fmp4\",\n \"elementary_streams\": [\"audio-stream0\"],\n },\n ],\n \"manifests\": [\n {\n \"file_name\": \"manifest.m3u8\",\n \"type\": \"HLS\",\n \"mux_streams\": [\n \"media-sd\",\n \"media-hd\",\n ],\n },\n {\n \"file_name\": \"manifest.mpd\",\n \"type\": \"DASH\",\n \"mux_streams\": [\n \"video-only-sd\",\n \"video-only-hd\",\n \"audio-only\",\n ],\n },\n ],\n \"output\": {\n \"uri\": default.name.apply(lambda name: f\"gs://{name}/outputs/\"),\n },\n },\n labels={\n \"label\": \"key\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Storage.Bucket(\"default\", new()\n {\n Name = \"transcoder-job\",\n Location = \"US\",\n ForceDestroy = true,\n UniformBucketLevelAccess = true,\n PublicAccessPrevention = \"enforced\",\n });\n\n var exampleMp4 = new Gcp.Storage.BucketObject(\"example_mp4\", new()\n {\n Name = \"example.mp4\",\n Source = new FileAsset(\"./test-fixtures/example.mp4\"),\n Bucket = @default.Name,\n });\n\n var defaultJob = new Gcp.Transcoder.Job(\"default\", new()\n {\n Location = \"us-central1\",\n Config = new Gcp.Transcoder.Inputs.JobConfigArgs\n {\n Inputs = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigInputArgs\n {\n Key = \"input0\",\n Uri = Output.Tuple(@default.Name, exampleMp4.Name).Apply(values =\u003e\n {\n var defaultName = values.Item1;\n var exampleMp4Name = values.Item2;\n return $\"gs://{defaultName}/{exampleMp4Name}\";\n }),\n },\n },\n EditLists = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigEditListArgs\n {\n Key = \"atom0\",\n StartTimeOffset = \"0s\",\n Inputs = new[]\n {\n \"input0\",\n },\n },\n },\n AdBreaks = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigAdBreakArgs\n {\n StartTimeOffset = \"3.500s\",\n },\n },\n ElementaryStreams = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigElementaryStreamArgs\n {\n Key = \"video-stream0\",\n VideoStream = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamVideoStreamArgs\n {\n H264 = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamVideoStreamH264Args\n {\n WidthPixels = 640,\n HeightPixels = 360,\n BitrateBps = 550000,\n FrameRate = 60,\n PixelFormat = \"yuv420p\",\n RateControlMode = \"vbr\",\n CrfLevel = 21,\n GopDuration = \"3s\",\n VbvSizeBits = 550000,\n VbvFullnessBits = 495000,\n EntropyCoder = \"cabac\",\n Profile = \"high\",\n Preset = \"veryfast\",\n },\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigElementaryStreamArgs\n {\n Key = \"video-stream1\",\n VideoStream = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamVideoStreamArgs\n {\n H264 = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamVideoStreamH264Args\n {\n WidthPixels = 1280,\n HeightPixels = 720,\n BitrateBps = 550000,\n FrameRate = 60,\n PixelFormat = \"yuv420p\",\n RateControlMode = \"vbr\",\n CrfLevel = 21,\n GopDuration = \"3s\",\n VbvSizeBits = 2500000,\n VbvFullnessBits = 2250000,\n EntropyCoder = \"cabac\",\n Profile = \"high\",\n Preset = \"veryfast\",\n },\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigElementaryStreamArgs\n {\n Key = \"audio-stream0\",\n AudioStream = new Gcp.Transcoder.Inputs.JobConfigElementaryStreamAudioStreamArgs\n {\n Codec = \"aac\",\n BitrateBps = 64000,\n ChannelCount = 2,\n ChannelLayouts = new[]\n {\n \"fl\",\n \"fr\",\n },\n SampleRateHertz = 48000,\n },\n },\n },\n MuxStreams = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigMuxStreamArgs\n {\n Key = \"sd\",\n FileName = \"sd.mp4\",\n Container = \"mp4\",\n ElementaryStreams = new[]\n {\n \"video-stream0\",\n \"audio-stream0\",\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigMuxStreamArgs\n {\n Key = \"hd\",\n FileName = \"hd.mp4\",\n Container = \"mp4\",\n ElementaryStreams = new[]\n {\n \"video-stream1\",\n \"audio-stream0\",\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigMuxStreamArgs\n {\n Key = \"media-sd\",\n FileName = \"media-sd.ts\",\n Container = \"ts\",\n ElementaryStreams = new[]\n {\n \"video-stream0\",\n \"audio-stream0\",\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigMuxStreamArgs\n {\n Key = \"media-hd\",\n FileName = \"media-hd.ts\",\n Container = \"ts\",\n ElementaryStreams = new[]\n {\n \"video-stream1\",\n \"audio-stream0\",\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigMuxStreamArgs\n {\n Key = \"video-only-sd\",\n FileName = \"video-only-sd.m4s\",\n Container = \"fmp4\",\n ElementaryStreams = new[]\n {\n \"video-stream0\",\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigMuxStreamArgs\n {\n Key = \"video-only-hd\",\n FileName = \"video-only-hd.m4s\",\n Container = \"fmp4\",\n ElementaryStreams = new[]\n {\n \"video-stream1\",\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigMuxStreamArgs\n {\n Key = \"audio-only\",\n FileName = \"audio-only.m4s\",\n Container = \"fmp4\",\n ElementaryStreams = new[]\n {\n \"audio-stream0\",\n },\n },\n },\n Manifests = new[]\n {\n new Gcp.Transcoder.Inputs.JobConfigManifestArgs\n {\n FileName = \"manifest.m3u8\",\n Type = \"HLS\",\n MuxStreams = new[]\n {\n \"media-sd\",\n \"media-hd\",\n },\n },\n new Gcp.Transcoder.Inputs.JobConfigManifestArgs\n {\n FileName = \"manifest.mpd\",\n Type = \"DASH\",\n MuxStreams = new[]\n {\n \"video-only-sd\",\n \"video-only-hd\",\n \"audio-only\",\n },\n },\n },\n Output = new Gcp.Transcoder.Inputs.JobConfigOutputArgs\n {\n Uri = @default.Name.Apply(name =\u003e $\"gs://{name}/outputs/\"),\n },\n },\n Labels = \n {\n { \"label\", \"key\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/transcoder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucket(ctx, \"default\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"transcoder-job\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t\tPublicAccessPrevention: pulumi.String(\"enforced\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleMp4, err := storage.NewBucketObject(ctx, \"example_mp4\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"example.mp4\"),\n\t\t\tSource: pulumi.NewFileAsset(\"./test-fixtures/example.mp4\"),\n\t\t\tBucket: _default.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = transcoder.NewJob(ctx, \"default\", \u0026transcoder.JobArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tConfig: \u0026transcoder.JobConfigArgs{\n\t\t\t\tInputs: transcoder.JobConfigInputTypeArray{\n\t\t\t\t\t\u0026transcoder.JobConfigInputTypeArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"input0\"),\n\t\t\t\t\t\tUri: pulumi.All(_default.Name, exampleMp4.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\t\tdefaultName := _args[0].(string)\n\t\t\t\t\t\t\texampleMp4Name := _args[1].(string)\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/%v\", defaultName, exampleMp4Name), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tEditLists: transcoder.JobConfigEditListArray{\n\t\t\t\t\t\u0026transcoder.JobConfigEditListArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"atom0\"),\n\t\t\t\t\t\tStartTimeOffset: pulumi.String(\"0s\"),\n\t\t\t\t\t\tInputs: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"input0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tAdBreaks: transcoder.JobConfigAdBreakArray{\n\t\t\t\t\t\u0026transcoder.JobConfigAdBreakArgs{\n\t\t\t\t\t\tStartTimeOffset: pulumi.String(\"3.500s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tElementaryStreams: transcoder.JobConfigElementaryStreamArray{\n\t\t\t\t\t\u0026transcoder.JobConfigElementaryStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"video-stream0\"),\n\t\t\t\t\t\tVideoStream: \u0026transcoder.JobConfigElementaryStreamVideoStreamArgs{\n\t\t\t\t\t\t\tH264: \u0026transcoder.JobConfigElementaryStreamVideoStreamH264Args{\n\t\t\t\t\t\t\t\tWidthPixels: pulumi.Int(640),\n\t\t\t\t\t\t\t\tHeightPixels: pulumi.Int(360),\n\t\t\t\t\t\t\t\tBitrateBps: pulumi.Int(550000),\n\t\t\t\t\t\t\t\tFrameRate: pulumi.Int(60),\n\t\t\t\t\t\t\t\tPixelFormat: pulumi.String(\"yuv420p\"),\n\t\t\t\t\t\t\t\tRateControlMode: pulumi.String(\"vbr\"),\n\t\t\t\t\t\t\t\tCrfLevel: pulumi.Int(21),\n\t\t\t\t\t\t\t\tGopDuration: pulumi.String(\"3s\"),\n\t\t\t\t\t\t\t\tVbvSizeBits: pulumi.Int(550000),\n\t\t\t\t\t\t\t\tVbvFullnessBits: pulumi.Int(495000),\n\t\t\t\t\t\t\t\tEntropyCoder: pulumi.String(\"cabac\"),\n\t\t\t\t\t\t\t\tProfile: pulumi.String(\"high\"),\n\t\t\t\t\t\t\t\tPreset: pulumi.String(\"veryfast\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigElementaryStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"video-stream1\"),\n\t\t\t\t\t\tVideoStream: \u0026transcoder.JobConfigElementaryStreamVideoStreamArgs{\n\t\t\t\t\t\t\tH264: \u0026transcoder.JobConfigElementaryStreamVideoStreamH264Args{\n\t\t\t\t\t\t\t\tWidthPixels: pulumi.Int(1280),\n\t\t\t\t\t\t\t\tHeightPixels: pulumi.Int(720),\n\t\t\t\t\t\t\t\tBitrateBps: pulumi.Int(550000),\n\t\t\t\t\t\t\t\tFrameRate: pulumi.Int(60),\n\t\t\t\t\t\t\t\tPixelFormat: pulumi.String(\"yuv420p\"),\n\t\t\t\t\t\t\t\tRateControlMode: pulumi.String(\"vbr\"),\n\t\t\t\t\t\t\t\tCrfLevel: pulumi.Int(21),\n\t\t\t\t\t\t\t\tGopDuration: pulumi.String(\"3s\"),\n\t\t\t\t\t\t\t\tVbvSizeBits: pulumi.Int(2500000),\n\t\t\t\t\t\t\t\tVbvFullnessBits: pulumi.Int(2250000),\n\t\t\t\t\t\t\t\tEntropyCoder: pulumi.String(\"cabac\"),\n\t\t\t\t\t\t\t\tProfile: pulumi.String(\"high\"),\n\t\t\t\t\t\t\t\tPreset: pulumi.String(\"veryfast\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigElementaryStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"audio-stream0\"),\n\t\t\t\t\t\tAudioStream: \u0026transcoder.JobConfigElementaryStreamAudioStreamArgs{\n\t\t\t\t\t\t\tCodec: pulumi.String(\"aac\"),\n\t\t\t\t\t\t\tBitrateBps: pulumi.Int(64000),\n\t\t\t\t\t\t\tChannelCount: pulumi.Int(2),\n\t\t\t\t\t\t\tChannelLayouts: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"fl\"),\n\t\t\t\t\t\t\t\tpulumi.String(\"fr\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tSampleRateHertz: pulumi.Int(48000),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tMuxStreams: transcoder.JobConfigMuxStreamArray{\n\t\t\t\t\t\u0026transcoder.JobConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"sd\"),\n\t\t\t\t\t\tFileName: pulumi.String(\"sd.mp4\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"mp4\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"video-stream0\"),\n\t\t\t\t\t\t\tpulumi.String(\"audio-stream0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"hd\"),\n\t\t\t\t\t\tFileName: pulumi.String(\"hd.mp4\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"mp4\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"video-stream1\"),\n\t\t\t\t\t\t\tpulumi.String(\"audio-stream0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"media-sd\"),\n\t\t\t\t\t\tFileName: pulumi.String(\"media-sd.ts\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"ts\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"video-stream0\"),\n\t\t\t\t\t\t\tpulumi.String(\"audio-stream0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"media-hd\"),\n\t\t\t\t\t\tFileName: pulumi.String(\"media-hd.ts\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"ts\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"video-stream1\"),\n\t\t\t\t\t\t\tpulumi.String(\"audio-stream0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"video-only-sd\"),\n\t\t\t\t\t\tFileName: pulumi.String(\"video-only-sd.m4s\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"fmp4\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"video-stream0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"video-only-hd\"),\n\t\t\t\t\t\tFileName: pulumi.String(\"video-only-hd.m4s\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"fmp4\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"video-stream1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigMuxStreamArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"audio-only\"),\n\t\t\t\t\t\tFileName: pulumi.String(\"audio-only.m4s\"),\n\t\t\t\t\t\tContainer: pulumi.String(\"fmp4\"),\n\t\t\t\t\t\tElementaryStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"audio-stream0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tManifests: transcoder.JobConfigManifestArray{\n\t\t\t\t\t\u0026transcoder.JobConfigManifestArgs{\n\t\t\t\t\t\tFileName: pulumi.String(\"manifest.m3u8\"),\n\t\t\t\t\t\tType: pulumi.String(\"HLS\"),\n\t\t\t\t\t\tMuxStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"media-sd\"),\n\t\t\t\t\t\t\tpulumi.String(\"media-hd\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026transcoder.JobConfigManifestArgs{\n\t\t\t\t\t\tFileName: pulumi.String(\"manifest.mpd\"),\n\t\t\t\t\t\tType: pulumi.String(\"DASH\"),\n\t\t\t\t\t\tMuxStreams: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"video-only-sd\"),\n\t\t\t\t\t\t\tpulumi.String(\"video-only-hd\"),\n\t\t\t\t\t\t\tpulumi.String(\"audio-only\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tOutput: \u0026transcoder.JobConfigOutputTypeArgs{\n\t\t\t\t\tUri: _default.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/outputs/\", name), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label\": pulumi.String(\"key\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.transcoder.Job;\nimport com.pulumi.gcp.transcoder.JobArgs;\nimport com.pulumi.gcp.transcoder.inputs.JobConfigArgs;\nimport com.pulumi.gcp.transcoder.inputs.JobConfigOutputArgs;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Bucket(\"default\", BucketArgs.builder()\n .name(\"transcoder-job\")\n .location(\"US\")\n .forceDestroy(true)\n .uniformBucketLevelAccess(true)\n .publicAccessPrevention(\"enforced\")\n .build());\n\n var exampleMp4 = new BucketObject(\"exampleMp4\", BucketObjectArgs.builder()\n .name(\"example.mp4\")\n .source(new FileAsset(\"./test-fixtures/example.mp4\"))\n .bucket(default_.name())\n .build());\n\n var defaultJob = new Job(\"defaultJob\", JobArgs.builder()\n .location(\"us-central1\")\n .config(JobConfigArgs.builder()\n .inputs(JobConfigInputArgs.builder()\n .key(\"input0\")\n .uri(Output.tuple(default_.name(), exampleMp4.name()).applyValue(values -\u003e {\n var defaultName = values.t1;\n var exampleMp4Name = values.t2;\n return String.format(\"gs://%s/%s\", defaultName,exampleMp4Name);\n }))\n .build())\n .editLists(JobConfigEditListArgs.builder()\n .key(\"atom0\")\n .startTimeOffset(\"0s\")\n .inputs(\"input0\")\n .build())\n .adBreaks(JobConfigAdBreakArgs.builder()\n .startTimeOffset(\"3.500s\")\n .build())\n .elementaryStreams( \n JobConfigElementaryStreamArgs.builder()\n .key(\"video-stream0\")\n .videoStream(JobConfigElementaryStreamVideoStreamArgs.builder()\n .h264(JobConfigElementaryStreamVideoStreamH264Args.builder()\n .widthPixels(640)\n .heightPixels(360)\n .bitrateBps(550000)\n .frameRate(60)\n .pixelFormat(\"yuv420p\")\n .rateControlMode(\"vbr\")\n .crfLevel(21)\n .gopDuration(\"3s\")\n .vbvSizeBits(550000)\n .vbvFullnessBits(495000)\n .entropyCoder(\"cabac\")\n .profile(\"high\")\n .preset(\"veryfast\")\n .build())\n .build())\n .build(),\n JobConfigElementaryStreamArgs.builder()\n .key(\"video-stream1\")\n .videoStream(JobConfigElementaryStreamVideoStreamArgs.builder()\n .h264(JobConfigElementaryStreamVideoStreamH264Args.builder()\n .widthPixels(1280)\n .heightPixels(720)\n .bitrateBps(550000)\n .frameRate(60)\n .pixelFormat(\"yuv420p\")\n .rateControlMode(\"vbr\")\n .crfLevel(21)\n .gopDuration(\"3s\")\n .vbvSizeBits(2500000)\n .vbvFullnessBits(2250000)\n .entropyCoder(\"cabac\")\n .profile(\"high\")\n .preset(\"veryfast\")\n .build())\n .build())\n .build(),\n JobConfigElementaryStreamArgs.builder()\n .key(\"audio-stream0\")\n .audioStream(JobConfigElementaryStreamAudioStreamArgs.builder()\n .codec(\"aac\")\n .bitrateBps(64000)\n .channelCount(2)\n .channelLayouts( \n \"fl\",\n \"fr\")\n .sampleRateHertz(48000)\n .build())\n .build())\n .muxStreams( \n JobConfigMuxStreamArgs.builder()\n .key(\"sd\")\n .fileName(\"sd.mp4\")\n .container(\"mp4\")\n .elementaryStreams( \n \"video-stream0\",\n \"audio-stream0\")\n .build(),\n JobConfigMuxStreamArgs.builder()\n .key(\"hd\")\n .fileName(\"hd.mp4\")\n .container(\"mp4\")\n .elementaryStreams( \n \"video-stream1\",\n \"audio-stream0\")\n .build(),\n JobConfigMuxStreamArgs.builder()\n .key(\"media-sd\")\n .fileName(\"media-sd.ts\")\n .container(\"ts\")\n .elementaryStreams( \n \"video-stream0\",\n \"audio-stream0\")\n .build(),\n JobConfigMuxStreamArgs.builder()\n .key(\"media-hd\")\n .fileName(\"media-hd.ts\")\n .container(\"ts\")\n .elementaryStreams( \n \"video-stream1\",\n \"audio-stream0\")\n .build(),\n JobConfigMuxStreamArgs.builder()\n .key(\"video-only-sd\")\n .fileName(\"video-only-sd.m4s\")\n .container(\"fmp4\")\n .elementaryStreams(\"video-stream0\")\n .build(),\n JobConfigMuxStreamArgs.builder()\n .key(\"video-only-hd\")\n .fileName(\"video-only-hd.m4s\")\n .container(\"fmp4\")\n .elementaryStreams(\"video-stream1\")\n .build(),\n JobConfigMuxStreamArgs.builder()\n .key(\"audio-only\")\n .fileName(\"audio-only.m4s\")\n .container(\"fmp4\")\n .elementaryStreams(\"audio-stream0\")\n .build())\n .manifests( \n JobConfigManifestArgs.builder()\n .fileName(\"manifest.m3u8\")\n .type(\"HLS\")\n .muxStreams( \n \"media-sd\",\n \"media-hd\")\n .build(),\n JobConfigManifestArgs.builder()\n .fileName(\"manifest.mpd\")\n .type(\"DASH\")\n .muxStreams( \n \"video-only-sd\",\n \"video-only-hd\",\n \"audio-only\")\n .build())\n .output(JobConfigOutputArgs.builder()\n .uri(default_.name().applyValue(name -\u003e String.format(\"gs://%s/outputs/\", name)))\n .build())\n .build())\n .labels(Map.of(\"label\", \"key\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:storage:Bucket\n properties:\n name: transcoder-job\n location: US\n forceDestroy: true\n uniformBucketLevelAccess: true\n publicAccessPrevention: enforced\n exampleMp4:\n type: gcp:storage:BucketObject\n name: example_mp4\n properties:\n name: example.mp4\n source:\n fn::FileAsset: ./test-fixtures/example.mp4\n bucket: ${default.name}\n defaultJob:\n type: gcp:transcoder:Job\n name: default\n properties:\n location: us-central1\n config:\n inputs:\n - key: input0\n uri: gs://${default.name}/${exampleMp4.name}\n editLists:\n - key: atom0\n startTimeOffset: 0s\n inputs:\n - input0\n adBreaks:\n - startTimeOffset: 3.500s\n elementaryStreams:\n - key: video-stream0\n videoStream:\n h264:\n widthPixels: 640\n heightPixels: 360\n bitrateBps: 550000\n frameRate: 60\n pixelFormat: yuv420p\n rateControlMode: vbr\n crfLevel: 21\n gopDuration: 3s\n vbvSizeBits: 550000\n vbvFullnessBits: 495000\n entropyCoder: cabac\n profile: high\n preset: veryfast\n - key: video-stream1\n videoStream:\n h264:\n widthPixels: 1280\n heightPixels: 720\n bitrateBps: 550000\n frameRate: 60\n pixelFormat: yuv420p\n rateControlMode: vbr\n crfLevel: 21\n gopDuration: 3s\n vbvSizeBits: 2.5e+06\n vbvFullnessBits: 2.25e+06\n entropyCoder: cabac\n profile: high\n preset: veryfast\n - key: audio-stream0\n audioStream:\n codec: aac\n bitrateBps: 64000\n channelCount: 2\n channelLayouts:\n - fl\n - fr\n sampleRateHertz: 48000\n muxStreams:\n - key: sd\n fileName: sd.mp4\n container: mp4\n elementaryStreams:\n - video-stream0\n - audio-stream0\n - key: hd\n fileName: hd.mp4\n container: mp4\n elementaryStreams:\n - video-stream1\n - audio-stream0\n - key: media-sd\n fileName: media-sd.ts\n container: ts\n elementaryStreams:\n - video-stream0\n - audio-stream0\n - key: media-hd\n fileName: media-hd.ts\n container: ts\n elementaryStreams:\n - video-stream1\n - audio-stream0\n - key: video-only-sd\n fileName: video-only-sd.m4s\n container: fmp4\n elementaryStreams:\n - video-stream0\n - key: video-only-hd\n fileName: video-only-hd.m4s\n container: fmp4\n elementaryStreams:\n - video-stream1\n - key: audio-only\n fileName: audio-only.m4s\n container: fmp4\n elementaryStreams:\n - audio-stream0\n manifests:\n - fileName: manifest.m3u8\n type: HLS\n muxStreams:\n - media-sd\n - media-hd\n - fileName: manifest.mpd\n type: DASH\n muxStreams:\n - video-only-sd\n - video-only-hd\n - audio-only\n output:\n uri: gs://${default.name}/outputs/\n labels:\n label: key\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nJob can be imported using any of these accepted formats:\n\n* `{{project}}/{{name}}`\n\n* `{{project}} {{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Job can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:transcoder/job:Job default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:transcoder/job:Job default \"{{project}} {{name}}\"\n```\n\n```sh\n$ pulumi import gcp:transcoder/job:Job default {{name}}\n```\n\n", "properties": { "config": { "$ref": "#/types/gcp:transcoder/JobConfig:JobConfig", @@ -271843,7 +271843,7 @@ } }, "gcp:vertex/aiEndpoint:AiEndpoint": { - "description": "Models are deployed into it, and afterwards Endpoint is called to obtain predictions and explanations.\n\n\nTo get more information about Endpoint, see:\n\n* [API documentation](https://cloud.google.com/vertex-ai/docs/reference/rest/v1beta1/projects.locations.endpoints)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/vertex-ai/docs)\n\n## Example Usage\n\n### Vertex Ai Endpoint Network\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst vertexNetwork = new gcp.compute.Network(\"vertex_network\", {name: \"network-name\"});\nconst vertexRange = new gcp.compute.GlobalAddress(\"vertex_range\", {\n name: \"address-name\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 24,\n network: vertexNetwork.id,\n});\nconst vertexVpcConnection = new gcp.servicenetworking.Connection(\"vertex_vpc_connection\", {\n network: vertexNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [vertexRange.name],\n});\nconst bqDataset = new gcp.bigquery.Dataset(\"bq_dataset\", {\n datasetId: \"some_dataset\",\n friendlyName: \"logging dataset\",\n description: \"This is a dataset that requests are logged to\",\n location: \"US\",\n deleteContentsOnDestroy: true,\n});\nconst project = gcp.organizations.getProject({});\nconst endpoint = new gcp.vertex.AiEndpoint(\"endpoint\", {\n name: \"endpoint-name\",\n displayName: \"sample-endpoint\",\n description: \"A sample vertex endpoint\",\n location: \"us-central1\",\n region: \"us-central1\",\n labels: {\n \"label-one\": \"value-one\",\n },\n network: pulumi.all([project, vertexNetwork.name]).apply(([project, name]) =\u003e `projects/${project.number}/global/networks/${name}`),\n encryptionSpec: {\n kmsKeyName: \"kms-name\",\n },\n predictRequestResponseLoggingConfig: {\n bigqueryDestination: {\n outputUri: pulumi.all([project, bqDataset.datasetId]).apply(([project, datasetId]) =\u003e `bq://${project.projectId}.${datasetId}.request_response_logging`),\n },\n enabled: true,\n samplingRate: 0.1,\n },\n trafficSplit: JSON.stringify({\n \"12345\": 100,\n }),\n}, {\n dependsOn: [vertexVpcConnection],\n});\nconst cryptoKey = new gcp.kms.CryptoKeyIAMMember(\"crypto_key\", {\n cryptoKeyId: \"kms-name\",\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-aiplatform.iam.gserviceaccount.com`),\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_gcp as gcp\n\nvertex_network = gcp.compute.Network(\"vertex_network\", name=\"network-name\")\nvertex_range = gcp.compute.GlobalAddress(\"vertex_range\",\n name=\"address-name\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=24,\n network=vertex_network.id)\nvertex_vpc_connection = gcp.servicenetworking.Connection(\"vertex_vpc_connection\",\n network=vertex_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[vertex_range.name])\nbq_dataset = gcp.bigquery.Dataset(\"bq_dataset\",\n dataset_id=\"some_dataset\",\n friendly_name=\"logging dataset\",\n description=\"This is a dataset that requests are logged to\",\n location=\"US\",\n delete_contents_on_destroy=True)\nproject = gcp.organizations.get_project()\nendpoint = gcp.vertex.AiEndpoint(\"endpoint\",\n name=\"endpoint-name\",\n display_name=\"sample-endpoint\",\n description=\"A sample vertex endpoint\",\n location=\"us-central1\",\n region=\"us-central1\",\n labels={\n \"label-one\": \"value-one\",\n },\n network=vertex_network.name.apply(lambda name: f\"projects/{project.number}/global/networks/{name}\"),\n encryption_spec={\n \"kms_key_name\": \"kms-name\",\n },\n predict_request_response_logging_config={\n \"bigquery_destination\": {\n \"output_uri\": bq_dataset.dataset_id.apply(lambda dataset_id: f\"bq://{project.project_id}.{dataset_id}.request_response_logging\"),\n },\n \"enabled\": True,\n \"sampling_rate\": 0.1,\n },\n traffic_split=json.dumps({\n \"12345\": 100,\n }),\n opts = pulumi.ResourceOptions(depends_on=[vertex_vpc_connection]))\ncrypto_key = gcp.kms.CryptoKeyIAMMember(\"crypto_key\",\n crypto_key_id=\"kms-name\",\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-aiplatform.iam.gserviceaccount.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var vertexNetwork = new Gcp.Compute.Network(\"vertex_network\", new()\n {\n Name = \"network-name\",\n });\n\n var vertexRange = new Gcp.Compute.GlobalAddress(\"vertex_range\", new()\n {\n Name = \"address-name\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 24,\n Network = vertexNetwork.Id,\n });\n\n var vertexVpcConnection = new Gcp.ServiceNetworking.Connection(\"vertex_vpc_connection\", new()\n {\n Network = vertexNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n vertexRange.Name,\n },\n });\n\n var bqDataset = new Gcp.BigQuery.Dataset(\"bq_dataset\", new()\n {\n DatasetId = \"some_dataset\",\n FriendlyName = \"logging dataset\",\n Description = \"This is a dataset that requests are logged to\",\n Location = \"US\",\n DeleteContentsOnDestroy = true,\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var endpoint = new Gcp.Vertex.AiEndpoint(\"endpoint\", new()\n {\n Name = \"endpoint-name\",\n DisplayName = \"sample-endpoint\",\n Description = \"A sample vertex endpoint\",\n Location = \"us-central1\",\n Region = \"us-central1\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n Network = Output.Tuple(project, vertexNetwork.Name).Apply(values =\u003e\n {\n var project = values.Item1;\n var name = values.Item2;\n return $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/global/networks/{name}\";\n }),\n EncryptionSpec = new Gcp.Vertex.Inputs.AiEndpointEncryptionSpecArgs\n {\n KmsKeyName = \"kms-name\",\n },\n PredictRequestResponseLoggingConfig = new Gcp.Vertex.Inputs.AiEndpointPredictRequestResponseLoggingConfigArgs\n {\n BigqueryDestination = new Gcp.Vertex.Inputs.AiEndpointPredictRequestResponseLoggingConfigBigqueryDestinationArgs\n {\n OutputUri = Output.Tuple(project, bqDataset.DatasetId).Apply(values =\u003e\n {\n var project = values.Item1;\n var datasetId = values.Item2;\n return $\"bq://{project.Apply(getProjectResult =\u003e getProjectResult.ProjectId)}.{datasetId}.request_response_logging\";\n }),\n },\n Enabled = true,\n SamplingRate = 0.1,\n },\n TrafficSplit = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"12345\"] = 100,\n }),\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n vertexVpcConnection,\n },\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key\", new()\n {\n CryptoKeyId = \"kms-name\",\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-aiplatform.iam.gserviceaccount.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vertex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tvertexNetwork, err := compute.NewNetwork(ctx, \"vertex_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"network-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvertexRange, err := compute.NewGlobalAddress(ctx, \"vertex_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"address-name\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(24),\n\t\t\tNetwork: vertexNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvertexVpcConnection, err := servicenetworking.NewConnection(ctx, \"vertex_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: vertexNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tvertexRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbqDataset, err := bigquery.NewDataset(ctx, \"bq_dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"some_dataset\"),\n\t\t\tFriendlyName: pulumi.String(\"logging dataset\"),\n\t\t\tDescription: pulumi.String(\"This is a dataset that requests are logged to\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tDeleteContentsOnDestroy: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"12345\": 100,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = vertex.NewAiEndpoint(ctx, \"endpoint\", \u0026vertex.AiEndpointArgs{\n\t\t\tName: pulumi.String(\"endpoint-name\"),\n\t\t\tDisplayName: pulumi.String(\"sample-endpoint\"),\n\t\t\tDescription: pulumi.String(\"A sample vertex endpoint\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tNetwork: vertexNetwork.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/%v/global/networks/%v\", project.Number, name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tEncryptionSpec: \u0026vertex.AiEndpointEncryptionSpecArgs{\n\t\t\t\tKmsKeyName: pulumi.String(\"kms-name\"),\n\t\t\t},\n\t\t\tPredictRequestResponseLoggingConfig: \u0026vertex.AiEndpointPredictRequestResponseLoggingConfigArgs{\n\t\t\t\tBigqueryDestination: \u0026vertex.AiEndpointPredictRequestResponseLoggingConfigBigqueryDestinationArgs{\n\t\t\t\t\tOutputUri: bqDataset.DatasetId.ApplyT(func(datasetId string) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"bq://%v.%v.request_response_logging\", project.ProjectId, datasetId), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t},\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tSamplingRate: pulumi.Float64(0.1),\n\t\t\t},\n\t\t\tTrafficSplit: pulumi.String(json0),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvertexVpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewCryptoKeyIAMMember(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.String(\"kms-name\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-aiplatform.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.vertex.AiEndpoint;\nimport com.pulumi.gcp.vertex.AiEndpointArgs;\nimport com.pulumi.gcp.vertex.inputs.AiEndpointEncryptionSpecArgs;\nimport com.pulumi.gcp.vertex.inputs.AiEndpointPredictRequestResponseLoggingConfigArgs;\nimport com.pulumi.gcp.vertex.inputs.AiEndpointPredictRequestResponseLoggingConfigBigqueryDestinationArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var vertexNetwork = new Network(\"vertexNetwork\", NetworkArgs.builder()\n .name(\"network-name\")\n .build());\n\n var vertexRange = new GlobalAddress(\"vertexRange\", GlobalAddressArgs.builder()\n .name(\"address-name\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(24)\n .network(vertexNetwork.id())\n .build());\n\n var vertexVpcConnection = new Connection(\"vertexVpcConnection\", ConnectionArgs.builder()\n .network(vertexNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(vertexRange.name())\n .build());\n\n var bqDataset = new Dataset(\"bqDataset\", DatasetArgs.builder()\n .datasetId(\"some_dataset\")\n .friendlyName(\"logging dataset\")\n .description(\"This is a dataset that requests are logged to\")\n .location(\"US\")\n .deleteContentsOnDestroy(true)\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var endpoint = new AiEndpoint(\"endpoint\", AiEndpointArgs.builder()\n .name(\"endpoint-name\")\n .displayName(\"sample-endpoint\")\n .description(\"A sample vertex endpoint\")\n .location(\"us-central1\")\n .region(\"us-central1\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .network(vertexNetwork.name().applyValue(name -\u003e String.format(\"projects/%s/global/networks/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number()),name)))\n .encryptionSpec(AiEndpointEncryptionSpecArgs.builder()\n .kmsKeyName(\"kms-name\")\n .build())\n .predictRequestResponseLoggingConfig(AiEndpointPredictRequestResponseLoggingConfigArgs.builder()\n .bigqueryDestination(AiEndpointPredictRequestResponseLoggingConfigBigqueryDestinationArgs.builder()\n .outputUri(bqDataset.datasetId().applyValue(datasetId -\u003e String.format(\"bq://%s.%s.request_response_logging\", project.applyValue(getProjectResult -\u003e getProjectResult.projectId()),datasetId)))\n .build())\n .enabled(true)\n .samplingRate(0.1)\n .build())\n .trafficSplit(serializeJson(\n jsonObject(\n jsonProperty(\"12345\", 100)\n )))\n .build(), CustomResourceOptions.builder()\n .dependsOn(vertexVpcConnection)\n .build());\n\n var cryptoKey = new CryptoKeyIAMMember(\"cryptoKey\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(\"kms-name\")\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-aiplatform.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n endpoint:\n type: gcp:vertex:AiEndpoint\n properties:\n name: endpoint-name\n displayName: sample-endpoint\n description: A sample vertex endpoint\n location: us-central1\n region: us-central1\n labels:\n label-one: value-one\n network: projects/${project.number}/global/networks/${vertexNetwork.name}\n encryptionSpec:\n kmsKeyName: kms-name\n predictRequestResponseLoggingConfig:\n bigqueryDestination:\n outputUri: bq://${project.projectId}.${bqDataset.datasetId}.request_response_logging\n enabled: true\n samplingRate: 0.1\n trafficSplit:\n fn::toJSON:\n '12345': 100\n options:\n dependson:\n - ${vertexVpcConnection}\n vertexVpcConnection:\n type: gcp:servicenetworking:Connection\n name: vertex_vpc_connection\n properties:\n network: ${vertexNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${vertexRange.name}\n vertexRange:\n type: gcp:compute:GlobalAddress\n name: vertex_range\n properties:\n name: address-name\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 24\n network: ${vertexNetwork.id}\n vertexNetwork:\n type: gcp:compute:Network\n name: vertex_network\n properties:\n name: network-name\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key\n properties:\n cryptoKeyId: kms-name\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:service-${project.number}@gcp-sa-aiplatform.iam.gserviceaccount.com\n bqDataset:\n type: gcp:bigquery:Dataset\n name: bq_dataset\n properties:\n datasetId: some_dataset\n friendlyName: logging dataset\n description: This is a dataset that requests are logged to\n location: US\n deleteContentsOnDestroy: true\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Vertex Ai Endpoint Private Service Connect\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst endpoint = new gcp.vertex.AiEndpoint(\"endpoint\", {\n name: \"endpoint-name_69391\",\n displayName: \"sample-endpoint\",\n description: \"A sample vertex endpoint\",\n location: \"us-central1\",\n region: \"us-central1\",\n labels: {\n \"label-one\": \"value-one\",\n },\n privateServiceConnectConfig: {\n enablePrivateServiceConnect: true,\n projectAllowlists: [project.then(project =\u003e project.projectId)],\n enableSecurePrivateServiceConnect: false,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nendpoint = gcp.vertex.AiEndpoint(\"endpoint\",\n name=\"endpoint-name_69391\",\n display_name=\"sample-endpoint\",\n description=\"A sample vertex endpoint\",\n location=\"us-central1\",\n region=\"us-central1\",\n labels={\n \"label-one\": \"value-one\",\n },\n private_service_connect_config={\n \"enable_private_service_connect\": True,\n \"project_allowlists\": [project.project_id],\n \"enable_secure_private_service_connect\": False,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var endpoint = new Gcp.Vertex.AiEndpoint(\"endpoint\", new()\n {\n Name = \"endpoint-name_69391\",\n DisplayName = \"sample-endpoint\",\n Description = \"A sample vertex endpoint\",\n Location = \"us-central1\",\n Region = \"us-central1\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n PrivateServiceConnectConfig = new Gcp.Vertex.Inputs.AiEndpointPrivateServiceConnectConfigArgs\n {\n EnablePrivateServiceConnect = true,\n ProjectAllowlists = new[]\n {\n project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n },\n EnableSecurePrivateServiceConnect = false,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vertex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vertex.NewAiEndpoint(ctx, \"endpoint\", \u0026vertex.AiEndpointArgs{\n\t\t\tName: pulumi.String(\"endpoint-name_69391\"),\n\t\t\tDisplayName: pulumi.String(\"sample-endpoint\"),\n\t\t\tDescription: pulumi.String(\"A sample vertex endpoint\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tPrivateServiceConnectConfig: \u0026vertex.AiEndpointPrivateServiceConnectConfigArgs{\n\t\t\t\tEnablePrivateServiceConnect: pulumi.Bool(true),\n\t\t\t\tProjectAllowlists: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(project.ProjectId),\n\t\t\t\t},\n\t\t\t\tEnableSecurePrivateServiceConnect: pulumi.Bool(false),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.vertex.AiEndpoint;\nimport com.pulumi.gcp.vertex.AiEndpointArgs;\nimport com.pulumi.gcp.vertex.inputs.AiEndpointPrivateServiceConnectConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var endpoint = new AiEndpoint(\"endpoint\", AiEndpointArgs.builder()\n .name(\"endpoint-name_69391\")\n .displayName(\"sample-endpoint\")\n .description(\"A sample vertex endpoint\")\n .location(\"us-central1\")\n .region(\"us-central1\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .privateServiceConnectConfig(AiEndpointPrivateServiceConnectConfigArgs.builder()\n .enablePrivateServiceConnect(true)\n .projectAllowlists(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .enableSecurePrivateServiceConnect(false)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n endpoint:\n type: gcp:vertex:AiEndpoint\n properties:\n name: endpoint-name_69391\n displayName: sample-endpoint\n description: A sample vertex endpoint\n location: us-central1\n region: us-central1\n labels:\n label-one: value-one\n privateServiceConnectConfig:\n enablePrivateServiceConnect: true\n projectAllowlists:\n - ${project.projectId}\n enableSecurePrivateServiceConnect: false\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Vertex Ai Endpoint Dedicated Endpoint\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst endpoint = new gcp.vertex.AiEndpoint(\"endpoint\", {\n name: \"endpoint-name_8270\",\n displayName: \"sample-endpoint\",\n description: \"A sample vertex endpoint\",\n location: \"us-central1\",\n region: \"us-central1\",\n labels: {\n \"label-one\": \"value-one\",\n },\n dedicatedEndpointEnabled: true,\n});\nconst project = gcp.organizations.getProject({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nendpoint = gcp.vertex.AiEndpoint(\"endpoint\",\n name=\"endpoint-name_8270\",\n display_name=\"sample-endpoint\",\n description=\"A sample vertex endpoint\",\n location=\"us-central1\",\n region=\"us-central1\",\n labels={\n \"label-one\": \"value-one\",\n },\n dedicated_endpoint_enabled=True)\nproject = gcp.organizations.get_project()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var endpoint = new Gcp.Vertex.AiEndpoint(\"endpoint\", new()\n {\n Name = \"endpoint-name_8270\",\n DisplayName = \"sample-endpoint\",\n Description = \"A sample vertex endpoint\",\n Location = \"us-central1\",\n Region = \"us-central1\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n DedicatedEndpointEnabled = true,\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vertex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vertex.NewAiEndpoint(ctx, \"endpoint\", \u0026vertex.AiEndpointArgs{\n\t\t\tName: pulumi.String(\"endpoint-name_8270\"),\n\t\t\tDisplayName: pulumi.String(\"sample-endpoint\"),\n\t\t\tDescription: pulumi.String(\"A sample vertex endpoint\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tDedicatedEndpointEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vertex.AiEndpoint;\nimport com.pulumi.gcp.vertex.AiEndpointArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var endpoint = new AiEndpoint(\"endpoint\", AiEndpointArgs.builder()\n .name(\"endpoint-name_8270\")\n .displayName(\"sample-endpoint\")\n .description(\"A sample vertex endpoint\")\n .location(\"us-central1\")\n .region(\"us-central1\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .dedicatedEndpointEnabled(true)\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n }\n}\n```\n```yaml\nresources:\n endpoint:\n type: gcp:vertex:AiEndpoint\n properties:\n name: endpoint-name_8270\n displayName: sample-endpoint\n description: A sample vertex endpoint\n location: us-central1\n region: us-central1\n labels:\n label-one: value-one\n dedicatedEndpointEnabled: true\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nEndpoint can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/endpoints/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Endpoint can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:vertex/aiEndpoint:AiEndpoint default projects/{{project}}/locations/{{location}}/endpoints/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vertex/aiEndpoint:AiEndpoint default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vertex/aiEndpoint:AiEndpoint default {{location}}/{{name}}\n```\n\n", + "description": "Models are deployed into it, and afterwards Endpoint is called to obtain predictions and explanations.\n\n\nTo get more information about Endpoint, see:\n\n* [API documentation](https://cloud.google.com/vertex-ai/docs/reference/rest/v1beta1/projects.locations.endpoints)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/vertex-ai/docs)\n\n## Example Usage\n\n### Vertex Ai Endpoint Network\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst vertexNetwork = new gcp.compute.Network(\"vertex_network\", {name: \"network-name\"});\nconst vertexRange = new gcp.compute.GlobalAddress(\"vertex_range\", {\n name: \"address-name\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 24,\n network: vertexNetwork.id,\n});\nconst vertexVpcConnection = new gcp.servicenetworking.Connection(\"vertex_vpc_connection\", {\n network: vertexNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [vertexRange.name],\n});\nconst bqDataset = new gcp.bigquery.Dataset(\"bq_dataset\", {\n datasetId: \"some_dataset\",\n friendlyName: \"logging dataset\",\n description: \"This is a dataset that requests are logged to\",\n location: \"US\",\n deleteContentsOnDestroy: true,\n});\nconst project = gcp.organizations.getProject({});\nconst endpoint = new gcp.vertex.AiEndpoint(\"endpoint\", {\n name: \"endpoint-name\",\n displayName: \"sample-endpoint\",\n description: \"A sample vertex endpoint\",\n location: \"us-central1\",\n region: \"us-central1\",\n labels: {\n \"label-one\": \"value-one\",\n },\n network: pulumi.all([project, vertexNetwork.name]).apply(([project, name]) =\u003e `projects/${project.number}/global/networks/${name}`),\n encryptionSpec: {\n kmsKeyName: \"kms-name\",\n },\n predictRequestResponseLoggingConfig: {\n bigqueryDestination: {\n outputUri: pulumi.all([project, bqDataset.datasetId]).apply(([project, datasetId]) =\u003e `bq://${project.projectId}.${datasetId}.request_response_logging`),\n },\n enabled: true,\n samplingRate: 0.1,\n },\n trafficSplit: JSON.stringify({\n \"12345\": 100,\n }),\n}, {\n dependsOn: [vertexVpcConnection],\n});\nconst cryptoKey = new gcp.kms.CryptoKeyIAMMember(\"crypto_key\", {\n cryptoKeyId: \"kms-name\",\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-aiplatform.iam.gserviceaccount.com`),\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_gcp as gcp\n\nvertex_network = gcp.compute.Network(\"vertex_network\", name=\"network-name\")\nvertex_range = gcp.compute.GlobalAddress(\"vertex_range\",\n name=\"address-name\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=24,\n network=vertex_network.id)\nvertex_vpc_connection = gcp.servicenetworking.Connection(\"vertex_vpc_connection\",\n network=vertex_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[vertex_range.name])\nbq_dataset = gcp.bigquery.Dataset(\"bq_dataset\",\n dataset_id=\"some_dataset\",\n friendly_name=\"logging dataset\",\n description=\"This is a dataset that requests are logged to\",\n location=\"US\",\n delete_contents_on_destroy=True)\nproject = gcp.organizations.get_project()\nendpoint = gcp.vertex.AiEndpoint(\"endpoint\",\n name=\"endpoint-name\",\n display_name=\"sample-endpoint\",\n description=\"A sample vertex endpoint\",\n location=\"us-central1\",\n region=\"us-central1\",\n labels={\n \"label-one\": \"value-one\",\n },\n network=vertex_network.name.apply(lambda name: f\"projects/{project.number}/global/networks/{name}\"),\n encryption_spec={\n \"kms_key_name\": \"kms-name\",\n },\n predict_request_response_logging_config={\n \"bigquery_destination\": {\n \"output_uri\": bq_dataset.dataset_id.apply(lambda dataset_id: f\"bq://{project.project_id}.{dataset_id}.request_response_logging\"),\n },\n \"enabled\": True,\n \"sampling_rate\": 0.1,\n },\n traffic_split=json.dumps({\n \"12345\": 100,\n }),\n opts = pulumi.ResourceOptions(depends_on=[vertex_vpc_connection]))\ncrypto_key = gcp.kms.CryptoKeyIAMMember(\"crypto_key\",\n crypto_key_id=\"kms-name\",\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-aiplatform.iam.gserviceaccount.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var vertexNetwork = new Gcp.Compute.Network(\"vertex_network\", new()\n {\n Name = \"network-name\",\n });\n\n var vertexRange = new Gcp.Compute.GlobalAddress(\"vertex_range\", new()\n {\n Name = \"address-name\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 24,\n Network = vertexNetwork.Id,\n });\n\n var vertexVpcConnection = new Gcp.ServiceNetworking.Connection(\"vertex_vpc_connection\", new()\n {\n Network = vertexNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n vertexRange.Name,\n },\n });\n\n var bqDataset = new Gcp.BigQuery.Dataset(\"bq_dataset\", new()\n {\n DatasetId = \"some_dataset\",\n FriendlyName = \"logging dataset\",\n Description = \"This is a dataset that requests are logged to\",\n Location = \"US\",\n DeleteContentsOnDestroy = true,\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var endpoint = new Gcp.Vertex.AiEndpoint(\"endpoint\", new()\n {\n Name = \"endpoint-name\",\n DisplayName = \"sample-endpoint\",\n Description = \"A sample vertex endpoint\",\n Location = \"us-central1\",\n Region = \"us-central1\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n Network = Output.Tuple(project, vertexNetwork.Name).Apply(values =\u003e\n {\n var project = values.Item1;\n var name = values.Item2;\n return $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/global/networks/{name}\";\n }),\n EncryptionSpec = new Gcp.Vertex.Inputs.AiEndpointEncryptionSpecArgs\n {\n KmsKeyName = \"kms-name\",\n },\n PredictRequestResponseLoggingConfig = new Gcp.Vertex.Inputs.AiEndpointPredictRequestResponseLoggingConfigArgs\n {\n BigqueryDestination = new Gcp.Vertex.Inputs.AiEndpointPredictRequestResponseLoggingConfigBigqueryDestinationArgs\n {\n OutputUri = Output.Tuple(project, bqDataset.DatasetId).Apply(values =\u003e\n {\n var project = values.Item1;\n var datasetId = values.Item2;\n return $\"bq://{project.Apply(getProjectResult =\u003e getProjectResult.ProjectId)}.{datasetId}.request_response_logging\";\n }),\n },\n Enabled = true,\n SamplingRate = 0.1,\n },\n TrafficSplit = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"12345\"] = 100,\n }),\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n vertexVpcConnection,\n },\n });\n\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key\", new()\n {\n CryptoKeyId = \"kms-name\",\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-aiplatform.iam.gserviceaccount.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vertex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tvertexNetwork, err := compute.NewNetwork(ctx, \"vertex_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"network-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvertexRange, err := compute.NewGlobalAddress(ctx, \"vertex_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"address-name\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(24),\n\t\t\tNetwork: vertexNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvertexVpcConnection, err := servicenetworking.NewConnection(ctx, \"vertex_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: vertexNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tvertexRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbqDataset, err := bigquery.NewDataset(ctx, \"bq_dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"some_dataset\"),\n\t\t\tFriendlyName: pulumi.String(\"logging dataset\"),\n\t\t\tDescription: pulumi.String(\"This is a dataset that requests are logged to\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tDeleteContentsOnDestroy: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"12345\": 100,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = vertex.NewAiEndpoint(ctx, \"endpoint\", \u0026vertex.AiEndpointArgs{\n\t\t\tName: pulumi.String(\"endpoint-name\"),\n\t\t\tDisplayName: pulumi.String(\"sample-endpoint\"),\n\t\t\tDescription: pulumi.String(\"A sample vertex endpoint\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tNetwork: vertexNetwork.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/%v/global/networks/%v\", project.Number, name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tEncryptionSpec: \u0026vertex.AiEndpointEncryptionSpecArgs{\n\t\t\t\tKmsKeyName: pulumi.String(\"kms-name\"),\n\t\t\t},\n\t\t\tPredictRequestResponseLoggingConfig: \u0026vertex.AiEndpointPredictRequestResponseLoggingConfigArgs{\n\t\t\t\tBigqueryDestination: \u0026vertex.AiEndpointPredictRequestResponseLoggingConfigBigqueryDestinationArgs{\n\t\t\t\t\tOutputUri: bqDataset.DatasetId.ApplyT(func(datasetId string) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"bq://%v.%v.request_response_logging\", project.ProjectId, datasetId), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t},\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tSamplingRate: pulumi.Float64(0.1),\n\t\t\t},\n\t\t\tTrafficSplit: pulumi.String(json0),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvertexVpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewCryptoKeyIAMMember(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.String(\"kms-name\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-aiplatform.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.vertex.AiEndpoint;\nimport com.pulumi.gcp.vertex.AiEndpointArgs;\nimport com.pulumi.gcp.vertex.inputs.AiEndpointEncryptionSpecArgs;\nimport com.pulumi.gcp.vertex.inputs.AiEndpointPredictRequestResponseLoggingConfigArgs;\nimport com.pulumi.gcp.vertex.inputs.AiEndpointPredictRequestResponseLoggingConfigBigqueryDestinationArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var vertexNetwork = new Network(\"vertexNetwork\", NetworkArgs.builder()\n .name(\"network-name\")\n .build());\n\n var vertexRange = new GlobalAddress(\"vertexRange\", GlobalAddressArgs.builder()\n .name(\"address-name\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(24)\n .network(vertexNetwork.id())\n .build());\n\n var vertexVpcConnection = new Connection(\"vertexVpcConnection\", ConnectionArgs.builder()\n .network(vertexNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(vertexRange.name())\n .build());\n\n var bqDataset = new Dataset(\"bqDataset\", DatasetArgs.builder()\n .datasetId(\"some_dataset\")\n .friendlyName(\"logging dataset\")\n .description(\"This is a dataset that requests are logged to\")\n .location(\"US\")\n .deleteContentsOnDestroy(true)\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var endpoint = new AiEndpoint(\"endpoint\", AiEndpointArgs.builder()\n .name(\"endpoint-name\")\n .displayName(\"sample-endpoint\")\n .description(\"A sample vertex endpoint\")\n .location(\"us-central1\")\n .region(\"us-central1\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .network(vertexNetwork.name().applyValue(name -\u003e String.format(\"projects/%s/global/networks/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number()),name)))\n .encryptionSpec(AiEndpointEncryptionSpecArgs.builder()\n .kmsKeyName(\"kms-name\")\n .build())\n .predictRequestResponseLoggingConfig(AiEndpointPredictRequestResponseLoggingConfigArgs.builder()\n .bigqueryDestination(AiEndpointPredictRequestResponseLoggingConfigBigqueryDestinationArgs.builder()\n .outputUri(bqDataset.datasetId().applyValue(datasetId -\u003e String.format(\"bq://%s.%s.request_response_logging\", project.applyValue(getProjectResult -\u003e getProjectResult.projectId()),datasetId)))\n .build())\n .enabled(true)\n .samplingRate(0.1)\n .build())\n .trafficSplit(serializeJson(\n jsonObject(\n jsonProperty(\"12345\", 100)\n )))\n .build(), CustomResourceOptions.builder()\n .dependsOn(vertexVpcConnection)\n .build());\n\n var cryptoKey = new CryptoKeyIAMMember(\"cryptoKey\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(\"kms-name\")\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-aiplatform.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n endpoint:\n type: gcp:vertex:AiEndpoint\n properties:\n name: endpoint-name\n displayName: sample-endpoint\n description: A sample vertex endpoint\n location: us-central1\n region: us-central1\n labels:\n label-one: value-one\n network: projects/${project.number}/global/networks/${vertexNetwork.name}\n encryptionSpec:\n kmsKeyName: kms-name\n predictRequestResponseLoggingConfig:\n bigqueryDestination:\n outputUri: bq://${project.projectId}.${bqDataset.datasetId}.request_response_logging\n enabled: true\n samplingRate: 0.1\n trafficSplit:\n fn::toJSON:\n '12345': 100\n options:\n dependsOn:\n - ${vertexVpcConnection}\n vertexVpcConnection:\n type: gcp:servicenetworking:Connection\n name: vertex_vpc_connection\n properties:\n network: ${vertexNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${vertexRange.name}\n vertexRange:\n type: gcp:compute:GlobalAddress\n name: vertex_range\n properties:\n name: address-name\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 24\n network: ${vertexNetwork.id}\n vertexNetwork:\n type: gcp:compute:Network\n name: vertex_network\n properties:\n name: network-name\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key\n properties:\n cryptoKeyId: kms-name\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:service-${project.number}@gcp-sa-aiplatform.iam.gserviceaccount.com\n bqDataset:\n type: gcp:bigquery:Dataset\n name: bq_dataset\n properties:\n datasetId: some_dataset\n friendlyName: logging dataset\n description: This is a dataset that requests are logged to\n location: US\n deleteContentsOnDestroy: true\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Vertex Ai Endpoint Private Service Connect\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst endpoint = new gcp.vertex.AiEndpoint(\"endpoint\", {\n name: \"endpoint-name_69391\",\n displayName: \"sample-endpoint\",\n description: \"A sample vertex endpoint\",\n location: \"us-central1\",\n region: \"us-central1\",\n labels: {\n \"label-one\": \"value-one\",\n },\n privateServiceConnectConfig: {\n enablePrivateServiceConnect: true,\n projectAllowlists: [project.then(project =\u003e project.projectId)],\n enableSecurePrivateServiceConnect: false,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nendpoint = gcp.vertex.AiEndpoint(\"endpoint\",\n name=\"endpoint-name_69391\",\n display_name=\"sample-endpoint\",\n description=\"A sample vertex endpoint\",\n location=\"us-central1\",\n region=\"us-central1\",\n labels={\n \"label-one\": \"value-one\",\n },\n private_service_connect_config={\n \"enable_private_service_connect\": True,\n \"project_allowlists\": [project.project_id],\n \"enable_secure_private_service_connect\": False,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var endpoint = new Gcp.Vertex.AiEndpoint(\"endpoint\", new()\n {\n Name = \"endpoint-name_69391\",\n DisplayName = \"sample-endpoint\",\n Description = \"A sample vertex endpoint\",\n Location = \"us-central1\",\n Region = \"us-central1\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n PrivateServiceConnectConfig = new Gcp.Vertex.Inputs.AiEndpointPrivateServiceConnectConfigArgs\n {\n EnablePrivateServiceConnect = true,\n ProjectAllowlists = new[]\n {\n project.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n },\n EnableSecurePrivateServiceConnect = false,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vertex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vertex.NewAiEndpoint(ctx, \"endpoint\", \u0026vertex.AiEndpointArgs{\n\t\t\tName: pulumi.String(\"endpoint-name_69391\"),\n\t\t\tDisplayName: pulumi.String(\"sample-endpoint\"),\n\t\t\tDescription: pulumi.String(\"A sample vertex endpoint\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tPrivateServiceConnectConfig: \u0026vertex.AiEndpointPrivateServiceConnectConfigArgs{\n\t\t\t\tEnablePrivateServiceConnect: pulumi.Bool(true),\n\t\t\t\tProjectAllowlists: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(project.ProjectId),\n\t\t\t\t},\n\t\t\t\tEnableSecurePrivateServiceConnect: pulumi.Bool(false),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.vertex.AiEndpoint;\nimport com.pulumi.gcp.vertex.AiEndpointArgs;\nimport com.pulumi.gcp.vertex.inputs.AiEndpointPrivateServiceConnectConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var endpoint = new AiEndpoint(\"endpoint\", AiEndpointArgs.builder()\n .name(\"endpoint-name_69391\")\n .displayName(\"sample-endpoint\")\n .description(\"A sample vertex endpoint\")\n .location(\"us-central1\")\n .region(\"us-central1\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .privateServiceConnectConfig(AiEndpointPrivateServiceConnectConfigArgs.builder()\n .enablePrivateServiceConnect(true)\n .projectAllowlists(project.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .enableSecurePrivateServiceConnect(false)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n endpoint:\n type: gcp:vertex:AiEndpoint\n properties:\n name: endpoint-name_69391\n displayName: sample-endpoint\n description: A sample vertex endpoint\n location: us-central1\n region: us-central1\n labels:\n label-one: value-one\n privateServiceConnectConfig:\n enablePrivateServiceConnect: true\n projectAllowlists:\n - ${project.projectId}\n enableSecurePrivateServiceConnect: false\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Vertex Ai Endpoint Dedicated Endpoint\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst endpoint = new gcp.vertex.AiEndpoint(\"endpoint\", {\n name: \"endpoint-name_8270\",\n displayName: \"sample-endpoint\",\n description: \"A sample vertex endpoint\",\n location: \"us-central1\",\n region: \"us-central1\",\n labels: {\n \"label-one\": \"value-one\",\n },\n dedicatedEndpointEnabled: true,\n});\nconst project = gcp.organizations.getProject({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nendpoint = gcp.vertex.AiEndpoint(\"endpoint\",\n name=\"endpoint-name_8270\",\n display_name=\"sample-endpoint\",\n description=\"A sample vertex endpoint\",\n location=\"us-central1\",\n region=\"us-central1\",\n labels={\n \"label-one\": \"value-one\",\n },\n dedicated_endpoint_enabled=True)\nproject = gcp.organizations.get_project()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var endpoint = new Gcp.Vertex.AiEndpoint(\"endpoint\", new()\n {\n Name = \"endpoint-name_8270\",\n DisplayName = \"sample-endpoint\",\n Description = \"A sample vertex endpoint\",\n Location = \"us-central1\",\n Region = \"us-central1\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n DedicatedEndpointEnabled = true,\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vertex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vertex.NewAiEndpoint(ctx, \"endpoint\", \u0026vertex.AiEndpointArgs{\n\t\t\tName: pulumi.String(\"endpoint-name_8270\"),\n\t\t\tDisplayName: pulumi.String(\"sample-endpoint\"),\n\t\t\tDescription: pulumi.String(\"A sample vertex endpoint\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tDedicatedEndpointEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vertex.AiEndpoint;\nimport com.pulumi.gcp.vertex.AiEndpointArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var endpoint = new AiEndpoint(\"endpoint\", AiEndpointArgs.builder()\n .name(\"endpoint-name_8270\")\n .displayName(\"sample-endpoint\")\n .description(\"A sample vertex endpoint\")\n .location(\"us-central1\")\n .region(\"us-central1\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .dedicatedEndpointEnabled(true)\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n }\n}\n```\n```yaml\nresources:\n endpoint:\n type: gcp:vertex:AiEndpoint\n properties:\n name: endpoint-name_8270\n displayName: sample-endpoint\n description: A sample vertex endpoint\n location: us-central1\n region: us-central1\n labels:\n label-one: value-one\n dedicatedEndpointEnabled: true\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nEndpoint can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/endpoints/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Endpoint can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:vertex/aiEndpoint:AiEndpoint default projects/{{project}}/locations/{{location}}/endpoints/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vertex/aiEndpoint:AiEndpoint default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vertex/aiEndpoint:AiEndpoint default {{location}}/{{name}}\n```\n\n", "properties": { "createTime": { "type": "string", @@ -272750,7 +272750,7 @@ } }, "gcp:vertex/aiFeatureOnlineStore:AiFeatureOnlineStore": { - "description": "Vertex AI Feature Online Store provides a centralized repository for serving ML features and embedding indexes at low latency. The Feature Online Store is a top-level container.\n\n\nTo get more information about FeatureOnlineStore, see:\n\n* [API documentation](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.featureOnlineStores)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/vertex-ai/docs)\n\n## Example Usage\n\n### Vertex Ai Feature Online Store\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst featureOnlineStore = new gcp.vertex.AiFeatureOnlineStore(\"feature_online_store\", {\n name: \"example_feature_online_store\",\n labels: {\n foo: \"bar\",\n },\n region: \"us-central1\",\n bigtable: {\n autoScaling: {\n minNodeCount: 1,\n maxNodeCount: 3,\n cpuUtilizationTarget: 50,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfeature_online_store = gcp.vertex.AiFeatureOnlineStore(\"feature_online_store\",\n name=\"example_feature_online_store\",\n labels={\n \"foo\": \"bar\",\n },\n region=\"us-central1\",\n bigtable={\n \"auto_scaling\": {\n \"min_node_count\": 1,\n \"max_node_count\": 3,\n \"cpu_utilization_target\": 50,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var featureOnlineStore = new Gcp.Vertex.AiFeatureOnlineStore(\"feature_online_store\", new()\n {\n Name = \"example_feature_online_store\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Region = \"us-central1\",\n Bigtable = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreBigtableArgs\n {\n AutoScaling = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreBigtableAutoScalingArgs\n {\n MinNodeCount = 1,\n MaxNodeCount = 3,\n CpuUtilizationTarget = 50,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vertex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vertex.NewAiFeatureOnlineStore(ctx, \"feature_online_store\", \u0026vertex.AiFeatureOnlineStoreArgs{\n\t\t\tName: pulumi.String(\"example_feature_online_store\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tBigtable: \u0026vertex.AiFeatureOnlineStoreBigtableArgs{\n\t\t\t\tAutoScaling: \u0026vertex.AiFeatureOnlineStoreBigtableAutoScalingArgs{\n\t\t\t\t\tMinNodeCount: pulumi.Int(1),\n\t\t\t\t\tMaxNodeCount: pulumi.Int(3),\n\t\t\t\t\tCpuUtilizationTarget: pulumi.Int(50),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStore;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStoreArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreBigtableArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreBigtableAutoScalingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var featureOnlineStore = new AiFeatureOnlineStore(\"featureOnlineStore\", AiFeatureOnlineStoreArgs.builder()\n .name(\"example_feature_online_store\")\n .labels(Map.of(\"foo\", \"bar\"))\n .region(\"us-central1\")\n .bigtable(AiFeatureOnlineStoreBigtableArgs.builder()\n .autoScaling(AiFeatureOnlineStoreBigtableAutoScalingArgs.builder()\n .minNodeCount(1)\n .maxNodeCount(3)\n .cpuUtilizationTarget(50)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n featureOnlineStore:\n type: gcp:vertex:AiFeatureOnlineStore\n name: feature_online_store\n properties:\n name: example_feature_online_store\n labels:\n foo: bar\n region: us-central1\n bigtable:\n autoScaling:\n minNodeCount: 1\n maxNodeCount: 3\n cpuUtilizationTarget: 50\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Vertex Ai Featureonlinestore With Optimized\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst featureonlinestore = new gcp.vertex.AiFeatureOnlineStore(\"featureonlinestore\", {\n name: \"example_feature_online_store_optimized\",\n labels: {\n foo: \"bar\",\n },\n region: \"us-central1\",\n optimized: {},\n dedicatedServingEndpoint: {\n privateServiceConnectConfig: {\n enablePrivateServiceConnect: true,\n projectAllowlists: [project.then(project =\u003e project.number)],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nfeatureonlinestore = gcp.vertex.AiFeatureOnlineStore(\"featureonlinestore\",\n name=\"example_feature_online_store_optimized\",\n labels={\n \"foo\": \"bar\",\n },\n region=\"us-central1\",\n optimized={},\n dedicated_serving_endpoint={\n \"private_service_connect_config\": {\n \"enable_private_service_connect\": True,\n \"project_allowlists\": [project.number],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var featureonlinestore = new Gcp.Vertex.AiFeatureOnlineStore(\"featureonlinestore\", new()\n {\n Name = \"example_feature_online_store_optimized\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Region = \"us-central1\",\n Optimized = null,\n DedicatedServingEndpoint = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreDedicatedServingEndpointArgs\n {\n PrivateServiceConnectConfig = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreDedicatedServingEndpointPrivateServiceConnectConfigArgs\n {\n EnablePrivateServiceConnect = true,\n ProjectAllowlists = new[]\n {\n project.Apply(getProjectResult =\u003e getProjectResult.Number),\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vertex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vertex.NewAiFeatureOnlineStore(ctx, \"featureonlinestore\", \u0026vertex.AiFeatureOnlineStoreArgs{\n\t\t\tName: pulumi.String(\"example_feature_online_store_optimized\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tOptimized: \u0026vertex.AiFeatureOnlineStoreOptimizedArgs{},\n\t\t\tDedicatedServingEndpoint: \u0026vertex.AiFeatureOnlineStoreDedicatedServingEndpointArgs{\n\t\t\t\tPrivateServiceConnectConfig: \u0026vertex.AiFeatureOnlineStoreDedicatedServingEndpointPrivateServiceConnectConfigArgs{\n\t\t\t\t\tEnablePrivateServiceConnect: pulumi.Bool(true),\n\t\t\t\t\tProjectAllowlists: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(project.Number),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStore;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStoreArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreOptimizedArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreDedicatedServingEndpointArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreDedicatedServingEndpointPrivateServiceConnectConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var featureonlinestore = new AiFeatureOnlineStore(\"featureonlinestore\", AiFeatureOnlineStoreArgs.builder()\n .name(\"example_feature_online_store_optimized\")\n .labels(Map.of(\"foo\", \"bar\"))\n .region(\"us-central1\")\n .optimized()\n .dedicatedServingEndpoint(AiFeatureOnlineStoreDedicatedServingEndpointArgs.builder()\n .privateServiceConnectConfig(AiFeatureOnlineStoreDedicatedServingEndpointPrivateServiceConnectConfigArgs.builder()\n .enablePrivateServiceConnect(true)\n .projectAllowlists(project.applyValue(getProjectResult -\u003e getProjectResult.number()))\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n featureonlinestore:\n type: gcp:vertex:AiFeatureOnlineStore\n properties:\n name: example_feature_online_store_optimized\n labels:\n foo: bar\n region: us-central1\n optimized: {}\n dedicatedServingEndpoint:\n privateServiceConnectConfig:\n enablePrivateServiceConnect: true\n projectAllowlists:\n - ${project.number}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Vertex Ai Featureonlinestore With Beta Fields Bigtable\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst featureonlinestore = new gcp.vertex.AiFeatureOnlineStore(\"featureonlinestore\", {\n name: \"example_feature_online_store_beta_bigtable\",\n labels: {\n foo: \"bar\",\n },\n region: \"us-central1\",\n bigtable: {\n autoScaling: {\n minNodeCount: 1,\n maxNodeCount: 2,\n cpuUtilizationTarget: 80,\n },\n },\n embeddingManagement: {\n enabled: true,\n },\n forceDestroy: true,\n});\nconst project = gcp.organizations.getProject({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfeatureonlinestore = gcp.vertex.AiFeatureOnlineStore(\"featureonlinestore\",\n name=\"example_feature_online_store_beta_bigtable\",\n labels={\n \"foo\": \"bar\",\n },\n region=\"us-central1\",\n bigtable={\n \"auto_scaling\": {\n \"min_node_count\": 1,\n \"max_node_count\": 2,\n \"cpu_utilization_target\": 80,\n },\n },\n embedding_management={\n \"enabled\": True,\n },\n force_destroy=True)\nproject = gcp.organizations.get_project()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var featureonlinestore = new Gcp.Vertex.AiFeatureOnlineStore(\"featureonlinestore\", new()\n {\n Name = \"example_feature_online_store_beta_bigtable\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Region = \"us-central1\",\n Bigtable = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreBigtableArgs\n {\n AutoScaling = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreBigtableAutoScalingArgs\n {\n MinNodeCount = 1,\n MaxNodeCount = 2,\n CpuUtilizationTarget = 80,\n },\n },\n EmbeddingManagement = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreEmbeddingManagementArgs\n {\n Enabled = true,\n },\n ForceDestroy = true,\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vertex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vertex.NewAiFeatureOnlineStore(ctx, \"featureonlinestore\", \u0026vertex.AiFeatureOnlineStoreArgs{\n\t\t\tName: pulumi.String(\"example_feature_online_store_beta_bigtable\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tBigtable: \u0026vertex.AiFeatureOnlineStoreBigtableArgs{\n\t\t\t\tAutoScaling: \u0026vertex.AiFeatureOnlineStoreBigtableAutoScalingArgs{\n\t\t\t\t\tMinNodeCount: pulumi.Int(1),\n\t\t\t\t\tMaxNodeCount: pulumi.Int(2),\n\t\t\t\t\tCpuUtilizationTarget: pulumi.Int(80),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEmbeddingManagement: \u0026vertex.AiFeatureOnlineStoreEmbeddingManagementArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStore;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStoreArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreBigtableArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreBigtableAutoScalingArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreEmbeddingManagementArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var featureonlinestore = new AiFeatureOnlineStore(\"featureonlinestore\", AiFeatureOnlineStoreArgs.builder()\n .name(\"example_feature_online_store_beta_bigtable\")\n .labels(Map.of(\"foo\", \"bar\"))\n .region(\"us-central1\")\n .bigtable(AiFeatureOnlineStoreBigtableArgs.builder()\n .autoScaling(AiFeatureOnlineStoreBigtableAutoScalingArgs.builder()\n .minNodeCount(1)\n .maxNodeCount(2)\n .cpuUtilizationTarget(80)\n .build())\n .build())\n .embeddingManagement(AiFeatureOnlineStoreEmbeddingManagementArgs.builder()\n .enabled(true)\n .build())\n .forceDestroy(true)\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n }\n}\n```\n```yaml\nresources:\n featureonlinestore:\n type: gcp:vertex:AiFeatureOnlineStore\n properties:\n name: example_feature_online_store_beta_bigtable\n labels:\n foo: bar\n region: us-central1\n bigtable:\n autoScaling:\n minNodeCount: 1\n maxNodeCount: 2\n cpuUtilizationTarget: 80\n embeddingManagement:\n enabled: true\n forceDestroy: true\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFeatureOnlineStore can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/featureOnlineStores/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, FeatureOnlineStore can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:vertex/aiFeatureOnlineStore:AiFeatureOnlineStore default projects/{{project}}/locations/{{region}}/featureOnlineStores/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vertex/aiFeatureOnlineStore:AiFeatureOnlineStore default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vertex/aiFeatureOnlineStore:AiFeatureOnlineStore default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vertex/aiFeatureOnlineStore:AiFeatureOnlineStore default {{name}}\n```\n\n", + "description": "Vertex AI Feature Online Store provides a centralized repository for serving ML features and embedding indexes at low latency. The Feature Online Store is a top-level container.\n\n\nTo get more information about FeatureOnlineStore, see:\n\n* [API documentation](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.featureOnlineStores)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/vertex-ai/docs)\n\n## Example Usage\n\n### Vertex Ai Feature Online Store\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst featureOnlineStore = new gcp.vertex.AiFeatureOnlineStore(\"feature_online_store\", {\n name: \"example_feature_online_store\",\n labels: {\n foo: \"bar\",\n },\n region: \"us-central1\",\n bigtable: {\n autoScaling: {\n minNodeCount: 1,\n maxNodeCount: 3,\n cpuUtilizationTarget: 50,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfeature_online_store = gcp.vertex.AiFeatureOnlineStore(\"feature_online_store\",\n name=\"example_feature_online_store\",\n labels={\n \"foo\": \"bar\",\n },\n region=\"us-central1\",\n bigtable={\n \"auto_scaling\": {\n \"min_node_count\": 1,\n \"max_node_count\": 3,\n \"cpu_utilization_target\": 50,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var featureOnlineStore = new Gcp.Vertex.AiFeatureOnlineStore(\"feature_online_store\", new()\n {\n Name = \"example_feature_online_store\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Region = \"us-central1\",\n Bigtable = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreBigtableArgs\n {\n AutoScaling = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreBigtableAutoScalingArgs\n {\n MinNodeCount = 1,\n MaxNodeCount = 3,\n CpuUtilizationTarget = 50,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vertex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vertex.NewAiFeatureOnlineStore(ctx, \"feature_online_store\", \u0026vertex.AiFeatureOnlineStoreArgs{\n\t\t\tName: pulumi.String(\"example_feature_online_store\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tBigtable: \u0026vertex.AiFeatureOnlineStoreBigtableArgs{\n\t\t\t\tAutoScaling: \u0026vertex.AiFeatureOnlineStoreBigtableAutoScalingArgs{\n\t\t\t\t\tMinNodeCount: pulumi.Int(1),\n\t\t\t\t\tMaxNodeCount: pulumi.Int(3),\n\t\t\t\t\tCpuUtilizationTarget: pulumi.Int(50),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStore;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStoreArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreBigtableArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreBigtableAutoScalingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var featureOnlineStore = new AiFeatureOnlineStore(\"featureOnlineStore\", AiFeatureOnlineStoreArgs.builder()\n .name(\"example_feature_online_store\")\n .labels(Map.of(\"foo\", \"bar\"))\n .region(\"us-central1\")\n .bigtable(AiFeatureOnlineStoreBigtableArgs.builder()\n .autoScaling(AiFeatureOnlineStoreBigtableAutoScalingArgs.builder()\n .minNodeCount(1)\n .maxNodeCount(3)\n .cpuUtilizationTarget(50)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n featureOnlineStore:\n type: gcp:vertex:AiFeatureOnlineStore\n name: feature_online_store\n properties:\n name: example_feature_online_store\n labels:\n foo: bar\n region: us-central1\n bigtable:\n autoScaling:\n minNodeCount: 1\n maxNodeCount: 3\n cpuUtilizationTarget: 50\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Vertex Ai Featureonlinestore With Optimized\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst featureonlinestore = new gcp.vertex.AiFeatureOnlineStore(\"featureonlinestore\", {\n name: \"example_feature_online_store_optimized\",\n labels: {\n foo: \"bar\",\n },\n region: \"us-central1\",\n optimized: {},\n dedicatedServingEndpoint: {\n privateServiceConnectConfig: {\n enablePrivateServiceConnect: true,\n projectAllowlists: [project.then(project =\u003e project.number)],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nfeatureonlinestore = gcp.vertex.AiFeatureOnlineStore(\"featureonlinestore\",\n name=\"example_feature_online_store_optimized\",\n labels={\n \"foo\": \"bar\",\n },\n region=\"us-central1\",\n optimized={},\n dedicated_serving_endpoint={\n \"private_service_connect_config\": {\n \"enable_private_service_connect\": True,\n \"project_allowlists\": [project.number],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var featureonlinestore = new Gcp.Vertex.AiFeatureOnlineStore(\"featureonlinestore\", new()\n {\n Name = \"example_feature_online_store_optimized\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Region = \"us-central1\",\n Optimized = null,\n DedicatedServingEndpoint = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreDedicatedServingEndpointArgs\n {\n PrivateServiceConnectConfig = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreDedicatedServingEndpointPrivateServiceConnectConfigArgs\n {\n EnablePrivateServiceConnect = true,\n ProjectAllowlists = new[]\n {\n project.Apply(getProjectResult =\u003e getProjectResult.Number),\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vertex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vertex.NewAiFeatureOnlineStore(ctx, \"featureonlinestore\", \u0026vertex.AiFeatureOnlineStoreArgs{\n\t\t\tName: pulumi.String(\"example_feature_online_store_optimized\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tOptimized: \u0026vertex.AiFeatureOnlineStoreOptimizedArgs{},\n\t\t\tDedicatedServingEndpoint: \u0026vertex.AiFeatureOnlineStoreDedicatedServingEndpointArgs{\n\t\t\t\tPrivateServiceConnectConfig: \u0026vertex.AiFeatureOnlineStoreDedicatedServingEndpointPrivateServiceConnectConfigArgs{\n\t\t\t\t\tEnablePrivateServiceConnect: pulumi.Bool(true),\n\t\t\t\t\tProjectAllowlists: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(project.Number),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStore;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStoreArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreOptimizedArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreDedicatedServingEndpointArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreDedicatedServingEndpointPrivateServiceConnectConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var featureonlinestore = new AiFeatureOnlineStore(\"featureonlinestore\", AiFeatureOnlineStoreArgs.builder()\n .name(\"example_feature_online_store_optimized\")\n .labels(Map.of(\"foo\", \"bar\"))\n .region(\"us-central1\")\n .optimized()\n .dedicatedServingEndpoint(AiFeatureOnlineStoreDedicatedServingEndpointArgs.builder()\n .privateServiceConnectConfig(AiFeatureOnlineStoreDedicatedServingEndpointPrivateServiceConnectConfigArgs.builder()\n .enablePrivateServiceConnect(true)\n .projectAllowlists(project.applyValue(getProjectResult -\u003e getProjectResult.number()))\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n featureonlinestore:\n type: gcp:vertex:AiFeatureOnlineStore\n properties:\n name: example_feature_online_store_optimized\n labels:\n foo: bar\n region: us-central1\n optimized: {}\n dedicatedServingEndpoint:\n privateServiceConnectConfig:\n enablePrivateServiceConnect: true\n projectAllowlists:\n - ${project.number}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Vertex Ai Featureonlinestore With Beta Fields Bigtable\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst featureonlinestore = new gcp.vertex.AiFeatureOnlineStore(\"featureonlinestore\", {\n name: \"example_feature_online_store_beta_bigtable\",\n labels: {\n foo: \"bar\",\n },\n region: \"us-central1\",\n bigtable: {\n autoScaling: {\n minNodeCount: 1,\n maxNodeCount: 2,\n cpuUtilizationTarget: 80,\n },\n },\n embeddingManagement: {\n enabled: true,\n },\n forceDestroy: true,\n});\nconst project = gcp.organizations.getProject({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfeatureonlinestore = gcp.vertex.AiFeatureOnlineStore(\"featureonlinestore\",\n name=\"example_feature_online_store_beta_bigtable\",\n labels={\n \"foo\": \"bar\",\n },\n region=\"us-central1\",\n bigtable={\n \"auto_scaling\": {\n \"min_node_count\": 1,\n \"max_node_count\": 2,\n \"cpu_utilization_target\": 80,\n },\n },\n embedding_management={\n \"enabled\": True,\n },\n force_destroy=True)\nproject = gcp.organizations.get_project()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var featureonlinestore = new Gcp.Vertex.AiFeatureOnlineStore(\"featureonlinestore\", new()\n {\n Name = \"example_feature_online_store_beta_bigtable\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Region = \"us-central1\",\n Bigtable = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreBigtableArgs\n {\n AutoScaling = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreBigtableAutoScalingArgs\n {\n MinNodeCount = 1,\n MaxNodeCount = 2,\n CpuUtilizationTarget = 80,\n },\n },\n EmbeddingManagement = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreEmbeddingManagementArgs\n {\n Enabled = true,\n },\n ForceDestroy = true,\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vertex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vertex.NewAiFeatureOnlineStore(ctx, \"featureonlinestore\", \u0026vertex.AiFeatureOnlineStoreArgs{\n\t\t\tName: pulumi.String(\"example_feature_online_store_beta_bigtable\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tBigtable: \u0026vertex.AiFeatureOnlineStoreBigtableArgs{\n\t\t\t\tAutoScaling: \u0026vertex.AiFeatureOnlineStoreBigtableAutoScalingArgs{\n\t\t\t\t\tMinNodeCount: pulumi.Int(1),\n\t\t\t\t\tMaxNodeCount: pulumi.Int(2),\n\t\t\t\t\tCpuUtilizationTarget: pulumi.Int(80),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEmbeddingManagement: \u0026vertex.AiFeatureOnlineStoreEmbeddingManagementArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStore;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStoreArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreBigtableArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreBigtableAutoScalingArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreEmbeddingManagementArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var featureonlinestore = new AiFeatureOnlineStore(\"featureonlinestore\", AiFeatureOnlineStoreArgs.builder()\n .name(\"example_feature_online_store_beta_bigtable\")\n .labels(Map.of(\"foo\", \"bar\"))\n .region(\"us-central1\")\n .bigtable(AiFeatureOnlineStoreBigtableArgs.builder()\n .autoScaling(AiFeatureOnlineStoreBigtableAutoScalingArgs.builder()\n .minNodeCount(1)\n .maxNodeCount(2)\n .cpuUtilizationTarget(80)\n .build())\n .build())\n .embeddingManagement(AiFeatureOnlineStoreEmbeddingManagementArgs.builder()\n .enabled(true)\n .build())\n .forceDestroy(true)\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n }\n}\n```\n```yaml\nresources:\n featureonlinestore:\n type: gcp:vertex:AiFeatureOnlineStore\n properties:\n name: example_feature_online_store_beta_bigtable\n labels:\n foo: bar\n region: us-central1\n bigtable:\n autoScaling:\n minNodeCount: 1\n maxNodeCount: 2\n cpuUtilizationTarget: 80\n embeddingManagement:\n enabled: true\n forceDestroy: true\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFeatureOnlineStore can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/featureOnlineStores/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, FeatureOnlineStore can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:vertex/aiFeatureOnlineStore:AiFeatureOnlineStore default projects/{{project}}/locations/{{region}}/featureOnlineStores/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vertex/aiFeatureOnlineStore:AiFeatureOnlineStore default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vertex/aiFeatureOnlineStore:AiFeatureOnlineStore default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vertex/aiFeatureOnlineStore:AiFeatureOnlineStore default {{name}}\n```\n\n", "properties": { "bigtable": { "$ref": "#/types/gcp:vertex/AiFeatureOnlineStoreBigtable:AiFeatureOnlineStoreBigtable", @@ -272966,7 +272966,7 @@ } }, "gcp:vertex/aiFeatureOnlineStoreFeatureview:AiFeatureOnlineStoreFeatureview": { - "description": "FeatureView is representation of values that the FeatureOnlineStore will serve based on its syncConfig.\n\n\nTo get more information about FeatureOnlineStoreFeatureview, see:\n\n* [API documentation](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.featureOnlineStores.featureViews)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/vertex-ai/docs)\n\n## Example Usage\n\n### Vertex Ai Featureonlinestore Featureview\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst featureonlinestore = new gcp.vertex.AiFeatureOnlineStore(\"featureonlinestore\", {\n name: \"example_feature_view\",\n labels: {\n foo: \"bar\",\n },\n region: \"us-central1\",\n bigtable: {\n autoScaling: {\n minNodeCount: 1,\n maxNodeCount: 2,\n cpuUtilizationTarget: 80,\n },\n },\n});\nconst tf_test_dataset = new gcp.bigquery.Dataset(\"tf-test-dataset\", {\n datasetId: \"example_feature_view\",\n friendlyName: \"test\",\n description: \"This is a test description\",\n location: \"US\",\n});\nconst tf_test_table = new gcp.bigquery.Table(\"tf-test-table\", {\n deletionProtection: false,\n datasetId: tf_test_dataset.datasetId,\n tableId: \"example_feature_view\",\n schema: ` [\n {\n \"name\": \"entity_id\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"Test default entity_id\"\n },\n {\n \"name\": \"test_entity_column\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"test secondary entity column\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"mode\": \"NULLABLE\",\n \"type\": \"TIMESTAMP\",\n \"description\": \"Default timestamp value\"\n }\n]\n`,\n});\nconst featureview = new gcp.vertex.AiFeatureOnlineStoreFeatureview(\"featureview\", {\n name: \"example_feature_view\",\n region: \"us-central1\",\n featureOnlineStore: featureonlinestore.name,\n syncConfig: {\n cron: \"0 0 * * *\",\n },\n bigQuerySource: {\n uri: pulumi.interpolate`bq://${tf_test_table.project}.${tf_test_table.datasetId}.${tf_test_table.tableId}`,\n entityIdColumns: [\"test_entity_column\"],\n },\n});\nconst project = gcp.organizations.getProject({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfeatureonlinestore = gcp.vertex.AiFeatureOnlineStore(\"featureonlinestore\",\n name=\"example_feature_view\",\n labels={\n \"foo\": \"bar\",\n },\n region=\"us-central1\",\n bigtable={\n \"auto_scaling\": {\n \"min_node_count\": 1,\n \"max_node_count\": 2,\n \"cpu_utilization_target\": 80,\n },\n })\ntf_test_dataset = gcp.bigquery.Dataset(\"tf-test-dataset\",\n dataset_id=\"example_feature_view\",\n friendly_name=\"test\",\n description=\"This is a test description\",\n location=\"US\")\ntf_test_table = gcp.bigquery.Table(\"tf-test-table\",\n deletion_protection=False,\n dataset_id=tf_test_dataset.dataset_id,\n table_id=\"example_feature_view\",\n schema=\"\"\" [\n {\n \"name\": \"entity_id\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"Test default entity_id\"\n },\n {\n \"name\": \"test_entity_column\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"test secondary entity column\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"mode\": \"NULLABLE\",\n \"type\": \"TIMESTAMP\",\n \"description\": \"Default timestamp value\"\n }\n]\n\"\"\")\nfeatureview = gcp.vertex.AiFeatureOnlineStoreFeatureview(\"featureview\",\n name=\"example_feature_view\",\n region=\"us-central1\",\n feature_online_store=featureonlinestore.name,\n sync_config={\n \"cron\": \"0 0 * * *\",\n },\n big_query_source={\n \"uri\": pulumi.Output.all(\n project=tf_test_table.project,\n dataset_id=tf_test_table.dataset_id,\n table_id=tf_test_table.table_id\n).apply(lambda resolved_outputs: f\"bq://{resolved_outputs['project']}.{resolved_outputs['dataset_id']}.{resolved_outputs['table_id']}\")\n,\n \"entity_id_columns\": [\"test_entity_column\"],\n })\nproject = gcp.organizations.get_project()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var featureonlinestore = new Gcp.Vertex.AiFeatureOnlineStore(\"featureonlinestore\", new()\n {\n Name = \"example_feature_view\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Region = \"us-central1\",\n Bigtable = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreBigtableArgs\n {\n AutoScaling = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreBigtableAutoScalingArgs\n {\n MinNodeCount = 1,\n MaxNodeCount = 2,\n CpuUtilizationTarget = 80,\n },\n },\n });\n\n var tf_test_dataset = new Gcp.BigQuery.Dataset(\"tf-test-dataset\", new()\n {\n DatasetId = \"example_feature_view\",\n FriendlyName = \"test\",\n Description = \"This is a test description\",\n Location = \"US\",\n });\n\n var tf_test_table = new Gcp.BigQuery.Table(\"tf-test-table\", new()\n {\n DeletionProtection = false,\n DatasetId = tf_test_dataset.DatasetId,\n TableId = \"example_feature_view\",\n Schema = @\" [\n {\n \"\"name\"\": \"\"entity_id\"\",\n \"\"mode\"\": \"\"NULLABLE\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"description\"\": \"\"Test default entity_id\"\"\n },\n {\n \"\"name\"\": \"\"test_entity_column\"\",\n \"\"mode\"\": \"\"NULLABLE\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"description\"\": \"\"test secondary entity column\"\"\n },\n {\n \"\"name\"\": \"\"feature_timestamp\"\",\n \"\"mode\"\": \"\"NULLABLE\"\",\n \"\"type\"\": \"\"TIMESTAMP\"\",\n \"\"description\"\": \"\"Default timestamp value\"\"\n }\n]\n\",\n });\n\n var featureview = new Gcp.Vertex.AiFeatureOnlineStoreFeatureview(\"featureview\", new()\n {\n Name = \"example_feature_view\",\n Region = \"us-central1\",\n FeatureOnlineStore = featureonlinestore.Name,\n SyncConfig = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreFeatureviewSyncConfigArgs\n {\n Cron = \"0 0 * * *\",\n },\n BigQuerySource = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreFeatureviewBigQuerySourceArgs\n {\n Uri = Output.Tuple(tf_test_table.Project, tf_test_table.DatasetId, tf_test_table.TableId).Apply(values =\u003e\n {\n var project = values.Item1;\n var datasetId = values.Item2;\n var tableId = values.Item3;\n return $\"bq://{project}.{datasetId}.{tableId}\";\n }),\n EntityIdColumns = new[]\n {\n \"test_entity_column\",\n },\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vertex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfeatureonlinestore, err := vertex.NewAiFeatureOnlineStore(ctx, \"featureonlinestore\", \u0026vertex.AiFeatureOnlineStoreArgs{\n\t\t\tName: pulumi.String(\"example_feature_view\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tBigtable: \u0026vertex.AiFeatureOnlineStoreBigtableArgs{\n\t\t\t\tAutoScaling: \u0026vertex.AiFeatureOnlineStoreBigtableAutoScalingArgs{\n\t\t\t\t\tMinNodeCount: pulumi.Int(1),\n\t\t\t\t\tMaxNodeCount: pulumi.Int(2),\n\t\t\t\t\tCpuUtilizationTarget: pulumi.Int(80),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDataset(ctx, \"tf-test-dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_feature_view\"),\n\t\t\tFriendlyName: pulumi.String(\"test\"),\n\t\t\tDescription: pulumi.String(\"This is a test description\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewTable(ctx, \"tf-test-table\", \u0026bigquery.TableArgs{\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tDatasetId: tf_test_dataset.DatasetId,\n\t\t\tTableId: pulumi.String(\"example_feature_view\"),\n\t\t\tSchema: pulumi.String(` [\n {\n \"name\": \"entity_id\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"Test default entity_id\"\n },\n {\n \"name\": \"test_entity_column\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"test secondary entity column\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"mode\": \"NULLABLE\",\n \"type\": \"TIMESTAMP\",\n \"description\": \"Default timestamp value\"\n }\n]\n`),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vertex.NewAiFeatureOnlineStoreFeatureview(ctx, \"featureview\", \u0026vertex.AiFeatureOnlineStoreFeatureviewArgs{\n\t\t\tName: pulumi.String(\"example_feature_view\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tFeatureOnlineStore: featureonlinestore.Name,\n\t\t\tSyncConfig: \u0026vertex.AiFeatureOnlineStoreFeatureviewSyncConfigArgs{\n\t\t\t\tCron: pulumi.String(\"0 0 * * *\"),\n\t\t\t},\n\t\t\tBigQuerySource: \u0026vertex.AiFeatureOnlineStoreFeatureviewBigQuerySourceArgs{\n\t\t\t\tUri: pulumi.All(tf_test_table.Project, tf_test_table.DatasetId, tf_test_table.TableId).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\tproject := _args[0].(string)\n\t\t\t\t\tdatasetId := _args[1].(string)\n\t\t\t\t\ttableId := _args[2].(string)\n\t\t\t\t\treturn fmt.Sprintf(\"bq://%v.%v.%v\", project, datasetId, tableId), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\tEntityIdColumns: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"test_entity_column\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStore;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStoreArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreBigtableArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreBigtableAutoScalingArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Table;\nimport com.pulumi.gcp.bigquery.TableArgs;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStoreFeatureview;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStoreFeatureviewArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreFeatureviewSyncConfigArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreFeatureviewBigQuerySourceArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var featureonlinestore = new AiFeatureOnlineStore(\"featureonlinestore\", AiFeatureOnlineStoreArgs.builder()\n .name(\"example_feature_view\")\n .labels(Map.of(\"foo\", \"bar\"))\n .region(\"us-central1\")\n .bigtable(AiFeatureOnlineStoreBigtableArgs.builder()\n .autoScaling(AiFeatureOnlineStoreBigtableAutoScalingArgs.builder()\n .minNodeCount(1)\n .maxNodeCount(2)\n .cpuUtilizationTarget(80)\n .build())\n .build())\n .build());\n\n var tf_test_dataset = new Dataset(\"tf-test-dataset\", DatasetArgs.builder()\n .datasetId(\"example_feature_view\")\n .friendlyName(\"test\")\n .description(\"This is a test description\")\n .location(\"US\")\n .build());\n\n var tf_test_table = new Table(\"tf-test-table\", TableArgs.builder()\n .deletionProtection(false)\n .datasetId(tf_test_dataset.datasetId())\n .tableId(\"example_feature_view\")\n .schema(\"\"\"\n [\n {\n \"name\": \"entity_id\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"Test default entity_id\"\n },\n {\n \"name\": \"test_entity_column\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"test secondary entity column\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"mode\": \"NULLABLE\",\n \"type\": \"TIMESTAMP\",\n \"description\": \"Default timestamp value\"\n }\n]\n \"\"\")\n .build());\n\n var featureview = new AiFeatureOnlineStoreFeatureview(\"featureview\", AiFeatureOnlineStoreFeatureviewArgs.builder()\n .name(\"example_feature_view\")\n .region(\"us-central1\")\n .featureOnlineStore(featureonlinestore.name())\n .syncConfig(AiFeatureOnlineStoreFeatureviewSyncConfigArgs.builder()\n .cron(\"0 0 * * *\")\n .build())\n .bigQuerySource(AiFeatureOnlineStoreFeatureviewBigQuerySourceArgs.builder()\n .uri(Output.tuple(tf_test_table.project(), tf_test_table.datasetId(), tf_test_table.tableId()).applyValue(values -\u003e {\n var project = values.t1;\n var datasetId = values.t2;\n var tableId = values.t3;\n return String.format(\"bq://%s.%s.%s\", project,datasetId,tableId);\n }))\n .entityIdColumns(\"test_entity_column\")\n .build())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n }\n}\n```\n```yaml\nresources:\n featureonlinestore:\n type: gcp:vertex:AiFeatureOnlineStore\n properties:\n name: example_feature_view\n labels:\n foo: bar\n region: us-central1\n bigtable:\n autoScaling:\n minNodeCount: 1\n maxNodeCount: 2\n cpuUtilizationTarget: 80\n tf-test-dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_feature_view\n friendlyName: test\n description: This is a test description\n location: US\n tf-test-table:\n type: gcp:bigquery:Table\n properties:\n deletionProtection: false\n datasetId: ${[\"tf-test-dataset\"].datasetId}\n tableId: example_feature_view\n schema: |2\n [\n {\n \"name\": \"entity_id\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"Test default entity_id\"\n },\n {\n \"name\": \"test_entity_column\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"test secondary entity column\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"mode\": \"NULLABLE\",\n \"type\": \"TIMESTAMP\",\n \"description\": \"Default timestamp value\"\n }\n ]\n featureview:\n type: gcp:vertex:AiFeatureOnlineStoreFeatureview\n properties:\n name: example_feature_view\n region: us-central1\n featureOnlineStore: ${featureonlinestore.name}\n syncConfig:\n cron: 0 0 * * *\n bigQuerySource:\n uri: bq://${[\"tf-test-table\"].project}.${[\"tf-test-table\"].datasetId}.${[\"tf-test-table\"].tableId}\n entityIdColumns:\n - test_entity_column\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Vertex Ai Featureonlinestore Featureview Feature Registry\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst featureonlinestore = new gcp.vertex.AiFeatureOnlineStore(\"featureonlinestore\", {\n name: \"example_feature_view_feature_registry\",\n labels: {\n foo: \"bar\",\n },\n region: \"us-central1\",\n bigtable: {\n autoScaling: {\n minNodeCount: 1,\n maxNodeCount: 2,\n cpuUtilizationTarget: 80,\n },\n },\n});\nconst sampleDataset = new gcp.bigquery.Dataset(\"sample_dataset\", {\n datasetId: \"example_feature_view_feature_registry\",\n friendlyName: \"test\",\n description: \"This is a test description\",\n location: \"US\",\n});\nconst sampleTable = new gcp.bigquery.Table(\"sample_table\", {\n deletionProtection: false,\n datasetId: sampleDataset.datasetId,\n tableId: \"example_feature_view_feature_registry\",\n schema: `[\n {\n \"name\": \"feature_id\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"example_feature_view_feature_registry\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"type\": \"TIMESTAMP\",\n \"mode\": \"NULLABLE\"\n }\n]\n`,\n});\nconst sampleFeatureGroup = new gcp.vertex.AiFeatureGroup(\"sample_feature_group\", {\n name: \"example_feature_view_feature_registry\",\n description: \"A sample feature group\",\n region: \"us-central1\",\n labels: {\n \"label-one\": \"value-one\",\n },\n bigQuery: {\n bigQuerySource: {\n inputUri: pulumi.interpolate`bq://${sampleTable.project}.${sampleTable.datasetId}.${sampleTable.tableId}`,\n },\n entityIdColumns: [\"feature_id\"],\n },\n});\nconst sampleFeature = new gcp.vertex.AiFeatureGroupFeature(\"sample_feature\", {\n name: \"example_feature_view_feature_registry\",\n region: \"us-central1\",\n featureGroup: sampleFeatureGroup.name,\n description: \"A sample feature\",\n labels: {\n \"label-one\": \"value-one\",\n },\n});\nconst featureviewFeatureregistry = new gcp.vertex.AiFeatureOnlineStoreFeatureview(\"featureview_featureregistry\", {\n name: \"example_feature_view_feature_registry\",\n region: \"us-central1\",\n featureOnlineStore: featureonlinestore.name,\n syncConfig: {\n cron: \"0 0 * * *\",\n },\n featureRegistrySource: {\n featureGroups: [{\n featureGroupId: sampleFeatureGroup.name,\n featureIds: [sampleFeature.name],\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfeatureonlinestore = gcp.vertex.AiFeatureOnlineStore(\"featureonlinestore\",\n name=\"example_feature_view_feature_registry\",\n labels={\n \"foo\": \"bar\",\n },\n region=\"us-central1\",\n bigtable={\n \"auto_scaling\": {\n \"min_node_count\": 1,\n \"max_node_count\": 2,\n \"cpu_utilization_target\": 80,\n },\n })\nsample_dataset = gcp.bigquery.Dataset(\"sample_dataset\",\n dataset_id=\"example_feature_view_feature_registry\",\n friendly_name=\"test\",\n description=\"This is a test description\",\n location=\"US\")\nsample_table = gcp.bigquery.Table(\"sample_table\",\n deletion_protection=False,\n dataset_id=sample_dataset.dataset_id,\n table_id=\"example_feature_view_feature_registry\",\n schema=\"\"\"[\n {\n \"name\": \"feature_id\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"example_feature_view_feature_registry\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"type\": \"TIMESTAMP\",\n \"mode\": \"NULLABLE\"\n }\n]\n\"\"\")\nsample_feature_group = gcp.vertex.AiFeatureGroup(\"sample_feature_group\",\n name=\"example_feature_view_feature_registry\",\n description=\"A sample feature group\",\n region=\"us-central1\",\n labels={\n \"label-one\": \"value-one\",\n },\n big_query={\n \"big_query_source\": {\n \"input_uri\": pulumi.Output.all(\n project=sample_table.project,\n dataset_id=sample_table.dataset_id,\n table_id=sample_table.table_id\n).apply(lambda resolved_outputs: f\"bq://{resolved_outputs['project']}.{resolved_outputs['dataset_id']}.{resolved_outputs['table_id']}\")\n,\n },\n \"entity_id_columns\": [\"feature_id\"],\n })\nsample_feature = gcp.vertex.AiFeatureGroupFeature(\"sample_feature\",\n name=\"example_feature_view_feature_registry\",\n region=\"us-central1\",\n feature_group=sample_feature_group.name,\n description=\"A sample feature\",\n labels={\n \"label-one\": \"value-one\",\n })\nfeatureview_featureregistry = gcp.vertex.AiFeatureOnlineStoreFeatureview(\"featureview_featureregistry\",\n name=\"example_feature_view_feature_registry\",\n region=\"us-central1\",\n feature_online_store=featureonlinestore.name,\n sync_config={\n \"cron\": \"0 0 * * *\",\n },\n feature_registry_source={\n \"feature_groups\": [{\n \"feature_group_id\": sample_feature_group.name,\n \"feature_ids\": [sample_feature.name],\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var featureonlinestore = new Gcp.Vertex.AiFeatureOnlineStore(\"featureonlinestore\", new()\n {\n Name = \"example_feature_view_feature_registry\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Region = \"us-central1\",\n Bigtable = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreBigtableArgs\n {\n AutoScaling = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreBigtableAutoScalingArgs\n {\n MinNodeCount = 1,\n MaxNodeCount = 2,\n CpuUtilizationTarget = 80,\n },\n },\n });\n\n var sampleDataset = new Gcp.BigQuery.Dataset(\"sample_dataset\", new()\n {\n DatasetId = \"example_feature_view_feature_registry\",\n FriendlyName = \"test\",\n Description = \"This is a test description\",\n Location = \"US\",\n });\n\n var sampleTable = new Gcp.BigQuery.Table(\"sample_table\", new()\n {\n DeletionProtection = false,\n DatasetId = sampleDataset.DatasetId,\n TableId = \"example_feature_view_feature_registry\",\n Schema = @\"[\n {\n \"\"name\"\": \"\"feature_id\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"mode\"\": \"\"NULLABLE\"\"\n },\n {\n \"\"name\"\": \"\"example_feature_view_feature_registry\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"mode\"\": \"\"NULLABLE\"\"\n },\n {\n \"\"name\"\": \"\"feature_timestamp\"\",\n \"\"type\"\": \"\"TIMESTAMP\"\",\n \"\"mode\"\": \"\"NULLABLE\"\"\n }\n]\n\",\n });\n\n var sampleFeatureGroup = new Gcp.Vertex.AiFeatureGroup(\"sample_feature_group\", new()\n {\n Name = \"example_feature_view_feature_registry\",\n Description = \"A sample feature group\",\n Region = \"us-central1\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n BigQuery = new Gcp.Vertex.Inputs.AiFeatureGroupBigQueryArgs\n {\n BigQuerySource = new Gcp.Vertex.Inputs.AiFeatureGroupBigQueryBigQuerySourceArgs\n {\n InputUri = Output.Tuple(sampleTable.Project, sampleTable.DatasetId, sampleTable.TableId).Apply(values =\u003e\n {\n var project = values.Item1;\n var datasetId = values.Item2;\n var tableId = values.Item3;\n return $\"bq://{project}.{datasetId}.{tableId}\";\n }),\n },\n EntityIdColumns = new[]\n {\n \"feature_id\",\n },\n },\n });\n\n var sampleFeature = new Gcp.Vertex.AiFeatureGroupFeature(\"sample_feature\", new()\n {\n Name = \"example_feature_view_feature_registry\",\n Region = \"us-central1\",\n FeatureGroup = sampleFeatureGroup.Name,\n Description = \"A sample feature\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n });\n\n var featureviewFeatureregistry = new Gcp.Vertex.AiFeatureOnlineStoreFeatureview(\"featureview_featureregistry\", new()\n {\n Name = \"example_feature_view_feature_registry\",\n Region = \"us-central1\",\n FeatureOnlineStore = featureonlinestore.Name,\n SyncConfig = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreFeatureviewSyncConfigArgs\n {\n Cron = \"0 0 * * *\",\n },\n FeatureRegistrySource = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreFeatureviewFeatureRegistrySourceArgs\n {\n FeatureGroups = new[]\n {\n new Gcp.Vertex.Inputs.AiFeatureOnlineStoreFeatureviewFeatureRegistrySourceFeatureGroupArgs\n {\n FeatureGroupId = sampleFeatureGroup.Name,\n FeatureIds = new[]\n {\n sampleFeature.Name,\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vertex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfeatureonlinestore, err := vertex.NewAiFeatureOnlineStore(ctx, \"featureonlinestore\", \u0026vertex.AiFeatureOnlineStoreArgs{\n\t\t\tName: pulumi.String(\"example_feature_view_feature_registry\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tBigtable: \u0026vertex.AiFeatureOnlineStoreBigtableArgs{\n\t\t\t\tAutoScaling: \u0026vertex.AiFeatureOnlineStoreBigtableAutoScalingArgs{\n\t\t\t\t\tMinNodeCount: pulumi.Int(1),\n\t\t\t\t\tMaxNodeCount: pulumi.Int(2),\n\t\t\t\t\tCpuUtilizationTarget: pulumi.Int(80),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsampleDataset, err := bigquery.NewDataset(ctx, \"sample_dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_feature_view_feature_registry\"),\n\t\t\tFriendlyName: pulumi.String(\"test\"),\n\t\t\tDescription: pulumi.String(\"This is a test description\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsampleTable, err := bigquery.NewTable(ctx, \"sample_table\", \u0026bigquery.TableArgs{\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tDatasetId: sampleDataset.DatasetId,\n\t\t\tTableId: pulumi.String(\"example_feature_view_feature_registry\"),\n\t\t\tSchema: pulumi.String(`[\n {\n \"name\": \"feature_id\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"example_feature_view_feature_registry\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"type\": \"TIMESTAMP\",\n \"mode\": \"NULLABLE\"\n }\n]\n`),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsampleFeatureGroup, err := vertex.NewAiFeatureGroup(ctx, \"sample_feature_group\", \u0026vertex.AiFeatureGroupArgs{\n\t\t\tName: pulumi.String(\"example_feature_view_feature_registry\"),\n\t\t\tDescription: pulumi.String(\"A sample feature group\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tBigQuery: \u0026vertex.AiFeatureGroupBigQueryArgs{\n\t\t\t\tBigQuerySource: \u0026vertex.AiFeatureGroupBigQueryBigQuerySourceArgs{\n\t\t\t\t\tInputUri: pulumi.All(sampleTable.Project, sampleTable.DatasetId, sampleTable.TableId).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\tproject := _args[0].(string)\n\t\t\t\t\t\tdatasetId := _args[1].(string)\n\t\t\t\t\t\ttableId := _args[2].(string)\n\t\t\t\t\t\treturn fmt.Sprintf(\"bq://%v.%v.%v\", project, datasetId, tableId), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t},\n\t\t\t\tEntityIdColumns: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"feature_id\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsampleFeature, err := vertex.NewAiFeatureGroupFeature(ctx, \"sample_feature\", \u0026vertex.AiFeatureGroupFeatureArgs{\n\t\t\tName: pulumi.String(\"example_feature_view_feature_registry\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tFeatureGroup: sampleFeatureGroup.Name,\n\t\t\tDescription: pulumi.String(\"A sample feature\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vertex.NewAiFeatureOnlineStoreFeatureview(ctx, \"featureview_featureregistry\", \u0026vertex.AiFeatureOnlineStoreFeatureviewArgs{\n\t\t\tName: pulumi.String(\"example_feature_view_feature_registry\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tFeatureOnlineStore: featureonlinestore.Name,\n\t\t\tSyncConfig: \u0026vertex.AiFeatureOnlineStoreFeatureviewSyncConfigArgs{\n\t\t\t\tCron: pulumi.String(\"0 0 * * *\"),\n\t\t\t},\n\t\t\tFeatureRegistrySource: \u0026vertex.AiFeatureOnlineStoreFeatureviewFeatureRegistrySourceArgs{\n\t\t\t\tFeatureGroups: vertex.AiFeatureOnlineStoreFeatureviewFeatureRegistrySourceFeatureGroupArray{\n\t\t\t\t\t\u0026vertex.AiFeatureOnlineStoreFeatureviewFeatureRegistrySourceFeatureGroupArgs{\n\t\t\t\t\t\tFeatureGroupId: sampleFeatureGroup.Name,\n\t\t\t\t\t\tFeatureIds: pulumi.StringArray{\n\t\t\t\t\t\t\tsampleFeature.Name,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStore;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStoreArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreBigtableArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreBigtableAutoScalingArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Table;\nimport com.pulumi.gcp.bigquery.TableArgs;\nimport com.pulumi.gcp.vertex.AiFeatureGroup;\nimport com.pulumi.gcp.vertex.AiFeatureGroupArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureGroupBigQueryArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureGroupBigQueryBigQuerySourceArgs;\nimport com.pulumi.gcp.vertex.AiFeatureGroupFeature;\nimport com.pulumi.gcp.vertex.AiFeatureGroupFeatureArgs;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStoreFeatureview;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStoreFeatureviewArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreFeatureviewSyncConfigArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreFeatureviewFeatureRegistrySourceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var featureonlinestore = new AiFeatureOnlineStore(\"featureonlinestore\", AiFeatureOnlineStoreArgs.builder()\n .name(\"example_feature_view_feature_registry\")\n .labels(Map.of(\"foo\", \"bar\"))\n .region(\"us-central1\")\n .bigtable(AiFeatureOnlineStoreBigtableArgs.builder()\n .autoScaling(AiFeatureOnlineStoreBigtableAutoScalingArgs.builder()\n .minNodeCount(1)\n .maxNodeCount(2)\n .cpuUtilizationTarget(80)\n .build())\n .build())\n .build());\n\n var sampleDataset = new Dataset(\"sampleDataset\", DatasetArgs.builder()\n .datasetId(\"example_feature_view_feature_registry\")\n .friendlyName(\"test\")\n .description(\"This is a test description\")\n .location(\"US\")\n .build());\n\n var sampleTable = new Table(\"sampleTable\", TableArgs.builder()\n .deletionProtection(false)\n .datasetId(sampleDataset.datasetId())\n .tableId(\"example_feature_view_feature_registry\")\n .schema(\"\"\"\n[\n {\n \"name\": \"feature_id\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"example_feature_view_feature_registry\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"type\": \"TIMESTAMP\",\n \"mode\": \"NULLABLE\"\n }\n]\n \"\"\")\n .build());\n\n var sampleFeatureGroup = new AiFeatureGroup(\"sampleFeatureGroup\", AiFeatureGroupArgs.builder()\n .name(\"example_feature_view_feature_registry\")\n .description(\"A sample feature group\")\n .region(\"us-central1\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .bigQuery(AiFeatureGroupBigQueryArgs.builder()\n .bigQuerySource(AiFeatureGroupBigQueryBigQuerySourceArgs.builder()\n .inputUri(Output.tuple(sampleTable.project(), sampleTable.datasetId(), sampleTable.tableId()).applyValue(values -\u003e {\n var project = values.t1;\n var datasetId = values.t2;\n var tableId = values.t3;\n return String.format(\"bq://%s.%s.%s\", project,datasetId,tableId);\n }))\n .build())\n .entityIdColumns(\"feature_id\")\n .build())\n .build());\n\n var sampleFeature = new AiFeatureGroupFeature(\"sampleFeature\", AiFeatureGroupFeatureArgs.builder()\n .name(\"example_feature_view_feature_registry\")\n .region(\"us-central1\")\n .featureGroup(sampleFeatureGroup.name())\n .description(\"A sample feature\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .build());\n\n var featureviewFeatureregistry = new AiFeatureOnlineStoreFeatureview(\"featureviewFeatureregistry\", AiFeatureOnlineStoreFeatureviewArgs.builder()\n .name(\"example_feature_view_feature_registry\")\n .region(\"us-central1\")\n .featureOnlineStore(featureonlinestore.name())\n .syncConfig(AiFeatureOnlineStoreFeatureviewSyncConfigArgs.builder()\n .cron(\"0 0 * * *\")\n .build())\n .featureRegistrySource(AiFeatureOnlineStoreFeatureviewFeatureRegistrySourceArgs.builder()\n .featureGroups(AiFeatureOnlineStoreFeatureviewFeatureRegistrySourceFeatureGroupArgs.builder()\n .featureGroupId(sampleFeatureGroup.name())\n .featureIds(sampleFeature.name())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n featureonlinestore:\n type: gcp:vertex:AiFeatureOnlineStore\n properties:\n name: example_feature_view_feature_registry\n labels:\n foo: bar\n region: us-central1\n bigtable:\n autoScaling:\n minNodeCount: 1\n maxNodeCount: 2\n cpuUtilizationTarget: 80\n sampleDataset:\n type: gcp:bigquery:Dataset\n name: sample_dataset\n properties:\n datasetId: example_feature_view_feature_registry\n friendlyName: test\n description: This is a test description\n location: US\n sampleTable:\n type: gcp:bigquery:Table\n name: sample_table\n properties:\n deletionProtection: false\n datasetId: ${sampleDataset.datasetId}\n tableId: example_feature_view_feature_registry\n schema: |\n [\n {\n \"name\": \"feature_id\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"example_feature_view_feature_registry\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"type\": \"TIMESTAMP\",\n \"mode\": \"NULLABLE\"\n }\n ]\n sampleFeatureGroup:\n type: gcp:vertex:AiFeatureGroup\n name: sample_feature_group\n properties:\n name: example_feature_view_feature_registry\n description: A sample feature group\n region: us-central1\n labels:\n label-one: value-one\n bigQuery:\n bigQuerySource:\n inputUri: bq://${sampleTable.project}.${sampleTable.datasetId}.${sampleTable.tableId}\n entityIdColumns:\n - feature_id\n sampleFeature:\n type: gcp:vertex:AiFeatureGroupFeature\n name: sample_feature\n properties:\n name: example_feature_view_feature_registry\n region: us-central1\n featureGroup: ${sampleFeatureGroup.name}\n description: A sample feature\n labels:\n label-one: value-one\n featureviewFeatureregistry:\n type: gcp:vertex:AiFeatureOnlineStoreFeatureview\n name: featureview_featureregistry\n properties:\n name: example_feature_view_feature_registry\n region: us-central1\n featureOnlineStore: ${featureonlinestore.name}\n syncConfig:\n cron: 0 0 * * *\n featureRegistrySource:\n featureGroups:\n - featureGroupId: ${sampleFeatureGroup.name}\n featureIds:\n - ${sampleFeature.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Vertex Ai Featureonlinestore Featureview Cross Project\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst testProject = gcp.organizations.getProject({});\nconst project = new gcp.organizations.Project(\"project\", {\n projectId: \"tf-test_41150\",\n name: \"tf-test_89313\",\n orgId: \"123456789\",\n billingAccount: \"000000-0000000-0000000-000000\",\n deletionPolicy: \"DELETE\",\n});\nconst wait60Seconds = new time.index.Sleep(\"wait_60_seconds\", {createDuration: \"60s\"}, {\n dependsOn: [project],\n});\nconst vertexai = new gcp.projects.Service(\"vertexai\", {\n service: \"aiplatform.googleapis.com\",\n project: project.projectId,\n disableOnDestroy: false,\n}, {\n dependsOn: [wait60Seconds],\n});\nconst featureonlinestore = new gcp.vertex.AiFeatureOnlineStore(\"featureonlinestore\", {\n name: \"example_cross_project_featureview\",\n project: project.projectId,\n labels: {\n foo: \"bar\",\n },\n region: \"us-central1\",\n bigtable: {\n autoScaling: {\n minNodeCount: 1,\n maxNodeCount: 2,\n cpuUtilizationTarget: 80,\n },\n },\n}, {\n dependsOn: [vertexai],\n});\nconst sampleDataset = new gcp.bigquery.Dataset(\"sample_dataset\", {\n datasetId: \"example_cross_project_featureview\",\n friendlyName: \"test\",\n description: \"This is a test description\",\n location: \"US\",\n});\nconst viewer = new gcp.bigquery.DatasetIamMember(\"viewer\", {\n project: testProject.then(testProject =\u003e testProject.projectId),\n datasetId: sampleDataset.datasetId,\n role: \"roles/bigquery.dataViewer\",\n member: pulumi.interpolate`serviceAccount:service-${project.number}@gcp-sa-aiplatform.iam.gserviceaccount.com`,\n}, {\n dependsOn: [featureonlinestore],\n});\nconst wait30Seconds = new time.index.Sleep(\"wait_30_seconds\", {createDuration: \"30s\"}, {\n dependsOn: [viewer],\n});\nconst sampleTable = new gcp.bigquery.Table(\"sample_table\", {\n deletionProtection: false,\n datasetId: sampleDataset.datasetId,\n tableId: \"example_cross_project_featureview\",\n schema: `[\n {\n \"name\": \"feature_id\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"example_cross_project_featureview\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"type\": \"TIMESTAMP\",\n \"mode\": \"NULLABLE\"\n }\n]\n`,\n});\nconst sampleFeatureGroup = new gcp.vertex.AiFeatureGroup(\"sample_feature_group\", {\n name: \"example_cross_project_featureview\",\n description: \"A sample feature group\",\n region: \"us-central1\",\n labels: {\n \"label-one\": \"value-one\",\n },\n bigQuery: {\n bigQuerySource: {\n inputUri: pulumi.interpolate`bq://${sampleTable.project}.${sampleTable.datasetId}.${sampleTable.tableId}`,\n },\n entityIdColumns: [\"feature_id\"],\n },\n});\nconst sampleFeature = new gcp.vertex.AiFeatureGroupFeature(\"sample_feature\", {\n name: \"example_cross_project_featureview\",\n region: \"us-central1\",\n featureGroup: sampleFeatureGroup.name,\n description: \"A sample feature\",\n labels: {\n \"label-one\": \"value-one\",\n },\n});\nconst crossProjectFeatureview = new gcp.vertex.AiFeatureOnlineStoreFeatureview(\"cross_project_featureview\", {\n name: \"example_cross_project_featureview\",\n project: project.projectId,\n region: \"us-central1\",\n featureOnlineStore: featureonlinestore.name,\n syncConfig: {\n cron: \"0 0 * * *\",\n },\n featureRegistrySource: {\n featureGroups: [{\n featureGroupId: sampleFeatureGroup.name,\n featureIds: [sampleFeature.name],\n }],\n projectNumber: testProject.then(testProject =\u003e testProject.number),\n },\n}, {\n dependsOn: [\n vertexai,\n wait30Seconds,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\ntest_project = gcp.organizations.get_project()\nproject = gcp.organizations.Project(\"project\",\n project_id=\"tf-test_41150\",\n name=\"tf-test_89313\",\n org_id=\"123456789\",\n billing_account=\"000000-0000000-0000000-000000\",\n deletion_policy=\"DELETE\")\nwait60_seconds = time.index.Sleep(\"wait_60_seconds\", create_duration=60s,\nopts = pulumi.ResourceOptions(depends_on=[project]))\nvertexai = gcp.projects.Service(\"vertexai\",\n service=\"aiplatform.googleapis.com\",\n project=project.project_id,\n disable_on_destroy=False,\n opts = pulumi.ResourceOptions(depends_on=[wait60_seconds]))\nfeatureonlinestore = gcp.vertex.AiFeatureOnlineStore(\"featureonlinestore\",\n name=\"example_cross_project_featureview\",\n project=project.project_id,\n labels={\n \"foo\": \"bar\",\n },\n region=\"us-central1\",\n bigtable={\n \"auto_scaling\": {\n \"min_node_count\": 1,\n \"max_node_count\": 2,\n \"cpu_utilization_target\": 80,\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[vertexai]))\nsample_dataset = gcp.bigquery.Dataset(\"sample_dataset\",\n dataset_id=\"example_cross_project_featureview\",\n friendly_name=\"test\",\n description=\"This is a test description\",\n location=\"US\")\nviewer = gcp.bigquery.DatasetIamMember(\"viewer\",\n project=test_project.project_id,\n dataset_id=sample_dataset.dataset_id,\n role=\"roles/bigquery.dataViewer\",\n member=project.number.apply(lambda number: f\"serviceAccount:service-{number}@gcp-sa-aiplatform.iam.gserviceaccount.com\"),\n opts = pulumi.ResourceOptions(depends_on=[featureonlinestore]))\nwait30_seconds = time.index.Sleep(\"wait_30_seconds\", create_duration=30s,\nopts = pulumi.ResourceOptions(depends_on=[viewer]))\nsample_table = gcp.bigquery.Table(\"sample_table\",\n deletion_protection=False,\n dataset_id=sample_dataset.dataset_id,\n table_id=\"example_cross_project_featureview\",\n schema=\"\"\"[\n {\n \"name\": \"feature_id\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"example_cross_project_featureview\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"type\": \"TIMESTAMP\",\n \"mode\": \"NULLABLE\"\n }\n]\n\"\"\")\nsample_feature_group = gcp.vertex.AiFeatureGroup(\"sample_feature_group\",\n name=\"example_cross_project_featureview\",\n description=\"A sample feature group\",\n region=\"us-central1\",\n labels={\n \"label-one\": \"value-one\",\n },\n big_query={\n \"big_query_source\": {\n \"input_uri\": pulumi.Output.all(\n project=sample_table.project,\n dataset_id=sample_table.dataset_id,\n table_id=sample_table.table_id\n).apply(lambda resolved_outputs: f\"bq://{resolved_outputs['project']}.{resolved_outputs['dataset_id']}.{resolved_outputs['table_id']}\")\n,\n },\n \"entity_id_columns\": [\"feature_id\"],\n })\nsample_feature = gcp.vertex.AiFeatureGroupFeature(\"sample_feature\",\n name=\"example_cross_project_featureview\",\n region=\"us-central1\",\n feature_group=sample_feature_group.name,\n description=\"A sample feature\",\n labels={\n \"label-one\": \"value-one\",\n })\ncross_project_featureview = gcp.vertex.AiFeatureOnlineStoreFeatureview(\"cross_project_featureview\",\n name=\"example_cross_project_featureview\",\n project=project.project_id,\n region=\"us-central1\",\n feature_online_store=featureonlinestore.name,\n sync_config={\n \"cron\": \"0 0 * * *\",\n },\n feature_registry_source={\n \"feature_groups\": [{\n \"feature_group_id\": sample_feature_group.name,\n \"feature_ids\": [sample_feature.name],\n }],\n \"project_number\": test_project.number,\n },\n opts = pulumi.ResourceOptions(depends_on=[\n vertexai,\n wait30_seconds,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testProject = Gcp.Organizations.GetProject.Invoke();\n\n var project = new Gcp.Organizations.Project(\"project\", new()\n {\n ProjectId = \"tf-test_41150\",\n Name = \"tf-test_89313\",\n OrgId = \"123456789\",\n BillingAccount = \"000000-0000000-0000000-000000\",\n DeletionPolicy = \"DELETE\",\n });\n\n var wait60Seconds = new Time.Index.Sleep(\"wait_60_seconds\", new()\n {\n CreateDuration = \"60s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n project,\n },\n });\n\n var vertexai = new Gcp.Projects.Service(\"vertexai\", new()\n {\n ServiceName = \"aiplatform.googleapis.com\",\n Project = project.ProjectId,\n DisableOnDestroy = false,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait60Seconds,\n },\n });\n\n var featureonlinestore = new Gcp.Vertex.AiFeatureOnlineStore(\"featureonlinestore\", new()\n {\n Name = \"example_cross_project_featureview\",\n Project = project.ProjectId,\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Region = \"us-central1\",\n Bigtable = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreBigtableArgs\n {\n AutoScaling = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreBigtableAutoScalingArgs\n {\n MinNodeCount = 1,\n MaxNodeCount = 2,\n CpuUtilizationTarget = 80,\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n vertexai,\n },\n });\n\n var sampleDataset = new Gcp.BigQuery.Dataset(\"sample_dataset\", new()\n {\n DatasetId = \"example_cross_project_featureview\",\n FriendlyName = \"test\",\n Description = \"This is a test description\",\n Location = \"US\",\n });\n\n var viewer = new Gcp.BigQuery.DatasetIamMember(\"viewer\", new()\n {\n Project = testProject.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n DatasetId = sampleDataset.DatasetId,\n Role = \"roles/bigquery.dataViewer\",\n Member = project.Number.Apply(number =\u003e $\"serviceAccount:service-{number}@gcp-sa-aiplatform.iam.gserviceaccount.com\"),\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n featureonlinestore,\n },\n });\n\n var wait30Seconds = new Time.Index.Sleep(\"wait_30_seconds\", new()\n {\n CreateDuration = \"30s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n viewer,\n },\n });\n\n var sampleTable = new Gcp.BigQuery.Table(\"sample_table\", new()\n {\n DeletionProtection = false,\n DatasetId = sampleDataset.DatasetId,\n TableId = \"example_cross_project_featureview\",\n Schema = @\"[\n {\n \"\"name\"\": \"\"feature_id\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"mode\"\": \"\"NULLABLE\"\"\n },\n {\n \"\"name\"\": \"\"example_cross_project_featureview\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"mode\"\": \"\"NULLABLE\"\"\n },\n {\n \"\"name\"\": \"\"feature_timestamp\"\",\n \"\"type\"\": \"\"TIMESTAMP\"\",\n \"\"mode\"\": \"\"NULLABLE\"\"\n }\n]\n\",\n });\n\n var sampleFeatureGroup = new Gcp.Vertex.AiFeatureGroup(\"sample_feature_group\", new()\n {\n Name = \"example_cross_project_featureview\",\n Description = \"A sample feature group\",\n Region = \"us-central1\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n BigQuery = new Gcp.Vertex.Inputs.AiFeatureGroupBigQueryArgs\n {\n BigQuerySource = new Gcp.Vertex.Inputs.AiFeatureGroupBigQueryBigQuerySourceArgs\n {\n InputUri = Output.Tuple(sampleTable.Project, sampleTable.DatasetId, sampleTable.TableId).Apply(values =\u003e\n {\n var project = values.Item1;\n var datasetId = values.Item2;\n var tableId = values.Item3;\n return $\"bq://{project}.{datasetId}.{tableId}\";\n }),\n },\n EntityIdColumns = new[]\n {\n \"feature_id\",\n },\n },\n });\n\n var sampleFeature = new Gcp.Vertex.AiFeatureGroupFeature(\"sample_feature\", new()\n {\n Name = \"example_cross_project_featureview\",\n Region = \"us-central1\",\n FeatureGroup = sampleFeatureGroup.Name,\n Description = \"A sample feature\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n });\n\n var crossProjectFeatureview = new Gcp.Vertex.AiFeatureOnlineStoreFeatureview(\"cross_project_featureview\", new()\n {\n Name = \"example_cross_project_featureview\",\n Project = project.ProjectId,\n Region = \"us-central1\",\n FeatureOnlineStore = featureonlinestore.Name,\n SyncConfig = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreFeatureviewSyncConfigArgs\n {\n Cron = \"0 0 * * *\",\n },\n FeatureRegistrySource = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreFeatureviewFeatureRegistrySourceArgs\n {\n FeatureGroups = new[]\n {\n new Gcp.Vertex.Inputs.AiFeatureOnlineStoreFeatureviewFeatureRegistrySourceFeatureGroupArgs\n {\n FeatureGroupId = sampleFeatureGroup.Name,\n FeatureIds = new[]\n {\n sampleFeature.Name,\n },\n },\n },\n ProjectNumber = testProject.Apply(getProjectResult =\u003e getProjectResult.Number),\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n vertexai,\n wait30Seconds,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vertex\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestProject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.NewProject(ctx, \"project\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"tf-test_41150\"),\n\t\t\tName: pulumi.String(\"tf-test_89313\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tBillingAccount: pulumi.String(\"000000-0000000-0000000-000000\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twait60Seconds, err := time.NewSleep(ctx, \"wait_60_seconds\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"60s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tproject,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvertexai, err := projects.NewService(ctx, \"vertexai\", \u0026projects.ServiceArgs{\n\t\t\tService: pulumi.String(\"aiplatform.googleapis.com\"),\n\t\t\tProject: project.ProjectId,\n\t\t\tDisableOnDestroy: pulumi.Bool(false),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait60Seconds,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfeatureonlinestore, err := vertex.NewAiFeatureOnlineStore(ctx, \"featureonlinestore\", \u0026vertex.AiFeatureOnlineStoreArgs{\n\t\t\tName: pulumi.String(\"example_cross_project_featureview\"),\n\t\t\tProject: project.ProjectId,\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tBigtable: \u0026vertex.AiFeatureOnlineStoreBigtableArgs{\n\t\t\t\tAutoScaling: \u0026vertex.AiFeatureOnlineStoreBigtableAutoScalingArgs{\n\t\t\t\t\tMinNodeCount: pulumi.Int(1),\n\t\t\t\t\tMaxNodeCount: pulumi.Int(2),\n\t\t\t\t\tCpuUtilizationTarget: pulumi.Int(80),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvertexai,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsampleDataset, err := bigquery.NewDataset(ctx, \"sample_dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_cross_project_featureview\"),\n\t\t\tFriendlyName: pulumi.String(\"test\"),\n\t\t\tDescription: pulumi.String(\"This is a test description\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tviewer, err := bigquery.NewDatasetIamMember(ctx, \"viewer\", \u0026bigquery.DatasetIamMemberArgs{\n\t\t\tProject: pulumi.String(testProject.ProjectId),\n\t\t\tDatasetId: sampleDataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataViewer\"),\n\t\t\tMember: project.Number.ApplyT(func(number string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:service-%v@gcp-sa-aiplatform.iam.gserviceaccount.com\", number), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfeatureonlinestore,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twait30Seconds, err := time.NewSleep(ctx, \"wait_30_seconds\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"30s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tviewer,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsampleTable, err := bigquery.NewTable(ctx, \"sample_table\", \u0026bigquery.TableArgs{\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tDatasetId: sampleDataset.DatasetId,\n\t\t\tTableId: pulumi.String(\"example_cross_project_featureview\"),\n\t\t\tSchema: pulumi.String(`[\n {\n \"name\": \"feature_id\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"example_cross_project_featureview\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"type\": \"TIMESTAMP\",\n \"mode\": \"NULLABLE\"\n }\n]\n`),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsampleFeatureGroup, err := vertex.NewAiFeatureGroup(ctx, \"sample_feature_group\", \u0026vertex.AiFeatureGroupArgs{\n\t\t\tName: pulumi.String(\"example_cross_project_featureview\"),\n\t\t\tDescription: pulumi.String(\"A sample feature group\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tBigQuery: \u0026vertex.AiFeatureGroupBigQueryArgs{\n\t\t\t\tBigQuerySource: \u0026vertex.AiFeatureGroupBigQueryBigQuerySourceArgs{\n\t\t\t\t\tInputUri: pulumi.All(sampleTable.Project, sampleTable.DatasetId, sampleTable.TableId).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\tproject := _args[0].(string)\n\t\t\t\t\t\tdatasetId := _args[1].(string)\n\t\t\t\t\t\ttableId := _args[2].(string)\n\t\t\t\t\t\treturn fmt.Sprintf(\"bq://%v.%v.%v\", project, datasetId, tableId), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t},\n\t\t\t\tEntityIdColumns: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"feature_id\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsampleFeature, err := vertex.NewAiFeatureGroupFeature(ctx, \"sample_feature\", \u0026vertex.AiFeatureGroupFeatureArgs{\n\t\t\tName: pulumi.String(\"example_cross_project_featureview\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tFeatureGroup: sampleFeatureGroup.Name,\n\t\t\tDescription: pulumi.String(\"A sample feature\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vertex.NewAiFeatureOnlineStoreFeatureview(ctx, \"cross_project_featureview\", \u0026vertex.AiFeatureOnlineStoreFeatureviewArgs{\n\t\t\tName: pulumi.String(\"example_cross_project_featureview\"),\n\t\t\tProject: project.ProjectId,\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tFeatureOnlineStore: featureonlinestore.Name,\n\t\t\tSyncConfig: \u0026vertex.AiFeatureOnlineStoreFeatureviewSyncConfigArgs{\n\t\t\t\tCron: pulumi.String(\"0 0 * * *\"),\n\t\t\t},\n\t\t\tFeatureRegistrySource: \u0026vertex.AiFeatureOnlineStoreFeatureviewFeatureRegistrySourceArgs{\n\t\t\t\tFeatureGroups: vertex.AiFeatureOnlineStoreFeatureviewFeatureRegistrySourceFeatureGroupArray{\n\t\t\t\t\t\u0026vertex.AiFeatureOnlineStoreFeatureviewFeatureRegistrySourceFeatureGroupArgs{\n\t\t\t\t\t\tFeatureGroupId: sampleFeatureGroup.Name,\n\t\t\t\t\t\tFeatureIds: pulumi.StringArray{\n\t\t\t\t\t\t\tsampleFeature.Name,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tProjectNumber: pulumi.String(testProject.Number),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvertexai,\n\t\t\twait30Seconds,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStore;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStoreArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreBigtableArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreBigtableAutoScalingArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamMember;\nimport com.pulumi.gcp.bigquery.DatasetIamMemberArgs;\nimport com.pulumi.gcp.bigquery.Table;\nimport com.pulumi.gcp.bigquery.TableArgs;\nimport com.pulumi.gcp.vertex.AiFeatureGroup;\nimport com.pulumi.gcp.vertex.AiFeatureGroupArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureGroupBigQueryArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureGroupBigQueryBigQuerySourceArgs;\nimport com.pulumi.gcp.vertex.AiFeatureGroupFeature;\nimport com.pulumi.gcp.vertex.AiFeatureGroupFeatureArgs;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStoreFeatureview;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStoreFeatureviewArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreFeatureviewSyncConfigArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreFeatureviewFeatureRegistrySourceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var testProject = OrganizationsFunctions.getProject();\n\n var project = new Project(\"project\", ProjectArgs.builder()\n .projectId(\"tf-test_41150\")\n .name(\"tf-test_89313\")\n .orgId(\"123456789\")\n .billingAccount(\"000000-0000000-0000000-000000\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var wait60Seconds = new Sleep(\"wait60Seconds\", SleepArgs.builder()\n .createDuration(\"60s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(project)\n .build());\n\n var vertexai = new Service(\"vertexai\", ServiceArgs.builder()\n .service(\"aiplatform.googleapis.com\")\n .project(project.projectId())\n .disableOnDestroy(false)\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait60Seconds)\n .build());\n\n var featureonlinestore = new AiFeatureOnlineStore(\"featureonlinestore\", AiFeatureOnlineStoreArgs.builder()\n .name(\"example_cross_project_featureview\")\n .project(project.projectId())\n .labels(Map.of(\"foo\", \"bar\"))\n .region(\"us-central1\")\n .bigtable(AiFeatureOnlineStoreBigtableArgs.builder()\n .autoScaling(AiFeatureOnlineStoreBigtableAutoScalingArgs.builder()\n .minNodeCount(1)\n .maxNodeCount(2)\n .cpuUtilizationTarget(80)\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(vertexai)\n .build());\n\n var sampleDataset = new Dataset(\"sampleDataset\", DatasetArgs.builder()\n .datasetId(\"example_cross_project_featureview\")\n .friendlyName(\"test\")\n .description(\"This is a test description\")\n .location(\"US\")\n .build());\n\n var viewer = new DatasetIamMember(\"viewer\", DatasetIamMemberArgs.builder()\n .project(testProject.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .datasetId(sampleDataset.datasetId())\n .role(\"roles/bigquery.dataViewer\")\n .member(project.number().applyValue(number -\u003e String.format(\"serviceAccount:service-%s@gcp-sa-aiplatform.iam.gserviceaccount.com\", number)))\n .build(), CustomResourceOptions.builder()\n .dependsOn(featureonlinestore)\n .build());\n\n var wait30Seconds = new Sleep(\"wait30Seconds\", SleepArgs.builder()\n .createDuration(\"30s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(viewer)\n .build());\n\n var sampleTable = new Table(\"sampleTable\", TableArgs.builder()\n .deletionProtection(false)\n .datasetId(sampleDataset.datasetId())\n .tableId(\"example_cross_project_featureview\")\n .schema(\"\"\"\n[\n {\n \"name\": \"feature_id\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"example_cross_project_featureview\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"type\": \"TIMESTAMP\",\n \"mode\": \"NULLABLE\"\n }\n]\n \"\"\")\n .build());\n\n var sampleFeatureGroup = new AiFeatureGroup(\"sampleFeatureGroup\", AiFeatureGroupArgs.builder()\n .name(\"example_cross_project_featureview\")\n .description(\"A sample feature group\")\n .region(\"us-central1\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .bigQuery(AiFeatureGroupBigQueryArgs.builder()\n .bigQuerySource(AiFeatureGroupBigQueryBigQuerySourceArgs.builder()\n .inputUri(Output.tuple(sampleTable.project(), sampleTable.datasetId(), sampleTable.tableId()).applyValue(values -\u003e {\n var project = values.t1;\n var datasetId = values.t2;\n var tableId = values.t3;\n return String.format(\"bq://%s.%s.%s\", project,datasetId,tableId);\n }))\n .build())\n .entityIdColumns(\"feature_id\")\n .build())\n .build());\n\n var sampleFeature = new AiFeatureGroupFeature(\"sampleFeature\", AiFeatureGroupFeatureArgs.builder()\n .name(\"example_cross_project_featureview\")\n .region(\"us-central1\")\n .featureGroup(sampleFeatureGroup.name())\n .description(\"A sample feature\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .build());\n\n var crossProjectFeatureview = new AiFeatureOnlineStoreFeatureview(\"crossProjectFeatureview\", AiFeatureOnlineStoreFeatureviewArgs.builder()\n .name(\"example_cross_project_featureview\")\n .project(project.projectId())\n .region(\"us-central1\")\n .featureOnlineStore(featureonlinestore.name())\n .syncConfig(AiFeatureOnlineStoreFeatureviewSyncConfigArgs.builder()\n .cron(\"0 0 * * *\")\n .build())\n .featureRegistrySource(AiFeatureOnlineStoreFeatureviewFeatureRegistrySourceArgs.builder()\n .featureGroups(AiFeatureOnlineStoreFeatureviewFeatureRegistrySourceFeatureGroupArgs.builder()\n .featureGroupId(sampleFeatureGroup.name())\n .featureIds(sampleFeature.name())\n .build())\n .projectNumber(testProject.applyValue(getProjectResult -\u003e getProjectResult.number()))\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n vertexai,\n wait30Seconds)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:organizations:Project\n properties:\n projectId: tf-test_41150\n name: tf-test_89313\n orgId: '123456789'\n billingAccount: 000000-0000000-0000000-000000\n deletionPolicy: DELETE\n wait60Seconds:\n type: time:sleep\n name: wait_60_seconds\n properties:\n createDuration: 60s\n options:\n dependson:\n - ${project}\n wait30Seconds:\n type: time:sleep\n name: wait_30_seconds\n properties:\n createDuration: 30s\n options:\n dependson:\n - ${viewer}\n vertexai:\n type: gcp:projects:Service\n properties:\n service: aiplatform.googleapis.com\n project: ${project.projectId}\n disableOnDestroy: false # Needed for CI tests for permissions to propagate, should not be needed for actual usage\n options:\n dependson:\n - ${wait60Seconds}\n viewer:\n type: gcp:bigquery:DatasetIamMember\n properties:\n project: ${testProject.projectId}\n datasetId: ${sampleDataset.datasetId}\n role: roles/bigquery.dataViewer\n member: serviceAccount:service-${project.number}@gcp-sa-aiplatform.iam.gserviceaccount.com\n options:\n dependson:\n - ${featureonlinestore}\n featureonlinestore:\n type: gcp:vertex:AiFeatureOnlineStore\n properties:\n name: example_cross_project_featureview\n project: ${project.projectId}\n labels:\n foo: bar\n region: us-central1\n bigtable:\n autoScaling:\n minNodeCount: 1\n maxNodeCount: 2\n cpuUtilizationTarget: 80\n options:\n dependson:\n - ${vertexai}\n sampleDataset:\n type: gcp:bigquery:Dataset\n name: sample_dataset\n properties:\n datasetId: example_cross_project_featureview\n friendlyName: test\n description: This is a test description\n location: US\n sampleTable:\n type: gcp:bigquery:Table\n name: sample_table\n properties:\n deletionProtection: false\n datasetId: ${sampleDataset.datasetId}\n tableId: example_cross_project_featureview\n schema: |\n [\n {\n \"name\": \"feature_id\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"example_cross_project_featureview\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"type\": \"TIMESTAMP\",\n \"mode\": \"NULLABLE\"\n }\n ]\n sampleFeatureGroup:\n type: gcp:vertex:AiFeatureGroup\n name: sample_feature_group\n properties:\n name: example_cross_project_featureview\n description: A sample feature group\n region: us-central1\n labels:\n label-one: value-one\n bigQuery:\n bigQuerySource:\n inputUri: bq://${sampleTable.project}.${sampleTable.datasetId}.${sampleTable.tableId}\n entityIdColumns:\n - feature_id\n sampleFeature:\n type: gcp:vertex:AiFeatureGroupFeature\n name: sample_feature\n properties:\n name: example_cross_project_featureview\n region: us-central1\n featureGroup: ${sampleFeatureGroup.name}\n description: A sample feature\n labels:\n label-one: value-one\n crossProjectFeatureview:\n type: gcp:vertex:AiFeatureOnlineStoreFeatureview\n name: cross_project_featureview\n properties:\n name: example_cross_project_featureview\n project: ${project.projectId}\n region: us-central1\n featureOnlineStore: ${featureonlinestore.name}\n syncConfig:\n cron: 0 0 * * *\n featureRegistrySource:\n featureGroups:\n - featureGroupId: ${sampleFeatureGroup.name}\n featureIds:\n - ${sampleFeature.name}\n projectNumber: ${testProject.number}\n options:\n dependson:\n - ${vertexai}\n - ${wait30Seconds}\nvariables:\n testProject:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Vertex Ai Featureonlinestore Featureview With Vector Search\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst featureonlinestore = new gcp.vertex.AiFeatureOnlineStore(\"featureonlinestore\", {\n name: \"example_feature_view_vector_search\",\n labels: {\n foo: \"bar\",\n },\n region: \"us-central1\",\n bigtable: {\n autoScaling: {\n minNodeCount: 1,\n maxNodeCount: 2,\n cpuUtilizationTarget: 80,\n },\n },\n embeddingManagement: {\n enabled: true,\n },\n});\nconst tf_test_dataset = new gcp.bigquery.Dataset(\"tf-test-dataset\", {\n datasetId: \"example_feature_view_vector_search\",\n friendlyName: \"test\",\n description: \"This is a test description\",\n location: \"US\",\n});\nconst tf_test_table = new gcp.bigquery.Table(\"tf-test-table\", {\n deletionProtection: false,\n datasetId: tf_test_dataset.datasetId,\n tableId: \"example_feature_view_vector_search\",\n schema: `[\n{\n \"name\": \"test_primary_id\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"primary test id\"\n},\n{\n \"name\": \"embedding\",\n \"mode\": \"REPEATED\",\n \"type\": \"FLOAT\",\n \"description\": \"embedding column for primary_id column\"\n},\n{\n \"name\": \"country\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"country\"\n},\n{\n \"name\": \"test_crowding_column\",\n \"mode\": \"NULLABLE\",\n \"type\": \"INTEGER\",\n \"description\": \"test crowding column\"\n},\n{\n \"name\": \"entity_id\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"Test default entity_id\"\n},\n{\n \"name\": \"test_entity_column\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"test secondary entity column\"\n},\n{\n \"name\": \"feature_timestamp\",\n \"mode\": \"NULLABLE\",\n \"type\": \"TIMESTAMP\",\n \"description\": \"Default timestamp value\"\n}\n]\n`,\n});\nconst featureviewVectorSearch = new gcp.vertex.AiFeatureOnlineStoreFeatureview(\"featureview_vector_search\", {\n name: \"example_feature_view_vector_search\",\n region: \"us-central1\",\n featureOnlineStore: featureonlinestore.name,\n syncConfig: {\n cron: \"0 0 * * *\",\n },\n bigQuerySource: {\n uri: pulumi.interpolate`bq://${tf_test_table.project}.${tf_test_table.datasetId}.${tf_test_table.tableId}`,\n entityIdColumns: [\"test_entity_column\"],\n },\n vectorSearchConfig: {\n embeddingColumn: \"embedding\",\n filterColumns: [\"country\"],\n crowdingColumn: \"test_crowding_column\",\n distanceMeasureType: \"DOT_PRODUCT_DISTANCE\",\n treeAhConfig: {\n leafNodeEmbeddingCount: \"1000\",\n },\n embeddingDimension: 2,\n },\n});\nconst project = gcp.organizations.getProject({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfeatureonlinestore = gcp.vertex.AiFeatureOnlineStore(\"featureonlinestore\",\n name=\"example_feature_view_vector_search\",\n labels={\n \"foo\": \"bar\",\n },\n region=\"us-central1\",\n bigtable={\n \"auto_scaling\": {\n \"min_node_count\": 1,\n \"max_node_count\": 2,\n \"cpu_utilization_target\": 80,\n },\n },\n embedding_management={\n \"enabled\": True,\n })\ntf_test_dataset = gcp.bigquery.Dataset(\"tf-test-dataset\",\n dataset_id=\"example_feature_view_vector_search\",\n friendly_name=\"test\",\n description=\"This is a test description\",\n location=\"US\")\ntf_test_table = gcp.bigquery.Table(\"tf-test-table\",\n deletion_protection=False,\n dataset_id=tf_test_dataset.dataset_id,\n table_id=\"example_feature_view_vector_search\",\n schema=\"\"\"[\n{\n \"name\": \"test_primary_id\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"primary test id\"\n},\n{\n \"name\": \"embedding\",\n \"mode\": \"REPEATED\",\n \"type\": \"FLOAT\",\n \"description\": \"embedding column for primary_id column\"\n},\n{\n \"name\": \"country\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"country\"\n},\n{\n \"name\": \"test_crowding_column\",\n \"mode\": \"NULLABLE\",\n \"type\": \"INTEGER\",\n \"description\": \"test crowding column\"\n},\n{\n \"name\": \"entity_id\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"Test default entity_id\"\n},\n{\n \"name\": \"test_entity_column\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"test secondary entity column\"\n},\n{\n \"name\": \"feature_timestamp\",\n \"mode\": \"NULLABLE\",\n \"type\": \"TIMESTAMP\",\n \"description\": \"Default timestamp value\"\n}\n]\n\"\"\")\nfeatureview_vector_search = gcp.vertex.AiFeatureOnlineStoreFeatureview(\"featureview_vector_search\",\n name=\"example_feature_view_vector_search\",\n region=\"us-central1\",\n feature_online_store=featureonlinestore.name,\n sync_config={\n \"cron\": \"0 0 * * *\",\n },\n big_query_source={\n \"uri\": pulumi.Output.all(\n project=tf_test_table.project,\n dataset_id=tf_test_table.dataset_id,\n table_id=tf_test_table.table_id\n).apply(lambda resolved_outputs: f\"bq://{resolved_outputs['project']}.{resolved_outputs['dataset_id']}.{resolved_outputs['table_id']}\")\n,\n \"entity_id_columns\": [\"test_entity_column\"],\n },\n vector_search_config={\n \"embedding_column\": \"embedding\",\n \"filter_columns\": [\"country\"],\n \"crowding_column\": \"test_crowding_column\",\n \"distance_measure_type\": \"DOT_PRODUCT_DISTANCE\",\n \"tree_ah_config\": {\n \"leaf_node_embedding_count\": \"1000\",\n },\n \"embedding_dimension\": 2,\n })\nproject = gcp.organizations.get_project()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var featureonlinestore = new Gcp.Vertex.AiFeatureOnlineStore(\"featureonlinestore\", new()\n {\n Name = \"example_feature_view_vector_search\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Region = \"us-central1\",\n Bigtable = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreBigtableArgs\n {\n AutoScaling = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreBigtableAutoScalingArgs\n {\n MinNodeCount = 1,\n MaxNodeCount = 2,\n CpuUtilizationTarget = 80,\n },\n },\n EmbeddingManagement = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreEmbeddingManagementArgs\n {\n Enabled = true,\n },\n });\n\n var tf_test_dataset = new Gcp.BigQuery.Dataset(\"tf-test-dataset\", new()\n {\n DatasetId = \"example_feature_view_vector_search\",\n FriendlyName = \"test\",\n Description = \"This is a test description\",\n Location = \"US\",\n });\n\n var tf_test_table = new Gcp.BigQuery.Table(\"tf-test-table\", new()\n {\n DeletionProtection = false,\n DatasetId = tf_test_dataset.DatasetId,\n TableId = \"example_feature_view_vector_search\",\n Schema = @\"[\n{\n \"\"name\"\": \"\"test_primary_id\"\",\n \"\"mode\"\": \"\"NULLABLE\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"description\"\": \"\"primary test id\"\"\n},\n{\n \"\"name\"\": \"\"embedding\"\",\n \"\"mode\"\": \"\"REPEATED\"\",\n \"\"type\"\": \"\"FLOAT\"\",\n \"\"description\"\": \"\"embedding column for primary_id column\"\"\n},\n{\n \"\"name\"\": \"\"country\"\",\n \"\"mode\"\": \"\"NULLABLE\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"description\"\": \"\"country\"\"\n},\n{\n \"\"name\"\": \"\"test_crowding_column\"\",\n \"\"mode\"\": \"\"NULLABLE\"\",\n \"\"type\"\": \"\"INTEGER\"\",\n \"\"description\"\": \"\"test crowding column\"\"\n},\n{\n \"\"name\"\": \"\"entity_id\"\",\n \"\"mode\"\": \"\"NULLABLE\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"description\"\": \"\"Test default entity_id\"\"\n},\n{\n \"\"name\"\": \"\"test_entity_column\"\",\n \"\"mode\"\": \"\"NULLABLE\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"description\"\": \"\"test secondary entity column\"\"\n},\n{\n \"\"name\"\": \"\"feature_timestamp\"\",\n \"\"mode\"\": \"\"NULLABLE\"\",\n \"\"type\"\": \"\"TIMESTAMP\"\",\n \"\"description\"\": \"\"Default timestamp value\"\"\n}\n]\n\",\n });\n\n var featureviewVectorSearch = new Gcp.Vertex.AiFeatureOnlineStoreFeatureview(\"featureview_vector_search\", new()\n {\n Name = \"example_feature_view_vector_search\",\n Region = \"us-central1\",\n FeatureOnlineStore = featureonlinestore.Name,\n SyncConfig = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreFeatureviewSyncConfigArgs\n {\n Cron = \"0 0 * * *\",\n },\n BigQuerySource = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreFeatureviewBigQuerySourceArgs\n {\n Uri = Output.Tuple(tf_test_table.Project, tf_test_table.DatasetId, tf_test_table.TableId).Apply(values =\u003e\n {\n var project = values.Item1;\n var datasetId = values.Item2;\n var tableId = values.Item3;\n return $\"bq://{project}.{datasetId}.{tableId}\";\n }),\n EntityIdColumns = new[]\n {\n \"test_entity_column\",\n },\n },\n VectorSearchConfig = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreFeatureviewVectorSearchConfigArgs\n {\n EmbeddingColumn = \"embedding\",\n FilterColumns = new[]\n {\n \"country\",\n },\n CrowdingColumn = \"test_crowding_column\",\n DistanceMeasureType = \"DOT_PRODUCT_DISTANCE\",\n TreeAhConfig = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreFeatureviewVectorSearchConfigTreeAhConfigArgs\n {\n LeafNodeEmbeddingCount = \"1000\",\n },\n EmbeddingDimension = 2,\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vertex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfeatureonlinestore, err := vertex.NewAiFeatureOnlineStore(ctx, \"featureonlinestore\", \u0026vertex.AiFeatureOnlineStoreArgs{\n\t\t\tName: pulumi.String(\"example_feature_view_vector_search\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tBigtable: \u0026vertex.AiFeatureOnlineStoreBigtableArgs{\n\t\t\t\tAutoScaling: \u0026vertex.AiFeatureOnlineStoreBigtableAutoScalingArgs{\n\t\t\t\t\tMinNodeCount: pulumi.Int(1),\n\t\t\t\t\tMaxNodeCount: pulumi.Int(2),\n\t\t\t\t\tCpuUtilizationTarget: pulumi.Int(80),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEmbeddingManagement: \u0026vertex.AiFeatureOnlineStoreEmbeddingManagementArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDataset(ctx, \"tf-test-dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_feature_view_vector_search\"),\n\t\t\tFriendlyName: pulumi.String(\"test\"),\n\t\t\tDescription: pulumi.String(\"This is a test description\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewTable(ctx, \"tf-test-table\", \u0026bigquery.TableArgs{\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tDatasetId: tf_test_dataset.DatasetId,\n\t\t\tTableId: pulumi.String(\"example_feature_view_vector_search\"),\n\t\t\tSchema: pulumi.String(`[\n{\n \"name\": \"test_primary_id\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"primary test id\"\n},\n{\n \"name\": \"embedding\",\n \"mode\": \"REPEATED\",\n \"type\": \"FLOAT\",\n \"description\": \"embedding column for primary_id column\"\n},\n{\n \"name\": \"country\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"country\"\n},\n{\n \"name\": \"test_crowding_column\",\n \"mode\": \"NULLABLE\",\n \"type\": \"INTEGER\",\n \"description\": \"test crowding column\"\n},\n{\n \"name\": \"entity_id\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"Test default entity_id\"\n},\n{\n \"name\": \"test_entity_column\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"test secondary entity column\"\n},\n{\n \"name\": \"feature_timestamp\",\n \"mode\": \"NULLABLE\",\n \"type\": \"TIMESTAMP\",\n \"description\": \"Default timestamp value\"\n}\n]\n`),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vertex.NewAiFeatureOnlineStoreFeatureview(ctx, \"featureview_vector_search\", \u0026vertex.AiFeatureOnlineStoreFeatureviewArgs{\n\t\t\tName: pulumi.String(\"example_feature_view_vector_search\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tFeatureOnlineStore: featureonlinestore.Name,\n\t\t\tSyncConfig: \u0026vertex.AiFeatureOnlineStoreFeatureviewSyncConfigArgs{\n\t\t\t\tCron: pulumi.String(\"0 0 * * *\"),\n\t\t\t},\n\t\t\tBigQuerySource: \u0026vertex.AiFeatureOnlineStoreFeatureviewBigQuerySourceArgs{\n\t\t\t\tUri: pulumi.All(tf_test_table.Project, tf_test_table.DatasetId, tf_test_table.TableId).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\tproject := _args[0].(string)\n\t\t\t\t\tdatasetId := _args[1].(string)\n\t\t\t\t\ttableId := _args[2].(string)\n\t\t\t\t\treturn fmt.Sprintf(\"bq://%v.%v.%v\", project, datasetId, tableId), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\tEntityIdColumns: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"test_entity_column\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tVectorSearchConfig: \u0026vertex.AiFeatureOnlineStoreFeatureviewVectorSearchConfigArgs{\n\t\t\t\tEmbeddingColumn: pulumi.String(\"embedding\"),\n\t\t\t\tFilterColumns: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"country\"),\n\t\t\t\t},\n\t\t\t\tCrowdingColumn: pulumi.String(\"test_crowding_column\"),\n\t\t\t\tDistanceMeasureType: pulumi.String(\"DOT_PRODUCT_DISTANCE\"),\n\t\t\t\tTreeAhConfig: \u0026vertex.AiFeatureOnlineStoreFeatureviewVectorSearchConfigTreeAhConfigArgs{\n\t\t\t\t\tLeafNodeEmbeddingCount: pulumi.String(\"1000\"),\n\t\t\t\t},\n\t\t\t\tEmbeddingDimension: pulumi.Int(2),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStore;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStoreArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreBigtableArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreBigtableAutoScalingArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreEmbeddingManagementArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Table;\nimport com.pulumi.gcp.bigquery.TableArgs;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStoreFeatureview;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStoreFeatureviewArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreFeatureviewSyncConfigArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreFeatureviewBigQuerySourceArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreFeatureviewVectorSearchConfigArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreFeatureviewVectorSearchConfigTreeAhConfigArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var featureonlinestore = new AiFeatureOnlineStore(\"featureonlinestore\", AiFeatureOnlineStoreArgs.builder()\n .name(\"example_feature_view_vector_search\")\n .labels(Map.of(\"foo\", \"bar\"))\n .region(\"us-central1\")\n .bigtable(AiFeatureOnlineStoreBigtableArgs.builder()\n .autoScaling(AiFeatureOnlineStoreBigtableAutoScalingArgs.builder()\n .minNodeCount(1)\n .maxNodeCount(2)\n .cpuUtilizationTarget(80)\n .build())\n .build())\n .embeddingManagement(AiFeatureOnlineStoreEmbeddingManagementArgs.builder()\n .enabled(true)\n .build())\n .build());\n\n var tf_test_dataset = new Dataset(\"tf-test-dataset\", DatasetArgs.builder()\n .datasetId(\"example_feature_view_vector_search\")\n .friendlyName(\"test\")\n .description(\"This is a test description\")\n .location(\"US\")\n .build());\n\n var tf_test_table = new Table(\"tf-test-table\", TableArgs.builder()\n .deletionProtection(false)\n .datasetId(tf_test_dataset.datasetId())\n .tableId(\"example_feature_view_vector_search\")\n .schema(\"\"\"\n[\n{\n \"name\": \"test_primary_id\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"primary test id\"\n},\n{\n \"name\": \"embedding\",\n \"mode\": \"REPEATED\",\n \"type\": \"FLOAT\",\n \"description\": \"embedding column for primary_id column\"\n},\n{\n \"name\": \"country\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"country\"\n},\n{\n \"name\": \"test_crowding_column\",\n \"mode\": \"NULLABLE\",\n \"type\": \"INTEGER\",\n \"description\": \"test crowding column\"\n},\n{\n \"name\": \"entity_id\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"Test default entity_id\"\n},\n{\n \"name\": \"test_entity_column\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"test secondary entity column\"\n},\n{\n \"name\": \"feature_timestamp\",\n \"mode\": \"NULLABLE\",\n \"type\": \"TIMESTAMP\",\n \"description\": \"Default timestamp value\"\n}\n]\n \"\"\")\n .build());\n\n var featureviewVectorSearch = new AiFeatureOnlineStoreFeatureview(\"featureviewVectorSearch\", AiFeatureOnlineStoreFeatureviewArgs.builder()\n .name(\"example_feature_view_vector_search\")\n .region(\"us-central1\")\n .featureOnlineStore(featureonlinestore.name())\n .syncConfig(AiFeatureOnlineStoreFeatureviewSyncConfigArgs.builder()\n .cron(\"0 0 * * *\")\n .build())\n .bigQuerySource(AiFeatureOnlineStoreFeatureviewBigQuerySourceArgs.builder()\n .uri(Output.tuple(tf_test_table.project(), tf_test_table.datasetId(), tf_test_table.tableId()).applyValue(values -\u003e {\n var project = values.t1;\n var datasetId = values.t2;\n var tableId = values.t3;\n return String.format(\"bq://%s.%s.%s\", project,datasetId,tableId);\n }))\n .entityIdColumns(\"test_entity_column\")\n .build())\n .vectorSearchConfig(AiFeatureOnlineStoreFeatureviewVectorSearchConfigArgs.builder()\n .embeddingColumn(\"embedding\")\n .filterColumns(\"country\")\n .crowdingColumn(\"test_crowding_column\")\n .distanceMeasureType(\"DOT_PRODUCT_DISTANCE\")\n .treeAhConfig(AiFeatureOnlineStoreFeatureviewVectorSearchConfigTreeAhConfigArgs.builder()\n .leafNodeEmbeddingCount(\"1000\")\n .build())\n .embeddingDimension(\"2\")\n .build())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n }\n}\n```\n```yaml\nresources:\n featureonlinestore:\n type: gcp:vertex:AiFeatureOnlineStore\n properties:\n name: example_feature_view_vector_search\n labels:\n foo: bar\n region: us-central1\n bigtable:\n autoScaling:\n minNodeCount: 1\n maxNodeCount: 2\n cpuUtilizationTarget: 80\n embeddingManagement:\n enabled: true\n tf-test-dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_feature_view_vector_search\n friendlyName: test\n description: This is a test description\n location: US\n tf-test-table:\n type: gcp:bigquery:Table\n properties:\n deletionProtection: false\n datasetId: ${[\"tf-test-dataset\"].datasetId}\n tableId: example_feature_view_vector_search\n schema: |\n [\n {\n \"name\": \"test_primary_id\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"primary test id\"\n },\n {\n \"name\": \"embedding\",\n \"mode\": \"REPEATED\",\n \"type\": \"FLOAT\",\n \"description\": \"embedding column for primary_id column\"\n },\n {\n \"name\": \"country\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"country\"\n },\n {\n \"name\": \"test_crowding_column\",\n \"mode\": \"NULLABLE\",\n \"type\": \"INTEGER\",\n \"description\": \"test crowding column\"\n },\n {\n \"name\": \"entity_id\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"Test default entity_id\"\n },\n {\n \"name\": \"test_entity_column\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"test secondary entity column\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"mode\": \"NULLABLE\",\n \"type\": \"TIMESTAMP\",\n \"description\": \"Default timestamp value\"\n }\n ]\n featureviewVectorSearch:\n type: gcp:vertex:AiFeatureOnlineStoreFeatureview\n name: featureview_vector_search\n properties:\n name: example_feature_view_vector_search\n region: us-central1\n featureOnlineStore: ${featureonlinestore.name}\n syncConfig:\n cron: 0 0 * * *\n bigQuerySource:\n uri: bq://${[\"tf-test-table\"].project}.${[\"tf-test-table\"].datasetId}.${[\"tf-test-table\"].tableId}\n entityIdColumns:\n - test_entity_column\n vectorSearchConfig:\n embeddingColumn: embedding\n filterColumns:\n - country\n crowdingColumn: test_crowding_column\n distanceMeasureType: DOT_PRODUCT_DISTANCE\n treeAhConfig:\n leafNodeEmbeddingCount: '1000'\n embeddingDimension: '2'\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFeatureOnlineStoreFeatureview can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/featureOnlineStores/{{feature_online_store}}/featureViews/{{name}}`\n\n* `{{project}}/{{region}}/{{feature_online_store}}/{{name}}`\n\n* `{{region}}/{{feature_online_store}}/{{name}}`\n\n* `{{feature_online_store}}/{{name}}`\n\nWhen using the `pulumi import` command, FeatureOnlineStoreFeatureview can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:vertex/aiFeatureOnlineStoreFeatureview:AiFeatureOnlineStoreFeatureview default projects/{{project}}/locations/{{region}}/featureOnlineStores/{{feature_online_store}}/featureViews/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vertex/aiFeatureOnlineStoreFeatureview:AiFeatureOnlineStoreFeatureview default {{project}}/{{region}}/{{feature_online_store}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vertex/aiFeatureOnlineStoreFeatureview:AiFeatureOnlineStoreFeatureview default {{region}}/{{feature_online_store}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vertex/aiFeatureOnlineStoreFeatureview:AiFeatureOnlineStoreFeatureview default {{feature_online_store}}/{{name}}\n```\n\n", + "description": "FeatureView is representation of values that the FeatureOnlineStore will serve based on its syncConfig.\n\n\nTo get more information about FeatureOnlineStoreFeatureview, see:\n\n* [API documentation](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.featureOnlineStores.featureViews)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/vertex-ai/docs)\n\n## Example Usage\n\n### Vertex Ai Featureonlinestore Featureview\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst featureonlinestore = new gcp.vertex.AiFeatureOnlineStore(\"featureonlinestore\", {\n name: \"example_feature_view\",\n labels: {\n foo: \"bar\",\n },\n region: \"us-central1\",\n bigtable: {\n autoScaling: {\n minNodeCount: 1,\n maxNodeCount: 2,\n cpuUtilizationTarget: 80,\n },\n },\n});\nconst tf_test_dataset = new gcp.bigquery.Dataset(\"tf-test-dataset\", {\n datasetId: \"example_feature_view\",\n friendlyName: \"test\",\n description: \"This is a test description\",\n location: \"US\",\n});\nconst tf_test_table = new gcp.bigquery.Table(\"tf-test-table\", {\n deletionProtection: false,\n datasetId: tf_test_dataset.datasetId,\n tableId: \"example_feature_view\",\n schema: ` [\n {\n \"name\": \"entity_id\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"Test default entity_id\"\n },\n {\n \"name\": \"test_entity_column\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"test secondary entity column\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"mode\": \"NULLABLE\",\n \"type\": \"TIMESTAMP\",\n \"description\": \"Default timestamp value\"\n }\n]\n`,\n});\nconst featureview = new gcp.vertex.AiFeatureOnlineStoreFeatureview(\"featureview\", {\n name: \"example_feature_view\",\n region: \"us-central1\",\n featureOnlineStore: featureonlinestore.name,\n syncConfig: {\n cron: \"0 0 * * *\",\n },\n bigQuerySource: {\n uri: pulumi.interpolate`bq://${tf_test_table.project}.${tf_test_table.datasetId}.${tf_test_table.tableId}`,\n entityIdColumns: [\"test_entity_column\"],\n },\n});\nconst project = gcp.organizations.getProject({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfeatureonlinestore = gcp.vertex.AiFeatureOnlineStore(\"featureonlinestore\",\n name=\"example_feature_view\",\n labels={\n \"foo\": \"bar\",\n },\n region=\"us-central1\",\n bigtable={\n \"auto_scaling\": {\n \"min_node_count\": 1,\n \"max_node_count\": 2,\n \"cpu_utilization_target\": 80,\n },\n })\ntf_test_dataset = gcp.bigquery.Dataset(\"tf-test-dataset\",\n dataset_id=\"example_feature_view\",\n friendly_name=\"test\",\n description=\"This is a test description\",\n location=\"US\")\ntf_test_table = gcp.bigquery.Table(\"tf-test-table\",\n deletion_protection=False,\n dataset_id=tf_test_dataset.dataset_id,\n table_id=\"example_feature_view\",\n schema=\"\"\" [\n {\n \"name\": \"entity_id\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"Test default entity_id\"\n },\n {\n \"name\": \"test_entity_column\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"test secondary entity column\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"mode\": \"NULLABLE\",\n \"type\": \"TIMESTAMP\",\n \"description\": \"Default timestamp value\"\n }\n]\n\"\"\")\nfeatureview = gcp.vertex.AiFeatureOnlineStoreFeatureview(\"featureview\",\n name=\"example_feature_view\",\n region=\"us-central1\",\n feature_online_store=featureonlinestore.name,\n sync_config={\n \"cron\": \"0 0 * * *\",\n },\n big_query_source={\n \"uri\": pulumi.Output.all(\n project=tf_test_table.project,\n dataset_id=tf_test_table.dataset_id,\n table_id=tf_test_table.table_id\n).apply(lambda resolved_outputs: f\"bq://{resolved_outputs['project']}.{resolved_outputs['dataset_id']}.{resolved_outputs['table_id']}\")\n,\n \"entity_id_columns\": [\"test_entity_column\"],\n })\nproject = gcp.organizations.get_project()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var featureonlinestore = new Gcp.Vertex.AiFeatureOnlineStore(\"featureonlinestore\", new()\n {\n Name = \"example_feature_view\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Region = \"us-central1\",\n Bigtable = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreBigtableArgs\n {\n AutoScaling = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreBigtableAutoScalingArgs\n {\n MinNodeCount = 1,\n MaxNodeCount = 2,\n CpuUtilizationTarget = 80,\n },\n },\n });\n\n var tf_test_dataset = new Gcp.BigQuery.Dataset(\"tf-test-dataset\", new()\n {\n DatasetId = \"example_feature_view\",\n FriendlyName = \"test\",\n Description = \"This is a test description\",\n Location = \"US\",\n });\n\n var tf_test_table = new Gcp.BigQuery.Table(\"tf-test-table\", new()\n {\n DeletionProtection = false,\n DatasetId = tf_test_dataset.DatasetId,\n TableId = \"example_feature_view\",\n Schema = @\" [\n {\n \"\"name\"\": \"\"entity_id\"\",\n \"\"mode\"\": \"\"NULLABLE\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"description\"\": \"\"Test default entity_id\"\"\n },\n {\n \"\"name\"\": \"\"test_entity_column\"\",\n \"\"mode\"\": \"\"NULLABLE\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"description\"\": \"\"test secondary entity column\"\"\n },\n {\n \"\"name\"\": \"\"feature_timestamp\"\",\n \"\"mode\"\": \"\"NULLABLE\"\",\n \"\"type\"\": \"\"TIMESTAMP\"\",\n \"\"description\"\": \"\"Default timestamp value\"\"\n }\n]\n\",\n });\n\n var featureview = new Gcp.Vertex.AiFeatureOnlineStoreFeatureview(\"featureview\", new()\n {\n Name = \"example_feature_view\",\n Region = \"us-central1\",\n FeatureOnlineStore = featureonlinestore.Name,\n SyncConfig = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreFeatureviewSyncConfigArgs\n {\n Cron = \"0 0 * * *\",\n },\n BigQuerySource = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreFeatureviewBigQuerySourceArgs\n {\n Uri = Output.Tuple(tf_test_table.Project, tf_test_table.DatasetId, tf_test_table.TableId).Apply(values =\u003e\n {\n var project = values.Item1;\n var datasetId = values.Item2;\n var tableId = values.Item3;\n return $\"bq://{project}.{datasetId}.{tableId}\";\n }),\n EntityIdColumns = new[]\n {\n \"test_entity_column\",\n },\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vertex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfeatureonlinestore, err := vertex.NewAiFeatureOnlineStore(ctx, \"featureonlinestore\", \u0026vertex.AiFeatureOnlineStoreArgs{\n\t\t\tName: pulumi.String(\"example_feature_view\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tBigtable: \u0026vertex.AiFeatureOnlineStoreBigtableArgs{\n\t\t\t\tAutoScaling: \u0026vertex.AiFeatureOnlineStoreBigtableAutoScalingArgs{\n\t\t\t\t\tMinNodeCount: pulumi.Int(1),\n\t\t\t\t\tMaxNodeCount: pulumi.Int(2),\n\t\t\t\t\tCpuUtilizationTarget: pulumi.Int(80),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDataset(ctx, \"tf-test-dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_feature_view\"),\n\t\t\tFriendlyName: pulumi.String(\"test\"),\n\t\t\tDescription: pulumi.String(\"This is a test description\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewTable(ctx, \"tf-test-table\", \u0026bigquery.TableArgs{\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tDatasetId: tf_test_dataset.DatasetId,\n\t\t\tTableId: pulumi.String(\"example_feature_view\"),\n\t\t\tSchema: pulumi.String(` [\n {\n \"name\": \"entity_id\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"Test default entity_id\"\n },\n {\n \"name\": \"test_entity_column\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"test secondary entity column\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"mode\": \"NULLABLE\",\n \"type\": \"TIMESTAMP\",\n \"description\": \"Default timestamp value\"\n }\n]\n`),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vertex.NewAiFeatureOnlineStoreFeatureview(ctx, \"featureview\", \u0026vertex.AiFeatureOnlineStoreFeatureviewArgs{\n\t\t\tName: pulumi.String(\"example_feature_view\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tFeatureOnlineStore: featureonlinestore.Name,\n\t\t\tSyncConfig: \u0026vertex.AiFeatureOnlineStoreFeatureviewSyncConfigArgs{\n\t\t\t\tCron: pulumi.String(\"0 0 * * *\"),\n\t\t\t},\n\t\t\tBigQuerySource: \u0026vertex.AiFeatureOnlineStoreFeatureviewBigQuerySourceArgs{\n\t\t\t\tUri: pulumi.All(tf_test_table.Project, tf_test_table.DatasetId, tf_test_table.TableId).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\tproject := _args[0].(string)\n\t\t\t\t\tdatasetId := _args[1].(string)\n\t\t\t\t\ttableId := _args[2].(string)\n\t\t\t\t\treturn fmt.Sprintf(\"bq://%v.%v.%v\", project, datasetId, tableId), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\tEntityIdColumns: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"test_entity_column\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStore;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStoreArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreBigtableArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreBigtableAutoScalingArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Table;\nimport com.pulumi.gcp.bigquery.TableArgs;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStoreFeatureview;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStoreFeatureviewArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreFeatureviewSyncConfigArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreFeatureviewBigQuerySourceArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var featureonlinestore = new AiFeatureOnlineStore(\"featureonlinestore\", AiFeatureOnlineStoreArgs.builder()\n .name(\"example_feature_view\")\n .labels(Map.of(\"foo\", \"bar\"))\n .region(\"us-central1\")\n .bigtable(AiFeatureOnlineStoreBigtableArgs.builder()\n .autoScaling(AiFeatureOnlineStoreBigtableAutoScalingArgs.builder()\n .minNodeCount(1)\n .maxNodeCount(2)\n .cpuUtilizationTarget(80)\n .build())\n .build())\n .build());\n\n var tf_test_dataset = new Dataset(\"tf-test-dataset\", DatasetArgs.builder()\n .datasetId(\"example_feature_view\")\n .friendlyName(\"test\")\n .description(\"This is a test description\")\n .location(\"US\")\n .build());\n\n var tf_test_table = new Table(\"tf-test-table\", TableArgs.builder()\n .deletionProtection(false)\n .datasetId(tf_test_dataset.datasetId())\n .tableId(\"example_feature_view\")\n .schema(\"\"\"\n [\n {\n \"name\": \"entity_id\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"Test default entity_id\"\n },\n {\n \"name\": \"test_entity_column\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"test secondary entity column\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"mode\": \"NULLABLE\",\n \"type\": \"TIMESTAMP\",\n \"description\": \"Default timestamp value\"\n }\n]\n \"\"\")\n .build());\n\n var featureview = new AiFeatureOnlineStoreFeatureview(\"featureview\", AiFeatureOnlineStoreFeatureviewArgs.builder()\n .name(\"example_feature_view\")\n .region(\"us-central1\")\n .featureOnlineStore(featureonlinestore.name())\n .syncConfig(AiFeatureOnlineStoreFeatureviewSyncConfigArgs.builder()\n .cron(\"0 0 * * *\")\n .build())\n .bigQuerySource(AiFeatureOnlineStoreFeatureviewBigQuerySourceArgs.builder()\n .uri(Output.tuple(tf_test_table.project(), tf_test_table.datasetId(), tf_test_table.tableId()).applyValue(values -\u003e {\n var project = values.t1;\n var datasetId = values.t2;\n var tableId = values.t3;\n return String.format(\"bq://%s.%s.%s\", project,datasetId,tableId);\n }))\n .entityIdColumns(\"test_entity_column\")\n .build())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n }\n}\n```\n```yaml\nresources:\n featureonlinestore:\n type: gcp:vertex:AiFeatureOnlineStore\n properties:\n name: example_feature_view\n labels:\n foo: bar\n region: us-central1\n bigtable:\n autoScaling:\n minNodeCount: 1\n maxNodeCount: 2\n cpuUtilizationTarget: 80\n tf-test-dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_feature_view\n friendlyName: test\n description: This is a test description\n location: US\n tf-test-table:\n type: gcp:bigquery:Table\n properties:\n deletionProtection: false\n datasetId: ${[\"tf-test-dataset\"].datasetId}\n tableId: example_feature_view\n schema: |2\n [\n {\n \"name\": \"entity_id\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"Test default entity_id\"\n },\n {\n \"name\": \"test_entity_column\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"test secondary entity column\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"mode\": \"NULLABLE\",\n \"type\": \"TIMESTAMP\",\n \"description\": \"Default timestamp value\"\n }\n ]\n featureview:\n type: gcp:vertex:AiFeatureOnlineStoreFeatureview\n properties:\n name: example_feature_view\n region: us-central1\n featureOnlineStore: ${featureonlinestore.name}\n syncConfig:\n cron: 0 0 * * *\n bigQuerySource:\n uri: bq://${[\"tf-test-table\"].project}.${[\"tf-test-table\"].datasetId}.${[\"tf-test-table\"].tableId}\n entityIdColumns:\n - test_entity_column\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Vertex Ai Featureonlinestore Featureview Feature Registry\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst featureonlinestore = new gcp.vertex.AiFeatureOnlineStore(\"featureonlinestore\", {\n name: \"example_feature_view_feature_registry\",\n labels: {\n foo: \"bar\",\n },\n region: \"us-central1\",\n bigtable: {\n autoScaling: {\n minNodeCount: 1,\n maxNodeCount: 2,\n cpuUtilizationTarget: 80,\n },\n },\n});\nconst sampleDataset = new gcp.bigquery.Dataset(\"sample_dataset\", {\n datasetId: \"example_feature_view_feature_registry\",\n friendlyName: \"test\",\n description: \"This is a test description\",\n location: \"US\",\n});\nconst sampleTable = new gcp.bigquery.Table(\"sample_table\", {\n deletionProtection: false,\n datasetId: sampleDataset.datasetId,\n tableId: \"example_feature_view_feature_registry\",\n schema: `[\n {\n \"name\": \"feature_id\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"example_feature_view_feature_registry\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"type\": \"TIMESTAMP\",\n \"mode\": \"NULLABLE\"\n }\n]\n`,\n});\nconst sampleFeatureGroup = new gcp.vertex.AiFeatureGroup(\"sample_feature_group\", {\n name: \"example_feature_view_feature_registry\",\n description: \"A sample feature group\",\n region: \"us-central1\",\n labels: {\n \"label-one\": \"value-one\",\n },\n bigQuery: {\n bigQuerySource: {\n inputUri: pulumi.interpolate`bq://${sampleTable.project}.${sampleTable.datasetId}.${sampleTable.tableId}`,\n },\n entityIdColumns: [\"feature_id\"],\n },\n});\nconst sampleFeature = new gcp.vertex.AiFeatureGroupFeature(\"sample_feature\", {\n name: \"example_feature_view_feature_registry\",\n region: \"us-central1\",\n featureGroup: sampleFeatureGroup.name,\n description: \"A sample feature\",\n labels: {\n \"label-one\": \"value-one\",\n },\n});\nconst featureviewFeatureregistry = new gcp.vertex.AiFeatureOnlineStoreFeatureview(\"featureview_featureregistry\", {\n name: \"example_feature_view_feature_registry\",\n region: \"us-central1\",\n featureOnlineStore: featureonlinestore.name,\n syncConfig: {\n cron: \"0 0 * * *\",\n },\n featureRegistrySource: {\n featureGroups: [{\n featureGroupId: sampleFeatureGroup.name,\n featureIds: [sampleFeature.name],\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfeatureonlinestore = gcp.vertex.AiFeatureOnlineStore(\"featureonlinestore\",\n name=\"example_feature_view_feature_registry\",\n labels={\n \"foo\": \"bar\",\n },\n region=\"us-central1\",\n bigtable={\n \"auto_scaling\": {\n \"min_node_count\": 1,\n \"max_node_count\": 2,\n \"cpu_utilization_target\": 80,\n },\n })\nsample_dataset = gcp.bigquery.Dataset(\"sample_dataset\",\n dataset_id=\"example_feature_view_feature_registry\",\n friendly_name=\"test\",\n description=\"This is a test description\",\n location=\"US\")\nsample_table = gcp.bigquery.Table(\"sample_table\",\n deletion_protection=False,\n dataset_id=sample_dataset.dataset_id,\n table_id=\"example_feature_view_feature_registry\",\n schema=\"\"\"[\n {\n \"name\": \"feature_id\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"example_feature_view_feature_registry\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"type\": \"TIMESTAMP\",\n \"mode\": \"NULLABLE\"\n }\n]\n\"\"\")\nsample_feature_group = gcp.vertex.AiFeatureGroup(\"sample_feature_group\",\n name=\"example_feature_view_feature_registry\",\n description=\"A sample feature group\",\n region=\"us-central1\",\n labels={\n \"label-one\": \"value-one\",\n },\n big_query={\n \"big_query_source\": {\n \"input_uri\": pulumi.Output.all(\n project=sample_table.project,\n dataset_id=sample_table.dataset_id,\n table_id=sample_table.table_id\n).apply(lambda resolved_outputs: f\"bq://{resolved_outputs['project']}.{resolved_outputs['dataset_id']}.{resolved_outputs['table_id']}\")\n,\n },\n \"entity_id_columns\": [\"feature_id\"],\n })\nsample_feature = gcp.vertex.AiFeatureGroupFeature(\"sample_feature\",\n name=\"example_feature_view_feature_registry\",\n region=\"us-central1\",\n feature_group=sample_feature_group.name,\n description=\"A sample feature\",\n labels={\n \"label-one\": \"value-one\",\n })\nfeatureview_featureregistry = gcp.vertex.AiFeatureOnlineStoreFeatureview(\"featureview_featureregistry\",\n name=\"example_feature_view_feature_registry\",\n region=\"us-central1\",\n feature_online_store=featureonlinestore.name,\n sync_config={\n \"cron\": \"0 0 * * *\",\n },\n feature_registry_source={\n \"feature_groups\": [{\n \"feature_group_id\": sample_feature_group.name,\n \"feature_ids\": [sample_feature.name],\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var featureonlinestore = new Gcp.Vertex.AiFeatureOnlineStore(\"featureonlinestore\", new()\n {\n Name = \"example_feature_view_feature_registry\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Region = \"us-central1\",\n Bigtable = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreBigtableArgs\n {\n AutoScaling = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreBigtableAutoScalingArgs\n {\n MinNodeCount = 1,\n MaxNodeCount = 2,\n CpuUtilizationTarget = 80,\n },\n },\n });\n\n var sampleDataset = new Gcp.BigQuery.Dataset(\"sample_dataset\", new()\n {\n DatasetId = \"example_feature_view_feature_registry\",\n FriendlyName = \"test\",\n Description = \"This is a test description\",\n Location = \"US\",\n });\n\n var sampleTable = new Gcp.BigQuery.Table(\"sample_table\", new()\n {\n DeletionProtection = false,\n DatasetId = sampleDataset.DatasetId,\n TableId = \"example_feature_view_feature_registry\",\n Schema = @\"[\n {\n \"\"name\"\": \"\"feature_id\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"mode\"\": \"\"NULLABLE\"\"\n },\n {\n \"\"name\"\": \"\"example_feature_view_feature_registry\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"mode\"\": \"\"NULLABLE\"\"\n },\n {\n \"\"name\"\": \"\"feature_timestamp\"\",\n \"\"type\"\": \"\"TIMESTAMP\"\",\n \"\"mode\"\": \"\"NULLABLE\"\"\n }\n]\n\",\n });\n\n var sampleFeatureGroup = new Gcp.Vertex.AiFeatureGroup(\"sample_feature_group\", new()\n {\n Name = \"example_feature_view_feature_registry\",\n Description = \"A sample feature group\",\n Region = \"us-central1\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n BigQuery = new Gcp.Vertex.Inputs.AiFeatureGroupBigQueryArgs\n {\n BigQuerySource = new Gcp.Vertex.Inputs.AiFeatureGroupBigQueryBigQuerySourceArgs\n {\n InputUri = Output.Tuple(sampleTable.Project, sampleTable.DatasetId, sampleTable.TableId).Apply(values =\u003e\n {\n var project = values.Item1;\n var datasetId = values.Item2;\n var tableId = values.Item3;\n return $\"bq://{project}.{datasetId}.{tableId}\";\n }),\n },\n EntityIdColumns = new[]\n {\n \"feature_id\",\n },\n },\n });\n\n var sampleFeature = new Gcp.Vertex.AiFeatureGroupFeature(\"sample_feature\", new()\n {\n Name = \"example_feature_view_feature_registry\",\n Region = \"us-central1\",\n FeatureGroup = sampleFeatureGroup.Name,\n Description = \"A sample feature\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n });\n\n var featureviewFeatureregistry = new Gcp.Vertex.AiFeatureOnlineStoreFeatureview(\"featureview_featureregistry\", new()\n {\n Name = \"example_feature_view_feature_registry\",\n Region = \"us-central1\",\n FeatureOnlineStore = featureonlinestore.Name,\n SyncConfig = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreFeatureviewSyncConfigArgs\n {\n Cron = \"0 0 * * *\",\n },\n FeatureRegistrySource = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreFeatureviewFeatureRegistrySourceArgs\n {\n FeatureGroups = new[]\n {\n new Gcp.Vertex.Inputs.AiFeatureOnlineStoreFeatureviewFeatureRegistrySourceFeatureGroupArgs\n {\n FeatureGroupId = sampleFeatureGroup.Name,\n FeatureIds = new[]\n {\n sampleFeature.Name,\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vertex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfeatureonlinestore, err := vertex.NewAiFeatureOnlineStore(ctx, \"featureonlinestore\", \u0026vertex.AiFeatureOnlineStoreArgs{\n\t\t\tName: pulumi.String(\"example_feature_view_feature_registry\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tBigtable: \u0026vertex.AiFeatureOnlineStoreBigtableArgs{\n\t\t\t\tAutoScaling: \u0026vertex.AiFeatureOnlineStoreBigtableAutoScalingArgs{\n\t\t\t\t\tMinNodeCount: pulumi.Int(1),\n\t\t\t\t\tMaxNodeCount: pulumi.Int(2),\n\t\t\t\t\tCpuUtilizationTarget: pulumi.Int(80),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsampleDataset, err := bigquery.NewDataset(ctx, \"sample_dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_feature_view_feature_registry\"),\n\t\t\tFriendlyName: pulumi.String(\"test\"),\n\t\t\tDescription: pulumi.String(\"This is a test description\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsampleTable, err := bigquery.NewTable(ctx, \"sample_table\", \u0026bigquery.TableArgs{\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tDatasetId: sampleDataset.DatasetId,\n\t\t\tTableId: pulumi.String(\"example_feature_view_feature_registry\"),\n\t\t\tSchema: pulumi.String(`[\n {\n \"name\": \"feature_id\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"example_feature_view_feature_registry\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"type\": \"TIMESTAMP\",\n \"mode\": \"NULLABLE\"\n }\n]\n`),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsampleFeatureGroup, err := vertex.NewAiFeatureGroup(ctx, \"sample_feature_group\", \u0026vertex.AiFeatureGroupArgs{\n\t\t\tName: pulumi.String(\"example_feature_view_feature_registry\"),\n\t\t\tDescription: pulumi.String(\"A sample feature group\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tBigQuery: \u0026vertex.AiFeatureGroupBigQueryArgs{\n\t\t\t\tBigQuerySource: \u0026vertex.AiFeatureGroupBigQueryBigQuerySourceArgs{\n\t\t\t\t\tInputUri: pulumi.All(sampleTable.Project, sampleTable.DatasetId, sampleTable.TableId).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\tproject := _args[0].(string)\n\t\t\t\t\t\tdatasetId := _args[1].(string)\n\t\t\t\t\t\ttableId := _args[2].(string)\n\t\t\t\t\t\treturn fmt.Sprintf(\"bq://%v.%v.%v\", project, datasetId, tableId), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t},\n\t\t\t\tEntityIdColumns: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"feature_id\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsampleFeature, err := vertex.NewAiFeatureGroupFeature(ctx, \"sample_feature\", \u0026vertex.AiFeatureGroupFeatureArgs{\n\t\t\tName: pulumi.String(\"example_feature_view_feature_registry\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tFeatureGroup: sampleFeatureGroup.Name,\n\t\t\tDescription: pulumi.String(\"A sample feature\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vertex.NewAiFeatureOnlineStoreFeatureview(ctx, \"featureview_featureregistry\", \u0026vertex.AiFeatureOnlineStoreFeatureviewArgs{\n\t\t\tName: pulumi.String(\"example_feature_view_feature_registry\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tFeatureOnlineStore: featureonlinestore.Name,\n\t\t\tSyncConfig: \u0026vertex.AiFeatureOnlineStoreFeatureviewSyncConfigArgs{\n\t\t\t\tCron: pulumi.String(\"0 0 * * *\"),\n\t\t\t},\n\t\t\tFeatureRegistrySource: \u0026vertex.AiFeatureOnlineStoreFeatureviewFeatureRegistrySourceArgs{\n\t\t\t\tFeatureGroups: vertex.AiFeatureOnlineStoreFeatureviewFeatureRegistrySourceFeatureGroupArray{\n\t\t\t\t\t\u0026vertex.AiFeatureOnlineStoreFeatureviewFeatureRegistrySourceFeatureGroupArgs{\n\t\t\t\t\t\tFeatureGroupId: sampleFeatureGroup.Name,\n\t\t\t\t\t\tFeatureIds: pulumi.StringArray{\n\t\t\t\t\t\t\tsampleFeature.Name,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStore;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStoreArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreBigtableArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreBigtableAutoScalingArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Table;\nimport com.pulumi.gcp.bigquery.TableArgs;\nimport com.pulumi.gcp.vertex.AiFeatureGroup;\nimport com.pulumi.gcp.vertex.AiFeatureGroupArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureGroupBigQueryArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureGroupBigQueryBigQuerySourceArgs;\nimport com.pulumi.gcp.vertex.AiFeatureGroupFeature;\nimport com.pulumi.gcp.vertex.AiFeatureGroupFeatureArgs;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStoreFeatureview;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStoreFeatureviewArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreFeatureviewSyncConfigArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreFeatureviewFeatureRegistrySourceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var featureonlinestore = new AiFeatureOnlineStore(\"featureonlinestore\", AiFeatureOnlineStoreArgs.builder()\n .name(\"example_feature_view_feature_registry\")\n .labels(Map.of(\"foo\", \"bar\"))\n .region(\"us-central1\")\n .bigtable(AiFeatureOnlineStoreBigtableArgs.builder()\n .autoScaling(AiFeatureOnlineStoreBigtableAutoScalingArgs.builder()\n .minNodeCount(1)\n .maxNodeCount(2)\n .cpuUtilizationTarget(80)\n .build())\n .build())\n .build());\n\n var sampleDataset = new Dataset(\"sampleDataset\", DatasetArgs.builder()\n .datasetId(\"example_feature_view_feature_registry\")\n .friendlyName(\"test\")\n .description(\"This is a test description\")\n .location(\"US\")\n .build());\n\n var sampleTable = new Table(\"sampleTable\", TableArgs.builder()\n .deletionProtection(false)\n .datasetId(sampleDataset.datasetId())\n .tableId(\"example_feature_view_feature_registry\")\n .schema(\"\"\"\n[\n {\n \"name\": \"feature_id\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"example_feature_view_feature_registry\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"type\": \"TIMESTAMP\",\n \"mode\": \"NULLABLE\"\n }\n]\n \"\"\")\n .build());\n\n var sampleFeatureGroup = new AiFeatureGroup(\"sampleFeatureGroup\", AiFeatureGroupArgs.builder()\n .name(\"example_feature_view_feature_registry\")\n .description(\"A sample feature group\")\n .region(\"us-central1\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .bigQuery(AiFeatureGroupBigQueryArgs.builder()\n .bigQuerySource(AiFeatureGroupBigQueryBigQuerySourceArgs.builder()\n .inputUri(Output.tuple(sampleTable.project(), sampleTable.datasetId(), sampleTable.tableId()).applyValue(values -\u003e {\n var project = values.t1;\n var datasetId = values.t2;\n var tableId = values.t3;\n return String.format(\"bq://%s.%s.%s\", project,datasetId,tableId);\n }))\n .build())\n .entityIdColumns(\"feature_id\")\n .build())\n .build());\n\n var sampleFeature = new AiFeatureGroupFeature(\"sampleFeature\", AiFeatureGroupFeatureArgs.builder()\n .name(\"example_feature_view_feature_registry\")\n .region(\"us-central1\")\n .featureGroup(sampleFeatureGroup.name())\n .description(\"A sample feature\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .build());\n\n var featureviewFeatureregistry = new AiFeatureOnlineStoreFeatureview(\"featureviewFeatureregistry\", AiFeatureOnlineStoreFeatureviewArgs.builder()\n .name(\"example_feature_view_feature_registry\")\n .region(\"us-central1\")\n .featureOnlineStore(featureonlinestore.name())\n .syncConfig(AiFeatureOnlineStoreFeatureviewSyncConfigArgs.builder()\n .cron(\"0 0 * * *\")\n .build())\n .featureRegistrySource(AiFeatureOnlineStoreFeatureviewFeatureRegistrySourceArgs.builder()\n .featureGroups(AiFeatureOnlineStoreFeatureviewFeatureRegistrySourceFeatureGroupArgs.builder()\n .featureGroupId(sampleFeatureGroup.name())\n .featureIds(sampleFeature.name())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n featureonlinestore:\n type: gcp:vertex:AiFeatureOnlineStore\n properties:\n name: example_feature_view_feature_registry\n labels:\n foo: bar\n region: us-central1\n bigtable:\n autoScaling:\n minNodeCount: 1\n maxNodeCount: 2\n cpuUtilizationTarget: 80\n sampleDataset:\n type: gcp:bigquery:Dataset\n name: sample_dataset\n properties:\n datasetId: example_feature_view_feature_registry\n friendlyName: test\n description: This is a test description\n location: US\n sampleTable:\n type: gcp:bigquery:Table\n name: sample_table\n properties:\n deletionProtection: false\n datasetId: ${sampleDataset.datasetId}\n tableId: example_feature_view_feature_registry\n schema: |\n [\n {\n \"name\": \"feature_id\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"example_feature_view_feature_registry\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"type\": \"TIMESTAMP\",\n \"mode\": \"NULLABLE\"\n }\n ]\n sampleFeatureGroup:\n type: gcp:vertex:AiFeatureGroup\n name: sample_feature_group\n properties:\n name: example_feature_view_feature_registry\n description: A sample feature group\n region: us-central1\n labels:\n label-one: value-one\n bigQuery:\n bigQuerySource:\n inputUri: bq://${sampleTable.project}.${sampleTable.datasetId}.${sampleTable.tableId}\n entityIdColumns:\n - feature_id\n sampleFeature:\n type: gcp:vertex:AiFeatureGroupFeature\n name: sample_feature\n properties:\n name: example_feature_view_feature_registry\n region: us-central1\n featureGroup: ${sampleFeatureGroup.name}\n description: A sample feature\n labels:\n label-one: value-one\n featureviewFeatureregistry:\n type: gcp:vertex:AiFeatureOnlineStoreFeatureview\n name: featureview_featureregistry\n properties:\n name: example_feature_view_feature_registry\n region: us-central1\n featureOnlineStore: ${featureonlinestore.name}\n syncConfig:\n cron: 0 0 * * *\n featureRegistrySource:\n featureGroups:\n - featureGroupId: ${sampleFeatureGroup.name}\n featureIds:\n - ${sampleFeature.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Vertex Ai Featureonlinestore Featureview Cross Project\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst testProject = gcp.organizations.getProject({});\nconst project = new gcp.organizations.Project(\"project\", {\n projectId: \"tf-test_41150\",\n name: \"tf-test_89313\",\n orgId: \"123456789\",\n billingAccount: \"000000-0000000-0000000-000000\",\n deletionPolicy: \"DELETE\",\n});\nconst wait60Seconds = new time.index.Sleep(\"wait_60_seconds\", {createDuration: \"60s\"}, {\n dependsOn: [project],\n});\nconst vertexai = new gcp.projects.Service(\"vertexai\", {\n service: \"aiplatform.googleapis.com\",\n project: project.projectId,\n disableOnDestroy: false,\n}, {\n dependsOn: [wait60Seconds],\n});\nconst featureonlinestore = new gcp.vertex.AiFeatureOnlineStore(\"featureonlinestore\", {\n name: \"example_cross_project_featureview\",\n project: project.projectId,\n labels: {\n foo: \"bar\",\n },\n region: \"us-central1\",\n bigtable: {\n autoScaling: {\n minNodeCount: 1,\n maxNodeCount: 2,\n cpuUtilizationTarget: 80,\n },\n },\n}, {\n dependsOn: [vertexai],\n});\nconst sampleDataset = new gcp.bigquery.Dataset(\"sample_dataset\", {\n datasetId: \"example_cross_project_featureview\",\n friendlyName: \"test\",\n description: \"This is a test description\",\n location: \"US\",\n});\nconst viewer = new gcp.bigquery.DatasetIamMember(\"viewer\", {\n project: testProject.then(testProject =\u003e testProject.projectId),\n datasetId: sampleDataset.datasetId,\n role: \"roles/bigquery.dataViewer\",\n member: pulumi.interpolate`serviceAccount:service-${project.number}@gcp-sa-aiplatform.iam.gserviceaccount.com`,\n}, {\n dependsOn: [featureonlinestore],\n});\nconst wait30Seconds = new time.index.Sleep(\"wait_30_seconds\", {createDuration: \"30s\"}, {\n dependsOn: [viewer],\n});\nconst sampleTable = new gcp.bigquery.Table(\"sample_table\", {\n deletionProtection: false,\n datasetId: sampleDataset.datasetId,\n tableId: \"example_cross_project_featureview\",\n schema: `[\n {\n \"name\": \"feature_id\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"example_cross_project_featureview\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"type\": \"TIMESTAMP\",\n \"mode\": \"NULLABLE\"\n }\n]\n`,\n});\nconst sampleFeatureGroup = new gcp.vertex.AiFeatureGroup(\"sample_feature_group\", {\n name: \"example_cross_project_featureview\",\n description: \"A sample feature group\",\n region: \"us-central1\",\n labels: {\n \"label-one\": \"value-one\",\n },\n bigQuery: {\n bigQuerySource: {\n inputUri: pulumi.interpolate`bq://${sampleTable.project}.${sampleTable.datasetId}.${sampleTable.tableId}`,\n },\n entityIdColumns: [\"feature_id\"],\n },\n});\nconst sampleFeature = new gcp.vertex.AiFeatureGroupFeature(\"sample_feature\", {\n name: \"example_cross_project_featureview\",\n region: \"us-central1\",\n featureGroup: sampleFeatureGroup.name,\n description: \"A sample feature\",\n labels: {\n \"label-one\": \"value-one\",\n },\n});\nconst crossProjectFeatureview = new gcp.vertex.AiFeatureOnlineStoreFeatureview(\"cross_project_featureview\", {\n name: \"example_cross_project_featureview\",\n project: project.projectId,\n region: \"us-central1\",\n featureOnlineStore: featureonlinestore.name,\n syncConfig: {\n cron: \"0 0 * * *\",\n },\n featureRegistrySource: {\n featureGroups: [{\n featureGroupId: sampleFeatureGroup.name,\n featureIds: [sampleFeature.name],\n }],\n projectNumber: testProject.then(testProject =\u003e testProject.number),\n },\n}, {\n dependsOn: [\n vertexai,\n wait30Seconds,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\ntest_project = gcp.organizations.get_project()\nproject = gcp.organizations.Project(\"project\",\n project_id=\"tf-test_41150\",\n name=\"tf-test_89313\",\n org_id=\"123456789\",\n billing_account=\"000000-0000000-0000000-000000\",\n deletion_policy=\"DELETE\")\nwait60_seconds = time.index.Sleep(\"wait_60_seconds\", create_duration=60s,\nopts = pulumi.ResourceOptions(depends_on=[project]))\nvertexai = gcp.projects.Service(\"vertexai\",\n service=\"aiplatform.googleapis.com\",\n project=project.project_id,\n disable_on_destroy=False,\n opts = pulumi.ResourceOptions(depends_on=[wait60_seconds]))\nfeatureonlinestore = gcp.vertex.AiFeatureOnlineStore(\"featureonlinestore\",\n name=\"example_cross_project_featureview\",\n project=project.project_id,\n labels={\n \"foo\": \"bar\",\n },\n region=\"us-central1\",\n bigtable={\n \"auto_scaling\": {\n \"min_node_count\": 1,\n \"max_node_count\": 2,\n \"cpu_utilization_target\": 80,\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[vertexai]))\nsample_dataset = gcp.bigquery.Dataset(\"sample_dataset\",\n dataset_id=\"example_cross_project_featureview\",\n friendly_name=\"test\",\n description=\"This is a test description\",\n location=\"US\")\nviewer = gcp.bigquery.DatasetIamMember(\"viewer\",\n project=test_project.project_id,\n dataset_id=sample_dataset.dataset_id,\n role=\"roles/bigquery.dataViewer\",\n member=project.number.apply(lambda number: f\"serviceAccount:service-{number}@gcp-sa-aiplatform.iam.gserviceaccount.com\"),\n opts = pulumi.ResourceOptions(depends_on=[featureonlinestore]))\nwait30_seconds = time.index.Sleep(\"wait_30_seconds\", create_duration=30s,\nopts = pulumi.ResourceOptions(depends_on=[viewer]))\nsample_table = gcp.bigquery.Table(\"sample_table\",\n deletion_protection=False,\n dataset_id=sample_dataset.dataset_id,\n table_id=\"example_cross_project_featureview\",\n schema=\"\"\"[\n {\n \"name\": \"feature_id\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"example_cross_project_featureview\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"type\": \"TIMESTAMP\",\n \"mode\": \"NULLABLE\"\n }\n]\n\"\"\")\nsample_feature_group = gcp.vertex.AiFeatureGroup(\"sample_feature_group\",\n name=\"example_cross_project_featureview\",\n description=\"A sample feature group\",\n region=\"us-central1\",\n labels={\n \"label-one\": \"value-one\",\n },\n big_query={\n \"big_query_source\": {\n \"input_uri\": pulumi.Output.all(\n project=sample_table.project,\n dataset_id=sample_table.dataset_id,\n table_id=sample_table.table_id\n).apply(lambda resolved_outputs: f\"bq://{resolved_outputs['project']}.{resolved_outputs['dataset_id']}.{resolved_outputs['table_id']}\")\n,\n },\n \"entity_id_columns\": [\"feature_id\"],\n })\nsample_feature = gcp.vertex.AiFeatureGroupFeature(\"sample_feature\",\n name=\"example_cross_project_featureview\",\n region=\"us-central1\",\n feature_group=sample_feature_group.name,\n description=\"A sample feature\",\n labels={\n \"label-one\": \"value-one\",\n })\ncross_project_featureview = gcp.vertex.AiFeatureOnlineStoreFeatureview(\"cross_project_featureview\",\n name=\"example_cross_project_featureview\",\n project=project.project_id,\n region=\"us-central1\",\n feature_online_store=featureonlinestore.name,\n sync_config={\n \"cron\": \"0 0 * * *\",\n },\n feature_registry_source={\n \"feature_groups\": [{\n \"feature_group_id\": sample_feature_group.name,\n \"feature_ids\": [sample_feature.name],\n }],\n \"project_number\": test_project.number,\n },\n opts = pulumi.ResourceOptions(depends_on=[\n vertexai,\n wait30_seconds,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testProject = Gcp.Organizations.GetProject.Invoke();\n\n var project = new Gcp.Organizations.Project(\"project\", new()\n {\n ProjectId = \"tf-test_41150\",\n Name = \"tf-test_89313\",\n OrgId = \"123456789\",\n BillingAccount = \"000000-0000000-0000000-000000\",\n DeletionPolicy = \"DELETE\",\n });\n\n var wait60Seconds = new Time.Index.Sleep(\"wait_60_seconds\", new()\n {\n CreateDuration = \"60s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n project,\n },\n });\n\n var vertexai = new Gcp.Projects.Service(\"vertexai\", new()\n {\n ServiceName = \"aiplatform.googleapis.com\",\n Project = project.ProjectId,\n DisableOnDestroy = false,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait60Seconds,\n },\n });\n\n var featureonlinestore = new Gcp.Vertex.AiFeatureOnlineStore(\"featureonlinestore\", new()\n {\n Name = \"example_cross_project_featureview\",\n Project = project.ProjectId,\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Region = \"us-central1\",\n Bigtable = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreBigtableArgs\n {\n AutoScaling = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreBigtableAutoScalingArgs\n {\n MinNodeCount = 1,\n MaxNodeCount = 2,\n CpuUtilizationTarget = 80,\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n vertexai,\n },\n });\n\n var sampleDataset = new Gcp.BigQuery.Dataset(\"sample_dataset\", new()\n {\n DatasetId = \"example_cross_project_featureview\",\n FriendlyName = \"test\",\n Description = \"This is a test description\",\n Location = \"US\",\n });\n\n var viewer = new Gcp.BigQuery.DatasetIamMember(\"viewer\", new()\n {\n Project = testProject.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n DatasetId = sampleDataset.DatasetId,\n Role = \"roles/bigquery.dataViewer\",\n Member = project.Number.Apply(number =\u003e $\"serviceAccount:service-{number}@gcp-sa-aiplatform.iam.gserviceaccount.com\"),\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n featureonlinestore,\n },\n });\n\n var wait30Seconds = new Time.Index.Sleep(\"wait_30_seconds\", new()\n {\n CreateDuration = \"30s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n viewer,\n },\n });\n\n var sampleTable = new Gcp.BigQuery.Table(\"sample_table\", new()\n {\n DeletionProtection = false,\n DatasetId = sampleDataset.DatasetId,\n TableId = \"example_cross_project_featureview\",\n Schema = @\"[\n {\n \"\"name\"\": \"\"feature_id\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"mode\"\": \"\"NULLABLE\"\"\n },\n {\n \"\"name\"\": \"\"example_cross_project_featureview\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"mode\"\": \"\"NULLABLE\"\"\n },\n {\n \"\"name\"\": \"\"feature_timestamp\"\",\n \"\"type\"\": \"\"TIMESTAMP\"\",\n \"\"mode\"\": \"\"NULLABLE\"\"\n }\n]\n\",\n });\n\n var sampleFeatureGroup = new Gcp.Vertex.AiFeatureGroup(\"sample_feature_group\", new()\n {\n Name = \"example_cross_project_featureview\",\n Description = \"A sample feature group\",\n Region = \"us-central1\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n BigQuery = new Gcp.Vertex.Inputs.AiFeatureGroupBigQueryArgs\n {\n BigQuerySource = new Gcp.Vertex.Inputs.AiFeatureGroupBigQueryBigQuerySourceArgs\n {\n InputUri = Output.Tuple(sampleTable.Project, sampleTable.DatasetId, sampleTable.TableId).Apply(values =\u003e\n {\n var project = values.Item1;\n var datasetId = values.Item2;\n var tableId = values.Item3;\n return $\"bq://{project}.{datasetId}.{tableId}\";\n }),\n },\n EntityIdColumns = new[]\n {\n \"feature_id\",\n },\n },\n });\n\n var sampleFeature = new Gcp.Vertex.AiFeatureGroupFeature(\"sample_feature\", new()\n {\n Name = \"example_cross_project_featureview\",\n Region = \"us-central1\",\n FeatureGroup = sampleFeatureGroup.Name,\n Description = \"A sample feature\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n });\n\n var crossProjectFeatureview = new Gcp.Vertex.AiFeatureOnlineStoreFeatureview(\"cross_project_featureview\", new()\n {\n Name = \"example_cross_project_featureview\",\n Project = project.ProjectId,\n Region = \"us-central1\",\n FeatureOnlineStore = featureonlinestore.Name,\n SyncConfig = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreFeatureviewSyncConfigArgs\n {\n Cron = \"0 0 * * *\",\n },\n FeatureRegistrySource = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreFeatureviewFeatureRegistrySourceArgs\n {\n FeatureGroups = new[]\n {\n new Gcp.Vertex.Inputs.AiFeatureOnlineStoreFeatureviewFeatureRegistrySourceFeatureGroupArgs\n {\n FeatureGroupId = sampleFeatureGroup.Name,\n FeatureIds = new[]\n {\n sampleFeature.Name,\n },\n },\n },\n ProjectNumber = testProject.Apply(getProjectResult =\u003e getProjectResult.Number),\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n vertexai,\n wait30Seconds,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vertex\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestProject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.NewProject(ctx, \"project\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"tf-test_41150\"),\n\t\t\tName: pulumi.String(\"tf-test_89313\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tBillingAccount: pulumi.String(\"000000-0000000-0000000-000000\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twait60Seconds, err := time.NewSleep(ctx, \"wait_60_seconds\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"60s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tproject,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvertexai, err := projects.NewService(ctx, \"vertexai\", \u0026projects.ServiceArgs{\n\t\t\tService: pulumi.String(\"aiplatform.googleapis.com\"),\n\t\t\tProject: project.ProjectId,\n\t\t\tDisableOnDestroy: pulumi.Bool(false),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait60Seconds,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfeatureonlinestore, err := vertex.NewAiFeatureOnlineStore(ctx, \"featureonlinestore\", \u0026vertex.AiFeatureOnlineStoreArgs{\n\t\t\tName: pulumi.String(\"example_cross_project_featureview\"),\n\t\t\tProject: project.ProjectId,\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tBigtable: \u0026vertex.AiFeatureOnlineStoreBigtableArgs{\n\t\t\t\tAutoScaling: \u0026vertex.AiFeatureOnlineStoreBigtableAutoScalingArgs{\n\t\t\t\t\tMinNodeCount: pulumi.Int(1),\n\t\t\t\t\tMaxNodeCount: pulumi.Int(2),\n\t\t\t\t\tCpuUtilizationTarget: pulumi.Int(80),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvertexai,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsampleDataset, err := bigquery.NewDataset(ctx, \"sample_dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_cross_project_featureview\"),\n\t\t\tFriendlyName: pulumi.String(\"test\"),\n\t\t\tDescription: pulumi.String(\"This is a test description\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tviewer, err := bigquery.NewDatasetIamMember(ctx, \"viewer\", \u0026bigquery.DatasetIamMemberArgs{\n\t\t\tProject: pulumi.String(testProject.ProjectId),\n\t\t\tDatasetId: sampleDataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataViewer\"),\n\t\t\tMember: project.Number.ApplyT(func(number string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:service-%v@gcp-sa-aiplatform.iam.gserviceaccount.com\", number), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfeatureonlinestore,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twait30Seconds, err := time.NewSleep(ctx, \"wait_30_seconds\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"30s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tviewer,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsampleTable, err := bigquery.NewTable(ctx, \"sample_table\", \u0026bigquery.TableArgs{\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tDatasetId: sampleDataset.DatasetId,\n\t\t\tTableId: pulumi.String(\"example_cross_project_featureview\"),\n\t\t\tSchema: pulumi.String(`[\n {\n \"name\": \"feature_id\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"example_cross_project_featureview\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"type\": \"TIMESTAMP\",\n \"mode\": \"NULLABLE\"\n }\n]\n`),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsampleFeatureGroup, err := vertex.NewAiFeatureGroup(ctx, \"sample_feature_group\", \u0026vertex.AiFeatureGroupArgs{\n\t\t\tName: pulumi.String(\"example_cross_project_featureview\"),\n\t\t\tDescription: pulumi.String(\"A sample feature group\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tBigQuery: \u0026vertex.AiFeatureGroupBigQueryArgs{\n\t\t\t\tBigQuerySource: \u0026vertex.AiFeatureGroupBigQueryBigQuerySourceArgs{\n\t\t\t\t\tInputUri: pulumi.All(sampleTable.Project, sampleTable.DatasetId, sampleTable.TableId).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\tproject := _args[0].(string)\n\t\t\t\t\t\tdatasetId := _args[1].(string)\n\t\t\t\t\t\ttableId := _args[2].(string)\n\t\t\t\t\t\treturn fmt.Sprintf(\"bq://%v.%v.%v\", project, datasetId, tableId), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t},\n\t\t\t\tEntityIdColumns: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"feature_id\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsampleFeature, err := vertex.NewAiFeatureGroupFeature(ctx, \"sample_feature\", \u0026vertex.AiFeatureGroupFeatureArgs{\n\t\t\tName: pulumi.String(\"example_cross_project_featureview\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tFeatureGroup: sampleFeatureGroup.Name,\n\t\t\tDescription: pulumi.String(\"A sample feature\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vertex.NewAiFeatureOnlineStoreFeatureview(ctx, \"cross_project_featureview\", \u0026vertex.AiFeatureOnlineStoreFeatureviewArgs{\n\t\t\tName: pulumi.String(\"example_cross_project_featureview\"),\n\t\t\tProject: project.ProjectId,\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tFeatureOnlineStore: featureonlinestore.Name,\n\t\t\tSyncConfig: \u0026vertex.AiFeatureOnlineStoreFeatureviewSyncConfigArgs{\n\t\t\t\tCron: pulumi.String(\"0 0 * * *\"),\n\t\t\t},\n\t\t\tFeatureRegistrySource: \u0026vertex.AiFeatureOnlineStoreFeatureviewFeatureRegistrySourceArgs{\n\t\t\t\tFeatureGroups: vertex.AiFeatureOnlineStoreFeatureviewFeatureRegistrySourceFeatureGroupArray{\n\t\t\t\t\t\u0026vertex.AiFeatureOnlineStoreFeatureviewFeatureRegistrySourceFeatureGroupArgs{\n\t\t\t\t\t\tFeatureGroupId: sampleFeatureGroup.Name,\n\t\t\t\t\t\tFeatureIds: pulumi.StringArray{\n\t\t\t\t\t\t\tsampleFeature.Name,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tProjectNumber: pulumi.String(testProject.Number),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvertexai,\n\t\t\twait30Seconds,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStore;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStoreArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreBigtableArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreBigtableAutoScalingArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamMember;\nimport com.pulumi.gcp.bigquery.DatasetIamMemberArgs;\nimport com.pulumi.gcp.bigquery.Table;\nimport com.pulumi.gcp.bigquery.TableArgs;\nimport com.pulumi.gcp.vertex.AiFeatureGroup;\nimport com.pulumi.gcp.vertex.AiFeatureGroupArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureGroupBigQueryArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureGroupBigQueryBigQuerySourceArgs;\nimport com.pulumi.gcp.vertex.AiFeatureGroupFeature;\nimport com.pulumi.gcp.vertex.AiFeatureGroupFeatureArgs;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStoreFeatureview;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStoreFeatureviewArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreFeatureviewSyncConfigArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreFeatureviewFeatureRegistrySourceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var testProject = OrganizationsFunctions.getProject();\n\n var project = new Project(\"project\", ProjectArgs.builder()\n .projectId(\"tf-test_41150\")\n .name(\"tf-test_89313\")\n .orgId(\"123456789\")\n .billingAccount(\"000000-0000000-0000000-000000\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var wait60Seconds = new Sleep(\"wait60Seconds\", SleepArgs.builder()\n .createDuration(\"60s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(project)\n .build());\n\n var vertexai = new Service(\"vertexai\", ServiceArgs.builder()\n .service(\"aiplatform.googleapis.com\")\n .project(project.projectId())\n .disableOnDestroy(false)\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait60Seconds)\n .build());\n\n var featureonlinestore = new AiFeatureOnlineStore(\"featureonlinestore\", AiFeatureOnlineStoreArgs.builder()\n .name(\"example_cross_project_featureview\")\n .project(project.projectId())\n .labels(Map.of(\"foo\", \"bar\"))\n .region(\"us-central1\")\n .bigtable(AiFeatureOnlineStoreBigtableArgs.builder()\n .autoScaling(AiFeatureOnlineStoreBigtableAutoScalingArgs.builder()\n .minNodeCount(1)\n .maxNodeCount(2)\n .cpuUtilizationTarget(80)\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(vertexai)\n .build());\n\n var sampleDataset = new Dataset(\"sampleDataset\", DatasetArgs.builder()\n .datasetId(\"example_cross_project_featureview\")\n .friendlyName(\"test\")\n .description(\"This is a test description\")\n .location(\"US\")\n .build());\n\n var viewer = new DatasetIamMember(\"viewer\", DatasetIamMemberArgs.builder()\n .project(testProject.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .datasetId(sampleDataset.datasetId())\n .role(\"roles/bigquery.dataViewer\")\n .member(project.number().applyValue(number -\u003e String.format(\"serviceAccount:service-%s@gcp-sa-aiplatform.iam.gserviceaccount.com\", number)))\n .build(), CustomResourceOptions.builder()\n .dependsOn(featureonlinestore)\n .build());\n\n var wait30Seconds = new Sleep(\"wait30Seconds\", SleepArgs.builder()\n .createDuration(\"30s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(viewer)\n .build());\n\n var sampleTable = new Table(\"sampleTable\", TableArgs.builder()\n .deletionProtection(false)\n .datasetId(sampleDataset.datasetId())\n .tableId(\"example_cross_project_featureview\")\n .schema(\"\"\"\n[\n {\n \"name\": \"feature_id\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"example_cross_project_featureview\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"type\": \"TIMESTAMP\",\n \"mode\": \"NULLABLE\"\n }\n]\n \"\"\")\n .build());\n\n var sampleFeatureGroup = new AiFeatureGroup(\"sampleFeatureGroup\", AiFeatureGroupArgs.builder()\n .name(\"example_cross_project_featureview\")\n .description(\"A sample feature group\")\n .region(\"us-central1\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .bigQuery(AiFeatureGroupBigQueryArgs.builder()\n .bigQuerySource(AiFeatureGroupBigQueryBigQuerySourceArgs.builder()\n .inputUri(Output.tuple(sampleTable.project(), sampleTable.datasetId(), sampleTable.tableId()).applyValue(values -\u003e {\n var project = values.t1;\n var datasetId = values.t2;\n var tableId = values.t3;\n return String.format(\"bq://%s.%s.%s\", project,datasetId,tableId);\n }))\n .build())\n .entityIdColumns(\"feature_id\")\n .build())\n .build());\n\n var sampleFeature = new AiFeatureGroupFeature(\"sampleFeature\", AiFeatureGroupFeatureArgs.builder()\n .name(\"example_cross_project_featureview\")\n .region(\"us-central1\")\n .featureGroup(sampleFeatureGroup.name())\n .description(\"A sample feature\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .build());\n\n var crossProjectFeatureview = new AiFeatureOnlineStoreFeatureview(\"crossProjectFeatureview\", AiFeatureOnlineStoreFeatureviewArgs.builder()\n .name(\"example_cross_project_featureview\")\n .project(project.projectId())\n .region(\"us-central1\")\n .featureOnlineStore(featureonlinestore.name())\n .syncConfig(AiFeatureOnlineStoreFeatureviewSyncConfigArgs.builder()\n .cron(\"0 0 * * *\")\n .build())\n .featureRegistrySource(AiFeatureOnlineStoreFeatureviewFeatureRegistrySourceArgs.builder()\n .featureGroups(AiFeatureOnlineStoreFeatureviewFeatureRegistrySourceFeatureGroupArgs.builder()\n .featureGroupId(sampleFeatureGroup.name())\n .featureIds(sampleFeature.name())\n .build())\n .projectNumber(testProject.applyValue(getProjectResult -\u003e getProjectResult.number()))\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n vertexai,\n wait30Seconds)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:organizations:Project\n properties:\n projectId: tf-test_41150\n name: tf-test_89313\n orgId: '123456789'\n billingAccount: 000000-0000000-0000000-000000\n deletionPolicy: DELETE\n wait60Seconds:\n type: time:sleep\n name: wait_60_seconds\n properties:\n createDuration: 60s\n options:\n dependsOn:\n - ${project}\n wait30Seconds:\n type: time:sleep\n name: wait_30_seconds\n properties:\n createDuration: 30s\n options:\n dependsOn:\n - ${viewer}\n vertexai:\n type: gcp:projects:Service\n properties:\n service: aiplatform.googleapis.com\n project: ${project.projectId}\n disableOnDestroy: false # Needed for CI tests for permissions to propagate, should not be needed for actual usage\n options:\n dependsOn:\n - ${wait60Seconds}\n viewer:\n type: gcp:bigquery:DatasetIamMember\n properties:\n project: ${testProject.projectId}\n datasetId: ${sampleDataset.datasetId}\n role: roles/bigquery.dataViewer\n member: serviceAccount:service-${project.number}@gcp-sa-aiplatform.iam.gserviceaccount.com\n options:\n dependsOn:\n - ${featureonlinestore}\n featureonlinestore:\n type: gcp:vertex:AiFeatureOnlineStore\n properties:\n name: example_cross_project_featureview\n project: ${project.projectId}\n labels:\n foo: bar\n region: us-central1\n bigtable:\n autoScaling:\n minNodeCount: 1\n maxNodeCount: 2\n cpuUtilizationTarget: 80\n options:\n dependsOn:\n - ${vertexai}\n sampleDataset:\n type: gcp:bigquery:Dataset\n name: sample_dataset\n properties:\n datasetId: example_cross_project_featureview\n friendlyName: test\n description: This is a test description\n location: US\n sampleTable:\n type: gcp:bigquery:Table\n name: sample_table\n properties:\n deletionProtection: false\n datasetId: ${sampleDataset.datasetId}\n tableId: example_cross_project_featureview\n schema: |\n [\n {\n \"name\": \"feature_id\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"example_cross_project_featureview\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"type\": \"TIMESTAMP\",\n \"mode\": \"NULLABLE\"\n }\n ]\n sampleFeatureGroup:\n type: gcp:vertex:AiFeatureGroup\n name: sample_feature_group\n properties:\n name: example_cross_project_featureview\n description: A sample feature group\n region: us-central1\n labels:\n label-one: value-one\n bigQuery:\n bigQuerySource:\n inputUri: bq://${sampleTable.project}.${sampleTable.datasetId}.${sampleTable.tableId}\n entityIdColumns:\n - feature_id\n sampleFeature:\n type: gcp:vertex:AiFeatureGroupFeature\n name: sample_feature\n properties:\n name: example_cross_project_featureview\n region: us-central1\n featureGroup: ${sampleFeatureGroup.name}\n description: A sample feature\n labels:\n label-one: value-one\n crossProjectFeatureview:\n type: gcp:vertex:AiFeatureOnlineStoreFeatureview\n name: cross_project_featureview\n properties:\n name: example_cross_project_featureview\n project: ${project.projectId}\n region: us-central1\n featureOnlineStore: ${featureonlinestore.name}\n syncConfig:\n cron: 0 0 * * *\n featureRegistrySource:\n featureGroups:\n - featureGroupId: ${sampleFeatureGroup.name}\n featureIds:\n - ${sampleFeature.name}\n projectNumber: ${testProject.number}\n options:\n dependsOn:\n - ${vertexai}\n - ${wait30Seconds}\nvariables:\n testProject:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Vertex Ai Featureonlinestore Featureview With Vector Search\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst featureonlinestore = new gcp.vertex.AiFeatureOnlineStore(\"featureonlinestore\", {\n name: \"example_feature_view_vector_search\",\n labels: {\n foo: \"bar\",\n },\n region: \"us-central1\",\n bigtable: {\n autoScaling: {\n minNodeCount: 1,\n maxNodeCount: 2,\n cpuUtilizationTarget: 80,\n },\n },\n embeddingManagement: {\n enabled: true,\n },\n});\nconst tf_test_dataset = new gcp.bigquery.Dataset(\"tf-test-dataset\", {\n datasetId: \"example_feature_view_vector_search\",\n friendlyName: \"test\",\n description: \"This is a test description\",\n location: \"US\",\n});\nconst tf_test_table = new gcp.bigquery.Table(\"tf-test-table\", {\n deletionProtection: false,\n datasetId: tf_test_dataset.datasetId,\n tableId: \"example_feature_view_vector_search\",\n schema: `[\n{\n \"name\": \"test_primary_id\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"primary test id\"\n},\n{\n \"name\": \"embedding\",\n \"mode\": \"REPEATED\",\n \"type\": \"FLOAT\",\n \"description\": \"embedding column for primary_id column\"\n},\n{\n \"name\": \"country\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"country\"\n},\n{\n \"name\": \"test_crowding_column\",\n \"mode\": \"NULLABLE\",\n \"type\": \"INTEGER\",\n \"description\": \"test crowding column\"\n},\n{\n \"name\": \"entity_id\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"Test default entity_id\"\n},\n{\n \"name\": \"test_entity_column\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"test secondary entity column\"\n},\n{\n \"name\": \"feature_timestamp\",\n \"mode\": \"NULLABLE\",\n \"type\": \"TIMESTAMP\",\n \"description\": \"Default timestamp value\"\n}\n]\n`,\n});\nconst featureviewVectorSearch = new gcp.vertex.AiFeatureOnlineStoreFeatureview(\"featureview_vector_search\", {\n name: \"example_feature_view_vector_search\",\n region: \"us-central1\",\n featureOnlineStore: featureonlinestore.name,\n syncConfig: {\n cron: \"0 0 * * *\",\n },\n bigQuerySource: {\n uri: pulumi.interpolate`bq://${tf_test_table.project}.${tf_test_table.datasetId}.${tf_test_table.tableId}`,\n entityIdColumns: [\"test_entity_column\"],\n },\n vectorSearchConfig: {\n embeddingColumn: \"embedding\",\n filterColumns: [\"country\"],\n crowdingColumn: \"test_crowding_column\",\n distanceMeasureType: \"DOT_PRODUCT_DISTANCE\",\n treeAhConfig: {\n leafNodeEmbeddingCount: \"1000\",\n },\n embeddingDimension: 2,\n },\n});\nconst project = gcp.organizations.getProject({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfeatureonlinestore = gcp.vertex.AiFeatureOnlineStore(\"featureonlinestore\",\n name=\"example_feature_view_vector_search\",\n labels={\n \"foo\": \"bar\",\n },\n region=\"us-central1\",\n bigtable={\n \"auto_scaling\": {\n \"min_node_count\": 1,\n \"max_node_count\": 2,\n \"cpu_utilization_target\": 80,\n },\n },\n embedding_management={\n \"enabled\": True,\n })\ntf_test_dataset = gcp.bigquery.Dataset(\"tf-test-dataset\",\n dataset_id=\"example_feature_view_vector_search\",\n friendly_name=\"test\",\n description=\"This is a test description\",\n location=\"US\")\ntf_test_table = gcp.bigquery.Table(\"tf-test-table\",\n deletion_protection=False,\n dataset_id=tf_test_dataset.dataset_id,\n table_id=\"example_feature_view_vector_search\",\n schema=\"\"\"[\n{\n \"name\": \"test_primary_id\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"primary test id\"\n},\n{\n \"name\": \"embedding\",\n \"mode\": \"REPEATED\",\n \"type\": \"FLOAT\",\n \"description\": \"embedding column for primary_id column\"\n},\n{\n \"name\": \"country\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"country\"\n},\n{\n \"name\": \"test_crowding_column\",\n \"mode\": \"NULLABLE\",\n \"type\": \"INTEGER\",\n \"description\": \"test crowding column\"\n},\n{\n \"name\": \"entity_id\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"Test default entity_id\"\n},\n{\n \"name\": \"test_entity_column\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"test secondary entity column\"\n},\n{\n \"name\": \"feature_timestamp\",\n \"mode\": \"NULLABLE\",\n \"type\": \"TIMESTAMP\",\n \"description\": \"Default timestamp value\"\n}\n]\n\"\"\")\nfeatureview_vector_search = gcp.vertex.AiFeatureOnlineStoreFeatureview(\"featureview_vector_search\",\n name=\"example_feature_view_vector_search\",\n region=\"us-central1\",\n feature_online_store=featureonlinestore.name,\n sync_config={\n \"cron\": \"0 0 * * *\",\n },\n big_query_source={\n \"uri\": pulumi.Output.all(\n project=tf_test_table.project,\n dataset_id=tf_test_table.dataset_id,\n table_id=tf_test_table.table_id\n).apply(lambda resolved_outputs: f\"bq://{resolved_outputs['project']}.{resolved_outputs['dataset_id']}.{resolved_outputs['table_id']}\")\n,\n \"entity_id_columns\": [\"test_entity_column\"],\n },\n vector_search_config={\n \"embedding_column\": \"embedding\",\n \"filter_columns\": [\"country\"],\n \"crowding_column\": \"test_crowding_column\",\n \"distance_measure_type\": \"DOT_PRODUCT_DISTANCE\",\n \"tree_ah_config\": {\n \"leaf_node_embedding_count\": \"1000\",\n },\n \"embedding_dimension\": 2,\n })\nproject = gcp.organizations.get_project()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var featureonlinestore = new Gcp.Vertex.AiFeatureOnlineStore(\"featureonlinestore\", new()\n {\n Name = \"example_feature_view_vector_search\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Region = \"us-central1\",\n Bigtable = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreBigtableArgs\n {\n AutoScaling = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreBigtableAutoScalingArgs\n {\n MinNodeCount = 1,\n MaxNodeCount = 2,\n CpuUtilizationTarget = 80,\n },\n },\n EmbeddingManagement = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreEmbeddingManagementArgs\n {\n Enabled = true,\n },\n });\n\n var tf_test_dataset = new Gcp.BigQuery.Dataset(\"tf-test-dataset\", new()\n {\n DatasetId = \"example_feature_view_vector_search\",\n FriendlyName = \"test\",\n Description = \"This is a test description\",\n Location = \"US\",\n });\n\n var tf_test_table = new Gcp.BigQuery.Table(\"tf-test-table\", new()\n {\n DeletionProtection = false,\n DatasetId = tf_test_dataset.DatasetId,\n TableId = \"example_feature_view_vector_search\",\n Schema = @\"[\n{\n \"\"name\"\": \"\"test_primary_id\"\",\n \"\"mode\"\": \"\"NULLABLE\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"description\"\": \"\"primary test id\"\"\n},\n{\n \"\"name\"\": \"\"embedding\"\",\n \"\"mode\"\": \"\"REPEATED\"\",\n \"\"type\"\": \"\"FLOAT\"\",\n \"\"description\"\": \"\"embedding column for primary_id column\"\"\n},\n{\n \"\"name\"\": \"\"country\"\",\n \"\"mode\"\": \"\"NULLABLE\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"description\"\": \"\"country\"\"\n},\n{\n \"\"name\"\": \"\"test_crowding_column\"\",\n \"\"mode\"\": \"\"NULLABLE\"\",\n \"\"type\"\": \"\"INTEGER\"\",\n \"\"description\"\": \"\"test crowding column\"\"\n},\n{\n \"\"name\"\": \"\"entity_id\"\",\n \"\"mode\"\": \"\"NULLABLE\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"description\"\": \"\"Test default entity_id\"\"\n},\n{\n \"\"name\"\": \"\"test_entity_column\"\",\n \"\"mode\"\": \"\"NULLABLE\"\",\n \"\"type\"\": \"\"STRING\"\",\n \"\"description\"\": \"\"test secondary entity column\"\"\n},\n{\n \"\"name\"\": \"\"feature_timestamp\"\",\n \"\"mode\"\": \"\"NULLABLE\"\",\n \"\"type\"\": \"\"TIMESTAMP\"\",\n \"\"description\"\": \"\"Default timestamp value\"\"\n}\n]\n\",\n });\n\n var featureviewVectorSearch = new Gcp.Vertex.AiFeatureOnlineStoreFeatureview(\"featureview_vector_search\", new()\n {\n Name = \"example_feature_view_vector_search\",\n Region = \"us-central1\",\n FeatureOnlineStore = featureonlinestore.Name,\n SyncConfig = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreFeatureviewSyncConfigArgs\n {\n Cron = \"0 0 * * *\",\n },\n BigQuerySource = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreFeatureviewBigQuerySourceArgs\n {\n Uri = Output.Tuple(tf_test_table.Project, tf_test_table.DatasetId, tf_test_table.TableId).Apply(values =\u003e\n {\n var project = values.Item1;\n var datasetId = values.Item2;\n var tableId = values.Item3;\n return $\"bq://{project}.{datasetId}.{tableId}\";\n }),\n EntityIdColumns = new[]\n {\n \"test_entity_column\",\n },\n },\n VectorSearchConfig = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreFeatureviewVectorSearchConfigArgs\n {\n EmbeddingColumn = \"embedding\",\n FilterColumns = new[]\n {\n \"country\",\n },\n CrowdingColumn = \"test_crowding_column\",\n DistanceMeasureType = \"DOT_PRODUCT_DISTANCE\",\n TreeAhConfig = new Gcp.Vertex.Inputs.AiFeatureOnlineStoreFeatureviewVectorSearchConfigTreeAhConfigArgs\n {\n LeafNodeEmbeddingCount = \"1000\",\n },\n EmbeddingDimension = 2,\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vertex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfeatureonlinestore, err := vertex.NewAiFeatureOnlineStore(ctx, \"featureonlinestore\", \u0026vertex.AiFeatureOnlineStoreArgs{\n\t\t\tName: pulumi.String(\"example_feature_view_vector_search\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tBigtable: \u0026vertex.AiFeatureOnlineStoreBigtableArgs{\n\t\t\t\tAutoScaling: \u0026vertex.AiFeatureOnlineStoreBigtableAutoScalingArgs{\n\t\t\t\t\tMinNodeCount: pulumi.Int(1),\n\t\t\t\t\tMaxNodeCount: pulumi.Int(2),\n\t\t\t\t\tCpuUtilizationTarget: pulumi.Int(80),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEmbeddingManagement: \u0026vertex.AiFeatureOnlineStoreEmbeddingManagementArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDataset(ctx, \"tf-test-dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_feature_view_vector_search\"),\n\t\t\tFriendlyName: pulumi.String(\"test\"),\n\t\t\tDescription: pulumi.String(\"This is a test description\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewTable(ctx, \"tf-test-table\", \u0026bigquery.TableArgs{\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tDatasetId: tf_test_dataset.DatasetId,\n\t\t\tTableId: pulumi.String(\"example_feature_view_vector_search\"),\n\t\t\tSchema: pulumi.String(`[\n{\n \"name\": \"test_primary_id\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"primary test id\"\n},\n{\n \"name\": \"embedding\",\n \"mode\": \"REPEATED\",\n \"type\": \"FLOAT\",\n \"description\": \"embedding column for primary_id column\"\n},\n{\n \"name\": \"country\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"country\"\n},\n{\n \"name\": \"test_crowding_column\",\n \"mode\": \"NULLABLE\",\n \"type\": \"INTEGER\",\n \"description\": \"test crowding column\"\n},\n{\n \"name\": \"entity_id\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"Test default entity_id\"\n},\n{\n \"name\": \"test_entity_column\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"test secondary entity column\"\n},\n{\n \"name\": \"feature_timestamp\",\n \"mode\": \"NULLABLE\",\n \"type\": \"TIMESTAMP\",\n \"description\": \"Default timestamp value\"\n}\n]\n`),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vertex.NewAiFeatureOnlineStoreFeatureview(ctx, \"featureview_vector_search\", \u0026vertex.AiFeatureOnlineStoreFeatureviewArgs{\n\t\t\tName: pulumi.String(\"example_feature_view_vector_search\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tFeatureOnlineStore: featureonlinestore.Name,\n\t\t\tSyncConfig: \u0026vertex.AiFeatureOnlineStoreFeatureviewSyncConfigArgs{\n\t\t\t\tCron: pulumi.String(\"0 0 * * *\"),\n\t\t\t},\n\t\t\tBigQuerySource: \u0026vertex.AiFeatureOnlineStoreFeatureviewBigQuerySourceArgs{\n\t\t\t\tUri: pulumi.All(tf_test_table.Project, tf_test_table.DatasetId, tf_test_table.TableId).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\tproject := _args[0].(string)\n\t\t\t\t\tdatasetId := _args[1].(string)\n\t\t\t\t\ttableId := _args[2].(string)\n\t\t\t\t\treturn fmt.Sprintf(\"bq://%v.%v.%v\", project, datasetId, tableId), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\tEntityIdColumns: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"test_entity_column\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tVectorSearchConfig: \u0026vertex.AiFeatureOnlineStoreFeatureviewVectorSearchConfigArgs{\n\t\t\t\tEmbeddingColumn: pulumi.String(\"embedding\"),\n\t\t\t\tFilterColumns: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"country\"),\n\t\t\t\t},\n\t\t\t\tCrowdingColumn: pulumi.String(\"test_crowding_column\"),\n\t\t\t\tDistanceMeasureType: pulumi.String(\"DOT_PRODUCT_DISTANCE\"),\n\t\t\t\tTreeAhConfig: \u0026vertex.AiFeatureOnlineStoreFeatureviewVectorSearchConfigTreeAhConfigArgs{\n\t\t\t\t\tLeafNodeEmbeddingCount: pulumi.String(\"1000\"),\n\t\t\t\t},\n\t\t\t\tEmbeddingDimension: pulumi.Int(2),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStore;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStoreArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreBigtableArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreBigtableAutoScalingArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreEmbeddingManagementArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.Table;\nimport com.pulumi.gcp.bigquery.TableArgs;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStoreFeatureview;\nimport com.pulumi.gcp.vertex.AiFeatureOnlineStoreFeatureviewArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreFeatureviewSyncConfigArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreFeatureviewBigQuerySourceArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreFeatureviewVectorSearchConfigArgs;\nimport com.pulumi.gcp.vertex.inputs.AiFeatureOnlineStoreFeatureviewVectorSearchConfigTreeAhConfigArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var featureonlinestore = new AiFeatureOnlineStore(\"featureonlinestore\", AiFeatureOnlineStoreArgs.builder()\n .name(\"example_feature_view_vector_search\")\n .labels(Map.of(\"foo\", \"bar\"))\n .region(\"us-central1\")\n .bigtable(AiFeatureOnlineStoreBigtableArgs.builder()\n .autoScaling(AiFeatureOnlineStoreBigtableAutoScalingArgs.builder()\n .minNodeCount(1)\n .maxNodeCount(2)\n .cpuUtilizationTarget(80)\n .build())\n .build())\n .embeddingManagement(AiFeatureOnlineStoreEmbeddingManagementArgs.builder()\n .enabled(true)\n .build())\n .build());\n\n var tf_test_dataset = new Dataset(\"tf-test-dataset\", DatasetArgs.builder()\n .datasetId(\"example_feature_view_vector_search\")\n .friendlyName(\"test\")\n .description(\"This is a test description\")\n .location(\"US\")\n .build());\n\n var tf_test_table = new Table(\"tf-test-table\", TableArgs.builder()\n .deletionProtection(false)\n .datasetId(tf_test_dataset.datasetId())\n .tableId(\"example_feature_view_vector_search\")\n .schema(\"\"\"\n[\n{\n \"name\": \"test_primary_id\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"primary test id\"\n},\n{\n \"name\": \"embedding\",\n \"mode\": \"REPEATED\",\n \"type\": \"FLOAT\",\n \"description\": \"embedding column for primary_id column\"\n},\n{\n \"name\": \"country\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"country\"\n},\n{\n \"name\": \"test_crowding_column\",\n \"mode\": \"NULLABLE\",\n \"type\": \"INTEGER\",\n \"description\": \"test crowding column\"\n},\n{\n \"name\": \"entity_id\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"Test default entity_id\"\n},\n{\n \"name\": \"test_entity_column\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"test secondary entity column\"\n},\n{\n \"name\": \"feature_timestamp\",\n \"mode\": \"NULLABLE\",\n \"type\": \"TIMESTAMP\",\n \"description\": \"Default timestamp value\"\n}\n]\n \"\"\")\n .build());\n\n var featureviewVectorSearch = new AiFeatureOnlineStoreFeatureview(\"featureviewVectorSearch\", AiFeatureOnlineStoreFeatureviewArgs.builder()\n .name(\"example_feature_view_vector_search\")\n .region(\"us-central1\")\n .featureOnlineStore(featureonlinestore.name())\n .syncConfig(AiFeatureOnlineStoreFeatureviewSyncConfigArgs.builder()\n .cron(\"0 0 * * *\")\n .build())\n .bigQuerySource(AiFeatureOnlineStoreFeatureviewBigQuerySourceArgs.builder()\n .uri(Output.tuple(tf_test_table.project(), tf_test_table.datasetId(), tf_test_table.tableId()).applyValue(values -\u003e {\n var project = values.t1;\n var datasetId = values.t2;\n var tableId = values.t3;\n return String.format(\"bq://%s.%s.%s\", project,datasetId,tableId);\n }))\n .entityIdColumns(\"test_entity_column\")\n .build())\n .vectorSearchConfig(AiFeatureOnlineStoreFeatureviewVectorSearchConfigArgs.builder()\n .embeddingColumn(\"embedding\")\n .filterColumns(\"country\")\n .crowdingColumn(\"test_crowding_column\")\n .distanceMeasureType(\"DOT_PRODUCT_DISTANCE\")\n .treeAhConfig(AiFeatureOnlineStoreFeatureviewVectorSearchConfigTreeAhConfigArgs.builder()\n .leafNodeEmbeddingCount(\"1000\")\n .build())\n .embeddingDimension(\"2\")\n .build())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n }\n}\n```\n```yaml\nresources:\n featureonlinestore:\n type: gcp:vertex:AiFeatureOnlineStore\n properties:\n name: example_feature_view_vector_search\n labels:\n foo: bar\n region: us-central1\n bigtable:\n autoScaling:\n minNodeCount: 1\n maxNodeCount: 2\n cpuUtilizationTarget: 80\n embeddingManagement:\n enabled: true\n tf-test-dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_feature_view_vector_search\n friendlyName: test\n description: This is a test description\n location: US\n tf-test-table:\n type: gcp:bigquery:Table\n properties:\n deletionProtection: false\n datasetId: ${[\"tf-test-dataset\"].datasetId}\n tableId: example_feature_view_vector_search\n schema: |\n [\n {\n \"name\": \"test_primary_id\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"primary test id\"\n },\n {\n \"name\": \"embedding\",\n \"mode\": \"REPEATED\",\n \"type\": \"FLOAT\",\n \"description\": \"embedding column for primary_id column\"\n },\n {\n \"name\": \"country\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"country\"\n },\n {\n \"name\": \"test_crowding_column\",\n \"mode\": \"NULLABLE\",\n \"type\": \"INTEGER\",\n \"description\": \"test crowding column\"\n },\n {\n \"name\": \"entity_id\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"Test default entity_id\"\n },\n {\n \"name\": \"test_entity_column\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\",\n \"description\": \"test secondary entity column\"\n },\n {\n \"name\": \"feature_timestamp\",\n \"mode\": \"NULLABLE\",\n \"type\": \"TIMESTAMP\",\n \"description\": \"Default timestamp value\"\n }\n ]\n featureviewVectorSearch:\n type: gcp:vertex:AiFeatureOnlineStoreFeatureview\n name: featureview_vector_search\n properties:\n name: example_feature_view_vector_search\n region: us-central1\n featureOnlineStore: ${featureonlinestore.name}\n syncConfig:\n cron: 0 0 * * *\n bigQuerySource:\n uri: bq://${[\"tf-test-table\"].project}.${[\"tf-test-table\"].datasetId}.${[\"tf-test-table\"].tableId}\n entityIdColumns:\n - test_entity_column\n vectorSearchConfig:\n embeddingColumn: embedding\n filterColumns:\n - country\n crowdingColumn: test_crowding_column\n distanceMeasureType: DOT_PRODUCT_DISTANCE\n treeAhConfig:\n leafNodeEmbeddingCount: '1000'\n embeddingDimension: '2'\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFeatureOnlineStoreFeatureview can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/featureOnlineStores/{{feature_online_store}}/featureViews/{{name}}`\n\n* `{{project}}/{{region}}/{{feature_online_store}}/{{name}}`\n\n* `{{region}}/{{feature_online_store}}/{{name}}`\n\n* `{{feature_online_store}}/{{name}}`\n\nWhen using the `pulumi import` command, FeatureOnlineStoreFeatureview can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:vertex/aiFeatureOnlineStoreFeatureview:AiFeatureOnlineStoreFeatureview default projects/{{project}}/locations/{{region}}/featureOnlineStores/{{feature_online_store}}/featureViews/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vertex/aiFeatureOnlineStoreFeatureview:AiFeatureOnlineStoreFeatureview default {{project}}/{{region}}/{{feature_online_store}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vertex/aiFeatureOnlineStoreFeatureview:AiFeatureOnlineStoreFeatureview default {{region}}/{{feature_online_store}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vertex/aiFeatureOnlineStoreFeatureview:AiFeatureOnlineStoreFeatureview default {{feature_online_store}}/{{name}}\n```\n\n", "properties": { "bigQuerySource": { "$ref": "#/types/gcp:vertex/AiFeatureOnlineStoreFeatureviewBigQuerySource:AiFeatureOnlineStoreFeatureviewBigQuerySource", @@ -274532,7 +274532,7 @@ } }, "gcp:vertex/aiIndexEndpoint:AiIndexEndpoint": { - "description": "An endpoint indexes are deployed into. An index endpoint can have multiple deployed indexes.\n\n\nTo get more information about IndexEndpoint, see:\n\n* [API documentation](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.indexEndpoints/)\n\n## Example Usage\n\n### Vertex Ai Index Endpoint\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst vertexNetwork = new gcp.compute.Network(\"vertex_network\", {name: \"network-name\"});\nconst vertexRange = new gcp.compute.GlobalAddress(\"vertex_range\", {\n name: \"address-name\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 24,\n network: vertexNetwork.id,\n});\nconst vertexVpcConnection = new gcp.servicenetworking.Connection(\"vertex_vpc_connection\", {\n network: vertexNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [vertexRange.name],\n});\nconst project = gcp.organizations.getProject({});\nconst indexEndpoint = new gcp.vertex.AiIndexEndpoint(\"index_endpoint\", {\n displayName: \"sample-endpoint\",\n description: \"A sample vertex endpoint\",\n region: \"us-central1\",\n labels: {\n \"label-one\": \"value-one\",\n },\n network: pulumi.all([project, vertexNetwork.name]).apply(([project, name]) =\u003e `projects/${project.number}/global/networks/${name}`),\n}, {\n dependsOn: [vertexVpcConnection],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nvertex_network = gcp.compute.Network(\"vertex_network\", name=\"network-name\")\nvertex_range = gcp.compute.GlobalAddress(\"vertex_range\",\n name=\"address-name\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=24,\n network=vertex_network.id)\nvertex_vpc_connection = gcp.servicenetworking.Connection(\"vertex_vpc_connection\",\n network=vertex_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[vertex_range.name])\nproject = gcp.organizations.get_project()\nindex_endpoint = gcp.vertex.AiIndexEndpoint(\"index_endpoint\",\n display_name=\"sample-endpoint\",\n description=\"A sample vertex endpoint\",\n region=\"us-central1\",\n labels={\n \"label-one\": \"value-one\",\n },\n network=vertex_network.name.apply(lambda name: f\"projects/{project.number}/global/networks/{name}\"),\n opts = pulumi.ResourceOptions(depends_on=[vertex_vpc_connection]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var vertexNetwork = new Gcp.Compute.Network(\"vertex_network\", new()\n {\n Name = \"network-name\",\n });\n\n var vertexRange = new Gcp.Compute.GlobalAddress(\"vertex_range\", new()\n {\n Name = \"address-name\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 24,\n Network = vertexNetwork.Id,\n });\n\n var vertexVpcConnection = new Gcp.ServiceNetworking.Connection(\"vertex_vpc_connection\", new()\n {\n Network = vertexNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n vertexRange.Name,\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var indexEndpoint = new Gcp.Vertex.AiIndexEndpoint(\"index_endpoint\", new()\n {\n DisplayName = \"sample-endpoint\",\n Description = \"A sample vertex endpoint\",\n Region = \"us-central1\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n Network = Output.Tuple(project, vertexNetwork.Name).Apply(values =\u003e\n {\n var project = values.Item1;\n var name = values.Item2;\n return $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/global/networks/{name}\";\n }),\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n vertexVpcConnection,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vertex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tvertexNetwork, err := compute.NewNetwork(ctx, \"vertex_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"network-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvertexRange, err := compute.NewGlobalAddress(ctx, \"vertex_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"address-name\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(24),\n\t\t\tNetwork: vertexNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvertexVpcConnection, err := servicenetworking.NewConnection(ctx, \"vertex_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: vertexNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tvertexRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vertex.NewAiIndexEndpoint(ctx, \"index_endpoint\", \u0026vertex.AiIndexEndpointArgs{\n\t\t\tDisplayName: pulumi.String(\"sample-endpoint\"),\n\t\t\tDescription: pulumi.String(\"A sample vertex endpoint\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tNetwork: vertexNetwork.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/%v/global/networks/%v\", project.Number, name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvertexVpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.vertex.AiIndexEndpoint;\nimport com.pulumi.gcp.vertex.AiIndexEndpointArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var vertexNetwork = new Network(\"vertexNetwork\", NetworkArgs.builder()\n .name(\"network-name\")\n .build());\n\n var vertexRange = new GlobalAddress(\"vertexRange\", GlobalAddressArgs.builder()\n .name(\"address-name\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(24)\n .network(vertexNetwork.id())\n .build());\n\n var vertexVpcConnection = new Connection(\"vertexVpcConnection\", ConnectionArgs.builder()\n .network(vertexNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(vertexRange.name())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var indexEndpoint = new AiIndexEndpoint(\"indexEndpoint\", AiIndexEndpointArgs.builder()\n .displayName(\"sample-endpoint\")\n .description(\"A sample vertex endpoint\")\n .region(\"us-central1\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .network(vertexNetwork.name().applyValue(name -\u003e String.format(\"projects/%s/global/networks/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number()),name)))\n .build(), CustomResourceOptions.builder()\n .dependsOn(vertexVpcConnection)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n indexEndpoint:\n type: gcp:vertex:AiIndexEndpoint\n name: index_endpoint\n properties:\n displayName: sample-endpoint\n description: A sample vertex endpoint\n region: us-central1\n labels:\n label-one: value-one\n network: projects/${project.number}/global/networks/${vertexNetwork.name}\n options:\n dependson:\n - ${vertexVpcConnection}\n vertexVpcConnection:\n type: gcp:servicenetworking:Connection\n name: vertex_vpc_connection\n properties:\n network: ${vertexNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${vertexRange.name}\n vertexRange:\n type: gcp:compute:GlobalAddress\n name: vertex_range\n properties:\n name: address-name\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 24\n network: ${vertexNetwork.id}\n vertexNetwork:\n type: gcp:compute:Network\n name: vertex_network\n properties:\n name: network-name\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Vertex Ai Index Endpoint With Psc\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst indexEndpoint = new gcp.vertex.AiIndexEndpoint(\"index_endpoint\", {\n displayName: \"sample-endpoint\",\n description: \"A sample vertex endpoint\",\n region: \"us-central1\",\n labels: {\n \"label-one\": \"value-one\",\n },\n privateServiceConnectConfig: {\n enablePrivateServiceConnect: true,\n projectAllowlists: [project.then(project =\u003e project.number)],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nindex_endpoint = gcp.vertex.AiIndexEndpoint(\"index_endpoint\",\n display_name=\"sample-endpoint\",\n description=\"A sample vertex endpoint\",\n region=\"us-central1\",\n labels={\n \"label-one\": \"value-one\",\n },\n private_service_connect_config={\n \"enable_private_service_connect\": True,\n \"project_allowlists\": [project.number],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var indexEndpoint = new Gcp.Vertex.AiIndexEndpoint(\"index_endpoint\", new()\n {\n DisplayName = \"sample-endpoint\",\n Description = \"A sample vertex endpoint\",\n Region = \"us-central1\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n PrivateServiceConnectConfig = new Gcp.Vertex.Inputs.AiIndexEndpointPrivateServiceConnectConfigArgs\n {\n EnablePrivateServiceConnect = true,\n ProjectAllowlists = new[]\n {\n project.Apply(getProjectResult =\u003e getProjectResult.Number),\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vertex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vertex.NewAiIndexEndpoint(ctx, \"index_endpoint\", \u0026vertex.AiIndexEndpointArgs{\n\t\t\tDisplayName: pulumi.String(\"sample-endpoint\"),\n\t\t\tDescription: pulumi.String(\"A sample vertex endpoint\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tPrivateServiceConnectConfig: \u0026vertex.AiIndexEndpointPrivateServiceConnectConfigArgs{\n\t\t\t\tEnablePrivateServiceConnect: pulumi.Bool(true),\n\t\t\t\tProjectAllowlists: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(project.Number),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.vertex.AiIndexEndpoint;\nimport com.pulumi.gcp.vertex.AiIndexEndpointArgs;\nimport com.pulumi.gcp.vertex.inputs.AiIndexEndpointPrivateServiceConnectConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var indexEndpoint = new AiIndexEndpoint(\"indexEndpoint\", AiIndexEndpointArgs.builder()\n .displayName(\"sample-endpoint\")\n .description(\"A sample vertex endpoint\")\n .region(\"us-central1\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .privateServiceConnectConfig(AiIndexEndpointPrivateServiceConnectConfigArgs.builder()\n .enablePrivateServiceConnect(true)\n .projectAllowlists(project.applyValue(getProjectResult -\u003e getProjectResult.number()))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n indexEndpoint:\n type: gcp:vertex:AiIndexEndpoint\n name: index_endpoint\n properties:\n displayName: sample-endpoint\n description: A sample vertex endpoint\n region: us-central1\n labels:\n label-one: value-one\n privateServiceConnectConfig:\n enablePrivateServiceConnect: true\n projectAllowlists:\n - ${project.number}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Vertex Ai Index Endpoint With Public Endpoint\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst indexEndpoint = new gcp.vertex.AiIndexEndpoint(\"index_endpoint\", {\n displayName: \"sample-endpoint\",\n description: \"A sample vertex endpoint with an public endpoint\",\n region: \"us-central1\",\n labels: {\n \"label-one\": \"value-one\",\n },\n publicEndpointEnabled: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nindex_endpoint = gcp.vertex.AiIndexEndpoint(\"index_endpoint\",\n display_name=\"sample-endpoint\",\n description=\"A sample vertex endpoint with an public endpoint\",\n region=\"us-central1\",\n labels={\n \"label-one\": \"value-one\",\n },\n public_endpoint_enabled=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var indexEndpoint = new Gcp.Vertex.AiIndexEndpoint(\"index_endpoint\", new()\n {\n DisplayName = \"sample-endpoint\",\n Description = \"A sample vertex endpoint with an public endpoint\",\n Region = \"us-central1\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n PublicEndpointEnabled = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vertex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vertex.NewAiIndexEndpoint(ctx, \"index_endpoint\", \u0026vertex.AiIndexEndpointArgs{\n\t\t\tDisplayName: pulumi.String(\"sample-endpoint\"),\n\t\t\tDescription: pulumi.String(\"A sample vertex endpoint with an public endpoint\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tPublicEndpointEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vertex.AiIndexEndpoint;\nimport com.pulumi.gcp.vertex.AiIndexEndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var indexEndpoint = new AiIndexEndpoint(\"indexEndpoint\", AiIndexEndpointArgs.builder()\n .displayName(\"sample-endpoint\")\n .description(\"A sample vertex endpoint with an public endpoint\")\n .region(\"us-central1\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .publicEndpointEnabled(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n indexEndpoint:\n type: gcp:vertex:AiIndexEndpoint\n name: index_endpoint\n properties:\n displayName: sample-endpoint\n description: A sample vertex endpoint with an public endpoint\n region: us-central1\n labels:\n label-one: value-one\n publicEndpointEnabled: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nIndexEndpoint can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/indexEndpoints/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, IndexEndpoint can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:vertex/aiIndexEndpoint:AiIndexEndpoint default projects/{{project}}/locations/{{region}}/indexEndpoints/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vertex/aiIndexEndpoint:AiIndexEndpoint default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vertex/aiIndexEndpoint:AiIndexEndpoint default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vertex/aiIndexEndpoint:AiIndexEndpoint default {{name}}\n```\n\n", + "description": "An endpoint indexes are deployed into. An index endpoint can have multiple deployed indexes.\n\n\nTo get more information about IndexEndpoint, see:\n\n* [API documentation](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.indexEndpoints/)\n\n## Example Usage\n\n### Vertex Ai Index Endpoint\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst vertexNetwork = new gcp.compute.Network(\"vertex_network\", {name: \"network-name\"});\nconst vertexRange = new gcp.compute.GlobalAddress(\"vertex_range\", {\n name: \"address-name\",\n purpose: \"VPC_PEERING\",\n addressType: \"INTERNAL\",\n prefixLength: 24,\n network: vertexNetwork.id,\n});\nconst vertexVpcConnection = new gcp.servicenetworking.Connection(\"vertex_vpc_connection\", {\n network: vertexNetwork.id,\n service: \"servicenetworking.googleapis.com\",\n reservedPeeringRanges: [vertexRange.name],\n});\nconst project = gcp.organizations.getProject({});\nconst indexEndpoint = new gcp.vertex.AiIndexEndpoint(\"index_endpoint\", {\n displayName: \"sample-endpoint\",\n description: \"A sample vertex endpoint\",\n region: \"us-central1\",\n labels: {\n \"label-one\": \"value-one\",\n },\n network: pulumi.all([project, vertexNetwork.name]).apply(([project, name]) =\u003e `projects/${project.number}/global/networks/${name}`),\n}, {\n dependsOn: [vertexVpcConnection],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nvertex_network = gcp.compute.Network(\"vertex_network\", name=\"network-name\")\nvertex_range = gcp.compute.GlobalAddress(\"vertex_range\",\n name=\"address-name\",\n purpose=\"VPC_PEERING\",\n address_type=\"INTERNAL\",\n prefix_length=24,\n network=vertex_network.id)\nvertex_vpc_connection = gcp.servicenetworking.Connection(\"vertex_vpc_connection\",\n network=vertex_network.id,\n service=\"servicenetworking.googleapis.com\",\n reserved_peering_ranges=[vertex_range.name])\nproject = gcp.organizations.get_project()\nindex_endpoint = gcp.vertex.AiIndexEndpoint(\"index_endpoint\",\n display_name=\"sample-endpoint\",\n description=\"A sample vertex endpoint\",\n region=\"us-central1\",\n labels={\n \"label-one\": \"value-one\",\n },\n network=vertex_network.name.apply(lambda name: f\"projects/{project.number}/global/networks/{name}\"),\n opts = pulumi.ResourceOptions(depends_on=[vertex_vpc_connection]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var vertexNetwork = new Gcp.Compute.Network(\"vertex_network\", new()\n {\n Name = \"network-name\",\n });\n\n var vertexRange = new Gcp.Compute.GlobalAddress(\"vertex_range\", new()\n {\n Name = \"address-name\",\n Purpose = \"VPC_PEERING\",\n AddressType = \"INTERNAL\",\n PrefixLength = 24,\n Network = vertexNetwork.Id,\n });\n\n var vertexVpcConnection = new Gcp.ServiceNetworking.Connection(\"vertex_vpc_connection\", new()\n {\n Network = vertexNetwork.Id,\n Service = \"servicenetworking.googleapis.com\",\n ReservedPeeringRanges = new[]\n {\n vertexRange.Name,\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var indexEndpoint = new Gcp.Vertex.AiIndexEndpoint(\"index_endpoint\", new()\n {\n DisplayName = \"sample-endpoint\",\n Description = \"A sample vertex endpoint\",\n Region = \"us-central1\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n Network = Output.Tuple(project, vertexNetwork.Name).Apply(values =\u003e\n {\n var project = values.Item1;\n var name = values.Item2;\n return $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/global/networks/{name}\";\n }),\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n vertexVpcConnection,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vertex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tvertexNetwork, err := compute.NewNetwork(ctx, \"vertex_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"network-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvertexRange, err := compute.NewGlobalAddress(ctx, \"vertex_range\", \u0026compute.GlobalAddressArgs{\n\t\t\tName: pulumi.String(\"address-name\"),\n\t\t\tPurpose: pulumi.String(\"VPC_PEERING\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPrefixLength: pulumi.Int(24),\n\t\t\tNetwork: vertexNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvertexVpcConnection, err := servicenetworking.NewConnection(ctx, \"vertex_vpc_connection\", \u0026servicenetworking.ConnectionArgs{\n\t\t\tNetwork: vertexNetwork.ID(),\n\t\t\tService: pulumi.String(\"servicenetworking.googleapis.com\"),\n\t\t\tReservedPeeringRanges: pulumi.StringArray{\n\t\t\t\tvertexRange.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vertex.NewAiIndexEndpoint(ctx, \"index_endpoint\", \u0026vertex.AiIndexEndpointArgs{\n\t\t\tDisplayName: pulumi.String(\"sample-endpoint\"),\n\t\t\tDescription: pulumi.String(\"A sample vertex endpoint\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tNetwork: vertexNetwork.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/%v/global/networks/%v\", project.Number, name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvertexVpcConnection,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.servicenetworking.Connection;\nimport com.pulumi.gcp.servicenetworking.ConnectionArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.vertex.AiIndexEndpoint;\nimport com.pulumi.gcp.vertex.AiIndexEndpointArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var vertexNetwork = new Network(\"vertexNetwork\", NetworkArgs.builder()\n .name(\"network-name\")\n .build());\n\n var vertexRange = new GlobalAddress(\"vertexRange\", GlobalAddressArgs.builder()\n .name(\"address-name\")\n .purpose(\"VPC_PEERING\")\n .addressType(\"INTERNAL\")\n .prefixLength(24)\n .network(vertexNetwork.id())\n .build());\n\n var vertexVpcConnection = new Connection(\"vertexVpcConnection\", ConnectionArgs.builder()\n .network(vertexNetwork.id())\n .service(\"servicenetworking.googleapis.com\")\n .reservedPeeringRanges(vertexRange.name())\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var indexEndpoint = new AiIndexEndpoint(\"indexEndpoint\", AiIndexEndpointArgs.builder()\n .displayName(\"sample-endpoint\")\n .description(\"A sample vertex endpoint\")\n .region(\"us-central1\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .network(vertexNetwork.name().applyValue(name -\u003e String.format(\"projects/%s/global/networks/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number()),name)))\n .build(), CustomResourceOptions.builder()\n .dependsOn(vertexVpcConnection)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n indexEndpoint:\n type: gcp:vertex:AiIndexEndpoint\n name: index_endpoint\n properties:\n displayName: sample-endpoint\n description: A sample vertex endpoint\n region: us-central1\n labels:\n label-one: value-one\n network: projects/${project.number}/global/networks/${vertexNetwork.name}\n options:\n dependsOn:\n - ${vertexVpcConnection}\n vertexVpcConnection:\n type: gcp:servicenetworking:Connection\n name: vertex_vpc_connection\n properties:\n network: ${vertexNetwork.id}\n service: servicenetworking.googleapis.com\n reservedPeeringRanges:\n - ${vertexRange.name}\n vertexRange:\n type: gcp:compute:GlobalAddress\n name: vertex_range\n properties:\n name: address-name\n purpose: VPC_PEERING\n addressType: INTERNAL\n prefixLength: 24\n network: ${vertexNetwork.id}\n vertexNetwork:\n type: gcp:compute:Network\n name: vertex_network\n properties:\n name: network-name\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Vertex Ai Index Endpoint With Psc\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst indexEndpoint = new gcp.vertex.AiIndexEndpoint(\"index_endpoint\", {\n displayName: \"sample-endpoint\",\n description: \"A sample vertex endpoint\",\n region: \"us-central1\",\n labels: {\n \"label-one\": \"value-one\",\n },\n privateServiceConnectConfig: {\n enablePrivateServiceConnect: true,\n projectAllowlists: [project.then(project =\u003e project.number)],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nindex_endpoint = gcp.vertex.AiIndexEndpoint(\"index_endpoint\",\n display_name=\"sample-endpoint\",\n description=\"A sample vertex endpoint\",\n region=\"us-central1\",\n labels={\n \"label-one\": \"value-one\",\n },\n private_service_connect_config={\n \"enable_private_service_connect\": True,\n \"project_allowlists\": [project.number],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var indexEndpoint = new Gcp.Vertex.AiIndexEndpoint(\"index_endpoint\", new()\n {\n DisplayName = \"sample-endpoint\",\n Description = \"A sample vertex endpoint\",\n Region = \"us-central1\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n PrivateServiceConnectConfig = new Gcp.Vertex.Inputs.AiIndexEndpointPrivateServiceConnectConfigArgs\n {\n EnablePrivateServiceConnect = true,\n ProjectAllowlists = new[]\n {\n project.Apply(getProjectResult =\u003e getProjectResult.Number),\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vertex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vertex.NewAiIndexEndpoint(ctx, \"index_endpoint\", \u0026vertex.AiIndexEndpointArgs{\n\t\t\tDisplayName: pulumi.String(\"sample-endpoint\"),\n\t\t\tDescription: pulumi.String(\"A sample vertex endpoint\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tPrivateServiceConnectConfig: \u0026vertex.AiIndexEndpointPrivateServiceConnectConfigArgs{\n\t\t\t\tEnablePrivateServiceConnect: pulumi.Bool(true),\n\t\t\t\tProjectAllowlists: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(project.Number),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.vertex.AiIndexEndpoint;\nimport com.pulumi.gcp.vertex.AiIndexEndpointArgs;\nimport com.pulumi.gcp.vertex.inputs.AiIndexEndpointPrivateServiceConnectConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var indexEndpoint = new AiIndexEndpoint(\"indexEndpoint\", AiIndexEndpointArgs.builder()\n .displayName(\"sample-endpoint\")\n .description(\"A sample vertex endpoint\")\n .region(\"us-central1\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .privateServiceConnectConfig(AiIndexEndpointPrivateServiceConnectConfigArgs.builder()\n .enablePrivateServiceConnect(true)\n .projectAllowlists(project.applyValue(getProjectResult -\u003e getProjectResult.number()))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n indexEndpoint:\n type: gcp:vertex:AiIndexEndpoint\n name: index_endpoint\n properties:\n displayName: sample-endpoint\n description: A sample vertex endpoint\n region: us-central1\n labels:\n label-one: value-one\n privateServiceConnectConfig:\n enablePrivateServiceConnect: true\n projectAllowlists:\n - ${project.number}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Vertex Ai Index Endpoint With Public Endpoint\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst indexEndpoint = new gcp.vertex.AiIndexEndpoint(\"index_endpoint\", {\n displayName: \"sample-endpoint\",\n description: \"A sample vertex endpoint with an public endpoint\",\n region: \"us-central1\",\n labels: {\n \"label-one\": \"value-one\",\n },\n publicEndpointEnabled: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nindex_endpoint = gcp.vertex.AiIndexEndpoint(\"index_endpoint\",\n display_name=\"sample-endpoint\",\n description=\"A sample vertex endpoint with an public endpoint\",\n region=\"us-central1\",\n labels={\n \"label-one\": \"value-one\",\n },\n public_endpoint_enabled=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var indexEndpoint = new Gcp.Vertex.AiIndexEndpoint(\"index_endpoint\", new()\n {\n DisplayName = \"sample-endpoint\",\n Description = \"A sample vertex endpoint with an public endpoint\",\n Region = \"us-central1\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n PublicEndpointEnabled = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vertex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vertex.NewAiIndexEndpoint(ctx, \"index_endpoint\", \u0026vertex.AiIndexEndpointArgs{\n\t\t\tDisplayName: pulumi.String(\"sample-endpoint\"),\n\t\t\tDescription: pulumi.String(\"A sample vertex endpoint with an public endpoint\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tPublicEndpointEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vertex.AiIndexEndpoint;\nimport com.pulumi.gcp.vertex.AiIndexEndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var indexEndpoint = new AiIndexEndpoint(\"indexEndpoint\", AiIndexEndpointArgs.builder()\n .displayName(\"sample-endpoint\")\n .description(\"A sample vertex endpoint with an public endpoint\")\n .region(\"us-central1\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .publicEndpointEnabled(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n indexEndpoint:\n type: gcp:vertex:AiIndexEndpoint\n name: index_endpoint\n properties:\n displayName: sample-endpoint\n description: A sample vertex endpoint with an public endpoint\n region: us-central1\n labels:\n label-one: value-one\n publicEndpointEnabled: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nIndexEndpoint can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/indexEndpoints/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, IndexEndpoint can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:vertex/aiIndexEndpoint:AiIndexEndpoint default projects/{{project}}/locations/{{region}}/indexEndpoints/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vertex/aiIndexEndpoint:AiIndexEndpoint default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vertex/aiIndexEndpoint:AiIndexEndpoint default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vertex/aiIndexEndpoint:AiIndexEndpoint default {{name}}\n```\n\n", "properties": { "createTime": { "type": "string", @@ -274747,7 +274747,7 @@ } }, "gcp:vertex/aiIndexEndpointDeployedIndex:AiIndexEndpointDeployedIndex": { - "description": "An endpoint indexes are deployed into. An index endpoint can have multiple deployed indexes.\n\n\nTo get more information about IndexEndpointDeployedIndex, see:\n\n* [API documentation](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.indexEndpoints#DeployedIndex)\n\n## Example Usage\n\n### Vertex Ai Index Endpoint Deployed Index Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {accountId: \"vertex-sa\"});\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: \"bucket-name\",\n location: \"us-central1\",\n uniformBucketLevelAccess: true,\n});\nconst index = new gcp.vertex.AiIndex(\"index\", {\n labels: {\n foo: \"bar\",\n },\n region: \"us-central1\",\n displayName: \"test-index\",\n description: \"index for test\",\n metadata: {\n contentsDeltaUri: pulumi.interpolate`gs://${bucket.name}/contents`,\n config: {\n dimensions: 2,\n approximateNeighborsCount: 150,\n shardSize: \"SHARD_SIZE_SMALL\",\n distanceMeasureType: \"DOT_PRODUCT_DISTANCE\",\n algorithmConfig: {\n treeAhConfig: {\n leafNodeEmbeddingCount: 500,\n leafNodesToSearchPercent: 7,\n },\n },\n },\n },\n indexUpdateMethod: \"BATCH_UPDATE\",\n});\nconst vertexNetwork = gcp.compute.getNetwork({\n name: \"network-name\",\n});\nconst project = gcp.organizations.getProject({});\nconst vertexIndexEndpointDeployed = new gcp.vertex.AiIndexEndpoint(\"vertex_index_endpoint_deployed\", {\n displayName: \"sample-endpoint\",\n description: \"A sample vertex endpoint\",\n region: \"us-central1\",\n labels: {\n \"label-one\": \"value-one\",\n },\n network: Promise.all([project, vertexNetwork]).then(([project, vertexNetwork]) =\u003e `projects/${project.number}/global/networks/${vertexNetwork.name}`),\n});\nconst basicDeployedIndex = new gcp.vertex.AiIndexEndpointDeployedIndex(\"basic_deployed_index\", {\n indexEndpoint: vertexIndexEndpointDeployed.id,\n index: index.id,\n deployedIndexId: \"deployed_index_id\",\n reservedIpRanges: [\"vertex-ai-range\"],\n enableAccessLogging: false,\n displayName: \"vertex-deployed-index\",\n deployedIndexAuthConfig: {\n authProvider: {\n audiences: [\"123456-my-app\"],\n allowedIssuers: [sa.email],\n },\n },\n}, {\n dependsOn: [\n vertexIndexEndpointDeployed,\n sa,\n ],\n});\n// The sample data comes from the following link:\n// https://cloud.google.com/vertex-ai/docs/matching-engine/filtering#specify-namespaces-tokens\nconst data = new gcp.storage.BucketObject(\"data\", {\n name: \"contents/data.json\",\n bucket: bucket.name,\n content: `{\"id\": \"42\", \"embedding\": [0.5, 1.0], \"restricts\": [{\"namespace\": \"class\", \"allow\": [\"cat\", \"pet\"]},{\"namespace\": \"category\", \"allow\": [\"feline\"]}]}\n{\"id\": \"43\", \"embedding\": [0.6, 1.0], \"restricts\": [{\"namespace\": \"class\", \"allow\": [\"dog\", \"pet\"]},{\"namespace\": \"category\", \"allow\": [\"canine\"]}]}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\", account_id=\"vertex-sa\")\nbucket = gcp.storage.Bucket(\"bucket\",\n name=\"bucket-name\",\n location=\"us-central1\",\n uniform_bucket_level_access=True)\nindex = gcp.vertex.AiIndex(\"index\",\n labels={\n \"foo\": \"bar\",\n },\n region=\"us-central1\",\n display_name=\"test-index\",\n description=\"index for test\",\n metadata={\n \"contents_delta_uri\": bucket.name.apply(lambda name: f\"gs://{name}/contents\"),\n \"config\": {\n \"dimensions\": 2,\n \"approximate_neighbors_count\": 150,\n \"shard_size\": \"SHARD_SIZE_SMALL\",\n \"distance_measure_type\": \"DOT_PRODUCT_DISTANCE\",\n \"algorithm_config\": {\n \"tree_ah_config\": {\n \"leaf_node_embedding_count\": 500,\n \"leaf_nodes_to_search_percent\": 7,\n },\n },\n },\n },\n index_update_method=\"BATCH_UPDATE\")\nvertex_network = gcp.compute.get_network(name=\"network-name\")\nproject = gcp.organizations.get_project()\nvertex_index_endpoint_deployed = gcp.vertex.AiIndexEndpoint(\"vertex_index_endpoint_deployed\",\n display_name=\"sample-endpoint\",\n description=\"A sample vertex endpoint\",\n region=\"us-central1\",\n labels={\n \"label-one\": \"value-one\",\n },\n network=f\"projects/{project.number}/global/networks/{vertex_network.name}\")\nbasic_deployed_index = gcp.vertex.AiIndexEndpointDeployedIndex(\"basic_deployed_index\",\n index_endpoint=vertex_index_endpoint_deployed.id,\n index=index.id,\n deployed_index_id=\"deployed_index_id\",\n reserved_ip_ranges=[\"vertex-ai-range\"],\n enable_access_logging=False,\n display_name=\"vertex-deployed-index\",\n deployed_index_auth_config={\n \"auth_provider\": {\n \"audiences\": [\"123456-my-app\"],\n \"allowed_issuers\": [sa.email],\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[\n vertex_index_endpoint_deployed,\n sa,\n ]))\n# The sample data comes from the following link:\n# https://cloud.google.com/vertex-ai/docs/matching-engine/filtering#specify-namespaces-tokens\ndata = gcp.storage.BucketObject(\"data\",\n name=\"contents/data.json\",\n bucket=bucket.name,\n content=\"\"\"{\"id\": \"42\", \"embedding\": [0.5, 1.0], \"restricts\": [{\"namespace\": \"class\", \"allow\": [\"cat\", \"pet\"]},{\"namespace\": \"category\", \"allow\": [\"feline\"]}]}\n{\"id\": \"43\", \"embedding\": [0.6, 1.0], \"restricts\": [{\"namespace\": \"class\", \"allow\": [\"dog\", \"pet\"]},{\"namespace\": \"category\", \"allow\": [\"canine\"]}]}\n\"\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"vertex-sa\",\n });\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = \"bucket-name\",\n Location = \"us-central1\",\n UniformBucketLevelAccess = true,\n });\n\n var index = new Gcp.Vertex.AiIndex(\"index\", new()\n {\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Region = \"us-central1\",\n DisplayName = \"test-index\",\n Description = \"index for test\",\n Metadata = new Gcp.Vertex.Inputs.AiIndexMetadataArgs\n {\n ContentsDeltaUri = bucket.Name.Apply(name =\u003e $\"gs://{name}/contents\"),\n Config = new Gcp.Vertex.Inputs.AiIndexMetadataConfigArgs\n {\n Dimensions = 2,\n ApproximateNeighborsCount = 150,\n ShardSize = \"SHARD_SIZE_SMALL\",\n DistanceMeasureType = \"DOT_PRODUCT_DISTANCE\",\n AlgorithmConfig = new Gcp.Vertex.Inputs.AiIndexMetadataConfigAlgorithmConfigArgs\n {\n TreeAhConfig = new Gcp.Vertex.Inputs.AiIndexMetadataConfigAlgorithmConfigTreeAhConfigArgs\n {\n LeafNodeEmbeddingCount = 500,\n LeafNodesToSearchPercent = 7,\n },\n },\n },\n },\n IndexUpdateMethod = \"BATCH_UPDATE\",\n });\n\n var vertexNetwork = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"network-name\",\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var vertexIndexEndpointDeployed = new Gcp.Vertex.AiIndexEndpoint(\"vertex_index_endpoint_deployed\", new()\n {\n DisplayName = \"sample-endpoint\",\n Description = \"A sample vertex endpoint\",\n Region = \"us-central1\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n Network = Output.Tuple(project, vertexNetwork).Apply(values =\u003e\n {\n var project = values.Item1;\n var vertexNetwork = values.Item2;\n return $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/global/networks/{vertexNetwork.Apply(getNetworkResult =\u003e getNetworkResult.Name)}\";\n }),\n });\n\n var basicDeployedIndex = new Gcp.Vertex.AiIndexEndpointDeployedIndex(\"basic_deployed_index\", new()\n {\n IndexEndpoint = vertexIndexEndpointDeployed.Id,\n Index = index.Id,\n DeployedIndexId = \"deployed_index_id\",\n ReservedIpRanges = new[]\n {\n \"vertex-ai-range\",\n },\n EnableAccessLogging = false,\n DisplayName = \"vertex-deployed-index\",\n DeployedIndexAuthConfig = new Gcp.Vertex.Inputs.AiIndexEndpointDeployedIndexDeployedIndexAuthConfigArgs\n {\n AuthProvider = new Gcp.Vertex.Inputs.AiIndexEndpointDeployedIndexDeployedIndexAuthConfigAuthProviderArgs\n {\n Audiences = new[]\n {\n \"123456-my-app\",\n },\n AllowedIssuers = new[]\n {\n sa.Email,\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n vertexIndexEndpointDeployed,\n sa,\n },\n });\n\n // The sample data comes from the following link:\n // https://cloud.google.com/vertex-ai/docs/matching-engine/filtering#specify-namespaces-tokens\n var data = new Gcp.Storage.BucketObject(\"data\", new()\n {\n Name = \"contents/data.json\",\n Bucket = bucket.Name,\n Content = @\"{\"\"id\"\": \"\"42\"\", \"\"embedding\"\": [0.5, 1.0], \"\"restricts\"\": [{\"\"namespace\"\": \"\"class\"\", \"\"allow\"\": [\"\"cat\"\", \"\"pet\"\"]},{\"\"namespace\"\": \"\"category\"\", \"\"allow\"\": [\"\"feline\"\"]}]}\n{\"\"id\"\": \"\"43\"\", \"\"embedding\"\": [0.6, 1.0], \"\"restricts\"\": [{\"\"namespace\"\": \"\"class\"\", \"\"allow\"\": [\"\"dog\"\", \"\"pet\"\"]},{\"\"namespace\"\": \"\"category\"\", \"\"allow\"\": [\"\"canine\"\"]}]}\n\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vertex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"vertex-sa\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"bucket-name\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tindex, err := vertex.NewAiIndex(ctx, \"index\", \u0026vertex.AiIndexArgs{\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tDisplayName: pulumi.String(\"test-index\"),\n\t\t\tDescription: pulumi.String(\"index for test\"),\n\t\t\tMetadata: \u0026vertex.AiIndexMetadataArgs{\n\t\t\t\tContentsDeltaUri: bucket.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/contents\", name), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\tConfig: \u0026vertex.AiIndexMetadataConfigArgs{\n\t\t\t\t\tDimensions: pulumi.Int(2),\n\t\t\t\t\tApproximateNeighborsCount: pulumi.Int(150),\n\t\t\t\t\tShardSize: pulumi.String(\"SHARD_SIZE_SMALL\"),\n\t\t\t\t\tDistanceMeasureType: pulumi.String(\"DOT_PRODUCT_DISTANCE\"),\n\t\t\t\t\tAlgorithmConfig: \u0026vertex.AiIndexMetadataConfigAlgorithmConfigArgs{\n\t\t\t\t\t\tTreeAhConfig: \u0026vertex.AiIndexMetadataConfigAlgorithmConfigTreeAhConfigArgs{\n\t\t\t\t\t\t\tLeafNodeEmbeddingCount: pulumi.Int(500),\n\t\t\t\t\t\t\tLeafNodesToSearchPercent: pulumi.Int(7),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tIndexUpdateMethod: pulumi.String(\"BATCH_UPDATE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvertexNetwork, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"network-name\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvertexIndexEndpointDeployed, err := vertex.NewAiIndexEndpoint(ctx, \"vertex_index_endpoint_deployed\", \u0026vertex.AiIndexEndpointArgs{\n\t\t\tDisplayName: pulumi.String(\"sample-endpoint\"),\n\t\t\tDescription: pulumi.String(\"A sample vertex endpoint\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tNetwork: pulumi.Sprintf(\"projects/%v/global/networks/%v\", project.Number, vertexNetwork.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vertex.NewAiIndexEndpointDeployedIndex(ctx, \"basic_deployed_index\", \u0026vertex.AiIndexEndpointDeployedIndexArgs{\n\t\t\tIndexEndpoint: vertexIndexEndpointDeployed.ID(),\n\t\t\tIndex: index.ID(),\n\t\t\tDeployedIndexId: pulumi.String(\"deployed_index_id\"),\n\t\t\tReservedIpRanges: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"vertex-ai-range\"),\n\t\t\t},\n\t\t\tEnableAccessLogging: pulumi.Bool(false),\n\t\t\tDisplayName: pulumi.String(\"vertex-deployed-index\"),\n\t\t\tDeployedIndexAuthConfig: \u0026vertex.AiIndexEndpointDeployedIndexDeployedIndexAuthConfigArgs{\n\t\t\t\tAuthProvider: \u0026vertex.AiIndexEndpointDeployedIndexDeployedIndexAuthConfigAuthProviderArgs{\n\t\t\t\t\tAudiences: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"123456-my-app\"),\n\t\t\t\t\t},\n\t\t\t\t\tAllowedIssuers: pulumi.StringArray{\n\t\t\t\t\t\tsa.Email,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvertexIndexEndpointDeployed,\n\t\t\tsa,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// The sample data comes from the following link:\n\t\t// https://cloud.google.com/vertex-ai/docs/matching-engine/filtering#specify-namespaces-tokens\n\t\t_, err = storage.NewBucketObject(ctx, \"data\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"contents/data.json\"),\n\t\t\tBucket: bucket.Name,\n\t\t\tContent: pulumi.String(\"{\\\"id\\\": \\\"42\\\", \\\"embedding\\\": [0.5, 1.0], \\\"restricts\\\": [{\\\"namespace\\\": \\\"class\\\", \\\"allow\\\": [\\\"cat\\\", \\\"pet\\\"]},{\\\"namespace\\\": \\\"category\\\", \\\"allow\\\": [\\\"feline\\\"]}]}\\n{\\\"id\\\": \\\"43\\\", \\\"embedding\\\": [0.6, 1.0], \\\"restricts\\\": [{\\\"namespace\\\": \\\"class\\\", \\\"allow\\\": [\\\"dog\\\", \\\"pet\\\"]},{\\\"namespace\\\": \\\"category\\\", \\\"allow\\\": [\\\"canine\\\"]}]}\\n\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.vertex.AiIndex;\nimport com.pulumi.gcp.vertex.AiIndexArgs;\nimport com.pulumi.gcp.vertex.inputs.AiIndexMetadataArgs;\nimport com.pulumi.gcp.vertex.inputs.AiIndexMetadataConfigArgs;\nimport com.pulumi.gcp.vertex.inputs.AiIndexMetadataConfigAlgorithmConfigArgs;\nimport com.pulumi.gcp.vertex.inputs.AiIndexMetadataConfigAlgorithmConfigTreeAhConfigArgs;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.vertex.AiIndexEndpoint;\nimport com.pulumi.gcp.vertex.AiIndexEndpointArgs;\nimport com.pulumi.gcp.vertex.AiIndexEndpointDeployedIndex;\nimport com.pulumi.gcp.vertex.AiIndexEndpointDeployedIndexArgs;\nimport com.pulumi.gcp.vertex.inputs.AiIndexEndpointDeployedIndexDeployedIndexAuthConfigArgs;\nimport com.pulumi.gcp.vertex.inputs.AiIndexEndpointDeployedIndexDeployedIndexAuthConfigAuthProviderArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"vertex-sa\")\n .build());\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(\"bucket-name\")\n .location(\"us-central1\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var index = new AiIndex(\"index\", AiIndexArgs.builder()\n .labels(Map.of(\"foo\", \"bar\"))\n .region(\"us-central1\")\n .displayName(\"test-index\")\n .description(\"index for test\")\n .metadata(AiIndexMetadataArgs.builder()\n .contentsDeltaUri(bucket.name().applyValue(name -\u003e String.format(\"gs://%s/contents\", name)))\n .config(AiIndexMetadataConfigArgs.builder()\n .dimensions(2)\n .approximateNeighborsCount(150)\n .shardSize(\"SHARD_SIZE_SMALL\")\n .distanceMeasureType(\"DOT_PRODUCT_DISTANCE\")\n .algorithmConfig(AiIndexMetadataConfigAlgorithmConfigArgs.builder()\n .treeAhConfig(AiIndexMetadataConfigAlgorithmConfigTreeAhConfigArgs.builder()\n .leafNodeEmbeddingCount(500)\n .leafNodesToSearchPercent(7)\n .build())\n .build())\n .build())\n .build())\n .indexUpdateMethod(\"BATCH_UPDATE\")\n .build());\n\n final var vertexNetwork = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"network-name\")\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var vertexIndexEndpointDeployed = new AiIndexEndpoint(\"vertexIndexEndpointDeployed\", AiIndexEndpointArgs.builder()\n .displayName(\"sample-endpoint\")\n .description(\"A sample vertex endpoint\")\n .region(\"us-central1\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .network(String.format(\"projects/%s/global/networks/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number()),vertexNetwork.applyValue(getNetworkResult -\u003e getNetworkResult.name())))\n .build());\n\n var basicDeployedIndex = new AiIndexEndpointDeployedIndex(\"basicDeployedIndex\", AiIndexEndpointDeployedIndexArgs.builder()\n .indexEndpoint(vertexIndexEndpointDeployed.id())\n .index(index.id())\n .deployedIndexId(\"deployed_index_id\")\n .reservedIpRanges(\"vertex-ai-range\")\n .enableAccessLogging(false)\n .displayName(\"vertex-deployed-index\")\n .deployedIndexAuthConfig(AiIndexEndpointDeployedIndexDeployedIndexAuthConfigArgs.builder()\n .authProvider(AiIndexEndpointDeployedIndexDeployedIndexAuthConfigAuthProviderArgs.builder()\n .audiences(\"123456-my-app\")\n .allowedIssuers(sa.email())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n vertexIndexEndpointDeployed,\n sa)\n .build());\n\n // The sample data comes from the following link:\n // https://cloud.google.com/vertex-ai/docs/matching-engine/filtering#specify-namespaces-tokens\n var data = new BucketObject(\"data\", BucketObjectArgs.builder()\n .name(\"contents/data.json\")\n .bucket(bucket.name())\n .content(\"\"\"\n{\"id\": \"42\", \"embedding\": [0.5, 1.0], \"restricts\": [{\"namespace\": \"class\", \"allow\": [\"cat\", \"pet\"]},{\"namespace\": \"category\", \"allow\": [\"feline\"]}]}\n{\"id\": \"43\", \"embedding\": [0.6, 1.0], \"restricts\": [{\"namespace\": \"class\", \"allow\": [\"dog\", \"pet\"]},{\"namespace\": \"category\", \"allow\": [\"canine\"]}]}\n \"\"\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: vertex-sa\n basicDeployedIndex:\n type: gcp:vertex:AiIndexEndpointDeployedIndex\n name: basic_deployed_index\n properties:\n indexEndpoint: ${vertexIndexEndpointDeployed.id}\n index: ${index.id}\n deployedIndexId: deployed_index_id\n reservedIpRanges:\n - vertex-ai-range\n enableAccessLogging: false\n displayName: vertex-deployed-index\n deployedIndexAuthConfig:\n authProvider:\n audiences:\n - 123456-my-app\n allowedIssuers:\n - ${sa.email}\n options:\n dependson:\n - ${vertexIndexEndpointDeployed}\n - ${sa}\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: bucket-name\n location: us-central1\n uniformBucketLevelAccess: true\n # The sample data comes from the following link:\n # https://cloud.google.com/vertex-ai/docs/matching-engine/filtering#specify-namespaces-tokens\n data:\n type: gcp:storage:BucketObject\n properties:\n name: contents/data.json\n bucket: ${bucket.name}\n content: |\n {\"id\": \"42\", \"embedding\": [0.5, 1.0], \"restricts\": [{\"namespace\": \"class\", \"allow\": [\"cat\", \"pet\"]},{\"namespace\": \"category\", \"allow\": [\"feline\"]}]}\n {\"id\": \"43\", \"embedding\": [0.6, 1.0], \"restricts\": [{\"namespace\": \"class\", \"allow\": [\"dog\", \"pet\"]},{\"namespace\": \"category\", \"allow\": [\"canine\"]}]}\n index:\n type: gcp:vertex:AiIndex\n properties:\n labels:\n foo: bar\n region: us-central1\n displayName: test-index\n description: index for test\n metadata:\n contentsDeltaUri: gs://${bucket.name}/contents\n config:\n dimensions: 2\n approximateNeighborsCount: 150\n shardSize: SHARD_SIZE_SMALL\n distanceMeasureType: DOT_PRODUCT_DISTANCE\n algorithmConfig:\n treeAhConfig:\n leafNodeEmbeddingCount: 500\n leafNodesToSearchPercent: 7\n indexUpdateMethod: BATCH_UPDATE\n vertexIndexEndpointDeployed:\n type: gcp:vertex:AiIndexEndpoint\n name: vertex_index_endpoint_deployed\n properties:\n displayName: sample-endpoint\n description: A sample vertex endpoint\n region: us-central1\n labels:\n label-one: value-one\n network: projects/${project.number}/global/networks/${vertexNetwork.name}\nvariables:\n vertexNetwork:\n fn::invoke:\n Function: gcp:compute:getNetwork\n Arguments:\n name: network-name\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Vertex Ai Index Endpoint Deployed Index Basic Two\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {accountId: \"vertex-sa\"});\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: \"bucket-name\",\n location: \"us-central1\",\n uniformBucketLevelAccess: true,\n});\nconst index = new gcp.vertex.AiIndex(\"index\", {\n labels: {\n foo: \"bar\",\n },\n region: \"us-central1\",\n displayName: \"test-index\",\n description: \"index for test\",\n metadata: {\n contentsDeltaUri: pulumi.interpolate`gs://${bucket.name}/contents`,\n config: {\n dimensions: 2,\n approximateNeighborsCount: 150,\n shardSize: \"SHARD_SIZE_SMALL\",\n distanceMeasureType: \"DOT_PRODUCT_DISTANCE\",\n algorithmConfig: {\n treeAhConfig: {\n leafNodeEmbeddingCount: 500,\n leafNodesToSearchPercent: 7,\n },\n },\n },\n },\n indexUpdateMethod: \"BATCH_UPDATE\",\n});\nconst vertexNetwork = gcp.compute.getNetwork({\n name: \"network-name\",\n});\nconst project = gcp.organizations.getProject({});\nconst vertexIndexEndpointDeployed = new gcp.vertex.AiIndexEndpoint(\"vertex_index_endpoint_deployed\", {\n displayName: \"sample-endpoint\",\n description: \"A sample vertex endpoint\",\n region: \"us-central1\",\n labels: {\n \"label-one\": \"value-one\",\n },\n network: Promise.all([project, vertexNetwork]).then(([project, vertexNetwork]) =\u003e `projects/${project.number}/global/networks/${vertexNetwork.name}`),\n});\nconst basicDeployedIndex = new gcp.vertex.AiIndexEndpointDeployedIndex(\"basic_deployed_index\", {\n indexEndpoint: vertexIndexEndpointDeployed.id,\n index: index.id,\n deployedIndexId: \"deployed_index_id\",\n reservedIpRanges: [\"vertex-ai-range\"],\n enableAccessLogging: false,\n displayName: \"vertex-deployed-index\",\n deployedIndexAuthConfig: {\n authProvider: {\n audiences: [\"123456-my-app\"],\n allowedIssuers: [sa.email],\n },\n },\n automaticResources: {\n maxReplicaCount: 4,\n },\n}, {\n dependsOn: [\n vertexIndexEndpointDeployed,\n sa,\n ],\n});\n// The sample data comes from the following link:\n// https://cloud.google.com/vertex-ai/docs/matching-engine/filtering#specify-namespaces-tokens\nconst data = new gcp.storage.BucketObject(\"data\", {\n name: \"contents/data.json\",\n bucket: bucket.name,\n content: `{\"id\": \"42\", \"embedding\": [0.5, 1.0], \"restricts\": [{\"namespace\": \"class\", \"allow\": [\"cat\", \"pet\"]},{\"namespace\": \"category\", \"allow\": [\"feline\"]}]}\n{\"id\": \"43\", \"embedding\": [0.6, 1.0], \"restricts\": [{\"namespace\": \"class\", \"allow\": [\"dog\", \"pet\"]},{\"namespace\": \"category\", \"allow\": [\"canine\"]}]}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\", account_id=\"vertex-sa\")\nbucket = gcp.storage.Bucket(\"bucket\",\n name=\"bucket-name\",\n location=\"us-central1\",\n uniform_bucket_level_access=True)\nindex = gcp.vertex.AiIndex(\"index\",\n labels={\n \"foo\": \"bar\",\n },\n region=\"us-central1\",\n display_name=\"test-index\",\n description=\"index for test\",\n metadata={\n \"contents_delta_uri\": bucket.name.apply(lambda name: f\"gs://{name}/contents\"),\n \"config\": {\n \"dimensions\": 2,\n \"approximate_neighbors_count\": 150,\n \"shard_size\": \"SHARD_SIZE_SMALL\",\n \"distance_measure_type\": \"DOT_PRODUCT_DISTANCE\",\n \"algorithm_config\": {\n \"tree_ah_config\": {\n \"leaf_node_embedding_count\": 500,\n \"leaf_nodes_to_search_percent\": 7,\n },\n },\n },\n },\n index_update_method=\"BATCH_UPDATE\")\nvertex_network = gcp.compute.get_network(name=\"network-name\")\nproject = gcp.organizations.get_project()\nvertex_index_endpoint_deployed = gcp.vertex.AiIndexEndpoint(\"vertex_index_endpoint_deployed\",\n display_name=\"sample-endpoint\",\n description=\"A sample vertex endpoint\",\n region=\"us-central1\",\n labels={\n \"label-one\": \"value-one\",\n },\n network=f\"projects/{project.number}/global/networks/{vertex_network.name}\")\nbasic_deployed_index = gcp.vertex.AiIndexEndpointDeployedIndex(\"basic_deployed_index\",\n index_endpoint=vertex_index_endpoint_deployed.id,\n index=index.id,\n deployed_index_id=\"deployed_index_id\",\n reserved_ip_ranges=[\"vertex-ai-range\"],\n enable_access_logging=False,\n display_name=\"vertex-deployed-index\",\n deployed_index_auth_config={\n \"auth_provider\": {\n \"audiences\": [\"123456-my-app\"],\n \"allowed_issuers\": [sa.email],\n },\n },\n automatic_resources={\n \"max_replica_count\": 4,\n },\n opts = pulumi.ResourceOptions(depends_on=[\n vertex_index_endpoint_deployed,\n sa,\n ]))\n# The sample data comes from the following link:\n# https://cloud.google.com/vertex-ai/docs/matching-engine/filtering#specify-namespaces-tokens\ndata = gcp.storage.BucketObject(\"data\",\n name=\"contents/data.json\",\n bucket=bucket.name,\n content=\"\"\"{\"id\": \"42\", \"embedding\": [0.5, 1.0], \"restricts\": [{\"namespace\": \"class\", \"allow\": [\"cat\", \"pet\"]},{\"namespace\": \"category\", \"allow\": [\"feline\"]}]}\n{\"id\": \"43\", \"embedding\": [0.6, 1.0], \"restricts\": [{\"namespace\": \"class\", \"allow\": [\"dog\", \"pet\"]},{\"namespace\": \"category\", \"allow\": [\"canine\"]}]}\n\"\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"vertex-sa\",\n });\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = \"bucket-name\",\n Location = \"us-central1\",\n UniformBucketLevelAccess = true,\n });\n\n var index = new Gcp.Vertex.AiIndex(\"index\", new()\n {\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Region = \"us-central1\",\n DisplayName = \"test-index\",\n Description = \"index for test\",\n Metadata = new Gcp.Vertex.Inputs.AiIndexMetadataArgs\n {\n ContentsDeltaUri = bucket.Name.Apply(name =\u003e $\"gs://{name}/contents\"),\n Config = new Gcp.Vertex.Inputs.AiIndexMetadataConfigArgs\n {\n Dimensions = 2,\n ApproximateNeighborsCount = 150,\n ShardSize = \"SHARD_SIZE_SMALL\",\n DistanceMeasureType = \"DOT_PRODUCT_DISTANCE\",\n AlgorithmConfig = new Gcp.Vertex.Inputs.AiIndexMetadataConfigAlgorithmConfigArgs\n {\n TreeAhConfig = new Gcp.Vertex.Inputs.AiIndexMetadataConfigAlgorithmConfigTreeAhConfigArgs\n {\n LeafNodeEmbeddingCount = 500,\n LeafNodesToSearchPercent = 7,\n },\n },\n },\n },\n IndexUpdateMethod = \"BATCH_UPDATE\",\n });\n\n var vertexNetwork = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"network-name\",\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var vertexIndexEndpointDeployed = new Gcp.Vertex.AiIndexEndpoint(\"vertex_index_endpoint_deployed\", new()\n {\n DisplayName = \"sample-endpoint\",\n Description = \"A sample vertex endpoint\",\n Region = \"us-central1\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n Network = Output.Tuple(project, vertexNetwork).Apply(values =\u003e\n {\n var project = values.Item1;\n var vertexNetwork = values.Item2;\n return $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/global/networks/{vertexNetwork.Apply(getNetworkResult =\u003e getNetworkResult.Name)}\";\n }),\n });\n\n var basicDeployedIndex = new Gcp.Vertex.AiIndexEndpointDeployedIndex(\"basic_deployed_index\", new()\n {\n IndexEndpoint = vertexIndexEndpointDeployed.Id,\n Index = index.Id,\n DeployedIndexId = \"deployed_index_id\",\n ReservedIpRanges = new[]\n {\n \"vertex-ai-range\",\n },\n EnableAccessLogging = false,\n DisplayName = \"vertex-deployed-index\",\n DeployedIndexAuthConfig = new Gcp.Vertex.Inputs.AiIndexEndpointDeployedIndexDeployedIndexAuthConfigArgs\n {\n AuthProvider = new Gcp.Vertex.Inputs.AiIndexEndpointDeployedIndexDeployedIndexAuthConfigAuthProviderArgs\n {\n Audiences = new[]\n {\n \"123456-my-app\",\n },\n AllowedIssuers = new[]\n {\n sa.Email,\n },\n },\n },\n AutomaticResources = new Gcp.Vertex.Inputs.AiIndexEndpointDeployedIndexAutomaticResourcesArgs\n {\n MaxReplicaCount = 4,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n vertexIndexEndpointDeployed,\n sa,\n },\n });\n\n // The sample data comes from the following link:\n // https://cloud.google.com/vertex-ai/docs/matching-engine/filtering#specify-namespaces-tokens\n var data = new Gcp.Storage.BucketObject(\"data\", new()\n {\n Name = \"contents/data.json\",\n Bucket = bucket.Name,\n Content = @\"{\"\"id\"\": \"\"42\"\", \"\"embedding\"\": [0.5, 1.0], \"\"restricts\"\": [{\"\"namespace\"\": \"\"class\"\", \"\"allow\"\": [\"\"cat\"\", \"\"pet\"\"]},{\"\"namespace\"\": \"\"category\"\", \"\"allow\"\": [\"\"feline\"\"]}]}\n{\"\"id\"\": \"\"43\"\", \"\"embedding\"\": [0.6, 1.0], \"\"restricts\"\": [{\"\"namespace\"\": \"\"class\"\", \"\"allow\"\": [\"\"dog\"\", \"\"pet\"\"]},{\"\"namespace\"\": \"\"category\"\", \"\"allow\"\": [\"\"canine\"\"]}]}\n\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vertex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"vertex-sa\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"bucket-name\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tindex, err := vertex.NewAiIndex(ctx, \"index\", \u0026vertex.AiIndexArgs{\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tDisplayName: pulumi.String(\"test-index\"),\n\t\t\tDescription: pulumi.String(\"index for test\"),\n\t\t\tMetadata: \u0026vertex.AiIndexMetadataArgs{\n\t\t\t\tContentsDeltaUri: bucket.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/contents\", name), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\tConfig: \u0026vertex.AiIndexMetadataConfigArgs{\n\t\t\t\t\tDimensions: pulumi.Int(2),\n\t\t\t\t\tApproximateNeighborsCount: pulumi.Int(150),\n\t\t\t\t\tShardSize: pulumi.String(\"SHARD_SIZE_SMALL\"),\n\t\t\t\t\tDistanceMeasureType: pulumi.String(\"DOT_PRODUCT_DISTANCE\"),\n\t\t\t\t\tAlgorithmConfig: \u0026vertex.AiIndexMetadataConfigAlgorithmConfigArgs{\n\t\t\t\t\t\tTreeAhConfig: \u0026vertex.AiIndexMetadataConfigAlgorithmConfigTreeAhConfigArgs{\n\t\t\t\t\t\t\tLeafNodeEmbeddingCount: pulumi.Int(500),\n\t\t\t\t\t\t\tLeafNodesToSearchPercent: pulumi.Int(7),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tIndexUpdateMethod: pulumi.String(\"BATCH_UPDATE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvertexNetwork, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"network-name\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvertexIndexEndpointDeployed, err := vertex.NewAiIndexEndpoint(ctx, \"vertex_index_endpoint_deployed\", \u0026vertex.AiIndexEndpointArgs{\n\t\t\tDisplayName: pulumi.String(\"sample-endpoint\"),\n\t\t\tDescription: pulumi.String(\"A sample vertex endpoint\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tNetwork: pulumi.Sprintf(\"projects/%v/global/networks/%v\", project.Number, vertexNetwork.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vertex.NewAiIndexEndpointDeployedIndex(ctx, \"basic_deployed_index\", \u0026vertex.AiIndexEndpointDeployedIndexArgs{\n\t\t\tIndexEndpoint: vertexIndexEndpointDeployed.ID(),\n\t\t\tIndex: index.ID(),\n\t\t\tDeployedIndexId: pulumi.String(\"deployed_index_id\"),\n\t\t\tReservedIpRanges: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"vertex-ai-range\"),\n\t\t\t},\n\t\t\tEnableAccessLogging: pulumi.Bool(false),\n\t\t\tDisplayName: pulumi.String(\"vertex-deployed-index\"),\n\t\t\tDeployedIndexAuthConfig: \u0026vertex.AiIndexEndpointDeployedIndexDeployedIndexAuthConfigArgs{\n\t\t\t\tAuthProvider: \u0026vertex.AiIndexEndpointDeployedIndexDeployedIndexAuthConfigAuthProviderArgs{\n\t\t\t\t\tAudiences: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"123456-my-app\"),\n\t\t\t\t\t},\n\t\t\t\t\tAllowedIssuers: pulumi.StringArray{\n\t\t\t\t\t\tsa.Email,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAutomaticResources: \u0026vertex.AiIndexEndpointDeployedIndexAutomaticResourcesArgs{\n\t\t\t\tMaxReplicaCount: pulumi.Int(4),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvertexIndexEndpointDeployed,\n\t\t\tsa,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// The sample data comes from the following link:\n\t\t// https://cloud.google.com/vertex-ai/docs/matching-engine/filtering#specify-namespaces-tokens\n\t\t_, err = storage.NewBucketObject(ctx, \"data\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"contents/data.json\"),\n\t\t\tBucket: bucket.Name,\n\t\t\tContent: pulumi.String(\"{\\\"id\\\": \\\"42\\\", \\\"embedding\\\": [0.5, 1.0], \\\"restricts\\\": [{\\\"namespace\\\": \\\"class\\\", \\\"allow\\\": [\\\"cat\\\", \\\"pet\\\"]},{\\\"namespace\\\": \\\"category\\\", \\\"allow\\\": [\\\"feline\\\"]}]}\\n{\\\"id\\\": \\\"43\\\", \\\"embedding\\\": [0.6, 1.0], \\\"restricts\\\": [{\\\"namespace\\\": \\\"class\\\", \\\"allow\\\": [\\\"dog\\\", \\\"pet\\\"]},{\\\"namespace\\\": \\\"category\\\", \\\"allow\\\": [\\\"canine\\\"]}]}\\n\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.vertex.AiIndex;\nimport com.pulumi.gcp.vertex.AiIndexArgs;\nimport com.pulumi.gcp.vertex.inputs.AiIndexMetadataArgs;\nimport com.pulumi.gcp.vertex.inputs.AiIndexMetadataConfigArgs;\nimport com.pulumi.gcp.vertex.inputs.AiIndexMetadataConfigAlgorithmConfigArgs;\nimport com.pulumi.gcp.vertex.inputs.AiIndexMetadataConfigAlgorithmConfigTreeAhConfigArgs;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.vertex.AiIndexEndpoint;\nimport com.pulumi.gcp.vertex.AiIndexEndpointArgs;\nimport com.pulumi.gcp.vertex.AiIndexEndpointDeployedIndex;\nimport com.pulumi.gcp.vertex.AiIndexEndpointDeployedIndexArgs;\nimport com.pulumi.gcp.vertex.inputs.AiIndexEndpointDeployedIndexDeployedIndexAuthConfigArgs;\nimport com.pulumi.gcp.vertex.inputs.AiIndexEndpointDeployedIndexDeployedIndexAuthConfigAuthProviderArgs;\nimport com.pulumi.gcp.vertex.inputs.AiIndexEndpointDeployedIndexAutomaticResourcesArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"vertex-sa\")\n .build());\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(\"bucket-name\")\n .location(\"us-central1\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var index = new AiIndex(\"index\", AiIndexArgs.builder()\n .labels(Map.of(\"foo\", \"bar\"))\n .region(\"us-central1\")\n .displayName(\"test-index\")\n .description(\"index for test\")\n .metadata(AiIndexMetadataArgs.builder()\n .contentsDeltaUri(bucket.name().applyValue(name -\u003e String.format(\"gs://%s/contents\", name)))\n .config(AiIndexMetadataConfigArgs.builder()\n .dimensions(2)\n .approximateNeighborsCount(150)\n .shardSize(\"SHARD_SIZE_SMALL\")\n .distanceMeasureType(\"DOT_PRODUCT_DISTANCE\")\n .algorithmConfig(AiIndexMetadataConfigAlgorithmConfigArgs.builder()\n .treeAhConfig(AiIndexMetadataConfigAlgorithmConfigTreeAhConfigArgs.builder()\n .leafNodeEmbeddingCount(500)\n .leafNodesToSearchPercent(7)\n .build())\n .build())\n .build())\n .build())\n .indexUpdateMethod(\"BATCH_UPDATE\")\n .build());\n\n final var vertexNetwork = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"network-name\")\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var vertexIndexEndpointDeployed = new AiIndexEndpoint(\"vertexIndexEndpointDeployed\", AiIndexEndpointArgs.builder()\n .displayName(\"sample-endpoint\")\n .description(\"A sample vertex endpoint\")\n .region(\"us-central1\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .network(String.format(\"projects/%s/global/networks/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number()),vertexNetwork.applyValue(getNetworkResult -\u003e getNetworkResult.name())))\n .build());\n\n var basicDeployedIndex = new AiIndexEndpointDeployedIndex(\"basicDeployedIndex\", AiIndexEndpointDeployedIndexArgs.builder()\n .indexEndpoint(vertexIndexEndpointDeployed.id())\n .index(index.id())\n .deployedIndexId(\"deployed_index_id\")\n .reservedIpRanges(\"vertex-ai-range\")\n .enableAccessLogging(false)\n .displayName(\"vertex-deployed-index\")\n .deployedIndexAuthConfig(AiIndexEndpointDeployedIndexDeployedIndexAuthConfigArgs.builder()\n .authProvider(AiIndexEndpointDeployedIndexDeployedIndexAuthConfigAuthProviderArgs.builder()\n .audiences(\"123456-my-app\")\n .allowedIssuers(sa.email())\n .build())\n .build())\n .automaticResources(AiIndexEndpointDeployedIndexAutomaticResourcesArgs.builder()\n .maxReplicaCount(4)\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n vertexIndexEndpointDeployed,\n sa)\n .build());\n\n // The sample data comes from the following link:\n // https://cloud.google.com/vertex-ai/docs/matching-engine/filtering#specify-namespaces-tokens\n var data = new BucketObject(\"data\", BucketObjectArgs.builder()\n .name(\"contents/data.json\")\n .bucket(bucket.name())\n .content(\"\"\"\n{\"id\": \"42\", \"embedding\": [0.5, 1.0], \"restricts\": [{\"namespace\": \"class\", \"allow\": [\"cat\", \"pet\"]},{\"namespace\": \"category\", \"allow\": [\"feline\"]}]}\n{\"id\": \"43\", \"embedding\": [0.6, 1.0], \"restricts\": [{\"namespace\": \"class\", \"allow\": [\"dog\", \"pet\"]},{\"namespace\": \"category\", \"allow\": [\"canine\"]}]}\n \"\"\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: vertex-sa\n basicDeployedIndex:\n type: gcp:vertex:AiIndexEndpointDeployedIndex\n name: basic_deployed_index\n properties:\n indexEndpoint: ${vertexIndexEndpointDeployed.id}\n index: ${index.id}\n deployedIndexId: deployed_index_id\n reservedIpRanges:\n - vertex-ai-range\n enableAccessLogging: false\n displayName: vertex-deployed-index\n deployedIndexAuthConfig:\n authProvider:\n audiences:\n - 123456-my-app\n allowedIssuers:\n - ${sa.email}\n automaticResources:\n maxReplicaCount: 4\n options:\n dependson:\n - ${vertexIndexEndpointDeployed}\n - ${sa}\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: bucket-name\n location: us-central1\n uniformBucketLevelAccess: true\n # The sample data comes from the following link:\n # https://cloud.google.com/vertex-ai/docs/matching-engine/filtering#specify-namespaces-tokens\n data:\n type: gcp:storage:BucketObject\n properties:\n name: contents/data.json\n bucket: ${bucket.name}\n content: |\n {\"id\": \"42\", \"embedding\": [0.5, 1.0], \"restricts\": [{\"namespace\": \"class\", \"allow\": [\"cat\", \"pet\"]},{\"namespace\": \"category\", \"allow\": [\"feline\"]}]}\n {\"id\": \"43\", \"embedding\": [0.6, 1.0], \"restricts\": [{\"namespace\": \"class\", \"allow\": [\"dog\", \"pet\"]},{\"namespace\": \"category\", \"allow\": [\"canine\"]}]}\n index:\n type: gcp:vertex:AiIndex\n properties:\n labels:\n foo: bar\n region: us-central1\n displayName: test-index\n description: index for test\n metadata:\n contentsDeltaUri: gs://${bucket.name}/contents\n config:\n dimensions: 2\n approximateNeighborsCount: 150\n shardSize: SHARD_SIZE_SMALL\n distanceMeasureType: DOT_PRODUCT_DISTANCE\n algorithmConfig:\n treeAhConfig:\n leafNodeEmbeddingCount: 500\n leafNodesToSearchPercent: 7\n indexUpdateMethod: BATCH_UPDATE\n vertexIndexEndpointDeployed:\n type: gcp:vertex:AiIndexEndpoint\n name: vertex_index_endpoint_deployed\n properties:\n displayName: sample-endpoint\n description: A sample vertex endpoint\n region: us-central1\n labels:\n label-one: value-one\n network: projects/${project.number}/global/networks/${vertexNetwork.name}\nvariables:\n vertexNetwork:\n fn::invoke:\n Function: gcp:compute:getNetwork\n Arguments:\n name: network-name\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nIndexEndpointDeployedIndex can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/indexEndpoints/{{index_endpoint}}/deployedIndex/{{deployed_index_id}}`\n\n* `{{project}}/{{region}}/{{index_endpoint}}/{{deployed_index_id}}`\n\n* `{{region}}/{{index_endpoint}}/{{deployed_index_id}}`\n\n* `{{index_endpoint}}/{{deployed_index_id}}`\n\nWhen using the `pulumi import` command, IndexEndpointDeployedIndex can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:vertex/aiIndexEndpointDeployedIndex:AiIndexEndpointDeployedIndex default projects/{{project}}/locations/{{region}}/indexEndpoints/{{index_endpoint}}/deployedIndex/{{deployed_index_id}}\n```\n\n```sh\n$ pulumi import gcp:vertex/aiIndexEndpointDeployedIndex:AiIndexEndpointDeployedIndex default {{project}}/{{region}}/{{index_endpoint}}/{{deployed_index_id}}\n```\n\n```sh\n$ pulumi import gcp:vertex/aiIndexEndpointDeployedIndex:AiIndexEndpointDeployedIndex default {{region}}/{{index_endpoint}}/{{deployed_index_id}}\n```\n\n```sh\n$ pulumi import gcp:vertex/aiIndexEndpointDeployedIndex:AiIndexEndpointDeployedIndex default {{index_endpoint}}/{{deployed_index_id}}\n```\n\n", + "description": "An endpoint indexes are deployed into. An index endpoint can have multiple deployed indexes.\n\n\nTo get more information about IndexEndpointDeployedIndex, see:\n\n* [API documentation](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.indexEndpoints#DeployedIndex)\n\n## Example Usage\n\n### Vertex Ai Index Endpoint Deployed Index Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {accountId: \"vertex-sa\"});\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: \"bucket-name\",\n location: \"us-central1\",\n uniformBucketLevelAccess: true,\n});\nconst index = new gcp.vertex.AiIndex(\"index\", {\n labels: {\n foo: \"bar\",\n },\n region: \"us-central1\",\n displayName: \"test-index\",\n description: \"index for test\",\n metadata: {\n contentsDeltaUri: pulumi.interpolate`gs://${bucket.name}/contents`,\n config: {\n dimensions: 2,\n approximateNeighborsCount: 150,\n shardSize: \"SHARD_SIZE_SMALL\",\n distanceMeasureType: \"DOT_PRODUCT_DISTANCE\",\n algorithmConfig: {\n treeAhConfig: {\n leafNodeEmbeddingCount: 500,\n leafNodesToSearchPercent: 7,\n },\n },\n },\n },\n indexUpdateMethod: \"BATCH_UPDATE\",\n});\nconst vertexNetwork = gcp.compute.getNetwork({\n name: \"network-name\",\n});\nconst project = gcp.organizations.getProject({});\nconst vertexIndexEndpointDeployed = new gcp.vertex.AiIndexEndpoint(\"vertex_index_endpoint_deployed\", {\n displayName: \"sample-endpoint\",\n description: \"A sample vertex endpoint\",\n region: \"us-central1\",\n labels: {\n \"label-one\": \"value-one\",\n },\n network: Promise.all([project, vertexNetwork]).then(([project, vertexNetwork]) =\u003e `projects/${project.number}/global/networks/${vertexNetwork.name}`),\n});\nconst basicDeployedIndex = new gcp.vertex.AiIndexEndpointDeployedIndex(\"basic_deployed_index\", {\n indexEndpoint: vertexIndexEndpointDeployed.id,\n index: index.id,\n deployedIndexId: \"deployed_index_id\",\n reservedIpRanges: [\"vertex-ai-range\"],\n enableAccessLogging: false,\n displayName: \"vertex-deployed-index\",\n deployedIndexAuthConfig: {\n authProvider: {\n audiences: [\"123456-my-app\"],\n allowedIssuers: [sa.email],\n },\n },\n}, {\n dependsOn: [\n vertexIndexEndpointDeployed,\n sa,\n ],\n});\n// The sample data comes from the following link:\n// https://cloud.google.com/vertex-ai/docs/matching-engine/filtering#specify-namespaces-tokens\nconst data = new gcp.storage.BucketObject(\"data\", {\n name: \"contents/data.json\",\n bucket: bucket.name,\n content: `{\"id\": \"42\", \"embedding\": [0.5, 1.0], \"restricts\": [{\"namespace\": \"class\", \"allow\": [\"cat\", \"pet\"]},{\"namespace\": \"category\", \"allow\": [\"feline\"]}]}\n{\"id\": \"43\", \"embedding\": [0.6, 1.0], \"restricts\": [{\"namespace\": \"class\", \"allow\": [\"dog\", \"pet\"]},{\"namespace\": \"category\", \"allow\": [\"canine\"]}]}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\", account_id=\"vertex-sa\")\nbucket = gcp.storage.Bucket(\"bucket\",\n name=\"bucket-name\",\n location=\"us-central1\",\n uniform_bucket_level_access=True)\nindex = gcp.vertex.AiIndex(\"index\",\n labels={\n \"foo\": \"bar\",\n },\n region=\"us-central1\",\n display_name=\"test-index\",\n description=\"index for test\",\n metadata={\n \"contents_delta_uri\": bucket.name.apply(lambda name: f\"gs://{name}/contents\"),\n \"config\": {\n \"dimensions\": 2,\n \"approximate_neighbors_count\": 150,\n \"shard_size\": \"SHARD_SIZE_SMALL\",\n \"distance_measure_type\": \"DOT_PRODUCT_DISTANCE\",\n \"algorithm_config\": {\n \"tree_ah_config\": {\n \"leaf_node_embedding_count\": 500,\n \"leaf_nodes_to_search_percent\": 7,\n },\n },\n },\n },\n index_update_method=\"BATCH_UPDATE\")\nvertex_network = gcp.compute.get_network(name=\"network-name\")\nproject = gcp.organizations.get_project()\nvertex_index_endpoint_deployed = gcp.vertex.AiIndexEndpoint(\"vertex_index_endpoint_deployed\",\n display_name=\"sample-endpoint\",\n description=\"A sample vertex endpoint\",\n region=\"us-central1\",\n labels={\n \"label-one\": \"value-one\",\n },\n network=f\"projects/{project.number}/global/networks/{vertex_network.name}\")\nbasic_deployed_index = gcp.vertex.AiIndexEndpointDeployedIndex(\"basic_deployed_index\",\n index_endpoint=vertex_index_endpoint_deployed.id,\n index=index.id,\n deployed_index_id=\"deployed_index_id\",\n reserved_ip_ranges=[\"vertex-ai-range\"],\n enable_access_logging=False,\n display_name=\"vertex-deployed-index\",\n deployed_index_auth_config={\n \"auth_provider\": {\n \"audiences\": [\"123456-my-app\"],\n \"allowed_issuers\": [sa.email],\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[\n vertex_index_endpoint_deployed,\n sa,\n ]))\n# The sample data comes from the following link:\n# https://cloud.google.com/vertex-ai/docs/matching-engine/filtering#specify-namespaces-tokens\ndata = gcp.storage.BucketObject(\"data\",\n name=\"contents/data.json\",\n bucket=bucket.name,\n content=\"\"\"{\"id\": \"42\", \"embedding\": [0.5, 1.0], \"restricts\": [{\"namespace\": \"class\", \"allow\": [\"cat\", \"pet\"]},{\"namespace\": \"category\", \"allow\": [\"feline\"]}]}\n{\"id\": \"43\", \"embedding\": [0.6, 1.0], \"restricts\": [{\"namespace\": \"class\", \"allow\": [\"dog\", \"pet\"]},{\"namespace\": \"category\", \"allow\": [\"canine\"]}]}\n\"\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"vertex-sa\",\n });\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = \"bucket-name\",\n Location = \"us-central1\",\n UniformBucketLevelAccess = true,\n });\n\n var index = new Gcp.Vertex.AiIndex(\"index\", new()\n {\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Region = \"us-central1\",\n DisplayName = \"test-index\",\n Description = \"index for test\",\n Metadata = new Gcp.Vertex.Inputs.AiIndexMetadataArgs\n {\n ContentsDeltaUri = bucket.Name.Apply(name =\u003e $\"gs://{name}/contents\"),\n Config = new Gcp.Vertex.Inputs.AiIndexMetadataConfigArgs\n {\n Dimensions = 2,\n ApproximateNeighborsCount = 150,\n ShardSize = \"SHARD_SIZE_SMALL\",\n DistanceMeasureType = \"DOT_PRODUCT_DISTANCE\",\n AlgorithmConfig = new Gcp.Vertex.Inputs.AiIndexMetadataConfigAlgorithmConfigArgs\n {\n TreeAhConfig = new Gcp.Vertex.Inputs.AiIndexMetadataConfigAlgorithmConfigTreeAhConfigArgs\n {\n LeafNodeEmbeddingCount = 500,\n LeafNodesToSearchPercent = 7,\n },\n },\n },\n },\n IndexUpdateMethod = \"BATCH_UPDATE\",\n });\n\n var vertexNetwork = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"network-name\",\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var vertexIndexEndpointDeployed = new Gcp.Vertex.AiIndexEndpoint(\"vertex_index_endpoint_deployed\", new()\n {\n DisplayName = \"sample-endpoint\",\n Description = \"A sample vertex endpoint\",\n Region = \"us-central1\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n Network = Output.Tuple(project, vertexNetwork).Apply(values =\u003e\n {\n var project = values.Item1;\n var vertexNetwork = values.Item2;\n return $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/global/networks/{vertexNetwork.Apply(getNetworkResult =\u003e getNetworkResult.Name)}\";\n }),\n });\n\n var basicDeployedIndex = new Gcp.Vertex.AiIndexEndpointDeployedIndex(\"basic_deployed_index\", new()\n {\n IndexEndpoint = vertexIndexEndpointDeployed.Id,\n Index = index.Id,\n DeployedIndexId = \"deployed_index_id\",\n ReservedIpRanges = new[]\n {\n \"vertex-ai-range\",\n },\n EnableAccessLogging = false,\n DisplayName = \"vertex-deployed-index\",\n DeployedIndexAuthConfig = new Gcp.Vertex.Inputs.AiIndexEndpointDeployedIndexDeployedIndexAuthConfigArgs\n {\n AuthProvider = new Gcp.Vertex.Inputs.AiIndexEndpointDeployedIndexDeployedIndexAuthConfigAuthProviderArgs\n {\n Audiences = new[]\n {\n \"123456-my-app\",\n },\n AllowedIssuers = new[]\n {\n sa.Email,\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n vertexIndexEndpointDeployed,\n sa,\n },\n });\n\n // The sample data comes from the following link:\n // https://cloud.google.com/vertex-ai/docs/matching-engine/filtering#specify-namespaces-tokens\n var data = new Gcp.Storage.BucketObject(\"data\", new()\n {\n Name = \"contents/data.json\",\n Bucket = bucket.Name,\n Content = @\"{\"\"id\"\": \"\"42\"\", \"\"embedding\"\": [0.5, 1.0], \"\"restricts\"\": [{\"\"namespace\"\": \"\"class\"\", \"\"allow\"\": [\"\"cat\"\", \"\"pet\"\"]},{\"\"namespace\"\": \"\"category\"\", \"\"allow\"\": [\"\"feline\"\"]}]}\n{\"\"id\"\": \"\"43\"\", \"\"embedding\"\": [0.6, 1.0], \"\"restricts\"\": [{\"\"namespace\"\": \"\"class\"\", \"\"allow\"\": [\"\"dog\"\", \"\"pet\"\"]},{\"\"namespace\"\": \"\"category\"\", \"\"allow\"\": [\"\"canine\"\"]}]}\n\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vertex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"vertex-sa\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"bucket-name\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tindex, err := vertex.NewAiIndex(ctx, \"index\", \u0026vertex.AiIndexArgs{\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tDisplayName: pulumi.String(\"test-index\"),\n\t\t\tDescription: pulumi.String(\"index for test\"),\n\t\t\tMetadata: \u0026vertex.AiIndexMetadataArgs{\n\t\t\t\tContentsDeltaUri: bucket.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/contents\", name), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\tConfig: \u0026vertex.AiIndexMetadataConfigArgs{\n\t\t\t\t\tDimensions: pulumi.Int(2),\n\t\t\t\t\tApproximateNeighborsCount: pulumi.Int(150),\n\t\t\t\t\tShardSize: pulumi.String(\"SHARD_SIZE_SMALL\"),\n\t\t\t\t\tDistanceMeasureType: pulumi.String(\"DOT_PRODUCT_DISTANCE\"),\n\t\t\t\t\tAlgorithmConfig: \u0026vertex.AiIndexMetadataConfigAlgorithmConfigArgs{\n\t\t\t\t\t\tTreeAhConfig: \u0026vertex.AiIndexMetadataConfigAlgorithmConfigTreeAhConfigArgs{\n\t\t\t\t\t\t\tLeafNodeEmbeddingCount: pulumi.Int(500),\n\t\t\t\t\t\t\tLeafNodesToSearchPercent: pulumi.Int(7),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tIndexUpdateMethod: pulumi.String(\"BATCH_UPDATE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvertexNetwork, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"network-name\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvertexIndexEndpointDeployed, err := vertex.NewAiIndexEndpoint(ctx, \"vertex_index_endpoint_deployed\", \u0026vertex.AiIndexEndpointArgs{\n\t\t\tDisplayName: pulumi.String(\"sample-endpoint\"),\n\t\t\tDescription: pulumi.String(\"A sample vertex endpoint\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tNetwork: pulumi.Sprintf(\"projects/%v/global/networks/%v\", project.Number, vertexNetwork.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vertex.NewAiIndexEndpointDeployedIndex(ctx, \"basic_deployed_index\", \u0026vertex.AiIndexEndpointDeployedIndexArgs{\n\t\t\tIndexEndpoint: vertexIndexEndpointDeployed.ID(),\n\t\t\tIndex: index.ID(),\n\t\t\tDeployedIndexId: pulumi.String(\"deployed_index_id\"),\n\t\t\tReservedIpRanges: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"vertex-ai-range\"),\n\t\t\t},\n\t\t\tEnableAccessLogging: pulumi.Bool(false),\n\t\t\tDisplayName: pulumi.String(\"vertex-deployed-index\"),\n\t\t\tDeployedIndexAuthConfig: \u0026vertex.AiIndexEndpointDeployedIndexDeployedIndexAuthConfigArgs{\n\t\t\t\tAuthProvider: \u0026vertex.AiIndexEndpointDeployedIndexDeployedIndexAuthConfigAuthProviderArgs{\n\t\t\t\t\tAudiences: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"123456-my-app\"),\n\t\t\t\t\t},\n\t\t\t\t\tAllowedIssuers: pulumi.StringArray{\n\t\t\t\t\t\tsa.Email,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvertexIndexEndpointDeployed,\n\t\t\tsa,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// The sample data comes from the following link:\n\t\t// https://cloud.google.com/vertex-ai/docs/matching-engine/filtering#specify-namespaces-tokens\n\t\t_, err = storage.NewBucketObject(ctx, \"data\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"contents/data.json\"),\n\t\t\tBucket: bucket.Name,\n\t\t\tContent: pulumi.String(\"{\\\"id\\\": \\\"42\\\", \\\"embedding\\\": [0.5, 1.0], \\\"restricts\\\": [{\\\"namespace\\\": \\\"class\\\", \\\"allow\\\": [\\\"cat\\\", \\\"pet\\\"]},{\\\"namespace\\\": \\\"category\\\", \\\"allow\\\": [\\\"feline\\\"]}]}\\n{\\\"id\\\": \\\"43\\\", \\\"embedding\\\": [0.6, 1.0], \\\"restricts\\\": [{\\\"namespace\\\": \\\"class\\\", \\\"allow\\\": [\\\"dog\\\", \\\"pet\\\"]},{\\\"namespace\\\": \\\"category\\\", \\\"allow\\\": [\\\"canine\\\"]}]}\\n\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.vertex.AiIndex;\nimport com.pulumi.gcp.vertex.AiIndexArgs;\nimport com.pulumi.gcp.vertex.inputs.AiIndexMetadataArgs;\nimport com.pulumi.gcp.vertex.inputs.AiIndexMetadataConfigArgs;\nimport com.pulumi.gcp.vertex.inputs.AiIndexMetadataConfigAlgorithmConfigArgs;\nimport com.pulumi.gcp.vertex.inputs.AiIndexMetadataConfigAlgorithmConfigTreeAhConfigArgs;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.vertex.AiIndexEndpoint;\nimport com.pulumi.gcp.vertex.AiIndexEndpointArgs;\nimport com.pulumi.gcp.vertex.AiIndexEndpointDeployedIndex;\nimport com.pulumi.gcp.vertex.AiIndexEndpointDeployedIndexArgs;\nimport com.pulumi.gcp.vertex.inputs.AiIndexEndpointDeployedIndexDeployedIndexAuthConfigArgs;\nimport com.pulumi.gcp.vertex.inputs.AiIndexEndpointDeployedIndexDeployedIndexAuthConfigAuthProviderArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"vertex-sa\")\n .build());\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(\"bucket-name\")\n .location(\"us-central1\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var index = new AiIndex(\"index\", AiIndexArgs.builder()\n .labels(Map.of(\"foo\", \"bar\"))\n .region(\"us-central1\")\n .displayName(\"test-index\")\n .description(\"index for test\")\n .metadata(AiIndexMetadataArgs.builder()\n .contentsDeltaUri(bucket.name().applyValue(name -\u003e String.format(\"gs://%s/contents\", name)))\n .config(AiIndexMetadataConfigArgs.builder()\n .dimensions(2)\n .approximateNeighborsCount(150)\n .shardSize(\"SHARD_SIZE_SMALL\")\n .distanceMeasureType(\"DOT_PRODUCT_DISTANCE\")\n .algorithmConfig(AiIndexMetadataConfigAlgorithmConfigArgs.builder()\n .treeAhConfig(AiIndexMetadataConfigAlgorithmConfigTreeAhConfigArgs.builder()\n .leafNodeEmbeddingCount(500)\n .leafNodesToSearchPercent(7)\n .build())\n .build())\n .build())\n .build())\n .indexUpdateMethod(\"BATCH_UPDATE\")\n .build());\n\n final var vertexNetwork = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"network-name\")\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var vertexIndexEndpointDeployed = new AiIndexEndpoint(\"vertexIndexEndpointDeployed\", AiIndexEndpointArgs.builder()\n .displayName(\"sample-endpoint\")\n .description(\"A sample vertex endpoint\")\n .region(\"us-central1\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .network(String.format(\"projects/%s/global/networks/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number()),vertexNetwork.applyValue(getNetworkResult -\u003e getNetworkResult.name())))\n .build());\n\n var basicDeployedIndex = new AiIndexEndpointDeployedIndex(\"basicDeployedIndex\", AiIndexEndpointDeployedIndexArgs.builder()\n .indexEndpoint(vertexIndexEndpointDeployed.id())\n .index(index.id())\n .deployedIndexId(\"deployed_index_id\")\n .reservedIpRanges(\"vertex-ai-range\")\n .enableAccessLogging(false)\n .displayName(\"vertex-deployed-index\")\n .deployedIndexAuthConfig(AiIndexEndpointDeployedIndexDeployedIndexAuthConfigArgs.builder()\n .authProvider(AiIndexEndpointDeployedIndexDeployedIndexAuthConfigAuthProviderArgs.builder()\n .audiences(\"123456-my-app\")\n .allowedIssuers(sa.email())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n vertexIndexEndpointDeployed,\n sa)\n .build());\n\n // The sample data comes from the following link:\n // https://cloud.google.com/vertex-ai/docs/matching-engine/filtering#specify-namespaces-tokens\n var data = new BucketObject(\"data\", BucketObjectArgs.builder()\n .name(\"contents/data.json\")\n .bucket(bucket.name())\n .content(\"\"\"\n{\"id\": \"42\", \"embedding\": [0.5, 1.0], \"restricts\": [{\"namespace\": \"class\", \"allow\": [\"cat\", \"pet\"]},{\"namespace\": \"category\", \"allow\": [\"feline\"]}]}\n{\"id\": \"43\", \"embedding\": [0.6, 1.0], \"restricts\": [{\"namespace\": \"class\", \"allow\": [\"dog\", \"pet\"]},{\"namespace\": \"category\", \"allow\": [\"canine\"]}]}\n \"\"\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: vertex-sa\n basicDeployedIndex:\n type: gcp:vertex:AiIndexEndpointDeployedIndex\n name: basic_deployed_index\n properties:\n indexEndpoint: ${vertexIndexEndpointDeployed.id}\n index: ${index.id}\n deployedIndexId: deployed_index_id\n reservedIpRanges:\n - vertex-ai-range\n enableAccessLogging: false\n displayName: vertex-deployed-index\n deployedIndexAuthConfig:\n authProvider:\n audiences:\n - 123456-my-app\n allowedIssuers:\n - ${sa.email}\n options:\n dependsOn:\n - ${vertexIndexEndpointDeployed}\n - ${sa}\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: bucket-name\n location: us-central1\n uniformBucketLevelAccess: true\n # The sample data comes from the following link:\n # https://cloud.google.com/vertex-ai/docs/matching-engine/filtering#specify-namespaces-tokens\n data:\n type: gcp:storage:BucketObject\n properties:\n name: contents/data.json\n bucket: ${bucket.name}\n content: |\n {\"id\": \"42\", \"embedding\": [0.5, 1.0], \"restricts\": [{\"namespace\": \"class\", \"allow\": [\"cat\", \"pet\"]},{\"namespace\": \"category\", \"allow\": [\"feline\"]}]}\n {\"id\": \"43\", \"embedding\": [0.6, 1.0], \"restricts\": [{\"namespace\": \"class\", \"allow\": [\"dog\", \"pet\"]},{\"namespace\": \"category\", \"allow\": [\"canine\"]}]}\n index:\n type: gcp:vertex:AiIndex\n properties:\n labels:\n foo: bar\n region: us-central1\n displayName: test-index\n description: index for test\n metadata:\n contentsDeltaUri: gs://${bucket.name}/contents\n config:\n dimensions: 2\n approximateNeighborsCount: 150\n shardSize: SHARD_SIZE_SMALL\n distanceMeasureType: DOT_PRODUCT_DISTANCE\n algorithmConfig:\n treeAhConfig:\n leafNodeEmbeddingCount: 500\n leafNodesToSearchPercent: 7\n indexUpdateMethod: BATCH_UPDATE\n vertexIndexEndpointDeployed:\n type: gcp:vertex:AiIndexEndpoint\n name: vertex_index_endpoint_deployed\n properties:\n displayName: sample-endpoint\n description: A sample vertex endpoint\n region: us-central1\n labels:\n label-one: value-one\n network: projects/${project.number}/global/networks/${vertexNetwork.name}\nvariables:\n vertexNetwork:\n fn::invoke:\n function: gcp:compute:getNetwork\n arguments:\n name: network-name\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Vertex Ai Index Endpoint Deployed Index Basic Two\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {accountId: \"vertex-sa\"});\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: \"bucket-name\",\n location: \"us-central1\",\n uniformBucketLevelAccess: true,\n});\nconst index = new gcp.vertex.AiIndex(\"index\", {\n labels: {\n foo: \"bar\",\n },\n region: \"us-central1\",\n displayName: \"test-index\",\n description: \"index for test\",\n metadata: {\n contentsDeltaUri: pulumi.interpolate`gs://${bucket.name}/contents`,\n config: {\n dimensions: 2,\n approximateNeighborsCount: 150,\n shardSize: \"SHARD_SIZE_SMALL\",\n distanceMeasureType: \"DOT_PRODUCT_DISTANCE\",\n algorithmConfig: {\n treeAhConfig: {\n leafNodeEmbeddingCount: 500,\n leafNodesToSearchPercent: 7,\n },\n },\n },\n },\n indexUpdateMethod: \"BATCH_UPDATE\",\n});\nconst vertexNetwork = gcp.compute.getNetwork({\n name: \"network-name\",\n});\nconst project = gcp.organizations.getProject({});\nconst vertexIndexEndpointDeployed = new gcp.vertex.AiIndexEndpoint(\"vertex_index_endpoint_deployed\", {\n displayName: \"sample-endpoint\",\n description: \"A sample vertex endpoint\",\n region: \"us-central1\",\n labels: {\n \"label-one\": \"value-one\",\n },\n network: Promise.all([project, vertexNetwork]).then(([project, vertexNetwork]) =\u003e `projects/${project.number}/global/networks/${vertexNetwork.name}`),\n});\nconst basicDeployedIndex = new gcp.vertex.AiIndexEndpointDeployedIndex(\"basic_deployed_index\", {\n indexEndpoint: vertexIndexEndpointDeployed.id,\n index: index.id,\n deployedIndexId: \"deployed_index_id\",\n reservedIpRanges: [\"vertex-ai-range\"],\n enableAccessLogging: false,\n displayName: \"vertex-deployed-index\",\n deployedIndexAuthConfig: {\n authProvider: {\n audiences: [\"123456-my-app\"],\n allowedIssuers: [sa.email],\n },\n },\n automaticResources: {\n maxReplicaCount: 4,\n },\n}, {\n dependsOn: [\n vertexIndexEndpointDeployed,\n sa,\n ],\n});\n// The sample data comes from the following link:\n// https://cloud.google.com/vertex-ai/docs/matching-engine/filtering#specify-namespaces-tokens\nconst data = new gcp.storage.BucketObject(\"data\", {\n name: \"contents/data.json\",\n bucket: bucket.name,\n content: `{\"id\": \"42\", \"embedding\": [0.5, 1.0], \"restricts\": [{\"namespace\": \"class\", \"allow\": [\"cat\", \"pet\"]},{\"namespace\": \"category\", \"allow\": [\"feline\"]}]}\n{\"id\": \"43\", \"embedding\": [0.6, 1.0], \"restricts\": [{\"namespace\": \"class\", \"allow\": [\"dog\", \"pet\"]},{\"namespace\": \"category\", \"allow\": [\"canine\"]}]}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\", account_id=\"vertex-sa\")\nbucket = gcp.storage.Bucket(\"bucket\",\n name=\"bucket-name\",\n location=\"us-central1\",\n uniform_bucket_level_access=True)\nindex = gcp.vertex.AiIndex(\"index\",\n labels={\n \"foo\": \"bar\",\n },\n region=\"us-central1\",\n display_name=\"test-index\",\n description=\"index for test\",\n metadata={\n \"contents_delta_uri\": bucket.name.apply(lambda name: f\"gs://{name}/contents\"),\n \"config\": {\n \"dimensions\": 2,\n \"approximate_neighbors_count\": 150,\n \"shard_size\": \"SHARD_SIZE_SMALL\",\n \"distance_measure_type\": \"DOT_PRODUCT_DISTANCE\",\n \"algorithm_config\": {\n \"tree_ah_config\": {\n \"leaf_node_embedding_count\": 500,\n \"leaf_nodes_to_search_percent\": 7,\n },\n },\n },\n },\n index_update_method=\"BATCH_UPDATE\")\nvertex_network = gcp.compute.get_network(name=\"network-name\")\nproject = gcp.organizations.get_project()\nvertex_index_endpoint_deployed = gcp.vertex.AiIndexEndpoint(\"vertex_index_endpoint_deployed\",\n display_name=\"sample-endpoint\",\n description=\"A sample vertex endpoint\",\n region=\"us-central1\",\n labels={\n \"label-one\": \"value-one\",\n },\n network=f\"projects/{project.number}/global/networks/{vertex_network.name}\")\nbasic_deployed_index = gcp.vertex.AiIndexEndpointDeployedIndex(\"basic_deployed_index\",\n index_endpoint=vertex_index_endpoint_deployed.id,\n index=index.id,\n deployed_index_id=\"deployed_index_id\",\n reserved_ip_ranges=[\"vertex-ai-range\"],\n enable_access_logging=False,\n display_name=\"vertex-deployed-index\",\n deployed_index_auth_config={\n \"auth_provider\": {\n \"audiences\": [\"123456-my-app\"],\n \"allowed_issuers\": [sa.email],\n },\n },\n automatic_resources={\n \"max_replica_count\": 4,\n },\n opts = pulumi.ResourceOptions(depends_on=[\n vertex_index_endpoint_deployed,\n sa,\n ]))\n# The sample data comes from the following link:\n# https://cloud.google.com/vertex-ai/docs/matching-engine/filtering#specify-namespaces-tokens\ndata = gcp.storage.BucketObject(\"data\",\n name=\"contents/data.json\",\n bucket=bucket.name,\n content=\"\"\"{\"id\": \"42\", \"embedding\": [0.5, 1.0], \"restricts\": [{\"namespace\": \"class\", \"allow\": [\"cat\", \"pet\"]},{\"namespace\": \"category\", \"allow\": [\"feline\"]}]}\n{\"id\": \"43\", \"embedding\": [0.6, 1.0], \"restricts\": [{\"namespace\": \"class\", \"allow\": [\"dog\", \"pet\"]},{\"namespace\": \"category\", \"allow\": [\"canine\"]}]}\n\"\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"vertex-sa\",\n });\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = \"bucket-name\",\n Location = \"us-central1\",\n UniformBucketLevelAccess = true,\n });\n\n var index = new Gcp.Vertex.AiIndex(\"index\", new()\n {\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Region = \"us-central1\",\n DisplayName = \"test-index\",\n Description = \"index for test\",\n Metadata = new Gcp.Vertex.Inputs.AiIndexMetadataArgs\n {\n ContentsDeltaUri = bucket.Name.Apply(name =\u003e $\"gs://{name}/contents\"),\n Config = new Gcp.Vertex.Inputs.AiIndexMetadataConfigArgs\n {\n Dimensions = 2,\n ApproximateNeighborsCount = 150,\n ShardSize = \"SHARD_SIZE_SMALL\",\n DistanceMeasureType = \"DOT_PRODUCT_DISTANCE\",\n AlgorithmConfig = new Gcp.Vertex.Inputs.AiIndexMetadataConfigAlgorithmConfigArgs\n {\n TreeAhConfig = new Gcp.Vertex.Inputs.AiIndexMetadataConfigAlgorithmConfigTreeAhConfigArgs\n {\n LeafNodeEmbeddingCount = 500,\n LeafNodesToSearchPercent = 7,\n },\n },\n },\n },\n IndexUpdateMethod = \"BATCH_UPDATE\",\n });\n\n var vertexNetwork = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"network-name\",\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var vertexIndexEndpointDeployed = new Gcp.Vertex.AiIndexEndpoint(\"vertex_index_endpoint_deployed\", new()\n {\n DisplayName = \"sample-endpoint\",\n Description = \"A sample vertex endpoint\",\n Region = \"us-central1\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n Network = Output.Tuple(project, vertexNetwork).Apply(values =\u003e\n {\n var project = values.Item1;\n var vertexNetwork = values.Item2;\n return $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/global/networks/{vertexNetwork.Apply(getNetworkResult =\u003e getNetworkResult.Name)}\";\n }),\n });\n\n var basicDeployedIndex = new Gcp.Vertex.AiIndexEndpointDeployedIndex(\"basic_deployed_index\", new()\n {\n IndexEndpoint = vertexIndexEndpointDeployed.Id,\n Index = index.Id,\n DeployedIndexId = \"deployed_index_id\",\n ReservedIpRanges = new[]\n {\n \"vertex-ai-range\",\n },\n EnableAccessLogging = false,\n DisplayName = \"vertex-deployed-index\",\n DeployedIndexAuthConfig = new Gcp.Vertex.Inputs.AiIndexEndpointDeployedIndexDeployedIndexAuthConfigArgs\n {\n AuthProvider = new Gcp.Vertex.Inputs.AiIndexEndpointDeployedIndexDeployedIndexAuthConfigAuthProviderArgs\n {\n Audiences = new[]\n {\n \"123456-my-app\",\n },\n AllowedIssuers = new[]\n {\n sa.Email,\n },\n },\n },\n AutomaticResources = new Gcp.Vertex.Inputs.AiIndexEndpointDeployedIndexAutomaticResourcesArgs\n {\n MaxReplicaCount = 4,\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n vertexIndexEndpointDeployed,\n sa,\n },\n });\n\n // The sample data comes from the following link:\n // https://cloud.google.com/vertex-ai/docs/matching-engine/filtering#specify-namespaces-tokens\n var data = new Gcp.Storage.BucketObject(\"data\", new()\n {\n Name = \"contents/data.json\",\n Bucket = bucket.Name,\n Content = @\"{\"\"id\"\": \"\"42\"\", \"\"embedding\"\": [0.5, 1.0], \"\"restricts\"\": [{\"\"namespace\"\": \"\"class\"\", \"\"allow\"\": [\"\"cat\"\", \"\"pet\"\"]},{\"\"namespace\"\": \"\"category\"\", \"\"allow\"\": [\"\"feline\"\"]}]}\n{\"\"id\"\": \"\"43\"\", \"\"embedding\"\": [0.6, 1.0], \"\"restricts\"\": [{\"\"namespace\"\": \"\"class\"\", \"\"allow\"\": [\"\"dog\"\", \"\"pet\"\"]},{\"\"namespace\"\": \"\"category\"\", \"\"allow\"\": [\"\"canine\"\"]}]}\n\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vertex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"vertex-sa\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"bucket-name\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tindex, err := vertex.NewAiIndex(ctx, \"index\", \u0026vertex.AiIndexArgs{\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tDisplayName: pulumi.String(\"test-index\"),\n\t\t\tDescription: pulumi.String(\"index for test\"),\n\t\t\tMetadata: \u0026vertex.AiIndexMetadataArgs{\n\t\t\t\tContentsDeltaUri: bucket.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"gs://%v/contents\", name), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\tConfig: \u0026vertex.AiIndexMetadataConfigArgs{\n\t\t\t\t\tDimensions: pulumi.Int(2),\n\t\t\t\t\tApproximateNeighborsCount: pulumi.Int(150),\n\t\t\t\t\tShardSize: pulumi.String(\"SHARD_SIZE_SMALL\"),\n\t\t\t\t\tDistanceMeasureType: pulumi.String(\"DOT_PRODUCT_DISTANCE\"),\n\t\t\t\t\tAlgorithmConfig: \u0026vertex.AiIndexMetadataConfigAlgorithmConfigArgs{\n\t\t\t\t\t\tTreeAhConfig: \u0026vertex.AiIndexMetadataConfigAlgorithmConfigTreeAhConfigArgs{\n\t\t\t\t\t\t\tLeafNodeEmbeddingCount: pulumi.Int(500),\n\t\t\t\t\t\t\tLeafNodesToSearchPercent: pulumi.Int(7),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tIndexUpdateMethod: pulumi.String(\"BATCH_UPDATE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvertexNetwork, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"network-name\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvertexIndexEndpointDeployed, err := vertex.NewAiIndexEndpoint(ctx, \"vertex_index_endpoint_deployed\", \u0026vertex.AiIndexEndpointArgs{\n\t\t\tDisplayName: pulumi.String(\"sample-endpoint\"),\n\t\t\tDescription: pulumi.String(\"A sample vertex endpoint\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tNetwork: pulumi.Sprintf(\"projects/%v/global/networks/%v\", project.Number, vertexNetwork.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vertex.NewAiIndexEndpointDeployedIndex(ctx, \"basic_deployed_index\", \u0026vertex.AiIndexEndpointDeployedIndexArgs{\n\t\t\tIndexEndpoint: vertexIndexEndpointDeployed.ID(),\n\t\t\tIndex: index.ID(),\n\t\t\tDeployedIndexId: pulumi.String(\"deployed_index_id\"),\n\t\t\tReservedIpRanges: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"vertex-ai-range\"),\n\t\t\t},\n\t\t\tEnableAccessLogging: pulumi.Bool(false),\n\t\t\tDisplayName: pulumi.String(\"vertex-deployed-index\"),\n\t\t\tDeployedIndexAuthConfig: \u0026vertex.AiIndexEndpointDeployedIndexDeployedIndexAuthConfigArgs{\n\t\t\t\tAuthProvider: \u0026vertex.AiIndexEndpointDeployedIndexDeployedIndexAuthConfigAuthProviderArgs{\n\t\t\t\t\tAudiences: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"123456-my-app\"),\n\t\t\t\t\t},\n\t\t\t\t\tAllowedIssuers: pulumi.StringArray{\n\t\t\t\t\t\tsa.Email,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAutomaticResources: \u0026vertex.AiIndexEndpointDeployedIndexAutomaticResourcesArgs{\n\t\t\t\tMaxReplicaCount: pulumi.Int(4),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvertexIndexEndpointDeployed,\n\t\t\tsa,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// The sample data comes from the following link:\n\t\t// https://cloud.google.com/vertex-ai/docs/matching-engine/filtering#specify-namespaces-tokens\n\t\t_, err = storage.NewBucketObject(ctx, \"data\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"contents/data.json\"),\n\t\t\tBucket: bucket.Name,\n\t\t\tContent: pulumi.String(\"{\\\"id\\\": \\\"42\\\", \\\"embedding\\\": [0.5, 1.0], \\\"restricts\\\": [{\\\"namespace\\\": \\\"class\\\", \\\"allow\\\": [\\\"cat\\\", \\\"pet\\\"]},{\\\"namespace\\\": \\\"category\\\", \\\"allow\\\": [\\\"feline\\\"]}]}\\n{\\\"id\\\": \\\"43\\\", \\\"embedding\\\": [0.6, 1.0], \\\"restricts\\\": [{\\\"namespace\\\": \\\"class\\\", \\\"allow\\\": [\\\"dog\\\", \\\"pet\\\"]},{\\\"namespace\\\": \\\"category\\\", \\\"allow\\\": [\\\"canine\\\"]}]}\\n\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.vertex.AiIndex;\nimport com.pulumi.gcp.vertex.AiIndexArgs;\nimport com.pulumi.gcp.vertex.inputs.AiIndexMetadataArgs;\nimport com.pulumi.gcp.vertex.inputs.AiIndexMetadataConfigArgs;\nimport com.pulumi.gcp.vertex.inputs.AiIndexMetadataConfigAlgorithmConfigArgs;\nimport com.pulumi.gcp.vertex.inputs.AiIndexMetadataConfigAlgorithmConfigTreeAhConfigArgs;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.vertex.AiIndexEndpoint;\nimport com.pulumi.gcp.vertex.AiIndexEndpointArgs;\nimport com.pulumi.gcp.vertex.AiIndexEndpointDeployedIndex;\nimport com.pulumi.gcp.vertex.AiIndexEndpointDeployedIndexArgs;\nimport com.pulumi.gcp.vertex.inputs.AiIndexEndpointDeployedIndexDeployedIndexAuthConfigArgs;\nimport com.pulumi.gcp.vertex.inputs.AiIndexEndpointDeployedIndexDeployedIndexAuthConfigAuthProviderArgs;\nimport com.pulumi.gcp.vertex.inputs.AiIndexEndpointDeployedIndexAutomaticResourcesArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"vertex-sa\")\n .build());\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(\"bucket-name\")\n .location(\"us-central1\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var index = new AiIndex(\"index\", AiIndexArgs.builder()\n .labels(Map.of(\"foo\", \"bar\"))\n .region(\"us-central1\")\n .displayName(\"test-index\")\n .description(\"index for test\")\n .metadata(AiIndexMetadataArgs.builder()\n .contentsDeltaUri(bucket.name().applyValue(name -\u003e String.format(\"gs://%s/contents\", name)))\n .config(AiIndexMetadataConfigArgs.builder()\n .dimensions(2)\n .approximateNeighborsCount(150)\n .shardSize(\"SHARD_SIZE_SMALL\")\n .distanceMeasureType(\"DOT_PRODUCT_DISTANCE\")\n .algorithmConfig(AiIndexMetadataConfigAlgorithmConfigArgs.builder()\n .treeAhConfig(AiIndexMetadataConfigAlgorithmConfigTreeAhConfigArgs.builder()\n .leafNodeEmbeddingCount(500)\n .leafNodesToSearchPercent(7)\n .build())\n .build())\n .build())\n .build())\n .indexUpdateMethod(\"BATCH_UPDATE\")\n .build());\n\n final var vertexNetwork = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"network-name\")\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n var vertexIndexEndpointDeployed = new AiIndexEndpoint(\"vertexIndexEndpointDeployed\", AiIndexEndpointArgs.builder()\n .displayName(\"sample-endpoint\")\n .description(\"A sample vertex endpoint\")\n .region(\"us-central1\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .network(String.format(\"projects/%s/global/networks/%s\", project.applyValue(getProjectResult -\u003e getProjectResult.number()),vertexNetwork.applyValue(getNetworkResult -\u003e getNetworkResult.name())))\n .build());\n\n var basicDeployedIndex = new AiIndexEndpointDeployedIndex(\"basicDeployedIndex\", AiIndexEndpointDeployedIndexArgs.builder()\n .indexEndpoint(vertexIndexEndpointDeployed.id())\n .index(index.id())\n .deployedIndexId(\"deployed_index_id\")\n .reservedIpRanges(\"vertex-ai-range\")\n .enableAccessLogging(false)\n .displayName(\"vertex-deployed-index\")\n .deployedIndexAuthConfig(AiIndexEndpointDeployedIndexDeployedIndexAuthConfigArgs.builder()\n .authProvider(AiIndexEndpointDeployedIndexDeployedIndexAuthConfigAuthProviderArgs.builder()\n .audiences(\"123456-my-app\")\n .allowedIssuers(sa.email())\n .build())\n .build())\n .automaticResources(AiIndexEndpointDeployedIndexAutomaticResourcesArgs.builder()\n .maxReplicaCount(4)\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n vertexIndexEndpointDeployed,\n sa)\n .build());\n\n // The sample data comes from the following link:\n // https://cloud.google.com/vertex-ai/docs/matching-engine/filtering#specify-namespaces-tokens\n var data = new BucketObject(\"data\", BucketObjectArgs.builder()\n .name(\"contents/data.json\")\n .bucket(bucket.name())\n .content(\"\"\"\n{\"id\": \"42\", \"embedding\": [0.5, 1.0], \"restricts\": [{\"namespace\": \"class\", \"allow\": [\"cat\", \"pet\"]},{\"namespace\": \"category\", \"allow\": [\"feline\"]}]}\n{\"id\": \"43\", \"embedding\": [0.6, 1.0], \"restricts\": [{\"namespace\": \"class\", \"allow\": [\"dog\", \"pet\"]},{\"namespace\": \"category\", \"allow\": [\"canine\"]}]}\n \"\"\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: vertex-sa\n basicDeployedIndex:\n type: gcp:vertex:AiIndexEndpointDeployedIndex\n name: basic_deployed_index\n properties:\n indexEndpoint: ${vertexIndexEndpointDeployed.id}\n index: ${index.id}\n deployedIndexId: deployed_index_id\n reservedIpRanges:\n - vertex-ai-range\n enableAccessLogging: false\n displayName: vertex-deployed-index\n deployedIndexAuthConfig:\n authProvider:\n audiences:\n - 123456-my-app\n allowedIssuers:\n - ${sa.email}\n automaticResources:\n maxReplicaCount: 4\n options:\n dependsOn:\n - ${vertexIndexEndpointDeployed}\n - ${sa}\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: bucket-name\n location: us-central1\n uniformBucketLevelAccess: true\n # The sample data comes from the following link:\n # https://cloud.google.com/vertex-ai/docs/matching-engine/filtering#specify-namespaces-tokens\n data:\n type: gcp:storage:BucketObject\n properties:\n name: contents/data.json\n bucket: ${bucket.name}\n content: |\n {\"id\": \"42\", \"embedding\": [0.5, 1.0], \"restricts\": [{\"namespace\": \"class\", \"allow\": [\"cat\", \"pet\"]},{\"namespace\": \"category\", \"allow\": [\"feline\"]}]}\n {\"id\": \"43\", \"embedding\": [0.6, 1.0], \"restricts\": [{\"namespace\": \"class\", \"allow\": [\"dog\", \"pet\"]},{\"namespace\": \"category\", \"allow\": [\"canine\"]}]}\n index:\n type: gcp:vertex:AiIndex\n properties:\n labels:\n foo: bar\n region: us-central1\n displayName: test-index\n description: index for test\n metadata:\n contentsDeltaUri: gs://${bucket.name}/contents\n config:\n dimensions: 2\n approximateNeighborsCount: 150\n shardSize: SHARD_SIZE_SMALL\n distanceMeasureType: DOT_PRODUCT_DISTANCE\n algorithmConfig:\n treeAhConfig:\n leafNodeEmbeddingCount: 500\n leafNodesToSearchPercent: 7\n indexUpdateMethod: BATCH_UPDATE\n vertexIndexEndpointDeployed:\n type: gcp:vertex:AiIndexEndpoint\n name: vertex_index_endpoint_deployed\n properties:\n displayName: sample-endpoint\n description: A sample vertex endpoint\n region: us-central1\n labels:\n label-one: value-one\n network: projects/${project.number}/global/networks/${vertexNetwork.name}\nvariables:\n vertexNetwork:\n fn::invoke:\n function: gcp:compute:getNetwork\n arguments:\n name: network-name\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nIndexEndpointDeployedIndex can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/indexEndpoints/{{index_endpoint}}/deployedIndex/{{deployed_index_id}}`\n\n* `{{project}}/{{region}}/{{index_endpoint}}/{{deployed_index_id}}`\n\n* `{{region}}/{{index_endpoint}}/{{deployed_index_id}}`\n\n* `{{index_endpoint}}/{{deployed_index_id}}`\n\nWhen using the `pulumi import` command, IndexEndpointDeployedIndex can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:vertex/aiIndexEndpointDeployedIndex:AiIndexEndpointDeployedIndex default projects/{{project}}/locations/{{region}}/indexEndpoints/{{index_endpoint}}/deployedIndex/{{deployed_index_id}}\n```\n\n```sh\n$ pulumi import gcp:vertex/aiIndexEndpointDeployedIndex:AiIndexEndpointDeployedIndex default {{project}}/{{region}}/{{index_endpoint}}/{{deployed_index_id}}\n```\n\n```sh\n$ pulumi import gcp:vertex/aiIndexEndpointDeployedIndex:AiIndexEndpointDeployedIndex default {{region}}/{{index_endpoint}}/{{deployed_index_id}}\n```\n\n```sh\n$ pulumi import gcp:vertex/aiIndexEndpointDeployedIndex:AiIndexEndpointDeployedIndex default {{index_endpoint}}/{{deployed_index_id}}\n```\n\n", "properties": { "automaticResources": { "$ref": "#/types/gcp:vertex/AiIndexEndpointDeployedIndexAutomaticResources:AiIndexEndpointDeployedIndexAutomaticResources", @@ -275079,7 +275079,7 @@ } }, "gcp:vertex/aiTensorboard:AiTensorboard": { - "description": "Tensorboard is a physical database that stores users' training metrics. A default Tensorboard is provided in each region of a GCP project. If needed users can also create extra Tensorboards in their projects.\n\n\nTo get more information about Tensorboard, see:\n\n* [API documentation](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.tensorboards)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/vertex-ai/docs)\n\n## Example Usage\n\n### Vertex Ai Tensorboard\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst tensorboard = new gcp.vertex.AiTensorboard(\"tensorboard\", {\n displayName: \"terraform\",\n description: \"sample description\",\n labels: {\n key1: \"value1\",\n key2: \"value2\",\n },\n region: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntensorboard = gcp.vertex.AiTensorboard(\"tensorboard\",\n display_name=\"terraform\",\n description=\"sample description\",\n labels={\n \"key1\": \"value1\",\n \"key2\": \"value2\",\n },\n region=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var tensorboard = new Gcp.Vertex.AiTensorboard(\"tensorboard\", new()\n {\n DisplayName = \"terraform\",\n Description = \"sample description\",\n Labels = \n {\n { \"key1\", \"value1\" },\n { \"key2\", \"value2\" },\n },\n Region = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vertex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vertex.NewAiTensorboard(ctx, \"tensorboard\", \u0026vertex.AiTensorboardArgs{\n\t\t\tDisplayName: pulumi.String(\"terraform\"),\n\t\t\tDescription: pulumi.String(\"sample description\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"key1\": pulumi.String(\"value1\"),\n\t\t\t\t\"key2\": pulumi.String(\"value2\"),\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vertex.AiTensorboard;\nimport com.pulumi.gcp.vertex.AiTensorboardArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var tensorboard = new AiTensorboard(\"tensorboard\", AiTensorboardArgs.builder()\n .displayName(\"terraform\")\n .description(\"sample description\")\n .labels(Map.ofEntries(\n Map.entry(\"key1\", \"value1\"),\n Map.entry(\"key2\", \"value2\")\n ))\n .region(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tensorboard:\n type: gcp:vertex:AiTensorboard\n properties:\n displayName: terraform\n description: sample description\n labels:\n key1: value1\n key2: value2\n region: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Vertex Ai Tensorboard Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst cryptoKey = new gcp.kms.CryptoKeyIAMMember(\"crypto_key\", {\n cryptoKeyId: \"kms-name\",\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-aiplatform.iam.gserviceaccount.com`),\n});\nconst tensorboard = new gcp.vertex.AiTensorboard(\"tensorboard\", {\n displayName: \"terraform\",\n description: \"sample description\",\n labels: {\n key1: \"value1\",\n key2: \"value2\",\n },\n region: \"us-central1\",\n encryptionSpec: {\n kmsKeyName: \"kms-name\",\n },\n}, {\n dependsOn: [cryptoKey],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ncrypto_key = gcp.kms.CryptoKeyIAMMember(\"crypto_key\",\n crypto_key_id=\"kms-name\",\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-aiplatform.iam.gserviceaccount.com\")\ntensorboard = gcp.vertex.AiTensorboard(\"tensorboard\",\n display_name=\"terraform\",\n description=\"sample description\",\n labels={\n \"key1\": \"value1\",\n \"key2\": \"value2\",\n },\n region=\"us-central1\",\n encryption_spec={\n \"kms_key_name\": \"kms-name\",\n },\n opts = pulumi.ResourceOptions(depends_on=[crypto_key]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key\", new()\n {\n CryptoKeyId = \"kms-name\",\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-aiplatform.iam.gserviceaccount.com\",\n });\n\n var tensorboard = new Gcp.Vertex.AiTensorboard(\"tensorboard\", new()\n {\n DisplayName = \"terraform\",\n Description = \"sample description\",\n Labels = \n {\n { \"key1\", \"value1\" },\n { \"key2\", \"value2\" },\n },\n Region = \"us-central1\",\n EncryptionSpec = new Gcp.Vertex.Inputs.AiTensorboardEncryptionSpecArgs\n {\n KmsKeyName = \"kms-name\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n cryptoKey,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vertex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKeyIAMMember(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.String(\"kms-name\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-aiplatform.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vertex.NewAiTensorboard(ctx, \"tensorboard\", \u0026vertex.AiTensorboardArgs{\n\t\t\tDisplayName: pulumi.String(\"terraform\"),\n\t\t\tDescription: pulumi.String(\"sample description\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"key1\": pulumi.String(\"value1\"),\n\t\t\t\t\"key2\": pulumi.String(\"value2\"),\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tEncryptionSpec: \u0026vertex.AiTensorboardEncryptionSpecArgs{\n\t\t\t\tKmsKeyName: pulumi.String(\"kms-name\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcryptoKey,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.vertex.AiTensorboard;\nimport com.pulumi.gcp.vertex.AiTensorboardArgs;\nimport com.pulumi.gcp.vertex.inputs.AiTensorboardEncryptionSpecArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var cryptoKey = new CryptoKeyIAMMember(\"cryptoKey\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(\"kms-name\")\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-aiplatform.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var tensorboard = new AiTensorboard(\"tensorboard\", AiTensorboardArgs.builder()\n .displayName(\"terraform\")\n .description(\"sample description\")\n .labels(Map.ofEntries(\n Map.entry(\"key1\", \"value1\"),\n Map.entry(\"key2\", \"value2\")\n ))\n .region(\"us-central1\")\n .encryptionSpec(AiTensorboardEncryptionSpecArgs.builder()\n .kmsKeyName(\"kms-name\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(cryptoKey)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tensorboard:\n type: gcp:vertex:AiTensorboard\n properties:\n displayName: terraform\n description: sample description\n labels:\n key1: value1\n key2: value2\n region: us-central1\n encryptionSpec:\n kmsKeyName: kms-name\n options:\n dependson:\n - ${cryptoKey}\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key\n properties:\n cryptoKeyId: kms-name\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:service-${project.number}@gcp-sa-aiplatform.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nTensorboard can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/tensorboards/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Tensorboard can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:vertex/aiTensorboard:AiTensorboard default projects/{{project}}/locations/{{region}}/tensorboards/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vertex/aiTensorboard:AiTensorboard default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vertex/aiTensorboard:AiTensorboard default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vertex/aiTensorboard:AiTensorboard default {{name}}\n```\n\n", + "description": "Tensorboard is a physical database that stores users' training metrics. A default Tensorboard is provided in each region of a GCP project. If needed users can also create extra Tensorboards in their projects.\n\n\nTo get more information about Tensorboard, see:\n\n* [API documentation](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.tensorboards)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/vertex-ai/docs)\n\n## Example Usage\n\n### Vertex Ai Tensorboard\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst tensorboard = new gcp.vertex.AiTensorboard(\"tensorboard\", {\n displayName: \"terraform\",\n description: \"sample description\",\n labels: {\n key1: \"value1\",\n key2: \"value2\",\n },\n region: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntensorboard = gcp.vertex.AiTensorboard(\"tensorboard\",\n display_name=\"terraform\",\n description=\"sample description\",\n labels={\n \"key1\": \"value1\",\n \"key2\": \"value2\",\n },\n region=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var tensorboard = new Gcp.Vertex.AiTensorboard(\"tensorboard\", new()\n {\n DisplayName = \"terraform\",\n Description = \"sample description\",\n Labels = \n {\n { \"key1\", \"value1\" },\n { \"key2\", \"value2\" },\n },\n Region = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vertex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vertex.NewAiTensorboard(ctx, \"tensorboard\", \u0026vertex.AiTensorboardArgs{\n\t\t\tDisplayName: pulumi.String(\"terraform\"),\n\t\t\tDescription: pulumi.String(\"sample description\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"key1\": pulumi.String(\"value1\"),\n\t\t\t\t\"key2\": pulumi.String(\"value2\"),\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vertex.AiTensorboard;\nimport com.pulumi.gcp.vertex.AiTensorboardArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var tensorboard = new AiTensorboard(\"tensorboard\", AiTensorboardArgs.builder()\n .displayName(\"terraform\")\n .description(\"sample description\")\n .labels(Map.ofEntries(\n Map.entry(\"key1\", \"value1\"),\n Map.entry(\"key2\", \"value2\")\n ))\n .region(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tensorboard:\n type: gcp:vertex:AiTensorboard\n properties:\n displayName: terraform\n description: sample description\n labels:\n key1: value1\n key2: value2\n region: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Vertex Ai Tensorboard Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst cryptoKey = new gcp.kms.CryptoKeyIAMMember(\"crypto_key\", {\n cryptoKeyId: \"kms-name\",\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-aiplatform.iam.gserviceaccount.com`),\n});\nconst tensorboard = new gcp.vertex.AiTensorboard(\"tensorboard\", {\n displayName: \"terraform\",\n description: \"sample description\",\n labels: {\n key1: \"value1\",\n key2: \"value2\",\n },\n region: \"us-central1\",\n encryptionSpec: {\n kmsKeyName: \"kms-name\",\n },\n}, {\n dependsOn: [cryptoKey],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ncrypto_key = gcp.kms.CryptoKeyIAMMember(\"crypto_key\",\n crypto_key_id=\"kms-name\",\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-aiplatform.iam.gserviceaccount.com\")\ntensorboard = gcp.vertex.AiTensorboard(\"tensorboard\",\n display_name=\"terraform\",\n description=\"sample description\",\n labels={\n \"key1\": \"value1\",\n \"key2\": \"value2\",\n },\n region=\"us-central1\",\n encryption_spec={\n \"kms_key_name\": \"kms-name\",\n },\n opts = pulumi.ResourceOptions(depends_on=[crypto_key]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key\", new()\n {\n CryptoKeyId = \"kms-name\",\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-aiplatform.iam.gserviceaccount.com\",\n });\n\n var tensorboard = new Gcp.Vertex.AiTensorboard(\"tensorboard\", new()\n {\n DisplayName = \"terraform\",\n Description = \"sample description\",\n Labels = \n {\n { \"key1\", \"value1\" },\n { \"key2\", \"value2\" },\n },\n Region = \"us-central1\",\n EncryptionSpec = new Gcp.Vertex.Inputs.AiTensorboardEncryptionSpecArgs\n {\n KmsKeyName = \"kms-name\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n cryptoKey,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vertex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKeyIAMMember(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.String(\"kms-name\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-aiplatform.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vertex.NewAiTensorboard(ctx, \"tensorboard\", \u0026vertex.AiTensorboardArgs{\n\t\t\tDisplayName: pulumi.String(\"terraform\"),\n\t\t\tDescription: pulumi.String(\"sample description\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"key1\": pulumi.String(\"value1\"),\n\t\t\t\t\"key2\": pulumi.String(\"value2\"),\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tEncryptionSpec: \u0026vertex.AiTensorboardEncryptionSpecArgs{\n\t\t\t\tKmsKeyName: pulumi.String(\"kms-name\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcryptoKey,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.vertex.AiTensorboard;\nimport com.pulumi.gcp.vertex.AiTensorboardArgs;\nimport com.pulumi.gcp.vertex.inputs.AiTensorboardEncryptionSpecArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var cryptoKey = new CryptoKeyIAMMember(\"cryptoKey\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(\"kms-name\")\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-aiplatform.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var tensorboard = new AiTensorboard(\"tensorboard\", AiTensorboardArgs.builder()\n .displayName(\"terraform\")\n .description(\"sample description\")\n .labels(Map.ofEntries(\n Map.entry(\"key1\", \"value1\"),\n Map.entry(\"key2\", \"value2\")\n ))\n .region(\"us-central1\")\n .encryptionSpec(AiTensorboardEncryptionSpecArgs.builder()\n .kmsKeyName(\"kms-name\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(cryptoKey)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tensorboard:\n type: gcp:vertex:AiTensorboard\n properties:\n displayName: terraform\n description: sample description\n labels:\n key1: value1\n key2: value2\n region: us-central1\n encryptionSpec:\n kmsKeyName: kms-name\n options:\n dependsOn:\n - ${cryptoKey}\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key\n properties:\n cryptoKeyId: kms-name\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:service-${project.number}@gcp-sa-aiplatform.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nTensorboard can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/tensorboards/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Tensorboard can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:vertex/aiTensorboard:AiTensorboard default projects/{{project}}/locations/{{region}}/tensorboards/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vertex/aiTensorboard:AiTensorboard default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vertex/aiTensorboard:AiTensorboard default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vertex/aiTensorboard:AiTensorboard default {{name}}\n```\n\n", "properties": { "blobStoragePathPrefix": { "type": "string", @@ -275604,7 +275604,7 @@ } }, "gcp:vmwareengine/externalAddress:ExternalAddress": { - "description": "An allocated external IP address and its corresponding internal IP address in a private cloud.\n\n\nTo get more information about ExternalAddress, see:\n\n* [API documentation](https://cloud.google.com/vmware-engine/docs/reference/rest/v1/projects.locations.privateClouds.externalAddresses)\n\n## Example Usage\n\n### Vmware Engine External Address Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst external_address_nw = new gcp.vmwareengine.Network(\"external-address-nw\", {\n name: \"pc-nw\",\n location: \"global\",\n type: \"STANDARD\",\n description: \"PC network description.\",\n});\nconst external_address_pc = new gcp.vmwareengine.PrivateCloud(\"external-address-pc\", {\n location: \"-a\",\n name: \"sample-pc\",\n description: \"Sample test PC.\",\n networkConfig: {\n managementCidr: \"192.168.50.0/24\",\n vmwareEngineNetwork: external_address_nw.id,\n },\n managementCluster: {\n clusterId: \"sample-mgmt-cluster\",\n nodeTypeConfigs: [{\n nodeTypeId: \"standard-72\",\n nodeCount: 3,\n }],\n },\n});\nconst external_address_np = new gcp.vmwareengine.NetworkPolicy(\"external-address-np\", {\n location: \"\",\n name: \"sample-np\",\n edgeServicesCidr: \"192.168.30.0/26\",\n vmwareEngineNetwork: external_address_nw.id,\n});\nconst vmw_engine_external_address = new gcp.vmwareengine.ExternalAddress(\"vmw-engine-external-address\", {\n name: \"sample-external-address\",\n parent: external_address_pc.id,\n internalIp: \"192.168.0.66\",\n description: \"Sample description.\",\n}, {\n dependsOn: [external_address_np],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexternal_address_nw = gcp.vmwareengine.Network(\"external-address-nw\",\n name=\"pc-nw\",\n location=\"global\",\n type=\"STANDARD\",\n description=\"PC network description.\")\nexternal_address_pc = gcp.vmwareengine.PrivateCloud(\"external-address-pc\",\n location=\"-a\",\n name=\"sample-pc\",\n description=\"Sample test PC.\",\n network_config={\n \"management_cidr\": \"192.168.50.0/24\",\n \"vmware_engine_network\": external_address_nw.id,\n },\n management_cluster={\n \"cluster_id\": \"sample-mgmt-cluster\",\n \"node_type_configs\": [{\n \"node_type_id\": \"standard-72\",\n \"node_count\": 3,\n }],\n })\nexternal_address_np = gcp.vmwareengine.NetworkPolicy(\"external-address-np\",\n location=\"\",\n name=\"sample-np\",\n edge_services_cidr=\"192.168.30.0/26\",\n vmware_engine_network=external_address_nw.id)\nvmw_engine_external_address = gcp.vmwareengine.ExternalAddress(\"vmw-engine-external-address\",\n name=\"sample-external-address\",\n parent=external_address_pc.id,\n internal_ip=\"192.168.0.66\",\n description=\"Sample description.\",\n opts = pulumi.ResourceOptions(depends_on=[external_address_np]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var external_address_nw = new Gcp.VMwareEngine.Network(\"external-address-nw\", new()\n {\n Name = \"pc-nw\",\n Location = \"global\",\n Type = \"STANDARD\",\n Description = \"PC network description.\",\n });\n\n var external_address_pc = new Gcp.VMwareEngine.PrivateCloud(\"external-address-pc\", new()\n {\n Location = \"-a\",\n Name = \"sample-pc\",\n Description = \"Sample test PC.\",\n NetworkConfig = new Gcp.VMwareEngine.Inputs.PrivateCloudNetworkConfigArgs\n {\n ManagementCidr = \"192.168.50.0/24\",\n VmwareEngineNetwork = external_address_nw.Id,\n },\n ManagementCluster = new Gcp.VMwareEngine.Inputs.PrivateCloudManagementClusterArgs\n {\n ClusterId = \"sample-mgmt-cluster\",\n NodeTypeConfigs = new[]\n {\n new Gcp.VMwareEngine.Inputs.PrivateCloudManagementClusterNodeTypeConfigArgs\n {\n NodeTypeId = \"standard-72\",\n NodeCount = 3,\n },\n },\n },\n });\n\n var external_address_np = new Gcp.VMwareEngine.NetworkPolicy(\"external-address-np\", new()\n {\n Location = \"\",\n Name = \"sample-np\",\n EdgeServicesCidr = \"192.168.30.0/26\",\n VmwareEngineNetwork = external_address_nw.Id,\n });\n\n var vmw_engine_external_address = new Gcp.VMwareEngine.ExternalAddress(\"vmw-engine-external-address\", new()\n {\n Name = \"sample-external-address\",\n Parent = external_address_pc.Id,\n InternalIp = \"192.168.0.66\",\n Description = \"Sample description.\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n external_address_np,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vmwareengine\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vmwareengine.NewNetwork(ctx, \"external-address-nw\", \u0026vmwareengine.NetworkArgs{\n\t\t\tName: pulumi.String(\"pc-nw\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tType: pulumi.String(\"STANDARD\"),\n\t\t\tDescription: pulumi.String(\"PC network description.\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vmwareengine.NewPrivateCloud(ctx, \"external-address-pc\", \u0026vmwareengine.PrivateCloudArgs{\n\t\t\tLocation: pulumi.String(\"-a\"),\n\t\t\tName: pulumi.String(\"sample-pc\"),\n\t\t\tDescription: pulumi.String(\"Sample test PC.\"),\n\t\t\tNetworkConfig: \u0026vmwareengine.PrivateCloudNetworkConfigArgs{\n\t\t\t\tManagementCidr: pulumi.String(\"192.168.50.0/24\"),\n\t\t\t\tVmwareEngineNetwork: external_address_nw.ID(),\n\t\t\t},\n\t\t\tManagementCluster: \u0026vmwareengine.PrivateCloudManagementClusterArgs{\n\t\t\t\tClusterId: pulumi.String(\"sample-mgmt-cluster\"),\n\t\t\t\tNodeTypeConfigs: vmwareengine.PrivateCloudManagementClusterNodeTypeConfigArray{\n\t\t\t\t\t\u0026vmwareengine.PrivateCloudManagementClusterNodeTypeConfigArgs{\n\t\t\t\t\t\tNodeTypeId: pulumi.String(\"standard-72\"),\n\t\t\t\t\t\tNodeCount: pulumi.Int(3),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vmwareengine.NewNetworkPolicy(ctx, \"external-address-np\", \u0026vmwareengine.NetworkPolicyArgs{\n\t\t\tLocation: pulumi.String(\"\"),\n\t\t\tName: pulumi.String(\"sample-np\"),\n\t\t\tEdgeServicesCidr: pulumi.String(\"192.168.30.0/26\"),\n\t\t\tVmwareEngineNetwork: external_address_nw.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vmwareengine.NewExternalAddress(ctx, \"vmw-engine-external-address\", \u0026vmwareengine.ExternalAddressArgs{\n\t\t\tName: pulumi.String(\"sample-external-address\"),\n\t\t\tParent: external_address_pc.ID(),\n\t\t\tInternalIp: pulumi.String(\"192.168.0.66\"),\n\t\t\tDescription: pulumi.String(\"Sample description.\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texternal_address_np,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vmwareengine.Network;\nimport com.pulumi.gcp.vmwareengine.NetworkArgs;\nimport com.pulumi.gcp.vmwareengine.PrivateCloud;\nimport com.pulumi.gcp.vmwareengine.PrivateCloudArgs;\nimport com.pulumi.gcp.vmwareengine.inputs.PrivateCloudNetworkConfigArgs;\nimport com.pulumi.gcp.vmwareengine.inputs.PrivateCloudManagementClusterArgs;\nimport com.pulumi.gcp.vmwareengine.NetworkPolicy;\nimport com.pulumi.gcp.vmwareengine.NetworkPolicyArgs;\nimport com.pulumi.gcp.vmwareengine.ExternalAddress;\nimport com.pulumi.gcp.vmwareengine.ExternalAddressArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var external_address_nw = new Network(\"external-address-nw\", NetworkArgs.builder()\n .name(\"pc-nw\")\n .location(\"global\")\n .type(\"STANDARD\")\n .description(\"PC network description.\")\n .build());\n\n var external_address_pc = new PrivateCloud(\"external-address-pc\", PrivateCloudArgs.builder()\n .location(\"-a\")\n .name(\"sample-pc\")\n .description(\"Sample test PC.\")\n .networkConfig(PrivateCloudNetworkConfigArgs.builder()\n .managementCidr(\"192.168.50.0/24\")\n .vmwareEngineNetwork(external_address_nw.id())\n .build())\n .managementCluster(PrivateCloudManagementClusterArgs.builder()\n .clusterId(\"sample-mgmt-cluster\")\n .nodeTypeConfigs(PrivateCloudManagementClusterNodeTypeConfigArgs.builder()\n .nodeTypeId(\"standard-72\")\n .nodeCount(3)\n .build())\n .build())\n .build());\n\n var external_address_np = new NetworkPolicy(\"external-address-np\", NetworkPolicyArgs.builder()\n .location(\"\")\n .name(\"sample-np\")\n .edgeServicesCidr(\"192.168.30.0/26\")\n .vmwareEngineNetwork(external_address_nw.id())\n .build());\n\n var vmw_engine_external_address = new ExternalAddress(\"vmw-engine-external-address\", ExternalAddressArgs.builder()\n .name(\"sample-external-address\")\n .parent(external_address_pc.id())\n .internalIp(\"192.168.0.66\")\n .description(\"Sample description.\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(external_address_np)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n external-address-nw:\n type: gcp:vmwareengine:Network\n properties:\n name: pc-nw\n location: global\n type: STANDARD\n description: PC network description.\n external-address-pc:\n type: gcp:vmwareengine:PrivateCloud\n properties:\n location: -a\n name: sample-pc\n description: Sample test PC.\n networkConfig:\n managementCidr: 192.168.50.0/24\n vmwareEngineNetwork: ${[\"external-address-nw\"].id}\n managementCluster:\n clusterId: sample-mgmt-cluster\n nodeTypeConfigs:\n - nodeTypeId: standard-72\n nodeCount: 3\n external-address-np:\n type: gcp:vmwareengine:NetworkPolicy\n properties:\n location:\n name: sample-np\n edgeServicesCidr: 192.168.30.0/26\n vmwareEngineNetwork: ${[\"external-address-nw\"].id}\n vmw-engine-external-address:\n type: gcp:vmwareengine:ExternalAddress\n properties:\n name: sample-external-address\n parent: ${[\"external-address-pc\"].id}\n internalIp: 192.168.0.66\n description: Sample description.\n options:\n dependson:\n - ${[\"external-address-np\"]}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nExternalAddress can be imported using any of these accepted formats:\n\n* `{{parent}}/externalAddresses/{{name}}`\n\nWhen using the `pulumi import` command, ExternalAddress can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:vmwareengine/externalAddress:ExternalAddress default {{parent}}/externalAddresses/{{name}}\n```\n\n", + "description": "An allocated external IP address and its corresponding internal IP address in a private cloud.\n\n\nTo get more information about ExternalAddress, see:\n\n* [API documentation](https://cloud.google.com/vmware-engine/docs/reference/rest/v1/projects.locations.privateClouds.externalAddresses)\n\n## Example Usage\n\n### Vmware Engine External Address Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst external_address_nw = new gcp.vmwareengine.Network(\"external-address-nw\", {\n name: \"pc-nw\",\n location: \"global\",\n type: \"STANDARD\",\n description: \"PC network description.\",\n});\nconst external_address_pc = new gcp.vmwareengine.PrivateCloud(\"external-address-pc\", {\n location: \"-a\",\n name: \"sample-pc\",\n description: \"Sample test PC.\",\n networkConfig: {\n managementCidr: \"192.168.50.0/24\",\n vmwareEngineNetwork: external_address_nw.id,\n },\n managementCluster: {\n clusterId: \"sample-mgmt-cluster\",\n nodeTypeConfigs: [{\n nodeTypeId: \"standard-72\",\n nodeCount: 3,\n }],\n },\n});\nconst external_address_np = new gcp.vmwareengine.NetworkPolicy(\"external-address-np\", {\n location: \"\",\n name: \"sample-np\",\n edgeServicesCidr: \"192.168.30.0/26\",\n vmwareEngineNetwork: external_address_nw.id,\n});\nconst vmw_engine_external_address = new gcp.vmwareengine.ExternalAddress(\"vmw-engine-external-address\", {\n name: \"sample-external-address\",\n parent: external_address_pc.id,\n internalIp: \"192.168.0.66\",\n description: \"Sample description.\",\n}, {\n dependsOn: [external_address_np],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexternal_address_nw = gcp.vmwareengine.Network(\"external-address-nw\",\n name=\"pc-nw\",\n location=\"global\",\n type=\"STANDARD\",\n description=\"PC network description.\")\nexternal_address_pc = gcp.vmwareengine.PrivateCloud(\"external-address-pc\",\n location=\"-a\",\n name=\"sample-pc\",\n description=\"Sample test PC.\",\n network_config={\n \"management_cidr\": \"192.168.50.0/24\",\n \"vmware_engine_network\": external_address_nw.id,\n },\n management_cluster={\n \"cluster_id\": \"sample-mgmt-cluster\",\n \"node_type_configs\": [{\n \"node_type_id\": \"standard-72\",\n \"node_count\": 3,\n }],\n })\nexternal_address_np = gcp.vmwareengine.NetworkPolicy(\"external-address-np\",\n location=\"\",\n name=\"sample-np\",\n edge_services_cidr=\"192.168.30.0/26\",\n vmware_engine_network=external_address_nw.id)\nvmw_engine_external_address = gcp.vmwareengine.ExternalAddress(\"vmw-engine-external-address\",\n name=\"sample-external-address\",\n parent=external_address_pc.id,\n internal_ip=\"192.168.0.66\",\n description=\"Sample description.\",\n opts = pulumi.ResourceOptions(depends_on=[external_address_np]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var external_address_nw = new Gcp.VMwareEngine.Network(\"external-address-nw\", new()\n {\n Name = \"pc-nw\",\n Location = \"global\",\n Type = \"STANDARD\",\n Description = \"PC network description.\",\n });\n\n var external_address_pc = new Gcp.VMwareEngine.PrivateCloud(\"external-address-pc\", new()\n {\n Location = \"-a\",\n Name = \"sample-pc\",\n Description = \"Sample test PC.\",\n NetworkConfig = new Gcp.VMwareEngine.Inputs.PrivateCloudNetworkConfigArgs\n {\n ManagementCidr = \"192.168.50.0/24\",\n VmwareEngineNetwork = external_address_nw.Id,\n },\n ManagementCluster = new Gcp.VMwareEngine.Inputs.PrivateCloudManagementClusterArgs\n {\n ClusterId = \"sample-mgmt-cluster\",\n NodeTypeConfigs = new[]\n {\n new Gcp.VMwareEngine.Inputs.PrivateCloudManagementClusterNodeTypeConfigArgs\n {\n NodeTypeId = \"standard-72\",\n NodeCount = 3,\n },\n },\n },\n });\n\n var external_address_np = new Gcp.VMwareEngine.NetworkPolicy(\"external-address-np\", new()\n {\n Location = \"\",\n Name = \"sample-np\",\n EdgeServicesCidr = \"192.168.30.0/26\",\n VmwareEngineNetwork = external_address_nw.Id,\n });\n\n var vmw_engine_external_address = new Gcp.VMwareEngine.ExternalAddress(\"vmw-engine-external-address\", new()\n {\n Name = \"sample-external-address\",\n Parent = external_address_pc.Id,\n InternalIp = \"192.168.0.66\",\n Description = \"Sample description.\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n external_address_np,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vmwareengine\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vmwareengine.NewNetwork(ctx, \"external-address-nw\", \u0026vmwareengine.NetworkArgs{\n\t\t\tName: pulumi.String(\"pc-nw\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tType: pulumi.String(\"STANDARD\"),\n\t\t\tDescription: pulumi.String(\"PC network description.\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vmwareengine.NewPrivateCloud(ctx, \"external-address-pc\", \u0026vmwareengine.PrivateCloudArgs{\n\t\t\tLocation: pulumi.String(\"-a\"),\n\t\t\tName: pulumi.String(\"sample-pc\"),\n\t\t\tDescription: pulumi.String(\"Sample test PC.\"),\n\t\t\tNetworkConfig: \u0026vmwareengine.PrivateCloudNetworkConfigArgs{\n\t\t\t\tManagementCidr: pulumi.String(\"192.168.50.0/24\"),\n\t\t\t\tVmwareEngineNetwork: external_address_nw.ID(),\n\t\t\t},\n\t\t\tManagementCluster: \u0026vmwareengine.PrivateCloudManagementClusterArgs{\n\t\t\t\tClusterId: pulumi.String(\"sample-mgmt-cluster\"),\n\t\t\t\tNodeTypeConfigs: vmwareengine.PrivateCloudManagementClusterNodeTypeConfigArray{\n\t\t\t\t\t\u0026vmwareengine.PrivateCloudManagementClusterNodeTypeConfigArgs{\n\t\t\t\t\t\tNodeTypeId: pulumi.String(\"standard-72\"),\n\t\t\t\t\t\tNodeCount: pulumi.Int(3),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vmwareengine.NewNetworkPolicy(ctx, \"external-address-np\", \u0026vmwareengine.NetworkPolicyArgs{\n\t\t\tLocation: pulumi.String(\"\"),\n\t\t\tName: pulumi.String(\"sample-np\"),\n\t\t\tEdgeServicesCidr: pulumi.String(\"192.168.30.0/26\"),\n\t\t\tVmwareEngineNetwork: external_address_nw.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vmwareengine.NewExternalAddress(ctx, \"vmw-engine-external-address\", \u0026vmwareengine.ExternalAddressArgs{\n\t\t\tName: pulumi.String(\"sample-external-address\"),\n\t\t\tParent: external_address_pc.ID(),\n\t\t\tInternalIp: pulumi.String(\"192.168.0.66\"),\n\t\t\tDescription: pulumi.String(\"Sample description.\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texternal_address_np,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vmwareengine.Network;\nimport com.pulumi.gcp.vmwareengine.NetworkArgs;\nimport com.pulumi.gcp.vmwareengine.PrivateCloud;\nimport com.pulumi.gcp.vmwareengine.PrivateCloudArgs;\nimport com.pulumi.gcp.vmwareengine.inputs.PrivateCloudNetworkConfigArgs;\nimport com.pulumi.gcp.vmwareengine.inputs.PrivateCloudManagementClusterArgs;\nimport com.pulumi.gcp.vmwareengine.NetworkPolicy;\nimport com.pulumi.gcp.vmwareengine.NetworkPolicyArgs;\nimport com.pulumi.gcp.vmwareengine.ExternalAddress;\nimport com.pulumi.gcp.vmwareengine.ExternalAddressArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var external_address_nw = new Network(\"external-address-nw\", NetworkArgs.builder()\n .name(\"pc-nw\")\n .location(\"global\")\n .type(\"STANDARD\")\n .description(\"PC network description.\")\n .build());\n\n var external_address_pc = new PrivateCloud(\"external-address-pc\", PrivateCloudArgs.builder()\n .location(\"-a\")\n .name(\"sample-pc\")\n .description(\"Sample test PC.\")\n .networkConfig(PrivateCloudNetworkConfigArgs.builder()\n .managementCidr(\"192.168.50.0/24\")\n .vmwareEngineNetwork(external_address_nw.id())\n .build())\n .managementCluster(PrivateCloudManagementClusterArgs.builder()\n .clusterId(\"sample-mgmt-cluster\")\n .nodeTypeConfigs(PrivateCloudManagementClusterNodeTypeConfigArgs.builder()\n .nodeTypeId(\"standard-72\")\n .nodeCount(3)\n .build())\n .build())\n .build());\n\n var external_address_np = new NetworkPolicy(\"external-address-np\", NetworkPolicyArgs.builder()\n .location(\"\")\n .name(\"sample-np\")\n .edgeServicesCidr(\"192.168.30.0/26\")\n .vmwareEngineNetwork(external_address_nw.id())\n .build());\n\n var vmw_engine_external_address = new ExternalAddress(\"vmw-engine-external-address\", ExternalAddressArgs.builder()\n .name(\"sample-external-address\")\n .parent(external_address_pc.id())\n .internalIp(\"192.168.0.66\")\n .description(\"Sample description.\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(external_address_np)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n external-address-nw:\n type: gcp:vmwareengine:Network\n properties:\n name: pc-nw\n location: global\n type: STANDARD\n description: PC network description.\n external-address-pc:\n type: gcp:vmwareengine:PrivateCloud\n properties:\n location: -a\n name: sample-pc\n description: Sample test PC.\n networkConfig:\n managementCidr: 192.168.50.0/24\n vmwareEngineNetwork: ${[\"external-address-nw\"].id}\n managementCluster:\n clusterId: sample-mgmt-cluster\n nodeTypeConfigs:\n - nodeTypeId: standard-72\n nodeCount: 3\n external-address-np:\n type: gcp:vmwareengine:NetworkPolicy\n properties:\n location: \"\"\n name: sample-np\n edgeServicesCidr: 192.168.30.0/26\n vmwareEngineNetwork: ${[\"external-address-nw\"].id}\n vmw-engine-external-address:\n type: gcp:vmwareengine:ExternalAddress\n properties:\n name: sample-external-address\n parent: ${[\"external-address-pc\"].id}\n internalIp: 192.168.0.66\n description: Sample description.\n options:\n dependsOn:\n - ${[\"external-address-np\"]}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nExternalAddress can be imported using any of these accepted formats:\n\n* `{{parent}}/externalAddresses/{{name}}`\n\nWhen using the `pulumi import` command, ExternalAddress can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:vmwareengine/externalAddress:ExternalAddress default {{parent}}/externalAddresses/{{name}}\n```\n\n", "properties": { "createTime": { "type": "string", @@ -275723,7 +275723,7 @@ } }, "gcp:vmwareengine/network:Network": { - "description": "Provides connectivity for VMware Engine private clouds.\n\n\nTo get more information about Network, see:\n\n* [API documentation](https://cloud.google.com/vmware-engine/docs/reference/rest/v1/projects.locations.vmwareEngineNetworks)\n\n## Example Usage\n\n### Vmware Engine Network Standard\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst vmw_engine_network = new gcp.vmwareengine.Network(\"vmw-engine-network\", {\n name: \"standard-nw\",\n location: \"global\",\n type: \"STANDARD\",\n description: \"VMwareEngine standard network sample\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nvmw_engine_network = gcp.vmwareengine.Network(\"vmw-engine-network\",\n name=\"standard-nw\",\n location=\"global\",\n type=\"STANDARD\",\n description=\"VMwareEngine standard network sample\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var vmw_engine_network = new Gcp.VMwareEngine.Network(\"vmw-engine-network\", new()\n {\n Name = \"standard-nw\",\n Location = \"global\",\n Type = \"STANDARD\",\n Description = \"VMwareEngine standard network sample\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vmwareengine\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vmwareengine.NewNetwork(ctx, \"vmw-engine-network\", \u0026vmwareengine.NetworkArgs{\n\t\t\tName: pulumi.String(\"standard-nw\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tType: pulumi.String(\"STANDARD\"),\n\t\t\tDescription: pulumi.String(\"VMwareEngine standard network sample\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vmwareengine.Network;\nimport com.pulumi.gcp.vmwareengine.NetworkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var vmw_engine_network = new Network(\"vmw-engine-network\", NetworkArgs.builder()\n .name(\"standard-nw\")\n .location(\"global\")\n .type(\"STANDARD\")\n .description(\"VMwareEngine standard network sample\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n vmw-engine-network:\n type: gcp:vmwareengine:Network\n properties:\n name: standard-nw\n location: global\n type: STANDARD\n description: VMwareEngine standard network sample\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Vmware Engine Network Legacy\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\n// there can be only 1 Legacy network per region for a given project,\n// so creating new project for isolation in CI.\nconst acceptanceProject = new gcp.organizations.Project(\"acceptance\", {\n name: \"vmw-proj\",\n projectId: \"vmw-proj\",\n orgId: \"123456789\",\n billingAccount: \"000000-0000000-0000000-000000\",\n deletionPolicy: \"DELETE\",\n});\nconst wait60Seconds = new time.index.Sleep(\"wait_60_seconds\", {createDuration: \"60s\"}, {\n dependsOn: [acceptanceProject],\n});\nconst acceptance = new gcp.projects.Service(\"acceptance\", {\n project: acceptanceProject.projectId,\n service: \"vmwareengine.googleapis.com\",\n}, {\n dependsOn: [wait60Seconds],\n});\nconst vmw_engine_network = new gcp.vmwareengine.Network(\"vmw-engine-network\", {\n project: acceptance.project,\n name: \"us-west1-default\",\n location: \"us-west1\",\n type: \"LEGACY\",\n description: \"VMwareEngine legacy network sample\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\n# there can be only 1 Legacy network per region for a given project,\n# so creating new project for isolation in CI.\nacceptance_project = gcp.organizations.Project(\"acceptance\",\n name=\"vmw-proj\",\n project_id=\"vmw-proj\",\n org_id=\"123456789\",\n billing_account=\"000000-0000000-0000000-000000\",\n deletion_policy=\"DELETE\")\nwait60_seconds = time.index.Sleep(\"wait_60_seconds\", create_duration=60s,\nopts = pulumi.ResourceOptions(depends_on=[acceptance_project]))\nacceptance = gcp.projects.Service(\"acceptance\",\n project=acceptance_project.project_id,\n service=\"vmwareengine.googleapis.com\",\n opts = pulumi.ResourceOptions(depends_on=[wait60_seconds]))\nvmw_engine_network = gcp.vmwareengine.Network(\"vmw-engine-network\",\n project=acceptance.project,\n name=\"us-west1-default\",\n location=\"us-west1\",\n type=\"LEGACY\",\n description=\"VMwareEngine legacy network sample\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // there can be only 1 Legacy network per region for a given project,\n // so creating new project for isolation in CI.\n var acceptanceProject = new Gcp.Organizations.Project(\"acceptance\", new()\n {\n Name = \"vmw-proj\",\n ProjectId = \"vmw-proj\",\n OrgId = \"123456789\",\n BillingAccount = \"000000-0000000-0000000-000000\",\n DeletionPolicy = \"DELETE\",\n });\n\n var wait60Seconds = new Time.Index.Sleep(\"wait_60_seconds\", new()\n {\n CreateDuration = \"60s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n acceptanceProject,\n },\n });\n\n var acceptance = new Gcp.Projects.Service(\"acceptance\", new()\n {\n Project = acceptanceProject.ProjectId,\n ServiceName = \"vmwareengine.googleapis.com\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait60Seconds,\n },\n });\n\n var vmw_engine_network = new Gcp.VMwareEngine.Network(\"vmw-engine-network\", new()\n {\n Project = acceptance.Project,\n Name = \"us-west1-default\",\n Location = \"us-west1\",\n Type = \"LEGACY\",\n Description = \"VMwareEngine legacy network sample\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vmwareengine\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// there can be only 1 Legacy network per region for a given project,\n\t\t// so creating new project for isolation in CI.\n\t\tacceptanceProject, err := organizations.NewProject(ctx, \"acceptance\", \u0026organizations.ProjectArgs{\n\t\t\tName: pulumi.String(\"vmw-proj\"),\n\t\t\tProjectId: pulumi.String(\"vmw-proj\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tBillingAccount: pulumi.String(\"000000-0000000-0000000-000000\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twait60Seconds, err := time.NewSleep(ctx, \"wait_60_seconds\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"60s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tacceptanceProject,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tacceptance, err := projects.NewService(ctx, \"acceptance\", \u0026projects.ServiceArgs{\n\t\t\tProject: acceptanceProject.ProjectId,\n\t\t\tService: pulumi.String(\"vmwareengine.googleapis.com\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait60Seconds,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vmwareengine.NewNetwork(ctx, \"vmw-engine-network\", \u0026vmwareengine.NetworkArgs{\n\t\t\tProject: acceptance.Project,\n\t\t\tName: pulumi.String(\"us-west1-default\"),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tType: pulumi.String(\"LEGACY\"),\n\t\t\tDescription: pulumi.String(\"VMwareEngine legacy network sample\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.vmwareengine.Network;\nimport com.pulumi.gcp.vmwareengine.NetworkArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // there can be only 1 Legacy network per region for a given project,\n // so creating new project for isolation in CI.\n var acceptanceProject = new Project(\"acceptanceProject\", ProjectArgs.builder()\n .name(\"vmw-proj\")\n .projectId(\"vmw-proj\")\n .orgId(\"123456789\")\n .billingAccount(\"000000-0000000-0000000-000000\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var wait60Seconds = new Sleep(\"wait60Seconds\", SleepArgs.builder()\n .createDuration(\"60s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(acceptanceProject)\n .build());\n\n var acceptance = new Service(\"acceptance\", ServiceArgs.builder()\n .project(acceptanceProject.projectId())\n .service(\"vmwareengine.googleapis.com\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait60Seconds)\n .build());\n\n var vmw_engine_network = new Network(\"vmw-engine-network\", NetworkArgs.builder()\n .project(acceptance.project())\n .name(\"us-west1-default\")\n .location(\"us-west1\")\n .type(\"LEGACY\")\n .description(\"VMwareEngine legacy network sample\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n vmw-engine-network:\n type: gcp:vmwareengine:Network\n properties:\n project: ${acceptance.project}\n name: us-west1-default\n location: us-west1\n type: LEGACY\n description: VMwareEngine legacy network sample\n acceptance:\n type: gcp:projects:Service\n properties:\n project: ${acceptanceProject.projectId}\n service: vmwareengine.googleapis.com\n options:\n dependson:\n - ${wait60Seconds}\n # there can be only 1 Legacy network per region for a given project,\n # so creating new project for isolation in CI.\n acceptanceProject:\n type: gcp:organizations:Project\n name: acceptance\n properties:\n name: vmw-proj\n projectId: vmw-proj\n orgId: '123456789'\n billingAccount: 000000-0000000-0000000-000000\n deletionPolicy: DELETE\n wait60Seconds:\n type: time:sleep\n name: wait_60_seconds\n properties:\n createDuration: 60s\n options:\n dependson:\n - ${acceptanceProject}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nNetwork can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/vmwareEngineNetworks/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Network can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:vmwareengine/network:Network default projects/{{project}}/locations/{{location}}/vmwareEngineNetworks/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vmwareengine/network:Network default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vmwareengine/network:Network default {{location}}/{{name}}\n```\n\n", + "description": "Provides connectivity for VMware Engine private clouds.\n\n\nTo get more information about Network, see:\n\n* [API documentation](https://cloud.google.com/vmware-engine/docs/reference/rest/v1/projects.locations.vmwareEngineNetworks)\n\n## Example Usage\n\n### Vmware Engine Network Standard\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst vmw_engine_network = new gcp.vmwareengine.Network(\"vmw-engine-network\", {\n name: \"standard-nw\",\n location: \"global\",\n type: \"STANDARD\",\n description: \"VMwareEngine standard network sample\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nvmw_engine_network = gcp.vmwareengine.Network(\"vmw-engine-network\",\n name=\"standard-nw\",\n location=\"global\",\n type=\"STANDARD\",\n description=\"VMwareEngine standard network sample\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var vmw_engine_network = new Gcp.VMwareEngine.Network(\"vmw-engine-network\", new()\n {\n Name = \"standard-nw\",\n Location = \"global\",\n Type = \"STANDARD\",\n Description = \"VMwareEngine standard network sample\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vmwareengine\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vmwareengine.NewNetwork(ctx, \"vmw-engine-network\", \u0026vmwareengine.NetworkArgs{\n\t\t\tName: pulumi.String(\"standard-nw\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tType: pulumi.String(\"STANDARD\"),\n\t\t\tDescription: pulumi.String(\"VMwareEngine standard network sample\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vmwareengine.Network;\nimport com.pulumi.gcp.vmwareengine.NetworkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var vmw_engine_network = new Network(\"vmw-engine-network\", NetworkArgs.builder()\n .name(\"standard-nw\")\n .location(\"global\")\n .type(\"STANDARD\")\n .description(\"VMwareEngine standard network sample\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n vmw-engine-network:\n type: gcp:vmwareengine:Network\n properties:\n name: standard-nw\n location: global\n type: STANDARD\n description: VMwareEngine standard network sample\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Vmware Engine Network Legacy\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\n// there can be only 1 Legacy network per region for a given project,\n// so creating new project for isolation in CI.\nconst acceptanceProject = new gcp.organizations.Project(\"acceptance\", {\n name: \"vmw-proj\",\n projectId: \"vmw-proj\",\n orgId: \"123456789\",\n billingAccount: \"000000-0000000-0000000-000000\",\n deletionPolicy: \"DELETE\",\n});\nconst wait60Seconds = new time.index.Sleep(\"wait_60_seconds\", {createDuration: \"60s\"}, {\n dependsOn: [acceptanceProject],\n});\nconst acceptance = new gcp.projects.Service(\"acceptance\", {\n project: acceptanceProject.projectId,\n service: \"vmwareengine.googleapis.com\",\n}, {\n dependsOn: [wait60Seconds],\n});\nconst vmw_engine_network = new gcp.vmwareengine.Network(\"vmw-engine-network\", {\n project: acceptance.project,\n name: \"us-west1-default\",\n location: \"us-west1\",\n type: \"LEGACY\",\n description: \"VMwareEngine legacy network sample\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\n# there can be only 1 Legacy network per region for a given project,\n# so creating new project for isolation in CI.\nacceptance_project = gcp.organizations.Project(\"acceptance\",\n name=\"vmw-proj\",\n project_id=\"vmw-proj\",\n org_id=\"123456789\",\n billing_account=\"000000-0000000-0000000-000000\",\n deletion_policy=\"DELETE\")\nwait60_seconds = time.index.Sleep(\"wait_60_seconds\", create_duration=60s,\nopts = pulumi.ResourceOptions(depends_on=[acceptance_project]))\nacceptance = gcp.projects.Service(\"acceptance\",\n project=acceptance_project.project_id,\n service=\"vmwareengine.googleapis.com\",\n opts = pulumi.ResourceOptions(depends_on=[wait60_seconds]))\nvmw_engine_network = gcp.vmwareengine.Network(\"vmw-engine-network\",\n project=acceptance.project,\n name=\"us-west1-default\",\n location=\"us-west1\",\n type=\"LEGACY\",\n description=\"VMwareEngine legacy network sample\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // there can be only 1 Legacy network per region for a given project,\n // so creating new project for isolation in CI.\n var acceptanceProject = new Gcp.Organizations.Project(\"acceptance\", new()\n {\n Name = \"vmw-proj\",\n ProjectId = \"vmw-proj\",\n OrgId = \"123456789\",\n BillingAccount = \"000000-0000000-0000000-000000\",\n DeletionPolicy = \"DELETE\",\n });\n\n var wait60Seconds = new Time.Index.Sleep(\"wait_60_seconds\", new()\n {\n CreateDuration = \"60s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n acceptanceProject,\n },\n });\n\n var acceptance = new Gcp.Projects.Service(\"acceptance\", new()\n {\n Project = acceptanceProject.ProjectId,\n ServiceName = \"vmwareengine.googleapis.com\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait60Seconds,\n },\n });\n\n var vmw_engine_network = new Gcp.VMwareEngine.Network(\"vmw-engine-network\", new()\n {\n Project = acceptance.Project,\n Name = \"us-west1-default\",\n Location = \"us-west1\",\n Type = \"LEGACY\",\n Description = \"VMwareEngine legacy network sample\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vmwareengine\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// there can be only 1 Legacy network per region for a given project,\n\t\t// so creating new project for isolation in CI.\n\t\tacceptanceProject, err := organizations.NewProject(ctx, \"acceptance\", \u0026organizations.ProjectArgs{\n\t\t\tName: pulumi.String(\"vmw-proj\"),\n\t\t\tProjectId: pulumi.String(\"vmw-proj\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tBillingAccount: pulumi.String(\"000000-0000000-0000000-000000\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twait60Seconds, err := time.NewSleep(ctx, \"wait_60_seconds\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"60s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tacceptanceProject,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tacceptance, err := projects.NewService(ctx, \"acceptance\", \u0026projects.ServiceArgs{\n\t\t\tProject: acceptanceProject.ProjectId,\n\t\t\tService: pulumi.String(\"vmwareengine.googleapis.com\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait60Seconds,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vmwareengine.NewNetwork(ctx, \"vmw-engine-network\", \u0026vmwareengine.NetworkArgs{\n\t\t\tProject: acceptance.Project,\n\t\t\tName: pulumi.String(\"us-west1-default\"),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tType: pulumi.String(\"LEGACY\"),\n\t\t\tDescription: pulumi.String(\"VMwareEngine legacy network sample\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.vmwareengine.Network;\nimport com.pulumi.gcp.vmwareengine.NetworkArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // there can be only 1 Legacy network per region for a given project,\n // so creating new project for isolation in CI.\n var acceptanceProject = new Project(\"acceptanceProject\", ProjectArgs.builder()\n .name(\"vmw-proj\")\n .projectId(\"vmw-proj\")\n .orgId(\"123456789\")\n .billingAccount(\"000000-0000000-0000000-000000\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var wait60Seconds = new Sleep(\"wait60Seconds\", SleepArgs.builder()\n .createDuration(\"60s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(acceptanceProject)\n .build());\n\n var acceptance = new Service(\"acceptance\", ServiceArgs.builder()\n .project(acceptanceProject.projectId())\n .service(\"vmwareengine.googleapis.com\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait60Seconds)\n .build());\n\n var vmw_engine_network = new Network(\"vmw-engine-network\", NetworkArgs.builder()\n .project(acceptance.project())\n .name(\"us-west1-default\")\n .location(\"us-west1\")\n .type(\"LEGACY\")\n .description(\"VMwareEngine legacy network sample\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n vmw-engine-network:\n type: gcp:vmwareengine:Network\n properties:\n project: ${acceptance.project}\n name: us-west1-default\n location: us-west1\n type: LEGACY\n description: VMwareEngine legacy network sample\n acceptance:\n type: gcp:projects:Service\n properties:\n project: ${acceptanceProject.projectId}\n service: vmwareengine.googleapis.com\n options:\n dependsOn:\n - ${wait60Seconds}\n # there can be only 1 Legacy network per region for a given project,\n # so creating new project for isolation in CI.\n acceptanceProject:\n type: gcp:organizations:Project\n name: acceptance\n properties:\n name: vmw-proj\n projectId: vmw-proj\n orgId: '123456789'\n billingAccount: 000000-0000000-0000000-000000\n deletionPolicy: DELETE\n wait60Seconds:\n type: time:sleep\n name: wait_60_seconds\n properties:\n createDuration: 60s\n options:\n dependsOn:\n - ${acceptanceProject}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nNetwork can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/vmwareEngineNetworks/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, Network can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:vmwareengine/network:Network default projects/{{project}}/locations/{{location}}/vmwareEngineNetworks/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vmwareengine/network:Network default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vmwareengine/network:Network default {{location}}/{{name}}\n```\n\n", "properties": { "description": { "type": "string", @@ -277335,7 +277335,7 @@ } }, "gcp:workflows/workflow:Workflow": { - "description": "Workflow program to be executed by Workflows.\n\n\nTo get more information about Workflow, see:\n\n* [API documentation](https://cloud.google.com/workflows/docs/reference/rest/v1/projects.locations.workflows)\n* How-to Guides\n * [Managing Workflows](https://cloud.google.com/workflows/docs/creating-updating-workflow)\n\n## Example Usage\n\n### Workflow Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst testAccount = new gcp.serviceaccount.Account(\"test_account\", {\n accountId: \"my-account\",\n displayName: \"Test Service Account\",\n});\nconst example = new gcp.workflows.Workflow(\"example\", {\n name: \"workflow\",\n region: \"us-central1\",\n description: \"Magic\",\n serviceAccount: testAccount.id,\n callLogLevel: \"LOG_ERRORS_ONLY\",\n labels: {\n env: \"test\",\n },\n userEnvVars: {\n url: \"https://timeapi.io/api/Time/current/zone?timeZone=Europe/Amsterdam\",\n },\n deletionProtection: false,\n sourceContents: `# This is a sample workflow. You can replace it with your source code.\n#\n# This workflow does the following:\n# - reads current time and date information from an external API and stores\n# the response in currentTime variable\n# - retrieves a list of Wikipedia articles related to the day of the week\n# from currentTime\n# - returns the list of articles as an output of the workflow\n#\n# Note: In Terraform you need to escape the or it will cause errors.\n\n- getCurrentTime:\n call: http.get\n args:\n url: \\${sys.get_env(\"url\")}\n result: currentTime\n- readWikipedia:\n call: http.get\n args:\n url: https://en.wikipedia.org/w/api.php\n query:\n action: opensearch\n search: \\${currentTime.body.dayOfWeek}\n result: wikiResult\n- returnOutput:\n return: \\${wikiResult.body[1]}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest_account = gcp.serviceaccount.Account(\"test_account\",\n account_id=\"my-account\",\n display_name=\"Test Service Account\")\nexample = gcp.workflows.Workflow(\"example\",\n name=\"workflow\",\n region=\"us-central1\",\n description=\"Magic\",\n service_account=test_account.id,\n call_log_level=\"LOG_ERRORS_ONLY\",\n labels={\n \"env\": \"test\",\n },\n user_env_vars={\n \"url\": \"https://timeapi.io/api/Time/current/zone?timeZone=Europe/Amsterdam\",\n },\n deletion_protection=False,\n source_contents=\"\"\"# This is a sample workflow. You can replace it with your source code.\n#\n# This workflow does the following:\n# - reads current time and date information from an external API and stores\n# the response in currentTime variable\n# - retrieves a list of Wikipedia articles related to the day of the week\n# from currentTime\n# - returns the list of articles as an output of the workflow\n#\n# Note: In Terraform you need to escape the $$ or it will cause errors.\n\n- getCurrentTime:\n call: http.get\n args:\n url: ${sys.get_env(\"url\")}\n result: currentTime\n- readWikipedia:\n call: http.get\n args:\n url: https://en.wikipedia.org/w/api.php\n query:\n action: opensearch\n search: ${currentTime.body.dayOfWeek}\n result: wikiResult\n- returnOutput:\n return: ${wikiResult.body[1]}\n\"\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testAccount = new Gcp.ServiceAccount.Account(\"test_account\", new()\n {\n AccountId = \"my-account\",\n DisplayName = \"Test Service Account\",\n });\n\n var example = new Gcp.Workflows.Workflow(\"example\", new()\n {\n Name = \"workflow\",\n Region = \"us-central1\",\n Description = \"Magic\",\n ServiceAccount = testAccount.Id,\n CallLogLevel = \"LOG_ERRORS_ONLY\",\n Labels = \n {\n { \"env\", \"test\" },\n },\n UserEnvVars = \n {\n { \"url\", \"https://timeapi.io/api/Time/current/zone?timeZone=Europe/Amsterdam\" },\n },\n DeletionProtection = false,\n SourceContents = @\"# This is a sample workflow. You can replace it with your source code.\n#\n# This workflow does the following:\n# - reads current time and date information from an external API and stores\n# the response in currentTime variable\n# - retrieves a list of Wikipedia articles related to the day of the week\n# from currentTime\n# - returns the list of articles as an output of the workflow\n#\n# Note: In Terraform you need to escape the $$ or it will cause errors.\n\n- getCurrentTime:\n call: http.get\n args:\n url: ${sys.get_env(\"\"url\"\")}\n result: currentTime\n- readWikipedia:\n call: http.get\n args:\n url: https://en.wikipedia.org/w/api.php\n query:\n action: opensearch\n search: ${currentTime.body.dayOfWeek}\n result: wikiResult\n- returnOutput:\n return: ${wikiResult.body[1]}\n\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/workflows\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestAccount, err := serviceaccount.NewAccount(ctx, \"test_account\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-account\"),\n\t\t\tDisplayName: pulumi.String(\"Test Service Account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = workflows.NewWorkflow(ctx, \"example\", \u0026workflows.WorkflowArgs{\n\t\t\tName: pulumi.String(\"workflow\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"Magic\"),\n\t\t\tServiceAccount: testAccount.ID(),\n\t\t\tCallLogLevel: pulumi.String(\"LOG_ERRORS_ONLY\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"env\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t\tUserEnvVars: pulumi.StringMap{\n\t\t\t\t\"url\": pulumi.String(\"https://timeapi.io/api/Time/current/zone?timeZone=Europe/Amsterdam\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tSourceContents: pulumi.String(`# This is a sample workflow. You can replace it with your source code.\n#\n# This workflow does the following:\n# - reads current time and date information from an external API and stores\n# the response in currentTime variable\n# - retrieves a list of Wikipedia articles related to the day of the week\n# from currentTime\n# - returns the list of articles as an output of the workflow\n#\n# Note: In Terraform you need to escape the $$ or it will cause errors.\n\n- getCurrentTime:\n call: http.get\n args:\n url: ${sys.get_env(\"url\")}\n result: currentTime\n- readWikipedia:\n call: http.get\n args:\n url: https://en.wikipedia.org/w/api.php\n query:\n action: opensearch\n search: ${currentTime.body.dayOfWeek}\n result: wikiResult\n- returnOutput:\n return: ${wikiResult.body[1]}\n`),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.workflows.Workflow;\nimport com.pulumi.gcp.workflows.WorkflowArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testAccount = new Account(\"testAccount\", AccountArgs.builder()\n .accountId(\"my-account\")\n .displayName(\"Test Service Account\")\n .build());\n\n var example = new Workflow(\"example\", WorkflowArgs.builder()\n .name(\"workflow\")\n .region(\"us-central1\")\n .description(\"Magic\")\n .serviceAccount(testAccount.id())\n .callLogLevel(\"LOG_ERRORS_ONLY\")\n .labels(Map.of(\"env\", \"test\"))\n .userEnvVars(Map.of(\"url\", \"https://timeapi.io/api/Time/current/zone?timeZone=Europe/Amsterdam\"))\n .deletionProtection(false)\n .sourceContents(\"\"\"\n# This is a sample workflow. You can replace it with your source code.\n#\n# This workflow does the following:\n# - reads current time and date information from an external API and stores\n# the response in currentTime variable\n# - retrieves a list of Wikipedia articles related to the day of the week\n# from currentTime\n# - returns the list of articles as an output of the workflow\n#\n# Note: In Terraform you need to escape the $$ or it will cause errors.\n\n- getCurrentTime:\n call: http.get\n args:\n url: ${sys.get_env(\"url\")}\n result: currentTime\n- readWikipedia:\n call: http.get\n args:\n url: https://en.wikipedia.org/w/api.php\n query:\n action: opensearch\n search: ${currentTime.body.dayOfWeek}\n result: wikiResult\n- returnOutput:\n return: ${wikiResult.body[1]}\n \"\"\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testAccount:\n type: gcp:serviceaccount:Account\n name: test_account\n properties:\n accountId: my-account\n displayName: Test Service Account\n example:\n type: gcp:workflows:Workflow\n properties:\n name: workflow\n region: us-central1\n description: Magic\n serviceAccount: ${testAccount.id}\n callLogLevel: LOG_ERRORS_ONLY\n labels:\n env: test\n userEnvVars:\n url: https://timeapi.io/api/Time/current/zone?timeZone=Europe/Amsterdam\n deletionProtection: false\n sourceContents: |\n # This is a sample workflow. You can replace it with your source code.\n #\n # This workflow does the following:\n # - reads current time and date information from an external API and stores\n # the response in currentTime variable\n # - retrieves a list of Wikipedia articles related to the day of the week\n # from currentTime\n # - returns the list of articles as an output of the workflow\n #\n # Note: In Terraform you need to escape the $$ or it will cause errors.\n\n - getCurrentTime:\n call: http.get\n args:\n url: ${sys.get_env(\"url\")}\n result: currentTime\n - readWikipedia:\n call: http.get\n args:\n url: https://en.wikipedia.org/w/api.php\n query:\n action: opensearch\n search: ${currentTime.body.dayOfWeek}\n result: wikiResult\n - returnOutput:\n return: ${wikiResult.body[1]}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource does not support import.\n\n", + "description": "Workflow program to be executed by Workflows.\n\n\nTo get more information about Workflow, see:\n\n* [API documentation](https://cloud.google.com/workflows/docs/reference/rest/v1/projects.locations.workflows)\n* How-to Guides\n * [Managing Workflows](https://cloud.google.com/workflows/docs/creating-updating-workflow)\n\n## Example Usage\n\n### Workflow Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst testAccount = new gcp.serviceaccount.Account(\"test_account\", {\n accountId: \"my-account\",\n displayName: \"Test Service Account\",\n});\nconst example = new gcp.workflows.Workflow(\"example\", {\n name: \"workflow\",\n region: \"us-central1\",\n description: \"Magic\",\n serviceAccount: testAccount.id,\n callLogLevel: \"LOG_ERRORS_ONLY\",\n labels: {\n env: \"test\",\n },\n userEnvVars: {\n url: \"https://timeapi.io/api/Time/current/zone?timeZone=Europe/Amsterdam\",\n },\n deletionProtection: false,\n sourceContents: `# This is a sample workflow. You can replace it with your source code.\n#\n# This workflow does the following:\n# - reads current time and date information from an external API and stores\n# the response in currentTime variable\n# - retrieves a list of Wikipedia articles related to the day of the week\n# from currentTime\n# - returns the list of articles as an output of the workflow\n#\n# Note: In Terraform you need to escape the or it will cause errors.\n\n- getCurrentTime:\n call: http.get\n args:\n url: \\${sys.get_env(\"url\")}\n result: currentTime\n- readWikipedia:\n call: http.get\n args:\n url: https://en.wikipedia.org/w/api.php\n query:\n action: opensearch\n search: \\${currentTime.body.dayOfWeek}\n result: wikiResult\n- returnOutput:\n return: \\${wikiResult.body[1]}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest_account = gcp.serviceaccount.Account(\"test_account\",\n account_id=\"my-account\",\n display_name=\"Test Service Account\")\nexample = gcp.workflows.Workflow(\"example\",\n name=\"workflow\",\n region=\"us-central1\",\n description=\"Magic\",\n service_account=test_account.id,\n call_log_level=\"LOG_ERRORS_ONLY\",\n labels={\n \"env\": \"test\",\n },\n user_env_vars={\n \"url\": \"https://timeapi.io/api/Time/current/zone?timeZone=Europe/Amsterdam\",\n },\n deletion_protection=False,\n source_contents=\"\"\"# This is a sample workflow. You can replace it with your source code.\n#\n# This workflow does the following:\n# - reads current time and date information from an external API and stores\n# the response in currentTime variable\n# - retrieves a list of Wikipedia articles related to the day of the week\n# from currentTime\n# - returns the list of articles as an output of the workflow\n#\n# Note: In Terraform you need to escape the $$ or it will cause errors.\n\n- getCurrentTime:\n call: http.get\n args:\n url: ${sys.get_env(\"url\")}\n result: currentTime\n- readWikipedia:\n call: http.get\n args:\n url: https://en.wikipedia.org/w/api.php\n query:\n action: opensearch\n search: ${currentTime.body.dayOfWeek}\n result: wikiResult\n- returnOutput:\n return: ${wikiResult.body[1]}\n\"\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testAccount = new Gcp.ServiceAccount.Account(\"test_account\", new()\n {\n AccountId = \"my-account\",\n DisplayName = \"Test Service Account\",\n });\n\n var example = new Gcp.Workflows.Workflow(\"example\", new()\n {\n Name = \"workflow\",\n Region = \"us-central1\",\n Description = \"Magic\",\n ServiceAccount = testAccount.Id,\n CallLogLevel = \"LOG_ERRORS_ONLY\",\n Labels = \n {\n { \"env\", \"test\" },\n },\n UserEnvVars = \n {\n { \"url\", \"https://timeapi.io/api/Time/current/zone?timeZone=Europe/Amsterdam\" },\n },\n DeletionProtection = false,\n SourceContents = @\"# This is a sample workflow. You can replace it with your source code.\n#\n# This workflow does the following:\n# - reads current time and date information from an external API and stores\n# the response in currentTime variable\n# - retrieves a list of Wikipedia articles related to the day of the week\n# from currentTime\n# - returns the list of articles as an output of the workflow\n#\n# Note: In Terraform you need to escape the $$ or it will cause errors.\n\n- getCurrentTime:\n call: http.get\n args:\n url: ${sys.get_env(\"\"url\"\")}\n result: currentTime\n- readWikipedia:\n call: http.get\n args:\n url: https://en.wikipedia.org/w/api.php\n query:\n action: opensearch\n search: ${currentTime.body.dayOfWeek}\n result: wikiResult\n- returnOutput:\n return: ${wikiResult.body[1]}\n\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/workflows\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestAccount, err := serviceaccount.NewAccount(ctx, \"test_account\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-account\"),\n\t\t\tDisplayName: pulumi.String(\"Test Service Account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = workflows.NewWorkflow(ctx, \"example\", \u0026workflows.WorkflowArgs{\n\t\t\tName: pulumi.String(\"workflow\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tDescription: pulumi.String(\"Magic\"),\n\t\t\tServiceAccount: testAccount.ID(),\n\t\t\tCallLogLevel: pulumi.String(\"LOG_ERRORS_ONLY\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"env\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t\tUserEnvVars: pulumi.StringMap{\n\t\t\t\t\"url\": pulumi.String(\"https://timeapi.io/api/Time/current/zone?timeZone=Europe/Amsterdam\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t\tSourceContents: pulumi.String(`# This is a sample workflow. You can replace it with your source code.\n#\n# This workflow does the following:\n# - reads current time and date information from an external API and stores\n# the response in currentTime variable\n# - retrieves a list of Wikipedia articles related to the day of the week\n# from currentTime\n# - returns the list of articles as an output of the workflow\n#\n# Note: In Terraform you need to escape the $$ or it will cause errors.\n\n- getCurrentTime:\n call: http.get\n args:\n url: ${sys.get_env(\"url\")}\n result: currentTime\n- readWikipedia:\n call: http.get\n args:\n url: https://en.wikipedia.org/w/api.php\n query:\n action: opensearch\n search: ${currentTime.body.dayOfWeek}\n result: wikiResult\n- returnOutput:\n return: ${wikiResult.body[1]}\n`),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.workflows.Workflow;\nimport com.pulumi.gcp.workflows.WorkflowArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testAccount = new Account(\"testAccount\", AccountArgs.builder()\n .accountId(\"my-account\")\n .displayName(\"Test Service Account\")\n .build());\n\n var example = new Workflow(\"example\", WorkflowArgs.builder()\n .name(\"workflow\")\n .region(\"us-central1\")\n .description(\"Magic\")\n .serviceAccount(testAccount.id())\n .callLogLevel(\"LOG_ERRORS_ONLY\")\n .labels(Map.of(\"env\", \"test\"))\n .userEnvVars(Map.of(\"url\", \"https://timeapi.io/api/Time/current/zone?timeZone=Europe/Amsterdam\"))\n .deletionProtection(false)\n .sourceContents(\"\"\"\n# This is a sample workflow. You can replace it with your source code.\n#\n# This workflow does the following:\n# - reads current time and date information from an external API and stores\n# the response in currentTime variable\n# - retrieves a list of Wikipedia articles related to the day of the week\n# from currentTime\n# - returns the list of articles as an output of the workflow\n#\n# Note: In Terraform you need to escape the $$ or it will cause errors.\n\n- getCurrentTime:\n call: http.get\n args:\n url: ${sys.get_env(\"url\")}\n result: currentTime\n- readWikipedia:\n call: http.get\n args:\n url: https://en.wikipedia.org/w/api.php\n query:\n action: opensearch\n search: ${currentTime.body.dayOfWeek}\n result: wikiResult\n- returnOutput:\n return: ${wikiResult.body[1]}\n \"\"\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testAccount:\n type: gcp:serviceaccount:Account\n name: test_account\n properties:\n accountId: my-account\n displayName: Test Service Account\n example:\n type: gcp:workflows:Workflow\n properties:\n name: workflow\n region: us-central1\n description: Magic\n serviceAccount: ${testAccount.id}\n callLogLevel: LOG_ERRORS_ONLY\n labels:\n env: test\n userEnvVars:\n url: https://timeapi.io/api/Time/current/zone?timeZone=Europe/Amsterdam\n deletionProtection: false\n sourceContents: |\n # This is a sample workflow. You can replace it with your source code.\n #\n # This workflow does the following:\n # - reads current time and date information from an external API and stores\n # the response in currentTime variable\n # - retrieves a list of Wikipedia articles related to the day of the week\n # from currentTime\n # - returns the list of articles as an output of the workflow\n #\n # Note: In Terraform you need to escape the $$ or it will cause errors.\n\n - getCurrentTime:\n call: http.get\n args:\n url: $${sys.get_env(\"url\")}\n result: currentTime\n - readWikipedia:\n call: http.get\n args:\n url: https://en.wikipedia.org/w/api.php\n query:\n action: opensearch\n search: $${currentTime.body.dayOfWeek}\n result: wikiResult\n - returnOutput:\n return: $${wikiResult.body[1]}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource does not support import.\n\n", "properties": { "callLogLevel": { "type": "string", @@ -277855,7 +277855,7 @@ } }, "gcp:workstations/workstationCluster:WorkstationCluster": { - "description": "## Example Usage\n\n### Workstation Cluster Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultNetwork = new gcp.compute.Network(\"default\", {\n name: \"workstation-cluster\",\n autoCreateSubnetworks: false,\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"workstation-cluster\",\n ipCidrRange: \"10.0.0.0/24\",\n region: \"us-central1\",\n network: defaultNetwork.name,\n});\nconst _default = new gcp.workstations.WorkstationCluster(\"default\", {\n workstationClusterId: \"workstation-cluster\",\n network: defaultNetwork.id,\n subnetwork: defaultSubnetwork.id,\n location: \"us-central1\",\n labels: {\n label: \"key\",\n },\n annotations: {\n \"label-one\": \"value-one\",\n },\n});\nconst project = gcp.organizations.getProject({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_network = gcp.compute.Network(\"default\",\n name=\"workstation-cluster\",\n auto_create_subnetworks=False)\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"workstation-cluster\",\n ip_cidr_range=\"10.0.0.0/24\",\n region=\"us-central1\",\n network=default_network.name)\ndefault = gcp.workstations.WorkstationCluster(\"default\",\n workstation_cluster_id=\"workstation-cluster\",\n network=default_network.id,\n subnetwork=default_subnetwork.id,\n location=\"us-central1\",\n labels={\n \"label\": \"key\",\n },\n annotations={\n \"label-one\": \"value-one\",\n })\nproject = gcp.organizations.get_project()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"workstation-cluster\",\n AutoCreateSubnetworks = false,\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"workstation-cluster\",\n IpCidrRange = \"10.0.0.0/24\",\n Region = \"us-central1\",\n Network = defaultNetwork.Name,\n });\n\n var @default = new Gcp.Workstations.WorkstationCluster(\"default\", new()\n {\n WorkstationClusterId = \"workstation-cluster\",\n Network = defaultNetwork.Id,\n Subnetwork = defaultSubnetwork.Id,\n Location = \"us-central1\",\n Labels = \n {\n { \"label\", \"key\" },\n },\n Annotations = \n {\n { \"label-one\", \"value-one\" },\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/workstations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"workstation-cluster\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"workstation-cluster\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/24\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: defaultNetwork.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = workstations.NewWorkstationCluster(ctx, \"default\", \u0026workstations.WorkstationClusterArgs{\n\t\t\tWorkstationClusterId: pulumi.String(\"workstation-cluster\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label\": pulumi.String(\"key\"),\n\t\t\t},\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.workstations.WorkstationCluster;\nimport com.pulumi.gcp.workstations.WorkstationClusterArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"workstation-cluster\")\n .autoCreateSubnetworks(false)\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"workstation-cluster\")\n .ipCidrRange(\"10.0.0.0/24\")\n .region(\"us-central1\")\n .network(defaultNetwork.name())\n .build());\n\n var default_ = new WorkstationCluster(\"default\", WorkstationClusterArgs.builder()\n .workstationClusterId(\"workstation-cluster\")\n .network(defaultNetwork.id())\n .subnetwork(defaultSubnetwork.id())\n .location(\"us-central1\")\n .labels(Map.of(\"label\", \"key\"))\n .annotations(Map.of(\"label-one\", \"value-one\"))\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:workstations:WorkstationCluster\n properties:\n workstationClusterId: workstation-cluster\n network: ${defaultNetwork.id}\n subnetwork: ${defaultSubnetwork.id}\n location: us-central1\n labels:\n label: key\n annotations:\n label-one: value-one\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: workstation-cluster\n autoCreateSubnetworks: false\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: workstation-cluster\n ipCidrRange: 10.0.0.0/24\n region: us-central1\n network: ${defaultNetwork.name}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Workstation Cluster Private\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultNetwork = new gcp.compute.Network(\"default\", {\n name: \"workstation-cluster-private\",\n autoCreateSubnetworks: false,\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"workstation-cluster-private\",\n ipCidrRange: \"10.0.0.0/24\",\n region: \"us-central1\",\n network: defaultNetwork.name,\n});\nconst _default = new gcp.workstations.WorkstationCluster(\"default\", {\n workstationClusterId: \"workstation-cluster-private\",\n network: defaultNetwork.id,\n subnetwork: defaultSubnetwork.id,\n location: \"us-central1\",\n privateClusterConfig: {\n enablePrivateEndpoint: true,\n },\n labels: {\n label: \"key\",\n },\n annotations: {\n \"label-one\": \"value-one\",\n },\n});\nconst project = gcp.organizations.getProject({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_network = gcp.compute.Network(\"default\",\n name=\"workstation-cluster-private\",\n auto_create_subnetworks=False)\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"workstation-cluster-private\",\n ip_cidr_range=\"10.0.0.0/24\",\n region=\"us-central1\",\n network=default_network.name)\ndefault = gcp.workstations.WorkstationCluster(\"default\",\n workstation_cluster_id=\"workstation-cluster-private\",\n network=default_network.id,\n subnetwork=default_subnetwork.id,\n location=\"us-central1\",\n private_cluster_config={\n \"enable_private_endpoint\": True,\n },\n labels={\n \"label\": \"key\",\n },\n annotations={\n \"label-one\": \"value-one\",\n })\nproject = gcp.organizations.get_project()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"workstation-cluster-private\",\n AutoCreateSubnetworks = false,\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"workstation-cluster-private\",\n IpCidrRange = \"10.0.0.0/24\",\n Region = \"us-central1\",\n Network = defaultNetwork.Name,\n });\n\n var @default = new Gcp.Workstations.WorkstationCluster(\"default\", new()\n {\n WorkstationClusterId = \"workstation-cluster-private\",\n Network = defaultNetwork.Id,\n Subnetwork = defaultSubnetwork.Id,\n Location = \"us-central1\",\n PrivateClusterConfig = new Gcp.Workstations.Inputs.WorkstationClusterPrivateClusterConfigArgs\n {\n EnablePrivateEndpoint = true,\n },\n Labels = \n {\n { \"label\", \"key\" },\n },\n Annotations = \n {\n { \"label-one\", \"value-one\" },\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/workstations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"workstation-cluster-private\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"workstation-cluster-private\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/24\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: defaultNetwork.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = workstations.NewWorkstationCluster(ctx, \"default\", \u0026workstations.WorkstationClusterArgs{\n\t\t\tWorkstationClusterId: pulumi.String(\"workstation-cluster-private\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPrivateClusterConfig: \u0026workstations.WorkstationClusterPrivateClusterConfigArgs{\n\t\t\t\tEnablePrivateEndpoint: pulumi.Bool(true),\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label\": pulumi.String(\"key\"),\n\t\t\t},\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.workstations.WorkstationCluster;\nimport com.pulumi.gcp.workstations.WorkstationClusterArgs;\nimport com.pulumi.gcp.workstations.inputs.WorkstationClusterPrivateClusterConfigArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"workstation-cluster-private\")\n .autoCreateSubnetworks(false)\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"workstation-cluster-private\")\n .ipCidrRange(\"10.0.0.0/24\")\n .region(\"us-central1\")\n .network(defaultNetwork.name())\n .build());\n\n var default_ = new WorkstationCluster(\"default\", WorkstationClusterArgs.builder()\n .workstationClusterId(\"workstation-cluster-private\")\n .network(defaultNetwork.id())\n .subnetwork(defaultSubnetwork.id())\n .location(\"us-central1\")\n .privateClusterConfig(WorkstationClusterPrivateClusterConfigArgs.builder()\n .enablePrivateEndpoint(true)\n .build())\n .labels(Map.of(\"label\", \"key\"))\n .annotations(Map.of(\"label-one\", \"value-one\"))\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:workstations:WorkstationCluster\n properties:\n workstationClusterId: workstation-cluster-private\n network: ${defaultNetwork.id}\n subnetwork: ${defaultSubnetwork.id}\n location: us-central1\n privateClusterConfig:\n enablePrivateEndpoint: true\n labels:\n label: key\n annotations:\n label-one: value-one\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: workstation-cluster-private\n autoCreateSubnetworks: false\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: workstation-cluster-private\n ipCidrRange: 10.0.0.0/24\n region: us-central1\n network: ${defaultNetwork.name}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Workstation Cluster Custom Domain\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultNetwork = new gcp.compute.Network(\"default\", {\n name: \"workstation-cluster-custom-domain\",\n autoCreateSubnetworks: false,\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"workstation-cluster-custom-domain\",\n ipCidrRange: \"10.0.0.0/24\",\n region: \"us-central1\",\n network: defaultNetwork.name,\n});\nconst _default = new gcp.workstations.WorkstationCluster(\"default\", {\n workstationClusterId: \"workstation-cluster-custom-domain\",\n network: defaultNetwork.id,\n subnetwork: defaultSubnetwork.id,\n location: \"us-central1\",\n privateClusterConfig: {\n enablePrivateEndpoint: true,\n },\n domainConfig: {\n domain: \"workstations.example.com\",\n },\n labels: {\n label: \"key\",\n },\n annotations: {\n \"label-one\": \"value-one\",\n },\n});\nconst project = gcp.organizations.getProject({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_network = gcp.compute.Network(\"default\",\n name=\"workstation-cluster-custom-domain\",\n auto_create_subnetworks=False)\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"workstation-cluster-custom-domain\",\n ip_cidr_range=\"10.0.0.0/24\",\n region=\"us-central1\",\n network=default_network.name)\ndefault = gcp.workstations.WorkstationCluster(\"default\",\n workstation_cluster_id=\"workstation-cluster-custom-domain\",\n network=default_network.id,\n subnetwork=default_subnetwork.id,\n location=\"us-central1\",\n private_cluster_config={\n \"enable_private_endpoint\": True,\n },\n domain_config={\n \"domain\": \"workstations.example.com\",\n },\n labels={\n \"label\": \"key\",\n },\n annotations={\n \"label-one\": \"value-one\",\n })\nproject = gcp.organizations.get_project()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"workstation-cluster-custom-domain\",\n AutoCreateSubnetworks = false,\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"workstation-cluster-custom-domain\",\n IpCidrRange = \"10.0.0.0/24\",\n Region = \"us-central1\",\n Network = defaultNetwork.Name,\n });\n\n var @default = new Gcp.Workstations.WorkstationCluster(\"default\", new()\n {\n WorkstationClusterId = \"workstation-cluster-custom-domain\",\n Network = defaultNetwork.Id,\n Subnetwork = defaultSubnetwork.Id,\n Location = \"us-central1\",\n PrivateClusterConfig = new Gcp.Workstations.Inputs.WorkstationClusterPrivateClusterConfigArgs\n {\n EnablePrivateEndpoint = true,\n },\n DomainConfig = new Gcp.Workstations.Inputs.WorkstationClusterDomainConfigArgs\n {\n Domain = \"workstations.example.com\",\n },\n Labels = \n {\n { \"label\", \"key\" },\n },\n Annotations = \n {\n { \"label-one\", \"value-one\" },\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/workstations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"workstation-cluster-custom-domain\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"workstation-cluster-custom-domain\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/24\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: defaultNetwork.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = workstations.NewWorkstationCluster(ctx, \"default\", \u0026workstations.WorkstationClusterArgs{\n\t\t\tWorkstationClusterId: pulumi.String(\"workstation-cluster-custom-domain\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPrivateClusterConfig: \u0026workstations.WorkstationClusterPrivateClusterConfigArgs{\n\t\t\t\tEnablePrivateEndpoint: pulumi.Bool(true),\n\t\t\t},\n\t\t\tDomainConfig: \u0026workstations.WorkstationClusterDomainConfigArgs{\n\t\t\t\tDomain: pulumi.String(\"workstations.example.com\"),\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label\": pulumi.String(\"key\"),\n\t\t\t},\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.workstations.WorkstationCluster;\nimport com.pulumi.gcp.workstations.WorkstationClusterArgs;\nimport com.pulumi.gcp.workstations.inputs.WorkstationClusterPrivateClusterConfigArgs;\nimport com.pulumi.gcp.workstations.inputs.WorkstationClusterDomainConfigArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"workstation-cluster-custom-domain\")\n .autoCreateSubnetworks(false)\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"workstation-cluster-custom-domain\")\n .ipCidrRange(\"10.0.0.0/24\")\n .region(\"us-central1\")\n .network(defaultNetwork.name())\n .build());\n\n var default_ = new WorkstationCluster(\"default\", WorkstationClusterArgs.builder()\n .workstationClusterId(\"workstation-cluster-custom-domain\")\n .network(defaultNetwork.id())\n .subnetwork(defaultSubnetwork.id())\n .location(\"us-central1\")\n .privateClusterConfig(WorkstationClusterPrivateClusterConfigArgs.builder()\n .enablePrivateEndpoint(true)\n .build())\n .domainConfig(WorkstationClusterDomainConfigArgs.builder()\n .domain(\"workstations.example.com\")\n .build())\n .labels(Map.of(\"label\", \"key\"))\n .annotations(Map.of(\"label-one\", \"value-one\"))\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:workstations:WorkstationCluster\n properties:\n workstationClusterId: workstation-cluster-custom-domain\n network: ${defaultNetwork.id}\n subnetwork: ${defaultSubnetwork.id}\n location: us-central1\n privateClusterConfig:\n enablePrivateEndpoint: true\n domainConfig:\n domain: workstations.example.com\n labels:\n label: key\n annotations:\n label-one: value-one\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: workstation-cluster-custom-domain\n autoCreateSubnetworks: false\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: workstation-cluster-custom-domain\n ipCidrRange: 10.0.0.0/24\n region: us-central1\n network: ${defaultNetwork.name}\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nWorkstationCluster can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/workstationClusters/{{workstation_cluster_id}}`\n\n* `{{project}}/{{location}}/{{workstation_cluster_id}}`\n\n* `{{location}}/{{workstation_cluster_id}}`\n\nWhen using the `pulumi import` command, WorkstationCluster can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:workstations/workstationCluster:WorkstationCluster default projects/{{project}}/locations/{{location}}/workstationClusters/{{workstation_cluster_id}}\n```\n\n```sh\n$ pulumi import gcp:workstations/workstationCluster:WorkstationCluster default {{project}}/{{location}}/{{workstation_cluster_id}}\n```\n\n```sh\n$ pulumi import gcp:workstations/workstationCluster:WorkstationCluster default {{location}}/{{workstation_cluster_id}}\n```\n\n", + "description": "## Example Usage\n\n### Workstation Cluster Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultNetwork = new gcp.compute.Network(\"default\", {\n name: \"workstation-cluster\",\n autoCreateSubnetworks: false,\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"workstation-cluster\",\n ipCidrRange: \"10.0.0.0/24\",\n region: \"us-central1\",\n network: defaultNetwork.name,\n});\nconst _default = new gcp.workstations.WorkstationCluster(\"default\", {\n workstationClusterId: \"workstation-cluster\",\n network: defaultNetwork.id,\n subnetwork: defaultSubnetwork.id,\n location: \"us-central1\",\n labels: {\n label: \"key\",\n },\n annotations: {\n \"label-one\": \"value-one\",\n },\n});\nconst project = gcp.organizations.getProject({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_network = gcp.compute.Network(\"default\",\n name=\"workstation-cluster\",\n auto_create_subnetworks=False)\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"workstation-cluster\",\n ip_cidr_range=\"10.0.0.0/24\",\n region=\"us-central1\",\n network=default_network.name)\ndefault = gcp.workstations.WorkstationCluster(\"default\",\n workstation_cluster_id=\"workstation-cluster\",\n network=default_network.id,\n subnetwork=default_subnetwork.id,\n location=\"us-central1\",\n labels={\n \"label\": \"key\",\n },\n annotations={\n \"label-one\": \"value-one\",\n })\nproject = gcp.organizations.get_project()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"workstation-cluster\",\n AutoCreateSubnetworks = false,\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"workstation-cluster\",\n IpCidrRange = \"10.0.0.0/24\",\n Region = \"us-central1\",\n Network = defaultNetwork.Name,\n });\n\n var @default = new Gcp.Workstations.WorkstationCluster(\"default\", new()\n {\n WorkstationClusterId = \"workstation-cluster\",\n Network = defaultNetwork.Id,\n Subnetwork = defaultSubnetwork.Id,\n Location = \"us-central1\",\n Labels = \n {\n { \"label\", \"key\" },\n },\n Annotations = \n {\n { \"label-one\", \"value-one\" },\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/workstations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"workstation-cluster\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"workstation-cluster\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/24\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: defaultNetwork.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = workstations.NewWorkstationCluster(ctx, \"default\", \u0026workstations.WorkstationClusterArgs{\n\t\t\tWorkstationClusterId: pulumi.String(\"workstation-cluster\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label\": pulumi.String(\"key\"),\n\t\t\t},\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.workstations.WorkstationCluster;\nimport com.pulumi.gcp.workstations.WorkstationClusterArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"workstation-cluster\")\n .autoCreateSubnetworks(false)\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"workstation-cluster\")\n .ipCidrRange(\"10.0.0.0/24\")\n .region(\"us-central1\")\n .network(defaultNetwork.name())\n .build());\n\n var default_ = new WorkstationCluster(\"default\", WorkstationClusterArgs.builder()\n .workstationClusterId(\"workstation-cluster\")\n .network(defaultNetwork.id())\n .subnetwork(defaultSubnetwork.id())\n .location(\"us-central1\")\n .labels(Map.of(\"label\", \"key\"))\n .annotations(Map.of(\"label-one\", \"value-one\"))\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:workstations:WorkstationCluster\n properties:\n workstationClusterId: workstation-cluster\n network: ${defaultNetwork.id}\n subnetwork: ${defaultSubnetwork.id}\n location: us-central1\n labels:\n label: key\n annotations:\n label-one: value-one\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: workstation-cluster\n autoCreateSubnetworks: false\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: workstation-cluster\n ipCidrRange: 10.0.0.0/24\n region: us-central1\n network: ${defaultNetwork.name}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Workstation Cluster Private\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultNetwork = new gcp.compute.Network(\"default\", {\n name: \"workstation-cluster-private\",\n autoCreateSubnetworks: false,\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"workstation-cluster-private\",\n ipCidrRange: \"10.0.0.0/24\",\n region: \"us-central1\",\n network: defaultNetwork.name,\n});\nconst _default = new gcp.workstations.WorkstationCluster(\"default\", {\n workstationClusterId: \"workstation-cluster-private\",\n network: defaultNetwork.id,\n subnetwork: defaultSubnetwork.id,\n location: \"us-central1\",\n privateClusterConfig: {\n enablePrivateEndpoint: true,\n },\n labels: {\n label: \"key\",\n },\n annotations: {\n \"label-one\": \"value-one\",\n },\n});\nconst project = gcp.organizations.getProject({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_network = gcp.compute.Network(\"default\",\n name=\"workstation-cluster-private\",\n auto_create_subnetworks=False)\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"workstation-cluster-private\",\n ip_cidr_range=\"10.0.0.0/24\",\n region=\"us-central1\",\n network=default_network.name)\ndefault = gcp.workstations.WorkstationCluster(\"default\",\n workstation_cluster_id=\"workstation-cluster-private\",\n network=default_network.id,\n subnetwork=default_subnetwork.id,\n location=\"us-central1\",\n private_cluster_config={\n \"enable_private_endpoint\": True,\n },\n labels={\n \"label\": \"key\",\n },\n annotations={\n \"label-one\": \"value-one\",\n })\nproject = gcp.organizations.get_project()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"workstation-cluster-private\",\n AutoCreateSubnetworks = false,\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"workstation-cluster-private\",\n IpCidrRange = \"10.0.0.0/24\",\n Region = \"us-central1\",\n Network = defaultNetwork.Name,\n });\n\n var @default = new Gcp.Workstations.WorkstationCluster(\"default\", new()\n {\n WorkstationClusterId = \"workstation-cluster-private\",\n Network = defaultNetwork.Id,\n Subnetwork = defaultSubnetwork.Id,\n Location = \"us-central1\",\n PrivateClusterConfig = new Gcp.Workstations.Inputs.WorkstationClusterPrivateClusterConfigArgs\n {\n EnablePrivateEndpoint = true,\n },\n Labels = \n {\n { \"label\", \"key\" },\n },\n Annotations = \n {\n { \"label-one\", \"value-one\" },\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/workstations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"workstation-cluster-private\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"workstation-cluster-private\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/24\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: defaultNetwork.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = workstations.NewWorkstationCluster(ctx, \"default\", \u0026workstations.WorkstationClusterArgs{\n\t\t\tWorkstationClusterId: pulumi.String(\"workstation-cluster-private\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPrivateClusterConfig: \u0026workstations.WorkstationClusterPrivateClusterConfigArgs{\n\t\t\t\tEnablePrivateEndpoint: pulumi.Bool(true),\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label\": pulumi.String(\"key\"),\n\t\t\t},\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.workstations.WorkstationCluster;\nimport com.pulumi.gcp.workstations.WorkstationClusterArgs;\nimport com.pulumi.gcp.workstations.inputs.WorkstationClusterPrivateClusterConfigArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"workstation-cluster-private\")\n .autoCreateSubnetworks(false)\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"workstation-cluster-private\")\n .ipCidrRange(\"10.0.0.0/24\")\n .region(\"us-central1\")\n .network(defaultNetwork.name())\n .build());\n\n var default_ = new WorkstationCluster(\"default\", WorkstationClusterArgs.builder()\n .workstationClusterId(\"workstation-cluster-private\")\n .network(defaultNetwork.id())\n .subnetwork(defaultSubnetwork.id())\n .location(\"us-central1\")\n .privateClusterConfig(WorkstationClusterPrivateClusterConfigArgs.builder()\n .enablePrivateEndpoint(true)\n .build())\n .labels(Map.of(\"label\", \"key\"))\n .annotations(Map.of(\"label-one\", \"value-one\"))\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:workstations:WorkstationCluster\n properties:\n workstationClusterId: workstation-cluster-private\n network: ${defaultNetwork.id}\n subnetwork: ${defaultSubnetwork.id}\n location: us-central1\n privateClusterConfig:\n enablePrivateEndpoint: true\n labels:\n label: key\n annotations:\n label-one: value-one\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: workstation-cluster-private\n autoCreateSubnetworks: false\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: workstation-cluster-private\n ipCidrRange: 10.0.0.0/24\n region: us-central1\n network: ${defaultNetwork.name}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Workstation Cluster Custom Domain\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultNetwork = new gcp.compute.Network(\"default\", {\n name: \"workstation-cluster-custom-domain\",\n autoCreateSubnetworks: false,\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"workstation-cluster-custom-domain\",\n ipCidrRange: \"10.0.0.0/24\",\n region: \"us-central1\",\n network: defaultNetwork.name,\n});\nconst _default = new gcp.workstations.WorkstationCluster(\"default\", {\n workstationClusterId: \"workstation-cluster-custom-domain\",\n network: defaultNetwork.id,\n subnetwork: defaultSubnetwork.id,\n location: \"us-central1\",\n privateClusterConfig: {\n enablePrivateEndpoint: true,\n },\n domainConfig: {\n domain: \"workstations.example.com\",\n },\n labels: {\n label: \"key\",\n },\n annotations: {\n \"label-one\": \"value-one\",\n },\n});\nconst project = gcp.organizations.getProject({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_network = gcp.compute.Network(\"default\",\n name=\"workstation-cluster-custom-domain\",\n auto_create_subnetworks=False)\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"workstation-cluster-custom-domain\",\n ip_cidr_range=\"10.0.0.0/24\",\n region=\"us-central1\",\n network=default_network.name)\ndefault = gcp.workstations.WorkstationCluster(\"default\",\n workstation_cluster_id=\"workstation-cluster-custom-domain\",\n network=default_network.id,\n subnetwork=default_subnetwork.id,\n location=\"us-central1\",\n private_cluster_config={\n \"enable_private_endpoint\": True,\n },\n domain_config={\n \"domain\": \"workstations.example.com\",\n },\n labels={\n \"label\": \"key\",\n },\n annotations={\n \"label-one\": \"value-one\",\n })\nproject = gcp.organizations.get_project()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultNetwork = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"workstation-cluster-custom-domain\",\n AutoCreateSubnetworks = false,\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"workstation-cluster-custom-domain\",\n IpCidrRange = \"10.0.0.0/24\",\n Region = \"us-central1\",\n Network = defaultNetwork.Name,\n });\n\n var @default = new Gcp.Workstations.WorkstationCluster(\"default\", new()\n {\n WorkstationClusterId = \"workstation-cluster-custom-domain\",\n Network = defaultNetwork.Id,\n Subnetwork = defaultSubnetwork.Id,\n Location = \"us-central1\",\n PrivateClusterConfig = new Gcp.Workstations.Inputs.WorkstationClusterPrivateClusterConfigArgs\n {\n EnablePrivateEndpoint = true,\n },\n DomainConfig = new Gcp.Workstations.Inputs.WorkstationClusterDomainConfigArgs\n {\n Domain = \"workstations.example.com\",\n },\n Labels = \n {\n { \"label\", \"key\" },\n },\n Annotations = \n {\n { \"label-one\", \"value-one\" },\n },\n });\n\n var project = Gcp.Organizations.GetProject.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/workstations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultNetwork, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"workstation-cluster-custom-domain\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"workstation-cluster-custom-domain\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/24\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: defaultNetwork.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = workstations.NewWorkstationCluster(ctx, \"default\", \u0026workstations.WorkstationClusterArgs{\n\t\t\tWorkstationClusterId: pulumi.String(\"workstation-cluster-custom-domain\"),\n\t\t\tNetwork: defaultNetwork.ID(),\n\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tPrivateClusterConfig: \u0026workstations.WorkstationClusterPrivateClusterConfigArgs{\n\t\t\t\tEnablePrivateEndpoint: pulumi.Bool(true),\n\t\t\t},\n\t\t\tDomainConfig: \u0026workstations.WorkstationClusterDomainConfigArgs{\n\t\t\t\tDomain: pulumi.String(\"workstations.example.com\"),\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label\": pulumi.String(\"key\"),\n\t\t\t},\n\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.workstations.WorkstationCluster;\nimport com.pulumi.gcp.workstations.WorkstationClusterArgs;\nimport com.pulumi.gcp.workstations.inputs.WorkstationClusterPrivateClusterConfigArgs;\nimport com.pulumi.gcp.workstations.inputs.WorkstationClusterDomainConfigArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultNetwork = new Network(\"defaultNetwork\", NetworkArgs.builder()\n .name(\"workstation-cluster-custom-domain\")\n .autoCreateSubnetworks(false)\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"workstation-cluster-custom-domain\")\n .ipCidrRange(\"10.0.0.0/24\")\n .region(\"us-central1\")\n .network(defaultNetwork.name())\n .build());\n\n var default_ = new WorkstationCluster(\"default\", WorkstationClusterArgs.builder()\n .workstationClusterId(\"workstation-cluster-custom-domain\")\n .network(defaultNetwork.id())\n .subnetwork(defaultSubnetwork.id())\n .location(\"us-central1\")\n .privateClusterConfig(WorkstationClusterPrivateClusterConfigArgs.builder()\n .enablePrivateEndpoint(true)\n .build())\n .domainConfig(WorkstationClusterDomainConfigArgs.builder()\n .domain(\"workstations.example.com\")\n .build())\n .labels(Map.of(\"label\", \"key\"))\n .annotations(Map.of(\"label-one\", \"value-one\"))\n .build());\n\n final var project = OrganizationsFunctions.getProject();\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:workstations:WorkstationCluster\n properties:\n workstationClusterId: workstation-cluster-custom-domain\n network: ${defaultNetwork.id}\n subnetwork: ${defaultSubnetwork.id}\n location: us-central1\n privateClusterConfig:\n enablePrivateEndpoint: true\n domainConfig:\n domain: workstations.example.com\n labels:\n label: key\n annotations:\n label-one: value-one\n defaultNetwork:\n type: gcp:compute:Network\n name: default\n properties:\n name: workstation-cluster-custom-domain\n autoCreateSubnetworks: false\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: workstation-cluster-custom-domain\n ipCidrRange: 10.0.0.0/24\n region: us-central1\n network: ${defaultNetwork.name}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nWorkstationCluster can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/workstationClusters/{{workstation_cluster_id}}`\n\n* `{{project}}/{{location}}/{{workstation_cluster_id}}`\n\n* `{{location}}/{{workstation_cluster_id}}`\n\nWhen using the `pulumi import` command, WorkstationCluster can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:workstations/workstationCluster:WorkstationCluster default projects/{{project}}/locations/{{location}}/workstationClusters/{{workstation_cluster_id}}\n```\n\n```sh\n$ pulumi import gcp:workstations/workstationCluster:WorkstationCluster default {{project}}/{{location}}/{{workstation_cluster_id}}\n```\n\n```sh\n$ pulumi import gcp:workstations/workstationCluster:WorkstationCluster default {{location}}/{{workstation_cluster_id}}\n```\n\n", "properties": { "annotations": { "type": "object", @@ -279343,7 +279343,7 @@ }, "functions": { "gcp:accessapproval/getFolderServiceAccount:getFolderServiceAccount": { - "description": "Get the email address of a folder's Access Approval service account.\n\nEach Google Cloud folder has a unique service account used by Access Approval.\nWhen using Access Approval with a\n[custom signing key](https://cloud.google.com/cloud-provider-access-management/access-approval/docs/review-approve-access-requests-custom-keys),\nthis account needs to be granted the `cloudkms.signerVerifier` IAM role on the\nCloud KMS key used to sign approvals.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst serviceAccount = gcp.accessapproval.getFolderServiceAccount({\n folderId: \"my-folder\",\n});\nconst iam = new gcp.kms.CryptoKeyIAMMember(\"iam\", {\n cryptoKeyId: cryptoKey.id,\n role: \"roles/cloudkms.signerVerifier\",\n member: serviceAccount.then(serviceAccount =\u003e `serviceAccount:${serviceAccount.accountEmail}`),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nservice_account = gcp.accessapproval.get_folder_service_account(folder_id=\"my-folder\")\niam = gcp.kms.CryptoKeyIAMMember(\"iam\",\n crypto_key_id=crypto_key[\"id\"],\n role=\"roles/cloudkms.signerVerifier\",\n member=f\"serviceAccount:{service_account.account_email}\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var serviceAccount = Gcp.AccessApproval.GetFolderServiceAccount.Invoke(new()\n {\n FolderId = \"my-folder\",\n });\n\n var iam = new Gcp.Kms.CryptoKeyIAMMember(\"iam\", new()\n {\n CryptoKeyId = cryptoKey.Id,\n Role = \"roles/cloudkms.signerVerifier\",\n Member = $\"serviceAccount:{serviceAccount.Apply(getFolderServiceAccountResult =\u003e getFolderServiceAccountResult.AccountEmail)}\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accessapproval\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tserviceAccount, err := accessapproval.GetFolderServiceAccount(ctx, \u0026accessapproval.GetFolderServiceAccountArgs{\n\t\t\tFolderId: \"my-folder\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewCryptoKeyIAMMember(ctx, \"iam\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.Any(cryptoKey.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.signerVerifier\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v\", serviceAccount.AccountEmail),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accessapproval.AccessapprovalFunctions;\nimport com.pulumi.gcp.accessapproval.inputs.GetFolderServiceAccountArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var serviceAccount = AccessapprovalFunctions.getFolderServiceAccount(GetFolderServiceAccountArgs.builder()\n .folderId(\"my-folder\")\n .build());\n\n var iam = new CryptoKeyIAMMember(\"iam\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(cryptoKey.id())\n .role(\"roles/cloudkms.signerVerifier\")\n .member(String.format(\"serviceAccount:%s\", serviceAccount.applyValue(getFolderServiceAccountResult -\u003e getFolderServiceAccountResult.accountEmail())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n iam:\n type: gcp:kms:CryptoKeyIAMMember\n properties:\n cryptoKeyId: ${cryptoKey.id}\n role: roles/cloudkms.signerVerifier\n member: serviceAccount:${serviceAccount.accountEmail}\nvariables:\n serviceAccount:\n fn::invoke:\n Function: gcp:accessapproval:getFolderServiceAccount\n Arguments:\n folderId: my-folder\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get the email address of a folder's Access Approval service account.\n\nEach Google Cloud folder has a unique service account used by Access Approval.\nWhen using Access Approval with a\n[custom signing key](https://cloud.google.com/cloud-provider-access-management/access-approval/docs/review-approve-access-requests-custom-keys),\nthis account needs to be granted the `cloudkms.signerVerifier` IAM role on the\nCloud KMS key used to sign approvals.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst serviceAccount = gcp.accessapproval.getFolderServiceAccount({\n folderId: \"my-folder\",\n});\nconst iam = new gcp.kms.CryptoKeyIAMMember(\"iam\", {\n cryptoKeyId: cryptoKey.id,\n role: \"roles/cloudkms.signerVerifier\",\n member: serviceAccount.then(serviceAccount =\u003e `serviceAccount:${serviceAccount.accountEmail}`),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nservice_account = gcp.accessapproval.get_folder_service_account(folder_id=\"my-folder\")\niam = gcp.kms.CryptoKeyIAMMember(\"iam\",\n crypto_key_id=crypto_key[\"id\"],\n role=\"roles/cloudkms.signerVerifier\",\n member=f\"serviceAccount:{service_account.account_email}\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var serviceAccount = Gcp.AccessApproval.GetFolderServiceAccount.Invoke(new()\n {\n FolderId = \"my-folder\",\n });\n\n var iam = new Gcp.Kms.CryptoKeyIAMMember(\"iam\", new()\n {\n CryptoKeyId = cryptoKey.Id,\n Role = \"roles/cloudkms.signerVerifier\",\n Member = $\"serviceAccount:{serviceAccount.Apply(getFolderServiceAccountResult =\u003e getFolderServiceAccountResult.AccountEmail)}\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accessapproval\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tserviceAccount, err := accessapproval.GetFolderServiceAccount(ctx, \u0026accessapproval.GetFolderServiceAccountArgs{\n\t\t\tFolderId: \"my-folder\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewCryptoKeyIAMMember(ctx, \"iam\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.Any(cryptoKey.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.signerVerifier\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v\", serviceAccount.AccountEmail),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accessapproval.AccessapprovalFunctions;\nimport com.pulumi.gcp.accessapproval.inputs.GetFolderServiceAccountArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var serviceAccount = AccessapprovalFunctions.getFolderServiceAccount(GetFolderServiceAccountArgs.builder()\n .folderId(\"my-folder\")\n .build());\n\n var iam = new CryptoKeyIAMMember(\"iam\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(cryptoKey.id())\n .role(\"roles/cloudkms.signerVerifier\")\n .member(String.format(\"serviceAccount:%s\", serviceAccount.applyValue(getFolderServiceAccountResult -\u003e getFolderServiceAccountResult.accountEmail())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n iam:\n type: gcp:kms:CryptoKeyIAMMember\n properties:\n cryptoKeyId: ${cryptoKey.id}\n role: roles/cloudkms.signerVerifier\n member: serviceAccount:${serviceAccount.accountEmail}\nvariables:\n serviceAccount:\n fn::invoke:\n function: gcp:accessapproval:getFolderServiceAccount\n arguments:\n folderId: my-folder\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getFolderServiceAccount.\n", "properties": { @@ -279387,7 +279387,7 @@ } }, "gcp:accessapproval/getOrganizationServiceAccount:getOrganizationServiceAccount": { - "description": "Get the email address of an organization's Access Approval service account.\n\nEach Google Cloud organization has a unique service account used by Access Approval.\nWhen using Access Approval with a\n[custom signing key](https://cloud.google.com/cloud-provider-access-management/access-approval/docs/review-approve-access-requests-custom-keys),\nthis account needs to be granted the `cloudkms.signerVerifier` IAM role on the\nCloud KMS key used to sign approvals.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst serviceAccount = gcp.accessapproval.getOrganizationServiceAccount({\n organizationId: \"my-organization\",\n});\nconst iam = new gcp.kms.CryptoKeyIAMMember(\"iam\", {\n cryptoKeyId: cryptoKey.id,\n role: \"roles/cloudkms.signerVerifier\",\n member: serviceAccount.then(serviceAccount =\u003e `serviceAccount:${serviceAccount.accountEmail}`),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nservice_account = gcp.accessapproval.get_organization_service_account(organization_id=\"my-organization\")\niam = gcp.kms.CryptoKeyIAMMember(\"iam\",\n crypto_key_id=crypto_key[\"id\"],\n role=\"roles/cloudkms.signerVerifier\",\n member=f\"serviceAccount:{service_account.account_email}\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var serviceAccount = Gcp.AccessApproval.GetOrganizationServiceAccount.Invoke(new()\n {\n OrganizationId = \"my-organization\",\n });\n\n var iam = new Gcp.Kms.CryptoKeyIAMMember(\"iam\", new()\n {\n CryptoKeyId = cryptoKey.Id,\n Role = \"roles/cloudkms.signerVerifier\",\n Member = $\"serviceAccount:{serviceAccount.Apply(getOrganizationServiceAccountResult =\u003e getOrganizationServiceAccountResult.AccountEmail)}\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accessapproval\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tserviceAccount, err := accessapproval.GetOrganizationServiceAccount(ctx, \u0026accessapproval.GetOrganizationServiceAccountArgs{\n\t\t\tOrganizationId: \"my-organization\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewCryptoKeyIAMMember(ctx, \"iam\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.Any(cryptoKey.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.signerVerifier\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v\", serviceAccount.AccountEmail),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accessapproval.AccessapprovalFunctions;\nimport com.pulumi.gcp.accessapproval.inputs.GetOrganizationServiceAccountArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var serviceAccount = AccessapprovalFunctions.getOrganizationServiceAccount(GetOrganizationServiceAccountArgs.builder()\n .organizationId(\"my-organization\")\n .build());\n\n var iam = new CryptoKeyIAMMember(\"iam\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(cryptoKey.id())\n .role(\"roles/cloudkms.signerVerifier\")\n .member(String.format(\"serviceAccount:%s\", serviceAccount.applyValue(getOrganizationServiceAccountResult -\u003e getOrganizationServiceAccountResult.accountEmail())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n iam:\n type: gcp:kms:CryptoKeyIAMMember\n properties:\n cryptoKeyId: ${cryptoKey.id}\n role: roles/cloudkms.signerVerifier\n member: serviceAccount:${serviceAccount.accountEmail}\nvariables:\n serviceAccount:\n fn::invoke:\n Function: gcp:accessapproval:getOrganizationServiceAccount\n Arguments:\n organizationId: my-organization\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get the email address of an organization's Access Approval service account.\n\nEach Google Cloud organization has a unique service account used by Access Approval.\nWhen using Access Approval with a\n[custom signing key](https://cloud.google.com/cloud-provider-access-management/access-approval/docs/review-approve-access-requests-custom-keys),\nthis account needs to be granted the `cloudkms.signerVerifier` IAM role on the\nCloud KMS key used to sign approvals.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst serviceAccount = gcp.accessapproval.getOrganizationServiceAccount({\n organizationId: \"my-organization\",\n});\nconst iam = new gcp.kms.CryptoKeyIAMMember(\"iam\", {\n cryptoKeyId: cryptoKey.id,\n role: \"roles/cloudkms.signerVerifier\",\n member: serviceAccount.then(serviceAccount =\u003e `serviceAccount:${serviceAccount.accountEmail}`),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nservice_account = gcp.accessapproval.get_organization_service_account(organization_id=\"my-organization\")\niam = gcp.kms.CryptoKeyIAMMember(\"iam\",\n crypto_key_id=crypto_key[\"id\"],\n role=\"roles/cloudkms.signerVerifier\",\n member=f\"serviceAccount:{service_account.account_email}\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var serviceAccount = Gcp.AccessApproval.GetOrganizationServiceAccount.Invoke(new()\n {\n OrganizationId = \"my-organization\",\n });\n\n var iam = new Gcp.Kms.CryptoKeyIAMMember(\"iam\", new()\n {\n CryptoKeyId = cryptoKey.Id,\n Role = \"roles/cloudkms.signerVerifier\",\n Member = $\"serviceAccount:{serviceAccount.Apply(getOrganizationServiceAccountResult =\u003e getOrganizationServiceAccountResult.AccountEmail)}\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accessapproval\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tserviceAccount, err := accessapproval.GetOrganizationServiceAccount(ctx, \u0026accessapproval.GetOrganizationServiceAccountArgs{\n\t\t\tOrganizationId: \"my-organization\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewCryptoKeyIAMMember(ctx, \"iam\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.Any(cryptoKey.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.signerVerifier\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v\", serviceAccount.AccountEmail),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accessapproval.AccessapprovalFunctions;\nimport com.pulumi.gcp.accessapproval.inputs.GetOrganizationServiceAccountArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var serviceAccount = AccessapprovalFunctions.getOrganizationServiceAccount(GetOrganizationServiceAccountArgs.builder()\n .organizationId(\"my-organization\")\n .build());\n\n var iam = new CryptoKeyIAMMember(\"iam\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(cryptoKey.id())\n .role(\"roles/cloudkms.signerVerifier\")\n .member(String.format(\"serviceAccount:%s\", serviceAccount.applyValue(getOrganizationServiceAccountResult -\u003e getOrganizationServiceAccountResult.accountEmail())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n iam:\n type: gcp:kms:CryptoKeyIAMMember\n properties:\n cryptoKeyId: ${cryptoKey.id}\n role: roles/cloudkms.signerVerifier\n member: serviceAccount:${serviceAccount.accountEmail}\nvariables:\n serviceAccount:\n fn::invoke:\n function: gcp:accessapproval:getOrganizationServiceAccount\n arguments:\n organizationId: my-organization\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getOrganizationServiceAccount.\n", "properties": { @@ -279431,7 +279431,7 @@ } }, "gcp:accessapproval/getProjectServiceAccount:getProjectServiceAccount": { - "description": "Get the email address of a project's Access Approval service account.\n\nEach Google Cloud project has a unique service account used by Access Approval.\nWhen using Access Approval with a\n[custom signing key](https://cloud.google.com/cloud-provider-access-management/access-approval/docs/review-approve-access-requests-custom-keys),\nthis account needs to be granted the `cloudkms.signerVerifier` IAM role on the\nCloud KMS key used to sign approvals.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst serviceAccount = gcp.accessapproval.getProjectServiceAccount({\n projectId: \"my-project\",\n});\nconst iam = new gcp.kms.CryptoKeyIAMMember(\"iam\", {\n cryptoKeyId: cryptoKey.id,\n role: \"roles/cloudkms.signerVerifier\",\n member: serviceAccount.then(serviceAccount =\u003e `serviceAccount:${serviceAccount.accountEmail}`),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nservice_account = gcp.accessapproval.get_project_service_account(project_id=\"my-project\")\niam = gcp.kms.CryptoKeyIAMMember(\"iam\",\n crypto_key_id=crypto_key[\"id\"],\n role=\"roles/cloudkms.signerVerifier\",\n member=f\"serviceAccount:{service_account.account_email}\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var serviceAccount = Gcp.AccessApproval.GetProjectServiceAccount.Invoke(new()\n {\n ProjectId = \"my-project\",\n });\n\n var iam = new Gcp.Kms.CryptoKeyIAMMember(\"iam\", new()\n {\n CryptoKeyId = cryptoKey.Id,\n Role = \"roles/cloudkms.signerVerifier\",\n Member = $\"serviceAccount:{serviceAccount.Apply(getProjectServiceAccountResult =\u003e getProjectServiceAccountResult.AccountEmail)}\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accessapproval\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tserviceAccount, err := accessapproval.GetProjectServiceAccount(ctx, \u0026accessapproval.GetProjectServiceAccountArgs{\n\t\t\tProjectId: \"my-project\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewCryptoKeyIAMMember(ctx, \"iam\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.Any(cryptoKey.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.signerVerifier\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v\", serviceAccount.AccountEmail),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accessapproval.AccessapprovalFunctions;\nimport com.pulumi.gcp.accessapproval.inputs.GetProjectServiceAccountArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var serviceAccount = AccessapprovalFunctions.getProjectServiceAccount(GetProjectServiceAccountArgs.builder()\n .projectId(\"my-project\")\n .build());\n\n var iam = new CryptoKeyIAMMember(\"iam\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(cryptoKey.id())\n .role(\"roles/cloudkms.signerVerifier\")\n .member(String.format(\"serviceAccount:%s\", serviceAccount.applyValue(getProjectServiceAccountResult -\u003e getProjectServiceAccountResult.accountEmail())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n iam:\n type: gcp:kms:CryptoKeyIAMMember\n properties:\n cryptoKeyId: ${cryptoKey.id}\n role: roles/cloudkms.signerVerifier\n member: serviceAccount:${serviceAccount.accountEmail}\nvariables:\n serviceAccount:\n fn::invoke:\n Function: gcp:accessapproval:getProjectServiceAccount\n Arguments:\n projectId: my-project\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get the email address of a project's Access Approval service account.\n\nEach Google Cloud project has a unique service account used by Access Approval.\nWhen using Access Approval with a\n[custom signing key](https://cloud.google.com/cloud-provider-access-management/access-approval/docs/review-approve-access-requests-custom-keys),\nthis account needs to be granted the `cloudkms.signerVerifier` IAM role on the\nCloud KMS key used to sign approvals.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst serviceAccount = gcp.accessapproval.getProjectServiceAccount({\n projectId: \"my-project\",\n});\nconst iam = new gcp.kms.CryptoKeyIAMMember(\"iam\", {\n cryptoKeyId: cryptoKey.id,\n role: \"roles/cloudkms.signerVerifier\",\n member: serviceAccount.then(serviceAccount =\u003e `serviceAccount:${serviceAccount.accountEmail}`),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nservice_account = gcp.accessapproval.get_project_service_account(project_id=\"my-project\")\niam = gcp.kms.CryptoKeyIAMMember(\"iam\",\n crypto_key_id=crypto_key[\"id\"],\n role=\"roles/cloudkms.signerVerifier\",\n member=f\"serviceAccount:{service_account.account_email}\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var serviceAccount = Gcp.AccessApproval.GetProjectServiceAccount.Invoke(new()\n {\n ProjectId = \"my-project\",\n });\n\n var iam = new Gcp.Kms.CryptoKeyIAMMember(\"iam\", new()\n {\n CryptoKeyId = cryptoKey.Id,\n Role = \"roles/cloudkms.signerVerifier\",\n Member = $\"serviceAccount:{serviceAccount.Apply(getProjectServiceAccountResult =\u003e getProjectServiceAccountResult.AccountEmail)}\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accessapproval\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tserviceAccount, err := accessapproval.GetProjectServiceAccount(ctx, \u0026accessapproval.GetProjectServiceAccountArgs{\n\t\t\tProjectId: \"my-project\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewCryptoKeyIAMMember(ctx, \"iam\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.Any(cryptoKey.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.signerVerifier\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v\", serviceAccount.AccountEmail),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accessapproval.AccessapprovalFunctions;\nimport com.pulumi.gcp.accessapproval.inputs.GetProjectServiceAccountArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var serviceAccount = AccessapprovalFunctions.getProjectServiceAccount(GetProjectServiceAccountArgs.builder()\n .projectId(\"my-project\")\n .build());\n\n var iam = new CryptoKeyIAMMember(\"iam\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(cryptoKey.id())\n .role(\"roles/cloudkms.signerVerifier\")\n .member(String.format(\"serviceAccount:%s\", serviceAccount.applyValue(getProjectServiceAccountResult -\u003e getProjectServiceAccountResult.accountEmail())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n iam:\n type: gcp:kms:CryptoKeyIAMMember\n properties:\n cryptoKeyId: ${cryptoKey.id}\n role: roles/cloudkms.signerVerifier\n member: serviceAccount:${serviceAccount.accountEmail}\nvariables:\n serviceAccount:\n fn::invoke:\n function: gcp:accessapproval:getProjectServiceAccount\n arguments:\n projectId: my-project\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getProjectServiceAccount.\n", "properties": { @@ -279475,7 +279475,7 @@ } }, "gcp:accesscontextmanager/getAccessPolicy:getAccessPolicy": { - "description": "Get information about an Access Context Manager AccessPolicy.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy-org = gcp.accesscontextmanager.getAccessPolicy({\n parent: \"organizations/1234567\",\n});\nconst policy-scoped = gcp.accesscontextmanager.getAccessPolicy({\n parent: \"organizations/1234567\",\n scopes: [\"projects/1234567\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy_org = gcp.accesscontextmanager.get_access_policy(parent=\"organizations/1234567\")\npolicy_scoped = gcp.accesscontextmanager.get_access_policy(parent=\"organizations/1234567\",\n scopes=[\"projects/1234567\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy_org = Gcp.AccessContextManager.GetAccessPolicy.Invoke(new()\n {\n Parent = \"organizations/1234567\",\n });\n\n var policy_scoped = Gcp.AccessContextManager.GetAccessPolicy.Invoke(new()\n {\n Parent = \"organizations/1234567\",\n Scopes = new[]\n {\n \"projects/1234567\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.LookupAccessPolicy(ctx, \u0026accesscontextmanager.LookupAccessPolicyArgs{\n\t\t\tParent: \"organizations/1234567\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.LookupAccessPolicy(ctx, \u0026accesscontextmanager.LookupAccessPolicyArgs{\n\t\t\tParent: \"organizations/1234567\",\n\t\t\tScopes: []string{\n\t\t\t\t\"projects/1234567\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccesscontextmanagerFunctions;\nimport com.pulumi.gcp.accesscontextmanager.inputs.GetAccessPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy-org = AccesscontextmanagerFunctions.getAccessPolicy(GetAccessPolicyArgs.builder()\n .parent(\"organizations/1234567\")\n .build());\n\n final var policy-scoped = AccesscontextmanagerFunctions.getAccessPolicy(GetAccessPolicyArgs.builder()\n .parent(\"organizations/1234567\")\n .scopes(\"projects/1234567\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy-org:\n fn::invoke:\n Function: gcp:accesscontextmanager:getAccessPolicy\n Arguments:\n parent: organizations/1234567\n policy-scoped:\n fn::invoke:\n Function: gcp:accesscontextmanager:getAccessPolicy\n Arguments:\n parent: organizations/1234567\n scopes:\n - projects/1234567\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get information about an Access Context Manager AccessPolicy.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy-org = gcp.accesscontextmanager.getAccessPolicy({\n parent: \"organizations/1234567\",\n});\nconst policy-scoped = gcp.accesscontextmanager.getAccessPolicy({\n parent: \"organizations/1234567\",\n scopes: [\"projects/1234567\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy_org = gcp.accesscontextmanager.get_access_policy(parent=\"organizations/1234567\")\npolicy_scoped = gcp.accesscontextmanager.get_access_policy(parent=\"organizations/1234567\",\n scopes=[\"projects/1234567\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy_org = Gcp.AccessContextManager.GetAccessPolicy.Invoke(new()\n {\n Parent = \"organizations/1234567\",\n });\n\n var policy_scoped = Gcp.AccessContextManager.GetAccessPolicy.Invoke(new()\n {\n Parent = \"organizations/1234567\",\n Scopes = new[]\n {\n \"projects/1234567\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.LookupAccessPolicy(ctx, \u0026accesscontextmanager.LookupAccessPolicyArgs{\n\t\t\tParent: \"organizations/1234567\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.LookupAccessPolicy(ctx, \u0026accesscontextmanager.LookupAccessPolicyArgs{\n\t\t\tParent: \"organizations/1234567\",\n\t\t\tScopes: []string{\n\t\t\t\t\"projects/1234567\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccesscontextmanagerFunctions;\nimport com.pulumi.gcp.accesscontextmanager.inputs.GetAccessPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy-org = AccesscontextmanagerFunctions.getAccessPolicy(GetAccessPolicyArgs.builder()\n .parent(\"organizations/1234567\")\n .build());\n\n final var policy-scoped = AccesscontextmanagerFunctions.getAccessPolicy(GetAccessPolicyArgs.builder()\n .parent(\"organizations/1234567\")\n .scopes(\"projects/1234567\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy-org:\n fn::invoke:\n function: gcp:accesscontextmanager:getAccessPolicy\n arguments:\n parent: organizations/1234567\n policy-scoped:\n fn::invoke:\n function: gcp:accesscontextmanager:getAccessPolicy\n arguments:\n parent: organizations/1234567\n scopes:\n - projects/1234567\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getAccessPolicy.\n", "properties": { @@ -279532,7 +279532,7 @@ } }, "gcp:accesscontextmanager/getAccessPolicyIamPolicy:getAccessPolicyIamPolicy": { - "description": "Retrieves the current IAM policy data for accesspolicy\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.accesscontextmanager.getAccessPolicyIamPolicy({\n name: access_policy.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.accesscontextmanager.get_access_policy_iam_policy(name=access_policy[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.AccessContextManager.GetAccessPolicyIamPolicy.Invoke(new()\n {\n Name = access_policy.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.LookupAccessPolicyIamPolicy(ctx, \u0026accesscontextmanager.LookupAccessPolicyIamPolicyArgs{\n\t\t\tName: access_policy.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccesscontextmanagerFunctions;\nimport com.pulumi.gcp.accesscontextmanager.inputs.GetAccessPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = AccesscontextmanagerFunctions.getAccessPolicyIamPolicy(GetAccessPolicyIamPolicyArgs.builder()\n .name(access_policy.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:accesscontextmanager:getAccessPolicyIamPolicy\n Arguments:\n name: ${[\"access-policy\"].name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for accesspolicy\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.accesscontextmanager.getAccessPolicyIamPolicy({\n name: access_policy.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.accesscontextmanager.get_access_policy_iam_policy(name=access_policy[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.AccessContextManager.GetAccessPolicyIamPolicy.Invoke(new()\n {\n Name = access_policy.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.LookupAccessPolicyIamPolicy(ctx, \u0026accesscontextmanager.LookupAccessPolicyIamPolicyArgs{\n\t\t\tName: access_policy.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccesscontextmanagerFunctions;\nimport com.pulumi.gcp.accesscontextmanager.inputs.GetAccessPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = AccesscontextmanagerFunctions.getAccessPolicyIamPolicy(GetAccessPolicyIamPolicyArgs.builder()\n .name(access_policy.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:accesscontextmanager:getAccessPolicyIamPolicy\n arguments:\n name: ${[\"access-policy\"].name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getAccessPolicyIamPolicy.\n", "properties": { @@ -279576,7 +279576,7 @@ } }, "gcp:alloydb/getLocations:getLocations": { - "description": "Use this data source to get information about the available locations. For more details refer the [API docs](https://cloud.google.com/alloydb/docs/reference/rest/v1/projects.locations).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst qa = gcp.alloydb.getLocations({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nqa = gcp.alloydb.get_locations()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var qa = Gcp.Alloydb.GetLocations.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/alloydb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := alloydb.GetLocations(ctx, \u0026alloydb.GetLocationsArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.alloydb.AlloydbFunctions;\nimport com.pulumi.gcp.alloydb.inputs.GetLocationsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var qa = AlloydbFunctions.getLocations();\n\n }\n}\n```\n```yaml\nvariables:\n qa:\n fn::invoke:\n Function: gcp:alloydb:getLocations\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get information about the available locations. For more details refer the [API docs](https://cloud.google.com/alloydb/docs/reference/rest/v1/projects.locations).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst qa = gcp.alloydb.getLocations({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nqa = gcp.alloydb.get_locations()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var qa = Gcp.Alloydb.GetLocations.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/alloydb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := alloydb.GetLocations(ctx, \u0026alloydb.GetLocationsArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.alloydb.AlloydbFunctions;\nimport com.pulumi.gcp.alloydb.inputs.GetLocationsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var qa = AlloydbFunctions.getLocations();\n\n }\n}\n```\n```yaml\nvariables:\n qa:\n fn::invoke:\n function: gcp:alloydb:getLocations\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getLocations.\n", "properties": { @@ -279613,7 +279613,7 @@ } }, "gcp:alloydb/getSupportedDatabaseFlags:getSupportedDatabaseFlags": { - "description": "Use this data source to get information about the supported alloydb database flags in a location.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst qa = gcp.alloydb.getSupportedDatabaseFlags({\n location: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nqa = gcp.alloydb.get_supported_database_flags(location=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var qa = Gcp.Alloydb.GetSupportedDatabaseFlags.Invoke(new()\n {\n Location = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/alloydb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := alloydb.GetSupportedDatabaseFlags(ctx, \u0026alloydb.GetSupportedDatabaseFlagsArgs{\n\t\t\tLocation: \"us-central1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.alloydb.AlloydbFunctions;\nimport com.pulumi.gcp.alloydb.inputs.GetSupportedDatabaseFlagsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var qa = AlloydbFunctions.getSupportedDatabaseFlags(GetSupportedDatabaseFlagsArgs.builder()\n .location(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n qa:\n fn::invoke:\n Function: gcp:alloydb:getSupportedDatabaseFlags\n Arguments:\n location: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get information about the supported alloydb database flags in a location.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst qa = gcp.alloydb.getSupportedDatabaseFlags({\n location: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nqa = gcp.alloydb.get_supported_database_flags(location=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var qa = Gcp.Alloydb.GetSupportedDatabaseFlags.Invoke(new()\n {\n Location = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/alloydb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := alloydb.GetSupportedDatabaseFlags(ctx, \u0026alloydb.GetSupportedDatabaseFlagsArgs{\n\t\t\tLocation: \"us-central1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.alloydb.AlloydbFunctions;\nimport com.pulumi.gcp.alloydb.inputs.GetSupportedDatabaseFlagsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var qa = AlloydbFunctions.getSupportedDatabaseFlags(GetSupportedDatabaseFlagsArgs.builder()\n .location(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n qa:\n fn::invoke:\n function: gcp:alloydb:getSupportedDatabaseFlags\n arguments:\n location: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getSupportedDatabaseFlags.\n", "properties": { @@ -279833,7 +279833,7 @@ } }, "gcp:apigee/getEnvironmentIamPolicy:getEnvironmentIamPolicy": { - "description": "Retrieves the current IAM policy data for environment\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.apigee.getEnvironmentIamPolicy({\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.apigee.get_environment_iam_policy(org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Apigee.GetEnvironmentIamPolicy.Invoke(new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.LookupEnvironmentIamPolicy(ctx, \u0026apigee.LookupEnvironmentIamPolicyArgs{\n\t\t\tOrgId: apigeeEnvironment.OrgId,\n\t\t\tEnvId: apigeeEnvironment.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.ApigeeFunctions;\nimport com.pulumi.gcp.apigee.inputs.GetEnvironmentIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = ApigeeFunctions.getEnvironmentIamPolicy(GetEnvironmentIamPolicyArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:apigee:getEnvironmentIamPolicy\n Arguments:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for environment\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.apigee.getEnvironmentIamPolicy({\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.apigee.get_environment_iam_policy(org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Apigee.GetEnvironmentIamPolicy.Invoke(new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.LookupEnvironmentIamPolicy(ctx, \u0026apigee.LookupEnvironmentIamPolicyArgs{\n\t\t\tOrgId: apigeeEnvironment.OrgId,\n\t\t\tEnvId: apigeeEnvironment.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.ApigeeFunctions;\nimport com.pulumi.gcp.apigee.inputs.GetEnvironmentIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = ApigeeFunctions.getEnvironmentIamPolicy(GetEnvironmentIamPolicyArgs.builder()\n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:apigee:getEnvironmentIamPolicy\n arguments:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getEnvironmentIamPolicy.\n", "properties": { @@ -279886,7 +279886,7 @@ } }, "gcp:appengine/getDefaultServiceAccount:getDefaultServiceAccount": { - "description": "Use this data source to retrieve the default App Engine service account for the specified project.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.appengine.getDefaultServiceAccount({});\nexport const defaultAccount = _default.then(_default =\u003e _default.email);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.appengine.get_default_service_account()\npulumi.export(\"defaultAccount\", default.email)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.AppEngine.GetDefaultServiceAccount.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"defaultAccount\"] = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Email)),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/appengine\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := appengine.GetDefaultServiceAccount(ctx, \u0026appengine.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"defaultAccount\", _default.Email)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.appengine.AppengineFunctions;\nimport com.pulumi.gcp.appengine.inputs.GetDefaultServiceAccountArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = AppengineFunctions.getDefaultServiceAccount();\n\n ctx.export(\"defaultAccount\", default_.email());\n }\n}\n```\n```yaml\nvariables:\n default:\n fn::invoke:\n Function: gcp:appengine:getDefaultServiceAccount\n Arguments: {}\noutputs:\n defaultAccount: ${default.email}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to retrieve the default App Engine service account for the specified project.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.appengine.getDefaultServiceAccount({});\nexport const defaultAccount = _default.then(_default =\u003e _default.email);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.appengine.get_default_service_account()\npulumi.export(\"defaultAccount\", default.email)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.AppEngine.GetDefaultServiceAccount.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"defaultAccount\"] = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Email)),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/appengine\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := appengine.GetDefaultServiceAccount(ctx, \u0026appengine.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"defaultAccount\", _default.Email)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.appengine.AppengineFunctions;\nimport com.pulumi.gcp.appengine.inputs.GetDefaultServiceAccountArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = AppengineFunctions.getDefaultServiceAccount();\n\n ctx.export(\"defaultAccount\", default_.email());\n }\n}\n```\n```yaml\nvariables:\n default:\n fn::invoke:\n function: gcp:appengine:getDefaultServiceAccount\n arguments: {}\noutputs:\n defaultAccount: ${default.email}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getDefaultServiceAccount.\n", "properties": { @@ -279941,7 +279941,7 @@ } }, "gcp:apphub/getApplication:getApplication": { - "description": "Application is a functional grouping of Services and Workloads that helps achieve a desired end-to-end business functionality. Services and Workloads are owned by the Application.\n\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst application = gcp.apphub.getApplication({\n project: \"project-id\",\n applicationId: \"application\",\n location: \"location\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\napplication = gcp.apphub.get_application(project=\"project-id\",\n application_id=\"application\",\n location=\"location\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var application = Gcp.Apphub.GetApplication.Invoke(new()\n {\n Project = \"project-id\",\n ApplicationId = \"application\",\n Location = \"location\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apphub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apphub.LookupApplication(ctx, \u0026apphub.LookupApplicationArgs{\n\t\t\tProject: \"project-id\",\n\t\t\tApplicationId: \"application\",\n\t\t\tLocation: \"location\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apphub.ApphubFunctions;\nimport com.pulumi.gcp.apphub.inputs.GetApplicationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var application = ApphubFunctions.getApplication(GetApplicationArgs.builder()\n .project(\"project-id\")\n .applicationId(\"application\")\n .location(\"location\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n application:\n fn::invoke:\n Function: gcp:apphub:getApplication\n Arguments:\n project: project-id\n applicationId: application\n location: location\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Application is a functional grouping of Services and Workloads that helps achieve a desired end-to-end business functionality. Services and Workloads are owned by the Application.\n\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst application = gcp.apphub.getApplication({\n project: \"project-id\",\n applicationId: \"application\",\n location: \"location\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\napplication = gcp.apphub.get_application(project=\"project-id\",\n application_id=\"application\",\n location=\"location\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var application = Gcp.Apphub.GetApplication.Invoke(new()\n {\n Project = \"project-id\",\n ApplicationId = \"application\",\n Location = \"location\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apphub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apphub.LookupApplication(ctx, \u0026apphub.LookupApplicationArgs{\n\t\t\tProject: \"project-id\",\n\t\t\tApplicationId: \"application\",\n\t\t\tLocation: \"location\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apphub.ApphubFunctions;\nimport com.pulumi.gcp.apphub.inputs.GetApplicationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var application = ApphubFunctions.getApplication(GetApplicationArgs.builder()\n .project(\"project-id\")\n .applicationId(\"application\")\n .location(\"location\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n application:\n fn::invoke:\n function: gcp:apphub:getApplication\n arguments:\n project: project-id\n applicationId: application\n location: location\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getApplication.\n", "properties": { @@ -280031,7 +280031,7 @@ } }, "gcp:apphub/getDiscoveredService:getDiscoveredService": { - "description": "Get information about a discovered service from its uri.\n\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-service = gcp.apphub.getDiscoveredService({\n location: \"my-location\",\n serviceUri: \"my-service-uri\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_service = gcp.apphub.get_discovered_service(location=\"my-location\",\n service_uri=\"my-service-uri\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_service = Gcp.Apphub.GetDiscoveredService.Invoke(new()\n {\n Location = \"my-location\",\n ServiceUri = \"my-service-uri\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apphub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apphub.GetDiscoveredService(ctx, \u0026apphub.GetDiscoveredServiceArgs{\n\t\t\tLocation: \"my-location\",\n\t\t\tServiceUri: \"my-service-uri\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apphub.ApphubFunctions;\nimport com.pulumi.gcp.apphub.inputs.GetDiscoveredServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-service = ApphubFunctions.getDiscoveredService(GetDiscoveredServiceArgs.builder()\n .location(\"my-location\")\n .serviceUri(\"my-service-uri\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-service:\n fn::invoke:\n Function: gcp:apphub:getDiscoveredService\n Arguments:\n location: my-location\n serviceUri: my-service-uri\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get information about a discovered service from its uri.\n\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-service = gcp.apphub.getDiscoveredService({\n location: \"my-location\",\n serviceUri: \"my-service-uri\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_service = gcp.apphub.get_discovered_service(location=\"my-location\",\n service_uri=\"my-service-uri\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_service = Gcp.Apphub.GetDiscoveredService.Invoke(new()\n {\n Location = \"my-location\",\n ServiceUri = \"my-service-uri\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apphub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apphub.GetDiscoveredService(ctx, \u0026apphub.GetDiscoveredServiceArgs{\n\t\t\tLocation: \"my-location\",\n\t\t\tServiceUri: \"my-service-uri\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apphub.ApphubFunctions;\nimport com.pulumi.gcp.apphub.inputs.GetDiscoveredServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-service = ApphubFunctions.getDiscoveredService(GetDiscoveredServiceArgs.builder()\n .location(\"my-location\")\n .serviceUri(\"my-service-uri\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-service:\n fn::invoke:\n function: gcp:apphub:getDiscoveredService\n arguments:\n location: my-location\n serviceUri: my-service-uri\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getDiscoveredService.\n", "properties": { @@ -280102,7 +280102,7 @@ } }, "gcp:apphub/getDiscoveredWorkload:getDiscoveredWorkload": { - "description": "Get information about a discovered workload from its uri.\n\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-workload = gcp.apphub.getDiscoveredWorkload({\n location: \"us-central1\",\n workloadUri: \"my-workload-uri\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_workload = gcp.apphub.get_discovered_workload(location=\"us-central1\",\n workload_uri=\"my-workload-uri\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_workload = Gcp.Apphub.GetDiscoveredWorkload.Invoke(new()\n {\n Location = \"us-central1\",\n WorkloadUri = \"my-workload-uri\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apphub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apphub.GetDiscoveredWorkload(ctx, \u0026apphub.GetDiscoveredWorkloadArgs{\n\t\t\tLocation: \"us-central1\",\n\t\t\tWorkloadUri: \"my-workload-uri\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apphub.ApphubFunctions;\nimport com.pulumi.gcp.apphub.inputs.GetDiscoveredWorkloadArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-workload = ApphubFunctions.getDiscoveredWorkload(GetDiscoveredWorkloadArgs.builder()\n .location(\"us-central1\")\n .workloadUri(\"my-workload-uri\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-workload:\n fn::invoke:\n Function: gcp:apphub:getDiscoveredWorkload\n Arguments:\n location: us-central1\n workloadUri: my-workload-uri\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get information about a discovered workload from its uri.\n\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-workload = gcp.apphub.getDiscoveredWorkload({\n location: \"us-central1\",\n workloadUri: \"my-workload-uri\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_workload = gcp.apphub.get_discovered_workload(location=\"us-central1\",\n workload_uri=\"my-workload-uri\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_workload = Gcp.Apphub.GetDiscoveredWorkload.Invoke(new()\n {\n Location = \"us-central1\",\n WorkloadUri = \"my-workload-uri\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apphub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apphub.GetDiscoveredWorkload(ctx, \u0026apphub.GetDiscoveredWorkloadArgs{\n\t\t\tLocation: \"us-central1\",\n\t\t\tWorkloadUri: \"my-workload-uri\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apphub.ApphubFunctions;\nimport com.pulumi.gcp.apphub.inputs.GetDiscoveredWorkloadArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-workload = ApphubFunctions.getDiscoveredWorkload(GetDiscoveredWorkloadArgs.builder()\n .location(\"us-central1\")\n .workloadUri(\"my-workload-uri\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-workload:\n fn::invoke:\n function: gcp:apphub:getDiscoveredWorkload\n arguments:\n location: us-central1\n workloadUri: my-workload-uri\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getDiscoveredWorkload.\n", "properties": { @@ -280173,7 +280173,7 @@ } }, "gcp:artifactregistry/getDockerImage:getDockerImage": { - "description": "This data source fetches information from a provided Artifact Registry repository, including the fully qualified name and URI for an image, based on a the latest version of image name and optional digest or tag.\n\n\u003e **Note**\nRequires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-platform` or `https://www.googleapis.com/auth/cloud-platform.read-only`.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myRepo = new gcp.artifactregistry.Repository(\"my_repo\", {\n location: \"us-west1\",\n repositoryId: \"my-repository\",\n format: \"DOCKER\",\n});\nconst myImage = gcp.artifactregistry.getDockerImageOutput({\n location: myRepo.location,\n repositoryId: myRepo.repositoryId,\n imageName: \"my-image:my-tag\",\n});\nconst _default = new gcp.cloudrunv2.Service(\"default\", {template: {\n containers: [{\n image: myImage.apply(myImage =\u003e myImage.selfLink),\n }],\n}});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo = gcp.artifactregistry.Repository(\"my_repo\",\n location=\"us-west1\",\n repository_id=\"my-repository\",\n format=\"DOCKER\")\nmy_image = gcp.artifactregistry.get_docker_image_output(location=my_repo.location,\n repository_id=my_repo.repository_id,\n image_name=\"my-image:my-tag\")\ndefault = gcp.cloudrunv2.Service(\"default\", template={\n \"containers\": [{\n \"image\": my_image.self_link,\n }],\n})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myRepo = new Gcp.ArtifactRegistry.Repository(\"my_repo\", new()\n {\n Location = \"us-west1\",\n RepositoryId = \"my-repository\",\n Format = \"DOCKER\",\n });\n\n var myImage = Gcp.ArtifactRegistry.GetDockerImage.Invoke(new()\n {\n Location = myRepo.Location,\n RepositoryId = myRepo.RepositoryId,\n ImageName = \"my-image:my-tag\",\n });\n\n var @default = new Gcp.CloudRunV2.Service(\"default\", new()\n {\n Template = new Gcp.CloudRunV2.Inputs.ServiceTemplateArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerArgs\n {\n Image = myImage.Apply(getDockerImageResult =\u003e getDockerImageResult.SelfLink),\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyRepo, err := artifactregistry.NewRepository(ctx, \"my_repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tRepositoryId: pulumi.String(\"my-repository\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyImage := artifactregistry.GetDockerImageOutput(ctx, artifactregistry.GetDockerImageOutputArgs{\n\t\t\tLocation: myRepo.Location,\n\t\t\tRepositoryId: myRepo.RepositoryId,\n\t\t\tImageName: pulumi.String(\"my-image:my-tag\"),\n\t\t}, nil)\n\t\t_, err = cloudrunv2.NewService(ctx, \"default\", \u0026cloudrunv2.ServiceArgs{\n\t\t\tTemplate: \u0026cloudrunv2.ServiceTemplateArgs{\n\t\t\t\tContainers: cloudrunv2.ServiceTemplateContainerArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerArgs{\n\t\t\t\t\t\tImage: myImage.ApplyT(func(myImage artifactregistry.GetDockerImageResult) (*string, error) {\n\t\t\t\t\t\t\treturn \u0026myImage.SelfLink, nil\n\t\t\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.ArtifactregistryFunctions;\nimport com.pulumi.gcp.artifactregistry.inputs.GetDockerImageArgs;\nimport com.pulumi.gcp.cloudrunv2.Service;\nimport com.pulumi.gcp.cloudrunv2.ServiceArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myRepo = new Repository(\"myRepo\", RepositoryArgs.builder()\n .location(\"us-west1\")\n .repositoryId(\"my-repository\")\n .format(\"DOCKER\")\n .build());\n\n final var myImage = ArtifactregistryFunctions.getDockerImage(GetDockerImageArgs.builder()\n .location(myRepo.location())\n .repositoryId(myRepo.repositoryId())\n .imageName(\"my-image:my-tag\")\n .build());\n\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .template(ServiceTemplateArgs.builder()\n .containers(ServiceTemplateContainerArgs.builder()\n .image(myImage.applyValue(getDockerImageResult -\u003e getDockerImageResult).applyValue(myImage -\u003e myImage.applyValue(getDockerImageResult -\u003e getDockerImageResult.selfLink())))\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myRepo:\n type: gcp:artifactregistry:Repository\n name: my_repo\n properties:\n location: us-west1\n repositoryId: my-repository\n format: DOCKER\n default:\n type: gcp:cloudrunv2:Service\n properties:\n template:\n containers:\n - image: ${myImage.selfLink}\nvariables:\n myImage:\n fn::invoke:\n Function: gcp:artifactregistry:getDockerImage\n Arguments:\n location: ${myRepo.location}\n repositoryId: ${myRepo.repositoryId}\n imageName: my-image:my-tag\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "This data source fetches information from a provided Artifact Registry repository, including the fully qualified name and URI for an image, based on a the latest version of image name and optional digest or tag.\n\n\u003e **Note**\nRequires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-platform` or `https://www.googleapis.com/auth/cloud-platform.read-only`.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myRepo = new gcp.artifactregistry.Repository(\"my_repo\", {\n location: \"us-west1\",\n repositoryId: \"my-repository\",\n format: \"DOCKER\",\n});\nconst myImage = gcp.artifactregistry.getDockerImageOutput({\n location: myRepo.location,\n repositoryId: myRepo.repositoryId,\n imageName: \"my-image:my-tag\",\n});\nconst _default = new gcp.cloudrunv2.Service(\"default\", {template: {\n containers: [{\n image: myImage.apply(myImage =\u003e myImage.selfLink),\n }],\n}});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo = gcp.artifactregistry.Repository(\"my_repo\",\n location=\"us-west1\",\n repository_id=\"my-repository\",\n format=\"DOCKER\")\nmy_image = gcp.artifactregistry.get_docker_image_output(location=my_repo.location,\n repository_id=my_repo.repository_id,\n image_name=\"my-image:my-tag\")\ndefault = gcp.cloudrunv2.Service(\"default\", template={\n \"containers\": [{\n \"image\": my_image.self_link,\n }],\n})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myRepo = new Gcp.ArtifactRegistry.Repository(\"my_repo\", new()\n {\n Location = \"us-west1\",\n RepositoryId = \"my-repository\",\n Format = \"DOCKER\",\n });\n\n var myImage = Gcp.ArtifactRegistry.GetDockerImage.Invoke(new()\n {\n Location = myRepo.Location,\n RepositoryId = myRepo.RepositoryId,\n ImageName = \"my-image:my-tag\",\n });\n\n var @default = new Gcp.CloudRunV2.Service(\"default\", new()\n {\n Template = new Gcp.CloudRunV2.Inputs.ServiceTemplateArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerArgs\n {\n Image = myImage.Apply(getDockerImageResult =\u003e getDockerImageResult.SelfLink),\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyRepo, err := artifactregistry.NewRepository(ctx, \"my_repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tRepositoryId: pulumi.String(\"my-repository\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyImage := artifactregistry.GetDockerImageOutput(ctx, artifactregistry.GetDockerImageOutputArgs{\n\t\t\tLocation: myRepo.Location,\n\t\t\tRepositoryId: myRepo.RepositoryId,\n\t\t\tImageName: pulumi.String(\"my-image:my-tag\"),\n\t\t}, nil)\n\t\t_, err = cloudrunv2.NewService(ctx, \"default\", \u0026cloudrunv2.ServiceArgs{\n\t\t\tTemplate: \u0026cloudrunv2.ServiceTemplateArgs{\n\t\t\t\tContainers: cloudrunv2.ServiceTemplateContainerArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerArgs{\n\t\t\t\t\t\tImage: myImage.ApplyT(func(myImage artifactregistry.GetDockerImageResult) (*string, error) {\n\t\t\t\t\t\t\treturn \u0026myImage.SelfLink, nil\n\t\t\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.ArtifactregistryFunctions;\nimport com.pulumi.gcp.artifactregistry.inputs.GetDockerImageArgs;\nimport com.pulumi.gcp.cloudrunv2.Service;\nimport com.pulumi.gcp.cloudrunv2.ServiceArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myRepo = new Repository(\"myRepo\", RepositoryArgs.builder()\n .location(\"us-west1\")\n .repositoryId(\"my-repository\")\n .format(\"DOCKER\")\n .build());\n\n final var myImage = ArtifactregistryFunctions.getDockerImage(GetDockerImageArgs.builder()\n .location(myRepo.location())\n .repositoryId(myRepo.repositoryId())\n .imageName(\"my-image:my-tag\")\n .build());\n\n var default_ = new Service(\"default\", ServiceArgs.builder()\n .template(ServiceTemplateArgs.builder()\n .containers(ServiceTemplateContainerArgs.builder()\n .image(myImage.applyValue(getDockerImageResult -\u003e getDockerImageResult).applyValue(myImage -\u003e myImage.applyValue(getDockerImageResult -\u003e getDockerImageResult.selfLink())))\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myRepo:\n type: gcp:artifactregistry:Repository\n name: my_repo\n properties:\n location: us-west1\n repositoryId: my-repository\n format: DOCKER\n default:\n type: gcp:cloudrunv2:Service\n properties:\n template:\n containers:\n - image: ${myImage.selfLink}\nvariables:\n myImage:\n fn::invoke:\n function: gcp:artifactregistry:getDockerImage\n arguments:\n location: ${myRepo.location}\n repositoryId: ${myRepo.repositoryId}\n imageName: my-image:my-tag\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getDockerImage.\n", "properties": { @@ -280274,7 +280274,7 @@ } }, "gcp:artifactregistry/getLocations:getLocations": { - "description": "Get Artifact Registry locations available for a project. \n\nTo get more information about Artifact Registry, see:\n\n* [API documentation](https://cloud.google.com/artifact-registry/docs/reference/rest/v1/projects.locations/list)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/artifact-registry/docs/overview)\n \n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst available = gcp.artifactregistry.getLocations({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\navailable = gcp.artifactregistry.get_locations()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Gcp.ArtifactRegistry.GetLocations.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.GetLocations(ctx, \u0026artifactregistry.GetLocationsArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.ArtifactregistryFunctions;\nimport com.pulumi.gcp.artifactregistry.inputs.GetLocationsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = ArtifactregistryFunctions.getLocations();\n\n }\n}\n```\n```yaml\nvariables:\n available:\n fn::invoke:\n Function: gcp:artifactregistry:getLocations\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Multi-Regional Artifact Registry Deployment\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst available = gcp.artifactregistry.getLocations({});\nconst repoOne = new gcp.artifactregistry.Repository(\"repo_one\", {\n location: available.then(available =\u003e available.locations?.[0]),\n repositoryId: \"repo-one\",\n format: \"apt\",\n});\nconst repoTwo = new gcp.artifactregistry.Repository(\"repo_two\", {\n location: available.then(available =\u003e available.locations?.[1]),\n repositoryId: \"repo-two\",\n format: \"apt\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\navailable = gcp.artifactregistry.get_locations()\nrepo_one = gcp.artifactregistry.Repository(\"repo_one\",\n location=available.locations[0],\n repository_id=\"repo-one\",\n format=\"apt\")\nrepo_two = gcp.artifactregistry.Repository(\"repo_two\",\n location=available.locations[1],\n repository_id=\"repo-two\",\n format=\"apt\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Gcp.ArtifactRegistry.GetLocations.Invoke();\n\n var repoOne = new Gcp.ArtifactRegistry.Repository(\"repo_one\", new()\n {\n Location = available.Apply(getLocationsResult =\u003e getLocationsResult.Locations[0]),\n RepositoryId = \"repo-one\",\n Format = \"apt\",\n });\n\n var repoTwo = new Gcp.ArtifactRegistry.Repository(\"repo_two\", new()\n {\n Location = available.Apply(getLocationsResult =\u003e getLocationsResult.Locations[1]),\n RepositoryId = \"repo-two\",\n Format = \"apt\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tavailable, err := artifactregistry.GetLocations(ctx, \u0026artifactregistry.GetLocationsArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"repo_one\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(available.Locations[0]),\n\t\t\tRepositoryId: pulumi.String(\"repo-one\"),\n\t\t\tFormat: pulumi.String(\"apt\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"repo_two\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(available.Locations[1]),\n\t\t\tRepositoryId: pulumi.String(\"repo-two\"),\n\t\t\tFormat: pulumi.String(\"apt\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.ArtifactregistryFunctions;\nimport com.pulumi.gcp.artifactregistry.inputs.GetLocationsArgs;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = ArtifactregistryFunctions.getLocations();\n\n var repoOne = new Repository(\"repoOne\", RepositoryArgs.builder()\n .location(available.applyValue(getLocationsResult -\u003e getLocationsResult.locations()[0]))\n .repositoryId(\"repo-one\")\n .format(\"apt\")\n .build());\n\n var repoTwo = new Repository(\"repoTwo\", RepositoryArgs.builder()\n .location(available.applyValue(getLocationsResult -\u003e getLocationsResult.locations()[1]))\n .repositoryId(\"repo-two\")\n .format(\"apt\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n repoOne:\n type: gcp:artifactregistry:Repository\n name: repo_one\n properties:\n location: ${available.locations[0]}\n repositoryId: repo-one\n format: apt\n repoTwo:\n type: gcp:artifactregistry:Repository\n name: repo_two\n properties:\n location: ${available.locations[1]}\n repositoryId: repo-two\n format: apt\nvariables:\n available:\n fn::invoke:\n Function: gcp:artifactregistry:getLocations\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get Artifact Registry locations available for a project. \n\nTo get more information about Artifact Registry, see:\n\n* [API documentation](https://cloud.google.com/artifact-registry/docs/reference/rest/v1/projects.locations/list)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/artifact-registry/docs/overview)\n \n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst available = gcp.artifactregistry.getLocations({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\navailable = gcp.artifactregistry.get_locations()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Gcp.ArtifactRegistry.GetLocations.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.GetLocations(ctx, \u0026artifactregistry.GetLocationsArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.ArtifactregistryFunctions;\nimport com.pulumi.gcp.artifactregistry.inputs.GetLocationsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = ArtifactregistryFunctions.getLocations();\n\n }\n}\n```\n```yaml\nvariables:\n available:\n fn::invoke:\n function: gcp:artifactregistry:getLocations\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Multi-Regional Artifact Registry Deployment\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst available = gcp.artifactregistry.getLocations({});\nconst repoOne = new gcp.artifactregistry.Repository(\"repo_one\", {\n location: available.then(available =\u003e available.locations?.[0]),\n repositoryId: \"repo-one\",\n format: \"apt\",\n});\nconst repoTwo = new gcp.artifactregistry.Repository(\"repo_two\", {\n location: available.then(available =\u003e available.locations?.[1]),\n repositoryId: \"repo-two\",\n format: \"apt\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\navailable = gcp.artifactregistry.get_locations()\nrepo_one = gcp.artifactregistry.Repository(\"repo_one\",\n location=available.locations[0],\n repository_id=\"repo-one\",\n format=\"apt\")\nrepo_two = gcp.artifactregistry.Repository(\"repo_two\",\n location=available.locations[1],\n repository_id=\"repo-two\",\n format=\"apt\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Gcp.ArtifactRegistry.GetLocations.Invoke();\n\n var repoOne = new Gcp.ArtifactRegistry.Repository(\"repo_one\", new()\n {\n Location = available.Apply(getLocationsResult =\u003e getLocationsResult.Locations[0]),\n RepositoryId = \"repo-one\",\n Format = \"apt\",\n });\n\n var repoTwo = new Gcp.ArtifactRegistry.Repository(\"repo_two\", new()\n {\n Location = available.Apply(getLocationsResult =\u003e getLocationsResult.Locations[1]),\n RepositoryId = \"repo-two\",\n Format = \"apt\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tavailable, err := artifactregistry.GetLocations(ctx, \u0026artifactregistry.GetLocationsArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"repo_one\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(available.Locations[0]),\n\t\t\tRepositoryId: pulumi.String(\"repo-one\"),\n\t\t\tFormat: pulumi.String(\"apt\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"repo_two\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(available.Locations[1]),\n\t\t\tRepositoryId: pulumi.String(\"repo-two\"),\n\t\t\tFormat: pulumi.String(\"apt\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.ArtifactregistryFunctions;\nimport com.pulumi.gcp.artifactregistry.inputs.GetLocationsArgs;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = ArtifactregistryFunctions.getLocations();\n\n var repoOne = new Repository(\"repoOne\", RepositoryArgs.builder()\n .location(available.applyValue(getLocationsResult -\u003e getLocationsResult.locations()[0]))\n .repositoryId(\"repo-one\")\n .format(\"apt\")\n .build());\n\n var repoTwo = new Repository(\"repoTwo\", RepositoryArgs.builder()\n .location(available.applyValue(getLocationsResult -\u003e getLocationsResult.locations()[1]))\n .repositoryId(\"repo-two\")\n .format(\"apt\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n repoOne:\n type: gcp:artifactregistry:Repository\n name: repo_one\n properties:\n location: ${available.locations[0]}\n repositoryId: repo-one\n format: apt\n repoTwo:\n type: gcp:artifactregistry:Repository\n name: repo_two\n properties:\n location: ${available.locations[1]}\n repositoryId: repo-two\n format: apt\nvariables:\n available:\n fn::invoke:\n function: gcp:artifactregistry:getLocations\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getLocations.\n", "properties": { @@ -280312,7 +280312,7 @@ } }, "gcp:artifactregistry/getRepository:getRepository": { - "description": "Get information about a Google Artifact Registry Repository. For more information see\nthe [official documentation](https://cloud.google.com/artifact-registry/docs/)\nand [API](https://cloud.google.com/artifact-registry/docs/apis).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-repo = gcp.artifactregistry.getRepository({\n location: \"us-central1\",\n repositoryId: \"my-repository\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo = gcp.artifactregistry.get_repository(location=\"us-central1\",\n repository_id=\"my-repository\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_repo = Gcp.ArtifactRegistry.GetRepository.Invoke(new()\n {\n Location = \"us-central1\",\n RepositoryId = \"my-repository\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.LookupRepository(ctx, \u0026artifactregistry.LookupRepositoryArgs{\n\t\t\tLocation: \"us-central1\",\n\t\t\tRepositoryId: \"my-repository\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.ArtifactregistryFunctions;\nimport com.pulumi.gcp.artifactregistry.inputs.GetRepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-repo = ArtifactregistryFunctions.getRepository(GetRepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"my-repository\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-repo:\n fn::invoke:\n Function: gcp:artifactregistry:getRepository\n Arguments:\n location: us-central1\n repositoryId: my-repository\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get information about a Google Artifact Registry Repository. For more information see\nthe [official documentation](https://cloud.google.com/artifact-registry/docs/)\nand [API](https://cloud.google.com/artifact-registry/docs/apis).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-repo = gcp.artifactregistry.getRepository({\n location: \"us-central1\",\n repositoryId: \"my-repository\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo = gcp.artifactregistry.get_repository(location=\"us-central1\",\n repository_id=\"my-repository\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_repo = Gcp.ArtifactRegistry.GetRepository.Invoke(new()\n {\n Location = \"us-central1\",\n RepositoryId = \"my-repository\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.LookupRepository(ctx, \u0026artifactregistry.LookupRepositoryArgs{\n\t\t\tLocation: \"us-central1\",\n\t\t\tRepositoryId: \"my-repository\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.ArtifactregistryFunctions;\nimport com.pulumi.gcp.artifactregistry.inputs.GetRepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-repo = ArtifactregistryFunctions.getRepository(GetRepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"my-repository\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-repo:\n fn::invoke:\n function: gcp:artifactregistry:getRepository\n arguments:\n location: us-central1\n repositoryId: my-repository\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getRepository.\n", "properties": { @@ -280451,7 +280451,7 @@ } }, "gcp:artifactregistry/getRepositoryIamPolicy:getRepositoryIamPolicy": { - "description": "Retrieves the current IAM policy data for repository\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.artifactregistry.getRepositoryIamPolicy({\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.artifactregistry.get_repository_iam_policy(project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.ArtifactRegistry.GetRepositoryIamPolicy.Invoke(new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.LookupRepositoryIamPolicy(ctx, \u0026artifactregistry.LookupRepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(my_repo.Project),\n\t\t\tLocation: pulumi.StringRef(my_repo.Location),\n\t\t\tRepository: my_repo.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.ArtifactregistryFunctions;\nimport com.pulumi.gcp.artifactregistry.inputs.GetRepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = ArtifactregistryFunctions.getRepositoryIamPolicy(GetRepositoryIamPolicyArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:artifactregistry:getRepositoryIamPolicy\n Arguments:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for repository\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.artifactregistry.getRepositoryIamPolicy({\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.artifactregistry.get_repository_iam_policy(project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.ArtifactRegistry.GetRepositoryIamPolicy.Invoke(new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.LookupRepositoryIamPolicy(ctx, \u0026artifactregistry.LookupRepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(my_repo.Project),\n\t\t\tLocation: pulumi.StringRef(my_repo.Location),\n\t\t\tRepository: my_repo.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.ArtifactregistryFunctions;\nimport com.pulumi.gcp.artifactregistry.inputs.GetRepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = ArtifactregistryFunctions.getRepositoryIamPolicy(GetRepositoryIamPolicyArgs.builder()\n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:artifactregistry:getRepositoryIamPolicy\n arguments:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getRepositoryIamPolicy.\n", "properties": { @@ -280593,7 +280593,7 @@ } }, "gcp:backupdisasterrecovery/getBackupPlanAssociation:getBackupPlanAssociation": { - "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-backupplan-association = gcp.backupdisasterrecovery.getBackupPlanAssociation({\n location: \"us-central1\",\n backupPlanAssociationId: \"bpa-id\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_backupplan_association = gcp.backupdisasterrecovery.get_backup_plan_association(location=\"us-central1\",\n backup_plan_association_id=\"bpa-id\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_backupplan_association = Gcp.BackupDisasterRecovery.GetBackupPlanAssociation.Invoke(new()\n {\n Location = \"us-central1\",\n BackupPlanAssociationId = \"bpa-id\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/backupdisasterrecovery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := backupdisasterrecovery.LookupBackupPlanAssociation(ctx, \u0026backupdisasterrecovery.LookupBackupPlanAssociationArgs{\n\t\t\tLocation: \"us-central1\",\n\t\t\tBackupPlanAssociationId: \"bpa-id\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.backupdisasterrecovery.BackupdisasterrecoveryFunctions;\nimport com.pulumi.gcp.backupdisasterrecovery.inputs.GetBackupPlanAssociationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-backupplan-association = BackupdisasterrecoveryFunctions.getBackupPlanAssociation(GetBackupPlanAssociationArgs.builder()\n .location(\"us-central1\")\n .backupPlanAssociationId(\"bpa-id\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-backupplan-association:\n fn::invoke:\n Function: gcp:backupdisasterrecovery:getBackupPlanAssociation\n Arguments:\n location: us-central1\n backupPlanAssociationId: bpa-id\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-backupplan-association = gcp.backupdisasterrecovery.getBackupPlanAssociation({\n location: \"us-central1\",\n backupPlanAssociationId: \"bpa-id\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_backupplan_association = gcp.backupdisasterrecovery.get_backup_plan_association(location=\"us-central1\",\n backup_plan_association_id=\"bpa-id\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_backupplan_association = Gcp.BackupDisasterRecovery.GetBackupPlanAssociation.Invoke(new()\n {\n Location = \"us-central1\",\n BackupPlanAssociationId = \"bpa-id\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/backupdisasterrecovery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := backupdisasterrecovery.LookupBackupPlanAssociation(ctx, \u0026backupdisasterrecovery.LookupBackupPlanAssociationArgs{\n\t\t\tLocation: \"us-central1\",\n\t\t\tBackupPlanAssociationId: \"bpa-id\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.backupdisasterrecovery.BackupdisasterrecoveryFunctions;\nimport com.pulumi.gcp.backupdisasterrecovery.inputs.GetBackupPlanAssociationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-backupplan-association = BackupdisasterrecoveryFunctions.getBackupPlanAssociation(GetBackupPlanAssociationArgs.builder()\n .location(\"us-central1\")\n .backupPlanAssociationId(\"bpa-id\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-backupplan-association:\n fn::invoke:\n function: gcp:backupdisasterrecovery:getBackupPlanAssociation\n arguments:\n location: us-central1\n backupPlanAssociationId: bpa-id\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getBackupPlanAssociation.\n", "properties": { @@ -280795,7 +280795,7 @@ } }, "gcp:backupdisasterrecovery/getManagementServer:getManagementServer": { - "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-backup-dr-management-server = gcp.backupdisasterrecovery.getManagementServer({\n location: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_backup_dr_management_server = gcp.backupdisasterrecovery.get_management_server(location=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_backup_dr_management_server = Gcp.BackupDisasterRecovery.GetManagementServer.Invoke(new()\n {\n Location = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/backupdisasterrecovery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := backupdisasterrecovery.LookupManagementServer(ctx, \u0026backupdisasterrecovery.LookupManagementServerArgs{\n\t\t\tLocation: \"us-central1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.backupdisasterrecovery.BackupdisasterrecoveryFunctions;\nimport com.pulumi.gcp.backupdisasterrecovery.inputs.GetManagementServerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-backup-dr-management-server = BackupdisasterrecoveryFunctions.getManagementServer(GetManagementServerArgs.builder()\n .location(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-backup-dr-management-server:\n fn::invoke:\n Function: gcp:backupdisasterrecovery:getManagementServer\n Arguments:\n location: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-backup-dr-management-server = gcp.backupdisasterrecovery.getManagementServer({\n location: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_backup_dr_management_server = gcp.backupdisasterrecovery.get_management_server(location=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_backup_dr_management_server = Gcp.BackupDisasterRecovery.GetManagementServer.Invoke(new()\n {\n Location = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/backupdisasterrecovery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := backupdisasterrecovery.LookupManagementServer(ctx, \u0026backupdisasterrecovery.LookupManagementServerArgs{\n\t\t\tLocation: \"us-central1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.backupdisasterrecovery.BackupdisasterrecoveryFunctions;\nimport com.pulumi.gcp.backupdisasterrecovery.inputs.GetManagementServerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-backup-dr-management-server = BackupdisasterrecoveryFunctions.getManagementServer(GetManagementServerArgs.builder()\n .location(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-backup-dr-management-server:\n fn::invoke:\n function: gcp:backupdisasterrecovery:getManagementServer\n arguments:\n location: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getManagementServer.\n", "properties": { @@ -280857,7 +280857,7 @@ } }, "gcp:beyondcorp/getAppConnection:getAppConnection": { - "description": "Get information about a Google BeyondCorp App Connection.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-beyondcorp-app-connection = gcp.beyondcorp.getAppConnection({\n name: \"my-beyondcorp-app-connection\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_beyondcorp_app_connection = gcp.beyondcorp.get_app_connection(name=\"my-beyondcorp-app-connection\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_beyondcorp_app_connection = Gcp.Beyondcorp.GetAppConnection.Invoke(new()\n {\n Name = \"my-beyondcorp-app-connection\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/beyondcorp\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := beyondcorp.LookupAppConnection(ctx, \u0026beyondcorp.LookupAppConnectionArgs{\n\t\t\tName: \"my-beyondcorp-app-connection\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.beyondcorp.BeyondcorpFunctions;\nimport com.pulumi.gcp.beyondcorp.inputs.GetAppConnectionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-beyondcorp-app-connection = BeyondcorpFunctions.getAppConnection(GetAppConnectionArgs.builder()\n .name(\"my-beyondcorp-app-connection\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-beyondcorp-app-connection:\n fn::invoke:\n Function: gcp:beyondcorp:getAppConnection\n Arguments:\n name: my-beyondcorp-app-connection\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get information about a Google BeyondCorp App Connection.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-beyondcorp-app-connection = gcp.beyondcorp.getAppConnection({\n name: \"my-beyondcorp-app-connection\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_beyondcorp_app_connection = gcp.beyondcorp.get_app_connection(name=\"my-beyondcorp-app-connection\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_beyondcorp_app_connection = Gcp.Beyondcorp.GetAppConnection.Invoke(new()\n {\n Name = \"my-beyondcorp-app-connection\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/beyondcorp\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := beyondcorp.LookupAppConnection(ctx, \u0026beyondcorp.LookupAppConnectionArgs{\n\t\t\tName: \"my-beyondcorp-app-connection\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.beyondcorp.BeyondcorpFunctions;\nimport com.pulumi.gcp.beyondcorp.inputs.GetAppConnectionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-beyondcorp-app-connection = BeyondcorpFunctions.getAppConnection(GetAppConnectionArgs.builder()\n .name(\"my-beyondcorp-app-connection\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-beyondcorp-app-connection:\n fn::invoke:\n function: gcp:beyondcorp:getAppConnection\n arguments:\n name: my-beyondcorp-app-connection\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getAppConnection.\n", "properties": { @@ -280956,7 +280956,7 @@ } }, "gcp:beyondcorp/getAppConnector:getAppConnector": { - "description": "Get information about a Google BeyondCorp App Connector.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-beyondcorp-app-connector = gcp.beyondcorp.getAppConnector({\n name: \"my-beyondcorp-app-connector\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_beyondcorp_app_connector = gcp.beyondcorp.get_app_connector(name=\"my-beyondcorp-app-connector\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_beyondcorp_app_connector = Gcp.Beyondcorp.GetAppConnector.Invoke(new()\n {\n Name = \"my-beyondcorp-app-connector\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/beyondcorp\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := beyondcorp.LookupAppConnector(ctx, \u0026beyondcorp.LookupAppConnectorArgs{\n\t\t\tName: \"my-beyondcorp-app-connector\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.beyondcorp.BeyondcorpFunctions;\nimport com.pulumi.gcp.beyondcorp.inputs.GetAppConnectorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-beyondcorp-app-connector = BeyondcorpFunctions.getAppConnector(GetAppConnectorArgs.builder()\n .name(\"my-beyondcorp-app-connector\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-beyondcorp-app-connector:\n fn::invoke:\n Function: gcp:beyondcorp:getAppConnector\n Arguments:\n name: my-beyondcorp-app-connector\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get information about a Google BeyondCorp App Connector.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-beyondcorp-app-connector = gcp.beyondcorp.getAppConnector({\n name: \"my-beyondcorp-app-connector\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_beyondcorp_app_connector = gcp.beyondcorp.get_app_connector(name=\"my-beyondcorp-app-connector\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_beyondcorp_app_connector = Gcp.Beyondcorp.GetAppConnector.Invoke(new()\n {\n Name = \"my-beyondcorp-app-connector\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/beyondcorp\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := beyondcorp.LookupAppConnector(ctx, \u0026beyondcorp.LookupAppConnectorArgs{\n\t\t\tName: \"my-beyondcorp-app-connector\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.beyondcorp.BeyondcorpFunctions;\nimport com.pulumi.gcp.beyondcorp.inputs.GetAppConnectorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-beyondcorp-app-connector = BeyondcorpFunctions.getAppConnector(GetAppConnectorArgs.builder()\n .name(\"my-beyondcorp-app-connector\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-beyondcorp-app-connector:\n fn::invoke:\n function: gcp:beyondcorp:getAppConnector\n arguments:\n name: my-beyondcorp-app-connector\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getAppConnector.\n", "properties": { @@ -281041,7 +281041,7 @@ } }, "gcp:beyondcorp/getAppGateway:getAppGateway": { - "description": "Get information about a Google BeyondCorp App Gateway.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-beyondcorp-app-gateway = gcp.beyondcorp.getAppGateway({\n name: \"my-beyondcorp-app-gateway\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_beyondcorp_app_gateway = gcp.beyondcorp.get_app_gateway(name=\"my-beyondcorp-app-gateway\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_beyondcorp_app_gateway = Gcp.Beyondcorp.GetAppGateway.Invoke(new()\n {\n Name = \"my-beyondcorp-app-gateway\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/beyondcorp\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := beyondcorp.LookupAppGateway(ctx, \u0026beyondcorp.LookupAppGatewayArgs{\n\t\t\tName: \"my-beyondcorp-app-gateway\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.beyondcorp.BeyondcorpFunctions;\nimport com.pulumi.gcp.beyondcorp.inputs.GetAppGatewayArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-beyondcorp-app-gateway = BeyondcorpFunctions.getAppGateway(GetAppGatewayArgs.builder()\n .name(\"my-beyondcorp-app-gateway\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-beyondcorp-app-gateway:\n fn::invoke:\n Function: gcp:beyondcorp:getAppGateway\n Arguments:\n name: my-beyondcorp-app-gateway\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get information about a Google BeyondCorp App Gateway.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-beyondcorp-app-gateway = gcp.beyondcorp.getAppGateway({\n name: \"my-beyondcorp-app-gateway\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_beyondcorp_app_gateway = gcp.beyondcorp.get_app_gateway(name=\"my-beyondcorp-app-gateway\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_beyondcorp_app_gateway = Gcp.Beyondcorp.GetAppGateway.Invoke(new()\n {\n Name = \"my-beyondcorp-app-gateway\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/beyondcorp\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := beyondcorp.LookupAppGateway(ctx, \u0026beyondcorp.LookupAppGatewayArgs{\n\t\t\tName: \"my-beyondcorp-app-gateway\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.beyondcorp.BeyondcorpFunctions;\nimport com.pulumi.gcp.beyondcorp.inputs.GetAppGatewayArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-beyondcorp-app-gateway = BeyondcorpFunctions.getAppGateway(GetAppGatewayArgs.builder()\n .name(\"my-beyondcorp-app-gateway\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-beyondcorp-app-gateway:\n fn::invoke:\n function: gcp:beyondcorp:getAppGateway\n arguments:\n name: my-beyondcorp-app-gateway\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getAppGateway.\n", "properties": { @@ -281138,7 +281138,7 @@ } }, "gcp:bigquery/getConnectionIamPolicy:getConnectionIamPolicy": { - "description": "Retrieves the current IAM policy data for connection\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.bigquery.getConnectionIamPolicy({\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.bigquery.get_connection_iam_policy(project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.BigQuery.GetConnectionIamPolicy.Invoke(new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.LookupConnectionIamPolicy(ctx, \u0026bigquery.LookupConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(connection.Project),\n\t\t\tLocation: pulumi.StringRef(connection.Location),\n\t\t\tConnectionId: connection.ConnectionId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.BigqueryFunctions;\nimport com.pulumi.gcp.bigquery.inputs.GetConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = BigqueryFunctions.getConnectionIamPolicy(GetConnectionIamPolicyArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:bigquery:getConnectionIamPolicy\n Arguments:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for connection\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.bigquery.getConnectionIamPolicy({\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.bigquery.get_connection_iam_policy(project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.BigQuery.GetConnectionIamPolicy.Invoke(new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.LookupConnectionIamPolicy(ctx, \u0026bigquery.LookupConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(connection.Project),\n\t\t\tLocation: pulumi.StringRef(connection.Location),\n\t\t\tConnectionId: connection.ConnectionId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.BigqueryFunctions;\nimport com.pulumi.gcp.bigquery.inputs.GetConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = BigqueryFunctions.getConnectionIamPolicy(GetConnectionIamPolicyArgs.builder()\n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:bigquery:getConnectionIamPolicy\n arguments:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getConnectionIamPolicy.\n", "properties": { @@ -281200,7 +281200,7 @@ } }, "gcp:bigquery/getDataset:getDataset": { - "description": "Get information about a BigQuery dataset. For more information see\nthe [official documentation](https://cloud.google.com/bigquery/docs)\nand [API](https://cloud.google.com/bigquery/docs/reference/rest/v2/datasets).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = gcp.bigquery.getDataset({\n datasetId: \"my-bq-dataset\",\n project: \"my-project\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.get_dataset(dataset_id=\"my-bq-dataset\",\n project=\"my-project\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = Gcp.BigQuery.GetDataset.Invoke(new()\n {\n DatasetId = \"my-bq-dataset\",\n Project = \"my-project\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.LookupDataset(ctx, \u0026bigquery.LookupDatasetArgs{\n\t\t\tDatasetId: \"my-bq-dataset\",\n\t\t\tProject: pulumi.StringRef(\"my-project\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.BigqueryFunctions;\nimport com.pulumi.gcp.bigquery.inputs.GetDatasetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var dataset = BigqueryFunctions.getDataset(GetDatasetArgs.builder()\n .datasetId(\"my-bq-dataset\")\n .project(\"my-project\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n dataset:\n fn::invoke:\n Function: gcp:bigquery:getDataset\n Arguments:\n datasetId: my-bq-dataset\n project: my-project\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get information about a BigQuery dataset. For more information see\nthe [official documentation](https://cloud.google.com/bigquery/docs)\nand [API](https://cloud.google.com/bigquery/docs/reference/rest/v2/datasets).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = gcp.bigquery.getDataset({\n datasetId: \"my-bq-dataset\",\n project: \"my-project\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.get_dataset(dataset_id=\"my-bq-dataset\",\n project=\"my-project\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = Gcp.BigQuery.GetDataset.Invoke(new()\n {\n DatasetId = \"my-bq-dataset\",\n Project = \"my-project\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.LookupDataset(ctx, \u0026bigquery.LookupDatasetArgs{\n\t\t\tDatasetId: \"my-bq-dataset\",\n\t\t\tProject: pulumi.StringRef(\"my-project\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.BigqueryFunctions;\nimport com.pulumi.gcp.bigquery.inputs.GetDatasetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var dataset = BigqueryFunctions.getDataset(GetDatasetArgs.builder()\n .datasetId(\"my-bq-dataset\")\n .project(\"my-project\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n dataset:\n fn::invoke:\n function: gcp:bigquery:getDataset\n arguments:\n datasetId: my-bq-dataset\n project: my-project\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getDataset.\n", "properties": { @@ -281354,7 +281354,7 @@ } }, "gcp:bigquery/getDatasetIamPolicy:getDatasetIamPolicy": { - "description": "Retrieves the current IAM policy data for a BigQuery dataset.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.bigquery.getDatasetIamPolicy({\n datasetId: dataset.datasetId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.bigquery.get_dataset_iam_policy(dataset_id=dataset[\"datasetId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.BigQuery.GetDatasetIamPolicy.Invoke(new()\n {\n DatasetId = dataset.DatasetId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.LookupDatasetIamPolicy(ctx, \u0026bigquery.LookupDatasetIamPolicyArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.BigqueryFunctions;\nimport com.pulumi.gcp.bigquery.inputs.GetDatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = BigqueryFunctions.getDatasetIamPolicy(GetDatasetIamPolicyArgs.builder()\n .datasetId(dataset.datasetId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:bigquery:getDatasetIamPolicy\n Arguments:\n datasetId: ${dataset.datasetId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for a BigQuery dataset.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.bigquery.getDatasetIamPolicy({\n datasetId: dataset.datasetId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.bigquery.get_dataset_iam_policy(dataset_id=dataset[\"datasetId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.BigQuery.GetDatasetIamPolicy.Invoke(new()\n {\n DatasetId = dataset.DatasetId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.LookupDatasetIamPolicy(ctx, \u0026bigquery.LookupDatasetIamPolicyArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.BigqueryFunctions;\nimport com.pulumi.gcp.bigquery.inputs.GetDatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = BigqueryFunctions.getDatasetIamPolicy(GetDatasetIamPolicyArgs.builder()\n .datasetId(dataset.datasetId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:bigquery:getDatasetIamPolicy\n arguments:\n datasetId: ${dataset.datasetId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getDatasetIamPolicy.\n", "properties": { @@ -281407,7 +281407,7 @@ } }, "gcp:bigquery/getDefaultServiceAccount:getDefaultServiceAccount": { - "description": "Get the email address of a project's unique BigQuery service account.\n\nEach Google Cloud project has a unique service account used by BigQuery. When using\nBigQuery with [customer-managed encryption keys](https://cloud.google.com/bigquery/docs/customer-managed-encryption),\nthis account needs to be granted the\n`cloudkms.cryptoKeyEncrypterDecrypter` IAM role on the customer-managed Cloud KMS key used to protect the data.\n\nFor more information see\n[the API reference](https://cloud.google.com/bigquery/docs/reference/rest/v2/projects/getServiceAccount).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst bqSa = gcp.bigquery.getDefaultServiceAccount({});\nconst keySaUser = new gcp.kms.CryptoKeyIAMMember(\"key_sa_user\", {\n cryptoKeyId: key.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: bqSa.then(bqSa =\u003e `serviceAccount:${bqSa.email}`),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbq_sa = gcp.bigquery.get_default_service_account()\nkey_sa_user = gcp.kms.CryptoKeyIAMMember(\"key_sa_user\",\n crypto_key_id=key[\"id\"],\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:{bq_sa.email}\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bqSa = Gcp.BigQuery.GetDefaultServiceAccount.Invoke();\n\n var keySaUser = new Gcp.Kms.CryptoKeyIAMMember(\"key_sa_user\", new()\n {\n CryptoKeyId = key.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:{bqSa.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Email)}\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbqSa, err := bigquery.GetDefaultServiceAccount(ctx, \u0026bigquery.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewCryptoKeyIAMMember(ctx, \"key_sa_user\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.Any(key.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v\", bqSa.Email),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.BigqueryFunctions;\nimport com.pulumi.gcp.bigquery.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var bqSa = BigqueryFunctions.getDefaultServiceAccount();\n\n var keySaUser = new CryptoKeyIAMMember(\"keySaUser\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(key.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:%s\", bqSa.applyValue(getDefaultServiceAccountResult -\u003e getDefaultServiceAccountResult.email())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keySaUser:\n type: gcp:kms:CryptoKeyIAMMember\n name: key_sa_user\n properties:\n cryptoKeyId: ${key.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:${bqSa.email}\nvariables:\n bqSa:\n fn::invoke:\n Function: gcp:bigquery:getDefaultServiceAccount\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get the email address of a project's unique BigQuery service account.\n\nEach Google Cloud project has a unique service account used by BigQuery. When using\nBigQuery with [customer-managed encryption keys](https://cloud.google.com/bigquery/docs/customer-managed-encryption),\nthis account needs to be granted the\n`cloudkms.cryptoKeyEncrypterDecrypter` IAM role on the customer-managed Cloud KMS key used to protect the data.\n\nFor more information see\n[the API reference](https://cloud.google.com/bigquery/docs/reference/rest/v2/projects/getServiceAccount).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst bqSa = gcp.bigquery.getDefaultServiceAccount({});\nconst keySaUser = new gcp.kms.CryptoKeyIAMMember(\"key_sa_user\", {\n cryptoKeyId: key.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: bqSa.then(bqSa =\u003e `serviceAccount:${bqSa.email}`),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbq_sa = gcp.bigquery.get_default_service_account()\nkey_sa_user = gcp.kms.CryptoKeyIAMMember(\"key_sa_user\",\n crypto_key_id=key[\"id\"],\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:{bq_sa.email}\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bqSa = Gcp.BigQuery.GetDefaultServiceAccount.Invoke();\n\n var keySaUser = new Gcp.Kms.CryptoKeyIAMMember(\"key_sa_user\", new()\n {\n CryptoKeyId = key.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:{bqSa.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Email)}\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbqSa, err := bigquery.GetDefaultServiceAccount(ctx, \u0026bigquery.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewCryptoKeyIAMMember(ctx, \"key_sa_user\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.Any(key.Id),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:%v\", bqSa.Email),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.BigqueryFunctions;\nimport com.pulumi.gcp.bigquery.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var bqSa = BigqueryFunctions.getDefaultServiceAccount();\n\n var keySaUser = new CryptoKeyIAMMember(\"keySaUser\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(key.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:%s\", bqSa.applyValue(getDefaultServiceAccountResult -\u003e getDefaultServiceAccountResult.email())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keySaUser:\n type: gcp:kms:CryptoKeyIAMMember\n name: key_sa_user\n properties:\n cryptoKeyId: ${key.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:${bqSa.email}\nvariables:\n bqSa:\n fn::invoke:\n function: gcp:bigquery:getDefaultServiceAccount\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getDefaultServiceAccount.\n", "properties": { @@ -281447,7 +281447,7 @@ } }, "gcp:bigquery/getTableIamPolicy:getTableIamPolicy": { - "description": "Retrieves the current IAM policy data for table\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.bigquery.getTableIamPolicy({\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.bigquery.get_table_iam_policy(project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.BigQuery.GetTableIamPolicy.Invoke(new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.GetTableIamPolicy(ctx, \u0026bigquery.GetTableIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(test.Project),\n\t\t\tDatasetId: test.DatasetId,\n\t\t\tTableId: test.TableId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.BigqueryFunctions;\nimport com.pulumi.gcp.bigquery.inputs.GetTableIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = BigqueryFunctions.getTableIamPolicy(GetTableIamPolicyArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:bigquery:getTableIamPolicy\n Arguments:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for table\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.bigquery.getTableIamPolicy({\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.bigquery.get_table_iam_policy(project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.BigQuery.GetTableIamPolicy.Invoke(new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.GetTableIamPolicy(ctx, \u0026bigquery.GetTableIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(test.Project),\n\t\t\tDatasetId: test.DatasetId,\n\t\t\tTableId: test.TableId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.BigqueryFunctions;\nimport com.pulumi.gcp.bigquery.inputs.GetTableIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = BigqueryFunctions.getTableIamPolicy(GetTableIamPolicyArgs.builder()\n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:bigquery:getTableIamPolicy\n arguments:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getTableIamPolicy.\n", "properties": { @@ -281508,7 +281508,7 @@ } }, "gcp:bigquery/getTables:getTables": { - "description": "Get a list of tables in a BigQuery dataset. For more information see\nthe [official documentation](https://cloud.google.com/bigquery/docs)\nand [API](https://cloud.google.com/bigquery/docs/reference/rest/v2/tables).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst tables = gcp.bigquery.getTables({\n datasetId: \"my-bq-dataset\",\n project: \"my-project\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntables = gcp.bigquery.get_tables(dataset_id=\"my-bq-dataset\",\n project=\"my-project\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var tables = Gcp.BigQuery.GetTables.Invoke(new()\n {\n DatasetId = \"my-bq-dataset\",\n Project = \"my-project\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.GetTables(ctx, \u0026bigquery.GetTablesArgs{\n\t\t\tDatasetId: \"my-bq-dataset\",\n\t\t\tProject: pulumi.StringRef(\"my-project\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.BigqueryFunctions;\nimport com.pulumi.gcp.bigquery.inputs.GetTablesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var tables = BigqueryFunctions.getTables(GetTablesArgs.builder()\n .datasetId(\"my-bq-dataset\")\n .project(\"my-project\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n tables:\n fn::invoke:\n Function: gcp:bigquery:getTables\n Arguments:\n datasetId: my-bq-dataset\n project: my-project\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get a list of tables in a BigQuery dataset. For more information see\nthe [official documentation](https://cloud.google.com/bigquery/docs)\nand [API](https://cloud.google.com/bigquery/docs/reference/rest/v2/tables).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst tables = gcp.bigquery.getTables({\n datasetId: \"my-bq-dataset\",\n project: \"my-project\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntables = gcp.bigquery.get_tables(dataset_id=\"my-bq-dataset\",\n project=\"my-project\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var tables = Gcp.BigQuery.GetTables.Invoke(new()\n {\n DatasetId = \"my-bq-dataset\",\n Project = \"my-project\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.GetTables(ctx, \u0026bigquery.GetTablesArgs{\n\t\t\tDatasetId: \"my-bq-dataset\",\n\t\t\tProject: pulumi.StringRef(\"my-project\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.BigqueryFunctions;\nimport com.pulumi.gcp.bigquery.inputs.GetTablesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var tables = BigqueryFunctions.getTables(GetTablesArgs.builder()\n .datasetId(\"my-bq-dataset\")\n .project(\"my-project\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n tables:\n fn::invoke:\n function: gcp:bigquery:getTables\n arguments:\n datasetId: my-bq-dataset\n project: my-project\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getTables.\n", "properties": { @@ -281556,7 +281556,7 @@ } }, "gcp:bigqueryanalyticshub/getDataExchangeIamPolicy:getDataExchangeIamPolicy": { - "description": "Retrieves the current IAM policy data for dataexchange\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.bigqueryanalyticshub.getDataExchangeIamPolicy({\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.bigqueryanalyticshub.get_data_exchange_iam_policy(project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.BigQueryAnalyticsHub.GetDataExchangeIamPolicy.Invoke(new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.LookupDataExchangeIamPolicy(ctx, \u0026bigqueryanalyticshub.LookupDataExchangeIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(dataExchange.Project),\n\t\t\tLocation: pulumi.StringRef(dataExchange.Location),\n\t\t\tDataExchangeId: dataExchange.DataExchangeId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.BigqueryanalyticshubFunctions;\nimport com.pulumi.gcp.bigqueryanalyticshub.inputs.GetDataExchangeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = BigqueryanalyticshubFunctions.getDataExchangeIamPolicy(GetDataExchangeIamPolicyArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:bigqueryanalyticshub:getDataExchangeIamPolicy\n Arguments:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for dataexchange\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.bigqueryanalyticshub.getDataExchangeIamPolicy({\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.bigqueryanalyticshub.get_data_exchange_iam_policy(project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.BigQueryAnalyticsHub.GetDataExchangeIamPolicy.Invoke(new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.LookupDataExchangeIamPolicy(ctx, \u0026bigqueryanalyticshub.LookupDataExchangeIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(dataExchange.Project),\n\t\t\tLocation: pulumi.StringRef(dataExchange.Location),\n\t\t\tDataExchangeId: dataExchange.DataExchangeId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.BigqueryanalyticshubFunctions;\nimport com.pulumi.gcp.bigqueryanalyticshub.inputs.GetDataExchangeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = BigqueryanalyticshubFunctions.getDataExchangeIamPolicy(GetDataExchangeIamPolicyArgs.builder()\n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:bigqueryanalyticshub:getDataExchangeIamPolicy\n arguments:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getDataExchangeIamPolicy.\n", "properties": { @@ -281618,7 +281618,7 @@ } }, "gcp:bigqueryanalyticshub/getListingIamPolicy:getListingIamPolicy": { - "description": "Retrieves the current IAM policy data for listing\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.bigqueryanalyticshub.getListingIamPolicy({\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.bigqueryanalyticshub.get_listing_iam_policy(project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.BigQueryAnalyticsHub.GetListingIamPolicy.Invoke(new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.LookupListingIamPolicy(ctx, \u0026bigqueryanalyticshub.LookupListingIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(listing.Project),\n\t\t\tLocation: pulumi.StringRef(listing.Location),\n\t\t\tDataExchangeId: listing.DataExchangeId,\n\t\t\tListingId: listing.ListingId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.BigqueryanalyticshubFunctions;\nimport com.pulumi.gcp.bigqueryanalyticshub.inputs.GetListingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = BigqueryanalyticshubFunctions.getListingIamPolicy(GetListingIamPolicyArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:bigqueryanalyticshub:getListingIamPolicy\n Arguments:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for listing\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.bigqueryanalyticshub.getListingIamPolicy({\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.bigqueryanalyticshub.get_listing_iam_policy(project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.BigQueryAnalyticsHub.GetListingIamPolicy.Invoke(new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.LookupListingIamPolicy(ctx, \u0026bigqueryanalyticshub.LookupListingIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(listing.Project),\n\t\t\tLocation: pulumi.StringRef(listing.Location),\n\t\t\tDataExchangeId: listing.DataExchangeId,\n\t\t\tListingId: listing.ListingId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.BigqueryanalyticshubFunctions;\nimport com.pulumi.gcp.bigqueryanalyticshub.inputs.GetListingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = BigqueryanalyticshubFunctions.getListingIamPolicy(GetListingIamPolicyArgs.builder()\n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:bigqueryanalyticshub:getListingIamPolicy\n arguments:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getListingIamPolicy.\n", "properties": { @@ -281690,7 +281690,7 @@ } }, "gcp:bigquerydatapolicy/getIamPolicy:getIamPolicy": { - "description": "Retrieves the current IAM policy data for datapolicy\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.bigquerydatapolicy.getIamPolicy({\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.bigquerydatapolicy.get_iam_policy(project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.BigQueryDataPolicy.GetIamPolicy.Invoke(new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.GetIamPolicy(ctx, \u0026bigquerydatapolicy.GetIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(dataPolicy.Project),\n\t\t\tLocation: pulumi.StringRef(dataPolicy.Location),\n\t\t\tDataPolicyId: dataPolicy.DataPolicyId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.BigquerydatapolicyFunctions;\nimport com.pulumi.gcp.bigquerydatapolicy.inputs.GetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = BigquerydatapolicyFunctions.getIamPolicy(GetIamPolicyArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:bigquerydatapolicy:getIamPolicy\n Arguments:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for datapolicy\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.bigquerydatapolicy.getIamPolicy({\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.bigquerydatapolicy.get_iam_policy(project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.BigQueryDataPolicy.GetIamPolicy.Invoke(new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.GetIamPolicy(ctx, \u0026bigquerydatapolicy.GetIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(dataPolicy.Project),\n\t\t\tLocation: pulumi.StringRef(dataPolicy.Location),\n\t\t\tDataPolicyId: dataPolicy.DataPolicyId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.BigquerydatapolicyFunctions;\nimport com.pulumi.gcp.bigquerydatapolicy.inputs.GetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = BigquerydatapolicyFunctions.getIamPolicy(GetIamPolicyArgs.builder()\n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:bigquerydatapolicy:getIamPolicy\n arguments:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getIamPolicy.\n", "properties": { @@ -281751,7 +281751,7 @@ } }, "gcp:bigtable/getInstanceIamPolicy:getInstanceIamPolicy": { - "description": "Retrieves the current IAM policy data for a Bigtable instance.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.bigtable.getInstanceIamPolicy({\n instance: instance.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.bigtable.get_instance_iam_policy(instance=instance[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.BigTable.GetInstanceIamPolicy.Invoke(new()\n {\n Instance = instance.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.LookupInstanceIamPolicy(ctx, \u0026bigtable.LookupInstanceIamPolicyArgs{\n\t\t\tInstance: instance.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.BigtableFunctions;\nimport com.pulumi.gcp.bigtable.inputs.GetInstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = BigtableFunctions.getInstanceIamPolicy(GetInstanceIamPolicyArgs.builder()\n .instance(instance.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:bigtable:getInstanceIamPolicy\n Arguments:\n instance: ${instance.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for a Bigtable instance.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.bigtable.getInstanceIamPolicy({\n instance: instance.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.bigtable.get_instance_iam_policy(instance=instance[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.BigTable.GetInstanceIamPolicy.Invoke(new()\n {\n Instance = instance.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.LookupInstanceIamPolicy(ctx, \u0026bigtable.LookupInstanceIamPolicyArgs{\n\t\t\tInstance: instance.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.BigtableFunctions;\nimport com.pulumi.gcp.bigtable.inputs.GetInstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = BigtableFunctions.getInstanceIamPolicy(GetInstanceIamPolicyArgs.builder()\n .instance(instance.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:bigtable:getInstanceIamPolicy\n arguments:\n instance: ${instance.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getInstanceIamPolicy.\n", "properties": { @@ -281803,7 +281803,7 @@ } }, "gcp:bigtable/getTableIamPolicy:getTableIamPolicy": { - "description": "Retrieves the current IAM policy data for a Bigtable Table.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.bigtable.getTableIamPolicy({\n instance: instance.name,\n table: table.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.bigtable.get_table_iam_policy(instance=instance[\"name\"],\n table=table[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.BigTable.GetTableIamPolicy.Invoke(new()\n {\n Instance = instance.Name,\n Table = table.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.LookupTableIamPolicy(ctx, \u0026bigtable.LookupTableIamPolicyArgs{\n\t\t\tInstance: instance.Name,\n\t\t\tTable: table.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.BigtableFunctions;\nimport com.pulumi.gcp.bigtable.inputs.GetTableIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = BigtableFunctions.getTableIamPolicy(GetTableIamPolicyArgs.builder()\n .instance(instance.name())\n .table(table.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:bigtable:getTableIamPolicy\n Arguments:\n instance: ${instance.name}\n table: ${table.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for a Bigtable Table.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.bigtable.getTableIamPolicy({\n instance: instance.name,\n table: table.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.bigtable.get_table_iam_policy(instance=instance[\"name\"],\n table=table[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.BigTable.GetTableIamPolicy.Invoke(new()\n {\n Instance = instance.Name,\n Table = table.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.LookupTableIamPolicy(ctx, \u0026bigtable.LookupTableIamPolicyArgs{\n\t\t\tInstance: instance.Name,\n\t\t\tTable: table.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.BigtableFunctions;\nimport com.pulumi.gcp.bigtable.inputs.GetTableIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = BigtableFunctions.getTableIamPolicy(GetTableIamPolicyArgs.builder()\n .instance(instance.name())\n .table(table.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:bigtable:getTableIamPolicy\n arguments:\n instance: ${instance.name}\n table: ${table.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getTableIamPolicy.\n", "properties": { @@ -281865,7 +281865,7 @@ } }, "gcp:billing/getAccountIamPolicy:getAccountIamPolicy": { - "description": "Retrieves the current IAM policy data for a Billing Account.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.billing.getAccountIamPolicy({\n billingAccountId: \"MEEP-MEEP-MEEP-MEEP-MEEP\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.billing.get_account_iam_policy(billing_account_id=\"MEEP-MEEP-MEEP-MEEP-MEEP\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Billing.GetAccountIamPolicy.Invoke(new()\n {\n BillingAccountId = \"MEEP-MEEP-MEEP-MEEP-MEEP\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.LookupAccountIamPolicy(ctx, \u0026billing.LookupAccountIamPolicyArgs{\n\t\t\tBillingAccountId: \"MEEP-MEEP-MEEP-MEEP-MEEP\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.BillingFunctions;\nimport com.pulumi.gcp.billing.inputs.GetAccountIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = BillingFunctions.getAccountIamPolicy(GetAccountIamPolicyArgs.builder()\n .billingAccountId(\"MEEP-MEEP-MEEP-MEEP-MEEP\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:billing:getAccountIamPolicy\n Arguments:\n billingAccountId: MEEP-MEEP-MEEP-MEEP-MEEP\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for a Billing Account.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.billing.getAccountIamPolicy({\n billingAccountId: \"MEEP-MEEP-MEEP-MEEP-MEEP\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.billing.get_account_iam_policy(billing_account_id=\"MEEP-MEEP-MEEP-MEEP-MEEP\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Billing.GetAccountIamPolicy.Invoke(new()\n {\n BillingAccountId = \"MEEP-MEEP-MEEP-MEEP-MEEP\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.LookupAccountIamPolicy(ctx, \u0026billing.LookupAccountIamPolicyArgs{\n\t\t\tBillingAccountId: \"MEEP-MEEP-MEEP-MEEP-MEEP\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.BillingFunctions;\nimport com.pulumi.gcp.billing.inputs.GetAccountIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = BillingFunctions.getAccountIamPolicy(GetAccountIamPolicyArgs.builder()\n .billingAccountId(\"MEEP-MEEP-MEEP-MEEP-MEEP\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:billing:getAccountIamPolicy\n arguments:\n billingAccountId: MEEP-MEEP-MEEP-MEEP-MEEP\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getAccountIamPolicy.\n", "properties": { @@ -281909,7 +281909,7 @@ } }, "gcp:binaryauthorization/getAttestorIamPolicy:getAttestorIamPolicy": { - "description": "Retrieves the current IAM policy data for attestor\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.binaryauthorization.getAttestorIamPolicy({\n project: attestor.project,\n attestor: attestor.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.binaryauthorization.get_attestor_iam_policy(project=attestor[\"project\"],\n attestor=attestor[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.BinaryAuthorization.GetAttestorIamPolicy.Invoke(new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.LookupAttestorIamPolicy(ctx, \u0026binaryauthorization.LookupAttestorIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(attestor.Project),\n\t\t\tAttestor: attestor.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.BinaryauthorizationFunctions;\nimport com.pulumi.gcp.binaryauthorization.inputs.GetAttestorIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = BinaryauthorizationFunctions.getAttestorIamPolicy(GetAttestorIamPolicyArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:binaryauthorization:getAttestorIamPolicy\n Arguments:\n project: ${attestor.project}\n attestor: ${attestor.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for attestor\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.binaryauthorization.getAttestorIamPolicy({\n project: attestor.project,\n attestor: attestor.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.binaryauthorization.get_attestor_iam_policy(project=attestor[\"project\"],\n attestor=attestor[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.BinaryAuthorization.GetAttestorIamPolicy.Invoke(new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.LookupAttestorIamPolicy(ctx, \u0026binaryauthorization.LookupAttestorIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(attestor.Project),\n\t\t\tAttestor: attestor.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.BinaryauthorizationFunctions;\nimport com.pulumi.gcp.binaryauthorization.inputs.GetAttestorIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = BinaryauthorizationFunctions.getAttestorIamPolicy(GetAttestorIamPolicyArgs.builder()\n .project(attestor.project())\n .attestor(attestor.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:binaryauthorization:getAttestorIamPolicy\n arguments:\n project: ${attestor.project}\n attestor: ${attestor.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getAttestorIamPolicy.\n", "properties": { @@ -281962,7 +281962,7 @@ } }, "gcp:certificateauthority/getAuthority:getAuthority": { - "description": "Get info about a Google CAS Certificate Authority.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.certificateauthority.getAuthority({\n location: \"us-west1\",\n pool: \"pool-name\",\n certificateAuthorityId: \"ca-id\",\n});\nexport const csr = _default.then(_default =\u003e _default.pemCsr);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.certificateauthority.get_authority(location=\"us-west1\",\n pool=\"pool-name\",\n certificate_authority_id=\"ca-id\")\npulumi.export(\"csr\", default.pem_csr)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.CertificateAuthority.GetAuthority.Invoke(new()\n {\n Location = \"us-west1\",\n Pool = \"pool-name\",\n CertificateAuthorityId = \"ca-id\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"csr\"] = @default.Apply(@default =\u003e @default.Apply(getAuthorityResult =\u003e getAuthorityResult.PemCsr)),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := certificateauthority.LookupAuthority(ctx, \u0026certificateauthority.LookupAuthorityArgs{\n\t\t\tLocation: pulumi.StringRef(\"us-west1\"),\n\t\t\tPool: pulumi.StringRef(\"pool-name\"),\n\t\t\tCertificateAuthorityId: pulumi.StringRef(\"ca-id\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"csr\", _default.PemCsr)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateauthorityFunctions;\nimport com.pulumi.gcp.certificateauthority.inputs.GetAuthorityArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = CertificateauthorityFunctions.getAuthority(GetAuthorityArgs.builder()\n .location(\"us-west1\")\n .pool(\"pool-name\")\n .certificateAuthorityId(\"ca-id\")\n .build());\n\n ctx.export(\"csr\", default_.pemCsr());\n }\n}\n```\n```yaml\nvariables:\n default:\n fn::invoke:\n Function: gcp:certificateauthority:getAuthority\n Arguments:\n location: us-west1\n pool: pool-name\n certificateAuthorityId: ca-id\noutputs:\n csr: ${default.pemCsr}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get info about a Google CAS Certificate Authority.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.certificateauthority.getAuthority({\n location: \"us-west1\",\n pool: \"pool-name\",\n certificateAuthorityId: \"ca-id\",\n});\nexport const csr = _default.then(_default =\u003e _default.pemCsr);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.certificateauthority.get_authority(location=\"us-west1\",\n pool=\"pool-name\",\n certificate_authority_id=\"ca-id\")\npulumi.export(\"csr\", default.pem_csr)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.CertificateAuthority.GetAuthority.Invoke(new()\n {\n Location = \"us-west1\",\n Pool = \"pool-name\",\n CertificateAuthorityId = \"ca-id\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"csr\"] = @default.Apply(@default =\u003e @default.Apply(getAuthorityResult =\u003e getAuthorityResult.PemCsr)),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := certificateauthority.LookupAuthority(ctx, \u0026certificateauthority.LookupAuthorityArgs{\n\t\t\tLocation: pulumi.StringRef(\"us-west1\"),\n\t\t\tPool: pulumi.StringRef(\"pool-name\"),\n\t\t\tCertificateAuthorityId: pulumi.StringRef(\"ca-id\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"csr\", _default.PemCsr)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateauthorityFunctions;\nimport com.pulumi.gcp.certificateauthority.inputs.GetAuthorityArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = CertificateauthorityFunctions.getAuthority(GetAuthorityArgs.builder()\n .location(\"us-west1\")\n .pool(\"pool-name\")\n .certificateAuthorityId(\"ca-id\")\n .build());\n\n ctx.export(\"csr\", default_.pemCsr());\n }\n}\n```\n```yaml\nvariables:\n default:\n fn::invoke:\n function: gcp:certificateauthority:getAuthority\n arguments:\n location: us-west1\n pool: pool-name\n certificateAuthorityId: ca-id\noutputs:\n csr: ${default.pemCsr}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getAuthority.\n", "properties": { @@ -282123,7 +282123,7 @@ } }, "gcp:certificateauthority/getCaPoolIamPolicy:getCaPoolIamPolicy": { - "description": "Retrieves the current IAM policy data for capool\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.certificateauthority.getCaPoolIamPolicy({\n caPool: _default.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.certificateauthority.get_ca_pool_iam_policy(ca_pool=default[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.CertificateAuthority.GetCaPoolIamPolicy.Invoke(new()\n {\n CaPool = @default.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.LookupCaPoolIamPolicy(ctx, \u0026certificateauthority.LookupCaPoolIamPolicyArgs{\n\t\t\tCaPool: _default.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateauthorityFunctions;\nimport com.pulumi.gcp.certificateauthority.inputs.GetCaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = CertificateauthorityFunctions.getCaPoolIamPolicy(GetCaPoolIamPolicyArgs.builder()\n .caPool(default_.id())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:certificateauthority:getCaPoolIamPolicy\n Arguments:\n caPool: ${default.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for capool\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.certificateauthority.getCaPoolIamPolicy({\n caPool: _default.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.certificateauthority.get_ca_pool_iam_policy(ca_pool=default[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.CertificateAuthority.GetCaPoolIamPolicy.Invoke(new()\n {\n CaPool = @default.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.LookupCaPoolIamPolicy(ctx, \u0026certificateauthority.LookupCaPoolIamPolicyArgs{\n\t\t\tCaPool: _default.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateauthorityFunctions;\nimport com.pulumi.gcp.certificateauthority.inputs.GetCaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = CertificateauthorityFunctions.getCaPoolIamPolicy(GetCaPoolIamPolicyArgs.builder()\n .caPool(default_.id())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:certificateauthority:getCaPoolIamPolicy\n arguments:\n caPool: ${default.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getCaPoolIamPolicy.\n", "properties": { @@ -282185,7 +282185,7 @@ } }, "gcp:certificateauthority/getCertificateTemplateIamPolicy:getCertificateTemplateIamPolicy": { - "description": "Retrieves the current IAM policy data for certificatetemplate\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.certificateauthority.getCertificateTemplateIamPolicy({\n certificateTemplate: _default.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.certificateauthority.get_certificate_template_iam_policy(certificate_template=default[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.CertificateAuthority.GetCertificateTemplateIamPolicy.Invoke(new()\n {\n CertificateTemplate = @default.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.LookupCertificateTemplateIamPolicy(ctx, \u0026certificateauthority.LookupCertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: _default.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateauthorityFunctions;\nimport com.pulumi.gcp.certificateauthority.inputs.GetCertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = CertificateauthorityFunctions.getCertificateTemplateIamPolicy(GetCertificateTemplateIamPolicyArgs.builder()\n .certificateTemplate(default_.id())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:certificateauthority:getCertificateTemplateIamPolicy\n Arguments:\n certificateTemplate: ${default.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for certificatetemplate\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.certificateauthority.getCertificateTemplateIamPolicy({\n certificateTemplate: _default.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.certificateauthority.get_certificate_template_iam_policy(certificate_template=default[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.CertificateAuthority.GetCertificateTemplateIamPolicy.Invoke(new()\n {\n CertificateTemplate = @default.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.LookupCertificateTemplateIamPolicy(ctx, \u0026certificateauthority.LookupCertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: _default.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateauthorityFunctions;\nimport com.pulumi.gcp.certificateauthority.inputs.GetCertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = CertificateauthorityFunctions.getCertificateTemplateIamPolicy(GetCertificateTemplateIamPolicyArgs.builder()\n .certificateTemplate(default_.id())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:certificateauthority:getCertificateTemplateIamPolicy\n arguments:\n certificateTemplate: ${default.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getCertificateTemplateIamPolicy.\n", "properties": { @@ -282247,7 +282247,7 @@ } }, "gcp:certificatemanager/getCertificateMap:getCertificateMap": { - "description": "Get info about a Google Certificate Manager Certificate Map resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.certificatemanager.getCertificateMap({\n name: \"cert-map\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.certificatemanager.get_certificate_map(name=\"cert-map\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.CertificateManager.GetCertificateMap.Invoke(new()\n {\n Name = \"cert-map\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificatemanager.GetCertificateMap(ctx, \u0026certificatemanager.GetCertificateMapArgs{\n\t\t\tName: \"cert-map\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificatemanager.CertificatemanagerFunctions;\nimport com.pulumi.gcp.certificatemanager.inputs.GetCertificateMapArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = CertificatemanagerFunctions.getCertificateMap(GetCertificateMapArgs.builder()\n .name(\"cert-map\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n default:\n fn::invoke:\n Function: gcp:certificatemanager:getCertificateMap\n Arguments:\n name: cert-map\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get info about a Google Certificate Manager Certificate Map resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.certificatemanager.getCertificateMap({\n name: \"cert-map\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.certificatemanager.get_certificate_map(name=\"cert-map\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.CertificateManager.GetCertificateMap.Invoke(new()\n {\n Name = \"cert-map\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificatemanager.GetCertificateMap(ctx, \u0026certificatemanager.GetCertificateMapArgs{\n\t\t\tName: \"cert-map\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificatemanager.CertificatemanagerFunctions;\nimport com.pulumi.gcp.certificatemanager.inputs.GetCertificateMapArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = CertificatemanagerFunctions.getCertificateMap(GetCertificateMapArgs.builder()\n .name(\"cert-map\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n default:\n fn::invoke:\n function: gcp:certificatemanager:getCertificateMap\n arguments:\n name: cert-map\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getCertificateMap.\n", "properties": { @@ -282329,7 +282329,7 @@ } }, "gcp:certificatemanager/getCertificates:getCertificates": { - "description": "List all certificates within Google Certificate Manager for a given project, region or filter.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.certificatemanager.getCertificates({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.certificatemanager.get_certificates()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.CertificateManager.GetCertificates.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificatemanager.GetCertificates(ctx, \u0026certificatemanager.GetCertificatesArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificatemanager.CertificatemanagerFunctions;\nimport com.pulumi.gcp.certificatemanager.inputs.GetCertificatesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = CertificatemanagerFunctions.getCertificates();\n\n }\n}\n```\n```yaml\nvariables:\n default:\n fn::invoke:\n Function: gcp:certificatemanager:getCertificates\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With A Filter\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.certificatemanager.getCertificates({\n filter: \"name:projects/PROJECT_ID/locations/REGION/certificates/certificate-name-*\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.certificatemanager.get_certificates(filter=\"name:projects/PROJECT_ID/locations/REGION/certificates/certificate-name-*\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.CertificateManager.GetCertificates.Invoke(new()\n {\n Filter = \"name:projects/PROJECT_ID/locations/REGION/certificates/certificate-name-*\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificatemanager.GetCertificates(ctx, \u0026certificatemanager.GetCertificatesArgs{\n\t\t\tFilter: pulumi.StringRef(\"name:projects/PROJECT_ID/locations/REGION/certificates/certificate-name-*\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificatemanager.CertificatemanagerFunctions;\nimport com.pulumi.gcp.certificatemanager.inputs.GetCertificatesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = CertificatemanagerFunctions.getCertificates(GetCertificatesArgs.builder()\n .filter(\"name:projects/PROJECT_ID/locations/REGION/certificates/certificate-name-*\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n default:\n fn::invoke:\n Function: gcp:certificatemanager:getCertificates\n Arguments:\n filter: name:projects/PROJECT_ID/locations/REGION/certificates/certificate-name-*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "List all certificates within Google Certificate Manager for a given project, region or filter.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.certificatemanager.getCertificates({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.certificatemanager.get_certificates()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.CertificateManager.GetCertificates.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificatemanager.GetCertificates(ctx, \u0026certificatemanager.GetCertificatesArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificatemanager.CertificatemanagerFunctions;\nimport com.pulumi.gcp.certificatemanager.inputs.GetCertificatesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = CertificatemanagerFunctions.getCertificates();\n\n }\n}\n```\n```yaml\nvariables:\n default:\n fn::invoke:\n function: gcp:certificatemanager:getCertificates\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With A Filter\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.certificatemanager.getCertificates({\n filter: \"name:projects/PROJECT_ID/locations/REGION/certificates/certificate-name-*\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.certificatemanager.get_certificates(filter=\"name:projects/PROJECT_ID/locations/REGION/certificates/certificate-name-*\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.CertificateManager.GetCertificates.Invoke(new()\n {\n Filter = \"name:projects/PROJECT_ID/locations/REGION/certificates/certificate-name-*\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/certificatemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificatemanager.GetCertificates(ctx, \u0026certificatemanager.GetCertificatesArgs{\n\t\t\tFilter: pulumi.StringRef(\"name:projects/PROJECT_ID/locations/REGION/certificates/certificate-name-*\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificatemanager.CertificatemanagerFunctions;\nimport com.pulumi.gcp.certificatemanager.inputs.GetCertificatesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = CertificatemanagerFunctions.getCertificates(GetCertificatesArgs.builder()\n .filter(\"name:projects/PROJECT_ID/locations/REGION/certificates/certificate-name-*\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n default:\n fn::invoke:\n function: gcp:certificatemanager:getCertificates\n arguments:\n filter: name:projects/PROJECT_ID/locations/REGION/certificates/certificate-name-*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getCertificates.\n", "properties": { @@ -282372,7 +282372,7 @@ } }, "gcp:cloudasset/getResourcesSearchAll:getResourcesSearchAll": { - "description": "## Example Usage\n\n### Searching For All Projects In An Org\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst projects = gcp.cloudasset.getResourcesSearchAll({\n scope: \"organizations/0123456789\",\n assetTypes: [\"cloudresourcemanager.googleapis.com/Project\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprojects = gcp.cloudasset.get_resources_search_all(scope=\"organizations/0123456789\",\n asset_types=[\"cloudresourcemanager.googleapis.com/Project\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var projects = Gcp.CloudAsset.GetResourcesSearchAll.Invoke(new()\n {\n Scope = \"organizations/0123456789\",\n AssetTypes = new[]\n {\n \"cloudresourcemanager.googleapis.com/Project\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudasset\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudasset.LookupResourcesSearchAll(ctx, \u0026cloudasset.LookupResourcesSearchAllArgs{\n\t\t\tScope: \"organizations/0123456789\",\n\t\t\tAssetTypes: []string{\n\t\t\t\t\"cloudresourcemanager.googleapis.com/Project\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudasset.CloudassetFunctions;\nimport com.pulumi.gcp.cloudasset.inputs.GetResourcesSearchAllArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var projects = CloudassetFunctions.getResourcesSearchAll(GetResourcesSearchAllArgs.builder()\n .scope(\"organizations/0123456789\")\n .assetTypes(\"cloudresourcemanager.googleapis.com/Project\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n projects:\n fn::invoke:\n Function: gcp:cloudasset:getResourcesSearchAll\n Arguments:\n scope: organizations/0123456789\n assetTypes:\n - cloudresourcemanager.googleapis.com/Project\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Searching For All Projects With CloudBuild API Enabled\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cloudBuildProjects = gcp.cloudasset.getResourcesSearchAll({\n scope: \"organizations/0123456789\",\n assetTypes: [\"serviceusage.googleapis.com/Service\"],\n query: \"displayName:cloudbuild.googleapis.com AND state:ENABLED\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncloud_build_projects = gcp.cloudasset.get_resources_search_all(scope=\"organizations/0123456789\",\n asset_types=[\"serviceusage.googleapis.com/Service\"],\n query=\"displayName:cloudbuild.googleapis.com AND state:ENABLED\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cloudBuildProjects = Gcp.CloudAsset.GetResourcesSearchAll.Invoke(new()\n {\n Scope = \"organizations/0123456789\",\n AssetTypes = new[]\n {\n \"serviceusage.googleapis.com/Service\",\n },\n Query = \"displayName:cloudbuild.googleapis.com AND state:ENABLED\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudasset\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudasset.LookupResourcesSearchAll(ctx, \u0026cloudasset.LookupResourcesSearchAllArgs{\n\t\t\tScope: \"organizations/0123456789\",\n\t\t\tAssetTypes: []string{\n\t\t\t\t\"serviceusage.googleapis.com/Service\",\n\t\t\t},\n\t\t\tQuery: pulumi.StringRef(\"displayName:cloudbuild.googleapis.com AND state:ENABLED\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudasset.CloudassetFunctions;\nimport com.pulumi.gcp.cloudasset.inputs.GetResourcesSearchAllArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var cloudBuildProjects = CloudassetFunctions.getResourcesSearchAll(GetResourcesSearchAllArgs.builder()\n .scope(\"organizations/0123456789\")\n .assetTypes(\"serviceusage.googleapis.com/Service\")\n .query(\"displayName:cloudbuild.googleapis.com AND state:ENABLED\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n cloudBuildProjects:\n fn::invoke:\n Function: gcp:cloudasset:getResourcesSearchAll\n Arguments:\n scope: organizations/0123456789\n assetTypes:\n - serviceusage.googleapis.com/Service\n query: displayName:cloudbuild.googleapis.com AND state:ENABLED\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Searching For All Service Accounts In A Project\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst projectServiceAccounts = gcp.cloudasset.getResourcesSearchAll({\n scope: \"projects/my-project-id\",\n assetTypes: [\"iam.googleapis.com/ServiceAccount\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject_service_accounts = gcp.cloudasset.get_resources_search_all(scope=\"projects/my-project-id\",\n asset_types=[\"iam.googleapis.com/ServiceAccount\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var projectServiceAccounts = Gcp.CloudAsset.GetResourcesSearchAll.Invoke(new()\n {\n Scope = \"projects/my-project-id\",\n AssetTypes = new[]\n {\n \"iam.googleapis.com/ServiceAccount\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudasset\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudasset.LookupResourcesSearchAll(ctx, \u0026cloudasset.LookupResourcesSearchAllArgs{\n\t\t\tScope: \"projects/my-project-id\",\n\t\t\tAssetTypes: []string{\n\t\t\t\t\"iam.googleapis.com/ServiceAccount\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudasset.CloudassetFunctions;\nimport com.pulumi.gcp.cloudasset.inputs.GetResourcesSearchAllArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var projectServiceAccounts = CloudassetFunctions.getResourcesSearchAll(GetResourcesSearchAllArgs.builder()\n .scope(\"projects/my-project-id\")\n .assetTypes(\"iam.googleapis.com/ServiceAccount\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n projectServiceAccounts:\n fn::invoke:\n Function: gcp:cloudasset:getResourcesSearchAll\n Arguments:\n scope: projects/my-project-id\n assetTypes:\n - iam.googleapis.com/ServiceAccount\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "## Example Usage\n\n### Searching For All Projects In An Org\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst projects = gcp.cloudasset.getResourcesSearchAll({\n scope: \"organizations/0123456789\",\n assetTypes: [\"cloudresourcemanager.googleapis.com/Project\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprojects = gcp.cloudasset.get_resources_search_all(scope=\"organizations/0123456789\",\n asset_types=[\"cloudresourcemanager.googleapis.com/Project\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var projects = Gcp.CloudAsset.GetResourcesSearchAll.Invoke(new()\n {\n Scope = \"organizations/0123456789\",\n AssetTypes = new[]\n {\n \"cloudresourcemanager.googleapis.com/Project\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudasset\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudasset.LookupResourcesSearchAll(ctx, \u0026cloudasset.LookupResourcesSearchAllArgs{\n\t\t\tScope: \"organizations/0123456789\",\n\t\t\tAssetTypes: []string{\n\t\t\t\t\"cloudresourcemanager.googleapis.com/Project\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudasset.CloudassetFunctions;\nimport com.pulumi.gcp.cloudasset.inputs.GetResourcesSearchAllArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var projects = CloudassetFunctions.getResourcesSearchAll(GetResourcesSearchAllArgs.builder()\n .scope(\"organizations/0123456789\")\n .assetTypes(\"cloudresourcemanager.googleapis.com/Project\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n projects:\n fn::invoke:\n function: gcp:cloudasset:getResourcesSearchAll\n arguments:\n scope: organizations/0123456789\n assetTypes:\n - cloudresourcemanager.googleapis.com/Project\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Searching For All Projects With CloudBuild API Enabled\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cloudBuildProjects = gcp.cloudasset.getResourcesSearchAll({\n scope: \"organizations/0123456789\",\n assetTypes: [\"serviceusage.googleapis.com/Service\"],\n query: \"displayName:cloudbuild.googleapis.com AND state:ENABLED\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncloud_build_projects = gcp.cloudasset.get_resources_search_all(scope=\"organizations/0123456789\",\n asset_types=[\"serviceusage.googleapis.com/Service\"],\n query=\"displayName:cloudbuild.googleapis.com AND state:ENABLED\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cloudBuildProjects = Gcp.CloudAsset.GetResourcesSearchAll.Invoke(new()\n {\n Scope = \"organizations/0123456789\",\n AssetTypes = new[]\n {\n \"serviceusage.googleapis.com/Service\",\n },\n Query = \"displayName:cloudbuild.googleapis.com AND state:ENABLED\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudasset\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudasset.LookupResourcesSearchAll(ctx, \u0026cloudasset.LookupResourcesSearchAllArgs{\n\t\t\tScope: \"organizations/0123456789\",\n\t\t\tAssetTypes: []string{\n\t\t\t\t\"serviceusage.googleapis.com/Service\",\n\t\t\t},\n\t\t\tQuery: pulumi.StringRef(\"displayName:cloudbuild.googleapis.com AND state:ENABLED\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudasset.CloudassetFunctions;\nimport com.pulumi.gcp.cloudasset.inputs.GetResourcesSearchAllArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var cloudBuildProjects = CloudassetFunctions.getResourcesSearchAll(GetResourcesSearchAllArgs.builder()\n .scope(\"organizations/0123456789\")\n .assetTypes(\"serviceusage.googleapis.com/Service\")\n .query(\"displayName:cloudbuild.googleapis.com AND state:ENABLED\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n cloudBuildProjects:\n fn::invoke:\n function: gcp:cloudasset:getResourcesSearchAll\n arguments:\n scope: organizations/0123456789\n assetTypes:\n - serviceusage.googleapis.com/Service\n query: displayName:cloudbuild.googleapis.com AND state:ENABLED\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Searching For All Service Accounts In A Project\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst projectServiceAccounts = gcp.cloudasset.getResourcesSearchAll({\n scope: \"projects/my-project-id\",\n assetTypes: [\"iam.googleapis.com/ServiceAccount\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject_service_accounts = gcp.cloudasset.get_resources_search_all(scope=\"projects/my-project-id\",\n asset_types=[\"iam.googleapis.com/ServiceAccount\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var projectServiceAccounts = Gcp.CloudAsset.GetResourcesSearchAll.Invoke(new()\n {\n Scope = \"projects/my-project-id\",\n AssetTypes = new[]\n {\n \"iam.googleapis.com/ServiceAccount\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudasset\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudasset.LookupResourcesSearchAll(ctx, \u0026cloudasset.LookupResourcesSearchAllArgs{\n\t\t\tScope: \"projects/my-project-id\",\n\t\t\tAssetTypes: []string{\n\t\t\t\t\"iam.googleapis.com/ServiceAccount\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudasset.CloudassetFunctions;\nimport com.pulumi.gcp.cloudasset.inputs.GetResourcesSearchAllArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var projectServiceAccounts = CloudassetFunctions.getResourcesSearchAll(GetResourcesSearchAllArgs.builder()\n .scope(\"projects/my-project-id\")\n .assetTypes(\"iam.googleapis.com/ServiceAccount\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n projectServiceAccounts:\n fn::invoke:\n function: gcp:cloudasset:getResourcesSearchAll\n arguments:\n scope: projects/my-project-id\n assetTypes:\n - iam.googleapis.com/ServiceAccount\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getResourcesSearchAll.\n", "properties": { @@ -282433,7 +282433,7 @@ } }, "gcp:cloudasset/getSearchAllResources:getSearchAllResources": { - "description": "Searches all Google Cloud resources within the specified scope, such as a project, folder, or organization. See the\n[REST API](https://cloud.google.com/asset-inventory/docs/reference/rest/v1/TopLevel/searchAllResources)\nfor more details.\n\n## Example Usage\n\n### Searching For All Projects In An Org\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst projects = gcp.cloudasset.getSearchAllResources({\n scope: \"organizations/0123456789\",\n assetTypes: [\"cloudresourcemanager.googleapis.com/Project\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprojects = gcp.cloudasset.get_search_all_resources(scope=\"organizations/0123456789\",\n asset_types=[\"cloudresourcemanager.googleapis.com/Project\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var projects = Gcp.CloudAsset.GetSearchAllResources.Invoke(new()\n {\n Scope = \"organizations/0123456789\",\n AssetTypes = new[]\n {\n \"cloudresourcemanager.googleapis.com/Project\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudasset\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudasset.LookupSearchAllResources(ctx, \u0026cloudasset.LookupSearchAllResourcesArgs{\n\t\t\tScope: \"organizations/0123456789\",\n\t\t\tAssetTypes: []string{\n\t\t\t\t\"cloudresourcemanager.googleapis.com/Project\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudasset.CloudassetFunctions;\nimport com.pulumi.gcp.cloudasset.inputs.GetSearchAllResourcesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var projects = CloudassetFunctions.getSearchAllResources(GetSearchAllResourcesArgs.builder()\n .scope(\"organizations/0123456789\")\n .assetTypes(\"cloudresourcemanager.googleapis.com/Project\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n projects:\n fn::invoke:\n Function: gcp:cloudasset:getSearchAllResources\n Arguments:\n scope: organizations/0123456789\n assetTypes:\n - cloudresourcemanager.googleapis.com/Project\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Searching For All Projects With CloudBuild API Enabled\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cloudBuildProjects = gcp.cloudasset.getSearchAllResources({\n scope: \"organizations/0123456789\",\n assetTypes: [\"serviceusage.googleapis.com/Service\"],\n query: \"displayName:cloudbuild.googleapis.com AND state:ENABLED\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncloud_build_projects = gcp.cloudasset.get_search_all_resources(scope=\"organizations/0123456789\",\n asset_types=[\"serviceusage.googleapis.com/Service\"],\n query=\"displayName:cloudbuild.googleapis.com AND state:ENABLED\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cloudBuildProjects = Gcp.CloudAsset.GetSearchAllResources.Invoke(new()\n {\n Scope = \"organizations/0123456789\",\n AssetTypes = new[]\n {\n \"serviceusage.googleapis.com/Service\",\n },\n Query = \"displayName:cloudbuild.googleapis.com AND state:ENABLED\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudasset\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudasset.LookupSearchAllResources(ctx, \u0026cloudasset.LookupSearchAllResourcesArgs{\n\t\t\tScope: \"organizations/0123456789\",\n\t\t\tAssetTypes: []string{\n\t\t\t\t\"serviceusage.googleapis.com/Service\",\n\t\t\t},\n\t\t\tQuery: pulumi.StringRef(\"displayName:cloudbuild.googleapis.com AND state:ENABLED\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudasset.CloudassetFunctions;\nimport com.pulumi.gcp.cloudasset.inputs.GetSearchAllResourcesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var cloudBuildProjects = CloudassetFunctions.getSearchAllResources(GetSearchAllResourcesArgs.builder()\n .scope(\"organizations/0123456789\")\n .assetTypes(\"serviceusage.googleapis.com/Service\")\n .query(\"displayName:cloudbuild.googleapis.com AND state:ENABLED\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n cloudBuildProjects:\n fn::invoke:\n Function: gcp:cloudasset:getSearchAllResources\n Arguments:\n scope: organizations/0123456789\n assetTypes:\n - serviceusage.googleapis.com/Service\n query: displayName:cloudbuild.googleapis.com AND state:ENABLED\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Searching For All Service Accounts In A Project\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst projectServiceAccounts = gcp.cloudasset.getSearchAllResources({\n scope: \"projects/my-project-id\",\n assetTypes: [\"iam.googleapis.com/ServiceAccount\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject_service_accounts = gcp.cloudasset.get_search_all_resources(scope=\"projects/my-project-id\",\n asset_types=[\"iam.googleapis.com/ServiceAccount\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var projectServiceAccounts = Gcp.CloudAsset.GetSearchAllResources.Invoke(new()\n {\n Scope = \"projects/my-project-id\",\n AssetTypes = new[]\n {\n \"iam.googleapis.com/ServiceAccount\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudasset\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudasset.LookupSearchAllResources(ctx, \u0026cloudasset.LookupSearchAllResourcesArgs{\n\t\t\tScope: \"projects/my-project-id\",\n\t\t\tAssetTypes: []string{\n\t\t\t\t\"iam.googleapis.com/ServiceAccount\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudasset.CloudassetFunctions;\nimport com.pulumi.gcp.cloudasset.inputs.GetSearchAllResourcesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var projectServiceAccounts = CloudassetFunctions.getSearchAllResources(GetSearchAllResourcesArgs.builder()\n .scope(\"projects/my-project-id\")\n .assetTypes(\"iam.googleapis.com/ServiceAccount\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n projectServiceAccounts:\n fn::invoke:\n Function: gcp:cloudasset:getSearchAllResources\n Arguments:\n scope: projects/my-project-id\n assetTypes:\n - iam.googleapis.com/ServiceAccount\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Searches all Google Cloud resources within the specified scope, such as a project, folder, or organization. See the\n[REST API](https://cloud.google.com/asset-inventory/docs/reference/rest/v1/TopLevel/searchAllResources)\nfor more details.\n\n## Example Usage\n\n### Searching For All Projects In An Org\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst projects = gcp.cloudasset.getSearchAllResources({\n scope: \"organizations/0123456789\",\n assetTypes: [\"cloudresourcemanager.googleapis.com/Project\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprojects = gcp.cloudasset.get_search_all_resources(scope=\"organizations/0123456789\",\n asset_types=[\"cloudresourcemanager.googleapis.com/Project\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var projects = Gcp.CloudAsset.GetSearchAllResources.Invoke(new()\n {\n Scope = \"organizations/0123456789\",\n AssetTypes = new[]\n {\n \"cloudresourcemanager.googleapis.com/Project\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudasset\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudasset.LookupSearchAllResources(ctx, \u0026cloudasset.LookupSearchAllResourcesArgs{\n\t\t\tScope: \"organizations/0123456789\",\n\t\t\tAssetTypes: []string{\n\t\t\t\t\"cloudresourcemanager.googleapis.com/Project\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudasset.CloudassetFunctions;\nimport com.pulumi.gcp.cloudasset.inputs.GetSearchAllResourcesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var projects = CloudassetFunctions.getSearchAllResources(GetSearchAllResourcesArgs.builder()\n .scope(\"organizations/0123456789\")\n .assetTypes(\"cloudresourcemanager.googleapis.com/Project\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n projects:\n fn::invoke:\n function: gcp:cloudasset:getSearchAllResources\n arguments:\n scope: organizations/0123456789\n assetTypes:\n - cloudresourcemanager.googleapis.com/Project\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Searching For All Projects With CloudBuild API Enabled\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cloudBuildProjects = gcp.cloudasset.getSearchAllResources({\n scope: \"organizations/0123456789\",\n assetTypes: [\"serviceusage.googleapis.com/Service\"],\n query: \"displayName:cloudbuild.googleapis.com AND state:ENABLED\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncloud_build_projects = gcp.cloudasset.get_search_all_resources(scope=\"organizations/0123456789\",\n asset_types=[\"serviceusage.googleapis.com/Service\"],\n query=\"displayName:cloudbuild.googleapis.com AND state:ENABLED\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cloudBuildProjects = Gcp.CloudAsset.GetSearchAllResources.Invoke(new()\n {\n Scope = \"organizations/0123456789\",\n AssetTypes = new[]\n {\n \"serviceusage.googleapis.com/Service\",\n },\n Query = \"displayName:cloudbuild.googleapis.com AND state:ENABLED\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudasset\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudasset.LookupSearchAllResources(ctx, \u0026cloudasset.LookupSearchAllResourcesArgs{\n\t\t\tScope: \"organizations/0123456789\",\n\t\t\tAssetTypes: []string{\n\t\t\t\t\"serviceusage.googleapis.com/Service\",\n\t\t\t},\n\t\t\tQuery: pulumi.StringRef(\"displayName:cloudbuild.googleapis.com AND state:ENABLED\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudasset.CloudassetFunctions;\nimport com.pulumi.gcp.cloudasset.inputs.GetSearchAllResourcesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var cloudBuildProjects = CloudassetFunctions.getSearchAllResources(GetSearchAllResourcesArgs.builder()\n .scope(\"organizations/0123456789\")\n .assetTypes(\"serviceusage.googleapis.com/Service\")\n .query(\"displayName:cloudbuild.googleapis.com AND state:ENABLED\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n cloudBuildProjects:\n fn::invoke:\n function: gcp:cloudasset:getSearchAllResources\n arguments:\n scope: organizations/0123456789\n assetTypes:\n - serviceusage.googleapis.com/Service\n query: displayName:cloudbuild.googleapis.com AND state:ENABLED\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Searching For All Service Accounts In A Project\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst projectServiceAccounts = gcp.cloudasset.getSearchAllResources({\n scope: \"projects/my-project-id\",\n assetTypes: [\"iam.googleapis.com/ServiceAccount\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject_service_accounts = gcp.cloudasset.get_search_all_resources(scope=\"projects/my-project-id\",\n asset_types=[\"iam.googleapis.com/ServiceAccount\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var projectServiceAccounts = Gcp.CloudAsset.GetSearchAllResources.Invoke(new()\n {\n Scope = \"projects/my-project-id\",\n AssetTypes = new[]\n {\n \"iam.googleapis.com/ServiceAccount\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudasset\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudasset.LookupSearchAllResources(ctx, \u0026cloudasset.LookupSearchAllResourcesArgs{\n\t\t\tScope: \"projects/my-project-id\",\n\t\t\tAssetTypes: []string{\n\t\t\t\t\"iam.googleapis.com/ServiceAccount\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudasset.CloudassetFunctions;\nimport com.pulumi.gcp.cloudasset.inputs.GetSearchAllResourcesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var projectServiceAccounts = CloudassetFunctions.getSearchAllResources(GetSearchAllResourcesArgs.builder()\n .scope(\"projects/my-project-id\")\n .assetTypes(\"iam.googleapis.com/ServiceAccount\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n projectServiceAccounts:\n fn::invoke:\n function: gcp:cloudasset:getSearchAllResources\n arguments:\n scope: projects/my-project-id\n assetTypes:\n - iam.googleapis.com/ServiceAccount\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getSearchAllResources.\n", "properties": { @@ -282494,7 +282494,7 @@ } }, "gcp:cloudbuild/getTrigger:getTrigger": { - "description": "To get more information about Cloudbuild Trigger, see:\n\n* [API documentation](https://cloud.google.com/build/docs/api/reference/rest/v1/projects.triggers)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/build/docs/automating-builds/create-manage-triggers)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst name = gcp.cloudbuild.getTrigger({\n project: \"your-project-id\",\n triggerId: filename_trigger.triggerId,\n location: \"location of trigger build\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nname = gcp.cloudbuild.get_trigger(project=\"your-project-id\",\n trigger_id=filename_trigger[\"triggerId\"],\n location=\"location of trigger build\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var name = Gcp.CloudBuild.GetTrigger.Invoke(new()\n {\n Project = \"your-project-id\",\n TriggerId = filename_trigger.TriggerId,\n Location = \"location of trigger build\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuild.LookupTrigger(ctx, \u0026cloudbuild.LookupTriggerArgs{\n\t\t\tProject: pulumi.StringRef(\"your-project-id\"),\n\t\t\tTriggerId: filename_trigger.TriggerId,\n\t\t\tLocation: \"location of trigger build\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuild.CloudbuildFunctions;\nimport com.pulumi.gcp.cloudbuild.inputs.GetTriggerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var name = CloudbuildFunctions.getTrigger(GetTriggerArgs.builder()\n .project(\"your-project-id\")\n .triggerId(filename_trigger.triggerId())\n .location(\"location of trigger build\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n name:\n fn::invoke:\n Function: gcp:cloudbuild:getTrigger\n Arguments:\n project: your-project-id\n triggerId: ${[\"filename-trigger\"].triggerId}\n location: location of trigger build\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "To get more information about Cloudbuild Trigger, see:\n\n* [API documentation](https://cloud.google.com/build/docs/api/reference/rest/v1/projects.triggers)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/build/docs/automating-builds/create-manage-triggers)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst name = gcp.cloudbuild.getTrigger({\n project: \"your-project-id\",\n triggerId: filename_trigger.triggerId,\n location: \"location of trigger build\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nname = gcp.cloudbuild.get_trigger(project=\"your-project-id\",\n trigger_id=filename_trigger[\"triggerId\"],\n location=\"location of trigger build\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var name = Gcp.CloudBuild.GetTrigger.Invoke(new()\n {\n Project = \"your-project-id\",\n TriggerId = filename_trigger.TriggerId,\n Location = \"location of trigger build\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuild\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuild.LookupTrigger(ctx, \u0026cloudbuild.LookupTriggerArgs{\n\t\t\tProject: pulumi.StringRef(\"your-project-id\"),\n\t\t\tTriggerId: filename_trigger.TriggerId,\n\t\t\tLocation: \"location of trigger build\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuild.CloudbuildFunctions;\nimport com.pulumi.gcp.cloudbuild.inputs.GetTriggerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var name = CloudbuildFunctions.getTrigger(GetTriggerArgs.builder()\n .project(\"your-project-id\")\n .triggerId(filename_trigger.triggerId())\n .location(\"location of trigger build\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n name:\n fn::invoke:\n function: gcp:cloudbuild:getTrigger\n arguments:\n project: your-project-id\n triggerId: ${[\"filename-trigger\"].triggerId}\n location: location of trigger build\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getTrigger.\n", "properties": { @@ -282673,7 +282673,7 @@ } }, "gcp:cloudbuildv2/getConnectionIamPolicy:getConnectionIamPolicy": { - "description": "Retrieves the current IAM policy data for connection\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.cloudbuildv2.getConnectionIamPolicy({\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.cloudbuildv2.get_connection_iam_policy(project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.CloudBuildV2.GetConnectionIamPolicy.Invoke(new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.GetConnectionIamPolicy(ctx, \u0026cloudbuildv2.GetConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(my_connection.Project),\n\t\t\tLocation: pulumi.StringRef(my_connection.Location),\n\t\t\tName: my_connection.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.Cloudbuildv2Functions;\nimport com.pulumi.gcp.cloudbuildv2.inputs.GetConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = Cloudbuildv2Functions.getConnectionIamPolicy(GetConnectionIamPolicyArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:cloudbuildv2:getConnectionIamPolicy\n Arguments:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for connection\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.cloudbuildv2.getConnectionIamPolicy({\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.cloudbuildv2.get_connection_iam_policy(project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.CloudBuildV2.GetConnectionIamPolicy.Invoke(new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.GetConnectionIamPolicy(ctx, \u0026cloudbuildv2.GetConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(my_connection.Project),\n\t\t\tLocation: pulumi.StringRef(my_connection.Location),\n\t\t\tName: my_connection.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.Cloudbuildv2Functions;\nimport com.pulumi.gcp.cloudbuildv2.inputs.GetConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = Cloudbuildv2Functions.getConnectionIamPolicy(GetConnectionIamPolicyArgs.builder()\n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:cloudbuildv2:getConnectionIamPolicy\n arguments:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getConnectionIamPolicy.\n", "properties": { @@ -282735,7 +282735,7 @@ } }, "gcp:clouddeploy/getCustomTargetTypeIamPolicy:getCustomTargetTypeIamPolicy": { - "description": "Retrieves the current IAM policy data for customtargettype\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.clouddeploy.getCustomTargetTypeIamPolicy({\n project: custom_target_type.project,\n location: custom_target_type.location,\n name: custom_target_type.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.clouddeploy.get_custom_target_type_iam_policy(project=custom_target_type[\"project\"],\n location=custom_target_type[\"location\"],\n name=custom_target_type[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.CloudDeploy.GetCustomTargetTypeIamPolicy.Invoke(new()\n {\n Project = custom_target_type.Project,\n Location = custom_target_type.Location,\n Name = custom_target_type.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/clouddeploy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := clouddeploy.LookupCustomTargetTypeIamPolicy(ctx, \u0026clouddeploy.LookupCustomTargetTypeIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(custom_target_type.Project),\n\t\t\tLocation: pulumi.StringRef(custom_target_type.Location),\n\t\t\tName: custom_target_type.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.clouddeploy.ClouddeployFunctions;\nimport com.pulumi.gcp.clouddeploy.inputs.GetCustomTargetTypeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = ClouddeployFunctions.getCustomTargetTypeIamPolicy(GetCustomTargetTypeIamPolicyArgs.builder()\n .project(custom_target_type.project())\n .location(custom_target_type.location())\n .name(custom_target_type.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:clouddeploy:getCustomTargetTypeIamPolicy\n Arguments:\n project: ${[\"custom-target-type\"].project}\n location: ${[\"custom-target-type\"].location}\n name: ${[\"custom-target-type\"].name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for customtargettype\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.clouddeploy.getCustomTargetTypeIamPolicy({\n project: custom_target_type.project,\n location: custom_target_type.location,\n name: custom_target_type.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.clouddeploy.get_custom_target_type_iam_policy(project=custom_target_type[\"project\"],\n location=custom_target_type[\"location\"],\n name=custom_target_type[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.CloudDeploy.GetCustomTargetTypeIamPolicy.Invoke(new()\n {\n Project = custom_target_type.Project,\n Location = custom_target_type.Location,\n Name = custom_target_type.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/clouddeploy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := clouddeploy.LookupCustomTargetTypeIamPolicy(ctx, \u0026clouddeploy.LookupCustomTargetTypeIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(custom_target_type.Project),\n\t\t\tLocation: pulumi.StringRef(custom_target_type.Location),\n\t\t\tName: custom_target_type.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.clouddeploy.ClouddeployFunctions;\nimport com.pulumi.gcp.clouddeploy.inputs.GetCustomTargetTypeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = ClouddeployFunctions.getCustomTargetTypeIamPolicy(GetCustomTargetTypeIamPolicyArgs.builder()\n .project(custom_target_type.project())\n .location(custom_target_type.location())\n .name(custom_target_type.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:clouddeploy:getCustomTargetTypeIamPolicy\n arguments:\n project: ${[\"custom-target-type\"].project}\n location: ${[\"custom-target-type\"].location}\n name: ${[\"custom-target-type\"].name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getCustomTargetTypeIamPolicy.\n", "properties": { @@ -282797,7 +282797,7 @@ } }, "gcp:clouddeploy/getDeliveryPipelineIamPolicy:getDeliveryPipelineIamPolicy": { - "description": "Retrieves the current IAM policy data for deliverypipeline\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.clouddeploy.getDeliveryPipelineIamPolicy({\n project: _default.project,\n location: _default.location,\n name: _default.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.clouddeploy.get_delivery_pipeline_iam_policy(project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.CloudDeploy.GetDeliveryPipelineIamPolicy.Invoke(new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/clouddeploy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := clouddeploy.LookupDeliveryPipelineIamPolicy(ctx, \u0026clouddeploy.LookupDeliveryPipelineIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(_default.Project),\n\t\t\tLocation: pulumi.StringRef(_default.Location),\n\t\t\tName: _default.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.clouddeploy.ClouddeployFunctions;\nimport com.pulumi.gcp.clouddeploy.inputs.GetDeliveryPipelineIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = ClouddeployFunctions.getDeliveryPipelineIamPolicy(GetDeliveryPipelineIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:clouddeploy:getDeliveryPipelineIamPolicy\n Arguments:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for deliverypipeline\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.clouddeploy.getDeliveryPipelineIamPolicy({\n project: _default.project,\n location: _default.location,\n name: _default.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.clouddeploy.get_delivery_pipeline_iam_policy(project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.CloudDeploy.GetDeliveryPipelineIamPolicy.Invoke(new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/clouddeploy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := clouddeploy.LookupDeliveryPipelineIamPolicy(ctx, \u0026clouddeploy.LookupDeliveryPipelineIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(_default.Project),\n\t\t\tLocation: pulumi.StringRef(_default.Location),\n\t\t\tName: _default.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.clouddeploy.ClouddeployFunctions;\nimport com.pulumi.gcp.clouddeploy.inputs.GetDeliveryPipelineIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = ClouddeployFunctions.getDeliveryPipelineIamPolicy(GetDeliveryPipelineIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:clouddeploy:getDeliveryPipelineIamPolicy\n arguments:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getDeliveryPipelineIamPolicy.\n", "properties": { @@ -282858,7 +282858,7 @@ } }, "gcp:clouddeploy/getTargetIamPolicy:getTargetIamPolicy": { - "description": "Retrieves the current IAM policy data for target\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.clouddeploy.getTargetIamPolicy({\n project: _default.project,\n location: _default.location,\n name: _default.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.clouddeploy.get_target_iam_policy(project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.CloudDeploy.GetTargetIamPolicy.Invoke(new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/clouddeploy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := clouddeploy.LookupTargetIamPolicy(ctx, \u0026clouddeploy.LookupTargetIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(_default.Project),\n\t\t\tLocation: pulumi.StringRef(_default.Location),\n\t\t\tName: _default.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.clouddeploy.ClouddeployFunctions;\nimport com.pulumi.gcp.clouddeploy.inputs.GetTargetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = ClouddeployFunctions.getTargetIamPolicy(GetTargetIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:clouddeploy:getTargetIamPolicy\n Arguments:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for target\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.clouddeploy.getTargetIamPolicy({\n project: _default.project,\n location: _default.location,\n name: _default.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.clouddeploy.get_target_iam_policy(project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.CloudDeploy.GetTargetIamPolicy.Invoke(new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/clouddeploy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := clouddeploy.LookupTargetIamPolicy(ctx, \u0026clouddeploy.LookupTargetIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(_default.Project),\n\t\t\tLocation: pulumi.StringRef(_default.Location),\n\t\t\tName: _default.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.clouddeploy.ClouddeployFunctions;\nimport com.pulumi.gcp.clouddeploy.inputs.GetTargetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = ClouddeployFunctions.getTargetIamPolicy(GetTargetIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:clouddeploy:getTargetIamPolicy\n arguments:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getTargetIamPolicy.\n", "properties": { @@ -282919,7 +282919,7 @@ } }, "gcp:cloudfunctions/getFunction:getFunction": { - "description": "Get information about a Google Cloud Function. For more information see\nthe [official documentation](https://cloud.google.com/functions/docs/)\nand [API](https://cloud.google.com/functions/docs/apis).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-function = gcp.cloudfunctions.getFunction({\n name: \"function\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_function = gcp.cloudfunctions.get_function(name=\"function\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_function = Gcp.CloudFunctions.GetFunction.Invoke(new()\n {\n Name = \"function\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.LookupFunction(ctx, \u0026cloudfunctions.LookupFunctionArgs{\n\t\t\tName: \"function\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.CloudfunctionsFunctions;\nimport com.pulumi.gcp.cloudfunctions.inputs.GetFunctionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-function = CloudfunctionsFunctions.getFunction(GetFunctionArgs.builder()\n .name(\"function\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-function:\n fn::invoke:\n Function: gcp:cloudfunctions:getFunction\n Arguments:\n name: function\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get information about a Google Cloud Function. For more information see\nthe [official documentation](https://cloud.google.com/functions/docs/)\nand [API](https://cloud.google.com/functions/docs/apis).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-function = gcp.cloudfunctions.getFunction({\n name: \"function\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_function = gcp.cloudfunctions.get_function(name=\"function\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_function = Gcp.CloudFunctions.GetFunction.Invoke(new()\n {\n Name = \"function\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.LookupFunction(ctx, \u0026cloudfunctions.LookupFunctionArgs{\n\t\t\tName: \"function\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.CloudfunctionsFunctions;\nimport com.pulumi.gcp.cloudfunctions.inputs.GetFunctionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-function = CloudfunctionsFunctions.getFunction(GetFunctionArgs.builder()\n .name(\"function\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-function:\n fn::invoke:\n function: gcp:cloudfunctions:getFunction\n arguments:\n name: function\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getFunction.\n", "properties": { @@ -283141,7 +283141,7 @@ } }, "gcp:cloudfunctions/getFunctionIamPolicy:getFunctionIamPolicy": { - "description": "Retrieves the current IAM policy data for cloudfunction\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.cloudfunctions.getFunctionIamPolicy({\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.cloudfunctions.get_function_iam_policy(project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.CloudFunctions.GetFunctionIamPolicy.Invoke(new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.LookupFunctionIamPolicy(ctx, \u0026cloudfunctions.LookupFunctionIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(function.Project),\n\t\t\tRegion: pulumi.StringRef(function.Region),\n\t\t\tCloudFunction: function.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.CloudfunctionsFunctions;\nimport com.pulumi.gcp.cloudfunctions.inputs.GetFunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = CloudfunctionsFunctions.getFunctionIamPolicy(GetFunctionIamPolicyArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:cloudfunctions:getFunctionIamPolicy\n Arguments:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for cloudfunction\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.cloudfunctions.getFunctionIamPolicy({\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.cloudfunctions.get_function_iam_policy(project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.CloudFunctions.GetFunctionIamPolicy.Invoke(new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.LookupFunctionIamPolicy(ctx, \u0026cloudfunctions.LookupFunctionIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(function.Project),\n\t\t\tRegion: pulumi.StringRef(function.Region),\n\t\t\tCloudFunction: function.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.CloudfunctionsFunctions;\nimport com.pulumi.gcp.cloudfunctions.inputs.GetFunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = CloudfunctionsFunctions.getFunctionIamPolicy(GetFunctionIamPolicyArgs.builder()\n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:cloudfunctions:getFunctionIamPolicy\n arguments:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getFunctionIamPolicy.\n", "properties": { @@ -283203,7 +283203,7 @@ } }, "gcp:cloudfunctionsv2/getFunction:getFunction": { - "description": "Get information about a Google Cloud Function (2nd gen). For more information see:\n\n* [API documentation](https://cloud.google.com/functions/docs/reference/rest/v2beta/projects.locations.functions).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-function = gcp.cloudfunctionsv2.getFunction({\n name: \"function\",\n location: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_function = gcp.cloudfunctionsv2.get_function(name=\"function\",\n location=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_function = Gcp.CloudFunctionsV2.GetFunction.Invoke(new()\n {\n Name = \"function\",\n Location = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.LookupFunction(ctx, \u0026cloudfunctionsv2.LookupFunctionArgs{\n\t\t\tName: \"function\",\n\t\t\tLocation: \"us-central1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.Cloudfunctionsv2Functions;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.GetFunctionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-function = Cloudfunctionsv2Functions.getFunction(GetFunctionArgs.builder()\n .name(\"function\")\n .location(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-function:\n fn::invoke:\n Function: gcp:cloudfunctionsv2:getFunction\n Arguments:\n name: function\n location: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get information about a Google Cloud Function (2nd gen). For more information see:\n\n* [API documentation](https://cloud.google.com/functions/docs/reference/rest/v2beta/projects.locations.functions).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-function = gcp.cloudfunctionsv2.getFunction({\n name: \"function\",\n location: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_function = gcp.cloudfunctionsv2.get_function(name=\"function\",\n location=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_function = Gcp.CloudFunctionsV2.GetFunction.Invoke(new()\n {\n Name = \"function\",\n Location = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.LookupFunction(ctx, \u0026cloudfunctionsv2.LookupFunctionArgs{\n\t\t\tName: \"function\",\n\t\t\tLocation: \"us-central1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.Cloudfunctionsv2Functions;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.GetFunctionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-function = Cloudfunctionsv2Functions.getFunction(GetFunctionArgs.builder()\n .name(\"function\")\n .location(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-function:\n fn::invoke:\n function: gcp:cloudfunctionsv2:getFunction\n arguments:\n name: function\n location: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getFunction.\n", "properties": { @@ -283320,7 +283320,7 @@ } }, "gcp:cloudfunctionsv2/getFunctionIamPolicy:getFunctionIamPolicy": { - "description": "Retrieves the current IAM policy data for function\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.cloudfunctionsv2.getFunctionIamPolicy({\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.cloudfunctionsv2.get_function_iam_policy(project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.CloudFunctionsV2.GetFunctionIamPolicy.Invoke(new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.LookupFunctionIamPolicy(ctx, \u0026cloudfunctionsv2.LookupFunctionIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(function.Project),\n\t\t\tLocation: pulumi.StringRef(function.Location),\n\t\t\tCloudFunction: function.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.Cloudfunctionsv2Functions;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.GetFunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = Cloudfunctionsv2Functions.getFunctionIamPolicy(GetFunctionIamPolicyArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:cloudfunctionsv2:getFunctionIamPolicy\n Arguments:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for function\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.cloudfunctionsv2.getFunctionIamPolicy({\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.cloudfunctionsv2.get_function_iam_policy(project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.CloudFunctionsV2.GetFunctionIamPolicy.Invoke(new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.LookupFunctionIamPolicy(ctx, \u0026cloudfunctionsv2.LookupFunctionIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(function.Project),\n\t\t\tLocation: pulumi.StringRef(function.Location),\n\t\t\tCloudFunction: function.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.Cloudfunctionsv2Functions;\nimport com.pulumi.gcp.cloudfunctionsv2.inputs.GetFunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = Cloudfunctionsv2Functions.getFunctionIamPolicy(GetFunctionIamPolicyArgs.builder()\n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:cloudfunctionsv2:getFunctionIamPolicy\n arguments:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getFunctionIamPolicy.\n", "properties": { @@ -283382,7 +283382,7 @@ } }, "gcp:cloudidentity/getGroupLookup:getGroupLookup": { - "description": "Use this data source to look up the resource name of a Cloud Identity Group by its [EntityKey](https://cloud.google.com/identity/docs/reference/rest/v1/EntityKey), i.e. the group's email.\n\nhttps://cloud.google.com/identity/docs/concepts/overview#groups\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst group = gcp.cloudidentity.getGroupLookup({\n groupKey: {\n id: \"my-group@example.com\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ngroup = gcp.cloudidentity.get_group_lookup(group_key={\n \"id\": \"my-group@example.com\",\n})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @group = Gcp.CloudIdentity.GetGroupLookup.Invoke(new()\n {\n GroupKey = new Gcp.CloudIdentity.Inputs.GetGroupLookupGroupKeyInputArgs\n {\n Id = \"my-group@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudidentity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudidentity.GetGroupLookup(ctx, \u0026cloudidentity.GetGroupLookupArgs{\n\t\t\tGroupKey: cloudidentity.GetGroupLookupGroupKey{\n\t\t\t\tId: \"my-group@example.com\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudidentity.CloudidentityFunctions;\nimport com.pulumi.gcp.cloudidentity.inputs.GetGroupLookupArgs;\nimport com.pulumi.gcp.cloudidentity.inputs.GetGroupLookupGroupKeyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var group = CloudidentityFunctions.getGroupLookup(GetGroupLookupArgs.builder()\n .groupKey(GetGroupLookupGroupKeyArgs.builder()\n .id(\"my-group@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n group:\n fn::invoke:\n Function: gcp:cloudidentity:getGroupLookup\n Arguments:\n groupKey:\n id: my-group@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to look up the resource name of a Cloud Identity Group by its [EntityKey](https://cloud.google.com/identity/docs/reference/rest/v1/EntityKey), i.e. the group's email.\n\nhttps://cloud.google.com/identity/docs/concepts/overview#groups\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst group = gcp.cloudidentity.getGroupLookup({\n groupKey: {\n id: \"my-group@example.com\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ngroup = gcp.cloudidentity.get_group_lookup(group_key={\n \"id\": \"my-group@example.com\",\n})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @group = Gcp.CloudIdentity.GetGroupLookup.Invoke(new()\n {\n GroupKey = new Gcp.CloudIdentity.Inputs.GetGroupLookupGroupKeyInputArgs\n {\n Id = \"my-group@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudidentity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudidentity.GetGroupLookup(ctx, \u0026cloudidentity.GetGroupLookupArgs{\n\t\t\tGroupKey: cloudidentity.GetGroupLookupGroupKey{\n\t\t\t\tId: \"my-group@example.com\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudidentity.CloudidentityFunctions;\nimport com.pulumi.gcp.cloudidentity.inputs.GetGroupLookupArgs;\nimport com.pulumi.gcp.cloudidentity.inputs.GetGroupLookupGroupKeyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var group = CloudidentityFunctions.getGroupLookup(GetGroupLookupArgs.builder()\n .groupKey(GetGroupLookupGroupKeyArgs.builder()\n .id(\"my-group@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n group:\n fn::invoke:\n function: gcp:cloudidentity:getGroupLookup\n arguments:\n groupKey:\n id: my-group@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getGroupLookup.\n", "properties": { @@ -283420,7 +283420,7 @@ } }, "gcp:cloudidentity/getGroupMemberships:getGroupMemberships": { - "description": "Use this data source to get list of the Cloud Identity Group Memberships within a given Group.\n\nhttps://cloud.google.com/identity/docs/concepts/overview#memberships\n\nTo get more information about GroupMembership, see:\n\n* [API documentation](https://cloud.google.com/identity/docs/reference/rest/v1/groups.memberships)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/identity/docs/how-to/memberships-google-groups)\n\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst members = gcp.cloudidentity.getGroupMemberships({\n group: \"groups/123eab45c6defghi\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmembers = gcp.cloudidentity.get_group_memberships(group=\"groups/123eab45c6defghi\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var members = Gcp.CloudIdentity.GetGroupMemberships.Invoke(new()\n {\n Group = \"groups/123eab45c6defghi\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudidentity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudidentity.GetGroupMemberships(ctx, \u0026cloudidentity.GetGroupMembershipsArgs{\n\t\t\tGroup: \"groups/123eab45c6defghi\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudidentity.CloudidentityFunctions;\nimport com.pulumi.gcp.cloudidentity.inputs.GetGroupMembershipsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var members = CloudidentityFunctions.getGroupMemberships(GetGroupMembershipsArgs.builder()\n .group(\"groups/123eab45c6defghi\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n members:\n fn::invoke:\n Function: gcp:cloudidentity:getGroupMemberships\n Arguments:\n group: groups/123eab45c6defghi\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get list of the Cloud Identity Group Memberships within a given Group.\n\nhttps://cloud.google.com/identity/docs/concepts/overview#memberships\n\nTo get more information about GroupMembership, see:\n\n* [API documentation](https://cloud.google.com/identity/docs/reference/rest/v1/groups.memberships)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/identity/docs/how-to/memberships-google-groups)\n\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst members = gcp.cloudidentity.getGroupMemberships({\n group: \"groups/123eab45c6defghi\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmembers = gcp.cloudidentity.get_group_memberships(group=\"groups/123eab45c6defghi\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var members = Gcp.CloudIdentity.GetGroupMemberships.Invoke(new()\n {\n Group = \"groups/123eab45c6defghi\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudidentity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudidentity.GetGroupMemberships(ctx, \u0026cloudidentity.GetGroupMembershipsArgs{\n\t\t\tGroup: \"groups/123eab45c6defghi\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudidentity.CloudidentityFunctions;\nimport com.pulumi.gcp.cloudidentity.inputs.GetGroupMembershipsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var members = CloudidentityFunctions.getGroupMemberships(GetGroupMembershipsArgs.builder()\n .group(\"groups/123eab45c6defghi\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n members:\n fn::invoke:\n function: gcp:cloudidentity:getGroupMemberships\n arguments:\n group: groups/123eab45c6defghi\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getGroupMemberships.\n", "properties": { @@ -283501,7 +283501,7 @@ } }, "gcp:cloudidentity/getGroups:getGroups": { - "description": "Use this data source to get list of the Cloud Identity Groups under a customer or namespace.\n\nhttps://cloud.google.com/identity/docs/concepts/overview#groups\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst groups = gcp.cloudidentity.getGroups({\n parent: \"customers/A01b123xz\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ngroups = gcp.cloudidentity.get_groups(parent=\"customers/A01b123xz\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var groups = Gcp.CloudIdentity.GetGroups.Invoke(new()\n {\n Parent = \"customers/A01b123xz\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudidentity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudidentity.GetGroups(ctx, \u0026cloudidentity.GetGroupsArgs{\n\t\t\tParent: \"customers/A01b123xz\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudidentity.CloudidentityFunctions;\nimport com.pulumi.gcp.cloudidentity.inputs.GetGroupsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var groups = CloudidentityFunctions.getGroups(GetGroupsArgs.builder()\n .parent(\"customers/A01b123xz\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n groups:\n fn::invoke:\n Function: gcp:cloudidentity:getGroups\n Arguments:\n parent: customers/A01b123xz\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get list of the Cloud Identity Groups under a customer or namespace.\n\nhttps://cloud.google.com/identity/docs/concepts/overview#groups\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst groups = gcp.cloudidentity.getGroups({\n parent: \"customers/A01b123xz\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ngroups = gcp.cloudidentity.get_groups(parent=\"customers/A01b123xz\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var groups = Gcp.CloudIdentity.GetGroups.Invoke(new()\n {\n Parent = \"customers/A01b123xz\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudidentity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudidentity.GetGroups(ctx, \u0026cloudidentity.GetGroupsArgs{\n\t\t\tParent: \"customers/A01b123xz\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudidentity.CloudidentityFunctions;\nimport com.pulumi.gcp.cloudidentity.inputs.GetGroupsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var groups = CloudidentityFunctions.getGroups(GetGroupsArgs.builder()\n .parent(\"customers/A01b123xz\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n groups:\n fn::invoke:\n function: gcp:cloudidentity:getGroups\n arguments:\n parent: customers/A01b123xz\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getGroups.\n", "properties": { @@ -283543,7 +283543,7 @@ } }, "gcp:cloudquota/getSQuotaInfo:getSQuotaInfo": { - "description": "Provides information about a particular quota for a given project, folder or organization.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myQuotaInfo = gcp.cloudquota.getSQuotaInfo({\n parent: \"projects/my-project\",\n service: \"compute.googleapis.com\",\n quotaId: \"CPUS-per-project-region\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_quota_info = gcp.cloudquota.get_s_quota_info(parent=\"projects/my-project\",\n service=\"compute.googleapis.com\",\n quota_id=\"CPUS-per-project-region\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myQuotaInfo = Gcp.CloudQuota.GetSQuotaInfo.Invoke(new()\n {\n Parent = \"projects/my-project\",\n Service = \"compute.googleapis.com\",\n QuotaId = \"CPUS-per-project-region\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudquota\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudquota.GetSQuotaInfo(ctx, \u0026cloudquota.GetSQuotaInfoArgs{\n\t\t\tParent: \"projects/my-project\",\n\t\t\tService: \"compute.googleapis.com\",\n\t\t\tQuotaId: \"CPUS-per-project-region\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudquota.CloudquotaFunctions;\nimport com.pulumi.gcp.cloudquota.inputs.GetSQuotaInfoArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myQuotaInfo = CloudquotaFunctions.getSQuotaInfo(GetSQuotaInfoArgs.builder()\n .parent(\"projects/my-project\")\n .service(\"compute.googleapis.com\")\n .quotaId(\"CPUS-per-project-region\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myQuotaInfo:\n fn::invoke:\n Function: gcp:cloudquota:getSQuotaInfo\n Arguments:\n parent: projects/my-project\n service: compute.googleapis.com\n quotaId: CPUS-per-project-region\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Provides information about a particular quota for a given project, folder or organization.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myQuotaInfo = gcp.cloudquota.getSQuotaInfo({\n parent: \"projects/my-project\",\n service: \"compute.googleapis.com\",\n quotaId: \"CPUS-per-project-region\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_quota_info = gcp.cloudquota.get_s_quota_info(parent=\"projects/my-project\",\n service=\"compute.googleapis.com\",\n quota_id=\"CPUS-per-project-region\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myQuotaInfo = Gcp.CloudQuota.GetSQuotaInfo.Invoke(new()\n {\n Parent = \"projects/my-project\",\n Service = \"compute.googleapis.com\",\n QuotaId = \"CPUS-per-project-region\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudquota\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudquota.GetSQuotaInfo(ctx, \u0026cloudquota.GetSQuotaInfoArgs{\n\t\t\tParent: \"projects/my-project\",\n\t\t\tService: \"compute.googleapis.com\",\n\t\t\tQuotaId: \"CPUS-per-project-region\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudquota.CloudquotaFunctions;\nimport com.pulumi.gcp.cloudquota.inputs.GetSQuotaInfoArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myQuotaInfo = CloudquotaFunctions.getSQuotaInfo(GetSQuotaInfoArgs.builder()\n .parent(\"projects/my-project\")\n .service(\"compute.googleapis.com\")\n .quotaId(\"CPUS-per-project-region\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myQuotaInfo:\n fn::invoke:\n function: gcp:cloudquota:getSQuotaInfo\n arguments:\n parent: projects/my-project\n service: compute.googleapis.com\n quotaId: CPUS-per-project-region\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getSQuotaInfo.\n", "properties": { @@ -283673,7 +283673,7 @@ } }, "gcp:cloudquota/getSQuotaInfos:getSQuotaInfos": { - "description": "Provides information about all quotas for a given project, folder or organization.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myQuotaInfos = gcp.cloudquota.getSQuotaInfos({\n parent: \"projects/my-project\",\n service: \"compute.googleapis.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_quota_infos = gcp.cloudquota.get_s_quota_infos(parent=\"projects/my-project\",\n service=\"compute.googleapis.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myQuotaInfos = Gcp.CloudQuota.GetSQuotaInfos.Invoke(new()\n {\n Parent = \"projects/my-project\",\n Service = \"compute.googleapis.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudquota\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudquota.GetSQuotaInfos(ctx, \u0026cloudquota.GetSQuotaInfosArgs{\n\t\t\tParent: \"projects/my-project\",\n\t\t\tService: \"compute.googleapis.com\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudquota.CloudquotaFunctions;\nimport com.pulumi.gcp.cloudquota.inputs.GetSQuotaInfosArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myQuotaInfos = CloudquotaFunctions.getSQuotaInfos(GetSQuotaInfosArgs.builder()\n .parent(\"projects/my-project\")\n .service(\"compute.googleapis.com\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myQuotaInfos:\n fn::invoke:\n Function: gcp:cloudquota:getSQuotaInfos\n Arguments:\n parent: projects/my-project\n service: compute.googleapis.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Provides information about all quotas for a given project, folder or organization.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myQuotaInfos = gcp.cloudquota.getSQuotaInfos({\n parent: \"projects/my-project\",\n service: \"compute.googleapis.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_quota_infos = gcp.cloudquota.get_s_quota_infos(parent=\"projects/my-project\",\n service=\"compute.googleapis.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myQuotaInfos = Gcp.CloudQuota.GetSQuotaInfos.Invoke(new()\n {\n Parent = \"projects/my-project\",\n Service = \"compute.googleapis.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudquota\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudquota.GetSQuotaInfos(ctx, \u0026cloudquota.GetSQuotaInfosArgs{\n\t\t\tParent: \"projects/my-project\",\n\t\t\tService: \"compute.googleapis.com\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudquota.CloudquotaFunctions;\nimport com.pulumi.gcp.cloudquota.inputs.GetSQuotaInfosArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myQuotaInfos = CloudquotaFunctions.getSQuotaInfos(GetSQuotaInfosArgs.builder()\n .parent(\"projects/my-project\")\n .service(\"compute.googleapis.com\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myQuotaInfos:\n fn::invoke:\n function: gcp:cloudquota:getSQuotaInfos\n arguments:\n parent: projects/my-project\n service: compute.googleapis.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getSQuotaInfos.\n", "properties": { @@ -283723,7 +283723,7 @@ } }, "gcp:cloudrun/getLocations:getLocations": { - "description": "Get Cloud Run locations available for a project. \n\nTo get more information about Cloud Run, see:\n\n* [API documentation](https://cloud.google.com/run/docs/reference/rest/v1/projects.locations)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/run/docs/)\n \n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst available = gcp.cloudrun.getLocations({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\navailable = gcp.cloudrun.get_locations()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Gcp.CloudRun.GetLocations.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.GetLocations(ctx, \u0026cloudrun.GetLocationsArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.CloudrunFunctions;\nimport com.pulumi.gcp.cloudrun.inputs.GetLocationsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = CloudrunFunctions.getLocations();\n\n }\n}\n```\n```yaml\nvariables:\n available:\n fn::invoke:\n Function: gcp:cloudrun:getLocations\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n", + "description": "Get Cloud Run locations available for a project. \n\nTo get more information about Cloud Run, see:\n\n* [API documentation](https://cloud.google.com/run/docs/reference/rest/v1/projects.locations)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/run/docs/)\n \n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst available = gcp.cloudrun.getLocations({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\navailable = gcp.cloudrun.get_locations()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Gcp.CloudRun.GetLocations.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.GetLocations(ctx, \u0026cloudrun.GetLocationsArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.CloudrunFunctions;\nimport com.pulumi.gcp.cloudrun.inputs.GetLocationsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = CloudrunFunctions.getLocations();\n\n }\n}\n```\n```yaml\nvariables:\n available:\n fn::invoke:\n function: gcp:cloudrun:getLocations\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n", "inputs": { "description": "A collection of arguments for invoking getLocations.\n", "properties": { @@ -283761,7 +283761,7 @@ } }, "gcp:cloudrun/getService:getService": { - "description": "Get information about a Google Cloud Run Service. For more information see\nthe [official documentation](https://cloud.google.com/run/docs/)\nand [API](https://cloud.google.com/run/docs/apis).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst run-service = gcp.cloudrun.getService({\n name: \"my-service\",\n location: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nrun_service = gcp.cloudrun.get_service(name=\"my-service\",\n location=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var run_service = Gcp.CloudRun.GetService.Invoke(new()\n {\n Name = \"my-service\",\n Location = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.LookupService(ctx, \u0026cloudrun.LookupServiceArgs{\n\t\t\tName: \"my-service\",\n\t\t\tLocation: \"us-central1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.CloudrunFunctions;\nimport com.pulumi.gcp.cloudrun.inputs.GetServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var run-service = CloudrunFunctions.getService(GetServiceArgs.builder()\n .name(\"my-service\")\n .location(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n run-service:\n fn::invoke:\n Function: gcp:cloudrun:getService\n Arguments:\n name: my-service\n location: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get information about a Google Cloud Run Service. For more information see\nthe [official documentation](https://cloud.google.com/run/docs/)\nand [API](https://cloud.google.com/run/docs/apis).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst run-service = gcp.cloudrun.getService({\n name: \"my-service\",\n location: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nrun_service = gcp.cloudrun.get_service(name=\"my-service\",\n location=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var run_service = Gcp.CloudRun.GetService.Invoke(new()\n {\n Name = \"my-service\",\n Location = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.LookupService(ctx, \u0026cloudrun.LookupServiceArgs{\n\t\t\tName: \"my-service\",\n\t\t\tLocation: \"us-central1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.CloudrunFunctions;\nimport com.pulumi.gcp.cloudrun.inputs.GetServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var run-service = CloudrunFunctions.getService(GetServiceArgs.builder()\n .name(\"my-service\")\n .location(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n run-service:\n fn::invoke:\n function: gcp:cloudrun:getService\n arguments:\n name: my-service\n location: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getService.\n", "properties": { @@ -283842,7 +283842,7 @@ } }, "gcp:cloudrun/getServiceIamPolicy:getServiceIamPolicy": { - "description": "Retrieves the current IAM policy data for service\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.cloudrun.getServiceIamPolicy({\n location: _default.location,\n project: _default.project,\n service: _default.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.cloudrun.get_service_iam_policy(location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.CloudRun.GetServiceIamPolicy.Invoke(new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.GetServiceIamPolicy(ctx, \u0026cloudrun.GetServiceIamPolicyArgs{\n\t\t\tLocation: pulumi.StringRef(_default.Location),\n\t\t\tProject: pulumi.StringRef(_default.Project),\n\t\t\tService: _default.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.CloudrunFunctions;\nimport com.pulumi.gcp.cloudrun.inputs.GetServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = CloudrunFunctions.getServiceIamPolicy(GetServiceIamPolicyArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:cloudrun:getServiceIamPolicy\n Arguments:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for service\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.cloudrun.getServiceIamPolicy({\n location: _default.location,\n project: _default.project,\n service: _default.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.cloudrun.get_service_iam_policy(location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.CloudRun.GetServiceIamPolicy.Invoke(new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.GetServiceIamPolicy(ctx, \u0026cloudrun.GetServiceIamPolicyArgs{\n\t\t\tLocation: pulumi.StringRef(_default.Location),\n\t\t\tProject: pulumi.StringRef(_default.Project),\n\t\t\tService: _default.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.CloudrunFunctions;\nimport com.pulumi.gcp.cloudrun.inputs.GetServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = CloudrunFunctions.getServiceIamPolicy(GetServiceIamPolicyArgs.builder()\n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:cloudrun:getServiceIamPolicy\n arguments:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getServiceIamPolicy.\n", "properties": { @@ -283904,7 +283904,7 @@ } }, "gcp:cloudrunv2/getJob:getJob": { - "description": "Get information about a Google Cloud Run v2 Job. For more information see\nthe [official documentation](https://cloud.google.com/run/docs/)\nand [API](https://cloud.google.com/run/docs/apis).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myJob = gcp.cloudrunv2.getJob({\n name: \"my-job\",\n location: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_job = gcp.cloudrunv2.get_job(name=\"my-job\",\n location=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myJob = Gcp.CloudRunV2.GetJob.Invoke(new()\n {\n Name = \"my-job\",\n Location = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.LookupJob(ctx, \u0026cloudrunv2.LookupJobArgs{\n\t\t\tName: \"my-job\",\n\t\t\tLocation: pulumi.StringRef(\"us-central1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.Cloudrunv2Functions;\nimport com.pulumi.gcp.cloudrunv2.inputs.GetJobArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myJob = Cloudrunv2Functions.getJob(GetJobArgs.builder()\n .name(\"my-job\")\n .location(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myJob:\n fn::invoke:\n Function: gcp:cloudrunv2:getJob\n Arguments:\n name: my-job\n location: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get information about a Google Cloud Run v2 Job. For more information see\nthe [official documentation](https://cloud.google.com/run/docs/)\nand [API](https://cloud.google.com/run/docs/apis).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myJob = gcp.cloudrunv2.getJob({\n name: \"my-job\",\n location: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_job = gcp.cloudrunv2.get_job(name=\"my-job\",\n location=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myJob = Gcp.CloudRunV2.GetJob.Invoke(new()\n {\n Name = \"my-job\",\n Location = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.LookupJob(ctx, \u0026cloudrunv2.LookupJobArgs{\n\t\t\tName: \"my-job\",\n\t\t\tLocation: pulumi.StringRef(\"us-central1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.Cloudrunv2Functions;\nimport com.pulumi.gcp.cloudrunv2.inputs.GetJobArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myJob = Cloudrunv2Functions.getJob(GetJobArgs.builder()\n .name(\"my-job\")\n .location(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myJob:\n fn::invoke:\n function: gcp:cloudrunv2:getJob\n arguments:\n name: my-job\n location: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getJob.\n", "properties": { @@ -284095,7 +284095,7 @@ } }, "gcp:cloudrunv2/getJobIamPolicy:getJobIamPolicy": { - "description": "Retrieves the current IAM policy data for job\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.cloudrunv2.getJobIamPolicy({\n project: _default.project,\n location: _default.location,\n name: _default.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.cloudrunv2.get_job_iam_policy(project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.CloudRunV2.GetJobIamPolicy.Invoke(new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.LookupJobIamPolicy(ctx, \u0026cloudrunv2.LookupJobIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(_default.Project),\n\t\t\tLocation: pulumi.StringRef(_default.Location),\n\t\t\tName: _default.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.Cloudrunv2Functions;\nimport com.pulumi.gcp.cloudrunv2.inputs.GetJobIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = Cloudrunv2Functions.getJobIamPolicy(GetJobIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:cloudrunv2:getJobIamPolicy\n Arguments:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for job\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.cloudrunv2.getJobIamPolicy({\n project: _default.project,\n location: _default.location,\n name: _default.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.cloudrunv2.get_job_iam_policy(project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.CloudRunV2.GetJobIamPolicy.Invoke(new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.LookupJobIamPolicy(ctx, \u0026cloudrunv2.LookupJobIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(_default.Project),\n\t\t\tLocation: pulumi.StringRef(_default.Location),\n\t\t\tName: _default.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.Cloudrunv2Functions;\nimport com.pulumi.gcp.cloudrunv2.inputs.GetJobIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = Cloudrunv2Functions.getJobIamPolicy(GetJobIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:cloudrunv2:getJobIamPolicy\n arguments:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getJobIamPolicy.\n", "properties": { @@ -284157,7 +284157,7 @@ } }, "gcp:cloudrunv2/getService:getService": { - "description": "Get information about a Google Cloud Run v2 Service. For more information see\nthe [official documentation](https://cloud.google.com/run/docs/)\nand [API](https://cloud.google.com/run/docs/apis).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myService = gcp.cloudrunv2.getService({\n name: \"my-service\",\n location: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_service = gcp.cloudrunv2.get_service(name=\"my-service\",\n location=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myService = Gcp.CloudRunV2.GetService.Invoke(new()\n {\n Name = \"my-service\",\n Location = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.LookupService(ctx, \u0026cloudrunv2.LookupServiceArgs{\n\t\t\tName: \"my-service\",\n\t\t\tLocation: pulumi.StringRef(\"us-central1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.Cloudrunv2Functions;\nimport com.pulumi.gcp.cloudrunv2.inputs.GetServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myService = Cloudrunv2Functions.getService(GetServiceArgs.builder()\n .name(\"my-service\")\n .location(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myService:\n fn::invoke:\n Function: gcp:cloudrunv2:getService\n Arguments:\n name: my-service\n location: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get information about a Google Cloud Run v2 Service. For more information see\nthe [official documentation](https://cloud.google.com/run/docs/)\nand [API](https://cloud.google.com/run/docs/apis).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myService = gcp.cloudrunv2.getService({\n name: \"my-service\",\n location: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_service = gcp.cloudrunv2.get_service(name=\"my-service\",\n location=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myService = Gcp.CloudRunV2.GetService.Invoke(new()\n {\n Name = \"my-service\",\n Location = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.LookupService(ctx, \u0026cloudrunv2.LookupServiceArgs{\n\t\t\tName: \"my-service\",\n\t\t\tLocation: pulumi.StringRef(\"us-central1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.Cloudrunv2Functions;\nimport com.pulumi.gcp.cloudrunv2.inputs.GetServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myService = Cloudrunv2Functions.getService(GetServiceArgs.builder()\n .name(\"my-service\")\n .location(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myService:\n fn::invoke:\n function: gcp:cloudrunv2:getService\n arguments:\n name: my-service\n location: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getService.\n", "properties": { @@ -284392,7 +284392,7 @@ } }, "gcp:cloudrunv2/getServiceIamPolicy:getServiceIamPolicy": { - "description": "Retrieves the current IAM policy data for service\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.cloudrunv2.getServiceIamPolicy({\n project: _default.project,\n location: _default.location,\n name: _default.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.cloudrunv2.get_service_iam_policy(project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.CloudRunV2.GetServiceIamPolicy.Invoke(new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.LookupServiceIamPolicy(ctx, \u0026cloudrunv2.LookupServiceIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(_default.Project),\n\t\t\tLocation: pulumi.StringRef(_default.Location),\n\t\t\tName: _default.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.Cloudrunv2Functions;\nimport com.pulumi.gcp.cloudrunv2.inputs.GetServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = Cloudrunv2Functions.getServiceIamPolicy(GetServiceIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:cloudrunv2:getServiceIamPolicy\n Arguments:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for service\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.cloudrunv2.getServiceIamPolicy({\n project: _default.project,\n location: _default.location,\n name: _default.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.cloudrunv2.get_service_iam_policy(project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.CloudRunV2.GetServiceIamPolicy.Invoke(new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.LookupServiceIamPolicy(ctx, \u0026cloudrunv2.LookupServiceIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(_default.Project),\n\t\t\tLocation: pulumi.StringRef(_default.Location),\n\t\t\tName: _default.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.Cloudrunv2Functions;\nimport com.pulumi.gcp.cloudrunv2.inputs.GetServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = Cloudrunv2Functions.getServiceIamPolicy(GetServiceIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:cloudrunv2:getServiceIamPolicy\n arguments:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getServiceIamPolicy.\n", "properties": { @@ -284454,7 +284454,7 @@ } }, "gcp:cloudtasks/getQueueIamPolicy:getQueueIamPolicy": { - "description": "Retrieves the current IAM policy data for queue\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.cloudtasks.getQueueIamPolicy({\n project: _default.project,\n location: _default.location,\n name: _default.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.cloudtasks.get_queue_iam_policy(project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.CloudTasks.GetQueueIamPolicy.Invoke(new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.LookupQueueIamPolicy(ctx, \u0026cloudtasks.LookupQueueIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(_default.Project),\n\t\t\tLocation: pulumi.StringRef(_default.Location),\n\t\t\tName: _default.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.CloudtasksFunctions;\nimport com.pulumi.gcp.cloudtasks.inputs.GetQueueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = CloudtasksFunctions.getQueueIamPolicy(GetQueueIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:cloudtasks:getQueueIamPolicy\n Arguments:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for queue\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.cloudtasks.getQueueIamPolicy({\n project: _default.project,\n location: _default.location,\n name: _default.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.cloudtasks.get_queue_iam_policy(project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.CloudTasks.GetQueueIamPolicy.Invoke(new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.LookupQueueIamPolicy(ctx, \u0026cloudtasks.LookupQueueIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(_default.Project),\n\t\t\tLocation: pulumi.StringRef(_default.Location),\n\t\t\tName: _default.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.CloudtasksFunctions;\nimport com.pulumi.gcp.cloudtasks.inputs.GetQueueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = CloudtasksFunctions.getQueueIamPolicy(GetQueueIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:cloudtasks:getQueueIamPolicy\n arguments:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getQueueIamPolicy.\n", "properties": { @@ -284516,7 +284516,7 @@ } }, "gcp:composer/getEnvironment:getEnvironment": { - "description": "Provides access to Cloud Composer environment configuration in a region for a given project.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst composerEnvEnvironment = new gcp.composer.Environment(\"composer_env\", {name: \"composer-environment\"});\nconst composerEnv = gcp.composer.getEnvironment({\n name: test.name,\n});\nexport const debug = composerEnv.then(composerEnv =\u003e composerEnv.configs);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncomposer_env_environment = gcp.composer.Environment(\"composer_env\", name=\"composer-environment\")\ncomposer_env = gcp.composer.get_environment(name=test[\"name\"])\npulumi.export(\"debug\", composer_env.configs)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var composerEnvEnvironment = new Gcp.Composer.Environment(\"composer_env\", new()\n {\n Name = \"composer-environment\",\n });\n\n var composerEnv = Gcp.Composer.GetEnvironment.Invoke(new()\n {\n Name = test.Name,\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"debug\"] = composerEnv.Apply(getEnvironmentResult =\u003e getEnvironmentResult.Configs),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/composer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := composer.NewEnvironment(ctx, \"composer_env\", \u0026composer.EnvironmentArgs{\n\t\t\tName: pulumi.String(\"composer-environment\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcomposerEnv, err := composer.LookupEnvironment(ctx, \u0026composer.LookupEnvironmentArgs{\n\t\t\tName: test.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"debug\", composerEnv.Configs)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.composer.Environment;\nimport com.pulumi.gcp.composer.EnvironmentArgs;\nimport com.pulumi.gcp.composer.ComposerFunctions;\nimport com.pulumi.gcp.composer.inputs.GetEnvironmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var composerEnvEnvironment = new Environment(\"composerEnvEnvironment\", EnvironmentArgs.builder()\n .name(\"composer-environment\")\n .build());\n\n final var composerEnv = ComposerFunctions.getEnvironment(GetEnvironmentArgs.builder()\n .name(test.name())\n .build());\n\n ctx.export(\"debug\", composerEnv.applyValue(getEnvironmentResult -\u003e getEnvironmentResult.configs()));\n }\n}\n```\n```yaml\nresources:\n composerEnvEnvironment:\n type: gcp:composer:Environment\n name: composer_env\n properties:\n name: composer-environment\nvariables:\n composerEnv:\n fn::invoke:\n Function: gcp:composer:getEnvironment\n Arguments:\n name: ${test.name}\noutputs:\n debug: ${composerEnv.configs}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Provides access to Cloud Composer environment configuration in a region for a given project.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst composerEnvEnvironment = new gcp.composer.Environment(\"composer_env\", {name: \"composer-environment\"});\nconst composerEnv = gcp.composer.getEnvironment({\n name: test.name,\n});\nexport const debug = composerEnv.then(composerEnv =\u003e composerEnv.configs);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncomposer_env_environment = gcp.composer.Environment(\"composer_env\", name=\"composer-environment\")\ncomposer_env = gcp.composer.get_environment(name=test[\"name\"])\npulumi.export(\"debug\", composer_env.configs)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var composerEnvEnvironment = new Gcp.Composer.Environment(\"composer_env\", new()\n {\n Name = \"composer-environment\",\n });\n\n var composerEnv = Gcp.Composer.GetEnvironment.Invoke(new()\n {\n Name = test.Name,\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"debug\"] = composerEnv.Apply(getEnvironmentResult =\u003e getEnvironmentResult.Configs),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/composer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := composer.NewEnvironment(ctx, \"composer_env\", \u0026composer.EnvironmentArgs{\n\t\t\tName: pulumi.String(\"composer-environment\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcomposerEnv, err := composer.LookupEnvironment(ctx, \u0026composer.LookupEnvironmentArgs{\n\t\t\tName: test.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"debug\", composerEnv.Configs)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.composer.Environment;\nimport com.pulumi.gcp.composer.EnvironmentArgs;\nimport com.pulumi.gcp.composer.ComposerFunctions;\nimport com.pulumi.gcp.composer.inputs.GetEnvironmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var composerEnvEnvironment = new Environment(\"composerEnvEnvironment\", EnvironmentArgs.builder()\n .name(\"composer-environment\")\n .build());\n\n final var composerEnv = ComposerFunctions.getEnvironment(GetEnvironmentArgs.builder()\n .name(test.name())\n .build());\n\n ctx.export(\"debug\", composerEnv.applyValue(getEnvironmentResult -\u003e getEnvironmentResult.configs()));\n }\n}\n```\n```yaml\nresources:\n composerEnvEnvironment:\n type: gcp:composer:Environment\n name: composer_env\n properties:\n name: composer-environment\nvariables:\n composerEnv:\n fn::invoke:\n function: gcp:composer:getEnvironment\n arguments:\n name: ${test.name}\noutputs:\n debug: ${composerEnv.configs}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getEnvironment.\n", "properties": { @@ -284601,7 +284601,7 @@ } }, "gcp:composer/getImageVersions:getImageVersions": { - "description": "Provides access to available Cloud Composer versions in a region for a given project.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst all = gcp.composer.getImageVersions({});\nconst test = new gcp.composer.Environment(\"test\", {\n name: \"test-env\",\n region: \"us-central1\",\n config: {\n softwareConfig: {\n imageVersion: all.then(all =\u003e all.imageVersions?.[0]?.imageVersionId),\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nall = gcp.composer.get_image_versions()\ntest = gcp.composer.Environment(\"test\",\n name=\"test-env\",\n region=\"us-central1\",\n config={\n \"software_config\": {\n \"image_version\": all.image_versions[0].image_version_id,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var all = Gcp.Composer.GetImageVersions.Invoke();\n\n var test = new Gcp.Composer.Environment(\"test\", new()\n {\n Name = \"test-env\",\n Region = \"us-central1\",\n Config = new Gcp.Composer.Inputs.EnvironmentConfigArgs\n {\n SoftwareConfig = new Gcp.Composer.Inputs.EnvironmentConfigSoftwareConfigArgs\n {\n ImageVersion = all.Apply(getImageVersionsResult =\u003e getImageVersionsResult.ImageVersions[0]?.ImageVersionId),\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/composer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tall, err := composer.GetImageVersions(ctx, \u0026composer.GetImageVersionsArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = composer.NewEnvironment(ctx, \"test\", \u0026composer.EnvironmentArgs{\n\t\t\tName: pulumi.String(\"test-env\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tConfig: \u0026composer.EnvironmentConfigArgs{\n\t\t\t\tSoftwareConfig: \u0026composer.EnvironmentConfigSoftwareConfigArgs{\n\t\t\t\t\tImageVersion: pulumi.String(all.ImageVersions[0].ImageVersionId),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.composer.ComposerFunctions;\nimport com.pulumi.gcp.composer.inputs.GetImageVersionsArgs;\nimport com.pulumi.gcp.composer.Environment;\nimport com.pulumi.gcp.composer.EnvironmentArgs;\nimport com.pulumi.gcp.composer.inputs.EnvironmentConfigArgs;\nimport com.pulumi.gcp.composer.inputs.EnvironmentConfigSoftwareConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var all = ComposerFunctions.getImageVersions();\n\n var test = new Environment(\"test\", EnvironmentArgs.builder()\n .name(\"test-env\")\n .region(\"us-central1\")\n .config(EnvironmentConfigArgs.builder()\n .softwareConfig(EnvironmentConfigSoftwareConfigArgs.builder()\n .imageVersion(all.applyValue(getImageVersionsResult -\u003e getImageVersionsResult.imageVersions()[0].imageVersionId()))\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: gcp:composer:Environment\n properties:\n name: test-env\n region: us-central1\n config:\n softwareConfig:\n imageVersion: ${all.imageVersions[0].imageVersionId}\nvariables:\n all:\n fn::invoke:\n Function: gcp:composer:getImageVersions\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Provides access to available Cloud Composer versions in a region for a given project.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst all = gcp.composer.getImageVersions({});\nconst test = new gcp.composer.Environment(\"test\", {\n name: \"test-env\",\n region: \"us-central1\",\n config: {\n softwareConfig: {\n imageVersion: all.then(all =\u003e all.imageVersions?.[0]?.imageVersionId),\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nall = gcp.composer.get_image_versions()\ntest = gcp.composer.Environment(\"test\",\n name=\"test-env\",\n region=\"us-central1\",\n config={\n \"software_config\": {\n \"image_version\": all.image_versions[0].image_version_id,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var all = Gcp.Composer.GetImageVersions.Invoke();\n\n var test = new Gcp.Composer.Environment(\"test\", new()\n {\n Name = \"test-env\",\n Region = \"us-central1\",\n Config = new Gcp.Composer.Inputs.EnvironmentConfigArgs\n {\n SoftwareConfig = new Gcp.Composer.Inputs.EnvironmentConfigSoftwareConfigArgs\n {\n ImageVersion = all.Apply(getImageVersionsResult =\u003e getImageVersionsResult.ImageVersions[0]?.ImageVersionId),\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/composer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tall, err := composer.GetImageVersions(ctx, \u0026composer.GetImageVersionsArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = composer.NewEnvironment(ctx, \"test\", \u0026composer.EnvironmentArgs{\n\t\t\tName: pulumi.String(\"test-env\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tConfig: \u0026composer.EnvironmentConfigArgs{\n\t\t\t\tSoftwareConfig: \u0026composer.EnvironmentConfigSoftwareConfigArgs{\n\t\t\t\t\tImageVersion: pulumi.String(all.ImageVersions[0].ImageVersionId),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.composer.ComposerFunctions;\nimport com.pulumi.gcp.composer.inputs.GetImageVersionsArgs;\nimport com.pulumi.gcp.composer.Environment;\nimport com.pulumi.gcp.composer.EnvironmentArgs;\nimport com.pulumi.gcp.composer.inputs.EnvironmentConfigArgs;\nimport com.pulumi.gcp.composer.inputs.EnvironmentConfigSoftwareConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var all = ComposerFunctions.getImageVersions();\n\n var test = new Environment(\"test\", EnvironmentArgs.builder()\n .name(\"test-env\")\n .region(\"us-central1\")\n .config(EnvironmentConfigArgs.builder()\n .softwareConfig(EnvironmentConfigSoftwareConfigArgs.builder()\n .imageVersion(all.applyValue(getImageVersionsResult -\u003e getImageVersionsResult.imageVersions()[0].imageVersionId()))\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: gcp:composer:Environment\n properties:\n name: test-env\n region: us-central1\n config:\n softwareConfig:\n imageVersion: ${all.imageVersions[0].imageVersionId}\nvariables:\n all:\n fn::invoke:\n function: gcp:composer:getImageVersions\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getImageVersions.\n", "properties": { @@ -284647,7 +284647,7 @@ } }, "gcp:composer/getUserWorkloadsConfigMap:getUserWorkloadsConfigMap": { - "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst exampleEnvironment = new gcp.composer.Environment(\"example\", {\n name: \"example-environment\",\n config: {\n softwareConfig: {\n imageVersion: \"composer-3-airflow-2\",\n },\n },\n});\nconst exampleUserWorkloadsConfigMap = new gcp.composer.UserWorkloadsConfigMap(\"example\", {\n environment: exampleEnvironment.name,\n name: \"example-config-map\",\n data: {\n db_host: \"dbhost:5432\",\n api_host: \"apihost:443\",\n },\n});\nconst example = exampleEnvironment.name.apply(name =\u003e gcp.composer.getUserWorkloadsConfigMapOutput({\n environment: name,\n name: googleComposerUserWorkloadsConfigMap.example.name,\n}));\nexport const debug = example;\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample_environment = gcp.composer.Environment(\"example\",\n name=\"example-environment\",\n config={\n \"software_config\": {\n \"image_version\": \"composer-3-airflow-2\",\n },\n })\nexample_user_workloads_config_map = gcp.composer.UserWorkloadsConfigMap(\"example\",\n environment=example_environment.name,\n name=\"example-config-map\",\n data={\n \"db_host\": \"dbhost:5432\",\n \"api_host\": \"apihost:443\",\n })\nexample = example_environment.name.apply(lambda name: gcp.composer.get_user_workloads_config_map_output(environment=name,\n name=google_composer_user_workloads_config_map[\"example\"][\"name\"]))\npulumi.export(\"debug\", example)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleEnvironment = new Gcp.Composer.Environment(\"example\", new()\n {\n Name = \"example-environment\",\n Config = new Gcp.Composer.Inputs.EnvironmentConfigArgs\n {\n SoftwareConfig = new Gcp.Composer.Inputs.EnvironmentConfigSoftwareConfigArgs\n {\n ImageVersion = \"composer-3-airflow-2\",\n },\n },\n });\n\n var exampleUserWorkloadsConfigMap = new Gcp.Composer.UserWorkloadsConfigMap(\"example\", new()\n {\n Environment = exampleEnvironment.Name,\n Name = \"example-config-map\",\n Data = \n {\n { \"db_host\", \"dbhost:5432\" },\n { \"api_host\", \"apihost:443\" },\n },\n });\n\n var example = Gcp.Composer.GetUserWorkloadsConfigMap.Invoke(new()\n {\n Environment = exampleEnvironment.Name,\n Name = googleComposerUserWorkloadsConfigMap.Example.Name,\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"debug\"] = example,\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/composer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleEnvironment, err := composer.NewEnvironment(ctx, \"example\", \u0026composer.EnvironmentArgs{\n\t\t\tName: pulumi.String(\"example-environment\"),\n\t\t\tConfig: \u0026composer.EnvironmentConfigArgs{\n\t\t\t\tSoftwareConfig: \u0026composer.EnvironmentConfigSoftwareConfigArgs{\n\t\t\t\t\tImageVersion: pulumi.String(\"composer-3-airflow-2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = composer.NewUserWorkloadsConfigMap(ctx, \"example\", \u0026composer.UserWorkloadsConfigMapArgs{\n\t\t\tEnvironment: exampleEnvironment.Name,\n\t\t\tName: pulumi.String(\"example-config-map\"),\n\t\t\tData: pulumi.StringMap{\n\t\t\t\t\"db_host\": pulumi.String(\"dbhost:5432\"),\n\t\t\t\t\"api_host\": pulumi.String(\"apihost:443\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample := exampleEnvironment.Name.ApplyT(func(name string) (composer.GetUserWorkloadsConfigMapResult, error) {\n\t\t\treturn composer.GetUserWorkloadsConfigMapResult(interface{}(composer.LookupUserWorkloadsConfigMapOutput(ctx, composer.GetUserWorkloadsConfigMapOutputArgs{\n\t\t\t\tEnvironment: name,\n\t\t\t\tName: googleComposerUserWorkloadsConfigMap.Example.Name,\n\t\t\t}, nil))), nil\n\t\t}).(composer.GetUserWorkloadsConfigMapResultOutput)\n\t\tctx.Export(\"debug\", example)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.composer.Environment;\nimport com.pulumi.gcp.composer.EnvironmentArgs;\nimport com.pulumi.gcp.composer.inputs.EnvironmentConfigArgs;\nimport com.pulumi.gcp.composer.inputs.EnvironmentConfigSoftwareConfigArgs;\nimport com.pulumi.gcp.composer.UserWorkloadsConfigMap;\nimport com.pulumi.gcp.composer.UserWorkloadsConfigMapArgs;\nimport com.pulumi.gcp.composer.ComposerFunctions;\nimport com.pulumi.gcp.composer.inputs.GetUserWorkloadsConfigMapArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleEnvironment = new Environment(\"exampleEnvironment\", EnvironmentArgs.builder()\n .name(\"example-environment\")\n .config(EnvironmentConfigArgs.builder()\n .softwareConfig(EnvironmentConfigSoftwareConfigArgs.builder()\n .imageVersion(\"composer-3-airflow-2\")\n .build())\n .build())\n .build());\n\n var exampleUserWorkloadsConfigMap = new UserWorkloadsConfigMap(\"exampleUserWorkloadsConfigMap\", UserWorkloadsConfigMapArgs.builder()\n .environment(exampleEnvironment.name())\n .name(\"example-config-map\")\n .data(Map.ofEntries(\n Map.entry(\"db_host\", \"dbhost:5432\"),\n Map.entry(\"api_host\", \"apihost:443\")\n ))\n .build());\n\n final var example = ComposerFunctions.getUserWorkloadsConfigMap(GetUserWorkloadsConfigMapArgs.builder()\n .environment(exampleEnvironment.name())\n .name(googleComposerUserWorkloadsConfigMap.example().name())\n .build());\n\n ctx.export(\"debug\", example.applyValue(getUserWorkloadsConfigMapResult -\u003e getUserWorkloadsConfigMapResult));\n }\n}\n```\n```yaml\nresources:\n exampleEnvironment:\n type: gcp:composer:Environment\n name: example\n properties:\n name: example-environment\n config:\n softwareConfig:\n imageVersion: composer-3-airflow-2\n exampleUserWorkloadsConfigMap:\n type: gcp:composer:UserWorkloadsConfigMap\n name: example\n properties:\n environment: ${exampleEnvironment.name}\n name: example-config-map\n data:\n db_host: dbhost:5432\n api_host: apihost:443\nvariables:\n example:\n fn::invoke:\n Function: gcp:composer:getUserWorkloadsConfigMap\n Arguments:\n environment: ${exampleEnvironment.name}\n name: ${googleComposerUserWorkloadsConfigMap.example.name}\noutputs:\n debug: ${example}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst exampleEnvironment = new gcp.composer.Environment(\"example\", {\n name: \"example-environment\",\n config: {\n softwareConfig: {\n imageVersion: \"composer-3-airflow-2\",\n },\n },\n});\nconst exampleUserWorkloadsConfigMap = new gcp.composer.UserWorkloadsConfigMap(\"example\", {\n environment: exampleEnvironment.name,\n name: \"example-config-map\",\n data: {\n db_host: \"dbhost:5432\",\n api_host: \"apihost:443\",\n },\n});\nconst example = exampleEnvironment.name.apply(name =\u003e gcp.composer.getUserWorkloadsConfigMapOutput({\n environment: name,\n name: googleComposerUserWorkloadsConfigMap.example.name,\n}));\nexport const debug = example;\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample_environment = gcp.composer.Environment(\"example\",\n name=\"example-environment\",\n config={\n \"software_config\": {\n \"image_version\": \"composer-3-airflow-2\",\n },\n })\nexample_user_workloads_config_map = gcp.composer.UserWorkloadsConfigMap(\"example\",\n environment=example_environment.name,\n name=\"example-config-map\",\n data={\n \"db_host\": \"dbhost:5432\",\n \"api_host\": \"apihost:443\",\n })\nexample = example_environment.name.apply(lambda name: gcp.composer.get_user_workloads_config_map_output(environment=name,\n name=google_composer_user_workloads_config_map[\"example\"][\"name\"]))\npulumi.export(\"debug\", example)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleEnvironment = new Gcp.Composer.Environment(\"example\", new()\n {\n Name = \"example-environment\",\n Config = new Gcp.Composer.Inputs.EnvironmentConfigArgs\n {\n SoftwareConfig = new Gcp.Composer.Inputs.EnvironmentConfigSoftwareConfigArgs\n {\n ImageVersion = \"composer-3-airflow-2\",\n },\n },\n });\n\n var exampleUserWorkloadsConfigMap = new Gcp.Composer.UserWorkloadsConfigMap(\"example\", new()\n {\n Environment = exampleEnvironment.Name,\n Name = \"example-config-map\",\n Data = \n {\n { \"db_host\", \"dbhost:5432\" },\n { \"api_host\", \"apihost:443\" },\n },\n });\n\n var example = Gcp.Composer.GetUserWorkloadsConfigMap.Invoke(new()\n {\n Environment = exampleEnvironment.Name,\n Name = googleComposerUserWorkloadsConfigMap.Example.Name,\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"debug\"] = example,\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/composer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleEnvironment, err := composer.NewEnvironment(ctx, \"example\", \u0026composer.EnvironmentArgs{\n\t\t\tName: pulumi.String(\"example-environment\"),\n\t\t\tConfig: \u0026composer.EnvironmentConfigArgs{\n\t\t\t\tSoftwareConfig: \u0026composer.EnvironmentConfigSoftwareConfigArgs{\n\t\t\t\t\tImageVersion: pulumi.String(\"composer-3-airflow-2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = composer.NewUserWorkloadsConfigMap(ctx, \"example\", \u0026composer.UserWorkloadsConfigMapArgs{\n\t\t\tEnvironment: exampleEnvironment.Name,\n\t\t\tName: pulumi.String(\"example-config-map\"),\n\t\t\tData: pulumi.StringMap{\n\t\t\t\t\"db_host\": pulumi.String(\"dbhost:5432\"),\n\t\t\t\t\"api_host\": pulumi.String(\"apihost:443\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample := exampleEnvironment.Name.ApplyT(func(name string) (composer.GetUserWorkloadsConfigMapResult, error) {\n\t\t\treturn composer.GetUserWorkloadsConfigMapResult(interface{}(composer.LookupUserWorkloadsConfigMapOutput(ctx, composer.GetUserWorkloadsConfigMapOutputArgs{\n\t\t\t\tEnvironment: name,\n\t\t\t\tName: googleComposerUserWorkloadsConfigMap.Example.Name,\n\t\t\t}, nil))), nil\n\t\t}).(composer.GetUserWorkloadsConfigMapResultOutput)\n\t\tctx.Export(\"debug\", example)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.composer.Environment;\nimport com.pulumi.gcp.composer.EnvironmentArgs;\nimport com.pulumi.gcp.composer.inputs.EnvironmentConfigArgs;\nimport com.pulumi.gcp.composer.inputs.EnvironmentConfigSoftwareConfigArgs;\nimport com.pulumi.gcp.composer.UserWorkloadsConfigMap;\nimport com.pulumi.gcp.composer.UserWorkloadsConfigMapArgs;\nimport com.pulumi.gcp.composer.ComposerFunctions;\nimport com.pulumi.gcp.composer.inputs.GetUserWorkloadsConfigMapArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleEnvironment = new Environment(\"exampleEnvironment\", EnvironmentArgs.builder()\n .name(\"example-environment\")\n .config(EnvironmentConfigArgs.builder()\n .softwareConfig(EnvironmentConfigSoftwareConfigArgs.builder()\n .imageVersion(\"composer-3-airflow-2\")\n .build())\n .build())\n .build());\n\n var exampleUserWorkloadsConfigMap = new UserWorkloadsConfigMap(\"exampleUserWorkloadsConfigMap\", UserWorkloadsConfigMapArgs.builder()\n .environment(exampleEnvironment.name())\n .name(\"example-config-map\")\n .data(Map.ofEntries(\n Map.entry(\"db_host\", \"dbhost:5432\"),\n Map.entry(\"api_host\", \"apihost:443\")\n ))\n .build());\n\n final var example = ComposerFunctions.getUserWorkloadsConfigMap(GetUserWorkloadsConfigMapArgs.builder()\n .environment(exampleEnvironment.name())\n .name(googleComposerUserWorkloadsConfigMap.example().name())\n .build());\n\n ctx.export(\"debug\", example.applyValue(getUserWorkloadsConfigMapResult -\u003e getUserWorkloadsConfigMapResult));\n }\n}\n```\n```yaml\nresources:\n exampleEnvironment:\n type: gcp:composer:Environment\n name: example\n properties:\n name: example-environment\n config:\n softwareConfig:\n imageVersion: composer-3-airflow-2\n exampleUserWorkloadsConfigMap:\n type: gcp:composer:UserWorkloadsConfigMap\n name: example\n properties:\n environment: ${exampleEnvironment.name}\n name: example-config-map\n data:\n db_host: dbhost:5432\n api_host: apihost:443\nvariables:\n example:\n fn::invoke:\n function: gcp:composer:getUserWorkloadsConfigMap\n arguments:\n environment: ${exampleEnvironment.name}\n name: ${googleComposerUserWorkloadsConfigMap.example.name}\noutputs:\n debug: ${example}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getUserWorkloadsConfigMap.\n", "properties": { @@ -284711,7 +284711,7 @@ } }, "gcp:composer/getUserWorkloadsSecret:getUserWorkloadsSecret": { - "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst exampleEnvironment = new gcp.composer.Environment(\"example\", {\n name: \"example-environment\",\n config: {\n softwareConfig: {\n imageVersion: \"composer-3-airflow-2\",\n },\n },\n});\nconst exampleUserWorkloadsSecret = new gcp.composer.UserWorkloadsSecret(\"example\", {\n environment: exampleEnvironment.name,\n name: \"example-secret\",\n data: {\n username: std.base64encode({\n input: \"username\",\n }).then(invoke =\u003e invoke.result),\n password: std.base64encode({\n input: \"password\",\n }).then(invoke =\u003e invoke.result),\n },\n});\nconst example = exampleEnvironment.name.apply(name =\u003e gcp.composer.getUserWorkloadsSecretOutput({\n environment: name,\n name: googleComposerUserWorkloadsSecret.example.name,\n}));\nexport const debug = example;\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nexample_environment = gcp.composer.Environment(\"example\",\n name=\"example-environment\",\n config={\n \"software_config\": {\n \"image_version\": \"composer-3-airflow-2\",\n },\n })\nexample_user_workloads_secret = gcp.composer.UserWorkloadsSecret(\"example\",\n environment=example_environment.name,\n name=\"example-secret\",\n data={\n \"username\": std.base64encode(input=\"username\").result,\n \"password\": std.base64encode(input=\"password\").result,\n })\nexample = example_environment.name.apply(lambda name: gcp.composer.get_user_workloads_secret_output(environment=name,\n name=google_composer_user_workloads_secret[\"example\"][\"name\"]))\npulumi.export(\"debug\", example)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleEnvironment = new Gcp.Composer.Environment(\"example\", new()\n {\n Name = \"example-environment\",\n Config = new Gcp.Composer.Inputs.EnvironmentConfigArgs\n {\n SoftwareConfig = new Gcp.Composer.Inputs.EnvironmentConfigSoftwareConfigArgs\n {\n ImageVersion = \"composer-3-airflow-2\",\n },\n },\n });\n\n var exampleUserWorkloadsSecret = new Gcp.Composer.UserWorkloadsSecret(\"example\", new()\n {\n Environment = exampleEnvironment.Name,\n Name = \"example-secret\",\n Data = \n {\n { \"username\", Std.Base64encode.Invoke(new()\n {\n Input = \"username\",\n }).Apply(invoke =\u003e invoke.Result) },\n { \"password\", Std.Base64encode.Invoke(new()\n {\n Input = \"password\",\n }).Apply(invoke =\u003e invoke.Result) },\n },\n });\n\n var example = Gcp.Composer.GetUserWorkloadsSecret.Invoke(new()\n {\n Environment = exampleEnvironment.Name,\n Name = googleComposerUserWorkloadsSecret.Example.Name,\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"debug\"] = example,\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/composer\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleEnvironment, err := composer.NewEnvironment(ctx, \"example\", \u0026composer.EnvironmentArgs{\n\t\t\tName: pulumi.String(\"example-environment\"),\n\t\t\tConfig: \u0026composer.EnvironmentConfigArgs{\n\t\t\t\tSoftwareConfig: \u0026composer.EnvironmentConfigSoftwareConfigArgs{\n\t\t\t\t\tImageVersion: pulumi.String(\"composer-3-airflow-2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeBase64encode, err := std.Base64encode(ctx, \u0026std.Base64encodeArgs{\n\t\t\tInput: \"username\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeBase64encode1, err := std.Base64encode(ctx, \u0026std.Base64encodeArgs{\n\t\t\tInput: \"password\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = composer.NewUserWorkloadsSecret(ctx, \"example\", \u0026composer.UserWorkloadsSecretArgs{\n\t\t\tEnvironment: exampleEnvironment.Name,\n\t\t\tName: pulumi.String(\"example-secret\"),\n\t\t\tData: pulumi.StringMap{\n\t\t\t\t\"username\": pulumi.String(invokeBase64encode.Result),\n\t\t\t\t\"password\": pulumi.String(invokeBase64encode1.Result),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample := exampleEnvironment.Name.ApplyT(func(name string) (composer.GetUserWorkloadsSecretResult, error) {\n\t\t\treturn composer.GetUserWorkloadsSecretResult(interface{}(composer.LookupUserWorkloadsSecretOutput(ctx, composer.GetUserWorkloadsSecretOutputArgs{\n\t\t\t\tEnvironment: name,\n\t\t\t\tName: googleComposerUserWorkloadsSecret.Example.Name,\n\t\t\t}, nil))), nil\n\t\t}).(composer.GetUserWorkloadsSecretResultOutput)\n\t\tctx.Export(\"debug\", example)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.composer.Environment;\nimport com.pulumi.gcp.composer.EnvironmentArgs;\nimport com.pulumi.gcp.composer.inputs.EnvironmentConfigArgs;\nimport com.pulumi.gcp.composer.inputs.EnvironmentConfigSoftwareConfigArgs;\nimport com.pulumi.gcp.composer.UserWorkloadsSecret;\nimport com.pulumi.gcp.composer.UserWorkloadsSecretArgs;\nimport com.pulumi.gcp.composer.ComposerFunctions;\nimport com.pulumi.gcp.composer.inputs.GetUserWorkloadsSecretArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleEnvironment = new Environment(\"exampleEnvironment\", EnvironmentArgs.builder()\n .name(\"example-environment\")\n .config(EnvironmentConfigArgs.builder()\n .softwareConfig(EnvironmentConfigSoftwareConfigArgs.builder()\n .imageVersion(\"composer-3-airflow-2\")\n .build())\n .build())\n .build());\n\n var exampleUserWorkloadsSecret = new UserWorkloadsSecret(\"exampleUserWorkloadsSecret\", UserWorkloadsSecretArgs.builder()\n .environment(exampleEnvironment.name())\n .name(\"example-secret\")\n .data(Map.ofEntries(\n Map.entry(\"username\", StdFunctions.base64encode(Base64encodeArgs.builder()\n .input(\"username\")\n .build()).result()),\n Map.entry(\"password\", StdFunctions.base64encode(Base64encodeArgs.builder()\n .input(\"password\")\n .build()).result())\n ))\n .build());\n\n final var example = ComposerFunctions.getUserWorkloadsSecret(GetUserWorkloadsSecretArgs.builder()\n .environment(exampleEnvironment.name())\n .name(googleComposerUserWorkloadsSecret.example().name())\n .build());\n\n ctx.export(\"debug\", example.applyValue(getUserWorkloadsSecretResult -\u003e getUserWorkloadsSecretResult));\n }\n}\n```\n```yaml\nresources:\n exampleEnvironment:\n type: gcp:composer:Environment\n name: example\n properties:\n name: example-environment\n config:\n softwareConfig:\n imageVersion: composer-3-airflow-2\n exampleUserWorkloadsSecret:\n type: gcp:composer:UserWorkloadsSecret\n name: example\n properties:\n environment: ${exampleEnvironment.name}\n name: example-secret\n data:\n username:\n fn::invoke:\n Function: std:base64encode\n Arguments:\n input: username\n Return: result\n password:\n fn::invoke:\n Function: std:base64encode\n Arguments:\n input: password\n Return: result\nvariables:\n example:\n fn::invoke:\n Function: gcp:composer:getUserWorkloadsSecret\n Arguments:\n environment: ${exampleEnvironment.name}\n name: ${googleComposerUserWorkloadsSecret.example.name}\noutputs:\n debug: ${example}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst exampleEnvironment = new gcp.composer.Environment(\"example\", {\n name: \"example-environment\",\n config: {\n softwareConfig: {\n imageVersion: \"composer-3-airflow-2\",\n },\n },\n});\nconst exampleUserWorkloadsSecret = new gcp.composer.UserWorkloadsSecret(\"example\", {\n environment: exampleEnvironment.name,\n name: \"example-secret\",\n data: {\n username: std.base64encode({\n input: \"username\",\n }).then(invoke =\u003e invoke.result),\n password: std.base64encode({\n input: \"password\",\n }).then(invoke =\u003e invoke.result),\n },\n});\nconst example = exampleEnvironment.name.apply(name =\u003e gcp.composer.getUserWorkloadsSecretOutput({\n environment: name,\n name: googleComposerUserWorkloadsSecret.example.name,\n}));\nexport const debug = example;\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nexample_environment = gcp.composer.Environment(\"example\",\n name=\"example-environment\",\n config={\n \"software_config\": {\n \"image_version\": \"composer-3-airflow-2\",\n },\n })\nexample_user_workloads_secret = gcp.composer.UserWorkloadsSecret(\"example\",\n environment=example_environment.name,\n name=\"example-secret\",\n data={\n \"username\": std.base64encode(input=\"username\").result,\n \"password\": std.base64encode(input=\"password\").result,\n })\nexample = example_environment.name.apply(lambda name: gcp.composer.get_user_workloads_secret_output(environment=name,\n name=google_composer_user_workloads_secret[\"example\"][\"name\"]))\npulumi.export(\"debug\", example)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleEnvironment = new Gcp.Composer.Environment(\"example\", new()\n {\n Name = \"example-environment\",\n Config = new Gcp.Composer.Inputs.EnvironmentConfigArgs\n {\n SoftwareConfig = new Gcp.Composer.Inputs.EnvironmentConfigSoftwareConfigArgs\n {\n ImageVersion = \"composer-3-airflow-2\",\n },\n },\n });\n\n var exampleUserWorkloadsSecret = new Gcp.Composer.UserWorkloadsSecret(\"example\", new()\n {\n Environment = exampleEnvironment.Name,\n Name = \"example-secret\",\n Data = \n {\n { \"username\", Std.Base64encode.Invoke(new()\n {\n Input = \"username\",\n }).Apply(invoke =\u003e invoke.Result) },\n { \"password\", Std.Base64encode.Invoke(new()\n {\n Input = \"password\",\n }).Apply(invoke =\u003e invoke.Result) },\n },\n });\n\n var example = Gcp.Composer.GetUserWorkloadsSecret.Invoke(new()\n {\n Environment = exampleEnvironment.Name,\n Name = googleComposerUserWorkloadsSecret.Example.Name,\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"debug\"] = example,\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/composer\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleEnvironment, err := composer.NewEnvironment(ctx, \"example\", \u0026composer.EnvironmentArgs{\n\t\t\tName: pulumi.String(\"example-environment\"),\n\t\t\tConfig: \u0026composer.EnvironmentConfigArgs{\n\t\t\t\tSoftwareConfig: \u0026composer.EnvironmentConfigSoftwareConfigArgs{\n\t\t\t\t\tImageVersion: pulumi.String(\"composer-3-airflow-2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeBase64encode, err := std.Base64encode(ctx, \u0026std.Base64encodeArgs{\n\t\t\tInput: \"username\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeBase64encode1, err := std.Base64encode(ctx, \u0026std.Base64encodeArgs{\n\t\t\tInput: \"password\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = composer.NewUserWorkloadsSecret(ctx, \"example\", \u0026composer.UserWorkloadsSecretArgs{\n\t\t\tEnvironment: exampleEnvironment.Name,\n\t\t\tName: pulumi.String(\"example-secret\"),\n\t\t\tData: pulumi.StringMap{\n\t\t\t\t\"username\": pulumi.String(invokeBase64encode.Result),\n\t\t\t\t\"password\": pulumi.String(invokeBase64encode1.Result),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample := exampleEnvironment.Name.ApplyT(func(name string) (composer.GetUserWorkloadsSecretResult, error) {\n\t\t\treturn composer.GetUserWorkloadsSecretResult(interface{}(composer.LookupUserWorkloadsSecretOutput(ctx, composer.GetUserWorkloadsSecretOutputArgs{\n\t\t\t\tEnvironment: name,\n\t\t\t\tName: googleComposerUserWorkloadsSecret.Example.Name,\n\t\t\t}, nil))), nil\n\t\t}).(composer.GetUserWorkloadsSecretResultOutput)\n\t\tctx.Export(\"debug\", example)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.composer.Environment;\nimport com.pulumi.gcp.composer.EnvironmentArgs;\nimport com.pulumi.gcp.composer.inputs.EnvironmentConfigArgs;\nimport com.pulumi.gcp.composer.inputs.EnvironmentConfigSoftwareConfigArgs;\nimport com.pulumi.gcp.composer.UserWorkloadsSecret;\nimport com.pulumi.gcp.composer.UserWorkloadsSecretArgs;\nimport com.pulumi.gcp.composer.ComposerFunctions;\nimport com.pulumi.gcp.composer.inputs.GetUserWorkloadsSecretArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleEnvironment = new Environment(\"exampleEnvironment\", EnvironmentArgs.builder()\n .name(\"example-environment\")\n .config(EnvironmentConfigArgs.builder()\n .softwareConfig(EnvironmentConfigSoftwareConfigArgs.builder()\n .imageVersion(\"composer-3-airflow-2\")\n .build())\n .build())\n .build());\n\n var exampleUserWorkloadsSecret = new UserWorkloadsSecret(\"exampleUserWorkloadsSecret\", UserWorkloadsSecretArgs.builder()\n .environment(exampleEnvironment.name())\n .name(\"example-secret\")\n .data(Map.ofEntries(\n Map.entry(\"username\", StdFunctions.base64encode(Base64encodeArgs.builder()\n .input(\"username\")\n .build()).result()),\n Map.entry(\"password\", StdFunctions.base64encode(Base64encodeArgs.builder()\n .input(\"password\")\n .build()).result())\n ))\n .build());\n\n final var example = ComposerFunctions.getUserWorkloadsSecret(GetUserWorkloadsSecretArgs.builder()\n .environment(exampleEnvironment.name())\n .name(googleComposerUserWorkloadsSecret.example().name())\n .build());\n\n ctx.export(\"debug\", example.applyValue(getUserWorkloadsSecretResult -\u003e getUserWorkloadsSecretResult));\n }\n}\n```\n```yaml\nresources:\n exampleEnvironment:\n type: gcp:composer:Environment\n name: example\n properties:\n name: example-environment\n config:\n softwareConfig:\n imageVersion: composer-3-airflow-2\n exampleUserWorkloadsSecret:\n type: gcp:composer:UserWorkloadsSecret\n name: example\n properties:\n environment: ${exampleEnvironment.name}\n name: example-secret\n data:\n username:\n fn::invoke:\n function: std:base64encode\n arguments:\n input: username\n return: result\n password:\n fn::invoke:\n function: std:base64encode\n arguments:\n input: password\n return: result\nvariables:\n example:\n fn::invoke:\n function: gcp:composer:getUserWorkloadsSecret\n arguments:\n environment: ${exampleEnvironment.name}\n name: ${googleComposerUserWorkloadsSecret.example.name}\noutputs:\n debug: ${example}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getUserWorkloadsSecret.\n", "properties": { @@ -284774,7 +284774,7 @@ } }, "gcp:compute/getAddress:getAddress": { - "description": "Get the IP address from a static address. For more information see\nthe official [API](https://cloud.google.com/compute/docs/reference/latest/addresses/get) documentation.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myAddress = gcp.compute.getAddress({\n name: \"foobar\",\n});\nconst prod = new gcp.dns.ManagedZone(\"prod\", {\n name: \"prod-zone\",\n dnsName: \"prod.mydomain.com.\",\n});\nconst frontend = new gcp.dns.RecordSet(\"frontend\", {\n name: pulumi.interpolate`frontend.${prod.dnsName}`,\n type: \"A\",\n ttl: 300,\n managedZone: prod.name,\n rrdatas: [myAddress.then(myAddress =\u003e myAddress.address)],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_address = gcp.compute.get_address(name=\"foobar\")\nprod = gcp.dns.ManagedZone(\"prod\",\n name=\"prod-zone\",\n dns_name=\"prod.mydomain.com.\")\nfrontend = gcp.dns.RecordSet(\"frontend\",\n name=prod.dns_name.apply(lambda dns_name: f\"frontend.{dns_name}\"),\n type=\"A\",\n ttl=300,\n managed_zone=prod.name,\n rrdatas=[my_address.address])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myAddress = Gcp.Compute.GetAddress.Invoke(new()\n {\n Name = \"foobar\",\n });\n\n var prod = new Gcp.Dns.ManagedZone(\"prod\", new()\n {\n Name = \"prod-zone\",\n DnsName = \"prod.mydomain.com.\",\n });\n\n var frontend = new Gcp.Dns.RecordSet(\"frontend\", new()\n {\n Name = prod.DnsName.Apply(dnsName =\u003e $\"frontend.{dnsName}\"),\n Type = \"A\",\n Ttl = 300,\n ManagedZone = prod.Name,\n Rrdatas = new[]\n {\n myAddress.Apply(getAddressResult =\u003e getAddressResult.Address),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyAddress, err := compute.LookupAddress(ctx, \u0026compute.LookupAddressArgs{\n\t\t\tName: \"foobar\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprod, err := dns.NewManagedZone(ctx, \"prod\", \u0026dns.ManagedZoneArgs{\n\t\t\tName: pulumi.String(\"prod-zone\"),\n\t\t\tDnsName: pulumi.String(\"prod.mydomain.com.\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewRecordSet(ctx, \"frontend\", \u0026dns.RecordSetArgs{\n\t\t\tName: prod.DnsName.ApplyT(func(dnsName string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"frontend.%v\", dnsName), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tTtl: pulumi.Int(300),\n\t\t\tManagedZone: prod.Name,\n\t\t\tRrdatas: pulumi.StringArray{\n\t\t\t\tpulumi.String(myAddress.Address),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetAddressArgs;\nimport com.pulumi.gcp.dns.ManagedZone;\nimport com.pulumi.gcp.dns.ManagedZoneArgs;\nimport com.pulumi.gcp.dns.RecordSet;\nimport com.pulumi.gcp.dns.RecordSetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myAddress = ComputeFunctions.getAddress(GetAddressArgs.builder()\n .name(\"foobar\")\n .build());\n\n var prod = new ManagedZone(\"prod\", ManagedZoneArgs.builder()\n .name(\"prod-zone\")\n .dnsName(\"prod.mydomain.com.\")\n .build());\n\n var frontend = new RecordSet(\"frontend\", RecordSetArgs.builder()\n .name(prod.dnsName().applyValue(dnsName -\u003e String.format(\"frontend.%s\", dnsName)))\n .type(\"A\")\n .ttl(300)\n .managedZone(prod.name())\n .rrdatas(myAddress.applyValue(getAddressResult -\u003e getAddressResult.address()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n frontend:\n type: gcp:dns:RecordSet\n properties:\n name: frontend.${prod.dnsName}\n type: A\n ttl: 300\n managedZone: ${prod.name}\n rrdatas:\n - ${myAddress.address}\n prod:\n type: gcp:dns:ManagedZone\n properties:\n name: prod-zone\n dnsName: prod.mydomain.com.\nvariables:\n myAddress:\n fn::invoke:\n Function: gcp:compute:getAddress\n Arguments:\n name: foobar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get the IP address from a static address. For more information see\nthe official [API](https://cloud.google.com/compute/docs/reference/latest/addresses/get) documentation.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myAddress = gcp.compute.getAddress({\n name: \"foobar\",\n});\nconst prod = new gcp.dns.ManagedZone(\"prod\", {\n name: \"prod-zone\",\n dnsName: \"prod.mydomain.com.\",\n});\nconst frontend = new gcp.dns.RecordSet(\"frontend\", {\n name: pulumi.interpolate`frontend.${prod.dnsName}`,\n type: \"A\",\n ttl: 300,\n managedZone: prod.name,\n rrdatas: [myAddress.then(myAddress =\u003e myAddress.address)],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_address = gcp.compute.get_address(name=\"foobar\")\nprod = gcp.dns.ManagedZone(\"prod\",\n name=\"prod-zone\",\n dns_name=\"prod.mydomain.com.\")\nfrontend = gcp.dns.RecordSet(\"frontend\",\n name=prod.dns_name.apply(lambda dns_name: f\"frontend.{dns_name}\"),\n type=\"A\",\n ttl=300,\n managed_zone=prod.name,\n rrdatas=[my_address.address])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myAddress = Gcp.Compute.GetAddress.Invoke(new()\n {\n Name = \"foobar\",\n });\n\n var prod = new Gcp.Dns.ManagedZone(\"prod\", new()\n {\n Name = \"prod-zone\",\n DnsName = \"prod.mydomain.com.\",\n });\n\n var frontend = new Gcp.Dns.RecordSet(\"frontend\", new()\n {\n Name = prod.DnsName.Apply(dnsName =\u003e $\"frontend.{dnsName}\"),\n Type = \"A\",\n Ttl = 300,\n ManagedZone = prod.Name,\n Rrdatas = new[]\n {\n myAddress.Apply(getAddressResult =\u003e getAddressResult.Address),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyAddress, err := compute.LookupAddress(ctx, \u0026compute.LookupAddressArgs{\n\t\t\tName: \"foobar\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprod, err := dns.NewManagedZone(ctx, \"prod\", \u0026dns.ManagedZoneArgs{\n\t\t\tName: pulumi.String(\"prod-zone\"),\n\t\t\tDnsName: pulumi.String(\"prod.mydomain.com.\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewRecordSet(ctx, \"frontend\", \u0026dns.RecordSetArgs{\n\t\t\tName: prod.DnsName.ApplyT(func(dnsName string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"frontend.%v\", dnsName), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tTtl: pulumi.Int(300),\n\t\t\tManagedZone: prod.Name,\n\t\t\tRrdatas: pulumi.StringArray{\n\t\t\t\tpulumi.String(myAddress.Address),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetAddressArgs;\nimport com.pulumi.gcp.dns.ManagedZone;\nimport com.pulumi.gcp.dns.ManagedZoneArgs;\nimport com.pulumi.gcp.dns.RecordSet;\nimport com.pulumi.gcp.dns.RecordSetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myAddress = ComputeFunctions.getAddress(GetAddressArgs.builder()\n .name(\"foobar\")\n .build());\n\n var prod = new ManagedZone(\"prod\", ManagedZoneArgs.builder()\n .name(\"prod-zone\")\n .dnsName(\"prod.mydomain.com.\")\n .build());\n\n var frontend = new RecordSet(\"frontend\", RecordSetArgs.builder()\n .name(prod.dnsName().applyValue(dnsName -\u003e String.format(\"frontend.%s\", dnsName)))\n .type(\"A\")\n .ttl(300)\n .managedZone(prod.name())\n .rrdatas(myAddress.applyValue(getAddressResult -\u003e getAddressResult.address()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n frontend:\n type: gcp:dns:RecordSet\n properties:\n name: frontend.${prod.dnsName}\n type: A\n ttl: 300\n managedZone: ${prod.name}\n rrdatas:\n - ${myAddress.address}\n prod:\n type: gcp:dns:ManagedZone\n properties:\n name: prod-zone\n dnsName: prod.mydomain.com.\nvariables:\n myAddress:\n fn::invoke:\n function: gcp:compute:getAddress\n arguments:\n name: foobar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getAddress.\n", "properties": { @@ -284919,7 +284919,7 @@ } }, "gcp:compute/getBackendBucket:getBackendBucket": { - "description": "Get information about a BackendBucket.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-backend-bucket = gcp.compute.getBackendBucket({\n name: \"my-backend\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_backend_bucket = gcp.compute.get_backend_bucket(name=\"my-backend\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_backend_bucket = Gcp.Compute.GetBackendBucket.Invoke(new()\n {\n Name = \"my-backend\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupBackendBucket(ctx, \u0026compute.LookupBackendBucketArgs{\n\t\t\tName: \"my-backend\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetBackendBucketArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-backend-bucket = ComputeFunctions.getBackendBucket(GetBackendBucketArgs.builder()\n .name(\"my-backend\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-backend-bucket:\n fn::invoke:\n Function: gcp:compute:getBackendBucket\n Arguments:\n name: my-backend\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get information about a BackendBucket.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-backend-bucket = gcp.compute.getBackendBucket({\n name: \"my-backend\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_backend_bucket = gcp.compute.get_backend_bucket(name=\"my-backend\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_backend_bucket = Gcp.Compute.GetBackendBucket.Invoke(new()\n {\n Name = \"my-backend\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupBackendBucket(ctx, \u0026compute.LookupBackendBucketArgs{\n\t\t\tName: \"my-backend\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetBackendBucketArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-backend-bucket = ComputeFunctions.getBackendBucket(GetBackendBucketArgs.builder()\n .name(\"my-backend\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-backend-bucket:\n fn::invoke:\n function: gcp:compute:getBackendBucket\n arguments:\n name: my-backend\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getBackendBucket.\n", "properties": { @@ -285053,7 +285053,7 @@ } }, "gcp:compute/getBackendService:getBackendService": { - "description": "Provide access to a Backend Service's attribute. For more information\nsee [the official documentation](https://cloud.google.com/compute/docs/load-balancing/http/backend-service)\nand the [API](https://cloud.google.com/compute/docs/reference/latest/backendServices).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst baz = gcp.compute.getBackendService({\n name: \"foobar\",\n});\nconst _default = new gcp.compute.BackendService(\"default\", {\n name: \"backend-service\",\n healthChecks: baz.then(baz =\u003e baz.healthChecks?.[0]),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbaz = gcp.compute.get_backend_service(name=\"foobar\")\ndefault = gcp.compute.BackendService(\"default\",\n name=\"backend-service\",\n health_checks=baz.health_checks[0])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var baz = Gcp.Compute.GetBackendService.Invoke(new()\n {\n Name = \"foobar\",\n });\n\n var @default = new Gcp.Compute.BackendService(\"default\", new()\n {\n Name = \"backend-service\",\n HealthChecks = baz.Apply(getBackendServiceResult =\u003e getBackendServiceResult.HealthChecks[0]),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbaz, err := compute.LookupBackendService(ctx, \u0026compute.LookupBackendServiceArgs{\n\t\t\tName: \"foobar\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewBackendService(ctx, \"default\", \u0026compute.BackendServiceArgs{\n\t\t\tName: pulumi.String(\"backend-service\"),\n\t\t\tHealthChecks: pulumi.String(baz.HealthChecks[0]),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetBackendServiceArgs;\nimport com.pulumi.gcp.compute.BackendService;\nimport com.pulumi.gcp.compute.BackendServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var baz = ComputeFunctions.getBackendService(GetBackendServiceArgs.builder()\n .name(\"foobar\")\n .build());\n\n var default_ = new BackendService(\"default\", BackendServiceArgs.builder()\n .name(\"backend-service\")\n .healthChecks(baz.applyValue(getBackendServiceResult -\u003e getBackendServiceResult.healthChecks()[0]))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:BackendService\n properties:\n name: backend-service\n healthChecks: ${baz.healthChecks[0]}\nvariables:\n baz:\n fn::invoke:\n Function: gcp:compute:getBackendService\n Arguments:\n name: foobar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Provide access to a Backend Service's attribute. For more information\nsee [the official documentation](https://cloud.google.com/compute/docs/load-balancing/http/backend-service)\nand the [API](https://cloud.google.com/compute/docs/reference/latest/backendServices).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst baz = gcp.compute.getBackendService({\n name: \"foobar\",\n});\nconst _default = new gcp.compute.BackendService(\"default\", {\n name: \"backend-service\",\n healthChecks: baz.then(baz =\u003e baz.healthChecks?.[0]),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbaz = gcp.compute.get_backend_service(name=\"foobar\")\ndefault = gcp.compute.BackendService(\"default\",\n name=\"backend-service\",\n health_checks=baz.health_checks[0])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var baz = Gcp.Compute.GetBackendService.Invoke(new()\n {\n Name = \"foobar\",\n });\n\n var @default = new Gcp.Compute.BackendService(\"default\", new()\n {\n Name = \"backend-service\",\n HealthChecks = baz.Apply(getBackendServiceResult =\u003e getBackendServiceResult.HealthChecks[0]),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbaz, err := compute.LookupBackendService(ctx, \u0026compute.LookupBackendServiceArgs{\n\t\t\tName: \"foobar\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewBackendService(ctx, \"default\", \u0026compute.BackendServiceArgs{\n\t\t\tName: pulumi.String(\"backend-service\"),\n\t\t\tHealthChecks: pulumi.String(baz.HealthChecks[0]),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetBackendServiceArgs;\nimport com.pulumi.gcp.compute.BackendService;\nimport com.pulumi.gcp.compute.BackendServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var baz = ComputeFunctions.getBackendService(GetBackendServiceArgs.builder()\n .name(\"foobar\")\n .build());\n\n var default_ = new BackendService(\"default\", BackendServiceArgs.builder()\n .name(\"backend-service\")\n .healthChecks(baz.applyValue(getBackendServiceResult -\u003e getBackendServiceResult.healthChecks()[0]))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:BackendService\n properties:\n name: backend-service\n healthChecks: ${baz.healthChecks[0]}\nvariables:\n baz:\n fn::invoke:\n function: gcp:compute:getBackendService\n arguments:\n name: foobar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getBackendService.\n", "properties": { @@ -285324,7 +285324,7 @@ } }, "gcp:compute/getCertificate:getCertificate": { - "description": "Get info about a Google Compute SSL Certificate from its name.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myCert = gcp.compute.getCertificate({\n name: \"my-cert\",\n});\nexport const certificate = myCert.then(myCert =\u003e myCert.certificate);\nexport const certificateId = myCert.then(myCert =\u003e myCert.certificateId);\nexport const selfLink = myCert.then(myCert =\u003e myCert.selfLink);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_cert = gcp.compute.get_certificate(name=\"my-cert\")\npulumi.export(\"certificate\", my_cert.certificate)\npulumi.export(\"certificateId\", my_cert.certificate_id)\npulumi.export(\"selfLink\", my_cert.self_link)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myCert = Gcp.Compute.GetCertificate.Invoke(new()\n {\n Name = \"my-cert\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"certificate\"] = myCert.Apply(getCertificateResult =\u003e getCertificateResult.Certificate),\n [\"certificateId\"] = myCert.Apply(getCertificateResult =\u003e getCertificateResult.CertificateId),\n [\"selfLink\"] = myCert.Apply(getCertificateResult =\u003e getCertificateResult.SelfLink),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyCert, err := compute.GetCertificate(ctx, \u0026compute.GetCertificateArgs{\n\t\t\tName: \"my-cert\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"certificate\", myCert.Certificate)\n\t\tctx.Export(\"certificateId\", myCert.CertificateId)\n\t\tctx.Export(\"selfLink\", myCert.SelfLink)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetCertificateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myCert = ComputeFunctions.getCertificate(GetCertificateArgs.builder()\n .name(\"my-cert\")\n .build());\n\n ctx.export(\"certificate\", myCert.applyValue(getCertificateResult -\u003e getCertificateResult.certificate()));\n ctx.export(\"certificateId\", myCert.applyValue(getCertificateResult -\u003e getCertificateResult.certificateId()));\n ctx.export(\"selfLink\", myCert.applyValue(getCertificateResult -\u003e getCertificateResult.selfLink()));\n }\n}\n```\n```yaml\nvariables:\n myCert:\n fn::invoke:\n Function: gcp:compute:getCertificate\n Arguments:\n name: my-cert\noutputs:\n certificate: ${myCert.certificate}\n certificateId: ${myCert.certificateId}\n selfLink: ${myCert.selfLink}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get info about a Google Compute SSL Certificate from its name.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myCert = gcp.compute.getCertificate({\n name: \"my-cert\",\n});\nexport const certificate = myCert.then(myCert =\u003e myCert.certificate);\nexport const certificateId = myCert.then(myCert =\u003e myCert.certificateId);\nexport const selfLink = myCert.then(myCert =\u003e myCert.selfLink);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_cert = gcp.compute.get_certificate(name=\"my-cert\")\npulumi.export(\"certificate\", my_cert.certificate)\npulumi.export(\"certificateId\", my_cert.certificate_id)\npulumi.export(\"selfLink\", my_cert.self_link)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myCert = Gcp.Compute.GetCertificate.Invoke(new()\n {\n Name = \"my-cert\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"certificate\"] = myCert.Apply(getCertificateResult =\u003e getCertificateResult.Certificate),\n [\"certificateId\"] = myCert.Apply(getCertificateResult =\u003e getCertificateResult.CertificateId),\n [\"selfLink\"] = myCert.Apply(getCertificateResult =\u003e getCertificateResult.SelfLink),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyCert, err := compute.GetCertificate(ctx, \u0026compute.GetCertificateArgs{\n\t\t\tName: \"my-cert\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"certificate\", myCert.Certificate)\n\t\tctx.Export(\"certificateId\", myCert.CertificateId)\n\t\tctx.Export(\"selfLink\", myCert.SelfLink)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetCertificateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myCert = ComputeFunctions.getCertificate(GetCertificateArgs.builder()\n .name(\"my-cert\")\n .build());\n\n ctx.export(\"certificate\", myCert.applyValue(getCertificateResult -\u003e getCertificateResult.certificate()));\n ctx.export(\"certificateId\", myCert.applyValue(getCertificateResult -\u003e getCertificateResult.certificateId()));\n ctx.export(\"selfLink\", myCert.applyValue(getCertificateResult -\u003e getCertificateResult.selfLink()));\n }\n}\n```\n```yaml\nvariables:\n myCert:\n fn::invoke:\n function: gcp:compute:getCertificate\n arguments:\n name: my-cert\noutputs:\n certificate: ${myCert.certificate}\n certificateId: ${myCert.certificateId}\n selfLink: ${myCert.selfLink}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getCertificate.\n", "properties": { @@ -285396,7 +285396,7 @@ } }, "gcp:compute/getDefaultServiceAccount:getDefaultServiceAccount": { - "description": "Use this data source to retrieve default service account for this project\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getDefaultServiceAccount({});\nexport const defaultAccount = _default.then(_default =\u003e _default.email);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_default_service_account()\npulumi.export(\"defaultAccount\", default.email)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetDefaultServiceAccount.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"defaultAccount\"] = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Email)),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.GetDefaultServiceAccount(ctx, \u0026compute.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"defaultAccount\", _default.Email)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetDefaultServiceAccountArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getDefaultServiceAccount();\n\n ctx.export(\"defaultAccount\", default_.email());\n }\n}\n```\n```yaml\nvariables:\n default:\n fn::invoke:\n Function: gcp:compute:getDefaultServiceAccount\n Arguments: {}\noutputs:\n defaultAccount: ${default.email}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to retrieve default service account for this project\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getDefaultServiceAccount({});\nexport const defaultAccount = _default.then(_default =\u003e _default.email);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_default_service_account()\npulumi.export(\"defaultAccount\", default.email)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetDefaultServiceAccount.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"defaultAccount\"] = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Email)),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.GetDefaultServiceAccount(ctx, \u0026compute.GetDefaultServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"defaultAccount\", _default.Email)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetDefaultServiceAccountArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getDefaultServiceAccount();\n\n ctx.export(\"defaultAccount\", default_.email());\n }\n}\n```\n```yaml\nvariables:\n default:\n fn::invoke:\n function: gcp:compute:getDefaultServiceAccount\n arguments: {}\noutputs:\n defaultAccount: ${default.email}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getDefaultServiceAccount.\n", "properties": { @@ -285451,7 +285451,7 @@ } }, "gcp:compute/getDisk:getDisk": { - "description": "Get information about a Google Compute Persistent disks.\n\n[the official documentation](https://cloud.google.com/compute/docs/disks) and its [API](https://cloud.google.com/compute/docs/reference/latest/disks).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst persistent-boot-disk = gcp.compute.getDisk({\n name: \"persistent-boot-disk\",\n project: \"example\",\n});\nconst _default = new gcp.compute.Instance(\"default\", {bootDisk: {\n source: persistent_boot_disk.then(persistent_boot_disk =\u003e persistent_boot_disk.selfLink),\n autoDelete: false,\n}});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npersistent_boot_disk = gcp.compute.get_disk(name=\"persistent-boot-disk\",\n project=\"example\")\ndefault = gcp.compute.Instance(\"default\", boot_disk={\n \"source\": persistent_boot_disk.self_link,\n \"auto_delete\": False,\n})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var persistent_boot_disk = Gcp.Compute.GetDisk.Invoke(new()\n {\n Name = \"persistent-boot-disk\",\n Project = \"example\",\n });\n\n var @default = new Gcp.Compute.Instance(\"default\", new()\n {\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n Source = persistent_boot_disk.Apply(persistent_boot_disk =\u003e persistent_boot_disk.Apply(getDiskResult =\u003e getDiskResult.SelfLink)),\n AutoDelete = false,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpersistent_boot_disk, err := compute.LookupDisk(ctx, \u0026compute.LookupDiskArgs{\n\t\t\tName: \"persistent-boot-disk\",\n\t\t\tProject: pulumi.StringRef(\"example\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstance(ctx, \"default\", \u0026compute.InstanceArgs{\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tSource: pulumi.String(persistent_boot_disk.SelfLink),\n\t\t\t\tAutoDelete: pulumi.Bool(false),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetDiskArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var persistent-boot-disk = ComputeFunctions.getDisk(GetDiskArgs.builder()\n .name(\"persistent-boot-disk\")\n .project(\"example\")\n .build());\n\n var default_ = new Instance(\"default\", InstanceArgs.builder()\n .bootDisk(InstanceBootDiskArgs.builder()\n .source(persistent_boot_disk.selfLink())\n .autoDelete(false)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:Instance\n properties:\n bootDisk:\n source: ${[\"persistent-boot-disk\"].selfLink}\n autoDelete: false\nvariables:\n persistent-boot-disk:\n fn::invoke:\n Function: gcp:compute:getDisk\n Arguments:\n name: persistent-boot-disk\n project: example\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get information about a Google Compute Persistent disks.\n\n[the official documentation](https://cloud.google.com/compute/docs/disks) and its [API](https://cloud.google.com/compute/docs/reference/latest/disks).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst persistent-boot-disk = gcp.compute.getDisk({\n name: \"persistent-boot-disk\",\n project: \"example\",\n});\nconst _default = new gcp.compute.Instance(\"default\", {bootDisk: {\n source: persistent_boot_disk.then(persistent_boot_disk =\u003e persistent_boot_disk.selfLink),\n autoDelete: false,\n}});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npersistent_boot_disk = gcp.compute.get_disk(name=\"persistent-boot-disk\",\n project=\"example\")\ndefault = gcp.compute.Instance(\"default\", boot_disk={\n \"source\": persistent_boot_disk.self_link,\n \"auto_delete\": False,\n})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var persistent_boot_disk = Gcp.Compute.GetDisk.Invoke(new()\n {\n Name = \"persistent-boot-disk\",\n Project = \"example\",\n });\n\n var @default = new Gcp.Compute.Instance(\"default\", new()\n {\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n Source = persistent_boot_disk.Apply(persistent_boot_disk =\u003e persistent_boot_disk.Apply(getDiskResult =\u003e getDiskResult.SelfLink)),\n AutoDelete = false,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpersistent_boot_disk, err := compute.LookupDisk(ctx, \u0026compute.LookupDiskArgs{\n\t\t\tName: \"persistent-boot-disk\",\n\t\t\tProject: pulumi.StringRef(\"example\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstance(ctx, \"default\", \u0026compute.InstanceArgs{\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tSource: pulumi.String(persistent_boot_disk.SelfLink),\n\t\t\t\tAutoDelete: pulumi.Bool(false),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetDiskArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var persistent-boot-disk = ComputeFunctions.getDisk(GetDiskArgs.builder()\n .name(\"persistent-boot-disk\")\n .project(\"example\")\n .build());\n\n var default_ = new Instance(\"default\", InstanceArgs.builder()\n .bootDisk(InstanceBootDiskArgs.builder()\n .source(persistent_boot_disk.selfLink())\n .autoDelete(false)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:Instance\n properties:\n bootDisk:\n source: ${[\"persistent-boot-disk\"].selfLink}\n autoDelete: false\nvariables:\n persistent-boot-disk:\n fn::invoke:\n function: gcp:compute:getDisk\n arguments:\n name: persistent-boot-disk\n project: example\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getDisk.\n", "properties": { @@ -285687,7 +285687,7 @@ } }, "gcp:compute/getDiskIamPolicy:getDiskIamPolicy": { - "description": "Retrieves the current IAM policy data for disk\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.compute.getDiskIamPolicy({\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.compute.get_disk_iam_policy(project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Compute.GetDiskIamPolicy.Invoke(new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupDiskIamPolicy(ctx, \u0026compute.LookupDiskIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(_default.Project),\n\t\t\tZone: pulumi.StringRef(_default.Zone),\n\t\t\tName: _default.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetDiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = ComputeFunctions.getDiskIamPolicy(GetDiskIamPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:compute:getDiskIamPolicy\n Arguments:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for disk\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.compute.getDiskIamPolicy({\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.compute.get_disk_iam_policy(project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Compute.GetDiskIamPolicy.Invoke(new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupDiskIamPolicy(ctx, \u0026compute.LookupDiskIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(_default.Project),\n\t\t\tZone: pulumi.StringRef(_default.Zone),\n\t\t\tName: _default.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetDiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = ComputeFunctions.getDiskIamPolicy(GetDiskIamPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:compute:getDiskIamPolicy\n arguments:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getDiskIamPolicy.\n", "properties": { @@ -285749,7 +285749,7 @@ } }, "gcp:compute/getForwardingRule:getForwardingRule": { - "description": "Get a forwarding rule within GCE from its name.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-forwarding-rule = gcp.compute.getForwardingRule({\n name: \"forwarding-rule-us-east1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_forwarding_rule = gcp.compute.get_forwarding_rule(name=\"forwarding-rule-us-east1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_forwarding_rule = Gcp.Compute.GetForwardingRule.Invoke(new()\n {\n Name = \"forwarding-rule-us-east1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupForwardingRule(ctx, \u0026compute.LookupForwardingRuleArgs{\n\t\t\tName: \"forwarding-rule-us-east1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetForwardingRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-forwarding-rule = ComputeFunctions.getForwardingRule(GetForwardingRuleArgs.builder()\n .name(\"forwarding-rule-us-east1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-forwarding-rule:\n fn::invoke:\n Function: gcp:compute:getForwardingRule\n Arguments:\n name: forwarding-rule-us-east1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get a forwarding rule within GCE from its name.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-forwarding-rule = gcp.compute.getForwardingRule({\n name: \"forwarding-rule-us-east1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_forwarding_rule = gcp.compute.get_forwarding_rule(name=\"forwarding-rule-us-east1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_forwarding_rule = Gcp.Compute.GetForwardingRule.Invoke(new()\n {\n Name = \"forwarding-rule-us-east1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupForwardingRule(ctx, \u0026compute.LookupForwardingRuleArgs{\n\t\t\tName: \"forwarding-rule-us-east1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetForwardingRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-forwarding-rule = ComputeFunctions.getForwardingRule(GetForwardingRuleArgs.builder()\n .name(\"forwarding-rule-us-east1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-forwarding-rule:\n fn::invoke:\n function: gcp:compute:getForwardingRule\n arguments:\n name: forwarding-rule-us-east1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getForwardingRule.\n", "properties": { @@ -285944,7 +285944,7 @@ } }, "gcp:compute/getForwardingRules:getForwardingRules": { - "description": "List all networks in a specified Google Cloud project.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-forwarding-rules = gcp.compute.getForwardingRules({\n project: \"my-cloud-project\",\n region: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_forwarding_rules = gcp.compute.get_forwarding_rules(project=\"my-cloud-project\",\n region=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_forwarding_rules = Gcp.Compute.GetForwardingRules.Invoke(new()\n {\n Project = \"my-cloud-project\",\n Region = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.GetForwardingRules(ctx, \u0026compute.GetForwardingRulesArgs{\n\t\t\tProject: pulumi.StringRef(\"my-cloud-project\"),\n\t\t\tRegion: pulumi.StringRef(\"us-central1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetForwardingRulesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-forwarding-rules = ComputeFunctions.getForwardingRules(GetForwardingRulesArgs.builder()\n .project(\"my-cloud-project\")\n .region(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-forwarding-rules:\n fn::invoke:\n Function: gcp:compute:getForwardingRules\n Arguments:\n project: my-cloud-project\n region: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "List all networks in a specified Google Cloud project.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-forwarding-rules = gcp.compute.getForwardingRules({\n project: \"my-cloud-project\",\n region: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_forwarding_rules = gcp.compute.get_forwarding_rules(project=\"my-cloud-project\",\n region=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_forwarding_rules = Gcp.Compute.GetForwardingRules.Invoke(new()\n {\n Project = \"my-cloud-project\",\n Region = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.GetForwardingRules(ctx, \u0026compute.GetForwardingRulesArgs{\n\t\t\tProject: pulumi.StringRef(\"my-cloud-project\"),\n\t\t\tRegion: pulumi.StringRef(\"us-central1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetForwardingRulesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-forwarding-rules = ComputeFunctions.getForwardingRules(GetForwardingRulesArgs.builder()\n .project(\"my-cloud-project\")\n .region(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-forwarding-rules:\n fn::invoke:\n function: gcp:compute:getForwardingRules\n arguments:\n project: my-cloud-project\n region: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getForwardingRules.\n", "properties": { @@ -285990,7 +285990,7 @@ } }, "gcp:compute/getGlobalAddress:getGlobalAddress": { - "description": "Get the IP address from a static address reserved for a Global Forwarding Rule which are only used for HTTP load balancing. For more information see\nthe official [API](https://cloud.google.com/compute/docs/reference/latest/globalAddresses) documentation.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myAddress = gcp.compute.getGlobalAddress({\n name: \"foobar\",\n});\nconst prod = new gcp.dns.ManagedZone(\"prod\", {\n name: \"prod-zone\",\n dnsName: \"prod.mydomain.com.\",\n});\nconst frontend = new gcp.dns.RecordSet(\"frontend\", {\n name: pulumi.interpolate`lb.${prod.dnsName}`,\n type: \"A\",\n ttl: 300,\n managedZone: prod.name,\n rrdatas: [myAddress.then(myAddress =\u003e myAddress.address)],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_address = gcp.compute.get_global_address(name=\"foobar\")\nprod = gcp.dns.ManagedZone(\"prod\",\n name=\"prod-zone\",\n dns_name=\"prod.mydomain.com.\")\nfrontend = gcp.dns.RecordSet(\"frontend\",\n name=prod.dns_name.apply(lambda dns_name: f\"lb.{dns_name}\"),\n type=\"A\",\n ttl=300,\n managed_zone=prod.name,\n rrdatas=[my_address.address])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myAddress = Gcp.Compute.GetGlobalAddress.Invoke(new()\n {\n Name = \"foobar\",\n });\n\n var prod = new Gcp.Dns.ManagedZone(\"prod\", new()\n {\n Name = \"prod-zone\",\n DnsName = \"prod.mydomain.com.\",\n });\n\n var frontend = new Gcp.Dns.RecordSet(\"frontend\", new()\n {\n Name = prod.DnsName.Apply(dnsName =\u003e $\"lb.{dnsName}\"),\n Type = \"A\",\n Ttl = 300,\n ManagedZone = prod.Name,\n Rrdatas = new[]\n {\n myAddress.Apply(getGlobalAddressResult =\u003e getGlobalAddressResult.Address),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyAddress, err := compute.LookupGlobalAddress(ctx, \u0026compute.LookupGlobalAddressArgs{\n\t\t\tName: \"foobar\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprod, err := dns.NewManagedZone(ctx, \"prod\", \u0026dns.ManagedZoneArgs{\n\t\t\tName: pulumi.String(\"prod-zone\"),\n\t\t\tDnsName: pulumi.String(\"prod.mydomain.com.\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewRecordSet(ctx, \"frontend\", \u0026dns.RecordSetArgs{\n\t\t\tName: prod.DnsName.ApplyT(func(dnsName string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"lb.%v\", dnsName), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tTtl: pulumi.Int(300),\n\t\t\tManagedZone: prod.Name,\n\t\t\tRrdatas: pulumi.StringArray{\n\t\t\t\tpulumi.String(myAddress.Address),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetGlobalAddressArgs;\nimport com.pulumi.gcp.dns.ManagedZone;\nimport com.pulumi.gcp.dns.ManagedZoneArgs;\nimport com.pulumi.gcp.dns.RecordSet;\nimport com.pulumi.gcp.dns.RecordSetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myAddress = ComputeFunctions.getGlobalAddress(GetGlobalAddressArgs.builder()\n .name(\"foobar\")\n .build());\n\n var prod = new ManagedZone(\"prod\", ManagedZoneArgs.builder()\n .name(\"prod-zone\")\n .dnsName(\"prod.mydomain.com.\")\n .build());\n\n var frontend = new RecordSet(\"frontend\", RecordSetArgs.builder()\n .name(prod.dnsName().applyValue(dnsName -\u003e String.format(\"lb.%s\", dnsName)))\n .type(\"A\")\n .ttl(300)\n .managedZone(prod.name())\n .rrdatas(myAddress.applyValue(getGlobalAddressResult -\u003e getGlobalAddressResult.address()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n frontend:\n type: gcp:dns:RecordSet\n properties:\n name: lb.${prod.dnsName}\n type: A\n ttl: 300\n managedZone: ${prod.name}\n rrdatas:\n - ${myAddress.address}\n prod:\n type: gcp:dns:ManagedZone\n properties:\n name: prod-zone\n dnsName: prod.mydomain.com.\nvariables:\n myAddress:\n fn::invoke:\n Function: gcp:compute:getGlobalAddress\n Arguments:\n name: foobar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get the IP address from a static address reserved for a Global Forwarding Rule which are only used for HTTP load balancing. For more information see\nthe official [API](https://cloud.google.com/compute/docs/reference/latest/globalAddresses) documentation.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myAddress = gcp.compute.getGlobalAddress({\n name: \"foobar\",\n});\nconst prod = new gcp.dns.ManagedZone(\"prod\", {\n name: \"prod-zone\",\n dnsName: \"prod.mydomain.com.\",\n});\nconst frontend = new gcp.dns.RecordSet(\"frontend\", {\n name: pulumi.interpolate`lb.${prod.dnsName}`,\n type: \"A\",\n ttl: 300,\n managedZone: prod.name,\n rrdatas: [myAddress.then(myAddress =\u003e myAddress.address)],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_address = gcp.compute.get_global_address(name=\"foobar\")\nprod = gcp.dns.ManagedZone(\"prod\",\n name=\"prod-zone\",\n dns_name=\"prod.mydomain.com.\")\nfrontend = gcp.dns.RecordSet(\"frontend\",\n name=prod.dns_name.apply(lambda dns_name: f\"lb.{dns_name}\"),\n type=\"A\",\n ttl=300,\n managed_zone=prod.name,\n rrdatas=[my_address.address])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myAddress = Gcp.Compute.GetGlobalAddress.Invoke(new()\n {\n Name = \"foobar\",\n });\n\n var prod = new Gcp.Dns.ManagedZone(\"prod\", new()\n {\n Name = \"prod-zone\",\n DnsName = \"prod.mydomain.com.\",\n });\n\n var frontend = new Gcp.Dns.RecordSet(\"frontend\", new()\n {\n Name = prod.DnsName.Apply(dnsName =\u003e $\"lb.{dnsName}\"),\n Type = \"A\",\n Ttl = 300,\n ManagedZone = prod.Name,\n Rrdatas = new[]\n {\n myAddress.Apply(getGlobalAddressResult =\u003e getGlobalAddressResult.Address),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyAddress, err := compute.LookupGlobalAddress(ctx, \u0026compute.LookupGlobalAddressArgs{\n\t\t\tName: \"foobar\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprod, err := dns.NewManagedZone(ctx, \"prod\", \u0026dns.ManagedZoneArgs{\n\t\t\tName: pulumi.String(\"prod-zone\"),\n\t\t\tDnsName: pulumi.String(\"prod.mydomain.com.\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewRecordSet(ctx, \"frontend\", \u0026dns.RecordSetArgs{\n\t\t\tName: prod.DnsName.ApplyT(func(dnsName string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"lb.%v\", dnsName), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tTtl: pulumi.Int(300),\n\t\t\tManagedZone: prod.Name,\n\t\t\tRrdatas: pulumi.StringArray{\n\t\t\t\tpulumi.String(myAddress.Address),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetGlobalAddressArgs;\nimport com.pulumi.gcp.dns.ManagedZone;\nimport com.pulumi.gcp.dns.ManagedZoneArgs;\nimport com.pulumi.gcp.dns.RecordSet;\nimport com.pulumi.gcp.dns.RecordSetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myAddress = ComputeFunctions.getGlobalAddress(GetGlobalAddressArgs.builder()\n .name(\"foobar\")\n .build());\n\n var prod = new ManagedZone(\"prod\", ManagedZoneArgs.builder()\n .name(\"prod-zone\")\n .dnsName(\"prod.mydomain.com.\")\n .build());\n\n var frontend = new RecordSet(\"frontend\", RecordSetArgs.builder()\n .name(prod.dnsName().applyValue(dnsName -\u003e String.format(\"lb.%s\", dnsName)))\n .type(\"A\")\n .ttl(300)\n .managedZone(prod.name())\n .rrdatas(myAddress.applyValue(getGlobalAddressResult -\u003e getGlobalAddressResult.address()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n frontend:\n type: gcp:dns:RecordSet\n properties:\n name: lb.${prod.dnsName}\n type: A\n ttl: 300\n managedZone: ${prod.name}\n rrdatas:\n - ${myAddress.address}\n prod:\n type: gcp:dns:ManagedZone\n properties:\n name: prod-zone\n dnsName: prod.mydomain.com.\nvariables:\n myAddress:\n fn::invoke:\n function: gcp:compute:getGlobalAddress\n arguments:\n name: foobar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getGlobalAddress.\n", "properties": { @@ -286074,7 +286074,7 @@ } }, "gcp:compute/getGlobalForwardingRule:getGlobalForwardingRule": { - "description": "Get a global forwarding rule within GCE from its name.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-forwarding-rule = gcp.compute.getGlobalForwardingRule({\n name: \"forwarding-rule-global\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_forwarding_rule = gcp.compute.get_global_forwarding_rule(name=\"forwarding-rule-global\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_forwarding_rule = Gcp.Compute.GetGlobalForwardingRule.Invoke(new()\n {\n Name = \"forwarding-rule-global\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupGlobalForwardingRule(ctx, \u0026compute.LookupGlobalForwardingRuleArgs{\n\t\t\tName: \"forwarding-rule-global\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetGlobalForwardingRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-forwarding-rule = ComputeFunctions.getGlobalForwardingRule(GetGlobalForwardingRuleArgs.builder()\n .name(\"forwarding-rule-global\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-forwarding-rule:\n fn::invoke:\n Function: gcp:compute:getGlobalForwardingRule\n Arguments:\n name: forwarding-rule-global\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get a global forwarding rule within GCE from its name.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-forwarding-rule = gcp.compute.getGlobalForwardingRule({\n name: \"forwarding-rule-global\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_forwarding_rule = gcp.compute.get_global_forwarding_rule(name=\"forwarding-rule-global\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_forwarding_rule = Gcp.Compute.GetGlobalForwardingRule.Invoke(new()\n {\n Name = \"forwarding-rule-global\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupGlobalForwardingRule(ctx, \u0026compute.LookupGlobalForwardingRuleArgs{\n\t\t\tName: \"forwarding-rule-global\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetGlobalForwardingRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-forwarding-rule = ComputeFunctions.getGlobalForwardingRule(GetGlobalForwardingRuleArgs.builder()\n .name(\"forwarding-rule-global\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-forwarding-rule:\n fn::invoke:\n function: gcp:compute:getGlobalForwardingRule\n arguments:\n name: forwarding-rule-global\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getGlobalForwardingRule.\n", "properties": { @@ -286222,7 +286222,7 @@ } }, "gcp:compute/getHcVpnGateway:getHcVpnGateway": { - "description": "Get a HA VPN Gateway within GCE from its name.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst gateway = gcp.compute.getHcVpnGateway({\n name: \"foobar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ngateway = gcp.compute.get_hc_vpn_gateway(name=\"foobar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var gateway = Gcp.Compute.GetHcVpnGateway.Invoke(new()\n {\n Name = \"foobar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.GetHcVpnGateway(ctx, \u0026compute.GetHcVpnGatewayArgs{\n\t\t\tName: \"foobar\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetHcVpnGatewayArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var gateway = ComputeFunctions.getHcVpnGateway(GetHcVpnGatewayArgs.builder()\n .name(\"foobar\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n gateway:\n fn::invoke:\n Function: gcp:compute:getHcVpnGateway\n Arguments:\n name: foobar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get a HA VPN Gateway within GCE from its name.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst gateway = gcp.compute.getHcVpnGateway({\n name: \"foobar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ngateway = gcp.compute.get_hc_vpn_gateway(name=\"foobar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var gateway = Gcp.Compute.GetHcVpnGateway.Invoke(new()\n {\n Name = \"foobar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.GetHcVpnGateway(ctx, \u0026compute.GetHcVpnGatewayArgs{\n\t\t\tName: \"foobar\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetHcVpnGatewayArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var gateway = ComputeFunctions.getHcVpnGateway(GetHcVpnGatewayArgs.builder()\n .name(\"foobar\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n gateway:\n fn::invoke:\n function: gcp:compute:getHcVpnGateway\n arguments:\n name: foobar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getHcVpnGateway.\n", "properties": { @@ -286296,7 +286296,7 @@ } }, "gcp:compute/getHealthCheck:getHealthCheck": { - "description": "Get information about a HealthCheck.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst healthCheck = gcp.compute.getHealthCheck({\n name: \"my-hc\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhealth_check = gcp.compute.get_health_check(name=\"my-hc\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var healthCheck = Gcp.Compute.GetHealthCheck.Invoke(new()\n {\n Name = \"my-hc\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupHealthCheck(ctx, \u0026compute.LookupHealthCheckArgs{\n\t\t\tName: \"my-hc\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetHealthCheckArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var healthCheck = ComputeFunctions.getHealthCheck(GetHealthCheckArgs.builder()\n .name(\"my-hc\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n healthCheck:\n fn::invoke:\n Function: gcp:compute:getHealthCheck\n Arguments:\n name: my-hc\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get information about a HealthCheck.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst healthCheck = gcp.compute.getHealthCheck({\n name: \"my-hc\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhealth_check = gcp.compute.get_health_check(name=\"my-hc\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var healthCheck = Gcp.Compute.GetHealthCheck.Invoke(new()\n {\n Name = \"my-hc\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupHealthCheck(ctx, \u0026compute.LookupHealthCheckArgs{\n\t\t\tName: \"my-hc\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetHealthCheckArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var healthCheck = ComputeFunctions.getHealthCheck(GetHealthCheckArgs.builder()\n .name(\"my-hc\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n healthCheck:\n fn::invoke:\n function: gcp:compute:getHealthCheck\n arguments:\n name: my-hc\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getHealthCheck.\n", "properties": { @@ -286424,7 +286424,7 @@ } }, "gcp:compute/getImage:getImage": { - "description": "Get information about a Google Compute Image. Check that your service account has the `compute.imageUser` role if you want to share [custom images](https://cloud.google.com/compute/docs/images/sharing-images-across-projects) from another project. If you want to use [public images][pubimg], do not forget to specify the dedicated project. For more information see\n[the official documentation](https://cloud.google.com/compute/docs/images) and its [API](https://cloud.google.com/compute/docs/reference/latest/images).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst _default = new gcp.compute.Instance(\"default\", {bootDisk: {\n initializeParams: {\n image: myImage.then(myImage =\u003e myImage.selfLink),\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\ndefault = gcp.compute.Instance(\"default\", boot_disk={\n \"initialize_params\": {\n \"image\": my_image.self_link,\n },\n})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var @default = new Gcp.Compute.Instance(\"default\", new()\n {\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = myImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstance(ctx, \"default\", \u0026compute.InstanceArgs{\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\n\t\t\t\t\tImage: pulumi.String(myImage.SelfLink),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var default_ = new Instance(\"default\", InstanceArgs.builder()\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(myImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:Instance\n properties:\n bootDisk:\n initializeParams:\n image: ${myImage.selfLink}\nvariables:\n myImage:\n fn::invoke:\n Function: gcp:compute:getImage\n Arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get information about a Google Compute Image. Check that your service account has the `compute.imageUser` role if you want to share [custom images](https://cloud.google.com/compute/docs/images/sharing-images-across-projects) from another project. If you want to use [public images][pubimg], do not forget to specify the dedicated project. For more information see\n[the official documentation](https://cloud.google.com/compute/docs/images) and its [API](https://cloud.google.com/compute/docs/reference/latest/images).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst _default = new gcp.compute.Instance(\"default\", {bootDisk: {\n initializeParams: {\n image: myImage.then(myImage =\u003e myImage.selfLink),\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\ndefault = gcp.compute.Instance(\"default\", boot_disk={\n \"initialize_params\": {\n \"image\": my_image.self_link,\n },\n})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var @default = new Gcp.Compute.Instance(\"default\", new()\n {\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = myImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstance(ctx, \"default\", \u0026compute.InstanceArgs{\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\n\t\t\t\t\tImage: pulumi.String(myImage.SelfLink),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var default_ = new Instance(\"default\", InstanceArgs.builder()\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(myImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:Instance\n properties:\n bootDisk:\n initializeParams:\n image: ${myImage.selfLink}\nvariables:\n myImage:\n fn::invoke:\n function: gcp:compute:getImage\n arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getImage.\n", "properties": { @@ -286570,7 +286570,7 @@ } }, "gcp:compute/getImageIamPolicy:getImageIamPolicy": { - "description": "Retrieves the current IAM policy data for image\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.compute.getImageIamPolicy({\n project: example.project,\n image: example.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.compute.get_image_iam_policy(project=example[\"project\"],\n image=example[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Compute.GetImageIamPolicy.Invoke(new()\n {\n Project = example.Project,\n Image = example.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupImageIamPolicy(ctx, \u0026compute.LookupImageIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(example.Project),\n\t\t\tImage: example.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = ComputeFunctions.getImageIamPolicy(GetImageIamPolicyArgs.builder()\n .project(example.project())\n .image(example.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:compute:getImageIamPolicy\n Arguments:\n project: ${example.project}\n image: ${example.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for image\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.compute.getImageIamPolicy({\n project: example.project,\n image: example.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.compute.get_image_iam_policy(project=example[\"project\"],\n image=example[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Compute.GetImageIamPolicy.Invoke(new()\n {\n Project = example.Project,\n Image = example.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupImageIamPolicy(ctx, \u0026compute.LookupImageIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(example.Project),\n\t\t\tImage: example.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = ComputeFunctions.getImageIamPolicy(GetImageIamPolicyArgs.builder()\n .project(example.project())\n .image(example.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:compute:getImageIamPolicy\n arguments:\n project: ${example.project}\n image: ${example.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getImageIamPolicy.\n", "properties": { @@ -286623,7 +286623,7 @@ } }, "gcp:compute/getInstance:getInstance": { - "description": "Get information about a VM instance resource within GCE. For more information see\n[the official documentation](https://cloud.google.com/compute/docs/instances)\nand\n[API](https://cloud.google.com/compute/docs/reference/latest/instances).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst appserver = gcp.compute.getInstance({\n name: \"primary-application-server\",\n zone: \"us-central1-a\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nappserver = gcp.compute.get_instance(name=\"primary-application-server\",\n zone=\"us-central1-a\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var appserver = Gcp.Compute.GetInstance.Invoke(new()\n {\n Name = \"primary-application-server\",\n Zone = \"us-central1-a\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupInstance(ctx, \u0026compute.LookupInstanceArgs{\n\t\t\tName: pulumi.StringRef(\"primary-application-server\"),\n\t\t\tZone: pulumi.StringRef(\"us-central1-a\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var appserver = ComputeFunctions.getInstance(GetInstanceArgs.builder()\n .name(\"primary-application-server\")\n .zone(\"us-central1-a\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n appserver:\n fn::invoke:\n Function: gcp:compute:getInstance\n Arguments:\n name: primary-application-server\n zone: us-central1-a\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get information about a VM instance resource within GCE. For more information see\n[the official documentation](https://cloud.google.com/compute/docs/instances)\nand\n[API](https://cloud.google.com/compute/docs/reference/latest/instances).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst appserver = gcp.compute.getInstance({\n name: \"primary-application-server\",\n zone: \"us-central1-a\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nappserver = gcp.compute.get_instance(name=\"primary-application-server\",\n zone=\"us-central1-a\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var appserver = Gcp.Compute.GetInstance.Invoke(new()\n {\n Name = \"primary-application-server\",\n Zone = \"us-central1-a\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupInstance(ctx, \u0026compute.LookupInstanceArgs{\n\t\t\tName: pulumi.StringRef(\"primary-application-server\"),\n\t\t\tZone: pulumi.StringRef(\"us-central1-a\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var appserver = ComputeFunctions.getInstance(GetInstanceArgs.builder()\n .name(\"primary-application-server\")\n .zone(\"us-central1-a\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n appserver:\n fn::invoke:\n function: gcp:compute:getInstance\n arguments:\n name: primary-application-server\n zone: us-central1-a\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getInstance.\n", "properties": { @@ -286915,7 +286915,7 @@ } }, "gcp:compute/getInstanceGroup:getInstanceGroup": { - "description": "Get a Compute Instance Group within GCE.\nFor more information, see [the official documentation](https://cloud.google.com/compute/docs/instance-groups/#unmanaged_instance_groups)\nand [API](https://cloud.google.com/compute/docs/reference/latest/instanceGroups)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst all = gcp.compute.getInstanceGroup({\n name: \"instance-group-name\",\n zone: \"us-central1-a\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nall = gcp.compute.get_instance_group(name=\"instance-group-name\",\n zone=\"us-central1-a\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var all = Gcp.Compute.GetInstanceGroup.Invoke(new()\n {\n Name = \"instance-group-name\",\n Zone = \"us-central1-a\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupInstanceGroup(ctx, \u0026compute.LookupInstanceGroupArgs{\n\t\t\tName: pulumi.StringRef(\"instance-group-name\"),\n\t\t\tZone: pulumi.StringRef(\"us-central1-a\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetInstanceGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var all = ComputeFunctions.getInstanceGroup(GetInstanceGroupArgs.builder()\n .name(\"instance-group-name\")\n .zone(\"us-central1-a\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n all:\n fn::invoke:\n Function: gcp:compute:getInstanceGroup\n Arguments:\n name: instance-group-name\n zone: us-central1-a\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get a Compute Instance Group within GCE.\nFor more information, see [the official documentation](https://cloud.google.com/compute/docs/instance-groups/#unmanaged_instance_groups)\nand [API](https://cloud.google.com/compute/docs/reference/latest/instanceGroups)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst all = gcp.compute.getInstanceGroup({\n name: \"instance-group-name\",\n zone: \"us-central1-a\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nall = gcp.compute.get_instance_group(name=\"instance-group-name\",\n zone=\"us-central1-a\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var all = Gcp.Compute.GetInstanceGroup.Invoke(new()\n {\n Name = \"instance-group-name\",\n Zone = \"us-central1-a\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupInstanceGroup(ctx, \u0026compute.LookupInstanceGroupArgs{\n\t\t\tName: pulumi.StringRef(\"instance-group-name\"),\n\t\t\tZone: pulumi.StringRef(\"us-central1-a\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetInstanceGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var all = ComputeFunctions.getInstanceGroup(GetInstanceGroupArgs.builder()\n .name(\"instance-group-name\")\n .zone(\"us-central1-a\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n all:\n fn::invoke:\n function: gcp:compute:getInstanceGroup\n arguments:\n name: instance-group-name\n zone: us-central1-a\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getInstanceGroup.\n", "properties": { @@ -287000,7 +287000,7 @@ } }, "gcp:compute/getInstanceGroupManager:getInstanceGroupManager": { - "description": "Get a Compute Instance Group Manager within GCE.\nFor more information, see [the official documentation](https://cloud.google.com/compute/docs/instance-groups#managed_instance_groups)\nand [API](https://cloud.google.com/compute/docs/reference/latest/instanceGroupManagers)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst igm1 = gcp.compute.getInstanceGroupManager({\n name: \"my-igm\",\n zone: \"us-central1-a\",\n});\nconst igm2 = gcp.compute.getInstanceGroupManager({\n selfLink: \"https://www.googleapis.com/compute/v1/projects/myproject/zones/us-central1-a/instanceGroupManagers/my-igm\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nigm1 = gcp.compute.get_instance_group_manager(name=\"my-igm\",\n zone=\"us-central1-a\")\nigm2 = gcp.compute.get_instance_group_manager(self_link=\"https://www.googleapis.com/compute/v1/projects/myproject/zones/us-central1-a/instanceGroupManagers/my-igm\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var igm1 = Gcp.Compute.GetInstanceGroupManager.Invoke(new()\n {\n Name = \"my-igm\",\n Zone = \"us-central1-a\",\n });\n\n var igm2 = Gcp.Compute.GetInstanceGroupManager.Invoke(new()\n {\n SelfLink = \"https://www.googleapis.com/compute/v1/projects/myproject/zones/us-central1-a/instanceGroupManagers/my-igm\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupInstanceGroupManager(ctx, \u0026compute.LookupInstanceGroupManagerArgs{\n\t\t\tName: pulumi.StringRef(\"my-igm\"),\n\t\t\tZone: pulumi.StringRef(\"us-central1-a\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.LookupInstanceGroupManager(ctx, \u0026compute.LookupInstanceGroupManagerArgs{\n\t\t\tSelfLink: pulumi.StringRef(\"https://www.googleapis.com/compute/v1/projects/myproject/zones/us-central1-a/instanceGroupManagers/my-igm\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetInstanceGroupManagerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var igm1 = ComputeFunctions.getInstanceGroupManager(GetInstanceGroupManagerArgs.builder()\n .name(\"my-igm\")\n .zone(\"us-central1-a\")\n .build());\n\n final var igm2 = ComputeFunctions.getInstanceGroupManager(GetInstanceGroupManagerArgs.builder()\n .selfLink(\"https://www.googleapis.com/compute/v1/projects/myproject/zones/us-central1-a/instanceGroupManagers/my-igm\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n igm1:\n fn::invoke:\n Function: gcp:compute:getInstanceGroupManager\n Arguments:\n name: my-igm\n zone: us-central1-a\n igm2:\n fn::invoke:\n Function: gcp:compute:getInstanceGroupManager\n Arguments:\n selfLink: https://www.googleapis.com/compute/v1/projects/myproject/zones/us-central1-a/instanceGroupManagers/my-igm\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get a Compute Instance Group Manager within GCE.\nFor more information, see [the official documentation](https://cloud.google.com/compute/docs/instance-groups#managed_instance_groups)\nand [API](https://cloud.google.com/compute/docs/reference/latest/instanceGroupManagers)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst igm1 = gcp.compute.getInstanceGroupManager({\n name: \"my-igm\",\n zone: \"us-central1-a\",\n});\nconst igm2 = gcp.compute.getInstanceGroupManager({\n selfLink: \"https://www.googleapis.com/compute/v1/projects/myproject/zones/us-central1-a/instanceGroupManagers/my-igm\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nigm1 = gcp.compute.get_instance_group_manager(name=\"my-igm\",\n zone=\"us-central1-a\")\nigm2 = gcp.compute.get_instance_group_manager(self_link=\"https://www.googleapis.com/compute/v1/projects/myproject/zones/us-central1-a/instanceGroupManagers/my-igm\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var igm1 = Gcp.Compute.GetInstanceGroupManager.Invoke(new()\n {\n Name = \"my-igm\",\n Zone = \"us-central1-a\",\n });\n\n var igm2 = Gcp.Compute.GetInstanceGroupManager.Invoke(new()\n {\n SelfLink = \"https://www.googleapis.com/compute/v1/projects/myproject/zones/us-central1-a/instanceGroupManagers/my-igm\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupInstanceGroupManager(ctx, \u0026compute.LookupInstanceGroupManagerArgs{\n\t\t\tName: pulumi.StringRef(\"my-igm\"),\n\t\t\tZone: pulumi.StringRef(\"us-central1-a\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.LookupInstanceGroupManager(ctx, \u0026compute.LookupInstanceGroupManagerArgs{\n\t\t\tSelfLink: pulumi.StringRef(\"https://www.googleapis.com/compute/v1/projects/myproject/zones/us-central1-a/instanceGroupManagers/my-igm\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetInstanceGroupManagerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var igm1 = ComputeFunctions.getInstanceGroupManager(GetInstanceGroupManagerArgs.builder()\n .name(\"my-igm\")\n .zone(\"us-central1-a\")\n .build());\n\n final var igm2 = ComputeFunctions.getInstanceGroupManager(GetInstanceGroupManagerArgs.builder()\n .selfLink(\"https://www.googleapis.com/compute/v1/projects/myproject/zones/us-central1-a/instanceGroupManagers/my-igm\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n igm1:\n fn::invoke:\n function: gcp:compute:getInstanceGroupManager\n arguments:\n name: my-igm\n zone: us-central1-a\n igm2:\n fn::invoke:\n function: gcp:compute:getInstanceGroupManager\n arguments:\n selfLink: https://www.googleapis.com/compute/v1/projects/myproject/zones/us-central1-a/instanceGroupManagers/my-igm\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getInstanceGroupManager.\n", "properties": { @@ -287189,7 +287189,7 @@ } }, "gcp:compute/getInstanceGuestAttributes:getInstanceGuestAttributes": { - "description": "Get information about a VM instance resource within GCE. For more information see\n[the official documentation](https://cloud.google.com/compute/docs/instances)\nand\n[API](https://cloud.google.com/compute/docs/reference/latest/instances).\n\nGet information about VM's guest attrubutes. For more information see [the official documentation](https://cloud.google.com/compute/docs/metadata/manage-guest-attributes)\nand\n[API](https://cloud.google.com/compute/docs/reference/rest/v1/instances/getGuestAttributes).\n\n## Example Usage\n\n### Get All Attributes From A Single Namespace\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst appserverGa = gcp.compute.getInstanceGuestAttributes({\n name: \"primary-application-server\",\n zone: \"us-central1-a\",\n queryPath: \"variables/\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nappserver_ga = gcp.compute.get_instance_guest_attributes(name=\"primary-application-server\",\n zone=\"us-central1-a\",\n query_path=\"variables/\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var appserverGa = Gcp.Compute.GetInstanceGuestAttributes.Invoke(new()\n {\n Name = \"primary-application-server\",\n Zone = \"us-central1-a\",\n QueryPath = \"variables/\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.GetInstanceGuestAttributes(ctx, \u0026compute.GetInstanceGuestAttributesArgs{\n\t\t\tName: \"primary-application-server\",\n\t\t\tZone: pulumi.StringRef(\"us-central1-a\"),\n\t\t\tQueryPath: pulumi.StringRef(\"variables/\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetInstanceGuestAttributesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var appserverGa = ComputeFunctions.getInstanceGuestAttributes(GetInstanceGuestAttributesArgs.builder()\n .name(\"primary-application-server\")\n .zone(\"us-central1-a\")\n .queryPath(\"variables/\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n appserverGa:\n fn::invoke:\n Function: gcp:compute:getInstanceGuestAttributes\n Arguments:\n name: primary-application-server\n zone: us-central1-a\n queryPath: variables/\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Get A Specific Variable\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst appserverGa = gcp.compute.getInstanceGuestAttributes({\n name: \"primary-application-server\",\n zone: \"us-central1-a\",\n variableKey: \"variables/key1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nappserver_ga = gcp.compute.get_instance_guest_attributes(name=\"primary-application-server\",\n zone=\"us-central1-a\",\n variable_key=\"variables/key1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var appserverGa = Gcp.Compute.GetInstanceGuestAttributes.Invoke(new()\n {\n Name = \"primary-application-server\",\n Zone = \"us-central1-a\",\n VariableKey = \"variables/key1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.GetInstanceGuestAttributes(ctx, \u0026compute.GetInstanceGuestAttributesArgs{\n\t\t\tName: \"primary-application-server\",\n\t\t\tZone: pulumi.StringRef(\"us-central1-a\"),\n\t\t\tVariableKey: pulumi.StringRef(\"variables/key1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetInstanceGuestAttributesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var appserverGa = ComputeFunctions.getInstanceGuestAttributes(GetInstanceGuestAttributesArgs.builder()\n .name(\"primary-application-server\")\n .zone(\"us-central1-a\")\n .variableKey(\"variables/key1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n appserverGa:\n fn::invoke:\n Function: gcp:compute:getInstanceGuestAttributes\n Arguments:\n name: primary-application-server\n zone: us-central1-a\n variableKey: variables/key1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get information about a VM instance resource within GCE. For more information see\n[the official documentation](https://cloud.google.com/compute/docs/instances)\nand\n[API](https://cloud.google.com/compute/docs/reference/latest/instances).\n\nGet information about VM's guest attrubutes. For more information see [the official documentation](https://cloud.google.com/compute/docs/metadata/manage-guest-attributes)\nand\n[API](https://cloud.google.com/compute/docs/reference/rest/v1/instances/getGuestAttributes).\n\n## Example Usage\n\n### Get All Attributes From A Single Namespace\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst appserverGa = gcp.compute.getInstanceGuestAttributes({\n name: \"primary-application-server\",\n zone: \"us-central1-a\",\n queryPath: \"variables/\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nappserver_ga = gcp.compute.get_instance_guest_attributes(name=\"primary-application-server\",\n zone=\"us-central1-a\",\n query_path=\"variables/\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var appserverGa = Gcp.Compute.GetInstanceGuestAttributes.Invoke(new()\n {\n Name = \"primary-application-server\",\n Zone = \"us-central1-a\",\n QueryPath = \"variables/\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.GetInstanceGuestAttributes(ctx, \u0026compute.GetInstanceGuestAttributesArgs{\n\t\t\tName: \"primary-application-server\",\n\t\t\tZone: pulumi.StringRef(\"us-central1-a\"),\n\t\t\tQueryPath: pulumi.StringRef(\"variables/\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetInstanceGuestAttributesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var appserverGa = ComputeFunctions.getInstanceGuestAttributes(GetInstanceGuestAttributesArgs.builder()\n .name(\"primary-application-server\")\n .zone(\"us-central1-a\")\n .queryPath(\"variables/\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n appserverGa:\n fn::invoke:\n function: gcp:compute:getInstanceGuestAttributes\n arguments:\n name: primary-application-server\n zone: us-central1-a\n queryPath: variables/\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Get A Specific Variable\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst appserverGa = gcp.compute.getInstanceGuestAttributes({\n name: \"primary-application-server\",\n zone: \"us-central1-a\",\n variableKey: \"variables/key1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nappserver_ga = gcp.compute.get_instance_guest_attributes(name=\"primary-application-server\",\n zone=\"us-central1-a\",\n variable_key=\"variables/key1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var appserverGa = Gcp.Compute.GetInstanceGuestAttributes.Invoke(new()\n {\n Name = \"primary-application-server\",\n Zone = \"us-central1-a\",\n VariableKey = \"variables/key1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.GetInstanceGuestAttributes(ctx, \u0026compute.GetInstanceGuestAttributesArgs{\n\t\t\tName: \"primary-application-server\",\n\t\t\tZone: pulumi.StringRef(\"us-central1-a\"),\n\t\t\tVariableKey: pulumi.StringRef(\"variables/key1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetInstanceGuestAttributesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var appserverGa = ComputeFunctions.getInstanceGuestAttributes(GetInstanceGuestAttributesArgs.builder()\n .name(\"primary-application-server\")\n .zone(\"us-central1-a\")\n .variableKey(\"variables/key1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n appserverGa:\n fn::invoke:\n function: gcp:compute:getInstanceGuestAttributes\n arguments:\n name: primary-application-server\n zone: us-central1-a\n variableKey: variables/key1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getInstanceGuestAttributes.\n", "properties": { @@ -287272,7 +287272,7 @@ } }, "gcp:compute/getInstanceIamPolicy:getInstanceIamPolicy": { - "description": "Retrieves the current IAM policy data for instance\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.compute.getInstanceIamPolicy({\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.compute.get_instance_iam_policy(project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Compute.GetInstanceIamPolicy.Invoke(new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.GetInstanceIamPolicy(ctx, \u0026compute.GetInstanceIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(_default.Project),\n\t\t\tZone: pulumi.StringRef(_default.Zone),\n\t\t\tInstanceName: _default.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetInstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = ComputeFunctions.getInstanceIamPolicy(GetInstanceIamPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:compute:getInstanceIamPolicy\n Arguments:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for instance\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.compute.getInstanceIamPolicy({\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.compute.get_instance_iam_policy(project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Compute.GetInstanceIamPolicy.Invoke(new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.GetInstanceIamPolicy(ctx, \u0026compute.GetInstanceIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(_default.Project),\n\t\t\tZone: pulumi.StringRef(_default.Zone),\n\t\t\tInstanceName: _default.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetInstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = ComputeFunctions.getInstanceIamPolicy(GetInstanceIamPolicyArgs.builder()\n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:compute:getInstanceIamPolicy\n arguments:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getInstanceIamPolicy.\n", "properties": { @@ -287334,7 +287334,7 @@ } }, "gcp:compute/getInstanceSerialPort:getInstanceSerialPort": { - "description": "Get the serial port output from a Compute Instance. For more information see\nthe official [API](https://cloud.google.com/compute/docs/instances/viewing-serial-port-output) documentation.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst serial = gcp.compute.getInstanceSerialPort({\n instance: \"my-instance\",\n zone: \"us-central1-a\",\n port: 1,\n});\nexport const serialOut = serial.then(serial =\u003e serial.contents);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nserial = gcp.compute.get_instance_serial_port(instance=\"my-instance\",\n zone=\"us-central1-a\",\n port=1)\npulumi.export(\"serialOut\", serial.contents)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var serial = Gcp.Compute.GetInstanceSerialPort.Invoke(new()\n {\n Instance = \"my-instance\",\n Zone = \"us-central1-a\",\n Port = 1,\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"serialOut\"] = serial.Apply(getInstanceSerialPortResult =\u003e getInstanceSerialPortResult.Contents),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tserial, err := compute.GetInstanceSerialPort(ctx, \u0026compute.GetInstanceSerialPortArgs{\n\t\t\tInstance: \"my-instance\",\n\t\t\tZone: pulumi.StringRef(\"us-central1-a\"),\n\t\t\tPort: 1,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"serialOut\", serial.Contents)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetInstanceSerialPortArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var serial = ComputeFunctions.getInstanceSerialPort(GetInstanceSerialPortArgs.builder()\n .instance(\"my-instance\")\n .zone(\"us-central1-a\")\n .port(1)\n .build());\n\n ctx.export(\"serialOut\", serial.applyValue(getInstanceSerialPortResult -\u003e getInstanceSerialPortResult.contents()));\n }\n}\n```\n```yaml\nvariables:\n serial:\n fn::invoke:\n Function: gcp:compute:getInstanceSerialPort\n Arguments:\n instance: my-instance\n zone: us-central1-a\n port: 1\noutputs:\n serialOut: ${serial.contents}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nUsing the serial port output to generate a windows password, derived from the [official guide](https://cloud.google.com/compute/docs/instances/windows/automate-pw-generation):\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst windows = new gcp.compute.Instance(\"windows\", {\n networkInterfaces: [{\n accessConfigs: [{}],\n network: \"default\",\n }],\n name: \"windows-instance\",\n machineType: \"e2-medium\",\n zone: \"us-central1-a\",\n bootDisk: {\n initializeParams: {\n image: \"windows-cloud/windows-2019\",\n },\n },\n metadata: {\n \"serial-port-logging-enable\": \"TRUE\",\n \"windows-keys\": JSON.stringify({\n email: \"example.user@example.com\",\n expireOn: \"2020-04-14T01:37:19Z\",\n exponent: \"AQAB\",\n modulus: \"wgsquN4IBNPqIUnu+h/5Za1kujb2YRhX1vCQVQAkBwnWigcCqOBVfRa5JoZfx6KIvEXjWqa77jPvlsxM4WPqnDIM2qiK36up3SKkYwFjff6F2ni/ry8vrwXCX3sGZ1hbIHlK0O012HpA3ISeEswVZmX2X67naOvJXfY5v0hGPWqCADao+xVxrmxsZD4IWnKl1UaZzI5lhAzr8fw6utHwx1EZ/MSgsEki6tujcZfN+GUDRnmJGQSnPTXmsf7Q4DKreTZk49cuyB3prV91S0x3DYjCUpSXrkVy1Ha5XicGD/q+ystuFsJnrrhbNXJbpSjM6sjo/aduAkZJl4FmOt0R7Q==\",\n userName: \"example-user\",\n }),\n },\n serviceAccount: {\n scopes: [\n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\",\n ],\n },\n});\nconst serial = pulumi.all([windows.name, windows.zone]).apply(([name, zone]) =\u003e gcp.compute.getInstanceSerialPortOutput({\n instance: name,\n zone: zone,\n port: 4,\n}));\nexport const serialOut = serial.apply(serial =\u003e serial.contents);\n```\n```python\nimport pulumi\nimport json\nimport pulumi_gcp as gcp\n\nwindows = gcp.compute.Instance(\"windows\",\n network_interfaces=[{\n \"access_configs\": [{}],\n \"network\": \"default\",\n }],\n name=\"windows-instance\",\n machine_type=\"e2-medium\",\n zone=\"us-central1-a\",\n boot_disk={\n \"initialize_params\": {\n \"image\": \"windows-cloud/windows-2019\",\n },\n },\n metadata={\n \"serial-port-logging-enable\": \"TRUE\",\n \"windows-keys\": json.dumps({\n \"email\": \"example.user@example.com\",\n \"expireOn\": \"2020-04-14T01:37:19Z\",\n \"exponent\": \"AQAB\",\n \"modulus\": \"wgsquN4IBNPqIUnu+h/5Za1kujb2YRhX1vCQVQAkBwnWigcCqOBVfRa5JoZfx6KIvEXjWqa77jPvlsxM4WPqnDIM2qiK36up3SKkYwFjff6F2ni/ry8vrwXCX3sGZ1hbIHlK0O012HpA3ISeEswVZmX2X67naOvJXfY5v0hGPWqCADao+xVxrmxsZD4IWnKl1UaZzI5lhAzr8fw6utHwx1EZ/MSgsEki6tujcZfN+GUDRnmJGQSnPTXmsf7Q4DKreTZk49cuyB3prV91S0x3DYjCUpSXrkVy1Ha5XicGD/q+ystuFsJnrrhbNXJbpSjM6sjo/aduAkZJl4FmOt0R7Q==\",\n \"userName\": \"example-user\",\n }),\n },\n service_account={\n \"scopes\": [\n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\",\n ],\n })\nserial = pulumi.Output.all(\n name=windows.name,\n zone=windows.zone\n).apply(lambda resolved_outputs: gcp.compute.get_instance_serial_port_output(instance=resolved_outputs['name'],\n zone=resolved_outputs['zone'],\n port=4))\n\npulumi.export(\"serialOut\", serial.contents)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var windows = new Gcp.Compute.Instance(\"windows\", new()\n {\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs\n {\n AccessConfigs = new[]\n {\n null,\n },\n Network = \"default\",\n },\n },\n Name = \"windows-instance\",\n MachineType = \"e2-medium\",\n Zone = \"us-central1-a\",\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = \"windows-cloud/windows-2019\",\n },\n },\n Metadata = \n {\n { \"serial-port-logging-enable\", \"TRUE\" },\n { \"windows-keys\", JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"email\"] = \"example.user@example.com\",\n [\"expireOn\"] = \"2020-04-14T01:37:19Z\",\n [\"exponent\"] = \"AQAB\",\n [\"modulus\"] = \"wgsquN4IBNPqIUnu+h/5Za1kujb2YRhX1vCQVQAkBwnWigcCqOBVfRa5JoZfx6KIvEXjWqa77jPvlsxM4WPqnDIM2qiK36up3SKkYwFjff6F2ni/ry8vrwXCX3sGZ1hbIHlK0O012HpA3ISeEswVZmX2X67naOvJXfY5v0hGPWqCADao+xVxrmxsZD4IWnKl1UaZzI5lhAzr8fw6utHwx1EZ/MSgsEki6tujcZfN+GUDRnmJGQSnPTXmsf7Q4DKreTZk49cuyB3prV91S0x3DYjCUpSXrkVy1Ha5XicGD/q+ystuFsJnrrhbNXJbpSjM6sjo/aduAkZJl4FmOt0R7Q==\",\n [\"userName\"] = \"example-user\",\n }) },\n },\n ServiceAccount = new Gcp.Compute.Inputs.InstanceServiceAccountArgs\n {\n Scopes = new[]\n {\n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\",\n },\n },\n });\n\n var serial = Gcp.Compute.GetInstanceSerialPort.Invoke(new()\n {\n Instance = windows.Name,\n Zone = windows.Zone,\n Port = 4,\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"serialOut\"] = serial.Apply(getInstanceSerialPortResult =\u003e getInstanceSerialPortResult.Contents),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"email\": \"example.user@example.com\",\n\t\t\t\"expireOn\": \"2020-04-14T01:37:19Z\",\n\t\t\t\"exponent\": \"AQAB\",\n\t\t\t\"modulus\": \"wgsquN4IBNPqIUnu+h/5Za1kujb2YRhX1vCQVQAkBwnWigcCqOBVfRa5JoZfx6KIvEXjWqa77jPvlsxM4WPqnDIM2qiK36up3SKkYwFjff6F2ni/ry8vrwXCX3sGZ1hbIHlK0O012HpA3ISeEswVZmX2X67naOvJXfY5v0hGPWqCADao+xVxrmxsZD4IWnKl1UaZzI5lhAzr8fw6utHwx1EZ/MSgsEki6tujcZfN+GUDRnmJGQSnPTXmsf7Q4DKreTZk49cuyB3prV91S0x3DYjCUpSXrkVy1Ha5XicGD/q+ystuFsJnrrhbNXJbpSjM6sjo/aduAkZJl4FmOt0R7Q==\",\n\t\t\t\"userName\": \"example-user\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\twindows, err := compute.NewInstance(ctx, \"windows\", \u0026compute.InstanceArgs{\n\t\t\tNetworkInterfaces: compute.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tAccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{\n\t\t\t\t\t\t\u0026compute.InstanceNetworkInterfaceAccessConfigArgs{},\n\t\t\t\t\t},\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tName: pulumi.String(\"windows-instance\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\n\t\t\t\t\tImage: pulumi.String(\"windows-cloud/windows-2019\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tMetadata: pulumi.StringMap{\n\t\t\t\t\"serial-port-logging-enable\": pulumi.String(\"TRUE\"),\n\t\t\t\t\"windows-keys\": pulumi.String(json0),\n\t\t\t},\n\t\t\tServiceAccount: \u0026compute.InstanceServiceAccountArgs{\n\t\t\t\tScopes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"userinfo-email\"),\n\t\t\t\t\tpulumi.String(\"compute-ro\"),\n\t\t\t\t\tpulumi.String(\"storage-ro\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tserial := pulumi.All(windows.Name, windows.Zone).ApplyT(func(_args []interface{}) (compute.GetInstanceSerialPortResult, error) {\n\t\t\tname := _args[0].(string)\n\t\t\tzone := _args[1].(string)\n\t\t\treturn compute.GetInstanceSerialPortResult(interface{}(compute.GetInstanceSerialPortOutput(ctx, compute.GetInstanceSerialPortOutputArgs{\n\t\t\t\tInstance: name,\n\t\t\t\tZone: zone,\n\t\t\t\tPort: 4,\n\t\t\t}, nil))), nil\n\t\t}).(compute.GetInstanceSerialPortResultOutput)\n\t\tctx.Export(\"serialOut\", serial.ApplyT(func(serial compute.GetInstanceSerialPortResult) (*string, error) {\n\t\t\treturn \u0026serial.Contents, nil\n\t\t}).(pulumi.StringPtrOutput))\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceServiceAccountArgs;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetInstanceSerialPortArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var windows = new Instance(\"windows\", InstanceArgs.builder()\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .accessConfigs()\n .network(\"default\")\n .build())\n .name(\"windows-instance\")\n .machineType(\"e2-medium\")\n .zone(\"us-central1-a\")\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(\"windows-cloud/windows-2019\")\n .build())\n .build())\n .metadata(Map.ofEntries(\n Map.entry(\"serial-port-logging-enable\", \"TRUE\"),\n Map.entry(\"windows-keys\", serializeJson(\n jsonObject(\n jsonProperty(\"email\", \"example.user@example.com\"),\n jsonProperty(\"expireOn\", \"2020-04-14T01:37:19Z\"),\n jsonProperty(\"exponent\", \"AQAB\"),\n jsonProperty(\"modulus\", \"wgsquN4IBNPqIUnu+h/5Za1kujb2YRhX1vCQVQAkBwnWigcCqOBVfRa5JoZfx6KIvEXjWqa77jPvlsxM4WPqnDIM2qiK36up3SKkYwFjff6F2ni/ry8vrwXCX3sGZ1hbIHlK0O012HpA3ISeEswVZmX2X67naOvJXfY5v0hGPWqCADao+xVxrmxsZD4IWnKl1UaZzI5lhAzr8fw6utHwx1EZ/MSgsEki6tujcZfN+GUDRnmJGQSnPTXmsf7Q4DKreTZk49cuyB3prV91S0x3DYjCUpSXrkVy1Ha5XicGD/q+ystuFsJnrrhbNXJbpSjM6sjo/aduAkZJl4FmOt0R7Q==\"),\n jsonProperty(\"userName\", \"example-user\")\n )))\n ))\n .serviceAccount(InstanceServiceAccountArgs.builder()\n .scopes( \n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\")\n .build())\n .build());\n\n final var serial = ComputeFunctions.getInstanceSerialPort(GetInstanceSerialPortArgs.builder()\n .instance(windows.name())\n .zone(windows.zone())\n .port(4)\n .build());\n\n ctx.export(\"serialOut\", serial.applyValue(getInstanceSerialPortResult -\u003e getInstanceSerialPortResult).applyValue(serial -\u003e serial.applyValue(getInstanceSerialPortResult -\u003e getInstanceSerialPortResult.contents())));\n }\n}\n```\n```yaml\nresources:\n windows:\n type: gcp:compute:Instance\n properties:\n networkInterfaces:\n - accessConfigs:\n - {}\n network: default\n name: windows-instance\n machineType: e2-medium\n zone: us-central1-a\n bootDisk:\n initializeParams:\n image: windows-cloud/windows-2019\n metadata:\n serial-port-logging-enable: TRUE\n windows-keys:\n fn::toJSON:\n email: example.user@example.com\n expireOn: 2020-04-14T01:37:19Z\n exponent: AQAB\n modulus: wgsquN4IBNPqIUnu+h/5Za1kujb2YRhX1vCQVQAkBwnWigcCqOBVfRa5JoZfx6KIvEXjWqa77jPvlsxM4WPqnDIM2qiK36up3SKkYwFjff6F2ni/ry8vrwXCX3sGZ1hbIHlK0O012HpA3ISeEswVZmX2X67naOvJXfY5v0hGPWqCADao+xVxrmxsZD4IWnKl1UaZzI5lhAzr8fw6utHwx1EZ/MSgsEki6tujcZfN+GUDRnmJGQSnPTXmsf7Q4DKreTZk49cuyB3prV91S0x3DYjCUpSXrkVy1Ha5XicGD/q+ystuFsJnrrhbNXJbpSjM6sjo/aduAkZJl4FmOt0R7Q==\n userName: example-user\n serviceAccount:\n scopes:\n - userinfo-email\n - compute-ro\n - storage-ro\nvariables:\n serial:\n fn::invoke:\n Function: gcp:compute:getInstanceSerialPort\n Arguments:\n instance: ${windows.name}\n zone: ${windows.zone}\n port: 4\noutputs:\n serialOut: ${serial.contents}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get the serial port output from a Compute Instance. For more information see\nthe official [API](https://cloud.google.com/compute/docs/instances/viewing-serial-port-output) documentation.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst serial = gcp.compute.getInstanceSerialPort({\n instance: \"my-instance\",\n zone: \"us-central1-a\",\n port: 1,\n});\nexport const serialOut = serial.then(serial =\u003e serial.contents);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nserial = gcp.compute.get_instance_serial_port(instance=\"my-instance\",\n zone=\"us-central1-a\",\n port=1)\npulumi.export(\"serialOut\", serial.contents)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var serial = Gcp.Compute.GetInstanceSerialPort.Invoke(new()\n {\n Instance = \"my-instance\",\n Zone = \"us-central1-a\",\n Port = 1,\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"serialOut\"] = serial.Apply(getInstanceSerialPortResult =\u003e getInstanceSerialPortResult.Contents),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tserial, err := compute.GetInstanceSerialPort(ctx, \u0026compute.GetInstanceSerialPortArgs{\n\t\t\tInstance: \"my-instance\",\n\t\t\tZone: pulumi.StringRef(\"us-central1-a\"),\n\t\t\tPort: 1,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"serialOut\", serial.Contents)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetInstanceSerialPortArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var serial = ComputeFunctions.getInstanceSerialPort(GetInstanceSerialPortArgs.builder()\n .instance(\"my-instance\")\n .zone(\"us-central1-a\")\n .port(1)\n .build());\n\n ctx.export(\"serialOut\", serial.applyValue(getInstanceSerialPortResult -\u003e getInstanceSerialPortResult.contents()));\n }\n}\n```\n```yaml\nvariables:\n serial:\n fn::invoke:\n function: gcp:compute:getInstanceSerialPort\n arguments:\n instance: my-instance\n zone: us-central1-a\n port: 1\noutputs:\n serialOut: ${serial.contents}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nUsing the serial port output to generate a windows password, derived from the [official guide](https://cloud.google.com/compute/docs/instances/windows/automate-pw-generation):\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst windows = new gcp.compute.Instance(\"windows\", {\n networkInterfaces: [{\n accessConfigs: [{}],\n network: \"default\",\n }],\n name: \"windows-instance\",\n machineType: \"e2-medium\",\n zone: \"us-central1-a\",\n bootDisk: {\n initializeParams: {\n image: \"windows-cloud/windows-2019\",\n },\n },\n metadata: {\n \"serial-port-logging-enable\": \"TRUE\",\n \"windows-keys\": JSON.stringify({\n email: \"example.user@example.com\",\n expireOn: \"2020-04-14T01:37:19Z\",\n exponent: \"AQAB\",\n modulus: \"wgsquN4IBNPqIUnu+h/5Za1kujb2YRhX1vCQVQAkBwnWigcCqOBVfRa5JoZfx6KIvEXjWqa77jPvlsxM4WPqnDIM2qiK36up3SKkYwFjff6F2ni/ry8vrwXCX3sGZ1hbIHlK0O012HpA3ISeEswVZmX2X67naOvJXfY5v0hGPWqCADao+xVxrmxsZD4IWnKl1UaZzI5lhAzr8fw6utHwx1EZ/MSgsEki6tujcZfN+GUDRnmJGQSnPTXmsf7Q4DKreTZk49cuyB3prV91S0x3DYjCUpSXrkVy1Ha5XicGD/q+ystuFsJnrrhbNXJbpSjM6sjo/aduAkZJl4FmOt0R7Q==\",\n userName: \"example-user\",\n }),\n },\n serviceAccount: {\n scopes: [\n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\",\n ],\n },\n});\nconst serial = pulumi.all([windows.name, windows.zone]).apply(([name, zone]) =\u003e gcp.compute.getInstanceSerialPortOutput({\n instance: name,\n zone: zone,\n port: 4,\n}));\nexport const serialOut = serial.apply(serial =\u003e serial.contents);\n```\n```python\nimport pulumi\nimport json\nimport pulumi_gcp as gcp\n\nwindows = gcp.compute.Instance(\"windows\",\n network_interfaces=[{\n \"access_configs\": [{}],\n \"network\": \"default\",\n }],\n name=\"windows-instance\",\n machine_type=\"e2-medium\",\n zone=\"us-central1-a\",\n boot_disk={\n \"initialize_params\": {\n \"image\": \"windows-cloud/windows-2019\",\n },\n },\n metadata={\n \"serial-port-logging-enable\": \"TRUE\",\n \"windows-keys\": json.dumps({\n \"email\": \"example.user@example.com\",\n \"expireOn\": \"2020-04-14T01:37:19Z\",\n \"exponent\": \"AQAB\",\n \"modulus\": \"wgsquN4IBNPqIUnu+h/5Za1kujb2YRhX1vCQVQAkBwnWigcCqOBVfRa5JoZfx6KIvEXjWqa77jPvlsxM4WPqnDIM2qiK36up3SKkYwFjff6F2ni/ry8vrwXCX3sGZ1hbIHlK0O012HpA3ISeEswVZmX2X67naOvJXfY5v0hGPWqCADao+xVxrmxsZD4IWnKl1UaZzI5lhAzr8fw6utHwx1EZ/MSgsEki6tujcZfN+GUDRnmJGQSnPTXmsf7Q4DKreTZk49cuyB3prV91S0x3DYjCUpSXrkVy1Ha5XicGD/q+ystuFsJnrrhbNXJbpSjM6sjo/aduAkZJl4FmOt0R7Q==\",\n \"userName\": \"example-user\",\n }),\n },\n service_account={\n \"scopes\": [\n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\",\n ],\n })\nserial = pulumi.Output.all(\n name=windows.name,\n zone=windows.zone\n).apply(lambda resolved_outputs: gcp.compute.get_instance_serial_port_output(instance=resolved_outputs['name'],\n zone=resolved_outputs['zone'],\n port=4))\n\npulumi.export(\"serialOut\", serial.contents)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var windows = new Gcp.Compute.Instance(\"windows\", new()\n {\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs\n {\n AccessConfigs = new[]\n {\n null,\n },\n Network = \"default\",\n },\n },\n Name = \"windows-instance\",\n MachineType = \"e2-medium\",\n Zone = \"us-central1-a\",\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = \"windows-cloud/windows-2019\",\n },\n },\n Metadata = \n {\n { \"serial-port-logging-enable\", \"TRUE\" },\n { \"windows-keys\", JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"email\"] = \"example.user@example.com\",\n [\"expireOn\"] = \"2020-04-14T01:37:19Z\",\n [\"exponent\"] = \"AQAB\",\n [\"modulus\"] = \"wgsquN4IBNPqIUnu+h/5Za1kujb2YRhX1vCQVQAkBwnWigcCqOBVfRa5JoZfx6KIvEXjWqa77jPvlsxM4WPqnDIM2qiK36up3SKkYwFjff6F2ni/ry8vrwXCX3sGZ1hbIHlK0O012HpA3ISeEswVZmX2X67naOvJXfY5v0hGPWqCADao+xVxrmxsZD4IWnKl1UaZzI5lhAzr8fw6utHwx1EZ/MSgsEki6tujcZfN+GUDRnmJGQSnPTXmsf7Q4DKreTZk49cuyB3prV91S0x3DYjCUpSXrkVy1Ha5XicGD/q+ystuFsJnrrhbNXJbpSjM6sjo/aduAkZJl4FmOt0R7Q==\",\n [\"userName\"] = \"example-user\",\n }) },\n },\n ServiceAccount = new Gcp.Compute.Inputs.InstanceServiceAccountArgs\n {\n Scopes = new[]\n {\n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\",\n },\n },\n });\n\n var serial = Gcp.Compute.GetInstanceSerialPort.Invoke(new()\n {\n Instance = windows.Name,\n Zone = windows.Zone,\n Port = 4,\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"serialOut\"] = serial.Apply(getInstanceSerialPortResult =\u003e getInstanceSerialPortResult.Contents),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"email\": \"example.user@example.com\",\n\t\t\t\"expireOn\": \"2020-04-14T01:37:19Z\",\n\t\t\t\"exponent\": \"AQAB\",\n\t\t\t\"modulus\": \"wgsquN4IBNPqIUnu+h/5Za1kujb2YRhX1vCQVQAkBwnWigcCqOBVfRa5JoZfx6KIvEXjWqa77jPvlsxM4WPqnDIM2qiK36up3SKkYwFjff6F2ni/ry8vrwXCX3sGZ1hbIHlK0O012HpA3ISeEswVZmX2X67naOvJXfY5v0hGPWqCADao+xVxrmxsZD4IWnKl1UaZzI5lhAzr8fw6utHwx1EZ/MSgsEki6tujcZfN+GUDRnmJGQSnPTXmsf7Q4DKreTZk49cuyB3prV91S0x3DYjCUpSXrkVy1Ha5XicGD/q+ystuFsJnrrhbNXJbpSjM6sjo/aduAkZJl4FmOt0R7Q==\",\n\t\t\t\"userName\": \"example-user\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\twindows, err := compute.NewInstance(ctx, \"windows\", \u0026compute.InstanceArgs{\n\t\t\tNetworkInterfaces: compute.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tAccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{\n\t\t\t\t\t\t\u0026compute.InstanceNetworkInterfaceAccessConfigArgs{},\n\t\t\t\t\t},\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tName: pulumi.String(\"windows-instance\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\n\t\t\t\t\tImage: pulumi.String(\"windows-cloud/windows-2019\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tMetadata: pulumi.StringMap{\n\t\t\t\t\"serial-port-logging-enable\": pulumi.String(\"TRUE\"),\n\t\t\t\t\"windows-keys\": pulumi.String(json0),\n\t\t\t},\n\t\t\tServiceAccount: \u0026compute.InstanceServiceAccountArgs{\n\t\t\t\tScopes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"userinfo-email\"),\n\t\t\t\t\tpulumi.String(\"compute-ro\"),\n\t\t\t\t\tpulumi.String(\"storage-ro\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tserial := pulumi.All(windows.Name, windows.Zone).ApplyT(func(_args []interface{}) (compute.GetInstanceSerialPortResult, error) {\n\t\t\tname := _args[0].(string)\n\t\t\tzone := _args[1].(string)\n\t\t\treturn compute.GetInstanceSerialPortResult(interface{}(compute.GetInstanceSerialPortOutput(ctx, compute.GetInstanceSerialPortOutputArgs{\n\t\t\t\tInstance: name,\n\t\t\t\tZone: zone,\n\t\t\t\tPort: 4,\n\t\t\t}, nil))), nil\n\t\t}).(compute.GetInstanceSerialPortResultOutput)\n\t\tctx.Export(\"serialOut\", serial.ApplyT(func(serial compute.GetInstanceSerialPortResult) (*string, error) {\n\t\t\treturn \u0026serial.Contents, nil\n\t\t}).(pulumi.StringPtrOutput))\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceServiceAccountArgs;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetInstanceSerialPortArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var windows = new Instance(\"windows\", InstanceArgs.builder()\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .accessConfigs()\n .network(\"default\")\n .build())\n .name(\"windows-instance\")\n .machineType(\"e2-medium\")\n .zone(\"us-central1-a\")\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(\"windows-cloud/windows-2019\")\n .build())\n .build())\n .metadata(Map.ofEntries(\n Map.entry(\"serial-port-logging-enable\", \"TRUE\"),\n Map.entry(\"windows-keys\", serializeJson(\n jsonObject(\n jsonProperty(\"email\", \"example.user@example.com\"),\n jsonProperty(\"expireOn\", \"2020-04-14T01:37:19Z\"),\n jsonProperty(\"exponent\", \"AQAB\"),\n jsonProperty(\"modulus\", \"wgsquN4IBNPqIUnu+h/5Za1kujb2YRhX1vCQVQAkBwnWigcCqOBVfRa5JoZfx6KIvEXjWqa77jPvlsxM4WPqnDIM2qiK36up3SKkYwFjff6F2ni/ry8vrwXCX3sGZ1hbIHlK0O012HpA3ISeEswVZmX2X67naOvJXfY5v0hGPWqCADao+xVxrmxsZD4IWnKl1UaZzI5lhAzr8fw6utHwx1EZ/MSgsEki6tujcZfN+GUDRnmJGQSnPTXmsf7Q4DKreTZk49cuyB3prV91S0x3DYjCUpSXrkVy1Ha5XicGD/q+ystuFsJnrrhbNXJbpSjM6sjo/aduAkZJl4FmOt0R7Q==\"),\n jsonProperty(\"userName\", \"example-user\")\n )))\n ))\n .serviceAccount(InstanceServiceAccountArgs.builder()\n .scopes( \n \"userinfo-email\",\n \"compute-ro\",\n \"storage-ro\")\n .build())\n .build());\n\n final var serial = ComputeFunctions.getInstanceSerialPort(GetInstanceSerialPortArgs.builder()\n .instance(windows.name())\n .zone(windows.zone())\n .port(4)\n .build());\n\n ctx.export(\"serialOut\", serial.applyValue(getInstanceSerialPortResult -\u003e getInstanceSerialPortResult).applyValue(serial -\u003e serial.applyValue(getInstanceSerialPortResult -\u003e getInstanceSerialPortResult.contents())));\n }\n}\n```\n```yaml\nresources:\n windows:\n type: gcp:compute:Instance\n properties:\n networkInterfaces:\n - accessConfigs:\n - {}\n network: default\n name: windows-instance\n machineType: e2-medium\n zone: us-central1-a\n bootDisk:\n initializeParams:\n image: windows-cloud/windows-2019\n metadata:\n serial-port-logging-enable: TRUE\n windows-keys:\n fn::toJSON:\n email: example.user@example.com\n expireOn: 2020-04-14T01:37:19Z\n exponent: AQAB\n modulus: wgsquN4IBNPqIUnu+h/5Za1kujb2YRhX1vCQVQAkBwnWigcCqOBVfRa5JoZfx6KIvEXjWqa77jPvlsxM4WPqnDIM2qiK36up3SKkYwFjff6F2ni/ry8vrwXCX3sGZ1hbIHlK0O012HpA3ISeEswVZmX2X67naOvJXfY5v0hGPWqCADao+xVxrmxsZD4IWnKl1UaZzI5lhAzr8fw6utHwx1EZ/MSgsEki6tujcZfN+GUDRnmJGQSnPTXmsf7Q4DKreTZk49cuyB3prV91S0x3DYjCUpSXrkVy1Ha5XicGD/q+ystuFsJnrrhbNXJbpSjM6sjo/aduAkZJl4FmOt0R7Q==\n userName: example-user\n serviceAccount:\n scopes:\n - userinfo-email\n - compute-ro\n - storage-ro\nvariables:\n serial:\n fn::invoke:\n function: gcp:compute:getInstanceSerialPort\n arguments:\n instance: ${windows.name}\n zone: ${windows.zone}\n port: 4\noutputs:\n serialOut: ${serial.contents}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getInstanceSerialPort.\n", "properties": { @@ -287667,7 +287667,7 @@ } }, "gcp:compute/getLBIPRanges:getLBIPRanges": { - "description": "Use this data source to access IP ranges in your firewall rules.\n\nhttps://cloud.google.com/compute/docs/load-balancing/health-checks#health_check_source_ips_and_firewall_rules\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst ranges = gcp.compute.getLBIPRanges({});\nconst lb = new gcp.compute.Firewall(\"lb\", {\n name: \"lb-firewall\",\n network: main.name,\n allows: [{\n protocol: \"tcp\",\n ports: [\"80\"],\n }],\n sourceRanges: ranges.then(ranges =\u003e ranges.networks),\n targetTags: [\"InstanceBehindLoadBalancer\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nranges = gcp.compute.get_lbip_ranges()\nlb = gcp.compute.Firewall(\"lb\",\n name=\"lb-firewall\",\n network=main[\"name\"],\n allows=[{\n \"protocol\": \"tcp\",\n \"ports\": [\"80\"],\n }],\n source_ranges=ranges.networks,\n target_tags=[\"InstanceBehindLoadBalancer\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ranges = Gcp.Compute.GetLBIPRanges.Invoke();\n\n var lb = new Gcp.Compute.Firewall(\"lb\", new()\n {\n Name = \"lb-firewall\",\n Network = main.Name,\n Allows = new[]\n {\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"tcp\",\n Ports = new[]\n {\n \"80\",\n },\n },\n },\n SourceRanges = ranges.Apply(getLBIPRangesResult =\u003e getLBIPRangesResult.Networks),\n TargetTags = new[]\n {\n \"InstanceBehindLoadBalancer\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tranges, err := compute.GetLBIPRanges(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewFirewall(ctx, \"lb\", \u0026compute.FirewallArgs{\n\t\t\tName: pulumi.String(\"lb-firewall\"),\n\t\t\tNetwork: pulumi.Any(main.Name),\n\t\t\tAllows: compute.FirewallAllowArray{\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\tPorts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"80\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tSourceRanges: interface{}(ranges.Networks),\n\t\t\tTargetTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"InstanceBehindLoadBalancer\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.Firewall;\nimport com.pulumi.gcp.compute.FirewallArgs;\nimport com.pulumi.gcp.compute.inputs.FirewallAllowArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var ranges = ComputeFunctions.getLBIPRanges();\n\n var lb = new Firewall(\"lb\", FirewallArgs.builder()\n .name(\"lb-firewall\")\n .network(main.name())\n .allows(FirewallAllowArgs.builder()\n .protocol(\"tcp\")\n .ports(\"80\")\n .build())\n .sourceRanges(ranges.applyValue(getLBIPRangesResult -\u003e getLBIPRangesResult.networks()))\n .targetTags(\"InstanceBehindLoadBalancer\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n lb:\n type: gcp:compute:Firewall\n properties:\n name: lb-firewall\n network: ${main.name}\n allows:\n - protocol: tcp\n ports:\n - '80'\n sourceRanges: ${ranges.networks}\n targetTags:\n - InstanceBehindLoadBalancer\nvariables:\n ranges:\n fn::invoke:\n Function: gcp:compute:getLBIPRanges\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to access IP ranges in your firewall rules.\n\nhttps://cloud.google.com/compute/docs/load-balancing/health-checks#health_check_source_ips_and_firewall_rules\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst ranges = gcp.compute.getLBIPRanges({});\nconst lb = new gcp.compute.Firewall(\"lb\", {\n name: \"lb-firewall\",\n network: main.name,\n allows: [{\n protocol: \"tcp\",\n ports: [\"80\"],\n }],\n sourceRanges: ranges.then(ranges =\u003e ranges.networks),\n targetTags: [\"InstanceBehindLoadBalancer\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nranges = gcp.compute.get_lbip_ranges()\nlb = gcp.compute.Firewall(\"lb\",\n name=\"lb-firewall\",\n network=main[\"name\"],\n allows=[{\n \"protocol\": \"tcp\",\n \"ports\": [\"80\"],\n }],\n source_ranges=ranges.networks,\n target_tags=[\"InstanceBehindLoadBalancer\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ranges = Gcp.Compute.GetLBIPRanges.Invoke();\n\n var lb = new Gcp.Compute.Firewall(\"lb\", new()\n {\n Name = \"lb-firewall\",\n Network = main.Name,\n Allows = new[]\n {\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"tcp\",\n Ports = new[]\n {\n \"80\",\n },\n },\n },\n SourceRanges = ranges.Apply(getLBIPRangesResult =\u003e getLBIPRangesResult.Networks),\n TargetTags = new[]\n {\n \"InstanceBehindLoadBalancer\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tranges, err := compute.GetLBIPRanges(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewFirewall(ctx, \"lb\", \u0026compute.FirewallArgs{\n\t\t\tName: pulumi.String(\"lb-firewall\"),\n\t\t\tNetwork: pulumi.Any(main.Name),\n\t\t\tAllows: compute.FirewallAllowArray{\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\tPorts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"80\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tSourceRanges: interface{}(ranges.Networks),\n\t\t\tTargetTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"InstanceBehindLoadBalancer\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.Firewall;\nimport com.pulumi.gcp.compute.FirewallArgs;\nimport com.pulumi.gcp.compute.inputs.FirewallAllowArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var ranges = ComputeFunctions.getLBIPRanges();\n\n var lb = new Firewall(\"lb\", FirewallArgs.builder()\n .name(\"lb-firewall\")\n .network(main.name())\n .allows(FirewallAllowArgs.builder()\n .protocol(\"tcp\")\n .ports(\"80\")\n .build())\n .sourceRanges(ranges.applyValue(getLBIPRangesResult -\u003e getLBIPRangesResult.networks()))\n .targetTags(\"InstanceBehindLoadBalancer\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n lb:\n type: gcp:compute:Firewall\n properties:\n name: lb-firewall\n network: ${main.name}\n allows:\n - protocol: tcp\n ports:\n - '80'\n sourceRanges: ${ranges.networks}\n targetTags:\n - InstanceBehindLoadBalancer\nvariables:\n ranges:\n fn::invoke:\n function: gcp:compute:getLBIPRanges\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "outputs": { "description": "A collection of values returned by getLBIPRanges.\n", "properties": { @@ -287804,7 +287804,7 @@ } }, "gcp:compute/getNetblockIPRanges:getNetblockIPRanges": { - "description": "Use this data source to get the IP addresses from different special IP ranges on Google Cloud Platform.\n\n## Example Usage\n\n### Cloud Ranges\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst netblock = gcp.compute.getNetblockIPRanges({});\nexport const cidrBlocks = netblock.then(netblock =\u003e netblock.cidrBlocks);\nexport const cidrBlocksIpv4 = netblock.then(netblock =\u003e netblock.cidrBlocksIpv4s);\nexport const cidrBlocksIpv6 = netblock.then(netblock =\u003e netblock.cidrBlocksIpv6s);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetblock = gcp.compute.get_netblock_ip_ranges()\npulumi.export(\"cidrBlocks\", netblock.cidr_blocks)\npulumi.export(\"cidrBlocksIpv4\", netblock.cidr_blocks_ipv4s)\npulumi.export(\"cidrBlocksIpv6\", netblock.cidr_blocks_ipv6s)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var netblock = Gcp.Compute.GetNetblockIPRanges.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"cidrBlocks\"] = netblock.Apply(getNetblockIPRangesResult =\u003e getNetblockIPRangesResult.CidrBlocks),\n [\"cidrBlocksIpv4\"] = netblock.Apply(getNetblockIPRangesResult =\u003e getNetblockIPRangesResult.CidrBlocksIpv4s),\n [\"cidrBlocksIpv6\"] = netblock.Apply(getNetblockIPRangesResult =\u003e getNetblockIPRangesResult.CidrBlocksIpv6s),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetblock, err := compute.GetNetblockIPRanges(ctx, \u0026compute.GetNetblockIPRangesArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"cidrBlocks\", netblock.CidrBlocks)\n\t\tctx.Export(\"cidrBlocksIpv4\", netblock.CidrBlocksIpv4s)\n\t\tctx.Export(\"cidrBlocksIpv6\", netblock.CidrBlocksIpv6s)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetblockIPRangesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var netblock = ComputeFunctions.getNetblockIPRanges();\n\n ctx.export(\"cidrBlocks\", netblock.applyValue(getNetblockIPRangesResult -\u003e getNetblockIPRangesResult.cidrBlocks()));\n ctx.export(\"cidrBlocksIpv4\", netblock.applyValue(getNetblockIPRangesResult -\u003e getNetblockIPRangesResult.cidrBlocksIpv4s()));\n ctx.export(\"cidrBlocksIpv6\", netblock.applyValue(getNetblockIPRangesResult -\u003e getNetblockIPRangesResult.cidrBlocksIpv6s()));\n }\n}\n```\n```yaml\nvariables:\n netblock:\n fn::invoke:\n Function: gcp:compute:getNetblockIPRanges\n Arguments: {}\noutputs:\n cidrBlocks: ${netblock.cidrBlocks}\n cidrBlocksIpv4: ${netblock.cidrBlocksIpv4s}\n cidrBlocksIpv6: ${netblock.cidrBlocksIpv6s}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Allow Health Checks\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst legacy-hcs = gcp.compute.getNetblockIPRanges({\n rangeType: \"legacy-health-checkers\",\n});\nconst _default = new gcp.compute.Network(\"default\", {name: \"test-network\"});\nconst allow_hcs = new gcp.compute.Firewall(\"allow-hcs\", {\n name: \"allow-hcs\",\n network: _default.name,\n allows: [{\n protocol: \"tcp\",\n ports: [\"80\"],\n }],\n sourceRanges: legacy_hcs.then(legacy_hcs =\u003e legacy_hcs.cidrBlocksIpv4s),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nlegacy_hcs = gcp.compute.get_netblock_ip_ranges(range_type=\"legacy-health-checkers\")\ndefault = gcp.compute.Network(\"default\", name=\"test-network\")\nallow_hcs = gcp.compute.Firewall(\"allow-hcs\",\n name=\"allow-hcs\",\n network=default.name,\n allows=[{\n \"protocol\": \"tcp\",\n \"ports\": [\"80\"],\n }],\n source_ranges=legacy_hcs.cidr_blocks_ipv4s)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var legacy_hcs = Gcp.Compute.GetNetblockIPRanges.Invoke(new()\n {\n RangeType = \"legacy-health-checkers\",\n });\n\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"test-network\",\n });\n\n var allow_hcs = new Gcp.Compute.Firewall(\"allow-hcs\", new()\n {\n Name = \"allow-hcs\",\n Network = @default.Name,\n Allows = new[]\n {\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"tcp\",\n Ports = new[]\n {\n \"80\",\n },\n },\n },\n SourceRanges = legacy_hcs.Apply(legacy_hcs =\u003e legacy_hcs.Apply(getNetblockIPRangesResult =\u003e getNetblockIPRangesResult.CidrBlocksIpv4s)),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tlegacy_hcs, err := compute.GetNetblockIPRanges(ctx, \u0026compute.GetNetblockIPRangesArgs{\n\t\t\tRangeType: pulumi.StringRef(\"legacy-health-checkers\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"test-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewFirewall(ctx, \"allow-hcs\", \u0026compute.FirewallArgs{\n\t\t\tName: pulumi.String(\"allow-hcs\"),\n\t\t\tNetwork: _default.Name,\n\t\t\tAllows: compute.FirewallAllowArray{\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\tPorts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"80\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tSourceRanges: interface{}(legacy_hcs.CidrBlocksIpv4s),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetblockIPRangesArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Firewall;\nimport com.pulumi.gcp.compute.FirewallArgs;\nimport com.pulumi.gcp.compute.inputs.FirewallAllowArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var legacy-hcs = ComputeFunctions.getNetblockIPRanges(GetNetblockIPRangesArgs.builder()\n .rangeType(\"legacy-health-checkers\")\n .build());\n\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"test-network\")\n .build());\n\n var allow_hcs = new Firewall(\"allow-hcs\", FirewallArgs.builder()\n .name(\"allow-hcs\")\n .network(default_.name())\n .allows(FirewallAllowArgs.builder()\n .protocol(\"tcp\")\n .ports(\"80\")\n .build())\n .sourceRanges(legacy_hcs.cidrBlocksIpv4s())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n allow-hcs:\n type: gcp:compute:Firewall\n properties:\n name: allow-hcs\n network: ${default.name}\n allows:\n - protocol: tcp\n ports:\n - '80'\n sourceRanges: ${[\"legacy-hcs\"].cidrBlocksIpv4s}\n default:\n type: gcp:compute:Network\n properties:\n name: test-network\nvariables:\n legacy-hcs:\n fn::invoke:\n Function: gcp:compute:getNetblockIPRanges\n Arguments:\n rangeType: legacy-health-checkers\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get the IP addresses from different special IP ranges on Google Cloud Platform.\n\n## Example Usage\n\n### Cloud Ranges\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst netblock = gcp.compute.getNetblockIPRanges({});\nexport const cidrBlocks = netblock.then(netblock =\u003e netblock.cidrBlocks);\nexport const cidrBlocksIpv4 = netblock.then(netblock =\u003e netblock.cidrBlocksIpv4s);\nexport const cidrBlocksIpv6 = netblock.then(netblock =\u003e netblock.cidrBlocksIpv6s);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetblock = gcp.compute.get_netblock_ip_ranges()\npulumi.export(\"cidrBlocks\", netblock.cidr_blocks)\npulumi.export(\"cidrBlocksIpv4\", netblock.cidr_blocks_ipv4s)\npulumi.export(\"cidrBlocksIpv6\", netblock.cidr_blocks_ipv6s)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var netblock = Gcp.Compute.GetNetblockIPRanges.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"cidrBlocks\"] = netblock.Apply(getNetblockIPRangesResult =\u003e getNetblockIPRangesResult.CidrBlocks),\n [\"cidrBlocksIpv4\"] = netblock.Apply(getNetblockIPRangesResult =\u003e getNetblockIPRangesResult.CidrBlocksIpv4s),\n [\"cidrBlocksIpv6\"] = netblock.Apply(getNetblockIPRangesResult =\u003e getNetblockIPRangesResult.CidrBlocksIpv6s),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetblock, err := compute.GetNetblockIPRanges(ctx, \u0026compute.GetNetblockIPRangesArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"cidrBlocks\", netblock.CidrBlocks)\n\t\tctx.Export(\"cidrBlocksIpv4\", netblock.CidrBlocksIpv4s)\n\t\tctx.Export(\"cidrBlocksIpv6\", netblock.CidrBlocksIpv6s)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetblockIPRangesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var netblock = ComputeFunctions.getNetblockIPRanges();\n\n ctx.export(\"cidrBlocks\", netblock.applyValue(getNetblockIPRangesResult -\u003e getNetblockIPRangesResult.cidrBlocks()));\n ctx.export(\"cidrBlocksIpv4\", netblock.applyValue(getNetblockIPRangesResult -\u003e getNetblockIPRangesResult.cidrBlocksIpv4s()));\n ctx.export(\"cidrBlocksIpv6\", netblock.applyValue(getNetblockIPRangesResult -\u003e getNetblockIPRangesResult.cidrBlocksIpv6s()));\n }\n}\n```\n```yaml\nvariables:\n netblock:\n fn::invoke:\n function: gcp:compute:getNetblockIPRanges\n arguments: {}\noutputs:\n cidrBlocks: ${netblock.cidrBlocks}\n cidrBlocksIpv4: ${netblock.cidrBlocksIpv4s}\n cidrBlocksIpv6: ${netblock.cidrBlocksIpv6s}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Allow Health Checks\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst legacy-hcs = gcp.compute.getNetblockIPRanges({\n rangeType: \"legacy-health-checkers\",\n});\nconst _default = new gcp.compute.Network(\"default\", {name: \"test-network\"});\nconst allow_hcs = new gcp.compute.Firewall(\"allow-hcs\", {\n name: \"allow-hcs\",\n network: _default.name,\n allows: [{\n protocol: \"tcp\",\n ports: [\"80\"],\n }],\n sourceRanges: legacy_hcs.then(legacy_hcs =\u003e legacy_hcs.cidrBlocksIpv4s),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nlegacy_hcs = gcp.compute.get_netblock_ip_ranges(range_type=\"legacy-health-checkers\")\ndefault = gcp.compute.Network(\"default\", name=\"test-network\")\nallow_hcs = gcp.compute.Firewall(\"allow-hcs\",\n name=\"allow-hcs\",\n network=default.name,\n allows=[{\n \"protocol\": \"tcp\",\n \"ports\": [\"80\"],\n }],\n source_ranges=legacy_hcs.cidr_blocks_ipv4s)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var legacy_hcs = Gcp.Compute.GetNetblockIPRanges.Invoke(new()\n {\n RangeType = \"legacy-health-checkers\",\n });\n\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"test-network\",\n });\n\n var allow_hcs = new Gcp.Compute.Firewall(\"allow-hcs\", new()\n {\n Name = \"allow-hcs\",\n Network = @default.Name,\n Allows = new[]\n {\n new Gcp.Compute.Inputs.FirewallAllowArgs\n {\n Protocol = \"tcp\",\n Ports = new[]\n {\n \"80\",\n },\n },\n },\n SourceRanges = legacy_hcs.Apply(legacy_hcs =\u003e legacy_hcs.Apply(getNetblockIPRangesResult =\u003e getNetblockIPRangesResult.CidrBlocksIpv4s)),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tlegacy_hcs, err := compute.GetNetblockIPRanges(ctx, \u0026compute.GetNetblockIPRangesArgs{\n\t\t\tRangeType: pulumi.StringRef(\"legacy-health-checkers\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"test-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewFirewall(ctx, \"allow-hcs\", \u0026compute.FirewallArgs{\n\t\t\tName: pulumi.String(\"allow-hcs\"),\n\t\t\tNetwork: _default.Name,\n\t\t\tAllows: compute.FirewallAllowArray{\n\t\t\t\t\u0026compute.FirewallAllowArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\tPorts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"80\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tSourceRanges: interface{}(legacy_hcs.CidrBlocksIpv4s),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetblockIPRangesArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Firewall;\nimport com.pulumi.gcp.compute.FirewallArgs;\nimport com.pulumi.gcp.compute.inputs.FirewallAllowArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var legacy-hcs = ComputeFunctions.getNetblockIPRanges(GetNetblockIPRangesArgs.builder()\n .rangeType(\"legacy-health-checkers\")\n .build());\n\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"test-network\")\n .build());\n\n var allow_hcs = new Firewall(\"allow-hcs\", FirewallArgs.builder()\n .name(\"allow-hcs\")\n .network(default_.name())\n .allows(FirewallAllowArgs.builder()\n .protocol(\"tcp\")\n .ports(\"80\")\n .build())\n .sourceRanges(legacy_hcs.cidrBlocksIpv4s())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n allow-hcs:\n type: gcp:compute:Firewall\n properties:\n name: allow-hcs\n network: ${default.name}\n allows:\n - protocol: tcp\n ports:\n - '80'\n sourceRanges: ${[\"legacy-hcs\"].cidrBlocksIpv4s}\n default:\n type: gcp:compute:Network\n properties:\n name: test-network\nvariables:\n legacy-hcs:\n fn::invoke:\n function: gcp:compute:getNetblockIPRanges\n arguments:\n rangeType: legacy-health-checkers\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getNetblockIPRanges.\n", "properties": { @@ -287857,7 +287857,7 @@ } }, "gcp:compute/getNetwork:getNetwork": { - "description": "Get a network within GCE from its name.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-network = gcp.compute.getNetwork({\n name: \"default-us-east1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_network = gcp.compute.get_network(name=\"default-us-east1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_network = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"default-us-east1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"default-us-east1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-network = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"default-us-east1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-network:\n fn::invoke:\n Function: gcp:compute:getNetwork\n Arguments:\n name: default-us-east1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get a network within GCE from its name.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-network = gcp.compute.getNetwork({\n name: \"default-us-east1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_network = gcp.compute.get_network(name=\"default-us-east1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_network = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"default-us-east1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"default-us-east1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-network = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"default-us-east1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-network:\n fn::invoke:\n function: gcp:compute:getNetwork\n arguments:\n name: default-us-east1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getNetwork.\n", "properties": { @@ -287925,7 +287925,7 @@ } }, "gcp:compute/getNetworkEndpointGroup:getNetworkEndpointGroup": { - "description": "Use this data source to access a Network Endpoint Group's attributes.\n\nThe NEG may be found by providing either a `self_link`, or a `name` and a `zone`.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst neg1 = gcp.compute.getNetworkEndpointGroup({\n name: \"k8s1-abcdef01-myns-mysvc-8080-4b6bac43\",\n zone: \"us-central1-a\",\n});\nconst neg2 = gcp.compute.getNetworkEndpointGroup({\n selfLink: \"https://www.googleapis.com/compute/v1/projects/myproject/zones/us-central1-a/networkEndpointGroups/k8s1-abcdef01-myns-mysvc-8080-4b6bac43\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nneg1 = gcp.compute.get_network_endpoint_group(name=\"k8s1-abcdef01-myns-mysvc-8080-4b6bac43\",\n zone=\"us-central1-a\")\nneg2 = gcp.compute.get_network_endpoint_group(self_link=\"https://www.googleapis.com/compute/v1/projects/myproject/zones/us-central1-a/networkEndpointGroups/k8s1-abcdef01-myns-mysvc-8080-4b6bac43\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var neg1 = Gcp.Compute.GetNetworkEndpointGroup.Invoke(new()\n {\n Name = \"k8s1-abcdef01-myns-mysvc-8080-4b6bac43\",\n Zone = \"us-central1-a\",\n });\n\n var neg2 = Gcp.Compute.GetNetworkEndpointGroup.Invoke(new()\n {\n SelfLink = \"https://www.googleapis.com/compute/v1/projects/myproject/zones/us-central1-a/networkEndpointGroups/k8s1-abcdef01-myns-mysvc-8080-4b6bac43\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupNetworkEndpointGroup(ctx, \u0026compute.LookupNetworkEndpointGroupArgs{\n\t\t\tName: pulumi.StringRef(\"k8s1-abcdef01-myns-mysvc-8080-4b6bac43\"),\n\t\t\tZone: pulumi.StringRef(\"us-central1-a\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.LookupNetworkEndpointGroup(ctx, \u0026compute.LookupNetworkEndpointGroupArgs{\n\t\t\tSelfLink: pulumi.StringRef(\"https://www.googleapis.com/compute/v1/projects/myproject/zones/us-central1-a/networkEndpointGroups/k8s1-abcdef01-myns-mysvc-8080-4b6bac43\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkEndpointGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var neg1 = ComputeFunctions.getNetworkEndpointGroup(GetNetworkEndpointGroupArgs.builder()\n .name(\"k8s1-abcdef01-myns-mysvc-8080-4b6bac43\")\n .zone(\"us-central1-a\")\n .build());\n\n final var neg2 = ComputeFunctions.getNetworkEndpointGroup(GetNetworkEndpointGroupArgs.builder()\n .selfLink(\"https://www.googleapis.com/compute/v1/projects/myproject/zones/us-central1-a/networkEndpointGroups/k8s1-abcdef01-myns-mysvc-8080-4b6bac43\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n neg1:\n fn::invoke:\n Function: gcp:compute:getNetworkEndpointGroup\n Arguments:\n name: k8s1-abcdef01-myns-mysvc-8080-4b6bac43\n zone: us-central1-a\n neg2:\n fn::invoke:\n Function: gcp:compute:getNetworkEndpointGroup\n Arguments:\n selfLink: https://www.googleapis.com/compute/v1/projects/myproject/zones/us-central1-a/networkEndpointGroups/k8s1-abcdef01-myns-mysvc-8080-4b6bac43\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to access a Network Endpoint Group's attributes.\n\nThe NEG may be found by providing either a `self_link`, or a `name` and a `zone`.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst neg1 = gcp.compute.getNetworkEndpointGroup({\n name: \"k8s1-abcdef01-myns-mysvc-8080-4b6bac43\",\n zone: \"us-central1-a\",\n});\nconst neg2 = gcp.compute.getNetworkEndpointGroup({\n selfLink: \"https://www.googleapis.com/compute/v1/projects/myproject/zones/us-central1-a/networkEndpointGroups/k8s1-abcdef01-myns-mysvc-8080-4b6bac43\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nneg1 = gcp.compute.get_network_endpoint_group(name=\"k8s1-abcdef01-myns-mysvc-8080-4b6bac43\",\n zone=\"us-central1-a\")\nneg2 = gcp.compute.get_network_endpoint_group(self_link=\"https://www.googleapis.com/compute/v1/projects/myproject/zones/us-central1-a/networkEndpointGroups/k8s1-abcdef01-myns-mysvc-8080-4b6bac43\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var neg1 = Gcp.Compute.GetNetworkEndpointGroup.Invoke(new()\n {\n Name = \"k8s1-abcdef01-myns-mysvc-8080-4b6bac43\",\n Zone = \"us-central1-a\",\n });\n\n var neg2 = Gcp.Compute.GetNetworkEndpointGroup.Invoke(new()\n {\n SelfLink = \"https://www.googleapis.com/compute/v1/projects/myproject/zones/us-central1-a/networkEndpointGroups/k8s1-abcdef01-myns-mysvc-8080-4b6bac43\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupNetworkEndpointGroup(ctx, \u0026compute.LookupNetworkEndpointGroupArgs{\n\t\t\tName: pulumi.StringRef(\"k8s1-abcdef01-myns-mysvc-8080-4b6bac43\"),\n\t\t\tZone: pulumi.StringRef(\"us-central1-a\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.LookupNetworkEndpointGroup(ctx, \u0026compute.LookupNetworkEndpointGroupArgs{\n\t\t\tSelfLink: pulumi.StringRef(\"https://www.googleapis.com/compute/v1/projects/myproject/zones/us-central1-a/networkEndpointGroups/k8s1-abcdef01-myns-mysvc-8080-4b6bac43\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkEndpointGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var neg1 = ComputeFunctions.getNetworkEndpointGroup(GetNetworkEndpointGroupArgs.builder()\n .name(\"k8s1-abcdef01-myns-mysvc-8080-4b6bac43\")\n .zone(\"us-central1-a\")\n .build());\n\n final var neg2 = ComputeFunctions.getNetworkEndpointGroup(GetNetworkEndpointGroupArgs.builder()\n .selfLink(\"https://www.googleapis.com/compute/v1/projects/myproject/zones/us-central1-a/networkEndpointGroups/k8s1-abcdef01-myns-mysvc-8080-4b6bac43\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n neg1:\n fn::invoke:\n function: gcp:compute:getNetworkEndpointGroup\n arguments:\n name: k8s1-abcdef01-myns-mysvc-8080-4b6bac43\n zone: us-central1-a\n neg2:\n fn::invoke:\n function: gcp:compute:getNetworkEndpointGroup\n arguments:\n selfLink: https://www.googleapis.com/compute/v1/projects/myproject/zones/us-central1-a/networkEndpointGroups/k8s1-abcdef01-myns-mysvc-8080-4b6bac43\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getNetworkEndpointGroup.\n", "properties": { @@ -288005,7 +288005,7 @@ } }, "gcp:compute/getNetworkPeering:getNetworkPeering": { - "description": "Get information of a specified compute network peering. For more information see\n[the official documentation](https://cloud.google.com/compute/docs/vpc/vpc-peering)\nand\n[API](https://cloud.google.com/compute/docs/reference/latest/networks).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.Network(\"default\", {\n name: \"foobar\",\n autoCreateSubnetworks: false,\n});\nconst other = new gcp.compute.Network(\"other\", {\n name: \"other\",\n autoCreateSubnetworks: false,\n});\nconst peering1 = new gcp.compute.NetworkPeering(\"peering1\", {\n name: \"peering1\",\n network: _default.selfLink,\n peerNetwork: other.selfLink,\n});\nconst peering2 = new gcp.compute.NetworkPeering(\"peering2\", {\n name: \"peering2\",\n network: other.selfLink,\n peerNetwork: _default.selfLink,\n});\nconst peering1Ds = gcp.compute.getNetworkPeeringOutput({\n name: peering1.name,\n network: peering1.network,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.Network(\"default\",\n name=\"foobar\",\n auto_create_subnetworks=False)\nother = gcp.compute.Network(\"other\",\n name=\"other\",\n auto_create_subnetworks=False)\npeering1 = gcp.compute.NetworkPeering(\"peering1\",\n name=\"peering1\",\n network=default.self_link,\n peer_network=other.self_link)\npeering2 = gcp.compute.NetworkPeering(\"peering2\",\n name=\"peering2\",\n network=other.self_link,\n peer_network=default.self_link)\npeering1_ds = gcp.compute.get_network_peering_output(name=peering1.name,\n network=peering1.network)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"foobar\",\n AutoCreateSubnetworks = false,\n });\n\n var other = new Gcp.Compute.Network(\"other\", new()\n {\n Name = \"other\",\n AutoCreateSubnetworks = false,\n });\n\n var peering1 = new Gcp.Compute.NetworkPeering(\"peering1\", new()\n {\n Name = \"peering1\",\n Network = @default.SelfLink,\n PeerNetwork = other.SelfLink,\n });\n\n var peering2 = new Gcp.Compute.NetworkPeering(\"peering2\", new()\n {\n Name = \"peering2\",\n Network = other.SelfLink,\n PeerNetwork = @default.SelfLink,\n });\n\n var peering1Ds = Gcp.Compute.GetNetworkPeering.Invoke(new()\n {\n Name = peering1.Name,\n Network = peering1.Network,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"foobar\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tother, err := compute.NewNetwork(ctx, \"other\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"other\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeering1, err := compute.NewNetworkPeering(ctx, \"peering1\", \u0026compute.NetworkPeeringArgs{\n\t\t\tName: pulumi.String(\"peering1\"),\n\t\t\tNetwork: _default.SelfLink,\n\t\t\tPeerNetwork: other.SelfLink,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNetworkPeering(ctx, \"peering2\", \u0026compute.NetworkPeeringArgs{\n\t\t\tName: pulumi.String(\"peering2\"),\n\t\t\tNetwork: other.SelfLink,\n\t\t\tPeerNetwork: _default.SelfLink,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_ = compute.LookupNetworkPeeringOutput(ctx, compute.GetNetworkPeeringOutputArgs{\n\t\t\tName: peering1.Name,\n\t\t\tNetwork: peering1.Network,\n\t\t}, nil)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.NetworkPeering;\nimport com.pulumi.gcp.compute.NetworkPeeringArgs;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkPeeringArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"foobar\")\n .autoCreateSubnetworks(\"false\")\n .build());\n\n var other = new Network(\"other\", NetworkArgs.builder()\n .name(\"other\")\n .autoCreateSubnetworks(\"false\")\n .build());\n\n var peering1 = new NetworkPeering(\"peering1\", NetworkPeeringArgs.builder()\n .name(\"peering1\")\n .network(default_.selfLink())\n .peerNetwork(other.selfLink())\n .build());\n\n var peering2 = new NetworkPeering(\"peering2\", NetworkPeeringArgs.builder()\n .name(\"peering2\")\n .network(other.selfLink())\n .peerNetwork(default_.selfLink())\n .build());\n\n final var peering1Ds = ComputeFunctions.getNetworkPeering(GetNetworkPeeringArgs.builder()\n .name(peering1.name())\n .network(peering1.network())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n peering1:\n type: gcp:compute:NetworkPeering\n properties:\n name: peering1\n network: ${default.selfLink}\n peerNetwork: ${other.selfLink}\n peering2:\n type: gcp:compute:NetworkPeering\n properties:\n name: peering2\n network: ${other.selfLink}\n peerNetwork: ${default.selfLink}\n default:\n type: gcp:compute:Network\n properties:\n name: foobar\n autoCreateSubnetworks: 'false'\n other:\n type: gcp:compute:Network\n properties:\n name: other\n autoCreateSubnetworks: 'false'\nvariables:\n peering1Ds:\n fn::invoke:\n Function: gcp:compute:getNetworkPeering\n Arguments:\n name: ${peering1.name}\n network: ${peering1.network}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get information of a specified compute network peering. For more information see\n[the official documentation](https://cloud.google.com/compute/docs/vpc/vpc-peering)\nand\n[API](https://cloud.google.com/compute/docs/reference/latest/networks).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.Network(\"default\", {\n name: \"foobar\",\n autoCreateSubnetworks: false,\n});\nconst other = new gcp.compute.Network(\"other\", {\n name: \"other\",\n autoCreateSubnetworks: false,\n});\nconst peering1 = new gcp.compute.NetworkPeering(\"peering1\", {\n name: \"peering1\",\n network: _default.selfLink,\n peerNetwork: other.selfLink,\n});\nconst peering2 = new gcp.compute.NetworkPeering(\"peering2\", {\n name: \"peering2\",\n network: other.selfLink,\n peerNetwork: _default.selfLink,\n});\nconst peering1Ds = gcp.compute.getNetworkPeeringOutput({\n name: peering1.name,\n network: peering1.network,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.Network(\"default\",\n name=\"foobar\",\n auto_create_subnetworks=False)\nother = gcp.compute.Network(\"other\",\n name=\"other\",\n auto_create_subnetworks=False)\npeering1 = gcp.compute.NetworkPeering(\"peering1\",\n name=\"peering1\",\n network=default.self_link,\n peer_network=other.self_link)\npeering2 = gcp.compute.NetworkPeering(\"peering2\",\n name=\"peering2\",\n network=other.self_link,\n peer_network=default.self_link)\npeering1_ds = gcp.compute.get_network_peering_output(name=peering1.name,\n network=peering1.network)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"foobar\",\n AutoCreateSubnetworks = false,\n });\n\n var other = new Gcp.Compute.Network(\"other\", new()\n {\n Name = \"other\",\n AutoCreateSubnetworks = false,\n });\n\n var peering1 = new Gcp.Compute.NetworkPeering(\"peering1\", new()\n {\n Name = \"peering1\",\n Network = @default.SelfLink,\n PeerNetwork = other.SelfLink,\n });\n\n var peering2 = new Gcp.Compute.NetworkPeering(\"peering2\", new()\n {\n Name = \"peering2\",\n Network = other.SelfLink,\n PeerNetwork = @default.SelfLink,\n });\n\n var peering1Ds = Gcp.Compute.GetNetworkPeering.Invoke(new()\n {\n Name = peering1.Name,\n Network = peering1.Network,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"foobar\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tother, err := compute.NewNetwork(ctx, \"other\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"other\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeering1, err := compute.NewNetworkPeering(ctx, \"peering1\", \u0026compute.NetworkPeeringArgs{\n\t\t\tName: pulumi.String(\"peering1\"),\n\t\t\tNetwork: _default.SelfLink,\n\t\t\tPeerNetwork: other.SelfLink,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNetworkPeering(ctx, \"peering2\", \u0026compute.NetworkPeeringArgs{\n\t\t\tName: pulumi.String(\"peering2\"),\n\t\t\tNetwork: other.SelfLink,\n\t\t\tPeerNetwork: _default.SelfLink,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_ = compute.LookupNetworkPeeringOutput(ctx, compute.GetNetworkPeeringOutputArgs{\n\t\t\tName: peering1.Name,\n\t\t\tNetwork: peering1.Network,\n\t\t}, nil)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.NetworkPeering;\nimport com.pulumi.gcp.compute.NetworkPeeringArgs;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkPeeringArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"foobar\")\n .autoCreateSubnetworks(\"false\")\n .build());\n\n var other = new Network(\"other\", NetworkArgs.builder()\n .name(\"other\")\n .autoCreateSubnetworks(\"false\")\n .build());\n\n var peering1 = new NetworkPeering(\"peering1\", NetworkPeeringArgs.builder()\n .name(\"peering1\")\n .network(default_.selfLink())\n .peerNetwork(other.selfLink())\n .build());\n\n var peering2 = new NetworkPeering(\"peering2\", NetworkPeeringArgs.builder()\n .name(\"peering2\")\n .network(other.selfLink())\n .peerNetwork(default_.selfLink())\n .build());\n\n final var peering1Ds = ComputeFunctions.getNetworkPeering(GetNetworkPeeringArgs.builder()\n .name(peering1.name())\n .network(peering1.network())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n peering1:\n type: gcp:compute:NetworkPeering\n properties:\n name: peering1\n network: ${default.selfLink}\n peerNetwork: ${other.selfLink}\n peering2:\n type: gcp:compute:NetworkPeering\n properties:\n name: peering2\n network: ${other.selfLink}\n peerNetwork: ${default.selfLink}\n default:\n type: gcp:compute:Network\n properties:\n name: foobar\n autoCreateSubnetworks: 'false'\n other:\n type: gcp:compute:Network\n properties:\n name: other\n autoCreateSubnetworks: 'false'\nvariables:\n peering1Ds:\n fn::invoke:\n function: gcp:compute:getNetworkPeering\n arguments:\n name: ${peering1.name}\n network: ${peering1.network}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getNetworkPeering.\n", "properties": { @@ -288079,7 +288079,7 @@ } }, "gcp:compute/getNetworks:getNetworks": { - "description": "List all networks in a specified Google Cloud project.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-networks = gcp.compute.getNetworks({\n project: \"my-cloud-project\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_networks = gcp.compute.get_networks(project=\"my-cloud-project\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_networks = Gcp.Compute.GetNetworks.Invoke(new()\n {\n Project = \"my-cloud-project\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.GetNetworks(ctx, \u0026compute.GetNetworksArgs{\n\t\t\tProject: pulumi.StringRef(\"my-cloud-project\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworksArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-networks = ComputeFunctions.getNetworks(GetNetworksArgs.builder()\n .project(\"my-cloud-project\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-networks:\n fn::invoke:\n Function: gcp:compute:getNetworks\n Arguments:\n project: my-cloud-project\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "List all networks in a specified Google Cloud project.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-networks = gcp.compute.getNetworks({\n project: \"my-cloud-project\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_networks = gcp.compute.get_networks(project=\"my-cloud-project\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_networks = Gcp.Compute.GetNetworks.Invoke(new()\n {\n Project = \"my-cloud-project\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.GetNetworks(ctx, \u0026compute.GetNetworksArgs{\n\t\t\tProject: pulumi.StringRef(\"my-cloud-project\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworksArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-networks = ComputeFunctions.getNetworks(GetNetworksArgs.builder()\n .project(\"my-cloud-project\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-networks:\n fn::invoke:\n function: gcp:compute:getNetworks\n arguments:\n project: my-cloud-project\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getNetworks.\n", "properties": { @@ -288122,7 +288122,7 @@ } }, "gcp:compute/getNodeTypes:getNodeTypes": { - "description": "Provides available node types for Compute Engine sole-tenant nodes in a zone\nfor a given project. For more information, see [the official documentation](https://cloud.google.com/compute/docs/nodes/#types) and [API](https://cloud.google.com/compute/docs/reference/rest/v1/nodeTypes).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst central1b = gcp.compute.getNodeTypes({\n zone: \"us-central1-b\",\n});\nconst tmpl = new gcp.compute.NodeTemplate(\"tmpl\", {\n name: \"test-tmpl\",\n region: \"us-central1\",\n nodeType: types.names[0],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncentral1b = gcp.compute.get_node_types(zone=\"us-central1-b\")\ntmpl = gcp.compute.NodeTemplate(\"tmpl\",\n name=\"test-tmpl\",\n region=\"us-central1\",\n node_type=types[\"names\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var central1b = Gcp.Compute.GetNodeTypes.Invoke(new()\n {\n Zone = \"us-central1-b\",\n });\n\n var tmpl = new Gcp.Compute.NodeTemplate(\"tmpl\", new()\n {\n Name = \"test-tmpl\",\n Region = \"us-central1\",\n NodeType = types.Names[0],\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.GetNodeTypes(ctx, \u0026compute.GetNodeTypesArgs{\n\t\t\tZone: pulumi.StringRef(\"us-central1-b\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNodeTemplate(ctx, \"tmpl\", \u0026compute.NodeTemplateArgs{\n\t\t\tName: pulumi.String(\"test-tmpl\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNodeType: pulumi.Any(types.Names[0]),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNodeTypesArgs;\nimport com.pulumi.gcp.compute.NodeTemplate;\nimport com.pulumi.gcp.compute.NodeTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var central1b = ComputeFunctions.getNodeTypes(GetNodeTypesArgs.builder()\n .zone(\"us-central1-b\")\n .build());\n\n var tmpl = new NodeTemplate(\"tmpl\", NodeTemplateArgs.builder()\n .name(\"test-tmpl\")\n .region(\"us-central1\")\n .nodeType(types.names()[0])\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tmpl:\n type: gcp:compute:NodeTemplate\n properties:\n name: test-tmpl\n region: us-central1\n nodeType: ${types.names[0]}\nvariables:\n central1b:\n fn::invoke:\n Function: gcp:compute:getNodeTypes\n Arguments:\n zone: us-central1-b\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Provides available node types for Compute Engine sole-tenant nodes in a zone\nfor a given project. For more information, see [the official documentation](https://cloud.google.com/compute/docs/nodes/#types) and [API](https://cloud.google.com/compute/docs/reference/rest/v1/nodeTypes).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst central1b = gcp.compute.getNodeTypes({\n zone: \"us-central1-b\",\n});\nconst tmpl = new gcp.compute.NodeTemplate(\"tmpl\", {\n name: \"test-tmpl\",\n region: \"us-central1\",\n nodeType: types.names[0],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncentral1b = gcp.compute.get_node_types(zone=\"us-central1-b\")\ntmpl = gcp.compute.NodeTemplate(\"tmpl\",\n name=\"test-tmpl\",\n region=\"us-central1\",\n node_type=types[\"names\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var central1b = Gcp.Compute.GetNodeTypes.Invoke(new()\n {\n Zone = \"us-central1-b\",\n });\n\n var tmpl = new Gcp.Compute.NodeTemplate(\"tmpl\", new()\n {\n Name = \"test-tmpl\",\n Region = \"us-central1\",\n NodeType = types.Names[0],\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.GetNodeTypes(ctx, \u0026compute.GetNodeTypesArgs{\n\t\t\tZone: pulumi.StringRef(\"us-central1-b\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNodeTemplate(ctx, \"tmpl\", \u0026compute.NodeTemplateArgs{\n\t\t\tName: pulumi.String(\"test-tmpl\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNodeType: pulumi.Any(types.Names[0]),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNodeTypesArgs;\nimport com.pulumi.gcp.compute.NodeTemplate;\nimport com.pulumi.gcp.compute.NodeTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var central1b = ComputeFunctions.getNodeTypes(GetNodeTypesArgs.builder()\n .zone(\"us-central1-b\")\n .build());\n\n var tmpl = new NodeTemplate(\"tmpl\", NodeTemplateArgs.builder()\n .name(\"test-tmpl\")\n .region(\"us-central1\")\n .nodeType(types.names()[0])\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tmpl:\n type: gcp:compute:NodeTemplate\n properties:\n name: test-tmpl\n region: us-central1\n nodeType: ${types.names[0]}\nvariables:\n central1b:\n fn::invoke:\n function: gcp:compute:getNodeTypes\n arguments:\n zone: us-central1-b\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getNodeTypes.\n", "properties": { @@ -288229,7 +288229,7 @@ } }, "gcp:compute/getRegionDisk:getRegionDisk": { - "description": "Get information about a Google Compute Regional Persistent disks.\n\n[the official documentation](https://cloud.google.com/compute/docs/disks) and its [API](https://cloud.google.com/compute/docs/reference/rest/v1/regionDisks).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetRegionDiskArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceAttachedDiskArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var disk = ComputeFunctions.getRegionDisk(GetRegionDiskArgs.builder()\n .name(\"persistent-regional-disk\")\n .project(\"example\")\n .region(\"us-central1\")\n .type(\"pd-ssd\")\n .physicalBlockSizeBytes(4096)\n .replicaZones( \n \"us-central1-a\",\n \"us-central1-f\")\n .build());\n\n var default_ = new Instance(\"default\", InstanceArgs.builder()\n .attachedDisks(InstanceAttachedDiskArgs.builder()\n .source(diskGoogleComputeDisk.selfLink())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:Instance\n properties:\n attachedDisks:\n - source: ${diskGoogleComputeDisk.selfLink}\nvariables:\n disk:\n fn::invoke:\n Function: gcp:compute:getRegionDisk\n Arguments:\n name: persistent-regional-disk\n project: example\n region: us-central1\n type: pd-ssd\n physicalBlockSizeBytes: 4096\n replicaZones:\n - us-central1-a\n - us-central1-f\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get information about a Google Compute Regional Persistent disks.\n\n[the official documentation](https://cloud.google.com/compute/docs/disks) and its [API](https://cloud.google.com/compute/docs/reference/rest/v1/regionDisks).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetRegionDiskArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceAttachedDiskArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var disk = ComputeFunctions.getRegionDisk(GetRegionDiskArgs.builder()\n .name(\"persistent-regional-disk\")\n .project(\"example\")\n .region(\"us-central1\")\n .type(\"pd-ssd\")\n .physicalBlockSizeBytes(4096)\n .replicaZones( \n \"us-central1-a\",\n \"us-central1-f\")\n .build());\n\n var default_ = new Instance(\"default\", InstanceArgs.builder()\n .attachedDisks(InstanceAttachedDiskArgs.builder()\n .source(diskGoogleComputeDisk.selfLink())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:Instance\n properties:\n attachedDisks:\n - source: ${diskGoogleComputeDisk.selfLink}\nvariables:\n disk:\n fn::invoke:\n function: gcp:compute:getRegionDisk\n arguments:\n name: persistent-regional-disk\n project: example\n region: us-central1\n type: pd-ssd\n physicalBlockSizeBytes: 4096\n replicaZones:\n - us-central1-a\n - us-central1-f\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getRegionDisk.\n", "properties": { @@ -288404,7 +288404,7 @@ } }, "gcp:compute/getRegionDiskIamPolicy:getRegionDiskIamPolicy": { - "description": "Retrieves the current IAM policy data for regiondisk\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.compute.getRegionDiskIamPolicy({\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.compute.get_region_disk_iam_policy(project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Compute.GetRegionDiskIamPolicy.Invoke(new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupRegionDiskIamPolicy(ctx, \u0026compute.LookupRegionDiskIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(regiondisk.Project),\n\t\t\tRegion: pulumi.StringRef(regiondisk.Region),\n\t\t\tName: regiondisk.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetRegionDiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = ComputeFunctions.getRegionDiskIamPolicy(GetRegionDiskIamPolicyArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:compute:getRegionDiskIamPolicy\n Arguments:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for regiondisk\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.compute.getRegionDiskIamPolicy({\n project: regiondisk.project,\n region: regiondisk.region,\n name: regiondisk.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.compute.get_region_disk_iam_policy(project=regiondisk[\"project\"],\n region=regiondisk[\"region\"],\n name=regiondisk[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Compute.GetRegionDiskIamPolicy.Invoke(new()\n {\n Project = regiondisk.Project,\n Region = regiondisk.Region,\n Name = regiondisk.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupRegionDiskIamPolicy(ctx, \u0026compute.LookupRegionDiskIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(regiondisk.Project),\n\t\t\tRegion: pulumi.StringRef(regiondisk.Region),\n\t\t\tName: regiondisk.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetRegionDiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = ComputeFunctions.getRegionDiskIamPolicy(GetRegionDiskIamPolicyArgs.builder()\n .project(regiondisk.project())\n .region(regiondisk.region())\n .name(regiondisk.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:compute:getRegionDiskIamPolicy\n arguments:\n project: ${regiondisk.project}\n region: ${regiondisk.region}\n name: ${regiondisk.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getRegionDiskIamPolicy.\n", "properties": { @@ -288466,7 +288466,7 @@ } }, "gcp:compute/getRegionInstanceGroup:getRegionInstanceGroup": { - "description": "Get a Compute Region Instance Group within GCE.\nFor more information, see [the official documentation](https://cloud.google.com/compute/docs/instance-groups/distributing-instances-with-regional-instance-groups) and [API](https://cloud.google.com/compute/docs/reference/latest/regionInstanceGroups).\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst group = gcp.compute.getRegionInstanceGroup({\n name: \"instance-group-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ngroup = gcp.compute.get_region_instance_group(name=\"instance-group-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @group = Gcp.Compute.GetRegionInstanceGroup.Invoke(new()\n {\n Name = \"instance-group-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.GetRegionInstanceGroup(ctx, \u0026compute.GetRegionInstanceGroupArgs{\n\t\t\tName: pulumi.StringRef(\"instance-group-name\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetRegionInstanceGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var group = ComputeFunctions.getRegionInstanceGroup(GetRegionInstanceGroupArgs.builder()\n .name(\"instance-group-name\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n group:\n fn::invoke:\n Function: gcp:compute:getRegionInstanceGroup\n Arguments:\n name: instance-group-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nThe most common use of this datasource will be to fetch information about the instances inside regional managed instance groups, for instance:\n\n", + "description": "Get a Compute Region Instance Group within GCE.\nFor more information, see [the official documentation](https://cloud.google.com/compute/docs/instance-groups/distributing-instances-with-regional-instance-groups) and [API](https://cloud.google.com/compute/docs/reference/latest/regionInstanceGroups).\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst group = gcp.compute.getRegionInstanceGroup({\n name: \"instance-group-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ngroup = gcp.compute.get_region_instance_group(name=\"instance-group-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @group = Gcp.Compute.GetRegionInstanceGroup.Invoke(new()\n {\n Name = \"instance-group-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.GetRegionInstanceGroup(ctx, \u0026compute.GetRegionInstanceGroupArgs{\n\t\t\tName: pulumi.StringRef(\"instance-group-name\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetRegionInstanceGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var group = ComputeFunctions.getRegionInstanceGroup(GetRegionInstanceGroupArgs.builder()\n .name(\"instance-group-name\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n group:\n fn::invoke:\n function: gcp:compute:getRegionInstanceGroup\n arguments:\n name: instance-group-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nThe most common use of this datasource will be to fetch information about the instances inside regional managed instance groups, for instance:\n\n", "inputs": { "description": "A collection of arguments for invoking getRegionInstanceGroup.\n", "properties": { @@ -288538,7 +288538,7 @@ } }, "gcp:compute/getRegionInstanceGroupManager:getRegionInstanceGroupManager": { - "description": "Get a Compute Region Instance Group Manager within GCE.\nFor more information, see [the official documentation](https://cloud.google.com/compute/docs/instance-groups/distributing-instances-with-regional-instance-groups)\nand [API](https://cloud.google.com/compute/docs/reference/rest/v1/regionInstanceGroupManagers)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst rigm = gcp.compute.getRegionInstanceGroupManager({\n name: \"my-igm\",\n region: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nrigm = gcp.compute.get_region_instance_group_manager(name=\"my-igm\",\n region=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var rigm = Gcp.Compute.GetRegionInstanceGroupManager.Invoke(new()\n {\n Name = \"my-igm\",\n Region = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupRegionInstanceGroupManager(ctx, \u0026compute.LookupRegionInstanceGroupManagerArgs{\n\t\t\tName: pulumi.StringRef(\"my-igm\"),\n\t\t\tRegion: pulumi.StringRef(\"us-central1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetRegionInstanceGroupManagerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var rigm = ComputeFunctions.getRegionInstanceGroupManager(GetRegionInstanceGroupManagerArgs.builder()\n .name(\"my-igm\")\n .region(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n rigm:\n fn::invoke:\n Function: gcp:compute:getRegionInstanceGroupManager\n Arguments:\n name: my-igm\n region: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get a Compute Region Instance Group Manager within GCE.\nFor more information, see [the official documentation](https://cloud.google.com/compute/docs/instance-groups/distributing-instances-with-regional-instance-groups)\nand [API](https://cloud.google.com/compute/docs/reference/rest/v1/regionInstanceGroupManagers)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst rigm = gcp.compute.getRegionInstanceGroupManager({\n name: \"my-igm\",\n region: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nrigm = gcp.compute.get_region_instance_group_manager(name=\"my-igm\",\n region=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var rigm = Gcp.Compute.GetRegionInstanceGroupManager.Invoke(new()\n {\n Name = \"my-igm\",\n Region = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupRegionInstanceGroupManager(ctx, \u0026compute.LookupRegionInstanceGroupManagerArgs{\n\t\t\tName: pulumi.StringRef(\"my-igm\"),\n\t\t\tRegion: pulumi.StringRef(\"us-central1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetRegionInstanceGroupManagerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var rigm = ComputeFunctions.getRegionInstanceGroupManager(GetRegionInstanceGroupManagerArgs.builder()\n .name(\"my-igm\")\n .region(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n rigm:\n fn::invoke:\n function: gcp:compute:getRegionInstanceGroupManager\n arguments:\n name: my-igm\n region: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getRegionInstanceGroupManager.\n", "properties": { @@ -288740,7 +288740,7 @@ } }, "gcp:compute/getRegionInstanceTemplate:getRegionInstanceTemplate": { - "description": "Get information about a VM instance template resource within GCE. For more information see\n[the official documentation](https://cloud.google.com/compute/docs/instance-templates)\nand\n[API](https://cloud.google.com/compute/docs/reference/rest/v1/regionInstanceTemplates).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n// by name\nconst generic = gcp.compute.getRegionInstanceTemplate({\n name: \"generic-tpl-20200107\",\n});\n// using a filter\nconst generic-regex = gcp.compute.getRegionInstanceTemplate({\n filter: \"name != generic-tpl-20200107\",\n mostRecent: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n# by name\ngeneric = gcp.compute.get_region_instance_template(name=\"generic-tpl-20200107\")\n# using a filter\ngeneric_regex = gcp.compute.get_region_instance_template(filter=\"name != generic-tpl-20200107\",\n most_recent=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // by name\n var generic = Gcp.Compute.GetRegionInstanceTemplate.Invoke(new()\n {\n Name = \"generic-tpl-20200107\",\n });\n\n // using a filter\n var generic_regex = Gcp.Compute.GetRegionInstanceTemplate.Invoke(new()\n {\n Filter = \"name != generic-tpl-20200107\",\n MostRecent = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// by name\n\t\t_, err := compute.LookupRegionInstanceTemplate(ctx, \u0026compute.LookupRegionInstanceTemplateArgs{\n\t\t\tName: pulumi.StringRef(\"generic-tpl-20200107\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// using a filter\n\t\t_, err = compute.LookupRegionInstanceTemplate(ctx, \u0026compute.LookupRegionInstanceTemplateArgs{\n\t\t\tFilter: pulumi.StringRef(\"name != generic-tpl-20200107\"),\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetRegionInstanceTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // by name\n final var generic = ComputeFunctions.getRegionInstanceTemplate(GetRegionInstanceTemplateArgs.builder()\n .name(\"generic-tpl-20200107\")\n .build());\n\n // using a filter\n final var generic-regex = ComputeFunctions.getRegionInstanceTemplate(GetRegionInstanceTemplateArgs.builder()\n .filter(\"name != generic-tpl-20200107\")\n .mostRecent(true)\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n # by name\n generic:\n fn::invoke:\n Function: gcp:compute:getRegionInstanceTemplate\n Arguments:\n name: generic-tpl-20200107\n # using a filter\n generic-regex:\n fn::invoke:\n Function: gcp:compute:getRegionInstanceTemplate\n Arguments:\n filter: name != generic-tpl-20200107\n mostRecent: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get information about a VM instance template resource within GCE. For more information see\n[the official documentation](https://cloud.google.com/compute/docs/instance-templates)\nand\n[API](https://cloud.google.com/compute/docs/reference/rest/v1/regionInstanceTemplates).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n// by name\nconst generic = gcp.compute.getRegionInstanceTemplate({\n name: \"generic-tpl-20200107\",\n});\n// using a filter\nconst generic-regex = gcp.compute.getRegionInstanceTemplate({\n filter: \"name != generic-tpl-20200107\",\n mostRecent: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n# by name\ngeneric = gcp.compute.get_region_instance_template(name=\"generic-tpl-20200107\")\n# using a filter\ngeneric_regex = gcp.compute.get_region_instance_template(filter=\"name != generic-tpl-20200107\",\n most_recent=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // by name\n var generic = Gcp.Compute.GetRegionInstanceTemplate.Invoke(new()\n {\n Name = \"generic-tpl-20200107\",\n });\n\n // using a filter\n var generic_regex = Gcp.Compute.GetRegionInstanceTemplate.Invoke(new()\n {\n Filter = \"name != generic-tpl-20200107\",\n MostRecent = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// by name\n\t\t_, err := compute.LookupRegionInstanceTemplate(ctx, \u0026compute.LookupRegionInstanceTemplateArgs{\n\t\t\tName: pulumi.StringRef(\"generic-tpl-20200107\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// using a filter\n\t\t_, err = compute.LookupRegionInstanceTemplate(ctx, \u0026compute.LookupRegionInstanceTemplateArgs{\n\t\t\tFilter: pulumi.StringRef(\"name != generic-tpl-20200107\"),\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetRegionInstanceTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // by name\n final var generic = ComputeFunctions.getRegionInstanceTemplate(GetRegionInstanceTemplateArgs.builder()\n .name(\"generic-tpl-20200107\")\n .build());\n\n // using a filter\n final var generic-regex = ComputeFunctions.getRegionInstanceTemplate(GetRegionInstanceTemplateArgs.builder()\n .filter(\"name != generic-tpl-20200107\")\n .mostRecent(true)\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n # by name\n generic:\n fn::invoke:\n function: gcp:compute:getRegionInstanceTemplate\n arguments:\n name: generic-tpl-20200107\n # using a filter\n generic-regex:\n fn::invoke:\n function: gcp:compute:getRegionInstanceTemplate\n arguments:\n filter: name != generic-tpl-20200107\n mostRecent: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getRegionInstanceTemplate.\n", "properties": { @@ -289003,7 +289003,7 @@ } }, "gcp:compute/getRegionNetworkEndpointGroup:getRegionNetworkEndpointGroup": { - "description": "Use this data source to access a Region Network Endpoint Group's attributes.\n\nThe RNEG may be found by providing either a `self_link`, or a `name` and a `region`.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst rneg1 = gcp.compute.getRegionNetworkEndpointGroup({\n name: \"k8s1-abcdef01-myns-mysvc-8080-4b6bac43\",\n region: \"us-central1\",\n});\nconst rneg2 = gcp.compute.getRegionNetworkEndpointGroup({\n selfLink: \"https://www.googleapis.com/compute/v1/projects/myproject/regions/us-central1/networkEndpointGroups/k8s1-abcdef01-myns-mysvc-8080-4b6bac43\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nrneg1 = gcp.compute.get_region_network_endpoint_group(name=\"k8s1-abcdef01-myns-mysvc-8080-4b6bac43\",\n region=\"us-central1\")\nrneg2 = gcp.compute.get_region_network_endpoint_group(self_link=\"https://www.googleapis.com/compute/v1/projects/myproject/regions/us-central1/networkEndpointGroups/k8s1-abcdef01-myns-mysvc-8080-4b6bac43\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var rneg1 = Gcp.Compute.GetRegionNetworkEndpointGroup.Invoke(new()\n {\n Name = \"k8s1-abcdef01-myns-mysvc-8080-4b6bac43\",\n Region = \"us-central1\",\n });\n\n var rneg2 = Gcp.Compute.GetRegionNetworkEndpointGroup.Invoke(new()\n {\n SelfLink = \"https://www.googleapis.com/compute/v1/projects/myproject/regions/us-central1/networkEndpointGroups/k8s1-abcdef01-myns-mysvc-8080-4b6bac43\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupRegionNetworkEndpointGroup(ctx, \u0026compute.LookupRegionNetworkEndpointGroupArgs{\n\t\t\tName: pulumi.StringRef(\"k8s1-abcdef01-myns-mysvc-8080-4b6bac43\"),\n\t\t\tRegion: pulumi.StringRef(\"us-central1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.LookupRegionNetworkEndpointGroup(ctx, \u0026compute.LookupRegionNetworkEndpointGroupArgs{\n\t\t\tSelfLink: pulumi.StringRef(\"https://www.googleapis.com/compute/v1/projects/myproject/regions/us-central1/networkEndpointGroups/k8s1-abcdef01-myns-mysvc-8080-4b6bac43\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetRegionNetworkEndpointGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var rneg1 = ComputeFunctions.getRegionNetworkEndpointGroup(GetRegionNetworkEndpointGroupArgs.builder()\n .name(\"k8s1-abcdef01-myns-mysvc-8080-4b6bac43\")\n .region(\"us-central1\")\n .build());\n\n final var rneg2 = ComputeFunctions.getRegionNetworkEndpointGroup(GetRegionNetworkEndpointGroupArgs.builder()\n .selfLink(\"https://www.googleapis.com/compute/v1/projects/myproject/regions/us-central1/networkEndpointGroups/k8s1-abcdef01-myns-mysvc-8080-4b6bac43\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n rneg1:\n fn::invoke:\n Function: gcp:compute:getRegionNetworkEndpointGroup\n Arguments:\n name: k8s1-abcdef01-myns-mysvc-8080-4b6bac43\n region: us-central1\n rneg2:\n fn::invoke:\n Function: gcp:compute:getRegionNetworkEndpointGroup\n Arguments:\n selfLink: https://www.googleapis.com/compute/v1/projects/myproject/regions/us-central1/networkEndpointGroups/k8s1-abcdef01-myns-mysvc-8080-4b6bac43\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to access a Region Network Endpoint Group's attributes.\n\nThe RNEG may be found by providing either a `self_link`, or a `name` and a `region`.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst rneg1 = gcp.compute.getRegionNetworkEndpointGroup({\n name: \"k8s1-abcdef01-myns-mysvc-8080-4b6bac43\",\n region: \"us-central1\",\n});\nconst rneg2 = gcp.compute.getRegionNetworkEndpointGroup({\n selfLink: \"https://www.googleapis.com/compute/v1/projects/myproject/regions/us-central1/networkEndpointGroups/k8s1-abcdef01-myns-mysvc-8080-4b6bac43\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nrneg1 = gcp.compute.get_region_network_endpoint_group(name=\"k8s1-abcdef01-myns-mysvc-8080-4b6bac43\",\n region=\"us-central1\")\nrneg2 = gcp.compute.get_region_network_endpoint_group(self_link=\"https://www.googleapis.com/compute/v1/projects/myproject/regions/us-central1/networkEndpointGroups/k8s1-abcdef01-myns-mysvc-8080-4b6bac43\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var rneg1 = Gcp.Compute.GetRegionNetworkEndpointGroup.Invoke(new()\n {\n Name = \"k8s1-abcdef01-myns-mysvc-8080-4b6bac43\",\n Region = \"us-central1\",\n });\n\n var rneg2 = Gcp.Compute.GetRegionNetworkEndpointGroup.Invoke(new()\n {\n SelfLink = \"https://www.googleapis.com/compute/v1/projects/myproject/regions/us-central1/networkEndpointGroups/k8s1-abcdef01-myns-mysvc-8080-4b6bac43\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupRegionNetworkEndpointGroup(ctx, \u0026compute.LookupRegionNetworkEndpointGroupArgs{\n\t\t\tName: pulumi.StringRef(\"k8s1-abcdef01-myns-mysvc-8080-4b6bac43\"),\n\t\t\tRegion: pulumi.StringRef(\"us-central1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.LookupRegionNetworkEndpointGroup(ctx, \u0026compute.LookupRegionNetworkEndpointGroupArgs{\n\t\t\tSelfLink: pulumi.StringRef(\"https://www.googleapis.com/compute/v1/projects/myproject/regions/us-central1/networkEndpointGroups/k8s1-abcdef01-myns-mysvc-8080-4b6bac43\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetRegionNetworkEndpointGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var rneg1 = ComputeFunctions.getRegionNetworkEndpointGroup(GetRegionNetworkEndpointGroupArgs.builder()\n .name(\"k8s1-abcdef01-myns-mysvc-8080-4b6bac43\")\n .region(\"us-central1\")\n .build());\n\n final var rneg2 = ComputeFunctions.getRegionNetworkEndpointGroup(GetRegionNetworkEndpointGroupArgs.builder()\n .selfLink(\"https://www.googleapis.com/compute/v1/projects/myproject/regions/us-central1/networkEndpointGroups/k8s1-abcdef01-myns-mysvc-8080-4b6bac43\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n rneg1:\n fn::invoke:\n function: gcp:compute:getRegionNetworkEndpointGroup\n arguments:\n name: k8s1-abcdef01-myns-mysvc-8080-4b6bac43\n region: us-central1\n rneg2:\n fn::invoke:\n function: gcp:compute:getRegionNetworkEndpointGroup\n arguments:\n selfLink: https://www.googleapis.com/compute/v1/projects/myproject/regions/us-central1/networkEndpointGroups/k8s1-abcdef01-myns-mysvc-8080-4b6bac43\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getRegionNetworkEndpointGroup.\n", "properties": { @@ -289106,7 +289106,7 @@ } }, "gcp:compute/getRegionSslCertificate:getRegionSslCertificate": { - "description": "Get info about a Region Google Compute SSL Certificate from its name.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myCert = gcp.compute.getRegionSslCertificate({\n name: \"my-cert\",\n});\nexport const certificate = myCert.then(myCert =\u003e myCert.certificate);\nexport const certificateId = myCert.then(myCert =\u003e myCert.certificateId);\nexport const selfLink = myCert.then(myCert =\u003e myCert.selfLink);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_cert = gcp.compute.get_region_ssl_certificate(name=\"my-cert\")\npulumi.export(\"certificate\", my_cert.certificate)\npulumi.export(\"certificateId\", my_cert.certificate_id)\npulumi.export(\"selfLink\", my_cert.self_link)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myCert = Gcp.Compute.GetRegionSslCertificate.Invoke(new()\n {\n Name = \"my-cert\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"certificate\"] = myCert.Apply(getRegionSslCertificateResult =\u003e getRegionSslCertificateResult.Certificate),\n [\"certificateId\"] = myCert.Apply(getRegionSslCertificateResult =\u003e getRegionSslCertificateResult.CertificateId),\n [\"selfLink\"] = myCert.Apply(getRegionSslCertificateResult =\u003e getRegionSslCertificateResult.SelfLink),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyCert, err := compute.LookupRegionSslCertificate(ctx, \u0026compute.LookupRegionSslCertificateArgs{\n\t\t\tName: \"my-cert\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"certificate\", myCert.Certificate)\n\t\tctx.Export(\"certificateId\", myCert.CertificateId)\n\t\tctx.Export(\"selfLink\", myCert.SelfLink)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetRegionSslCertificateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myCert = ComputeFunctions.getRegionSslCertificate(GetRegionSslCertificateArgs.builder()\n .name(\"my-cert\")\n .build());\n\n ctx.export(\"certificate\", myCert.applyValue(getRegionSslCertificateResult -\u003e getRegionSslCertificateResult.certificate()));\n ctx.export(\"certificateId\", myCert.applyValue(getRegionSslCertificateResult -\u003e getRegionSslCertificateResult.certificateId()));\n ctx.export(\"selfLink\", myCert.applyValue(getRegionSslCertificateResult -\u003e getRegionSslCertificateResult.selfLink()));\n }\n}\n```\n```yaml\nvariables:\n myCert:\n fn::invoke:\n Function: gcp:compute:getRegionSslCertificate\n Arguments:\n name: my-cert\noutputs:\n certificate: ${myCert.certificate}\n certificateId: ${myCert.certificateId}\n selfLink: ${myCert.selfLink}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get info about a Region Google Compute SSL Certificate from its name.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myCert = gcp.compute.getRegionSslCertificate({\n name: \"my-cert\",\n});\nexport const certificate = myCert.then(myCert =\u003e myCert.certificate);\nexport const certificateId = myCert.then(myCert =\u003e myCert.certificateId);\nexport const selfLink = myCert.then(myCert =\u003e myCert.selfLink);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_cert = gcp.compute.get_region_ssl_certificate(name=\"my-cert\")\npulumi.export(\"certificate\", my_cert.certificate)\npulumi.export(\"certificateId\", my_cert.certificate_id)\npulumi.export(\"selfLink\", my_cert.self_link)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myCert = Gcp.Compute.GetRegionSslCertificate.Invoke(new()\n {\n Name = \"my-cert\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"certificate\"] = myCert.Apply(getRegionSslCertificateResult =\u003e getRegionSslCertificateResult.Certificate),\n [\"certificateId\"] = myCert.Apply(getRegionSslCertificateResult =\u003e getRegionSslCertificateResult.CertificateId),\n [\"selfLink\"] = myCert.Apply(getRegionSslCertificateResult =\u003e getRegionSslCertificateResult.SelfLink),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyCert, err := compute.LookupRegionSslCertificate(ctx, \u0026compute.LookupRegionSslCertificateArgs{\n\t\t\tName: \"my-cert\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"certificate\", myCert.Certificate)\n\t\tctx.Export(\"certificateId\", myCert.CertificateId)\n\t\tctx.Export(\"selfLink\", myCert.SelfLink)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetRegionSslCertificateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myCert = ComputeFunctions.getRegionSslCertificate(GetRegionSslCertificateArgs.builder()\n .name(\"my-cert\")\n .build());\n\n ctx.export(\"certificate\", myCert.applyValue(getRegionSslCertificateResult -\u003e getRegionSslCertificateResult.certificate()));\n ctx.export(\"certificateId\", myCert.applyValue(getRegionSslCertificateResult -\u003e getRegionSslCertificateResult.certificateId()));\n ctx.export(\"selfLink\", myCert.applyValue(getRegionSslCertificateResult -\u003e getRegionSslCertificateResult.selfLink()));\n }\n}\n```\n```yaml\nvariables:\n myCert:\n fn::invoke:\n function: gcp:compute:getRegionSslCertificate\n arguments:\n name: my-cert\noutputs:\n certificate: ${myCert.certificate}\n certificateId: ${myCert.certificateId}\n selfLink: ${myCert.selfLink}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getRegionSslCertificate.\n", "properties": { @@ -289230,7 +289230,7 @@ } }, "gcp:compute/getReservation:getReservation": { - "description": "Provides access to available Google Compute Reservation Resources for a given project.\nSee more about [Reservations of Compute Engine resources](https://cloud.google.com/compute/docs/instances/reservations-overview) in the upstream docs.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst reservation = gcp.compute.getReservation({\n name: \"gce-reservation\",\n zone: \"us-central1-a\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nreservation = gcp.compute.get_reservation(name=\"gce-reservation\",\n zone=\"us-central1-a\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var reservation = Gcp.Compute.GetReservation.Invoke(new()\n {\n Name = \"gce-reservation\",\n Zone = \"us-central1-a\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupReservation(ctx, \u0026compute.LookupReservationArgs{\n\t\t\tName: \"gce-reservation\",\n\t\t\tZone: \"us-central1-a\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetReservationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var reservation = ComputeFunctions.getReservation(GetReservationArgs.builder()\n .name(\"gce-reservation\")\n .zone(\"us-central1-a\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n reservation:\n fn::invoke:\n Function: gcp:compute:getReservation\n Arguments:\n name: gce-reservation\n zone: us-central1-a\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Provides access to available Google Compute Reservation Resources for a given project.\nSee more about [Reservations of Compute Engine resources](https://cloud.google.com/compute/docs/instances/reservations-overview) in the upstream docs.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst reservation = gcp.compute.getReservation({\n name: \"gce-reservation\",\n zone: \"us-central1-a\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nreservation = gcp.compute.get_reservation(name=\"gce-reservation\",\n zone=\"us-central1-a\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var reservation = Gcp.Compute.GetReservation.Invoke(new()\n {\n Name = \"gce-reservation\",\n Zone = \"us-central1-a\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupReservation(ctx, \u0026compute.LookupReservationArgs{\n\t\t\tName: \"gce-reservation\",\n\t\t\tZone: \"us-central1-a\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetReservationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var reservation = ComputeFunctions.getReservation(GetReservationArgs.builder()\n .name(\"gce-reservation\")\n .zone(\"us-central1-a\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n reservation:\n fn::invoke:\n function: gcp:compute:getReservation\n arguments:\n name: gce-reservation\n zone: us-central1-a\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getReservation.\n", "properties": { @@ -289317,7 +289317,7 @@ } }, "gcp:compute/getResourcePolicy:getResourcePolicy": { - "description": "Provide access to a Resource Policy's attributes. For more information see [the official documentation](https://cloud.google.com/compute/docs/disks/scheduled-snapshots) or the [API](https://cloud.google.com/compute/docs/reference/rest/beta/resourcePolicies).\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst daily = gcp.compute.getResourcePolicy({\n name: \"daily\",\n region: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndaily = gcp.compute.get_resource_policy(name=\"daily\",\n region=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var daily = Gcp.Compute.GetResourcePolicy.Invoke(new()\n {\n Name = \"daily\",\n Region = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupResourcePolicy(ctx, \u0026compute.LookupResourcePolicyArgs{\n\t\t\tName: \"daily\",\n\t\t\tRegion: pulumi.StringRef(\"us-central1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetResourcePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var daily = ComputeFunctions.getResourcePolicy(GetResourcePolicyArgs.builder()\n .name(\"daily\")\n .region(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n daily:\n fn::invoke:\n Function: gcp:compute:getResourcePolicy\n Arguments:\n name: daily\n region: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Provide access to a Resource Policy's attributes. For more information see [the official documentation](https://cloud.google.com/compute/docs/disks/scheduled-snapshots) or the [API](https://cloud.google.com/compute/docs/reference/rest/beta/resourcePolicies).\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst daily = gcp.compute.getResourcePolicy({\n name: \"daily\",\n region: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndaily = gcp.compute.get_resource_policy(name=\"daily\",\n region=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var daily = Gcp.Compute.GetResourcePolicy.Invoke(new()\n {\n Name = \"daily\",\n Region = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupResourcePolicy(ctx, \u0026compute.LookupResourcePolicyArgs{\n\t\t\tName: \"daily\",\n\t\t\tRegion: pulumi.StringRef(\"us-central1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetResourcePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var daily = ComputeFunctions.getResourcePolicy(GetResourcePolicyArgs.builder()\n .name(\"daily\")\n .region(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n daily:\n fn::invoke:\n function: gcp:compute:getResourcePolicy\n arguments:\n name: daily\n region: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getResourcePolicy.\n", "properties": { @@ -289402,7 +289402,7 @@ } }, "gcp:compute/getRouter:getRouter": { - "description": "Get a router within GCE from its name and VPC.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-router = gcp.compute.getRouter({\n name: \"myrouter-us-east1\",\n network: \"my-network\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_router = gcp.compute.get_router(name=\"myrouter-us-east1\",\n network=\"my-network\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_router = Gcp.Compute.GetRouter.Invoke(new()\n {\n Name = \"myrouter-us-east1\",\n Network = \"my-network\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupRouter(ctx, \u0026compute.LookupRouterArgs{\n\t\t\tName: \"myrouter-us-east1\",\n\t\t\tNetwork: \"my-network\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetRouterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-router = ComputeFunctions.getRouter(GetRouterArgs.builder()\n .name(\"myrouter-us-east1\")\n .network(\"my-network\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-router:\n fn::invoke:\n Function: gcp:compute:getRouter\n Arguments:\n name: myrouter-us-east1\n network: my-network\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get a router within GCE from its name and VPC.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-router = gcp.compute.getRouter({\n name: \"myrouter-us-east1\",\n network: \"my-network\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_router = gcp.compute.get_router(name=\"myrouter-us-east1\",\n network=\"my-network\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_router = Gcp.Compute.GetRouter.Invoke(new()\n {\n Name = \"myrouter-us-east1\",\n Network = \"my-network\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupRouter(ctx, \u0026compute.LookupRouterArgs{\n\t\t\tName: \"myrouter-us-east1\",\n\t\t\tNetwork: \"my-network\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetRouterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-router = ComputeFunctions.getRouter(GetRouterArgs.builder()\n .name(\"myrouter-us-east1\")\n .network(\"my-network\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-router:\n fn::invoke:\n function: gcp:compute:getRouter\n arguments:\n name: myrouter-us-east1\n network: my-network\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getRouter.\n", "properties": { @@ -289481,7 +289481,7 @@ } }, "gcp:compute/getRouterNat:getRouterNat": { - "description": "To get more information about Snapshot, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/routers)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/router/docs/)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foo = gcp.compute.getRouterNat({\n name: \"my-nat\",\n router: \"my-router\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoo = gcp.compute.get_router_nat(name=\"my-nat\",\n router=\"my-router\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = Gcp.Compute.GetRouterNat.Invoke(new()\n {\n Name = \"my-nat\",\n Router = \"my-router\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupRouterNat(ctx, \u0026compute.LookupRouterNatArgs{\n\t\t\tName: \"my-nat\",\n\t\t\tRouter: \"my-router\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetRouterNatArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var foo = ComputeFunctions.getRouterNat(GetRouterNatArgs.builder()\n .name(\"my-nat\")\n .router(\"my-router\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n foo:\n fn::invoke:\n Function: gcp:compute:getRouterNat\n Arguments:\n name: my-nat\n router: my-router\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "To get more information about Snapshot, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/routers)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/router/docs/)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foo = gcp.compute.getRouterNat({\n name: \"my-nat\",\n router: \"my-router\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoo = gcp.compute.get_router_nat(name=\"my-nat\",\n router=\"my-router\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = Gcp.Compute.GetRouterNat.Invoke(new()\n {\n Name = \"my-nat\",\n Router = \"my-router\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupRouterNat(ctx, \u0026compute.LookupRouterNatArgs{\n\t\t\tName: \"my-nat\",\n\t\t\tRouter: \"my-router\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetRouterNatArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var foo = ComputeFunctions.getRouterNat(GetRouterNatArgs.builder()\n .name(\"my-nat\")\n .router(\"my-router\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n foo:\n fn::invoke:\n function: gcp:compute:getRouterNat\n arguments:\n name: my-nat\n router: my-router\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getRouterNat.\n", "properties": { @@ -289638,7 +289638,7 @@ } }, "gcp:compute/getRouterStatus:getRouterStatus": { - "description": "Get a Cloud Router's status within GCE from its name and region. This data source exposes the\nroutes learned by a Cloud Router via BGP peers.\n\nFor more information see [the official documentation](https://cloud.google.com/network-connectivity/docs/router/how-to/viewing-router-details)\nand\n[API](https://cloud.google.com/compute/docs/reference/rest/v1/routers/getRouterStatus).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-router = gcp.compute.getRouterStatus({\n name: \"myrouter\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_router = gcp.compute.get_router_status(name=\"myrouter\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_router = Gcp.Compute.GetRouterStatus.Invoke(new()\n {\n Name = \"myrouter\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.GetRouterStatus(ctx, \u0026compute.GetRouterStatusArgs{\n\t\t\tName: \"myrouter\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetRouterStatusArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-router = ComputeFunctions.getRouterStatus(GetRouterStatusArgs.builder()\n .name(\"myrouter\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-router:\n fn::invoke:\n Function: gcp:compute:getRouterStatus\n Arguments:\n name: myrouter\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get a Cloud Router's status within GCE from its name and region. This data source exposes the\nroutes learned by a Cloud Router via BGP peers.\n\nFor more information see [the official documentation](https://cloud.google.com/network-connectivity/docs/router/how-to/viewing-router-details)\nand\n[API](https://cloud.google.com/compute/docs/reference/rest/v1/routers/getRouterStatus).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-router = gcp.compute.getRouterStatus({\n name: \"myrouter\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_router = gcp.compute.get_router_status(name=\"myrouter\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_router = Gcp.Compute.GetRouterStatus.Invoke(new()\n {\n Name = \"myrouter\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.GetRouterStatus(ctx, \u0026compute.GetRouterStatusArgs{\n\t\t\tName: \"myrouter\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetRouterStatusArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-router = ComputeFunctions.getRouterStatus(GetRouterStatusArgs.builder()\n .name(\"myrouter\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-router:\n fn::invoke:\n function: gcp:compute:getRouterStatus\n arguments:\n name: myrouter\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getRouterStatus.\n", "properties": { @@ -289707,7 +289707,7 @@ } }, "gcp:compute/getSSLPolicy:getSSLPolicy": { - "description": "Gets an SSL Policy within GCE from its name, for use with Target HTTPS and Target SSL Proxies.\n For more information see [the official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-ssl-policy = gcp.compute.getSSLPolicy({\n name: \"production-ssl-policy\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_ssl_policy = gcp.compute.get_ssl_policy(name=\"production-ssl-policy\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_ssl_policy = Gcp.Compute.GetSSLPolicy.Invoke(new()\n {\n Name = \"production-ssl-policy\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupSSLPolicy(ctx, \u0026compute.LookupSSLPolicyArgs{\n\t\t\tName: \"production-ssl-policy\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetSSLPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-ssl-policy = ComputeFunctions.getSSLPolicy(GetSSLPolicyArgs.builder()\n .name(\"production-ssl-policy\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-ssl-policy:\n fn::invoke:\n Function: gcp:compute:getSSLPolicy\n Arguments:\n name: production-ssl-policy\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Gets an SSL Policy within GCE from its name, for use with Target HTTPS and Target SSL Proxies.\n For more information see [the official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-ssl-policy = gcp.compute.getSSLPolicy({\n name: \"production-ssl-policy\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_ssl_policy = gcp.compute.get_ssl_policy(name=\"production-ssl-policy\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_ssl_policy = Gcp.Compute.GetSSLPolicy.Invoke(new()\n {\n Name = \"production-ssl-policy\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupSSLPolicy(ctx, \u0026compute.LookupSSLPolicyArgs{\n\t\t\tName: \"production-ssl-policy\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetSSLPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-ssl-policy = ComputeFunctions.getSSLPolicy(GetSSLPolicyArgs.builder()\n .name(\"production-ssl-policy\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-ssl-policy:\n fn::invoke:\n function: gcp:compute:getSSLPolicy\n arguments:\n name: production-ssl-policy\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getSSLPolicy.\n", "properties": { @@ -289792,7 +289792,7 @@ } }, "gcp:compute/getSecurityPolicy:getSecurityPolicy": { - "description": "To get more information about Google Compute Security Policy, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/beta/securityPolicies)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/armor/docs/configure-security-policies)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sp1 = gcp.compute.getSecurityPolicy({\n name: \"my-policy\",\n project: \"my-project\",\n});\nconst sp2 = gcp.compute.getSecurityPolicy({\n selfLink: \"https://www.googleapis.com/compute/v1/projects/my-project/global/securityPolicies/my-policy\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsp1 = gcp.compute.get_security_policy(name=\"my-policy\",\n project=\"my-project\")\nsp2 = gcp.compute.get_security_policy(self_link=\"https://www.googleapis.com/compute/v1/projects/my-project/global/securityPolicies/my-policy\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sp1 = Gcp.Compute.GetSecurityPolicy.Invoke(new()\n {\n Name = \"my-policy\",\n Project = \"my-project\",\n });\n\n var sp2 = Gcp.Compute.GetSecurityPolicy.Invoke(new()\n {\n SelfLink = \"https://www.googleapis.com/compute/v1/projects/my-project/global/securityPolicies/my-policy\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupSecurityPolicy(ctx, \u0026compute.LookupSecurityPolicyArgs{\n\t\t\tName: pulumi.StringRef(\"my-policy\"),\n\t\t\tProject: pulumi.StringRef(\"my-project\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.LookupSecurityPolicy(ctx, \u0026compute.LookupSecurityPolicyArgs{\n\t\t\tSelfLink: pulumi.StringRef(\"https://www.googleapis.com/compute/v1/projects/my-project/global/securityPolicies/my-policy\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetSecurityPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var sp1 = ComputeFunctions.getSecurityPolicy(GetSecurityPolicyArgs.builder()\n .name(\"my-policy\")\n .project(\"my-project\")\n .build());\n\n final var sp2 = ComputeFunctions.getSecurityPolicy(GetSecurityPolicyArgs.builder()\n .selfLink(\"https://www.googleapis.com/compute/v1/projects/my-project/global/securityPolicies/my-policy\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n sp1:\n fn::invoke:\n Function: gcp:compute:getSecurityPolicy\n Arguments:\n name: my-policy\n project: my-project\n sp2:\n fn::invoke:\n Function: gcp:compute:getSecurityPolicy\n Arguments:\n selfLink: https://www.googleapis.com/compute/v1/projects/my-project/global/securityPolicies/my-policy\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "To get more information about Google Compute Security Policy, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/beta/securityPolicies)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/armor/docs/configure-security-policies)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sp1 = gcp.compute.getSecurityPolicy({\n name: \"my-policy\",\n project: \"my-project\",\n});\nconst sp2 = gcp.compute.getSecurityPolicy({\n selfLink: \"https://www.googleapis.com/compute/v1/projects/my-project/global/securityPolicies/my-policy\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsp1 = gcp.compute.get_security_policy(name=\"my-policy\",\n project=\"my-project\")\nsp2 = gcp.compute.get_security_policy(self_link=\"https://www.googleapis.com/compute/v1/projects/my-project/global/securityPolicies/my-policy\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sp1 = Gcp.Compute.GetSecurityPolicy.Invoke(new()\n {\n Name = \"my-policy\",\n Project = \"my-project\",\n });\n\n var sp2 = Gcp.Compute.GetSecurityPolicy.Invoke(new()\n {\n SelfLink = \"https://www.googleapis.com/compute/v1/projects/my-project/global/securityPolicies/my-policy\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupSecurityPolicy(ctx, \u0026compute.LookupSecurityPolicyArgs{\n\t\t\tName: pulumi.StringRef(\"my-policy\"),\n\t\t\tProject: pulumi.StringRef(\"my-project\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.LookupSecurityPolicy(ctx, \u0026compute.LookupSecurityPolicyArgs{\n\t\t\tSelfLink: pulumi.StringRef(\"https://www.googleapis.com/compute/v1/projects/my-project/global/securityPolicies/my-policy\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetSecurityPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var sp1 = ComputeFunctions.getSecurityPolicy(GetSecurityPolicyArgs.builder()\n .name(\"my-policy\")\n .project(\"my-project\")\n .build());\n\n final var sp2 = ComputeFunctions.getSecurityPolicy(GetSecurityPolicyArgs.builder()\n .selfLink(\"https://www.googleapis.com/compute/v1/projects/my-project/global/securityPolicies/my-policy\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n sp1:\n fn::invoke:\n function: gcp:compute:getSecurityPolicy\n arguments:\n name: my-policy\n project: my-project\n sp2:\n fn::invoke:\n function: gcp:compute:getSecurityPolicy\n arguments:\n selfLink: https://www.googleapis.com/compute/v1/projects/my-project/global/securityPolicies/my-policy\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getSecurityPolicy.\n", "properties": { @@ -289875,7 +289875,7 @@ } }, "gcp:compute/getSnapshot:getSnapshot": { - "description": "To get more information about Snapshot, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/snapshots)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/compute/docs/disks/create-snapshots)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n//by name \nconst snapshot = gcp.compute.getSnapshot({\n name: \"my-snapshot\",\n});\n// using a filter\nconst latest-snapshot = gcp.compute.getSnapshot({\n filter: \"name != my-snapshot\",\n mostRecent: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n#by name \nsnapshot = gcp.compute.get_snapshot(name=\"my-snapshot\")\n# using a filter\nlatest_snapshot = gcp.compute.get_snapshot(filter=\"name != my-snapshot\",\n most_recent=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n //by name \n var snapshot = Gcp.Compute.GetSnapshot.Invoke(new()\n {\n Name = \"my-snapshot\",\n });\n\n // using a filter\n var latest_snapshot = Gcp.Compute.GetSnapshot.Invoke(new()\n {\n Filter = \"name != my-snapshot\",\n MostRecent = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// by name\n\t\t_, err := compute.LookupSnapshot(ctx, \u0026compute.LookupSnapshotArgs{\n\t\t\tName: pulumi.StringRef(\"my-snapshot\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// using a filter\n\t\t_, err = compute.LookupSnapshot(ctx, \u0026compute.LookupSnapshotArgs{\n\t\t\tFilter: pulumi.StringRef(\"name != my-snapshot\"),\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetSnapshotArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n //by name \n final var snapshot = ComputeFunctions.getSnapshot(GetSnapshotArgs.builder()\n .name(\"my-snapshot\")\n .build());\n\n // using a filter\n final var latest-snapshot = ComputeFunctions.getSnapshot(GetSnapshotArgs.builder()\n .filter(\"name != my-snapshot\")\n .mostRecent(true)\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n #by name\n snapshot:\n fn::invoke:\n Function: gcp:compute:getSnapshot\n Arguments:\n name: my-snapshot\n # using a filter\n latest-snapshot:\n fn::invoke:\n Function: gcp:compute:getSnapshot\n Arguments:\n filter: name != my-snapshot\n mostRecent: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "To get more information about Snapshot, see:\n\n* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/snapshots)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/compute/docs/disks/create-snapshots)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n//by name \nconst snapshot = gcp.compute.getSnapshot({\n name: \"my-snapshot\",\n});\n// using a filter\nconst latest-snapshot = gcp.compute.getSnapshot({\n filter: \"name != my-snapshot\",\n mostRecent: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n#by name \nsnapshot = gcp.compute.get_snapshot(name=\"my-snapshot\")\n# using a filter\nlatest_snapshot = gcp.compute.get_snapshot(filter=\"name != my-snapshot\",\n most_recent=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n //by name \n var snapshot = Gcp.Compute.GetSnapshot.Invoke(new()\n {\n Name = \"my-snapshot\",\n });\n\n // using a filter\n var latest_snapshot = Gcp.Compute.GetSnapshot.Invoke(new()\n {\n Filter = \"name != my-snapshot\",\n MostRecent = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// by name\n\t\t_, err := compute.LookupSnapshot(ctx, \u0026compute.LookupSnapshotArgs{\n\t\t\tName: pulumi.StringRef(\"my-snapshot\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// using a filter\n\t\t_, err = compute.LookupSnapshot(ctx, \u0026compute.LookupSnapshotArgs{\n\t\t\tFilter: pulumi.StringRef(\"name != my-snapshot\"),\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetSnapshotArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n //by name \n final var snapshot = ComputeFunctions.getSnapshot(GetSnapshotArgs.builder()\n .name(\"my-snapshot\")\n .build());\n\n // using a filter\n final var latest-snapshot = ComputeFunctions.getSnapshot(GetSnapshotArgs.builder()\n .filter(\"name != my-snapshot\")\n .mostRecent(true)\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n #by name\n snapshot:\n fn::invoke:\n function: gcp:compute:getSnapshot\n arguments:\n name: my-snapshot\n # using a filter\n latest-snapshot:\n fn::invoke:\n function: gcp:compute:getSnapshot\n arguments:\n filter: name != my-snapshot\n mostRecent: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getSnapshot.\n", "properties": { @@ -290016,7 +290016,7 @@ } }, "gcp:compute/getSnapshotIamPolicy:getSnapshotIamPolicy": { - "description": "Retrieves the current IAM policy data for snapshot\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.compute.getSnapshotIamPolicy({\n project: snapshot.project,\n name: snapshot.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.compute.get_snapshot_iam_policy(project=snapshot[\"project\"],\n name=snapshot[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Compute.GetSnapshotIamPolicy.Invoke(new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupSnapshotIamPolicy(ctx, \u0026compute.LookupSnapshotIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(snapshot.Project),\n\t\t\tName: snapshot.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetSnapshotIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = ComputeFunctions.getSnapshotIamPolicy(GetSnapshotIamPolicyArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:compute:getSnapshotIamPolicy\n Arguments:\n project: ${snapshot.project}\n name: ${snapshot.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for snapshot\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.compute.getSnapshotIamPolicy({\n project: snapshot.project,\n name: snapshot.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.compute.get_snapshot_iam_policy(project=snapshot[\"project\"],\n name=snapshot[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Compute.GetSnapshotIamPolicy.Invoke(new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupSnapshotIamPolicy(ctx, \u0026compute.LookupSnapshotIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(snapshot.Project),\n\t\t\tName: snapshot.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetSnapshotIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = ComputeFunctions.getSnapshotIamPolicy(GetSnapshotIamPolicyArgs.builder()\n .project(snapshot.project())\n .name(snapshot.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:compute:getSnapshotIamPolicy\n arguments:\n project: ${snapshot.project}\n name: ${snapshot.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getSnapshotIamPolicy.\n", "properties": { @@ -290069,7 +290069,7 @@ } }, "gcp:compute/getSubnetwork:getSubnetwork": { - "description": "Get a subnetwork within GCE from its name and region.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-subnetwork = gcp.compute.getSubnetwork({\n name: \"default-us-east1\",\n region: \"us-east1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_subnetwork = gcp.compute.get_subnetwork(name=\"default-us-east1\",\n region=\"us-east1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_subnetwork = Gcp.Compute.GetSubnetwork.Invoke(new()\n {\n Name = \"default-us-east1\",\n Region = \"us-east1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupSubnetwork(ctx, \u0026compute.LookupSubnetworkArgs{\n\t\t\tName: pulumi.StringRef(\"default-us-east1\"),\n\t\t\tRegion: pulumi.StringRef(\"us-east1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetSubnetworkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-subnetwork = ComputeFunctions.getSubnetwork(GetSubnetworkArgs.builder()\n .name(\"default-us-east1\")\n .region(\"us-east1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-subnetwork:\n fn::invoke:\n Function: gcp:compute:getSubnetwork\n Arguments:\n name: default-us-east1\n region: us-east1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get a subnetwork within GCE from its name and region.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-subnetwork = gcp.compute.getSubnetwork({\n name: \"default-us-east1\",\n region: \"us-east1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_subnetwork = gcp.compute.get_subnetwork(name=\"default-us-east1\",\n region=\"us-east1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_subnetwork = Gcp.Compute.GetSubnetwork.Invoke(new()\n {\n Name = \"default-us-east1\",\n Region = \"us-east1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupSubnetwork(ctx, \u0026compute.LookupSubnetworkArgs{\n\t\t\tName: pulumi.StringRef(\"default-us-east1\"),\n\t\t\tRegion: pulumi.StringRef(\"us-east1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetSubnetworkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-subnetwork = ComputeFunctions.getSubnetwork(GetSubnetworkArgs.builder()\n .name(\"default-us-east1\")\n .region(\"us-east1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-subnetwork:\n fn::invoke:\n function: gcp:compute:getSubnetwork\n arguments:\n name: default-us-east1\n region: us-east1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getSubnetwork.\n", "properties": { @@ -290160,7 +290160,7 @@ } }, "gcp:compute/getSubnetworkIamPolicy:getSubnetworkIamPolicy": { - "description": "Retrieves the current IAM policy data for subnetwork\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.compute.getSubnetworkIamPolicy({\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.compute.get_subnetwork_iam_policy(project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Compute.GetSubnetworkIamPolicy.Invoke(new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.GetSubnetworkIamPolicy(ctx, \u0026compute.GetSubnetworkIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.StringRef(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: network_with_private_secondary_ip_ranges.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetSubnetworkIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = ComputeFunctions.getSubnetworkIamPolicy(GetSubnetworkIamPolicyArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:compute:getSubnetworkIamPolicy\n Arguments:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for subnetwork\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.compute.getSubnetworkIamPolicy({\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.compute.get_subnetwork_iam_policy(project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Compute.GetSubnetworkIamPolicy.Invoke(new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.GetSubnetworkIamPolicy(ctx, \u0026compute.GetSubnetworkIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.StringRef(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: network_with_private_secondary_ip_ranges.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetSubnetworkIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = ComputeFunctions.getSubnetworkIamPolicy(GetSubnetworkIamPolicyArgs.builder()\n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:compute:getSubnetworkIamPolicy\n arguments:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getSubnetworkIamPolicy.\n", "properties": { @@ -290222,7 +290222,7 @@ } }, "gcp:compute/getSubnetworks:getSubnetworks": { - "description": "Get subnetworks within GCE.\nSee [the official documentation](https://cloud.google.com/vpc/docs/subnets)\nand [API](https://cloud.google.com/compute/docs/reference/rest/v1/subnetworks/list).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-subnetworks = gcp.compute.getSubnetworks({\n filter: \"ipCidrRange eq 192.168.178.0/24\",\n project: \"my-project\",\n region: \"us-east1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_subnetworks = gcp.compute.get_subnetworks(filter=\"ipCidrRange eq 192.168.178.0/24\",\n project=\"my-project\",\n region=\"us-east1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_subnetworks = Gcp.Compute.GetSubnetworks.Invoke(new()\n {\n Filter = \"ipCidrRange eq 192.168.178.0/24\",\n Project = \"my-project\",\n Region = \"us-east1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.GetSubnetworks(ctx, \u0026compute.GetSubnetworksArgs{\n\t\t\tFilter: pulumi.StringRef(\"ipCidrRange eq 192.168.178.0/24\"),\n\t\t\tProject: pulumi.StringRef(\"my-project\"),\n\t\t\tRegion: pulumi.StringRef(\"us-east1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetSubnetworksArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-subnetworks = ComputeFunctions.getSubnetworks(GetSubnetworksArgs.builder()\n .filter(\"ipCidrRange eq 192.168.178.0/24\")\n .project(\"my-project\")\n .region(\"us-east1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-subnetworks:\n fn::invoke:\n Function: gcp:compute:getSubnetworks\n Arguments:\n filter: ipCidrRange eq 192.168.178.0/24\n project: my-project\n region: us-east1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get subnetworks within GCE.\nSee [the official documentation](https://cloud.google.com/vpc/docs/subnets)\nand [API](https://cloud.google.com/compute/docs/reference/rest/v1/subnetworks/list).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-subnetworks = gcp.compute.getSubnetworks({\n filter: \"ipCidrRange eq 192.168.178.0/24\",\n project: \"my-project\",\n region: \"us-east1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_subnetworks = gcp.compute.get_subnetworks(filter=\"ipCidrRange eq 192.168.178.0/24\",\n project=\"my-project\",\n region=\"us-east1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_subnetworks = Gcp.Compute.GetSubnetworks.Invoke(new()\n {\n Filter = \"ipCidrRange eq 192.168.178.0/24\",\n Project = \"my-project\",\n Region = \"us-east1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.GetSubnetworks(ctx, \u0026compute.GetSubnetworksArgs{\n\t\t\tFilter: pulumi.StringRef(\"ipCidrRange eq 192.168.178.0/24\"),\n\t\t\tProject: pulumi.StringRef(\"my-project\"),\n\t\t\tRegion: pulumi.StringRef(\"us-east1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetSubnetworksArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-subnetworks = ComputeFunctions.getSubnetworks(GetSubnetworksArgs.builder()\n .filter(\"ipCidrRange eq 192.168.178.0/24\")\n .project(\"my-project\")\n .region(\"us-east1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-subnetworks:\n fn::invoke:\n function: gcp:compute:getSubnetworks\n arguments:\n filter: ipCidrRange eq 192.168.178.0/24\n project: my-project\n region: us-east1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getSubnetworks.\n", "properties": { @@ -290273,7 +290273,7 @@ } }, "gcp:compute/getVPNGateway:getVPNGateway": { - "description": "Get a VPN gateway within GCE from its name.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-vpn-gateway = gcp.compute.getVPNGateway({\n name: \"vpn-gateway-us-east1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_vpn_gateway = gcp.compute.get_vpn_gateway(name=\"vpn-gateway-us-east1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_vpn_gateway = Gcp.Compute.GetVPNGateway.Invoke(new()\n {\n Name = \"vpn-gateway-us-east1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupVPNGateway(ctx, \u0026compute.LookupVPNGatewayArgs{\n\t\t\tName: \"vpn-gateway-us-east1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetVPNGatewayArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-vpn-gateway = ComputeFunctions.getVPNGateway(GetVPNGatewayArgs.builder()\n .name(\"vpn-gateway-us-east1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-vpn-gateway:\n fn::invoke:\n Function: gcp:compute:getVPNGateway\n Arguments:\n name: vpn-gateway-us-east1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get a VPN gateway within GCE from its name.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-vpn-gateway = gcp.compute.getVPNGateway({\n name: \"vpn-gateway-us-east1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_vpn_gateway = gcp.compute.get_vpn_gateway(name=\"vpn-gateway-us-east1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_vpn_gateway = Gcp.Compute.GetVPNGateway.Invoke(new()\n {\n Name = \"vpn-gateway-us-east1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.LookupVPNGateway(ctx, \u0026compute.LookupVPNGatewayArgs{\n\t\t\tName: \"vpn-gateway-us-east1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetVPNGatewayArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-vpn-gateway = ComputeFunctions.getVPNGateway(GetVPNGatewayArgs.builder()\n .name(\"vpn-gateway-us-east1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-vpn-gateway:\n fn::invoke:\n function: gcp:compute:getVPNGateway\n arguments:\n name: vpn-gateway-us-east1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getVPNGateway.\n", "properties": { @@ -290391,7 +290391,7 @@ }, "gcp:compute/routerStatus:RouterStatus": { "deprecationMessage": "gcp.compute.RouterStatus has been deprecated in favor of gcp.compute.getRouterStatus", - "description": "Get a Cloud Router's status within GCE from its name and region. This data source exposes the\nroutes learned by a Cloud Router via BGP peers.\n\nFor more information see [the official documentation](https://cloud.google.com/network-connectivity/docs/router/how-to/viewing-router-details)\nand\n[API](https://cloud.google.com/compute/docs/reference/rest/v1/routers/getRouterStatus).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-router = gcp.compute.getRouterStatus({\n name: \"myrouter\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_router = gcp.compute.get_router_status(name=\"myrouter\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_router = Gcp.Compute.GetRouterStatus.Invoke(new()\n {\n Name = \"myrouter\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.GetRouterStatus(ctx, \u0026compute.GetRouterStatusArgs{\n\t\t\tName: \"myrouter\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetRouterStatusArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-router = ComputeFunctions.getRouterStatus(GetRouterStatusArgs.builder()\n .name(\"myrouter\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-router:\n fn::invoke:\n Function: gcp:compute:getRouterStatus\n Arguments:\n name: myrouter\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get a Cloud Router's status within GCE from its name and region. This data source exposes the\nroutes learned by a Cloud Router via BGP peers.\n\nFor more information see [the official documentation](https://cloud.google.com/network-connectivity/docs/router/how-to/viewing-router-details)\nand\n[API](https://cloud.google.com/compute/docs/reference/rest/v1/routers/getRouterStatus).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-router = gcp.compute.getRouterStatus({\n name: \"myrouter\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_router = gcp.compute.get_router_status(name=\"myrouter\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_router = Gcp.Compute.GetRouterStatus.Invoke(new()\n {\n Name = \"myrouter\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.GetRouterStatus(ctx, \u0026compute.GetRouterStatusArgs{\n\t\t\tName: \"myrouter\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetRouterStatusArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-router = ComputeFunctions.getRouterStatus(GetRouterStatusArgs.builder()\n .name(\"myrouter\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-router:\n fn::invoke:\n function: gcp:compute:getRouterStatus\n arguments:\n name: myrouter\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking RouterStatus.\n", "properties": { @@ -290460,7 +290460,7 @@ } }, "gcp:container/getAttachedInstallManifest:getAttachedInstallManifest": { - "description": "Provides access to available platform versions in a location for a given project.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst manifest = gcp.container.getAttachedInstallManifest({\n location: \"us-west1\",\n project: \"my-project\",\n clusterId: \"test-cluster-1\",\n platformVersion: \"1.25.0-gke.1\",\n});\nexport const installManifest = manifest;\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmanifest = gcp.container.get_attached_install_manifest(location=\"us-west1\",\n project=\"my-project\",\n cluster_id=\"test-cluster-1\",\n platform_version=\"1.25.0-gke.1\")\npulumi.export(\"installManifest\", manifest)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var manifest = Gcp.Container.GetAttachedInstallManifest.Invoke(new()\n {\n Location = \"us-west1\",\n Project = \"my-project\",\n ClusterId = \"test-cluster-1\",\n PlatformVersion = \"1.25.0-gke.1\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"installManifest\"] = manifest,\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmanifest, err := container.GetAttachedInstallManifest(ctx, \u0026container.GetAttachedInstallManifestArgs{\n\t\t\tLocation: \"us-west1\",\n\t\t\tProject: \"my-project\",\n\t\t\tClusterId: \"test-cluster-1\",\n\t\t\tPlatformVersion: \"1.25.0-gke.1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"installManifest\", manifest)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetAttachedInstallManifestArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var manifest = ContainerFunctions.getAttachedInstallManifest(GetAttachedInstallManifestArgs.builder()\n .location(\"us-west1\")\n .project(\"my-project\")\n .clusterId(\"test-cluster-1\")\n .platformVersion(\"1.25.0-gke.1\")\n .build());\n\n ctx.export(\"installManifest\", manifest.applyValue(getAttachedInstallManifestResult -\u003e getAttachedInstallManifestResult));\n }\n}\n```\n```yaml\nvariables:\n manifest:\n fn::invoke:\n Function: gcp:container:getAttachedInstallManifest\n Arguments:\n location: us-west1\n project: my-project\n clusterId: test-cluster-1\n platformVersion: 1.25.0-gke.1\noutputs:\n installManifest: ${manifest}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Provides access to available platform versions in a location for a given project.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst manifest = gcp.container.getAttachedInstallManifest({\n location: \"us-west1\",\n project: \"my-project\",\n clusterId: \"test-cluster-1\",\n platformVersion: \"1.25.0-gke.1\",\n});\nexport const installManifest = manifest;\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmanifest = gcp.container.get_attached_install_manifest(location=\"us-west1\",\n project=\"my-project\",\n cluster_id=\"test-cluster-1\",\n platform_version=\"1.25.0-gke.1\")\npulumi.export(\"installManifest\", manifest)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var manifest = Gcp.Container.GetAttachedInstallManifest.Invoke(new()\n {\n Location = \"us-west1\",\n Project = \"my-project\",\n ClusterId = \"test-cluster-1\",\n PlatformVersion = \"1.25.0-gke.1\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"installManifest\"] = manifest,\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmanifest, err := container.GetAttachedInstallManifest(ctx, \u0026container.GetAttachedInstallManifestArgs{\n\t\t\tLocation: \"us-west1\",\n\t\t\tProject: \"my-project\",\n\t\t\tClusterId: \"test-cluster-1\",\n\t\t\tPlatformVersion: \"1.25.0-gke.1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"installManifest\", manifest)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetAttachedInstallManifestArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var manifest = ContainerFunctions.getAttachedInstallManifest(GetAttachedInstallManifestArgs.builder()\n .location(\"us-west1\")\n .project(\"my-project\")\n .clusterId(\"test-cluster-1\")\n .platformVersion(\"1.25.0-gke.1\")\n .build());\n\n ctx.export(\"installManifest\", manifest.applyValue(getAttachedInstallManifestResult -\u003e getAttachedInstallManifestResult));\n }\n}\n```\n```yaml\nvariables:\n manifest:\n fn::invoke:\n function: gcp:container:getAttachedInstallManifest\n arguments:\n location: us-west1\n project: my-project\n clusterId: test-cluster-1\n platformVersion: 1.25.0-gke.1\noutputs:\n installManifest: ${manifest}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getAttachedInstallManifest.\n", "properties": { @@ -290525,7 +290525,7 @@ } }, "gcp:container/getAttachedVersions:getAttachedVersions": { - "description": "Provides access to available platform versions in a location for a given project.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst uswest = gcp.container.getAttachedVersions({\n location: \"us-west1\",\n project: \"my-project\",\n});\nexport const firstAvailableVersion = versions.validVersions[0];\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nuswest = gcp.container.get_attached_versions(location=\"us-west1\",\n project=\"my-project\")\npulumi.export(\"firstAvailableVersion\", versions[\"validVersions\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var uswest = Gcp.Container.GetAttachedVersions.Invoke(new()\n {\n Location = \"us-west1\",\n Project = \"my-project\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"firstAvailableVersion\"] = versions.ValidVersions[0],\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := container.GetAttachedVersions(ctx, \u0026container.GetAttachedVersionsArgs{\n\t\t\tLocation: \"us-west1\",\n\t\t\tProject: \"my-project\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"firstAvailableVersion\", versions.ValidVersions[0])\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetAttachedVersionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var uswest = ContainerFunctions.getAttachedVersions(GetAttachedVersionsArgs.builder()\n .location(\"us-west1\")\n .project(\"my-project\")\n .build());\n\n ctx.export(\"firstAvailableVersion\", versions.validVersions()[0]);\n }\n}\n```\n```yaml\nvariables:\n uswest:\n fn::invoke:\n Function: gcp:container:getAttachedVersions\n Arguments:\n location: us-west1\n project: my-project\noutputs:\n firstAvailableVersion: ${versions.validVersions[0]}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Provides access to available platform versions in a location for a given project.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst uswest = gcp.container.getAttachedVersions({\n location: \"us-west1\",\n project: \"my-project\",\n});\nexport const firstAvailableVersion = versions.validVersions[0];\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nuswest = gcp.container.get_attached_versions(location=\"us-west1\",\n project=\"my-project\")\npulumi.export(\"firstAvailableVersion\", versions[\"validVersions\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var uswest = Gcp.Container.GetAttachedVersions.Invoke(new()\n {\n Location = \"us-west1\",\n Project = \"my-project\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"firstAvailableVersion\"] = versions.ValidVersions[0],\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := container.GetAttachedVersions(ctx, \u0026container.GetAttachedVersionsArgs{\n\t\t\tLocation: \"us-west1\",\n\t\t\tProject: \"my-project\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"firstAvailableVersion\", versions.ValidVersions[0])\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetAttachedVersionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var uswest = ContainerFunctions.getAttachedVersions(GetAttachedVersionsArgs.builder()\n .location(\"us-west1\")\n .project(\"my-project\")\n .build());\n\n ctx.export(\"firstAvailableVersion\", versions.validVersions()[0]);\n }\n}\n```\n```yaml\nvariables:\n uswest:\n fn::invoke:\n function: gcp:container:getAttachedVersions\n arguments:\n location: us-west1\n project: my-project\noutputs:\n firstAvailableVersion: ${versions.validVersions[0]}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getAttachedVersions.\n", "properties": { @@ -290575,7 +290575,7 @@ } }, "gcp:container/getAwsVersions:getAwsVersions": { - "description": "Provides access to available Kubernetes versions in a location for a given project.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst central1b = gcp.container.getAwsVersions({\n location: \"us-west1\",\n project: \"my-project\",\n});\nexport const firstAvailableVersion = versions.validVersions[0];\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncentral1b = gcp.container.get_aws_versions(location=\"us-west1\",\n project=\"my-project\")\npulumi.export(\"firstAvailableVersion\", versions[\"validVersions\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var central1b = Gcp.Container.GetAwsVersions.Invoke(new()\n {\n Location = \"us-west1\",\n Project = \"my-project\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"firstAvailableVersion\"] = versions.ValidVersions[0],\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := container.GetAwsVersions(ctx, \u0026container.GetAwsVersionsArgs{\n\t\t\tLocation: pulumi.StringRef(\"us-west1\"),\n\t\t\tProject: pulumi.StringRef(\"my-project\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"firstAvailableVersion\", versions.ValidVersions[0])\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetAwsVersionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var central1b = ContainerFunctions.getAwsVersions(GetAwsVersionsArgs.builder()\n .location(\"us-west1\")\n .project(\"my-project\")\n .build());\n\n ctx.export(\"firstAvailableVersion\", versions.validVersions()[0]);\n }\n}\n```\n```yaml\nvariables:\n central1b:\n fn::invoke:\n Function: gcp:container:getAwsVersions\n Arguments:\n location: us-west1\n project: my-project\noutputs:\n firstAvailableVersion: ${versions.validVersions[0]}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Provides access to available Kubernetes versions in a location for a given project.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst central1b = gcp.container.getAwsVersions({\n location: \"us-west1\",\n project: \"my-project\",\n});\nexport const firstAvailableVersion = versions.validVersions[0];\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncentral1b = gcp.container.get_aws_versions(location=\"us-west1\",\n project=\"my-project\")\npulumi.export(\"firstAvailableVersion\", versions[\"validVersions\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var central1b = Gcp.Container.GetAwsVersions.Invoke(new()\n {\n Location = \"us-west1\",\n Project = \"my-project\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"firstAvailableVersion\"] = versions.ValidVersions[0],\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := container.GetAwsVersions(ctx, \u0026container.GetAwsVersionsArgs{\n\t\t\tLocation: pulumi.StringRef(\"us-west1\"),\n\t\t\tProject: pulumi.StringRef(\"my-project\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"firstAvailableVersion\", versions.ValidVersions[0])\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetAwsVersionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var central1b = ContainerFunctions.getAwsVersions(GetAwsVersionsArgs.builder()\n .location(\"us-west1\")\n .project(\"my-project\")\n .build());\n\n ctx.export(\"firstAvailableVersion\", versions.validVersions()[0]);\n }\n}\n```\n```yaml\nvariables:\n central1b:\n fn::invoke:\n function: gcp:container:getAwsVersions\n arguments:\n location: us-west1\n project: my-project\noutputs:\n firstAvailableVersion: ${versions.validVersions[0]}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getAwsVersions.\n", "properties": { @@ -290627,7 +290627,7 @@ } }, "gcp:container/getAzureVersions:getAzureVersions": { - "description": "Provides access to available Kubernetes versions in a location for a given project.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst central1b = gcp.container.getAzureVersions({\n location: \"us-west1\",\n project: \"my-project\",\n});\nexport const firstAvailableVersion = versions.validVersions[0];\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncentral1b = gcp.container.get_azure_versions(location=\"us-west1\",\n project=\"my-project\")\npulumi.export(\"firstAvailableVersion\", versions[\"validVersions\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var central1b = Gcp.Container.GetAzureVersions.Invoke(new()\n {\n Location = \"us-west1\",\n Project = \"my-project\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"firstAvailableVersion\"] = versions.ValidVersions[0],\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := container.GetAzureVersions(ctx, \u0026container.GetAzureVersionsArgs{\n\t\t\tLocation: pulumi.StringRef(\"us-west1\"),\n\t\t\tProject: pulumi.StringRef(\"my-project\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"firstAvailableVersion\", versions.ValidVersions[0])\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetAzureVersionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var central1b = ContainerFunctions.getAzureVersions(GetAzureVersionsArgs.builder()\n .location(\"us-west1\")\n .project(\"my-project\")\n .build());\n\n ctx.export(\"firstAvailableVersion\", versions.validVersions()[0]);\n }\n}\n```\n```yaml\nvariables:\n central1b:\n fn::invoke:\n Function: gcp:container:getAzureVersions\n Arguments:\n location: us-west1\n project: my-project\noutputs:\n firstAvailableVersion: ${versions.validVersions[0]}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Provides access to available Kubernetes versions in a location for a given project.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst central1b = gcp.container.getAzureVersions({\n location: \"us-west1\",\n project: \"my-project\",\n});\nexport const firstAvailableVersion = versions.validVersions[0];\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncentral1b = gcp.container.get_azure_versions(location=\"us-west1\",\n project=\"my-project\")\npulumi.export(\"firstAvailableVersion\", versions[\"validVersions\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var central1b = Gcp.Container.GetAzureVersions.Invoke(new()\n {\n Location = \"us-west1\",\n Project = \"my-project\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"firstAvailableVersion\"] = versions.ValidVersions[0],\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := container.GetAzureVersions(ctx, \u0026container.GetAzureVersionsArgs{\n\t\t\tLocation: pulumi.StringRef(\"us-west1\"),\n\t\t\tProject: pulumi.StringRef(\"my-project\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"firstAvailableVersion\", versions.ValidVersions[0])\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetAzureVersionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var central1b = ContainerFunctions.getAzureVersions(GetAzureVersionsArgs.builder()\n .location(\"us-west1\")\n .project(\"my-project\")\n .build());\n\n ctx.export(\"firstAvailableVersion\", versions.validVersions()[0]);\n }\n}\n```\n```yaml\nvariables:\n central1b:\n fn::invoke:\n function: gcp:container:getAzureVersions\n arguments:\n location: us-west1\n project: my-project\noutputs:\n firstAvailableVersion: ${versions.validVersions[0]}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getAzureVersions.\n", "properties": { @@ -290679,7 +290679,7 @@ } }, "gcp:container/getCluster:getCluster": { - "description": "Get info about a GKE cluster from its name and location.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myCluster = gcp.container.getCluster({\n name: \"my-cluster\",\n location: \"us-east1-a\",\n});\nexport const endpoint = myCluster.then(myCluster =\u003e myCluster.endpoint);\nexport const instanceGroupUrls = myCluster.then(myCluster =\u003e myCluster.nodePools?.[0]?.instanceGroupUrls);\nexport const nodeConfig = myCluster.then(myCluster =\u003e myCluster.nodeConfigs);\nexport const nodePools = myCluster.then(myCluster =\u003e myCluster.nodePools);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_cluster = gcp.container.get_cluster(name=\"my-cluster\",\n location=\"us-east1-a\")\npulumi.export(\"endpoint\", my_cluster.endpoint)\npulumi.export(\"instanceGroupUrls\", my_cluster.node_pools[0].instance_group_urls)\npulumi.export(\"nodeConfig\", my_cluster.node_configs)\npulumi.export(\"nodePools\", my_cluster.node_pools)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myCluster = Gcp.Container.GetCluster.Invoke(new()\n {\n Name = \"my-cluster\",\n Location = \"us-east1-a\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"endpoint\"] = myCluster.Apply(getClusterResult =\u003e getClusterResult.Endpoint),\n [\"instanceGroupUrls\"] = myCluster.Apply(getClusterResult =\u003e getClusterResult.NodePools[0]?.InstanceGroupUrls),\n [\"nodeConfig\"] = myCluster.Apply(getClusterResult =\u003e getClusterResult.NodeConfigs),\n [\"nodePools\"] = myCluster.Apply(getClusterResult =\u003e getClusterResult.NodePools),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyCluster, err := container.LookupCluster(ctx, \u0026container.LookupClusterArgs{\n\t\t\tName: \"my-cluster\",\n\t\t\tLocation: pulumi.StringRef(\"us-east1-a\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"endpoint\", myCluster.Endpoint)\n\t\tctx.Export(\"instanceGroupUrls\", myCluster.NodePools[0].InstanceGroupUrls)\n\t\tctx.Export(\"nodeConfig\", myCluster.NodeConfigs)\n\t\tctx.Export(\"nodePools\", myCluster.NodePools)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myCluster = ContainerFunctions.getCluster(GetClusterArgs.builder()\n .name(\"my-cluster\")\n .location(\"us-east1-a\")\n .build());\n\n ctx.export(\"endpoint\", myCluster.applyValue(getClusterResult -\u003e getClusterResult.endpoint()));\n ctx.export(\"instanceGroupUrls\", myCluster.applyValue(getClusterResult -\u003e getClusterResult.nodePools()[0].instanceGroupUrls()));\n ctx.export(\"nodeConfig\", myCluster.applyValue(getClusterResult -\u003e getClusterResult.nodeConfigs()));\n ctx.export(\"nodePools\", myCluster.applyValue(getClusterResult -\u003e getClusterResult.nodePools()));\n }\n}\n```\n```yaml\nvariables:\n myCluster:\n fn::invoke:\n Function: gcp:container:getCluster\n Arguments:\n name: my-cluster\n location: us-east1-a\noutputs:\n endpoint: ${myCluster.endpoint}\n instanceGroupUrls: ${myCluster.nodePools[0].instanceGroupUrls}\n nodeConfig: ${myCluster.nodeConfigs}\n nodePools: ${myCluster.nodePools}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get info about a GKE cluster from its name and location.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myCluster = gcp.container.getCluster({\n name: \"my-cluster\",\n location: \"us-east1-a\",\n});\nexport const endpoint = myCluster.then(myCluster =\u003e myCluster.endpoint);\nexport const instanceGroupUrls = myCluster.then(myCluster =\u003e myCluster.nodePools?.[0]?.instanceGroupUrls);\nexport const nodeConfig = myCluster.then(myCluster =\u003e myCluster.nodeConfigs);\nexport const nodePools = myCluster.then(myCluster =\u003e myCluster.nodePools);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_cluster = gcp.container.get_cluster(name=\"my-cluster\",\n location=\"us-east1-a\")\npulumi.export(\"endpoint\", my_cluster.endpoint)\npulumi.export(\"instanceGroupUrls\", my_cluster.node_pools[0].instance_group_urls)\npulumi.export(\"nodeConfig\", my_cluster.node_configs)\npulumi.export(\"nodePools\", my_cluster.node_pools)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myCluster = Gcp.Container.GetCluster.Invoke(new()\n {\n Name = \"my-cluster\",\n Location = \"us-east1-a\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"endpoint\"] = myCluster.Apply(getClusterResult =\u003e getClusterResult.Endpoint),\n [\"instanceGroupUrls\"] = myCluster.Apply(getClusterResult =\u003e getClusterResult.NodePools[0]?.InstanceGroupUrls),\n [\"nodeConfig\"] = myCluster.Apply(getClusterResult =\u003e getClusterResult.NodeConfigs),\n [\"nodePools\"] = myCluster.Apply(getClusterResult =\u003e getClusterResult.NodePools),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyCluster, err := container.LookupCluster(ctx, \u0026container.LookupClusterArgs{\n\t\t\tName: \"my-cluster\",\n\t\t\tLocation: pulumi.StringRef(\"us-east1-a\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"endpoint\", myCluster.Endpoint)\n\t\tctx.Export(\"instanceGroupUrls\", myCluster.NodePools[0].InstanceGroupUrls)\n\t\tctx.Export(\"nodeConfig\", myCluster.NodeConfigs)\n\t\tctx.Export(\"nodePools\", myCluster.NodePools)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myCluster = ContainerFunctions.getCluster(GetClusterArgs.builder()\n .name(\"my-cluster\")\n .location(\"us-east1-a\")\n .build());\n\n ctx.export(\"endpoint\", myCluster.applyValue(getClusterResult -\u003e getClusterResult.endpoint()));\n ctx.export(\"instanceGroupUrls\", myCluster.applyValue(getClusterResult -\u003e getClusterResult.nodePools()[0].instanceGroupUrls()));\n ctx.export(\"nodeConfig\", myCluster.applyValue(getClusterResult -\u003e getClusterResult.nodeConfigs()));\n ctx.export(\"nodePools\", myCluster.applyValue(getClusterResult -\u003e getClusterResult.nodePools()));\n }\n}\n```\n```yaml\nvariables:\n myCluster:\n fn::invoke:\n function: gcp:container:getCluster\n arguments:\n name: my-cluster\n location: us-east1-a\noutputs:\n endpoint: ${myCluster.endpoint}\n instanceGroupUrls: ${myCluster.nodePools[0].instanceGroupUrls}\n nodeConfig: ${myCluster.nodeConfigs}\n nodePools: ${myCluster.nodePools}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getCluster.\n", "properties": { @@ -291175,7 +291175,7 @@ } }, "gcp:container/getEngineVersions:getEngineVersions": { - "description": "Provides access to available Google Kubernetes Engine versions in a zone or region for a given project.\n\nTo get more information about GKE versions, see:\n * [The API reference](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations/getServerConfig)\n\n\u003e If you are using the `gcp.container.getEngineVersions` datasource with a\nregional cluster, ensure that you have provided a region as the `location` to\nthe datasource. A region can have a different set of supported versions than\nits component zones, and not all zones in a region are guaranteed to\nsupport the same version.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst central1b = gcp.container.getEngineVersions({\n location: \"us-central1-b\",\n versionPrefix: \"1.12.\",\n});\nconst foo = new gcp.container.Cluster(\"foo\", {\n name: \"test-cluster\",\n location: \"us-central1-b\",\n nodeVersion: central1b.then(central1b =\u003e central1b.latestNodeVersion),\n initialNodeCount: 1,\n});\nexport const stableChannelDefaultVersion = central1b.then(central1b =\u003e central1b.releaseChannelDefaultVersion?.STABLE);\nexport const stableChannelLatestVersion = central1b.then(central1b =\u003e central1b.releaseChannelLatestVersion?.STABLE);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncentral1b = gcp.container.get_engine_versions(location=\"us-central1-b\",\n version_prefix=\"1.12.\")\nfoo = gcp.container.Cluster(\"foo\",\n name=\"test-cluster\",\n location=\"us-central1-b\",\n node_version=central1b.latest_node_version,\n initial_node_count=1)\npulumi.export(\"stableChannelDefaultVersion\", central1b.release_channel_default_version[\"STABLE\"])\npulumi.export(\"stableChannelLatestVersion\", central1b.release_channel_latest_version[\"STABLE\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var central1b = Gcp.Container.GetEngineVersions.Invoke(new()\n {\n Location = \"us-central1-b\",\n VersionPrefix = \"1.12.\",\n });\n\n var foo = new Gcp.Container.Cluster(\"foo\", new()\n {\n Name = \"test-cluster\",\n Location = \"us-central1-b\",\n NodeVersion = central1b.Apply(getEngineVersionsResult =\u003e getEngineVersionsResult.LatestNodeVersion),\n InitialNodeCount = 1,\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"stableChannelDefaultVersion\"] = central1b.Apply(getEngineVersionsResult =\u003e getEngineVersionsResult.ReleaseChannelDefaultVersion?.STABLE),\n [\"stableChannelLatestVersion\"] = central1b.Apply(getEngineVersionsResult =\u003e getEngineVersionsResult.ReleaseChannelLatestVersion?.STABLE),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcentral1b, err := container.GetEngineVersions(ctx, \u0026container.GetEngineVersionsArgs{\n\t\t\tLocation: pulumi.StringRef(\"us-central1-b\"),\n\t\t\tVersionPrefix: pulumi.StringRef(\"1.12.\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = container.NewCluster(ctx, \"foo\", \u0026container.ClusterArgs{\n\t\t\tName: pulumi.String(\"test-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1-b\"),\n\t\t\tNodeVersion: pulumi.String(central1b.LatestNodeVersion),\n\t\t\tInitialNodeCount: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"stableChannelDefaultVersion\", central1b.ReleaseChannelDefaultVersion.STABLE)\n\t\tctx.Export(\"stableChannelLatestVersion\", central1b.ReleaseChannelLatestVersion.STABLE)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetEngineVersionsArgs;\nimport com.pulumi.gcp.container.Cluster;\nimport com.pulumi.gcp.container.ClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var central1b = ContainerFunctions.getEngineVersions(GetEngineVersionsArgs.builder()\n .location(\"us-central1-b\")\n .versionPrefix(\"1.12.\")\n .build());\n\n var foo = new Cluster(\"foo\", ClusterArgs.builder()\n .name(\"test-cluster\")\n .location(\"us-central1-b\")\n .nodeVersion(central1b.applyValue(getEngineVersionsResult -\u003e getEngineVersionsResult.latestNodeVersion()))\n .initialNodeCount(1)\n .build());\n\n ctx.export(\"stableChannelDefaultVersion\", central1b.applyValue(getEngineVersionsResult -\u003e getEngineVersionsResult.releaseChannelDefaultVersion().STABLE()));\n ctx.export(\"stableChannelLatestVersion\", central1b.applyValue(getEngineVersionsResult -\u003e getEngineVersionsResult.releaseChannelLatestVersion().STABLE()));\n }\n}\n```\n```yaml\nresources:\n foo:\n type: gcp:container:Cluster\n properties:\n name: test-cluster\n location: us-central1-b\n nodeVersion: ${central1b.latestNodeVersion}\n initialNodeCount: 1\nvariables:\n central1b:\n fn::invoke:\n Function: gcp:container:getEngineVersions\n Arguments:\n location: us-central1-b\n versionPrefix: 1.12.\noutputs:\n stableChannelDefaultVersion: ${central1b.releaseChannelDefaultVersion.STABLE}\n stableChannelLatestVersion: ${central1b.releaseChannelLatestVersion.STABLE}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Provides access to available Google Kubernetes Engine versions in a zone or region for a given project.\n\nTo get more information about GKE versions, see:\n * [The API reference](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations/getServerConfig)\n\n\u003e If you are using the `gcp.container.getEngineVersions` datasource with a\nregional cluster, ensure that you have provided a region as the `location` to\nthe datasource. A region can have a different set of supported versions than\nits component zones, and not all zones in a region are guaranteed to\nsupport the same version.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst central1b = gcp.container.getEngineVersions({\n location: \"us-central1-b\",\n versionPrefix: \"1.12.\",\n});\nconst foo = new gcp.container.Cluster(\"foo\", {\n name: \"test-cluster\",\n location: \"us-central1-b\",\n nodeVersion: central1b.then(central1b =\u003e central1b.latestNodeVersion),\n initialNodeCount: 1,\n});\nexport const stableChannelDefaultVersion = central1b.then(central1b =\u003e central1b.releaseChannelDefaultVersion?.STABLE);\nexport const stableChannelLatestVersion = central1b.then(central1b =\u003e central1b.releaseChannelLatestVersion?.STABLE);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncentral1b = gcp.container.get_engine_versions(location=\"us-central1-b\",\n version_prefix=\"1.12.\")\nfoo = gcp.container.Cluster(\"foo\",\n name=\"test-cluster\",\n location=\"us-central1-b\",\n node_version=central1b.latest_node_version,\n initial_node_count=1)\npulumi.export(\"stableChannelDefaultVersion\", central1b.release_channel_default_version[\"STABLE\"])\npulumi.export(\"stableChannelLatestVersion\", central1b.release_channel_latest_version[\"STABLE\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var central1b = Gcp.Container.GetEngineVersions.Invoke(new()\n {\n Location = \"us-central1-b\",\n VersionPrefix = \"1.12.\",\n });\n\n var foo = new Gcp.Container.Cluster(\"foo\", new()\n {\n Name = \"test-cluster\",\n Location = \"us-central1-b\",\n NodeVersion = central1b.Apply(getEngineVersionsResult =\u003e getEngineVersionsResult.LatestNodeVersion),\n InitialNodeCount = 1,\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"stableChannelDefaultVersion\"] = central1b.Apply(getEngineVersionsResult =\u003e getEngineVersionsResult.ReleaseChannelDefaultVersion?.STABLE),\n [\"stableChannelLatestVersion\"] = central1b.Apply(getEngineVersionsResult =\u003e getEngineVersionsResult.ReleaseChannelLatestVersion?.STABLE),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcentral1b, err := container.GetEngineVersions(ctx, \u0026container.GetEngineVersionsArgs{\n\t\t\tLocation: pulumi.StringRef(\"us-central1-b\"),\n\t\t\tVersionPrefix: pulumi.StringRef(\"1.12.\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = container.NewCluster(ctx, \"foo\", \u0026container.ClusterArgs{\n\t\t\tName: pulumi.String(\"test-cluster\"),\n\t\t\tLocation: pulumi.String(\"us-central1-b\"),\n\t\t\tNodeVersion: pulumi.String(central1b.LatestNodeVersion),\n\t\t\tInitialNodeCount: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"stableChannelDefaultVersion\", central1b.ReleaseChannelDefaultVersion.STABLE)\n\t\tctx.Export(\"stableChannelLatestVersion\", central1b.ReleaseChannelLatestVersion.STABLE)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetEngineVersionsArgs;\nimport com.pulumi.gcp.container.Cluster;\nimport com.pulumi.gcp.container.ClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var central1b = ContainerFunctions.getEngineVersions(GetEngineVersionsArgs.builder()\n .location(\"us-central1-b\")\n .versionPrefix(\"1.12.\")\n .build());\n\n var foo = new Cluster(\"foo\", ClusterArgs.builder()\n .name(\"test-cluster\")\n .location(\"us-central1-b\")\n .nodeVersion(central1b.applyValue(getEngineVersionsResult -\u003e getEngineVersionsResult.latestNodeVersion()))\n .initialNodeCount(1)\n .build());\n\n ctx.export(\"stableChannelDefaultVersion\", central1b.applyValue(getEngineVersionsResult -\u003e getEngineVersionsResult.releaseChannelDefaultVersion().STABLE()));\n ctx.export(\"stableChannelLatestVersion\", central1b.applyValue(getEngineVersionsResult -\u003e getEngineVersionsResult.releaseChannelLatestVersion().STABLE()));\n }\n}\n```\n```yaml\nresources:\n foo:\n type: gcp:container:Cluster\n properties:\n name: test-cluster\n location: us-central1-b\n nodeVersion: ${central1b.latestNodeVersion}\n initialNodeCount: 1\nvariables:\n central1b:\n fn::invoke:\n function: gcp:container:getEngineVersions\n arguments:\n location: us-central1-b\n versionPrefix: 1.12.\noutputs:\n stableChannelDefaultVersion: ${central1b.releaseChannelDefaultVersion.STABLE}\n stableChannelLatestVersion: ${central1b.releaseChannelLatestVersion.STABLE}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getEngineVersions.\n", "properties": { @@ -291265,7 +291265,7 @@ } }, "gcp:container/getRegistryImage:getRegistryImage": { - "description": "This data source fetches the project name, and provides the appropriate URLs to use for container registry for this project.\n\nThe URLs are computed entirely offline - as long as the project exists, they will be valid, but this data source does not contact Google Container Registry (GCR) at any point.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst debian = gcp.container.getRegistryImage({\n name: \"debian\",\n});\nexport const gcrLocation = debian.then(debian =\u003e debian.imageUrl);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndebian = gcp.container.get_registry_image(name=\"debian\")\npulumi.export(\"gcrLocation\", debian.image_url)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var debian = Gcp.Container.GetRegistryImage.Invoke(new()\n {\n Name = \"debian\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"gcrLocation\"] = debian.Apply(getRegistryImageResult =\u003e getRegistryImageResult.ImageUrl),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdebian, err := container.GetRegistryImage(ctx, \u0026container.GetRegistryImageArgs{\n\t\t\tName: \"debian\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"gcrLocation\", debian.ImageUrl)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetRegistryImageArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var debian = ContainerFunctions.getRegistryImage(GetRegistryImageArgs.builder()\n .name(\"debian\")\n .build());\n\n ctx.export(\"gcrLocation\", debian.applyValue(getRegistryImageResult -\u003e getRegistryImageResult.imageUrl()));\n }\n}\n```\n```yaml\nvariables:\n debian:\n fn::invoke:\n Function: gcp:container:getRegistryImage\n Arguments:\n name: debian\noutputs:\n gcrLocation: ${debian.imageUrl}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "This data source fetches the project name, and provides the appropriate URLs to use for container registry for this project.\n\nThe URLs are computed entirely offline - as long as the project exists, they will be valid, but this data source does not contact Google Container Registry (GCR) at any point.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst debian = gcp.container.getRegistryImage({\n name: \"debian\",\n});\nexport const gcrLocation = debian.then(debian =\u003e debian.imageUrl);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndebian = gcp.container.get_registry_image(name=\"debian\")\npulumi.export(\"gcrLocation\", debian.image_url)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var debian = Gcp.Container.GetRegistryImage.Invoke(new()\n {\n Name = \"debian\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"gcrLocation\"] = debian.Apply(getRegistryImageResult =\u003e getRegistryImageResult.ImageUrl),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdebian, err := container.GetRegistryImage(ctx, \u0026container.GetRegistryImageArgs{\n\t\t\tName: \"debian\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"gcrLocation\", debian.ImageUrl)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetRegistryImageArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var debian = ContainerFunctions.getRegistryImage(GetRegistryImageArgs.builder()\n .name(\"debian\")\n .build());\n\n ctx.export(\"gcrLocation\", debian.applyValue(getRegistryImageResult -\u003e getRegistryImageResult.imageUrl()));\n }\n}\n```\n```yaml\nvariables:\n debian:\n fn::invoke:\n function: gcp:container:getRegistryImage\n arguments:\n name: debian\noutputs:\n gcrLocation: ${debian.imageUrl}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getRegistryImage.\n", "properties": { @@ -291332,7 +291332,7 @@ } }, "gcp:container/getRegistryRepository:getRegistryRepository": { - "description": "This data source fetches the project name, and provides the appropriate URLs to use for container registry for this project.\n\nThe URLs are computed entirely offline - as long as the project exists, they will be valid, but this data source does not contact Google Container Registry (GCR) at any point.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foo = gcp.container.getRegistryRepository({});\nexport const gcrLocation = foo.then(foo =\u003e foo.repositoryUrl);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoo = gcp.container.get_registry_repository()\npulumi.export(\"gcrLocation\", foo.repository_url)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = Gcp.Container.GetRegistryRepository.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"gcrLocation\"] = foo.Apply(getRegistryRepositoryResult =\u003e getRegistryRepositoryResult.RepositoryUrl),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfoo, err := container.GetRegistryRepository(ctx, \u0026container.GetRegistryRepositoryArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"gcrLocation\", foo.RepositoryUrl)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetRegistryRepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var foo = ContainerFunctions.getRegistryRepository();\n\n ctx.export(\"gcrLocation\", foo.applyValue(getRegistryRepositoryResult -\u003e getRegistryRepositoryResult.repositoryUrl()));\n }\n}\n```\n```yaml\nvariables:\n foo:\n fn::invoke:\n Function: gcp:container:getRegistryRepository\n Arguments: {}\noutputs:\n gcrLocation: ${foo.repositoryUrl}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "This data source fetches the project name, and provides the appropriate URLs to use for container registry for this project.\n\nThe URLs are computed entirely offline - as long as the project exists, they will be valid, but this data source does not contact Google Container Registry (GCR) at any point.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foo = gcp.container.getRegistryRepository({});\nexport const gcrLocation = foo.then(foo =\u003e foo.repositoryUrl);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoo = gcp.container.get_registry_repository()\npulumi.export(\"gcrLocation\", foo.repository_url)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = Gcp.Container.GetRegistryRepository.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"gcrLocation\"] = foo.Apply(getRegistryRepositoryResult =\u003e getRegistryRepositoryResult.RepositoryUrl),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfoo, err := container.GetRegistryRepository(ctx, \u0026container.GetRegistryRepositoryArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"gcrLocation\", foo.RepositoryUrl)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetRegistryRepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var foo = ContainerFunctions.getRegistryRepository();\n\n ctx.export(\"gcrLocation\", foo.applyValue(getRegistryRepositoryResult -\u003e getRegistryRepositoryResult.repositoryUrl()));\n }\n}\n```\n```yaml\nvariables:\n foo:\n fn::invoke:\n function: gcp:container:getRegistryRepository\n arguments: {}\noutputs:\n gcrLocation: ${foo.repositoryUrl}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getRegistryRepository.\n", "properties": { @@ -291374,7 +291374,7 @@ } }, "gcp:containeranalysis/getNoteIamPolicy:getNoteIamPolicy": { - "description": "Retrieves the current IAM policy data for note\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.containeranalysis.getNoteIamPolicy({\n project: note.project,\n note: note.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.containeranalysis.get_note_iam_policy(project=note[\"project\"],\n note=note[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.ContainerAnalysis.GetNoteIamPolicy.Invoke(new()\n {\n Project = note.Project,\n Note = note.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.LookupNoteIamPolicy(ctx, \u0026containeranalysis.LookupNoteIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(note.Project),\n\t\t\tNote: note.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.ContaineranalysisFunctions;\nimport com.pulumi.gcp.containeranalysis.inputs.GetNoteIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = ContaineranalysisFunctions.getNoteIamPolicy(GetNoteIamPolicyArgs.builder()\n .project(note.project())\n .note(note.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:containeranalysis:getNoteIamPolicy\n Arguments:\n project: ${note.project}\n note: ${note.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for note\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.containeranalysis.getNoteIamPolicy({\n project: note.project,\n note: note.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.containeranalysis.get_note_iam_policy(project=note[\"project\"],\n note=note[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.ContainerAnalysis.GetNoteIamPolicy.Invoke(new()\n {\n Project = note.Project,\n Note = note.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.LookupNoteIamPolicy(ctx, \u0026containeranalysis.LookupNoteIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(note.Project),\n\t\t\tNote: note.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.ContaineranalysisFunctions;\nimport com.pulumi.gcp.containeranalysis.inputs.GetNoteIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = ContaineranalysisFunctions.getNoteIamPolicy(GetNoteIamPolicyArgs.builder()\n .project(note.project())\n .note(note.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:containeranalysis:getNoteIamPolicy\n arguments:\n project: ${note.project}\n note: ${note.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getNoteIamPolicy.\n", "properties": { @@ -291427,7 +291427,7 @@ } }, "gcp:datacatalog/getEntryGroupIamPolicy:getEntryGroupIamPolicy": { - "description": "Retrieves the current IAM policy data for entrygroup\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.datacatalog.getEntryGroupIamPolicy({\n entryGroup: basicEntryGroup.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.datacatalog.get_entry_group_iam_policy(entry_group=basic_entry_group[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.DataCatalog.GetEntryGroupIamPolicy.Invoke(new()\n {\n EntryGroup = basicEntryGroup.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.LookupEntryGroupIamPolicy(ctx, \u0026datacatalog.LookupEntryGroupIamPolicyArgs{\n\t\t\tEntryGroup: basicEntryGroup.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.DatacatalogFunctions;\nimport com.pulumi.gcp.datacatalog.inputs.GetEntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DatacatalogFunctions.getEntryGroupIamPolicy(GetEntryGroupIamPolicyArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:datacatalog:getEntryGroupIamPolicy\n Arguments:\n entryGroup: ${basicEntryGroup.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for entrygroup\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.datacatalog.getEntryGroupIamPolicy({\n entryGroup: basicEntryGroup.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.datacatalog.get_entry_group_iam_policy(entry_group=basic_entry_group[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.DataCatalog.GetEntryGroupIamPolicy.Invoke(new()\n {\n EntryGroup = basicEntryGroup.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.LookupEntryGroupIamPolicy(ctx, \u0026datacatalog.LookupEntryGroupIamPolicyArgs{\n\t\t\tEntryGroup: basicEntryGroup.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.DatacatalogFunctions;\nimport com.pulumi.gcp.datacatalog.inputs.GetEntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DatacatalogFunctions.getEntryGroupIamPolicy(GetEntryGroupIamPolicyArgs.builder()\n .entryGroup(basicEntryGroup.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:datacatalog:getEntryGroupIamPolicy\n arguments:\n entryGroup: ${basicEntryGroup.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getEntryGroupIamPolicy.\n", "properties": { @@ -291488,7 +291488,7 @@ } }, "gcp:datacatalog/getPolicyTagIamPolicy:getPolicyTagIamPolicy": { - "description": "Retrieves the current IAM policy data for policytag\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.datacatalog.getPolicyTagIamPolicy({\n policyTag: basicPolicyTag.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.datacatalog.get_policy_tag_iam_policy(policy_tag=basic_policy_tag[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.DataCatalog.GetPolicyTagIamPolicy.Invoke(new()\n {\n PolicyTag = basicPolicyTag.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.LookupPolicyTagIamPolicy(ctx, \u0026datacatalog.LookupPolicyTagIamPolicyArgs{\n\t\t\tPolicyTag: basicPolicyTag.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.DatacatalogFunctions;\nimport com.pulumi.gcp.datacatalog.inputs.GetPolicyTagIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DatacatalogFunctions.getPolicyTagIamPolicy(GetPolicyTagIamPolicyArgs.builder()\n .policyTag(basicPolicyTag.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:datacatalog:getPolicyTagIamPolicy\n Arguments:\n policyTag: ${basicPolicyTag.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for policytag\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.datacatalog.getPolicyTagIamPolicy({\n policyTag: basicPolicyTag.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.datacatalog.get_policy_tag_iam_policy(policy_tag=basic_policy_tag[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.DataCatalog.GetPolicyTagIamPolicy.Invoke(new()\n {\n PolicyTag = basicPolicyTag.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.LookupPolicyTagIamPolicy(ctx, \u0026datacatalog.LookupPolicyTagIamPolicyArgs{\n\t\t\tPolicyTag: basicPolicyTag.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.DatacatalogFunctions;\nimport com.pulumi.gcp.datacatalog.inputs.GetPolicyTagIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DatacatalogFunctions.getPolicyTagIamPolicy(GetPolicyTagIamPolicyArgs.builder()\n .policyTag(basicPolicyTag.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:datacatalog:getPolicyTagIamPolicy\n arguments:\n policyTag: ${basicPolicyTag.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getPolicyTagIamPolicy.\n", "properties": { @@ -291532,7 +291532,7 @@ } }, "gcp:datacatalog/getTagTemplateIamPolicy:getTagTemplateIamPolicy": { - "description": "Retrieves the current IAM policy data for tagtemplate\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.datacatalog.getTagTemplateIamPolicy({\n tagTemplate: basicTagTemplate.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.datacatalog.get_tag_template_iam_policy(tag_template=basic_tag_template[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.DataCatalog.GetTagTemplateIamPolicy.Invoke(new()\n {\n TagTemplate = basicTagTemplate.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.LookupTagTemplateIamPolicy(ctx, \u0026datacatalog.LookupTagTemplateIamPolicyArgs{\n\t\t\tTagTemplate: basicTagTemplate.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.DatacatalogFunctions;\nimport com.pulumi.gcp.datacatalog.inputs.GetTagTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DatacatalogFunctions.getTagTemplateIamPolicy(GetTagTemplateIamPolicyArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:datacatalog:getTagTemplateIamPolicy\n Arguments:\n tagTemplate: ${basicTagTemplate.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for tagtemplate\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.datacatalog.getTagTemplateIamPolicy({\n tagTemplate: basicTagTemplate.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.datacatalog.get_tag_template_iam_policy(tag_template=basic_tag_template[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.DataCatalog.GetTagTemplateIamPolicy.Invoke(new()\n {\n TagTemplate = basicTagTemplate.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.LookupTagTemplateIamPolicy(ctx, \u0026datacatalog.LookupTagTemplateIamPolicyArgs{\n\t\t\tTagTemplate: basicTagTemplate.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.DatacatalogFunctions;\nimport com.pulumi.gcp.datacatalog.inputs.GetTagTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DatacatalogFunctions.getTagTemplateIamPolicy(GetTagTemplateIamPolicyArgs.builder()\n .tagTemplate(basicTagTemplate.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:datacatalog:getTagTemplateIamPolicy\n arguments:\n tagTemplate: ${basicTagTemplate.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getTagTemplateIamPolicy.\n", "properties": { @@ -291593,7 +291593,7 @@ } }, "gcp:datacatalog/getTaxonomyIamPolicy:getTaxonomyIamPolicy": { - "description": "Retrieves the current IAM policy data for taxonomy\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.datacatalog.getTaxonomyIamPolicy({\n taxonomy: basicTaxonomy.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.datacatalog.get_taxonomy_iam_policy(taxonomy=basic_taxonomy[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.DataCatalog.GetTaxonomyIamPolicy.Invoke(new()\n {\n Taxonomy = basicTaxonomy.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.LookupTaxonomyIamPolicy(ctx, \u0026datacatalog.LookupTaxonomyIamPolicyArgs{\n\t\t\tTaxonomy: basicTaxonomy.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.DatacatalogFunctions;\nimport com.pulumi.gcp.datacatalog.inputs.GetTaxonomyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DatacatalogFunctions.getTaxonomyIamPolicy(GetTaxonomyIamPolicyArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:datacatalog:getTaxonomyIamPolicy\n Arguments:\n taxonomy: ${basicTaxonomy.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for taxonomy\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.datacatalog.getTaxonomyIamPolicy({\n taxonomy: basicTaxonomy.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.datacatalog.get_taxonomy_iam_policy(taxonomy=basic_taxonomy[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.DataCatalog.GetTaxonomyIamPolicy.Invoke(new()\n {\n Taxonomy = basicTaxonomy.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.LookupTaxonomyIamPolicy(ctx, \u0026datacatalog.LookupTaxonomyIamPolicyArgs{\n\t\t\tTaxonomy: basicTaxonomy.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.DatacatalogFunctions;\nimport com.pulumi.gcp.datacatalog.inputs.GetTaxonomyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DatacatalogFunctions.getTaxonomyIamPolicy(GetTaxonomyIamPolicyArgs.builder()\n .taxonomy(basicTaxonomy.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:datacatalog:getTaxonomyIamPolicy\n arguments:\n taxonomy: ${basicTaxonomy.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getTaxonomyIamPolicy.\n", "properties": { @@ -291715,7 +291715,7 @@ } }, "gcp:datafusion/getInstanceIamPolicy:getInstanceIamPolicy": { - "description": "Retrieves the current IAM policy data for instance\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.datafusion.getInstanceIamPolicy({\n project: basicInstance.project,\n region: basicInstance.region,\n name: basicInstance.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.datafusion.get_instance_iam_policy(project=basic_instance[\"project\"],\n region=basic_instance[\"region\"],\n name=basic_instance[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.DataFusion.GetInstanceIamPolicy.Invoke(new()\n {\n Project = basicInstance.Project,\n Region = basicInstance.Region,\n Name = basicInstance.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datafusion.GetInstanceIamPolicy(ctx, \u0026datafusion.GetInstanceIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(basicInstance.Project),\n\t\t\tRegion: pulumi.StringRef(basicInstance.Region),\n\t\t\tName: basicInstance.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datafusion.DatafusionFunctions;\nimport com.pulumi.gcp.datafusion.inputs.GetInstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DatafusionFunctions.getInstanceIamPolicy(GetInstanceIamPolicyArgs.builder()\n .project(basicInstance.project())\n .region(basicInstance.region())\n .name(basicInstance.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:datafusion:getInstanceIamPolicy\n Arguments:\n project: ${basicInstance.project}\n region: ${basicInstance.region}\n name: ${basicInstance.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for instance\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.datafusion.getInstanceIamPolicy({\n project: basicInstance.project,\n region: basicInstance.region,\n name: basicInstance.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.datafusion.get_instance_iam_policy(project=basic_instance[\"project\"],\n region=basic_instance[\"region\"],\n name=basic_instance[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.DataFusion.GetInstanceIamPolicy.Invoke(new()\n {\n Project = basicInstance.Project,\n Region = basicInstance.Region,\n Name = basicInstance.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datafusion\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datafusion.GetInstanceIamPolicy(ctx, \u0026datafusion.GetInstanceIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(basicInstance.Project),\n\t\t\tRegion: pulumi.StringRef(basicInstance.Region),\n\t\t\tName: basicInstance.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datafusion.DatafusionFunctions;\nimport com.pulumi.gcp.datafusion.inputs.GetInstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DatafusionFunctions.getInstanceIamPolicy(GetInstanceIamPolicyArgs.builder()\n .project(basicInstance.project())\n .region(basicInstance.region())\n .name(basicInstance.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:datafusion:getInstanceIamPolicy\n arguments:\n project: ${basicInstance.project}\n region: ${basicInstance.region}\n name: ${basicInstance.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getInstanceIamPolicy.\n", "properties": { @@ -291777,7 +291777,7 @@ } }, "gcp:dataplex/getAspectTypeIamPolicy:getAspectTypeIamPolicy": { - "description": "Retrieves the current IAM policy data for aspecttype\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.dataplex.getAspectTypeIamPolicy({\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.dataplex.get_aspect_type_iam_policy(project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.DataPlex.GetAspectTypeIamPolicy.Invoke(new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.LookupAspectTypeIamPolicy(ctx, \u0026dataplex.LookupAspectTypeIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.StringRef(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: testAspectTypeBasic.AspectTypeId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DataplexFunctions;\nimport com.pulumi.gcp.dataplex.inputs.GetAspectTypeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DataplexFunctions.getAspectTypeIamPolicy(GetAspectTypeIamPolicyArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:dataplex:getAspectTypeIamPolicy\n Arguments:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for aspecttype\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.dataplex.getAspectTypeIamPolicy({\n project: testAspectTypeBasic.project,\n location: testAspectTypeBasic.location,\n aspectTypeId: testAspectTypeBasic.aspectTypeId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.dataplex.get_aspect_type_iam_policy(project=test_aspect_type_basic[\"project\"],\n location=test_aspect_type_basic[\"location\"],\n aspect_type_id=test_aspect_type_basic[\"aspectTypeId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.DataPlex.GetAspectTypeIamPolicy.Invoke(new()\n {\n Project = testAspectTypeBasic.Project,\n Location = testAspectTypeBasic.Location,\n AspectTypeId = testAspectTypeBasic.AspectTypeId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.LookupAspectTypeIamPolicy(ctx, \u0026dataplex.LookupAspectTypeIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(testAspectTypeBasic.Project),\n\t\t\tLocation: pulumi.StringRef(testAspectTypeBasic.Location),\n\t\t\tAspectTypeId: testAspectTypeBasic.AspectTypeId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DataplexFunctions;\nimport com.pulumi.gcp.dataplex.inputs.GetAspectTypeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DataplexFunctions.getAspectTypeIamPolicy(GetAspectTypeIamPolicyArgs.builder()\n .project(testAspectTypeBasic.project())\n .location(testAspectTypeBasic.location())\n .aspectTypeId(testAspectTypeBasic.aspectTypeId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:dataplex:getAspectTypeIamPolicy\n arguments:\n project: ${testAspectTypeBasic.project}\n location: ${testAspectTypeBasic.location}\n aspectTypeId: ${testAspectTypeBasic.aspectTypeId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getAspectTypeIamPolicy.\n", "properties": { @@ -291838,7 +291838,7 @@ } }, "gcp:dataplex/getAssetIamPolicy:getAssetIamPolicy": { - "description": "Retrieves the current IAM policy data for asset\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.dataplex.getAssetIamPolicy({\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.dataplex.get_asset_iam_policy(project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.DataPlex.GetAssetIamPolicy.Invoke(new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.LookupAssetIamPolicy(ctx, \u0026dataplex.LookupAssetIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(example.Project),\n\t\t\tLocation: pulumi.StringRef(example.Location),\n\t\t\tLake: example.Lake,\n\t\t\tDataplexZone: example.DataplexZone,\n\t\t\tAsset: example.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DataplexFunctions;\nimport com.pulumi.gcp.dataplex.inputs.GetAssetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DataplexFunctions.getAssetIamPolicy(GetAssetIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:dataplex:getAssetIamPolicy\n Arguments:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for asset\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.dataplex.getAssetIamPolicy({\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.dataplex.get_asset_iam_policy(project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.DataPlex.GetAssetIamPolicy.Invoke(new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.LookupAssetIamPolicy(ctx, \u0026dataplex.LookupAssetIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(example.Project),\n\t\t\tLocation: pulumi.StringRef(example.Location),\n\t\t\tLake: example.Lake,\n\t\t\tDataplexZone: example.DataplexZone,\n\t\t\tAsset: example.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DataplexFunctions;\nimport com.pulumi.gcp.dataplex.inputs.GetAssetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DataplexFunctions.getAssetIamPolicy(GetAssetIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:dataplex:getAssetIamPolicy\n arguments:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getAssetIamPolicy.\n", "properties": { @@ -291917,7 +291917,7 @@ } }, "gcp:dataplex/getDatascanIamPolicy:getDatascanIamPolicy": { - "description": "Retrieves the current IAM policy data for datascan\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.dataplex.getDatascanIamPolicy({\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.dataplex.get_datascan_iam_policy(project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.DataPlex.GetDatascanIamPolicy.Invoke(new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.LookupDatascanIamPolicy(ctx, \u0026dataplex.LookupDatascanIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(basicProfile.Project),\n\t\t\tLocation: pulumi.StringRef(basicProfile.Location),\n\t\t\tDataScanId: basicProfile.DataScanId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DataplexFunctions;\nimport com.pulumi.gcp.dataplex.inputs.GetDatascanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DataplexFunctions.getDatascanIamPolicy(GetDatascanIamPolicyArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:dataplex:getDatascanIamPolicy\n Arguments:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for datascan\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.dataplex.getDatascanIamPolicy({\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.dataplex.get_datascan_iam_policy(project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.DataPlex.GetDatascanIamPolicy.Invoke(new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.LookupDatascanIamPolicy(ctx, \u0026dataplex.LookupDatascanIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(basicProfile.Project),\n\t\t\tLocation: pulumi.StringRef(basicProfile.Location),\n\t\t\tDataScanId: basicProfile.DataScanId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DataplexFunctions;\nimport com.pulumi.gcp.dataplex.inputs.GetDatascanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DataplexFunctions.getDatascanIamPolicy(GetDatascanIamPolicyArgs.builder()\n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:dataplex:getDatascanIamPolicy\n arguments:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getDatascanIamPolicy.\n", "properties": { @@ -291978,7 +291978,7 @@ } }, "gcp:dataplex/getEntryGroupIamPolicy:getEntryGroupIamPolicy": { - "description": "Retrieves the current IAM policy data for entrygroup\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.dataplex.getEntryGroupIamPolicy({\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.dataplex.get_entry_group_iam_policy(project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.DataPlex.GetEntryGroupIamPolicy.Invoke(new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.LookupEntryGroupIamPolicy(ctx, \u0026dataplex.LookupEntryGroupIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.StringRef(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: testEntryGroupBasic.EntryGroupId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DataplexFunctions;\nimport com.pulumi.gcp.dataplex.inputs.GetEntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DataplexFunctions.getEntryGroupIamPolicy(GetEntryGroupIamPolicyArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:dataplex:getEntryGroupIamPolicy\n Arguments:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for entrygroup\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.dataplex.getEntryGroupIamPolicy({\n project: testEntryGroupBasic.project,\n location: testEntryGroupBasic.location,\n entryGroupId: testEntryGroupBasic.entryGroupId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.dataplex.get_entry_group_iam_policy(project=test_entry_group_basic[\"project\"],\n location=test_entry_group_basic[\"location\"],\n entry_group_id=test_entry_group_basic[\"entryGroupId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.DataPlex.GetEntryGroupIamPolicy.Invoke(new()\n {\n Project = testEntryGroupBasic.Project,\n Location = testEntryGroupBasic.Location,\n EntryGroupId = testEntryGroupBasic.EntryGroupId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.LookupEntryGroupIamPolicy(ctx, \u0026dataplex.LookupEntryGroupIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(testEntryGroupBasic.Project),\n\t\t\tLocation: pulumi.StringRef(testEntryGroupBasic.Location),\n\t\t\tEntryGroupId: testEntryGroupBasic.EntryGroupId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DataplexFunctions;\nimport com.pulumi.gcp.dataplex.inputs.GetEntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DataplexFunctions.getEntryGroupIamPolicy(GetEntryGroupIamPolicyArgs.builder()\n .project(testEntryGroupBasic.project())\n .location(testEntryGroupBasic.location())\n .entryGroupId(testEntryGroupBasic.entryGroupId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:dataplex:getEntryGroupIamPolicy\n arguments:\n project: ${testEntryGroupBasic.project}\n location: ${testEntryGroupBasic.location}\n entryGroupId: ${testEntryGroupBasic.entryGroupId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getEntryGroupIamPolicy.\n", "properties": { @@ -292039,7 +292039,7 @@ } }, "gcp:dataplex/getEntryTypeIamPolicy:getEntryTypeIamPolicy": { - "description": "Retrieves the current IAM policy data for entrytype\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.dataplex.getEntryTypeIamPolicy({\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.dataplex.get_entry_type_iam_policy(project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.DataPlex.GetEntryTypeIamPolicy.Invoke(new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.LookupEntryTypeIamPolicy(ctx, \u0026dataplex.LookupEntryTypeIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.StringRef(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: testEntryTypeBasic.EntryTypeId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DataplexFunctions;\nimport com.pulumi.gcp.dataplex.inputs.GetEntryTypeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DataplexFunctions.getEntryTypeIamPolicy(GetEntryTypeIamPolicyArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:dataplex:getEntryTypeIamPolicy\n Arguments:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for entrytype\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.dataplex.getEntryTypeIamPolicy({\n project: testEntryTypeBasic.project,\n location: testEntryTypeBasic.location,\n entryTypeId: testEntryTypeBasic.entryTypeId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.dataplex.get_entry_type_iam_policy(project=test_entry_type_basic[\"project\"],\n location=test_entry_type_basic[\"location\"],\n entry_type_id=test_entry_type_basic[\"entryTypeId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.DataPlex.GetEntryTypeIamPolicy.Invoke(new()\n {\n Project = testEntryTypeBasic.Project,\n Location = testEntryTypeBasic.Location,\n EntryTypeId = testEntryTypeBasic.EntryTypeId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.LookupEntryTypeIamPolicy(ctx, \u0026dataplex.LookupEntryTypeIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(testEntryTypeBasic.Project),\n\t\t\tLocation: pulumi.StringRef(testEntryTypeBasic.Location),\n\t\t\tEntryTypeId: testEntryTypeBasic.EntryTypeId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DataplexFunctions;\nimport com.pulumi.gcp.dataplex.inputs.GetEntryTypeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DataplexFunctions.getEntryTypeIamPolicy(GetEntryTypeIamPolicyArgs.builder()\n .project(testEntryTypeBasic.project())\n .location(testEntryTypeBasic.location())\n .entryTypeId(testEntryTypeBasic.entryTypeId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:dataplex:getEntryTypeIamPolicy\n arguments:\n project: ${testEntryTypeBasic.project}\n location: ${testEntryTypeBasic.location}\n entryTypeId: ${testEntryTypeBasic.entryTypeId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getEntryTypeIamPolicy.\n", "properties": { @@ -292100,7 +292100,7 @@ } }, "gcp:dataplex/getLakeIamPolicy:getLakeIamPolicy": { - "description": "Retrieves the current IAM policy data for lake\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.dataplex.getLakeIamPolicy({\n project: example.project,\n location: example.location,\n lake: example.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.dataplex.get_lake_iam_policy(project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.DataPlex.GetLakeIamPolicy.Invoke(new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.LookupLakeIamPolicy(ctx, \u0026dataplex.LookupLakeIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(example.Project),\n\t\t\tLocation: pulumi.StringRef(example.Location),\n\t\t\tLake: example.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DataplexFunctions;\nimport com.pulumi.gcp.dataplex.inputs.GetLakeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DataplexFunctions.getLakeIamPolicy(GetLakeIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:dataplex:getLakeIamPolicy\n Arguments:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for lake\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.dataplex.getLakeIamPolicy({\n project: example.project,\n location: example.location,\n lake: example.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.dataplex.get_lake_iam_policy(project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.DataPlex.GetLakeIamPolicy.Invoke(new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.LookupLakeIamPolicy(ctx, \u0026dataplex.LookupLakeIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(example.Project),\n\t\t\tLocation: pulumi.StringRef(example.Location),\n\t\t\tLake: example.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DataplexFunctions;\nimport com.pulumi.gcp.dataplex.inputs.GetLakeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DataplexFunctions.getLakeIamPolicy(GetLakeIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:dataplex:getLakeIamPolicy\n arguments:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getLakeIamPolicy.\n", "properties": { @@ -292161,7 +292161,7 @@ } }, "gcp:dataplex/getTaskIamPolicy:getTaskIamPolicy": { - "description": "Retrieves the current IAM policy data for task\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.dataplex.getTaskIamPolicy({\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.dataplex.get_task_iam_policy(project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.DataPlex.GetTaskIamPolicy.Invoke(new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.LookupTaskIamPolicy(ctx, \u0026dataplex.LookupTaskIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(example.Project),\n\t\t\tLocation: pulumi.StringRef(example.Location),\n\t\t\tLake: example.Lake,\n\t\t\tTaskId: example.TaskId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DataplexFunctions;\nimport com.pulumi.gcp.dataplex.inputs.GetTaskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DataplexFunctions.getTaskIamPolicy(GetTaskIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:dataplex:getTaskIamPolicy\n Arguments:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for task\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.dataplex.getTaskIamPolicy({\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.dataplex.get_task_iam_policy(project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.DataPlex.GetTaskIamPolicy.Invoke(new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.LookupTaskIamPolicy(ctx, \u0026dataplex.LookupTaskIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(example.Project),\n\t\t\tLocation: pulumi.StringRef(example.Location),\n\t\t\tLake: example.Lake,\n\t\t\tTaskId: example.TaskId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DataplexFunctions;\nimport com.pulumi.gcp.dataplex.inputs.GetTaskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DataplexFunctions.getTaskIamPolicy(GetTaskIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:dataplex:getTaskIamPolicy\n arguments:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getTaskIamPolicy.\n", "properties": { @@ -292232,7 +292232,7 @@ } }, "gcp:dataplex/getZoneIamPolicy:getZoneIamPolicy": { - "description": "Retrieves the current IAM policy data for zone\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.dataplex.getZoneIamPolicy({\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.dataplex.get_zone_iam_policy(project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.DataPlex.GetZoneIamPolicy.Invoke(new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.LookupZoneIamPolicy(ctx, \u0026dataplex.LookupZoneIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(example.Project),\n\t\t\tLocation: pulumi.StringRef(example.Location),\n\t\t\tLake: example.Lake,\n\t\t\tDataplexZone: example.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DataplexFunctions;\nimport com.pulumi.gcp.dataplex.inputs.GetZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DataplexFunctions.getZoneIamPolicy(GetZoneIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:dataplex:getZoneIamPolicy\n Arguments:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for zone\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.dataplex.getZoneIamPolicy({\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.dataplex.get_zone_iam_policy(project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.DataPlex.GetZoneIamPolicy.Invoke(new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.LookupZoneIamPolicy(ctx, \u0026dataplex.LookupZoneIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(example.Project),\n\t\t\tLocation: pulumi.StringRef(example.Location),\n\t\t\tLake: example.Lake,\n\t\t\tDataplexZone: example.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DataplexFunctions;\nimport com.pulumi.gcp.dataplex.inputs.GetZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DataplexFunctions.getZoneIamPolicy(GetZoneIamPolicyArgs.builder()\n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:dataplex:getZoneIamPolicy\n arguments:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getZoneIamPolicy.\n", "properties": { @@ -292302,7 +292302,7 @@ } }, "gcp:dataproc/getAutoscalingPolicyIamPolicy:getAutoscalingPolicyIamPolicy": { - "description": "Retrieves the current IAM policy data for autoscalingpolicy\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.dataproc.getAutoscalingPolicyIamPolicy({\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.dataproc.get_autoscaling_policy_iam_policy(project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Dataproc.GetAutoscalingPolicyIamPolicy.Invoke(new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.LookupAutoscalingPolicyIamPolicy(ctx, \u0026dataproc.LookupAutoscalingPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(basic.Project),\n\t\t\tLocation: pulumi.StringRef(basic.Location),\n\t\t\tPolicyId: basic.PolicyId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.DataprocFunctions;\nimport com.pulumi.gcp.dataproc.inputs.GetAutoscalingPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DataprocFunctions.getAutoscalingPolicyIamPolicy(GetAutoscalingPolicyIamPolicyArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:dataproc:getAutoscalingPolicyIamPolicy\n Arguments:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for autoscalingpolicy\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.dataproc.getAutoscalingPolicyIamPolicy({\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.dataproc.get_autoscaling_policy_iam_policy(project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Dataproc.GetAutoscalingPolicyIamPolicy.Invoke(new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.LookupAutoscalingPolicyIamPolicy(ctx, \u0026dataproc.LookupAutoscalingPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(basic.Project),\n\t\t\tLocation: pulumi.StringRef(basic.Location),\n\t\t\tPolicyId: basic.PolicyId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.DataprocFunctions;\nimport com.pulumi.gcp.dataproc.inputs.GetAutoscalingPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DataprocFunctions.getAutoscalingPolicyIamPolicy(GetAutoscalingPolicyIamPolicyArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:dataproc:getAutoscalingPolicyIamPolicy\n arguments:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getAutoscalingPolicyIamPolicy.\n", "properties": { @@ -292364,7 +292364,7 @@ } }, "gcp:dataproc/getClusterIamPolicy:getClusterIamPolicy": { - "description": "Retrieves the current IAM policy data for a Dataproc cluster.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.dataproc.getClusterIamPolicy({\n cluster: cluster.name,\n region: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.dataproc.get_cluster_iam_policy(cluster=cluster[\"name\"],\n region=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Dataproc.GetClusterIamPolicy.Invoke(new()\n {\n Cluster = cluster.Name,\n Region = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.GetClusterIamPolicy(ctx, \u0026dataproc.GetClusterIamPolicyArgs{\n\t\t\tCluster: cluster.Name,\n\t\t\tRegion: pulumi.StringRef(\"us-central1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.DataprocFunctions;\nimport com.pulumi.gcp.dataproc.inputs.GetClusterIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DataprocFunctions.getClusterIamPolicy(GetClusterIamPolicyArgs.builder()\n .cluster(cluster.name())\n .region(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:dataproc:getClusterIamPolicy\n Arguments:\n cluster: ${cluster.name}\n region: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for a Dataproc cluster.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.dataproc.getClusterIamPolicy({\n cluster: cluster.name,\n region: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.dataproc.get_cluster_iam_policy(cluster=cluster[\"name\"],\n region=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Dataproc.GetClusterIamPolicy.Invoke(new()\n {\n Cluster = cluster.Name,\n Region = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.GetClusterIamPolicy(ctx, \u0026dataproc.GetClusterIamPolicyArgs{\n\t\t\tCluster: cluster.Name,\n\t\t\tRegion: pulumi.StringRef(\"us-central1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.DataprocFunctions;\nimport com.pulumi.gcp.dataproc.inputs.GetClusterIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DataprocFunctions.getClusterIamPolicy(GetClusterIamPolicyArgs.builder()\n .cluster(cluster.name())\n .region(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:dataproc:getClusterIamPolicy\n arguments:\n cluster: ${cluster.name}\n region: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getClusterIamPolicy.\n", "properties": { @@ -292424,7 +292424,7 @@ } }, "gcp:dataproc/getJobIamPolicy:getJobIamPolicy": { - "description": "Retrieves the current IAM policy data for a Dataproc job.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.dataproc.getJobIamPolicy({\n jobId: pyspark.reference[0].jobId,\n region: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.dataproc.get_job_iam_policy(job_id=pyspark[\"reference\"][0][\"jobId\"],\n region=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Dataproc.GetJobIamPolicy.Invoke(new()\n {\n JobId = pyspark.Reference[0].JobId,\n Region = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.GetJobIamPolicy(ctx, \u0026dataproc.GetJobIamPolicyArgs{\n\t\t\tJobId: pyspark.Reference[0].JobId,\n\t\t\tRegion: pulumi.StringRef(\"us-central1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.DataprocFunctions;\nimport com.pulumi.gcp.dataproc.inputs.GetJobIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DataprocFunctions.getJobIamPolicy(GetJobIamPolicyArgs.builder()\n .jobId(pyspark.reference()[0].jobId())\n .region(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:dataproc:getJobIamPolicy\n Arguments:\n jobId: ${pyspark.reference[0].jobId}\n region: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for a Dataproc job.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.dataproc.getJobIamPolicy({\n jobId: pyspark.reference[0].jobId,\n region: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.dataproc.get_job_iam_policy(job_id=pyspark[\"reference\"][0][\"jobId\"],\n region=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Dataproc.GetJobIamPolicy.Invoke(new()\n {\n JobId = pyspark.Reference[0].JobId,\n Region = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.GetJobIamPolicy(ctx, \u0026dataproc.GetJobIamPolicyArgs{\n\t\t\tJobId: pyspark.Reference[0].JobId,\n\t\t\tRegion: pulumi.StringRef(\"us-central1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.DataprocFunctions;\nimport com.pulumi.gcp.dataproc.inputs.GetJobIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DataprocFunctions.getJobIamPolicy(GetJobIamPolicyArgs.builder()\n .jobId(pyspark.reference()[0].jobId())\n .region(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:dataproc:getJobIamPolicy\n arguments:\n jobId: ${pyspark.reference[0].jobId}\n region: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getJobIamPolicy.\n", "properties": { @@ -292484,7 +292484,7 @@ } }, "gcp:dataproc/getMetastoreFederationIamPolicy:getMetastoreFederationIamPolicy": { - "description": "Retrieves the current IAM policy data for federation\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.dataproc.getMetastoreFederationIamPolicy({\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.dataproc.get_metastore_federation_iam_policy(project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Dataproc.GetMetastoreFederationIamPolicy.Invoke(new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.LookupMetastoreFederationIamPolicy(ctx, \u0026dataproc.LookupMetastoreFederationIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(_default.Project),\n\t\t\tLocation: pulumi.StringRef(_default.Location),\n\t\t\tFederationId: _default.FederationId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.DataprocFunctions;\nimport com.pulumi.gcp.dataproc.inputs.GetMetastoreFederationIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DataprocFunctions.getMetastoreFederationIamPolicy(GetMetastoreFederationIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:dataproc:getMetastoreFederationIamPolicy\n Arguments:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for federation\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.dataproc.getMetastoreFederationIamPolicy({\n project: _default.project,\n location: _default.location,\n federationId: _default.federationId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.dataproc.get_metastore_federation_iam_policy(project=default[\"project\"],\n location=default[\"location\"],\n federation_id=default[\"federationId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Dataproc.GetMetastoreFederationIamPolicy.Invoke(new()\n {\n Project = @default.Project,\n Location = @default.Location,\n FederationId = @default.FederationId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.LookupMetastoreFederationIamPolicy(ctx, \u0026dataproc.LookupMetastoreFederationIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(_default.Project),\n\t\t\tLocation: pulumi.StringRef(_default.Location),\n\t\t\tFederationId: _default.FederationId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.DataprocFunctions;\nimport com.pulumi.gcp.dataproc.inputs.GetMetastoreFederationIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DataprocFunctions.getMetastoreFederationIamPolicy(GetMetastoreFederationIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .federationId(default_.federationId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:dataproc:getMetastoreFederationIamPolicy\n arguments:\n project: ${default.project}\n location: ${default.location}\n federationId: ${default.federationId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getMetastoreFederationIamPolicy.\n", "properties": { @@ -292545,7 +292545,7 @@ } }, "gcp:dataproc/getMetastoreService:getMetastoreService": { - "description": "Get a Dataproc Metastore service from Google Cloud by its id and location.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foo = gcp.dataproc.getMetastoreService({\n serviceId: \"foo-bar\",\n location: \"global\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoo = gcp.dataproc.get_metastore_service(service_id=\"foo-bar\",\n location=\"global\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = Gcp.Dataproc.GetMetastoreService.Invoke(new()\n {\n ServiceId = \"foo-bar\",\n Location = \"global\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.LookupMetastoreService(ctx, \u0026dataproc.LookupMetastoreServiceArgs{\n\t\t\tServiceId: \"foo-bar\",\n\t\t\tLocation: \"global\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.DataprocFunctions;\nimport com.pulumi.gcp.dataproc.inputs.GetMetastoreServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var foo = DataprocFunctions.getMetastoreService(GetMetastoreServiceArgs.builder()\n .serviceId(\"foo-bar\")\n .location(\"global\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n foo:\n fn::invoke:\n Function: gcp:dataproc:getMetastoreService\n Arguments:\n serviceId: foo-bar\n location: global\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get a Dataproc Metastore service from Google Cloud by its id and location.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foo = gcp.dataproc.getMetastoreService({\n serviceId: \"foo-bar\",\n location: \"global\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoo = gcp.dataproc.get_metastore_service(service_id=\"foo-bar\",\n location=\"global\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = Gcp.Dataproc.GetMetastoreService.Invoke(new()\n {\n ServiceId = \"foo-bar\",\n Location = \"global\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.LookupMetastoreService(ctx, \u0026dataproc.LookupMetastoreServiceArgs{\n\t\t\tServiceId: \"foo-bar\",\n\t\t\tLocation: \"global\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.DataprocFunctions;\nimport com.pulumi.gcp.dataproc.inputs.GetMetastoreServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var foo = DataprocFunctions.getMetastoreService(GetMetastoreServiceArgs.builder()\n .serviceId(\"foo-bar\")\n .location(\"global\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n foo:\n fn::invoke:\n function: gcp:dataproc:getMetastoreService\n arguments:\n serviceId: foo-bar\n location: global\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getMetastoreService.\n", "properties": { @@ -292721,7 +292721,7 @@ } }, "gcp:dataproc/getMetastoreServiceIamPolicy:getMetastoreServiceIamPolicy": { - "description": "Retrieves the current IAM policy data for service\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.dataproc.getMetastoreServiceIamPolicy({\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.dataproc.get_metastore_service_iam_policy(project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Dataproc.GetMetastoreServiceIamPolicy.Invoke(new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.LookupMetastoreServiceIamPolicy(ctx, \u0026dataproc.LookupMetastoreServiceIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(_default.Project),\n\t\t\tLocation: pulumi.StringRef(_default.Location),\n\t\t\tServiceId: _default.ServiceId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.DataprocFunctions;\nimport com.pulumi.gcp.dataproc.inputs.GetMetastoreServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DataprocFunctions.getMetastoreServiceIamPolicy(GetMetastoreServiceIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:dataproc:getMetastoreServiceIamPolicy\n Arguments:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for service\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.dataproc.getMetastoreServiceIamPolicy({\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.dataproc.get_metastore_service_iam_policy(project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Dataproc.GetMetastoreServiceIamPolicy.Invoke(new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.LookupMetastoreServiceIamPolicy(ctx, \u0026dataproc.LookupMetastoreServiceIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(_default.Project),\n\t\t\tLocation: pulumi.StringRef(_default.Location),\n\t\t\tServiceId: _default.ServiceId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.DataprocFunctions;\nimport com.pulumi.gcp.dataproc.inputs.GetMetastoreServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DataprocFunctions.getMetastoreServiceIamPolicy(GetMetastoreServiceIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:dataproc:getMetastoreServiceIamPolicy\n arguments:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getMetastoreServiceIamPolicy.\n", "properties": { @@ -292782,7 +292782,7 @@ } }, "gcp:datastream/getStaticIps:getStaticIps": { - "description": "Returns the list of IP addresses that Datastream connects from. For more information see\nthe [official documentation](https://cloud.google.com/datastream/docs/ip-allowlists-and-regions).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst datastreamIps = gcp.datastream.getStaticIps({\n location: \"us-west1\",\n project: \"my-project\",\n});\nexport const ipList = datastreamIps.then(datastreamIps =\u003e datastreamIps.staticIps);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatastream_ips = gcp.datastream.get_static_ips(location=\"us-west1\",\n project=\"my-project\")\npulumi.export(\"ipList\", datastream_ips.static_ips)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var datastreamIps = Gcp.Datastream.GetStaticIps.Invoke(new()\n {\n Location = \"us-west1\",\n Project = \"my-project\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"ipList\"] = datastreamIps.Apply(getStaticIpsResult =\u003e getStaticIpsResult.StaticIps),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datastream\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdatastreamIps, err := datastream.GetStaticIps(ctx, \u0026datastream.GetStaticIpsArgs{\n\t\t\tLocation: \"us-west1\",\n\t\t\tProject: pulumi.StringRef(\"my-project\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"ipList\", datastreamIps.StaticIps)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datastream.DatastreamFunctions;\nimport com.pulumi.gcp.datastream.inputs.GetStaticIpsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var datastreamIps = DatastreamFunctions.getStaticIps(GetStaticIpsArgs.builder()\n .location(\"us-west1\")\n .project(\"my-project\")\n .build());\n\n ctx.export(\"ipList\", datastreamIps.applyValue(getStaticIpsResult -\u003e getStaticIpsResult.staticIps()));\n }\n}\n```\n```yaml\nvariables:\n datastreamIps:\n fn::invoke:\n Function: gcp:datastream:getStaticIps\n Arguments:\n location: us-west1\n project: my-project\noutputs:\n ipList: ${datastreamIps.staticIps}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Returns the list of IP addresses that Datastream connects from. For more information see\nthe [official documentation](https://cloud.google.com/datastream/docs/ip-allowlists-and-regions).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst datastreamIps = gcp.datastream.getStaticIps({\n location: \"us-west1\",\n project: \"my-project\",\n});\nexport const ipList = datastreamIps.then(datastreamIps =\u003e datastreamIps.staticIps);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatastream_ips = gcp.datastream.get_static_ips(location=\"us-west1\",\n project=\"my-project\")\npulumi.export(\"ipList\", datastream_ips.static_ips)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var datastreamIps = Gcp.Datastream.GetStaticIps.Invoke(new()\n {\n Location = \"us-west1\",\n Project = \"my-project\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"ipList\"] = datastreamIps.Apply(getStaticIpsResult =\u003e getStaticIpsResult.StaticIps),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datastream\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdatastreamIps, err := datastream.GetStaticIps(ctx, \u0026datastream.GetStaticIpsArgs{\n\t\t\tLocation: \"us-west1\",\n\t\t\tProject: pulumi.StringRef(\"my-project\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"ipList\", datastreamIps.StaticIps)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datastream.DatastreamFunctions;\nimport com.pulumi.gcp.datastream.inputs.GetStaticIpsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var datastreamIps = DatastreamFunctions.getStaticIps(GetStaticIpsArgs.builder()\n .location(\"us-west1\")\n .project(\"my-project\")\n .build());\n\n ctx.export(\"ipList\", datastreamIps.applyValue(getStaticIpsResult -\u003e getStaticIpsResult.staticIps()));\n }\n}\n```\n```yaml\nvariables:\n datastreamIps:\n fn::invoke:\n function: gcp:datastream:getStaticIps\n arguments:\n location: us-west1\n project: my-project\noutputs:\n ipList: ${datastreamIps.staticIps}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getStaticIps.\n", "properties": { @@ -292830,7 +292830,7 @@ } }, "gcp:dns/getKeys:getKeys": { - "description": "Get the DNSKEY and DS records of DNSSEC-signed managed zones.\n\nFor more information see the\n[official documentation](https://cloud.google.com/dns/docs/dnskeys/)\nand [API](https://cloud.google.com/dns/docs/reference/v1/dnsKeys).\n\n\u003e A gcp.dns.ManagedZone resource must have DNSSEC enabled in order\nto contain any DNSKEYs. Queries to managed zones without this setting\nenabled will result in a 404 error as the collection of DNSKEYs does\nnot exist in the DNS API.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foo = new gcp.dns.ManagedZone(\"foo\", {\n name: \"foobar\",\n dnsName: \"foo.bar.\",\n dnssecConfig: {\n state: \"on\",\n nonExistence: \"nsec3\",\n },\n});\nconst fooDnsKeys = gcp.dns.getKeysOutput({\n managedZone: foo.id,\n});\nexport const fooDnsDsRecord = fooDnsKeys.apply(fooDnsKeys =\u003e fooDnsKeys.keySigningKeys?.[0]?.dsRecord);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoo = gcp.dns.ManagedZone(\"foo\",\n name=\"foobar\",\n dns_name=\"foo.bar.\",\n dnssec_config={\n \"state\": \"on\",\n \"non_existence\": \"nsec3\",\n })\nfoo_dns_keys = gcp.dns.get_keys_output(managed_zone=foo.id)\npulumi.export(\"fooDnsDsRecord\", foo_dns_keys.key_signing_keys[0].ds_record)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = new Gcp.Dns.ManagedZone(\"foo\", new()\n {\n Name = \"foobar\",\n DnsName = \"foo.bar.\",\n DnssecConfig = new Gcp.Dns.Inputs.ManagedZoneDnssecConfigArgs\n {\n State = \"on\",\n NonExistence = \"nsec3\",\n },\n });\n\n var fooDnsKeys = Gcp.Dns.GetKeys.Invoke(new()\n {\n ManagedZone = foo.Id,\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"fooDnsDsRecord\"] = fooDnsKeys.Apply(getKeysResult =\u003e getKeysResult.KeySigningKeys[0]?.DsRecord),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfoo, err := dns.NewManagedZone(ctx, \"foo\", \u0026dns.ManagedZoneArgs{\n\t\t\tName: pulumi.String(\"foobar\"),\n\t\t\tDnsName: pulumi.String(\"foo.bar.\"),\n\t\t\tDnssecConfig: \u0026dns.ManagedZoneDnssecConfigArgs{\n\t\t\t\tState: pulumi.String(\"on\"),\n\t\t\t\tNonExistence: pulumi.String(\"nsec3\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfooDnsKeys := dns.GetKeysOutput(ctx, dns.GetKeysOutputArgs{\n\t\t\tManagedZone: foo.ID(),\n\t\t}, nil)\n\t\tctx.Export(\"fooDnsDsRecord\", fooDnsKeys.ApplyT(func(fooDnsKeys dns.GetKeysResult) (*string, error) {\n\t\t\treturn \u0026fooDnsKeys.KeySigningKeys[0].DsRecord, nil\n\t\t}).(pulumi.StringPtrOutput))\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.ManagedZone;\nimport com.pulumi.gcp.dns.ManagedZoneArgs;\nimport com.pulumi.gcp.dns.inputs.ManagedZoneDnssecConfigArgs;\nimport com.pulumi.gcp.dns.DnsFunctions;\nimport com.pulumi.gcp.dns.inputs.GetKeysArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foo = new ManagedZone(\"foo\", ManagedZoneArgs.builder()\n .name(\"foobar\")\n .dnsName(\"foo.bar.\")\n .dnssecConfig(ManagedZoneDnssecConfigArgs.builder()\n .state(\"on\")\n .nonExistence(\"nsec3\")\n .build())\n .build());\n\n final var fooDnsKeys = DnsFunctions.getKeys(GetKeysArgs.builder()\n .managedZone(foo.id())\n .build());\n\n ctx.export(\"fooDnsDsRecord\", fooDnsKeys.applyValue(getKeysResult -\u003e getKeysResult).applyValue(fooDnsKeys -\u003e fooDnsKeys.applyValue(getKeysResult -\u003e getKeysResult.keySigningKeys()[0].dsRecord())));\n }\n}\n```\n```yaml\nresources:\n foo:\n type: gcp:dns:ManagedZone\n properties:\n name: foobar\n dnsName: foo.bar.\n dnssecConfig:\n state: on\n nonExistence: nsec3\nvariables:\n fooDnsKeys:\n fn::invoke:\n Function: gcp:dns:getKeys\n Arguments:\n managedZone: ${foo.id}\noutputs:\n fooDnsDsRecord: ${fooDnsKeys.keySigningKeys[0].dsRecord}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get the DNSKEY and DS records of DNSSEC-signed managed zones.\n\nFor more information see the\n[official documentation](https://cloud.google.com/dns/docs/dnskeys/)\nand [API](https://cloud.google.com/dns/docs/reference/v1/dnsKeys).\n\n\u003e A gcp.dns.ManagedZone resource must have DNSSEC enabled in order\nto contain any DNSKEYs. Queries to managed zones without this setting\nenabled will result in a 404 error as the collection of DNSKEYs does\nnot exist in the DNS API.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foo = new gcp.dns.ManagedZone(\"foo\", {\n name: \"foobar\",\n dnsName: \"foo.bar.\",\n dnssecConfig: {\n state: \"on\",\n nonExistence: \"nsec3\",\n },\n});\nconst fooDnsKeys = gcp.dns.getKeysOutput({\n managedZone: foo.id,\n});\nexport const fooDnsDsRecord = fooDnsKeys.apply(fooDnsKeys =\u003e fooDnsKeys.keySigningKeys?.[0]?.dsRecord);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoo = gcp.dns.ManagedZone(\"foo\",\n name=\"foobar\",\n dns_name=\"foo.bar.\",\n dnssec_config={\n \"state\": \"on\",\n \"non_existence\": \"nsec3\",\n })\nfoo_dns_keys = gcp.dns.get_keys_output(managed_zone=foo.id)\npulumi.export(\"fooDnsDsRecord\", foo_dns_keys.key_signing_keys[0].ds_record)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = new Gcp.Dns.ManagedZone(\"foo\", new()\n {\n Name = \"foobar\",\n DnsName = \"foo.bar.\",\n DnssecConfig = new Gcp.Dns.Inputs.ManagedZoneDnssecConfigArgs\n {\n State = \"on\",\n NonExistence = \"nsec3\",\n },\n });\n\n var fooDnsKeys = Gcp.Dns.GetKeys.Invoke(new()\n {\n ManagedZone = foo.Id,\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"fooDnsDsRecord\"] = fooDnsKeys.Apply(getKeysResult =\u003e getKeysResult.KeySigningKeys[0]?.DsRecord),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfoo, err := dns.NewManagedZone(ctx, \"foo\", \u0026dns.ManagedZoneArgs{\n\t\t\tName: pulumi.String(\"foobar\"),\n\t\t\tDnsName: pulumi.String(\"foo.bar.\"),\n\t\t\tDnssecConfig: \u0026dns.ManagedZoneDnssecConfigArgs{\n\t\t\t\tState: pulumi.String(\"on\"),\n\t\t\t\tNonExistence: pulumi.String(\"nsec3\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfooDnsKeys := dns.GetKeysOutput(ctx, dns.GetKeysOutputArgs{\n\t\t\tManagedZone: foo.ID(),\n\t\t}, nil)\n\t\tctx.Export(\"fooDnsDsRecord\", fooDnsKeys.ApplyT(func(fooDnsKeys dns.GetKeysResult) (*string, error) {\n\t\t\treturn \u0026fooDnsKeys.KeySigningKeys[0].DsRecord, nil\n\t\t}).(pulumi.StringPtrOutput))\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.ManagedZone;\nimport com.pulumi.gcp.dns.ManagedZoneArgs;\nimport com.pulumi.gcp.dns.inputs.ManagedZoneDnssecConfigArgs;\nimport com.pulumi.gcp.dns.DnsFunctions;\nimport com.pulumi.gcp.dns.inputs.GetKeysArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foo = new ManagedZone(\"foo\", ManagedZoneArgs.builder()\n .name(\"foobar\")\n .dnsName(\"foo.bar.\")\n .dnssecConfig(ManagedZoneDnssecConfigArgs.builder()\n .state(\"on\")\n .nonExistence(\"nsec3\")\n .build())\n .build());\n\n final var fooDnsKeys = DnsFunctions.getKeys(GetKeysArgs.builder()\n .managedZone(foo.id())\n .build());\n\n ctx.export(\"fooDnsDsRecord\", fooDnsKeys.applyValue(getKeysResult -\u003e getKeysResult).applyValue(fooDnsKeys -\u003e fooDnsKeys.applyValue(getKeysResult -\u003e getKeysResult.keySigningKeys()[0].dsRecord())));\n }\n}\n```\n```yaml\nresources:\n foo:\n type: gcp:dns:ManagedZone\n properties:\n name: foobar\n dnsName: foo.bar.\n dnssecConfig:\n state: on\n nonExistence: nsec3\nvariables:\n fooDnsKeys:\n fn::invoke:\n function: gcp:dns:getKeys\n arguments:\n managedZone: ${foo.id}\noutputs:\n fooDnsDsRecord: ${fooDnsKeys.keySigningKeys[0].dsRecord}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getKeys.\n", "properties": { @@ -292888,7 +292888,7 @@ } }, "gcp:dns/getManagedZone:getManagedZone": { - "description": "Provides access to a zone's attributes within Google Cloud DNS.\nFor more information see\n[the official documentation](https://cloud.google.com/dns/zones/)\nand\n[API](https://cloud.google.com/dns/api/v1/managedZones).\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst envDnsZone = gcp.dns.getManagedZone({\n name: \"qa-zone\",\n});\nconst dns = new gcp.dns.RecordSet(\"dns\", {\n name: envDnsZone.then(envDnsZone =\u003e `my-address.${envDnsZone.dnsName}`),\n type: \"TXT\",\n ttl: 300,\n managedZone: envDnsZone.then(envDnsZone =\u003e envDnsZone.name),\n rrdatas: [\"test\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nenv_dns_zone = gcp.dns.get_managed_zone(name=\"qa-zone\")\ndns = gcp.dns.RecordSet(\"dns\",\n name=f\"my-address.{env_dns_zone.dns_name}\",\n type=\"TXT\",\n ttl=300,\n managed_zone=env_dns_zone.name,\n rrdatas=[\"test\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var envDnsZone = Gcp.Dns.GetManagedZone.Invoke(new()\n {\n Name = \"qa-zone\",\n });\n\n var dns = new Gcp.Dns.RecordSet(\"dns\", new()\n {\n Name = $\"my-address.{envDnsZone.Apply(getManagedZoneResult =\u003e getManagedZoneResult.DnsName)}\",\n Type = \"TXT\",\n Ttl = 300,\n ManagedZone = envDnsZone.Apply(getManagedZoneResult =\u003e getManagedZoneResult.Name),\n Rrdatas = new[]\n {\n \"test\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tenvDnsZone, err := dns.LookupManagedZone(ctx, \u0026dns.LookupManagedZoneArgs{\n\t\t\tName: \"qa-zone\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewRecordSet(ctx, \"dns\", \u0026dns.RecordSetArgs{\n\t\t\tName: pulumi.Sprintf(\"my-address.%v\", envDnsZone.DnsName),\n\t\t\tType: pulumi.String(\"TXT\"),\n\t\t\tTtl: pulumi.Int(300),\n\t\t\tManagedZone: pulumi.String(envDnsZone.Name),\n\t\t\tRrdatas: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"test\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsFunctions;\nimport com.pulumi.gcp.dns.inputs.GetManagedZoneArgs;\nimport com.pulumi.gcp.dns.RecordSet;\nimport com.pulumi.gcp.dns.RecordSetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var envDnsZone = DnsFunctions.getManagedZone(GetManagedZoneArgs.builder()\n .name(\"qa-zone\")\n .build());\n\n var dns = new RecordSet(\"dns\", RecordSetArgs.builder()\n .name(String.format(\"my-address.%s\", envDnsZone.applyValue(getManagedZoneResult -\u003e getManagedZoneResult.dnsName())))\n .type(\"TXT\")\n .ttl(300)\n .managedZone(envDnsZone.applyValue(getManagedZoneResult -\u003e getManagedZoneResult.name()))\n .rrdatas(\"test\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dns:\n type: gcp:dns:RecordSet\n properties:\n name: my-address.${envDnsZone.dnsName}\n type: TXT\n ttl: 300\n managedZone: ${envDnsZone.name}\n rrdatas:\n - test\nvariables:\n envDnsZone:\n fn::invoke:\n Function: gcp:dns:getManagedZone\n Arguments:\n name: qa-zone\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Provides access to a zone's attributes within Google Cloud DNS.\nFor more information see\n[the official documentation](https://cloud.google.com/dns/zones/)\nand\n[API](https://cloud.google.com/dns/api/v1/managedZones).\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst envDnsZone = gcp.dns.getManagedZone({\n name: \"qa-zone\",\n});\nconst dns = new gcp.dns.RecordSet(\"dns\", {\n name: envDnsZone.then(envDnsZone =\u003e `my-address.${envDnsZone.dnsName}`),\n type: \"TXT\",\n ttl: 300,\n managedZone: envDnsZone.then(envDnsZone =\u003e envDnsZone.name),\n rrdatas: [\"test\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nenv_dns_zone = gcp.dns.get_managed_zone(name=\"qa-zone\")\ndns = gcp.dns.RecordSet(\"dns\",\n name=f\"my-address.{env_dns_zone.dns_name}\",\n type=\"TXT\",\n ttl=300,\n managed_zone=env_dns_zone.name,\n rrdatas=[\"test\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var envDnsZone = Gcp.Dns.GetManagedZone.Invoke(new()\n {\n Name = \"qa-zone\",\n });\n\n var dns = new Gcp.Dns.RecordSet(\"dns\", new()\n {\n Name = $\"my-address.{envDnsZone.Apply(getManagedZoneResult =\u003e getManagedZoneResult.DnsName)}\",\n Type = \"TXT\",\n Ttl = 300,\n ManagedZone = envDnsZone.Apply(getManagedZoneResult =\u003e getManagedZoneResult.Name),\n Rrdatas = new[]\n {\n \"test\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tenvDnsZone, err := dns.LookupManagedZone(ctx, \u0026dns.LookupManagedZoneArgs{\n\t\t\tName: \"qa-zone\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewRecordSet(ctx, \"dns\", \u0026dns.RecordSetArgs{\n\t\t\tName: pulumi.Sprintf(\"my-address.%v\", envDnsZone.DnsName),\n\t\t\tType: pulumi.String(\"TXT\"),\n\t\t\tTtl: pulumi.Int(300),\n\t\t\tManagedZone: pulumi.String(envDnsZone.Name),\n\t\t\tRrdatas: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"test\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsFunctions;\nimport com.pulumi.gcp.dns.inputs.GetManagedZoneArgs;\nimport com.pulumi.gcp.dns.RecordSet;\nimport com.pulumi.gcp.dns.RecordSetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var envDnsZone = DnsFunctions.getManagedZone(GetManagedZoneArgs.builder()\n .name(\"qa-zone\")\n .build());\n\n var dns = new RecordSet(\"dns\", RecordSetArgs.builder()\n .name(String.format(\"my-address.%s\", envDnsZone.applyValue(getManagedZoneResult -\u003e getManagedZoneResult.dnsName())))\n .type(\"TXT\")\n .ttl(300)\n .managedZone(envDnsZone.applyValue(getManagedZoneResult -\u003e getManagedZoneResult.name()))\n .rrdatas(\"test\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dns:\n type: gcp:dns:RecordSet\n properties:\n name: my-address.${envDnsZone.dnsName}\n type: TXT\n ttl: 300\n managedZone: ${envDnsZone.name}\n rrdatas:\n - test\nvariables:\n envDnsZone:\n fn::invoke:\n function: gcp:dns:getManagedZone\n arguments:\n name: qa-zone\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getManagedZone.\n", "properties": { @@ -292954,7 +292954,7 @@ } }, "gcp:dns/getManagedZoneIamPolicy:getManagedZoneIamPolicy": { - "description": "Retrieves the current IAM policy data for managedzone\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.dns.getManagedZoneIamPolicy({\n project: _default.project,\n managedZone: _default.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.dns.get_managed_zone_iam_policy(project=default[\"project\"],\n managed_zone=default[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Dns.GetManagedZoneIamPolicy.Invoke(new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.GetManagedZoneIamPolicy(ctx, \u0026dns.GetManagedZoneIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(_default.Project),\n\t\t\tManagedZone: _default.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsFunctions;\nimport com.pulumi.gcp.dns.inputs.GetManagedZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DnsFunctions.getManagedZoneIamPolicy(GetManagedZoneIamPolicyArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:dns:getManagedZoneIamPolicy\n Arguments:\n project: ${default.project}\n managedZone: ${default.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for managedzone\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.dns.getManagedZoneIamPolicy({\n project: _default.project,\n managedZone: _default.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.dns.get_managed_zone_iam_policy(project=default[\"project\"],\n managed_zone=default[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Dns.GetManagedZoneIamPolicy.Invoke(new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.GetManagedZoneIamPolicy(ctx, \u0026dns.GetManagedZoneIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(_default.Project),\n\t\t\tManagedZone: _default.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsFunctions;\nimport com.pulumi.gcp.dns.inputs.GetManagedZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = DnsFunctions.getManagedZoneIamPolicy(GetManagedZoneIamPolicyArgs.builder()\n .project(default_.project())\n .managedZone(default_.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:dns:getManagedZoneIamPolicy\n arguments:\n project: ${default.project}\n managedZone: ${default.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getManagedZoneIamPolicy.\n", "properties": { @@ -293007,7 +293007,7 @@ } }, "gcp:dns/getManagedZones:getManagedZones": { - "description": "Provides access to a list of zones within Google Cloud DNS.\nFor more information see\n[the official documentation](https://cloud.google.com/dns/zones/)\nand\n[API](https://cloud.google.com/dns/api/v1/managedZones).\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst zones = gcp.dns.getManagedZones({\n project: \"my-project-id\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nzones = gcp.dns.get_managed_zones(project=\"my-project-id\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var zones = Gcp.Dns.GetManagedZones.Invoke(new()\n {\n Project = \"my-project-id\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.GetManagedZones(ctx, \u0026dns.GetManagedZonesArgs{\n\t\t\tProject: pulumi.StringRef(\"my-project-id\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsFunctions;\nimport com.pulumi.gcp.dns.inputs.GetManagedZonesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var zones = DnsFunctions.getManagedZones(GetManagedZonesArgs.builder()\n .project(\"my-project-id\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n zones:\n fn::invoke:\n Function: gcp:dns:getManagedZones\n Arguments:\n project: my-project-id\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Provides access to a list of zones within Google Cloud DNS.\nFor more information see\n[the official documentation](https://cloud.google.com/dns/zones/)\nand\n[API](https://cloud.google.com/dns/api/v1/managedZones).\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst zones = gcp.dns.getManagedZones({\n project: \"my-project-id\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nzones = gcp.dns.get_managed_zones(project=\"my-project-id\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var zones = Gcp.Dns.GetManagedZones.Invoke(new()\n {\n Project = \"my-project-id\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.GetManagedZones(ctx, \u0026dns.GetManagedZonesArgs{\n\t\t\tProject: pulumi.StringRef(\"my-project-id\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsFunctions;\nimport com.pulumi.gcp.dns.inputs.GetManagedZonesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var zones = DnsFunctions.getManagedZones(GetManagedZonesArgs.builder()\n .project(\"my-project-id\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n zones:\n fn::invoke:\n function: gcp:dns:getManagedZones\n arguments:\n project: my-project-id\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getManagedZones.\n", "properties": { @@ -293043,7 +293043,7 @@ } }, "gcp:dns/getRecordSet:getRecordSet": { - "description": "Get a DNS record set within Google Cloud DNS\nFor more information see\n[the official documentation](https://cloud.google.com/dns/docs/records)\nand\n[API](https://cloud.google.com/dns/docs/reference/v1/resourceRecordSets)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sample = gcp.dns.getManagedZone({\n name: \"sample-zone\",\n});\nconst rs = Promise.all([sample, sample]).then(([sample, sample1]) =\u003e gcp.dns.getRecordSet({\n managedZone: sample.name,\n name: `my-record.${sample1.dnsName}`,\n type: \"A\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsample = gcp.dns.get_managed_zone(name=\"sample-zone\")\nrs = gcp.dns.get_record_set(managed_zone=sample.name,\n name=f\"my-record.{sample.dns_name}\",\n type=\"A\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sample = Gcp.Dns.GetManagedZone.Invoke(new()\n {\n Name = \"sample-zone\",\n });\n\n var rs = Gcp.Dns.GetRecordSet.Invoke(new()\n {\n ManagedZone = sample.Apply(getManagedZoneResult =\u003e getManagedZoneResult.Name),\n Name = $\"my-record.{sample.Apply(getManagedZoneResult =\u003e getManagedZoneResult.DnsName)}\",\n Type = \"A\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsample, err := dns.LookupManagedZone(ctx, \u0026dns.LookupManagedZoneArgs{\n\t\t\tName: \"sample-zone\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.LookupRecordSet(ctx, \u0026dns.LookupRecordSetArgs{\n\t\t\tManagedZone: sample.Name,\n\t\t\tName: fmt.Sprintf(\"my-record.%v\", sample.DnsName),\n\t\t\tType: \"A\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsFunctions;\nimport com.pulumi.gcp.dns.inputs.GetManagedZoneArgs;\nimport com.pulumi.gcp.dns.inputs.GetRecordSetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var sample = DnsFunctions.getManagedZone(GetManagedZoneArgs.builder()\n .name(\"sample-zone\")\n .build());\n\n final var rs = DnsFunctions.getRecordSet(GetRecordSetArgs.builder()\n .managedZone(sample.applyValue(getManagedZoneResult -\u003e getManagedZoneResult.name()))\n .name(String.format(\"my-record.%s\", sample.applyValue(getManagedZoneResult -\u003e getManagedZoneResult.dnsName())))\n .type(\"A\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n sample:\n fn::invoke:\n Function: gcp:dns:getManagedZone\n Arguments:\n name: sample-zone\n rs:\n fn::invoke:\n Function: gcp:dns:getRecordSet\n Arguments:\n managedZone: ${sample.name}\n name: my-record.${sample.dnsName}\n type: A\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get a DNS record set within Google Cloud DNS\nFor more information see\n[the official documentation](https://cloud.google.com/dns/docs/records)\nand\n[API](https://cloud.google.com/dns/docs/reference/v1/resourceRecordSets)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sample = gcp.dns.getManagedZone({\n name: \"sample-zone\",\n});\nconst rs = Promise.all([sample, sample]).then(([sample, sample1]) =\u003e gcp.dns.getRecordSet({\n managedZone: sample.name,\n name: `my-record.${sample1.dnsName}`,\n type: \"A\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsample = gcp.dns.get_managed_zone(name=\"sample-zone\")\nrs = gcp.dns.get_record_set(managed_zone=sample.name,\n name=f\"my-record.{sample.dns_name}\",\n type=\"A\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sample = Gcp.Dns.GetManagedZone.Invoke(new()\n {\n Name = \"sample-zone\",\n });\n\n var rs = Gcp.Dns.GetRecordSet.Invoke(new()\n {\n ManagedZone = sample.Apply(getManagedZoneResult =\u003e getManagedZoneResult.Name),\n Name = $\"my-record.{sample.Apply(getManagedZoneResult =\u003e getManagedZoneResult.DnsName)}\",\n Type = \"A\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsample, err := dns.LookupManagedZone(ctx, \u0026dns.LookupManagedZoneArgs{\n\t\t\tName: \"sample-zone\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.LookupRecordSet(ctx, \u0026dns.LookupRecordSetArgs{\n\t\t\tManagedZone: sample.Name,\n\t\t\tName: fmt.Sprintf(\"my-record.%v\", sample.DnsName),\n\t\t\tType: \"A\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsFunctions;\nimport com.pulumi.gcp.dns.inputs.GetManagedZoneArgs;\nimport com.pulumi.gcp.dns.inputs.GetRecordSetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var sample = DnsFunctions.getManagedZone(GetManagedZoneArgs.builder()\n .name(\"sample-zone\")\n .build());\n\n final var rs = DnsFunctions.getRecordSet(GetRecordSetArgs.builder()\n .managedZone(sample.applyValue(getManagedZoneResult -\u003e getManagedZoneResult.name()))\n .name(String.format(\"my-record.%s\", sample.applyValue(getManagedZoneResult -\u003e getManagedZoneResult.dnsName())))\n .type(\"A\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n sample:\n fn::invoke:\n function: gcp:dns:getManagedZone\n arguments:\n name: sample-zone\n rs:\n fn::invoke:\n function: gcp:dns:getRecordSet\n arguments:\n managedZone: ${sample.name}\n name: my-record.${sample.dnsName}\n type: A\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getRecordSet.\n", "properties": { @@ -293166,7 +293166,7 @@ } }, "gcp:endpoints/getServiceIamPolicy:getServiceIamPolicy": { - "description": "Retrieves the current IAM policy data for service\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.endpoints.getServiceIamPolicy({\n serviceName: endpointsService.serviceName,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.endpoints.get_service_iam_policy(service_name=endpoints_service[\"serviceName\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Endpoints.GetServiceIamPolicy.Invoke(new()\n {\n ServiceName = endpointsService.ServiceName,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.LookupServiceIamPolicy(ctx, \u0026endpoints.LookupServiceIamPolicyArgs{\n\t\t\tServiceName: endpointsService.ServiceName,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.EndpointsFunctions;\nimport com.pulumi.gcp.endpoints.inputs.GetServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = EndpointsFunctions.getServiceIamPolicy(GetServiceIamPolicyArgs.builder()\n .serviceName(endpointsService.serviceName())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:endpoints:getServiceIamPolicy\n Arguments:\n serviceName: ${endpointsService.serviceName}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for service\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.endpoints.getServiceIamPolicy({\n serviceName: endpointsService.serviceName,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.endpoints.get_service_iam_policy(service_name=endpoints_service[\"serviceName\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Endpoints.GetServiceIamPolicy.Invoke(new()\n {\n ServiceName = endpointsService.ServiceName,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.LookupServiceIamPolicy(ctx, \u0026endpoints.LookupServiceIamPolicyArgs{\n\t\t\tServiceName: endpointsService.ServiceName,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.EndpointsFunctions;\nimport com.pulumi.gcp.endpoints.inputs.GetServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = EndpointsFunctions.getServiceIamPolicy(GetServiceIamPolicyArgs.builder()\n .serviceName(endpointsService.serviceName())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:endpoints:getServiceIamPolicy\n arguments:\n serviceName: ${endpointsService.serviceName}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getServiceIamPolicy.\n", "properties": { @@ -293209,7 +293209,7 @@ } }, "gcp:filestore/getInstance:getInstance": { - "description": "Get info about a Google Cloud Filestore instance.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myInstance = gcp.filestore.getInstance({\n name: \"my-filestore-instance\",\n});\nexport const instanceIpAddresses = myInstance.then(myInstance =\u003e myInstance.networks?.ipAddresses);\nexport const instanceConnectMode = myInstance.then(myInstance =\u003e myInstance.networks?.connectMode);\nexport const instanceFileShareName = myInstance.then(myInstance =\u003e myInstance.fileShares?.name);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_instance = gcp.filestore.get_instance(name=\"my-filestore-instance\")\npulumi.export(\"instanceIpAddresses\", my_instance.networks.ip_addresses)\npulumi.export(\"instanceConnectMode\", my_instance.networks.connect_mode)\npulumi.export(\"instanceFileShareName\", my_instance.file_shares.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myInstance = Gcp.Filestore.GetInstance.Invoke(new()\n {\n Name = \"my-filestore-instance\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"instanceIpAddresses\"] = myInstance.Apply(getInstanceResult =\u003e getInstanceResult.Networks?.IpAddresses),\n [\"instanceConnectMode\"] = myInstance.Apply(getInstanceResult =\u003e getInstanceResult.Networks?.ConnectMode),\n [\"instanceFileShareName\"] = myInstance.Apply(getInstanceResult =\u003e getInstanceResult.FileShares?.Name),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/filestore\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyInstance, err := filestore.LookupInstance(ctx, \u0026filestore.LookupInstanceArgs{\n\t\t\tName: \"my-filestore-instance\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"instanceIpAddresses\", myInstance.Networks.IpAddresses)\n\t\tctx.Export(\"instanceConnectMode\", myInstance.Networks.ConnectMode)\n\t\tctx.Export(\"instanceFileShareName\", myInstance.FileShares.Name)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.filestore.FilestoreFunctions;\nimport com.pulumi.gcp.filestore.inputs.GetInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myInstance = FilestoreFunctions.getInstance(GetInstanceArgs.builder()\n .name(\"my-filestore-instance\")\n .build());\n\n ctx.export(\"instanceIpAddresses\", myInstance.applyValue(getInstanceResult -\u003e getInstanceResult.networks().ipAddresses()));\n ctx.export(\"instanceConnectMode\", myInstance.applyValue(getInstanceResult -\u003e getInstanceResult.networks().connectMode()));\n ctx.export(\"instanceFileShareName\", myInstance.applyValue(getInstanceResult -\u003e getInstanceResult.fileShares().name()));\n }\n}\n```\n```yaml\nvariables:\n myInstance:\n fn::invoke:\n Function: gcp:filestore:getInstance\n Arguments:\n name: my-filestore-instance\noutputs:\n instanceIpAddresses: ${myInstance.networks.ipAddresses}\n instanceConnectMode: ${myInstance.networks.connectMode}\n instanceFileShareName: ${myInstance.fileShares.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get info about a Google Cloud Filestore instance.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myInstance = gcp.filestore.getInstance({\n name: \"my-filestore-instance\",\n});\nexport const instanceIpAddresses = myInstance.then(myInstance =\u003e myInstance.networks?.ipAddresses);\nexport const instanceConnectMode = myInstance.then(myInstance =\u003e myInstance.networks?.connectMode);\nexport const instanceFileShareName = myInstance.then(myInstance =\u003e myInstance.fileShares?.name);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_instance = gcp.filestore.get_instance(name=\"my-filestore-instance\")\npulumi.export(\"instanceIpAddresses\", my_instance.networks.ip_addresses)\npulumi.export(\"instanceConnectMode\", my_instance.networks.connect_mode)\npulumi.export(\"instanceFileShareName\", my_instance.file_shares.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myInstance = Gcp.Filestore.GetInstance.Invoke(new()\n {\n Name = \"my-filestore-instance\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"instanceIpAddresses\"] = myInstance.Apply(getInstanceResult =\u003e getInstanceResult.Networks?.IpAddresses),\n [\"instanceConnectMode\"] = myInstance.Apply(getInstanceResult =\u003e getInstanceResult.Networks?.ConnectMode),\n [\"instanceFileShareName\"] = myInstance.Apply(getInstanceResult =\u003e getInstanceResult.FileShares?.Name),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/filestore\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyInstance, err := filestore.LookupInstance(ctx, \u0026filestore.LookupInstanceArgs{\n\t\t\tName: \"my-filestore-instance\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"instanceIpAddresses\", myInstance.Networks.IpAddresses)\n\t\tctx.Export(\"instanceConnectMode\", myInstance.Networks.ConnectMode)\n\t\tctx.Export(\"instanceFileShareName\", myInstance.FileShares.Name)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.filestore.FilestoreFunctions;\nimport com.pulumi.gcp.filestore.inputs.GetInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myInstance = FilestoreFunctions.getInstance(GetInstanceArgs.builder()\n .name(\"my-filestore-instance\")\n .build());\n\n ctx.export(\"instanceIpAddresses\", myInstance.applyValue(getInstanceResult -\u003e getInstanceResult.networks().ipAddresses()));\n ctx.export(\"instanceConnectMode\", myInstance.applyValue(getInstanceResult -\u003e getInstanceResult.networks().connectMode()));\n ctx.export(\"instanceFileShareName\", myInstance.applyValue(getInstanceResult -\u003e getInstanceResult.fileShares().name()));\n }\n}\n```\n```yaml\nvariables:\n myInstance:\n fn::invoke:\n function: gcp:filestore:getInstance\n arguments:\n name: my-filestore-instance\noutputs:\n instanceIpAddresses: ${myInstance.networks.ipAddresses}\n instanceConnectMode: ${myInstance.networks.connectMode}\n instanceFileShareName: ${myInstance.fileShares.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getInstance.\n", "properties": { @@ -293805,7 +293805,7 @@ } }, "gcp:folder/getIamPolicy:getIamPolicy": { - "description": "Retrieves the current IAM policy data for a folder.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst test = gcp.folder.getIamPolicy({\n folder: permissiontest.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest = gcp.folder.get_iam_policy(folder=permissiontest[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = Gcp.Folder.GetIamPolicy.Invoke(new()\n {\n Folder = permissiontest.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.GetIamPolicy(ctx, \u0026folder.GetIamPolicyArgs{\n\t\t\tFolder: permissiontest.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.FolderFunctions;\nimport com.pulumi.gcp.folder.inputs.GetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var test = FolderFunctions.getIamPolicy(GetIamPolicyArgs.builder()\n .folder(permissiontest.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n test:\n fn::invoke:\n Function: gcp:folder:getIamPolicy\n Arguments:\n folder: ${permissiontest.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for a folder.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst test = gcp.folder.getIamPolicy({\n folder: permissiontest.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest = gcp.folder.get_iam_policy(folder=permissiontest[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = Gcp.Folder.GetIamPolicy.Invoke(new()\n {\n Folder = permissiontest.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.GetIamPolicy(ctx, \u0026folder.GetIamPolicyArgs{\n\t\t\tFolder: permissiontest.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.FolderFunctions;\nimport com.pulumi.gcp.folder.inputs.GetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var test = FolderFunctions.getIamPolicy(GetIamPolicyArgs.builder()\n .folder(permissiontest.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n test:\n fn::invoke:\n function: gcp:folder:getIamPolicy\n arguments:\n folder: ${permissiontest.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getIamPolicy.\n", "properties": { @@ -293849,7 +293849,7 @@ } }, "gcp:folder/getOrganizationPolicy:getOrganizationPolicy": { - "description": "Allows management of Organization policies for a Google Folder. For more information see\n[the official\ndocumentation](https://cloud.google.com/resource-manager/docs/organization-policy/overview)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.folder.getOrganizationPolicy({\n folder: \"folders/folderid\",\n constraint: \"constraints/compute.trustedImageProjects\",\n});\nexport const version = policy.then(policy =\u003e policy.version);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.folder.get_organization_policy(folder=\"folders/folderid\",\n constraint=\"constraints/compute.trustedImageProjects\")\npulumi.export(\"version\", policy.version)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Folder.GetOrganizationPolicy.Invoke(new()\n {\n Folder = \"folders/folderid\",\n Constraint = \"constraints/compute.trustedImageProjects\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"version\"] = policy.Apply(getOrganizationPolicyResult =\u003e getOrganizationPolicyResult.Version),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpolicy, err := folder.LookupOrganizationPolicy(ctx, \u0026folder.LookupOrganizationPolicyArgs{\n\t\t\tFolder: \"folders/folderid\",\n\t\t\tConstraint: \"constraints/compute.trustedImageProjects\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"version\", policy.Version)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.FolderFunctions;\nimport com.pulumi.gcp.folder.inputs.GetOrganizationPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = FolderFunctions.getOrganizationPolicy(GetOrganizationPolicyArgs.builder()\n .folder(\"folders/folderid\")\n .constraint(\"constraints/compute.trustedImageProjects\")\n .build());\n\n ctx.export(\"version\", policy.applyValue(getOrganizationPolicyResult -\u003e getOrganizationPolicyResult.version()));\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:folder:getOrganizationPolicy\n Arguments:\n folder: folders/folderid\n constraint: constraints/compute.trustedImageProjects\noutputs:\n version: ${policy.version}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Allows management of Organization policies for a Google Folder. For more information see\n[the official\ndocumentation](https://cloud.google.com/resource-manager/docs/organization-policy/overview)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.folder.getOrganizationPolicy({\n folder: \"folders/folderid\",\n constraint: \"constraints/compute.trustedImageProjects\",\n});\nexport const version = policy.then(policy =\u003e policy.version);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.folder.get_organization_policy(folder=\"folders/folderid\",\n constraint=\"constraints/compute.trustedImageProjects\")\npulumi.export(\"version\", policy.version)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Folder.GetOrganizationPolicy.Invoke(new()\n {\n Folder = \"folders/folderid\",\n Constraint = \"constraints/compute.trustedImageProjects\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"version\"] = policy.Apply(getOrganizationPolicyResult =\u003e getOrganizationPolicyResult.Version),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpolicy, err := folder.LookupOrganizationPolicy(ctx, \u0026folder.LookupOrganizationPolicyArgs{\n\t\t\tFolder: \"folders/folderid\",\n\t\t\tConstraint: \"constraints/compute.trustedImageProjects\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"version\", policy.Version)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.FolderFunctions;\nimport com.pulumi.gcp.folder.inputs.GetOrganizationPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = FolderFunctions.getOrganizationPolicy(GetOrganizationPolicyArgs.builder()\n .folder(\"folders/folderid\")\n .constraint(\"constraints/compute.trustedImageProjects\")\n .build());\n\n ctx.export(\"version\", policy.applyValue(getOrganizationPolicyResult -\u003e getOrganizationPolicyResult.version()));\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:folder:getOrganizationPolicy\n arguments:\n folder: folders/folderid\n constraint: constraints/compute.trustedImageProjects\noutputs:\n version: ${policy.version}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getOrganizationPolicy.\n", "properties": { @@ -293924,7 +293924,7 @@ } }, "gcp:gkebackup/getBackupPlanIamPolicy:getBackupPlanIamPolicy": { - "description": "Retrieves the current IAM policy data for backupplan\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.gkebackup.getBackupPlanIamPolicy({\n project: basic.project,\n location: basic.location,\n name: basic.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.gkebackup.get_backup_plan_iam_policy(project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.GkeBackup.GetBackupPlanIamPolicy.Invoke(new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.LookupBackupPlanIamPolicy(ctx, \u0026gkebackup.LookupBackupPlanIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(basic.Project),\n\t\t\tLocation: pulumi.StringRef(basic.Location),\n\t\t\tName: basic.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.GkebackupFunctions;\nimport com.pulumi.gcp.gkebackup.inputs.GetBackupPlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = GkebackupFunctions.getBackupPlanIamPolicy(GetBackupPlanIamPolicyArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:gkebackup:getBackupPlanIamPolicy\n Arguments:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for backupplan\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.gkebackup.getBackupPlanIamPolicy({\n project: basic.project,\n location: basic.location,\n name: basic.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.gkebackup.get_backup_plan_iam_policy(project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.GkeBackup.GetBackupPlanIamPolicy.Invoke(new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.LookupBackupPlanIamPolicy(ctx, \u0026gkebackup.LookupBackupPlanIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(basic.Project),\n\t\t\tLocation: pulumi.StringRef(basic.Location),\n\t\t\tName: basic.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.GkebackupFunctions;\nimport com.pulumi.gcp.gkebackup.inputs.GetBackupPlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = GkebackupFunctions.getBackupPlanIamPolicy(GetBackupPlanIamPolicyArgs.builder()\n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:gkebackup:getBackupPlanIamPolicy\n arguments:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getBackupPlanIamPolicy.\n", "properties": { @@ -293986,7 +293986,7 @@ } }, "gcp:gkebackup/getRestorePlanIamPolicy:getRestorePlanIamPolicy": { - "description": "Retrieves the current IAM policy data for restoreplan\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.gkebackup.getRestorePlanIamPolicy({\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.gkebackup.get_restore_plan_iam_policy(project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.GkeBackup.GetRestorePlanIamPolicy.Invoke(new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.LookupRestorePlanIamPolicy(ctx, \u0026gkebackup.LookupRestorePlanIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(allNs.Project),\n\t\t\tLocation: pulumi.StringRef(allNs.Location),\n\t\t\tName: allNs.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.GkebackupFunctions;\nimport com.pulumi.gcp.gkebackup.inputs.GetRestorePlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = GkebackupFunctions.getRestorePlanIamPolicy(GetRestorePlanIamPolicyArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:gkebackup:getRestorePlanIamPolicy\n Arguments:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for restoreplan\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.gkebackup.getRestorePlanIamPolicy({\n project: allNs.project,\n location: allNs.location,\n name: allNs.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.gkebackup.get_restore_plan_iam_policy(project=all_ns[\"project\"],\n location=all_ns[\"location\"],\n name=all_ns[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.GkeBackup.GetRestorePlanIamPolicy.Invoke(new()\n {\n Project = allNs.Project,\n Location = allNs.Location,\n Name = allNs.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.LookupRestorePlanIamPolicy(ctx, \u0026gkebackup.LookupRestorePlanIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(allNs.Project),\n\t\t\tLocation: pulumi.StringRef(allNs.Location),\n\t\t\tName: allNs.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.GkebackupFunctions;\nimport com.pulumi.gcp.gkebackup.inputs.GetRestorePlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = GkebackupFunctions.getRestorePlanIamPolicy(GetRestorePlanIamPolicyArgs.builder()\n .project(allNs.project())\n .location(allNs.location())\n .name(allNs.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:gkebackup:getRestorePlanIamPolicy\n arguments:\n project: ${allNs.project}\n location: ${allNs.location}\n name: ${allNs.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getRestorePlanIamPolicy.\n", "properties": { @@ -294048,7 +294048,7 @@ } }, "gcp:gkehub/getFeatureIamPolicy:getFeatureIamPolicy": { - "description": "Retrieves the current IAM policy data for feature\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.gkehub.getFeatureIamPolicy({\n project: feature.project,\n location: feature.location,\n name: feature.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.gkehub.get_feature_iam_policy(project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.GkeHub.GetFeatureIamPolicy.Invoke(new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.LookupFeatureIamPolicy(ctx, \u0026gkehub.LookupFeatureIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(feature.Project),\n\t\t\tLocation: pulumi.StringRef(feature.Location),\n\t\t\tName: feature.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.GkehubFunctions;\nimport com.pulumi.gcp.gkehub.inputs.GetFeatureIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = GkehubFunctions.getFeatureIamPolicy(GetFeatureIamPolicyArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:gkehub:getFeatureIamPolicy\n Arguments:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for feature\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.gkehub.getFeatureIamPolicy({\n project: feature.project,\n location: feature.location,\n name: feature.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.gkehub.get_feature_iam_policy(project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.GkeHub.GetFeatureIamPolicy.Invoke(new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.LookupFeatureIamPolicy(ctx, \u0026gkehub.LookupFeatureIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(feature.Project),\n\t\t\tLocation: pulumi.StringRef(feature.Location),\n\t\t\tName: feature.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.GkehubFunctions;\nimport com.pulumi.gcp.gkehub.inputs.GetFeatureIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = GkehubFunctions.getFeatureIamPolicy(GetFeatureIamPolicyArgs.builder()\n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:gkehub:getFeatureIamPolicy\n arguments:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getFeatureIamPolicy.\n", "properties": { @@ -294217,7 +294217,7 @@ } }, "gcp:gkehub/getMembershipIamPolicy:getMembershipIamPolicy": { - "description": "Retrieves the current IAM policy data for membership\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.gkehub.getMembershipIamPolicy({\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.gkehub.get_membership_iam_policy(project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.GkeHub.GetMembershipIamPolicy.Invoke(new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.LookupMembershipIamPolicy(ctx, \u0026gkehub.LookupMembershipIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(membership.Project),\n\t\t\tLocation: pulumi.StringRef(membership.Location),\n\t\t\tMembershipId: membership.MembershipId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.GkehubFunctions;\nimport com.pulumi.gcp.gkehub.inputs.GetMembershipIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = GkehubFunctions.getMembershipIamPolicy(GetMembershipIamPolicyArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:gkehub:getMembershipIamPolicy\n Arguments:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for membership\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.gkehub.getMembershipIamPolicy({\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.gkehub.get_membership_iam_policy(project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.GkeHub.GetMembershipIamPolicy.Invoke(new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.LookupMembershipIamPolicy(ctx, \u0026gkehub.LookupMembershipIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(membership.Project),\n\t\t\tLocation: pulumi.StringRef(membership.Location),\n\t\t\tMembershipId: membership.MembershipId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.GkehubFunctions;\nimport com.pulumi.gcp.gkehub.inputs.GetMembershipIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = GkehubFunctions.getMembershipIamPolicy(GetMembershipIamPolicyArgs.builder()\n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:gkehub:getMembershipIamPolicy\n arguments:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getMembershipIamPolicy.\n", "properties": { @@ -294278,7 +294278,7 @@ } }, "gcp:gkehub/getScopeIamPolicy:getScopeIamPolicy": { - "description": "Retrieves the current IAM policy data for scope\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.gkehub.getScopeIamPolicy({\n project: scope.project,\n scopeId: scope.scopeId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.gkehub.get_scope_iam_policy(project=scope[\"project\"],\n scope_id=scope[\"scopeId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.GkeHub.GetScopeIamPolicy.Invoke(new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.LookupScopeIamPolicy(ctx, \u0026gkehub.LookupScopeIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(scope.Project),\n\t\t\tScopeId: scope.ScopeId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.GkehubFunctions;\nimport com.pulumi.gcp.gkehub.inputs.GetScopeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = GkehubFunctions.getScopeIamPolicy(GetScopeIamPolicyArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:gkehub:getScopeIamPolicy\n Arguments:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for scope\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.gkehub.getScopeIamPolicy({\n project: scope.project,\n scopeId: scope.scopeId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.gkehub.get_scope_iam_policy(project=scope[\"project\"],\n scope_id=scope[\"scopeId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.GkeHub.GetScopeIamPolicy.Invoke(new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.LookupScopeIamPolicy(ctx, \u0026gkehub.LookupScopeIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(scope.Project),\n\t\t\tScopeId: scope.ScopeId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.GkehubFunctions;\nimport com.pulumi.gcp.gkehub.inputs.GetScopeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = GkehubFunctions.getScopeIamPolicy(GetScopeIamPolicyArgs.builder()\n .project(scope.project())\n .scopeId(scope.scopeId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:gkehub:getScopeIamPolicy\n arguments:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getScopeIamPolicy.\n", "properties": { @@ -294330,7 +294330,7 @@ } }, "gcp:healthcare/getConsentStoreIamPolicy:getConsentStoreIamPolicy": { - "description": "Retrieves the current IAM policy data for consentstore\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.healthcare.getConsentStoreIamPolicy({\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.healthcare.get_consent_store_iam_policy(dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Healthcare.GetConsentStoreIamPolicy.Invoke(new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.LookupConsentStoreIamPolicy(ctx, \u0026healthcare.LookupConsentStoreIamPolicyArgs{\n\t\t\tDataset: my_consent.Dataset,\n\t\t\tConsentStoreId: my_consent.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.HealthcareFunctions;\nimport com.pulumi.gcp.healthcare.inputs.GetConsentStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = HealthcareFunctions.getConsentStoreIamPolicy(GetConsentStoreIamPolicyArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:healthcare:getConsentStoreIamPolicy\n Arguments:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for consentstore\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.healthcare.getConsentStoreIamPolicy({\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.healthcare.get_consent_store_iam_policy(dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Healthcare.GetConsentStoreIamPolicy.Invoke(new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.LookupConsentStoreIamPolicy(ctx, \u0026healthcare.LookupConsentStoreIamPolicyArgs{\n\t\t\tDataset: my_consent.Dataset,\n\t\t\tConsentStoreId: my_consent.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.HealthcareFunctions;\nimport com.pulumi.gcp.healthcare.inputs.GetConsentStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = HealthcareFunctions.getConsentStoreIamPolicy(GetConsentStoreIamPolicyArgs.builder()\n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:healthcare:getConsentStoreIamPolicy\n arguments:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getConsentStoreIamPolicy.\n", "properties": { @@ -294384,7 +294384,7 @@ } }, "gcp:healthcare/getDatasetIamPolicy:getDatasetIamPolicy": { - "description": "Retrieves the current IAM policy data for a Google Cloud Healthcare dataset.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foo = gcp.healthcare.getDatasetIamPolicy({\n datasetId: dataset.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoo = gcp.healthcare.get_dataset_iam_policy(dataset_id=dataset[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = Gcp.Healthcare.GetDatasetIamPolicy.Invoke(new()\n {\n DatasetId = dataset.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.LookupDatasetIamPolicy(ctx, \u0026healthcare.LookupDatasetIamPolicyArgs{\n\t\t\tDatasetId: dataset.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.HealthcareFunctions;\nimport com.pulumi.gcp.healthcare.inputs.GetDatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var foo = HealthcareFunctions.getDatasetIamPolicy(GetDatasetIamPolicyArgs.builder()\n .datasetId(dataset.id())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n foo:\n fn::invoke:\n Function: gcp:healthcare:getDatasetIamPolicy\n Arguments:\n datasetId: ${dataset.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for a Google Cloud Healthcare dataset.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foo = gcp.healthcare.getDatasetIamPolicy({\n datasetId: dataset.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoo = gcp.healthcare.get_dataset_iam_policy(dataset_id=dataset[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = Gcp.Healthcare.GetDatasetIamPolicy.Invoke(new()\n {\n DatasetId = dataset.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.LookupDatasetIamPolicy(ctx, \u0026healthcare.LookupDatasetIamPolicyArgs{\n\t\t\tDatasetId: dataset.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.HealthcareFunctions;\nimport com.pulumi.gcp.healthcare.inputs.GetDatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var foo = HealthcareFunctions.getDatasetIamPolicy(GetDatasetIamPolicyArgs.builder()\n .datasetId(dataset.id())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n foo:\n fn::invoke:\n function: gcp:healthcare:getDatasetIamPolicy\n arguments:\n datasetId: ${dataset.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getDatasetIamPolicy.\n", "properties": { @@ -294428,7 +294428,7 @@ } }, "gcp:healthcare/getDicomStoreIamPolicy:getDicomStoreIamPolicy": { - "description": "Retrieves the current IAM policy data for a Google Cloud Healthcare DICOM store.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foo = gcp.healthcare.getDicomStoreIamPolicy({\n dicomStoreId: dicomStore.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoo = gcp.healthcare.get_dicom_store_iam_policy(dicom_store_id=dicom_store[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = Gcp.Healthcare.GetDicomStoreIamPolicy.Invoke(new()\n {\n DicomStoreId = dicomStore.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.LookupDicomStoreIamPolicy(ctx, \u0026healthcare.LookupDicomStoreIamPolicyArgs{\n\t\t\tDicomStoreId: dicomStore.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.HealthcareFunctions;\nimport com.pulumi.gcp.healthcare.inputs.GetDicomStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var foo = HealthcareFunctions.getDicomStoreIamPolicy(GetDicomStoreIamPolicyArgs.builder()\n .dicomStoreId(dicomStore.id())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n foo:\n fn::invoke:\n Function: gcp:healthcare:getDicomStoreIamPolicy\n Arguments:\n dicomStoreId: ${dicomStore.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for a Google Cloud Healthcare DICOM store.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foo = gcp.healthcare.getDicomStoreIamPolicy({\n dicomStoreId: dicomStore.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoo = gcp.healthcare.get_dicom_store_iam_policy(dicom_store_id=dicom_store[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = Gcp.Healthcare.GetDicomStoreIamPolicy.Invoke(new()\n {\n DicomStoreId = dicomStore.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.LookupDicomStoreIamPolicy(ctx, \u0026healthcare.LookupDicomStoreIamPolicyArgs{\n\t\t\tDicomStoreId: dicomStore.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.HealthcareFunctions;\nimport com.pulumi.gcp.healthcare.inputs.GetDicomStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var foo = HealthcareFunctions.getDicomStoreIamPolicy(GetDicomStoreIamPolicyArgs.builder()\n .dicomStoreId(dicomStore.id())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n foo:\n fn::invoke:\n function: gcp:healthcare:getDicomStoreIamPolicy\n arguments:\n dicomStoreId: ${dicomStore.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getDicomStoreIamPolicy.\n", "properties": { @@ -294472,7 +294472,7 @@ } }, "gcp:healthcare/getFhirStoreIamPolicy:getFhirStoreIamPolicy": { - "description": "Retrieves the current IAM policy data for a Google Cloud Healthcare FHIR store.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foo = gcp.healthcare.getFhirStoreIamPolicy({\n fhirStoreId: fhirStore.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoo = gcp.healthcare.get_fhir_store_iam_policy(fhir_store_id=fhir_store[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = Gcp.Healthcare.GetFhirStoreIamPolicy.Invoke(new()\n {\n FhirStoreId = fhirStore.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.LookupFhirStoreIamPolicy(ctx, \u0026healthcare.LookupFhirStoreIamPolicyArgs{\n\t\t\tFhirStoreId: fhirStore.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.HealthcareFunctions;\nimport com.pulumi.gcp.healthcare.inputs.GetFhirStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var foo = HealthcareFunctions.getFhirStoreIamPolicy(GetFhirStoreIamPolicyArgs.builder()\n .fhirStoreId(fhirStore.id())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n foo:\n fn::invoke:\n Function: gcp:healthcare:getFhirStoreIamPolicy\n Arguments:\n fhirStoreId: ${fhirStore.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for a Google Cloud Healthcare FHIR store.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foo = gcp.healthcare.getFhirStoreIamPolicy({\n fhirStoreId: fhirStore.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoo = gcp.healthcare.get_fhir_store_iam_policy(fhir_store_id=fhir_store[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = Gcp.Healthcare.GetFhirStoreIamPolicy.Invoke(new()\n {\n FhirStoreId = fhirStore.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.LookupFhirStoreIamPolicy(ctx, \u0026healthcare.LookupFhirStoreIamPolicyArgs{\n\t\t\tFhirStoreId: fhirStore.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.HealthcareFunctions;\nimport com.pulumi.gcp.healthcare.inputs.GetFhirStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var foo = HealthcareFunctions.getFhirStoreIamPolicy(GetFhirStoreIamPolicyArgs.builder()\n .fhirStoreId(fhirStore.id())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n foo:\n fn::invoke:\n function: gcp:healthcare:getFhirStoreIamPolicy\n arguments:\n fhirStoreId: ${fhirStore.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getFhirStoreIamPolicy.\n", "properties": { @@ -294516,7 +294516,7 @@ } }, "gcp:healthcare/getHl7V2StoreIamPolicy:getHl7V2StoreIamPolicy": { - "description": "Retrieves the current IAM policy data for a Google Cloud Healthcare HL7v2 store.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foo = gcp.healthcare.getHl7V2StoreIamPolicy({\n hl7V2StoreId: hl7V2Store.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoo = gcp.healthcare.get_hl7_v2_store_iam_policy(hl7_v2_store_id=hl7_v2_store[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = Gcp.Healthcare.GetHl7V2StoreIamPolicy.Invoke(new()\n {\n Hl7V2StoreId = hl7V2Store.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.GetHl7V2StoreIamPolicy(ctx, \u0026healthcare.GetHl7V2StoreIamPolicyArgs{\n\t\t\tHl7V2StoreId: hl7V2Store.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.HealthcareFunctions;\nimport com.pulumi.gcp.healthcare.inputs.GetHl7V2StoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var foo = HealthcareFunctions.getHl7V2StoreIamPolicy(GetHl7V2StoreIamPolicyArgs.builder()\n .hl7V2StoreId(hl7V2Store.id())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n foo:\n fn::invoke:\n Function: gcp:healthcare:getHl7V2StoreIamPolicy\n Arguments:\n hl7V2StoreId: ${hl7V2Store.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for a Google Cloud Healthcare HL7v2 store.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foo = gcp.healthcare.getHl7V2StoreIamPolicy({\n hl7V2StoreId: hl7V2Store.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoo = gcp.healthcare.get_hl7_v2_store_iam_policy(hl7_v2_store_id=hl7_v2_store[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = Gcp.Healthcare.GetHl7V2StoreIamPolicy.Invoke(new()\n {\n Hl7V2StoreId = hl7V2Store.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.GetHl7V2StoreIamPolicy(ctx, \u0026healthcare.GetHl7V2StoreIamPolicyArgs{\n\t\t\tHl7V2StoreId: hl7V2Store.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.HealthcareFunctions;\nimport com.pulumi.gcp.healthcare.inputs.GetHl7V2StoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var foo = HealthcareFunctions.getHl7V2StoreIamPolicy(GetHl7V2StoreIamPolicyArgs.builder()\n .hl7V2StoreId(hl7V2Store.id())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n foo:\n fn::invoke:\n function: gcp:healthcare:getHl7V2StoreIamPolicy\n arguments:\n hl7V2StoreId: ${hl7V2Store.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getHl7V2StoreIamPolicy.\n", "properties": { @@ -294560,7 +294560,7 @@ } }, "gcp:iam/getRule:getRule": { - "description": "Use this data source to get information about a Google IAM Role.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst roleinfo = gcp.iam.getRule({\n name: \"roles/compute.viewer\",\n});\nexport const theRolePermissions = roleinfo.then(roleinfo =\u003e roleinfo.includedPermissions);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nroleinfo = gcp.iam.get_rule(name=\"roles/compute.viewer\")\npulumi.export(\"theRolePermissions\", roleinfo.included_permissions)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var roleinfo = Gcp.Iam.GetRule.Invoke(new()\n {\n Name = \"roles/compute.viewer\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"theRolePermissions\"] = roleinfo.Apply(getRuleResult =\u003e getRuleResult.IncludedPermissions),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\troleinfo, err := iam.GetRule(ctx, \u0026iam.GetRuleArgs{\n\t\t\tName: \"roles/compute.viewer\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"theRolePermissions\", roleinfo.IncludedPermissions)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iam.IamFunctions;\nimport com.pulumi.gcp.iam.inputs.GetRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var roleinfo = IamFunctions.getRule(GetRuleArgs.builder()\n .name(\"roles/compute.viewer\")\n .build());\n\n ctx.export(\"theRolePermissions\", roleinfo.applyValue(getRuleResult -\u003e getRuleResult.includedPermissions()));\n }\n}\n```\n```yaml\nvariables:\n roleinfo:\n fn::invoke:\n Function: gcp:iam:getRule\n Arguments:\n name: roles/compute.viewer\noutputs:\n theRolePermissions: ${roleinfo.includedPermissions}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get information about a Google IAM Role.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst roleinfo = gcp.iam.getRule({\n name: \"roles/compute.viewer\",\n});\nexport const theRolePermissions = roleinfo.then(roleinfo =\u003e roleinfo.includedPermissions);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nroleinfo = gcp.iam.get_rule(name=\"roles/compute.viewer\")\npulumi.export(\"theRolePermissions\", roleinfo.included_permissions)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var roleinfo = Gcp.Iam.GetRule.Invoke(new()\n {\n Name = \"roles/compute.viewer\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"theRolePermissions\"] = roleinfo.Apply(getRuleResult =\u003e getRuleResult.IncludedPermissions),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\troleinfo, err := iam.GetRule(ctx, \u0026iam.GetRuleArgs{\n\t\t\tName: \"roles/compute.viewer\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"theRolePermissions\", roleinfo.IncludedPermissions)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iam.IamFunctions;\nimport com.pulumi.gcp.iam.inputs.GetRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var roleinfo = IamFunctions.getRule(GetRuleArgs.builder()\n .name(\"roles/compute.viewer\")\n .build());\n\n ctx.export(\"theRolePermissions\", roleinfo.applyValue(getRuleResult -\u003e getRuleResult.includedPermissions()));\n }\n}\n```\n```yaml\nvariables:\n roleinfo:\n fn::invoke:\n function: gcp:iam:getRule\n arguments:\n name: roles/compute.viewer\noutputs:\n theRolePermissions: ${roleinfo.includedPermissions}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getRule.\n", "properties": { @@ -294611,7 +294611,7 @@ } }, "gcp:iam/getTestablePermissions:getTestablePermissions": { - "description": "Retrieve a list of testable permissions for a resource. Testable permissions mean the permissions that user can add or remove in a role at a given resource. The resource can be referenced either via the full resource name or via a URI.\n\n## Example Usage\n\nRetrieve all the supported permissions able to be set on `my-project` that are in either GA or BETA. This is useful for dynamically constructing custom roles.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst perms = gcp.iam.getTestablePermissions({\n fullResourceName: \"//cloudresourcemanager.googleapis.com/projects/my-project\",\n stages: [\n \"GA\",\n \"BETA\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nperms = gcp.iam.get_testable_permissions(full_resource_name=\"//cloudresourcemanager.googleapis.com/projects/my-project\",\n stages=[\n \"GA\",\n \"BETA\",\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var perms = Gcp.Iam.GetTestablePermissions.Invoke(new()\n {\n FullResourceName = \"//cloudresourcemanager.googleapis.com/projects/my-project\",\n Stages = new[]\n {\n \"GA\",\n \"BETA\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.GetTestablePermissions(ctx, \u0026iam.GetTestablePermissionsArgs{\n\t\t\tFullResourceName: \"//cloudresourcemanager.googleapis.com/projects/my-project\",\n\t\t\tStages: []string{\n\t\t\t\t\"GA\",\n\t\t\t\t\"BETA\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iam.IamFunctions;\nimport com.pulumi.gcp.iam.inputs.GetTestablePermissionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var perms = IamFunctions.getTestablePermissions(GetTestablePermissionsArgs.builder()\n .fullResourceName(\"//cloudresourcemanager.googleapis.com/projects/my-project\")\n .stages( \n \"GA\",\n \"BETA\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n perms:\n fn::invoke:\n Function: gcp:iam:getTestablePermissions\n Arguments:\n fullResourceName: //cloudresourcemanager.googleapis.com/projects/my-project\n stages:\n - GA\n - BETA\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieve a list of testable permissions for a resource. Testable permissions mean the permissions that user can add or remove in a role at a given resource. The resource can be referenced either via the full resource name or via a URI.\n\n## Example Usage\n\nRetrieve all the supported permissions able to be set on `my-project` that are in either GA or BETA. This is useful for dynamically constructing custom roles.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst perms = gcp.iam.getTestablePermissions({\n fullResourceName: \"//cloudresourcemanager.googleapis.com/projects/my-project\",\n stages: [\n \"GA\",\n \"BETA\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nperms = gcp.iam.get_testable_permissions(full_resource_name=\"//cloudresourcemanager.googleapis.com/projects/my-project\",\n stages=[\n \"GA\",\n \"BETA\",\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var perms = Gcp.Iam.GetTestablePermissions.Invoke(new()\n {\n FullResourceName = \"//cloudresourcemanager.googleapis.com/projects/my-project\",\n Stages = new[]\n {\n \"GA\",\n \"BETA\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.GetTestablePermissions(ctx, \u0026iam.GetTestablePermissionsArgs{\n\t\t\tFullResourceName: \"//cloudresourcemanager.googleapis.com/projects/my-project\",\n\t\t\tStages: []string{\n\t\t\t\t\"GA\",\n\t\t\t\t\"BETA\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iam.IamFunctions;\nimport com.pulumi.gcp.iam.inputs.GetTestablePermissionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var perms = IamFunctions.getTestablePermissions(GetTestablePermissionsArgs.builder()\n .fullResourceName(\"//cloudresourcemanager.googleapis.com/projects/my-project\")\n .stages( \n \"GA\",\n \"BETA\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n perms:\n fn::invoke:\n function: gcp:iam:getTestablePermissions\n arguments:\n fullResourceName: //cloudresourcemanager.googleapis.com/projects/my-project\n stages:\n - GA\n - BETA\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getTestablePermissions.\n", "properties": { @@ -294673,7 +294673,7 @@ } }, "gcp:iam/getWorkloadIdentityPool:getWorkloadIdentityPool": { - "description": "Get a IAM workload identity pool from Google Cloud by its id.\n\u003e **Note:** The following resource requires the Beta IAM role `roles/iam.workloadIdentityPoolAdmin` in order to succeed. `OWNER` and `EDITOR` roles do not include the necessary permissions.\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foo = gcp.iam.getWorkloadIdentityPool({\n workloadIdentityPoolId: \"foo-pool\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoo = gcp.iam.get_workload_identity_pool(workload_identity_pool_id=\"foo-pool\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = Gcp.Iam.GetWorkloadIdentityPool.Invoke(new()\n {\n WorkloadIdentityPoolId = \"foo-pool\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.LookupWorkloadIdentityPool(ctx, \u0026iam.LookupWorkloadIdentityPoolArgs{\n\t\t\tWorkloadIdentityPoolId: \"foo-pool\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iam.IamFunctions;\nimport com.pulumi.gcp.iam.inputs.GetWorkloadIdentityPoolArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var foo = IamFunctions.getWorkloadIdentityPool(GetWorkloadIdentityPoolArgs.builder()\n .workloadIdentityPoolId(\"foo-pool\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n foo:\n fn::invoke:\n Function: gcp:iam:getWorkloadIdentityPool\n Arguments:\n workloadIdentityPoolId: foo-pool\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get a IAM workload identity pool from Google Cloud by its id.\n\u003e **Note:** The following resource requires the Beta IAM role `roles/iam.workloadIdentityPoolAdmin` in order to succeed. `OWNER` and `EDITOR` roles do not include the necessary permissions.\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foo = gcp.iam.getWorkloadIdentityPool({\n workloadIdentityPoolId: \"foo-pool\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoo = gcp.iam.get_workload_identity_pool(workload_identity_pool_id=\"foo-pool\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = Gcp.Iam.GetWorkloadIdentityPool.Invoke(new()\n {\n WorkloadIdentityPoolId = \"foo-pool\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.LookupWorkloadIdentityPool(ctx, \u0026iam.LookupWorkloadIdentityPoolArgs{\n\t\t\tWorkloadIdentityPoolId: \"foo-pool\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iam.IamFunctions;\nimport com.pulumi.gcp.iam.inputs.GetWorkloadIdentityPoolArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var foo = IamFunctions.getWorkloadIdentityPool(GetWorkloadIdentityPoolArgs.builder()\n .workloadIdentityPoolId(\"foo-pool\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n foo:\n fn::invoke:\n function: gcp:iam:getWorkloadIdentityPool\n arguments:\n workloadIdentityPoolId: foo-pool\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getWorkloadIdentityPool.\n", "properties": { @@ -294733,7 +294733,7 @@ } }, "gcp:iam/getWorkloadIdentityPoolProvider:getWorkloadIdentityPoolProvider": { - "description": "Get a IAM workload identity provider from Google Cloud by its id.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foo = gcp.iam.getWorkloadIdentityPoolProvider({\n workloadIdentityPoolId: \"foo-pool\",\n workloadIdentityPoolProviderId: \"bar-provider\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoo = gcp.iam.get_workload_identity_pool_provider(workload_identity_pool_id=\"foo-pool\",\n workload_identity_pool_provider_id=\"bar-provider\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = Gcp.Iam.GetWorkloadIdentityPoolProvider.Invoke(new()\n {\n WorkloadIdentityPoolId = \"foo-pool\",\n WorkloadIdentityPoolProviderId = \"bar-provider\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.LookupWorkloadIdentityPoolProvider(ctx, \u0026iam.LookupWorkloadIdentityPoolProviderArgs{\n\t\t\tWorkloadIdentityPoolId: \"foo-pool\",\n\t\t\tWorkloadIdentityPoolProviderId: \"bar-provider\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iam.IamFunctions;\nimport com.pulumi.gcp.iam.inputs.GetWorkloadIdentityPoolProviderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var foo = IamFunctions.getWorkloadIdentityPoolProvider(GetWorkloadIdentityPoolProviderArgs.builder()\n .workloadIdentityPoolId(\"foo-pool\")\n .workloadIdentityPoolProviderId(\"bar-provider\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n foo:\n fn::invoke:\n Function: gcp:iam:getWorkloadIdentityPoolProvider\n Arguments:\n workloadIdentityPoolId: foo-pool\n workloadIdentityPoolProviderId: bar-provider\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get a IAM workload identity provider from Google Cloud by its id.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foo = gcp.iam.getWorkloadIdentityPoolProvider({\n workloadIdentityPoolId: \"foo-pool\",\n workloadIdentityPoolProviderId: \"bar-provider\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoo = gcp.iam.get_workload_identity_pool_provider(workload_identity_pool_id=\"foo-pool\",\n workload_identity_pool_provider_id=\"bar-provider\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = Gcp.Iam.GetWorkloadIdentityPoolProvider.Invoke(new()\n {\n WorkloadIdentityPoolId = \"foo-pool\",\n WorkloadIdentityPoolProviderId = \"bar-provider\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.LookupWorkloadIdentityPoolProvider(ctx, \u0026iam.LookupWorkloadIdentityPoolProviderArgs{\n\t\t\tWorkloadIdentityPoolId: \"foo-pool\",\n\t\t\tWorkloadIdentityPoolProviderId: \"bar-provider\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iam.IamFunctions;\nimport com.pulumi.gcp.iam.inputs.GetWorkloadIdentityPoolProviderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var foo = IamFunctions.getWorkloadIdentityPoolProvider(GetWorkloadIdentityPoolProviderArgs.builder()\n .workloadIdentityPoolId(\"foo-pool\")\n .workloadIdentityPoolProviderId(\"bar-provider\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n foo:\n fn::invoke:\n function: gcp:iam:getWorkloadIdentityPoolProvider\n arguments:\n workloadIdentityPoolId: foo-pool\n workloadIdentityPoolProviderId: bar-provider\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getWorkloadIdentityPoolProvider.\n", "properties": { @@ -294841,7 +294841,7 @@ } }, "gcp:iap/getAppEngineServiceIamPolicy:getAppEngineServiceIamPolicy": { - "description": "Retrieves the current IAM policy data for appengineservice\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.iap.getAppEngineServiceIamPolicy({\n project: version.project,\n appId: version.project,\n service: version.service,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.iap.get_app_engine_service_iam_policy(project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Iap.GetAppEngineServiceIamPolicy.Invoke(new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.LookupAppEngineServiceIamPolicy(ctx, \u0026iap.LookupAppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(version.Project),\n\t\t\tAppId: version.Project,\n\t\t\tService: version.Service,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.IapFunctions;\nimport com.pulumi.gcp.iap.inputs.GetAppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = IapFunctions.getAppEngineServiceIamPolicy(GetAppEngineServiceIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:iap:getAppEngineServiceIamPolicy\n Arguments:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for appengineservice\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.iap.getAppEngineServiceIamPolicy({\n project: version.project,\n appId: version.project,\n service: version.service,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.iap.get_app_engine_service_iam_policy(project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Iap.GetAppEngineServiceIamPolicy.Invoke(new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.LookupAppEngineServiceIamPolicy(ctx, \u0026iap.LookupAppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(version.Project),\n\t\t\tAppId: version.Project,\n\t\t\tService: version.Service,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.IapFunctions;\nimport com.pulumi.gcp.iap.inputs.GetAppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = IapFunctions.getAppEngineServiceIamPolicy(GetAppEngineServiceIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:iap:getAppEngineServiceIamPolicy\n arguments:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getAppEngineServiceIamPolicy.\n", "properties": { @@ -294904,7 +294904,7 @@ } }, "gcp:iap/getAppEngineVersionIamPolicy:getAppEngineVersionIamPolicy": { - "description": "Retrieves the current IAM policy data for appengineversion\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.iap.getAppEngineVersionIamPolicy({\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.iap.get_app_engine_version_iam_policy(project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Iap.GetAppEngineVersionIamPolicy.Invoke(new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.LookupAppEngineVersionIamPolicy(ctx, \u0026iap.LookupAppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(version.Project),\n\t\t\tAppId: version.Project,\n\t\t\tService: version.Service,\n\t\t\tVersionId: version.VersionId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.IapFunctions;\nimport com.pulumi.gcp.iap.inputs.GetAppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = IapFunctions.getAppEngineVersionIamPolicy(GetAppEngineVersionIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:iap:getAppEngineVersionIamPolicy\n Arguments:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for appengineversion\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.iap.getAppEngineVersionIamPolicy({\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.iap.get_app_engine_version_iam_policy(project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Iap.GetAppEngineVersionIamPolicy.Invoke(new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.LookupAppEngineVersionIamPolicy(ctx, \u0026iap.LookupAppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(version.Project),\n\t\t\tAppId: version.Project,\n\t\t\tService: version.Service,\n\t\t\tVersionId: version.VersionId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.IapFunctions;\nimport com.pulumi.gcp.iap.inputs.GetAppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = IapFunctions.getAppEngineVersionIamPolicy(GetAppEngineVersionIamPolicyArgs.builder()\n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:iap:getAppEngineVersionIamPolicy\n arguments:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getAppEngineVersionIamPolicy.\n", "properties": { @@ -294977,7 +294977,7 @@ } }, "gcp:iap/getClient:getClient": { - "description": "Get info about a Google Cloud IAP Client.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({\n projectId: \"foobar\",\n});\nconst projectClient = project.then(project =\u003e gcp.iap.getClient({\n brand: `projects/${project.number}/brands/[BRAND_NUMBER]`,\n clientId: apps.googleusercontent.com,\n}));\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project(project_id=\"foobar\")\nproject_client = gcp.iap.get_client(brand=f\"projects/{project.number}/brands/[BRAND_NUMBER]\",\n client_id=apps[\"googleusercontent\"][\"com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke(new()\n {\n ProjectId = \"foobar\",\n });\n\n var projectClient = Gcp.Iap.GetClient.Invoke(new()\n {\n Brand = $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/brands/[BRAND_NUMBER]\",\n ClientId = apps.Googleusercontent.Com,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{\n\t\t\tProjectId: pulumi.StringRef(\"foobar\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.LookupClient(ctx, \u0026iap.LookupClientArgs{\n\t\t\tBrand: fmt.Sprintf(\"projects/%v/brands/[BRAND_NUMBER]\", project.Number),\n\t\t\tClientId: apps.Googleusercontent.Com,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.iap.IapFunctions;\nimport com.pulumi.gcp.iap.inputs.GetClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject(GetProjectArgs.builder()\n .projectId(\"foobar\")\n .build());\n\n final var projectClient = IapFunctions.getClient(GetClientArgs.builder()\n .brand(String.format(\"projects/%s/brands/[BRAND_NUMBER]\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .clientId(apps.googleusercontent().com())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments:\n projectId: foobar\n projectClient:\n fn::invoke:\n Function: gcp:iap:getClient\n Arguments:\n brand: projects/${project.number}/brands/[BRAND_NUMBER]\n clientId: ${apps.googleusercontent.com}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get info about a Google Cloud IAP Client.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({\n projectId: \"foobar\",\n});\nconst projectClient = project.then(project =\u003e gcp.iap.getClient({\n brand: `projects/${project.number}/brands/[BRAND_NUMBER]`,\n clientId: apps.googleusercontent.com,\n}));\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project(project_id=\"foobar\")\nproject_client = gcp.iap.get_client(brand=f\"projects/{project.number}/brands/[BRAND_NUMBER]\",\n client_id=apps[\"googleusercontent\"][\"com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke(new()\n {\n ProjectId = \"foobar\",\n });\n\n var projectClient = Gcp.Iap.GetClient.Invoke(new()\n {\n Brand = $\"projects/{project.Apply(getProjectResult =\u003e getProjectResult.Number)}/brands/[BRAND_NUMBER]\",\n ClientId = apps.Googleusercontent.Com,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{\n\t\t\tProjectId: pulumi.StringRef(\"foobar\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.LookupClient(ctx, \u0026iap.LookupClientArgs{\n\t\t\tBrand: fmt.Sprintf(\"projects/%v/brands/[BRAND_NUMBER]\", project.Number),\n\t\t\tClientId: apps.Googleusercontent.Com,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.iap.IapFunctions;\nimport com.pulumi.gcp.iap.inputs.GetClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject(GetProjectArgs.builder()\n .projectId(\"foobar\")\n .build());\n\n final var projectClient = IapFunctions.getClient(GetClientArgs.builder()\n .brand(String.format(\"projects/%s/brands/[BRAND_NUMBER]\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .clientId(apps.googleusercontent().com())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments:\n projectId: foobar\n projectClient:\n fn::invoke:\n function: gcp:iap:getClient\n arguments:\n brand: projects/${project.number}/brands/[BRAND_NUMBER]\n clientId: ${apps.googleusercontent.com}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getClient.\n", "properties": { @@ -295027,7 +295027,7 @@ } }, "gcp:iap/getTunnelDestGroupIamPolicy:getTunnelDestGroupIamPolicy": { - "description": "Retrieves the current IAM policy data for tunneldestgroup\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.iap.getTunnelDestGroupIamPolicy({\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.iap.get_tunnel_dest_group_iam_policy(project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Iap.GetTunnelDestGroupIamPolicy.Invoke(new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.LookupTunnelDestGroupIamPolicy(ctx, \u0026iap.LookupTunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(destGroup.Project),\n\t\t\tRegion: pulumi.StringRef(destGroup.Region),\n\t\t\tDestGroup: destGroup.GroupName,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.IapFunctions;\nimport com.pulumi.gcp.iap.inputs.GetTunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = IapFunctions.getTunnelDestGroupIamPolicy(GetTunnelDestGroupIamPolicyArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:iap:getTunnelDestGroupIamPolicy\n Arguments:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for tunneldestgroup\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.iap.getTunnelDestGroupIamPolicy({\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.iap.get_tunnel_dest_group_iam_policy(project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Iap.GetTunnelDestGroupIamPolicy.Invoke(new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.LookupTunnelDestGroupIamPolicy(ctx, \u0026iap.LookupTunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(destGroup.Project),\n\t\t\tRegion: pulumi.StringRef(destGroup.Region),\n\t\t\tDestGroup: destGroup.GroupName,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.IapFunctions;\nimport com.pulumi.gcp.iap.inputs.GetTunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = IapFunctions.getTunnelDestGroupIamPolicy(GetTunnelDestGroupIamPolicyArgs.builder()\n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:iap:getTunnelDestGroupIamPolicy\n arguments:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getTunnelDestGroupIamPolicy.\n", "properties": { @@ -295088,7 +295088,7 @@ } }, "gcp:iap/getTunnelIamPolicy:getTunnelIamPolicy": { - "description": "Retrieves the current IAM policy data for tunnel\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.iap.getTunnelIamPolicy({\n project: projectService.project,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.iap.get_tunnel_iam_policy(project=project_service[\"project\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Iap.GetTunnelIamPolicy.Invoke(new()\n {\n Project = projectService.Project,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.LookupTunnelIamPolicy(ctx, \u0026iap.LookupTunnelIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(projectService.Project),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.IapFunctions;\nimport com.pulumi.gcp.iap.inputs.GetTunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = IapFunctions.getTunnelIamPolicy(GetTunnelIamPolicyArgs.builder()\n .project(projectService.project())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:iap:getTunnelIamPolicy\n Arguments:\n project: ${projectService.project}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for tunnel\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.iap.getTunnelIamPolicy({\n project: projectService.project,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.iap.get_tunnel_iam_policy(project=project_service[\"project\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Iap.GetTunnelIamPolicy.Invoke(new()\n {\n Project = projectService.Project,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.LookupTunnelIamPolicy(ctx, \u0026iap.LookupTunnelIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(projectService.Project),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.IapFunctions;\nimport com.pulumi.gcp.iap.inputs.GetTunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = IapFunctions.getTunnelIamPolicy(GetTunnelIamPolicyArgs.builder()\n .project(projectService.project())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:iap:getTunnelIamPolicy\n arguments:\n project: ${projectService.project}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getTunnelIamPolicy.\n", "properties": { @@ -295129,7 +295129,7 @@ } }, "gcp:iap/getTunnelInstanceIamPolicy:getTunnelInstanceIamPolicy": { - "description": "Retrieves the current IAM policy data for tunnelinstance\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.iap.getTunnelInstanceIamPolicy({\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.iap.get_tunnel_instance_iam_policy(project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Iap.GetTunnelInstanceIamPolicy.Invoke(new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.GetTunnelInstanceIamPolicy(ctx, \u0026iap.GetTunnelInstanceIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(tunnelvm.Project),\n\t\t\tZone: pulumi.StringRef(tunnelvm.Zone),\n\t\t\tInstance: tunnelvm.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.IapFunctions;\nimport com.pulumi.gcp.iap.inputs.GetTunnelInstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = IapFunctions.getTunnelInstanceIamPolicy(GetTunnelInstanceIamPolicyArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:iap:getTunnelInstanceIamPolicy\n Arguments:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for tunnelinstance\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.iap.getTunnelInstanceIamPolicy({\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.iap.get_tunnel_instance_iam_policy(project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Iap.GetTunnelInstanceIamPolicy.Invoke(new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.GetTunnelInstanceIamPolicy(ctx, \u0026iap.GetTunnelInstanceIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(tunnelvm.Project),\n\t\t\tZone: pulumi.StringRef(tunnelvm.Zone),\n\t\t\tInstance: tunnelvm.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.IapFunctions;\nimport com.pulumi.gcp.iap.inputs.GetTunnelInstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = IapFunctions.getTunnelInstanceIamPolicy(GetTunnelInstanceIamPolicyArgs.builder()\n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:iap:getTunnelInstanceIamPolicy\n arguments:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getTunnelInstanceIamPolicy.\n", "properties": { @@ -295190,7 +295190,7 @@ } }, "gcp:iap/getWebBackendServiceIamPolicy:getWebBackendServiceIamPolicy": { - "description": "Retrieves the current IAM policy data for webbackendservice\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.iap.getWebBackendServiceIamPolicy({\n project: _default.project,\n webBackendService: _default.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.iap.get_web_backend_service_iam_policy(project=default[\"project\"],\n web_backend_service=default[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Iap.GetWebBackendServiceIamPolicy.Invoke(new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.LookupWebBackendServiceIamPolicy(ctx, \u0026iap.LookupWebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(_default.Project),\n\t\t\tWebBackendService: _default.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.IapFunctions;\nimport com.pulumi.gcp.iap.inputs.GetWebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = IapFunctions.getWebBackendServiceIamPolicy(GetWebBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:iap:getWebBackendServiceIamPolicy\n Arguments:\n project: ${default.project}\n webBackendService: ${default.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for webbackendservice\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.iap.getWebBackendServiceIamPolicy({\n project: _default.project,\n webBackendService: _default.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.iap.get_web_backend_service_iam_policy(project=default[\"project\"],\n web_backend_service=default[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Iap.GetWebBackendServiceIamPolicy.Invoke(new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.LookupWebBackendServiceIamPolicy(ctx, \u0026iap.LookupWebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(_default.Project),\n\t\t\tWebBackendService: _default.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.IapFunctions;\nimport com.pulumi.gcp.iap.inputs.GetWebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = IapFunctions.getWebBackendServiceIamPolicy(GetWebBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .webBackendService(default_.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:iap:getWebBackendServiceIamPolicy\n arguments:\n project: ${default.project}\n webBackendService: ${default.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getWebBackendServiceIamPolicy.\n", "properties": { @@ -295243,7 +295243,7 @@ } }, "gcp:iap/getWebIamPolicy:getWebIamPolicy": { - "description": "Retrieves the current IAM policy data for web\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.iap.getWebIamPolicy({\n project: projectService.project,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.iap.get_web_iam_policy(project=project_service[\"project\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Iap.GetWebIamPolicy.Invoke(new()\n {\n Project = projectService.Project,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.LookupWebIamPolicy(ctx, \u0026iap.LookupWebIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(projectService.Project),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.IapFunctions;\nimport com.pulumi.gcp.iap.inputs.GetWebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = IapFunctions.getWebIamPolicy(GetWebIamPolicyArgs.builder()\n .project(projectService.project())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:iap:getWebIamPolicy\n Arguments:\n project: ${projectService.project}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for web\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.iap.getWebIamPolicy({\n project: projectService.project,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.iap.get_web_iam_policy(project=project_service[\"project\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Iap.GetWebIamPolicy.Invoke(new()\n {\n Project = projectService.Project,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.LookupWebIamPolicy(ctx, \u0026iap.LookupWebIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(projectService.Project),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.IapFunctions;\nimport com.pulumi.gcp.iap.inputs.GetWebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = IapFunctions.getWebIamPolicy(GetWebIamPolicyArgs.builder()\n .project(projectService.project())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:iap:getWebIamPolicy\n arguments:\n project: ${projectService.project}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getWebIamPolicy.\n", "properties": { @@ -295284,7 +295284,7 @@ } }, "gcp:iap/getWebRegionBackendServiceIamPolicy:getWebRegionBackendServiceIamPolicy": { - "description": "Retrieves the current IAM policy data for webregionbackendservice\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.iap.getWebRegionBackendServiceIamPolicy({\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.iap.get_web_region_backend_service_iam_policy(project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Iap.GetWebRegionBackendServiceIamPolicy.Invoke(new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.LookupWebRegionBackendServiceIamPolicy(ctx, \u0026iap.LookupWebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(_default.Project),\n\t\t\tRegion: pulumi.StringRef(_default.Region),\n\t\t\tWebRegionBackendService: _default.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.IapFunctions;\nimport com.pulumi.gcp.iap.inputs.GetWebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = IapFunctions.getWebRegionBackendServiceIamPolicy(GetWebRegionBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:iap:getWebRegionBackendServiceIamPolicy\n Arguments:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for webregionbackendservice\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.iap.getWebRegionBackendServiceIamPolicy({\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.iap.get_web_region_backend_service_iam_policy(project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Iap.GetWebRegionBackendServiceIamPolicy.Invoke(new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.LookupWebRegionBackendServiceIamPolicy(ctx, \u0026iap.LookupWebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(_default.Project),\n\t\t\tRegion: pulumi.StringRef(_default.Region),\n\t\t\tWebRegionBackendService: _default.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.IapFunctions;\nimport com.pulumi.gcp.iap.inputs.GetWebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = IapFunctions.getWebRegionBackendServiceIamPolicy(GetWebRegionBackendServiceIamPolicyArgs.builder()\n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:iap:getWebRegionBackendServiceIamPolicy\n arguments:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getWebRegionBackendServiceIamPolicy.\n", "properties": { @@ -295345,7 +295345,7 @@ } }, "gcp:iap/getWebTypeAppEngineIamPolicy:getWebTypeAppEngineIamPolicy": { - "description": "Retrieves the current IAM policy data for webtypeappengine\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.iap.getWebTypeAppEngineIamPolicy({\n project: app.project,\n appId: app.appId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.iap.get_web_type_app_engine_iam_policy(project=app[\"project\"],\n app_id=app[\"appId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Iap.GetWebTypeAppEngineIamPolicy.Invoke(new()\n {\n Project = app.Project,\n AppId = app.AppId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.GetWebTypeAppEngineIamPolicy(ctx, \u0026iap.GetWebTypeAppEngineIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(app.Project),\n\t\t\tAppId: app.AppId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.IapFunctions;\nimport com.pulumi.gcp.iap.inputs.GetWebTypeAppEngineIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = IapFunctions.getWebTypeAppEngineIamPolicy(GetWebTypeAppEngineIamPolicyArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:iap:getWebTypeAppEngineIamPolicy\n Arguments:\n project: ${app.project}\n appId: ${app.appId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for webtypeappengine\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.iap.getWebTypeAppEngineIamPolicy({\n project: app.project,\n appId: app.appId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.iap.get_web_type_app_engine_iam_policy(project=app[\"project\"],\n app_id=app[\"appId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Iap.GetWebTypeAppEngineIamPolicy.Invoke(new()\n {\n Project = app.Project,\n AppId = app.AppId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.GetWebTypeAppEngineIamPolicy(ctx, \u0026iap.GetWebTypeAppEngineIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(app.Project),\n\t\t\tAppId: app.AppId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.IapFunctions;\nimport com.pulumi.gcp.iap.inputs.GetWebTypeAppEngineIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = IapFunctions.getWebTypeAppEngineIamPolicy(GetWebTypeAppEngineIamPolicyArgs.builder()\n .project(app.project())\n .appId(app.appId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:iap:getWebTypeAppEngineIamPolicy\n arguments:\n project: ${app.project}\n appId: ${app.appId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getWebTypeAppEngineIamPolicy.\n", "properties": { @@ -295398,7 +295398,7 @@ } }, "gcp:iap/getWebTypeComputeIamPolicy:getWebTypeComputeIamPolicy": { - "description": "Retrieves the current IAM policy data for webtypecompute\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.iap.getWebTypeComputeIamPolicy({\n project: projectService.project,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.iap.get_web_type_compute_iam_policy(project=project_service[\"project\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Iap.GetWebTypeComputeIamPolicy.Invoke(new()\n {\n Project = projectService.Project,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.LookupWebTypeComputeIamPolicy(ctx, \u0026iap.LookupWebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(projectService.Project),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.IapFunctions;\nimport com.pulumi.gcp.iap.inputs.GetWebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = IapFunctions.getWebTypeComputeIamPolicy(GetWebTypeComputeIamPolicyArgs.builder()\n .project(projectService.project())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:iap:getWebTypeComputeIamPolicy\n Arguments:\n project: ${projectService.project}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for webtypecompute\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.iap.getWebTypeComputeIamPolicy({\n project: projectService.project,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.iap.get_web_type_compute_iam_policy(project=project_service[\"project\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Iap.GetWebTypeComputeIamPolicy.Invoke(new()\n {\n Project = projectService.Project,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.LookupWebTypeComputeIamPolicy(ctx, \u0026iap.LookupWebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(projectService.Project),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.IapFunctions;\nimport com.pulumi.gcp.iap.inputs.GetWebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = IapFunctions.getWebTypeComputeIamPolicy(GetWebTypeComputeIamPolicyArgs.builder()\n .project(projectService.project())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:iap:getWebTypeComputeIamPolicy\n arguments:\n project: ${projectService.project}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getWebTypeComputeIamPolicy.\n", "properties": { @@ -295439,7 +295439,7 @@ } }, "gcp:kms/getCryptoKeyIamPolicy:getCryptoKeyIamPolicy": { - "description": "Retrieves the current IAM policy data for a Google Cloud KMS crypto key.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foo = gcp.kms.getCryptoKeyIamPolicy({\n cryptoKeyId: cryptoKey.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoo = gcp.kms.get_crypto_key_iam_policy(crypto_key_id=crypto_key[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = Gcp.Kms.GetCryptoKeyIamPolicy.Invoke(new()\n {\n CryptoKeyId = cryptoKey.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.GetCryptoKeyIamPolicy(ctx, \u0026kms.GetCryptoKeyIamPolicyArgs{\n\t\t\tCryptoKeyId: cryptoKey.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetCryptoKeyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var foo = KmsFunctions.getCryptoKeyIamPolicy(GetCryptoKeyIamPolicyArgs.builder()\n .cryptoKeyId(cryptoKey.id())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n foo:\n fn::invoke:\n Function: gcp:kms:getCryptoKeyIamPolicy\n Arguments:\n cryptoKeyId: ${cryptoKey.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for a Google Cloud KMS crypto key.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foo = gcp.kms.getCryptoKeyIamPolicy({\n cryptoKeyId: cryptoKey.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoo = gcp.kms.get_crypto_key_iam_policy(crypto_key_id=crypto_key[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = Gcp.Kms.GetCryptoKeyIamPolicy.Invoke(new()\n {\n CryptoKeyId = cryptoKey.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.GetCryptoKeyIamPolicy(ctx, \u0026kms.GetCryptoKeyIamPolicyArgs{\n\t\t\tCryptoKeyId: cryptoKey.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetCryptoKeyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var foo = KmsFunctions.getCryptoKeyIamPolicy(GetCryptoKeyIamPolicyArgs.builder()\n .cryptoKeyId(cryptoKey.id())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n foo:\n fn::invoke:\n function: gcp:kms:getCryptoKeyIamPolicy\n arguments:\n cryptoKeyId: ${cryptoKey.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getCryptoKeyIamPolicy.\n", "properties": { @@ -295483,7 +295483,7 @@ } }, "gcp:kms/getCryptoKeyLatestVersion:getCryptoKeyLatestVersion": { - "description": "Provides access to the latest Google Cloud Platform KMS CryptoKeyVersion in a CryptoKey. For more information see\n[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key_version)\nand\n[API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myKeyRing = gcp.kms.getKMSKeyRing({\n name: \"my-key-ring\",\n location: \"us-central1\",\n});\nconst myCryptoKey = myKeyRing.then(myKeyRing =\u003e gcp.kms.getKMSCryptoKey({\n name: \"my-crypto-key\",\n keyRing: myKeyRing.id,\n}));\nconst myCryptoKeyLatestVersion = gcp.kms.getCryptoKeyLatestVersion({\n cryptoKey: myKey.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_key_ring = gcp.kms.get_kms_key_ring(name=\"my-key-ring\",\n location=\"us-central1\")\nmy_crypto_key = gcp.kms.get_kms_crypto_key(name=\"my-crypto-key\",\n key_ring=my_key_ring.id)\nmy_crypto_key_latest_version = gcp.kms.get_crypto_key_latest_version(crypto_key=my_key[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myKeyRing = Gcp.Kms.GetKMSKeyRing.Invoke(new()\n {\n Name = \"my-key-ring\",\n Location = \"us-central1\",\n });\n\n var myCryptoKey = Gcp.Kms.GetKMSCryptoKey.Invoke(new()\n {\n Name = \"my-crypto-key\",\n KeyRing = myKeyRing.Apply(getKMSKeyRingResult =\u003e getKMSKeyRingResult.Id),\n });\n\n var myCryptoKeyLatestVersion = Gcp.Kms.GetCryptoKeyLatestVersion.Invoke(new()\n {\n CryptoKey = myKey.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyKeyRing, err := kms.GetKMSKeyRing(ctx, \u0026kms.GetKMSKeyRingArgs{\n\t\t\tName: \"my-key-ring\",\n\t\t\tLocation: \"us-central1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.GetKMSCryptoKey(ctx, \u0026kms.GetKMSCryptoKeyArgs{\n\t\t\tName: \"my-crypto-key\",\n\t\t\tKeyRing: myKeyRing.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.GetCryptoKeyLatestVersion(ctx, \u0026kms.GetCryptoKeyLatestVersionArgs{\n\t\t\tCryptoKey: myKey.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetKMSKeyRingArgs;\nimport com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyArgs;\nimport com.pulumi.gcp.kms.inputs.GetCryptoKeyLatestVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myKeyRing = KmsFunctions.getKMSKeyRing(GetKMSKeyRingArgs.builder()\n .name(\"my-key-ring\")\n .location(\"us-central1\")\n .build());\n\n final var myCryptoKey = KmsFunctions.getKMSCryptoKey(GetKMSCryptoKeyArgs.builder()\n .name(\"my-crypto-key\")\n .keyRing(myKeyRing.applyValue(getKMSKeyRingResult -\u003e getKMSKeyRingResult.id()))\n .build());\n\n final var myCryptoKeyLatestVersion = KmsFunctions.getCryptoKeyLatestVersion(GetCryptoKeyLatestVersionArgs.builder()\n .cryptoKey(myKey.id())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myKeyRing:\n fn::invoke:\n Function: gcp:kms:getKMSKeyRing\n Arguments:\n name: my-key-ring\n location: us-central1\n myCryptoKey:\n fn::invoke:\n Function: gcp:kms:getKMSCryptoKey\n Arguments:\n name: my-crypto-key\n keyRing: ${myKeyRing.id}\n myCryptoKeyLatestVersion:\n fn::invoke:\n Function: gcp:kms:getCryptoKeyLatestVersion\n Arguments:\n cryptoKey: ${myKey.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Provides access to the latest Google Cloud Platform KMS CryptoKeyVersion in a CryptoKey. For more information see\n[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key_version)\nand\n[API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myKeyRing = gcp.kms.getKMSKeyRing({\n name: \"my-key-ring\",\n location: \"us-central1\",\n});\nconst myCryptoKey = myKeyRing.then(myKeyRing =\u003e gcp.kms.getKMSCryptoKey({\n name: \"my-crypto-key\",\n keyRing: myKeyRing.id,\n}));\nconst myCryptoKeyLatestVersion = gcp.kms.getCryptoKeyLatestVersion({\n cryptoKey: myKey.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_key_ring = gcp.kms.get_kms_key_ring(name=\"my-key-ring\",\n location=\"us-central1\")\nmy_crypto_key = gcp.kms.get_kms_crypto_key(name=\"my-crypto-key\",\n key_ring=my_key_ring.id)\nmy_crypto_key_latest_version = gcp.kms.get_crypto_key_latest_version(crypto_key=my_key[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myKeyRing = Gcp.Kms.GetKMSKeyRing.Invoke(new()\n {\n Name = \"my-key-ring\",\n Location = \"us-central1\",\n });\n\n var myCryptoKey = Gcp.Kms.GetKMSCryptoKey.Invoke(new()\n {\n Name = \"my-crypto-key\",\n KeyRing = myKeyRing.Apply(getKMSKeyRingResult =\u003e getKMSKeyRingResult.Id),\n });\n\n var myCryptoKeyLatestVersion = Gcp.Kms.GetCryptoKeyLatestVersion.Invoke(new()\n {\n CryptoKey = myKey.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyKeyRing, err := kms.GetKMSKeyRing(ctx, \u0026kms.GetKMSKeyRingArgs{\n\t\t\tName: \"my-key-ring\",\n\t\t\tLocation: \"us-central1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.GetKMSCryptoKey(ctx, \u0026kms.GetKMSCryptoKeyArgs{\n\t\t\tName: \"my-crypto-key\",\n\t\t\tKeyRing: myKeyRing.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.GetCryptoKeyLatestVersion(ctx, \u0026kms.GetCryptoKeyLatestVersionArgs{\n\t\t\tCryptoKey: myKey.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetKMSKeyRingArgs;\nimport com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyArgs;\nimport com.pulumi.gcp.kms.inputs.GetCryptoKeyLatestVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myKeyRing = KmsFunctions.getKMSKeyRing(GetKMSKeyRingArgs.builder()\n .name(\"my-key-ring\")\n .location(\"us-central1\")\n .build());\n\n final var myCryptoKey = KmsFunctions.getKMSCryptoKey(GetKMSCryptoKeyArgs.builder()\n .name(\"my-crypto-key\")\n .keyRing(myKeyRing.applyValue(getKMSKeyRingResult -\u003e getKMSKeyRingResult.id()))\n .build());\n\n final var myCryptoKeyLatestVersion = KmsFunctions.getCryptoKeyLatestVersion(GetCryptoKeyLatestVersionArgs.builder()\n .cryptoKey(myKey.id())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myKeyRing:\n fn::invoke:\n function: gcp:kms:getKMSKeyRing\n arguments:\n name: my-key-ring\n location: us-central1\n myCryptoKey:\n fn::invoke:\n function: gcp:kms:getKMSCryptoKey\n arguments:\n name: my-crypto-key\n keyRing: ${myKeyRing.id}\n myCryptoKeyLatestVersion:\n fn::invoke:\n function: gcp:kms:getCryptoKeyLatestVersion\n arguments:\n cryptoKey: ${myKey.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getCryptoKeyLatestVersion.\n", "properties": { @@ -295555,7 +295555,7 @@ } }, "gcp:kms/getCryptoKeyVersions:getCryptoKeyVersions": { - "description": "Provides access to Google Cloud Platform KMS CryptoKeyVersions. For more information see\n[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key_version)\nand\n[API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions).\n\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myKeyRing = gcp.kms.getKMSKeyRing({\n name: \"my-key-ring\",\n location: \"us-central1\",\n});\nconst myCryptoKey = myKeyRing.then(myKeyRing =\u003e gcp.kms.getKMSCryptoKey({\n name: \"my-crypto-key\",\n keyRing: myKeyRing.id,\n}));\nconst myCryptoKeyVersions = gcp.kms.getCryptoKeyVersions({\n cryptoKey: myKey.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_key_ring = gcp.kms.get_kms_key_ring(name=\"my-key-ring\",\n location=\"us-central1\")\nmy_crypto_key = gcp.kms.get_kms_crypto_key(name=\"my-crypto-key\",\n key_ring=my_key_ring.id)\nmy_crypto_key_versions = gcp.kms.get_crypto_key_versions(crypto_key=my_key[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myKeyRing = Gcp.Kms.GetKMSKeyRing.Invoke(new()\n {\n Name = \"my-key-ring\",\n Location = \"us-central1\",\n });\n\n var myCryptoKey = Gcp.Kms.GetKMSCryptoKey.Invoke(new()\n {\n Name = \"my-crypto-key\",\n KeyRing = myKeyRing.Apply(getKMSKeyRingResult =\u003e getKMSKeyRingResult.Id),\n });\n\n var myCryptoKeyVersions = Gcp.Kms.GetCryptoKeyVersions.Invoke(new()\n {\n CryptoKey = myKey.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyKeyRing, err := kms.GetKMSKeyRing(ctx, \u0026kms.GetKMSKeyRingArgs{\n\t\t\tName: \"my-key-ring\",\n\t\t\tLocation: \"us-central1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.GetKMSCryptoKey(ctx, \u0026kms.GetKMSCryptoKeyArgs{\n\t\t\tName: \"my-crypto-key\",\n\t\t\tKeyRing: myKeyRing.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.GetCryptoKeyVersions(ctx, \u0026kms.GetCryptoKeyVersionsArgs{\n\t\t\tCryptoKey: myKey.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetKMSKeyRingArgs;\nimport com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyArgs;\nimport com.pulumi.gcp.kms.inputs.GetCryptoKeyVersionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myKeyRing = KmsFunctions.getKMSKeyRing(GetKMSKeyRingArgs.builder()\n .name(\"my-key-ring\")\n .location(\"us-central1\")\n .build());\n\n final var myCryptoKey = KmsFunctions.getKMSCryptoKey(GetKMSCryptoKeyArgs.builder()\n .name(\"my-crypto-key\")\n .keyRing(myKeyRing.applyValue(getKMSKeyRingResult -\u003e getKMSKeyRingResult.id()))\n .build());\n\n final var myCryptoKeyVersions = KmsFunctions.getCryptoKeyVersions(GetCryptoKeyVersionsArgs.builder()\n .cryptoKey(myKey.id())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myKeyRing:\n fn::invoke:\n Function: gcp:kms:getKMSKeyRing\n Arguments:\n name: my-key-ring\n location: us-central1\n myCryptoKey:\n fn::invoke:\n Function: gcp:kms:getKMSCryptoKey\n Arguments:\n name: my-crypto-key\n keyRing: ${myKeyRing.id}\n myCryptoKeyVersions:\n fn::invoke:\n Function: gcp:kms:getCryptoKeyVersions\n Arguments:\n cryptoKey: ${myKey.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Provides access to Google Cloud Platform KMS CryptoKeyVersions. For more information see\n[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key_version)\nand\n[API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions).\n\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myKeyRing = gcp.kms.getKMSKeyRing({\n name: \"my-key-ring\",\n location: \"us-central1\",\n});\nconst myCryptoKey = myKeyRing.then(myKeyRing =\u003e gcp.kms.getKMSCryptoKey({\n name: \"my-crypto-key\",\n keyRing: myKeyRing.id,\n}));\nconst myCryptoKeyVersions = gcp.kms.getCryptoKeyVersions({\n cryptoKey: myKey.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_key_ring = gcp.kms.get_kms_key_ring(name=\"my-key-ring\",\n location=\"us-central1\")\nmy_crypto_key = gcp.kms.get_kms_crypto_key(name=\"my-crypto-key\",\n key_ring=my_key_ring.id)\nmy_crypto_key_versions = gcp.kms.get_crypto_key_versions(crypto_key=my_key[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myKeyRing = Gcp.Kms.GetKMSKeyRing.Invoke(new()\n {\n Name = \"my-key-ring\",\n Location = \"us-central1\",\n });\n\n var myCryptoKey = Gcp.Kms.GetKMSCryptoKey.Invoke(new()\n {\n Name = \"my-crypto-key\",\n KeyRing = myKeyRing.Apply(getKMSKeyRingResult =\u003e getKMSKeyRingResult.Id),\n });\n\n var myCryptoKeyVersions = Gcp.Kms.GetCryptoKeyVersions.Invoke(new()\n {\n CryptoKey = myKey.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyKeyRing, err := kms.GetKMSKeyRing(ctx, \u0026kms.GetKMSKeyRingArgs{\n\t\t\tName: \"my-key-ring\",\n\t\t\tLocation: \"us-central1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.GetKMSCryptoKey(ctx, \u0026kms.GetKMSCryptoKeyArgs{\n\t\t\tName: \"my-crypto-key\",\n\t\t\tKeyRing: myKeyRing.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.GetCryptoKeyVersions(ctx, \u0026kms.GetCryptoKeyVersionsArgs{\n\t\t\tCryptoKey: myKey.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetKMSKeyRingArgs;\nimport com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyArgs;\nimport com.pulumi.gcp.kms.inputs.GetCryptoKeyVersionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myKeyRing = KmsFunctions.getKMSKeyRing(GetKMSKeyRingArgs.builder()\n .name(\"my-key-ring\")\n .location(\"us-central1\")\n .build());\n\n final var myCryptoKey = KmsFunctions.getKMSCryptoKey(GetKMSCryptoKeyArgs.builder()\n .name(\"my-crypto-key\")\n .keyRing(myKeyRing.applyValue(getKMSKeyRingResult -\u003e getKMSKeyRingResult.id()))\n .build());\n\n final var myCryptoKeyVersions = KmsFunctions.getCryptoKeyVersions(GetCryptoKeyVersionsArgs.builder()\n .cryptoKey(myKey.id())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myKeyRing:\n fn::invoke:\n function: gcp:kms:getKMSKeyRing\n arguments:\n name: my-key-ring\n location: us-central1\n myCryptoKey:\n fn::invoke:\n function: gcp:kms:getKMSCryptoKey\n arguments:\n name: my-crypto-key\n keyRing: ${myKeyRing.id}\n myCryptoKeyVersions:\n fn::invoke:\n function: gcp:kms:getCryptoKeyVersions\n arguments:\n cryptoKey: ${myKey.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getCryptoKeyVersions.\n", "properties": { @@ -295659,7 +295659,7 @@ } }, "gcp:kms/getEkmConnectionIamPolicy:getEkmConnectionIamPolicy": { - "description": "Retrieves the current IAM policy data for ekmconnection\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.kms.getEkmConnectionIamPolicy({\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.kms.get_ekm_connection_iam_policy(project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Kms.GetEkmConnectionIamPolicy.Invoke(new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.LookupEkmConnectionIamPolicy(ctx, \u0026kms.LookupEkmConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.StringRef(example_ekmconnection.Location),\n\t\t\tName: example_ekmconnection.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetEkmConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = KmsFunctions.getEkmConnectionIamPolicy(GetEkmConnectionIamPolicyArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:kms:getEkmConnectionIamPolicy\n Arguments:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for ekmconnection\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.kms.getEkmConnectionIamPolicy({\n project: example_ekmconnection.project,\n location: example_ekmconnection.location,\n name: example_ekmconnection.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.kms.get_ekm_connection_iam_policy(project=example_ekmconnection[\"project\"],\n location=example_ekmconnection[\"location\"],\n name=example_ekmconnection[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Kms.GetEkmConnectionIamPolicy.Invoke(new()\n {\n Project = example_ekmconnection.Project,\n Location = example_ekmconnection.Location,\n Name = example_ekmconnection.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.LookupEkmConnectionIamPolicy(ctx, \u0026kms.LookupEkmConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(example_ekmconnection.Project),\n\t\t\tLocation: pulumi.StringRef(example_ekmconnection.Location),\n\t\t\tName: example_ekmconnection.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetEkmConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = KmsFunctions.getEkmConnectionIamPolicy(GetEkmConnectionIamPolicyArgs.builder()\n .project(example_ekmconnection.project())\n .location(example_ekmconnection.location())\n .name(example_ekmconnection.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:kms:getEkmConnectionIamPolicy\n arguments:\n project: ${[\"example-ekmconnection\"].project}\n location: ${[\"example-ekmconnection\"].location}\n name: ${[\"example-ekmconnection\"].name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getEkmConnectionIamPolicy.\n", "properties": { @@ -295721,7 +295721,7 @@ } }, "gcp:kms/getKMSCryptoKey:getKMSCryptoKey": { - "description": "Provides access to a Google Cloud Platform KMS CryptoKey. For more information see\n[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key)\nand\n[API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys).\n\nA CryptoKey is an interface to key material which can be used to encrypt and decrypt data. A CryptoKey belongs to a\nGoogle Cloud KMS KeyRing.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myKeyRing = gcp.kms.getKMSKeyRing({\n name: \"my-key-ring\",\n location: \"us-central1\",\n});\nconst myCryptoKey = myKeyRing.then(myKeyRing =\u003e gcp.kms.getKMSCryptoKey({\n name: \"my-crypto-key\",\n keyRing: myKeyRing.id,\n}));\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_key_ring = gcp.kms.get_kms_key_ring(name=\"my-key-ring\",\n location=\"us-central1\")\nmy_crypto_key = gcp.kms.get_kms_crypto_key(name=\"my-crypto-key\",\n key_ring=my_key_ring.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myKeyRing = Gcp.Kms.GetKMSKeyRing.Invoke(new()\n {\n Name = \"my-key-ring\",\n Location = \"us-central1\",\n });\n\n var myCryptoKey = Gcp.Kms.GetKMSCryptoKey.Invoke(new()\n {\n Name = \"my-crypto-key\",\n KeyRing = myKeyRing.Apply(getKMSKeyRingResult =\u003e getKMSKeyRingResult.Id),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyKeyRing, err := kms.GetKMSKeyRing(ctx, \u0026kms.GetKMSKeyRingArgs{\n\t\t\tName: \"my-key-ring\",\n\t\t\tLocation: \"us-central1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.GetKMSCryptoKey(ctx, \u0026kms.GetKMSCryptoKeyArgs{\n\t\t\tName: \"my-crypto-key\",\n\t\t\tKeyRing: myKeyRing.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetKMSKeyRingArgs;\nimport com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myKeyRing = KmsFunctions.getKMSKeyRing(GetKMSKeyRingArgs.builder()\n .name(\"my-key-ring\")\n .location(\"us-central1\")\n .build());\n\n final var myCryptoKey = KmsFunctions.getKMSCryptoKey(GetKMSCryptoKeyArgs.builder()\n .name(\"my-crypto-key\")\n .keyRing(myKeyRing.applyValue(getKMSKeyRingResult -\u003e getKMSKeyRingResult.id()))\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myKeyRing:\n fn::invoke:\n Function: gcp:kms:getKMSKeyRing\n Arguments:\n name: my-key-ring\n location: us-central1\n myCryptoKey:\n fn::invoke:\n Function: gcp:kms:getKMSCryptoKey\n Arguments:\n name: my-crypto-key\n keyRing: ${myKeyRing.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Provides access to a Google Cloud Platform KMS CryptoKey. For more information see\n[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key)\nand\n[API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys).\n\nA CryptoKey is an interface to key material which can be used to encrypt and decrypt data. A CryptoKey belongs to a\nGoogle Cloud KMS KeyRing.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myKeyRing = gcp.kms.getKMSKeyRing({\n name: \"my-key-ring\",\n location: \"us-central1\",\n});\nconst myCryptoKey = myKeyRing.then(myKeyRing =\u003e gcp.kms.getKMSCryptoKey({\n name: \"my-crypto-key\",\n keyRing: myKeyRing.id,\n}));\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_key_ring = gcp.kms.get_kms_key_ring(name=\"my-key-ring\",\n location=\"us-central1\")\nmy_crypto_key = gcp.kms.get_kms_crypto_key(name=\"my-crypto-key\",\n key_ring=my_key_ring.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myKeyRing = Gcp.Kms.GetKMSKeyRing.Invoke(new()\n {\n Name = \"my-key-ring\",\n Location = \"us-central1\",\n });\n\n var myCryptoKey = Gcp.Kms.GetKMSCryptoKey.Invoke(new()\n {\n Name = \"my-crypto-key\",\n KeyRing = myKeyRing.Apply(getKMSKeyRingResult =\u003e getKMSKeyRingResult.Id),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyKeyRing, err := kms.GetKMSKeyRing(ctx, \u0026kms.GetKMSKeyRingArgs{\n\t\t\tName: \"my-key-ring\",\n\t\t\tLocation: \"us-central1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.GetKMSCryptoKey(ctx, \u0026kms.GetKMSCryptoKeyArgs{\n\t\t\tName: \"my-crypto-key\",\n\t\t\tKeyRing: myKeyRing.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetKMSKeyRingArgs;\nimport com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myKeyRing = KmsFunctions.getKMSKeyRing(GetKMSKeyRingArgs.builder()\n .name(\"my-key-ring\")\n .location(\"us-central1\")\n .build());\n\n final var myCryptoKey = KmsFunctions.getKMSCryptoKey(GetKMSCryptoKeyArgs.builder()\n .name(\"my-crypto-key\")\n .keyRing(myKeyRing.applyValue(getKMSKeyRingResult -\u003e getKMSKeyRingResult.id()))\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myKeyRing:\n fn::invoke:\n function: gcp:kms:getKMSKeyRing\n arguments:\n name: my-key-ring\n location: us-central1\n myCryptoKey:\n fn::invoke:\n function: gcp:kms:getKMSCryptoKey\n arguments:\n name: my-crypto-key\n keyRing: ${myKeyRing.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getKMSCryptoKey.\n", "properties": { @@ -295833,7 +295833,7 @@ } }, "gcp:kms/getKMSCryptoKeyVersion:getKMSCryptoKeyVersion": { - "description": "Provides access to a Google Cloud Platform KMS CryptoKeyVersion. For more information see\n[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key_version)\nand\n[API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions).\n\nA CryptoKeyVersion represents an individual cryptographic key, and the associated key material.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myKeyRing = gcp.kms.getKMSKeyRing({\n name: \"my-key-ring\",\n location: \"us-central1\",\n});\nconst myCryptoKey = myKeyRing.then(myKeyRing =\u003e gcp.kms.getKMSCryptoKey({\n name: \"my-crypto-key\",\n keyRing: myKeyRing.id,\n}));\nconst myCryptoKeyVersion = gcp.kms.getKMSCryptoKeyVersion({\n cryptoKey: myKey.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_key_ring = gcp.kms.get_kms_key_ring(name=\"my-key-ring\",\n location=\"us-central1\")\nmy_crypto_key = gcp.kms.get_kms_crypto_key(name=\"my-crypto-key\",\n key_ring=my_key_ring.id)\nmy_crypto_key_version = gcp.kms.get_kms_crypto_key_version(crypto_key=my_key[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myKeyRing = Gcp.Kms.GetKMSKeyRing.Invoke(new()\n {\n Name = \"my-key-ring\",\n Location = \"us-central1\",\n });\n\n var myCryptoKey = Gcp.Kms.GetKMSCryptoKey.Invoke(new()\n {\n Name = \"my-crypto-key\",\n KeyRing = myKeyRing.Apply(getKMSKeyRingResult =\u003e getKMSKeyRingResult.Id),\n });\n\n var myCryptoKeyVersion = Gcp.Kms.GetKMSCryptoKeyVersion.Invoke(new()\n {\n CryptoKey = myKey.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyKeyRing, err := kms.GetKMSKeyRing(ctx, \u0026kms.GetKMSKeyRingArgs{\n\t\t\tName: \"my-key-ring\",\n\t\t\tLocation: \"us-central1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.GetKMSCryptoKey(ctx, \u0026kms.GetKMSCryptoKeyArgs{\n\t\t\tName: \"my-crypto-key\",\n\t\t\tKeyRing: myKeyRing.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.GetKMSCryptoKeyVersion(ctx, \u0026kms.GetKMSCryptoKeyVersionArgs{\n\t\t\tCryptoKey: myKey.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetKMSKeyRingArgs;\nimport com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyArgs;\nimport com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myKeyRing = KmsFunctions.getKMSKeyRing(GetKMSKeyRingArgs.builder()\n .name(\"my-key-ring\")\n .location(\"us-central1\")\n .build());\n\n final var myCryptoKey = KmsFunctions.getKMSCryptoKey(GetKMSCryptoKeyArgs.builder()\n .name(\"my-crypto-key\")\n .keyRing(myKeyRing.applyValue(getKMSKeyRingResult -\u003e getKMSKeyRingResult.id()))\n .build());\n\n final var myCryptoKeyVersion = KmsFunctions.getKMSCryptoKeyVersion(GetKMSCryptoKeyVersionArgs.builder()\n .cryptoKey(myKey.id())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myKeyRing:\n fn::invoke:\n Function: gcp:kms:getKMSKeyRing\n Arguments:\n name: my-key-ring\n location: us-central1\n myCryptoKey:\n fn::invoke:\n Function: gcp:kms:getKMSCryptoKey\n Arguments:\n name: my-crypto-key\n keyRing: ${myKeyRing.id}\n myCryptoKeyVersion:\n fn::invoke:\n Function: gcp:kms:getKMSCryptoKeyVersion\n Arguments:\n cryptoKey: ${myKey.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Provides access to a Google Cloud Platform KMS CryptoKeyVersion. For more information see\n[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key_version)\nand\n[API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions).\n\nA CryptoKeyVersion represents an individual cryptographic key, and the associated key material.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myKeyRing = gcp.kms.getKMSKeyRing({\n name: \"my-key-ring\",\n location: \"us-central1\",\n});\nconst myCryptoKey = myKeyRing.then(myKeyRing =\u003e gcp.kms.getKMSCryptoKey({\n name: \"my-crypto-key\",\n keyRing: myKeyRing.id,\n}));\nconst myCryptoKeyVersion = gcp.kms.getKMSCryptoKeyVersion({\n cryptoKey: myKey.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_key_ring = gcp.kms.get_kms_key_ring(name=\"my-key-ring\",\n location=\"us-central1\")\nmy_crypto_key = gcp.kms.get_kms_crypto_key(name=\"my-crypto-key\",\n key_ring=my_key_ring.id)\nmy_crypto_key_version = gcp.kms.get_kms_crypto_key_version(crypto_key=my_key[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myKeyRing = Gcp.Kms.GetKMSKeyRing.Invoke(new()\n {\n Name = \"my-key-ring\",\n Location = \"us-central1\",\n });\n\n var myCryptoKey = Gcp.Kms.GetKMSCryptoKey.Invoke(new()\n {\n Name = \"my-crypto-key\",\n KeyRing = myKeyRing.Apply(getKMSKeyRingResult =\u003e getKMSKeyRingResult.Id),\n });\n\n var myCryptoKeyVersion = Gcp.Kms.GetKMSCryptoKeyVersion.Invoke(new()\n {\n CryptoKey = myKey.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyKeyRing, err := kms.GetKMSKeyRing(ctx, \u0026kms.GetKMSKeyRingArgs{\n\t\t\tName: \"my-key-ring\",\n\t\t\tLocation: \"us-central1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.GetKMSCryptoKey(ctx, \u0026kms.GetKMSCryptoKeyArgs{\n\t\t\tName: \"my-crypto-key\",\n\t\t\tKeyRing: myKeyRing.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.GetKMSCryptoKeyVersion(ctx, \u0026kms.GetKMSCryptoKeyVersionArgs{\n\t\t\tCryptoKey: myKey.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetKMSKeyRingArgs;\nimport com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyArgs;\nimport com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myKeyRing = KmsFunctions.getKMSKeyRing(GetKMSKeyRingArgs.builder()\n .name(\"my-key-ring\")\n .location(\"us-central1\")\n .build());\n\n final var myCryptoKey = KmsFunctions.getKMSCryptoKey(GetKMSCryptoKeyArgs.builder()\n .name(\"my-crypto-key\")\n .keyRing(myKeyRing.applyValue(getKMSKeyRingResult -\u003e getKMSKeyRingResult.id()))\n .build());\n\n final var myCryptoKeyVersion = KmsFunctions.getKMSCryptoKeyVersion(GetKMSCryptoKeyVersionArgs.builder()\n .cryptoKey(myKey.id())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myKeyRing:\n fn::invoke:\n function: gcp:kms:getKMSKeyRing\n arguments:\n name: my-key-ring\n location: us-central1\n myCryptoKey:\n fn::invoke:\n function: gcp:kms:getKMSCryptoKey\n arguments:\n name: my-crypto-key\n keyRing: ${myKeyRing.id}\n myCryptoKeyVersion:\n fn::invoke:\n function: gcp:kms:getKMSCryptoKeyVersion\n arguments:\n cryptoKey: ${myKey.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getKMSCryptoKeyVersion.\n", "properties": { @@ -295902,7 +295902,7 @@ } }, "gcp:kms/getKMSKeyRing:getKMSKeyRing": { - "description": "Provides access to Google Cloud Platform KMS KeyRing. For more information see\n[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key_ring)\nand\n[API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings).\n\nA KeyRing is a grouping of CryptoKeys for organizational purposes. A KeyRing belongs to a Google Cloud Platform Project\nand resides in a specific location.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myKeyRing = gcp.kms.getKMSKeyRing({\n name: \"my-key-ring\",\n location: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_key_ring = gcp.kms.get_kms_key_ring(name=\"my-key-ring\",\n location=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myKeyRing = Gcp.Kms.GetKMSKeyRing.Invoke(new()\n {\n Name = \"my-key-ring\",\n Location = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.GetKMSKeyRing(ctx, \u0026kms.GetKMSKeyRingArgs{\n\t\t\tName: \"my-key-ring\",\n\t\t\tLocation: \"us-central1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetKMSKeyRingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myKeyRing = KmsFunctions.getKMSKeyRing(GetKMSKeyRingArgs.builder()\n .name(\"my-key-ring\")\n .location(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myKeyRing:\n fn::invoke:\n Function: gcp:kms:getKMSKeyRing\n Arguments:\n name: my-key-ring\n location: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Provides access to Google Cloud Platform KMS KeyRing. For more information see\n[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key_ring)\nand\n[API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings).\n\nA KeyRing is a grouping of CryptoKeys for organizational purposes. A KeyRing belongs to a Google Cloud Platform Project\nand resides in a specific location.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myKeyRing = gcp.kms.getKMSKeyRing({\n name: \"my-key-ring\",\n location: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_key_ring = gcp.kms.get_kms_key_ring(name=\"my-key-ring\",\n location=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myKeyRing = Gcp.Kms.GetKMSKeyRing.Invoke(new()\n {\n Name = \"my-key-ring\",\n Location = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.GetKMSKeyRing(ctx, \u0026kms.GetKMSKeyRingArgs{\n\t\t\tName: \"my-key-ring\",\n\t\t\tLocation: \"us-central1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetKMSKeyRingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myKeyRing = KmsFunctions.getKMSKeyRing(GetKMSKeyRingArgs.builder()\n .name(\"my-key-ring\")\n .location(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myKeyRing:\n fn::invoke:\n function: gcp:kms:getKMSKeyRing\n arguments:\n name: my-key-ring\n location: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getKMSKeyRing.\n", "properties": { @@ -295951,7 +295951,7 @@ } }, "gcp:kms/getKMSSecret:getKMSSecret": { - "description": "This data source allows you to use data encrypted with Google Cloud KMS\nwithin your resource definitions.\n\nFor more information see\n[the official documentation](https://cloud.google.com/kms/docs/encrypt-decrypt).\n\n\u003e **NOTE:** Using this data provider will allow you to conceal secret data within your\nresource definitions, but it does not take care of protecting that data in the\nlogging output, plan output, or state output. Please take care to secure your secret\ndata outside of resource definitions.\n\n## Example Usage\n\nFirst, create a KMS KeyRing and CryptoKey using the resource definitions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myKeyRing = new gcp.kms.KeyRing(\"my_key_ring\", {\n project: \"my-project\",\n name: \"my-key-ring\",\n location: \"us-central1\",\n});\nconst myCryptoKey = new gcp.kms.CryptoKey(\"my_crypto_key\", {\n name: \"my-crypto-key\",\n keyRing: myKeyRing.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_key_ring = gcp.kms.KeyRing(\"my_key_ring\",\n project=\"my-project\",\n name=\"my-key-ring\",\n location=\"us-central1\")\nmy_crypto_key = gcp.kms.CryptoKey(\"my_crypto_key\",\n name=\"my-crypto-key\",\n key_ring=my_key_ring.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myKeyRing = new Gcp.Kms.KeyRing(\"my_key_ring\", new()\n {\n Project = \"my-project\",\n Name = \"my-key-ring\",\n Location = \"us-central1\",\n });\n\n var myCryptoKey = new Gcp.Kms.CryptoKey(\"my_crypto_key\", new()\n {\n Name = \"my-crypto-key\",\n KeyRing = myKeyRing.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyKeyRing, err := kms.NewKeyRing(ctx, \"my_key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tProject: pulumi.String(\"my-project\"),\n\t\t\tName: pulumi.String(\"my-key-ring\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewCryptoKey(ctx, \"my_crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"my-crypto-key\"),\n\t\t\tKeyRing: myKeyRing.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myKeyRing = new KeyRing(\"myKeyRing\", KeyRingArgs.builder()\n .project(\"my-project\")\n .name(\"my-key-ring\")\n .location(\"us-central1\")\n .build());\n\n var myCryptoKey = new CryptoKey(\"myCryptoKey\", CryptoKeyArgs.builder()\n .name(\"my-crypto-key\")\n .keyRing(myKeyRing.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myKeyRing:\n type: gcp:kms:KeyRing\n name: my_key_ring\n properties:\n project: my-project\n name: my-key-ring\n location: us-central1\n myCryptoKey:\n type: gcp:kms:CryptoKey\n name: my_crypto_key\n properties:\n name: my-crypto-key\n keyRing: ${myKeyRing.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nNext, use the [Cloud SDK](https://cloud.google.com/sdk/gcloud/reference/kms/encrypt) to encrypt some\nsensitive information:\n\n```bash\n$ echo -n my-secret-password | gcloud kms encrypt \\\n\u003e --project my-project \\\n\u003e --location us-central1 \\\n\u003e --keyring my-key-ring \\\n\u003e --key my-crypto-key \\\n\u003e --plaintext-file - \\\n\u003e --ciphertext-file - \\\n\u003e | base64\nCiQAqD+xX4SXOSziF4a8JYvq4spfAuWhhYSNul33H85HnVtNQW4SOgDu2UZ46dQCRFl5MF6ekabviN8xq+F+2035ZJ85B+xTYXqNf4mZs0RJitnWWuXlYQh6axnnJYu3kDU=\n```\n\nFinally, reference the encrypted ciphertext in your resource definitions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as random from \"@pulumi/random\";\n\nconst sqlUserPassword = gcp.kms.getKMSSecret({\n cryptoKey: myCryptoKey.id,\n ciphertext: \"CiQAqD+xX4SXOSziF4a8JYvq4spfAuWhhYSNul33H85HnVtNQW4SOgDu2UZ46dQCRFl5MF6ekabviN8xq+F+2035ZJ85B+xTYXqNf4mZs0RJitnWWuXlYQh6axnnJYu3kDU=\",\n});\nconst dbNameSuffix = new random.RandomId(\"db_name_suffix\", {byteLength: 4});\nconst main = new gcp.sql.DatabaseInstance(\"main\", {\n name: pulumi.interpolate`main-instance-${dbNameSuffix.hex}`,\n databaseVersion: \"MYSQL_5_7\",\n settings: {\n tier: \"db-f1-micro\",\n },\n});\nconst users = new gcp.sql.User(\"users\", {\n name: \"me\",\n instance: main.name,\n host: \"me.com\",\n password: sqlUserPassword.then(sqlUserPassword =\u003e sqlUserPassword.plaintext),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_random as random\n\nsql_user_password = gcp.kms.get_kms_secret(crypto_key=my_crypto_key[\"id\"],\n ciphertext=\"CiQAqD+xX4SXOSziF4a8JYvq4spfAuWhhYSNul33H85HnVtNQW4SOgDu2UZ46dQCRFl5MF6ekabviN8xq+F+2035ZJ85B+xTYXqNf4mZs0RJitnWWuXlYQh6axnnJYu3kDU=\")\ndb_name_suffix = random.RandomId(\"db_name_suffix\", byte_length=4)\nmain = gcp.sql.DatabaseInstance(\"main\",\n name=db_name_suffix.hex.apply(lambda hex: f\"main-instance-{hex}\"),\n database_version=\"MYSQL_5_7\",\n settings={\n \"tier\": \"db-f1-micro\",\n })\nusers = gcp.sql.User(\"users\",\n name=\"me\",\n instance=main.name,\n host=\"me.com\",\n password=sql_user_password.plaintext)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Random = Pulumi.Random;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sqlUserPassword = Gcp.Kms.GetKMSSecret.Invoke(new()\n {\n CryptoKey = myCryptoKey.Id,\n Ciphertext = \"CiQAqD+xX4SXOSziF4a8JYvq4spfAuWhhYSNul33H85HnVtNQW4SOgDu2UZ46dQCRFl5MF6ekabviN8xq+F+2035ZJ85B+xTYXqNf4mZs0RJitnWWuXlYQh6axnnJYu3kDU=\",\n });\n\n var dbNameSuffix = new Random.RandomId(\"db_name_suffix\", new()\n {\n ByteLength = 4,\n });\n\n var main = new Gcp.Sql.DatabaseInstance(\"main\", new()\n {\n Name = dbNameSuffix.Hex.Apply(hex =\u003e $\"main-instance-{hex}\"),\n DatabaseVersion = \"MYSQL_5_7\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n },\n });\n\n var users = new Gcp.Sql.User(\"users\", new()\n {\n Name = \"me\",\n Instance = main.Name,\n Host = \"me.com\",\n Password = sqlUserPassword.Apply(getKMSSecretResult =\u003e getKMSSecretResult.Plaintext),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi-random/sdk/v4/go/random\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsqlUserPassword, err := kms.GetKMSSecret(ctx, \u0026kms.GetKMSSecretArgs{\n\t\t\tCryptoKey: myCryptoKey.Id,\n\t\t\tCiphertext: \"CiQAqD+xX4SXOSziF4a8JYvq4spfAuWhhYSNul33H85HnVtNQW4SOgDu2UZ46dQCRFl5MF6ekabviN8xq+F+2035ZJ85B+xTYXqNf4mZs0RJitnWWuXlYQh6axnnJYu3kDU=\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdbNameSuffix, err := random.NewRandomId(ctx, \"db_name_suffix\", \u0026random.RandomIdArgs{\n\t\t\tByteLength: pulumi.Int(4),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmain, err := sql.NewDatabaseInstance(ctx, \"main\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: dbNameSuffix.Hex.ApplyT(func(hex string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"main-instance-%v\", hex), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_5_7\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sql.NewUser(ctx, \"users\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"me\"),\n\t\t\tInstance: main.Name,\n\t\t\tHost: pulumi.String(\"me.com\"),\n\t\t\tPassword: pulumi.String(sqlUserPassword.Plaintext),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetKMSSecretArgs;\nimport com.pulumi.random.RandomId;\nimport com.pulumi.random.RandomIdArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var sqlUserPassword = KmsFunctions.getKMSSecret(GetKMSSecretArgs.builder()\n .cryptoKey(myCryptoKey.id())\n .ciphertext(\"CiQAqD+xX4SXOSziF4a8JYvq4spfAuWhhYSNul33H85HnVtNQW4SOgDu2UZ46dQCRFl5MF6ekabviN8xq+F+2035ZJ85B+xTYXqNf4mZs0RJitnWWuXlYQh6axnnJYu3kDU=\")\n .build());\n\n var dbNameSuffix = new RandomId(\"dbNameSuffix\", RandomIdArgs.builder()\n .byteLength(4)\n .build());\n\n var main = new DatabaseInstance(\"main\", DatabaseInstanceArgs.builder()\n .name(dbNameSuffix.hex().applyValue(hex -\u003e String.format(\"main-instance-%s\", hex)))\n .databaseVersion(\"MYSQL_5_7\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .build())\n .build());\n\n var users = new User(\"users\", UserArgs.builder()\n .name(\"me\")\n .instance(main.name())\n .host(\"me.com\")\n .password(sqlUserPassword.applyValue(getKMSSecretResult -\u003e getKMSSecretResult.plaintext()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dbNameSuffix:\n type: random:RandomId\n name: db_name_suffix\n properties:\n byteLength: 4\n main:\n type: gcp:sql:DatabaseInstance\n properties:\n name: main-instance-${dbNameSuffix.hex}\n databaseVersion: MYSQL_5_7\n settings:\n tier: db-f1-micro\n users:\n type: gcp:sql:User\n properties:\n name: me\n instance: ${main.name}\n host: me.com\n password: ${sqlUserPassword.plaintext}\nvariables:\n sqlUserPassword:\n fn::invoke:\n Function: gcp:kms:getKMSSecret\n Arguments:\n cryptoKey: ${myCryptoKey.id}\n ciphertext: CiQAqD+xX4SXOSziF4a8JYvq4spfAuWhhYSNul33H85HnVtNQW4SOgDu2UZ46dQCRFl5MF6ekabviN8xq+F+2035ZJ85B+xTYXqNf4mZs0RJitnWWuXlYQh6axnnJYu3kDU=\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nThis will result in a Cloud SQL user being created with password `my-secret-password`.\n", + "description": "This data source allows you to use data encrypted with Google Cloud KMS\nwithin your resource definitions.\n\nFor more information see\n[the official documentation](https://cloud.google.com/kms/docs/encrypt-decrypt).\n\n\u003e **NOTE:** Using this data provider will allow you to conceal secret data within your\nresource definitions, but it does not take care of protecting that data in the\nlogging output, plan output, or state output. Please take care to secure your secret\ndata outside of resource definitions.\n\n## Example Usage\n\nFirst, create a KMS KeyRing and CryptoKey using the resource definitions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myKeyRing = new gcp.kms.KeyRing(\"my_key_ring\", {\n project: \"my-project\",\n name: \"my-key-ring\",\n location: \"us-central1\",\n});\nconst myCryptoKey = new gcp.kms.CryptoKey(\"my_crypto_key\", {\n name: \"my-crypto-key\",\n keyRing: myKeyRing.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_key_ring = gcp.kms.KeyRing(\"my_key_ring\",\n project=\"my-project\",\n name=\"my-key-ring\",\n location=\"us-central1\")\nmy_crypto_key = gcp.kms.CryptoKey(\"my_crypto_key\",\n name=\"my-crypto-key\",\n key_ring=my_key_ring.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myKeyRing = new Gcp.Kms.KeyRing(\"my_key_ring\", new()\n {\n Project = \"my-project\",\n Name = \"my-key-ring\",\n Location = \"us-central1\",\n });\n\n var myCryptoKey = new Gcp.Kms.CryptoKey(\"my_crypto_key\", new()\n {\n Name = \"my-crypto-key\",\n KeyRing = myKeyRing.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyKeyRing, err := kms.NewKeyRing(ctx, \"my_key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tProject: pulumi.String(\"my-project\"),\n\t\t\tName: pulumi.String(\"my-key-ring\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewCryptoKey(ctx, \"my_crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"my-crypto-key\"),\n\t\t\tKeyRing: myKeyRing.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myKeyRing = new KeyRing(\"myKeyRing\", KeyRingArgs.builder()\n .project(\"my-project\")\n .name(\"my-key-ring\")\n .location(\"us-central1\")\n .build());\n\n var myCryptoKey = new CryptoKey(\"myCryptoKey\", CryptoKeyArgs.builder()\n .name(\"my-crypto-key\")\n .keyRing(myKeyRing.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myKeyRing:\n type: gcp:kms:KeyRing\n name: my_key_ring\n properties:\n project: my-project\n name: my-key-ring\n location: us-central1\n myCryptoKey:\n type: gcp:kms:CryptoKey\n name: my_crypto_key\n properties:\n name: my-crypto-key\n keyRing: ${myKeyRing.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nNext, use the [Cloud SDK](https://cloud.google.com/sdk/gcloud/reference/kms/encrypt) to encrypt some\nsensitive information:\n\n```bash\n$ echo -n my-secret-password | gcloud kms encrypt \\\n\u003e --project my-project \\\n\u003e --location us-central1 \\\n\u003e --keyring my-key-ring \\\n\u003e --key my-crypto-key \\\n\u003e --plaintext-file - \\\n\u003e --ciphertext-file - \\\n\u003e | base64\nCiQAqD+xX4SXOSziF4a8JYvq4spfAuWhhYSNul33H85HnVtNQW4SOgDu2UZ46dQCRFl5MF6ekabviN8xq+F+2035ZJ85B+xTYXqNf4mZs0RJitnWWuXlYQh6axnnJYu3kDU=\n```\n\nFinally, reference the encrypted ciphertext in your resource definitions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as random from \"@pulumi/random\";\n\nconst sqlUserPassword = gcp.kms.getKMSSecret({\n cryptoKey: myCryptoKey.id,\n ciphertext: \"CiQAqD+xX4SXOSziF4a8JYvq4spfAuWhhYSNul33H85HnVtNQW4SOgDu2UZ46dQCRFl5MF6ekabviN8xq+F+2035ZJ85B+xTYXqNf4mZs0RJitnWWuXlYQh6axnnJYu3kDU=\",\n});\nconst dbNameSuffix = new random.RandomId(\"db_name_suffix\", {byteLength: 4});\nconst main = new gcp.sql.DatabaseInstance(\"main\", {\n name: pulumi.interpolate`main-instance-${dbNameSuffix.hex}`,\n databaseVersion: \"MYSQL_5_7\",\n settings: {\n tier: \"db-f1-micro\",\n },\n});\nconst users = new gcp.sql.User(\"users\", {\n name: \"me\",\n instance: main.name,\n host: \"me.com\",\n password: sqlUserPassword.then(sqlUserPassword =\u003e sqlUserPassword.plaintext),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_random as random\n\nsql_user_password = gcp.kms.get_kms_secret(crypto_key=my_crypto_key[\"id\"],\n ciphertext=\"CiQAqD+xX4SXOSziF4a8JYvq4spfAuWhhYSNul33H85HnVtNQW4SOgDu2UZ46dQCRFl5MF6ekabviN8xq+F+2035ZJ85B+xTYXqNf4mZs0RJitnWWuXlYQh6axnnJYu3kDU=\")\ndb_name_suffix = random.RandomId(\"db_name_suffix\", byte_length=4)\nmain = gcp.sql.DatabaseInstance(\"main\",\n name=db_name_suffix.hex.apply(lambda hex: f\"main-instance-{hex}\"),\n database_version=\"MYSQL_5_7\",\n settings={\n \"tier\": \"db-f1-micro\",\n })\nusers = gcp.sql.User(\"users\",\n name=\"me\",\n instance=main.name,\n host=\"me.com\",\n password=sql_user_password.plaintext)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Random = Pulumi.Random;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sqlUserPassword = Gcp.Kms.GetKMSSecret.Invoke(new()\n {\n CryptoKey = myCryptoKey.Id,\n Ciphertext = \"CiQAqD+xX4SXOSziF4a8JYvq4spfAuWhhYSNul33H85HnVtNQW4SOgDu2UZ46dQCRFl5MF6ekabviN8xq+F+2035ZJ85B+xTYXqNf4mZs0RJitnWWuXlYQh6axnnJYu3kDU=\",\n });\n\n var dbNameSuffix = new Random.RandomId(\"db_name_suffix\", new()\n {\n ByteLength = 4,\n });\n\n var main = new Gcp.Sql.DatabaseInstance(\"main\", new()\n {\n Name = dbNameSuffix.Hex.Apply(hex =\u003e $\"main-instance-{hex}\"),\n DatabaseVersion = \"MYSQL_5_7\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n },\n });\n\n var users = new Gcp.Sql.User(\"users\", new()\n {\n Name = \"me\",\n Instance = main.Name,\n Host = \"me.com\",\n Password = sqlUserPassword.Apply(getKMSSecretResult =\u003e getKMSSecretResult.Plaintext),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi-random/sdk/v4/go/random\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsqlUserPassword, err := kms.GetKMSSecret(ctx, \u0026kms.GetKMSSecretArgs{\n\t\t\tCryptoKey: myCryptoKey.Id,\n\t\t\tCiphertext: \"CiQAqD+xX4SXOSziF4a8JYvq4spfAuWhhYSNul33H85HnVtNQW4SOgDu2UZ46dQCRFl5MF6ekabviN8xq+F+2035ZJ85B+xTYXqNf4mZs0RJitnWWuXlYQh6axnnJYu3kDU=\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdbNameSuffix, err := random.NewRandomId(ctx, \"db_name_suffix\", \u0026random.RandomIdArgs{\n\t\t\tByteLength: pulumi.Int(4),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmain, err := sql.NewDatabaseInstance(ctx, \"main\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: dbNameSuffix.Hex.ApplyT(func(hex string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"main-instance-%v\", hex), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_5_7\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sql.NewUser(ctx, \"users\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"me\"),\n\t\t\tInstance: main.Name,\n\t\t\tHost: pulumi.String(\"me.com\"),\n\t\t\tPassword: pulumi.String(sqlUserPassword.Plaintext),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetKMSSecretArgs;\nimport com.pulumi.random.RandomId;\nimport com.pulumi.random.RandomIdArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var sqlUserPassword = KmsFunctions.getKMSSecret(GetKMSSecretArgs.builder()\n .cryptoKey(myCryptoKey.id())\n .ciphertext(\"CiQAqD+xX4SXOSziF4a8JYvq4spfAuWhhYSNul33H85HnVtNQW4SOgDu2UZ46dQCRFl5MF6ekabviN8xq+F+2035ZJ85B+xTYXqNf4mZs0RJitnWWuXlYQh6axnnJYu3kDU=\")\n .build());\n\n var dbNameSuffix = new RandomId(\"dbNameSuffix\", RandomIdArgs.builder()\n .byteLength(4)\n .build());\n\n var main = new DatabaseInstance(\"main\", DatabaseInstanceArgs.builder()\n .name(dbNameSuffix.hex().applyValue(hex -\u003e String.format(\"main-instance-%s\", hex)))\n .databaseVersion(\"MYSQL_5_7\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .build())\n .build());\n\n var users = new User(\"users\", UserArgs.builder()\n .name(\"me\")\n .instance(main.name())\n .host(\"me.com\")\n .password(sqlUserPassword.applyValue(getKMSSecretResult -\u003e getKMSSecretResult.plaintext()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dbNameSuffix:\n type: random:RandomId\n name: db_name_suffix\n properties:\n byteLength: 4\n main:\n type: gcp:sql:DatabaseInstance\n properties:\n name: main-instance-${dbNameSuffix.hex}\n databaseVersion: MYSQL_5_7\n settings:\n tier: db-f1-micro\n users:\n type: gcp:sql:User\n properties:\n name: me\n instance: ${main.name}\n host: me.com\n password: ${sqlUserPassword.plaintext}\nvariables:\n sqlUserPassword:\n fn::invoke:\n function: gcp:kms:getKMSSecret\n arguments:\n cryptoKey: ${myCryptoKey.id}\n ciphertext: CiQAqD+xX4SXOSziF4a8JYvq4spfAuWhhYSNul33H85HnVtNQW4SOgDu2UZ46dQCRFl5MF6ekabviN8xq+F+2035ZJ85B+xTYXqNf4mZs0RJitnWWuXlYQh6axnnJYu3kDU=\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nThis will result in a Cloud SQL user being created with password `my-secret-password`.\n", "inputs": { "description": "A collection of arguments for invoking getKMSSecret.\n", "properties": { @@ -296006,7 +296006,7 @@ } }, "gcp:kms/getKMSSecretAsymmetric:getKMSSecretAsymmetric": { - "description": "## Example Usage\n\nFirst, create a KMS KeyRing and CryptoKey using the resource definitions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myKeyRing = new gcp.kms.KeyRing(\"my_key_ring\", {\n project: \"my-project\",\n name: \"my-key-ring\",\n location: \"us-central1\",\n});\nconst myCryptoKeyCryptoKey = new gcp.kms.CryptoKey(\"my_crypto_key\", {\n name: \"my-crypto-key\",\n keyRing: myKeyRing.id,\n purpose: \"ASYMMETRIC_DECRYPT\",\n versionTemplate: {\n algorithm: \"RSA_DECRYPT_OAEP_4096_SHA256\",\n },\n});\nconst myCryptoKey = gcp.kms.getKMSCryptoKeyVersionOutput({\n cryptoKey: myCryptoKeyCryptoKey.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_key_ring = gcp.kms.KeyRing(\"my_key_ring\",\n project=\"my-project\",\n name=\"my-key-ring\",\n location=\"us-central1\")\nmy_crypto_key_crypto_key = gcp.kms.CryptoKey(\"my_crypto_key\",\n name=\"my-crypto-key\",\n key_ring=my_key_ring.id,\n purpose=\"ASYMMETRIC_DECRYPT\",\n version_template={\n \"algorithm\": \"RSA_DECRYPT_OAEP_4096_SHA256\",\n })\nmy_crypto_key = gcp.kms.get_kms_crypto_key_version_output(crypto_key=my_crypto_key_crypto_key.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myKeyRing = new Gcp.Kms.KeyRing(\"my_key_ring\", new()\n {\n Project = \"my-project\",\n Name = \"my-key-ring\",\n Location = \"us-central1\",\n });\n\n var myCryptoKeyCryptoKey = new Gcp.Kms.CryptoKey(\"my_crypto_key\", new()\n {\n Name = \"my-crypto-key\",\n KeyRing = myKeyRing.Id,\n Purpose = \"ASYMMETRIC_DECRYPT\",\n VersionTemplate = new Gcp.Kms.Inputs.CryptoKeyVersionTemplateArgs\n {\n Algorithm = \"RSA_DECRYPT_OAEP_4096_SHA256\",\n },\n });\n\n var myCryptoKey = Gcp.Kms.GetKMSCryptoKeyVersion.Invoke(new()\n {\n CryptoKey = myCryptoKeyCryptoKey.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyKeyRing, err := kms.NewKeyRing(ctx, \"my_key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tProject: pulumi.String(\"my-project\"),\n\t\t\tName: pulumi.String(\"my-key-ring\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyCryptoKeyCryptoKey, err := kms.NewCryptoKey(ctx, \"my_crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"my-crypto-key\"),\n\t\t\tKeyRing: myKeyRing.ID(),\n\t\t\tPurpose: pulumi.String(\"ASYMMETRIC_DECRYPT\"),\n\t\t\tVersionTemplate: \u0026kms.CryptoKeyVersionTemplateArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_DECRYPT_OAEP_4096_SHA256\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_ = kms.GetKMSCryptoKeyVersionOutput(ctx, kms.GetKMSCryptoKeyVersionOutputArgs{\n\t\t\tCryptoKey: myCryptoKeyCryptoKey.ID(),\n\t\t}, nil)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.kms.inputs.CryptoKeyVersionTemplateArgs;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myKeyRing = new KeyRing(\"myKeyRing\", KeyRingArgs.builder()\n .project(\"my-project\")\n .name(\"my-key-ring\")\n .location(\"us-central1\")\n .build());\n\n var myCryptoKeyCryptoKey = new CryptoKey(\"myCryptoKeyCryptoKey\", CryptoKeyArgs.builder()\n .name(\"my-crypto-key\")\n .keyRing(myKeyRing.id())\n .purpose(\"ASYMMETRIC_DECRYPT\")\n .versionTemplate(CryptoKeyVersionTemplateArgs.builder()\n .algorithm(\"RSA_DECRYPT_OAEP_4096_SHA256\")\n .build())\n .build());\n\n final var myCryptoKey = KmsFunctions.getKMSCryptoKeyVersion(GetKMSCryptoKeyVersionArgs.builder()\n .cryptoKey(myCryptoKeyCryptoKey.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myKeyRing:\n type: gcp:kms:KeyRing\n name: my_key_ring\n properties:\n project: my-project\n name: my-key-ring\n location: us-central1\n myCryptoKeyCryptoKey:\n type: gcp:kms:CryptoKey\n name: my_crypto_key\n properties:\n name: my-crypto-key\n keyRing: ${myKeyRing.id}\n purpose: ASYMMETRIC_DECRYPT\n versionTemplate:\n algorithm: RSA_DECRYPT_OAEP_4096_SHA256\nvariables:\n myCryptoKey:\n fn::invoke:\n Function: gcp:kms:getKMSCryptoKeyVersion\n Arguments:\n cryptoKey: ${myCryptoKeyCryptoKey.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nNext, use the [Cloud SDK](https://cloud.google.com/kms/docs/encrypt-decrypt-rsa#kms-encrypt-asymmetric-cli) to encrypt \nsome sensitive information:\n\n```bash\n## get the public key to encrypt the secret with\n$ gcloud kms keys versions get-public-key 1 \\\n --project my-project \\\n --location us-central1 \\\n --keyring my-key-ring \\\n --key my-crypto-key \\\n --output-file public-key.pem\n\n## encrypt secret with the public key\n$ echo -n my-secret-password | \\\n openssl pkeyutl -in - \\\n -encrypt \\\n -pubin \\\n -inkey public-key.pem \\\n -pkeyopt rsa_padding_mode:oaep \\\n -pkeyopt rsa_oaep_md:sha256 \\\n -pkeyopt rsa_mgf1_md:sha256 \u003e \\\n my-secret-password.enc\n \n## base64 encode the ciphertext \n$ openssl base64 -in my-secret-password.enc\nM7nUoba9EGVTu2LjNjBKGdGVBYjyS/i/AY+4yQMQF0Qf/RfUfX31Jw6+VO9OuThq\nylu/7ihX9XD4bM7yYdXnMv9p1OHQUlorSBSbb/J6n1W9UJhcp6um8Tw8/Isx4f75\n4PskYS6f8Y2ItliGt1/A9iR5BTgGtJBwOxMlgoX2Ggq+Nh4E5SbdoaE5o6CO1nBx\neIPsPEebQ6qC4JehQM3IGuV/lrm58+hZhaXAqNzX1cEYyAt5GYqJIVCiI585SUYs\nwRToGyTgaN+zthF0HP9IWlR4Am4LmJ/1OcePTnYw11CkU8wNRbDzVAzogwNH+rXr\nLTmf7hxVjBm6bBSVSNFcBKAXFlllubSfIeZ5hgzGqn54OmSf6odO12L5JxllddHc\nyAd54vWKs2kJtnsKV2V4ZdkI0w6y1TeI67baFZDNGo6qsCpFMPnvv7d46Pg2VOp1\nJ6Ivner0NnNHE4MzNmpZRk8WXMwqq4P/gTiT7F/aCX6oFCUQ4AWPQhJYh2dkcOmL\nIP+47Veb10aFn61F1CJwpmOOiGNXKdDT1vK8CMnnwhm825K0q/q9Zqpzc1+1ae1z\nmSqol1zCoa88CuSN6nTLQlVnN/dzfrGbc0boJPaM0iGhHtSzHk4SWg84LhiJB1q9\nA9XFJmOVdkvRY9nnz/iVLAdd0Q3vFtLqCdUYsNN2yh4=\n\n## optionally calculate the CRC32 of the ciphertext\n$ go get github.com/binxio/crc32 \n$ $GOPATH/bin/crc32 -polynomial castagnoli \u003c my-secret-password.enc\n12c59e54\n```\n\nFinally, reference the encrypted ciphertext in your resource definitions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as random from \"@pulumi/random\";\n\nconst sqlUserPassword = gcp.kms.getKMSSecretAsymmetric({\n cryptoKeyVersion: myCryptoKey.id,\n crc32: \"12c59e54\",\n ciphertext: ` M7nUoba9EGVTu2LjNjBKGdGVBYjyS/i/AY+4yQMQF0Qf/RfUfX31Jw6+VO9OuThq\n ylu/7ihX9XD4bM7yYdXnMv9p1OHQUlorSBSbb/J6n1W9UJhcp6um8Tw8/Isx4f75\n 4PskYS6f8Y2ItliGt1/A9iR5BTgGtJBwOxMlgoX2Ggq+Nh4E5SbdoaE5o6CO1nBx\n eIPsPEebQ6qC4JehQM3IGuV/lrm58+hZhaXAqNzX1cEYyAt5GYqJIVCiI585SUYs\n wRToGyTgaN+zthF0HP9IWlR4Am4LmJ/1OcePTnYw11CkU8wNRbDzVAzogwNH+rXr\n LTmf7hxVjBm6bBSVSNFcBKAXFlllubSfIeZ5hgzGqn54OmSf6odO12L5JxllddHc\n yAd54vWKs2kJtnsKV2V4ZdkI0w6y1TeI67baFZDNGo6qsCpFMPnvv7d46Pg2VOp1\n J6Ivner0NnNHE4MzNmpZRk8WXMwqq4P/gTiT7F/aCX6oFCUQ4AWPQhJYh2dkcOmL\n IP+47Veb10aFn61F1CJwpmOOiGNXKdDT1vK8CMnnwhm825K0q/q9Zqpzc1+1ae1z\n mSqol1zCoa88CuSN6nTLQlVnN/dzfrGbc0boJPaM0iGhHtSzHk4SWg84LhiJB1q9\n A9XFJmOVdkvRY9nnz/iVLAdd0Q3vFtLqCdUYsNN2yh4=\n`,\n});\nconst dbNameSuffix = new random.RandomId(\"db_name_suffix\", {byteLength: 4});\nconst main = new gcp.sql.DatabaseInstance(\"main\", {\n name: pulumi.interpolate`main-instance-${dbNameSuffix.hex}`,\n databaseVersion: \"MYSQL_5_7\",\n settings: {\n tier: \"db-f1-micro\",\n },\n});\nconst users = new gcp.sql.User(\"users\", {\n name: \"me\",\n instance: main.name,\n host: \"me.com\",\n password: sqlUserPasswordGoogleKmsSecret.plaintext,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_random as random\n\nsql_user_password = gcp.kms.get_kms_secret_asymmetric(crypto_key_version=my_crypto_key[\"id\"],\n crc32=\"12c59e54\",\n ciphertext=\"\"\" M7nUoba9EGVTu2LjNjBKGdGVBYjyS/i/AY+4yQMQF0Qf/RfUfX31Jw6+VO9OuThq\n ylu/7ihX9XD4bM7yYdXnMv9p1OHQUlorSBSbb/J6n1W9UJhcp6um8Tw8/Isx4f75\n 4PskYS6f8Y2ItliGt1/A9iR5BTgGtJBwOxMlgoX2Ggq+Nh4E5SbdoaE5o6CO1nBx\n eIPsPEebQ6qC4JehQM3IGuV/lrm58+hZhaXAqNzX1cEYyAt5GYqJIVCiI585SUYs\n wRToGyTgaN+zthF0HP9IWlR4Am4LmJ/1OcePTnYw11CkU8wNRbDzVAzogwNH+rXr\n LTmf7hxVjBm6bBSVSNFcBKAXFlllubSfIeZ5hgzGqn54OmSf6odO12L5JxllddHc\n yAd54vWKs2kJtnsKV2V4ZdkI0w6y1TeI67baFZDNGo6qsCpFMPnvv7d46Pg2VOp1\n J6Ivner0NnNHE4MzNmpZRk8WXMwqq4P/gTiT7F/aCX6oFCUQ4AWPQhJYh2dkcOmL\n IP+47Veb10aFn61F1CJwpmOOiGNXKdDT1vK8CMnnwhm825K0q/q9Zqpzc1+1ae1z\n mSqol1zCoa88CuSN6nTLQlVnN/dzfrGbc0boJPaM0iGhHtSzHk4SWg84LhiJB1q9\n A9XFJmOVdkvRY9nnz/iVLAdd0Q3vFtLqCdUYsNN2yh4=\n\"\"\")\ndb_name_suffix = random.RandomId(\"db_name_suffix\", byte_length=4)\nmain = gcp.sql.DatabaseInstance(\"main\",\n name=db_name_suffix.hex.apply(lambda hex: f\"main-instance-{hex}\"),\n database_version=\"MYSQL_5_7\",\n settings={\n \"tier\": \"db-f1-micro\",\n })\nusers = gcp.sql.User(\"users\",\n name=\"me\",\n instance=main.name,\n host=\"me.com\",\n password=sql_user_password_google_kms_secret[\"plaintext\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Random = Pulumi.Random;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sqlUserPassword = Gcp.Kms.GetKMSSecretAsymmetric.Invoke(new()\n {\n CryptoKeyVersion = myCryptoKey.Id,\n Crc32 = \"12c59e54\",\n Ciphertext = @\" M7nUoba9EGVTu2LjNjBKGdGVBYjyS/i/AY+4yQMQF0Qf/RfUfX31Jw6+VO9OuThq\n ylu/7ihX9XD4bM7yYdXnMv9p1OHQUlorSBSbb/J6n1W9UJhcp6um8Tw8/Isx4f75\n 4PskYS6f8Y2ItliGt1/A9iR5BTgGtJBwOxMlgoX2Ggq+Nh4E5SbdoaE5o6CO1nBx\n eIPsPEebQ6qC4JehQM3IGuV/lrm58+hZhaXAqNzX1cEYyAt5GYqJIVCiI585SUYs\n wRToGyTgaN+zthF0HP9IWlR4Am4LmJ/1OcePTnYw11CkU8wNRbDzVAzogwNH+rXr\n LTmf7hxVjBm6bBSVSNFcBKAXFlllubSfIeZ5hgzGqn54OmSf6odO12L5JxllddHc\n yAd54vWKs2kJtnsKV2V4ZdkI0w6y1TeI67baFZDNGo6qsCpFMPnvv7d46Pg2VOp1\n J6Ivner0NnNHE4MzNmpZRk8WXMwqq4P/gTiT7F/aCX6oFCUQ4AWPQhJYh2dkcOmL\n IP+47Veb10aFn61F1CJwpmOOiGNXKdDT1vK8CMnnwhm825K0q/q9Zqpzc1+1ae1z\n mSqol1zCoa88CuSN6nTLQlVnN/dzfrGbc0boJPaM0iGhHtSzHk4SWg84LhiJB1q9\n A9XFJmOVdkvRY9nnz/iVLAdd0Q3vFtLqCdUYsNN2yh4=\n\",\n });\n\n var dbNameSuffix = new Random.RandomId(\"db_name_suffix\", new()\n {\n ByteLength = 4,\n });\n\n var main = new Gcp.Sql.DatabaseInstance(\"main\", new()\n {\n Name = dbNameSuffix.Hex.Apply(hex =\u003e $\"main-instance-{hex}\"),\n DatabaseVersion = \"MYSQL_5_7\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n },\n });\n\n var users = new Gcp.Sql.User(\"users\", new()\n {\n Name = \"me\",\n Instance = main.Name,\n Host = \"me.com\",\n Password = sqlUserPasswordGoogleKmsSecret.Plaintext,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi-random/sdk/v4/go/random\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.GetKMSSecretAsymmetric(ctx, \u0026kms.GetKMSSecretAsymmetricArgs{\n\t\t\tCryptoKeyVersion: myCryptoKey.Id,\n\t\t\tCrc32: pulumi.StringRef(\"12c59e54\"),\n\t\t\tCiphertext: ` M7nUoba9EGVTu2LjNjBKGdGVBYjyS/i/AY+4yQMQF0Qf/RfUfX31Jw6+VO9OuThq\n ylu/7ihX9XD4bM7yYdXnMv9p1OHQUlorSBSbb/J6n1W9UJhcp6um8Tw8/Isx4f75\n 4PskYS6f8Y2ItliGt1/A9iR5BTgGtJBwOxMlgoX2Ggq+Nh4E5SbdoaE5o6CO1nBx\n eIPsPEebQ6qC4JehQM3IGuV/lrm58+hZhaXAqNzX1cEYyAt5GYqJIVCiI585SUYs\n wRToGyTgaN+zthF0HP9IWlR4Am4LmJ/1OcePTnYw11CkU8wNRbDzVAzogwNH+rXr\n LTmf7hxVjBm6bBSVSNFcBKAXFlllubSfIeZ5hgzGqn54OmSf6odO12L5JxllddHc\n yAd54vWKs2kJtnsKV2V4ZdkI0w6y1TeI67baFZDNGo6qsCpFMPnvv7d46Pg2VOp1\n J6Ivner0NnNHE4MzNmpZRk8WXMwqq4P/gTiT7F/aCX6oFCUQ4AWPQhJYh2dkcOmL\n IP+47Veb10aFn61F1CJwpmOOiGNXKdDT1vK8CMnnwhm825K0q/q9Zqpzc1+1ae1z\n mSqol1zCoa88CuSN6nTLQlVnN/dzfrGbc0boJPaM0iGhHtSzHk4SWg84LhiJB1q9\n A9XFJmOVdkvRY9nnz/iVLAdd0Q3vFtLqCdUYsNN2yh4=\n`,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdbNameSuffix, err := random.NewRandomId(ctx, \"db_name_suffix\", \u0026random.RandomIdArgs{\n\t\t\tByteLength: pulumi.Int(4),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmain, err := sql.NewDatabaseInstance(ctx, \"main\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: dbNameSuffix.Hex.ApplyT(func(hex string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"main-instance-%v\", hex), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_5_7\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sql.NewUser(ctx, \"users\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"me\"),\n\t\t\tInstance: main.Name,\n\t\t\tHost: pulumi.String(\"me.com\"),\n\t\t\tPassword: pulumi.Any(sqlUserPasswordGoogleKmsSecret.Plaintext),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetKMSSecretAsymmetricArgs;\nimport com.pulumi.random.RandomId;\nimport com.pulumi.random.RandomIdArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var sqlUserPassword = KmsFunctions.getKMSSecretAsymmetric(GetKMSSecretAsymmetricArgs.builder()\n .cryptoKeyVersion(myCryptoKey.id())\n .crc32(\"12c59e54\")\n .ciphertext(\"\"\"\n M7nUoba9EGVTu2LjNjBKGdGVBYjyS/i/AY+4yQMQF0Qf/RfUfX31Jw6+VO9OuThq\n ylu/7ihX9XD4bM7yYdXnMv9p1OHQUlorSBSbb/J6n1W9UJhcp6um8Tw8/Isx4f75\n 4PskYS6f8Y2ItliGt1/A9iR5BTgGtJBwOxMlgoX2Ggq+Nh4E5SbdoaE5o6CO1nBx\n eIPsPEebQ6qC4JehQM3IGuV/lrm58+hZhaXAqNzX1cEYyAt5GYqJIVCiI585SUYs\n wRToGyTgaN+zthF0HP9IWlR4Am4LmJ/1OcePTnYw11CkU8wNRbDzVAzogwNH+rXr\n LTmf7hxVjBm6bBSVSNFcBKAXFlllubSfIeZ5hgzGqn54OmSf6odO12L5JxllddHc\n yAd54vWKs2kJtnsKV2V4ZdkI0w6y1TeI67baFZDNGo6qsCpFMPnvv7d46Pg2VOp1\n J6Ivner0NnNHE4MzNmpZRk8WXMwqq4P/gTiT7F/aCX6oFCUQ4AWPQhJYh2dkcOmL\n IP+47Veb10aFn61F1CJwpmOOiGNXKdDT1vK8CMnnwhm825K0q/q9Zqpzc1+1ae1z\n mSqol1zCoa88CuSN6nTLQlVnN/dzfrGbc0boJPaM0iGhHtSzHk4SWg84LhiJB1q9\n A9XFJmOVdkvRY9nnz/iVLAdd0Q3vFtLqCdUYsNN2yh4=\n \"\"\")\n .build());\n\n var dbNameSuffix = new RandomId(\"dbNameSuffix\", RandomIdArgs.builder()\n .byteLength(4)\n .build());\n\n var main = new DatabaseInstance(\"main\", DatabaseInstanceArgs.builder()\n .name(dbNameSuffix.hex().applyValue(hex -\u003e String.format(\"main-instance-%s\", hex)))\n .databaseVersion(\"MYSQL_5_7\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .build())\n .build());\n\n var users = new User(\"users\", UserArgs.builder()\n .name(\"me\")\n .instance(main.name())\n .host(\"me.com\")\n .password(sqlUserPasswordGoogleKmsSecret.plaintext())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dbNameSuffix:\n type: random:RandomId\n name: db_name_suffix\n properties:\n byteLength: 4\n main:\n type: gcp:sql:DatabaseInstance\n properties:\n name: main-instance-${dbNameSuffix.hex}\n databaseVersion: MYSQL_5_7\n settings:\n tier: db-f1-micro\n users:\n type: gcp:sql:User\n properties:\n name: me\n instance: ${main.name}\n host: me.com\n password: ${sqlUserPasswordGoogleKmsSecret.plaintext}\nvariables:\n sqlUserPassword:\n fn::invoke:\n Function: gcp:kms:getKMSSecretAsymmetric\n Arguments:\n cryptoKeyVersion: ${myCryptoKey.id}\n crc32: 12c59e54\n ciphertext: |2\n M7nUoba9EGVTu2LjNjBKGdGVBYjyS/i/AY+4yQMQF0Qf/RfUfX31Jw6+VO9OuThq\n ylu/7ihX9XD4bM7yYdXnMv9p1OHQUlorSBSbb/J6n1W9UJhcp6um8Tw8/Isx4f75\n 4PskYS6f8Y2ItliGt1/A9iR5BTgGtJBwOxMlgoX2Ggq+Nh4E5SbdoaE5o6CO1nBx\n eIPsPEebQ6qC4JehQM3IGuV/lrm58+hZhaXAqNzX1cEYyAt5GYqJIVCiI585SUYs\n wRToGyTgaN+zthF0HP9IWlR4Am4LmJ/1OcePTnYw11CkU8wNRbDzVAzogwNH+rXr\n LTmf7hxVjBm6bBSVSNFcBKAXFlllubSfIeZ5hgzGqn54OmSf6odO12L5JxllddHc\n yAd54vWKs2kJtnsKV2V4ZdkI0w6y1TeI67baFZDNGo6qsCpFMPnvv7d46Pg2VOp1\n J6Ivner0NnNHE4MzNmpZRk8WXMwqq4P/gTiT7F/aCX6oFCUQ4AWPQhJYh2dkcOmL\n IP+47Veb10aFn61F1CJwpmOOiGNXKdDT1vK8CMnnwhm825K0q/q9Zqpzc1+1ae1z\n mSqol1zCoa88CuSN6nTLQlVnN/dzfrGbc0boJPaM0iGhHtSzHk4SWg84LhiJB1q9\n A9XFJmOVdkvRY9nnz/iVLAdd0Q3vFtLqCdUYsNN2yh4=\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nThis will result in a Cloud SQL user being created with password `my-secret-password`.\n", + "description": "## Example Usage\n\nFirst, create a KMS KeyRing and CryptoKey using the resource definitions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myKeyRing = new gcp.kms.KeyRing(\"my_key_ring\", {\n project: \"my-project\",\n name: \"my-key-ring\",\n location: \"us-central1\",\n});\nconst myCryptoKeyCryptoKey = new gcp.kms.CryptoKey(\"my_crypto_key\", {\n name: \"my-crypto-key\",\n keyRing: myKeyRing.id,\n purpose: \"ASYMMETRIC_DECRYPT\",\n versionTemplate: {\n algorithm: \"RSA_DECRYPT_OAEP_4096_SHA256\",\n },\n});\nconst myCryptoKey = gcp.kms.getKMSCryptoKeyVersionOutput({\n cryptoKey: myCryptoKeyCryptoKey.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_key_ring = gcp.kms.KeyRing(\"my_key_ring\",\n project=\"my-project\",\n name=\"my-key-ring\",\n location=\"us-central1\")\nmy_crypto_key_crypto_key = gcp.kms.CryptoKey(\"my_crypto_key\",\n name=\"my-crypto-key\",\n key_ring=my_key_ring.id,\n purpose=\"ASYMMETRIC_DECRYPT\",\n version_template={\n \"algorithm\": \"RSA_DECRYPT_OAEP_4096_SHA256\",\n })\nmy_crypto_key = gcp.kms.get_kms_crypto_key_version_output(crypto_key=my_crypto_key_crypto_key.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myKeyRing = new Gcp.Kms.KeyRing(\"my_key_ring\", new()\n {\n Project = \"my-project\",\n Name = \"my-key-ring\",\n Location = \"us-central1\",\n });\n\n var myCryptoKeyCryptoKey = new Gcp.Kms.CryptoKey(\"my_crypto_key\", new()\n {\n Name = \"my-crypto-key\",\n KeyRing = myKeyRing.Id,\n Purpose = \"ASYMMETRIC_DECRYPT\",\n VersionTemplate = new Gcp.Kms.Inputs.CryptoKeyVersionTemplateArgs\n {\n Algorithm = \"RSA_DECRYPT_OAEP_4096_SHA256\",\n },\n });\n\n var myCryptoKey = Gcp.Kms.GetKMSCryptoKeyVersion.Invoke(new()\n {\n CryptoKey = myCryptoKeyCryptoKey.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyKeyRing, err := kms.NewKeyRing(ctx, \"my_key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tProject: pulumi.String(\"my-project\"),\n\t\t\tName: pulumi.String(\"my-key-ring\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyCryptoKeyCryptoKey, err := kms.NewCryptoKey(ctx, \"my_crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"my-crypto-key\"),\n\t\t\tKeyRing: myKeyRing.ID(),\n\t\t\tPurpose: pulumi.String(\"ASYMMETRIC_DECRYPT\"),\n\t\t\tVersionTemplate: \u0026kms.CryptoKeyVersionTemplateArgs{\n\t\t\t\tAlgorithm: pulumi.String(\"RSA_DECRYPT_OAEP_4096_SHA256\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_ = kms.GetKMSCryptoKeyVersionOutput(ctx, kms.GetKMSCryptoKeyVersionOutputArgs{\n\t\t\tCryptoKey: myCryptoKeyCryptoKey.ID(),\n\t\t}, nil)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.kms.inputs.CryptoKeyVersionTemplateArgs;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myKeyRing = new KeyRing(\"myKeyRing\", KeyRingArgs.builder()\n .project(\"my-project\")\n .name(\"my-key-ring\")\n .location(\"us-central1\")\n .build());\n\n var myCryptoKeyCryptoKey = new CryptoKey(\"myCryptoKeyCryptoKey\", CryptoKeyArgs.builder()\n .name(\"my-crypto-key\")\n .keyRing(myKeyRing.id())\n .purpose(\"ASYMMETRIC_DECRYPT\")\n .versionTemplate(CryptoKeyVersionTemplateArgs.builder()\n .algorithm(\"RSA_DECRYPT_OAEP_4096_SHA256\")\n .build())\n .build());\n\n final var myCryptoKey = KmsFunctions.getKMSCryptoKeyVersion(GetKMSCryptoKeyVersionArgs.builder()\n .cryptoKey(myCryptoKeyCryptoKey.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myKeyRing:\n type: gcp:kms:KeyRing\n name: my_key_ring\n properties:\n project: my-project\n name: my-key-ring\n location: us-central1\n myCryptoKeyCryptoKey:\n type: gcp:kms:CryptoKey\n name: my_crypto_key\n properties:\n name: my-crypto-key\n keyRing: ${myKeyRing.id}\n purpose: ASYMMETRIC_DECRYPT\n versionTemplate:\n algorithm: RSA_DECRYPT_OAEP_4096_SHA256\nvariables:\n myCryptoKey:\n fn::invoke:\n function: gcp:kms:getKMSCryptoKeyVersion\n arguments:\n cryptoKey: ${myCryptoKeyCryptoKey.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nNext, use the [Cloud SDK](https://cloud.google.com/kms/docs/encrypt-decrypt-rsa#kms-encrypt-asymmetric-cli) to encrypt \nsome sensitive information:\n\n```bash\n## get the public key to encrypt the secret with\n$ gcloud kms keys versions get-public-key 1 \\\n --project my-project \\\n --location us-central1 \\\n --keyring my-key-ring \\\n --key my-crypto-key \\\n --output-file public-key.pem\n\n## encrypt secret with the public key\n$ echo -n my-secret-password | \\\n openssl pkeyutl -in - \\\n -encrypt \\\n -pubin \\\n -inkey public-key.pem \\\n -pkeyopt rsa_padding_mode:oaep \\\n -pkeyopt rsa_oaep_md:sha256 \\\n -pkeyopt rsa_mgf1_md:sha256 \u003e \\\n my-secret-password.enc\n \n## base64 encode the ciphertext \n$ openssl base64 -in my-secret-password.enc\nM7nUoba9EGVTu2LjNjBKGdGVBYjyS/i/AY+4yQMQF0Qf/RfUfX31Jw6+VO9OuThq\nylu/7ihX9XD4bM7yYdXnMv9p1OHQUlorSBSbb/J6n1W9UJhcp6um8Tw8/Isx4f75\n4PskYS6f8Y2ItliGt1/A9iR5BTgGtJBwOxMlgoX2Ggq+Nh4E5SbdoaE5o6CO1nBx\neIPsPEebQ6qC4JehQM3IGuV/lrm58+hZhaXAqNzX1cEYyAt5GYqJIVCiI585SUYs\nwRToGyTgaN+zthF0HP9IWlR4Am4LmJ/1OcePTnYw11CkU8wNRbDzVAzogwNH+rXr\nLTmf7hxVjBm6bBSVSNFcBKAXFlllubSfIeZ5hgzGqn54OmSf6odO12L5JxllddHc\nyAd54vWKs2kJtnsKV2V4ZdkI0w6y1TeI67baFZDNGo6qsCpFMPnvv7d46Pg2VOp1\nJ6Ivner0NnNHE4MzNmpZRk8WXMwqq4P/gTiT7F/aCX6oFCUQ4AWPQhJYh2dkcOmL\nIP+47Veb10aFn61F1CJwpmOOiGNXKdDT1vK8CMnnwhm825K0q/q9Zqpzc1+1ae1z\nmSqol1zCoa88CuSN6nTLQlVnN/dzfrGbc0boJPaM0iGhHtSzHk4SWg84LhiJB1q9\nA9XFJmOVdkvRY9nnz/iVLAdd0Q3vFtLqCdUYsNN2yh4=\n\n## optionally calculate the CRC32 of the ciphertext\n$ go get github.com/binxio/crc32 \n$ $GOPATH/bin/crc32 -polynomial castagnoli \u003c my-secret-password.enc\n12c59e54\n```\n\nFinally, reference the encrypted ciphertext in your resource definitions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as random from \"@pulumi/random\";\n\nconst sqlUserPassword = gcp.kms.getKMSSecretAsymmetric({\n cryptoKeyVersion: myCryptoKey.id,\n crc32: \"12c59e54\",\n ciphertext: ` M7nUoba9EGVTu2LjNjBKGdGVBYjyS/i/AY+4yQMQF0Qf/RfUfX31Jw6+VO9OuThq\n ylu/7ihX9XD4bM7yYdXnMv9p1OHQUlorSBSbb/J6n1W9UJhcp6um8Tw8/Isx4f75\n 4PskYS6f8Y2ItliGt1/A9iR5BTgGtJBwOxMlgoX2Ggq+Nh4E5SbdoaE5o6CO1nBx\n eIPsPEebQ6qC4JehQM3IGuV/lrm58+hZhaXAqNzX1cEYyAt5GYqJIVCiI585SUYs\n wRToGyTgaN+zthF0HP9IWlR4Am4LmJ/1OcePTnYw11CkU8wNRbDzVAzogwNH+rXr\n LTmf7hxVjBm6bBSVSNFcBKAXFlllubSfIeZ5hgzGqn54OmSf6odO12L5JxllddHc\n yAd54vWKs2kJtnsKV2V4ZdkI0w6y1TeI67baFZDNGo6qsCpFMPnvv7d46Pg2VOp1\n J6Ivner0NnNHE4MzNmpZRk8WXMwqq4P/gTiT7F/aCX6oFCUQ4AWPQhJYh2dkcOmL\n IP+47Veb10aFn61F1CJwpmOOiGNXKdDT1vK8CMnnwhm825K0q/q9Zqpzc1+1ae1z\n mSqol1zCoa88CuSN6nTLQlVnN/dzfrGbc0boJPaM0iGhHtSzHk4SWg84LhiJB1q9\n A9XFJmOVdkvRY9nnz/iVLAdd0Q3vFtLqCdUYsNN2yh4=\n`,\n});\nconst dbNameSuffix = new random.RandomId(\"db_name_suffix\", {byteLength: 4});\nconst main = new gcp.sql.DatabaseInstance(\"main\", {\n name: pulumi.interpolate`main-instance-${dbNameSuffix.hex}`,\n databaseVersion: \"MYSQL_5_7\",\n settings: {\n tier: \"db-f1-micro\",\n },\n});\nconst users = new gcp.sql.User(\"users\", {\n name: \"me\",\n instance: main.name,\n host: \"me.com\",\n password: sqlUserPasswordGoogleKmsSecret.plaintext,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_random as random\n\nsql_user_password = gcp.kms.get_kms_secret_asymmetric(crypto_key_version=my_crypto_key[\"id\"],\n crc32=\"12c59e54\",\n ciphertext=\"\"\" M7nUoba9EGVTu2LjNjBKGdGVBYjyS/i/AY+4yQMQF0Qf/RfUfX31Jw6+VO9OuThq\n ylu/7ihX9XD4bM7yYdXnMv9p1OHQUlorSBSbb/J6n1W9UJhcp6um8Tw8/Isx4f75\n 4PskYS6f8Y2ItliGt1/A9iR5BTgGtJBwOxMlgoX2Ggq+Nh4E5SbdoaE5o6CO1nBx\n eIPsPEebQ6qC4JehQM3IGuV/lrm58+hZhaXAqNzX1cEYyAt5GYqJIVCiI585SUYs\n wRToGyTgaN+zthF0HP9IWlR4Am4LmJ/1OcePTnYw11CkU8wNRbDzVAzogwNH+rXr\n LTmf7hxVjBm6bBSVSNFcBKAXFlllubSfIeZ5hgzGqn54OmSf6odO12L5JxllddHc\n yAd54vWKs2kJtnsKV2V4ZdkI0w6y1TeI67baFZDNGo6qsCpFMPnvv7d46Pg2VOp1\n J6Ivner0NnNHE4MzNmpZRk8WXMwqq4P/gTiT7F/aCX6oFCUQ4AWPQhJYh2dkcOmL\n IP+47Veb10aFn61F1CJwpmOOiGNXKdDT1vK8CMnnwhm825K0q/q9Zqpzc1+1ae1z\n mSqol1zCoa88CuSN6nTLQlVnN/dzfrGbc0boJPaM0iGhHtSzHk4SWg84LhiJB1q9\n A9XFJmOVdkvRY9nnz/iVLAdd0Q3vFtLqCdUYsNN2yh4=\n\"\"\")\ndb_name_suffix = random.RandomId(\"db_name_suffix\", byte_length=4)\nmain = gcp.sql.DatabaseInstance(\"main\",\n name=db_name_suffix.hex.apply(lambda hex: f\"main-instance-{hex}\"),\n database_version=\"MYSQL_5_7\",\n settings={\n \"tier\": \"db-f1-micro\",\n })\nusers = gcp.sql.User(\"users\",\n name=\"me\",\n instance=main.name,\n host=\"me.com\",\n password=sql_user_password_google_kms_secret[\"plaintext\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Random = Pulumi.Random;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sqlUserPassword = Gcp.Kms.GetKMSSecretAsymmetric.Invoke(new()\n {\n CryptoKeyVersion = myCryptoKey.Id,\n Crc32 = \"12c59e54\",\n Ciphertext = @\" M7nUoba9EGVTu2LjNjBKGdGVBYjyS/i/AY+4yQMQF0Qf/RfUfX31Jw6+VO9OuThq\n ylu/7ihX9XD4bM7yYdXnMv9p1OHQUlorSBSbb/J6n1W9UJhcp6um8Tw8/Isx4f75\n 4PskYS6f8Y2ItliGt1/A9iR5BTgGtJBwOxMlgoX2Ggq+Nh4E5SbdoaE5o6CO1nBx\n eIPsPEebQ6qC4JehQM3IGuV/lrm58+hZhaXAqNzX1cEYyAt5GYqJIVCiI585SUYs\n wRToGyTgaN+zthF0HP9IWlR4Am4LmJ/1OcePTnYw11CkU8wNRbDzVAzogwNH+rXr\n LTmf7hxVjBm6bBSVSNFcBKAXFlllubSfIeZ5hgzGqn54OmSf6odO12L5JxllddHc\n yAd54vWKs2kJtnsKV2V4ZdkI0w6y1TeI67baFZDNGo6qsCpFMPnvv7d46Pg2VOp1\n J6Ivner0NnNHE4MzNmpZRk8WXMwqq4P/gTiT7F/aCX6oFCUQ4AWPQhJYh2dkcOmL\n IP+47Veb10aFn61F1CJwpmOOiGNXKdDT1vK8CMnnwhm825K0q/q9Zqpzc1+1ae1z\n mSqol1zCoa88CuSN6nTLQlVnN/dzfrGbc0boJPaM0iGhHtSzHk4SWg84LhiJB1q9\n A9XFJmOVdkvRY9nnz/iVLAdd0Q3vFtLqCdUYsNN2yh4=\n\",\n });\n\n var dbNameSuffix = new Random.RandomId(\"db_name_suffix\", new()\n {\n ByteLength = 4,\n });\n\n var main = new Gcp.Sql.DatabaseInstance(\"main\", new()\n {\n Name = dbNameSuffix.Hex.Apply(hex =\u003e $\"main-instance-{hex}\"),\n DatabaseVersion = \"MYSQL_5_7\",\n Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs\n {\n Tier = \"db-f1-micro\",\n },\n });\n\n var users = new Gcp.Sql.User(\"users\", new()\n {\n Name = \"me\",\n Instance = main.Name,\n Host = \"me.com\",\n Password = sqlUserPasswordGoogleKmsSecret.Plaintext,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi-random/sdk/v4/go/random\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.GetKMSSecretAsymmetric(ctx, \u0026kms.GetKMSSecretAsymmetricArgs{\n\t\t\tCryptoKeyVersion: myCryptoKey.Id,\n\t\t\tCrc32: pulumi.StringRef(\"12c59e54\"),\n\t\t\tCiphertext: ` M7nUoba9EGVTu2LjNjBKGdGVBYjyS/i/AY+4yQMQF0Qf/RfUfX31Jw6+VO9OuThq\n ylu/7ihX9XD4bM7yYdXnMv9p1OHQUlorSBSbb/J6n1W9UJhcp6um8Tw8/Isx4f75\n 4PskYS6f8Y2ItliGt1/A9iR5BTgGtJBwOxMlgoX2Ggq+Nh4E5SbdoaE5o6CO1nBx\n eIPsPEebQ6qC4JehQM3IGuV/lrm58+hZhaXAqNzX1cEYyAt5GYqJIVCiI585SUYs\n wRToGyTgaN+zthF0HP9IWlR4Am4LmJ/1OcePTnYw11CkU8wNRbDzVAzogwNH+rXr\n LTmf7hxVjBm6bBSVSNFcBKAXFlllubSfIeZ5hgzGqn54OmSf6odO12L5JxllddHc\n yAd54vWKs2kJtnsKV2V4ZdkI0w6y1TeI67baFZDNGo6qsCpFMPnvv7d46Pg2VOp1\n J6Ivner0NnNHE4MzNmpZRk8WXMwqq4P/gTiT7F/aCX6oFCUQ4AWPQhJYh2dkcOmL\n IP+47Veb10aFn61F1CJwpmOOiGNXKdDT1vK8CMnnwhm825K0q/q9Zqpzc1+1ae1z\n mSqol1zCoa88CuSN6nTLQlVnN/dzfrGbc0boJPaM0iGhHtSzHk4SWg84LhiJB1q9\n A9XFJmOVdkvRY9nnz/iVLAdd0Q3vFtLqCdUYsNN2yh4=\n`,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdbNameSuffix, err := random.NewRandomId(ctx, \"db_name_suffix\", \u0026random.RandomIdArgs{\n\t\t\tByteLength: pulumi.Int(4),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmain, err := sql.NewDatabaseInstance(ctx, \"main\", \u0026sql.DatabaseInstanceArgs{\n\t\t\tName: dbNameSuffix.Hex.ApplyT(func(hex string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"main-instance-%v\", hex), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tDatabaseVersion: pulumi.String(\"MYSQL_5_7\"),\n\t\t\tSettings: \u0026sql.DatabaseInstanceSettingsArgs{\n\t\t\t\tTier: pulumi.String(\"db-f1-micro\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sql.NewUser(ctx, \"users\", \u0026sql.UserArgs{\n\t\t\tName: pulumi.String(\"me\"),\n\t\t\tInstance: main.Name,\n\t\t\tHost: pulumi.String(\"me.com\"),\n\t\t\tPassword: pulumi.Any(sqlUserPasswordGoogleKmsSecret.Plaintext),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetKMSSecretAsymmetricArgs;\nimport com.pulumi.random.RandomId;\nimport com.pulumi.random.RandomIdArgs;\nimport com.pulumi.gcp.sql.DatabaseInstance;\nimport com.pulumi.gcp.sql.DatabaseInstanceArgs;\nimport com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;\nimport com.pulumi.gcp.sql.User;\nimport com.pulumi.gcp.sql.UserArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var sqlUserPassword = KmsFunctions.getKMSSecretAsymmetric(GetKMSSecretAsymmetricArgs.builder()\n .cryptoKeyVersion(myCryptoKey.id())\n .crc32(\"12c59e54\")\n .ciphertext(\"\"\"\n M7nUoba9EGVTu2LjNjBKGdGVBYjyS/i/AY+4yQMQF0Qf/RfUfX31Jw6+VO9OuThq\n ylu/7ihX9XD4bM7yYdXnMv9p1OHQUlorSBSbb/J6n1W9UJhcp6um8Tw8/Isx4f75\n 4PskYS6f8Y2ItliGt1/A9iR5BTgGtJBwOxMlgoX2Ggq+Nh4E5SbdoaE5o6CO1nBx\n eIPsPEebQ6qC4JehQM3IGuV/lrm58+hZhaXAqNzX1cEYyAt5GYqJIVCiI585SUYs\n wRToGyTgaN+zthF0HP9IWlR4Am4LmJ/1OcePTnYw11CkU8wNRbDzVAzogwNH+rXr\n LTmf7hxVjBm6bBSVSNFcBKAXFlllubSfIeZ5hgzGqn54OmSf6odO12L5JxllddHc\n yAd54vWKs2kJtnsKV2V4ZdkI0w6y1TeI67baFZDNGo6qsCpFMPnvv7d46Pg2VOp1\n J6Ivner0NnNHE4MzNmpZRk8WXMwqq4P/gTiT7F/aCX6oFCUQ4AWPQhJYh2dkcOmL\n IP+47Veb10aFn61F1CJwpmOOiGNXKdDT1vK8CMnnwhm825K0q/q9Zqpzc1+1ae1z\n mSqol1zCoa88CuSN6nTLQlVnN/dzfrGbc0boJPaM0iGhHtSzHk4SWg84LhiJB1q9\n A9XFJmOVdkvRY9nnz/iVLAdd0Q3vFtLqCdUYsNN2yh4=\n \"\"\")\n .build());\n\n var dbNameSuffix = new RandomId(\"dbNameSuffix\", RandomIdArgs.builder()\n .byteLength(4)\n .build());\n\n var main = new DatabaseInstance(\"main\", DatabaseInstanceArgs.builder()\n .name(dbNameSuffix.hex().applyValue(hex -\u003e String.format(\"main-instance-%s\", hex)))\n .databaseVersion(\"MYSQL_5_7\")\n .settings(DatabaseInstanceSettingsArgs.builder()\n .tier(\"db-f1-micro\")\n .build())\n .build());\n\n var users = new User(\"users\", UserArgs.builder()\n .name(\"me\")\n .instance(main.name())\n .host(\"me.com\")\n .password(sqlUserPasswordGoogleKmsSecret.plaintext())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dbNameSuffix:\n type: random:RandomId\n name: db_name_suffix\n properties:\n byteLength: 4\n main:\n type: gcp:sql:DatabaseInstance\n properties:\n name: main-instance-${dbNameSuffix.hex}\n databaseVersion: MYSQL_5_7\n settings:\n tier: db-f1-micro\n users:\n type: gcp:sql:User\n properties:\n name: me\n instance: ${main.name}\n host: me.com\n password: ${sqlUserPasswordGoogleKmsSecret.plaintext}\nvariables:\n sqlUserPassword:\n fn::invoke:\n function: gcp:kms:getKMSSecretAsymmetric\n arguments:\n cryptoKeyVersion: ${myCryptoKey.id}\n crc32: 12c59e54\n ciphertext: |2\n M7nUoba9EGVTu2LjNjBKGdGVBYjyS/i/AY+4yQMQF0Qf/RfUfX31Jw6+VO9OuThq\n ylu/7ihX9XD4bM7yYdXnMv9p1OHQUlorSBSbb/J6n1W9UJhcp6um8Tw8/Isx4f75\n 4PskYS6f8Y2ItliGt1/A9iR5BTgGtJBwOxMlgoX2Ggq+Nh4E5SbdoaE5o6CO1nBx\n eIPsPEebQ6qC4JehQM3IGuV/lrm58+hZhaXAqNzX1cEYyAt5GYqJIVCiI585SUYs\n wRToGyTgaN+zthF0HP9IWlR4Am4LmJ/1OcePTnYw11CkU8wNRbDzVAzogwNH+rXr\n LTmf7hxVjBm6bBSVSNFcBKAXFlllubSfIeZ5hgzGqn54OmSf6odO12L5JxllddHc\n yAd54vWKs2kJtnsKV2V4ZdkI0w6y1TeI67baFZDNGo6qsCpFMPnvv7d46Pg2VOp1\n J6Ivner0NnNHE4MzNmpZRk8WXMwqq4P/gTiT7F/aCX6oFCUQ4AWPQhJYh2dkcOmL\n IP+47Veb10aFn61F1CJwpmOOiGNXKdDT1vK8CMnnwhm825K0q/q9Zqpzc1+1ae1z\n mSqol1zCoa88CuSN6nTLQlVnN/dzfrGbc0boJPaM0iGhHtSzHk4SWg84LhiJB1q9\n A9XFJmOVdkvRY9nnz/iVLAdd0Q3vFtLqCdUYsNN2yh4=\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nThis will result in a Cloud SQL user being created with password `my-secret-password`.\n", "inputs": { "description": "A collection of arguments for invoking getKMSSecretAsymmetric.\n", "properties": { @@ -296062,7 +296062,7 @@ } }, "gcp:kms/getKMSSecretCiphertext:getKMSSecretCiphertext": { - "description": "!\u003e **Warning:** This data source is deprecated. Use the `gcp.kms.SecretCiphertext` **resource** instead.\n\nThis data source allows you to encrypt data with Google Cloud KMS and use the\nciphertext within your resource definitions.\n\nFor more information see\n[the official documentation](https://cloud.google.com/kms/docs/encrypt-decrypt).\n\n\u003e **NOTE:** Using this data source will allow you to conceal secret data within your\nresource definitions, but it does not take care of protecting that data in the\nlogging output, plan output, or state output. Please take care to secure your secret\ndata outside of resource definitions.\n\n## Example Usage\n\nFirst, create a KMS KeyRing and CryptoKey using the resource definitions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myKeyRing = new gcp.kms.KeyRing(\"my_key_ring\", {\n project: \"my-project\",\n name: \"my-key-ring\",\n location: \"us-central1\",\n});\nconst myCryptoKey = new gcp.kms.CryptoKey(\"my_crypto_key\", {\n name: \"my-crypto-key\",\n keyRing: myKeyRing.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_key_ring = gcp.kms.KeyRing(\"my_key_ring\",\n project=\"my-project\",\n name=\"my-key-ring\",\n location=\"us-central1\")\nmy_crypto_key = gcp.kms.CryptoKey(\"my_crypto_key\",\n name=\"my-crypto-key\",\n key_ring=my_key_ring.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myKeyRing = new Gcp.Kms.KeyRing(\"my_key_ring\", new()\n {\n Project = \"my-project\",\n Name = \"my-key-ring\",\n Location = \"us-central1\",\n });\n\n var myCryptoKey = new Gcp.Kms.CryptoKey(\"my_crypto_key\", new()\n {\n Name = \"my-crypto-key\",\n KeyRing = myKeyRing.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyKeyRing, err := kms.NewKeyRing(ctx, \"my_key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tProject: pulumi.String(\"my-project\"),\n\t\t\tName: pulumi.String(\"my-key-ring\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewCryptoKey(ctx, \"my_crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"my-crypto-key\"),\n\t\t\tKeyRing: myKeyRing.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myKeyRing = new KeyRing(\"myKeyRing\", KeyRingArgs.builder()\n .project(\"my-project\")\n .name(\"my-key-ring\")\n .location(\"us-central1\")\n .build());\n\n var myCryptoKey = new CryptoKey(\"myCryptoKey\", CryptoKeyArgs.builder()\n .name(\"my-crypto-key\")\n .keyRing(myKeyRing.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myKeyRing:\n type: gcp:kms:KeyRing\n name: my_key_ring\n properties:\n project: my-project\n name: my-key-ring\n location: us-central1\n myCryptoKey:\n type: gcp:kms:CryptoKey\n name: my_crypto_key\n properties:\n name: my-crypto-key\n keyRing: ${myKeyRing.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nNext, encrypt some sensitive information and use the encrypted data in your resource definitions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myPassword = gcp.kms.getKMSSecretCiphertext({\n cryptoKey: myCryptoKey.id,\n plaintext: \"my-secret-password\",\n});\nconst instance = new gcp.compute.Instance(\"instance\", {\n networkInterfaces: [{\n accessConfigs: [{}],\n network: \"default\",\n }],\n name: \"test\",\n machineType: \"e2-medium\",\n zone: \"us-central1-a\",\n bootDisk: {\n initializeParams: {\n image: \"debian-cloud/debian-11\",\n },\n },\n metadata: {\n password: myPassword.then(myPassword =\u003e myPassword.ciphertext),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_password = gcp.kms.get_kms_secret_ciphertext(crypto_key=my_crypto_key[\"id\"],\n plaintext=\"my-secret-password\")\ninstance = gcp.compute.Instance(\"instance\",\n network_interfaces=[{\n \"access_configs\": [{}],\n \"network\": \"default\",\n }],\n name=\"test\",\n machine_type=\"e2-medium\",\n zone=\"us-central1-a\",\n boot_disk={\n \"initialize_params\": {\n \"image\": \"debian-cloud/debian-11\",\n },\n },\n metadata={\n \"password\": my_password.ciphertext,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myPassword = Gcp.Kms.GetKMSSecretCiphertext.Invoke(new()\n {\n CryptoKey = myCryptoKey.Id,\n Plaintext = \"my-secret-password\",\n });\n\n var instance = new Gcp.Compute.Instance(\"instance\", new()\n {\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs\n {\n AccessConfigs = new[]\n {\n null,\n },\n Network = \"default\",\n },\n },\n Name = \"test\",\n MachineType = \"e2-medium\",\n Zone = \"us-central1-a\",\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = \"debian-cloud/debian-11\",\n },\n },\n Metadata = \n {\n { \"password\", myPassword.Apply(getKMSSecretCiphertextResult =\u003e getKMSSecretCiphertextResult.Ciphertext) },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyPassword, err := kms.GetKMSSecretCiphertext(ctx, \u0026kms.GetKMSSecretCiphertextArgs{\n\t\t\tCryptoKey: myCryptoKey.Id,\n\t\t\tPlaintext: \"my-secret-password\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstance(ctx, \"instance\", \u0026compute.InstanceArgs{\n\t\t\tNetworkInterfaces: compute.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tAccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{\n\t\t\t\t\t\t\u0026compute.InstanceNetworkInterfaceAccessConfigArgs{},\n\t\t\t\t\t},\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tName: pulumi.String(\"test\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\n\t\t\t\t\tImage: pulumi.String(\"debian-cloud/debian-11\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tMetadata: pulumi.StringMap{\n\t\t\t\t\"password\": pulumi.String(myPassword.Ciphertext),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetKMSSecretCiphertextArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myPassword = KmsFunctions.getKMSSecretCiphertext(GetKMSSecretCiphertextArgs.builder()\n .cryptoKey(myCryptoKey.id())\n .plaintext(\"my-secret-password\")\n .build());\n\n var instance = new Instance(\"instance\", InstanceArgs.builder()\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .accessConfigs()\n .network(\"default\")\n .build())\n .name(\"test\")\n .machineType(\"e2-medium\")\n .zone(\"us-central1-a\")\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(\"debian-cloud/debian-11\")\n .build())\n .build())\n .metadata(Map.of(\"password\", myPassword.applyValue(getKMSSecretCiphertextResult -\u003e getKMSSecretCiphertextResult.ciphertext())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:compute:Instance\n properties:\n networkInterfaces:\n - accessConfigs:\n - {}\n network: default\n name: test\n machineType: e2-medium\n zone: us-central1-a\n bootDisk:\n initializeParams:\n image: debian-cloud/debian-11\n metadata:\n password: ${myPassword.ciphertext}\nvariables:\n myPassword:\n fn::invoke:\n Function: gcp:kms:getKMSSecretCiphertext\n Arguments:\n cryptoKey: ${myCryptoKey.id}\n plaintext: my-secret-password\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nThe resulting instance can then access the encrypted password from its metadata\nand decrypt it, e.g. using the [Cloud SDK](https://cloud.google.com/sdk/gcloud/reference/kms/decrypt)):\n\n```bash\n$ curl -H \"Metadata-Flavor: Google\" http://metadata.google.internal/computeMetadata/v1/instance/attributes/password \\\n\u003e | base64 -d | gcloud kms decrypt \\\n\u003e --project my-project \\\n\u003e --location us-central1 \\\n\u003e --keyring my-key-ring \\\n\u003e --key my-crypto-key \\\n\u003e --plaintext-file - \\\n\u003e --ciphertext-file - \\\nmy-secret-password\n```\n", + "description": "!\u003e **Warning:** This data source is deprecated. Use the `gcp.kms.SecretCiphertext` **resource** instead.\n\nThis data source allows you to encrypt data with Google Cloud KMS and use the\nciphertext within your resource definitions.\n\nFor more information see\n[the official documentation](https://cloud.google.com/kms/docs/encrypt-decrypt).\n\n\u003e **NOTE:** Using this data source will allow you to conceal secret data within your\nresource definitions, but it does not take care of protecting that data in the\nlogging output, plan output, or state output. Please take care to secure your secret\ndata outside of resource definitions.\n\n## Example Usage\n\nFirst, create a KMS KeyRing and CryptoKey using the resource definitions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myKeyRing = new gcp.kms.KeyRing(\"my_key_ring\", {\n project: \"my-project\",\n name: \"my-key-ring\",\n location: \"us-central1\",\n});\nconst myCryptoKey = new gcp.kms.CryptoKey(\"my_crypto_key\", {\n name: \"my-crypto-key\",\n keyRing: myKeyRing.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_key_ring = gcp.kms.KeyRing(\"my_key_ring\",\n project=\"my-project\",\n name=\"my-key-ring\",\n location=\"us-central1\")\nmy_crypto_key = gcp.kms.CryptoKey(\"my_crypto_key\",\n name=\"my-crypto-key\",\n key_ring=my_key_ring.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myKeyRing = new Gcp.Kms.KeyRing(\"my_key_ring\", new()\n {\n Project = \"my-project\",\n Name = \"my-key-ring\",\n Location = \"us-central1\",\n });\n\n var myCryptoKey = new Gcp.Kms.CryptoKey(\"my_crypto_key\", new()\n {\n Name = \"my-crypto-key\",\n KeyRing = myKeyRing.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyKeyRing, err := kms.NewKeyRing(ctx, \"my_key_ring\", \u0026kms.KeyRingArgs{\n\t\t\tProject: pulumi.String(\"my-project\"),\n\t\t\tName: pulumi.String(\"my-key-ring\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewCryptoKey(ctx, \"my_crypto_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"my-crypto-key\"),\n\t\t\tKeyRing: myKeyRing.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myKeyRing = new KeyRing(\"myKeyRing\", KeyRingArgs.builder()\n .project(\"my-project\")\n .name(\"my-key-ring\")\n .location(\"us-central1\")\n .build());\n\n var myCryptoKey = new CryptoKey(\"myCryptoKey\", CryptoKeyArgs.builder()\n .name(\"my-crypto-key\")\n .keyRing(myKeyRing.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myKeyRing:\n type: gcp:kms:KeyRing\n name: my_key_ring\n properties:\n project: my-project\n name: my-key-ring\n location: us-central1\n myCryptoKey:\n type: gcp:kms:CryptoKey\n name: my_crypto_key\n properties:\n name: my-crypto-key\n keyRing: ${myKeyRing.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nNext, encrypt some sensitive information and use the encrypted data in your resource definitions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myPassword = gcp.kms.getKMSSecretCiphertext({\n cryptoKey: myCryptoKey.id,\n plaintext: \"my-secret-password\",\n});\nconst instance = new gcp.compute.Instance(\"instance\", {\n networkInterfaces: [{\n accessConfigs: [{}],\n network: \"default\",\n }],\n name: \"test\",\n machineType: \"e2-medium\",\n zone: \"us-central1-a\",\n bootDisk: {\n initializeParams: {\n image: \"debian-cloud/debian-11\",\n },\n },\n metadata: {\n password: myPassword.then(myPassword =\u003e myPassword.ciphertext),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_password = gcp.kms.get_kms_secret_ciphertext(crypto_key=my_crypto_key[\"id\"],\n plaintext=\"my-secret-password\")\ninstance = gcp.compute.Instance(\"instance\",\n network_interfaces=[{\n \"access_configs\": [{}],\n \"network\": \"default\",\n }],\n name=\"test\",\n machine_type=\"e2-medium\",\n zone=\"us-central1-a\",\n boot_disk={\n \"initialize_params\": {\n \"image\": \"debian-cloud/debian-11\",\n },\n },\n metadata={\n \"password\": my_password.ciphertext,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myPassword = Gcp.Kms.GetKMSSecretCiphertext.Invoke(new()\n {\n CryptoKey = myCryptoKey.Id,\n Plaintext = \"my-secret-password\",\n });\n\n var instance = new Gcp.Compute.Instance(\"instance\", new()\n {\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs\n {\n AccessConfigs = new[]\n {\n null,\n },\n Network = \"default\",\n },\n },\n Name = \"test\",\n MachineType = \"e2-medium\",\n Zone = \"us-central1-a\",\n BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs\n {\n InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs\n {\n Image = \"debian-cloud/debian-11\",\n },\n },\n Metadata = \n {\n { \"password\", myPassword.Apply(getKMSSecretCiphertextResult =\u003e getKMSSecretCiphertextResult.Ciphertext) },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyPassword, err := kms.GetKMSSecretCiphertext(ctx, \u0026kms.GetKMSSecretCiphertextArgs{\n\t\t\tCryptoKey: myCryptoKey.Id,\n\t\t\tPlaintext: \"my-secret-password\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstance(ctx, \"instance\", \u0026compute.InstanceArgs{\n\t\t\tNetworkInterfaces: compute.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tAccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{\n\t\t\t\t\t\t\u0026compute.InstanceNetworkInterfaceAccessConfigArgs{},\n\t\t\t\t\t},\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tName: pulumi.String(\"test\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tBootDisk: \u0026compute.InstanceBootDiskArgs{\n\t\t\t\tInitializeParams: \u0026compute.InstanceBootDiskInitializeParamsArgs{\n\t\t\t\t\tImage: pulumi.String(\"debian-cloud/debian-11\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tMetadata: pulumi.StringMap{\n\t\t\t\t\"password\": pulumi.String(myPassword.Ciphertext),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetKMSSecretCiphertextArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myPassword = KmsFunctions.getKMSSecretCiphertext(GetKMSSecretCiphertextArgs.builder()\n .cryptoKey(myCryptoKey.id())\n .plaintext(\"my-secret-password\")\n .build());\n\n var instance = new Instance(\"instance\", InstanceArgs.builder()\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .accessConfigs()\n .network(\"default\")\n .build())\n .name(\"test\")\n .machineType(\"e2-medium\")\n .zone(\"us-central1-a\")\n .bootDisk(InstanceBootDiskArgs.builder()\n .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()\n .image(\"debian-cloud/debian-11\")\n .build())\n .build())\n .metadata(Map.of(\"password\", myPassword.applyValue(getKMSSecretCiphertextResult -\u003e getKMSSecretCiphertextResult.ciphertext())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:compute:Instance\n properties:\n networkInterfaces:\n - accessConfigs:\n - {}\n network: default\n name: test\n machineType: e2-medium\n zone: us-central1-a\n bootDisk:\n initializeParams:\n image: debian-cloud/debian-11\n metadata:\n password: ${myPassword.ciphertext}\nvariables:\n myPassword:\n fn::invoke:\n function: gcp:kms:getKMSSecretCiphertext\n arguments:\n cryptoKey: ${myCryptoKey.id}\n plaintext: my-secret-password\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nThe resulting instance can then access the encrypted password from its metadata\nand decrypt it, e.g. using the [Cloud SDK](https://cloud.google.com/sdk/gcloud/reference/kms/decrypt)):\n\n```bash\n$ curl -H \"Metadata-Flavor: Google\" http://metadata.google.internal/computeMetadata/v1/instance/attributes/password \\\n\u003e | base64 -d | gcloud kms decrypt \\\n\u003e --project my-project \\\n\u003e --location us-central1 \\\n\u003e --keyring my-key-ring \\\n\u003e --key my-crypto-key \\\n\u003e --plaintext-file - \\\n\u003e --ciphertext-file - \\\nmy-secret-password\n```\n", "inputs": { "description": "A collection of arguments for invoking getKMSSecretCiphertext.\n", "properties": { @@ -296111,7 +296111,7 @@ } }, "gcp:kms/getKeyRingIamPolicy:getKeyRingIamPolicy": { - "description": "Retrieves the current IAM policy data for a Google Cloud KMS key ring.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst testKeyRingIamPolicy = gcp.kms.getKeyRingIamPolicy({\n keyRingId: \"{project_id}/{location_name}/{key_ring_name}\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest_key_ring_iam_policy = gcp.kms.get_key_ring_iam_policy(key_ring_id=\"{project_id}/{location_name}/{key_ring_name}\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testKeyRingIamPolicy = Gcp.Kms.GetKeyRingIamPolicy.Invoke(new()\n {\n KeyRingId = \"{project_id}/{location_name}/{key_ring_name}\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.GetKeyRingIamPolicy(ctx, \u0026kms.GetKeyRingIamPolicyArgs{\n\t\t\tKeyRingId: \"{project_id}/{location_name}/{key_ring_name}\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetKeyRingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var testKeyRingIamPolicy = KmsFunctions.getKeyRingIamPolicy(GetKeyRingIamPolicyArgs.builder()\n .keyRingId(\"{project_id}/{location_name}/{key_ring_name}\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n testKeyRingIamPolicy:\n fn::invoke:\n Function: gcp:kms:getKeyRingIamPolicy\n Arguments:\n keyRingId: '{project_id}/{location_name}/{key_ring_name}'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for a Google Cloud KMS key ring.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst testKeyRingIamPolicy = gcp.kms.getKeyRingIamPolicy({\n keyRingId: \"{project_id}/{location_name}/{key_ring_name}\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest_key_ring_iam_policy = gcp.kms.get_key_ring_iam_policy(key_ring_id=\"{project_id}/{location_name}/{key_ring_name}\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testKeyRingIamPolicy = Gcp.Kms.GetKeyRingIamPolicy.Invoke(new()\n {\n KeyRingId = \"{project_id}/{location_name}/{key_ring_name}\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.GetKeyRingIamPolicy(ctx, \u0026kms.GetKeyRingIamPolicyArgs{\n\t\t\tKeyRingId: \"{project_id}/{location_name}/{key_ring_name}\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KmsFunctions;\nimport com.pulumi.gcp.kms.inputs.GetKeyRingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var testKeyRingIamPolicy = KmsFunctions.getKeyRingIamPolicy(GetKeyRingIamPolicyArgs.builder()\n .keyRingId(\"{project_id}/{location_name}/{key_ring_name}\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n testKeyRingIamPolicy:\n fn::invoke:\n function: gcp:kms:getKeyRingIamPolicy\n arguments:\n keyRingId: '{project_id}/{location_name}/{key_ring_name}'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getKeyRingIamPolicy.\n", "properties": { @@ -296205,7 +296205,7 @@ } }, "gcp:logging/getFolderSettings:getFolderSettings": { - "description": "Describes the settings associated with a folder.\n\nTo get more information about LoggingFolderSettings, see:\n\n* [API documentation](https://cloud.google.com/logging/docs/reference/v2/rest/v2/folders/getSettings)\n* [Configure default settings for organizations and folders](https://cloud.google.com/logging/docs/default-settings).\n\n## Example Usage\n\n### Logging Folder Settings Basic\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst settings = gcp.logging.getFolderSettings({\n folder: \"my-folder-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsettings = gcp.logging.get_folder_settings(folder=\"my-folder-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var settings = Gcp.Logging.GetFolderSettings.Invoke(new()\n {\n Folder = \"my-folder-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.LookupFolderSettings(ctx, \u0026logging.LookupFolderSettingsArgs{\n\t\t\tFolder: \"my-folder-name\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LoggingFunctions;\nimport com.pulumi.gcp.logging.inputs.GetFolderSettingsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var settings = LoggingFunctions.getFolderSettings(GetFolderSettingsArgs.builder()\n .folder(\"my-folder-name\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n settings:\n fn::invoke:\n Function: gcp:logging:getFolderSettings\n Arguments:\n folder: my-folder-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Describes the settings associated with a folder.\n\nTo get more information about LoggingFolderSettings, see:\n\n* [API documentation](https://cloud.google.com/logging/docs/reference/v2/rest/v2/folders/getSettings)\n* [Configure default settings for organizations and folders](https://cloud.google.com/logging/docs/default-settings).\n\n## Example Usage\n\n### Logging Folder Settings Basic\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst settings = gcp.logging.getFolderSettings({\n folder: \"my-folder-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsettings = gcp.logging.get_folder_settings(folder=\"my-folder-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var settings = Gcp.Logging.GetFolderSettings.Invoke(new()\n {\n Folder = \"my-folder-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.LookupFolderSettings(ctx, \u0026logging.LookupFolderSettingsArgs{\n\t\t\tFolder: \"my-folder-name\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LoggingFunctions;\nimport com.pulumi.gcp.logging.inputs.GetFolderSettingsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var settings = LoggingFunctions.getFolderSettings(GetFolderSettingsArgs.builder()\n .folder(\"my-folder-name\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n settings:\n fn::invoke:\n function: gcp:logging:getFolderSettings\n arguments:\n folder: my-folder-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getFolderSettings.\n", "properties": { @@ -296268,7 +296268,7 @@ } }, "gcp:logging/getLogViewIamPolicy:getLogViewIamPolicy": { - "description": "Retrieves the current IAM policy data for logview\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.logging.getLogViewIamPolicy({\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.logging.get_log_view_iam_policy(parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Logging.GetLogViewIamPolicy.Invoke(new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.LookupLogViewIamPolicy(ctx, \u0026logging.LookupLogViewIamPolicyArgs{\n\t\t\tParent: loggingLogView.Parent,\n\t\t\tLocation: pulumi.StringRef(loggingLogView.Location),\n\t\t\tBucket: loggingLogView.Bucket,\n\t\t\tName: loggingLogView.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LoggingFunctions;\nimport com.pulumi.gcp.logging.inputs.GetLogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = LoggingFunctions.getLogViewIamPolicy(GetLogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:logging:getLogViewIamPolicy\n Arguments:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for logview\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.logging.getLogViewIamPolicy({\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.logging.get_log_view_iam_policy(parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Logging.GetLogViewIamPolicy.Invoke(new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.LookupLogViewIamPolicy(ctx, \u0026logging.LookupLogViewIamPolicyArgs{\n\t\t\tParent: loggingLogView.Parent,\n\t\t\tLocation: pulumi.StringRef(loggingLogView.Location),\n\t\t\tBucket: loggingLogView.Bucket,\n\t\t\tName: loggingLogView.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LoggingFunctions;\nimport com.pulumi.gcp.logging.inputs.GetLogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = LoggingFunctions.getLogViewIamPolicy(GetLogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:logging:getLogViewIamPolicy\n arguments:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getLogViewIamPolicy.\n", "properties": { @@ -296341,7 +296341,7 @@ } }, "gcp:logging/getOrganizationSettings:getOrganizationSettings": { - "description": "Describes the settings associated with a organization.\n\nTo get more information about LoggingOrganizationSettings, see:\n\n* [API documentation](https://cloud.google.com/logging/docs/reference/v2/rest/v2/organizations/getSettings)\n* [Configure default settings for organizations and folders](https://cloud.google.com/logging/docs/default-settings).\n\n## Example Usage\n\n### Logging Organization Settings Basic\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst settings = gcp.logging.getOrganizationSettings({\n organization: \"my-organization-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsettings = gcp.logging.get_organization_settings(organization=\"my-organization-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var settings = Gcp.Logging.GetOrganizationSettings.Invoke(new()\n {\n Organization = \"my-organization-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.LookupOrganizationSettings(ctx, \u0026logging.LookupOrganizationSettingsArgs{\n\t\t\tOrganization: \"my-organization-name\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LoggingFunctions;\nimport com.pulumi.gcp.logging.inputs.GetOrganizationSettingsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var settings = LoggingFunctions.getOrganizationSettings(GetOrganizationSettingsArgs.builder()\n .organization(\"my-organization-name\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n settings:\n fn::invoke:\n Function: gcp:logging:getOrganizationSettings\n Arguments:\n organization: my-organization-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Describes the settings associated with a organization.\n\nTo get more information about LoggingOrganizationSettings, see:\n\n* [API documentation](https://cloud.google.com/logging/docs/reference/v2/rest/v2/organizations/getSettings)\n* [Configure default settings for organizations and folders](https://cloud.google.com/logging/docs/default-settings).\n\n## Example Usage\n\n### Logging Organization Settings Basic\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst settings = gcp.logging.getOrganizationSettings({\n organization: \"my-organization-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsettings = gcp.logging.get_organization_settings(organization=\"my-organization-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var settings = Gcp.Logging.GetOrganizationSettings.Invoke(new()\n {\n Organization = \"my-organization-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.LookupOrganizationSettings(ctx, \u0026logging.LookupOrganizationSettingsArgs{\n\t\t\tOrganization: \"my-organization-name\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LoggingFunctions;\nimport com.pulumi.gcp.logging.inputs.GetOrganizationSettingsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var settings = LoggingFunctions.getOrganizationSettings(GetOrganizationSettingsArgs.builder()\n .organization(\"my-organization-name\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n settings:\n fn::invoke:\n function: gcp:logging:getOrganizationSettings\n arguments:\n organization: my-organization-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getOrganizationSettings.\n", "properties": { @@ -296404,7 +296404,7 @@ } }, "gcp:logging/getProjectCmekSettings:getProjectCmekSettings": { - "description": "Describes the customer-managed encryption key (CMEK) settings associated with a project.\n\nTo get more information about Service, see:\n\n* [API documentation](https://cloud.google.com/logging/docs/reference/v2/rest/v2/projects/getCmekSettings)\n* [Enable CMEK](https://cloud.google.com/logging/docs/routing/managed-encryption-storage#enable).\n\n## Example Usage\n\n### Logging Project Cmek Settings Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cmekSettings = gcp.logging.getProjectCmekSettings({\n project: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncmek_settings = gcp.logging.get_project_cmek_settings(project=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cmekSettings = Gcp.Logging.GetProjectCmekSettings.Invoke(new()\n {\n Project = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.GetProjectCmekSettings(ctx, \u0026logging.GetProjectCmekSettingsArgs{\n\t\t\tProject: \"my-project-name\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LoggingFunctions;\nimport com.pulumi.gcp.logging.inputs.GetProjectCmekSettingsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var cmekSettings = LoggingFunctions.getProjectCmekSettings(GetProjectCmekSettingsArgs.builder()\n .project(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n cmekSettings:\n fn::invoke:\n Function: gcp:logging:getProjectCmekSettings\n Arguments:\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Describes the customer-managed encryption key (CMEK) settings associated with a project.\n\nTo get more information about Service, see:\n\n* [API documentation](https://cloud.google.com/logging/docs/reference/v2/rest/v2/projects/getCmekSettings)\n* [Enable CMEK](https://cloud.google.com/logging/docs/routing/managed-encryption-storage#enable).\n\n## Example Usage\n\n### Logging Project Cmek Settings Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst cmekSettings = gcp.logging.getProjectCmekSettings({\n project: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncmek_settings = gcp.logging.get_project_cmek_settings(project=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cmekSettings = Gcp.Logging.GetProjectCmekSettings.Invoke(new()\n {\n Project = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.GetProjectCmekSettings(ctx, \u0026logging.GetProjectCmekSettingsArgs{\n\t\t\tProject: \"my-project-name\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LoggingFunctions;\nimport com.pulumi.gcp.logging.inputs.GetProjectCmekSettingsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var cmekSettings = LoggingFunctions.getProjectCmekSettings(GetProjectCmekSettingsArgs.builder()\n .project(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n cmekSettings:\n fn::invoke:\n function: gcp:logging:getProjectCmekSettings\n arguments:\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getProjectCmekSettings.\n", "properties": { @@ -296460,7 +296460,7 @@ } }, "gcp:logging/getProjectSettings:getProjectSettings": { - "description": "Describes the settings associated with a project.\n\nTo get more information about LoggingProjectSettings, see:\n\n* [API documentation](https://cloud.google.com/logging/docs/reference/v2/rest/v2/projects/getSettings)\n* [Configure default settings for organizations and folders](https://cloud.google.com/logging/docs/default-settings).\n\n## Example Usage\n\n### Logging Project Settings Basic\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst settings = gcp.logging.getProjectSettings({\n project: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsettings = gcp.logging.get_project_settings(project=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var settings = Gcp.Logging.GetProjectSettings.Invoke(new()\n {\n Project = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.GetProjectSettings(ctx, \u0026logging.GetProjectSettingsArgs{\n\t\t\tProject: \"my-project-name\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LoggingFunctions;\nimport com.pulumi.gcp.logging.inputs.GetProjectSettingsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var settings = LoggingFunctions.getProjectSettings(GetProjectSettingsArgs.builder()\n .project(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n settings:\n fn::invoke:\n Function: gcp:logging:getProjectSettings\n Arguments:\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Describes the settings associated with a project.\n\nTo get more information about LoggingProjectSettings, see:\n\n* [API documentation](https://cloud.google.com/logging/docs/reference/v2/rest/v2/projects/getSettings)\n* [Configure default settings for organizations and folders](https://cloud.google.com/logging/docs/default-settings).\n\n## Example Usage\n\n### Logging Project Settings Basic\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst settings = gcp.logging.getProjectSettings({\n project: \"my-project-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsettings = gcp.logging.get_project_settings(project=\"my-project-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var settings = Gcp.Logging.GetProjectSettings.Invoke(new()\n {\n Project = \"my-project-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.GetProjectSettings(ctx, \u0026logging.GetProjectSettingsArgs{\n\t\t\tProject: \"my-project-name\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LoggingFunctions;\nimport com.pulumi.gcp.logging.inputs.GetProjectSettingsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var settings = LoggingFunctions.getProjectSettings(GetProjectSettingsArgs.builder()\n .project(\"my-project-name\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n settings:\n fn::invoke:\n function: gcp:logging:getProjectSettings\n arguments:\n project: my-project-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getProjectSettings.\n", "properties": { @@ -296523,7 +296523,7 @@ } }, "gcp:logging/getSink:getSink": { - "description": "Use this data source to get a project, folder, organization or billing account logging sink details.\nTo get more information about Service, see:\n\n[API documentation](https://cloud.google.com/logging/docs/reference/v2/rest/v2/sinks)\n\n## Example Usage\n\n### Retrieve Project Logging Sink Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project-sink = gcp.logging.getSink({\n id: \"projects/0123456789/sinks/my-sink-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject_sink = gcp.logging.get_sink(id=\"projects/0123456789/sinks/my-sink-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project_sink = Gcp.Logging.GetSink.Invoke(new()\n {\n Id = \"projects/0123456789/sinks/my-sink-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.GetSink(ctx, \u0026logging.GetSinkArgs{\n\t\t\tId: \"projects/0123456789/sinks/my-sink-name\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LoggingFunctions;\nimport com.pulumi.gcp.logging.inputs.GetSinkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project-sink = LoggingFunctions.getSink(GetSinkArgs.builder()\n .id(\"projects/0123456789/sinks/my-sink-name\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n project-sink:\n fn::invoke:\n Function: gcp:logging:getSink\n Arguments:\n id: projects/0123456789/sinks/my-sink-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get a project, folder, organization or billing account logging sink details.\nTo get more information about Service, see:\n\n[API documentation](https://cloud.google.com/logging/docs/reference/v2/rest/v2/sinks)\n\n## Example Usage\n\n### Retrieve Project Logging Sink Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project-sink = gcp.logging.getSink({\n id: \"projects/0123456789/sinks/my-sink-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject_sink = gcp.logging.get_sink(id=\"projects/0123456789/sinks/my-sink-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project_sink = Gcp.Logging.GetSink.Invoke(new()\n {\n Id = \"projects/0123456789/sinks/my-sink-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.GetSink(ctx, \u0026logging.GetSinkArgs{\n\t\t\tId: \"projects/0123456789/sinks/my-sink-name\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LoggingFunctions;\nimport com.pulumi.gcp.logging.inputs.GetSinkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project-sink = LoggingFunctions.getSink(GetSinkArgs.builder()\n .id(\"projects/0123456789/sinks/my-sink-name\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n project-sink:\n fn::invoke:\n function: gcp:logging:getSink\n arguments:\n id: projects/0123456789/sinks/my-sink-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getSink.\n", "properties": { @@ -296597,7 +296597,7 @@ } }, "gcp:monitoring/getAppEngineService:getAppEngineService": { - "description": "A Monitoring Service is the root resource under which operational aspects of a\ngeneric service are accessible. A service is some discrete, autonomous, and\nnetwork-accessible unit, designed to solve an individual concern\n\nAn App Engine monitoring service is automatically created by GCP to monitor\nApp Engine services.\n\n\nTo get more information about Service, see:\n\n* [API documentation](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/services)\n* How-to Guides\n * [Service Monitoring](https://cloud.google.com/monitoring/service-monitoring)\n * [Monitoring API Documentation](https://cloud.google.com/monitoring/api/v3/)\n\n## Example Usage\n\n### Monitoring App Engine Service\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: \"appengine-static-content\",\n location: \"US\",\n});\nconst object = new gcp.storage.BucketObject(\"object\", {\n name: \"hello-world.zip\",\n bucket: bucket.name,\n source: new pulumi.asset.FileAsset(\"./test-fixtures/hello-world.zip\"),\n});\nconst myapp = new gcp.appengine.StandardAppVersion(\"myapp\", {\n versionId: \"v1\",\n service: \"myapp\",\n runtime: \"nodejs20\",\n entrypoint: {\n shell: \"node ./app.js\",\n },\n deployment: {\n zip: {\n sourceUrl: pulumi.interpolate`https://storage.googleapis.com/${bucket.name}/${object.name}`,\n },\n },\n envVariables: {\n port: \"8080\",\n },\n deleteServiceOnDestroy: false,\n});\n// Monitors the default AppEngine service\nconst srv = gcp.monitoring.getAppEngineServiceOutput({\n moduleId: myapp.service,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbucket = gcp.storage.Bucket(\"bucket\",\n name=\"appengine-static-content\",\n location=\"US\")\nobject = gcp.storage.BucketObject(\"object\",\n name=\"hello-world.zip\",\n bucket=bucket.name,\n source=pulumi.FileAsset(\"./test-fixtures/hello-world.zip\"))\nmyapp = gcp.appengine.StandardAppVersion(\"myapp\",\n version_id=\"v1\",\n service=\"myapp\",\n runtime=\"nodejs20\",\n entrypoint={\n \"shell\": \"node ./app.js\",\n },\n deployment={\n \"zip\": {\n \"source_url\": pulumi.Output.all(\n bucketName=bucket.name,\n objectName=object.name\n).apply(lambda resolved_outputs: f\"https://storage.googleapis.com/{resolved_outputs['bucketName']}/{resolved_outputs['objectName']}\")\n,\n },\n },\n env_variables={\n \"port\": \"8080\",\n },\n delete_service_on_destroy=False)\n# Monitors the default AppEngine service\nsrv = gcp.monitoring.get_app_engine_service_output(module_id=myapp.service)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = \"appengine-static-content\",\n Location = \"US\",\n });\n\n var @object = new Gcp.Storage.BucketObject(\"object\", new()\n {\n Name = \"hello-world.zip\",\n Bucket = bucket.Name,\n Source = new FileAsset(\"./test-fixtures/hello-world.zip\"),\n });\n\n var myapp = new Gcp.AppEngine.StandardAppVersion(\"myapp\", new()\n {\n VersionId = \"v1\",\n Service = \"myapp\",\n Runtime = \"nodejs20\",\n Entrypoint = new Gcp.AppEngine.Inputs.StandardAppVersionEntrypointArgs\n {\n Shell = \"node ./app.js\",\n },\n Deployment = new Gcp.AppEngine.Inputs.StandardAppVersionDeploymentArgs\n {\n Zip = new Gcp.AppEngine.Inputs.StandardAppVersionDeploymentZipArgs\n {\n SourceUrl = Output.Tuple(bucket.Name, @object.Name).Apply(values =\u003e\n {\n var bucketName = values.Item1;\n var objectName = values.Item2;\n return $\"https://storage.googleapis.com/{bucketName}/{objectName}\";\n }),\n },\n },\n EnvVariables = \n {\n { \"port\", \"8080\" },\n },\n DeleteServiceOnDestroy = false,\n });\n\n // Monitors the default AppEngine service\n var srv = Gcp.Monitoring.GetAppEngineService.Invoke(new()\n {\n ModuleId = myapp.Service,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/appengine\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/monitoring\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"appengine-static-content\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tobject, err := storage.NewBucketObject(ctx, \"object\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"hello-world.zip\"),\n\t\t\tBucket: bucket.Name,\n\t\t\tSource: pulumi.NewFileAsset(\"./test-fixtures/hello-world.zip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyapp, err := appengine.NewStandardAppVersion(ctx, \"myapp\", \u0026appengine.StandardAppVersionArgs{\n\t\t\tVersionId: pulumi.String(\"v1\"),\n\t\t\tService: pulumi.String(\"myapp\"),\n\t\t\tRuntime: pulumi.String(\"nodejs20\"),\n\t\t\tEntrypoint: \u0026appengine.StandardAppVersionEntrypointArgs{\n\t\t\t\tShell: pulumi.String(\"node ./app.js\"),\n\t\t\t},\n\t\t\tDeployment: \u0026appengine.StandardAppVersionDeploymentArgs{\n\t\t\t\tZip: \u0026appengine.StandardAppVersionDeploymentZipArgs{\n\t\t\t\t\tSourceUrl: pulumi.All(bucket.Name, object.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\tbucketName := _args[0].(string)\n\t\t\t\t\t\tobjectName := _args[1].(string)\n\t\t\t\t\t\treturn fmt.Sprintf(\"https://storage.googleapis.com/%v/%v\", bucketName, objectName), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEnvVariables: pulumi.StringMap{\n\t\t\t\t\"port\": pulumi.String(\"8080\"),\n\t\t\t},\n\t\t\tDeleteServiceOnDestroy: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Monitors the default AppEngine service\n\t\t_ = monitoring.GetAppEngineServiceOutput(ctx, monitoring.GetAppEngineServiceOutputArgs{\n\t\t\tModuleId: myapp.Service,\n\t\t}, nil)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.appengine.StandardAppVersion;\nimport com.pulumi.gcp.appengine.StandardAppVersionArgs;\nimport com.pulumi.gcp.appengine.inputs.StandardAppVersionEntrypointArgs;\nimport com.pulumi.gcp.appengine.inputs.StandardAppVersionDeploymentArgs;\nimport com.pulumi.gcp.appengine.inputs.StandardAppVersionDeploymentZipArgs;\nimport com.pulumi.gcp.monitoring.MonitoringFunctions;\nimport com.pulumi.gcp.monitoring.inputs.GetAppEngineServiceArgs;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(\"appengine-static-content\")\n .location(\"US\")\n .build());\n\n var object = new BucketObject(\"object\", BucketObjectArgs.builder()\n .name(\"hello-world.zip\")\n .bucket(bucket.name())\n .source(new FileAsset(\"./test-fixtures/hello-world.zip\"))\n .build());\n\n var myapp = new StandardAppVersion(\"myapp\", StandardAppVersionArgs.builder()\n .versionId(\"v1\")\n .service(\"myapp\")\n .runtime(\"nodejs20\")\n .entrypoint(StandardAppVersionEntrypointArgs.builder()\n .shell(\"node ./app.js\")\n .build())\n .deployment(StandardAppVersionDeploymentArgs.builder()\n .zip(StandardAppVersionDeploymentZipArgs.builder()\n .sourceUrl(Output.tuple(bucket.name(), object.name()).applyValue(values -\u003e {\n var bucketName = values.t1;\n var objectName = values.t2;\n return String.format(\"https://storage.googleapis.com/%s/%s\", bucketName,objectName);\n }))\n .build())\n .build())\n .envVariables(Map.of(\"port\", \"8080\"))\n .deleteServiceOnDestroy(false)\n .build());\n\n // Monitors the default AppEngine service\n final var srv = MonitoringFunctions.getAppEngineService(GetAppEngineServiceArgs.builder()\n .moduleId(myapp.service())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myapp:\n type: gcp:appengine:StandardAppVersion\n properties:\n versionId: v1\n service: myapp\n runtime: nodejs20\n entrypoint:\n shell: node ./app.js\n deployment:\n zip:\n sourceUrl: https://storage.googleapis.com/${bucket.name}/${object.name}\n envVariables:\n port: '8080'\n deleteServiceOnDestroy: false\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: appengine-static-content\n location: US\n object:\n type: gcp:storage:BucketObject\n properties:\n name: hello-world.zip\n bucket: ${bucket.name}\n source:\n fn::FileAsset: ./test-fixtures/hello-world.zip\nvariables:\n # Monitors the default AppEngine service\n srv:\n fn::invoke:\n Function: gcp:monitoring:getAppEngineService\n Arguments:\n moduleId: ${myapp.service}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "A Monitoring Service is the root resource under which operational aspects of a\ngeneric service are accessible. A service is some discrete, autonomous, and\nnetwork-accessible unit, designed to solve an individual concern\n\nAn App Engine monitoring service is automatically created by GCP to monitor\nApp Engine services.\n\n\nTo get more information about Service, see:\n\n* [API documentation](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/services)\n* How-to Guides\n * [Service Monitoring](https://cloud.google.com/monitoring/service-monitoring)\n * [Monitoring API Documentation](https://cloud.google.com/monitoring/api/v3/)\n\n## Example Usage\n\n### Monitoring App Engine Service\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: \"appengine-static-content\",\n location: \"US\",\n});\nconst object = new gcp.storage.BucketObject(\"object\", {\n name: \"hello-world.zip\",\n bucket: bucket.name,\n source: new pulumi.asset.FileAsset(\"./test-fixtures/hello-world.zip\"),\n});\nconst myapp = new gcp.appengine.StandardAppVersion(\"myapp\", {\n versionId: \"v1\",\n service: \"myapp\",\n runtime: \"nodejs20\",\n entrypoint: {\n shell: \"node ./app.js\",\n },\n deployment: {\n zip: {\n sourceUrl: pulumi.interpolate`https://storage.googleapis.com/${bucket.name}/${object.name}`,\n },\n },\n envVariables: {\n port: \"8080\",\n },\n deleteServiceOnDestroy: false,\n});\n// Monitors the default AppEngine service\nconst srv = gcp.monitoring.getAppEngineServiceOutput({\n moduleId: myapp.service,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbucket = gcp.storage.Bucket(\"bucket\",\n name=\"appengine-static-content\",\n location=\"US\")\nobject = gcp.storage.BucketObject(\"object\",\n name=\"hello-world.zip\",\n bucket=bucket.name,\n source=pulumi.FileAsset(\"./test-fixtures/hello-world.zip\"))\nmyapp = gcp.appengine.StandardAppVersion(\"myapp\",\n version_id=\"v1\",\n service=\"myapp\",\n runtime=\"nodejs20\",\n entrypoint={\n \"shell\": \"node ./app.js\",\n },\n deployment={\n \"zip\": {\n \"source_url\": pulumi.Output.all(\n bucketName=bucket.name,\n objectName=object.name\n).apply(lambda resolved_outputs: f\"https://storage.googleapis.com/{resolved_outputs['bucketName']}/{resolved_outputs['objectName']}\")\n,\n },\n },\n env_variables={\n \"port\": \"8080\",\n },\n delete_service_on_destroy=False)\n# Monitors the default AppEngine service\nsrv = gcp.monitoring.get_app_engine_service_output(module_id=myapp.service)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = \"appengine-static-content\",\n Location = \"US\",\n });\n\n var @object = new Gcp.Storage.BucketObject(\"object\", new()\n {\n Name = \"hello-world.zip\",\n Bucket = bucket.Name,\n Source = new FileAsset(\"./test-fixtures/hello-world.zip\"),\n });\n\n var myapp = new Gcp.AppEngine.StandardAppVersion(\"myapp\", new()\n {\n VersionId = \"v1\",\n Service = \"myapp\",\n Runtime = \"nodejs20\",\n Entrypoint = new Gcp.AppEngine.Inputs.StandardAppVersionEntrypointArgs\n {\n Shell = \"node ./app.js\",\n },\n Deployment = new Gcp.AppEngine.Inputs.StandardAppVersionDeploymentArgs\n {\n Zip = new Gcp.AppEngine.Inputs.StandardAppVersionDeploymentZipArgs\n {\n SourceUrl = Output.Tuple(bucket.Name, @object.Name).Apply(values =\u003e\n {\n var bucketName = values.Item1;\n var objectName = values.Item2;\n return $\"https://storage.googleapis.com/{bucketName}/{objectName}\";\n }),\n },\n },\n EnvVariables = \n {\n { \"port\", \"8080\" },\n },\n DeleteServiceOnDestroy = false,\n });\n\n // Monitors the default AppEngine service\n var srv = Gcp.Monitoring.GetAppEngineService.Invoke(new()\n {\n ModuleId = myapp.Service,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/appengine\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/monitoring\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"appengine-static-content\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tobject, err := storage.NewBucketObject(ctx, \"object\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"hello-world.zip\"),\n\t\t\tBucket: bucket.Name,\n\t\t\tSource: pulumi.NewFileAsset(\"./test-fixtures/hello-world.zip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyapp, err := appengine.NewStandardAppVersion(ctx, \"myapp\", \u0026appengine.StandardAppVersionArgs{\n\t\t\tVersionId: pulumi.String(\"v1\"),\n\t\t\tService: pulumi.String(\"myapp\"),\n\t\t\tRuntime: pulumi.String(\"nodejs20\"),\n\t\t\tEntrypoint: \u0026appengine.StandardAppVersionEntrypointArgs{\n\t\t\t\tShell: pulumi.String(\"node ./app.js\"),\n\t\t\t},\n\t\t\tDeployment: \u0026appengine.StandardAppVersionDeploymentArgs{\n\t\t\t\tZip: \u0026appengine.StandardAppVersionDeploymentZipArgs{\n\t\t\t\t\tSourceUrl: pulumi.All(bucket.Name, object.Name).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\tbucketName := _args[0].(string)\n\t\t\t\t\t\tobjectName := _args[1].(string)\n\t\t\t\t\t\treturn fmt.Sprintf(\"https://storage.googleapis.com/%v/%v\", bucketName, objectName), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEnvVariables: pulumi.StringMap{\n\t\t\t\t\"port\": pulumi.String(\"8080\"),\n\t\t\t},\n\t\t\tDeleteServiceOnDestroy: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Monitors the default AppEngine service\n\t\t_ = monitoring.GetAppEngineServiceOutput(ctx, monitoring.GetAppEngineServiceOutputArgs{\n\t\t\tModuleId: myapp.Service,\n\t\t}, nil)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.appengine.StandardAppVersion;\nimport com.pulumi.gcp.appengine.StandardAppVersionArgs;\nimport com.pulumi.gcp.appengine.inputs.StandardAppVersionEntrypointArgs;\nimport com.pulumi.gcp.appengine.inputs.StandardAppVersionDeploymentArgs;\nimport com.pulumi.gcp.appengine.inputs.StandardAppVersionDeploymentZipArgs;\nimport com.pulumi.gcp.monitoring.MonitoringFunctions;\nimport com.pulumi.gcp.monitoring.inputs.GetAppEngineServiceArgs;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(\"appengine-static-content\")\n .location(\"US\")\n .build());\n\n var object = new BucketObject(\"object\", BucketObjectArgs.builder()\n .name(\"hello-world.zip\")\n .bucket(bucket.name())\n .source(new FileAsset(\"./test-fixtures/hello-world.zip\"))\n .build());\n\n var myapp = new StandardAppVersion(\"myapp\", StandardAppVersionArgs.builder()\n .versionId(\"v1\")\n .service(\"myapp\")\n .runtime(\"nodejs20\")\n .entrypoint(StandardAppVersionEntrypointArgs.builder()\n .shell(\"node ./app.js\")\n .build())\n .deployment(StandardAppVersionDeploymentArgs.builder()\n .zip(StandardAppVersionDeploymentZipArgs.builder()\n .sourceUrl(Output.tuple(bucket.name(), object.name()).applyValue(values -\u003e {\n var bucketName = values.t1;\n var objectName = values.t2;\n return String.format(\"https://storage.googleapis.com/%s/%s\", bucketName,objectName);\n }))\n .build())\n .build())\n .envVariables(Map.of(\"port\", \"8080\"))\n .deleteServiceOnDestroy(false)\n .build());\n\n // Monitors the default AppEngine service\n final var srv = MonitoringFunctions.getAppEngineService(GetAppEngineServiceArgs.builder()\n .moduleId(myapp.service())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myapp:\n type: gcp:appengine:StandardAppVersion\n properties:\n versionId: v1\n service: myapp\n runtime: nodejs20\n entrypoint:\n shell: node ./app.js\n deployment:\n zip:\n sourceUrl: https://storage.googleapis.com/${bucket.name}/${object.name}\n envVariables:\n port: '8080'\n deleteServiceOnDestroy: false\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: appengine-static-content\n location: US\n object:\n type: gcp:storage:BucketObject\n properties:\n name: hello-world.zip\n bucket: ${bucket.name}\n source:\n fn::FileAsset: ./test-fixtures/hello-world.zip\nvariables:\n # Monitors the default AppEngine service\n srv:\n fn::invoke:\n function: gcp:monitoring:getAppEngineService\n arguments:\n moduleId: ${myapp.service}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getAppEngineService.\n", "properties": { @@ -296666,7 +296666,7 @@ } }, "gcp:monitoring/getClusterIstioService:getClusterIstioService": { - "description": "A Monitoring Service is the root resource under which operational aspects of a\ngeneric service are accessible. A service is some discrete, autonomous, and\nnetwork-accessible unit, designed to solve an individual concern\n\nAn Cluster Istio monitoring service is automatically created by GCP to monitor\nCluster Istio services.\n\n\nTo get more information about Service, see:\n\n* [API documentation](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/services)\n* How-to Guides\n * [Service Monitoring](https://cloud.google.com/monitoring/service-monitoring)\n * [Monitoring API Documentation](https://cloud.google.com/monitoring/api/v3/)\n\n## Example Usage\n\n### Monitoring Cluster Istio Service\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n// Monitors the default ClusterIstio service\nconst default = gcp.monitoring.getClusterIstioService({\n location: \"us-west2-a\",\n clusterName: \"west\",\n serviceNamespace: \"istio-system\",\n serviceName: \"istio-policy\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n# Monitors the default ClusterIstio service\ndefault = gcp.monitoring.get_cluster_istio_service(location=\"us-west2-a\",\n cluster_name=\"west\",\n service_namespace=\"istio-system\",\n service_name=\"istio-policy\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Monitors the default ClusterIstio service\n var @default = Gcp.Monitoring.GetClusterIstioService.Invoke(new()\n {\n Location = \"us-west2-a\",\n ClusterName = \"west\",\n ServiceNamespace = \"istio-system\",\n ServiceName = \"istio-policy\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/monitoring\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Monitors the default ClusterIstio service\n\t\t_, err := monitoring.GetClusterIstioService(ctx, \u0026monitoring.GetClusterIstioServiceArgs{\n\t\t\tLocation: \"us-west2-a\",\n\t\t\tClusterName: \"west\",\n\t\t\tServiceNamespace: \"istio-system\",\n\t\t\tServiceName: \"istio-policy\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.monitoring.MonitoringFunctions;\nimport com.pulumi.gcp.monitoring.inputs.GetClusterIstioServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Monitors the default ClusterIstio service\n final var default = MonitoringFunctions.getClusterIstioService(GetClusterIstioServiceArgs.builder()\n .location(\"us-west2-a\")\n .clusterName(\"west\")\n .serviceNamespace(\"istio-system\")\n .serviceName(\"istio-policy\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n # Monitors the default ClusterIstio service\n default:\n fn::invoke:\n Function: gcp:monitoring:getClusterIstioService\n Arguments:\n location: us-west2-a\n clusterName: west\n serviceNamespace: istio-system\n serviceName: istio-policy\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "A Monitoring Service is the root resource under which operational aspects of a\ngeneric service are accessible. A service is some discrete, autonomous, and\nnetwork-accessible unit, designed to solve an individual concern\n\nAn Cluster Istio monitoring service is automatically created by GCP to monitor\nCluster Istio services.\n\n\nTo get more information about Service, see:\n\n* [API documentation](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/services)\n* How-to Guides\n * [Service Monitoring](https://cloud.google.com/monitoring/service-monitoring)\n * [Monitoring API Documentation](https://cloud.google.com/monitoring/api/v3/)\n\n## Example Usage\n\n### Monitoring Cluster Istio Service\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n// Monitors the default ClusterIstio service\nconst default = gcp.monitoring.getClusterIstioService({\n location: \"us-west2-a\",\n clusterName: \"west\",\n serviceNamespace: \"istio-system\",\n serviceName: \"istio-policy\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n# Monitors the default ClusterIstio service\ndefault = gcp.monitoring.get_cluster_istio_service(location=\"us-west2-a\",\n cluster_name=\"west\",\n service_namespace=\"istio-system\",\n service_name=\"istio-policy\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Monitors the default ClusterIstio service\n var @default = Gcp.Monitoring.GetClusterIstioService.Invoke(new()\n {\n Location = \"us-west2-a\",\n ClusterName = \"west\",\n ServiceNamespace = \"istio-system\",\n ServiceName = \"istio-policy\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/monitoring\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Monitors the default ClusterIstio service\n\t\t_, err := monitoring.GetClusterIstioService(ctx, \u0026monitoring.GetClusterIstioServiceArgs{\n\t\t\tLocation: \"us-west2-a\",\n\t\t\tClusterName: \"west\",\n\t\t\tServiceNamespace: \"istio-system\",\n\t\t\tServiceName: \"istio-policy\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.monitoring.MonitoringFunctions;\nimport com.pulumi.gcp.monitoring.inputs.GetClusterIstioServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Monitors the default ClusterIstio service\n final var default = MonitoringFunctions.getClusterIstioService(GetClusterIstioServiceArgs.builder()\n .location(\"us-west2-a\")\n .clusterName(\"west\")\n .serviceNamespace(\"istio-system\")\n .serviceName(\"istio-policy\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n # Monitors the default ClusterIstio service\n default:\n fn::invoke:\n function: gcp:monitoring:getClusterIstioService\n arguments:\n location: us-west2-a\n clusterName: west\n serviceNamespace: istio-system\n serviceName: istio-policy\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getClusterIstioService.\n", "properties": { @@ -296762,7 +296762,7 @@ } }, "gcp:monitoring/getIstioCanonicalService:getIstioCanonicalService": { - "description": "A Monitoring Service is the root resource under which operational aspects of a\ngeneric service are accessible. A service is some discrete, autonomous, and\nnetwork-accessible unit, designed to solve an individual concern\n\nA monitoring Istio Canonical Service is automatically created by GCP to monitor\nIstio Canonical Services.\n\n\nTo get more information about Service, see:\n\n* [API documentation](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/services)\n* How-to Guides\n * [Service Monitoring](https://cloud.google.com/monitoring/service-monitoring)\n * [Monitoring API Documentation](https://cloud.google.com/monitoring/api/v3/)\n\n## Example Usage\n\n### Monitoring Istio Canonical Service\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n// Monitors the default MeshIstio service\nconst default = gcp.monitoring.getIstioCanonicalService({\n meshUid: \"proj-573164786102\",\n canonicalServiceNamespace: \"istio-system\",\n canonicalService: \"prometheus\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n# Monitors the default MeshIstio service\ndefault = gcp.monitoring.get_istio_canonical_service(mesh_uid=\"proj-573164786102\",\n canonical_service_namespace=\"istio-system\",\n canonical_service=\"prometheus\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Monitors the default MeshIstio service\n var @default = Gcp.Monitoring.GetIstioCanonicalService.Invoke(new()\n {\n MeshUid = \"proj-573164786102\",\n CanonicalServiceNamespace = \"istio-system\",\n CanonicalService = \"prometheus\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/monitoring\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Monitors the default MeshIstio service\n\t\t_, err := monitoring.GetIstioCanonicalService(ctx, \u0026monitoring.GetIstioCanonicalServiceArgs{\n\t\t\tMeshUid: \"proj-573164786102\",\n\t\t\tCanonicalServiceNamespace: \"istio-system\",\n\t\t\tCanonicalService: \"prometheus\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.monitoring.MonitoringFunctions;\nimport com.pulumi.gcp.monitoring.inputs.GetIstioCanonicalServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Monitors the default MeshIstio service\n final var default = MonitoringFunctions.getIstioCanonicalService(GetIstioCanonicalServiceArgs.builder()\n .meshUid(\"proj-573164786102\")\n .canonicalServiceNamespace(\"istio-system\")\n .canonicalService(\"prometheus\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n # Monitors the default MeshIstio service\n default:\n fn::invoke:\n Function: gcp:monitoring:getIstioCanonicalService\n Arguments:\n meshUid: proj-573164786102\n canonicalServiceNamespace: istio-system\n canonicalService: prometheus\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "A Monitoring Service is the root resource under which operational aspects of a\ngeneric service are accessible. A service is some discrete, autonomous, and\nnetwork-accessible unit, designed to solve an individual concern\n\nA monitoring Istio Canonical Service is automatically created by GCP to monitor\nIstio Canonical Services.\n\n\nTo get more information about Service, see:\n\n* [API documentation](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/services)\n* How-to Guides\n * [Service Monitoring](https://cloud.google.com/monitoring/service-monitoring)\n * [Monitoring API Documentation](https://cloud.google.com/monitoring/api/v3/)\n\n## Example Usage\n\n### Monitoring Istio Canonical Service\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n// Monitors the default MeshIstio service\nconst default = gcp.monitoring.getIstioCanonicalService({\n meshUid: \"proj-573164786102\",\n canonicalServiceNamespace: \"istio-system\",\n canonicalService: \"prometheus\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n# Monitors the default MeshIstio service\ndefault = gcp.monitoring.get_istio_canonical_service(mesh_uid=\"proj-573164786102\",\n canonical_service_namespace=\"istio-system\",\n canonical_service=\"prometheus\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Monitors the default MeshIstio service\n var @default = Gcp.Monitoring.GetIstioCanonicalService.Invoke(new()\n {\n MeshUid = \"proj-573164786102\",\n CanonicalServiceNamespace = \"istio-system\",\n CanonicalService = \"prometheus\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/monitoring\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Monitors the default MeshIstio service\n\t\t_, err := monitoring.GetIstioCanonicalService(ctx, \u0026monitoring.GetIstioCanonicalServiceArgs{\n\t\t\tMeshUid: \"proj-573164786102\",\n\t\t\tCanonicalServiceNamespace: \"istio-system\",\n\t\t\tCanonicalService: \"prometheus\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.monitoring.MonitoringFunctions;\nimport com.pulumi.gcp.monitoring.inputs.GetIstioCanonicalServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Monitors the default MeshIstio service\n final var default = MonitoringFunctions.getIstioCanonicalService(GetIstioCanonicalServiceArgs.builder()\n .meshUid(\"proj-573164786102\")\n .canonicalServiceNamespace(\"istio-system\")\n .canonicalService(\"prometheus\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n # Monitors the default MeshIstio service\n default:\n fn::invoke:\n function: gcp:monitoring:getIstioCanonicalService\n arguments:\n meshUid: proj-573164786102\n canonicalServiceNamespace: istio-system\n canonicalService: prometheus\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getIstioCanonicalService.\n", "properties": { @@ -296849,7 +296849,7 @@ } }, "gcp:monitoring/getMeshIstioService:getMeshIstioService": { - "description": "A Monitoring Service is the root resource under which operational aspects of a\ngeneric service are accessible. A service is some discrete, autonomous, and\nnetwork-accessible unit, designed to solve an individual concern\n\nAn Mesh Istio monitoring service is automatically created by GCP to monitor\nMesh Istio services.\n\n\nTo get more information about Service, see:\n\n* [API documentation](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/services)\n* How-to Guides\n * [Service Monitoring](https://cloud.google.com/monitoring/service-monitoring)\n * [Monitoring API Documentation](https://cloud.google.com/monitoring/api/v3/)\n\n## Example Usage\n\n### Monitoring Mesh Istio Service\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n// Monitors the default MeshIstio service\nconst default = gcp.monitoring.getMeshIstioService({\n meshUid: \"proj-573164786102\",\n serviceNamespace: \"istio-system\",\n serviceName: \"prometheus\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n# Monitors the default MeshIstio service\ndefault = gcp.monitoring.get_mesh_istio_service(mesh_uid=\"proj-573164786102\",\n service_namespace=\"istio-system\",\n service_name=\"prometheus\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Monitors the default MeshIstio service\n var @default = Gcp.Monitoring.GetMeshIstioService.Invoke(new()\n {\n MeshUid = \"proj-573164786102\",\n ServiceNamespace = \"istio-system\",\n ServiceName = \"prometheus\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/monitoring\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Monitors the default MeshIstio service\n\t\t_, err := monitoring.GetMeshIstioService(ctx, \u0026monitoring.GetMeshIstioServiceArgs{\n\t\t\tMeshUid: \"proj-573164786102\",\n\t\t\tServiceNamespace: \"istio-system\",\n\t\t\tServiceName: \"prometheus\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.monitoring.MonitoringFunctions;\nimport com.pulumi.gcp.monitoring.inputs.GetMeshIstioServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Monitors the default MeshIstio service\n final var default = MonitoringFunctions.getMeshIstioService(GetMeshIstioServiceArgs.builder()\n .meshUid(\"proj-573164786102\")\n .serviceNamespace(\"istio-system\")\n .serviceName(\"prometheus\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n # Monitors the default MeshIstio service\n default:\n fn::invoke:\n Function: gcp:monitoring:getMeshIstioService\n Arguments:\n meshUid: proj-573164786102\n serviceNamespace: istio-system\n serviceName: prometheus\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "A Monitoring Service is the root resource under which operational aspects of a\ngeneric service are accessible. A service is some discrete, autonomous, and\nnetwork-accessible unit, designed to solve an individual concern\n\nAn Mesh Istio monitoring service is automatically created by GCP to monitor\nMesh Istio services.\n\n\nTo get more information about Service, see:\n\n* [API documentation](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/services)\n* How-to Guides\n * [Service Monitoring](https://cloud.google.com/monitoring/service-monitoring)\n * [Monitoring API Documentation](https://cloud.google.com/monitoring/api/v3/)\n\n## Example Usage\n\n### Monitoring Mesh Istio Service\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\n// Monitors the default MeshIstio service\nconst default = gcp.monitoring.getMeshIstioService({\n meshUid: \"proj-573164786102\",\n serviceNamespace: \"istio-system\",\n serviceName: \"prometheus\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\n# Monitors the default MeshIstio service\ndefault = gcp.monitoring.get_mesh_istio_service(mesh_uid=\"proj-573164786102\",\n service_namespace=\"istio-system\",\n service_name=\"prometheus\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Monitors the default MeshIstio service\n var @default = Gcp.Monitoring.GetMeshIstioService.Invoke(new()\n {\n MeshUid = \"proj-573164786102\",\n ServiceNamespace = \"istio-system\",\n ServiceName = \"prometheus\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/monitoring\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Monitors the default MeshIstio service\n\t\t_, err := monitoring.GetMeshIstioService(ctx, \u0026monitoring.GetMeshIstioServiceArgs{\n\t\t\tMeshUid: \"proj-573164786102\",\n\t\t\tServiceNamespace: \"istio-system\",\n\t\t\tServiceName: \"prometheus\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.monitoring.MonitoringFunctions;\nimport com.pulumi.gcp.monitoring.inputs.GetMeshIstioServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Monitors the default MeshIstio service\n final var default = MonitoringFunctions.getMeshIstioService(GetMeshIstioServiceArgs.builder()\n .meshUid(\"proj-573164786102\")\n .serviceNamespace(\"istio-system\")\n .serviceName(\"prometheus\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n # Monitors the default MeshIstio service\n default:\n fn::invoke:\n function: gcp:monitoring:getMeshIstioService\n arguments:\n meshUid: proj-573164786102\n serviceNamespace: istio-system\n serviceName: prometheus\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getMeshIstioService.\n", "properties": { @@ -296936,7 +296936,7 @@ } }, "gcp:monitoring/getNotificationChannel:getNotificationChannel": { - "description": "A NotificationChannel is a medium through which an alert is delivered\nwhen a policy violation is detected. Examples of channels include email, SMS,\nand third-party messaging applications. Fields containing sensitive information\nlike authentication tokens or contact info are only partially populated on retrieval.\n\n\nTo get more information about NotificationChannel, see:\n\n* [API documentation](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannels)\n* How-to Guides\n * [Notification Options](https://cloud.google.com/monitoring/support/notification-options)\n * [Monitoring API Documentation](https://cloud.google.com/monitoring/api/v3/)\n\n\n## Example Usage\n\n### Notification Channel Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = gcp.monitoring.getNotificationChannel({\n displayName: \"Test Notification Channel\",\n});\nconst alertPolicy = new gcp.monitoring.AlertPolicy(\"alert_policy\", {\n displayName: \"My Alert Policy\",\n notificationChannels: [basic.then(basic =\u003e basic.name)],\n combiner: \"OR\",\n conditions: [{\n displayName: \"test condition\",\n conditionThreshold: {\n filter: \"metric.type=\\\"compute.googleapis.com/instance/disk/write_bytes_count\\\" AND resource.type=\\\"gce_instance\\\"\",\n duration: \"60s\",\n comparison: \"COMPARISON_GT\",\n aggregations: [{\n alignmentPeriod: \"60s\",\n perSeriesAligner: \"ALIGN_RATE\",\n }],\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic = gcp.monitoring.get_notification_channel(display_name=\"Test Notification Channel\")\nalert_policy = gcp.monitoring.AlertPolicy(\"alert_policy\",\n display_name=\"My Alert Policy\",\n notification_channels=[basic.name],\n combiner=\"OR\",\n conditions=[{\n \"display_name\": \"test condition\",\n \"condition_threshold\": {\n \"filter\": \"metric.type=\\\"compute.googleapis.com/instance/disk/write_bytes_count\\\" AND resource.type=\\\"gce_instance\\\"\",\n \"duration\": \"60s\",\n \"comparison\": \"COMPARISON_GT\",\n \"aggregations\": [{\n \"alignment_period\": \"60s\",\n \"per_series_aligner\": \"ALIGN_RATE\",\n }],\n },\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = Gcp.Monitoring.GetNotificationChannel.Invoke(new()\n {\n DisplayName = \"Test Notification Channel\",\n });\n\n var alertPolicy = new Gcp.Monitoring.AlertPolicy(\"alert_policy\", new()\n {\n DisplayName = \"My Alert Policy\",\n NotificationChannels = new[]\n {\n basic.Apply(getNotificationChannelResult =\u003e getNotificationChannelResult.Name),\n },\n Combiner = \"OR\",\n Conditions = new[]\n {\n new Gcp.Monitoring.Inputs.AlertPolicyConditionArgs\n {\n DisplayName = \"test condition\",\n ConditionThreshold = new Gcp.Monitoring.Inputs.AlertPolicyConditionConditionThresholdArgs\n {\n Filter = \"metric.type=\\\"compute.googleapis.com/instance/disk/write_bytes_count\\\" AND resource.type=\\\"gce_instance\\\"\",\n Duration = \"60s\",\n Comparison = \"COMPARISON_GT\",\n Aggregations = new[]\n {\n new Gcp.Monitoring.Inputs.AlertPolicyConditionConditionThresholdAggregationArgs\n {\n AlignmentPeriod = \"60s\",\n PerSeriesAligner = \"ALIGN_RATE\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/monitoring\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbasic, err := monitoring.LookupNotificationChannel(ctx, \u0026monitoring.LookupNotificationChannelArgs{\n\t\t\tDisplayName: pulumi.StringRef(\"Test Notification Channel\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = monitoring.NewAlertPolicy(ctx, \"alert_policy\", \u0026monitoring.AlertPolicyArgs{\n\t\t\tDisplayName: pulumi.String(\"My Alert Policy\"),\n\t\t\tNotificationChannels: pulumi.StringArray{\n\t\t\t\tpulumi.String(basic.Name),\n\t\t\t},\n\t\t\tCombiner: pulumi.String(\"OR\"),\n\t\t\tConditions: monitoring.AlertPolicyConditionArray{\n\t\t\t\t\u0026monitoring.AlertPolicyConditionArgs{\n\t\t\t\t\tDisplayName: pulumi.String(\"test condition\"),\n\t\t\t\t\tConditionThreshold: \u0026monitoring.AlertPolicyConditionConditionThresholdArgs{\n\t\t\t\t\t\tFilter: pulumi.String(\"metric.type=\\\"compute.googleapis.com/instance/disk/write_bytes_count\\\" AND resource.type=\\\"gce_instance\\\"\"),\n\t\t\t\t\t\tDuration: pulumi.String(\"60s\"),\n\t\t\t\t\t\tComparison: pulumi.String(\"COMPARISON_GT\"),\n\t\t\t\t\t\tAggregations: monitoring.AlertPolicyConditionConditionThresholdAggregationArray{\n\t\t\t\t\t\t\t\u0026monitoring.AlertPolicyConditionConditionThresholdAggregationArgs{\n\t\t\t\t\t\t\t\tAlignmentPeriod: pulumi.String(\"60s\"),\n\t\t\t\t\t\t\t\tPerSeriesAligner: pulumi.String(\"ALIGN_RATE\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.monitoring.MonitoringFunctions;\nimport com.pulumi.gcp.monitoring.inputs.GetNotificationChannelArgs;\nimport com.pulumi.gcp.monitoring.AlertPolicy;\nimport com.pulumi.gcp.monitoring.AlertPolicyArgs;\nimport com.pulumi.gcp.monitoring.inputs.AlertPolicyConditionArgs;\nimport com.pulumi.gcp.monitoring.inputs.AlertPolicyConditionConditionThresholdArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var basic = MonitoringFunctions.getNotificationChannel(GetNotificationChannelArgs.builder()\n .displayName(\"Test Notification Channel\")\n .build());\n\n var alertPolicy = new AlertPolicy(\"alertPolicy\", AlertPolicyArgs.builder()\n .displayName(\"My Alert Policy\")\n .notificationChannels(basic.applyValue(getNotificationChannelResult -\u003e getNotificationChannelResult.name()))\n .combiner(\"OR\")\n .conditions(AlertPolicyConditionArgs.builder()\n .displayName(\"test condition\")\n .conditionThreshold(AlertPolicyConditionConditionThresholdArgs.builder()\n .filter(\"metric.type=\\\"compute.googleapis.com/instance/disk/write_bytes_count\\\" AND resource.type=\\\"gce_instance\\\"\")\n .duration(\"60s\")\n .comparison(\"COMPARISON_GT\")\n .aggregations(AlertPolicyConditionConditionThresholdAggregationArgs.builder()\n .alignmentPeriod(\"60s\")\n .perSeriesAligner(\"ALIGN_RATE\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n alertPolicy:\n type: gcp:monitoring:AlertPolicy\n name: alert_policy\n properties:\n displayName: My Alert Policy\n notificationChannels:\n - ${basic.name}\n combiner: OR\n conditions:\n - displayName: test condition\n conditionThreshold:\n filter: metric.type=\"compute.googleapis.com/instance/disk/write_bytes_count\" AND resource.type=\"gce_instance\"\n duration: 60s\n comparison: COMPARISON_GT\n aggregations:\n - alignmentPeriod: 60s\n perSeriesAligner: ALIGN_RATE\nvariables:\n basic:\n fn::invoke:\n Function: gcp:monitoring:getNotificationChannel\n Arguments:\n displayName: Test Notification Channel\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "A NotificationChannel is a medium through which an alert is delivered\nwhen a policy violation is detected. Examples of channels include email, SMS,\nand third-party messaging applications. Fields containing sensitive information\nlike authentication tokens or contact info are only partially populated on retrieval.\n\n\nTo get more information about NotificationChannel, see:\n\n* [API documentation](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannels)\n* How-to Guides\n * [Notification Options](https://cloud.google.com/monitoring/support/notification-options)\n * [Monitoring API Documentation](https://cloud.google.com/monitoring/api/v3/)\n\n\n## Example Usage\n\n### Notification Channel Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = gcp.monitoring.getNotificationChannel({\n displayName: \"Test Notification Channel\",\n});\nconst alertPolicy = new gcp.monitoring.AlertPolicy(\"alert_policy\", {\n displayName: \"My Alert Policy\",\n notificationChannels: [basic.then(basic =\u003e basic.name)],\n combiner: \"OR\",\n conditions: [{\n displayName: \"test condition\",\n conditionThreshold: {\n filter: \"metric.type=\\\"compute.googleapis.com/instance/disk/write_bytes_count\\\" AND resource.type=\\\"gce_instance\\\"\",\n duration: \"60s\",\n comparison: \"COMPARISON_GT\",\n aggregations: [{\n alignmentPeriod: \"60s\",\n perSeriesAligner: \"ALIGN_RATE\",\n }],\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic = gcp.monitoring.get_notification_channel(display_name=\"Test Notification Channel\")\nalert_policy = gcp.monitoring.AlertPolicy(\"alert_policy\",\n display_name=\"My Alert Policy\",\n notification_channels=[basic.name],\n combiner=\"OR\",\n conditions=[{\n \"display_name\": \"test condition\",\n \"condition_threshold\": {\n \"filter\": \"metric.type=\\\"compute.googleapis.com/instance/disk/write_bytes_count\\\" AND resource.type=\\\"gce_instance\\\"\",\n \"duration\": \"60s\",\n \"comparison\": \"COMPARISON_GT\",\n \"aggregations\": [{\n \"alignment_period\": \"60s\",\n \"per_series_aligner\": \"ALIGN_RATE\",\n }],\n },\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = Gcp.Monitoring.GetNotificationChannel.Invoke(new()\n {\n DisplayName = \"Test Notification Channel\",\n });\n\n var alertPolicy = new Gcp.Monitoring.AlertPolicy(\"alert_policy\", new()\n {\n DisplayName = \"My Alert Policy\",\n NotificationChannels = new[]\n {\n basic.Apply(getNotificationChannelResult =\u003e getNotificationChannelResult.Name),\n },\n Combiner = \"OR\",\n Conditions = new[]\n {\n new Gcp.Monitoring.Inputs.AlertPolicyConditionArgs\n {\n DisplayName = \"test condition\",\n ConditionThreshold = new Gcp.Monitoring.Inputs.AlertPolicyConditionConditionThresholdArgs\n {\n Filter = \"metric.type=\\\"compute.googleapis.com/instance/disk/write_bytes_count\\\" AND resource.type=\\\"gce_instance\\\"\",\n Duration = \"60s\",\n Comparison = \"COMPARISON_GT\",\n Aggregations = new[]\n {\n new Gcp.Monitoring.Inputs.AlertPolicyConditionConditionThresholdAggregationArgs\n {\n AlignmentPeriod = \"60s\",\n PerSeriesAligner = \"ALIGN_RATE\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/monitoring\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbasic, err := monitoring.LookupNotificationChannel(ctx, \u0026monitoring.LookupNotificationChannelArgs{\n\t\t\tDisplayName: pulumi.StringRef(\"Test Notification Channel\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = monitoring.NewAlertPolicy(ctx, \"alert_policy\", \u0026monitoring.AlertPolicyArgs{\n\t\t\tDisplayName: pulumi.String(\"My Alert Policy\"),\n\t\t\tNotificationChannels: pulumi.StringArray{\n\t\t\t\tpulumi.String(basic.Name),\n\t\t\t},\n\t\t\tCombiner: pulumi.String(\"OR\"),\n\t\t\tConditions: monitoring.AlertPolicyConditionArray{\n\t\t\t\t\u0026monitoring.AlertPolicyConditionArgs{\n\t\t\t\t\tDisplayName: pulumi.String(\"test condition\"),\n\t\t\t\t\tConditionThreshold: \u0026monitoring.AlertPolicyConditionConditionThresholdArgs{\n\t\t\t\t\t\tFilter: pulumi.String(\"metric.type=\\\"compute.googleapis.com/instance/disk/write_bytes_count\\\" AND resource.type=\\\"gce_instance\\\"\"),\n\t\t\t\t\t\tDuration: pulumi.String(\"60s\"),\n\t\t\t\t\t\tComparison: pulumi.String(\"COMPARISON_GT\"),\n\t\t\t\t\t\tAggregations: monitoring.AlertPolicyConditionConditionThresholdAggregationArray{\n\t\t\t\t\t\t\t\u0026monitoring.AlertPolicyConditionConditionThresholdAggregationArgs{\n\t\t\t\t\t\t\t\tAlignmentPeriod: pulumi.String(\"60s\"),\n\t\t\t\t\t\t\t\tPerSeriesAligner: pulumi.String(\"ALIGN_RATE\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.monitoring.MonitoringFunctions;\nimport com.pulumi.gcp.monitoring.inputs.GetNotificationChannelArgs;\nimport com.pulumi.gcp.monitoring.AlertPolicy;\nimport com.pulumi.gcp.monitoring.AlertPolicyArgs;\nimport com.pulumi.gcp.monitoring.inputs.AlertPolicyConditionArgs;\nimport com.pulumi.gcp.monitoring.inputs.AlertPolicyConditionConditionThresholdArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var basic = MonitoringFunctions.getNotificationChannel(GetNotificationChannelArgs.builder()\n .displayName(\"Test Notification Channel\")\n .build());\n\n var alertPolicy = new AlertPolicy(\"alertPolicy\", AlertPolicyArgs.builder()\n .displayName(\"My Alert Policy\")\n .notificationChannels(basic.applyValue(getNotificationChannelResult -\u003e getNotificationChannelResult.name()))\n .combiner(\"OR\")\n .conditions(AlertPolicyConditionArgs.builder()\n .displayName(\"test condition\")\n .conditionThreshold(AlertPolicyConditionConditionThresholdArgs.builder()\n .filter(\"metric.type=\\\"compute.googleapis.com/instance/disk/write_bytes_count\\\" AND resource.type=\\\"gce_instance\\\"\")\n .duration(\"60s\")\n .comparison(\"COMPARISON_GT\")\n .aggregations(AlertPolicyConditionConditionThresholdAggregationArgs.builder()\n .alignmentPeriod(\"60s\")\n .perSeriesAligner(\"ALIGN_RATE\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n alertPolicy:\n type: gcp:monitoring:AlertPolicy\n name: alert_policy\n properties:\n displayName: My Alert Policy\n notificationChannels:\n - ${basic.name}\n combiner: OR\n conditions:\n - displayName: test condition\n conditionThreshold:\n filter: metric.type=\"compute.googleapis.com/instance/disk/write_bytes_count\" AND resource.type=\"gce_instance\"\n duration: 60s\n comparison: COMPARISON_GT\n aggregations:\n - alignmentPeriod: 60s\n perSeriesAligner: ALIGN_RATE\nvariables:\n basic:\n fn::invoke:\n function: gcp:monitoring:getNotificationChannel\n arguments:\n displayName: Test Notification Channel\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getNotificationChannel.\n", "properties": { @@ -297039,7 +297039,7 @@ }, "gcp:monitoring/getSecretVersion:getSecretVersion": { "deprecationMessage": "gcp.monitoring.getSecretVersion has been deprecated in favor of gcp.secretmanager.getSecretVersion", - "description": "Get the value and metadata from a Secret Manager secret version. For more information see the [official documentation](https://cloud.google.com/secret-manager/docs/) and [API](https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.secrets.versions). If you don't need the metadata (i.e., if you want to use a more limited role to access the secret version only), see also the gcp.secretmanager.getSecretVersionAccess datasource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = gcp.secretmanager.getSecretVersion({\n secret: \"my-secret\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic = gcp.secretmanager.get_secret_version(secret=\"my-secret\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = Gcp.SecretManager.GetSecretVersion.Invoke(new()\n {\n Secret = \"my-secret\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.LookupSecretVersion(ctx, \u0026secretmanager.LookupSecretVersionArgs{\n\t\t\tSecret: \"my-secret\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretmanagerFunctions;\nimport com.pulumi.gcp.secretmanager.inputs.GetSecretVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var basic = SecretmanagerFunctions.getSecretVersion(GetSecretVersionArgs.builder()\n .secret(\"my-secret\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n basic:\n fn::invoke:\n Function: gcp:secretmanager:getSecretVersion\n Arguments:\n secret: my-secret\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get the value and metadata from a Secret Manager secret version. For more information see the [official documentation](https://cloud.google.com/secret-manager/docs/) and [API](https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.secrets.versions). If you don't need the metadata (i.e., if you want to use a more limited role to access the secret version only), see also the gcp.secretmanager.getSecretVersionAccess datasource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = gcp.secretmanager.getSecretVersion({\n secret: \"my-secret\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic = gcp.secretmanager.get_secret_version(secret=\"my-secret\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = Gcp.SecretManager.GetSecretVersion.Invoke(new()\n {\n Secret = \"my-secret\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.LookupSecretVersion(ctx, \u0026secretmanager.LookupSecretVersionArgs{\n\t\t\tSecret: \"my-secret\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretmanagerFunctions;\nimport com.pulumi.gcp.secretmanager.inputs.GetSecretVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var basic = SecretmanagerFunctions.getSecretVersion(GetSecretVersionArgs.builder()\n .secret(\"my-secret\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n basic:\n fn::invoke:\n function: gcp:secretmanager:getSecretVersion\n arguments:\n secret: my-secret\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getSecretVersion.\n", "properties": { @@ -297121,7 +297121,7 @@ } }, "gcp:monitoring/getUptimeCheckIPs:getUptimeCheckIPs": { - "description": "Returns the list of IP addresses that checkers run from. For more information see\nthe [official documentation](https://cloud.google.com/monitoring/uptime-checks#get-ips).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst ips = gcp.monitoring.getUptimeCheckIPs({});\nexport const ipList = ips.then(ips =\u003e ips.uptimeCheckIps);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nips = gcp.monitoring.get_uptime_check_i_ps()\npulumi.export(\"ipList\", ips.uptime_check_ips)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ips = Gcp.Monitoring.GetUptimeCheckIPs.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"ipList\"] = ips.Apply(getUptimeCheckIPsResult =\u003e getUptimeCheckIPsResult.UptimeCheckIps),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/monitoring\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tips, err := monitoring.GetUptimeCheckIPs(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"ipList\", ips.UptimeCheckIps)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.monitoring.MonitoringFunctions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var ips = MonitoringFunctions.getUptimeCheckIPs();\n\n ctx.export(\"ipList\", ips.applyValue(getUptimeCheckIPsResult -\u003e getUptimeCheckIPsResult.uptimeCheckIps()));\n }\n}\n```\n```yaml\nvariables:\n ips:\n fn::invoke:\n Function: gcp:monitoring:getUptimeCheckIPs\n Arguments: {}\noutputs:\n ipList: ${ips.uptimeCheckIps}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Returns the list of IP addresses that checkers run from. For more information see\nthe [official documentation](https://cloud.google.com/monitoring/uptime-checks#get-ips).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst ips = gcp.monitoring.getUptimeCheckIPs({});\nexport const ipList = ips.then(ips =\u003e ips.uptimeCheckIps);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nips = gcp.monitoring.get_uptime_check_i_ps()\npulumi.export(\"ipList\", ips.uptime_check_ips)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ips = Gcp.Monitoring.GetUptimeCheckIPs.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"ipList\"] = ips.Apply(getUptimeCheckIPsResult =\u003e getUptimeCheckIPsResult.UptimeCheckIps),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/monitoring\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tips, err := monitoring.GetUptimeCheckIPs(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"ipList\", ips.UptimeCheckIps)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.monitoring.MonitoringFunctions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var ips = MonitoringFunctions.getUptimeCheckIPs();\n\n ctx.export(\"ipList\", ips.applyValue(getUptimeCheckIPsResult -\u003e getUptimeCheckIPsResult.uptimeCheckIps()));\n }\n}\n```\n```yaml\nvariables:\n ips:\n fn::invoke:\n function: gcp:monitoring:getUptimeCheckIPs\n arguments: {}\noutputs:\n ipList: ${ips.uptimeCheckIps}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "outputs": { "description": "A collection of values returned by getUptimeCheckIPs.\n", "properties": { @@ -297207,7 +297207,7 @@ } }, "gcp:notebooks/getInstanceIamPolicy:getInstanceIamPolicy": { - "description": "Retrieves the current IAM policy data for instance\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.notebooks.getInstanceIamPolicy({\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.notebooks.get_instance_iam_policy(project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Notebooks.GetInstanceIamPolicy.Invoke(new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.LookupInstanceIamPolicy(ctx, \u0026notebooks.LookupInstanceIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(instance.Project),\n\t\t\tLocation: pulumi.StringRef(instance.Location),\n\t\t\tInstanceName: instance.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.NotebooksFunctions;\nimport com.pulumi.gcp.notebooks.inputs.GetInstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = NotebooksFunctions.getInstanceIamPolicy(GetInstanceIamPolicyArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:notebooks:getInstanceIamPolicy\n Arguments:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for instance\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.notebooks.getInstanceIamPolicy({\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.notebooks.get_instance_iam_policy(project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Notebooks.GetInstanceIamPolicy.Invoke(new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.LookupInstanceIamPolicy(ctx, \u0026notebooks.LookupInstanceIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(instance.Project),\n\t\t\tLocation: pulumi.StringRef(instance.Location),\n\t\t\tInstanceName: instance.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.NotebooksFunctions;\nimport com.pulumi.gcp.notebooks.inputs.GetInstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = NotebooksFunctions.getInstanceIamPolicy(GetInstanceIamPolicyArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:notebooks:getInstanceIamPolicy\n arguments:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getInstanceIamPolicy.\n", "properties": { @@ -297269,7 +297269,7 @@ } }, "gcp:notebooks/getRuntimeIamPolicy:getRuntimeIamPolicy": { - "description": "Retrieves the current IAM policy data for runtime\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.notebooks.getRuntimeIamPolicy({\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.notebooks.get_runtime_iam_policy(project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Notebooks.GetRuntimeIamPolicy.Invoke(new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.LookupRuntimeIamPolicy(ctx, \u0026notebooks.LookupRuntimeIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(runtime.Project),\n\t\t\tLocation: pulumi.StringRef(runtime.Location),\n\t\t\tRuntimeName: runtime.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.NotebooksFunctions;\nimport com.pulumi.gcp.notebooks.inputs.GetRuntimeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = NotebooksFunctions.getRuntimeIamPolicy(GetRuntimeIamPolicyArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:notebooks:getRuntimeIamPolicy\n Arguments:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for runtime\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.notebooks.getRuntimeIamPolicy({\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.notebooks.get_runtime_iam_policy(project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Notebooks.GetRuntimeIamPolicy.Invoke(new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.LookupRuntimeIamPolicy(ctx, \u0026notebooks.LookupRuntimeIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(runtime.Project),\n\t\t\tLocation: pulumi.StringRef(runtime.Location),\n\t\t\tRuntimeName: runtime.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.NotebooksFunctions;\nimport com.pulumi.gcp.notebooks.inputs.GetRuntimeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = NotebooksFunctions.getRuntimeIamPolicy(GetRuntimeIamPolicyArgs.builder()\n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:notebooks:getRuntimeIamPolicy\n arguments:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getRuntimeIamPolicy.\n", "properties": { @@ -297331,7 +297331,7 @@ } }, "gcp:oracledatabase/getAutonomousDatabase:getAutonomousDatabase": { - "description": "Get information about an AutonomousDatabase.\n\nFor more information see the\n[API](https://cloud.google.com/oracle/database/docs/reference/rest/v1/projects.locations.autonomousDatabases).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-instance = gcp.oracledatabase.getAutonomousDatabase({\n location: \"us-east4\",\n autonomousDatabaseId: \"autonomous_database_id\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_instance = gcp.oracledatabase.get_autonomous_database(location=\"us-east4\",\n autonomous_database_id=\"autonomous_database_id\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_instance = Gcp.OracleDatabase.GetAutonomousDatabase.Invoke(new()\n {\n Location = \"us-east4\",\n AutonomousDatabaseId = \"autonomous_database_id\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/oracledatabase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := oracledatabase.LookupAutonomousDatabase(ctx, \u0026oracledatabase.LookupAutonomousDatabaseArgs{\n\t\t\tLocation: \"us-east4\",\n\t\t\tAutonomousDatabaseId: \"autonomous_database_id\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.oracledatabase.OracledatabaseFunctions;\nimport com.pulumi.gcp.oracledatabase.inputs.GetAutonomousDatabaseArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-instance = OracledatabaseFunctions.getAutonomousDatabase(GetAutonomousDatabaseArgs.builder()\n .location(\"us-east4\")\n .autonomousDatabaseId(\"autonomous_database_id\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-instance:\n fn::invoke:\n Function: gcp:oracledatabase:getAutonomousDatabase\n Arguments:\n location: us-east4\n autonomousDatabaseId: autonomous_database_id\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get information about an AutonomousDatabase.\n\nFor more information see the\n[API](https://cloud.google.com/oracle/database/docs/reference/rest/v1/projects.locations.autonomousDatabases).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-instance = gcp.oracledatabase.getAutonomousDatabase({\n location: \"us-east4\",\n autonomousDatabaseId: \"autonomous_database_id\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_instance = gcp.oracledatabase.get_autonomous_database(location=\"us-east4\",\n autonomous_database_id=\"autonomous_database_id\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_instance = Gcp.OracleDatabase.GetAutonomousDatabase.Invoke(new()\n {\n Location = \"us-east4\",\n AutonomousDatabaseId = \"autonomous_database_id\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/oracledatabase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := oracledatabase.LookupAutonomousDatabase(ctx, \u0026oracledatabase.LookupAutonomousDatabaseArgs{\n\t\t\tLocation: \"us-east4\",\n\t\t\tAutonomousDatabaseId: \"autonomous_database_id\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.oracledatabase.OracledatabaseFunctions;\nimport com.pulumi.gcp.oracledatabase.inputs.GetAutonomousDatabaseArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-instance = OracledatabaseFunctions.getAutonomousDatabase(GetAutonomousDatabaseArgs.builder()\n .location(\"us-east4\")\n .autonomousDatabaseId(\"autonomous_database_id\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-instance:\n fn::invoke:\n function: gcp:oracledatabase:getAutonomousDatabase\n arguments:\n location: us-east4\n autonomousDatabaseId: autonomous_database_id\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getAutonomousDatabase.\n", "properties": { @@ -297442,7 +297442,7 @@ } }, "gcp:oracledatabase/getAutonomousDatabases:getAutonomousDatabases": { - "description": "List all AutonomousDatabases.\n\nFor more information see the\n[API](https://cloud.google.com/oracle/database/docs/reference/rest/v1/projects.locations.autonomousDatabases).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-adbs = gcp.oracledatabase.getAutonomousDatabases({\n location: \"us-east4\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_adbs = gcp.oracledatabase.get_autonomous_databases(location=\"us-east4\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_adbs = Gcp.OracleDatabase.GetAutonomousDatabases.Invoke(new()\n {\n Location = \"us-east4\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/oracledatabase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := oracledatabase.GetAutonomousDatabases(ctx, \u0026oracledatabase.GetAutonomousDatabasesArgs{\n\t\t\tLocation: \"us-east4\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.oracledatabase.OracledatabaseFunctions;\nimport com.pulumi.gcp.oracledatabase.inputs.GetAutonomousDatabasesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-adbs = OracledatabaseFunctions.getAutonomousDatabases(GetAutonomousDatabasesArgs.builder()\n .location(\"us-east4\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-adbs:\n fn::invoke:\n Function: gcp:oracledatabase:getAutonomousDatabases\n Arguments:\n location: us-east4\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "List all AutonomousDatabases.\n\nFor more information see the\n[API](https://cloud.google.com/oracle/database/docs/reference/rest/v1/projects.locations.autonomousDatabases).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-adbs = gcp.oracledatabase.getAutonomousDatabases({\n location: \"us-east4\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_adbs = gcp.oracledatabase.get_autonomous_databases(location=\"us-east4\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_adbs = Gcp.OracleDatabase.GetAutonomousDatabases.Invoke(new()\n {\n Location = \"us-east4\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/oracledatabase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := oracledatabase.GetAutonomousDatabases(ctx, \u0026oracledatabase.GetAutonomousDatabasesArgs{\n\t\t\tLocation: \"us-east4\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.oracledatabase.OracledatabaseFunctions;\nimport com.pulumi.gcp.oracledatabase.inputs.GetAutonomousDatabasesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-adbs = OracledatabaseFunctions.getAutonomousDatabases(GetAutonomousDatabasesArgs.builder()\n .location(\"us-east4\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-adbs:\n fn::invoke:\n function: gcp:oracledatabase:getAutonomousDatabases\n arguments:\n location: us-east4\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getAutonomousDatabases.\n", "properties": { @@ -297489,7 +297489,7 @@ } }, "gcp:oracledatabase/getCloudExadataInfrastructure:getCloudExadataInfrastructure": { - "description": "Get information about an ExadataInfrastructure.\n\nFor more information see the\n[API](https://cloud.google.com/oracle/database/docs/reference/rest/v1/projects.locations.cloudExadataInfrastructures).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-instance = gcp.oracledatabase.getCloudExadataInfrastructure({\n location: \"us-east4\",\n cloudExadataInfrastructureId: \"exadata-id\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_instance = gcp.oracledatabase.get_cloud_exadata_infrastructure(location=\"us-east4\",\n cloud_exadata_infrastructure_id=\"exadata-id\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_instance = Gcp.OracleDatabase.GetCloudExadataInfrastructure.Invoke(new()\n {\n Location = \"us-east4\",\n CloudExadataInfrastructureId = \"exadata-id\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/oracledatabase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := oracledatabase.LookupCloudExadataInfrastructure(ctx, \u0026oracledatabase.LookupCloudExadataInfrastructureArgs{\n\t\t\tLocation: \"us-east4\",\n\t\t\tCloudExadataInfrastructureId: \"exadata-id\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.oracledatabase.OracledatabaseFunctions;\nimport com.pulumi.gcp.oracledatabase.inputs.GetCloudExadataInfrastructureArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-instance = OracledatabaseFunctions.getCloudExadataInfrastructure(GetCloudExadataInfrastructureArgs.builder()\n .location(\"us-east4\")\n .cloudExadataInfrastructureId(\"exadata-id\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-instance:\n fn::invoke:\n Function: gcp:oracledatabase:getCloudExadataInfrastructure\n Arguments:\n location: us-east4\n cloudExadataInfrastructureId: exadata-id\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get information about an ExadataInfrastructure.\n\nFor more information see the\n[API](https://cloud.google.com/oracle/database/docs/reference/rest/v1/projects.locations.cloudExadataInfrastructures).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-instance = gcp.oracledatabase.getCloudExadataInfrastructure({\n location: \"us-east4\",\n cloudExadataInfrastructureId: \"exadata-id\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_instance = gcp.oracledatabase.get_cloud_exadata_infrastructure(location=\"us-east4\",\n cloud_exadata_infrastructure_id=\"exadata-id\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_instance = Gcp.OracleDatabase.GetCloudExadataInfrastructure.Invoke(new()\n {\n Location = \"us-east4\",\n CloudExadataInfrastructureId = \"exadata-id\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/oracledatabase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := oracledatabase.LookupCloudExadataInfrastructure(ctx, \u0026oracledatabase.LookupCloudExadataInfrastructureArgs{\n\t\t\tLocation: \"us-east4\",\n\t\t\tCloudExadataInfrastructureId: \"exadata-id\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.oracledatabase.OracledatabaseFunctions;\nimport com.pulumi.gcp.oracledatabase.inputs.GetCloudExadataInfrastructureArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-instance = OracledatabaseFunctions.getCloudExadataInfrastructure(GetCloudExadataInfrastructureArgs.builder()\n .location(\"us-east4\")\n .cloudExadataInfrastructureId(\"exadata-id\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-instance:\n fn::invoke:\n function: gcp:oracledatabase:getCloudExadataInfrastructure\n arguments:\n location: us-east4\n cloudExadataInfrastructureId: exadata-id\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getCloudExadataInfrastructure.\n", "properties": { @@ -297588,7 +297588,7 @@ } }, "gcp:oracledatabase/getCloudExadataInfrastructures:getCloudExadataInfrastructures": { - "description": "List all ExadataInfrastructures.\n\nFor more information see the\n[API](https://cloud.google.com/oracle/database/docs/reference/rest/v1/projects.locations.cloudExadataInfrastructures).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myExadatas = gcp.oracledatabase.getCloudExadataInfrastructures({\n location: \"us-east4\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_exadatas = gcp.oracledatabase.get_cloud_exadata_infrastructures(location=\"us-east4\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myExadatas = Gcp.OracleDatabase.GetCloudExadataInfrastructures.Invoke(new()\n {\n Location = \"us-east4\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/oracledatabase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := oracledatabase.GetCloudExadataInfrastructures(ctx, \u0026oracledatabase.GetCloudExadataInfrastructuresArgs{\n\t\t\tLocation: \"us-east4\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.oracledatabase.OracledatabaseFunctions;\nimport com.pulumi.gcp.oracledatabase.inputs.GetCloudExadataInfrastructuresArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myExadatas = OracledatabaseFunctions.getCloudExadataInfrastructures(GetCloudExadataInfrastructuresArgs.builder()\n .location(\"us-east4\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myExadatas:\n fn::invoke:\n Function: gcp:oracledatabase:getCloudExadataInfrastructures\n Arguments:\n location: us-east4\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "List all ExadataInfrastructures.\n\nFor more information see the\n[API](https://cloud.google.com/oracle/database/docs/reference/rest/v1/projects.locations.cloudExadataInfrastructures).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myExadatas = gcp.oracledatabase.getCloudExadataInfrastructures({\n location: \"us-east4\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_exadatas = gcp.oracledatabase.get_cloud_exadata_infrastructures(location=\"us-east4\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myExadatas = Gcp.OracleDatabase.GetCloudExadataInfrastructures.Invoke(new()\n {\n Location = \"us-east4\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/oracledatabase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := oracledatabase.GetCloudExadataInfrastructures(ctx, \u0026oracledatabase.GetCloudExadataInfrastructuresArgs{\n\t\t\tLocation: \"us-east4\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.oracledatabase.OracledatabaseFunctions;\nimport com.pulumi.gcp.oracledatabase.inputs.GetCloudExadataInfrastructuresArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myExadatas = OracledatabaseFunctions.getCloudExadataInfrastructures(GetCloudExadataInfrastructuresArgs.builder()\n .location(\"us-east4\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myExadatas:\n fn::invoke:\n function: gcp:oracledatabase:getCloudExadataInfrastructures\n arguments:\n location: us-east4\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getCloudExadataInfrastructures.\n", "properties": { @@ -297635,7 +297635,7 @@ } }, "gcp:oracledatabase/getCloudVmCluster:getCloudVmCluster": { - "description": "Get information about a CloudVmCluster.\n\nFor more information see the\n[API](https://cloud.google.com/oracle/database/docs/reference/rest/v1/projects.locations.cloudVmClusters).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-vmcluster = gcp.oracledatabase.getCloudVmCluster({\n location: \"us-east4\",\n cloudVmClusterId: \"vmcluster-id\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_vmcluster = gcp.oracledatabase.get_cloud_vm_cluster(location=\"us-east4\",\n cloud_vm_cluster_id=\"vmcluster-id\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_vmcluster = Gcp.OracleDatabase.GetCloudVmCluster.Invoke(new()\n {\n Location = \"us-east4\",\n CloudVmClusterId = \"vmcluster-id\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/oracledatabase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := oracledatabase.LookupCloudVmCluster(ctx, \u0026oracledatabase.LookupCloudVmClusterArgs{\n\t\t\tLocation: \"us-east4\",\n\t\t\tCloudVmClusterId: \"vmcluster-id\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.oracledatabase.OracledatabaseFunctions;\nimport com.pulumi.gcp.oracledatabase.inputs.GetCloudVmClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-vmcluster = OracledatabaseFunctions.getCloudVmCluster(GetCloudVmClusterArgs.builder()\n .location(\"us-east4\")\n .cloudVmClusterId(\"vmcluster-id\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-vmcluster:\n fn::invoke:\n Function: gcp:oracledatabase:getCloudVmCluster\n Arguments:\n location: us-east4\n cloudVmClusterId: vmcluster-id\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get information about a CloudVmCluster.\n\nFor more information see the\n[API](https://cloud.google.com/oracle/database/docs/reference/rest/v1/projects.locations.cloudVmClusters).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-vmcluster = gcp.oracledatabase.getCloudVmCluster({\n location: \"us-east4\",\n cloudVmClusterId: \"vmcluster-id\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_vmcluster = gcp.oracledatabase.get_cloud_vm_cluster(location=\"us-east4\",\n cloud_vm_cluster_id=\"vmcluster-id\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_vmcluster = Gcp.OracleDatabase.GetCloudVmCluster.Invoke(new()\n {\n Location = \"us-east4\",\n CloudVmClusterId = \"vmcluster-id\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/oracledatabase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := oracledatabase.LookupCloudVmCluster(ctx, \u0026oracledatabase.LookupCloudVmClusterArgs{\n\t\t\tLocation: \"us-east4\",\n\t\t\tCloudVmClusterId: \"vmcluster-id\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.oracledatabase.OracledatabaseFunctions;\nimport com.pulumi.gcp.oracledatabase.inputs.GetCloudVmClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-vmcluster = OracledatabaseFunctions.getCloudVmCluster(GetCloudVmClusterArgs.builder()\n .location(\"us-east4\")\n .cloudVmClusterId(\"vmcluster-id\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-vmcluster:\n fn::invoke:\n function: gcp:oracledatabase:getCloudVmCluster\n arguments:\n location: us-east4\n cloudVmClusterId: vmcluster-id\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getCloudVmCluster.\n", "properties": { @@ -297746,7 +297746,7 @@ } }, "gcp:oracledatabase/getCloudVmClusters:getCloudVmClusters": { - "description": "List all CloudVmClusters.\n\nFor more information see the\n[API](https://cloud.google.com/oracle/database/docs/reference/rest/v1/projects.locations.cloudVmClusters).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myVmclusters = gcp.oracledatabase.getCloudVmClusters({\n location: \"us-east4\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_vmclusters = gcp.oracledatabase.get_cloud_vm_clusters(location=\"us-east4\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myVmclusters = Gcp.OracleDatabase.GetCloudVmClusters.Invoke(new()\n {\n Location = \"us-east4\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/oracledatabase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := oracledatabase.GetCloudVmClusters(ctx, \u0026oracledatabase.GetCloudVmClustersArgs{\n\t\t\tLocation: \"us-east4\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.oracledatabase.OracledatabaseFunctions;\nimport com.pulumi.gcp.oracledatabase.inputs.GetCloudVmClustersArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myVmclusters = OracledatabaseFunctions.getCloudVmClusters(GetCloudVmClustersArgs.builder()\n .location(\"us-east4\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myVmclusters:\n fn::invoke:\n Function: gcp:oracledatabase:getCloudVmClusters\n Arguments:\n location: us-east4\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "List all CloudVmClusters.\n\nFor more information see the\n[API](https://cloud.google.com/oracle/database/docs/reference/rest/v1/projects.locations.cloudVmClusters).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myVmclusters = gcp.oracledatabase.getCloudVmClusters({\n location: \"us-east4\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_vmclusters = gcp.oracledatabase.get_cloud_vm_clusters(location=\"us-east4\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myVmclusters = Gcp.OracleDatabase.GetCloudVmClusters.Invoke(new()\n {\n Location = \"us-east4\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/oracledatabase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := oracledatabase.GetCloudVmClusters(ctx, \u0026oracledatabase.GetCloudVmClustersArgs{\n\t\t\tLocation: \"us-east4\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.oracledatabase.OracledatabaseFunctions;\nimport com.pulumi.gcp.oracledatabase.inputs.GetCloudVmClustersArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myVmclusters = OracledatabaseFunctions.getCloudVmClusters(GetCloudVmClustersArgs.builder()\n .location(\"us-east4\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myVmclusters:\n fn::invoke:\n function: gcp:oracledatabase:getCloudVmClusters\n arguments:\n location: us-east4\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getCloudVmClusters.\n", "properties": { @@ -297793,7 +297793,7 @@ } }, "gcp:oracledatabase/getDbNodes:getDbNodes": { - "description": "List all DbNodes of a Cloud VmCluster.\n\nFor more information see the\n[API](https://cloud.google.com/oracle/database/docs/reference/rest/v1/projects.locations.cloudVmClusters.dbNodes).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myDbNodes = gcp.oracledatabase.getDbNodes({\n location: \"us-east4\",\n cloudVmCluster: \"vmcluster-id\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_db_nodes = gcp.oracledatabase.get_db_nodes(location=\"us-east4\",\n cloud_vm_cluster=\"vmcluster-id\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myDbNodes = Gcp.OracleDatabase.GetDbNodes.Invoke(new()\n {\n Location = \"us-east4\",\n CloudVmCluster = \"vmcluster-id\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/oracledatabase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := oracledatabase.GetDbNodes(ctx, \u0026oracledatabase.GetDbNodesArgs{\n\t\t\tLocation: \"us-east4\",\n\t\t\tCloudVmCluster: \"vmcluster-id\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.oracledatabase.OracledatabaseFunctions;\nimport com.pulumi.gcp.oracledatabase.inputs.GetDbNodesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myDbNodes = OracledatabaseFunctions.getDbNodes(GetDbNodesArgs.builder()\n .location(\"us-east4\")\n .cloudVmCluster(\"vmcluster-id\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myDbNodes:\n fn::invoke:\n Function: gcp:oracledatabase:getDbNodes\n Arguments:\n location: us-east4\n cloudVmCluster: vmcluster-id\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Attributes reference\n\nThe following attributes are exported:\n\n* `db_nodes` - List of dbNodes. Structure is documented below.\n\n\u003ca name=\"nested_dbnodes\"\u003e\u003c/a\u003e The `db_nodes` block supports:\n\n* `name` - The name of the database node resource in the following format: projects/{project}/locations/{location}/cloudVmClusters/{cloudVmCluster}/dbNodes/{db_node}\n\n* `properties` - Various properties of the database node. Structure is documented below.\n\n\u003ca name=\"nested_properties\"\u003e\u003c/a\u003e The `properties` block supports:\n\n* `ocid`- OCID of database node.\n\n* `ocpu_count` - OCPU count per database node.\n\n* `memory_size_gb` - The allocated memory in GBs on the database node.\n\n* `db_node_storage_size_gb` - The allocated local node storage in GBs on the database node.\n\n* `db_server_ocid` - The OCID of the Database server associated with the database node.\n\n* `hostname` - The host name for the database node.\n\n* `state` - State of the database node.\n\u003ca name=\"nested_states\"\u003e\u003c/a\u003ePossible values for `state` are:\u003cbr\u003e\n`PROVISIONING` - Indicates that the resource is being provisioned.\u003cbr\u003e\n`AVAILABLE` - Indicates that the resource is available.\u003cbr\u003e\n`UPDATING` - Indicates that the resource is being updated.\u003cbr\u003e\n`STOPPING` - Indicates that the resource is being stopped.\u003cbr\u003e\n`STOPPED` - Indicates that the resource is stopped.\u003cbr\u003e\n`STARTING` - Indicates that the resource is being started.\u003cbr\u003e\n`TERMINATING` - Indicates that the resource is being terminated.\u003cbr\u003e\n`TERMINATED` - Indicates that the resource is terminated.\u003cbr\u003e\n`FAILED` - Indicates that the resource has failed.\u003cbr\u003e\n\n* `total_cpu_core_count` - The total number of CPU cores reserved on the database node.\n", + "description": "List all DbNodes of a Cloud VmCluster.\n\nFor more information see the\n[API](https://cloud.google.com/oracle/database/docs/reference/rest/v1/projects.locations.cloudVmClusters.dbNodes).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myDbNodes = gcp.oracledatabase.getDbNodes({\n location: \"us-east4\",\n cloudVmCluster: \"vmcluster-id\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_db_nodes = gcp.oracledatabase.get_db_nodes(location=\"us-east4\",\n cloud_vm_cluster=\"vmcluster-id\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myDbNodes = Gcp.OracleDatabase.GetDbNodes.Invoke(new()\n {\n Location = \"us-east4\",\n CloudVmCluster = \"vmcluster-id\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/oracledatabase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := oracledatabase.GetDbNodes(ctx, \u0026oracledatabase.GetDbNodesArgs{\n\t\t\tLocation: \"us-east4\",\n\t\t\tCloudVmCluster: \"vmcluster-id\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.oracledatabase.OracledatabaseFunctions;\nimport com.pulumi.gcp.oracledatabase.inputs.GetDbNodesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myDbNodes = OracledatabaseFunctions.getDbNodes(GetDbNodesArgs.builder()\n .location(\"us-east4\")\n .cloudVmCluster(\"vmcluster-id\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myDbNodes:\n fn::invoke:\n function: gcp:oracledatabase:getDbNodes\n arguments:\n location: us-east4\n cloudVmCluster: vmcluster-id\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Attributes reference\n\nThe following attributes are exported:\n\n* `db_nodes` - List of dbNodes. Structure is documented below.\n\n\u003ca name=\"nested_dbnodes\"\u003e\u003c/a\u003e The `db_nodes` block supports:\n\n* `name` - The name of the database node resource in the following format: projects/{project}/locations/{location}/cloudVmClusters/{cloudVmCluster}/dbNodes/{db_node}\n\n* `properties` - Various properties of the database node. Structure is documented below.\n\n\u003ca name=\"nested_properties\"\u003e\u003c/a\u003e The `properties` block supports:\n\n* `ocid`- OCID of database node.\n\n* `ocpu_count` - OCPU count per database node.\n\n* `memory_size_gb` - The allocated memory in GBs on the database node.\n\n* `db_node_storage_size_gb` - The allocated local node storage in GBs on the database node.\n\n* `db_server_ocid` - The OCID of the Database server associated with the database node.\n\n* `hostname` - The host name for the database node.\n\n* `state` - State of the database node.\n\u003ca name=\"nested_states\"\u003e\u003c/a\u003ePossible values for `state` are:\u003cbr\u003e\n`PROVISIONING` - Indicates that the resource is being provisioned.\u003cbr\u003e\n`AVAILABLE` - Indicates that the resource is available.\u003cbr\u003e\n`UPDATING` - Indicates that the resource is being updated.\u003cbr\u003e\n`STOPPING` - Indicates that the resource is being stopped.\u003cbr\u003e\n`STOPPED` - Indicates that the resource is stopped.\u003cbr\u003e\n`STARTING` - Indicates that the resource is being started.\u003cbr\u003e\n`TERMINATING` - Indicates that the resource is being terminated.\u003cbr\u003e\n`TERMINATED` - Indicates that the resource is terminated.\u003cbr\u003e\n`FAILED` - Indicates that the resource has failed.\u003cbr\u003e\n\n* `total_cpu_core_count` - The total number of CPU cores reserved on the database node.\n", "inputs": { "description": "A collection of arguments for invoking getDbNodes.\n", "properties": { @@ -297849,7 +297849,7 @@ } }, "gcp:oracledatabase/getDbServers:getDbServers": { - "description": "List all DbServers of a Cloud Exdata Infrastructure.\n\nFor more information see the\n[API](https://cloud.google.com/oracle/database/docs/reference/rest/v1/projects.locations.cloudExadataInfrastructures.dbServers).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myDbServers = gcp.oracledatabase.getDbServers({\n location: \"us-east4\",\n cloudExadataInfrastructure: \"exadata-id\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_db_servers = gcp.oracledatabase.get_db_servers(location=\"us-east4\",\n cloud_exadata_infrastructure=\"exadata-id\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myDbServers = Gcp.OracleDatabase.GetDbServers.Invoke(new()\n {\n Location = \"us-east4\",\n CloudExadataInfrastructure = \"exadata-id\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/oracledatabase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := oracledatabase.GetDbServers(ctx, \u0026oracledatabase.GetDbServersArgs{\n\t\t\tLocation: \"us-east4\",\n\t\t\tCloudExadataInfrastructure: \"exadata-id\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.oracledatabase.OracledatabaseFunctions;\nimport com.pulumi.gcp.oracledatabase.inputs.GetDbServersArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myDbServers = OracledatabaseFunctions.getDbServers(GetDbServersArgs.builder()\n .location(\"us-east4\")\n .cloudExadataInfrastructure(\"exadata-id\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myDbServers:\n fn::invoke:\n Function: gcp:oracledatabase:getDbServers\n Arguments:\n location: us-east4\n cloudExadataInfrastructure: exadata-id\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Attributes reference\n\nThe following attributes are exported:\n\n* `db_servers` - List of dbServers. Structure is documented below.\n\n\u003ca name=\"nested_dbservers\"\u003e\u003c/a\u003e The `db_servers` block supports:\n\n* `display_name` - User friendly name for the resource.\n\n* `properties` - Various properties of the databse server. Structure is documented below.\n\n\u003ca name=\"nested_properties\"\u003e\u003c/a\u003e The `properties` block supports:\n\n* `ocid` - The OCID of database server.\n\n* `ocpu_count` - The OCPU count per database.\n\n* `max_ocpu_count` - The total number of CPU cores available.\n\n* `memory_size_gb` - The allocated memory in gigabytes on the database server.\n\n* `max_memory_size_gb` - The total memory available in gigabytes.\n\n* `db_node_storage_size_gb` - The local storage per VM.\n\n* `max_db_node_storage_size_gb` - The total local node storage available in GBs.\n\n* `vm_count` - The VM count per database.\n\n* `state` - The current state of the database server.\n\u003ca name=\"nested_states\"\u003e\u003c/a\u003eAllowed values for `state` are:\u003cbr\u003e\n`CREATING` - Indicates that the resource is being created.\u003cbr\u003e\n`AVAILABLE` - Indicates that the resource is available.\u003cbr\u003e\n`UNAVAILABLE` - Indicates that the resource is unavailable.\u003cbr\u003e\n`DELETING` - Indicates that the resource is being deleted.\u003cbr\u003e\n`DELETED` - Indicates that the resource has been deleted.\u003cbr\u003e\n\n* `db_node_ids` - The OCID of database nodes associated with the database server.\n", + "description": "List all DbServers of a Cloud Exdata Infrastructure.\n\nFor more information see the\n[API](https://cloud.google.com/oracle/database/docs/reference/rest/v1/projects.locations.cloudExadataInfrastructures.dbServers).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myDbServers = gcp.oracledatabase.getDbServers({\n location: \"us-east4\",\n cloudExadataInfrastructure: \"exadata-id\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_db_servers = gcp.oracledatabase.get_db_servers(location=\"us-east4\",\n cloud_exadata_infrastructure=\"exadata-id\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myDbServers = Gcp.OracleDatabase.GetDbServers.Invoke(new()\n {\n Location = \"us-east4\",\n CloudExadataInfrastructure = \"exadata-id\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/oracledatabase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := oracledatabase.GetDbServers(ctx, \u0026oracledatabase.GetDbServersArgs{\n\t\t\tLocation: \"us-east4\",\n\t\t\tCloudExadataInfrastructure: \"exadata-id\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.oracledatabase.OracledatabaseFunctions;\nimport com.pulumi.gcp.oracledatabase.inputs.GetDbServersArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myDbServers = OracledatabaseFunctions.getDbServers(GetDbServersArgs.builder()\n .location(\"us-east4\")\n .cloudExadataInfrastructure(\"exadata-id\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myDbServers:\n fn::invoke:\n function: gcp:oracledatabase:getDbServers\n arguments:\n location: us-east4\n cloudExadataInfrastructure: exadata-id\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Attributes reference\n\nThe following attributes are exported:\n\n* `db_servers` - List of dbServers. Structure is documented below.\n\n\u003ca name=\"nested_dbservers\"\u003e\u003c/a\u003e The `db_servers` block supports:\n\n* `display_name` - User friendly name for the resource.\n\n* `properties` - Various properties of the databse server. Structure is documented below.\n\n\u003ca name=\"nested_properties\"\u003e\u003c/a\u003e The `properties` block supports:\n\n* `ocid` - The OCID of database server.\n\n* `ocpu_count` - The OCPU count per database.\n\n* `max_ocpu_count` - The total number of CPU cores available.\n\n* `memory_size_gb` - The allocated memory in gigabytes on the database server.\n\n* `max_memory_size_gb` - The total memory available in gigabytes.\n\n* `db_node_storage_size_gb` - The local storage per VM.\n\n* `max_db_node_storage_size_gb` - The total local node storage available in GBs.\n\n* `vm_count` - The VM count per database.\n\n* `state` - The current state of the database server.\n\u003ca name=\"nested_states\"\u003e\u003c/a\u003eAllowed values for `state` are:\u003cbr\u003e\n`CREATING` - Indicates that the resource is being created.\u003cbr\u003e\n`AVAILABLE` - Indicates that the resource is available.\u003cbr\u003e\n`UNAVAILABLE` - Indicates that the resource is unavailable.\u003cbr\u003e\n`DELETING` - Indicates that the resource is being deleted.\u003cbr\u003e\n`DELETED` - Indicates that the resource has been deleted.\u003cbr\u003e\n\n* `db_node_ids` - The OCID of database nodes associated with the database server.\n", "inputs": { "description": "A collection of arguments for invoking getDbServers.\n", "properties": { @@ -297905,7 +297905,7 @@ } }, "gcp:organizations/getActiveFolder:getActiveFolder": { - "description": "Get an active folder within GCP by `display_name` and `parent`.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst department1 = gcp.organizations.getActiveFolder({\n displayName: \"Department 1\",\n parent: \"organizations/1234567\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndepartment1 = gcp.organizations.get_active_folder(display_name=\"Department 1\",\n parent=\"organizations/1234567\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var department1 = Gcp.Organizations.GetActiveFolder.Invoke(new()\n {\n DisplayName = \"Department 1\",\n Parent = \"organizations/1234567\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.GetActiveFolder(ctx, \u0026organizations.GetActiveFolderArgs{\n\t\t\tDisplayName: \"Department 1\",\n\t\t\tParent: \"organizations/1234567\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetActiveFolderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var department1 = OrganizationsFunctions.getActiveFolder(GetActiveFolderArgs.builder()\n .displayName(\"Department 1\")\n .parent(\"organizations/1234567\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n department1:\n fn::invoke:\n Function: gcp:organizations:getActiveFolder\n Arguments:\n displayName: Department 1\n parent: organizations/1234567\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get an active folder within GCP by `display_name` and `parent`.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst department1 = gcp.organizations.getActiveFolder({\n displayName: \"Department 1\",\n parent: \"organizations/1234567\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndepartment1 = gcp.organizations.get_active_folder(display_name=\"Department 1\",\n parent=\"organizations/1234567\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var department1 = Gcp.Organizations.GetActiveFolder.Invoke(new()\n {\n DisplayName = \"Department 1\",\n Parent = \"organizations/1234567\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.GetActiveFolder(ctx, \u0026organizations.GetActiveFolderArgs{\n\t\t\tDisplayName: \"Department 1\",\n\t\t\tParent: \"organizations/1234567\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetActiveFolderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var department1 = OrganizationsFunctions.getActiveFolder(GetActiveFolderArgs.builder()\n .displayName(\"Department 1\")\n .parent(\"organizations/1234567\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n department1:\n fn::invoke:\n function: gcp:organizations:getActiveFolder\n arguments:\n displayName: Department 1\n parent: organizations/1234567\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getActiveFolder.\n", "properties": { @@ -297959,7 +297959,7 @@ } }, "gcp:organizations/getBillingAccount:getBillingAccount": { - "description": "Use this data source to get information about a Google Billing Account.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst acct = gcp.organizations.getBillingAccount({\n displayName: \"My Billing Account\",\n open: true,\n});\nconst myProject = new gcp.organizations.Project(\"my_project\", {\n name: \"My Project\",\n projectId: \"your-project-id\",\n orgId: \"1234567\",\n billingAccount: acct.then(acct =\u003e acct.id),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nacct = gcp.organizations.get_billing_account(display_name=\"My Billing Account\",\n open=True)\nmy_project = gcp.organizations.Project(\"my_project\",\n name=\"My Project\",\n project_id=\"your-project-id\",\n org_id=\"1234567\",\n billing_account=acct.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var acct = Gcp.Organizations.GetBillingAccount.Invoke(new()\n {\n DisplayName = \"My Billing Account\",\n Open = true,\n });\n\n var myProject = new Gcp.Organizations.Project(\"my_project\", new()\n {\n Name = \"My Project\",\n ProjectId = \"your-project-id\",\n OrgId = \"1234567\",\n BillingAccount = acct.Apply(getBillingAccountResult =\u003e getBillingAccountResult.Id),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tacct, err := organizations.GetBillingAccount(ctx, \u0026organizations.GetBillingAccountArgs{\n\t\t\tDisplayName: pulumi.StringRef(\"My Billing Account\"),\n\t\t\tOpen: pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.NewProject(ctx, \"my_project\", \u0026organizations.ProjectArgs{\n\t\t\tName: pulumi.String(\"My Project\"),\n\t\t\tProjectId: pulumi.String(\"your-project-id\"),\n\t\t\tOrgId: pulumi.String(\"1234567\"),\n\t\t\tBillingAccount: pulumi.String(acct.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetBillingAccountArgs;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var acct = OrganizationsFunctions.getBillingAccount(GetBillingAccountArgs.builder()\n .displayName(\"My Billing Account\")\n .open(true)\n .build());\n\n var myProject = new Project(\"myProject\", ProjectArgs.builder()\n .name(\"My Project\")\n .projectId(\"your-project-id\")\n .orgId(\"1234567\")\n .billingAccount(acct.applyValue(getBillingAccountResult -\u003e getBillingAccountResult.id()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myProject:\n type: gcp:organizations:Project\n name: my_project\n properties:\n name: My Project\n projectId: your-project-id\n orgId: '1234567'\n billingAccount: ${acct.id}\nvariables:\n acct:\n fn::invoke:\n Function: gcp:organizations:getBillingAccount\n Arguments:\n displayName: My Billing Account\n open: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get information about a Google Billing Account.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst acct = gcp.organizations.getBillingAccount({\n displayName: \"My Billing Account\",\n open: true,\n});\nconst myProject = new gcp.organizations.Project(\"my_project\", {\n name: \"My Project\",\n projectId: \"your-project-id\",\n orgId: \"1234567\",\n billingAccount: acct.then(acct =\u003e acct.id),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nacct = gcp.organizations.get_billing_account(display_name=\"My Billing Account\",\n open=True)\nmy_project = gcp.organizations.Project(\"my_project\",\n name=\"My Project\",\n project_id=\"your-project-id\",\n org_id=\"1234567\",\n billing_account=acct.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var acct = Gcp.Organizations.GetBillingAccount.Invoke(new()\n {\n DisplayName = \"My Billing Account\",\n Open = true,\n });\n\n var myProject = new Gcp.Organizations.Project(\"my_project\", new()\n {\n Name = \"My Project\",\n ProjectId = \"your-project-id\",\n OrgId = \"1234567\",\n BillingAccount = acct.Apply(getBillingAccountResult =\u003e getBillingAccountResult.Id),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tacct, err := organizations.GetBillingAccount(ctx, \u0026organizations.GetBillingAccountArgs{\n\t\t\tDisplayName: pulumi.StringRef(\"My Billing Account\"),\n\t\t\tOpen: pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.NewProject(ctx, \"my_project\", \u0026organizations.ProjectArgs{\n\t\t\tName: pulumi.String(\"My Project\"),\n\t\t\tProjectId: pulumi.String(\"your-project-id\"),\n\t\t\tOrgId: pulumi.String(\"1234567\"),\n\t\t\tBillingAccount: pulumi.String(acct.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetBillingAccountArgs;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var acct = OrganizationsFunctions.getBillingAccount(GetBillingAccountArgs.builder()\n .displayName(\"My Billing Account\")\n .open(true)\n .build());\n\n var myProject = new Project(\"myProject\", ProjectArgs.builder()\n .name(\"My Project\")\n .projectId(\"your-project-id\")\n .orgId(\"1234567\")\n .billingAccount(acct.applyValue(getBillingAccountResult -\u003e getBillingAccountResult.id()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myProject:\n type: gcp:organizations:Project\n name: my_project\n properties:\n name: My Project\n projectId: your-project-id\n orgId: '1234567'\n billingAccount: ${acct.id}\nvariables:\n acct:\n fn::invoke:\n function: gcp:organizations:getBillingAccount\n arguments:\n displayName: My Billing Account\n open: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getBillingAccount.\n", "properties": { @@ -298024,7 +298024,7 @@ } }, "gcp:organizations/getClientConfig:getClientConfig": { - "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nexport const project = current.then(current =\u003e current.project);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\npulumi.export(\"project\", current.project)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"project\"] = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"project\", current.Project)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n ctx.export(\"project\", current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()));\n }\n}\n```\n```yaml\nvariables:\n current:\n fn::invoke:\n Function: gcp:organizations:getClientConfig\n Arguments: {}\noutputs:\n project: ${current.project}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Configure Kubernetes Provider With OAuth2 Access Token\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = OrganizationsFunctions.getClientConfig();\n\n final var myCluster = ContainerFunctions.getCluster(GetClusterArgs.builder()\n .name(\"my-cluster\")\n .zone(\"us-east1-a\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n default:\n fn::invoke:\n Function: gcp:organizations:getClientConfig\n Arguments: {}\n myCluster:\n fn::invoke:\n Function: gcp:container:getCluster\n Arguments:\n name: my-cluster\n zone: us-east1-a\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst current = gcp.organizations.getClientConfig({});\nexport const project = current.then(current =\u003e current.project);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncurrent = gcp.organizations.get_client_config()\npulumi.export(\"project\", current.project)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Gcp.Organizations.GetClientConfig.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"project\"] = current.Apply(getClientConfigResult =\u003e getClientConfigResult.Project),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"project\", current.Project)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getClientConfig();\n\n ctx.export(\"project\", current.applyValue(getClientConfigResult -\u003e getClientConfigResult.project()));\n }\n}\n```\n```yaml\nvariables:\n current:\n fn::invoke:\n function: gcp:organizations:getClientConfig\n arguments: {}\noutputs:\n project: ${current.project}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Configure Kubernetes Provider With OAuth2 Access Token\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.container.ContainerFunctions;\nimport com.pulumi.gcp.container.inputs.GetClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = OrganizationsFunctions.getClientConfig();\n\n final var myCluster = ContainerFunctions.getCluster(GetClusterArgs.builder()\n .name(\"my-cluster\")\n .zone(\"us-east1-a\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n default:\n fn::invoke:\n function: gcp:organizations:getClientConfig\n arguments: {}\n myCluster:\n fn::invoke:\n function: gcp:container:getCluster\n arguments:\n name: my-cluster\n zone: us-east1-a\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "outputs": { "description": "A collection of values returned by getClientConfig.\n", "properties": { @@ -298068,7 +298068,7 @@ } }, "gcp:organizations/getClientOpenIdUserInfo:getClientOpenIdUserInfo": { - "description": "Get OpenID userinfo about the credentials used with the Google provider,\nspecifically the email.\n\nThis datasource enables you to export the email of the account you've\nauthenticated the provider with; this can be used alongside\n`data.google_client_config`'s `access_token` to perform OpenID Connect\nauthentication with GKE and configure an RBAC role for the email used.\n\n\u003e This resource will only work as expected if the provider is configured to\nuse the `https://www.googleapis.com/auth/userinfo.email` scope! You will\nreceive an error otherwise. The provider uses this scope by default.\n\n## Example Usage\n\n### Exporting An Email\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nexport = async () =\u003e {\n const me = await gcp.organizations.getClientOpenIdUserInfo({});\n return {\n \"my-email\": me.email,\n };\n}\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nme = gcp.organizations.get_client_open_id_user_info()\npulumi.export(\"my-email\", me.email)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var me = Gcp.Organizations.GetClientOpenIdUserInfo.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"my-email\"] = me.Apply(getClientOpenIdUserInfoResult =\u003e getClientOpenIdUserInfoResult.Email),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tme, err := organizations.GetClientOpenIdUserInfo(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"my-email\", me.Email)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var me = OrganizationsFunctions.getClientOpenIdUserInfo();\n\n ctx.export(\"my-email\", me.applyValue(getClientOpenIdUserInfoResult -\u003e getClientOpenIdUserInfoResult.email()));\n }\n}\n```\n```yaml\nvariables:\n me:\n fn::invoke:\n Function: gcp:organizations:getClientOpenIdUserInfo\n Arguments: {}\noutputs:\n my-email: ${me.email}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### OpenID Connect W/ Kubernetes Provider + RBAC IAM Role\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```yaml\nresources:\n user:\n type: kubernetes:rbac.authorization.k8s.io/v1:ClusterRoleBinding\n properties:\n metadata:\n name: provider-user-admin\n roleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: cluster-admin\n subject:\n - kind: User\n name: ${providerIdentity.email}\nvariables:\n providerIdentity:\n fn::invoke:\n Function: gcp:organizations:getClientOpenIdUserInfo\n Arguments: {}\n provider:\n fn::invoke:\n Function: gcp:organizations:getClientConfig\n Arguments: {}\n myCluster:\n fn::invoke:\n Function: gcp:container:getCluster\n Arguments:\n name: my-cluster\n zone: us-east1-a\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get OpenID userinfo about the credentials used with the Google provider,\nspecifically the email.\n\nThis datasource enables you to export the email of the account you've\nauthenticated the provider with; this can be used alongside\n`data.google_client_config`'s `access_token` to perform OpenID Connect\nauthentication with GKE and configure an RBAC role for the email used.\n\n\u003e This resource will only work as expected if the provider is configured to\nuse the `https://www.googleapis.com/auth/userinfo.email` scope! You will\nreceive an error otherwise. The provider uses this scope by default.\n\n## Example Usage\n\n### Exporting An Email\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nexport = async () =\u003e {\n const me = await gcp.organizations.getClientOpenIdUserInfo({});\n return {\n \"my-email\": me.email,\n };\n}\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nme = gcp.organizations.get_client_open_id_user_info()\npulumi.export(\"my-email\", me.email)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var me = Gcp.Organizations.GetClientOpenIdUserInfo.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"my-email\"] = me.Apply(getClientOpenIdUserInfoResult =\u003e getClientOpenIdUserInfoResult.Email),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tme, err := organizations.GetClientOpenIdUserInfo(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"my-email\", me.Email)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var me = OrganizationsFunctions.getClientOpenIdUserInfo();\n\n ctx.export(\"my-email\", me.applyValue(getClientOpenIdUserInfoResult -\u003e getClientOpenIdUserInfoResult.email()));\n }\n}\n```\n```yaml\nvariables:\n me:\n fn::invoke:\n function: gcp:organizations:getClientOpenIdUserInfo\n arguments: {}\noutputs:\n my-email: ${me.email}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### OpenID Connect W/ Kubernetes Provider + RBAC IAM Role\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```yaml\nresources:\n user:\n type: kubernetes:rbac.authorization.k8s.io/v1:ClusterRoleBinding\n properties:\n metadata:\n name: provider-user-admin\n roleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: cluster-admin\n subject:\n - kind: User\n name: ${providerIdentity.email}\nvariables:\n providerIdentity:\n fn::invoke:\n function: gcp:organizations:getClientOpenIdUserInfo\n arguments: {}\n provider:\n fn::invoke:\n function: gcp:organizations:getClientConfig\n arguments: {}\n myCluster:\n fn::invoke:\n function: gcp:container:getCluster\n arguments:\n name: my-cluster\n zone: us-east1-a\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "outputs": { "description": "A collection of values returned by getClientOpenIdUserInfo.\n", "properties": { @@ -298088,7 +298088,7 @@ } }, "gcp:organizations/getFolder:getFolder": { - "description": "Use this data source to get information about a Google Cloud Folder.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myFolder1 = gcp.organizations.getFolder({\n folder: \"folders/12345\",\n lookupOrganization: true,\n});\nconst myFolder2 = gcp.organizations.getFolder({\n folder: \"folders/23456\",\n});\nexport const myFolder1Organization = myFolder1.then(myFolder1 =\u003e myFolder1.organization);\nexport const myFolder2Parent = myFolder2.then(myFolder2 =\u003e myFolder2.parent);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_folder1 = gcp.organizations.get_folder(folder=\"folders/12345\",\n lookup_organization=True)\nmy_folder2 = gcp.organizations.get_folder(folder=\"folders/23456\")\npulumi.export(\"myFolder1Organization\", my_folder1.organization)\npulumi.export(\"myFolder2Parent\", my_folder2.parent)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myFolder1 = Gcp.Organizations.GetFolder.Invoke(new()\n {\n Folder = \"folders/12345\",\n LookupOrganization = true,\n });\n\n var myFolder2 = Gcp.Organizations.GetFolder.Invoke(new()\n {\n Folder = \"folders/23456\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"myFolder1Organization\"] = myFolder1.Apply(getFolderResult =\u003e getFolderResult.Organization),\n [\"myFolder2Parent\"] = myFolder2.Apply(getFolderResult =\u003e getFolderResult.Parent),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyFolder1, err := organizations.LookupFolder(ctx, \u0026organizations.LookupFolderArgs{\n\t\t\tFolder: \"folders/12345\",\n\t\t\tLookupOrganization: pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyFolder2, err := organizations.LookupFolder(ctx, \u0026organizations.LookupFolderArgs{\n\t\t\tFolder: \"folders/23456\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"myFolder1Organization\", myFolder1.Organization)\n\t\tctx.Export(\"myFolder2Parent\", myFolder2.Parent)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetFolderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myFolder1 = OrganizationsFunctions.getFolder(GetFolderArgs.builder()\n .folder(\"folders/12345\")\n .lookupOrganization(true)\n .build());\n\n final var myFolder2 = OrganizationsFunctions.getFolder(GetFolderArgs.builder()\n .folder(\"folders/23456\")\n .build());\n\n ctx.export(\"myFolder1Organization\", myFolder1.applyValue(getFolderResult -\u003e getFolderResult.organization()));\n ctx.export(\"myFolder2Parent\", myFolder2.applyValue(getFolderResult -\u003e getFolderResult.parent()));\n }\n}\n```\n```yaml\nvariables:\n myFolder1:\n fn::invoke:\n Function: gcp:organizations:getFolder\n Arguments:\n folder: folders/12345\n lookupOrganization: true\n myFolder2:\n fn::invoke:\n Function: gcp:organizations:getFolder\n Arguments:\n folder: folders/23456\noutputs:\n myFolder1Organization: ${myFolder1.organization}\n myFolder2Parent: ${myFolder2.parent}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get information about a Google Cloud Folder.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myFolder1 = gcp.organizations.getFolder({\n folder: \"folders/12345\",\n lookupOrganization: true,\n});\nconst myFolder2 = gcp.organizations.getFolder({\n folder: \"folders/23456\",\n});\nexport const myFolder1Organization = myFolder1.then(myFolder1 =\u003e myFolder1.organization);\nexport const myFolder2Parent = myFolder2.then(myFolder2 =\u003e myFolder2.parent);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_folder1 = gcp.organizations.get_folder(folder=\"folders/12345\",\n lookup_organization=True)\nmy_folder2 = gcp.organizations.get_folder(folder=\"folders/23456\")\npulumi.export(\"myFolder1Organization\", my_folder1.organization)\npulumi.export(\"myFolder2Parent\", my_folder2.parent)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myFolder1 = Gcp.Organizations.GetFolder.Invoke(new()\n {\n Folder = \"folders/12345\",\n LookupOrganization = true,\n });\n\n var myFolder2 = Gcp.Organizations.GetFolder.Invoke(new()\n {\n Folder = \"folders/23456\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"myFolder1Organization\"] = myFolder1.Apply(getFolderResult =\u003e getFolderResult.Organization),\n [\"myFolder2Parent\"] = myFolder2.Apply(getFolderResult =\u003e getFolderResult.Parent),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyFolder1, err := organizations.LookupFolder(ctx, \u0026organizations.LookupFolderArgs{\n\t\t\tFolder: \"folders/12345\",\n\t\t\tLookupOrganization: pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyFolder2, err := organizations.LookupFolder(ctx, \u0026organizations.LookupFolderArgs{\n\t\t\tFolder: \"folders/23456\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"myFolder1Organization\", myFolder1.Organization)\n\t\tctx.Export(\"myFolder2Parent\", myFolder2.Parent)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetFolderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myFolder1 = OrganizationsFunctions.getFolder(GetFolderArgs.builder()\n .folder(\"folders/12345\")\n .lookupOrganization(true)\n .build());\n\n final var myFolder2 = OrganizationsFunctions.getFolder(GetFolderArgs.builder()\n .folder(\"folders/23456\")\n .build());\n\n ctx.export(\"myFolder1Organization\", myFolder1.applyValue(getFolderResult -\u003e getFolderResult.organization()));\n ctx.export(\"myFolder2Parent\", myFolder2.applyValue(getFolderResult -\u003e getFolderResult.parent()));\n }\n}\n```\n```yaml\nvariables:\n myFolder1:\n fn::invoke:\n function: gcp:organizations:getFolder\n arguments:\n folder: folders/12345\n lookupOrganization: true\n myFolder2:\n fn::invoke:\n function: gcp:organizations:getFolder\n arguments:\n folder: folders/23456\noutputs:\n myFolder1Organization: ${myFolder1.organization}\n myFolder2Parent: ${myFolder2.parent}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getFolder.\n", "properties": { @@ -298166,7 +298166,7 @@ } }, "gcp:organizations/getFolders:getFolders": { - "description": "Retrieve information about a set of folders based on a parent ID. See the\n[REST API](https://cloud.google.com/resource-manager/reference/rest/v3/folders/list)\nfor more details.\n\n## Example Usage\n\n### Searching For Folders At The Root Of An Org\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-org-folders = gcp.organizations.getFolders({\n parentId: `organizations/${organizationId}`,\n});\nconst first-folder = my_org_folders.then(my_org_folders =\u003e gcp.organizations.getFolder({\n folder: my_org_folders.folders?.[0]?.name,\n}));\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_org_folders = gcp.organizations.get_folders(parent_id=f\"organizations/{organization_id}\")\nfirst_folder = gcp.organizations.get_folder(folder=my_org_folders.folders[0].name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_org_folders = Gcp.Organizations.GetFolders.Invoke(new()\n {\n ParentId = $\"organizations/{organizationId}\",\n });\n\n var first_folder = Gcp.Organizations.GetFolder.Invoke(new()\n {\n Folder = my_org_folders.Apply(getFoldersResult =\u003e getFoldersResult.Folders[0]?.Name),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmy_org_folders, err := organizations.GetFolders(ctx, \u0026organizations.GetFoldersArgs{\n\t\t\tParentId: fmt.Sprintf(\"organizations/%v\", organizationId),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupFolder(ctx, \u0026organizations.LookupFolderArgs{\n\t\t\tFolder: my_org_folders.Folders[0].Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetFoldersArgs;\nimport com.pulumi.gcp.organizations.inputs.GetFolderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-org-folders = OrganizationsFunctions.getFolders(GetFoldersArgs.builder()\n .parentId(String.format(\"organizations/%s\", organizationId))\n .build());\n\n final var first-folder = OrganizationsFunctions.getFolder(GetFolderArgs.builder()\n .folder(my_org_folders.folders()[0].name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-org-folders:\n fn::invoke:\n Function: gcp:organizations:getFolders\n Arguments:\n parentId: organizations/${organizationId}\n first-folder:\n fn::invoke:\n Function: gcp:organizations:getFolder\n Arguments:\n folder: ${[\"my-org-folders\"].folders[0].name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieve information about a set of folders based on a parent ID. See the\n[REST API](https://cloud.google.com/resource-manager/reference/rest/v3/folders/list)\nfor more details.\n\n## Example Usage\n\n### Searching For Folders At The Root Of An Org\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-org-folders = gcp.organizations.getFolders({\n parentId: `organizations/${organizationId}`,\n});\nconst first-folder = my_org_folders.then(my_org_folders =\u003e gcp.organizations.getFolder({\n folder: my_org_folders.folders?.[0]?.name,\n}));\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_org_folders = gcp.organizations.get_folders(parent_id=f\"organizations/{organization_id}\")\nfirst_folder = gcp.organizations.get_folder(folder=my_org_folders.folders[0].name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_org_folders = Gcp.Organizations.GetFolders.Invoke(new()\n {\n ParentId = $\"organizations/{organizationId}\",\n });\n\n var first_folder = Gcp.Organizations.GetFolder.Invoke(new()\n {\n Folder = my_org_folders.Apply(getFoldersResult =\u003e getFoldersResult.Folders[0]?.Name),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmy_org_folders, err := organizations.GetFolders(ctx, \u0026organizations.GetFoldersArgs{\n\t\t\tParentId: fmt.Sprintf(\"organizations/%v\", organizationId),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupFolder(ctx, \u0026organizations.LookupFolderArgs{\n\t\t\tFolder: my_org_folders.Folders[0].Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetFoldersArgs;\nimport com.pulumi.gcp.organizations.inputs.GetFolderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-org-folders = OrganizationsFunctions.getFolders(GetFoldersArgs.builder()\n .parentId(String.format(\"organizations/%s\", organizationId))\n .build());\n\n final var first-folder = OrganizationsFunctions.getFolder(GetFolderArgs.builder()\n .folder(my_org_folders.folders()[0].name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-org-folders:\n fn::invoke:\n function: gcp:organizations:getFolders\n arguments:\n parentId: organizations/${organizationId}\n first-folder:\n fn::invoke:\n function: gcp:organizations:getFolder\n arguments:\n folder: ${[\"my-org-folders\"].folders[0].name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getFolders.\n", "properties": { @@ -298260,7 +298260,7 @@ } }, "gcp:organizations/getOrganization:getOrganization": { - "description": "Get information about a Google Cloud Organization. Note that you must have the `roles/resourcemanager.organizationViewer` role (or equivalent permissions) at the organization level to use this datasource.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst org = gcp.organizations.getOrganization({\n domain: \"example.com\",\n});\nconst sales = new gcp.organizations.Folder(\"sales\", {\n displayName: \"Sales\",\n parent: org.then(org =\u003e org.name),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norg = gcp.organizations.get_organization(domain=\"example.com\")\nsales = gcp.organizations.Folder(\"sales\",\n display_name=\"Sales\",\n parent=org.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var org = Gcp.Organizations.GetOrganization.Invoke(new()\n {\n Domain = \"example.com\",\n });\n\n var sales = new Gcp.Organizations.Folder(\"sales\", new()\n {\n DisplayName = \"Sales\",\n Parent = org.Apply(getOrganizationResult =\u003e getOrganizationResult.Name),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\torg, err := organizations.GetOrganization(ctx, \u0026organizations.GetOrganizationArgs{\n\t\t\tDomain: pulumi.StringRef(\"example.com\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.NewFolder(ctx, \"sales\", \u0026organizations.FolderArgs{\n\t\t\tDisplayName: pulumi.String(\"Sales\"),\n\t\t\tParent: pulumi.String(org.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetOrganizationArgs;\nimport com.pulumi.gcp.organizations.Folder;\nimport com.pulumi.gcp.organizations.FolderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var org = OrganizationsFunctions.getOrganization(GetOrganizationArgs.builder()\n .domain(\"example.com\")\n .build());\n\n var sales = new Folder(\"sales\", FolderArgs.builder()\n .displayName(\"Sales\")\n .parent(org.applyValue(getOrganizationResult -\u003e getOrganizationResult.name()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sales:\n type: gcp:organizations:Folder\n properties:\n displayName: Sales\n parent: ${org.name}\nvariables:\n org:\n fn::invoke:\n Function: gcp:organizations:getOrganization\n Arguments:\n domain: example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get information about a Google Cloud Organization. Note that you must have the `roles/resourcemanager.organizationViewer` role (or equivalent permissions) at the organization level to use this datasource.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst org = gcp.organizations.getOrganization({\n domain: \"example.com\",\n});\nconst sales = new gcp.organizations.Folder(\"sales\", {\n displayName: \"Sales\",\n parent: org.then(org =\u003e org.name),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norg = gcp.organizations.get_organization(domain=\"example.com\")\nsales = gcp.organizations.Folder(\"sales\",\n display_name=\"Sales\",\n parent=org.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var org = Gcp.Organizations.GetOrganization.Invoke(new()\n {\n Domain = \"example.com\",\n });\n\n var sales = new Gcp.Organizations.Folder(\"sales\", new()\n {\n DisplayName = \"Sales\",\n Parent = org.Apply(getOrganizationResult =\u003e getOrganizationResult.Name),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\torg, err := organizations.GetOrganization(ctx, \u0026organizations.GetOrganizationArgs{\n\t\t\tDomain: pulumi.StringRef(\"example.com\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.NewFolder(ctx, \"sales\", \u0026organizations.FolderArgs{\n\t\t\tDisplayName: pulumi.String(\"Sales\"),\n\t\t\tParent: pulumi.String(org.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetOrganizationArgs;\nimport com.pulumi.gcp.organizations.Folder;\nimport com.pulumi.gcp.organizations.FolderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var org = OrganizationsFunctions.getOrganization(GetOrganizationArgs.builder()\n .domain(\"example.com\")\n .build());\n\n var sales = new Folder(\"sales\", FolderArgs.builder()\n .displayName(\"Sales\")\n .parent(org.applyValue(getOrganizationResult -\u003e getOrganizationResult.name()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sales:\n type: gcp:organizations:Folder\n properties:\n displayName: Sales\n parent: ${org.name}\nvariables:\n org:\n fn::invoke:\n function: gcp:organizations:getOrganization\n arguments:\n domain: example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getOrganization.\n", "properties": { @@ -298322,7 +298322,7 @@ } }, "gcp:organizations/getProject:getProject": { - "description": "Use this data source to get project details.\nFor more information see\n[API](https://cloud.google.com/resource-manager/reference/rest/v1/projects#Project)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nexport const projectNumber = project.then(project =\u003e project.number);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\npulumi.export(\"projectNumber\", project.number)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"projectNumber\"] = project.Apply(getProjectResult =\u003e getProjectResult.Number),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"projectNumber\", project.Number)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n ctx.export(\"projectNumber\", project.applyValue(getProjectResult -\u003e getProjectResult.number()));\n }\n}\n```\n```yaml\nvariables:\n project:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\noutputs:\n projectNumber: ${project.number}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get project details.\nFor more information see\n[API](https://cloud.google.com/resource-manager/reference/rest/v1/projects#Project)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nexport const projectNumber = project.then(project =\u003e project.number);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\npulumi.export(\"projectNumber\", project.number)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"projectNumber\"] = project.Apply(getProjectResult =\u003e getProjectResult.Number),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"projectNumber\", project.Number)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n ctx.export(\"projectNumber\", project.applyValue(getProjectResult -\u003e getProjectResult.number()));\n }\n}\n```\n```yaml\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\noutputs:\n projectNumber: ${project.number}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getProject.\n", "properties": { @@ -298410,7 +298410,7 @@ } }, "gcp:privilegedaccessmanager/getEntitlement:getEntitlement": { - "description": "Use this data source to get information about a Google Cloud Privileged Access Manager Entitlement.\n\nTo get more information about Privileged Access Manager, see:\n\n* [API Documentation](https://cloud.google.com/iam/docs/reference/pam/rest)\n* How-to guides\n * [Official documentation](https://cloud.google.com/iam/docs/pam-overview)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-entitlement = gcp.privilegedaccessmanager.getEntitlement({\n parent: \"projects/my-project\",\n location: \"global\",\n entitlementId: \"my-entitlement\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_entitlement = gcp.privilegedaccessmanager.get_entitlement(parent=\"projects/my-project\",\n location=\"global\",\n entitlement_id=\"my-entitlement\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_entitlement = Gcp.PrivilegedAccessManager.GetEntitlement.Invoke(new()\n {\n Parent = \"projects/my-project\",\n Location = \"global\",\n EntitlementId = \"my-entitlement\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/privilegedaccessmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := privilegedaccessmanager.LookupEntitlement(ctx, \u0026privilegedaccessmanager.LookupEntitlementArgs{\n\t\t\tParent: pulumi.StringRef(\"projects/my-project\"),\n\t\t\tLocation: pulumi.StringRef(\"global\"),\n\t\t\tEntitlementId: pulumi.StringRef(\"my-entitlement\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.privilegedaccessmanager.PrivilegedaccessmanagerFunctions;\nimport com.pulumi.gcp.privilegedaccessmanager.inputs.GetEntitlementArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-entitlement = PrivilegedaccessmanagerFunctions.getEntitlement(GetEntitlementArgs.builder()\n .parent(\"projects/my-project\")\n .location(\"global\")\n .entitlementId(\"my-entitlement\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-entitlement:\n fn::invoke:\n Function: gcp:privilegedaccessmanager:getEntitlement\n Arguments:\n parent: projects/my-project\n location: global\n entitlementId: my-entitlement\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get information about a Google Cloud Privileged Access Manager Entitlement.\n\nTo get more information about Privileged Access Manager, see:\n\n* [API Documentation](https://cloud.google.com/iam/docs/reference/pam/rest)\n* How-to guides\n * [Official documentation](https://cloud.google.com/iam/docs/pam-overview)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-entitlement = gcp.privilegedaccessmanager.getEntitlement({\n parent: \"projects/my-project\",\n location: \"global\",\n entitlementId: \"my-entitlement\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_entitlement = gcp.privilegedaccessmanager.get_entitlement(parent=\"projects/my-project\",\n location=\"global\",\n entitlement_id=\"my-entitlement\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_entitlement = Gcp.PrivilegedAccessManager.GetEntitlement.Invoke(new()\n {\n Parent = \"projects/my-project\",\n Location = \"global\",\n EntitlementId = \"my-entitlement\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/privilegedaccessmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := privilegedaccessmanager.LookupEntitlement(ctx, \u0026privilegedaccessmanager.LookupEntitlementArgs{\n\t\t\tParent: pulumi.StringRef(\"projects/my-project\"),\n\t\t\tLocation: pulumi.StringRef(\"global\"),\n\t\t\tEntitlementId: pulumi.StringRef(\"my-entitlement\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.privilegedaccessmanager.PrivilegedaccessmanagerFunctions;\nimport com.pulumi.gcp.privilegedaccessmanager.inputs.GetEntitlementArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-entitlement = PrivilegedaccessmanagerFunctions.getEntitlement(GetEntitlementArgs.builder()\n .parent(\"projects/my-project\")\n .location(\"global\")\n .entitlementId(\"my-entitlement\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-entitlement:\n fn::invoke:\n function: gcp:privilegedaccessmanager:getEntitlement\n arguments:\n parent: projects/my-project\n location: global\n entitlementId: my-entitlement\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getEntitlement.\n", "properties": { @@ -298512,7 +298512,7 @@ } }, "gcp:projects/getIamPolicy:getIamPolicy": { - "description": "Retrieves the current IAM policy data for a project.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.projects.getIamPolicy({\n project: \"myproject\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.projects.get_iam_policy(project=\"myproject\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Projects.GetIamPolicy.Invoke(new()\n {\n Project = \"myproject\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.GetIamPolicy(ctx, \u0026projects.GetIamPolicyArgs{\n\t\t\tProject: \"myproject\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.ProjectsFunctions;\nimport com.pulumi.gcp.projects.inputs.GetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = ProjectsFunctions.getIamPolicy(GetIamPolicyArgs.builder()\n .project(\"myproject\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:projects:getIamPolicy\n Arguments:\n project: myproject\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for a project.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.projects.getIamPolicy({\n project: \"myproject\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.projects.get_iam_policy(project=\"myproject\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Projects.GetIamPolicy.Invoke(new()\n {\n Project = \"myproject\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.GetIamPolicy(ctx, \u0026projects.GetIamPolicyArgs{\n\t\t\tProject: \"myproject\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.ProjectsFunctions;\nimport com.pulumi.gcp.projects.inputs.GetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = ProjectsFunctions.getIamPolicy(GetIamPolicyArgs.builder()\n .project(\"myproject\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:projects:getIamPolicy\n arguments:\n project: myproject\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getIamPolicy.\n", "properties": { @@ -298556,7 +298556,7 @@ } }, "gcp:projects/getOrganizationPolicy:getOrganizationPolicy": { - "description": "Allows management of Organization policies for a Google Project. For more information see\n[the official\ndocumentation](https://cloud.google.com/resource-manager/docs/organization-policy/overview)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.projects.getOrganizationPolicy({\n project: \"project-id\",\n constraint: \"constraints/serviceuser.services\",\n});\nexport const version = policy.then(policy =\u003e policy.version);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.projects.get_organization_policy(project=\"project-id\",\n constraint=\"constraints/serviceuser.services\")\npulumi.export(\"version\", policy.version)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Projects.GetOrganizationPolicy.Invoke(new()\n {\n Project = \"project-id\",\n Constraint = \"constraints/serviceuser.services\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"version\"] = policy.Apply(getOrganizationPolicyResult =\u003e getOrganizationPolicyResult.Version),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpolicy, err := projects.LookupOrganizationPolicy(ctx, \u0026projects.LookupOrganizationPolicyArgs{\n\t\t\tProject: \"project-id\",\n\t\t\tConstraint: \"constraints/serviceuser.services\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"version\", policy.Version)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.ProjectsFunctions;\nimport com.pulumi.gcp.projects.inputs.GetOrganizationPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = ProjectsFunctions.getOrganizationPolicy(GetOrganizationPolicyArgs.builder()\n .project(\"project-id\")\n .constraint(\"constraints/serviceuser.services\")\n .build());\n\n ctx.export(\"version\", policy.applyValue(getOrganizationPolicyResult -\u003e getOrganizationPolicyResult.version()));\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:projects:getOrganizationPolicy\n Arguments:\n project: project-id\n constraint: constraints/serviceuser.services\noutputs:\n version: ${policy.version}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Allows management of Organization policies for a Google Project. For more information see\n[the official\ndocumentation](https://cloud.google.com/resource-manager/docs/organization-policy/overview)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.projects.getOrganizationPolicy({\n project: \"project-id\",\n constraint: \"constraints/serviceuser.services\",\n});\nexport const version = policy.then(policy =\u003e policy.version);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.projects.get_organization_policy(project=\"project-id\",\n constraint=\"constraints/serviceuser.services\")\npulumi.export(\"version\", policy.version)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Projects.GetOrganizationPolicy.Invoke(new()\n {\n Project = \"project-id\",\n Constraint = \"constraints/serviceuser.services\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"version\"] = policy.Apply(getOrganizationPolicyResult =\u003e getOrganizationPolicyResult.Version),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpolicy, err := projects.LookupOrganizationPolicy(ctx, \u0026projects.LookupOrganizationPolicyArgs{\n\t\t\tProject: \"project-id\",\n\t\t\tConstraint: \"constraints/serviceuser.services\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"version\", policy.Version)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.ProjectsFunctions;\nimport com.pulumi.gcp.projects.inputs.GetOrganizationPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = ProjectsFunctions.getOrganizationPolicy(GetOrganizationPolicyArgs.builder()\n .project(\"project-id\")\n .constraint(\"constraints/serviceuser.services\")\n .build());\n\n ctx.export(\"version\", policy.applyValue(getOrganizationPolicyResult -\u003e getOrganizationPolicyResult.version()));\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:projects:getOrganizationPolicy\n arguments:\n project: project-id\n constraint: constraints/serviceuser.services\noutputs:\n version: ${policy.version}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getOrganizationPolicy.\n", "properties": { @@ -298631,7 +298631,7 @@ } }, "gcp:projects/getProject:getProject": { - "description": "Retrieve information about a set of projects based on a filter. See the\n[REST API](https://cloud.google.com/resource-manager/reference/rest/v1/projects/list)\nfor more details.\n\n## Example Usage\n\n### Searching For Projects About To Be Deleted In An Org\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-org-projects = gcp.projects.getProject({\n filter: \"parent.id:012345678910 lifecycleState:DELETE_REQUESTED\",\n});\nconst deletion-candidate = my_org_projects.then(my_org_projects =\u003e gcp.organizations.getProject({\n projectId: my_org_projects.projects?.[0]?.projectId,\n}));\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_org_projects = gcp.projects.get_project(filter=\"parent.id:012345678910 lifecycleState:DELETE_REQUESTED\")\ndeletion_candidate = gcp.organizations.get_project(project_id=my_org_projects.projects[0].project_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_org_projects = Gcp.Projects.GetProject.Invoke(new()\n {\n Filter = \"parent.id:012345678910 lifecycleState:DELETE_REQUESTED\",\n });\n\n var deletion_candidate = Gcp.Organizations.GetProject.Invoke(new()\n {\n ProjectId = my_org_projects.Apply(getProjectResult =\u003e getProjectResult.Projects[0]?.ProjectId),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmy_org_projects, err := projects.GetProject(ctx, \u0026projects.GetProjectArgs{\n\t\t\tFilter: \"parent.id:012345678910 lifecycleState:DELETE_REQUESTED\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{\n\t\t\tProjectId: pulumi.StringRef(my_org_projects.Projects[0].ProjectId),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.ProjectsFunctions;\nimport com.pulumi.gcp.projects.inputs.GetProjectArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-org-projects = ProjectsFunctions.getProject(GetProjectArgs.builder()\n .filter(\"parent.id:012345678910 lifecycleState:DELETE_REQUESTED\")\n .build());\n\n final var deletion-candidate = OrganizationsFunctions.getProject(GetProjectArgs.builder()\n .projectId(my_org_projects.projects()[0].projectId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-org-projects:\n fn::invoke:\n Function: gcp:projects:getProject\n Arguments:\n filter: parent.id:012345678910 lifecycleState:DELETE_REQUESTED\n deletion-candidate:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments:\n projectId: ${[\"my-org-projects\"].projects[0].projectId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieve information about a set of projects based on a filter. See the\n[REST API](https://cloud.google.com/resource-manager/reference/rest/v1/projects/list)\nfor more details.\n\n## Example Usage\n\n### Searching For Projects About To Be Deleted In An Org\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-org-projects = gcp.projects.getProject({\n filter: \"parent.id:012345678910 lifecycleState:DELETE_REQUESTED\",\n});\nconst deletion-candidate = my_org_projects.then(my_org_projects =\u003e gcp.organizations.getProject({\n projectId: my_org_projects.projects?.[0]?.projectId,\n}));\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_org_projects = gcp.projects.get_project(filter=\"parent.id:012345678910 lifecycleState:DELETE_REQUESTED\")\ndeletion_candidate = gcp.organizations.get_project(project_id=my_org_projects.projects[0].project_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_org_projects = Gcp.Projects.GetProject.Invoke(new()\n {\n Filter = \"parent.id:012345678910 lifecycleState:DELETE_REQUESTED\",\n });\n\n var deletion_candidate = Gcp.Organizations.GetProject.Invoke(new()\n {\n ProjectId = my_org_projects.Apply(getProjectResult =\u003e getProjectResult.Projects[0]?.ProjectId),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmy_org_projects, err := projects.GetProject(ctx, \u0026projects.GetProjectArgs{\n\t\t\tFilter: \"parent.id:012345678910 lifecycleState:DELETE_REQUESTED\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{\n\t\t\tProjectId: pulumi.StringRef(my_org_projects.Projects[0].ProjectId),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.ProjectsFunctions;\nimport com.pulumi.gcp.projects.inputs.GetProjectArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-org-projects = ProjectsFunctions.getProject(GetProjectArgs.builder()\n .filter(\"parent.id:012345678910 lifecycleState:DELETE_REQUESTED\")\n .build());\n\n final var deletion-candidate = OrganizationsFunctions.getProject(GetProjectArgs.builder()\n .projectId(my_org_projects.projects()[0].projectId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-org-projects:\n fn::invoke:\n function: gcp:projects:getProject\n arguments:\n filter: parent.id:012345678910 lifecycleState:DELETE_REQUESTED\n deletion-candidate:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments:\n projectId: ${[\"my-org-projects\"].projects[0].projectId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getProject.\n", "properties": { @@ -298672,7 +298672,7 @@ } }, "gcp:projects/getProjectService:getProjectService": { - "description": "Verify the API service for the Google Cloud Platform project to see if it is enabled or not.\n\nFor a list of services available, visit the [API library page](https://console.cloud.google.com/apis/library)\nor run `gcloud services list --available`.\n\nThis datasource requires the [Service Usage API](https://console.cloud.google.com/apis/library/serviceusage.googleapis.com)\nto use.\n\n\nTo get more information about `gcp.projects.Service`, see:\n\n* [API documentation](https://cloud.google.com/service-usage/docs/reference/rest/v1/services)\n* How-to Guides\n * [Enabling and Disabling Services](https://cloud.google.com/service-usage/docs/enable-disable)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-project-service = gcp.projects.getProjectService({\n service: \"my-project-service\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_project_service = gcp.projects.get_project_service(service=\"my-project-service\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_project_service = Gcp.Projects.GetProjectService.Invoke(new()\n {\n Service = \"my-project-service\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.GetProjectService(ctx, \u0026projects.GetProjectServiceArgs{\n\t\t\tService: \"my-project-service\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.ProjectsFunctions;\nimport com.pulumi.gcp.projects.inputs.GetProjectServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-project-service = ProjectsFunctions.getProjectService(GetProjectServiceArgs.builder()\n .service(\"my-project-service\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-project-service:\n fn::invoke:\n Function: gcp:projects:getProjectService\n Arguments:\n service: my-project-service\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Verify the API service for the Google Cloud Platform project to see if it is enabled or not.\n\nFor a list of services available, visit the [API library page](https://console.cloud.google.com/apis/library)\nor run `gcloud services list --available`.\n\nThis datasource requires the [Service Usage API](https://console.cloud.google.com/apis/library/serviceusage.googleapis.com)\nto use.\n\n\nTo get more information about `gcp.projects.Service`, see:\n\n* [API documentation](https://cloud.google.com/service-usage/docs/reference/rest/v1/services)\n* How-to Guides\n * [Enabling and Disabling Services](https://cloud.google.com/service-usage/docs/enable-disable)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-project-service = gcp.projects.getProjectService({\n service: \"my-project-service\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_project_service = gcp.projects.get_project_service(service=\"my-project-service\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_project_service = Gcp.Projects.GetProjectService.Invoke(new()\n {\n Service = \"my-project-service\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.GetProjectService(ctx, \u0026projects.GetProjectServiceArgs{\n\t\t\tService: \"my-project-service\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.ProjectsFunctions;\nimport com.pulumi.gcp.projects.inputs.GetProjectServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-project-service = ProjectsFunctions.getProjectService(GetProjectServiceArgs.builder()\n .service(\"my-project-service\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-project-service:\n fn::invoke:\n function: gcp:projects:getProjectService\n arguments:\n service: my-project-service\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getProjectService.\n", "properties": { @@ -298724,7 +298724,7 @@ } }, "gcp:pubsub/getSchemaIamPolicy:getSchemaIamPolicy": { - "description": "Retrieves the current IAM policy data for schema\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.pubsub.getSchemaIamPolicy({\n project: example.project,\n schema: example.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.pubsub.get_schema_iam_policy(project=example[\"project\"],\n schema=example[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.PubSub.GetSchemaIamPolicy.Invoke(new()\n {\n Project = example.Project,\n Schema = example.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.LookupSchemaIamPolicy(ctx, \u0026pubsub.LookupSchemaIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(example.Project),\n\t\t\tSchema: example.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.PubsubFunctions;\nimport com.pulumi.gcp.pubsub.inputs.GetSchemaIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = PubsubFunctions.getSchemaIamPolicy(GetSchemaIamPolicyArgs.builder()\n .project(example.project())\n .schema(example.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:pubsub:getSchemaIamPolicy\n Arguments:\n project: ${example.project}\n schema: ${example.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for schema\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.pubsub.getSchemaIamPolicy({\n project: example.project,\n schema: example.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.pubsub.get_schema_iam_policy(project=example[\"project\"],\n schema=example[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.PubSub.GetSchemaIamPolicy.Invoke(new()\n {\n Project = example.Project,\n Schema = example.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.LookupSchemaIamPolicy(ctx, \u0026pubsub.LookupSchemaIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(example.Project),\n\t\t\tSchema: example.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.PubsubFunctions;\nimport com.pulumi.gcp.pubsub.inputs.GetSchemaIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = PubsubFunctions.getSchemaIamPolicy(GetSchemaIamPolicyArgs.builder()\n .project(example.project())\n .schema(example.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:pubsub:getSchemaIamPolicy\n arguments:\n project: ${example.project}\n schema: ${example.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getSchemaIamPolicy.\n", "properties": { @@ -298777,7 +298777,7 @@ } }, "gcp:pubsub/getSubscription:getSubscription": { - "description": "Get information about a Google Cloud Pub/Sub Subscription. For more information see\nthe [official documentation](https://cloud.google.com/pubsub/docs/)\nand [API](https://cloud.google.com/pubsub/docs/apis).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-pubsub-subscription = gcp.pubsub.getSubscription({\n name: \"my-pubsub-subscription\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_pubsub_subscription = gcp.pubsub.get_subscription(name=\"my-pubsub-subscription\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_pubsub_subscription = Gcp.PubSub.GetSubscription.Invoke(new()\n {\n Name = \"my-pubsub-subscription\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.LookupSubscription(ctx, \u0026pubsub.LookupSubscriptionArgs{\n\t\t\tName: \"my-pubsub-subscription\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.PubsubFunctions;\nimport com.pulumi.gcp.pubsub.inputs.GetSubscriptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-pubsub-subscription = PubsubFunctions.getSubscription(GetSubscriptionArgs.builder()\n .name(\"my-pubsub-subscription\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-pubsub-subscription:\n fn::invoke:\n Function: gcp:pubsub:getSubscription\n Arguments:\n name: my-pubsub-subscription\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get information about a Google Cloud Pub/Sub Subscription. For more information see\nthe [official documentation](https://cloud.google.com/pubsub/docs/)\nand [API](https://cloud.google.com/pubsub/docs/apis).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-pubsub-subscription = gcp.pubsub.getSubscription({\n name: \"my-pubsub-subscription\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_pubsub_subscription = gcp.pubsub.get_subscription(name=\"my-pubsub-subscription\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_pubsub_subscription = Gcp.PubSub.GetSubscription.Invoke(new()\n {\n Name = \"my-pubsub-subscription\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.LookupSubscription(ctx, \u0026pubsub.LookupSubscriptionArgs{\n\t\t\tName: \"my-pubsub-subscription\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.PubsubFunctions;\nimport com.pulumi.gcp.pubsub.inputs.GetSubscriptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-pubsub-subscription = PubsubFunctions.getSubscription(GetSubscriptionArgs.builder()\n .name(\"my-pubsub-subscription\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-pubsub-subscription:\n fn::invoke:\n function: gcp:pubsub:getSubscription\n arguments:\n name: my-pubsub-subscription\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getSubscription.\n", "properties": { @@ -298910,7 +298910,7 @@ } }, "gcp:pubsub/getSubscriptionIamPolicy:getSubscriptionIamPolicy": { - "description": "Retrieves the current IAM policy data for a Pubsub subscription.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.pubsub.getSubscriptionIamPolicy({\n subscription: subscription.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.pubsub.get_subscription_iam_policy(subscription=subscription[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.PubSub.GetSubscriptionIamPolicy.Invoke(new()\n {\n Subscription = subscription.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.GetSubscriptionIamPolicy(ctx, \u0026pubsub.GetSubscriptionIamPolicyArgs{\n\t\t\tSubscription: subscription.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.PubsubFunctions;\nimport com.pulumi.gcp.pubsub.inputs.GetSubscriptionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = PubsubFunctions.getSubscriptionIamPolicy(GetSubscriptionIamPolicyArgs.builder()\n .subscription(subscription.id())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:pubsub:getSubscriptionIamPolicy\n Arguments:\n subscription: ${subscription.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for a Pubsub subscription.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.pubsub.getSubscriptionIamPolicy({\n subscription: subscription.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.pubsub.get_subscription_iam_policy(subscription=subscription[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.PubSub.GetSubscriptionIamPolicy.Invoke(new()\n {\n Subscription = subscription.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.GetSubscriptionIamPolicy(ctx, \u0026pubsub.GetSubscriptionIamPolicyArgs{\n\t\t\tSubscription: subscription.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.PubsubFunctions;\nimport com.pulumi.gcp.pubsub.inputs.GetSubscriptionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = PubsubFunctions.getSubscriptionIamPolicy(GetSubscriptionIamPolicyArgs.builder()\n .subscription(subscription.id())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:pubsub:getSubscriptionIamPolicy\n arguments:\n subscription: ${subscription.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getSubscriptionIamPolicy.\n", "properties": { @@ -298963,7 +298963,7 @@ } }, "gcp:pubsub/getTopic:getTopic": { - "description": "Get information about a Google Cloud Pub/Sub Topic. For more information see\nthe [official documentation](https://cloud.google.com/pubsub/docs/)\nand [API](https://cloud.google.com/pubsub/docs/apis).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-pubsub-topic = gcp.pubsub.getTopic({\n name: \"my-pubsub-topic\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_pubsub_topic = gcp.pubsub.get_topic(name=\"my-pubsub-topic\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_pubsub_topic = Gcp.PubSub.GetTopic.Invoke(new()\n {\n Name = \"my-pubsub-topic\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.LookupTopic(ctx, \u0026pubsub.LookupTopicArgs{\n\t\t\tName: \"my-pubsub-topic\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.PubsubFunctions;\nimport com.pulumi.gcp.pubsub.inputs.GetTopicArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-pubsub-topic = PubsubFunctions.getTopic(GetTopicArgs.builder()\n .name(\"my-pubsub-topic\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-pubsub-topic:\n fn::invoke:\n Function: gcp:pubsub:getTopic\n Arguments:\n name: my-pubsub-topic\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get information about a Google Cloud Pub/Sub Topic. For more information see\nthe [official documentation](https://cloud.google.com/pubsub/docs/)\nand [API](https://cloud.google.com/pubsub/docs/apis).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-pubsub-topic = gcp.pubsub.getTopic({\n name: \"my-pubsub-topic\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_pubsub_topic = gcp.pubsub.get_topic(name=\"my-pubsub-topic\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_pubsub_topic = Gcp.PubSub.GetTopic.Invoke(new()\n {\n Name = \"my-pubsub-topic\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.LookupTopic(ctx, \u0026pubsub.LookupTopicArgs{\n\t\t\tName: \"my-pubsub-topic\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.PubsubFunctions;\nimport com.pulumi.gcp.pubsub.inputs.GetTopicArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-pubsub-topic = PubsubFunctions.getTopic(GetTopicArgs.builder()\n .name(\"my-pubsub-topic\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-pubsub-topic:\n fn::invoke:\n function: gcp:pubsub:getTopic\n arguments:\n name: my-pubsub-topic\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getTopic.\n", "properties": { @@ -299055,7 +299055,7 @@ } }, "gcp:pubsub/getTopicIamPolicy:getTopicIamPolicy": { - "description": "Retrieves the current IAM policy data for topic\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.pubsub.getTopicIamPolicy({\n project: example.project,\n topic: example.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.pubsub.get_topic_iam_policy(project=example[\"project\"],\n topic=example[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.PubSub.GetTopicIamPolicy.Invoke(new()\n {\n Project = example.Project,\n Topic = example.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.GetTopicIamPolicy(ctx, \u0026pubsub.GetTopicIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(example.Project),\n\t\t\tTopic: example.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.PubsubFunctions;\nimport com.pulumi.gcp.pubsub.inputs.GetTopicIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = PubsubFunctions.getTopicIamPolicy(GetTopicIamPolicyArgs.builder()\n .project(example.project())\n .topic(example.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:pubsub:getTopicIamPolicy\n Arguments:\n project: ${example.project}\n topic: ${example.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for topic\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.pubsub.getTopicIamPolicy({\n project: example.project,\n topic: example.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.pubsub.get_topic_iam_policy(project=example[\"project\"],\n topic=example[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.PubSub.GetTopicIamPolicy.Invoke(new()\n {\n Project = example.Project,\n Topic = example.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.GetTopicIamPolicy(ctx, \u0026pubsub.GetTopicIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(example.Project),\n\t\t\tTopic: example.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.PubsubFunctions;\nimport com.pulumi.gcp.pubsub.inputs.GetTopicIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = PubsubFunctions.getTopicIamPolicy(GetTopicIamPolicyArgs.builder()\n .project(example.project())\n .topic(example.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:pubsub:getTopicIamPolicy\n arguments:\n project: ${example.project}\n topic: ${example.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getTopicIamPolicy.\n", "properties": { @@ -299108,7 +299108,7 @@ } }, "gcp:redis/getInstance:getInstance": { - "description": "Get info about a Google Cloud Redis instance.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myInstance = gcp.redis.getInstance({\n name: \"my-redis-instance\",\n});\nexport const instanceMemorySizeGb = myInstance.then(myInstance =\u003e myInstance.memorySizeGb);\nexport const instanceConnectMode = myInstance.then(myInstance =\u003e myInstance.connectMode);\nexport const instanceAuthorizedNetwork = myInstance.then(myInstance =\u003e myInstance.authorizedNetwork);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_instance = gcp.redis.get_instance(name=\"my-redis-instance\")\npulumi.export(\"instanceMemorySizeGb\", my_instance.memory_size_gb)\npulumi.export(\"instanceConnectMode\", my_instance.connect_mode)\npulumi.export(\"instanceAuthorizedNetwork\", my_instance.authorized_network)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myInstance = Gcp.Redis.GetInstance.Invoke(new()\n {\n Name = \"my-redis-instance\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"instanceMemorySizeGb\"] = myInstance.Apply(getInstanceResult =\u003e getInstanceResult.MemorySizeGb),\n [\"instanceConnectMode\"] = myInstance.Apply(getInstanceResult =\u003e getInstanceResult.ConnectMode),\n [\"instanceAuthorizedNetwork\"] = myInstance.Apply(getInstanceResult =\u003e getInstanceResult.AuthorizedNetwork),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/redis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyInstance, err := redis.LookupInstance(ctx, \u0026redis.LookupInstanceArgs{\n\t\t\tName: \"my-redis-instance\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"instanceMemorySizeGb\", myInstance.MemorySizeGb)\n\t\tctx.Export(\"instanceConnectMode\", myInstance.ConnectMode)\n\t\tctx.Export(\"instanceAuthorizedNetwork\", myInstance.AuthorizedNetwork)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.redis.RedisFunctions;\nimport com.pulumi.gcp.redis.inputs.GetInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myInstance = RedisFunctions.getInstance(GetInstanceArgs.builder()\n .name(\"my-redis-instance\")\n .build());\n\n ctx.export(\"instanceMemorySizeGb\", myInstance.applyValue(getInstanceResult -\u003e getInstanceResult.memorySizeGb()));\n ctx.export(\"instanceConnectMode\", myInstance.applyValue(getInstanceResult -\u003e getInstanceResult.connectMode()));\n ctx.export(\"instanceAuthorizedNetwork\", myInstance.applyValue(getInstanceResult -\u003e getInstanceResult.authorizedNetwork()));\n }\n}\n```\n```yaml\nvariables:\n myInstance:\n fn::invoke:\n Function: gcp:redis:getInstance\n Arguments:\n name: my-redis-instance\noutputs:\n instanceMemorySizeGb: ${myInstance.memorySizeGb}\n instanceConnectMode: ${myInstance.connectMode}\n instanceAuthorizedNetwork: ${myInstance.authorizedNetwork}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get info about a Google Cloud Redis instance.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myInstance = gcp.redis.getInstance({\n name: \"my-redis-instance\",\n});\nexport const instanceMemorySizeGb = myInstance.then(myInstance =\u003e myInstance.memorySizeGb);\nexport const instanceConnectMode = myInstance.then(myInstance =\u003e myInstance.connectMode);\nexport const instanceAuthorizedNetwork = myInstance.then(myInstance =\u003e myInstance.authorizedNetwork);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_instance = gcp.redis.get_instance(name=\"my-redis-instance\")\npulumi.export(\"instanceMemorySizeGb\", my_instance.memory_size_gb)\npulumi.export(\"instanceConnectMode\", my_instance.connect_mode)\npulumi.export(\"instanceAuthorizedNetwork\", my_instance.authorized_network)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myInstance = Gcp.Redis.GetInstance.Invoke(new()\n {\n Name = \"my-redis-instance\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"instanceMemorySizeGb\"] = myInstance.Apply(getInstanceResult =\u003e getInstanceResult.MemorySizeGb),\n [\"instanceConnectMode\"] = myInstance.Apply(getInstanceResult =\u003e getInstanceResult.ConnectMode),\n [\"instanceAuthorizedNetwork\"] = myInstance.Apply(getInstanceResult =\u003e getInstanceResult.AuthorizedNetwork),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/redis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyInstance, err := redis.LookupInstance(ctx, \u0026redis.LookupInstanceArgs{\n\t\t\tName: \"my-redis-instance\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"instanceMemorySizeGb\", myInstance.MemorySizeGb)\n\t\tctx.Export(\"instanceConnectMode\", myInstance.ConnectMode)\n\t\tctx.Export(\"instanceAuthorizedNetwork\", myInstance.AuthorizedNetwork)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.redis.RedisFunctions;\nimport com.pulumi.gcp.redis.inputs.GetInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myInstance = RedisFunctions.getInstance(GetInstanceArgs.builder()\n .name(\"my-redis-instance\")\n .build());\n\n ctx.export(\"instanceMemorySizeGb\", myInstance.applyValue(getInstanceResult -\u003e getInstanceResult.memorySizeGb()));\n ctx.export(\"instanceConnectMode\", myInstance.applyValue(getInstanceResult -\u003e getInstanceResult.connectMode()));\n ctx.export(\"instanceAuthorizedNetwork\", myInstance.applyValue(getInstanceResult -\u003e getInstanceResult.authorizedNetwork()));\n }\n}\n```\n```yaml\nvariables:\n myInstance:\n fn::invoke:\n function: gcp:redis:getInstance\n arguments:\n name: my-redis-instance\noutputs:\n instanceMemorySizeGb: ${myInstance.memorySizeGb}\n instanceConnectMode: ${myInstance.connectMode}\n instanceAuthorizedNetwork: ${myInstance.authorizedNetwork}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getInstance.\n", "properties": { @@ -299316,7 +299316,7 @@ } }, "gcp:runtimeconfig/getConfig:getConfig": { - "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst run-service = gcp.runtimeconfig.getConfig({\n name: \"my-service\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nrun_service = gcp.runtimeconfig.get_config(name=\"my-service\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var run_service = Gcp.RuntimeConfig.GetConfig.Invoke(new()\n {\n Name = \"my-service\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/runtimeconfig\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := runtimeconfig.LookupConfig(ctx, \u0026runtimeconfig.LookupConfigArgs{\n\t\t\tName: \"my-service\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.runtimeconfig.RuntimeconfigFunctions;\nimport com.pulumi.gcp.runtimeconfig.inputs.GetConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var run-service = RuntimeconfigFunctions.getConfig(GetConfigArgs.builder()\n .name(\"my-service\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n run-service:\n fn::invoke:\n Function: gcp:runtimeconfig:getConfig\n Arguments:\n name: my-service\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst run-service = gcp.runtimeconfig.getConfig({\n name: \"my-service\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nrun_service = gcp.runtimeconfig.get_config(name=\"my-service\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var run_service = Gcp.RuntimeConfig.GetConfig.Invoke(new()\n {\n Name = \"my-service\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/runtimeconfig\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := runtimeconfig.LookupConfig(ctx, \u0026runtimeconfig.LookupConfigArgs{\n\t\t\tName: \"my-service\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.runtimeconfig.RuntimeconfigFunctions;\nimport com.pulumi.gcp.runtimeconfig.inputs.GetConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var run-service = RuntimeconfigFunctions.getConfig(GetConfigArgs.builder()\n .name(\"my-service\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n run-service:\n fn::invoke:\n function: gcp:runtimeconfig:getConfig\n arguments:\n name: my-service\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getConfig.\n", "properties": { @@ -299412,7 +299412,7 @@ } }, "gcp:runtimeconfig/getVariable:getVariable": { - "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst run-service = gcp.runtimeconfig.getVariable({\n parent: \"my-service\",\n name: \"prod-variables/hostname\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nrun_service = gcp.runtimeconfig.get_variable(parent=\"my-service\",\n name=\"prod-variables/hostname\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var run_service = Gcp.RuntimeConfig.GetVariable.Invoke(new()\n {\n Parent = \"my-service\",\n Name = \"prod-variables/hostname\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/runtimeconfig\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := runtimeconfig.LookupVariable(ctx, \u0026runtimeconfig.LookupVariableArgs{\n\t\t\tParent: \"my-service\",\n\t\t\tName: \"prod-variables/hostname\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.runtimeconfig.RuntimeconfigFunctions;\nimport com.pulumi.gcp.runtimeconfig.inputs.GetVariableArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var run-service = RuntimeconfigFunctions.getVariable(GetVariableArgs.builder()\n .parent(\"my-service\")\n .name(\"prod-variables/hostname\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n run-service:\n fn::invoke:\n Function: gcp:runtimeconfig:getVariable\n Arguments:\n parent: my-service\n name: prod-variables/hostname\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst run-service = gcp.runtimeconfig.getVariable({\n parent: \"my-service\",\n name: \"prod-variables/hostname\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nrun_service = gcp.runtimeconfig.get_variable(parent=\"my-service\",\n name=\"prod-variables/hostname\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var run_service = Gcp.RuntimeConfig.GetVariable.Invoke(new()\n {\n Parent = \"my-service\",\n Name = \"prod-variables/hostname\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/runtimeconfig\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := runtimeconfig.LookupVariable(ctx, \u0026runtimeconfig.LookupVariableArgs{\n\t\t\tParent: \"my-service\",\n\t\t\tName: \"prod-variables/hostname\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.runtimeconfig.RuntimeconfigFunctions;\nimport com.pulumi.gcp.runtimeconfig.inputs.GetVariableArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var run-service = RuntimeconfigFunctions.getVariable(GetVariableArgs.builder()\n .parent(\"my-service\")\n .name(\"prod-variables/hostname\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n run-service:\n fn::invoke:\n function: gcp:runtimeconfig:getVariable\n arguments:\n parent: my-service\n name: prod-variables/hostname\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getVariable.\n", "properties": { @@ -299473,7 +299473,7 @@ } }, "gcp:secretmanager/getRegionalSecret:getRegionalSecret": { - "description": "Use this data source to get information about a Secret Manager Regional Secret\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secretDatasource = gcp.secretmanager.getRegionalSecret({\n secretId: \"secretname\",\n location: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret_datasource = gcp.secretmanager.get_regional_secret(secret_id=\"secretname\",\n location=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secretDatasource = Gcp.SecretManager.GetRegionalSecret.Invoke(new()\n {\n SecretId = \"secretname\",\n Location = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.LookupRegionalSecret(ctx, \u0026secretmanager.LookupRegionalSecretArgs{\n\t\t\tSecretId: \"secretname\",\n\t\t\tLocation: \"us-central1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretmanagerFunctions;\nimport com.pulumi.gcp.secretmanager.inputs.GetRegionalSecretArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var secretDatasource = SecretmanagerFunctions.getRegionalSecret(GetRegionalSecretArgs.builder()\n .secretId(\"secretname\")\n .location(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n secretDatasource:\n fn::invoke:\n Function: gcp:secretmanager:getRegionalSecret\n Arguments:\n secretId: secretname\n location: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get information about a Secret Manager Regional Secret\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secretDatasource = gcp.secretmanager.getRegionalSecret({\n secretId: \"secretname\",\n location: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret_datasource = gcp.secretmanager.get_regional_secret(secret_id=\"secretname\",\n location=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secretDatasource = Gcp.SecretManager.GetRegionalSecret.Invoke(new()\n {\n SecretId = \"secretname\",\n Location = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.LookupRegionalSecret(ctx, \u0026secretmanager.LookupRegionalSecretArgs{\n\t\t\tSecretId: \"secretname\",\n\t\t\tLocation: \"us-central1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretmanagerFunctions;\nimport com.pulumi.gcp.secretmanager.inputs.GetRegionalSecretArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var secretDatasource = SecretmanagerFunctions.getRegionalSecret(GetRegionalSecretArgs.builder()\n .secretId(\"secretname\")\n .location(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n secretDatasource:\n fn::invoke:\n function: gcp:secretmanager:getRegionalSecret\n arguments:\n secretId: secretname\n location: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getRegionalSecret.\n", "properties": { @@ -299607,7 +299607,7 @@ } }, "gcp:secretmanager/getRegionalSecretIamPolicy:getRegionalSecretIamPolicy": { - "description": "Retrieves the current IAM policy data for regionalsecret\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.secretmanager.getRegionalSecretIamPolicy({\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.secretmanager.get_regional_secret_iam_policy(project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.SecretManager.GetRegionalSecretIamPolicy.Invoke(new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.LookupRegionalSecretIamPolicy(ctx, \u0026secretmanager.LookupRegionalSecretIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.StringRef(regional_secret_basic.Location),\n\t\t\tSecretId: regional_secret_basic.SecretId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretmanagerFunctions;\nimport com.pulumi.gcp.secretmanager.inputs.GetRegionalSecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = SecretmanagerFunctions.getRegionalSecretIamPolicy(GetRegionalSecretIamPolicyArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:secretmanager:getRegionalSecretIamPolicy\n Arguments:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for regionalsecret\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.secretmanager.getRegionalSecretIamPolicy({\n project: regional_secret_basic.project,\n location: regional_secret_basic.location,\n secretId: regional_secret_basic.secretId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.secretmanager.get_regional_secret_iam_policy(project=regional_secret_basic[\"project\"],\n location=regional_secret_basic[\"location\"],\n secret_id=regional_secret_basic[\"secretId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.SecretManager.GetRegionalSecretIamPolicy.Invoke(new()\n {\n Project = regional_secret_basic.Project,\n Location = regional_secret_basic.Location,\n SecretId = regional_secret_basic.SecretId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.LookupRegionalSecretIamPolicy(ctx, \u0026secretmanager.LookupRegionalSecretIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(regional_secret_basic.Project),\n\t\t\tLocation: pulumi.StringRef(regional_secret_basic.Location),\n\t\t\tSecretId: regional_secret_basic.SecretId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretmanagerFunctions;\nimport com.pulumi.gcp.secretmanager.inputs.GetRegionalSecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = SecretmanagerFunctions.getRegionalSecretIamPolicy(GetRegionalSecretIamPolicyArgs.builder()\n .project(regional_secret_basic.project())\n .location(regional_secret_basic.location())\n .secretId(regional_secret_basic.secretId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:secretmanager:getRegionalSecretIamPolicy\n arguments:\n project: ${[\"regional-secret-basic\"].project}\n location: ${[\"regional-secret-basic\"].location}\n secretId: ${[\"regional-secret-basic\"].secretId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getRegionalSecretIamPolicy.\n", "properties": { @@ -299668,7 +299668,7 @@ } }, "gcp:secretmanager/getRegionalSecretVersion:getRegionalSecretVersion": { - "description": "Get the value and metadata from a Secret Manager regional secret version. For more information see the [official documentation](https://cloud.google.com/secret-manager/docs/regional-secrets-overview) and [API](https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.locations.secrets.versions). If you don't need the metadata (i.e., if you want to use a more limited role to access the regional secret version only), see also the gcp.secretmanager.getRegionalSecretVersionAccess datasource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = gcp.secretmanager.getRegionalSecretVersion({\n secret: \"my-secret\",\n location: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic = gcp.secretmanager.get_regional_secret_version(secret=\"my-secret\",\n location=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = Gcp.SecretManager.GetRegionalSecretVersion.Invoke(new()\n {\n Secret = \"my-secret\",\n Location = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.LookupRegionalSecretVersion(ctx, \u0026secretmanager.LookupRegionalSecretVersionArgs{\n\t\t\tSecret: \"my-secret\",\n\t\t\tLocation: pulumi.StringRef(\"us-central1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretmanagerFunctions;\nimport com.pulumi.gcp.secretmanager.inputs.GetRegionalSecretVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var basic = SecretmanagerFunctions.getRegionalSecretVersion(GetRegionalSecretVersionArgs.builder()\n .secret(\"my-secret\")\n .location(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n basic:\n fn::invoke:\n Function: gcp:secretmanager:getRegionalSecretVersion\n Arguments:\n secret: my-secret\n location: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get the value and metadata from a Secret Manager regional secret version. For more information see the [official documentation](https://cloud.google.com/secret-manager/docs/regional-secrets-overview) and [API](https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.locations.secrets.versions). If you don't need the metadata (i.e., if you want to use a more limited role to access the regional secret version only), see also the gcp.secretmanager.getRegionalSecretVersionAccess datasource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = gcp.secretmanager.getRegionalSecretVersion({\n secret: \"my-secret\",\n location: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic = gcp.secretmanager.get_regional_secret_version(secret=\"my-secret\",\n location=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = Gcp.SecretManager.GetRegionalSecretVersion.Invoke(new()\n {\n Secret = \"my-secret\",\n Location = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.LookupRegionalSecretVersion(ctx, \u0026secretmanager.LookupRegionalSecretVersionArgs{\n\t\t\tSecret: \"my-secret\",\n\t\t\tLocation: pulumi.StringRef(\"us-central1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretmanagerFunctions;\nimport com.pulumi.gcp.secretmanager.inputs.GetRegionalSecretVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var basic = SecretmanagerFunctions.getRegionalSecretVersion(GetRegionalSecretVersionArgs.builder()\n .secret(\"my-secret\")\n .location(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n basic:\n fn::invoke:\n function: gcp:secretmanager:getRegionalSecretVersion\n arguments:\n secret: my-secret\n location: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getRegionalSecretVersion.\n", "properties": { @@ -299766,7 +299766,7 @@ } }, "gcp:secretmanager/getRegionalSecretVersionAccess:getRegionalSecretVersionAccess": { - "description": "Get the value from a Secret Manager regional secret version. This is similar to the gcp.secretmanager.RegionalSecretVersion datasource, but it only requires the [Secret Manager Secret Accessor](https://cloud.google.com/secret-manager/docs/access-control#secretmanager.secretAccessor) role. For more information see the [official documentation](https://cloud.google.com/secret-manager/docs/regional-secrets-overview) and [API](https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.locations.secrets.versions/access).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst latest = gcp.secretmanager.getRegionalSecretVersionAccess({\n secret: \"my-secret\",\n location: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nlatest = gcp.secretmanager.get_regional_secret_version_access(secret=\"my-secret\",\n location=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var latest = Gcp.SecretManager.GetRegionalSecretVersionAccess.Invoke(new()\n {\n Secret = \"my-secret\",\n Location = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.GetRegionalSecretVersionAccess(ctx, \u0026secretmanager.GetRegionalSecretVersionAccessArgs{\n\t\t\tSecret: \"my-secret\",\n\t\t\tLocation: pulumi.StringRef(\"us-central1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretmanagerFunctions;\nimport com.pulumi.gcp.secretmanager.inputs.GetRegionalSecretVersionAccessArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var latest = SecretmanagerFunctions.getRegionalSecretVersionAccess(GetRegionalSecretVersionAccessArgs.builder()\n .secret(\"my-secret\")\n .location(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n latest:\n fn::invoke:\n Function: gcp:secretmanager:getRegionalSecretVersionAccess\n Arguments:\n secret: my-secret\n location: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get the value from a Secret Manager regional secret version. This is similar to the gcp.secretmanager.RegionalSecretVersion datasource, but it only requires the [Secret Manager Secret Accessor](https://cloud.google.com/secret-manager/docs/access-control#secretmanager.secretAccessor) role. For more information see the [official documentation](https://cloud.google.com/secret-manager/docs/regional-secrets-overview) and [API](https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.locations.secrets.versions/access).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst latest = gcp.secretmanager.getRegionalSecretVersionAccess({\n secret: \"my-secret\",\n location: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nlatest = gcp.secretmanager.get_regional_secret_version_access(secret=\"my-secret\",\n location=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var latest = Gcp.SecretManager.GetRegionalSecretVersionAccess.Invoke(new()\n {\n Secret = \"my-secret\",\n Location = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.GetRegionalSecretVersionAccess(ctx, \u0026secretmanager.GetRegionalSecretVersionAccessArgs{\n\t\t\tSecret: \"my-secret\",\n\t\t\tLocation: pulumi.StringRef(\"us-central1\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretmanagerFunctions;\nimport com.pulumi.gcp.secretmanager.inputs.GetRegionalSecretVersionAccessArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var latest = SecretmanagerFunctions.getRegionalSecretVersionAccess(GetRegionalSecretVersionAccessArgs.builder()\n .secret(\"my-secret\")\n .location(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n latest:\n fn::invoke:\n function: gcp:secretmanager:getRegionalSecretVersionAccess\n arguments:\n secret: my-secret\n location: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getRegionalSecretVersionAccess.\n", "properties": { @@ -299841,7 +299841,7 @@ } }, "gcp:secretmanager/getRegionalSecrets:getRegionalSecrets": { - "description": "Use this data source to list the Secret Manager Regional Secrets.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secrets = gcp.secretmanager.getRegionalSecrets({\n location: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecrets = gcp.secretmanager.get_regional_secrets(location=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secrets = Gcp.SecretManager.GetRegionalSecrets.Invoke(new()\n {\n Location = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.GetRegionalSecrets(ctx, \u0026secretmanager.GetRegionalSecretsArgs{\n\t\t\tLocation: \"us-central1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretmanagerFunctions;\nimport com.pulumi.gcp.secretmanager.inputs.GetRegionalSecretsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var secrets = SecretmanagerFunctions.getRegionalSecrets(GetRegionalSecretsArgs.builder()\n .location(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n secrets:\n fn::invoke:\n Function: gcp:secretmanager:getRegionalSecrets\n Arguments:\n location: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to list the Secret Manager Regional Secrets.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secrets = gcp.secretmanager.getRegionalSecrets({\n location: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecrets = gcp.secretmanager.get_regional_secrets(location=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secrets = Gcp.SecretManager.GetRegionalSecrets.Invoke(new()\n {\n Location = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.GetRegionalSecrets(ctx, \u0026secretmanager.GetRegionalSecretsArgs{\n\t\t\tLocation: \"us-central1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretmanagerFunctions;\nimport com.pulumi.gcp.secretmanager.inputs.GetRegionalSecretsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var secrets = SecretmanagerFunctions.getRegionalSecrets(GetRegionalSecretsArgs.builder()\n .location(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n secrets:\n fn::invoke:\n function: gcp:secretmanager:getRegionalSecrets\n arguments:\n location: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getRegionalSecrets.\n", "properties": { @@ -299899,7 +299899,7 @@ } }, "gcp:secretmanager/getSecret:getSecret": { - "description": "Use this data source to get information about a Secret Manager Secret\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst qa = gcp.secretmanager.getSecret({\n secretId: \"foobar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nqa = gcp.secretmanager.get_secret(secret_id=\"foobar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var qa = Gcp.SecretManager.GetSecret.Invoke(new()\n {\n SecretId = \"foobar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.LookupSecret(ctx, \u0026secretmanager.LookupSecretArgs{\n\t\t\tSecretId: \"foobar\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretmanagerFunctions;\nimport com.pulumi.gcp.secretmanager.inputs.GetSecretArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var qa = SecretmanagerFunctions.getSecret(GetSecretArgs.builder()\n .secretId(\"foobar\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n qa:\n fn::invoke:\n Function: gcp:secretmanager:getSecret\n Arguments:\n secretId: foobar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get information about a Secret Manager Secret\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst qa = gcp.secretmanager.getSecret({\n secretId: \"foobar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nqa = gcp.secretmanager.get_secret(secret_id=\"foobar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var qa = Gcp.SecretManager.GetSecret.Invoke(new()\n {\n SecretId = \"foobar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.LookupSecret(ctx, \u0026secretmanager.LookupSecretArgs{\n\t\t\tSecretId: \"foobar\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretmanagerFunctions;\nimport com.pulumi.gcp.secretmanager.inputs.GetSecretArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var qa = SecretmanagerFunctions.getSecret(GetSecretArgs.builder()\n .secretId(\"foobar\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n qa:\n fn::invoke:\n function: gcp:secretmanager:getSecret\n arguments:\n secretId: foobar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getSecret.\n", "properties": { @@ -300024,7 +300024,7 @@ } }, "gcp:secretmanager/getSecretIamPolicy:getSecretIamPolicy": { - "description": "Retrieves the current IAM policy data for secret\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.secretmanager.getSecretIamPolicy({\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.secretmanager.get_secret_iam_policy(project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.SecretManager.GetSecretIamPolicy.Invoke(new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.LookupSecretIamPolicy(ctx, \u0026secretmanager.LookupSecretIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(secret_basic.Project),\n\t\t\tSecretId: secret_basic.SecretId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretmanagerFunctions;\nimport com.pulumi.gcp.secretmanager.inputs.GetSecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = SecretmanagerFunctions.getSecretIamPolicy(GetSecretIamPolicyArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:secretmanager:getSecretIamPolicy\n Arguments:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for secret\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.secretmanager.getSecretIamPolicy({\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.secretmanager.get_secret_iam_policy(project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.SecretManager.GetSecretIamPolicy.Invoke(new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.LookupSecretIamPolicy(ctx, \u0026secretmanager.LookupSecretIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(secret_basic.Project),\n\t\t\tSecretId: secret_basic.SecretId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretmanagerFunctions;\nimport com.pulumi.gcp.secretmanager.inputs.GetSecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = SecretmanagerFunctions.getSecretIamPolicy(GetSecretIamPolicyArgs.builder()\n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:secretmanager:getSecretIamPolicy\n arguments:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getSecretIamPolicy.\n", "properties": { @@ -300076,7 +300076,7 @@ } }, "gcp:secretmanager/getSecretVersion:getSecretVersion": { - "description": "Get the value and metadata from a Secret Manager secret version. For more information see the [official documentation](https://cloud.google.com/secret-manager/docs/) and [API](https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.secrets.versions). If you don't need the metadata (i.e., if you want to use a more limited role to access the secret version only), see also the gcp.secretmanager.getSecretVersionAccess datasource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = gcp.secretmanager.getSecretVersion({\n secret: \"my-secret\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic = gcp.secretmanager.get_secret_version(secret=\"my-secret\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = Gcp.SecretManager.GetSecretVersion.Invoke(new()\n {\n Secret = \"my-secret\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.LookupSecretVersion(ctx, \u0026secretmanager.LookupSecretVersionArgs{\n\t\t\tSecret: \"my-secret\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretmanagerFunctions;\nimport com.pulumi.gcp.secretmanager.inputs.GetSecretVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var basic = SecretmanagerFunctions.getSecretVersion(GetSecretVersionArgs.builder()\n .secret(\"my-secret\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n basic:\n fn::invoke:\n Function: gcp:secretmanager:getSecretVersion\n Arguments:\n secret: my-secret\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get the value and metadata from a Secret Manager secret version. For more information see the [official documentation](https://cloud.google.com/secret-manager/docs/) and [API](https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.secrets.versions). If you don't need the metadata (i.e., if you want to use a more limited role to access the secret version only), see also the gcp.secretmanager.getSecretVersionAccess datasource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = gcp.secretmanager.getSecretVersion({\n secret: \"my-secret\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic = gcp.secretmanager.get_secret_version(secret=\"my-secret\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = Gcp.SecretManager.GetSecretVersion.Invoke(new()\n {\n Secret = \"my-secret\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.LookupSecretVersion(ctx, \u0026secretmanager.LookupSecretVersionArgs{\n\t\t\tSecret: \"my-secret\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretmanagerFunctions;\nimport com.pulumi.gcp.secretmanager.inputs.GetSecretVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var basic = SecretmanagerFunctions.getSecretVersion(GetSecretVersionArgs.builder()\n .secret(\"my-secret\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n basic:\n fn::invoke:\n function: gcp:secretmanager:getSecretVersion\n arguments:\n secret: my-secret\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getSecretVersion.\n", "properties": { @@ -300158,7 +300158,7 @@ } }, "gcp:secretmanager/getSecretVersionAccess:getSecretVersionAccess": { - "description": "Get the value from a Secret Manager secret version. This is similar to the gcp.secretmanager.SecretVersion datasource, but it only requires the [Secret Manager Secret Accessor](https://cloud.google.com/secret-manager/docs/access-control#secretmanager.secretAccessor) role. For more information see the [official documentation](https://cloud.google.com/secret-manager/docs/) and [API](https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.secrets.versions/access).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = gcp.secretmanager.getSecretVersionAccess({\n secret: \"my-secret\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic = gcp.secretmanager.get_secret_version_access(secret=\"my-secret\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = Gcp.SecretManager.GetSecretVersionAccess.Invoke(new()\n {\n Secret = \"my-secret\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.GetSecretVersionAccess(ctx, \u0026secretmanager.GetSecretVersionAccessArgs{\n\t\t\tSecret: \"my-secret\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretmanagerFunctions;\nimport com.pulumi.gcp.secretmanager.inputs.GetSecretVersionAccessArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var basic = SecretmanagerFunctions.getSecretVersionAccess(GetSecretVersionAccessArgs.builder()\n .secret(\"my-secret\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n basic:\n fn::invoke:\n Function: gcp:secretmanager:getSecretVersionAccess\n Arguments:\n secret: my-secret\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get the value from a Secret Manager secret version. This is similar to the gcp.secretmanager.SecretVersion datasource, but it only requires the [Secret Manager Secret Accessor](https://cloud.google.com/secret-manager/docs/access-control#secretmanager.secretAccessor) role. For more information see the [official documentation](https://cloud.google.com/secret-manager/docs/) and [API](https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.secrets.versions/access).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = gcp.secretmanager.getSecretVersionAccess({\n secret: \"my-secret\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic = gcp.secretmanager.get_secret_version_access(secret=\"my-secret\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = Gcp.SecretManager.GetSecretVersionAccess.Invoke(new()\n {\n Secret = \"my-secret\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.GetSecretVersionAccess(ctx, \u0026secretmanager.GetSecretVersionAccessArgs{\n\t\t\tSecret: \"my-secret\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretmanagerFunctions;\nimport com.pulumi.gcp.secretmanager.inputs.GetSecretVersionAccessArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var basic = SecretmanagerFunctions.getSecretVersionAccess(GetSecretVersionAccessArgs.builder()\n .secret(\"my-secret\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n basic:\n fn::invoke:\n function: gcp:secretmanager:getSecretVersionAccess\n arguments:\n secret: my-secret\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getSecretVersionAccess.\n", "properties": { @@ -300225,7 +300225,7 @@ } }, "gcp:secretmanager/getSecrets:getSecrets": { - "description": "Use this data source to list the Secret Manager Secrets\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secrets = gcp.secretmanager.getSecrets({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecrets = gcp.secretmanager.get_secrets()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secrets = Gcp.SecretManager.GetSecrets.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.GetSecrets(ctx, \u0026secretmanager.GetSecretsArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretmanagerFunctions;\nimport com.pulumi.gcp.secretmanager.inputs.GetSecretsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var secrets = SecretmanagerFunctions.getSecrets();\n\n }\n}\n```\n```yaml\nvariables:\n secrets:\n fn::invoke:\n Function: gcp:secretmanager:getSecrets\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to list the Secret Manager Secrets\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secrets = gcp.secretmanager.getSecrets({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecrets = gcp.secretmanager.get_secrets()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secrets = Gcp.SecretManager.GetSecrets.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.GetSecrets(ctx, \u0026secretmanager.GetSecretsArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretmanagerFunctions;\nimport com.pulumi.gcp.secretmanager.inputs.GetSecretsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var secrets = SecretmanagerFunctions.getSecrets();\n\n }\n}\n```\n```yaml\nvariables:\n secrets:\n fn::invoke:\n function: gcp:secretmanager:getSecrets\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getSecrets.\n", "properties": { @@ -300271,7 +300271,7 @@ } }, "gcp:securesourcemanager/getInstanceIamPolicy:getInstanceIamPolicy": { - "description": "Retrieves the current IAM policy data for instance\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.securesourcemanager.getInstanceIamPolicy({\n project: _default.project,\n location: _default.location,\n instanceId: _default.instanceId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.securesourcemanager.get_instance_iam_policy(project=default[\"project\"],\n location=default[\"location\"],\n instance_id=default[\"instanceId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.SecureSourceManager.GetInstanceIamPolicy.Invoke(new()\n {\n Project = @default.Project,\n Location = @default.Location,\n InstanceId = @default.InstanceId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securesourcemanager.LookupInstanceIamPolicy(ctx, \u0026securesourcemanager.LookupInstanceIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(_default.Project),\n\t\t\tLocation: pulumi.StringRef(_default.Location),\n\t\t\tInstanceId: _default.InstanceId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securesourcemanager.SecuresourcemanagerFunctions;\nimport com.pulumi.gcp.securesourcemanager.inputs.GetInstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = SecuresourcemanagerFunctions.getInstanceIamPolicy(GetInstanceIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .instanceId(default_.instanceId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:securesourcemanager:getInstanceIamPolicy\n Arguments:\n project: ${default.project}\n location: ${default.location}\n instanceId: ${default.instanceId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for instance\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.securesourcemanager.getInstanceIamPolicy({\n project: _default.project,\n location: _default.location,\n instanceId: _default.instanceId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.securesourcemanager.get_instance_iam_policy(project=default[\"project\"],\n location=default[\"location\"],\n instance_id=default[\"instanceId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.SecureSourceManager.GetInstanceIamPolicy.Invoke(new()\n {\n Project = @default.Project,\n Location = @default.Location,\n InstanceId = @default.InstanceId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securesourcemanager.LookupInstanceIamPolicy(ctx, \u0026securesourcemanager.LookupInstanceIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(_default.Project),\n\t\t\tLocation: pulumi.StringRef(_default.Location),\n\t\t\tInstanceId: _default.InstanceId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securesourcemanager.SecuresourcemanagerFunctions;\nimport com.pulumi.gcp.securesourcemanager.inputs.GetInstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = SecuresourcemanagerFunctions.getInstanceIamPolicy(GetInstanceIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .instanceId(default_.instanceId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:securesourcemanager:getInstanceIamPolicy\n arguments:\n project: ${default.project}\n location: ${default.location}\n instanceId: ${default.instanceId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getInstanceIamPolicy.\n", "properties": { @@ -300333,7 +300333,7 @@ } }, "gcp:securesourcemanager/getRepositoryIamPolicy:getRepositoryIamPolicy": { - "description": "Retrieves the current IAM policy data for repository\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.securesourcemanager.getRepositoryIamPolicy({\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.securesourcemanager.get_repository_iam_policy(project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.SecureSourceManager.GetRepositoryIamPolicy.Invoke(new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securesourcemanager.LookupRepositoryIamPolicy(ctx, \u0026securesourcemanager.LookupRepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(_default.Project),\n\t\t\tLocation: pulumi.StringRef(_default.Location),\n\t\t\tRepositoryId: _default.RepositoryId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securesourcemanager.SecuresourcemanagerFunctions;\nimport com.pulumi.gcp.securesourcemanager.inputs.GetRepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = SecuresourcemanagerFunctions.getRepositoryIamPolicy(GetRepositoryIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:securesourcemanager:getRepositoryIamPolicy\n Arguments:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for repository\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.securesourcemanager.getRepositoryIamPolicy({\n project: _default.project,\n location: _default.location,\n repositoryId: _default.repositoryId,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.securesourcemanager.get_repository_iam_policy(project=default[\"project\"],\n location=default[\"location\"],\n repository_id=default[\"repositoryId\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.SecureSourceManager.GetRepositoryIamPolicy.Invoke(new()\n {\n Project = @default.Project,\n Location = @default.Location,\n RepositoryId = @default.RepositoryId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securesourcemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securesourcemanager.LookupRepositoryIamPolicy(ctx, \u0026securesourcemanager.LookupRepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(_default.Project),\n\t\t\tLocation: pulumi.StringRef(_default.Location),\n\t\t\tRepositoryId: _default.RepositoryId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securesourcemanager.SecuresourcemanagerFunctions;\nimport com.pulumi.gcp.securesourcemanager.inputs.GetRepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = SecuresourcemanagerFunctions.getRepositoryIamPolicy(GetRepositoryIamPolicyArgs.builder()\n .project(default_.project())\n .location(default_.location())\n .repositoryId(default_.repositoryId())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:securesourcemanager:getRepositoryIamPolicy\n arguments:\n project: ${default.project}\n location: ${default.location}\n repositoryId: ${default.repositoryId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getRepositoryIamPolicy.\n", "properties": { @@ -300395,7 +300395,7 @@ } }, "gcp:securitycenter/getSourceIamPolicy:getSourceIamPolicy": { - "description": "Retrieves the current IAM policy data for source\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.securitycenter.getSourceIamPolicy({\n source: customSource.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.securitycenter.get_source_iam_policy(source=custom_source[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.SecurityCenter.GetSourceIamPolicy.Invoke(new()\n {\n Source = customSource.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.LookupSourceIamPolicy(ctx, \u0026securitycenter.LookupSourceIamPolicyArgs{\n\t\t\tSource: customSource.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.SecuritycenterFunctions;\nimport com.pulumi.gcp.securitycenter.inputs.GetSourceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = SecuritycenterFunctions.getSourceIamPolicy(GetSourceIamPolicyArgs.builder()\n .source(customSource.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:securitycenter:getSourceIamPolicy\n Arguments:\n source: ${customSource.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for source\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.securitycenter.getSourceIamPolicy({\n source: customSource.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.securitycenter.get_source_iam_policy(source=custom_source[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.SecurityCenter.GetSourceIamPolicy.Invoke(new()\n {\n Source = customSource.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.LookupSourceIamPolicy(ctx, \u0026securitycenter.LookupSourceIamPolicyArgs{\n\t\t\tSource: customSource.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.SecuritycenterFunctions;\nimport com.pulumi.gcp.securitycenter.inputs.GetSourceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = SecuritycenterFunctions.getSourceIamPolicy(GetSourceIamPolicyArgs.builder()\n .source(customSource.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:securitycenter:getSourceIamPolicy\n arguments:\n source: ${customSource.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getSourceIamPolicy.\n", "properties": { @@ -300448,7 +300448,7 @@ } }, "gcp:securitycenter/getV2OrganizationSourceIamPolicy:getV2OrganizationSourceIamPolicy": { - "description": "Retrieves the current IAM policy data for organizationsource\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.securitycenter.getV2OrganizationSourceIamPolicy({\n source: customSource.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.securitycenter.get_v2_organization_source_iam_policy(source=custom_source[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.SecurityCenter.GetV2OrganizationSourceIamPolicy.Invoke(new()\n {\n Source = customSource.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.LookupV2OrganizationSourceIamPolicy(ctx, \u0026securitycenter.LookupV2OrganizationSourceIamPolicyArgs{\n\t\t\tSource: customSource.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.SecuritycenterFunctions;\nimport com.pulumi.gcp.securitycenter.inputs.GetV2OrganizationSourceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = SecuritycenterFunctions.getV2OrganizationSourceIamPolicy(GetV2OrganizationSourceIamPolicyArgs.builder()\n .source(customSource.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:securitycenter:getV2OrganizationSourceIamPolicy\n Arguments:\n source: ${customSource.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for organizationsource\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.securitycenter.getV2OrganizationSourceIamPolicy({\n source: customSource.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.securitycenter.get_v2_organization_source_iam_policy(source=custom_source[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.SecurityCenter.GetV2OrganizationSourceIamPolicy.Invoke(new()\n {\n Source = customSource.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.LookupV2OrganizationSourceIamPolicy(ctx, \u0026securitycenter.LookupV2OrganizationSourceIamPolicyArgs{\n\t\t\tSource: customSource.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.SecuritycenterFunctions;\nimport com.pulumi.gcp.securitycenter.inputs.GetV2OrganizationSourceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = SecuritycenterFunctions.getV2OrganizationSourceIamPolicy(GetV2OrganizationSourceIamPolicyArgs.builder()\n .source(customSource.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:securitycenter:getV2OrganizationSourceIamPolicy\n arguments:\n source: ${customSource.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getV2OrganizationSourceIamPolicy.\n", "properties": { @@ -300501,7 +300501,7 @@ } }, "gcp:serviceaccount/getAccount:getAccount": { - "description": "Get the service account from a project. For more information see\nthe official [API](https://cloud.google.com/compute/docs/access/service-accounts) documentation.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst objectViewer = gcp.serviceaccount.getAccount({\n accountId: \"object-viewer\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nobject_viewer = gcp.serviceaccount.get_account(account_id=\"object-viewer\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var objectViewer = Gcp.ServiceAccount.GetAccount.Invoke(new()\n {\n AccountId = \"object-viewer\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := serviceaccount.LookupAccount(ctx, \u0026serviceaccount.LookupAccountArgs{\n\t\t\tAccountId: \"object-viewer\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;\nimport com.pulumi.gcp.serviceaccount.inputs.GetAccountArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var objectViewer = ServiceaccountFunctions.getAccount(GetAccountArgs.builder()\n .accountId(\"object-viewer\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n objectViewer:\n fn::invoke:\n Function: gcp:serviceaccount:getAccount\n Arguments:\n accountId: object-viewer\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Save Key In Kubernetes Secret\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as kubernetes from \"@pulumi/kubernetes\";\nimport * as std from \"@pulumi/std\";\n\nconst myaccount = gcp.serviceaccount.getAccount({\n accountId: \"myaccount-id\",\n});\nconst mykey = new gcp.serviceaccount.Key(\"mykey\", {serviceAccountId: myaccount.then(myaccount =\u003e myaccount.name)});\nconst google_application_credentials = new kubernetes.core.v1.Secret(\"google-application-credentials\", {\n metadata: {\n name: \"google-application-credentials\",\n },\n data: {\n json: std.base64decodeOutput({\n input: mykey.privateKey,\n }).apply(invoke =\u003e invoke.result),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_kubernetes as kubernetes\nimport pulumi_std as std\n\nmyaccount = gcp.serviceaccount.get_account(account_id=\"myaccount-id\")\nmykey = gcp.serviceaccount.Key(\"mykey\", service_account_id=myaccount.name)\ngoogle_application_credentials = kubernetes.core.v1.Secret(\"google-application-credentials\",\n metadata={\n \"name\": \"google-application-credentials\",\n },\n data={\n \"json\": std.base64decode_output(input=mykey.private_key).apply(lambda invoke: invoke.result),\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Kubernetes = Pulumi.Kubernetes;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myaccount = Gcp.ServiceAccount.GetAccount.Invoke(new()\n {\n AccountId = \"myaccount-id\",\n });\n\n var mykey = new Gcp.ServiceAccount.Key(\"mykey\", new()\n {\n ServiceAccountId = myaccount.Apply(getAccountResult =\u003e getAccountResult.Name),\n });\n\n var google_application_credentials = new Kubernetes.Core.V1.Secret(\"google-application-credentials\", new()\n {\n Metadata = new Kubernetes.Types.Inputs.Meta.V1.ObjectMetaArgs\n {\n Name = \"google-application-credentials\",\n },\n Data = \n {\n { \"json\", Std.Base64decode.Invoke(new()\n {\n Input = mykey.PrivateKey,\n }).Apply(invoke =\u003e invoke.Result) },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\tcorev1 \"github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/core/v1\"\n\tmetav1 \"github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/meta/v1\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyaccount, err := serviceaccount.LookupAccount(ctx, \u0026serviceaccount.LookupAccountArgs{\n\t\t\tAccountId: \"myaccount-id\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmykey, err := serviceaccount.NewKey(ctx, \"mykey\", \u0026serviceaccount.KeyArgs{\n\t\t\tServiceAccountId: pulumi.String(myaccount.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = corev1.NewSecret(ctx, \"google-application-credentials\", \u0026corev1.SecretArgs{\n\t\t\tMetadata: \u0026metav1.ObjectMetaArgs{\n\t\t\t\tName: pulumi.String(\"google-application-credentials\"),\n\t\t\t},\n\t\t\tData: pulumi.StringMap{\n\t\t\t\t\"json\": pulumi.String(std.Base64decodeOutput(ctx, std.Base64decodeOutputArgs{\n\t\t\t\t\tInput: mykey.PrivateKey,\n\t\t\t\t}, nil).ApplyT(func(invoke std.Base64decodeResult) (*string, error) {\n\t\t\t\t\treturn invoke.Result, nil\n\t\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;\nimport com.pulumi.gcp.serviceaccount.inputs.GetAccountArgs;\nimport com.pulumi.gcp.serviceaccount.Key;\nimport com.pulumi.gcp.serviceaccount.KeyArgs;\nimport com.pulumi.kubernetes.core_v1.Secret;\nimport com.pulumi.kubernetes.core_v1.SecretArgs;\nimport com.pulumi.kubernetes.meta_v1.inputs.ObjectMetaArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myaccount = ServiceaccountFunctions.getAccount(GetAccountArgs.builder()\n .accountId(\"myaccount-id\")\n .build());\n\n var mykey = new Key(\"mykey\", KeyArgs.builder()\n .serviceAccountId(myaccount.applyValue(getAccountResult -\u003e getAccountResult.name()))\n .build());\n\n var google_application_credentials = new Secret(\"google-application-credentials\", SecretArgs.builder()\n .metadata(ObjectMetaArgs.builder()\n .name(\"google-application-credentials\")\n .build())\n .data(Map.of(\"json\", StdFunctions.base64decode().applyValue(invoke -\u003e invoke.result())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n mykey:\n type: gcp:serviceaccount:Key\n properties:\n serviceAccountId: ${myaccount.name}\n google-application-credentials:\n type: kubernetes:core/v1:Secret\n properties:\n metadata:\n name: google-application-credentials\n data:\n json:\n fn::invoke:\n Function: std:base64decode\n Arguments:\n input: ${mykey.privateKey}\n Return: result\nvariables:\n myaccount:\n fn::invoke:\n Function: gcp:serviceaccount:getAccount\n Arguments:\n accountId: myaccount-id\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get the service account from a project. For more information see\nthe official [API](https://cloud.google.com/compute/docs/access/service-accounts) documentation.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst objectViewer = gcp.serviceaccount.getAccount({\n accountId: \"object-viewer\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nobject_viewer = gcp.serviceaccount.get_account(account_id=\"object-viewer\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var objectViewer = Gcp.ServiceAccount.GetAccount.Invoke(new()\n {\n AccountId = \"object-viewer\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := serviceaccount.LookupAccount(ctx, \u0026serviceaccount.LookupAccountArgs{\n\t\t\tAccountId: \"object-viewer\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;\nimport com.pulumi.gcp.serviceaccount.inputs.GetAccountArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var objectViewer = ServiceaccountFunctions.getAccount(GetAccountArgs.builder()\n .accountId(\"object-viewer\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n objectViewer:\n fn::invoke:\n function: gcp:serviceaccount:getAccount\n arguments:\n accountId: object-viewer\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Save Key In Kubernetes Secret\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as kubernetes from \"@pulumi/kubernetes\";\nimport * as std from \"@pulumi/std\";\n\nconst myaccount = gcp.serviceaccount.getAccount({\n accountId: \"myaccount-id\",\n});\nconst mykey = new gcp.serviceaccount.Key(\"mykey\", {serviceAccountId: myaccount.then(myaccount =\u003e myaccount.name)});\nconst google_application_credentials = new kubernetes.core.v1.Secret(\"google-application-credentials\", {\n metadata: {\n name: \"google-application-credentials\",\n },\n data: {\n json: std.base64decodeOutput({\n input: mykey.privateKey,\n }).apply(invoke =\u003e invoke.result),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_kubernetes as kubernetes\nimport pulumi_std as std\n\nmyaccount = gcp.serviceaccount.get_account(account_id=\"myaccount-id\")\nmykey = gcp.serviceaccount.Key(\"mykey\", service_account_id=myaccount.name)\ngoogle_application_credentials = kubernetes.core.v1.Secret(\"google-application-credentials\",\n metadata={\n \"name\": \"google-application-credentials\",\n },\n data={\n \"json\": std.base64decode_output(input=mykey.private_key).apply(lambda invoke: invoke.result),\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Kubernetes = Pulumi.Kubernetes;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myaccount = Gcp.ServiceAccount.GetAccount.Invoke(new()\n {\n AccountId = \"myaccount-id\",\n });\n\n var mykey = new Gcp.ServiceAccount.Key(\"mykey\", new()\n {\n ServiceAccountId = myaccount.Apply(getAccountResult =\u003e getAccountResult.Name),\n });\n\n var google_application_credentials = new Kubernetes.Core.V1.Secret(\"google-application-credentials\", new()\n {\n Metadata = new Kubernetes.Types.Inputs.Meta.V1.ObjectMetaArgs\n {\n Name = \"google-application-credentials\",\n },\n Data = \n {\n { \"json\", Std.Base64decode.Invoke(new()\n {\n Input = mykey.PrivateKey,\n }).Apply(invoke =\u003e invoke.Result) },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\tcorev1 \"github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/core/v1\"\n\tmetav1 \"github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/meta/v1\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyaccount, err := serviceaccount.LookupAccount(ctx, \u0026serviceaccount.LookupAccountArgs{\n\t\t\tAccountId: \"myaccount-id\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmykey, err := serviceaccount.NewKey(ctx, \"mykey\", \u0026serviceaccount.KeyArgs{\n\t\t\tServiceAccountId: pulumi.String(myaccount.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = corev1.NewSecret(ctx, \"google-application-credentials\", \u0026corev1.SecretArgs{\n\t\t\tMetadata: \u0026metav1.ObjectMetaArgs{\n\t\t\t\tName: pulumi.String(\"google-application-credentials\"),\n\t\t\t},\n\t\t\tData: pulumi.StringMap{\n\t\t\t\t\"json\": pulumi.String(std.Base64decodeOutput(ctx, std.Base64decodeOutputArgs{\n\t\t\t\t\tInput: mykey.PrivateKey,\n\t\t\t\t}, nil).ApplyT(func(invoke std.Base64decodeResult) (*string, error) {\n\t\t\t\t\treturn invoke.Result, nil\n\t\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;\nimport com.pulumi.gcp.serviceaccount.inputs.GetAccountArgs;\nimport com.pulumi.gcp.serviceaccount.Key;\nimport com.pulumi.gcp.serviceaccount.KeyArgs;\nimport com.pulumi.kubernetes.core_v1.Secret;\nimport com.pulumi.kubernetes.core_v1.SecretArgs;\nimport com.pulumi.kubernetes.meta_v1.inputs.ObjectMetaArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myaccount = ServiceaccountFunctions.getAccount(GetAccountArgs.builder()\n .accountId(\"myaccount-id\")\n .build());\n\n var mykey = new Key(\"mykey\", KeyArgs.builder()\n .serviceAccountId(myaccount.applyValue(getAccountResult -\u003e getAccountResult.name()))\n .build());\n\n var google_application_credentials = new Secret(\"google-application-credentials\", SecretArgs.builder()\n .metadata(ObjectMetaArgs.builder()\n .name(\"google-application-credentials\")\n .build())\n .data(Map.of(\"json\", StdFunctions.base64decode().applyValue(invoke -\u003e invoke.result())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n mykey:\n type: gcp:serviceaccount:Key\n properties:\n serviceAccountId: ${myaccount.name}\n google-application-credentials:\n type: kubernetes:core/v1:Secret\n properties:\n metadata:\n name: google-application-credentials\n data:\n json:\n fn::invoke:\n function: std:base64decode\n arguments:\n input: ${mykey.privateKey}\n return: result\nvariables:\n myaccount:\n fn::invoke:\n function: gcp:serviceaccount:getAccount\n arguments:\n accountId: myaccount-id\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getAccount.\n", "properties": { @@ -300571,7 +300571,7 @@ } }, "gcp:serviceaccount/getAccountAccessToken:getAccountAccessToken": { - "description": "This data source provides a google `oauth2` `access_token` for a different service account than the one initially running the script.\n\nFor more information see\n[the official documentation](https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials) as well as [iamcredentials.generateAccessToken()](https://cloud.google.com/iam/credentials/reference/rest/v1/projects.serviceAccounts/generateAccessToken)\n\n## Example Usage\n\nTo allow `service_A` to impersonate `service_B`, grant the [Service Account Token Creator](https://cloud.google.com/iam/docs/service-accounts#the_service_account_token_creator_role) on B to A. \n\nIn the IAM policy below, `service_A` is given the Token Creator role impersonate `service_B`\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst token_creator_iam = new gcp.serviceaccount.IAMBinding(\"token-creator-iam\", {\n serviceAccountId: \"projects/-/serviceAccounts/service_B@projectB.iam.gserviceaccount.com\",\n role: \"roles/iam.serviceAccountTokenCreator\",\n members: [\"serviceAccount:service_A@projectA.iam.gserviceaccount.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntoken_creator_iam = gcp.serviceaccount.IAMBinding(\"token-creator-iam\",\n service_account_id=\"projects/-/serviceAccounts/service_B@projectB.iam.gserviceaccount.com\",\n role=\"roles/iam.serviceAccountTokenCreator\",\n members=[\"serviceAccount:service_A@projectA.iam.gserviceaccount.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var token_creator_iam = new Gcp.ServiceAccount.IAMBinding(\"token-creator-iam\", new()\n {\n ServiceAccountId = \"projects/-/serviceAccounts/service_B@projectB.iam.gserviceaccount.com\",\n Role = \"roles/iam.serviceAccountTokenCreator\",\n Members = new[]\n {\n \"serviceAccount:service_A@projectA.iam.gserviceaccount.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := serviceaccount.NewIAMBinding(ctx, \"token-creator-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: pulumi.String(\"projects/-/serviceAccounts/service_B@projectB.iam.gserviceaccount.com\"),\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountTokenCreator\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"serviceAccount:service_A@projectA.iam.gserviceaccount.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var token_creator_iam = new IAMBinding(\"token-creator-iam\", IAMBindingArgs.builder()\n .serviceAccountId(\"projects/-/serviceAccounts/service_B@projectB.iam.gserviceaccount.com\")\n .role(\"roles/iam.serviceAccountTokenCreator\")\n .members(\"serviceAccount:service_A@projectA.iam.gserviceaccount.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n token-creator-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: projects/-/serviceAccounts/service_B@projectB.iam.gserviceaccount.com\n role: roles/iam.serviceAccountTokenCreator\n members:\n - serviceAccount:service_A@projectA.iam.gserviceaccount.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nOnce the IAM permissions are set, you can apply the new token to a provider bootstrapped with it. Any resources that references the aliased provider will run as the new identity.\n\nIn the example below, `gcp.organizations.Project` will run as `service_B`.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nexport = async () =\u003e {\n const default = await gcp.organizations.getClientConfig({});\n const defaultGetAccountAccessToken = await gcp.serviceaccount.getAccountAccessToken({\n targetServiceAccount: \"service_B@projectB.iam.gserviceaccount.com\",\n scopes: [\n \"userinfo-email\",\n \"cloud-platform\",\n ],\n lifetime: \"300s\",\n });\n const me = await gcp.organizations.getClientOpenIdUserInfo({});\n return {\n \"target-email\": me.email,\n };\n}\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.organizations.get_client_config()\ndefault_get_account_access_token = gcp.serviceaccount.get_account_access_token(target_service_account=\"service_B@projectB.iam.gserviceaccount.com\",\n scopes=[\n \"userinfo-email\",\n \"cloud-platform\",\n ],\n lifetime=\"300s\")\nme = gcp.organizations.get_client_open_id_user_info()\npulumi.export(\"target-email\", me.email)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Organizations.GetClientConfig.Invoke();\n\n var defaultGetAccountAccessToken = Gcp.ServiceAccount.GetAccountAccessToken.Invoke(new()\n {\n TargetServiceAccount = \"service_B@projectB.iam.gserviceaccount.com\",\n Scopes = new[]\n {\n \"userinfo-email\",\n \"cloud-platform\",\n },\n Lifetime = \"300s\",\n });\n\n var me = Gcp.Organizations.GetClientOpenIdUserInfo.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"target-email\"] = me.Apply(getClientOpenIdUserInfoResult =\u003e getClientOpenIdUserInfoResult.Email),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.GetAccountAccessToken(ctx, \u0026serviceaccount.GetAccountAccessTokenArgs{\n\t\t\tTargetServiceAccount: \"service_B@projectB.iam.gserviceaccount.com\",\n\t\t\tScopes: []string{\n\t\t\t\t\"userinfo-email\",\n\t\t\t\t\"cloud-platform\",\n\t\t\t},\n\t\t\tLifetime: pulumi.StringRef(\"300s\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tme, err := organizations.GetClientOpenIdUserInfo(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"target-email\", me.Email)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;\nimport com.pulumi.gcp.serviceaccount.inputs.GetAccountAccessTokenArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = OrganizationsFunctions.getClientConfig();\n\n final var defaultGetAccountAccessToken = ServiceaccountFunctions.getAccountAccessToken(GetAccountAccessTokenArgs.builder()\n .targetServiceAccount(\"service_B@projectB.iam.gserviceaccount.com\")\n .scopes( \n \"userinfo-email\",\n \"cloud-platform\")\n .lifetime(\"300s\")\n .build());\n\n final var me = OrganizationsFunctions.getClientOpenIdUserInfo();\n\n ctx.export(\"target-email\", me.applyValue(getClientOpenIdUserInfoResult -\u003e getClientOpenIdUserInfoResult.email()));\n }\n}\n```\n```yaml\nvariables:\n default:\n fn::invoke:\n Function: gcp:organizations:getClientConfig\n Arguments: {}\n defaultGetAccountAccessToken:\n fn::invoke:\n Function: gcp:serviceaccount:getAccountAccessToken\n Arguments:\n targetServiceAccount: service_B@projectB.iam.gserviceaccount.com\n scopes:\n - userinfo-email\n - cloud-platform\n lifetime: 300s\n me:\n fn::invoke:\n Function: gcp:organizations:getClientOpenIdUserInfo\n Arguments: {}\noutputs:\n target-email: ${me.email}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003e *Note*: the generated token is non-refreshable and can have a maximum `lifetime` of `3600` seconds.\n", + "description": "This data source provides a google `oauth2` `access_token` for a different service account than the one initially running the script.\n\nFor more information see\n[the official documentation](https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials) as well as [iamcredentials.generateAccessToken()](https://cloud.google.com/iam/credentials/reference/rest/v1/projects.serviceAccounts/generateAccessToken)\n\n## Example Usage\n\nTo allow `service_A` to impersonate `service_B`, grant the [Service Account Token Creator](https://cloud.google.com/iam/docs/service-accounts#the_service_account_token_creator_role) on B to A. \n\nIn the IAM policy below, `service_A` is given the Token Creator role impersonate `service_B`\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst token_creator_iam = new gcp.serviceaccount.IAMBinding(\"token-creator-iam\", {\n serviceAccountId: \"projects/-/serviceAccounts/service_B@projectB.iam.gserviceaccount.com\",\n role: \"roles/iam.serviceAccountTokenCreator\",\n members: [\"serviceAccount:service_A@projectA.iam.gserviceaccount.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntoken_creator_iam = gcp.serviceaccount.IAMBinding(\"token-creator-iam\",\n service_account_id=\"projects/-/serviceAccounts/service_B@projectB.iam.gserviceaccount.com\",\n role=\"roles/iam.serviceAccountTokenCreator\",\n members=[\"serviceAccount:service_A@projectA.iam.gserviceaccount.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var token_creator_iam = new Gcp.ServiceAccount.IAMBinding(\"token-creator-iam\", new()\n {\n ServiceAccountId = \"projects/-/serviceAccounts/service_B@projectB.iam.gserviceaccount.com\",\n Role = \"roles/iam.serviceAccountTokenCreator\",\n Members = new[]\n {\n \"serviceAccount:service_A@projectA.iam.gserviceaccount.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := serviceaccount.NewIAMBinding(ctx, \"token-creator-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: pulumi.String(\"projects/-/serviceAccounts/service_B@projectB.iam.gserviceaccount.com\"),\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountTokenCreator\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"serviceAccount:service_A@projectA.iam.gserviceaccount.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var token_creator_iam = new IAMBinding(\"token-creator-iam\", IAMBindingArgs.builder()\n .serviceAccountId(\"projects/-/serviceAccounts/service_B@projectB.iam.gserviceaccount.com\")\n .role(\"roles/iam.serviceAccountTokenCreator\")\n .members(\"serviceAccount:service_A@projectA.iam.gserviceaccount.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n token-creator-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: projects/-/serviceAccounts/service_B@projectB.iam.gserviceaccount.com\n role: roles/iam.serviceAccountTokenCreator\n members:\n - serviceAccount:service_A@projectA.iam.gserviceaccount.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nOnce the IAM permissions are set, you can apply the new token to a provider bootstrapped with it. Any resources that references the aliased provider will run as the new identity.\n\nIn the example below, `gcp.organizations.Project` will run as `service_B`.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nexport = async () =\u003e {\n const default = await gcp.organizations.getClientConfig({});\n const defaultGetAccountAccessToken = await gcp.serviceaccount.getAccountAccessToken({\n targetServiceAccount: \"service_B@projectB.iam.gserviceaccount.com\",\n scopes: [\n \"userinfo-email\",\n \"cloud-platform\",\n ],\n lifetime: \"300s\",\n });\n const me = await gcp.organizations.getClientOpenIdUserInfo({});\n return {\n \"target-email\": me.email,\n };\n}\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.organizations.get_client_config()\ndefault_get_account_access_token = gcp.serviceaccount.get_account_access_token(target_service_account=\"service_B@projectB.iam.gserviceaccount.com\",\n scopes=[\n \"userinfo-email\",\n \"cloud-platform\",\n ],\n lifetime=\"300s\")\nme = gcp.organizations.get_client_open_id_user_info()\npulumi.export(\"target-email\", me.email)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Organizations.GetClientConfig.Invoke();\n\n var defaultGetAccountAccessToken = Gcp.ServiceAccount.GetAccountAccessToken.Invoke(new()\n {\n TargetServiceAccount = \"service_B@projectB.iam.gserviceaccount.com\",\n Scopes = new[]\n {\n \"userinfo-email\",\n \"cloud-platform\",\n },\n Lifetime = \"300s\",\n });\n\n var me = Gcp.Organizations.GetClientOpenIdUserInfo.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"target-email\"] = me.Apply(getClientOpenIdUserInfoResult =\u003e getClientOpenIdUserInfoResult.Email),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.GetAccountAccessToken(ctx, \u0026serviceaccount.GetAccountAccessTokenArgs{\n\t\t\tTargetServiceAccount: \"service_B@projectB.iam.gserviceaccount.com\",\n\t\t\tScopes: []string{\n\t\t\t\t\"userinfo-email\",\n\t\t\t\t\"cloud-platform\",\n\t\t\t},\n\t\t\tLifetime: pulumi.StringRef(\"300s\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tme, err := organizations.GetClientOpenIdUserInfo(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"target-email\", me.Email)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;\nimport com.pulumi.gcp.serviceaccount.inputs.GetAccountAccessTokenArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = OrganizationsFunctions.getClientConfig();\n\n final var defaultGetAccountAccessToken = ServiceaccountFunctions.getAccountAccessToken(GetAccountAccessTokenArgs.builder()\n .targetServiceAccount(\"service_B@projectB.iam.gserviceaccount.com\")\n .scopes( \n \"userinfo-email\",\n \"cloud-platform\")\n .lifetime(\"300s\")\n .build());\n\n final var me = OrganizationsFunctions.getClientOpenIdUserInfo();\n\n ctx.export(\"target-email\", me.applyValue(getClientOpenIdUserInfoResult -\u003e getClientOpenIdUserInfoResult.email()));\n }\n}\n```\n```yaml\nvariables:\n default:\n fn::invoke:\n function: gcp:organizations:getClientConfig\n arguments: {}\n defaultGetAccountAccessToken:\n fn::invoke:\n function: gcp:serviceaccount:getAccountAccessToken\n arguments:\n targetServiceAccount: service_B@projectB.iam.gserviceaccount.com\n scopes:\n - userinfo-email\n - cloud-platform\n lifetime: 300s\n me:\n fn::invoke:\n function: gcp:organizations:getClientOpenIdUserInfo\n arguments: {}\noutputs:\n target-email: ${me.email}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003e *Note*: the generated token is non-refreshable and can have a maximum `lifetime` of `3600` seconds.\n", "inputs": { "description": "A collection of arguments for invoking getAccountAccessToken.\n", "properties": { @@ -300645,7 +300645,7 @@ } }, "gcp:serviceaccount/getAccountIdToken:getAccountIdToken": { - "description": "This data source provides a Google OpenID Connect (`oidc`) `id_token`. Tokens issued from this data source are typically used to call external services that accept OIDC tokens for authentication (e.g. [Google Cloud Run](https://cloud.google.com/run/docs/authenticating/service-to-service)).\n\nFor more information see\n[OpenID Connect](https://openid.net/specs/openid-connect-core-1_0.html#IDToken).\n\n## Example Usage\n\n### ServiceAccount JSON Credential File.\n `gcp.serviceaccount.getAccountIdToken` will use the configured provider credentials\n\n \u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst oidc = gcp.serviceaccount.getAccountIdToken({\n targetAudience: \"https://foo.bar/\",\n});\nexport const oidcToken = oidc.then(oidc =\u003e oidc.idToken);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\noidc = gcp.serviceaccount.get_account_id_token(target_audience=\"https://foo.bar/\")\npulumi.export(\"oidcToken\", oidc.id_token)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var oidc = Gcp.ServiceAccount.GetAccountIdToken.Invoke(new()\n {\n TargetAudience = \"https://foo.bar/\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"oidcToken\"] = oidc.Apply(getAccountIdTokenResult =\u003e getAccountIdTokenResult.IdToken),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\toidc, err := serviceaccount.GetAccountIdToken(ctx, \u0026serviceaccount.GetAccountIdTokenArgs{\n\t\t\tTargetAudience: \"https://foo.bar/\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"oidcToken\", oidc.IdToken)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;\nimport com.pulumi.gcp.serviceaccount.inputs.GetAccountIdTokenArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var oidc = ServiceaccountFunctions.getAccountIdToken(GetAccountIdTokenArgs.builder()\n .targetAudience(\"https://foo.bar/\")\n .build());\n\n ctx.export(\"oidcToken\", oidc.applyValue(getAccountIdTokenResult -\u003e getAccountIdTokenResult.idToken()));\n }\n}\n```\n```yaml\nvariables:\n oidc:\n fn::invoke:\n Function: gcp:serviceaccount:getAccountIdToken\n Arguments:\n targetAudience: https://foo.bar/\noutputs:\n oidcToken: ${oidc.idToken}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account Impersonation.\n `gcp.serviceaccount.getAccountAccessToken` will use background impersonated credentials provided by `gcp.serviceaccount.getAccountAccessToken`.\n\n Note: to use the following, you must grant `target_service_account` the\n `roles/iam.serviceAccountTokenCreator` role on itself.\n\n \u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst impersonated = gcp.serviceaccount.getAccountAccessToken({\n targetServiceAccount: \"impersonated-account@project.iam.gserviceaccount.com\",\n delegates: [],\n scopes: [\n \"userinfo-email\",\n \"cloud-platform\",\n ],\n lifetime: \"300s\",\n});\nconst oidc = gcp.serviceaccount.getAccountIdToken({\n targetServiceAccount: \"impersonated-account@project.iam.gserviceaccount.com\",\n delegates: [],\n includeEmail: true,\n targetAudience: \"https://foo.bar/\",\n});\nexport const oidcToken = oidc.then(oidc =\u003e oidc.idToken);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nimpersonated = gcp.serviceaccount.get_account_access_token(target_service_account=\"impersonated-account@project.iam.gserviceaccount.com\",\n delegates=[],\n scopes=[\n \"userinfo-email\",\n \"cloud-platform\",\n ],\n lifetime=\"300s\")\noidc = gcp.serviceaccount.get_account_id_token(target_service_account=\"impersonated-account@project.iam.gserviceaccount.com\",\n delegates=[],\n include_email=True,\n target_audience=\"https://foo.bar/\")\npulumi.export(\"oidcToken\", oidc.id_token)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var impersonated = Gcp.ServiceAccount.GetAccountAccessToken.Invoke(new()\n {\n TargetServiceAccount = \"impersonated-account@project.iam.gserviceaccount.com\",\n Delegates = new() { },\n Scopes = new[]\n {\n \"userinfo-email\",\n \"cloud-platform\",\n },\n Lifetime = \"300s\",\n });\n\n var oidc = Gcp.ServiceAccount.GetAccountIdToken.Invoke(new()\n {\n TargetServiceAccount = \"impersonated-account@project.iam.gserviceaccount.com\",\n Delegates = new() { },\n IncludeEmail = true,\n TargetAudience = \"https://foo.bar/\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"oidcToken\"] = oidc.Apply(getAccountIdTokenResult =\u003e getAccountIdTokenResult.IdToken),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := serviceaccount.GetAccountAccessToken(ctx, \u0026serviceaccount.GetAccountAccessTokenArgs{\n\t\t\tTargetServiceAccount: \"impersonated-account@project.iam.gserviceaccount.com\",\n\t\t\tDelegates: []interface{}{},\n\t\t\tScopes: []string{\n\t\t\t\t\"userinfo-email\",\n\t\t\t\t\"cloud-platform\",\n\t\t\t},\n\t\t\tLifetime: pulumi.StringRef(\"300s\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\toidc, err := serviceaccount.GetAccountIdToken(ctx, \u0026serviceaccount.GetAccountIdTokenArgs{\n\t\t\tTargetServiceAccount: pulumi.StringRef(\"impersonated-account@project.iam.gserviceaccount.com\"),\n\t\t\tDelegates: []interface{}{},\n\t\t\tIncludeEmail: pulumi.BoolRef(true),\n\t\t\tTargetAudience: \"https://foo.bar/\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"oidcToken\", oidc.IdToken)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;\nimport com.pulumi.gcp.serviceaccount.inputs.GetAccountAccessTokenArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.GetAccountIdTokenArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var impersonated = ServiceaccountFunctions.getAccountAccessToken(GetAccountAccessTokenArgs.builder()\n .targetServiceAccount(\"impersonated-account@project.iam.gserviceaccount.com\")\n .delegates()\n .scopes( \n \"userinfo-email\",\n \"cloud-platform\")\n .lifetime(\"300s\")\n .build());\n\n final var oidc = ServiceaccountFunctions.getAccountIdToken(GetAccountIdTokenArgs.builder()\n .targetServiceAccount(\"impersonated-account@project.iam.gserviceaccount.com\")\n .delegates()\n .includeEmail(true)\n .targetAudience(\"https://foo.bar/\")\n .build());\n\n ctx.export(\"oidcToken\", oidc.applyValue(getAccountIdTokenResult -\u003e getAccountIdTokenResult.idToken()));\n }\n}\n```\n```yaml\nvariables:\n impersonated:\n fn::invoke:\n Function: gcp:serviceaccount:getAccountAccessToken\n Arguments:\n targetServiceAccount: impersonated-account@project.iam.gserviceaccount.com\n delegates: []\n scopes:\n - userinfo-email\n - cloud-platform\n lifetime: 300s\n oidc:\n fn::invoke:\n Function: gcp:serviceaccount:getAccountIdToken\n Arguments:\n targetServiceAccount: impersonated-account@project.iam.gserviceaccount.com\n delegates: []\n includeEmail: true\n targetAudience: https://foo.bar/\noutputs:\n oidcToken: ${oidc.idToken}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Invoking Cloud Run Endpoint\n\n The following configuration will invoke [Cloud Run](https://cloud.google.com/run/docs/authenticating/service-to-service) endpoint where the service account for the provider has been granted `roles/run.invoker` role previously.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as http from \"@pulumi/http\";\n\nconst oidc = gcp.serviceaccount.getAccountIdToken({\n targetAudience: \"https://your.cloud.run.app/\",\n});\nconst cloudrun = oidc.then(oidc =\u003e http.getHttp({\n url: \"https://your.cloud.run.app/\",\n requestHeaders: {\n Authorization: `Bearer ${oidc.idToken}`,\n },\n}));\nexport const cloudRunResponse = cloudrun.then(cloudrun =\u003e cloudrun.body);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_http as http\n\noidc = gcp.serviceaccount.get_account_id_token(target_audience=\"https://your.cloud.run.app/\")\ncloudrun = http.get_http(url=\"https://your.cloud.run.app/\",\n request_headers={\n \"Authorization\": f\"Bearer {oidc.id_token}\",\n })\npulumi.export(\"cloudRunResponse\", cloudrun.body)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Http = Pulumi.Http;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var oidc = Gcp.ServiceAccount.GetAccountIdToken.Invoke(new()\n {\n TargetAudience = \"https://your.cloud.run.app/\",\n });\n\n var cloudrun = Http.GetHttp.Invoke(new()\n {\n Url = \"https://your.cloud.run.app/\",\n RequestHeaders = \n {\n { \"Authorization\", $\"Bearer {oidc.Apply(getAccountIdTokenResult =\u003e getAccountIdTokenResult.IdToken)}\" },\n },\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"cloudRunResponse\"] = cloudrun.Apply(getHttpResult =\u003e getHttpResult.Body),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi-http/sdk/go/http\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\toidc, err := serviceaccount.GetAccountIdToken(ctx, \u0026serviceaccount.GetAccountIdTokenArgs{\n\t\t\tTargetAudience: \"https://your.cloud.run.app/\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcloudrun, err := http.GetHttp(ctx, \u0026http.GetHttpArgs{\n\t\t\tUrl: \"https://your.cloud.run.app/\",\n\t\t\tRequestHeaders: map[string]interface{}{\n\t\t\t\t\"Authorization\": fmt.Sprintf(\"Bearer %v\", oidc.IdToken),\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"cloudRunResponse\", cloudrun.Body)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;\nimport com.pulumi.gcp.serviceaccount.inputs.GetAccountIdTokenArgs;\nimport com.pulumi.http.HttpFunctions;\nimport com.pulumi.http.inputs.GetHttpArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var oidc = ServiceaccountFunctions.getAccountIdToken(GetAccountIdTokenArgs.builder()\n .targetAudience(\"https://your.cloud.run.app/\")\n .build());\n\n final var cloudrun = HttpFunctions.getHttp(GetHttpArgs.builder()\n .url(\"https://your.cloud.run.app/\")\n .requestHeaders(Map.of(\"Authorization\", String.format(\"Bearer %s\", oidc.applyValue(getAccountIdTokenResult -\u003e getAccountIdTokenResult.idToken()))))\n .build());\n\n ctx.export(\"cloudRunResponse\", cloudrun.applyValue(getHttpResult -\u003e getHttpResult.body()));\n }\n}\n```\n```yaml\nvariables:\n oidc:\n fn::invoke:\n Function: gcp:serviceaccount:getAccountIdToken\n Arguments:\n targetAudience: https://your.cloud.run.app/\n cloudrun:\n fn::invoke:\n Function: http:getHttp\n Arguments:\n url: https://your.cloud.run.app/\n requestHeaders:\n Authorization: Bearer ${oidc.idToken}\noutputs:\n cloudRunResponse: ${cloudrun.body}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "This data source provides a Google OpenID Connect (`oidc`) `id_token`. Tokens issued from this data source are typically used to call external services that accept OIDC tokens for authentication (e.g. [Google Cloud Run](https://cloud.google.com/run/docs/authenticating/service-to-service)).\n\nFor more information see\n[OpenID Connect](https://openid.net/specs/openid-connect-core-1_0.html#IDToken).\n\n## Example Usage\n\n### ServiceAccount JSON Credential File.\n `gcp.serviceaccount.getAccountIdToken` will use the configured provider credentials\n\n \u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst oidc = gcp.serviceaccount.getAccountIdToken({\n targetAudience: \"https://foo.bar/\",\n});\nexport const oidcToken = oidc.then(oidc =\u003e oidc.idToken);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\noidc = gcp.serviceaccount.get_account_id_token(target_audience=\"https://foo.bar/\")\npulumi.export(\"oidcToken\", oidc.id_token)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var oidc = Gcp.ServiceAccount.GetAccountIdToken.Invoke(new()\n {\n TargetAudience = \"https://foo.bar/\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"oidcToken\"] = oidc.Apply(getAccountIdTokenResult =\u003e getAccountIdTokenResult.IdToken),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\toidc, err := serviceaccount.GetAccountIdToken(ctx, \u0026serviceaccount.GetAccountIdTokenArgs{\n\t\t\tTargetAudience: \"https://foo.bar/\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"oidcToken\", oidc.IdToken)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;\nimport com.pulumi.gcp.serviceaccount.inputs.GetAccountIdTokenArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var oidc = ServiceaccountFunctions.getAccountIdToken(GetAccountIdTokenArgs.builder()\n .targetAudience(\"https://foo.bar/\")\n .build());\n\n ctx.export(\"oidcToken\", oidc.applyValue(getAccountIdTokenResult -\u003e getAccountIdTokenResult.idToken()));\n }\n}\n```\n```yaml\nvariables:\n oidc:\n fn::invoke:\n function: gcp:serviceaccount:getAccountIdToken\n arguments:\n targetAudience: https://foo.bar/\noutputs:\n oidcToken: ${oidc.idToken}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account Impersonation.\n `gcp.serviceaccount.getAccountAccessToken` will use background impersonated credentials provided by `gcp.serviceaccount.getAccountAccessToken`.\n\n Note: to use the following, you must grant `target_service_account` the\n `roles/iam.serviceAccountTokenCreator` role on itself.\n\n \u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst impersonated = gcp.serviceaccount.getAccountAccessToken({\n targetServiceAccount: \"impersonated-account@project.iam.gserviceaccount.com\",\n delegates: [],\n scopes: [\n \"userinfo-email\",\n \"cloud-platform\",\n ],\n lifetime: \"300s\",\n});\nconst oidc = gcp.serviceaccount.getAccountIdToken({\n targetServiceAccount: \"impersonated-account@project.iam.gserviceaccount.com\",\n delegates: [],\n includeEmail: true,\n targetAudience: \"https://foo.bar/\",\n});\nexport const oidcToken = oidc.then(oidc =\u003e oidc.idToken);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nimpersonated = gcp.serviceaccount.get_account_access_token(target_service_account=\"impersonated-account@project.iam.gserviceaccount.com\",\n delegates=[],\n scopes=[\n \"userinfo-email\",\n \"cloud-platform\",\n ],\n lifetime=\"300s\")\noidc = gcp.serviceaccount.get_account_id_token(target_service_account=\"impersonated-account@project.iam.gserviceaccount.com\",\n delegates=[],\n include_email=True,\n target_audience=\"https://foo.bar/\")\npulumi.export(\"oidcToken\", oidc.id_token)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var impersonated = Gcp.ServiceAccount.GetAccountAccessToken.Invoke(new()\n {\n TargetServiceAccount = \"impersonated-account@project.iam.gserviceaccount.com\",\n Delegates = new() { },\n Scopes = new[]\n {\n \"userinfo-email\",\n \"cloud-platform\",\n },\n Lifetime = \"300s\",\n });\n\n var oidc = Gcp.ServiceAccount.GetAccountIdToken.Invoke(new()\n {\n TargetServiceAccount = \"impersonated-account@project.iam.gserviceaccount.com\",\n Delegates = new() { },\n IncludeEmail = true,\n TargetAudience = \"https://foo.bar/\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"oidcToken\"] = oidc.Apply(getAccountIdTokenResult =\u003e getAccountIdTokenResult.IdToken),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := serviceaccount.GetAccountAccessToken(ctx, \u0026serviceaccount.GetAccountAccessTokenArgs{\n\t\t\tTargetServiceAccount: \"impersonated-account@project.iam.gserviceaccount.com\",\n\t\t\tDelegates: []interface{}{},\n\t\t\tScopes: []string{\n\t\t\t\t\"userinfo-email\",\n\t\t\t\t\"cloud-platform\",\n\t\t\t},\n\t\t\tLifetime: pulumi.StringRef(\"300s\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\toidc, err := serviceaccount.GetAccountIdToken(ctx, \u0026serviceaccount.GetAccountIdTokenArgs{\n\t\t\tTargetServiceAccount: pulumi.StringRef(\"impersonated-account@project.iam.gserviceaccount.com\"),\n\t\t\tDelegates: []interface{}{},\n\t\t\tIncludeEmail: pulumi.BoolRef(true),\n\t\t\tTargetAudience: \"https://foo.bar/\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"oidcToken\", oidc.IdToken)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;\nimport com.pulumi.gcp.serviceaccount.inputs.GetAccountAccessTokenArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.GetAccountIdTokenArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var impersonated = ServiceaccountFunctions.getAccountAccessToken(GetAccountAccessTokenArgs.builder()\n .targetServiceAccount(\"impersonated-account@project.iam.gserviceaccount.com\")\n .delegates()\n .scopes( \n \"userinfo-email\",\n \"cloud-platform\")\n .lifetime(\"300s\")\n .build());\n\n final var oidc = ServiceaccountFunctions.getAccountIdToken(GetAccountIdTokenArgs.builder()\n .targetServiceAccount(\"impersonated-account@project.iam.gserviceaccount.com\")\n .delegates()\n .includeEmail(true)\n .targetAudience(\"https://foo.bar/\")\n .build());\n\n ctx.export(\"oidcToken\", oidc.applyValue(getAccountIdTokenResult -\u003e getAccountIdTokenResult.idToken()));\n }\n}\n```\n```yaml\nvariables:\n impersonated:\n fn::invoke:\n function: gcp:serviceaccount:getAccountAccessToken\n arguments:\n targetServiceAccount: impersonated-account@project.iam.gserviceaccount.com\n delegates: []\n scopes:\n - userinfo-email\n - cloud-platform\n lifetime: 300s\n oidc:\n fn::invoke:\n function: gcp:serviceaccount:getAccountIdToken\n arguments:\n targetServiceAccount: impersonated-account@project.iam.gserviceaccount.com\n delegates: []\n includeEmail: true\n targetAudience: https://foo.bar/\noutputs:\n oidcToken: ${oidc.idToken}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Invoking Cloud Run Endpoint\n\n The following configuration will invoke [Cloud Run](https://cloud.google.com/run/docs/authenticating/service-to-service) endpoint where the service account for the provider has been granted `roles/run.invoker` role previously.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as http from \"@pulumi/http\";\n\nconst oidc = gcp.serviceaccount.getAccountIdToken({\n targetAudience: \"https://your.cloud.run.app/\",\n});\nconst cloudrun = oidc.then(oidc =\u003e http.getHttp({\n url: \"https://your.cloud.run.app/\",\n requestHeaders: {\n Authorization: `Bearer ${oidc.idToken}`,\n },\n}));\nexport const cloudRunResponse = cloudrun.then(cloudrun =\u003e cloudrun.body);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_http as http\n\noidc = gcp.serviceaccount.get_account_id_token(target_audience=\"https://your.cloud.run.app/\")\ncloudrun = http.get_http(url=\"https://your.cloud.run.app/\",\n request_headers={\n \"Authorization\": f\"Bearer {oidc.id_token}\",\n })\npulumi.export(\"cloudRunResponse\", cloudrun.body)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Http = Pulumi.Http;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var oidc = Gcp.ServiceAccount.GetAccountIdToken.Invoke(new()\n {\n TargetAudience = \"https://your.cloud.run.app/\",\n });\n\n var cloudrun = Http.GetHttp.Invoke(new()\n {\n Url = \"https://your.cloud.run.app/\",\n RequestHeaders = \n {\n { \"Authorization\", $\"Bearer {oidc.Apply(getAccountIdTokenResult =\u003e getAccountIdTokenResult.IdToken)}\" },\n },\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"cloudRunResponse\"] = cloudrun.Apply(getHttpResult =\u003e getHttpResult.Body),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi-http/sdk/go/http\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\toidc, err := serviceaccount.GetAccountIdToken(ctx, \u0026serviceaccount.GetAccountIdTokenArgs{\n\t\t\tTargetAudience: \"https://your.cloud.run.app/\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcloudrun, err := http.GetHttp(ctx, \u0026http.GetHttpArgs{\n\t\t\tUrl: \"https://your.cloud.run.app/\",\n\t\t\tRequestHeaders: map[string]interface{}{\n\t\t\t\t\"Authorization\": fmt.Sprintf(\"Bearer %v\", oidc.IdToken),\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"cloudRunResponse\", cloudrun.Body)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;\nimport com.pulumi.gcp.serviceaccount.inputs.GetAccountIdTokenArgs;\nimport com.pulumi.http.HttpFunctions;\nimport com.pulumi.http.inputs.GetHttpArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var oidc = ServiceaccountFunctions.getAccountIdToken(GetAccountIdTokenArgs.builder()\n .targetAudience(\"https://your.cloud.run.app/\")\n .build());\n\n final var cloudrun = HttpFunctions.getHttp(GetHttpArgs.builder()\n .url(\"https://your.cloud.run.app/\")\n .requestHeaders(Map.of(\"Authorization\", String.format(\"Bearer %s\", oidc.applyValue(getAccountIdTokenResult -\u003e getAccountIdTokenResult.idToken()))))\n .build());\n\n ctx.export(\"cloudRunResponse\", cloudrun.applyValue(getHttpResult -\u003e getHttpResult.body()));\n }\n}\n```\n```yaml\nvariables:\n oidc:\n fn::invoke:\n function: gcp:serviceaccount:getAccountIdToken\n arguments:\n targetAudience: https://your.cloud.run.app/\n cloudrun:\n fn::invoke:\n function: http:getHttp\n arguments:\n url: https://your.cloud.run.app/\n requestHeaders:\n Authorization: Bearer ${oidc.idToken}\noutputs:\n cloudRunResponse: ${cloudrun.body}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getAccountIdToken.\n", "properties": { @@ -300711,7 +300711,7 @@ } }, "gcp:serviceaccount/getAccountJwt:getAccountJwt": { - "description": "This data source provides a [self-signed JWT](https://cloud.google.com/iam/docs/create-short-lived-credentials-direct#sa-credentials-jwt). Tokens issued from this data source are typically used to call external services that accept JWTs for authentication.\n\n## Example Usage\n\nNote: in order to use the following, the caller must have _at least_ `roles/iam.serviceAccountTokenCreator` on the `target_service_account`.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foo = gcp.serviceaccount.getAccountJwt({\n targetServiceAccount: \"impersonated-account@project.iam.gserviceaccount.com\",\n payload: JSON.stringify({\n foo: \"bar\",\n sub: \"subject\",\n }),\n expiresIn: 60,\n});\nexport const jwt = foo.then(foo =\u003e foo.jwt);\n```\n```python\nimport pulumi\nimport json\nimport pulumi_gcp as gcp\n\nfoo = gcp.serviceaccount.get_account_jwt(target_service_account=\"impersonated-account@project.iam.gserviceaccount.com\",\n payload=json.dumps({\n \"foo\": \"bar\",\n \"sub\": \"subject\",\n }),\n expires_in=60)\npulumi.export(\"jwt\", foo.jwt)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = Gcp.ServiceAccount.GetAccountJwt.Invoke(new()\n {\n TargetServiceAccount = \"impersonated-account@project.iam.gserviceaccount.com\",\n Payload = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"foo\"] = \"bar\",\n [\"sub\"] = \"subject\",\n }),\n ExpiresIn = 60,\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"jwt\"] = foo.Apply(getAccountJwtResult =\u003e getAccountJwtResult.Jwt),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"foo\": \"bar\",\n\t\t\t\"sub\": \"subject\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\tfoo, err := serviceaccount.GetAccountJwt(ctx, \u0026serviceaccount.GetAccountJwtArgs{\n\t\t\tTargetServiceAccount: \"impersonated-account@project.iam.gserviceaccount.com\",\n\t\t\tPayload: json0,\n\t\t\tExpiresIn: pulumi.IntRef(60),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"jwt\", foo.Jwt)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;\nimport com.pulumi.gcp.serviceaccount.inputs.GetAccountJwtArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var foo = ServiceaccountFunctions.getAccountJwt(GetAccountJwtArgs.builder()\n .targetServiceAccount(\"impersonated-account@project.iam.gserviceaccount.com\")\n .payload(serializeJson(\n jsonObject(\n jsonProperty(\"foo\", \"bar\"),\n jsonProperty(\"sub\", \"subject\")\n )))\n .expiresIn(60)\n .build());\n\n ctx.export(\"jwt\", foo.applyValue(getAccountJwtResult -\u003e getAccountJwtResult.jwt()));\n }\n}\n```\n```yaml\nvariables:\n foo:\n fn::invoke:\n Function: gcp:serviceaccount:getAccountJwt\n Arguments:\n targetServiceAccount: impersonated-account@project.iam.gserviceaccount.com\n payload:\n fn::toJSON:\n foo: bar\n sub: subject\n expiresIn: 60\noutputs:\n jwt: ${foo.jwt}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "This data source provides a [self-signed JWT](https://cloud.google.com/iam/docs/create-short-lived-credentials-direct#sa-credentials-jwt). Tokens issued from this data source are typically used to call external services that accept JWTs for authentication.\n\n## Example Usage\n\nNote: in order to use the following, the caller must have _at least_ `roles/iam.serviceAccountTokenCreator` on the `target_service_account`.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foo = gcp.serviceaccount.getAccountJwt({\n targetServiceAccount: \"impersonated-account@project.iam.gserviceaccount.com\",\n payload: JSON.stringify({\n foo: \"bar\",\n sub: \"subject\",\n }),\n expiresIn: 60,\n});\nexport const jwt = foo.then(foo =\u003e foo.jwt);\n```\n```python\nimport pulumi\nimport json\nimport pulumi_gcp as gcp\n\nfoo = gcp.serviceaccount.get_account_jwt(target_service_account=\"impersonated-account@project.iam.gserviceaccount.com\",\n payload=json.dumps({\n \"foo\": \"bar\",\n \"sub\": \"subject\",\n }),\n expires_in=60)\npulumi.export(\"jwt\", foo.jwt)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = Gcp.ServiceAccount.GetAccountJwt.Invoke(new()\n {\n TargetServiceAccount = \"impersonated-account@project.iam.gserviceaccount.com\",\n Payload = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"foo\"] = \"bar\",\n [\"sub\"] = \"subject\",\n }),\n ExpiresIn = 60,\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"jwt\"] = foo.Apply(getAccountJwtResult =\u003e getAccountJwtResult.Jwt),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"foo\": \"bar\",\n\t\t\t\"sub\": \"subject\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\tfoo, err := serviceaccount.GetAccountJwt(ctx, \u0026serviceaccount.GetAccountJwtArgs{\n\t\t\tTargetServiceAccount: \"impersonated-account@project.iam.gserviceaccount.com\",\n\t\t\tPayload: json0,\n\t\t\tExpiresIn: pulumi.IntRef(60),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"jwt\", foo.Jwt)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;\nimport com.pulumi.gcp.serviceaccount.inputs.GetAccountJwtArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var foo = ServiceaccountFunctions.getAccountJwt(GetAccountJwtArgs.builder()\n .targetServiceAccount(\"impersonated-account@project.iam.gserviceaccount.com\")\n .payload(serializeJson(\n jsonObject(\n jsonProperty(\"foo\", \"bar\"),\n jsonProperty(\"sub\", \"subject\")\n )))\n .expiresIn(60)\n .build());\n\n ctx.export(\"jwt\", foo.applyValue(getAccountJwtResult -\u003e getAccountJwtResult.jwt()));\n }\n}\n```\n```yaml\nvariables:\n foo:\n fn::invoke:\n function: gcp:serviceaccount:getAccountJwt\n arguments:\n targetServiceAccount: impersonated-account@project.iam.gserviceaccount.com\n payload:\n fn::toJSON:\n foo: bar\n sub: subject\n expiresIn: 60\noutputs:\n jwt: ${foo.jwt}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getAccountJwt.\n", "properties": { @@ -300779,7 +300779,7 @@ } }, "gcp:serviceaccount/getAccountKey:getAccountKey": { - "description": "Get service account public key. For more information, see [the official documentation](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) and [API](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys/get).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myaccount = new gcp.serviceaccount.Account(\"myaccount\", {accountId: \"dev-foo-account\"});\nconst mykeyKey = new gcp.serviceaccount.Key(\"mykey\", {serviceAccountId: myaccount.name});\nconst mykey = gcp.serviceaccount.getAccountKeyOutput({\n name: mykeyKey.name,\n publicKeyType: \"TYPE_X509_PEM_FILE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmyaccount = gcp.serviceaccount.Account(\"myaccount\", account_id=\"dev-foo-account\")\nmykey_key = gcp.serviceaccount.Key(\"mykey\", service_account_id=myaccount.name)\nmykey = gcp.serviceaccount.get_account_key_output(name=mykey_key.name,\n public_key_type=\"TYPE_X509_PEM_FILE\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myaccount = new Gcp.ServiceAccount.Account(\"myaccount\", new()\n {\n AccountId = \"dev-foo-account\",\n });\n\n var mykeyKey = new Gcp.ServiceAccount.Key(\"mykey\", new()\n {\n ServiceAccountId = myaccount.Name,\n });\n\n var mykey = Gcp.ServiceAccount.GetAccountKey.Invoke(new()\n {\n Name = mykeyKey.Name,\n PublicKeyType = \"TYPE_X509_PEM_FILE\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyaccount, err := serviceaccount.NewAccount(ctx, \"myaccount\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"dev-foo-account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmykeyKey, err := serviceaccount.NewKey(ctx, \"mykey\", \u0026serviceaccount.KeyArgs{\n\t\t\tServiceAccountId: myaccount.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_ = serviceaccount.GetAccountKeyOutput(ctx, serviceaccount.GetAccountKeyOutputArgs{\n\t\t\tName: mykeyKey.Name,\n\t\t\tPublicKeyType: pulumi.String(\"TYPE_X509_PEM_FILE\"),\n\t\t}, nil)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.Key;\nimport com.pulumi.gcp.serviceaccount.KeyArgs;\nimport com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;\nimport com.pulumi.gcp.serviceaccount.inputs.GetAccountKeyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myaccount = new Account(\"myaccount\", AccountArgs.builder()\n .accountId(\"dev-foo-account\")\n .build());\n\n var mykeyKey = new Key(\"mykeyKey\", KeyArgs.builder()\n .serviceAccountId(myaccount.name())\n .build());\n\n final var mykey = ServiceaccountFunctions.getAccountKey(GetAccountKeyArgs.builder()\n .name(mykeyKey.name())\n .publicKeyType(\"TYPE_X509_PEM_FILE\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myaccount:\n type: gcp:serviceaccount:Account\n properties:\n accountId: dev-foo-account\n mykeyKey:\n type: gcp:serviceaccount:Key\n name: mykey\n properties:\n serviceAccountId: ${myaccount.name}\nvariables:\n mykey:\n fn::invoke:\n Function: gcp:serviceaccount:getAccountKey\n Arguments:\n name: ${mykeyKey.name}\n publicKeyType: TYPE_X509_PEM_FILE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get service account public key. For more information, see [the official documentation](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) and [API](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys/get).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myaccount = new gcp.serviceaccount.Account(\"myaccount\", {accountId: \"dev-foo-account\"});\nconst mykeyKey = new gcp.serviceaccount.Key(\"mykey\", {serviceAccountId: myaccount.name});\nconst mykey = gcp.serviceaccount.getAccountKeyOutput({\n name: mykeyKey.name,\n publicKeyType: \"TYPE_X509_PEM_FILE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmyaccount = gcp.serviceaccount.Account(\"myaccount\", account_id=\"dev-foo-account\")\nmykey_key = gcp.serviceaccount.Key(\"mykey\", service_account_id=myaccount.name)\nmykey = gcp.serviceaccount.get_account_key_output(name=mykey_key.name,\n public_key_type=\"TYPE_X509_PEM_FILE\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myaccount = new Gcp.ServiceAccount.Account(\"myaccount\", new()\n {\n AccountId = \"dev-foo-account\",\n });\n\n var mykeyKey = new Gcp.ServiceAccount.Key(\"mykey\", new()\n {\n ServiceAccountId = myaccount.Name,\n });\n\n var mykey = Gcp.ServiceAccount.GetAccountKey.Invoke(new()\n {\n Name = mykeyKey.Name,\n PublicKeyType = \"TYPE_X509_PEM_FILE\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyaccount, err := serviceaccount.NewAccount(ctx, \"myaccount\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"dev-foo-account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmykeyKey, err := serviceaccount.NewKey(ctx, \"mykey\", \u0026serviceaccount.KeyArgs{\n\t\t\tServiceAccountId: myaccount.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_ = serviceaccount.GetAccountKeyOutput(ctx, serviceaccount.GetAccountKeyOutputArgs{\n\t\t\tName: mykeyKey.Name,\n\t\t\tPublicKeyType: pulumi.String(\"TYPE_X509_PEM_FILE\"),\n\t\t}, nil)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.Key;\nimport com.pulumi.gcp.serviceaccount.KeyArgs;\nimport com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;\nimport com.pulumi.gcp.serviceaccount.inputs.GetAccountKeyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myaccount = new Account(\"myaccount\", AccountArgs.builder()\n .accountId(\"dev-foo-account\")\n .build());\n\n var mykeyKey = new Key(\"mykeyKey\", KeyArgs.builder()\n .serviceAccountId(myaccount.name())\n .build());\n\n final var mykey = ServiceaccountFunctions.getAccountKey(GetAccountKeyArgs.builder()\n .name(mykeyKey.name())\n .publicKeyType(\"TYPE_X509_PEM_FILE\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myaccount:\n type: gcp:serviceaccount:Account\n properties:\n accountId: dev-foo-account\n mykeyKey:\n type: gcp:serviceaccount:Key\n name: mykey\n properties:\n serviceAccountId: ${myaccount.name}\nvariables:\n mykey:\n fn::invoke:\n function: gcp:serviceaccount:getAccountKey\n arguments:\n name: ${mykeyKey.name}\n publicKeyType: TYPE_X509_PEM_FILE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getAccountKey.\n", "properties": { @@ -300835,7 +300835,7 @@ } }, "gcp:serviceaccount/getIamPolicy:getIamPolicy": { - "description": "Retrieves the current IAM policy data for a service account.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foo = gcp.serviceaccount.getIamPolicy({\n serviceAccountId: testAccount.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoo = gcp.serviceaccount.get_iam_policy(service_account_id=test_account[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = Gcp.ServiceAccount.GetIamPolicy.Invoke(new()\n {\n ServiceAccountId = testAccount.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := serviceaccount.GetIamPolicy(ctx, \u0026serviceaccount.GetIamPolicyArgs{\n\t\t\tServiceAccountId: testAccount.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;\nimport com.pulumi.gcp.serviceaccount.inputs.GetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var foo = ServiceaccountFunctions.getIamPolicy(GetIamPolicyArgs.builder()\n .serviceAccountId(testAccount.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n foo:\n fn::invoke:\n Function: gcp:serviceaccount:getIamPolicy\n Arguments:\n serviceAccountId: ${testAccount.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for a service account.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foo = gcp.serviceaccount.getIamPolicy({\n serviceAccountId: testAccount.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoo = gcp.serviceaccount.get_iam_policy(service_account_id=test_account[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = Gcp.ServiceAccount.GetIamPolicy.Invoke(new()\n {\n ServiceAccountId = testAccount.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := serviceaccount.GetIamPolicy(ctx, \u0026serviceaccount.GetIamPolicyArgs{\n\t\t\tServiceAccountId: testAccount.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;\nimport com.pulumi.gcp.serviceaccount.inputs.GetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var foo = ServiceaccountFunctions.getIamPolicy(GetIamPolicyArgs.builder()\n .serviceAccountId(testAccount.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n foo:\n fn::invoke:\n function: gcp:serviceaccount:getIamPolicy\n arguments:\n serviceAccountId: ${testAccount.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getIamPolicy.\n", "properties": { @@ -300879,7 +300879,7 @@ } }, "gcp:serviceaccount/getS:getS": { - "description": "Gets a list of all service accounts from a project.\nSee [the official documentation](https://cloud.google.com/iam/docs/service-account-overview)\nand [API](https://cloud.google.com/iam/docs/reference/rest/v1/projects.serviceAccounts).\n\n## Example Usage\n\nExample service accounts.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = gcp.serviceaccount.getS({\n project: \"example-project\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.serviceaccount.get_s(project=\"example-project\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Gcp.ServiceAccount.GetS.Invoke(new()\n {\n Project = \"example-project\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := serviceaccount.GetS(ctx, \u0026serviceaccount.GetSArgs{\n\t\t\tProject: pulumi.StringRef(\"example-project\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;\nimport com.pulumi.gcp.serviceaccount.inputs.GetSArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = ServiceaccountFunctions.getS(GetSArgs.builder()\n .project(\"example-project\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n Function: gcp:serviceaccount:getS\n Arguments:\n project: example-project\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Gets a list of all service accounts from a project.\nSee [the official documentation](https://cloud.google.com/iam/docs/service-account-overview)\nand [API](https://cloud.google.com/iam/docs/reference/rest/v1/projects.serviceAccounts).\n\n## Example Usage\n\nExample service accounts.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = gcp.serviceaccount.getS({\n project: \"example-project\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.serviceaccount.get_s(project=\"example-project\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Gcp.ServiceAccount.GetS.Invoke(new()\n {\n Project = \"example-project\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := serviceaccount.GetS(ctx, \u0026serviceaccount.GetSArgs{\n\t\t\tProject: pulumi.StringRef(\"example-project\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;\nimport com.pulumi.gcp.serviceaccount.inputs.GetSArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = ServiceaccountFunctions.getS(GetSArgs.builder()\n .project(\"example-project\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n function: gcp:serviceaccount:getS\n arguments:\n project: example-project\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getS.\n", "properties": { @@ -301065,7 +301065,7 @@ } }, "gcp:siteverification/getToken:getToken": { - "description": "A verification token is used to demonstrate ownership of a website or domain.\n\n\nTo get more information about Token, see:\n\n* [API documentation](https://developers.google.com/site-verification/v1)\n* How-to Guides\n * [Getting Started](https://developers.google.com/site-verification/v1/getting_started)\n\n\n## Example Usage\n\n### Site Verification Via Site META Tag\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = gcp.siteverification.getToken({\n type: \"SITE\",\n identifier: \"https://www.example.com\",\n verificationMethod: \"META\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.siteverification.get_token(type=\"SITE\",\n identifier=\"https://www.example.com\",\n verification_method=\"META\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Gcp.SiteVerification.GetToken.Invoke(new()\n {\n Type = \"SITE\",\n Identifier = \"https://www.example.com\",\n VerificationMethod = \"META\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/siteverification\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := siteverification.GetToken(ctx, \u0026siteverification.GetTokenArgs{\n\t\t\tType: \"SITE\",\n\t\t\tIdentifier: \"https://www.example.com\",\n\t\t\tVerificationMethod: \"META\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.siteverification.SiteverificationFunctions;\nimport com.pulumi.gcp.siteverification.inputs.GetTokenArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = SiteverificationFunctions.getToken(GetTokenArgs.builder()\n .type(\"SITE\")\n .identifier(\"https://www.example.com\")\n .verificationMethod(\"META\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n Function: gcp:siteverification:getToken\n Arguments:\n type: SITE\n identifier: https://www.example.com\n verificationMethod: META\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Site Verification Via DNS TXT Record\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = gcp.siteverification.getToken({\n type: \"INET_DOMAIN\",\n identifier: \"www.example.com\",\n verificationMethod: \"DNS_TXT\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.siteverification.get_token(type=\"INET_DOMAIN\",\n identifier=\"www.example.com\",\n verification_method=\"DNS_TXT\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Gcp.SiteVerification.GetToken.Invoke(new()\n {\n Type = \"INET_DOMAIN\",\n Identifier = \"www.example.com\",\n VerificationMethod = \"DNS_TXT\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/siteverification\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := siteverification.GetToken(ctx, \u0026siteverification.GetTokenArgs{\n\t\t\tType: \"INET_DOMAIN\",\n\t\t\tIdentifier: \"www.example.com\",\n\t\t\tVerificationMethod: \"DNS_TXT\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.siteverification.SiteverificationFunctions;\nimport com.pulumi.gcp.siteverification.inputs.GetTokenArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = SiteverificationFunctions.getToken(GetTokenArgs.builder()\n .type(\"INET_DOMAIN\")\n .identifier(\"www.example.com\")\n .verificationMethod(\"DNS_TXT\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n Function: gcp:siteverification:getToken\n Arguments:\n type: INET_DOMAIN\n identifier: www.example.com\n verificationMethod: DNS_TXT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "A verification token is used to demonstrate ownership of a website or domain.\n\n\nTo get more information about Token, see:\n\n* [API documentation](https://developers.google.com/site-verification/v1)\n* How-to Guides\n * [Getting Started](https://developers.google.com/site-verification/v1/getting_started)\n\n\n## Example Usage\n\n### Site Verification Via Site META Tag\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = gcp.siteverification.getToken({\n type: \"SITE\",\n identifier: \"https://www.example.com\",\n verificationMethod: \"META\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.siteverification.get_token(type=\"SITE\",\n identifier=\"https://www.example.com\",\n verification_method=\"META\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Gcp.SiteVerification.GetToken.Invoke(new()\n {\n Type = \"SITE\",\n Identifier = \"https://www.example.com\",\n VerificationMethod = \"META\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/siteverification\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := siteverification.GetToken(ctx, \u0026siteverification.GetTokenArgs{\n\t\t\tType: \"SITE\",\n\t\t\tIdentifier: \"https://www.example.com\",\n\t\t\tVerificationMethod: \"META\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.siteverification.SiteverificationFunctions;\nimport com.pulumi.gcp.siteverification.inputs.GetTokenArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = SiteverificationFunctions.getToken(GetTokenArgs.builder()\n .type(\"SITE\")\n .identifier(\"https://www.example.com\")\n .verificationMethod(\"META\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n function: gcp:siteverification:getToken\n arguments:\n type: SITE\n identifier: https://www.example.com\n verificationMethod: META\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Site Verification Via DNS TXT Record\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = gcp.siteverification.getToken({\n type: \"INET_DOMAIN\",\n identifier: \"www.example.com\",\n verificationMethod: \"DNS_TXT\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.siteverification.get_token(type=\"INET_DOMAIN\",\n identifier=\"www.example.com\",\n verification_method=\"DNS_TXT\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Gcp.SiteVerification.GetToken.Invoke(new()\n {\n Type = \"INET_DOMAIN\",\n Identifier = \"www.example.com\",\n VerificationMethod = \"DNS_TXT\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/siteverification\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := siteverification.GetToken(ctx, \u0026siteverification.GetTokenArgs{\n\t\t\tType: \"INET_DOMAIN\",\n\t\t\tIdentifier: \"www.example.com\",\n\t\t\tVerificationMethod: \"DNS_TXT\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.siteverification.SiteverificationFunctions;\nimport com.pulumi.gcp.siteverification.inputs.GetTokenArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = SiteverificationFunctions.getToken(GetTokenArgs.builder()\n .type(\"INET_DOMAIN\")\n .identifier(\"www.example.com\")\n .verificationMethod(\"DNS_TXT\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n function: gcp:siteverification:getToken\n arguments:\n type: INET_DOMAIN\n identifier: www.example.com\n verificationMethod: DNS_TXT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getToken.\n", "properties": { @@ -301124,7 +301124,7 @@ } }, "gcp:sourcerepo/getRepository:getRepository": { - "description": "Get infomation about an existing Google Cloud Source Repository.\nFor more information see [the official documentation](https://cloud.google.com/source-repositories)\nand\n[API](https://cloud.google.com/source-repositories/docs/reference/rest/v1/projects.repos).\n\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-repo = gcp.sourcerepo.getRepository({\n name: \"my-repository\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo = gcp.sourcerepo.get_repository(name=\"my-repository\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_repo = Gcp.SourceRepo.GetRepository.Invoke(new()\n {\n Name = \"my-repository\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sourcerepo.LookupRepository(ctx, \u0026sourcerepo.LookupRepositoryArgs{\n\t\t\tName: \"my-repository\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sourcerepo.SourcerepoFunctions;\nimport com.pulumi.gcp.sourcerepo.inputs.GetRepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-repo = SourcerepoFunctions.getRepository(GetRepositoryArgs.builder()\n .name(\"my-repository\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-repo:\n fn::invoke:\n Function: gcp:sourcerepo:getRepository\n Arguments:\n name: my-repository\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get infomation about an existing Google Cloud Source Repository.\nFor more information see [the official documentation](https://cloud.google.com/source-repositories)\nand\n[API](https://cloud.google.com/source-repositories/docs/reference/rest/v1/projects.repos).\n\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-repo = gcp.sourcerepo.getRepository({\n name: \"my-repository\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo = gcp.sourcerepo.get_repository(name=\"my-repository\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_repo = Gcp.SourceRepo.GetRepository.Invoke(new()\n {\n Name = \"my-repository\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sourcerepo.LookupRepository(ctx, \u0026sourcerepo.LookupRepositoryArgs{\n\t\t\tName: \"my-repository\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sourcerepo.SourcerepoFunctions;\nimport com.pulumi.gcp.sourcerepo.inputs.GetRepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-repo = SourcerepoFunctions.getRepository(GetRepositoryArgs.builder()\n .name(\"my-repository\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-repo:\n fn::invoke:\n function: gcp:sourcerepo:getRepository\n arguments:\n name: my-repository\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getRepository.\n", "properties": { @@ -301183,7 +301183,7 @@ } }, "gcp:sourcerepo/getRepositoryIamPolicy:getRepositoryIamPolicy": { - "description": "Retrieves the current IAM policy data for repository\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.sourcerepo.getRepositoryIamPolicy({\n project: my_repo.project,\n repository: my_repo.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.sourcerepo.get_repository_iam_policy(project=my_repo[\"project\"],\n repository=my_repo[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.SourceRepo.GetRepositoryIamPolicy.Invoke(new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sourcerepo.LookupRepositoryIamPolicy(ctx, \u0026sourcerepo.LookupRepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(my_repo.Project),\n\t\t\tRepository: my_repo.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sourcerepo.SourcerepoFunctions;\nimport com.pulumi.gcp.sourcerepo.inputs.GetRepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = SourcerepoFunctions.getRepositoryIamPolicy(GetRepositoryIamPolicyArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:sourcerepo:getRepositoryIamPolicy\n Arguments:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for repository\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.sourcerepo.getRepositoryIamPolicy({\n project: my_repo.project,\n repository: my_repo.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.sourcerepo.get_repository_iam_policy(project=my_repo[\"project\"],\n repository=my_repo[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.SourceRepo.GetRepositoryIamPolicy.Invoke(new()\n {\n Project = my_repo.Project,\n Repository = my_repo.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sourcerepo\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sourcerepo.LookupRepositoryIamPolicy(ctx, \u0026sourcerepo.LookupRepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(my_repo.Project),\n\t\t\tRepository: my_repo.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sourcerepo.SourcerepoFunctions;\nimport com.pulumi.gcp.sourcerepo.inputs.GetRepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = SourcerepoFunctions.getRepositoryIamPolicy(GetRepositoryIamPolicyArgs.builder()\n .project(my_repo.project())\n .repository(my_repo.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:sourcerepo:getRepositoryIamPolicy\n arguments:\n project: ${[\"my-repo\"].project}\n repository: ${[\"my-repo\"].name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getRepositoryIamPolicy.\n", "properties": { @@ -301236,7 +301236,7 @@ } }, "gcp:spanner/getDatabase:getDatabase": { - "description": "Get a spanner database from Google Cloud by its name and instance name.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foo = gcp.spanner.getDatabase({\n name: \"foo\",\n instance: instance.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoo = gcp.spanner.get_database(name=\"foo\",\n instance=instance[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = Gcp.Spanner.GetDatabase.Invoke(new()\n {\n Name = \"foo\",\n Instance = instance.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.LookupDatabase(ctx, \u0026spanner.LookupDatabaseArgs{\n\t\t\tName: \"foo\",\n\t\t\tInstance: instance.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.SpannerFunctions;\nimport com.pulumi.gcp.spanner.inputs.GetDatabaseArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var foo = SpannerFunctions.getDatabase(GetDatabaseArgs.builder()\n .name(\"foo\")\n .instance(instance.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n foo:\n fn::invoke:\n Function: gcp:spanner:getDatabase\n Arguments:\n name: foo\n instance: ${instance.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get a spanner database from Google Cloud by its name and instance name.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foo = gcp.spanner.getDatabase({\n name: \"foo\",\n instance: instance.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoo = gcp.spanner.get_database(name=\"foo\",\n instance=instance[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = Gcp.Spanner.GetDatabase.Invoke(new()\n {\n Name = \"foo\",\n Instance = instance.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.LookupDatabase(ctx, \u0026spanner.LookupDatabaseArgs{\n\t\t\tName: \"foo\",\n\t\t\tInstance: instance.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.SpannerFunctions;\nimport com.pulumi.gcp.spanner.inputs.GetDatabaseArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var foo = SpannerFunctions.getDatabase(GetDatabaseArgs.builder()\n .name(\"foo\")\n .instance(instance.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n foo:\n fn::invoke:\n function: gcp:spanner:getDatabase\n arguments:\n name: foo\n instance: ${instance.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getDatabase.\n", "properties": { @@ -301319,7 +301319,7 @@ } }, "gcp:spanner/getDatabaseIamPolicy:getDatabaseIamPolicy": { - "description": "Retrieves the current IAM policy data for a Spanner database.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foo = gcp.spanner.getDatabaseIamPolicy({\n project: database.project,\n database: database.name,\n instance: database.instance,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoo = gcp.spanner.get_database_iam_policy(project=database[\"project\"],\n database=database[\"name\"],\n instance=database[\"instance\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = Gcp.Spanner.GetDatabaseIamPolicy.Invoke(new()\n {\n Project = database.Project,\n Database = database.Name,\n Instance = database.Instance,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.GetDatabaseIamPolicy(ctx, \u0026spanner.GetDatabaseIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(database.Project),\n\t\t\tDatabase: database.Name,\n\t\t\tInstance: database.Instance,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.SpannerFunctions;\nimport com.pulumi.gcp.spanner.inputs.GetDatabaseIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var foo = SpannerFunctions.getDatabaseIamPolicy(GetDatabaseIamPolicyArgs.builder()\n .project(database.project())\n .database(database.name())\n .instance(database.instance())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n foo:\n fn::invoke:\n Function: gcp:spanner:getDatabaseIamPolicy\n Arguments:\n project: ${database.project}\n database: ${database.name}\n instance: ${database.instance}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for a Spanner database.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foo = gcp.spanner.getDatabaseIamPolicy({\n project: database.project,\n database: database.name,\n instance: database.instance,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoo = gcp.spanner.get_database_iam_policy(project=database[\"project\"],\n database=database[\"name\"],\n instance=database[\"instance\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = Gcp.Spanner.GetDatabaseIamPolicy.Invoke(new()\n {\n Project = database.Project,\n Database = database.Name,\n Instance = database.Instance,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.GetDatabaseIamPolicy(ctx, \u0026spanner.GetDatabaseIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(database.Project),\n\t\t\tDatabase: database.Name,\n\t\t\tInstance: database.Instance,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.SpannerFunctions;\nimport com.pulumi.gcp.spanner.inputs.GetDatabaseIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var foo = SpannerFunctions.getDatabaseIamPolicy(GetDatabaseIamPolicyArgs.builder()\n .project(database.project())\n .database(database.name())\n .instance(database.instance())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n foo:\n fn::invoke:\n function: gcp:spanner:getDatabaseIamPolicy\n arguments:\n project: ${database.project}\n database: ${database.name}\n instance: ${database.instance}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getDatabaseIamPolicy.\n", "properties": { @@ -301382,7 +301382,7 @@ } }, "gcp:spanner/getInstance:getInstance": { - "description": "Get a spanner instance from Google Cloud by its name.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foo = gcp.spanner.getInstance({\n name: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoo = gcp.spanner.get_instance(name=\"bar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = Gcp.Spanner.GetInstance.Invoke(new()\n {\n Name = \"bar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.LookupInstance(ctx, \u0026spanner.LookupInstanceArgs{\n\t\t\tName: \"bar\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.SpannerFunctions;\nimport com.pulumi.gcp.spanner.inputs.GetInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var foo = SpannerFunctions.getInstance(GetInstanceArgs.builder()\n .name(\"bar\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n foo:\n fn::invoke:\n Function: gcp:spanner:getInstance\n Arguments:\n name: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get a spanner instance from Google Cloud by its name.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foo = gcp.spanner.getInstance({\n name: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoo = gcp.spanner.get_instance(name=\"bar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = Gcp.Spanner.GetInstance.Invoke(new()\n {\n Name = \"bar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.LookupInstance(ctx, \u0026spanner.LookupInstanceArgs{\n\t\t\tName: \"bar\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.SpannerFunctions;\nimport com.pulumi.gcp.spanner.inputs.GetInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var foo = SpannerFunctions.getInstance(GetInstanceArgs.builder()\n .name(\"bar\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n foo:\n fn::invoke:\n function: gcp:spanner:getInstance\n arguments:\n name: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getInstance.\n", "properties": { @@ -301488,7 +301488,7 @@ } }, "gcp:spanner/getInstanceIamPolicy:getInstanceIamPolicy": { - "description": "Retrieves the current IAM policy data for a Spanner instance.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foo = gcp.spanner.getInstanceIamPolicy({\n project: instance.project,\n instance: instance.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoo = gcp.spanner.get_instance_iam_policy(project=instance[\"project\"],\n instance=instance[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = Gcp.Spanner.GetInstanceIamPolicy.Invoke(new()\n {\n Project = instance.Project,\n Instance = instance.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.GetInstanceIamPolicy(ctx, \u0026spanner.GetInstanceIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(instance.Project),\n\t\t\tInstance: instance.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.SpannerFunctions;\nimport com.pulumi.gcp.spanner.inputs.GetInstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var foo = SpannerFunctions.getInstanceIamPolicy(GetInstanceIamPolicyArgs.builder()\n .project(instance.project())\n .instance(instance.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n foo:\n fn::invoke:\n Function: gcp:spanner:getInstanceIamPolicy\n Arguments:\n project: ${instance.project}\n instance: ${instance.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for a Spanner instance.\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst foo = gcp.spanner.getInstanceIamPolicy({\n project: instance.project,\n instance: instance.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfoo = gcp.spanner.get_instance_iam_policy(project=instance[\"project\"],\n instance=instance[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = Gcp.Spanner.GetInstanceIamPolicy.Invoke(new()\n {\n Project = instance.Project,\n Instance = instance.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.GetInstanceIamPolicy(ctx, \u0026spanner.GetInstanceIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(instance.Project),\n\t\t\tInstance: instance.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.SpannerFunctions;\nimport com.pulumi.gcp.spanner.inputs.GetInstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var foo = SpannerFunctions.getInstanceIamPolicy(GetInstanceIamPolicyArgs.builder()\n .project(instance.project())\n .instance(instance.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n foo:\n fn::invoke:\n function: gcp:spanner:getInstanceIamPolicy\n arguments:\n project: ${instance.project}\n instance: ${instance.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getInstanceIamPolicy.\n", "properties": { @@ -301541,7 +301541,7 @@ } }, "gcp:sql/getBackupRun:getBackupRun": { - "description": "Use this data source to get information about a Cloud SQL instance backup run.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst backup = gcp.sql.getBackupRun({\n instance: main.name,\n mostRecent: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbackup = gcp.sql.get_backup_run(instance=main[\"name\"],\n most_recent=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var backup = Gcp.Sql.GetBackupRun.Invoke(new()\n {\n Instance = main.Name,\n MostRecent = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sql.GetBackupRun(ctx, \u0026sql.GetBackupRunArgs{\n\t\t\tInstance: main.Name,\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sql.SqlFunctions;\nimport com.pulumi.gcp.sql.inputs.GetBackupRunArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var backup = SqlFunctions.getBackupRun(GetBackupRunArgs.builder()\n .instance(main.name())\n .mostRecent(true)\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n backup:\n fn::invoke:\n Function: gcp:sql:getBackupRun\n Arguments:\n instance: ${main.name}\n mostRecent: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get information about a Cloud SQL instance backup run.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst backup = gcp.sql.getBackupRun({\n instance: main.name,\n mostRecent: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbackup = gcp.sql.get_backup_run(instance=main[\"name\"],\n most_recent=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var backup = Gcp.Sql.GetBackupRun.Invoke(new()\n {\n Instance = main.Name,\n MostRecent = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sql.GetBackupRun(ctx, \u0026sql.GetBackupRunArgs{\n\t\t\tInstance: main.Name,\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sql.SqlFunctions;\nimport com.pulumi.gcp.sql.inputs.GetBackupRunArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var backup = SqlFunctions.getBackupRun(GetBackupRunArgs.builder()\n .instance(main.name())\n .mostRecent(true)\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n backup:\n fn::invoke:\n function: gcp:sql:getBackupRun\n arguments:\n instance: ${main.name}\n mostRecent: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getBackupRun.\n", "properties": { @@ -301667,7 +301667,7 @@ } }, "gcp:sql/getDatabase:getDatabase": { - "description": "Use this data source to get information about a database in a Cloud SQL instance.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst qa = gcp.sql.getDatabase({\n name: \"test-sql-database\",\n instance: main.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nqa = gcp.sql.get_database(name=\"test-sql-database\",\n instance=main[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var qa = Gcp.Sql.GetDatabase.Invoke(new()\n {\n Name = \"test-sql-database\",\n Instance = main.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sql.LookupDatabase(ctx, \u0026sql.LookupDatabaseArgs{\n\t\t\tName: \"test-sql-database\",\n\t\t\tInstance: main.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sql.SqlFunctions;\nimport com.pulumi.gcp.sql.inputs.GetDatabaseArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var qa = SqlFunctions.getDatabase(GetDatabaseArgs.builder()\n .name(\"test-sql-database\")\n .instance(main.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n qa:\n fn::invoke:\n Function: gcp:sql:getDatabase\n Arguments:\n name: test-sql-database\n instance: ${main.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get information about a database in a Cloud SQL instance.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst qa = gcp.sql.getDatabase({\n name: \"test-sql-database\",\n instance: main.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nqa = gcp.sql.get_database(name=\"test-sql-database\",\n instance=main[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var qa = Gcp.Sql.GetDatabase.Invoke(new()\n {\n Name = \"test-sql-database\",\n Instance = main.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sql.LookupDatabase(ctx, \u0026sql.LookupDatabaseArgs{\n\t\t\tName: \"test-sql-database\",\n\t\t\tInstance: main.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sql.SqlFunctions;\nimport com.pulumi.gcp.sql.inputs.GetDatabaseArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var qa = SqlFunctions.getDatabase(GetDatabaseArgs.builder()\n .name(\"test-sql-database\")\n .instance(main.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n qa:\n fn::invoke:\n function: gcp:sql:getDatabase\n arguments:\n name: test-sql-database\n instance: ${main.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getDatabase.\n", "properties": { @@ -301732,7 +301732,7 @@ } }, "gcp:sql/getDatabaseInstance:getDatabaseInstance": { - "description": "Use this data source to get information about a Cloud SQL instance.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst qa = gcp.sql.getDatabaseInstance({\n name: \"test-sql-instance\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nqa = gcp.sql.get_database_instance(name=\"test-sql-instance\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var qa = Gcp.Sql.GetDatabaseInstance.Invoke(new()\n {\n Name = \"test-sql-instance\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sql.LookupDatabaseInstance(ctx, \u0026sql.LookupDatabaseInstanceArgs{\n\t\t\tName: \"test-sql-instance\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sql.SqlFunctions;\nimport com.pulumi.gcp.sql.inputs.GetDatabaseInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var qa = SqlFunctions.getDatabaseInstance(GetDatabaseInstanceArgs.builder()\n .name(\"test-sql-instance\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n qa:\n fn::invoke:\n Function: gcp:sql:getDatabaseInstance\n Arguments:\n name: test-sql-instance\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get information about a Cloud SQL instance.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst qa = gcp.sql.getDatabaseInstance({\n name: \"test-sql-instance\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nqa = gcp.sql.get_database_instance(name=\"test-sql-instance\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var qa = Gcp.Sql.GetDatabaseInstance.Invoke(new()\n {\n Name = \"test-sql-instance\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sql.LookupDatabaseInstance(ctx, \u0026sql.LookupDatabaseInstanceArgs{\n\t\t\tName: \"test-sql-instance\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sql.SqlFunctions;\nimport com.pulumi.gcp.sql.inputs.GetDatabaseInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var qa = SqlFunctions.getDatabaseInstance(GetDatabaseInstanceArgs.builder()\n .name(\"test-sql-instance\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n qa:\n fn::invoke:\n function: gcp:sql:getDatabaseInstance\n arguments:\n name: test-sql-instance\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getDatabaseInstance.\n", "properties": { @@ -301892,7 +301892,7 @@ } }, "gcp:sql/getDatabaseInstanceLatestRecoveryTime:getDatabaseInstanceLatestRecoveryTime": { - "description": "Get Latest Recovery Time for a given instance. For more information see the\n[official documentation](https://cloud.google.com/sql/)\nand\n[API](https://cloud.google.com/sql/docs/postgres/backup-recovery/pitr#get-the-latest-recovery-time).\n\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.sql.getDatabaseInstanceLatestRecoveryTime({\n instance: \"sample-instance\",\n});\nexport const latestRecoveryTime = _default;\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.sql.get_database_instance_latest_recovery_time(instance=\"sample-instance\")\npulumi.export(\"latestRecoveryTime\", default)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Sql.GetDatabaseInstanceLatestRecoveryTime.Invoke(new()\n {\n Instance = \"sample-instance\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"latestRecoveryTime\"] = @default,\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := sql.GetDatabaseInstanceLatestRecoveryTime(ctx, \u0026sql.GetDatabaseInstanceLatestRecoveryTimeArgs{\n\t\t\tInstance: \"sample-instance\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"latestRecoveryTime\", _default)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sql.SqlFunctions;\nimport com.pulumi.gcp.sql.inputs.GetDatabaseInstanceLatestRecoveryTimeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = SqlFunctions.getDatabaseInstanceLatestRecoveryTime(GetDatabaseInstanceLatestRecoveryTimeArgs.builder()\n .instance(\"sample-instance\")\n .build());\n\n ctx.export(\"latestRecoveryTime\", default_);\n }\n}\n```\n```yaml\nvariables:\n default:\n fn::invoke:\n Function: gcp:sql:getDatabaseInstanceLatestRecoveryTime\n Arguments:\n instance: sample-instance\noutputs:\n latestRecoveryTime: ${default}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get Latest Recovery Time for a given instance. For more information see the\n[official documentation](https://cloud.google.com/sql/)\nand\n[API](https://cloud.google.com/sql/docs/postgres/backup-recovery/pitr#get-the-latest-recovery-time).\n\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.sql.getDatabaseInstanceLatestRecoveryTime({\n instance: \"sample-instance\",\n});\nexport const latestRecoveryTime = _default;\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.sql.get_database_instance_latest_recovery_time(instance=\"sample-instance\")\npulumi.export(\"latestRecoveryTime\", default)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Sql.GetDatabaseInstanceLatestRecoveryTime.Invoke(new()\n {\n Instance = \"sample-instance\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"latestRecoveryTime\"] = @default,\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := sql.GetDatabaseInstanceLatestRecoveryTime(ctx, \u0026sql.GetDatabaseInstanceLatestRecoveryTimeArgs{\n\t\t\tInstance: \"sample-instance\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"latestRecoveryTime\", _default)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sql.SqlFunctions;\nimport com.pulumi.gcp.sql.inputs.GetDatabaseInstanceLatestRecoveryTimeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = SqlFunctions.getDatabaseInstanceLatestRecoveryTime(GetDatabaseInstanceLatestRecoveryTimeArgs.builder()\n .instance(\"sample-instance\")\n .build());\n\n ctx.export(\"latestRecoveryTime\", default_);\n }\n}\n```\n```yaml\nvariables:\n default:\n fn::invoke:\n function: gcp:sql:getDatabaseInstanceLatestRecoveryTime\n arguments:\n instance: sample-instance\noutputs:\n latestRecoveryTime: ${default}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getDatabaseInstanceLatestRecoveryTime.\n", "properties": { @@ -301941,7 +301941,7 @@ } }, "gcp:sql/getDatabaseInstances:getDatabaseInstances": { - "description": "Use this data source to get information about a list of Cloud SQL instances in a project. You can also apply some filters over this list to get a more filtered list of Cloud SQL instances.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst qa = gcp.sql.getDatabaseInstances({\n project: \"test-project\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nqa = gcp.sql.get_database_instances(project=\"test-project\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var qa = Gcp.Sql.GetDatabaseInstances.Invoke(new()\n {\n Project = \"test-project\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sql.GetDatabaseInstances(ctx, \u0026sql.GetDatabaseInstancesArgs{\n\t\t\tProject: pulumi.StringRef(\"test-project\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sql.SqlFunctions;\nimport com.pulumi.gcp.sql.inputs.GetDatabaseInstancesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var qa = SqlFunctions.getDatabaseInstances(GetDatabaseInstancesArgs.builder()\n .project(\"test-project\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n qa:\n fn::invoke:\n Function: gcp:sql:getDatabaseInstances\n Arguments:\n project: test-project\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get information about a list of Cloud SQL instances in a project. You can also apply some filters over this list to get a more filtered list of Cloud SQL instances.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst qa = gcp.sql.getDatabaseInstances({\n project: \"test-project\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nqa = gcp.sql.get_database_instances(project=\"test-project\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var qa = Gcp.Sql.GetDatabaseInstances.Invoke(new()\n {\n Project = \"test-project\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sql.GetDatabaseInstances(ctx, \u0026sql.GetDatabaseInstancesArgs{\n\t\t\tProject: pulumi.StringRef(\"test-project\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sql.SqlFunctions;\nimport com.pulumi.gcp.sql.inputs.GetDatabaseInstancesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var qa = SqlFunctions.getDatabaseInstances(GetDatabaseInstancesArgs.builder()\n .project(\"test-project\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n qa:\n fn::invoke:\n function: gcp:sql:getDatabaseInstances\n arguments:\n project: test-project\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getDatabaseInstances.\n", "properties": { @@ -302012,7 +302012,7 @@ } }, "gcp:sql/getDatabases:getDatabases": { - "description": "Use this data source to get information about a list of databases in a Cloud SQL instance.\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst qa = gcp.sql.getDatabases({\n instance: main.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nqa = gcp.sql.get_databases(instance=main[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var qa = Gcp.Sql.GetDatabases.Invoke(new()\n {\n Instance = main.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sql.GetDatabases(ctx, \u0026sql.GetDatabasesArgs{\n\t\t\tInstance: main.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sql.SqlFunctions;\nimport com.pulumi.gcp.sql.inputs.GetDatabasesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var qa = SqlFunctions.getDatabases(GetDatabasesArgs.builder()\n .instance(main.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n qa:\n fn::invoke:\n Function: gcp:sql:getDatabases\n Arguments:\n instance: ${main.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get information about a list of databases in a Cloud SQL instance.\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst qa = gcp.sql.getDatabases({\n instance: main.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nqa = gcp.sql.get_databases(instance=main[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var qa = Gcp.Sql.GetDatabases.Invoke(new()\n {\n Instance = main.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sql.GetDatabases(ctx, \u0026sql.GetDatabasesArgs{\n\t\t\tInstance: main.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.sql.SqlFunctions;\nimport com.pulumi.gcp.sql.inputs.GetDatabasesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var qa = SqlFunctions.getDatabases(GetDatabasesArgs.builder()\n .instance(main.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n qa:\n fn::invoke:\n function: gcp:sql:getDatabases\n arguments:\n instance: ${main.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getDatabases.\n", "properties": { @@ -302098,7 +302098,7 @@ } }, "gcp:storage/getBucket:getBucket": { - "description": "Gets an existing bucket in Google Cloud Storage service (GCS).\nSee [the official documentation](https://cloud.google.com/storage/docs/key-terms#buckets)\nand\n[API](https://cloud.google.com/storage/docs/json_api/v1/buckets).\n\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-bucket = gcp.storage.getBucket({\n name: \"my-bucket\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_bucket = gcp.storage.get_bucket(name=\"my-bucket\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_bucket = Gcp.Storage.GetBucket.Invoke(new()\n {\n Name = \"my-bucket\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.LookupBucket(ctx, \u0026storage.LookupBucketArgs{\n\t\t\tName: \"my-bucket\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.StorageFunctions;\nimport com.pulumi.gcp.storage.inputs.GetBucketArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-bucket = StorageFunctions.getBucket(GetBucketArgs.builder()\n .name(\"my-bucket\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-bucket:\n fn::invoke:\n Function: gcp:storage:getBucket\n Arguments:\n name: my-bucket\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Gets an existing bucket in Google Cloud Storage service (GCS).\nSee [the official documentation](https://cloud.google.com/storage/docs/key-terms#buckets)\nand\n[API](https://cloud.google.com/storage/docs/json_api/v1/buckets).\n\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my-bucket = gcp.storage.getBucket({\n name: \"my-bucket\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_bucket = gcp.storage.get_bucket(name=\"my-bucket\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_bucket = Gcp.Storage.GetBucket.Invoke(new()\n {\n Name = \"my-bucket\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.LookupBucket(ctx, \u0026storage.LookupBucketArgs{\n\t\t\tName: \"my-bucket\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.StorageFunctions;\nimport com.pulumi.gcp.storage.inputs.GetBucketArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-bucket = StorageFunctions.getBucket(GetBucketArgs.builder()\n .name(\"my-bucket\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n my-bucket:\n fn::invoke:\n function: gcp:storage:getBucket\n arguments:\n name: my-bucket\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getBucket.\n", "properties": { @@ -302286,7 +302286,7 @@ } }, "gcp:storage/getBucketIamPolicy:getBucketIamPolicy": { - "description": "Retrieves the current IAM policy data for bucket\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.storage.getBucketIamPolicy({\n bucket: _default.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.storage.get_bucket_iam_policy(bucket=default[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Storage.GetBucketIamPolicy.Invoke(new()\n {\n Bucket = @default.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.GetBucketIamPolicy(ctx, \u0026storage.GetBucketIamPolicyArgs{\n\t\t\tBucket: _default.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.StorageFunctions;\nimport com.pulumi.gcp.storage.inputs.GetBucketIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = StorageFunctions.getBucketIamPolicy(GetBucketIamPolicyArgs.builder()\n .bucket(default_.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:storage:getBucketIamPolicy\n Arguments:\n bucket: ${default.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for bucket\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.storage.getBucketIamPolicy({\n bucket: _default.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.storage.get_bucket_iam_policy(bucket=default[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Storage.GetBucketIamPolicy.Invoke(new()\n {\n Bucket = @default.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.GetBucketIamPolicy(ctx, \u0026storage.GetBucketIamPolicyArgs{\n\t\t\tBucket: _default.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.StorageFunctions;\nimport com.pulumi.gcp.storage.inputs.GetBucketIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = StorageFunctions.getBucketIamPolicy(GetBucketIamPolicyArgs.builder()\n .bucket(default_.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:storage:getBucketIamPolicy\n arguments:\n bucket: ${default.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getBucketIamPolicy.\n", "properties": { @@ -302330,7 +302330,7 @@ } }, "gcp:storage/getBucketObject:getBucketObject": { - "description": "Gets an existing object inside an existing bucket in Google Cloud Storage service (GCS).\nSee [the official documentation](https://cloud.google.com/storage/docs/key-terms#objects)\nand\n[API](https://cloud.google.com/storage/docs/json_api/v1/objects).\n\n\n## Example Usage\n\nExample picture stored within a folder.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst picture = gcp.storage.getBucketObject({\n name: \"folder/butterfly01.jpg\",\n bucket: \"image-store\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npicture = gcp.storage.get_bucket_object(name=\"folder/butterfly01.jpg\",\n bucket=\"image-store\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var picture = Gcp.Storage.GetBucketObject.Invoke(new()\n {\n Name = \"folder/butterfly01.jpg\",\n Bucket = \"image-store\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.LookupBucketObject(ctx, \u0026storage.LookupBucketObjectArgs{\n\t\t\tName: pulumi.StringRef(\"folder/butterfly01.jpg\"),\n\t\t\tBucket: pulumi.StringRef(\"image-store\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.StorageFunctions;\nimport com.pulumi.gcp.storage.inputs.GetBucketObjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var picture = StorageFunctions.getBucketObject(GetBucketObjectArgs.builder()\n .name(\"folder/butterfly01.jpg\")\n .bucket(\"image-store\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n picture:\n fn::invoke:\n Function: gcp:storage:getBucketObject\n Arguments:\n name: folder/butterfly01.jpg\n bucket: image-store\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Gets an existing object inside an existing bucket in Google Cloud Storage service (GCS).\nSee [the official documentation](https://cloud.google.com/storage/docs/key-terms#objects)\nand\n[API](https://cloud.google.com/storage/docs/json_api/v1/objects).\n\n\n## Example Usage\n\nExample picture stored within a folder.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst picture = gcp.storage.getBucketObject({\n name: \"folder/butterfly01.jpg\",\n bucket: \"image-store\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npicture = gcp.storage.get_bucket_object(name=\"folder/butterfly01.jpg\",\n bucket=\"image-store\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var picture = Gcp.Storage.GetBucketObject.Invoke(new()\n {\n Name = \"folder/butterfly01.jpg\",\n Bucket = \"image-store\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.LookupBucketObject(ctx, \u0026storage.LookupBucketObjectArgs{\n\t\t\tName: pulumi.StringRef(\"folder/butterfly01.jpg\"),\n\t\t\tBucket: pulumi.StringRef(\"image-store\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.StorageFunctions;\nimport com.pulumi.gcp.storage.inputs.GetBucketObjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var picture = StorageFunctions.getBucketObject(GetBucketObjectArgs.builder()\n .name(\"folder/butterfly01.jpg\")\n .bucket(\"image-store\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n picture:\n fn::invoke:\n function: gcp:storage:getBucketObject\n arguments:\n name: folder/butterfly01.jpg\n bucket: image-store\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getBucketObject.\n", "properties": { @@ -302472,7 +302472,7 @@ } }, "gcp:storage/getBucketObjectContent:getBucketObjectContent": { - "description": "Gets an existing object content inside an existing bucket in Google Cloud Storage service (GCS).\nSee [the official documentation](https://cloud.google.com/storage/docs/key-terms#objects)\nand\n[API](https://cloud.google.com/storage/docs/json_api/v1/objects).\n\n\u003e **Warning:** The object content will be saved in the state, and visiable to everyone who has access to the state file.\n\n## Example Usage\n\nExample file object stored within a folder.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst key = gcp.storage.getBucketObjectContent({\n name: \"encryptedkey\",\n bucket: \"keystore\",\n});\nexport const encrypted = key.then(key =\u003e key.content);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey = gcp.storage.get_bucket_object_content(name=\"encryptedkey\",\n bucket=\"keystore\")\npulumi.export(\"encrypted\", key.content)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var key = Gcp.Storage.GetBucketObjectContent.Invoke(new()\n {\n Name = \"encryptedkey\",\n Bucket = \"keystore\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"encrypted\"] = key.Apply(getBucketObjectContentResult =\u003e getBucketObjectContentResult.Content),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkey, err := storage.GetBucketObjectContent(ctx, \u0026storage.GetBucketObjectContentArgs{\n\t\t\tName: \"encryptedkey\",\n\t\t\tBucket: \"keystore\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"encrypted\", key.Content)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.StorageFunctions;\nimport com.pulumi.gcp.storage.inputs.GetBucketObjectContentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var key = StorageFunctions.getBucketObjectContent(GetBucketObjectContentArgs.builder()\n .name(\"encryptedkey\")\n .bucket(\"keystore\")\n .build());\n\n ctx.export(\"encrypted\", key.applyValue(getBucketObjectContentResult -\u003e getBucketObjectContentResult.content()));\n }\n}\n```\n```yaml\nvariables:\n key:\n fn::invoke:\n Function: gcp:storage:getBucketObjectContent\n Arguments:\n name: encryptedkey\n bucket: keystore\noutputs:\n encrypted: ${key.content}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Gets an existing object content inside an existing bucket in Google Cloud Storage service (GCS).\nSee [the official documentation](https://cloud.google.com/storage/docs/key-terms#objects)\nand\n[API](https://cloud.google.com/storage/docs/json_api/v1/objects).\n\n\u003e **Warning:** The object content will be saved in the state, and visiable to everyone who has access to the state file.\n\n## Example Usage\n\nExample file object stored within a folder.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst key = gcp.storage.getBucketObjectContent({\n name: \"encryptedkey\",\n bucket: \"keystore\",\n});\nexport const encrypted = key.then(key =\u003e key.content);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey = gcp.storage.get_bucket_object_content(name=\"encryptedkey\",\n bucket=\"keystore\")\npulumi.export(\"encrypted\", key.content)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var key = Gcp.Storage.GetBucketObjectContent.Invoke(new()\n {\n Name = \"encryptedkey\",\n Bucket = \"keystore\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"encrypted\"] = key.Apply(getBucketObjectContentResult =\u003e getBucketObjectContentResult.Content),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkey, err := storage.GetBucketObjectContent(ctx, \u0026storage.GetBucketObjectContentArgs{\n\t\t\tName: \"encryptedkey\",\n\t\t\tBucket: \"keystore\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"encrypted\", key.Content)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.StorageFunctions;\nimport com.pulumi.gcp.storage.inputs.GetBucketObjectContentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var key = StorageFunctions.getBucketObjectContent(GetBucketObjectContentArgs.builder()\n .name(\"encryptedkey\")\n .bucket(\"keystore\")\n .build());\n\n ctx.export(\"encrypted\", key.applyValue(getBucketObjectContentResult -\u003e getBucketObjectContentResult.content()));\n }\n}\n```\n```yaml\nvariables:\n key:\n fn::invoke:\n function: gcp:storage:getBucketObjectContent\n arguments:\n name: encryptedkey\n bucket: keystore\noutputs:\n encrypted: ${key.content}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getBucketObjectContent.\n", "properties": { @@ -302611,7 +302611,7 @@ } }, "gcp:storage/getBucketObjects:getBucketObjects": { - "description": "Gets existing objects inside an existing bucket in Google Cloud Storage service (GCS).\nSee [the official documentation](https://cloud.google.com/storage/docs/key-terms#objects)\nand [API](https://cloud.google.com/storage/docs/json_api/v1/objects/list).\n\n## Example Usage\n\nExample files stored within a bucket.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst files = gcp.storage.getBucketObjects({\n bucket: \"file-store\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfiles = gcp.storage.get_bucket_objects(bucket=\"file-store\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var files = Gcp.Storage.GetBucketObjects.Invoke(new()\n {\n Bucket = \"file-store\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.GetBucketObjects(ctx, \u0026storage.GetBucketObjectsArgs{\n\t\t\tBucket: \"file-store\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.StorageFunctions;\nimport com.pulumi.gcp.storage.inputs.GetBucketObjectsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var files = StorageFunctions.getBucketObjects(GetBucketObjectsArgs.builder()\n .bucket(\"file-store\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n files:\n fn::invoke:\n Function: gcp:storage:getBucketObjects\n Arguments:\n bucket: file-store\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Gets existing objects inside an existing bucket in Google Cloud Storage service (GCS).\nSee [the official documentation](https://cloud.google.com/storage/docs/key-terms#objects)\nand [API](https://cloud.google.com/storage/docs/json_api/v1/objects/list).\n\n## Example Usage\n\nExample files stored within a bucket.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst files = gcp.storage.getBucketObjects({\n bucket: \"file-store\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfiles = gcp.storage.get_bucket_objects(bucket=\"file-store\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var files = Gcp.Storage.GetBucketObjects.Invoke(new()\n {\n Bucket = \"file-store\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.GetBucketObjects(ctx, \u0026storage.GetBucketObjectsArgs{\n\t\t\tBucket: \"file-store\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.StorageFunctions;\nimport com.pulumi.gcp.storage.inputs.GetBucketObjectsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var files = StorageFunctions.getBucketObjects(GetBucketObjectsArgs.builder()\n .bucket(\"file-store\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n files:\n fn::invoke:\n function: gcp:storage:getBucketObjects\n arguments:\n bucket: file-store\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getBucketObjects.\n", "properties": { @@ -302666,7 +302666,7 @@ } }, "gcp:storage/getBuckets:getBuckets": { - "description": "Gets a list of existing GCS buckets.\nSee [the official documentation](https://cloud.google.com/storage/docs/introduction)\nand [API](https://cloud.google.com/storage/docs/json_api/v1/buckets/list).\n\n## Example Usage\n\nExample GCS buckets.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = gcp.storage.getBuckets({\n project: \"example-project\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.storage.get_buckets(project=\"example-project\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Gcp.Storage.GetBuckets.Invoke(new()\n {\n Project = \"example-project\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.GetBuckets(ctx, \u0026storage.GetBucketsArgs{\n\t\t\tProject: pulumi.StringRef(\"example-project\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.StorageFunctions;\nimport com.pulumi.gcp.storage.inputs.GetBucketsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = StorageFunctions.getBuckets(GetBucketsArgs.builder()\n .project(\"example-project\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n Function: gcp:storage:getBuckets\n Arguments:\n project: example-project\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Gets a list of existing GCS buckets.\nSee [the official documentation](https://cloud.google.com/storage/docs/introduction)\nand [API](https://cloud.google.com/storage/docs/json_api/v1/buckets/list).\n\n## Example Usage\n\nExample GCS buckets.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = gcp.storage.getBuckets({\n project: \"example-project\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.storage.get_buckets(project=\"example-project\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Gcp.Storage.GetBuckets.Invoke(new()\n {\n Project = \"example-project\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.GetBuckets(ctx, \u0026storage.GetBucketsArgs{\n\t\t\tProject: pulumi.StringRef(\"example-project\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.StorageFunctions;\nimport com.pulumi.gcp.storage.inputs.GetBucketsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = StorageFunctions.getBuckets(GetBucketsArgs.builder()\n .project(\"example-project\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n function: gcp:storage:getBuckets\n arguments:\n project: example-project\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getBuckets.\n", "properties": { @@ -302759,7 +302759,7 @@ } }, "gcp:storage/getObjectSignedUrl:getObjectSignedUrl": { - "description": "The Google Cloud storage signed URL data source generates a signed URL for a given storage object. Signed URLs provide a way to give time-limited read or write access to anyone in possession of the URL, regardless of whether they have a Google account.\n\nFor more info about signed URL's is available [here](https://cloud.google.com/storage/docs/access-control/signed-urls).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst artifact = gcp.storage.getObjectSignedUrl({\n bucket: \"install_binaries\",\n path: \"path/to/install_file.bin\",\n});\nconst vm = new gcp.compute.Instance(\"vm\", {name: \"vm\"});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nartifact = gcp.storage.get_object_signed_url(bucket=\"install_binaries\",\n path=\"path/to/install_file.bin\")\nvm = gcp.compute.Instance(\"vm\", name=\"vm\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var artifact = Gcp.Storage.GetObjectSignedUrl.Invoke(new()\n {\n Bucket = \"install_binaries\",\n Path = \"path/to/install_file.bin\",\n });\n\n var vm = new Gcp.Compute.Instance(\"vm\", new()\n {\n Name = \"vm\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.GetObjectSignedUrl(ctx, \u0026storage.GetObjectSignedUrlArgs{\n\t\t\tBucket: \"install_binaries\",\n\t\t\tPath: \"path/to/install_file.bin\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstance(ctx, \"vm\", \u0026compute.InstanceArgs{\n\t\t\tName: pulumi.String(\"vm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.StorageFunctions;\nimport com.pulumi.gcp.storage.inputs.GetObjectSignedUrlArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var artifact = StorageFunctions.getObjectSignedUrl(GetObjectSignedUrlArgs.builder()\n .bucket(\"install_binaries\")\n .path(\"path/to/install_file.bin\")\n .build());\n\n var vm = new Instance(\"vm\", InstanceArgs.builder()\n .name(\"vm\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n vm:\n type: gcp:compute:Instance\n properties:\n name: vm\nvariables:\n artifact:\n fn::invoke:\n Function: gcp:storage:getObjectSignedUrl\n Arguments:\n bucket: install_binaries\n path: path/to/install_file.bin\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Full Example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst getUrl = std.file({\n input: \"path/to/credentials.json\",\n}).then(invoke =\u003e gcp.storage.getObjectSignedUrl({\n bucket: \"fried_chicken\",\n path: \"path/to/file\",\n contentMd5: \"pRviqwS4c4OTJRTe03FD1w==\",\n contentType: \"text/plain\",\n duration: \"2d\",\n credentials: invoke.result,\n extensionHeaders: {\n \"x-goog-if-generation-match\": \"1\",\n },\n}));\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nget_url = gcp.storage.get_object_signed_url(bucket=\"fried_chicken\",\n path=\"path/to/file\",\n content_md5=\"pRviqwS4c4OTJRTe03FD1w==\",\n content_type=\"text/plain\",\n duration=\"2d\",\n credentials=std.file(input=\"path/to/credentials.json\").result,\n extension_headers={\n \"x-goog-if-generation-match\": \"1\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var getUrl = Gcp.Storage.GetObjectSignedUrl.Invoke(new()\n {\n Bucket = \"fried_chicken\",\n Path = \"path/to/file\",\n ContentMd5 = \"pRviqwS4c4OTJRTe03FD1w==\",\n ContentType = \"text/plain\",\n Duration = \"2d\",\n Credentials = Std.File.Invoke(new()\n {\n Input = \"path/to/credentials.json\",\n }).Result,\n ExtensionHeaders = \n {\n { \"x-goog-if-generation-match\", \"1\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.GetObjectSignedUrl(ctx, \u0026storage.GetObjectSignedUrlArgs{\n\t\t\tBucket: \"fried_chicken\",\n\t\t\tPath: \"path/to/file\",\n\t\t\tContentMd5: pulumi.StringRef(\"pRviqwS4c4OTJRTe03FD1w==\"),\n\t\t\tContentType: pulumi.StringRef(\"text/plain\"),\n\t\t\tDuration: pulumi.StringRef(\"2d\"),\n\t\t\tCredentials: pulumi.StringRef(std.File(ctx, \u0026std.FileArgs{\n\t\t\t\tInput: \"path/to/credentials.json\",\n\t\t\t}, nil).Result),\n\t\t\tExtensionHeaders: map[string]interface{}{\n\t\t\t\t\"x-goog-if-generation-match\": \"1\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.StorageFunctions;\nimport com.pulumi.gcp.storage.inputs.GetObjectSignedUrlArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var getUrl = StorageFunctions.getObjectSignedUrl(GetObjectSignedUrlArgs.builder()\n .bucket(\"fried_chicken\")\n .path(\"path/to/file\")\n .contentMd5(\"pRviqwS4c4OTJRTe03FD1w==\")\n .contentType(\"text/plain\")\n .duration(\"2d\")\n .credentials(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/credentials.json\")\n .build()).result())\n .extensionHeaders(Map.of(\"x-goog-if-generation-match\", 1))\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n getUrl:\n fn::invoke:\n Function: gcp:storage:getObjectSignedUrl\n Arguments:\n bucket: fried_chicken\n path: path/to/file\n contentMd5: pRviqwS4c4OTJRTe03FD1w==\n contentType: text/plain\n duration: 2d\n credentials:\n fn::invoke:\n Function: std:file\n Arguments:\n input: path/to/credentials.json\n Return: result\n extensionHeaders:\n x-goog-if-generation-match: 1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "The Google Cloud storage signed URL data source generates a signed URL for a given storage object. Signed URLs provide a way to give time-limited read or write access to anyone in possession of the URL, regardless of whether they have a Google account.\n\nFor more info about signed URL's is available [here](https://cloud.google.com/storage/docs/access-control/signed-urls).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst artifact = gcp.storage.getObjectSignedUrl({\n bucket: \"install_binaries\",\n path: \"path/to/install_file.bin\",\n});\nconst vm = new gcp.compute.Instance(\"vm\", {name: \"vm\"});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nartifact = gcp.storage.get_object_signed_url(bucket=\"install_binaries\",\n path=\"path/to/install_file.bin\")\nvm = gcp.compute.Instance(\"vm\", name=\"vm\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var artifact = Gcp.Storage.GetObjectSignedUrl.Invoke(new()\n {\n Bucket = \"install_binaries\",\n Path = \"path/to/install_file.bin\",\n });\n\n var vm = new Gcp.Compute.Instance(\"vm\", new()\n {\n Name = \"vm\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.GetObjectSignedUrl(ctx, \u0026storage.GetObjectSignedUrlArgs{\n\t\t\tBucket: \"install_binaries\",\n\t\t\tPath: \"path/to/install_file.bin\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstance(ctx, \"vm\", \u0026compute.InstanceArgs{\n\t\t\tName: pulumi.String(\"vm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.StorageFunctions;\nimport com.pulumi.gcp.storage.inputs.GetObjectSignedUrlArgs;\nimport com.pulumi.gcp.compute.Instance;\nimport com.pulumi.gcp.compute.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var artifact = StorageFunctions.getObjectSignedUrl(GetObjectSignedUrlArgs.builder()\n .bucket(\"install_binaries\")\n .path(\"path/to/install_file.bin\")\n .build());\n\n var vm = new Instance(\"vm\", InstanceArgs.builder()\n .name(\"vm\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n vm:\n type: gcp:compute:Instance\n properties:\n name: vm\nvariables:\n artifact:\n fn::invoke:\n function: gcp:storage:getObjectSignedUrl\n arguments:\n bucket: install_binaries\n path: path/to/install_file.bin\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Full Example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as std from \"@pulumi/std\";\n\nconst getUrl = std.file({\n input: \"path/to/credentials.json\",\n}).then(invoke =\u003e gcp.storage.getObjectSignedUrl({\n bucket: \"fried_chicken\",\n path: \"path/to/file\",\n contentMd5: \"pRviqwS4c4OTJRTe03FD1w==\",\n contentType: \"text/plain\",\n duration: \"2d\",\n credentials: invoke.result,\n extensionHeaders: {\n \"x-goog-if-generation-match\": \"1\",\n },\n}));\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_std as std\n\nget_url = gcp.storage.get_object_signed_url(bucket=\"fried_chicken\",\n path=\"path/to/file\",\n content_md5=\"pRviqwS4c4OTJRTe03FD1w==\",\n content_type=\"text/plain\",\n duration=\"2d\",\n credentials=std.file(input=\"path/to/credentials.json\").result,\n extension_headers={\n \"x-goog-if-generation-match\": \"1\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var getUrl = Gcp.Storage.GetObjectSignedUrl.Invoke(new()\n {\n Bucket = \"fried_chicken\",\n Path = \"path/to/file\",\n ContentMd5 = \"pRviqwS4c4OTJRTe03FD1w==\",\n ContentType = \"text/plain\",\n Duration = \"2d\",\n Credentials = Std.File.Invoke(new()\n {\n Input = \"path/to/credentials.json\",\n }).Result,\n ExtensionHeaders = \n {\n { \"x-goog-if-generation-match\", \"1\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.GetObjectSignedUrl(ctx, \u0026storage.GetObjectSignedUrlArgs{\n\t\t\tBucket: \"fried_chicken\",\n\t\t\tPath: \"path/to/file\",\n\t\t\tContentMd5: pulumi.StringRef(\"pRviqwS4c4OTJRTe03FD1w==\"),\n\t\t\tContentType: pulumi.StringRef(\"text/plain\"),\n\t\t\tDuration: pulumi.StringRef(\"2d\"),\n\t\t\tCredentials: pulumi.StringRef(std.File(ctx, \u0026std.FileArgs{\n\t\t\t\tInput: \"path/to/credentials.json\",\n\t\t\t}, nil).Result),\n\t\t\tExtensionHeaders: map[string]interface{}{\n\t\t\t\t\"x-goog-if-generation-match\": \"1\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.StorageFunctions;\nimport com.pulumi.gcp.storage.inputs.GetObjectSignedUrlArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var getUrl = StorageFunctions.getObjectSignedUrl(GetObjectSignedUrlArgs.builder()\n .bucket(\"fried_chicken\")\n .path(\"path/to/file\")\n .contentMd5(\"pRviqwS4c4OTJRTe03FD1w==\")\n .contentType(\"text/plain\")\n .duration(\"2d\")\n .credentials(StdFunctions.file(FileArgs.builder()\n .input(\"path/to/credentials.json\")\n .build()).result())\n .extensionHeaders(Map.of(\"x-goog-if-generation-match\", 1))\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n getUrl:\n fn::invoke:\n function: gcp:storage:getObjectSignedUrl\n arguments:\n bucket: fried_chicken\n path: path/to/file\n contentMd5: pRviqwS4c4OTJRTe03FD1w==\n contentType: text/plain\n duration: 2d\n credentials:\n fn::invoke:\n function: std:file\n arguments:\n input: path/to/credentials.json\n return: result\n extensionHeaders:\n x-goog-if-generation-match: 1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getObjectSignedUrl.\n", "properties": { @@ -302856,7 +302856,7 @@ } }, "gcp:storage/getProjectServiceAccount:getProjectServiceAccount": { - "description": "Get the email address of a project's unique [automatic Google Cloud Storage service account](https://cloud.google.com/storage/docs/projects#service-accounts).\n\nFor each Google Cloud project, Google maintains a unique service account which\nis used as the identity for various Google Cloud Storage operations, including\noperations involving\n[customer-managed encryption keys](https://cloud.google.com/storage/docs/encryption/customer-managed-keys)\nand those involving\n[storage notifications to pub/sub](https://cloud.google.com/storage/docs/gsutil/commands/notification).\nThis automatic Google service account requires access to the relevant Cloud KMS keys or pub/sub topics, respectively, in order for Cloud Storage to use\nthese customer-managed resources.\n\nThe service account has a well-known, documented naming format which is parameterised on the numeric Google project ID.\nHowever, as noted in [the docs](https://cloud.google.com/storage/docs/projects#service-accounts), it is only created when certain relevant actions occur which\npresuppose its existence.\nThese actions include calling a [Cloud Storage API endpoint](https://cloud.google.com/storage/docs/json_api/v1/projects/serviceAccount/get) to yield the\nservice account's identity, or performing some operations in the UI which must use the service account's identity, such as attempting to list Cloud KMS keys\non the bucket creation page.\n\nUse of this data source calls the relevant API endpoint to obtain the service account's identity and thus ensures it exists prior to any API operations\nwhich demand its existence, such as specifying it in Cloud IAM policy.\nAlways prefer to use this data source over interpolating the project ID into the well-known format for this service account, as the latter approach may cause\nprovider update errors in cases where the service account does not yet exist.\n\n\u003e When you write provider code which uses features depending on this service account *and* your provider code adds the service account in IAM policy on other resources,\n you must take care for race conditions between the establishment of the IAM policy and creation of the relevant Cloud Storage resource.\n Cloud Storage APIs will require permissions on resources such as pub/sub topics or Cloud KMS keys to exist *before* the attempt to utilise them in a\n bucket configuration, otherwise the API calls will fail.\n You may need to use `depends_on` to create an explicit dependency between the IAM policy resource and the Cloud Storage resource which depends on it.\n See the examples here and in the `gcp.storage.Notification` resource.\n\nFor more information see\n[the API reference](https://cloud.google.com/storage/docs/json_api/v1/projects/serviceAccount).\n\n## Example Usage\n\n### Pub/Sub Notifications\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst gcsAccount = gcp.storage.getProjectServiceAccount({});\nconst binding = new gcp.pubsub.TopicIAMBinding(\"binding\", {\n topic: topic.name,\n role: \"roles/pubsub.publisher\",\n members: [gcsAccount.then(gcsAccount =\u003e `serviceAccount:${gcsAccount.emailAddress}`)],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ngcs_account = gcp.storage.get_project_service_account()\nbinding = gcp.pubsub.TopicIAMBinding(\"binding\",\n topic=topic[\"name\"],\n role=\"roles/pubsub.publisher\",\n members=[f\"serviceAccount:{gcs_account.email_address}\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var gcsAccount = Gcp.Storage.GetProjectServiceAccount.Invoke();\n\n var binding = new Gcp.PubSub.TopicIAMBinding(\"binding\", new()\n {\n Topic = topic.Name,\n Role = \"roles/pubsub.publisher\",\n Members = new[]\n {\n $\"serviceAccount:{gcsAccount.Apply(getProjectServiceAccountResult =\u003e getProjectServiceAccountResult.EmailAddress)}\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tgcsAccount, err := storage.GetProjectServiceAccount(ctx, \u0026storage.GetProjectServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopicIAMBinding(ctx, \"binding\", \u0026pubsub.TopicIAMBindingArgs{\n\t\t\tTopic: pulumi.Any(topic.Name),\n\t\t\tRole: pulumi.String(\"roles/pubsub.publisher\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:%v\", gcsAccount.EmailAddress),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.StorageFunctions;\nimport com.pulumi.gcp.storage.inputs.GetProjectServiceAccountArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMBinding;\nimport com.pulumi.gcp.pubsub.TopicIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var gcsAccount = StorageFunctions.getProjectServiceAccount();\n\n var binding = new TopicIAMBinding(\"binding\", TopicIAMBindingArgs.builder()\n .topic(topic.name())\n .role(\"roles/pubsub.publisher\")\n .members(String.format(\"serviceAccount:%s\", gcsAccount.applyValue(getProjectServiceAccountResult -\u003e getProjectServiceAccountResult.emailAddress())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:TopicIAMBinding\n properties:\n topic: ${topic.name}\n role: roles/pubsub.publisher\n members:\n - serviceAccount:${gcsAccount.emailAddress}\nvariables:\n gcsAccount:\n fn::invoke:\n Function: gcp:storage:getProjectServiceAccount\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Cloud KMS Keys\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst gcsAccount = gcp.storage.getProjectServiceAccount({});\nconst binding = new gcp.kms.CryptoKeyIAMBinding(\"binding\", {\n cryptoKeyId: \"your-crypto-key-id\",\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n members: [gcsAccount.then(gcsAccount =\u003e `serviceAccount:${gcsAccount.emailAddress}`)],\n});\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: \"kms-protected-bucket\",\n location: \"US\",\n encryption: {\n defaultKmsKeyName: \"your-crypto-key-id\",\n },\n}, {\n dependsOn: [binding],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ngcs_account = gcp.storage.get_project_service_account()\nbinding = gcp.kms.CryptoKeyIAMBinding(\"binding\",\n crypto_key_id=\"your-crypto-key-id\",\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n members=[f\"serviceAccount:{gcs_account.email_address}\"])\nbucket = gcp.storage.Bucket(\"bucket\",\n name=\"kms-protected-bucket\",\n location=\"US\",\n encryption={\n \"default_kms_key_name\": \"your-crypto-key-id\",\n },\n opts = pulumi.ResourceOptions(depends_on=[binding]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var gcsAccount = Gcp.Storage.GetProjectServiceAccount.Invoke();\n\n var binding = new Gcp.Kms.CryptoKeyIAMBinding(\"binding\", new()\n {\n CryptoKeyId = \"your-crypto-key-id\",\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Members = new[]\n {\n $\"serviceAccount:{gcsAccount.Apply(getProjectServiceAccountResult =\u003e getProjectServiceAccountResult.EmailAddress)}\",\n },\n });\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = \"kms-protected-bucket\",\n Location = \"US\",\n Encryption = new Gcp.Storage.Inputs.BucketEncryptionArgs\n {\n DefaultKmsKeyName = \"your-crypto-key-id\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n binding,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tgcsAccount, err := storage.GetProjectServiceAccount(ctx, \u0026storage.GetProjectServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbinding, err := kms.NewCryptoKeyIAMBinding(ctx, \"binding\", \u0026kms.CryptoKeyIAMBindingArgs{\n\t\t\tCryptoKeyId: pulumi.String(\"your-crypto-key-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:%v\", gcsAccount.EmailAddress),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"kms-protected-bucket\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tEncryption: \u0026storage.BucketEncryptionArgs{\n\t\t\t\tDefaultKmsKeyName: pulumi.String(\"your-crypto-key-id\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tbinding,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.StorageFunctions;\nimport com.pulumi.gcp.storage.inputs.GetProjectServiceAccountArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBinding;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.inputs.BucketEncryptionArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var gcsAccount = StorageFunctions.getProjectServiceAccount();\n\n var binding = new CryptoKeyIAMBinding(\"binding\", CryptoKeyIAMBindingArgs.builder()\n .cryptoKeyId(\"your-crypto-key-id\")\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .members(String.format(\"serviceAccount:%s\", gcsAccount.applyValue(getProjectServiceAccountResult -\u003e getProjectServiceAccountResult.emailAddress())))\n .build());\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(\"kms-protected-bucket\")\n .location(\"US\")\n .encryption(BucketEncryptionArgs.builder()\n .defaultKmsKeyName(\"your-crypto-key-id\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(binding)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:kms:CryptoKeyIAMBinding\n properties:\n cryptoKeyId: your-crypto-key-id\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n members:\n - serviceAccount:${gcsAccount.emailAddress}\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: kms-protected-bucket\n location: US\n encryption:\n defaultKmsKeyName: your-crypto-key-id\n options:\n dependson:\n - ${binding}\nvariables:\n gcsAccount:\n fn::invoke:\n Function: gcp:storage:getProjectServiceAccount\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get the email address of a project's unique [automatic Google Cloud Storage service account](https://cloud.google.com/storage/docs/projects#service-accounts).\n\nFor each Google Cloud project, Google maintains a unique service account which\nis used as the identity for various Google Cloud Storage operations, including\noperations involving\n[customer-managed encryption keys](https://cloud.google.com/storage/docs/encryption/customer-managed-keys)\nand those involving\n[storage notifications to pub/sub](https://cloud.google.com/storage/docs/gsutil/commands/notification).\nThis automatic Google service account requires access to the relevant Cloud KMS keys or pub/sub topics, respectively, in order for Cloud Storage to use\nthese customer-managed resources.\n\nThe service account has a well-known, documented naming format which is parameterised on the numeric Google project ID.\nHowever, as noted in [the docs](https://cloud.google.com/storage/docs/projects#service-accounts), it is only created when certain relevant actions occur which\npresuppose its existence.\nThese actions include calling a [Cloud Storage API endpoint](https://cloud.google.com/storage/docs/json_api/v1/projects/serviceAccount/get) to yield the\nservice account's identity, or performing some operations in the UI which must use the service account's identity, such as attempting to list Cloud KMS keys\non the bucket creation page.\n\nUse of this data source calls the relevant API endpoint to obtain the service account's identity and thus ensures it exists prior to any API operations\nwhich demand its existence, such as specifying it in Cloud IAM policy.\nAlways prefer to use this data source over interpolating the project ID into the well-known format for this service account, as the latter approach may cause\nprovider update errors in cases where the service account does not yet exist.\n\n\u003e When you write provider code which uses features depending on this service account *and* your provider code adds the service account in IAM policy on other resources,\n you must take care for race conditions between the establishment of the IAM policy and creation of the relevant Cloud Storage resource.\n Cloud Storage APIs will require permissions on resources such as pub/sub topics or Cloud KMS keys to exist *before* the attempt to utilise them in a\n bucket configuration, otherwise the API calls will fail.\n You may need to use `depends_on` to create an explicit dependency between the IAM policy resource and the Cloud Storage resource which depends on it.\n See the examples here and in the `gcp.storage.Notification` resource.\n\nFor more information see\n[the API reference](https://cloud.google.com/storage/docs/json_api/v1/projects/serviceAccount).\n\n## Example Usage\n\n### Pub/Sub Notifications\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst gcsAccount = gcp.storage.getProjectServiceAccount({});\nconst binding = new gcp.pubsub.TopicIAMBinding(\"binding\", {\n topic: topic.name,\n role: \"roles/pubsub.publisher\",\n members: [gcsAccount.then(gcsAccount =\u003e `serviceAccount:${gcsAccount.emailAddress}`)],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ngcs_account = gcp.storage.get_project_service_account()\nbinding = gcp.pubsub.TopicIAMBinding(\"binding\",\n topic=topic[\"name\"],\n role=\"roles/pubsub.publisher\",\n members=[f\"serviceAccount:{gcs_account.email_address}\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var gcsAccount = Gcp.Storage.GetProjectServiceAccount.Invoke();\n\n var binding = new Gcp.PubSub.TopicIAMBinding(\"binding\", new()\n {\n Topic = topic.Name,\n Role = \"roles/pubsub.publisher\",\n Members = new[]\n {\n $\"serviceAccount:{gcsAccount.Apply(getProjectServiceAccountResult =\u003e getProjectServiceAccountResult.EmailAddress)}\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tgcsAccount, err := storage.GetProjectServiceAccount(ctx, \u0026storage.GetProjectServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopicIAMBinding(ctx, \"binding\", \u0026pubsub.TopicIAMBindingArgs{\n\t\t\tTopic: pulumi.Any(topic.Name),\n\t\t\tRole: pulumi.String(\"roles/pubsub.publisher\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:%v\", gcsAccount.EmailAddress),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.StorageFunctions;\nimport com.pulumi.gcp.storage.inputs.GetProjectServiceAccountArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMBinding;\nimport com.pulumi.gcp.pubsub.TopicIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var gcsAccount = StorageFunctions.getProjectServiceAccount();\n\n var binding = new TopicIAMBinding(\"binding\", TopicIAMBindingArgs.builder()\n .topic(topic.name())\n .role(\"roles/pubsub.publisher\")\n .members(String.format(\"serviceAccount:%s\", gcsAccount.applyValue(getProjectServiceAccountResult -\u003e getProjectServiceAccountResult.emailAddress())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:TopicIAMBinding\n properties:\n topic: ${topic.name}\n role: roles/pubsub.publisher\n members:\n - serviceAccount:${gcsAccount.emailAddress}\nvariables:\n gcsAccount:\n fn::invoke:\n function: gcp:storage:getProjectServiceAccount\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Cloud KMS Keys\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst gcsAccount = gcp.storage.getProjectServiceAccount({});\nconst binding = new gcp.kms.CryptoKeyIAMBinding(\"binding\", {\n cryptoKeyId: \"your-crypto-key-id\",\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n members: [gcsAccount.then(gcsAccount =\u003e `serviceAccount:${gcsAccount.emailAddress}`)],\n});\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: \"kms-protected-bucket\",\n location: \"US\",\n encryption: {\n defaultKmsKeyName: \"your-crypto-key-id\",\n },\n}, {\n dependsOn: [binding],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ngcs_account = gcp.storage.get_project_service_account()\nbinding = gcp.kms.CryptoKeyIAMBinding(\"binding\",\n crypto_key_id=\"your-crypto-key-id\",\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n members=[f\"serviceAccount:{gcs_account.email_address}\"])\nbucket = gcp.storage.Bucket(\"bucket\",\n name=\"kms-protected-bucket\",\n location=\"US\",\n encryption={\n \"default_kms_key_name\": \"your-crypto-key-id\",\n },\n opts = pulumi.ResourceOptions(depends_on=[binding]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var gcsAccount = Gcp.Storage.GetProjectServiceAccount.Invoke();\n\n var binding = new Gcp.Kms.CryptoKeyIAMBinding(\"binding\", new()\n {\n CryptoKeyId = \"your-crypto-key-id\",\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Members = new[]\n {\n $\"serviceAccount:{gcsAccount.Apply(getProjectServiceAccountResult =\u003e getProjectServiceAccountResult.EmailAddress)}\",\n },\n });\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = \"kms-protected-bucket\",\n Location = \"US\",\n Encryption = new Gcp.Storage.Inputs.BucketEncryptionArgs\n {\n DefaultKmsKeyName = \"your-crypto-key-id\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n binding,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tgcsAccount, err := storage.GetProjectServiceAccount(ctx, \u0026storage.GetProjectServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbinding, err := kms.NewCryptoKeyIAMBinding(ctx, \"binding\", \u0026kms.CryptoKeyIAMBindingArgs{\n\t\t\tCryptoKeyId: pulumi.String(\"your-crypto-key-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:%v\", gcsAccount.EmailAddress),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"kms-protected-bucket\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tEncryption: \u0026storage.BucketEncryptionArgs{\n\t\t\t\tDefaultKmsKeyName: pulumi.String(\"your-crypto-key-id\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tbinding,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.StorageFunctions;\nimport com.pulumi.gcp.storage.inputs.GetProjectServiceAccountArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBinding;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.inputs.BucketEncryptionArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var gcsAccount = StorageFunctions.getProjectServiceAccount();\n\n var binding = new CryptoKeyIAMBinding(\"binding\", CryptoKeyIAMBindingArgs.builder()\n .cryptoKeyId(\"your-crypto-key-id\")\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .members(String.format(\"serviceAccount:%s\", gcsAccount.applyValue(getProjectServiceAccountResult -\u003e getProjectServiceAccountResult.emailAddress())))\n .build());\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(\"kms-protected-bucket\")\n .location(\"US\")\n .encryption(BucketEncryptionArgs.builder()\n .defaultKmsKeyName(\"your-crypto-key-id\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(binding)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:kms:CryptoKeyIAMBinding\n properties:\n cryptoKeyId: your-crypto-key-id\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n members:\n - serviceAccount:${gcsAccount.emailAddress}\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: kms-protected-bucket\n location: US\n encryption:\n defaultKmsKeyName: your-crypto-key-id\n options:\n dependsOn:\n - ${binding}\nvariables:\n gcsAccount:\n fn::invoke:\n function: gcp:storage:getProjectServiceAccount\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getProjectServiceAccount.\n", "properties": { @@ -302905,7 +302905,7 @@ } }, "gcp:storage/getTransferProjectServiceAccount:getTransferProjectServiceAccount": { - "description": "Use this data source to retrieve Storage Transfer service account for this project\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.storage.getTransferProjectServiceAccount({});\nexport const defaultAccount = _default.then(_default =\u003e _default.email);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.storage.get_transfer_project_service_account()\npulumi.export(\"defaultAccount\", default.email)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Storage.GetTransferProjectServiceAccount.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"defaultAccount\"] = @default.Apply(@default =\u003e @default.Apply(getTransferProjectServiceAccountResult =\u003e getTransferProjectServiceAccountResult.Email)),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := storage.GetTransferProjectServiceAccount(ctx, \u0026storage.GetTransferProjectServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"defaultAccount\", _default.Email)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.StorageFunctions;\nimport com.pulumi.gcp.storage.inputs.GetTransferProjectServiceAccountArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = StorageFunctions.getTransferProjectServiceAccount();\n\n ctx.export(\"defaultAccount\", default_.email());\n }\n}\n```\n```yaml\nvariables:\n default:\n fn::invoke:\n Function: gcp:storage:getTransferProjectServiceAccount\n Arguments: {}\noutputs:\n defaultAccount: ${default.email}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to retrieve Storage Transfer service account for this project\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.storage.getTransferProjectServiceAccount({});\nexport const defaultAccount = _default.then(_default =\u003e _default.email);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.storage.get_transfer_project_service_account()\npulumi.export(\"defaultAccount\", default.email)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Storage.GetTransferProjectServiceAccount.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"defaultAccount\"] = @default.Apply(@default =\u003e @default.Apply(getTransferProjectServiceAccountResult =\u003e getTransferProjectServiceAccountResult.Email)),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := storage.GetTransferProjectServiceAccount(ctx, \u0026storage.GetTransferProjectServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"defaultAccount\", _default.Email)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.StorageFunctions;\nimport com.pulumi.gcp.storage.inputs.GetTransferProjectServiceAccountArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = StorageFunctions.getTransferProjectServiceAccount();\n\n ctx.export(\"defaultAccount\", default_.email());\n }\n}\n```\n```yaml\nvariables:\n default:\n fn::invoke:\n function: gcp:storage:getTransferProjectServiceAccount\n arguments: {}\noutputs:\n defaultAccount: ${default.email}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getTransferProjectServiceAccount.\n", "properties": { @@ -302951,7 +302951,7 @@ }, "gcp:storage/getTransferProjectServieAccount:getTransferProjectServieAccount": { "deprecationMessage": "gcp.storage.getTransferProjectServieAccount has been deprecated in favor of gcp.storage.getTransferProjectServiceAccount", - "description": "Use this data source to retrieve Storage Transfer service account for this project\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.storage.getTransferProjectServiceAccount({});\nexport const defaultAccount = _default.then(_default =\u003e _default.email);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.storage.get_transfer_project_service_account()\npulumi.export(\"defaultAccount\", default.email)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Storage.GetTransferProjectServiceAccount.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"defaultAccount\"] = @default.Apply(@default =\u003e @default.Apply(getTransferProjectServiceAccountResult =\u003e getTransferProjectServiceAccountResult.Email)),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := storage.GetTransferProjectServiceAccount(ctx, \u0026storage.GetTransferProjectServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"defaultAccount\", _default.Email)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.StorageFunctions;\nimport com.pulumi.gcp.storage.inputs.GetTransferProjectServiceAccountArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = StorageFunctions.getTransferProjectServiceAccount();\n\n ctx.export(\"defaultAccount\", default_.email());\n }\n}\n```\n```yaml\nvariables:\n default:\n fn::invoke:\n Function: gcp:storage:getTransferProjectServiceAccount\n Arguments: {}\noutputs:\n defaultAccount: ${default.email}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to retrieve Storage Transfer service account for this project\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.storage.getTransferProjectServiceAccount({});\nexport const defaultAccount = _default.then(_default =\u003e _default.email);\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.storage.get_transfer_project_service_account()\npulumi.export(\"defaultAccount\", default.email)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Storage.GetTransferProjectServiceAccount.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"defaultAccount\"] = @default.Apply(@default =\u003e @default.Apply(getTransferProjectServiceAccountResult =\u003e getTransferProjectServiceAccountResult.Email)),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := storage.GetTransferProjectServiceAccount(ctx, \u0026storage.GetTransferProjectServiceAccountArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"defaultAccount\", _default.Email)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.StorageFunctions;\nimport com.pulumi.gcp.storage.inputs.GetTransferProjectServiceAccountArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = StorageFunctions.getTransferProjectServiceAccount();\n\n ctx.export(\"defaultAccount\", default_.email());\n }\n}\n```\n```yaml\nvariables:\n default:\n fn::invoke:\n function: gcp:storage:getTransferProjectServiceAccount\n arguments: {}\noutputs:\n defaultAccount: ${default.email}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getTransferProjectServieAccount.\n", "properties": { @@ -302996,7 +302996,7 @@ } }, "gcp:tags/getTagKey:getTagKey": { - "description": "Get a tag key by org or project `parent` and `short_name`.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst environmentTagKey = gcp.tags.getTagKey({\n parent: \"organizations/12345\",\n shortName: \"environment\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nenvironment_tag_key = gcp.tags.get_tag_key(parent=\"organizations/12345\",\n short_name=\"environment\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var environmentTagKey = Gcp.Tags.GetTagKey.Invoke(new()\n {\n Parent = \"organizations/12345\",\n ShortName = \"environment\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.LookupTagKey(ctx, \u0026tags.LookupTagKeyArgs{\n\t\t\tParent: \"organizations/12345\",\n\t\t\tShortName: \"environment\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagsFunctions;\nimport com.pulumi.gcp.tags.inputs.GetTagKeyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var environmentTagKey = TagsFunctions.getTagKey(GetTagKeyArgs.builder()\n .parent(\"organizations/12345\")\n .shortName(\"environment\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n environmentTagKey:\n fn::invoke:\n Function: gcp:tags:getTagKey\n Arguments:\n parent: organizations/12345\n shortName: environment\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst environmentTagKey = gcp.tags.getTagKey({\n parent: \"projects/abc\",\n shortName: \"environment\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nenvironment_tag_key = gcp.tags.get_tag_key(parent=\"projects/abc\",\n short_name=\"environment\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var environmentTagKey = Gcp.Tags.GetTagKey.Invoke(new()\n {\n Parent = \"projects/abc\",\n ShortName = \"environment\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.LookupTagKey(ctx, \u0026tags.LookupTagKeyArgs{\n\t\t\tParent: \"projects/abc\",\n\t\t\tShortName: \"environment\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagsFunctions;\nimport com.pulumi.gcp.tags.inputs.GetTagKeyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var environmentTagKey = TagsFunctions.getTagKey(GetTagKeyArgs.builder()\n .parent(\"projects/abc\")\n .shortName(\"environment\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n environmentTagKey:\n fn::invoke:\n Function: gcp:tags:getTagKey\n Arguments:\n parent: projects/abc\n shortName: environment\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get a tag key by org or project `parent` and `short_name`.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst environmentTagKey = gcp.tags.getTagKey({\n parent: \"organizations/12345\",\n shortName: \"environment\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nenvironment_tag_key = gcp.tags.get_tag_key(parent=\"organizations/12345\",\n short_name=\"environment\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var environmentTagKey = Gcp.Tags.GetTagKey.Invoke(new()\n {\n Parent = \"organizations/12345\",\n ShortName = \"environment\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.LookupTagKey(ctx, \u0026tags.LookupTagKeyArgs{\n\t\t\tParent: \"organizations/12345\",\n\t\t\tShortName: \"environment\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagsFunctions;\nimport com.pulumi.gcp.tags.inputs.GetTagKeyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var environmentTagKey = TagsFunctions.getTagKey(GetTagKeyArgs.builder()\n .parent(\"organizations/12345\")\n .shortName(\"environment\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n environmentTagKey:\n fn::invoke:\n function: gcp:tags:getTagKey\n arguments:\n parent: organizations/12345\n shortName: environment\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst environmentTagKey = gcp.tags.getTagKey({\n parent: \"projects/abc\",\n shortName: \"environment\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nenvironment_tag_key = gcp.tags.get_tag_key(parent=\"projects/abc\",\n short_name=\"environment\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var environmentTagKey = Gcp.Tags.GetTagKey.Invoke(new()\n {\n Parent = \"projects/abc\",\n ShortName = \"environment\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.LookupTagKey(ctx, \u0026tags.LookupTagKeyArgs{\n\t\t\tParent: \"projects/abc\",\n\t\t\tShortName: \"environment\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagsFunctions;\nimport com.pulumi.gcp.tags.inputs.GetTagKeyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var environmentTagKey = TagsFunctions.getTagKey(GetTagKeyArgs.builder()\n .parent(\"projects/abc\")\n .shortName(\"environment\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n environmentTagKey:\n fn::invoke:\n function: gcp:tags:getTagKey\n arguments:\n parent: projects/abc\n shortName: environment\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getTagKey.\n", "properties": { @@ -303062,7 +303062,7 @@ } }, "gcp:tags/getTagKeyIamPolicy:getTagKeyIamPolicy": { - "description": "Retrieves the current IAM policy data for tagkey\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.tags.getTagKeyIamPolicy({\n tagKey: key.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.tags.get_tag_key_iam_policy(tag_key=key[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Tags.GetTagKeyIamPolicy.Invoke(new()\n {\n TagKey = key.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.LookupTagKeyIamPolicy(ctx, \u0026tags.LookupTagKeyIamPolicyArgs{\n\t\t\tTagKey: key.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagsFunctions;\nimport com.pulumi.gcp.tags.inputs.GetTagKeyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = TagsFunctions.getTagKeyIamPolicy(GetTagKeyIamPolicyArgs.builder()\n .tagKey(key.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:tags:getTagKeyIamPolicy\n Arguments:\n tagKey: ${key.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for tagkey\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.tags.getTagKeyIamPolicy({\n tagKey: key.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.tags.get_tag_key_iam_policy(tag_key=key[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Tags.GetTagKeyIamPolicy.Invoke(new()\n {\n TagKey = key.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.LookupTagKeyIamPolicy(ctx, \u0026tags.LookupTagKeyIamPolicyArgs{\n\t\t\tTagKey: key.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagsFunctions;\nimport com.pulumi.gcp.tags.inputs.GetTagKeyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = TagsFunctions.getTagKeyIamPolicy(GetTagKeyIamPolicyArgs.builder()\n .tagKey(key.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:tags:getTagKeyIamPolicy\n arguments:\n tagKey: ${key.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getTagKeyIamPolicy.\n", "properties": { @@ -303106,7 +303106,7 @@ } }, "gcp:tags/getTagKeys:getTagKeys": { - "description": "Get tag keys by org or project `parent`.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst environmentTagKey = gcp.tags.getTagKeys({\n parent: \"organizations/12345\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nenvironment_tag_key = gcp.tags.get_tag_keys(parent=\"organizations/12345\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var environmentTagKey = Gcp.Tags.GetTagKeys.Invoke(new()\n {\n Parent = \"organizations/12345\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.GetTagKeys(ctx, \u0026tags.GetTagKeysArgs{\n\t\t\tParent: \"organizations/12345\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagsFunctions;\nimport com.pulumi.gcp.tags.inputs.GetTagKeysArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var environmentTagKey = TagsFunctions.getTagKeys(GetTagKeysArgs.builder()\n .parent(\"organizations/12345\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n environmentTagKey:\n fn::invoke:\n Function: gcp:tags:getTagKeys\n Arguments:\n parent: organizations/12345\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst environmentTagKey = gcp.tags.getTagKeys({\n parent: \"projects/abc\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nenvironment_tag_key = gcp.tags.get_tag_keys(parent=\"projects/abc\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var environmentTagKey = Gcp.Tags.GetTagKeys.Invoke(new()\n {\n Parent = \"projects/abc\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.GetTagKeys(ctx, \u0026tags.GetTagKeysArgs{\n\t\t\tParent: \"projects/abc\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagsFunctions;\nimport com.pulumi.gcp.tags.inputs.GetTagKeysArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var environmentTagKey = TagsFunctions.getTagKeys(GetTagKeysArgs.builder()\n .parent(\"projects/abc\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n environmentTagKey:\n fn::invoke:\n Function: gcp:tags:getTagKeys\n Arguments:\n parent: projects/abc\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get tag keys by org or project `parent`.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst environmentTagKey = gcp.tags.getTagKeys({\n parent: \"organizations/12345\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nenvironment_tag_key = gcp.tags.get_tag_keys(parent=\"organizations/12345\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var environmentTagKey = Gcp.Tags.GetTagKeys.Invoke(new()\n {\n Parent = \"organizations/12345\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.GetTagKeys(ctx, \u0026tags.GetTagKeysArgs{\n\t\t\tParent: \"organizations/12345\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagsFunctions;\nimport com.pulumi.gcp.tags.inputs.GetTagKeysArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var environmentTagKey = TagsFunctions.getTagKeys(GetTagKeysArgs.builder()\n .parent(\"organizations/12345\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n environmentTagKey:\n fn::invoke:\n function: gcp:tags:getTagKeys\n arguments:\n parent: organizations/12345\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst environmentTagKey = gcp.tags.getTagKeys({\n parent: \"projects/abc\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nenvironment_tag_key = gcp.tags.get_tag_keys(parent=\"projects/abc\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var environmentTagKey = Gcp.Tags.GetTagKeys.Invoke(new()\n {\n Parent = \"projects/abc\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.GetTagKeys(ctx, \u0026tags.GetTagKeysArgs{\n\t\t\tParent: \"projects/abc\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagsFunctions;\nimport com.pulumi.gcp.tags.inputs.GetTagKeysArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var environmentTagKey = TagsFunctions.getTagKeys(GetTagKeysArgs.builder()\n .parent(\"projects/abc\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n environmentTagKey:\n fn::invoke:\n function: gcp:tags:getTagKeys\n arguments:\n parent: projects/abc\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getTagKeys.\n", "properties": { @@ -303147,7 +303147,7 @@ } }, "gcp:tags/getTagValue:getTagValue": { - "description": "Get a tag value by `parent` key and `short_name`.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst environmentProdTagValue = gcp.tags.getTagValue({\n parent: \"tagKeys/56789\",\n shortName: \"production\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nenvironment_prod_tag_value = gcp.tags.get_tag_value(parent=\"tagKeys/56789\",\n short_name=\"production\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var environmentProdTagValue = Gcp.Tags.GetTagValue.Invoke(new()\n {\n Parent = \"tagKeys/56789\",\n ShortName = \"production\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.LookupTagValue(ctx, \u0026tags.LookupTagValueArgs{\n\t\t\tParent: \"tagKeys/56789\",\n\t\t\tShortName: \"production\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagsFunctions;\nimport com.pulumi.gcp.tags.inputs.GetTagValueArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var environmentProdTagValue = TagsFunctions.getTagValue(GetTagValueArgs.builder()\n .parent(\"tagKeys/56789\")\n .shortName(\"production\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n environmentProdTagValue:\n fn::invoke:\n Function: gcp:tags:getTagValue\n Arguments:\n parent: tagKeys/56789\n shortName: production\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get a tag value by `parent` key and `short_name`.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst environmentProdTagValue = gcp.tags.getTagValue({\n parent: \"tagKeys/56789\",\n shortName: \"production\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nenvironment_prod_tag_value = gcp.tags.get_tag_value(parent=\"tagKeys/56789\",\n short_name=\"production\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var environmentProdTagValue = Gcp.Tags.GetTagValue.Invoke(new()\n {\n Parent = \"tagKeys/56789\",\n ShortName = \"production\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.LookupTagValue(ctx, \u0026tags.LookupTagValueArgs{\n\t\t\tParent: \"tagKeys/56789\",\n\t\t\tShortName: \"production\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagsFunctions;\nimport com.pulumi.gcp.tags.inputs.GetTagValueArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var environmentProdTagValue = TagsFunctions.getTagValue(GetTagValueArgs.builder()\n .parent(\"tagKeys/56789\")\n .shortName(\"production\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n environmentProdTagValue:\n fn::invoke:\n function: gcp:tags:getTagValue\n arguments:\n parent: tagKeys/56789\n shortName: production\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getTagValue.\n", "properties": { @@ -303213,7 +303213,7 @@ } }, "gcp:tags/getTagValueIamPolicy:getTagValueIamPolicy": { - "description": "Retrieves the current IAM policy data for tagvalue\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.tags.getTagValueIamPolicy({\n tagValue: value.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.tags.get_tag_value_iam_policy(tag_value=value[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Tags.GetTagValueIamPolicy.Invoke(new()\n {\n TagValue = @value.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.LookupTagValueIamPolicy(ctx, \u0026tags.LookupTagValueIamPolicyArgs{\n\t\t\tTagValue: value.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagsFunctions;\nimport com.pulumi.gcp.tags.inputs.GetTagValueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = TagsFunctions.getTagValueIamPolicy(GetTagValueIamPolicyArgs.builder()\n .tagValue(value.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:tags:getTagValueIamPolicy\n Arguments:\n tagValue: ${value.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for tagvalue\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.tags.getTagValueIamPolicy({\n tagValue: value.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.tags.get_tag_value_iam_policy(tag_value=value[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Tags.GetTagValueIamPolicy.Invoke(new()\n {\n TagValue = @value.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.LookupTagValueIamPolicy(ctx, \u0026tags.LookupTagValueIamPolicyArgs{\n\t\t\tTagValue: value.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagsFunctions;\nimport com.pulumi.gcp.tags.inputs.GetTagValueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = TagsFunctions.getTagValueIamPolicy(GetTagValueIamPolicyArgs.builder()\n .tagValue(value.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:tags:getTagValueIamPolicy\n arguments:\n tagValue: ${value.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getTagValueIamPolicy.\n", "properties": { @@ -303257,7 +303257,7 @@ } }, "gcp:tags/getTagValues:getTagValues": { - "description": "Get tag values from a `parent` key.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst environmentTagValues = gcp.tags.getTagValues({\n parent: \"tagKeys/56789\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nenvironment_tag_values = gcp.tags.get_tag_values(parent=\"tagKeys/56789\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var environmentTagValues = Gcp.Tags.GetTagValues.Invoke(new()\n {\n Parent = \"tagKeys/56789\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.GetTagValues(ctx, \u0026tags.GetTagValuesArgs{\n\t\t\tParent: \"tagKeys/56789\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagsFunctions;\nimport com.pulumi.gcp.tags.inputs.GetTagValuesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var environmentTagValues = TagsFunctions.getTagValues(GetTagValuesArgs.builder()\n .parent(\"tagKeys/56789\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n environmentTagValues:\n fn::invoke:\n Function: gcp:tags:getTagValues\n Arguments:\n parent: tagKeys/56789\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get tag values from a `parent` key.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst environmentTagValues = gcp.tags.getTagValues({\n parent: \"tagKeys/56789\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nenvironment_tag_values = gcp.tags.get_tag_values(parent=\"tagKeys/56789\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var environmentTagValues = Gcp.Tags.GetTagValues.Invoke(new()\n {\n Parent = \"tagKeys/56789\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.GetTagValues(ctx, \u0026tags.GetTagValuesArgs{\n\t\t\tParent: \"tagKeys/56789\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagsFunctions;\nimport com.pulumi.gcp.tags.inputs.GetTagValuesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var environmentTagValues = TagsFunctions.getTagValues(GetTagValuesArgs.builder()\n .parent(\"tagKeys/56789\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n environmentTagValues:\n fn::invoke:\n function: gcp:tags:getTagValues\n arguments:\n parent: tagKeys/56789\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getTagValues.\n", "properties": { @@ -303298,7 +303298,7 @@ } }, "gcp:tpu/getTensorflowVersions:getTensorflowVersions": { - "description": "Get TensorFlow versions available for a project. For more information see the [official documentation](https://cloud.google.com/tpu/docs/) and [API](https://cloud.google.com/tpu/docs/reference/rest/v1/projects.locations.tensorflowVersions).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst available = gcp.tpu.getTensorflowVersions({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\navailable = gcp.tpu.get_tensorflow_versions()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Gcp.Tpu.GetTensorflowVersions.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tpu\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tpu.GetTensorflowVersions(ctx, \u0026tpu.GetTensorflowVersionsArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tpu.TpuFunctions;\nimport com.pulumi.gcp.tpu.inputs.GetTensorflowVersionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = TpuFunctions.getTensorflowVersions();\n\n }\n}\n```\n```yaml\nvariables:\n available:\n fn::invoke:\n Function: gcp:tpu:getTensorflowVersions\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Configure Basic TPU Node With Available Version\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst available = gcp.tpu.getTensorflowVersions({});\nconst tpu = new gcp.tpu.Node(\"tpu\", {\n name: \"test-tpu\",\n zone: \"us-central1-b\",\n acceleratorType: \"v3-8\",\n tensorflowVersion: available.then(available =\u003e available.versions?.[0]),\n cidrBlock: \"10.2.0.0/29\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\navailable = gcp.tpu.get_tensorflow_versions()\ntpu = gcp.tpu.Node(\"tpu\",\n name=\"test-tpu\",\n zone=\"us-central1-b\",\n accelerator_type=\"v3-8\",\n tensorflow_version=available.versions[0],\n cidr_block=\"10.2.0.0/29\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Gcp.Tpu.GetTensorflowVersions.Invoke();\n\n var tpu = new Gcp.Tpu.Node(\"tpu\", new()\n {\n Name = \"test-tpu\",\n Zone = \"us-central1-b\",\n AcceleratorType = \"v3-8\",\n TensorflowVersion = available.Apply(getTensorflowVersionsResult =\u003e getTensorflowVersionsResult.Versions[0]),\n CidrBlock = \"10.2.0.0/29\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tpu\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tavailable, err := tpu.GetTensorflowVersions(ctx, \u0026tpu.GetTensorflowVersionsArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tpu.NewNode(ctx, \"tpu\", \u0026tpu.NodeArgs{\n\t\t\tName: pulumi.String(\"test-tpu\"),\n\t\t\tZone: pulumi.String(\"us-central1-b\"),\n\t\t\tAcceleratorType: pulumi.String(\"v3-8\"),\n\t\t\tTensorflowVersion: pulumi.String(available.Versions[0]),\n\t\t\tCidrBlock: pulumi.String(\"10.2.0.0/29\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tpu.TpuFunctions;\nimport com.pulumi.gcp.tpu.inputs.GetTensorflowVersionsArgs;\nimport com.pulumi.gcp.tpu.Node;\nimport com.pulumi.gcp.tpu.NodeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = TpuFunctions.getTensorflowVersions();\n\n var tpu = new Node(\"tpu\", NodeArgs.builder()\n .name(\"test-tpu\")\n .zone(\"us-central1-b\")\n .acceleratorType(\"v3-8\")\n .tensorflowVersion(available.applyValue(getTensorflowVersionsResult -\u003e getTensorflowVersionsResult.versions()[0]))\n .cidrBlock(\"10.2.0.0/29\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tpu:\n type: gcp:tpu:Node\n properties:\n name: test-tpu\n zone: us-central1-b\n acceleratorType: v3-8\n tensorflowVersion: ${available.versions[0]}\n cidrBlock: 10.2.0.0/29\nvariables:\n available:\n fn::invoke:\n Function: gcp:tpu:getTensorflowVersions\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get TensorFlow versions available for a project. For more information see the [official documentation](https://cloud.google.com/tpu/docs/) and [API](https://cloud.google.com/tpu/docs/reference/rest/v1/projects.locations.tensorflowVersions).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst available = gcp.tpu.getTensorflowVersions({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\navailable = gcp.tpu.get_tensorflow_versions()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Gcp.Tpu.GetTensorflowVersions.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tpu\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tpu.GetTensorflowVersions(ctx, \u0026tpu.GetTensorflowVersionsArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tpu.TpuFunctions;\nimport com.pulumi.gcp.tpu.inputs.GetTensorflowVersionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = TpuFunctions.getTensorflowVersions();\n\n }\n}\n```\n```yaml\nvariables:\n available:\n fn::invoke:\n function: gcp:tpu:getTensorflowVersions\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Configure Basic TPU Node With Available Version\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst available = gcp.tpu.getTensorflowVersions({});\nconst tpu = new gcp.tpu.Node(\"tpu\", {\n name: \"test-tpu\",\n zone: \"us-central1-b\",\n acceleratorType: \"v3-8\",\n tensorflowVersion: available.then(available =\u003e available.versions?.[0]),\n cidrBlock: \"10.2.0.0/29\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\navailable = gcp.tpu.get_tensorflow_versions()\ntpu = gcp.tpu.Node(\"tpu\",\n name=\"test-tpu\",\n zone=\"us-central1-b\",\n accelerator_type=\"v3-8\",\n tensorflow_version=available.versions[0],\n cidr_block=\"10.2.0.0/29\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Gcp.Tpu.GetTensorflowVersions.Invoke();\n\n var tpu = new Gcp.Tpu.Node(\"tpu\", new()\n {\n Name = \"test-tpu\",\n Zone = \"us-central1-b\",\n AcceleratorType = \"v3-8\",\n TensorflowVersion = available.Apply(getTensorflowVersionsResult =\u003e getTensorflowVersionsResult.Versions[0]),\n CidrBlock = \"10.2.0.0/29\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tpu\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tavailable, err := tpu.GetTensorflowVersions(ctx, \u0026tpu.GetTensorflowVersionsArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tpu.NewNode(ctx, \"tpu\", \u0026tpu.NodeArgs{\n\t\t\tName: pulumi.String(\"test-tpu\"),\n\t\t\tZone: pulumi.String(\"us-central1-b\"),\n\t\t\tAcceleratorType: pulumi.String(\"v3-8\"),\n\t\t\tTensorflowVersion: pulumi.String(available.Versions[0]),\n\t\t\tCidrBlock: pulumi.String(\"10.2.0.0/29\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tpu.TpuFunctions;\nimport com.pulumi.gcp.tpu.inputs.GetTensorflowVersionsArgs;\nimport com.pulumi.gcp.tpu.Node;\nimport com.pulumi.gcp.tpu.NodeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = TpuFunctions.getTensorflowVersions();\n\n var tpu = new Node(\"tpu\", NodeArgs.builder()\n .name(\"test-tpu\")\n .zone(\"us-central1-b\")\n .acceleratorType(\"v3-8\")\n .tensorflowVersion(available.applyValue(getTensorflowVersionsResult -\u003e getTensorflowVersionsResult.versions()[0]))\n .cidrBlock(\"10.2.0.0/29\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tpu:\n type: gcp:tpu:Node\n properties:\n name: test-tpu\n zone: us-central1-b\n acceleratorType: v3-8\n tensorflowVersion: ${available.versions[0]}\n cidrBlock: 10.2.0.0/29\nvariables:\n available:\n fn::invoke:\n function: gcp:tpu:getTensorflowVersions\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getTensorflowVersions.\n", "properties": { @@ -303344,7 +303344,7 @@ } }, "gcp:tpu/getV2AcceleratorTypes:getV2AcceleratorTypes": { - "description": "Get accelerator types available for a project. For more information see the [official documentation](https://cloud.google.com/tpu/docs/) and [API](https://cloud.google.com/tpu/docs/reference/rest/v2/projects.locations.acceleratorTypes).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst available = gcp.tpu.getV2AcceleratorTypes({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\navailable = gcp.tpu.get_v2_accelerator_types()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Gcp.Tpu.GetV2AcceleratorTypes.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tpu\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tpu.GetV2AcceleratorTypes(ctx, \u0026tpu.GetV2AcceleratorTypesArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tpu.TpuFunctions;\nimport com.pulumi.gcp.tpu.inputs.GetV2AcceleratorTypesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = TpuFunctions.getV2AcceleratorTypes();\n\n }\n}\n```\n```yaml\nvariables:\n available:\n fn::invoke:\n Function: gcp:tpu:getV2AcceleratorTypes\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Configure Basic TPU VM With Available Type\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst available = gcp.tpu.getV2AcceleratorTypes({});\nconst availableGetV2RuntimeVersions = gcp.tpu.getV2RuntimeVersions({});\nconst tpu = new gcp.tpu.V2Vm(\"tpu\", {\n name: \"test-tpu\",\n zone: \"us-central1-b\",\n runtimeVersion: availableGetV2RuntimeVersions.then(availableGetV2RuntimeVersions =\u003e availableGetV2RuntimeVersions.versions?.[0]),\n acceleratorType: available.then(available =\u003e available.types?.[0]),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\navailable = gcp.tpu.get_v2_accelerator_types()\navailable_get_v2_runtime_versions = gcp.tpu.get_v2_runtime_versions()\ntpu = gcp.tpu.V2Vm(\"tpu\",\n name=\"test-tpu\",\n zone=\"us-central1-b\",\n runtime_version=available_get_v2_runtime_versions.versions[0],\n accelerator_type=available.types[0])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Gcp.Tpu.GetV2AcceleratorTypes.Invoke();\n\n var availableGetV2RuntimeVersions = Gcp.Tpu.GetV2RuntimeVersions.Invoke();\n\n var tpu = new Gcp.Tpu.V2Vm(\"tpu\", new()\n {\n Name = \"test-tpu\",\n Zone = \"us-central1-b\",\n RuntimeVersion = availableGetV2RuntimeVersions.Apply(getV2RuntimeVersionsResult =\u003e getV2RuntimeVersionsResult.Versions[0]),\n AcceleratorType = available.Apply(getV2AcceleratorTypesResult =\u003e getV2AcceleratorTypesResult.Types[0]),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tpu\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tavailable, err := tpu.GetV2AcceleratorTypes(ctx, \u0026tpu.GetV2AcceleratorTypesArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tavailableGetV2RuntimeVersions, err := tpu.GetV2RuntimeVersions(ctx, \u0026tpu.GetV2RuntimeVersionsArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tpu.NewV2Vm(ctx, \"tpu\", \u0026tpu.V2VmArgs{\n\t\t\tName: pulumi.String(\"test-tpu\"),\n\t\t\tZone: pulumi.String(\"us-central1-b\"),\n\t\t\tRuntimeVersion: pulumi.String(availableGetV2RuntimeVersions.Versions[0]),\n\t\t\tAcceleratorType: pulumi.String(available.Types[0]),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tpu.TpuFunctions;\nimport com.pulumi.gcp.tpu.inputs.GetV2AcceleratorTypesArgs;\nimport com.pulumi.gcp.tpu.inputs.GetV2RuntimeVersionsArgs;\nimport com.pulumi.gcp.tpu.V2Vm;\nimport com.pulumi.gcp.tpu.V2VmArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = TpuFunctions.getV2AcceleratorTypes();\n\n final var availableGetV2RuntimeVersions = TpuFunctions.getV2RuntimeVersions();\n\n var tpu = new V2Vm(\"tpu\", V2VmArgs.builder()\n .name(\"test-tpu\")\n .zone(\"us-central1-b\")\n .runtimeVersion(availableGetV2RuntimeVersions.applyValue(getV2RuntimeVersionsResult -\u003e getV2RuntimeVersionsResult.versions()[0]))\n .acceleratorType(available.applyValue(getV2AcceleratorTypesResult -\u003e getV2AcceleratorTypesResult.types()[0]))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tpu:\n type: gcp:tpu:V2Vm\n properties:\n name: test-tpu\n zone: us-central1-b\n runtimeVersion: ${availableGetV2RuntimeVersions.versions[0]}\n acceleratorType: ${available.types[0]}\nvariables:\n available:\n fn::invoke:\n Function: gcp:tpu:getV2AcceleratorTypes\n Arguments: {}\n availableGetV2RuntimeVersions:\n fn::invoke:\n Function: gcp:tpu:getV2RuntimeVersions\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get accelerator types available for a project. For more information see the [official documentation](https://cloud.google.com/tpu/docs/) and [API](https://cloud.google.com/tpu/docs/reference/rest/v2/projects.locations.acceleratorTypes).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst available = gcp.tpu.getV2AcceleratorTypes({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\navailable = gcp.tpu.get_v2_accelerator_types()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Gcp.Tpu.GetV2AcceleratorTypes.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tpu\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tpu.GetV2AcceleratorTypes(ctx, \u0026tpu.GetV2AcceleratorTypesArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tpu.TpuFunctions;\nimport com.pulumi.gcp.tpu.inputs.GetV2AcceleratorTypesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = TpuFunctions.getV2AcceleratorTypes();\n\n }\n}\n```\n```yaml\nvariables:\n available:\n fn::invoke:\n function: gcp:tpu:getV2AcceleratorTypes\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Configure Basic TPU VM With Available Type\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst available = gcp.tpu.getV2AcceleratorTypes({});\nconst availableGetV2RuntimeVersions = gcp.tpu.getV2RuntimeVersions({});\nconst tpu = new gcp.tpu.V2Vm(\"tpu\", {\n name: \"test-tpu\",\n zone: \"us-central1-b\",\n runtimeVersion: availableGetV2RuntimeVersions.then(availableGetV2RuntimeVersions =\u003e availableGetV2RuntimeVersions.versions?.[0]),\n acceleratorType: available.then(available =\u003e available.types?.[0]),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\navailable = gcp.tpu.get_v2_accelerator_types()\navailable_get_v2_runtime_versions = gcp.tpu.get_v2_runtime_versions()\ntpu = gcp.tpu.V2Vm(\"tpu\",\n name=\"test-tpu\",\n zone=\"us-central1-b\",\n runtime_version=available_get_v2_runtime_versions.versions[0],\n accelerator_type=available.types[0])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Gcp.Tpu.GetV2AcceleratorTypes.Invoke();\n\n var availableGetV2RuntimeVersions = Gcp.Tpu.GetV2RuntimeVersions.Invoke();\n\n var tpu = new Gcp.Tpu.V2Vm(\"tpu\", new()\n {\n Name = \"test-tpu\",\n Zone = \"us-central1-b\",\n RuntimeVersion = availableGetV2RuntimeVersions.Apply(getV2RuntimeVersionsResult =\u003e getV2RuntimeVersionsResult.Versions[0]),\n AcceleratorType = available.Apply(getV2AcceleratorTypesResult =\u003e getV2AcceleratorTypesResult.Types[0]),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tpu\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tavailable, err := tpu.GetV2AcceleratorTypes(ctx, \u0026tpu.GetV2AcceleratorTypesArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tavailableGetV2RuntimeVersions, err := tpu.GetV2RuntimeVersions(ctx, \u0026tpu.GetV2RuntimeVersionsArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tpu.NewV2Vm(ctx, \"tpu\", \u0026tpu.V2VmArgs{\n\t\t\tName: pulumi.String(\"test-tpu\"),\n\t\t\tZone: pulumi.String(\"us-central1-b\"),\n\t\t\tRuntimeVersion: pulumi.String(availableGetV2RuntimeVersions.Versions[0]),\n\t\t\tAcceleratorType: pulumi.String(available.Types[0]),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tpu.TpuFunctions;\nimport com.pulumi.gcp.tpu.inputs.GetV2AcceleratorTypesArgs;\nimport com.pulumi.gcp.tpu.inputs.GetV2RuntimeVersionsArgs;\nimport com.pulumi.gcp.tpu.V2Vm;\nimport com.pulumi.gcp.tpu.V2VmArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = TpuFunctions.getV2AcceleratorTypes();\n\n final var availableGetV2RuntimeVersions = TpuFunctions.getV2RuntimeVersions();\n\n var tpu = new V2Vm(\"tpu\", V2VmArgs.builder()\n .name(\"test-tpu\")\n .zone(\"us-central1-b\")\n .runtimeVersion(availableGetV2RuntimeVersions.applyValue(getV2RuntimeVersionsResult -\u003e getV2RuntimeVersionsResult.versions()[0]))\n .acceleratorType(available.applyValue(getV2AcceleratorTypesResult -\u003e getV2AcceleratorTypesResult.types()[0]))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tpu:\n type: gcp:tpu:V2Vm\n properties:\n name: test-tpu\n zone: us-central1-b\n runtimeVersion: ${availableGetV2RuntimeVersions.versions[0]}\n acceleratorType: ${available.types[0]}\nvariables:\n available:\n fn::invoke:\n function: gcp:tpu:getV2AcceleratorTypes\n arguments: {}\n availableGetV2RuntimeVersions:\n fn::invoke:\n function: gcp:tpu:getV2RuntimeVersions\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getV2AcceleratorTypes.\n", "properties": { @@ -303390,7 +303390,7 @@ } }, "gcp:tpu/getV2RuntimeVersions:getV2RuntimeVersions": { - "description": "Get runtime versions available for a project. For more information see the [official documentation](https://cloud.google.com/tpu/docs/) and [API](https://cloud.google.com/tpu/docs/reference/rest/v2/projects.locations.runtimeVersions).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst available = gcp.tpu.getV2RuntimeVersions({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\navailable = gcp.tpu.get_v2_runtime_versions()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Gcp.Tpu.GetV2RuntimeVersions.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tpu\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tpu.GetV2RuntimeVersions(ctx, \u0026tpu.GetV2RuntimeVersionsArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tpu.TpuFunctions;\nimport com.pulumi.gcp.tpu.inputs.GetV2RuntimeVersionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = TpuFunctions.getV2RuntimeVersions();\n\n }\n}\n```\n```yaml\nvariables:\n available:\n fn::invoke:\n Function: gcp:tpu:getV2RuntimeVersions\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Configure Basic TPU VM With Available Version\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst available = gcp.tpu.getV2RuntimeVersions({});\nconst tpu = new gcp.tpu.V2Vm(\"tpu\", {\n name: \"test-tpu\",\n zone: \"us-central1-b\",\n runtimeVersion: available.then(available =\u003e available.versions?.[0]),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\navailable = gcp.tpu.get_v2_runtime_versions()\ntpu = gcp.tpu.V2Vm(\"tpu\",\n name=\"test-tpu\",\n zone=\"us-central1-b\",\n runtime_version=available.versions[0])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Gcp.Tpu.GetV2RuntimeVersions.Invoke();\n\n var tpu = new Gcp.Tpu.V2Vm(\"tpu\", new()\n {\n Name = \"test-tpu\",\n Zone = \"us-central1-b\",\n RuntimeVersion = available.Apply(getV2RuntimeVersionsResult =\u003e getV2RuntimeVersionsResult.Versions[0]),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tpu\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tavailable, err := tpu.GetV2RuntimeVersions(ctx, \u0026tpu.GetV2RuntimeVersionsArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tpu.NewV2Vm(ctx, \"tpu\", \u0026tpu.V2VmArgs{\n\t\t\tName: pulumi.String(\"test-tpu\"),\n\t\t\tZone: pulumi.String(\"us-central1-b\"),\n\t\t\tRuntimeVersion: pulumi.String(available.Versions[0]),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tpu.TpuFunctions;\nimport com.pulumi.gcp.tpu.inputs.GetV2RuntimeVersionsArgs;\nimport com.pulumi.gcp.tpu.V2Vm;\nimport com.pulumi.gcp.tpu.V2VmArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = TpuFunctions.getV2RuntimeVersions();\n\n var tpu = new V2Vm(\"tpu\", V2VmArgs.builder()\n .name(\"test-tpu\")\n .zone(\"us-central1-b\")\n .runtimeVersion(available.applyValue(getV2RuntimeVersionsResult -\u003e getV2RuntimeVersionsResult.versions()[0]))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tpu:\n type: gcp:tpu:V2Vm\n properties:\n name: test-tpu\n zone: us-central1-b\n runtimeVersion: ${available.versions[0]}\nvariables:\n available:\n fn::invoke:\n Function: gcp:tpu:getV2RuntimeVersions\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get runtime versions available for a project. For more information see the [official documentation](https://cloud.google.com/tpu/docs/) and [API](https://cloud.google.com/tpu/docs/reference/rest/v2/projects.locations.runtimeVersions).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst available = gcp.tpu.getV2RuntimeVersions({});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\navailable = gcp.tpu.get_v2_runtime_versions()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Gcp.Tpu.GetV2RuntimeVersions.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tpu\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tpu.GetV2RuntimeVersions(ctx, \u0026tpu.GetV2RuntimeVersionsArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tpu.TpuFunctions;\nimport com.pulumi.gcp.tpu.inputs.GetV2RuntimeVersionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = TpuFunctions.getV2RuntimeVersions();\n\n }\n}\n```\n```yaml\nvariables:\n available:\n fn::invoke:\n function: gcp:tpu:getV2RuntimeVersions\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Configure Basic TPU VM With Available Version\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst available = gcp.tpu.getV2RuntimeVersions({});\nconst tpu = new gcp.tpu.V2Vm(\"tpu\", {\n name: \"test-tpu\",\n zone: \"us-central1-b\",\n runtimeVersion: available.then(available =\u003e available.versions?.[0]),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\navailable = gcp.tpu.get_v2_runtime_versions()\ntpu = gcp.tpu.V2Vm(\"tpu\",\n name=\"test-tpu\",\n zone=\"us-central1-b\",\n runtime_version=available.versions[0])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Gcp.Tpu.GetV2RuntimeVersions.Invoke();\n\n var tpu = new Gcp.Tpu.V2Vm(\"tpu\", new()\n {\n Name = \"test-tpu\",\n Zone = \"us-central1-b\",\n RuntimeVersion = available.Apply(getV2RuntimeVersionsResult =\u003e getV2RuntimeVersionsResult.Versions[0]),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tpu\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tavailable, err := tpu.GetV2RuntimeVersions(ctx, \u0026tpu.GetV2RuntimeVersionsArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tpu.NewV2Vm(ctx, \"tpu\", \u0026tpu.V2VmArgs{\n\t\t\tName: pulumi.String(\"test-tpu\"),\n\t\t\tZone: pulumi.String(\"us-central1-b\"),\n\t\t\tRuntimeVersion: pulumi.String(available.Versions[0]),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tpu.TpuFunctions;\nimport com.pulumi.gcp.tpu.inputs.GetV2RuntimeVersionsArgs;\nimport com.pulumi.gcp.tpu.V2Vm;\nimport com.pulumi.gcp.tpu.V2VmArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = TpuFunctions.getV2RuntimeVersions();\n\n var tpu = new V2Vm(\"tpu\", V2VmArgs.builder()\n .name(\"test-tpu\")\n .zone(\"us-central1-b\")\n .runtimeVersion(available.applyValue(getV2RuntimeVersionsResult -\u003e getV2RuntimeVersionsResult.versions()[0]))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tpu:\n type: gcp:tpu:V2Vm\n properties:\n name: test-tpu\n zone: us-central1-b\n runtimeVersion: ${available.versions[0]}\nvariables:\n available:\n fn::invoke:\n function: gcp:tpu:getV2RuntimeVersions\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getV2RuntimeVersions.\n", "properties": { @@ -303732,7 +303732,7 @@ } }, "gcp:vmwareengine/getCluster:getCluster": { - "description": "Use this data source to get details about a cluster resource.\n\nTo get more information about private cloud cluster, see:\n* [API documentation](https://cloud.google.com/vmware-engine/docs/reference/rest/v1/projects.locations.privateClouds.clusters)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myCluster = gcp.vmwareengine.getCluster({\n name: \"my-cluster\",\n parent: \"project/locations/us-west1-a/privateClouds/my-cloud\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_cluster = gcp.vmwareengine.get_cluster(name=\"my-cluster\",\n parent=\"project/locations/us-west1-a/privateClouds/my-cloud\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myCluster = Gcp.VMwareEngine.GetCluster.Invoke(new()\n {\n Name = \"my-cluster\",\n Parent = \"project/locations/us-west1-a/privateClouds/my-cloud\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vmwareengine\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vmwareengine.LookupCluster(ctx, \u0026vmwareengine.LookupClusterArgs{\n\t\t\tName: \"my-cluster\",\n\t\t\tParent: \"project/locations/us-west1-a/privateClouds/my-cloud\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vmwareengine.VmwareengineFunctions;\nimport com.pulumi.gcp.vmwareengine.inputs.GetClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myCluster = VmwareengineFunctions.getCluster(GetClusterArgs.builder()\n .name(\"my-cluster\")\n .parent(\"project/locations/us-west1-a/privateClouds/my-cloud\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myCluster:\n fn::invoke:\n Function: gcp:vmwareengine:getCluster\n Arguments:\n name: my-cluster\n parent: project/locations/us-west1-a/privateClouds/my-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get details about a cluster resource.\n\nTo get more information about private cloud cluster, see:\n* [API documentation](https://cloud.google.com/vmware-engine/docs/reference/rest/v1/projects.locations.privateClouds.clusters)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myCluster = gcp.vmwareengine.getCluster({\n name: \"my-cluster\",\n parent: \"project/locations/us-west1-a/privateClouds/my-cloud\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_cluster = gcp.vmwareengine.get_cluster(name=\"my-cluster\",\n parent=\"project/locations/us-west1-a/privateClouds/my-cloud\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myCluster = Gcp.VMwareEngine.GetCluster.Invoke(new()\n {\n Name = \"my-cluster\",\n Parent = \"project/locations/us-west1-a/privateClouds/my-cloud\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vmwareengine\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vmwareengine.LookupCluster(ctx, \u0026vmwareengine.LookupClusterArgs{\n\t\t\tName: \"my-cluster\",\n\t\t\tParent: \"project/locations/us-west1-a/privateClouds/my-cloud\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vmwareengine.VmwareengineFunctions;\nimport com.pulumi.gcp.vmwareengine.inputs.GetClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myCluster = VmwareengineFunctions.getCluster(GetClusterArgs.builder()\n .name(\"my-cluster\")\n .parent(\"project/locations/us-west1-a/privateClouds/my-cloud\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myCluster:\n fn::invoke:\n function: gcp:vmwareengine:getCluster\n arguments:\n name: my-cluster\n parent: project/locations/us-west1-a/privateClouds/my-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getCluster.\n", "properties": { @@ -303800,7 +303800,7 @@ } }, "gcp:vmwareengine/getExternalAccessRule:getExternalAccessRule": { - "description": "Use this data source to get details about a external access rule resource.\n\nTo get more information about external address, see:\n* [API documentation](https://cloud.google.com/vmware-engine/docs/reference/rest/v1/projects.locations.networkPolicies.externalAccessRules)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myExternalAccessRule = gcp.vmwareengine.getExternalAccessRule({\n name: \"my-external-access-rule\",\n parent: \"project/my-project/locations/us-west1-a/networkPolicies/my-network-policy\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_external_access_rule = gcp.vmwareengine.get_external_access_rule(name=\"my-external-access-rule\",\n parent=\"project/my-project/locations/us-west1-a/networkPolicies/my-network-policy\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myExternalAccessRule = Gcp.VMwareEngine.GetExternalAccessRule.Invoke(new()\n {\n Name = \"my-external-access-rule\",\n Parent = \"project/my-project/locations/us-west1-a/networkPolicies/my-network-policy\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vmwareengine\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vmwareengine.LookupExternalAccessRule(ctx, \u0026vmwareengine.LookupExternalAccessRuleArgs{\n\t\t\tName: \"my-external-access-rule\",\n\t\t\tParent: \"project/my-project/locations/us-west1-a/networkPolicies/my-network-policy\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vmwareengine.VmwareengineFunctions;\nimport com.pulumi.gcp.vmwareengine.inputs.GetExternalAccessRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myExternalAccessRule = VmwareengineFunctions.getExternalAccessRule(GetExternalAccessRuleArgs.builder()\n .name(\"my-external-access-rule\")\n .parent(\"project/my-project/locations/us-west1-a/networkPolicies/my-network-policy\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myExternalAccessRule:\n fn::invoke:\n Function: gcp:vmwareengine:getExternalAccessRule\n Arguments:\n name: my-external-access-rule\n parent: project/my-project/locations/us-west1-a/networkPolicies/my-network-policy\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get details about a external access rule resource.\n\nTo get more information about external address, see:\n* [API documentation](https://cloud.google.com/vmware-engine/docs/reference/rest/v1/projects.locations.networkPolicies.externalAccessRules)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myExternalAccessRule = gcp.vmwareengine.getExternalAccessRule({\n name: \"my-external-access-rule\",\n parent: \"project/my-project/locations/us-west1-a/networkPolicies/my-network-policy\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_external_access_rule = gcp.vmwareengine.get_external_access_rule(name=\"my-external-access-rule\",\n parent=\"project/my-project/locations/us-west1-a/networkPolicies/my-network-policy\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myExternalAccessRule = Gcp.VMwareEngine.GetExternalAccessRule.Invoke(new()\n {\n Name = \"my-external-access-rule\",\n Parent = \"project/my-project/locations/us-west1-a/networkPolicies/my-network-policy\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vmwareengine\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vmwareengine.LookupExternalAccessRule(ctx, \u0026vmwareengine.LookupExternalAccessRuleArgs{\n\t\t\tName: \"my-external-access-rule\",\n\t\t\tParent: \"project/my-project/locations/us-west1-a/networkPolicies/my-network-policy\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vmwareengine.VmwareengineFunctions;\nimport com.pulumi.gcp.vmwareengine.inputs.GetExternalAccessRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myExternalAccessRule = VmwareengineFunctions.getExternalAccessRule(GetExternalAccessRuleArgs.builder()\n .name(\"my-external-access-rule\")\n .parent(\"project/my-project/locations/us-west1-a/networkPolicies/my-network-policy\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myExternalAccessRule:\n fn::invoke:\n function: gcp:vmwareengine:getExternalAccessRule\n arguments:\n name: my-external-access-rule\n parent: project/my-project/locations/us-west1-a/networkPolicies/my-network-policy\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getExternalAccessRule.\n", "properties": { @@ -303902,7 +303902,7 @@ } }, "gcp:vmwareengine/getExternalAddress:getExternalAddress": { - "description": "Use this data source to get details about a external address resource.\n\nTo get more information about external address, see:\n* [API documentation](https://cloud.google.com/vmware-engine/docs/reference/rest/v1/projects.locations.privateClouds.externalAddresses)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myExternalAddress = gcp.vmwareengine.getExternalAddress({\n name: \"my-external-address\",\n parent: \"project/my-project/locations/us-west1-a/privateClouds/my-cloud\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_external_address = gcp.vmwareengine.get_external_address(name=\"my-external-address\",\n parent=\"project/my-project/locations/us-west1-a/privateClouds/my-cloud\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myExternalAddress = Gcp.VMwareEngine.GetExternalAddress.Invoke(new()\n {\n Name = \"my-external-address\",\n Parent = \"project/my-project/locations/us-west1-a/privateClouds/my-cloud\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vmwareengine\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vmwareengine.LookupExternalAddress(ctx, \u0026vmwareengine.LookupExternalAddressArgs{\n\t\t\tName: \"my-external-address\",\n\t\t\tParent: \"project/my-project/locations/us-west1-a/privateClouds/my-cloud\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vmwareengine.VmwareengineFunctions;\nimport com.pulumi.gcp.vmwareengine.inputs.GetExternalAddressArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myExternalAddress = VmwareengineFunctions.getExternalAddress(GetExternalAddressArgs.builder()\n .name(\"my-external-address\")\n .parent(\"project/my-project/locations/us-west1-a/privateClouds/my-cloud\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myExternalAddress:\n fn::invoke:\n Function: gcp:vmwareengine:getExternalAddress\n Arguments:\n name: my-external-address\n parent: project/my-project/locations/us-west1-a/privateClouds/my-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get details about a external address resource.\n\nTo get more information about external address, see:\n* [API documentation](https://cloud.google.com/vmware-engine/docs/reference/rest/v1/projects.locations.privateClouds.externalAddresses)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myExternalAddress = gcp.vmwareengine.getExternalAddress({\n name: \"my-external-address\",\n parent: \"project/my-project/locations/us-west1-a/privateClouds/my-cloud\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_external_address = gcp.vmwareengine.get_external_address(name=\"my-external-address\",\n parent=\"project/my-project/locations/us-west1-a/privateClouds/my-cloud\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myExternalAddress = Gcp.VMwareEngine.GetExternalAddress.Invoke(new()\n {\n Name = \"my-external-address\",\n Parent = \"project/my-project/locations/us-west1-a/privateClouds/my-cloud\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vmwareengine\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vmwareengine.LookupExternalAddress(ctx, \u0026vmwareengine.LookupExternalAddressArgs{\n\t\t\tName: \"my-external-address\",\n\t\t\tParent: \"project/my-project/locations/us-west1-a/privateClouds/my-cloud\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vmwareengine.VmwareengineFunctions;\nimport com.pulumi.gcp.vmwareengine.inputs.GetExternalAddressArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myExternalAddress = VmwareengineFunctions.getExternalAddress(GetExternalAddressArgs.builder()\n .name(\"my-external-address\")\n .parent(\"project/my-project/locations/us-west1-a/privateClouds/my-cloud\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myExternalAddress:\n fn::invoke:\n function: gcp:vmwareengine:getExternalAddress\n arguments:\n name: my-external-address\n parent: project/my-project/locations/us-west1-a/privateClouds/my-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getExternalAddress.\n", "properties": { @@ -303972,7 +303972,7 @@ } }, "gcp:vmwareengine/getNetwork:getNetwork": { - "description": "Use this data source to get details about a VMwareEngine network resource.\n\nTo get more information about VMwareEngine Network, see:\n* [API documentation](https://cloud.google.com/vmware-engine/docs/reference/rest/v1/projects.locations.vmwareEngineNetworks)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myNw = gcp.vmwareengine.getNetwork({\n name: \"us-central1-default\",\n location: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_nw = gcp.vmwareengine.get_network(name=\"us-central1-default\",\n location=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myNw = Gcp.VMwareEngine.GetNetwork.Invoke(new()\n {\n Name = \"us-central1-default\",\n Location = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vmwareengine\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vmwareengine.LookupNetwork(ctx, \u0026vmwareengine.LookupNetworkArgs{\n\t\t\tName: \"us-central1-default\",\n\t\t\tLocation: \"us-central1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vmwareengine.VmwareengineFunctions;\nimport com.pulumi.gcp.vmwareengine.inputs.GetNetworkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myNw = VmwareengineFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"us-central1-default\")\n .location(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myNw:\n fn::invoke:\n Function: gcp:vmwareengine:getNetwork\n Arguments:\n name: us-central1-default\n location: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get details about a VMwareEngine network resource.\n\nTo get more information about VMwareEngine Network, see:\n* [API documentation](https://cloud.google.com/vmware-engine/docs/reference/rest/v1/projects.locations.vmwareEngineNetworks)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myNw = gcp.vmwareengine.getNetwork({\n name: \"us-central1-default\",\n location: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_nw = gcp.vmwareengine.get_network(name=\"us-central1-default\",\n location=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myNw = Gcp.VMwareEngine.GetNetwork.Invoke(new()\n {\n Name = \"us-central1-default\",\n Location = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vmwareengine\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vmwareengine.LookupNetwork(ctx, \u0026vmwareengine.LookupNetworkArgs{\n\t\t\tName: \"us-central1-default\",\n\t\t\tLocation: \"us-central1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vmwareengine.VmwareengineFunctions;\nimport com.pulumi.gcp.vmwareengine.inputs.GetNetworkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myNw = VmwareengineFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"us-central1-default\")\n .location(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myNw:\n fn::invoke:\n function: gcp:vmwareengine:getNetwork\n arguments:\n name: us-central1-default\n location: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getNetwork.\n", "properties": { @@ -304044,7 +304044,7 @@ } }, "gcp:vmwareengine/getNetworkPeering:getNetworkPeering": { - "description": "Use this data source to get details about a network peering resource.\n\nTo get more information about network peering, see:\n* [API documentation](https://cloud.google.com/vmware-engine/docs/reference/rest/v1/projects.locations.networkPeerings)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myNetworkPeering = gcp.vmwareengine.getNetworkPeering({\n name: \"my-network-peering\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_network_peering = gcp.vmwareengine.get_network_peering(name=\"my-network-peering\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myNetworkPeering = Gcp.VMwareEngine.GetNetworkPeering.Invoke(new()\n {\n Name = \"my-network-peering\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vmwareengine\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vmwareengine.LookupNetworkPeering(ctx, \u0026vmwareengine.LookupNetworkPeeringArgs{\n\t\t\tName: \"my-network-peering\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vmwareengine.VmwareengineFunctions;\nimport com.pulumi.gcp.vmwareengine.inputs.GetNetworkPeeringArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myNetworkPeering = VmwareengineFunctions.getNetworkPeering(GetNetworkPeeringArgs.builder()\n .name(\"my-network-peering\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myNetworkPeering:\n fn::invoke:\n Function: gcp:vmwareengine:getNetworkPeering\n Arguments:\n name: my-network-peering\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get details about a network peering resource.\n\nTo get more information about network peering, see:\n* [API documentation](https://cloud.google.com/vmware-engine/docs/reference/rest/v1/projects.locations.networkPeerings)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myNetworkPeering = gcp.vmwareengine.getNetworkPeering({\n name: \"my-network-peering\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_network_peering = gcp.vmwareengine.get_network_peering(name=\"my-network-peering\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myNetworkPeering = Gcp.VMwareEngine.GetNetworkPeering.Invoke(new()\n {\n Name = \"my-network-peering\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vmwareengine\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vmwareengine.LookupNetworkPeering(ctx, \u0026vmwareengine.LookupNetworkPeeringArgs{\n\t\t\tName: \"my-network-peering\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vmwareengine.VmwareengineFunctions;\nimport com.pulumi.gcp.vmwareengine.inputs.GetNetworkPeeringArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myNetworkPeering = VmwareengineFunctions.getNetworkPeering(GetNetworkPeeringArgs.builder()\n .name(\"my-network-peering\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myNetworkPeering:\n fn::invoke:\n function: gcp:vmwareengine:getNetworkPeering\n arguments:\n name: my-network-peering\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getNetworkPeering.\n", "properties": { @@ -304139,7 +304139,7 @@ } }, "gcp:vmwareengine/getNetworkPolicy:getNetworkPolicy": { - "description": "Use this data source to get details about a network policy resource.\n\nTo get more information about network policy, see:\n* [API documentation](https://cloud.google.com/vmware-engine/docs/reference/rest/v1/projects.locations.networkPolicies)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myNetworkPolicy = gcp.vmwareengine.getNetworkPolicy({\n name: \"my-network-policy\",\n location: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_network_policy = gcp.vmwareengine.get_network_policy(name=\"my-network-policy\",\n location=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myNetworkPolicy = Gcp.VMwareEngine.GetNetworkPolicy.Invoke(new()\n {\n Name = \"my-network-policy\",\n Location = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vmwareengine\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vmwareengine.LookupNetworkPolicy(ctx, \u0026vmwareengine.LookupNetworkPolicyArgs{\n\t\t\tName: \"my-network-policy\",\n\t\t\tLocation: \"us-central1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vmwareengine.VmwareengineFunctions;\nimport com.pulumi.gcp.vmwareengine.inputs.GetNetworkPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myNetworkPolicy = VmwareengineFunctions.getNetworkPolicy(GetNetworkPolicyArgs.builder()\n .name(\"my-network-policy\")\n .location(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myNetworkPolicy:\n fn::invoke:\n Function: gcp:vmwareengine:getNetworkPolicy\n Arguments:\n name: my-network-policy\n location: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get details about a network policy resource.\n\nTo get more information about network policy, see:\n* [API documentation](https://cloud.google.com/vmware-engine/docs/reference/rest/v1/projects.locations.networkPolicies)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myNetworkPolicy = gcp.vmwareengine.getNetworkPolicy({\n name: \"my-network-policy\",\n location: \"us-central1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_network_policy = gcp.vmwareengine.get_network_policy(name=\"my-network-policy\",\n location=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myNetworkPolicy = Gcp.VMwareEngine.GetNetworkPolicy.Invoke(new()\n {\n Name = \"my-network-policy\",\n Location = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vmwareengine\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vmwareengine.LookupNetworkPolicy(ctx, \u0026vmwareengine.LookupNetworkPolicyArgs{\n\t\t\tName: \"my-network-policy\",\n\t\t\tLocation: \"us-central1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vmwareengine.VmwareengineFunctions;\nimport com.pulumi.gcp.vmwareengine.inputs.GetNetworkPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myNetworkPolicy = VmwareengineFunctions.getNetworkPolicy(GetNetworkPolicyArgs.builder()\n .name(\"my-network-policy\")\n .location(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myNetworkPolicy:\n fn::invoke:\n function: gcp:vmwareengine:getNetworkPolicy\n arguments:\n name: my-network-policy\n location: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getNetworkPolicy.\n", "properties": { @@ -304229,7 +304229,7 @@ } }, "gcp:vmwareengine/getNsxCredentials:getNsxCredentials": { - "description": "Use this data source to get NSX credentials for a Private Cloud.\n\nTo get more information about private cloud NSX credentials, see:\n* [API documentation](https://cloud.google.com/vmware-engine/docs/reference/rest/v1/projects.locations.privateClouds/showNsxCredentials)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst ds = gcp.vmwareengine.getNsxCredentials({\n parent: \"projects/my-project/locations/us-west1-a/privateClouds/my-cloud\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nds = gcp.vmwareengine.get_nsx_credentials(parent=\"projects/my-project/locations/us-west1-a/privateClouds/my-cloud\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ds = Gcp.VMwareEngine.GetNsxCredentials.Invoke(new()\n {\n Parent = \"projects/my-project/locations/us-west1-a/privateClouds/my-cloud\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vmwareengine\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vmwareengine.GetNsxCredentials(ctx, \u0026vmwareengine.GetNsxCredentialsArgs{\n\t\t\tParent: \"projects/my-project/locations/us-west1-a/privateClouds/my-cloud\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vmwareengine.VmwareengineFunctions;\nimport com.pulumi.gcp.vmwareengine.inputs.GetNsxCredentialsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var ds = VmwareengineFunctions.getNsxCredentials(GetNsxCredentialsArgs.builder()\n .parent(\"projects/my-project/locations/us-west1-a/privateClouds/my-cloud\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n ds:\n fn::invoke:\n Function: gcp:vmwareengine:getNsxCredentials\n Arguments:\n parent: projects/my-project/locations/us-west1-a/privateClouds/my-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get NSX credentials for a Private Cloud.\n\nTo get more information about private cloud NSX credentials, see:\n* [API documentation](https://cloud.google.com/vmware-engine/docs/reference/rest/v1/projects.locations.privateClouds/showNsxCredentials)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst ds = gcp.vmwareengine.getNsxCredentials({\n parent: \"projects/my-project/locations/us-west1-a/privateClouds/my-cloud\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nds = gcp.vmwareengine.get_nsx_credentials(parent=\"projects/my-project/locations/us-west1-a/privateClouds/my-cloud\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ds = Gcp.VMwareEngine.GetNsxCredentials.Invoke(new()\n {\n Parent = \"projects/my-project/locations/us-west1-a/privateClouds/my-cloud\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vmwareengine\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vmwareengine.GetNsxCredentials(ctx, \u0026vmwareengine.GetNsxCredentialsArgs{\n\t\t\tParent: \"projects/my-project/locations/us-west1-a/privateClouds/my-cloud\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vmwareengine.VmwareengineFunctions;\nimport com.pulumi.gcp.vmwareengine.inputs.GetNsxCredentialsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var ds = VmwareengineFunctions.getNsxCredentials(GetNsxCredentialsArgs.builder()\n .parent(\"projects/my-project/locations/us-west1-a/privateClouds/my-cloud\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n ds:\n fn::invoke:\n function: gcp:vmwareengine:getNsxCredentials\n arguments:\n parent: projects/my-project/locations/us-west1-a/privateClouds/my-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getNsxCredentials.\n", "properties": { @@ -304273,7 +304273,7 @@ } }, "gcp:vmwareengine/getPrivateCloud:getPrivateCloud": { - "description": "Use this data source to get details about a private cloud resource.\n\nTo get more information about private cloud, see:\n* [API documentation](https://cloud.google.com/vmware-engine/docs/reference/rest/v1/projects.locations.privateClouds)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myPc = gcp.vmwareengine.getPrivateCloud({\n name: \"my-pc\",\n location: \"us-central1-a\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_pc = gcp.vmwareengine.get_private_cloud(name=\"my-pc\",\n location=\"us-central1-a\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myPc = Gcp.VMwareEngine.GetPrivateCloud.Invoke(new()\n {\n Name = \"my-pc\",\n Location = \"us-central1-a\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vmwareengine\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vmwareengine.LookupPrivateCloud(ctx, \u0026vmwareengine.LookupPrivateCloudArgs{\n\t\t\tName: \"my-pc\",\n\t\t\tLocation: \"us-central1-a\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vmwareengine.VmwareengineFunctions;\nimport com.pulumi.gcp.vmwareengine.inputs.GetPrivateCloudArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myPc = VmwareengineFunctions.getPrivateCloud(GetPrivateCloudArgs.builder()\n .name(\"my-pc\")\n .location(\"us-central1-a\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myPc:\n fn::invoke:\n Function: gcp:vmwareengine:getPrivateCloud\n Arguments:\n name: my-pc\n location: us-central1-a\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get details about a private cloud resource.\n\nTo get more information about private cloud, see:\n* [API documentation](https://cloud.google.com/vmware-engine/docs/reference/rest/v1/projects.locations.privateClouds)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myPc = gcp.vmwareengine.getPrivateCloud({\n name: \"my-pc\",\n location: \"us-central1-a\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_pc = gcp.vmwareengine.get_private_cloud(name=\"my-pc\",\n location=\"us-central1-a\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myPc = Gcp.VMwareEngine.GetPrivateCloud.Invoke(new()\n {\n Name = \"my-pc\",\n Location = \"us-central1-a\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vmwareengine\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vmwareengine.LookupPrivateCloud(ctx, \u0026vmwareengine.LookupPrivateCloudArgs{\n\t\t\tName: \"my-pc\",\n\t\t\tLocation: \"us-central1-a\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vmwareengine.VmwareengineFunctions;\nimport com.pulumi.gcp.vmwareengine.inputs.GetPrivateCloudArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myPc = VmwareengineFunctions.getPrivateCloud(GetPrivateCloudArgs.builder()\n .name(\"my-pc\")\n .location(\"us-central1-a\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n myPc:\n fn::invoke:\n function: gcp:vmwareengine:getPrivateCloud\n arguments:\n name: my-pc\n location: us-central1-a\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getPrivateCloud.\n", "properties": { @@ -304381,7 +304381,7 @@ } }, "gcp:vmwareengine/getSubnet:getSubnet": { - "description": "Use this data source to get details about a subnet. Management subnets support only read operations and should be configured through this data source. User defined subnets can be configured using the resource as well as the datasource.\n\nTo get more information about private cloud subnet, see:\n* [API documentation](https://cloud.google.com/vmware-engine/docs/reference/rest/v1/projects.locations.privateClouds.subnets)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst mySubnet = gcp.vmwareengine.getSubnet({\n name: \"service-1\",\n parent: \"project/my-project/locations/us-west1-a/privateClouds/my-cloud\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_subnet = gcp.vmwareengine.get_subnet(name=\"service-1\",\n parent=\"project/my-project/locations/us-west1-a/privateClouds/my-cloud\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var mySubnet = Gcp.VMwareEngine.GetSubnet.Invoke(new()\n {\n Name = \"service-1\",\n Parent = \"project/my-project/locations/us-west1-a/privateClouds/my-cloud\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vmwareengine\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vmwareengine.LookupSubnet(ctx, \u0026vmwareengine.LookupSubnetArgs{\n\t\t\tName: \"service-1\",\n\t\t\tParent: \"project/my-project/locations/us-west1-a/privateClouds/my-cloud\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vmwareengine.VmwareengineFunctions;\nimport com.pulumi.gcp.vmwareengine.inputs.GetSubnetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var mySubnet = VmwareengineFunctions.getSubnet(GetSubnetArgs.builder()\n .name(\"service-1\")\n .parent(\"project/my-project/locations/us-west1-a/privateClouds/my-cloud\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n mySubnet:\n fn::invoke:\n Function: gcp:vmwareengine:getSubnet\n Arguments:\n name: service-1\n parent: project/my-project/locations/us-west1-a/privateClouds/my-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get details about a subnet. Management subnets support only read operations and should be configured through this data source. User defined subnets can be configured using the resource as well as the datasource.\n\nTo get more information about private cloud subnet, see:\n* [API documentation](https://cloud.google.com/vmware-engine/docs/reference/rest/v1/projects.locations.privateClouds.subnets)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst mySubnet = gcp.vmwareengine.getSubnet({\n name: \"service-1\",\n parent: \"project/my-project/locations/us-west1-a/privateClouds/my-cloud\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_subnet = gcp.vmwareengine.get_subnet(name=\"service-1\",\n parent=\"project/my-project/locations/us-west1-a/privateClouds/my-cloud\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var mySubnet = Gcp.VMwareEngine.GetSubnet.Invoke(new()\n {\n Name = \"service-1\",\n Parent = \"project/my-project/locations/us-west1-a/privateClouds/my-cloud\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vmwareengine\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vmwareengine.LookupSubnet(ctx, \u0026vmwareengine.LookupSubnetArgs{\n\t\t\tName: \"service-1\",\n\t\t\tParent: \"project/my-project/locations/us-west1-a/privateClouds/my-cloud\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vmwareengine.VmwareengineFunctions;\nimport com.pulumi.gcp.vmwareengine.inputs.GetSubnetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var mySubnet = VmwareengineFunctions.getSubnet(GetSubnetArgs.builder()\n .name(\"service-1\")\n .parent(\"project/my-project/locations/us-west1-a/privateClouds/my-cloud\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n mySubnet:\n fn::invoke:\n function: gcp:vmwareengine:getSubnet\n arguments:\n name: service-1\n parent: project/my-project/locations/us-west1-a/privateClouds/my-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getSubnet.\n", "properties": { @@ -304470,7 +304470,7 @@ } }, "gcp:vmwareengine/getVcenterCredentials:getVcenterCredentials": { - "description": "Use this data source to get Vcenter credentials for a Private Cloud.\n\nTo get more information about private cloud Vcenter credentials, see:\n* [API documentation](https://cloud.google.com/vmware-engine/docs/reference/rest/v1/projects.locations.privateClouds/showVcenterCredentials)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst ds = gcp.vmwareengine.getVcenterCredentials({\n parent: \"projects/my-project/locations/us-west1-a/privateClouds/my-cloud\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nds = gcp.vmwareengine.get_vcenter_credentials(parent=\"projects/my-project/locations/us-west1-a/privateClouds/my-cloud\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ds = Gcp.VMwareEngine.GetVcenterCredentials.Invoke(new()\n {\n Parent = \"projects/my-project/locations/us-west1-a/privateClouds/my-cloud\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vmwareengine\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vmwareengine.GetVcenterCredentials(ctx, \u0026vmwareengine.GetVcenterCredentialsArgs{\n\t\t\tParent: \"projects/my-project/locations/us-west1-a/privateClouds/my-cloud\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vmwareengine.VmwareengineFunctions;\nimport com.pulumi.gcp.vmwareengine.inputs.GetVcenterCredentialsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var ds = VmwareengineFunctions.getVcenterCredentials(GetVcenterCredentialsArgs.builder()\n .parent(\"projects/my-project/locations/us-west1-a/privateClouds/my-cloud\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n ds:\n fn::invoke:\n Function: gcp:vmwareengine:getVcenterCredentials\n Arguments:\n parent: projects/my-project/locations/us-west1-a/privateClouds/my-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get Vcenter credentials for a Private Cloud.\n\nTo get more information about private cloud Vcenter credentials, see:\n* [API documentation](https://cloud.google.com/vmware-engine/docs/reference/rest/v1/projects.locations.privateClouds/showVcenterCredentials)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst ds = gcp.vmwareengine.getVcenterCredentials({\n parent: \"projects/my-project/locations/us-west1-a/privateClouds/my-cloud\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nds = gcp.vmwareengine.get_vcenter_credentials(parent=\"projects/my-project/locations/us-west1-a/privateClouds/my-cloud\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ds = Gcp.VMwareEngine.GetVcenterCredentials.Invoke(new()\n {\n Parent = \"projects/my-project/locations/us-west1-a/privateClouds/my-cloud\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vmwareengine\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vmwareengine.GetVcenterCredentials(ctx, \u0026vmwareengine.GetVcenterCredentialsArgs{\n\t\t\tParent: \"projects/my-project/locations/us-west1-a/privateClouds/my-cloud\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vmwareengine.VmwareengineFunctions;\nimport com.pulumi.gcp.vmwareengine.inputs.GetVcenterCredentialsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var ds = VmwareengineFunctions.getVcenterCredentials(GetVcenterCredentialsArgs.builder()\n .parent(\"projects/my-project/locations/us-west1-a/privateClouds/my-cloud\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n ds:\n fn::invoke:\n function: gcp:vmwareengine:getVcenterCredentials\n arguments:\n parent: projects/my-project/locations/us-west1-a/privateClouds/my-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getVcenterCredentials.\n", "properties": { @@ -304514,7 +304514,7 @@ } }, "gcp:vpcaccess/getConnector:getConnector": { - "description": "Get a Serverless VPC Access connector.\n\nTo get more information about Connector, see:\n\n* [API documentation](https://cloud.google.com/vpc/docs/reference/vpcaccess/rest/v1/projects.locations.connectors)\n* How-to Guides\n * [Configuring Serverless VPC Access](https://cloud.google.com/vpc/docs/configure-serverless-vpc-access)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sample = gcp.vpcaccess.getConnector({\n name: \"vpc-con\",\n});\nconst connector = new gcp.vpcaccess.Connector(\"connector\", {\n name: \"vpc-con\",\n ipCidrRange: \"10.8.0.0/28\",\n network: \"default\",\n region: \"us-central1\",\n minInstances: 2,\n maxInstances: 3,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsample = gcp.vpcaccess.get_connector(name=\"vpc-con\")\nconnector = gcp.vpcaccess.Connector(\"connector\",\n name=\"vpc-con\",\n ip_cidr_range=\"10.8.0.0/28\",\n network=\"default\",\n region=\"us-central1\",\n min_instances=2,\n max_instances=3)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sample = Gcp.VpcAccess.GetConnector.Invoke(new()\n {\n Name = \"vpc-con\",\n });\n\n var connector = new Gcp.VpcAccess.Connector(\"connector\", new()\n {\n Name = \"vpc-con\",\n IpCidrRange = \"10.8.0.0/28\",\n Network = \"default\",\n Region = \"us-central1\",\n MinInstances = 2,\n MaxInstances = 3,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vpcaccess\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vpcaccess.LookupConnector(ctx, \u0026vpcaccess.LookupConnectorArgs{\n\t\t\tName: \"vpc-con\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vpcaccess.NewConnector(ctx, \"connector\", \u0026vpcaccess.ConnectorArgs{\n\t\t\tName: pulumi.String(\"vpc-con\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.8.0.0/28\"),\n\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tMinInstances: pulumi.Int(2),\n\t\t\tMaxInstances: pulumi.Int(3),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vpcaccess.VpcaccessFunctions;\nimport com.pulumi.gcp.vpcaccess.inputs.GetConnectorArgs;\nimport com.pulumi.gcp.vpcaccess.Connector;\nimport com.pulumi.gcp.vpcaccess.ConnectorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var sample = VpcaccessFunctions.getConnector(GetConnectorArgs.builder()\n .name(\"vpc-con\")\n .build());\n\n var connector = new Connector(\"connector\", ConnectorArgs.builder()\n .name(\"vpc-con\")\n .ipCidrRange(\"10.8.0.0/28\")\n .network(\"default\")\n .region(\"us-central1\")\n .minInstances(2)\n .maxInstances(3)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n connector:\n type: gcp:vpcaccess:Connector\n properties:\n name: vpc-con\n ipCidrRange: 10.8.0.0/28\n network: default\n region: us-central1\n minInstances: 2\n maxInstances: 3\nvariables:\n sample:\n fn::invoke:\n Function: gcp:vpcaccess:getConnector\n Arguments:\n name: vpc-con\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get a Serverless VPC Access connector.\n\nTo get more information about Connector, see:\n\n* [API documentation](https://cloud.google.com/vpc/docs/reference/vpcaccess/rest/v1/projects.locations.connectors)\n* How-to Guides\n * [Configuring Serverless VPC Access](https://cloud.google.com/vpc/docs/configure-serverless-vpc-access)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sample = gcp.vpcaccess.getConnector({\n name: \"vpc-con\",\n});\nconst connector = new gcp.vpcaccess.Connector(\"connector\", {\n name: \"vpc-con\",\n ipCidrRange: \"10.8.0.0/28\",\n network: \"default\",\n region: \"us-central1\",\n minInstances: 2,\n maxInstances: 3,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsample = gcp.vpcaccess.get_connector(name=\"vpc-con\")\nconnector = gcp.vpcaccess.Connector(\"connector\",\n name=\"vpc-con\",\n ip_cidr_range=\"10.8.0.0/28\",\n network=\"default\",\n region=\"us-central1\",\n min_instances=2,\n max_instances=3)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sample = Gcp.VpcAccess.GetConnector.Invoke(new()\n {\n Name = \"vpc-con\",\n });\n\n var connector = new Gcp.VpcAccess.Connector(\"connector\", new()\n {\n Name = \"vpc-con\",\n IpCidrRange = \"10.8.0.0/28\",\n Network = \"default\",\n Region = \"us-central1\",\n MinInstances = 2,\n MaxInstances = 3,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/vpcaccess\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vpcaccess.LookupConnector(ctx, \u0026vpcaccess.LookupConnectorArgs{\n\t\t\tName: \"vpc-con\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vpcaccess.NewConnector(ctx, \"connector\", \u0026vpcaccess.ConnectorArgs{\n\t\t\tName: pulumi.String(\"vpc-con\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.8.0.0/28\"),\n\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tMinInstances: pulumi.Int(2),\n\t\t\tMaxInstances: pulumi.Int(3),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vpcaccess.VpcaccessFunctions;\nimport com.pulumi.gcp.vpcaccess.inputs.GetConnectorArgs;\nimport com.pulumi.gcp.vpcaccess.Connector;\nimport com.pulumi.gcp.vpcaccess.ConnectorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var sample = VpcaccessFunctions.getConnector(GetConnectorArgs.builder()\n .name(\"vpc-con\")\n .build());\n\n var connector = new Connector(\"connector\", ConnectorArgs.builder()\n .name(\"vpc-con\")\n .ipCidrRange(\"10.8.0.0/28\")\n .network(\"default\")\n .region(\"us-central1\")\n .minInstances(2)\n .maxInstances(3)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n connector:\n type: gcp:vpcaccess:Connector\n properties:\n name: vpc-con\n ipCidrRange: 10.8.0.0/28\n network: default\n region: us-central1\n minInstances: 2\n maxInstances: 3\nvariables:\n sample:\n fn::invoke:\n function: gcp:vpcaccess:getConnector\n arguments:\n name: vpc-con\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getConnector.\n", "properties": { @@ -304611,7 +304611,7 @@ } }, "gcp:workbench/getInstanceIamPolicy:getInstanceIamPolicy": { - "description": "Retrieves the current IAM policy data for instance\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.workbench.getInstanceIamPolicy({\n project: instance.project,\n location: instance.location,\n name: instance.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.workbench.get_instance_iam_policy(project=instance[\"project\"],\n location=instance[\"location\"],\n name=instance[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Workbench.GetInstanceIamPolicy.Invoke(new()\n {\n Project = instance.Project,\n Location = instance.Location,\n Name = instance.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/workbench\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := workbench.LookupInstanceIamPolicy(ctx, \u0026workbench.LookupInstanceIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(instance.Project),\n\t\t\tLocation: pulumi.StringRef(instance.Location),\n\t\t\tName: instance.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.workbench.WorkbenchFunctions;\nimport com.pulumi.gcp.workbench.inputs.GetInstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = WorkbenchFunctions.getInstanceIamPolicy(GetInstanceIamPolicyArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .name(instance.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:workbench:getInstanceIamPolicy\n Arguments:\n project: ${instance.project}\n location: ${instance.location}\n name: ${instance.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieves the current IAM policy data for instance\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.workbench.getInstanceIamPolicy({\n project: instance.project,\n location: instance.location,\n name: instance.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.workbench.get_instance_iam_policy(project=instance[\"project\"],\n location=instance[\"location\"],\n name=instance[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Workbench.GetInstanceIamPolicy.Invoke(new()\n {\n Project = instance.Project,\n Location = instance.Location,\n Name = instance.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/workbench\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := workbench.LookupInstanceIamPolicy(ctx, \u0026workbench.LookupInstanceIamPolicyArgs{\n\t\t\tProject: pulumi.StringRef(instance.Project),\n\t\t\tLocation: pulumi.StringRef(instance.Location),\n\t\t\tName: instance.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.workbench.WorkbenchFunctions;\nimport com.pulumi.gcp.workbench.inputs.GetInstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = WorkbenchFunctions.getInstanceIamPolicy(GetInstanceIamPolicyArgs.builder()\n .project(instance.project())\n .location(instance.location())\n .name(instance.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n function: gcp:workbench:getInstanceIamPolicy\n arguments:\n project: ${instance.project}\n location: ${instance.location}\n name: ${instance.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getInstanceIamPolicy.\n", "properties": { diff --git a/provider/go.mod b/provider/go.mod index 0a0d83532c..88f3e18019 100644 --- a/provider/go.mod +++ b/provider/go.mod @@ -12,7 +12,7 @@ require ( github.com/pulumi/providertest v0.1.3 github.com/pulumi/pulumi-terraform-bridge/v3 v3.96.0 github.com/pulumi/pulumi/pkg/v3 v3.140.0 - github.com/pulumi/pulumi/sdk/v3 v3.140.0 + github.com/pulumi/pulumi/sdk/v3 v3.141.0 github.com/stretchr/testify v1.9.0 google.golang.org/api v0.203.0 sourcegraph.com/sourcegraph/appdash v0.0.0-20211028080628-e2786a622600 @@ -211,7 +211,7 @@ require ( github.com/pulumi/esc v0.10.0 // indirect github.com/pulumi/inflector v0.1.1 // indirect github.com/pulumi/pulumi-java/pkg v0.17.0 // indirect - github.com/pulumi/pulumi-yaml v1.11.2 // indirect + github.com/pulumi/pulumi-yaml v1.12.0 // indirect github.com/pulumi/schema-tools v0.1.2 // indirect github.com/pulumi/terraform-diff-reader v0.0.2 // indirect github.com/rivo/uniseg v0.4.4 // indirect @@ -280,3 +280,7 @@ require ( lukechampine.com/frand v1.4.2 // indirect mvdan.cc/gofumpt v0.5.0 // indirect ) + +replace github.com/pulumi/pulumi/pkg/v3 => github.com/pulumi/pulumi/pkg/v3 v3.141.1-0.20241125062751-f12cea2e6d34 + +replace github.com/pulumi/pulumi/sdk/v3 => github.com/pulumi/pulumi/sdk/v3 v3.141.1-0.20241125062751-f12cea2e6d34 diff --git a/provider/go.sum b/provider/go.sum index cc5a437421..cc4b9fceaf 100644 --- a/provider/go.sum +++ b/provider/go.sum @@ -1989,12 +1989,12 @@ github.com/pulumi/pulumi-java/pkg v0.17.0 h1:KmaVLrVmlkzShOfaJNJDlckorbFm8dM/C7L github.com/pulumi/pulumi-java/pkg v0.17.0/go.mod h1:ji4U4H7t81X4aaE88D9+z5CmKH/QoLwQi9N1iGl+2KQ= github.com/pulumi/pulumi-terraform-bridge/v3 v3.96.0 h1:uJB3tM1j+9SKeXLCAx3DBVHsYk4ddXNrVoiqpgXal2Q= github.com/pulumi/pulumi-terraform-bridge/v3 v3.96.0/go.mod h1:WnOTAfdtm5+kW3rIU0rLhxFSEHtJIMf19FdOU6NFXG0= -github.com/pulumi/pulumi-yaml v1.11.2 h1:MU7TTNbruGCSgNHhaBygjIbLWm3WSbd1q98GpMIgQzE= -github.com/pulumi/pulumi-yaml v1.11.2/go.mod h1:RdXRBupRGGAD1kbYNG1V1h6pyFnXisvQsl0AANvVjGI= -github.com/pulumi/pulumi/pkg/v3 v3.140.0 h1:/bvHa19HY/6qHWvuAOVII8qr72MDGGczBWlPYlPo3j0= -github.com/pulumi/pulumi/pkg/v3 v3.140.0/go.mod h1:rcTtSyisd7BzZTugNk/s9zlYgX9S0S10+pha3Tko6yM= -github.com/pulumi/pulumi/sdk/v3 v3.140.0 h1:+Z/RBvdYg7tBNkBwk4p/FzlV7niBT3TbLAICq/Y0LDU= -github.com/pulumi/pulumi/sdk/v3 v3.140.0/go.mod h1:PvKsX88co8XuwuPdzolMvew5lZV+4JmZfkeSjj7A6dI= +github.com/pulumi/pulumi-yaml v1.12.0 h1:ThJP+EBqeJyCnS6w6/PwcEFOT5o112qv0lObhefmFCk= +github.com/pulumi/pulumi-yaml v1.12.0/go.mod h1:EhZd1XDfuLa15O51qVVE16U6r8ldK9mLIBclqWCX27Y= +github.com/pulumi/pulumi/pkg/v3 v3.141.1-0.20241125062751-f12cea2e6d34 h1:h08d64wfnf7yzbg8Nt5k0yKpSRn25Ce0RfhBEXPN07w= +github.com/pulumi/pulumi/pkg/v3 v3.141.1-0.20241125062751-f12cea2e6d34/go.mod h1:JZeSWa/JxveTIabsVqwPLlsD+WqX7Zv2XmHs3McBOGw= +github.com/pulumi/pulumi/sdk/v3 v3.141.1-0.20241125062751-f12cea2e6d34 h1:NxL0QhDBJrhAuLRZzqGnJj0mzv/slJLrlnNGftUxV9g= +github.com/pulumi/pulumi/sdk/v3 v3.141.1-0.20241125062751-f12cea2e6d34/go.mod h1:PvKsX88co8XuwuPdzolMvew5lZV+4JmZfkeSjj7A6dI= github.com/pulumi/schema-tools v0.1.2 h1:Fd9xvUjgck4NA+7/jSk7InqCUT4Kj940+EcnbQKpfZo= github.com/pulumi/schema-tools v0.1.2/go.mod h1:62lgj52Tzq11eqWTIaKd+EVyYAu5dEcDJxMhTjvMO/k= github.com/pulumi/terraform-diff-reader v0.0.2 h1:kTE4nEXU3/SYXESvAIem+wyHMI3abqkI3OhJ0G04LLI= diff --git a/sdk/go.mod b/sdk/go.mod index 0bdfc6bdbc..695f66fc76 100644 --- a/sdk/go.mod +++ b/sdk/go.mod @@ -89,3 +89,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect lukechampine.com/frand v1.4.2 // indirect ) + +replace github.com/pulumi/pulumi/pkg/v3 => github.com/pulumi/pulumi/pkg/v3 v3.141.1-0.20241125062751-f12cea2e6d34 + +replace github.com/pulumi/pulumi/sdk/v3 => github.com/pulumi/pulumi/sdk/v3 v3.141.1-0.20241125062751-f12cea2e6d34 diff --git a/sdk/go.sum b/sdk/go.sum index 22da94d1a1..82686d4ae6 100644 --- a/sdk/go.sum +++ b/sdk/go.sum @@ -150,8 +150,8 @@ github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435 github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE= github.com/pulumi/esc v0.9.1 h1:HH5eEv8sgyxSpY5a8yePyqFXzA8cvBvapfH8457+mIs= github.com/pulumi/esc v0.9.1/go.mod h1:oEJ6bOsjYlQUpjf70GiX+CXn3VBmpwFDxUTlmtUN84c= -github.com/pulumi/pulumi/sdk/v3 v3.140.0 h1:+Z/RBvdYg7tBNkBwk4p/FzlV7niBT3TbLAICq/Y0LDU= -github.com/pulumi/pulumi/sdk/v3 v3.140.0/go.mod h1:PvKsX88co8XuwuPdzolMvew5lZV+4JmZfkeSjj7A6dI= +github.com/pulumi/pulumi/sdk/v3 v3.141.1-0.20241125062751-f12cea2e6d34 h1:NxL0QhDBJrhAuLRZzqGnJj0mzv/slJLrlnNGftUxV9g= +github.com/pulumi/pulumi/sdk/v3 v3.141.1-0.20241125062751-f12cea2e6d34/go.mod h1:PvKsX88co8XuwuPdzolMvew5lZV+4JmZfkeSjj7A6dI= github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis= diff --git a/sdk/nodejs/accessapproval/getFolderServiceAccount.ts b/sdk/nodejs/accessapproval/getFolderServiceAccount.ts index 5e4bb1e801..52d0065661 100644 --- a/sdk/nodejs/accessapproval/getFolderServiceAccount.ts +++ b/sdk/nodejs/accessapproval/getFolderServiceAccount.ts @@ -90,7 +90,7 @@ export interface GetFolderServiceAccountResult { * }); * ``` */ -export function getFolderServiceAccountOutput(args: GetFolderServiceAccountOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getFolderServiceAccountOutput(args: GetFolderServiceAccountOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:accessapproval/getFolderServiceAccount:getFolderServiceAccount", { "folderId": args.folderId, diff --git a/sdk/nodejs/accessapproval/getOrganizationServiceAccount.ts b/sdk/nodejs/accessapproval/getOrganizationServiceAccount.ts index 464a517968..15a665f2b6 100644 --- a/sdk/nodejs/accessapproval/getOrganizationServiceAccount.ts +++ b/sdk/nodejs/accessapproval/getOrganizationServiceAccount.ts @@ -90,7 +90,7 @@ export interface GetOrganizationServiceAccountResult { * }); * ``` */ -export function getOrganizationServiceAccountOutput(args: GetOrganizationServiceAccountOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getOrganizationServiceAccountOutput(args: GetOrganizationServiceAccountOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:accessapproval/getOrganizationServiceAccount:getOrganizationServiceAccount", { "organizationId": args.organizationId, diff --git a/sdk/nodejs/accessapproval/getProjectServiceAccount.ts b/sdk/nodejs/accessapproval/getProjectServiceAccount.ts index 3a6787d9d9..f18c597f63 100644 --- a/sdk/nodejs/accessapproval/getProjectServiceAccount.ts +++ b/sdk/nodejs/accessapproval/getProjectServiceAccount.ts @@ -90,7 +90,7 @@ export interface GetProjectServiceAccountResult { * }); * ``` */ -export function getProjectServiceAccountOutput(args: GetProjectServiceAccountOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getProjectServiceAccountOutput(args: GetProjectServiceAccountOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:accessapproval/getProjectServiceAccount:getProjectServiceAccount", { "projectId": args.projectId, diff --git a/sdk/nodejs/accesscontextmanager/getAccessPolicy.ts b/sdk/nodejs/accesscontextmanager/getAccessPolicy.ts index 158a4a0bc0..8e0657c454 100644 --- a/sdk/nodejs/accesscontextmanager/getAccessPolicy.ts +++ b/sdk/nodejs/accesscontextmanager/getAccessPolicy.ts @@ -81,7 +81,7 @@ export interface GetAccessPolicyResult { * }); * ``` */ -export function getAccessPolicyOutput(args: GetAccessPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAccessPolicyOutput(args: GetAccessPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:accesscontextmanager/getAccessPolicy:getAccessPolicy", { "parent": args.parent, diff --git a/sdk/nodejs/accesscontextmanager/getAccessPolicyIamPolicy.ts b/sdk/nodejs/accesscontextmanager/getAccessPolicyIamPolicy.ts index 276c65bd7b..cc0aa878d6 100644 --- a/sdk/nodejs/accesscontextmanager/getAccessPolicyIamPolicy.ts +++ b/sdk/nodejs/accesscontextmanager/getAccessPolicyIamPolicy.ts @@ -68,7 +68,7 @@ export interface GetAccessPolicyIamPolicyResult { * }); * ``` */ -export function getAccessPolicyIamPolicyOutput(args: GetAccessPolicyIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAccessPolicyIamPolicyOutput(args: GetAccessPolicyIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:accesscontextmanager/getAccessPolicyIamPolicy:getAccessPolicyIamPolicy", { "name": args.name, diff --git a/sdk/nodejs/alloydb/getLocations.ts b/sdk/nodejs/alloydb/getLocations.ts index 8aa6bc3b47..088998a70e 100644 --- a/sdk/nodejs/alloydb/getLocations.ts +++ b/sdk/nodejs/alloydb/getLocations.ts @@ -62,7 +62,7 @@ export interface GetLocationsResult { * const qa = gcp.alloydb.getLocations({}); * ``` */ -export function getLocationsOutput(args?: GetLocationsOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getLocationsOutput(args?: GetLocationsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:alloydb/getLocations:getLocations", { diff --git a/sdk/nodejs/alloydb/getSupportedDatabaseFlags.ts b/sdk/nodejs/alloydb/getSupportedDatabaseFlags.ts index bae179b10d..6b4ec6614e 100644 --- a/sdk/nodejs/alloydb/getSupportedDatabaseFlags.ts +++ b/sdk/nodejs/alloydb/getSupportedDatabaseFlags.ts @@ -71,7 +71,7 @@ export interface GetSupportedDatabaseFlagsResult { * }); * ``` */ -export function getSupportedDatabaseFlagsOutput(args: GetSupportedDatabaseFlagsOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getSupportedDatabaseFlagsOutput(args: GetSupportedDatabaseFlagsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:alloydb/getSupportedDatabaseFlags:getSupportedDatabaseFlags", { "location": args.location, diff --git a/sdk/nodejs/apigateway/getApiConfigIamPolicy.ts b/sdk/nodejs/apigateway/getApiConfigIamPolicy.ts index fc12c4f621..cd08f63fe9 100644 --- a/sdk/nodejs/apigateway/getApiConfigIamPolicy.ts +++ b/sdk/nodejs/apigateway/getApiConfigIamPolicy.ts @@ -51,7 +51,7 @@ export interface GetApiConfigIamPolicyResult { readonly policyData: string; readonly project: string; } -export function getApiConfigIamPolicyOutput(args: GetApiConfigIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getApiConfigIamPolicyOutput(args: GetApiConfigIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:apigateway/getApiConfigIamPolicy:getApiConfigIamPolicy", { "api": args.api, diff --git a/sdk/nodejs/apigateway/getApiIamPolicy.ts b/sdk/nodejs/apigateway/getApiIamPolicy.ts index 0aba25e404..54e568d482 100644 --- a/sdk/nodejs/apigateway/getApiIamPolicy.ts +++ b/sdk/nodejs/apigateway/getApiIamPolicy.ts @@ -44,7 +44,7 @@ export interface GetApiIamPolicyResult { readonly policyData: string; readonly project: string; } -export function getApiIamPolicyOutput(args: GetApiIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getApiIamPolicyOutput(args: GetApiIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:apigateway/getApiIamPolicy:getApiIamPolicy", { "api": args.api, diff --git a/sdk/nodejs/apigateway/getGatewayIamPolicy.ts b/sdk/nodejs/apigateway/getGatewayIamPolicy.ts index 79664fd84e..4aae254764 100644 --- a/sdk/nodejs/apigateway/getGatewayIamPolicy.ts +++ b/sdk/nodejs/apigateway/getGatewayIamPolicy.ts @@ -53,7 +53,7 @@ export interface GetGatewayIamPolicyResult { readonly project: string; readonly region: string; } -export function getGatewayIamPolicyOutput(args: GetGatewayIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getGatewayIamPolicyOutput(args: GetGatewayIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:apigateway/getGatewayIamPolicy:getGatewayIamPolicy", { "gateway": args.gateway, diff --git a/sdk/nodejs/apigee/getEnvironmentIamPolicy.ts b/sdk/nodejs/apigee/getEnvironmentIamPolicy.ts index 541051a550..654a30b9b4 100644 --- a/sdk/nodejs/apigee/getEnvironmentIamPolicy.ts +++ b/sdk/nodejs/apigee/getEnvironmentIamPolicy.ts @@ -73,7 +73,7 @@ export interface GetEnvironmentIamPolicyResult { * }); * ``` */ -export function getEnvironmentIamPolicyOutput(args: GetEnvironmentIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getEnvironmentIamPolicyOutput(args: GetEnvironmentIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:apigee/getEnvironmentIamPolicy:getEnvironmentIamPolicy", { "envId": args.envId, diff --git a/sdk/nodejs/appengine/getDefaultServiceAccount.ts b/sdk/nodejs/appengine/getDefaultServiceAccount.ts index 3cf7f9c850..ac8ebc4563 100644 --- a/sdk/nodejs/appengine/getDefaultServiceAccount.ts +++ b/sdk/nodejs/appengine/getDefaultServiceAccount.ts @@ -78,7 +78,7 @@ export interface GetDefaultServiceAccountResult { * export const defaultAccount = _default.then(_default => _default.email); * ``` */ -export function getDefaultServiceAccountOutput(args?: GetDefaultServiceAccountOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getDefaultServiceAccountOutput(args?: GetDefaultServiceAccountOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:appengine/getDefaultServiceAccount:getDefaultServiceAccount", { diff --git a/sdk/nodejs/apphub/getApplication.ts b/sdk/nodejs/apphub/getApplication.ts index fe8074f721..f1c48cfbea 100644 --- a/sdk/nodejs/apphub/getApplication.ts +++ b/sdk/nodejs/apphub/getApplication.ts @@ -77,7 +77,7 @@ export interface GetApplicationResult { * }); * ``` */ -export function getApplicationOutput(args: GetApplicationOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getApplicationOutput(args: GetApplicationOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:apphub/getApplication:getApplication", { "applicationId": args.applicationId, diff --git a/sdk/nodejs/apphub/getDiscoveredService.ts b/sdk/nodejs/apphub/getDiscoveredService.ts index ad90dcba84..0fc3ec4546 100644 --- a/sdk/nodejs/apphub/getDiscoveredService.ts +++ b/sdk/nodejs/apphub/getDiscoveredService.ts @@ -90,7 +90,7 @@ export interface GetDiscoveredServiceResult { * }); * ``` */ -export function getDiscoveredServiceOutput(args: GetDiscoveredServiceOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getDiscoveredServiceOutput(args: GetDiscoveredServiceOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:apphub/getDiscoveredService:getDiscoveredService", { "location": args.location, diff --git a/sdk/nodejs/apphub/getDiscoveredWorkload.ts b/sdk/nodejs/apphub/getDiscoveredWorkload.ts index ab8a522eac..7a7aedf586 100644 --- a/sdk/nodejs/apphub/getDiscoveredWorkload.ts +++ b/sdk/nodejs/apphub/getDiscoveredWorkload.ts @@ -90,7 +90,7 @@ export interface GetDiscoveredWorkloadResult { * }); * ``` */ -export function getDiscoveredWorkloadOutput(args: GetDiscoveredWorkloadOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getDiscoveredWorkloadOutput(args: GetDiscoveredWorkloadOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:apphub/getDiscoveredWorkload:getDiscoveredWorkload", { "location": args.location, diff --git a/sdk/nodejs/artifactregistry/getDockerImage.ts b/sdk/nodejs/artifactregistry/getDockerImage.ts index af943387af..bcac353414 100644 --- a/sdk/nodejs/artifactregistry/getDockerImage.ts +++ b/sdk/nodejs/artifactregistry/getDockerImage.ts @@ -145,7 +145,7 @@ export interface GetDockerImageResult { * }}); * ``` */ -export function getDockerImageOutput(args: GetDockerImageOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getDockerImageOutput(args: GetDockerImageOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:artifactregistry/getDockerImage:getDockerImage", { "imageName": args.imageName, diff --git a/sdk/nodejs/artifactregistry/getLocations.ts b/sdk/nodejs/artifactregistry/getLocations.ts index e6fa6c9da2..2c22305bb7 100644 --- a/sdk/nodejs/artifactregistry/getLocations.ts +++ b/sdk/nodejs/artifactregistry/getLocations.ts @@ -111,7 +111,7 @@ export interface GetLocationsResult { * }); * ``` */ -export function getLocationsOutput(args?: GetLocationsOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getLocationsOutput(args?: GetLocationsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:artifactregistry/getLocations:getLocations", { diff --git a/sdk/nodejs/artifactregistry/getRepository.ts b/sdk/nodejs/artifactregistry/getRepository.ts index d12efbd926..73302caf98 100644 --- a/sdk/nodejs/artifactregistry/getRepository.ts +++ b/sdk/nodejs/artifactregistry/getRepository.ts @@ -98,7 +98,7 @@ export interface GetRepositoryResult { * }); * ``` */ -export function getRepositoryOutput(args: GetRepositoryOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getRepositoryOutput(args: GetRepositoryOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:artifactregistry/getRepository:getRepository", { "location": args.location, diff --git a/sdk/nodejs/artifactregistry/getRepositoryIamPolicy.ts b/sdk/nodejs/artifactregistry/getRepositoryIamPolicy.ts index b7937f1945..bab321a6a0 100644 --- a/sdk/nodejs/artifactregistry/getRepositoryIamPolicy.ts +++ b/sdk/nodejs/artifactregistry/getRepositoryIamPolicy.ts @@ -88,7 +88,7 @@ export interface GetRepositoryIamPolicyResult { * }); * ``` */ -export function getRepositoryIamPolicyOutput(args: GetRepositoryIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getRepositoryIamPolicyOutput(args: GetRepositoryIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:artifactregistry/getRepositoryIamPolicy:getRepositoryIamPolicy", { "location": args.location, diff --git a/sdk/nodejs/backupdisasterrecovery/getBackupPlan.ts b/sdk/nodejs/backupdisasterrecovery/getBackupPlan.ts index d03a93bc9c..81e7276a27 100644 --- a/sdk/nodejs/backupdisasterrecovery/getBackupPlan.ts +++ b/sdk/nodejs/backupdisasterrecovery/getBackupPlan.ts @@ -44,7 +44,7 @@ export interface GetBackupPlanResult { readonly resourceType: string; readonly updateTime: string; } -export function getBackupPlanOutput(args: GetBackupPlanOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getBackupPlanOutput(args: GetBackupPlanOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:backupdisasterrecovery/getBackupPlan:getBackupPlan", { "backupPlanId": args.backupPlanId, diff --git a/sdk/nodejs/backupdisasterrecovery/getBackupPlanAssociation.ts b/sdk/nodejs/backupdisasterrecovery/getBackupPlanAssociation.ts index 950e3e338b..3409005cc8 100644 --- a/sdk/nodejs/backupdisasterrecovery/getBackupPlanAssociation.ts +++ b/sdk/nodejs/backupdisasterrecovery/getBackupPlanAssociation.ts @@ -79,7 +79,7 @@ export interface GetBackupPlanAssociationResult { * }); * ``` */ -export function getBackupPlanAssociationOutput(args: GetBackupPlanAssociationOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getBackupPlanAssociationOutput(args: GetBackupPlanAssociationOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:backupdisasterrecovery/getBackupPlanAssociation:getBackupPlanAssociation", { "backupPlanAssociationId": args.backupPlanAssociationId, diff --git a/sdk/nodejs/backupdisasterrecovery/getDataSource.ts b/sdk/nodejs/backupdisasterrecovery/getDataSource.ts index 176b41d5be..a095add45c 100644 --- a/sdk/nodejs/backupdisasterrecovery/getDataSource.ts +++ b/sdk/nodejs/backupdisasterrecovery/getDataSource.ts @@ -51,7 +51,7 @@ export interface GetDataSourceResult { readonly totalStoredBytes: string; readonly updateTime: string; } -export function getDataSourceOutput(args: GetDataSourceOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getDataSourceOutput(args: GetDataSourceOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:backupdisasterrecovery/getDataSource:getDataSource", { "backupVaultId": args.backupVaultId, diff --git a/sdk/nodejs/backupdisasterrecovery/getManagementServer.ts b/sdk/nodejs/backupdisasterrecovery/getManagementServer.ts index 0e5d382777..6522061ec0 100644 --- a/sdk/nodejs/backupdisasterrecovery/getManagementServer.ts +++ b/sdk/nodejs/backupdisasterrecovery/getManagementServer.ts @@ -60,7 +60,7 @@ export interface GetManagementServerResult { * }); * ``` */ -export function getManagementServerOutput(args: GetManagementServerOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getManagementServerOutput(args: GetManagementServerOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:backupdisasterrecovery/getManagementServer:getManagementServer", { "location": args.location, diff --git a/sdk/nodejs/beyondcorp/getAppConnection.ts b/sdk/nodejs/beyondcorp/getAppConnection.ts index 69059ad692..77e7e7c0d2 100644 --- a/sdk/nodejs/beyondcorp/getAppConnection.ts +++ b/sdk/nodejs/beyondcorp/getAppConnection.ts @@ -85,7 +85,7 @@ export interface GetAppConnectionResult { * }); * ``` */ -export function getAppConnectionOutput(args: GetAppConnectionOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAppConnectionOutput(args: GetAppConnectionOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:beyondcorp/getAppConnection:getAppConnection", { "name": args.name, diff --git a/sdk/nodejs/beyondcorp/getAppConnector.ts b/sdk/nodejs/beyondcorp/getAppConnector.ts index 38477f16fd..f957d6f818 100644 --- a/sdk/nodejs/beyondcorp/getAppConnector.ts +++ b/sdk/nodejs/beyondcorp/getAppConnector.ts @@ -83,7 +83,7 @@ export interface GetAppConnectorResult { * }); * ``` */ -export function getAppConnectorOutput(args: GetAppConnectorOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAppConnectorOutput(args: GetAppConnectorOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:beyondcorp/getAppConnector:getAppConnector", { "name": args.name, diff --git a/sdk/nodejs/beyondcorp/getAppGateway.ts b/sdk/nodejs/beyondcorp/getAppGateway.ts index ee760f3b2c..d9446afb71 100644 --- a/sdk/nodejs/beyondcorp/getAppGateway.ts +++ b/sdk/nodejs/beyondcorp/getAppGateway.ts @@ -86,7 +86,7 @@ export interface GetAppGatewayResult { * }); * ``` */ -export function getAppGatewayOutput(args: GetAppGatewayOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAppGatewayOutput(args: GetAppGatewayOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:beyondcorp/getAppGateway:getAppGateway", { "name": args.name, diff --git a/sdk/nodejs/bigquery/getConnectionIamPolicy.ts b/sdk/nodejs/bigquery/getConnectionIamPolicy.ts index 51f32e460f..a6bb8f0e13 100644 --- a/sdk/nodejs/bigquery/getConnectionIamPolicy.ts +++ b/sdk/nodejs/bigquery/getConnectionIamPolicy.ts @@ -94,7 +94,7 @@ export interface GetConnectionIamPolicyResult { * }); * ``` */ -export function getConnectionIamPolicyOutput(args: GetConnectionIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getConnectionIamPolicyOutput(args: GetConnectionIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:bigquery/getConnectionIamPolicy:getConnectionIamPolicy", { "connectionId": args.connectionId, diff --git a/sdk/nodejs/bigquery/getDataset.ts b/sdk/nodejs/bigquery/getDataset.ts index 7317ec604a..51320a80d6 100644 --- a/sdk/nodejs/bigquery/getDataset.ts +++ b/sdk/nodejs/bigquery/getDataset.ts @@ -96,7 +96,7 @@ export interface GetDatasetResult { * }); * ``` */ -export function getDatasetOutput(args: GetDatasetOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getDatasetOutput(args: GetDatasetOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:bigquery/getDataset:getDataset", { "datasetId": args.datasetId, diff --git a/sdk/nodejs/bigquery/getDatasetIamPolicy.ts b/sdk/nodejs/bigquery/getDatasetIamPolicy.ts index 0f12fb7b21..9574a75f5b 100644 --- a/sdk/nodejs/bigquery/getDatasetIamPolicy.ts +++ b/sdk/nodejs/bigquery/getDatasetIamPolicy.ts @@ -74,7 +74,7 @@ export interface GetDatasetIamPolicyResult { * }); * ``` */ -export function getDatasetIamPolicyOutput(args: GetDatasetIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getDatasetIamPolicyOutput(args: GetDatasetIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:bigquery/getDatasetIamPolicy:getDatasetIamPolicy", { "datasetId": args.datasetId, diff --git a/sdk/nodejs/bigquery/getDefaultServiceAccount.ts b/sdk/nodejs/bigquery/getDefaultServiceAccount.ts index dc8b1f956d..caeae3ef3a 100644 --- a/sdk/nodejs/bigquery/getDefaultServiceAccount.ts +++ b/sdk/nodejs/bigquery/getDefaultServiceAccount.ts @@ -91,7 +91,7 @@ export interface GetDefaultServiceAccountResult { * }); * ``` */ -export function getDefaultServiceAccountOutput(args?: GetDefaultServiceAccountOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getDefaultServiceAccountOutput(args?: GetDefaultServiceAccountOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:bigquery/getDefaultServiceAccount:getDefaultServiceAccount", { diff --git a/sdk/nodejs/bigquery/getTableIamPolicy.ts b/sdk/nodejs/bigquery/getTableIamPolicy.ts index bd9813e9f7..657efa3adf 100644 --- a/sdk/nodejs/bigquery/getTableIamPolicy.ts +++ b/sdk/nodejs/bigquery/getTableIamPolicy.ts @@ -79,7 +79,7 @@ export interface GetTableIamPolicyResult { * }); * ``` */ -export function getTableIamPolicyOutput(args: GetTableIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getTableIamPolicyOutput(args: GetTableIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:bigquery/getTableIamPolicy:getTableIamPolicy", { "datasetId": args.datasetId, diff --git a/sdk/nodejs/bigquery/getTables.ts b/sdk/nodejs/bigquery/getTables.ts index 1008c49379..9f4682c440 100644 --- a/sdk/nodejs/bigquery/getTables.ts +++ b/sdk/nodejs/bigquery/getTables.ts @@ -78,7 +78,7 @@ export interface GetTablesResult { * }); * ``` */ -export function getTablesOutput(args: GetTablesOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getTablesOutput(args: GetTablesOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:bigquery/getTables:getTables", { "datasetId": args.datasetId, diff --git a/sdk/nodejs/bigqueryanalyticshub/getDataExchangeIamPolicy.ts b/sdk/nodejs/bigqueryanalyticshub/getDataExchangeIamPolicy.ts index 367d61d2fb..dd76dbf4f3 100644 --- a/sdk/nodejs/bigqueryanalyticshub/getDataExchangeIamPolicy.ts +++ b/sdk/nodejs/bigqueryanalyticshub/getDataExchangeIamPolicy.ts @@ -88,7 +88,7 @@ export interface GetDataExchangeIamPolicyResult { * }); * ``` */ -export function getDataExchangeIamPolicyOutput(args: GetDataExchangeIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getDataExchangeIamPolicyOutput(args: GetDataExchangeIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:bigqueryanalyticshub/getDataExchangeIamPolicy:getDataExchangeIamPolicy", { "dataExchangeId": args.dataExchangeId, diff --git a/sdk/nodejs/bigqueryanalyticshub/getListingIamPolicy.ts b/sdk/nodejs/bigqueryanalyticshub/getListingIamPolicy.ts index ca5ffa3b3b..1e2a958ef0 100644 --- a/sdk/nodejs/bigqueryanalyticshub/getListingIamPolicy.ts +++ b/sdk/nodejs/bigqueryanalyticshub/getListingIamPolicy.ts @@ -96,7 +96,7 @@ export interface GetListingIamPolicyResult { * }); * ``` */ -export function getListingIamPolicyOutput(args: GetListingIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getListingIamPolicyOutput(args: GetListingIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:bigqueryanalyticshub/getListingIamPolicy:getListingIamPolicy", { "dataExchangeId": args.dataExchangeId, diff --git a/sdk/nodejs/bigquerydatapolicy/getIamPolicy.ts b/sdk/nodejs/bigquerydatapolicy/getIamPolicy.ts index 8bae7616e6..4776491b5f 100644 --- a/sdk/nodejs/bigquerydatapolicy/getIamPolicy.ts +++ b/sdk/nodejs/bigquerydatapolicy/getIamPolicy.ts @@ -85,7 +85,7 @@ export interface GetIamPolicyResult { * }); * ``` */ -export function getIamPolicyOutput(args: GetIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getIamPolicyOutput(args: GetIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:bigquerydatapolicy/getIamPolicy:getIamPolicy", { "dataPolicyId": args.dataPolicyId, diff --git a/sdk/nodejs/bigtable/getInstanceIamPolicy.ts b/sdk/nodejs/bigtable/getInstanceIamPolicy.ts index d8cfb12d7d..8f8c2bc559 100644 --- a/sdk/nodejs/bigtable/getInstanceIamPolicy.ts +++ b/sdk/nodejs/bigtable/getInstanceIamPolicy.ts @@ -70,7 +70,7 @@ export interface GetInstanceIamPolicyResult { * }); * ``` */ -export function getInstanceIamPolicyOutput(args: GetInstanceIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getInstanceIamPolicyOutput(args: GetInstanceIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:bigtable/getInstanceIamPolicy:getInstanceIamPolicy", { "instance": args.instance, diff --git a/sdk/nodejs/bigtable/getTableIamPolicy.ts b/sdk/nodejs/bigtable/getTableIamPolicy.ts index 117e08c4c6..48d4fd93fe 100644 --- a/sdk/nodejs/bigtable/getTableIamPolicy.ts +++ b/sdk/nodejs/bigtable/getTableIamPolicy.ts @@ -78,7 +78,7 @@ export interface GetTableIamPolicyResult { * }); * ``` */ -export function getTableIamPolicyOutput(args: GetTableIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getTableIamPolicyOutput(args: GetTableIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:bigtable/getTableIamPolicy:getTableIamPolicy", { "instance": args.instance, diff --git a/sdk/nodejs/billing/getAccountIamPolicy.ts b/sdk/nodejs/billing/getAccountIamPolicy.ts index 3b8a11bc76..d8b83329d2 100644 --- a/sdk/nodejs/billing/getAccountIamPolicy.ts +++ b/sdk/nodejs/billing/getAccountIamPolicy.ts @@ -67,7 +67,7 @@ export interface GetAccountIamPolicyResult { * }); * ``` */ -export function getAccountIamPolicyOutput(args: GetAccountIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAccountIamPolicyOutput(args: GetAccountIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:billing/getAccountIamPolicy:getAccountIamPolicy", { "billingAccountId": args.billingAccountId, diff --git a/sdk/nodejs/binaryauthorization/getAttestorIamPolicy.ts b/sdk/nodejs/binaryauthorization/getAttestorIamPolicy.ts index d71c4bc746..572f48233e 100644 --- a/sdk/nodejs/binaryauthorization/getAttestorIamPolicy.ts +++ b/sdk/nodejs/binaryauthorization/getAttestorIamPolicy.ts @@ -77,7 +77,7 @@ export interface GetAttestorIamPolicyResult { * }); * ``` */ -export function getAttestorIamPolicyOutput(args: GetAttestorIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAttestorIamPolicyOutput(args: GetAttestorIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:binaryauthorization/getAttestorIamPolicy:getAttestorIamPolicy", { "attestor": args.attestor, diff --git a/sdk/nodejs/certificateauthority/getAuthority.ts b/sdk/nodejs/certificateauthority/getAuthority.ts index ee96433c0c..39114bf1b3 100644 --- a/sdk/nodejs/certificateauthority/getAuthority.ts +++ b/sdk/nodejs/certificateauthority/getAuthority.ts @@ -113,7 +113,7 @@ export interface GetAuthorityResult { * export const csr = _default.then(_default => _default.pemCsr); * ``` */ -export function getAuthorityOutput(args?: GetAuthorityOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAuthorityOutput(args?: GetAuthorityOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:certificateauthority/getAuthority:getAuthority", { diff --git a/sdk/nodejs/certificateauthority/getCaPoolIamPolicy.ts b/sdk/nodejs/certificateauthority/getCaPoolIamPolicy.ts index 529b70e4ce..c2bfc82c91 100644 --- a/sdk/nodejs/certificateauthority/getCaPoolIamPolicy.ts +++ b/sdk/nodejs/certificateauthority/getCaPoolIamPolicy.ts @@ -85,7 +85,7 @@ export interface GetCaPoolIamPolicyResult { * }); * ``` */ -export function getCaPoolIamPolicyOutput(args: GetCaPoolIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getCaPoolIamPolicyOutput(args: GetCaPoolIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:certificateauthority/getCaPoolIamPolicy:getCaPoolIamPolicy", { "caPool": args.caPool, diff --git a/sdk/nodejs/certificateauthority/getCertificateTemplateIamPolicy.ts b/sdk/nodejs/certificateauthority/getCertificateTemplateIamPolicy.ts index c8466d7133..75fbe6875f 100644 --- a/sdk/nodejs/certificateauthority/getCertificateTemplateIamPolicy.ts +++ b/sdk/nodejs/certificateauthority/getCertificateTemplateIamPolicy.ts @@ -83,7 +83,7 @@ export interface GetCertificateTemplateIamPolicyResult { * }); * ``` */ -export function getCertificateTemplateIamPolicyOutput(args: GetCertificateTemplateIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getCertificateTemplateIamPolicyOutput(args: GetCertificateTemplateIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:certificateauthority/getCertificateTemplateIamPolicy:getCertificateTemplateIamPolicy", { "certificateTemplate": args.certificateTemplate, diff --git a/sdk/nodejs/certificatemanager/getCertificateMap.ts b/sdk/nodejs/certificatemanager/getCertificateMap.ts index d7a8ca36bf..f19903dc8b 100644 --- a/sdk/nodejs/certificatemanager/getCertificateMap.ts +++ b/sdk/nodejs/certificatemanager/getCertificateMap.ts @@ -77,7 +77,7 @@ export interface GetCertificateMapResult { * }); * ``` */ -export function getCertificateMapOutput(args: GetCertificateMapOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getCertificateMapOutput(args: GetCertificateMapOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:certificatemanager/getCertificateMap:getCertificateMap", { "name": args.name, diff --git a/sdk/nodejs/certificatemanager/getCertificates.ts b/sdk/nodejs/certificatemanager/getCertificates.ts index 89cbb9cdee..e218b525d2 100644 --- a/sdk/nodejs/certificatemanager/getCertificates.ts +++ b/sdk/nodejs/certificatemanager/getCertificates.ts @@ -87,7 +87,7 @@ export interface GetCertificatesResult { * }); * ``` */ -export function getCertificatesOutput(args?: GetCertificatesOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getCertificatesOutput(args?: GetCertificatesOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:certificatemanager/getCertificates:getCertificates", { diff --git a/sdk/nodejs/cloudasset/getResourcesSearchAll.ts b/sdk/nodejs/cloudasset/getResourcesSearchAll.ts index b086f0bc97..440d9f92b6 100644 --- a/sdk/nodejs/cloudasset/getResourcesSearchAll.ts +++ b/sdk/nodejs/cloudasset/getResourcesSearchAll.ts @@ -129,7 +129,7 @@ export interface GetResourcesSearchAllResult { * }); * ``` */ -export function getResourcesSearchAllOutput(args: GetResourcesSearchAllOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getResourcesSearchAllOutput(args: GetResourcesSearchAllOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:cloudasset/getResourcesSearchAll:getResourcesSearchAll", { "assetTypes": args.assetTypes, diff --git a/sdk/nodejs/cloudasset/getSearchAllResources.ts b/sdk/nodejs/cloudasset/getSearchAllResources.ts index 926c59d59f..17c92394c8 100644 --- a/sdk/nodejs/cloudasset/getSearchAllResources.ts +++ b/sdk/nodejs/cloudasset/getSearchAllResources.ts @@ -137,7 +137,7 @@ export interface GetSearchAllResourcesResult { * }); * ``` */ -export function getSearchAllResourcesOutput(args: GetSearchAllResourcesOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getSearchAllResourcesOutput(args: GetSearchAllResourcesOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:cloudasset/getSearchAllResources:getSearchAllResources", { "assetTypes": args.assetTypes, diff --git a/sdk/nodejs/cloudbuild/getTrigger.ts b/sdk/nodejs/cloudbuild/getTrigger.ts index 0260ce9616..cce3cfe489 100644 --- a/sdk/nodejs/cloudbuild/getTrigger.ts +++ b/sdk/nodejs/cloudbuild/getTrigger.ts @@ -109,7 +109,7 @@ export interface GetTriggerResult { * }); * ``` */ -export function getTriggerOutput(args: GetTriggerOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getTriggerOutput(args: GetTriggerOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:cloudbuild/getTrigger:getTrigger", { "location": args.location, diff --git a/sdk/nodejs/cloudbuildv2/getConnectionIamPolicy.ts b/sdk/nodejs/cloudbuildv2/getConnectionIamPolicy.ts index dae4fed04c..5587480fe4 100644 --- a/sdk/nodejs/cloudbuildv2/getConnectionIamPolicy.ts +++ b/sdk/nodejs/cloudbuildv2/getConnectionIamPolicy.ts @@ -87,7 +87,7 @@ export interface GetConnectionIamPolicyResult { * }); * ``` */ -export function getConnectionIamPolicyOutput(args: GetConnectionIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getConnectionIamPolicyOutput(args: GetConnectionIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:cloudbuildv2/getConnectionIamPolicy:getConnectionIamPolicy", { "location": args.location, diff --git a/sdk/nodejs/clouddeploy/getCustomTargetTypeIamPolicy.ts b/sdk/nodejs/clouddeploy/getCustomTargetTypeIamPolicy.ts index 1697a0cc05..0a77935481 100644 --- a/sdk/nodejs/clouddeploy/getCustomTargetTypeIamPolicy.ts +++ b/sdk/nodejs/clouddeploy/getCustomTargetTypeIamPolicy.ts @@ -87,7 +87,7 @@ export interface GetCustomTargetTypeIamPolicyResult { * }); * ``` */ -export function getCustomTargetTypeIamPolicyOutput(args: GetCustomTargetTypeIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getCustomTargetTypeIamPolicyOutput(args: GetCustomTargetTypeIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:clouddeploy/getCustomTargetTypeIamPolicy:getCustomTargetTypeIamPolicy", { "location": args.location, diff --git a/sdk/nodejs/clouddeploy/getDeliveryPipelineIamPolicy.ts b/sdk/nodejs/clouddeploy/getDeliveryPipelineIamPolicy.ts index 61c75692e4..3c8975dc3d 100644 --- a/sdk/nodejs/clouddeploy/getDeliveryPipelineIamPolicy.ts +++ b/sdk/nodejs/clouddeploy/getDeliveryPipelineIamPolicy.ts @@ -82,7 +82,7 @@ export interface GetDeliveryPipelineIamPolicyResult { * }); * ``` */ -export function getDeliveryPipelineIamPolicyOutput(args: GetDeliveryPipelineIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getDeliveryPipelineIamPolicyOutput(args: GetDeliveryPipelineIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:clouddeploy/getDeliveryPipelineIamPolicy:getDeliveryPipelineIamPolicy", { "location": args.location, diff --git a/sdk/nodejs/clouddeploy/getTargetIamPolicy.ts b/sdk/nodejs/clouddeploy/getTargetIamPolicy.ts index 38658b977b..9411789c13 100644 --- a/sdk/nodejs/clouddeploy/getTargetIamPolicy.ts +++ b/sdk/nodejs/clouddeploy/getTargetIamPolicy.ts @@ -82,7 +82,7 @@ export interface GetTargetIamPolicyResult { * }); * ``` */ -export function getTargetIamPolicyOutput(args: GetTargetIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getTargetIamPolicyOutput(args: GetTargetIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:clouddeploy/getTargetIamPolicy:getTargetIamPolicy", { "location": args.location, diff --git a/sdk/nodejs/cloudfunctions/getFunction.ts b/sdk/nodejs/cloudfunctions/getFunction.ts index d9708ea37b..da29058862 100644 --- a/sdk/nodejs/cloudfunctions/getFunction.ts +++ b/sdk/nodejs/cloudfunctions/getFunction.ts @@ -167,7 +167,7 @@ export interface GetFunctionResult { * }); * ``` */ -export function getFunctionOutput(args: GetFunctionOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getFunctionOutput(args: GetFunctionOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:cloudfunctions/getFunction:getFunction", { "name": args.name, diff --git a/sdk/nodejs/cloudfunctions/getFunctionIamPolicy.ts b/sdk/nodejs/cloudfunctions/getFunctionIamPolicy.ts index 316b966b3d..41c3e747d7 100644 --- a/sdk/nodejs/cloudfunctions/getFunctionIamPolicy.ts +++ b/sdk/nodejs/cloudfunctions/getFunctionIamPolicy.ts @@ -87,7 +87,7 @@ export interface GetFunctionIamPolicyResult { * }); * ``` */ -export function getFunctionIamPolicyOutput(args: GetFunctionIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getFunctionIamPolicyOutput(args: GetFunctionIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:cloudfunctions/getFunctionIamPolicy:getFunctionIamPolicy", { "cloudFunction": args.cloudFunction, diff --git a/sdk/nodejs/cloudfunctionsv2/getFunction.ts b/sdk/nodejs/cloudfunctionsv2/getFunction.ts index 42293835cc..6f93bd0f05 100644 --- a/sdk/nodejs/cloudfunctionsv2/getFunction.ts +++ b/sdk/nodejs/cloudfunctionsv2/getFunction.ts @@ -94,7 +94,7 @@ export interface GetFunctionResult { * }); * ``` */ -export function getFunctionOutput(args: GetFunctionOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getFunctionOutput(args: GetFunctionOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:cloudfunctionsv2/getFunction:getFunction", { "location": args.location, diff --git a/sdk/nodejs/cloudfunctionsv2/getFunctionIamPolicy.ts b/sdk/nodejs/cloudfunctionsv2/getFunctionIamPolicy.ts index 182b4cad92..e24f2514c0 100644 --- a/sdk/nodejs/cloudfunctionsv2/getFunctionIamPolicy.ts +++ b/sdk/nodejs/cloudfunctionsv2/getFunctionIamPolicy.ts @@ -87,7 +87,7 @@ export interface GetFunctionIamPolicyResult { * }); * ``` */ -export function getFunctionIamPolicyOutput(args: GetFunctionIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getFunctionIamPolicyOutput(args: GetFunctionIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:cloudfunctionsv2/getFunctionIamPolicy:getFunctionIamPolicy", { "cloudFunction": args.cloudFunction, diff --git a/sdk/nodejs/cloudidentity/getGroupLookup.ts b/sdk/nodejs/cloudidentity/getGroupLookup.ts index 6c43fe2065..16ca976057 100644 --- a/sdk/nodejs/cloudidentity/getGroupLookup.ts +++ b/sdk/nodejs/cloudidentity/getGroupLookup.ts @@ -75,7 +75,7 @@ export interface GetGroupLookupResult { * }); * ``` */ -export function getGroupLookupOutput(args: GetGroupLookupOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getGroupLookupOutput(args: GetGroupLookupOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:cloudidentity/getGroupLookup:getGroupLookup", { "groupKey": args.groupKey, diff --git a/sdk/nodejs/cloudidentity/getGroupMemberships.ts b/sdk/nodejs/cloudidentity/getGroupMemberships.ts index 4a87dbca24..60710ccfba 100644 --- a/sdk/nodejs/cloudidentity/getGroupMemberships.ts +++ b/sdk/nodejs/cloudidentity/getGroupMemberships.ts @@ -81,7 +81,7 @@ export interface GetGroupMembershipsResult { * }); * ``` */ -export function getGroupMembershipsOutput(args: GetGroupMembershipsOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getGroupMembershipsOutput(args: GetGroupMembershipsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:cloudidentity/getGroupMemberships:getGroupMemberships", { "group": args.group, diff --git a/sdk/nodejs/cloudidentity/getGroupTransitiveMemberships.ts b/sdk/nodejs/cloudidentity/getGroupTransitiveMemberships.ts index 347d981cce..4531d56d5c 100644 --- a/sdk/nodejs/cloudidentity/getGroupTransitiveMemberships.ts +++ b/sdk/nodejs/cloudidentity/getGroupTransitiveMemberships.ts @@ -31,7 +31,7 @@ export interface GetGroupTransitiveMembershipsResult { readonly id: string; readonly memberships: outputs.cloudidentity.GetGroupTransitiveMembershipsMembership[]; } -export function getGroupTransitiveMembershipsOutput(args: GetGroupTransitiveMembershipsOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getGroupTransitiveMembershipsOutput(args: GetGroupTransitiveMembershipsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:cloudidentity/getGroupTransitiveMemberships:getGroupTransitiveMemberships", { "group": args.group, diff --git a/sdk/nodejs/cloudidentity/getGroups.ts b/sdk/nodejs/cloudidentity/getGroups.ts index c07ef4fc05..2ae149f3f7 100644 --- a/sdk/nodejs/cloudidentity/getGroups.ts +++ b/sdk/nodejs/cloudidentity/getGroups.ts @@ -69,7 +69,7 @@ export interface GetGroupsResult { * }); * ``` */ -export function getGroupsOutput(args: GetGroupsOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getGroupsOutput(args: GetGroupsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:cloudidentity/getGroups:getGroups", { "parent": args.parent, diff --git a/sdk/nodejs/cloudquota/getSQuotaInfo.ts b/sdk/nodejs/cloudquota/getSQuotaInfo.ts index 2a7850579d..f3b1c917ae 100644 --- a/sdk/nodejs/cloudquota/getSQuotaInfo.ts +++ b/sdk/nodejs/cloudquota/getSQuotaInfo.ts @@ -133,7 +133,7 @@ export interface GetSQuotaInfoResult { * }); * ``` */ -export function getSQuotaInfoOutput(args: GetSQuotaInfoOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getSQuotaInfoOutput(args: GetSQuotaInfoOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:cloudquota/getSQuotaInfo:getSQuotaInfo", { "parent": args.parent, diff --git a/sdk/nodejs/cloudquota/getSQuotaInfos.ts b/sdk/nodejs/cloudquota/getSQuotaInfos.ts index cddea51132..eb727cd418 100644 --- a/sdk/nodejs/cloudquota/getSQuotaInfos.ts +++ b/sdk/nodejs/cloudquota/getSQuotaInfos.ts @@ -73,7 +73,7 @@ export interface GetSQuotaInfosResult { * }); * ``` */ -export function getSQuotaInfosOutput(args: GetSQuotaInfosOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getSQuotaInfosOutput(args: GetSQuotaInfosOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:cloudquota/getSQuotaInfos:getSQuotaInfos", { "parent": args.parent, diff --git a/sdk/nodejs/cloudrun/getLocations.ts b/sdk/nodejs/cloudrun/getLocations.ts index 5788b937ee..f5c5083359 100644 --- a/sdk/nodejs/cloudrun/getLocations.ts +++ b/sdk/nodejs/cloudrun/getLocations.ts @@ -73,7 +73,7 @@ export interface GetLocationsResult { * const available = gcp.cloudrun.getLocations({}); * ``` */ -export function getLocationsOutput(args?: GetLocationsOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getLocationsOutput(args?: GetLocationsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:cloudrun/getLocations:getLocations", { diff --git a/sdk/nodejs/cloudrun/getService.ts b/sdk/nodejs/cloudrun/getService.ts index 22f0a826e3..69ce1cd69f 100644 --- a/sdk/nodejs/cloudrun/getService.ts +++ b/sdk/nodejs/cloudrun/getService.ts @@ -87,7 +87,7 @@ export interface GetServiceResult { * }); * ``` */ -export function getServiceOutput(args: GetServiceOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getServiceOutput(args: GetServiceOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:cloudrun/getService:getService", { "location": args.location, diff --git a/sdk/nodejs/cloudrun/getServiceIamPolicy.ts b/sdk/nodejs/cloudrun/getServiceIamPolicy.ts index 05b0603bc0..ef9a61618f 100644 --- a/sdk/nodejs/cloudrun/getServiceIamPolicy.ts +++ b/sdk/nodejs/cloudrun/getServiceIamPolicy.ts @@ -87,7 +87,7 @@ export interface GetServiceIamPolicyResult { * }); * ``` */ -export function getServiceIamPolicyOutput(args: GetServiceIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getServiceIamPolicyOutput(args: GetServiceIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:cloudrun/getServiceIamPolicy:getServiceIamPolicy", { "location": args.location, diff --git a/sdk/nodejs/cloudrunv2/getJob.ts b/sdk/nodejs/cloudrunv2/getJob.ts index 88e499864c..90a848eb6a 100644 --- a/sdk/nodejs/cloudrunv2/getJob.ts +++ b/sdk/nodejs/cloudrunv2/getJob.ts @@ -110,7 +110,7 @@ export interface GetJobResult { * }); * ``` */ -export function getJobOutput(args: GetJobOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getJobOutput(args: GetJobOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:cloudrunv2/getJob:getJob", { "location": args.location, diff --git a/sdk/nodejs/cloudrunv2/getJobIamPolicy.ts b/sdk/nodejs/cloudrunv2/getJobIamPolicy.ts index ed9559dc12..d35753868f 100644 --- a/sdk/nodejs/cloudrunv2/getJobIamPolicy.ts +++ b/sdk/nodejs/cloudrunv2/getJobIamPolicy.ts @@ -87,7 +87,7 @@ export interface GetJobIamPolicyResult { * }); * ``` */ -export function getJobIamPolicyOutput(args: GetJobIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getJobIamPolicyOutput(args: GetJobIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:cloudrunv2/getJobIamPolicy:getJobIamPolicy", { "location": args.location, diff --git a/sdk/nodejs/cloudrunv2/getService.ts b/sdk/nodejs/cloudrunv2/getService.ts index ffb867f943..9831557450 100644 --- a/sdk/nodejs/cloudrunv2/getService.ts +++ b/sdk/nodejs/cloudrunv2/getService.ts @@ -118,7 +118,7 @@ export interface GetServiceResult { * }); * ``` */ -export function getServiceOutput(args: GetServiceOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getServiceOutput(args: GetServiceOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:cloudrunv2/getService:getService", { "location": args.location, diff --git a/sdk/nodejs/cloudrunv2/getServiceIamPolicy.ts b/sdk/nodejs/cloudrunv2/getServiceIamPolicy.ts index bd9dc7602c..d2dbbfb69e 100644 --- a/sdk/nodejs/cloudrunv2/getServiceIamPolicy.ts +++ b/sdk/nodejs/cloudrunv2/getServiceIamPolicy.ts @@ -87,7 +87,7 @@ export interface GetServiceIamPolicyResult { * }); * ``` */ -export function getServiceIamPolicyOutput(args: GetServiceIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getServiceIamPolicyOutput(args: GetServiceIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:cloudrunv2/getServiceIamPolicy:getServiceIamPolicy", { "location": args.location, diff --git a/sdk/nodejs/cloudtasks/getQueueIamPolicy.ts b/sdk/nodejs/cloudtasks/getQueueIamPolicy.ts index 81f75e3b29..0c6290d18e 100644 --- a/sdk/nodejs/cloudtasks/getQueueIamPolicy.ts +++ b/sdk/nodejs/cloudtasks/getQueueIamPolicy.ts @@ -87,7 +87,7 @@ export interface GetQueueIamPolicyResult { * }); * ``` */ -export function getQueueIamPolicyOutput(args: GetQueueIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getQueueIamPolicyOutput(args: GetQueueIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:cloudtasks/getQueueIamPolicy:getQueueIamPolicy", { "location": args.location, diff --git a/sdk/nodejs/composer/getEnvironment.ts b/sdk/nodejs/composer/getEnvironment.ts index d3c3ef746c..3adfe01d5c 100644 --- a/sdk/nodejs/composer/getEnvironment.ts +++ b/sdk/nodejs/composer/getEnvironment.ts @@ -86,7 +86,7 @@ export interface GetEnvironmentResult { * export const debug = composerEnv.then(composerEnv => composerEnv.configs); * ``` */ -export function getEnvironmentOutput(args: GetEnvironmentOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getEnvironmentOutput(args: GetEnvironmentOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:composer/getEnvironment:getEnvironment", { "name": args.name, diff --git a/sdk/nodejs/composer/getImageVersions.ts b/sdk/nodejs/composer/getImageVersions.ts index 5128848304..78ff338fb8 100644 --- a/sdk/nodejs/composer/getImageVersions.ts +++ b/sdk/nodejs/composer/getImageVersions.ts @@ -88,7 +88,7 @@ export interface GetImageVersionsResult { * }); * ``` */ -export function getImageVersionsOutput(args?: GetImageVersionsOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getImageVersionsOutput(args?: GetImageVersionsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:composer/getImageVersions:getImageVersions", { diff --git a/sdk/nodejs/composer/getUserWorkloadsConfigMap.ts b/sdk/nodejs/composer/getUserWorkloadsConfigMap.ts index 83a5ef99b1..5a36d599ad 100644 --- a/sdk/nodejs/composer/getUserWorkloadsConfigMap.ts +++ b/sdk/nodejs/composer/getUserWorkloadsConfigMap.ts @@ -115,7 +115,7 @@ export interface GetUserWorkloadsConfigMapResult { * export const debug = example; * ``` */ -export function getUserWorkloadsConfigMapOutput(args: GetUserWorkloadsConfigMapOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getUserWorkloadsConfigMapOutput(args: GetUserWorkloadsConfigMapOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:composer/getUserWorkloadsConfigMap:getUserWorkloadsConfigMap", { "environment": args.environment, diff --git a/sdk/nodejs/composer/getUserWorkloadsSecret.ts b/sdk/nodejs/composer/getUserWorkloadsSecret.ts index 8c656b2d45..4a1878fc20 100644 --- a/sdk/nodejs/composer/getUserWorkloadsSecret.ts +++ b/sdk/nodejs/composer/getUserWorkloadsSecret.ts @@ -121,7 +121,7 @@ export interface GetUserWorkloadsSecretResult { * export const debug = example; * ``` */ -export function getUserWorkloadsSecretOutput(args: GetUserWorkloadsSecretOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getUserWorkloadsSecretOutput(args: GetUserWorkloadsSecretOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:composer/getUserWorkloadsSecret:getUserWorkloadsSecret", { "environment": args.environment, diff --git a/sdk/nodejs/compute/getAddress.ts b/sdk/nodejs/compute/getAddress.ts index 36f03b7f8a..2a6899d982 100644 --- a/sdk/nodejs/compute/getAddress.ts +++ b/sdk/nodejs/compute/getAddress.ts @@ -118,7 +118,7 @@ export interface GetAddressResult { * }); * ``` */ -export function getAddressOutput(args: GetAddressOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAddressOutput(args: GetAddressOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getAddress:getAddress", { "name": args.name, diff --git a/sdk/nodejs/compute/getAddresses.ts b/sdk/nodejs/compute/getAddresses.ts index bec481b663..4639a89661 100644 --- a/sdk/nodejs/compute/getAddresses.ts +++ b/sdk/nodejs/compute/getAddresses.ts @@ -130,7 +130,7 @@ export interface GetAddressesResult { * }); * ``` */ -export function getAddressesOutput(args?: GetAddressesOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAddressesOutput(args?: GetAddressesOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getAddresses:getAddresses", { diff --git a/sdk/nodejs/compute/getBackendBucket.ts b/sdk/nodejs/compute/getBackendBucket.ts index ce50d5605d..d932d23623 100644 --- a/sdk/nodejs/compute/getBackendBucket.ts +++ b/sdk/nodejs/compute/getBackendBucket.ts @@ -79,7 +79,7 @@ export interface GetBackendBucketResult { * }); * ``` */ -export function getBackendBucketOutput(args: GetBackendBucketOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getBackendBucketOutput(args: GetBackendBucketOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getBackendBucket:getBackendBucket", { "name": args.name, diff --git a/sdk/nodejs/compute/getBackendBucketIamPolicy.ts b/sdk/nodejs/compute/getBackendBucketIamPolicy.ts index e326534a55..088c9a14e6 100644 --- a/sdk/nodejs/compute/getBackendBucketIamPolicy.ts +++ b/sdk/nodejs/compute/getBackendBucketIamPolicy.ts @@ -47,7 +47,7 @@ export interface GetBackendBucketIamPolicyResult { readonly policyData: string; readonly project: string; } -export function getBackendBucketIamPolicyOutput(args: GetBackendBucketIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getBackendBucketIamPolicyOutput(args: GetBackendBucketIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getBackendBucketIamPolicy:getBackendBucketIamPolicy", { "name": args.name, diff --git a/sdk/nodejs/compute/getBackendService.ts b/sdk/nodejs/compute/getBackendService.ts index e4f2ee1e27..dfec51ad31 100644 --- a/sdk/nodejs/compute/getBackendService.ts +++ b/sdk/nodejs/compute/getBackendService.ts @@ -149,7 +149,7 @@ export interface GetBackendServiceResult { * }); * ``` */ -export function getBackendServiceOutput(args: GetBackendServiceOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getBackendServiceOutput(args: GetBackendServiceOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getBackendService:getBackendService", { "name": args.name, diff --git a/sdk/nodejs/compute/getBackendServiceIamPolicy.ts b/sdk/nodejs/compute/getBackendServiceIamPolicy.ts index 18101e4ff5..6b98ef6e69 100644 --- a/sdk/nodejs/compute/getBackendServiceIamPolicy.ts +++ b/sdk/nodejs/compute/getBackendServiceIamPolicy.ts @@ -47,7 +47,7 @@ export interface GetBackendServiceIamPolicyResult { readonly policyData: string; readonly project: string; } -export function getBackendServiceIamPolicyOutput(args: GetBackendServiceIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getBackendServiceIamPolicyOutput(args: GetBackendServiceIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getBackendServiceIamPolicy:getBackendServiceIamPolicy", { "name": args.name, diff --git a/sdk/nodejs/compute/getCertificate.ts b/sdk/nodejs/compute/getCertificate.ts index acbd0b6f69..b49b24923d 100644 --- a/sdk/nodejs/compute/getCertificate.ts +++ b/sdk/nodejs/compute/getCertificate.ts @@ -82,7 +82,7 @@ export interface GetCertificateResult { * export const selfLink = myCert.then(myCert => myCert.selfLink); * ``` */ -export function getCertificateOutput(args: GetCertificateOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getCertificateOutput(args: GetCertificateOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getCertificate:getCertificate", { "name": args.name, diff --git a/sdk/nodejs/compute/getDefaultServiceAccount.ts b/sdk/nodejs/compute/getDefaultServiceAccount.ts index 617a4710ce..42dfdcecac 100644 --- a/sdk/nodejs/compute/getDefaultServiceAccount.ts +++ b/sdk/nodejs/compute/getDefaultServiceAccount.ts @@ -78,7 +78,7 @@ export interface GetDefaultServiceAccountResult { * export const defaultAccount = _default.then(_default => _default.email); * ``` */ -export function getDefaultServiceAccountOutput(args?: GetDefaultServiceAccountOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getDefaultServiceAccountOutput(args?: GetDefaultServiceAccountOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getDefaultServiceAccount:getDefaultServiceAccount", { diff --git a/sdk/nodejs/compute/getDisk.ts b/sdk/nodejs/compute/getDisk.ts index 6e39c08e9e..ff41da0863 100644 --- a/sdk/nodejs/compute/getDisk.ts +++ b/sdk/nodejs/compute/getDisk.ts @@ -190,7 +190,7 @@ export interface GetDiskResult { * }}); * ``` */ -export function getDiskOutput(args: GetDiskOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getDiskOutput(args: GetDiskOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getDisk:getDisk", { "name": args.name, diff --git a/sdk/nodejs/compute/getDiskIamPolicy.ts b/sdk/nodejs/compute/getDiskIamPolicy.ts index b3f60a1f32..28430b7a14 100644 --- a/sdk/nodejs/compute/getDiskIamPolicy.ts +++ b/sdk/nodejs/compute/getDiskIamPolicy.ts @@ -87,7 +87,7 @@ export interface GetDiskIamPolicyResult { * }); * ``` */ -export function getDiskIamPolicyOutput(args: GetDiskIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getDiskIamPolicyOutput(args: GetDiskIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getDiskIamPolicy:getDiskIamPolicy", { "name": args.name, diff --git a/sdk/nodejs/compute/getForwardingRule.ts b/sdk/nodejs/compute/getForwardingRule.ts index a21a46c32d..15fa178451 100644 --- a/sdk/nodejs/compute/getForwardingRule.ts +++ b/sdk/nodejs/compute/getForwardingRule.ts @@ -110,7 +110,7 @@ export interface GetForwardingRuleResult { * }); * ``` */ -export function getForwardingRuleOutput(args: GetForwardingRuleOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getForwardingRuleOutput(args: GetForwardingRuleOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getForwardingRule:getForwardingRule", { "name": args.name, diff --git a/sdk/nodejs/compute/getForwardingRules.ts b/sdk/nodejs/compute/getForwardingRules.ts index e63b525d9c..4b4a0dece1 100644 --- a/sdk/nodejs/compute/getForwardingRules.ts +++ b/sdk/nodejs/compute/getForwardingRules.ts @@ -82,7 +82,7 @@ export interface GetForwardingRulesResult { * }); * ``` */ -export function getForwardingRulesOutput(args?: GetForwardingRulesOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getForwardingRulesOutput(args?: GetForwardingRulesOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getForwardingRules:getForwardingRules", { diff --git a/sdk/nodejs/compute/getGlobalAddress.ts b/sdk/nodejs/compute/getGlobalAddress.ts index ac02be5beb..348ea779b9 100644 --- a/sdk/nodejs/compute/getGlobalAddress.ts +++ b/sdk/nodejs/compute/getGlobalAddress.ts @@ -111,7 +111,7 @@ export interface GetGlobalAddressResult { * }); * ``` */ -export function getGlobalAddressOutput(args: GetGlobalAddressOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getGlobalAddressOutput(args: GetGlobalAddressOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getGlobalAddress:getGlobalAddress", { "name": args.name, diff --git a/sdk/nodejs/compute/getGlobalForwardingRule.ts b/sdk/nodejs/compute/getGlobalForwardingRule.ts index 0caadd35d5..3e57ca27de 100644 --- a/sdk/nodejs/compute/getGlobalForwardingRule.ts +++ b/sdk/nodejs/compute/getGlobalForwardingRule.ts @@ -92,7 +92,7 @@ export interface GetGlobalForwardingRuleResult { * }); * ``` */ -export function getGlobalForwardingRuleOutput(args: GetGlobalForwardingRuleOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getGlobalForwardingRuleOutput(args: GetGlobalForwardingRuleOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getGlobalForwardingRule:getGlobalForwardingRule", { "name": args.name, diff --git a/sdk/nodejs/compute/getHcVpnGateway.ts b/sdk/nodejs/compute/getHcVpnGateway.ts index ca939953aa..7b153e47f3 100644 --- a/sdk/nodejs/compute/getHcVpnGateway.ts +++ b/sdk/nodejs/compute/getHcVpnGateway.ts @@ -84,7 +84,7 @@ export interface GetHcVpnGatewayResult { * }); * ``` */ -export function getHcVpnGatewayOutput(args: GetHcVpnGatewayOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getHcVpnGatewayOutput(args: GetHcVpnGatewayOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getHcVpnGateway:getHcVpnGateway", { "name": args.name, diff --git a/sdk/nodejs/compute/getHealthCheck.ts b/sdk/nodejs/compute/getHealthCheck.ts index 16aabba3e5..6f4000d14f 100644 --- a/sdk/nodejs/compute/getHealthCheck.ts +++ b/sdk/nodejs/compute/getHealthCheck.ts @@ -86,7 +86,7 @@ export interface GetHealthCheckResult { * }); * ``` */ -export function getHealthCheckOutput(args: GetHealthCheckOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getHealthCheckOutput(args: GetHealthCheckOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getHealthCheck:getHealthCheck", { "name": args.name, diff --git a/sdk/nodejs/compute/getImage.ts b/sdk/nodejs/compute/getImage.ts index 8b363ecf14..226ef7254a 100644 --- a/sdk/nodejs/compute/getImage.ts +++ b/sdk/nodejs/compute/getImage.ts @@ -175,7 +175,7 @@ export interface GetImageResult { * }}); * ``` */ -export function getImageOutput(args?: GetImageOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getImageOutput(args?: GetImageOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getImage:getImage", { diff --git a/sdk/nodejs/compute/getImageIamPolicy.ts b/sdk/nodejs/compute/getImageIamPolicy.ts index 6eba2951a3..1418c8c83f 100644 --- a/sdk/nodejs/compute/getImageIamPolicy.ts +++ b/sdk/nodejs/compute/getImageIamPolicy.ts @@ -77,7 +77,7 @@ export interface GetImageIamPolicyResult { * }); * ``` */ -export function getImageIamPolicyOutput(args: GetImageIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getImageIamPolicyOutput(args: GetImageIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getImageIamPolicy:getImageIamPolicy", { "image": args.image, diff --git a/sdk/nodejs/compute/getInstance.ts b/sdk/nodejs/compute/getInstance.ts index b389d93839..32646818df 100644 --- a/sdk/nodejs/compute/getInstance.ts +++ b/sdk/nodejs/compute/getInstance.ts @@ -214,7 +214,7 @@ export interface GetInstanceResult { * }); * ``` */ -export function getInstanceOutput(args?: GetInstanceOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getInstanceOutput(args?: GetInstanceOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getInstance:getInstance", { diff --git a/sdk/nodejs/compute/getInstanceGroup.ts b/sdk/nodejs/compute/getInstanceGroup.ts index d6909b7a93..801a334175 100644 --- a/sdk/nodejs/compute/getInstanceGroup.ts +++ b/sdk/nodejs/compute/getInstanceGroup.ts @@ -107,7 +107,7 @@ export interface GetInstanceGroupResult { * }); * ``` */ -export function getInstanceGroupOutput(args?: GetInstanceGroupOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getInstanceGroupOutput(args?: GetInstanceGroupOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getInstanceGroup:getInstanceGroup", { diff --git a/sdk/nodejs/compute/getInstanceGroupManager.ts b/sdk/nodejs/compute/getInstanceGroupManager.ts index 8af1eaf3fc..e62b2e2e0a 100644 --- a/sdk/nodejs/compute/getInstanceGroupManager.ts +++ b/sdk/nodejs/compute/getInstanceGroupManager.ts @@ -117,7 +117,7 @@ export interface GetInstanceGroupManagerResult { * }); * ``` */ -export function getInstanceGroupManagerOutput(args?: GetInstanceGroupManagerOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getInstanceGroupManagerOutput(args?: GetInstanceGroupManagerOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getInstanceGroupManager:getInstanceGroupManager", { diff --git a/sdk/nodejs/compute/getInstanceGuestAttributes.ts b/sdk/nodejs/compute/getInstanceGuestAttributes.ts index 7076f393e7..4c885162c1 100644 --- a/sdk/nodejs/compute/getInstanceGuestAttributes.ts +++ b/sdk/nodejs/compute/getInstanceGuestAttributes.ts @@ -150,7 +150,7 @@ export interface GetInstanceGuestAttributesResult { * }); * ``` */ -export function getInstanceGuestAttributesOutput(args: GetInstanceGuestAttributesOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getInstanceGuestAttributesOutput(args: GetInstanceGuestAttributesOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getInstanceGuestAttributes:getInstanceGuestAttributes", { "name": args.name, diff --git a/sdk/nodejs/compute/getInstanceIamPolicy.ts b/sdk/nodejs/compute/getInstanceIamPolicy.ts index 7413e8b158..2b12aa6b62 100644 --- a/sdk/nodejs/compute/getInstanceIamPolicy.ts +++ b/sdk/nodejs/compute/getInstanceIamPolicy.ts @@ -87,7 +87,7 @@ export interface GetInstanceIamPolicyResult { * }); * ``` */ -export function getInstanceIamPolicyOutput(args: GetInstanceIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getInstanceIamPolicyOutput(args: GetInstanceIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getInstanceIamPolicy:getInstanceIamPolicy", { "instanceName": args.instanceName, diff --git a/sdk/nodejs/compute/getInstanceSerialPort.ts b/sdk/nodejs/compute/getInstanceSerialPort.ts index 227bde6132..8a2c0d3121 100644 --- a/sdk/nodejs/compute/getInstanceSerialPort.ts +++ b/sdk/nodejs/compute/getInstanceSerialPort.ts @@ -183,7 +183,7 @@ export interface GetInstanceSerialPortResult { * export const serialOut = serial.apply(serial => serial.contents); * ``` */ -export function getInstanceSerialPortOutput(args: GetInstanceSerialPortOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getInstanceSerialPortOutput(args: GetInstanceSerialPortOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getInstanceSerialPort:getInstanceSerialPort", { "instance": args.instance, diff --git a/sdk/nodejs/compute/getInstanceTemplate.ts b/sdk/nodejs/compute/getInstanceTemplate.ts index e5485a6e63..09f6a3f92a 100644 --- a/sdk/nodejs/compute/getInstanceTemplate.ts +++ b/sdk/nodejs/compute/getInstanceTemplate.ts @@ -220,7 +220,7 @@ export interface GetInstanceTemplateResult { * and * [API](https://cloud.google.com/compute/docs/reference/rest/v1/instanceTemplates). */ -export function getInstanceTemplateOutput(args?: GetInstanceTemplateOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getInstanceTemplateOutput(args?: GetInstanceTemplateOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getInstanceTemplate:getInstanceTemplate", { diff --git a/sdk/nodejs/compute/getLBIPRanges.ts b/sdk/nodejs/compute/getLBIPRanges.ts index 75aa127ccf..000f9c0c47 100644 --- a/sdk/nodejs/compute/getLBIPRanges.ts +++ b/sdk/nodejs/compute/getLBIPRanges.ts @@ -75,7 +75,7 @@ export interface GetLBIPRangesResult { * }); * ``` */ -export function getLBIPRangesOutput(opts?: pulumi.InvokeOptions): pulumi.Output { +export function getLBIPRangesOutput(opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getLBIPRanges:getLBIPRanges", { }, opts); diff --git a/sdk/nodejs/compute/getMachineImageIamPolicy.ts b/sdk/nodejs/compute/getMachineImageIamPolicy.ts index 8ee79880a4..d4262af21f 100644 --- a/sdk/nodejs/compute/getMachineImageIamPolicy.ts +++ b/sdk/nodejs/compute/getMachineImageIamPolicy.ts @@ -47,7 +47,7 @@ export interface GetMachineImageIamPolicyResult { readonly policyData: string; readonly project: string; } -export function getMachineImageIamPolicyOutput(args: GetMachineImageIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getMachineImageIamPolicyOutput(args: GetMachineImageIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getMachineImageIamPolicy:getMachineImageIamPolicy", { "machineImage": args.machineImage, diff --git a/sdk/nodejs/compute/getMachineTypes.ts b/sdk/nodejs/compute/getMachineTypes.ts index 50e2b6e3aa..7bd26b8974 100644 --- a/sdk/nodejs/compute/getMachineTypes.ts +++ b/sdk/nodejs/compute/getMachineTypes.ts @@ -72,7 +72,7 @@ export interface GetMachineTypesResult { * * ## Example Usage */ -export function getMachineTypesOutput(args?: GetMachineTypesOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getMachineTypesOutput(args?: GetMachineTypesOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getMachineTypes:getMachineTypes", { diff --git a/sdk/nodejs/compute/getNetblockIPRanges.ts b/sdk/nodejs/compute/getNetblockIPRanges.ts index 940821fe51..dbc443052e 100644 --- a/sdk/nodejs/compute/getNetblockIPRanges.ts +++ b/sdk/nodejs/compute/getNetblockIPRanges.ts @@ -138,7 +138,7 @@ export interface GetNetblockIPRangesResult { * }); * ``` */ -export function getNetblockIPRangesOutput(args?: GetNetblockIPRangesOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getNetblockIPRangesOutput(args?: GetNetblockIPRangesOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getNetblockIPRanges:getNetblockIPRanges", { diff --git a/sdk/nodejs/compute/getNetwork.ts b/sdk/nodejs/compute/getNetwork.ts index d895f263a7..ff945e83d9 100644 --- a/sdk/nodejs/compute/getNetwork.ts +++ b/sdk/nodejs/compute/getNetwork.ts @@ -89,7 +89,7 @@ export interface GetNetworkResult { * }); * ``` */ -export function getNetworkOutput(args: GetNetworkOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getNetworkOutput(args: GetNetworkOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getNetwork:getNetwork", { "name": args.name, diff --git a/sdk/nodejs/compute/getNetworkEndpointGroup.ts b/sdk/nodejs/compute/getNetworkEndpointGroup.ts index 2b6bbc4ac6..6124e33bd5 100644 --- a/sdk/nodejs/compute/getNetworkEndpointGroup.ts +++ b/sdk/nodejs/compute/getNetworkEndpointGroup.ts @@ -116,7 +116,7 @@ export interface GetNetworkEndpointGroupResult { * }); * ``` */ -export function getNetworkEndpointGroupOutput(args?: GetNetworkEndpointGroupOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getNetworkEndpointGroupOutput(args?: GetNetworkEndpointGroupOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getNetworkEndpointGroup:getNetworkEndpointGroup", { diff --git a/sdk/nodejs/compute/getNetworkPeering.ts b/sdk/nodejs/compute/getNetworkPeering.ts index d2c072d46f..4f752f7152 100644 --- a/sdk/nodejs/compute/getNetworkPeering.ts +++ b/sdk/nodejs/compute/getNetworkPeering.ts @@ -117,7 +117,7 @@ export interface GetNetworkPeeringResult { * }); * ``` */ -export function getNetworkPeeringOutput(args: GetNetworkPeeringOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getNetworkPeeringOutput(args: GetNetworkPeeringOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getNetworkPeering:getNetworkPeering", { "name": args.name, diff --git a/sdk/nodejs/compute/getNetworks.ts b/sdk/nodejs/compute/getNetworks.ts index c19d0b6391..00dd656874 100644 --- a/sdk/nodejs/compute/getNetworks.ts +++ b/sdk/nodejs/compute/getNetworks.ts @@ -71,7 +71,7 @@ export interface GetNetworksResult { * }); * ``` */ -export function getNetworksOutput(args?: GetNetworksOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getNetworksOutput(args?: GetNetworksOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getNetworks:getNetworks", { diff --git a/sdk/nodejs/compute/getNodeTypes.ts b/sdk/nodejs/compute/getNodeTypes.ts index 88c4d5800e..5d60b3caa4 100644 --- a/sdk/nodejs/compute/getNodeTypes.ts +++ b/sdk/nodejs/compute/getNodeTypes.ts @@ -85,7 +85,7 @@ export interface GetNodeTypesResult { * }); * ``` */ -export function getNodeTypesOutput(args?: GetNodeTypesOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getNodeTypesOutput(args?: GetNodeTypesOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getNodeTypes:getNodeTypes", { diff --git a/sdk/nodejs/compute/getRegionBackendServiceIamPolicy.ts b/sdk/nodejs/compute/getRegionBackendServiceIamPolicy.ts index 6ed8d39f06..e92b92f914 100644 --- a/sdk/nodejs/compute/getRegionBackendServiceIamPolicy.ts +++ b/sdk/nodejs/compute/getRegionBackendServiceIamPolicy.ts @@ -57,7 +57,7 @@ export interface GetRegionBackendServiceIamPolicyResult { readonly project: string; readonly region: string; } -export function getRegionBackendServiceIamPolicyOutput(args: GetRegionBackendServiceIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getRegionBackendServiceIamPolicyOutput(args: GetRegionBackendServiceIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getRegionBackendServiceIamPolicy:getRegionBackendServiceIamPolicy", { "name": args.name, diff --git a/sdk/nodejs/compute/getRegionDisk.ts b/sdk/nodejs/compute/getRegionDisk.ts index cd9f1934c2..fe6f301287 100644 --- a/sdk/nodejs/compute/getRegionDisk.ts +++ b/sdk/nodejs/compute/getRegionDisk.ts @@ -82,7 +82,7 @@ export interface GetRegionDiskResult { * * [the official documentation](https://cloud.google.com/compute/docs/disks) and its [API](https://cloud.google.com/compute/docs/reference/rest/v1/regionDisks). */ -export function getRegionDiskOutput(args: GetRegionDiskOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getRegionDiskOutput(args: GetRegionDiskOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getRegionDisk:getRegionDisk", { "name": args.name, diff --git a/sdk/nodejs/compute/getRegionDiskIamPolicy.ts b/sdk/nodejs/compute/getRegionDiskIamPolicy.ts index bcf8ac130f..cbc76d13f3 100644 --- a/sdk/nodejs/compute/getRegionDiskIamPolicy.ts +++ b/sdk/nodejs/compute/getRegionDiskIamPolicy.ts @@ -87,7 +87,7 @@ export interface GetRegionDiskIamPolicyResult { * }); * ``` */ -export function getRegionDiskIamPolicyOutput(args: GetRegionDiskIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getRegionDiskIamPolicyOutput(args: GetRegionDiskIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getRegionDiskIamPolicy:getRegionDiskIamPolicy", { "name": args.name, diff --git a/sdk/nodejs/compute/getRegionInstanceGroup.ts b/sdk/nodejs/compute/getRegionInstanceGroup.ts index f45c2bda17..21e5fe16e3 100644 --- a/sdk/nodejs/compute/getRegionInstanceGroup.ts +++ b/sdk/nodejs/compute/getRegionInstanceGroup.ts @@ -99,7 +99,7 @@ export interface GetRegionInstanceGroupResult { * * The most common use of this datasource will be to fetch information about the instances inside regional managed instance groups, for instance: */ -export function getRegionInstanceGroupOutput(args?: GetRegionInstanceGroupOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getRegionInstanceGroupOutput(args?: GetRegionInstanceGroupOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getRegionInstanceGroup:getRegionInstanceGroup", { diff --git a/sdk/nodejs/compute/getRegionInstanceGroupManager.ts b/sdk/nodejs/compute/getRegionInstanceGroupManager.ts index bfb27e0958..f4bdd10387 100644 --- a/sdk/nodejs/compute/getRegionInstanceGroupManager.ts +++ b/sdk/nodejs/compute/getRegionInstanceGroupManager.ts @@ -112,7 +112,7 @@ export interface GetRegionInstanceGroupManagerResult { * }); * ``` */ -export function getRegionInstanceGroupManagerOutput(args?: GetRegionInstanceGroupManagerOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getRegionInstanceGroupManagerOutput(args?: GetRegionInstanceGroupManagerOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getRegionInstanceGroupManager:getRegionInstanceGroupManager", { diff --git a/sdk/nodejs/compute/getRegionInstanceTemplate.ts b/sdk/nodejs/compute/getRegionInstanceTemplate.ts index 5d856401ca..439417905f 100644 --- a/sdk/nodejs/compute/getRegionInstanceTemplate.ts +++ b/sdk/nodejs/compute/getRegionInstanceTemplate.ts @@ -235,7 +235,7 @@ export interface GetRegionInstanceTemplateResult { * }); * ``` */ -export function getRegionInstanceTemplateOutput(args?: GetRegionInstanceTemplateOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getRegionInstanceTemplateOutput(args?: GetRegionInstanceTemplateOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getRegionInstanceTemplate:getRegionInstanceTemplate", { diff --git a/sdk/nodejs/compute/getRegionNetworkEndpointGroup.ts b/sdk/nodejs/compute/getRegionNetworkEndpointGroup.ts index d0b7c30ca0..89a22b67d7 100644 --- a/sdk/nodejs/compute/getRegionNetworkEndpointGroup.ts +++ b/sdk/nodejs/compute/getRegionNetworkEndpointGroup.ts @@ -116,7 +116,7 @@ export interface GetRegionNetworkEndpointGroupResult { * }); * ``` */ -export function getRegionNetworkEndpointGroupOutput(args?: GetRegionNetworkEndpointGroupOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getRegionNetworkEndpointGroupOutput(args?: GetRegionNetworkEndpointGroupOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getRegionNetworkEndpointGroup:getRegionNetworkEndpointGroup", { diff --git a/sdk/nodejs/compute/getRegionSslCertificate.ts b/sdk/nodejs/compute/getRegionSslCertificate.ts index 81abdcd202..6ecd3660e0 100644 --- a/sdk/nodejs/compute/getRegionSslCertificate.ts +++ b/sdk/nodejs/compute/getRegionSslCertificate.ts @@ -89,7 +89,7 @@ export interface GetRegionSslCertificateResult { * export const selfLink = myCert.then(myCert => myCert.selfLink); * ``` */ -export function getRegionSslCertificateOutput(args: GetRegionSslCertificateOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getRegionSslCertificateOutput(args: GetRegionSslCertificateOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getRegionSslCertificate:getRegionSslCertificate", { "name": args.name, diff --git a/sdk/nodejs/compute/getRegions.ts b/sdk/nodejs/compute/getRegions.ts index c3626fa68b..6da53bf75a 100644 --- a/sdk/nodejs/compute/getRegions.ts +++ b/sdk/nodejs/compute/getRegions.ts @@ -87,7 +87,7 @@ export interface GetRegionsResult { * } * ``` */ -export function getRegionsOutput(args?: GetRegionsOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getRegionsOutput(args?: GetRegionsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getRegions:getRegions", { diff --git a/sdk/nodejs/compute/getReservation.ts b/sdk/nodejs/compute/getReservation.ts index 5e3b6d333e..50194984cc 100644 --- a/sdk/nodejs/compute/getReservation.ts +++ b/sdk/nodejs/compute/getReservation.ts @@ -81,7 +81,7 @@ export interface GetReservationResult { * }); * ``` */ -export function getReservationOutput(args: GetReservationOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getReservationOutput(args: GetReservationOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getReservation:getReservation", { "name": args.name, diff --git a/sdk/nodejs/compute/getResourcePolicy.ts b/sdk/nodejs/compute/getResourcePolicy.ts index 409c1e4ebf..406e0b9fbd 100644 --- a/sdk/nodejs/compute/getResourcePolicy.ts +++ b/sdk/nodejs/compute/getResourcePolicy.ts @@ -83,7 +83,7 @@ export interface GetResourcePolicyResult { * }); * ``` */ -export function getResourcePolicyOutput(args: GetResourcePolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getResourcePolicyOutput(args: GetResourcePolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getResourcePolicy:getResourcePolicy", { "name": args.name, diff --git a/sdk/nodejs/compute/getRouter.ts b/sdk/nodejs/compute/getRouter.ts index e25b4907c8..863f106ba5 100644 --- a/sdk/nodejs/compute/getRouter.ts +++ b/sdk/nodejs/compute/getRouter.ts @@ -88,7 +88,7 @@ export interface GetRouterResult { * }); * ``` */ -export function getRouterOutput(args: GetRouterOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getRouterOutput(args: GetRouterOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getRouter:getRouter", { "name": args.name, diff --git a/sdk/nodejs/compute/getRouterNat.ts b/sdk/nodejs/compute/getRouterNat.ts index 58b68cbc93..ccb34650e9 100644 --- a/sdk/nodejs/compute/getRouterNat.ts +++ b/sdk/nodejs/compute/getRouterNat.ts @@ -113,7 +113,7 @@ export interface GetRouterNatResult { * }); * ``` */ -export function getRouterNatOutput(args: GetRouterNatOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getRouterNatOutput(args: GetRouterNatOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getRouterNat:getRouterNat", { "name": args.name, diff --git a/sdk/nodejs/compute/getRouterStatus.ts b/sdk/nodejs/compute/getRouterStatus.ts index ae4d180a76..4d8a53cdaa 100644 --- a/sdk/nodejs/compute/getRouterStatus.ts +++ b/sdk/nodejs/compute/getRouterStatus.ts @@ -98,7 +98,7 @@ export interface GetRouterStatusResult { * }); * ``` */ -export function getRouterStatusOutput(args: GetRouterStatusOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getRouterStatusOutput(args: GetRouterStatusOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getRouterStatus:getRouterStatus", { "name": args.name, diff --git a/sdk/nodejs/compute/getSSLPolicy.ts b/sdk/nodejs/compute/getSSLPolicy.ts index 5697d7e890..ca437965f1 100644 --- a/sdk/nodejs/compute/getSSLPolicy.ts +++ b/sdk/nodejs/compute/getSSLPolicy.ts @@ -101,7 +101,7 @@ export interface GetSSLPolicyResult { * }); * ``` */ -export function getSSLPolicyOutput(args: GetSSLPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getSSLPolicyOutput(args: GetSSLPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getSSLPolicy:getSSLPolicy", { "name": args.name, diff --git a/sdk/nodejs/compute/getSecurityPolicy.ts b/sdk/nodejs/compute/getSecurityPolicy.ts index b241609f03..367bf09ae2 100644 --- a/sdk/nodejs/compute/getSecurityPolicy.ts +++ b/sdk/nodejs/compute/getSecurityPolicy.ts @@ -97,7 +97,7 @@ export interface GetSecurityPolicyResult { * }); * ``` */ -export function getSecurityPolicyOutput(args?: GetSecurityPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getSecurityPolicyOutput(args?: GetSecurityPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getSecurityPolicy:getSecurityPolicy", { diff --git a/sdk/nodejs/compute/getSnapshot.ts b/sdk/nodejs/compute/getSnapshot.ts index 66fcb7d706..2a13e2c98d 100644 --- a/sdk/nodejs/compute/getSnapshot.ts +++ b/sdk/nodejs/compute/getSnapshot.ts @@ -123,7 +123,7 @@ export interface GetSnapshotResult { * }); * ``` */ -export function getSnapshotOutput(args?: GetSnapshotOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getSnapshotOutput(args?: GetSnapshotOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getSnapshot:getSnapshot", { diff --git a/sdk/nodejs/compute/getSnapshotIamPolicy.ts b/sdk/nodejs/compute/getSnapshotIamPolicy.ts index e33ce77817..0ca046b401 100644 --- a/sdk/nodejs/compute/getSnapshotIamPolicy.ts +++ b/sdk/nodejs/compute/getSnapshotIamPolicy.ts @@ -77,7 +77,7 @@ export interface GetSnapshotIamPolicyResult { * }); * ``` */ -export function getSnapshotIamPolicyOutput(args: GetSnapshotIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getSnapshotIamPolicyOutput(args: GetSnapshotIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getSnapshotIamPolicy:getSnapshotIamPolicy", { "name": args.name, diff --git a/sdk/nodejs/compute/getSubnetwork.ts b/sdk/nodejs/compute/getSubnetwork.ts index 2ee6204e4d..20e631844c 100644 --- a/sdk/nodejs/compute/getSubnetwork.ts +++ b/sdk/nodejs/compute/getSubnetwork.ts @@ -119,7 +119,7 @@ export interface GetSubnetworkResult { * }); * ``` */ -export function getSubnetworkOutput(args?: GetSubnetworkOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getSubnetworkOutput(args?: GetSubnetworkOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getSubnetwork:getSubnetwork", { diff --git a/sdk/nodejs/compute/getSubnetworkIamPolicy.ts b/sdk/nodejs/compute/getSubnetworkIamPolicy.ts index 6e66812cb9..210250c2fc 100644 --- a/sdk/nodejs/compute/getSubnetworkIamPolicy.ts +++ b/sdk/nodejs/compute/getSubnetworkIamPolicy.ts @@ -88,7 +88,7 @@ export interface GetSubnetworkIamPolicyResult { * }); * ``` */ -export function getSubnetworkIamPolicyOutput(args: GetSubnetworkIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getSubnetworkIamPolicyOutput(args: GetSubnetworkIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getSubnetworkIamPolicy:getSubnetworkIamPolicy", { "project": args.project, diff --git a/sdk/nodejs/compute/getSubnetworks.ts b/sdk/nodejs/compute/getSubnetworks.ts index 5b41bd5700..cf7e991f57 100644 --- a/sdk/nodejs/compute/getSubnetworks.ts +++ b/sdk/nodejs/compute/getSubnetworks.ts @@ -88,7 +88,7 @@ export interface GetSubnetworksResult { * }); * ``` */ -export function getSubnetworksOutput(args?: GetSubnetworksOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getSubnetworksOutput(args?: GetSubnetworksOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getSubnetworks:getSubnetworks", { diff --git a/sdk/nodejs/compute/getVPNGateway.ts b/sdk/nodejs/compute/getVPNGateway.ts index 1a447b243c..8d5e60c3f3 100644 --- a/sdk/nodejs/compute/getVPNGateway.ts +++ b/sdk/nodejs/compute/getVPNGateway.ts @@ -91,7 +91,7 @@ export interface GetVPNGatewayResult { * }); * ``` */ -export function getVPNGatewayOutput(args: GetVPNGatewayOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getVPNGatewayOutput(args: GetVPNGatewayOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getVPNGateway:getVPNGateway", { "name": args.name, diff --git a/sdk/nodejs/compute/getZones.ts b/sdk/nodejs/compute/getZones.ts index d3bf363c6f..4c2f770ca5 100644 --- a/sdk/nodejs/compute/getZones.ts +++ b/sdk/nodejs/compute/getZones.ts @@ -57,7 +57,7 @@ export interface GetZonesResult { * Provides access to available Google Compute zones in a region for a given project. * See more about [regions and zones](https://cloud.google.com/compute/docs/regions-zones/regions-zones) in the upstream docs. */ -export function getZonesOutput(args?: GetZonesOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getZonesOutput(args?: GetZonesOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/getZones:getZones", { diff --git a/sdk/nodejs/compute/routerStatus.ts b/sdk/nodejs/compute/routerStatus.ts index f001f1a530..2035df2f7f 100644 --- a/sdk/nodejs/compute/routerStatus.ts +++ b/sdk/nodejs/compute/routerStatus.ts @@ -101,7 +101,7 @@ export interface RouterStatusResult { * ``` */ /** @deprecated gcp.compute.RouterStatus has been deprecated in favor of gcp.compute.getRouterStatus */ -export function routerStatusOutput(args: RouterStatusOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function routerStatusOutput(args: RouterStatusOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { pulumi.log.warn("routerStatus is deprecated: gcp.compute.RouterStatus has been deprecated in favor of gcp.compute.getRouterStatus") opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:compute/routerStatus:RouterStatus", { diff --git a/sdk/nodejs/container/getAttachedInstallManifest.ts b/sdk/nodejs/container/getAttachedInstallManifest.ts index 817517e3a5..2c27e500aa 100644 --- a/sdk/nodejs/container/getAttachedInstallManifest.ts +++ b/sdk/nodejs/container/getAttachedInstallManifest.ts @@ -90,7 +90,7 @@ export interface GetAttachedInstallManifestResult { * export const installManifest = manifest; * ``` */ -export function getAttachedInstallManifestOutput(args: GetAttachedInstallManifestOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAttachedInstallManifestOutput(args: GetAttachedInstallManifestOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:container/getAttachedInstallManifest:getAttachedInstallManifest", { "clusterId": args.clusterId, diff --git a/sdk/nodejs/container/getAttachedVersions.ts b/sdk/nodejs/container/getAttachedVersions.ts index 238d97b645..5b3f8c3ec1 100644 --- a/sdk/nodejs/container/getAttachedVersions.ts +++ b/sdk/nodejs/container/getAttachedVersions.ts @@ -74,7 +74,7 @@ export interface GetAttachedVersionsResult { * export const firstAvailableVersion = versions.validVersions[0]; * ``` */ -export function getAttachedVersionsOutput(args: GetAttachedVersionsOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAttachedVersionsOutput(args: GetAttachedVersionsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:container/getAttachedVersions:getAttachedVersions", { "location": args.location, diff --git a/sdk/nodejs/container/getAwsVersions.ts b/sdk/nodejs/container/getAwsVersions.ts index 300300158f..5f23fa16a3 100644 --- a/sdk/nodejs/container/getAwsVersions.ts +++ b/sdk/nodejs/container/getAwsVersions.ts @@ -79,7 +79,7 @@ export interface GetAwsVersionsResult { * export const firstAvailableVersion = versions.validVersions[0]; * ``` */ -export function getAwsVersionsOutput(args?: GetAwsVersionsOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAwsVersionsOutput(args?: GetAwsVersionsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:container/getAwsVersions:getAwsVersions", { diff --git a/sdk/nodejs/container/getAzureVersions.ts b/sdk/nodejs/container/getAzureVersions.ts index e2c8ef0fc1..7f8bae84d4 100644 --- a/sdk/nodejs/container/getAzureVersions.ts +++ b/sdk/nodejs/container/getAzureVersions.ts @@ -79,7 +79,7 @@ export interface GetAzureVersionsResult { * export const firstAvailableVersion = versions.validVersions[0]; * ``` */ -export function getAzureVersionsOutput(args?: GetAzureVersionsOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAzureVersionsOutput(args?: GetAzureVersionsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:container/getAzureVersions:getAzureVersions", { diff --git a/sdk/nodejs/container/getCluster.ts b/sdk/nodejs/container/getCluster.ts index a2ded722b3..9d83b4beae 100644 --- a/sdk/nodejs/container/getCluster.ts +++ b/sdk/nodejs/container/getCluster.ts @@ -164,7 +164,7 @@ export interface GetClusterResult { * export const nodePools = myCluster.then(myCluster => myCluster.nodePools); * ``` */ -export function getClusterOutput(args: GetClusterOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getClusterOutput(args: GetClusterOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:container/getCluster:getCluster", { "location": args.location, diff --git a/sdk/nodejs/container/getEngineVersions.ts b/sdk/nodejs/container/getEngineVersions.ts index 5a39cdde73..22b789cad6 100644 --- a/sdk/nodejs/container/getEngineVersions.ts +++ b/sdk/nodejs/container/getEngineVersions.ts @@ -145,7 +145,7 @@ export interface GetEngineVersionsResult { * export const stableChannelLatestVersion = central1b.then(central1b => central1b.releaseChannelLatestVersion?.STABLE); * ``` */ -export function getEngineVersionsOutput(args?: GetEngineVersionsOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getEngineVersionsOutput(args?: GetEngineVersionsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:container/getEngineVersions:getEngineVersions", { diff --git a/sdk/nodejs/container/getRegistryImage.ts b/sdk/nodejs/container/getRegistryImage.ts index 642bba9fc6..67d80a0ff1 100644 --- a/sdk/nodejs/container/getRegistryImage.ts +++ b/sdk/nodejs/container/getRegistryImage.ts @@ -93,7 +93,7 @@ export interface GetRegistryImageResult { * export const gcrLocation = debian.then(debian => debian.imageUrl); * ``` */ -export function getRegistryImageOutput(args: GetRegistryImageOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getRegistryImageOutput(args: GetRegistryImageOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:container/getRegistryImage:getRegistryImage", { "digest": args.digest, diff --git a/sdk/nodejs/container/getRegistryRepository.ts b/sdk/nodejs/container/getRegistryRepository.ts index b3e31062bb..e94da3a1c2 100644 --- a/sdk/nodejs/container/getRegistryRepository.ts +++ b/sdk/nodejs/container/getRegistryRepository.ts @@ -72,7 +72,7 @@ export interface GetRegistryRepositoryResult { * export const gcrLocation = foo.then(foo => foo.repositoryUrl); * ``` */ -export function getRegistryRepositoryOutput(args?: GetRegistryRepositoryOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getRegistryRepositoryOutput(args?: GetRegistryRepositoryOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:container/getRegistryRepository:getRegistryRepository", { diff --git a/sdk/nodejs/containeranalysis/getNoteIamPolicy.ts b/sdk/nodejs/containeranalysis/getNoteIamPolicy.ts index 4b2444203f..41478f329f 100644 --- a/sdk/nodejs/containeranalysis/getNoteIamPolicy.ts +++ b/sdk/nodejs/containeranalysis/getNoteIamPolicy.ts @@ -77,7 +77,7 @@ export interface GetNoteIamPolicyResult { * }); * ``` */ -export function getNoteIamPolicyOutput(args: GetNoteIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getNoteIamPolicyOutput(args: GetNoteIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:containeranalysis/getNoteIamPolicy:getNoteIamPolicy", { "note": args.note, diff --git a/sdk/nodejs/datacatalog/getEntryGroupIamPolicy.ts b/sdk/nodejs/datacatalog/getEntryGroupIamPolicy.ts index 598b1c7602..e9aa074d4a 100644 --- a/sdk/nodejs/datacatalog/getEntryGroupIamPolicy.ts +++ b/sdk/nodejs/datacatalog/getEntryGroupIamPolicy.ts @@ -78,7 +78,7 @@ export interface GetEntryGroupIamPolicyResult { * }); * ``` */ -export function getEntryGroupIamPolicyOutput(args: GetEntryGroupIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getEntryGroupIamPolicyOutput(args: GetEntryGroupIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:datacatalog/getEntryGroupIamPolicy:getEntryGroupIamPolicy", { "entryGroup": args.entryGroup, diff --git a/sdk/nodejs/datacatalog/getPolicyTagIamPolicy.ts b/sdk/nodejs/datacatalog/getPolicyTagIamPolicy.ts index 384f82dffe..9bc8aaf78e 100644 --- a/sdk/nodejs/datacatalog/getPolicyTagIamPolicy.ts +++ b/sdk/nodejs/datacatalog/getPolicyTagIamPolicy.ts @@ -68,7 +68,7 @@ export interface GetPolicyTagIamPolicyResult { * }); * ``` */ -export function getPolicyTagIamPolicyOutput(args: GetPolicyTagIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getPolicyTagIamPolicyOutput(args: GetPolicyTagIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:datacatalog/getPolicyTagIamPolicy:getPolicyTagIamPolicy", { "policyTag": args.policyTag, diff --git a/sdk/nodejs/datacatalog/getTagTemplateIamPolicy.ts b/sdk/nodejs/datacatalog/getTagTemplateIamPolicy.ts index 78548b1a4e..62ccedde6e 100644 --- a/sdk/nodejs/datacatalog/getTagTemplateIamPolicy.ts +++ b/sdk/nodejs/datacatalog/getTagTemplateIamPolicy.ts @@ -78,7 +78,7 @@ export interface GetTagTemplateIamPolicyResult { * }); * ``` */ -export function getTagTemplateIamPolicyOutput(args: GetTagTemplateIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getTagTemplateIamPolicyOutput(args: GetTagTemplateIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:datacatalog/getTagTemplateIamPolicy:getTagTemplateIamPolicy", { "project": args.project, diff --git a/sdk/nodejs/datacatalog/getTaxonomyIamPolicy.ts b/sdk/nodejs/datacatalog/getTaxonomyIamPolicy.ts index f6b79a6286..0dcebf8694 100644 --- a/sdk/nodejs/datacatalog/getTaxonomyIamPolicy.ts +++ b/sdk/nodejs/datacatalog/getTaxonomyIamPolicy.ts @@ -78,7 +78,7 @@ export interface GetTaxonomyIamPolicyResult { * }); * ``` */ -export function getTaxonomyIamPolicyOutput(args: GetTaxonomyIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getTaxonomyIamPolicyOutput(args: GetTaxonomyIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:datacatalog/getTaxonomyIamPolicy:getTaxonomyIamPolicy", { "project": args.project, diff --git a/sdk/nodejs/dataform/getRepositoryIamPolicy.ts b/sdk/nodejs/dataform/getRepositoryIamPolicy.ts index 1dd0e68471..fb96acd2dd 100644 --- a/sdk/nodejs/dataform/getRepositoryIamPolicy.ts +++ b/sdk/nodejs/dataform/getRepositoryIamPolicy.ts @@ -55,7 +55,7 @@ export interface GetRepositoryIamPolicyResult { readonly region: string; readonly repository: string; } -export function getRepositoryIamPolicyOutput(args: GetRepositoryIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getRepositoryIamPolicyOutput(args: GetRepositoryIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:dataform/getRepositoryIamPolicy:getRepositoryIamPolicy", { "project": args.project, diff --git a/sdk/nodejs/datafusion/getInstanceIamPolicy.ts b/sdk/nodejs/datafusion/getInstanceIamPolicy.ts index 0e6ba1a9c8..0dd7662318 100644 --- a/sdk/nodejs/datafusion/getInstanceIamPolicy.ts +++ b/sdk/nodejs/datafusion/getInstanceIamPolicy.ts @@ -88,7 +88,7 @@ export interface GetInstanceIamPolicyResult { * }); * ``` */ -export function getInstanceIamPolicyOutput(args: GetInstanceIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getInstanceIamPolicyOutput(args: GetInstanceIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:datafusion/getInstanceIamPolicy:getInstanceIamPolicy", { "name": args.name, diff --git a/sdk/nodejs/dataplex/getAspectTypeIamPolicy.ts b/sdk/nodejs/dataplex/getAspectTypeIamPolicy.ts index 0d16128b23..2c7fd3cd65 100644 --- a/sdk/nodejs/dataplex/getAspectTypeIamPolicy.ts +++ b/sdk/nodejs/dataplex/getAspectTypeIamPolicy.ts @@ -85,7 +85,7 @@ export interface GetAspectTypeIamPolicyResult { * }); * ``` */ -export function getAspectTypeIamPolicyOutput(args: GetAspectTypeIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAspectTypeIamPolicyOutput(args: GetAspectTypeIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:dataplex/getAspectTypeIamPolicy:getAspectTypeIamPolicy", { "aspectTypeId": args.aspectTypeId, diff --git a/sdk/nodejs/dataplex/getAssetIamPolicy.ts b/sdk/nodejs/dataplex/getAssetIamPolicy.ts index 79f2c6457d..8cd303702b 100644 --- a/sdk/nodejs/dataplex/getAssetIamPolicy.ts +++ b/sdk/nodejs/dataplex/getAssetIamPolicy.ts @@ -92,7 +92,7 @@ export interface GetAssetIamPolicyResult { * }); * ``` */ -export function getAssetIamPolicyOutput(args: GetAssetIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAssetIamPolicyOutput(args: GetAssetIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:dataplex/getAssetIamPolicy:getAssetIamPolicy", { "asset": args.asset, diff --git a/sdk/nodejs/dataplex/getDatascanIamPolicy.ts b/sdk/nodejs/dataplex/getDatascanIamPolicy.ts index 404ea0fbba..71b3852d51 100644 --- a/sdk/nodejs/dataplex/getDatascanIamPolicy.ts +++ b/sdk/nodejs/dataplex/getDatascanIamPolicy.ts @@ -85,7 +85,7 @@ export interface GetDatascanIamPolicyResult { * }); * ``` */ -export function getDatascanIamPolicyOutput(args: GetDatascanIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getDatascanIamPolicyOutput(args: GetDatascanIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:dataplex/getDatascanIamPolicy:getDatascanIamPolicy", { "dataScanId": args.dataScanId, diff --git a/sdk/nodejs/dataplex/getEntryGroupIamPolicy.ts b/sdk/nodejs/dataplex/getEntryGroupIamPolicy.ts index 242d9b39a7..a7d4a06ef7 100644 --- a/sdk/nodejs/dataplex/getEntryGroupIamPolicy.ts +++ b/sdk/nodejs/dataplex/getEntryGroupIamPolicy.ts @@ -85,7 +85,7 @@ export interface GetEntryGroupIamPolicyResult { * }); * ``` */ -export function getEntryGroupIamPolicyOutput(args: GetEntryGroupIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getEntryGroupIamPolicyOutput(args: GetEntryGroupIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:dataplex/getEntryGroupIamPolicy:getEntryGroupIamPolicy", { "entryGroupId": args.entryGroupId, diff --git a/sdk/nodejs/dataplex/getEntryTypeIamPolicy.ts b/sdk/nodejs/dataplex/getEntryTypeIamPolicy.ts index 681062273a..8c0fcc21ac 100644 --- a/sdk/nodejs/dataplex/getEntryTypeIamPolicy.ts +++ b/sdk/nodejs/dataplex/getEntryTypeIamPolicy.ts @@ -85,7 +85,7 @@ export interface GetEntryTypeIamPolicyResult { * }); * ``` */ -export function getEntryTypeIamPolicyOutput(args: GetEntryTypeIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getEntryTypeIamPolicyOutput(args: GetEntryTypeIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:dataplex/getEntryTypeIamPolicy:getEntryTypeIamPolicy", { "entryTypeId": args.entryTypeId, diff --git a/sdk/nodejs/dataplex/getLakeIamPolicy.ts b/sdk/nodejs/dataplex/getLakeIamPolicy.ts index 3ad277e2d1..e34bb255b4 100644 --- a/sdk/nodejs/dataplex/getLakeIamPolicy.ts +++ b/sdk/nodejs/dataplex/getLakeIamPolicy.ts @@ -82,7 +82,7 @@ export interface GetLakeIamPolicyResult { * }); * ``` */ -export function getLakeIamPolicyOutput(args: GetLakeIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getLakeIamPolicyOutput(args: GetLakeIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:dataplex/getLakeIamPolicy:getLakeIamPolicy", { "lake": args.lake, diff --git a/sdk/nodejs/dataplex/getTaskIamPolicy.ts b/sdk/nodejs/dataplex/getTaskIamPolicy.ts index bcd0465788..86ee7a8ae3 100644 --- a/sdk/nodejs/dataplex/getTaskIamPolicy.ts +++ b/sdk/nodejs/dataplex/getTaskIamPolicy.ts @@ -94,7 +94,7 @@ export interface GetTaskIamPolicyResult { * }); * ``` */ -export function getTaskIamPolicyOutput(args: GetTaskIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getTaskIamPolicyOutput(args: GetTaskIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:dataplex/getTaskIamPolicy:getTaskIamPolicy", { "lake": args.lake, diff --git a/sdk/nodejs/dataplex/getZoneIamPolicy.ts b/sdk/nodejs/dataplex/getZoneIamPolicy.ts index 54ea4daaeb..29bb9b5292 100644 --- a/sdk/nodejs/dataplex/getZoneIamPolicy.ts +++ b/sdk/nodejs/dataplex/getZoneIamPolicy.ts @@ -87,7 +87,7 @@ export interface GetZoneIamPolicyResult { * }); * ``` */ -export function getZoneIamPolicyOutput(args: GetZoneIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getZoneIamPolicyOutput(args: GetZoneIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:dataplex/getZoneIamPolicy:getZoneIamPolicy", { "dataplexZone": args.dataplexZone, diff --git a/sdk/nodejs/dataproc/getAutoscalingPolicyIamPolicy.ts b/sdk/nodejs/dataproc/getAutoscalingPolicyIamPolicy.ts index 2951ccec6f..c304df9aa2 100644 --- a/sdk/nodejs/dataproc/getAutoscalingPolicyIamPolicy.ts +++ b/sdk/nodejs/dataproc/getAutoscalingPolicyIamPolicy.ts @@ -92,7 +92,7 @@ export interface GetAutoscalingPolicyIamPolicyResult { * }); * ``` */ -export function getAutoscalingPolicyIamPolicyOutput(args: GetAutoscalingPolicyIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAutoscalingPolicyIamPolicyOutput(args: GetAutoscalingPolicyIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:dataproc/getAutoscalingPolicyIamPolicy:getAutoscalingPolicyIamPolicy", { "location": args.location, diff --git a/sdk/nodejs/dataproc/getClusterIamPolicy.ts b/sdk/nodejs/dataproc/getClusterIamPolicy.ts index cb1fe8405a..0b6ed6f9aa 100644 --- a/sdk/nodejs/dataproc/getClusterIamPolicy.ts +++ b/sdk/nodejs/dataproc/getClusterIamPolicy.ts @@ -75,7 +75,7 @@ export interface GetClusterIamPolicyResult { * }); * ``` */ -export function getClusterIamPolicyOutput(args: GetClusterIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getClusterIamPolicyOutput(args: GetClusterIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:dataproc/getClusterIamPolicy:getClusterIamPolicy", { "cluster": args.cluster, diff --git a/sdk/nodejs/dataproc/getJobIamPolicy.ts b/sdk/nodejs/dataproc/getJobIamPolicy.ts index 5d82f8fcab..a7565494c6 100644 --- a/sdk/nodejs/dataproc/getJobIamPolicy.ts +++ b/sdk/nodejs/dataproc/getJobIamPolicy.ts @@ -75,7 +75,7 @@ export interface GetJobIamPolicyResult { * }); * ``` */ -export function getJobIamPolicyOutput(args: GetJobIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getJobIamPolicyOutput(args: GetJobIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:dataproc/getJobIamPolicy:getJobIamPolicy", { "jobId": args.jobId, diff --git a/sdk/nodejs/dataproc/getMetastoreFederationIamPolicy.ts b/sdk/nodejs/dataproc/getMetastoreFederationIamPolicy.ts index 0dc52a5bcf..260e9463b5 100644 --- a/sdk/nodejs/dataproc/getMetastoreFederationIamPolicy.ts +++ b/sdk/nodejs/dataproc/getMetastoreFederationIamPolicy.ts @@ -85,7 +85,7 @@ export interface GetMetastoreFederationIamPolicyResult { * }); * ``` */ -export function getMetastoreFederationIamPolicyOutput(args: GetMetastoreFederationIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getMetastoreFederationIamPolicyOutput(args: GetMetastoreFederationIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:dataproc/getMetastoreFederationIamPolicy:getMetastoreFederationIamPolicy", { "federationId": args.federationId, diff --git a/sdk/nodejs/dataproc/getMetastoreService.ts b/sdk/nodejs/dataproc/getMetastoreService.ts index 7612d7d96d..30c1ebe69d 100644 --- a/sdk/nodejs/dataproc/getMetastoreService.ts +++ b/sdk/nodejs/dataproc/getMetastoreService.ts @@ -101,7 +101,7 @@ export interface GetMetastoreServiceResult { * }); * ``` */ -export function getMetastoreServiceOutput(args: GetMetastoreServiceOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getMetastoreServiceOutput(args: GetMetastoreServiceOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:dataproc/getMetastoreService:getMetastoreService", { "location": args.location, diff --git a/sdk/nodejs/dataproc/getMetastoreServiceIamPolicy.ts b/sdk/nodejs/dataproc/getMetastoreServiceIamPolicy.ts index 89ab6d3b7b..b19cd6deb9 100644 --- a/sdk/nodejs/dataproc/getMetastoreServiceIamPolicy.ts +++ b/sdk/nodejs/dataproc/getMetastoreServiceIamPolicy.ts @@ -86,7 +86,7 @@ export interface GetMetastoreServiceIamPolicyResult { * }); * ``` */ -export function getMetastoreServiceIamPolicyOutput(args: GetMetastoreServiceIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getMetastoreServiceIamPolicyOutput(args: GetMetastoreServiceIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:dataproc/getMetastoreServiceIamPolicy:getMetastoreServiceIamPolicy", { "location": args.location, diff --git a/sdk/nodejs/datastream/getStaticIps.ts b/sdk/nodejs/datastream/getStaticIps.ts index 7855af5e1c..de7dd423b4 100644 --- a/sdk/nodejs/datastream/getStaticIps.ts +++ b/sdk/nodejs/datastream/getStaticIps.ts @@ -75,7 +75,7 @@ export interface GetStaticIpsResult { * export const ipList = datastreamIps.then(datastreamIps => datastreamIps.staticIps); * ``` */ -export function getStaticIpsOutput(args: GetStaticIpsOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getStaticIpsOutput(args: GetStaticIpsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:datastream/getStaticIps:getStaticIps", { "location": args.location, diff --git a/sdk/nodejs/dns/getKeys.ts b/sdk/nodejs/dns/getKeys.ts index afa484e801..c0664e11f2 100644 --- a/sdk/nodejs/dns/getKeys.ts +++ b/sdk/nodejs/dns/getKeys.ts @@ -111,7 +111,7 @@ export interface GetKeysResult { * export const fooDnsDsRecord = fooDnsKeys.apply(fooDnsKeys => fooDnsKeys.keySigningKeys?.[0]?.dsRecord); * ``` */ -export function getKeysOutput(args: GetKeysOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getKeysOutput(args: GetKeysOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:dns/getKeys:getKeys", { "managedZone": args.managedZone, diff --git a/sdk/nodejs/dns/getManagedZone.ts b/sdk/nodejs/dns/getManagedZone.ts index eab5829969..55fb4486e0 100644 --- a/sdk/nodejs/dns/getManagedZone.ts +++ b/sdk/nodejs/dns/getManagedZone.ts @@ -100,7 +100,7 @@ export interface GetManagedZoneResult { * }); * ``` */ -export function getManagedZoneOutput(args: GetManagedZoneOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getManagedZoneOutput(args: GetManagedZoneOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:dns/getManagedZone:getManagedZone", { "name": args.name, diff --git a/sdk/nodejs/dns/getManagedZoneIamPolicy.ts b/sdk/nodejs/dns/getManagedZoneIamPolicy.ts index 644f07f261..c86f0d22a2 100644 --- a/sdk/nodejs/dns/getManagedZoneIamPolicy.ts +++ b/sdk/nodejs/dns/getManagedZoneIamPolicy.ts @@ -77,7 +77,7 @@ export interface GetManagedZoneIamPolicyResult { * }); * ``` */ -export function getManagedZoneIamPolicyOutput(args: GetManagedZoneIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getManagedZoneIamPolicyOutput(args: GetManagedZoneIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:dns/getManagedZoneIamPolicy:getManagedZoneIamPolicy", { "managedZone": args.managedZone, diff --git a/sdk/nodejs/dns/getManagedZones.ts b/sdk/nodejs/dns/getManagedZones.ts index 26a746f481..0e8f075a29 100644 --- a/sdk/nodejs/dns/getManagedZones.ts +++ b/sdk/nodejs/dns/getManagedZones.ts @@ -67,7 +67,7 @@ export interface GetManagedZonesResult { * }); * ``` */ -export function getManagedZonesOutput(args?: GetManagedZonesOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getManagedZonesOutput(args?: GetManagedZonesOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:dns/getManagedZones:getManagedZones", { diff --git a/sdk/nodejs/dns/getRecordSet.ts b/sdk/nodejs/dns/getRecordSet.ts index 481776f0bc..5adfad1d1b 100644 --- a/sdk/nodejs/dns/getRecordSet.ts +++ b/sdk/nodejs/dns/getRecordSet.ts @@ -103,7 +103,7 @@ export interface GetRecordSetResult { * })); * ``` */ -export function getRecordSetOutput(args: GetRecordSetOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getRecordSetOutput(args: GetRecordSetOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:dns/getRecordSet:getRecordSet", { "managedZone": args.managedZone, diff --git a/sdk/nodejs/endpoints/getServiceConsumersIamPolicy.ts b/sdk/nodejs/endpoints/getServiceConsumersIamPolicy.ts index a2c1c97f12..0e5076c3e4 100644 --- a/sdk/nodejs/endpoints/getServiceConsumersIamPolicy.ts +++ b/sdk/nodejs/endpoints/getServiceConsumersIamPolicy.ts @@ -46,7 +46,7 @@ export interface GetServiceConsumersIamPolicyResult { /** * Retrieves the current IAM policy data for serviceconsumers */ -export function getServiceConsumersIamPolicyOutput(args: GetServiceConsumersIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getServiceConsumersIamPolicyOutput(args: GetServiceConsumersIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:endpoints/getServiceConsumersIamPolicy:getServiceConsumersIamPolicy", { "consumerProject": args.consumerProject, diff --git a/sdk/nodejs/endpoints/getServiceIamPolicy.ts b/sdk/nodejs/endpoints/getServiceIamPolicy.ts index cc9f7d5075..ab02280d30 100644 --- a/sdk/nodejs/endpoints/getServiceIamPolicy.ts +++ b/sdk/nodejs/endpoints/getServiceIamPolicy.ts @@ -65,7 +65,7 @@ export interface GetServiceIamPolicyResult { * }); * ``` */ -export function getServiceIamPolicyOutput(args: GetServiceIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getServiceIamPolicyOutput(args: GetServiceIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:endpoints/getServiceIamPolicy:getServiceIamPolicy", { "serviceName": args.serviceName, diff --git a/sdk/nodejs/filestore/getInstance.ts b/sdk/nodejs/filestore/getInstance.ts index d391a781d2..2f201129cb 100644 --- a/sdk/nodejs/filestore/getInstance.ts +++ b/sdk/nodejs/filestore/getInstance.ts @@ -99,7 +99,7 @@ export interface GetInstanceResult { * export const instanceFileShareName = myInstance.then(myInstance => myInstance.fileShares?.name); * ``` */ -export function getInstanceOutput(args: GetInstanceOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getInstanceOutput(args: GetInstanceOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:filestore/getInstance:getInstance", { "location": args.location, diff --git a/sdk/nodejs/firebase/getAndroidApp.ts b/sdk/nodejs/firebase/getAndroidApp.ts index 3ae3d70969..9d19c60bd8 100644 --- a/sdk/nodejs/firebase/getAndroidApp.ts +++ b/sdk/nodejs/firebase/getAndroidApp.ts @@ -73,7 +73,7 @@ export interface GetAndroidAppResult { */ readonly sha256Hashes: string[]; } -export function getAndroidAppOutput(args: GetAndroidAppOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAndroidAppOutput(args: GetAndroidAppOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:firebase/getAndroidApp:getAndroidApp", { "appId": args.appId, diff --git a/sdk/nodejs/firebase/getAndroidAppConfig.ts b/sdk/nodejs/firebase/getAndroidAppConfig.ts index 13dd733591..e2a7e3e179 100644 --- a/sdk/nodejs/firebase/getAndroidAppConfig.ts +++ b/sdk/nodejs/firebase/getAndroidAppConfig.ts @@ -30,7 +30,7 @@ export interface GetAndroidAppConfigResult { readonly id: string; readonly project?: string; } -export function getAndroidAppConfigOutput(args: GetAndroidAppConfigOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAndroidAppConfigOutput(args: GetAndroidAppConfigOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:firebase/getAndroidAppConfig:getAndroidAppConfig", { "appId": args.appId, diff --git a/sdk/nodejs/firebase/getAppleApp.ts b/sdk/nodejs/firebase/getAppleApp.ts index 870151586d..d810059e8e 100644 --- a/sdk/nodejs/firebase/getAppleApp.ts +++ b/sdk/nodejs/firebase/getAppleApp.ts @@ -68,7 +68,7 @@ export interface GetAppleAppResult { */ readonly teamId: string; } -export function getAppleAppOutput(args: GetAppleAppOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAppleAppOutput(args: GetAppleAppOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:firebase/getAppleApp:getAppleApp", { "appId": args.appId, diff --git a/sdk/nodejs/firebase/getAppleAppConfig.ts b/sdk/nodejs/firebase/getAppleAppConfig.ts index 2928948981..4989f6e212 100644 --- a/sdk/nodejs/firebase/getAppleAppConfig.ts +++ b/sdk/nodejs/firebase/getAppleAppConfig.ts @@ -45,7 +45,7 @@ export interface GetAppleAppConfigResult { readonly id: string; readonly project?: string; } -export function getAppleAppConfigOutput(args: GetAppleAppConfigOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAppleAppConfigOutput(args: GetAppleAppConfigOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:firebase/getAppleAppConfig:getAppleAppConfig", { "appId": args.appId, diff --git a/sdk/nodejs/firebase/getHostingChannel.ts b/sdk/nodejs/firebase/getHostingChannel.ts index 4c626e2340..463e342b51 100644 --- a/sdk/nodejs/firebase/getHostingChannel.ts +++ b/sdk/nodejs/firebase/getHostingChannel.ts @@ -47,7 +47,7 @@ export interface GetHostingChannelResult { readonly siteId: string; readonly ttl: string; } -export function getHostingChannelOutput(args: GetHostingChannelOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getHostingChannelOutput(args: GetHostingChannelOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:firebase/getHostingChannel:getHostingChannel", { "channelId": args.channelId, diff --git a/sdk/nodejs/firebase/getWebApp.ts b/sdk/nodejs/firebase/getWebApp.ts index 601ad74a75..c9eb2d361b 100644 --- a/sdk/nodejs/firebase/getWebApp.ts +++ b/sdk/nodejs/firebase/getWebApp.ts @@ -60,7 +60,7 @@ export interface GetWebAppResult { /** * A Google Cloud Firebase web application instance */ -export function getWebAppOutput(args: GetWebAppOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getWebAppOutput(args: GetWebAppOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:firebase/getWebApp:getWebApp", { "appId": args.appId, diff --git a/sdk/nodejs/firebase/getWebAppConfig.ts b/sdk/nodejs/firebase/getWebAppConfig.ts index bd213f2009..c014978639 100644 --- a/sdk/nodejs/firebase/getWebAppConfig.ts +++ b/sdk/nodejs/firebase/getWebAppConfig.ts @@ -92,7 +92,7 @@ export interface GetWebAppConfigResult { * * How-to Guides * * [Official Documentation](https://firebase.google.com/) */ -export function getWebAppConfigOutput(args: GetWebAppConfigOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getWebAppConfigOutput(args: GetWebAppConfigOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:firebase/getWebAppConfig:getWebAppConfig", { "project": args.project, diff --git a/sdk/nodejs/folder/getIamPolicy.ts b/sdk/nodejs/folder/getIamPolicy.ts index 52a580701e..dd9efb892d 100644 --- a/sdk/nodejs/folder/getIamPolicy.ts +++ b/sdk/nodejs/folder/getIamPolicy.ts @@ -67,7 +67,7 @@ export interface GetIamPolicyResult { * }); * ``` */ -export function getIamPolicyOutput(args: GetIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getIamPolicyOutput(args: GetIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:folder/getIamPolicy:getIamPolicy", { "folder": args.folder, diff --git a/sdk/nodejs/folder/getOrganizationPolicy.ts b/sdk/nodejs/folder/getOrganizationPolicy.ts index b02a129626..fc1a180080 100644 --- a/sdk/nodejs/folder/getOrganizationPolicy.ts +++ b/sdk/nodejs/folder/getOrganizationPolicy.ts @@ -81,7 +81,7 @@ export interface GetOrganizationPolicyResult { * export const version = policy.then(policy => policy.version); * ``` */ -export function getOrganizationPolicyOutput(args: GetOrganizationPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getOrganizationPolicyOutput(args: GetOrganizationPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:folder/getOrganizationPolicy:getOrganizationPolicy", { "constraint": args.constraint, diff --git a/sdk/nodejs/gkebackup/getBackupPlanIamPolicy.ts b/sdk/nodejs/gkebackup/getBackupPlanIamPolicy.ts index 80a0641c82..dfba3a3d30 100644 --- a/sdk/nodejs/gkebackup/getBackupPlanIamPolicy.ts +++ b/sdk/nodejs/gkebackup/getBackupPlanIamPolicy.ts @@ -88,7 +88,7 @@ export interface GetBackupPlanIamPolicyResult { * }); * ``` */ -export function getBackupPlanIamPolicyOutput(args: GetBackupPlanIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getBackupPlanIamPolicyOutput(args: GetBackupPlanIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:gkebackup/getBackupPlanIamPolicy:getBackupPlanIamPolicy", { "location": args.location, diff --git a/sdk/nodejs/gkebackup/getRestorePlanIamPolicy.ts b/sdk/nodejs/gkebackup/getRestorePlanIamPolicy.ts index 15bb74a4f7..1e73b96858 100644 --- a/sdk/nodejs/gkebackup/getRestorePlanIamPolicy.ts +++ b/sdk/nodejs/gkebackup/getRestorePlanIamPolicy.ts @@ -88,7 +88,7 @@ export interface GetRestorePlanIamPolicyResult { * }); * ``` */ -export function getRestorePlanIamPolicyOutput(args: GetRestorePlanIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getRestorePlanIamPolicyOutput(args: GetRestorePlanIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:gkebackup/getRestorePlanIamPolicy:getRestorePlanIamPolicy", { "location": args.location, diff --git a/sdk/nodejs/gkehub/getFeatureIamPolicy.ts b/sdk/nodejs/gkehub/getFeatureIamPolicy.ts index f500c5fcaf..f22046c6e8 100644 --- a/sdk/nodejs/gkehub/getFeatureIamPolicy.ts +++ b/sdk/nodejs/gkehub/getFeatureIamPolicy.ts @@ -87,7 +87,7 @@ export interface GetFeatureIamPolicyResult { * }); * ``` */ -export function getFeatureIamPolicyOutput(args: GetFeatureIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getFeatureIamPolicyOutput(args: GetFeatureIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:gkehub/getFeatureIamPolicy:getFeatureIamPolicy", { "location": args.location, diff --git a/sdk/nodejs/gkehub/getMembershipBinding.ts b/sdk/nodejs/gkehub/getMembershipBinding.ts index a532305ed5..43ff4ef933 100644 --- a/sdk/nodejs/gkehub/getMembershipBinding.ts +++ b/sdk/nodejs/gkehub/getMembershipBinding.ts @@ -49,7 +49,7 @@ export interface GetMembershipBindingResult { readonly uid: string; readonly updateTime: string; } -export function getMembershipBindingOutput(args: GetMembershipBindingOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getMembershipBindingOutput(args: GetMembershipBindingOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:gkehub/getMembershipBinding:getMembershipBinding", { "location": args.location, diff --git a/sdk/nodejs/gkehub/getMembershipIamPolicy.ts b/sdk/nodejs/gkehub/getMembershipIamPolicy.ts index 926ecef8da..def84e2485 100644 --- a/sdk/nodejs/gkehub/getMembershipIamPolicy.ts +++ b/sdk/nodejs/gkehub/getMembershipIamPolicy.ts @@ -86,7 +86,7 @@ export interface GetMembershipIamPolicyResult { * }); * ``` */ -export function getMembershipIamPolicyOutput(args: GetMembershipIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getMembershipIamPolicyOutput(args: GetMembershipIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:gkehub/getMembershipIamPolicy:getMembershipIamPolicy", { "location": args.location, diff --git a/sdk/nodejs/gkehub/getScopeIamPolicy.ts b/sdk/nodejs/gkehub/getScopeIamPolicy.ts index d983fae44b..c667b20981 100644 --- a/sdk/nodejs/gkehub/getScopeIamPolicy.ts +++ b/sdk/nodejs/gkehub/getScopeIamPolicy.ts @@ -74,7 +74,7 @@ export interface GetScopeIamPolicyResult { * }); * ``` */ -export function getScopeIamPolicyOutput(args: GetScopeIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getScopeIamPolicyOutput(args: GetScopeIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:gkehub/getScopeIamPolicy:getScopeIamPolicy", { "project": args.project, diff --git a/sdk/nodejs/healthcare/getConsentStoreIamPolicy.ts b/sdk/nodejs/healthcare/getConsentStoreIamPolicy.ts index e38f6dd71a..14bbf8b46c 100644 --- a/sdk/nodejs/healthcare/getConsentStoreIamPolicy.ts +++ b/sdk/nodejs/healthcare/getConsentStoreIamPolicy.ts @@ -78,7 +78,7 @@ export interface GetConsentStoreIamPolicyResult { * }); * ``` */ -export function getConsentStoreIamPolicyOutput(args: GetConsentStoreIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getConsentStoreIamPolicyOutput(args: GetConsentStoreIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:healthcare/getConsentStoreIamPolicy:getConsentStoreIamPolicy", { "consentStoreId": args.consentStoreId, diff --git a/sdk/nodejs/healthcare/getDatasetIamPolicy.ts b/sdk/nodejs/healthcare/getDatasetIamPolicy.ts index 0066dc0dd6..680e3b0932 100644 --- a/sdk/nodejs/healthcare/getDatasetIamPolicy.ts +++ b/sdk/nodejs/healthcare/getDatasetIamPolicy.ts @@ -70,7 +70,7 @@ export interface GetDatasetIamPolicyResult { * }); * ``` */ -export function getDatasetIamPolicyOutput(args: GetDatasetIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getDatasetIamPolicyOutput(args: GetDatasetIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:healthcare/getDatasetIamPolicy:getDatasetIamPolicy", { "datasetId": args.datasetId, diff --git a/sdk/nodejs/healthcare/getDicomStoreIamPolicy.ts b/sdk/nodejs/healthcare/getDicomStoreIamPolicy.ts index 8bb297a788..c42a97cd62 100644 --- a/sdk/nodejs/healthcare/getDicomStoreIamPolicy.ts +++ b/sdk/nodejs/healthcare/getDicomStoreIamPolicy.ts @@ -70,7 +70,7 @@ export interface GetDicomStoreIamPolicyResult { * }); * ``` */ -export function getDicomStoreIamPolicyOutput(args: GetDicomStoreIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getDicomStoreIamPolicyOutput(args: GetDicomStoreIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:healthcare/getDicomStoreIamPolicy:getDicomStoreIamPolicy", { "dicomStoreId": args.dicomStoreId, diff --git a/sdk/nodejs/healthcare/getFhirStoreIamPolicy.ts b/sdk/nodejs/healthcare/getFhirStoreIamPolicy.ts index c05b6321cb..1b21d1b0f3 100644 --- a/sdk/nodejs/healthcare/getFhirStoreIamPolicy.ts +++ b/sdk/nodejs/healthcare/getFhirStoreIamPolicy.ts @@ -70,7 +70,7 @@ export interface GetFhirStoreIamPolicyResult { * }); * ``` */ -export function getFhirStoreIamPolicyOutput(args: GetFhirStoreIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getFhirStoreIamPolicyOutput(args: GetFhirStoreIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:healthcare/getFhirStoreIamPolicy:getFhirStoreIamPolicy", { "fhirStoreId": args.fhirStoreId, diff --git a/sdk/nodejs/healthcare/getHl7V2StoreIamPolicy.ts b/sdk/nodejs/healthcare/getHl7V2StoreIamPolicy.ts index bbc996d79e..9c2dda8b82 100644 --- a/sdk/nodejs/healthcare/getHl7V2StoreIamPolicy.ts +++ b/sdk/nodejs/healthcare/getHl7V2StoreIamPolicy.ts @@ -70,7 +70,7 @@ export interface GetHl7V2StoreIamPolicyResult { * }); * ``` */ -export function getHl7V2StoreIamPolicyOutput(args: GetHl7V2StoreIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getHl7V2StoreIamPolicyOutput(args: GetHl7V2StoreIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:healthcare/getHl7V2StoreIamPolicy:getHl7V2StoreIamPolicy", { "hl7V2StoreId": args.hl7V2StoreId, diff --git a/sdk/nodejs/iam/getRule.ts b/sdk/nodejs/iam/getRule.ts index ce984d33cb..9bd63ea0e6 100644 --- a/sdk/nodejs/iam/getRule.ts +++ b/sdk/nodejs/iam/getRule.ts @@ -69,7 +69,7 @@ export interface GetRuleResult { * export const theRolePermissions = roleinfo.then(roleinfo => roleinfo.includedPermissions); * ``` */ -export function getRuleOutput(args: GetRuleOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getRuleOutput(args: GetRuleOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:iam/getRule:getRule", { "name": args.name, diff --git a/sdk/nodejs/iam/getTestablePermissions.ts b/sdk/nodejs/iam/getTestablePermissions.ts index 2c3241e4ba..e1fccb63a7 100644 --- a/sdk/nodejs/iam/getTestablePermissions.ts +++ b/sdk/nodejs/iam/getTestablePermissions.ts @@ -92,7 +92,7 @@ export interface GetTestablePermissionsResult { * }); * ``` */ -export function getTestablePermissionsOutput(args: GetTestablePermissionsOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getTestablePermissionsOutput(args: GetTestablePermissionsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:iam/getTestablePermissions:getTestablePermissions", { "customSupportLevel": args.customSupportLevel, diff --git a/sdk/nodejs/iam/getWorkloadIdentityPool.ts b/sdk/nodejs/iam/getWorkloadIdentityPool.ts index a94aafb6f3..96933ae650 100644 --- a/sdk/nodejs/iam/getWorkloadIdentityPool.ts +++ b/sdk/nodejs/iam/getWorkloadIdentityPool.ts @@ -74,7 +74,7 @@ export interface GetWorkloadIdentityPoolResult { * }); * ``` */ -export function getWorkloadIdentityPoolOutput(args: GetWorkloadIdentityPoolOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getWorkloadIdentityPoolOutput(args: GetWorkloadIdentityPoolOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:iam/getWorkloadIdentityPool:getWorkloadIdentityPool", { "project": args.project, diff --git a/sdk/nodejs/iam/getWorkloadIdentityPoolProvider.ts b/sdk/nodejs/iam/getWorkloadIdentityPoolProvider.ts index c5b220e274..4df595a3d4 100644 --- a/sdk/nodejs/iam/getWorkloadIdentityPoolProvider.ts +++ b/sdk/nodejs/iam/getWorkloadIdentityPoolProvider.ts @@ -91,7 +91,7 @@ export interface GetWorkloadIdentityPoolProviderResult { * }); * ``` */ -export function getWorkloadIdentityPoolProviderOutput(args: GetWorkloadIdentityPoolProviderOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getWorkloadIdentityPoolProviderOutput(args: GetWorkloadIdentityPoolProviderOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:iam/getWorkloadIdentityPoolProvider:getWorkloadIdentityPoolProvider", { "project": args.project, diff --git a/sdk/nodejs/iap/getAppEngineServiceIamPolicy.ts b/sdk/nodejs/iap/getAppEngineServiceIamPolicy.ts index edcc2837fd..938c117b56 100644 --- a/sdk/nodejs/iap/getAppEngineServiceIamPolicy.ts +++ b/sdk/nodejs/iap/getAppEngineServiceIamPolicy.ts @@ -85,7 +85,7 @@ export interface GetAppEngineServiceIamPolicyResult { * }); * ``` */ -export function getAppEngineServiceIamPolicyOutput(args: GetAppEngineServiceIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAppEngineServiceIamPolicyOutput(args: GetAppEngineServiceIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:iap/getAppEngineServiceIamPolicy:getAppEngineServiceIamPolicy", { "appId": args.appId, diff --git a/sdk/nodejs/iap/getAppEngineVersionIamPolicy.ts b/sdk/nodejs/iap/getAppEngineVersionIamPolicy.ts index ea0e6a4c46..b06565bcb8 100644 --- a/sdk/nodejs/iap/getAppEngineVersionIamPolicy.ts +++ b/sdk/nodejs/iap/getAppEngineVersionIamPolicy.ts @@ -93,7 +93,7 @@ export interface GetAppEngineVersionIamPolicyResult { * }); * ``` */ -export function getAppEngineVersionIamPolicyOutput(args: GetAppEngineVersionIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAppEngineVersionIamPolicyOutput(args: GetAppEngineVersionIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:iap/getAppEngineVersionIamPolicy:getAppEngineVersionIamPolicy", { "appId": args.appId, diff --git a/sdk/nodejs/iap/getClient.ts b/sdk/nodejs/iap/getClient.ts index 8773112b32..108615da07 100644 --- a/sdk/nodejs/iap/getClient.ts +++ b/sdk/nodejs/iap/getClient.ts @@ -75,7 +75,7 @@ export interface GetClientResult { * })); * ``` */ -export function getClientOutput(args: GetClientOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getClientOutput(args: GetClientOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:iap/getClient:getClient", { "brand": args.brand, diff --git a/sdk/nodejs/iap/getTunnelDestGroupIamPolicy.ts b/sdk/nodejs/iap/getTunnelDestGroupIamPolicy.ts index 9011027741..c3f5986b2b 100644 --- a/sdk/nodejs/iap/getTunnelDestGroupIamPolicy.ts +++ b/sdk/nodejs/iap/getTunnelDestGroupIamPolicy.ts @@ -85,7 +85,7 @@ export interface GetTunnelDestGroupIamPolicyResult { * }); * ``` */ -export function getTunnelDestGroupIamPolicyOutput(args: GetTunnelDestGroupIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getTunnelDestGroupIamPolicyOutput(args: GetTunnelDestGroupIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:iap/getTunnelDestGroupIamPolicy:getTunnelDestGroupIamPolicy", { "destGroup": args.destGroup, diff --git a/sdk/nodejs/iap/getTunnelIamPolicy.ts b/sdk/nodejs/iap/getTunnelIamPolicy.ts index bb57730669..38d8598f5e 100644 --- a/sdk/nodejs/iap/getTunnelIamPolicy.ts +++ b/sdk/nodejs/iap/getTunnelIamPolicy.ts @@ -70,7 +70,7 @@ export interface GetTunnelIamPolicyResult { * }); * ``` */ -export function getTunnelIamPolicyOutput(args?: GetTunnelIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getTunnelIamPolicyOutput(args?: GetTunnelIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:iap/getTunnelIamPolicy:getTunnelIamPolicy", { diff --git a/sdk/nodejs/iap/getTunnelInstanceIamPolicy.ts b/sdk/nodejs/iap/getTunnelInstanceIamPolicy.ts index a0a987fcf9..001ed082ec 100644 --- a/sdk/nodejs/iap/getTunnelInstanceIamPolicy.ts +++ b/sdk/nodejs/iap/getTunnelInstanceIamPolicy.ts @@ -82,7 +82,7 @@ export interface GetTunnelInstanceIamPolicyResult { * }); * ``` */ -export function getTunnelInstanceIamPolicyOutput(args: GetTunnelInstanceIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getTunnelInstanceIamPolicyOutput(args: GetTunnelInstanceIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:iap/getTunnelInstanceIamPolicy:getTunnelInstanceIamPolicy", { "instance": args.instance, diff --git a/sdk/nodejs/iap/getWebBackendServiceIamPolicy.ts b/sdk/nodejs/iap/getWebBackendServiceIamPolicy.ts index 184102191c..386fb27a76 100644 --- a/sdk/nodejs/iap/getWebBackendServiceIamPolicy.ts +++ b/sdk/nodejs/iap/getWebBackendServiceIamPolicy.ts @@ -77,7 +77,7 @@ export interface GetWebBackendServiceIamPolicyResult { * }); * ``` */ -export function getWebBackendServiceIamPolicyOutput(args: GetWebBackendServiceIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getWebBackendServiceIamPolicyOutput(args: GetWebBackendServiceIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:iap/getWebBackendServiceIamPolicy:getWebBackendServiceIamPolicy", { "project": args.project, diff --git a/sdk/nodejs/iap/getWebIamPolicy.ts b/sdk/nodejs/iap/getWebIamPolicy.ts index 3b3a9331fb..eb5e2d478d 100644 --- a/sdk/nodejs/iap/getWebIamPolicy.ts +++ b/sdk/nodejs/iap/getWebIamPolicy.ts @@ -70,7 +70,7 @@ export interface GetWebIamPolicyResult { * }); * ``` */ -export function getWebIamPolicyOutput(args?: GetWebIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getWebIamPolicyOutput(args?: GetWebIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:iap/getWebIamPolicy:getWebIamPolicy", { diff --git a/sdk/nodejs/iap/getWebRegionBackendServiceIamPolicy.ts b/sdk/nodejs/iap/getWebRegionBackendServiceIamPolicy.ts index b8175aff3d..c253f3513d 100644 --- a/sdk/nodejs/iap/getWebRegionBackendServiceIamPolicy.ts +++ b/sdk/nodejs/iap/getWebRegionBackendServiceIamPolicy.ts @@ -82,7 +82,7 @@ export interface GetWebRegionBackendServiceIamPolicyResult { * }); * ``` */ -export function getWebRegionBackendServiceIamPolicyOutput(args: GetWebRegionBackendServiceIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getWebRegionBackendServiceIamPolicyOutput(args: GetWebRegionBackendServiceIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:iap/getWebRegionBackendServiceIamPolicy:getWebRegionBackendServiceIamPolicy", { "project": args.project, diff --git a/sdk/nodejs/iap/getWebTypeAppEngineIamPolicy.ts b/sdk/nodejs/iap/getWebTypeAppEngineIamPolicy.ts index 90a386925f..3cbbe71cb5 100644 --- a/sdk/nodejs/iap/getWebTypeAppEngineIamPolicy.ts +++ b/sdk/nodejs/iap/getWebTypeAppEngineIamPolicy.ts @@ -77,7 +77,7 @@ export interface GetWebTypeAppEngineIamPolicyResult { * }); * ``` */ -export function getWebTypeAppEngineIamPolicyOutput(args: GetWebTypeAppEngineIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getWebTypeAppEngineIamPolicyOutput(args: GetWebTypeAppEngineIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:iap/getWebTypeAppEngineIamPolicy:getWebTypeAppEngineIamPolicy", { "appId": args.appId, diff --git a/sdk/nodejs/iap/getWebTypeComputeIamPolicy.ts b/sdk/nodejs/iap/getWebTypeComputeIamPolicy.ts index babca20c66..29a9ddec39 100644 --- a/sdk/nodejs/iap/getWebTypeComputeIamPolicy.ts +++ b/sdk/nodejs/iap/getWebTypeComputeIamPolicy.ts @@ -70,7 +70,7 @@ export interface GetWebTypeComputeIamPolicyResult { * }); * ``` */ -export function getWebTypeComputeIamPolicyOutput(args?: GetWebTypeComputeIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getWebTypeComputeIamPolicyOutput(args?: GetWebTypeComputeIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:iap/getWebTypeComputeIamPolicy:getWebTypeComputeIamPolicy", { diff --git a/sdk/nodejs/kms/getCryptoKeyIamPolicy.ts b/sdk/nodejs/kms/getCryptoKeyIamPolicy.ts index f487a50319..fc2af7e7a3 100644 --- a/sdk/nodejs/kms/getCryptoKeyIamPolicy.ts +++ b/sdk/nodejs/kms/getCryptoKeyIamPolicy.ts @@ -67,7 +67,7 @@ export interface GetCryptoKeyIamPolicyResult { * }); * ``` */ -export function getCryptoKeyIamPolicyOutput(args: GetCryptoKeyIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getCryptoKeyIamPolicyOutput(args: GetCryptoKeyIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:kms/getCryptoKeyIamPolicy:getCryptoKeyIamPolicy", { "cryptoKeyId": args.cryptoKeyId, diff --git a/sdk/nodejs/kms/getCryptoKeyLatestVersion.ts b/sdk/nodejs/kms/getCryptoKeyLatestVersion.ts index 7c9bc4389d..b02c97fa4c 100644 --- a/sdk/nodejs/kms/getCryptoKeyLatestVersion.ts +++ b/sdk/nodejs/kms/getCryptoKeyLatestVersion.ts @@ -114,7 +114,7 @@ export interface GetCryptoKeyLatestVersionResult { * }); * ``` */ -export function getCryptoKeyLatestVersionOutput(args: GetCryptoKeyLatestVersionOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getCryptoKeyLatestVersionOutput(args: GetCryptoKeyLatestVersionOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:kms/getCryptoKeyLatestVersion:getCryptoKeyLatestVersion", { "cryptoKey": args.cryptoKey, diff --git a/sdk/nodejs/kms/getCryptoKeyVersions.ts b/sdk/nodejs/kms/getCryptoKeyVersions.ts index fb5f46cd08..e49f563039 100644 --- a/sdk/nodejs/kms/getCryptoKeyVersions.ts +++ b/sdk/nodejs/kms/getCryptoKeyVersions.ts @@ -102,7 +102,7 @@ export interface GetCryptoKeyVersionsResult { * }); * ``` */ -export function getCryptoKeyVersionsOutput(args: GetCryptoKeyVersionsOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getCryptoKeyVersionsOutput(args: GetCryptoKeyVersionsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:kms/getCryptoKeyVersions:getCryptoKeyVersions", { "cryptoKey": args.cryptoKey, diff --git a/sdk/nodejs/kms/getCryptoKeys.ts b/sdk/nodejs/kms/getCryptoKeys.ts index 8f0dd88009..c907c84ab6 100644 --- a/sdk/nodejs/kms/getCryptoKeys.ts +++ b/sdk/nodejs/kms/getCryptoKeys.ts @@ -68,7 +68,7 @@ export interface GetCryptoKeysResult { * A CryptoKey is an interface to key material which can be used to encrypt and decrypt data. A CryptoKey belongs to a * Google Cloud KMS KeyRing. */ -export function getCryptoKeysOutput(args: GetCryptoKeysOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getCryptoKeysOutput(args: GetCryptoKeysOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:kms/getCryptoKeys:getCryptoKeys", { "filter": args.filter, diff --git a/sdk/nodejs/kms/getEkmConnectionIamPolicy.ts b/sdk/nodejs/kms/getEkmConnectionIamPolicy.ts index 6356160fcb..a476c40a0d 100644 --- a/sdk/nodejs/kms/getEkmConnectionIamPolicy.ts +++ b/sdk/nodejs/kms/getEkmConnectionIamPolicy.ts @@ -89,7 +89,7 @@ export interface GetEkmConnectionIamPolicyResult { * }); * ``` */ -export function getEkmConnectionIamPolicyOutput(args: GetEkmConnectionIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getEkmConnectionIamPolicyOutput(args: GetEkmConnectionIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:kms/getEkmConnectionIamPolicy:getEkmConnectionIamPolicy", { "location": args.location, diff --git a/sdk/nodejs/kms/getKMSCryptoKey.ts b/sdk/nodejs/kms/getKMSCryptoKey.ts index 108ef1f86c..b9c4f46db4 100644 --- a/sdk/nodejs/kms/getKMSCryptoKey.ts +++ b/sdk/nodejs/kms/getKMSCryptoKey.ts @@ -110,7 +110,7 @@ export interface GetKMSCryptoKeyResult { * })); * ``` */ -export function getKMSCryptoKeyOutput(args: GetKMSCryptoKeyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getKMSCryptoKeyOutput(args: GetKMSCryptoKeyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:kms/getKMSCryptoKey:getKMSCryptoKey", { "keyRing": args.keyRing, diff --git a/sdk/nodejs/kms/getKMSCryptoKeyVersion.ts b/sdk/nodejs/kms/getKMSCryptoKeyVersion.ts index 141429a4f1..ccf86962a3 100644 --- a/sdk/nodejs/kms/getKMSCryptoKeyVersion.ts +++ b/sdk/nodejs/kms/getKMSCryptoKeyVersion.ts @@ -114,7 +114,7 @@ export interface GetKMSCryptoKeyVersionResult { * }); * ``` */ -export function getKMSCryptoKeyVersionOutput(args: GetKMSCryptoKeyVersionOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getKMSCryptoKeyVersionOutput(args: GetKMSCryptoKeyVersionOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:kms/getKMSCryptoKeyVersion:getKMSCryptoKeyVersion", { "cryptoKey": args.cryptoKey, diff --git a/sdk/nodejs/kms/getKMSKeyRing.ts b/sdk/nodejs/kms/getKMSKeyRing.ts index f080861d35..835823c6eb 100644 --- a/sdk/nodejs/kms/getKMSKeyRing.ts +++ b/sdk/nodejs/kms/getKMSKeyRing.ts @@ -90,7 +90,7 @@ export interface GetKMSKeyRingResult { * }); * ``` */ -export function getKMSKeyRingOutput(args: GetKMSKeyRingOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getKMSKeyRingOutput(args: GetKMSKeyRingOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:kms/getKMSKeyRing:getKMSKeyRing", { "location": args.location, diff --git a/sdk/nodejs/kms/getKMSSecret.ts b/sdk/nodejs/kms/getKMSSecret.ts index 5676a831d8..9270777ce9 100644 --- a/sdk/nodejs/kms/getKMSSecret.ts +++ b/sdk/nodejs/kms/getKMSSecret.ts @@ -175,7 +175,7 @@ export interface GetKMSSecretResult { * * This will result in a Cloud SQL user being created with password `my-secret-password`. */ -export function getKMSSecretOutput(args: GetKMSSecretOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getKMSSecretOutput(args: GetKMSSecretOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:kms/getKMSSecret:getKMSSecret", { "additionalAuthenticatedData": args.additionalAuthenticatedData, diff --git a/sdk/nodejs/kms/getKMSSecretAsymmetric.ts b/sdk/nodejs/kms/getKMSSecretAsymmetric.ts index be5aa6b579..e02772b4ac 100644 --- a/sdk/nodejs/kms/getKMSSecretAsymmetric.ts +++ b/sdk/nodejs/kms/getKMSSecretAsymmetric.ts @@ -194,7 +194,7 @@ export interface GetKMSSecretAsymmetricResult { * * This will result in a Cloud SQL user being created with password `my-secret-password`. */ -export function getKMSSecretAsymmetricOutput(args: GetKMSSecretAsymmetricOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getKMSSecretAsymmetricOutput(args: GetKMSSecretAsymmetricOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:kms/getKMSSecretAsymmetric:getKMSSecretAsymmetric", { "ciphertext": args.ciphertext, diff --git a/sdk/nodejs/kms/getKMSSecretCiphertext.ts b/sdk/nodejs/kms/getKMSSecretCiphertext.ts index ed5b7ac8a7..43f0a6b52e 100644 --- a/sdk/nodejs/kms/getKMSSecretCiphertext.ts +++ b/sdk/nodejs/kms/getKMSSecretCiphertext.ts @@ -173,7 +173,7 @@ export interface GetKMSSecretCiphertextResult { * The resulting instance can then access the encrypted password from its metadata * and decrypt it, e.g. using the [Cloud SDK](https://cloud.google.com/sdk/gcloud/reference/kms/decrypt)): */ -export function getKMSSecretCiphertextOutput(args: GetKMSSecretCiphertextOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getKMSSecretCiphertextOutput(args: GetKMSSecretCiphertextOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:kms/getKMSSecretCiphertext:getKMSSecretCiphertext", { "cryptoKey": args.cryptoKey, diff --git a/sdk/nodejs/kms/getKeyRingIamPolicy.ts b/sdk/nodejs/kms/getKeyRingIamPolicy.ts index ffd5c8dca0..652d21519e 100644 --- a/sdk/nodejs/kms/getKeyRingIamPolicy.ts +++ b/sdk/nodejs/kms/getKeyRingIamPolicy.ts @@ -70,7 +70,7 @@ export interface GetKeyRingIamPolicyResult { * }); * ``` */ -export function getKeyRingIamPolicyOutput(args: GetKeyRingIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getKeyRingIamPolicyOutput(args: GetKeyRingIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:kms/getKeyRingIamPolicy:getKeyRingIamPolicy", { "keyRingId": args.keyRingId, diff --git a/sdk/nodejs/kms/getKeyRings.ts b/sdk/nodejs/kms/getKeyRings.ts index 39643a9022..2ae8f2bd9a 100644 --- a/sdk/nodejs/kms/getKeyRings.ts +++ b/sdk/nodejs/kms/getKeyRings.ts @@ -37,7 +37,7 @@ export interface GetKeyRingsResult { readonly location: string; readonly project?: string; } -export function getKeyRingsOutput(args: GetKeyRingsOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getKeyRingsOutput(args: GetKeyRingsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:kms/getKeyRings:getKeyRings", { "filter": args.filter, diff --git a/sdk/nodejs/logging/getFolderSettings.ts b/sdk/nodejs/logging/getFolderSettings.ts index 89f667a2df..e6125bc1f6 100644 --- a/sdk/nodejs/logging/getFolderSettings.ts +++ b/sdk/nodejs/logging/getFolderSettings.ts @@ -103,7 +103,7 @@ export interface GetFolderSettingsResult { * }); * ``` */ -export function getFolderSettingsOutput(args: GetFolderSettingsOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getFolderSettingsOutput(args: GetFolderSettingsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:logging/getFolderSettings:getFolderSettings", { "folder": args.folder, diff --git a/sdk/nodejs/logging/getLogViewIamPolicy.ts b/sdk/nodejs/logging/getLogViewIamPolicy.ts index be9641f5b9..59dad91445 100644 --- a/sdk/nodejs/logging/getLogViewIamPolicy.ts +++ b/sdk/nodejs/logging/getLogViewIamPolicy.ts @@ -94,7 +94,7 @@ export interface GetLogViewIamPolicyResult { * }); * ``` */ -export function getLogViewIamPolicyOutput(args: GetLogViewIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getLogViewIamPolicyOutput(args: GetLogViewIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:logging/getLogViewIamPolicy:getLogViewIamPolicy", { "bucket": args.bucket, diff --git a/sdk/nodejs/logging/getOrganizationSettings.ts b/sdk/nodejs/logging/getOrganizationSettings.ts index 7eb6951c09..00d6c66655 100644 --- a/sdk/nodejs/logging/getOrganizationSettings.ts +++ b/sdk/nodejs/logging/getOrganizationSettings.ts @@ -103,7 +103,7 @@ export interface GetOrganizationSettingsResult { * }); * ``` */ -export function getOrganizationSettingsOutput(args: GetOrganizationSettingsOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getOrganizationSettingsOutput(args: GetOrganizationSettingsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:logging/getOrganizationSettings:getOrganizationSettings", { "organization": args.organization, diff --git a/sdk/nodejs/logging/getProjectCmekSettings.ts b/sdk/nodejs/logging/getProjectCmekSettings.ts index ba684be0cf..5ff0316ea5 100644 --- a/sdk/nodejs/logging/getProjectCmekSettings.ts +++ b/sdk/nodejs/logging/getProjectCmekSettings.ts @@ -111,7 +111,7 @@ export interface GetProjectCmekSettingsResult { * }); * ``` */ -export function getProjectCmekSettingsOutput(args: GetProjectCmekSettingsOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getProjectCmekSettingsOutput(args: GetProjectCmekSettingsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:logging/getProjectCmekSettings:getProjectCmekSettings", { "kmsKeyName": args.kmsKeyName, diff --git a/sdk/nodejs/logging/getProjectSettings.ts b/sdk/nodejs/logging/getProjectSettings.ts index 5f448b6640..d0bb50768e 100644 --- a/sdk/nodejs/logging/getProjectSettings.ts +++ b/sdk/nodejs/logging/getProjectSettings.ts @@ -103,7 +103,7 @@ export interface GetProjectSettingsResult { * }); * ``` */ -export function getProjectSettingsOutput(args: GetProjectSettingsOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getProjectSettingsOutput(args: GetProjectSettingsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:logging/getProjectSettings:getProjectSettings", { "project": args.project, diff --git a/sdk/nodejs/logging/getSink.ts b/sdk/nodejs/logging/getSink.ts index 45a1d32ca1..19ef404ba5 100644 --- a/sdk/nodejs/logging/getSink.ts +++ b/sdk/nodejs/logging/getSink.ts @@ -105,7 +105,7 @@ export interface GetSinkResult { * }); * ``` */ -export function getSinkOutput(args: GetSinkOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getSinkOutput(args: GetSinkOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:logging/getSink:getSink", { "id": args.id, diff --git a/sdk/nodejs/monitoring/getAppEngineService.ts b/sdk/nodejs/monitoring/getAppEngineService.ts index 1c60770f57..e701f184a9 100644 --- a/sdk/nodejs/monitoring/getAppEngineService.ts +++ b/sdk/nodejs/monitoring/getAppEngineService.ts @@ -170,7 +170,7 @@ export interface GetAppEngineServiceResult { * }); * ``` */ -export function getAppEngineServiceOutput(args: GetAppEngineServiceOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAppEngineServiceOutput(args: GetAppEngineServiceOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:monitoring/getAppEngineService:getAppEngineService", { "moduleId": args.moduleId, diff --git a/sdk/nodejs/monitoring/getClusterIstioService.ts b/sdk/nodejs/monitoring/getClusterIstioService.ts index d9934b7c43..fec552be30 100644 --- a/sdk/nodejs/monitoring/getClusterIstioService.ts +++ b/sdk/nodejs/monitoring/getClusterIstioService.ts @@ -145,7 +145,7 @@ export interface GetClusterIstioServiceResult { * }); * ``` */ -export function getClusterIstioServiceOutput(args: GetClusterIstioServiceOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getClusterIstioServiceOutput(args: GetClusterIstioServiceOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:monitoring/getClusterIstioService:getClusterIstioService", { "clusterName": args.clusterName, diff --git a/sdk/nodejs/monitoring/getIstioCanonicalService.ts b/sdk/nodejs/monitoring/getIstioCanonicalService.ts index 5b6727f47f..f895530712 100644 --- a/sdk/nodejs/monitoring/getIstioCanonicalService.ts +++ b/sdk/nodejs/monitoring/getIstioCanonicalService.ts @@ -136,7 +136,7 @@ export interface GetIstioCanonicalServiceResult { * }); * ``` */ -export function getIstioCanonicalServiceOutput(args: GetIstioCanonicalServiceOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getIstioCanonicalServiceOutput(args: GetIstioCanonicalServiceOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:monitoring/getIstioCanonicalService:getIstioCanonicalService", { "canonicalService": args.canonicalService, diff --git a/sdk/nodejs/monitoring/getMeshIstioService.ts b/sdk/nodejs/monitoring/getMeshIstioService.ts index ba7fd1cd45..8dcaeb99a9 100644 --- a/sdk/nodejs/monitoring/getMeshIstioService.ts +++ b/sdk/nodejs/monitoring/getMeshIstioService.ts @@ -136,7 +136,7 @@ export interface GetMeshIstioServiceResult { * }); * ``` */ -export function getMeshIstioServiceOutput(args: GetMeshIstioServiceOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getMeshIstioServiceOutput(args: GetMeshIstioServiceOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:monitoring/getMeshIstioService:getMeshIstioService", { "meshUid": args.meshUid, diff --git a/sdk/nodejs/monitoring/getNotificationChannel.ts b/sdk/nodejs/monitoring/getNotificationChannel.ts index aa73c2eafb..1d7d9e511b 100644 --- a/sdk/nodejs/monitoring/getNotificationChannel.ts +++ b/sdk/nodejs/monitoring/getNotificationChannel.ts @@ -175,7 +175,7 @@ export interface GetNotificationChannelResult { * }); * ``` */ -export function getNotificationChannelOutput(args?: GetNotificationChannelOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getNotificationChannelOutput(args?: GetNotificationChannelOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:monitoring/getNotificationChannel:getNotificationChannel", { diff --git a/sdk/nodejs/monitoring/getSecretVersion.ts b/sdk/nodejs/monitoring/getSecretVersion.ts index a62f063be9..e8ba140045 100644 --- a/sdk/nodejs/monitoring/getSecretVersion.ts +++ b/sdk/nodejs/monitoring/getSecretVersion.ts @@ -104,7 +104,7 @@ export interface GetSecretVersionResult { * ``` */ /** @deprecated gcp.monitoring.getSecretVersion has been deprecated in favor of gcp.secretmanager.getSecretVersion */ -export function getSecretVersionOutput(args: GetSecretVersionOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getSecretVersionOutput(args: GetSecretVersionOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { pulumi.log.warn("getSecretVersion is deprecated: gcp.monitoring.getSecretVersion has been deprecated in favor of gcp.secretmanager.getSecretVersion") opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:monitoring/getSecretVersion:getSecretVersion", { diff --git a/sdk/nodejs/monitoring/getUptimeCheckIPs.ts b/sdk/nodejs/monitoring/getUptimeCheckIPs.ts index 0d5bc8808f..a4cbc6a01a 100644 --- a/sdk/nodejs/monitoring/getUptimeCheckIPs.ts +++ b/sdk/nodejs/monitoring/getUptimeCheckIPs.ts @@ -53,7 +53,7 @@ export interface GetUptimeCheckIPsResult { * export const ipList = ips.then(ips => ips.uptimeCheckIps); * ``` */ -export function getUptimeCheckIPsOutput(opts?: pulumi.InvokeOptions): pulumi.Output { +export function getUptimeCheckIPsOutput(opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:monitoring/getUptimeCheckIPs:getUptimeCheckIPs", { }, opts); diff --git a/sdk/nodejs/networksecurity/getAddressGroupIamPolicy.ts b/sdk/nodejs/networksecurity/getAddressGroupIamPolicy.ts index 801210621d..3e9e52f5c7 100644 --- a/sdk/nodejs/networksecurity/getAddressGroupIamPolicy.ts +++ b/sdk/nodejs/networksecurity/getAddressGroupIamPolicy.ts @@ -62,7 +62,7 @@ export interface GetAddressGroupIamPolicyResult { /** * Retrieves the current IAM policy data for projectaddressgroup */ -export function getAddressGroupIamPolicyOutput(args: GetAddressGroupIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAddressGroupIamPolicyOutput(args: GetAddressGroupIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:networksecurity/getAddressGroupIamPolicy:getAddressGroupIamPolicy", { "location": args.location, diff --git a/sdk/nodejs/notebooks/getInstanceIamPolicy.ts b/sdk/nodejs/notebooks/getInstanceIamPolicy.ts index 8588a4b3c4..de592ccfdc 100644 --- a/sdk/nodejs/notebooks/getInstanceIamPolicy.ts +++ b/sdk/nodejs/notebooks/getInstanceIamPolicy.ts @@ -87,7 +87,7 @@ export interface GetInstanceIamPolicyResult { * }); * ``` */ -export function getInstanceIamPolicyOutput(args: GetInstanceIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getInstanceIamPolicyOutput(args: GetInstanceIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:notebooks/getInstanceIamPolicy:getInstanceIamPolicy", { "instanceName": args.instanceName, diff --git a/sdk/nodejs/notebooks/getRuntimeIamPolicy.ts b/sdk/nodejs/notebooks/getRuntimeIamPolicy.ts index 28b30d601b..eb082618f2 100644 --- a/sdk/nodejs/notebooks/getRuntimeIamPolicy.ts +++ b/sdk/nodejs/notebooks/getRuntimeIamPolicy.ts @@ -87,7 +87,7 @@ export interface GetRuntimeIamPolicyResult { * }); * ``` */ -export function getRuntimeIamPolicyOutput(args: GetRuntimeIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getRuntimeIamPolicyOutput(args: GetRuntimeIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:notebooks/getRuntimeIamPolicy:getRuntimeIamPolicy", { "location": args.location, diff --git a/sdk/nodejs/oracledatabase/getAutonomousDatabase.ts b/sdk/nodejs/oracledatabase/getAutonomousDatabase.ts index 32add632c0..661e1fdece 100644 --- a/sdk/nodejs/oracledatabase/getAutonomousDatabase.ts +++ b/sdk/nodejs/oracledatabase/getAutonomousDatabase.ts @@ -96,7 +96,7 @@ export interface GetAutonomousDatabaseResult { * }); * ``` */ -export function getAutonomousDatabaseOutput(args: GetAutonomousDatabaseOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAutonomousDatabaseOutput(args: GetAutonomousDatabaseOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:oracledatabase/getAutonomousDatabase:getAutonomousDatabase", { "autonomousDatabaseId": args.autonomousDatabaseId, diff --git a/sdk/nodejs/oracledatabase/getAutonomousDatabases.ts b/sdk/nodejs/oracledatabase/getAutonomousDatabases.ts index 1a0e444855..e1a6ab1668 100644 --- a/sdk/nodejs/oracledatabase/getAutonomousDatabases.ts +++ b/sdk/nodejs/oracledatabase/getAutonomousDatabases.ts @@ -77,7 +77,7 @@ export interface GetAutonomousDatabasesResult { * }); * ``` */ -export function getAutonomousDatabasesOutput(args: GetAutonomousDatabasesOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAutonomousDatabasesOutput(args: GetAutonomousDatabasesOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:oracledatabase/getAutonomousDatabases:getAutonomousDatabases", { "location": args.location, diff --git a/sdk/nodejs/oracledatabase/getCloudExadataInfrastructure.ts b/sdk/nodejs/oracledatabase/getCloudExadataInfrastructure.ts index de37bae667..fe069d35bf 100644 --- a/sdk/nodejs/oracledatabase/getCloudExadataInfrastructure.ts +++ b/sdk/nodejs/oracledatabase/getCloudExadataInfrastructure.ts @@ -93,7 +93,7 @@ export interface GetCloudExadataInfrastructureResult { * }); * ``` */ -export function getCloudExadataInfrastructureOutput(args: GetCloudExadataInfrastructureOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getCloudExadataInfrastructureOutput(args: GetCloudExadataInfrastructureOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:oracledatabase/getCloudExadataInfrastructure:getCloudExadataInfrastructure", { "cloudExadataInfrastructureId": args.cloudExadataInfrastructureId, diff --git a/sdk/nodejs/oracledatabase/getCloudExadataInfrastructures.ts b/sdk/nodejs/oracledatabase/getCloudExadataInfrastructures.ts index ee4d482af5..eaebd0ecfd 100644 --- a/sdk/nodejs/oracledatabase/getCloudExadataInfrastructures.ts +++ b/sdk/nodejs/oracledatabase/getCloudExadataInfrastructures.ts @@ -77,7 +77,7 @@ export interface GetCloudExadataInfrastructuresResult { * }); * ``` */ -export function getCloudExadataInfrastructuresOutput(args: GetCloudExadataInfrastructuresOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getCloudExadataInfrastructuresOutput(args: GetCloudExadataInfrastructuresOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:oracledatabase/getCloudExadataInfrastructures:getCloudExadataInfrastructures", { "location": args.location, diff --git a/sdk/nodejs/oracledatabase/getCloudVmCluster.ts b/sdk/nodejs/oracledatabase/getCloudVmCluster.ts index cff1090afc..4cffc3cc32 100644 --- a/sdk/nodejs/oracledatabase/getCloudVmCluster.ts +++ b/sdk/nodejs/oracledatabase/getCloudVmCluster.ts @@ -96,7 +96,7 @@ export interface GetCloudVmClusterResult { * }); * ``` */ -export function getCloudVmClusterOutput(args: GetCloudVmClusterOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getCloudVmClusterOutput(args: GetCloudVmClusterOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:oracledatabase/getCloudVmCluster:getCloudVmCluster", { "cloudVmClusterId": args.cloudVmClusterId, diff --git a/sdk/nodejs/oracledatabase/getCloudVmClusters.ts b/sdk/nodejs/oracledatabase/getCloudVmClusters.ts index e6c5b24f1d..657b9ebbc7 100644 --- a/sdk/nodejs/oracledatabase/getCloudVmClusters.ts +++ b/sdk/nodejs/oracledatabase/getCloudVmClusters.ts @@ -77,7 +77,7 @@ export interface GetCloudVmClustersResult { * }); * ``` */ -export function getCloudVmClustersOutput(args: GetCloudVmClustersOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getCloudVmClustersOutput(args: GetCloudVmClustersOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:oracledatabase/getCloudVmClusters:getCloudVmClusters", { "location": args.location, diff --git a/sdk/nodejs/oracledatabase/getDbNodes.ts b/sdk/nodejs/oracledatabase/getDbNodes.ts index eb7438cb43..2103dbcb01 100644 --- a/sdk/nodejs/oracledatabase/getDbNodes.ts +++ b/sdk/nodejs/oracledatabase/getDbNodes.ts @@ -163,7 +163,7 @@ export interface GetDbNodesResult { * * * `totalCpuCoreCount` - The total number of CPU cores reserved on the database node. */ -export function getDbNodesOutput(args: GetDbNodesOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getDbNodesOutput(args: GetDbNodesOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:oracledatabase/getDbNodes:getDbNodes", { "cloudVmCluster": args.cloudVmCluster, diff --git a/sdk/nodejs/oracledatabase/getDbServers.ts b/sdk/nodejs/oracledatabase/getDbServers.ts index 217185cd79..4e00e74b33 100644 --- a/sdk/nodejs/oracledatabase/getDbServers.ts +++ b/sdk/nodejs/oracledatabase/getDbServers.ts @@ -163,7 +163,7 @@ export interface GetDbServersResult { * * * `dbNodeIds` - The OCID of database nodes associated with the database server. */ -export function getDbServersOutput(args: GetDbServersOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getDbServersOutput(args: GetDbServersOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:oracledatabase/getDbServers:getDbServers", { "cloudExadataInfrastructure": args.cloudExadataInfrastructure, diff --git a/sdk/nodejs/organizations/getActiveFolder.ts b/sdk/nodejs/organizations/getActiveFolder.ts index 6bb10d03a9..745ca491ad 100644 --- a/sdk/nodejs/organizations/getActiveFolder.ts +++ b/sdk/nodejs/organizations/getActiveFolder.ts @@ -77,7 +77,7 @@ export interface GetActiveFolderResult { * }); * ``` */ -export function getActiveFolderOutput(args: GetActiveFolderOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getActiveFolderOutput(args: GetActiveFolderOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:organizations/getActiveFolder:getActiveFolder", { "apiMethod": args.apiMethod, diff --git a/sdk/nodejs/organizations/getBillingAccount.ts b/sdk/nodejs/organizations/getBillingAccount.ts index 6f410c4e83..e9610ab766 100644 --- a/sdk/nodejs/organizations/getBillingAccount.ts +++ b/sdk/nodejs/organizations/getBillingAccount.ts @@ -100,7 +100,7 @@ export interface GetBillingAccountResult { * }); * ``` */ -export function getBillingAccountOutput(args?: GetBillingAccountOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getBillingAccountOutput(args?: GetBillingAccountOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:organizations/getBillingAccount:getBillingAccount", { diff --git a/sdk/nodejs/organizations/getClientConfig.ts b/sdk/nodejs/organizations/getClientConfig.ts index 62602dd4be..d5cf44b4b1 100644 --- a/sdk/nodejs/organizations/getClientConfig.ts +++ b/sdk/nodejs/organizations/getClientConfig.ts @@ -58,7 +58,7 @@ export interface GetClientConfigResult { * export const project = current.then(current => current.project); * ``` */ -export function getClientConfigOutput(opts?: pulumi.InvokeOptions): pulumi.Output { +export function getClientConfigOutput(opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:organizations/getClientConfig:getClientConfig", { }, opts); diff --git a/sdk/nodejs/organizations/getClientOpenIdUserInfo.ts b/sdk/nodejs/organizations/getClientOpenIdUserInfo.ts index a734e1c583..faad4be644 100644 --- a/sdk/nodejs/organizations/getClientOpenIdUserInfo.ts +++ b/sdk/nodejs/organizations/getClientOpenIdUserInfo.ts @@ -78,7 +78,7 @@ export interface GetClientOpenIdUserInfoResult { * } * ``` */ -export function getClientOpenIdUserInfoOutput(opts?: pulumi.InvokeOptions): pulumi.Output { +export function getClientOpenIdUserInfoOutput(opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:organizations/getClientOpenIdUserInfo:getClientOpenIdUserInfo", { }, opts); diff --git a/sdk/nodejs/organizations/getFolder.ts b/sdk/nodejs/organizations/getFolder.ts index 080bddac6c..d2293d31d1 100644 --- a/sdk/nodejs/organizations/getFolder.ts +++ b/sdk/nodejs/organizations/getFolder.ts @@ -99,7 +99,7 @@ export interface GetFolderResult { * export const myFolder2Parent = myFolder2.then(myFolder2 => myFolder2.parent); * ``` */ -export function getFolderOutput(args: GetFolderOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getFolderOutput(args: GetFolderOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:organizations/getFolder:getFolder", { "folder": args.folder, diff --git a/sdk/nodejs/organizations/getFolders.ts b/sdk/nodejs/organizations/getFolders.ts index c488edf9e8..bf3db95392 100644 --- a/sdk/nodejs/organizations/getFolders.ts +++ b/sdk/nodejs/organizations/getFolders.ts @@ -79,7 +79,7 @@ export interface GetFoldersResult { * })); * ``` */ -export function getFoldersOutput(args: GetFoldersOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getFoldersOutput(args: GetFoldersOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:organizations/getFolders:getFolders", { "parentId": args.parentId, diff --git a/sdk/nodejs/organizations/getIAMPolicy.ts b/sdk/nodejs/organizations/getIAMPolicy.ts index f11be7208d..8301689d42 100644 --- a/sdk/nodejs/organizations/getIAMPolicy.ts +++ b/sdk/nodejs/organizations/getIAMPolicy.ts @@ -62,7 +62,7 @@ export interface GetIAMPolicyResult { * * **Note:** Please review the documentation of the resource that you will be using the datasource with. Some resources such as `gcp.projects.IAMPolicy` and others have limitations in their API methods which are noted on their respective page. */ -export function getIAMPolicyOutput(args?: GetIAMPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getIAMPolicyOutput(args?: GetIAMPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:organizations/getIAMPolicy:getIAMPolicy", { diff --git a/sdk/nodejs/organizations/getOrganization.ts b/sdk/nodejs/organizations/getOrganization.ts index 138e329b18..7a46c707fd 100644 --- a/sdk/nodejs/organizations/getOrganization.ts +++ b/sdk/nodejs/organizations/getOrganization.ts @@ -92,7 +92,7 @@ export interface GetOrganizationResult { * }); * ``` */ -export function getOrganizationOutput(args?: GetOrganizationOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getOrganizationOutput(args?: GetOrganizationOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:organizations/getOrganization:getOrganization", { diff --git a/sdk/nodejs/organizations/getProject.ts b/sdk/nodejs/organizations/getProject.ts index 94942aea90..6f37abc7c4 100644 --- a/sdk/nodejs/organizations/getProject.ts +++ b/sdk/nodejs/organizations/getProject.ts @@ -76,7 +76,7 @@ export interface GetProjectResult { * export const projectNumber = project.then(project => project.number); * ``` */ -export function getProjectOutput(args?: GetProjectOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getProjectOutput(args?: GetProjectOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:organizations/getProject:getProject", { diff --git a/sdk/nodejs/privilegedaccessmanager/getEntitlement.ts b/sdk/nodejs/privilegedaccessmanager/getEntitlement.ts index 50c6ed6edc..45d3f8a097 100644 --- a/sdk/nodejs/privilegedaccessmanager/getEntitlement.ts +++ b/sdk/nodejs/privilegedaccessmanager/getEntitlement.ts @@ -101,7 +101,7 @@ export interface GetEntitlementResult { * }); * ``` */ -export function getEntitlementOutput(args?: GetEntitlementOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getEntitlementOutput(args?: GetEntitlementOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:privilegedaccessmanager/getEntitlement:getEntitlement", { diff --git a/sdk/nodejs/projects/getIamPolicy.ts b/sdk/nodejs/projects/getIamPolicy.ts index 51255a42d8..99937af1e6 100644 --- a/sdk/nodejs/projects/getIamPolicy.ts +++ b/sdk/nodejs/projects/getIamPolicy.ts @@ -68,7 +68,7 @@ export interface GetIamPolicyResult { * }); * ``` */ -export function getIamPolicyOutput(args: GetIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getIamPolicyOutput(args: GetIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:projects/getIamPolicy:getIamPolicy", { "project": args.project, diff --git a/sdk/nodejs/projects/getOrganizationPolicy.ts b/sdk/nodejs/projects/getOrganizationPolicy.ts index 4a0be20138..0b1443f84d 100644 --- a/sdk/nodejs/projects/getOrganizationPolicy.ts +++ b/sdk/nodejs/projects/getOrganizationPolicy.ts @@ -81,7 +81,7 @@ export interface GetOrganizationPolicyResult { * export const version = policy.then(policy => policy.version); * ``` */ -export function getOrganizationPolicyOutput(args: GetOrganizationPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getOrganizationPolicyOutput(args: GetOrganizationPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:projects/getOrganizationPolicy:getOrganizationPolicy", { "constraint": args.constraint, diff --git a/sdk/nodejs/projects/getProject.ts b/sdk/nodejs/projects/getProject.ts index cc30c8ea96..472640476e 100644 --- a/sdk/nodejs/projects/getProject.ts +++ b/sdk/nodejs/projects/getProject.ts @@ -79,7 +79,7 @@ export interface GetProjectResult { * })); * ``` */ -export function getProjectOutput(args: GetProjectOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getProjectOutput(args: GetProjectOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:projects/getProject:getProject", { "filter": args.filter, diff --git a/sdk/nodejs/projects/getProjectService.ts b/sdk/nodejs/projects/getProjectService.ts index 64543f7cf8..5b94bed99f 100644 --- a/sdk/nodejs/projects/getProjectService.ts +++ b/sdk/nodejs/projects/getProjectService.ts @@ -95,7 +95,7 @@ export interface GetProjectServiceResult { * }); * ``` */ -export function getProjectServiceOutput(args: GetProjectServiceOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getProjectServiceOutput(args: GetProjectServiceOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:projects/getProjectService:getProjectService", { "project": args.project, diff --git a/sdk/nodejs/pubsub/getSchemaIamPolicy.ts b/sdk/nodejs/pubsub/getSchemaIamPolicy.ts index 765e6d9f8a..839544e3be 100644 --- a/sdk/nodejs/pubsub/getSchemaIamPolicy.ts +++ b/sdk/nodejs/pubsub/getSchemaIamPolicy.ts @@ -77,7 +77,7 @@ export interface GetSchemaIamPolicyResult { * }); * ``` */ -export function getSchemaIamPolicyOutput(args: GetSchemaIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getSchemaIamPolicyOutput(args: GetSchemaIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:pubsub/getSchemaIamPolicy:getSchemaIamPolicy", { "project": args.project, diff --git a/sdk/nodejs/pubsub/getSubscription.ts b/sdk/nodejs/pubsub/getSubscription.ts index b1ba4d1589..d81a0c02bb 100644 --- a/sdk/nodejs/pubsub/getSubscription.ts +++ b/sdk/nodejs/pubsub/getSubscription.ts @@ -90,7 +90,7 @@ export interface GetSubscriptionResult { * }); * ``` */ -export function getSubscriptionOutput(args: GetSubscriptionOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getSubscriptionOutput(args: GetSubscriptionOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:pubsub/getSubscription:getSubscription", { "name": args.name, diff --git a/sdk/nodejs/pubsub/getSubscriptionIamPolicy.ts b/sdk/nodejs/pubsub/getSubscriptionIamPolicy.ts index 4be7f88fc6..2346fb0c08 100644 --- a/sdk/nodejs/pubsub/getSubscriptionIamPolicy.ts +++ b/sdk/nodejs/pubsub/getSubscriptionIamPolicy.ts @@ -74,7 +74,7 @@ export interface GetSubscriptionIamPolicyResult { * }); * ``` */ -export function getSubscriptionIamPolicyOutput(args: GetSubscriptionIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getSubscriptionIamPolicyOutput(args: GetSubscriptionIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:pubsub/getSubscriptionIamPolicy:getSubscriptionIamPolicy", { "project": args.project, diff --git a/sdk/nodejs/pubsub/getTopic.ts b/sdk/nodejs/pubsub/getTopic.ts index 7955768c11..9864413469 100644 --- a/sdk/nodejs/pubsub/getTopic.ts +++ b/sdk/nodejs/pubsub/getTopic.ts @@ -82,7 +82,7 @@ export interface GetTopicResult { * }); * ``` */ -export function getTopicOutput(args: GetTopicOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getTopicOutput(args: GetTopicOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:pubsub/getTopic:getTopic", { "name": args.name, diff --git a/sdk/nodejs/pubsub/getTopicIamPolicy.ts b/sdk/nodejs/pubsub/getTopicIamPolicy.ts index 9324305037..41dfb15265 100644 --- a/sdk/nodejs/pubsub/getTopicIamPolicy.ts +++ b/sdk/nodejs/pubsub/getTopicIamPolicy.ts @@ -77,7 +77,7 @@ export interface GetTopicIamPolicyResult { * }); * ``` */ -export function getTopicIamPolicyOutput(args: GetTopicIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getTopicIamPolicyOutput(args: GetTopicIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:pubsub/getTopicIamPolicy:getTopicIamPolicy", { "project": args.project, diff --git a/sdk/nodejs/redis/getInstance.ts b/sdk/nodejs/redis/getInstance.ts index e3ab06b77a..e99c34acc9 100644 --- a/sdk/nodejs/redis/getInstance.ts +++ b/sdk/nodejs/redis/getInstance.ts @@ -116,7 +116,7 @@ export interface GetInstanceResult { * export const instanceAuthorizedNetwork = myInstance.then(myInstance => myInstance.authorizedNetwork); * ``` */ -export function getInstanceOutput(args: GetInstanceOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getInstanceOutput(args: GetInstanceOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:redis/getInstance:getInstance", { "name": args.name, diff --git a/sdk/nodejs/runtimeconfig/getConfig.ts b/sdk/nodejs/runtimeconfig/getConfig.ts index 106b51f84e..f2652b7230 100644 --- a/sdk/nodejs/runtimeconfig/getConfig.ts +++ b/sdk/nodejs/runtimeconfig/getConfig.ts @@ -65,7 +65,7 @@ export interface GetConfigResult { * }); * ``` */ -export function getConfigOutput(args: GetConfigOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getConfigOutput(args: GetConfigOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:runtimeconfig/getConfig:getConfig", { "name": args.name, diff --git a/sdk/nodejs/runtimeconfig/getConfigIamPolicy.ts b/sdk/nodejs/runtimeconfig/getConfigIamPolicy.ts index 86dfb707c9..0ec2068d7b 100644 --- a/sdk/nodejs/runtimeconfig/getConfigIamPolicy.ts +++ b/sdk/nodejs/runtimeconfig/getConfigIamPolicy.ts @@ -47,7 +47,7 @@ export interface GetConfigIamPolicyResult { readonly policyData: string; readonly project: string; } -export function getConfigIamPolicyOutput(args: GetConfigIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getConfigIamPolicyOutput(args: GetConfigIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:runtimeconfig/getConfigIamPolicy:getConfigIamPolicy", { "config": args.config, diff --git a/sdk/nodejs/runtimeconfig/getVariable.ts b/sdk/nodejs/runtimeconfig/getVariable.ts index ed00a1588c..736577fb08 100644 --- a/sdk/nodejs/runtimeconfig/getVariable.ts +++ b/sdk/nodejs/runtimeconfig/getVariable.ts @@ -75,7 +75,7 @@ export interface GetVariableResult { * }); * ``` */ -export function getVariableOutput(args: GetVariableOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getVariableOutput(args: GetVariableOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:runtimeconfig/getVariable:getVariable", { "name": args.name, diff --git a/sdk/nodejs/secretmanager/getRegionalSecret.ts b/sdk/nodejs/secretmanager/getRegionalSecret.ts index d39a837be9..607eb60405 100644 --- a/sdk/nodejs/secretmanager/getRegionalSecret.ts +++ b/sdk/nodejs/secretmanager/getRegionalSecret.ts @@ -89,7 +89,7 @@ export interface GetRegionalSecretResult { * }); * ``` */ -export function getRegionalSecretOutput(args: GetRegionalSecretOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getRegionalSecretOutput(args: GetRegionalSecretOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:secretmanager/getRegionalSecret:getRegionalSecret", { "location": args.location, diff --git a/sdk/nodejs/secretmanager/getRegionalSecretIamPolicy.ts b/sdk/nodejs/secretmanager/getRegionalSecretIamPolicy.ts index 4af825faac..83166bff07 100644 --- a/sdk/nodejs/secretmanager/getRegionalSecretIamPolicy.ts +++ b/sdk/nodejs/secretmanager/getRegionalSecretIamPolicy.ts @@ -85,7 +85,7 @@ export interface GetRegionalSecretIamPolicyResult { * }); * ``` */ -export function getRegionalSecretIamPolicyOutput(args: GetRegionalSecretIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getRegionalSecretIamPolicyOutput(args: GetRegionalSecretIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:secretmanager/getRegionalSecretIamPolicy:getRegionalSecretIamPolicy", { "location": args.location, diff --git a/sdk/nodejs/secretmanager/getRegionalSecretVersion.ts b/sdk/nodejs/secretmanager/getRegionalSecretVersion.ts index 2e3244eed9..c1d597f755 100644 --- a/sdk/nodejs/secretmanager/getRegionalSecretVersion.ts +++ b/sdk/nodejs/secretmanager/getRegionalSecretVersion.ts @@ -117,7 +117,7 @@ export interface GetRegionalSecretVersionResult { * }); * ``` */ -export function getRegionalSecretVersionOutput(args: GetRegionalSecretVersionOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getRegionalSecretVersionOutput(args: GetRegionalSecretVersionOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:secretmanager/getRegionalSecretVersion:getRegionalSecretVersion", { "isSecretDataBase64": args.isSecretDataBase64, diff --git a/sdk/nodejs/secretmanager/getRegionalSecretVersionAccess.ts b/sdk/nodejs/secretmanager/getRegionalSecretVersionAccess.ts index ced4191e1b..6ad2328725 100644 --- a/sdk/nodejs/secretmanager/getRegionalSecretVersionAccess.ts +++ b/sdk/nodejs/secretmanager/getRegionalSecretVersionAccess.ts @@ -99,7 +99,7 @@ export interface GetRegionalSecretVersionAccessResult { * }); * ``` */ -export function getRegionalSecretVersionAccessOutput(args: GetRegionalSecretVersionAccessOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getRegionalSecretVersionAccessOutput(args: GetRegionalSecretVersionAccessOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:secretmanager/getRegionalSecretVersionAccess:getRegionalSecretVersionAccess", { "isSecretDataBase64": args.isSecretDataBase64, diff --git a/sdk/nodejs/secretmanager/getRegionalSecrets.ts b/sdk/nodejs/secretmanager/getRegionalSecrets.ts index 0c7194c370..9b8520c4c9 100644 --- a/sdk/nodejs/secretmanager/getRegionalSecrets.ts +++ b/sdk/nodejs/secretmanager/getRegionalSecrets.ts @@ -83,7 +83,7 @@ export interface GetRegionalSecretsResult { * }); * ``` */ -export function getRegionalSecretsOutput(args: GetRegionalSecretsOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getRegionalSecretsOutput(args: GetRegionalSecretsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:secretmanager/getRegionalSecrets:getRegionalSecrets", { "filter": args.filter, diff --git a/sdk/nodejs/secretmanager/getSecret.ts b/sdk/nodejs/secretmanager/getSecret.ts index 89df573e9e..72ab6c896b 100644 --- a/sdk/nodejs/secretmanager/getSecret.ts +++ b/sdk/nodejs/secretmanager/getSecret.ts @@ -81,7 +81,7 @@ export interface GetSecretResult { * }); * ``` */ -export function getSecretOutput(args: GetSecretOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getSecretOutput(args: GetSecretOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:secretmanager/getSecret:getSecret", { "project": args.project, diff --git a/sdk/nodejs/secretmanager/getSecretIamPolicy.ts b/sdk/nodejs/secretmanager/getSecretIamPolicy.ts index 550108b606..5728c01ea0 100644 --- a/sdk/nodejs/secretmanager/getSecretIamPolicy.ts +++ b/sdk/nodejs/secretmanager/getSecretIamPolicy.ts @@ -74,7 +74,7 @@ export interface GetSecretIamPolicyResult { * }); * ``` */ -export function getSecretIamPolicyOutput(args: GetSecretIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getSecretIamPolicyOutput(args: GetSecretIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:secretmanager/getSecretIamPolicy:getSecretIamPolicy", { "project": args.project, diff --git a/sdk/nodejs/secretmanager/getSecretVersion.ts b/sdk/nodejs/secretmanager/getSecretVersion.ts index 051a018240..19eda5f413 100644 --- a/sdk/nodejs/secretmanager/getSecretVersion.ts +++ b/sdk/nodejs/secretmanager/getSecretVersion.ts @@ -101,7 +101,7 @@ export interface GetSecretVersionResult { * }); * ``` */ -export function getSecretVersionOutput(args: GetSecretVersionOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getSecretVersionOutput(args: GetSecretVersionOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:secretmanager/getSecretVersion:getSecretVersion", { "isSecretDataBase64": args.isSecretDataBase64, diff --git a/sdk/nodejs/secretmanager/getSecretVersionAccess.ts b/sdk/nodejs/secretmanager/getSecretVersionAccess.ts index e036c5c2af..8280925751 100644 --- a/sdk/nodejs/secretmanager/getSecretVersionAccess.ts +++ b/sdk/nodejs/secretmanager/getSecretVersionAccess.ts @@ -89,7 +89,7 @@ export interface GetSecretVersionAccessResult { * }); * ``` */ -export function getSecretVersionAccessOutput(args: GetSecretVersionAccessOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getSecretVersionAccessOutput(args: GetSecretVersionAccessOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:secretmanager/getSecretVersionAccess:getSecretVersionAccess", { "isSecretDataBase64": args.isSecretDataBase64, diff --git a/sdk/nodejs/secretmanager/getSecrets.ts b/sdk/nodejs/secretmanager/getSecrets.ts index d678bf7818..9dae8085ad 100644 --- a/sdk/nodejs/secretmanager/getSecrets.ts +++ b/sdk/nodejs/secretmanager/getSecrets.ts @@ -71,7 +71,7 @@ export interface GetSecretsResult { * const secrets = gcp.secretmanager.getSecrets({}); * ``` */ -export function getSecretsOutput(args?: GetSecretsOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getSecretsOutput(args?: GetSecretsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:secretmanager/getSecrets:getSecrets", { diff --git a/sdk/nodejs/securesourcemanager/getInstanceIamPolicy.ts b/sdk/nodejs/securesourcemanager/getInstanceIamPolicy.ts index 5953bcfd4f..a2fbbdc9d6 100644 --- a/sdk/nodejs/securesourcemanager/getInstanceIamPolicy.ts +++ b/sdk/nodejs/securesourcemanager/getInstanceIamPolicy.ts @@ -89,7 +89,7 @@ export interface GetInstanceIamPolicyResult { * }); * ``` */ -export function getInstanceIamPolicyOutput(args: GetInstanceIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getInstanceIamPolicyOutput(args: GetInstanceIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:securesourcemanager/getInstanceIamPolicy:getInstanceIamPolicy", { "instanceId": args.instanceId, diff --git a/sdk/nodejs/securesourcemanager/getRepositoryIamPolicy.ts b/sdk/nodejs/securesourcemanager/getRepositoryIamPolicy.ts index 91195a74d0..1e1f3039fb 100644 --- a/sdk/nodejs/securesourcemanager/getRepositoryIamPolicy.ts +++ b/sdk/nodejs/securesourcemanager/getRepositoryIamPolicy.ts @@ -89,7 +89,7 @@ export interface GetRepositoryIamPolicyResult { * }); * ``` */ -export function getRepositoryIamPolicyOutput(args: GetRepositoryIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getRepositoryIamPolicyOutput(args: GetRepositoryIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:securesourcemanager/getRepositoryIamPolicy:getRepositoryIamPolicy", { "location": args.location, diff --git a/sdk/nodejs/securitycenter/getSourceIamPolicy.ts b/sdk/nodejs/securitycenter/getSourceIamPolicy.ts index e7be3fac41..5d03d23e63 100644 --- a/sdk/nodejs/securitycenter/getSourceIamPolicy.ts +++ b/sdk/nodejs/securitycenter/getSourceIamPolicy.ts @@ -71,7 +71,7 @@ export interface GetSourceIamPolicyResult { * }); * ``` */ -export function getSourceIamPolicyOutput(args: GetSourceIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getSourceIamPolicyOutput(args: GetSourceIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:securitycenter/getSourceIamPolicy:getSourceIamPolicy", { "organization": args.organization, diff --git a/sdk/nodejs/securitycenter/getV2OrganizationSourceIamPolicy.ts b/sdk/nodejs/securitycenter/getV2OrganizationSourceIamPolicy.ts index 34251927fd..384c8284aa 100644 --- a/sdk/nodejs/securitycenter/getV2OrganizationSourceIamPolicy.ts +++ b/sdk/nodejs/securitycenter/getV2OrganizationSourceIamPolicy.ts @@ -71,7 +71,7 @@ export interface GetV2OrganizationSourceIamPolicyResult { * }); * ``` */ -export function getV2OrganizationSourceIamPolicyOutput(args: GetV2OrganizationSourceIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getV2OrganizationSourceIamPolicyOutput(args: GetV2OrganizationSourceIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:securitycenter/getV2OrganizationSourceIamPolicy:getV2OrganizationSourceIamPolicy", { "organization": args.organization, diff --git a/sdk/nodejs/serviceaccount/getAccount.ts b/sdk/nodejs/serviceaccount/getAccount.ts index 81ea4956a8..52977d003a 100644 --- a/sdk/nodejs/serviceaccount/getAccount.ts +++ b/sdk/nodejs/serviceaccount/getAccount.ts @@ -148,7 +148,7 @@ export interface GetAccountResult { * }); * ``` */ -export function getAccountOutput(args: GetAccountOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAccountOutput(args: GetAccountOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:serviceaccount/getAccount:getAccount", { "accountId": args.accountId, diff --git a/sdk/nodejs/serviceaccount/getAccountAccessToken.ts b/sdk/nodejs/serviceaccount/getAccountAccessToken.ts index 3fbc9161cf..5b8dd5bb35 100644 --- a/sdk/nodejs/serviceaccount/getAccountAccessToken.ts +++ b/sdk/nodejs/serviceaccount/getAccountAccessToken.ts @@ -153,7 +153,7 @@ export interface GetAccountAccessTokenResult { * * > *Note*: the generated token is non-refreshable and can have a maximum `lifetime` of `3600` seconds. */ -export function getAccountAccessTokenOutput(args: GetAccountAccessTokenOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAccountAccessTokenOutput(args: GetAccountAccessTokenOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:serviceaccount/getAccountAccessToken:getAccountAccessToken", { "delegates": args.delegates, diff --git a/sdk/nodejs/serviceaccount/getAccountIdToken.ts b/sdk/nodejs/serviceaccount/getAccountIdToken.ts index cd13653594..96c75ffc47 100644 --- a/sdk/nodejs/serviceaccount/getAccountIdToken.ts +++ b/sdk/nodejs/serviceaccount/getAccountIdToken.ts @@ -193,7 +193,7 @@ export interface GetAccountIdTokenResult { * export const cloudRunResponse = cloudrun.then(cloudrun => cloudrun.body); * ``` */ -export function getAccountIdTokenOutput(args: GetAccountIdTokenOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAccountIdTokenOutput(args: GetAccountIdTokenOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:serviceaccount/getAccountIdToken:getAccountIdToken", { "delegates": args.delegates, diff --git a/sdk/nodejs/serviceaccount/getAccountJwt.ts b/sdk/nodejs/serviceaccount/getAccountJwt.ts index e15347b3c0..2457367938 100644 --- a/sdk/nodejs/serviceaccount/getAccountJwt.ts +++ b/sdk/nodejs/serviceaccount/getAccountJwt.ts @@ -97,7 +97,7 @@ export interface GetAccountJwtResult { * export const jwt = foo.then(foo => foo.jwt); * ``` */ -export function getAccountJwtOutput(args: GetAccountJwtOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAccountJwtOutput(args: GetAccountJwtOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:serviceaccount/getAccountJwt:getAccountJwt", { "delegates": args.delegates, diff --git a/sdk/nodejs/serviceaccount/getAccountKey.ts b/sdk/nodejs/serviceaccount/getAccountKey.ts index a51fa0095f..839e99b729 100644 --- a/sdk/nodejs/serviceaccount/getAccountKey.ts +++ b/sdk/nodejs/serviceaccount/getAccountKey.ts @@ -85,7 +85,7 @@ export interface GetAccountKeyResult { * }); * ``` */ -export function getAccountKeyOutput(args: GetAccountKeyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAccountKeyOutput(args: GetAccountKeyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:serviceaccount/getAccountKey:getAccountKey", { "name": args.name, diff --git a/sdk/nodejs/serviceaccount/getIamPolicy.ts b/sdk/nodejs/serviceaccount/getIamPolicy.ts index 9877a72edf..54ff1858e5 100644 --- a/sdk/nodejs/serviceaccount/getIamPolicy.ts +++ b/sdk/nodejs/serviceaccount/getIamPolicy.ts @@ -67,7 +67,7 @@ export interface GetIamPolicyResult { * }); * ``` */ -export function getIamPolicyOutput(args: GetIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getIamPolicyOutput(args: GetIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:serviceaccount/getIamPolicy:getIamPolicy", { "serviceAccountId": args.serviceAccountId, diff --git a/sdk/nodejs/serviceaccount/getS.ts b/sdk/nodejs/serviceaccount/getS.ts index 0dc1a3ff35..ae99233ba1 100644 --- a/sdk/nodejs/serviceaccount/getS.ts +++ b/sdk/nodejs/serviceaccount/getS.ts @@ -74,7 +74,7 @@ export interface GetSResult { * }); * ``` */ -export function getSOutput(args?: GetSOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getSOutput(args?: GetSOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:serviceaccount/getS:getS", { diff --git a/sdk/nodejs/servicedirectory/getNamespaceIamPolicy.ts b/sdk/nodejs/servicedirectory/getNamespaceIamPolicy.ts index a82b2bac36..6218a59a98 100644 --- a/sdk/nodejs/servicedirectory/getNamespaceIamPolicy.ts +++ b/sdk/nodejs/servicedirectory/getNamespaceIamPolicy.ts @@ -40,7 +40,7 @@ export interface GetNamespaceIamPolicyResult { */ readonly policyData: string; } -export function getNamespaceIamPolicyOutput(args: GetNamespaceIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getNamespaceIamPolicyOutput(args: GetNamespaceIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:servicedirectory/getNamespaceIamPolicy:getNamespaceIamPolicy", { "name": args.name, diff --git a/sdk/nodejs/servicedirectory/getServiceIamPolicy.ts b/sdk/nodejs/servicedirectory/getServiceIamPolicy.ts index dbab5a9646..bc2719b241 100644 --- a/sdk/nodejs/servicedirectory/getServiceIamPolicy.ts +++ b/sdk/nodejs/servicedirectory/getServiceIamPolicy.ts @@ -40,7 +40,7 @@ export interface GetServiceIamPolicyResult { */ readonly policyData: string; } -export function getServiceIamPolicyOutput(args: GetServiceIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getServiceIamPolicyOutput(args: GetServiceIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:servicedirectory/getServiceIamPolicy:getServiceIamPolicy", { "name": args.name, diff --git a/sdk/nodejs/servicenetworking/getPeeredDnsDomain.ts b/sdk/nodejs/servicenetworking/getPeeredDnsDomain.ts index e08d84be32..477f677009 100644 --- a/sdk/nodejs/servicenetworking/getPeeredDnsDomain.ts +++ b/sdk/nodejs/servicenetworking/getPeeredDnsDomain.ts @@ -39,7 +39,7 @@ export interface GetPeeredDnsDomainResult { readonly project: string; readonly service: string; } -export function getPeeredDnsDomainOutput(args: GetPeeredDnsDomainOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getPeeredDnsDomainOutput(args: GetPeeredDnsDomainOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:servicenetworking/getPeeredDnsDomain:getPeeredDnsDomain", { "name": args.name, diff --git a/sdk/nodejs/siteverification/getToken.ts b/sdk/nodejs/siteverification/getToken.ts index eda00d4248..2844e50492 100644 --- a/sdk/nodejs/siteverification/getToken.ts +++ b/sdk/nodejs/siteverification/getToken.ts @@ -128,7 +128,7 @@ export interface GetTokenResult { * }); * ``` */ -export function getTokenOutput(args: GetTokenOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getTokenOutput(args: GetTokenOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:siteverification/getToken:getToken", { "identifier": args.identifier, diff --git a/sdk/nodejs/sourcerepo/getRepository.ts b/sdk/nodejs/sourcerepo/getRepository.ts index 34ca375c0d..1bdf24e0ae 100644 --- a/sdk/nodejs/sourcerepo/getRepository.ts +++ b/sdk/nodejs/sourcerepo/getRepository.ts @@ -77,7 +77,7 @@ export interface GetRepositoryResult { * }); * ``` */ -export function getRepositoryOutput(args: GetRepositoryOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getRepositoryOutput(args: GetRepositoryOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:sourcerepo/getRepository:getRepository", { "name": args.name, diff --git a/sdk/nodejs/sourcerepo/getRepositoryIamPolicy.ts b/sdk/nodejs/sourcerepo/getRepositoryIamPolicy.ts index d040ba5cd4..a55ec5f040 100644 --- a/sdk/nodejs/sourcerepo/getRepositoryIamPolicy.ts +++ b/sdk/nodejs/sourcerepo/getRepositoryIamPolicy.ts @@ -77,7 +77,7 @@ export interface GetRepositoryIamPolicyResult { * }); * ``` */ -export function getRepositoryIamPolicyOutput(args: GetRepositoryIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getRepositoryIamPolicyOutput(args: GetRepositoryIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:sourcerepo/getRepositoryIamPolicy:getRepositoryIamPolicy", { "project": args.project, diff --git a/sdk/nodejs/spanner/getDatabase.ts b/sdk/nodejs/spanner/getDatabase.ts index 8369c7f09c..8ebf47ac9f 100644 --- a/sdk/nodejs/spanner/getDatabase.ts +++ b/sdk/nodejs/spanner/getDatabase.ts @@ -85,7 +85,7 @@ export interface GetDatabaseResult { * }); * ``` */ -export function getDatabaseOutput(args: GetDatabaseOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getDatabaseOutput(args: GetDatabaseOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:spanner/getDatabase:getDatabase", { "instance": args.instance, diff --git a/sdk/nodejs/spanner/getDatabaseIamPolicy.ts b/sdk/nodejs/spanner/getDatabaseIamPolicy.ts index e879e924ed..9228a185d8 100644 --- a/sdk/nodejs/spanner/getDatabaseIamPolicy.ts +++ b/sdk/nodejs/spanner/getDatabaseIamPolicy.ts @@ -84,7 +84,7 @@ export interface GetDatabaseIamPolicyResult { * }); * ``` */ -export function getDatabaseIamPolicyOutput(args: GetDatabaseIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getDatabaseIamPolicyOutput(args: GetDatabaseIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:spanner/getDatabaseIamPolicy:getDatabaseIamPolicy", { "database": args.database, diff --git a/sdk/nodejs/spanner/getInstance.ts b/sdk/nodejs/spanner/getInstance.ts index 1420f94a86..aede8466a6 100644 --- a/sdk/nodejs/spanner/getInstance.ts +++ b/sdk/nodejs/spanner/getInstance.ts @@ -86,7 +86,7 @@ export interface GetInstanceResult { * }); * ``` */ -export function getInstanceOutput(args: GetInstanceOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getInstanceOutput(args: GetInstanceOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:spanner/getInstance:getInstance", { "config": args.config, diff --git a/sdk/nodejs/spanner/getInstanceIamPolicy.ts b/sdk/nodejs/spanner/getInstanceIamPolicy.ts index 91ad2d4a9d..3e37401fa5 100644 --- a/sdk/nodejs/spanner/getInstanceIamPolicy.ts +++ b/sdk/nodejs/spanner/getInstanceIamPolicy.ts @@ -76,7 +76,7 @@ export interface GetInstanceIamPolicyResult { * }); * ``` */ -export function getInstanceIamPolicyOutput(args: GetInstanceIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getInstanceIamPolicyOutput(args: GetInstanceIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:spanner/getInstanceIamPolicy:getInstanceIamPolicy", { "instance": args.instance, diff --git a/sdk/nodejs/sql/getBackupRun.ts b/sdk/nodejs/sql/getBackupRun.ts index 0c9162ca11..10ebf072f9 100644 --- a/sdk/nodejs/sql/getBackupRun.ts +++ b/sdk/nodejs/sql/getBackupRun.ts @@ -95,7 +95,7 @@ export interface GetBackupRunResult { * }); * ``` */ -export function getBackupRunOutput(args: GetBackupRunOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getBackupRunOutput(args: GetBackupRunOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:sql/getBackupRun:getBackupRun", { "backupId": args.backupId, diff --git a/sdk/nodejs/sql/getCaCerts.ts b/sdk/nodejs/sql/getCaCerts.ts index b447deac77..83df16b5d6 100644 --- a/sdk/nodejs/sql/getCaCerts.ts +++ b/sdk/nodejs/sql/getCaCerts.ts @@ -59,7 +59,7 @@ export interface GetCaCertsResult { * and * [API](https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1beta4/instances/listServerCas). */ -export function getCaCertsOutput(args: GetCaCertsOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getCaCertsOutput(args: GetCaCertsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:sql/getCaCerts:getCaCerts", { "instance": args.instance, diff --git a/sdk/nodejs/sql/getDatabase.ts b/sdk/nodejs/sql/getDatabase.ts index 15ec2ddc37..45c97d477c 100644 --- a/sdk/nodejs/sql/getDatabase.ts +++ b/sdk/nodejs/sql/getDatabase.ts @@ -77,7 +77,7 @@ export interface GetDatabaseResult { * }); * ``` */ -export function getDatabaseOutput(args: GetDatabaseOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getDatabaseOutput(args: GetDatabaseOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:sql/getDatabase:getDatabase", { "instance": args.instance, diff --git a/sdk/nodejs/sql/getDatabaseInstance.ts b/sdk/nodejs/sql/getDatabaseInstance.ts index 18ca215dbf..3111d41e2e 100644 --- a/sdk/nodejs/sql/getDatabaseInstance.ts +++ b/sdk/nodejs/sql/getDatabaseInstance.ts @@ -91,7 +91,7 @@ export interface GetDatabaseInstanceResult { * }); * ``` */ -export function getDatabaseInstanceOutput(args: GetDatabaseInstanceOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getDatabaseInstanceOutput(args: GetDatabaseInstanceOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:sql/getDatabaseInstance:getDatabaseInstance", { "name": args.name, diff --git a/sdk/nodejs/sql/getDatabaseInstanceLatestRecoveryTime.ts b/sdk/nodejs/sql/getDatabaseInstanceLatestRecoveryTime.ts index 19e5bbe77b..8da3f99046 100644 --- a/sdk/nodejs/sql/getDatabaseInstanceLatestRecoveryTime.ts +++ b/sdk/nodejs/sql/getDatabaseInstanceLatestRecoveryTime.ts @@ -83,7 +83,7 @@ export interface GetDatabaseInstanceLatestRecoveryTimeResult { * export const latestRecoveryTime = _default; * ``` */ -export function getDatabaseInstanceLatestRecoveryTimeOutput(args: GetDatabaseInstanceLatestRecoveryTimeOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getDatabaseInstanceLatestRecoveryTimeOutput(args: GetDatabaseInstanceLatestRecoveryTimeOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:sql/getDatabaseInstanceLatestRecoveryTime:getDatabaseInstanceLatestRecoveryTime", { "instance": args.instance, diff --git a/sdk/nodejs/sql/getDatabaseInstances.ts b/sdk/nodejs/sql/getDatabaseInstances.ts index 3465972257..0f00ac0cc8 100644 --- a/sdk/nodejs/sql/getDatabaseInstances.ts +++ b/sdk/nodejs/sql/getDatabaseInstances.ts @@ -93,7 +93,7 @@ export interface GetDatabaseInstancesResult { * }); * ``` */ -export function getDatabaseInstancesOutput(args?: GetDatabaseInstancesOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getDatabaseInstancesOutput(args?: GetDatabaseInstancesOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:sql/getDatabaseInstances:getDatabaseInstances", { diff --git a/sdk/nodejs/sql/getDatabases.ts b/sdk/nodejs/sql/getDatabases.ts index b486842899..24bae57eb8 100644 --- a/sdk/nodejs/sql/getDatabases.ts +++ b/sdk/nodejs/sql/getDatabases.ts @@ -68,7 +68,7 @@ export interface GetDatabasesResult { * }); * ``` */ -export function getDatabasesOutput(args: GetDatabasesOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getDatabasesOutput(args: GetDatabasesOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:sql/getDatabases:getDatabases", { "instance": args.instance, diff --git a/sdk/nodejs/sql/getTiers.ts b/sdk/nodejs/sql/getTiers.ts index b6f0de5abf..5ac1e0e01a 100644 --- a/sdk/nodejs/sql/getTiers.ts +++ b/sdk/nodejs/sql/getTiers.ts @@ -76,7 +76,7 @@ export interface GetTiersResult { * export const avaialbleTiers = allAvailableTiers; * ``` */ -export function getTiersOutput(args?: GetTiersOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getTiersOutput(args?: GetTiersOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:sql/getTiers:getTiers", { diff --git a/sdk/nodejs/storage/getBucket.ts b/sdk/nodejs/storage/getBucket.ts index c5754a881d..907f6569e5 100644 --- a/sdk/nodejs/storage/getBucket.ts +++ b/sdk/nodejs/storage/getBucket.ts @@ -99,7 +99,7 @@ export interface GetBucketResult { * }); * ``` */ -export function getBucketOutput(args: GetBucketOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getBucketOutput(args: GetBucketOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:storage/getBucket:getBucket", { "name": args.name, diff --git a/sdk/nodejs/storage/getBucketIamPolicy.ts b/sdk/nodejs/storage/getBucketIamPolicy.ts index be360c8cad..e8f13769c4 100644 --- a/sdk/nodejs/storage/getBucketIamPolicy.ts +++ b/sdk/nodejs/storage/getBucketIamPolicy.ts @@ -68,7 +68,7 @@ export interface GetBucketIamPolicyResult { * }); * ``` */ -export function getBucketIamPolicyOutput(args: GetBucketIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getBucketIamPolicyOutput(args: GetBucketIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:storage/getBucketIamPolicy:getBucketIamPolicy", { "bucket": args.bucket, diff --git a/sdk/nodejs/storage/getBucketObject.ts b/sdk/nodejs/storage/getBucketObject.ts index 34a89c5c14..ad62c96e42 100644 --- a/sdk/nodejs/storage/getBucketObject.ts +++ b/sdk/nodejs/storage/getBucketObject.ts @@ -143,7 +143,7 @@ export interface GetBucketObjectResult { * }); * ``` */ -export function getBucketObjectOutput(args?: GetBucketObjectOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getBucketObjectOutput(args?: GetBucketObjectOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:storage/getBucketObject:getBucketObject", { diff --git a/sdk/nodejs/storage/getBucketObjectContent.ts b/sdk/nodejs/storage/getBucketObjectContent.ts index fae4a5b4cd..17ea6c1733 100644 --- a/sdk/nodejs/storage/getBucketObjectContent.ts +++ b/sdk/nodejs/storage/getBucketObjectContent.ts @@ -114,7 +114,7 @@ export interface GetBucketObjectContentResult { * export const encrypted = key.then(key => key.content); * ``` */ -export function getBucketObjectContentOutput(args: GetBucketObjectContentOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getBucketObjectContentOutput(args: GetBucketObjectContentOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:storage/getBucketObjectContent:getBucketObjectContent", { "bucket": args.bucket, diff --git a/sdk/nodejs/storage/getBucketObjects.ts b/sdk/nodejs/storage/getBucketObjects.ts index 012714c6e8..d64cc72092 100644 --- a/sdk/nodejs/storage/getBucketObjects.ts +++ b/sdk/nodejs/storage/getBucketObjects.ts @@ -85,7 +85,7 @@ export interface GetBucketObjectsResult { * }); * ``` */ -export function getBucketObjectsOutput(args: GetBucketObjectsOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getBucketObjectsOutput(args: GetBucketObjectsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:storage/getBucketObjects:getBucketObjects", { "bucket": args.bucket, diff --git a/sdk/nodejs/storage/getBuckets.ts b/sdk/nodejs/storage/getBuckets.ts index a08e2d5d24..43ce9ab5d1 100644 --- a/sdk/nodejs/storage/getBuckets.ts +++ b/sdk/nodejs/storage/getBuckets.ts @@ -80,7 +80,7 @@ export interface GetBucketsResult { * }); * ``` */ -export function getBucketsOutput(args?: GetBucketsOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getBucketsOutput(args?: GetBucketsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:storage/getBuckets:getBuckets", { diff --git a/sdk/nodejs/storage/getManagedFolderIamPolicy.ts b/sdk/nodejs/storage/getManagedFolderIamPolicy.ts index d911448b19..44742187ae 100644 --- a/sdk/nodejs/storage/getManagedFolderIamPolicy.ts +++ b/sdk/nodejs/storage/getManagedFolderIamPolicy.ts @@ -33,7 +33,7 @@ export interface GetManagedFolderIamPolicyResult { readonly managedFolder: string; readonly policyData: string; } -export function getManagedFolderIamPolicyOutput(args: GetManagedFolderIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getManagedFolderIamPolicyOutput(args: GetManagedFolderIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:storage/getManagedFolderIamPolicy:getManagedFolderIamPolicy", { "bucket": args.bucket, diff --git a/sdk/nodejs/storage/getObjectSignedUrl.ts b/sdk/nodejs/storage/getObjectSignedUrl.ts index 8c43a956a8..41c5b9d516 100644 --- a/sdk/nodejs/storage/getObjectSignedUrl.ts +++ b/sdk/nodejs/storage/getObjectSignedUrl.ts @@ -164,7 +164,7 @@ export interface GetObjectSignedUrlResult { * })); * ``` */ -export function getObjectSignedUrlOutput(args: GetObjectSignedUrlOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getObjectSignedUrlOutput(args: GetObjectSignedUrlOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:storage/getObjectSignedUrl:getObjectSignedUrl", { "bucket": args.bucket, diff --git a/sdk/nodejs/storage/getProjectServiceAccount.ts b/sdk/nodejs/storage/getProjectServiceAccount.ts index 1041a11fd8..1029eaafdd 100644 --- a/sdk/nodejs/storage/getProjectServiceAccount.ts +++ b/sdk/nodejs/storage/getProjectServiceAccount.ts @@ -194,7 +194,7 @@ export interface GetProjectServiceAccountResult { * }); * ``` */ -export function getProjectServiceAccountOutput(args?: GetProjectServiceAccountOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getProjectServiceAccountOutput(args?: GetProjectServiceAccountOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:storage/getProjectServiceAccount:getProjectServiceAccount", { diff --git a/sdk/nodejs/storage/getTransferProjectServiceAccount.ts b/sdk/nodejs/storage/getTransferProjectServiceAccount.ts index 871bdc4c99..55c7390c93 100644 --- a/sdk/nodejs/storage/getTransferProjectServiceAccount.ts +++ b/sdk/nodejs/storage/getTransferProjectServiceAccount.ts @@ -70,7 +70,7 @@ export interface GetTransferProjectServiceAccountResult { * export const defaultAccount = _default.then(_default => _default.email); * ``` */ -export function getTransferProjectServiceAccountOutput(args?: GetTransferProjectServiceAccountOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getTransferProjectServiceAccountOutput(args?: GetTransferProjectServiceAccountOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:storage/getTransferProjectServiceAccount:getTransferProjectServiceAccount", { diff --git a/sdk/nodejs/storage/getTransferProjectServieAccount.ts b/sdk/nodejs/storage/getTransferProjectServieAccount.ts index 768889f679..47de3455f9 100644 --- a/sdk/nodejs/storage/getTransferProjectServieAccount.ts +++ b/sdk/nodejs/storage/getTransferProjectServieAccount.ts @@ -73,7 +73,7 @@ export interface GetTransferProjectServieAccountResult { * ``` */ /** @deprecated gcp.storage.getTransferProjectServieAccount has been deprecated in favor of gcp.storage.getTransferProjectServiceAccount */ -export function getTransferProjectServieAccountOutput(args?: GetTransferProjectServieAccountOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getTransferProjectServieAccountOutput(args?: GetTransferProjectServieAccountOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { pulumi.log.warn("getTransferProjectServieAccount is deprecated: gcp.storage.getTransferProjectServieAccount has been deprecated in favor of gcp.storage.getTransferProjectServiceAccount") args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); diff --git a/sdk/nodejs/tags/getTagKey.ts b/sdk/nodejs/tags/getTagKey.ts index c2ecf06611..5a67ddd4d7 100644 --- a/sdk/nodejs/tags/getTagKey.ts +++ b/sdk/nodejs/tags/getTagKey.ts @@ -104,7 +104,7 @@ export interface GetTagKeyResult { * }); * ``` */ -export function getTagKeyOutput(args: GetTagKeyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getTagKeyOutput(args: GetTagKeyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:tags/getTagKey:getTagKey", { "parent": args.parent, diff --git a/sdk/nodejs/tags/getTagKeyIamPolicy.ts b/sdk/nodejs/tags/getTagKeyIamPolicy.ts index a203ba8ea9..68eaf16219 100644 --- a/sdk/nodejs/tags/getTagKeyIamPolicy.ts +++ b/sdk/nodejs/tags/getTagKeyIamPolicy.ts @@ -68,7 +68,7 @@ export interface GetTagKeyIamPolicyResult { * }); * ``` */ -export function getTagKeyIamPolicyOutput(args: GetTagKeyIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getTagKeyIamPolicyOutput(args: GetTagKeyIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:tags/getTagKeyIamPolicy:getTagKeyIamPolicy", { "tagKey": args.tagKey, diff --git a/sdk/nodejs/tags/getTagKeys.ts b/sdk/nodejs/tags/getTagKeys.ts index d602efbcbd..9bd69d1698 100644 --- a/sdk/nodejs/tags/getTagKeys.ts +++ b/sdk/nodejs/tags/getTagKeys.ts @@ -81,7 +81,7 @@ export interface GetTagKeysResult { * }); * ``` */ -export function getTagKeysOutput(args: GetTagKeysOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getTagKeysOutput(args: GetTagKeysOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:tags/getTagKeys:getTagKeys", { "parent": args.parent, diff --git a/sdk/nodejs/tags/getTagValue.ts b/sdk/nodejs/tags/getTagValue.ts index 7b547311e2..fd65f6953a 100644 --- a/sdk/nodejs/tags/getTagValue.ts +++ b/sdk/nodejs/tags/getTagValue.ts @@ -86,7 +86,7 @@ export interface GetTagValueResult { * }); * ``` */ -export function getTagValueOutput(args: GetTagValueOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getTagValueOutput(args: GetTagValueOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:tags/getTagValue:getTagValue", { "parent": args.parent, diff --git a/sdk/nodejs/tags/getTagValueIamPolicy.ts b/sdk/nodejs/tags/getTagValueIamPolicy.ts index 43c9c7e770..6b9edf447b 100644 --- a/sdk/nodejs/tags/getTagValueIamPolicy.ts +++ b/sdk/nodejs/tags/getTagValueIamPolicy.ts @@ -68,7 +68,7 @@ export interface GetTagValueIamPolicyResult { * }); * ``` */ -export function getTagValueIamPolicyOutput(args: GetTagValueIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getTagValueIamPolicyOutput(args: GetTagValueIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:tags/getTagValueIamPolicy:getTagValueIamPolicy", { "tagValue": args.tagValue, diff --git a/sdk/nodejs/tags/getTagValues.ts b/sdk/nodejs/tags/getTagValues.ts index 6a928d5c04..cd1aa14f3f 100644 --- a/sdk/nodejs/tags/getTagValues.ts +++ b/sdk/nodejs/tags/getTagValues.ts @@ -65,7 +65,7 @@ export interface GetTagValuesResult { * }); * ``` */ -export function getTagValuesOutput(args: GetTagValuesOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getTagValuesOutput(args: GetTagValuesOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:tags/getTagValues:getTagValues", { "parent": args.parent, diff --git a/sdk/nodejs/tpu/getTensorflowVersions.ts b/sdk/nodejs/tpu/getTensorflowVersions.ts index e1d60d87af..434cc55cbc 100644 --- a/sdk/nodejs/tpu/getTensorflowVersions.ts +++ b/sdk/nodejs/tpu/getTensorflowVersions.ts @@ -100,7 +100,7 @@ export interface GetTensorflowVersionsResult { * }); * ``` */ -export function getTensorflowVersionsOutput(args?: GetTensorflowVersionsOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getTensorflowVersionsOutput(args?: GetTensorflowVersionsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:tpu/getTensorflowVersions:getTensorflowVersions", { diff --git a/sdk/nodejs/tpu/getV2AcceleratorTypes.ts b/sdk/nodejs/tpu/getV2AcceleratorTypes.ts index 2bfdced707..cc55f173d3 100644 --- a/sdk/nodejs/tpu/getV2AcceleratorTypes.ts +++ b/sdk/nodejs/tpu/getV2AcceleratorTypes.ts @@ -100,7 +100,7 @@ export interface GetV2AcceleratorTypesResult { * }); * ``` */ -export function getV2AcceleratorTypesOutput(args?: GetV2AcceleratorTypesOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getV2AcceleratorTypesOutput(args?: GetV2AcceleratorTypesOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:tpu/getV2AcceleratorTypes:getV2AcceleratorTypes", { diff --git a/sdk/nodejs/tpu/getV2RuntimeVersions.ts b/sdk/nodejs/tpu/getV2RuntimeVersions.ts index 90d9d7799c..7b8c0f250d 100644 --- a/sdk/nodejs/tpu/getV2RuntimeVersions.ts +++ b/sdk/nodejs/tpu/getV2RuntimeVersions.ts @@ -96,7 +96,7 @@ export interface GetV2RuntimeVersionsResult { * }); * ``` */ -export function getV2RuntimeVersionsOutput(args?: GetV2RuntimeVersionsOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getV2RuntimeVersionsOutput(args?: GetV2RuntimeVersionsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { args = args || {}; opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:tpu/getV2RuntimeVersions:getV2RuntimeVersions", { diff --git a/sdk/nodejs/vertex/getAiEndpointIamPolicy.ts b/sdk/nodejs/vertex/getAiEndpointIamPolicy.ts index 5e91260b1f..e49a5c4b54 100644 --- a/sdk/nodejs/vertex/getAiEndpointIamPolicy.ts +++ b/sdk/nodejs/vertex/getAiEndpointIamPolicy.ts @@ -55,7 +55,7 @@ export interface GetAiEndpointIamPolicyResult { readonly policyData: string; readonly project: string; } -export function getAiEndpointIamPolicyOutput(args: GetAiEndpointIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAiEndpointIamPolicyOutput(args: GetAiEndpointIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:vertex/getAiEndpointIamPolicy:getAiEndpointIamPolicy", { "endpoint": args.endpoint, diff --git a/sdk/nodejs/vertex/getAiFeaturestoreEntitytypeIamPolicy.ts b/sdk/nodejs/vertex/getAiFeaturestoreEntitytypeIamPolicy.ts index 9ec080a36b..472d7248a0 100644 --- a/sdk/nodejs/vertex/getAiFeaturestoreEntitytypeIamPolicy.ts +++ b/sdk/nodejs/vertex/getAiFeaturestoreEntitytypeIamPolicy.ts @@ -46,7 +46,7 @@ export interface GetAiFeaturestoreEntitytypeIamPolicyResult { */ readonly policyData: string; } -export function getAiFeaturestoreEntitytypeIamPolicyOutput(args: GetAiFeaturestoreEntitytypeIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAiFeaturestoreEntitytypeIamPolicyOutput(args: GetAiFeaturestoreEntitytypeIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:vertex/getAiFeaturestoreEntitytypeIamPolicy:getAiFeaturestoreEntitytypeIamPolicy", { "entitytype": args.entitytype, diff --git a/sdk/nodejs/vertex/getAiFeaturestoreIamPolicy.ts b/sdk/nodejs/vertex/getAiFeaturestoreIamPolicy.ts index 2fcce7e734..312dfd4375 100644 --- a/sdk/nodejs/vertex/getAiFeaturestoreIamPolicy.ts +++ b/sdk/nodejs/vertex/getAiFeaturestoreIamPolicy.ts @@ -55,7 +55,7 @@ export interface GetAiFeaturestoreIamPolicyResult { readonly project: string; readonly region: string; } -export function getAiFeaturestoreIamPolicyOutput(args: GetAiFeaturestoreIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAiFeaturestoreIamPolicyOutput(args: GetAiFeaturestoreIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:vertex/getAiFeaturestoreIamPolicy:getAiFeaturestoreIamPolicy", { "featurestore": args.featurestore, diff --git a/sdk/nodejs/vertex/getAiIndex.ts b/sdk/nodejs/vertex/getAiIndex.ts index badb666415..b5899a80a9 100644 --- a/sdk/nodejs/vertex/getAiIndex.ts +++ b/sdk/nodejs/vertex/getAiIndex.ts @@ -66,7 +66,7 @@ export interface GetAiIndexResult { /** * A representation of a collection of database items organized in a way that allows for approximate nearest neighbor (a.k.a ANN) algorithms search. */ -export function getAiIndexOutput(args: GetAiIndexOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getAiIndexOutput(args: GetAiIndexOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:vertex/getAiIndex:getAiIndex", { "name": args.name, diff --git a/sdk/nodejs/vmwareengine/getCluster.ts b/sdk/nodejs/vmwareengine/getCluster.ts index 8b65c387f9..216d66536d 100644 --- a/sdk/nodejs/vmwareengine/getCluster.ts +++ b/sdk/nodejs/vmwareengine/getCluster.ts @@ -80,7 +80,7 @@ export interface GetClusterResult { * }); * ``` */ -export function getClusterOutput(args: GetClusterOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getClusterOutput(args: GetClusterOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:vmwareengine/getCluster:getCluster", { "name": args.name, diff --git a/sdk/nodejs/vmwareengine/getExternalAccessRule.ts b/sdk/nodejs/vmwareengine/getExternalAccessRule.ts index 815bf3d98c..6f711478ef 100644 --- a/sdk/nodejs/vmwareengine/getExternalAccessRule.ts +++ b/sdk/nodejs/vmwareengine/getExternalAccessRule.ts @@ -87,7 +87,7 @@ export interface GetExternalAccessRuleResult { * }); * ``` */ -export function getExternalAccessRuleOutput(args: GetExternalAccessRuleOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getExternalAccessRuleOutput(args: GetExternalAccessRuleOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:vmwareengine/getExternalAccessRule:getExternalAccessRule", { "name": args.name, diff --git a/sdk/nodejs/vmwareengine/getExternalAddress.ts b/sdk/nodejs/vmwareengine/getExternalAddress.ts index 69fa3547e4..6d548bac4f 100644 --- a/sdk/nodejs/vmwareengine/getExternalAddress.ts +++ b/sdk/nodejs/vmwareengine/getExternalAddress.ts @@ -80,7 +80,7 @@ export interface GetExternalAddressResult { * }); * ``` */ -export function getExternalAddressOutput(args: GetExternalAddressOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getExternalAddressOutput(args: GetExternalAddressOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:vmwareengine/getExternalAddress:getExternalAddress", { "name": args.name, diff --git a/sdk/nodejs/vmwareengine/getNetwork.ts b/sdk/nodejs/vmwareengine/getNetwork.ts index ce5a313dc8..c5b8024028 100644 --- a/sdk/nodejs/vmwareengine/getNetwork.ts +++ b/sdk/nodejs/vmwareengine/getNetwork.ts @@ -88,7 +88,7 @@ export interface GetNetworkResult { * }); * ``` */ -export function getNetworkOutput(args: GetNetworkOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getNetworkOutput(args: GetNetworkOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:vmwareengine/getNetwork:getNetwork", { "location": args.location, diff --git a/sdk/nodejs/vmwareengine/getNetworkPeering.ts b/sdk/nodejs/vmwareengine/getNetworkPeering.ts index 985cccd10a..0bfbad43ac 100644 --- a/sdk/nodejs/vmwareengine/getNetworkPeering.ts +++ b/sdk/nodejs/vmwareengine/getNetworkPeering.ts @@ -82,7 +82,7 @@ export interface GetNetworkPeeringResult { * }); * ``` */ -export function getNetworkPeeringOutput(args: GetNetworkPeeringOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getNetworkPeeringOutput(args: GetNetworkPeeringOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:vmwareengine/getNetworkPeering:getNetworkPeering", { "name": args.name, diff --git a/sdk/nodejs/vmwareengine/getNetworkPolicy.ts b/sdk/nodejs/vmwareengine/getNetworkPolicy.ts index 0475a15822..06cb30a629 100644 --- a/sdk/nodejs/vmwareengine/getNetworkPolicy.ts +++ b/sdk/nodejs/vmwareengine/getNetworkPolicy.ts @@ -87,7 +87,7 @@ export interface GetNetworkPolicyResult { * }); * ``` */ -export function getNetworkPolicyOutput(args: GetNetworkPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getNetworkPolicyOutput(args: GetNetworkPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:vmwareengine/getNetworkPolicy:getNetworkPolicy", { "location": args.location, diff --git a/sdk/nodejs/vmwareengine/getNsxCredentials.ts b/sdk/nodejs/vmwareengine/getNsxCredentials.ts index ae88028b13..3f33adb7f7 100644 --- a/sdk/nodejs/vmwareengine/getNsxCredentials.ts +++ b/sdk/nodejs/vmwareengine/getNsxCredentials.ts @@ -73,7 +73,7 @@ export interface GetNsxCredentialsResult { * }); * ``` */ -export function getNsxCredentialsOutput(args: GetNsxCredentialsOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getNsxCredentialsOutput(args: GetNsxCredentialsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:vmwareengine/getNsxCredentials:getNsxCredentials", { "parent": args.parent, diff --git a/sdk/nodejs/vmwareengine/getPrivateCloud.ts b/sdk/nodejs/vmwareengine/getPrivateCloud.ts index 568e5a4272..bfcd4cc054 100644 --- a/sdk/nodejs/vmwareengine/getPrivateCloud.ts +++ b/sdk/nodejs/vmwareengine/getPrivateCloud.ts @@ -95,7 +95,7 @@ export interface GetPrivateCloudResult { * }); * ``` */ -export function getPrivateCloudOutput(args: GetPrivateCloudOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getPrivateCloudOutput(args: GetPrivateCloudOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:vmwareengine/getPrivateCloud:getPrivateCloud", { "location": args.location, diff --git a/sdk/nodejs/vmwareengine/getSubnet.ts b/sdk/nodejs/vmwareengine/getSubnet.ts index 13ef661c0a..3bff098521 100644 --- a/sdk/nodejs/vmwareengine/getSubnet.ts +++ b/sdk/nodejs/vmwareengine/getSubnet.ts @@ -88,7 +88,7 @@ export interface GetSubnetResult { * }); * ``` */ -export function getSubnetOutput(args: GetSubnetOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getSubnetOutput(args: GetSubnetOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:vmwareengine/getSubnet:getSubnet", { "name": args.name, diff --git a/sdk/nodejs/vmwareengine/getVcenterCredentials.ts b/sdk/nodejs/vmwareengine/getVcenterCredentials.ts index a103562e74..e1a7383652 100644 --- a/sdk/nodejs/vmwareengine/getVcenterCredentials.ts +++ b/sdk/nodejs/vmwareengine/getVcenterCredentials.ts @@ -73,7 +73,7 @@ export interface GetVcenterCredentialsResult { * }); * ``` */ -export function getVcenterCredentialsOutput(args: GetVcenterCredentialsOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getVcenterCredentialsOutput(args: GetVcenterCredentialsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:vmwareengine/getVcenterCredentials:getVcenterCredentials", { "parent": args.parent, diff --git a/sdk/nodejs/vpcaccess/getConnector.ts b/sdk/nodejs/vpcaccess/getConnector.ts index ee9ee0ff88..8c645c4131 100644 --- a/sdk/nodejs/vpcaccess/getConnector.ts +++ b/sdk/nodejs/vpcaccess/getConnector.ts @@ -116,7 +116,7 @@ export interface GetConnectorResult { * }); * ``` */ -export function getConnectorOutput(args: GetConnectorOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getConnectorOutput(args: GetConnectorOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:vpcaccess/getConnector:getConnector", { "name": args.name, diff --git a/sdk/nodejs/workbench/getInstanceIamPolicy.ts b/sdk/nodejs/workbench/getInstanceIamPolicy.ts index a36bd0f374..6093d6ec31 100644 --- a/sdk/nodejs/workbench/getInstanceIamPolicy.ts +++ b/sdk/nodejs/workbench/getInstanceIamPolicy.ts @@ -87,7 +87,7 @@ export interface GetInstanceIamPolicyResult { * }); * ``` */ -export function getInstanceIamPolicyOutput(args: GetInstanceIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getInstanceIamPolicyOutput(args: GetInstanceIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:workbench/getInstanceIamPolicy:getInstanceIamPolicy", { "location": args.location, diff --git a/sdk/nodejs/workstations/getWorkstationConfigIamPolicy.ts b/sdk/nodejs/workstations/getWorkstationConfigIamPolicy.ts index db77a24a8c..6b05d8a8ae 100644 --- a/sdk/nodejs/workstations/getWorkstationConfigIamPolicy.ts +++ b/sdk/nodejs/workstations/getWorkstationConfigIamPolicy.ts @@ -56,7 +56,7 @@ export interface GetWorkstationConfigIamPolicyResult { readonly workstationClusterId: string; readonly workstationConfigId: string; } -export function getWorkstationConfigIamPolicyOutput(args: GetWorkstationConfigIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getWorkstationConfigIamPolicyOutput(args: GetWorkstationConfigIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:workstations/getWorkstationConfigIamPolicy:getWorkstationConfigIamPolicy", { "location": args.location, diff --git a/sdk/nodejs/workstations/getWorkstationIamPolicy.ts b/sdk/nodejs/workstations/getWorkstationIamPolicy.ts index 2366ab6383..1e1d8cb7c5 100644 --- a/sdk/nodejs/workstations/getWorkstationIamPolicy.ts +++ b/sdk/nodejs/workstations/getWorkstationIamPolicy.ts @@ -59,7 +59,7 @@ export interface GetWorkstationIamPolicyResult { readonly workstationConfigId: string; readonly workstationId: string; } -export function getWorkstationIamPolicyOutput(args: GetWorkstationIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { +export function getWorkstationIamPolicyOutput(args: GetWorkstationIamPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:workstations/getWorkstationIamPolicy:getWorkstationIamPolicy", { "location": args.location, diff --git a/sdk/python/pulumi_gcp/accessapproval/get_folder_service_account.py b/sdk/python/pulumi_gcp/accessapproval/get_folder_service_account.py index c9ab3f2c35..5993bc98d1 100644 --- a/sdk/python/pulumi_gcp/accessapproval/get_folder_service_account.py +++ b/sdk/python/pulumi_gcp/accessapproval/get_folder_service_account.py @@ -121,7 +121,7 @@ def get_folder_service_account(folder_id: Optional[str] = None, id=pulumi.get(__ret__, 'id'), name=pulumi.get(__ret__, 'name')) def get_folder_service_account_output(folder_id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetFolderServiceAccountResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetFolderServiceAccountResult]: """ Get the email address of a folder's Access Approval service account. @@ -149,7 +149,7 @@ def get_folder_service_account_output(folder_id: Optional[pulumi.Input[str]] = N """ __args__ = dict() __args__['folderId'] = folder_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:accessapproval/getFolderServiceAccount:getFolderServiceAccount', __args__, opts=opts, typ=GetFolderServiceAccountResult) return __ret__.apply(lambda __response__: GetFolderServiceAccountResult( account_email=pulumi.get(__response__, 'account_email'), diff --git a/sdk/python/pulumi_gcp/accessapproval/get_organization_service_account.py b/sdk/python/pulumi_gcp/accessapproval/get_organization_service_account.py index 980a7d302c..988633866d 100644 --- a/sdk/python/pulumi_gcp/accessapproval/get_organization_service_account.py +++ b/sdk/python/pulumi_gcp/accessapproval/get_organization_service_account.py @@ -121,7 +121,7 @@ def get_organization_service_account(organization_id: Optional[str] = None, name=pulumi.get(__ret__, 'name'), organization_id=pulumi.get(__ret__, 'organization_id')) def get_organization_service_account_output(organization_id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetOrganizationServiceAccountResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetOrganizationServiceAccountResult]: """ Get the email address of an organization's Access Approval service account. @@ -149,7 +149,7 @@ def get_organization_service_account_output(organization_id: Optional[pulumi.Inp """ __args__ = dict() __args__['organizationId'] = organization_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:accessapproval/getOrganizationServiceAccount:getOrganizationServiceAccount', __args__, opts=opts, typ=GetOrganizationServiceAccountResult) return __ret__.apply(lambda __response__: GetOrganizationServiceAccountResult( account_email=pulumi.get(__response__, 'account_email'), diff --git a/sdk/python/pulumi_gcp/accessapproval/get_project_service_account.py b/sdk/python/pulumi_gcp/accessapproval/get_project_service_account.py index 47f4e923c4..083f7148f5 100644 --- a/sdk/python/pulumi_gcp/accessapproval/get_project_service_account.py +++ b/sdk/python/pulumi_gcp/accessapproval/get_project_service_account.py @@ -121,7 +121,7 @@ def get_project_service_account(project_id: Optional[str] = None, name=pulumi.get(__ret__, 'name'), project_id=pulumi.get(__ret__, 'project_id')) def get_project_service_account_output(project_id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetProjectServiceAccountResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetProjectServiceAccountResult]: """ Get the email address of a project's Access Approval service account. @@ -149,7 +149,7 @@ def get_project_service_account_output(project_id: Optional[pulumi.Input[str]] = """ __args__ = dict() __args__['projectId'] = project_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:accessapproval/getProjectServiceAccount:getProjectServiceAccount', __args__, opts=opts, typ=GetProjectServiceAccountResult) return __ret__.apply(lambda __response__: GetProjectServiceAccountResult( account_email=pulumi.get(__response__, 'account_email'), diff --git a/sdk/python/pulumi_gcp/accesscontextmanager/get_access_policy.py b/sdk/python/pulumi_gcp/accesscontextmanager/get_access_policy.py index 436416953c..aa80983c5e 100644 --- a/sdk/python/pulumi_gcp/accesscontextmanager/get_access_policy.py +++ b/sdk/python/pulumi_gcp/accesscontextmanager/get_access_policy.py @@ -126,7 +126,7 @@ def get_access_policy(parent: Optional[str] = None, title=pulumi.get(__ret__, 'title')) def get_access_policy_output(parent: Optional[pulumi.Input[str]] = None, scopes: Optional[pulumi.Input[Optional[Sequence[str]]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAccessPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAccessPolicyResult]: """ Get information about an Access Context Manager AccessPolicy. @@ -148,7 +148,7 @@ def get_access_policy_output(parent: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['parent'] = parent __args__['scopes'] = scopes - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:accesscontextmanager/getAccessPolicy:getAccessPolicy', __args__, opts=opts, typ=GetAccessPolicyResult) return __ret__.apply(lambda __response__: GetAccessPolicyResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/accesscontextmanager/get_access_policy_iam_policy.py b/sdk/python/pulumi_gcp/accesscontextmanager/get_access_policy_iam_policy.py index ba2ddac77a..797ab7ad68 100644 --- a/sdk/python/pulumi_gcp/accesscontextmanager/get_access_policy_iam_policy.py +++ b/sdk/python/pulumi_gcp/accesscontextmanager/get_access_policy_iam_policy.py @@ -111,7 +111,7 @@ def get_access_policy_iam_policy(name: Optional[str] = None, name=pulumi.get(__ret__, 'name'), policy_data=pulumi.get(__ret__, 'policy_data')) def get_access_policy_iam_policy_output(name: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAccessPolicyIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAccessPolicyIamPolicyResult]: """ Retrieves the current IAM policy data for accesspolicy @@ -129,7 +129,7 @@ def get_access_policy_iam_policy_output(name: Optional[pulumi.Input[str]] = None """ __args__ = dict() __args__['name'] = name - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:accesscontextmanager/getAccessPolicyIamPolicy:getAccessPolicyIamPolicy', __args__, opts=opts, typ=GetAccessPolicyIamPolicyResult) return __ret__.apply(lambda __response__: GetAccessPolicyIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/alloydb/get_locations.py b/sdk/python/pulumi_gcp/alloydb/get_locations.py index 683648b28d..f4d3e82079 100644 --- a/sdk/python/pulumi_gcp/alloydb/get_locations.py +++ b/sdk/python/pulumi_gcp/alloydb/get_locations.py @@ -98,7 +98,7 @@ def get_locations(project: Optional[str] = None, locations=pulumi.get(__ret__, 'locations'), project=pulumi.get(__ret__, 'project')) def get_locations_output(project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetLocationsResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetLocationsResult]: """ Use this data source to get information about the available locations. For more details refer the [API docs](https://cloud.google.com/alloydb/docs/reference/rest/v1/projects.locations). @@ -116,7 +116,7 @@ def get_locations_output(project: Optional[pulumi.Input[Optional[str]]] = None, """ __args__ = dict() __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:alloydb/getLocations:getLocations', __args__, opts=opts, typ=GetLocationsResult) return __ret__.apply(lambda __response__: GetLocationsResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/alloydb/get_supported_database_flags.py b/sdk/python/pulumi_gcp/alloydb/get_supported_database_flags.py index b073f3c702..ade093b7cc 100644 --- a/sdk/python/pulumi_gcp/alloydb/get_supported_database_flags.py +++ b/sdk/python/pulumi_gcp/alloydb/get_supported_database_flags.py @@ -112,7 +112,7 @@ def get_supported_database_flags(location: Optional[str] = None, supported_database_flags=pulumi.get(__ret__, 'supported_database_flags')) def get_supported_database_flags_output(location: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetSupportedDatabaseFlagsResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetSupportedDatabaseFlagsResult]: """ Use this data source to get information about the supported alloydb database flags in a location. @@ -132,7 +132,7 @@ def get_supported_database_flags_output(location: Optional[pulumi.Input[str]] = __args__ = dict() __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:alloydb/getSupportedDatabaseFlags:getSupportedDatabaseFlags', __args__, opts=opts, typ=GetSupportedDatabaseFlagsResult) return __ret__.apply(lambda __response__: GetSupportedDatabaseFlagsResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/apigateway/get_api_config_iam_policy.py b/sdk/python/pulumi_gcp/apigateway/get_api_config_iam_policy.py index 071ab91b4f..59b3fc7718 100644 --- a/sdk/python/pulumi_gcp/apigateway/get_api_config_iam_policy.py +++ b/sdk/python/pulumi_gcp/apigateway/get_api_config_iam_policy.py @@ -130,7 +130,7 @@ def get_api_config_iam_policy(api: Optional[str] = None, def get_api_config_iam_policy_output(api: Optional[pulumi.Input[str]] = None, api_config: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetApiConfigIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetApiConfigIamPolicyResult]: """ Use this data source to access information about an existing resource. @@ -143,7 +143,7 @@ def get_api_config_iam_policy_output(api: Optional[pulumi.Input[str]] = None, __args__['api'] = api __args__['apiConfig'] = api_config __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:apigateway/getApiConfigIamPolicy:getApiConfigIamPolicy', __args__, opts=opts, typ=GetApiConfigIamPolicyResult) return __ret__.apply(lambda __response__: GetApiConfigIamPolicyResult( api=pulumi.get(__response__, 'api'), diff --git a/sdk/python/pulumi_gcp/apigateway/get_api_iam_policy.py b/sdk/python/pulumi_gcp/apigateway/get_api_iam_policy.py index 3491331d39..4409de64eb 100644 --- a/sdk/python/pulumi_gcp/apigateway/get_api_iam_policy.py +++ b/sdk/python/pulumi_gcp/apigateway/get_api_iam_policy.py @@ -115,7 +115,7 @@ def get_api_iam_policy(api: Optional[str] = None, project=pulumi.get(__ret__, 'project')) def get_api_iam_policy_output(api: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetApiIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetApiIamPolicyResult]: """ Use this data source to access information about an existing resource. @@ -125,7 +125,7 @@ def get_api_iam_policy_output(api: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['api'] = api __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:apigateway/getApiIamPolicy:getApiIamPolicy', __args__, opts=opts, typ=GetApiIamPolicyResult) return __ret__.apply(lambda __response__: GetApiIamPolicyResult( api=pulumi.get(__response__, 'api'), diff --git a/sdk/python/pulumi_gcp/apigateway/get_gateway_iam_policy.py b/sdk/python/pulumi_gcp/apigateway/get_gateway_iam_policy.py index daf430e315..6f62ed9b6a 100644 --- a/sdk/python/pulumi_gcp/apigateway/get_gateway_iam_policy.py +++ b/sdk/python/pulumi_gcp/apigateway/get_gateway_iam_policy.py @@ -132,7 +132,7 @@ def get_gateway_iam_policy(gateway: Optional[str] = None, def get_gateway_iam_policy_output(gateway: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetGatewayIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetGatewayIamPolicyResult]: """ Use this data source to access information about an existing resource. @@ -147,7 +147,7 @@ def get_gateway_iam_policy_output(gateway: Optional[pulumi.Input[str]] = None, __args__['gateway'] = gateway __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:apigateway/getGatewayIamPolicy:getGatewayIamPolicy', __args__, opts=opts, typ=GetGatewayIamPolicyResult) return __ret__.apply(lambda __response__: GetGatewayIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/apigee/get_environment_iam_policy.py b/sdk/python/pulumi_gcp/apigee/get_environment_iam_policy.py index ffcb392934..fdacd179fe 100644 --- a/sdk/python/pulumi_gcp/apigee/get_environment_iam_policy.py +++ b/sdk/python/pulumi_gcp/apigee/get_environment_iam_policy.py @@ -125,7 +125,7 @@ def get_environment_iam_policy(env_id: Optional[str] = None, policy_data=pulumi.get(__ret__, 'policy_data')) def get_environment_iam_policy_output(env_id: Optional[pulumi.Input[str]] = None, org_id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetEnvironmentIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetEnvironmentIamPolicyResult]: """ Retrieves the current IAM policy data for environment @@ -145,7 +145,7 @@ def get_environment_iam_policy_output(env_id: Optional[pulumi.Input[str]] = None __args__ = dict() __args__['envId'] = env_id __args__['orgId'] = org_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:apigee/getEnvironmentIamPolicy:getEnvironmentIamPolicy', __args__, opts=opts, typ=GetEnvironmentIamPolicyResult) return __ret__.apply(lambda __response__: GetEnvironmentIamPolicyResult( env_id=pulumi.get(__response__, 'env_id'), diff --git a/sdk/python/pulumi_gcp/appengine/get_default_service_account.py b/sdk/python/pulumi_gcp/appengine/get_default_service_account.py index c5145f118b..0574394874 100644 --- a/sdk/python/pulumi_gcp/appengine/get_default_service_account.py +++ b/sdk/python/pulumi_gcp/appengine/get_default_service_account.py @@ -150,7 +150,7 @@ def get_default_service_account(project: Optional[str] = None, project=pulumi.get(__ret__, 'project'), unique_id=pulumi.get(__ret__, 'unique_id')) def get_default_service_account_output(project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetDefaultServiceAccountResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetDefaultServiceAccountResult]: """ Use this data source to retrieve the default App Engine service account for the specified project. @@ -169,7 +169,7 @@ def get_default_service_account_output(project: Optional[pulumi.Input[Optional[s """ __args__ = dict() __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:appengine/getDefaultServiceAccount:getDefaultServiceAccount', __args__, opts=opts, typ=GetDefaultServiceAccountResult) return __ret__.apply(lambda __response__: GetDefaultServiceAccountResult( display_name=pulumi.get(__response__, 'display_name'), diff --git a/sdk/python/pulumi_gcp/apphub/get_application.py b/sdk/python/pulumi_gcp/apphub/get_application.py index ee7224e9f1..59c14d1833 100644 --- a/sdk/python/pulumi_gcp/apphub/get_application.py +++ b/sdk/python/pulumi_gcp/apphub/get_application.py @@ -200,7 +200,7 @@ def get_application(application_id: Optional[str] = None, def get_application_output(application_id: Optional[pulumi.Input[str]] = None, location: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetApplicationResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetApplicationResult]: """ Application is a functional grouping of Services and Workloads that helps achieve a desired end-to-end business functionality. Services and Workloads are owned by the Application. @@ -219,7 +219,7 @@ def get_application_output(application_id: Optional[pulumi.Input[str]] = None, __args__['applicationId'] = application_id __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:apphub/getApplication:getApplication', __args__, opts=opts, typ=GetApplicationResult) return __ret__.apply(lambda __response__: GetApplicationResult( application_id=pulumi.get(__response__, 'application_id'), diff --git a/sdk/python/pulumi_gcp/apphub/get_discovered_service.py b/sdk/python/pulumi_gcp/apphub/get_discovered_service.py index 48bb463ab8..6fe4b16ae2 100644 --- a/sdk/python/pulumi_gcp/apphub/get_discovered_service.py +++ b/sdk/python/pulumi_gcp/apphub/get_discovered_service.py @@ -156,7 +156,7 @@ def get_discovered_service(location: Optional[str] = None, def get_discovered_service_output(location: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, service_uri: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetDiscoveredServiceResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetDiscoveredServiceResult]: """ Get information about a discovered service from its uri. @@ -179,7 +179,7 @@ def get_discovered_service_output(location: Optional[pulumi.Input[str]] = None, __args__['location'] = location __args__['project'] = project __args__['serviceUri'] = service_uri - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:apphub/getDiscoveredService:getDiscoveredService', __args__, opts=opts, typ=GetDiscoveredServiceResult) return __ret__.apply(lambda __response__: GetDiscoveredServiceResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/apphub/get_discovered_workload.py b/sdk/python/pulumi_gcp/apphub/get_discovered_workload.py index fef1bc7365..33a214e538 100644 --- a/sdk/python/pulumi_gcp/apphub/get_discovered_workload.py +++ b/sdk/python/pulumi_gcp/apphub/get_discovered_workload.py @@ -156,7 +156,7 @@ def get_discovered_workload(location: Optional[str] = None, def get_discovered_workload_output(location: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, workload_uri: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetDiscoveredWorkloadResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetDiscoveredWorkloadResult]: """ Get information about a discovered workload from its uri. @@ -179,7 +179,7 @@ def get_discovered_workload_output(location: Optional[pulumi.Input[str]] = None, __args__['location'] = location __args__['project'] = project __args__['workloadUri'] = workload_uri - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:apphub/getDiscoveredWorkload:getDiscoveredWorkload', __args__, opts=opts, typ=GetDiscoveredWorkloadResult) return __ret__.apply(lambda __response__: GetDiscoveredWorkloadResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/artifactregistry/get_docker_image.py b/sdk/python/pulumi_gcp/artifactregistry/get_docker_image.py index 3a9653a249..da95ebeb6d 100644 --- a/sdk/python/pulumi_gcp/artifactregistry/get_docker_image.py +++ b/sdk/python/pulumi_gcp/artifactregistry/get_docker_image.py @@ -250,7 +250,7 @@ def get_docker_image_output(image_name: Optional[pulumi.Input[str]] = None, location: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, repository_id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetDockerImageResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetDockerImageResult]: """ This data source fetches information from a provided Artifact Registry repository, including the fully qualified name and URI for an image, based on a the latest version of image name and optional digest or tag. @@ -288,7 +288,7 @@ def get_docker_image_output(image_name: Optional[pulumi.Input[str]] = None, __args__['location'] = location __args__['project'] = project __args__['repositoryId'] = repository_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:artifactregistry/getDockerImage:getDockerImage', __args__, opts=opts, typ=GetDockerImageResult) return __ret__.apply(lambda __response__: GetDockerImageResult( build_time=pulumi.get(__response__, 'build_time'), diff --git a/sdk/python/pulumi_gcp/artifactregistry/get_locations.py b/sdk/python/pulumi_gcp/artifactregistry/get_locations.py index 77fb2d289a..5b8d6bfd39 100644 --- a/sdk/python/pulumi_gcp/artifactregistry/get_locations.py +++ b/sdk/python/pulumi_gcp/artifactregistry/get_locations.py @@ -121,7 +121,7 @@ def get_locations(project: Optional[str] = None, locations=pulumi.get(__ret__, 'locations'), project=pulumi.get(__ret__, 'project')) def get_locations_output(project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetLocationsResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetLocationsResult]: """ Get Artifact Registry locations available for a project. @@ -163,7 +163,7 @@ def get_locations_output(project: Optional[pulumi.Input[Optional[str]]] = None, """ __args__ = dict() __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:artifactregistry/getLocations:getLocations', __args__, opts=opts, typ=GetLocationsResult) return __ret__.apply(lambda __response__: GetLocationsResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/artifactregistry/get_repository.py b/sdk/python/pulumi_gcp/artifactregistry/get_repository.py index 37ae71388a..d170cf011d 100644 --- a/sdk/python/pulumi_gcp/artifactregistry/get_repository.py +++ b/sdk/python/pulumi_gcp/artifactregistry/get_repository.py @@ -279,7 +279,7 @@ def get_repository(location: Optional[str] = None, def get_repository_output(location: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, repository_id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRepositoryResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetRepositoryResult]: """ Get information about a Google Artifact Registry Repository. For more information see the [official documentation](https://cloud.google.com/artifact-registry/docs/) @@ -307,7 +307,7 @@ def get_repository_output(location: Optional[pulumi.Input[str]] = None, __args__['location'] = location __args__['project'] = project __args__['repositoryId'] = repository_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:artifactregistry/getRepository:getRepository', __args__, opts=opts, typ=GetRepositoryResult) return __ret__.apply(lambda __response__: GetRepositoryResult( cleanup_policies=pulumi.get(__response__, 'cleanup_policies'), diff --git a/sdk/python/pulumi_gcp/artifactregistry/get_repository_iam_policy.py b/sdk/python/pulumi_gcp/artifactregistry/get_repository_iam_policy.py index c193d345c1..ba1faa9598 100644 --- a/sdk/python/pulumi_gcp/artifactregistry/get_repository_iam_policy.py +++ b/sdk/python/pulumi_gcp/artifactregistry/get_repository_iam_policy.py @@ -145,7 +145,7 @@ def get_repository_iam_policy(location: Optional[str] = None, def get_repository_iam_policy_output(location: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, repository: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRepositoryIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetRepositoryIamPolicyResult]: """ Retrieves the current IAM policy data for repository @@ -173,7 +173,7 @@ def get_repository_iam_policy_output(location: Optional[pulumi.Input[Optional[st __args__['location'] = location __args__['project'] = project __args__['repository'] = repository - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:artifactregistry/getRepositoryIamPolicy:getRepositoryIamPolicy', __args__, opts=opts, typ=GetRepositoryIamPolicyResult) return __ret__.apply(lambda __response__: GetRepositoryIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/backupdisasterrecovery/get_backup_plan.py b/sdk/python/pulumi_gcp/backupdisasterrecovery/get_backup_plan.py index 87889079b2..a3e91dee04 100644 --- a/sdk/python/pulumi_gcp/backupdisasterrecovery/get_backup_plan.py +++ b/sdk/python/pulumi_gcp/backupdisasterrecovery/get_backup_plan.py @@ -179,7 +179,7 @@ def get_backup_plan(backup_plan_id: Optional[str] = None, def get_backup_plan_output(backup_plan_id: Optional[pulumi.Input[str]] = None, location: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetBackupPlanResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetBackupPlanResult]: """ Use this data source to access information about an existing resource. """ @@ -187,7 +187,7 @@ def get_backup_plan_output(backup_plan_id: Optional[pulumi.Input[str]] = None, __args__['backupPlanId'] = backup_plan_id __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:backupdisasterrecovery/getBackupPlan:getBackupPlan', __args__, opts=opts, typ=GetBackupPlanResult) return __ret__.apply(lambda __response__: GetBackupPlanResult( backup_plan_id=pulumi.get(__response__, 'backup_plan_id'), diff --git a/sdk/python/pulumi_gcp/backupdisasterrecovery/get_backup_plan_association.py b/sdk/python/pulumi_gcp/backupdisasterrecovery/get_backup_plan_association.py index 8175d9de27..f86b007d99 100644 --- a/sdk/python/pulumi_gcp/backupdisasterrecovery/get_backup_plan_association.py +++ b/sdk/python/pulumi_gcp/backupdisasterrecovery/get_backup_plan_association.py @@ -203,7 +203,7 @@ def get_backup_plan_association(backup_plan_association_id: Optional[str] = None def get_backup_plan_association_output(backup_plan_association_id: Optional[pulumi.Input[str]] = None, location: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetBackupPlanAssociationResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetBackupPlanAssociationResult]: """ ## Example Usage @@ -225,7 +225,7 @@ def get_backup_plan_association_output(backup_plan_association_id: Optional[pulu __args__['backupPlanAssociationId'] = backup_plan_association_id __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:backupdisasterrecovery/getBackupPlanAssociation:getBackupPlanAssociation', __args__, opts=opts, typ=GetBackupPlanAssociationResult) return __ret__.apply(lambda __response__: GetBackupPlanAssociationResult( backup_plan=pulumi.get(__response__, 'backup_plan'), diff --git a/sdk/python/pulumi_gcp/backupdisasterrecovery/get_data_source.py b/sdk/python/pulumi_gcp/backupdisasterrecovery/get_data_source.py index a6abab9463..af7a70c7ca 100644 --- a/sdk/python/pulumi_gcp/backupdisasterrecovery/get_data_source.py +++ b/sdk/python/pulumi_gcp/backupdisasterrecovery/get_data_source.py @@ -232,7 +232,7 @@ def get_data_source_output(backup_vault_id: Optional[pulumi.Input[str]] = None, data_source_id: Optional[pulumi.Input[str]] = None, location: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetDataSourceResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetDataSourceResult]: """ Use this data source to access information about an existing resource. """ @@ -241,7 +241,7 @@ def get_data_source_output(backup_vault_id: Optional[pulumi.Input[str]] = None, __args__['dataSourceId'] = data_source_id __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:backupdisasterrecovery/getDataSource:getDataSource', __args__, opts=opts, typ=GetDataSourceResult) return __ret__.apply(lambda __response__: GetDataSourceResult( backup_config_infos=pulumi.get(__response__, 'backup_config_infos'), diff --git a/sdk/python/pulumi_gcp/backupdisasterrecovery/get_management_server.py b/sdk/python/pulumi_gcp/backupdisasterrecovery/get_management_server.py index c1b7ac407c..87613f55bc 100644 --- a/sdk/python/pulumi_gcp/backupdisasterrecovery/get_management_server.py +++ b/sdk/python/pulumi_gcp/backupdisasterrecovery/get_management_server.py @@ -140,7 +140,7 @@ def get_management_server(location: Optional[str] = None, project=pulumi.get(__ret__, 'project'), type=pulumi.get(__ret__, 'type')) def get_management_server_output(location: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetManagementServerResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetManagementServerResult]: """ ## Example Usage @@ -153,7 +153,7 @@ def get_management_server_output(location: Optional[pulumi.Input[str]] = None, """ __args__ = dict() __args__['location'] = location - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:backupdisasterrecovery/getManagementServer:getManagementServer', __args__, opts=opts, typ=GetManagementServerResult) return __ret__.apply(lambda __response__: GetManagementServerResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/beyondcorp/get_app_connection.py b/sdk/python/pulumi_gcp/beyondcorp/get_app_connection.py index 5b42aa8dd9..8b9dc210db 100644 --- a/sdk/python/pulumi_gcp/beyondcorp/get_app_connection.py +++ b/sdk/python/pulumi_gcp/beyondcorp/get_app_connection.py @@ -197,7 +197,7 @@ def get_app_connection(name: Optional[str] = None, def get_app_connection_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAppConnectionResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAppConnectionResult]: """ Get information about a Google BeyondCorp App Connection. @@ -223,7 +223,7 @@ def get_app_connection_output(name: Optional[pulumi.Input[str]] = None, __args__['name'] = name __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:beyondcorp/getAppConnection:getAppConnection', __args__, opts=opts, typ=GetAppConnectionResult) return __ret__.apply(lambda __response__: GetAppConnectionResult( application_endpoints=pulumi.get(__response__, 'application_endpoints'), diff --git a/sdk/python/pulumi_gcp/beyondcorp/get_app_connector.py b/sdk/python/pulumi_gcp/beyondcorp/get_app_connector.py index d99da69aba..a6a62bea3e 100644 --- a/sdk/python/pulumi_gcp/beyondcorp/get_app_connector.py +++ b/sdk/python/pulumi_gcp/beyondcorp/get_app_connector.py @@ -177,7 +177,7 @@ def get_app_connector(name: Optional[str] = None, def get_app_connector_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAppConnectorResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAppConnectorResult]: """ Get information about a Google BeyondCorp App Connector. @@ -203,7 +203,7 @@ def get_app_connector_output(name: Optional[pulumi.Input[str]] = None, __args__['name'] = name __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:beyondcorp/getAppConnector:getAppConnector', __args__, opts=opts, typ=GetAppConnectorResult) return __ret__.apply(lambda __response__: GetAppConnectorResult( display_name=pulumi.get(__response__, 'display_name'), diff --git a/sdk/python/pulumi_gcp/beyondcorp/get_app_gateway.py b/sdk/python/pulumi_gcp/beyondcorp/get_app_gateway.py index 6ffa5bd793..bd13e3e88b 100644 --- a/sdk/python/pulumi_gcp/beyondcorp/get_app_gateway.py +++ b/sdk/python/pulumi_gcp/beyondcorp/get_app_gateway.py @@ -207,7 +207,7 @@ def get_app_gateway(name: Optional[str] = None, def get_app_gateway_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAppGatewayResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAppGatewayResult]: """ Get information about a Google BeyondCorp App Gateway. @@ -233,7 +233,7 @@ def get_app_gateway_output(name: Optional[pulumi.Input[str]] = None, __args__['name'] = name __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:beyondcorp/getAppGateway:getAppGateway', __args__, opts=opts, typ=GetAppGatewayResult) return __ret__.apply(lambda __response__: GetAppGatewayResult( allocated_connections=pulumi.get(__response__, 'allocated_connections'), diff --git a/sdk/python/pulumi_gcp/bigquery/get_connection_iam_policy.py b/sdk/python/pulumi_gcp/bigquery/get_connection_iam_policy.py index 7419f5da6a..68d86fec55 100644 --- a/sdk/python/pulumi_gcp/bigquery/get_connection_iam_policy.py +++ b/sdk/python/pulumi_gcp/bigquery/get_connection_iam_policy.py @@ -151,7 +151,7 @@ def get_connection_iam_policy(connection_id: Optional[str] = None, def get_connection_iam_policy_output(connection_id: Optional[pulumi.Input[str]] = None, location: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetConnectionIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetConnectionIamPolicyResult]: """ Retrieves the current IAM policy data for connection @@ -185,7 +185,7 @@ def get_connection_iam_policy_output(connection_id: Optional[pulumi.Input[str]] __args__['connectionId'] = connection_id __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:bigquery/getConnectionIamPolicy:getConnectionIamPolicy', __args__, opts=opts, typ=GetConnectionIamPolicyResult) return __ret__.apply(lambda __response__: GetConnectionIamPolicyResult( connection_id=pulumi.get(__response__, 'connection_id'), diff --git a/sdk/python/pulumi_gcp/bigquery/get_dataset.py b/sdk/python/pulumi_gcp/bigquery/get_dataset.py index 67acf8a5e6..932f16e0ff 100644 --- a/sdk/python/pulumi_gcp/bigquery/get_dataset.py +++ b/sdk/python/pulumi_gcp/bigquery/get_dataset.py @@ -323,7 +323,7 @@ def get_dataset(dataset_id: Optional[str] = None, storage_billing_model=pulumi.get(__ret__, 'storage_billing_model')) def get_dataset_output(dataset_id: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetDatasetResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetDatasetResult]: """ Get information about a BigQuery dataset. For more information see the [official documentation](https://cloud.google.com/bigquery/docs) @@ -347,7 +347,7 @@ def get_dataset_output(dataset_id: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['datasetId'] = dataset_id __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:bigquery/getDataset:getDataset', __args__, opts=opts, typ=GetDatasetResult) return __ret__.apply(lambda __response__: GetDatasetResult( accesses=pulumi.get(__response__, 'accesses'), diff --git a/sdk/python/pulumi_gcp/bigquery/get_dataset_iam_policy.py b/sdk/python/pulumi_gcp/bigquery/get_dataset_iam_policy.py index ddd1e50796..91bf292bed 100644 --- a/sdk/python/pulumi_gcp/bigquery/get_dataset_iam_policy.py +++ b/sdk/python/pulumi_gcp/bigquery/get_dataset_iam_policy.py @@ -125,7 +125,7 @@ def get_dataset_iam_policy(dataset_id: Optional[str] = None, project=pulumi.get(__ret__, 'project')) def get_dataset_iam_policy_output(dataset_id: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetDatasetIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetDatasetIamPolicyResult]: """ Retrieves the current IAM policy data for a BigQuery dataset. @@ -146,7 +146,7 @@ def get_dataset_iam_policy_output(dataset_id: Optional[pulumi.Input[str]] = None __args__ = dict() __args__['datasetId'] = dataset_id __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:bigquery/getDatasetIamPolicy:getDatasetIamPolicy', __args__, opts=opts, typ=GetDatasetIamPolicyResult) return __ret__.apply(lambda __response__: GetDatasetIamPolicyResult( dataset_id=pulumi.get(__response__, 'dataset_id'), diff --git a/sdk/python/pulumi_gcp/bigquery/get_default_service_account.py b/sdk/python/pulumi_gcp/bigquery/get_default_service_account.py index 280951f61f..b4e0019dbe 100644 --- a/sdk/python/pulumi_gcp/bigquery/get_default_service_account.py +++ b/sdk/python/pulumi_gcp/bigquery/get_default_service_account.py @@ -123,7 +123,7 @@ def get_default_service_account(project: Optional[str] = None, member=pulumi.get(__ret__, 'member'), project=pulumi.get(__ret__, 'project')) def get_default_service_account_output(project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetDefaultServiceAccountResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetDefaultServiceAccountResult]: """ Get the email address of a project's unique BigQuery service account. @@ -153,7 +153,7 @@ def get_default_service_account_output(project: Optional[pulumi.Input[Optional[s """ __args__ = dict() __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:bigquery/getDefaultServiceAccount:getDefaultServiceAccount', __args__, opts=opts, typ=GetDefaultServiceAccountResult) return __ret__.apply(lambda __response__: GetDefaultServiceAccountResult( email=pulumi.get(__response__, 'email'), diff --git a/sdk/python/pulumi_gcp/bigquery/get_table_iam_policy.py b/sdk/python/pulumi_gcp/bigquery/get_table_iam_policy.py index 785ce048e4..8e46e112df 100644 --- a/sdk/python/pulumi_gcp/bigquery/get_table_iam_policy.py +++ b/sdk/python/pulumi_gcp/bigquery/get_table_iam_policy.py @@ -140,7 +140,7 @@ def get_table_iam_policy(dataset_id: Optional[str] = None, def get_table_iam_policy_output(dataset_id: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, table_id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetTableIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetTableIamPolicyResult]: """ Retrieves the current IAM policy data for table @@ -163,7 +163,7 @@ def get_table_iam_policy_output(dataset_id: Optional[pulumi.Input[str]] = None, __args__['datasetId'] = dataset_id __args__['project'] = project __args__['tableId'] = table_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:bigquery/getTableIamPolicy:getTableIamPolicy', __args__, opts=opts, typ=GetTableIamPolicyResult) return __ret__.apply(lambda __response__: GetTableIamPolicyResult( dataset_id=pulumi.get(__response__, 'dataset_id'), diff --git a/sdk/python/pulumi_gcp/bigquery/get_tables.py b/sdk/python/pulumi_gcp/bigquery/get_tables.py index 19697a13f8..4d347221e4 100644 --- a/sdk/python/pulumi_gcp/bigquery/get_tables.py +++ b/sdk/python/pulumi_gcp/bigquery/get_tables.py @@ -116,7 +116,7 @@ def get_tables(dataset_id: Optional[str] = None, tables=pulumi.get(__ret__, 'tables')) def get_tables_output(dataset_id: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetTablesResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetTablesResult]: """ Get a list of tables in a BigQuery dataset. For more information see the [official documentation](https://cloud.google.com/bigquery/docs) @@ -140,7 +140,7 @@ def get_tables_output(dataset_id: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['datasetId'] = dataset_id __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:bigquery/getTables:getTables', __args__, opts=opts, typ=GetTablesResult) return __ret__.apply(lambda __response__: GetTablesResult( dataset_id=pulumi.get(__response__, 'dataset_id'), diff --git a/sdk/python/pulumi_gcp/bigqueryanalyticshub/get_data_exchange_iam_policy.py b/sdk/python/pulumi_gcp/bigqueryanalyticshub/get_data_exchange_iam_policy.py index f01c22cb8d..20766d3ad7 100644 --- a/sdk/python/pulumi_gcp/bigqueryanalyticshub/get_data_exchange_iam_policy.py +++ b/sdk/python/pulumi_gcp/bigqueryanalyticshub/get_data_exchange_iam_policy.py @@ -145,7 +145,7 @@ def get_data_exchange_iam_policy(data_exchange_id: Optional[str] = None, def get_data_exchange_iam_policy_output(data_exchange_id: Optional[pulumi.Input[str]] = None, location: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetDataExchangeIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetDataExchangeIamPolicyResult]: """ Retrieves the current IAM policy data for dataexchange @@ -173,7 +173,7 @@ def get_data_exchange_iam_policy_output(data_exchange_id: Optional[pulumi.Input[ __args__['dataExchangeId'] = data_exchange_id __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:bigqueryanalyticshub/getDataExchangeIamPolicy:getDataExchangeIamPolicy', __args__, opts=opts, typ=GetDataExchangeIamPolicyResult) return __ret__.apply(lambda __response__: GetDataExchangeIamPolicyResult( data_exchange_id=pulumi.get(__response__, 'data_exchange_id'), diff --git a/sdk/python/pulumi_gcp/bigqueryanalyticshub/get_listing_iam_policy.py b/sdk/python/pulumi_gcp/bigqueryanalyticshub/get_listing_iam_policy.py index 915a21534f..f2eb0e8a6f 100644 --- a/sdk/python/pulumi_gcp/bigqueryanalyticshub/get_listing_iam_policy.py +++ b/sdk/python/pulumi_gcp/bigqueryanalyticshub/get_listing_iam_policy.py @@ -160,7 +160,7 @@ def get_listing_iam_policy_output(data_exchange_id: Optional[pulumi.Input[str]] listing_id: Optional[pulumi.Input[str]] = None, location: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetListingIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetListingIamPolicyResult]: """ Retrieves the current IAM policy data for listing @@ -191,7 +191,7 @@ def get_listing_iam_policy_output(data_exchange_id: Optional[pulumi.Input[str]] __args__['listingId'] = listing_id __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:bigqueryanalyticshub/getListingIamPolicy:getListingIamPolicy', __args__, opts=opts, typ=GetListingIamPolicyResult) return __ret__.apply(lambda __response__: GetListingIamPolicyResult( data_exchange_id=pulumi.get(__response__, 'data_exchange_id'), diff --git a/sdk/python/pulumi_gcp/bigquerydatapolicy/get_iam_policy.py b/sdk/python/pulumi_gcp/bigquerydatapolicy/get_iam_policy.py index e16a93b43e..7432f65c5d 100644 --- a/sdk/python/pulumi_gcp/bigquerydatapolicy/get_iam_policy.py +++ b/sdk/python/pulumi_gcp/bigquerydatapolicy/get_iam_policy.py @@ -144,7 +144,7 @@ def get_iam_policy(data_policy_id: Optional[str] = None, def get_iam_policy_output(data_policy_id: Optional[pulumi.Input[str]] = None, location: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetIamPolicyResult]: """ Retrieves the current IAM policy data for datapolicy @@ -171,7 +171,7 @@ def get_iam_policy_output(data_policy_id: Optional[pulumi.Input[str]] = None, __args__['dataPolicyId'] = data_policy_id __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:bigquerydatapolicy/getIamPolicy:getIamPolicy', __args__, opts=opts, typ=GetIamPolicyResult) return __ret__.apply(lambda __response__: GetIamPolicyResult( data_policy_id=pulumi.get(__response__, 'data_policy_id'), diff --git a/sdk/python/pulumi_gcp/bigtable/get_instance_iam_policy.py b/sdk/python/pulumi_gcp/bigtable/get_instance_iam_policy.py index 1520545acf..58e4084cc5 100644 --- a/sdk/python/pulumi_gcp/bigtable/get_instance_iam_policy.py +++ b/sdk/python/pulumi_gcp/bigtable/get_instance_iam_policy.py @@ -123,7 +123,7 @@ def get_instance_iam_policy(instance: Optional[str] = None, project=pulumi.get(__ret__, 'project')) def get_instance_iam_policy_output(instance: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetInstanceIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetInstanceIamPolicyResult]: """ Retrieves the current IAM policy data for a Bigtable instance. @@ -142,7 +142,7 @@ def get_instance_iam_policy_output(instance: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['instance'] = instance __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:bigtable/getInstanceIamPolicy:getInstanceIamPolicy', __args__, opts=opts, typ=GetInstanceIamPolicyResult) return __ret__.apply(lambda __response__: GetInstanceIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/bigtable/get_table_iam_policy.py b/sdk/python/pulumi_gcp/bigtable/get_table_iam_policy.py index 516ef4b063..5b76cb6391 100644 --- a/sdk/python/pulumi_gcp/bigtable/get_table_iam_policy.py +++ b/sdk/python/pulumi_gcp/bigtable/get_table_iam_policy.py @@ -138,7 +138,7 @@ def get_table_iam_policy(instance: Optional[str] = None, def get_table_iam_policy_output(instance: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, table: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetTableIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetTableIamPolicyResult]: """ Retrieves the current IAM policy data for a Bigtable Table. @@ -160,7 +160,7 @@ def get_table_iam_policy_output(instance: Optional[pulumi.Input[str]] = None, __args__['instance'] = instance __args__['project'] = project __args__['table'] = table - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:bigtable/getTableIamPolicy:getTableIamPolicy', __args__, opts=opts, typ=GetTableIamPolicyResult) return __ret__.apply(lambda __response__: GetTableIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/billing/get_account_iam_policy.py b/sdk/python/pulumi_gcp/billing/get_account_iam_policy.py index a07ecf2d4d..557d958271 100644 --- a/sdk/python/pulumi_gcp/billing/get_account_iam_policy.py +++ b/sdk/python/pulumi_gcp/billing/get_account_iam_policy.py @@ -110,7 +110,7 @@ def get_account_iam_policy(billing_account_id: Optional[str] = None, id=pulumi.get(__ret__, 'id'), policy_data=pulumi.get(__ret__, 'policy_data')) def get_account_iam_policy_output(billing_account_id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAccountIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAccountIamPolicyResult]: """ Retrieves the current IAM policy data for a Billing Account. @@ -128,7 +128,7 @@ def get_account_iam_policy_output(billing_account_id: Optional[pulumi.Input[str] """ __args__ = dict() __args__['billingAccountId'] = billing_account_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:billing/getAccountIamPolicy:getAccountIamPolicy', __args__, opts=opts, typ=GetAccountIamPolicyResult) return __ret__.apply(lambda __response__: GetAccountIamPolicyResult( billing_account_id=pulumi.get(__response__, 'billing_account_id'), diff --git a/sdk/python/pulumi_gcp/binaryauthorization/get_attestor_iam_policy.py b/sdk/python/pulumi_gcp/binaryauthorization/get_attestor_iam_policy.py index 6c946abaea..ed593c7ef9 100644 --- a/sdk/python/pulumi_gcp/binaryauthorization/get_attestor_iam_policy.py +++ b/sdk/python/pulumi_gcp/binaryauthorization/get_attestor_iam_policy.py @@ -127,7 +127,7 @@ def get_attestor_iam_policy(attestor: Optional[str] = None, project=pulumi.get(__ret__, 'project')) def get_attestor_iam_policy_output(attestor: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAttestorIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAttestorIamPolicyResult]: """ Retrieves the current IAM policy data for attestor @@ -149,7 +149,7 @@ def get_attestor_iam_policy_output(attestor: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['attestor'] = attestor __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:binaryauthorization/getAttestorIamPolicy:getAttestorIamPolicy', __args__, opts=opts, typ=GetAttestorIamPolicyResult) return __ret__.apply(lambda __response__: GetAttestorIamPolicyResult( attestor=pulumi.get(__response__, 'attestor'), diff --git a/sdk/python/pulumi_gcp/certificateauthority/get_authority.py b/sdk/python/pulumi_gcp/certificateauthority/get_authority.py index f1dc5ef916..060c5e83df 100644 --- a/sdk/python/pulumi_gcp/certificateauthority/get_authority.py +++ b/sdk/python/pulumi_gcp/certificateauthority/get_authority.py @@ -346,7 +346,7 @@ def get_authority_output(certificate_authority_id: Optional[pulumi.Input[Optiona location: Optional[pulumi.Input[Optional[str]]] = None, pool: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAuthorityResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAuthorityResult]: """ Get info about a Google CAS Certificate Authority. @@ -376,7 +376,7 @@ def get_authority_output(certificate_authority_id: Optional[pulumi.Input[Optiona __args__['location'] = location __args__['pool'] = pool __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:certificateauthority/getAuthority:getAuthority', __args__, opts=opts, typ=GetAuthorityResult) return __ret__.apply(lambda __response__: GetAuthorityResult( access_urls=pulumi.get(__response__, 'access_urls'), diff --git a/sdk/python/pulumi_gcp/certificateauthority/get_ca_pool_iam_policy.py b/sdk/python/pulumi_gcp/certificateauthority/get_ca_pool_iam_policy.py index 208fe81602..e2329380c3 100644 --- a/sdk/python/pulumi_gcp/certificateauthority/get_ca_pool_iam_policy.py +++ b/sdk/python/pulumi_gcp/certificateauthority/get_ca_pool_iam_policy.py @@ -144,7 +144,7 @@ def get_ca_pool_iam_policy(ca_pool: Optional[str] = None, def get_ca_pool_iam_policy_output(ca_pool: Optional[pulumi.Input[str]] = None, location: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetCaPoolIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetCaPoolIamPolicyResult]: """ Retrieves the current IAM policy data for capool @@ -171,7 +171,7 @@ def get_ca_pool_iam_policy_output(ca_pool: Optional[pulumi.Input[str]] = None, __args__['caPool'] = ca_pool __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:certificateauthority/getCaPoolIamPolicy:getCaPoolIamPolicy', __args__, opts=opts, typ=GetCaPoolIamPolicyResult) return __ret__.apply(lambda __response__: GetCaPoolIamPolicyResult( ca_pool=pulumi.get(__response__, 'ca_pool'), diff --git a/sdk/python/pulumi_gcp/certificateauthority/get_certificate_template_iam_policy.py b/sdk/python/pulumi_gcp/certificateauthority/get_certificate_template_iam_policy.py index c9cb25092b..e11eb84266 100644 --- a/sdk/python/pulumi_gcp/certificateauthority/get_certificate_template_iam_policy.py +++ b/sdk/python/pulumi_gcp/certificateauthority/get_certificate_template_iam_policy.py @@ -142,7 +142,7 @@ def get_certificate_template_iam_policy(certificate_template: Optional[str] = No def get_certificate_template_iam_policy_output(certificate_template: Optional[pulumi.Input[str]] = None, location: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetCertificateTemplateIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetCertificateTemplateIamPolicyResult]: """ Retrieves the current IAM policy data for certificatetemplate @@ -167,7 +167,7 @@ def get_certificate_template_iam_policy_output(certificate_template: Optional[pu __args__['certificateTemplate'] = certificate_template __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:certificateauthority/getCertificateTemplateIamPolicy:getCertificateTemplateIamPolicy', __args__, opts=opts, typ=GetCertificateTemplateIamPolicyResult) return __ret__.apply(lambda __response__: GetCertificateTemplateIamPolicyResult( certificate_template=pulumi.get(__response__, 'certificate_template'), diff --git a/sdk/python/pulumi_gcp/certificatemanager/get_certificate_map.py b/sdk/python/pulumi_gcp/certificatemanager/get_certificate_map.py index 37cbc50b8e..8c96fb706a 100644 --- a/sdk/python/pulumi_gcp/certificatemanager/get_certificate_map.py +++ b/sdk/python/pulumi_gcp/certificatemanager/get_certificate_map.py @@ -172,7 +172,7 @@ def get_certificate_map(name: Optional[str] = None, update_time=pulumi.get(__ret__, 'update_time')) def get_certificate_map_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetCertificateMapResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetCertificateMapResult]: """ Get info about a Google Certificate Manager Certificate Map resource. @@ -195,7 +195,7 @@ def get_certificate_map_output(name: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:certificatemanager/getCertificateMap:getCertificateMap', __args__, opts=opts, typ=GetCertificateMapResult) return __ret__.apply(lambda __response__: GetCertificateMapResult( create_time=pulumi.get(__response__, 'create_time'), diff --git a/sdk/python/pulumi_gcp/certificatemanager/get_certificates.py b/sdk/python/pulumi_gcp/certificatemanager/get_certificates.py index 0a8db32a9f..e8f0102b7d 100644 --- a/sdk/python/pulumi_gcp/certificatemanager/get_certificates.py +++ b/sdk/python/pulumi_gcp/certificatemanager/get_certificates.py @@ -118,7 +118,7 @@ def get_certificates(filter: Optional[str] = None, region=pulumi.get(__ret__, 'region')) def get_certificates_output(filter: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetCertificatesResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetCertificatesResult]: """ List all certificates within Google Certificate Manager for a given project, region or filter. @@ -147,7 +147,7 @@ def get_certificates_output(filter: Optional[pulumi.Input[Optional[str]]] = None __args__ = dict() __args__['filter'] = filter __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:certificatemanager/getCertificates:getCertificates', __args__, opts=opts, typ=GetCertificatesResult) return __ret__.apply(lambda __response__: GetCertificatesResult( certificates=pulumi.get(__response__, 'certificates'), diff --git a/sdk/python/pulumi_gcp/cloudasset/get_resources_search_all.py b/sdk/python/pulumi_gcp/cloudasset/get_resources_search_all.py index 25721f5faf..d8e6496996 100644 --- a/sdk/python/pulumi_gcp/cloudasset/get_resources_search_all.py +++ b/sdk/python/pulumi_gcp/cloudasset/get_resources_search_all.py @@ -148,7 +148,7 @@ def get_resources_search_all(asset_types: Optional[Sequence[str]] = None, def get_resources_search_all_output(asset_types: Optional[pulumi.Input[Optional[Sequence[str]]]] = None, query: Optional[pulumi.Input[Optional[str]]] = None, scope: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetResourcesSearchAllResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetResourcesSearchAllResult]: """ ## Example Usage @@ -192,7 +192,7 @@ def get_resources_search_all_output(asset_types: Optional[pulumi.Input[Optional[ __args__['assetTypes'] = asset_types __args__['query'] = query __args__['scope'] = scope - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:cloudasset/getResourcesSearchAll:getResourcesSearchAll', __args__, opts=opts, typ=GetResourcesSearchAllResult) return __ret__.apply(lambda __response__: GetResourcesSearchAllResult( asset_types=pulumi.get(__response__, 'asset_types'), diff --git a/sdk/python/pulumi_gcp/cloudasset/get_search_all_resources.py b/sdk/python/pulumi_gcp/cloudasset/get_search_all_resources.py index 3a2973cb3a..83171cfb6e 100644 --- a/sdk/python/pulumi_gcp/cloudasset/get_search_all_resources.py +++ b/sdk/python/pulumi_gcp/cloudasset/get_search_all_resources.py @@ -152,7 +152,7 @@ def get_search_all_resources(asset_types: Optional[Sequence[str]] = None, def get_search_all_resources_output(asset_types: Optional[pulumi.Input[Optional[Sequence[str]]]] = None, query: Optional[pulumi.Input[Optional[str]]] = None, scope: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetSearchAllResourcesResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetSearchAllResourcesResult]: """ Searches all Google Cloud resources within the specified scope, such as a project, folder, or organization. See the [REST API](https://cloud.google.com/asset-inventory/docs/reference/rest/v1/TopLevel/searchAllResources) @@ -200,7 +200,7 @@ def get_search_all_resources_output(asset_types: Optional[pulumi.Input[Optional[ __args__['assetTypes'] = asset_types __args__['query'] = query __args__['scope'] = scope - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:cloudasset/getSearchAllResources:getSearchAllResources', __args__, opts=opts, typ=GetSearchAllResourcesResult) return __ret__.apply(lambda __response__: GetSearchAllResourcesResult( asset_types=pulumi.get(__response__, 'asset_types'), diff --git a/sdk/python/pulumi_gcp/cloudbuild/get_trigger.py b/sdk/python/pulumi_gcp/cloudbuild/get_trigger.py index 7273f9549a..9eef859a3f 100644 --- a/sdk/python/pulumi_gcp/cloudbuild/get_trigger.py +++ b/sdk/python/pulumi_gcp/cloudbuild/get_trigger.py @@ -341,7 +341,7 @@ def get_trigger(location: Optional[str] = None, def get_trigger_output(location: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, trigger_id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetTriggerResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetTriggerResult]: """ To get more information about Cloudbuild Trigger, see: @@ -371,7 +371,7 @@ def get_trigger_output(location: Optional[pulumi.Input[str]] = None, __args__['location'] = location __args__['project'] = project __args__['triggerId'] = trigger_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:cloudbuild/getTrigger:getTrigger', __args__, opts=opts, typ=GetTriggerResult) return __ret__.apply(lambda __response__: GetTriggerResult( approval_configs=pulumi.get(__response__, 'approval_configs'), diff --git a/sdk/python/pulumi_gcp/cloudbuildv2/get_connection_iam_policy.py b/sdk/python/pulumi_gcp/cloudbuildv2/get_connection_iam_policy.py index 33fbd01973..ebad623803 100644 --- a/sdk/python/pulumi_gcp/cloudbuildv2/get_connection_iam_policy.py +++ b/sdk/python/pulumi_gcp/cloudbuildv2/get_connection_iam_policy.py @@ -144,7 +144,7 @@ def get_connection_iam_policy(location: Optional[str] = None, def get_connection_iam_policy_output(location: Optional[pulumi.Input[Optional[str]]] = None, name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetConnectionIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetConnectionIamPolicyResult]: """ Retrieves the current IAM policy data for connection @@ -171,7 +171,7 @@ def get_connection_iam_policy_output(location: Optional[pulumi.Input[Optional[st __args__['location'] = location __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:cloudbuildv2/getConnectionIamPolicy:getConnectionIamPolicy', __args__, opts=opts, typ=GetConnectionIamPolicyResult) return __ret__.apply(lambda __response__: GetConnectionIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/clouddeploy/get_custom_target_type_iam_policy.py b/sdk/python/pulumi_gcp/clouddeploy/get_custom_target_type_iam_policy.py index ea57004616..371f0f2657 100644 --- a/sdk/python/pulumi_gcp/clouddeploy/get_custom_target_type_iam_policy.py +++ b/sdk/python/pulumi_gcp/clouddeploy/get_custom_target_type_iam_policy.py @@ -144,7 +144,7 @@ def get_custom_target_type_iam_policy(location: Optional[str] = None, def get_custom_target_type_iam_policy_output(location: Optional[pulumi.Input[Optional[str]]] = None, name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetCustomTargetTypeIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetCustomTargetTypeIamPolicyResult]: """ Retrieves the current IAM policy data for customtargettype @@ -171,7 +171,7 @@ def get_custom_target_type_iam_policy_output(location: Optional[pulumi.Input[Opt __args__['location'] = location __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:clouddeploy/getCustomTargetTypeIamPolicy:getCustomTargetTypeIamPolicy', __args__, opts=opts, typ=GetCustomTargetTypeIamPolicyResult) return __ret__.apply(lambda __response__: GetCustomTargetTypeIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/clouddeploy/get_delivery_pipeline_iam_policy.py b/sdk/python/pulumi_gcp/clouddeploy/get_delivery_pipeline_iam_policy.py index 56adc36d6b..43ae48391d 100644 --- a/sdk/python/pulumi_gcp/clouddeploy/get_delivery_pipeline_iam_policy.py +++ b/sdk/python/pulumi_gcp/clouddeploy/get_delivery_pipeline_iam_policy.py @@ -141,7 +141,7 @@ def get_delivery_pipeline_iam_policy(location: Optional[str] = None, def get_delivery_pipeline_iam_policy_output(location: Optional[pulumi.Input[Optional[str]]] = None, name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetDeliveryPipelineIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetDeliveryPipelineIamPolicyResult]: """ Retrieves the current IAM policy data for deliverypipeline @@ -165,7 +165,7 @@ def get_delivery_pipeline_iam_policy_output(location: Optional[pulumi.Input[Opti __args__['location'] = location __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:clouddeploy/getDeliveryPipelineIamPolicy:getDeliveryPipelineIamPolicy', __args__, opts=opts, typ=GetDeliveryPipelineIamPolicyResult) return __ret__.apply(lambda __response__: GetDeliveryPipelineIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/clouddeploy/get_target_iam_policy.py b/sdk/python/pulumi_gcp/clouddeploy/get_target_iam_policy.py index 6cb4e47e7f..d225814d3c 100644 --- a/sdk/python/pulumi_gcp/clouddeploy/get_target_iam_policy.py +++ b/sdk/python/pulumi_gcp/clouddeploy/get_target_iam_policy.py @@ -141,7 +141,7 @@ def get_target_iam_policy(location: Optional[str] = None, def get_target_iam_policy_output(location: Optional[pulumi.Input[Optional[str]]] = None, name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetTargetIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetTargetIamPolicyResult]: """ Retrieves the current IAM policy data for target @@ -165,7 +165,7 @@ def get_target_iam_policy_output(location: Optional[pulumi.Input[Optional[str]]] __args__['location'] = location __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:clouddeploy/getTargetIamPolicy:getTargetIamPolicy', __args__, opts=opts, typ=GetTargetIamPolicyResult) return __ret__.apply(lambda __response__: GetTargetIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/cloudfunctions/get_function.py b/sdk/python/pulumi_gcp/cloudfunctions/get_function.py index 4cad4b743d..b380596066 100644 --- a/sdk/python/pulumi_gcp/cloudfunctions/get_function.py +++ b/sdk/python/pulumi_gcp/cloudfunctions/get_function.py @@ -493,7 +493,7 @@ def get_function(name: Optional[str] = None, def get_function_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetFunctionResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetFunctionResult]: """ Get information about a Google Cloud Function. For more information see the [official documentation](https://cloud.google.com/functions/docs/) @@ -521,7 +521,7 @@ def get_function_output(name: Optional[pulumi.Input[str]] = None, __args__['name'] = name __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:cloudfunctions/getFunction:getFunction', __args__, opts=opts, typ=GetFunctionResult) return __ret__.apply(lambda __response__: GetFunctionResult( available_memory_mb=pulumi.get(__response__, 'available_memory_mb'), diff --git a/sdk/python/pulumi_gcp/cloudfunctions/get_function_iam_policy.py b/sdk/python/pulumi_gcp/cloudfunctions/get_function_iam_policy.py index 844d311019..605be2d4c6 100644 --- a/sdk/python/pulumi_gcp/cloudfunctions/get_function_iam_policy.py +++ b/sdk/python/pulumi_gcp/cloudfunctions/get_function_iam_policy.py @@ -144,7 +144,7 @@ def get_function_iam_policy(cloud_function: Optional[str] = None, def get_function_iam_policy_output(cloud_function: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetFunctionIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetFunctionIamPolicyResult]: """ Retrieves the current IAM policy data for cloudfunction @@ -171,7 +171,7 @@ def get_function_iam_policy_output(cloud_function: Optional[pulumi.Input[str]] = __args__['cloudFunction'] = cloud_function __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:cloudfunctions/getFunctionIamPolicy:getFunctionIamPolicy', __args__, opts=opts, typ=GetFunctionIamPolicyResult) return __ret__.apply(lambda __response__: GetFunctionIamPolicyResult( cloud_function=pulumi.get(__response__, 'cloud_function'), diff --git a/sdk/python/pulumi_gcp/cloudfunctionsv2/get_function.py b/sdk/python/pulumi_gcp/cloudfunctionsv2/get_function.py index 407efb12c8..abd7d1883d 100644 --- a/sdk/python/pulumi_gcp/cloudfunctionsv2/get_function.py +++ b/sdk/python/pulumi_gcp/cloudfunctionsv2/get_function.py @@ -239,7 +239,7 @@ def get_function(location: Optional[str] = None, def get_function_output(location: Optional[pulumi.Input[str]] = None, name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetFunctionResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetFunctionResult]: """ Get information about a Google Cloud Function (2nd gen). For more information see: @@ -267,7 +267,7 @@ def get_function_output(location: Optional[pulumi.Input[str]] = None, __args__['location'] = location __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:cloudfunctionsv2/getFunction:getFunction', __args__, opts=opts, typ=GetFunctionResult) return __ret__.apply(lambda __response__: GetFunctionResult( build_configs=pulumi.get(__response__, 'build_configs'), diff --git a/sdk/python/pulumi_gcp/cloudfunctionsv2/get_function_iam_policy.py b/sdk/python/pulumi_gcp/cloudfunctionsv2/get_function_iam_policy.py index aac89ac3fc..7bbf8a07a5 100644 --- a/sdk/python/pulumi_gcp/cloudfunctionsv2/get_function_iam_policy.py +++ b/sdk/python/pulumi_gcp/cloudfunctionsv2/get_function_iam_policy.py @@ -144,7 +144,7 @@ def get_function_iam_policy(cloud_function: Optional[str] = None, def get_function_iam_policy_output(cloud_function: Optional[pulumi.Input[str]] = None, location: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetFunctionIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetFunctionIamPolicyResult]: """ Retrieves the current IAM policy data for function @@ -171,7 +171,7 @@ def get_function_iam_policy_output(cloud_function: Optional[pulumi.Input[str]] = __args__['cloudFunction'] = cloud_function __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:cloudfunctionsv2/getFunctionIamPolicy:getFunctionIamPolicy', __args__, opts=opts, typ=GetFunctionIamPolicyResult) return __ret__.apply(lambda __response__: GetFunctionIamPolicyResult( cloud_function=pulumi.get(__response__, 'cloud_function'), diff --git a/sdk/python/pulumi_gcp/cloudidentity/get_group_lookup.py b/sdk/python/pulumi_gcp/cloudidentity/get_group_lookup.py index 5be9bd6454..211722b915 100644 --- a/sdk/python/pulumi_gcp/cloudidentity/get_group_lookup.py +++ b/sdk/python/pulumi_gcp/cloudidentity/get_group_lookup.py @@ -105,7 +105,7 @@ def get_group_lookup(group_key: Optional[Union['GetGroupLookupGroupKeyArgs', 'Ge id=pulumi.get(__ret__, 'id'), name=pulumi.get(__ret__, 'name')) def get_group_lookup_output(group_key: Optional[pulumi.Input[Union['GetGroupLookupGroupKeyArgs', 'GetGroupLookupGroupKeyArgsDict']]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetGroupLookupResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetGroupLookupResult]: """ Use this data source to look up the resource name of a Cloud Identity Group by its [EntityKey](https://cloud.google.com/identity/docs/reference/rest/v1/EntityKey), i.e. the group's email. @@ -129,7 +129,7 @@ def get_group_lookup_output(group_key: Optional[pulumi.Input[Union['GetGroupLook """ __args__ = dict() __args__['groupKey'] = group_key - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:cloudidentity/getGroupLookup:getGroupLookup', __args__, opts=opts, typ=GetGroupLookupResult) return __ret__.apply(lambda __response__: GetGroupLookupResult( group_key=pulumi.get(__response__, 'group_key'), diff --git a/sdk/python/pulumi_gcp/cloudidentity/get_group_memberships.py b/sdk/python/pulumi_gcp/cloudidentity/get_group_memberships.py index 6aff4d68ab..65af349894 100644 --- a/sdk/python/pulumi_gcp/cloudidentity/get_group_memberships.py +++ b/sdk/python/pulumi_gcp/cloudidentity/get_group_memberships.py @@ -106,7 +106,7 @@ def get_group_memberships(group: Optional[str] = None, id=pulumi.get(__ret__, 'id'), memberships=pulumi.get(__ret__, 'memberships')) def get_group_memberships_output(group: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetGroupMembershipsResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetGroupMembershipsResult]: """ Use this data source to get list of the Cloud Identity Group Memberships within a given Group. @@ -132,7 +132,7 @@ def get_group_memberships_output(group: Optional[pulumi.Input[str]] = None, """ __args__ = dict() __args__['group'] = group - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:cloudidentity/getGroupMemberships:getGroupMemberships', __args__, opts=opts, typ=GetGroupMembershipsResult) return __ret__.apply(lambda __response__: GetGroupMembershipsResult( group=pulumi.get(__response__, 'group'), diff --git a/sdk/python/pulumi_gcp/cloudidentity/get_group_transitive_memberships.py b/sdk/python/pulumi_gcp/cloudidentity/get_group_transitive_memberships.py index a17e1e9fc1..490c30583f 100644 --- a/sdk/python/pulumi_gcp/cloudidentity/get_group_transitive_memberships.py +++ b/sdk/python/pulumi_gcp/cloudidentity/get_group_transitive_memberships.py @@ -83,13 +83,13 @@ def get_group_transitive_memberships(group: Optional[str] = None, id=pulumi.get(__ret__, 'id'), memberships=pulumi.get(__ret__, 'memberships')) def get_group_transitive_memberships_output(group: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetGroupTransitiveMembershipsResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetGroupTransitiveMembershipsResult]: """ Use this data source to access information about an existing resource. """ __args__ = dict() __args__['group'] = group - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:cloudidentity/getGroupTransitiveMemberships:getGroupTransitiveMemberships', __args__, opts=opts, typ=GetGroupTransitiveMembershipsResult) return __ret__.apply(lambda __response__: GetGroupTransitiveMembershipsResult( group=pulumi.get(__response__, 'group'), diff --git a/sdk/python/pulumi_gcp/cloudidentity/get_groups.py b/sdk/python/pulumi_gcp/cloudidentity/get_groups.py index d81411d724..0f53f003bd 100644 --- a/sdk/python/pulumi_gcp/cloudidentity/get_groups.py +++ b/sdk/python/pulumi_gcp/cloudidentity/get_groups.py @@ -100,7 +100,7 @@ def get_groups(parent: Optional[str] = None, id=pulumi.get(__ret__, 'id'), parent=pulumi.get(__ret__, 'parent')) def get_groups_output(parent: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetGroupsResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetGroupsResult]: """ Use this data source to get list of the Cloud Identity Groups under a customer or namespace. @@ -120,7 +120,7 @@ def get_groups_output(parent: Optional[pulumi.Input[str]] = None, """ __args__ = dict() __args__['parent'] = parent - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:cloudidentity/getGroups:getGroups', __args__, opts=opts, typ=GetGroupsResult) return __ret__.apply(lambda __response__: GetGroupsResult( groups=pulumi.get(__response__, 'groups'), diff --git a/sdk/python/pulumi_gcp/cloudquota/get_s_quota_info.py b/sdk/python/pulumi_gcp/cloudquota/get_s_quota_info.py index 379a362c50..99cdda3166 100644 --- a/sdk/python/pulumi_gcp/cloudquota/get_s_quota_info.py +++ b/sdk/python/pulumi_gcp/cloudquota/get_s_quota_info.py @@ -297,7 +297,7 @@ def get_s_quota_info(parent: Optional[str] = None, def get_s_quota_info_output(parent: Optional[pulumi.Input[str]] = None, quota_id: Optional[pulumi.Input[str]] = None, service: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetSQuotaInfoResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetSQuotaInfoResult]: """ Provides information about a particular quota for a given project, folder or organization. @@ -321,7 +321,7 @@ def get_s_quota_info_output(parent: Optional[pulumi.Input[str]] = None, __args__['parent'] = parent __args__['quotaId'] = quota_id __args__['service'] = service - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:cloudquota/getSQuotaInfo:getSQuotaInfo', __args__, opts=opts, typ=GetSQuotaInfoResult) return __ret__.apply(lambda __response__: GetSQuotaInfoResult( container_type=pulumi.get(__response__, 'container_type'), diff --git a/sdk/python/pulumi_gcp/cloudquota/get_s_quota_infos.py b/sdk/python/pulumi_gcp/cloudquota/get_s_quota_infos.py index 1a1fff9258..54a5424f6f 100644 --- a/sdk/python/pulumi_gcp/cloudquota/get_s_quota_infos.py +++ b/sdk/python/pulumi_gcp/cloudquota/get_s_quota_infos.py @@ -113,7 +113,7 @@ def get_s_quota_infos(parent: Optional[str] = None, service=pulumi.get(__ret__, 'service')) def get_s_quota_infos_output(parent: Optional[pulumi.Input[str]] = None, service: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetSQuotaInfosResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetSQuotaInfosResult]: """ Provides information about all quotas for a given project, folder or organization. @@ -134,7 +134,7 @@ def get_s_quota_infos_output(parent: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['parent'] = parent __args__['service'] = service - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:cloudquota/getSQuotaInfos:getSQuotaInfos', __args__, opts=opts, typ=GetSQuotaInfosResult) return __ret__.apply(lambda __response__: GetSQuotaInfosResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/cloudrun/get_locations.py b/sdk/python/pulumi_gcp/cloudrun/get_locations.py index 933fad8091..ccd2f61739 100644 --- a/sdk/python/pulumi_gcp/cloudrun/get_locations.py +++ b/sdk/python/pulumi_gcp/cloudrun/get_locations.py @@ -104,7 +104,7 @@ def get_locations(project: Optional[str] = None, locations=pulumi.get(__ret__, 'locations'), project=pulumi.get(__ret__, 'project')) def get_locations_output(project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetLocationsResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetLocationsResult]: """ Get Cloud Run locations available for a project. @@ -129,7 +129,7 @@ def get_locations_output(project: Optional[pulumi.Input[Optional[str]]] = None, """ __args__ = dict() __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:cloudrun/getLocations:getLocations', __args__, opts=opts, typ=GetLocationsResult) return __ret__.apply(lambda __response__: GetLocationsResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/cloudrun/get_service.py b/sdk/python/pulumi_gcp/cloudrun/get_service.py index d480d8654f..f98bbea7dd 100644 --- a/sdk/python/pulumi_gcp/cloudrun/get_service.py +++ b/sdk/python/pulumi_gcp/cloudrun/get_service.py @@ -169,7 +169,7 @@ def get_service(location: Optional[str] = None, def get_service_output(location: Optional[pulumi.Input[str]] = None, name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetServiceResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetServiceResult]: """ Get information about a Google Cloud Run Service. For more information see the [official documentation](https://cloud.google.com/run/docs/) @@ -197,7 +197,7 @@ def get_service_output(location: Optional[pulumi.Input[str]] = None, __args__['location'] = location __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:cloudrun/getService:getService', __args__, opts=opts, typ=GetServiceResult) return __ret__.apply(lambda __response__: GetServiceResult( autogenerate_revision_name=pulumi.get(__response__, 'autogenerate_revision_name'), diff --git a/sdk/python/pulumi_gcp/cloudrun/get_service_iam_policy.py b/sdk/python/pulumi_gcp/cloudrun/get_service_iam_policy.py index a8d2ab1b44..cf33736f96 100644 --- a/sdk/python/pulumi_gcp/cloudrun/get_service_iam_policy.py +++ b/sdk/python/pulumi_gcp/cloudrun/get_service_iam_policy.py @@ -144,7 +144,7 @@ def get_service_iam_policy(location: Optional[str] = None, def get_service_iam_policy_output(location: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, service: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetServiceIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetServiceIamPolicyResult]: """ Retrieves the current IAM policy data for service @@ -171,7 +171,7 @@ def get_service_iam_policy_output(location: Optional[pulumi.Input[Optional[str]] __args__['location'] = location __args__['project'] = project __args__['service'] = service - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:cloudrun/getServiceIamPolicy:getServiceIamPolicy', __args__, opts=opts, typ=GetServiceIamPolicyResult) return __ret__.apply(lambda __response__: GetServiceIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/cloudrunv2/get_job.py b/sdk/python/pulumi_gcp/cloudrunv2/get_job.py index 36cfbf3796..bb686630fe 100644 --- a/sdk/python/pulumi_gcp/cloudrunv2/get_job.py +++ b/sdk/python/pulumi_gcp/cloudrunv2/get_job.py @@ -399,7 +399,7 @@ def get_job(location: Optional[str] = None, def get_job_output(location: Optional[pulumi.Input[Optional[str]]] = None, name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetJobResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetJobResult]: """ Get information about a Google Cloud Run v2 Job. For more information see the [official documentation](https://cloud.google.com/run/docs/) @@ -427,7 +427,7 @@ def get_job_output(location: Optional[pulumi.Input[Optional[str]]] = None, __args__['location'] = location __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:cloudrunv2/getJob:getJob', __args__, opts=opts, typ=GetJobResult) return __ret__.apply(lambda __response__: GetJobResult( annotations=pulumi.get(__response__, 'annotations'), diff --git a/sdk/python/pulumi_gcp/cloudrunv2/get_job_iam_policy.py b/sdk/python/pulumi_gcp/cloudrunv2/get_job_iam_policy.py index 963697d7ae..4bfc48989a 100644 --- a/sdk/python/pulumi_gcp/cloudrunv2/get_job_iam_policy.py +++ b/sdk/python/pulumi_gcp/cloudrunv2/get_job_iam_policy.py @@ -144,7 +144,7 @@ def get_job_iam_policy(location: Optional[str] = None, def get_job_iam_policy_output(location: Optional[pulumi.Input[Optional[str]]] = None, name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetJobIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetJobIamPolicyResult]: """ Retrieves the current IAM policy data for job @@ -171,7 +171,7 @@ def get_job_iam_policy_output(location: Optional[pulumi.Input[Optional[str]]] = __args__['location'] = location __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:cloudrunv2/getJobIamPolicy:getJobIamPolicy', __args__, opts=opts, typ=GetJobIamPolicyResult) return __ret__.apply(lambda __response__: GetJobIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/cloudrunv2/get_service.py b/sdk/python/pulumi_gcp/cloudrunv2/get_service.py index 4f75769668..ac6e5357d8 100644 --- a/sdk/python/pulumi_gcp/cloudrunv2/get_service.py +++ b/sdk/python/pulumi_gcp/cloudrunv2/get_service.py @@ -479,7 +479,7 @@ def get_service(location: Optional[str] = None, def get_service_output(location: Optional[pulumi.Input[Optional[str]]] = None, name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetServiceResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetServiceResult]: """ Get information about a Google Cloud Run v2 Service. For more information see the [official documentation](https://cloud.google.com/run/docs/) @@ -507,7 +507,7 @@ def get_service_output(location: Optional[pulumi.Input[Optional[str]]] = None, __args__['location'] = location __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:cloudrunv2/getService:getService', __args__, opts=opts, typ=GetServiceResult) return __ret__.apply(lambda __response__: GetServiceResult( annotations=pulumi.get(__response__, 'annotations'), diff --git a/sdk/python/pulumi_gcp/cloudrunv2/get_service_iam_policy.py b/sdk/python/pulumi_gcp/cloudrunv2/get_service_iam_policy.py index 3892746112..c5d158fffb 100644 --- a/sdk/python/pulumi_gcp/cloudrunv2/get_service_iam_policy.py +++ b/sdk/python/pulumi_gcp/cloudrunv2/get_service_iam_policy.py @@ -144,7 +144,7 @@ def get_service_iam_policy(location: Optional[str] = None, def get_service_iam_policy_output(location: Optional[pulumi.Input[Optional[str]]] = None, name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetServiceIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetServiceIamPolicyResult]: """ Retrieves the current IAM policy data for service @@ -171,7 +171,7 @@ def get_service_iam_policy_output(location: Optional[pulumi.Input[Optional[str]] __args__['location'] = location __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:cloudrunv2/getServiceIamPolicy:getServiceIamPolicy', __args__, opts=opts, typ=GetServiceIamPolicyResult) return __ret__.apply(lambda __response__: GetServiceIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/cloudtasks/get_queue_iam_policy.py b/sdk/python/pulumi_gcp/cloudtasks/get_queue_iam_policy.py index e22495e141..508dafe0ba 100644 --- a/sdk/python/pulumi_gcp/cloudtasks/get_queue_iam_policy.py +++ b/sdk/python/pulumi_gcp/cloudtasks/get_queue_iam_policy.py @@ -144,7 +144,7 @@ def get_queue_iam_policy(location: Optional[str] = None, def get_queue_iam_policy_output(location: Optional[pulumi.Input[Optional[str]]] = None, name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetQueueIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetQueueIamPolicyResult]: """ Retrieves the current IAM policy data for queue @@ -171,7 +171,7 @@ def get_queue_iam_policy_output(location: Optional[pulumi.Input[Optional[str]]] __args__['location'] = location __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:cloudtasks/getQueueIamPolicy:getQueueIamPolicy', __args__, opts=opts, typ=GetQueueIamPolicyResult) return __ret__.apply(lambda __response__: GetQueueIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/composer/get_environment.py b/sdk/python/pulumi_gcp/composer/get_environment.py index 668ab93b35..47d42e3dc2 100644 --- a/sdk/python/pulumi_gcp/composer/get_environment.py +++ b/sdk/python/pulumi_gcp/composer/get_environment.py @@ -169,7 +169,7 @@ def get_environment(name: Optional[str] = None, def get_environment_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetEnvironmentResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetEnvironmentResult]: """ Provides access to Cloud Composer environment configuration in a region for a given project. @@ -194,7 +194,7 @@ def get_environment_output(name: Optional[pulumi.Input[str]] = None, __args__['name'] = name __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:composer/getEnvironment:getEnvironment', __args__, opts=opts, typ=GetEnvironmentResult) return __ret__.apply(lambda __response__: GetEnvironmentResult( configs=pulumi.get(__response__, 'configs'), diff --git a/sdk/python/pulumi_gcp/composer/get_image_versions.py b/sdk/python/pulumi_gcp/composer/get_image_versions.py index d5b6162990..54c6493449 100644 --- a/sdk/python/pulumi_gcp/composer/get_image_versions.py +++ b/sdk/python/pulumi_gcp/composer/get_image_versions.py @@ -122,7 +122,7 @@ def get_image_versions(project: Optional[str] = None, region=pulumi.get(__ret__, 'region')) def get_image_versions_output(project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetImageVersionsResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetImageVersionsResult]: """ Provides access to available Cloud Composer versions in a region for a given project. @@ -152,7 +152,7 @@ def get_image_versions_output(project: Optional[pulumi.Input[Optional[str]]] = N __args__ = dict() __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:composer/getImageVersions:getImageVersions', __args__, opts=opts, typ=GetImageVersionsResult) return __ret__.apply(lambda __response__: GetImageVersionsResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/composer/get_user_workloads_config_map.py b/sdk/python/pulumi_gcp/composer/get_user_workloads_config_map.py index eae29fbc04..172d5f240a 100644 --- a/sdk/python/pulumi_gcp/composer/get_user_workloads_config_map.py +++ b/sdk/python/pulumi_gcp/composer/get_user_workloads_config_map.py @@ -155,7 +155,7 @@ def get_user_workloads_config_map_output(environment: Optional[pulumi.Input[str] name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetUserWorkloadsConfigMapResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetUserWorkloadsConfigMapResult]: """ ## Example Usage @@ -194,7 +194,7 @@ def get_user_workloads_config_map_output(environment: Optional[pulumi.Input[str] __args__['name'] = name __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:composer/getUserWorkloadsConfigMap:getUserWorkloadsConfigMap', __args__, opts=opts, typ=GetUserWorkloadsConfigMapResult) return __ret__.apply(lambda __response__: GetUserWorkloadsConfigMapResult( data=pulumi.get(__response__, 'data'), diff --git a/sdk/python/pulumi_gcp/composer/get_user_workloads_secret.py b/sdk/python/pulumi_gcp/composer/get_user_workloads_secret.py index 07bcdb56d4..4a38dee0f7 100644 --- a/sdk/python/pulumi_gcp/composer/get_user_workloads_secret.py +++ b/sdk/python/pulumi_gcp/composer/get_user_workloads_secret.py @@ -152,7 +152,7 @@ def get_user_workloads_secret_output(environment: Optional[pulumi.Input[str]] = name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetUserWorkloadsSecretResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetUserWorkloadsSecretResult]: """ ## Example Usage @@ -192,7 +192,7 @@ def get_user_workloads_secret_output(environment: Optional[pulumi.Input[str]] = __args__['name'] = name __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:composer/getUserWorkloadsSecret:getUserWorkloadsSecret', __args__, opts=opts, typ=GetUserWorkloadsSecretResult) return __ret__.apply(lambda __response__: GetUserWorkloadsSecretResult( data=pulumi.get(__response__, 'data'), diff --git a/sdk/python/pulumi_gcp/compute/get_address.py b/sdk/python/pulumi_gcp/compute/get_address.py index 8d110ba1fc..c96fe50755 100644 --- a/sdk/python/pulumi_gcp/compute/get_address.py +++ b/sdk/python/pulumi_gcp/compute/get_address.py @@ -235,7 +235,7 @@ def get_address(name: Optional[str] = None, def get_address_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAddressResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAddressResult]: """ Get the IP address from a static address. For more information see the official [API](https://cloud.google.com/compute/docs/reference/latest/addresses/get) documentation. @@ -271,7 +271,7 @@ def get_address_output(name: Optional[pulumi.Input[str]] = None, __args__['name'] = name __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getAddress:getAddress', __args__, opts=opts, typ=GetAddressResult) return __ret__.apply(lambda __response__: GetAddressResult( address=pulumi.get(__response__, 'address'), diff --git a/sdk/python/pulumi_gcp/compute/get_addresses.py b/sdk/python/pulumi_gcp/compute/get_addresses.py index c1c5b6e005..e58999b194 100644 --- a/sdk/python/pulumi_gcp/compute/get_addresses.py +++ b/sdk/python/pulumi_gcp/compute/get_addresses.py @@ -163,7 +163,7 @@ def get_addresses(filter: Optional[str] = None, def get_addresses_output(filter: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAddressesResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAddressesResult]: """ List IP addresses in a project. For more information see the official API [list](https://cloud.google.com/compute/docs/reference/latest/addresses/list) and @@ -219,7 +219,7 @@ def get_addresses_output(filter: Optional[pulumi.Input[Optional[str]]] = None, __args__['filter'] = filter __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getAddresses:getAddresses', __args__, opts=opts, typ=GetAddressesResult) return __ret__.apply(lambda __response__: GetAddressesResult( addresses=pulumi.get(__response__, 'addresses'), diff --git a/sdk/python/pulumi_gcp/compute/get_backend_bucket.py b/sdk/python/pulumi_gcp/compute/get_backend_bucket.py index ff9ee580b7..f5b73c7e4e 100644 --- a/sdk/python/pulumi_gcp/compute/get_backend_bucket.py +++ b/sdk/python/pulumi_gcp/compute/get_backend_bucket.py @@ -192,7 +192,7 @@ def get_backend_bucket(name: Optional[str] = None, self_link=pulumi.get(__ret__, 'self_link')) def get_backend_bucket_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetBackendBucketResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetBackendBucketResult]: """ Get information about a BackendBucket. @@ -215,7 +215,7 @@ def get_backend_bucket_output(name: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getBackendBucket:getBackendBucket', __args__, opts=opts, typ=GetBackendBucketResult) return __ret__.apply(lambda __response__: GetBackendBucketResult( bucket_name=pulumi.get(__response__, 'bucket_name'), diff --git a/sdk/python/pulumi_gcp/compute/get_backend_bucket_iam_policy.py b/sdk/python/pulumi_gcp/compute/get_backend_bucket_iam_policy.py index bd8da18645..b2c1212247 100644 --- a/sdk/python/pulumi_gcp/compute/get_backend_bucket_iam_policy.py +++ b/sdk/python/pulumi_gcp/compute/get_backend_bucket_iam_policy.py @@ -116,7 +116,7 @@ def get_backend_bucket_iam_policy(name: Optional[str] = None, project=pulumi.get(__ret__, 'project')) def get_backend_bucket_iam_policy_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetBackendBucketIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetBackendBucketIamPolicyResult]: """ Use this data source to access information about an existing resource. @@ -127,7 +127,7 @@ def get_backend_bucket_iam_policy_output(name: Optional[pulumi.Input[str]] = Non __args__ = dict() __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getBackendBucketIamPolicy:getBackendBucketIamPolicy', __args__, opts=opts, typ=GetBackendBucketIamPolicyResult) return __ret__.apply(lambda __response__: GetBackendBucketIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/compute/get_backend_service.py b/sdk/python/pulumi_gcp/compute/get_backend_service.py index a1f657067f..cb8929a2ef 100644 --- a/sdk/python/pulumi_gcp/compute/get_backend_service.py +++ b/sdk/python/pulumi_gcp/compute/get_backend_service.py @@ -462,7 +462,7 @@ def get_backend_service(name: Optional[str] = None, timeout_sec=pulumi.get(__ret__, 'timeout_sec')) def get_backend_service_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetBackendServiceResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetBackendServiceResult]: """ Provide access to a Backend Service's attribute. For more information see [the official documentation](https://cloud.google.com/compute/docs/load-balancing/http/backend-service) @@ -489,7 +489,7 @@ def get_backend_service_output(name: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getBackendService:getBackendService', __args__, opts=opts, typ=GetBackendServiceResult) return __ret__.apply(lambda __response__: GetBackendServiceResult( affinity_cookie_ttl_sec=pulumi.get(__response__, 'affinity_cookie_ttl_sec'), diff --git a/sdk/python/pulumi_gcp/compute/get_backend_service_iam_policy.py b/sdk/python/pulumi_gcp/compute/get_backend_service_iam_policy.py index 79f99952fb..06bcc4da98 100644 --- a/sdk/python/pulumi_gcp/compute/get_backend_service_iam_policy.py +++ b/sdk/python/pulumi_gcp/compute/get_backend_service_iam_policy.py @@ -116,7 +116,7 @@ def get_backend_service_iam_policy(name: Optional[str] = None, project=pulumi.get(__ret__, 'project')) def get_backend_service_iam_policy_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetBackendServiceIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetBackendServiceIamPolicyResult]: """ Use this data source to access information about an existing resource. @@ -127,7 +127,7 @@ def get_backend_service_iam_policy_output(name: Optional[pulumi.Input[str]] = No __args__ = dict() __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getBackendServiceIamPolicy:getBackendServiceIamPolicy', __args__, opts=opts, typ=GetBackendServiceIamPolicyResult) return __ret__.apply(lambda __response__: GetBackendServiceIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/compute/get_certificate.py b/sdk/python/pulumi_gcp/compute/get_certificate.py index ff7a4c9e84..2fdf80ea26 100644 --- a/sdk/python/pulumi_gcp/compute/get_certificate.py +++ b/sdk/python/pulumi_gcp/compute/get_certificate.py @@ -184,7 +184,7 @@ def get_certificate(name: Optional[str] = None, self_link=pulumi.get(__ret__, 'self_link')) def get_certificate_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetCertificateResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetCertificateResult]: """ Get info about a Google Compute SSL Certificate from its name. @@ -210,7 +210,7 @@ def get_certificate_output(name: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getCertificate:getCertificate', __args__, opts=opts, typ=GetCertificateResult) return __ret__.apply(lambda __response__: GetCertificateResult( certificate=pulumi.get(__response__, 'certificate'), diff --git a/sdk/python/pulumi_gcp/compute/get_default_service_account.py b/sdk/python/pulumi_gcp/compute/get_default_service_account.py index a2a86724b2..789b46f4b1 100644 --- a/sdk/python/pulumi_gcp/compute/get_default_service_account.py +++ b/sdk/python/pulumi_gcp/compute/get_default_service_account.py @@ -150,7 +150,7 @@ def get_default_service_account(project: Optional[str] = None, project=pulumi.get(__ret__, 'project'), unique_id=pulumi.get(__ret__, 'unique_id')) def get_default_service_account_output(project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetDefaultServiceAccountResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetDefaultServiceAccountResult]: """ Use this data source to retrieve default service account for this project @@ -169,7 +169,7 @@ def get_default_service_account_output(project: Optional[pulumi.Input[Optional[s """ __args__ = dict() __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getDefaultServiceAccount:getDefaultServiceAccount', __args__, opts=opts, typ=GetDefaultServiceAccountResult) return __ret__.apply(lambda __response__: GetDefaultServiceAccountResult( display_name=pulumi.get(__response__, 'display_name'), diff --git a/sdk/python/pulumi_gcp/compute/get_disk.py b/sdk/python/pulumi_gcp/compute/get_disk.py index 650fa20245..3b874f15ac 100644 --- a/sdk/python/pulumi_gcp/compute/get_disk.py +++ b/sdk/python/pulumi_gcp/compute/get_disk.py @@ -529,7 +529,7 @@ def get_disk(name: Optional[str] = None, def get_disk_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, zone: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetDiskResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetDiskResult]: """ Get information about a Google Compute Persistent disks. @@ -561,7 +561,7 @@ def get_disk_output(name: Optional[pulumi.Input[str]] = None, __args__['name'] = name __args__['project'] = project __args__['zone'] = zone - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getDisk:getDisk', __args__, opts=opts, typ=GetDiskResult) return __ret__.apply(lambda __response__: GetDiskResult( access_mode=pulumi.get(__response__, 'access_mode'), diff --git a/sdk/python/pulumi_gcp/compute/get_disk_iam_policy.py b/sdk/python/pulumi_gcp/compute/get_disk_iam_policy.py index 981553f671..26f3c919d8 100644 --- a/sdk/python/pulumi_gcp/compute/get_disk_iam_policy.py +++ b/sdk/python/pulumi_gcp/compute/get_disk_iam_policy.py @@ -144,7 +144,7 @@ def get_disk_iam_policy(name: Optional[str] = None, def get_disk_iam_policy_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, zone: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetDiskIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetDiskIamPolicyResult]: """ Retrieves the current IAM policy data for disk @@ -171,7 +171,7 @@ def get_disk_iam_policy_output(name: Optional[pulumi.Input[str]] = None, __args__['name'] = name __args__['project'] = project __args__['zone'] = zone - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getDiskIamPolicy:getDiskIamPolicy', __args__, opts=opts, typ=GetDiskIamPolicyResult) return __ret__.apply(lambda __response__: GetDiskIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/compute/get_forwarding_rule.py b/sdk/python/pulumi_gcp/compute/get_forwarding_rule.py index 96c2135285..bc1f4eda8f 100644 --- a/sdk/python/pulumi_gcp/compute/get_forwarding_rule.py +++ b/sdk/python/pulumi_gcp/compute/get_forwarding_rule.py @@ -438,7 +438,7 @@ def get_forwarding_rule(name: Optional[str] = None, def get_forwarding_rule_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetForwardingRuleResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetForwardingRuleResult]: """ Get a forwarding rule within GCE from its name. @@ -465,7 +465,7 @@ def get_forwarding_rule_output(name: Optional[pulumi.Input[str]] = None, __args__['name'] = name __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getForwardingRule:getForwardingRule', __args__, opts=opts, typ=GetForwardingRuleResult) return __ret__.apply(lambda __response__: GetForwardingRuleResult( all_ports=pulumi.get(__response__, 'all_ports'), diff --git a/sdk/python/pulumi_gcp/compute/get_forwarding_rules.py b/sdk/python/pulumi_gcp/compute/get_forwarding_rules.py index b6383fd65e..6eff36ae6a 100644 --- a/sdk/python/pulumi_gcp/compute/get_forwarding_rules.py +++ b/sdk/python/pulumi_gcp/compute/get_forwarding_rules.py @@ -121,7 +121,7 @@ def get_forwarding_rules(project: Optional[str] = None, rules=pulumi.get(__ret__, 'rules')) def get_forwarding_rules_output(project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetForwardingRulesResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetForwardingRulesResult]: """ List all networks in a specified Google Cloud project. @@ -144,7 +144,7 @@ def get_forwarding_rules_output(project: Optional[pulumi.Input[Optional[str]]] = __args__ = dict() __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getForwardingRules:getForwardingRules', __args__, opts=opts, typ=GetForwardingRulesResult) return __ret__.apply(lambda __response__: GetForwardingRulesResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/compute/get_global_address.py b/sdk/python/pulumi_gcp/compute/get_global_address.py index c74d23adb7..97564be631 100644 --- a/sdk/python/pulumi_gcp/compute/get_global_address.py +++ b/sdk/python/pulumi_gcp/compute/get_global_address.py @@ -220,7 +220,7 @@ def get_global_address(name: Optional[str] = None, users=pulumi.get(__ret__, 'users')) def get_global_address_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetGlobalAddressResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetGlobalAddressResult]: """ Get the IP address from a static address reserved for a Global Forwarding Rule which are only used for HTTP load balancing. For more information see the official [API](https://cloud.google.com/compute/docs/reference/latest/globalAddresses) documentation. @@ -253,7 +253,7 @@ def get_global_address_output(name: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getGlobalAddress:getGlobalAddress', __args__, opts=opts, typ=GetGlobalAddressResult) return __ret__.apply(lambda __response__: GetGlobalAddressResult( address=pulumi.get(__response__, 'address'), diff --git a/sdk/python/pulumi_gcp/compute/get_global_forwarding_rule.py b/sdk/python/pulumi_gcp/compute/get_global_forwarding_rule.py index e18acf8305..1c65d08ba4 100644 --- a/sdk/python/pulumi_gcp/compute/get_global_forwarding_rule.py +++ b/sdk/python/pulumi_gcp/compute/get_global_forwarding_rule.py @@ -322,7 +322,7 @@ def get_global_forwarding_rule(name: Optional[str] = None, target=pulumi.get(__ret__, 'target')) def get_global_forwarding_rule_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetGlobalForwardingRuleResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetGlobalForwardingRuleResult]: """ Get a global forwarding rule within GCE from its name. @@ -345,7 +345,7 @@ def get_global_forwarding_rule_output(name: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getGlobalForwardingRule:getGlobalForwardingRule', __args__, opts=opts, typ=GetGlobalForwardingRuleResult) return __ret__.apply(lambda __response__: GetGlobalForwardingRuleResult( allow_psc_global_access=pulumi.get(__response__, 'allow_psc_global_access'), diff --git a/sdk/python/pulumi_gcp/compute/get_hc_vpn_gateway.py b/sdk/python/pulumi_gcp/compute/get_hc_vpn_gateway.py index 7b5588da86..068aaaa120 100644 --- a/sdk/python/pulumi_gcp/compute/get_hc_vpn_gateway.py +++ b/sdk/python/pulumi_gcp/compute/get_hc_vpn_gateway.py @@ -178,7 +178,7 @@ def get_hc_vpn_gateway(name: Optional[str] = None, def get_hc_vpn_gateway_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetHcVpnGatewayResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetHcVpnGatewayResult]: """ Get a HA VPN Gateway within GCE from its name. @@ -205,7 +205,7 @@ def get_hc_vpn_gateway_output(name: Optional[pulumi.Input[str]] = None, __args__['name'] = name __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getHcVpnGateway:getHcVpnGateway', __args__, opts=opts, typ=GetHcVpnGatewayResult) return __ret__.apply(lambda __response__: GetHcVpnGatewayResult( description=pulumi.get(__response__, 'description'), diff --git a/sdk/python/pulumi_gcp/compute/get_health_check.py b/sdk/python/pulumi_gcp/compute/get_health_check.py index 8f8369bd52..8713913037 100644 --- a/sdk/python/pulumi_gcp/compute/get_health_check.py +++ b/sdk/python/pulumi_gcp/compute/get_health_check.py @@ -262,7 +262,7 @@ def get_health_check(name: Optional[str] = None, unhealthy_threshold=pulumi.get(__ret__, 'unhealthy_threshold')) def get_health_check_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetHealthCheckResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetHealthCheckResult]: """ Get information about a HealthCheck. @@ -285,7 +285,7 @@ def get_health_check_output(name: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getHealthCheck:getHealthCheck', __args__, opts=opts, typ=GetHealthCheckResult) return __ret__.apply(lambda __response__: GetHealthCheckResult( check_interval_sec=pulumi.get(__response__, 'check_interval_sec'), diff --git a/sdk/python/pulumi_gcp/compute/get_image.py b/sdk/python/pulumi_gcp/compute/get_image.py index cfc440304b..0e567b6a2b 100644 --- a/sdk/python/pulumi_gcp/compute/get_image.py +++ b/sdk/python/pulumi_gcp/compute/get_image.py @@ -361,7 +361,7 @@ def get_image_output(family: Optional[pulumi.Input[Optional[str]]] = None, most_recent: Optional[pulumi.Input[Optional[bool]]] = None, name: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetImageResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetImageResult]: """ Get information about a Google Compute Image. Check that your service account has the `compute.imageUser` role if you want to share [custom images](https://cloud.google.com/compute/docs/images/sharing-images-across-projects) from another project. If you want to use [public images][pubimg], do not forget to specify the dedicated project. For more information see [the official documentation](https://cloud.google.com/compute/docs/images) and its [API](https://cloud.google.com/compute/docs/reference/latest/images). @@ -403,7 +403,7 @@ def get_image_output(family: Optional[pulumi.Input[Optional[str]]] = None, __args__['mostRecent'] = most_recent __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getImage:getImage', __args__, opts=opts, typ=GetImageResult) return __ret__.apply(lambda __response__: GetImageResult( archive_size_bytes=pulumi.get(__response__, 'archive_size_bytes'), diff --git a/sdk/python/pulumi_gcp/compute/get_image_iam_policy.py b/sdk/python/pulumi_gcp/compute/get_image_iam_policy.py index 99885046a7..3e7888ff56 100644 --- a/sdk/python/pulumi_gcp/compute/get_image_iam_policy.py +++ b/sdk/python/pulumi_gcp/compute/get_image_iam_policy.py @@ -127,7 +127,7 @@ def get_image_iam_policy(image: Optional[str] = None, project=pulumi.get(__ret__, 'project')) def get_image_iam_policy_output(image: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetImageIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetImageIamPolicyResult]: """ Retrieves the current IAM policy data for image @@ -149,7 +149,7 @@ def get_image_iam_policy_output(image: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['image'] = image __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getImageIamPolicy:getImageIamPolicy', __args__, opts=opts, typ=GetImageIamPolicyResult) return __ret__.apply(lambda __response__: GetImageIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/compute/get_instance.py b/sdk/python/pulumi_gcp/compute/get_instance.py index f8dfcbe3c1..3979e1e1c8 100644 --- a/sdk/python/pulumi_gcp/compute/get_instance.py +++ b/sdk/python/pulumi_gcp/compute/get_instance.py @@ -599,7 +599,7 @@ def get_instance_output(name: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, self_link: Optional[pulumi.Input[Optional[str]]] = None, zone: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetInstanceResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetInstanceResult]: """ Get information about a VM instance resource within GCE. For more information see [the official documentation](https://cloud.google.com/compute/docs/instances) @@ -631,7 +631,7 @@ def get_instance_output(name: Optional[pulumi.Input[Optional[str]]] = None, __args__['project'] = project __args__['selfLink'] = self_link __args__['zone'] = zone - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getInstance:getInstance', __args__, opts=opts, typ=GetInstanceResult) return __ret__.apply(lambda __response__: GetInstanceResult( advanced_machine_features=pulumi.get(__response__, 'advanced_machine_features'), diff --git a/sdk/python/pulumi_gcp/compute/get_instance_group.py b/sdk/python/pulumi_gcp/compute/get_instance_group.py index 3c8731343d..b8cd947585 100644 --- a/sdk/python/pulumi_gcp/compute/get_instance_group.py +++ b/sdk/python/pulumi_gcp/compute/get_instance_group.py @@ -198,7 +198,7 @@ def get_instance_group_output(name: Optional[pulumi.Input[Optional[str]]] = None project: Optional[pulumi.Input[Optional[str]]] = None, self_link: Optional[pulumi.Input[Optional[str]]] = None, zone: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetInstanceGroupResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetInstanceGroupResult]: """ Get a Compute Instance Group within GCE. For more information, see [the official documentation](https://cloud.google.com/compute/docs/instance-groups/#unmanaged_instance_groups) @@ -225,7 +225,7 @@ def get_instance_group_output(name: Optional[pulumi.Input[Optional[str]]] = None __args__['project'] = project __args__['selfLink'] = self_link __args__['zone'] = zone - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getInstanceGroup:getInstanceGroup', __args__, opts=opts, typ=GetInstanceGroupResult) return __ret__.apply(lambda __response__: GetInstanceGroupResult( description=pulumi.get(__response__, 'description'), diff --git a/sdk/python/pulumi_gcp/compute/get_instance_group_manager.py b/sdk/python/pulumi_gcp/compute/get_instance_group_manager.py index 899d42ae19..f8740b36c6 100644 --- a/sdk/python/pulumi_gcp/compute/get_instance_group_manager.py +++ b/sdk/python/pulumi_gcp/compute/get_instance_group_manager.py @@ -381,7 +381,7 @@ def get_instance_group_manager_output(name: Optional[pulumi.Input[Optional[str]] project: Optional[pulumi.Input[Optional[str]]] = None, self_link: Optional[pulumi.Input[Optional[str]]] = None, zone: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetInstanceGroupManagerResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetInstanceGroupManagerResult]: """ Get a Compute Instance Group Manager within GCE. For more information, see [the official documentation](https://cloud.google.com/compute/docs/instance-groups#managed_instance_groups) @@ -409,7 +409,7 @@ def get_instance_group_manager_output(name: Optional[pulumi.Input[Optional[str]] __args__['project'] = project __args__['selfLink'] = self_link __args__['zone'] = zone - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getInstanceGroupManager:getInstanceGroupManager', __args__, opts=opts, typ=GetInstanceGroupManagerResult) return __ret__.apply(lambda __response__: GetInstanceGroupManagerResult( all_instances_configs=pulumi.get(__response__, 'all_instances_configs'), diff --git a/sdk/python/pulumi_gcp/compute/get_instance_guest_attributes.py b/sdk/python/pulumi_gcp/compute/get_instance_guest_attributes.py index 1efc4f0643..737af34eff 100644 --- a/sdk/python/pulumi_gcp/compute/get_instance_guest_attributes.py +++ b/sdk/python/pulumi_gcp/compute/get_instance_guest_attributes.py @@ -208,7 +208,7 @@ def get_instance_guest_attributes_output(name: Optional[pulumi.Input[str]] = Non region: Optional[pulumi.Input[Optional[str]]] = None, variable_key: Optional[pulumi.Input[Optional[str]]] = None, zone: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetInstanceGuestAttributesResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetInstanceGuestAttributesResult]: """ Get information about a VM instance resource within GCE. For more information see [the official documentation](https://cloud.google.com/compute/docs/instances) @@ -263,7 +263,7 @@ def get_instance_guest_attributes_output(name: Optional[pulumi.Input[str]] = Non __args__['region'] = region __args__['variableKey'] = variable_key __args__['zone'] = zone - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getInstanceGuestAttributes:getInstanceGuestAttributes', __args__, opts=opts, typ=GetInstanceGuestAttributesResult) return __ret__.apply(lambda __response__: GetInstanceGuestAttributesResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/compute/get_instance_iam_policy.py b/sdk/python/pulumi_gcp/compute/get_instance_iam_policy.py index 19089d53af..808975b8ca 100644 --- a/sdk/python/pulumi_gcp/compute/get_instance_iam_policy.py +++ b/sdk/python/pulumi_gcp/compute/get_instance_iam_policy.py @@ -144,7 +144,7 @@ def get_instance_iam_policy(instance_name: Optional[str] = None, def get_instance_iam_policy_output(instance_name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, zone: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetInstanceIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetInstanceIamPolicyResult]: """ Retrieves the current IAM policy data for instance @@ -171,7 +171,7 @@ def get_instance_iam_policy_output(instance_name: Optional[pulumi.Input[str]] = __args__['instanceName'] = instance_name __args__['project'] = project __args__['zone'] = zone - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getInstanceIamPolicy:getInstanceIamPolicy', __args__, opts=opts, typ=GetInstanceIamPolicyResult) return __ret__.apply(lambda __response__: GetInstanceIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/compute/get_instance_serial_port.py b/sdk/python/pulumi_gcp/compute/get_instance_serial_port.py index 3bfb56366d..dfe9e512bc 100644 --- a/sdk/python/pulumi_gcp/compute/get_instance_serial_port.py +++ b/sdk/python/pulumi_gcp/compute/get_instance_serial_port.py @@ -194,7 +194,7 @@ def get_instance_serial_port_output(instance: Optional[pulumi.Input[str]] = None port: Optional[pulumi.Input[int]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, zone: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetInstanceSerialPortResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetInstanceSerialPortResult]: """ Get the serial port output from a Compute Instance. For more information see the official [API](https://cloud.google.com/compute/docs/instances/viewing-serial-port-output) documentation. @@ -273,7 +273,7 @@ def get_instance_serial_port_output(instance: Optional[pulumi.Input[str]] = None __args__['port'] = port __args__['project'] = project __args__['zone'] = zone - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getInstanceSerialPort:getInstanceSerialPort', __args__, opts=opts, typ=GetInstanceSerialPortResult) return __ret__.apply(lambda __response__: GetInstanceSerialPortResult( contents=pulumi.get(__response__, 'contents'), diff --git a/sdk/python/pulumi_gcp/compute/get_instance_template.py b/sdk/python/pulumi_gcp/compute/get_instance_template.py index ca4b09fb36..1fd64c7e0f 100644 --- a/sdk/python/pulumi_gcp/compute/get_instance_template.py +++ b/sdk/python/pulumi_gcp/compute/get_instance_template.py @@ -571,7 +571,7 @@ def get_instance_template_output(filter: Optional[pulumi.Input[Optional[str]]] = name: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, self_link_unique: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetInstanceTemplateResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetInstanceTemplateResult]: """ > **Note**: Global instance templates can be used in any region. To lower the impact of outages outside your region and gain data residency within your region, use google_compute_region_instance_template. @@ -597,7 +597,7 @@ def get_instance_template_output(filter: Optional[pulumi.Input[Optional[str]]] = __args__['name'] = name __args__['project'] = project __args__['selfLinkUnique'] = self_link_unique - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getInstanceTemplate:getInstanceTemplate', __args__, opts=opts, typ=GetInstanceTemplateResult) return __ret__.apply(lambda __response__: GetInstanceTemplateResult( advanced_machine_features=pulumi.get(__response__, 'advanced_machine_features'), diff --git a/sdk/python/pulumi_gcp/compute/get_lbip_ranges.py b/sdk/python/pulumi_gcp/compute/get_lbip_ranges.py index b9fd455f89..e4b8f38c3b 100644 --- a/sdk/python/pulumi_gcp/compute/get_lbip_ranges.py +++ b/sdk/python/pulumi_gcp/compute/get_lbip_ranges.py @@ -105,7 +105,7 @@ def get_lbip_ranges(opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGet http_ssl_tcp_internals=pulumi.get(__ret__, 'http_ssl_tcp_internals'), id=pulumi.get(__ret__, 'id'), networks=pulumi.get(__ret__, 'networks')) -def get_lbip_ranges_output(opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetLBIPRangesResult]: +def get_lbip_ranges_output(opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetLBIPRangesResult]: """ Use this data source to access IP ranges in your firewall rules. @@ -130,7 +130,7 @@ def get_lbip_ranges_output(opts: Optional[pulumi.InvokeOptions] = None) -> pulum ``` """ __args__ = dict() - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getLBIPRanges:getLBIPRanges', __args__, opts=opts, typ=GetLBIPRangesResult) return __ret__.apply(lambda __response__: GetLBIPRangesResult( http_ssl_tcp_internals=pulumi.get(__response__, 'http_ssl_tcp_internals'), diff --git a/sdk/python/pulumi_gcp/compute/get_machine_image_iam_policy.py b/sdk/python/pulumi_gcp/compute/get_machine_image_iam_policy.py index 85a839afd5..c52f49e133 100644 --- a/sdk/python/pulumi_gcp/compute/get_machine_image_iam_policy.py +++ b/sdk/python/pulumi_gcp/compute/get_machine_image_iam_policy.py @@ -116,7 +116,7 @@ def get_machine_image_iam_policy(machine_image: Optional[str] = None, project=pulumi.get(__ret__, 'project')) def get_machine_image_iam_policy_output(machine_image: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetMachineImageIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetMachineImageIamPolicyResult]: """ Use this data source to access information about an existing resource. @@ -127,7 +127,7 @@ def get_machine_image_iam_policy_output(machine_image: Optional[pulumi.Input[str __args__ = dict() __args__['machineImage'] = machine_image __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getMachineImageIamPolicy:getMachineImageIamPolicy', __args__, opts=opts, typ=GetMachineImageIamPolicyResult) return __ret__.apply(lambda __response__: GetMachineImageIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/compute/get_machine_types.py b/sdk/python/pulumi_gcp/compute/get_machine_types.py index a8f35533ac..48c23f9270 100644 --- a/sdk/python/pulumi_gcp/compute/get_machine_types.py +++ b/sdk/python/pulumi_gcp/compute/get_machine_types.py @@ -125,7 +125,7 @@ def get_machine_types(filter: Optional[str] = None, def get_machine_types_output(filter: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, zone: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetMachineTypesResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetMachineTypesResult]: """ Provides access to available Google Compute machine types in a zone for a given project. See more about [machine type availability](https://cloud.google.com/compute/docs/regions-zones#available) in the upstream docs. @@ -146,7 +146,7 @@ def get_machine_types_output(filter: Optional[pulumi.Input[Optional[str]]] = Non __args__['filter'] = filter __args__['project'] = project __args__['zone'] = zone - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getMachineTypes:getMachineTypes', __args__, opts=opts, typ=GetMachineTypesResult) return __ret__.apply(lambda __response__: GetMachineTypesResult( filter=pulumi.get(__response__, 'filter'), diff --git a/sdk/python/pulumi_gcp/compute/get_netblock_ip_ranges.py b/sdk/python/pulumi_gcp/compute/get_netblock_ip_ranges.py index 92f5a4ca7d..8d1e92d9f9 100644 --- a/sdk/python/pulumi_gcp/compute/get_netblock_ip_ranges.py +++ b/sdk/python/pulumi_gcp/compute/get_netblock_ip_ranges.py @@ -164,7 +164,7 @@ def get_netblock_ip_ranges(range_type: Optional[str] = None, id=pulumi.get(__ret__, 'id'), range_type=pulumi.get(__ret__, 'range_type')) def get_netblock_ip_ranges_output(range_type: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetNetblockIPRangesResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetNetblockIPRangesResult]: """ Use this data source to get the IP addresses from different special IP ranges on Google Cloud Platform. @@ -223,7 +223,7 @@ def get_netblock_ip_ranges_output(range_type: Optional[pulumi.Input[Optional[str """ __args__ = dict() __args__['rangeType'] = range_type - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getNetblockIPRanges:getNetblockIPRanges', __args__, opts=opts, typ=GetNetblockIPRangesResult) return __ret__.apply(lambda __response__: GetNetblockIPRangesResult( cidr_blocks=pulumi.get(__response__, 'cidr_blocks'), diff --git a/sdk/python/pulumi_gcp/compute/get_network.py b/sdk/python/pulumi_gcp/compute/get_network.py index bfd7b97b46..3d82d0e918 100644 --- a/sdk/python/pulumi_gcp/compute/get_network.py +++ b/sdk/python/pulumi_gcp/compute/get_network.py @@ -167,7 +167,7 @@ def get_network(name: Optional[str] = None, subnetworks_self_links=pulumi.get(__ret__, 'subnetworks_self_links')) def get_network_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetNetworkResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetNetworkResult]: """ Get a network within GCE from its name. @@ -191,7 +191,7 @@ def get_network_output(name: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getNetwork:getNetwork', __args__, opts=opts, typ=GetNetworkResult) return __ret__.apply(lambda __response__: GetNetworkResult( description=pulumi.get(__response__, 'description'), diff --git a/sdk/python/pulumi_gcp/compute/get_network_endpoint_group.py b/sdk/python/pulumi_gcp/compute/get_network_endpoint_group.py index bac27a5641..f3eb089307 100644 --- a/sdk/python/pulumi_gcp/compute/get_network_endpoint_group.py +++ b/sdk/python/pulumi_gcp/compute/get_network_endpoint_group.py @@ -210,7 +210,7 @@ def get_network_endpoint_group_output(name: Optional[pulumi.Input[Optional[str]] project: Optional[pulumi.Input[Optional[str]]] = None, self_link: Optional[pulumi.Input[Optional[str]]] = None, zone: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetNetworkEndpointGroupResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetNetworkEndpointGroupResult]: """ Use this data source to access a Network Endpoint Group's attributes. @@ -240,7 +240,7 @@ def get_network_endpoint_group_output(name: Optional[pulumi.Input[Optional[str]] __args__['project'] = project __args__['selfLink'] = self_link __args__['zone'] = zone - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getNetworkEndpointGroup:getNetworkEndpointGroup', __args__, opts=opts, typ=GetNetworkEndpointGroupResult) return __ret__.apply(lambda __response__: GetNetworkEndpointGroupResult( default_port=pulumi.get(__response__, 'default_port'), diff --git a/sdk/python/pulumi_gcp/compute/get_network_peering.py b/sdk/python/pulumi_gcp/compute/get_network_peering.py index a978040a53..e8790db3a9 100644 --- a/sdk/python/pulumi_gcp/compute/get_network_peering.py +++ b/sdk/python/pulumi_gcp/compute/get_network_peering.py @@ -196,7 +196,7 @@ def get_network_peering(name: Optional[str] = None, state_details=pulumi.get(__ret__, 'state_details')) def get_network_peering_output(name: Optional[pulumi.Input[str]] = None, network: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetNetworkPeeringResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetNetworkPeeringResult]: """ Get information of a specified compute network peering. For more information see [the official documentation](https://cloud.google.com/compute/docs/vpc/vpc-peering) @@ -234,7 +234,7 @@ def get_network_peering_output(name: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['name'] = name __args__['network'] = network - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getNetworkPeering:getNetworkPeering', __args__, opts=opts, typ=GetNetworkPeeringResult) return __ret__.apply(lambda __response__: GetNetworkPeeringResult( export_custom_routes=pulumi.get(__response__, 'export_custom_routes'), diff --git a/sdk/python/pulumi_gcp/compute/get_networks.py b/sdk/python/pulumi_gcp/compute/get_networks.py index 1375e377d8..7b0ed295da 100644 --- a/sdk/python/pulumi_gcp/compute/get_networks.py +++ b/sdk/python/pulumi_gcp/compute/get_networks.py @@ -113,7 +113,7 @@ def get_networks(project: Optional[str] = None, project=pulumi.get(__ret__, 'project'), self_link=pulumi.get(__ret__, 'self_link')) def get_networks_output(project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetNetworksResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetNetworksResult]: """ List all networks in a specified Google Cloud project. @@ -131,7 +131,7 @@ def get_networks_output(project: Optional[pulumi.Input[Optional[str]]] = None, """ __args__ = dict() __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getNetworks:getNetworks', __args__, opts=opts, typ=GetNetworksResult) return __ret__.apply(lambda __response__: GetNetworksResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/compute/get_node_types.py b/sdk/python/pulumi_gcp/compute/get_node_types.py index 02ca872d82..6176702cc4 100644 --- a/sdk/python/pulumi_gcp/compute/get_node_types.py +++ b/sdk/python/pulumi_gcp/compute/get_node_types.py @@ -119,7 +119,7 @@ def get_node_types(project: Optional[str] = None, zone=pulumi.get(__ret__, 'zone')) def get_node_types_output(project: Optional[pulumi.Input[Optional[str]]] = None, zone: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetNodeTypesResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetNodeTypesResult]: """ Provides available node types for Compute Engine sole-tenant nodes in a zone for a given project. For more information, see [the official documentation](https://cloud.google.com/compute/docs/nodes/#types) and [API](https://cloud.google.com/compute/docs/reference/rest/v1/nodeTypes). @@ -147,7 +147,7 @@ def get_node_types_output(project: Optional[pulumi.Input[Optional[str]]] = None, __args__ = dict() __args__['project'] = project __args__['zone'] = zone - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getNodeTypes:getNodeTypes', __args__, opts=opts, typ=GetNodeTypesResult) return __ret__.apply(lambda __response__: GetNodeTypesResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/compute/get_region_backend_service_iam_policy.py b/sdk/python/pulumi_gcp/compute/get_region_backend_service_iam_policy.py index f6a56ae3e5..d9ffefd112 100644 --- a/sdk/python/pulumi_gcp/compute/get_region_backend_service_iam_policy.py +++ b/sdk/python/pulumi_gcp/compute/get_region_backend_service_iam_policy.py @@ -134,7 +134,7 @@ def get_region_backend_service_iam_policy(name: Optional[str] = None, def get_region_backend_service_iam_policy_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRegionBackendServiceIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetRegionBackendServiceIamPolicyResult]: """ Use this data source to access information about an existing resource. @@ -151,7 +151,7 @@ def get_region_backend_service_iam_policy_output(name: Optional[pulumi.Input[str __args__['name'] = name __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getRegionBackendServiceIamPolicy:getRegionBackendServiceIamPolicy', __args__, opts=opts, typ=GetRegionBackendServiceIamPolicyResult) return __ret__.apply(lambda __response__: GetRegionBackendServiceIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/compute/get_region_disk.py b/sdk/python/pulumi_gcp/compute/get_region_disk.py index ac37c9da99..84f46d1643 100644 --- a/sdk/python/pulumi_gcp/compute/get_region_disk.py +++ b/sdk/python/pulumi_gcp/compute/get_region_disk.py @@ -349,7 +349,7 @@ def get_region_disk(name: Optional[str] = None, def get_region_disk_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRegionDiskResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetRegionDiskResult]: """ Get information about a Google Compute Regional Persistent disks. @@ -367,7 +367,7 @@ def get_region_disk_output(name: Optional[pulumi.Input[str]] = None, __args__['name'] = name __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getRegionDisk:getRegionDisk', __args__, opts=opts, typ=GetRegionDiskResult) return __ret__.apply(lambda __response__: GetRegionDiskResult( async_primary_disks=pulumi.get(__response__, 'async_primary_disks'), diff --git a/sdk/python/pulumi_gcp/compute/get_region_disk_iam_policy.py b/sdk/python/pulumi_gcp/compute/get_region_disk_iam_policy.py index 853118b1b9..1b8a71a2f7 100644 --- a/sdk/python/pulumi_gcp/compute/get_region_disk_iam_policy.py +++ b/sdk/python/pulumi_gcp/compute/get_region_disk_iam_policy.py @@ -144,7 +144,7 @@ def get_region_disk_iam_policy(name: Optional[str] = None, def get_region_disk_iam_policy_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRegionDiskIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetRegionDiskIamPolicyResult]: """ Retrieves the current IAM policy data for regiondisk @@ -171,7 +171,7 @@ def get_region_disk_iam_policy_output(name: Optional[pulumi.Input[str]] = None, __args__['name'] = name __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getRegionDiskIamPolicy:getRegionDiskIamPolicy', __args__, opts=opts, typ=GetRegionDiskIamPolicyResult) return __ret__.apply(lambda __response__: GetRegionDiskIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/compute/get_region_instance_group.py b/sdk/python/pulumi_gcp/compute/get_region_instance_group.py index 6ce2cbc5a8..55d1f3278a 100644 --- a/sdk/python/pulumi_gcp/compute/get_region_instance_group.py +++ b/sdk/python/pulumi_gcp/compute/get_region_instance_group.py @@ -163,7 +163,7 @@ def get_region_instance_group_output(name: Optional[pulumi.Input[Optional[str]]] project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, self_link: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRegionInstanceGroupResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetRegionInstanceGroupResult]: """ Get a Compute Region Instance Group within GCE. For more information, see [the official documentation](https://cloud.google.com/compute/docs/instance-groups/distributing-instances-with-regional-instance-groups) and [API](https://cloud.google.com/compute/docs/reference/latest/regionInstanceGroups). @@ -194,7 +194,7 @@ def get_region_instance_group_output(name: Optional[pulumi.Input[Optional[str]]] __args__['project'] = project __args__['region'] = region __args__['selfLink'] = self_link - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getRegionInstanceGroup:getRegionInstanceGroup', __args__, opts=opts, typ=GetRegionInstanceGroupResult) return __ret__.apply(lambda __response__: GetRegionInstanceGroupResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/compute/get_region_instance_group_manager.py b/sdk/python/pulumi_gcp/compute/get_region_instance_group_manager.py index f7b40164a6..537aa78c29 100644 --- a/sdk/python/pulumi_gcp/compute/get_region_instance_group_manager.py +++ b/sdk/python/pulumi_gcp/compute/get_region_instance_group_manager.py @@ -401,7 +401,7 @@ def get_region_instance_group_manager_output(name: Optional[pulumi.Input[Optiona project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, self_link: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRegionInstanceGroupManagerResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetRegionInstanceGroupManagerResult]: """ Get a Compute Region Instance Group Manager within GCE. For more information, see [the official documentation](https://cloud.google.com/compute/docs/instance-groups/distributing-instances-with-regional-instance-groups) @@ -429,7 +429,7 @@ def get_region_instance_group_manager_output(name: Optional[pulumi.Input[Optiona __args__['project'] = project __args__['region'] = region __args__['selfLink'] = self_link - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getRegionInstanceGroupManager:getRegionInstanceGroupManager', __args__, opts=opts, typ=GetRegionInstanceGroupManagerResult) return __ret__.apply(lambda __response__: GetRegionInstanceGroupManagerResult( all_instances_configs=pulumi.get(__response__, 'all_instances_configs'), diff --git a/sdk/python/pulumi_gcp/compute/get_region_instance_template.py b/sdk/python/pulumi_gcp/compute/get_region_instance_template.py index b85709f800..63e56e97e4 100644 --- a/sdk/python/pulumi_gcp/compute/get_region_instance_template.py +++ b/sdk/python/pulumi_gcp/compute/get_region_instance_template.py @@ -558,7 +558,7 @@ def get_region_instance_template_output(filter: Optional[pulumi.Input[Optional[s name: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRegionInstanceTemplateResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetRegionInstanceTemplateResult]: """ Get information about a VM instance template resource within GCE. For more information see [the official documentation](https://cloud.google.com/compute/docs/instance-templates) @@ -595,7 +595,7 @@ def get_region_instance_template_output(filter: Optional[pulumi.Input[Optional[s __args__['name'] = name __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getRegionInstanceTemplate:getRegionInstanceTemplate', __args__, opts=opts, typ=GetRegionInstanceTemplateResult) return __ret__.apply(lambda __response__: GetRegionInstanceTemplateResult( advanced_machine_features=pulumi.get(__response__, 'advanced_machine_features'), diff --git a/sdk/python/pulumi_gcp/compute/get_region_network_endpoint_group.py b/sdk/python/pulumi_gcp/compute/get_region_network_endpoint_group.py index de44368f46..d2710983a2 100644 --- a/sdk/python/pulumi_gcp/compute/get_region_network_endpoint_group.py +++ b/sdk/python/pulumi_gcp/compute/get_region_network_endpoint_group.py @@ -236,7 +236,7 @@ def get_region_network_endpoint_group_output(name: Optional[pulumi.Input[Optiona project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, self_link: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRegionNetworkEndpointGroupResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetRegionNetworkEndpointGroupResult]: """ Use this data source to access a Region Network Endpoint Group's attributes. @@ -264,7 +264,7 @@ def get_region_network_endpoint_group_output(name: Optional[pulumi.Input[Optiona __args__['project'] = project __args__['region'] = region __args__['selfLink'] = self_link - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getRegionNetworkEndpointGroup:getRegionNetworkEndpointGroup', __args__, opts=opts, typ=GetRegionNetworkEndpointGroupResult) return __ret__.apply(lambda __response__: GetRegionNetworkEndpointGroupResult( app_engines=pulumi.get(__response__, 'app_engines'), diff --git a/sdk/python/pulumi_gcp/compute/get_region_ssl_certificate.py b/sdk/python/pulumi_gcp/compute/get_region_ssl_certificate.py index 8d0238cda1..a45061036a 100644 --- a/sdk/python/pulumi_gcp/compute/get_region_ssl_certificate.py +++ b/sdk/python/pulumi_gcp/compute/get_region_ssl_certificate.py @@ -199,7 +199,7 @@ def get_region_ssl_certificate(name: Optional[str] = None, def get_region_ssl_certificate_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRegionSslCertificateResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetRegionSslCertificateResult]: """ Get info about a Region Google Compute SSL Certificate from its name. @@ -228,7 +228,7 @@ def get_region_ssl_certificate_output(name: Optional[pulumi.Input[str]] = None, __args__['name'] = name __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getRegionSslCertificate:getRegionSslCertificate', __args__, opts=opts, typ=GetRegionSslCertificateResult) return __ret__.apply(lambda __response__: GetRegionSslCertificateResult( certificate=pulumi.get(__response__, 'certificate'), diff --git a/sdk/python/pulumi_gcp/compute/get_regions.py b/sdk/python/pulumi_gcp/compute/get_regions.py index 97f9a8ddf7..310c88843a 100644 --- a/sdk/python/pulumi_gcp/compute/get_regions.py +++ b/sdk/python/pulumi_gcp/compute/get_regions.py @@ -118,7 +118,7 @@ def get_regions(project: Optional[str] = None, status=pulumi.get(__ret__, 'status')) def get_regions_output(project: Optional[pulumi.Input[Optional[str]]] = None, status: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRegionsResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetRegionsResult]: """ Provides access to available Google Compute regions for a given project. See more about [regions and zones](https://cloud.google.com/compute/docs/regions-zones/) in the upstream docs. @@ -145,7 +145,7 @@ def get_regions_output(project: Optional[pulumi.Input[Optional[str]]] = None, __args__ = dict() __args__['project'] = project __args__['status'] = status - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getRegions:getRegions', __args__, opts=opts, typ=GetRegionsResult) return __ret__.apply(lambda __response__: GetRegionsResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/compute/get_reservation.py b/sdk/python/pulumi_gcp/compute/get_reservation.py index 1835915b40..e59049e134 100644 --- a/sdk/python/pulumi_gcp/compute/get_reservation.py +++ b/sdk/python/pulumi_gcp/compute/get_reservation.py @@ -193,7 +193,7 @@ def get_reservation(name: Optional[str] = None, def get_reservation_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, zone: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetReservationResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetReservationResult]: """ Provides access to available Google Compute Reservation Resources for a given project. See more about [Reservations of Compute Engine resources](https://cloud.google.com/compute/docs/instances/reservations-overview) in the upstream docs. @@ -215,7 +215,7 @@ def get_reservation_output(name: Optional[pulumi.Input[str]] = None, __args__['name'] = name __args__['project'] = project __args__['zone'] = zone - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getReservation:getReservation', __args__, opts=opts, typ=GetReservationResult) return __ret__.apply(lambda __response__: GetReservationResult( commitment=pulumi.get(__response__, 'commitment'), diff --git a/sdk/python/pulumi_gcp/compute/get_resource_policy.py b/sdk/python/pulumi_gcp/compute/get_resource_policy.py index 1704d3b5cb..f51cdf1f2b 100644 --- a/sdk/python/pulumi_gcp/compute/get_resource_policy.py +++ b/sdk/python/pulumi_gcp/compute/get_resource_policy.py @@ -178,7 +178,7 @@ def get_resource_policy(name: Optional[str] = None, def get_resource_policy_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetResourcePolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetResourcePolicyResult]: """ Provide access to a Resource Policy's attributes. For more information see [the official documentation](https://cloud.google.com/compute/docs/disks/scheduled-snapshots) or the [API](https://cloud.google.com/compute/docs/reference/rest/beta/resourcePolicies). @@ -199,7 +199,7 @@ def get_resource_policy_output(name: Optional[pulumi.Input[str]] = None, __args__['name'] = name __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getResourcePolicy:getResourcePolicy', __args__, opts=opts, typ=GetResourcePolicyResult) return __ret__.apply(lambda __response__: GetResourcePolicyResult( description=pulumi.get(__response__, 'description'), diff --git a/sdk/python/pulumi_gcp/compute/get_router.py b/sdk/python/pulumi_gcp/compute/get_router.py index 20963d5dec..f87dd19768 100644 --- a/sdk/python/pulumi_gcp/compute/get_router.py +++ b/sdk/python/pulumi_gcp/compute/get_router.py @@ -180,7 +180,7 @@ def get_router_output(name: Optional[pulumi.Input[str]] = None, network: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRouterResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetRouterResult]: """ Get a router within GCE from its name and VPC. @@ -207,7 +207,7 @@ def get_router_output(name: Optional[pulumi.Input[str]] = None, __args__['network'] = network __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getRouter:getRouter', __args__, opts=opts, typ=GetRouterResult) return __ret__.apply(lambda __response__: GetRouterResult( bgps=pulumi.get(__response__, 'bgps'), diff --git a/sdk/python/pulumi_gcp/compute/get_router_nat.py b/sdk/python/pulumi_gcp/compute/get_router_nat.py index c1b417375f..19de46a481 100644 --- a/sdk/python/pulumi_gcp/compute/get_router_nat.py +++ b/sdk/python/pulumi_gcp/compute/get_router_nat.py @@ -336,7 +336,7 @@ def get_router_nat_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, router: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRouterNatResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetRouterNatResult]: """ To get more information about Snapshot, see: @@ -369,7 +369,7 @@ def get_router_nat_output(name: Optional[pulumi.Input[str]] = None, __args__['project'] = project __args__['region'] = region __args__['router'] = router - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getRouterNat:getRouterNat', __args__, opts=opts, typ=GetRouterNatResult) return __ret__.apply(lambda __response__: GetRouterNatResult( auto_network_tier=pulumi.get(__response__, 'auto_network_tier'), diff --git a/sdk/python/pulumi_gcp/compute/get_router_status.py b/sdk/python/pulumi_gcp/compute/get_router_status.py index db537daa38..169867295c 100644 --- a/sdk/python/pulumi_gcp/compute/get_router_status.py +++ b/sdk/python/pulumi_gcp/compute/get_router_status.py @@ -160,7 +160,7 @@ def get_router_status(name: Optional[str] = None, def get_router_status_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRouterStatusResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetRouterStatusResult]: """ Get a Cloud Router's status within GCE from its name and region. This data source exposes the routes learned by a Cloud Router via BGP peers. @@ -189,7 +189,7 @@ def get_router_status_output(name: Optional[pulumi.Input[str]] = None, __args__['name'] = name __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getRouterStatus:getRouterStatus', __args__, opts=opts, typ=GetRouterStatusResult) return __ret__.apply(lambda __response__: GetRouterStatusResult( best_routes=pulumi.get(__response__, 'best_routes'), diff --git a/sdk/python/pulumi_gcp/compute/get_security_policy.py b/sdk/python/pulumi_gcp/compute/get_security_policy.py index 3204d6880b..ae43532dbf 100644 --- a/sdk/python/pulumi_gcp/compute/get_security_policy.py +++ b/sdk/python/pulumi_gcp/compute/get_security_policy.py @@ -189,7 +189,7 @@ def get_security_policy(name: Optional[str] = None, def get_security_policy_output(name: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, self_link: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetSecurityPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetSecurityPolicyResult]: """ To get more information about Google Compute Security Policy, see: @@ -217,7 +217,7 @@ def get_security_policy_output(name: Optional[pulumi.Input[Optional[str]]] = Non __args__['name'] = name __args__['project'] = project __args__['selfLink'] = self_link - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getSecurityPolicy:getSecurityPolicy', __args__, opts=opts, typ=GetSecurityPolicyResult) return __ret__.apply(lambda __response__: GetSecurityPolicyResult( adaptive_protection_configs=pulumi.get(__response__, 'adaptive_protection_configs'), diff --git a/sdk/python/pulumi_gcp/compute/get_snapshot.py b/sdk/python/pulumi_gcp/compute/get_snapshot.py index 3692c3e857..2bf1332252 100644 --- a/sdk/python/pulumi_gcp/compute/get_snapshot.py +++ b/sdk/python/pulumi_gcp/compute/get_snapshot.py @@ -311,7 +311,7 @@ def get_snapshot_output(filter: Optional[pulumi.Input[Optional[str]]] = None, most_recent: Optional[pulumi.Input[Optional[bool]]] = None, name: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetSnapshotResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetSnapshotResult]: """ To get more information about Snapshot, see: @@ -349,7 +349,7 @@ def get_snapshot_output(filter: Optional[pulumi.Input[Optional[str]]] = None, __args__['mostRecent'] = most_recent __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getSnapshot:getSnapshot', __args__, opts=opts, typ=GetSnapshotResult) return __ret__.apply(lambda __response__: GetSnapshotResult( chain_name=pulumi.get(__response__, 'chain_name'), diff --git a/sdk/python/pulumi_gcp/compute/get_snapshot_iam_policy.py b/sdk/python/pulumi_gcp/compute/get_snapshot_iam_policy.py index 2529ea5bad..69bc531cae 100644 --- a/sdk/python/pulumi_gcp/compute/get_snapshot_iam_policy.py +++ b/sdk/python/pulumi_gcp/compute/get_snapshot_iam_policy.py @@ -127,7 +127,7 @@ def get_snapshot_iam_policy(name: Optional[str] = None, project=pulumi.get(__ret__, 'project')) def get_snapshot_iam_policy_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetSnapshotIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetSnapshotIamPolicyResult]: """ Retrieves the current IAM policy data for snapshot @@ -149,7 +149,7 @@ def get_snapshot_iam_policy_output(name: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getSnapshotIamPolicy:getSnapshotIamPolicy', __args__, opts=opts, typ=GetSnapshotIamPolicyResult) return __ret__.apply(lambda __response__: GetSnapshotIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/compute/get_ssl_policy.py b/sdk/python/pulumi_gcp/compute/get_ssl_policy.py index c3249a7bab..b454641e55 100644 --- a/sdk/python/pulumi_gcp/compute/get_ssl_policy.py +++ b/sdk/python/pulumi_gcp/compute/get_ssl_policy.py @@ -205,7 +205,7 @@ def get_ssl_policy(name: Optional[str] = None, self_link=pulumi.get(__ret__, 'self_link')) def get_ssl_policy_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetSSLPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetSSLPolicyResult]: """ Gets an SSL Policy within GCE from its name, for use with Target HTTPS and Target SSL Proxies. For more information see [the official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies). @@ -229,7 +229,7 @@ def get_ssl_policy_output(name: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getSSLPolicy:getSSLPolicy', __args__, opts=opts, typ=GetSSLPolicyResult) return __ret__.apply(lambda __response__: GetSSLPolicyResult( creation_timestamp=pulumi.get(__response__, 'creation_timestamp'), diff --git a/sdk/python/pulumi_gcp/compute/get_subnetwork.py b/sdk/python/pulumi_gcp/compute/get_subnetwork.py index a94465ff46..29ca098888 100644 --- a/sdk/python/pulumi_gcp/compute/get_subnetwork.py +++ b/sdk/python/pulumi_gcp/compute/get_subnetwork.py @@ -228,7 +228,7 @@ def get_subnetwork_output(name: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, self_link: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetSubnetworkResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetSubnetworkResult]: """ Get a subnetwork within GCE from its name and region. @@ -257,7 +257,7 @@ def get_subnetwork_output(name: Optional[pulumi.Input[Optional[str]]] = None, __args__['project'] = project __args__['region'] = region __args__['selfLink'] = self_link - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getSubnetwork:getSubnetwork', __args__, opts=opts, typ=GetSubnetworkResult) return __ret__.apply(lambda __response__: GetSubnetworkResult( description=pulumi.get(__response__, 'description'), diff --git a/sdk/python/pulumi_gcp/compute/get_subnetwork_iam_policy.py b/sdk/python/pulumi_gcp/compute/get_subnetwork_iam_policy.py index 86e9ab3695..887f610804 100644 --- a/sdk/python/pulumi_gcp/compute/get_subnetwork_iam_policy.py +++ b/sdk/python/pulumi_gcp/compute/get_subnetwork_iam_policy.py @@ -145,7 +145,7 @@ def get_subnetwork_iam_policy(project: Optional[str] = None, def get_subnetwork_iam_policy_output(project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, subnetwork: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetSubnetworkIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetSubnetworkIamPolicyResult]: """ Retrieves the current IAM policy data for subnetwork @@ -173,7 +173,7 @@ def get_subnetwork_iam_policy_output(project: Optional[pulumi.Input[Optional[str __args__['project'] = project __args__['region'] = region __args__['subnetwork'] = subnetwork - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getSubnetworkIamPolicy:getSubnetworkIamPolicy', __args__, opts=opts, typ=GetSubnetworkIamPolicyResult) return __ret__.apply(lambda __response__: GetSubnetworkIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/compute/get_subnetworks.py b/sdk/python/pulumi_gcp/compute/get_subnetworks.py index abb65067d4..91ed7b1f09 100644 --- a/sdk/python/pulumi_gcp/compute/get_subnetworks.py +++ b/sdk/python/pulumi_gcp/compute/get_subnetworks.py @@ -132,7 +132,7 @@ def get_subnetworks(filter: Optional[str] = None, def get_subnetworks_output(filter: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetSubnetworksResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetSubnetworksResult]: """ Get subnetworks within GCE. See [the official documentation](https://cloud.google.com/vpc/docs/subnets) @@ -160,7 +160,7 @@ def get_subnetworks_output(filter: Optional[pulumi.Input[Optional[str]]] = None, __args__['filter'] = filter __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getSubnetworks:getSubnetworks', __args__, opts=opts, typ=GetSubnetworksResult) return __ret__.apply(lambda __response__: GetSubnetworksResult( filter=pulumi.get(__response__, 'filter'), diff --git a/sdk/python/pulumi_gcp/compute/get_vpn_gateway.py b/sdk/python/pulumi_gcp/compute/get_vpn_gateway.py index 62c35daa60..596531cb25 100644 --- a/sdk/python/pulumi_gcp/compute/get_vpn_gateway.py +++ b/sdk/python/pulumi_gcp/compute/get_vpn_gateway.py @@ -159,7 +159,7 @@ def get_vpn_gateway(name: Optional[str] = None, def get_vpn_gateway_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetVPNGatewayResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetVPNGatewayResult]: """ Get a VPN gateway within GCE from its name. @@ -186,7 +186,7 @@ def get_vpn_gateway_output(name: Optional[pulumi.Input[str]] = None, __args__['name'] = name __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getVPNGateway:getVPNGateway', __args__, opts=opts, typ=GetVPNGatewayResult) return __ret__.apply(lambda __response__: GetVPNGatewayResult( description=pulumi.get(__response__, 'description'), diff --git a/sdk/python/pulumi_gcp/compute/get_zones.py b/sdk/python/pulumi_gcp/compute/get_zones.py index 02e055d72e..e846ffca7a 100644 --- a/sdk/python/pulumi_gcp/compute/get_zones.py +++ b/sdk/python/pulumi_gcp/compute/get_zones.py @@ -118,7 +118,7 @@ def get_zones(project: Optional[str] = None, def get_zones_output(project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, status: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetZonesResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetZonesResult]: """ Provides access to available Google Compute zones in a region for a given project. See more about [regions and zones](https://cloud.google.com/compute/docs/regions-zones/regions-zones) in the upstream docs. @@ -133,7 +133,7 @@ def get_zones_output(project: Optional[pulumi.Input[Optional[str]]] = None, __args__['project'] = project __args__['region'] = region __args__['status'] = status - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/getZones:getZones', __args__, opts=opts, typ=GetZonesResult) return __ret__.apply(lambda __response__: GetZonesResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/compute/router_status.py b/sdk/python/pulumi_gcp/compute/router_status.py index b40e93b435..8ea966b253 100644 --- a/sdk/python/pulumi_gcp/compute/router_status.py +++ b/sdk/python/pulumi_gcp/compute/router_status.py @@ -163,7 +163,7 @@ def router_status(name: Optional[str] = None, def router_status_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[RouterStatusResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[RouterStatusResult]: """ Get a Cloud Router's status within GCE from its name and region. This data source exposes the routes learned by a Cloud Router via BGP peers. @@ -193,7 +193,7 @@ def router_status_output(name: Optional[pulumi.Input[str]] = None, __args__['name'] = name __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:compute/routerStatus:RouterStatus', __args__, opts=opts, typ=RouterStatusResult) return __ret__.apply(lambda __response__: RouterStatusResult( best_routes=pulumi.get(__response__, 'best_routes'), diff --git a/sdk/python/pulumi_gcp/container/get_attached_install_manifest.py b/sdk/python/pulumi_gcp/container/get_attached_install_manifest.py index 18ce04b388..bedf872bff 100644 --- a/sdk/python/pulumi_gcp/container/get_attached_install_manifest.py +++ b/sdk/python/pulumi_gcp/container/get_attached_install_manifest.py @@ -144,7 +144,7 @@ def get_attached_install_manifest_output(cluster_id: Optional[pulumi.Input[str]] location: Optional[pulumi.Input[str]] = None, platform_version: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAttachedInstallManifestResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAttachedInstallManifestResult]: """ Provides access to available platform versions in a location for a given project. @@ -173,7 +173,7 @@ def get_attached_install_manifest_output(cluster_id: Optional[pulumi.Input[str]] __args__['location'] = location __args__['platformVersion'] = platform_version __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:container/getAttachedInstallManifest:getAttachedInstallManifest', __args__, opts=opts, typ=GetAttachedInstallManifestResult) return __ret__.apply(lambda __response__: GetAttachedInstallManifestResult( cluster_id=pulumi.get(__response__, 'cluster_id'), diff --git a/sdk/python/pulumi_gcp/container/get_attached_versions.py b/sdk/python/pulumi_gcp/container/get_attached_versions.py index 860bb33ec3..f00515e451 100644 --- a/sdk/python/pulumi_gcp/container/get_attached_versions.py +++ b/sdk/python/pulumi_gcp/container/get_attached_versions.py @@ -114,7 +114,7 @@ def get_attached_versions(location: Optional[str] = None, valid_versions=pulumi.get(__ret__, 'valid_versions')) def get_attached_versions_output(location: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAttachedVersionsResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAttachedVersionsResult]: """ Provides access to available platform versions in a location for a given project. @@ -137,7 +137,7 @@ def get_attached_versions_output(location: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:container/getAttachedVersions:getAttachedVersions', __args__, opts=opts, typ=GetAttachedVersionsResult) return __ret__.apply(lambda __response__: GetAttachedVersionsResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/container/get_aws_versions.py b/sdk/python/pulumi_gcp/container/get_aws_versions.py index 17e706c496..c35464c749 100644 --- a/sdk/python/pulumi_gcp/container/get_aws_versions.py +++ b/sdk/python/pulumi_gcp/container/get_aws_versions.py @@ -127,7 +127,7 @@ def get_aws_versions(location: Optional[str] = None, valid_versions=pulumi.get(__ret__, 'valid_versions')) def get_aws_versions_output(location: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAwsVersionsResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAwsVersionsResult]: """ Provides access to available Kubernetes versions in a location for a given project. @@ -150,7 +150,7 @@ def get_aws_versions_output(location: Optional[pulumi.Input[Optional[str]]] = No __args__ = dict() __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:container/getAwsVersions:getAwsVersions', __args__, opts=opts, typ=GetAwsVersionsResult) return __ret__.apply(lambda __response__: GetAwsVersionsResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/container/get_azure_versions.py b/sdk/python/pulumi_gcp/container/get_azure_versions.py index 3dba8409d2..1df0321cdd 100644 --- a/sdk/python/pulumi_gcp/container/get_azure_versions.py +++ b/sdk/python/pulumi_gcp/container/get_azure_versions.py @@ -127,7 +127,7 @@ def get_azure_versions(location: Optional[str] = None, valid_versions=pulumi.get(__ret__, 'valid_versions')) def get_azure_versions_output(location: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAzureVersionsResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAzureVersionsResult]: """ Provides access to available Kubernetes versions in a location for a given project. @@ -150,7 +150,7 @@ def get_azure_versions_output(location: Optional[pulumi.Input[Optional[str]]] = __args__ = dict() __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:container/getAzureVersions:getAzureVersions', __args__, opts=opts, typ=GetAzureVersionsResult) return __ret__.apply(lambda __response__: GetAzureVersionsResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/container/get_cluster.py b/sdk/python/pulumi_gcp/container/get_cluster.py index 930a033566..7a4bec3ddb 100644 --- a/sdk/python/pulumi_gcp/container/get_cluster.py +++ b/sdk/python/pulumi_gcp/container/get_cluster.py @@ -901,7 +901,7 @@ def get_cluster(location: Optional[str] = None, def get_cluster_output(location: Optional[pulumi.Input[Optional[str]]] = None, name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetClusterResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetClusterResult]: """ Get info about a GKE cluster from its name and location. @@ -931,7 +931,7 @@ def get_cluster_output(location: Optional[pulumi.Input[Optional[str]]] = None, __args__['location'] = location __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:container/getCluster:getCluster', __args__, opts=opts, typ=GetClusterResult) return __ret__.apply(lambda __response__: GetClusterResult( addons_configs=pulumi.get(__response__, 'addons_configs'), diff --git a/sdk/python/pulumi_gcp/container/get_engine_versions.py b/sdk/python/pulumi_gcp/container/get_engine_versions.py index ae7c1c18c2..4fde5aac12 100644 --- a/sdk/python/pulumi_gcp/container/get_engine_versions.py +++ b/sdk/python/pulumi_gcp/container/get_engine_versions.py @@ -229,7 +229,7 @@ def get_engine_versions(location: Optional[str] = None, def get_engine_versions_output(location: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, version_prefix: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetEngineVersionsResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetEngineVersionsResult]: """ Provides access to available Google Kubernetes Engine versions in a zone or region for a given project. @@ -277,7 +277,7 @@ def get_engine_versions_output(location: Optional[pulumi.Input[Optional[str]]] = __args__['location'] = location __args__['project'] = project __args__['versionPrefix'] = version_prefix - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:container/getEngineVersions:getEngineVersions', __args__, opts=opts, typ=GetEngineVersionsResult) return __ret__.apply(lambda __response__: GetEngineVersionsResult( default_cluster_version=pulumi.get(__response__, 'default_cluster_version'), diff --git a/sdk/python/pulumi_gcp/container/get_registry_image.py b/sdk/python/pulumi_gcp/container/get_registry_image.py index 03153f4320..5dc57be57e 100644 --- a/sdk/python/pulumi_gcp/container/get_registry_image.py +++ b/sdk/python/pulumi_gcp/container/get_registry_image.py @@ -156,7 +156,7 @@ def get_registry_image_output(digest: Optional[pulumi.Input[Optional[str]]] = No project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, tag: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRegistryImageResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetRegistryImageResult]: """ This data source fetches the project name, and provides the appropriate URLs to use for container registry for this project. @@ -185,7 +185,7 @@ def get_registry_image_output(digest: Optional[pulumi.Input[Optional[str]]] = No __args__['project'] = project __args__['region'] = region __args__['tag'] = tag - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:container/getRegistryImage:getRegistryImage', __args__, opts=opts, typ=GetRegistryImageResult) return __ret__.apply(lambda __response__: GetRegistryImageResult( digest=pulumi.get(__response__, 'digest'), diff --git a/sdk/python/pulumi_gcp/container/get_registry_repository.py b/sdk/python/pulumi_gcp/container/get_registry_repository.py index e47bbb3c38..5a7717068d 100644 --- a/sdk/python/pulumi_gcp/container/get_registry_repository.py +++ b/sdk/python/pulumi_gcp/container/get_registry_repository.py @@ -114,7 +114,7 @@ def get_registry_repository(project: Optional[str] = None, repository_url=pulumi.get(__ret__, 'repository_url')) def get_registry_repository_output(project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRegistryRepositoryResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetRegistryRepositoryResult]: """ This data source fetches the project name, and provides the appropriate URLs to use for container registry for this project. @@ -137,7 +137,7 @@ def get_registry_repository_output(project: Optional[pulumi.Input[Optional[str]] __args__ = dict() __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:container/getRegistryRepository:getRegistryRepository', __args__, opts=opts, typ=GetRegistryRepositoryResult) return __ret__.apply(lambda __response__: GetRegistryRepositoryResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/containeranalysis/get_note_iam_policy.py b/sdk/python/pulumi_gcp/containeranalysis/get_note_iam_policy.py index 5bbd8523d6..0281ebfd6f 100644 --- a/sdk/python/pulumi_gcp/containeranalysis/get_note_iam_policy.py +++ b/sdk/python/pulumi_gcp/containeranalysis/get_note_iam_policy.py @@ -127,7 +127,7 @@ def get_note_iam_policy(note: Optional[str] = None, project=pulumi.get(__ret__, 'project')) def get_note_iam_policy_output(note: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetNoteIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetNoteIamPolicyResult]: """ Retrieves the current IAM policy data for note @@ -149,7 +149,7 @@ def get_note_iam_policy_output(note: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['note'] = note __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:containeranalysis/getNoteIamPolicy:getNoteIamPolicy', __args__, opts=opts, typ=GetNoteIamPolicyResult) return __ret__.apply(lambda __response__: GetNoteIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/datacatalog/get_entry_group_iam_policy.py b/sdk/python/pulumi_gcp/datacatalog/get_entry_group_iam_policy.py index 1877f8431d..2d8e1fe85d 100644 --- a/sdk/python/pulumi_gcp/datacatalog/get_entry_group_iam_policy.py +++ b/sdk/python/pulumi_gcp/datacatalog/get_entry_group_iam_policy.py @@ -139,7 +139,7 @@ def get_entry_group_iam_policy(entry_group: Optional[str] = None, def get_entry_group_iam_policy_output(entry_group: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetEntryGroupIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetEntryGroupIamPolicyResult]: """ Retrieves the current IAM policy data for entrygroup @@ -161,7 +161,7 @@ def get_entry_group_iam_policy_output(entry_group: Optional[pulumi.Input[str]] = __args__['entryGroup'] = entry_group __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:datacatalog/getEntryGroupIamPolicy:getEntryGroupIamPolicy', __args__, opts=opts, typ=GetEntryGroupIamPolicyResult) return __ret__.apply(lambda __response__: GetEntryGroupIamPolicyResult( entry_group=pulumi.get(__response__, 'entry_group'), diff --git a/sdk/python/pulumi_gcp/datacatalog/get_policy_tag_iam_policy.py b/sdk/python/pulumi_gcp/datacatalog/get_policy_tag_iam_policy.py index 0efc5452b8..2cc10a743d 100644 --- a/sdk/python/pulumi_gcp/datacatalog/get_policy_tag_iam_policy.py +++ b/sdk/python/pulumi_gcp/datacatalog/get_policy_tag_iam_policy.py @@ -111,7 +111,7 @@ def get_policy_tag_iam_policy(policy_tag: Optional[str] = None, policy_data=pulumi.get(__ret__, 'policy_data'), policy_tag=pulumi.get(__ret__, 'policy_tag')) def get_policy_tag_iam_policy_output(policy_tag: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetPolicyTagIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetPolicyTagIamPolicyResult]: """ Retrieves the current IAM policy data for policytag @@ -129,7 +129,7 @@ def get_policy_tag_iam_policy_output(policy_tag: Optional[pulumi.Input[str]] = N """ __args__ = dict() __args__['policyTag'] = policy_tag - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:datacatalog/getPolicyTagIamPolicy:getPolicyTagIamPolicy', __args__, opts=opts, typ=GetPolicyTagIamPolicyResult) return __ret__.apply(lambda __response__: GetPolicyTagIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/datacatalog/get_tag_template_iam_policy.py b/sdk/python/pulumi_gcp/datacatalog/get_tag_template_iam_policy.py index 23472bdf40..b3e5074e26 100644 --- a/sdk/python/pulumi_gcp/datacatalog/get_tag_template_iam_policy.py +++ b/sdk/python/pulumi_gcp/datacatalog/get_tag_template_iam_policy.py @@ -139,7 +139,7 @@ def get_tag_template_iam_policy(project: Optional[str] = None, def get_tag_template_iam_policy_output(project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, tag_template: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetTagTemplateIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetTagTemplateIamPolicyResult]: """ Retrieves the current IAM policy data for tagtemplate @@ -161,7 +161,7 @@ def get_tag_template_iam_policy_output(project: Optional[pulumi.Input[Optional[s __args__['project'] = project __args__['region'] = region __args__['tagTemplate'] = tag_template - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:datacatalog/getTagTemplateIamPolicy:getTagTemplateIamPolicy', __args__, opts=opts, typ=GetTagTemplateIamPolicyResult) return __ret__.apply(lambda __response__: GetTagTemplateIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/datacatalog/get_taxonomy_iam_policy.py b/sdk/python/pulumi_gcp/datacatalog/get_taxonomy_iam_policy.py index d7fce39b24..fdfbbaec73 100644 --- a/sdk/python/pulumi_gcp/datacatalog/get_taxonomy_iam_policy.py +++ b/sdk/python/pulumi_gcp/datacatalog/get_taxonomy_iam_policy.py @@ -139,7 +139,7 @@ def get_taxonomy_iam_policy(project: Optional[str] = None, def get_taxonomy_iam_policy_output(project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, taxonomy: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetTaxonomyIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetTaxonomyIamPolicyResult]: """ Retrieves the current IAM policy data for taxonomy @@ -161,7 +161,7 @@ def get_taxonomy_iam_policy_output(project: Optional[pulumi.Input[Optional[str]] __args__['project'] = project __args__['region'] = region __args__['taxonomy'] = taxonomy - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:datacatalog/getTaxonomyIamPolicy:getTaxonomyIamPolicy', __args__, opts=opts, typ=GetTaxonomyIamPolicyResult) return __ret__.apply(lambda __response__: GetTaxonomyIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/dataform/get_repository_iam_policy.py b/sdk/python/pulumi_gcp/dataform/get_repository_iam_policy.py index 8c3a1f8b24..c74f346847 100644 --- a/sdk/python/pulumi_gcp/dataform/get_repository_iam_policy.py +++ b/sdk/python/pulumi_gcp/dataform/get_repository_iam_policy.py @@ -132,7 +132,7 @@ def get_repository_iam_policy(project: Optional[str] = None, def get_repository_iam_policy_output(project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, repository: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRepositoryIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetRepositoryIamPolicyResult]: """ Use this data source to access information about an existing resource. @@ -147,7 +147,7 @@ def get_repository_iam_policy_output(project: Optional[pulumi.Input[Optional[str __args__['project'] = project __args__['region'] = region __args__['repository'] = repository - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:dataform/getRepositoryIamPolicy:getRepositoryIamPolicy', __args__, opts=opts, typ=GetRepositoryIamPolicyResult) return __ret__.apply(lambda __response__: GetRepositoryIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/datafusion/get_instance_iam_policy.py b/sdk/python/pulumi_gcp/datafusion/get_instance_iam_policy.py index 96ec084141..fd4533ee80 100644 --- a/sdk/python/pulumi_gcp/datafusion/get_instance_iam_policy.py +++ b/sdk/python/pulumi_gcp/datafusion/get_instance_iam_policy.py @@ -145,7 +145,7 @@ def get_instance_iam_policy(name: Optional[str] = None, def get_instance_iam_policy_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetInstanceIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetInstanceIamPolicyResult]: """ Retrieves the current IAM policy data for instance @@ -173,7 +173,7 @@ def get_instance_iam_policy_output(name: Optional[pulumi.Input[str]] = None, __args__['name'] = name __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:datafusion/getInstanceIamPolicy:getInstanceIamPolicy', __args__, opts=opts, typ=GetInstanceIamPolicyResult) return __ret__.apply(lambda __response__: GetInstanceIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/dataplex/get_aspect_type_iam_policy.py b/sdk/python/pulumi_gcp/dataplex/get_aspect_type_iam_policy.py index 14d69d5619..dc852cb5ef 100644 --- a/sdk/python/pulumi_gcp/dataplex/get_aspect_type_iam_policy.py +++ b/sdk/python/pulumi_gcp/dataplex/get_aspect_type_iam_policy.py @@ -144,7 +144,7 @@ def get_aspect_type_iam_policy(aspect_type_id: Optional[str] = None, def get_aspect_type_iam_policy_output(aspect_type_id: Optional[pulumi.Input[str]] = None, location: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAspectTypeIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAspectTypeIamPolicyResult]: """ Retrieves the current IAM policy data for aspecttype @@ -171,7 +171,7 @@ def get_aspect_type_iam_policy_output(aspect_type_id: Optional[pulumi.Input[str] __args__['aspectTypeId'] = aspect_type_id __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:dataplex/getAspectTypeIamPolicy:getAspectTypeIamPolicy', __args__, opts=opts, typ=GetAspectTypeIamPolicyResult) return __ret__.apply(lambda __response__: GetAspectTypeIamPolicyResult( aspect_type_id=pulumi.get(__response__, 'aspect_type_id'), diff --git a/sdk/python/pulumi_gcp/dataplex/get_asset_iam_policy.py b/sdk/python/pulumi_gcp/dataplex/get_asset_iam_policy.py index 6d97762889..e5b694790a 100644 --- a/sdk/python/pulumi_gcp/dataplex/get_asset_iam_policy.py +++ b/sdk/python/pulumi_gcp/dataplex/get_asset_iam_policy.py @@ -169,7 +169,7 @@ def get_asset_iam_policy_output(asset: Optional[pulumi.Input[str]] = None, lake: Optional[pulumi.Input[str]] = None, location: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAssetIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAssetIamPolicyResult]: """ Retrieves the current IAM policy data for asset @@ -197,7 +197,7 @@ def get_asset_iam_policy_output(asset: Optional[pulumi.Input[str]] = None, __args__['lake'] = lake __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:dataplex/getAssetIamPolicy:getAssetIamPolicy', __args__, opts=opts, typ=GetAssetIamPolicyResult) return __ret__.apply(lambda __response__: GetAssetIamPolicyResult( asset=pulumi.get(__response__, 'asset'), diff --git a/sdk/python/pulumi_gcp/dataplex/get_datascan_iam_policy.py b/sdk/python/pulumi_gcp/dataplex/get_datascan_iam_policy.py index e904e14f67..9f3efa64fa 100644 --- a/sdk/python/pulumi_gcp/dataplex/get_datascan_iam_policy.py +++ b/sdk/python/pulumi_gcp/dataplex/get_datascan_iam_policy.py @@ -144,7 +144,7 @@ def get_datascan_iam_policy(data_scan_id: Optional[str] = None, def get_datascan_iam_policy_output(data_scan_id: Optional[pulumi.Input[str]] = None, location: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetDatascanIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetDatascanIamPolicyResult]: """ Retrieves the current IAM policy data for datascan @@ -171,7 +171,7 @@ def get_datascan_iam_policy_output(data_scan_id: Optional[pulumi.Input[str]] = N __args__['dataScanId'] = data_scan_id __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:dataplex/getDatascanIamPolicy:getDatascanIamPolicy', __args__, opts=opts, typ=GetDatascanIamPolicyResult) return __ret__.apply(lambda __response__: GetDatascanIamPolicyResult( data_scan_id=pulumi.get(__response__, 'data_scan_id'), diff --git a/sdk/python/pulumi_gcp/dataplex/get_entry_group_iam_policy.py b/sdk/python/pulumi_gcp/dataplex/get_entry_group_iam_policy.py index f5c9a7d6e4..90c378d9a8 100644 --- a/sdk/python/pulumi_gcp/dataplex/get_entry_group_iam_policy.py +++ b/sdk/python/pulumi_gcp/dataplex/get_entry_group_iam_policy.py @@ -144,7 +144,7 @@ def get_entry_group_iam_policy(entry_group_id: Optional[str] = None, def get_entry_group_iam_policy_output(entry_group_id: Optional[pulumi.Input[str]] = None, location: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetEntryGroupIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetEntryGroupIamPolicyResult]: """ Retrieves the current IAM policy data for entrygroup @@ -171,7 +171,7 @@ def get_entry_group_iam_policy_output(entry_group_id: Optional[pulumi.Input[str] __args__['entryGroupId'] = entry_group_id __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:dataplex/getEntryGroupIamPolicy:getEntryGroupIamPolicy', __args__, opts=opts, typ=GetEntryGroupIamPolicyResult) return __ret__.apply(lambda __response__: GetEntryGroupIamPolicyResult( entry_group_id=pulumi.get(__response__, 'entry_group_id'), diff --git a/sdk/python/pulumi_gcp/dataplex/get_entry_type_iam_policy.py b/sdk/python/pulumi_gcp/dataplex/get_entry_type_iam_policy.py index ea68d11216..596baa45fd 100644 --- a/sdk/python/pulumi_gcp/dataplex/get_entry_type_iam_policy.py +++ b/sdk/python/pulumi_gcp/dataplex/get_entry_type_iam_policy.py @@ -144,7 +144,7 @@ def get_entry_type_iam_policy(entry_type_id: Optional[str] = None, def get_entry_type_iam_policy_output(entry_type_id: Optional[pulumi.Input[str]] = None, location: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetEntryTypeIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetEntryTypeIamPolicyResult]: """ Retrieves the current IAM policy data for entrytype @@ -171,7 +171,7 @@ def get_entry_type_iam_policy_output(entry_type_id: Optional[pulumi.Input[str]] __args__['entryTypeId'] = entry_type_id __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:dataplex/getEntryTypeIamPolicy:getEntryTypeIamPolicy', __args__, opts=opts, typ=GetEntryTypeIamPolicyResult) return __ret__.apply(lambda __response__: GetEntryTypeIamPolicyResult( entry_type_id=pulumi.get(__response__, 'entry_type_id'), diff --git a/sdk/python/pulumi_gcp/dataplex/get_lake_iam_policy.py b/sdk/python/pulumi_gcp/dataplex/get_lake_iam_policy.py index 6078d572a4..84f8267743 100644 --- a/sdk/python/pulumi_gcp/dataplex/get_lake_iam_policy.py +++ b/sdk/python/pulumi_gcp/dataplex/get_lake_iam_policy.py @@ -141,7 +141,7 @@ def get_lake_iam_policy(lake: Optional[str] = None, def get_lake_iam_policy_output(lake: Optional[pulumi.Input[str]] = None, location: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetLakeIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetLakeIamPolicyResult]: """ Retrieves the current IAM policy data for lake @@ -165,7 +165,7 @@ def get_lake_iam_policy_output(lake: Optional[pulumi.Input[str]] = None, __args__['lake'] = lake __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:dataplex/getLakeIamPolicy:getLakeIamPolicy', __args__, opts=opts, typ=GetLakeIamPolicyResult) return __ret__.apply(lambda __response__: GetLakeIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/dataplex/get_task_iam_policy.py b/sdk/python/pulumi_gcp/dataplex/get_task_iam_policy.py index 564628a7aa..99387c47c3 100644 --- a/sdk/python/pulumi_gcp/dataplex/get_task_iam_policy.py +++ b/sdk/python/pulumi_gcp/dataplex/get_task_iam_policy.py @@ -160,7 +160,7 @@ def get_task_iam_policy_output(lake: Optional[pulumi.Input[str]] = None, location: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, task_id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetTaskIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetTaskIamPolicyResult]: """ Retrieves the current IAM policy data for task @@ -191,7 +191,7 @@ def get_task_iam_policy_output(lake: Optional[pulumi.Input[str]] = None, __args__['location'] = location __args__['project'] = project __args__['taskId'] = task_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:dataplex/getTaskIamPolicy:getTaskIamPolicy', __args__, opts=opts, typ=GetTaskIamPolicyResult) return __ret__.apply(lambda __response__: GetTaskIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/dataplex/get_zone_iam_policy.py b/sdk/python/pulumi_gcp/dataplex/get_zone_iam_policy.py index f01cd7d9a9..88d784d476 100644 --- a/sdk/python/pulumi_gcp/dataplex/get_zone_iam_policy.py +++ b/sdk/python/pulumi_gcp/dataplex/get_zone_iam_policy.py @@ -155,7 +155,7 @@ def get_zone_iam_policy_output(dataplex_zone: Optional[pulumi.Input[str]] = None lake: Optional[pulumi.Input[str]] = None, location: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetZoneIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetZoneIamPolicyResult]: """ Retrieves the current IAM policy data for zone @@ -181,7 +181,7 @@ def get_zone_iam_policy_output(dataplex_zone: Optional[pulumi.Input[str]] = None __args__['lake'] = lake __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:dataplex/getZoneIamPolicy:getZoneIamPolicy', __args__, opts=opts, typ=GetZoneIamPolicyResult) return __ret__.apply(lambda __response__: GetZoneIamPolicyResult( dataplex_zone=pulumi.get(__response__, 'dataplex_zone'), diff --git a/sdk/python/pulumi_gcp/dataproc/get_autoscaling_policy_iam_policy.py b/sdk/python/pulumi_gcp/dataproc/get_autoscaling_policy_iam_policy.py index c8343cb3b0..bb4ccfb805 100644 --- a/sdk/python/pulumi_gcp/dataproc/get_autoscaling_policy_iam_policy.py +++ b/sdk/python/pulumi_gcp/dataproc/get_autoscaling_policy_iam_policy.py @@ -149,7 +149,7 @@ def get_autoscaling_policy_iam_policy(location: Optional[str] = None, def get_autoscaling_policy_iam_policy_output(location: Optional[pulumi.Input[Optional[str]]] = None, policy_id: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAutoscalingPolicyIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAutoscalingPolicyIamPolicyResult]: """ Retrieves the current IAM policy data for autoscalingpolicy @@ -181,7 +181,7 @@ def get_autoscaling_policy_iam_policy_output(location: Optional[pulumi.Input[Opt __args__['location'] = location __args__['policyId'] = policy_id __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:dataproc/getAutoscalingPolicyIamPolicy:getAutoscalingPolicyIamPolicy', __args__, opts=opts, typ=GetAutoscalingPolicyIamPolicyResult) return __ret__.apply(lambda __response__: GetAutoscalingPolicyIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/dataproc/get_cluster_iam_policy.py b/sdk/python/pulumi_gcp/dataproc/get_cluster_iam_policy.py index d347981c66..46df581cd9 100644 --- a/sdk/python/pulumi_gcp/dataproc/get_cluster_iam_policy.py +++ b/sdk/python/pulumi_gcp/dataproc/get_cluster_iam_policy.py @@ -137,7 +137,7 @@ def get_cluster_iam_policy(cluster: Optional[str] = None, def get_cluster_iam_policy_output(cluster: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetClusterIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetClusterIamPolicyResult]: """ Retrieves the current IAM policy data for a Dataproc cluster. @@ -158,7 +158,7 @@ def get_cluster_iam_policy_output(cluster: Optional[pulumi.Input[str]] = None, __args__['cluster'] = cluster __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:dataproc/getClusterIamPolicy:getClusterIamPolicy', __args__, opts=opts, typ=GetClusterIamPolicyResult) return __ret__.apply(lambda __response__: GetClusterIamPolicyResult( cluster=pulumi.get(__response__, 'cluster'), diff --git a/sdk/python/pulumi_gcp/dataproc/get_job_iam_policy.py b/sdk/python/pulumi_gcp/dataproc/get_job_iam_policy.py index 3f963f9f17..1c740c6a09 100644 --- a/sdk/python/pulumi_gcp/dataproc/get_job_iam_policy.py +++ b/sdk/python/pulumi_gcp/dataproc/get_job_iam_policy.py @@ -137,7 +137,7 @@ def get_job_iam_policy(job_id: Optional[str] = None, def get_job_iam_policy_output(job_id: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetJobIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetJobIamPolicyResult]: """ Retrieves the current IAM policy data for a Dataproc job. @@ -158,7 +158,7 @@ def get_job_iam_policy_output(job_id: Optional[pulumi.Input[str]] = None, __args__['jobId'] = job_id __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:dataproc/getJobIamPolicy:getJobIamPolicy', __args__, opts=opts, typ=GetJobIamPolicyResult) return __ret__.apply(lambda __response__: GetJobIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/dataproc/get_metastore_federation_iam_policy.py b/sdk/python/pulumi_gcp/dataproc/get_metastore_federation_iam_policy.py index 3a8eea6879..86aa799b21 100644 --- a/sdk/python/pulumi_gcp/dataproc/get_metastore_federation_iam_policy.py +++ b/sdk/python/pulumi_gcp/dataproc/get_metastore_federation_iam_policy.py @@ -144,7 +144,7 @@ def get_metastore_federation_iam_policy(federation_id: Optional[str] = None, def get_metastore_federation_iam_policy_output(federation_id: Optional[pulumi.Input[str]] = None, location: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetMetastoreFederationIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetMetastoreFederationIamPolicyResult]: """ Retrieves the current IAM policy data for federation @@ -171,7 +171,7 @@ def get_metastore_federation_iam_policy_output(federation_id: Optional[pulumi.In __args__['federationId'] = federation_id __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:dataproc/getMetastoreFederationIamPolicy:getMetastoreFederationIamPolicy', __args__, opts=opts, typ=GetMetastoreFederationIamPolicyResult) return __ret__.apply(lambda __response__: GetMetastoreFederationIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/dataproc/get_metastore_service.py b/sdk/python/pulumi_gcp/dataproc/get_metastore_service.py index e969eb3418..7d1f60bee4 100644 --- a/sdk/python/pulumi_gcp/dataproc/get_metastore_service.py +++ b/sdk/python/pulumi_gcp/dataproc/get_metastore_service.py @@ -347,7 +347,7 @@ def get_metastore_service(location: Optional[str] = None, def get_metastore_service_output(location: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, service_id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetMetastoreServiceResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetMetastoreServiceResult]: """ Get a Dataproc Metastore service from Google Cloud by its id and location. @@ -373,7 +373,7 @@ def get_metastore_service_output(location: Optional[pulumi.Input[str]] = None, __args__['location'] = location __args__['project'] = project __args__['serviceId'] = service_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:dataproc/getMetastoreService:getMetastoreService', __args__, opts=opts, typ=GetMetastoreServiceResult) return __ret__.apply(lambda __response__: GetMetastoreServiceResult( artifact_gcs_uri=pulumi.get(__response__, 'artifact_gcs_uri'), diff --git a/sdk/python/pulumi_gcp/dataproc/get_metastore_service_iam_policy.py b/sdk/python/pulumi_gcp/dataproc/get_metastore_service_iam_policy.py index 60ee3e5a9b..c31c09df38 100644 --- a/sdk/python/pulumi_gcp/dataproc/get_metastore_service_iam_policy.py +++ b/sdk/python/pulumi_gcp/dataproc/get_metastore_service_iam_policy.py @@ -145,7 +145,7 @@ def get_metastore_service_iam_policy(location: Optional[str] = None, def get_metastore_service_iam_policy_output(location: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, service_id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetMetastoreServiceIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetMetastoreServiceIamPolicyResult]: """ Retrieves the current IAM policy data for service @@ -173,7 +173,7 @@ def get_metastore_service_iam_policy_output(location: Optional[pulumi.Input[Opti __args__['location'] = location __args__['project'] = project __args__['serviceId'] = service_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:dataproc/getMetastoreServiceIamPolicy:getMetastoreServiceIamPolicy', __args__, opts=opts, typ=GetMetastoreServiceIamPolicyResult) return __ret__.apply(lambda __response__: GetMetastoreServiceIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/datastream/get_static_ips.py b/sdk/python/pulumi_gcp/datastream/get_static_ips.py index e31d555aaa..e91ec45808 100644 --- a/sdk/python/pulumi_gcp/datastream/get_static_ips.py +++ b/sdk/python/pulumi_gcp/datastream/get_static_ips.py @@ -114,7 +114,7 @@ def get_static_ips(location: Optional[str] = None, static_ips=pulumi.get(__ret__, 'static_ips')) def get_static_ips_output(location: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetStaticIpsResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetStaticIpsResult]: """ Returns the list of IP addresses that Datastream connects from. For more information see the [official documentation](https://cloud.google.com/datastream/docs/ip-allowlists-and-regions). @@ -137,7 +137,7 @@ def get_static_ips_output(location: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:datastream/getStaticIps:getStaticIps', __args__, opts=opts, typ=GetStaticIpsResult) return __ret__.apply(lambda __response__: GetStaticIpsResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/dns/get_keys.py b/sdk/python/pulumi_gcp/dns/get_keys.py index 893bc5ad35..3f5822e1d4 100644 --- a/sdk/python/pulumi_gcp/dns/get_keys.py +++ b/sdk/python/pulumi_gcp/dns/get_keys.py @@ -142,7 +142,7 @@ def get_keys(managed_zone: Optional[str] = None, zone_signing_keys=pulumi.get(__ret__, 'zone_signing_keys')) def get_keys_output(managed_zone: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetKeysResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetKeysResult]: """ Get the DNSKEY and DS records of DNSSEC-signed managed zones. @@ -179,7 +179,7 @@ def get_keys_output(managed_zone: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['managedZone'] = managed_zone __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:dns/getKeys:getKeys', __args__, opts=opts, typ=GetKeysResult) return __ret__.apply(lambda __response__: GetKeysResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/dns/get_managed_zone.py b/sdk/python/pulumi_gcp/dns/get_managed_zone.py index 29b668471e..87879cfbdf 100644 --- a/sdk/python/pulumi_gcp/dns/get_managed_zone.py +++ b/sdk/python/pulumi_gcp/dns/get_managed_zone.py @@ -168,7 +168,7 @@ def get_managed_zone(name: Optional[str] = None, visibility=pulumi.get(__ret__, 'visibility')) def get_managed_zone_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetManagedZoneResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetManagedZoneResult]: """ Provides access to a zone's attributes within Google Cloud DNS. For more information see @@ -196,7 +196,7 @@ def get_managed_zone_output(name: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:dns/getManagedZone:getManagedZone', __args__, opts=opts, typ=GetManagedZoneResult) return __ret__.apply(lambda __response__: GetManagedZoneResult( description=pulumi.get(__response__, 'description'), diff --git a/sdk/python/pulumi_gcp/dns/get_managed_zone_iam_policy.py b/sdk/python/pulumi_gcp/dns/get_managed_zone_iam_policy.py index 7f0627c520..759cbab43d 100644 --- a/sdk/python/pulumi_gcp/dns/get_managed_zone_iam_policy.py +++ b/sdk/python/pulumi_gcp/dns/get_managed_zone_iam_policy.py @@ -127,7 +127,7 @@ def get_managed_zone_iam_policy(managed_zone: Optional[str] = None, project=pulumi.get(__ret__, 'project')) def get_managed_zone_iam_policy_output(managed_zone: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetManagedZoneIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetManagedZoneIamPolicyResult]: """ Retrieves the current IAM policy data for managedzone @@ -149,7 +149,7 @@ def get_managed_zone_iam_policy_output(managed_zone: Optional[pulumi.Input[str]] __args__ = dict() __args__['managedZone'] = managed_zone __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:dns/getManagedZoneIamPolicy:getManagedZoneIamPolicy', __args__, opts=opts, typ=GetManagedZoneIamPolicyResult) return __ret__.apply(lambda __response__: GetManagedZoneIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/dns/get_managed_zones.py b/sdk/python/pulumi_gcp/dns/get_managed_zones.py index 5e552de5ec..195400d9ac 100644 --- a/sdk/python/pulumi_gcp/dns/get_managed_zones.py +++ b/sdk/python/pulumi_gcp/dns/get_managed_zones.py @@ -97,7 +97,7 @@ def get_managed_zones(project: Optional[str] = None, managed_zones=pulumi.get(__ret__, 'managed_zones'), project=pulumi.get(__ret__, 'project')) def get_managed_zones_output(project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetManagedZonesResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetManagedZonesResult]: """ Provides access to a list of zones within Google Cloud DNS. For more information see @@ -117,7 +117,7 @@ def get_managed_zones_output(project: Optional[pulumi.Input[Optional[str]]] = No """ __args__ = dict() __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:dns/getManagedZones:getManagedZones', __args__, opts=opts, typ=GetManagedZonesResult) return __ret__.apply(lambda __response__: GetManagedZonesResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/dns/get_record_set.py b/sdk/python/pulumi_gcp/dns/get_record_set.py index c185625ac3..582de00e29 100644 --- a/sdk/python/pulumi_gcp/dns/get_record_set.py +++ b/sdk/python/pulumi_gcp/dns/get_record_set.py @@ -159,7 +159,7 @@ def get_record_set_output(managed_zone: Optional[pulumi.Input[str]] = None, name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, type: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRecordSetResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetRecordSetResult]: """ Get a DNS record set within Google Cloud DNS For more information see @@ -190,7 +190,7 @@ def get_record_set_output(managed_zone: Optional[pulumi.Input[str]] = None, __args__['name'] = name __args__['project'] = project __args__['type'] = type - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:dns/getRecordSet:getRecordSet', __args__, opts=opts, typ=GetRecordSetResult) return __ret__.apply(lambda __response__: GetRecordSetResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/endpoints/get_service_consumers_iam_policy.py b/sdk/python/pulumi_gcp/endpoints/get_service_consumers_iam_policy.py index d3af9520cc..c88357de0a 100644 --- a/sdk/python/pulumi_gcp/endpoints/get_service_consumers_iam_policy.py +++ b/sdk/python/pulumi_gcp/endpoints/get_service_consumers_iam_policy.py @@ -112,14 +112,14 @@ def get_service_consumers_iam_policy(consumer_project: Optional[str] = None, service_name=pulumi.get(__ret__, 'service_name')) def get_service_consumers_iam_policy_output(consumer_project: Optional[pulumi.Input[str]] = None, service_name: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetServiceConsumersIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetServiceConsumersIamPolicyResult]: """ Retrieves the current IAM policy data for serviceconsumers """ __args__ = dict() __args__['consumerProject'] = consumer_project __args__['serviceName'] = service_name - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:endpoints/getServiceConsumersIamPolicy:getServiceConsumersIamPolicy', __args__, opts=opts, typ=GetServiceConsumersIamPolicyResult) return __ret__.apply(lambda __response__: GetServiceConsumersIamPolicyResult( consumer_project=pulumi.get(__response__, 'consumer_project'), diff --git a/sdk/python/pulumi_gcp/endpoints/get_service_iam_policy.py b/sdk/python/pulumi_gcp/endpoints/get_service_iam_policy.py index 2440735410..62734596c8 100644 --- a/sdk/python/pulumi_gcp/endpoints/get_service_iam_policy.py +++ b/sdk/python/pulumi_gcp/endpoints/get_service_iam_policy.py @@ -108,7 +108,7 @@ def get_service_iam_policy(service_name: Optional[str] = None, policy_data=pulumi.get(__ret__, 'policy_data'), service_name=pulumi.get(__ret__, 'service_name')) def get_service_iam_policy_output(service_name: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetServiceIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetServiceIamPolicyResult]: """ Retrieves the current IAM policy data for service @@ -123,7 +123,7 @@ def get_service_iam_policy_output(service_name: Optional[pulumi.Input[str]] = No """ __args__ = dict() __args__['serviceName'] = service_name - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:endpoints/getServiceIamPolicy:getServiceIamPolicy', __args__, opts=opts, typ=GetServiceIamPolicyResult) return __ret__.apply(lambda __response__: GetServiceIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/filestore/get_instance.py b/sdk/python/pulumi_gcp/filestore/get_instance.py index c11956a8a6..8c25a46fbf 100644 --- a/sdk/python/pulumi_gcp/filestore/get_instance.py +++ b/sdk/python/pulumi_gcp/filestore/get_instance.py @@ -271,7 +271,7 @@ def get_instance(location: Optional[str] = None, def get_instance_output(location: Optional[pulumi.Input[Optional[str]]] = None, name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetInstanceResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetInstanceResult]: """ Get info about a Google Cloud Filestore instance. @@ -301,7 +301,7 @@ def get_instance_output(location: Optional[pulumi.Input[Optional[str]]] = None, __args__['location'] = location __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:filestore/getInstance:getInstance', __args__, opts=opts, typ=GetInstanceResult) return __ret__.apply(lambda __response__: GetInstanceResult( create_time=pulumi.get(__response__, 'create_time'), diff --git a/sdk/python/pulumi_gcp/firebase/get_android_app.py b/sdk/python/pulumi_gcp/firebase/get_android_app.py index f884c841cf..fcb22fc221 100644 --- a/sdk/python/pulumi_gcp/firebase/get_android_app.py +++ b/sdk/python/pulumi_gcp/firebase/get_android_app.py @@ -196,7 +196,7 @@ def get_android_app(app_id: Optional[str] = None, sha256_hashes=pulumi.get(__ret__, 'sha256_hashes')) def get_android_app_output(app_id: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAndroidAppResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAndroidAppResult]: """ Use this data source to access information about an existing resource. @@ -210,7 +210,7 @@ def get_android_app_output(app_id: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['appId'] = app_id __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:firebase/getAndroidApp:getAndroidApp', __args__, opts=opts, typ=GetAndroidAppResult) return __ret__.apply(lambda __response__: GetAndroidAppResult( api_key_id=pulumi.get(__response__, 'api_key_id'), diff --git a/sdk/python/pulumi_gcp/firebase/get_android_app_config.py b/sdk/python/pulumi_gcp/firebase/get_android_app_config.py index 27a4fde260..7dbaf20d33 100644 --- a/sdk/python/pulumi_gcp/firebase/get_android_app_config.py +++ b/sdk/python/pulumi_gcp/firebase/get_android_app_config.py @@ -102,14 +102,14 @@ def get_android_app_config(app_id: Optional[str] = None, project=pulumi.get(__ret__, 'project')) def get_android_app_config_output(app_id: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAndroidAppConfigResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAndroidAppConfigResult]: """ Use this data source to access information about an existing resource. """ __args__ = dict() __args__['appId'] = app_id __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:firebase/getAndroidAppConfig:getAndroidAppConfig', __args__, opts=opts, typ=GetAndroidAppConfigResult) return __ret__.apply(lambda __response__: GetAndroidAppConfigResult( app_id=pulumi.get(__response__, 'app_id'), diff --git a/sdk/python/pulumi_gcp/firebase/get_apple_app.py b/sdk/python/pulumi_gcp/firebase/get_apple_app.py index 38197d01d0..a14edd7612 100644 --- a/sdk/python/pulumi_gcp/firebase/get_apple_app.py +++ b/sdk/python/pulumi_gcp/firebase/get_apple_app.py @@ -182,7 +182,7 @@ def get_apple_app(app_id: Optional[str] = None, team_id=pulumi.get(__ret__, 'team_id')) def get_apple_app_output(app_id: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAppleAppResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAppleAppResult]: """ Use this data source to access information about an existing resource. @@ -196,7 +196,7 @@ def get_apple_app_output(app_id: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['appId'] = app_id __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:firebase/getAppleApp:getAppleApp', __args__, opts=opts, typ=GetAppleAppResult) return __ret__.apply(lambda __response__: GetAppleAppResult( api_key_id=pulumi.get(__response__, 'api_key_id'), diff --git a/sdk/python/pulumi_gcp/firebase/get_apple_app_config.py b/sdk/python/pulumi_gcp/firebase/get_apple_app_config.py index 7b3cfe1ee9..a508f0fe71 100644 --- a/sdk/python/pulumi_gcp/firebase/get_apple_app_config.py +++ b/sdk/python/pulumi_gcp/firebase/get_apple_app_config.py @@ -114,7 +114,7 @@ def get_apple_app_config(app_id: Optional[str] = None, project=pulumi.get(__ret__, 'project')) def get_apple_app_config_output(app_id: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAppleAppConfigResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAppleAppConfigResult]: """ Use this data source to access information about an existing resource. @@ -127,7 +127,7 @@ def get_apple_app_config_output(app_id: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['appId'] = app_id __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:firebase/getAppleAppConfig:getAppleAppConfig', __args__, opts=opts, typ=GetAppleAppConfigResult) return __ret__.apply(lambda __response__: GetAppleAppConfigResult( app_id=pulumi.get(__response__, 'app_id'), diff --git a/sdk/python/pulumi_gcp/firebase/get_hosting_channel.py b/sdk/python/pulumi_gcp/firebase/get_hosting_channel.py index b1f0222462..57271549ca 100644 --- a/sdk/python/pulumi_gcp/firebase/get_hosting_channel.py +++ b/sdk/python/pulumi_gcp/firebase/get_hosting_channel.py @@ -161,7 +161,7 @@ def get_hosting_channel(channel_id: Optional[str] = None, ttl=pulumi.get(__ret__, 'ttl')) def get_hosting_channel_output(channel_id: Optional[pulumi.Input[str]] = None, site_id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetHostingChannelResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetHostingChannelResult]: """ Use this data source to access information about an existing resource. @@ -171,7 +171,7 @@ def get_hosting_channel_output(channel_id: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['channelId'] = channel_id __args__['siteId'] = site_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:firebase/getHostingChannel:getHostingChannel', __args__, opts=opts, typ=GetHostingChannelResult) return __ret__.apply(lambda __response__: GetHostingChannelResult( channel_id=pulumi.get(__response__, 'channel_id'), diff --git a/sdk/python/pulumi_gcp/firebase/get_web_app.py b/sdk/python/pulumi_gcp/firebase/get_web_app.py index 69aa9cdcd1..81c1cac03c 100644 --- a/sdk/python/pulumi_gcp/firebase/get_web_app.py +++ b/sdk/python/pulumi_gcp/firebase/get_web_app.py @@ -151,7 +151,7 @@ def get_web_app(app_id: Optional[str] = None, project=pulumi.get(__ret__, 'project')) def get_web_app_output(app_id: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetWebAppResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetWebAppResult]: """ A Google Cloud Firebase web application instance @@ -166,7 +166,7 @@ def get_web_app_output(app_id: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['appId'] = app_id __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:firebase/getWebApp:getWebApp', __args__, opts=opts, typ=GetWebAppResult) return __ret__.apply(lambda __response__: GetWebAppResult( api_key_id=pulumi.get(__response__, 'api_key_id'), diff --git a/sdk/python/pulumi_gcp/firebase/get_web_app_config.py b/sdk/python/pulumi_gcp/firebase/get_web_app_config.py index 1807144598..913e0730a7 100644 --- a/sdk/python/pulumi_gcp/firebase/get_web_app_config.py +++ b/sdk/python/pulumi_gcp/firebase/get_web_app_config.py @@ -195,7 +195,7 @@ def get_web_app_config(project: Optional[str] = None, web_app_id=pulumi.get(__ret__, 'web_app_id')) def get_web_app_config_output(project: Optional[pulumi.Input[Optional[str]]] = None, web_app_id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetWebAppConfigResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetWebAppConfigResult]: """ A Google Cloud Firebase web application configuration @@ -215,7 +215,7 @@ def get_web_app_config_output(project: Optional[pulumi.Input[Optional[str]]] = N __args__ = dict() __args__['project'] = project __args__['webAppId'] = web_app_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:firebase/getWebAppConfig:getWebAppConfig', __args__, opts=opts, typ=GetWebAppConfigResult) return __ret__.apply(lambda __response__: GetWebAppConfigResult( api_key=pulumi.get(__response__, 'api_key'), diff --git a/sdk/python/pulumi_gcp/folder/get_iam_policy.py b/sdk/python/pulumi_gcp/folder/get_iam_policy.py index 190b2f1cb0..36b6cae787 100644 --- a/sdk/python/pulumi_gcp/folder/get_iam_policy.py +++ b/sdk/python/pulumi_gcp/folder/get_iam_policy.py @@ -110,7 +110,7 @@ def get_iam_policy(folder: Optional[str] = None, id=pulumi.get(__ret__, 'id'), policy_data=pulumi.get(__ret__, 'policy_data')) def get_iam_policy_output(folder: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetIamPolicyResult]: """ Retrieves the current IAM policy data for a folder. @@ -128,7 +128,7 @@ def get_iam_policy_output(folder: Optional[pulumi.Input[str]] = None, """ __args__ = dict() __args__['folder'] = folder - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:folder/getIamPolicy:getIamPolicy', __args__, opts=opts, typ=GetIamPolicyResult) return __ret__.apply(lambda __response__: GetIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/folder/get_organization_policy.py b/sdk/python/pulumi_gcp/folder/get_organization_policy.py index ccadc070b4..51c813b3ad 100644 --- a/sdk/python/pulumi_gcp/folder/get_organization_policy.py +++ b/sdk/python/pulumi_gcp/folder/get_organization_policy.py @@ -163,7 +163,7 @@ def get_organization_policy(constraint: Optional[str] = None, version=pulumi.get(__ret__, 'version')) def get_organization_policy_output(constraint: Optional[pulumi.Input[str]] = None, folder: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetOrganizationPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetOrganizationPolicyResult]: """ Allows management of Organization policies for a Google Folder. For more information see [the official @@ -187,7 +187,7 @@ def get_organization_policy_output(constraint: Optional[pulumi.Input[str]] = Non __args__ = dict() __args__['constraint'] = constraint __args__['folder'] = folder - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:folder/getOrganizationPolicy:getOrganizationPolicy', __args__, opts=opts, typ=GetOrganizationPolicyResult) return __ret__.apply(lambda __response__: GetOrganizationPolicyResult( boolean_policies=pulumi.get(__response__, 'boolean_policies'), diff --git a/sdk/python/pulumi_gcp/gkebackup/get_backup_plan_iam_policy.py b/sdk/python/pulumi_gcp/gkebackup/get_backup_plan_iam_policy.py index 1cf71eb06e..44f9801f69 100644 --- a/sdk/python/pulumi_gcp/gkebackup/get_backup_plan_iam_policy.py +++ b/sdk/python/pulumi_gcp/gkebackup/get_backup_plan_iam_policy.py @@ -145,7 +145,7 @@ def get_backup_plan_iam_policy(location: Optional[str] = None, def get_backup_plan_iam_policy_output(location: Optional[pulumi.Input[Optional[str]]] = None, name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetBackupPlanIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetBackupPlanIamPolicyResult]: """ Retrieves the current IAM policy data for backupplan @@ -173,7 +173,7 @@ def get_backup_plan_iam_policy_output(location: Optional[pulumi.Input[Optional[s __args__['location'] = location __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:gkebackup/getBackupPlanIamPolicy:getBackupPlanIamPolicy', __args__, opts=opts, typ=GetBackupPlanIamPolicyResult) return __ret__.apply(lambda __response__: GetBackupPlanIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/gkebackup/get_restore_plan_iam_policy.py b/sdk/python/pulumi_gcp/gkebackup/get_restore_plan_iam_policy.py index 947142dee0..1add7d33d6 100644 --- a/sdk/python/pulumi_gcp/gkebackup/get_restore_plan_iam_policy.py +++ b/sdk/python/pulumi_gcp/gkebackup/get_restore_plan_iam_policy.py @@ -145,7 +145,7 @@ def get_restore_plan_iam_policy(location: Optional[str] = None, def get_restore_plan_iam_policy_output(location: Optional[pulumi.Input[Optional[str]]] = None, name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRestorePlanIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetRestorePlanIamPolicyResult]: """ Retrieves the current IAM policy data for restoreplan @@ -173,7 +173,7 @@ def get_restore_plan_iam_policy_output(location: Optional[pulumi.Input[Optional[ __args__['location'] = location __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:gkebackup/getRestorePlanIamPolicy:getRestorePlanIamPolicy', __args__, opts=opts, typ=GetRestorePlanIamPolicyResult) return __ret__.apply(lambda __response__: GetRestorePlanIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/gkehub/get_feature_iam_policy.py b/sdk/python/pulumi_gcp/gkehub/get_feature_iam_policy.py index b3f57f93c8..b2b9374452 100644 --- a/sdk/python/pulumi_gcp/gkehub/get_feature_iam_policy.py +++ b/sdk/python/pulumi_gcp/gkehub/get_feature_iam_policy.py @@ -144,7 +144,7 @@ def get_feature_iam_policy(location: Optional[str] = None, def get_feature_iam_policy_output(location: Optional[pulumi.Input[Optional[str]]] = None, name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetFeatureIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetFeatureIamPolicyResult]: """ Retrieves the current IAM policy data for feature @@ -171,7 +171,7 @@ def get_feature_iam_policy_output(location: Optional[pulumi.Input[Optional[str]] __args__['location'] = location __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:gkehub/getFeatureIamPolicy:getFeatureIamPolicy', __args__, opts=opts, typ=GetFeatureIamPolicyResult) return __ret__.apply(lambda __response__: GetFeatureIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/gkehub/get_membership_binding.py b/sdk/python/pulumi_gcp/gkehub/get_membership_binding.py index 6fb86cb04e..c438b9e75f 100644 --- a/sdk/python/pulumi_gcp/gkehub/get_membership_binding.py +++ b/sdk/python/pulumi_gcp/gkehub/get_membership_binding.py @@ -212,7 +212,7 @@ def get_membership_binding_output(location: Optional[pulumi.Input[str]] = None, membership_binding_id: Optional[pulumi.Input[str]] = None, membership_id: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetMembershipBindingResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetMembershipBindingResult]: """ Use this data source to access information about an existing resource. """ @@ -221,7 +221,7 @@ def get_membership_binding_output(location: Optional[pulumi.Input[str]] = None, __args__['membershipBindingId'] = membership_binding_id __args__['membershipId'] = membership_id __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:gkehub/getMembershipBinding:getMembershipBinding', __args__, opts=opts, typ=GetMembershipBindingResult) return __ret__.apply(lambda __response__: GetMembershipBindingResult( create_time=pulumi.get(__response__, 'create_time'), diff --git a/sdk/python/pulumi_gcp/gkehub/get_membership_iam_policy.py b/sdk/python/pulumi_gcp/gkehub/get_membership_iam_policy.py index 6f8e4869cc..0676e69153 100644 --- a/sdk/python/pulumi_gcp/gkehub/get_membership_iam_policy.py +++ b/sdk/python/pulumi_gcp/gkehub/get_membership_iam_policy.py @@ -145,7 +145,7 @@ def get_membership_iam_policy(location: Optional[str] = None, def get_membership_iam_policy_output(location: Optional[pulumi.Input[Optional[str]]] = None, membership_id: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetMembershipIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetMembershipIamPolicyResult]: """ Retrieves the current IAM policy data for membership @@ -173,7 +173,7 @@ def get_membership_iam_policy_output(location: Optional[pulumi.Input[Optional[st __args__['location'] = location __args__['membershipId'] = membership_id __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:gkehub/getMembershipIamPolicy:getMembershipIamPolicy', __args__, opts=opts, typ=GetMembershipIamPolicyResult) return __ret__.apply(lambda __response__: GetMembershipIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/gkehub/get_scope_iam_policy.py b/sdk/python/pulumi_gcp/gkehub/get_scope_iam_policy.py index c66baabf17..e1cca6ece8 100644 --- a/sdk/python/pulumi_gcp/gkehub/get_scope_iam_policy.py +++ b/sdk/python/pulumi_gcp/gkehub/get_scope_iam_policy.py @@ -126,7 +126,7 @@ def get_scope_iam_policy(project: Optional[str] = None, scope_id=pulumi.get(__ret__, 'scope_id')) def get_scope_iam_policy_output(project: Optional[pulumi.Input[Optional[str]]] = None, scope_id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetScopeIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetScopeIamPolicyResult]: """ Retrieves the current IAM policy data for scope @@ -147,7 +147,7 @@ def get_scope_iam_policy_output(project: Optional[pulumi.Input[Optional[str]]] = __args__ = dict() __args__['project'] = project __args__['scopeId'] = scope_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:gkehub/getScopeIamPolicy:getScopeIamPolicy', __args__, opts=opts, typ=GetScopeIamPolicyResult) return __ret__.apply(lambda __response__: GetScopeIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/healthcare/get_consent_store_iam_policy.py b/sdk/python/pulumi_gcp/healthcare/get_consent_store_iam_policy.py index b7ea9ea136..339ba821ab 100644 --- a/sdk/python/pulumi_gcp/healthcare/get_consent_store_iam_policy.py +++ b/sdk/python/pulumi_gcp/healthcare/get_consent_store_iam_policy.py @@ -128,7 +128,7 @@ def get_consent_store_iam_policy(consent_store_id: Optional[str] = None, policy_data=pulumi.get(__ret__, 'policy_data')) def get_consent_store_iam_policy_output(consent_store_id: Optional[pulumi.Input[str]] = None, dataset: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetConsentStoreIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetConsentStoreIamPolicyResult]: """ Retrieves the current IAM policy data for consentstore @@ -151,7 +151,7 @@ def get_consent_store_iam_policy_output(consent_store_id: Optional[pulumi.Input[ __args__ = dict() __args__['consentStoreId'] = consent_store_id __args__['dataset'] = dataset - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:healthcare/getConsentStoreIamPolicy:getConsentStoreIamPolicy', __args__, opts=opts, typ=GetConsentStoreIamPolicyResult) return __ret__.apply(lambda __response__: GetConsentStoreIamPolicyResult( consent_store_id=pulumi.get(__response__, 'consent_store_id'), diff --git a/sdk/python/pulumi_gcp/healthcare/get_dataset_iam_policy.py b/sdk/python/pulumi_gcp/healthcare/get_dataset_iam_policy.py index 605437ecd1..8eae2b3f31 100644 --- a/sdk/python/pulumi_gcp/healthcare/get_dataset_iam_policy.py +++ b/sdk/python/pulumi_gcp/healthcare/get_dataset_iam_policy.py @@ -113,7 +113,7 @@ def get_dataset_iam_policy(dataset_id: Optional[str] = None, id=pulumi.get(__ret__, 'id'), policy_data=pulumi.get(__ret__, 'policy_data')) def get_dataset_iam_policy_output(dataset_id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetDatasetIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetDatasetIamPolicyResult]: """ Retrieves the current IAM policy data for a Google Cloud Healthcare dataset. @@ -134,7 +134,7 @@ def get_dataset_iam_policy_output(dataset_id: Optional[pulumi.Input[str]] = None """ __args__ = dict() __args__['datasetId'] = dataset_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:healthcare/getDatasetIamPolicy:getDatasetIamPolicy', __args__, opts=opts, typ=GetDatasetIamPolicyResult) return __ret__.apply(lambda __response__: GetDatasetIamPolicyResult( dataset_id=pulumi.get(__response__, 'dataset_id'), diff --git a/sdk/python/pulumi_gcp/healthcare/get_dicom_store_iam_policy.py b/sdk/python/pulumi_gcp/healthcare/get_dicom_store_iam_policy.py index 5f79a5bb2d..a80d1bd7f4 100644 --- a/sdk/python/pulumi_gcp/healthcare/get_dicom_store_iam_policy.py +++ b/sdk/python/pulumi_gcp/healthcare/get_dicom_store_iam_policy.py @@ -113,7 +113,7 @@ def get_dicom_store_iam_policy(dicom_store_id: Optional[str] = None, id=pulumi.get(__ret__, 'id'), policy_data=pulumi.get(__ret__, 'policy_data')) def get_dicom_store_iam_policy_output(dicom_store_id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetDicomStoreIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetDicomStoreIamPolicyResult]: """ Retrieves the current IAM policy data for a Google Cloud Healthcare DICOM store. @@ -134,7 +134,7 @@ def get_dicom_store_iam_policy_output(dicom_store_id: Optional[pulumi.Input[str] """ __args__ = dict() __args__['dicomStoreId'] = dicom_store_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:healthcare/getDicomStoreIamPolicy:getDicomStoreIamPolicy', __args__, opts=opts, typ=GetDicomStoreIamPolicyResult) return __ret__.apply(lambda __response__: GetDicomStoreIamPolicyResult( dicom_store_id=pulumi.get(__response__, 'dicom_store_id'), diff --git a/sdk/python/pulumi_gcp/healthcare/get_fhir_store_iam_policy.py b/sdk/python/pulumi_gcp/healthcare/get_fhir_store_iam_policy.py index 3e4b16693e..f9e34ca87c 100644 --- a/sdk/python/pulumi_gcp/healthcare/get_fhir_store_iam_policy.py +++ b/sdk/python/pulumi_gcp/healthcare/get_fhir_store_iam_policy.py @@ -113,7 +113,7 @@ def get_fhir_store_iam_policy(fhir_store_id: Optional[str] = None, id=pulumi.get(__ret__, 'id'), policy_data=pulumi.get(__ret__, 'policy_data')) def get_fhir_store_iam_policy_output(fhir_store_id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetFhirStoreIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetFhirStoreIamPolicyResult]: """ Retrieves the current IAM policy data for a Google Cloud Healthcare FHIR store. @@ -134,7 +134,7 @@ def get_fhir_store_iam_policy_output(fhir_store_id: Optional[pulumi.Input[str]] """ __args__ = dict() __args__['fhirStoreId'] = fhir_store_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:healthcare/getFhirStoreIamPolicy:getFhirStoreIamPolicy', __args__, opts=opts, typ=GetFhirStoreIamPolicyResult) return __ret__.apply(lambda __response__: GetFhirStoreIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/healthcare/get_hl7_v2_store_iam_policy.py b/sdk/python/pulumi_gcp/healthcare/get_hl7_v2_store_iam_policy.py index 6334f661d0..4ff1a3881a 100644 --- a/sdk/python/pulumi_gcp/healthcare/get_hl7_v2_store_iam_policy.py +++ b/sdk/python/pulumi_gcp/healthcare/get_hl7_v2_store_iam_policy.py @@ -113,7 +113,7 @@ def get_hl7_v2_store_iam_policy(hl7_v2_store_id: Optional[str] = None, id=pulumi.get(__ret__, 'id'), policy_data=pulumi.get(__ret__, 'policy_data')) def get_hl7_v2_store_iam_policy_output(hl7_v2_store_id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetHl7V2StoreIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetHl7V2StoreIamPolicyResult]: """ Retrieves the current IAM policy data for a Google Cloud Healthcare HL7v2 store. @@ -134,7 +134,7 @@ def get_hl7_v2_store_iam_policy_output(hl7_v2_store_id: Optional[pulumi.Input[st """ __args__ = dict() __args__['hl7V2StoreId'] = hl7_v2_store_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:healthcare/getHl7V2StoreIamPolicy:getHl7V2StoreIamPolicy', __args__, opts=opts, typ=GetHl7V2StoreIamPolicyResult) return __ret__.apply(lambda __response__: GetHl7V2StoreIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/iam/get_rule.py b/sdk/python/pulumi_gcp/iam/get_rule.py index d46cbb2c8d..262c13e1fd 100644 --- a/sdk/python/pulumi_gcp/iam/get_rule.py +++ b/sdk/python/pulumi_gcp/iam/get_rule.py @@ -122,7 +122,7 @@ def get_rule(name: Optional[str] = None, stage=pulumi.get(__ret__, 'stage'), title=pulumi.get(__ret__, 'title')) def get_rule_output(name: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRuleResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetRuleResult]: """ Use this data source to get information about a Google IAM Role. @@ -139,7 +139,7 @@ def get_rule_output(name: Optional[pulumi.Input[str]] = None, """ __args__ = dict() __args__['name'] = name - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:iam/getRule:getRule', __args__, opts=opts, typ=GetRuleResult) return __ret__.apply(lambda __response__: GetRuleResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/iam/get_testable_permissions.py b/sdk/python/pulumi_gcp/iam/get_testable_permissions.py index 1d6462508d..954d484526 100644 --- a/sdk/python/pulumi_gcp/iam/get_testable_permissions.py +++ b/sdk/python/pulumi_gcp/iam/get_testable_permissions.py @@ -135,7 +135,7 @@ def get_testable_permissions(custom_support_level: Optional[str] = None, def get_testable_permissions_output(custom_support_level: Optional[pulumi.Input[Optional[str]]] = None, full_resource_name: Optional[pulumi.Input[str]] = None, stages: Optional[pulumi.Input[Optional[Sequence[str]]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetTestablePermissionsResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetTestablePermissionsResult]: """ Retrieve a list of testable permissions for a resource. Testable permissions mean the permissions that user can add or remove in a role at a given resource. The resource can be referenced either via the full resource name or via a URI. @@ -163,7 +163,7 @@ def get_testable_permissions_output(custom_support_level: Optional[pulumi.Input[ __args__['customSupportLevel'] = custom_support_level __args__['fullResourceName'] = full_resource_name __args__['stages'] = stages - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:iam/getTestablePermissions:getTestablePermissions', __args__, opts=opts, typ=GetTestablePermissionsResult) return __ret__.apply(lambda __response__: GetTestablePermissionsResult( custom_support_level=pulumi.get(__response__, 'custom_support_level'), diff --git a/sdk/python/pulumi_gcp/iam/get_workload_identity_pool.py b/sdk/python/pulumi_gcp/iam/get_workload_identity_pool.py index 77f5d3876a..7a9e370edf 100644 --- a/sdk/python/pulumi_gcp/iam/get_workload_identity_pool.py +++ b/sdk/python/pulumi_gcp/iam/get_workload_identity_pool.py @@ -152,7 +152,7 @@ def get_workload_identity_pool(project: Optional[str] = None, workload_identity_pool_id=pulumi.get(__ret__, 'workload_identity_pool_id')) def get_workload_identity_pool_output(project: Optional[pulumi.Input[Optional[str]]] = None, workload_identity_pool_id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetWorkloadIdentityPoolResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetWorkloadIdentityPoolResult]: """ Get a IAM workload identity pool from Google Cloud by its id. > **Note:** The following resource requires the Beta IAM role `roles/iam.workloadIdentityPoolAdmin` in order to succeed. `OWNER` and `EDITOR` roles do not include the necessary permissions. @@ -176,7 +176,7 @@ def get_workload_identity_pool_output(project: Optional[pulumi.Input[Optional[st __args__ = dict() __args__['project'] = project __args__['workloadIdentityPoolId'] = workload_identity_pool_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:iam/getWorkloadIdentityPool:getWorkloadIdentityPool', __args__, opts=opts, typ=GetWorkloadIdentityPoolResult) return __ret__.apply(lambda __response__: GetWorkloadIdentityPoolResult( description=pulumi.get(__response__, 'description'), diff --git a/sdk/python/pulumi_gcp/iam/get_workload_identity_pool_provider.py b/sdk/python/pulumi_gcp/iam/get_workload_identity_pool_provider.py index 1037af24e8..dbd69cc52f 100644 --- a/sdk/python/pulumi_gcp/iam/get_workload_identity_pool_provider.py +++ b/sdk/python/pulumi_gcp/iam/get_workload_identity_pool_provider.py @@ -229,7 +229,7 @@ def get_workload_identity_pool_provider(project: Optional[str] = None, def get_workload_identity_pool_provider_output(project: Optional[pulumi.Input[Optional[str]]] = None, workload_identity_pool_id: Optional[pulumi.Input[str]] = None, workload_identity_pool_provider_id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetWorkloadIdentityPoolProviderResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetWorkloadIdentityPoolProviderResult]: """ Get a IAM workload identity provider from Google Cloud by its id. @@ -257,7 +257,7 @@ def get_workload_identity_pool_provider_output(project: Optional[pulumi.Input[Op __args__['project'] = project __args__['workloadIdentityPoolId'] = workload_identity_pool_id __args__['workloadIdentityPoolProviderId'] = workload_identity_pool_provider_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:iam/getWorkloadIdentityPoolProvider:getWorkloadIdentityPoolProvider', __args__, opts=opts, typ=GetWorkloadIdentityPoolProviderResult) return __ret__.apply(lambda __response__: GetWorkloadIdentityPoolProviderResult( attribute_condition=pulumi.get(__response__, 'attribute_condition'), diff --git a/sdk/python/pulumi_gcp/iap/get_app_engine_service_iam_policy.py b/sdk/python/pulumi_gcp/iap/get_app_engine_service_iam_policy.py index e87ff4847b..73915c29e1 100644 --- a/sdk/python/pulumi_gcp/iap/get_app_engine_service_iam_policy.py +++ b/sdk/python/pulumi_gcp/iap/get_app_engine_service_iam_policy.py @@ -142,7 +142,7 @@ def get_app_engine_service_iam_policy(app_id: Optional[str] = None, def get_app_engine_service_iam_policy_output(app_id: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, service: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAppEngineServiceIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAppEngineServiceIamPolicyResult]: """ Retrieves the current IAM policy data for appengineservice @@ -167,7 +167,7 @@ def get_app_engine_service_iam_policy_output(app_id: Optional[pulumi.Input[str]] __args__['appId'] = app_id __args__['project'] = project __args__['service'] = service - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:iap/getAppEngineServiceIamPolicy:getAppEngineServiceIamPolicy', __args__, opts=opts, typ=GetAppEngineServiceIamPolicyResult) return __ret__.apply(lambda __response__: GetAppEngineServiceIamPolicyResult( app_id=pulumi.get(__response__, 'app_id'), diff --git a/sdk/python/pulumi_gcp/iap/get_app_engine_version_iam_policy.py b/sdk/python/pulumi_gcp/iap/get_app_engine_version_iam_policy.py index c34c7ccb10..d43736ebdb 100644 --- a/sdk/python/pulumi_gcp/iap/get_app_engine_version_iam_policy.py +++ b/sdk/python/pulumi_gcp/iap/get_app_engine_version_iam_policy.py @@ -157,7 +157,7 @@ def get_app_engine_version_iam_policy_output(app_id: Optional[pulumi.Input[str]] project: Optional[pulumi.Input[Optional[str]]] = None, service: Optional[pulumi.Input[str]] = None, version_id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAppEngineVersionIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAppEngineVersionIamPolicyResult]: """ Retrieves the current IAM policy data for appengineversion @@ -185,7 +185,7 @@ def get_app_engine_version_iam_policy_output(app_id: Optional[pulumi.Input[str]] __args__['project'] = project __args__['service'] = service __args__['versionId'] = version_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:iap/getAppEngineVersionIamPolicy:getAppEngineVersionIamPolicy', __args__, opts=opts, typ=GetAppEngineVersionIamPolicyResult) return __ret__.apply(lambda __response__: GetAppEngineVersionIamPolicyResult( app_id=pulumi.get(__response__, 'app_id'), diff --git a/sdk/python/pulumi_gcp/iap/get_client.py b/sdk/python/pulumi_gcp/iap/get_client.py index 15d4a6bfae..6d222e6387 100644 --- a/sdk/python/pulumi_gcp/iap/get_client.py +++ b/sdk/python/pulumi_gcp/iap/get_client.py @@ -120,7 +120,7 @@ def get_client(brand: Optional[str] = None, secret=pulumi.get(__ret__, 'secret')) def get_client_output(brand: Optional[pulumi.Input[str]] = None, client_id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetClientResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetClientResult]: """ Get info about a Google Cloud IAP Client. @@ -142,7 +142,7 @@ def get_client_output(brand: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['brand'] = brand __args__['clientId'] = client_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:iap/getClient:getClient', __args__, opts=opts, typ=GetClientResult) return __ret__.apply(lambda __response__: GetClientResult( brand=pulumi.get(__response__, 'brand'), diff --git a/sdk/python/pulumi_gcp/iap/get_tunnel_dest_group_iam_policy.py b/sdk/python/pulumi_gcp/iap/get_tunnel_dest_group_iam_policy.py index a48e5339ed..a8d06f07d1 100644 --- a/sdk/python/pulumi_gcp/iap/get_tunnel_dest_group_iam_policy.py +++ b/sdk/python/pulumi_gcp/iap/get_tunnel_dest_group_iam_policy.py @@ -144,7 +144,7 @@ def get_tunnel_dest_group_iam_policy(dest_group: Optional[str] = None, def get_tunnel_dest_group_iam_policy_output(dest_group: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetTunnelDestGroupIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetTunnelDestGroupIamPolicyResult]: """ Retrieves the current IAM policy data for tunneldestgroup @@ -171,7 +171,7 @@ def get_tunnel_dest_group_iam_policy_output(dest_group: Optional[pulumi.Input[st __args__['destGroup'] = dest_group __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:iap/getTunnelDestGroupIamPolicy:getTunnelDestGroupIamPolicy', __args__, opts=opts, typ=GetTunnelDestGroupIamPolicyResult) return __ret__.apply(lambda __response__: GetTunnelDestGroupIamPolicyResult( dest_group=pulumi.get(__response__, 'dest_group'), diff --git a/sdk/python/pulumi_gcp/iap/get_tunnel_iam_policy.py b/sdk/python/pulumi_gcp/iap/get_tunnel_iam_policy.py index ce2d16a807..978bb54d2e 100644 --- a/sdk/python/pulumi_gcp/iap/get_tunnel_iam_policy.py +++ b/sdk/python/pulumi_gcp/iap/get_tunnel_iam_policy.py @@ -112,7 +112,7 @@ def get_tunnel_iam_policy(project: Optional[str] = None, policy_data=pulumi.get(__ret__, 'policy_data'), project=pulumi.get(__ret__, 'project')) def get_tunnel_iam_policy_output(project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetTunnelIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetTunnelIamPolicyResult]: """ Retrieves the current IAM policy data for tunnel @@ -131,7 +131,7 @@ def get_tunnel_iam_policy_output(project: Optional[pulumi.Input[Optional[str]]] """ __args__ = dict() __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:iap/getTunnelIamPolicy:getTunnelIamPolicy', __args__, opts=opts, typ=GetTunnelIamPolicyResult) return __ret__.apply(lambda __response__: GetTunnelIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/iap/get_tunnel_instance_iam_policy.py b/sdk/python/pulumi_gcp/iap/get_tunnel_instance_iam_policy.py index ec9b0654b7..4e5adca6a5 100644 --- a/sdk/python/pulumi_gcp/iap/get_tunnel_instance_iam_policy.py +++ b/sdk/python/pulumi_gcp/iap/get_tunnel_instance_iam_policy.py @@ -141,7 +141,7 @@ def get_tunnel_instance_iam_policy(instance: Optional[str] = None, def get_tunnel_instance_iam_policy_output(instance: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, zone: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetTunnelInstanceIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetTunnelInstanceIamPolicyResult]: """ Retrieves the current IAM policy data for tunnelinstance @@ -165,7 +165,7 @@ def get_tunnel_instance_iam_policy_output(instance: Optional[pulumi.Input[str]] __args__['instance'] = instance __args__['project'] = project __args__['zone'] = zone - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:iap/getTunnelInstanceIamPolicy:getTunnelInstanceIamPolicy', __args__, opts=opts, typ=GetTunnelInstanceIamPolicyResult) return __ret__.apply(lambda __response__: GetTunnelInstanceIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/iap/get_web_backend_service_iam_policy.py b/sdk/python/pulumi_gcp/iap/get_web_backend_service_iam_policy.py index afd4710c9a..5aff1b1d0e 100644 --- a/sdk/python/pulumi_gcp/iap/get_web_backend_service_iam_policy.py +++ b/sdk/python/pulumi_gcp/iap/get_web_backend_service_iam_policy.py @@ -127,7 +127,7 @@ def get_web_backend_service_iam_policy(project: Optional[str] = None, web_backend_service=pulumi.get(__ret__, 'web_backend_service')) def get_web_backend_service_iam_policy_output(project: Optional[pulumi.Input[Optional[str]]] = None, web_backend_service: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetWebBackendServiceIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetWebBackendServiceIamPolicyResult]: """ Retrieves the current IAM policy data for webbackendservice @@ -149,7 +149,7 @@ def get_web_backend_service_iam_policy_output(project: Optional[pulumi.Input[Opt __args__ = dict() __args__['project'] = project __args__['webBackendService'] = web_backend_service - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:iap/getWebBackendServiceIamPolicy:getWebBackendServiceIamPolicy', __args__, opts=opts, typ=GetWebBackendServiceIamPolicyResult) return __ret__.apply(lambda __response__: GetWebBackendServiceIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/iap/get_web_iam_policy.py b/sdk/python/pulumi_gcp/iap/get_web_iam_policy.py index 03a36da884..eb1b6937b4 100644 --- a/sdk/python/pulumi_gcp/iap/get_web_iam_policy.py +++ b/sdk/python/pulumi_gcp/iap/get_web_iam_policy.py @@ -112,7 +112,7 @@ def get_web_iam_policy(project: Optional[str] = None, policy_data=pulumi.get(__ret__, 'policy_data'), project=pulumi.get(__ret__, 'project')) def get_web_iam_policy_output(project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetWebIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetWebIamPolicyResult]: """ Retrieves the current IAM policy data for web @@ -131,7 +131,7 @@ def get_web_iam_policy_output(project: Optional[pulumi.Input[Optional[str]]] = N """ __args__ = dict() __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:iap/getWebIamPolicy:getWebIamPolicy', __args__, opts=opts, typ=GetWebIamPolicyResult) return __ret__.apply(lambda __response__: GetWebIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/iap/get_web_region_backend_service_iam_policy.py b/sdk/python/pulumi_gcp/iap/get_web_region_backend_service_iam_policy.py index 5c5d025620..0d0e2f1dde 100644 --- a/sdk/python/pulumi_gcp/iap/get_web_region_backend_service_iam_policy.py +++ b/sdk/python/pulumi_gcp/iap/get_web_region_backend_service_iam_policy.py @@ -141,7 +141,7 @@ def get_web_region_backend_service_iam_policy(project: Optional[str] = None, def get_web_region_backend_service_iam_policy_output(project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, web_region_backend_service: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetWebRegionBackendServiceIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetWebRegionBackendServiceIamPolicyResult]: """ Retrieves the current IAM policy data for webregionbackendservice @@ -165,7 +165,7 @@ def get_web_region_backend_service_iam_policy_output(project: Optional[pulumi.In __args__['project'] = project __args__['region'] = region __args__['webRegionBackendService'] = web_region_backend_service - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:iap/getWebRegionBackendServiceIamPolicy:getWebRegionBackendServiceIamPolicy', __args__, opts=opts, typ=GetWebRegionBackendServiceIamPolicyResult) return __ret__.apply(lambda __response__: GetWebRegionBackendServiceIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/iap/get_web_type_app_engine_iam_policy.py b/sdk/python/pulumi_gcp/iap/get_web_type_app_engine_iam_policy.py index 77e6d331cc..33c1abaaaa 100644 --- a/sdk/python/pulumi_gcp/iap/get_web_type_app_engine_iam_policy.py +++ b/sdk/python/pulumi_gcp/iap/get_web_type_app_engine_iam_policy.py @@ -127,7 +127,7 @@ def get_web_type_app_engine_iam_policy(app_id: Optional[str] = None, project=pulumi.get(__ret__, 'project')) def get_web_type_app_engine_iam_policy_output(app_id: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetWebTypeAppEngineIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetWebTypeAppEngineIamPolicyResult]: """ Retrieves the current IAM policy data for webtypeappengine @@ -149,7 +149,7 @@ def get_web_type_app_engine_iam_policy_output(app_id: Optional[pulumi.Input[str] __args__ = dict() __args__['appId'] = app_id __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:iap/getWebTypeAppEngineIamPolicy:getWebTypeAppEngineIamPolicy', __args__, opts=opts, typ=GetWebTypeAppEngineIamPolicyResult) return __ret__.apply(lambda __response__: GetWebTypeAppEngineIamPolicyResult( app_id=pulumi.get(__response__, 'app_id'), diff --git a/sdk/python/pulumi_gcp/iap/get_web_type_compute_iam_policy.py b/sdk/python/pulumi_gcp/iap/get_web_type_compute_iam_policy.py index e68e4f90db..87e51154e6 100644 --- a/sdk/python/pulumi_gcp/iap/get_web_type_compute_iam_policy.py +++ b/sdk/python/pulumi_gcp/iap/get_web_type_compute_iam_policy.py @@ -112,7 +112,7 @@ def get_web_type_compute_iam_policy(project: Optional[str] = None, policy_data=pulumi.get(__ret__, 'policy_data'), project=pulumi.get(__ret__, 'project')) def get_web_type_compute_iam_policy_output(project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetWebTypeComputeIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetWebTypeComputeIamPolicyResult]: """ Retrieves the current IAM policy data for webtypecompute @@ -131,7 +131,7 @@ def get_web_type_compute_iam_policy_output(project: Optional[pulumi.Input[Option """ __args__ = dict() __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:iap/getWebTypeComputeIamPolicy:getWebTypeComputeIamPolicy', __args__, opts=opts, typ=GetWebTypeComputeIamPolicyResult) return __ret__.apply(lambda __response__: GetWebTypeComputeIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/kms/get_crypto_key_iam_policy.py b/sdk/python/pulumi_gcp/kms/get_crypto_key_iam_policy.py index 4618b7ef5b..633602fbe8 100644 --- a/sdk/python/pulumi_gcp/kms/get_crypto_key_iam_policy.py +++ b/sdk/python/pulumi_gcp/kms/get_crypto_key_iam_policy.py @@ -110,7 +110,7 @@ def get_crypto_key_iam_policy(crypto_key_id: Optional[str] = None, id=pulumi.get(__ret__, 'id'), policy_data=pulumi.get(__ret__, 'policy_data')) def get_crypto_key_iam_policy_output(crypto_key_id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetCryptoKeyIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetCryptoKeyIamPolicyResult]: """ Retrieves the current IAM policy data for a Google Cloud KMS crypto key. @@ -128,7 +128,7 @@ def get_crypto_key_iam_policy_output(crypto_key_id: Optional[pulumi.Input[str]] """ __args__ = dict() __args__['cryptoKeyId'] = crypto_key_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:kms/getCryptoKeyIamPolicy:getCryptoKeyIamPolicy', __args__, opts=opts, typ=GetCryptoKeyIamPolicyResult) return __ret__.apply(lambda __response__: GetCryptoKeyIamPolicyResult( crypto_key_id=pulumi.get(__response__, 'crypto_key_id'), diff --git a/sdk/python/pulumi_gcp/kms/get_crypto_key_latest_version.py b/sdk/python/pulumi_gcp/kms/get_crypto_key_latest_version.py index e5ab2b7bdb..946bfc3d4e 100644 --- a/sdk/python/pulumi_gcp/kms/get_crypto_key_latest_version.py +++ b/sdk/python/pulumi_gcp/kms/get_crypto_key_latest_version.py @@ -185,7 +185,7 @@ def get_crypto_key_latest_version(crypto_key: Optional[str] = None, version=pulumi.get(__ret__, 'version')) def get_crypto_key_latest_version_output(crypto_key: Optional[pulumi.Input[str]] = None, filter: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetCryptoKeyLatestVersionResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetCryptoKeyLatestVersionResult]: """ Provides access to the latest Google Cloud Platform KMS CryptoKeyVersion in a CryptoKey. For more information see [the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key_version) @@ -219,7 +219,7 @@ def get_crypto_key_latest_version_output(crypto_key: Optional[pulumi.Input[str]] __args__ = dict() __args__['cryptoKey'] = crypto_key __args__['filter'] = filter - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:kms/getCryptoKeyLatestVersion:getCryptoKeyLatestVersion', __args__, opts=opts, typ=GetCryptoKeyLatestVersionResult) return __ret__.apply(lambda __response__: GetCryptoKeyLatestVersionResult( algorithm=pulumi.get(__response__, 'algorithm'), diff --git a/sdk/python/pulumi_gcp/kms/get_crypto_key_versions.py b/sdk/python/pulumi_gcp/kms/get_crypto_key_versions.py index 7619912e9d..d7b442c836 100644 --- a/sdk/python/pulumi_gcp/kms/get_crypto_key_versions.py +++ b/sdk/python/pulumi_gcp/kms/get_crypto_key_versions.py @@ -137,7 +137,7 @@ def get_crypto_key_versions(crypto_key: Optional[str] = None, versions=pulumi.get(__ret__, 'versions')) def get_crypto_key_versions_output(crypto_key: Optional[pulumi.Input[str]] = None, filter: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetCryptoKeyVersionsResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetCryptoKeyVersionsResult]: """ Provides access to Google Cloud Platform KMS CryptoKeyVersions. For more information see [the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key_version) @@ -172,7 +172,7 @@ def get_crypto_key_versions_output(crypto_key: Optional[pulumi.Input[str]] = Non __args__ = dict() __args__['cryptoKey'] = crypto_key __args__['filter'] = filter - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:kms/getCryptoKeyVersions:getCryptoKeyVersions', __args__, opts=opts, typ=GetCryptoKeyVersionsResult) return __ret__.apply(lambda __response__: GetCryptoKeyVersionsResult( crypto_key=pulumi.get(__response__, 'crypto_key'), diff --git a/sdk/python/pulumi_gcp/kms/get_crypto_keys.py b/sdk/python/pulumi_gcp/kms/get_crypto_keys.py index df80ebb7c0..5eb06fe89b 100644 --- a/sdk/python/pulumi_gcp/kms/get_crypto_keys.py +++ b/sdk/python/pulumi_gcp/kms/get_crypto_keys.py @@ -116,7 +116,7 @@ def get_crypto_keys(filter: Optional[str] = None, keys=pulumi.get(__ret__, 'keys')) def get_crypto_keys_output(filter: Optional[pulumi.Input[Optional[str]]] = None, key_ring: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetCryptoKeysResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetCryptoKeysResult]: """ Provides access to all Google Cloud Platform KMS CryptoKeys in a given KeyRing. For more information see [the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key) @@ -140,7 +140,7 @@ def get_crypto_keys_output(filter: Optional[pulumi.Input[Optional[str]]] = None, __args__ = dict() __args__['filter'] = filter __args__['keyRing'] = key_ring - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:kms/getCryptoKeys:getCryptoKeys', __args__, opts=opts, typ=GetCryptoKeysResult) return __ret__.apply(lambda __response__: GetCryptoKeysResult( filter=pulumi.get(__response__, 'filter'), diff --git a/sdk/python/pulumi_gcp/kms/get_ekm_connection_iam_policy.py b/sdk/python/pulumi_gcp/kms/get_ekm_connection_iam_policy.py index 5468b98dfb..dcffb870e7 100644 --- a/sdk/python/pulumi_gcp/kms/get_ekm_connection_iam_policy.py +++ b/sdk/python/pulumi_gcp/kms/get_ekm_connection_iam_policy.py @@ -146,7 +146,7 @@ def get_ekm_connection_iam_policy(location: Optional[str] = None, def get_ekm_connection_iam_policy_output(location: Optional[pulumi.Input[Optional[str]]] = None, name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetEkmConnectionIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetEkmConnectionIamPolicyResult]: """ Retrieves the current IAM policy data for ekmconnection @@ -175,7 +175,7 @@ def get_ekm_connection_iam_policy_output(location: Optional[pulumi.Input[Optiona __args__['location'] = location __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:kms/getEkmConnectionIamPolicy:getEkmConnectionIamPolicy', __args__, opts=opts, typ=GetEkmConnectionIamPolicyResult) return __ret__.apply(lambda __response__: GetEkmConnectionIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/kms/get_key_ring_iam_policy.py b/sdk/python/pulumi_gcp/kms/get_key_ring_iam_policy.py index cf20eb98d8..06b134ce90 100644 --- a/sdk/python/pulumi_gcp/kms/get_key_ring_iam_policy.py +++ b/sdk/python/pulumi_gcp/kms/get_key_ring_iam_policy.py @@ -113,7 +113,7 @@ def get_key_ring_iam_policy(key_ring_id: Optional[str] = None, key_ring_id=pulumi.get(__ret__, 'key_ring_id'), policy_data=pulumi.get(__ret__, 'policy_data')) def get_key_ring_iam_policy_output(key_ring_id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetKeyRingIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetKeyRingIamPolicyResult]: """ Retrieves the current IAM policy data for a Google Cloud KMS key ring. @@ -134,7 +134,7 @@ def get_key_ring_iam_policy_output(key_ring_id: Optional[pulumi.Input[str]] = No """ __args__ = dict() __args__['keyRingId'] = key_ring_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:kms/getKeyRingIamPolicy:getKeyRingIamPolicy', __args__, opts=opts, typ=GetKeyRingIamPolicyResult) return __ret__.apply(lambda __response__: GetKeyRingIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/kms/get_key_rings.py b/sdk/python/pulumi_gcp/kms/get_key_rings.py index 61faa65a85..cf7e1e6040 100644 --- a/sdk/python/pulumi_gcp/kms/get_key_rings.py +++ b/sdk/python/pulumi_gcp/kms/get_key_rings.py @@ -109,7 +109,7 @@ def get_key_rings(filter: Optional[str] = None, def get_key_rings_output(filter: Optional[pulumi.Input[Optional[str]]] = None, location: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetKeyRingsResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetKeyRingsResult]: """ Use this data source to access information about an existing resource. """ @@ -117,7 +117,7 @@ def get_key_rings_output(filter: Optional[pulumi.Input[Optional[str]]] = None, __args__['filter'] = filter __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:kms/getKeyRings:getKeyRings', __args__, opts=opts, typ=GetKeyRingsResult) return __ret__.apply(lambda __response__: GetKeyRingsResult( filter=pulumi.get(__response__, 'filter'), diff --git a/sdk/python/pulumi_gcp/kms/get_kms_crypto_key.py b/sdk/python/pulumi_gcp/kms/get_kms_crypto_key.py index b3e0152f23..1a6b955e12 100644 --- a/sdk/python/pulumi_gcp/kms/get_kms_crypto_key.py +++ b/sdk/python/pulumi_gcp/kms/get_kms_crypto_key.py @@ -237,7 +237,7 @@ def get_kms_crypto_key(key_ring: Optional[str] = None, version_templates=pulumi.get(__ret__, 'version_templates')) def get_kms_crypto_key_output(key_ring: Optional[pulumi.Input[str]] = None, name: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetKMSCryptoKeyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetKMSCryptoKeyResult]: """ Provides access to a Google Cloud Platform KMS CryptoKey. For more information see [the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key) @@ -267,7 +267,7 @@ def get_kms_crypto_key_output(key_ring: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['keyRing'] = key_ring __args__['name'] = name - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:kms/getKMSCryptoKey:getKMSCryptoKey', __args__, opts=opts, typ=GetKMSCryptoKeyResult) return __ret__.apply(lambda __response__: GetKMSCryptoKeyResult( crypto_key_backend=pulumi.get(__response__, 'crypto_key_backend'), diff --git a/sdk/python/pulumi_gcp/kms/get_kms_crypto_key_version.py b/sdk/python/pulumi_gcp/kms/get_kms_crypto_key_version.py index accd5fa663..d47e313a0b 100644 --- a/sdk/python/pulumi_gcp/kms/get_kms_crypto_key_version.py +++ b/sdk/python/pulumi_gcp/kms/get_kms_crypto_key_version.py @@ -174,7 +174,7 @@ def get_kms_crypto_key_version(crypto_key: Optional[str] = None, version=pulumi.get(__ret__, 'version')) def get_kms_crypto_key_version_output(crypto_key: Optional[pulumi.Input[str]] = None, version: Optional[pulumi.Input[Optional[int]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetKMSCryptoKeyVersionResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetKMSCryptoKeyVersionResult]: """ Provides access to a Google Cloud Platform KMS CryptoKeyVersion. For more information see [the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key_version) @@ -204,7 +204,7 @@ def get_kms_crypto_key_version_output(crypto_key: Optional[pulumi.Input[str]] = __args__ = dict() __args__['cryptoKey'] = crypto_key __args__['version'] = version - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:kms/getKMSCryptoKeyVersion:getKMSCryptoKeyVersion', __args__, opts=opts, typ=GetKMSCryptoKeyVersionResult) return __ret__.apply(lambda __response__: GetKMSCryptoKeyVersionResult( algorithm=pulumi.get(__response__, 'algorithm'), diff --git a/sdk/python/pulumi_gcp/kms/get_kms_key_ring.py b/sdk/python/pulumi_gcp/kms/get_kms_key_ring.py index a67edc7ed1..3dd0520704 100644 --- a/sdk/python/pulumi_gcp/kms/get_kms_key_ring.py +++ b/sdk/python/pulumi_gcp/kms/get_kms_key_ring.py @@ -124,7 +124,7 @@ def get_kms_key_ring(location: Optional[str] = None, def get_kms_key_ring_output(location: Optional[pulumi.Input[str]] = None, name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetKMSKeyRingResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetKMSKeyRingResult]: """ Provides access to Google Cloud Platform KMS KeyRing. For more information see [the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key_ring) @@ -158,7 +158,7 @@ def get_kms_key_ring_output(location: Optional[pulumi.Input[str]] = None, __args__['location'] = location __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:kms/getKMSKeyRing:getKMSKeyRing', __args__, opts=opts, typ=GetKMSKeyRingResult) return __ret__.apply(lambda __response__: GetKMSKeyRingResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/kms/get_kms_secret.py b/sdk/python/pulumi_gcp/kms/get_kms_secret.py index fb8ef301ca..42fa77c986 100644 --- a/sdk/python/pulumi_gcp/kms/get_kms_secret.py +++ b/sdk/python/pulumi_gcp/kms/get_kms_secret.py @@ -172,7 +172,7 @@ def get_kms_secret(additional_authenticated_data: Optional[str] = None, def get_kms_secret_output(additional_authenticated_data: Optional[pulumi.Input[Optional[str]]] = None, ciphertext: Optional[pulumi.Input[str]] = None, crypto_key: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetKMSSecretResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetKMSSecretResult]: """ This data source allows you to use data encrypted with Google Cloud KMS within your resource definitions. @@ -241,7 +241,7 @@ def get_kms_secret_output(additional_authenticated_data: Optional[pulumi.Input[O __args__['additionalAuthenticatedData'] = additional_authenticated_data __args__['ciphertext'] = ciphertext __args__['cryptoKey'] = crypto_key - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:kms/getKMSSecret:getKMSSecret', __args__, opts=opts, typ=GetKMSSecretResult) return __ret__.apply(lambda __response__: GetKMSSecretResult( additional_authenticated_data=pulumi.get(__response__, 'additional_authenticated_data'), diff --git a/sdk/python/pulumi_gcp/kms/get_kms_secret_asymmetric.py b/sdk/python/pulumi_gcp/kms/get_kms_secret_asymmetric.py index 802b4b34f6..b67a40de0a 100644 --- a/sdk/python/pulumi_gcp/kms/get_kms_secret_asymmetric.py +++ b/sdk/python/pulumi_gcp/kms/get_kms_secret_asymmetric.py @@ -181,7 +181,7 @@ def get_kms_secret_asymmetric(ciphertext: Optional[str] = None, def get_kms_secret_asymmetric_output(ciphertext: Optional[pulumi.Input[str]] = None, crc32: Optional[pulumi.Input[Optional[str]]] = None, crypto_key_version: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetKMSSecretAsymmetricResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetKMSSecretAsymmetricResult]: """ ## Example Usage @@ -256,7 +256,7 @@ def get_kms_secret_asymmetric_output(ciphertext: Optional[pulumi.Input[str]] = N __args__['ciphertext'] = ciphertext __args__['crc32'] = crc32 __args__['cryptoKeyVersion'] = crypto_key_version - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:kms/getKMSSecretAsymmetric:getKMSSecretAsymmetric', __args__, opts=opts, typ=GetKMSSecretAsymmetricResult) return __ret__.apply(lambda __response__: GetKMSSecretAsymmetricResult( ciphertext=pulumi.get(__response__, 'ciphertext'), diff --git a/sdk/python/pulumi_gcp/kms/get_kms_secret_ciphertext.py b/sdk/python/pulumi_gcp/kms/get_kms_secret_ciphertext.py index fa438b7752..48d16af89f 100644 --- a/sdk/python/pulumi_gcp/kms/get_kms_secret_ciphertext.py +++ b/sdk/python/pulumi_gcp/kms/get_kms_secret_ciphertext.py @@ -161,7 +161,7 @@ def get_kms_secret_ciphertext(crypto_key: Optional[str] = None, plaintext=pulumi.get(__ret__, 'plaintext')) def get_kms_secret_ciphertext_output(crypto_key: Optional[pulumi.Input[str]] = None, plaintext: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetKMSSecretCiphertextResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetKMSSecretCiphertextResult]: """ !> **Warning:** This data source is deprecated. Use the `kms.SecretCiphertext` **resource** instead. @@ -231,7 +231,7 @@ def get_kms_secret_ciphertext_output(crypto_key: Optional[pulumi.Input[str]] = N __args__ = dict() __args__['cryptoKey'] = crypto_key __args__['plaintext'] = plaintext - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:kms/getKMSSecretCiphertext:getKMSSecretCiphertext', __args__, opts=opts, typ=GetKMSSecretCiphertextResult) return __ret__.apply(lambda __response__: GetKMSSecretCiphertextResult( ciphertext=pulumi.get(__response__, 'ciphertext'), diff --git a/sdk/python/pulumi_gcp/logging/get_folder_settings.py b/sdk/python/pulumi_gcp/logging/get_folder_settings.py index 549a5dcb31..4d86f2c794 100644 --- a/sdk/python/pulumi_gcp/logging/get_folder_settings.py +++ b/sdk/python/pulumi_gcp/logging/get_folder_settings.py @@ -175,7 +175,7 @@ def get_folder_settings(folder: Optional[str] = None, name=pulumi.get(__ret__, 'name'), storage_location=pulumi.get(__ret__, 'storage_location')) def get_folder_settings_output(folder: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetFolderSettingsResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetFolderSettingsResult]: """ Describes the settings associated with a folder. @@ -200,7 +200,7 @@ def get_folder_settings_output(folder: Optional[pulumi.Input[str]] = None, """ __args__ = dict() __args__['folder'] = folder - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:logging/getFolderSettings:getFolderSettings', __args__, opts=opts, typ=GetFolderSettingsResult) return __ret__.apply(lambda __response__: GetFolderSettingsResult( disable_default_sink=pulumi.get(__response__, 'disable_default_sink'), diff --git a/sdk/python/pulumi_gcp/logging/get_log_view_iam_policy.py b/sdk/python/pulumi_gcp/logging/get_log_view_iam_policy.py index ce0215fc7d..fe6063adeb 100644 --- a/sdk/python/pulumi_gcp/logging/get_log_view_iam_policy.py +++ b/sdk/python/pulumi_gcp/logging/get_log_view_iam_policy.py @@ -158,7 +158,7 @@ def get_log_view_iam_policy_output(bucket: Optional[pulumi.Input[str]] = None, location: Optional[pulumi.Input[Optional[str]]] = None, name: Optional[pulumi.Input[str]] = None, parent: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetLogViewIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetLogViewIamPolicyResult]: """ Retrieves the current IAM policy data for logview @@ -187,7 +187,7 @@ def get_log_view_iam_policy_output(bucket: Optional[pulumi.Input[str]] = None, __args__['location'] = location __args__['name'] = name __args__['parent'] = parent - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:logging/getLogViewIamPolicy:getLogViewIamPolicy', __args__, opts=opts, typ=GetLogViewIamPolicyResult) return __ret__.apply(lambda __response__: GetLogViewIamPolicyResult( bucket=pulumi.get(__response__, 'bucket'), diff --git a/sdk/python/pulumi_gcp/logging/get_organization_settings.py b/sdk/python/pulumi_gcp/logging/get_organization_settings.py index eff16ec5f5..48a502ce75 100644 --- a/sdk/python/pulumi_gcp/logging/get_organization_settings.py +++ b/sdk/python/pulumi_gcp/logging/get_organization_settings.py @@ -175,7 +175,7 @@ def get_organization_settings(organization: Optional[str] = None, organization=pulumi.get(__ret__, 'organization'), storage_location=pulumi.get(__ret__, 'storage_location')) def get_organization_settings_output(organization: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetOrganizationSettingsResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetOrganizationSettingsResult]: """ Describes the settings associated with a organization. @@ -200,7 +200,7 @@ def get_organization_settings_output(organization: Optional[pulumi.Input[str]] = """ __args__ = dict() __args__['organization'] = organization - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:logging/getOrganizationSettings:getOrganizationSettings', __args__, opts=opts, typ=GetOrganizationSettingsResult) return __ret__.apply(lambda __response__: GetOrganizationSettingsResult( disable_default_sink=pulumi.get(__response__, 'disable_default_sink'), diff --git a/sdk/python/pulumi_gcp/logging/get_project_cmek_settings.py b/sdk/python/pulumi_gcp/logging/get_project_cmek_settings.py index 8b5989e9d7..19b35da453 100644 --- a/sdk/python/pulumi_gcp/logging/get_project_cmek_settings.py +++ b/sdk/python/pulumi_gcp/logging/get_project_cmek_settings.py @@ -164,7 +164,7 @@ def get_project_cmek_settings(kms_key_name: Optional[str] = None, service_account_id=pulumi.get(__ret__, 'service_account_id')) def get_project_cmek_settings_output(kms_key_name: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetProjectCmekSettingsResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetProjectCmekSettingsResult]: """ Describes the customer-managed encryption key (CMEK) settings associated with a project. @@ -196,7 +196,7 @@ def get_project_cmek_settings_output(kms_key_name: Optional[pulumi.Input[Optiona __args__ = dict() __args__['kmsKeyName'] = kms_key_name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:logging/getProjectCmekSettings:getProjectCmekSettings', __args__, opts=opts, typ=GetProjectCmekSettingsResult) return __ret__.apply(lambda __response__: GetProjectCmekSettingsResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/logging/get_project_settings.py b/sdk/python/pulumi_gcp/logging/get_project_settings.py index 93b1cdf192..c1888a9d1a 100644 --- a/sdk/python/pulumi_gcp/logging/get_project_settings.py +++ b/sdk/python/pulumi_gcp/logging/get_project_settings.py @@ -175,7 +175,7 @@ def get_project_settings(project: Optional[str] = None, project=pulumi.get(__ret__, 'project'), storage_location=pulumi.get(__ret__, 'storage_location')) def get_project_settings_output(project: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetProjectSettingsResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetProjectSettingsResult]: """ Describes the settings associated with a project. @@ -200,7 +200,7 @@ def get_project_settings_output(project: Optional[pulumi.Input[str]] = None, """ __args__ = dict() __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:logging/getProjectSettings:getProjectSettings', __args__, opts=opts, typ=GetProjectSettingsResult) return __ret__.apply(lambda __response__: GetProjectSettingsResult( disable_default_sink=pulumi.get(__response__, 'disable_default_sink'), diff --git a/sdk/python/pulumi_gcp/logging/get_sink.py b/sdk/python/pulumi_gcp/logging/get_sink.py index 543f0c7f71..48b28058c2 100644 --- a/sdk/python/pulumi_gcp/logging/get_sink.py +++ b/sdk/python/pulumi_gcp/logging/get_sink.py @@ -187,7 +187,7 @@ def get_sink(id: Optional[str] = None, name=pulumi.get(__ret__, 'name'), writer_identity=pulumi.get(__ret__, 'writer_identity')) def get_sink_output(id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetSinkResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetSinkResult]: """ Use this data source to get a project, folder, organization or billing account logging sink details. To get more information about Service, see: @@ -216,7 +216,7 @@ def get_sink_output(id: Optional[pulumi.Input[str]] = None, """ __args__ = dict() __args__['id'] = id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:logging/getSink:getSink', __args__, opts=opts, typ=GetSinkResult) return __ret__.apply(lambda __response__: GetSinkResult( bigquery_options=pulumi.get(__response__, 'bigquery_options'), diff --git a/sdk/python/pulumi_gcp/monitoring/get_app_engine_service.py b/sdk/python/pulumi_gcp/monitoring/get_app_engine_service.py index 3e35b337fc..58ddf40089 100644 --- a/sdk/python/pulumi_gcp/monitoring/get_app_engine_service.py +++ b/sdk/python/pulumi_gcp/monitoring/get_app_engine_service.py @@ -207,7 +207,7 @@ def get_app_engine_service(module_id: Optional[str] = None, user_labels=pulumi.get(__ret__, 'user_labels')) def get_app_engine_service_output(module_id: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAppEngineServiceResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAppEngineServiceResult]: """ A Monitoring Service is the root resource under which operational aspects of a generic service are accessible. A service is some discrete, autonomous, and @@ -275,7 +275,7 @@ def get_app_engine_service_output(module_id: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['moduleId'] = module_id __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:monitoring/getAppEngineService:getAppEngineService', __args__, opts=opts, typ=GetAppEngineServiceResult) return __ret__.apply(lambda __response__: GetAppEngineServiceResult( display_name=pulumi.get(__response__, 'display_name'), diff --git a/sdk/python/pulumi_gcp/monitoring/get_cluster_istio_service.py b/sdk/python/pulumi_gcp/monitoring/get_cluster_istio_service.py index 56f1f2159b..4fa3d3ba83 100644 --- a/sdk/python/pulumi_gcp/monitoring/get_cluster_istio_service.py +++ b/sdk/python/pulumi_gcp/monitoring/get_cluster_istio_service.py @@ -228,7 +228,7 @@ def get_cluster_istio_service_output(cluster_name: Optional[pulumi.Input[str]] = project: Optional[pulumi.Input[Optional[str]]] = None, service_name: Optional[pulumi.Input[str]] = None, service_namespace: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetClusterIstioServiceResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetClusterIstioServiceResult]: """ A Monitoring Service is the root resource under which operational aspects of a generic service are accessible. A service is some discrete, autonomous, and @@ -281,7 +281,7 @@ def get_cluster_istio_service_output(cluster_name: Optional[pulumi.Input[str]] = __args__['project'] = project __args__['serviceName'] = service_name __args__['serviceNamespace'] = service_namespace - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:monitoring/getClusterIstioService:getClusterIstioService', __args__, opts=opts, typ=GetClusterIstioServiceResult) return __ret__.apply(lambda __response__: GetClusterIstioServiceResult( cluster_name=pulumi.get(__response__, 'cluster_name'), diff --git a/sdk/python/pulumi_gcp/monitoring/get_istio_canonical_service.py b/sdk/python/pulumi_gcp/monitoring/get_istio_canonical_service.py index 9acaf4d539..0c177ce79f 100644 --- a/sdk/python/pulumi_gcp/monitoring/get_istio_canonical_service.py +++ b/sdk/python/pulumi_gcp/monitoring/get_istio_canonical_service.py @@ -212,7 +212,7 @@ def get_istio_canonical_service_output(canonical_service: Optional[pulumi.Input[ canonical_service_namespace: Optional[pulumi.Input[str]] = None, mesh_uid: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetIstioCanonicalServiceResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetIstioCanonicalServiceResult]: """ A Monitoring Service is the root resource under which operational aspects of a generic service are accessible. A service is some discrete, autonomous, and @@ -261,7 +261,7 @@ def get_istio_canonical_service_output(canonical_service: Optional[pulumi.Input[ __args__['canonicalServiceNamespace'] = canonical_service_namespace __args__['meshUid'] = mesh_uid __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:monitoring/getIstioCanonicalService:getIstioCanonicalService', __args__, opts=opts, typ=GetIstioCanonicalServiceResult) return __ret__.apply(lambda __response__: GetIstioCanonicalServiceResult( canonical_service=pulumi.get(__response__, 'canonical_service'), diff --git a/sdk/python/pulumi_gcp/monitoring/get_mesh_istio_service.py b/sdk/python/pulumi_gcp/monitoring/get_mesh_istio_service.py index 98d08beb15..e0221e8956 100644 --- a/sdk/python/pulumi_gcp/monitoring/get_mesh_istio_service.py +++ b/sdk/python/pulumi_gcp/monitoring/get_mesh_istio_service.py @@ -212,7 +212,7 @@ def get_mesh_istio_service_output(mesh_uid: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, service_name: Optional[pulumi.Input[str]] = None, service_namespace: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetMeshIstioServiceResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetMeshIstioServiceResult]: """ A Monitoring Service is the root resource under which operational aspects of a generic service are accessible. A service is some discrete, autonomous, and @@ -261,7 +261,7 @@ def get_mesh_istio_service_output(mesh_uid: Optional[pulumi.Input[str]] = None, __args__['project'] = project __args__['serviceName'] = service_name __args__['serviceNamespace'] = service_namespace - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:monitoring/getMeshIstioService:getMeshIstioService', __args__, opts=opts, typ=GetMeshIstioServiceResult) return __ret__.apply(lambda __response__: GetMeshIstioServiceResult( display_name=pulumi.get(__response__, 'display_name'), diff --git a/sdk/python/pulumi_gcp/monitoring/get_notification_channel.py b/sdk/python/pulumi_gcp/monitoring/get_notification_channel.py index 2b7b9273e4..1272eceb11 100644 --- a/sdk/python/pulumi_gcp/monitoring/get_notification_channel.py +++ b/sdk/python/pulumi_gcp/monitoring/get_notification_channel.py @@ -254,7 +254,7 @@ def get_notification_channel_output(display_name: Optional[pulumi.Input[Optional project: Optional[pulumi.Input[Optional[str]]] = None, type: Optional[pulumi.Input[Optional[str]]] = None, user_labels: Optional[pulumi.Input[Optional[Mapping[str, str]]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetNotificationChannelResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetNotificationChannelResult]: """ A NotificationChannel is a medium through which an alert is delivered when a policy violation is detected. Examples of channels include email, SMS, @@ -314,7 +314,7 @@ def get_notification_channel_output(display_name: Optional[pulumi.Input[Optional __args__['project'] = project __args__['type'] = type __args__['userLabels'] = user_labels - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:monitoring/getNotificationChannel:getNotificationChannel', __args__, opts=opts, typ=GetNotificationChannelResult) return __ret__.apply(lambda __response__: GetNotificationChannelResult( description=pulumi.get(__response__, 'description'), diff --git a/sdk/python/pulumi_gcp/monitoring/get_secret_version.py b/sdk/python/pulumi_gcp/monitoring/get_secret_version.py index fb79d77b0a..07244df8d3 100644 --- a/sdk/python/pulumi_gcp/monitoring/get_secret_version.py +++ b/sdk/python/pulumi_gcp/monitoring/get_secret_version.py @@ -198,7 +198,7 @@ def get_secret_version_output(is_secret_data_base64: Optional[pulumi.Input[Optio project: Optional[pulumi.Input[Optional[str]]] = None, secret: Optional[pulumi.Input[str]] = None, version: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetSecretVersionResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetSecretVersionResult]: """ Get the value and metadata from a Secret Manager secret version. For more information see the [official documentation](https://cloud.google.com/secret-manager/docs/) and [API](https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.secrets.versions). If you don't need the metadata (i.e., if you want to use a more limited role to access the secret version only), see also the secretmanager_get_secret_version_access datasource. @@ -226,7 +226,7 @@ def get_secret_version_output(is_secret_data_base64: Optional[pulumi.Input[Optio __args__['project'] = project __args__['secret'] = secret __args__['version'] = version - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:monitoring/getSecretVersion:getSecretVersion', __args__, opts=opts, typ=GetSecretVersionResult) return __ret__.apply(lambda __response__: GetSecretVersionResult( create_time=pulumi.get(__response__, 'create_time'), diff --git a/sdk/python/pulumi_gcp/monitoring/get_uptime_check_i_ps.py b/sdk/python/pulumi_gcp/monitoring/get_uptime_check_i_ps.py index aec8727546..bbb953b98d 100644 --- a/sdk/python/pulumi_gcp/monitoring/get_uptime_check_i_ps.py +++ b/sdk/python/pulumi_gcp/monitoring/get_uptime_check_i_ps.py @@ -84,7 +84,7 @@ def get_uptime_check_i_ps(opts: Optional[pulumi.InvokeOptions] = None) -> Awaita return AwaitableGetUptimeCheckIPsResult( id=pulumi.get(__ret__, 'id'), uptime_check_ips=pulumi.get(__ret__, 'uptime_check_ips')) -def get_uptime_check_i_ps_output(opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetUptimeCheckIPsResult]: +def get_uptime_check_i_ps_output(opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetUptimeCheckIPsResult]: """ Returns the list of IP addresses that checkers run from. For more information see the [official documentation](https://cloud.google.com/monitoring/uptime-checks#get-ips). @@ -100,7 +100,7 @@ def get_uptime_check_i_ps_output(opts: Optional[pulumi.InvokeOptions] = None) -> ``` """ __args__ = dict() - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:monitoring/getUptimeCheckIPs:getUptimeCheckIPs', __args__, opts=opts, typ=GetUptimeCheckIPsResult) return __ret__.apply(lambda __response__: GetUptimeCheckIPsResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/networksecurity/get_address_group_iam_policy.py b/sdk/python/pulumi_gcp/networksecurity/get_address_group_iam_policy.py index 274aea2527..f87df23393 100644 --- a/sdk/python/pulumi_gcp/networksecurity/get_address_group_iam_policy.py +++ b/sdk/python/pulumi_gcp/networksecurity/get_address_group_iam_policy.py @@ -134,7 +134,7 @@ def get_address_group_iam_policy(location: Optional[str] = None, def get_address_group_iam_policy_output(location: Optional[pulumi.Input[Optional[str]]] = None, name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAddressGroupIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAddressGroupIamPolicyResult]: """ Retrieves the current IAM policy data for projectaddressgroup @@ -151,7 +151,7 @@ def get_address_group_iam_policy_output(location: Optional[pulumi.Input[Optional __args__['location'] = location __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:networksecurity/getAddressGroupIamPolicy:getAddressGroupIamPolicy', __args__, opts=opts, typ=GetAddressGroupIamPolicyResult) return __ret__.apply(lambda __response__: GetAddressGroupIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/notebooks/get_instance_iam_policy.py b/sdk/python/pulumi_gcp/notebooks/get_instance_iam_policy.py index 44729046ae..75a85f983d 100644 --- a/sdk/python/pulumi_gcp/notebooks/get_instance_iam_policy.py +++ b/sdk/python/pulumi_gcp/notebooks/get_instance_iam_policy.py @@ -144,7 +144,7 @@ def get_instance_iam_policy(instance_name: Optional[str] = None, def get_instance_iam_policy_output(instance_name: Optional[pulumi.Input[str]] = None, location: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetInstanceIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetInstanceIamPolicyResult]: """ Retrieves the current IAM policy data for instance @@ -171,7 +171,7 @@ def get_instance_iam_policy_output(instance_name: Optional[pulumi.Input[str]] = __args__['instanceName'] = instance_name __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:notebooks/getInstanceIamPolicy:getInstanceIamPolicy', __args__, opts=opts, typ=GetInstanceIamPolicyResult) return __ret__.apply(lambda __response__: GetInstanceIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/notebooks/get_runtime_iam_policy.py b/sdk/python/pulumi_gcp/notebooks/get_runtime_iam_policy.py index 9e27a7dfa3..bc66070408 100644 --- a/sdk/python/pulumi_gcp/notebooks/get_runtime_iam_policy.py +++ b/sdk/python/pulumi_gcp/notebooks/get_runtime_iam_policy.py @@ -144,7 +144,7 @@ def get_runtime_iam_policy(location: Optional[str] = None, def get_runtime_iam_policy_output(location: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, runtime_name: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRuntimeIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetRuntimeIamPolicyResult]: """ Retrieves the current IAM policy data for runtime @@ -171,7 +171,7 @@ def get_runtime_iam_policy_output(location: Optional[pulumi.Input[Optional[str]] __args__['location'] = location __args__['project'] = project __args__['runtimeName'] = runtime_name - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:notebooks/getRuntimeIamPolicy:getRuntimeIamPolicy', __args__, opts=opts, typ=GetRuntimeIamPolicyResult) return __ret__.apply(lambda __response__: GetRuntimeIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/oracledatabase/get_autonomous_database.py b/sdk/python/pulumi_gcp/oracledatabase/get_autonomous_database.py index e3c0a27497..a700b7461a 100644 --- a/sdk/python/pulumi_gcp/oracledatabase/get_autonomous_database.py +++ b/sdk/python/pulumi_gcp/oracledatabase/get_autonomous_database.py @@ -240,7 +240,7 @@ def get_autonomous_database(autonomous_database_id: Optional[str] = None, def get_autonomous_database_output(autonomous_database_id: Optional[pulumi.Input[str]] = None, location: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAutonomousDatabaseResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAutonomousDatabaseResult]: """ Get information about an AutonomousDatabase. @@ -269,7 +269,7 @@ def get_autonomous_database_output(autonomous_database_id: Optional[pulumi.Input __args__['autonomousDatabaseId'] = autonomous_database_id __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:oracledatabase/getAutonomousDatabase:getAutonomousDatabase', __args__, opts=opts, typ=GetAutonomousDatabaseResult) return __ret__.apply(lambda __response__: GetAutonomousDatabaseResult( admin_password=pulumi.get(__response__, 'admin_password'), diff --git a/sdk/python/pulumi_gcp/oracledatabase/get_autonomous_databases.py b/sdk/python/pulumi_gcp/oracledatabase/get_autonomous_databases.py index cd14bd671c..e1af14dc21 100644 --- a/sdk/python/pulumi_gcp/oracledatabase/get_autonomous_databases.py +++ b/sdk/python/pulumi_gcp/oracledatabase/get_autonomous_databases.py @@ -115,7 +115,7 @@ def get_autonomous_databases(location: Optional[str] = None, project=pulumi.get(__ret__, 'project')) def get_autonomous_databases_output(location: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAutonomousDatabasesResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAutonomousDatabasesResult]: """ List all AutonomousDatabases. @@ -141,7 +141,7 @@ def get_autonomous_databases_output(location: Optional[pulumi.Input[str]] = None __args__ = dict() __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:oracledatabase/getAutonomousDatabases:getAutonomousDatabases', __args__, opts=opts, typ=GetAutonomousDatabasesResult) return __ret__.apply(lambda __response__: GetAutonomousDatabasesResult( autonomous_databases=pulumi.get(__response__, 'autonomous_databases'), diff --git a/sdk/python/pulumi_gcp/oracledatabase/get_cloud_exadata_infrastructure.py b/sdk/python/pulumi_gcp/oracledatabase/get_cloud_exadata_infrastructure.py index c9f1dfba18..57fc3f5588 100644 --- a/sdk/python/pulumi_gcp/oracledatabase/get_cloud_exadata_infrastructure.py +++ b/sdk/python/pulumi_gcp/oracledatabase/get_cloud_exadata_infrastructure.py @@ -210,7 +210,7 @@ def get_cloud_exadata_infrastructure(cloud_exadata_infrastructure_id: Optional[s def get_cloud_exadata_infrastructure_output(cloud_exadata_infrastructure_id: Optional[pulumi.Input[str]] = None, location: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetCloudExadataInfrastructureResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetCloudExadataInfrastructureResult]: """ Get information about an ExadataInfrastructure. @@ -239,7 +239,7 @@ def get_cloud_exadata_infrastructure_output(cloud_exadata_infrastructure_id: Opt __args__['cloudExadataInfrastructureId'] = cloud_exadata_infrastructure_id __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:oracledatabase/getCloudExadataInfrastructure:getCloudExadataInfrastructure', __args__, opts=opts, typ=GetCloudExadataInfrastructureResult) return __ret__.apply(lambda __response__: GetCloudExadataInfrastructureResult( cloud_exadata_infrastructure_id=pulumi.get(__response__, 'cloud_exadata_infrastructure_id'), diff --git a/sdk/python/pulumi_gcp/oracledatabase/get_cloud_exadata_infrastructures.py b/sdk/python/pulumi_gcp/oracledatabase/get_cloud_exadata_infrastructures.py index f5f5bdf8ea..823b6dfca1 100644 --- a/sdk/python/pulumi_gcp/oracledatabase/get_cloud_exadata_infrastructures.py +++ b/sdk/python/pulumi_gcp/oracledatabase/get_cloud_exadata_infrastructures.py @@ -115,7 +115,7 @@ def get_cloud_exadata_infrastructures(location: Optional[str] = None, project=pulumi.get(__ret__, 'project')) def get_cloud_exadata_infrastructures_output(location: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetCloudExadataInfrastructuresResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetCloudExadataInfrastructuresResult]: """ List all ExadataInfrastructures. @@ -141,7 +141,7 @@ def get_cloud_exadata_infrastructures_output(location: Optional[pulumi.Input[str __args__ = dict() __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:oracledatabase/getCloudExadataInfrastructures:getCloudExadataInfrastructures', __args__, opts=opts, typ=GetCloudExadataInfrastructuresResult) return __ret__.apply(lambda __response__: GetCloudExadataInfrastructuresResult( cloud_exadata_infrastructures=pulumi.get(__response__, 'cloud_exadata_infrastructures'), diff --git a/sdk/python/pulumi_gcp/oracledatabase/get_cloud_vm_cluster.py b/sdk/python/pulumi_gcp/oracledatabase/get_cloud_vm_cluster.py index 179cdb38e3..1b5ca1d16a 100644 --- a/sdk/python/pulumi_gcp/oracledatabase/get_cloud_vm_cluster.py +++ b/sdk/python/pulumi_gcp/oracledatabase/get_cloud_vm_cluster.py @@ -240,7 +240,7 @@ def get_cloud_vm_cluster(cloud_vm_cluster_id: Optional[str] = None, def get_cloud_vm_cluster_output(cloud_vm_cluster_id: Optional[pulumi.Input[str]] = None, location: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetCloudVmClusterResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetCloudVmClusterResult]: """ Get information about a CloudVmCluster. @@ -269,7 +269,7 @@ def get_cloud_vm_cluster_output(cloud_vm_cluster_id: Optional[pulumi.Input[str]] __args__['cloudVmClusterId'] = cloud_vm_cluster_id __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:oracledatabase/getCloudVmCluster:getCloudVmCluster', __args__, opts=opts, typ=GetCloudVmClusterResult) return __ret__.apply(lambda __response__: GetCloudVmClusterResult( backup_subnet_cidr=pulumi.get(__response__, 'backup_subnet_cidr'), diff --git a/sdk/python/pulumi_gcp/oracledatabase/get_cloud_vm_clusters.py b/sdk/python/pulumi_gcp/oracledatabase/get_cloud_vm_clusters.py index a66716ada4..e344485738 100644 --- a/sdk/python/pulumi_gcp/oracledatabase/get_cloud_vm_clusters.py +++ b/sdk/python/pulumi_gcp/oracledatabase/get_cloud_vm_clusters.py @@ -115,7 +115,7 @@ def get_cloud_vm_clusters(location: Optional[str] = None, project=pulumi.get(__ret__, 'project')) def get_cloud_vm_clusters_output(location: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetCloudVmClustersResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetCloudVmClustersResult]: """ List all CloudVmClusters. @@ -141,7 +141,7 @@ def get_cloud_vm_clusters_output(location: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:oracledatabase/getCloudVmClusters:getCloudVmClusters', __args__, opts=opts, typ=GetCloudVmClustersResult) return __ret__.apply(lambda __response__: GetCloudVmClustersResult( cloud_vm_clusters=pulumi.get(__response__, 'cloud_vm_clusters'), diff --git a/sdk/python/pulumi_gcp/oracledatabase/get_db_nodes.py b/sdk/python/pulumi_gcp/oracledatabase/get_db_nodes.py index cadcf97cff..d8bbdbaf08 100644 --- a/sdk/python/pulumi_gcp/oracledatabase/get_db_nodes.py +++ b/sdk/python/pulumi_gcp/oracledatabase/get_db_nodes.py @@ -168,7 +168,7 @@ def get_db_nodes(cloud_vm_cluster: Optional[str] = None, def get_db_nodes_output(cloud_vm_cluster: Optional[pulumi.Input[str]] = None, location: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetDbNodesResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetDbNodesResult]: """ List all DbNodes of a Cloud VmCluster. @@ -235,7 +235,7 @@ def get_db_nodes_output(cloud_vm_cluster: Optional[pulumi.Input[str]] = None, __args__['cloudVmCluster'] = cloud_vm_cluster __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:oracledatabase/getDbNodes:getDbNodes', __args__, opts=opts, typ=GetDbNodesResult) return __ret__.apply(lambda __response__: GetDbNodesResult( cloud_vm_cluster=pulumi.get(__response__, 'cloud_vm_cluster'), diff --git a/sdk/python/pulumi_gcp/oracledatabase/get_db_servers.py b/sdk/python/pulumi_gcp/oracledatabase/get_db_servers.py index 26529eb2af..59f001d122 100644 --- a/sdk/python/pulumi_gcp/oracledatabase/get_db_servers.py +++ b/sdk/python/pulumi_gcp/oracledatabase/get_db_servers.py @@ -168,7 +168,7 @@ def get_db_servers(cloud_exadata_infrastructure: Optional[str] = None, def get_db_servers_output(cloud_exadata_infrastructure: Optional[pulumi.Input[str]] = None, location: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetDbServersResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetDbServersResult]: """ List all DbServers of a Cloud Exdata Infrastructure. @@ -235,7 +235,7 @@ def get_db_servers_output(cloud_exadata_infrastructure: Optional[pulumi.Input[st __args__['cloudExadataInfrastructure'] = cloud_exadata_infrastructure __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:oracledatabase/getDbServers:getDbServers', __args__, opts=opts, typ=GetDbServersResult) return __ret__.apply(lambda __response__: GetDbServersResult( cloud_exadata_infrastructure=pulumi.get(__response__, 'cloud_exadata_infrastructure'), diff --git a/sdk/python/pulumi_gcp/organizations/get_active_folder.py b/sdk/python/pulumi_gcp/organizations/get_active_folder.py index 0a21ecb83c..eaf1ea6ffe 100644 --- a/sdk/python/pulumi_gcp/organizations/get_active_folder.py +++ b/sdk/python/pulumi_gcp/organizations/get_active_folder.py @@ -126,7 +126,7 @@ def get_active_folder(api_method: Optional[str] = None, def get_active_folder_output(api_method: Optional[pulumi.Input[Optional[str]]] = None, display_name: Optional[pulumi.Input[str]] = None, parent: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetActiveFolderResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetActiveFolderResult]: """ Get an active folder within GCP by `display_name` and `parent`. @@ -149,7 +149,7 @@ def get_active_folder_output(api_method: Optional[pulumi.Input[Optional[str]]] = __args__['apiMethod'] = api_method __args__['displayName'] = display_name __args__['parent'] = parent - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:organizations/getActiveFolder:getActiveFolder', __args__, opts=opts, typ=GetActiveFolderResult) return __ret__.apply(lambda __response__: GetActiveFolderResult( api_method=pulumi.get(__response__, 'api_method'), diff --git a/sdk/python/pulumi_gcp/organizations/get_billing_account.py b/sdk/python/pulumi_gcp/organizations/get_billing_account.py index 9a2a3bbb62..482bf53cf8 100644 --- a/sdk/python/pulumi_gcp/organizations/get_billing_account.py +++ b/sdk/python/pulumi_gcp/organizations/get_billing_account.py @@ -160,7 +160,7 @@ def get_billing_account_output(billing_account: Optional[pulumi.Input[Optional[s display_name: Optional[pulumi.Input[Optional[str]]] = None, lookup_projects: Optional[pulumi.Input[Optional[bool]]] = None, open: Optional[pulumi.Input[Optional[bool]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetBillingAccountResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetBillingAccountResult]: """ Use this data source to get information about a Google Billing Account. @@ -191,7 +191,7 @@ def get_billing_account_output(billing_account: Optional[pulumi.Input[Optional[s __args__['displayName'] = display_name __args__['lookupProjects'] = lookup_projects __args__['open'] = open - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:organizations/getBillingAccount:getBillingAccount', __args__, opts=opts, typ=GetBillingAccountResult) return __ret__.apply(lambda __response__: GetBillingAccountResult( billing_account=pulumi.get(__response__, 'billing_account'), diff --git a/sdk/python/pulumi_gcp/organizations/get_client_config.py b/sdk/python/pulumi_gcp/organizations/get_client_config.py index f4056f60b0..5927f9f3ef 100644 --- a/sdk/python/pulumi_gcp/organizations/get_client_config.py +++ b/sdk/python/pulumi_gcp/organizations/get_client_config.py @@ -129,7 +129,7 @@ def get_client_config(opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableG project=pulumi.get(__ret__, 'project'), region=pulumi.get(__ret__, 'region'), zone=pulumi.get(__ret__, 'zone')) -def get_client_config_output(opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetClientConfigResult]: +def get_client_config_output(opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetClientConfigResult]: """ ## Example Usage @@ -142,7 +142,7 @@ def get_client_config_output(opts: Optional[pulumi.InvokeOptions] = None) -> pul ``` """ __args__ = dict() - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:organizations/getClientConfig:getClientConfig', __args__, opts=opts, typ=GetClientConfigResult) return __ret__.apply(lambda __response__: GetClientConfigResult( access_token=pulumi.get(__response__, 'access_token'), diff --git a/sdk/python/pulumi_gcp/organizations/get_client_open_id_user_info.py b/sdk/python/pulumi_gcp/organizations/get_client_open_id_user_info.py index 082d387eed..905e3a1317 100644 --- a/sdk/python/pulumi_gcp/organizations/get_client_open_id_user_info.py +++ b/sdk/python/pulumi_gcp/organizations/get_client_open_id_user_info.py @@ -91,7 +91,7 @@ def get_client_open_id_user_info(opts: Optional[pulumi.InvokeOptions] = None) -> return AwaitableGetClientOpenIdUserInfoResult( email=pulumi.get(__ret__, 'email'), id=pulumi.get(__ret__, 'id')) -def get_client_open_id_user_info_output(opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetClientOpenIdUserInfoResult]: +def get_client_open_id_user_info_output(opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetClientOpenIdUserInfoResult]: """ Get OpenID userinfo about the credentials used with the Google provider, specifically the email. @@ -118,7 +118,7 @@ def get_client_open_id_user_info_output(opts: Optional[pulumi.InvokeOptions] = N ``` """ __args__ = dict() - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:organizations/getClientOpenIdUserInfo:getClientOpenIdUserInfo', __args__, opts=opts, typ=GetClientOpenIdUserInfoResult) return __ret__.apply(lambda __response__: GetClientOpenIdUserInfoResult( email=pulumi.get(__response__, 'email'), diff --git a/sdk/python/pulumi_gcp/organizations/get_folder.py b/sdk/python/pulumi_gcp/organizations/get_folder.py index 80d0ca658a..67a60c55e0 100644 --- a/sdk/python/pulumi_gcp/organizations/get_folder.py +++ b/sdk/python/pulumi_gcp/organizations/get_folder.py @@ -198,7 +198,7 @@ def get_folder(folder: Optional[str] = None, parent=pulumi.get(__ret__, 'parent')) def get_folder_output(folder: Optional[pulumi.Input[str]] = None, lookup_organization: Optional[pulumi.Input[Optional[bool]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetFolderResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetFolderResult]: """ Use this data source to get information about a Google Cloud Folder. @@ -220,7 +220,7 @@ def get_folder_output(folder: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['folder'] = folder __args__['lookupOrganization'] = lookup_organization - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:organizations/getFolder:getFolder', __args__, opts=opts, typ=GetFolderResult) return __ret__.apply(lambda __response__: GetFolderResult( create_time=pulumi.get(__response__, 'create_time'), diff --git a/sdk/python/pulumi_gcp/organizations/get_folders.py b/sdk/python/pulumi_gcp/organizations/get_folders.py index 7c52bd2c55..579b990ce4 100644 --- a/sdk/python/pulumi_gcp/organizations/get_folders.py +++ b/sdk/python/pulumi_gcp/organizations/get_folders.py @@ -103,7 +103,7 @@ def get_folders(parent_id: Optional[str] = None, id=pulumi.get(__ret__, 'id'), parent_id=pulumi.get(__ret__, 'parent_id')) def get_folders_output(parent_id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetFoldersResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetFoldersResult]: """ Retrieve information about a set of folders based on a parent ID. See the [REST API](https://cloud.google.com/resource-manager/reference/rest/v3/folders/list) @@ -126,7 +126,7 @@ def get_folders_output(parent_id: Optional[pulumi.Input[str]] = None, """ __args__ = dict() __args__['parentId'] = parent_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:organizations/getFolders:getFolders', __args__, opts=opts, typ=GetFoldersResult) return __ret__.apply(lambda __response__: GetFoldersResult( folders=pulumi.get(__response__, 'folders'), diff --git a/sdk/python/pulumi_gcp/organizations/get_iam_policy.py b/sdk/python/pulumi_gcp/organizations/get_iam_policy.py index 80f64d04a3..3c9fe134e8 100644 --- a/sdk/python/pulumi_gcp/organizations/get_iam_policy.py +++ b/sdk/python/pulumi_gcp/organizations/get_iam_policy.py @@ -113,7 +113,7 @@ def get_iam_policy(audit_configs: Optional[Sequence[Union['GetIAMPolicyAuditConf policy_data=pulumi.get(__ret__, 'policy_data')) def get_iam_policy_output(audit_configs: Optional[pulumi.Input[Optional[Sequence[Union['GetIAMPolicyAuditConfigArgs', 'GetIAMPolicyAuditConfigArgsDict']]]]] = None, bindings: Optional[pulumi.Input[Optional[Sequence[Union['GetIAMPolicyBindingArgs', 'GetIAMPolicyBindingArgsDict']]]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetIAMPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetIAMPolicyResult]: """ Generates an IAM policy document that may be referenced by and applied to other Google Cloud Platform IAM resources, such as the `projects.IAMPolicy` resource. @@ -132,7 +132,7 @@ def get_iam_policy_output(audit_configs: Optional[pulumi.Input[Optional[Sequence __args__ = dict() __args__['auditConfigs'] = audit_configs __args__['bindings'] = bindings - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:organizations/getIAMPolicy:getIAMPolicy', __args__, opts=opts, typ=GetIAMPolicyResult) return __ret__.apply(lambda __response__: GetIAMPolicyResult( audit_configs=pulumi.get(__response__, 'audit_configs'), diff --git a/sdk/python/pulumi_gcp/organizations/get_organization.py b/sdk/python/pulumi_gcp/organizations/get_organization.py index ba08f24c44..4fbf78c283 100644 --- a/sdk/python/pulumi_gcp/organizations/get_organization.py +++ b/sdk/python/pulumi_gcp/organizations/get_organization.py @@ -166,7 +166,7 @@ def get_organization(domain: Optional[str] = None, organization=pulumi.get(__ret__, 'organization')) def get_organization_output(domain: Optional[pulumi.Input[Optional[str]]] = None, organization: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetOrganizationResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetOrganizationResult]: """ Get information about a Google Cloud Organization. Note that you must have the `roles/resourcemanager.organizationViewer` role (or equivalent permissions) at the organization level to use this datasource. @@ -189,7 +189,7 @@ def get_organization_output(domain: Optional[pulumi.Input[Optional[str]]] = None __args__ = dict() __args__['domain'] = domain __args__['organization'] = organization - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:organizations/getOrganization:getOrganization', __args__, opts=opts, typ=GetOrganizationResult) return __ret__.apply(lambda __response__: GetOrganizationResult( create_time=pulumi.get(__response__, 'create_time'), diff --git a/sdk/python/pulumi_gcp/organizations/get_project.py b/sdk/python/pulumi_gcp/organizations/get_project.py index e7305639fc..77d3f5b1e5 100644 --- a/sdk/python/pulumi_gcp/organizations/get_project.py +++ b/sdk/python/pulumi_gcp/organizations/get_project.py @@ -200,7 +200,7 @@ def get_project(project_id: Optional[str] = None, pulumi_labels=pulumi.get(__ret__, 'pulumi_labels'), tags=pulumi.get(__ret__, 'tags')) def get_project_output(project_id: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetProjectResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetProjectResult]: """ Use this data source to get project details. For more information see @@ -221,7 +221,7 @@ def get_project_output(project_id: Optional[pulumi.Input[Optional[str]]] = None, """ __args__ = dict() __args__['projectId'] = project_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:organizations/getProject:getProject', __args__, opts=opts, typ=GetProjectResult) return __ret__.apply(lambda __response__: GetProjectResult( auto_create_network=pulumi.get(__response__, 'auto_create_network'), diff --git a/sdk/python/pulumi_gcp/privilegedaccessmanager/get_entitlement.py b/sdk/python/pulumi_gcp/privilegedaccessmanager/get_entitlement.py index 9bffac9899..477ad16b9f 100644 --- a/sdk/python/pulumi_gcp/privilegedaccessmanager/get_entitlement.py +++ b/sdk/python/pulumi_gcp/privilegedaccessmanager/get_entitlement.py @@ -231,7 +231,7 @@ def get_entitlement(entitlement_id: Optional[str] = None, def get_entitlement_output(entitlement_id: Optional[pulumi.Input[Optional[str]]] = None, location: Optional[pulumi.Input[Optional[str]]] = None, parent: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetEntitlementResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetEntitlementResult]: """ Use this data source to get information about a Google Cloud Privileged Access Manager Entitlement. @@ -261,7 +261,7 @@ def get_entitlement_output(entitlement_id: Optional[pulumi.Input[Optional[str]]] __args__['entitlementId'] = entitlement_id __args__['location'] = location __args__['parent'] = parent - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:privilegedaccessmanager/getEntitlement:getEntitlement', __args__, opts=opts, typ=GetEntitlementResult) return __ret__.apply(lambda __response__: GetEntitlementResult( additional_notification_targets=pulumi.get(__response__, 'additional_notification_targets'), diff --git a/sdk/python/pulumi_gcp/projects/get_iam_policy.py b/sdk/python/pulumi_gcp/projects/get_iam_policy.py index 7e26b7e14f..c562d342fb 100644 --- a/sdk/python/pulumi_gcp/projects/get_iam_policy.py +++ b/sdk/python/pulumi_gcp/projects/get_iam_policy.py @@ -111,7 +111,7 @@ def get_iam_policy(project: Optional[str] = None, policy_data=pulumi.get(__ret__, 'policy_data'), project=pulumi.get(__ret__, 'project')) def get_iam_policy_output(project: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetIamPolicyResult]: """ Retrieves the current IAM policy data for a project. @@ -130,7 +130,7 @@ def get_iam_policy_output(project: Optional[pulumi.Input[str]] = None, """ __args__ = dict() __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:projects/getIamPolicy:getIamPolicy', __args__, opts=opts, typ=GetIamPolicyResult) return __ret__.apply(lambda __response__: GetIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/projects/get_organization_policy.py b/sdk/python/pulumi_gcp/projects/get_organization_policy.py index 0e98aa7d35..0d4b79ee60 100644 --- a/sdk/python/pulumi_gcp/projects/get_organization_policy.py +++ b/sdk/python/pulumi_gcp/projects/get_organization_policy.py @@ -163,7 +163,7 @@ def get_organization_policy(constraint: Optional[str] = None, version=pulumi.get(__ret__, 'version')) def get_organization_policy_output(constraint: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetOrganizationPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetOrganizationPolicyResult]: """ Allows management of Organization policies for a Google Project. For more information see [the official @@ -187,7 +187,7 @@ def get_organization_policy_output(constraint: Optional[pulumi.Input[str]] = Non __args__ = dict() __args__['constraint'] = constraint __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:projects/getOrganizationPolicy:getOrganizationPolicy', __args__, opts=opts, typ=GetOrganizationPolicyResult) return __ret__.apply(lambda __response__: GetOrganizationPolicyResult( boolean_policies=pulumi.get(__response__, 'boolean_policies'), diff --git a/sdk/python/pulumi_gcp/projects/get_project.py b/sdk/python/pulumi_gcp/projects/get_project.py index 6b8e4bc4bc..9c1d034c62 100644 --- a/sdk/python/pulumi_gcp/projects/get_project.py +++ b/sdk/python/pulumi_gcp/projects/get_project.py @@ -103,7 +103,7 @@ def get_project(filter: Optional[str] = None, id=pulumi.get(__ret__, 'id'), projects=pulumi.get(__ret__, 'projects')) def get_project_output(filter: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetProjectResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetProjectResult]: """ Retrieve information about a set of projects based on a filter. See the [REST API](https://cloud.google.com/resource-manager/reference/rest/v1/projects/list) @@ -126,7 +126,7 @@ def get_project_output(filter: Optional[pulumi.Input[str]] = None, """ __args__ = dict() __args__['filter'] = filter - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:projects/getProject:getProject', __args__, opts=opts, typ=GetProjectResult) return __ret__.apply(lambda __response__: GetProjectResult( filter=pulumi.get(__response__, 'filter'), diff --git a/sdk/python/pulumi_gcp/projects/get_project_service.py b/sdk/python/pulumi_gcp/projects/get_project_service.py index 2b69417d7c..95060bc2f6 100644 --- a/sdk/python/pulumi_gcp/projects/get_project_service.py +++ b/sdk/python/pulumi_gcp/projects/get_project_service.py @@ -143,7 +143,7 @@ def get_project_service(project: Optional[str] = None, service=pulumi.get(__ret__, 'service')) def get_project_service_output(project: Optional[pulumi.Input[Optional[str]]] = None, service: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetProjectServiceResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetProjectServiceResult]: """ Verify the API service for the Google Cloud Platform project to see if it is enabled or not. @@ -178,7 +178,7 @@ def get_project_service_output(project: Optional[pulumi.Input[Optional[str]]] = __args__ = dict() __args__['project'] = project __args__['service'] = service - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:projects/getProjectService:getProjectService', __args__, opts=opts, typ=GetProjectServiceResult) return __ret__.apply(lambda __response__: GetProjectServiceResult( check_if_service_has_usage_on_destroy=pulumi.get(__response__, 'check_if_service_has_usage_on_destroy'), diff --git a/sdk/python/pulumi_gcp/pubsub/get_schema_iam_policy.py b/sdk/python/pulumi_gcp/pubsub/get_schema_iam_policy.py index 8200b8ddff..713b7f6028 100644 --- a/sdk/python/pulumi_gcp/pubsub/get_schema_iam_policy.py +++ b/sdk/python/pulumi_gcp/pubsub/get_schema_iam_policy.py @@ -127,7 +127,7 @@ def get_schema_iam_policy(project: Optional[str] = None, schema=pulumi.get(__ret__, 'schema')) def get_schema_iam_policy_output(project: Optional[pulumi.Input[Optional[str]]] = None, schema: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetSchemaIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetSchemaIamPolicyResult]: """ Retrieves the current IAM policy data for schema @@ -149,7 +149,7 @@ def get_schema_iam_policy_output(project: Optional[pulumi.Input[Optional[str]]] __args__ = dict() __args__['project'] = project __args__['schema'] = schema - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:pubsub/getSchemaIamPolicy:getSchemaIamPolicy', __args__, opts=opts, typ=GetSchemaIamPolicyResult) return __ret__.apply(lambda __response__: GetSchemaIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/pubsub/get_subscription.py b/sdk/python/pulumi_gcp/pubsub/get_subscription.py index 4716f79531..f20cb6128c 100644 --- a/sdk/python/pulumi_gcp/pubsub/get_subscription.py +++ b/sdk/python/pulumi_gcp/pubsub/get_subscription.py @@ -264,7 +264,7 @@ def get_subscription(name: Optional[str] = None, topic=pulumi.get(__ret__, 'topic')) def get_subscription_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetSubscriptionResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetSubscriptionResult]: """ Get information about a Google Cloud Pub/Sub Subscription. For more information see the [official documentation](https://cloud.google.com/pubsub/docs/) @@ -289,7 +289,7 @@ def get_subscription_output(name: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:pubsub/getSubscription:getSubscription', __args__, opts=opts, typ=GetSubscriptionResult) return __ret__.apply(lambda __response__: GetSubscriptionResult( ack_deadline_seconds=pulumi.get(__response__, 'ack_deadline_seconds'), diff --git a/sdk/python/pulumi_gcp/pubsub/get_subscription_iam_policy.py b/sdk/python/pulumi_gcp/pubsub/get_subscription_iam_policy.py index 9aad51b727..38f169e109 100644 --- a/sdk/python/pulumi_gcp/pubsub/get_subscription_iam_policy.py +++ b/sdk/python/pulumi_gcp/pubsub/get_subscription_iam_policy.py @@ -125,7 +125,7 @@ def get_subscription_iam_policy(project: Optional[str] = None, subscription=pulumi.get(__ret__, 'subscription')) def get_subscription_iam_policy_output(project: Optional[pulumi.Input[Optional[str]]] = None, subscription: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetSubscriptionIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetSubscriptionIamPolicyResult]: """ Retrieves the current IAM policy data for a Pubsub subscription. @@ -146,7 +146,7 @@ def get_subscription_iam_policy_output(project: Optional[pulumi.Input[Optional[s __args__ = dict() __args__['project'] = project __args__['subscription'] = subscription - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:pubsub/getSubscriptionIamPolicy:getSubscriptionIamPolicy', __args__, opts=opts, typ=GetSubscriptionIamPolicyResult) return __ret__.apply(lambda __response__: GetSubscriptionIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/pubsub/get_topic.py b/sdk/python/pulumi_gcp/pubsub/get_topic.py index 04c7336d2f..5ef5238e6f 100644 --- a/sdk/python/pulumi_gcp/pubsub/get_topic.py +++ b/sdk/python/pulumi_gcp/pubsub/get_topic.py @@ -184,7 +184,7 @@ def get_topic(name: Optional[str] = None, schema_settings=pulumi.get(__ret__, 'schema_settings')) def get_topic_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetTopicResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetTopicResult]: """ Get information about a Google Cloud Pub/Sub Topic. For more information see the [official documentation](https://cloud.google.com/pubsub/docs/) @@ -209,7 +209,7 @@ def get_topic_output(name: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:pubsub/getTopic:getTopic', __args__, opts=opts, typ=GetTopicResult) return __ret__.apply(lambda __response__: GetTopicResult( effective_labels=pulumi.get(__response__, 'effective_labels'), diff --git a/sdk/python/pulumi_gcp/pubsub/get_topic_iam_policy.py b/sdk/python/pulumi_gcp/pubsub/get_topic_iam_policy.py index 8912c03e48..6486b5c4b0 100644 --- a/sdk/python/pulumi_gcp/pubsub/get_topic_iam_policy.py +++ b/sdk/python/pulumi_gcp/pubsub/get_topic_iam_policy.py @@ -127,7 +127,7 @@ def get_topic_iam_policy(project: Optional[str] = None, topic=pulumi.get(__ret__, 'topic')) def get_topic_iam_policy_output(project: Optional[pulumi.Input[Optional[str]]] = None, topic: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetTopicIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetTopicIamPolicyResult]: """ Retrieves the current IAM policy data for topic @@ -149,7 +149,7 @@ def get_topic_iam_policy_output(project: Optional[pulumi.Input[Optional[str]]] = __args__ = dict() __args__['project'] = project __args__['topic'] = topic - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:pubsub/getTopicIamPolicy:getTopicIamPolicy', __args__, opts=opts, typ=GetTopicIamPolicyResult) return __ret__.apply(lambda __response__: GetTopicIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/redis/get_instance.py b/sdk/python/pulumi_gcp/redis/get_instance.py index d7cc687307..50759ef17a 100644 --- a/sdk/python/pulumi_gcp/redis/get_instance.py +++ b/sdk/python/pulumi_gcp/redis/get_instance.py @@ -450,7 +450,7 @@ def get_instance(name: Optional[str] = None, def get_instance_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetInstanceResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetInstanceResult]: """ Get info about a Google Cloud Redis instance. @@ -479,7 +479,7 @@ def get_instance_output(name: Optional[pulumi.Input[str]] = None, __args__['name'] = name __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:redis/getInstance:getInstance', __args__, opts=opts, typ=GetInstanceResult) return __ret__.apply(lambda __response__: GetInstanceResult( alternative_location_id=pulumi.get(__response__, 'alternative_location_id'), diff --git a/sdk/python/pulumi_gcp/runtimeconfig/get_config.py b/sdk/python/pulumi_gcp/runtimeconfig/get_config.py index 1da8ec876e..cd2844f12f 100644 --- a/sdk/python/pulumi_gcp/runtimeconfig/get_config.py +++ b/sdk/python/pulumi_gcp/runtimeconfig/get_config.py @@ -109,7 +109,7 @@ def get_config(name: Optional[str] = None, project=pulumi.get(__ret__, 'project')) def get_config_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetConfigResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetConfigResult]: """ ## Example Usage @@ -130,7 +130,7 @@ def get_config_output(name: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:runtimeconfig/getConfig:getConfig', __args__, opts=opts, typ=GetConfigResult) return __ret__.apply(lambda __response__: GetConfigResult( description=pulumi.get(__response__, 'description'), diff --git a/sdk/python/pulumi_gcp/runtimeconfig/get_config_iam_policy.py b/sdk/python/pulumi_gcp/runtimeconfig/get_config_iam_policy.py index fd3fc940f3..21f80cb7e6 100644 --- a/sdk/python/pulumi_gcp/runtimeconfig/get_config_iam_policy.py +++ b/sdk/python/pulumi_gcp/runtimeconfig/get_config_iam_policy.py @@ -116,7 +116,7 @@ def get_config_iam_policy(config: Optional[str] = None, project=pulumi.get(__ret__, 'project')) def get_config_iam_policy_output(config: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetConfigIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetConfigIamPolicyResult]: """ Use this data source to access information about an existing resource. @@ -127,7 +127,7 @@ def get_config_iam_policy_output(config: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['config'] = config __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:runtimeconfig/getConfigIamPolicy:getConfigIamPolicy', __args__, opts=opts, typ=GetConfigIamPolicyResult) return __ret__.apply(lambda __response__: GetConfigIamPolicyResult( config=pulumi.get(__response__, 'config'), diff --git a/sdk/python/pulumi_gcp/runtimeconfig/get_variable.py b/sdk/python/pulumi_gcp/runtimeconfig/get_variable.py index ea3b71f9f1..32ef0d610f 100644 --- a/sdk/python/pulumi_gcp/runtimeconfig/get_variable.py +++ b/sdk/python/pulumi_gcp/runtimeconfig/get_variable.py @@ -144,7 +144,7 @@ def get_variable(name: Optional[str] = None, def get_variable_output(name: Optional[pulumi.Input[str]] = None, parent: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetVariableResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetVariableResult]: """ ## Example Usage @@ -168,7 +168,7 @@ def get_variable_output(name: Optional[pulumi.Input[str]] = None, __args__['name'] = name __args__['parent'] = parent __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:runtimeconfig/getVariable:getVariable', __args__, opts=opts, typ=GetVariableResult) return __ret__.apply(lambda __response__: GetVariableResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/secretmanager/get_regional_secret.py b/sdk/python/pulumi_gcp/secretmanager/get_regional_secret.py index 2b781a69b9..901980d712 100644 --- a/sdk/python/pulumi_gcp/secretmanager/get_regional_secret.py +++ b/sdk/python/pulumi_gcp/secretmanager/get_regional_secret.py @@ -254,7 +254,7 @@ def get_regional_secret(location: Optional[str] = None, def get_regional_secret_output(location: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, secret_id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRegionalSecretResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetRegionalSecretResult]: """ Use this data source to get information about a Secret Manager Regional Secret @@ -277,7 +277,7 @@ def get_regional_secret_output(location: Optional[pulumi.Input[str]] = None, __args__['location'] = location __args__['project'] = project __args__['secretId'] = secret_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:secretmanager/getRegionalSecret:getRegionalSecret', __args__, opts=opts, typ=GetRegionalSecretResult) return __ret__.apply(lambda __response__: GetRegionalSecretResult( annotations=pulumi.get(__response__, 'annotations'), diff --git a/sdk/python/pulumi_gcp/secretmanager/get_regional_secret_iam_policy.py b/sdk/python/pulumi_gcp/secretmanager/get_regional_secret_iam_policy.py index 5f303a886a..8e99b06ce3 100644 --- a/sdk/python/pulumi_gcp/secretmanager/get_regional_secret_iam_policy.py +++ b/sdk/python/pulumi_gcp/secretmanager/get_regional_secret_iam_policy.py @@ -144,7 +144,7 @@ def get_regional_secret_iam_policy(location: Optional[str] = None, def get_regional_secret_iam_policy_output(location: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, secret_id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRegionalSecretIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetRegionalSecretIamPolicyResult]: """ Retrieves the current IAM policy data for regionalsecret @@ -171,7 +171,7 @@ def get_regional_secret_iam_policy_output(location: Optional[pulumi.Input[Option __args__['location'] = location __args__['project'] = project __args__['secretId'] = secret_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:secretmanager/getRegionalSecretIamPolicy:getRegionalSecretIamPolicy', __args__, opts=opts, typ=GetRegionalSecretIamPolicyResult) return __ret__.apply(lambda __response__: GetRegionalSecretIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/secretmanager/get_regional_secret_version.py b/sdk/python/pulumi_gcp/secretmanager/get_regional_secret_version.py index a17711073e..9994ca483a 100644 --- a/sdk/python/pulumi_gcp/secretmanager/get_regional_secret_version.py +++ b/sdk/python/pulumi_gcp/secretmanager/get_regional_secret_version.py @@ -226,7 +226,7 @@ def get_regional_secret_version_output(is_secret_data_base64: Optional[pulumi.In project: Optional[pulumi.Input[Optional[str]]] = None, secret: Optional[pulumi.Input[str]] = None, version: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRegionalSecretVersionResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetRegionalSecretVersionResult]: """ Get the value and metadata from a Secret Manager regional secret version. For more information see the [official documentation](https://cloud.google.com/secret-manager/docs/regional-secrets-overview) and [API](https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.locations.secrets.versions). If you don't need the metadata (i.e., if you want to use a more limited role to access the regional secret version only), see also the secretmanager_get_regional_secret_version_access datasource. @@ -258,7 +258,7 @@ def get_regional_secret_version_output(is_secret_data_base64: Optional[pulumi.In __args__['project'] = project __args__['secret'] = secret __args__['version'] = version - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:secretmanager/getRegionalSecretVersion:getRegionalSecretVersion', __args__, opts=opts, typ=GetRegionalSecretVersionResult) return __ret__.apply(lambda __response__: GetRegionalSecretVersionResult( create_time=pulumi.get(__response__, 'create_time'), diff --git a/sdk/python/pulumi_gcp/secretmanager/get_regional_secret_version_access.py b/sdk/python/pulumi_gcp/secretmanager/get_regional_secret_version_access.py index 1bcfa887fb..fce6b0dfa7 100644 --- a/sdk/python/pulumi_gcp/secretmanager/get_regional_secret_version_access.py +++ b/sdk/python/pulumi_gcp/secretmanager/get_regional_secret_version_access.py @@ -173,7 +173,7 @@ def get_regional_secret_version_access_output(is_secret_data_base64: Optional[pu project: Optional[pulumi.Input[Optional[str]]] = None, secret: Optional[pulumi.Input[str]] = None, version: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRegionalSecretVersionAccessResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetRegionalSecretVersionAccessResult]: """ Get the value from a Secret Manager regional secret version. This is similar to the secretmanager.RegionalSecretVersion datasource, but it only requires the [Secret Manager Secret Accessor](https://cloud.google.com/secret-manager/docs/access-control#secretmanager.secretAccessor) role. For more information see the [official documentation](https://cloud.google.com/secret-manager/docs/regional-secrets-overview) and [API](https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.locations.secrets.versions/access). @@ -205,7 +205,7 @@ def get_regional_secret_version_access_output(is_secret_data_base64: Optional[pu __args__['project'] = project __args__['secret'] = secret __args__['version'] = version - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:secretmanager/getRegionalSecretVersionAccess:getRegionalSecretVersionAccess', __args__, opts=opts, typ=GetRegionalSecretVersionAccessResult) return __ret__.apply(lambda __response__: GetRegionalSecretVersionAccessResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/secretmanager/get_regional_secrets.py b/sdk/python/pulumi_gcp/secretmanager/get_regional_secrets.py index 559e07b1a5..73dfdd14fd 100644 --- a/sdk/python/pulumi_gcp/secretmanager/get_regional_secrets.py +++ b/sdk/python/pulumi_gcp/secretmanager/get_regional_secrets.py @@ -132,7 +132,7 @@ def get_regional_secrets(filter: Optional[str] = None, def get_regional_secrets_output(filter: Optional[pulumi.Input[Optional[str]]] = None, location: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRegionalSecretsResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetRegionalSecretsResult]: """ Use this data source to list the Secret Manager Regional Secrets. @@ -154,7 +154,7 @@ def get_regional_secrets_output(filter: Optional[pulumi.Input[Optional[str]]] = __args__['filter'] = filter __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:secretmanager/getRegionalSecrets:getRegionalSecrets', __args__, opts=opts, typ=GetRegionalSecretsResult) return __ret__.apply(lambda __response__: GetRegionalSecretsResult( filter=pulumi.get(__response__, 'filter'), diff --git a/sdk/python/pulumi_gcp/secretmanager/get_secret.py b/sdk/python/pulumi_gcp/secretmanager/get_secret.py index 56605dcc2d..2d4f4da88e 100644 --- a/sdk/python/pulumi_gcp/secretmanager/get_secret.py +++ b/sdk/python/pulumi_gcp/secretmanager/get_secret.py @@ -239,7 +239,7 @@ def get_secret(project: Optional[str] = None, version_destroy_ttl=pulumi.get(__ret__, 'version_destroy_ttl')) def get_secret_output(project: Optional[pulumi.Input[Optional[str]]] = None, secret_id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetSecretResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetSecretResult]: """ Use this data source to get information about a Secret Manager Secret @@ -259,7 +259,7 @@ def get_secret_output(project: Optional[pulumi.Input[Optional[str]]] = None, __args__ = dict() __args__['project'] = project __args__['secretId'] = secret_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:secretmanager/getSecret:getSecret', __args__, opts=opts, typ=GetSecretResult) return __ret__.apply(lambda __response__: GetSecretResult( annotations=pulumi.get(__response__, 'annotations'), diff --git a/sdk/python/pulumi_gcp/secretmanager/get_secret_iam_policy.py b/sdk/python/pulumi_gcp/secretmanager/get_secret_iam_policy.py index e93a5fce3e..8db6e7e4fd 100644 --- a/sdk/python/pulumi_gcp/secretmanager/get_secret_iam_policy.py +++ b/sdk/python/pulumi_gcp/secretmanager/get_secret_iam_policy.py @@ -126,7 +126,7 @@ def get_secret_iam_policy(project: Optional[str] = None, secret_id=pulumi.get(__ret__, 'secret_id')) def get_secret_iam_policy_output(project: Optional[pulumi.Input[Optional[str]]] = None, secret_id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetSecretIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetSecretIamPolicyResult]: """ Retrieves the current IAM policy data for secret @@ -147,7 +147,7 @@ def get_secret_iam_policy_output(project: Optional[pulumi.Input[Optional[str]]] __args__ = dict() __args__['project'] = project __args__['secretId'] = secret_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:secretmanager/getSecretIamPolicy:getSecretIamPolicy', __args__, opts=opts, typ=GetSecretIamPolicyResult) return __ret__.apply(lambda __response__: GetSecretIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/secretmanager/get_secret_version.py b/sdk/python/pulumi_gcp/secretmanager/get_secret_version.py index 94e1c3025a..b643b225ef 100644 --- a/sdk/python/pulumi_gcp/secretmanager/get_secret_version.py +++ b/sdk/python/pulumi_gcp/secretmanager/get_secret_version.py @@ -195,7 +195,7 @@ def get_secret_version_output(is_secret_data_base64: Optional[pulumi.Input[Optio project: Optional[pulumi.Input[Optional[str]]] = None, secret: Optional[pulumi.Input[str]] = None, version: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetSecretVersionResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetSecretVersionResult]: """ Get the value and metadata from a Secret Manager secret version. For more information see the [official documentation](https://cloud.google.com/secret-manager/docs/) and [API](https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.secrets.versions). If you don't need the metadata (i.e., if you want to use a more limited role to access the secret version only), see also the secretmanager_get_secret_version_access datasource. @@ -222,7 +222,7 @@ def get_secret_version_output(is_secret_data_base64: Optional[pulumi.Input[Optio __args__['project'] = project __args__['secret'] = secret __args__['version'] = version - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:secretmanager/getSecretVersion:getSecretVersion', __args__, opts=opts, typ=GetSecretVersionResult) return __ret__.apply(lambda __response__: GetSecretVersionResult( create_time=pulumi.get(__response__, 'create_time'), diff --git a/sdk/python/pulumi_gcp/secretmanager/get_secret_version_access.py b/sdk/python/pulumi_gcp/secretmanager/get_secret_version_access.py index fe2d0474b4..474e6f53ba 100644 --- a/sdk/python/pulumi_gcp/secretmanager/get_secret_version_access.py +++ b/sdk/python/pulumi_gcp/secretmanager/get_secret_version_access.py @@ -156,7 +156,7 @@ def get_secret_version_access_output(is_secret_data_base64: Optional[pulumi.Inpu project: Optional[pulumi.Input[Optional[str]]] = None, secret: Optional[pulumi.Input[str]] = None, version: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetSecretVersionAccessResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetSecretVersionAccessResult]: """ Get the value from a Secret Manager secret version. This is similar to the secretmanager.SecretVersion datasource, but it only requires the [Secret Manager Secret Accessor](https://cloud.google.com/secret-manager/docs/access-control#secretmanager.secretAccessor) role. For more information see the [official documentation](https://cloud.google.com/secret-manager/docs/) and [API](https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.secrets.versions/access). @@ -183,7 +183,7 @@ def get_secret_version_access_output(is_secret_data_base64: Optional[pulumi.Inpu __args__['project'] = project __args__['secret'] = secret __args__['version'] = version - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:secretmanager/getSecretVersionAccess:getSecretVersionAccess', __args__, opts=opts, typ=GetSecretVersionAccessResult) return __ret__.apply(lambda __response__: GetSecretVersionAccessResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/secretmanager/get_secrets.py b/sdk/python/pulumi_gcp/secretmanager/get_secrets.py index f95c988ea7..652b742837 100644 --- a/sdk/python/pulumi_gcp/secretmanager/get_secrets.py +++ b/sdk/python/pulumi_gcp/secretmanager/get_secrets.py @@ -115,7 +115,7 @@ def get_secrets(filter: Optional[str] = None, secrets=pulumi.get(__ret__, 'secrets')) def get_secrets_output(filter: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetSecretsResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetSecretsResult]: """ Use this data source to list the Secret Manager Secrets @@ -135,7 +135,7 @@ def get_secrets_output(filter: Optional[pulumi.Input[Optional[str]]] = None, __args__ = dict() __args__['filter'] = filter __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:secretmanager/getSecrets:getSecrets', __args__, opts=opts, typ=GetSecretsResult) return __ret__.apply(lambda __response__: GetSecretsResult( filter=pulumi.get(__response__, 'filter'), diff --git a/sdk/python/pulumi_gcp/securesourcemanager/get_instance_iam_policy.py b/sdk/python/pulumi_gcp/securesourcemanager/get_instance_iam_policy.py index 305415130f..e06e7d0c52 100644 --- a/sdk/python/pulumi_gcp/securesourcemanager/get_instance_iam_policy.py +++ b/sdk/python/pulumi_gcp/securesourcemanager/get_instance_iam_policy.py @@ -146,7 +146,7 @@ def get_instance_iam_policy(instance_id: Optional[str] = None, def get_instance_iam_policy_output(instance_id: Optional[pulumi.Input[str]] = None, location: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetInstanceIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetInstanceIamPolicyResult]: """ Retrieves the current IAM policy data for instance @@ -175,7 +175,7 @@ def get_instance_iam_policy_output(instance_id: Optional[pulumi.Input[str]] = No __args__['instanceId'] = instance_id __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:securesourcemanager/getInstanceIamPolicy:getInstanceIamPolicy', __args__, opts=opts, typ=GetInstanceIamPolicyResult) return __ret__.apply(lambda __response__: GetInstanceIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/securesourcemanager/get_repository_iam_policy.py b/sdk/python/pulumi_gcp/securesourcemanager/get_repository_iam_policy.py index 1f77d3c245..dd6b00fc2f 100644 --- a/sdk/python/pulumi_gcp/securesourcemanager/get_repository_iam_policy.py +++ b/sdk/python/pulumi_gcp/securesourcemanager/get_repository_iam_policy.py @@ -146,7 +146,7 @@ def get_repository_iam_policy(location: Optional[str] = None, def get_repository_iam_policy_output(location: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, repository_id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRepositoryIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetRepositoryIamPolicyResult]: """ Retrieves the current IAM policy data for repository @@ -175,7 +175,7 @@ def get_repository_iam_policy_output(location: Optional[pulumi.Input[Optional[st __args__['location'] = location __args__['project'] = project __args__['repositoryId'] = repository_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:securesourcemanager/getRepositoryIamPolicy:getRepositoryIamPolicy', __args__, opts=opts, typ=GetRepositoryIamPolicyResult) return __ret__.apply(lambda __response__: GetRepositoryIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/securitycenter/get_source_iam_policy.py b/sdk/python/pulumi_gcp/securitycenter/get_source_iam_policy.py index b14914aa54..a1b74ce5e4 100644 --- a/sdk/python/pulumi_gcp/securitycenter/get_source_iam_policy.py +++ b/sdk/python/pulumi_gcp/securitycenter/get_source_iam_policy.py @@ -124,7 +124,7 @@ def get_source_iam_policy(organization: Optional[str] = None, source=pulumi.get(__ret__, 'source')) def get_source_iam_policy_output(organization: Optional[pulumi.Input[str]] = None, source: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetSourceIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetSourceIamPolicyResult]: """ Retrieves the current IAM policy data for source @@ -143,7 +143,7 @@ def get_source_iam_policy_output(organization: Optional[pulumi.Input[str]] = Non __args__ = dict() __args__['organization'] = organization __args__['source'] = source - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:securitycenter/getSourceIamPolicy:getSourceIamPolicy', __args__, opts=opts, typ=GetSourceIamPolicyResult) return __ret__.apply(lambda __response__: GetSourceIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/securitycenter/get_v2_organization_source_iam_policy.py b/sdk/python/pulumi_gcp/securitycenter/get_v2_organization_source_iam_policy.py index 5c2f898680..2a97fcbbdd 100644 --- a/sdk/python/pulumi_gcp/securitycenter/get_v2_organization_source_iam_policy.py +++ b/sdk/python/pulumi_gcp/securitycenter/get_v2_organization_source_iam_policy.py @@ -124,7 +124,7 @@ def get_v2_organization_source_iam_policy(organization: Optional[str] = None, source=pulumi.get(__ret__, 'source')) def get_v2_organization_source_iam_policy_output(organization: Optional[pulumi.Input[str]] = None, source: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetV2OrganizationSourceIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetV2OrganizationSourceIamPolicyResult]: """ Retrieves the current IAM policy data for organizationsource @@ -143,7 +143,7 @@ def get_v2_organization_source_iam_policy_output(organization: Optional[pulumi.I __args__ = dict() __args__['organization'] = organization __args__['source'] = source - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:securitycenter/getV2OrganizationSourceIamPolicy:getV2OrganizationSourceIamPolicy', __args__, opts=opts, typ=GetV2OrganizationSourceIamPolicyResult) return __ret__.apply(lambda __response__: GetV2OrganizationSourceIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/serviceaccount/get_account.py b/sdk/python/pulumi_gcp/serviceaccount/get_account.py index 515c58f98e..e85e7336bf 100644 --- a/sdk/python/pulumi_gcp/serviceaccount/get_account.py +++ b/sdk/python/pulumi_gcp/serviceaccount/get_account.py @@ -206,7 +206,7 @@ def get_account(account_id: Optional[str] = None, unique_id=pulumi.get(__ret__, 'unique_id')) def get_account_output(account_id: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAccountResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAccountResult]: """ Get the service account from a project. For more information see the official [API](https://cloud.google.com/compute/docs/access/service-accounts) documentation. @@ -254,7 +254,7 @@ def get_account_output(account_id: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['accountId'] = account_id __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:serviceaccount/getAccount:getAccount', __args__, opts=opts, typ=GetAccountResult) return __ret__.apply(lambda __response__: GetAccountResult( account_id=pulumi.get(__response__, 'account_id'), diff --git a/sdk/python/pulumi_gcp/serviceaccount/get_account_access_token.py b/sdk/python/pulumi_gcp/serviceaccount/get_account_access_token.py index e188b0e0f5..b051f3047f 100644 --- a/sdk/python/pulumi_gcp/serviceaccount/get_account_access_token.py +++ b/sdk/python/pulumi_gcp/serviceaccount/get_account_access_token.py @@ -170,7 +170,7 @@ def get_account_access_token_output(delegates: Optional[pulumi.Input[Optional[Se lifetime: Optional[pulumi.Input[Optional[str]]] = None, scopes: Optional[pulumi.Input[Sequence[str]]] = None, target_service_account: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAccountAccessTokenResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAccountAccessTokenResult]: """ This data source provides a google `oauth2` `access_token` for a different service account than the one initially running the script. @@ -225,7 +225,7 @@ def get_account_access_token_output(delegates: Optional[pulumi.Input[Optional[Se __args__['lifetime'] = lifetime __args__['scopes'] = scopes __args__['targetServiceAccount'] = target_service_account - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:serviceaccount/getAccountAccessToken:getAccountAccessToken', __args__, opts=opts, typ=GetAccountAccessTokenResult) return __ret__.apply(lambda __response__: GetAccountAccessTokenResult( access_token=pulumi.get(__response__, 'access_token'), diff --git a/sdk/python/pulumi_gcp/serviceaccount/get_account_id_token.py b/sdk/python/pulumi_gcp/serviceaccount/get_account_id_token.py index df04535229..87c0570432 100644 --- a/sdk/python/pulumi_gcp/serviceaccount/get_account_id_token.py +++ b/sdk/python/pulumi_gcp/serviceaccount/get_account_id_token.py @@ -187,7 +187,7 @@ def get_account_id_token_output(delegates: Optional[pulumi.Input[Optional[Sequen include_email: Optional[pulumi.Input[Optional[bool]]] = None, target_audience: Optional[pulumi.Input[str]] = None, target_service_account: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAccountIdTokenResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAccountIdTokenResult]: """ This data source provides a Google OpenID Connect (`oidc`) `id_token`. Tokens issued from this data source are typically used to call external services that accept OIDC tokens for authentication (e.g. [Google Cloud Run](https://cloud.google.com/run/docs/authenticating/service-to-service)). @@ -259,7 +259,7 @@ def get_account_id_token_output(delegates: Optional[pulumi.Input[Optional[Sequen __args__['includeEmail'] = include_email __args__['targetAudience'] = target_audience __args__['targetServiceAccount'] = target_service_account - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:serviceaccount/getAccountIdToken:getAccountIdToken', __args__, opts=opts, typ=GetAccountIdTokenResult) return __ret__.apply(lambda __response__: GetAccountIdTokenResult( delegates=pulumi.get(__response__, 'delegates'), diff --git a/sdk/python/pulumi_gcp/serviceaccount/get_account_jwt.py b/sdk/python/pulumi_gcp/serviceaccount/get_account_jwt.py index 00a373f452..14b8c4bfdf 100644 --- a/sdk/python/pulumi_gcp/serviceaccount/get_account_jwt.py +++ b/sdk/python/pulumi_gcp/serviceaccount/get_account_jwt.py @@ -148,7 +148,7 @@ def get_account_jwt_output(delegates: Optional[pulumi.Input[Optional[Sequence[st expires_in: Optional[pulumi.Input[Optional[int]]] = None, payload: Optional[pulumi.Input[str]] = None, target_service_account: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAccountJwtResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAccountJwtResult]: """ This data source provides a [self-signed JWT](https://cloud.google.com/iam/docs/create-short-lived-credentials-direct#sa-credentials-jwt). Tokens issued from this data source are typically used to call external services that accept JWTs for authentication. @@ -181,7 +181,7 @@ def get_account_jwt_output(delegates: Optional[pulumi.Input[Optional[Sequence[st __args__['expiresIn'] = expires_in __args__['payload'] = payload __args__['targetServiceAccount'] = target_service_account - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:serviceaccount/getAccountJwt:getAccountJwt', __args__, opts=opts, typ=GetAccountJwtResult) return __ret__.apply(lambda __response__: GetAccountJwtResult( delegates=pulumi.get(__response__, 'delegates'), diff --git a/sdk/python/pulumi_gcp/serviceaccount/get_account_key.py b/sdk/python/pulumi_gcp/serviceaccount/get_account_key.py index d5f6f43f61..97e727b5fd 100644 --- a/sdk/python/pulumi_gcp/serviceaccount/get_account_key.py +++ b/sdk/python/pulumi_gcp/serviceaccount/get_account_key.py @@ -141,7 +141,7 @@ def get_account_key(name: Optional[str] = None, def get_account_key_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, public_key_type: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAccountKeyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAccountKeyResult]: """ Get service account public key. For more information, see [the official documentation](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) and [API](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys/get). @@ -169,7 +169,7 @@ def get_account_key_output(name: Optional[pulumi.Input[str]] = None, __args__['name'] = name __args__['project'] = project __args__['publicKeyType'] = public_key_type - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:serviceaccount/getAccountKey:getAccountKey', __args__, opts=opts, typ=GetAccountKeyResult) return __ret__.apply(lambda __response__: GetAccountKeyResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/serviceaccount/get_iam_policy.py b/sdk/python/pulumi_gcp/serviceaccount/get_iam_policy.py index c5583e344a..fe520b0e8b 100644 --- a/sdk/python/pulumi_gcp/serviceaccount/get_iam_policy.py +++ b/sdk/python/pulumi_gcp/serviceaccount/get_iam_policy.py @@ -110,7 +110,7 @@ def get_iam_policy(service_account_id: Optional[str] = None, policy_data=pulumi.get(__ret__, 'policy_data'), service_account_id=pulumi.get(__ret__, 'service_account_id')) def get_iam_policy_output(service_account_id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetIamPolicyResult]: """ Retrieves the current IAM policy data for a service account. @@ -128,7 +128,7 @@ def get_iam_policy_output(service_account_id: Optional[pulumi.Input[str]] = None """ __args__ = dict() __args__['serviceAccountId'] = service_account_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:serviceaccount/getIamPolicy:getIamPolicy', __args__, opts=opts, typ=GetIamPolicyResult) return __ret__.apply(lambda __response__: GetIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/serviceaccount/get_s.py b/sdk/python/pulumi_gcp/serviceaccount/get_s.py index 2396086c14..dd27cd509e 100644 --- a/sdk/python/pulumi_gcp/serviceaccount/get_s.py +++ b/sdk/python/pulumi_gcp/serviceaccount/get_s.py @@ -102,7 +102,7 @@ def get_s(project: Optional[str] = None, id=pulumi.get(__ret__, 'id'), project=pulumi.get(__ret__, 'project')) def get_s_output(project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetSResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetSResult]: """ Gets a list of all service accounts from a project. See [the official documentation](https://cloud.google.com/iam/docs/service-account-overview) @@ -124,7 +124,7 @@ def get_s_output(project: Optional[pulumi.Input[Optional[str]]] = None, """ __args__ = dict() __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:serviceaccount/getS:getS', __args__, opts=opts, typ=GetSResult) return __ret__.apply(lambda __response__: GetSResult( accounts=pulumi.get(__response__, 'accounts'), diff --git a/sdk/python/pulumi_gcp/servicedirectory/get_namespace_iam_policy.py b/sdk/python/pulumi_gcp/servicedirectory/get_namespace_iam_policy.py index cf3235a398..d95b6ad58a 100644 --- a/sdk/python/pulumi_gcp/servicedirectory/get_namespace_iam_policy.py +++ b/sdk/python/pulumi_gcp/servicedirectory/get_namespace_iam_policy.py @@ -101,7 +101,7 @@ def get_namespace_iam_policy(name: Optional[str] = None, name=pulumi.get(__ret__, 'name'), policy_data=pulumi.get(__ret__, 'policy_data')) def get_namespace_iam_policy_output(name: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetNamespaceIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetNamespaceIamPolicyResult]: """ Use this data source to access information about an existing resource. @@ -109,7 +109,7 @@ def get_namespace_iam_policy_output(name: Optional[pulumi.Input[str]] = None, """ __args__ = dict() __args__['name'] = name - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:servicedirectory/getNamespaceIamPolicy:getNamespaceIamPolicy', __args__, opts=opts, typ=GetNamespaceIamPolicyResult) return __ret__.apply(lambda __response__: GetNamespaceIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/servicedirectory/get_service_iam_policy.py b/sdk/python/pulumi_gcp/servicedirectory/get_service_iam_policy.py index 0609e56e69..02cb2d80ea 100644 --- a/sdk/python/pulumi_gcp/servicedirectory/get_service_iam_policy.py +++ b/sdk/python/pulumi_gcp/servicedirectory/get_service_iam_policy.py @@ -101,7 +101,7 @@ def get_service_iam_policy(name: Optional[str] = None, name=pulumi.get(__ret__, 'name'), policy_data=pulumi.get(__ret__, 'policy_data')) def get_service_iam_policy_output(name: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetServiceIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetServiceIamPolicyResult]: """ Use this data source to access information about an existing resource. @@ -109,7 +109,7 @@ def get_service_iam_policy_output(name: Optional[pulumi.Input[str]] = None, """ __args__ = dict() __args__['name'] = name - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:servicedirectory/getServiceIamPolicy:getServiceIamPolicy', __args__, opts=opts, typ=GetServiceIamPolicyResult) return __ret__.apply(lambda __response__: GetServiceIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/servicenetworking/get_peered_dns_domain.py b/sdk/python/pulumi_gcp/servicenetworking/get_peered_dns_domain.py index 1661d61f17..13dd393a52 100644 --- a/sdk/python/pulumi_gcp/servicenetworking/get_peered_dns_domain.py +++ b/sdk/python/pulumi_gcp/servicenetworking/get_peered_dns_domain.py @@ -131,7 +131,7 @@ def get_peered_dns_domain_output(name: Optional[pulumi.Input[str]] = None, network: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[str]] = None, service: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetPeeredDnsDomainResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetPeeredDnsDomainResult]: """ Use this data source to access information about an existing resource. """ @@ -140,7 +140,7 @@ def get_peered_dns_domain_output(name: Optional[pulumi.Input[str]] = None, __args__['network'] = network __args__['project'] = project __args__['service'] = service - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:servicenetworking/getPeeredDnsDomain:getPeeredDnsDomain', __args__, opts=opts, typ=GetPeeredDnsDomainResult) return __ret__.apply(lambda __response__: GetPeeredDnsDomainResult( dns_suffix=pulumi.get(__response__, 'dns_suffix'), diff --git a/sdk/python/pulumi_gcp/siteverification/get_token.py b/sdk/python/pulumi_gcp/siteverification/get_token.py index fc6ae09819..11d1c603b0 100644 --- a/sdk/python/pulumi_gcp/siteverification/get_token.py +++ b/sdk/python/pulumi_gcp/siteverification/get_token.py @@ -153,7 +153,7 @@ def get_token(identifier: Optional[str] = None, def get_token_output(identifier: Optional[pulumi.Input[str]] = None, type: Optional[pulumi.Input[str]] = None, verification_method: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetTokenResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetTokenResult]: """ A verification token is used to demonstrate ownership of a website or domain. @@ -203,7 +203,7 @@ def get_token_output(identifier: Optional[pulumi.Input[str]] = None, __args__['identifier'] = identifier __args__['type'] = type __args__['verificationMethod'] = verification_method - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:siteverification/getToken:getToken', __args__, opts=opts, typ=GetTokenResult) return __ret__.apply(lambda __response__: GetTokenResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/sourcerepo/get_repository.py b/sdk/python/pulumi_gcp/sourcerepo/get_repository.py index d4f6590a2b..9db04fe8d7 100644 --- a/sdk/python/pulumi_gcp/sourcerepo/get_repository.py +++ b/sdk/python/pulumi_gcp/sourcerepo/get_repository.py @@ -142,7 +142,7 @@ def get_repository(name: Optional[str] = None, url=pulumi.get(__ret__, 'url')) def get_repository_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRepositoryResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetRepositoryResult]: """ Get infomation about an existing Google Cloud Source Repository. For more information see [the official documentation](https://cloud.google.com/source-repositories) @@ -165,7 +165,7 @@ def get_repository_output(name: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:sourcerepo/getRepository:getRepository', __args__, opts=opts, typ=GetRepositoryResult) return __ret__.apply(lambda __response__: GetRepositoryResult( create_ignore_already_exists=pulumi.get(__response__, 'create_ignore_already_exists'), diff --git a/sdk/python/pulumi_gcp/sourcerepo/get_repository_iam_policy.py b/sdk/python/pulumi_gcp/sourcerepo/get_repository_iam_policy.py index 09eb23259c..e2de7ffe97 100644 --- a/sdk/python/pulumi_gcp/sourcerepo/get_repository_iam_policy.py +++ b/sdk/python/pulumi_gcp/sourcerepo/get_repository_iam_policy.py @@ -127,7 +127,7 @@ def get_repository_iam_policy(project: Optional[str] = None, repository=pulumi.get(__ret__, 'repository')) def get_repository_iam_policy_output(project: Optional[pulumi.Input[Optional[str]]] = None, repository: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRepositoryIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetRepositoryIamPolicyResult]: """ Retrieves the current IAM policy data for repository @@ -149,7 +149,7 @@ def get_repository_iam_policy_output(project: Optional[pulumi.Input[Optional[str __args__ = dict() __args__['project'] = project __args__['repository'] = repository - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:sourcerepo/getRepositoryIamPolicy:getRepositoryIamPolicy', __args__, opts=opts, typ=GetRepositoryIamPolicyResult) return __ret__.apply(lambda __response__: GetRepositoryIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/spanner/get_database.py b/sdk/python/pulumi_gcp/spanner/get_database.py index bc7cc77133..4d982a1e53 100644 --- a/sdk/python/pulumi_gcp/spanner/get_database.py +++ b/sdk/python/pulumi_gcp/spanner/get_database.py @@ -187,7 +187,7 @@ def get_database(instance: Optional[str] = None, def get_database_output(instance: Optional[pulumi.Input[str]] = None, name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetDatabaseResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetDatabaseResult]: """ Get a spanner database from Google Cloud by its name and instance name. @@ -213,7 +213,7 @@ def get_database_output(instance: Optional[pulumi.Input[str]] = None, __args__['instance'] = instance __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:spanner/getDatabase:getDatabase', __args__, opts=opts, typ=GetDatabaseResult) return __ret__.apply(lambda __response__: GetDatabaseResult( database_dialect=pulumi.get(__response__, 'database_dialect'), diff --git a/sdk/python/pulumi_gcp/spanner/get_database_iam_policy.py b/sdk/python/pulumi_gcp/spanner/get_database_iam_policy.py index 60635955a0..78e7995661 100644 --- a/sdk/python/pulumi_gcp/spanner/get_database_iam_policy.py +++ b/sdk/python/pulumi_gcp/spanner/get_database_iam_policy.py @@ -141,7 +141,7 @@ def get_database_iam_policy(database: Optional[str] = None, def get_database_iam_policy_output(database: Optional[pulumi.Input[str]] = None, instance: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetDatabaseIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetDatabaseIamPolicyResult]: """ Retrieves the current IAM policy data for a Spanner database. @@ -166,7 +166,7 @@ def get_database_iam_policy_output(database: Optional[pulumi.Input[str]] = None, __args__['database'] = database __args__['instance'] = instance __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:spanner/getDatabaseIamPolicy:getDatabaseIamPolicy', __args__, opts=opts, typ=GetDatabaseIamPolicyResult) return __ret__.apply(lambda __response__: GetDatabaseIamPolicyResult( database=pulumi.get(__response__, 'database'), diff --git a/sdk/python/pulumi_gcp/spanner/get_instance.py b/sdk/python/pulumi_gcp/spanner/get_instance.py index c1087d4d84..f088ba30b5 100644 --- a/sdk/python/pulumi_gcp/spanner/get_instance.py +++ b/sdk/python/pulumi_gcp/spanner/get_instance.py @@ -228,7 +228,7 @@ def get_instance_output(config: Optional[pulumi.Input[Optional[str]]] = None, display_name: Optional[pulumi.Input[Optional[str]]] = None, name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetInstanceResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetInstanceResult]: """ Get a spanner instance from Google Cloud by its name. @@ -253,7 +253,7 @@ def get_instance_output(config: Optional[pulumi.Input[Optional[str]]] = None, __args__['displayName'] = display_name __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:spanner/getInstance:getInstance', __args__, opts=opts, typ=GetInstanceResult) return __ret__.apply(lambda __response__: GetInstanceResult( autoscaling_configs=pulumi.get(__response__, 'autoscaling_configs'), diff --git a/sdk/python/pulumi_gcp/spanner/get_instance_iam_policy.py b/sdk/python/pulumi_gcp/spanner/get_instance_iam_policy.py index 36bf3143c5..9841f6cf4e 100644 --- a/sdk/python/pulumi_gcp/spanner/get_instance_iam_policy.py +++ b/sdk/python/pulumi_gcp/spanner/get_instance_iam_policy.py @@ -126,7 +126,7 @@ def get_instance_iam_policy(instance: Optional[str] = None, project=pulumi.get(__ret__, 'project')) def get_instance_iam_policy_output(instance: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetInstanceIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetInstanceIamPolicyResult]: """ Retrieves the current IAM policy data for a Spanner instance. @@ -148,7 +148,7 @@ def get_instance_iam_policy_output(instance: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['instance'] = instance __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:spanner/getInstanceIamPolicy:getInstanceIamPolicy', __args__, opts=opts, typ=GetInstanceIamPolicyResult) return __ret__.apply(lambda __response__: GetInstanceIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/sql/get_backup_run.py b/sdk/python/pulumi_gcp/sql/get_backup_run.py index d145966938..f78d263a31 100644 --- a/sdk/python/pulumi_gcp/sql/get_backup_run.py +++ b/sdk/python/pulumi_gcp/sql/get_backup_run.py @@ -170,7 +170,7 @@ def get_backup_run_output(backup_id: Optional[pulumi.Input[Optional[int]]] = Non instance: Optional[pulumi.Input[str]] = None, most_recent: Optional[pulumi.Input[Optional[bool]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetBackupRunResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetBackupRunResult]: """ Use this data source to get information about a Cloud SQL instance backup run. @@ -198,7 +198,7 @@ def get_backup_run_output(backup_id: Optional[pulumi.Input[Optional[int]]] = Non __args__['instance'] = instance __args__['mostRecent'] = most_recent __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:sql/getBackupRun:getBackupRun', __args__, opts=opts, typ=GetBackupRunResult) return __ret__.apply(lambda __response__: GetBackupRunResult( backup_id=pulumi.get(__response__, 'backup_id'), diff --git a/sdk/python/pulumi_gcp/sql/get_ca_certs.py b/sdk/python/pulumi_gcp/sql/get_ca_certs.py index 372644bab2..dd863c3d7c 100644 --- a/sdk/python/pulumi_gcp/sql/get_ca_certs.py +++ b/sdk/python/pulumi_gcp/sql/get_ca_certs.py @@ -119,7 +119,7 @@ def get_ca_certs(instance: Optional[str] = None, project=pulumi.get(__ret__, 'project')) def get_ca_certs_output(instance: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetCaCertsResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetCaCertsResult]: """ Get all of the trusted Certificate Authorities (CAs) for the specified SQL database instance. For more information see the [official documentation](https://cloud.google.com/sql/) @@ -133,7 +133,7 @@ def get_ca_certs_output(instance: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['instance'] = instance __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:sql/getCaCerts:getCaCerts', __args__, opts=opts, typ=GetCaCertsResult) return __ret__.apply(lambda __response__: GetCaCertsResult( active_version=pulumi.get(__response__, 'active_version'), diff --git a/sdk/python/pulumi_gcp/sql/get_database.py b/sdk/python/pulumi_gcp/sql/get_database.py index 85830079ab..42e0be74b5 100644 --- a/sdk/python/pulumi_gcp/sql/get_database.py +++ b/sdk/python/pulumi_gcp/sql/get_database.py @@ -153,7 +153,7 @@ def get_database(instance: Optional[str] = None, def get_database_output(instance: Optional[pulumi.Input[str]] = None, name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetDatabaseResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetDatabaseResult]: """ Use this data source to get information about a database in a Cloud SQL instance. @@ -176,7 +176,7 @@ def get_database_output(instance: Optional[pulumi.Input[str]] = None, __args__['instance'] = instance __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:sql/getDatabase:getDatabase', __args__, opts=opts, typ=GetDatabaseResult) return __ret__.apply(lambda __response__: GetDatabaseResult( charset=pulumi.get(__response__, 'charset'), diff --git a/sdk/python/pulumi_gcp/sql/get_database_instance.py b/sdk/python/pulumi_gcp/sql/get_database_instance.py index 33ac490c8a..2089936c2d 100644 --- a/sdk/python/pulumi_gcp/sql/get_database_instance.py +++ b/sdk/python/pulumi_gcp/sql/get_database_instance.py @@ -339,7 +339,7 @@ def get_database_instance(name: Optional[str] = None, settings=pulumi.get(__ret__, 'settings')) def get_database_instance_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetDatabaseInstanceResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetDatabaseInstanceResult]: """ Use this data source to get information about a Cloud SQL instance. @@ -359,7 +359,7 @@ def get_database_instance_output(name: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:sql/getDatabaseInstance:getDatabaseInstance', __args__, opts=opts, typ=GetDatabaseInstanceResult) return __ret__.apply(lambda __response__: GetDatabaseInstanceResult( available_maintenance_versions=pulumi.get(__response__, 'available_maintenance_versions'), diff --git a/sdk/python/pulumi_gcp/sql/get_database_instance_latest_recovery_time.py b/sdk/python/pulumi_gcp/sql/get_database_instance_latest_recovery_time.py index 083a2f90dc..f79be8ab77 100644 --- a/sdk/python/pulumi_gcp/sql/get_database_instance_latest_recovery_time.py +++ b/sdk/python/pulumi_gcp/sql/get_database_instance_latest_recovery_time.py @@ -121,7 +121,7 @@ def get_database_instance_latest_recovery_time(instance: Optional[str] = None, project=pulumi.get(__ret__, 'project')) def get_database_instance_latest_recovery_time_output(instance: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetDatabaseInstanceLatestRecoveryTimeResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetDatabaseInstanceLatestRecoveryTimeResult]: """ Get Latest Recovery Time for a given instance. For more information see the [official documentation](https://cloud.google.com/sql/) @@ -145,7 +145,7 @@ def get_database_instance_latest_recovery_time_output(instance: Optional[pulumi. __args__ = dict() __args__['instance'] = instance __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:sql/getDatabaseInstanceLatestRecoveryTime:getDatabaseInstanceLatestRecoveryTime', __args__, opts=opts, typ=GetDatabaseInstanceLatestRecoveryTimeResult) return __ret__.apply(lambda __response__: GetDatabaseInstanceLatestRecoveryTimeResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/sql/get_database_instances.py b/sdk/python/pulumi_gcp/sql/get_database_instances.py index c33cb26bbe..b7555e4251 100644 --- a/sdk/python/pulumi_gcp/sql/get_database_instances.py +++ b/sdk/python/pulumi_gcp/sql/get_database_instances.py @@ -165,7 +165,7 @@ def get_database_instances_output(database_version: Optional[pulumi.Input[Option state: Optional[pulumi.Input[Optional[str]]] = None, tier: Optional[pulumi.Input[Optional[str]]] = None, zone: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetDatabaseInstancesResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetDatabaseInstancesResult]: """ Use this data source to get information about a list of Cloud SQL instances in a project. You can also apply some filters over this list to get a more filtered list of Cloud SQL instances. @@ -193,7 +193,7 @@ def get_database_instances_output(database_version: Optional[pulumi.Input[Option __args__['state'] = state __args__['tier'] = tier __args__['zone'] = zone - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:sql/getDatabaseInstances:getDatabaseInstances', __args__, opts=opts, typ=GetDatabaseInstancesResult) return __ret__.apply(lambda __response__: GetDatabaseInstancesResult( database_version=pulumi.get(__response__, 'database_version'), diff --git a/sdk/python/pulumi_gcp/sql/get_databases.py b/sdk/python/pulumi_gcp/sql/get_databases.py index 49694f955d..cb5479c45e 100644 --- a/sdk/python/pulumi_gcp/sql/get_databases.py +++ b/sdk/python/pulumi_gcp/sql/get_databases.py @@ -110,7 +110,7 @@ def get_databases(instance: Optional[str] = None, project=pulumi.get(__ret__, 'project')) def get_databases_output(instance: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetDatabasesResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetDatabasesResult]: """ Use this data source to get information about a list of databases in a Cloud SQL instance. ## Example Usage @@ -131,7 +131,7 @@ def get_databases_output(instance: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['instance'] = instance __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:sql/getDatabases:getDatabases', __args__, opts=opts, typ=GetDatabasesResult) return __ret__.apply(lambda __response__: GetDatabasesResult( databases=pulumi.get(__response__, 'databases'), diff --git a/sdk/python/pulumi_gcp/sql/get_tiers.py b/sdk/python/pulumi_gcp/sql/get_tiers.py index e7e1741ead..2238c2c3c2 100644 --- a/sdk/python/pulumi_gcp/sql/get_tiers.py +++ b/sdk/python/pulumi_gcp/sql/get_tiers.py @@ -103,7 +103,7 @@ def get_tiers(project: Optional[str] = None, project=pulumi.get(__ret__, 'project'), tiers=pulumi.get(__ret__, 'tiers')) def get_tiers_output(project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetTiersResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetTiersResult]: """ Get all available machine types (tiers) for a project, for example, db-custom-1-3840. For more information see the [official documentation](https://cloud.google.com/sql/) @@ -126,7 +126,7 @@ def get_tiers_output(project: Optional[pulumi.Input[Optional[str]]] = None, """ __args__ = dict() __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:sql/getTiers:getTiers', __args__, opts=opts, typ=GetTiersResult) return __ret__.apply(lambda __response__: GetTiersResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/storage/get_bucket.py b/sdk/python/pulumi_gcp/storage/get_bucket.py index 879209c681..e23be350ae 100644 --- a/sdk/python/pulumi_gcp/storage/get_bucket.py +++ b/sdk/python/pulumi_gcp/storage/get_bucket.py @@ -362,7 +362,7 @@ def get_bucket(name: Optional[str] = None, websites=pulumi.get(__ret__, 'websites')) def get_bucket_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetBucketResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetBucketResult]: """ Gets an existing bucket in Google Cloud Storage service (GCS). See [the official documentation](https://cloud.google.com/storage/docs/key-terms#buckets) @@ -385,7 +385,7 @@ def get_bucket_output(name: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:storage/getBucket:getBucket', __args__, opts=opts, typ=GetBucketResult) return __ret__.apply(lambda __response__: GetBucketResult( autoclasses=pulumi.get(__response__, 'autoclasses'), diff --git a/sdk/python/pulumi_gcp/storage/get_bucket_iam_policy.py b/sdk/python/pulumi_gcp/storage/get_bucket_iam_policy.py index d4eae92b21..80b75cc12b 100644 --- a/sdk/python/pulumi_gcp/storage/get_bucket_iam_policy.py +++ b/sdk/python/pulumi_gcp/storage/get_bucket_iam_policy.py @@ -111,7 +111,7 @@ def get_bucket_iam_policy(bucket: Optional[str] = None, id=pulumi.get(__ret__, 'id'), policy_data=pulumi.get(__ret__, 'policy_data')) def get_bucket_iam_policy_output(bucket: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetBucketIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetBucketIamPolicyResult]: """ Retrieves the current IAM policy data for bucket @@ -129,7 +129,7 @@ def get_bucket_iam_policy_output(bucket: Optional[pulumi.Input[str]] = None, """ __args__ = dict() __args__['bucket'] = bucket - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:storage/getBucketIamPolicy:getBucketIamPolicy', __args__, opts=opts, typ=GetBucketIamPolicyResult) return __ret__.apply(lambda __response__: GetBucketIamPolicyResult( bucket=pulumi.get(__response__, 'bucket'), diff --git a/sdk/python/pulumi_gcp/storage/get_bucket_object.py b/sdk/python/pulumi_gcp/storage/get_bucket_object.py index a8aa4565ac..691649f278 100644 --- a/sdk/python/pulumi_gcp/storage/get_bucket_object.py +++ b/sdk/python/pulumi_gcp/storage/get_bucket_object.py @@ -357,7 +357,7 @@ def get_bucket_object(bucket: Optional[str] = None, temporary_hold=pulumi.get(__ret__, 'temporary_hold')) def get_bucket_object_output(bucket: Optional[pulumi.Input[Optional[str]]] = None, name: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetBucketObjectResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetBucketObjectResult]: """ Gets an existing object inside an existing bucket in Google Cloud Storage service (GCS). See [the official documentation](https://cloud.google.com/storage/docs/key-terms#objects) @@ -383,7 +383,7 @@ def get_bucket_object_output(bucket: Optional[pulumi.Input[Optional[str]]] = Non __args__ = dict() __args__['bucket'] = bucket __args__['name'] = name - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:storage/getBucketObject:getBucketObject', __args__, opts=opts, typ=GetBucketObjectResult) return __ret__.apply(lambda __response__: GetBucketObjectResult( bucket=pulumi.get(__response__, 'bucket'), diff --git a/sdk/python/pulumi_gcp/storage/get_bucket_object_content.py b/sdk/python/pulumi_gcp/storage/get_bucket_object_content.py index 608f033911..73f476e493 100644 --- a/sdk/python/pulumi_gcp/storage/get_bucket_object_content.py +++ b/sdk/python/pulumi_gcp/storage/get_bucket_object_content.py @@ -325,7 +325,7 @@ def get_bucket_object_content(bucket: Optional[str] = None, def get_bucket_object_content_output(bucket: Optional[pulumi.Input[str]] = None, content: Optional[pulumi.Input[Optional[str]]] = None, name: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetBucketObjectContentResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetBucketObjectContentResult]: """ Gets an existing object content inside an existing bucket in Google Cloud Storage service (GCS). See [the official documentation](https://cloud.google.com/storage/docs/key-terms#objects) @@ -356,7 +356,7 @@ def get_bucket_object_content_output(bucket: Optional[pulumi.Input[str]] = None, __args__['bucket'] = bucket __args__['content'] = content __args__['name'] = name - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:storage/getBucketObjectContent:getBucketObjectContent', __args__, opts=opts, typ=GetBucketObjectContentResult) return __ret__.apply(lambda __response__: GetBucketObjectContentResult( bucket=pulumi.get(__response__, 'bucket'), diff --git a/sdk/python/pulumi_gcp/storage/get_bucket_objects.py b/sdk/python/pulumi_gcp/storage/get_bucket_objects.py index 5c145e8ae4..df4b988a9f 100644 --- a/sdk/python/pulumi_gcp/storage/get_bucket_objects.py +++ b/sdk/python/pulumi_gcp/storage/get_bucket_objects.py @@ -130,7 +130,7 @@ def get_bucket_objects(bucket: Optional[str] = None, def get_bucket_objects_output(bucket: Optional[pulumi.Input[str]] = None, match_glob: Optional[pulumi.Input[Optional[str]]] = None, prefix: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetBucketObjectsResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetBucketObjectsResult]: """ Gets existing objects inside an existing bucket in Google Cloud Storage service (GCS). See [the official documentation](https://cloud.google.com/storage/docs/key-terms#objects) @@ -156,7 +156,7 @@ def get_bucket_objects_output(bucket: Optional[pulumi.Input[str]] = None, __args__['bucket'] = bucket __args__['matchGlob'] = match_glob __args__['prefix'] = prefix - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:storage/getBucketObjects:getBucketObjects', __args__, opts=opts, typ=GetBucketObjectsResult) return __ret__.apply(lambda __response__: GetBucketObjectsResult( bucket=pulumi.get(__response__, 'bucket'), diff --git a/sdk/python/pulumi_gcp/storage/get_buckets.py b/sdk/python/pulumi_gcp/storage/get_buckets.py index cdc70938c3..58ad4739a5 100644 --- a/sdk/python/pulumi_gcp/storage/get_buckets.py +++ b/sdk/python/pulumi_gcp/storage/get_buckets.py @@ -116,7 +116,7 @@ def get_buckets(prefix: Optional[str] = None, project=pulumi.get(__ret__, 'project')) def get_buckets_output(prefix: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetBucketsResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetBucketsResult]: """ Gets a list of existing GCS buckets. See [the official documentation](https://cloud.google.com/storage/docs/introduction) @@ -140,7 +140,7 @@ def get_buckets_output(prefix: Optional[pulumi.Input[Optional[str]]] = None, __args__ = dict() __args__['prefix'] = prefix __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:storage/getBuckets:getBuckets', __args__, opts=opts, typ=GetBucketsResult) return __ret__.apply(lambda __response__: GetBucketsResult( buckets=pulumi.get(__response__, 'buckets'), diff --git a/sdk/python/pulumi_gcp/storage/get_managed_folder_iam_policy.py b/sdk/python/pulumi_gcp/storage/get_managed_folder_iam_policy.py index e849e5e4df..3a3056dd18 100644 --- a/sdk/python/pulumi_gcp/storage/get_managed_folder_iam_policy.py +++ b/sdk/python/pulumi_gcp/storage/get_managed_folder_iam_policy.py @@ -105,14 +105,14 @@ def get_managed_folder_iam_policy(bucket: Optional[str] = None, policy_data=pulumi.get(__ret__, 'policy_data')) def get_managed_folder_iam_policy_output(bucket: Optional[pulumi.Input[str]] = None, managed_folder: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetManagedFolderIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetManagedFolderIamPolicyResult]: """ Use this data source to access information about an existing resource. """ __args__ = dict() __args__['bucket'] = bucket __args__['managedFolder'] = managed_folder - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:storage/getManagedFolderIamPolicy:getManagedFolderIamPolicy', __args__, opts=opts, typ=GetManagedFolderIamPolicyResult) return __ret__.apply(lambda __response__: GetManagedFolderIamPolicyResult( bucket=pulumi.get(__response__, 'bucket'), diff --git a/sdk/python/pulumi_gcp/storage/get_object_signed_url.py b/sdk/python/pulumi_gcp/storage/get_object_signed_url.py index 2e228ea2c2..62d55ca407 100644 --- a/sdk/python/pulumi_gcp/storage/get_object_signed_url.py +++ b/sdk/python/pulumi_gcp/storage/get_object_signed_url.py @@ -224,7 +224,7 @@ def get_object_signed_url_output(bucket: Optional[pulumi.Input[str]] = None, extension_headers: Optional[pulumi.Input[Optional[Mapping[str, str]]]] = None, http_method: Optional[pulumi.Input[Optional[str]]] = None, path: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetObjectSignedUrlResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetObjectSignedUrlResult]: """ The Google Cloud storage signed URL data source generates a signed URL for a given storage object. Signed URLs provide a way to give time-limited read or write access to anyone in possession of the URL, regardless of whether they have a Google account. @@ -285,7 +285,7 @@ def get_object_signed_url_output(bucket: Optional[pulumi.Input[str]] = None, __args__['extensionHeaders'] = extension_headers __args__['httpMethod'] = http_method __args__['path'] = path - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:storage/getObjectSignedUrl:getObjectSignedUrl', __args__, opts=opts, typ=GetObjectSignedUrlResult) return __ret__.apply(lambda __response__: GetObjectSignedUrlResult( bucket=pulumi.get(__response__, 'bucket'), diff --git a/sdk/python/pulumi_gcp/storage/get_project_service_account.py b/sdk/python/pulumi_gcp/storage/get_project_service_account.py index c51d9b9e80..9f15948baa 100644 --- a/sdk/python/pulumi_gcp/storage/get_project_service_account.py +++ b/sdk/python/pulumi_gcp/storage/get_project_service_account.py @@ -183,7 +183,7 @@ def get_project_service_account(project: Optional[str] = None, user_project=pulumi.get(__ret__, 'user_project')) def get_project_service_account_output(project: Optional[pulumi.Input[Optional[str]]] = None, user_project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetProjectServiceAccountResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetProjectServiceAccountResult]: """ Get the email address of a project's unique [automatic Google Cloud Storage service account](https://cloud.google.com/storage/docs/projects#service-accounts). @@ -261,7 +261,7 @@ def get_project_service_account_output(project: Optional[pulumi.Input[Optional[s __args__ = dict() __args__['project'] = project __args__['userProject'] = user_project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:storage/getProjectServiceAccount:getProjectServiceAccount', __args__, opts=opts, typ=GetProjectServiceAccountResult) return __ret__.apply(lambda __response__: GetProjectServiceAccountResult( email_address=pulumi.get(__response__, 'email_address'), diff --git a/sdk/python/pulumi_gcp/storage/get_transfer_project_service_account.py b/sdk/python/pulumi_gcp/storage/get_transfer_project_service_account.py index c7aa0511a5..c3102a0152 100644 --- a/sdk/python/pulumi_gcp/storage/get_transfer_project_service_account.py +++ b/sdk/python/pulumi_gcp/storage/get_transfer_project_service_account.py @@ -124,7 +124,7 @@ def get_transfer_project_service_account(project: Optional[str] = None, project=pulumi.get(__ret__, 'project'), subject_id=pulumi.get(__ret__, 'subject_id')) def get_transfer_project_service_account_output(project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetTransferProjectServiceAccountResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetTransferProjectServiceAccountResult]: """ Use this data source to retrieve Storage Transfer service account for this project @@ -143,7 +143,7 @@ def get_transfer_project_service_account_output(project: Optional[pulumi.Input[O """ __args__ = dict() __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:storage/getTransferProjectServiceAccount:getTransferProjectServiceAccount', __args__, opts=opts, typ=GetTransferProjectServiceAccountResult) return __ret__.apply(lambda __response__: GetTransferProjectServiceAccountResult( email=pulumi.get(__response__, 'email'), diff --git a/sdk/python/pulumi_gcp/storage/get_transfer_project_servie_account.py b/sdk/python/pulumi_gcp/storage/get_transfer_project_servie_account.py index 5cf04567a5..cf47bd1dfa 100644 --- a/sdk/python/pulumi_gcp/storage/get_transfer_project_servie_account.py +++ b/sdk/python/pulumi_gcp/storage/get_transfer_project_servie_account.py @@ -127,7 +127,7 @@ def get_transfer_project_servie_account(project: Optional[str] = None, project=pulumi.get(__ret__, 'project'), subject_id=pulumi.get(__ret__, 'subject_id')) def get_transfer_project_servie_account_output(project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetTransferProjectServieAccountResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetTransferProjectServieAccountResult]: """ Use this data source to retrieve Storage Transfer service account for this project @@ -147,7 +147,7 @@ def get_transfer_project_servie_account_output(project: Optional[pulumi.Input[Op pulumi.log.warn("""get_transfer_project_servie_account is deprecated: gcp.storage.getTransferProjectServieAccount has been deprecated in favor of gcp.storage.getTransferProjectServiceAccount""") __args__ = dict() __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:storage/getTransferProjectServieAccount:getTransferProjectServieAccount', __args__, opts=opts, typ=GetTransferProjectServieAccountResult) return __ret__.apply(lambda __response__: GetTransferProjectServieAccountResult( email=pulumi.get(__response__, 'email'), diff --git a/sdk/python/pulumi_gcp/tags/get_tag_key.py b/sdk/python/pulumi_gcp/tags/get_tag_key.py index 221e2f10f8..f64fd18aff 100644 --- a/sdk/python/pulumi_gcp/tags/get_tag_key.py +++ b/sdk/python/pulumi_gcp/tags/get_tag_key.py @@ -170,7 +170,7 @@ def get_tag_key(parent: Optional[str] = None, update_time=pulumi.get(__ret__, 'update_time')) def get_tag_key_output(parent: Optional[pulumi.Input[str]] = None, short_name: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetTagKeyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetTagKeyResult]: """ Get a tag key by org or project `parent` and `short_name`. @@ -198,7 +198,7 @@ def get_tag_key_output(parent: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['parent'] = parent __args__['shortName'] = short_name - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:tags/getTagKey:getTagKey', __args__, opts=opts, typ=GetTagKeyResult) return __ret__.apply(lambda __response__: GetTagKeyResult( create_time=pulumi.get(__response__, 'create_time'), diff --git a/sdk/python/pulumi_gcp/tags/get_tag_key_iam_policy.py b/sdk/python/pulumi_gcp/tags/get_tag_key_iam_policy.py index e17af335ef..24aea735a1 100644 --- a/sdk/python/pulumi_gcp/tags/get_tag_key_iam_policy.py +++ b/sdk/python/pulumi_gcp/tags/get_tag_key_iam_policy.py @@ -111,7 +111,7 @@ def get_tag_key_iam_policy(tag_key: Optional[str] = None, policy_data=pulumi.get(__ret__, 'policy_data'), tag_key=pulumi.get(__ret__, 'tag_key')) def get_tag_key_iam_policy_output(tag_key: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetTagKeyIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetTagKeyIamPolicyResult]: """ Retrieves the current IAM policy data for tagkey @@ -129,7 +129,7 @@ def get_tag_key_iam_policy_output(tag_key: Optional[pulumi.Input[str]] = None, """ __args__ = dict() __args__['tagKey'] = tag_key - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:tags/getTagKeyIamPolicy:getTagKeyIamPolicy', __args__, opts=opts, typ=GetTagKeyIamPolicyResult) return __ret__.apply(lambda __response__: GetTagKeyIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/tags/get_tag_keys.py b/sdk/python/pulumi_gcp/tags/get_tag_keys.py index 29f6922396..ddf370d626 100644 --- a/sdk/python/pulumi_gcp/tags/get_tag_keys.py +++ b/sdk/python/pulumi_gcp/tags/get_tag_keys.py @@ -104,7 +104,7 @@ def get_tag_keys(parent: Optional[str] = None, keys=pulumi.get(__ret__, 'keys'), parent=pulumi.get(__ret__, 'parent')) def get_tag_keys_output(parent: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetTagKeysResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetTagKeysResult]: """ Get tag keys by org or project `parent`. @@ -128,7 +128,7 @@ def get_tag_keys_output(parent: Optional[pulumi.Input[str]] = None, """ __args__ = dict() __args__['parent'] = parent - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:tags/getTagKeys:getTagKeys', __args__, opts=opts, typ=GetTagKeysResult) return __ret__.apply(lambda __response__: GetTagKeysResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/tags/get_tag_value.py b/sdk/python/pulumi_gcp/tags/get_tag_value.py index 46d0024660..ca18a91fc3 100644 --- a/sdk/python/pulumi_gcp/tags/get_tag_value.py +++ b/sdk/python/pulumi_gcp/tags/get_tag_value.py @@ -163,7 +163,7 @@ def get_tag_value(parent: Optional[str] = None, update_time=pulumi.get(__ret__, 'update_time')) def get_tag_value_output(parent: Optional[pulumi.Input[str]] = None, short_name: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetTagValueResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetTagValueResult]: """ Get a tag value by `parent` key and `short_name`. @@ -184,7 +184,7 @@ def get_tag_value_output(parent: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['parent'] = parent __args__['shortName'] = short_name - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:tags/getTagValue:getTagValue', __args__, opts=opts, typ=GetTagValueResult) return __ret__.apply(lambda __response__: GetTagValueResult( create_time=pulumi.get(__response__, 'create_time'), diff --git a/sdk/python/pulumi_gcp/tags/get_tag_value_iam_policy.py b/sdk/python/pulumi_gcp/tags/get_tag_value_iam_policy.py index 6b869b3bd4..f4ae5aa7c4 100644 --- a/sdk/python/pulumi_gcp/tags/get_tag_value_iam_policy.py +++ b/sdk/python/pulumi_gcp/tags/get_tag_value_iam_policy.py @@ -111,7 +111,7 @@ def get_tag_value_iam_policy(tag_value: Optional[str] = None, policy_data=pulumi.get(__ret__, 'policy_data'), tag_value=pulumi.get(__ret__, 'tag_value')) def get_tag_value_iam_policy_output(tag_value: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetTagValueIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetTagValueIamPolicyResult]: """ Retrieves the current IAM policy data for tagvalue @@ -129,7 +129,7 @@ def get_tag_value_iam_policy_output(tag_value: Optional[pulumi.Input[str]] = Non """ __args__ = dict() __args__['tagValue'] = tag_value - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:tags/getTagValueIamPolicy:getTagValueIamPolicy', __args__, opts=opts, typ=GetTagValueIamPolicyResult) return __ret__.apply(lambda __response__: GetTagValueIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/tags/get_tag_values.py b/sdk/python/pulumi_gcp/tags/get_tag_values.py index 3e5abdc72f..85e4b3368b 100644 --- a/sdk/python/pulumi_gcp/tags/get_tag_values.py +++ b/sdk/python/pulumi_gcp/tags/get_tag_values.py @@ -98,7 +98,7 @@ def get_tag_values(parent: Optional[str] = None, parent=pulumi.get(__ret__, 'parent'), values=pulumi.get(__ret__, 'values')) def get_tag_values_output(parent: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetTagValuesResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetTagValuesResult]: """ Get tag values from a `parent` key. @@ -116,7 +116,7 @@ def get_tag_values_output(parent: Optional[pulumi.Input[str]] = None, """ __args__ = dict() __args__['parent'] = parent - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:tags/getTagValues:getTagValues', __args__, opts=opts, typ=GetTagValuesResult) return __ret__.apply(lambda __response__: GetTagValuesResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/tpu/get_tensorflow_versions.py b/sdk/python/pulumi_gcp/tpu/get_tensorflow_versions.py index 9c40f693ac..ef6d3e49ec 100644 --- a/sdk/python/pulumi_gcp/tpu/get_tensorflow_versions.py +++ b/sdk/python/pulumi_gcp/tpu/get_tensorflow_versions.py @@ -128,7 +128,7 @@ def get_tensorflow_versions(project: Optional[str] = None, zone=pulumi.get(__ret__, 'zone')) def get_tensorflow_versions_output(project: Optional[pulumi.Input[Optional[str]]] = None, zone: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetTensorflowVersionsResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetTensorflowVersionsResult]: """ Get TensorFlow versions available for a project. For more information see the [official documentation](https://cloud.google.com/tpu/docs/) and [API](https://cloud.google.com/tpu/docs/reference/rest/v1/projects.locations.tensorflowVersions). @@ -165,7 +165,7 @@ def get_tensorflow_versions_output(project: Optional[pulumi.Input[Optional[str]] __args__ = dict() __args__['project'] = project __args__['zone'] = zone - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:tpu/getTensorflowVersions:getTensorflowVersions', __args__, opts=opts, typ=GetTensorflowVersionsResult) return __ret__.apply(lambda __response__: GetTensorflowVersionsResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/tpu/get_v2_accelerator_types.py b/sdk/python/pulumi_gcp/tpu/get_v2_accelerator_types.py index f0c9682508..4e8367d1e4 100644 --- a/sdk/python/pulumi_gcp/tpu/get_v2_accelerator_types.py +++ b/sdk/python/pulumi_gcp/tpu/get_v2_accelerator_types.py @@ -128,7 +128,7 @@ def get_v2_accelerator_types(project: Optional[str] = None, zone=pulumi.get(__ret__, 'zone')) def get_v2_accelerator_types_output(project: Optional[pulumi.Input[Optional[str]]] = None, zone: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetV2AcceleratorTypesResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetV2AcceleratorTypesResult]: """ Get accelerator types available for a project. For more information see the [official documentation](https://cloud.google.com/tpu/docs/) and [API](https://cloud.google.com/tpu/docs/reference/rest/v2/projects.locations.acceleratorTypes). @@ -165,7 +165,7 @@ def get_v2_accelerator_types_output(project: Optional[pulumi.Input[Optional[str] __args__ = dict() __args__['project'] = project __args__['zone'] = zone - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:tpu/getV2AcceleratorTypes:getV2AcceleratorTypes', __args__, opts=opts, typ=GetV2AcceleratorTypesResult) return __ret__.apply(lambda __response__: GetV2AcceleratorTypesResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/tpu/get_v2_runtime_versions.py b/sdk/python/pulumi_gcp/tpu/get_v2_runtime_versions.py index adb28abbba..520614f2f4 100644 --- a/sdk/python/pulumi_gcp/tpu/get_v2_runtime_versions.py +++ b/sdk/python/pulumi_gcp/tpu/get_v2_runtime_versions.py @@ -126,7 +126,7 @@ def get_v2_runtime_versions(project: Optional[str] = None, zone=pulumi.get(__ret__, 'zone')) def get_v2_runtime_versions_output(project: Optional[pulumi.Input[Optional[str]]] = None, zone: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetV2RuntimeVersionsResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetV2RuntimeVersionsResult]: """ Get runtime versions available for a project. For more information see the [official documentation](https://cloud.google.com/tpu/docs/) and [API](https://cloud.google.com/tpu/docs/reference/rest/v2/projects.locations.runtimeVersions). @@ -161,7 +161,7 @@ def get_v2_runtime_versions_output(project: Optional[pulumi.Input[Optional[str]] __args__ = dict() __args__['project'] = project __args__['zone'] = zone - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:tpu/getV2RuntimeVersions:getV2RuntimeVersions', __args__, opts=opts, typ=GetV2RuntimeVersionsResult) return __ret__.apply(lambda __response__: GetV2RuntimeVersionsResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/vertex/get_ai_endpoint_iam_policy.py b/sdk/python/pulumi_gcp/vertex/get_ai_endpoint_iam_policy.py index 7ca38436e6..3e49c08799 100644 --- a/sdk/python/pulumi_gcp/vertex/get_ai_endpoint_iam_policy.py +++ b/sdk/python/pulumi_gcp/vertex/get_ai_endpoint_iam_policy.py @@ -132,7 +132,7 @@ def get_ai_endpoint_iam_policy(endpoint: Optional[str] = None, def get_ai_endpoint_iam_policy_output(endpoint: Optional[pulumi.Input[str]] = None, location: Optional[pulumi.Input[Optional[str]]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAiEndpointIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAiEndpointIamPolicyResult]: """ Use this data source to access information about an existing resource. @@ -147,7 +147,7 @@ def get_ai_endpoint_iam_policy_output(endpoint: Optional[pulumi.Input[str]] = No __args__['endpoint'] = endpoint __args__['location'] = location __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:vertex/getAiEndpointIamPolicy:getAiEndpointIamPolicy', __args__, opts=opts, typ=GetAiEndpointIamPolicyResult) return __ret__.apply(lambda __response__: GetAiEndpointIamPolicyResult( endpoint=pulumi.get(__response__, 'endpoint'), diff --git a/sdk/python/pulumi_gcp/vertex/get_ai_featurestore_entitytype_iam_policy.py b/sdk/python/pulumi_gcp/vertex/get_ai_featurestore_entitytype_iam_policy.py index 405a317e61..036f18409a 100644 --- a/sdk/python/pulumi_gcp/vertex/get_ai_featurestore_entitytype_iam_policy.py +++ b/sdk/python/pulumi_gcp/vertex/get_ai_featurestore_entitytype_iam_policy.py @@ -115,7 +115,7 @@ def get_ai_featurestore_entitytype_iam_policy(entitytype: Optional[str] = None, policy_data=pulumi.get(__ret__, 'policy_data')) def get_ai_featurestore_entitytype_iam_policy_output(entitytype: Optional[pulumi.Input[str]] = None, featurestore: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAiFeaturestoreEntitytypeIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAiFeaturestoreEntitytypeIamPolicyResult]: """ Use this data source to access information about an existing resource. @@ -125,7 +125,7 @@ def get_ai_featurestore_entitytype_iam_policy_output(entitytype: Optional[pulumi __args__ = dict() __args__['entitytype'] = entitytype __args__['featurestore'] = featurestore - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:vertex/getAiFeaturestoreEntitytypeIamPolicy:getAiFeaturestoreEntitytypeIamPolicy', __args__, opts=opts, typ=GetAiFeaturestoreEntitytypeIamPolicyResult) return __ret__.apply(lambda __response__: GetAiFeaturestoreEntitytypeIamPolicyResult( entitytype=pulumi.get(__response__, 'entitytype'), diff --git a/sdk/python/pulumi_gcp/vertex/get_ai_featurestore_iam_policy.py b/sdk/python/pulumi_gcp/vertex/get_ai_featurestore_iam_policy.py index 3c6ff54729..6371f65295 100644 --- a/sdk/python/pulumi_gcp/vertex/get_ai_featurestore_iam_policy.py +++ b/sdk/python/pulumi_gcp/vertex/get_ai_featurestore_iam_policy.py @@ -132,7 +132,7 @@ def get_ai_featurestore_iam_policy(featurestore: Optional[str] = None, def get_ai_featurestore_iam_policy_output(featurestore: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAiFeaturestoreIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAiFeaturestoreIamPolicyResult]: """ Use this data source to access information about an existing resource. @@ -147,7 +147,7 @@ def get_ai_featurestore_iam_policy_output(featurestore: Optional[pulumi.Input[st __args__['featurestore'] = featurestore __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:vertex/getAiFeaturestoreIamPolicy:getAiFeaturestoreIamPolicy', __args__, opts=opts, typ=GetAiFeaturestoreIamPolicyResult) return __ret__.apply(lambda __response__: GetAiFeaturestoreIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/vertex/get_ai_index.py b/sdk/python/pulumi_gcp/vertex/get_ai_index.py index 5809214eee..7d649e0952 100644 --- a/sdk/python/pulumi_gcp/vertex/get_ai_index.py +++ b/sdk/python/pulumi_gcp/vertex/get_ai_index.py @@ -236,7 +236,7 @@ def get_ai_index(name: Optional[str] = None, def get_ai_index_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAiIndexResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAiIndexResult]: """ A representation of a collection of database items organized in a way that allows for approximate nearest neighbor (a.k.a ANN) algorithms search. @@ -251,7 +251,7 @@ def get_ai_index_output(name: Optional[pulumi.Input[str]] = None, __args__['name'] = name __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:vertex/getAiIndex:getAiIndex', __args__, opts=opts, typ=GetAiIndexResult) return __ret__.apply(lambda __response__: GetAiIndexResult( create_time=pulumi.get(__response__, 'create_time'), diff --git a/sdk/python/pulumi_gcp/vmwareengine/get_cluster.py b/sdk/python/pulumi_gcp/vmwareengine/get_cluster.py index 2bee27a10a..a446786084 100644 --- a/sdk/python/pulumi_gcp/vmwareengine/get_cluster.py +++ b/sdk/python/pulumi_gcp/vmwareengine/get_cluster.py @@ -153,7 +153,7 @@ def get_cluster(name: Optional[str] = None, uid=pulumi.get(__ret__, 'uid')) def get_cluster_output(name: Optional[pulumi.Input[str]] = None, parent: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetClusterResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetClusterResult]: """ Use this data source to get details about a cluster resource. @@ -177,7 +177,7 @@ def get_cluster_output(name: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['name'] = name __args__['parent'] = parent - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:vmwareengine/getCluster:getCluster', __args__, opts=opts, typ=GetClusterResult) return __ret__.apply(lambda __response__: GetClusterResult( autoscaling_settings=pulumi.get(__response__, 'autoscaling_settings'), diff --git a/sdk/python/pulumi_gcp/vmwareengine/get_external_access_rule.py b/sdk/python/pulumi_gcp/vmwareengine/get_external_access_rule.py index 012787bdc2..edf17f3125 100644 --- a/sdk/python/pulumi_gcp/vmwareengine/get_external_access_rule.py +++ b/sdk/python/pulumi_gcp/vmwareengine/get_external_access_rule.py @@ -223,7 +223,7 @@ def get_external_access_rule(name: Optional[str] = None, update_time=pulumi.get(__ret__, 'update_time')) def get_external_access_rule_output(name: Optional[pulumi.Input[str]] = None, parent: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetExternalAccessRuleResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetExternalAccessRuleResult]: """ Use this data source to get details about a external access rule resource. @@ -247,7 +247,7 @@ def get_external_access_rule_output(name: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['name'] = name __args__['parent'] = parent - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:vmwareengine/getExternalAccessRule:getExternalAccessRule', __args__, opts=opts, typ=GetExternalAccessRuleResult) return __ret__.apply(lambda __response__: GetExternalAccessRuleResult( action=pulumi.get(__response__, 'action'), diff --git a/sdk/python/pulumi_gcp/vmwareengine/get_external_address.py b/sdk/python/pulumi_gcp/vmwareengine/get_external_address.py index 7b1580e388..4ae984557b 100644 --- a/sdk/python/pulumi_gcp/vmwareengine/get_external_address.py +++ b/sdk/python/pulumi_gcp/vmwareengine/get_external_address.py @@ -172,7 +172,7 @@ def get_external_address(name: Optional[str] = None, update_time=pulumi.get(__ret__, 'update_time')) def get_external_address_output(name: Optional[pulumi.Input[str]] = None, parent: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetExternalAddressResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetExternalAddressResult]: """ Use this data source to get details about a external address resource. @@ -196,7 +196,7 @@ def get_external_address_output(name: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['name'] = name __args__['parent'] = parent - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:vmwareengine/getExternalAddress:getExternalAddress', __args__, opts=opts, typ=GetExternalAddressResult) return __ret__.apply(lambda __response__: GetExternalAddressResult( create_time=pulumi.get(__response__, 'create_time'), diff --git a/sdk/python/pulumi_gcp/vmwareengine/get_network.py b/sdk/python/pulumi_gcp/vmwareengine/get_network.py index e202989448..21592216e0 100644 --- a/sdk/python/pulumi_gcp/vmwareengine/get_network.py +++ b/sdk/python/pulumi_gcp/vmwareengine/get_network.py @@ -169,7 +169,7 @@ def get_network(location: Optional[str] = None, def get_network_output(location: Optional[pulumi.Input[str]] = None, name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetNetworkResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetNetworkResult]: """ Use this data source to get details about a VMwareEngine network resource. @@ -197,7 +197,7 @@ def get_network_output(location: Optional[pulumi.Input[str]] = None, __args__['location'] = location __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:vmwareengine/getNetwork:getNetwork', __args__, opts=opts, typ=GetNetworkResult) return __ret__.apply(lambda __response__: GetNetworkResult( description=pulumi.get(__response__, 'description'), diff --git a/sdk/python/pulumi_gcp/vmwareengine/get_network_peering.py b/sdk/python/pulumi_gcp/vmwareengine/get_network_peering.py index ae92bbcbf7..47f5990f2a 100644 --- a/sdk/python/pulumi_gcp/vmwareengine/get_network_peering.py +++ b/sdk/python/pulumi_gcp/vmwareengine/get_network_peering.py @@ -240,7 +240,7 @@ def get_network_peering(name: Optional[str] = None, vmware_engine_network_canonical=pulumi.get(__ret__, 'vmware_engine_network_canonical')) def get_network_peering_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetNetworkPeeringResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetNetworkPeeringResult]: """ Use this data source to get details about a network peering resource. @@ -262,7 +262,7 @@ def get_network_peering_output(name: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:vmwareengine/getNetworkPeering:getNetworkPeering', __args__, opts=opts, typ=GetNetworkPeeringResult) return __ret__.apply(lambda __response__: GetNetworkPeeringResult( create_time=pulumi.get(__response__, 'create_time'), diff --git a/sdk/python/pulumi_gcp/vmwareengine/get_network_policy.py b/sdk/python/pulumi_gcp/vmwareengine/get_network_policy.py index 0fdab90361..fd843f6868 100644 --- a/sdk/python/pulumi_gcp/vmwareengine/get_network_policy.py +++ b/sdk/python/pulumi_gcp/vmwareengine/get_network_policy.py @@ -206,7 +206,7 @@ def get_network_policy(location: Optional[str] = None, def get_network_policy_output(location: Optional[pulumi.Input[str]] = None, name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetNetworkPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetNetworkPolicyResult]: """ Use this data source to get details about a network policy resource. @@ -231,7 +231,7 @@ def get_network_policy_output(location: Optional[pulumi.Input[str]] = None, __args__['location'] = location __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:vmwareengine/getNetworkPolicy:getNetworkPolicy', __args__, opts=opts, typ=GetNetworkPolicyResult) return __ret__.apply(lambda __response__: GetNetworkPolicyResult( create_time=pulumi.get(__response__, 'create_time'), diff --git a/sdk/python/pulumi_gcp/vmwareengine/get_nsx_credentials.py b/sdk/python/pulumi_gcp/vmwareengine/get_nsx_credentials.py index 56693f9ce9..95246c161b 100644 --- a/sdk/python/pulumi_gcp/vmwareengine/get_nsx_credentials.py +++ b/sdk/python/pulumi_gcp/vmwareengine/get_nsx_credentials.py @@ -113,7 +113,7 @@ def get_nsx_credentials(parent: Optional[str] = None, password=pulumi.get(__ret__, 'password'), username=pulumi.get(__ret__, 'username')) def get_nsx_credentials_output(parent: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetNsxCredentialsResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetNsxCredentialsResult]: """ Use this data source to get NSX credentials for a Private Cloud. @@ -134,7 +134,7 @@ def get_nsx_credentials_output(parent: Optional[pulumi.Input[str]] = None, """ __args__ = dict() __args__['parent'] = parent - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:vmwareengine/getNsxCredentials:getNsxCredentials', __args__, opts=opts, typ=GetNsxCredentialsResult) return __ret__.apply(lambda __response__: GetNsxCredentialsResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/vmwareengine/get_private_cloud.py b/sdk/python/pulumi_gcp/vmwareengine/get_private_cloud.py index bbaffc93cb..04d3543f88 100644 --- a/sdk/python/pulumi_gcp/vmwareengine/get_private_cloud.py +++ b/sdk/python/pulumi_gcp/vmwareengine/get_private_cloud.py @@ -230,7 +230,7 @@ def get_private_cloud(location: Optional[str] = None, def get_private_cloud_output(location: Optional[pulumi.Input[str]] = None, name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetPrivateCloudResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetPrivateCloudResult]: """ Use this data source to get details about a private cloud resource. @@ -259,7 +259,7 @@ def get_private_cloud_output(location: Optional[pulumi.Input[str]] = None, __args__['location'] = location __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:vmwareengine/getPrivateCloud:getPrivateCloud', __args__, opts=opts, typ=GetPrivateCloudResult) return __ret__.apply(lambda __response__: GetPrivateCloudResult( deletion_delay_hours=pulumi.get(__response__, 'deletion_delay_hours'), diff --git a/sdk/python/pulumi_gcp/vmwareengine/get_subnet.py b/sdk/python/pulumi_gcp/vmwareengine/get_subnet.py index 00e8a1157f..30df0956a8 100644 --- a/sdk/python/pulumi_gcp/vmwareengine/get_subnet.py +++ b/sdk/python/pulumi_gcp/vmwareengine/get_subnet.py @@ -215,7 +215,7 @@ def get_subnet(name: Optional[str] = None, vlan_id=pulumi.get(__ret__, 'vlan_id')) def get_subnet_output(name: Optional[pulumi.Input[str]] = None, parent: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetSubnetResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetSubnetResult]: """ Use this data source to get details about a subnet. Management subnets support only read operations and should be configured through this data source. User defined subnets can be configured using the resource as well as the datasource. @@ -241,7 +241,7 @@ def get_subnet_output(name: Optional[pulumi.Input[str]] = None, __args__ = dict() __args__['name'] = name __args__['parent'] = parent - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:vmwareengine/getSubnet:getSubnet', __args__, opts=opts, typ=GetSubnetResult) return __ret__.apply(lambda __response__: GetSubnetResult( create_time=pulumi.get(__response__, 'create_time'), diff --git a/sdk/python/pulumi_gcp/vmwareengine/get_vcenter_credentials.py b/sdk/python/pulumi_gcp/vmwareengine/get_vcenter_credentials.py index 5e062f2700..cf1ec2ce3e 100644 --- a/sdk/python/pulumi_gcp/vmwareengine/get_vcenter_credentials.py +++ b/sdk/python/pulumi_gcp/vmwareengine/get_vcenter_credentials.py @@ -113,7 +113,7 @@ def get_vcenter_credentials(parent: Optional[str] = None, password=pulumi.get(__ret__, 'password'), username=pulumi.get(__ret__, 'username')) def get_vcenter_credentials_output(parent: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetVcenterCredentialsResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetVcenterCredentialsResult]: """ Use this data source to get Vcenter credentials for a Private Cloud. @@ -134,7 +134,7 @@ def get_vcenter_credentials_output(parent: Optional[pulumi.Input[str]] = None, """ __args__ = dict() __args__['parent'] = parent - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:vmwareengine/getVcenterCredentials:getVcenterCredentials', __args__, opts=opts, typ=GetVcenterCredentialsResult) return __ret__.apply(lambda __response__: GetVcenterCredentialsResult( id=pulumi.get(__response__, 'id'), diff --git a/sdk/python/pulumi_gcp/vpcaccess/get_connector.py b/sdk/python/pulumi_gcp/vpcaccess/get_connector.py index 38da4d21b4..a8c556edaf 100644 --- a/sdk/python/pulumi_gcp/vpcaccess/get_connector.py +++ b/sdk/python/pulumi_gcp/vpcaccess/get_connector.py @@ -240,7 +240,7 @@ def get_connector(name: Optional[str] = None, def get_connector_output(name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, region: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetConnectorResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetConnectorResult]: """ Get a Serverless VPC Access connector. @@ -279,7 +279,7 @@ def get_connector_output(name: Optional[pulumi.Input[str]] = None, __args__['name'] = name __args__['project'] = project __args__['region'] = region - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:vpcaccess/getConnector:getConnector', __args__, opts=opts, typ=GetConnectorResult) return __ret__.apply(lambda __response__: GetConnectorResult( connected_projects=pulumi.get(__response__, 'connected_projects'), diff --git a/sdk/python/pulumi_gcp/workbench/get_instance_iam_policy.py b/sdk/python/pulumi_gcp/workbench/get_instance_iam_policy.py index e68b2ed809..3f9ad93c42 100644 --- a/sdk/python/pulumi_gcp/workbench/get_instance_iam_policy.py +++ b/sdk/python/pulumi_gcp/workbench/get_instance_iam_policy.py @@ -144,7 +144,7 @@ def get_instance_iam_policy(location: Optional[str] = None, def get_instance_iam_policy_output(location: Optional[pulumi.Input[Optional[str]]] = None, name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[Optional[str]]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetInstanceIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetInstanceIamPolicyResult]: """ Retrieves the current IAM policy data for instance @@ -171,7 +171,7 @@ def get_instance_iam_policy_output(location: Optional[pulumi.Input[Optional[str] __args__['location'] = location __args__['name'] = name __args__['project'] = project - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:workbench/getInstanceIamPolicy:getInstanceIamPolicy', __args__, opts=opts, typ=GetInstanceIamPolicyResult) return __ret__.apply(lambda __response__: GetInstanceIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/workstations/get_workstation_config_iam_policy.py b/sdk/python/pulumi_gcp/workstations/get_workstation_config_iam_policy.py index 83f4f43510..b0f4fa2f20 100644 --- a/sdk/python/pulumi_gcp/workstations/get_workstation_config_iam_policy.py +++ b/sdk/python/pulumi_gcp/workstations/get_workstation_config_iam_policy.py @@ -145,7 +145,7 @@ def get_workstation_config_iam_policy_output(location: Optional[pulumi.Input[Opt project: Optional[pulumi.Input[Optional[str]]] = None, workstation_cluster_id: Optional[pulumi.Input[str]] = None, workstation_config_id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetWorkstationConfigIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetWorkstationConfigIamPolicyResult]: """ Use this data source to access information about an existing resource. @@ -161,7 +161,7 @@ def get_workstation_config_iam_policy_output(location: Optional[pulumi.Input[Opt __args__['project'] = project __args__['workstationClusterId'] = workstation_cluster_id __args__['workstationConfigId'] = workstation_config_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:workstations/getWorkstationConfigIamPolicy:getWorkstationConfigIamPolicy', __args__, opts=opts, typ=GetWorkstationConfigIamPolicyResult) return __ret__.apply(lambda __response__: GetWorkstationConfigIamPolicyResult( etag=pulumi.get(__response__, 'etag'), diff --git a/sdk/python/pulumi_gcp/workstations/get_workstation_iam_policy.py b/sdk/python/pulumi_gcp/workstations/get_workstation_iam_policy.py index 75d8189161..fdf45980bb 100644 --- a/sdk/python/pulumi_gcp/workstations/get_workstation_iam_policy.py +++ b/sdk/python/pulumi_gcp/workstations/get_workstation_iam_policy.py @@ -158,7 +158,7 @@ def get_workstation_iam_policy_output(location: Optional[pulumi.Input[Optional[s workstation_cluster_id: Optional[pulumi.Input[str]] = None, workstation_config_id: Optional[pulumi.Input[str]] = None, workstation_id: Optional[pulumi.Input[str]] = None, - opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetWorkstationIamPolicyResult]: + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetWorkstationIamPolicyResult]: """ Use this data source to access information about an existing resource. @@ -175,7 +175,7 @@ def get_workstation_iam_policy_output(location: Optional[pulumi.Input[Optional[s __args__['workstationClusterId'] = workstation_cluster_id __args__['workstationConfigId'] = workstation_config_id __args__['workstationId'] = workstation_id - opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('gcp:workstations/getWorkstationIamPolicy:getWorkstationIamPolicy', __args__, opts=opts, typ=GetWorkstationIamPolicyResult) return __ret__.apply(lambda __response__: GetWorkstationIamPolicyResult( etag=pulumi.get(__response__, 'etag'),